From 5820e7e2573254857f17dab1b839c13cfee442d1 Mon Sep 17 00:00:00 2001 From: Evan Cassidy Date: Mon, 4 Sep 2023 17:49:33 +0000 Subject: [PATCH 001/826] routing for second interface --- machines/skynet.nix | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/machines/skynet.nix b/machines/skynet.nix index 51d7dc9..b8a9dab 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -81,4 +81,31 @@ in { name = name; }; }; -} \ No newline at end of file + # + networking = { + iproute2 = { + enable = true; + rttablesExtraConfig = + ''1 rt2''; + }; + }; + + systemd.services.secondGateway = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + description = "External route."; + path = [pkgs.bash pkgs.iproute]; + script = '' + ip route add 193.1.96.160/28 dev eth1 src 193.1.96.165 table rt2 + ip route add default via 193.1.96.165 dev eth1 table rt2 + ip rule add from 193.1.96.165/28 table rt2 + ip rule add to 193.1.96.165/28 table rt2 + ''; + serviceConfig = { + Type= "oneshot"; + User = "root"; + Restart = "no"; + }; + }; + +} From b3c23d1621a95efd0de2c463e4bdf3e7739e825b Mon Sep 17 00:00:00 2001 From: Evan Cassidy Date: Mon, 4 Sep 2023 17:50:43 +0000 Subject: [PATCH 002/826] I don't think we need those two bits --- machines/skynet.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/machines/skynet.nix b/machines/skynet.nix index b8a9dab..a3f8095 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -91,8 +91,6 @@ in { }; systemd.services.secondGateway = { - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; description = "External route."; path = [pkgs.bash pkgs.iproute]; script = '' From caf5b4291e98fd156bb31f292ef1419c9e5a7eb2 Mon Sep 17 00:00:00 2001 From: Evan Cassidy Date: Mon, 4 Sep 2023 17:51:17 +0000 Subject: [PATCH 003/826] sources --- machines/skynet.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/machines/skynet.nix b/machines/skynet.nix index a3f8095..dc1da5f 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -81,7 +81,8 @@ in { name = name; }; }; - # + + # from https://discourse.nixos.org/t/second-default-gateway/22220/5 and https://www.thomas-krenn.com/en/wiki/Two_Default_Gateways_on_One_System networking = { iproute2 = { enable = true; From 127cd52258722ebaa3f23a0e457d3486b678e644 Mon Sep 17 00:00:00 2001 From: Evan Cassidy Date: Mon, 4 Sep 2023 18:31:40 +0000 Subject: [PATCH 004/826] typo --- machines/skynet.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/skynet.nix b/machines/skynet.nix index dc1da5f..2bb7c0a 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -96,7 +96,7 @@ in { path = [pkgs.bash pkgs.iproute]; script = '' ip route add 193.1.96.160/28 dev eth1 src 193.1.96.165 table rt2 - ip route add default via 193.1.96.165 dev eth1 table rt2 + ip route add default via 193.1.96.161 dev eth1 table rt2 ip rule add from 193.1.96.165/28 table rt2 ip rule add to 193.1.96.165/28 table rt2 ''; From c5c0df3f5ef2004a294ca99e3975d9860449a8c6 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 5 Sep 2023 15:02:02 +0100 Subject: [PATCH 005/826] [no ci] feat: now got ssh access to skynet.skynet.ie --- machines/skynet.nix | 45 +++++++++++++++++++++++++-------------------- 1 file changed, 25 insertions(+), 20 deletions(-) diff --git a/machines/skynet.nix b/machines/skynet.nix index 51d7dc9..1a47492 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -35,12 +35,10 @@ in { # it has two network devices so two skynet_dns.records = [ - #{record=name; r_type="A"; value=ip_pub; server=true;} - {record=name; r_type="A"; value=ip_priv; server=true; } - {record="ext"; r_type="A"; value=ip_pub; server=false;} - - {record="${name}.int"; r_type="A"; value=ip_priv; server=true;} - {record=ip_priv; r_type="PTR"; value=hostname_int;} + {record=name; r_type="A"; value=ip_pub; server=true;} + {record="${name}.int"; r_type="A"; value=ip_priv; server=true;} + {record=ip_pub; r_type="PTR"; value=hostname;} + {record=ip_priv; r_type="PTR"; value=hostname_int;} ]; services.skynet_backup = { @@ -59,24 +57,31 @@ in { }; proxmoxLXC.manageNetwork = true; - networking.hostName = name; - networking.interfaces = { - eth0.ipv4.addresses = [ - { - address = ip_priv; - prefixLength = 26; - } - ]; - eth1.ipv4.addresses = [ - { - address = ip_pub; - prefixLength = 28; - } - ]; + networking = { + hostName = name; + # needed to use the dmz first + defaultGateway = lib.mkForce "193.1.96.161"; + + interfaces = { + eth0.ipv4.addresses = [ + { + address = ip_priv; + prefixLength = 26; + } + ]; + # primary ip for logging in + eth1.ipv4.addresses = [ + { + address = ip_pub; + prefixLength = 28; + } + ]; + }; }; services.skynet = { host = { + # website is still hosted on the internal IP ip = ip_priv; name = name; }; From 4938aee41274125d87f9062b1411bff02559d030 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 5 Sep 2023 15:55:52 +0100 Subject: [PATCH 006/826] [no ci] fix: ssh comes at teh cost of the http access --- machines/skynet.nix | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/machines/skynet.nix b/machines/skynet.nix index 1a47492..18cd4e4 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -60,15 +60,26 @@ in { networking = { hostName = name; # needed to use the dmz first - defaultGateway = lib.mkForce "193.1.96.161"; +# defaultGateway = lib.mkForce "193.1.96.161"; interfaces = { - eth0.ipv4.addresses = [ - { - address = ip_priv; - prefixLength = 26; - } - ]; + eth0.ipv4 = { + addresses = [ + { + address = ip_priv; + prefixLength = 26; + } + ]; +# routes = [ +# { +# address = "193.1.99.64"; +# prefixLength = 26; +# via = "193.1.99.65"; +# } +# ]; + }; + + # primary ip for logging in eth1.ipv4.addresses = [ { From 73e7406b377ac963123e3602fa053a3dc96c5899 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 10 Sep 2023 15:09:50 +0100 Subject: [PATCH 007/826] [no ci] fix: sites directly on skynet now relate to the root domain --- applications/skynet.ie.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix index 6008bdb..823b4f0 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -31,8 +31,8 @@ skynet_dns.records = [ # means root domain, so skynet.ie {record="@"; r_type="A"; value=cfg.host.ip;} - {record="2016"; r_type="CNAME"; value="skynet";} - {record="discord"; r_type="CNAME"; value="skynet";} + {record="2016"; r_type="CNAME"; value="@";} + {record="discord"; r_type="CNAME"; value="@";} ]; networking.firewall.allowedTCPPorts = [80 443]; From c12f2920ac08b018793cf0dc854d6e02b8c5195c Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sun, 10 Sep 2023 21:22:03 +0000 Subject: [PATCH 008/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index ff57a21..ff15f6c 100644 --- a/flake.lock +++ b/flake.lock @@ -465,11 +465,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1693776743, - "narHash": "sha256-RM56u2CRAPQt7zzJr3Fl7xJjeYVMNQ2hkr0QDdFy3F0=", + "lastModified": 1694380904, + "narHash": "sha256-UhEDvqgfUng6xzr3Bjl2jIwOwK/sW27CakqX4ooX3qU=", "owner": "compsoc1%2Fskynet%2Fldap", "repo": "backend", - "rev": "9d4575df2769966ecb93a42b08bad1d82f7af714", + "rev": "0ece2418efcfc36494f090c733cefa01a9823cc1", "type": "gitlab" }, "original": { From edb2a0f40effda0667ccb15d3acef2b9def92794 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sun, 10 Sep 2023 21:27:53 +0000 Subject: [PATCH 009/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index ff15f6c..d76908b 100644 --- a/flake.lock +++ b/flake.lock @@ -465,11 +465,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1694380904, - "narHash": "sha256-UhEDvqgfUng6xzr3Bjl2jIwOwK/sW27CakqX4ooX3qU=", + "lastModified": 1694381256, + "narHash": "sha256-D7K8NIZM5ts3KLtP3t7U8Wmbquh+UaBd7ph+E7s5yG4=", "owner": "compsoc1%2Fskynet%2Fldap", "repo": "backend", - "rev": "0ece2418efcfc36494f090c733cefa01a9823cc1", + "rev": "079a60cd0b82602e9cdbe60c98a24ead234810cb", "type": "gitlab" }, "original": { From 61411c78458e10cfedecd1900744eab121bdf0d6 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 11 Sep 2023 00:14:56 +0000 Subject: [PATCH 010/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index d76908b..7612d54 100644 --- a/flake.lock +++ b/flake.lock @@ -465,11 +465,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1694381256, - "narHash": "sha256-D7K8NIZM5ts3KLtP3t7U8Wmbquh+UaBd7ph+E7s5yG4=", + "lastModified": 1694390777, + "narHash": "sha256-6ZcVukQbGzgXEMFbGEYzzXUt1TVjyasfchKqOC6FK8I=", "owner": "compsoc1%2Fskynet%2Fldap", "repo": "backend", - "rev": "079a60cd0b82602e9cdbe60c98a24ead234810cb", + "rev": "dc142e8521a2e18a6d839b5d4d1e356d57f43a90", "type": "gitlab" }, "original": { From 462164a82f370d1f8d8f2f075ba96169d173da72 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 12 Sep 2023 11:43:45 +0100 Subject: [PATCH 011/826] [no ci] fix: updated the domain --- secrets/stream_ulfm.age | Bin 2876 -> 2801 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/secrets/stream_ulfm.age b/secrets/stream_ulfm.age index 9d284cd4e29098ee128da52dc56083f91c4437f6..7b1ad93189642203a060baa323eb974fe7c5245d 100644 GIT binary patch delta 2747 zcmdlZ_EB_#PQ90NX+~LyS*Bx{c6ml{lu?RlM!K(Ypm&b5lc%|*n`?5ASz?8DX-IKq zI#+0NU~r+AS!!BjzFUD)Nn(hHvx{q*c7%CBYNk(FS!RVZ z9J8WaGmMhF{k$s8%gn;c1FH(N0?iXkEQ|cS%3aO%)3Xe?v`x#BbDc}li=+Gl%v_Rk zlKcY$3M-8ZEixmt9eqoJyj%-I%_`me(*q4ap=9FVq?=xpnpm8wkXsZQU7+BmkZWL^}S?p7a|Tw0Y9Sk9%ZtE=Eznv-g7neJY0Ruyg#S{9`pRP62=kYZ3} z9+B#woSEj8nwH@d7~x!-ihg! zG7bK=@@t@qYRYwPe(6cyE}t)Wz>s+={-BwI_5AB=T-Us@Q|Yw}Y%Gpq4{b8ka}+;y zJ<)2LQncrZWe>HK?;T$lxi(YS@$Q_-tJh6?bjjd=;qxTftFGMFx2%7Azb&V83fqO* zI|DVUHazrG)t0P&cC9Lpon^^P*7{}Jr`R4TzCV-ajX}t9XGSOHrsrBN9!vt#Kc>#9 zdhGjx(SZBWLaR*?{tSP9M55enf|gRwyxAewzuo=MpsB{RE2xx@ zF>V^m{>v&$H1C|6&g6b>=HwK^1IkB(ktD${OX?zBi}>gxQK{=*(>^R`aT z*LW2j5wYgez4ET)QoppYZ?mT!&YZ&g>i*lX=g9@WTgx}*Sxz~Ax8rf3#`z2zv40Cc zdqk*-Y&c$}R^KCiWUJNtp0~0RE1TcFJhy3Kq(R)Q4PSfhVTs4zvy*;(tUer7 z`0wP!5SiVYF?-`LS`>bnFlGDmkJo*J=08YX;If5t`->YskPG5q=Mwp~VBdlztguU+zDVcXl?w|G)C66@Bp&%e9i zO@U(A+JO9L+s)YZmuz9*VlB6%N9U4IV#86n-Ut1v41RkvDkXjw_kI+X(0p9g5#}zp zHLphX-7As*j<@rlU+D6f^8HD@ZSS%q|4nDxlavlM==OTt^4t;5RMURdiPLwf0^=OM ztM;`!{Wb2#{p((FQYL8CzjeN!Yu>rMd=R)k>Y!0w{$%ctXP2#Ab8p|g_3<}TyEBk*?acreOUiU=lk{@D{i_5ZBMWN zoVsd{$3*9_4RP0VGEN*m^{al}(;nsTr$e5G{}$Zw^lqL1&bg<$dp)Nw*rGg>w?R)L z^!!{tha=+rXEIhAEfdymNhZMX}PE&<5`J zyubSkog5w>Idyu5$pp)~g*|B%pDLTWCs)+o{ZYAg$D)I*4jbi;@}3IRekZ1IYQf=a zAM9(DL?1D^|Eb^k>UpJ<{eIQg*-RxjUp4>CyW;S8gJVPK)Vi#k_4ev}%QyNwGrq3y zlWiw|@|{x_S5F(9*mP)%wfC&`noGa_x==EWrP$Nl^T-7GbF;kkkDdHnb+>%el-Bor z71Q#?h5q(mJj2ucWz*9oD|XG~czW^f1*tBV<5%MkrDj;)z7eqLU{ZZVGnZ!Hw--`# zU*E{Q^Z1U&rslTYhBoguxSc%KHF4)%VVU@t)V+z83}?BrcK`O~ye`B_5?z0GvYZyZZ7{I952Y^@0vVi;_FUnuq4AG`Pj^aJa0l>A>3`3*hJl?Uw)xoQhiUEpoo${e+P8w^Hg_(W zd3U+6m2bJfSY6op<9ohEDhMP#;oRA+@TBQ1Z~dnCQTcTZb-zA%J}7u$Kc6vIKUiqT zH37rxH%*o0%k9c#s$MsU%BC?{cD-zBP2l)>LhLeE$x-(kb6!Un1xxC?=d6=yRBqcB z`t#huX-BR_-**uRUe2#Ue|vapV7-%7dBLFJUq>Q^F%*Q ztwRM>Z-1K}oMq3y@*G?DowD1KcfX$xuq-~hI@>Jt!aUJG{UMHz1Xmqcsbjf!YuB*@ zEr)&M9%d!}KfJWK{h;e6Ba7K{3~v<#?pXOi^Tmw#M7HhB)(&Cy%R_^e%ATLQrB(3q zN62E&vuRc{K74V$aJ2K!oW&NIJ9M9^$(_^DmJ(n8Zd-oDqkp;Vf^$N!N7C8b80Yo=Vu z`swPCeEQD8o@2@rvVRnHCVj5YeHYrZY?*1`9ha@yp_jgkJ#hZEZ~nom`gLk|cD8H% z-`L>7;r``s--0=!7B_GG5{WEtW4WU2H%U0<`f7)^3eL+uC(k!ZMHgIUPIr2t@mFbP zDnp9ykuUn^B2$^2{MhfU|NhreGj^>*U5@b5yjA@1VmC!u--%psE%dqTDy6>u3EyiQ RwdGj_yOeew?h`PM008tJ2;=|& delta 2822 zcmew;x<_n+PJN(xs#ADUxR1MgXnJn2cbI{Pf4EbcTZL0Ws$Ys>k%eQSb9kO%xrITf zBUh5Sr(cjuh@(+rV40V8zL~yzL7{e7a-o}XfMZo)R*<1ro?l{qRb*wD1(&X!LUD11 zZfc5=si~o*LXl^APFcA^VXC`NPI-n!YDI-bdQoV$uUle)kAJ9}xw*S%MVe!xMXq+a zYoec7kco3Bmrt;Pp=(uXXtA52zKe&yqhWAlSXEGRxj}A*cV>2|u|aW~x370ZhL3Uf z#E;_PQ9&;06@U*{&|Gp@!MH#;)PMk&XeDRawbgz8U$E zhAGZQfmz=EUg-v|u30`7`DXrw1|Hs3LE2&ZiDiafh8gIpf;~B;4jg8YyO(QJR zN=zb5i*qx}lM{VhN}L^2GJGr@^U5pz(~I)+d@C}_0<)62inDS<6HScu9V4msqMKfnnpm8wVCG_y#AQ$( zo@5$PYnH1pP!Ok zZdMhMS>=-*Y2wJ0806%YnQLP1mu^;8=&tXTl$DsN?QHDj85)+yrK_u}kYSLY7nYc4 z8JV1$=j|S5S!iYum=Ro(?HpC?Q;}jEV40g-6qJ@`6j4&nC0@@Ww}02&=qV-_{s%0( zEVg%IQo?T5DT*ib@7}(|u-I_tzVd1Rj-EKQUhwdg%4>!_+Z2jq?rkWzzlMj`wQE|^ zcbgmiF4he0Cqt(%@3B+d_df89^UfDR-N}Bz8TN~NXD}?#Tzodzvr>Gu{Pl^1Jzr>c zviicK_b<*(;oY$NPWMBVjRNnjug?1Gw)JOEaj(eq~a z(>+S9xf75`e75Cx3*KeMfc$G%U!3s zE6xAcEo@}nC-CoJs`UNmN;b#&w=JK`dm`_JGIJl_Qm!d>H<*(bRn9yV@!;0}v<-Rn ztQ{gMlWx}EPYqa|vg*21+v1!@nM)kr@cOd7d3~gsndRbbwuLfkla?)Peo`Y{F8CmL z8P}yx{m}{)fk!8&HBA+LYGl|eBe`JfB9CXgq8pUu?6oDO8&+2Dm|OAutzC@S@fW(s zezd%p@XBv>W(iAXh+Tx}twk#7k;&(Eb3LbBdUQO!!}W1TZ2hH>{A}J>lLsw+32zmD zz4&Lrf6n#Ea@%=k)u(eF?db3SJnz3-*OR#w_x~1zZPTrrm>T7w_|)RxA7P2eq`f>QwcNi4e4XX`LZ2^cA=9e;6a*4@8r7|d1#IGF!gbvwGtc>5fc zD*w`_jnlo&FRM+l(35%3>%Z~i+heK5SGjBw)cs=OJ(I2~W~x_bs7=(^xpGV4(MucN zWSld0oe-<{wz=WL%IzgpSB$=&J96g1gVg$Y?(j@smtKtf0thoBSfV4o=(tlM7hxcYDZ%AG|AnfA4nuDfPfe>O|JRkG~rhwd(}3w^sQ zulF2jOKXy}d)iSaq4M*esK0vT@wD8X{TnU`3RPb^cEe`T#^kFn*0$6>czTCPriZES zht2OsK(#kdDm{?%H1LId#6cu7cJ!9aqrcOuU=nXNS3m_&kAr*81c>*8L?XQmZ5 ztLGobqi35J9uqlHc{ekm*I|Fm)}93or zQ)krjUi)a2^{eMs_`=L1zn?c4$*Rg$1gvI%`Ybk>uk;G%gSx!J=1(tNwmAmRzqvso zU+hTzuh3(9CL8^3y*zp5a_d!Z^+fkapShl%VGyd&HLvI2W6yQ8RG@dB_r6P-zOMwi zV!3YD{Y+|^p|zs?QP_(&JZ}#yWb^vfS@muv$I-6!;sm1_CBu4e&*|$k#jE#yeYj_R*UtS9uXZ&)Ov{t@**{zPGt+CE@`KNw zy8rop?3Bu}?Z-F#5cqdVH#w~RlFfoLHUnXIU7bRwyeV#qN8j(-v*zZ>jI6>M-zmG| z?}d6B7YD?}GV89oQZKa8LrvXmiFz>KUkj_l_iRhFI7Dme_v&+=f4j-0eqyAV+(K<} z&2#DN+TNCh8*sd?n%c+8A@gao+F_>tjn5uvo?g?kdrj58_w#SvJaXss^{Z3XW~|;) z^!@pZw3Hq7D<2v@^NZ8az09}d+kaNp;+r4ruD?`UtnC=v!pE^L$)!g>@&j+^FTsta zlBZc!=6?=9tbAkb;k}N#H!67? mopRw~v6gmv@5{!IavzwJ7t6i1^NHWw5q;>&*_^Zw6KVk?0~n+L From 563d13e115a44815fee97d48db6d390297e82826 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 12 Sep 2023 12:05:38 +0100 Subject: [PATCH 012/826] feat: updated whats fed into different modules --- applications/ldap/backend.nix | 11 ++++------- secrets/email/details.age | 20 ++++++++++++++++++++ secrets/ldap/details.age | Bin 0 -> 1240 bytes secrets/ldap/self_service.age | Bin 1137 -> 0 bytes secrets/secrets.nix | 6 +++++- 5 files changed, 29 insertions(+), 8 deletions(-) create mode 100644 secrets/email/details.age create mode 100644 secrets/ldap/details.age delete mode 100644 secrets/ldap/self_service.age diff --git a/applications/ldap/backend.nix b/applications/ldap/backend.nix index b5baf68..5c89933 100644 --- a/applications/ldap/backend.nix +++ b/applications/ldap/backend.nix @@ -47,8 +47,9 @@ #backups = [ "/etc/silver_ul_ical/database.db" ]; - age.secrets.ldap_self_service.file = ../../secrets/ldap/self_service.age; + age.secrets.ldap_details.file = ../../secrets/ldap/details.age; age.secrets.ldap_discord.file = ../../secrets/discord/ldap.age; + age.secrets.ldap_mail.file = ../../secrets/email/details.age; skynet_acme.domains = [ "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" @@ -76,13 +77,9 @@ # contains teh password in env form env = { - ldap = config.age.secrets.ldap_self_service.path; + ldap = config.age.secrets.ldap_details.path; discord = config.age.secrets.ldap_discord.path; - }; - - ldap = { - host = "ldaps://account.skynet.ie"; - admin = "uid=ldap_api,ou=users,dc=skynet,dc=ie"; + mail = config.age.secrets.ldap_mail.path; }; users = { diff --git a/secrets/email/details.age b/secrets/email/details.age new file mode 100644 index 0000000..069b549 --- /dev/null +++ b/secrets/email/details.age @@ -0,0 +1,20 @@ +age-encryption.org/v1 +-> ssh-ed25519 V1pwNA j8XFmU0Z3BjgqNCkfkGFxSt1gAxxVr9iFGHXt/1iCk4 +g7iomVI50B+gDqUv5lmUufqGEUpcSqq9R1MiJsuhMMI +-> ssh-ed25519 rIwlvw SYh2UV1EZynbMviPYw2kxw80zJuSggxbFlAQjH+UBgE +RWUQGKaeVaVSZ6hD4kUFL7YnSOvxyOXM1Ox3fKRcJ+c +-> ssh-ed25519 q8eJgg uxyqTwxrafvZQ/HfUQ2Edmlr+8ogl2/3AuSQrhXrdSc +vtvcIrznaBxURp04vFnbK9Ub60DqOKExOjMQO7sQJfc +-> ssh-ed25519 IzAMqA 9B3XvLvFKHumwsfxIsNLBPWS3bnpmvwJJjsx+bZ3wEc +uIf1IEAh2Antx1hlllo5+VmGHqln1AEwe94ZIukSDGU +-> ssh-ed25519 uZzB3g IAL5COq6aK1S1Gc7iY8llTguXLeYHw1b527Qw5XvGV8 +lGdO2P4y9KEvo0D+JIeA8bvDrDpJo1BV8llAlVCkYR4 +-> ssh-ed25519 Hb0ipQ 35nXPma9JeM8TCGJcNbYJxm9bIyoxVp3D6KLoJf4N3A +JfSNyOQ+76z6/0sYh2zgbYzhIeCeKU5Q+k0bFKHgo1o +-> ssh-ed25519 IzAMqA huVJf1RnhlZmG2+zgw1kcBDlQyj6AK3iuPe4+63dhDI +4pKzMmdTY9jc1it4V5T1QbIS46SE0ByJBIts9qBBwVQ +-> K~i#8-grease Cj3&8-; " +nr1dXH1Vn8mUXtGI +--- +23A15ysmDeSoUnTeKVIYouSDRjAp9uUbHPPVLM3U/8 +C4Hy{C$7,Ѥb3c@Pld0MI܄͙`'L'4_$,Qx +oG2>d[3, p}$m 83x'H~JO0\FT\ \ No newline at end of file diff --git a/secrets/ldap/details.age b/secrets/ldap/details.age new file mode 100644 index 0000000000000000000000000000000000000000..51b031c21d7e23cfbbdd7b40cfc4cbbaa1143c7e GIT binary patch literal 1240 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5tmD^vTQ( zbN4AOEc2*L54SK%GpI5Pa1V2dH212AbPmtYcFnBH$Sn5=a^&(UitS%{ecq z#L>*f)juOMP2a^OLOamk)77{#J-MR5wZyH!z<{gRs5HRIH&8p=HKj5q-_twM-$_3( zG%wE}C_OwSB-qo`Pus#YGTgn|p0&OP~ z14C1vJhMV)pYU+g%qY(aXV2UWLr<=h@N&oUz`_h;qipA-$N*0R?cz{<&-6miV%LE3 zFnup~AD=*{JQw#O<9u}6JgXdi3mp{-i!#D3^n(q|EdyQCLW*v4a7@e3FwJ!|@$)PSbJy`2+GVcw#drxP0cqjD>E{$2#<8hC$<)x)*V*5zD%;R2wam*hB*)LmH^bS($Fig_B+nwtBm^Vgpdp!MoEBPW zQS4ffoKY5#<{xC@=j-Ou`b?#mULQcz$X;gT4UnVOMe zpzmMo;gyw_WMGyYP+V>l7My5iVGx?{=@zVQ;R^CwfNpwGYGQFJSGH$Zakx)vhFPk= zzE?(SkY$>sdwzCiPKCR+S5#qDW>s2XWJ;uGVyLHASc;!vx`j`YNshl^O0sE1xJ6}p zB$roluw`m_L}q$XVN^tbM^R;1eu#5!kZYP-U~Z|aOL#^>KyapCSeTc0K~j2(PeibO ziDQnpVUdMXM4(AdK9{bpu0mo!m6L~?zfV?(nV)fDfmwy8VZKX_w^^B^Z%$fHNRF39 zuxo{-M@5=xI@eyw7ov5Vf9;lWyovuSr+-iNQ$vK?MZY{F-ZgV&UiZ2mwm3FZF+f~p z?WFS>hwfDLJnP@${C(-m1>KxCyf}QAGhCj|*I(h1bLzi}M&ZSq7x=vNr@j*Lc==wJ z*N)|W`*vyhvK^jAo^u~=O-=oDxkqX1kvpH&+?fx)>3gBL|HYw+teP3^9%`p=*>;r0 z-9Ee9@$cPghR=B@t_U48vizt&xQ>aUP8OTXlI zyH+*B`Plg7UjlWqR;G&WzrMcXZ47AG7df%$XLQ+*^ENU!m=}LG bTsfn?QmOY(`<$>_Hd)cH3lvn=StkPkvLv}v literal 0 HcmV?d00001 diff --git a/secrets/ldap/self_service.age b/secrets/ldap/self_service.age deleted file mode 100644 index 20bf9a658b4a6bc4ec15a24b9f2468c7e80c03e2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1137 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5yWQcJ-;s zGzxX~uS|+eGR;VJH7~AkGzl+BvdnTT@-EGG%FC)UEh@}(P3F>e3re#{_DV}hwQzMc zDRqtXDs&1;aV?9?vIx#{3NlG@DN8lWE3@!4&qued$g@1BtX#p2JWno1%V6z@s(@g}{4#f+fPi#we*?p^qP!&SK#x2l z?+Am?FrQ49Aj6^}cVBedJgXdi3mp~A%MvpyQ+@L*v%|G>1B^qp1AQD_LdpYDjVnV9 zEcLy;GD_T{jEhst@{+ksOPq5mGc$ry9V069vz-zX-Halg5=~3JQ&K%$%JNbT14^9? zGaVBHEipo}G^)zUI9(y2BrVh;G&IuH&$6tv%G1Cg-Ppp=&!faLD$61$%PlR$u_7(1 zEW@uf!1QriX-z2tCC!eQW6tAxgtCaEFz7v!&AfE(|j|XQn++= zbrs6pjdCqLf_zimlEcE&EnTxx4Z}Ud^PNMr4Wsgm3jGVs^1?$641+!Li@79zRJ*R` zn7R1R-HSfk4l7GM5>j7V9G)Eg?@CsAow)g0!@?mzRs&v$*7b4FTyE4nNn*viC+zkc&#f4I8q_02rnq*~4%U@hCOv}*k$ ziC^#9?|aSFmSHq+S^h>SKmG*!nHA4E+3a|Nmu=c{?V7g=Yv)drZ5vK%bs1le{8#<> z%%dRIovW{|+#NmZxvq#8|CQiA3!~4u-{!0n$#U6s@3V-vPRy<~`)`Q7Qi+c1_$YQWKg_Z1)T(cF=eF2AQe#MYaLlDS x#N%2;*6*n5-Dyus!rn(bE!Uj)glpR(Ay<#J@|)-B8Kk~2lALzdZvP4H&j9AnqO|}3 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 1d84f6d..4639eb7 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -113,7 +113,8 @@ in # for ldap "ldap/pw.age".publicKeys = users ++ ldap; - "ldap/self_service.age".publicKeys = users ++ ldap; + # for use connectring to teh ldap + "ldap/details.age".publicKeys = users ++ ldap ++ discord; # everyone has access to this "backup/restic.age".publicKeys = users ++ systems; @@ -122,4 +123,7 @@ in # discord bot and discord "discord/ldap.age".publicKeys = users ++ ldap ++ discord; "discord/token.age".publicKeys = users ++ discord; + + # email stuff + "email/details.age".publicKeys = users ++ ldap ++ discord; } \ No newline at end of file From 6673ba28b1c5f2272e728d0d991c23a1f533cfae Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 15 Sep 2023 20:30:37 +0100 Subject: [PATCH 013/826] fix: dns no longer fails to be updated --- applications/dns.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/applications/dns.nix b/applications/dns.nix index 2f3cf8a..88004f9 100644 --- a/applications/dns.nix +++ b/applications/dns.nix @@ -390,6 +390,12 @@ in { ] ++ create_cache_networks; }; + # deletes teh journal files evey start so it no longer stalls out + systemd.services.bind.preStart = '' + rm -vf /etc/skynet/dns/*.jnl + rm -vf /etc/skynet/dns/*.jbk + ''; + # creates a folder in /etc for the dns to use users.users.named = { createHome = true; From efe1fbd140b52a8c42650a93463c1014803b940c Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 15 Sep 2023 20:36:07 +0100 Subject: [PATCH 014/826] feat: splitting up the user side of skynet and the main websites --- applications/skynet.ie.nix | 11 +----- flake.nix | 5 ++- machines/earth.nix | 45 ++++++++++++++++++++++++ machines/skynet.nix | 71 ++++++++++++-------------------------- 4 files changed, 72 insertions(+), 60 deletions(-) create mode 100644 machines/earth.nix diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix index 823b4f0..4277232 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -25,7 +25,6 @@ # the root one is already covered by teh certificate "2016.skynet.ie" "discord.skynet.ie" - "ext.skynet.ie" ]; skynet_dns.records = [ @@ -48,15 +47,7 @@ documentRoot = "${inputs.skynet_website.defaultPackage."x86_64-linux"}"; # only on skynet.ie # skynet.ie/~username - enableUserDir = true; - }; - "ext.skynet.ie" = { - forceSSL = true; - useACMEHost = "skynet"; - documentRoot = "${inputs.skynet_website.defaultPackage."x86_64-linux"}"; - # only on skynet.ie - # skynet.ie/~username - enableUserDir = true; + #enableUserDir = true; }; # archive of teh site as it was ~2012 to 2016 diff --git a/flake.nix b/flake.nix index e341146..447efb5 100644 --- a/flake.nix +++ b/flake.nix @@ -87,9 +87,12 @@ # backup 1 neuromancer = import ./machines/neuromancer.nix; - # Skynet + # Skynet, user ssh access skynet = import ./machines/skynet.nix; + # Main skynet sites + earth = import ./machines/earth.nix; + }; }; diff --git a/machines/earth.nix b/machines/earth.nix new file mode 100644 index 0000000..b9d8507 --- /dev/null +++ b/machines/earth.nix @@ -0,0 +1,45 @@ +/* + + Name: https://hitchhikers.fandom.com/wiki/Earth + Why: Our home(page) + Type: VM + Hardware: - + From: 2023 + Role: Webserver + Notes: + +*/ + +{ pkgs, lib, nodes, inputs, ... }: +let + name = "earth"; + ip_pub = "193.1.99.79"; + hostname = "${name}.skynet.ie"; + +in { + imports = [ + + ]; + + deployment = { + targetHost = ip_pub; + targetPort = 22; + targetUser = "root"; + + tags = [ "active-core" ]; + }; + + # it has two network devices so two + skynet_dns.records = [ + {record=name; r_type="A"; value=ip_pub; server=true;} + {record=ip_pub; r_type="PTR"; value=hostname;} + ]; + + services.skynet_backup = { + host = { + ip = ip_pub; + name = name; + }; + }; + +} \ No newline at end of file diff --git a/machines/skynet.nix b/machines/skynet.nix index 18cd4e4..6d5ba49 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -6,27 +6,24 @@ Hardware: - From: 2023 Role: Webserver and member linux box - Notes: + Notes: Does not host offical sites */ { pkgs, lib, nodes, inputs, ... }: let - # name of the server, sets teh hostname and record for it name = "skynet"; # DMZ that ITD provided ip_pub = "193.1.96.165"; - ip_priv = "193.1.99.79"; hostname = "${name}.skynet.ie"; - hostname_int = "${name}.int.skynet.ie"; in { imports = [ - ../applications/skynet.ie.nix + #../applications/skynet.ie.nix ]; deployment = { - targetHost = ip_priv; + targetHost = ip_pub; targetPort = 22; targetUser = "root"; @@ -35,17 +32,13 @@ in { # it has two network devices so two skynet_dns.records = [ - {record=name; r_type="A"; value=ip_pub; server=true;} - {record="${name}.int"; r_type="A"; value=ip_priv; server=true;} - {record=ip_pub; r_type="PTR"; value=hostname;} - {record=ip_priv; r_type="PTR"; value=hostname_int;} + {record=name; r_type="A"; value=ip_pub; server=true;} + {record=ip_pub; r_type="PTR"; value=hostname;} ]; - services.skynet_backup = { - host = { - ip = ip_priv; - name = name; - }; + services.skynet_backup.host = { + ip = ip_pub; + name = name; }; # allow more than admins access @@ -60,41 +53,21 @@ in { networking = { hostName = name; # needed to use the dmz first -# defaultGateway = lib.mkForce "193.1.96.161"; + defaultGateway = lib.mkForce "193.1.96.161"; - interfaces = { - eth0.ipv4 = { - addresses = [ - { - address = ip_priv; - prefixLength = 26; - } - ]; -# routes = [ -# { -# address = "193.1.99.64"; -# prefixLength = 26; -# via = "193.1.99.65"; -# } -# ]; - }; - - - # primary ip for logging in - eth1.ipv4.addresses = [ - { - address = ip_pub; - prefixLength = 28; - } - ]; - }; + interfaces.eth1.ipv4.addresses = [ + { + address = ip_pub; + prefixLength = 28; + } + ]; }; - services.skynet = { - host = { - # website is still hosted on the internal IP - ip = ip_priv; - name = name; - }; - }; +# services.skynet = { +# host = { +# # website is still hosted on the internal IP +# ip = ip_priv; +# name = name; +# }; +# }; } \ No newline at end of file From 5acbd129605aaaa042548b67c35236ec76f690ba Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 15 Sep 2023 21:19:07 +0100 Subject: [PATCH 015/826] fix: allow the dmz skynet server access to the dns --- applications/dns.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/applications/dns.nix b/applications/dns.nix index 88004f9..8ad62ce 100644 --- a/applications/dns.nix +++ b/applications/dns.nix @@ -377,6 +377,9 @@ in { cacheNetworks = [ # this server itself "127.0.0.0/24" + + # skynet server in the dmz + "193.1.96.165/32" # all of skynet can use this as a resolver /* Origianl idea, however all external traffic had the ip of the router From 7d7f402b6d8f803e4a4305a341ca4b32879690ad Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 15 Sep 2023 22:03:52 +0100 Subject: [PATCH 016/826] fix: seems like we need to keep the two network addresses for the skynet server --- machines/skynet.nix | 35 +++++++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/machines/skynet.nix b/machines/skynet.nix index 6d5ba49..c81cc7f 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -15,6 +15,7 @@ let name = "skynet"; # DMZ that ITD provided ip_pub = "193.1.96.165"; + ip_int = "193.1.99.79"; hostname = "${name}.skynet.ie"; in { @@ -55,12 +56,34 @@ in { # needed to use the dmz first defaultGateway = lib.mkForce "193.1.96.161"; - interfaces.eth1.ipv4.addresses = [ - { - address = ip_pub; - prefixLength = 28; - } - ]; + + interfaces = { + # need it for dns validation for letsencrypt + eth0.ipv4 = { + addresses = [ + { + address = ip_int; + prefixLength = 26; + } + ]; + routes = [ + { + address = "193.1.99.64"; + prefixLength = 26; + via = "193.1.99.65"; + } + ]; + }; + + + # primary ip for logging in + eth1.ipv4.addresses = [ + { + address = ip_pub; + prefixLength = 28; + } + ]; + }; }; # services.skynet = { From ef6096e6e04d925f51bd8cddcd71d1418848259c Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 16 Sep 2023 00:04:39 +0100 Subject: [PATCH 017/826] feat: skynet user stuff is now segregated to a server that is untrusted --- applications/skynet_users.nix | 72 +++++++++++++++++++++++++++++++++++ machines/skynet.nix | 26 ++++--------- 2 files changed, 79 insertions(+), 19 deletions(-) create mode 100644 applications/skynet_users.nix diff --git a/applications/skynet_users.nix b/applications/skynet_users.nix new file mode 100644 index 0000000..8fa1058 --- /dev/null +++ b/applications/skynet_users.nix @@ -0,0 +1,72 @@ +{ config, pkgs, lib, inputs, ... }: + with lib; + let + cfg = config.services.skynet_users; + in { + + imports = [ + ./acme.nix + ./dns.nix + ./nginx.nix + ]; + + options.services.skynet_users = { + host = { + ip = mkOption { + type = types.str; + }; + name = mkOption { + type = types.str; + }; + }; + }; + + config = { + # ssh access + + # allow more than admins access + services.skynet_ldap_client = { + groups = [ + "skynet-admins-linux" + "skynet-users-linux" + ]; + }; + + + # Website config + skynet_acme.domains = [ + "users.skynet.ie" + "*.users.skynet.ie" + ]; + + skynet_dns.records = [ + {record ="users"; r_type="CNAME"; value=cfg.host.name;} + {record="*.users"; r_type="CNAME"; value=cfg.host.name;} + ]; + + networking.firewall.allowedTCPPorts = [80 443]; + + # normally services cannot read home dirs + systemd.services.nginx.serviceConfig.ProtectHome="read-only"; + + services.nginx.virtualHosts = { + # main site + "*.users.skynet.ie" = { + forceSSL = true; + useACMEHost = "skynet"; + serverName = "~^(?.+)\.users\.skynet\.ie"; + + # username.users.skynet.ie/ + # user goes: + # chmod 711 ~ + # chmod -R 755 ~/public_html + + locations."/" = { + alias = "/home/$user/public_html/"; + index = "index.html"; + extraConfig = "autoindex on;"; + }; + }; + }; + }; +} \ No newline at end of file diff --git a/machines/skynet.nix b/machines/skynet.nix index c81cc7f..e497217 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -20,7 +20,7 @@ let in { imports = [ - #../applications/skynet.ie.nix + ../applications/skynet_users.nix ]; deployment = { @@ -31,7 +31,6 @@ in { tags = [ "active-core" ]; }; - # it has two network devices so two skynet_dns.records = [ {record=name; r_type="A"; value=ip_pub; server=true;} {record=ip_pub; r_type="PTR"; value=hostname;} @@ -42,21 +41,12 @@ in { name = name; }; - # allow more than admins access - services.skynet_ldap_client = { - groups = [ - "skynet-admins-linux" - "skynet-users-linux" - ]; - }; - proxmoxLXC.manageNetwork = true; networking = { hostName = name; # needed to use the dmz first defaultGateway = lib.mkForce "193.1.96.161"; - interfaces = { # need it for dns validation for letsencrypt eth0.ipv4 = { @@ -75,7 +65,6 @@ in { ]; }; - # primary ip for logging in eth1.ipv4.addresses = [ { @@ -86,11 +75,10 @@ in { }; }; -# services.skynet = { -# host = { -# # website is still hosted on the internal IP -# ip = ip_priv; -# name = name; -# }; -# }; + services.skynet_users = { + host = { + ip = ip_pub; + name = name; + }; + }; } \ No newline at end of file From 9f42b60940226ba53a5f16f6c8f8793cf157b6d6 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 16 Sep 2023 00:30:45 +0100 Subject: [PATCH 018/826] fix: properly set up the routes --- machines/skynet.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/machines/skynet.nix b/machines/skynet.nix index e497217..13cfd14 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -15,7 +15,7 @@ let name = "skynet"; # DMZ that ITD provided ip_pub = "193.1.96.165"; - ip_int = "193.1.99.79"; + ip_int = "193.1.99.81"; hostname = "${name}.skynet.ie"; in { @@ -58,7 +58,8 @@ in { ]; routes = [ { - address = "193.1.99.64"; + # need to be able to get to the dns server + address = "193.1.99.120"; prefixLength = 26; via = "193.1.99.65"; } From 22163528d942ea1fa6a43fcb9e627b49ed857686 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 16 Sep 2023 01:35:26 +0100 Subject: [PATCH 019/826] feat: earth has been revived to calculate the Question of Life, the Universe and Everything. --- applications/skynet.ie.nix | 13 ++++------ machines/earth.nix | 9 ++++++- secrets/backup/restic.age | Bin 1920 -> 1954 bytes secrets/backup/restic_pw.age | 25 +++++++++--------- secrets/discord/ldap.age | Bin 1183 -> 1066 bytes secrets/discord/token.age | 25 +++++++++--------- secrets/dns_certs.secret.age | Bin 1484 -> 1554 bytes secrets/dns_dnskeys.conf.age | Bin 854 -> 887 bytes secrets/email/details.age | 39 ++++++++++++++-------------- secrets/gitlab/db_pw.age | 27 ++++++++++--------- secrets/gitlab/ldap_pw.age | Bin 771 -> 803 bytes secrets/gitlab/pw.age | Bin 718 -> 757 bytes secrets/gitlab/runners/runner01.age | Bin 722 -> 698 bytes secrets/gitlab/runners/runner02.age | Bin 739 -> 697 bytes secrets/gitlab/secrets_db.age | Bin 763 -> 761 bytes secrets/gitlab/secrets_jws.age | Bin 2282 -> 2296 bytes secrets/gitlab/secrets_otp.age | 27 ++++++++++--------- secrets/gitlab/secrets_secret.age | Bin 784 -> 817 bytes secrets/ldap/details.age | Bin 1240 -> 1177 bytes secrets/ldap/pw.age | Bin 1033 -> 991 bytes secrets/secrets.nix | 9 ++++--- secrets/stream_ulfm.age | Bin 2801 -> 2830 bytes 22 files changed, 90 insertions(+), 84 deletions(-) diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix index 4277232..190366c 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -30,12 +30,12 @@ skynet_dns.records = [ # means root domain, so skynet.ie {record="@"; r_type="A"; value=cfg.host.ip;} - {record="2016"; r_type="CNAME"; value="@";} - {record="discord"; r_type="CNAME"; value="@";} + {record="2016"; r_type="CNAME"; value=cfg.host.name;} + {record="discord"; r_type="CNAME"; value=cfg.host.name;} ]; networking.firewall.allowedTCPPorts = [80 443]; - services.httpd = { + services.nginx = { enable = true; group = "acme"; @@ -44,17 +44,14 @@ "skynet.ie" = { forceSSL = true; useACMEHost = "skynet"; - documentRoot = "${inputs.skynet_website.defaultPackage."x86_64-linux"}"; - # only on skynet.ie - # skynet.ie/~username - #enableUserDir = true; + root = "${inputs.skynet_website.defaultPackage."x86_64-linux"}"; }; # archive of teh site as it was ~2012 to 2016 "2016.skynet.ie" = { forceSSL = true; useACMEHost = "skynet"; - documentRoot = "${inputs.skynet_website_2016.defaultPackage."x86_64-linux"}"; + root = "${inputs.skynet_website_2016.defaultPackage."x86_64-linux"}"; }; # archive of teh site as it was ~2012 to 2016 diff --git a/machines/earth.nix b/machines/earth.nix index b9d8507..f2eee16 100644 --- a/machines/earth.nix +++ b/machines/earth.nix @@ -18,7 +18,7 @@ let in { imports = [ - + ../applications/skynet.ie.nix ]; deployment = { @@ -42,4 +42,11 @@ in { }; }; + services.skynet = { + host = { + ip = ip_pub; + name = name; + }; + }; + } \ No newline at end of file diff --git a/secrets/backup/restic.age b/secrets/backup/restic.age index 944ad4b274b1e1c7532371f2d14c1d0c6db2a688..30e05af9b85583ae7a850c1207d8b5b4b6d2a746 100644 GIT binary patch literal 1954 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5sZ~H!QRW zG&7Ad3`r@i2sF$OcJnRsax5>3jPxw1atX{%_46<>b1pVA%I3-m@$rlBFZc1S^zg~E z%=R(P$uCb!cJZzBGYkmM$utReaw~QA%nJ63G(oqm$g@1BtXv_WtjNc)peP_er`*EP zvA{Rk-y*4~D9yh> z(+GWUkD>_k@QTR7(o8pVXR~BSmt?NUq~yqg#ITCW5|`jmpi; z%Z#gX4Fl0_D{xBj$}LxL(=Ut)4sF%G&gWhi3rZjDM}3uOw3Bo%}7VL zt;{IWz|v8n+%??2G^5ldNIP9WFU7;$JUi69(AOf&G~drOyErE$FF(@9w<0*eJ-3)k z-@V+_$1JSKBt4+q(V(=rC?(7%D>5WE&os^7Gt{Eczc|%B$}l9j%q;eZ~dH9ZU3T_aKp;53U>^@xr9{(XQnHd1(oAUz9W_xD3MVVM+y0{ocnIu=G<{AW~7MdC-Wd(9YItQe<`)B1uqU=9ees zmpfZlga(8~IJ#Jvr+KAk8XFpWMwq8MhGC?V(x@sY<8+0*yzngTG=mU#j|y+IB(IF9 zU_tSk$*Oe$A!EOHL7^sY<^3NJM?O)E%p%lGlmtf~x5 zuFNPaHS+dx3MlhVFZB=5&v4`lOLQyG%!%;MORX%6C@=`j3`#UB$`7jyDDg7PG%hj9 z$*PR-F{&`|Ex^d#o>h*%g^miT;o(M3<&nWjrmmKLk;UGX**?V<#p!OYQ5Jb#o>}>U znJJdehS`}F2Kik6eg(!Bh2@1w`rd(Fk$%q3o|ayoMLva*#okE~PJX#*u6aHoQCtIEs|amq)xE!R6s zJF{FNFC;ZRprR-wvM?z%%P_=0uh^&9A|=~DJ=52`IH}ytJKroLuQ=Ds*Dal^$S~C> zzcRHbDc!`>xG1vJ#4IYK!rdv~B`LSm%v(FTI9tEmH8e3iz#Ah61Q)tE7QWoBmh`MbJ#o4C7sR#qAs7~(9N-|puD)G+}GbV#jVgO+aMz|E6bHD&)3Au+$6}!D>Kz8%EBoir!d&m zI3u{sB*ag z16_=ZvNM95^1=-boJ0LB{5?GN1H6sAvx^=5{R#_{^qs>CeJ!{ix@W5D@T>H@Hrz`w zGR?5jce!*mfAfsQPtg(Q-3v|$yw+|p+WzDI-HOGkN|BFkn?rsn^Va-BdPht!cyZTiUGv D@ zi}a9+RA=LeQf&i$N4I4697l7#((;|$v=gHYvXV>k z!a|LTf-yoez%Vn%D^MY*D$^|@C$!MpC9^2F&@Hecv&zt=JTuY2#4yd&)w0kmz}z=8 zG|N0QJejM|#H&(2xXdjv!oxEuQ9sMjth~h3%_Sw+GPE!^BHO4SDMUNV%_Swts~p{L z1x_hmx#bE0RoUj@rIAi)o{@!luEp8r?oQ4rVY%LhJ|+e^PKl}B8BPYp1*PVW=>}YZ zX~t>pVQ!%w9==s2UOA+m?k=ATLu?+=4PYY77<+JXjZOZ8t7OOoK<0( z6j+pIm>#H~VxV1?Qsm(tP~n=F6&zuj5*%P)mQtD-7M9Od5Mbc#pPe3QZmb{R<)3b5 zX_Ao>kQkI3;cXb8pO)%cm>y_s5*AolmKlm}n@d<#aAvwfwn;#ed4z{qx_f1DZjqsJ zxOr$sT47mMPM)uJYH2`na!I*)zL|EVdAKi^xnoF1a7vPgt65Q)qftSSvv!C@qOoUz zpLdyMNvfr@M@d?upGUA?MJYx|mPS=M8K)~GTO_)L1excQnmBrzrQ{`g6kFuv8wXaF zds>#4c;^}#I_DR=hNS0ag&1(9gnMWB7Q2~en0t8mmZpW|`5OdiC+jogu9q{y11hIt+FiGGO1j_J0&GDB|XR_F*L=m!r3>!(kQpwDI+U8ATKAtF)_uh zJTlKz+cLSlyrP)P$u}|3-7GhvC_Tf~*T>r+w6G*H-5|m-Ez`^}H^|*5-!iW>-`BUi zsLT=FHqRXOrta-j|k7~ z6juu_H}}dav(!ApvJ_Jfv)nRgOS6DVe{*LieG9KB7cWnzd{fQd|-lkZc^0YZ7W)WlWiKO=Yj@RZ0X?{rU(unMD~psHMB17nPGGPuyiDc4aUJ1@!KCn8fn*g3z* zFWEm$J0&92DJ01yAh*oPF*mRxJvlfhqb$@QD%gO_+cC_$$~UWAJKP{BIkz&cD$LD2 zv>-J#D<~k?HMCIQ*vK!jz+At)%(58dH|@C6oLtocGu`x})WqUc1yct_t~Ad?Eq<<2<7r6E0m{U4;_!B8zk*A7kT)T(Me_IzXW`eP)1_C=%1(}EUAb+6ndz0%kDr;IPPd)M_E1;*CX<7$n5dTDhO|vT zZwrf0;-AVed&`-Q$jT=UW{M)6ylei=4$FBh-pI13a<1sQR|1Ar?H8j@9w-ie)xomQ X_^MU?ft@7<$zM!FdpRN)CTaoz`wDqu diff --git a/secrets/backup/restic_pw.age b/secrets/backup/restic_pw.age index 3ee1a8e..cefa981 100644 --- a/secrets/backup/restic_pw.age +++ b/secrets/backup/restic_pw.age @@ -1,13 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA 5icNZy9IB42T2Xnph6z0VGznaxiB0MHtC4yBUEOM534 -avacsmljAR4DA0pdHq42o2YunyLweTjaX91QiuO7/0U --> ssh-ed25519 rIwlvw r7IUmFs46NLNgITxj2hNMv2neldFI/OXlzpQOOZ/XD0 -MkBLRr4uXWXW/xTo0EtkX2y5nbSwEfc6ChkaiIu8VoM --> ssh-ed25519 q8eJgg jetnUDWCkX8P4fcvb3hA12TJolDKO2ZqcdmxUmx5myA -Ru2q2Y8+iIe7imaXeb9MTZyOoCv4P45SNgxGGxQlVRI --> ssh-ed25519 mKj+iw wwsRXk+Wn3u+y+b/b3Fg6hSmJiV38tmYgRJqsStMnU0 -avS7XgN/GYVi+2pjNTG+CZOLcKo+cPpCEPCVZV3DHF4 --> '$-grease y' -VGZ3E4+qHDVztqvY45Bo65M ---- u6b8TLW9fI2nKMvP1HCIRk8vIHWLrY3U1K8wse/s72s -vTK&|l4.~o C&0̤9Iƈwڐ^ sH=3|E-CoC8Mp 6kLoM \ No newline at end of file +-> ssh-ed25519 V1pwNA 5BxnKpNoGWuQG/pVytgKRpMkn/TwoqtVD3Fl/duEfic +D1VRvzTERMj+b3rbuzpf9MlkmqXhjL4pJ3j7ppDzlKM +-> ssh-ed25519 rIwlvw 3+5Nc2DgYFO1NRxcKFsEIAuchFswtR8XBnHfGzzB2BU +qc+ZQqno9KqTllicGnBLCnsl5ReSAEj57ZoMZpYqysI +-> ssh-ed25519 q8eJgg Rh/L7KPlDHIPCh/5KYkq0VWSikOK6iY0TPsNfQldR00 +818Q+MM49omroQlYSAg3bEvQtpkv0T8HOB/DI9bZ5xg +-> ssh-ed25519 mKj+iw Tv1DL5F5ouQiLJCtVJLH9AjHgg5sl6sl+JfAqFuuqHk +7CQBfJzeD1FyGrtV7ocZbltL9L3ckm097ldW/HqbPe0 +-> w({q@-grease g%? +9qeZNBaO +--- nwb+peiKCQNrSbgvFuCSP1OTkEFNRuqDDQ5H9F52Inc +۰a' ) +R`t ]zhtgyE =nZ%lz"ݺ H~LC| )wCռg C5 + \ No newline at end of file diff --git a/secrets/discord/ldap.age b/secrets/discord/ldap.age index df1fa6e51c1e3d7c717953ed25fd53e3bfe39957..3a2ea8843e6fa84088093882b30a8781e8c5acea 100644 GIT binary patch delta 959 zcmbQwxr$?gPJNkCiKB;Ure{ftSz2YVmuId?NT#W?ft!E6r)7F(ZdRy&noE{xO0j32 zFIQl=SDLeBMuBNYVoqY2c4$_vp;=yNRgSZ(XOK^^Yp|uWp?8RDa9~M(GMBEMLUD11 zZfc5=si~o*LXl^APFcA^hI?^YKwfxyT4-{qXIXh>sGGTwcVSXUX-U3Wp+SasPpA0>Dgwk`kv)UOOEUaJ zvrCFMXf1 z)Dp|6^r{>aw~~yCut>9X6Rzwc*ZlPG%#ggCB<)iD@Eq3wlX7>%!n~>|i^8IiP;LJ( zQ6@`VFh9NGwj=@3sp8i!HW}fC%sTPIVAfK4J z=%yE?CKjhE_?BBKm>Ic7m#K3Vn}mnw7dtye`0EF{RwUP(=UJF|ndm2T>FVk#xSN<{ zJC-LqB}EyeWoBgQ%eCEWW<>{#n zo3p$U0{CWrnU~|zC19taa`$rDlQo|IV#W7 z`(g`Y^zJ;bs_uWE9Fu>0f%HwA1Fx>M?|YRH_Em^$ZrL64{<9Jc5z|bVPprs{Ke}L9 Z_Cdj0kL%u9dq(;neE(gs+i_9ec>ur!SGE8E delta 1078 zcmZ3*F`sjSPJMP>VorIGcWJnJqIaTmazJWGv1gE1kiTD5hIwjMMtYHFh>xqcXN7ZR zIhVI*M2VT9Wk8T$iHnPOaa3r4SyfeLc79f*TXIghd!B*2cCm@6i({x|AeXM4LUD11 zZfc5=si~o*LXl^APFcBvd$O~CRYhTeyKi<*epI%XrCW+il)1l!WsqS`MOkrCa+alW zRasJMNv>-)mz!mHQACt!L~c-ESz>5NvOz>qaA2g7Q-yJ&cS%*UN3piEd09}Zv7dJF z#E;_PZka}2QDy0cZs}znMI}yN;Z7B$&gNc)ZV@H{DaLt5Mqy5gp&`W?*;VOWzF9tz z5m}k~>A^l(=80)8C7Gp(z7+*YX8NwisVUl~DdxfX8D_&YmvyAg9 zJ+;$ZjotG?yd!+g3(7K6Ec`0Xk}Zle0=*0-pJf!UFRn^)_6dme(zh(|a`rALjYzLB z3ymlYcMotkweU;Njr26mbTyfFi#< zQ;XEng36#$3s5lC8m!$`VC2Qv=r{_3(1Z7v2g+^w3`y_>? z7kiX*1!nr0Mg+SjSCl)I8>M>$6ju0p=Z2IP<#?BP6nI$_x*J;hmAhvrnVKepyb>L3 zXQ-QAl$uzas*vEUpXTMG?VC|v z;aeW)n;Gcm>f#t2S!I%wnU!hmm8PBVX`o${6`E9O?ros&X316M6{4^27~mV8INt{+$w=H{R89FUY2FXb)@9o9q z5||sxrCYD7tB{{+P*Ukp72s}C7LXWFSz%NeWt{Jylck>#oLg=d9^&VuZIPK2nyT$& z!DVx{WR)g&iG?1&`ajEwHtP+w0xI-dE%&<2ud^>vbefTH`GU-pZJ}?jCv^*(hZtO* z|8|02`R*UzR|>cr*RxKT@P~!%Ux}^w&PIk%sB!GDiSU|RX5Rkyj?ChJclnX;k?q{qw4bajX1<}h*Wmht?a6a>cyyvg nvZ^%x#LRNLIDOU9Y6hE=Gbaj|7cVq*Ua)>s?D ssh-ed25519 V1pwNA wF/IvDrcLFTxYAauDal7+Gz1V++n67HYmojv+NS2wwY -2JlEICPHzgXGSLT7t36htE46YZ0fJsdjrT6NnCFVLLc --> ssh-ed25519 rIwlvw tk13mY+KwEys50YTX9bbEv4324BXpWh+3G1y6MrQrRY -sOc+kY1qqtT99TbbxPFuMIpcn72may5fERhCWgV7RDU --> ssh-ed25519 q8eJgg YJpV/03pvcZdQjQBecnP4LZUG+2Qiz1/3COTmNBNOXw -7qRtCRYSaXzcx5xZ/I9xAdsKz9QRaObpFQdRkLDi9lQ --> ssh-ed25519 IzAMqA 5odTY81LRr8ZMmFbAB8K5xgaWBr/50xdDNPJ/n1URG8 -pYpYgKxnWQ4xXgudtS43yp+X/wf0pLiMgASsrT6QCRE --> P`-grease >u}h_O$ -aRLumKxsQDFmx3TQTp4UVJU4RdB3DdiikrHSKX44AVH3gk41CZXFPc7EiCcafONw -2yXUhseX6EdlUz+JfNuU5fTOfck ---- BlNT3gxZ877Ln8DVUtidwmekRUIKOjaU4lbJYd/NGFQ -Y O zD& ^\ nbqG6MdU)q|栀[<_y 5|<XU \K_tM0@C'[ɈYNJn \ No newline at end of file +-> ssh-ed25519 V1pwNA JcVt8mc8oJKHkvLqwI6eQtgiOYFHyjMINWh7AfGqYUY +HXS8IV0FzOX1+m693NwsDvusU+R3rITQK/SMf3+ojMo +-> ssh-ed25519 rIwlvw KA+all3CHwe8FKPLlaTOQx5+GQBDF5/XbdLyYkyoIBQ +YbNMLE3igtItkudpNZAm0IVKL/48tHP9vtDdAvF+W9c +-> ssh-ed25519 q8eJgg DetWRzi3dAKwxYnvwxGcUTaHVDvmDhJHMmLkzLjM9AI +1vlapxcrpGBvw5DbDElzNx+DNf/qiZdqama/nq6GuYY +-> ssh-ed25519 IzAMqA 7dKZyMuZLWmw1GjenP8MApA9V7RtTv+rpdgMFv6iBnc +BKxdWlq3sK2c5/7FXNasmPd63TlPgTfMtucyyIe0oqo +-> ^r&-grease jYT $_l < Ul<7BW + +--- tyAurEOEQftDXAAfOmg5CAaeX+RkiPM+pjKYWAZoSKA +eiacV}P <^L_8vjwP&^eb,Ev2 ېn\tVDm y퉜>piX :HDo um} \ No newline at end of file diff --git a/secrets/dns_certs.secret.age b/secrets/dns_certs.secret.age index 87966ac8c4e261bc2a8649fdc247cd4d2d1c61ed..7723479789fe51b202a1666c2f4af72edbd822ae 100644 GIT binary patch literal 1554 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5sbZ%yx;& z4K*$;bkD2^&d4xHjj$;6(XXf|4@oNZ$_fZ8^hgW#G|mZgG~vqjD+mj#EQ)lsh)Qy@ zG!4_&HYqbMw=i+9D04K)%F+*a)OR-x@GbVTOh&h@$g@1BtXv^KO*_glsiMd)-OMLH zEhw}gEYr2jBE`4N$<@^|qrf7tB-r0D(=#$DJ((-d$j!^x&C#RE&)Xoyz{11C+%2j+ zBrw2WE6JIj}?<()iK-bh{4+E|W_Xs1;(o_$_T=TFH^Wsng3va(tkE{UifJ|Vq<*1?ldD&vflr`is%5gNQ?Ze`XCO4v2KF49w8?cQ-Ki_YDrqjf^TREi}(4^~nj>_sY);NOTEv*=2>f5oVs@ zP9;Vb-sOSbp&3QVhF)3vo~cQmhQ67uu3YYE&bdzRP6g)rW#z#I?wQV}QP~CI2D$p) zZoc7VPWmR^Rh7lL+4_n87`AyN8Dtg&Dukux7Ukq>m!{;p7*&OMm6cSQ_?6~HMEO_b zSe7OESbCL~7)0m?xg|z;a#gtI7W?}qmYY=?S?ZU%XBb+9n--S)SVR>#<|k`slvxzz zx`&te`}jqL;_#c1TegRpc~Pl>qkpM)pjVnpfMrx#W>$Jes6mxyR#}c^kdt;+ZeekS zb268ArE`E|aIj%OdW5CFSz&&JNmY4po?mc5zMpoEX+^ewVq#`qV32#3aUjUH@LJvU zqSVCVR4#olCwn7t?a%3R5Ge)Z(0sd`r)QOpnUKAd9f@;+z7*q@a>= zE?r$+1y?Ui$Bc51u#%GU09S+1ApeTsBu5Lk2oLXk|B_JSz$BM|@_aY%z`{UJuDYXq zPXnZsdB04Qjwt{-^CZQd+`V5kZoSLa%& zwld4n*~P}R^V7$B%im>BmetNLx&P6S<=2yo?K_u<_uu_(p1EDM3CJUbP)?c2}e UD4!$K_O@=y(R-U+wq3ah0OBhd!2kdN delta 1362 zcmbQlbB23@PQ8V@zh|h6rFXeOP6tDexlXQJ9&SDc zC1s%jY35M@=^jR@Cf@!LS%IDzF2!k~rWuBj`oUSw?qzwwWuX?6;~B-nD=pj$b1fW0 z()=^S6BED&6wA(%f?^(#+EJ!~FCewbQC9 zwNrz$v$Z|64f33V0?PAC48u~(OdUhD{Y#Q3pJf!Ux6BWAD-2Ewu<-LNOEuT`$u#x# zHz>@Hh}6$A$gMK;$@k1OGRmv+3&{=TN-9aWFgFh?aVydSN)Joeai|ne^<+jv;fnr>|CQjpD;7CoLv2E zcS}RZLRW)q^a%H?a`Y{9RH*dv56LaeDGD?Vb23YJ_RLBv%XUsGP0b2(2?}?14=DCB z&CZE(tw>AB^W`#iHE}aB4a;^72`mf@53x-4sxa{{&#?@wC`?Mr$qY5|DhV@7&$4tj zE}opoB3|!i;2q!_neH6y<(r` z!T@vA(kfT?(u|~1$H=0L#6aWRlKiOLD#P+LQ}2Q_PlLe8i7XQJ9%Y7AiTY6?rTPUv zCT?b~K?Z^5dH$|hX-P>XA+D97zNY25`aT9Z&e>dUIp(2hS)oMB%Jc&B?u1iDyQq`*LZ7O{sW0Y3}m2fBOrvIQsAMo#m)+bIUSV)D)w>Q^#@kv$x;w zC%)E@)HFtiLVQ^vwPciNgNnF(O{8Zn}pY__S>E<41l?5AAlR$hh2HqfvQW- mBVK*y`fF;Ew)x-6?Uz2;Hl1BG%_Y{CN6$y)?PQx|7Y6|9!rj&Y diff --git a/secrets/dns_dnskeys.conf.age b/secrets/dns_dnskeys.conf.age index 2c44b758675900c5aee7f521783bef97c99d8902..ebd40c16e0ef09395d55ef10e7fd1b3145d5507d 100644 GIT binary patch delta 798 zcmcb{_ML5lPJLcpn!metxPFLtnSOFbk+y3ZKV7PBog@t8$V2)FAO0Y|LHkYoQLUD11 zZfc5=si~o*LXl^APFcA^iN0l&v8zi!UUo@}c~GRQmzzn5QKq-Czo&C%QE`run|ppy zS#r5WvUaEmSBSG?P*_M}eo%^bL{+hqxj~VBVunewOK5m`W?o8)en6>XW@wduNgfno|)OEx!S=I*~X!c{-(|*nP%Drft4m)Io^el z79pmlDbB9NCS?`+ZskT*g~rYqg`Q3xIi~)(!6_;JW%*$S9v;P$;~6EwGTbUGO(Tt* zos3iSGmk{5`ZCy}bjnoGL;pynH-U zO#B0~bM*5}jDpO)@=YwlJ)ARBUGfVGD-0%|WfZT^Do$~(vZ%_*DK}5ajPNuGEA@BO z53UHYEG`Q*^(}M_FLg{wFZDMzb<5_8DoQqr3dl}OG)*)z4>ivuRYgj6d7x>AZ-INUcbJE9q<4U?o3n3rda8Gdds=?6ORBe-Tbj1Me|lLi zSDJo=rMFL#sZn-TcwVZ0a&m!lWt2&YxpSIdKz2k*CYP?Ru0o(kL9&svZ&7+hTBM1$ zzGX^sdcLb~UVwqVK}1lNwrgOrcTTu>L49gjP&!w!hQ49arw@~3S)&)K^6s%&*%0$O zP-*oNHP-yPri4<_XPbY_exEm?gva)f^;NDe5x=%Uv-L`ZcfqAp! ge_ak1d!MxWpRDm+k-msY3$L^H^rm@R9C`Z+0GQ?-9smFU delta 764 zcmey)c8zUk+FAW zF_%|SNTO3@p@qLuMRrDZXij-RP_e&3q@`tQURqW`iJ@Uirc+72e_(Ej1(&X!LUD11 zZfc5=si~o*LXl^APFcA^n45ubNQ6abc7U;kp|3$$nww8ZmPJxhvZtY&WmvjnNUnEa zL~?m%Vv*UQS+WrBP*WiCa!#Xt<+(u~~6eVQ#i*l$V9U z#E;_P#+4>fAti2(X;B#^nIUcg5#{ctC8;Hj2Ii(F<@uhb`JpKR7M6t;dEpjZMTQpT z#feVlenn~JIogS#sgXgZ#g4g7?g9BBK}Gq=*%djy5ygq7iJ`ue;~6Ewax9E}3Iftx zygV|CvvOU^yuEzQ!YlFvEt1VFf>TOM(zVk9ebPfc+)TJCjkNuXi;eRAiX)TVOA9QD zL!-l>YsC2R@Ec3N+Gb{J9)K4zV z_sXrv4-R%K4|Ma32n)|C%_uDOcQ)b5$nbEF2r(exyQVvc9!`rhyt) zW_^B%NpPl%i;-bjK~kZ9X_;x5cSe|HhF_IyqEn`cg^`zkpm$z`mq(gcp>u_KdRb^O zm#(g^LY{M!p?*MWYGPV(kZEONV6e8AOF&VTQCL}JnoC+{Qn-P3Sfp99Wm!csSCN8J z_H1^+_v@a1V+i_c(Bn9<->`NPSH$8?PZyVPq%b?baY_w2Vw-;K&hw0pYK|{K&nCI9 z%WjQHoEpmha{qqaB6C$n(dv*7F%QDz-tXsUOn;|3^NQisWee3eNmx8t=WnGRbIS1C x^xn-1InA;r- ssh-ed25519 V1pwNA j8XFmU0Z3BjgqNCkfkGFxSt1gAxxVr9iFGHXt/1iCk4 -g7iomVI50B+gDqUv5lmUufqGEUpcSqq9R1MiJsuhMMI --> ssh-ed25519 rIwlvw SYh2UV1EZynbMviPYw2kxw80zJuSggxbFlAQjH+UBgE -RWUQGKaeVaVSZ6hD4kUFL7YnSOvxyOXM1Ox3fKRcJ+c --> ssh-ed25519 q8eJgg uxyqTwxrafvZQ/HfUQ2Edmlr+8ogl2/3AuSQrhXrdSc -vtvcIrznaBxURp04vFnbK9Ub60DqOKExOjMQO7sQJfc --> ssh-ed25519 IzAMqA 9B3XvLvFKHumwsfxIsNLBPWS3bnpmvwJJjsx+bZ3wEc -uIf1IEAh2Antx1hlllo5+VmGHqln1AEwe94ZIukSDGU --> ssh-ed25519 uZzB3g IAL5COq6aK1S1Gc7iY8llTguXLeYHw1b527Qw5XvGV8 -lGdO2P4y9KEvo0D+JIeA8bvDrDpJo1BV8llAlVCkYR4 --> ssh-ed25519 Hb0ipQ 35nXPma9JeM8TCGJcNbYJxm9bIyoxVp3D6KLoJf4N3A -JfSNyOQ+76z6/0sYh2zgbYzhIeCeKU5Q+k0bFKHgo1o --> ssh-ed25519 IzAMqA huVJf1RnhlZmG2+zgw1kcBDlQyj6AK3iuPe4+63dhDI -4pKzMmdTY9jc1it4V5T1QbIS46SE0ByJBIts9qBBwVQ --> K~i#8-grease Cj3&8-; " -nr1dXH1Vn8mUXtGI ---- +23A15ysmDeSoUnTeKVIYouSDRjAp9uUbHPPVLM3U/8 -C4Hy{C$7,Ѥb3c@Pld0MI܄͙`'L'4_$,Qx -oG2>d[3, p}$m 83x'H~JO0\FT\ \ No newline at end of file +-> ssh-ed25519 V1pwNA spQf5oCQRAoyJLb8Wq9cErj4qFj+QId/ys67Had2kxg +cPPYFx2dR80YO2KdyuY/AosyMOx9clhLJoeccTpPC+0 +-> ssh-ed25519 rIwlvw xAa7x2i9mo1N+t+OxGTf/GaeQY4u5XH8Do05ttkSNkM +zSRUYIwphS5fgJ6U3t8aFiz4Iv6UIBI1ryHU9tFsM+8 +-> ssh-ed25519 q8eJgg +d9fWOcWcHD4vsz8+ZtBl9SsmEgs5znDs7/nDcY3ii4 +5mtaV89yy0D2nD5Zuq3hy9+2dnLIY7vKyp/h7rUStoM +-> ssh-ed25519 IzAMqA JZ/JHVH1SzapEZafmwcl79wzaIosUBpusOvIyqVLtBw +qBPjkftgOv34UFGagJdxWnEV4lHwk74s9RvGXmbAMnQ +-> ssh-ed25519 uZzB3g 9eZmtlV60jjnoqaIM4Bxo8ryCBgp05QeTG4pWkJtBUs +secthoMxhrG1PWu6YiaqdYe8WE1JpF3KegAEv4Hrwa8 +-> ssh-ed25519 Hb0ipQ HyzrqvhewmvrtHNyt7JLgscbRn2dC2w6t/J9n3PLczY +0G/ZiV7afnfv1Iv1fZ8k8a5R63N3ssqqrnhBusP5kvg +-> ssh-ed25519 IzAMqA 2xvnn64o2YvsDk0EF8KxCqh9ihGkNn0gBqEpZdyL1ww +8XR9wPOrDixfOrZvUVdDFKcFwXx6OPwG0x3cXz474lo +-> Yme2D,Gd-grease +YSlDoRK+90hE7lEFMFl9+OtPCiGspgVVJVg04uAxmzhhUrY4tKXnCGhSizFDL57j +474F +--- A0sroroLWAvldY2Ry21ctNIhA1WW3r3BJEveeNd2Qm8 +qoTDŽGM/} 大JyxEsm{q1SwFejK>F!D,ukKX5! rA + h]m {m"ƺɴ \ No newline at end of file diff --git a/secrets/gitlab/db_pw.age b/secrets/gitlab/db_pw.age index d030ca7..f26f2f4 100644 --- a/secrets/gitlab/db_pw.age +++ b/secrets/gitlab/db_pw.age @@ -1,15 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA TjC5DbimRqNNh0UQsk2YMgxoVZOQkWsNB10TmlPZLUM -H2H0Jpztcbn15L1Ff1teeWgZaoeKszVWG2GJKkBFuWA --> ssh-ed25519 rIwlvw 9wk9lmhZBsiM5ifMGxlo+8YAKy325ru7u/MZA6gEzng -cAZ0/OqScj9x6vt4gvsrtqi36iIbT+n+iTySssKh3Fg --> ssh-ed25519 q8eJgg Jn7hc5D6m/P7qxdpfQ2hRKKQPchrwtKhV6crxW05RTs -jM16eEteWG2ezgVnBB5t5JrhwnsAKr4cz8srqiWKzR8 --> ssh-ed25519 uZzB3g qC7Mr+9evdjoSka/x5criNYkuha4SuAp/yrCK6dcUWQ -JPHRq5iV9aP2/tBPAuq8wI3eQN2JHH6jNZfK2Fckshk --> ):,9TlwC-grease d?Jj?5>< -I0u2aN62wlBng0jlPPGRwXz5zJbcxW7PLOwHkRkLuHcNNtimd5QpRcr984eBa2hD -HF7n ---- 09T0lHOZiky+5dFYWvhtP6iEHrhHaub8bymCKwzOJmY -`>b_x+{1d%g5li]y܊!$h6AGn3SwNLR1LЊt -q]A arȎDד;Mnk 41W؟֌c2Ywo>}7PW()MWʺMʯls< )E{$j] \ No newline at end of file +-> ssh-ed25519 V1pwNA 6IrV0i7/PONl/4OUyCKwV8A0gao3b6OFNuDpMCJFphY +kldeDhXcpUZ5BGnvJWI30rolcxMiJKIE3vbNgX/o0aE +-> ssh-ed25519 rIwlvw MvBrTwknEme1pjq9pQHVxN9nGW/rCgini8jJ7PLn+Xw +38r9FrUoPbVI6QTZc1a/dskZVuAu8JNhl05J4G7Dqkg +-> ssh-ed25519 q8eJgg rIdtjhNPhDpyJCWvxNS4epmKSmBw+E+IgTFgxrKsZUI +lXxl0h5tEo5a/tXHjZVSao70JIHlSV50BihGiWCqK8Y +-> ssh-ed25519 uZzB3g ry4kzjUrw++lbesQ7LTJOUwVOe8JVwxVXmz65BruDWs +MHjoVNTTkl+B63I4aHYV9TSWIjI4ZzzsYmeCsHvbY3g +-> H#-grease +7j/og2Resq7mDcJ2saALdxFGNLj47TS9TLb6VrBX3ZDv6Q9tz547pvvRlhUEeqeV +We3M8IFvUYlGJpKheyxaxQ +--- KlxQa4U2lJoThWwv5aQSRA38Tv/lH+i+vvIE0SI9jH0 +"&.Hm\u.)Enli_<٪)yx8/7PgH ћf_s${0t8:ӠsHAI)}VeJAcˊΥB!7qZkJb#zP_ \ No newline at end of file diff --git a/secrets/gitlab/ldap_pw.age b/secrets/gitlab/ldap_pw.age index 6fba186a514a7380173d7fd7a46d99daeb916453..ce4d04fcefc7630f3582b84bde239e26c4c9f559 100644 GIT binary patch delta 733 zcmZo>Tg)~=r@pv2BGIDM*)p`O%A?ZBGN+&_T{|^9EUYTX&nMf|&Dbl+Brwn`-`O#v zm`lGXs?0H@yvSSIDtDTATKq^&^*J}JF>(jsU$c!&&?;>Eyy?|H`~y)II}1uE2G%S zEHlhE&pf=CE6K|!#mU*V(9FdoEg;G_yih;Vv(U^U(K6IGqb#jVJJF-0*grS4EV9UR z;z#lDNas-Pun6N~i^?FMtje?;$8_KHAdm9EN|T(_$o$|WpsXOD)Cf;)$7KI}e+!ez@r>g2p}zS^p5;|u zIez64&bg7{1|B7m5iXT3X6^;)5&7PkndX_U`W~)n8IHwV6<%3U1x1CqS^56?fsu*+ zS&<%=<)sz{RiTyH`l)G^&L!Rz#zw{YzCk8jx^@axfwoq*y6Hu!iN&c3#^I%01^H2a zN#%|?7HN*TRoUKd>E?d*L7w@U{&~U9&R%Be?rs5og+bo>mH9^5p;_h`CBDT5p=Mb{ zrNNOF&e~OmrCh%5>4o{e1yL5+<{@TT{uPx$RR#s#6&~iU0YQ<;#Rci+#igN^zRvmj zj(!0_`CPiXx(d$eg{gVYCAn^fRfSPu!KL9LZl-1Kp-ENcC7A~Gj>g(S*`CRv24RWW z>8@PK3xrhKyS`~^zMGmM{y6>CN0E7Le{c5Nw*+diDgL*r$aB|RuSwRxZ&i}o+pr=d znJdfFPdhcS%%>{SIMm6a(Ag>6-@iz|$jmb;!q7L$ASfiqJIyPkBseMAl}p!7p}06h zH#Nn`)YQ;Yp~$m5r>tC|%CO2k&)hGylk|6nKM@D%g1yfW9|jPgoz=VC`+ujGtK{jyR|-x34u0wY&0f2S(b z^5V1*g2>DiSL7T!_b zUS@tiCjJG*72aXqVcy2(nc0p7mX(g~6`@%v2AMwLRS|()ex=zKUT*$o1n1OrjF&HPztlqO)pAKEKXHWR#mVvD5(fku;X$L z(07b-Hpp|%GBNbYsjSy_FRBbmG)m8nbaS`JDULKYa4B&&_e(E~G;<8gGDr&ZNGdP) zud1-jcXu?dC@D4M()KP6&j@!+E~`l9($&>f@bNK8tB6Rp42v)gOLfmOO)cHO^I?umx3Jr_Kl3JKlln0>;z``(HF-)gnz7}QNnESo3E9U$|L zMZPFYd5U+yq=cgrgpPinxXzk4K>Q?!q4CD14R1S|*Kdi>y=3dN_NOvq%GRPbt+KI!L2*HWzeic3V~Lq_ zAXipul)rC5epP<5vq@N9Vrf8fgnOQ=sYhCYc2HqvN|1SGSbCa4S$?s?%M0fkvf<#~aDc?PDTB}t`@Nokp(2C1fn#T8l3d7;T%rG`m4 zVIJ-k&L*i9Ilkq_eu?IZ83siL+EE3T#%|`8W`-_CiB3*ARTjmQ;~B;43oX(LGpYg% z{0+4|N+W$!BZ~6_(=7DEs!E*n6CI1Q(+VTXiX)9&-78GEf|DbwT*Cv5EBqb(gNg!8 zBi&PjtIEuZ4V{yHBT@{_1IyEL!pqFO!^1*Bp=51o7-V6pn_iTfSe&Y0Ymsc~nH+4z zRqU6X9ch#nk>wj?_m;N(^ml51R6n3t&So~3Q%joRJk}8B*!t;$svQ z;Tzu#UuK4uf7yJ6~D{kQ*{oLYPe7FI4gc1`l_{UvEm zRhPZmUoKjk_K@rG#{K`K`U;nN9Y4JN#4Xv3xJ!Dcgt~OTZZ+!c;<~W2(y}Ci*<*KB aXWeAJq&!*PzX}uUms+J~Nfa>Nn)69VYYuzc&bH+k$#k`sd>JETT*dZp=*Gjc2=aPUr0enRpI=IuvsrGqfsendM`>=MWwu9NVx+TSQdM%gZ)H?au6JIME0?aFLUD11 zZfc5=si~o*LXl^APFcA^erQIqYpH3Zw~2djW~iy3r(0@PvX4tdRGxE~VY*jTNq%U7 zM^boleu0w#mv)+=cXoieaapdBS*3fGd8N0%uR(c6WM+v=Vpy_Mkb6O@w^v0;Nk*dQ z#E;_PIew*%5pFKVp+5d)1MZeA|I7G~*_;~B;4Gc1y_{Cvz@ z0xSX|eN&CYQay}+6vlr^%&lSP&KvnO*N*Wa;bT8_1=rtE=Fd=o0Q*npu|SXr648R1{T`k)&^K;p1+c z9A2UA;;(OzXzraDQBsi_5XcoAl9E<=&MVdCQQB#i!dDN!%+8&bZ==5}{EC~cy1_YS zi~8or#xqTwVL0&RbroXcTTicpEB!iW{2}D&8X%`xnDWuuEGa4 zdn(rlYW2K5w@JzAgMpp*9izlEZ};4mm-<^$*!OLU@Xp+rCXr9dLOCjtdXv5H-0S5F lbO}{j`@6wqb*A5|;?xy8{jVyMQ%~PrE{)tc$l$|cVtwiaX>~` zF;}6PV}5FeZ-!f?V@`%~l&i6mky(amv7vi$VUS;jadAOOfRlfqesY1kCzr0BLUD11 zZfc5=si~o*LXl^APFcA^etAZfpJ{5Cv0Id7kcGd$x0`Q@zi(<#nV*-rd5T9wL|&eU zUzSU9ib;ekm!WB~VVY@jj-_#al1X@Qq(N9fNvdC|v2%o3VUe*}l8Li_c1V!3S&+8D z#E;_PiK#|q;n_ZJzRv#Ug;8GSe&t@Sk$FZ@Mf!flDSq011x6vp`K4*;?v9aMfhg z0}C9DvP?2^L!->x{4>jq!##owO%2OjO_H)fp=1|j?~<&;FIqbSWuR2>FDKa67H2|98_A)rK_u} zU~FQR=Mi8QJrw|#tk=~5 delta 651 zcmdnRdWm&{PJOPQX;Gz_ew34sS7cUZXlPkkpl5kOXi!*YNl{34xszvBvU`+QZc(~p zB$t;cbIb^S5=^ARGPkaVQEoCsb6NgTUn4vXljmQwy8&vUu1!4UU+h7c~XvdnX9wO z#E;_P-Vsjbfr*h3CJ|<38IBp{fyu$ynZ}lRzJWR3Ucsq>##xS$83sO{8IHbO1?G{i zSrwMr&ZX{^iSCZ!o&~{?E@5dI&dEiIra>-7As!iq7M4y?iAk=L;~B;4^Ge-}Ei%0< zwM$AoBb<$roD##`0zJ!e^fR5x)7>(nJks2f4IN!04PCRjLXFJBvoaj363b1JOPzgF zTthtzLef1d^uq%xlf#nyjFQSyGBQ&$4NZ$dp%j{3>TKpx;i{Wnl$uzast~9jR_+p^ zpjV}TZ%(FJzb zp6C(aQta((=#^(s8R+DanvosIrK_u};2CM?=#&zfmu((tSdg9-s_mLvq3@jG?&0N= zmJ*VwZR!(Ns-5NOA6V+j#dTbODQo*RL9tZ*oROm|Lb{g@2_>pjTQ*uCZZ6Nx6|x znPIr4vzMVGm#@2fS$Md!zjtMce^8h~sYP&6Nua-BUO~Bgp>~NynomGhc~p9Nn73c# z#E;_PVgAKM$u4=8j%Mbjra={1zD15c#>pNb?nx&3K1JFYQGx!Rg$1D{{#nIbMJYK( z&fdO(ZvNrf9x3`x76k>~h56~_1yR9;Wl3dauI71RF8SG(m8GGR;~B;4oh?iXLYxCa zgVOxdQeARNe7)R_O}uk+QbL@Jol;yQP4%5C6a9<>b1DM4qJoVp-9thWEkYxT{IeYM z48r`4igJqmg0!nVOUsi24J&;^%d;Z_GrV0vp_CI~sheJunpm8wkmB#3@62UdROsVY zRPI#ZX;GRQlwIZTlw6;lGckT7y zZTG&f3g6C@uzZct!Lw%Pg`H(BC8U)ebcd*|bJ!PnCFptDt-hIduG{&`W_lSeODt%r z?dkZ`bVBd(B^iU$jJk2JSJeMY2%7yUw`eU#y~))*%-u>G^xc|%PixBi@jhS@4|BHk OziTcVy0yF-F8~0RY~fx2 delta 668 zcmdnV`j~ZsPQAHzgtt>zwvVf+wvTscSwvKRQCN0BZe&tgskv)_fwyy7T6&OQuBTz9 zFPE2DMM+ggnnk5og{5b1M0%B5S!rsxZ)jwQXIhw7P*SFkk58t%WkpnYAeXM4LUD11 zZfc5=si~o*LXl^APFcA^da$vZTa}w>exzAIM0i$srJH+(L6)I*a=ME_g_pidSb@1o za+!IqyFrd8S6*>Mc~nJtxp!5Cxlu%hb6%upYG|5^cTP!8RakmXwxgv%gmJpBMOmTm z#E;_P20oUNnW_1qW=@4+juBp#c?O9_x!Mt?etF4Brmlqr6{(?lp5YM{;cn$zmFZ3% zks;wB{-x$+;ZFG>naLh`CV^fN6=hX^LH?fQk-m*tvtY+(^>5?JgX;ggo=7GmtA zpPTOG?wpqt!lmt0Y!MjglM!O%?-h~bky>hy=#!e5R$k%ArK_u}5M>eMXW`=(T4mtm zUzt@>;Fwuz7UAQZRqT^rX>4g`d;f}iXoX)Ev2J^Zq}mfwkQnP#~2d8u`rMoz!g%y}!n3C6cG*lan& zbhB{w!=ymD*-;Brt>YHO+>Kgk639D+St?A;_LRnq3Z8qX{xYBL)VRne`!`p8@=E~s C4d+Gx diff --git a/secrets/gitlab/secrets_db.age b/secrets/gitlab/secrets_db.age index 693435807ca18a8b6088f1b28ae9821a416ce3b0..9954973141f7948ee66426e45260f27aacd1cee6 100644 GIT binary patch delta 691 zcmey(`jd5nPQ7-bK~ZE;g|BZ`iho*}wwZsVvwn$xSW147Q))m`AaxS-7{4S!JY;BbTn7LUD11 zZfc5=si~o*LXl^APFcBvr*EETpuWCOP(Wa)N1k?Kk(;}lpNm;UL{N}%en>{KMQCn7 zVL)<(c2;mXmx)=ScX+x-YD%(`wqr`{;p2neE5g}QX z9#JOcUZoyxp@xp(rDj376{X1)LCI#`Mizx`QAXw-8F}F*#zw`H;~B;4%`<$RvQ3>l zqx^CU3r&nY5{)gYoYE4LiW5UDDl+pN1Kd3WT}s@{ld?Uzyfbrs(<8G?veQc=EYm`Y z-BS!*qOyET+%qygL!JGC1JW&wQ;b9OL&AJPp=6R2;$~ZZ|FU=WE*asI_N+Snm*t|5 zes2z&zvow}Plm~dTA%CL2c+NF&+Hz5j7>>w!K$A=mrlpEi}|)qmGs z6&~%l+q#Txna>u(7rkq`iYm2zn1g4WQ<`I=(`?kKS-H!4W5v4F_vM1BJjD*0D%{TD dp02F@?|{dl_rsCA(oaYsV;d2i3S0V&ZT)#0ma$@PM!vaf#Hsm;~B;4gF|w)BlHbj zLfvx9jNG-8-Ml;k4Wa@o!ZPymEsP_AQ-exUo%18AQXGA`%7Y`E3bpf0iUSQJBf`>i zivm3IBK3{59V3j4oHH%V5<^pp5_59ALPE+xp;V<8qo}X0n_iTfSe&Y$s~PAXR;Z9x zn3AvHr;w5xz!hK~>`@VOm|L11QJm-G<>;AiUXc@$of_h2TvA+MSZ-0` zn;V=TknQBDUyF&#AeAHsk!{2@b+G8{DI@wPQ>9^T!eO{~A99%Kc|E4N}SL zn#BKR%M!+uEb6-!u#_FSpD5t5@ye|2nXkNVd=k5TiL>a=l`2)^!$z%FH%hdx@{8Wj zuz@q^`u?@)&C#W48)jrZc95{NzW*fs!FEsMy!SjT$5~ANw%)khY4>$m^_i>!q2|ZF gb$4ENo=`eh^-w8uTfz1A^1mDpv**41v%R|w0GfLOT>t<8 diff --git a/secrets/gitlab/secrets_jws.age b/secrets/gitlab/secrets_jws.age index 5ec637ea5113c61d0cee68e1f4d094c54ecee1cd..fc42335438b843ef260d3a801a0f04283e5670f9 100644 GIT binary patch delta 2237 zcmaDQ_(O1lPJN-Pdy$`$Pf|u&WVlIEk!MM^pI1qKqK}!cQ<0^Uk&#nqa=2l7YH>k& zHdm5!v0qtnhH+V{OL9bhsY!rQvSDUeUQt0tnU}wjPe4^#cBD_ZcA1HBHkYoQLUD11 zZfc5=si~o*LXl^APFcBve_D`HaAI*@WKdG3g|V?;rfXGFYIaUlP+*>GMQBmFPg5)PH zPVN@QX1SH+d43r#PAMLNh8EdQSh3cbwIf}D)g91C-^lbuTQGV?)!RHB&{Y3)`PsGDAtnpm8wke08Y7#@?7 z995xU##I$jW|VJHQSTm=XXxx$6lI?3pKM@KS)OW9?qXV%>tRt)sF?WRPuD)R&4tu-Pe)0^w@=Z<0+GZUDFSBDW0iup z%8J@&e@~aJKe(_)_I7=k)|36ECEdIghYK8~YCb*Eajh+RWf7wP>6V}Knpu;d)kpeW zTl7}MjW6z6|G~HMk#9UL3}gJQ`~{}ZUN+Ts)`8`BcZbZ5{9&uTUhd0|--c#x)jOZr-G5O)jhT>aSimUJC)t_Hr z7QDNR(dXa1Pam&7)z_TGaE@^S^G?y_jOq3D(-c=2F}@MK>v7%1(DquN{yLZLSKRq) zx~#HFg%+3JvAvpQaPQG>#|fSaqF2mWb?4jo&D~nN`oYG# z@!O^Z0ZIw2l8H%(XX?z(lQ@v-viX(h)PvQ?H{_O`I- zJMe8POKrW2vj_8uj+96jiI)5dM^}MQ65+LSt!rlly7AQ%G3=AQ*jQ9>BlyP&(N1k`z%`klNt@p{E9qk*q_Q)4L%Q(O+xcyW5uI!Di4-WgMFPP2F z5V&`7A={<2Et99NI{Nrk#g~^Kx5ZBhZCvy~wd|oEcf9%CXZ4?yS=KMMi;LTFtM(*+ zTif!KDR!S*S1p=kvgXjOi7$@l6qg>CyTczZys&Y4c>nqbs{#t6_!#=0zyHN_bLro+ z?Q12~KW}`ndV5N^!iCE-D(-D$4ehlFwQlEqyF<=zMctLYo98EQ9Z9l;fy=gU;X#>2ZhJV8v9DgW$#i;SvBRt+}#h~vwRVK zwL37L{YUOW>*c`}ryn0#`MhxLO`WUG4(*dHQ$NJKp0!Qno7ejJ`&3i%RHm7Q$u=#G zRDD+Pu-9UA?*GB?*m7q|~q1?f%9xfp=}KBwx<6>JM9_wdHozzg5~} zFEiWVsnMRY_s_%?XEm1<@?BVIwkPe&;m2YBo?Y(Layr1jKWx&9KlS=bYs6-~o7$-| zZyHNAgYe5Exh)c^0sgjS3*|CDO_sYSHFq&*`m>DJ(KfQ|TbUM|KFnAB)$Q+%OPcfJ z-E8zeNvWtV{qv}+w(nQQVGXTc>+apY`RPdgX1_UdOFwj-b7!${-X^rixo-ng>yKB9 zH*Zss2wK0-;z7E|BKCa+iJP+P&I(Di+00-G?<`c{J$>xJ(+?Zw#r~X{t!dGjkfw2H zBRAu>g66=wtNO8WH!iD(UtY;&UHy-LSI?mZwwp5=S~~SNWCg7~n6`TRv^nz(R%cGQ zs^chkLbN_WYFQFTjf-g9*7L6p{8+MidSd+5Ysw-zB+ulEyO)F$4CR9?72Q6>?_3 z6&|z}t<}76Q|Doc>;1@sJTf;77w*bWYtb{gvGVnaUq?>I*ViZLSC;;ju&v+QD=F}t zXPvG={od)edrGD+&*5*~&h+q7ZJc?r&%~*|4xQT4PQpLF|86+eJFj49u_rI^ zyez@|b^{&Ag!#G)%Gqd^Dzq>l~&KVi)^Tuk?YY!#qO}x!G z)$|tMf}4^y&PlH(u?C)J47X}+Qx;kqqaFOGtD`OL)8t3#E-8m!{BoLOV^!~}oT7Yj z>B|QvUBb7#+k1Y;@}S<*p!Gf8j*F*=-&(`+?(4KQ?=u#ut-s6mTe01pvGl2P!pR@& zH@{b!Tz2oob0#i3zJ{>6ew%;iS2yk#y|-k!``c|t8r2&+jZc_YrC&d&BVGN9(Y}SsUPPKnMU`8)zL#a8qf?-vcW{Mkm0MzYmA-elM~PXoV{%S< zAeWDeiL1Vmp;?MSS#C;NcCo9cXOUl~X-ZK>mAQFPaiWQNxtUvGaFV4-HkYoQLUD11 zZfc5=si~o*LXl^APFcA^lDA=0VV;+-tB+f9rf*)BrK_QbUqD!jzJa$-pl@nPv3{XX zutljwh^Ij^S4O^DSc-9uSw>lon|Fa>p>s%5scW*MOIfyIj;BFIRheaaWv-FCWp>8I z4-(=2#uZ-rCPuzarOr-SMa~&n$yIsImDj9MieNg43(A%Z-d(%L>er3mh}F z-JN~ILoyOmvjV)#3zDjQTnjvkQ`3DiLjys96si=IR$#81UX+?xoT?C{@967Wu3%oI zTd0v$s^F`Vo8xT5Rd42~T@~zCnd%sj;hN@}XzAoxX^@l7rK_u}5av^nliVUZTeHEroe(OZJ`VjC`&+H@ORUornT z<(CdanFpVGghfi}f(^H1-$k&=GT*+#Uf^E7sXk=#tRKz$3|^bmzmrHl|E46=g6H=k*lUr>J8hj57vRWdU*bd`@-cFbA);_dY*T#b>^Gv>~&78l$k)X}ry%u=bz zOHb@sx8Z}`N*2}XQt_`lcf`p|>bUWq<;{v7wxeyw^@BcK^fa~kzGd$Ru3+u@QyUMT z^tb$Cx`?w}tik1W+S0S~am!CN-@mYH_J1#++%xN8N4JKCMiD zwbP27^NZ?@MEUHVYd@OucDvm_8xvh#{Z?@n)8SCzv*$K^{i&quo3)l-*7lou+y03@ zf2up9%$q7-X)V#sbhfB1so+|@%fw#$42S!dmF0}@RE_fYgfXW6-C4^UB_yzi_b5k@ z^F!4|D^5MSQU6)o_OE^IgXg~I!!KE`Ss82`wPfY`NI1x>UGlmS3nmd(2L+n0uL4x-Tq&na{Xsr@bhU` z>MPxsmFz6+JJZU#{`j{Z&Dk^SnS@I@o1NYzs&w=k_RJHxGb{3j^NQ)0`9E{zDJmRX zVBfj_(5bC5|1C~>awYiM-%k0vch$NjuG;z<+vMu9I6u#syyVoM-Yks^fytW>=5m|A zHq+vnGSxp^My-8Q^51vGo%f8z825>*D_dsy3T?UmTe6a+c0+07`t&(d?iuAwJ5b*) zwC8SPyfZ(S-QVJrOLFNkf-~1m{gS&Xh*NuiSL^bopKC0Ie9oOb;{KYi@%sTb{`-q{ zVr(N)nD%D<=!s`(y6MB=o@eio0Gp-zc zvXR~Sqq>B5ldkDDCnLo>k59-&FpJ5@JK7zs_fd)t(ulWIvYk4q|BqkhcbSd5%O|bS zG|#o=o6GvTs>eV`GcfO5)`rOa6Z>}A?!3JH=)Zoa`*QBf9{xLN{$JBOo^{8s*Bm!e zl~R~nmhKD=ToY5rbAOlV$%;pl6Iq;38a{fFboYtQ@A}1CG@eYl-QfR<{n3fMoL#D` zR!)d_Uua%$GRczViR{bS&hyybUJQHYpuFY}U*N)%3OkpqJ!fa%&wFeB?=$I)=O?Uc zJnwV7Vad0BmmWRmQ|Fu>XT0*>tJfRZes{=-E?@O%Rg&Pkk9F~1h1OsFA1Y>1ea>>i z=DR%6d`B|d9L2k*)hPSVJ`irds%`De49CmQuPSex6r%Kf@>x+V& ztNIRpZKzVoZ2fmbOkl%OHjSB!TlK?NoNMJgx$j{uLz=`Z7kNSZ&OaT z5#p#;`_7v(`H+eEG$%cCulnfD#E96$nJi0|wyt={;yTCGAb-N)BiB8;ttI?IHXg`0 z_vd9qv{C0Q-l-}rlG5kHcfCw7Y ssh-ed25519 V1pwNA n+nAfsTposX7lyNEDSYfPrAEdLEgLx4Jj2Y00yVfk3E -NrtcL/FaaFKpXgUITbNby6ePXCeKALdhsAY/wIYji3g --> ssh-ed25519 rIwlvw x3e5S+n59DmdjRoRwwnPrnCjJU86s21f+sGM8ACczgk -r4ucjan1nqdJ8oMC/AGGxDYLQKNllCSNUJHvXTYzkEQ --> ssh-ed25519 q8eJgg buPBic/APo3xcrUaGlxdtOyzV5I3fSZ9xL/+SXgcDWY -lMe216HpOdOSQ+7bdrFASmCP1kEeW7viOpqEerBrWUs --> ssh-ed25519 uZzB3g vugTWgwhcrJFVLdKLzOX/Q5VgLpShPd2AEP9/G2QPnE -YXeFw3C+fdC9V0iMxq+QdEllG6AsRi3j0YaoRKCZFXA --> v4gvO-grease '9WE x$#:\zh 2 `/< -uz9eGfsOZoXGI5CS4SuVsgbX2T32Xb6dNIAgR0LPQq+cuUDRMHITAGnI5uMTykOp -lU9KufA/IBIRrIKar8Ke16N2AuJMjrLjV/w ---- Ovf178SvMCjueE2y1Wc2ABfTdYX0xXyKJjKvjfle0L8 -/^Y} U6as2Eٖw^g.wټ" 2 -% E72 #3b \ No newline at end of file +-> ssh-ed25519 V1pwNA vlOKBZSGYTKaBrR9LH9j6XDIFaC0QdTcqoKb29jZH28 +Y8PP5MGzYa6gZI2UZI/1oEkJn9mrlMEopIFdjRRay4Y +-> ssh-ed25519 rIwlvw QsURw9Wh5wzsuWx5cQ+0mQlEgf9+16GlxtadK75V3QE +JqWvq+mW/sUD+8mxH61wL55IXUqMrPdtRyXNsbElUHs +-> ssh-ed25519 q8eJgg FTcsAMC68txZ9KecDLry/Pj2T9B/uRWLPbarxmdasXY +CrvQ4JwMb+NNXEJpNf9MxJ5yqtY7hnHq+63Y52S+/4Y +-> ssh-ed25519 uZzB3g L/hV6+Ahz/ubJMgTA2FtheMnt//IQwaVkgFe8gM/oRY +EOD4EFmtJfQov9Q1NM4nFfO2oOdtQjn4JjTceNmMv0U +-> 8XJhbl-grease 8=-Z^L; ItoN/ TH> +Oe8DdlSevaLkILk4CKA5rxSibIXMXoaH1ha5Of2lVQUfkzeY/SWMHCzmjjQv7GKM +TK/aXM12QS7LXqSnfhE +--- 4CD+VyrWBs8D/yZ9Knyxs2S0pXttSf4gJiHCWvDSBjE +|q.&)ïX0})"8Y_]&wqdy?o.O2l;lS.oh߰5=&#Tb3Q]S -̫XBwD ظR5$MN%Xj6&6?r]tBm(ޟ= \ No newline at end of file diff --git a/secrets/gitlab/secrets_secret.age b/secrets/gitlab/secrets_secret.age index 3bf916eb1017bf88e935d17fb0640d0a4a98172b..40173373caad077769d11b104da3d7315cf2cd89 100644 GIT binary patch delta 746 zcmbQhwvlauPJK{#p`n4dr>BK)d7!IhQC6}^R+UplKvZyQvY%(VTYjLUXR%pXRF;`X zIajWUZ@z&=zL{fLRe7L!kwH?jagcVtWujM7x_6?lPgG@UuzP8Vw`odZD3`9CLUD11 zZfc5=si~o*LXl^APFcA^xm#(WZ)RG4iJ^%{fth1UvYWeQL2gNKg<*J#OR%MdU${wd zm7i0XW2#XkS6Q;RkG4fXUQnQ~QEG&9MP;#tr(tfPSy7pLYN|_iu5p=5afDk{K}k{e z#E;_P9-(0#5&Eua+1kDqB~HO<0f|{jWxgdImZ^E6RfV}JE>#&pDMsbSVddFePDZIk z+JTitnc+rGL4g*5!Nw(dg&uBYQ6*K*!Bu|d6|VVJ!KGQHIW88H;~6FDUG>W&k^)`) z43Yy3E%Q@@oePU2LW;dJBeg9{jlv@}hK%)AWEvV2W~D_uc>WD#pvYoeQ8l$uzas-T!ust~T_qF@l^ zQmEi-uAM;aeEy78RIPQIeCAZsO>kY#x!}9adyi zTxk{_Tw?C%<71vz7!~fE<(3+r%2i?(kY<#aR~}Lo6`tqs<5yW6W@wsg=40WORbpUP z9-d@Uo)VRxoL1@@&HOZ;{*czQ8Z}!US#UEy^2Pvv{5Cj$S=}Zc&M0^0Z4wCU4w&e$|dm zH!QBl{-2{NvvxvJw*OaKrHhYGyY1RzeSW_|#2xzsl48erM2+eeFi0P5oUS+jd@f6BqPvBGQ&K>(Yq6o3Usic|Rgh0|RgytcMt+8? zFIRX_skV8AWs*x&mRCWTX^4SahD)JydT6Svex_ehV!lCvYj8kBScHY4BbTn7LUD11 zZfc5=si~o*LXl^APFcBvXOc;jvA(gsS-yWtP;pvelv|KnexYlynNy0RpMJSziGiP2 zMt+8eM}>PJm#bl*S%hC=K$&@>b8%X6rjuuZg;Pnfv5{v^j+1LANOL9!|GD2K^BK*@zf*UX6O?Ykssuml~bSO5uW2w;qU5hZfxd~ml>6;ACc_lUlE*TmRMTu7m}A_TIieX zU0|4Hk?U{h&gJH3X5wKUU>aGTk{(o2kYb)<Zb!GW zjPj19DAsX*UZr$o@|Qd2wn{&x!f$;OEL(Em0aHl6Vz6c%FX!oc!=4Wg-4Sn}cw|p4 zJ225M@Ll}o+%MNZUeCRpaAyAcvwS(z%n$Tl*%Hho`)ZNq3)VQnd-j|q+APbXWcTLi zehpMx^V(p}yj4D-%QXM5mHE8Gv!>0Z@M^>d4dJ&N<(cNxuf2O;LyyZPeU%shlT-iU diff --git a/secrets/ldap/details.age b/secrets/ldap/details.age index 51b031c21d7e23cfbbdd7b40cfc4cbbaa1143c7e..00998466acbf145fd8c228be31708f49ea0ba0f9 100644 GIT binary patch delta 1071 zcmcb?Ig@jOPJO7MXMwhvOOaW*b5K}elv84;pO2@jcSMvyX0k~rgJVHFRtCEaDGmA^YvON<`j3a|1gTwQ=0`vST!?W_rEVSLS{VL0n zGK(!OJS?+4GCivD{auYK(){vG!;-@ji!&ylVU(yhE=?>;jx;tb&MycqD>XSzVD|2@o(r`=1ipT)ZGHtUm54Z4A*K}=9uiT&< zuh0P3+|ZJ$Qvc+%a{WvTE^U2x|M0-btb)Q&{nV_`sA7v!bIZcyqKceIx1w-^Y`^q! zkAiYTWBp23P$<>=dKUV)C3`uR1xA!;M}<4PI{W*%R%E&ccqSQ!8JK5Rx|SLkl$T`} z7zc8Bq&lUz8C7W~7wLPJWLWqGxqF0|6gx&1MY@C+=Nknk2BsRg`Gn@^dpd%=k`&|Y zr<-1snpm8wP!pxuFw|5#j0NUgeTsk>M4}rK_u}VCEU%RT`P^>z(6cl2)1P>zo?kn`9P|tzQrk zR2=2+lBDffpzT!}RbX1oHFdhJx^%46<<R_rC7t9@rCfQuZbtOG=Kj* zDf5?K^_fTY|BlD1&QJ?23S=w&|M~o!Q>e(;s+Xv=dQo7oz$K}dvBy3i zy~b}|RAD@u>0j(pL#GW8!*g*g9lS#v$xV^w71 z&Eu5@$@v`;+bd1(KYPHvDr5KI%boslD^t(qSp0DPAZ2uzH8tjN<9+7W(vSRStlHS} zZKw94m%JKrnH6a>0zNzbzbJdraVlTd4BqK)vS;5*{(W|_%7GI0S5K@b9s9P<+-irl kV3^yr;Mex&EIg;B7ESjq2=?a*U(QfkH@o}stB+}B0A1ybqyPW_ delta 1135 zcmbQqd4qF;PJNN1PiAhIyH9apnMY-MxP?)gL6up6dzee4xmQJ`b9jEXYi3nOX1Pa@ zBbQH6lxMn&TX0FDdt^mKqGh3zvAK3mUU0CRv0qe?M?ht|mrH;_zJ+goB$uw8LUD11 zZfc5=si~o*LXl^APFcBvg^7M)rIA~uQJQmJP>G|Ni<_%|MrNA6i%W!dpueZ9abUQ|g=u8Ci(gst z#E;_P`DNPr+6I-*J}!Z2freS>Mg`hVCI*J4K6z$^&OYJcrkPQm70#Zy8HS!*DdFXg z<$;A6#zxuBNs$4b2HM4;`kv{9p2e;K?mj+&PI)fwMaKD);~B-n3X3wrE%bv8 z%q;_5(?W{f11il!QcOJED>Ev*DgsKKoSa-joy=X5gDR7`+yfJx3p@*qUCoRw(hAeF zBm7;{4P1=e@+%F!Q%j07Tus8YOZ_X$Gn^)$VU(yhb1W-xHqR=}DUERUPDzWZG>*v4 za7@e3FwJ!|@$)PSbJy`2+GVcw#drxP0cqjD>E{$ z2#<8hC$lS&Wc zatnQnqO7E>G>>4f&;WyEF7J|Tce7wGmn2g|Q(tF)uc~ZAuhcRx%a9yDC*KTb47JjRnN#7eUGEiDSe03o78scl>6sYn=@pjZ zXP9o`lVpgp1n zQ4kQE=@%B}>Ql9SJ+tE;P!7*OTp;pXp?6=LRRoLFF1 z;c1xfQlH~(R_5rNla>>b<7E--T4Cu?k!G6CwO8_mXr1O?yJZ}2;{VF&-&6h65aD*w zFVBc~&0Lw+z3zuCj?GjI5La0{>Ac3FI~6_8`nNcLU;1)EH|Gs64j<+Wm#6dfSGeSy z`mdr>LuS7gvzSrfoW4YhHU0S|uho_O}+=umBQ&T@(?orx$cQzfypC@g~Rd;!puk&wx zy7FLfS6~0suXWd+`YWW&(l7blu2s!&J~n>&mq4AYm8oL;udna;c%^xh*}{h`8r-dJ v8v`2lMNTaG8C~|{yo`;^4d%t44Oh-+uT<*&(>^EcmQ7al>jDLpb=JuMfDWDC diff --git a/secrets/ldap/pw.age b/secrets/ldap/pw.age index 7a10dd4ec4f51d616569726e103d2fcc4222dcfc..4a2d904f9f34f755d126b95279198ab973b47879 100644 GIT binary patch delta 903 zcmeC=xX(U8r#{!vxvbpSIosc$tiZ^_HMqREBst8)E!o}F%iB!9z}-8*FjQaLv$8D6 zm#Zk;-M})%uiPLh#m~bf($6of!Z)nY(jz22&pFvV&8Iv+FUi6<(tBd-?+3S*Elc4G*H{Z)z8t##m&buI55Ml)G5R%zbsHcz%em2 zKg~QVC@;f=%h))yJS8(IC@D-k+aM@7Io-qC$5=bZJS;KT#VIn(z$?JSGe5_}wcO8Q z;z#jt*D|A`fXYhO%J9&ra>v4?sG#(Sf^5gg@Ny4};!1y){Ic?bjBbfeHT$IP(evNZS7;IzQW@r>f(X?ZRlCZVOq zmJv~fsV-GMj%j|WLHgd6sc97j?&Zmqx!yVHX*niIS#E(`E;&KD+1X(hg%QP`ZUvE1 zXc;%Pmnd z<_AQCmTD)J8$=j8mbkd0$ACwYL1saqf~iqXl|`~ywy$=mQI$uPvtNCPdzPC=da{2? zc0iU-v9GsBMOj3EM`To9IhRR#pkH{fS7b=0TUNSjQBZPVxqhI2WolGfnL%Q>laG&u zuYpN$P@-FgC&)TGFGu~P3f=Ug)WqUc1>4*_H}6`7IyWwpERWIxZv&HbvkJfRf^=V> zf=rXNvdR=s6VK$T`XWmY?NEcNN{{@gY)i`=OUD$09MAHqWTV6)|G=y;edpj1uF|L? zx0Jl3Y%X10U4{J0paA`xiWJLI&s>Y_BsVknumH1=ir}oUNW=;z)NF%Lw-} z3$B*Zr4P1MPwelFIM>ELZ|N=J&B}M{=A2g-FaD5M#^7kDrdH=O&CyC*;G*>o(H~s7 zJz52f&25jim_4%QQv?K*F5`MaciPv5EOb8h*IZD`oCYw3KeJ^~~POEHfnAx8zyP*}tFr T>Z^ad-QEd3@7$y5-@gd}XlXvZ delta 946 zcmcc5-pMgRr@k^O!mljYEjvBH&pj#E*e^KG$TQ2^+atFmKd88@Ff1b@-@vpi-KjLf zfUBUa+^@*gJ0&^D*SyF*t)eQZ!ZoeJJuuhAIN#gdHz&v=P&+dqvdq=llS|i5p}06h zH#Nn`)YQ;Yp~$m5r>tBd$}2oSJ>N9DFgY#R*eBe}!_7QJJ3P}cusGShv@|C|-^bOj zD$GB%z&JdT%h|oEs-UdQKhUYzHLub*&n&>d$iLV!UpqrTJ0-<6E7dGLBro68tH>pA z;z#lDuuAQyEF;Ujbfdx&$5bODr_A(pzYqhnRCoPCmjDCfJbmr3{2~jB2x9}TvP|Q! z^sqcbzrw;aqdXr=7xxfj3tuC{ihO+&SN${#?ab6rKg;6O%$(xM@r>f(1xDEwQAw3a zhJ`uhc^SpwX+FWemFcD><)*<=Rf%4SS!S-4X+`=TVeXM!DNY9Z$whtzW+_os#_nbr z#i>D-jv*lhfhA_?CKlNi5uq;n#u;X*&IO*6&oYYF`{w&tR%k~#1snK z_+?vE7F3uNdIpDwM(O92C!4wkWQRC%`8w-I<>W_31)DgBC5MF=M<$24yBg<*1X%<` zdIg&#hNTx~heha{l?5fE$ACwYL1saqLby+Eh-s#ag>kx3pihWTfpNX3Wq4{*prwUj zR%A(*qe*&clv{RAN|BRWF;|XLXnC<)nSWwxm1Amwk#UAczGb>^Mxj}xpJlFPp{ZxM zVT4yzv9C*|3COx4yHwruqSVCVR0ZSWJcZm!1ylcgCk5XuXVnn3no6!5lSkj&f?(~#_}djH_kR7>|Tm#_?1BUkOxa3AleJSXFdo{mlW5;f>gKkVrNG#U0q!T z&!{4gq$)Q9?~GD^183vnf&%Xx^W4k|PY;)ph_Y-CbGMT0dUqGooU)>1t}SO~AKIB* za^Ya;z329Gr~EWzT`#gFLI3NI#j>9dSi1Nvd~jl8Ejy>KsCHqD`{Sr5F4w<`?zWEo zXs)~V*VKsru5%+RCLcZSz2I4&iQPeN)!l|GPMEbl%>L4Q*K&S+cKw|%^Y3*xoSwjN zI_N_-<2q*?Q`DBe^U9S{O;}zx1Ztb!b%*r{JDE|>BY4_XXs4)=}1Jj&BtKd-_lB{?spAgjvIEXu>&GO)s^%-`KO)ypY0FVMiR$S}ju zmn*tDT&&#qf+py5mHzXi0(6Xq~z|EjM+u1a=yudf9O5f5+-?Y#* zHNfA^F*z@p%b+kU%cs~g$j>spG(6I{*vHpf-z~o|DAl9D*x#)rrNqq8G@`1&%fzI3 z;z#lDh;%cT90NyR^VCwK;H<#BWFtSzj3Q&hbfdDg{POaAmtyVk(t=2XGN){=Fz4hz zUu}!XVE6QlEX!=S%FMv5+(`YBw%8H1xr~+r#Ja2b1^T6WC@r>g2PE}qWp$0}3 zL8Y!`rj>317DXQBPHFxDj=_#bp;@VgSp~sH>H5V5`NkGpIbLSQ<}Rj*CB~7i+Qo%A zg{g^InZ9PBP6m}eK3@5bE}j;pW%|Cp*=3QSP;!ols?kj^N=+jc|;t)Xs1XiAXhY)pjY%HqOXP2`WlXvkc+V z)zww7%r*@2@J`9AC~yf*&#?3;D>aHtHgHe!s48+aP{R%P<=9E zZdGu*_U0vmQ8zz75A`m&%I%-*G9{z3e$Too&YyMi{N+QIZmVXhpBpE_ApfH3OxOgS z$ydaF>u*?9e9=;*z29VO?!GO}{t{P$xos3gL%!W8QwtROULfG%&R(&nrfY^>N^qiU z?LS_ZMjNR&(;qF-pMBt4qLF8$#qy; zA9p?{lT~@sQ}cD{Z(ccw+19UPEr`GB&Tm=E{NchP?-_o}Rm|_4DgT;fzsus!qb~c2 zHw-Tv?UCSP*&X!6tbT5&IZ zk4#zl`jMi5qSJ|o(J~HuE3eymR;JZ6oShwV>ZAOx_nNx?`RgTCZvT7v;*#Ybch;xx z@;f5&<-n3Q-ZR`kl&5OI5Kdrbm)xMPTgAUgX-DAnJP4)M4x7&wY7O$T8bQx3J?T018w~X!D zs&4jlY!tHO7ck9ozu52mM6How^WLMIZk9?dOtWja>i?=$Fq^?+scm`X{27aq`o-9e zpW@)}ENAwcZ@%vLvI9HM+m*PVRJ+j161uR#)b88l;$`JE9}DjP=H}w#eLv^J$yYiX zTaR2h{EK5p{RgL~>)k(eKI>v!F1?neX5qay552OVLKFJM91E=?PB%2?-~ScXc` z=Eh&FKCBB@F*9Fc{`uCSA;@6~_x|hc?uB^3pGF2Cjb z;iO|*`g1j#f357c!+R6_O6ITq;>>;U+PXDSEK@d|dzcb;q40J6Mym;odv5GxOt#rm zpUvX2>$XK^$bzQ;9?J9$gV`_g`#(IY;yLo}<~vj%G^EemhHG?$1Wn5|eG( zBL7>JLY6mb)bp?Y%VN3WXZj_R$`35gHy+*dRNV?M*j^=&wjc3zjOPtVQ)R- zxt}+K`TJgX3$A#@e&piJsao4h<-VJ*y>O<5?|S>mRSx>+m#$OMV(Jo{vte0Opi_nL zOE2q7f`?~b*b&uqTqSAslVFz4rGoVqt6nO*B&+4d^8@o=iklu!IA-^fkLBaK z{xkJ#1&@8#lq*k_+wnr4*ZZWz3*9tU-jIWhzjwT5%=PqI+P7I^^<#zSHp{}!{nNZJ zw0kAb)UXOAX;(j4_lF&KTl3Go%;pF4TN1;-%=b zbd6tspX(&tdUVN2MCQTn2Hwzbla{(Dtd_|98F%@4XIppOaWs_4MYmr>-m#GuUhlx@rfUJ!;h)4XnbGDvRXj@ap@$XP#znu z&UgH)-%bGnwvixoFrEB|t@Id)m>X^OhM zsmNY#CEjz@`UOBclRp3G_k8@xws_n zP}-06n@>3GoS3}na>B}}W!l?17R)iYS6v%iU0<8EvF^sqfF|)ndZ8!m1l!CP)$BRW zEwj4&zQ(&ZEYod#f-`45yTNzyCP&+wO$;f4Unf~F_~AA6)0)r+Gk)`P-fTJlD`Cxb zCr7!(B5uJf*(!5ddJbf$EL)YD^2o>X?wT^a%W5hnpSZRz69{-Z>E3?Z#4ER*t@QUF zdB*>VZQ8G+^#}hag?uvLQ=FG)eD7PcMqbQ((`$b=)L*t}i)>Q4+*ELV9rKlG!th6g{3>3ymE_Fk>T_{HY}y0-7$7^!14;o+35@9(-V+A3z(SIKWQj7*>88PvUG z%Oz{)6}=O+o;;Z*Y_njg>I=_=sc+x@F>1avOQ0jwmd9gt)!Dzdwp(m$R98&vU+5&s zGr#X-z5E-c<9azs_)d$Zg_>6?Xbv*y$`9OY2>AiRk^ zh`mkjRp?q4_97NZ)2U%hJL=o23Th%fCNytLP{>oSf1z-*bdtnIcabR@H*?NA_<`SX zo56jVr97u@$%+3G58#chiNBfA#?%sYZ)R`VFKfAVY%`Y}P~Fva(Ee~>RM@8uO_rI7 zhm(!l*EC!FW(a$_WD)Cz?c#Z1Dj_F|UO2wpClPUP`lkgm5AW41+Ae;gzvwf&_L?)V udAI#_{xmgkLhs-D7oXZJ6{1Wtuawnxe=Ry9oPY9^M0wg-+vOsuC%6C{ZW2%c delta 2747 zcmeAZ`zSg=r{2rCG@~rUEYmSeyF4Q}$|%J&Bi+|H&^yQ3$tx@Br(Lp*~K+YJHosmHPff8EVIHaDJ-NoG}BVsf=kytDT&?7M~Hz>0r$IZPW)v(;e-7V5FGQ=^v!ZF0$G$TALu&N-` z(yh#-(9+eD%QK+BGB_zGpggIt*vUxWD8jg2ktV@W-eKhy zj#*Kz8AeIoeqNR4WoBXJfmMZBf#!)NmPLME<*w%X=~)I`+NNd6xy~i&#ZmqNW-duN zN&bNWg_XvI7MT&+j=m*9Uap0qW|eOK>465IP%?3F(oHW)O)O4T$Sn$uE>Lh&$T#(< z;wr6j%`tQ`GA{~EcdHLfF0D!lEa%eI)m3mU%}F)4Om{Cgs|q&=EsN3)Dt31bNHM4~ zk4W`T&P?-4P0Mf!3~}+!^5j})wQS+LPrQ#TMUxgZ?wmC@xzl3z((Mn8-rZoAN-kbg z>#*@r?pe9LfwHUPy2{dmZ?EIpEI+yJj^-MNVxB|4UMYo&Fnr0H{iS}}?c$?<@5FRV znFfDb`87~QHRU=tzx1SUm(LeGV8}cbf6&aqdj9n_u4~@dsr1?fHWo**hc+4NIf|dU zo@ljADcbYIvWHsA_l_@&T$?HEcz4d^)$67`x@2&`@OhH#RafroTh_n5-yH=IQ&az}CYyGnAQ*4hE-=E3z#vtUlGour8({n8s4<-TWA5-U4 zJ@$RUXu$nwq1C1ce}+H5qZ9gXcV|pV*>ESdlU4Xa++yk6g**OAFbc@d(|wUs&AG@c z;wSg^jGFDv-;HN3{H+}NH@kgXwTNGGF>`#K#-@U^@z2k=&JjJ~6mfpbX6BH)2acrG z$0zPvd_=L%M=(01^H0UH$)jem3zQC%=3?&BWJ;{(DXY$<&CFppHaG7 z<9*Y$)X>wc8|sv!E*0u&zF)CNvWQDosC%Nrbj2zOK}#uT-t3U;-|qfr&{SjE6;#T{ z7&nb&|7DdWns-i3XL3I`b8-q_vV7o~ypshke)X02gSg%6&OFYHnGoW%LQ$yx?v~D! zFM&%wPW;7_beDJ6(&ObuI&U9T&A$0q;K_rqM@O$Rm1(yxcUq(~b#;DA|6vccd0Qvv zYrKk%h*qi@ET&^4%(7kyFUR z>DgZtm$-3iX56ZKM;25>2CQQhzSDKINIGxZmObY2^IjB`hOfQ$u*Bo<*-5`XRv(Tk z{CDzVh|F%yn7#2AEegL(n6mx($Lqd9^B<%xaM{Abn&bOPX^(1P{q&c)v$q|Ron7@O zMa%cfew{`R-O8t>Q`R{Z^-n+D82U) znpdOx?v==Y$J_bOFLZfK`TnHdws%>Q|E9C;NlJ$rbbCE+dF}{js%gLK#Ob?KfpHGs zRr}hV{u=k={&lZ7DHF8n-#XvVHSb(rJ_uYNb!E>3z$tcwaWHwpn3x{%Mg~E;nn&>^*z*KCFMF^L_h{6*pajwx`#B zPF=OfW1@4|hPdlF87B^(`c=Q~X^-;v(;-j8e+%w-dbiGh=iF1>y`Iw-Y*C)c+n^^A zdVVgS!x3@*GZ`xl7az{zJN-D$?E5Kg(RS7qP3JPjZ6gih8GdkAX`7jRE4%sm;2!z6 z4<|WXKmGaOg$d$UYUb!~N#*;);~px;*>`W|EtC2%VePL=-#yHWa15OBfa&QWj;oWt z&bIVt3^wfjKf&?M!;>rY%&U?#JJQ#<=`LS-{Z{XkjAaj}a9-JJ-nqWIqFCunXao0q z-rxO&P7V)`oH{+jWP)Yg!k)B>PnAvGlPhZP{-|8LW6?oYhmCSac~1puzY|k9wczlz z5B9Z6qK}x||J3h%^}JHbe!uGLY^IW%ubO}6U2%B4!LgxqYF$>&dVBS~f8w@vHHNQZuY?-w4=rFsVMGnMQ*+yHLz{OS+)f_rnz-|>uuObR>fS_4hO=B*yMKFgUKi}!>2{&Vt1NX( ze^<_hsiFS@k0mkwH=LH)9Va)Zsw!1ss}S40{tM5pC2p)S&CYL=yAZxn&wqMcTKB{! zFXUf*-detLS^c~#icFuJXKkH+xt@RO7rq%Z+xGR>zA3dHCuGh)T|!zJqg>CfoOutsQks8Ciw6*H@R?emQLDv9rAX z*0w6$ZOSeDW^ZquKU6LLw(92&k+v$c8Sxw;H=-(D+Ber#q!9xC3~m^uK3Y!@$lF+kEWu!?bq)&Nj~!?OVZdn>&}x zyt`c3%D3EKtS;>Q@jc%n6$BEWaPI6@c+zy1w|>+6sQkKyx?dkW9~8W>pU;@9A1t)v zntbA$FOoVTe&yay|->q5?c}GS8XG^ z??3md979-d~ud7_`D z)}ex`x4%sf&a&rUd5*37PT6hAyWh_TSQZ~$ooyC+VV>xp{t(AUf~yX!)Un*Vwd>e{ zmczbr53>^gA6{DAe$aK3k;UvehPMg=cdUG%`C>+VBHMOmYlpD<<)Oh!WzWyu(kgiQ zBV@7X*)*#eAHFzWINJGV&SHzq9lFod9r#5=L z%G|)0^W5+E!o3QC*C*$#>%Z6eck}l7x|1gHbFT~KlNGq4AM4>(zK(J4l2W70HB+u+ z{dDz6K7Hq4&oSi***}UplRnqyz6 Date: Sat, 16 Sep 2023 14:22:46 +0000 Subject: [PATCH 020/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 7612d54..b91e2ca 100644 --- a/flake.lock +++ b/flake.lock @@ -465,11 +465,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1694390777, - "narHash": "sha256-6ZcVukQbGzgXEMFbGEYzzXUt1TVjyasfchKqOC6FK8I=", + "lastModified": 1694873509, + "narHash": "sha256-7I6kBQ9rlkLfzhx+Ah0fO+EXI60z9kWKJb96i6opqEI=", "owner": "compsoc1%2Fskynet%2Fldap", "repo": "backend", - "rev": "dc142e8521a2e18a6d839b5d4d1e356d57f43a90", + "rev": "e4e7171eac77ab181d5c5e962d133b481ca9d4e7", "type": "gitlab" }, "original": { From 28253d35275b4babc61fb8ae054b177a268613bf Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 16 Sep 2023 15:52:23 +0100 Subject: [PATCH 021/826] feat: added the restricted names for the signup --- applications/ldap/backend.nix | 310 +++++++++++++++++++++++++++++++++- 1 file changed, 309 insertions(+), 1 deletion(-) diff --git a/applications/ldap/backend.nix b/applications/ldap/backend.nix index 5c89933..d32c577 100644 --- a/applications/ldap/backend.nix +++ b/applications/ldap/backend.nix @@ -82,6 +82,8 @@ mail = config.age.secrets.ldap_mail.path; }; + host_port = "127.0.0.1:${port_backend}"; + users = { admin = [ "silver" @@ -97,9 +99,315 @@ ]; lifetime = []; banned = []; + restricted = [ + # usernames folks arent allowed to use + "contact" + "dnsadm" + "president" + "treasurer" + "secretary" + "pro" + "sysadmin" + "root" + + ] ++ [ + # basis comes from https://discord.com/channels/689189992417067052/1126084496710713414/1149072061466169444 + # start off with compsoc stuff first + "competition_www" + "demo1" + "demouser" + "ftp" + "lost+found" + "postfix" + "skynews.old" + "system_backup" + "test" + "test12" + "test20202" + "test20203" + "tmp" + "webadm" + ] ++ [ + # clubs and socs (as far as I can tell + "aerosoc" + "aikido" + "anfocal" + "bics" + "boarding" + "cns" + "dev" + "filmsoc" + "gaa" + "german" + "golfsoc" + "handball" + "hispanic" + "history" + "hockey" + "home" + "legosoc" + "lifesave" + "mens_gfc" + "musicsoc" + "pagansoc" + "peacesoc" + "physics" + "poker" + "prolife" + "radio" + "ragweek" + "sinnfein" + "soccer" + "ulbs" + "ulcamogie" + "ulcc" + "ulgaa" + "ulils" + "ulladiesfootball" + "ullaughinsoc" + "ulrfc" + "ulriders" + "ulssc" + "ultennis" + "viking" + ] ++ [ + # remaining, most likely usernames + "_9thwonder" + "abc" + "activate" + "aiesec" + "air" + "aladdin" + "alaric" + "aldozzie" + "allenli" + "amg" + "amgl" + "annette" + "annlad" + "ards_backup" + "arisquez" + "arthur" + "austin" + "beta" + "bh" + "bigdave" + "bios" + "bizarroal" + "bmacaree" + "boardy" + "boddah" + "bogus.anime.fakh" + "bogus.bhudt.dacf" + "bogus.citoge.baym" + "bogus.electro.ba0a" + "bogus.fencing.baw5" + "bogus.harry.ba8f" + "bogus.hui.hong.baci" + "bogus.ironman.baqib" + "bogus.joe.bach" + "bogus.kenny.bas6" + "bogus.kerswin.baybb" + "bogus.kravmaga.ba0w" + "bogus.methi.baq5" + "bogus.nelsonmw.bauc" + "bogus.poshea.ba0m" + "bogus.redwolf.bawn" + "bogus.romanov.baat" + "bogus.ryan.bae-" + "bogus.rynnea.bask" + "bogus.sea.af" + "bogus.shane.c.ba8z" + "bogus.t1000.baggb" + "bogus.ullrugby.ba8p" + "brendan" + "bubba" + "c_material_removed" + "ca_worm" + "cactus" + "carticus" + "cathalc" + "cathald-broken" + "cdschedule" + "celtic" + "christine" + "cian" + "ciara" + "ciaran" + "colin" + "cosmo" + "counsel" + "creosote" + "crew" + "cues" + "cur" + "cwhelan" + "dac" + "daktulu" + "datacore" + "davec" + "daverus" + "deano" + "deccy" + "declanmu" + "deiji" + "dermotmc" + "derrick" + "deshocks" + "diarmuid" + "dippy" + "djraptor" + "dmackey" + "dmir" + "dom" + "dom_mckay" + "donie" + "donnacha" + "dos30" + "drazhar" + "duffman" + "eas" + "electal" + "emc" + "emilia" + "emma" + "emmag" + "ents" + "envcom" + "eoinh95" + "epgriffin" + "equest" + "fiacc" + "fint" + "flanno" + "fmannix" + "foodcoop" + "gamenet" + "ganainm" + "gar" + "ger88" + "ghama" + "ging" + "goborobo" + "gooner" + "greekweek" + "hawking" + "hb" + "homer" + "hoshi" + "ian" + "ianrice" + "ilug" + "infinity" + "ingenuus" + "internat" + "jamessy" + "jamiebarry" + "jbravo" + "jdonegan" + "joedredd" + "johann" + "jokill" + "jsoccer" + "jules" + "kate" + "katie" + "kellyj" + "kiely" + "koo" + "l_d_ablo" + "lakes" + "laura" + "lebowski" + "liabraid" + "lynn" + "mal" + "manuel" + "maraz" + "marieke" + "marky" + "mature" + "mbyrne" + "meanturtle" + "mickaful" + "mickasul" + "mikado" + "mikeh" + "mikkel" + "mixiezme" + "mmc" + "molly" + "moochie" + "moonser" + "mopic" + "mp" + "nastros" + "neutrino" + "new" + "nezzy" + "nkdc" + "nmcenroy" + "noelle" + "nugget" + "ob" + "omega" + "oneillbeano" + "pamela" + "peterj" + "photyl" + "plake" + "pmcg1986" + "pyro" + "qubeat" + "rachel" + "rachelg" + "ralmeida" + "raymond" + "razzlero" + "red" + "rmacm" + "rmorrissey" + "robson" + "selena" + "shark" + "shayscannell" + "shazlove" + "shelley" + "shelly" + "silver.old" + "sirhc" + "sithlord" + "sk" + "sligoer" + "slowey" + "smallp" + "smurfy" + "sordfish" + "soul98" + "soular" + "st" + "stefanovich" + "svp" + "szczerba" + "tangsoodo" + "tc" + "tenfor" + "teslacut" + "theematt" + "thomasl" + "tockman" + "ugm" + "vanzan" + "volleyb" + "warren" + "weather" + "wiles" + "yvonne" + "zrahman" + ]; + }; - host_port = "127.0.0.1:${port_backend}"; }; }; } From 7120cd09d170359cae21ee359deeb06571853034 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sat, 16 Sep 2023 15:33:50 +0000 Subject: [PATCH 022/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index b91e2ca..f48a2c8 100644 --- a/flake.lock +++ b/flake.lock @@ -465,11 +465,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1694873509, - "narHash": "sha256-7I6kBQ9rlkLfzhx+Ah0fO+EXI60z9kWKJb96i6opqEI=", + "lastModified": 1694878108, + "narHash": "sha256-aevYnZOez7JymfHzcgAMOe0TkAK7NdSiVTMyZzaadXk=", "owner": "compsoc1%2Fskynet%2Fldap", "repo": "backend", - "rev": "e4e7171eac77ab181d5c5e962d133b481ca9d4e7", + "rev": "347988e113ac7eec92b8c4104c47f87e2b0325ed", "type": "gitlab" }, "original": { From a1b9ce3f2dd4317595ea6b65c9d599e2ee1d0017 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 16 Sep 2023 17:07:18 +0100 Subject: [PATCH 023/826] fix: skynet is external so needs top be updated manually --- machines/skynet.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/machines/skynet.nix b/machines/skynet.nix index 13cfd14..bc018df 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -28,7 +28,8 @@ in { targetPort = 22; targetUser = "root"; - tags = [ "active-core" ]; + # this one is manually deployed + tags = [ "active-ext" ]; }; skynet_dns.records = [ From 4957e04786897a138d5dc3aaa8730be33df81a5c Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sat, 16 Sep 2023 19:15:26 +0000 Subject: [PATCH 024/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index f48a2c8..fc5af4a 100644 --- a/flake.lock +++ b/flake.lock @@ -443,11 +443,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1693175435, - "narHash": "sha256-OWvMD6k/IXCAU5m7gOS25Uw3wdXey/yu4CX/AmSNKAU=", + "lastModified": 1694891710, + "narHash": "sha256-/jGn869nlavF1on4K1VXQEHdm8yxIHohlSV2qTYcZSM=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "e6f3b5f15857183777cd545d4366c3b51c5e3a02", + "rev": "92ebe3b931fc720606bbea36269320b4a0611bee", "type": "gitlab" }, "original": { From 250197954126f5b778e7e97218d9bba4ed030e7b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 16 Sep 2023 20:23:54 +0100 Subject: [PATCH 025/826] feat: added mail to the discord bot --- applications/discord.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/applications/discord.nix b/applications/discord.nix index 28ca061..065c83e 100644 --- a/applications/discord.nix +++ b/applications/discord.nix @@ -18,6 +18,7 @@ age.secrets.discord_token.file = ../secrets/discord/token.age; age.secrets.discord_ldap.file = ../secrets/discord/ldap.age; + age.secrets.discord_mail.file = ../secrets/email/details.age; services.skynet_discord_bot = { enable = true; @@ -25,6 +26,7 @@ env = { discord = config.age.secrets.discord_token.path; ldap = config.age.secrets.discord_ldap.path; + mail = config.age.secrets.discord_mail.path; }; discord = { From 9c63dac494cbb49338a147cbaa75b08c0d4e7d40 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 16 Sep 2023 21:30:47 +0100 Subject: [PATCH 026/826] fix: update discord role --- applications/discord.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/discord.nix b/applications/discord.nix index 065c83e..7246357 100644 --- a/applications/discord.nix +++ b/applications/discord.nix @@ -33,7 +33,7 @@ server = "689189992417067052"; role = { past = "689192357727436926"; - current = "887072218004197418"; + current = "1152702256702030035"; }; }; }; From 238beb19b95670b92c40e39c60839c11dc5feba8 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sun, 17 Sep 2023 18:53:16 +0000 Subject: [PATCH 027/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index fc5af4a..0a8ad0b 100644 --- a/flake.lock +++ b/flake.lock @@ -443,11 +443,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1694891710, - "narHash": "sha256-/jGn869nlavF1on4K1VXQEHdm8yxIHohlSV2qTYcZSM=", + "lastModified": 1694976207, + "narHash": "sha256-OhKtTm3euISTD1yAE8o6AGPq47RC2uPvZFrbeqKplsg=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "92ebe3b931fc720606bbea36269320b4a0611bee", + "rev": "1300b7f6ecf3e8387e1ab2277f33e3f5a31bd634", "type": "gitlab" }, "original": { From 14ae0a90657726785a22acb4dc0ed07df4718dbb Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sun, 17 Sep 2023 19:10:22 +0000 Subject: [PATCH 028/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 0a8ad0b..469db8f 100644 --- a/flake.lock +++ b/flake.lock @@ -443,11 +443,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1694976207, - "narHash": "sha256-OhKtTm3euISTD1yAE8o6AGPq47RC2uPvZFrbeqKplsg=", + "lastModified": 1694977806, + "narHash": "sha256-4zlgKBwmj0TO1BeZ68BHqGoG6Sq6bjO12v38UnBIki0=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "1300b7f6ecf3e8387e1ab2277f33e3f5a31bd634", + "rev": "69cb8e9a3faf65f4a5ec1b5701da9d4329758fe2", "type": "gitlab" }, "original": { From 7f3dc8946edd8c8f9743a2b07736ad6a294cdf0f Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 17 Sep 2023 20:51:08 +0100 Subject: [PATCH 029/826] feat: added a formatter and some instructions --- README.md | 7 + applications/acme.nix | 16 +- applications/discord.nix | 29 +- applications/dns.nix | 463 +++++++++++----------- applications/email.nix | 112 ++++-- applications/firewall.nix | 34 +- applications/games.nix | 71 ++-- applications/games/minecraft.nix | 63 ++- applications/gitlab.nix | 37 +- applications/gitlab_runner.nix | 29 +- applications/ldap/backend.nix | 648 ++++++++++++++++--------------- applications/ldap/client.nix | 96 +++-- applications/ldap/server.nix | 99 ++--- applications/nginx.nix | 1 - applications/restic.nix | 279 +++++++------ applications/skynet.ie.nix | 36 +- applications/skynet_users.nix | 35 +- applications/ulfm.nix | 75 ++-- flake.lock | 79 ++++ flake.nix | 33 +- machines/_base.nix | 13 +- machines/agentjones.nix | 68 ++-- machines/earth.nix | 50 ++- machines/galatea.nix | 46 ++- machines/gir.nix | 46 ++- machines/glados.nix | 52 +-- machines/hardware/RM001.nix | 44 ++- machines/hardware/RM002.nix | 44 ++- machines/hardware/RM007.nix | 44 ++- machines/hardware/_base.nix | 12 +- machines/kitt.nix | 46 ++- machines/neuromancer.nix | 50 ++- machines/optimus.nix | 49 ++- machines/retired/ash.nix | 41 +- machines/skynet.nix | 51 ++- machines/vendetta.nix | 46 ++- machines/vigil.nix | 47 ++- machines/wheatly.nix | 50 ++- secrets/secrets.nix | 46 +-- 39 files changed, 1739 insertions(+), 1348 deletions(-) diff --git a/README.md b/README.md index 35019eb..e625d6d 100644 --- a/README.md +++ b/README.md @@ -87,6 +87,13 @@ We should be updating ``nixpkgs`` at least once a semester, ideally to teh next nix flake lock --update-input nixpkgs ``` +### Formatting +Formatting helps keep everything nice and consistent. + +```shell +nix fmt +``` + diff --git a/applications/acme.nix b/applications/acme.nix index 3018c5a..435715b 100644 --- a/applications/acme.nix +++ b/applications/acme.nix @@ -1,13 +1,17 @@ -{ config, pkgs, lib, ... }: - with lib; - let - cfg = config.skynet_acme; - in { +{ + config, + pkgs, + lib, + ... +}: +with lib; let + cfg = config.skynet_acme; +in { imports = []; options.skynet_acme = { domains = lib.mkOption { - default = [ ]; + default = []; type = lib.types.listOf lib.types.str; description = '' A list of domains to use for this server. diff --git a/applications/discord.nix b/applications/discord.nix index 7246357..75bef74 100644 --- a/applications/discord.nix +++ b/applications/discord.nix @@ -1,9 +1,13 @@ -{ config, pkgs, lib, inputs, ... }: - with lib; - let - cfg = config.services.discord_bot; - in { - +{ + config, + pkgs, + lib, + inputs, + ... +}: +with lib; let + cfg = config.services.discord_bot; +in { imports = [ inputs.skynet_discord_bot.nixosModule."x86_64-linux" ]; @@ -13,26 +17,25 @@ }; config = mkIf cfg.enable { - #backups = [ "/etc/silver_ul_ical/database.db" ]; - age.secrets.discord_token.file = ../secrets/discord/token.age; - age.secrets.discord_ldap.file = ../secrets/discord/ldap.age; - age.secrets.discord_mail.file = ../secrets/email/details.age; + age.secrets.discord_token.file = ../secrets/discord/token.age; + age.secrets.discord_ldap.file = ../secrets/discord/ldap.age; + age.secrets.discord_mail.file = ../secrets/email/details.age; services.skynet_discord_bot = { enable = true; env = { discord = config.age.secrets.discord_token.path; - ldap = config.age.secrets.discord_ldap.path; - mail = config.age.secrets.discord_mail.path; + ldap = config.age.secrets.discord_ldap.path; + mail = config.age.secrets.discord_mail.path; }; discord = { server = "689189992417067052"; role = { - past = "689192357727436926"; + past = "689192357727436926"; current = "1152702256702030035"; }; }; diff --git a/applications/dns.nix b/applications/dns.nix index 8ad62ce..3ade43f 100644 --- a/applications/dns.nix +++ b/applications/dns.nix @@ -1,24 +1,33 @@ -{ lib, pkgs, config, nodes, ... }: -let +{ + lib, + pkgs, + config, + nodes, + ... +}: let cfg = config.skynet_dns; # reads that date to a string (will need to be fixed in 2038) current_date = lib.readFile "${pkgs.runCommand "timestamp" {} "echo -n `date +%s` > $out"}"; # gets a list of records that match this type - filter_records_type = r_type: builtins.filter (x: x.r_type == r_type) records; + filter_records_type = r_type: builtins.filter (x: x.r_type == r_type) records; filter_records_server = builtins.filter (x: builtins.hasAttr "server" x && x.server) (filter_records_type "A"); - filter_records_a = builtins.filter (x: builtins.hasAttr "server" x && !x.server) (filter_records_type "A"); + filter_records_a = builtins.filter (x: builtins.hasAttr "server" x && !x.server) (filter_records_type "A"); - process_ptr = records: lib.lists.forEach records (x: process_ptr_sub x); - process_ptr_sub = record: {record=(builtins.substring 9 3 record.record); r_type="PTR"; value=record.value;}; - ip_ptr_to_int = ip: lib.strings.toInt (builtins.substring 9 3 ip); + process_ptr = records: lib.lists.forEach records (x: process_ptr_sub x); + process_ptr_sub = record: { + record = builtins.substring 9 3 record.record; + r_type = "PTR"; + value = record.value; + }; + ip_ptr_to_int = ip: lib.strings.toInt (builtins.substring 9 3 ip); sort_records_server = builtins.sort (a: b: a.record < b.record) filter_records_server; - sort_records_a = builtins.sort (a: b: (ip_ptr_to_int a.value) < (ip_ptr_to_int b.value)) filter_records_a; - sort_records_cname = builtins.sort (a: b: a.value < b.value) (filter_records_type "CNAME"); - sort_records_ptr = builtins.sort (a: b: (lib.strings.toInt a.record) < (lib.strings.toInt b.record)) (process_ptr (filter_records_type "PTR")); - sort_records_srv = builtins.sort (a: b: a.record < b.record) (filter_records_type "SRV"); + sort_records_a = builtins.sort (a: b: (ip_ptr_to_int a.value) < (ip_ptr_to_int b.value)) filter_records_a; + sort_records_cname = builtins.sort (a: b: a.value < b.value) (filter_records_type "CNAME"); + sort_records_ptr = builtins.sort (a: b: (lib.strings.toInt a.record) < (lib.strings.toInt b.record)) (process_ptr (filter_records_type "PTR")); + sort_records_srv = builtins.sort (a: b: a.record < b.record) (filter_records_type "SRV"); format_records = records: offset: lib.strings.concatMapStrings (x: "${padString x.record offset} IN ${padString x.r_type 5} ${x.value}\n") records; @@ -26,144 +35,142 @@ let padString = text: length: fixedWidthString_post length " " text; # like lib.strings.fixedWidthString but postfix - fixedWidthString_post = width: filler: str: - let - strw = lib.stringLength str; - reqWidth = width - (lib.stringLength filler); - in - assert lib.assertMsg (strw <= width) "fixedWidthString_post: requested string length (${toString width}) must not be shorter than actual length (${toString strw})"; + fixedWidthString_post = width: filler: str: let + strw = lib.stringLength str; + reqWidth = width - (lib.stringLength filler); + in + assert lib.assertMsg (strw <= width) "fixedWidthString_post: requested string length (${toString width}) must not be shorter than actual length (${toString strw})"; if strw == width then str else (fixedWidthString_post reqWidth filler str) + filler; - - # base config for domains we own (skynet.ie, csn.ul.ie, ulcompsoc.ie) - get_config_file = (domain: -''$TTL 60 ; 1 minute -; hostmaster@${domain} is an email address that recieves stuff related to dns -@ IN SOA ${nameserver}.${domain}. hostmaster.${domain}. ( - ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated - ${current_date} - 600 ; Refresh (10 minutes) - 300 ; Retry (5 minutes) - 604800 ; Expire (1 week) - 3600 ; Minimum (1 hour) - ) + get_config_file = ( + domain: '' + $TTL 60 ; 1 minute + ; hostmaster@${domain} is an email address that recieves stuff related to dns + @ IN SOA ${nameserver}.${domain}. hostmaster.${domain}. ( + ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated + ${current_date} + 600 ; Refresh (10 minutes) + 300 ; Retry (5 minutes) + 604800 ; Expire (1 week) + 3600 ; Minimum (1 hour) + ) -@ NS ns1.${domain}. -@ NS ns2.${domain}. - ; @ stands for teh root domain so teh A record below is where ${domain} points to -;@ A 193.1.99.76 -;@ MX 5 ${domain}. + @ NS ns1.${domain}. + @ NS ns2.${domain}. + ; @ stands for teh root domain so teh A record below is where ${domain} points to + ;@ A 193.1.99.76 + ;@ MX 5 ${domain}. -; can have multiple mailserves -@ MX 10 mail.${domain}. + ; can have multiple mailserves + @ MX 10 mail.${domain}. -; ------------------------------------------ -; Server Names (A Records) -; ------------------------------------------ -${format_records sort_records_server 11} + ; ------------------------------------------ + ; Server Names (A Records) + ; ------------------------------------------ + ${format_records sort_records_server 11} -; ------------------------------------------ -; A (non server names -; ------------------------------------------ -${format_records sort_records_a 18} + ; ------------------------------------------ + ; A (non server names + ; ------------------------------------------ + ${format_records sort_records_a 18} -; ------------------------------------------ -; CNAMES -; ------------------------------------------ -${format_records sort_records_cname 31} + ; ------------------------------------------ + ; CNAMES + ; ------------------------------------------ + ${format_records sort_records_cname 31} -; ------------------------------------------ -; TXT -; ------------------------------------------ -${format_records (filter_records_type "TXT") 29} + ; ------------------------------------------ + ; TXT + ; ------------------------------------------ + ${format_records (filter_records_type "TXT") 29} -; ------------------------------------------ -; SRV -; ------------------------------------------ -${format_records sort_records_srv 17} + ; ------------------------------------------ + ; SRV + ; ------------------------------------------ + ${format_records sort_records_srv 17} -'' + '' ); + # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/4/html/reference_guide/s2-bind-configuration-zone-reverse + # config for our reverse dnspointers (not properly working) + get_config_file_rev = ( + domain: '' + $ORIGIN 64-64.99.1.193.in-addr.arpa. + $TTL 60 ; 1 minute + ; hostmaster@skynet.ie is an email address that recieves stuff related to dns + @ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. ( + ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated + ${current_date} + 600 ; Refresh (10 minutes) + 300 ; Retry (5 minutes) + 604800 ; Expire (1 week) + 3600 ; Minimum (1 hour) + ) - # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/4/html/reference_guide/s2-bind-configuration-zone-reverse - # config for our reverse dnspointers (not properly working) - get_config_file_rev = (domain: -''$ORIGIN 64-64.99.1.193.in-addr.arpa. -$TTL 60 ; 1 minute -; hostmaster@skynet.ie is an email address that recieves stuff related to dns -@ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. ( - ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated - ${current_date} - 600 ; Refresh (10 minutes) - 300 ; Retry (5 minutes) - 604800 ; Expire (1 week) - 3600 ; Minimum (1 hour) - ) + @ NS ns1.skynet.ie. + @ NS ns2.skynet.ie. -@ NS ns1.skynet.ie. -@ NS ns2.skynet.ie. + ; ------------------------------------------ + ; PTR + ; ------------------------------------------ + ${format_records sort_records_ptr 3} + '' + ); -; ------------------------------------------ -; PTR -; ------------------------------------------ -${format_records sort_records_ptr 3} -'' - ); + # domains we dont have proper ownship over, only here to ensure the logs dont get cluttered. + get_config_file_old_domains = ( + domain: '' + $TTL 60 ; 1 minute + ; hostmaster@skynet.ie is an email address that recieves stuff related to dns + @ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. ( + ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated + ${current_date} + 600 ; Refresh (10 minutes) + 300 ; Retry (5 minutes) + 604800 ; Expire (1 week) + 3600 ; Minimum (1 hour) + ) - # domains we dont have proper ownship over, only here to ensure the logs dont get cluttered. - get_config_file_old_domains = (domain: -''$TTL 60 ; 1 minute -; hostmaster@skynet.ie is an email address that recieves stuff related to dns -@ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. ( - ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated - ${current_date} - 600 ; Refresh (10 minutes) - 300 ; Retry (5 minutes) - 604800 ; Expire (1 week) - 3600 ; Minimum (1 hour) - ) + @ NS ns1.skynet.ie. + @ NS ns2.skynet.ie. -@ NS ns1.skynet.ie. -@ NS ns2.skynet.ie. - -'' - ); + '' + ); # arrys of teh two nameservers tmp1 = ["193.1.99.109"]; tmp2 = ["193.1.99.120"]; - primaries = (if cfg.server.primary then - # primary servers have no primaries (ones they listen to) - [] - else - if builtins.elem cfg.server.ip tmp1 then - tmp2 - else - tmp1 + primaries = ( + if cfg.server.primary + then + # primary servers have no primaries (ones they listen to) + [] + else if builtins.elem cfg.server.ip tmp1 + then tmp2 + else tmp1 ); - secondaries = (if cfg.server.primary then - if builtins.elem cfg.server.ip tmp1 then - tmp2 - else - tmp1 - else - [] + secondaries = ( + if cfg.server.primary + then + if builtins.elem cfg.server.ip tmp1 + then tmp2 + else tmp1 + else [] ); # small function to tidy up the spam of the cache networks, would use teh subnet except all external traffic has the ip of teh router - create_cache_networks = (map (x: "193.1.99.${toString x}/32" ) (lib.lists.range 71 126) ); + create_cache_networks = map (x: "193.1.99.${toString x}/32") (lib.lists.range 71 126); - - # standard function to create the etc file, pass in the text and domain and it makes it - create_entry_etc_sub = domain: text: { + # standard function to create the etc file, pass in the text and domain and it makes it + create_entry_etc_sub = domain: text: { # Creates /etc/skynet/dns/domain "skynet/dns/${domain}" = { user = "named"; @@ -175,37 +182,35 @@ ${format_records sort_records_ptr 3} text = text; }; }; -# (text.owned "csn.ul.ie") - + # (text.owned "csn.ul.ie") # standard function to create the etc file, pass in the text and domain and it makes it create_entry_etc = domain: type: - if type == "owned" then - create_entry_etc_sub domain (text.owned domain) - else if type == "reverse" then - create_entry_etc_sub domain (text.reverse domain) - else if type == "old" then - create_entry_etc_sub domain (text.old domain) - else - {}; + if type == "owned" + then create_entry_etc_sub domain (text.owned domain) + else if type == "reverse" + then create_entry_etc_sub domain (text.reverse domain) + else if type == "old" + then create_entry_etc_sub domain (text.old domain) + else {}; - create_entry_zone = (domain: extraConfig: { - "${domain}" = { - extraConfig = '' -${extraConfig} -// for bumping the config -// ${current_date} -''; - # really wish teh nixos config didnt use master/slave - master = cfg.server.primary; - masters = primaries; - slaves = secondaries; - # need to write this to a file - # using the date in it so it will trigger a restart - file = "/etc/skynet/dns/${domain}"; - # no leading whitespace for first line - }; - }); + create_entry_zone = domain: extraConfig: { + "${domain}" = { + extraConfig = '' + ${extraConfig} + // for bumping the config + // ${current_date} + ''; + # really wish teh nixos config didnt use master/slave + master = cfg.server.primary; + masters = primaries; + slaves = secondaries; + # need to write this to a file + # using the date in it so it will trigger a restart + file = "/etc/skynet/dns/${domain}"; + # no leading whitespace for first line + }; + }; text = { owned = domain: get_config_file domain; @@ -215,15 +220,14 @@ ${extraConfig} extraConfig = { owned = - if cfg.server.primary then -'' -allow-update { key rfc2136key.skynet.ie.; }; + if cfg.server.primary + then '' + allow-update { key rfc2136key.skynet.ie.; }; -dnssec-policy default; -inline-signing yes; -'' - else - ""; + dnssec-policy default; + inline-signing yes; + '' + else ""; # no extra config for reverse reverse = ""; @@ -232,30 +236,52 @@ inline-signing yes; }; records = builtins.concatLists ( - lib.attrsets.mapAttrsToList (key: value: - let + lib.attrsets.mapAttrsToList ( + key: value: let details_server = value.config.skynet_dns.server; details_records = value.config.skynet_dns.records; in - if builtins.hasAttr "skynet_dns" value.config - then ( - # got to handle habing a dns record for the dns serves themselves. - if details_server.enable - then ( - if details_server.primary - then details_records ++ [ {record="ns1"; r_type="A"; value=details_server.ip; server=false;} ] - else details_records ++ [ {record="ns2"; r_type="A"; value=details_server.ip; server=false;} ] - ) - else details_records - ) - else [] - ) nodes + if builtins.hasAttr "skynet_dns" value.config + then + ( + # got to handle habing a dns record for the dns serves themselves. + if details_server.enable + then + ( + if details_server.primary + then + details_records + ++ [ + { + record = "ns1"; + r_type = "A"; + value = details_server.ip; + server = false; + } + ] + else + details_records + ++ [ + { + record = "ns2"; + r_type = "A"; + value = details_server.ip; + server = false; + } + ] + ) + else details_records + ) + else [] + ) + nodes ); - nameserver = if cfg.server.primary then "ns1" else "ns2"; - + nameserver = + if cfg.server.primary + then "ns1" + else "ns2"; in { - imports = [ ../applications/firewall.nix ]; @@ -284,31 +310,30 @@ in { records = lib.mkOption { description = "Records, sorted based on therir type"; - type = with lib.types; listOf (submodule { - options = { - record = lib.mkOption { - type = str; + type = with lib.types; + listOf (submodule { + options = { + record = lib.mkOption { + type = str; + }; + r_type = lib.mkOption { + type = enum ["A" "CNAME" "TXT" "PTR" "SRV"]; + }; + value = lib.mkOption { + type = str; + }; + server = lib.mkOption { + description = "Core record for a server"; + type = bool; + default = false; + }; }; - r_type = lib.mkOption { - type = enum ["A" "CNAME" "TXT" "PTR" "SRV"]; - }; - value = lib.mkOption { - type = str; - }; - server = lib.mkOption { - description = "Core record for a server"; - type = bool; - default = false; - }; - }; - }); + }); }; - }; }; config = lib.mkIf cfg.server.enable { - # open the firewall for this skynet_firewall.forward = [ "ip daddr ${cfg.server.ip} tcp dport 53 counter packets 0 bytes 0 accept" @@ -316,25 +341,20 @@ in { ]; services.bind.zones = - (create_entry_zone "csn.ul.ie" extraConfig.owned ) // - (create_entry_zone "skynet.ie" extraConfig.owned ) // - (create_entry_zone "ulcompsoc.ie" extraConfig.owned ) // - - (create_entry_zone "64-64.99.1.193.in-addr.arpa" extraConfig.reverse ) // - - (create_entry_zone "conradcollins.net" extraConfig.old )// - (create_entry_zone "edelharty.net" extraConfig.old ); + (create_entry_zone "csn.ul.ie" extraConfig.owned) + // (create_entry_zone "skynet.ie" extraConfig.owned) + // (create_entry_zone "ulcompsoc.ie" extraConfig.owned) + // (create_entry_zone "64-64.99.1.193.in-addr.arpa" extraConfig.reverse) + // (create_entry_zone "conradcollins.net" extraConfig.old) + // (create_entry_zone "edelharty.net" extraConfig.old); environment.etc = - (create_entry_etc "csn.ul.ie" "owned") // - (create_entry_etc "skynet.ie" "owned") // - (create_entry_etc "ulcompsoc.ie" "owned") // - - (create_entry_etc "64-64.99.1.193.in-addr.arpa" "reverse") // - - (create_entry_etc "conradcollins.net" "old") // - (create_entry_etc "edelharty.net" "old"); - + (create_entry_etc "csn.ul.ie" "owned") + // (create_entry_etc "skynet.ie" "owned") + // (create_entry_etc "ulcompsoc.ie" "owned") + // (create_entry_etc "64-64.99.1.193.in-addr.arpa" "reverse") + // (create_entry_etc "conradcollins.net" "old") + // (create_entry_etc "edelharty.net" "old"); # secrets required age.secrets.dns_dnskeys = { @@ -374,23 +394,25 @@ in { "9.9.9.9" ]; - cacheNetworks = [ - # this server itself - "127.0.0.0/24" + cacheNetworks = + [ + # this server itself + "127.0.0.0/24" - # skynet server in the dmz - "193.1.96.165/32" - # all of skynet can use this as a resolver - /* - Origianl idea, however all external traffic had the ip of the router - "193.1.99.64/26" + # skynet server in the dmz + "193.1.96.165/32" + # all of skynet can use this as a resolver + /* + Origianl idea, however all external traffic had the ip of the router + "193.1.99.64/26" - So to fix this we need to allow smaller ranges? - Didnt work - Fallback is explisitly listing each ip we have + So to fix this we need to allow smaller ranges? - Didnt work + Fallback is explisitly listing each ip we have - Now have a function for it - */ - ] ++ create_cache_networks; + Now have a function for it + */ + ] + ++ create_cache_networks; }; # deletes teh journal files evey start so it no longer stalls out @@ -404,6 +426,5 @@ in { createHome = true; home = "/etc/skynet/dns"; }; - }; -} \ No newline at end of file +} diff --git a/applications/email.nix b/applications/email.nix index 265fc45..c91f4da 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -1,17 +1,21 @@ -{ config, pkgs, lib, inputs, ...}: with lib; - let - cfg = config.services.skynet_email; +{ + config, + pkgs, + lib, + inputs, + ... +}: +with lib; let + cfg = config.services.skynet_email; - # create teh new strings - create_filter_array = map (x: "(memberOf=cn=${x},ou=groups,${cfg.ldap.base})"); + # create teh new strings + create_filter_array = map (x: "(memberOf=cn=${x},ou=groups,${cfg.ldap.base})"); - create_filter_join = (x: concatStringsSep "" x); - - # thought you could escape racket? - create_filter = (groups: create_filter_join (create_filter_array groups) ); - - in { + create_filter_join = x: concatStringsSep "" x; + # thought you could escape racket? + create_filter = groups: create_filter_join (create_filter_array groups); +in { imports = [ ./dns.nix ./acme.nix @@ -85,7 +89,6 @@ default = "cn=admin,${cfg.ldap.base}"; description = lib.mdDoc "where to find users"; }; - }; }; @@ -104,40 +107,80 @@ # set up dns record for it skynet_dns.records = [ # basic one - {record="mail"; r_type="A"; value=cfg.host.ip;} + { + record = "mail"; + r_type = "A"; + value = cfg.host.ip; + } # TXT records, all tehse are inside escaped strings to allow using "" # SPF record - {record="${cfg.domain}."; r_type="TXT"; value=''"v=spf1 a:${cfg.sub}.${cfg.domain} -all"'';} - + { + record = "${cfg.domain}."; + r_type = "TXT"; + value = ''"v=spf1 a:${cfg.sub}.${cfg.domain} -all"''; + } + # DKIM keys - {record="mail._domainkey.skynet.ie."; r_type="TXT"; value=''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxju1Ie60BdHwyFVPNQKovL/cX9IFPzBKgjnHZf+WBzDCFKSBpf7NvnfXajtFDQN0poaN/Qfifid+V55ZCNDBn8Y3qZa4Y69iNiLw2DdvYf0HdnxX6+pLpbmj7tikGGLJ62xnhkJhoELnz5gCOhpyoiv0tSQVaJpaGZmoll861/QIDAQAB"'';} - {record="mail._domainkey.ulcompsoc.ie."; r_type="TXT"; value=''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"'';} + { + record = "mail._domainkey.skynet.ie."; + r_type = "TXT"; + value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxju1Ie60BdHwyFVPNQKovL/cX9IFPzBKgjnHZf+WBzDCFKSBpf7NvnfXajtFDQN0poaN/Qfifid+V55ZCNDBn8Y3qZa4Y69iNiLw2DdvYf0HdnxX6+pLpbmj7tikGGLJ62xnhkJhoELnz5gCOhpyoiv0tSQVaJpaGZmoll861/QIDAQAB"''; + } + { + record = "mail._domainkey.ulcompsoc.ie."; + r_type = "TXT"; + value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"''; + } # DMARC - {record="_dmarc.${cfg.domain}."; r_type="TXT"; value=''"v=DMARC1; p=none"'';} + { + record = "_dmarc.${cfg.domain}."; + r_type = "TXT"; + value = ''"v=DMARC1; p=none"''; + } # reverse pointer - {record=cfg.host.ip; r_type="PTR"; value="${cfg.sub}.${cfg.domain}.";} + { + record = cfg.host.ip; + r_type = "PTR"; + value = "${cfg.sub}.${cfg.domain}."; + } - # SRV records to help gmail on android etc find the correct mail.skynet.ie domain for config rather than just defaulting to skynet.ie + # SRV records to help gmail on android etc find the correct mail.skynet.ie domain for config rather than just defaulting to skynet.ie # https://serverfault.com/questions/935192/how-to-setup-auto-configure-email-for-android-mail-app-on-your-server/1018406#1018406 # response should be: # _imap._tcp SRV 0 1 143 imap.example.com. - {record="_imaps._tcp"; r_type="SRV"; value="0 1 993 ${cfg.sub}.${cfg.domain}.";} - {record="_imap._tcp"; r_type="SRV"; value="0 1 143 ${cfg.sub}.${cfg.domain}.";} - {record="_submissions._tcp"; r_type="SRV"; value="0 1 465 ${cfg.sub}.${cfg.domain}.";} - {record="_submission._tcp"; r_type="SRV"; value="0 1 587 ${cfg.sub}.${cfg.domain}.";} + { + record = "_imaps._tcp"; + r_type = "SRV"; + value = "0 1 993 ${cfg.sub}.${cfg.domain}."; + } + { + record = "_imap._tcp"; + r_type = "SRV"; + value = "0 1 143 ${cfg.sub}.${cfg.domain}."; + } + { + record = "_submissions._tcp"; + r_type = "SRV"; + value = "0 1 465 ${cfg.sub}.${cfg.domain}."; + } + { + record = "_submission._tcp"; + r_type = "SRV"; + value = "0 1 587 ${cfg.sub}.${cfg.domain}."; + } ]; # to provide the certs services.nginx.virtualHosts = { "${cfg.sub}.${cfg.domain}" = { - forceSSL = true; + forceSSL = true; useACMEHost = "skynet"; # override the inbuilt nginx config enableACME = false; - serverName = "${cfg.sub}.${cfg.domain}"; + serverName = "${cfg.sub}.${cfg.domain}"; }; }; @@ -145,11 +188,11 @@ users.groups.nginx = {}; users.groups.roundcube = {}; services.roundcube = { - enable = true; - # this is the url of the vhost, not necessarily the same as the fqdn of - # the mailserver - hostName = "${cfg.sub}.${cfg.domain}"; - extraConfig = '' + enable = true; + # this is the url of the vhost, not necessarily the same as the fqdn of + # the mailserver + hostName = "${cfg.sub}.${cfg.domain}"; + extraConfig = '' # starttls needed for authentication, so the fqdn required to match # the certificate $config['smtp_server'] = "ssl://${cfg.sub}.${cfg.domain}"; @@ -171,7 +214,7 @@ 'name' => 'cn', 'surname' => 'sn', 'email' => 'skMail:*', - ] + ] ); ''; }; @@ -207,7 +250,7 @@ userAttrs = "quotaEmail=quota_rule=*:bytes=%$,=quota_rule2=Trash:storage=+100M"; # accept emails in, but only allow access to paid up members - passFilter = "(&(|${create_filter cfg.groups})(skMail=%u))"; + passFilter = "(&(|${create_filter cfg.groups})(skMail=%u))"; }; postfix = { @@ -215,14 +258,11 @@ uidAttribute = "skMail"; mailAttribute = "skMail"; }; - }; # feckin spammers rejectRecipients = [ - ]; - }; # tune the spam filter diff --git a/applications/firewall.nix b/applications/firewall.nix index 1faef0e..51bdeb6 100644 --- a/applications/firewall.nix +++ b/applications/firewall.nix @@ -1,5 +1,9 @@ -{lib, pkgs, config, ...}: { - +{ + lib, + pkgs, + config, + ... +}: { # using https://github.com/greaka/ops/blob/818be4c4dea9129abe0f086d738df4cb0bb38288/apps/restic/options.nix as a base options = { skynet_firewall = { @@ -10,7 +14,7 @@ type = lib.types.bool; }; forward = lib.mkOption { - default = [ ]; + default = []; type = lib.types.listOf lib.types.str; description = '' A list of routes to forward @@ -19,16 +23,16 @@ own = { ip = lib.mkOption { - default = "127.0.0.1"; - type = lib.types.str; - description = '' - IP of the firewall - ''; + default = "127.0.0.1"; + type = lib.types.str; + description = '' + IP of the firewall + ''; }; ports = { tcp = lib.mkOption { - default = [ ]; + default = []; type = lib.types.listOf lib.types.int; description = '' A list of TCP ports for the machiene running the firewall @@ -36,15 +40,13 @@ }; udp = lib.mkOption { - default = [ ]; + default = []; type = lib.types.listOf lib.types.int; description = '' A list of UDP ports for the machiene running the firewall ''; }; - }; - }; }; }; @@ -56,8 +58,7 @@ # fules for the firewall # beware of EOL conversion. - networking.nftables.ruleset = - '' + networking.nftables.ruleset = '' # using https://oxcrag.net/2021/12/25/build-your-own-router-with-nftables-part-1/ as a guide # Clear out any existing rules @@ -164,9 +165,6 @@ } } - ''; - + ''; }; - - } diff --git a/applications/games.nix b/applications/games.nix index 7c7b126..5b48680 100644 --- a/applications/games.nix +++ b/applications/games.nix @@ -1,52 +1,57 @@ -{ config, pkgs, lib, ... }: - with lib; - let - cfg = config.services.skynet_games; - in { +{ + config, + pkgs, + lib, + ... +}: +with lib; let + cfg = config.services.skynet_games; +in { imports = [ ./dns.nix ./games/minecraft.nix ]; - options.services.skynet_games = { - enable = mkEnableOption "Skynet Games"; + enable = mkEnableOption "Skynet Games"; - host = { - ip = mkOption { - type = types.str; - }; - - name = mkOption { - type = types.str; - }; + host = { + ip = mkOption { + type = types.str; }; - domain = { - tld = mkOption { - type = types.str; - default = "ie"; - }; + name = mkOption { + type = types.str; + }; + }; - base = mkOption { - type = types.str; - default = "skynet"; - }; - - sub = mkOption { - type = types.str; - default = "games"; - }; + domain = { + tld = mkOption { + type = types.str; + default = "ie"; }; + base = mkOption { + type = types.str; + default = "skynet"; + }; + + sub = mkOption { + type = types.str; + default = "games"; + }; + }; }; - config = mkIf cfg.enable { skynet_dns.records = [ # need a base domain - {record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;} + { + record = cfg.domain.sub; + r_type = "CNAME"; + value = cfg.host.name; + } ]; # the minecraft servers @@ -62,7 +67,5 @@ sub = "minecraft.${cfg.domain.sub}"; }; }; - - }; -} \ No newline at end of file +} diff --git a/applications/games/minecraft.nix b/applications/games/minecraft.nix index 4fc1a17..6a9f786 100644 --- a/applications/games/minecraft.nix +++ b/applications/games/minecraft.nix @@ -1,12 +1,16 @@ -{ config, pkgs, lib, inputs, ... }: - with lib; - let - cfg = config.services.skynet_games_minecraft; - - # got tired of how long this is so I created a var for it. - short_domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; - in { +{ + config, + pkgs, + lib, + inputs, + ... +}: +with lib; let + cfg = config.services.skynet_games_minecraft; + # got tired of how long this is so I created a var for it. + short_domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; +in { imports = [ ../acme.nix ../dns.nix @@ -54,21 +58,41 @@ ]; skynet_acme.domains = [ - "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" + "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" "*.${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" ]; skynet_dns.records = [ # the minecraft (web) config server - {record="config.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;} + { + record = "config.${cfg.domain.sub}"; + r_type = "CNAME"; + value = cfg.host.name; + } # our own minecraft hosts - {record="compsoc_classic.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;} - {record="compsoc.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;} + { + record = "compsoc_classic.${cfg.domain.sub}"; + r_type = "CNAME"; + value = cfg.host.name; + } + { + record = "compsoc.${cfg.domain.sub}"; + r_type = "CNAME"; + value = cfg.host.name; + } # gsoc servers - {record="gsoc.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;} - {record="gsoc_abridged.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;} + { + record = "gsoc.${cfg.domain.sub}"; + r_type = "CNAME"; + value = cfg.host.name; + } + { + record = "gsoc_abridged.${cfg.domain.sub}"; + r_type = "CNAME"; + value = cfg.host.name; + } ]; networking.firewall.allowedTCPPorts = [ @@ -77,7 +101,6 @@ ]; services.nginx.virtualHosts = { - # https://config.minecraft.games.skynet.ie "config.${short_domain}" = { forceSSL = true; @@ -94,7 +117,6 @@ useACMEHost = "skynet"; locations."/map/".alias = "/etc/games/minecraft/craftycontrol/servers/f4c5eb33-c6d6-421c-81ab-ded31f6e8750/plugins/dynmap/web/"; }; - }; # arion is one way to use docker on nixos @@ -103,12 +125,11 @@ virtualisation.arion = { backend = "docker"; projects = { - minecraft.settings.services = { mc_proxy.service = { image = "itzg/mc-router:1.18.0"; - ports = [ "25565:25565/tcp" ]; - expose = [ "25565" ]; + ports = ["25565:25565/tcp"]; + expose = ["25565"]; command = [ "--mapping=compsoc_classic.${short_domain}=mc_config:20000,compsoc.${short_domain}=mc_config:20001,gsoc.${short_domain}=mc_config:20002,gsoc.${short_domain}=mc_config:20002,gsoc_abridged.${short_domain}=mc_config:20003" ]; @@ -118,7 +139,7 @@ image = "registry.gitlab.com/crafty-controller/crafty-4:4.1.1"; environment = { - TZ="Etc/UTC"; + TZ = "Etc/UTC"; }; volumes = [ @@ -144,4 +165,4 @@ }; }; }; -} \ No newline at end of file +} diff --git a/applications/gitlab.nix b/applications/gitlab.nix index 8ecda83..0840614 100644 --- a/applications/gitlab.nix +++ b/applications/gitlab.nix @@ -1,8 +1,12 @@ -{ config, pkgs, lib, ... }: - with lib; - let - cfg = config.services.skynet_gitlab; - in { +{ + config, + pkgs, + lib, + ... +}: +with lib; let + cfg = config.services.skynet_gitlab; +in { imports = [ ./acme.nix ./dns.nix @@ -52,9 +56,7 @@ default = "dc=skynet,dc=ie"; description = lib.mdDoc "The base address in the ldap server"; }; - }; - }; config = mkIf cfg.enable { @@ -97,14 +99,22 @@ skynet_acme.domains = [ "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" # Lets Encrypt seems to have a 4 levels limit for certs - "*.pages.${cfg.domain.base}.${cfg.domain.tld}" + "*.pages.${cfg.domain.base}.${cfg.domain.tld}" ]; # using https://nixos.org/manual/nixos/stable/index.html#module-services-gitlab as a guide skynet_dns.records = [ - {record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;} + { + record = cfg.domain.sub; + r_type = "CNAME"; + value = cfg.host.name; + } # for gitlab pages - {record="*.pages.${cfg.domain.base}.${cfg.domain.tld}."; r_type="A"; value=cfg.host.ip;} + { + record = "*.pages.${cfg.domain.base}.${cfg.domain.tld}."; + r_type = "A"; + value = cfg.host.ip; + } ]; networking.firewall.allowedTCPPorts = [ @@ -112,7 +122,7 @@ 2222 ]; - services.openssh.ports = [ 22 2222 ]; + services.openssh.ports = [22 2222]; services.nginx.virtualHosts = { # main site @@ -163,7 +173,6 @@ auth-server = "https://gitlab.example.com"; */ }; - }; #smtp = { # enable = true; @@ -200,7 +209,7 @@ name = "cn"; }; - group_base= "ou=groups,${cfg.ldap.base}"; + group_base = "ou=groups,${cfg.ldap.base}"; admin_group = "skynet-admins"; sync_ssh_keys = "sshPublicKey"; @@ -217,4 +226,4 @@ }; }; }; -} \ No newline at end of file +} diff --git a/applications/gitlab_runner.nix b/applications/gitlab_runner.nix index 48559da..b0535e0 100644 --- a/applications/gitlab_runner.nix +++ b/applications/gitlab_runner.nix @@ -1,10 +1,13 @@ -{ config, pkgs, lib, ... }: - with lib; - let - cfg = config.services.skynet_gitlab_runner; - in { +{ + config, + pkgs, + lib, + ... +}: +with lib; let + cfg = config.services.skynet_gitlab_runner; +in { imports = [ - ]; options.services.skynet_gitlab_runner = { @@ -44,7 +47,7 @@ config = mkIf cfg.enable { # https://search.nixos.org/options?from=0&size=50&sort=alpha_desc&type=packages&query=services.gitlab-runner. environment.systemPackages = [ - pkgs.gitlab-runner + pkgs.gitlab-runner ]; age.secrets.runner_01_nix.file = ../secrets/gitlab/runners/runner01.age; @@ -53,7 +56,7 @@ boot.kernel.sysctl."net.ipv4.ip_forward" = true; # 1 # taken from https://github.com/NixOS/nixpkgs/issues/245365#issuecomment-1663854128 - virtualisation.docker.listenOptions = [ "/run/docker.sock" "127.0.0.1:2375" ]; + virtualisation.docker.listenOptions = ["/run/docker.sock" "127.0.0.1:2375"]; services.gitlab-runner = { enable = true; @@ -68,7 +71,7 @@ runner_nix = { cloneUrl = cfg.runner.gitlab; description = "For Nix only"; - registrationFlags = [ "--docker-host" "tcp://127.0.0.1:2375" ]; + registrationFlags = ["--docker-host" "tcp://127.0.0.1:2375"]; registrationConfigFile = config.age.secrets.runner_01_nix.path; dockerImage = cfg.runner.docker.image; @@ -92,7 +95,7 @@ . ${pkgs.nix}/etc/profile.d/nix-daemon.sh ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixos-unstable nixpkgs # 3 ${pkgs.nix}/bin/nix-channel --update nixpkgs - ${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [ nix cacert git openssh ])} + ${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [nix cacert git openssh])} ''; environmentVariables = { ENV = "/etc/profile"; @@ -101,17 +104,17 @@ PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin"; NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"; }; - tagList = [ "nix" ]; + tagList = ["nix"]; }; runner_general = { cloneUrl = cfg.runner.gitlab; description = "General Runner"; - registrationFlags = [ "--docker-host" "tcp://127.0.0.1:2375" ]; + registrationFlags = ["--docker-host" "tcp://127.0.0.1:2375"]; registrationConfigFile = config.age.secrets.runner_02_general.path; dockerImage = cfg.runner.docker.image; }; }; }; }; -} \ No newline at end of file +} diff --git a/applications/ldap/backend.nix b/applications/ldap/backend.nix index d32c577..477a485 100644 --- a/applications/ldap/backend.nix +++ b/applications/ldap/backend.nix @@ -1,10 +1,14 @@ -{ config, pkgs, lib, inputs, ... }: - with lib; - let - cfg = config.services.ldap_backend; - port_backend = "8087"; - in { - +{ + config, + pkgs, + lib, + inputs, + ... +}: +with lib; let + cfg = config.services.ldap_backend; + port_backend = "8087"; +in { imports = [ ../acme.nix ../dns.nix @@ -44,7 +48,6 @@ }; config = mkIf cfg.enable { - #backups = [ "/etc/silver_ul_ical/database.db" ]; age.secrets.ldap_details.file = ../../secrets/ldap/details.age; @@ -56,7 +59,11 @@ ]; skynet_dns.records = [ - {record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;} + { + record = cfg.domain.sub; + r_type = "CNAME"; + value = cfg.host.name; + } ]; services.nginx.virtualHosts."${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = { @@ -64,9 +71,9 @@ useACMEHost = "skynet"; locations."/".proxyPass = "http://localhost:${port_backend}"; -# extraConfig = '' -# add_header Access-Control-Allow-Origin "https://account.${cfg.domain.base}.${cfg.domain.tld}"; -# ''; + # extraConfig = '' + # add_header Access-Control-Allow-Origin "https://account.${cfg.domain.base}.${cfg.domain.tld}"; + # ''; extraConfig = '' add_header Access-Control-Allow-Origin "*"; ''; @@ -99,315 +106,316 @@ ]; lifetime = []; banned = []; - restricted = [ - # usernames folks arent allowed to use - "contact" - "dnsadm" - "president" - "treasurer" - "secretary" - "pro" - "sysadmin" - "root" - - ] ++ [ - # basis comes from https://discord.com/channels/689189992417067052/1126084496710713414/1149072061466169444 - # start off with compsoc stuff first - "competition_www" - "demo1" - "demouser" - "ftp" - "lost+found" - "postfix" - "skynews.old" - "system_backup" - "test" - "test12" - "test20202" - "test20203" - "tmp" - "webadm" - ] ++ [ - # clubs and socs (as far as I can tell - "aerosoc" - "aikido" - "anfocal" - "bics" - "boarding" - "cns" - "dev" - "filmsoc" - "gaa" - "german" - "golfsoc" - "handball" - "hispanic" - "history" - "hockey" - "home" - "legosoc" - "lifesave" - "mens_gfc" - "musicsoc" - "pagansoc" - "peacesoc" - "physics" - "poker" - "prolife" - "radio" - "ragweek" - "sinnfein" - "soccer" - "ulbs" - "ulcamogie" - "ulcc" - "ulgaa" - "ulils" - "ulladiesfootball" - "ullaughinsoc" - "ulrfc" - "ulriders" - "ulssc" - "ultennis" - "viking" - ] ++ [ - # remaining, most likely usernames - "_9thwonder" - "abc" - "activate" - "aiesec" - "air" - "aladdin" - "alaric" - "aldozzie" - "allenli" - "amg" - "amgl" - "annette" - "annlad" - "ards_backup" - "arisquez" - "arthur" - "austin" - "beta" - "bh" - "bigdave" - "bios" - "bizarroal" - "bmacaree" - "boardy" - "boddah" - "bogus.anime.fakh" - "bogus.bhudt.dacf" - "bogus.citoge.baym" - "bogus.electro.ba0a" - "bogus.fencing.baw5" - "bogus.harry.ba8f" - "bogus.hui.hong.baci" - "bogus.ironman.baqib" - "bogus.joe.bach" - "bogus.kenny.bas6" - "bogus.kerswin.baybb" - "bogus.kravmaga.ba0w" - "bogus.methi.baq5" - "bogus.nelsonmw.bauc" - "bogus.poshea.ba0m" - "bogus.redwolf.bawn" - "bogus.romanov.baat" - "bogus.ryan.bae-" - "bogus.rynnea.bask" - "bogus.sea.af" - "bogus.shane.c.ba8z" - "bogus.t1000.baggb" - "bogus.ullrugby.ba8p" - "brendan" - "bubba" - "c_material_removed" - "ca_worm" - "cactus" - "carticus" - "cathalc" - "cathald-broken" - "cdschedule" - "celtic" - "christine" - "cian" - "ciara" - "ciaran" - "colin" - "cosmo" - "counsel" - "creosote" - "crew" - "cues" - "cur" - "cwhelan" - "dac" - "daktulu" - "datacore" - "davec" - "daverus" - "deano" - "deccy" - "declanmu" - "deiji" - "dermotmc" - "derrick" - "deshocks" - "diarmuid" - "dippy" - "djraptor" - "dmackey" - "dmir" - "dom" - "dom_mckay" - "donie" - "donnacha" - "dos30" - "drazhar" - "duffman" - "eas" - "electal" - "emc" - "emilia" - "emma" - "emmag" - "ents" - "envcom" - "eoinh95" - "epgriffin" - "equest" - "fiacc" - "fint" - "flanno" - "fmannix" - "foodcoop" - "gamenet" - "ganainm" - "gar" - "ger88" - "ghama" - "ging" - "goborobo" - "gooner" - "greekweek" - "hawking" - "hb" - "homer" - "hoshi" - "ian" - "ianrice" - "ilug" - "infinity" - "ingenuus" - "internat" - "jamessy" - "jamiebarry" - "jbravo" - "jdonegan" - "joedredd" - "johann" - "jokill" - "jsoccer" - "jules" - "kate" - "katie" - "kellyj" - "kiely" - "koo" - "l_d_ablo" - "lakes" - "laura" - "lebowski" - "liabraid" - "lynn" - "mal" - "manuel" - "maraz" - "marieke" - "marky" - "mature" - "mbyrne" - "meanturtle" - "mickaful" - "mickasul" - "mikado" - "mikeh" - "mikkel" - "mixiezme" - "mmc" - "molly" - "moochie" - "moonser" - "mopic" - "mp" - "nastros" - "neutrino" - "new" - "nezzy" - "nkdc" - "nmcenroy" - "noelle" - "nugget" - "ob" - "omega" - "oneillbeano" - "pamela" - "peterj" - "photyl" - "plake" - "pmcg1986" - "pyro" - "qubeat" - "rachel" - "rachelg" - "ralmeida" - "raymond" - "razzlero" - "red" - "rmacm" - "rmorrissey" - "robson" - "selena" - "shark" - "shayscannell" - "shazlove" - "shelley" - "shelly" - "silver.old" - "sirhc" - "sithlord" - "sk" - "sligoer" - "slowey" - "smallp" - "smurfy" - "sordfish" - "soul98" - "soular" - "st" - "stefanovich" - "svp" - "szczerba" - "tangsoodo" - "tc" - "tenfor" - "teslacut" - "theematt" - "thomasl" - "tockman" - "ugm" - "vanzan" - "volleyb" - "warren" - "weather" - "wiles" - "yvonne" - "zrahman" - ]; - + restricted = + [ + # usernames folks arent allowed to use + "contact" + "dnsadm" + "president" + "treasurer" + "secretary" + "pro" + "sysadmin" + "root" + ] + ++ [ + # basis comes from https://discord.com/channels/689189992417067052/1126084496710713414/1149072061466169444 + # start off with compsoc stuff first + "competition_www" + "demo1" + "demouser" + "ftp" + "lost+found" + "postfix" + "skynews.old" + "system_backup" + "test" + "test12" + "test20202" + "test20203" + "tmp" + "webadm" + ] + ++ [ + # clubs and socs (as far as I can tell + "aerosoc" + "aikido" + "anfocal" + "bics" + "boarding" + "cns" + "dev" + "filmsoc" + "gaa" + "german" + "golfsoc" + "handball" + "hispanic" + "history" + "hockey" + "home" + "legosoc" + "lifesave" + "mens_gfc" + "musicsoc" + "pagansoc" + "peacesoc" + "physics" + "poker" + "prolife" + "radio" + "ragweek" + "sinnfein" + "soccer" + "ulbs" + "ulcamogie" + "ulcc" + "ulgaa" + "ulils" + "ulladiesfootball" + "ullaughinsoc" + "ulrfc" + "ulriders" + "ulssc" + "ultennis" + "viking" + ] + ++ [ + # remaining, most likely usernames + "_9thwonder" + "abc" + "activate" + "aiesec" + "air" + "aladdin" + "alaric" + "aldozzie" + "allenli" + "amg" + "amgl" + "annette" + "annlad" + "ards_backup" + "arisquez" + "arthur" + "austin" + "beta" + "bh" + "bigdave" + "bios" + "bizarroal" + "bmacaree" + "boardy" + "boddah" + "bogus.anime.fakh" + "bogus.bhudt.dacf" + "bogus.citoge.baym" + "bogus.electro.ba0a" + "bogus.fencing.baw5" + "bogus.harry.ba8f" + "bogus.hui.hong.baci" + "bogus.ironman.baqib" + "bogus.joe.bach" + "bogus.kenny.bas6" + "bogus.kerswin.baybb" + "bogus.kravmaga.ba0w" + "bogus.methi.baq5" + "bogus.nelsonmw.bauc" + "bogus.poshea.ba0m" + "bogus.redwolf.bawn" + "bogus.romanov.baat" + "bogus.ryan.bae-" + "bogus.rynnea.bask" + "bogus.sea.af" + "bogus.shane.c.ba8z" + "bogus.t1000.baggb" + "bogus.ullrugby.ba8p" + "brendan" + "bubba" + "c_material_removed" + "ca_worm" + "cactus" + "carticus" + "cathalc" + "cathald-broken" + "cdschedule" + "celtic" + "christine" + "cian" + "ciara" + "ciaran" + "colin" + "cosmo" + "counsel" + "creosote" + "crew" + "cues" + "cur" + "cwhelan" + "dac" + "daktulu" + "datacore" + "davec" + "daverus" + "deano" + "deccy" + "declanmu" + "deiji" + "dermotmc" + "derrick" + "deshocks" + "diarmuid" + "dippy" + "djraptor" + "dmackey" + "dmir" + "dom" + "dom_mckay" + "donie" + "donnacha" + "dos30" + "drazhar" + "duffman" + "eas" + "electal" + "emc" + "emilia" + "emma" + "emmag" + "ents" + "envcom" + "eoinh95" + "epgriffin" + "equest" + "fiacc" + "fint" + "flanno" + "fmannix" + "foodcoop" + "gamenet" + "ganainm" + "gar" + "ger88" + "ghama" + "ging" + "goborobo" + "gooner" + "greekweek" + "hawking" + "hb" + "homer" + "hoshi" + "ian" + "ianrice" + "ilug" + "infinity" + "ingenuus" + "internat" + "jamessy" + "jamiebarry" + "jbravo" + "jdonegan" + "joedredd" + "johann" + "jokill" + "jsoccer" + "jules" + "kate" + "katie" + "kellyj" + "kiely" + "koo" + "l_d_ablo" + "lakes" + "laura" + "lebowski" + "liabraid" + "lynn" + "mal" + "manuel" + "maraz" + "marieke" + "marky" + "mature" + "mbyrne" + "meanturtle" + "mickaful" + "mickasul" + "mikado" + "mikeh" + "mikkel" + "mixiezme" + "mmc" + "molly" + "moochie" + "moonser" + "mopic" + "mp" + "nastros" + "neutrino" + "new" + "nezzy" + "nkdc" + "nmcenroy" + "noelle" + "nugget" + "ob" + "omega" + "oneillbeano" + "pamela" + "peterj" + "photyl" + "plake" + "pmcg1986" + "pyro" + "qubeat" + "rachel" + "rachelg" + "ralmeida" + "raymond" + "razzlero" + "red" + "rmacm" + "rmorrissey" + "robson" + "selena" + "shark" + "shayscannell" + "shazlove" + "shelley" + "shelly" + "silver.old" + "sirhc" + "sithlord" + "sk" + "sligoer" + "slowey" + "smallp" + "smurfy" + "sordfish" + "soul98" + "soular" + "st" + "stefanovich" + "svp" + "szczerba" + "tangsoodo" + "tc" + "tenfor" + "teslacut" + "theematt" + "thomasl" + "tockman" + "ugm" + "vanzan" + "volleyb" + "warren" + "weather" + "wiles" + "yvonne" + "zrahman" + ]; }; - }; }; } diff --git a/applications/ldap/client.nix b/applications/ldap/client.nix index 2a7324a..d172b42 100644 --- a/applications/ldap/client.nix +++ b/applications/ldap/client.nix @@ -1,21 +1,26 @@ -{ config, pkgs, lib, ... }: - with lib; - let - cfg = config.services.skynet_ldap_client; +{ + config, + pkgs, + lib, + ... +}: +with lib; let + cfg = config.services.skynet_ldap_client; - # always ensure the admin group has access - create_filter_check_admin = (x: if !(builtins.elem "skynet-admins" x) then x ++ ["skynet-admins"] else x); + # always ensure the admin group has access + create_filter_check_admin = x: + if !(builtins.elem "skynet-admins" x) + then x ++ ["skynet-admins"] + else x; - # create teh new strings - create_filter_array = map (x: "(skMemberOf=cn=${x},ou=groups,${cfg.base})"); + # create teh new strings + create_filter_array = map (x: "(skMemberOf=cn=${x},ou=groups,${cfg.base})"); - create_filter_join = (x: concatStringsSep "" x); - - # thought you could escape racket? - create_filter = (x: create_filter_join (create_filter_array (create_filter_check_admin x) ) ); - - in { + create_filter_join = x: concatStringsSep "" x; + # thought you could escape racket? + create_filter = x: create_filter_join (create_filter_array (create_filter_check_admin x)); +in { # these are needed for teh program in question imports = []; @@ -46,7 +51,6 @@ ]; description = lib.mdDoc "Groups we want to allow access to the server"; }; - }; config = mkIf cfg.enable { @@ -54,10 +58,17 @@ security.sudo.extraRules = [ # admin group has sudo access - { groups = [ "skynet-admins-linux" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; } + { + groups = ["skynet-admins-linux"]; + commands = [ + { + command = "ALL"; + options = ["NOPASSWD"]; + } + ]; + } ]; - # give users a home dir security.pam.services.sshd.makeHomeDir = true; @@ -68,7 +79,7 @@ # tell users where tehy cna setup their ssh key banner = '' If you get 'Permission denied (publickey,keyboard-interactive)' you need to add an ssh key on https://${cfg.address} - ''; + ''; }; services.sssd = { @@ -77,41 +88,40 @@ sshAuthorizedKeysIntegration = true; config = '' -[domain/skynet.ie] -id_provider = ldap -auth_provider = ldap -sudo_provider = ldap + [domain/skynet.ie] + id_provider = ldap + auth_provider = ldap + sudo_provider = ldap -ldap_uri = ldaps://${cfg.address}:636 + ldap_uri = ldaps://${cfg.address}:636 -ldap_search_base = ${cfg.base} -# thank ye https://medium.com/techish-cloud/linux-user-ssh-authentication-with-sssd-ldap-without-joining-domain-9151396d967d -ldap_user_search_base = ou=users,${cfg.base}?sub?(|${create_filter cfg.groups}) -ldap_group_search_base = ou=groups,${cfg.base} -ldap_sudo_search_base = cn=skynet-admins-linux,ou=groups,${cfg.base} + ldap_search_base = ${cfg.base} + # thank ye https://medium.com/techish-cloud/linux-user-ssh-authentication-with-sssd-ldap-without-joining-domain-9151396d967d + ldap_user_search_base = ou=users,${cfg.base}?sub?(|${create_filter cfg.groups}) + ldap_group_search_base = ou=groups,${cfg.base} + ldap_sudo_search_base = cn=skynet-admins-linux,ou=groups,${cfg.base} -ldap_group_nesting_level = 5 + ldap_group_nesting_level = 5 -cache_credentials = false -entry_cache_timeout = 1 + cache_credentials = false + entry_cache_timeout = 1 -ldap_user_member_of = skMemberOf + ldap_user_member_of = skMemberOf -[sssd] -config_file_version = 2 -services = nss, pam, sudo, ssh -domains = skynet.ie + [sssd] + config_file_version = 2 + services = nss, pam, sudo, ssh + domains = skynet.ie -[nss] -# override_homedir = /home/%u + [nss] + # override_homedir = /home/%u -[pam] + [pam] -[sudo] + [sudo] -[autofs] + [autofs] ''; }; - }; -} \ No newline at end of file +} diff --git a/applications/ldap/server.nix b/applications/ldap/server.nix index b63861f..2090879 100644 --- a/applications/ldap/server.nix +++ b/applications/ldap/server.nix @@ -1,13 +1,16 @@ /* Gonna use a priper nixos module for this */ - -{ config, pkgs, lib, inputs, ... }: - with lib; - let - cfg = config.services.skynet_ldap; - in { - +{ + config, + pkgs, + lib, + inputs, + ... +}: +with lib; let + cfg = config.services.skynet_ldap; +in { # these are needed for teh program in question imports = [ ../acme.nix @@ -16,7 +19,6 @@ Gonna use a priper nixos module for this ./backend.nix ]; - options.services.skynet_ldap = { # options that need to be passed in to make this work @@ -61,7 +63,6 @@ Gonna use a priper nixos module for this }; config = mkIf cfg.enable { - # passthrough to the backend services.ldap_backend = { enable = true; @@ -82,7 +83,11 @@ Gonna use a priper nixos module for this ]; skynet_dns.records = [ - {record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;} + { + record = cfg.domain.sub; + r_type = "CNAME"; + value = cfg.host.name; + } ]; # firewall on teh computer itself @@ -111,25 +116,29 @@ Gonna use a priper nixos module for this # using https://nixos.wiki/wiki/OpenLDAP for base config systemd.services.openldap = { - wants = [ "acme-${cfg.domain.base}.service" ]; - after = [ "acme-${cfg.domain.base}.service" ]; + wants = ["acme-${cfg.domain.base}.service"]; + after = ["acme-${cfg.domain.base}.service"]; }; - users.groups.acme.members = [ "openldap" ]; + users.groups.acme.members = ["openldap"]; services.openldap = { # backup /var/lib/openldap/slapd.d enable = true; - /* enable plain and secure connections */ - urlList = [ "ldap:///" "ldaps:///" ]; + /* + enable plain and secure connections + */ + urlList = ["ldap:///" "ldaps:///"]; settings = { attrs = { olcLogLevel = "conns config"; - /* settings for acme ssl */ + /* + settings for acme ssl + */ olcTLSCACertificateFile = "/var/lib/acme/${cfg.domain.base}/full.pem"; olcTLSCertificateFile = "/var/lib/acme/${cfg.domain.base}/cert.pem"; olcTLSCertificateKeyFile = "/var/lib/acme/${cfg.domain.base}/key.pem"; @@ -154,67 +163,70 @@ Gonna use a priper nixos module for this ./skMemberOf.ldif ]; - "cn=modules".attrs = { - objectClass = [ "olcModuleList" ]; - cn = "modules"; + objectClass = ["olcModuleList"]; + cn = "modules"; olcModuleLoad = ["dynlist" "memberof" "refint" "pw-sha2"]; }; "olcDatabase={-1}frontend".attrs = { - objectClass = [ "olcDatabaseConfig" "olcFrontendConfig" ]; + objectClass = ["olcDatabaseConfig" "olcFrontendConfig"]; olcPasswordHash = "{SSHA512}"; }; "olcDatabase={1}mdb" = { attrs = { - objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ]; + objectClass = ["olcDatabaseConfig" "olcMdbConfig"]; olcDatabase = "{1}mdb"; olcDbDirectory = "/var/lib/openldap/data"; olcSuffix = cfg.base; - /* your admin account, do not use writeText on a production system */ + /* + your admin account, do not use writeText on a production system + */ olcRootDN = "cn=admin,${cfg.base}"; olcRootPW.path = config.age.secrets.ldap_pw.path; #olcOverlay = "memberof"; olcAccess = [ - /* custom access rules for userPassword attributes */ - ''{0}to attrs=userPassword - by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage - by self write - by anonymous auth - by * none'' + /* + custom access rules for userPassword attributes + */ + '' {0}to attrs=userPassword + by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage + by self write + by anonymous auth + by * none'' - ''{1}to attrs=mail,sshPublicKey,cn,sn,skDiscord - by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage - by self write - by * read'' + '' {1}to attrs=mail,sshPublicKey,cn,sn,skDiscord + by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage + by self write + by * read'' - /* allow read on anything else */ - ''{2}to * - by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage - by * read'' + /* + allow read on anything else + */ + '' {2}to * + by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage + by * read'' ]; - - }; # https://blog.oddbit.com/post/2013-07-22-generating-a-membero/ children = { "olcOverlay=dynlist".attrs = { - objectClass = [ "olcOverlayConfig" "olcDynamicList" ]; - olcOverlay = "dynlist"; + objectClass = ["olcOverlayConfig" "olcDynamicList"]; + olcOverlay = "dynlist"; olcDlAttrSet = "skPerson labeledURI skMemberOf"; }; "olcOverlay=memberof".attrs = { - objectClass = [ "olcOverlayConfig" "olcMemberOf" "olcConfig" "top" ]; - olcOverlay = "memberof"; + objectClass = ["olcOverlayConfig" "olcMemberOf" "olcConfig" "top"]; + olcOverlay = "memberof"; olcMemberOfDangling = "ignore"; olcMemberOfRefInt = "TRUE"; @@ -223,10 +235,7 @@ Gonna use a priper nixos module for this olcMemberOfMemberOfAD = "memberOf"; }; }; - - }; - }; }; }; diff --git a/applications/nginx.nix b/applications/nginx.nix index d2524fc..254de6c 100644 --- a/applications/nginx.nix +++ b/applications/nginx.nix @@ -1,5 +1,4 @@ # using K900's one https://gitlab.com/K900/nix/-/blob/a69502b8bf39fd99a85342b2f7989fe5896a6ae0/applications/base/nginx.nix - {pkgs, ...}: { services.nginx = { enable = true; diff --git a/applications/restic.nix b/applications/restic.nix index 1598acb..4ccf611 100644 --- a/applications/restic.nix +++ b/applications/restic.nix @@ -1,154 +1,154 @@ - # nodes is all the nodes -{ lib, config, nodes, pkgs, ...}: with lib; - let - cfg = config.services.skynet_backup; +{ + lib, + config, + nodes, + pkgs, + ... +}: +with lib; let + cfg = config.services.skynet_backup; + # since they should all have the same config we can do this + base = { + paths = cfg.normal.backups; + exclude = cfg.normal.exclude; + initialize = true; + passwordFile = config.age.secrets.restic.path; - # since they should all have the same config we can do this - base = { - paths = cfg.normal.backups; - exclude = cfg.normal.exclude; - initialize = true; - passwordFile = config.age.secrets.restic.path; + pruneOpts = [ + #"--keep-within 0y2m0d0h" + #"--keep-monthly 2" + ]; - pruneOpts = [ - #"--keep-within 0y2m0d0h" - #"--keep-monthly 2" - ]; - - timerConfig = { - OnCalendar = "daily"; - Persistent = true; - RandomizedDelaySec = "5h"; - }; + timerConfig = { + OnCalendar = "daily"; + Persistent = true; + RandomizedDelaySec = "5h"; }; + }; - # takes nodes, - # for each check if iut has teh abckup attribute, - # then if the server is enabled, - # then pull relevant dtails - ownServers = builtins.listToAttrs (builtins.concatLists ( - lib.attrsets.mapAttrsToList (key: value: - let - backup = value.config.services.skynet_backup; - in - if ( - (builtins.hasAttr "skynet_backup" value.config.services) - && backup.server.enable - && backup.host.name != cfg.host.name - && !backup.server.appendOnly - ) + # takes nodes, + # for each check if iut has teh abckup attribute, + # then if the server is enabled, + # then pull relevant dtails + ownServers = builtins.listToAttrs (builtins.concatLists ( + lib.attrsets.mapAttrsToList ( + key: value: let + backup = value.config.services.skynet_backup; + in + if + ( + (builtins.hasAttr "skynet_backup" value.config.services) + && backup.server.enable + && backup.host.name != cfg.host.name + && !backup.server.appendOnly + ) then [ { name = backup.host.name; - value = base // { - repositoryFile = "/etc/skynet/restic/${backup.host.name}"; + value = + base + // { + repositoryFile = "/etc/skynet/restic/${backup.host.name}"; - backupPrepareCommand = '' - #!${pkgs.stdenv.shell} - set -euo pipefail + backupPrepareCommand = '' + #!${pkgs.stdenv.shell} + set -euo pipefail - baseDir="/etc/skynet/restic" + baseDir="/etc/skynet/restic" - mkdir -p $baseDir - cd $baseDir + mkdir -p $baseDir + cd $baseDir - echo -n "rest:http://root:password@${backup.host.ip}:${toString backup.server.port}/root/${cfg.host.name}" > ${backup.host.name} + echo -n "rest:http://root:password@${backup.host.ip}:${toString backup.server.port}/root/${cfg.host.name}" > ${backup.host.name} - # read in teh password - #PW = `cat ${config.age.secrets.restic.path}` - line=$(head -n 1 ${config.age.secrets.restic.path}) + # read in teh password + #PW = `cat ${config.age.secrets.restic.path}` + line=$(head -n 1 ${config.age.secrets.restic.path}) - sed -i "s/password/$line/g" ${backup.host.name} - ''; - - }; + sed -i "s/password/$line/g" ${backup.host.name} + ''; + }; } ] - else [ ] - ) nodes - )); + else [] + ) + nodes + )); +in { + imports = [ + ]; + # using https://github.com/greaka/ops/blob/818be4c4dea9129abe0f086d738df4cb0bb38288/apps/restic/options.nix as a base + # https://git.hrnz.li/Ulli/nixos/src/commit/5edca2dfdab3ce52208e4dfd2b92951e500f8418/profiles/server/restic.nix + # will eb enabled on every server + options.services.skynet_backup = { + # backup is enabled by default + # enable = mkEnableOption "Skynet backup"; - - in { - - imports = [ - - ]; - - # using https://github.com/greaka/ops/blob/818be4c4dea9129abe0f086d738df4cb0bb38288/apps/restic/options.nix as a base - # https://git.hrnz.li/Ulli/nixos/src/commit/5edca2dfdab3ce52208e4dfd2b92951e500f8418/profiles/server/restic.nix - # will eb enabled on every server - options.services.skynet_backup = { - # backup is enabled by default - # enable = mkEnableOption "Skynet backup"; - - # what folders to backup - normal = { - backups = lib.mkOption { - default = [ ]; - type = lib.types.listOf lib.types.str; - description = '' - A list of paths to backup. - ''; - }; - - exclude = lib.mkOption { - default = [ ]; - type = lib.types.listOf lib.types.str; - description = '' - A list of paths to exclide . - ''; - }; + # what folders to backup + normal = { + backups = lib.mkOption { + default = []; + type = lib.types.listOf lib.types.str; + description = '' + A list of paths to backup. + ''; }; - # append only data so space limited - secure = { - backups = lib.mkOption { - default = [ ]; - type = lib.types.listOf lib.types.str; - description = '' - A list of paths to backup. - ''; - }; - - exclude = lib.mkOption { - default = [ ]; - type = lib.types.listOf lib.types.str; - description = '' - A list of paths to exclide . - ''; - }; + exclude = lib.mkOption { + default = []; + type = lib.types.listOf lib.types.str; + description = '' + A list of paths to exclide . + ''; }; - - host = { - ip = mkOption { - type = types.str; - }; - - name = mkOption { - type = types.str; - }; - }; - - server = { - enable = mkEnableOption "Skynet backup Server"; - - port = mkOption { - type = types.port; - default = 8765; - }; - - appendOnly = mkOption { - type = types.bool; - default = false; - }; - }; - }; + # append only data so space limited + secure = { + backups = lib.mkOption { + default = []; + type = lib.types.listOf lib.types.str; + description = '' + A list of paths to backup. + ''; + }; + + exclude = lib.mkOption { + default = []; + type = lib.types.listOf lib.types.str; + description = '' + A list of paths to exclide . + ''; + }; + }; + + host = { + ip = mkOption { + type = types.str; + }; + + name = mkOption { + type = types.str; + }; + }; + + server = { + enable = mkEnableOption "Skynet backup Server"; + + port = mkOption { + type = types.port; + default = 8765; + }; + + appendOnly = mkOption { + type = types.bool; + default = false; + }; + }; + }; config = { # these values are anabled for every client @@ -162,21 +162,22 @@ # nix-shell -p apacheHttpd # htpasswd -nbB "" "password" | cut -d: -f2 - age.secrets.restic.file = ../secrets/backup/restic.age; + age.secrets.restic.file = ../secrets/backup/restic.age; networking.firewall.allowedTCPPorts = [ cfg.server.port ]; - services.restic.backups = ownServers // { - # merge teh two configs together -# backblaze = base // { -# # backupos for each server are stored in a folder under their name -# repository = "b2:NixOS-Main2:/${cfg.host.name}"; -# #environmentFile = config.age.secrets.backblaze.path; -# }; - - }; + services.restic.backups = + ownServers + // { + # merge teh two configs together + # backblaze = base // { + # # backupos for each server are stored in a folder under their name + # repository = "b2:NixOS-Main2:/${cfg.host.name}"; + # #environmentFile = config.age.secrets.backblaze.path; + # }; + }; age.secrets.restic_pw = mkIf cfg.server.enable { file = ../secrets/backup/restic_pw.age; @@ -187,13 +188,11 @@ group = "restic"; }; - services.restic.server = mkIf cfg.server.enable{ + services.restic.server = mkIf cfg.server.enable { enable = true; listenAddress = "${cfg.host.ip}:${toString cfg.server.port}"; appendOnly = cfg.server.appendOnly; privateRepos = true; }; - - }; } diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix index 190366c..0e8e878 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -1,9 +1,13 @@ -{ config, pkgs, lib, inputs, ... }: - with lib; - let - cfg = config.services.skynet; - in { - +{ + config, + pkgs, + lib, + inputs, + ... +}: +with lib; let + cfg = config.services.skynet; +in { imports = [ ./acme.nix ./dns.nix @@ -29,9 +33,21 @@ skynet_dns.records = [ # means root domain, so skynet.ie - {record="@"; r_type="A"; value=cfg.host.ip;} - {record="2016"; r_type="CNAME"; value=cfg.host.name;} - {record="discord"; r_type="CNAME"; value=cfg.host.name;} + { + record = "@"; + r_type = "A"; + value = cfg.host.ip; + } + { + record = "2016"; + r_type = "CNAME"; + value = cfg.host.name; + } + { + record = "discord"; + r_type = "CNAME"; + value = cfg.host.name; + } ]; networking.firewall.allowedTCPPorts = [80 443]; @@ -63,4 +79,4 @@ }; }; }; -} \ No newline at end of file +} diff --git a/applications/skynet_users.nix b/applications/skynet_users.nix index 8fa1058..194f53f 100644 --- a/applications/skynet_users.nix +++ b/applications/skynet_users.nix @@ -1,9 +1,13 @@ -{ config, pkgs, lib, inputs, ... }: - with lib; - let - cfg = config.services.skynet_users; - in { - +{ + config, + pkgs, + lib, + inputs, + ... +}: +with lib; let + cfg = config.services.skynet_users; +in { imports = [ ./acme.nix ./dns.nix @@ -32,22 +36,29 @@ ]; }; - # Website config skynet_acme.domains = [ - "users.skynet.ie" + "users.skynet.ie" "*.users.skynet.ie" ]; skynet_dns.records = [ - {record ="users"; r_type="CNAME"; value=cfg.host.name;} - {record="*.users"; r_type="CNAME"; value=cfg.host.name;} + { + record = "users"; + r_type = "CNAME"; + value = cfg.host.name; + } + { + record = "*.users"; + r_type = "CNAME"; + value = cfg.host.name; + } ]; networking.firewall.allowedTCPPorts = [80 443]; # normally services cannot read home dirs - systemd.services.nginx.serviceConfig.ProtectHome="read-only"; + systemd.services.nginx.serviceConfig.ProtectHome = "read-only"; services.nginx.virtualHosts = { # main site @@ -69,4 +80,4 @@ }; }; }; -} \ No newline at end of file +} diff --git a/applications/ulfm.nix b/applications/ulfm.nix index f970e0d..9280084 100644 --- a/applications/ulfm.nix +++ b/applications/ulfm.nix @@ -1,9 +1,12 @@ -{ config, lib, pkgs, ... }: - with lib; - let - cfg = config.services.skynet_ulfm; - in { - +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.services.skynet_ulfm; +in { imports = [ ./acme.nix ./dns.nix @@ -12,34 +15,34 @@ ]; options.services.skynet_ulfm = { - enable = mkEnableOption "ULFM service"; + enable = mkEnableOption "ULFM service"; - host = { - ip = mkOption { - type = types.str; - }; + host = { + ip = mkOption { + type = types.str; + }; - name = mkOption { - type = types.str; - }; - }; + name = mkOption { + type = types.str; + }; + }; - domain = { - tld = mkOption { - type = types.str; - default = "ie"; - }; + domain = { + tld = mkOption { + type = types.str; + default = "ie"; + }; - base = mkOption { - type = types.str; - default = "skynet"; - }; + base = mkOption { + type = types.str; + default = "skynet"; + }; - sub = mkOption { - type = types.str; - default = "ulfm"; - }; - }; + sub = mkOption { + type = types.str; + default = "ulfm"; + }; + }; }; config = mkIf cfg.enable { @@ -55,7 +58,11 @@ ]; skynet_dns.records = [ - {record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;} + { + record = cfg.domain.sub; + r_type = "CNAME"; + value = cfg.host.name; + } ]; skynet_firewall.forward = [ @@ -74,9 +81,9 @@ }; systemd.services.icecast = { - after = [ "network.target" ]; + after = ["network.target"]; description = "Icecast Network Audio Streaming Server"; - wantedBy = [ "multi-user.target" ]; + wantedBy = ["multi-user.target"]; preStart = "mkdir -p /var/log/icecast && chown nobody:nogroup /var/log/icecast"; serviceConfig = { @@ -91,7 +98,5 @@ useACMEHost = "skynet"; locations."/".proxyPass = "http://localhost:8000"; }; - }; - -} \ No newline at end of file +} diff --git a/flake.lock b/flake.lock index 469db8f..d348048 100644 --- a/flake.lock +++ b/flake.lock @@ -20,6 +20,29 @@ "type": "github" } }, + "alejandra": { + "inputs": { + "fenix": "fenix", + "flakeCompat": "flakeCompat", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1660510326, + "narHash": "sha256-xFumnivtVwu5fFBOrTxrv6fv3geHKF04RGP23EsDVaI=", + "owner": "kamadorueda", + "repo": "alejandra", + "rev": "ef03f7ef74ec97fd91a016a51c9c9667fb315652", + "type": "github" + }, + "original": { + "owner": "kamadorueda", + "ref": "3.0.0", + "repo": "alejandra", + "type": "github" + } + }, "arion": { "inputs": { "flake-parts": "flake-parts", @@ -78,6 +101,28 @@ "type": "github" } }, + "fenix": { + "inputs": { + "nixpkgs": [ + "alejandra", + "nixpkgs" + ], + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1657607339, + "narHash": "sha256-HaqoAwlbVVZH2n4P3jN2FFPMpVuhxDy1poNOR7kzODc=", + "owner": "nix-community", + "repo": "fenix", + "rev": "b814c83d9e6aa5a28d0cf356ecfdafb2505ad37d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -133,6 +178,22 @@ "type": "github" } }, + "flakeCompat": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "haskell-flake": { "locked": { "lastModified": 1675296942, @@ -401,6 +462,7 @@ "root": { "inputs": { "agenix": "agenix", + "alejandra": "alejandra", "arion": "arion", "flake-utils": "flake-utils", "nixpkgs": "nixpkgs_3", @@ -412,6 +474,23 @@ "skynet_website_2016": "skynet_website_2016" } }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1657557289, + "narHash": "sha256-PRW+nUwuqNTRAEa83SfX+7g+g8nQ+2MMbasQ9nt6+UM=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "caf23f29144b371035b864a1017dbc32573ad56d", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, "simple-nixos-mailserver": { "inputs": { "blobs": "blobs", diff --git a/flake.nix b/flake.nix index 447efb5..be197da 100644 --- a/flake.nix +++ b/flake.nix @@ -1,5 +1,4 @@ { - description = "Deployment for skynet"; inputs = { @@ -10,13 +9,17 @@ flake-utils.url = "github:numtide/flake-utils"; agenix.url = "github:ryantm/agenix"; arion.url = "github:hercules-ci/arion"; + alejandra = { + url = "github:kamadorueda/alejandra/3.0.0"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # email # simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05"; simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; # account.skynet.ie - skynet_ldap_backend.url = "gitlab:compsoc1%2Fskynet%2Fldap/backend?host=gitlab.skynet.ie"; + skynet_ldap_backend.url = "gitlab:compsoc1%2Fskynet%2Fldap/backend?host=gitlab.skynet.ie"; skynet_ldap_frontend.url = "gitlab:compsoc1%2Fskynet%2Fldap/frontend?host=gitlab.skynet.ie"; skynet_website.url = "gitlab:compsoc1%2Fskynet%2Fwebsite/2023?host=gitlab.skynet.ie"; @@ -27,19 +30,25 @@ nixConfig.bash-prompt-suffix = "[Skynet Dev] "; - outputs = { self, nixpkgs, agenix, ... } @inputs: - let - pkgs = nixpkgs.legacyPackages.x86_64-linux.pkgs; - in { + outputs = { + self, + nixpkgs, + agenix, + alejandra, + ... + } @ inputs: let + pkgs = nixpkgs.legacyPackages.x86_64-linux.pkgs; + in { + formatter.x86_64-linux = alejandra.defaultPackage."x86_64-linux"; devShells.x86_64-linux.default = pkgs.mkShell { name = "Skynet build env"; nativeBuildInputs = [ - pkgs.buildPackages.git - pkgs.buildPackages.colmena - pkgs.buildPackages.nmap + pkgs.buildPackages.git + pkgs.buildPackages.colmena + pkgs.buildPackages.nmap ]; - buildInputs = [ agenix.packages.x86_64-linux.default ]; + buildInputs = [agenix.packages.x86_64-linux.default]; shellHook = ''export EDITOR="${pkgs.nano}/bin/nano --nonewlines"''; }; @@ -55,7 +64,7 @@ }; # installed for each machine - defaults = import ./machines/_base.nix ; + defaults = import ./machines/_base.nix; # firewall machiene agentjones = import ./machines/agentjones.nix; @@ -92,8 +101,6 @@ # Main skynet sites earth = import ./machines/earth.nix; - }; }; - } diff --git a/machines/_base.nix b/machines/_base.nix index 2a14cfc..d3425a6 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -1,6 +1,11 @@ -{ pkgs, modulesPath, config, options, inputs, ... }: - { + pkgs, + modulesPath, + config, + options, + inputs, + ... +}: { imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") @@ -21,7 +26,7 @@ ]; # flakes are essensial - nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nix.settings.experimental-features = ["nix-command" "flakes"]; system.stateVersion = "22.11"; @@ -69,7 +74,7 @@ }; # time on vendetta is strangely out of sync - networking.timeServers = options.networking.timeServers.default ++ [ "ie.pool.ntp.org" ]; + networking.timeServers = options.networking.timeServers.default ++ ["ie.pool.ntp.org"]; services.ntp.enable = true; # use teh above nameservers as the fallback dns diff --git a/machines/agentjones.nix b/machines/agentjones.nix index cde9245..3276335 100644 --- a/machines/agentjones.nix +++ b/machines/agentjones.nix @@ -1,22 +1,23 @@ /* - Name: https://matrix.fandom.com/wiki/Agent_Jones - Type: Physical - Hardware: PowerEdge r210 - From: 2011 (?) - Role: Firewall - Notes: Used to have Agent Smith as a partner but it died (Ironically) - +Name: https://matrix.fandom.com/wiki/Agent_Jones +Type: Physical +Hardware: PowerEdge r210 +From: 2011 (?) +Role: Firewall +Notes: Used to have Agent Smith as a partner but it died (Ironically) */ - -{ pkgs, lib, nodes, ... }: -let +{ + pkgs, + lib, + nodes, + ... +}: let # name of the server, sets teh hostname and record for it - name = "agentjones"; - ip_pub = "193.1.99.72"; - ip_priv = "193.1.99.125"; - hostname = "${name}.skynet.ie"; - + name = "agentjones"; + ip_pub = "193.1.99.72"; + ip_priv = "193.1.99.125"; + hostname = "${name}.skynet.ie"; in { imports = [ ./hardware/_base.nix @@ -29,12 +30,21 @@ in { targetUser = "root"; # somehow ssh from runner to this fails - tags = [ "active-firewall" ]; + tags = ["active-firewall"]; }; skynet_dns.records = [ - {record=name; r_type="A"; value=ip_pub; server=true;} - {record=ip_pub; r_type="PTR"; value=hostname;} + { + record = name; + r_type = "A"; + value = ip_pub; + server = true; + } + { + record = ip_pub; + r_type = "PTR"; + value = hostname; + } ]; services.skynet_backup = { @@ -92,18 +102,20 @@ in { # gonna have to get all the forward = builtins.concatLists ( # using this function "(key: value: value.config.skynet_firewall.forward)" turn the values ointo a list - lib.attrsets.mapAttrsToList (key: value: + lib.attrsets.mapAttrsToList ( + key: value: # make sure that anything running this firewall dosent count (recursion otherewise) # firewall may want to open ports in itself but can deal with that later - if builtins.hasAttr "skynet_firewall" value.config - then ( - if value.config.skynet_firewall.enable - then [] - else value.config.skynet_firewall.forward - ) - else [] - ) nodes + if builtins.hasAttr "skynet_firewall" value.config + then + ( + if value.config.skynet_firewall.enable + then [] + else value.config.skynet_firewall.forward + ) + else [] + ) + nodes ); }; - } diff --git a/machines/earth.nix b/machines/earth.nix index f2eee16..577a772 100644 --- a/machines/earth.nix +++ b/machines/earth.nix @@ -1,21 +1,23 @@ /* - Name: https://hitchhikers.fandom.com/wiki/Earth - Why: Our home(page) - Type: VM - Hardware: - - From: 2023 - Role: Webserver - Notes: - +Name: https://hitchhikers.fandom.com/wiki/Earth +Why: Our home(page) +Type: VM +Hardware: - +From: 2023 +Role: Webserver +Notes: */ - -{ pkgs, lib, nodes, inputs, ... }: -let - name = "earth"; - ip_pub = "193.1.99.79"; - hostname = "${name}.skynet.ie"; - +{ + pkgs, + lib, + nodes, + inputs, + ... +}: let + name = "earth"; + ip_pub = "193.1.99.79"; + hostname = "${name}.skynet.ie"; in { imports = [ ../applications/skynet.ie.nix @@ -26,13 +28,22 @@ in { targetPort = 22; targetUser = "root"; - tags = [ "active-core" ]; + tags = ["active-core"]; }; # it has two network devices so two skynet_dns.records = [ - {record=name; r_type="A"; value=ip_pub; server=true;} - {record=ip_pub; r_type="PTR"; value=hostname;} + { + record = name; + r_type = "A"; + value = ip_pub; + server = true; + } + { + record = ip_pub; + r_type = "PTR"; + value = hostname; + } ]; services.skynet_backup = { @@ -48,5 +59,4 @@ in { name = name; }; }; - -} \ No newline at end of file +} diff --git a/machines/galatea.nix b/machines/galatea.nix index 4989e78..6500e7f 100644 --- a/machines/galatea.nix +++ b/machines/galatea.nix @@ -1,21 +1,24 @@ /* - Name: https://en.wikipedia.org/wiki/Galatea_(mythology) - Why: Created as a product of artistic expression - Type: VM - Hardware: - - From: 2023 - Role: Icecast server for ULFM - Notes: - +Name: https://en.wikipedia.org/wiki/Galatea_(mythology) +Why: Created as a product of artistic expression +Type: VM +Hardware: - +From: 2023 +Role: Icecast server for ULFM +Notes: */ - -{ pkgs, lib, nodes, config, ... }: -let +{ + pkgs, + lib, + nodes, + config, + ... +}: let # name of the server, sets teh hostname and record for it - name = "galatea"; - ip_pub = "193.1.99.111"; - hostname = "${name}.skynet.ie"; + name = "galatea"; + ip_pub = "193.1.99.111"; + hostname = "${name}.skynet.ie"; in { imports = [ ../applications/ulfm.nix @@ -26,12 +29,21 @@ in { targetPort = 22; targetUser = "root"; - tags = [ "active" ]; + tags = ["active"]; }; skynet_dns.records = [ - {record=name; r_type="A"; value=ip_pub; server=true;} - {record=ip_pub; r_type="PTR"; value=hostname;} + { + record = name; + r_type = "A"; + value = ip_pub; + server = true; + } + { + record = ip_pub; + r_type = "PTR"; + value = hostname; + } ]; services.skynet_backup = { diff --git a/machines/gir.nix b/machines/gir.nix index 2e16a39..a30ecb6 100644 --- a/machines/gir.nix +++ b/machines/gir.nix @@ -1,23 +1,24 @@ /* - Name: https://zim.fandom.com/wiki/GIR - Why: Gir used to have this role before, servers never die - Type: VM - Hardware: - - From: 2023 - Role: Email Server - Notes: - +Name: https://zim.fandom.com/wiki/GIR +Why: Gir used to have this role before, servers never die +Type: VM +Hardware: - +From: 2023 +Role: Email Server +Notes: */ - -{ pkgs, lib, nodes, ... }: -let +{ + pkgs, + lib, + nodes, + ... +}: let # name of the server, sets teh hostname and record for it - name = "gir"; - ip_pub = "193.1.99.76"; - hostname = "${name}.skynet.ie"; + name = "gir"; + ip_pub = "193.1.99.76"; + hostname = "${name}.skynet.ie"; #hostname = ip_pub; - in { imports = [ ../applications/email.nix @@ -28,13 +29,22 @@ in { targetPort = 22; targetUser = "root"; - tags = [ "active-core" ]; + tags = ["active-core"]; }; # add this server to dns skynet_dns.records = [ - {record=name; r_type="A"; value=ip_pub; server=true;} - {record=ip_pub; r_type="PTR"; value=hostname;} + { + record = name; + r_type = "A"; + value = ip_pub; + server = true; + } + { + record = ip_pub; + r_type = "PTR"; + value = hostname; + } ]; services.skynet_backup = { diff --git a/machines/glados.nix b/machines/glados.nix index fc2ec0e..bf63cd5 100644 --- a/machines/glados.nix +++ b/machines/glados.nix @@ -1,23 +1,24 @@ /* - Name: https://half-life.fandom.com/wiki/GLaDOS - Why: Glados has a vast experence of testing and deploying. - Type: VM - Hardware: - - From: 2023 - Role: Git server - Notes: Each user has roughly 20gb os storage - 20 * 100 = 2000gb - +Name: https://half-life.fandom.com/wiki/GLaDOS +Why: Glados has a vast experence of testing and deploying. +Type: VM +Hardware: - +From: 2023 +Role: Git server +Notes: Each user has roughly 20gb os storage + 20 * 100 = 2000gb */ - -{ pkgs, lib, nodes, ... }: -let +{ + pkgs, + lib, + nodes, + ... +}: let # name of the server, sets teh hostname and record for it - name = "glados"; - ip_pub = "193.1.99.75"; - hostname = "${name}.skynet.ie"; - + name = "glados"; + ip_pub = "193.1.99.75"; + hostname = "${name}.skynet.ie"; in { imports = [ ../applications/gitlab.nix @@ -28,13 +29,21 @@ in { targetPort = 22; targetUser = "root"; - tags = [ "active-gitlab" ]; + tags = ["active-gitlab"]; }; - skynet_dns.records = [ - {record=name; r_type="A"; value=ip_pub; server=true;} - {record=ip_pub; r_type="PTR"; value=hostname;} + { + record = name; + r_type = "A"; + value = ip_pub; + server = true; + } + { + record = ip_pub; + r_type = "PTR"; + value = hostname; + } ]; services.skynet_backup = { @@ -51,5 +60,4 @@ in { name = name; }; }; - -} \ No newline at end of file +} diff --git a/machines/hardware/RM001.nix b/machines/hardware/RM001.nix index c5880d2..6e756a7 100644 --- a/machines/hardware/RM001.nix +++ b/machines/hardware/RM001.nix @@ -1,31 +1,35 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/disk/by-uuid/9b177e4a-726e-4e68-a0e1-53837a8cae2e"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/9b177e4a-726e-4e68-a0e1-53837a8cae2e"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/41AD-70AF"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/41AD-70AF"; + fsType = "vfat"; + }; - swapDevices = - [ { device = "/dev/disk/by-uuid/c5990c64-077f-45b1-96b5-44ec93e6651f"; } - ]; + swapDevices = [ + {device = "/dev/disk/by-uuid/c5990c64-077f-45b1-96b5-44ec93e6651f";} + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/machines/hardware/RM002.nix b/machines/hardware/RM002.nix index 06f4ad2..01336bd 100644 --- a/machines/hardware/RM002.nix +++ b/machines/hardware/RM002.nix @@ -1,31 +1,35 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/disk/by-uuid/34918a4f-ca27-4070-a309-94bc59bdd743"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/34918a4f-ca27-4070-a309-94bc59bdd743"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/8B03-4D11"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/8B03-4D11"; + fsType = "vfat"; + }; - swapDevices = - [ { device = "/dev/disk/by-uuid/c83e65ad-d252-4024-93a9-0253c5d8beac"; } - ]; + swapDevices = [ + {device = "/dev/disk/by-uuid/c83e65ad-d252-4024-93a9-0253c5d8beac";} + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/machines/hardware/RM007.nix b/machines/hardware/RM007.nix index 02ecb10..3888e34 100644 --- a/machines/hardware/RM007.nix +++ b/machines/hardware/RM007.nix @@ -1,31 +1,35 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/disk/by-uuid/c48817e1-036f-49a7-adae-f63fc6c03cd5"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/c48817e1-036f-49a7-adae-f63fc6c03cd5"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/76CE-C65E"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/76CE-C65E"; + fsType = "vfat"; + }; - swapDevices = - [ { device = "/dev/disk/by-uuid/eced30bd-b785-43e0-a202-cdaee7e0f4f7"; } - ]; + swapDevices = [ + {device = "/dev/disk/by-uuid/eced30bd-b785-43e0-a202-cdaee7e0f4f7";} + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/machines/hardware/_base.nix b/machines/hardware/_base.nix index ed7ec20..ae8b77f 100644 --- a/machines/hardware/_base.nix +++ b/machines/hardware/_base.nix @@ -1,5 +1,10 @@ -{ config, options, lib, ... }: with lib; -let +{ + config, + options, + lib, + ... +}: +with lib; let # get a list of interfaces interfaces = attrNames config.networking.interfaces; # check if an IP has been assigned @@ -13,5 +18,4 @@ in { } ]; }; - -} \ No newline at end of file +} diff --git a/machines/kitt.nix b/machines/kitt.nix index 5858f9a..aa7efcd 100644 --- a/machines/kitt.nix +++ b/machines/kitt.nix @@ -1,23 +1,24 @@ /* - Name: https://en.wikipedia.org/wiki/KITT - Why: Kitt used to have this role before (as well as email and dns) - Type: VM - Hardware: - - From: 2023 - Role: LDAP Server - Notes: - +Name: https://en.wikipedia.org/wiki/KITT +Why: Kitt used to have this role before (as well as email and dns) +Type: VM +Hardware: - +From: 2023 +Role: LDAP Server +Notes: */ - -{ pkgs, lib, nodes, ... }: -let +{ + pkgs, + lib, + nodes, + ... +}: let # name of the server, sets teh hostname and record for it - name = "kitt"; - ip_pub = "193.1.99.74"; - hostname = "${name}.skynet.ie"; + name = "kitt"; + ip_pub = "193.1.99.74"; + hostname = "${name}.skynet.ie"; #hostname = ip_pub; - in { imports = [ ../applications/ldap/server.nix @@ -29,13 +30,22 @@ in { targetPort = 22; targetUser = "root"; - tags = [ "active-core" ]; + tags = ["active-core"]; }; # add this server to dns skynet_dns.records = [ - {record=name; r_type="A"; value=ip_pub; server=true;} - {record=ip_pub; r_type="PTR"; value=hostname;} + { + record = name; + r_type = "A"; + value = ip_pub; + server = true; + } + { + record = ip_pub; + r_type = "PTR"; + value = hostname; + } ]; services.skynet_backup = { diff --git a/machines/neuromancer.nix b/machines/neuromancer.nix index db3ad3e..59521bd 100644 --- a/machines/neuromancer.nix +++ b/machines/neuromancer.nix @@ -1,29 +1,29 @@ /* - Name: https://williamgibson.fandom.com/wiki/Neuromancer_(AI) - Why: A sibling to Wintermute, stores and archives memories. - Type: VM - Hardware: - - From: 2023 - Role: Backup Server - Notes: - +Name: https://williamgibson.fandom.com/wiki/Neuromancer_(AI) +Why: A sibling to Wintermute, stores and archives memories. +Type: VM +Hardware: - +From: 2023 +Role: Backup Server +Notes: */ - -{ pkgs, lib, nodes, ... }: -let +{ + pkgs, + lib, + nodes, + ... +}: let # name of the server, sets teh hostname and record for it - name = "neuromancer"; - ip_pub = "193.1.99.80"; - hostname = "${name}.skynet.ie"; - + name = "neuromancer"; + ip_pub = "193.1.99.80"; + hostname = "${name}.skynet.ie"; in { imports = [ ./hardware/_base.nix ./hardware/RM007.nix ]; - networking.hostName = name; # this has to be defined for any physical servers # vms are defined by teh vm host @@ -39,12 +39,21 @@ in { targetPort = 22; targetUser = "root"; - tags = [ "active-core" ]; + tags = ["active-core"]; }; skynet_dns.records = [ - {record=name; r_type="A"; value=ip_pub; server=true;} - {record=ip_pub; r_type="PTR"; value=hostname;} + { + record = name; + r_type = "A"; + value = ip_pub; + server = true; + } + { + record = ip_pub; + r_type = "PTR"; + value = hostname; + } ]; services.skynet_backup = { @@ -54,5 +63,4 @@ in { name = name; }; }; - -} \ No newline at end of file +} diff --git a/machines/optimus.nix b/machines/optimus.nix index 10d36c4..9a3e598 100644 --- a/machines/optimus.nix +++ b/machines/optimus.nix @@ -1,22 +1,24 @@ /* - Name: https://en.wikipedia.org/wiki/Optimus_Prime - Why: Created to sell toys so this vm is for games - Type: VM - Hardware: - - From: 2023 - Role: Game host - Notes: - +Name: https://en.wikipedia.org/wiki/Optimus_Prime +Why: Created to sell toys so this vm is for games +Type: VM +Hardware: - +From: 2023 +Role: Game host +Notes: */ - -{ pkgs, lib, nodes, arion, ... }: -let +{ + pkgs, + lib, + nodes, + arion, + ... +}: let # name of the server, sets teh hostname and record for it - name = "optimus"; - ip_pub = "193.1.99.112"; - hostname = "${name}.skynet.ie"; - + name = "optimus"; + ip_pub = "193.1.99.112"; + hostname = "${name}.skynet.ie"; in { imports = [ ../applications/games.nix @@ -27,12 +29,21 @@ in { targetPort = 22; targetUser = "root"; - tags = [ "active" ]; + tags = ["active"]; }; skynet_dns.records = [ - {record=name; r_type="A"; value=ip_pub; server=true;} - {record=ip_pub; r_type="PTR"; value=hostname;} + { + record = name; + r_type = "A"; + value = ip_pub; + server = true; + } + { + record = ip_pub; + r_type = "PTR"; + value = hostname; + } ]; services.skynet_backup = { @@ -49,4 +60,4 @@ in { name = name; }; }; -} \ No newline at end of file +} diff --git a/machines/retired/ash.nix b/machines/retired/ash.nix index 5c0b2cb..bbb04e5 100644 --- a/machines/retired/ash.nix +++ b/machines/retired/ash.nix @@ -1,24 +1,25 @@ /* - Name: https://en.wikipedia.org/wiki/Ash_(Alien) - Why: Infilitrate into the network - Type: VM - Hardware: - - From: 2023 - Role: Wireguard (VPN) Server - Notes: Thius vpn is for admin use only, to give access to all the servers via ssh - +Name: https://en.wikipedia.org/wiki/Ash_(Alien) +Why: Infilitrate into the network +Type: VM +Hardware: - +From: 2023 +Role: Wireguard (VPN) Server +Notes: Thius vpn is for admin use only, to give access to all the servers via ssh */ - -{ pkgs, lib, nodes, ... }: -let +{ + pkgs, + lib, + nodes, + ... +}: let # name of the server, sets teh hostname and record for it - name = "ash"; - ip_pub = "193.1.99.75"; - ip_priv = "172.20.20.5"; + name = "ash"; + ip_pub = "193.1.99.75"; + ip_priv = "172.20.20.5"; # hostname = "${name}.skynet.ie"; - hostname = ip_pub; - + hostname = ip_pub; in { imports = [ # applications for this particular server @@ -48,7 +49,6 @@ in { ]; }; - age.secrets.wireguard.file = ../secrets/wireguard.age; networking = { @@ -74,12 +74,12 @@ in { privateKeyFile = "/run/agenix/wireguard"; peers = [ - { # silver - Brendan + { + # silver - Brendan publicKey = "46jMR/DzJ4rQCR8MBqLMwcyr2tsSII/xeCjihb6EQgQ="; - allowedIPs = [ "172.20.21.2/32" ]; + allowedIPs = ["172.20.21.2/32"]; } ]; - }; }; @@ -87,5 +87,4 @@ in { # needed to generate keys pkgs.wireguard-tools ]; - } diff --git a/machines/skynet.nix b/machines/skynet.nix index bc018df..db34510 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -1,23 +1,25 @@ /* - Name: https://en.wikipedia.org/wiki/Skynet_(Terminator) - Why: Skynet is eternal - Type: VM - Hardware: - - From: 2023 - Role: Webserver and member linux box - Notes: Does not host offical sites - +Name: https://en.wikipedia.org/wiki/Skynet_(Terminator) +Why: Skynet is eternal +Type: VM +Hardware: - +From: 2023 +Role: Webserver and member linux box +Notes: Does not host offical sites */ - -{ pkgs, lib, nodes, inputs, ... }: -let - name = "skynet"; +{ + pkgs, + lib, + nodes, + inputs, + ... +}: let + name = "skynet"; # DMZ that ITD provided - ip_pub = "193.1.96.165"; - ip_int = "193.1.99.81"; - hostname = "${name}.skynet.ie"; - + ip_pub = "193.1.96.165"; + ip_int = "193.1.99.81"; + hostname = "${name}.skynet.ie"; in { imports = [ ../applications/skynet_users.nix @@ -29,12 +31,21 @@ in { targetUser = "root"; # this one is manually deployed - tags = [ "active-ext" ]; + tags = ["active-ext"]; }; skynet_dns.records = [ - {record=name; r_type="A"; value=ip_pub; server=true;} - {record=ip_pub; r_type="PTR"; value=hostname;} + { + record = name; + r_type = "A"; + value = ip_pub; + server = true; + } + { + record = ip_pub; + r_type = "PTR"; + value = hostname; + } ]; services.skynet_backup.host = { @@ -83,4 +94,4 @@ in { name = name; }; }; -} \ No newline at end of file +} diff --git a/machines/vendetta.nix b/machines/vendetta.nix index 0f87579..c1ddcb5 100644 --- a/machines/vendetta.nix +++ b/machines/vendetta.nix @@ -1,21 +1,23 @@ /* - Name: https://masseffect.fandom.com/wiki/Vendetta - Why: Vendetta held troves of important data waiting for folks to request it. - Type: Physical - Hardware: PowerEdge r210 - From: 2011 (?) - Role: DNS Server - Notes: Using the server that used to be called Earth - +Name: https://masseffect.fandom.com/wiki/Vendetta +Why: Vendetta held troves of important data waiting for folks to request it. +Type: Physical +Hardware: PowerEdge r210 +From: 2011 (?) +Role: DNS Server +Notes: Using the server that used to be called Earth */ - -{ pkgs, lib, nodes, ... }: -let +{ + pkgs, + lib, + nodes, + ... +}: let # name of the server, sets teh hostname and record for it - name = "vendetta"; - ip_pub = "193.1.99.120"; - hostname = "${name}.skynet.ie"; + name = "vendetta"; + ip_pub = "193.1.99.120"; + hostname = "${name}.skynet.ie"; in { imports = [ ./hardware/_base.nix @@ -27,7 +29,7 @@ in { targetPort = 22; targetUser = "root"; - tags = [ "active-dns" "dns" ]; + tags = ["active-dns" "dns"]; }; networking = { @@ -61,10 +63,18 @@ in { records = [ # vendetta IN A 193.1.99.120 - {record=name; r_type="A"; value=ip_pub; server=true;} + { + record = name; + r_type = "A"; + value = ip_pub; + server = true; + } # 120 IN PTR vendetta.skynet.ie. - {record=ip_pub; r_type="PTR"; value=hostname;} + { + record = ip_pub; + r_type = "PTR"; + value = hostname; + } ]; }; - } diff --git a/machines/vigil.nix b/machines/vigil.nix index 8a73e42..4d5c9dd 100644 --- a/machines/vigil.nix +++ b/machines/vigil.nix @@ -1,23 +1,24 @@ /* - Name: https://masseffect.fandom.com/wiki/Vigil - Why: Counterpart to Vendetta - Type: VM - Hardware: - - From: 2023 - Role: DNS Server - Notes: - +Name: https://masseffect.fandom.com/wiki/Vigil +Why: Counterpart to Vendetta +Type: VM +Hardware: - +From: 2023 +Role: DNS Server +Notes: */ - -{ pkgs, lib, nodes, ... }: -let - name = "vigil"; - ip_pub = "193.1.99.109"; - hostname = "${name}.skynet.ie"; +{ + pkgs, + lib, + nodes, + ... +}: let + name = "vigil"; + ip_pub = "193.1.99.109"; + hostname = "${name}.skynet.ie"; in { imports = [ - ]; deployment = { @@ -25,7 +26,7 @@ in { targetPort = 22; targetUser = "root"; - tags = [ "active-dns" "dns" ]; + tags = ["active-dns" "dns"]; }; services.skynet_backup = { @@ -46,10 +47,18 @@ in { # this server will have to have dns records records = [ # vigil IN A 193.1.99.109 - {record=name; r_type="A"; value=ip_pub; server=true;} + { + record = name; + r_type = "A"; + value = ip_pub; + server = true; + } # 109 IN PTR vigil.skynet.ie. - {record=ip_pub; r_type="PTR"; value=hostname;} + { + record = ip_pub; + r_type = "PTR"; + value = hostname; + } ]; }; - } diff --git a/machines/wheatly.nix b/machines/wheatly.nix index 69f556c..a787be0 100644 --- a/machines/wheatly.nix +++ b/machines/wheatly.nix @@ -1,22 +1,23 @@ /* - Name: https://theportalwiki.com/wiki/Wheatley - Why: Whereever GLaDOS is Wheatly is not too far away - Type: VM - Hardware: - - From: 2023 - Role: Gitlab Runner - Notes: - +Name: https://theportalwiki.com/wiki/Wheatley +Why: Whereever GLaDOS is Wheatly is not too far away +Type: VM +Hardware: - +From: 2023 +Role: Gitlab Runner +Notes: */ - -{ pkgs, lib, nodes, ... }: -let +{ + pkgs, + lib, + nodes, + ... +}: let # name of the server, sets teh hostname and record for it - name = "wheatly"; - ip_pub = "193.1.99.78"; - hostname = "${name}.skynet.ie"; - + name = "wheatly"; + ip_pub = "193.1.99.78"; + hostname = "${name}.skynet.ie"; in { imports = [ ../applications/gitlab_runner.nix @@ -27,13 +28,21 @@ in { targetPort = 22; targetUser = "root"; - tags = [ "active-gitlab" ]; + tags = ["active-gitlab"]; }; - skynet_dns.records = [ - {record=name; r_type="A"; value=ip_pub; server=true;} - {record=ip_pub; r_type="PTR"; value=hostname;} + { + record = name; + r_type = "A"; + value = ip_pub; + server = true; + } + { + record = ip_pub; + r_type = "PTR"; + value = hostname; + } ]; services.skynet_backup = { @@ -47,5 +56,4 @@ in { enable = true; runner.name = "runner01"; }; - -} \ No newline at end of file +} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index f2b09cf..cfc8c12 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,7 +1,7 @@ let admin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin"; silver_laptop_wsl = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHNLroAjCVR9Tx382cqdxPZ5KY32r/yoQH1mgsYNqpm Silver_Laptop_WSL_Deb"; - thenobrainer ="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer"; + thenobrainer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer"; users = [ admin @@ -57,11 +57,12 @@ let gir ]; - ldap = [ - kitt - ] - ++ gitlab - ++ email; + ldap = + [ + kitt + ] + ++ gitlab + ++ email; gitlab = [ glados @@ -72,19 +73,20 @@ let ]; # these need dns stuff - webservers = [ - # ULFM - galatea - # Games - optimus - # skynet is a webserver for users - skynet - # our offical server - earth - ] - # ldap servers are web facing - ++ ldap - ++ gitlab; + webservers = + [ + # ULFM + galatea + # Games + optimus + # skynet is a webserver for users + skynet + # our offical server + earth + ] + # ldap servers are web facing + ++ ldap + ++ gitlab; restic = [ neuromancer @@ -93,8 +95,7 @@ let discord = [ kitt ]; -in -{ +in { # nix run github:ryantm/agenix -- -e secret1.age "dns_certs.secret.age".publicKeys = users ++ webservers; @@ -102,7 +103,6 @@ in "stream_ulfm.age".publicKeys = users ++ [galatea]; - "gitlab/pw.age".publicKeys = users ++ gitlab; "gitlab/db_pw.age".publicKeys = users ++ gitlab; "gitlab/secrets_db.age".publicKeys = users ++ gitlab; @@ -129,4 +129,4 @@ in # email stuff "email/details.age".publicKeys = users ++ ldap ++ discord; -} \ No newline at end of file +} From b75e6c613280b9627a20f933362b95f23f002275 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sun, 17 Sep 2023 20:40:56 +0000 Subject: [PATCH 030/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index d348048..e660e73 100644 --- a/flake.lock +++ b/flake.lock @@ -522,11 +522,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1694977806, - "narHash": "sha256-4zlgKBwmj0TO1BeZ68BHqGoG6Sq6bjO12v38UnBIki0=", + "lastModified": 1694982876, + "narHash": "sha256-E1GYMPU/U1CffdZqtotewXgEgIjBbIxRxETo8lR5RB8=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "69cb8e9a3faf65f4a5ec1b5701da9d4329758fe2", + "rev": "8413023a2a92dc5db3c4a612ec4aa2bc2e740b23", "type": "gitlab" }, "original": { From 6628eb89cd6f84dfa5a4777674b4042560901aad Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 17 Sep 2023 21:42:42 +0100 Subject: [PATCH 031/826] fix: had removed some things from the bot flake --- applications/discord.nix | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/applications/discord.nix b/applications/discord.nix index 75bef74..50287d9 100644 --- a/applications/discord.nix +++ b/applications/discord.nix @@ -32,13 +32,7 @@ in { mail = config.age.secrets.discord_mail.path; }; - discord = { - server = "689189992417067052"; - role = { - past = "689192357727436926"; - current = "1152702256702030035"; - }; - }; + discord.server = "689189992417067052"; }; }; } From deb13a31f9e996bac9694cae5c0211a140447b61 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sun, 17 Sep 2023 21:10:07 +0000 Subject: [PATCH 032/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index e660e73..f33ebc8 100644 --- a/flake.lock +++ b/flake.lock @@ -522,11 +522,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1694982876, - "narHash": "sha256-E1GYMPU/U1CffdZqtotewXgEgIjBbIxRxETo8lR5RB8=", + "lastModified": 1694984686, + "narHash": "sha256-4hyRp3/T56wBWW6VuCcJRuyfsK3HGxykDhZFb+iLJio=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "8413023a2a92dc5db3c4a612ec4aa2bc2e740b23", + "rev": "ab2c6954098ddf7678cf830be8d3e2cf83008aa8", "type": "gitlab" }, "original": { From f37e0b6cdd64b1bde12a1fff7d5ba98993d154a6 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sun, 17 Sep 2023 23:08:44 +0000 Subject: [PATCH 033/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index f33ebc8..1a6d656 100644 --- a/flake.lock +++ b/flake.lock @@ -522,11 +522,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1694984686, - "narHash": "sha256-4hyRp3/T56wBWW6VuCcJRuyfsK3HGxykDhZFb+iLJio=", + "lastModified": 1694991805, + "narHash": "sha256-ccSJgpnfQqpsI+wYsmklQajB9b+pBhvkUDWnHlH8MOo=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "ab2c6954098ddf7678cf830be8d3e2cf83008aa8", + "rev": "3bf085204e9f93bfd96217b4969e4da9090f66b0", "type": "gitlab" }, "original": { From 22dd65b630d513742d85f47553ba6b9c17410bbf Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 18 Sep 2023 09:01:52 +0000 Subject: [PATCH 034/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 1a6d656..9a9bbe7 100644 --- a/flake.lock +++ b/flake.lock @@ -522,11 +522,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1694991805, - "narHash": "sha256-ccSJgpnfQqpsI+wYsmklQajB9b+pBhvkUDWnHlH8MOo=", + "lastModified": 1695027122, + "narHash": "sha256-aK6Hu1JtbyNBqtOdTvC4nX5gN80L8RWbQcr1zrXXN8U=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "3bf085204e9f93bfd96217b4969e4da9090f66b0", + "rev": "119a86b0ac14e58828692abae42ff2e8f9dde219", "type": "gitlab" }, "original": { From dbe7bc15116a74db3da858945380a618d8092842 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 18 Sep 2023 11:29:14 +0000 Subject: [PATCH 035/826] [skip ci] Updated flake for skynet_ldap_frontend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 9a9bbe7..c880d29 100644 --- a/flake.lock +++ b/flake.lock @@ -565,11 +565,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1693775970, - "narHash": "sha256-45DsGGilo5X7hI3vMr/RPkQFvUWsZ5wOA+lmeApZTlA=", + "lastModified": 1695036543, + "narHash": "sha256-JVTI3ASNWFTtoD1pP280yKQCtJnB0uDnGhKk3UZM4DU=", "owner": "compsoc1%2Fskynet%2Fldap", "repo": "frontend", - "rev": "947124c3b65cb76257d3e5e74adbd695ef581c53", + "rev": "4d6b8a01f0091bc2e10db04f7ccabd396817c21d", "type": "gitlab" }, "original": { From 73ab341ad4e52b057c33b877729dc3d25f1b38a7 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 18 Sep 2023 13:45:05 +0000 Subject: [PATCH 036/826] [skip ci] Updated flake for skynet_ldap_frontend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index c880d29..8aa2e23 100644 --- a/flake.lock +++ b/flake.lock @@ -565,11 +565,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1695036543, - "narHash": "sha256-JVTI3ASNWFTtoD1pP280yKQCtJnB0uDnGhKk3UZM4DU=", + "lastModified": 1695044694, + "narHash": "sha256-2Wxxgp1m3GuCPK1QMdEy5s1Bvj+YmNl4Qm0GOE6NpSc=", "owner": "compsoc1%2Fskynet%2Fldap", "repo": "frontend", - "rev": "4d6b8a01f0091bc2e10db04f7ccabd396817c21d", + "rev": "c939d4314b1389bc2820adf97559e43ec13929b8", "type": "gitlab" }, "original": { From 0add8625b75e6bf273fe789da58dc3b4ce5cbed3 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 18 Sep 2023 14:01:24 +0000 Subject: [PATCH 037/826] [skip ci] Updated flake for skynet_ldap_frontend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 8aa2e23..bdc3856 100644 --- a/flake.lock +++ b/flake.lock @@ -565,11 +565,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1695044694, - "narHash": "sha256-2Wxxgp1m3GuCPK1QMdEy5s1Bvj+YmNl4Qm0GOE6NpSc=", + "lastModified": 1695045671, + "narHash": "sha256-77p14w96c14r2oyyDshb1j7IxOIM0e8FxUf0ip3hSrs=", "owner": "compsoc1%2Fskynet%2Fldap", "repo": "frontend", - "rev": "c939d4314b1389bc2820adf97559e43ec13929b8", + "rev": "4bf316a396a9ce04484d7bf7a404432ab674ca8b", "type": "gitlab" }, "original": { From e7a6beffdef866fc04f251c0c3df78dbfc4f0dcc Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 18 Sep 2023 14:07:36 +0000 Subject: [PATCH 038/826] [skip ci] Updated flake for skynet_ldap_frontend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index bdc3856..af7e8e1 100644 --- a/flake.lock +++ b/flake.lock @@ -565,11 +565,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1695045671, - "narHash": "sha256-77p14w96c14r2oyyDshb1j7IxOIM0e8FxUf0ip3hSrs=", + "lastModified": 1695046044, + "narHash": "sha256-7o1pyZgSqQX4NTTutnvhKtOlJgMBzk6kE7cX9lO1ArY=", "owner": "compsoc1%2Fskynet%2Fldap", "repo": "frontend", - "rev": "4bf316a396a9ce04484d7bf7a404432ab674ca8b", + "rev": "2e7b8240eefbf142d9c18b35b397d60d9d5554ca", "type": "gitlab" }, "original": { From 3599ea0e244dd41c4115795a7b284eafcb1c95c7 Mon Sep 17 00:00:00 2001 From: Eoghan Conlon Date: Mon, 18 Sep 2023 19:47:55 +0100 Subject: [PATCH 039/826] Something to test with the discord link --- applications/skynet.ie.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix index 0e8e878..c0a4e7c 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -74,7 +74,7 @@ in { "discord.skynet.ie" = { forceSSL = true; useACMEHost = "skynet"; - globalRedirect = "https://discord.gg/mkuKJkCuyM"; + globalRedirect = "discord.gg/mkuKJkCuyM"; }; }; }; From 1de744dbee95c00232e6f133ddfb14b44907fbc2 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 18 Sep 2023 20:13:56 +0100 Subject: [PATCH 040/826] fix: set the proper redirect for discord --- applications/skynet.ie.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix index c0a4e7c..f93581c 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -74,7 +74,7 @@ in { "discord.skynet.ie" = { forceSSL = true; useACMEHost = "skynet"; - globalRedirect = "discord.gg/mkuKJkCuyM"; + locations."/".return = "307 https://discord.gg/mkuKJkCuyM"; }; }; }; From 726d41f4f834b04eaaa55f4bea0138cce00a0fd5 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sat, 23 Sep 2023 20:05:13 +0000 Subject: [PATCH 041/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index af7e8e1..9610752 100644 --- a/flake.lock +++ b/flake.lock @@ -544,11 +544,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1694878108, - "narHash": "sha256-aevYnZOez7JymfHzcgAMOe0TkAK7NdSiVTMyZzaadXk=", + "lastModified": 1695499087, + "narHash": "sha256-ctYaCiJ+8ZzcCvfMd5juF7LHwsajONVpjArkF5WmA9U=", "owner": "compsoc1%2Fskynet%2Fldap", "repo": "backend", - "rev": "347988e113ac7eec92b8c4104c47f87e2b0325ed", + "rev": "f60425f2ad4ba46290504ad603410fccfcee8aa8", "type": "gitlab" }, "original": { From 2cbbd35eb6d6fedf934eb52de0ec21664fb1bc70 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 25 Sep 2023 12:42:29 +0000 Subject: [PATCH 042/826] [skip ci] Updated flake for skynet_ldap_frontend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 9610752..b3bee52 100644 --- a/flake.lock +++ b/flake.lock @@ -565,11 +565,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1695046044, - "narHash": "sha256-7o1pyZgSqQX4NTTutnvhKtOlJgMBzk6kE7cX9lO1ArY=", + "lastModified": 1695645732, + "narHash": "sha256-OGk9XDbh6CTR5Rj+OsMo8CpNtm/7Pu5I3HRKemmF8Kw=", "owner": "compsoc1%2Fskynet%2Fldap", "repo": "frontend", - "rev": "2e7b8240eefbf142d9c18b35b397d60d9d5554ca", + "rev": "889ad7dd2d0fd4dd1687c64cfe448a687a26f3cb", "type": "gitlab" }, "original": { From d54c1551f5979c3d4379c84998756cad6a7a8dec Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 25 Sep 2023 12:46:15 +0000 Subject: [PATCH 043/826] [skip ci] Updated flake for skynet_ldap_frontend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index b3bee52..4083a49 100644 --- a/flake.lock +++ b/flake.lock @@ -565,11 +565,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1695645732, - "narHash": "sha256-OGk9XDbh6CTR5Rj+OsMo8CpNtm/7Pu5I3HRKemmF8Kw=", + "lastModified": 1695645817, + "narHash": "sha256-cxFTrgZsD5AIvCkqJcXolXtWLEkbQzwqjEwrljeaqNA=", "owner": "compsoc1%2Fskynet%2Fldap", "repo": "frontend", - "rev": "889ad7dd2d0fd4dd1687c64cfe448a687a26f3cb", + "rev": "945c53d6bae744983903f5f547a44ead657310fa", "type": "gitlab" }, "original": { From 02bbdca372a395ea74713b485740ba9db921e724 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 25 Sep 2023 12:51:27 +0000 Subject: [PATCH 044/826] [skip ci] Updated flake for skynet_ldap_frontend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 4083a49..e2cfc5f 100644 --- a/flake.lock +++ b/flake.lock @@ -565,11 +565,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1695645817, - "narHash": "sha256-cxFTrgZsD5AIvCkqJcXolXtWLEkbQzwqjEwrljeaqNA=", + "lastModified": 1695646276, + "narHash": "sha256-NnXMeksB67KXBsTub5Ap3brmb+sHKewepfQO4ZsXn8c=", "owner": "compsoc1%2Fskynet%2Fldap", "repo": "frontend", - "rev": "945c53d6bae744983903f5f547a44ead657310fa", + "rev": "d44884309f27780eb4441a4f88afadc8545a9057", "type": "gitlab" }, "original": { From 6c0fe58147fc907c41b6e980be377bc39f9720eb Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 25 Sep 2023 22:11:23 +0000 Subject: [PATCH 045/826] testing cors --- applications/ldap/backend.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/applications/ldap/backend.nix b/applications/ldap/backend.nix index 477a485..4a75272 100644 --- a/applications/ldap/backend.nix +++ b/applications/ldap/backend.nix @@ -75,7 +75,8 @@ in { # add_header Access-Control-Allow-Origin "https://account.${cfg.domain.base}.${cfg.domain.tld}"; # ''; extraConfig = '' - add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Origin "https://account.${cfg.domain.base}.${cfg.domain.tld}"; + #add_header Access-Control-Allow-Origin "*"; ''; }; From 11d972e9b8215f3528329db82221befb208707d8 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 25 Sep 2023 22:45:46 +0000 Subject: [PATCH 046/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index e2cfc5f..14ccf67 100644 --- a/flake.lock +++ b/flake.lock @@ -544,11 +544,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1695499087, - "narHash": "sha256-ctYaCiJ+8ZzcCvfMd5juF7LHwsajONVpjArkF5WmA9U=", + "lastModified": 1695681419, + "narHash": "sha256-xF80Z7USwGmOPW3K0NkcDfOVG/XFIjDtGQGASZQbaUs=", "owner": "compsoc1%2Fskynet%2Fldap", "repo": "backend", - "rev": "f60425f2ad4ba46290504ad603410fccfcee8aa8", + "rev": "8fe859b39373afad9b7e5246f17e7f91287ffe07", "type": "gitlab" }, "original": { From 2fdef2ab47e58a09ee531c0c1b55c939fc73e130 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 25 Sep 2023 23:09:19 +0000 Subject: [PATCH 047/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 14ccf67..c2a3f3e 100644 --- a/flake.lock +++ b/flake.lock @@ -544,11 +544,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1695681419, - "narHash": "sha256-xF80Z7USwGmOPW3K0NkcDfOVG/XFIjDtGQGASZQbaUs=", + "lastModified": 1695683054, + "narHash": "sha256-7C+ag3pnw/9oOIlc/f0FS5jViL0S9f4wN3F8behwI30=", "owner": "compsoc1%2Fskynet%2Fldap", "repo": "backend", - "rev": "8fe859b39373afad9b7e5246f17e7f91287ffe07", + "rev": "f60345493cd33ddaa7f8d8f1b62e5c0777381abe", "type": "gitlab" }, "original": { From 7c53f58df9cafe95fdcabff6d034822db8ba5b62 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Tue, 26 Sep 2023 00:25:53 +0000 Subject: [PATCH 048/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index c2a3f3e..46cac76 100644 --- a/flake.lock +++ b/flake.lock @@ -522,11 +522,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1695027122, - "narHash": "sha256-aK6Hu1JtbyNBqtOdTvC4nX5gN80L8RWbQcr1zrXXN8U=", + "lastModified": 1695687384, + "narHash": "sha256-IEba2xdAb9OXaphsiJqnzuCjN2AiKtfWz7OBp0tQR8Q=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "119a86b0ac14e58828692abae42ff2e8f9dde219", + "rev": "6a0b664e7db1bba9d35aa41297e328353aa34971", "type": "gitlab" }, "original": { From f59370c82159c9d62da3577b0f49d6c8e57ece8e Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 26 Sep 2023 01:26:24 +0100 Subject: [PATCH 049/826] feat: added laptop to list of keys --- secrets/backup/restic.age | 71 +++++++++++++++------------- secrets/backup/restic_pw.age | Bin 636 -> 839 bytes secrets/discord/ldap.age | Bin 1066 -> 1196 bytes secrets/discord/token.age | Bin 660 -> 885 bytes secrets/dns_certs.secret.age | Bin 1554 -> 1720 bytes secrets/dns_dnskeys.conf.age | Bin 887 -> 1016 bytes secrets/email/details.age | 42 ++++++++-------- secrets/gitlab/db_pw.age | 27 ++++++----- secrets/gitlab/ldap_pw.age | Bin 803 -> 831 bytes secrets/gitlab/pw.age | Bin 757 -> 877 bytes secrets/gitlab/runners/runner01.age | Bin 698 -> 784 bytes secrets/gitlab/runners/runner02.age | 28 ++++++----- secrets/gitlab/secrets_db.age | 28 ++++++----- secrets/gitlab/secrets_jws.age | Bin 2296 -> 2495 bytes secrets/gitlab/secrets_otp.age | Bin 790 -> 835 bytes secrets/gitlab/secrets_secret.age | Bin 817 -> 922 bytes secrets/ldap/details.age | Bin 1177 -> 1320 bytes secrets/ldap/pw.age | Bin 991 -> 1074 bytes secrets/secrets.nix | 17 ++----- secrets/stream_ulfm.age | Bin 2830 -> 2977 bytes 20 files changed, 109 insertions(+), 104 deletions(-) diff --git a/secrets/backup/restic.age b/secrets/backup/restic.age index 30e05af..9cf5b46 100644 --- a/secrets/backup/restic.age +++ b/secrets/backup/restic.age @@ -1,35 +1,38 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA Ww1q8Q65Z1TduxQ1oSFMvJAwrYYIpzDQkeNH46Cs22k -lTLNXOwLMyHLn9kL3lowfcDMyN1PSli4SBFuCIjSJY4 --> ssh-ed25519 rIwlvw PvrLAprPolw8AApMcO8brrn9nWrz2b1fuMFGOf1FS1Y -bCIuKRbSeqpCw92ghVA1FcUtvO87dmMrQ6O5hV/jUZ0 --> ssh-ed25519 q8eJgg g5gv43+KBMaWlfkSzBjgp5X/KHrX7WxYquiF7C6cADc -YbcYpaVxytDTAvCR20xrgttuvXFxHLiKyGvubFeEKfM --> ssh-ed25519 bPfq4g RX0ihgNdPvA3E45LM7e9B8pJ8gV1/OLxVASjRmjQREw -feUKQ4f3+6VmPvqsBpOzgVSh9GMpJ5afm2w67v3zm1Q --> ssh-ed25519 pBdJmw F/qZSQA0aYjjs3SxMt9HKFmrW0Pm0D0irf7QObYCeCA -uOYpl3oD0IkVTTwD5GYJ3R2k170GdXSilreUQajcmhg --> ssh-ed25519 v2Y09A wEWGuhuDR+g/ndH77kU7qM8V5oN5ksldnoYLMxSPGms -/Gw5L6Vr4gPwA0usrdVLjYTmn5fOIU8qOseGZ1TSvFU --> ssh-ed25519 XSrA6w KbsW+yHKvDHOgLwB9x6lDrR5zO/SfK44YEWaJvbXe1Q -UfZI+ffrFI283GJrJlcLEgkiCV/tK/le+OrdW1yVxGg --> ssh-ed25519 DVzSig 6RtLB2R2I3BOR/DNqkIiFZ48iDD2Z4czem0Peq53bjQ -YCPdGOjlXgHM9owbowC9xUPVXAD87fJgi313IX7eAVM --> ssh-ed25519 uZzB3g nnWj+f0TGHxK6bJhZS17tjeVDTCUgoCJNoKZRme/T0A -th7zvzTGnRR5/GwR0/QE7jZR76paGpgcKP4dOQnvwuY --> ssh-ed25519 yvS9bw ArCWyKydRWu65fpbFoLOizyQcyhvu2KLBPvKguOP/hA -VaFwilXKneyvXp0QiRa6roVyPtJ1i3t2ljyXL2x0Mp4 --> ssh-ed25519 IzAMqA eWW2BwYSb5E9NYsKykLs8sgFEZ8nJIjoQid9C1kix0o -ONp38qwqb/KQJYNCCI9JIrLqYsKbXBNmfEnLTZJ0d1E --> ssh-ed25519 Hb0ipQ YQzr+34ihSJ3EbSXn4K8qHA8gToJ20EYzqInevr3lXg -qSaYEwsFXv2pSfG6G++j879Uhdb1BDwPTockVzioTBo --> ssh-ed25519 mKj+iw nTegPxrTYqbej1TOnsLs8dkOgiM7sbwFKo6hnsmJMFg -r1eLoyerbg453rYu46ZhxGBoDbmu6K+csk/wEUaWPKU --> ssh-ed25519 SqDBmA ZvfljwGZNiFbUFRzRiihNOEFK4GGIyy10o7frr/TZXI -IitxLpxNiWhSzEqksaC9Ofw+q7yHLs+iZRDeanKnQdI --> ssh-ed25519 UE6fcQ /tG1qsmmfOyeZVLmqTuz1FAvpwstwMOEdFqBk0hijjE -nM4J74RBJieBZ8BPlqS53hSv4TC+8GkLSDDOzWg/8gg --> Bk:I ssh-ed25519 V1pwNA i+B0+Vol+Bg3NMFRl8bVsjw0KceNMa5MTt4tpmBawjI +pjX6xRQA+ZHsS4pEOLIUTMZl95ZJtMy8+t+L9XPwiHU +-> ssh-ed25519 4PzZog lIR+IwqPix/PxpCDAz4yzSZmmimeBbMUI0FrVe8nTzI +khsUdsDzYfXpeFWIUdXs5cUoVEjavBU5oLuM1zi72AM +-> ssh-ed25519 5Nd93w AHngZCQj8cVb0SYeCQxz3X9D6K/qqPYJK/E9K4NoFV8 +XlGuQeqIlNfLroCI6vnQeINVKqNZhZTxYHlp+PoYGWU +-> ssh-ed25519 q8eJgg /h+WZCVJVd7b5kTJuS1rv130ykxwPGvw2Xz/FmR8xUY +AxGqPKqi339E9n2mU3h3P1OI39vnKhQS29ucRZ6TfHY +-> ssh-ed25519 bPfq4g 8cuQVQI9WxW/jdWWMLO7J2z24+mkv9yFAAZ9G2F4nS4 +/YcVhvtaO50hkFvV5X+UvSQtP1jpUR+FfyASUCeqvZU +-> ssh-ed25519 pBdJmw thbCnqfJOA15WlmQpWr74J/PETCwXu+EJjeYSpwvSWI +akO1gRjUGMe0C3f7rbZcGGaq3R/C3rsZ/xibMAH43qU +-> ssh-ed25519 v2Y09A 73BTHnvP8kxmiZwc7zgOF9f0/VDnxxdKrI3Y0YrapWg +rOWnidVi2pMXYVgpxaA8hOk/c003xMgoL6N3gfUojT8 +-> ssh-ed25519 XSrA6w nxuItbv1q1mLqU2repyqNpV3cSyghb16vmeyMQFkq0c +4cWVOnMwWpSr8s7QUVtdWwjImWsHQO87gYgUfhp8ZLs +-> ssh-ed25519 DVzSig Or2OqUMKdpls+6bTZGdTXA6NAS3IlkC35mYF8qq64Qk +/hwYW7qpzihBFpqofrOzKQ6V5vERt5XjBRjM4brgiSY +-> ssh-ed25519 uZzB3g 6IiUoGjGyy9Dz2gMz5m7rZAXzKIfKh+OEkZPW54mWwk +b+EG2/wGWEyQf6tdjw1hrto4YT1PDQ+kNgvKA8RXAb0 +-> ssh-ed25519 yvS9bw RTa2J0GoiCpnzjzQUGtq9ds5EO2mxVJFft9gH9Ov5AM +kAtUrfD6xlaNLTaMOUeTCquuaXTFiEyWp7LbZ0cbmPQ +-> ssh-ed25519 IzAMqA QPfz0DEOeFqfeS3x7xXfw1AVtYvkm6eCysWTZsWpvXI +hQL9IO6GSdMsV4CH0OzS+KsDwA5KPwSbl+/Rjfu1raA +-> ssh-ed25519 Hb0ipQ 6FMT3Qian0nrF3bHjzUholG0Zml61LWxHczILBYOOSQ +g6mBbEgf2pPKil6HwA/6aVGvit2CJAv1nkUlyAUpW+4 +-> ssh-ed25519 mKj+iw V6yZKoklx++rPqiHJvblPyT7TvN+WEgv5K3RB3mcZmk +KjXbo8jidkAIs2Qf/ykMiLMvZMpxXM3TnGxE1kQDG5c +-> ssh-ed25519 SqDBmA 60oqA4VTFKeVdh44A42n3xATZd49OoFbPAumgGpEfkk +0ahVGcSyiuSH1ACzicqfSc0Bw0B7xKlhMXR5L6DbMeE +-> ssh-ed25519 UE6fcQ Aor8YR/7jbh2nOMwjO4yJqyY0JTLNwBUJpEGtnRRvR0 +Xzpn4iUxhhTnPl1z8wyZOnDvsmbvqQlQlmt+cPVd+dg +-> LaWBup_c-grease Yv Wx%(3H + +inmvOA +--- zGS/Vxsp038gsRkshj5U9V2aEn9qO29qLlQ+jnNBXJk +~])s}pUܐl+\4DVvЕ|g}qΦ' FMOP#$xM^vFx zBv-hzS(16WV@j53X=!d+j;C`ggA{t;!lE@l~~fu=rgE=g`i z*<4X6etu4dWkD{*W)V3iNhz+T;a)Cf$rXui!Jhg>PVVML=@UPShx_Lh zxh4DhdX#x3SsJ){TNaumrW=?irxrOzr3d>5nEDhN8|35`riBLja)tQ>1O%jHMj2%% zS9y3xm?r0CCz}Vl1^Pr)gqjxRq@@=)I+bKrr8}l3PmX64uMY}03Jxg^Pp`@P`lMHr?1Iic8<~Xl=Wt zx!}$nf4eRFzb}aXw`t94;~zi21Ru`!UnY0!X0lP=g)p&o?_O?@N~@Dy_IJq>=J(|W n!MoRIX`s7)L0Dx;x_3~4Z+4!3NO^u?NtlbVTaJE8scTwh zGM9^CSWsD2h-;8S7EYtRA6CVzNL3zNKQ^>vU{GBk8@sej%iS8u%m01sd-esZ&X2KVP&!B zqE*6U3^U4 zO!G?vGkv_AOTxT-JS-ivJkrxmi*wA1bF{tE91Gn_OA9@+xy+pdozlFjQe6z)D&31p z!p!rNqmpt;d@Oy8le2RTEX{LL!u350lLAr=K*3b5QC;Yun_iTfSe&Ymu4>O^S(qB- z=alHrrK_u}kXN3hU65Lz>FpfoR}`F-UglQn92{WiACm3r<`-02=;9J+>S5_-YUG)h z%yoN%INS1;*@^5s)z>PldZoz~lu*LT8C%uUygsAkmRLIT_Y*>ut6UXq^WLwEQfLb6HV(hJI>#NU2e|m%E{5rAwkuo@Kscifc-_PibOhI+w1ULUD11 zZfc5=si~o*f=NJCRDQaGk#kyZslRb>r9o7nb8efh8e^E_ueTmci*&C1sUP9wwQ_VWyrzsYV6PImu;ZslM(3p%Xufhi8U+ z<@i*2IcsaDYv&Y&`TF@Ldgg_Nl?8Z(mSmabcw}c9>ql5dg@?E&b7iGfI29O#XBGtp zSUOph`6l~Y6yBz(a*{#ObH9o4vX*)j|ws23UxB_56p9RcFr+M3k)vzHup5l^frlb z$#p7o4Nj>FatluJPD^q1s;uyxe3ntXzM?F=BCSN*H!3l|$UMTw)4(&_qtZA>-@Vk& zJ14ZNxHQnkEY!ryCoD6R%ed4sG~1*wqo~l>B}qRx)uPhhHOs@my&~DoKcYA^B{11d zKdam6(an7a?;#FQ;eMo1JcW#olM<)N;91E65UOlOZC%(ic?I2 zywaTfT}mU|47jS&^HQ~a%~FEXJk3Hq!#&)*JoQWcTs@q%P1xp|cOMW(y>r>8}Px^k6i zTa+3brKEf1IU4vFM&x9Am00)|nN?UO8AWAR`fHo{MHq%eg%}tGx`Mpo8>z3I>YN&( zn_iTfSe&Ym@2O&AqNuB&=oZUmk>OrZRUBSX?`P>^S{3YXR1uL8o*EbxP??gHR}hhD z6z-au%B8ETtB{$IlHwR;;GJe}Y8H_0lTqkp78;gn?5SOl?UCZ{W0B*R9&YL3TbgU? z$hDN6HM#Vp_Yn_<`gGOwi{Ufw*gWAm^lr|9sVC)6_p;ajoBZk93hk0FQ6g8DFa)sf zbmXYN*Zn{xN$1==2bpbl$u~+)UE8uKgMUJnVFMB?up%4;lK0Tv7?qBc{d&OO%47veTqV!Z delta 979 zcmZ3(xr$?gPJNkCiKB;Ure{ftSz2YVmuId?NT#W?ft!E6r)7F(ZdRy&noE{xO0j32 zFIQl=SDLeBMuBNYVoqY2c4$_vp;=yNRgSZ(XOK^^Yp|uWp?8RDa9~M(GMBEMLUD11 zZfc5=si~o*LXl^APFcA^hI?^YKwfxyT4-{qXIXh>sGGTwcVSXUX-U3Wp+SasP+AZC^)MF8#c6 zOBX{^{S>FN)XLJ5ypn+Q;OyiGbMutQbZw82%wV&~K+hcaA_G^G$!8fQ>XUOa%6;65 ze1b~6qlyxfD#8rI(#t}t{I&B^y;4&Qj13}_B9eWKjWW`?+%kO)Q_}VIecW>OOEUaJ zvrCrg!85ch$4@)Vz$C2P+$5wp zq|&k8+|W?l*~2#?%pllYJKfnVrOc zFMXf1)Dp|6^r{>aH%%@XV0BoFwg1{qP*u0F!ce!@|6(D2u|P zkWg*^Fyo-|qP)Q3r2NTe8O7_9$_sPM{R7-`(w)scib4V_i}JKnO+u?Gd`im9QvJ#b zypmmW0^B`J4K29BQ=Ib50}YBTGRum~v?C46Q?e@x3o{KvTyhRFG@`;PF3(Nw^A@Oa*Zxi=PEV{56>@lc8c)V4|J_at~bxKF!3_cPv+9q z)m3meG0Ao;Pj*U*GDyqJ$}r0C4m36JG|qHRkIV=)2{8;U@b@lo&CWG(HsA`kRkq}7 zaoK%kSJ+~Q3lsa_=j3H^B`ZyA=G0x3E48t$r17GhtU1{I3+p;vmQv6*91NOG}3vTJ~c zBUiGyyFsd@zn5D@R+7H6k57fGw?%MhWlpNLWw?>PV`@OSk)u(#UtV#d374*&LUD11 zZfc5=si~o*f=NJCRDQZbfPaCup^5wQd+KOv9WhSpPp+&wY zx^Y4N#UWUzC}g(| zzFel+`oa1ssTslPK{?3=7GWL%E_u%0#lF5J83Dd|8I}1_F1dMm!6rt2p%Xufhvzy* zxclVgIypyVmYN#+SZ0@J6c!tn23l0+_&OFEdY5PABzZ)bxf)f5Mn$ueqb2WlE`GV48)#XKGlap?Q=+ zWqNX!aX@i>UU0HsYK4c9d2YUoS5Ag+cuuCJwx_E_hP#D@Tc~%0OK@;r2v<-2VVPwuCA_vX;Fo1W`4FwzJZ%dc9~y&rM_2wKyX&EbC`*?sbghYxPPEU zp>eTMWn{T4S8VK-XP^I@3m$ivV-$3xVYWrmxo*)T3r~8SUw9_{lBn>O^Aj>N=d5j9 z|8#BwgUm8h%}whb?fDmSX3z0Oy8SD9*2;bTxM6|2jBNiAbGAu!m5fKcikNM3GC3Ju jNgOxToYpM#T4be$LrU19hNbuJU--93`&5hPyO(_crPLrn delta 590 zcmey$HidP9PQ6!hScye$vPHg^w?}rFPhq*IS!!TOdZvG*n@44qucu#lhPh*!dtqc~ zB$r1-u!U!sfm@Y-grRn>nWeE`d9h1bX>q7_ka3Y`NT9cVuy2~Nc7B#`K9{bYLUD11 zZfc5=si~o*LXl^APFcBvx1)AqPL8p&M|rA+n|FXuj$2}ge_(~FwtJwHi<_x_L{f@R zWn^|`zNb?lS7ef(uaB#7W_pQdNp@*UfnStku7PKmw~xMwMTtj%Wm$?)ruUrR?%F2k~% z#Da?Cq5^lPvT{?GBp275D!&SC7r!+9!px|Y!o=J}{k%dm_tMD7$!8hG>&;WVqbhw% zqkO`1%MIPLQu6{Vd>soMEyK)%N>V51P4 zV`J_V&c&sxtE*5_=~!P{d_7qR6e}u-XFwpFjWMl(;TrBe)^%txvo~S(fmj@&$XQ2dKrRawO^eaV=Z@ z;-yjFOx`)SC&=Z+Y+kgIy_Nau$=@aa!d!BBH=O0DeA_wa`%b%p%moUM*>*>4eayRK dlhrXcj~17%L%(*u%-NHs_+(=N|5@iZwij|jHbB#0)t|ch;aSj z}~{Dl0ZLO>{1E$utV(atz5X5A*l&Gxm)LN=q}$%}zB43eU|* z%JqvXsK~L*icI$PGtMtDcQ3?`069qGC_;sH{+~DnsYwG-Go=%Z$R*pg@l#W2bVUou;juUX+?x zoXTZh5~yuiSy)_J=H_G&=$vovootj}npKvcmQrS(6z-ZI?3|V3Rp4x5UTRpG=w0aN zo@?e~p`DoITa_Q_nQy>lnV%Vv6>b?(m1!JUFU0<3r!5y`37eti+|d(v*_^I)PN~$+guAi>^gP*@}dx{llm7cZN#?!xz0GV_Eq_` z2c^8s=8Si*IPf^@{hb2WE6JIj}?<()iK-bh{4+E|W_Xs1;(o_$_T=TFH^Wsng3va(tkE{UifJ|Vq<*1?ldD&vflr`is%5gNQ?Ze`XCO4v2KF49w8?cQ-Ki_YDrqjf^TREi}(4^~nj>_sY);NOTEv*=2>f5oVs@ zP9;Vb-sOSbp&3QVhF)3vo~cQmhQ67uu3YYE&bdzRP6g)rW#z#I?wQV}QP~CI2D$p) zZoc7VPWmR^Rh7lL+4_n87`AyN8Dtg&Dukux7Ukq>m!{;p7*&OMm6cSQ_?6~HMEO_b zSe7OESbCL~7)0m?xg|z;a#gtI7W?}qmYY=?S?ZU%XBb+9n--S)SVR>#<|k`slvxzz zx`&te`}jqL;_#c1TegRpc~Pl>qkpM)pjVnpfMrx#W>$Jes6mxyR#}c^kdt;+ZeekS zb268ArE`E|aIj%OdW5CFSz&&JNmY4po?mc5zMpoEX+^ewVq#`qV32#3aUjUH@LJvU zqSVCVR4#olCwn7t?a%3R5Ge)Z(0sd`r)QOpnUKAd9f@;+z7*q@a>= zE?r$+1y?Ui$Bc51u#%GU09S+1ApeTsBu5Lk2oLXk|B_JSz$BM|@_aY%z`{UJuDYXq zPXnZsdB04Qjwt{-^CZQd+`V5kZoSLa%& zwld4n*~P}R^V7$B%im>BmetNLx&P6S<=2yo?K_u<_uu_(p1EDM3CJUbP)?c2}e UD4!$K_O@=y(R-U+wq3ah0OBhd!2kdN diff --git a/secrets/dns_dnskeys.conf.age b/secrets/dns_dnskeys.conf.age index ebd40c16e0ef09395d55ef10e7fd1b3145d5507d..5014bdcf662c26e75d302061b37b5a7de2585e01 100644 GIT binary patch delta 929 zcmey)_Je(bPQ7z-Nl~d!s<(NmyOY0TW}t78V{TeOL}7rBxw&I$R)j@HrGaaF(1iEmcAMSZ$)a%O&Ma7a?Rhl@v1iIJy8 za%6#NP;y`~m!DUZSA|cce?V}cVVYNEUW8|nrLmcRn5Sn|Ntu6oR;qTEX-T$IMWk^) zx^GGM&>RVCTZ!Gh8C_~K6x&QPMImjeq~{%W~nYo;hvG{ z#a#NXi9yb$DejJbmg%Lb;U>;*uCA5(CK-Ni`sI!hnW>3ECT2;7P9_=2$rC?{hX?26 z>l>SRc^8^y2j+wuT2$nC_@;&zI_sB|xte(w6$ZQMJB1qr6_-@Ha-~I-WJRQg6`47P zlzY4SXS(Sd=USGShJ{;}m#3Rmr1@lIg%s!cxaXU@PL5|35BCTx^UHBh4hzanP7Crf z^L2Hq%C#)_EeYm94x@GZPM!xPv+1csYrJ;GwMp*&%NkIjU z=@$Ma-jVvA#YWl1Ri2TV$;m;X$)%=F!KqH3r6x|PiN*z9Ci>z2m1Q}VAzX=JrsbKI zc~PYX7Ow8D6~%dJhE5?K6^7Z_iDp^h<|&m$X=afTMrLWr?kS1-iGHOfo-SOvy1EJ> zeq~{v!Jb*Z!HF4RkuEtQr2*OXIo|q#!MUbc1;y!E<-T6pm5CmeX=WB&>-`IY*M>ej zq2Cc4I>ja7NW*zS-Yc)yv3=&e7AtSQd;Rsf=hW;^$ZKV7PBog@t8$V2)FAO0Y|LHkYoQLUD11 zZfc5=si~o*LXl^APFcA^iN0l&v8zi!UUo@}c~GRQmzzn5QKq-Czo&C%QE`run|ppy zS#r5WvUaEmSBSG?P*_M}eo%^bL{+hqxj~VBVunewOK5m`W?o8)en6>XW@wduNt{m^e zNQ)3t(-dddVw188eYbL>szPJuj6zQ*j~r9~+~AZH|FZlr0}qel$!8hG>&-LVDlAPS zjhvl~Q}Z*DEZiepqV$skjQj$ss!TFWE1UvcyhF{>ydpx9xk~&!v>m;@1G1bdLMps` zJX1{k1G01U^Gu9_%)RnWEW$mUGgDpi3koX?(1WSWDAK^vQ6Z~1#ktC&DkrDhJS8*2 z(zud{s#Svs(V1-Y)mu`AdYGQG!f`ws3nrn@MC6|Rkn0IA` zU#Nw9Xk~d=kx5ZNPFPh%N_KgmX@+lsdwsEYn1^wscYv>(vu}2Ks&|TeT7I!hs<)Y2 znzp`wdRZ=4ntp_(w@;F(QFc~%UaEd_a)EPYlu3!XbDCd3c0@`hm#(g^LZC-MvXQfI zQF=vMq=~n_WlC~-zN>FufPub2L{OHtYhbc>PPlhLYFSV^SFwh^VbZ4$lVe$<7uKut z?y*_f5c4`vY4s8{*8IArgi_IGn}5uHpEsd|$M%r*Rjw}MqvslDt?Q56QM+0zK>KY< z=Gw5*>wj1D9sa6pY4C6Z`-_N(RccK)m)0t8(tEOI@fo&1TdXw19u-(VPucRiPdWA7 nwsakVd9&nyT@HSqwECZ{@m-O=h)D~tv-k9-v3gq^dHV_gd5|H% diff --git a/secrets/email/details.age b/secrets/email/details.age index 5755286..8624547 100644 --- a/secrets/email/details.age +++ b/secrets/email/details.age @@ -1,21 +1,23 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA spQf5oCQRAoyJLb8Wq9cErj4qFj+QId/ys67Had2kxg -cPPYFx2dR80YO2KdyuY/AosyMOx9clhLJoeccTpPC+0 --> ssh-ed25519 rIwlvw xAa7x2i9mo1N+t+OxGTf/GaeQY4u5XH8Do05ttkSNkM -zSRUYIwphS5fgJ6U3t8aFiz4Iv6UIBI1ryHU9tFsM+8 --> ssh-ed25519 q8eJgg +d9fWOcWcHD4vsz8+ZtBl9SsmEgs5znDs7/nDcY3ii4 -5mtaV89yy0D2nD5Zuq3hy9+2dnLIY7vKyp/h7rUStoM --> ssh-ed25519 IzAMqA JZ/JHVH1SzapEZafmwcl79wzaIosUBpusOvIyqVLtBw -qBPjkftgOv34UFGagJdxWnEV4lHwk74s9RvGXmbAMnQ --> ssh-ed25519 uZzB3g 9eZmtlV60jjnoqaIM4Bxo8ryCBgp05QeTG4pWkJtBUs -secthoMxhrG1PWu6YiaqdYe8WE1JpF3KegAEv4Hrwa8 --> ssh-ed25519 Hb0ipQ HyzrqvhewmvrtHNyt7JLgscbRn2dC2w6t/J9n3PLczY -0G/ZiV7afnfv1Iv1fZ8k8a5R63N3ssqqrnhBusP5kvg --> ssh-ed25519 IzAMqA 2xvnn64o2YvsDk0EF8KxCqh9ihGkNn0gBqEpZdyL1ww -8XR9wPOrDixfOrZvUVdDFKcFwXx6OPwG0x3cXz474lo --> Yme2D,Gd-grease -YSlDoRK+90hE7lEFMFl9+OtPCiGspgVVJVg04uAxmzhhUrY4tKXnCGhSizFDL57j -474F ---- A0sroroLWAvldY2Ry21ctNIhA1WW3r3BJEveeNd2Qm8 -qoTDŽGM/} 大JyxEsm{q1SwFejK>F!D,ukKX5! rA - h]m {m"ƺɴ \ No newline at end of file +-> ssh-ed25519 V1pwNA FSc59RWZTb6JaTHqFAs361pYbyo/xTBYIBs5MDE3KmQ +k+EPCtRL00RTKn1QBrvCalpwRNnlF6piF9NU/ggUGuo +-> ssh-ed25519 4PzZog 5bnFZc4NkNU5SsTN1S7oz8UyXrbLqRQv62ujLuc8w30 +G8FmAXEwFNo5kfSIdjIz0Kxqa7fTwsBjecRP4Vq/PeU +-> ssh-ed25519 5Nd93w D5ZMq3/rIsPlmYdTPULbH6uLcExZlWp6EaK0AMAhoBI +nRjxM84tLVtcWDdU4cRQxdvwAKLPPbqaiMTN9TKN2fI +-> ssh-ed25519 q8eJgg +U52ie/+blevNjICWeUZpKR88IBS2ZKaJe97uH+/6QI +3I6I/hu8U1V0MsdaUxJyvn7P4UJ5bh1IbuYUV48Drts +-> ssh-ed25519 IzAMqA W6zlgpmiaFgofkvg3jcCclIPc93x7A5QLMhBNzIWsQU +SLOe84XMuyASHAXR9rQip2nJ97csgx+PcwWO5jtCs6k +-> ssh-ed25519 uZzB3g V8WgQqJ5ZIOrNwP55zDeGXD9fODiMcqxOmKd5GE1nBc +GwDDzZJw0HmRNMOEaetLbzKftQ8QD7IVo2XOXbBQHZg +-> ssh-ed25519 Hb0ipQ I/qawB8ypJsIWQx309AXvBxQxaHx+UHYOSTUzvOOXmY +fYXf8BepdDilvnV+/uMdB2Gr5jkHXLr2agvqU4ntWcA +-> ssh-ed25519 IzAMqA MMU5dNAOamQ0rhjTfHFE6JMFqBhW8qKYNmvCSvFov38 +9Olf2LJnHpZxSyXwNg7W5Ml+e7GADF/321GoFPA7S4k +-> #wc40kId-grease w $mxWw Q +FiamK9KVUlgQBaQ36KqWfWd4kMWo2Ur+Yptfivl7kMRjRErahmiltBbEheFS7ONW +zt9mZ0RaGTA +--- jwTEG/j0JBZUcusAJFGABawp6GdQFAkzCwqRFWaM2yc +0>JF87)dBeyQ:l%U,>Y,źJ(09zGi*¯ P'G#r-[ޒ,0h!NL +H$(K(Z \*Fǃ \ No newline at end of file diff --git a/secrets/gitlab/db_pw.age b/secrets/gitlab/db_pw.age index f26f2f4..59ded26 100644 --- a/secrets/gitlab/db_pw.age +++ b/secrets/gitlab/db_pw.age @@ -1,14 +1,15 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA 6IrV0i7/PONl/4OUyCKwV8A0gao3b6OFNuDpMCJFphY -kldeDhXcpUZ5BGnvJWI30rolcxMiJKIE3vbNgX/o0aE --> ssh-ed25519 rIwlvw MvBrTwknEme1pjq9pQHVxN9nGW/rCgini8jJ7PLn+Xw -38r9FrUoPbVI6QTZc1a/dskZVuAu8JNhl05J4G7Dqkg --> ssh-ed25519 q8eJgg rIdtjhNPhDpyJCWvxNS4epmKSmBw+E+IgTFgxrKsZUI -lXxl0h5tEo5a/tXHjZVSao70JIHlSV50BihGiWCqK8Y --> ssh-ed25519 uZzB3g ry4kzjUrw++lbesQ7LTJOUwVOe8JVwxVXmz65BruDWs -MHjoVNTTkl+B63I4aHYV9TSWIjI4ZzzsYmeCsHvbY3g --> H#-grease -7j/og2Resq7mDcJ2saALdxFGNLj47TS9TLb6VrBX3ZDv6Q9tz547pvvRlhUEeqeV -We3M8IFvUYlGJpKheyxaxQ ---- KlxQa4U2lJoThWwv5aQSRA38Tv/lH+i+vvIE0SI9jH0 -"&.Hm\u.)Enli_<٪)yx8/7PgH ћf_s${0t8:ӠsHAI)}VeJAcˊΥB!7qZkJb#zP_ \ No newline at end of file +-> ssh-ed25519 V1pwNA bcC2kBr/ZkH/7nK9PAdHNZqA1A6vaYOzF2VA9SmAsBI +c3KGa0kZU4HzwmMG9RzDJmNYK5/XPMp3RlwftQJ96ow +-> ssh-ed25519 4PzZog PYHmJfUxk8n1/pcvQlqZSLx7AYgZLhAgyH6/fqc59gU +uB1gcZUT8YT2j0jz5s/G/ARDgyjaL0X4x0cKyhN7dVs +-> ssh-ed25519 5Nd93w xIQMqlHaVyS7l9iicWT/dm1to55CuZLwZnns5MAV8xM +NiTYzGwA5mORQr7+AZysmfLt9/0k3ssSuJPZi64uySo +-> ssh-ed25519 q8eJgg BLsdQcHA8JP9Aqg+tCKq4CRlTOZx2t0QdbUD0vpWZRU +3te7zTaZxa+Yfk7EvNkvJQlElL65rhtLOS0MREalfSw +-> ssh-ed25519 uZzB3g 5zLJIHFOkZ/JTkwG2nMhayGgHuenaibS7mvdjf2bZig +Zxgjz32AuCEBzB5kVX6mVMdtFizblMCx4MObroQZYTI +-> dQoZafo-grease .m8v +u8dEKLqrU4nhATqmhsj6O8mJKYo +--- iqSWLDBZMK2Hvkf/aMZyJeuPc8MaRddaMgA8/SsUnu8 +MU)/wlK}*!גQy`nN$*7В ApѭqR/YT}ɏ4vnb d˖+ʾe]vX-4(̎ k+yAW6wQ2Z}IaI$_? zMpB`ZUu38wm%gQ2zKe@#QEF6)uYaIpX_=pPYK3V)c#gACP-SporgK%9L9So9Ur1m% zx^j}84k&O7DGCV)E%!`M zt_UbMcFPPhjI;>x&krdIG1mvjiAPz4ZhBE_VsWa1VY;iALT0d5Nv1-%Vy=^ddR2*6 zmaC^FSA9}=Zep-OXr6awI+w1lu0l~%h)ac|w?U#~dPR1iuYQWLrJJXZv74Jwsbyxm zg=JP`mQ$`@S(uw=Bv<~vtoN_-+NC9ST$k?(O+8y|zT;Pddh~sr@3m|}fsZoFn7%80 zy)Mz8dTq<0sf*18@~*fZ-#v3FOQgkuB(C3l+D$esv9sM?v@hwANLN3w=YY6nz>WH4 zub;Z9PuA9GZDezpYJ8~wdEtB(uJx5)@2q@(;cIh#q|DX{Ax(>q$w$ZeFv)%Y(=>xI f=lhGqW{ypN-?XLkk8)k&M|z0&TTqwOvLnzs@( delta 733 zcmdnbwwP^#PJMB4M50Bhvt?*ml}DwMWllj=x^`-ISXfn%pHH@_o3U4tNnoH?zO!RS zF_(T(RGDK)d6BoaS59Vlc9f~BmvNM1inm#)r+=hNm~&O8V`f>2cT|B(B$uw8LUD11 zZfc5=si~o*LXl^APFcBvL0)Q-p?QX{cVvl6Qb}-do|{j$Taa-`ZnmLoab{6SRz|Ut zS!S4To_TmNSCW@eij%Wzp_z+GT0oRrVvEWkpRCHX9LIFu^dOJ&z)F*x)X4ncB;(MGpp>j~!$`wGE(;f9 z{enm*7Z0a2FE{;CQ-2E!_aguF;IxPk{h+KMpVSCXZO3H)e1D6{XBZ{wLw)m;Jj<)R za{S68oO2_?4LnLBBU~z7%-jpoBl5j7GtDzy^*vnEG8~J!D!j6y3W^GIv-17(10xgt zvm!k#%S$Z^szNKX^;6R-olCqcjE#!(eS=K6bnO(X0&T5qb<>Md6N^(7jKfR03i6}; zlFA)(EYcivtFpb_(#`$qgFN#y{qusIoxRM`-Q5EG3WL1$EAx%AL$k~?N_>kALd~*@ zN`oUUoVBYAOSydA(+l%`3!*Ht%|pzx{3|MhstgLeD?H3y1A-!xiwn}ti%UZ-eVz05 z9sL4=^0{<%brqb`3sdu)OLE-|s|usSf=k0g+)T^dLzAk?OEL}W9gVevvOSYS4Z;$$ z(_Oie7YM1ecYV{;d^a^i{BioNk0SHh{@(1jZwb_3Q~YmLk>{?tVB1^aTD=L^WcP$H z{mT(fJb8(S<0ijbQs$vrPUblUO>CPd1$s1{t7q{zW~uDCaAKOiS&rF?)X!eW->M$j zV72_}IhO=3?W|t+8;$2a864j}Gxx_Nh8&9?={bMGk~p}1W|-O@x_@JTYm-S+0mHoC U$(M?+b6nqiM!4N}{pO2v02-(Y1^@s6 diff --git a/secrets/gitlab/pw.age b/secrets/gitlab/pw.age index 059c4561ae43fd96919890748ec4147bffdb29a7..c8480cb4da9c083e7e2eb061bab0f8056cae5b2c 100644 GIT binary patch delta 808 zcmey$`j%~iPJKyaR%nTo7(|#xrW>W3mwWjdr$mGW8l*=?PL5|3uXi*z_b)5S_VDoz3l7f@ z(N7M|&CgGE4hT4f1p;EjM&G0fka}adx`3L5_`XdQoa(ajJrun{P;gLU>3}wPK2e zf=9GLuv>M#CRcH=SCLssVsU|CvYV4(N|I+$UPW$MXlQy_Wu>Pa)?K2REd#uX@#GUXJ(YE zYq_Igj&qR-7l+#wHFJ)R;1}u#Z!K9fq3r3Bh1=H&)bHQHAi3;U;nF2DXMAh#F6HlE zt5Uop>GRQpO+1rNIxn|;aa+ph*8?qg=be^8g$qtz?rbievDVX$HZ(82-C{!z% e_2{qGO^e@IldS$O=TSIt+wD+I!L2*HWzeic3V~Lq_ zAXipul)rC5epP<5vq@N9Vrf8fgnOQ=sYhCYc2HqvN|1SGSbCa4S$kBQ?3Nxw# z4EznXJxU{eQzMG=1Jf+@!>UT0^b;M6v(pMA%8Db6T-_^7xPp@-t6akaj4S*d{ey}E zO(We?gR9ESiVdBUeIrr~%>&ERa>C2Zyu-snLBV8gX&7W-s+(Svnpm8wU~7?V>X{sD z#Z~N=oE>SD7Lnx}WaLpFQ10h!QDBtlYno+bn(Z8%7#vm+5Sp5!?VarD9#-Y=l^9eM zoTFV7tnFA9RL-TVtE-Tf9+g+&Vc_Ie6q0LPR+yKl?VhD=?2%Ct;+&BcWf@ZG;o@Ty z72zA?n#|Q6ldGI6Uj6A?hoz=Lh4Zc$`}uqJ898}>_;!9zQTk2Y`ac_q`P72TK%{Go19vF3Kmu_I(AL+?foTb zPF0t^+FveOoA!|F@y7lCr1}b%dL2K!{lqQVjJQjBr-Zt6zHT+@?Bcqxv(mC8g4ttt bR%hL0zN9=^-oFYH>z7)kXGs(=F<%7$5>){* diff --git a/secrets/gitlab/runners/runner01.age b/secrets/gitlab/runners/runner01.age index f4ff3b32b1a546228b69f0073298a0f79dd47a55..9a5813aa88ac24fdaa1fb9e08a403de312605ab6 100644 GIT binary patch delta 714 zcmdnRI)QD1PJLRENm{vOmRF8hi^!Mi>Zs3b6&c$i9v9srD0*RNuZCuFPE;JLUD11 zZfc5=si~o*f=NJCRDQaGd3v~Zl!1AcQD|mGPduX;PGHWsz@4xuKJjUub}fpP#!$SXy|wlXqD< zx^Dt`+&FQEsMY1x1B{E)jnERe}0O#)ZCBRc01xp%qcVk%fk#*%LpChdUQ# zxN5ujxt1h`nQB|QMI@Q~<(L{LRfeURmS&eHMTTqVmzKMjcot?RbD6mp7z7um`D(j( zC*~J=ITrfl`FL8o2IgBP8v7drSSCk#ndMuUy8ET2PmX64ug`Q%^$9l2GtLh7vkY^s zOz|mjD=R9B$TW;}wzM=VDGe?0OsmKXh%Buv=E}7w2=^>6&h*VU%vzhmKJRATD@k5(yk>*ku9?OrFYZ=0DVpJAOHXW delta 628 zcmbQhwu^OwPJLota7vJ|c4nBFsgp@@wxOY4X0m>yMQ%~PrE{)tc$l$|cVtwiaX>~` zF;}6PV}5FeZ-!f?V@`%~l&i6mky(amv7vi$VUS;jadAOOfRlfqesY1kCzr0BLUD11 zZfc5=si~o*LXl^APFcA^etAZfpJ{5Cv0Id7kcGd$x0`Q@zi(<#nV*-rd5T9wL|&eU zUzSU9ib;ekm!WB~VVY@jj-_#al1X@Qq(N9fNvdC|v2%o3VUe*}l8Li_c1V!3S&+8D zf6=Jg*F|D)R!zvY`AB=QRDyQg?IjNGD$(*CfB(fZRlb$!8hG>kCsdP5r|y z-3vpik^=)XEHh2L(o2F(49!x~L)0Rrn4wVO z;pU^3tKeC#5S7Ul=v!4^loDwW?&Yd&sBdCfY~Yjc7FbZ0ZRzOcYZC62W*k&n&ZVoX zt6*$mmgf;*7Ug1?oS*2JY!;c9 P`DGhL26(B>TRjy3+>Y0C diff --git a/secrets/gitlab/runners/runner02.age b/secrets/gitlab/runners/runner02.age index 1818fb5..0c2878d 100644 --- a/secrets/gitlab/runners/runner02.age +++ b/secrets/gitlab/runners/runner02.age @@ -1,13 +1,17 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA QRjlnn/qe2QveHa3YKiYJOCz31J3mPHbaPvjsTxDmRk -v6UlBTlZI6l/aTrmXE5UP5bhrsB580btbgKsLhTHQ3I --> ssh-ed25519 rIwlvw /o1TFWhNqMbBMchxVi1xOyDQJfTm31Xtw22v1W9CJ1A -MGGvWWCOKytORV0u8SrtQO1npwGq+t8fLPjwZgwVKNY --> ssh-ed25519 q8eJgg VOsrcDn9A6755RxjMrAL3cHTGb4oLr+hZQOIqpUtOjs -rdl2CKMQFOWkHd/B8ppKqogwpZSqvbvvE7nVDok9yuU --> ssh-ed25519 yvS9bw C84pTCPURfOfeDltMJG34KmldTB3BdEY5/CyaN3QlxQ -ZS3yGTTa8UXrOjAn0VO2rlsNR+zIuwbQ1yMUwkXQhKE --> lP9-grease dOOoC -5rqLFrwBpI8ueRkzOBciFCT815/RY5T0elDz1hALWktrnM7ewic ---- Uzn0cZKWaHj/0kHadFwQAGamf2B6YVXv1h+4wdafkOY -$o}SW`26C9"T&@QRfڎ>vJ1ap}.0-^`Rmr4ռ"/FnP kD*J \ No newline at end of file +-> ssh-ed25519 V1pwNA OnlxknIAkxFslxpjdvoZi/7J7eDKrW04VfssPXEMZyM +d+iF66x6Ma0G8JW7M15Bm86r3iiDviOa7XfLrcruO5I +-> ssh-ed25519 4PzZog 5jkBALqTqkAMHr4yabxH0k/SQ7MYAICJiFfuvXKSIkA +B2T/ayJjGmZkKA42qLOPCD7xRSCuJLzMFyfB0kFJKpg +-> ssh-ed25519 5Nd93w 4Qhx1G+9RqFacP/V59q0NlRnJ8E8rd5/ACSGtNRntAA +lGYrNEAryW1ay2AVg0rDFlPnZgpqp8TxzCj79OqpbeQ +-> ssh-ed25519 q8eJgg iaa0Ntl02ZCseBX4WctaVpGbzKqzTzD91N7wEIPe7hY +45oH7xxm+zqpCRz0tpDuehix6sJxvMv9Z4IBhUvSY6o +-> ssh-ed25519 yvS9bw lsiIzcMmUTgn57Nl97IdsPuDMsSNHGCOfM808N6rgWU +eIYnG2D9AgYdakE9ojKV9mnFdIadqqdpnmCG8s7IJ7Y +-> JQ6p.V-grease 4An)= RL+{ +/DV+2kLSpN+4Zf3dJ29YH76rnnXH8abpjSg5XJRL1pxGL1vkEuuRGVnl98ahHW88 +8f9vqC2tTRWxR2GWI+xjKWTrAey70GUkUSNkLQsZVLPQLAw +--- vpLhYnUkBkUCiQAQOHLcLoiag1QksxT9USFSQvNorUo +Z^@|D4xsj$ +?'޲/Vw HC 0E:Hq*y29rc+!e:FD(eqT_θ:> 1 ssh-ed25519 V1pwNA +a0rYrxMMjdOfv+6OYC/tOVdoRBeTWiofA0zA3WXx14 -hDZeU4owWSJFAfmrh6rov9cIOBS6cwVHs56WKL6yYLA --> ssh-ed25519 rIwlvw IMnIQ//LRPQUHn+arGFND6XXRR3oThs8UmPqPcX+jSw -46qKWgHedcB+AToczO4J+4/A8jSC7fBNrOdu5nZLci8 --> ssh-ed25519 q8eJgg 5AfU9O0ybH+0tNnnwZ5BFtqMG82/K/7f/02lIj5OI3U -XTjyHZ4wJuHFU1AWu6RmxucxRc6K28qFZ27HhnW432s --> ssh-ed25519 uZzB3g 7hMBk5BIZNmqq43Ha38zBfabsaT8xinAPGIQDtF7bkI -KimMgYj4kguX9fTsGd1DZjMtGhiIUCNSPg83d3T/TVM --> 4bTF=r-grease pUsC! hTZ" Qs[\5` my -cHBAdS8uyhWXZKpPBVXC0K/KaOjk4lOkh9AE0wJNncqfd81j0vs ---- RC6Hr9HSwghK1C4ckGgU9OC8uM/+FRS9TkhaKkgV4ZY -e_;!C~z+ pxvDhWL/lOI1c….?PgؿG_"L\82̚w"%qň݅L1荬ry+LS"<,2)y;xRzI5 l #+"uPY!\s@*Z \ No newline at end of file +-> ssh-ed25519 V1pwNA FOeCVCOV77bkRESARyLH7mdpVDCKS0wGFV8ziKam1X0 +5pBkYFEnyEQMzjEadk5Yi+QEpQek1MUyCJL7iBm8ZNI +-> ssh-ed25519 4PzZog jCgIIIHhuHQ3nlGRQAkQbnpgW3MZZBx+ssXm6hLZnX8 +4UBsyxN34u6XcvvLGrHSTbSVxy9tuvIvfh0Fmhbg2Bk +-> ssh-ed25519 5Nd93w Ft+kOpy/JINLL+m3U28CHq78VOr5RngXE9uJJOk4SU0 +JmCQHqJs+Q1r5qoc1mQzQ983H11fHDDK3ghTMdIY2+k +-> ssh-ed25519 q8eJgg YFMtanJU3K0xEejsJiHRZ4/dPrE6RvD+WVjYwMNl/Fc +GK/tsr9SMWtyMkEMkXWJw2B7aFbWPw8Pwvz427axAjc +-> ssh-ed25519 uZzB3g /b7muRF8rrzF8nUpcNoqDUq+mKYi/49OP6bKoFqCG1E +qk+jO0FQ4iNfQj07Y7TZQX8lz4HtGdLyIeIz7rTf0L4 +-> DuJ-grease |/#W:"2V Pn8H5nZ $1}p;- +M2phLsz+MXMn+Js3PBh8kG6ziWHvY0wu1LCQ+ibNcFjvcTgrha6CCGwzSgOJzlXK +eNFRxpVpn7+geBewrmfsKtQFcpUcdekkpgSIywM +--- DgvgIE+TC28zUWECoVdmm5sNiGFrWV3GGhipUWKVD6c +?ӽ6> 5 6IV@Q#cac*gpOKNtWNxF7OqI*DkB$uw8LUD11 zZfc5=si~o*f=NJCRDQaGX+&UfS+KKbNpM7-TTVc^X}x7qRGyEIW4OD8e|Wf)tFL=T zQC37{QC@}xSERdhzN<;LsYzCFKz2w{kfUjCVnldAs-Ky^ftiOzWO;eEheu_xaY$(> zx^B%N(9!^eW1|Hd=$zC3jUS1WJrlH2B6=@k6IhGL_ z>0A*WCVAS`H6=9(krWLLpz7s!+hvypQ zI%)gmc_gQ}hDBC+N4XjL88}87R8)8b`lRJLC52d;gd|lJ7W(IUa%pF{x>}m1mpB%d zmz3q@riA6BWoK&#XuG<3nVM92c_b#8W+s_>XJ(~jPmX64udmEXcXiGU4k|1#$TBvr z%=Xfb%qsQ_%qvyqu;rg?CHiBFVqu2)`xuWM?QXNrgfroa1v%jf9XiiCRsBd{#U~-O!QAwm(QI=;`M0m2NN3OPu zS87OhQfgSCk*~2?qN2s9-Q)L>VM`5fBm$^*43OPCue)~m3hauX=_Yt^Ale(J3Q|8q|K>+9%Yy{C)QZy zot@?w@Xl>{-sgnd{u146Q+KC+bZg|lxKirVX~!fp){3yp?``>)yogj+mRjWB`!Rgk z+33=x51y>FX8&nh%(uLG8e7lIQVTn$LmypAU+7-W^W!)c<<(zreWC9N&ob9CyF#~S zZLNPh&eu)5-*4)3sy%%}&zAnLyV)kcxpn96sUJ6I#c$4YS+zLt*LS8|{%&nMiycdM zf7&*qhp%MqHXHdzd*zh;_d5SO)7H!=K7Z#*vz=DAl|D+;CTUjAEZ!_5Qy2HN+4OLJ zb`7_XC0AL<|0VKME_EHwO{uR-+4|F`{Ir|5MqF;P0nwKqZ5x=IS|ND~_VH-GHQWfmy^FCc(-@j~| zhU`3H?uru`oeoV8_dH#%d8jh)`Oo*s!SZpEPuW*TNqte4U8ZAGqb+aQcqPY#?XoZIEx6bf*2>jzGI39rT<}W~-&OnX+b0=r^}HjjwtvYv`9?G&KOOHEHWE=TTo(a3X z^~U8N21`|@%q%!F>mUVwR5iaG3$9Pm-u1#t>(~~{>JpY zeV<}KtnMy-may`F$76nF)3@@Uwzx}VOh1**W@WzXkG(-rg@EzNuf=B$#vXdJie=ir zMZ$Boh1451ZMTp6H22O9*~H~sdmn05%eC1H3x#>z**7P*dAN>=&%-1LccFccps(RnstFxU~S!T}5DxJfteL3jrA>rxYH?-bOs<%DME@V2Rrry6RMD3qv z(VV(AhyUEu9(LdTwz;UpTWt5W4Sa?sDqlFfq{FHi&c@DKJ;71Jb)ToW%enrOdmcWx zt3R*M=lEmmEsNiu__DOK+q5X_{s$QjrIy3~)yE=b*9Gfs$of|qFS>Z{CaZJz?V2{e zJ|8Hz;9KzHg*Ef+UX{MB_hH!Io;9Im8H2#$=tJ?Fvf57gC8UL2krBAbiPqX;J zw#?@?^7gD}8={2X*ym5?PCK`!=BlvDe@<7H#OL-+UV zr@#F!FiS*`>CoBEggLbbUOnti6LLCx;o)NS5JStg<-ITZZl)Ea%@<@0EO{@Ueo?bq zQEB3-Kc9JPZ~W}ow@7}9ocao}$ThGLk?2j`dMr;nuYan+gi{dY!81stV++^=ebwBy|2`n&4)eGwjhR z-Odx)zQ=lPa1~2YceKBQHN5StGIlSy;MKrawZ$4amCwFuDW{$TzSMRts+urxE^-+fRzfVMaC8(UZsOs=l z_la?~F0V;L%a13DXYz~I|9Ku@$r1nb=#o{twyJFkb(LbT-*@kWU&jw))^nRRGEdp- z?qtXp|5`BnTHdtNlNPkB`*B@Tx5!FlSFT8_NaHd+v-@96T#uYp`W{i@>13r9UC&7S49e-Jb b!tA9H0`tY|blY#A{W9fJz=RJ$@(h~*<6u7O delta 2239 zcmdll{6lbpPJN-Pdy$`$Pf|u&WVlIEk!MM^pI1qKqK}!cQ<0^Uk&#nqa=2l7YH>k& zHdm5!v0qtnhH+V{OL9bhsY!rQvSDUeUQt0tnU}wjPe4^#cBD_ZcA1HBHkYoQLUD11 zZfc5=si~o*LXl^APFcBve_D`HaAI*@WKdG3g|V?;rdw4~YIaUlP+*>GMQBmFPgT*qk3d6r)deBMPEQ zGW#1Xsv-(g(@iTzn zlad@&pU6;WoCZ&6Y29+hY4>{t|Kp6Z`$U{YD0YEkZDT9xZzQB`JQoDrU5nVOT& zrK_u}5E1B=S`l1o8j|7XW03Bq9g-DU4K^o-`}*-lKT98?%~ys1+`T2blp~L`y}1hk+}5Og?i&DlY(8@d&(AZ zS66ay>|fEbtnn$o+R+H*Wabx=TrRKXY0tc^;<3SHo$yzdRfl&iIGZ_n{^xV)E7nBS zJw0)(Ni*p+C!c@nFX73cT+!hhNxM7dpyUq4yLDam!y zWj)TawO&iaPimJhbGaq2e@Eg+eVD%5+!R(1^9l3zr^(&aVC0-^+rH?fN!RJ>iLPUn zg15?w+Gl@Hm#jayutxTFeVEph{iP+{ycLHF9HnYLJ<@TlEqP@TqW|fZpYxholb_W` z`dwS}R>X}j?ppuBxABp0JS_}k{H^>2rq5nB)ppi_<#%_7%#QqFtG!tEv#z?+(I6M|lA=HCZBmW zUtkuzyNuE2-@H#BuRhh+oW*dCaRKvA(dCTk_4U&fR~RwA5xwhi-Nn%MTA%(pm+n{G z`D?nYvPy*(m*26ynq_eB(Qd~Ho(iH@%vp8k+z*qDTypz;yLPnkSL=Jrw=>P%TD$te z#=G&`q;=k&bFn!0!iX(lQ%j+gW|-_br~f)39yvEnSMTn+b*1sK^6F_N#~89zmRNEeBg{0c``flm_QwQ{X%X9T+O)f6%8lfBqjRB$8s*4wD^ zxz15Ll)ule-Sy?;eWpjAci+u0eDSUK$(|kU8@Tq!7e324z%01^Q~Iv#jjaz3`=>9M z&CU?GcX1)xrL--Rr>;8s_*KQ1mmjyqPYG>Y^gy-jp&xg=`Q2yrpOjhFFSd(|+i|P* zB!64m@{}odpIcWgnq;!((5;Ctj^`AY9+$hrA1}PHae8?F`Uk553ZwWK`kuf4#dLG& z-?Qy&CDlJ~e6V_ZO1Q#>%QGtOZDbAYwF$Lu=Y6|F&TmEElevpNOSU##e)R37nS?;= z=?sU*K@a}^2w$NW;CpMIDuYoyuSVgFJJnzP_w@&b$I2S}O37vKQcGDi<-*+E58tzV z5q-5gFrNKK?m_G2!4;<;A6falaP3W(dTcow+cGbUC z+G8&>+u*6up0fAP#1&^Xmlg6|SZTH=?aSfEVgH_8?$mNRz`s9i(uzOz`bulWX1$x* zsWNXGOErV=%Oklh5~>0Iwq*^Ga6bt^*3Y%tv#5wdi%6F^9)vJ zPPnS$D0f1%K0s<&5=V`TXx!HGuMYfJvUz%9{MF;!rx*<5?46oyQcO>|tPY8|^swQ} zVe5N45>gYwWnZ1Q|Hu|(Ecj8xJxP3?=x5Dc|5I+2Gr6(y^@(3cPRG~RC+Js}{*|z;-`guG z@SJCzu0j3Y>9%`HrZ3OoZ{5!H@KSA@d9lyLslE=K+R{$KKfeENIMzF_cXR0u2Pr*9 zo>aL*_H8ExVqPRH=B!;mS@`IttBwIV%q+VD1Cv*mcx=9{IqTWC1>Msm^JaZGY&@|i zFYx4{6Z=~$T`Cfmh+9oOQJo!c(`+h_Ith4U^4?b*hn{J}R~2z!5PCiS(Y=i`PRR?I`hsM8SV4NYSC*CCFxDP z%{bNc7T%S{tJs{HLpHIsr-2SDIXQ@5FN^E<3)4u)2Pmf9F>>?iancWV!p>ZATi_8#|3pm{+A=Kd2*J{fg1P yl&Aep{WYt?d#4K*|9LQz$K(F&cl=)?yxI2%9{4aXo#(U$PfdrK#hVbN#i9VGx&h$; diff --git a/secrets/gitlab/secrets_otp.age b/secrets/gitlab/secrets_otp.age index 5d1a92ba5a1b6e943e503b22497f8e7f341e89f4..bd6d272de352a622b443ef9e30a464c3030b3c91 100644 GIT binary patch delta 765 zcmbQnc9?B~PJMDpSh=xJiNB|Fly|tXhmTQ7MrKK-mtmG+RcVfQM4E4gQDSmgVqR*w zCs#yZu%nBCV{u`wqklzCN~L~CqPc#QpJQl_M_y&FesOVNdbzVlv8!3SFPE;JLUD11 zZfc5=si~o*f=NJCRDQaGUxlBmYe=B4M}S+fQDwQKdwq&)rDI`KsA*M%Uy?z&camd} zacHEzo0)4Um#1Z=Uzt;?hpAh#V|Z|?X|hpvnsHvTeu`OMg;_?qYjKHzd1`TRV1$1$ zx^Cy+rrN1qp%Xufhldx3 zCXa{1>68k>h#WF}T5 z>6@14B}Z1c7Zem0hPy_ldiwaJ1vt7H1SDC8dlrZIPL5|3ug`R|3=B%~NefAKxA68f zF->s|O3g6LFZ0RI%rgkhP4P)B@G;kRjmi&B=d#QVsY=n-572ki&P{X=EDKJy49)g% zb8{{>39NKY^mWv)v`i{9a0&_rM@ogNbFqm=K#^{GQEFmwDwngrbBVrxuCHUTW0Y^U zYeZ_YPjJ0Sv6G{*UqyPPPll&^NIsXYuC9W&cS?C^ey(|%qfe!4aD}6fXHjXUM@d#i zrE!&SXs}zFccojUSw>-?dpei)b?=LBnEomLTXTPx^GUTZw}a7jrD{H*^_w-fq+MK+ zZ+}B0Jj?dijBP)7ST9U}{Q1d~oo^=9?bK3M=~anQG)$afIaj)LN<_owg|``$&Tap= z(K>3u`@>H+Te%$PS;YM~v{Cj+lrq^H(s)x;*TUKFcRhbF-C_Iv m%oL+J>k5y}KPRpAU2=NL!-hqRZ^)^1)^HqrF(nvq4}=NOEDmcao81R+NX4 z1y`g+K!B;QdsSqjS$dSGQD~H>zG1#=wpX5IZc&b}Ykq;JTS`_?P-3M?B$uw8LUD11 zZfc5=si~o*LXl^APFcA^U~yg@>78xsR!-XGCbBZ&5%>Nl;~kUvZLaPN+xm zJO8tN=qYz6c{nDUtpMa#qqKe#<#NvoZF6W}M zKohTW-z056zX(^a0>3m%-wH3&%EFRJ^Nc)?LTxkSNK>O=ZGDr-$!8hG>wWYy!pyWC zGph7Ule~P>LmZ9VN-|P?^GfvfJp;=V!?M%eQZ3Sb_49)wxm^8SOkCY^OT5wo^UEv) z4gGvg^4!w=jq?3dN&>U;OuVu}l2iS1eaj3&LBV7Z;gyk;qnloonpm8wU}38p73X8E z;8~LIr>_v=VaMg4YT;6!k`tU-mgtl1>62~Z?Coe;R1ut+U*7~yMZ6c}vo6HyqPmzLqmrK_u}VB+ke z9adQs?o@2yqF)(h>77?uQEU`!P!Lg45}am|?v?4`9A4%U?37jS%C)biyRd$V-hDMq znYD-4OGr(Oc-3Z5EBo~1ZO#2k^Te6|u+}eYUSbj1BzGu2R!Xh>&F8|D4a0Ch}hQ5Y@M$X=)7B2ZEmW77S?h($8iHSje1xYDhZk1u~IY!wYA-QJ$`4c~ihkLn2 z=vR~)B}b;a2Ala?dgm2a`W2Ui6qsg5glA_3x#n2v`#Sj)9|JEfYJ=)0TxPL5|3ulJ5}H7s;9iAweLb&m-3 zswng^PtG?iDhcuTb}P^Db1^N-swybVO){t|<|;NTPtA^U4oEgL56jI+HAr@K^*6|N za?T75FV*%*H*_<}4-C(BGsurH0fkabjz_7jnWt`gQEFmws)BEDwOyvNLXMq%ik4NP zf|I$sg0EwJO|E`AmqAEga7mRvc($u)T2`fVuDMZ`QJ!0}WwBqFMRC5q zzC~D;PbQbHuC78+Xt-&mMOIZ{puq?1or zqDwYca^_zwt1DLKY2NIeb+rDozf%n+xTz4aY+uN7Ck&TIQ8E`8uyS)ip`{A~rMd$IgYs$T(WBm{I V#=hHoWEUqd%jdfNyw*_;R{`;pG>`xQ delta 748 zcmbQmzL9N$PJK{#p`n4dr>BK)d7!IhQC6}^R+UplKvZyQvY%(VTYjLUXR%pXRF;`X zIajWUZ@z&=zL{fLRe7L!kwH?jagcVtWujM7x_6?lPgG@UuzP8Vw`odZD3`9CLUD11 zZfc5=si~o*LXl^APFcA^xm#(WZ)RG4iJ^%{fth1UvYWeQL2gNKg<*J#OR%MdU${wd zm7i0XW2#XkS6Q;RkG4fXUQnQ~QEG&9MP;#tr(tfPSy7pLYN|_iu5p=5afDk{K}k{e zr-6y%OjEk zUHlA^0}L(mQ-hrgiz7mcy)z@VElZ8UBP%N`1H+0+^Fm#cxx&i=0#mATbFvDIvYai# z1C1&woT>`lDvO<*%hO#03{uRz49&89O@b?3LBV7ZYglWdn_iTfSe&Y$m{h6|uH~X& z5am*+;A^g;&Xo}u9Ozx|>z!Ag6P{seZe&_!SW@9z80Hogm{n1dlag-Y=$>pIk>MRy zWK>*f79Lz;?&#xVo>v$Z?wsY88lK8kViu5Ql$ci@QWX`R=kMcJSsZ3)nrr4`;g(fm zU{)TUWKy0Im7kne>Kf%@Y-+%ztE;OJUS=Aho#^N9Rp_7OUz|~IVV2@kmLC-!WbSC> zTUzF8nr9wn>6VdeY;NGnRc^B=XXd0Z7wN9OMz*{$DP9w*r+AxReEcV{(X#lqR^LR; z5ZQp-e!FcpksW_J*M@JA+w;D_FZsd*ZRst_8(Xt@o$QWYJ$`OciDB}zOGhSe+J~6aA8nkjH~)Mw k+s`M{qbJ@vwli2^_qRyxWgF*Co4I_B(T3Qr%S$E!00mAFcK`qY diff --git a/secrets/ldap/details.age b/secrets/ldap/details.age index 00998466acbf145fd8c228be31708f49ea0ba0f9..4205e8cedf782a6d5504a713068d9ab928252484 100644 GIT binary patch delta 1216 zcmbQqxq@qgPQAH#eu-yfm|1aHQcku-o~f(8qf>5#PriFtUUET^S7@kNS(jXCkD<4|Pl-`jo=1L&YiN2 zfm|kKh9PFzQ6`Swo)MAyfj%Z?xskp`=|yh&&Ss${1zANw{yBxkxj99V$rC?{ho}3Q zRCp#iW=DEvyCvrs%1X_RgFW=!@?5k-G7?iWic7-$Tn&w# z9No+fEzB}4U9!27$_rC6Tq}~&qAE($3)8$kEmHCgObq?X{av$@Dm=W*Dk44d++8eE zlfc1LZ=CMq=T_*MQ)rrM>f_>UUYuFwZsuX>Q|cD(W9U<98f9W`p`GNO=a}ou<>ece z?d=!lV^nDrRBBX`Raxv*Xjl+dZs8s3X;v8-XcU=d8dQ+w;u+=$_DX(oYEG@1ZhBE_ zVsWZMV5Ui?lb%9GftL|iQIeBkrJsjESbbtZu5(nDlT&a|n7+4VagcV1rI)8sj(Jc; zW?)fpX}P;oV3e1ymrI_uTa~|Ore9J;NSafLIhR*Ph-F?#sYyXvS#oM>AeXMLu7Y`X zqF+WydT3FwPnK_#pQA}qph1d$n6YI=YEn^JU|Mo+O0HKyab!hUF;{1FEpvd%wt5vY zL0=PBks?XX^h<$~lC6c@6D&E-8vj!KC-G?Mmvif!do%*wmv%chR_}U}mpuFVZk~e4 z&(dQ=HtI~i@=o*BNsS8LKvo~NJK7x)-Q8~s1FxLDC8M`S{a|s)M>+jO;ZLW`luz`P zhR;#!TL0dwdTUnULali>H*0eJ%{+2^Z(BsImcQ5fdoj~ORy>hCc}VquQ{UFGr8n%n zQvPNzE#4r>`B$WHZ;_QY-%QbY4Zjwg6jbh58l2yE;Z5RFo4b*c6F=z%MO04Nqg1)h z?Pp|4!*6GgXY(Y#oc_1T{`$XbHu_x7zSADcT>2Q8?S3FK;>4}~y!C1ye9d~jRjUrY I3tIjR06WaF!vFvP delta 1092 zcmZ3%HIs9KPJO7MXMwhvOOaW*b5K}elv84;pO2@jcSMvyX0kn%J>@>3nN zlf&~(9DP#UvvS;wqdY=9wX2ehLNkj?!m>RRO^hRhBZI^9xdQY2D#Nq#$}F_qvi&N{ zk}``eEj%o;bYUBS3Cu`D^#*swUiAh@j5 zAl0u@KV=w zZBMVEvGJl3$VG70RWntE*t<8Q@hKneXeJ<71Lmnd|GE8sM8` z7Ll!A5D`=y@X$Eway3oQy{EB*iZ{G3yl5;}{*OH1q?F1f0gsI+=fV6ea? zsh6?GJ|DftZ(dYkJe%oX>{3Ig8qKb=4O30F2JVZ9>{vZH?Uj_t^x|8ZG! zJ=2I=U-%I{|cCpHV682Y5tS24& qw$9vYhqYjs+qK}=_U9}-r==E6_bv$b=LuiVP+B*;`|+!fX=VU7c#-n} diff --git a/secrets/ldap/pw.age b/secrets/ldap/pw.age index 4a2d904f9f34f755d126b95279198ab973b47879..670e8a404d6bb37d26b6f4c228dfcec644c76196 100644 GIT binary patch delta 987 zcmcc5zKLUkPQ7Jlu}_vqR*0WLfOA=hVQ8UgYE^EMhjxZ{wtiumTdAjMrD0fpYLJg{ zHkY%hcSw|nSF%A?n14k?m}OO6rHT6t3%yV(i4XM(1 zG7j=H@iL9__w_dMFLd{J%Fz!hF7+rgPcsZM;mS(P_V;rx&ezZI&(e1(GAM9yDaou1 zG%F3y3~{W=Ni+=zOD@#*4+{4)n0%H|ygtvntTNZa)zi2*xTq{GKh!lpBCxPLCnqD) zGO$eFIV&t9G+*1*q%1hwf-BF-DZjX^(9^{w#3d`Ou*A~cILS1{J0vpSGR?rqyP(*= zB%rX$DbXb>9X$p-k_<8n0u?Gl{89{3-Q0?^z4D3*gH1~6OLFsl1ND>3lJiosN_;%E z(@S!yJW4Iib3D0%EXqFVk#IOSI+R~Wcvnc$ zM&x@Zl{9=iq^*462 z9(+}i^Xt)C_I)!Gg`~m_{5CY^{cm}6d(rNv4tFyh3zG$lgii=sTxUtH)A?ms%5i5_ z)XV8|S^ATM_o^-I;7z>HHJ8bgb#AlSGHaQ_U++(($IaTlc*?zHw>RqYC0<*_ajoye n{=Xf&EN@-@GF#ijDR}95!=FwMJXIPq-xyE%`SgIruBz_Um$#XIfxCBrVW_^gXJuKC zFIQ2xyMbkjU%5e2il2u|q@Q0{g>P7)rAJ75o^!H!nooItUXq1zrc1heAeXM4LUD11 zZfc5=si~o*LXl^APFcA^zHw3u71kkc_a(laFJWN7M zjV&Xh3R7LGd>qsKQiJrpD^t@d3f#++D|5Yb($jKGlCs3c- zqtd(zT`Y5hjV;{Djf;~^f-)@A!z?UQs`9*w(SxZps>;bYU7^t1$0eYsG|4$t-`6oQ z%0$0D*CoZU#4)|ZC@sP(Dyk?j%gjH(I5jyS$b!q)Fv_vqH!C#7sUo#9$*sUEza%Hm zEX>)c*fKIdAR@F>JE`0t!q~CI#TDH;k0gW4fWV38v?NFmCk1A)s5ce!M zkMv~!lft$yG&`9@?P>Rh1t3QQ4N3IhKy~DF!*7iADZ_Sz-Fl z!696wQAKVkc}dw^y1Kdw`ISKd`Z*OTmZhG#7THN|X6|7DW+4^9Sz(ce!J+1r+UCWP z?k<)Q?qwESEu~8zY^$Ew-y3nRjeXwITf&=_@7B#ZuP$EvA+L-rDkaN%@|>Q`6_%@)z6Cuw~cccLqVLY*kIF z9WoM|l;Zt_@_ACXpYJwZ(H6gW%i`_zCpClESc9s~vd!+@Y@XBeeB$bvy_Z>LNVadu ZvzoJiKljyF|8~2*6MEjcN7KK5698)wL#O}% diff --git a/secrets/secrets.nix b/secrets/secrets.nix index cfc8c12..c161ff0 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,36 +1,27 @@ let admin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin"; - silver_laptop_wsl = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHNLroAjCVR9Tx382cqdxPZ5KY32r/yoQH1mgsYNqpm Silver_Laptop_WSL_Deb"; + silver_laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQWfVKls31yK1aZeAu5mCE+xycI9Kt3Xoj+gfvEonDg NixOS Laptop"; + silver_desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN34yTh0nk7HAz8id5Z/wiIX3H7ptleDyXy5bfbemico Desktop"; thenobrainer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer"; users = [ admin - silver_laptop_wsl + silver_laptop + silver_desktop thenobrainer ]; - # change this when its properly set up agentjones = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAbqYQrdVHmGgXZJoMWWRDGVEIj775Zrf4PxB5hoth+k root@agentjones"; - - # dns servers vendetta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINxTrUPZPqttuxfmmP8BTACTAkv1yY1nfzEd64hN4LT+ root@vendetta"; vigil = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDsz1bjNAThqwF48dKIJGOECsCKHTj/Gn5Gh9XyzoSO root@vigil"; - galatea = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3Mke5YtaMkLvXJxJ3y7YAIEBesoJk3qJyJsnoLUWgW root@galatea"; - optimus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqYbbWy3WWtxvD96Hx+RfTx7fJPPirIEa5bOvUILi9r root@optimus"; - glados = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6go7ScvOga9vYqC5HglPfh2Nu8wQTpEKpvIZuMAZom root@glados"; wheatly = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEehcrWqZbTr4+do1ONE9Il/SayP0xXMvhozm845tonN root@wheatly"; - kitt = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPble6JA2O/Wwv0Fztl/kiV0qj+QMjS+jTTj1Sz8k9xK root@kitt"; - gir = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINL2qk/e0QBqpTQ2xDjF7Cv4c92jJ53jW2fuu88hAF/u root@gir"; - neuromancer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7NRDOGzSO4XVEezMS/9pI3chKbOH0fw2aikLRvea2P root@neuromancer"; - skynet = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAIFPXJswth8H1k8+zrg8vCnPkfG1hIIa3wR9DBmjpB5 root@skynet"; - earth = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMpvgQcvK7iAm0QrIp5qSvUJzDhOrSBN9MJn9JUSI31I root@earth"; systems = [ diff --git a/secrets/stream_ulfm.age b/secrets/stream_ulfm.age index 5d0f53655118e52703bcb34e42035fd4c547ff5f..ca344073cd9f42e28f3586522faf6624e449a102 100644 GIT binary patch delta 2924 zcmeAZTPQw3r{3J$Aj8}**DcV;*wHE5|S(+c+_(yt1OmBj39suQJ@S$iOMX(b&+})v-J*)Hkx!smeXm$ILGo z-8xgh6iefBg}m_mEc2oazswAus_e2zgKTH7+^k6B{6h0|w~!2<0P`GEW8;YA>~QCt zWG?OS)MOWvq!csP%zT&3Y^Thy!ZiJ0ALks$3QJ?RLjQ=M@RB6QiZG+((+r$_or{xFT%AL;{k@Cw^MgywQ;Q-C+zkx^x!fF`919Ec%FWWf z%DkM?y~0z=!pxFObKNa04MQB0!hMsA%}o+BEGsOtC&x32*E<@A`MGDCT3A@-CYol2 zmIYgsR(U$6=N9Ltlm%qFC;1u`W~S$*R5?2Pa=BI*_y@ZfhU7b@nddk=7U%gHxaIg6 z<+$W~ySN)BnWq}MyF2As`ny%;gF-3Aq}#LzVE7eH8rZlkxN%sSHUwQ$r!t{C|7-T^lRR8J>L_vibe9oAM7}-@R*5ra^>D`DIS^QVQx+`V@GZ~K>yJf`dZ)Jom%h!3d|K~%Psq_w`=egK@r_%~Z2SDw{O-kvw{=hcKYMQarDdCT|Mv5Iw9au> zc<&9Ts%f3B65UJYT5fhS&~B3`R=e${F`>9JF2P&yK8# zZx{XYc3OM2qEdB+N9M2hIiHtlC`h;@l=x{VJwC8*1&Wtq?j=D4U{@J?QWqaFap{S=RqP!;4mu{Z1W?RCEh-pEKtjcO6I|X+< zkvcm+^?1trt6Ney9W^|&t`wh+&i4+|df{AhM)t<>#JZTguosMai^Z?M;@{_frHA*n z&kvzSR?&w?p3Px0-gu5{&W9Hz_0I$!CcKGu=!|+FqHz2E)%$`w^jAytT`My>_pY*4 zasgjPgHX#uKcP!*4~$!zqY{2zI(6aw!aofGO_zLIDw4a@OyB?Px%T;jt)Y5FN#g1n z;itP<98c_4d?zA4<4?isgZAN<9?ZSETfeH)`ik0ZZU=WNOxfkT&3&y8=bByh z_inV+NEl6CeM#l5LrmYl`$E^=-Ic33^LLJ%g}Y$ySN$tLd#djIdnj*Mt$s01ps?FH ze??}-MO`nEsPevJ`))p(ZPfdMSz9lu-^E+-_qK|(`+pNljju;-m{#@s#{DpzoLd`R zmb|_A^H^sm^P!2iMUU;%a}F}w{+Cti?s-e;x0CD3TRV?hEpn{fyY%X}?E1}$O8Lu` z{+i42-%Gipa&CJ+gY9nn(=}CVwsbCk=n)g0vR&u8n&Qcjw9~s+2K>LW<QbLf=(0-x+1sDOvDioEo4_;EIzyLLD)#L>XKZe7Oq$>P zW8=YUsTQ%41@+3NOEu4*Oc9?@^J%8(v82xia^0W3bzcjAost#VtKsW?H+ zS>~j^9}O>9?x)LMvy-}SG3RAurfT6w?lUarSJ$q5a(&|JaIT4WWmbyJ74&^m=Tqh3 zs{JA*XQD)sPQMCg=kr~LlTs3WS{F)BGv|5gx>RQOv4_=?A70<6kM0O+dchI#IMdI6 zTHBg^yVBDO5*Ym%3->Gc7*{k*yp!Xe!6%W)qayaM@7<9}`Ag*2-TG4#um4h5t*rK- zDLd!Ksl6^?ciN|gZ4d14kZWw~idq%h;gd9BtHC>8wRUO6|B=_(X3wh(PHWlgoNmAD z{TA0cm5-sTd*%1veCif)sQ%=iOEwj?ng?TA(jR;@Ip-ZLv?-+Lz4V;loM&TKtuW>I zaLsP5Vaxo*JD#6b`mC4Gmh#XxyXCu4%A24xtqZZ|B{odte>^MG^=q(H^Zn4CyyDGP zn|Hoj|0Z~+j6>Y+cCB~EE^Jt<+H87GdShtCcO9k_^ZzHGaQ(G^^r|zI+o5Z6{j!U@ zkN5BW*Qzu-_V4a*iKl9=h3&htPI*;<+P~W?UT&X$a<2T=bvd&4w@gseIIhj3CM7qS zw}qpb`D4@qgq5Sm$(f)Ynk}nm(MGyQp^lL^MN={hg-&kGE z@#@62lH!Xur-yG+F*eg&wxdlkNR#{DT-z`8m4z3B{YuzZS}QlbowVqd+>2e)E~vlT z;rQys6ln!h&u*q@LA${7K61Y5Gs6E(TxGk_MuWN4ss3@wt~35`JlP&CTRC6d>-gkM z6CwMRXB$s$&YZ)a`BzVhLv)Jur<6@KOc^O<@ zn}b#tpQyij@5s}|`JWE0d0r(w;kwxKWRsUyr(Awet$b|z+G5wzONq_S|88d7KGVN> zt%1uWervG}lh}{28QhB7o|v=H<>-eiS$8v6Ff2)qtx53Tdrr_kYWAW#uYC@Fw0qmI zCgf^-u>7j+-PP>huk)%Y~7h5pC_^V}UuE~0Pc7MIK^Q@YlzY`O)-(8A7 zXvWYdE>(9is7Ixi% zQvD~6Ok_;W%28R@`&9Y>2cJ#;?~0$X*H{GYSsv|Hmdue|RrvXi^Y@dsDbsJIo%pr1 zdQykr|Li4ms@>o-QKgT(20yIINr8bLvVruI>sk zJF>z&G$xFhPj-#p?>TCx-M+4!dy7#aM)%J>wrTzWGgbW@-*>Dy!jM(I!%E8hzn$s+ zTer$XA0==ud;T_Uv1(RW{PpgQ;f=dBG!5#5H!}QN6=&*riO=U`&b82uDt$-d6((NX z#G1Bq>(nP_&D!~w*K#$bWm!mj*eLieWoYr7lUtEjq;cDGlcJSfNNM-gxLw{=E=OZO zw7dNfvJ6vTQZ4=eV2!EN+?%oo!=CBKExY@0Zdl>tSmnzWb7pMZkakH@^mHI1vB< delta 2777 zcmZ1|-X}Ier#>}1Jj&BtKd-_lB{?spAgjvIEXu>&GO)s^%-`KO)ypY0FVMiR$S}ju zmn*tDT&&#qf+py5mHzXi0(6Xq~z|EjM+u1a=yudf9O5f5+-?Y#* zHNfA^F*z@p%b+kU%cs~g$j>spG(6I{*vHpf-z~o|DAl9D*x#)rrNqq8G@`1&%fzI3 zay+AWctpCHOOAn~uX$>zQE*mZUb2y&Wk!*)VY*RST7G$XzDu!ocxgeTL77uFSD15h zps%(?WUzaBMwVr^TV-ZoR&JzzNpe(DS!G2;SyX|uYo52enR#IGfu*^0L^6*Z{t0-^@PS3FPC@VFJOg3;&@~A3vDhw+%4~R6V@D2(0jBxekN>F_= zV{TP&yY}WKf>Ad=KM(aTxytRI>@p>zvVPCHDbAmD^8DpPmTs$Ns-GJt!XW>m>P*-K zoyk|ke(P^oReaG>q`lu{Ywo@+&HfTsg1K!JL_@yaC{qg*`d%R5;m%&Mr>1L$T}p7G zYwbT?mqr_@H`5<2(VuGb*End8eT zZy$F)CzDlq(^K2F>+h}qV!V=aik>dtRj%lzTOBJUY~%T>(poGJgBWxvbf&!aB; zi8q!j1hr`H_Lo|+!?xth`SwLU`afIm{;8d)#c=Gm>yjrfr``VV`zBv<^l0+a^;&T+ zeUD68`TCKffTGihhtV<)dn>Qoc~+*?Gn}0ra_Xb}ulJg|{`u=AR&M`$`Qno0A9vQL z@A5k$@#VmhHr_MbKa{6x_i5jYmgD|;WA~wNkC**hE33xZd#ml`(t^(P%)|S)RD3`6 zW{TZ{J0+|v>KR9@-j{s0EdS`>%71_NoGr8br=5L0ZQHaZ*8?W|Sr|wjtlaV5GR*f4 z`wx}R4>#E=C|VSF9zU(PHPyb9^Mel84c%kOvQ72(bGO@vTo$jM_;eXl-0g=Y!ncg= z+Ny5$bZiu|!&)b!_pH#ch$`ZP;!PM^C4h@Y=dHQ7lt7oO_rOccJig{YI+^jC*eEWK6c% zQ=iS^vFo-)X2^o40f!AsHsAbX*&SNm_hrhZe<4Sf#Jl-B&pD~}YNpyQ*AM>X)xN@N zHwvZqKeNgeT({zA-?r6nub9Z`tM0Hpb7L0sAKtAKg;WjQ@@}60{diX$TjTqco_~c* zCYw~9{=Z4M;PlKGKAjWmMa5+5zaJC2a9s9UUNy=2k4uAxm6YckYO~ z_VvVq{l!6DWw(y>%v5|Pa_j!7(;i(BZuehoe>q3<^`4{I$Bt%7&VD;fVD8UG))JF# z+9Lm3l|q&`YSix&y;%E9LlgbY)&Nm+2^H#A~)Uf_(-A4ZnOwWF~`oDAgvSDvM ztBRG?FZ z@Jlc2OM-`IUf2=UbX+BA^^;(h&ZUC&7Udh&|E%{}m)x1{;45D$@X1VDVwy{L^;;o- zmxffuQnA22mTOJE|KYg4{s{;Fx%(e4KlZyHd8=M3yCkdS#`6R7Uy7R^PdH}xl8@!% zy8biuYz2>f*OV(ymD}+`p4a=N#0%XtR^E_cU$w%)Tpg`s;H1(kb3i->I%u2J%an97G_<)-Y9%oY7bAA zJH+ls=bvOlWqi@QgG4KNkn;o;`G?vFP8473(&vxh~XvEaIi; zvviGLf1m3l+*PNJpIn5#IlX+Oik84TE^LVr|Njk3h{{_c*BpWv1oi>$g)~M|8eOgp->(h zuFiM-tKUu&%9>=_q2D!01x{fB$Qi&ksNBo%G>X_zj`seyo09pW1ayKJqvBiI>2W z!#{4k@w-=jsm=4re~+(~i<=ayx2o&J{c@cBKW0DUR2$)|$!2$*)86?gs+*Jw*Ti>9 z`CVk4b5VZ^x7g7$QZoh1+dJkaya|ojDPEA(fAxywDTlM%&%fq1?9AG&_@>h*qpSWv zi5bIrDU}iU+ zys5}uZYADx(Sp0&PV;|gXuos!$L<^N!h7U;PyT-CC1Kii?(&4`{&)8(zBI9`X1TZ| z?@-#0^_x#P?3|dq>2ku#sAbyQIu^_^xK~{pTwPzAwXyET%z!5GLwcbn>;&7)7uD=J z&MmXL`@Y7zH!Ra_e1bD)J-fko@g_&xn@tQUfnO(CFZkg#_0yWr2Qz;2bKYz@|0`k5 zbtgx;#UgIOEZHh^T6zv-s4QERn)1lU^6r{4y~}DUCZD*rE)xiNI_chi+r%rkovrlu zA9=?AiEY}iqxA>>Cxv`6;8UEJXMFElvqoObeA8=xHq>9XXp3x8x!hE6eI4_aqL%rS zH@v;{(>>T?-`CxHf5p~Z;aRV{pt?YGwumy{k-Yd!wdwb^=M`LtauD<1Xw6m^Yu~I`$mxBl{Pte0#Q4SM0=l;E-WaK4G~wZttncr-FWM?**H_7JG>lB2QgsE@e{xNF4G)tf()t1L&b=BFwx3*hsY*bfF>tE<3 z$uqzFlFRx^ouz6LUJVsXEm|xsS?ZVseJ(8CC2~Yn;(N2)L+P7^Z?opqHXP+p_#nKA zJ&3(c?p5eo7WN_*Nz Date: Tue, 26 Sep 2023 18:11:02 +0100 Subject: [PATCH 050/826] fix: cors testing again --- applications/ldap/backend.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/applications/ldap/backend.nix b/applications/ldap/backend.nix index 4a75272..477a485 100644 --- a/applications/ldap/backend.nix +++ b/applications/ldap/backend.nix @@ -75,8 +75,7 @@ in { # add_header Access-Control-Allow-Origin "https://account.${cfg.domain.base}.${cfg.domain.tld}"; # ''; extraConfig = '' - add_header Access-Control-Allow-Origin "https://account.${cfg.domain.base}.${cfg.domain.tld}"; - #add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Origin "*"; ''; }; From 6de8c15b48ac52516f415cd4d73692b4010d4968 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Tue, 26 Sep 2023 20:23:01 +0000 Subject: [PATCH 051/826] [skip ci] Updated flake for skynet_ldap_frontend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 46cac76..42c3621 100644 --- a/flake.lock +++ b/flake.lock @@ -565,11 +565,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1695646276, - "narHash": "sha256-NnXMeksB67KXBsTub5Ap3brmb+sHKewepfQO4ZsXn8c=", + "lastModified": 1695759770, + "narHash": "sha256-CYHLoGI7KFt8XM/FnU0pOtFq3Y1B/lfewovSgU2Yff4=", "owner": "compsoc1%2Fskynet%2Fldap", "repo": "frontend", - "rev": "d44884309f27780eb4441a4f88afadc8545a9057", + "rev": "3c3649ccfe091564a48187a7e2a0bd89991bb7b9", "type": "gitlab" }, "original": { From bf2b29a1e442ec42e56d67b48e3828c773aa419f Mon Sep 17 00:00:00 2001 From: runner_nix Date: Tue, 26 Sep 2023 21:49:33 +0000 Subject: [PATCH 052/826] [skip ci] Updated flake for skynet_ldap_frontend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 42c3621..a14c67b 100644 --- a/flake.lock +++ b/flake.lock @@ -565,11 +565,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1695759770, - "narHash": "sha256-CYHLoGI7KFt8XM/FnU0pOtFq3Y1B/lfewovSgU2Yff4=", + "lastModified": 1695764963, + "narHash": "sha256-aa1btcUNdDKIgycrAsciGOmWdv3aB1/m/+m7bMrxrkE=", "owner": "compsoc1%2Fskynet%2Fldap", "repo": "frontend", - "rev": "3c3649ccfe091564a48187a7e2a0bd89991bb7b9", + "rev": "2038a88466090f198aba56524a1d19e4e082f1cb", "type": "gitlab" }, "original": { From 19e325d345e5882cbe3021d2975d9e6392dc5451 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Wed, 27 Sep 2023 01:24:36 +0000 Subject: [PATCH 053/826] [skip ci] Updated flake for skynet_ldap_frontend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index a14c67b..1357b4e 100644 --- a/flake.lock +++ b/flake.lock @@ -565,11 +565,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1695764963, - "narHash": "sha256-aa1btcUNdDKIgycrAsciGOmWdv3aB1/m/+m7bMrxrkE=", + "lastModified": 1695777855, + "narHash": "sha256-1M0M0aqmdVnLLyRBKcwkwg06+UU+9A2+QUO6Dp1b0DU=", "owner": "compsoc1%2Fskynet%2Fldap", "repo": "frontend", - "rev": "2038a88466090f198aba56524a1d19e4e082f1cb", + "rev": "d97ecde7fc4fb4b260e2b6e171c20e7ad65a388b", "type": "gitlab" }, "original": { From adb04543da98c8ef0bbbe0486593049062048c65 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 27 Sep 2023 11:37:45 +0100 Subject: [PATCH 054/826] fix: ldap details were wrong --- secrets/ldap/details.age | Bin 1320 -> 1318 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/secrets/ldap/details.age b/secrets/ldap/details.age index 4205e8cedf782a6d5504a713068d9ab928252484..6198559a13ac048b128dcfc41018aa7decae93b5 100644 GIT binary patch delta 1214 zcmZ3%wTx?mPJM1xP(gNnc2-Gla$1#vQ+j|?j!V9GS%ts3hmpRKMRJ~xlXGcOW_X@s zK9{GZlR;Ubv13qrQAL@XVR(9hsYQ0ANv=goRB)Hywu365R+8)_lX$6_- z;a(+q&K72QX+?Q1?q1GCZYdf0rIkKrURBPf-o@o<{-%|FnZ==#;~B-nGu>TsilcIp z1KmRWf?RWb!V41J!@T_pObjFS^HU3aa=n7e14Deg48qH~45BKM!*V?evMN*4Qrz9W zvdl`VBGQ6f!}5&FQqxO}-O5}FqRPX=42&ZupJf!UPjnCS$;&M>%t)^)35|%#2?~k` zs`AvXG&ITdGBv5P^b2(L^9^?Oa5D_$%8e*b4KFInb`2~tDb){h40F=XH7qTTFtH3y zadR>Va*oO_j0_4W*AB8kkAc#tDktM~1t)#|QfR03+S`uaITVUoN8Cn+N7955apb2Zdhzo7*v!D@=9i!ez3i|ZhBE_ zVsWZMv46OYcbT7>f^TiAf{}u~ZF;7DvVMIDSDLA%c94&Gpjo<8ns;(Va(PIJWvG9J zzCo3-hqGB&PELTOYj{*fag()x~9;x_!L+FO!G>;uKcD%b@Q*L_N`0o=#izBbD__AfJn`xapLpJ-- zma3^uPAr`#ON@PLwoU!Y?xn1ARA)hvW9LbCw^M~T-Y*b5rtal<+q)aiO8wDVwFh4)NLBUz z-SDdTNy;5FPnOD>?PYyxA#&U1PcZhbo6B delta 1216 zcmZ3+wSsGcPQAH#eu-yfm|1aHQcku-o~f(8qf>5#PriFtUUET^S7@kNS(jXCkD<4|Pl-`jo=1L&YiN2=_5A`TpJf!Uj|eu;2=R{4FH3RGPIs%&E_8J- zC^RstDoxAHiEuPY_6W#u^-B+na?c3l%5^cY(9ei8E$}vWFN*Lek1$UUcJuVeiwv_& z3P}s7vh>PLH8%=yGt4wWkAc#tDktM~g;GD)aDyyIW217@Y?t)>^sM^waN`UE<4i*{ zi~Jm?kRW5%95)LW4}U*H6Rr@CNTULiN&`>Vl&s{OayR`j%fe98?0g^h+>pq$u*|GL zZ`UxV%1X_RgFW=~T(mqpZOTzqI4UL@~ zP2J25EzB}4U9!27$_rC6Tq}~&qAE($3)8$kEmHCgObq?X{av$@Dm=W*Dk44d++8eE zlOQ2yobKc2R_K{iXqsy3yoLS{==3(hm>K5)}=u>GLWnyljo#dY9nCr{ssxw}(fl$WoUOP;n{mA_}EUs6R#np256msduJWnM_BNkLj!a%yTIm#(g^f_ZkL zUq(rKXi>0FmT#1wqe)VrL5hBuv1LVSQc+r9T5@hmu2(^EWJOppS7&rBbAZaWdKEE2 zUlUi6B1z8lOM#M-t%ckZEIG~^|5E%X@o4FnbL*UYGy>h1b~`s#?|PD#Jp1`>o`T8G z(qlw6>P)`!PV?1CjSAjCRv)%I+8q(y-ERv6ubjOlqqj!=U~$PuIsHW8Pp8b3PxO_B z&r$1I|K6*5YgXYxt$8;$YjXX~JaT+*TSTpvzt{SEG1Ed;Jdr(lNcDhI-`23DH|)Gp z{$?;O-XO{OSEO)nk(D;zOwoA_zZRSnRPI5 From 94baa0ec12d43c02c49686e6ab7878ce6fae1d46 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Wed, 27 Sep 2023 12:11:53 +0000 Subject: [PATCH 055/826] [skip ci] Updated flake for skynet_ldap_frontend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 1357b4e..7e3058b 100644 --- a/flake.lock +++ b/flake.lock @@ -565,11 +565,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1695777855, - "narHash": "sha256-1M0M0aqmdVnLLyRBKcwkwg06+UU+9A2+QUO6Dp1b0DU=", + "lastModified": 1695816703, + "narHash": "sha256-iGkgzgHJKAHEChlD0PG0/l9a1OFq6+ZmKNBtDAJ1kT4=", "owner": "compsoc1%2Fskynet%2Fldap", "repo": "frontend", - "rev": "d97ecde7fc4fb4b260e2b6e171c20e7ad65a388b", + "rev": "f1ee82e43faafbf746efccbcfde627d136113843", "type": "gitlab" }, "original": { From 5c47f15ce6a78dbe78d46aa2e6cfd2adaa41d2a1 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Wed, 27 Sep 2023 12:15:45 +0000 Subject: [PATCH 056/826] [skip ci] Updated flake for skynet_ldap_frontend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 7e3058b..255d1a4 100644 --- a/flake.lock +++ b/flake.lock @@ -565,11 +565,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1695816703, - "narHash": "sha256-iGkgzgHJKAHEChlD0PG0/l9a1OFq6+ZmKNBtDAJ1kT4=", + "lastModified": 1695816872, + "narHash": "sha256-PHAuT+zM2PMmzgk01WYQlTxUmre31JEDuKkzXGbNL2M=", "owner": "compsoc1%2Fskynet%2Fldap", "repo": "frontend", - "rev": "f1ee82e43faafbf746efccbcfde627d136113843", + "rev": "fb5990602a36cf748de63d415abec5798f20dd83", "type": "gitlab" }, "original": { From d8df11dcf19d1823ee59e99c5259e2c63a4fc585 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Wed, 27 Sep 2023 22:59:16 +0000 Subject: [PATCH 057/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 255d1a4..b293b5e 100644 --- a/flake.lock +++ b/flake.lock @@ -544,11 +544,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1695683054, - "narHash": "sha256-7C+ag3pnw/9oOIlc/f0FS5jViL0S9f4wN3F8behwI30=", + "lastModified": 1695854857, + "narHash": "sha256-EyToHIEHft60vKRkndP5siyq17W+vJmqA/dug80WZgM=", "owner": "compsoc1%2Fskynet%2Fldap", "repo": "backend", - "rev": "f60345493cd33ddaa7f8d8f1b62e5c0777381abe", + "rev": "9db8a238d2bf7be8bcfa86012b26180c041c13d1", "type": "gitlab" }, "original": { From 48c271cf3fddd302a44e70eee8d1f3b5f7d4625b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 28 Sep 2023 00:26:32 +0100 Subject: [PATCH 058/826] feat: add the slides site --- applications/skynet.ie.nix | 14 +- flake.lock | 399 +++++++++++++++++++++++++------------ flake.nix | 4 +- 3 files changed, 289 insertions(+), 128 deletions(-) diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix index f93581c..4f22f59 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -29,6 +29,7 @@ in { # the root one is already covered by teh certificate "2016.skynet.ie" "discord.skynet.ie" + "slides.skynet.ie" ]; skynet_dns.records = [ @@ -48,6 +49,11 @@ in { r_type = "CNAME"; value = cfg.host.name; } + { + record = "slides"; + r_type = "CNAME"; + value = cfg.host.name; + } ]; networking.firewall.allowedTCPPorts = [80 443]; @@ -70,12 +76,18 @@ in { root = "${inputs.skynet_website_2016.defaultPackage."x86_64-linux"}"; }; - # archive of teh site as it was ~2012 to 2016 + # a custom discord url, because we are too cheap otehrwise "discord.skynet.ie" = { forceSSL = true; useACMEHost = "skynet"; locations."/".return = "307 https://discord.gg/mkuKJkCuyM"; }; + + "slides.skynet.ie" = { + forceSSL = true; + useACMEHost = "skynet"; + root = "${inputs.compsoc_slides.packages.x86_64-linux.default}"; + }; }; }; }; diff --git a/flake.lock b/flake.lock index b293b5e..dac1ae7 100644 --- a/flake.lock +++ b/flake.lock @@ -63,6 +63,26 @@ "type": "github" } }, + "bfom": { + "inputs": { + "naersk": "naersk", + "nixpkgs": "nixpkgs_4", + "utils": "utils" + }, + "locked": { + "lastModified": 1695591744, + "narHash": "sha256-3gbqM5smCXV/MrEO9frmc/cJbKHFoUW/eOfFu88Dg9w=", + "owner": "silver_rust", + "repo": "bfom", + "rev": "12301d7e8dca2312c2e7db9760b953458b43b076", + "type": "gitlab" + }, + "original": { + "owner": "silver_rust", + "repo": "bfom", + "type": "gitlab" + } + }, "blobs": { "flake": false, "locked": { @@ -79,6 +99,28 @@ "type": "gitlab" } }, + "compsoc_slides": { + "inputs": { + "bfom": "bfom", + "nixpkgs": "nixpkgs_5", + "utils": "utils_2" + }, + "locked": { + "host": "gitlab.skynet.ie", + "lastModified": 1695856541, + "narHash": "sha256-DUz7mZRFm0BCj6jJo+pUzML4vlVsP0Xgppozvp0uiZU=", + "owner": "compsoc1%2Fcompsoc", + "repo": "presentations", + "rev": "d93a8e0a8d0e596b3c8c0fdf98bfa194faea2027", + "type": "gitlab" + }, + "original": { + "host": "gitlab.skynet.ie", + "owner": "compsoc1%2Fcompsoc", + "repo": "presentations", + "type": "gitlab" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -162,7 +204,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1689068808, @@ -233,7 +275,25 @@ }, "naersk": { "inputs": { - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1652722411, + "narHash": "sha256-FxzNgYiH9c91hUVAntcjrqY//KOTUPP2a4e8Wyuysxg=", + "owner": "nix-community", + "repo": "naersk", + "rev": "94beb7a3edfeb3bcda65fa3f2ebc48ec6b40bf72", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "naersk", + "type": "github" + } + }, + "naersk_2": { + "inputs": { + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1692351612, @@ -249,9 +309,9 @@ "type": "github" } }, - "naersk_2": { + "naersk_3": { "inputs": { - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_10" }, "locked": { "lastModified": 1686572087, @@ -314,6 +374,49 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1687011986, + "narHash": "sha256-ZNSi/wBw12d7LO8YcZ4aehIlPp4lgSkKbrHaoF80IKI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2c09e8eb8717e240ef9c5727c1cc9186db9fb309", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_11": { + "locked": { + "lastModified": 1686921029, + "narHash": "sha256-J1bX9plPCFhTSh6E3TWn9XSxggBh/zDD4xigyaIQBy8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c7ff1b9b95620ce8728c0d7bd501c458e6da9e04", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.05", + "type": "indirect" + } + }, + "nixpkgs_12": { + "locked": { + "lastModified": 1687274257, + "narHash": "sha256-TutzPriQcZ8FghDhEolnHcYU2oHIG5XWF+/SUBNnAOE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2c9ecd1f0400076a4d6b2193ad468ff0a7e7fdc5", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_13": { "locked": { "lastModified": 1689935543, "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", @@ -327,7 +430,7 @@ "type": "indirect" } }, - "nixpkgs_11": { + "nixpkgs_14": { "locked": { "lastModified": 1690026219, "narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=", @@ -358,6 +461,48 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1652840887, + "narHash": "sha256-gEK4NNa4GwIgTZE63kt/4WTFAWRTJVSa30+h4ZjFh9U=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "52dc75a4fee3fdbcb792cb6fba009876b912bfe0", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1652840887, + "narHash": "sha256-gEK4NNa4GwIgTZE63kt/4WTFAWRTJVSa30+h4ZjFh9U=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "52dc75a4fee3fdbcb792cb6fba009876b912bfe0", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1691371061, + "narHash": "sha256-BxPbPVlBIoneaXIBiHd0LVzA+L4nmvFCNBU6TmQAiMM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5068bc8fe943bde3c446326da8d0ca9c93d5a682", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_6": { "locked": { "lastModified": 1691276849, "narHash": "sha256-RNnrzxhW38SOFIF6TY/WaX7VB3PCkYFEeRE5YZU+wHw=", @@ -372,7 +517,7 @@ "type": "indirect" } }, - "nixpkgs_4": { + "nixpkgs_7": { "locked": { "lastModified": 1670751203, "narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=", @@ -387,7 +532,7 @@ "type": "indirect" } }, - "nixpkgs_5": { + "nixpkgs_8": { "locked": { "lastModified": 1693060755, "narHash": "sha256-KNsbfqewEziFJEpPR0qvVz4rx0x6QXxw1CcunRhlFdk=", @@ -401,7 +546,7 @@ "type": "indirect" } }, - "nixpkgs_6": { + "nixpkgs_9": { "locked": { "lastModified": 1693087214, "narHash": "sha256-Kn1SSqRfPpqcI1MDy82JXrPT1WI8c03TA2F0xu6kS+4=", @@ -416,56 +561,14 @@ "type": "indirect" } }, - "nixpkgs_7": { - "locked": { - "lastModified": 1687011986, - "narHash": "sha256-ZNSi/wBw12d7LO8YcZ4aehIlPp4lgSkKbrHaoF80IKI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2c09e8eb8717e240ef9c5727c1cc9186db9fb309", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_8": { - "locked": { - "lastModified": 1686921029, - "narHash": "sha256-J1bX9plPCFhTSh6E3TWn9XSxggBh/zDD4xigyaIQBy8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c7ff1b9b95620ce8728c0d7bd501c458e6da9e04", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-23.05", - "type": "indirect" - } - }, - "nixpkgs_9": { - "locked": { - "lastModified": 1687274257, - "narHash": "sha256-TutzPriQcZ8FghDhEolnHcYU2oHIG5XWF+/SUBNnAOE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2c9ecd1f0400076a4d6b2193ad468ff0a7e7fdc5", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, "root": { "inputs": { "agenix": "agenix", "alejandra": "alejandra", "arion": "arion", + "compsoc_slides": "compsoc_slides", "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_6", "simple-nixos-mailserver": "simple-nixos-mailserver", "skynet_discord_bot": "skynet_discord_bot", "skynet_ldap_backend": "skynet_ldap_backend", @@ -495,10 +598,10 @@ "inputs": { "blobs": "blobs", "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_7", "nixpkgs-22_11": "nixpkgs-22_11", "nixpkgs-23_05": "nixpkgs-23_05", - "utils": "utils" + "utils": "utils_3" }, "locked": { "lastModified": 1689976554, @@ -516,9 +619,9 @@ }, "skynet_discord_bot": { "inputs": { - "naersk": "naersk", - "nixpkgs": "nixpkgs_6", - "utils": "utils_2" + "naersk": "naersk_2", + "nixpkgs": "nixpkgs_9", + "utils": "utils_4" }, "locked": { "host": "gitlab.skynet.ie", @@ -538,9 +641,9 @@ }, "skynet_ldap_backend": { "inputs": { - "naersk": "naersk_2", - "nixpkgs": "nixpkgs_8", - "utils": "utils_3" + "naersk": "naersk_3", + "nixpkgs": "nixpkgs_11", + "utils": "utils_5" }, "locked": { "host": "gitlab.skynet.ie", @@ -560,8 +663,8 @@ }, "skynet_ldap_frontend": { "inputs": { - "nixpkgs": "nixpkgs_9", - "utils": "utils_4" + "nixpkgs": "nixpkgs_12", + "utils": "utils_6" }, "locked": { "host": "gitlab.skynet.ie", @@ -581,8 +684,8 @@ }, "skynet_website": { "inputs": { - "nixpkgs": "nixpkgs_10", - "utils": "utils_5" + "nixpkgs": "nixpkgs_13", + "utils": "utils_7" }, "locked": { "host": "gitlab.skynet.ie", @@ -602,8 +705,8 @@ }, "skynet_website_2016": { "inputs": { - "nixpkgs": "nixpkgs_11", - "utils": "utils_6" + "nixpkgs": "nixpkgs_14", + "utils": "utils_8" }, "locked": { "host": "gitlab.skynet.ie", @@ -711,13 +814,28 @@ "type": "github" } }, + "systems_7": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "utils": { "locked": { - "lastModified": 1605370193, - "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", + "lastModified": 1652776076, + "narHash": "sha256-gzTw/v1vj4dOVbpBSJX4J0DwUR6LIyXo7/SuuTJp1kM=", "owner": "numtide", "repo": "flake-utils", - "rev": "5021eac20303a61fafe17224c087f5519baed54d", + "rev": "04c1b180862888302ddfb2e3ad9eaa63afc60cf8", "type": "github" }, "original": { @@ -728,61 +846,7 @@ }, "utils_2": { "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1692799911, - "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_3": { - "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1685518550, - "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_4": { - "inputs": { - "systems": "systems_4" - }, - "locked": { - "lastModified": 1687171271, - "narHash": "sha256-BJlq+ozK2B1sJDQXS3tzJM5a+oVZmi1q0FlBK/Xqv7M=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "abfb11bd1aec8ced1c9bb9adfe68018230f4fb3c", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_5": { - "inputs": { - "systems": "systems_5" + "systems": "systems" }, "locked": { "lastModified": 1689068808, @@ -798,7 +862,76 @@ "type": "github" } }, + "utils_3": { + "locked": { + "lastModified": 1605370193, + "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5021eac20303a61fafe17224c087f5519baed54d", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_4": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1692799911, + "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_5": { + "inputs": { + "systems": "systems_4" + }, + "locked": { + "lastModified": 1685518550, + "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "utils_6": { + "inputs": { + "systems": "systems_5" + }, + "locked": { + "lastModified": 1687171271, + "narHash": "sha256-BJlq+ozK2B1sJDQXS3tzJM5a+oVZmi1q0FlBK/Xqv7M=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "abfb11bd1aec8ced1c9bb9adfe68018230f4fb3c", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_7": { "inputs": { "systems": "systems_6" }, @@ -815,6 +948,24 @@ "repo": "flake-utils", "type": "github" } + }, + "utils_8": { + "inputs": { + "systems": "systems_7" + }, + "locked": { + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index be197da..cbf33f8 100644 --- a/flake.nix +++ b/flake.nix @@ -15,17 +15,15 @@ }; # email - # simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05"; simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; # account.skynet.ie skynet_ldap_backend.url = "gitlab:compsoc1%2Fskynet%2Fldap/backend?host=gitlab.skynet.ie"; skynet_ldap_frontend.url = "gitlab:compsoc1%2Fskynet%2Fldap/frontend?host=gitlab.skynet.ie"; - skynet_website.url = "gitlab:compsoc1%2Fskynet%2Fwebsite/2023?host=gitlab.skynet.ie"; skynet_website_2016.url = "gitlab:compsoc1%2Fskynet%2Fwebsite/2016?host=gitlab.skynet.ie"; - skynet_discord_bot.url = "gitlab:compsoc1%2Fskynet/discord-bot?host=gitlab.skynet.ie"; + compsoc_slides.url = "gitlab:compsoc1%2Fcompsoc/presentations?host=gitlab.skynet.ie"; }; nixConfig.bash-prompt-suffix = "[Skynet Dev] "; From 385059e7b7a361989c7244f56ea146f093b95a5c Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 28 Sep 2023 00:47:33 +0100 Subject: [PATCH 059/826] fix: make it easier to browse the slides --- applications/skynet.ie.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix index 4f22f59..f9d2e88 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -87,6 +87,7 @@ in { forceSSL = true; useACMEHost = "skynet"; root = "${inputs.compsoc_slides.packages.x86_64-linux.default}"; + locations."/".extraConfig = "autoindex on;"; }; }; }; From 41b707c81048237bc73701570aa2a55abe2712be Mon Sep 17 00:00:00 2001 From: runner_nix Date: Wed, 27 Sep 2023 23:55:16 +0000 Subject: [PATCH 060/826] [skip ci] Updated flake for skynet_ldap_frontend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index dac1ae7..c4641f9 100644 --- a/flake.lock +++ b/flake.lock @@ -668,11 +668,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1695816872, - "narHash": "sha256-PHAuT+zM2PMmzgk01WYQlTxUmre31JEDuKkzXGbNL2M=", + "lastModified": 1695858897, + "narHash": "sha256-mXTqtdScfpqYG+6qDC7NpDCy91gmviXtjxEbnR31TCU=", "owner": "compsoc1%2Fskynet%2Fldap", "repo": "frontend", - "rev": "fb5990602a36cf748de63d415abec5798f20dd83", + "rev": "63388a8d1cfcfc020d307aca07af09d165ef7d18", "type": "gitlab" }, "original": { From 8c0d217b9465f8ecfe404c557eaaade754a92366 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 28 Sep 2023 01:25:28 +0100 Subject: [PATCH 061/826] ci: no need to run these jobs on merge requests --- .gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6799ed8..d3f0965 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -75,6 +75,8 @@ update: only: refs: - main + except: + - merge_requests build: <<: *builder From 70e867acd1075b1cfa204b680802a605fb44abc3 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 28 Sep 2023 09:56:14 +0000 Subject: [PATCH 062/826] ci: hopefully this works --- .gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d3f0965..114df31 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -73,8 +73,8 @@ update: - *scripts_deploy - *scripts_base only: - refs: - - main + - main + - gitlab.skynet.ie/compsoc1/skynet/nixos except: - merge_requests From b77c265a127c11136d18a2fba2fc649bdbc4af8c Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 28 Sep 2023 10:05:58 +0000 Subject: [PATCH 063/826] ci: more testing --- .gitlab-ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 114df31..77e7bae 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -73,8 +73,7 @@ update: - *scripts_deploy - *scripts_base only: - - main - - gitlab.skynet.ie/compsoc1/skynet/nixos + - main@gitlab.skynet.ie/compsoc1/skynet/nixos except: - merge_requests From 344b70bf9f13acc1f573458cebe1a19e41e20a8f Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 28 Sep 2023 10:10:56 +0000 Subject: [PATCH 064/826] ci: try try again --- .gitlab-ci.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 77e7bae..c07192f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -72,10 +72,8 @@ update: before_script: - *scripts_deploy - *scripts_base - only: - - main@gitlab.skynet.ie/compsoc1/skynet/nixos - except: - - merge_requests + rules: + - if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet/nixos" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' build: <<: *builder From cdded657c04dae25528e894858abb4b8058269a7 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 28 Sep 2023 10:14:05 +0000 Subject: [PATCH 065/826] ci: *fingers crossed* --- .gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c07192f..1f32e21 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -59,8 +59,8 @@ update: - nix before_script: - *scripts_base - only: - changes: + rules: + - changes: - applications/**/* - machines/**/* - secrets/**/* From 3c3a23b12e9cf2b54f69c875e9416a1dc4fcc878 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 28 Sep 2023 10:15:42 +0000 Subject: [PATCH 066/826] test: dummy patch --- flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/flake.nix b/flake.nix index cbf33f8..b8b6071 100644 --- a/flake.nix +++ b/flake.nix @@ -17,6 +17,7 @@ # email simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; + # account.skynet.ie skynet_ldap_backend.url = "gitlab:compsoc1%2Fskynet%2Fldap/backend?host=gitlab.skynet.ie"; skynet_ldap_frontend.url = "gitlab:compsoc1%2Fskynet%2Fldap/frontend?host=gitlab.skynet.ie"; From dd27f13a08458e26f96d6c4bdb28989514fc6f40 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 28 Sep 2023 10:17:39 +0000 Subject: [PATCH 067/826] ci: testing again --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1f32e21..2f36cb2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -73,7 +73,7 @@ update: - *scripts_deploy - *scripts_base rules: - - if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet/nixos" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' + - if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet/nixos" build: <<: *builder From 68b7afce1e109b84416b451db8d5a25b582ff810 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 28 Sep 2023 10:18:12 +0000 Subject: [PATCH 068/826] ci: testing again - fix --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2f36cb2..abdcb6b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -73,7 +73,7 @@ update: - *scripts_deploy - *scripts_base rules: - - if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet/nixos" + - if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet/nixos"' build: <<: *builder From 54273175c70b7617f9d80f5ef2c175b4a335570f Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 28 Sep 2023 10:19:59 +0000 Subject: [PATCH 069/826] ci: testing --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index abdcb6b..1b8e578 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -73,7 +73,7 @@ update: - *scripts_deploy - *scripts_base rules: - - if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet/nixos"' + - if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet"' build: <<: *builder From 4e244222ba0b531cfeac445891869058e80c2c4a Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 28 Sep 2023 10:20:57 +0000 Subject: [PATCH 070/826] ci: test (final?) --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1b8e578..43827c5 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -73,7 +73,7 @@ update: - *scripts_deploy - *scripts_base rules: - - if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet"' + - if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' build: <<: *builder From 1c11038f489a05fcea522cd0729a7a2854659f2a Mon Sep 17 00:00:00 2001 From: daragh downes Date: Thu, 28 Sep 2023 10:59:51 +0000 Subject: [PATCH 071/826] add vim --- applications/skynet_users.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/applications/skynet_users.nix b/applications/skynet_users.nix index 194f53f..7a59359 100644 --- a/applications/skynet_users.nix +++ b/applications/skynet_users.nix @@ -55,6 +55,8 @@ in { } ]; + environment.systemPackages = [ pkgs.vim ]; + networking.firewall.allowedTCPPorts = [80 443]; # normally services cannot read home dirs From 3e747c94081f904909a13902cae3aed339080c42 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 28 Sep 2023 14:06:44 +0100 Subject: [PATCH 072/826] ci: deploy to skynet as well --- .gitlab-ci.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 43827c5..a778509 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -107,6 +107,16 @@ deploy_active: script: - colmena apply --on @active +# this is just skynet server +deploy_ext: + <<: *builder + <<: *deployment + stage: deploy + needs: + - deploy_dns + script: + - colmena apply --on @active-ext + deploy_gitlab: <<: *builder <<: *deployment From bd58a6d1698d6e5d8ab0d0fa032757bc92a0af73 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 28 Sep 2023 14:13:31 +0100 Subject: [PATCH 073/826] ci: this job wont succeed, will need tot alk to ITD about it? --- .gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a778509..1cc8f51 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -116,6 +116,7 @@ deploy_ext: - deploy_dns script: - colmena apply --on @active-ext + allow_failure: true deploy_gitlab: <<: *builder From 7ed6fdeb3b60bbe0ffa82e106b4349ad74f2119c Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 28 Sep 2023 17:11:35 +0100 Subject: [PATCH 074/826] make "presentations" more general --- applications/skynet.ie.nix | 8 ++++---- flake.lock | 4 ++-- flake.nix | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix index f9d2e88..0af1f8c 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -29,7 +29,7 @@ in { # the root one is already covered by teh certificate "2016.skynet.ie" "discord.skynet.ie" - "slides.skynet.ie" + "public.skynet.ie" ]; skynet_dns.records = [ @@ -50,7 +50,7 @@ in { value = cfg.host.name; } { - record = "slides"; + record = "public"; r_type = "CNAME"; value = cfg.host.name; } @@ -83,10 +83,10 @@ in { locations."/".return = "307 https://discord.gg/mkuKJkCuyM"; }; - "slides.skynet.ie" = { + "public.skynet.ie" = { forceSSL = true; useACMEHost = "skynet"; - root = "${inputs.compsoc_slides.packages.x86_64-linux.default}"; + root = "${inputs.compsoc_public.packages.x86_64-linux.default}"; locations."/".extraConfig = "autoindex on;"; }; }; diff --git a/flake.lock b/flake.lock index c4641f9..7410c57 100644 --- a/flake.lock +++ b/flake.lock @@ -99,7 +99,7 @@ "type": "gitlab" } }, - "compsoc_slides": { + "compsoc_public": { "inputs": { "bfom": "bfom", "nixpkgs": "nixpkgs_5", @@ -566,7 +566,7 @@ "agenix": "agenix", "alejandra": "alejandra", "arion": "arion", - "compsoc_slides": "compsoc_slides", + "compsoc_public": "compsoc_public", "flake-utils": "flake-utils", "nixpkgs": "nixpkgs_6", "simple-nixos-mailserver": "simple-nixos-mailserver", diff --git a/flake.nix b/flake.nix index b8b6071..808097b 100644 --- a/flake.nix +++ b/flake.nix @@ -24,7 +24,7 @@ skynet_website.url = "gitlab:compsoc1%2Fskynet%2Fwebsite/2023?host=gitlab.skynet.ie"; skynet_website_2016.url = "gitlab:compsoc1%2Fskynet%2Fwebsite/2016?host=gitlab.skynet.ie"; skynet_discord_bot.url = "gitlab:compsoc1%2Fskynet/discord-bot?host=gitlab.skynet.ie"; - compsoc_slides.url = "gitlab:compsoc1%2Fcompsoc/presentations?host=gitlab.skynet.ie"; + compsoc_public.url = "gitlab:compsoc1%2Fcompsoc/presentations?host=gitlab.skynet.ie"; }; nixConfig.bash-prompt-suffix = "[Skynet Dev] "; From d0751fa5945a29a5948ced66dc90c073e4eb2f3f Mon Sep 17 00:00:00 2001 From: runner_nix Date: Thu, 28 Sep 2023 16:16:11 +0000 Subject: [PATCH 075/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 7410c57..4df48d8 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1695856541, - "narHash": "sha256-DUz7mZRFm0BCj6jJo+pUzML4vlVsP0Xgppozvp0uiZU=", + "lastModified": 1695917684, + "narHash": "sha256-hsLoqAEGv1nvfhiuWyNzSBvFGPKmoBZhoppXd9IAUGQ=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations", - "rev": "d93a8e0a8d0e596b3c8c0fdf98bfa194faea2027", + "rev": "36a0108a2cc94e5854e35b06718e609cecb6e68a", "type": "gitlab" }, "original": { From 1ac3e52d8a32be99593fc5793d654af21d287b1a Mon Sep 17 00:00:00 2001 From: runner_nix Date: Thu, 28 Sep 2023 17:03:53 +0000 Subject: [PATCH 076/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 4df48d8..abbabac 100644 --- a/flake.lock +++ b/flake.lock @@ -625,11 +625,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1695687384, - "narHash": "sha256-IEba2xdAb9OXaphsiJqnzuCjN2AiKtfWz7OBp0tQR8Q=", + "lastModified": 1695920052, + "narHash": "sha256-SxBal2pdC/h2outXABiCW4FqBa6x2N/X2UKrML7ZUXg=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "6a0b664e7db1bba9d35aa41297e328353aa34971", + "rev": "70690f712e7d5eeeaf7c16c6a1ebec2f197f5006", "type": "gitlab" }, "original": { From 919584ec58089204cc2cfaa45183366373739661 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Thu, 28 Sep 2023 17:30:11 +0000 Subject: [PATCH 077/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index abbabac..699d265 100644 --- a/flake.lock +++ b/flake.lock @@ -625,11 +625,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1695920052, - "narHash": "sha256-SxBal2pdC/h2outXABiCW4FqBa6x2N/X2UKrML7ZUXg=", + "lastModified": 1695921903, + "narHash": "sha256-L0lkNq6Xpdu3wACpHWCflTubfzbVbIARKtryLh1IQD8=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "70690f712e7d5eeeaf7c16c6a1ebec2f197f5006", + "rev": "058fe2538a5449c5e12e871e2d4c815836d6e944", "type": "gitlab" }, "original": { From ad0462cb867752dd19a4b7edcb04a4a06cc397eb Mon Sep 17 00:00:00 2001 From: runner_nix Date: Thu, 28 Sep 2023 20:03:30 +0000 Subject: [PATCH 078/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 699d265..1b1112b 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1695917684, - "narHash": "sha256-hsLoqAEGv1nvfhiuWyNzSBvFGPKmoBZhoppXd9IAUGQ=", + "lastModified": 1695931390, + "narHash": "sha256-cu/j9Kv4UBG+B06jJ+Bn3VlS7KnATakylhf7Z0q3LtQ=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations", - "rev": "36a0108a2cc94e5854e35b06718e609cecb6e68a", + "rev": "53d5da9a56c5d8a05033a5c02438f5732cfed4d0", "type": "gitlab" }, "original": { From 3860db8098223a37814d560266c44b4c26fc39b1 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 30 Sep 2023 19:22:58 +0100 Subject: [PATCH 079/826] feat: added the renewal site for alumni --- applications/skynet.ie.nix | 13 +++++++ applications/skynet_users.nix | 2 +- flake.lock | 71 ++++++++++++++++++++++++++++++++++- flake.nix | 2 +- 4 files changed, 85 insertions(+), 3 deletions(-) diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix index 0af1f8c..b56a189 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -30,6 +30,7 @@ in { "2016.skynet.ie" "discord.skynet.ie" "public.skynet.ie" + "renew.skynet.ie" ]; skynet_dns.records = [ @@ -54,6 +55,11 @@ in { r_type = "CNAME"; value = cfg.host.name; } + { + record = "renew"; + r_type = "CNAME"; + value = cfg.host.name; + } ]; networking.firewall.allowedTCPPorts = [80 443]; @@ -89,6 +95,13 @@ in { root = "${inputs.compsoc_public.packages.x86_64-linux.default}"; locations."/".extraConfig = "autoindex on;"; }; + + # for alumni members to renew their account + "renew.skynet.ie" = { + forceSSL = true; + useACMEHost = "skynet"; + root = "${inputs.skynet_website_renew.defaultPackage."x86_64-linux"}"; + }; }; }; }; diff --git a/applications/skynet_users.nix b/applications/skynet_users.nix index 7a59359..7a24b03 100644 --- a/applications/skynet_users.nix +++ b/applications/skynet_users.nix @@ -55,7 +55,7 @@ in { } ]; - environment.systemPackages = [ pkgs.vim ]; + environment.systemPackages = [pkgs.vim]; networking.firewall.allowedTCPPorts = [80 443]; diff --git a/flake.lock b/flake.lock index 1b1112b..0923b61 100644 --- a/flake.lock +++ b/flake.lock @@ -444,6 +444,20 @@ "type": "indirect" } }, + "nixpkgs_15": { + "locked": { + "lastModified": 1695837737, + "narHash": "sha256-KcqmJ5hNacLuE7fkz5586kp/vt4NLo6+Prq3DMgrxpQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "517501bcf14ae6ec47efd6a17dda0ca8e6d866f9", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1676300157, @@ -574,7 +588,8 @@ "skynet_ldap_backend": "skynet_ldap_backend", "skynet_ldap_frontend": "skynet_ldap_frontend", "skynet_website": "skynet_website", - "skynet_website_2016": "skynet_website_2016" + "skynet_website_2016": "skynet_website_2016", + "skynet_website_renew": "skynet_website_renew" } }, "rust-analyzer-src": { @@ -724,6 +739,27 @@ "type": "gitlab" } }, + "skynet_website_renew": { + "inputs": { + "nixpkgs": "nixpkgs_15", + "utils": "utils_9" + }, + "locked": { + "host": "gitlab.skynet.ie", + "lastModified": 1696097295, + "narHash": "sha256-+aO0iZ9Gd8ZyvPLWTDnfq04WTYAxE/nOHw9sqEUsto4=", + "owner": "compsoc1%2Fskynet%2Fwebsite", + "repo": "alumni-renew", + "rev": "0a3aba37580b268a735808eb28df4607e2cbd25d", + "type": "gitlab" + }, + "original": { + "host": "gitlab.skynet.ie", + "owner": "compsoc1%2Fskynet%2Fwebsite", + "repo": "alumni-renew", + "type": "gitlab" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -829,6 +865,21 @@ "type": "github" } }, + "systems_8": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "utils": { "locked": { "lastModified": 1652776076, @@ -966,6 +1017,24 @@ "repo": "flake-utils", "type": "github" } + }, + "utils_9": { + "inputs": { + "systems": "systems_8" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 808097b..47cba4b 100644 --- a/flake.nix +++ b/flake.nix @@ -17,12 +17,12 @@ # email simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; - # account.skynet.ie skynet_ldap_backend.url = "gitlab:compsoc1%2Fskynet%2Fldap/backend?host=gitlab.skynet.ie"; skynet_ldap_frontend.url = "gitlab:compsoc1%2Fskynet%2Fldap/frontend?host=gitlab.skynet.ie"; skynet_website.url = "gitlab:compsoc1%2Fskynet%2Fwebsite/2023?host=gitlab.skynet.ie"; skynet_website_2016.url = "gitlab:compsoc1%2Fskynet%2Fwebsite/2016?host=gitlab.skynet.ie"; + skynet_website_renew.url = "gitlab:compsoc1%2Fskynet%2Fwebsite/alumni-renew?host=gitlab.skynet.ie"; skynet_discord_bot.url = "gitlab:compsoc1%2Fskynet/discord-bot?host=gitlab.skynet.ie"; compsoc_public.url = "gitlab:compsoc1%2Fcompsoc/presentations?host=gitlab.skynet.ie"; }; From c87fec1a65d6af52b4ba2b17f1e642addc674547 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 30 Sep 2023 22:06:18 +0100 Subject: [PATCH 080/826] feat: will restart dns when the related files are changed --- applications/dns.nix | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/applications/dns.nix b/applications/dns.nix index 3ade43f..f337055 100644 --- a/applications/dns.nix +++ b/applications/dns.nix @@ -415,11 +415,16 @@ in { ++ create_cache_networks; }; - # deletes teh journal files evey start so it no longer stalls out - systemd.services.bind.preStart = '' - rm -vf /etc/skynet/dns/*.jnl - rm -vf /etc/skynet/dns/*.jbk - ''; + systemd.services.bind = { + # deletes teh journal files evey start so it no longer stalls out + preStart = '' + rm -vf /etc/skynet/dns/*.jnl + rm -vf /etc/skynet/dns/*.jbk + ''; + restartTriggers = [ + "${config.environment.etc."skynet/dns/skynet.ie".source}" + ]; + }; # creates a folder in /etc for the dns to use users.users.named = { From 165c4645bfaf4134ae381735d8fac02c312f4cc1 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 30 Sep 2023 23:18:14 +0100 Subject: [PATCH 081/826] feat: move off of using root for deployment --- applications/ldap/client.nix | 5 +++++ machines/agentjones.nix | 2 +- machines/earth.nix | 2 +- machines/galatea.nix | 2 +- machines/gir.nix | 2 +- machines/glados.nix | 2 +- machines/kitt.nix | 2 +- machines/neuromancer.nix | 2 +- machines/optimus.nix | 2 +- machines/retired/ash.nix | 2 +- machines/skynet.nix | 2 +- machines/vendetta.nix | 2 +- machines/vigil.nix | 2 +- machines/wheatly.nix | 2 +- 14 files changed, 18 insertions(+), 13 deletions(-) diff --git a/applications/ldap/client.nix b/applications/ldap/client.nix index d172b42..32ce8da 100644 --- a/applications/ldap/client.nix +++ b/applications/ldap/client.nix @@ -69,6 +69,11 @@ in { } ]; + nix.settings.trusted-users = [ + "root" + "@skynet-admins-linux" + ]; + # give users a home dir security.pam.services.sshd.makeHomeDir = true; diff --git a/machines/agentjones.nix b/machines/agentjones.nix index 3276335..f3f9e2e 100644 --- a/machines/agentjones.nix +++ b/machines/agentjones.nix @@ -27,7 +27,7 @@ in { deployment = { targetHost = hostname; targetPort = 22; - targetUser = "root"; + targetUser = null; # somehow ssh from runner to this fails tags = ["active-firewall"]; diff --git a/machines/earth.nix b/machines/earth.nix index 577a772..e8c2f9d 100644 --- a/machines/earth.nix +++ b/machines/earth.nix @@ -26,7 +26,7 @@ in { deployment = { targetHost = ip_pub; targetPort = 22; - targetUser = "root"; + targetUser = null; tags = ["active-core"]; }; diff --git a/machines/galatea.nix b/machines/galatea.nix index 6500e7f..f82217c 100644 --- a/machines/galatea.nix +++ b/machines/galatea.nix @@ -27,7 +27,7 @@ in { deployment = { targetHost = hostname; targetPort = 22; - targetUser = "root"; + targetUser = null; tags = ["active"]; }; diff --git a/machines/gir.nix b/machines/gir.nix index a30ecb6..ebb17e2 100644 --- a/machines/gir.nix +++ b/machines/gir.nix @@ -27,7 +27,7 @@ in { deployment = { targetHost = hostname; targetPort = 22; - targetUser = "root"; + targetUser = null; tags = ["active-core"]; }; diff --git a/machines/glados.nix b/machines/glados.nix index bf63cd5..d1e7d2c 100644 --- a/machines/glados.nix +++ b/machines/glados.nix @@ -27,7 +27,7 @@ in { deployment = { targetHost = hostname; targetPort = 22; - targetUser = "root"; + targetUser = null; tags = ["active-gitlab"]; }; diff --git a/machines/kitt.nix b/machines/kitt.nix index aa7efcd..da699d3 100644 --- a/machines/kitt.nix +++ b/machines/kitt.nix @@ -28,7 +28,7 @@ in { deployment = { targetHost = hostname; targetPort = 22; - targetUser = "root"; + targetUser = null; tags = ["active-core"]; }; diff --git a/machines/neuromancer.nix b/machines/neuromancer.nix index 59521bd..abfc3e5 100644 --- a/machines/neuromancer.nix +++ b/machines/neuromancer.nix @@ -37,7 +37,7 @@ in { deployment = { targetHost = hostname; targetPort = 22; - targetUser = "root"; + targetUser = null; tags = ["active-core"]; }; diff --git a/machines/optimus.nix b/machines/optimus.nix index 9a3e598..095c55c 100644 --- a/machines/optimus.nix +++ b/machines/optimus.nix @@ -27,7 +27,7 @@ in { deployment = { targetHost = hostname; targetPort = 22; - targetUser = "root"; + targetUser = null; tags = ["active"]; }; diff --git a/machines/retired/ash.nix b/machines/retired/ash.nix index bbb04e5..ca2384b 100644 --- a/machines/retired/ash.nix +++ b/machines/retired/ash.nix @@ -30,7 +30,7 @@ in { deployment = { targetHost = hostname; targetPort = 22; - targetUser = "root"; + targetUser = null; }; # these two are to be able to add the rules for firewall and dns diff --git a/machines/skynet.nix b/machines/skynet.nix index db34510..250f069 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -28,7 +28,7 @@ in { deployment = { targetHost = ip_pub; targetPort = 22; - targetUser = "root"; + targetUser = null; # this one is manually deployed tags = ["active-ext"]; diff --git a/machines/vendetta.nix b/machines/vendetta.nix index c1ddcb5..eb594ab 100644 --- a/machines/vendetta.nix +++ b/machines/vendetta.nix @@ -27,7 +27,7 @@ in { deployment = { targetHost = ip_pub; targetPort = 22; - targetUser = "root"; + targetUser = null; tags = ["active-dns" "dns"]; }; diff --git a/machines/vigil.nix b/machines/vigil.nix index 4d5c9dd..e3c811c 100644 --- a/machines/vigil.nix +++ b/machines/vigil.nix @@ -24,7 +24,7 @@ in { deployment = { targetHost = ip_pub; targetPort = 22; - targetUser = "root"; + targetUser = null; tags = ["active-dns" "dns"]; }; diff --git a/machines/wheatly.nix b/machines/wheatly.nix index a787be0..02eabce 100644 --- a/machines/wheatly.nix +++ b/machines/wheatly.nix @@ -26,7 +26,7 @@ in { deployment = { targetHost = hostname; targetPort = 22; - targetUser = "root"; + targetUser = null; tags = ["active-gitlab"]; }; From 2fc64d34b5de2731f09c6aad7a116cf290a45a59 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 30 Sep 2023 23:35:46 +0100 Subject: [PATCH 082/826] doc: updated documentation for how to manually push updates --- README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/README.md b/README.md index e625d6d..642c62a 100644 --- a/README.md +++ b/README.md @@ -46,7 +46,20 @@ While the ***recommended way of deploying is using the CI/CD process*** there ar One such case is the ``@active-gitlab`` group if either Gitlab or Gitlab-runner got updated. Another is if ye have fecked up DNS. +Your ``~/.ssh/config`` should be set up as follows and you should be a member of ``skynet-admins-linux`` + +```ini +Host *.skynet.ie 193.1.99.* 193.1.96.165 + User username + IdentityFile ~/.ssh/skynet/username + IdentitiesOnly yes +``` + +Then you can run the following commands like so: + ```shell +colmena apply +colmena apply --on @active-dns colmena apply --on @active-gitlab ``` From 09ccf41717d7d5fafd371b24bb6cd239021725ca Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 30 Sep 2023 23:37:02 +0100 Subject: [PATCH 083/826] ci: add a formatter stage to teh test stage --- .gitlab-ci.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1cc8f51..e44422e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -81,6 +81,12 @@ build: script: - colmena build +linter: + <<: *builder + stage: test + script: + - nix fmt + # dns always has to be deployed first deploy_dns: <<: *builder From 3dca6add565b08c0090e41a7e613686e390e0da9 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 30 Sep 2023 22:44:27 +0000 Subject: [PATCH 084/826] ci: had forgotten nix commands were "experimental" --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e44422e..605d637 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -85,7 +85,7 @@ linter: <<: *builder stage: test script: - - nix fmt + - nix --extra-experimental-features 'nix-command' fmt # dns always has to be deployed first deploy_dns: From 042c84c5ccbd0b842f4026835894220079d16b31 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 30 Sep 2023 22:46:40 +0000 Subject: [PATCH 085/826] ci: same as previous --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 605d637..74bfb63 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -85,7 +85,7 @@ linter: <<: *builder stage: test script: - - nix --extra-experimental-features 'nix-command' fmt + - nix --extra-experimental-features 'nix-command flakes' fmt # dns always has to be deployed first deploy_dns: From a24f6ddb59eec2bcdfd1bc136df4b8484be2b649 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 30 Sep 2023 23:53:03 +0100 Subject: [PATCH 086/826] ci: only run deployment if the actual config files got updated --- .gitlab-ci.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 74bfb63..78f18e0 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -74,6 +74,12 @@ update: - *scripts_base rules: - if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' + changes: + - flake.nix + - flake.lock + - applications/**/* + - machines/**/* + - secrets/**/* build: <<: *builder From 88195b4628f593d54405491f3542e2a44a3b95bd Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 30 Sep 2023 23:55:54 +0100 Subject: [PATCH 087/826] ci: for testing linter --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 47cba4b..2b15f34 100644 --- a/flake.nix +++ b/flake.nix @@ -24,7 +24,7 @@ skynet_website_2016.url = "gitlab:compsoc1%2Fskynet%2Fwebsite/2016?host=gitlab.skynet.ie"; skynet_website_renew.url = "gitlab:compsoc1%2Fskynet%2Fwebsite/alumni-renew?host=gitlab.skynet.ie"; skynet_discord_bot.url = "gitlab:compsoc1%2Fskynet/discord-bot?host=gitlab.skynet.ie"; - compsoc_public.url = "gitlab:compsoc1%2Fcompsoc/presentations?host=gitlab.skynet.ie"; + compsoc_public.url = "gitlab:compsoc1%2Fcompsoc/presentations?host=gitlab.skynet.ie"; }; nixConfig.bash-prompt-suffix = "[Skynet Dev] "; From c46e24bbfe8ffd17b501395f2d44456870cdf416 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 1 Oct 2023 00:03:55 +0100 Subject: [PATCH 088/826] ci: now should error on incorrectly formatted files --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 78f18e0..ffd8b39 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -91,7 +91,7 @@ linter: <<: *builder stage: test script: - - nix --extra-experimental-features 'nix-command flakes' fmt + - nix --extra-experimental-features 'nix-command flakes' fmt -- --check . # dns always has to be deployed first deploy_dns: From 510066fa1a49230990efa00f23a39e9e36d31b44 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 1 Oct 2023 00:06:29 +0100 Subject: [PATCH 089/826] ci: now should error on incorrectly formatted files 2 --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 2b15f34..47cba4b 100644 --- a/flake.nix +++ b/flake.nix @@ -24,7 +24,7 @@ skynet_website_2016.url = "gitlab:compsoc1%2Fskynet%2Fwebsite/2016?host=gitlab.skynet.ie"; skynet_website_renew.url = "gitlab:compsoc1%2Fskynet%2Fwebsite/alumni-renew?host=gitlab.skynet.ie"; skynet_discord_bot.url = "gitlab:compsoc1%2Fskynet/discord-bot?host=gitlab.skynet.ie"; - compsoc_public.url = "gitlab:compsoc1%2Fcompsoc/presentations?host=gitlab.skynet.ie"; + compsoc_public.url = "gitlab:compsoc1%2Fcompsoc/presentations?host=gitlab.skynet.ie"; }; nixConfig.bash-prompt-suffix = "[Skynet Dev] "; From ec283651222dacd7b9f17f3592a278a62eed61cc Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 1 Oct 2023 00:08:28 +0100 Subject: [PATCH 090/826] doc: added info that formatting is now mandatory --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 642c62a..e26bdc6 100644 --- a/README.md +++ b/README.md @@ -101,7 +101,8 @@ nix flake lock --update-input nixpkgs ``` ### Formatting -Formatting helps keep everything nice and consistent. +Formatting helps keep everything nice and consistent. +The pipeline will only run if the file is correctly formatted. ```shell nix fmt From e347afcb3996f4ec73f6bc86dc8f7078af09c427 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sun, 1 Oct 2023 00:47:29 +0000 Subject: [PATCH 091/826] [skip ci] Updated flake for skynet_website_renew --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 0923b61..7a5683b 100644 --- a/flake.lock +++ b/flake.lock @@ -746,11 +746,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1696097295, - "narHash": "sha256-+aO0iZ9Gd8ZyvPLWTDnfq04WTYAxE/nOHw9sqEUsto4=", + "lastModified": 1696121217, + "narHash": "sha256-Nucx8LFW6yiI3nsp7Of8tZgFZ8EvGAzPyLHjMNIImpQ=", "owner": "compsoc1%2Fskynet%2Fwebsite", "repo": "alumni-renew", - "rev": "0a3aba37580b268a735808eb28df4607e2cbd25d", + "rev": "3e6133bc7b25e43a60ff6fe9d7812d2dd5f36da5", "type": "gitlab" }, "original": { From fa422ce69c35a7a0ac345b49e8ad95248452c49d Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 1 Oct 2023 03:53:53 +0100 Subject: [PATCH 092/826] feat: added the games.skynet.ie site --- applications/games.nix | 15 ++++++++- flake.lock | 71 +++++++++++++++++++++++++++++++++++++++++- flake.nix | 1 + 3 files changed, 85 insertions(+), 2 deletions(-) diff --git a/applications/games.nix b/applications/games.nix index 5b48680..4959f25 100644 --- a/applications/games.nix +++ b/applications/games.nix @@ -2,6 +2,7 @@ config, pkgs, lib, + inputs, ... }: with lib; let @@ -9,7 +10,7 @@ with lib; let in { imports = [ ./dns.nix - + ./nginx.nix ./games/minecraft.nix ]; @@ -54,6 +55,18 @@ in { } ]; + skynet_acme.domains = [ + "${cfg.domain.sub}.skynet.ie" + ]; + + services.nginx.virtualHosts = { + "${cfg.domain.sub}.skynet.ie" = { + forceSSL = true; + useACMEHost = "skynet"; + root = "${inputs.skynet_website_games.defaultPackage.x86_64-linux}"; + }; + }; + # the minecraft servers services.skynet_games_minecraft = { enable = true; diff --git a/flake.lock b/flake.lock index 7a5683b..16fde2b 100644 --- a/flake.lock +++ b/flake.lock @@ -445,6 +445,20 @@ } }, "nixpkgs_15": { + "locked": { + "lastModified": 1695978539, + "narHash": "sha256-lta5HToBZMWZ2hl5CautNSUgIZViR41QxN7JKbMAjgQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "bd9b686c0168041aea600222be0805a0de6e6ab8", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_16": { "locked": { "lastModified": 1695837737, "narHash": "sha256-KcqmJ5hNacLuE7fkz5586kp/vt4NLo6+Prq3DMgrxpQ=", @@ -589,6 +603,7 @@ "skynet_ldap_frontend": "skynet_ldap_frontend", "skynet_website": "skynet_website", "skynet_website_2016": "skynet_website_2016", + "skynet_website_games": "skynet_website_games", "skynet_website_renew": "skynet_website_renew" } }, @@ -739,11 +754,32 @@ "type": "gitlab" } }, - "skynet_website_renew": { + "skynet_website_games": { "inputs": { "nixpkgs": "nixpkgs_15", "utils": "utils_9" }, + "locked": { + "host": "gitlab.skynet.ie", + "lastModified": 1696128104, + "narHash": "sha256-DLl1hcqbKq73WoiN9Q5kKy6VbH79ehAyJJ2llrf5lB8=", + "owner": "compsoc1%2Fskynet%2Fwebsite", + "repo": "games.skynet.ie", + "rev": "0ef6a844989cd3cb6cf86e0f4187af0e8ce2f847", + "type": "gitlab" + }, + "original": { + "host": "gitlab.skynet.ie", + "owner": "compsoc1%2Fskynet%2Fwebsite", + "repo": "games.skynet.ie", + "type": "gitlab" + } + }, + "skynet_website_renew": { + "inputs": { + "nixpkgs": "nixpkgs_16", + "utils": "utils_10" + }, "locked": { "host": "gitlab.skynet.ie", "lastModified": 1696121217, @@ -880,6 +916,21 @@ "type": "github" } }, + "systems_9": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "utils": { "locked": { "lastModified": 1652776076, @@ -895,6 +946,24 @@ "type": "github" } }, + "utils_10": { + "inputs": { + "systems": "systems_9" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "utils_2": { "inputs": { "systems": "systems" diff --git a/flake.nix b/flake.nix index 47cba4b..67769f5 100644 --- a/flake.nix +++ b/flake.nix @@ -23,6 +23,7 @@ skynet_website.url = "gitlab:compsoc1%2Fskynet%2Fwebsite/2023?host=gitlab.skynet.ie"; skynet_website_2016.url = "gitlab:compsoc1%2Fskynet%2Fwebsite/2016?host=gitlab.skynet.ie"; skynet_website_renew.url = "gitlab:compsoc1%2Fskynet%2Fwebsite/alumni-renew?host=gitlab.skynet.ie"; + skynet_website_games.url = "gitlab:compsoc1%2Fskynet%2Fwebsite/games.skynet.ie?host=gitlab.skynet.ie"; skynet_discord_bot.url = "gitlab:compsoc1%2Fskynet/discord-bot?host=gitlab.skynet.ie"; compsoc_public.url = "gitlab:compsoc1%2Fcompsoc/presentations?host=gitlab.skynet.ie"; }; From 01fe89db25c72ad5e7e03e272d556ffd910f426e Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sun, 1 Oct 2023 03:09:44 +0000 Subject: [PATCH 093/826] [skip ci] Updated flake for skynet_website_games --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 16fde2b..15e943f 100644 --- a/flake.lock +++ b/flake.lock @@ -761,11 +761,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1696128104, - "narHash": "sha256-DLl1hcqbKq73WoiN9Q5kKy6VbH79ehAyJJ2llrf5lB8=", + "lastModified": 1696129767, + "narHash": "sha256-cO9zQNOQKHcaepetJEmWTEM0DJLm+NLvAUpR05TEoqQ=", "owner": "compsoc1%2Fskynet%2Fwebsite", "repo": "games.skynet.ie", - "rev": "0ef6a844989cd3cb6cf86e0f4187af0e8ce2f847", + "rev": "d5b6a87df665c1ac0cb7ec39acc088a3de703c60", "type": "gitlab" }, "original": { From 18155ec6e14179f286f81f8d61bfe3fe23013b8b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 1 Oct 2023 21:24:02 +0100 Subject: [PATCH 094/826] feat: got email working Closes #1 --- applications/email.nix | 2 +- applications/gitlab.nix | 9 ++++----- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/applications/email.nix b/applications/email.nix index c91f4da..5275bd7 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -118,7 +118,7 @@ in { { record = "${cfg.domain}."; r_type = "TXT"; - value = ''"v=spf1 a:${cfg.sub}.${cfg.domain} -all"''; + value = ''"v=spf1 a:${cfg.sub}.${cfg.domain} a:gitlab.skynet.ie -all"''; } # DKIM keys diff --git a/applications/gitlab.nix b/applications/gitlab.nix index 0840614..3342607 100644 --- a/applications/gitlab.nix +++ b/applications/gitlab.nix @@ -174,11 +174,10 @@ in { */ }; }; - #smtp = { - # enable = true; - # address = "localhost"; - # port = 25; - #}; + + # use the local email client + smtp.enable = true; + secrets = { dbFile = config.age.secrets.gitlab_secrets_db.path; secretFile = config.age.secrets.gitlab_secrets_secret.path; From 667c3358390796dd7e55e4311ec0f39ba15cecd1 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 1 Oct 2023 22:06:05 +0100 Subject: [PATCH 095/826] feat: added in some automatic garbage collection Also merged all teh nix options together. --- applications/ldap/client.nix | 5 ----- machines/_base.nix | 23 +++++++++++++++++++++-- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/applications/ldap/client.nix b/applications/ldap/client.nix index 32ce8da..d172b42 100644 --- a/applications/ldap/client.nix +++ b/applications/ldap/client.nix @@ -69,11 +69,6 @@ in { } ]; - nix.settings.trusted-users = [ - "root" - "@skynet-admins-linux" - ]; - # give users a home dir security.pam.services.sshd.makeHomeDir = true; diff --git a/machines/_base.nix b/machines/_base.nix index d3425a6..240bf59 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -25,8 +25,27 @@ ../applications/restic.nix ]; - # flakes are essensial - nix.settings.experimental-features = ["nix-command" "flakes"]; + nix = { + settings = { + # flakes are essensial + experimental-features = ["nix-command" "flakes"]; + trusted-users = [ + "root" + "@skynet-admins-linux" + ]; + }; + + # https://nixos.wiki/wiki/Storage_optimization + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + extraOptions = '' + min-free = ${toString (100 * 1024 * 1024)} + max-free = ${toString (1024 * 1024 * 1024)} + ''; + }; system.stateVersion = "22.11"; From 75c469510179fdf8df9a58820ca56af2c9977447 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 2 Oct 2023 02:44:35 +0100 Subject: [PATCH 096/826] feat: bumped everythign. This is mostly to push through a patch for gitlab. The -unstable branch had the fix but also a new bug. This is fixed in teh master branch --- flake.lock | 8 ++++---- flake.nix | 4 +++- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 15e943f..6145420 100644 --- a/flake.lock +++ b/flake.lock @@ -532,16 +532,16 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1691276849, - "narHash": "sha256-RNnrzxhW38SOFIF6TY/WaX7VB3PCkYFEeRE5YZU+wHw=", + "lastModified": 1696207572, + "narHash": "sha256-w24NTSMrc7bMIQP5Y8BFsKbpYjbRh/+ptf/9gCEFrKo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5faab29808a2d72f4ee0c44c8e850e4e6ada972f", + "rev": "fe0b3b663e98c85db7f08ab3a4ac318c523c0684", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-unstable", + "ref": "master", "type": "indirect" } }, diff --git a/flake.nix b/flake.nix index 67769f5..c61d17a 100644 --- a/flake.nix +++ b/flake.nix @@ -3,7 +3,9 @@ inputs = { # gonna start off with a fairly modern base - nixpkgs.url = "nixpkgs/nixos-unstable"; + nixpkgs.url = "nixpkgs/master"; + # Return to using unstable once the current master is merged in + # nixpkgs.url = "nixpkgs/nixos-unstable"; # utility stuff flake-utils.url = "github:numtide/flake-utils"; From 6ce3dc060f901afad2aebc9272013f1513636dd2 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 2 Oct 2023 02:15:54 +0000 Subject: [PATCH 097/826] ci: test using devshell inside pipeline --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ffd8b39..08c26ff 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -44,7 +44,7 @@ update: # load nix environment - git pull origin $CI_COMMIT_REF_NAME - . "$HOME/.nix-profile/etc/profile.d/nix.sh" - - nix-env -if https://github.com/zhaofengli/colmena/tarball/v0.4.0 + - nix --extra-experimental-features 'nix-command flakes' develop .scripts_deploy: &scripts_deploy # setup ssh key From d309cf8b6f5a88038809bfdd8944b85b0f4784c1 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 2 Oct 2023 02:19:55 +0000 Subject: [PATCH 098/826] ci: test 2 --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 08c26ff..de3814c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -44,7 +44,7 @@ update: # load nix environment - git pull origin $CI_COMMIT_REF_NAME - . "$HOME/.nix-profile/etc/profile.d/nix.sh" - - nix --extra-experimental-features 'nix-command flakes' develop + - nix --extra-experimental-features 'nix-command flakes' develop -c echo $PATH .scripts_deploy: &scripts_deploy # setup ssh key From f7d5a4ec6e221d0a0c99b5dfdb60f0f5623ffb31 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 2 Oct 2023 02:25:24 +0000 Subject: [PATCH 099/826] ci: test 3 --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index de3814c..7138300 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -44,7 +44,7 @@ update: # load nix environment - git pull origin $CI_COMMIT_REF_NAME - . "$HOME/.nix-profile/etc/profile.d/nix.sh" - - nix --extra-experimental-features 'nix-command flakes' develop -c echo $PATH + - nix --extra-experimental-features 'nix-command flakes' profile install nixpkgs#colmena .scripts_deploy: &scripts_deploy # setup ssh key From c85dfdd3b6ac70b13dd4fb1a69adf9d4f9b0a9f0 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 2 Oct 2023 02:36:40 +0000 Subject: [PATCH 100/826] ci: split up the build command --- .gitlab-ci.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 7138300..586b3c5 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -85,7 +85,11 @@ build: <<: *builder stage: test script: - - colmena build + - colmena build --on @active-dns + - colmena build --on @active-core + - colmena build --on @active + - colmena build --on @active-ext + - colmena build --on @active-gitlab linter: <<: *builder From 13a753484864d941384457022e77a178c357a449 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 2 Oct 2023 08:30:45 +0000 Subject: [PATCH 101/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 6145420..13e0b6a 100644 --- a/flake.lock +++ b/flake.lock @@ -655,11 +655,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1695921903, - "narHash": "sha256-L0lkNq6Xpdu3wACpHWCflTubfzbVbIARKtryLh1IQD8=", + "lastModified": 1696234972, + "narHash": "sha256-8Syf1OEUBmaaApKsjkp0bVX4AjVkm64aGZKzoRn7wGM=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "058fe2538a5449c5e12e871e2d4c815836d6e944", + "rev": "b0028959ff83c3fcc39410496fe2017b8772aff8", "type": "gitlab" }, "original": { From 3f38cb643efaf4bee3502a110bbd5a3511c5a6ac Mon Sep 17 00:00:00 2001 From: runner_nix Date: Wed, 4 Oct 2023 21:10:54 +0000 Subject: [PATCH 102/826] [skip ci] Updated flake for skynet_website_renew --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 13e0b6a..d4abb93 100644 --- a/flake.lock +++ b/flake.lock @@ -782,11 +782,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1696121217, - "narHash": "sha256-Nucx8LFW6yiI3nsp7Of8tZgFZ8EvGAzPyLHjMNIImpQ=", + "lastModified": 1696453842, + "narHash": "sha256-q33InJdgtxep17k5rXLNLunxC9Jdvv5nC0Hc+2NxMZA=", "owner": "compsoc1%2Fskynet%2Fwebsite", "repo": "alumni-renew", - "rev": "3e6133bc7b25e43a60ff6fe9d7812d2dd5f36da5", + "rev": "0e5ddb75723fc3baae19611114cb59b4673d48e0", "type": "gitlab" }, "original": { From 4c3df9ec968b9340017c96040577600838726246 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sun, 8 Oct 2023 12:42:47 +0000 Subject: [PATCH 103/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index d4abb93..fb35479 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1695931390, - "narHash": "sha256-cu/j9Kv4UBG+B06jJ+Bn3VlS7KnATakylhf7Z0q3LtQ=", + "lastModified": 1696768947, + "narHash": "sha256-wlme0HBIisvv60StqCiRI84+Zj7yuc661V0xdqMbY/g=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations", - "rev": "53d5da9a56c5d8a05033a5c02438f5732cfed4d0", + "rev": "003181fded9d889f9c9417e17205189d108681ff", "type": "gitlab" }, "original": { From fcfd87c005831e52920ae8b4513ce9ad2381e8d5 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sun, 8 Oct 2023 12:51:09 +0000 Subject: [PATCH 104/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index fb35479..6821079 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1696768947, - "narHash": "sha256-wlme0HBIisvv60StqCiRI84+Zj7yuc661V0xdqMbY/g=", + "lastModified": 1696769450, + "narHash": "sha256-52FDL1ka4nFDERH4XRIGGQZxzPWA1PSstlH5mdXgu6s=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations", - "rev": "003181fded9d889f9c9417e17205189d108681ff", + "rev": "31ac3478a273d3573fbf1f8e9e45fb8ae1a96749", "type": "gitlab" }, "original": { From 8d979dc7fc91bea911d38b81bb6f781c40003823 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sun, 8 Oct 2023 12:58:51 +0000 Subject: [PATCH 105/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 6821079..2af7fd4 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1696769450, - "narHash": "sha256-52FDL1ka4nFDERH4XRIGGQZxzPWA1PSstlH5mdXgu6s=", + "lastModified": 1696769595, + "narHash": "sha256-kAoZjH+UDnbUJFlWzTY/Be0op72ae6v0gIztgTgYIm4=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations", - "rev": "31ac3478a273d3573fbf1f8e9e45fb8ae1a96749", + "rev": "cd11c6ee238e63bb46d84c5ad2ec20aa21568d3b", "type": "gitlab" }, "original": { From f2007c1985f6cef082a5326ff063b7fdbcd8b24c Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sun, 8 Oct 2023 23:18:42 +0000 Subject: [PATCH 106/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 2af7fd4..243ce66 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1696769595, - "narHash": "sha256-kAoZjH+UDnbUJFlWzTY/Be0op72ae6v0gIztgTgYIm4=", + "lastModified": 1696807105, + "narHash": "sha256-AFBrR/PcuoPNNOLqRd9hpTfYLcf735okdWF93pHzJZs=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations", - "rev": "cd11c6ee238e63bb46d84c5ad2ec20aa21568d3b", + "rev": "af19a25f9a71669c68993509e56434e547936d9c", "type": "gitlab" }, "original": { From a242b1afcd3ec92ae08ef7ff970e15844024a0dc Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 9 Oct 2023 17:11:56 +0100 Subject: [PATCH 107/826] new committee --- applications/ldap/backend.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/applications/ldap/backend.nix b/applications/ldap/backend.nix index 477a485..2ad46e6 100644 --- a/applications/ldap/backend.nix +++ b/applications/ldap/backend.nix @@ -98,11 +98,14 @@ in { "eoghanconlon73" ]; committee = [ - "grym" - "dawidk5" "leo" "silver" "eoghanconlon73" + "sidhiel" + "maksimsger1" + "kaiden" + "pine" + "nanda" ]; lifetime = []; banned = []; From 78ab6de8606377aa44f5a4af069097e59eea6712 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 9 Oct 2023 17:40:40 +0100 Subject: [PATCH 108/826] feat: move users into their own file --- applications/ldap/backend.nix | 331 +----------------------------- config/users.nix | 368 ++++++++++++++++++++++++++++++++++ 2 files changed, 370 insertions(+), 329 deletions(-) create mode 100644 config/users.nix diff --git a/applications/ldap/backend.nix b/applications/ldap/backend.nix index 2ad46e6..81a1650 100644 --- a/applications/ldap/backend.nix +++ b/applications/ldap/backend.nix @@ -14,6 +14,7 @@ in { ../dns.nix ../nginx.nix inputs.skynet_ldap_backend.nixosModule."x86_64-linux" + ../../config/users.nix ]; options.services.ldap_backend = { @@ -90,335 +91,7 @@ in { }; host_port = "127.0.0.1:${port_backend}"; - - users = { - admin = [ - "silver" - "evanc" - "eoghanconlon73" - ]; - committee = [ - "leo" - "silver" - "eoghanconlon73" - "sidhiel" - "maksimsger1" - "kaiden" - "pine" - "nanda" - ]; - lifetime = []; - banned = []; - restricted = - [ - # usernames folks arent allowed to use - "contact" - "dnsadm" - "president" - "treasurer" - "secretary" - "pro" - "sysadmin" - "root" - ] - ++ [ - # basis comes from https://discord.com/channels/689189992417067052/1126084496710713414/1149072061466169444 - # start off with compsoc stuff first - "competition_www" - "demo1" - "demouser" - "ftp" - "lost+found" - "postfix" - "skynews.old" - "system_backup" - "test" - "test12" - "test20202" - "test20203" - "tmp" - "webadm" - ] - ++ [ - # clubs and socs (as far as I can tell - "aerosoc" - "aikido" - "anfocal" - "bics" - "boarding" - "cns" - "dev" - "filmsoc" - "gaa" - "german" - "golfsoc" - "handball" - "hispanic" - "history" - "hockey" - "home" - "legosoc" - "lifesave" - "mens_gfc" - "musicsoc" - "pagansoc" - "peacesoc" - "physics" - "poker" - "prolife" - "radio" - "ragweek" - "sinnfein" - "soccer" - "ulbs" - "ulcamogie" - "ulcc" - "ulgaa" - "ulils" - "ulladiesfootball" - "ullaughinsoc" - "ulrfc" - "ulriders" - "ulssc" - "ultennis" - "viking" - ] - ++ [ - # remaining, most likely usernames - "_9thwonder" - "abc" - "activate" - "aiesec" - "air" - "aladdin" - "alaric" - "aldozzie" - "allenli" - "amg" - "amgl" - "annette" - "annlad" - "ards_backup" - "arisquez" - "arthur" - "austin" - "beta" - "bh" - "bigdave" - "bios" - "bizarroal" - "bmacaree" - "boardy" - "boddah" - "bogus.anime.fakh" - "bogus.bhudt.dacf" - "bogus.citoge.baym" - "bogus.electro.ba0a" - "bogus.fencing.baw5" - "bogus.harry.ba8f" - "bogus.hui.hong.baci" - "bogus.ironman.baqib" - "bogus.joe.bach" - "bogus.kenny.bas6" - "bogus.kerswin.baybb" - "bogus.kravmaga.ba0w" - "bogus.methi.baq5" - "bogus.nelsonmw.bauc" - "bogus.poshea.ba0m" - "bogus.redwolf.bawn" - "bogus.romanov.baat" - "bogus.ryan.bae-" - "bogus.rynnea.bask" - "bogus.sea.af" - "bogus.shane.c.ba8z" - "bogus.t1000.baggb" - "bogus.ullrugby.ba8p" - "brendan" - "bubba" - "c_material_removed" - "ca_worm" - "cactus" - "carticus" - "cathalc" - "cathald-broken" - "cdschedule" - "celtic" - "christine" - "cian" - "ciara" - "ciaran" - "colin" - "cosmo" - "counsel" - "creosote" - "crew" - "cues" - "cur" - "cwhelan" - "dac" - "daktulu" - "datacore" - "davec" - "daverus" - "deano" - "deccy" - "declanmu" - "deiji" - "dermotmc" - "derrick" - "deshocks" - "diarmuid" - "dippy" - "djraptor" - "dmackey" - "dmir" - "dom" - "dom_mckay" - "donie" - "donnacha" - "dos30" - "drazhar" - "duffman" - "eas" - "electal" - "emc" - "emilia" - "emma" - "emmag" - "ents" - "envcom" - "eoinh95" - "epgriffin" - "equest" - "fiacc" - "fint" - "flanno" - "fmannix" - "foodcoop" - "gamenet" - "ganainm" - "gar" - "ger88" - "ghama" - "ging" - "goborobo" - "gooner" - "greekweek" - "hawking" - "hb" - "homer" - "hoshi" - "ian" - "ianrice" - "ilug" - "infinity" - "ingenuus" - "internat" - "jamessy" - "jamiebarry" - "jbravo" - "jdonegan" - "joedredd" - "johann" - "jokill" - "jsoccer" - "jules" - "kate" - "katie" - "kellyj" - "kiely" - "koo" - "l_d_ablo" - "lakes" - "laura" - "lebowski" - "liabraid" - "lynn" - "mal" - "manuel" - "maraz" - "marieke" - "marky" - "mature" - "mbyrne" - "meanturtle" - "mickaful" - "mickasul" - "mikado" - "mikeh" - "mikkel" - "mixiezme" - "mmc" - "molly" - "moochie" - "moonser" - "mopic" - "mp" - "nastros" - "neutrino" - "new" - "nezzy" - "nkdc" - "nmcenroy" - "noelle" - "nugget" - "ob" - "omega" - "oneillbeano" - "pamela" - "peterj" - "photyl" - "plake" - "pmcg1986" - "pyro" - "qubeat" - "rachel" - "rachelg" - "ralmeida" - "raymond" - "razzlero" - "red" - "rmacm" - "rmorrissey" - "robson" - "selena" - "shark" - "shayscannell" - "shazlove" - "shelley" - "shelly" - "silver.old" - "sirhc" - "sithlord" - "sk" - "sligoer" - "slowey" - "smallp" - "smurfy" - "sordfish" - "soul98" - "soular" - "st" - "stefanovich" - "svp" - "szczerba" - "tangsoodo" - "tc" - "tenfor" - "teslacut" - "theematt" - "thomasl" - "tockman" - "ugm" - "vanzan" - "volleyb" - "warren" - "weather" - "wiles" - "yvonne" - "zrahman" - ]; - }; + users = config.users; }; }; } diff --git a/config/users.nix b/config/users.nix new file mode 100644 index 0000000..d207041 --- /dev/null +++ b/config/users.nix @@ -0,0 +1,368 @@ +{ + lib, + ... +}: +with lib; let + port_backend = "8087"; +in { + options = { + users = { + admin = mkOption rec { + type = types.listOf types.str; + default = []; + description = "array of admins"; + }; + committee = mkOption rec { + type = types.listOf types.str; + default = []; + description = "array of committee members"; + }; + lifetime = mkOption rec { + type = types.listOf types.str; + default = []; + description = "array of lifetime users"; + }; + banned = mkOption rec { + type = types.listOf types.str; + default = []; + description = "array of banned users"; + }; + restricted = mkOption rec { + type = types.listOf types.str; + default = []; + description = "array of restricted user accounts"; + }; + }; + }; + + config = { + users = { + admin = [ + "silver" + "evanc" + "eoghanconlon73" + ]; + committee = [ + "leo" + "silver" + "eoghanconlon73" + "sidhiel" + "maksimsger1" + "kaiden" + "pine" + "nanda" + ]; + lifetime = []; + banned = []; + restricted = + [ + # usernames folks arent allowed to use + "contact" + "dnsadm" + "president" + "treasurer" + "secretary" + "pro" + "sysadmin" + "root" + ] + ++ [ + # basis comes from https://discord.com/channels/689189992417067052/1126084496710713414/1149072061466169444 + # start off with compsoc stuff first + "competition_www" + "demo1" + "demouser" + "ftp" + "lost+found" + "postfix" + "skynews.old" + "system_backup" + "test" + "test12" + "test20202" + "test20203" + "tmp" + "webadm" + ] + ++ [ + # clubs and socs (as far as I can tell + "aerosoc" + "aikido" + "anfocal" + "bics" + "boarding" + "cns" + "dev" + "filmsoc" + "gaa" + "german" + "golfsoc" + "handball" + "hispanic" + "history" + "hockey" + "home" + "legosoc" + "lifesave" + "mens_gfc" + "musicsoc" + "pagansoc" + "peacesoc" + "physics" + "poker" + "prolife" + "radio" + "ragweek" + "sinnfein" + "soccer" + "ulbs" + "ulcamogie" + "ulcc" + "ulgaa" + "ulils" + "ulladiesfootball" + "ullaughinsoc" + "ulrfc" + "ulriders" + "ulssc" + "ultennis" + "viking" + ] + ++ [ + # remaining, most likely usernames + "_9thwonder" + "abc" + "activate" + "aiesec" + "air" + "aladdin" + "alaric" + "aldozzie" + "allenli" + "amg" + "amgl" + "annette" + "annlad" + "ards_backup" + "arisquez" + "arthur" + "austin" + "beta" + "bh" + "bigdave" + "bios" + "bizarroal" + "bmacaree" + "boardy" + "boddah" + "bogus.anime.fakh" + "bogus.bhudt.dacf" + "bogus.citoge.baym" + "bogus.electro.ba0a" + "bogus.fencing.baw5" + "bogus.harry.ba8f" + "bogus.hui.hong.baci" + "bogus.ironman.baqib" + "bogus.joe.bach" + "bogus.kenny.bas6" + "bogus.kerswin.baybb" + "bogus.kravmaga.ba0w" + "bogus.methi.baq5" + "bogus.nelsonmw.bauc" + "bogus.poshea.ba0m" + "bogus.redwolf.bawn" + "bogus.romanov.baat" + "bogus.ryan.bae-" + "bogus.rynnea.bask" + "bogus.sea.af" + "bogus.shane.c.ba8z" + "bogus.t1000.baggb" + "bogus.ullrugby.ba8p" + "brendan" + "bubba" + "c_material_removed" + "ca_worm" + "cactus" + "carticus" + "cathalc" + "cathald-broken" + "cdschedule" + "celtic" + "christine" + "cian" + "ciara" + "ciaran" + "colin" + "cosmo" + "counsel" + "creosote" + "crew" + "cues" + "cur" + "cwhelan" + "dac" + "daktulu" + "datacore" + "davec" + "daverus" + "deano" + "deccy" + "declanmu" + "deiji" + "dermotmc" + "derrick" + "deshocks" + "diarmuid" + "dippy" + "djraptor" + "dmackey" + "dmir" + "dom" + "dom_mckay" + "donie" + "donnacha" + "dos30" + "drazhar" + "duffman" + "eas" + "electal" + "emc" + "emilia" + "emma" + "emmag" + "ents" + "envcom" + "eoinh95" + "epgriffin" + "equest" + "fiacc" + "fint" + "flanno" + "fmannix" + "foodcoop" + "gamenet" + "ganainm" + "gar" + "ger88" + "ghama" + "ging" + "goborobo" + "gooner" + "greekweek" + "hawking" + "hb" + "homer" + "hoshi" + "ian" + "ianrice" + "ilug" + "infinity" + "ingenuus" + "internat" + "jamessy" + "jamiebarry" + "jbravo" + "jdonegan" + "joedredd" + "johann" + "jokill" + "jsoccer" + "jules" + "kate" + "katie" + "kellyj" + "kiely" + "koo" + "l_d_ablo" + "lakes" + "laura" + "lebowski" + "liabraid" + "lynn" + "mal" + "manuel" + "maraz" + "marieke" + "marky" + "mature" + "mbyrne" + "meanturtle" + "mickaful" + "mickasul" + "mikado" + "mikeh" + "mikkel" + "mixiezme" + "mmc" + "molly" + "moochie" + "moonser" + "mopic" + "mp" + "nastros" + "neutrino" + "new" + "nezzy" + "nkdc" + "nmcenroy" + "noelle" + "nugget" + "ob" + "omega" + "oneillbeano" + "pamela" + "peterj" + "photyl" + "plake" + "pmcg1986" + "pyro" + "qubeat" + "rachel" + "rachelg" + "ralmeida" + "raymond" + "razzlero" + "red" + "rmacm" + "rmorrissey" + "robson" + "selena" + "shark" + "shayscannell" + "shazlove" + "shelley" + "shelly" + "silver.old" + "sirhc" + "sithlord" + "sk" + "sligoer" + "slowey" + "smallp" + "smurfy" + "sordfish" + "soul98" + "soular" + "st" + "stefanovich" + "svp" + "szczerba" + "tangsoodo" + "tc" + "tenfor" + "teslacut" + "theematt" + "thomasl" + "tockman" + "ugm" + "vanzan" + "volleyb" + "warren" + "weather" + "wiles" + "yvonne" + "zrahman" + ]; + }; + }; +} From bece34b65e88d3885e67327def760a6436cfb4e5 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 9 Oct 2023 17:53:22 +0100 Subject: [PATCH 109/826] feat: roughly set up virtual aliases to use. Will need to see if I cna get the idea merged in upstream. Closes https://gitlab.skynet.ie/compsoc1/skynet/nixos/-/issues/22 --- applications/email.nix | 79 ++++++++++++++++++++++++++++++++++++++++++ flake.lock | 12 ++++--- flake.nix | 3 +- 3 files changed, 88 insertions(+), 6 deletions(-) diff --git a/applications/email.nix b/applications/email.nix index 5275bd7..2faa98c 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -15,12 +15,20 @@ with lib; let # thought you could escape racket? create_filter = groups: create_filter_join (create_filter_array groups); + + create_skynet_email = accounts: (map (account: "${account}@skynet.ie") accounts); + + create_skynet_email_admin = create_skynet_email config.users.admin; + create_skynet_email_committee = create_skynet_email config.users.committee; in { imports = [ ./dns.nix ./acme.nix ./nginx.nix inputs.simple-nixos-mailserver.nixosModule + + # for teh config + ../config/users.nix ]; options.services.skynet_email = { @@ -226,6 +234,77 @@ in { cfg.domain ]; + extraVirtualAliases = { + "abuse@skynet.ie" = + [ + "abuse_int@skynet.ie" + ] + ++ create_skynet_email_admin; + + "accounts@skynet.ie" = + [ + "accounts_int@skynet.ie" + ] + ++ create_skynet_email_committee; + + "compsoc@skynet.ie" = + [ + "compsoc_int@skynet.ie" + ] + ++ create_skynet_email_committee; + "contact@skynet.ie" = + [ + "contact_int@skynet.ie" + ] + ++ create_skynet_email_committee; + + "dbadmin@skynet.ie" = + [ + "dbadmin_int@skynet.ie" + ] + ++ create_skynet_email_admin; + + "dnsadm@skynet.ie" = + [ + "dnsadm_int@skynet.ie" + ] + ++ create_skynet_email_admin; + + "hostmaster@skynet.ie" = + [ + "hostmaster_int@skynet.ie" + ] + ++ create_skynet_email_admin; + + "intersocsrep@skynet.ie" = + [ + "intersocsrep_int@skynet.ie" + ] + ++ create_skynet_email_committee; + + "mailman@skynet.ie" = + [ + "mailman_int@skynet.ie" + ] + ++ create_skynet_email_admin; + + "security@skynet.ie" = + [ + "security_int@skynet.ie" + ] + ++ create_skynet_email_admin; + "sysadm@skynet.ie" = + [ + "sysadm_int@skynet.ie" + ] + ++ create_skynet_email_admin; + "webadmin@skynet.ie" = + [ + "webadmin_int@skynet.ie" + ] + ++ create_skynet_email_admin; + }; + # use the letsencrypt certs certificateScheme = "acme"; diff --git a/flake.lock b/flake.lock index fb35479..3b2cae9 100644 --- a/flake.lock +++ b/flake.lock @@ -634,15 +634,17 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1689976554, - "narHash": "sha256-uWJq3sIhkqfzPmfB2RWd5XFVooGFfSuJH9ER/r302xQ=", - "owner": "simple-nixos-mailserver", + "host": "gitlab.skynet.ie", + "lastModified": 1696865182, + "narHash": "sha256-zyUUOA+RiwRjLP6+zi80p5pqftYK3+9yIN5wQ9VlGkw=", + "owner": "compsoc1%2Fskynet%2Fmisc", "repo": "nixos-mailserver", - "rev": "c63f6e7b053c18325194ff0e274dba44e8d2271e", + "rev": "14007ae0eaeba4cc0235135f872122e398f09040", "type": "gitlab" }, "original": { - "owner": "simple-nixos-mailserver", + "host": "gitlab.skynet.ie", + "owner": "compsoc1%2Fskynet%2Fmisc", "repo": "nixos-mailserver", "type": "gitlab" } diff --git a/flake.nix b/flake.nix index c61d17a..0b8cf47 100644 --- a/flake.nix +++ b/flake.nix @@ -17,7 +17,8 @@ }; # email - simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; + # simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; + simple-nixos-mailserver.url = "gitlab:compsoc1%2Fskynet%2Fmisc/nixos-mailserver?host=gitlab.skynet.ie"; # account.skynet.ie skynet_ldap_backend.url = "gitlab:compsoc1%2Fskynet%2Fldap/backend?host=gitlab.skynet.ie"; From 9f94b5b55132e0d8952241eab99cda551b060a95 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 9 Oct 2023 17:57:33 +0100 Subject: [PATCH 110/826] fix: formatting --- config/users.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/config/users.nix b/config/users.nix index d207041..43768c2 100644 --- a/config/users.nix +++ b/config/users.nix @@ -1,7 +1,4 @@ -{ - lib, - ... -}: +{lib, ...}: with lib; let port_backend = "8087"; in { From 8ea737d57b224cdc8e5009ff47cb1e013ca71ac0 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 9 Oct 2023 18:04:01 +0100 Subject: [PATCH 111/826] fix: use a better namespace --- applications/email.nix | 4 ++-- applications/ldap/backend.nix | 2 +- config/users.nix | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/applications/email.nix b/applications/email.nix index 2faa98c..39e9731 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -18,8 +18,8 @@ with lib; let create_skynet_email = accounts: (map (account: "${account}@skynet.ie") accounts); - create_skynet_email_admin = create_skynet_email config.users.admin; - create_skynet_email_committee = create_skynet_email config.users.committee; + create_skynet_email_admin = create_skynet_email config.skynet.users.admin; + create_skynet_email_committee = create_skynet_email config.skynet.users.committee; in { imports = [ ./dns.nix diff --git a/applications/ldap/backend.nix b/applications/ldap/backend.nix index 81a1650..d9aee37 100644 --- a/applications/ldap/backend.nix +++ b/applications/ldap/backend.nix @@ -91,7 +91,7 @@ in { }; host_port = "127.0.0.1:${port_backend}"; - users = config.users; + users = config.skynet.users; }; }; } diff --git a/config/users.nix b/config/users.nix index 43768c2..cc35745 100644 --- a/config/users.nix +++ b/config/users.nix @@ -2,7 +2,7 @@ with lib; let port_backend = "8087"; in { - options = { + options.skynet = { users = { admin = mkOption rec { type = types.listOf types.str; @@ -32,7 +32,7 @@ in { }; }; - config = { + config.skynet = { users = { admin = [ "silver" From c9b8f9b641d8d9b0e36d780fe0630c48732ebe85 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 9 Oct 2023 18:36:50 +0000 Subject: [PATCH 112/826] [skip ci] Updated flake for skynet_website --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 150fb90..0793b8a 100644 --- a/flake.lock +++ b/flake.lock @@ -721,11 +721,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1690725984, - "narHash": "sha256-1WNUS3f+YP9wHTxRo//a3yhOow4lzKH+hiNEAOFGtRM=", + "lastModified": 1696876597, + "narHash": "sha256-clG/fwmnSHmUgJehzNJ24v7XEiwYFBWBNuCZpg0eFS0=", "owner": "compsoc1%2Fskynet%2Fwebsite", "repo": "2023", - "rev": "aef61e067345dd3e1512e5b9b529183c066dd077", + "rev": "1ff1e52f24fb0e10070e3e2483611ae0c2852bd5", "type": "gitlab" }, "original": { From 6ce481fd2cefd3c947db511108ce03ec39192c7f Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 9 Oct 2023 18:44:36 +0000 Subject: [PATCH 113/826] [skip ci] Updated flake for skynet_website --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 0793b8a..91bb50c 100644 --- a/flake.lock +++ b/flake.lock @@ -721,11 +721,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1696876597, - "narHash": "sha256-clG/fwmnSHmUgJehzNJ24v7XEiwYFBWBNuCZpg0eFS0=", + "lastModified": 1696876711, + "narHash": "sha256-WdZQBLTX6WK8iT7FwvD6sNEefGwtAWmzxZzCvvmDxGo=", "owner": "compsoc1%2Fskynet%2Fwebsite", "repo": "2023", - "rev": "1ff1e52f24fb0e10070e3e2483611ae0c2852bd5", + "rev": "c4d61c753292bf73ed41b47b1607cfc92a82a191", "type": "gitlab" }, "original": { From 34fe15863fa7919ae28a89379c61916e4860a8ab Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 9 Oct 2023 22:52:35 +0100 Subject: [PATCH 114/826] fix: seems that nix changed how gitlab links were handled. Discussing it here https://github.com/NixOS/nix/pull/8773 --- flake.lock | 56 ++++++++++++++++++++++++------------------------ flake.nix | 63 ++++++++++++++++++++++++++++++++++++++++++++++-------- 2 files changed, 82 insertions(+), 37 deletions(-) diff --git a/flake.lock b/flake.lock index 91bb50c..7b62fa7 100644 --- a/flake.lock +++ b/flake.lock @@ -637,15 +637,15 @@ "host": "gitlab.skynet.ie", "lastModified": 1696865182, "narHash": "sha256-zyUUOA+RiwRjLP6+zi80p5pqftYK3+9yIN5wQ9VlGkw=", - "owner": "compsoc1%2Fskynet%2Fmisc", - "repo": "nixos-mailserver", + "owner": "compsoc1%2Fskynet", + "repo": "misc%2Fnixos-mailserver", "rev": "14007ae0eaeba4cc0235135f872122e398f09040", "type": "gitlab" }, "original": { "host": "gitlab.skynet.ie", - "owner": "compsoc1%2Fskynet%2Fmisc", - "repo": "nixos-mailserver", + "owner": "compsoc1%2Fskynet", + "repo": "misc%2Fnixos-mailserver", "type": "gitlab" } }, @@ -681,15 +681,15 @@ "host": "gitlab.skynet.ie", "lastModified": 1695854857, "narHash": "sha256-EyToHIEHft60vKRkndP5siyq17W+vJmqA/dug80WZgM=", - "owner": "compsoc1%2Fskynet%2Fldap", - "repo": "backend", + "owner": "compsoc1%2Fskynet", + "repo": "ldap%2Fbackend", "rev": "9db8a238d2bf7be8bcfa86012b26180c041c13d1", "type": "gitlab" }, "original": { "host": "gitlab.skynet.ie", - "owner": "compsoc1%2Fskynet%2Fldap", - "repo": "backend", + "owner": "compsoc1%2Fskynet", + "repo": "ldap%2Fbackend", "type": "gitlab" } }, @@ -702,15 +702,15 @@ "host": "gitlab.skynet.ie", "lastModified": 1695858897, "narHash": "sha256-mXTqtdScfpqYG+6qDC7NpDCy91gmviXtjxEbnR31TCU=", - "owner": "compsoc1%2Fskynet%2Fldap", - "repo": "frontend", + "owner": "compsoc1%2Fskynet", + "repo": "ldap%2Ffrontend", "rev": "63388a8d1cfcfc020d307aca07af09d165ef7d18", "type": "gitlab" }, "original": { "host": "gitlab.skynet.ie", - "owner": "compsoc1%2Fskynet%2Fldap", - "repo": "frontend", + "owner": "compsoc1%2Fskynet", + "repo": "ldap%2Ffrontend", "type": "gitlab" } }, @@ -723,15 +723,15 @@ "host": "gitlab.skynet.ie", "lastModified": 1696876711, "narHash": "sha256-WdZQBLTX6WK8iT7FwvD6sNEefGwtAWmzxZzCvvmDxGo=", - "owner": "compsoc1%2Fskynet%2Fwebsite", - "repo": "2023", + "owner": "compsoc1%2Fskynet", + "repo": "website%2F2023", "rev": "c4d61c753292bf73ed41b47b1607cfc92a82a191", "type": "gitlab" }, "original": { "host": "gitlab.skynet.ie", - "owner": "compsoc1%2Fskynet%2Fwebsite", - "repo": "2023", + "owner": "compsoc1%2Fskynet", + "repo": "website%2F2023", "type": "gitlab" } }, @@ -744,15 +744,15 @@ "host": "gitlab.skynet.ie", "lastModified": 1690726067, "narHash": "sha256-/BrljRmgR65bdqWgGBBWlTFiBzr0EBh1OeMlLj+xTg4=", - "owner": "compsoc1%2Fskynet%2Fwebsite", - "repo": "2016", + "owner": "compsoc1%2Fskynet", + "repo": "website%2F2016", "rev": "63e0b33c5a48cbd4e68f23dde4987959b6c8e97e", "type": "gitlab" }, "original": { "host": "gitlab.skynet.ie", - "owner": "compsoc1%2Fskynet%2Fwebsite", - "repo": "2016", + "owner": "compsoc1%2Fskynet", + "repo": "website%2F2016", "type": "gitlab" } }, @@ -765,15 +765,15 @@ "host": "gitlab.skynet.ie", "lastModified": 1696129767, "narHash": "sha256-cO9zQNOQKHcaepetJEmWTEM0DJLm+NLvAUpR05TEoqQ=", - "owner": "compsoc1%2Fskynet%2Fwebsite", - "repo": "games.skynet.ie", + "owner": "compsoc1%2Fskynet", + "repo": "website%2Fgames.skynet.ie", "rev": "d5b6a87df665c1ac0cb7ec39acc088a3de703c60", "type": "gitlab" }, "original": { "host": "gitlab.skynet.ie", - "owner": "compsoc1%2Fskynet%2Fwebsite", - "repo": "games.skynet.ie", + "owner": "compsoc1%2Fskynet", + "repo": "website%2Fgames.skynet.ie", "type": "gitlab" } }, @@ -786,15 +786,15 @@ "host": "gitlab.skynet.ie", "lastModified": 1696453842, "narHash": "sha256-q33InJdgtxep17k5rXLNLunxC9Jdvv5nC0Hc+2NxMZA=", - "owner": "compsoc1%2Fskynet%2Fwebsite", - "repo": "alumni-renew", + "owner": "compsoc1%2Fskynet", + "repo": "website%2Falumni-renew", "rev": "0e5ddb75723fc3baae19611114cb59b4673d48e0", "type": "gitlab" }, "original": { "host": "gitlab.skynet.ie", - "owner": "compsoc1%2Fskynet%2Fwebsite", - "repo": "alumni-renew", + "owner": "compsoc1%2Fskynet", + "repo": "website%2Falumni-renew", "type": "gitlab" } }, diff --git a/flake.nix b/flake.nix index 0b8cf47..2118910 100644 --- a/flake.nix +++ b/flake.nix @@ -18,17 +18,62 @@ # email # simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; - simple-nixos-mailserver.url = "gitlab:compsoc1%2Fskynet%2Fmisc/nixos-mailserver?host=gitlab.skynet.ie"; + simple-nixos-mailserver = { + type = "gitlab"; + host = "gitlab.skynet.ie"; + owner = "compsoc1%2Fskynet"; + repo = "misc%2Fnixos-mailserver"; + }; # account.skynet.ie - skynet_ldap_backend.url = "gitlab:compsoc1%2Fskynet%2Fldap/backend?host=gitlab.skynet.ie"; - skynet_ldap_frontend.url = "gitlab:compsoc1%2Fskynet%2Fldap/frontend?host=gitlab.skynet.ie"; - skynet_website.url = "gitlab:compsoc1%2Fskynet%2Fwebsite/2023?host=gitlab.skynet.ie"; - skynet_website_2016.url = "gitlab:compsoc1%2Fskynet%2Fwebsite/2016?host=gitlab.skynet.ie"; - skynet_website_renew.url = "gitlab:compsoc1%2Fskynet%2Fwebsite/alumni-renew?host=gitlab.skynet.ie"; - skynet_website_games.url = "gitlab:compsoc1%2Fskynet%2Fwebsite/games.skynet.ie?host=gitlab.skynet.ie"; - skynet_discord_bot.url = "gitlab:compsoc1%2Fskynet/discord-bot?host=gitlab.skynet.ie"; - compsoc_public.url = "gitlab:compsoc1%2Fcompsoc/presentations?host=gitlab.skynet.ie"; + skynet_ldap_backend = { + type = "gitlab"; + host = "gitlab.skynet.ie"; + owner = "compsoc1%2Fskynet"; + repo = "ldap%2Fbackend"; + }; + skynet_ldap_frontend = { + type = "gitlab"; + host = "gitlab.skynet.ie"; + owner = "compsoc1%2Fskynet"; + repo = "ldap%2Ffrontend"; + }; + skynet_website = { + type = "gitlab"; + host = "gitlab.skynet.ie"; + owner = "compsoc1%2Fskynet"; + repo = "website%2F2023"; + }; + skynet_website_2016 = { + type = "gitlab"; + host = "gitlab.skynet.ie"; + owner = "compsoc1%2Fskynet"; + repo = "website%2F2016"; + }; + skynet_website_renew = { + type = "gitlab"; + host = "gitlab.skynet.ie"; + owner = "compsoc1%2Fskynet"; + repo = "website%2Falumni-renew"; + }; + skynet_website_games = { + type = "gitlab"; + host = "gitlab.skynet.ie"; + owner = "compsoc1%2Fskynet"; + repo = "website%2Fgames.skynet.ie"; + }; + skynet_discord_bot = { + type = "gitlab"; + host = "gitlab.skynet.ie"; + owner = "compsoc1%2Fskynet"; + repo = "discord-bot"; + }; + compsoc_public = { + type = "gitlab"; + host = "gitlab.skynet.ie"; + owner = "compsoc1%2Fcompsoc"; + repo = "presentations"; + }; }; nixConfig.bash-prompt-suffix = "[Skynet Dev] "; From 79fcefb378d692e9ae21739f8b68bbbfdb49b932 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 11 Oct 2023 09:17:40 +0100 Subject: [PATCH 115/826] fix: ensire library is properly unset --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 2118910..9b85efa 100644 --- a/flake.nix +++ b/flake.nix @@ -97,7 +97,7 @@ pkgs.buildPackages.nmap ]; buildInputs = [agenix.packages.x86_64-linux.default]; - shellHook = ''export EDITOR="${pkgs.nano}/bin/nano --nonewlines"''; + shellHook = ''export EDITOR="${pkgs.nano}/bin/nano --nonewlines"; unset LD_LIBRARY_PATH;''; }; colmena = { From fd1a70edc92c3ff431af1c7854fa23114373d94c Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 11 Oct 2023 10:49:25 +0100 Subject: [PATCH 116/826] feat: improve the email --- applications/email.nix | 88 ++++++++---------------------------------- 1 file changed, 17 insertions(+), 71 deletions(-) diff --git a/applications/email.nix b/applications/email.nix index 39e9731..27e7308 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -16,10 +16,10 @@ with lib; let # thought you could escape racket? create_filter = groups: create_filter_join (create_filter_array groups); - create_skynet_email = accounts: (map (account: "${account}@skynet.ie") accounts); + create_skynet_email = accounts: mailbox: (map (account: "${account}+${mailbox}@skynet.ie") accounts); - create_skynet_email_admin = create_skynet_email config.skynet.users.admin; - create_skynet_email_committee = create_skynet_email config.skynet.users.committee; + create_skynet_email_admin = mailbox: (create_skynet_email config.skynet.users.admin mailbox) ++ ["${mailbox}_int@skynet.ie"]; + create_skynet_email_committee = mailbox: (create_skynet_email config.skynet.users.committee mailbox) ++ ["${mailbox}_int@skynet.ie"]; in { imports = [ ./dns.nix @@ -234,75 +234,21 @@ in { cfg.domain ]; + lmtpSaveToDetailMailbox = "yes"; + extraVirtualAliases = { - "abuse@skynet.ie" = - [ - "abuse_int@skynet.ie" - ] - ++ create_skynet_email_admin; - - "accounts@skynet.ie" = - [ - "accounts_int@skynet.ie" - ] - ++ create_skynet_email_committee; - - "compsoc@skynet.ie" = - [ - "compsoc_int@skynet.ie" - ] - ++ create_skynet_email_committee; - "contact@skynet.ie" = - [ - "contact_int@skynet.ie" - ] - ++ create_skynet_email_committee; - - "dbadmin@skynet.ie" = - [ - "dbadmin_int@skynet.ie" - ] - ++ create_skynet_email_admin; - - "dnsadm@skynet.ie" = - [ - "dnsadm_int@skynet.ie" - ] - ++ create_skynet_email_admin; - - "hostmaster@skynet.ie" = - [ - "hostmaster_int@skynet.ie" - ] - ++ create_skynet_email_admin; - - "intersocsrep@skynet.ie" = - [ - "intersocsrep_int@skynet.ie" - ] - ++ create_skynet_email_committee; - - "mailman@skynet.ie" = - [ - "mailman_int@skynet.ie" - ] - ++ create_skynet_email_admin; - - "security@skynet.ie" = - [ - "security_int@skynet.ie" - ] - ++ create_skynet_email_admin; - "sysadm@skynet.ie" = - [ - "sysadm_int@skynet.ie" - ] - ++ create_skynet_email_admin; - "webadmin@skynet.ie" = - [ - "webadmin_int@skynet.ie" - ] - ++ create_skynet_email_admin; + "abuse@skynet.ie" = create_skynet_email_admin "abuse"; + "accounts@skynet.ie" = create_skynet_email_committee "accounts"; + "compsoc@skynet.ie" = create_skynet_email_committee "compsoc"; + "contact@skynet.ie" = create_skynet_email_committee "contact"; + "dbadmin@skynet.ie" = create_skynet_email_admin "dbadmin"; + "dnsadm@skynet.ie" = create_skynet_email_admin "dnsadm"; + "hostmaster@skynet.ie" = create_skynet_email_admin "hostmaster"; + "intersocsrep@skynet.ie" = create_skynet_email_committee "intersocsrep"; + "mailman@skynet.ie" = create_skynet_email_admin "mailman"; + "security@skynet.ie" = create_skynet_email_admin "security"; + "sysadm@skynet.ie" = create_skynet_email_admin "sysadm"; + "webadmin@skynet.ie" = create_skynet_email_admin "webadmin"; }; # use the letsencrypt certs From d46d42cc480aea1f0572022332a6a54b3f35737e Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 11 Oct 2023 11:57:05 +0100 Subject: [PATCH 117/826] fix: new email for the signup process --- secrets/email/details.age | 42 +++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 22 deletions(-) diff --git a/secrets/email/details.age b/secrets/email/details.age index 8624547..75066f6 100644 --- a/secrets/email/details.age +++ b/secrets/email/details.age @@ -1,23 +1,21 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA FSc59RWZTb6JaTHqFAs361pYbyo/xTBYIBs5MDE3KmQ -k+EPCtRL00RTKn1QBrvCalpwRNnlF6piF9NU/ggUGuo --> ssh-ed25519 4PzZog 5bnFZc4NkNU5SsTN1S7oz8UyXrbLqRQv62ujLuc8w30 -G8FmAXEwFNo5kfSIdjIz0Kxqa7fTwsBjecRP4Vq/PeU --> ssh-ed25519 5Nd93w D5ZMq3/rIsPlmYdTPULbH6uLcExZlWp6EaK0AMAhoBI -nRjxM84tLVtcWDdU4cRQxdvwAKLPPbqaiMTN9TKN2fI --> ssh-ed25519 q8eJgg +U52ie/+blevNjICWeUZpKR88IBS2ZKaJe97uH+/6QI -3I6I/hu8U1V0MsdaUxJyvn7P4UJ5bh1IbuYUV48Drts --> ssh-ed25519 IzAMqA W6zlgpmiaFgofkvg3jcCclIPc93x7A5QLMhBNzIWsQU -SLOe84XMuyASHAXR9rQip2nJ97csgx+PcwWO5jtCs6k --> ssh-ed25519 uZzB3g V8WgQqJ5ZIOrNwP55zDeGXD9fODiMcqxOmKd5GE1nBc -GwDDzZJw0HmRNMOEaetLbzKftQ8QD7IVo2XOXbBQHZg --> ssh-ed25519 Hb0ipQ I/qawB8ypJsIWQx309AXvBxQxaHx+UHYOSTUzvOOXmY -fYXf8BepdDilvnV+/uMdB2Gr5jkHXLr2agvqU4ntWcA --> ssh-ed25519 IzAMqA MMU5dNAOamQ0rhjTfHFE6JMFqBhW8qKYNmvCSvFov38 -9Olf2LJnHpZxSyXwNg7W5Ml+e7GADF/321GoFPA7S4k --> #wc40kId-grease w $mxWw Q -FiamK9KVUlgQBaQ36KqWfWd4kMWo2Ur+Yptfivl7kMRjRErahmiltBbEheFS7ONW -zt9mZ0RaGTA ---- jwTEG/j0JBZUcusAJFGABawp6GdQFAkzCwqRFWaM2yc -0>JF87)dBeyQ:l%U,>Y,źJ(09zGi*¯ P'G#r-[ޒ,0h!NL -H$(K(Z \*Fǃ \ No newline at end of file +-> ssh-ed25519 V1pwNA FGnpjvtMlQEUSU/Yatems68P7ggyonctkHTV0KRHyh4 +HMqv4+3Gh7aQvY0t8yuQw9xIxCVjNdZKtEbkFVwrFPc +-> ssh-ed25519 4PzZog sDgXstvONElzb6QVgb1elI4zYlLmnmeGPJDIvwXKuHM +6gTcns2FdeezbUZ3eju6T54avvL/XGwQ+RgO++/NL5s +-> ssh-ed25519 5Nd93w p8xCIRNHB+dI/2g3D5yYaColw5xqwnPTXRiNeZ93lgs +lsuYyfyhG7AEVOvv8orux5MhtLAihN6obduWThN4vY8 +-> ssh-ed25519 q8eJgg 9JTv63DlMKQ7oKGlYL/s6v0P3kXM0JwznNhrWjxmWGI +cC7wmksvARscQY5tRPoa5uU0Bhv1XvXHxnAmetglLyQ +-> ssh-ed25519 IzAMqA ZfxLgzUT+lR15YHEtB5wubQ6yrfo1jCfhXrcftC4zG4 +4Me+kebp+tGcYEgoUpacJ7vc97Zx9HU3OyGJfEnOBiA +-> ssh-ed25519 uZzB3g 9JjpdqrrC+I0lsTJzd85S3Ty5OzLCgk73Uy4J0W8zFI +otD/Rhl/M/wzajFsa9/Ekh4hdgFj7U4rLIOnVl38ww8 +-> ssh-ed25519 Hb0ipQ KIHz+NlYyJr0123zY5KzP7DKIVKMZ96pkYszfm6ZZWw +5otxnKJG/rlbkkg7Oq5gNpsCv0N4a7/keLgVQV+/HZE +-> ssh-ed25519 IzAMqA M3f4xVILPuTfWltc6MGbmNaJh3lHVrUUTJLewO6sths +VxyGTeZCIQ+YFQQDawnq5c/KZJJZ4XyBOkTe8ERAR5Q +-> QPWdC\-grease 6p}<3J[x +mI1KGauviXoXmMuh5wc7XnJWczUEMpzCSt1I8Uwo0tBP1WK8/WvD8A +--- 6qiPEiJW4DZdXJWin+F0aAIEEA/FaUDfQ7Hsuvo1QKs +D!տ9{,&lk<#qԇ3)aa] lĔ$p:uI7K+-<ހȜ诳#0b{ɑbQ Gr2 y;5C5֦Z7 A \ No newline at end of file From e679f523fc327ce2b06ac53e09933b0d0f7b7da8 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Wed, 11 Oct 2023 17:12:59 +0000 Subject: [PATCH 118/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 7b62fa7..e7bb0b5 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1696807105, - "narHash": "sha256-AFBrR/PcuoPNNOLqRd9hpTfYLcf735okdWF93pHzJZs=", + "lastModified": 1697041845, + "narHash": "sha256-1HE7xCt+FHVsbZXZTFropE4hpvXbJouBxbjTVJidZyU=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations", - "rev": "af19a25f9a71669c68993509e56434e547936d9c", + "rev": "ffdfdfafb26518e85bdfe27dad2276199517fdd4", "type": "gitlab" }, "original": { From 487fb3f0bf4d74f99ecaddbf7f3fc0fa0c0a2a4e Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 13 Oct 2023 09:45:07 +0100 Subject: [PATCH 119/826] fix: enable better mail sorting Deals with #32 --- applications/gitlab.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/applications/gitlab.nix b/applications/gitlab.nix index 3342607..adc4dd8 100644 --- a/applications/gitlab.nix +++ b/applications/gitlab.nix @@ -115,6 +115,11 @@ in { r_type = "A"; value = cfg.host.ip; } + { + record = cfg.host.ip; + r_type = "PTR"; + value = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}."; + } ]; networking.firewall.allowedTCPPorts = [ @@ -140,6 +145,9 @@ in { }; }; + # set a valid HELO address + services.postfix.hostname = lib.mkForce "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; + services.gitlab = { enable = true; From 19a74762786461a2443ae04327ba137bb5bda601 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 13 Oct 2023 09:54:47 +0100 Subject: [PATCH 120/826] fix: better email config Deals with #32 --- applications/gitlab.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/applications/gitlab.nix b/applications/gitlab.nix index adc4dd8..00461e1 100644 --- a/applications/gitlab.nix +++ b/applications/gitlab.nix @@ -6,6 +6,9 @@ }: with lib; let cfg = config.services.skynet_gitlab; + + domain_base = "${cfg.domain.base}.${cfg.domain.tld}"; + domain_full = "${cfg.domain.sub}.${domain_base}"; in { imports = [ ./acme.nix @@ -146,7 +149,11 @@ in { }; # set a valid HELO address - services.postfix.hostname = lib.mkForce "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; + services.postfix = { + hostname = lib.mkForce domain_full; + origin = lib.mkForce domain_full; + domain = lib.mkForce domain_base; + }; services.gitlab = { enable = true; From bea98fc9fcdf2987d027687282f22d5166c5efe0 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 13 Oct 2023 11:21:26 +0100 Subject: [PATCH 121/826] fix: better email config, now with dns records Deals with #32 --- applications/dns.nix | 7 ++++++- applications/email.nix | 2 +- applications/gitlab.nix | 21 +++++++++++++++++++-- 3 files changed, 26 insertions(+), 4 deletions(-) diff --git a/applications/dns.nix b/applications/dns.nix index f337055..438ca0b 100644 --- a/applications/dns.nix +++ b/applications/dns.nix @@ -88,6 +88,11 @@ ; ------------------------------------------ ${format_records (filter_records_type "TXT") 29} + ; ------------------------------------------ + ; MX + ; ------------------------------------------ + ${format_records (filter_records_type "MX") 29} + ; ------------------------------------------ ; SRV ; ------------------------------------------ @@ -317,7 +322,7 @@ in { type = str; }; r_type = lib.mkOption { - type = enum ["A" "CNAME" "TXT" "PTR" "SRV"]; + type = enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"]; }; value = lib.mkOption { type = str; diff --git a/applications/email.nix b/applications/email.nix index 27e7308..752c7eb 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -126,7 +126,7 @@ in { { record = "${cfg.domain}."; r_type = "TXT"; - value = ''"v=spf1 a:${cfg.sub}.${cfg.domain} a:gitlab.skynet.ie -all"''; + value = ''"v=spf1 a:${cfg.sub}.${cfg.domain} -all"''; } # DKIM keys diff --git a/applications/gitlab.nix b/applications/gitlab.nix index 00461e1..d97b48e 100644 --- a/applications/gitlab.nix +++ b/applications/gitlab.nix @@ -109,8 +109,8 @@ in { skynet_dns.records = [ { record = cfg.domain.sub; - r_type = "CNAME"; - value = cfg.host.name; + r_type = "A"; + value = cfg.host.ip; } # for gitlab pages { @@ -118,11 +118,28 @@ in { r_type = "A"; value = cfg.host.ip; } + + # for email + { + record = "${cfg.domain.sub}"; + r_type = "MX"; + value = ''10 ${domain_full}.''; + } { record = cfg.host.ip; r_type = "PTR"; value = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}."; } + { + record = "${domain_full}."; + r_type = "TXT"; + value = ''"v=spf1 a:gitlab.skynet.ie -all"''; + } + { + record = "_dmarc.${domain_full}."; + r_type = "TXT"; + value = ''"v=DMARC1; p=none"''; + } ]; networking.firewall.allowedTCPPorts = [ From 1e0a567bc498e84b2e4d0caa425fce9f22a81254 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 14 Oct 2023 16:14:10 +0100 Subject: [PATCH 122/826] fix: add nixos related items --- .gitignore | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.gitignore b/.gitignore index 4a79ea1..b759041 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,8 @@ test.* # Dealing with Mac users .DS_Store + +# nixos stuff +result +/result +.gcroots From abac7ef29155dc752ca0204bcac241deb8ba0b18 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 14 Oct 2023 16:31:29 +0100 Subject: [PATCH 123/826] fix: ignore tmp files as well --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index b759041..0d38c4e 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,7 @@ # Microsoft office Lockfiles ~$* *.tmp +tmp # Test files test.* From dd10b0f8cbfebbae3e0460ffda3471456b0be18e Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 14 Oct 2023 16:48:01 +0100 Subject: [PATCH 124/826] fix: standardise the dns spacing a tad --- applications/dns.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/applications/dns.nix b/applications/dns.nix index 438ca0b..c75d904 100644 --- a/applications/dns.nix +++ b/applications/dns.nix @@ -71,12 +71,12 @@ ; ------------------------------------------ ; Server Names (A Records) ; ------------------------------------------ - ${format_records sort_records_server 11} + ${format_records sort_records_server 31} ; ------------------------------------------ ; A (non server names ; ------------------------------------------ - ${format_records sort_records_a 18} + ${format_records sort_records_a 31} ; ------------------------------------------ ; CNAMES @@ -86,17 +86,17 @@ ; ------------------------------------------ ; TXT ; ------------------------------------------ - ${format_records (filter_records_type "TXT") 29} + ${format_records (filter_records_type "TXT") 31} ; ------------------------------------------ ; MX ; ------------------------------------------ - ${format_records (filter_records_type "MX") 29} + ${format_records (filter_records_type "MX") 31} ; ------------------------------------------ ; SRV ; ------------------------------------------ - ${format_records sort_records_srv 17} + ${format_records sort_records_srv 31} '' From 75a886b46129064ca2b0ca4efad4ae54d380f3c1 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sat, 14 Oct 2023 16:20:52 +0000 Subject: [PATCH 125/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index e7bb0b5..2210f78 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1697041845, - "narHash": "sha256-1HE7xCt+FHVsbZXZTFropE4hpvXbJouBxbjTVJidZyU=", + "lastModified": 1697300433, + "narHash": "sha256-8UK1CHBeaADEwqW6T0gJu5F6ydKe3auqrsZAKy551+0=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations", - "rev": "ffdfdfafb26518e85bdfe27dad2276199517fdd4", + "rev": "64c7b24ff78637d9179d04f73189e76ad5d71beb", "type": "gitlab" }, "original": { From 118e645b98d4f17241b5933a16b1132d7127bcf6 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Thu, 19 Oct 2023 19:36:57 +0000 Subject: [PATCH 126/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 2210f78..986c112 100644 --- a/flake.lock +++ b/flake.lock @@ -679,11 +679,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1695854857, - "narHash": "sha256-EyToHIEHft60vKRkndP5siyq17W+vJmqA/dug80WZgM=", + "lastModified": 1697743642, + "narHash": "sha256-c2CW9BLDzGRAHJGkbxQGYQI6MUKttOGAJrMbXT8eR5Y=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Fbackend", - "rev": "9db8a238d2bf7be8bcfa86012b26180c041c13d1", + "rev": "6cc97eccb2057d9d2c42955726263fa900f7817a", "type": "gitlab" }, "original": { From 1f0cf38c52c7d83f15db94a51e8722c365288ae1 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 19 Oct 2023 20:50:00 +0100 Subject: [PATCH 127/826] committee: added souradbh --- config/users.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/config/users.nix b/config/users.nix index cc35745..21ef7a8 100644 --- a/config/users.nix +++ b/config/users.nix @@ -48,6 +48,7 @@ in { "kaiden" "pine" "nanda" + "sourabh1805" ]; lifetime = []; banned = []; From c7faf7734c14a1e3e626e0e8b502f2fa0b96da66 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 19 Oct 2023 22:13:22 +0100 Subject: [PATCH 128/826] email: add pycon inbox --- applications/email.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/applications/email.nix b/applications/email.nix index 752c7eb..41c9b3b 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -249,6 +249,7 @@ in { "security@skynet.ie" = create_skynet_email_admin "security"; "sysadm@skynet.ie" = create_skynet_email_admin "sysadm"; "webadmin@skynet.ie" = create_skynet_email_admin "webadmin"; + "pycon2023@skynet.ie" = create_skynet_email_committee "pycon2023"; }; # use the letsencrypt certs From dd0e55c9d6a81f667fe8d8195e03a7a6087398d4 Mon Sep 17 00:00:00 2001 From: daragh Date: Thu, 19 Oct 2023 23:51:23 +0100 Subject: [PATCH 129/826] added dmarc policy- relaxed for now but can be made more strict if needed --- applications/email.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/applications/email.nix b/applications/email.nix index 41c9b3b..b7b07bc 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -145,7 +145,11 @@ in { { record = "_dmarc.${cfg.domain}."; r_type = "TXT"; - value = ''"v=DMARC1; p=none"''; + value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=r; aspf=r; sp=none"''; + #sp value which is left out , for different dmarc policy for subdomains + #quarantine = sends to spam, reject = never sent + #pct = percent of emails passed through dmarc, might want to be lower than 100 for testing + #adkim, aspf see https://support.google.com/a/answer/10032169#zippy=%2Cdmarc-record-tag-definitions-and-values } # reverse pointer From 97fb80a4fbacce40cecfdc5cb396a29ccb379b7a Mon Sep 17 00:00:00 2001 From: daragh Date: Fri, 20 Oct 2023 00:12:46 +0100 Subject: [PATCH 130/826] Formatted comments --- applications/email.nix | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/applications/email.nix b/applications/email.nix index b7b07bc..f3d9822 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -142,15 +142,17 @@ in { } # DMARC + # p : quarantine => sends to spam , reject => never sent + # rua : mail that receives reports about DMARC activity + # pct : percentage of unathenticated messages that DMARC stops + # adkim : alignment policy for DKIM, s=> Strict, subdomains arent allowed, r => relaxed, subdomains allowed + # aspf : alignment policy for SPF, s=> Strict, subdomains arent allowed, r => relaxed, subdomains allowed + # sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent { record = "_dmarc.${cfg.domain}."; r_type = "TXT"; value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=r; aspf=r; sp=none"''; - #sp value which is left out , for different dmarc policy for subdomains - #quarantine = sends to spam, reject = never sent - #pct = percent of emails passed through dmarc, might want to be lower than 100 for testing - #adkim, aspf see https://support.google.com/a/answer/10032169#zippy=%2Cdmarc-record-tag-definitions-and-values - } + } # reverse pointer { From 4407d3763668c9673c38307666aa5e22799ae03a Mon Sep 17 00:00:00 2001 From: daragh Date: Fri, 20 Oct 2023 00:15:06 +0100 Subject: [PATCH 131/826] consistency --- applications/email.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/applications/email.nix b/applications/email.nix index f3d9822..24f4e60 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -142,17 +142,17 @@ in { } # DMARC - # p : quarantine => sends to spam , reject => never sent + # p : quarantine => sends to spam, reject => never sent # rua : mail that receives reports about DMARC activity # pct : percentage of unathenticated messages that DMARC stops - # adkim : alignment policy for DKIM, s=> Strict, subdomains arent allowed, r => relaxed, subdomains allowed - # aspf : alignment policy for SPF, s=> Strict, subdomains arent allowed, r => relaxed, subdomains allowed + # adkim : alignment policy for DKIM, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed + # aspf : alignment policy for SPF, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed # sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent { record = "_dmarc.${cfg.domain}."; r_type = "TXT"; value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=r; aspf=r; sp=none"''; - } + } # reverse pointer { From d141771f23d8a6efd619e280539fd2c45f9ce6c6 Mon Sep 17 00:00:00 2001 From: daragh Date: Fri, 20 Oct 2023 00:18:01 +0100 Subject: [PATCH 132/826] changed comment location --- applications/email.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/applications/email.nix b/applications/email.nix index 24f4e60..520df21 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -142,15 +142,16 @@ in { } # DMARC - # p : quarantine => sends to spam, reject => never sent - # rua : mail that receives reports about DMARC activity - # pct : percentage of unathenticated messages that DMARC stops - # adkim : alignment policy for DKIM, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed - # aspf : alignment policy for SPF, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed - # sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent + { record = "_dmarc.${cfg.domain}."; r_type = "TXT"; + # p : quarantine => sends to spam, reject => never sent + # rua : mail that receives reports about DMARC activity + # pct : percentage of unathenticated messages that DMARC stops + # adkim : alignment policy for DKIM, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed + # aspf : alignment policy for SPF, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed + # sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=r; aspf=r; sp=none"''; } From 0b03585a8ea73122b066f37a5e6368a2b3d5d762 Mon Sep 17 00:00:00 2001 From: daragh Date: Fri, 20 Oct 2023 00:19:15 +0100 Subject: [PATCH 133/826] whitespace --- applications/email.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/applications/email.nix b/applications/email.nix index 520df21..fc5cbc4 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -142,7 +142,6 @@ in { } # DMARC - { record = "_dmarc.${cfg.domain}."; r_type = "TXT"; From e375a6cbed147790bc9764da87b6ddabdce865f3 Mon Sep 17 00:00:00 2001 From: daragh Date: Fri, 20 Oct 2023 00:23:48 +0100 Subject: [PATCH 134/826] changed DKIM and SPF to strict --- applications/email.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/email.nix b/applications/email.nix index fc5cbc4..0d50c4b 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -151,7 +151,7 @@ in { # adkim : alignment policy for DKIM, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed # aspf : alignment policy for SPF, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed # sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent - value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=r; aspf=r; sp=none"''; + value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=s; aspf=s; sp=none"''; } # reverse pointer From 38d309a554d34ec44d5602c273476aabd1893003 Mon Sep 17 00:00:00 2001 From: daragh Date: Fri, 20 Oct 2023 00:32:56 +0100 Subject: [PATCH 135/826] nix fmt --- applications/email.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/applications/email.nix b/applications/email.nix index 0d50c4b..820aee0 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -145,12 +145,12 @@ in { { record = "_dmarc.${cfg.domain}."; r_type = "TXT"; - # p : quarantine => sends to spam, reject => never sent + # p : quarantine => sends to spam, reject => never sent # rua : mail that receives reports about DMARC activity # pct : percentage of unathenticated messages that DMARC stops # adkim : alignment policy for DKIM, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed # aspf : alignment policy for SPF, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed - # sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent + # sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=s; aspf=s; sp=none"''; } From 7edd86046b3d1ca121e64bb12b9f1cf15092f8bb Mon Sep 17 00:00:00 2001 From: daragh Date: Sat, 21 Oct 2023 05:26:44 +0100 Subject: [PATCH 136/826] feat: Enables sieve filters for the email. Closes #29 --- applications/email.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/applications/email.nix b/applications/email.nix index 820aee0..aca44bd 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -240,6 +240,8 @@ in { cfg.domain ]; + enableManageSieve = true; + lmtpSaveToDetailMailbox = "yes"; extraVirtualAliases = { From bb050d57fd6dd22ad64bf2674327c19d63a72b5c Mon Sep 17 00:00:00 2001 From: daragh Date: Sat, 21 Oct 2023 16:33:40 +0100 Subject: [PATCH 137/826] Feat : added dns config for k-9 mail. Related to #33 --- applications/email.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/applications/email.nix b/applications/email.nix index aca44bd..db1942d 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -120,6 +120,22 @@ in { r_type = "A"; value = cfg.host.ip; } + #DNS config for K-9 Mail + { + record = "imap"; + r_type = "CNAME"; + value = "mail"; + } + { + record = "pop3"; + r_type = "CNAME"; + value = "mail"; + } + { + record = "smtp"; + r_type = "CNAME"; + value = "mail"; + } # TXT records, all tehse are inside escaped strings to allow using "" # SPF record From 7f22a9efa95784a499313e9fa0f7e80dc998e729 Mon Sep 17 00:00:00 2001 From: daragh Date: Sat, 21 Oct 2023 16:44:28 +0100 Subject: [PATCH 138/826] fixed formatting --- applications/email.nix | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/applications/email.nix b/applications/email.nix index db1942d..5cf2aaf 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -122,19 +122,19 @@ in { } #DNS config for K-9 Mail { - record = "imap"; - r_type = "CNAME"; - value = "mail"; + record = "imap"; + r_type = "CNAME"; + value = "mail"; } { - record = "pop3"; - r_type = "CNAME"; - value = "mail"; + record = "pop3"; + r_type = "CNAME"; + value = "mail"; } { - record = "smtp"; - r_type = "CNAME"; - value = "mail"; + record = "smtp"; + r_type = "CNAME"; + value = "mail"; } # TXT records, all tehse are inside escaped strings to allow using "" From 15775a1b5d1607b11507794b16f62402948b4521 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 21 Oct 2023 23:10:39 +0000 Subject: [PATCH 139/826] feat: added possible server names and updated the ITD csv --- ITD_Firewall.csv | 6 +++--- Possible_Server_Names.md | 19 +++++++++++++++++++ 2 files changed, 22 insertions(+), 3 deletions(-) create mode 100644 Possible_Server_Names.md diff --git a/ITD_Firewall.csv b/ITD_Firewall.csv index 8e256af..1bd9535 100644 --- a/ITD_Firewall.csv +++ b/ITD_Firewall.csv @@ -7,8 +7,8 @@ SKYNET00005,galatea,193.1.99.111,galatea/stream,80/443 8000,"","",ULFM Radio SKYNET00006,optimus,193.1.99.112,optimus/games/*.games,80/443 25565,"","",Games server SKYNET00007,kitt,193.1.99.74,kitt/account/api.account,"",80/443,i23-07-28_010,LDAP and Self-Service Password/Account management SKYNET00008,glados,193.1.99.75,glados/gitlab/*.pages.gitlab,80/443,2222,i23-05-18_249,Gitlab server -SKYNET00009,gir,193.1.99.76,gir/mail,80/443 25/143/993/587/465,"",i23-06-19_525/i23-06-19_525,Email and Webmail +SKYNET00009,gir,193.1.99.76,gir/mail/imap/pop3/smtp,80/443 25/143/993/587/465,"",i23-06-19_525/i23-06-19_525,Email and Webmail SKYNET00010,wheatly,193.1.99.78,wheatly,"","","",Gitlab Runner -SKYNET00011,skynet_internal,193.1.99.79,skynet/skynet.int,80/443,"",i23-06-19_525,"Skynet server, Temp until I can get the DMZ setup properly on my end" -SKYNET00012,skynet_dmz,193.1.96.165,skynet,22 80/443,"",i23-06-30_024,Skynet server. +SKYNET00011,earth,193.1.99.79,earth,80/443,"",i23-06-19_525,Offical website host +SKYNET00012,skynet,193.1.96.165,skynet,22 80/443,"",i23-06-30_024,Skynet server. (DMZ) SKYNET00013,neuromancer,193.1.99.80,neuromancer,"","","",Local Backup Server \ No newline at end of file diff --git a/Possible_Server_Names.md b/Possible_Server_Names.md new file mode 100644 index 0000000..435cdec --- /dev/null +++ b/Possible_Server_Names.md @@ -0,0 +1,19 @@ +https://web.archive.org/web/20180815150202/https://wiki.skynet.ie/Admin/SkynetMachines +https://en.m.wikipedia.org/wiki/Category:Fictional_artificial_intelligences + +* agentsmith +* skynet +* caro +* Lowe - https://westworld.fandom.com/wiki/Bernard_Lowe +* ultron +* walle +* eve +* calculon +* deepthought +* earth +* flexo +* bender +* marvin +* kitt +* wopr +* wintermute From cc99fb92ec40aef9de52cf910c0e410c696f9245 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sun, 22 Oct 2023 13:26:17 +0000 Subject: [PATCH 140/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 986c112..6e08131 100644 --- a/flake.lock +++ b/flake.lock @@ -679,11 +679,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1697743642, - "narHash": "sha256-c2CW9BLDzGRAHJGkbxQGYQI6MUKttOGAJrMbXT8eR5Y=", + "lastModified": 1697980757, + "narHash": "sha256-/1wjcnNMwGlERn89tRoI2wa1/viqbXRz26OOiPsdzlM=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Fbackend", - "rev": "6cc97eccb2057d9d2c42955726263fa900f7817a", + "rev": "3f7ac7f9d3237d13e8746f65aa57439549d8e5c2", "type": "gitlab" }, "original": { From 9fd461393642619b365e7ccea0a69c2545033425 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 22 Oct 2023 14:27:42 +0100 Subject: [PATCH 141/826] nextcloud: this is goood enough for now, will have to move server shortly --- applications/nextcloud.nix | 97 ++++++++++++++++++++++++++++++++++++++ machines/optimus.nix | 9 ++++ secrets/nextcloud/pw.age | 15 ++++++ secrets/secrets.nix | 7 +++ 4 files changed, 128 insertions(+) create mode 100644 applications/nextcloud.nix create mode 100644 secrets/nextcloud/pw.age diff --git a/applications/nextcloud.nix b/applications/nextcloud.nix new file mode 100644 index 0000000..8b85073 --- /dev/null +++ b/applications/nextcloud.nix @@ -0,0 +1,97 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.services.skynet_nextcloud; + domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; +in { + imports = [ + ./acme.nix + ./dns.nix + ./nginx.nix + ]; + + options.services.skynet_nextcloud = { + enable = mkEnableOption "Skynet Nextcloud"; + + host = { + ip = mkOption { + type = types.str; + }; + + name = mkOption { + type = types.str; + }; + }; + + domain = { + tld = mkOption { + type = types.str; + default = "ie"; + }; + + base = mkOption { + type = types.str; + default = "skynet"; + }; + + sub = mkOption { + type = types.str; + default = "nextcloud"; + }; + }; + }; + + config = mkIf cfg.enable { + # shove the entire config file into secrets + + age.secrets.nextcloud_admin_pass = { + file = ../secrets/nextcloud/pw.age; + owner = "nextcloud"; + group = "nextcloud"; + }; + + skynet_acme.domains = [ + domain + ]; + + skynet_dns.records = [ + { + record = cfg.domain.sub; + r_type = "CNAME"; + value = cfg.host.name; + } + ]; + + # /var/lib/nextcloud/data + + services.nextcloud = { + enable = true; + package = pkgs.nextcloud27; + hostName = domain; + https = true; + + config = { + trustedProxies = ["193.1.99.65"]; + adminpassFile = config.age.secrets.nextcloud_admin_pass.path; + }; + + extraApps = with config.services.nextcloud.package.packages.apps; { + inherit files_markdown files_texteditor forms groupfolders mail maps news notes onlyoffice polls; + }; + + extraOptions = { + mail_smtpmode = "sendmail"; + mail_sendmailmode = "pipe"; + }; + }; + + services.nginx.virtualHosts.${domain} = { + forceSSL = true; + useACMEHost = "skynet"; + }; + }; +} diff --git a/machines/optimus.nix b/machines/optimus.nix index 095c55c..211a37f 100644 --- a/machines/optimus.nix +++ b/machines/optimus.nix @@ -22,6 +22,7 @@ Notes: in { imports = [ ../applications/games.nix + ../applications/nextcloud.nix ]; deployment = { @@ -60,4 +61,12 @@ in { name = name; }; }; + + services.skynet_nextcloud = { + enable = true; + host = { + ip = ip_pub; + name = name; + }; + }; } diff --git a/secrets/nextcloud/pw.age b/secrets/nextcloud/pw.age new file mode 100644 index 0000000..211565a --- /dev/null +++ b/secrets/nextcloud/pw.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> ssh-ed25519 V1pwNA GHSErc8c9vc/xRJKfYMJLayQL7HxOL8JeGoYo2h6RlI +s7kkNRo60WiIgaiml8dWe8n16T+u8T+yb4W3wwmuqjU +-> ssh-ed25519 4PzZog bbecpnwp/8Si9z0pu77WKcKJm+2MB1zBmVOup6oR5UQ +DUVCb2U8z21cOnMYULXdtmkpwH3MlOuUZFgl1TvRhT0 +-> ssh-ed25519 5Nd93w YHCbzauRkUdRs50+5RhRLBEvlXGsbqBNAjF/S6xBiiQ +xsCA1eICC97DvIQe2Sumb0tM0rvXgpHoWalWZjf9fMI +-> ssh-ed25519 q8eJgg yhKxSY9qxfwhofkrDKUbvORm3T52/CfNtVuDYwn6DGM +G590dtERfI+O7eCTm2mycUsE5PaCUTGaNGGg4bmm1k8 +-> ssh-ed25519 DVzSig 0qqpCx7UbH23wxeJJMK21E8tknH/dnFZCa2dx830fF8 +BphKZzApbyb/QRMpx8cn8Okp/G9glu0l1BdaNGFkeII +-> 9w/.T-grease ^xmu\A /R-"|G ;! +pSeeYWA63jGkK0k2Fd+edOuyks/vMLbxa5eVlx7x4MiyLHiAS/K7QVpbFU0 +--- I8Og0EodMu4gqGxgeNXyA8+VeRYwfOB86mWKXLRoKg8 +}p?8vHk7 ˸/H_T_o}2>~ň A_kP \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index c161ff0..25fddf0 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -86,6 +86,10 @@ let discord = [ kitt ]; + + nextcloud = [ + optimus + ]; in { # nix run github:ryantm/agenix -- -e secret1.age @@ -120,4 +124,7 @@ in { # email stuff "email/details.age".publicKeys = users ++ ldap ++ discord; + + # nextcloud + "nextcloud/pw.age".publicKeys = users ++ nextcloud; } From e03e27c894fded3e9d108d1c175adbde59659902 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 22 Oct 2023 14:39:35 +0100 Subject: [PATCH 142/826] ldap: small bit of a cleanup --- applications/ldap/server.nix | 37 ++++++++++++++++++------------- applications/ldap/skMemberOf.ldif | 18 --------------- 2 files changed, 21 insertions(+), 34 deletions(-) diff --git a/applications/ldap/server.nix b/applications/ldap/server.nix index 2090879..36be133 100644 --- a/applications/ldap/server.nix +++ b/applications/ldap/server.nix @@ -10,6 +10,7 @@ Gonna use a priper nixos module for this }: with lib; let cfg = config.services.skynet_ldap; + domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; in { # these are needed for teh program in question imports = [ @@ -79,7 +80,7 @@ in { }; skynet_acme.domains = [ - "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" + domain ]; skynet_dns.records = [ @@ -97,7 +98,7 @@ in { ]; services.nginx.virtualHosts = { - "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = { + ${domain} = { forceSSL = true; useACMEHost = "skynet"; locations."/" = { @@ -190,29 +191,33 @@ in { olcRootDN = "cn=admin,${cfg.base}"; olcRootPW.path = config.age.secrets.ldap_pw.path; - #olcOverlay = "memberof"; - olcAccess = [ /* custom access rules for userPassword attributes */ - '' {0}to attrs=userPassword - by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage - by self write - by anonymous auth - by * none'' + '' + {0}to attrs=userPassword + by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage + by self write + by anonymous auth + by * none + '' - '' {1}to attrs=mail,sshPublicKey,cn,sn,skDiscord - by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage - by self write - by * read'' + '' + {1}to attrs=mail,sshPublicKey,cn,sn,skDiscord + by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage + by self write + by * read + '' /* allow read on anything else */ - '' {2}to * - by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage - by * read'' + '' + {2}to * + by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage + by * read + '' ]; }; diff --git a/applications/ldap/skMemberOf.ldif b/applications/ldap/skMemberOf.ldif index af4385b..fc3cdf8 100644 --- a/applications/ldap/skMemberOf.ldif +++ b/applications/ldap/skMemberOf.ldif @@ -24,24 +24,12 @@ olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.4.1 EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.5.1 - NAME 'skDiscord' - DESC 'Discord username' - EQUALITY caseIgnoreMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 - ) olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.6.1 NAME 'skCreated' DESC 'When the account was created' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -#olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.7.1 -# NAME 'skEnabled' -# DESC 'TRUE/FALSE' -# EQUALITY booleanMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 -# ) # https://github.com/variablenix/ldap-mail-schema/blob/master/quota.schema olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.8.1 NAME 'quotaEmail' @@ -55,12 +43,6 @@ olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.9.1 EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} ) -olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.10.1 - NAME 'skSecure' - DESC '1 if secure' - EQUALITY caseIgnoreMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 - ) olcObjectClasses: ( 1.3.6.1.4.1.24441.1.1.1 NAME 'skPerson' DESC 'skynet person' From 83b7a142bccb04da22b9b0dece33e1d016bbf25b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 22 Oct 2023 15:00:48 +0100 Subject: [PATCH 143/826] ldap: fix, forgot to update teh may section --- applications/ldap/server.nix | 2 +- applications/ldap/skMemberOf.ldif | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/applications/ldap/server.nix b/applications/ldap/server.nix index 36be133..107c3f9 100644 --- a/applications/ldap/server.nix +++ b/applications/ldap/server.nix @@ -204,7 +204,7 @@ in { '' '' - {1}to attrs=mail,sshPublicKey,cn,sn,skDiscord + {1}to attrs=mail,sshPublicKey,cn,sn by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage by self write by * read diff --git a/applications/ldap/skMemberOf.ldif b/applications/ldap/skMemberOf.ldif index fc3cdf8..12b981e 100644 --- a/applications/ldap/skMemberOf.ldif +++ b/applications/ldap/skMemberOf.ldif @@ -48,5 +48,5 @@ olcObjectClasses: ( 1.3.6.1.4.1.24441.1.1.1 DESC 'skynet person' SUP top AUXILIARY MUST ( skMail $ skCreated ) - MAY ( skMemberOf $ skID $ skDiscord $ quotaEmail $ quotaDisk $ skSecure ) + MAY ( skMemberOf $ skID $ quotaEmail $ quotaDisk ) ) From d87a7dcdfe150c284bfe550e07e034d4c09e36dc Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sun, 22 Oct 2023 16:45:44 +0000 Subject: [PATCH 144/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 6e08131..237de85 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1697300433, - "narHash": "sha256-8UK1CHBeaADEwqW6T0gJu5F6ydKe3auqrsZAKy551+0=", + "lastModified": 1697993126, + "narHash": "sha256-GwuYt20MwyM5IMW5yurlTqpsw2AmGq7HfZH+oGMoYaM=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations", - "rev": "64c7b24ff78637d9179d04f73189e76ad5d71beb", + "rev": "a49b85236858ff9ec26222b5b726226691dc7eac", "type": "gitlab" }, "original": { From 263570154f0e898dc589c06640373920c5dbf40e Mon Sep 17 00:00:00 2001 From: Milan Kovacs Date: Sun, 22 Oct 2023 20:38:24 +0000 Subject: [PATCH 145/826] Added tryFiles to locations for angular routing --- applications/skynet_users.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/applications/skynet_users.nix b/applications/skynet_users.nix index 7a24b03..d90d7df 100644 --- a/applications/skynet_users.nix +++ b/applications/skynet_users.nix @@ -78,6 +78,7 @@ in { alias = "/home/$user/public_html/"; index = "index.html"; extraConfig = "autoindex on;"; + tryFiles = "$uri$args $uri$args/ /index.html"; }; }; }; From badcce6e383c6759fdd4c824c3fbd42e3530abb4 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 22 Oct 2023 21:10:06 +0000 Subject: [PATCH 146/826] feat: Seeing if mailmap works --- mailmap | 1 + 1 file changed, 1 insertion(+) create mode 100644 mailmap diff --git a/mailmap b/mailmap new file mode 100644 index 0000000..1aaf5b3 --- /dev/null +++ b/mailmap @@ -0,0 +1 @@ +Brendan Golden \ No newline at end of file From e1f8d580c73021b0072662985c3645db8c44a08e Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 23 Oct 2023 11:43:00 +0100 Subject: [PATCH 147/826] email: add the root inbox --- applications/email.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/applications/email.nix b/applications/email.nix index 5cf2aaf..d970d28 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -261,6 +261,7 @@ in { lmtpSaveToDetailMailbox = "yes"; extraVirtualAliases = { + "root@skynet.ie" = create_skynet_email_admin "root"; "abuse@skynet.ie" = create_skynet_email_admin "abuse"; "accounts@skynet.ie" = create_skynet_email_committee "accounts"; "compsoc@skynet.ie" = create_skynet_email_committee "compsoc"; From ec3451d2c73443a2a92c0382e78ff05c1735b35d Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 23 Oct 2023 11:46:52 +0100 Subject: [PATCH 148/826] email: internal inboxes are now prefixed with int --- applications/email.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/email.nix b/applications/email.nix index d970d28..8d86b28 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -18,7 +18,7 @@ with lib; let create_skynet_email = accounts: mailbox: (map (account: "${account}+${mailbox}@skynet.ie") accounts); - create_skynet_email_admin = mailbox: (create_skynet_email config.skynet.users.admin mailbox) ++ ["${mailbox}_int@skynet.ie"]; + create_skynet_email_admin = mailbox: (create_skynet_email config.skynet.users.admin mailbox) ++ ["int_${mailbox}@skynet.ie"]; create_skynet_email_committee = mailbox: (create_skynet_email config.skynet.users.committee mailbox) ++ ["${mailbox}_int@skynet.ie"]; in { imports = [ From 13eeead3546cc6ad99df895df9e1035ca8df5d7f Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 23 Oct 2023 11:55:07 +0100 Subject: [PATCH 149/826] email: really need to remove duplication --- applications/email.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/email.nix b/applications/email.nix index 8d86b28..898bb5e 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -19,7 +19,7 @@ with lib; let create_skynet_email = accounts: mailbox: (map (account: "${account}+${mailbox}@skynet.ie") accounts); create_skynet_email_admin = mailbox: (create_skynet_email config.skynet.users.admin mailbox) ++ ["int_${mailbox}@skynet.ie"]; - create_skynet_email_committee = mailbox: (create_skynet_email config.skynet.users.committee mailbox) ++ ["${mailbox}_int@skynet.ie"]; + create_skynet_email_committee = mailbox: (create_skynet_email config.skynet.users.committee mailbox) ++ ["int_${mailbox}@skynet.ie"]; in { imports = [ ./dns.nix From 53dd24bd1b723e81aa3f601e5f4a261e87e17cd1 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 23 Oct 2023 13:17:40 +0100 Subject: [PATCH 150/826] email: improve how aliases are handled --- applications/email.nix | 42 ++++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/applications/email.nix b/applications/email.nix index 898bb5e..f7ac0ae 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -16,10 +16,12 @@ with lib; let # thought you could escape racket? create_filter = groups: create_filter_join (create_filter_array groups); - create_skynet_email = accounts: mailbox: (map (account: "${account}+${mailbox}@skynet.ie") accounts); - - create_skynet_email_admin = mailbox: (create_skynet_email config.skynet.users.admin mailbox) ++ ["int_${mailbox}@skynet.ie"]; - create_skynet_email_committee = mailbox: (create_skynet_email config.skynet.users.committee mailbox) ++ ["int_${mailbox}@skynet.ie"]; + # using +mailbox puts the mail in a seperate folder + create_skynet_email_int = accounts: mailbox: (map (account: "${account}+${mailbox}@skynet.ie") accounts); + groups_to_accounts = groups: builtins.concatMap (x: config.skynet.users.${x}) groups; + create_skynet_email_attribute = mailbox: groups: (create_skynet_email_int (groups_to_accounts groups) mailbox) ++ ["int_${mailbox}@skynet.ie"]; + # { mailbox = [users]} + create_skynet_email = mailbox: groups: {"${mailbox}@skynet.ie" = create_skynet_email_attribute mailbox groups;}; in { imports = [ ./dns.nix @@ -260,22 +262,22 @@ in { lmtpSaveToDetailMailbox = "yes"; - extraVirtualAliases = { - "root@skynet.ie" = create_skynet_email_admin "root"; - "abuse@skynet.ie" = create_skynet_email_admin "abuse"; - "accounts@skynet.ie" = create_skynet_email_committee "accounts"; - "compsoc@skynet.ie" = create_skynet_email_committee "compsoc"; - "contact@skynet.ie" = create_skynet_email_committee "contact"; - "dbadmin@skynet.ie" = create_skynet_email_admin "dbadmin"; - "dnsadm@skynet.ie" = create_skynet_email_admin "dnsadm"; - "hostmaster@skynet.ie" = create_skynet_email_admin "hostmaster"; - "intersocsrep@skynet.ie" = create_skynet_email_committee "intersocsrep"; - "mailman@skynet.ie" = create_skynet_email_admin "mailman"; - "security@skynet.ie" = create_skynet_email_admin "security"; - "sysadm@skynet.ie" = create_skynet_email_admin "sysadm"; - "webadmin@skynet.ie" = create_skynet_email_admin "webadmin"; - "pycon2023@skynet.ie" = create_skynet_email_committee "pycon2023"; - }; + extraVirtualAliases = + {} + // create_skynet_email "root" ["admin"] + // create_skynet_email "abuse" ["admin"] + // create_skynet_email "accounts" ["committee"] + // create_skynet_email "compsoc" ["committee"] + // create_skynet_email "contact" ["committee"] + // create_skynet_email "dbadmin" ["admin"] + // create_skynet_email "dnsadm" ["admin"] + // create_skynet_email "hostmaster" ["admin"] + // create_skynet_email "intersocsrep" ["committee"] + // create_skynet_email "mailman" ["admin"] + // create_skynet_email "security" ["admin"] + // create_skynet_email "sysadm" ["admin"] + // create_skynet_email "webadmin" ["admin"] + // create_skynet_email "pycon2023" ["committee"]; # use the letsencrypt certs certificateScheme = "acme"; From 827b109a250158a18060c1a4bef11cdb59c80b07 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 23 Oct 2023 14:03:23 +0100 Subject: [PATCH 151/826] email: add two mailboxes for topdesk --- applications/email.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/applications/email.nix b/applications/email.nix index f7ac0ae..7bbf786 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -277,7 +277,9 @@ in { // create_skynet_email "security" ["admin"] // create_skynet_email "sysadm" ["admin"] // create_skynet_email "webadmin" ["admin"] - // create_skynet_email "pycon2023" ["committee"]; + // create_skynet_email "pycon2023" ["committee"] + // create_skynet_email "skynet_topdesk" ["admin"] + // create_skynet_email "topdesk" ["admin"]; # use the letsencrypt certs certificateScheme = "acme"; From d2ece41ace01dd3bfe1b63c55bdb8444471f4230 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 23 Oct 2023 18:29:22 +0100 Subject: [PATCH 152/826] email: this will allow folks with permission to send mail as the service accounts --- applications/email.nix | 122 ++++++++++++++++++++++++++++++++++------- 1 file changed, 101 insertions(+), 21 deletions(-) diff --git a/applications/email.nix b/applications/email.nix index 7bbf786..924d7ec 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -17,11 +17,104 @@ with lib; let create_filter = groups: create_filter_join (create_filter_array groups); # using +mailbox puts the mail in a seperate folder - create_skynet_email_int = accounts: mailbox: (map (account: "${account}+${mailbox}@skynet.ie") accounts); + create_skynet_email_int = accounts: mailbox: (map (account: "${account}@skynet.ie") accounts); groups_to_accounts = groups: builtins.concatMap (x: config.skynet.users.${x}) groups; create_skynet_email_attribute = mailbox: groups: (create_skynet_email_int (groups_to_accounts groups) mailbox) ++ ["int_${mailbox}@skynet.ie"]; - # { mailbox = [users]} - create_skynet_email = mailbox: groups: {"${mailbox}@skynet.ie" = create_skynet_email_attribute mailbox groups;}; + create_skynet_email = mailbox: groups: { + name = "${mailbox}@skynet.ie"; + value = create_skynet_email_attribute mailbox groups; + }; + create_skynet_service_mailboxes = builtins.listToAttrs (map (mailbox: (create_skynet_email mailbox.account mailbox.members)) service_mailboxes); + + create_config_to = concatStringsSep "\",\"" (map (mailbox: "${mailbox.account}") service_mailboxes); + + service_mailboxes = [ + { + account = "root"; + members = ["admin"]; + } + { + account = "abuse"; + members = ["admin"]; + } + { + account = "accounts"; + members = ["committee"]; + } + { + account = "compsoc"; + members = ["committee"]; + } + { + account = "contact"; + members = ["committee"]; + } + { + account = "dbadmin"; + members = ["admin"]; + } + { + account = "dnsadm"; + members = ["admin"]; + } + { + account = "hostmaster"; + members = ["admin"]; + } + { + account = "intersocsrep"; + members = ["committee"]; + } + { + account = "mailman"; + members = ["admin"]; + } + { + account = "security"; + members = ["admin"]; + } + { + account = "sysadm"; + members = ["admin"]; + } + { + account = "webadmin"; + members = ["admin"]; + } + { + account = "pycon2023"; + members = ["committee"]; + } + { + account = "skynet_topdesk"; + members = ["admin"]; + } + { + account = "topdesk"; + members = ["admin"]; + } + ]; + + configFile = + pkgs.writeText "basic_sieve" + '' + require "copy"; + require "mailbox"; + require "imap4flags"; + require ["fileinto", "reject"]; + require "variables"; + require "regex"; + + # this should be close to teh last step + if allof ( + address :localpart ["To"] ["${toString create_config_to}"], + address :domain ["To"] "skynet.ie" + ){ + if address :matches ["To"] "*@skynet.ie" { + fileinto :create "''${1}"; + } + } + ''; in { imports = [ ./dns.nix @@ -262,24 +355,7 @@ in { lmtpSaveToDetailMailbox = "yes"; - extraVirtualAliases = - {} - // create_skynet_email "root" ["admin"] - // create_skynet_email "abuse" ["admin"] - // create_skynet_email "accounts" ["committee"] - // create_skynet_email "compsoc" ["committee"] - // create_skynet_email "contact" ["committee"] - // create_skynet_email "dbadmin" ["admin"] - // create_skynet_email "dnsadm" ["admin"] - // create_skynet_email "hostmaster" ["admin"] - // create_skynet_email "intersocsrep" ["committee"] - // create_skynet_email "mailman" ["admin"] - // create_skynet_email "security" ["admin"] - // create_skynet_email "sysadm" ["admin"] - // create_skynet_email "webadmin" ["admin"] - // create_skynet_email "pycon2023" ["committee"] - // create_skynet_email "skynet_topdesk" ["admin"] - // create_skynet_email "topdesk" ["admin"]; + extraVirtualAliases = create_skynet_service_mailboxes; # use the letsencrypt certs certificateScheme = "acme"; @@ -320,6 +396,10 @@ in { ]; }; + services.dovecot2.sieveScripts = { + before = configFile; + }; + # tune the spam filter /* services.rspamd.extraConfig = '' From e7d1854de4a31ae5519f8afd32e3bf919c0a3f7a Mon Sep 17 00:00:00 2001 From: runner_nix Date: Tue, 24 Oct 2023 16:43:40 +0000 Subject: [PATCH 153/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 237de85..c7a3a12 100644 --- a/flake.lock +++ b/flake.lock @@ -679,11 +679,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1697980757, - "narHash": "sha256-/1wjcnNMwGlERn89tRoI2wa1/viqbXRz26OOiPsdzlM=", + "lastModified": 1698165801, + "narHash": "sha256-aqZx09OwJwXB4SG8KG2m0eiHVXB/l4oTKMMz8Yr6XaQ=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Fbackend", - "rev": "3f7ac7f9d3237d13e8746f65aa57439549d8e5c2", + "rev": "a43c8c363e694bac30847a1a51e75704554c9824", "type": "gitlab" }, "original": { From 91f7fec824bc2b57e9a4cf85201d5965ead4f067 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Tue, 24 Oct 2023 16:52:46 +0000 Subject: [PATCH 154/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index c7a3a12..7dbb86e 100644 --- a/flake.lock +++ b/flake.lock @@ -657,11 +657,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1696234972, - "narHash": "sha256-8Syf1OEUBmaaApKsjkp0bVX4AjVkm64aGZKzoRn7wGM=", + "lastModified": 1698165887, + "narHash": "sha256-eHmW39g6m+OlgAqPkRL4FKGKEkD/Ot/+OYGatDZxg3M=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "b0028959ff83c3fcc39410496fe2017b8772aff8", + "rev": "4125ad634f7b83a026784301c0088f09521330f5", "type": "gitlab" }, "original": { From bb346e294fc8fc795746693b6f3bf16ce5530007 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 24 Oct 2023 18:53:06 +0100 Subject: [PATCH 155/826] email: handle junk mails better --- applications/email.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/applications/email.nix b/applications/email.nix index 924d7ec..05ee8d0 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -111,7 +111,12 @@ with lib; let address :domain ["To"] "skynet.ie" ){ if address :matches ["To"] "*@skynet.ie" { - fileinto :create "''${1}"; + if header :is "X-Spam" "Yes" { + fileinto :create "''${1}.Junk"; + stop; + } else { + fileinto :create "''${1}"; + } } } ''; From 2dcae4df6d2d6d75b56df6bd741850f254da47c2 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Wed, 25 Oct 2023 17:40:45 +0000 Subject: [PATCH 156/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 7dbb86e..03302db 100644 --- a/flake.lock +++ b/flake.lock @@ -679,11 +679,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1698165801, - "narHash": "sha256-aqZx09OwJwXB4SG8KG2m0eiHVXB/l4oTKMMz8Yr6XaQ=", + "lastModified": 1698255058, + "narHash": "sha256-qtvTnfL0XXZWA+I14D9eRL9Ir2G6WhIkRSiRV7GOfdw=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Fbackend", - "rev": "a43c8c363e694bac30847a1a51e75704554c9824", + "rev": "20d79e427afa460b13ef7d986d5d351548a5c91e", "type": "gitlab" }, "original": { From 7f647679916fac6d4ad1f3d4ba9fdf572b2f793a Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 25 Oct 2023 19:27:34 +0100 Subject: [PATCH 157/826] fix: remove the nextcloud stuff that was here for testing --- machines/optimus.nix | 9 --------- 1 file changed, 9 deletions(-) diff --git a/machines/optimus.nix b/machines/optimus.nix index 211a37f..095c55c 100644 --- a/machines/optimus.nix +++ b/machines/optimus.nix @@ -22,7 +22,6 @@ Notes: in { imports = [ ../applications/games.nix - ../applications/nextcloud.nix ]; deployment = { @@ -61,12 +60,4 @@ in { name = name; }; }; - - services.skynet_nextcloud = { - enable = true; - host = { - ip = ip_pub; - name = name; - }; - }; } From b8b7f09b9fed416e0f3de70c2ca77b156c7ceb52 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 25 Oct 2023 19:28:09 +0100 Subject: [PATCH 158/826] feat: created CADIE --- flake.nix | 3 +++ machines/cadie.nix | 62 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+) create mode 100644 machines/cadie.nix diff --git a/flake.nix b/flake.nix index 9b85efa..9ee5d65 100644 --- a/flake.nix +++ b/flake.nix @@ -149,6 +149,9 @@ # Main skynet sites earth = import ./machines/earth.nix; + + # Nextcloud + cadie = import ./machines/cadie.nix; }; }; } diff --git a/machines/cadie.nix b/machines/cadie.nix new file mode 100644 index 0000000..e7c045b --- /dev/null +++ b/machines/cadie.nix @@ -0,0 +1,62 @@ +/* + +Name: https://en.wikipedia.org/wiki/List_of_Google_April_Fools%27_Day_jokes#CADIE +Why: CADIE is what google could have been, but they chickened out. +Type: VM +Hardware: - +From: 2023 +Role: Google but better +Notes: +*/ +{ + pkgs, + lib, + nodes, + ... +}: let + # name of the server, sets teh hostname and record for it + name = "cadie"; + ip_pub = "193.1.99.77"; + hostname = "${name}.skynet.ie"; +in { + imports = [ + ../applications/nextcloud.nix + ]; + + deployment = { + targetHost = hostname; + targetPort = 22; + targetUser = null; + + tags = ["active"]; + }; + + skynet_dns.records = [ + { + record = name; + r_type = "A"; + value = ip_pub; + server = true; + } + { + record = ip_pub; + r_type = "PTR"; + value = hostname; + } + ]; + + services.skynet_backup = { + host = { + ip = ip_pub; + name = name; + }; + }; + + services.skynet_nextcloud = { + enable = true; + host = { + ip = ip_pub; + name = name; + }; + }; +} From a5bf6df79a20640652e1861bc6ab3eeb1570814f Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 25 Oct 2023 19:28:28 +0100 Subject: [PATCH 159/826] feat: rekeyed with CADIE --- secrets/backup/restic.age | Bin 2028 -> 2191 bytes secrets/backup/restic_pw.age | Bin 839 -> 846 bytes secrets/discord/ldap.age | Bin 1196 -> 1178 bytes secrets/discord/token.age | Bin 885 -> 842 bytes secrets/dns_certs.secret.age | 60 ++++++++++++++-------------- secrets/dns_dnskeys.conf.age | Bin 1016 -> 922 bytes secrets/email/details.age | 42 +++++++++---------- secrets/gitlab/db_pw.age | Bin 832 -> 923 bytes secrets/gitlab/ldap_pw.age | 31 +++++++------- secrets/gitlab/pw.age | Bin 877 -> 826 bytes secrets/gitlab/runners/runner01.age | Bin 784 -> 827 bytes secrets/gitlab/runners/runner02.age | Bin 876 -> 856 bytes secrets/gitlab/secrets_db.age | Bin 924 -> 909 bytes secrets/gitlab/secrets_jws.age | Bin 2495 -> 2440 bytes secrets/gitlab/secrets_otp.age | Bin 835 -> 875 bytes secrets/gitlab/secrets_secret.age | Bin 922 -> 811 bytes secrets/ldap/details.age | Bin 1318 -> 1227 bytes secrets/ldap/pw.age | Bin 1074 -> 1031 bytes secrets/nextcloud/pw.age | 29 +++++++------- secrets/secrets.nix | 7 +++- secrets/stream_ulfm.age | Bin 2977 -> 3003 bytes 21 files changed, 88 insertions(+), 81 deletions(-) diff --git a/secrets/backup/restic.age b/secrets/backup/restic.age index 9cf5b4611ec17db99e4f869d98be53a1b30af91e..0800d91e6829266cfa4b9febff4d4f72a87ced45 100644 GIT binary patch literal 2191 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5tlZ@yadB zk18wjF-!6BH;d4(EI0JDG&GA!OfReObI&o%tH^TBj7ZIPHQ}nv3p5H&^UMyk@XaeP zakdN#u?S9eH!Lu6$|%iCOf@Js^o?{+F*PX3^+mVMB%mrPKV8AsvM3@)-#N|2EhyPD zEVMYk)HBB`G|)dK$0@{DyCl-bFt0QuqS7}o*MiH!Jt8zE(plfk+b=sUs?5dLH6$|0 z-8U=K$H_3zue6}TyuduQ$jG81G9TSGQ@<2T<8lR)h{A9uOW%SdfAduR3jdG@cPGb! zQtz@Xvz(lwu;55b1NXd?{BVze9AB>Nh^WY%@)83Vv&7sq{Qy5R`(#Sa9FxAkU?+W7zgQ}8rVk{xp#g92Tu zTv9{B9h3Df{EdvugUj-aB0`)pLJTTgG6T}h3XF3sA~Vyu^s@~EeR4CiBdP+73!I9Q zjPop$Bm66a3!Kxk{6hlu6VnQe96ckA6BEnPZF32$3eHSd$j-?y@GcHZayBc~4s{AN zcTY@9&MVK%^>;E%2{BD}4K)wWFEUJbt#mBsN{sLeaSROh^bPT^@<4P z_p|i(EXzwPH!H31$xZdoNOHqSC8beSPR8j9+L?x4X%QZ&exc!IrD>HJE{=hb2Ck((9?6cLDOp**QTbl} zhT26*1?fpuNf8*Sq_Qm7GO1j_JSxc0x46>1%)`X6JWt=tJTs`=v?RjOMLWtptg<|> z$}~7wzue3u$S9dBBHb(}G}x)i&nMC~HOSS^ufQxPyvjYwH@76HG{w8n*DW*H*e6*( zFc>4=JgXdi3mp}L%k{lXoI;aLl0(d#y}WZR{0yV=%%VcQ(jv2pQoVCcQ?eaXv(0it zs{*+q(k#pJN{b7U3(|9)BPxUaOe%8y&6CPKjs3jC!;{>yi-U}_i$e@7(=l?lN0LEi zL7+lnmQ$2hh^K!+k$Y%nzPWy`euz_{r*>qyn^9((k()=bqrRDuc2!P(h9g(Ge^z*E zVQ@%xWJGYjm!+ArQDvY@KuT(1rb(`6RJetYUs0g1V`P<|0Y=G{>z$>YS*{S6=jK>$ zk?fviX;S1;WaML+YvdE@V-et#kssh$l@%Cbk`rK{AMO(BYQSY;9F*;6R-TsZZEWEa zQBdwwrSBM+l#ZSzg9}}pavc@?D=h-DEu!?Z&AgK` zB8r_nqf$L0wOvfi+={a@eSJgpowD4@0$e?PD$}`g+;g_?eDfSld_t0)O{=`} zaw_uDj1%26vck(UaWScQ*QzKecEwyT#@WJYFql7DWfx1m{R zMR8zo88~ZTW^CKjhEltuUi)hfj0+A3r!c*ZAlS*GNaMuwW_Ihtl=8=0D= z6&iSXIu&?FM&?C@=V|ALrKBhN=9_0m8kU+DRRv_{CF_^u>sR=sggSER>gp;)7^Y=s zmR6P~n!7}L2Ko3!g=Pm7nWq#+6o+}4r{+Xt2f2lK`Q)WK=2&nU-(-#UI>77xhVOKU z8uO7UN)?GMsd>ebm5DNUUtewe{+2a&wz1j_RYRr@ms2b~Gc+&MF=$r0H@0Za5qFa< zGrt&9mnWsjRX9Jxr{P(OjKKfHMhk8=KDykl>M>pVr(%@C`InYULmNMCx%lgHVP7qC zX6-BYdxiexA4-Ca% literal 2028 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5zLGb~4Zo z%g@nvN;mfNbqmU|ND3>?DmU;>PWAImH1!QBF)1m?bxJJH^5iPWiZH7P3Ut(t@+b~A zDRA}o@eB>|jmoh!jq)n-t+dcC(e|;72q@3=2t~KeB%mrPKV2cmGf3OByf7fMLO-CQ zz}dyI%A~R?I4U;9 znT4czM56mGDIl%TBwfKGxil~=(9<%!B3wT!B|O~M$KTw`sLIGhJ2$(`veM1bG0M{2 z$ju}#*n~?zGC3@xtR&Ij)F30O)o?MC9 z{)Xv6S)uN}sRqu*Y34;qQOWM^iG{{N`p(8h#ZmednMuBm9wx?x7`BxeMH*N-DwrEP zg?QwZ1z2QPdC!1HL`@31D8R&<(n9r+7+3hF=lhuX8K#>k!}`+g=Qv!*;bYUBS#VGc?~l%e}JF(xu8M-M7j#*SsjoF`~-b zGtE0g+ut=iDj?j{BsaV~n=47%)!j(H+&$d2GBC}oBqgidFr%m>-y|}`Fu)~HJKHb4 z%-hi-D8ezx0NrnuWxIw}MPq*WQXxcaBM6{e*I8&{ZDM5L7)I);@*mSyLfr8-v@hlfNJhZmGZ zcyeU~`dE7Uo4E(4_!ftmIC~iQR|RW(7rT@@ntBJ62Pfrd>j!0}l^PZ$I-=X=kz|lr z5U610<{M%hn3e*5kaOtW-dv-sjld@g}R!hB?l@v<`-E+2I-q;C1n`p`TLe<`I}UF z6;?(Xc!l`*l{=O&dE z2Id6j?Z1C#fbxYuH&tGB L{A#la;nV~G-!+`v diff --git a/secrets/backup/restic_pw.age b/secrets/backup/restic_pw.age index 33ed98a472218e755ac680990eabb66a8ad133b2..17c903f11ab3284bb56b876810d5ce3e56b131c7 100644 GIT binary patch delta 757 zcmX@kc8+a=PJM*Aafn}Op`)v7fVn|rQGu6{QF>yQM~P>0X@Rz5Xk}KON1kgyP&iZoye4xt`tzN#O;CiNTfz9-ajuRgw9Y;RWIPPNvD)d0F{f;T~1S zA^xQLa>D}LwaqOm5+jQzpJf!UH?4HhuJX#%ch+`t^9ys&%gi@$ zt;|i&D-H6viKVMIBXhlRg;nO~7xZn3s`MPj6vk!PxzPgb}Em#(g^f^lU~mA7%A zrBjZ-env$`W{P%*X`!1(QeIfHfqzE2X>d-GV@hRYgu7o_IajjC_is$5^>3E6lq96B zeRtozFyku+x6j&7UDy8C`8>S8^LzQjp3q5Ko%if1*GSLM;oMp|KY3osyFkH~UBCJ7 peu|!3(3LoI&Id#1C3|n(+1|D9_}7F7{|tVeoXnKj+4Ar}E&!E~4yynF delta 750 zcmX@dcARa3PJNh9W`;{qx_44aw!XJndRnEwey*oacDAcusEJQnYL0hAvSo>xM^vFx zBv-hzS(16WV@j53X=!d+j;C`+4P3n~3r!N!4a}2MiyWiUgZ%?ceF}{Ya&imPLIZud!h8Y(0#Y)gjIxufJiH@J zlk>8Z%>&&6eWEHtO^b5U(hD4&N;0d`9aEDhpJf!U4+=L54k-;!ugWSbO$+w%jBp7l zb*|9Xb}97s&eGTR&8jRhHOmQh&v!B4DziumDGYGV_9=98t}L_&c60WO(k?GbDG6~m z%kvI0ODZb}4R4UP6mNC-Pk3HOW*ToZM&tp;LaU? zyDj^_FNprPY0YZmA3whYAI|n)CU@&*vQgiKFtK&-UT%;|tCL;!cgYjx_vHq`yVstz iO4-=hq9JI`_Vd6o?(F|R-d?jzzH;V>AlHGF6WsxQ_XzO- diff --git a/secrets/discord/ldap.age b/secrets/discord/ldap.age index 78c897de046d315abc16e1910a0fbc2f66b3d56e..3e8660a2b38f109f03e6a31601c5724c82f824f6 100644 GIT binary patch delta 1072 zcmZ3(Ig4|GPJKmAh-X${TAH>~K&p>XsH?N1L8W7)TZnIPNK#l~o}+d^h@W|mW16c` zHdkJ#b6`|pXqZK1N_J9uepH4>SiWJVrK^dhe|mU^nU{-YsCJ}FlE1mX1(&X!LUD11 zZfc5=si~o*f=NJCRDQaGQMr4DTcEK?XttY$cSTh}kXujue)P}qfcJ> z#E;_PJ|Teth2EZNVUF3!L6Q1-CT>p2B_%ngN#Q|dKHg!*rrBZH&gp3p8NsexX|6#j zDN&AQf!_X=Zo&EKLBSEFhPkO8p>Byuo^I(`>1H{>VTt|OwI@?v+yxX zclAmM3O39M4{;2z$j?nSu+%p+c6R0Rbn_@JEbulf4$(F$GB!*1$}-Y+_6haMat(4V z%df~vi;N1a%rY!2Ne@MjfYPWcC*yPl?bI^M!1OeO(6ov?1Lxwh@XUH=qayE+LSJ{k z98aV4)RLm$r1HcR?Gz&eE(@npQ@_L%|HP70iu|j1xV)iw!ePLenxVT~h<{Jd=uD0^B_^va`Y*ok9Wv zP4v?f%}WCf^SS)}Dhz#GJY0iAy!}FaLMDiCp*U^*VHMrzPK{a(=b0L%-NAkS65ddF}uKDJKM`K z)w3|)JTfD~*R8nR%)qiLTR-2+&nzG-Br38f%Q>acH^YR>OkQ&0k5Dn2ru>txVQoEo zR-K+bXMzR)zr^M~-_8GcqE4ybj+k=h_UGVfnqmh#Sj96xR^9k&&$8skOXcHs^UWSP z`1wxB^ZIuG+s6s(<&E4g9-ijA)J?`KlgUdhPFTt?((bD4YoobkkHqrdx?Is_Qop|T z`dzE#b9t=_%nqzgI(M~U@yb6X%7?h-H156dr%17Qa(ddf$d4O-229RtzY};)rFg*^ Vi!_ceHoK}f?#SJ8^PlBqEdUF!dZ7RS delta 1091 zcmbQmxrTFsPQ96TnPregx=CbyRLb6HV(hJI>#NU2e|m%E{5rAwkuo@Kscifc-_PibOhI+w1ULUD11 zZfc5=si~o*f=NJCRDQaGk#kyZslRb>r9o7nb8eR6-1!ejbfu&|uu7>`GQ5886RhhnAzCONT z78QXdA%-q_#;%sZ=~X3Vl};WenZ{wJoY_bt-cW zPN@oV3r_J)OL6t8tnlSRi-6LoDktM~g^IH9inJ1K->Ag=BJ&6zPXo{TaF0sk9DVmv zKkuB-s^Zc>7qd_kFQ2f?P%h(A%g}6-!i=IqW0xfT;8crBf7dJz1NVw#H~)y@(3HSr zH~p+~v+OcY4C_3S3^EG>6(an7a?;#FQ;eMo1JcW#olJd7Go14h-A$ZJ_0xljQ%r)q zOwyeET}mU|47jS&^HQ~a%~FEXJk3Hq!#&)*JoQWcTs@qI3%*&6=aC8hQ%&ai2a`Pzli%fU%Pfv>ob>%A4 zwkS0=N=f(1b2RWVjL6CKDzWe_GOMsmGK$Ks^w&1?i!cm{3NbJWbOnW+Z=}9Xcxqr&KxIl&UO_~r zQMhYrDwnRVu0m!;N{VBYfp?m@saZg}Pe!4aS!h_Qv8Q%HwnvJ)k427Odbp*BZ)vWn zBiB-P*5uNY-bXwb>eE%zFNV*!WAlXP(7QPYrk<2P-OFD8Z}O*aE3`|#M2TEo!Vti^ z(~+b8UiSl)B%O2f9AviHCEqAHb#2R{4E_mOlFOEc$o=0sCF|;nbm>JRe^oO2-*oCb ztN%6lxF>dFh5ycT$BtTlB oyDV;<=lv97J1Hgp+>50znI4&$ISE)!w8-S2C@*kB{U#$P0NOx&hX4Qo diff --git a/secrets/discord/token.age b/secrets/discord/token.age index 44604c6285b445dad2b4cfeebc0f948c55aa2dd2..0360dfb4c01466d527c2649e40c0547c76aa7db5 100644 GIT binary patch delta 753 zcmey$c8YC+PQ7Vik#D|{xo>)Io@GH%esFlQlT)E@aAjV2WtL;8p|(kGPO(#HkWX+` zC|6ZxV2V*vkxM{{LAFUrh+k2@iAQFxt80*@rHiGHQ(|ywcCe#ga9C(~IhU@TLUD11 zZfc5=si~o*f=NJCRDQaGZ+=#RcThn{YHo@}hIUy%o?Dhvk#=a6Q*fb&yLox8SAdhY zU!|$Le_B{MSD2Z5zF$sKfsvWFn_FpVdRSPozOi{=nn7MgRYX>$Z+>Nldt$zMVvuY0 z#E;_Pk>x>wnU>z^Nd_(^sir~sRbGZE0Ulu%-pOTwNy(LA>FF+JL1tz86`3Ynna)n- zhB1h@bNj}As;~B-n!+Zl1jZ*U} zQ<5{XLsI;mgHjW7T+@oo91HX_ObW~W{ajrw9U~1)Ohm%*@L7E4B>xPRj@d#X!7ndQoa(aVl42V18CqU}j`uiMxBYf0}QuX>n$7Qh-su zV|IO^i;KHYvXfV2rKf2|gj0~adqhBmQ;9`JVQNKslwo0pWl&lrm%f>yWtCToxp8W- zxnsCVd2+s+p>|k$cu_i+uCA^^pnh&hL~4dpwrh@Ivb%?Kfv-VuSzwuGo^Pa|v0sY0 zcY29&u3uP~S%wAIn`>&Wlq^=Ko&z?1<)#>tzX>?;YN|C_zIu=6pz%9k+o{ZA8cQ84Kdi{kpt+V$rWj mO;-<9F5Y)SmGfZ88~$?){rMGj`S-Sq-#@a-IdS6ZA8!GzK@pVz delta 797 zcmX@b_LXgdPJLR0uR)4mV5mu;sh_V?fRC?fcByunxl>3+p;vmQv6*91NOG}3vTJ~c zBUiGyyFsd@zn5D@R+7H6k57fGw?%MhWlpNLWw?>PV`@OSk)u(#UtV#d374*&LUD11 zZfc5=si~o*f=NJCRDQZbfPaCup^5wQd+KOv9WhSpPp+&yu z#E;_PImy9hrsZD2VPTe`mEI)<9;MEOVUZzO+L5Kc6^5xv;i0}oMfv4!`B}bPrrG+z z`YEXy!RbLc$p#i-9sw?S&fdkoz9ks}zIhpy`B5&pd3nJmMt-4_;~B-na~&hxee!ah zoFg(zO$~i4v&%CIiw#QyEh=+-9SaS;%d>KlJR;2UErWfza$HOELP9J2oRh;N4Km%+ zEzE*kjVePUBhw0V^4z1$0)xx*%u@3ME%l2hpJf!UuMG1{%TG1Vb15@Ra*51L%*YBb zHZKe{EwjkV_pC7Y&CDrw@eInW@O87`$}i4MDvOA4bt=yCarY|F36$hP$MNe|C1 zs4C7i@T(}uw+Knh%=0w>#elnRdQoa(aVnRuxuc(DN~vLBnuWe+YFMP9d6YqAdUBR= zKyiIuaI#-&g@=)OZoZ3GPKIxIPNt={r>jMVyM={YsCR@*aByA-S5QQiyI-ZTp@m0r zUQS4QhNT^3tx=~(5ly+u%u5Un5 zBA1V4aUqwkuC9VZ0we2pZ}W+9(R~y6m+CvwnfspZqXwPPkNkRcqaXlsPLBa6EZXBtZiKXbZ!EJ z%raBWP3s=*`4@6#&+$dN{VRIb%6C_95>aR e)-3c|WTl2fO4y=?rT6Y%__s*=REy`kmwf=kmmBZ^ diff --git a/secrets/dns_certs.secret.age b/secrets/dns_certs.secret.age index 0f8e664..9a01683 100644 --- a/secrets/dns_certs.secret.age +++ b/secrets/dns_certs.secret.age @@ -1,30 +1,32 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA 7OinLTy3CHe0fv+wn4I4r7XTjFIgpqaF983xcKufp1Y -PNWGUW2+ydp1SJpCmZ0bYES25NyeqMd4311C+KzQY9I --> ssh-ed25519 4PzZog S3Jdr3hKEUCGd5kVmrXPzH0noDojlOLXUQztFOVKiTQ -aHvIGFTQOos0tpXydA1cK0Tl1DsZ2W4rZwmKCiGrvVo --> ssh-ed25519 5Nd93w kphOQeav7SsKFG2+41oUKTmcZHLz07AKAD3hqAA7MnM -wTQqiV4QCofagXA1SrhWPp0s4XW/ScnwKMacQ05fc98 --> ssh-ed25519 q8eJgg JDYDwG3w/WkkxLJ88jdPxCHepmG6OlKAmsT96usBgEA -1tYSoNO/j9OfuAM3wFajwx6OeQQJ9uNRUZ51f/QJ9dE --> ssh-ed25519 XSrA6w Cfgv0AMGP22ZAf9bf7Kf/5nAQIPigaiGrywmSqEKRUI -gn/LU1awTpRfVDsxgK4U0dzPAcS3ki5rHZutx4R4QiY --> ssh-ed25519 DVzSig c310oeJByvipMAsbARI/1BFbYLKnLridWioi7gPsJ2w -l8QxxrCbT9U8Tt5DqQimf9WmBGzx2BnMRHzSrEGy7bc --> ssh-ed25519 SqDBmA zwOw8Ga5zH5Odpq0V9l52NHXz9g/WDup/PzhG1rBnls -i1GDNfHfEVEhDDUgAWLjd2Wr7Lk0bpukYg5s1qGAOgg --> ssh-ed25519 UE6fcQ /E9VzRFwhzx2S09XzWde5xzrFJHjK55hCr5swCNgjHc -5H9AvVuQ028kimlAG9bFouiFeJtSpvWlbVOkhc5w/CA --> ssh-ed25519 IzAMqA MEH4kzS264SuPMxEVDppGEYPEgzZyoUBvs15aCvDi2U -ATkwVOLN3MXRff1mke0RWmhbmNZpxl9jYcMN3ot7GqY --> ssh-ed25519 uZzB3g LYsVL51QyyaZQybcKSvD64mYqojPgcFskY8wrsI7ZjU -z1Ccf37N9hqeRQHb3BPdqJ50qFjlpJ9xQ0dff/JsSJA --> ssh-ed25519 Hb0ipQ uAyvzgGdK7GwsJlGtXxAq61OibXN8d1nU8UkRRgNhgM -cD42wDJCRQHolkGM59q2ZnyKgp24xWMezgoOzcBJlII --> ssh-ed25519 uZzB3g 4UzVD85xPj54K3cr6MyfZlxJ9yc92ehlLa5h3Fiz8iE -4KEnQoNPuKIVscdj5JYt7s5yE1yicnIHgqeSg9+rztA --> ,+f+-grease -7tQ+9yqsuvFB0QCo7Kc2oujvofdv7bWEoSCjlJpC47u1yaKqNGm6L8+abMzoYIo0 -9oiXjW9Xzi3QrMio1SKQUylZtPV/LNxPLRA ---- XtEXdZjQZjat809zBeVIp9CrYi4LYuwbs1yclK5rg5U - z!|ܗ$(J ssh-ed25519 V1pwNA nG0AHa3H4vfygTEQoAHfY30CjOpmj1ffPOpCAJ3vmBk +Qut0rBmGYPJHaOdTWCOy5JML4NKCtlUIqTXmcXKSxZU +-> ssh-ed25519 4PzZog I5+i0lkVwbzG+sqGrCReuHzsU19tLi1SboqPPBD4HGY +HrdFS0QOc3lOVe7iYxsm7akT768+SaligBdmCNKGL5s +-> ssh-ed25519 5Nd93w 0R8EQvW2DzhhMETLXuC0I/b3QG4FdAojUhgCjl1veBw +BpPZd7qhqZK6ERYKGnu5NMf1nPZqM9uc3T6rQaCPuwU +-> ssh-ed25519 q8eJgg Fb8LVHNk+tqj6mI/TwfcgJndt7/L9CZoZTTGX4hCuXg +/BnYhtGfNVtrICX1Sfa2o7h8RDZm6fmL6dyNUIMLXEU +-> ssh-ed25519 XSrA6w LcEe4qfLXeWbPBHhYYhMuah0r11aviPO0tmaV/P/TzA +UlQ62w7iYlAkV2JDZdmBHuOFt/emPOb26l45RPSNKXg +-> ssh-ed25519 DVzSig nK/TTAP8vl4Q6ltd96AJoFV78jXKqEagNrrA/SDC6l4 +1lYKWXfP+LAxPRObq1VWvZqdJZi7DijikoGzjT8JEEA +-> ssh-ed25519 SqDBmA T9qOjPSZr44EdtGjz88G+qNwIwEkgKNtJm9lfMBu5Hk +7+qN1Uf/a1Bs9o5YyO6OsaC+F+odkfFnn9MYo04QxPU +-> ssh-ed25519 UE6fcQ +VsGwaWJ0QuBfSBOO9fHpYXXVJin5c/1F+ZkGN5jC0U +cUo39xNopF6goxCoSRI3C1eg6ynSOX1HmbTqH6JCzjo +-> ssh-ed25519 IzAMqA pcJ8a1soioxd/aX9a8SCyz+4ClrtUyDkQTNxUTH75U8 +iA2vSv0WroLZoRbjvwa5MxgPfFY8HTToCpLzOs1QdcQ +-> ssh-ed25519 uZzB3g srDszrjqCUdPlZR1junFInBTCcV6Pf8YZjdfI/jlymQ +ZqWkiWNCdj14yXibvJZt5kzplJYxV+FTYNSW2g/+IfM +-> ssh-ed25519 Hb0ipQ 7yV7BevtuILbQGDdzhb6xbA+1HE6gHIGBy/J5dqo2mo +vhZQ6RMeK7nmWVyrO2b5BRWA5UCLKKl/cmM8Qf4ywDo +-> ssh-ed25519 uZzB3g uZqAB7XXJORAr4SqRrtELzgsj8F5/7ZHqYjQBHtuWB0 +hN/6oT92j0jn6TWGaPQ2GHNE57YaoYQrHz6XocOmSZw +-> ssh-ed25519 YFaxCg uiXU3Fi8w3hzZ4tQD0xcijmHDXK1wIFXKwCTKlZtOHo +eW+0I5AFhJ/lutzftUFNjwBXbIT026qQh1iB2MyK0bo +-> 3-;D;-grease >yx2 }|M +iHbl8gyGfyh72AKP2rKtBbtsOWD3zfJtXUvZmgtDr1hR++RRWE6hDOOKPeWrlTfc +r80zbGItMrUtbaV6BT5g9+Ji6w +--- 0GOtCNG/Yxp0gVi4t1R7nDT6ZdAvyM9XTWmsaLYwbOo +%r!wfmmeUpN1%oj,05x̃vU_F 'NM>GDu8ijPHAo<(A1nrm*QS7>mhpL1l6M^V0yL26KG zg>!L;QHpygS5aw5O1_W2nPEwaTcMA?N0h!rWJQrlPP%unWu&8rewnjZS$?T@l78vL z4-(;dd6t1iE^d)VPWt&JzQO5*&Tc*)79rV1Y5Jw9Zi%_(ev!Twe%U64LB3p$ZtgzC z$@vlbj)uAV+Ucbg#-)apuG(2%Zccvs*-<{_!If3v=4sxA8QGKL8O6hM0!$3UvYnj+ z%KSt1v$XT7^er>O(~QT>M=O z3Oy{d(oMq3okI03qq0l`^7HePQuMP+T@5CmWfZUX&PhzlPVvk$cS*_dHV!fjNGz=^ z*LKQx)vnBS&Cz#ti_*`G3bV{~$_nLj%u6gR)i?7@EHlXT%rs8+DT>H9v2aTbb1BG- zN)2=lwRBHRD=Re%^D0J<14~DRB6Iz4{m95b;}qi}eYfDS{Q6MWoZzS&FJEnK z|EOTku*%#V!wAQUbm!biE+aRmOh0E2{Y0-se{YWr@8a;VV3Tm;NPY8SGr#;2ZR4Ok zea95%jKX9`kadQ-=|!oD#iirKp)P*DA-UO=neJvjB_Uyzj)D1pS-HNxE-s-NW*Ny` zo67<}DIVfH<=L@Osx15JpM^J7qNFcM6=@dP_|6H+bg(Y`?D77Kyx7fquNS?Xe<$|h zhTxOGQ?#sq+B}!xn_}|uhFao%nX3ui!RM?*3x%Gq;V7)p2t3|mdDvs8g5L?>ox9%o zpOc?%*7MJC&)N+Op6R#EFA~YI-H>{jKfCQ~=#lNmD<11q-Rk=qTxP1e_l&;O8URBs BC-wjU delta 928 zcmbQm{)2sjPQ7z-Nl~d!s<(NmyOY0TW}t78V{TeOL}7rBxw&I$R)j@HrGaaF(1iEmcAg=@NTa%O&Ma7a?Rhl@v1iIJy8 za%6#NP;y`~m!DUZSA|cce?V}cVVYNEUW8|nrLmcRn5Sn|Ntu6oR;qTEX-T$IMWpe> z4-(-)!DU{RK2<(dWx+<~E*U0i>6V5Tu3kQQE{RT=DaL+fVP>f=N#UN6>BU_7u8Bd; zrYY`@ewOK_so^HhZmzDC`X(8EZu;ep5t*rpK_+HNhE66K$;p%B8O6hcbMp0#O}xAd zO|t`Y!VN7day)!f!wa4DOUhi$yo(Bh-SnNp4T6eGDqXqKB1*C%Qp1YO97D>zUHvoN z^o?^ZOH9MUEz8T(%_`D-GO|L7^L*U%&0Qy-WfZUX2rTo zEcY!AG4{1^G4RSRNYys7EGx_Qb@${d^YKVD^a`^qH4JqvEQ~D6sLHkUN%HhJtMGQT z3@|e*bFT`E3`#7@H}^!3fHI><14~B*^R&>akW_y&6MrMis$|c6^LmSHw``}x2tV_J z4F3`r_f+SU+yINHa1)neF29hRaN|moDt*hupc2QZtWx95Lgy00s&Jo(;)2wqO#gza zv=qNEk33IDkaf{)Zi5X#$E;%8k0ogg;`hmf@rdb8W=~?BzUfPxQi5`_{W)@uQ{R@KEhCVx? z-w_--#UBnfnWJy*Y@S!`q56I|Km0oTf^l=^j9LE}o3fhr t_3v5`6&CuOVc}a=h8GewQ}S0a{@HVW#?h*StAmpL{=AugaQ^($$pGDHNfrPA diff --git a/secrets/email/details.age b/secrets/email/details.age index 75066f6..677a153 100644 --- a/secrets/email/details.age +++ b/secrets/email/details.age @@ -1,21 +1,23 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA FGnpjvtMlQEUSU/Yatems68P7ggyonctkHTV0KRHyh4 -HMqv4+3Gh7aQvY0t8yuQw9xIxCVjNdZKtEbkFVwrFPc --> ssh-ed25519 4PzZog sDgXstvONElzb6QVgb1elI4zYlLmnmeGPJDIvwXKuHM -6gTcns2FdeezbUZ3eju6T54avvL/XGwQ+RgO++/NL5s --> ssh-ed25519 5Nd93w p8xCIRNHB+dI/2g3D5yYaColw5xqwnPTXRiNeZ93lgs -lsuYyfyhG7AEVOvv8orux5MhtLAihN6obduWThN4vY8 --> ssh-ed25519 q8eJgg 9JTv63DlMKQ7oKGlYL/s6v0P3kXM0JwznNhrWjxmWGI -cC7wmksvARscQY5tRPoa5uU0Bhv1XvXHxnAmetglLyQ --> ssh-ed25519 IzAMqA ZfxLgzUT+lR15YHEtB5wubQ6yrfo1jCfhXrcftC4zG4 -4Me+kebp+tGcYEgoUpacJ7vc97Zx9HU3OyGJfEnOBiA --> ssh-ed25519 uZzB3g 9JjpdqrrC+I0lsTJzd85S3Ty5OzLCgk73Uy4J0W8zFI -otD/Rhl/M/wzajFsa9/Ekh4hdgFj7U4rLIOnVl38ww8 --> ssh-ed25519 Hb0ipQ KIHz+NlYyJr0123zY5KzP7DKIVKMZ96pkYszfm6ZZWw -5otxnKJG/rlbkkg7Oq5gNpsCv0N4a7/keLgVQV+/HZE --> ssh-ed25519 IzAMqA M3f4xVILPuTfWltc6MGbmNaJh3lHVrUUTJLewO6sths -VxyGTeZCIQ+YFQQDawnq5c/KZJJZ4XyBOkTe8ERAR5Q --> QPWdC\-grease 6p}<3J[x -mI1KGauviXoXmMuh5wc7XnJWczUEMpzCSt1I8Uwo0tBP1WK8/WvD8A ---- 6qiPEiJW4DZdXJWin+F0aAIEEA/FaUDfQ7Hsuvo1QKs -D!տ9{,&lk<#qԇ3)aa] lĔ$p:uI7K+-<ހȜ诳#0b{ɑbQ Gr2 y;5C5֦Z7 A \ No newline at end of file +-> ssh-ed25519 V1pwNA P02Xzq2IYlbZMvvBUjy6eM0FN1CfSyCinTJnQrZUUlg +QU9CrDYFL0KwDiH9T0zOzydeJBm4eS+Rp4m2ozA3FA0 +-> ssh-ed25519 4PzZog 0dqzbH7AY96+GFtwrkrcxYKuO/c9eBPgdxMKa1qliw0 +y0Kx5IG3CCzFcXM5MuS3eLij/l7QFKaHlr3VQty+gsA +-> ssh-ed25519 5Nd93w i9j9spcBf2ww6koxQu+802p8ua70VmQTtuLNC/v8MzY +wgYQc+JdSPd2cen/mQyL4NVn9fHtRsHX0E5lDW06yMs +-> ssh-ed25519 q8eJgg L55YurMQv+czgj6uwgHS3L2vX2A5VYRcUEXsGcj0r38 +vLRAuYLEljcVqVXs6k0hrVQNkRIpvvpCUeMP4jWVItQ +-> ssh-ed25519 IzAMqA Q1wP64lIZtvFPa0wAD+jQZtS7NwDr4rkthZEoVtuJjo +EnLKgtFFpzEKpLZMatZFNTt0rINciFUryYd0GMIUSp0 +-> ssh-ed25519 uZzB3g EwOnsGci+aqHj7XR+sVCi2pNowFbTLtQimzFNHy7LTo +jtl2RhtNayPr44rrZ1ESgR6p1hDJg1h70flu/0rDCjg +-> ssh-ed25519 Hb0ipQ Jmcvd8zOLb7qf2ZIY1HsBrMA3wETGJFUTicBb/Gf2n4 +RTiE+f1N+npbnh1M20x76MJ/uj/5SDTdWKj1uMWPThM +-> ssh-ed25519 IzAMqA cSzsukksm2E0coLmIXmd6DsEs/gHmIeGfcH/unNd1B4 +6ThlGLwm5iFG/UXoNMtAup909MVxz5JTpK45HJDeYFk +-> d7'/PSOq-grease BF, +ka0OOXHqf7TrhcdP9NFMQVGlF2x+fnC5PRZba5o +--- s5GXDMgktkfdge6Ndk1J8ooCdXVsryH9XzD2+TF6wC8 +`2S +%͋cA2 w L(q\0})D#k)Y\&X"į506|4)._vD6Nҽ*+R)59 +E} ~gC1 ea \ No newline at end of file diff --git a/secrets/gitlab/db_pw.age b/secrets/gitlab/db_pw.age index 59ded26dd88d9d75853118dd2f1ab5d91f5543cf..182cfd7a3ddd1d72ef3a015f5559500fbc07d24b 100644 GIT binary patch delta 835 zcmX@WHk*BdPQ90tdquiaMw+o>KwhPPWpS`+QCW$Lf4-5Alb>%rDIZvv!RD;p-EJ*L0L#; zU_f|co_TmWS7MM)fu+BpkH3DIVWqcYu7!bTYGj^YfqPMQo}WcdW}0PjML}9}k!e-_ z#E;_Pd8I~?9_6V4o+%mrIpu!ZhF&2B8Tv+*sX00R9`0u4#=-thDJF(NdB(0>CaKP* z6{%jyCOMXF79LK?6?q}vCApTy<>`(QPWm~PfyR|dA@0tZZo#3G;~B-n3;oQTeH^n4 zEy@#f-O`=2j2$gYGxCZOo!s3bT|yjrF>rDO#ej#2MvkApvu=7(YGQFJS8;wsps`U#aYKt-lymY-)@ZmLgNc{10; zVEOrR(KosNzpC@gUHT-q@fXjm*lpi*wsqEpdU>s2I?wC5=Y7JuC!ZKH+Hv3j2 RM%M04s+`WFm+T@O2LQpqBy#`& delta 743 zcmbQuet>O)PJL3cvr)EFk$zORhrW59w`G81iiclRp`)RrSy^JFf0dh2n4@KIu4A#2 zCs(quw|k;Nc2uZ|M^$;Que)VXm5W!dU!=FGenfz8fpJhyd0I)Jm!(;LIhU@TLUD11 zZfc5=si~o*f=NJCRDQZbK%_^mS6XOAwnd(yenE0spj%F1RIpElxnpE{luw3ZdZmY% zep+F&sbzX7SE-X>dU8}~h(%AaTDY=Fv`KG4MrBOcRQF(dAroN7078Sl+ewiVW zRqo}Ern&w>fko!pj!~7xxoJKnmih+S#>K_KrCtG1nPw)XmBIOw;~B-noqUQ@0+T%) zExZCO9ShU7OPsw6O`L;rLj0pDj7kgwQ<6em49W_^qk=-Yj7w6@t3nc^DiXCL)3VK7 z%lxv-yaIDvb9~H9i!w@l{DTdAgIp7H(t^t;pJf!UH?8vV^7L@?&yLdf3dt^aH_G$P zNUU^E_b5%xOUz6PHqR|f$x1UyiposqimFJ@sxmfmEOmBus&X>T4vR3$4f9PYam%bq z%JFrsF!A+ID#{OxiVX1t#Xw46epF&wzHWL^YGQG!f?lpg8CR)AimSIzVNs|_UWQ{x zVQzg!ah93CMXr~3WImU!uC796VQ{#Qi&K=Zw~oZ&amMYH2{Sg>Pa|N=l+{ zx}$}DaB*l}sRfsBsHT4T_8If!bG${)*8bwtQoKGXuyWrqi6syF6BaO^$vf?*BF^zx ztGn5J(S=Feciwb6t|+*5ajoFG!o|C01PSU#UW@y5E~NI=$$pcv-FfrZPwq>EMU+O`D*y-PImPP2^H~FV=rthZ0(d-G&w69nGaBTk&E@<|bwLH-1 em*B6cLyuW&&)MV$muNaUt;ly`ayjpQGZg^Zs1cz6 diff --git a/secrets/gitlab/ldap_pw.age b/secrets/gitlab/ldap_pw.age index 70c9060..4b1d10e 100644 --- a/secrets/gitlab/ldap_pw.age +++ b/secrets/gitlab/ldap_pw.age @@ -1,17 +1,16 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA l8bVNmtvQQYYdYbaIGbu2Zr1QIQ7foEVC+3qOjyBEBo -/+XugQWU5ZtUhYs+nUXiWszSt4f2ugyKzwx74k1L5FA --> ssh-ed25519 4PzZog uf9XS3J+yhKCUkD4OnwiWg0wyRpN/9lSc/zhbqBNYUA -/9FoDD5reZtMOQAuvN+ex5PWlC2RySqiCzv0mNwNTQw --> ssh-ed25519 5Nd93w VuooU1/tyko+EixV7mvIu4A2O5+83BvUloDJX2JTDQA -DhSj04ZvbHakIkadflpwKbqiIGea+eSBsEBdzPl9OLU --> ssh-ed25519 q8eJgg bEyYdnWO1Yvlgc7a8HtkZhUgXbiIfcADqrpnVG3f1Ug -Pb26M2XCByrWwY8WxqWF64tkAxLFach/VSZ1bs9Ira4 --> ssh-ed25519 uZzB3g YlKcfsuCsq5B7tOcQtGuTBWoSWamTLCVHJ4T1d+Gcz8 -2oNqUbegU6OkPpFTrTPUwIgcxPw3FiR1Y8TOoTrT7/A --> HvX-grease 1gEJ iS*ti w!mB 'ztJjEI9 -bWmaS0UnKig ---- rZTDxAK0aAgxkQM/d39FIL3FF2u9ig89jYjBmNvVFIY -ojnUes7`'[,}RQiv"eִ•7nEǻY8b -+A= \ No newline at end of file +-> ssh-ed25519 V1pwNA llgtj/hArsPrgXWLZ1PPjO7oxnsxTCDjiAk5t+AdmmY +UMqj4tptjYBlx+H63XV2MkjhtgwqfFoOcnO/df4Cczc +-> ssh-ed25519 4PzZog kFatYVb+uTFE6SQTyAAj6dKzMXayOGuNb0wJ5ROUwFE +rFdJqLGdWtA6Zlu1HZCLZEfkWnyQJZ1YZaqKhXX3o/8 +-> ssh-ed25519 5Nd93w 0nz87C6yz7opimMDAaDGk/MGAxL7H/EkErURJzsewCE +PosekfdTusQBT78vwUk80ifdWnwSCL1SyljKOX6Zj8c +-> ssh-ed25519 q8eJgg aduz0eqmgJCaFIziUKytibM5B4FP0Caxz6VrXOjCmS0 +mlSOKmvZe5BbMWfC5r/Px4ppONyBD2AC3B8sHquEfJ0 +-> ssh-ed25519 uZzB3g nxn8Ftq9gkOFnmLLSf0+rvgd8cLM/Hp/7oPNqmhzOhU +KKH9PUun0S0+GA8Z4APqvrNHLe/kb9DNqSqOJDDKN70 +-> gmR|-grease +VIRVW2ctDBkcCBfSpnE2zgJBoo3BTXxYvyYfrs2kEEUP9tbIFtaAPqPHsUlna0BD +o8MbAAgG3C94PjW/MLeurzGO81/+ZTJ/w+gnm1hqhgKn2UwkgXN/7fO3htEr +--- e4BEq7PzBBhOqfRTq9ydLwFdTUKKoRZy77yLIrxV2Eg +@¤@0:AeGG?_}-P~M66}5%Z/_-Ѭ<|ȿ~Ue a? y@J@9^yGn;į_% ooBR<+7ṃ;Cڦĕ!k/Js \ No newline at end of file diff --git a/secrets/gitlab/pw.age b/secrets/gitlab/pw.age index c8480cb4da9c083e7e2eb061bab0f8056cae5b2c..9052082c0ed6f86e63143e5f9818a63ea28555b0 100644 GIT binary patch delta 737 zcmaFMwu^0oPQ694rKypRfxEj~MyX>|dPZ(~T2zXqpG8`lfm4Bhd6;FPUqyt!Nl0de z1y^oWlv%n-K%{FyRC0iJp|*=la;jgNMRA6{ho51hYi6c%se4MgnTLn7374*&LUD11 zZfc5=si~o*f=NJCRDQZbU~y(-k%sv=8V z(o(#&OA?dKlGAeBTqFDof&=r7e4Qeli&G<#Ed9NU-NPKY5-a>ne9N^BeVj~EJVPzZ zoDBnAQ?d;b%frkq44fl9Of0gBvJCuE9YaDVpJf!U&&Ul;_K(sJ3NE)yuQX2cPjWR( zOLsL$E41**@vqEu(GT-4&&nvX46JbEDso8-EKD`BNcGb8c5^K>GR~>W2zN2cP4;w2 zuX0bT%qTVVws5a1&(E^}#ehRtovEjaZhBE_VsWZMnNfCHu#bY4f=f(Ql7g;waS4}M zs%O2KxutPFm#(g^f{|IJsj*u`RfcI!Mx}R9N{Mqoj(Jc}ph>Q_zh6b5NttP6sf%Bz zi*ZglmuSqVw<4C!SF%E7HU9rn6LY#**FOqhK3N6z;XMG70|q%}wEH(&cNKl#7{2kTb{YK~@AEq~C% zwW%ijM@j4Vh+yR!Q9TZi^HUax7*^Q_%>QzlExq*M;nM4YMjs;8SWDNpExR@Sz}Jg9 ZjhCFRA6@bL3rBwW*O1MDPxRDJ0|0fF5B&fD delta 789 zcmdnR_LgmePJKyaR%nT0T!O=^-h_L1D#Q`CfTd zB_8IbMdgOcM%q;wxjyce7XFc`C5A!4uKteRh9>!LDPCn3Wqz)c;~B-n)ALM>&2mb8 zTr2&|b1Tb|^E1LqL%h@d{Iq=yg94Jxi!3YM3$u$u^bOOw^xd8O(+hoyUCsSn0#nS~ zTrA5=Oe`u4B1|LGjnd7_y?l*RBEkX<(jy}$pJf!UcQiNmFDuFR@bL}{4$lwKPY%t^ z&rfy^2v2dUOb-bxaB_EXcZrBJ$?yo|GSg2kiF7w9F7e6n@hD3S&M}BcF{vyH%QY@? z_el;figL*f@^mRJH*_}v#Xx#-cDl7ej*V`5QEFmws)CuDZ%Bbcct}vSVv2==N3=n( zTXnrAS8=dcky%M%ae-m7o0DNml4ns~MQ&MWXnI*?rKdqsRY6&1puS&uW>jfPS7wQLZEm${xSj%W&&7Q2_7d49!z zj+^2Rwxc)P53D%&C_!-J%tEX6VXu=#uC9MQP2~G!XU6~PffqP$THf<0R4bYF=&#mI Zi{Dw3to|xnSWJqeqeIBvq_|WsA0BCo_=9YVw6uvRCbP^c2;4jNn%C$ z#E;_PPTo#cp26PP9u+B3<(`p|?ykwM`ANxU?q)#|IWEB=1{t1iIld+C0hN(l838;K~VX65Bkq0Zjf2C39s>n!n_4f}-EA$HY z^UE*uNepr6>|dVqI$Mv=d_iBUkLetKF+L4+q) z2}{r9f=G>%0vuNF4^DmlW$8q#^?&}i>Q*{MI`TwjKDabx<@hV(N>%u2kMDn$qH zm{56V<&;%R>y{U!HYg|_J2}r%i#7LJO6vYI>z6psTM|^RDJGO2`_|Gt@6p}|FV^Ua Wd|5hANjC572gM$3>)n=>&iesAq5*{f delta 695 zcmdnZHi2z|PJLRENm{vOmRF8hi^!Mi>Zs3b6&c$i9v9srD0*RNuZCuFPE;JLUD11 zZfc5=si~o*f=NJCRDQaGd3v~Zl!1AcQD|mGPduX;PGHWsz@4xuKJjUub}fpP#!$SXy|wlXqGA z#E;_P1^L-trlHztzEO!8VUgO#AyL|1X{o6tfo5j8z8PjY$)*980hyMSPA=tKe(r&$ zDQ2z}`KD2Bre+02g@G;+e)?5``bNfuzExFb7HOdsQNfXghN0P$;~B-nor^MDwO#yN zOA^COwJqHulFa>bOpTK&!_rJkv&)kr!?p8E%Uw)73p10s%-jnMf{W99wOzau^9#Kk z3w`o@JS|-V^DPsN{S5*vlcT)M@-0l={nFAWpJf!U&vZ@o2{z0#&JOmo40Eka@hNaC zD=Lb}G>mk%v@|Ly4K49ZtH=w8EUhf&%C#s6_be~Y^vyTS@JjV6NOUdmEJ$*%G{}#r z%rG%<)Hd@?Gj;dZ56iIt#eia6qF$ttZhBE_VsR>0qDPctl4-DGqM?CPWO2EhzENgX zu}giDf4Ognd%0;om#(g^f>C)=m6v{+cb>L)n0|0>prJ`xVwAC?MMaQyu#;tCUYcvB zK~zzoSyH4USD2UC&Fa<@8D|!5yXPadUogOd)myFimcgE*mjeF_d)Nq1<$B8&Qsf(B z*|Iru^_)qP&*qgK;r_bGQa?%NoZf+36}K(Yy!GbWJn_{}3yie%nj@rjP~@DQn0W0e f?@68v8oHmB7HsfZy=I2et|dv4EwcNichmy_sif_i diff --git a/secrets/gitlab/runners/runner02.age b/secrets/gitlab/runners/runner02.age index 0c2878d066cdb6fab4eb7a9005c8a59fd6df7295..f26fdaef3abd6d74169cd18031d3d8fdcdcab59e 100644 GIT binary patch delta 767 zcmaFEc7tt#PQ8m;fl*LNL1dssU{!K%j;o8MZ?1c;QJR^NS7wfHSaNYvN@7S+xN*Kg zAXiRCnyG1Nc6w20epp4iVNOVXNSSj+dYPGdX-0NbvVpH-idk_+c1~D!B$uw8LUD11 zZfc5=si~o*f=NJCRDQZbs#`$1w~xDtUsYmguxmzyv0G4Xs#jp4xp|pOg?E-waHNZ= zyLVb{P*r+9S6;GLVuY))Q%ZPXNw{NWXk?UGT0}r$nWJ~PX=HI&lzEhkQDupfxqndd z#E;_PNsgHX+1^E|K?cQ9g}IhVt|e|+p^4>r8G%7z&Q*!#envqd{$5GpWzOYXW@VxN z*-5z`6)xpPzTpwU?#3>emZ8OInI;CAB`KxOt`Q{_Ca&Jv$x+#p;~B-nEj{ydOmi}F zEL_qJLxapxoT75lebP(w%%U=#9COP`3-qguO?-j_z4Cmy@(sMR+%luI3-!yhQp=0< zQ@ve%l8b!IE&a8#vlF$o!#u;>LwwSby-O@6pJf!UuW-w&42*IPaLqIeOfO9fO>)Z4 z&eD!7^)j>YGssIfE;UOxEjKE1EsAjEDt68eGtaPa@yQR&kIJk}%=Iw$b1bil($B5R z@inhVO$@L|^vo>u2=fgE#Xyv!m$^=Mv~GG)YGQG!f^BYiL~S6Kr?z8$xtV@xX+~y5 zRX}}Mg<)}-PoZg*ab=>unW>S!pS!bpSU|D2OIdPeuy09Jc5Xmbu7#&|K&eS#iCJo( zA(xq1s)3=gZ$@fZL4kRxMR=BHsYR(zVp_3lrAcZzm#(g^f<>`uWp+xYUxcNBettxt zMVY>7Qc_T|uaRd-XjEEgZjy0kQ z>vqvdXvf{JpZJTE%iiQACyHvtD{wq}cE7^QH^c184ZD|o3T4WLGLtpg8NQ2MxmA9e yZC{ynvyV@{z?P})Ivt-nFRuNytdmv=$> z#E;_PCV?3hhVI&yL4|IK$pQLdrj~^UemOyTUKXwvMJcBGj?TgEC4ND9C610|nEZaD#YQRxMR1r{L{RnA%Fmi~nWNvVO8;~B-nGZPaH{7P~R zjG~;2Q=KAA!jnr9!wTG!s=N!ULaJOW4gJi^T|EO*%`+moOic4V%quE#wW|sXoP(+i zN(x*`Q!_Fv%!<7#%6!W#qf9)VGD6FOBhB(BpJf!U&neFItV;IH4Gl@pGd1_iu{8Hg zDGn%g@huMa^Kf_ePxG}fu<$c0N)Hd^O7)D)b2oCabWD#-Nz8V&%+K-;v&_wNOYuxh zDJ)DW$jfzhw zK4ECm=8< zo2$^@xX{oo#4+8pq9EPeuf#7hGu$%RI856#DbgS(-80b9BG4#YJJP}_luOr6p}06h zH#Nn`)YQ;Y!6cw6DnDHz#nLG+J21sN(;%$aval-5#4SrZDY4irEU(Nrz%s8ePdncv z*)QAO*smg#t1>JjEG#k9GRQ3?yD%`VC@3d2!X&J?I7nN&#KbQu)Ii@NH7dZ|F~m84 z;z#jt^VIyL41aU8)Qa2)lSDuBQ0JiX(!3}$*F?7{_hb+M#H5_Gu+S2tii}9Ez%+e- zN0&+`4`(m0!VKr^&`8VttN;tsf(MVU$FiP?_+ zUgmzKo*te-K~-Lbrp2cIm4(g$xj_{s!Qlmdh3Wn|=>{fTIjO0+VIHN4X4-}YZl;c& zmOl9gL3uePKIWnRRRx)uK^eYoIYCK5+TpH~&oYYFd-%DURypcdRyrFMM`ZaWM&)>9 z6%}inlxCZjq?x1_`6l{$WE-YMoAFHL*BVAFrpOW)I=B&@zISI3PH~JIdH2)6*!*F+Df2z%b9!Og}0#JIMJ)hFU!I_E6g;fD8<*&%)>9)&)MBL*x8v&S65fTIM}$zxj5A; z#MsBuq$EH;vDn|zyvQV{$Vb~Kr_4Dy%(Ff#FWe(6)33~gOR4+O2L)Z7IR;Wzv79D6 z6HBLEzq$C^o&#Om_w%pvou0Be^Z%jR*&%1wylPuudH>Ya?(i!=A6xr>u;MLQdg{@h z<%i51yuUoZl)QRze8i$tw_`S~<*a zyUV!~EIOa~VzrL3sC@r&xl1D$sf%*rNeN%CwWzi?2PDgsT$^8ceY%W F1ONs6DVYEO delta 836 zcmeBWpTj;ur{2v!)j7=BKg`@bDLcqD*fFTm$HP1~r6A13**n;v+}$nAqAJrnG1oA{ zfXlSNDLc~5HLub&(6=hfH8CaIG%`~=(6t~iHQUfPw9?tj$2`+1*CNW#lS|i5p}06h zH#Nn`)YQ;Y!6cw6DnDHz%Q@ZC)6*lP)FaS1FULJ7(9JPBFe$GfJ>1wgD$1!sySO+a z*DS*)Dlfu<%OupPxU#~}*re1fBDt*0$GylSI3y`JtfJDgq_oVlEG@&pEjJ@6-N-3> z;z#jtw-W7a|AI<=FHb)oAMIS@P$LUxk3w^cF#jUcpuF@5SIbf_FaKf(k#4>viFsb3 z#@+@MuBlnYUYQ<2Q6~B+0Y$E6L1ix5;bB>k<-UG7`fkZw?%w((#YL9EzTqX6zS*w6 z*%9GhnEA#mIk?56ctsuS>%NlB>UwT zx`Y;L=XytG>YG^l2bd*!=erd;yBoT46=rK^`5U+enq>N=1!ftTN1BI31x8rpRGD~` zxTpA3dZv0-nHPnm8TgohV!)-;OEWJo!ka7A&n>8;AgmzITsuA0DYd*PH?7#aB+xCnAT&88H9NZ?J=n9d z+?PvNS69I$y)50+RXfDl$f7DV+|@ZhETuj-*RX7XNp4%US=6=X2w zEGn@UJ*4fnSbQq$<%w2VFU73x>Xv+$q-}#iiV@($hWF&#lD6!q>mBm`m4Ap}06h zH#Nn`)YQ;Y!6cw6DnDHzDbOM?!Z6$*%e$h;BF`tq&$ZOkFyG88z%$a>HzzGTt17e7 zJS)>LEjc8c%Q+yR(6J=UIWsIc#n~mv$jCdw$lRmIyv!-w-#^VXKQK2hASWq1H#~jf z2Z?ZJcUMb4ry_Gl|5E>eRMWtUAR{Ah=LloZAeTxPi-<_)4DD1?f8QvtbPF!8sIX9f zb8{CDvpiqVGWR0O%&_46#Nh0l691GUv(TWzqI|a;GZWubv+T+7jN;+NUMb$?A>Mfv z5q`;eX{Cmq<=H0TKAz@LX+@>(MHRm8`uP@xMTLd>>BU?Y2F}_ZVFh8~A>kP%xdBeO z7AbilMkz`9M!5yS1yxSzCT2xGiQ1WNx#^S7GK$xymE{H*goGPACKaRx7e-~K80I*I zo4O^Y6qrR8miQQjL=!sKhrQ#G}e5&D6&|*D=S_$HyQuJHI%ID?FewC(|;g%seMF z&pbKTIlxIf(6GW(zueU_KPA$HOIKG{AwSF0Da|pnB-u5{B-1^xs!-n`!ptbhBQG#L zHPgvF$3H7IJ4!67PMko?xT+YVO&emxK6ncy#{S zGq}CYIvB$JmBVk9<#E=TZjL^dWv43U^46bb=)Avu;H!4UK!hoLG6a>Q&9#e#c*Lx_qRjeY-3qA{%|k zq+#ai`ba7DtbSmJGc4`G7xpyH?6dm* zb3Kb@gz?N({af#?`^30!znZODt|I45Em5Z2Lr&WjUT#UOKWZ>RU;T;a#(y*0v!wS( z-uvrbR^;&ckBIF3_fBFGth-I7_Odn~Rs1=}U7z9gv()50mF1ChPX!9f2y?jy?%JKn z@$$(`0h^NnbG3F{TlRQ!^UoO@E7`qs68k+KKFSZc6JS|+knuzqQ%wp%)AAUC-x{=ou9Dc*brMjsg zY#-C*Q(rG^Je4s`^8bQt176=P$Fy7@Hd)B&2^8)AEr0Q}^UVTXu2+99$?0iakerZW zHS7MBUSa!jBV^(0p1dYIhW zB{8SY><#-ZeZ^P6Tl;vco6gja=eRf2m4Ysa(Gp6lcw&ro_2kXN3Q>XYimG8K)J+tJrQ~sv> zD^;0OT{^XD6SivUJ!aRpKlDb#F>G62$RClZhf3_Mm*^C<7u)<<`kayDgyJpDT5stY5$Po@**D&@qMdade~-upA|jdhU3+3|BA-tqCy_}PwbPg+F#MDpK9^jY@M5{Yg)L^v0Ui(k-D2(60`R6#*{N>FR|LZ z@=t=+lwF@zX5~ACEy!7Q-rAar$+-T9_~9uxZ~4Evtl|7Gfj8--(z37_j{PeZC;i;` zMX1C#psBgALCIuxb!}k9?xpucEWFbB*RwV3KegF8WYsVCZ&LU9cJDB`Ewy;Xv{_Q=tnTUV-4(K_w{n^K)}C0i;GcGM46W?>5`4)tdJ~Jz zRR6Re6-#*{HVQ}d+Mdg=VsF{eCSo+nx=MS}bK^kgzbAOi-%e%R=KkvJ^jsb=oG0E{m6!f3##tRS8S$6v#Bc-gw$u~c&!Y9eGw8Gil&(Om)A~>tuG|SsPBiXdfB;O(>)6FL= zovXaevQob|Fw7@1vE0MRH#fjH$gwEcF{H@JIJY#)B{e(GBwafs(LEqNl1tZ4p}06h zH#Nn`)YQ;Y!6cw6DnDJpG$Js#EZEtzBse0^EhnJd)YUR6D$mEqG2Gq4KRn#Y)z>|v zC@Z3}C@;f;E7ILL-_<1B)Fdl7AUh-}$k8-6F(N!5)z8e|z|6xUvb;Ro!=tj;IHYvq z2Z?awC_^tdKQFIvXS4KVlQa(}r!oVN?9gN{k4P`C3QN;a8VE?S_Lj6Gh!Zhc^aF?hc{fe+q3)2c$58ui0jN;+BM!8Pfet90r zDXw9WRo+okN9)Uh-xlTzTmL?%dRfUEAxt?6w8LqCDrs*Y)h2dATWJ zIceG1+5y_GZeFG)RbC#6Nv4@errw!ZDcO_HGK$w%W~IA2=LQEA78qn18&_s~X-8%i zdj{r~g}H|Wq~;{MR^=8%`Gq(IW<_$PWO`Y87nFo&7Up}DIC+-2_!v58c~n@sxFovz z1yy-#7Y7FvmK!=1nP!6`ph`ErC^fM-Rlzw`H7LfrSivSPFHuv$RiS{(-?iMxyu#be zw7xPo(=jjACEF;|-PhSH)6Xc%DBs!0%rw(HIKadw$~f06ufW$eHOe$CT|30px60SB z+{wtmk}D|1FU`P1yTIAs)F3pcBskQ!JS;Fd$HS;3(yS=UGb2#JJ*6sw_aCQ!6~TBEY-s`+afW@xje|SGB?dL+eN#i zI4mi}u*f-5zu3Jh(KjO5*eS@7EBTDbEX&0YZO*%1;F-Rt?Bs^-l=Uke=k0uTUF+u# zi)FT&ACj1o&dZ+uv(oUBnbhsqansg+x0QVV)7)ki`=#8L&ATi%KFQ#f{=a1LLRSw? z`7`xD^Mt>CT4U>K&XSX}J^ISLW81VfrnUKrFPR-4cYD(2)IX0h%$gHxtn$uIa}0Rr zwmk21!fk(vZnmkrQ$M;j@?Tsj_35-@k{N47*yZ=O{7YU$sw+z^^6&i^zU*vt>Cy*J zR$8lbEVl%tJ_K+C2Es2D`ysOmXWE8d)jPzI6u3FTgZ~D zEad+Z`6-vW4(F!S*QIRz=~I5%&08ZeVy!^kdmf>JXgQ@HUMUm&1p*sQTNMAOtXQyp z!_%nmlJkSNTkY(7_f`AwSB1$Dq4FDxPrI_+eCRdt(1{KI7Q`^+C7IgQal~%x{PVTr zPra})+a4*~Wp0x#E2Z>zvv8mCPw`@FhFd=@k^qzI1`iyqj z7xorh>nM>pMR7 zitfBWD`01guJ^>)&TR1++t+i}C&mbJ_I!BNcWPJ38Xff>)k(6Ad?(L@-QIfR@(+Wh zDpO__oHn1Rv2eoc%X@qDmVRneGvAmu^~u^fSNoXtyp~J+u=`eX=uCfOdfvWIu^(1< zmp)5a`M={azq09D`A=KiB{HU;N@ue&-}T4dpr}H?_~h5(GY4Z2y;;RF?cXBdIom?& z4V$*x$9J;d3LW#-`4vu>~GJS(6Wp{U~%-J_)S@DC;Sr9!mh{&+~jde6P%}6{9s$=a~pYk z*0T*!LT~KzCv&Hr+f#E@Smi&bE6edq`hq9=_C6DfdEQ(Y5{Wjc(~itUN6D zV@migXZ|Fkh-0NTzyIpBIBf0>`Fd8V=xwLW(@4SYhnH&3ov)lyfAXRG`}Nb`eixV} zBFJ>;Y-hrp+5@j1cBctBoxSjIv3iK1<=XPz7kxL=3ex5aG6t5s7f-*a*{!HF@zkHs zytOxecI;auKSfS`h1le256`RYj2HcQpZS`SjMJ{iy-VIK@Z{#V))u|?Tln#f8(|aN z#p=wa$#Sd`HsXGAYI|K#(yPpR$9YrOwq4lCe%&l0d`0i%izjmDoXr1q1 zrrD-dWC|I{pMJ;ssIPGA+J#L81$(_tRdiJaa@KmascjNE|1nK)v&|Xy=#*~fiEQ6v zy*9bphuQD(>wLvx-D`Sa_6zB#8Bc>3_p82`GO45B_lq1}_Ohdrzo$69&(}3rzo1?= zHaoPzF>L3vhfY1pTU0J*@2j|4ET<$gbH};d>+|x%)c77en(**kt!sBc@a5{sU(M~- zJf8b<%WHKG7p*rRuDz4HIejz7+nuX-T$^q0d)WFY!~5SSqP-GSPFz%V_^SKFI9r$3 zq@m@<6U8(6MeF}O53uBje|mJus$E;vHif!MvDfdr_rb5@hcWB9%^I1f>~(iC&MJM6Ew<-jng1&4pvZ5LgN-_& zDogX8{jw};HI4`=vud`UbV(|8fyFfW%g4FHZ>4XUlBCWp8NYo~3KTd>5%5 zJ+U%rHcQ#-ti3T0mZtqbV-od$W737Ao|9(Ja@+A-??lAA?>&KyY@e2F&u+4h&U4@L zuyfJ#%Y9DS3Yv4L_RQ>_Zup@4nX$ge-K(y_>CM^7$1Ejw*KCwOFEjP*M-yT8(g=b1 V;&r<1x6gi=aw%ZKhah=|O#m!hIi3Ij diff --git a/secrets/gitlab/secrets_otp.age b/secrets/gitlab/secrets_otp.age index bd6d272de352a622b443ef9e30a464c3030b3c91..502d3aae0ae8ea6789c7187f23b925994592ce55 100644 GIT binary patch delta 787 zcmX@i_L^;iPJOAjuW6`Znzm74QdU8faix1$WS+BWKuNkqutj!gc9EZjeyCAOL6&1y zF_(d9eyB-6Mn#roK~YLpKtyt2WlB+5QelQkR9SJPMX+OKM7fEjZ(wDxQCWbyPh@^}v0G)BS+SdCxL;*(QLtHod5L+D zYhFaQxsi(nS8BO)xruY4hf7L@rIC+YiA$lAc5q%|cB#I8RX~1Tfs z#E;_Pg+5V%slg_W;f~(^A;!kOiJ^(kUM2Yz-X1RI?is!w0a>Z#Mp4e$Ia!WeWrjH= zzS^0I1@5K=X~r%EW<|N-8J^lzm8SXn*(Mg*S*7{e#U2*HX4$@z;~B-nUEEwuwJS_R zEW@-7EJ9qW@~d34oO0dFg3SX>LVSD;gY<(-OCk+J(wxevK3=8q}bu@H$^v^Ni3UL3m zar1FTr%{e&WlE8Al#^k4Ze?+@TablON=Z&pX=s#BWTw7dRs zR%VzZuG`HIacRfAAA$(u^!XHz^ z0{q>5%Tm)Vf=Z+OQiGfllQYBf^U?w;Jv^N(BlW{Q+?@lt{PP2i&BH4)6DyMRP0RC= zBP-ks3JMFuT_aOHeSFda9Ni28k}ShLi$i=TpJf!U&vdg43`+4y3rTjj@b)w@O>qrM z%`nU_^U2T5GYHL1@kuT4G1qpD$`4NGvdj&sO3~I2(0A0%O>_?|3r@BS&Gv9}b1pUs ztaMHEb=0r4Oe!;Q3JM0tK!vJvv57`Nk#2fXYGQFJm$ScfiN1fXuVb)dlyA0cL~626 zaJ@;flcTX;MS7%9hNpW-K9{bpu7bCBN_l90u6dfHPo-;cg`DwjU0jlHe?ucY z%l6ldZ9jNeFHC>@`N@-=Zzk34)KXUIRf$nFOq^jkSGsgcM8oHWw;7bqZU4B@I%>iD z!%sI`xg6(N#Qiw5QT9oc>yygUmD&$B@I2w`QCxS@cvDo@!rAY4J%2FWVf+2e6r(xo h3Xjb{C$05ea(c?chDD2S$fLOM3SSci)WszrAu*EfrV*_ML@c$k#CN^Q@)|0v0JD~pu0(NN>r$RNTFeluSc+NrcrkK z#E;_Pl@=D}E`hoErT(EsNsf^f+HRFD-s!;x8R13+DgGsnA%^L05&BM1g%!SBX1T>F zxt=+Rr4^p;=0%Z#VMZoVVL>^iCdEE376zW4;gN;`ss82Z`4x_n;~B-nvje=nJ)H7G z%F4>3Jc|nQL%cj4^Gvc6vwR{gUHuIVTwDV~s{Bi<3ezpPaw|M?tIR!%d@cL}s&Y## zjj~EjOiP@j{K^77D_kw}^K(+&Qv*_xquf0wpJf!UPxZ_8HuuZ5Og7DSkIZ%t&@TzE z2q`Qu*DuxgwJFEKX2F0nBMpap1CTV3=`Jn-xmL@(SC8oI+UU`mzK_+flB-A#QbpJf!U_l|NkEOax8O7-=1j|lauDD*K; z&NnP73Gw%KE6?zAF)hlfDk#iNGN>x%DmE)m&5m*oNH#MM%gsnNNOpDgH^_E!&I}DN z)%Hm@bTi2h49|5l$d51q#XwAsN2#rur*3*tYGQG!f^TrOU8b@^j-7pqmQ|vHlexQs zuVZ~pu6{a~K}cS3NtI89cdAi-VQH?XZ&g)ZabZ$PqIt1?Wt6_JyGdG>ev+q4N`9)J zL6}!rPNlC?V1ScrVUB5lg^#m4S7JnXwySAcR;6>Uxlxu;o?EhIv0s=)alXF3MOc z<*yHqccs2m{h8wwqy78h)!$FHd6lF;c{z1`*F7bkK(BCn_fIa}zl^&MCs$ox&l4In zb5_;N5T}^E^&NGu6<55@Yx^fIec)PIpru>UfWtBx7$WFack17CnwmAmL1gk_Wh4*%Dtpx{SWrWzT10b Q7bh>v=eqs8)=>^u0a{lu0ssI2 diff --git a/secrets/ldap/details.age b/secrets/ldap/details.age index 6198559a13ac048b128dcfc41018aa7decae93b5..8dc6419929415aaf2a254e27954af25c0f303590 100644 GIT binary patch delta 1122 zcmZ3+b((X6PQ8&~s&=?%u5VPTX=Q*%vXO6^xpAV0kw?CEd6HYMX?Ci%lYVldk5On& zK39HOMuvq`u8(<%afw$zP)L-&ez<{Sh=+D=cv_x!YF?J9S$?@kk&mT$HkYoQLUD11 zZfc5=si~o*f=NJCRDQZbl52%akz0;ml$m#$qd`Pov72RHT9A3TPg!wkSd~k$Pnx^7 zXIXx(tD&neSFv-piDzj^QevfcacX#>pR-d=y1BPWNSU!gp?{u%vx%v;X<)ixMqXy< z#E;_P;ZD9qdD@N^1*xT3&VI=TK_1~5>7_1?{=V-1#m1rerJ*H$X$FB_dB)jX9zl_z zMdra?sihH#p&l;gg~>*aj+NP-6=~txQNH>aUSUQR1%>{h8CB_%;~B-n{k6;d{LD*p zll@%X^9u8P(>>CPbG)6>!^1+uO9Bj2a?-WSb1Z#Q-2=3e8;IN|W>a zyrSH){h~7R!y_XtLn|ti+(L>Xjl4_3DkHNepJkM&kE|#Sb~Fq1Ns5d}b}p^*H8nJM zG)_+SPD-f=^oTM{53ux%a<)h}H}K@rPD!px@-7H5H1tR>bE_)JaPoFFEilMR32<{P z%dRNR@pBIJC`k{iFe*lmfYPWcC*yR5l;C1l1B2kqvY?Qx@^S-hXSe#)+(<80C(*aZ~dTLSH~cK*MJHi?~-&&&y;NA z(C|W&yvl-fbn85l3^EG>6^#8|1I_b&%#yrqaxyafGhK5N6Dv}U zP0I4KDucZ%Be~py96enMEW%v03-xo-^YWZ43@g0ztNgvQG7H>1v-1O-^OOA&eO$|u z11Fzl6t9oS_RKF%%Pca?tjbR|NG?l?GVv)lvh)hgbgB$UiOP)%cF9T(2+|MDNahL& zGK@3|@CppjH>xbma5kx`)K4{y@(;~+EH0@Ew$#t|H%m?mPEM^V1bZdkS2w*VHL*BV z!9>BnkSin8G0(`?tI(v%lS@}uSHY~z)u5t2HOV!&q}(9Mud1>n%A>fz$gwyuGtbK_ z+{4r_vC2InDZo2i+m-9xnw-oB3t!9jbXynbE!%r!Gylhg>3&wzAAMt5V6E+NsO{I{ zU(!~0JT3eBo|-(|&@<=2#0v*+wV#jr@vEQ})pX>@x*_9<7Kb`M#{{7bVL@M%_UM<&r zyPd9UPdtC{D&VBWp0&!;;wEfcYwVHMGW|jDn}W?+#`j!HcQbY~z6`l_eaQwFxx^Cp zBXd2!-0&`pH=O)x%KN!S&or|I?Znta|LmP?FU?S2ck`>gLS25*774@3%@bpn2gH@` XejTU2diPXM;mh|${#1L5xCH?KvZbF0 delta 1213 zcmX@jxr}RqPJM1xP(gNnc2-Gla$1#vQ+j|?j!V9GS%ts3hmpRKMRJ~xlXGcOW_X@s zK9{GZlR;Ubv13qrQAL@XVR(9hsYQ0ANv=goRB)Hywu365R+8)_lX$6_- z;a(+q&K72QX+?Q1?q1GCZYdf0rIkKrURBPf-o@o<{-%|FnZ==#;~B-nGu>TsilcIp z1KmRWf?RWb!V41J!@T_pObjFS^HU3aa=n7e14Deg48qH~45BKM!*V?evMN*4Qrz9W zvdl`VBGQ6f!}5&FQqxO}-O5}FqRPX=42&ZupJkM&cMtQ)%Plj^NUtghjflz#3W^A- z^3<+0G|BWbHL0@n3v~7K4R-Z#GYsX*jVMnIFDlA*4J>Ou?$Xe zb212Wj>;~K3<@aM4zfUxfYPWcC*yPlCw=`=ZNm_stPE$5l-$T%caQqCD(w>ALX%9( zU}Il%?Oazw|Iok?ll%-6-u1aGmI>aBSQ>IEh5Z9(+#|`%M1+*O)FC(vy-wzO3adr zO)6c&+>%W_e7V9*^4tQ8wLPMeBErpm!wQ{qB20sWLsR@q!hKT;%X0D~jVcSB3cK0pxh+P zqo_30shmq!S688+%-_SyJt(8nBtOy8-yo?V$s*Y(BilbHBF7^lGdD0PT;DJ~E!;Gt zKE#4c=$qx!7_)V2rFf52{JtS{LvWhMju|`NU9TxOJ#GB=iJ`@jS66)5GSer5Mk);X%PpvbZFq`TXx!W-`w2p&`UeDlq<4C&w%<>f|; z6eJ#5s+@Woz$K>gJEGMtero&rpfgP(S}8GyI@zl|_w9F`o$>A64QHkPXsz0VFBGJz zdjD>CRs1C7j+rM*WzF`oKD7|JZSyA>d)Linx$*E;*RHl*x$`HBM!U{kv8ChX?W6lo zg*%72=k7oBTZP4~|8&K|6R-Oh%-?YF`DBJg=cjIYmgVYgub diff --git a/secrets/ldap/pw.age b/secrets/ldap/pw.age index 670e8a404d6bb37d26b6f4c228dfcec644c76196..947132d338f9b91faddd2cb3c1e8b1e9ba8fee41 100644 GIT binary patch delta 944 zcmdnQ(ateJr@lPJD^EMLJTKF)#3!@VvMk##)7;#=*tHxWLJA z;z#lDuykMjVs}TUviz`+?BJ|iLvzm@pU@(+a)VO;eAm*901M-?3`di!d}mLt{76@G z?@Y%^-*AtNFb~%#^X%Zvu&m;UGHtIalMoLBBXgs&lyXO3Z_DDz@r>f(0X|_>q1j0x zd8Ou=0VWn+X+CBF`W9KmK|zK7Ri;s%m4<#MnI5L*LD?2uuHGi4=9zisCVnA4IWCqS z=8@)A=9OWo$?1Wm>838;DIS?gA$jFd73Qv!&oYYFdqxIj20D8e78`{p7F*pgub)0Q$?j&ra@Y%S6E_taZz5j zYo4=rqOWmjD7tkXNd}n(feN0MVO82;IVss?Q6_~YrGXYc!KvmE{y~vGF6Ew%DegX1 z^|_&`c}eERj>TMghDClssUbNLS-CDosXm_iC6?w+#%2M2`ECJ5VZq*}j(KLGNlsbj z=>{O{(z1f|b<>Md6N^(70yF*G6;qX|}AqEMCI#@880U4}1?F+i~z&gf08BY8J-sbER1} zYc`Y?fB3hw;wrz=vBT^sjA7a~%1Qf{{^8j2ZHJSK&(UYa(&01hSH)~zcK(0PjnsfW wC)D@na@BL>o~spfUph69dD6YJk1qKxE);gIh}xFZTP$Y0X2-kv>39DE00ov%@&Et; delta 987 zcmZqY*u*hGr`|HO*eA;)E5y$rz_~2MFtpG#wJJBsLp#GeTfeZ(t<=-B(l9JPHOR*} zo6FhMJ0!}(E7>3`%)cTc%(5y_JJ`doB+4V)#V;$}%fQv$G%2Udyuu_Rn@iVDp}06h zH#Nn`)YQ;Y!6cw6DnDJpz#^%rAjhaYBOt}KO26Da(k;a^FwG-TJJBd8z&$j>vBWhn zKR-Am$=}F;D=;|EwIn|zz~87i&&0IUwaVPX($7C!+bqW;-#j@yB{?cDtFR=+J;%*= z;z#jt7w5pr;M58W<2)npiYTvwa{oe;B+Jw=_d*wwGB?8rBVSWrZx`QUkB~?%cNb^> zM1!nI$H4GlQ&(r-qSR1V5A)Q(5T~rb$ncc(tTf;7uq@-sf=JKF@r>f(MIlugX}Q{& zd2W$@krp1w#(6$D=6)sFmfjxaDb6X$UM7w%<|!VYh0euX#UW{iQ7HkHK>>zA-r**$ z#ZJbFhUTti-um8Ng<-kc!C}e%h9Ty`<=N?z&oYYF7iE^3dL|p@xwz+sROvez2l<(J znMV2hdYkwcy8Aoj=m!;-dX$-`83vhfWhG|&`#Bfq>u309>AMse6u7vQWL5^6m4;`A zI9BB(ng)a=7i#+lh5H$x$3SURm6LJ0LY{Y7Wv+#*r*Uy`QCV7ksB3+GL||cgPEJOo zWnh`Ub5>YJXuh_qNm+2V1y`PvQ+{z-p{I*Wh)Y&lVTq-?agu3@cSvNuWtxGJcR{g# zNkCzhQ=&^&I=XcpNd}n(feMu&eklg2Zf?cdUU@}@!6qdox%s|<`pIRXKAzg? z^(8q~9;KG%Ii6fW7G)_RE}6kT<$jiFkzp=A!Il~ME+&ytF4+|!jz$q-{^7}H$zD#S z$*v&l$^&%Mi&7JdQ@K3SlQXIeiZczW(#(^x^b`HU3v!Ag@^Z{9BQ5h?b1VbA{k1bA z%L@vMi#@{2OtcHKJhYQ7vr2+oLrd$qbaizVoboG^D-2w-&5}#XGlK)&lhXV`D*`JW zBl5kI%AGt+BP&fD%Pb?yvOV*;a{nHk_b>kDs{7Zb_VwH>dV3&yL0YSd^xHPQ`Ww4h z55B6%`SoZm`@WfpLQ>%dej6I|{37vn1E){4y-%xHBs# z>g9B~Ed9yBd({?p@Frg9n#<(LI=9(unYB#eulFa?<7RDNJmuc9+Z%QH60fb|xYqY! n|KE;XmbWf{nXT>N6uk7j;ZLUro+^!*Z;Yq>e0soQSJig_;gVz< diff --git a/secrets/nextcloud/pw.age b/secrets/nextcloud/pw.age index 211565a..27aec7c 100644 --- a/secrets/nextcloud/pw.age +++ b/secrets/nextcloud/pw.age @@ -1,15 +1,16 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA GHSErc8c9vc/xRJKfYMJLayQL7HxOL8JeGoYo2h6RlI -s7kkNRo60WiIgaiml8dWe8n16T+u8T+yb4W3wwmuqjU --> ssh-ed25519 4PzZog bbecpnwp/8Si9z0pu77WKcKJm+2MB1zBmVOup6oR5UQ -DUVCb2U8z21cOnMYULXdtmkpwH3MlOuUZFgl1TvRhT0 --> ssh-ed25519 5Nd93w YHCbzauRkUdRs50+5RhRLBEvlXGsbqBNAjF/S6xBiiQ -xsCA1eICC97DvIQe2Sumb0tM0rvXgpHoWalWZjf9fMI --> ssh-ed25519 q8eJgg yhKxSY9qxfwhofkrDKUbvORm3T52/CfNtVuDYwn6DGM -G590dtERfI+O7eCTm2mycUsE5PaCUTGaNGGg4bmm1k8 --> ssh-ed25519 DVzSig 0qqpCx7UbH23wxeJJMK21E8tknH/dnFZCa2dx830fF8 -BphKZzApbyb/QRMpx8cn8Okp/G9glu0l1BdaNGFkeII --> 9w/.T-grease ^xmu\A /R-"|G ;! -pSeeYWA63jGkK0k2Fd+edOuyks/vMLbxa5eVlx7x4MiyLHiAS/K7QVpbFU0 ---- I8Og0EodMu4gqGxgeNXyA8+VeRYwfOB86mWKXLRoKg8 -}p?8vHk7 ˸/H_T_o}2>~ň A_kP \ No newline at end of file +-> ssh-ed25519 V1pwNA l6kwTOi+K4xJM87fiY6U1/QMDWY/cRe1zmTjTccBC34 +H3XZahYpUPHiXe5tR7kqPvHbu1SV0SN+Do5rOJpDQSA +-> ssh-ed25519 4PzZog rh4/KzXeYjbKlQ7on+cVREYcvwOSnXcFEeIXlk0lihk +hBGFOPk77prVzRJtNGho7To/V3BQT1jU5o8w2e+ZY8Q +-> ssh-ed25519 5Nd93w wWUVmanx5i/cCAL2a6MERW923Cz4t8OnzjHTk5LUowU ++z8Wbav+YRKxQim6iE/tukoj0F+9/hzhK+R+3u89wCk +-> ssh-ed25519 q8eJgg Pzxmo6b3JOk4AwzTjEOURofRsvjGVVhQ9B8BqA910k8 +uZGgPtcWgKHq8snOZqPRiO6uMi9V6QzasJdJWRsO3U0 +-> ssh-ed25519 YFaxCg qqIABi7lvz69HJD8raa+PsvKHUdsSgPZVngmvAJISU8 +dCaLIWXsRCOqktfOSHc9jWc+OiIwfMH7SvtqgP1myeY +-> E<-grease +oF16atWxsncF3/H9K/kz73e7f1F7JtRak/DVDH52yZDzgJKXNqqB3N6PkkFATn4I +iWjxvagG8Cft80HE6xCrvjliikmLzKkPE5Aw7cn5iddQXts17NtB04f95S5Ubg +--- o5/e5NyvpgaIjUCmIuU9NH2Qc6nUloUX1zmY+6IOCh4 + pe7[Ok:GFkFg>Xըz)JrD'/^QBF3ΊKJ- \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 25fddf0..f668c85 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -23,6 +23,7 @@ let neuromancer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7NRDOGzSO4XVEezMS/9pI3chKbOH0fw2aikLRvea2P root@neuromancer"; skynet = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAIFPXJswth8H1k8+zrg8vCnPkfG1hIIa3wR9DBmjpB5 root@skynet"; earth = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMpvgQcvK7iAm0QrIp5qSvUJzDhOrSBN9MJn9JUSI31I root@earth"; + cadie = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIACcwg27wzzFVvzuTytcnzRmCfGkhULwlHJA/3BeVtgf root@cadie"; systems = [ agentjones @@ -37,6 +38,7 @@ let neuromancer skynet earth + cadie ]; dns = [ @@ -77,7 +79,8 @@ let ] # ldap servers are web facing ++ ldap - ++ gitlab; + ++ gitlab + ++ nextcloud; restic = [ neuromancer @@ -88,7 +91,7 @@ let ]; nextcloud = [ - optimus + cadie ]; in { # nix run github:ryantm/agenix -- -e secret1.age diff --git a/secrets/stream_ulfm.age b/secrets/stream_ulfm.age index ca344073cd9f42e28f3586522faf6624e449a102..6db5779d069c2e3f340277019ceb6b3c6f417fba 100644 GIT binary patch delta 2931 zcmZ1|zFT~PPQ8h@zOjXme_)Dxc!ryCWm159ZmvaTnn{J1frpz>RYqZEW_pB^PriG( zD_446wr^pXK}o1bSW#wjSb(pkzeTQ5RIb0Jg`aDdX@-YkNl95^QBHbtB$uw8LUD11 zZfc5=si~o*f=NJCRDQaGi;1g$j)9?jgp;dhNQ6mws9Ru=c1~uMb7fGPd8TVxnOm8k zfoYMqo4H{+SFT5Kj*m-fRIYQ8S!hz2o4Z?DX=;9&pK(-anv+vdphtyIM5KjrSZ+b~ z#E;_P-ls$QKl{xQ7(~*rhX+!`bo*DAyFoi;~B-nv%{UeJ-y9~ zlahjyGxd#4Dn0!I{ln4%145HR-5kS;4E+=Hf<1CdEe(pf0-P&y%MvXOBAtCrD_x9y zEGt7wD#KI!0^Q59Qd6_TGCVR9Q+!h0wJnn;pJf!UPmXYP^eYVUs*G|EHnB8IE-ZD< z3{Ca-%}pvYDl79a%&D;O^ESz=D5}Wj$}R8+NzIJ#vB-9}@N*8z3r;n(2yizK_YM#C zG_W+yj`Y`$DlASZjdXPd#ei#yZhBE_VsWZMU`|+GdajjikK}1P_ zxpuuvo~c=GVWfpefs3}Ak6&n}qh+w8cClNksbywSiN2>-l%s!QvA@5OXLwGSqgi2~ zxwes$mz#fxC0Au|ZkfKHS7fSllv6;mK~zwHYjLngRC=*rX|_{lL2#;Jl#5rGVHlUL zuC79EQC?1xlW(G7Xhcd#Zb4eAlX199dQQD|PO5vlZ@Gz~wo|Hyxre8ZXQTy}#@*NZ z+FO?W%QT9=@C*r9ZhVjW5OOKox(_lCUYv~8c=N!qqs>(@-jGNZG9ouZG`XLg9Gw5EUj_aRy zp3*FMzuo_@-dVwk*URglT;{#OWV%IPW?@9^${j{mn7j^rJj(H%y>s6Mmu;t+jSbyx zw(FdFvs1}GM`!l$Dx3LDi+Q@emkIjH#c3NSY+NE$V0rxCraM`l)rG4%ZGT*;U!r`* z`o=fu0I^kp>o=;OD^%@WkgHj>-Q-Bgr|x*`qL*xY=KPv;q-w*Vq?H?04C{?GcUd2r zT45yGIC(Qq!mt19Y@TO{JXA6G8REEc((2%ubNXLTS#!AOf$Qv#$sg73-Y=eBp_Ee0 zvD^D|-tR|>b+g!bCPl68jNM)H0WIrc7dZocs+VwW$ot*GDn z4u`f|U3yWakEVxnFR*{V>t^(;RkG)2iO##$n_FxAK)BwvvSgC)D&xg0cH6Y)F_;^= zzs+xvTp#AK)=X%j;F(Etmu+d}xtnqM(|0>#(G2lbr>|!np6=mxWq(@IT$AVn&sQpl z+&ZsOzgAY%WrnV6H+Q5=i|@q6vWv=#Oh3zfFik1QsWWR4EcC9HIQT5n^2IXA16v$9 zJ5GkV@BGd=)%ek2KI`v?zg@6=nD*&}Ihgx&R-y=KkU>xY7W zE&cWTZtju$+QEWH7MRvwmO4BCZTaf^PPOV+=NElns&`c+Kzqv>t;TmVrtXej$o`$} zAzzNwq>#S{eij8S4(M`Rrl`X=yRoih*}8|*Vn3uiq`vs&eNAQOBzaq=?(mY33kC{F zR}yBob}R2;5qdpkh3Jc}w|jYh>e|oS`p-dHBTLAm>_Wr;-Rv@d>_1*Oy{>-ykK*dy zqZ-#TteS;?Jg;}1emU)(z1l3-1>zl^p?hl63hsEM&#ifGedy6znPRz;xB5rsZOJpq zoBFFjP=zm3`$DFX!u$S-SuyYQo7PuHy!vrmJd5qcuVsI4Y|awdar2>PxZxr1fT^W- zF6OPDb9cQ%w&I^#$7f8mTs7jjPM%O}p6XB}VM z&7RzS(K2Iq^M36YDT}L`zxYOo%2@u|@$q((OET#xE9o@;hGQ>Ck|aZbjwF1pd1} z=T)y^y}_E`6CN{v_3(W2IZ(;!B=syIX5R96+XouQ8?86rxVWeK-bcQV3!c7L4Zjh) zsKD{(%~t3A=hn#UEbFW0dZZ8(Ci8CX93K`rj#&Psp;D6eebp1>w?55{^}oc>GlMP$F1bTVs3a5<~9xH5qGH zZ%EAw>B>2ix!v!z=JD^5-`fklkL>??vgpVahl7FZ>tdK0Or(D`oVoeVOqs1*+bu=h zQr|bj=(Ule5Oc*enRopf`!6wQsn-8X*mKV7t>mrz4}X7b+qOhCjO}jfZqs#Jr}-Y6 zs?TO+?O6Bg&uyc_r{yzR_Qy!ae$Llx*SvU5{^<0DC+{{H@U{P~{qgndBFhHhbyeGi zIoq~v&6GcU?DFHv7uOy-a%c#}9rLjl)$jck?Vz#rOoD8r=^=LwlbOM{esu0pye}s> zy*|voTxC(MAWLaM!;J*Rw@XDTi@MfnzR#ZirPEE{ zsA#*~ay3IikDOO?T&83OF8si&KP&9Nr%F|%!m3P}Kdj4g>&_~^U-8vXuIBaaAeKe{ tc8Z^UD;2v)Wc`U(EHl@t9h@6pn7>t1X#IsVYa(`UtzOmhjA?CWA^_k(HS7QY delta 2905 zcmdljzEFIEPQAIgL58_su3Mmwv7>udLAZZ%zPo#tVTe(AlzEk5q^Vm~VMw7*m5YIa zBbRANxnZuhX`ps?YE^1waiF8IXQpGBabA9rld)5|SDJHaaX?67v2m80BbTn7LUD11 zZfc5=si~o*f=NJCRDQZbs!MTUak6EGS(Lw{SEz5Ui<@I{QGQ;yWq^5jNNTR1Z-{e_ zS&6wphI3^$SB_yowsB%md1XbBN4|GOUS+stk%3c&qp_i{t7CassBdJcQywi(I zN=%Ikjm$jL44i$Pi<44ZokO+#y^HemgGdWC_puTOHBS7vxQ7q`;OG@p8Y-N(}HD_S31iTk2sR5t%ZOl*KnhuHc@ zhKn}VrQV!SuKMce*SzO?z9(iCi{yzv*l}9nF%$3P%DvrEJTk|_+@3!A%9a*v=rJ!u z)jY&4VlkHr*Shz@37_T2PK%Qo%)?dSPuo#U+V-WyI; z(>h%xx|htg-0Wna-6m12cH2#3x`1~`gVD6Q_It6pHTK$^+74&Pp-=R^)>p}8F9mD z&-c)s8EYaOb!Y7Tvvs%2_O{PLQBPAuc}=D--8^H>wuBQA(}EURmDNag3hsC!b#{L0 z@s#&hx1?}7YItT{DLx&Y?;WJ|!nx#(?2Y4zbuoEiFBtU}i(h}mzt8cable;NXsF8Q`pBzLKqzW>>C?ehg&L-mT1#ML#zPj|C8 zp4hGUPDFghpMuv1?ZYoUn0s}%epRRS8?oKxua+C!4(?Q#vdedy`&u8)HM{EX-DsG*gd3*8a zvCdBBLlbX{9^0qq9AvirFRRqu^On+YC)by^b{@4_D6!9^_vxy@|P?9HJ9VR zmvTqt-1dG3+uio3YpT|4>0JKMBPKd!yUukr#gidvr+2Rm_Xl8GYMwutB0iz!(@fK2NuLemx<7mCz83yEB`dO5!`JnYPKNVOU0v6+%t?Je z8eXv6PnW%BCw1Rq&dbP5)xwY5XIRXyu3h=$`oz`YTodogtQ46m==-M5r^>@s`$bC5 zM2RGweihEn=erCir6l^aE|i{T&hylDsm$(U5340VyuMK%-4WFEf+ON_rl0?`wl({9 zrKcApF#0nV?pN+Hu4tHeC&xX5Pa=~?MeJSQyCakGm&mWX^`|CY|D~{6S?xhncFvDe zdtJirv`-7$9@yU@*Vxt-wJNs5Cuzb~gLl4a?b3?>Bd@c~o>v*1*0R?*-G15oEv|Jc zA46C7%J0AV)Ggvr{mDO+&=x}T=}i*a%AssnV_a|T$@KtN^UZ53r92a z$EXFyFWdg-6hCnL$rax$x^1dL`RfCs{qfEvUn+u&9{6wQ*NiljoUq2fvAUY$)ro5* z#TRc*58tF>Y^J$vN1I}hCilO&wqNQi3oi!ym9Ve0R&IJbY0)jY7rUliP=B|>@zskd z(h8=Y-AvJfc7f-8-ORXsrhoHV1D8wu z)?ynbu^(YGxD~fOF=wI6(GOR$?q;rFSdtuDli_vB8`yBje_qJh8$kq5@ z`BmGytJ%L_=UKOH>$2Fzm#>^IwqShmSIg2|llAuO{(5WYSv5U>CnjdUyA*%WjJqf7 z`yv&OqX8Y~Sd&g|=sux$hw-0PjQ3%Ktq-*(S=;eBG1v*dyby1HJneg0?$+EinQFlX z$BVW34o6<71f+=GzW?5I$`oHK{XdzuOlGPva-Q2yiFbUrVPDIu@%_es&%O_Hrrx+A z_D?I2eg6_+fmhe+I~ey$u)HolrSW8Qipk&YUB4hT-YfpNVTN?79P``cE90 z$e5ayqq45|sq_I3KAZgC6+dIIu?X6;Jld@+nIpTZ@bew#?9>-Py<(=NPSeMMzSSnq-4PJvZZ*Lr<{^Q%8Qy-Ph~ltH~E}WRA%QQ$!kA6T|~;cUNMAmSU0)n)Rk^r-4$YXWQBQX zOc*nt>>9t{bJR||eO){E7NbIp?w@;X)BFQws`@#;?^tn!A*+0cm6Z8^JJbEQZk2~V zO5j}f{B7D|)vU1i>)ji}8+U7H8q^1GWcar#&eZV|pU=shYoQxe`i{gaOuV>>HErkC zsZY+Dwev5pL(Be5Kw<51ddjycl#k^ z8K%IbTKfON8dIscH)RioJ=2d{cK6}ju)@c&%9kzX%-Fag?UJPE>16Ko*{p7}*4)@! z@9@oG!S7?iFDo<(U2Wc}Mr(Y09e1=#x=m(^@svkmo963Jf97afl^?y1QLfyvk$oDY zk@8*JGm=dXSP8EQey%I^Ufb)Xp>wNr*|$B_28QZ| zTV3q$HXCeBcz$ntHoMp9iD#F8UvBk$$(w6}o5ceTCv)68y1BN8o%ht?;KOG-wrT4B z=R3OZn}&7PzV*6ueJ2a19-F^{$M2hJT)Eyu)tKhPQH<}*jK7vTng}>$M QG-UI1H!Wsj&%fmX0F3i9w*UYD From 211050fc27e0bf6a6d147b423886a676429fb355 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 25 Oct 2023 19:31:37 +0100 Subject: [PATCH 160/826] feat: updated the itd csv --- ITD_Firewall.csv | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ITD_Firewall.csv b/ITD_Firewall.csv index 8e256af..510e7d7 100644 --- a/ITD_Firewall.csv +++ b/ITD_Firewall.csv @@ -11,4 +11,5 @@ SKYNET00009,gir,193.1.99.76,gir/mail,80/443 25/143/993/587/465,"",i23-06-19_525/ SKYNET00010,wheatly,193.1.99.78,wheatly,"","","",Gitlab Runner SKYNET00011,skynet_internal,193.1.99.79,skynet/skynet.int,80/443,"",i23-06-19_525,"Skynet server, Temp until I can get the DMZ setup properly on my end" SKYNET00012,skynet_dmz,193.1.96.165,skynet,22 80/443,"",i23-06-30_024,Skynet server. -SKYNET00013,neuromancer,193.1.99.80,neuromancer,"","","",Local Backup Server \ No newline at end of file +SKYNET00013,neuromancer,193.1.99.80,neuromancer,"","","",Local Backup Server +SKYNET00014,cadie,193.1.99.77,cadie,"","80/443","","Services VM, has nextcloud to start with" \ No newline at end of file From df46133fca556fe2aaed5a6c15936a2467377f95 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Wed, 25 Oct 2023 23:51:13 +0000 Subject: [PATCH 161/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 03302db..abb24bb 100644 --- a/flake.lock +++ b/flake.lock @@ -679,11 +679,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1698255058, - "narHash": "sha256-qtvTnfL0XXZWA+I14D9eRL9Ir2G6WhIkRSiRV7GOfdw=", + "lastModified": 1698277514, + "narHash": "sha256-5iLOac+X6dNRU+2RZAnJ+5wwjXYmrVxMWZ6RtTNqQkE=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Fbackend", - "rev": "20d79e427afa460b13ef7d986d5d351548a5c91e", + "rev": "5267c588c42cb2bd6d3916ecec63056ac8e4aba3", "type": "gitlab" }, "original": { From f2811f2e040efa784d8abf2e7b79b93172427a63 Mon Sep 17 00:00:00 2001 From: daragh Date: Thu, 26 Oct 2023 01:02:39 +0100 Subject: [PATCH 162/826] fix : added certs for k9 mail related subdomains related to #33 --- applications/acme.nix | 28 ++++++++++++++++++++-------- applications/email.nix | 6 ++++-- 2 files changed, 24 insertions(+), 10 deletions(-) diff --git a/applications/acme.nix b/applications/acme.nix index 435715b..518c5d2 100644 --- a/applications/acme.nix +++ b/applications/acme.nix @@ -9,16 +9,24 @@ with lib; let in { imports = []; - options.skynet_acme = { - domains = lib.mkOption { - default = []; - type = lib.types.listOf lib.types.str; - description = '' - A list of domains to use for this server. - ''; + options = { + skynet_acme = { + domains = lib.mkOption { + default = []; + type = lib.types.listOf lib.types.str; + description = '' + A list of domains to use for this server. + ''; + }; + domains_mail = lib.mkOption { + default = []; + type = lib.types.listOf lib.types.str; + description = '' + A list of domains to use for the mailserver. + ''; + }; }; }; - config = { # group that will own the certificates users.groups.acme = {}; @@ -41,6 +49,10 @@ in { domain = "skynet.ie"; extraDomainNames = cfg.domains; }; + "mail" = { + domain = "mail.skynet.ie"; + extraDomainNames = cfg.domains_mail; + }; }; }; }; diff --git a/applications/email.nix b/applications/email.nix index 05ee8d0..5963fc5 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -208,8 +208,10 @@ in { age.secrets.ldap_pw.file = ../secrets/ldap/pw.age; - skynet_acme.domains = [ - "${cfg.sub}.${cfg.domain}" + skynet_acme.domains_mail = [ + "imap.skynet.ie" + "pop3.skynet.ie" + "smtp.skynet.ie" ]; # set up dns record for it From 64d1054067d940fb88bc802a19ed6aec1a1392bd Mon Sep 17 00:00:00 2001 From: daragh Date: Thu, 26 Oct 2023 01:13:59 +0100 Subject: [PATCH 163/826] fix : switched email ACMEHost to mail --- applications/email.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/email.nix b/applications/email.nix index 5963fc5..683d7ca 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -309,7 +309,7 @@ in { services.nginx.virtualHosts = { "${cfg.sub}.${cfg.domain}" = { forceSSL = true; - useACMEHost = "skynet"; + useACMEHost = "mail"; # override the inbuilt nginx config enableACME = false; serverName = "${cfg.sub}.${cfg.domain}"; From eebf1845cb9816983faf0a4996ecc0893c736147 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 26 Oct 2023 02:30:42 +0100 Subject: [PATCH 164/826] email: unfortunately undoes some of the work @esy did but I think this will work #33 --- applications/acme.nix | 11 ------ applications/email.nix | 88 ++++++++++++++++++++++++++++++++++-------- 2 files changed, 72 insertions(+), 27 deletions(-) diff --git a/applications/acme.nix b/applications/acme.nix index 518c5d2..b4761f7 100644 --- a/applications/acme.nix +++ b/applications/acme.nix @@ -18,13 +18,6 @@ in { A list of domains to use for this server. ''; }; - domains_mail = lib.mkOption { - default = []; - type = lib.types.listOf lib.types.str; - description = '' - A list of domains to use for the mailserver. - ''; - }; }; }; config = { @@ -49,10 +42,6 @@ in { domain = "skynet.ie"; extraDomainNames = cfg.domains; }; - "mail" = { - domain = "mail.skynet.ie"; - extraDomainNames = cfg.domains_mail; - }; }; }; }; diff --git a/applications/email.nix b/applications/email.nix index 683d7ca..1ea0830 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -208,11 +208,78 @@ in { age.secrets.ldap_pw.file = ../secrets/ldap/pw.age; - skynet_acme.domains_mail = [ - "imap.skynet.ie" - "pop3.skynet.ie" - "smtp.skynet.ie" - ]; + security.acme.certs = { + "mail" = { + domain = "mail.skynet.ie"; + extraDomainNames = [ + "imap.skynet.ie" + "pop3.skynet.ie" + "smtp.skynet.ie" + ]; + }; + + "imap" = { + domain = "imap.skynet.ie"; + extraDomainNames = [ + "mail.skynet.ie" + "pop3.skynet.ie" + "smtp.skynet.ie" + ]; + }; + + "pop3" = { + domain = "pop3.skynet.ie"; + extraDomainNames = [ + "imap.skynet.ie" + "mail.skynet.ie" + "smtp.skynet.ie" + ]; + }; + + "smtp" = { + domain = "smtp.skynet.ie"; + extraDomainNames = [ + "imap.skynet.ie" + "pop3.skynet.ie" + "mail.skynet.ie" + ]; + }; + }; + + # to provide the certs + services.nginx.virtualHosts = { + "mail.skynet.ie" = { + forceSSL = true; + useACMEHost = "mail"; + # override the inbuilt nginx config + enableACME = false; + serverName = "mail.skynet.ie"; + }; + + "imap.skynet.ie" = { + forceSSL = true; + useACMEHost = "imap"; + # override the inbuilt nginx config + enableACME = false; + serverName = "imap.skynet.ie"; + }; + + "pop3.skynet.ie" = { + forceSSL = true; + useACMEHost = "pop3"; + # override the inbuilt nginx config + enableACME = false; + serverName = "pop3.skynet.ie"; + }; + + "smtp.skynet.ie" = { + forceSSL = true; + useACMEHost = "smtp"; + # override the inbuilt nginx config + enableACME = false; + serverName = "smtp.skynet.ie"; + }; + }; # set up dns record for it skynet_dns.records = [ @@ -305,17 +372,6 @@ in { } ]; - # to provide the certs - services.nginx.virtualHosts = { - "${cfg.sub}.${cfg.domain}" = { - forceSSL = true; - useACMEHost = "mail"; - # override the inbuilt nginx config - enableACME = false; - serverName = "${cfg.sub}.${cfg.domain}"; - }; - }; - #https://nixos-mailserver.readthedocs.io/en/latest/add-roundcube.html users.groups.nginx = {}; users.groups.roundcube = {}; From 011bc91795929d3fba676b0f4afb88fab9410b6f Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 26 Oct 2023 17:38:15 +0100 Subject: [PATCH 165/826] nextcloud: switch over to using postgresql --- applications/nextcloud.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/applications/nextcloud.nix b/applications/nextcloud.nix index 8b85073..bb3ed09 100644 --- a/applications/nextcloud.nix +++ b/applications/nextcloud.nix @@ -74,7 +74,10 @@ in { hostName = domain; https = true; + database.createLocally = true; config = { + dbtype = "pgsql"; + defaultPhoneRegion = "IE"; trustedProxies = ["193.1.99.65"]; adminpassFile = config.age.secrets.nextcloud_admin_pass.path; }; From b1c679c73f9b03fc2864d797c1adfbfb15cdbc9a Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 26 Oct 2023 17:38:32 +0100 Subject: [PATCH 166/826] nextcloud: use redis for caching --- applications/nextcloud.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/applications/nextcloud.nix b/applications/nextcloud.nix index bb3ed09..d0f6607 100644 --- a/applications/nextcloud.nix +++ b/applications/nextcloud.nix @@ -74,6 +74,8 @@ in { hostName = domain; https = true; + configureRedis = true; + database.createLocally = true; config = { dbtype = "pgsql"; From 1dc8e1109d7540911b24155dedfcc3dbba1eaee5 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 27 Oct 2023 01:54:41 +0100 Subject: [PATCH 167/826] feat: added onlyoffice --- applications/nextcloud.nix | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/applications/nextcloud.nix b/applications/nextcloud.nix index d0f6607..76c0b26 100644 --- a/applications/nextcloud.nix +++ b/applications/nextcloud.nix @@ -56,6 +56,7 @@ in { skynet_acme.domains = [ domain + "onlyoffice.${domain}" ]; skynet_dns.records = [ @@ -64,6 +65,11 @@ in { r_type = "CNAME"; value = cfg.host.name; } + { + record = "onlyoffice.${cfg.domain.sub}"; + r_type = "CNAME"; + value = cfg.host.name; + } ]; # /var/lib/nextcloud/data @@ -94,9 +100,21 @@ in { }; }; - services.nginx.virtualHosts.${domain} = { - forceSSL = true; - useACMEHost = "skynet"; + nixpkgs.config.allowUnfree = true; + services.onlyoffice = { + enable = true; + }; + + services.nginx.virtualHosts = { + ${domain} = { + forceSSL = true; + useACMEHost = "skynet"; + }; + "onlyoffice.${domain}" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/".proxyPass = "http://127.0.0.1:8000"; + }; }; }; } From feb492c0c781b5ed7bd78081ded8f7a9c1287d04 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 27 Oct 2023 02:25:21 +0100 Subject: [PATCH 168/826] feat: prep for wolves api --- secrets/secrets.nix | 3 +++ secrets/wolves/details.age | Bin 0 -> 1221 bytes 2 files changed, 3 insertions(+) create mode 100644 secrets/wolves/details.age diff --git a/secrets/secrets.nix b/secrets/secrets.nix index f668c85..385da2c 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -130,4 +130,7 @@ in { # nextcloud "nextcloud/pw.age".publicKeys = users ++ nextcloud; + + # handles pulling in data from teh wolves api + "wolves/details.age".publicKeys = users ++ ldap ++ discord; } diff --git a/secrets/wolves/details.age b/secrets/wolves/details.age new file mode 100644 index 0000000000000000000000000000000000000000..4274de6ed5a1b9596acc277644e7a52641a2f1c4 GIT binary patch literal 1221 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5wA*^iL~G zN-@gucPcFjDb8>;b2BN)Fo<+9b@eSacXTVxD=8}q@GCPnbmj6%EJ!ab&P`4V&ZsPN z^sG$uh)i)Uige2~40MU`^-A-~^9grMDfbQ0&qlY+B%mrPKV2cr$=oce(mx~EBEU7g z%p4-IL2TFEuB`Pd^~2G&RYz*dX25s4Uwv zH>E7Mz{SHcxWGNr+b<&{JlD+IBN^Q`Q@<2T<8p;^BaigJ5=#@yqVUA1(sYlY(Ckca z?F!%Q#IPXuaK|FokZdRSv~cH&bXTrI=d`rQ!eo~;OIJ5b_p02?GI!(haMM8FATM7p zQ-idykmRU{$go_4;6QZS3N2E-($f`^ll;>QES*csQZtegeM<9F^<7=Uid?hO0zLda z^G$+M3{z9mEzHs@jIy~*vfR=v3;ffPJu?l`vqF6JvophkeJV}dLvjPcb8^eGf-8#r zazY|X5*^WP^Q?08Ep$}y_Vaa5&q?)3PK|POcB%;SC~$LeG$}3#vnDS?HTtR0LENr)5_;dFMJ66bAZ4=0#+LT9k)5Ct;*XXh;T`6?+yshq@$YS(vAp z_@;QdW}BK66-VS3IC|xqrAFzyI~(MATZC7-7IS47L?nhp=9`E56;|c>rDa-H8s{We zSrmpj8d_vI6_q7wy9OEgxMw5=hJySSZ={=El$uzas-SG-q~Pck5}0n|s*n|Co#s%Y zP~)d##1-UbS(K$6;#gUlV^HPe8{lVYR&MHQR%lq9A5vCOWRhhP8ew5p~(J8VkYmC3w?eNGqzvW_HK6(Djl25ab`L4LjQJJ*aykhf| zmc;d$ul~fE9Xzfu33pG8~G1=z|pKXaP4Lm$?aZ6r++?v!q09v}DKmY&$ literal 0 HcmV?d00001 From a305a1f7444dba90c00276a190b9c78b3a42d33b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 27 Oct 2023 02:49:59 +0100 Subject: [PATCH 169/826] feat: enabled the new wolves api for the backend --- applications/ldap/backend.nix | 2 ++ flake.lock | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/applications/ldap/backend.nix b/applications/ldap/backend.nix index d9aee37..8ff11bc 100644 --- a/applications/ldap/backend.nix +++ b/applications/ldap/backend.nix @@ -54,6 +54,7 @@ in { age.secrets.ldap_details.file = ../../secrets/ldap/details.age; age.secrets.ldap_discord.file = ../../secrets/discord/ldap.age; age.secrets.ldap_mail.file = ../../secrets/email/details.age; + age.secrets.ldap_wolves.file = ../../secrets/wolves/details.age; skynet_acme.domains = [ "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" @@ -88,6 +89,7 @@ in { ldap = config.age.secrets.ldap_details.path; discord = config.age.secrets.ldap_discord.path; mail = config.age.secrets.ldap_mail.path; + wolves = config.age.secrets.ldap_wolves.path; }; host_port = "127.0.0.1:${port_backend}"; diff --git a/flake.lock b/flake.lock index abb24bb..36dde97 100644 --- a/flake.lock +++ b/flake.lock @@ -679,11 +679,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1698277514, - "narHash": "sha256-5iLOac+X6dNRU+2RZAnJ+5wwjXYmrVxMWZ6RtTNqQkE=", + "lastModified": 1698371018, + "narHash": "sha256-MazOexDIALnLUEVUYH2jYCBXae87RWMv4LTpgkfjYDQ=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Fbackend", - "rev": "5267c588c42cb2bd6d3916ecec63056ac8e4aba3", + "rev": "d634806808d322a42c0c690d6ba484168f9458a9", "type": "gitlab" }, "original": { From 8a37a3c42e429565d87037ac854bf11a59223c43 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 27 Oct 2023 02:50:40 +0100 Subject: [PATCH 170/826] fix: little bit of a cleanup --- applications/ldap/backend.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/applications/ldap/backend.nix b/applications/ldap/backend.nix index 8ff11bc..3903198 100644 --- a/applications/ldap/backend.nix +++ b/applications/ldap/backend.nix @@ -72,10 +72,6 @@ in { forceSSL = true; useACMEHost = "skynet"; locations."/".proxyPass = "http://localhost:${port_backend}"; - - # extraConfig = '' - # add_header Access-Control-Allow-Origin "https://account.${cfg.domain.base}.${cfg.domain.tld}"; - # ''; extraConfig = '' add_header Access-Control-Allow-Origin "*"; ''; From 2a6e63fcea3891d8ca17d20128e848b6aca31a63 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 27 Oct 2023 03:01:23 +0100 Subject: [PATCH 171/826] feat: updated teh discord bot to teh new api --- applications/discord.nix | 2 ++ flake.lock | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/applications/discord.nix b/applications/discord.nix index 50287d9..a4b08a4 100644 --- a/applications/discord.nix +++ b/applications/discord.nix @@ -22,6 +22,7 @@ in { age.secrets.discord_token.file = ../secrets/discord/token.age; age.secrets.discord_ldap.file = ../secrets/discord/ldap.age; age.secrets.discord_mail.file = ../secrets/email/details.age; + age.secrets.discord_wolves.file = ../secrets/wolves/details.age; services.skynet_discord_bot = { enable = true; @@ -30,6 +31,7 @@ in { discord = config.age.secrets.discord_token.path; ldap = config.age.secrets.discord_ldap.path; mail = config.age.secrets.discord_mail.path; + wolves = config.age.secrets.discord_wolves.path; }; discord.server = "689189992417067052"; diff --git a/flake.lock b/flake.lock index 36dde97..4a16d95 100644 --- a/flake.lock +++ b/flake.lock @@ -657,11 +657,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1698165887, - "narHash": "sha256-eHmW39g6m+OlgAqPkRL4FKGKEkD/Ot/+OYGatDZxg3M=", + "lastModified": 1698371462, + "narHash": "sha256-eoLktDisUL5Z4Xzg3UtfrRuXxdmQnex+vmmPMrc2pP0=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "4125ad634f7b83a026784301c0088f09521330f5", + "rev": "b228c4a061318ed5d6dc91aaad408d53b1159289", "type": "gitlab" }, "original": { From 8e1eb5c192438474d4af3630a9b9b9c5477cc5e6 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 27 Oct 2023 03:04:41 +0100 Subject: [PATCH 172/826] fix: using a slightly newer build that has a better db structure --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 4a16d95..cdd85b1 100644 --- a/flake.lock +++ b/flake.lock @@ -679,11 +679,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1698371018, - "narHash": "sha256-MazOexDIALnLUEVUYH2jYCBXae87RWMv4LTpgkfjYDQ=", + "lastModified": 1698372051, + "narHash": "sha256-D4zTo6QJFq2tC6cEbyLJIRbvesXUCnuxQr271SnxTlM=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Fbackend", - "rev": "d634806808d322a42c0c690d6ba484168f9458a9", + "rev": "2b86fa58e4f48b537b97f202f241561ae853b8f5", "type": "gitlab" }, "original": { From 9c90aa856a24c6b9c82cafef329d6636a4a13152 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 27 Oct 2023 03:12:51 +0100 Subject: [PATCH 173/826] ci: move the linter to be before the build so that if its wrong it will fail faster --- .gitlab-ci.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 586b3c5..86bd5ec 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -81,6 +81,12 @@ update: - machines/**/* - secrets/**/* +linter: + <<: *builder + stage: test + script: + - nix --extra-experimental-features 'nix-command flakes' fmt -- --check . + build: <<: *builder stage: test @@ -91,12 +97,6 @@ build: - colmena build --on @active-ext - colmena build --on @active-gitlab -linter: - <<: *builder - stage: test - script: - - nix --extra-experimental-features 'nix-command flakes' fmt -- --check . - # dns always has to be deployed first deploy_dns: <<: *builder From f42b5a6359ba839beb9474c5a3515e5475593307 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 27 Oct 2023 08:59:09 +0100 Subject: [PATCH 174/826] ITD: updated matrix --- ITD_Firewall.csv | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ITD_Firewall.csv b/ITD_Firewall.csv index 9e8dbb3..e187732 100644 --- a/ITD_Firewall.csv +++ b/ITD_Firewall.csv @@ -5,11 +5,11 @@ SKYNET00003,jarvis,193.1.99.73,jarvis,"","","",VM Host SKYNET00004,vigil,193.1.99.109,vigil/ns2,53,"","",DNS Nameserver 2 SKYNET00005,galatea,193.1.99.111,galatea/stream,80/443 8000,"","",ULFM Radio SKYNET00006,optimus,193.1.99.112,optimus/games/*.games,80/443 25565,"","",Games server -SKYNET00007,kitt,193.1.99.74,kitt/account/api.account,"",80/443,i23-07-28_010,LDAP and Self-Service Password/Account management +SKYNET00007,kitt,193.1.99.74,kitt/account/api.account,443,"",i23-07-28_010,"LDAP and Self-Service Password/Account management, also hosts our Discord bot" SKYNET00008,glados,193.1.99.75,glados/gitlab/*.pages.gitlab,80/443,2222,i23-05-18_249,Gitlab server SKYNET00009,gir,193.1.99.76,gir/mail/imap/pop3/smtp,80/443 25/143/993/587/465,"",i23-06-19_525/i23-06-19_525,Email and Webmail SKYNET00010,wheatly,193.1.99.78,wheatly,"","","",Gitlab Runner SKYNET00011,earth,193.1.99.79,earth,80/443,"",i23-06-19_525,Offical website host -SKYNET00012,skynet,193.1.96.165,skynet,22 80/443,"",i23-06-30_024,Skynet server. (DMZ) +SKYNET00012,skynet,193.1.96.165,skynet/*.users,22 80/443,"",i23-06-30_024,Skynet server. (DMZ) SKYNET00013,neuromancer,193.1.99.80,neuromancer,"","","",Local Backup Server -SKYNET00014,cadie,193.1.99.77,cadie,"","80/443","","Services VM, has nextcloud to start with" \ No newline at end of file +SKYNET00014,cadie,193.1.99.77,cadie/nextcloud/onlyoffice.nextcloud,"","80/443",i23-10-27_014,"Services VM, has nextcloud to start with" \ No newline at end of file From 4554055518634b5cc03beea5a3c459b740f2e485 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Fri, 27 Oct 2023 10:26:15 +0000 Subject: [PATCH 175/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index cdd85b1..0945d63 100644 --- a/flake.lock +++ b/flake.lock @@ -679,11 +679,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1698372051, - "narHash": "sha256-D4zTo6QJFq2tC6cEbyLJIRbvesXUCnuxQr271SnxTlM=", + "lastModified": 1698401843, + "narHash": "sha256-T1hgXVbDacld9+7of++ikUj1MJeUedq0GfGWiMOYD+Q=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Fbackend", - "rev": "2b86fa58e4f48b537b97f202f241561ae853b8f5", + "rev": "ee88cbeb55ea9603323a4a4d4d9b18b9af4e2462", "type": "gitlab" }, "original": { From 18086dfba244534992ee3f8ff39d16320ed36a58 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Fri, 27 Oct 2023 10:44:26 +0000 Subject: [PATCH 176/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 0945d63..d7eaeaf 100644 --- a/flake.lock +++ b/flake.lock @@ -679,11 +679,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1698401843, - "narHash": "sha256-T1hgXVbDacld9+7of++ikUj1MJeUedq0GfGWiMOYD+Q=", + "lastModified": 1698402997, + "narHash": "sha256-ooyUA9oBoQxNxYr+xXg5zvLQrjl0+jah1AIX3xoBXf4=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Fbackend", - "rev": "ee88cbeb55ea9603323a4a4d4d9b18b9af4e2462", + "rev": "b0bc6f35c2afd9f545d618a4a092e4efdea25299", "type": "gitlab" }, "original": { From 4235084eab1ea9a6746379e5051699e4b8ce7fbb Mon Sep 17 00:00:00 2001 From: runner_nix Date: Fri, 27 Oct 2023 11:07:14 +0000 Subject: [PATCH 177/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index d7eaeaf..79c1825 100644 --- a/flake.lock +++ b/flake.lock @@ -657,11 +657,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1698371462, - "narHash": "sha256-eoLktDisUL5Z4Xzg3UtfrRuXxdmQnex+vmmPMrc2pP0=", + "lastModified": 1698404034, + "narHash": "sha256-9wdSzquwHFjtkvIDKNMPTI0Ll7f0ZxchToxhQWOCZ2k=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "b228c4a061318ed5d6dc91aaad408d53b1159289", + "rev": "432dd0e4a0a1697ae9911a90f249b36727828ce5", "type": "gitlab" }, "original": { From ac375549d403762323ffb1f30babca47c502f88e Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 27 Oct 2023 12:48:31 +0100 Subject: [PATCH 178/826] committee: added kronsy --- config/users.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/config/users.nix b/config/users.nix index 21ef7a8..96fd572 100644 --- a/config/users.nix +++ b/config/users.nix @@ -49,6 +49,7 @@ in { "pine" "nanda" "sourabh1805" + "kronsy" ]; lifetime = []; banned = []; From 00d3783919a19e143ecebe89a1740ee9a5775ef6 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 28 Oct 2023 04:33:49 +0100 Subject: [PATCH 179/826] doc: add documentation line for future reference --- applications/email.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/applications/email.nix b/applications/email.nix index 1ea0830..6ad7770 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -96,6 +96,7 @@ with lib; let ]; configFile = + # https://doc.dovecot.org/configuration_manual/sieve/examples/#plus-addressed-mail-filtering pkgs.writeText "basic_sieve" '' require "copy"; From a87c4adf2b87b3eafb3e464633df3f15802ac803 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sat, 28 Oct 2023 18:50:44 +0000 Subject: [PATCH 180/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 79c1825..cae7ea7 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1697993126, - "narHash": "sha256-GwuYt20MwyM5IMW5yurlTqpsw2AmGq7HfZH+oGMoYaM=", + "lastModified": 1698519025, + "narHash": "sha256-pCNg6R+KPbgZlWaq9oCkgSt6wm0SmE9S2r+/2XRRmxs=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations", - "rev": "a49b85236858ff9ec26222b5b726226691dc7eac", + "rev": "5ca3d2287d4b77f55d8b56defebacf40faff54cf", "type": "gitlab" }, "original": { From 5877f1143ce3fa1d42c82b85de5f1d53b3c7b962 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sat, 28 Oct 2023 19:02:42 +0000 Subject: [PATCH 181/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index cae7ea7..2028ea6 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1698519025, - "narHash": "sha256-pCNg6R+KPbgZlWaq9oCkgSt6wm0SmE9S2r+/2XRRmxs=", + "lastModified": 1698519699, + "narHash": "sha256-GK8NGWeG2gf3z/ktT0rzDVfj1UsaXxDLcSWCz6tsYSY=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations", - "rev": "5ca3d2287d4b77f55d8b56defebacf40faff54cf", + "rev": "7f451b04c5cffda1558e58f65a53dbc89a678446", "type": "gitlab" }, "original": { From 8bb2c26a990768bf7645e1f8b91dbb765a34667b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 3 Nov 2023 23:50:17 +0000 Subject: [PATCH 182/826] feat: added the ability for the admin to install store based --- applications/nextcloud.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/applications/nextcloud.nix b/applications/nextcloud.nix index 76c0b26..c15da62 100644 --- a/applications/nextcloud.nix +++ b/applications/nextcloud.nix @@ -90,6 +90,8 @@ in { adminpassFile = config.age.secrets.nextcloud_admin_pass.path; }; + appstoreEnable = true; + extraApps = with config.services.nextcloud.package.packages.apps; { inherit files_markdown files_texteditor forms groupfolders mail maps news notes onlyoffice polls; }; From 54f54d31b1bf579982df013aa03cbcb3bb754588 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 6 Nov 2023 04:16:33 +0000 Subject: [PATCH 183/826] feat: packaged up Bitwardens Directory Connector --- .../_bitwarden-directory-connector.nix | 52 +++ .../bitwarden/_bitwarden_sync_module.nix | 334 ++++++++++++++++++ applications/bitwarden/bitwarden_sync.nix | 64 ++++ secrets/bitwarden/api.age | 17 + secrets/secrets.nix | 9 +- 5 files changed, 475 insertions(+), 1 deletion(-) create mode 100644 applications/bitwarden/_bitwarden-directory-connector.nix create mode 100644 applications/bitwarden/_bitwarden_sync_module.nix create mode 100644 applications/bitwarden/bitwarden_sync.nix create mode 100644 secrets/bitwarden/api.age diff --git a/applications/bitwarden/_bitwarden-directory-connector.nix b/applications/bitwarden/_bitwarden-directory-connector.nix new file mode 100644 index 0000000..55edf6d --- /dev/null +++ b/applications/bitwarden/_bitwarden-directory-connector.nix @@ -0,0 +1,52 @@ +{ + lib, + buildNpmPackage, + fetchgit, + pkgs, + git, + python3, + pkg-config, + libsecret, + nodejs_18, +}: let + buildNpmPackage' = buildNpmPackage.override {nodejs = nodejs_18;}; +in + buildNpmPackage' rec { + pname = "bitwarden-directory-connector"; + version = "v2023.10.0"; + + src = fetchgit { + url = "https://github.com/bitwarden/directory-connector.git"; + rev = version; + hash = "sha256-5gU7nIPHU94Yhd83C9y0ABL9PbSfMn9WhV2wlpdr2fE="; + }; + + npmDepsHash = "sha256-jBAWWY12qeX2EDhUvT3TQpnQvYXRsIilRrXGpVzxYvw="; + + env.ELECTRON_SKIP_BINARY_DOWNLOAD = "1"; + + makeCacheWritable = true; + npmBuildScript = "build:cli:prod"; + + installPhase = '' + mkdir -p $out + cp -R {build-cli,node_modules} $out + ''; + + buildInputs = [ + libsecret + ]; + + nativeBuildInputs = [ + git + python3 + pkg-config + ]; + + meta = with lib; { + description = "Bitwarden Directory Connector"; + homepage = "https://github.com/bitwarden/directory-connector"; + license = licenses.gpl3Only; + maintainers = with maintainers; [Silver-Golden]; + }; + } diff --git a/applications/bitwarden/_bitwarden_sync_module.nix b/applications/bitwarden/_bitwarden_sync_module.nix new file mode 100644 index 0000000..3ca5157 --- /dev/null +++ b/applications/bitwarden/_bitwarden_sync_module.nix @@ -0,0 +1,334 @@ +{ + pkgs, + config, + lib, + ... +}: +with lib; let + # to be changed once the package is accepted + connector = pkgs.callPackage ./_bitwarden-directory-connector.nix {}; + + cfg = config.services.bitwarden_connector; + + nodejs = pkgs.nodejs-18_x; + + ldap_data = '' + { + "ssl": ${boolToString cfg.ldap.ssl}, + "startTls": ${boolToString cfg.ldap.startTls}, + "sslAllowUnauthorized": ${boolToString cfg.ldap.startTls}, + "port": ${toString cfg.ldap.port}, + "currentUser": false, + "ad": ${boolToString cfg.ldap.ad}, + "pagedSearch": true, + "password": "to_be_replaced", + "hostname": "${cfg.ldap.hostname}", + "rootPath": "${cfg.ldap.root}", + "username": "${cfg.ldap.username}" + } + ''; + + sync_data = '' + { + "removeDisabled": ${boolToString cfg.sync.removeDisabled}, + "overwriteExisting": ${boolToString cfg.sync.overwriteExisting}, + "largeImport": ${boolToString cfg.sync.largeImport}, + "creationDateAttribute": "${cfg.sync.creationDateAttribute}", + "memberAttribute": "${cfg.sync.memberAttribute}", + + "useEmailPrefixSuffix": ${boolToString cfg.sync.emailPrefixSuffix.enable}, + ${optionalString cfg.sync.emailPrefixSuffix.enable '' + "emailPrefixAttribute": "${cfg.sync.emailPrefixSuffix.prefixAttribute}", + "emailSuffix": "${cfg.sync.emailPrefixSuffix.suffix}", + ''} + + "users": ${boolToString cfg.sync.users.enable}, + ${optionalString cfg.sync.users.enable '' + "userPath": "${cfg.sync.users.path}", + "userObjectClass": "${cfg.sync.users.objectClass}", + "userEmailAttribute": "${cfg.sync.users.emailAttribute}", + "userFilter": "${cfg.sync.users.filter}", + ''} + + "groups": ${boolToString cfg.sync.groups.enable}, + ${optionalString cfg.sync.groups.enable '' + "groupPath": "${cfg.sync.groups.path}", + "groupObjectClass": "${cfg.sync.groups.objectClass}", + "groupNameAttribute": "${cfg.sync.groups.nameAttribute}", + "groupFilter": "${cfg.sync.groups.filter}", + ''} + + "interval": 5 + } + ''; + + sed_string = string: builtins.replaceStrings ["." "/" "\n"] ["\\." "\\/" "\\n"] string; +in { + imports = []; + + options.services.bitwarden_connector = { + enable = mkEnableOption "Bitwarden Directory Connector"; + + domain = mkOption { + type = types.str; + description = lib.mdDoc "The domain the Bitwarden/Vaultwarden is accessable on."; + example = "https://vaultwarden.example.com"; + }; + + user = mkOption { + type = types.str; + description = lib.mdDoc "User to run the program."; + default = "bwdc"; + }; + + directory = mkOption { + type = types.str; + description = lib.mdDoc "Folder to store the config file."; + default = "/etc/bitwarden/${cfg.user}"; + }; + + ldap = { + ssl = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Use SSL."; + }; + startTls = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Use startTls."; + }; + sslAllowUnauthorized = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc ""; + }; + ad = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Is Active Directory."; + }; + port = mkOption { + type = types.int; + default = 389; + description = lib.mdDoc "Port LDAP is accessable on"; + }; + hostname = mkOption { + type = types.str; + description = lib.mdDoc "The host the LDAP is accessable on."; + example = "ldap.example.com"; + }; + + root = mkOption { + type = types.str; + description = lib.mdDoc "Root path for LDAP"; + example = "dc=example,dc=com"; + }; + + username = mkOption { + type = types.str; + description = lib.mdDoc "The user to authenticate as."; + example = "cn=admin,dc=example,dc=com"; + }; + pw_env = mkOption { + type = types.str; + description = lib.mdDoc "The ENV var that the ldap password is stored."; + default = "LDAP_PW"; + }; + }; + + sync = { + interval = mkOption { + type = types.str; + default = "*:0,15,30,45"; + description = lib.mdDoc "When to run the connector, cron syntax."; + }; + removeDisabled = mkOption { + type = types.bool; + default = true; + description = lib.mdDoc "Remove users from bitwarden groups if no longer in the ldap group."; + }; + overwriteExisting = mkOption { + type = types.bool; + default = false; + description = + lib.mdDoc "Remove and re-add users/groups, See https://bitwarden.com/help/user-group-filters/#overwriting-syncs for more details."; + }; + largeImport = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Enable if you ar syncing more than 2000 users/groups."; + }; + + memberAttribute = mkOption { + type = types.str; + description = lib.mdDoc "Attribute that lists members in a LDAP group."; + example = "uniqueMember"; + }; + + creationDateAttribute = mkOption { + type = types.str; + description = lib.mdDoc "Attribute that lists a users creation date."; + example = "whenCreated"; + }; + + emailPrefixSuffix = { + enable = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "If a user has no email address, combine a username prefix with a suffix value to form an email."; + }; + prefixAttribute = mkOption { + type = types.str; + description = lib.mdDoc "Attribute that has a users username."; + example = "accountName"; + }; + suffix = mkOption { + type = types.str; + description = lib.mdDoc "Suffix for the email, normally @example.com."; + example = "@example.com"; + }; + }; + + users = { + enable = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Sync users."; + }; + path = mkOption { + type = types.str; + description = lib.mdDoc "User directory, relative to root."; + example = "ou=users"; + }; + objectClass = mkOption { + type = types.str; + description = lib.mdDoc "A class that users will have."; + example = "inetOrgPerson"; + }; + emailAttribute = mkOption { + type = types.str; + description = lib.mdDoc "Attribute for a users email."; + example = "mail"; + }; + filter = mkOption { + type = types.str; + description = lib.mdDoc "Filter for users."; + example = "(memberOf=cn=sales,ou=groups,dc=example,dc=com)"; + }; + }; + groups = { + enable = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Sync groups."; + }; + path = mkOption { + type = types.str; + description = lib.mdDoc "Group directory, relative to root."; + example = "ou=groups"; + }; + objectClass = mkOption { + type = types.str; + description = lib.mdDoc "A class that groups will have."; + example = "groupOfNames"; + }; + nameAttribute = mkOption { + type = types.str; + description = lib.mdDoc "Attribute for a name of group."; + example = "cn"; + }; + filter = mkOption { + type = types.str; + description = lib.mdDoc "Filter for groups."; + example = "(cn=sales)"; + }; + }; + }; + + env = { + description = "Env files to be passed in."; + ldap = mkOption rec { + type = types.str; + description = "Auth for the LDAP, has ${cfg.ldap.pw_env}"; + }; + bitwarden = mkOption rec { + type = types.str; + description = "Auth for Bitwarden, has BW_CLIENTID and BW_CLIENTSECRET"; + }; + }; + }; + + config = mkIf cfg.enable { + users.groups."${cfg.user}" = {}; + + users.users."${cfg.user}" = { + createHome = true; + isSystemUser = true; + home = "${cfg.directory}"; + group = "${cfg.user}"; + homeMode = "711"; + }; + + systemd = { + timers."${cfg.user}" = { + description = "Timer for ${cfg.user}"; + wantedBy = ["timers.target"]; + partOf = ["${cfg.user}.service"]; + timerConfig = { + OnCalendar = cfg.sync.interval; + Unit = "${cfg.user}.service"; + Persistent = true; + }; + }; + + services."${cfg.user}" = { + description = "Main process for Bitwarden Directory Connector"; + wantedBy = ["multi-user.target"]; + after = ["network-online.target"]; + wants = []; + + environment = { + BITWARDENCLI_CONNECTOR_APPDATA_DIR = cfg.directory; + BITWARDENCLI_CONNECTOR_PLAINTEXT_SECRETS = "true"; + }; + + serviceConfig = { + Type = "oneshot"; + User = "${cfg.user}"; + Group = "${cfg.user}"; + ExecStartPre = pkgs.writeShellScript "${cfg.user}-config" '' + # create the config file + ${nodejs}/bin/node ${connector}/build-cli/bwdc.js data-file + + ${nodejs}/bin/node ${connector}/build-cli/bwdc.js config server ${cfg.domain} + + # now login to set credentials + ${nodejs}/bin/node ${connector}/build-cli/bwdc.js login + + # set the ldap details + sed -i 's/"ldap": null/"ldap": ${sed_string ldap_data}/' ${cfg.directory}/data.json + + # set the client id + orgID=$(echo $BW_CLIENTID | sed 's/organization\.//g') + sed -i "s/\"organizationId\": null/\"organizationId\": \"$orgID\"/" ${cfg.directory}/data.json + + # and sync data + sed -i 's/"sync": null/"sync": ${sed_string sync_data}/' ${cfg.directory}/data.json + + # final config + ${nodejs}/bin/node ${connector}/build-cli/bwdc.js config directory 0 + ${nodejs}/bin/node ${connector}/build-cli/bwdc.js config ldap.password --secretenv ${cfg.ldap.pw_env} + ''; + + ExecStart = ''${nodejs}/bin/node ${connector}/build-cli/bwdc.js sync''; + + EnvironmentFile = [ + "${cfg.env.ldap}" + "${cfg.env.bitwarden}" + ]; + }; + }; + }; + }; +} diff --git a/applications/bitwarden/bitwarden_sync.nix b/applications/bitwarden/bitwarden_sync.nix new file mode 100644 index 0000000..a993846 --- /dev/null +++ b/applications/bitwarden/bitwarden_sync.nix @@ -0,0 +1,64 @@ +{ + pkgs, + config, + lib, + ... +}: let +in { + imports = [ + ./_bitwarden_sync_module.nix + ]; + + options = {}; + + config = { + age.secrets.bitwarden_sync_api.file = ../../secrets/bitwarden/api.age; + age.secrets.bitwarden_sync_ldap.file = ../../secrets/ldap/details.age; + + services.bitwarden_connector = { + enable = true; + + domain = "https://pw.skynet.ie"; + + ldap = { + ssl = false; + startTls = false; + sslAllowUnauthorized = false; + ad = false; + port = 389; + hostname = "account.skynet.ie"; + root = "dc=skynet,dc=ie"; + username = "cn=admin,dc=skynet,dc=ie"; + pw_env = "LDAP_ADMIN_PW"; + }; + + sync = { + removeDisabled = true; + overwriteExisting = false; + largeImport = false; + memberAttribute = "member"; + creationDateAttribute = "skCreated"; + emailPrefixSuffix.enable = false; + users = { + enable = true; + path = "ou=users"; + objectClass = "inetOrgPerson"; + emailAttribute = "skMail"; + filter = "(|(memberOf=cn=skynet-committee,ou=groups,dc=skynet,dc=ie)(memberOf=cn=skynet-admins,ou=groups,dc=skynet,dc=ie))"; + }; + groups = { + enable = true; + path = "ou=groups"; + objectClass = "groupOfNames"; + nameAttribute = "cn"; + filter = ""; + }; + }; + + env = { + bitwarden = config.age.secrets.bitwarden_sync_api.path; + ldap = config.age.secrets.bitwarden_sync_ldap.path; + }; + }; + }; +} diff --git a/secrets/bitwarden/api.age b/secrets/bitwarden/api.age new file mode 100644 index 0000000..e92f6e7 --- /dev/null +++ b/secrets/bitwarden/api.age @@ -0,0 +1,17 @@ +age-encryption.org/v1 +-> ssh-ed25519 V1pwNA 9sIoEpzKd/eI94AuhnxT1jyTIpLiqvNLvZ2oDqEzXUY +YstVwGRjZUXguF+MVJrzi4pj4h3YJI222mw0yzZf6NQ +-> ssh-ed25519 4PzZog 7kF/5y4OqdF88N4Dhx7G93fUCO2RwR+6QxWn5tH6RVQ +cV2hwmEhwGWIjpktlUnXDvBU8Zlc0nHNfDgrhNnH9+g +-> ssh-ed25519 5Nd93w Wjt9rcp1YEgkt9/P8vYUeVbNA420drbz/mZZERZFUGU +VE5a0Wx5WTy12cCm2Vg3J8GYQ1B+WnEca/FTFPhZ3nE +-> ssh-ed25519 q8eJgg EmdkKgMt9LkZSVm0pN0vf35p8UwpBWzF/cC32VviyQM +Ii+g+vgMoCj9XYpCoOyTD4sahYNUhbQRoDwgDnZCUEU +-> ssh-ed25519 IzAMqA pNlr1079F7f8zqfb4bujzQPNahoKUBH4GShDu9g2r30 +FUa1QqHBLy2qb4eHYeZgQetyjX44LnckPlv46694Sds +-> 1-grease Jr S68AA 6z@gP Y) + +--- mEkHKhEzkas0RT9tzEVFeEenFW6Av4E0uXzCeYgCdRA +,BU@!*y +C1!t{b*leHOh#/V,5J:)4f Date: Mon, 6 Nov 2023 05:18:52 +0000 Subject: [PATCH 184/826] fix: update teh metadata/package --- .../_bitwarden-directory-connector.nix | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/applications/bitwarden/_bitwarden-directory-connector.nix b/applications/bitwarden/_bitwarden-directory-connector.nix index 55edf6d..ec754dc 100644 --- a/applications/bitwarden/_bitwarden-directory-connector.nix +++ b/applications/bitwarden/_bitwarden-directory-connector.nix @@ -1,7 +1,7 @@ { lib, buildNpmPackage, - fetchgit, + fetchFromGitHub, pkgs, git, python3, @@ -13,12 +13,14 @@ in buildNpmPackage' rec { pname = "bitwarden-directory-connector"; - version = "v2023.10.0"; + version = "2023.10.0"; - src = fetchgit { - url = "https://github.com/bitwarden/directory-connector.git"; - rev = version; - hash = "sha256-5gU7nIPHU94Yhd83C9y0ABL9PbSfMn9WhV2wlpdr2fE="; + src = fetchFromGitHub { + owner = "bitwarden"; + repo = "directory-connector"; + rev = "b2bc45137013b258bffda2c2703715cb9f6e687f"; + hash = "sha256-CgaCnMWNVWCJBypNcdoseVCwD8Mlq4YaWpK+VZT/7Qk="; + leaveDotGit = true; }; npmDepsHash = "sha256-jBAWWY12qeX2EDhUvT3TQpnQvYXRsIilRrXGpVzxYvw="; @@ -44,9 +46,10 @@ in ]; meta = with lib; { - description = "Bitwarden Directory Connector"; + description = "A LDAP connector for Bitwarden"; homepage = "https://github.com/bitwarden/directory-connector"; license = licenses.gpl3Only; maintainers = with maintainers; [Silver-Golden]; + platforms = platforms.linux; }; } From 7673bb3fb2c7469e395d56104c9a6462f87fe41d Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 6 Nov 2023 13:11:29 +0000 Subject: [PATCH 185/826] [skip ci] Updated flake for skynet_ldap_frontend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 2028ea6..b21de2b 100644 --- a/flake.lock +++ b/flake.lock @@ -700,11 +700,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1695858897, - "narHash": "sha256-mXTqtdScfpqYG+6qDC7NpDCy91gmviXtjxEbnR31TCU=", + "lastModified": 1699276277, + "narHash": "sha256-5XXmfjH4DiZpiSRSXhH3TPr3pV5c6SyqipuVmlZB6tM=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Ffrontend", - "rev": "63388a8d1cfcfc020d307aca07af09d165ef7d18", + "rev": "7ab4419132a8371327f6df1c58d28f42a285a02d", "type": "gitlab" }, "original": { From 29dc2750aec93e5aaa3e64b36945e564fd0eaad7 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 7 Nov 2023 13:38:59 +0000 Subject: [PATCH 186/826] feat: added bitwarden/vaultwarden support. --- applications/bitwarden/vaultwarden.nix | 93 ++++++++++++++++++++++++++ machines/kitt.nix | 11 +++ secrets/bitwarden/details.age | 16 +++++ secrets/email/details.age | 44 ++++++------ secrets/secrets.nix | 1 + 5 files changed, 143 insertions(+), 22 deletions(-) create mode 100644 applications/bitwarden/vaultwarden.nix create mode 100644 secrets/bitwarden/details.age diff --git a/applications/bitwarden/vaultwarden.nix b/applications/bitwarden/vaultwarden.nix new file mode 100644 index 0000000..22808e9 --- /dev/null +++ b/applications/bitwarden/vaultwarden.nix @@ -0,0 +1,93 @@ +{ + config, + pkgs, + lib, + inputs, + ... +}: +with lib; let + cfg = config.services.skynet_vaultwarden; + + domain_sub = "pw"; + domain = "${domain_sub}.skynet.ie"; +in { + imports = [ + ../acme.nix + ../dns.nix + ../nginx.nix + ]; + + options.services.skynet_vaultwarden = { + enable = mkEnableOption "Skynet vaultwarden server"; + + host = { + ip = mkOption { + type = types.str; + }; + + name = mkOption { + type = types.str; + }; + }; + }; + + config = mkIf cfg.enable { + #backups = [ "/etc/silver_ul_ical/database.db" ]; + + # Website config + skynet_acme.domains = [ + domain + ]; + + skynet_dns.records = [ + { + record = domain_sub; + r_type = "CNAME"; + value = cfg.host.name; + } + ]; + + services.nginx.virtualHosts."${domain}" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}"; + }; + }; + + # has ADMIN_TOKEN and SMTP_PASSWORD + age.secrets.bitwarden_details.file = ../../secrets/bitwarden/details.age; + + services.vaultwarden = { + enable = true; + + environmentFile = config.age.secrets.bitwarden_details.path; + config = { + DOMAIN = "https://${domain}"; + SENDS_ALLOWED = true; + SIGNUPS_ALLOWED = false; + + INVITATION_ORG_NAME = "Skyhold"; + + ORG_GROUPS_ENABLED = true; + + USE_SENDMAIL = false; + + SMTP_HOST = "mail.skynet.ie"; + SMTP_FROM = "vaultwarden@skynet.ie"; + SMTP_FROM_NAME = "Skynet Bitwarden server"; + SMTP_SECURITY = "starttls"; + SMTP_PORT = 587; + + SMTP_USERNAME = "vaultwarden@skynet.ie"; + SMTP_AUTH_MECHANISM = "Login"; + SMTP_EMBED_IMAGES = true; + + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 8222; + + ROCKET_LOG = "critical"; + }; + }; + }; +} diff --git a/machines/kitt.nix b/machines/kitt.nix index da699d3..5891571 100644 --- a/machines/kitt.nix +++ b/machines/kitt.nix @@ -23,6 +23,8 @@ in { imports = [ ../applications/ldap/server.nix ../applications/discord.nix + ../applications/bitwarden/vaultwarden.nix + ../applications/bitwarden/bitwarden_sync.nix ]; deployment = { @@ -66,4 +68,13 @@ in { services.discord_bot = { enable = true; }; + + services.skynet_vaultwarden = { + enable = true; + + host = { + ip = ip_pub; + name = name; + }; + }; } diff --git a/secrets/bitwarden/details.age b/secrets/bitwarden/details.age new file mode 100644 index 0000000..3d5ac2a --- /dev/null +++ b/secrets/bitwarden/details.age @@ -0,0 +1,16 @@ +age-encryption.org/v1 +-> ssh-ed25519 V1pwNA d3Xy8iQxiSb8gV8NRqBAxBm0g5V1INUAeHJDFdAqe3o +Uaw/Q/BjZabCWBoKJmSICiUn8/OWXjj+/sx0BZKxWj8 +-> ssh-ed25519 4PzZog qxpYb+zz05nntFRA8k0ZwWSmpvOA8gnf8AaBuy5xyhQ +ssOtug0RBDkPbSEC4Acs/UNelfLmkLLH2pEm0geAuVE +-> ssh-ed25519 5Nd93w iXfwzbDeUuFqwXPztMdaBXnfXY7W8sQXmcxEtMqkPzM +t88pMxJ09RtrNEd1tn8N5iUh2mnaHwzb3dD6xlt8jRw +-> ssh-ed25519 q8eJgg 4NAejBkAf4tZEsq6YsWJiOTq3wBBkDHB3Z1CFG8LeSk +yIicVNLUkaHs9RzaEFFn0SVqR5QiKNJZShehiEfvTh4 +-> ssh-ed25519 IzAMqA orpGqetn3ND76DC2QejaGnAlPDlV43l7/GdJB47SFQA +U0Bm9/VgoY6/dwIdqZpOY5rQc5j/TBlKzRS8rndyxu4 +-> _-grease yOwV[T R\ b>SI aVM^#_X +VfqPBdd5CK3GXPcBxXzbq9ak7qYJrnrxU7O7pKmfavJJ55dsmXKvEI7NE2tgASsr +Gxc1ttbQ4310R2CN0IM7xvMRLQsg/MnA2WGiwO52OYkHJXZ/i9F8ro4sq8q5cJE +--- T8NUXH3YnnAIycabcEi8uFUfnDuvdgy3COrUoPPA+lQ +QýPE*NcY޳ Y튰nKBaz^fJyhW!u|dDq'}6^5wSk1%Nsmwi+|Dpϔqr!1ə ?H$(f͐gKn{a93tl܂GbrでbMY(`y&,'{= \ No newline at end of file diff --git a/secrets/email/details.age b/secrets/email/details.age index 677a153..3c73aa0 100644 --- a/secrets/email/details.age +++ b/secrets/email/details.age @@ -1,23 +1,23 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA P02Xzq2IYlbZMvvBUjy6eM0FN1CfSyCinTJnQrZUUlg -QU9CrDYFL0KwDiH9T0zOzydeJBm4eS+Rp4m2ozA3FA0 --> ssh-ed25519 4PzZog 0dqzbH7AY96+GFtwrkrcxYKuO/c9eBPgdxMKa1qliw0 -y0Kx5IG3CCzFcXM5MuS3eLij/l7QFKaHlr3VQty+gsA --> ssh-ed25519 5Nd93w i9j9spcBf2ww6koxQu+802p8ua70VmQTtuLNC/v8MzY -wgYQc+JdSPd2cen/mQyL4NVn9fHtRsHX0E5lDW06yMs --> ssh-ed25519 q8eJgg L55YurMQv+czgj6uwgHS3L2vX2A5VYRcUEXsGcj0r38 -vLRAuYLEljcVqVXs6k0hrVQNkRIpvvpCUeMP4jWVItQ --> ssh-ed25519 IzAMqA Q1wP64lIZtvFPa0wAD+jQZtS7NwDr4rkthZEoVtuJjo -EnLKgtFFpzEKpLZMatZFNTt0rINciFUryYd0GMIUSp0 --> ssh-ed25519 uZzB3g EwOnsGci+aqHj7XR+sVCi2pNowFbTLtQimzFNHy7LTo -jtl2RhtNayPr44rrZ1ESgR6p1hDJg1h70flu/0rDCjg --> ssh-ed25519 Hb0ipQ Jmcvd8zOLb7qf2ZIY1HsBrMA3wETGJFUTicBb/Gf2n4 -RTiE+f1N+npbnh1M20x76MJ/uj/5SDTdWKj1uMWPThM --> ssh-ed25519 IzAMqA cSzsukksm2E0coLmIXmd6DsEs/gHmIeGfcH/unNd1B4 -6ThlGLwm5iFG/UXoNMtAup909MVxz5JTpK45HJDeYFk --> d7'/PSOq-grease BF, -ka0OOXHqf7TrhcdP9NFMQVGlF2x+fnC5PRZba5o ---- s5GXDMgktkfdge6Ndk1J8ooCdXVsryH9XzD2+TF6wC8 -`2S -%͋cA2 w L(q\0})D#k)Y\&X"į506|4)._vD6Nҽ*+R)59 -E} ~gC1 ea \ No newline at end of file +-> ssh-ed25519 V1pwNA jq+XbDiOKLZYMvnmsSod+uedgov0IG0owyKLnh8UWSE +Qvoh1P8BCj677JtljcNsz+wlimAsOc6VhUMJhV1GqiU +-> ssh-ed25519 4PzZog QW53/Ugxrrxc409WcGAIvM1/Y4Vmx3ApggipX/eIEjw +IAYk1jPQmim0+TItOXAskS3PVgCnZDtYdIBKlvcLxwA +-> ssh-ed25519 5Nd93w sCuEYWuaUPIMRjZXmggeeWCgkIaJT7D5bAXb2ixWq2Q +1o9D3Uz/mNnh4ys0I78j25MiKlHqhGdaP+D8HvtpOWY +-> ssh-ed25519 q8eJgg 6WC13FFyND94sHo7cbG+3uZUNsmy42DmpUOVkCmVbHw +RJJ+3aUtwP1M4bDkiHKr0uz+HwRwH0bAn+GPEs4utGQ +-> ssh-ed25519 IzAMqA 87Jsefduk7iRFF84+ZvPGdTpz/FzRYuzg9UkbPQxPW8 +xBUyjiOg9/zq28fXFo2/kHitPuz3HaZ+ckEwgWqYXH4 +-> ssh-ed25519 uZzB3g 2/G93JVSGG8Bq3TzXiC7VxGvLgt8VpfBDxNLnsQJnzQ +eqvUUuCxDnj1YJt31bOXEZtCk6W8Fb073LUp6JoCLSs +-> ssh-ed25519 Hb0ipQ VrLe6mWpNh3VasQNuZoYVSG+UoExVvp9plKEuRi6+DQ +xem0syYeUihXShPuhN4Y0caleqYD3Guw89phtQ+IzHw +-> ssh-ed25519 IzAMqA Ki9fF+v0YtXbnZFOX9Qyp2RF8NkvtgVM2vWxvc7TiDI +parIXPuSLa9NKLw3tUJFWK3FsGfD85h+DL28y5sNgrk +-> c{-grease -ufY Ew| +tdST+ze++xYVJLumh6+FoeoLRYS2WKdR/HSY8UphDPJx1OW+2ZSJNyG5XjTX582r +zSM85sEgYsJe0arZqPDHwnjssUCkAuiLMZM8atLM +--- PICAIqdJW/DCPw9lvrRLsdMJLUFsE48EQxd03DboxqI +Hr !{'!yo$0:d6ituRf; ʹ݈?Ma6l; +P@pXkir& |2S#څ6A@~T*R/ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 57ff7c6..cc13d63 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -140,4 +140,5 @@ in { # for bitwarden connector "bitwarden/api.age".publicKeys = users ++ bitwarden; + "bitwarden/details.age".publicKeys = users ++ bitwarden; } From 09fb8cf56eb1c7f65cd3ee2278565aa2d55fab39 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 12 Nov 2023 03:27:30 +0000 Subject: [PATCH 187/826] feat: improved and unified config, now will be almost the same as what is in nixpkgs --- .../_bitwarden-directory-connector.nix | 15 ++++- .../bitwarden/_bitwarden_sync_module.nix | 64 +++++++++++-------- applications/bitwarden/bitwarden_sync.nix | 4 +- 3 files changed, 54 insertions(+), 29 deletions(-) diff --git a/applications/bitwarden/_bitwarden-directory-connector.nix b/applications/bitwarden/_bitwarden-directory-connector.nix index ec754dc..249ac82 100644 --- a/applications/bitwarden/_bitwarden-directory-connector.nix +++ b/applications/bitwarden/_bitwarden-directory-connector.nix @@ -8,6 +8,7 @@ pkg-config, libsecret, nodejs_18, + makeWrapper, }: let buildNpmPackage' = buildNpmPackage.override {nodejs = nodejs_18;}; in @@ -18,7 +19,7 @@ in src = fetchFromGitHub { owner = "bitwarden"; repo = "directory-connector"; - rev = "b2bc45137013b258bffda2c2703715cb9f6e687f"; + rev = "v${version}"; hash = "sha256-CgaCnMWNVWCJBypNcdoseVCwD8Mlq4YaWpK+VZT/7Qk="; leaveDotGit = true; }; @@ -31,8 +32,16 @@ in npmBuildScript = "build:cli:prod"; installPhase = '' - mkdir -p $out + runHook preInstall + mkdir -p $out/bin cp -R {build-cli,node_modules} $out + runHook postInstall + ''; + + # needs to be wrapped with nodejs so that it can be executed + postInstall = '' + chmod +x $out/build-cli/bwdc.js + makeWrapper $out/build-cli/bwdc.js $out/bin/${pname} --prefix PATH:"${lib.makeBinPath [nodejs_18]}" ''; buildInputs = [ @@ -43,6 +52,7 @@ in git python3 pkg-config + makeWrapper ]; meta = with lib; { @@ -51,5 +61,6 @@ in license = licenses.gpl3Only; maintainers = with maintainers; [Silver-Golden]; platforms = platforms.linux; + mainProgram = "${pname}"; }; } diff --git a/applications/bitwarden/_bitwarden_sync_module.nix b/applications/bitwarden/_bitwarden_sync_module.nix index 3ca5157..31c8eeb 100644 --- a/applications/bitwarden/_bitwarden_sync_module.nix +++ b/applications/bitwarden/_bitwarden_sync_module.nix @@ -5,18 +5,13 @@ ... }: with lib; let - # to be changed once the package is accepted - connector = pkgs.callPackage ./_bitwarden-directory-connector.nix {}; - - cfg = config.services.bitwarden_connector; - - nodejs = pkgs.nodejs-18_x; + cfg = config.services.bitwarden_directory_connector; ldap_data = '' { "ssl": ${boolToString cfg.ldap.ssl}, "startTls": ${boolToString cfg.ldap.startTls}, - "sslAllowUnauthorized": ${boolToString cfg.ldap.startTls}, + "sslAllowUnauthorized": ${boolToString cfg.ldap.sslAllowUnauthorized}, "port": ${toString cfg.ldap.port}, "currentUser": false, "ad": ${boolToString cfg.ldap.ad}, @@ -66,9 +61,23 @@ with lib; let in { imports = []; - options.services.bitwarden_connector = { + options.services.bitwarden_directory_connector = { enable = mkEnableOption "Bitwarden Directory Connector"; + package = mkOption { + type = types.package; + default = pkgs.bitwarden-directory-connector; + defaultText = literalExpression "pkgs.bitwarden-directory-connector"; + description = lib.mdDoc "Reference to the Ditwarden Directory Connector package"; + example = literalExpression "pkgs.bitwarden-directory-connector-example"; + }; + + binary_name = mkOption { + type = types.str; + description = lib.mdDoc "The main binary for the connector."; + default = "bitwarden-directory-connector"; + }; + domain = mkOption { type = types.str; description = lib.mdDoc "The domain the Bitwarden/Vaultwarden is accessable on."; @@ -84,7 +93,7 @@ in { directory = mkOption { type = types.str; description = lib.mdDoc "Folder to store the config file."; - default = "/etc/bitwarden/${cfg.user}"; + default = "/etc/bitwarden/bwdc"; }; ldap = { @@ -96,7 +105,7 @@ in { startTls = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Use startTls."; + description = lib.mdDoc "Use STARTTLS."; }; sslAllowUnauthorized = mkOption { type = types.bool; @@ -141,7 +150,7 @@ in { interval = mkOption { type = types.str; default = "*:0,15,30,45"; - description = lib.mdDoc "When to run the connector, cron syntax."; + description = lib.mdDoc "When to run the connector, OnCalendar syntax."; }; removeDisabled = mkOption { type = types.bool; @@ -157,7 +166,7 @@ in { largeImport = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable if you ar syncing more than 2000 users/groups."; + description = lib.mdDoc "Enable if you are syncing more than 2000 users/groups."; }; memberAttribute = mkOption { @@ -247,10 +256,9 @@ in { }; env = { - description = "Env files to be passed in."; ldap = mkOption rec { type = types.str; - description = "Auth for the LDAP, has ${cfg.ldap.pw_env}"; + description = "Auth for the LDAP, has value defined in {option}`ldap.pw_env"; }; bitwarden = mkOption rec { type = types.str; @@ -271,18 +279,18 @@ in { }; systemd = { - timers."${cfg.user}" = { - description = "Timer for ${cfg.user}"; + timers.bitwarden_directory_connector = { + description = "Sync timer for Bitwarden Directory Connector"; wantedBy = ["timers.target"]; - partOf = ["${cfg.user}.service"]; + partOf = ["bitwarden_directory_connector.service"]; timerConfig = { OnCalendar = cfg.sync.interval; - Unit = "${cfg.user}.service"; + Unit = "bitwarden_directory_connector.service"; Persistent = true; }; }; - services."${cfg.user}" = { + services.bitwarden_directory_connector = { description = "Main process for Bitwarden Directory Connector"; wantedBy = ["multi-user.target"]; after = ["network-online.target"]; @@ -297,14 +305,14 @@ in { Type = "oneshot"; User = "${cfg.user}"; Group = "${cfg.user}"; - ExecStartPre = pkgs.writeShellScript "${cfg.user}-config" '' + ExecStartPre = pkgs.writeShellScript "bitwarden_directory_connector-config" '' # create the config file - ${nodejs}/bin/node ${connector}/build-cli/bwdc.js data-file + ${cfg.package}/bin/${cfg.binary_name} data-file - ${nodejs}/bin/node ${connector}/build-cli/bwdc.js config server ${cfg.domain} + ${cfg.package}/bin/${cfg.binary_name} config server ${cfg.domain} # now login to set credentials - ${nodejs}/bin/node ${connector}/build-cli/bwdc.js login + ${cfg.package}/bin/${cfg.binary_name} login # set the ldap details sed -i 's/"ldap": null/"ldap": ${sed_string ldap_data}/' ${cfg.directory}/data.json @@ -317,11 +325,11 @@ in { sed -i 's/"sync": null/"sync": ${sed_string sync_data}/' ${cfg.directory}/data.json # final config - ${nodejs}/bin/node ${connector}/build-cli/bwdc.js config directory 0 - ${nodejs}/bin/node ${connector}/build-cli/bwdc.js config ldap.password --secretenv ${cfg.ldap.pw_env} + ${cfg.package}/bin/${cfg.binary_name} config directory 0 + ${cfg.package}/bin/${cfg.binary_name} config ldap.password --secretenv ${cfg.ldap.pw_env} ''; - ExecStart = ''${nodejs}/bin/node ${connector}/build-cli/bwdc.js sync''; + ExecStart = ''${cfg.package}/bin/${cfg.binary_name} sync''; EnvironmentFile = [ "${cfg.env.ldap}" @@ -331,4 +339,8 @@ in { }; }; }; + + meta = with lib; { + maintainers = with maintainers; [Silver-Golden]; + }; } diff --git a/applications/bitwarden/bitwarden_sync.nix b/applications/bitwarden/bitwarden_sync.nix index a993846..fb013e0 100644 --- a/applications/bitwarden/bitwarden_sync.nix +++ b/applications/bitwarden/bitwarden_sync.nix @@ -15,11 +15,13 @@ in { age.secrets.bitwarden_sync_api.file = ../../secrets/bitwarden/api.age; age.secrets.bitwarden_sync_ldap.file = ../../secrets/ldap/details.age; - services.bitwarden_connector = { + services.bitwarden_directory_connector = { enable = true; domain = "https://pw.skynet.ie"; + package = pkgs.callPackage ./_bitwarden-directory-connector.nix {}; + ldap = { ssl = false; startTls = false; From e810bca0850b18ef5b3d583d7cee0a41e36ed134 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 12 Nov 2023 21:58:27 +0000 Subject: [PATCH 188/826] feat: Improved config further --- .../bitwarden/_bitwarden_sync_module.nix | 109 +++++++++--------- 1 file changed, 56 insertions(+), 53 deletions(-) diff --git a/applications/bitwarden/_bitwarden_sync_module.nix b/applications/bitwarden/_bitwarden_sync_module.nix index 31c8eeb..75a977e 100644 --- a/applications/bitwarden/_bitwarden_sync_module.nix +++ b/applications/bitwarden/_bitwarden_sync_module.nix @@ -7,57 +7,51 @@ with lib; let cfg = config.services.bitwarden_directory_connector; - ldap_data = '' - { - "ssl": ${boolToString cfg.ldap.ssl}, - "startTls": ${boolToString cfg.ldap.startTls}, - "sslAllowUnauthorized": ${boolToString cfg.ldap.sslAllowUnauthorized}, - "port": ${toString cfg.ldap.port}, - "currentUser": false, - "ad": ${boolToString cfg.ldap.ad}, - "pagedSearch": true, - "password": "to_be_replaced", - "hostname": "${cfg.ldap.hostname}", - "rootPath": "${cfg.ldap.root}", - "username": "${cfg.ldap.username}" - } - ''; + ldap_data = builtins.toJSON { + ssl = cfg.ldap.ssl; + startTls = cfg.ldap.startTls; + sslAllowUnauthorized = cfg.ldap.sslAllowUnauthorized; + port = cfg.ldap.port; + currentUser = false; + ad = cfg.ldap.ad; + pagedSearch = true; + password = "to_be_replaced"; + hostname = cfg.ldap.hostname; + rootPath = cfg.ldap.root; + username = cfg.ldap.username; + }; - sync_data = '' - { - "removeDisabled": ${boolToString cfg.sync.removeDisabled}, - "overwriteExisting": ${boolToString cfg.sync.overwriteExisting}, - "largeImport": ${boolToString cfg.sync.largeImport}, - "creationDateAttribute": "${cfg.sync.creationDateAttribute}", - "memberAttribute": "${cfg.sync.memberAttribute}", + sync_data = + builtins.toJSON + ({ + removeDisabled = cfg.sync.removeDisabled; + overwriteExisting = cfg.sync.overwriteExisting; + largeImport = cfg.sync.largeImport; + creationDateAttribute = cfg.sync.creationDateAttribute; + memberAttribute = cfg.sync.memberAttribute; + interval = 5; + useEmailPrefixSuffix = cfg.sync.emailPrefixSuffix.enable; + users = cfg.sync.users.enable; + groups = cfg.sync.groups.enable; + } + // optionalAttrs cfg.sync.emailPrefixSuffix.enable { + emailPrefixAttribute = cfg.sync.emailPrefixSuffix.prefixAttribute; + emailSuffix = cfg.sync.emailPrefixSuffix.suffix; + } + // optionalAttrs cfg.sync.users.enable { + userPath = cfg.sync.users.path; + userObjectClass = cfg.sync.users.objectClass; + userEmailAttribute = cfg.sync.users.emailAttribute; + userFilter = cfg.sync.users.filter; + } + // optionalAttrs cfg.sync.groups.enable { + groupPath = cfg.sync.groups.path; + groupObjectClass = cfg.sync.groups.objectClass; + groupNameAttribute = cfg.sync.groups.nameAttribute; + groupFilter = cfg.sync.groups.filter; + }); - "useEmailPrefixSuffix": ${boolToString cfg.sync.emailPrefixSuffix.enable}, - ${optionalString cfg.sync.emailPrefixSuffix.enable '' - "emailPrefixAttribute": "${cfg.sync.emailPrefixSuffix.prefixAttribute}", - "emailSuffix": "${cfg.sync.emailPrefixSuffix.suffix}", - ''} - - "users": ${boolToString cfg.sync.users.enable}, - ${optionalString cfg.sync.users.enable '' - "userPath": "${cfg.sync.users.path}", - "userObjectClass": "${cfg.sync.users.objectClass}", - "userEmailAttribute": "${cfg.sync.users.emailAttribute}", - "userFilter": "${cfg.sync.users.filter}", - ''} - - "groups": ${boolToString cfg.sync.groups.enable}, - ${optionalString cfg.sync.groups.enable '' - "groupPath": "${cfg.sync.groups.path}", - "groupObjectClass": "${cfg.sync.groups.objectClass}", - "groupNameAttribute": "${cfg.sync.groups.nameAttribute}", - "groupFilter": "${cfg.sync.groups.filter}", - ''} - - "interval": 5 - } - ''; - - sed_string = string: builtins.replaceStrings ["." "/" "\n"] ["\\." "\\/" "\\n"] string; + json_string = string: builtins.replaceStrings ["\""] ["\\\""] string; in { imports = []; @@ -68,7 +62,7 @@ in { type = types.package; default = pkgs.bitwarden-directory-connector; defaultText = literalExpression "pkgs.bitwarden-directory-connector"; - description = lib.mdDoc "Reference to the Ditwarden Directory Connector package"; + description = lib.mdDoc "Reference to the Bitwarden Directory Connector package"; example = literalExpression "pkgs.bitwarden-directory-connector-example"; }; @@ -295,6 +289,7 @@ in { wantedBy = ["multi-user.target"]; after = ["network-online.target"]; wants = []; + path = [pkgs.jq]; environment = { BITWARDENCLI_CONNECTOR_APPDATA_DIR = cfg.directory; @@ -315,18 +310,26 @@ in { ${cfg.package}/bin/${cfg.binary_name} login # set the ldap details - sed -i 's/"ldap": null/"ldap": ${sed_string ldap_data}/' ${cfg.directory}/data.json + account=$(jq '.authenticatedAccounts[0]?' ${cfg.directory}/data.json) + jq ".[$account].directoryConfigurations.ldap |= ${json_string ldap_data}" ${cfg.directory}/data.json > ${cfg.directory}/data1.json + + # remove the original + rm -f ${cfg.directory}/data.json # set the client id orgID=$(echo $BW_CLIENTID | sed 's/organization\.//g') - sed -i "s/\"organizationId\": null/\"organizationId\": \"$orgID\"/" ${cfg.directory}/data.json + jq ".[$account].directorySettings.organizationId |= \"$orgID\" " ${cfg.directory}/data1.json > ${cfg.directory}/data2.json # and sync data - sed -i 's/"sync": null/"sync": ${sed_string sync_data}/' ${cfg.directory}/data.json + jq ".[$account].directorySettings.sync |= ${json_string sync_data}" ${cfg.directory}/data2.json > ${cfg.directory}/data.json # final config ${cfg.package}/bin/${cfg.binary_name} config directory 0 ${cfg.package}/bin/${cfg.binary_name} config ldap.password --secretenv ${cfg.ldap.pw_env} + + # cleanup temp files + rm -f ${cfg.directory}/data1.json + rm -f ${cfg.directory}/data2.json ''; ExecStart = ''${cfg.package}/bin/${cfg.binary_name} sync''; From 35f6d63c1005f8f828a3a22cff264cdbc7724c94 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 13 Nov 2023 00:54:23 +0000 Subject: [PATCH 189/826] feat: Improved config further further --- .../bitwarden/_bitwarden_sync_module.nix | 408 +++++++++--------- applications/bitwarden/bitwarden_sync.nix | 31 +- 2 files changed, 215 insertions(+), 224 deletions(-) diff --git a/applications/bitwarden/_bitwarden_sync_module.nix b/applications/bitwarden/_bitwarden_sync_module.nix index 75a977e..2193603 100644 --- a/applications/bitwarden/_bitwarden_sync_module.nix +++ b/applications/bitwarden/_bitwarden_sync_module.nix @@ -7,49 +7,26 @@ with lib; let cfg = config.services.bitwarden_directory_connector; - ldap_data = builtins.toJSON { - ssl = cfg.ldap.ssl; - startTls = cfg.ldap.startTls; - sslAllowUnauthorized = cfg.ldap.sslAllowUnauthorized; - port = cfg.ldap.port; - currentUser = false; - ad = cfg.ldap.ad; - pagedSearch = true; - password = "to_be_replaced"; - hostname = cfg.ldap.hostname; - rootPath = cfg.ldap.root; - username = cfg.ldap.username; - }; + ldap_data = builtins.toJSON cfg.ldap; + sync_data = builtins.toJSON cfg.sync; - sync_data = - builtins.toJSON - ({ - removeDisabled = cfg.sync.removeDisabled; - overwriteExisting = cfg.sync.overwriteExisting; - largeImport = cfg.sync.largeImport; - creationDateAttribute = cfg.sync.creationDateAttribute; - memberAttribute = cfg.sync.memberAttribute; - interval = 5; - useEmailPrefixSuffix = cfg.sync.emailPrefixSuffix.enable; - users = cfg.sync.users.enable; - groups = cfg.sync.groups.enable; - } - // optionalAttrs cfg.sync.emailPrefixSuffix.enable { - emailPrefixAttribute = cfg.sync.emailPrefixSuffix.prefixAttribute; - emailSuffix = cfg.sync.emailPrefixSuffix.suffix; - } - // optionalAttrs cfg.sync.users.enable { - userPath = cfg.sync.users.path; - userObjectClass = cfg.sync.users.objectClass; - userEmailAttribute = cfg.sync.users.emailAttribute; - userFilter = cfg.sync.users.filter; - } - // optionalAttrs cfg.sync.groups.enable { - groupPath = cfg.sync.groups.path; - groupObjectClass = cfg.sync.groups.objectClass; - groupNameAttribute = cfg.sync.groups.nameAttribute; - groupFilter = cfg.sync.groups.filter; - }); + # coping directly from nix https://github.com/NixOS/nixpkgs/blob/da4024d0ead5d7820f6bd15147d3fe2a0c0cec73/nixos/modules/config/nix.nix#L62C1-L76C49 + semanticConfType = with types; let + confAtom = + nullOr + (oneOf [ + bool + int + float + str + path + package + ]) + // { + description = "Nix config atom (null, bool, int, float, str, path or package)"; + }; + in + attrsOf (either confAtom (listOf confAtom)); json_string = string: builtins.replaceStrings ["\""] ["\\\""] string; in { @@ -90,161 +67,184 @@ in { default = "/etc/bitwarden/bwdc"; }; - ldap = { - ssl = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Use SSL."; - }; - startTls = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Use STARTTLS."; - }; - sslAllowUnauthorized = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc ""; - }; - ad = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Is Active Directory."; - }; - port = mkOption { - type = types.int; - default = 389; - description = lib.mdDoc "Port LDAP is accessable on"; - }; - hostname = mkOption { - type = types.str; - description = lib.mdDoc "The host the LDAP is accessable on."; - example = "ldap.example.com"; - }; + pw_env = mkOption { + type = types.str; + description = lib.mdDoc "The ENV var that the ldap password is stored."; + default = "LDAP_PW"; + }; + interval = mkOption { + type = types.str; + default = "*:0,15,30,45"; + description = lib.mdDoc "When to run the connector, OnCalendar syntax."; + }; - root = mkOption { - type = types.str; - description = lib.mdDoc "Root path for LDAP"; - example = "dc=example,dc=com"; - }; + ldap = mkOption { + description = lib.mdDoc "Options to configurate LDAP."; + type = types.submodule { + freeformType = semanticConfType; - username = mkOption { - type = types.str; - description = lib.mdDoc "The user to authenticate as."; - example = "cn=admin,dc=example,dc=com"; - }; - pw_env = mkOption { - type = types.str; - description = lib.mdDoc "The ENV var that the ldap password is stored."; - default = "LDAP_PW"; + options = { + ssl = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Use SSL."; + }; + startTls = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Use STARTTLS."; + }; + sslAllowUnauthorized = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc ""; + }; + port = mkOption { + type = types.int; + default = 389; + description = lib.mdDoc "Port LDAP is accessable on"; + }; + currentUser = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Unknown what this does."; + }; + ad = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Is Active Directory."; + }; + pagedSearch = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "The LDAP server paginates search results."; + }; + + hostname = mkOption { + type = types.str; + description = lib.mdDoc "The host the LDAP is accessable on."; + example = "ldap.example.com"; + }; + + rootPath = mkOption { + type = types.str; + description = lib.mdDoc "Root path for LDAP"; + example = "dc=example,dc=com"; + }; + + username = mkOption { + type = types.str; + description = lib.mdDoc "The user to authenticate as."; + example = "cn=admin,dc=example,dc=com"; + }; + }; }; }; - sync = { - interval = mkOption { - type = types.str; - default = "*:0,15,30,45"; - description = lib.mdDoc "When to run the connector, OnCalendar syntax."; - }; - removeDisabled = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc "Remove users from bitwarden groups if no longer in the ldap group."; - }; - overwriteExisting = mkOption { - type = types.bool; - default = false; - description = - lib.mdDoc "Remove and re-add users/groups, See https://bitwarden.com/help/user-group-filters/#overwriting-syncs for more details."; - }; - largeImport = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Enable if you are syncing more than 2000 users/groups."; - }; + sync = mkOption { + description = lib.mdDoc "Options to configurate what gets synced."; + type = types.submodule { + freeformType = semanticConfType; - memberAttribute = mkOption { - type = types.str; - description = lib.mdDoc "Attribute that lists members in a LDAP group."; - example = "uniqueMember"; - }; + options = { + removeDisabled = mkOption { + type = types.bool; + default = true; + description = lib.mdDoc "Remove users from bitwarden groups if no longer in the ldap group."; + }; + overwriteExisting = mkOption { + type = types.bool; + default = false; + description = + lib.mdDoc "Remove and re-add users/groups, See https://bitwarden.com/help/user-group-filters/#overwriting-syncs for more details."; + }; + largeImport = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Enable if you are syncing more than 2000 users/groups."; + }; - creationDateAttribute = mkOption { - type = types.str; - description = lib.mdDoc "Attribute that lists a users creation date."; - example = "whenCreated"; - }; + memberAttribute = mkOption { + type = types.str; + description = lib.mdDoc "Attribute that lists members in a LDAP group."; + example = "uniqueMember"; + }; - emailPrefixSuffix = { - enable = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "If a user has no email address, combine a username prefix with a suffix value to form an email."; - }; - prefixAttribute = mkOption { - type = types.str; - description = lib.mdDoc "Attribute that has a users username."; - example = "accountName"; - }; - suffix = mkOption { - type = types.str; - description = lib.mdDoc "Suffix for the email, normally @example.com."; - example = "@example.com"; - }; - }; + creationDateAttribute = mkOption { + type = types.str; + description = lib.mdDoc "Attribute that lists a users creation date."; + example = "whenCreated"; + }; - users = { - enable = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Sync users."; - }; - path = mkOption { - type = types.str; - description = lib.mdDoc "User directory, relative to root."; - example = "ou=users"; - }; - objectClass = mkOption { - type = types.str; - description = lib.mdDoc "A class that users will have."; - example = "inetOrgPerson"; - }; - emailAttribute = mkOption { - type = types.str; - description = lib.mdDoc "Attribute for a users email."; - example = "mail"; - }; - filter = mkOption { - type = types.str; - description = lib.mdDoc "Filter for users."; - example = "(memberOf=cn=sales,ou=groups,dc=example,dc=com)"; - }; - }; - groups = { - enable = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Sync groups."; - }; - path = mkOption { - type = types.str; - description = lib.mdDoc "Group directory, relative to root."; - example = "ou=groups"; - }; - objectClass = mkOption { - type = types.str; - description = lib.mdDoc "A class that groups will have."; - example = "groupOfNames"; - }; - nameAttribute = mkOption { - type = types.str; - description = lib.mdDoc "Attribute for a name of group."; - example = "cn"; - }; - filter = mkOption { - type = types.str; - description = lib.mdDoc "Filter for groups."; - example = "(cn=sales)"; + useEmailPrefixSuffix = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "If a user has no email address, combine a username prefix with a suffix value to form an email."; + }; + emailPrefixAttribute = mkOption { + type = types.str; + description = lib.mdDoc "Attribute that has a users username."; + default = "accountName"; + }; + emailSuffix = mkOption { + type = types.str; + description = lib.mdDoc "Suffix for the email, normally @example.com."; + default = "@example.com"; + }; + + users = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Sync users."; + }; + userPath = mkOption { + type = types.str; + description = lib.mdDoc "User directory, relative to root."; + default = "ou=users"; + }; + userObjectClass = mkOption { + type = types.str; + description = lib.mdDoc "A class that users will have."; + default = "inetOrgPerson"; + }; + userEmailAttribute = mkOption { + type = types.str; + description = lib.mdDoc "Attribute for a users email."; + default = "mail"; + }; + userFilter = mkOption { + type = types.str; + description = lib.mdDoc "Filter for users."; + example = "(memberOf=cn=sales,ou=groups,dc=example,dc=com)"; + default = ""; + }; + + groups = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Sync groups."; + }; + groupPath = mkOption { + type = types.str; + description = lib.mdDoc "Group directory, relative to root."; + default = "ou=groups"; + }; + groupObjectClass = mkOption { + type = types.str; + description = lib.mdDoc "A class that groups will have."; + default = "groupOfNames"; + }; + groupNameAttribute = mkOption { + type = types.str; + description = lib.mdDoc "Attribute for a name of group."; + default = "cn"; + }; + groupFilter = mkOption { + type = types.str; + description = lib.mdDoc "Filter for groups."; + example = "(cn=sales)"; + default = ""; + }; }; }; }; @@ -252,7 +252,7 @@ in { env = { ldap = mkOption rec { type = types.str; - description = "Auth for the LDAP, has value defined in {option}`ldap.pw_env"; + description = "Auth for the LDAP, has value defined in {option}`pw_env"; }; bitwarden = mkOption rec { type = types.str; @@ -278,7 +278,7 @@ in { wantedBy = ["timers.target"]; partOf = ["bitwarden_directory_connector.service"]; timerConfig = { - OnCalendar = cfg.sync.interval; + OnCalendar = cfg.interval; Unit = "bitwarden_directory_connector.service"; Persistent = true; }; @@ -309,27 +309,21 @@ in { # now login to set credentials ${cfg.package}/bin/${cfg.binary_name} login - # set the ldap details - account=$(jq '.authenticatedAccounts[0]?' ${cfg.directory}/data.json) - jq ".[$account].directoryConfigurations.ldap |= ${json_string ldap_data}" ${cfg.directory}/data.json > ${cfg.directory}/data1.json + jq '.authenticatedAccounts[0] as $account + | .[$account].directoryConfigurations.ldap |= $ldap_data + | .[$account].directorySettings.organizationId |= $orgID + | .[$account].directorySettings.sync |= $sync_data' \ + --argjson ldap_data ${escapeShellArg ldap_data} \ + --arg orgID "''${BW_CLIENTID//organization.}" \ + --argjson sync_data ${escapeShellArg sync_data} \ + ${escapeShellArg cfg.directory}/data.json \ + > ${escapeShellArg cfg.directory}/data.json.tmp - # remove the original - rm -f ${cfg.directory}/data.json - - # set the client id - orgID=$(echo $BW_CLIENTID | sed 's/organization\.//g') - jq ".[$account].directorySettings.organizationId |= \"$orgID\" " ${cfg.directory}/data1.json > ${cfg.directory}/data2.json - - # and sync data - jq ".[$account].directorySettings.sync |= ${json_string sync_data}" ${cfg.directory}/data2.json > ${cfg.directory}/data.json + mv -f -- ${escapeShellArg cfg.directory}/data.json.tmp ${escapeShellArg cfg.directory}/data.json # final config ${cfg.package}/bin/${cfg.binary_name} config directory 0 - ${cfg.package}/bin/${cfg.binary_name} config ldap.password --secretenv ${cfg.ldap.pw_env} - - # cleanup temp files - rm -f ${cfg.directory}/data1.json - rm -f ${cfg.directory}/data2.json + ${cfg.package}/bin/${cfg.binary_name} config ldap.password --secretenv ${cfg.pw_env} ''; ExecStart = ''${cfg.package}/bin/${cfg.binary_name} sync''; diff --git a/applications/bitwarden/bitwarden_sync.nix b/applications/bitwarden/bitwarden_sync.nix index fb013e0..983904c 100644 --- a/applications/bitwarden/bitwarden_sync.nix +++ b/applications/bitwarden/bitwarden_sync.nix @@ -22,6 +22,8 @@ in { package = pkgs.callPackage ./_bitwarden-directory-connector.nix {}; + pw_env = "LDAP_ADMIN_PW"; + ldap = { ssl = false; startTls = false; @@ -29,9 +31,8 @@ in { ad = false; port = 389; hostname = "account.skynet.ie"; - root = "dc=skynet,dc=ie"; + rootPath = "dc=skynet,dc=ie"; username = "cn=admin,dc=skynet,dc=ie"; - pw_env = "LDAP_ADMIN_PW"; }; sync = { @@ -40,21 +41,17 @@ in { largeImport = false; memberAttribute = "member"; creationDateAttribute = "skCreated"; - emailPrefixSuffix.enable = false; - users = { - enable = true; - path = "ou=users"; - objectClass = "inetOrgPerson"; - emailAttribute = "skMail"; - filter = "(|(memberOf=cn=skynet-committee,ou=groups,dc=skynet,dc=ie)(memberOf=cn=skynet-admins,ou=groups,dc=skynet,dc=ie))"; - }; - groups = { - enable = true; - path = "ou=groups"; - objectClass = "groupOfNames"; - nameAttribute = "cn"; - filter = ""; - }; + + users = true; + userPath = "ou=users"; + userObjectClass = "inetOrgPerson"; + userEmailAttribute = "skMail"; + userFilter = "(|(memberOf=cn=skynet-committee,ou=groups,dc=skynet,dc=ie)(memberOf=cn=skynet-admins,ou=groups,dc=skynet,dc=ie))"; + + groups = true; + groupPath = "ou=groups"; + groupObjectClass = "groupOfNames"; + groupNameAttribute = "cn"; }; env = { From 6ea0240a3ac2d770c22a62d1d9c7e5d75d6b56ae Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 15 Nov 2023 16:41:30 +0000 Subject: [PATCH 190/826] feat: rebuit jones to make it be able to be rebooted --- machines/_base.nix | 4 +- machines/agentjones.nix | 18 ++------ machines/cadie.nix | 1 + machines/earth.nix | 1 + machines/galatea.nix | 1 + machines/gir.nix | 1 + machines/glados.nix | 1 + machines/hardware/RM001.nix | 8 ++-- machines/hardware/RM002.nix | 1 + machines/hardware/RM007.nix | 1 + machines/hardware/_base.nix | 4 ++ machines/kitt.nix | 1 + machines/neuromancer.nix | 1 - machines/optimus.nix | 1 + machines/skynet.nix | 1 + machines/vendetta.nix | 1 - machines/vigil.nix | 1 + machines/wheatly.nix | 1 + secrets/backup/restic.age | Bin 2191 -> 2179 bytes secrets/backup/restic_pw.age | 29 +++++++------ secrets/bitwarden/api.age | Bin 795 -> 917 bytes secrets/bitwarden/details.age | 30 +++++++------- secrets/discord/ldap.age | 44 ++++++++++---------- secrets/discord/token.age | Bin 842 -> 854 bytes secrets/dns_certs.secret.age | 62 ++++++++++++++-------------- secrets/dns_dnskeys.conf.age | Bin 922 -> 953 bytes secrets/email/details.age | Bin 1217 -> 1208 bytes secrets/gitlab/db_pw.age | Bin 923 -> 870 bytes secrets/gitlab/ldap_pw.age | Bin 921 -> 892 bytes secrets/gitlab/pw.age | Bin 826 -> 909 bytes secrets/gitlab/runners/runner01.age | 30 +++++++------- secrets/gitlab/runners/runner02.age | Bin 856 -> 827 bytes secrets/gitlab/secrets_db.age | Bin 909 -> 832 bytes secrets/gitlab/secrets_jws.age | Bin 2440 -> 2423 bytes secrets/gitlab/secrets_otp.age | Bin 875 -> 931 bytes secrets/gitlab/secrets_secret.age | Bin 811 -> 892 bytes secrets/ldap/details.age | Bin 1227 -> 1404 bytes secrets/ldap/pw.age | Bin 1031 -> 1086 bytes secrets/nextcloud/pw.age | Bin 835 -> 768 bytes secrets/secrets.nix | 2 +- secrets/stream_ulfm.age | Bin 3003 -> 2937 bytes secrets/wolves/details.age | Bin 1221 -> 1286 bytes 42 files changed, 124 insertions(+), 121 deletions(-) diff --git a/machines/_base.nix b/machines/_base.nix index 240bf59..d26a887 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -7,8 +7,6 @@ ... }: { imports = [ - (modulesPath + "/virtualisation/proxmox-lxc.nix") - # for the secrets inputs.agenix.nixosModules.default @@ -25,6 +23,8 @@ ../applications/restic.nix ]; + boot.kernelPackages = pkgs.linuxPackages_latest; + nix = { settings = { # flakes are essensial diff --git a/machines/agentjones.nix b/machines/agentjones.nix index f3f9e2e..b2d14f4 100644 --- a/machines/agentjones.nix +++ b/machines/agentjones.nix @@ -16,11 +16,9 @@ Notes: Used to have Agent Smith as a partner but it died (Ironically) # name of the server, sets teh hostname and record for it name = "agentjones"; ip_pub = "193.1.99.72"; - ip_priv = "193.1.99.125"; hostname = "${name}.skynet.ie"; in { imports = [ - ./hardware/_base.nix ./hardware/RM001.nix ]; @@ -55,13 +53,13 @@ in { }; # keep the wired usb connection alive (front panel) - networking.interfaces.enp0s29u1u5u2.useDHCP = true; + # networking.interfaces.enp0s29u1u5u2.useDHCP = true; networking.hostName = name; # this has to be defined for any physical servers # vms are defined by teh vm host networking.interfaces = { - eno2 = { + eno1 = { ipv4.addresses = [ { address = ip_pub; @@ -69,16 +67,6 @@ in { } ]; }; - eno1 = { - #useDHCP = false; - ipv4.addresses = [ - { - # internal address - address = ip_priv; - prefixLength = 26; - } - ]; - }; }; # this server is teh firewall @@ -97,7 +85,7 @@ in { }; }; - enable = true; + enable = false; # gonna have to get all the forward = builtins.concatLists ( diff --git a/machines/cadie.nix b/machines/cadie.nix index e7c045b..7c7ad69 100644 --- a/machines/cadie.nix +++ b/machines/cadie.nix @@ -20,6 +20,7 @@ Notes: hostname = "${name}.skynet.ie"; in { imports = [ + (modulesPath + "/virtualisation/proxmox-lxc.nix") ../applications/nextcloud.nix ]; diff --git a/machines/earth.nix b/machines/earth.nix index e8c2f9d..ba2be39 100644 --- a/machines/earth.nix +++ b/machines/earth.nix @@ -20,6 +20,7 @@ Notes: hostname = "${name}.skynet.ie"; in { imports = [ + (modulesPath + "/virtualisation/proxmox-lxc.nix") ../applications/skynet.ie.nix ]; diff --git a/machines/galatea.nix b/machines/galatea.nix index f82217c..8b77265 100644 --- a/machines/galatea.nix +++ b/machines/galatea.nix @@ -21,6 +21,7 @@ Notes: hostname = "${name}.skynet.ie"; in { imports = [ + (modulesPath + "/virtualisation/proxmox-lxc.nix") ../applications/ulfm.nix ]; diff --git a/machines/gir.nix b/machines/gir.nix index ebb17e2..d46d153 100644 --- a/machines/gir.nix +++ b/machines/gir.nix @@ -21,6 +21,7 @@ Notes: #hostname = ip_pub; in { imports = [ + (modulesPath + "/virtualisation/proxmox-lxc.nix") ../applications/email.nix ]; diff --git a/machines/glados.nix b/machines/glados.nix index d1e7d2c..33db5f6 100644 --- a/machines/glados.nix +++ b/machines/glados.nix @@ -21,6 +21,7 @@ Notes: Each user has roughly 20gb os storage hostname = "${name}.skynet.ie"; in { imports = [ + (modulesPath + "/virtualisation/proxmox-lxc.nix") ../applications/gitlab.nix ]; diff --git a/machines/hardware/RM001.nix b/machines/hardware/RM001.nix index 6e756a7..0ecf097 100644 --- a/machines/hardware/RM001.nix +++ b/machines/hardware/RM001.nix @@ -10,6 +10,7 @@ }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") + ./_base.nix ]; boot.initrd.availableKernelModules = ["ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod"]; @@ -18,17 +19,17 @@ boot.extraModulePackages = []; fileSystems."/" = { - device = "/dev/disk/by-uuid/9b177e4a-726e-4e68-a0e1-53837a8cae2e"; + device = "/dev/disk/by-uuid/f7b9d648-735f-44b7-b439-6af601b234a7"; fsType = "ext4"; }; fileSystems."/boot" = { - device = "/dev/disk/by-uuid/41AD-70AF"; + device = "/dev/disk/by-uuid/679E-C352"; fsType = "vfat"; }; swapDevices = [ - {device = "/dev/disk/by-uuid/c5990c64-077f-45b1-96b5-44ec93e6651f";} + {device = "/dev/disk/by-uuid/b1da9f57-1ed0-4f10-a6c0-6536a0017b2a";} ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking @@ -38,7 +39,6 @@ networking.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.eno2.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s29u1u1.useDHCP = lib.mkDefault true; # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/machines/hardware/RM002.nix b/machines/hardware/RM002.nix index 01336bd..d7e8e0d 100644 --- a/machines/hardware/RM002.nix +++ b/machines/hardware/RM002.nix @@ -10,6 +10,7 @@ }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") + ./_base.nix ]; boot.initrd.availableKernelModules = ["ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"]; diff --git a/machines/hardware/RM007.nix b/machines/hardware/RM007.nix index 3888e34..18e8b35 100644 --- a/machines/hardware/RM007.nix +++ b/machines/hardware/RM007.nix @@ -10,6 +10,7 @@ }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") + ./_base.nix ]; boot.initrd.availableKernelModules = ["ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod"]; diff --git a/machines/hardware/_base.nix b/machines/hardware/_base.nix index ae8b77f..02a9a68 100644 --- a/machines/hardware/_base.nix +++ b/machines/hardware/_base.nix @@ -11,6 +11,10 @@ with lib; let has_ip = interface: (length config.networking.interfaces."${interface}".ipv4.addresses) != 0; in { config = { + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + assertions = [ { assertion = lists.any has_ip interfaces; diff --git a/machines/kitt.nix b/machines/kitt.nix index 5891571..ab313de 100644 --- a/machines/kitt.nix +++ b/machines/kitt.nix @@ -21,6 +21,7 @@ Notes: #hostname = ip_pub; in { imports = [ + (modulesPath + "/virtualisation/proxmox-lxc.nix") ../applications/ldap/server.nix ../applications/discord.nix ../applications/bitwarden/vaultwarden.nix diff --git a/machines/neuromancer.nix b/machines/neuromancer.nix index abfc3e5..1e4d271 100644 --- a/machines/neuromancer.nix +++ b/machines/neuromancer.nix @@ -20,7 +20,6 @@ Notes: hostname = "${name}.skynet.ie"; in { imports = [ - ./hardware/_base.nix ./hardware/RM007.nix ]; diff --git a/machines/optimus.nix b/machines/optimus.nix index 095c55c..9e80047 100644 --- a/machines/optimus.nix +++ b/machines/optimus.nix @@ -21,6 +21,7 @@ Notes: hostname = "${name}.skynet.ie"; in { imports = [ + (modulesPath + "/virtualisation/proxmox-lxc.nix") ../applications/games.nix ]; diff --git a/machines/skynet.nix b/machines/skynet.nix index 250f069..4992f5d 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -22,6 +22,7 @@ Notes: Does not host offical sites hostname = "${name}.skynet.ie"; in { imports = [ + (modulesPath + "/virtualisation/proxmox-lxc.nix") ../applications/skynet_users.nix ]; diff --git a/machines/vendetta.nix b/machines/vendetta.nix index eb594ab..f54fab9 100644 --- a/machines/vendetta.nix +++ b/machines/vendetta.nix @@ -20,7 +20,6 @@ Notes: Using the server that used to be called Earth hostname = "${name}.skynet.ie"; in { imports = [ - ./hardware/_base.nix ./hardware/RM002.nix ]; diff --git a/machines/vigil.nix b/machines/vigil.nix index e3c811c..d1f8f1c 100644 --- a/machines/vigil.nix +++ b/machines/vigil.nix @@ -19,6 +19,7 @@ Notes: hostname = "${name}.skynet.ie"; in { imports = [ + (modulesPath + "/virtualisation/proxmox-lxc.nix") ]; deployment = { diff --git a/machines/wheatly.nix b/machines/wheatly.nix index 02eabce..210db08 100644 --- a/machines/wheatly.nix +++ b/machines/wheatly.nix @@ -20,6 +20,7 @@ Notes: hostname = "${name}.skynet.ie"; in { imports = [ + (modulesPath + "/virtualisation/proxmox-lxc.nix") ../applications/gitlab_runner.nix ]; diff --git a/secrets/backup/restic.age b/secrets/backup/restic.age index 0800d91e6829266cfa4b9febff4d4f72a87ced45..c32b42e38bbb3e75a4642e05b01fac8a07ba3a12 100644 GIT binary patch literal 2179 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5zK8%L;Zj z&daDWOg2c&&WwnPHB8DX$PEw3_p8kC z@d;1TcTM-K3U>+hv5YFWNb&P5P51V4^Q?3;NJqELB%mrPKV8AaG|7{Ur!eQ@6pwu0T(@*pSgtO^XjMFbZ)nw2Yf6yzJ0Rt7qI z8E0387W${>n-};;mgc*JmWO+5`;-_)_~-kY6h=DdL?m;0TVz{!1XX2v7kK%5nK^6c zCRe5AMj9jrBu9m(hX#ha86~D9rj=`#1Yx8}m$0hf%yfmS;zaE#KVug|M_e{Sx1_Mluu$_5 zmjDx2i$YJwq@27W_jIG&P!sf!ERCviGEP^>HVjKl%?c>W$u04VGAYgUDXvIKbqt6y z40H?DP7BXB_0G*SDyaxaHV))+a&^rp%`gq{aZ3yGD=aa{OinjTHpxxNPD}Q2Nj7i~ z$PRUKE-z0v%qd5=t+FiGGO1j_#HXOtIW#oQ)!!g7EydK?GS?!<$T&aDE5M*KEzmtO z*{s;fETz(@$S9kuD$p>}-#97V**&o!GdsyYE6KmSFwey)!p%Iy*C?#2I5I0a+`G)M z%mgF9c~&|47CI{UMOYdIIRhGL`=k0gW4 zf8jR8ODC z@E|{b#~{;8C-<~UcZ-mcsABK3q`z$>YS+0=gtFP@5 zTwo9pUgcJ4q8;j5YEfC@R-Eb`SY+-VS!tARk!$8@Zc=WV?#PwlTohzn;*%X<=5J=| zT9T3)R+VW|QB+u&ml$H1QfiXyTH+THYFS~JXMi4W!G$hPxsD2nW~l-CQQFS_k$IWH z{#EG_DduK*6^0=h$;nQECHhr4dEVN_#-2v*!R1^AF4`GRIhGj~$!6Zc`9Xy)X$2w9 z5rr8+C7D6md10Z&7G_0WXP zN1A$vCS_-92RrBZWg5A9lvp~N1bcG1=LO{Ex`rE6B!?u2Y*JJLO8FU%*<9u67J-og9)9_OPVQc&QOPFBnMJ9NInLpwq1l1?WtKj!DZ%;P z<@!d&VB6AkH7pz*bkmDc6N^(7lngBGH8u5|6apOVN&{^}6jHPjvOKx6eS<5Ky|SuY z42;rD12SB)j66Nvf=aSXwVnNn4UJ;IA(R$3Ia_jiUyJ@j~Ock~sr)S^nwq%FVZ9I$j|{HRt`zK*$RtNUta)mx<( zl%M?;UgOoB&{#k9Xy~$^mD@H=TosmiY@7T}&J0Gw+H-k{dVAkZ=Q{e*KbtL;@l*fG ruHEmP@}o){BV6|{XrE+O!{nk=?sQLCW{>L6xzAaQA~tPy`K|^43DC{& literal 2191 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5tlZ@yadB zk18wjF-!6BH;d4(EI0JDG&GA!OfReObI&o%tH^TBj7ZIPHQ}nv3p5H&^UMyk@XaeP zakdN#u?S9eH!Lu6$|%iCOf@Js^o?{+F*PX3^+mVMB%mrPKV8AsvM3@)-#N|2EhyPD zEVMYk)HBB`G|)dK$0@{DyCl-bFt0QuqS7}o*MiH!Jt8zE(plfk+b=sUs?5dLH6$|0 z-8U=K$H_3zue6}TyuduQ$jG81G9TSGQ@<2T<8lR)h{A9uOW%SdfAduR3jdG@cPGb! zQtz@Xvz(lwu;55b1NXd?{BVze9AB>Nh^WY%@)83Vv&7sq{Qy5R`(#Sa9FxAkU?+W7zgQ}8rVk{xp#g92Tu zTv9{B9h3Df{EdvugUj-aB0`)pLJTTgG6T}h3XF3sA~Vyu^s@~EeR4CiBdP+73!I9Q zjPop$Bm66a3!Kxk{6hlu6VnQe96ckA6BEnPZF32$3eHSd$j-?y@GcHZayBc~4s{AN zcTY@9&MVK%^>;E%2{BD}4K)wWFEUJbt#mBsN{sLeaSROh^bPT^@<4P z_p|i(EXzwPH!H31$xZdoNOHqSC8beSPR8j9+L?x4X%QZ&exc!IrD>HJE{=hb2Ck((9?6cLDOp**QTbl} zhT26*1?fpuNf8*Sq_Qm7GO1j_JSxc0x46>1%)`X6JWt=tJTs`=v?RjOMLWtptg<|> z$}~7wzue3u$S9dBBHb(}G}x)i&nMC~HOSS^ufQxPyvjYwH@76HG{w8n*DW*H*e6*( zFc>4=JgXdi3mp}L%k{lXoI;aLl0(d#y}WZR{0yV=%%VcQ(jv2pQoVCcQ?eaXv(0it zs{*+q(k#pJN{b7U3(|9)BPxUaOe%8y&6CPKjs3jC!;{>yi-U}_i$e@7(=l?lN0LEi zL7+lnmQ$2hh^K!+k$Y%nzPWy`euz_{r*>qyn^9((k()=bqrRDuc2!P(h9g(Ge^z*E zVQ@%xWJGYjm!+ArQDvY@KuT(1rb(`6RJetYUs0g1V`P<|0Y=G{>z$>YS*{S6=jK>$ zk?fviX;S1;WaML+YvdE@V-et#kssh$l@%Cbk`rK{AMO(BYQSY;9F*;6R-TsZZEWEa zQBdwwrSBM+l#ZSzg9}}pavc@?D=h-DEu!?Z&AgK` zB8r_nqf$L0wOvfi+={a@eSJgpowD4@0$e?PD$}`g+;g_?eDfSld_t0)O{=`} zaw_uDj1%26vck(UaWScQ*QzKecEwyT#@WJYFql7DWfx1m{R zMR8zo88~ZTW^CKjhEltuUi)hfj0+A3r!c*ZAlS*GNaMuwW_Ihtl=8=0D= z6&iSXIu&?FM&?C@=V|ALrKBhN=9_0m8kU+DRRv_{CF_^u>sR=sggSER>gp;)7^Y=s zmR6P~n!7}L2Ko3!g=Pm7nWq#+6o+}4r{+Xt2f2lK`Q)WK=2&nU-(-#UI>77xhVOKU z8uO7UN)?GMsd>ebm5DNUUtewe{+2a&wz1j_RYRr@ms2b~Gc+&MF=$r0H@0Za5qFa< zGrt&9mnWsjRX9Jxr{P(OjKKfHMhk8=KDykl>M>pVr(%@C`InYULmNMCx%lgHVP7qC zX6-BYdxiexA4-Ca% diff --git a/secrets/backup/restic_pw.age b/secrets/backup/restic_pw.age index 17c903f..1885e43 100644 --- a/secrets/backup/restic_pw.age +++ b/secrets/backup/restic_pw.age @@ -1,16 +1,15 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA X73TNuqAEEP70YrpJ22gajHtIcup+AUyjnHnEPRkrQc -fOiScgObTZKv0WsmPS+BbsTvuJZcXTioGP56kABM7cU --> ssh-ed25519 4PzZog CNQuXi6jm6Xmh4QzBJ8+O0Jbnsh8UrEWMOsmRtXFshY -WTuhPe0dEnykE66GvnAEbguRvG0abdUodhHL0yPrWCE --> ssh-ed25519 5Nd93w 1DhYU2M+FSjtmIK0bWp1aS90HIpTzYo9WpW/B5c+njo -WHz3TOuDjv9MfjNV7VevwFR20lBxVWJJ6M96+wy9egs --> ssh-ed25519 q8eJgg a81sexKwFWkEFTP/X75A37ANOGq3YofVKdounD/wSVQ -lsIjaP1MU7v+P0PLcFwtX30KXOlyySAnmVPG+78xaYs --> ssh-ed25519 mKj+iw 5yD+zJi/C+BFNVGnio0EymgnuRHi7u9OTL/vuAT7vig -JWNvvMZdDv3iWYHP/DknhYyqUeUfKIxy9VVlIN8ExlI --> r`jNR?-grease h/n>KE, s{B|NV6h !' ; -YCNm7rDXLor2unHnuvnjg+BfiJMjK6/+7wHQaDBRdtrvKin+Dx9MW091g5cpq1Xw -H8OGvNrFms+7xaYJ2Ie6LjW8 ---- 3yRzK3Q9BlO/hxhid+T5qFHbnVc0Ohg5SbAdyYXGNfw -c5줄t`fGqh L~L߹wUCw(gh, yctQ[pa1Cܷ`0ɓim \ No newline at end of file +-> ssh-ed25519 V1pwNA UrkmIZL5xSVVJ//LVygMsIVjv9axkiGHQzYXytxB2Vk +EEI30Szqp55TKBUpHGhE0kG9MpiJbRYUatwjxI4uarY +-> ssh-ed25519 4PzZog z4kmVHgbEbTAUK2n77K4kPep1JVKeOjJ/DsBbllwC2I +u4Cj9g0oAD08yeAh86koOQpAOnkGwDTtgQDf/i6uvSc +-> ssh-ed25519 5Nd93w YKp+mkt1IJCd3upuXavalOs06kADebHehoI4EyGSJ3U +lsDewdeBFBGj+SyJCp6Eay6Ym1oervcy4k4YqWdvwbc +-> ssh-ed25519 q8eJgg Zp0cx2VSagfaLWVNcThlrZDSWh00t9x7NWFNH22f3Cw +Beddl2WC2hX0iUNRlYPx0tYofpVLuvpA+1QKeXL+Ln4 +-> ssh-ed25519 mKj+iw ZekINCT2/NuDprvxYC2NYaMJpy7eWFxKjz6DxX1+1U4 +OvwkA2dpaJWek5JwUNr+QFJDVTWzNaTVE8cILb+lcFk +-> `^ZVU'F]-grease +bX85oZ2Oeg +--- +N65SzHOFt+I2pi7AqBvcIqKrpwK929+E3BFJeIvuTI +oxĥ8!"{YC: fnmogCz?'0iܞ(o-a U#s烏Qޛ0}B|Z \ No newline at end of file diff --git a/secrets/bitwarden/api.age b/secrets/bitwarden/api.age index e92f6e76e3271a4237d4c24594d57c02f6f8b2e0..8d4755ff8a820388a0e72ee0112c9593f816521c 100644 GIT binary patch delta 829 zcmbQuHkEyXPQ7E5OPFD}VW@tjzo(mHRi#l>R7kdVc147-e^N<+wt-J>c7?lhidSH! zBUea4np0A-rDM5iPGCiNa)d=vQfhfvO0j2VN_j!5shM|SSz4%XTBu)$0hg|wLUD11 zZfc5=si~o*f=NJCRDQZbd4Q{9rb|vnex#SXfk#n*fm^Oyx>;C}SyoVzmr+utbFO(o zXsM-da$`g%$e724MwdKE{TAAui=yp$5j@ zj$wsG;Z^1yg#ndmAuidK!68Zc<(7T{E};dX+I~KvMtLE=&c%+C;~B-n!_&$FQ(d)< zoqWBMoee6o61~#(^U@1EinE+jExgQ~LkqOSa>G3hOL8K)JdGT4E3=FW5=#pWi+uco z%zOgVEb?=*obm#kk_`0&LrMZmBLZ^_Gu?eBpJf!U_wqAw@ro$Q4N58qbn?pzGtM_D zFEB|>PuC95HTSIykMg$+F-k5=b#yA`O0LZFcPXNdWu>2+kEN4Ym8G|TrgvtRr%zRIMOK(&lw+}zyT4Is zaB@;uNkFA(W_orZm#(g^La|$#zEMV%MQXjFnRa%0kw;)!L`te@WrTT=PnwIbWl}|i ziA$BKbB1eVAeW_4Xlu#b-wa#wx7w;J>oFYu^Pq9V<6CCl%IxbmZ8q{W6>JMNEe)Cf z?O4f$-Ot&RdfglL`QE73-M^;j2tx$_lw4h1k^kwB0}^>>sdYU+RKeIaQ%@^GEHwD- zrhF4cbrsRGXYx8%oqi_!wl2^~~ K8O5@Sti1qcIVMQ} delta 706 zcmbQrKAUZVPQ7KZXTEDem3NAMs;8xiV`)ZSMTlWmWr$~iPiA46pHEqoQNBx|YgI&O zBv)i{Nm#jiP*zlEM0%;4wr`kMQB|f%L6%8|aio{0k&#huxj|)BRGOJzAeXM4LUD11 zZfc5=si~o*f=NJCRDQaGdA6IrX{CvOVTzlDg`bH_hFgWXyQOhjsI$LOPqXI4RWNls{9giD!Is6|vxvO%7QUz$sLQHEchhoyG< z#E;_P;aMe?Macz*k*?|4C6@XD7G;s4sbNWejwVJ1DMd+D`nge2u0c_5q3)qvVXmf$ z2H_Q^;USfVM#;{(Mq%m3UKZ|=frd`n;d!pfiTZ9KZUGrl#(A!j;~B-nU2{{iz0-Y5 zEPb-0g2QqR3j7Sp(u_?DEJDi*oWiTz^pl;9jl#+@D+7JGJTtY^wae0d^PRISBO(i& z^ZhGBTuh1+Ga~&$Gm-*>@?FZ)UGk!wLtR5BpJf!UFYwDLGBhx^bTd!0s47fLGD#}U zstOG7OU%gk4t4S{aSzULDYZ;DDl#_Uatlo~3@r3;@~Jc`OfpIJh)j)24@@no%!)8E z@ySch4#+7pF*CC?2~H^n#eku1dQoa(ajJq>kwUPUg`=Z_S(QV2fI_4u7niQCu0pPB zwnx2phHF)JVzEI`h-FEYYnWTAYigcbxS3;_iK{_rM3r-DWV&-okRzAQ6KN-o_vhF) zHg@ls8S0?;RZDKm+|`x;o^W$H8!G;OeWaxN^rfVmT2pgU#XS6*dUo`@-FhXXTUkF$ zXU_Bore0Q>`!|>fq}l9k&EQ%n!0E`TG2guH$Y#s9PnS1cHvjgq=Ip{({x%=-x8<}? rX7yetBi^a@u&%!D=U&VBr^df$2yS2bAyPhVf01v0g`wFc#+fSt2Zj4b diff --git a/secrets/bitwarden/details.age b/secrets/bitwarden/details.age index 3d5ac2a..ea53a6b 100644 --- a/secrets/bitwarden/details.age +++ b/secrets/bitwarden/details.age @@ -1,16 +1,16 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA d3Xy8iQxiSb8gV8NRqBAxBm0g5V1INUAeHJDFdAqe3o -Uaw/Q/BjZabCWBoKJmSICiUn8/OWXjj+/sx0BZKxWj8 --> ssh-ed25519 4PzZog qxpYb+zz05nntFRA8k0ZwWSmpvOA8gnf8AaBuy5xyhQ -ssOtug0RBDkPbSEC4Acs/UNelfLmkLLH2pEm0geAuVE --> ssh-ed25519 5Nd93w iXfwzbDeUuFqwXPztMdaBXnfXY7W8sQXmcxEtMqkPzM -t88pMxJ09RtrNEd1tn8N5iUh2mnaHwzb3dD6xlt8jRw --> ssh-ed25519 q8eJgg 4NAejBkAf4tZEsq6YsWJiOTq3wBBkDHB3Z1CFG8LeSk -yIicVNLUkaHs9RzaEFFn0SVqR5QiKNJZShehiEfvTh4 --> ssh-ed25519 IzAMqA orpGqetn3ND76DC2QejaGnAlPDlV43l7/GdJB47SFQA -U0Bm9/VgoY6/dwIdqZpOY5rQc5j/TBlKzRS8rndyxu4 --> _-grease yOwV[T R\ b>SI aVM^#_X -VfqPBdd5CK3GXPcBxXzbq9ak7qYJrnrxU7O7pKmfavJJ55dsmXKvEI7NE2tgASsr -Gxc1ttbQ4310R2CN0IM7xvMRLQsg/MnA2WGiwO52OYkHJXZ/i9F8ro4sq8q5cJE ---- T8NUXH3YnnAIycabcEi8uFUfnDuvdgy3COrUoPPA+lQ -QýPE*NcY޳ Y튰nKBaz^fJyhW!u|dDq'}6^5wSk1%Nsmwi+|Dpϔqr!1ə ?H$(f͐gKn{a93tl܂GbrでbMY(`y&,'{= \ No newline at end of file +-> ssh-ed25519 V1pwNA q4Ueso2aibg13pKFkdrI6GFwjsX6s2G/+U2jXAMcxEE +Y++4/bN7b0IX/ArWW78UEUIEqbLwFc10cAbpiyAOePU +-> ssh-ed25519 4PzZog ucFdPmkbTRvY78ablrQGVdvsSM9Fy2KvzB9bWwV1M1E +kJLFAJsC688+ApYxU6GmZQHyb3wk/d4fB8tuTT2H/rs +-> ssh-ed25519 5Nd93w uyM1GZJM0evpOxUoJ33RvuA9bhrlwMGWaWBXKt80Kko +9qHOuiBL4kLy7SpN7HmWmwikV4jC2KeabEwVPCDmddY +-> ssh-ed25519 q8eJgg m/js9ey/+C7HCxJC/rmPCTQGq0ORzoKiHoOyUAKv1gI +YNjioxNWoAz7pYJFlfkfIahbvW/XcPrY563w2hJbjD8 +-> ssh-ed25519 IzAMqA gns3Bpt9Tz3LmUuH/Z+jGHU9m1eJyXsZzY6MtWxo5FE +2OT9ca/t+rX2WT+8VfxQeCD2+rXmFtP5CIxox400/7g +-> L]bL276-grease 5cn4XU: & +Ge/lAHiOkIcdU6WgYBosz58Xwd+HUtz4Di2KAir88dRprRZCl9m9z4m6kRhPjdYk +N6dru5r+GA+y+e4AKMaN+FBa +--- UuWKkXjxdS6jDoVh+rEXqXoYXtKYJps30Na7+VZQZ6I +.zz:T-Iܲa/1S`*~@QVyw yy.;)a,%|9`*/}M4D31o7o]5rZ1cWHJugSG'n  2.&0;ԟl@N*WFX1jv.s7T;î \ No newline at end of file diff --git a/secrets/discord/ldap.age b/secrets/discord/ldap.age index 3e8660a..4e0140b 100644 --- a/secrets/discord/ldap.age +++ b/secrets/discord/ldap.age @@ -1,22 +1,24 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA xlTIjQff+BPeL2UECA0yAYFTMSTbVqnA+PTN7lAfE2k -nUCQZQUV8ydkbgoZhHVo1i9E49OgWh6JD9U+YDbO7O8 --> ssh-ed25519 4PzZog 2wGhFQ34UkF8KxzpRvTafpIqNaUChm0QuVUGoii3aHY -4GdDi96Ol5yKxTekD6Alzrw9vRBOuHERFN+MGAXALnw --> ssh-ed25519 5Nd93w LTQPqKIfVAkcRY/n4FBcttl5bWRvLKV35kVkCgfXhSE -fERddZA6QKOyFSogRSXu1meHUFabIFgjg6lSVa/OR6Y --> ssh-ed25519 q8eJgg ZaJw7DqjgIruLUteut2QbFp5MtdocR8WirUGf1BwW0g -LvSo3XGI+9Hw04gaXyOs6q3jZKgrUuaRm7ZZna0JOJs --> ssh-ed25519 IzAMqA kJYHO1B+S3L6IchTv8L6gEJdRS1lWTAP8omc09/13CE -IFHuqpK6sT+2r36gJj2+CLUJjEREvoxjfYZQyj1qtgU --> ssh-ed25519 uZzB3g +ev9Qgf0Ufxn0CsvWiC2rKTqMGNlI2getrSbwad+d20 -8Bu5NadOaZcIXCYL9WDZwiknPPGXCDLFoQK78SUXJEM --> ssh-ed25519 Hb0ipQ 7323aHKs1i4Ufh9EePnIbsDPGHhkjVABTPQ/ga7uQ1o -ONx1LDHESTKNTLU9yryAjW+q/kBF/SjJuRuM/JV9mvo --> ssh-ed25519 IzAMqA dPtQz4ppUCY+G7ygtY4WU8tGeiuagEIuw/mzp1MNuWk -sctOGA3tn+FdW1bBSenFj6Y9h0Dr9kAUFbJqbyUoDOs --> qYvB[-grease ;_85Y; -8BUJy4ivlkl4m5BUsynI1olVCA ---- akpO+kJAeIqo7YhXMFsw609zk/oJN6PjTZYrjCdqMh4 -6U6@NMJ2GÖMFJiJ&^1Y>2voD+'׭: :p6bՀt# -r!sgfYPnQ$s8f<{m9* \ No newline at end of file +-> ssh-ed25519 V1pwNA /ywPcnDv9MT97QtCtZyDgwiu6PFqQ9/syRsVKJljO38 +aqgfEOOFxZ9sAZa3ma6XX1NIHHfUgExflj/wh7kMln4 +-> ssh-ed25519 4PzZog diUivY//pDD5pO5DAOF/hpVFiy+UEPt//T2wSsb2hFs +8KilVjO5UOGqXzJ3DJl0Squh1KCBDLQz6Fp4P/+senI +-> ssh-ed25519 5Nd93w udWVov8JSaEni4WuLH4Cj+/+gDNrtVKL6FjMcR61wzs +K//4c4SpggpOITVg5QY0vzaedQJrnfKJwaWvZyknlI0 +-> ssh-ed25519 q8eJgg qHWmUmpkVNF3SZEnAgBU7EgF+q9eErnz+MldT0wwigk +MsEPbJof97Kz4emhNkZG34RZvJeC4Ky9OkncElfHumI +-> ssh-ed25519 IzAMqA +NXHK30PSHgyl0gPbO/AJTdveI2qcSbRSaJnWlPBHAE +iBpfcn9BHFXgoc70cQA5u9KqW2IdAveyXM9rV79J4c0 +-> ssh-ed25519 uZzB3g wD73v6MdXeeLGhOZBQcSi6/VLVtGBRk4UOwaFAJtsVo +KvGoCprdnry2gHwzTS+BfQ09DWawKKoA1q9QO0Z/n7k +-> ssh-ed25519 Hb0ipQ hqMralxzBAmwwVz2t5ySnk3skhxUGr+NXjbm+ZSKVVw +/MMOfDiQtiwoAD5DJxQnjpkpi/3C3DLXTSwUOkF6CSc +-> ssh-ed25519 IzAMqA yNEnWzWwhJSNsT1C8aFIiOYb7xXlKLcNL2mhisWhhmQ +9C5Iny+zpFc8wzYO5EUltD0nkHpJl6ADvDkexgHQGtE +-> inJ-grease ( $$4~2,{ gN +FFbbRchWkZG7edNSxcs5qfJzAc8u8jhjOTBttADj6gqrfbsvU+md/ttHShow4MBd +IttH8tmx/5VOiSdUHDpdlTabog +--- 0z74mEAmADrq8gy7L7n/JPWCE7HdBsXDBGkOHvlpHe4 +tTX^sϷ(D?'l7t^e1|},RⰟ0Xl%(d*;D{7eIHR; x$zCɶk= 83҆ej]1CÃΟ +%J +lSt.lU]SR $֩ \ No newline at end of file diff --git a/secrets/discord/token.age b/secrets/discord/token.age index 0360dfb4c01466d527c2649e40c0547c76aa7db5..3ef3ca78063d4c976c7296f42fa16ccb282e3bb9 100644 GIT binary patch delta 764 zcmX@bc8zUU8mb4}Mz##wo;+4&wh`GzjJF8NN0#o9qmE{>U1W*O;R70&s& zrjc3R=Gvw~0e*(5rP=wV#yLJIK3|SDw6{PBeSF2GXn#2 zTnjTp{leWceLR9Ijf2x1(<|Ll3NyUYlKo94pJkM&PY#Z<%+9x{@b{{yiU{-3HgPZY zk1`DNEB1>D_biL@)%SHvb$6;r4D;kFFLjPc3J5ba2oDM_E4FYfNbz=Z3NbJ?ck#>0 zt|&??buFvR@bvf5cFG1tKu%VcTYh$swsDA2cy?8=c2A*L}At0UKKo)yKbn(7W|&F8#)=xIWj&5yNgoq6p(D|-&^ zex+l%|3$?)Sr8JDsQV-5}0Ri>2RXK6BlU&R4TMZ|@U33;+}s5VQaQ delta 752 zcmcb{c8YC+PQ7Vik#D|{xo>)Io@GH%esFlQlT)E@aAjV2WtL;8p|(kGPO(#HkWX+` zC|6ZxV2V*vkxM{{LAFUrh+k2@iAQFxt80*@rHiGHQ(|ywcCe#ga9C(~IhU@TLUD11 zZfc5=si~o*f=NJCRDQaGZ+=#RcThn{YHo@}hIUy%o?Dhvk#=a6Q*fb&yLox8SAdhY zU!|$Le_B{MSD2Z5zF$sKfsvWFn_FpVdRSPozOi{=nn7MgRYX>$Z+>Nldt$zMVvuY0 z#E;_Pk>x>wnU>z^Nd_(^sir~sRbGZE0Ulu%-pOTwNy(LA>FF+JL1tz86`3Ynna)n- zhB1h@bNj}As;~B-n!+Zl1jZ*U} zQ<5{XLsI;mgHjW7T+@oo91HX_ObW~W{ajrw9U~1)Ou0@+ovn4lQ(d%y%rT^fPqNaH)#&Omoai zk4O&8%*yvGwhZ@9%LoNUK)h~xQEFmwDpzD+epXaqW@KWCyL+~Ons2UYab|E*fKk3< zc457Xi@Q&gc#EZ|z)`d%ts?XP>Vl1`&$ot)>iHU1YC#$J3lSuKRg z<$ZI`i&IPH|6cd(h~|y!WeJ<_9p1YrK|?m?d`OiYw}DV?M91|R3*yiHy1aX0(XUBO lR}WP#-giQk^I*su{&Nid`4x5f_qL1QKeEa>apLM9ZvjB^5fK0Y diff --git a/secrets/dns_certs.secret.age b/secrets/dns_certs.secret.age index 9a01683..351251e 100644 --- a/secrets/dns_certs.secret.age +++ b/secrets/dns_certs.secret.age @@ -1,32 +1,32 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA nG0AHa3H4vfygTEQoAHfY30CjOpmj1ffPOpCAJ3vmBk -Qut0rBmGYPJHaOdTWCOy5JML4NKCtlUIqTXmcXKSxZU --> ssh-ed25519 4PzZog I5+i0lkVwbzG+sqGrCReuHzsU19tLi1SboqPPBD4HGY -HrdFS0QOc3lOVe7iYxsm7akT768+SaligBdmCNKGL5s --> ssh-ed25519 5Nd93w 0R8EQvW2DzhhMETLXuC0I/b3QG4FdAojUhgCjl1veBw -BpPZd7qhqZK6ERYKGnu5NMf1nPZqM9uc3T6rQaCPuwU --> ssh-ed25519 q8eJgg Fb8LVHNk+tqj6mI/TwfcgJndt7/L9CZoZTTGX4hCuXg -/BnYhtGfNVtrICX1Sfa2o7h8RDZm6fmL6dyNUIMLXEU --> ssh-ed25519 XSrA6w LcEe4qfLXeWbPBHhYYhMuah0r11aviPO0tmaV/P/TzA -UlQ62w7iYlAkV2JDZdmBHuOFt/emPOb26l45RPSNKXg --> ssh-ed25519 DVzSig nK/TTAP8vl4Q6ltd96AJoFV78jXKqEagNrrA/SDC6l4 -1lYKWXfP+LAxPRObq1VWvZqdJZi7DijikoGzjT8JEEA --> ssh-ed25519 SqDBmA T9qOjPSZr44EdtGjz88G+qNwIwEkgKNtJm9lfMBu5Hk -7+qN1Uf/a1Bs9o5YyO6OsaC+F+odkfFnn9MYo04QxPU --> ssh-ed25519 UE6fcQ +VsGwaWJ0QuBfSBOO9fHpYXXVJin5c/1F+ZkGN5jC0U -cUo39xNopF6goxCoSRI3C1eg6ynSOX1HmbTqH6JCzjo --> ssh-ed25519 IzAMqA pcJ8a1soioxd/aX9a8SCyz+4ClrtUyDkQTNxUTH75U8 -iA2vSv0WroLZoRbjvwa5MxgPfFY8HTToCpLzOs1QdcQ --> ssh-ed25519 uZzB3g srDszrjqCUdPlZR1junFInBTCcV6Pf8YZjdfI/jlymQ -ZqWkiWNCdj14yXibvJZt5kzplJYxV+FTYNSW2g/+IfM --> ssh-ed25519 Hb0ipQ 7yV7BevtuILbQGDdzhb6xbA+1HE6gHIGBy/J5dqo2mo -vhZQ6RMeK7nmWVyrO2b5BRWA5UCLKKl/cmM8Qf4ywDo --> ssh-ed25519 uZzB3g uZqAB7XXJORAr4SqRrtELzgsj8F5/7ZHqYjQBHtuWB0 -hN/6oT92j0jn6TWGaPQ2GHNE57YaoYQrHz6XocOmSZw --> ssh-ed25519 YFaxCg uiXU3Fi8w3hzZ4tQD0xcijmHDXK1wIFXKwCTKlZtOHo -eW+0I5AFhJ/lutzftUFNjwBXbIT026qQh1iB2MyK0bo --> 3-;D;-grease >yx2 }|M -iHbl8gyGfyh72AKP2rKtBbtsOWD3zfJtXUvZmgtDr1hR++RRWE6hDOOKPeWrlTfc -r80zbGItMrUtbaV6BT5g9+Ji6w ---- 0GOtCNG/Yxp0gVi4t1R7nDT6ZdAvyM9XTWmsaLYwbOo -%r!wfmmeUpN1%oj,05x̃vU_F 'NM>GD ssh-ed25519 V1pwNA ZLBiDtR05iPx4valDRINj4rpMf7LHJE4rQvdE3JLFws +CFA3cMAAVxyPoPFohTH0IktUUzUMS75z1O5Ow7Hlbpk +-> ssh-ed25519 4PzZog OP0vtHH9L0mHY/ZxZurUmkBXNPfJMmqMC6mGq1yimFY +/FvT81dkPahxKnLd6NxmHOfS5GPcDi13Vx/hABocQkg +-> ssh-ed25519 5Nd93w Iwugqe9M50VCuvU0jGhameZlF8HLP2Krj8zXtGaGFnk +/RmG+W3FKVRk3rl7uFb0Lfb/pNyYM555N7Ayxv5t2X0 +-> ssh-ed25519 q8eJgg HvQZs85/nCMRrd8NjhI/3zZdzbnWkWFmZPjWBQ9LlwU +XP7B6pW3Zn/zzKb5RT3i8dMHUegM9zBRbt2EcMsoS3s +-> ssh-ed25519 XSrA6w sBC8C1fI+LRAp4PkrkwS4WkCmB24Lf0xkOTm3lFEwVw +nxepx6uOP0F4NnhWb9O4BMa6084oGPUV/u3BZmUnJFo +-> ssh-ed25519 DVzSig Hhq4J27OqtTUOF5EVxBYA2V5O6vTkqJS3uV+Nqxz2XE +FZGav4tw9/5TNQ6ILIAcy40dW1FVo0n9yRhdFm7Rozk +-> ssh-ed25519 SqDBmA Ke968FnJnRQBEbgZK3smFnbp/R9542HeQbW2ltT6HUc +0I3ZF2xdCF3//aXb+YmkNHmTMaFQFHRBQ4+UJl/msjA +-> ssh-ed25519 UE6fcQ PtVzyDlkmbwRwV0UMIQ0OM0e6BIqIsW8Ap7Vqiz8hmM +OFzxt4ynYCgBlltbDDiHZO3BOljgmXQGbPUV3Z+13cg +-> ssh-ed25519 IzAMqA m/7gUbADOIjcjVo3DSmaJXg35EmWHouzeFDcwOOhnUg +cSSr41Q49LP7bx3D3WxPd2gUAyJB5hq/dlP7M8dMKgY +-> ssh-ed25519 uZzB3g vjqV4e12hH55SCmhQjdfunDz24dIcABFyqVuATfxaC4 +jbp1laLOFLOVgtsQyGm7fvDfC/V68CjPHwe/ECQw3tc +-> ssh-ed25519 Hb0ipQ MU32Wb0m43Z0Vgs6tz10Y8HoqOH7kawoDxeNw4b8UB8 +gT2LjTU5ACx4nlW/wRVRy//h/Pd64VZs5+Dx3LbxDI4 +-> ssh-ed25519 uZzB3g 8ueMqQj3wMXI5huSNKLm78KnlqL4kjJ0PFKaGC1HUxE +pE9/rhz8bz5bwNeg2yZXinha5DXzr52BeKkocFz/wGo +-> ssh-ed25519 YFaxCg s4LJOWg5s+qZoSFViHug5uXKUP0Ehhy+zwjFzdWXXRs +GvuUJUsC0PqbexmF6t11kwLq7WrzhCv42r/mZZ9Bhfo +-> 3JfnOS-grease e-k 6,OtIN !g(TvN +wNYhfMNPtw +--- TngVRrso2T8d3nay1ViRStSZ9cWPw/cMCZEH+HvteRo +#j-3>oPq.x\ -N$FbZBC3!>KѰ8R@8˾([Jj/;⣺NB~GE eE2)` ' :e"M'J┆[ANs'%kJ(kp?_$ݎ;7~v$o]'ωhb + \ No newline at end of file diff --git a/secrets/dns_dnskeys.conf.age b/secrets/dns_dnskeys.conf.age index 845c331076fe75e63fcf6610e20e1fb2786a7f8d..b83d6375b7890fc96640c5a58b9ad65ac3bf2296 100644 GIT binary patch delta 865 zcmbQmzLR}|PJNhJNpX^|MMhSLrMsC~MVPsTWv*qJS&)&tv#GIfl3%!ISaMlFXl__Y zHkW0Pe`;W8rMHK1aiM-jRG3k4mY0Q7nRB*DL{_0?Mqpt|lu4GhTd0p=I+w1ULUD11 zZfc5=si~o*f=NJCRDQaGzHz2@eu}A2fLW1CWLjQjqFY#HKt-O9M_zVXpm#=qhecUl zK(1?{XQi z#E;_P#U-U?1?g1|66-gq=IjV+V%GE&`Kjmxu5g59H13ydR^3`%^G0pJf!UPtVKMcgiV9Npp8kHF3)+$t&^-YQNF03ptDlaq3uk!P8FL5^DN;Zvjsd5Q(4lAzoa`p^J3p6$_@pAPoPc*Lb z$@1`bcT4q5(GI96_esQvfij~=14~DRV!xu)v`QmKLyxe;Jdcpzi25LHvw)fXr}DP=qHL8`~FZ7wV=Lr6v}qDpYDEM*2C~S1G6_>er;{y9O)NXn9AQbEQ^Q z6uKwogp;KC6#$s`4|LL56kFMuVQp2z`;jwDYSOMh z?>l7PU;eT5X0_wuYpaYV7WJM^RNVGfr%~qaZo!<%+P`;1IC(~F<}|sma-sF|8ClSvcdFf>5o?%PJTdq`P!aegEOH=XXZnROu8ijPHAo<(A1npmhpL1l6M^V0yL26KG zg>!L;QHpygS5aw5O1_W2nPEwaTcMA?N0h!rWJQrlPP%unWu&8rewnjZS$?T@l74Ca z#E;_Pd3lzBMJ{fUMo#+qCBDJwh0bn19u^_lMQQq_scwn6=6;dB7Jk_#g+abtj&ANg z#mV^*`i_RV`r7HG6~?88m9E-ZUT#i)`q@!F<-wIz;pS=Hg&EnC;~B-na{^2Z!?K;7 z1IqkE^|Q3|s`M>0!qY1}3^Qj`2rld~>Eu*qb1M>6plT!4vOI-~npJf!U_s&U7%1-gjGj~bJ@iq=J3`i`k zEZ26*ch#=Ub0K;snSB7L{uu>AT^*PP&}94}vO zZU3lX&#=ne9K#65igf4PNG>Bcr%XR*5B)^1M1OCO4DaIbuwavL<4Aq;Vl%(|5^dw4 zJblL$=ZwN+N04=fy6Hu!iN&c3AqrV_Ha^O3CHY)N+5!G0DVh0h*%c`Pj*%()Q7$EZ z0l~gpy1KdwzPT0o^Ys%-RidOXN)>4q+4#;0%5<%`XzkvE7h*nLoSjYv_^f$15J|RNd5iCJdxo)lS$R=pmTP`?P-2>smuqfuSW1~sVSYwPL{4(~ z#E;_P9%d=p1^UL}k&%J^fhHaymVx0_5r)AgsTEH7F3wS|PL;`K!6Bt7j#;i;!Iq^d z0iNE4rp~V6xyc4m*{(T>J|P)q#`;dKsack$xrQ!IK~d(}K9R|j;~B-n3$v3;O-u?c zLQR9J{C&$)ij7^e_5D+`$_r8|{Y%`kDk@W)OOnk)vYgVnoXR{33!GgdwN0Z8B9oo6 zgEFH6O)UyNN^?`fE2@f3(sG@B0#Z!_D;<3&pJf!U&q*uI^skIeOpPkcNK5lit}4oP zbF$0}3oS}63=J*HiEt`)iEwiaF3FAL@^Ue9^oj7#2{8(BHO#kD)wdzNKDlzW-Ki-m!&OPHC3i@s@gs= zotCt`)+5+?a+Pa=;RJWDRci6dPTdlx&lKAwK<(1L;h delta 1113 zcmdnNd6090PJLFPc0`g(roXpORHScNUT$%4eu{Q!YD#*3nSrOfL4J9qw@+S%MQC`i zD_3AyeuiOyg_CoZnYp=FNlsR>UvZUoc}`}oW3hj-Sy)D>uUAHxp?hIwD3`9CLUD11 zZfc5=si~o*f=NJCRDQZbV7RHVerS3{QBg&*iGgK!vYWf3XPK{|exylQZiTU9L3(;- zL4RC@p#h%0L0M4|x#{Vtso~D)*`A4BA?7ZoNsbXoMwu1ig+_r~hWVB* z#-UaExqf*WCY8kop5_)=My9@*-Z>tH8SW{G0opDW9%Us3{^606;~B-n&BC1xjosWT z{ah?fiaqkplat)FjZ33K{fcudO^jS}3qt+FvYm6ol03?}g1o%6jT1vl$^#62O_E%) zGd;YE3`(oCJ<5a1Jq(f@^R(RqT#HRgOWXq|pJf!Uw=nlAPEAWG%{I>ra&xmV(T*w$ za8C&-sM2?<3W_YPO1BKnP6`OD2ne^}s&ERe%*ymnx74pHG_pvGaLYH+&-TbH2`H^H z_DGDn9 zOub!8gEGyuT>`l(QgaQ8D zJj%f#=bdSp=B8a{5LptDlo#dZA7L3-Szr|8X5p7zR+1j(Yg86qQI>2TlIh~fRghTZ z84*w#?2~Be=j~H&ToUT#7Vd5AR_vbUVqu!0?c!r(QE6K2mtK?&@=9{GZhBE_VsWa1 zZfRPif@^sVS4m26h;~(~wsu8in3qp!ZbrSCwp)H`zE4nOuu-^oN|3%saHK_OL553! zSB0T}xVBMLu$Nz@yJFu&;$_v1@u{u~(`=Vo_9KfQv_YURH5&sB^Ys zX{L{Fl&?i%iH|RruCA^^fTy#gXJLw0xW0>XK)Gd3Sy7Nraf+{(PpDh5tBHkcU`2h3 zfw4BlnW)Gw? z85v7T-vp(t{AK-whwtnb*3Ra;9Xl`Dw=Qkq+x|h;cXi_4jz?xW!ndrsHUum??NAVL zJzF&MND;?}Pil`2@qAibW7N7kSb6>&nLpbWiQTy_+xqX|qJyosTF)FXb9AT+S*{hN F4*)4#giHVc diff --git a/secrets/gitlab/db_pw.age b/secrets/gitlab/db_pw.age index 182cfd7a3ddd1d72ef3a015f5559500fbc07d24b..1320e807c16a30a1904396ed48f7dc7a5cf0085d 100644 GIT binary patch delta 782 zcmbQu{)}ycPJL*Eb4j>Msaa@l zHdmlQR8?qcNvLULN_e7IvX{PJNN7}Lra@jtMQLt{lb@4oaDZpAeo0WWFPE;JLUD11 zZfc5=si~o*f=NJCRDQZbc&@%_j(2cmVN!*0cA1Hxn_Fm^MWS(7Ze*UHg>#^>g}-^C zV^FerYIa0ASB_ytN`OIjURGj2Vq$S+fV*~JL~2x~zeT=_SyEZ4r+-LjX`yzIlW}DB z#E;_PzJ~thWflgZVd0skj^Sk{=KAK2X;~4a1t~`QiKYd9VU^y2VeUSGW_bo&ZrV9s zuFe*w*#+7WA)&0p-Wzcfm@YhWO8vxX@G%qq*0M!nwx8+ zUtoQxaf)k*g{h^fcBxNxsIga6N>xNvPEe(DNuZa7zE5UUPliGOfGm`89r*Td*j zj%$MMl+M5G?p`9k)y~+Aq(__ zD|?b9&x!6o5_|j0-_-T5zFk^pGQVQ3XkfB{@!y|6z8s2>k$3;zc>nU6%Nugf1}s}8 znen0g-}I-SOO)^M?|1Fm)-F7KYQ2u&!UcTq><;XG-*i@~SGe)fniVmj7fV#aZ63z} delta 835 zcmaFHHk*BdPQ90tdquiaMw+o>KwhPPWpS`+QCW$Lf4-5Alb>%rDIZvv!RD;p-EJ*L0L#; zU_f|co_TmWS7MM)fu+BpkH3DIVWqcYu7!bTYGj^YfqPMQo}WcdW}0PjML}9}k!e-_ z#E;_Pd8I~?9_6V4o+%mrIpu!ZhF&2B8Tv+*sX00R9`0u4#=-thDJF(NdB(0>CaKP* z6{%jyCOMXF79LK?6?q}vCApTy<>`(QPWm~PfyR|dA@0tZZo#3G;~B-n3;oQTeH^n4 zEy@#f-O`=2j2$gYGxCZOo!s3bT|yjrF>rDO#ej#2MvkApvu=7(YGQFJS8;wsps`U#aYKt-lymY-)@ZmLgNc{10; zVEOrR(KosNzpC@gUHT-q@fXjm*lpi*wsqEpdU>s2I?wC5=Y7JuC!ZKH+Hv3j2 RM%M04s+`WFm+T@O2LL_6B$)sJ diff --git a/secrets/gitlab/ldap_pw.age b/secrets/gitlab/ldap_pw.age index 4b1d10e8b4c40890aef5d16f75ac75ae20d520fe..a1db3dda7fd1dbb82d8a80ab0f609549d5e02b4b 100644 GIT binary patch delta 804 zcmbQq{)cUXPJObmSBiyWVNjy6X{w*Mds%sqp?P7JiG{ItYC%$@qp?A0WKoJwwx?;8 zCs%1wsJ=;fWkgi5e?WeoYgI&sTdKaPc1dz>c!@_!uw`j*ntNuJbESV$K9{bYLUD11 zZfc5=si~o*f=NJCRDQZbT4-omsCR(Axw&VsxqhN$p__hXSfP7RcA1HPQhr9dwqtpu zkw>OQl2>^smq%qrMwDw>erBFWMwxqdmA_?GL2f~rwojpFey*=^Zd693k$aMRm7ja^ z#E;_P?gf61?xpF;e%glSUIhVxexcskIr@=_X^Bb6dASu96_&19;UQJIMq!>@u0G}Y zr3P-M22o+<-kyo+g<0j!#=$9JhF+GA&LJU{g`QdYVWq|qLGJ03;~B-nQ~fLrgG@s# zi(D(+i!)Q5Gu*t&yuu>`{R(nZLlaYjQi@!hO0^?h6Wy}8EOG+O6WyFsLmf+e(+fR|P)MjzdY*5kk%@UpQK4~^W1>N+Wq?6Ip*B~rNphKQ zm3c{iL3VkBxnXW*ReDB}p}t>nh`$k+uCA_vk(*JZVT5I=hoN&xesR8ewwFJHr`#}X3KU`>f-+I7AF$E>~MLe ovBmcKytl>DI~&d&&nniBU1%E-+P<0j1v@XpqG~6%c{ePq0Vk;^6aWAK delta 833 zcmeyvHj{mVPJK>JdP$akhGS82Kv8-`xKET}KtPtid45G+aYcx;OID_1wrPpBV@hsr zBv+_!VU|frK}lAmQ%;4phnaCin2~RGRz^vBd10DczJGF_zkW)ZiF0yQGMBEMLUD11 zZfc5=si~o*f=NJCRDQZbwp(IJWLT1RX^5MvS#V%TrJJK;mRX8-m2X61rN4WrUy?z& zmuZlHXt|p!SCLzaSD}x4N_dH*SyWD`p+}UnPn2s~c6eT8pjVV(WK?3IcSb~nalXFA z#E;_P26urNx0xA?6lk<)PUY2AOFo;d$l3&OV00l{s17{t;$TSr*BY;~B-n6H`j73{neo z)4iM%-8`!@L%l0YGLw8wolM*U44e}ys?5TQBK)(QbAt`Ia&vrW=Qcazbe8bb6 zO^fscDohFr{QWAOT#Ou@jh!rtJqk-*)4U8OpJf!U&#TC@a4RXaOwaar%ggog2~IQ6 zE-Fh;u}Jpu)%PgSH_s37E6mNP^3Mq6^7i(y3pVSQEFmwDp#0iP*}K8a*2ymcCxcmT5v(0t5H?D zms5RyzOhqCL`7s-Wn@}Wu~D|GYiNLFNs^~qNupywVSq<*Xii?Dfs+eYzJ+g+qhq?e zv9qN~KvuZEuTN@eQI)&Dg`vK7REU>;xpsP9u3<)DM!I*NQD}K~dW4_8d78g*Mu}?? zm#(g^LaK?AYoU2Sm6KD3e_>isNTFqAicfvHTS`c%w|9O}RHeCjrH^M(MVOImI+w$t zB`YtmIeaqsGEdmbG1c9Dg?)S%Q|(dRrvVKwe$@GzExl~kKCyOB{}j`9)!$Kz_2YNx zUR)z)GvnCvniKo$Izv+xb|u4Ze?9?|n>7F)A9KVN%mS<8m2 QN2V&y`y!ToMBl3z03;SK?EnA( diff --git a/secrets/gitlab/pw.age b/secrets/gitlab/pw.age index 9052082c0ed6f86e63143e5f9818a63ea28555b0..5bc243ffc28207cc77600b2ce651e637100178f0 100644 GIT binary patch delta 820 zcmdnR*2_LYr{2>gv8*u1GPuMd(9E$YAiFHmD=pbPGRmv9Vq`<|n zm@A?n%)dCp!pO}zJ=d@-H^RiQw6e@S(LF0MtiZ`4DXJ*fDZ?$*($&{LluOr6p}06h zH#Nn`)YQ;Y!6cw6DnDJpr6MycDl^L^ye!!}$k4CI%gop_IJ3gNq`=G4xGb&2Eh8W=&%o5hw6MV4FT>cw+`!4*BRIr2AU9;< z2Z?YCqe_d4%1Fa1lhW(}KmURplfq=<%p|wUBulr%D(}#|@B(8;S3loek5I1M02lv6 z&*T#A^eAJKkg%k5N4F6Dv=HswP}7L0K$l$4V9&IQD5Lyr?a;~bjN;*zk)itfMR|V7 z5kV=1KCW5$E{57p;hurTiH6z!K?Y%_RfgdPKCb4z70Fx`ZY53yA)Y~j1p$s8Nh!WY zRT)N3k>z1#$)=_TInF_Wc?OQ9IWDQeUgeX|GK$w1csf;v>-7oGs`>J%#%x3S63k-ufjE`pxCr9 z)gs5mFEXSgtJpu^BBH1)Bp|iG*(5AiyWY_&z$?+U!lIljS0+R~w`01e>f#;W9u)mQ z@zzh2o8gu1lWV03XOFDf@8r5&LHz4%@tZtlzv@4_UsL|k^(tcHS)IBBL%)`UkgiF^>p}06h zH#Nn`)YQ;Y!6cw6DnDHzusAa_z{9k{%Q@H8yFAMx%r(iQpwuus*Eq^FG%Lr~vdrJ# z#WX9@#VyE_D>5(4A|NU)!?iHE)VCyDzdS8DxXL{>+%>W|IMCQE!#gu6qf)=h+|qO6 z2Z`|Ts1nQ2+@w_RY{zo93a6a%BIhuZtfWxikRX%NN&{a*zpT)r)D%Zcmu#-$u#(Df zcawlTqdZ6V0{s&G3@?MM9PfyLQp=S65fT$gI-T*e#+e!!#$O(mN=n#5o|xJSZs8Bv;$tuOiT-%rvsp#V^#w zIH#OTH0IM=5zFQ)St|}dYK}RU^xNRWv_m$L$A7zTQh8DKOshuh(3fhic^nEK|FX>d z#;nzJZ|;!}dtD>84_6f?Og{S~=lh8wg^hF4nj`j`ul<*wd|-it^{WFlN3*JyKj`7w zR1^NAr1g75uyT#49*4*IDGNjltLy{je>u&TUV89w>GeRP50PrDrR&?4-I{*j>qVW$ XOHS91uK4|hBftD>$mYN&dg`YEC*uz$ diff --git a/secrets/gitlab/runners/runner01.age b/secrets/gitlab/runners/runner01.age index dd74df0..e36bd38 100644 --- a/secrets/gitlab/runners/runner01.age +++ b/secrets/gitlab/runners/runner01.age @@ -1,16 +1,16 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA Q+aZXp6fZFE68OnX/F6tNP+PH1WQGcNEmu8J7R7zt0Q -EYbVEeYOtNSBg9TmmWZAJkkjx12hh4tx4xK2NpNww+M --> ssh-ed25519 4PzZog l+fryFp0/bPZ2P8l+S/mPfX1YoSFJOYE3lqTjidiL2A -SLzRQCp6OzSoQcwC4Y/U1kDn/qlaZLTZklN+jqu4axw --> ssh-ed25519 5Nd93w BKBzISKkHxdZwIYYGEcEobc6G6RXlDST0hIFlMtGPyY -wp4FP71dh/lfD+Oa2jd+g5DKRZ0GEGjO6wwZUCKk0eg --> ssh-ed25519 q8eJgg 99JO2pDB4sw7d3LrZbr5dfe98xFHbdnu+FGZkU4wsV4 -IL+DNllbXOfM0KpbtBGvlYZo8v4zGYKuNGr8JUqhG8Q --> ssh-ed25519 yvS9bw UiVck8CTj4QspzWgj3oHT+J3iLVPv3J+2Kk1Rt8F2T8 -SFtVEiB7q0KXWPArxheEOORfqJWNNovLaRApa+AqxiQ --> ]0q7t-grease h#+R # -qgAS/6JHtK8TjOwWd9QC2ZA/ptbnKwnJyBdn19wqbOM5G+eIrme7F6Y2mZuGL4Mn -N3s ---- bGLa8VtcsZZnTWfh5nfkRTHHgPKWhrOK42PY/gfTpXI -tpY(::-yBA YiҔ$g6tK"[Syܩ~pe !ɞ9*mde̯CRw)g]97n-"n!+;9yC \ No newline at end of file +-> ssh-ed25519 V1pwNA EHlg17AzeBr3+X9U/43BhY8CeLKO1iV9hDfkJYjZ1AU +ZL7y/JAP3uDqQebxvCSagTfkHeA2Nt48gDl4mpxD9RM +-> ssh-ed25519 4PzZog Qn4RRo6tvMzGtNJm+14kJlI45LZm9ELinKYbzqQo8wM +cpPFG1H6FnKm31du6HzOiNUTYGS1jhSce+DlcGJvPSw +-> ssh-ed25519 5Nd93w bkSMYuu8lGE/5wkLYYC3tUNmjz40YQs4lBK+XTH1ljs +wmDJ9YywboBGKhEJLI39lV7rthL5PrtKt2oYoZec30g +-> ssh-ed25519 q8eJgg nv5HLBPzmKzQ7S1heWZ/MKL+2ld7h5xX0ib6zwI74mw +CPrtsZvE5Lc9D2UQ1Um1MWf8kDH2dFUHB8t3TE7QpDs +-> ssh-ed25519 yvS9bw xStD/2bXqHHyYkrlmslW3/F/YRFA1ZvFAUJLOkOidBU +4T6zJR4NoN5F6DWKWLCFw27iOCZAi2xXNzaTs4EVYFg +-> `+rr(-grease 5%=!{ 56y@" +t3EQrEvbW0U9X81vIfmSDgavBImzJX966w +--- zufFrtdon0GkwCQKSR/8EOgcHVj54PE9ZwouYnLq1gE +8+eFJPz^|8WYߠ'ITP5.]: +xSRg}!d]$Ԯf l#O=P 1gBT4#9 \ No newline at end of file diff --git a/secrets/gitlab/runners/runner02.age b/secrets/gitlab/runners/runner02.age index f26fdaef3abd6d74169cd18031d3d8fdcdcab59e..843cdfd7848786c32508d4a07789d897f657fa2b 100644 GIT binary patch delta 738 zcmcb?wwrB&PJL!jiMw`aPMW^6Z*qiBm4!#Phhdgmgin^4wzEY+UXgopNvMlUcv4lM z1y^EuXh2w^wv&HEkYA~pMWva0s9ABKsds>-vxR4QR8WvhMX*_*VNjJ!$E0WU! zO+C`Qi$l^2Qi2U#JagUL!t;%Dd~?Ht11pW)^bPcrO$;5mJUuG1Jc`5oQhY)@@`}CF zGF%FsLPAX}^|K-)D?<`Z^Mg}zE5r5Ov=fsjpJf!UPckepHBT}qw#+gPEDv)`N(xUj zcPh;bj0h9h%iZZD(Pu9-1$Z)doG)}4VDk%2O4b3-p3{Lho z@yV}paVsdv%d5)wFz^fn#eipZiF3SVrLk^$QEFmwszRWGwL-p*vaL^6Ww?T2bb!A@ zHCKI@VNQN{dWm_7flruas6kG)Wp;|2k8_r3h`w{8x4w6ZpQ&%8sd;*0nvq+6SXf0x zYOxWQuCA^^Rjz5UM?_ezVNiK;wpoU+kGFYdhIW3anRk&u2C}A zWzir1QzqInnFt@vD_v3Bsm*#VZ<5VqE@rmK`wo*AChu&XG&T0Y_SK(fM7>{lt5N;8 zPN__sbNQBZmpZSQ&ml)!^6pQXahxyz_{Vr8G%7z&Q*!#envqd{$5GpWzOYXW@VxN z*-5z`6)xpPzTpwU?#3>emZ8OInI;CAB`KxOt`Q{_Ca&Jv$x+#p;~B-nEj{ydOmi}F zEL_qJLxapxoT75lebP(w%%U=#9COP`3-qguO?-j_z4Cmy@(sMR+%luI3-!yhQp=0< zQ@ve%l8b!IE&a8#vlF$o!#u;>LwwSby-O@6pJf!UuW-w&42*IPaLqIeOfO9fO>)Z4 z&eD!7^)j>YGssIfE;UOxEjKE1EsAjEDt68eGtaPa@yQR&kIJk}%=Iw$b1bil($B5R z@inhVO$@L|^vo>u2=fgE#Xyv!m$^=Mv~GG)YGQG!f^BYiL~S6Kr?z8$xtV@xX+~y5 zRX}}Mg<)}-PoZg*ab=>unW>S!pS!bpSU|D2OIdPeuy09Jc5Xmbu7#&|K&eS#iCJo( zA(xq1s)3=gZ$@fZL4kRxMR=BHsYR(zVp_3lrAcZzm#(g^f<>`uWp+xYUxcNBettxt zMVY>7Qc_T|uaRd-XjEEgZjy0kQ z>vqvdXvf{JpZJTE%iiQACyHvtD{wq}cE7^QH^c184ZD|o3T4WLGLtpg8NQ2MxmA9e yZC{ynvyV@{z?P})Ivt-nFRuNyI48H#Khhw$pe)j-%(1}7&nLw(Bd|Cu(Ag-`EGWg)GRiGH zpDWL}IK#=;H!;H_&^ymBwKU5>zcj}n+1JpxpeotSJ=@zNIMc+v$}!2&giF^>p}06h zH#Nn`)YQ;Y!6cw6DnDI8-#OVLBDu6ED1E2$#LEi5&3 z;z#jtLr?Q815?wokg~EOlW-5`Ohd!Wl>C5T*L1I{s?fp|lb~!5!_1=8+^}RWgN!^s z^Nfrr{~}ZWoKWu|-|W<6$3!2C2sfidvsClYkV>N{cgv`hyg-A=@r>f(rT!VgCEf*< z?vCzdp@IHURlWsfDS^(W-j2y;`X$DRp~cQ+1_mjajvnP)=IPF9CT0a8S?(219=VB` z`bGIg<;jM=#gS>{;Z?~|PUS8^=Eg}y#f27=&oYYFCp(4uXPA}v1{4*V6ei~9mKYRs6$e*1RYV$>J6CEa8{`L6R95DhSq6mVgd3NZ zCYPC-yEvN`8m`LRm{=NiS!B%eT&pOoVv^vl%IkajIa}TPw-1&syE5tW zOXr+V@0C4{|GTh|Ddjiccdx{MOkex{8@*Y)hC8m7-Fd<3hvnB_dTLJo!eu4*c+Ip( zL3P90VA};}_vs%C6Uq^dKF)qr@@ZQ9y=(u~&CYoxd8j!yME>4z+K0nw;`ese7pI*Q eC-LuMTprkAVfN1}ecd`gL%p2=C-_6{R|5cr84dsd delta 821 zcmX@W*2_LYr@qLnEYmS1!`;(J-_+DM(lXsl+chIMEZ5o4q}U|0w9GIu!>K4ECm=8< zo2$^@xX{oo#4+8pq9EPeuf#7hGu$%RI856#DbgS(-80b9BG4#YJJP}_luOr6p}06h zH#Nn`)YQ;Y!6cw6DnDHz#nLG+J21sN(;%$aval-5#4SrZDY4irEU(Nrz%s8ePdncv z*)QAO*smg#t1>JjEG#k9GRQ3?yD%`VC@3d2!X&J?I7nN&#KbQu)Ii@NH7dZ|F~m84 z;z#jt^VIyL41aU8)Qa2)lSDuBQ0JiX(!3}$*F?7{_hb+M#H5_Gu+S2tii}9Ez%+e- zN0&+`4`(m0!VKr^&`8VttN;tsf(MVU$FiP?_+ zUgmzKo*te-K~-Lbrp2cIm4(g$xj_{s!Qlmdh3Wn|=>{fTIjO0+VIHN4X4-}YZl;c& zmOl9gL3uePKIWnRRRx)uK^eYoIYCK5+TpH~&oYYFd-%DURypcdRyrFMM`ZaWM&)>9 z6%}inlxCZjq?x1_`6l{$WE-YMoAFHL*BVAFrpOW)I=B&@zISI3PH~JIdH2)6*!*F+Df2z%b9!Og}0#JIMJ)hFU!I_E6g;fD8<*&%)>9)&)MBL*x8v&S65fTIM}$zxj5A; z#MsBuq$EH;vDn|zyvQV{$Vb~Kr_4Dy%(Ff#FWe(6)33~gOR4+O2L)Z7IR;Wzv79D6 z6HBLEzq$C^o&#Om_w%pvou0Be^Z%jR*&%1wylPuudH>Ya?(i!=A6xr>u;MLQdg{@h z<%i51yuUoZl)QRze8i$tw_`S~<*a zyUV!~EIOa~VzrL3sC@r&xl1D$sf%*rNeN%CwWzi?2PDgsT$^8ceY%W F1ORqCDZBsx diff --git a/secrets/gitlab/secrets_jws.age b/secrets/gitlab/secrets_jws.age index 385f514711fc2e80bd3773ebc57fda651f735349..657413b4179a6ce2481b2cde4119f3b8fd46245a 100644 GIT binary patch delta 2347 zcmeAW{w_2@r{2Wb&&buX%DB=mw=zB1prpvc+`k~Gz|h0Zu&BhqJ2X5`+c(!YD%jV> zk*m_v(9qu?*RUisKe?d1ETYgTvLY?T*()R>#l6s{Jl)H=q|zcUIn6NLl}p!7p}06h zH#Nn`)YQ;Y!6cw6DnDHz&^0hH$I!7nBQKyT(Ad=^*v-txud>iF%-z)`->5RxH7q+a zsnXlfJj5-M%h}r_-P13q%sZnb-zUl|D#OpK($hc6&pE|B*fc25GO#K+$KS)fD!9UR z;z#lDL~{$z@}LOEFoUX~%EDrc)Rd~k{3Nf8!Z6DqmrVCyH`g$q(()w7WDifS{Ook| zawkjYRMQN@aOdJw-&E%Szaqn|BF_wu3e#NIf(-UT5MrrC+* zo+X8mSs5iJ1-U_)Q9gM|9(kr_MeeDN<~}8czJ8wOmM-O7Rp!B|!LGTtb(76n*`;Sni^Pe8RQ4JRi$gE2lz*X_~p5n8>XfB=NW1TR0Q}3 zd6t%%qy>1EW~G!DMP)jIV!+y2H@zq|u{c%1!Zklq(N)2)PG3PQRYyTLD3r^zAkp1L z+qga_$kfm`$$raCrfW+{nuh;)=Z@YWIBGqa4fsj)% zuV2o{TQjNtVoU!1%H8JgjSKhRxKv%Sc5mB*`3vmg67KHuT+dST_Do@V+Ql1pZRhaV z7WB}2mRMg4Q< zXU9F6X2OEM56j(aa#?M?DffYVhwZwEklg7Jx%>WkT-&(f`zc-JmaPU)Ub1N!KMDQ* zr#{y_s_A$lXMsp?> z3%<=YUThLz{`0IK+rqaYzwf$oubX>pUBdiVerGRk$_+i);i-IO?$08zq?rZkwkz3I zx;8~`@2;2Se5zQ@apCd4%B7EHIfw4}t(klM_l<=mr_Wvdx$W!(2E{GMpEgNK|Fr3y zcp>5I-U4to30*f2^Uc(v|&!ybN@nT)UBub*Yo%yB-;T~B(R zvB;S{7po;!4ckAzZwg2MEj&QlxZt!=# z?}PKvjo)wQ@iE=~-t7HXv{mzruxj*Ad!s1d1Ai@I7v9)=aJ|=c%~^AjPB-l2h;_ef z7x$d!#YWGcb3D&Jaw?sFG0i5*^j~yO^cC~XJ4`m%t!8yO$Pjn0QH6P?(b<>U^RwT0 ze5^EG@$afFA9KsW7atf+>s{h5|4`mB?Vk2m&YXu;Ha*Xx)^h|NSoPzK+{t~@{8*

T>4UW0m5D`rp1k-q=ah8x?k|ryb-T51|L0A3d*q7JlB`F|eFGgOb$kz7-?&h6 zKAGv6sIsK=$GZ<^{`Zs8%lfio!qGX`!nHfzhwi;zX#Y#qA=cQe)#gz;!yiM&dd|ZW zV)r?1va6Oav?xvc>amh3Y*xwTT{-Oa#ja;6&N!PTu_vq9H2bi8ESe;gurDEUU;n}U z%V#;ST)bJ&c9z9;lHeK6^ZSigJhTev*xZ*tL+0_%{vH0W&(;=LC57BJX;c2;tMkle zlYR3d!4-km>cqFaY^mxrQt8W4d~mM7khk8sFW>9o<>`_+H`WRAA5^3!zo zLrtF>oc4yE4frKnCD50-yP;%bT=XyZsgb9)e7(E1YGTDg0~hb*Z=QtSce37gbH%mX z6dr?~o~0X1FAGg#h!?rRyy)Vy+=j)8b2AMW{D^k)PEFh^;C%1RnuALt9m@Vc`6qh8 z{LtAMGWDq&HXfZSck0JmLD$0vHfI=x-(2`P@wZQZWN-J9ZM&=|Hs9n}bhfbfzV4-T zmX#qr7iJy)ulQlX^v$yyo^-eA-0Elfq?7+a!eZOrG>_-&-K_uhs5Uk(dwA;No+If+?1;cB15@z?hAww@A7FpAUdeE;F`mX+oo4%8nye%*BHoy!;6S3Q-A zXgKu$`!x5AC+oR4h^~34FPE`gK2M%Q!uE;Cwnsl03`|u%h8<9;`h0+e>*gAL2d&T@ zoyT`iTsSr3)5ZViIqI!e=vXIntcz{Uboy?1JbY90lXH_BV^{h3eQ=s}Cyd+H?!KhI zzr<Ezil9VN2zl9OsPXkj?FUzzQpkEnH4nYNfhs`Pep&^Wj@5^GK=`@ GDFOfiH#!FZ delta 2364 zcmew^)FC`Ur@o*v+$q-}#iiV@($hWF&#lD6!q>mBm`m4Ap}06h zH#Nn`)YQ;Y!6cw6DnDHzDbOM?!Z6$*%e$h;BF`tq&#lzcFyG88z%$a>HzzGTt17e7 zJS)>LEjc8c%Q+yR(6J=UIWsIc#n~mv$jCdw$lRmIyv!-w-#^VXKQK2hASWq1H#|Lb z;z#jtXLnaiKc^ydNB>g)fK=1KiXbB+Z|4YO&mfmd7mJ8U=M3#sQ-9wmuXGD8uc)w4 ze{*ve53@X9&ocKS%gnIg{KVkwoD%<(BD2t-!lHb)95WN&RI}{K@r>f(#a=1i8?)v!_g++yh`su}776#7R9$^Jx;UVD}CAk4k zxfUsTAx0@l`bN10!39-L=_Y1HK8f0yZn^1`&oYYFr;JVnEGWH@zq|u{f2>B(6b-!CdCFs-yq+oUMaK)*1; z+qB-GA}uJ(tjyQU!#pE7rKrR=AjG4}C(YEyJ=ZbE)5pgkGdsUHi7PyyGAGkAr_4Mj zG|xOa*EzsRJJ7JgRKMKSGCw8KgiBXfS0O*k(<#j{vn1Iy$RyJ}u&PksAi~Tj$RjT> zJvGzGJjXvPH9gP0D%Ue5olED5W8Z@0!+?g{|$|MznoZkwdz&P+kVGiZ@PS>rhU6CBqAGq z$fRNB>H0`1^{j(eTP{2lmphaA#&xsNWlQB-Q=eVE?rkM4(;q!Y@ImIhY&F*}B~cqM z7~Xrx=;8bPfB)NiYb^{9J8aGP`)2i>V}+-lUuntKpE2QE@B6E4{xdA?!WZ^5&g`@L z{&PKxW`yy~RsCDTwC^dbMwy`8!Oqpa}xVK9zMzsxD#MmdF1Xn#wBg)*5XEGj_;$s zPm;Dd8DDsC-)_&@n>!fm-|b)GT5f*ILdtv-)0&9%tjuEP*B^d29lDX%6dZoT#-+Nc zAZ#DgT#%fQ zVm0gjm0n^06>3p0V;;5hEws8{w)5-R%EkqM9p=o9W39^D^si<2{@TcyqL=IE8S^tP zJol(`!{Y2&C5sbYzS{Wu^c$(;C*Mr}_e_0i3_q*I!nMvUqPwps`7```{$-~%*OB`> zmNg&rNM9M!ZPo7?tY_DI+T?njo@(|if&D($W-O3h@%7ir$8SCc+a&#b)%7G+<$9Rh z+9ffk&g>2QEq%pTz+3xxtDDZ$v_wX(399wEdmVo=>=!Dk34L}%qU4t9w%Hr5JmTDZ zbLWB>L7n1@*)gx@T{Tg+?bScE>$t-ntxzjp#PHnp%b$`v^?LB`!C-WHvuVO z`Aq_uriX;}Znda=@Dt>gJ@HB9)D5<-do!l(Ubg0O>Idt>_fx0%IF;|XusyTnv{U}3 z{3}(NQ(Zc>Y7@3<={;uGw?Fho#4&7JUdSJjsfSAJte6XW>g5meI>k9V@O~F(-glrW z`RnQvUl-f_S^Auj9vE!j8TvZQ;TI;W$!J4KAI{#yUX)$_!fYO1F^ z7XQKSGP{%4C}y=n`y{8Ll3x!UY)p3iJTGG{x|Z85+ooOa|GmsD@(PVh1q*-N7vx&< zkHKzs&-8x978zahZx`#6t|lvRnEn!SKOgOX`A)cXn%&zC=LObnRQ=2TM+S%_0^tTDjvb}rFz(AexDUR--hGWZU2hK<)T6!`cLeWui9VHtDkD|_q3>_ zJX2<_`pIKQ4`zKYX<(r)Tv2x+BbSHM^EWvB=HGAh-5Hnq`#q zrNr5tGAb5&E$xpdT|W494#S}jLH)N_A8ehQt7}@g&#_$S_K~`qTN1PO^Tw1jXD_kZ zyz)7;Vi^;hDhxp+sH*fjBx~$>+FM&7dq|&mm8IJuc7AO7O z_(iD1H=wDxutCXWc6DuF#qOo|L@d10`PZ{G>_4^HIb_u@_is}7`F8Ixx#c5vv`*}{ z;x{KLakf>`cYXHyXqIT~Si^lvY4OB;(Tt(|nc*=P|Gv4G%yCMz!s$`a6!W9@caK&% z-l|tR^2Gl@oRYz9i~c1JFBxwvU*BtbW#c_xrlj_^>u*{UC7l1Ls<`ajm1912E#t!v zHMeeR3AuUmBrUag#k5&c>8$SQ?%fr#skd^O`qrLUv*4e0r^1mi=8WF!`cF4WZq{J7 zPvO+{z*Fh1jOrFB+~)r3?Db%EceVR> zqKqCd+ElDCe`N^A_4)T$_xW2~jVR5qyL4f)t8k_5*_*2y|0`GD{`Js?dshYjZ^I`a zpUKT)W7SxY6MfoPYkznk>#dzrPrjJDcy-z)i7tzmmw&WmNmU6;>lIwzz38-zijH*N Sqs^ZegvYSDCX{EG{sRCd7#(^5 diff --git a/secrets/gitlab/secrets_otp.age b/secrets/gitlab/secrets_otp.age index 502d3aae0ae8ea6789c7187f23b925994592ce55..6d6dc6d7bebcf4d38c0fd7dec51b604d4d5f3ff2 100644 GIT binary patch delta 843 zcmaFOwwQf_PJM~1Z@PY-Syo|AM5%L0qE}RjkGZ>RL~50bg=bV@q_&xVR7#>jg`2No zF;{6(qPKHVfk$~^zOiSCfme>Bb6SaIX0lgKaeA4rcX>pBi-m_-US(OnCzr0BLUD11 zZfc5=si~o*f=NJCRDQZbh@(fANp5ncx4BWKYgBetnwxjFxn-GuQH8r%j-jVtcxXj= zd2yk0aFRzTmzRIGrIC+cX|73HSgBD^mVtqjyJcEHh@pSBZ{fPfji^ z&5sB(Pb~?~2rddNvBQE6qkzfVTF zb9%i=R7PdCe{z;#RidwVMUac1S7L5*X>ed@fxdTSQHEtsgn6W8y1!qbr5l%vYlvxT zVMwAuU~!awkw-ycUR1hKrJqxFmZ@Q6PL_A2m#3jYqDgvGx{rH!dS0ZDsgY}nX&PMLL(RuC79qskwQfWwJ-IvsZnTtG~0hpGTpEi-Bu$fmd;EL{Ma2sgtLR zyJ2N+inb?LP@$od<+=o|`xU>^e#VG5*s;|2f1SQYQex7~lgfPgGWu&+7bh0RyvROh z@gImPR{*?i^~EoHe;yEVe~ Z`N8ycX`k1B&rY)sS=7EaqE+awIsi`hEK2|Y delta 787 zcmZ3?{+exqPJOAjuW6`Znzm74QdU8faix1$WS+BWKuNkqutj!gc9EZjeyCAOL6&1y zF_(d9eyB-6Mn#roK~YLpKtyt2WlB+5QelQkR9SJPMX+OKM7fEjZ(wDxQCWbyPh@^}v0G)BS+SdCxL;*(QLtHod5L+D zYhFaQxsi(nS8BO)xruY4hf7L@rIC+YiA$lAc5q%|cB#I8RX~1Tfs z#E;_Pg+5V%slg_W;f~(^A;!kOiJ^(kUM2Yz-X1RI?is!w0a>Z#Mp4e$Ia!WeWrjH= zzS^0I1@5K=X~r%EW<|N-8J^lzm8SXn*(Mg*S*7{e#U2*HX4$@z;~B-nUEEwuwJS_R zEW@-7EJ9qW@~d34oO0dFg3SX>LVSD;gY<(-OCk+J(wxevK3=8q}bu@H$^v^Ni3UL3m zar1FTr%{e&WlE8Al#^k4Ze?+@TablON=Z&pX=s#BWTw7dRs zR%VzZuG`HIacRfAAA$(u^!XHz0NVMaifSCY4(Pj*R?lSgq?QiY?JXNp;Pc$#@YV4i`o zE0>pXXr;fSxnV}RX>hKSzkZrol(So!mzSq$NqDko?Et|lea~nVL_%@n462Ghk;W@VS1@YrBAX)RFF%) zk-K+QRi%q7myvmzYnZ7?l#@%OMRH(SP(f6_Yd~hHuakC!v43z-a86!vo}ZhyqlHiC z#E;_P=E*sJE~(DGo;ik&*%_GyrAeVV7Ae_P7U98(DOssT9>I}8CPihb7U?Ejt`R97 z5k?WI;g)HJS?-nD7HP%B`jwgf$*FFM+2!6&UR7q=$sQ>luErLV;~B-nvx+RTgUXCU zyd5o#{fmRVoQe$c4KuXELw$qNGYhk{{e8^~wY_u73d+;DGJUhNa{SZujhs_Wa!n1( z6D`Y1Bg!lN3Ov$`0!@swD|7P;%N=tKQ;Y&9pJf!U_bRi@_sB9#bgW1Z4tKH$H!Mhu z@(lJdFpThx%E>eC<*uEGB7Oi%#ErtF?GwUN{>jd)ONLWE%0$HFEb0a z$P2G@FN-YFcXV-cHnVUA#el1BdQoa(ajJqjSC(6%exRj(QG|<|Syn})MN+!CMR{(X zwts!9ey~eCsae-@4L0UnfnT2+UrAx4vep*m~c2b5{aHNa3X$qHdR%MF6x2su7 zsCG)Jr%R5XpNCOJm0w0hW`t#+YicQ%uCA_vb8&WRL3xQsq^GY@VWfU`ps|x@Www`J zcDSp%xtDikS$?Q-xQRtddZGc>LOM3SSci)WszrAu*EfrV*_ML@c$k#CN^Q@)|0v0JD~pu0(NN>r$RNTFeluSc+NrcrkK z#E;_Pl@=D}E`hoErT(EsNsf^f+HRFD-s!;x8R13+DgGsnA%^L05&BM1g%!SBX1T>F zxt=+Rr4^p;=0%Z#VMZoVVL>^iCdEE376zW4;gN;`ss82Z`4x_n;~B-nvje=nJ)H7G z%F4>3Jc|nQL%cj4^Gvc6vwR{gUHuIVTwDV~s{Bi<3ezpPaw|M?tIR!%d@cL}s&Y## zjj~EjOiP@j{K^77D_kw}^K(+&Qv*_xquf0wpJf!UPxZ_8HuuZ5Og7DSkIZ%t&@TzE z2q`Qu*DuxgwJ8#g6XA6^WJF5s|?WCc%ze6=??g z9%kW@l@+GW#qMDNmLBF=dFJ^^ZpEI(p896_!A42mW+8qBktV*A;~B-nJqxl^vO}|y zEQ3;w9V48xd_$wMD$UID_4R|@%#)MLfZTB)$-<(3v z#IRDoO8smz56`4TOZWWDWUlNK&q(Jm$EZw8!*IU{i}J8C^8gDY%ghq@)O_Poi&D$n zFrNa8fDmKnVsz^~k_<8n0u=&%4K3X*&9&1li!F_k4I@1K!;4Gv&Gqw>!wL#4g59%C zO$rLLGTh8Pa?`nt{k@zF%1SbG-Skb&N>U;MJ+lH*ozjhq3NlMQlhOlnQnIyE5>s-G z!zQ0$lnBo(%_$Ac_DM8LkBZ3i)^>Etif~H}FwqY&&UEy2aWplnFv%~7DDaMOapfur z$}=k}t}HI_3NsEU4D?N}Of2_yay2wH$S-m9_qQn5PR#Jt_6SR?COtC6RZTX-OsM@Ev7r)OGXg+Wn(cX?5+ zK}d3>p}xC|b3k6Ig`Z1lR&Hf_g-39ySvojd*w`lNrWd6q7N;tNDCH=)X1h5U*C?c0 za0L~o`gp<_R%V5{Cs$>Z8dcivw6(2FbfYpDfmO|0KEC-%a=KBgVbPj&O9 z5^T8a+^0ySMKz_#u2gW_zS(=JT|craCFvDUr5hRsiICV!AW++Jhus0w4DVPdBhz)2z4WT=a`q zQ#=<=coVHtQ>PwLskOg2uEFJuN$0l}XDcV}tn^NB>R_9+HcT;%Wp~HwM-w-NPVL;a Wz5RC)Z>!@YaS!jSDNbvSE(8FN9n0|m delta 1123 zcmeyvb((X6PQ8&~s&=?%u5VPTX=Q*%vXO6^xpAV0kw?CEd6HYMX?Ci%lYVldk5On& zK39HOMuvq`u8(<%afw$zP)L-&ez<{Sh=+D=cv_x!YF?J9S$?@kk&mT$HkYoQLUD11 zZfc5=si~o*f=NJCRDQZbl52%akz0;ml$m#$qd`Pov72RHT9A3TPg!wkSd~k$Pnx^7 zXIXx(tD&neSFv-piDzj^QevfcacX#>pR-d=y1BPWNSU!gp?{u%vx%v;X<)ixMqXy< z#E;_P;ZD9qdD@N^1*xT3&VI=TK_1~5>7_1?{=V-1#m1rerJ*H$X$FB_dB)jX9zl_z zMdra?sihH#p&l;gg~>*aj+NP-6=~txQNH>aUSUQR1%>{h8CB_%;~B-n{k6;d{LD*p zll@%X^9u8P(>>CPbG)6>!^1+uO9Bj2a?-WSb1Z#Q-2=3e8;IN|W>a zyrSH){h~7R!y_XtLn|ti+(L>Xjl4_3DkHNepJf!UPmHW64R$mO^+}41NOmr*@-;Oy zcQj5;^-fBu2=s_DOb@X1jB>U}H#hL)(oRXPO7boUF*Ni@FLSFZ$#C*^H7zj6N(pdt zEX%Ga&GB;%^e9OWt1v1?kAc#tDktM~g_Pi8R|A9K%(9@6tnzXLZRdKo)Z9ofpM2*4 zr&70!?Bp`^ zO^wU)vnqqVDNsB#em8Zo`*tXW#BdulngWxv>o3)JZxt8u`>}Gr!a_jn%4K8wtCGJP& zdVaa#T^MgT`PG#7bB&&9W((Shv4{TIJK0{Ep}y|sS9^uJ{Gu%qhLxKq#x4(tE8YD% VPJQ+6sh+}@?~DAY_7-sq0sz71pT7VA diff --git a/secrets/ldap/pw.age b/secrets/ldap/pw.age index 947132d338f9b91faddd2cb3c1e8b1e9ba8fee41..60fc130468a07c7c7d02f951740ee706378aa7d5 100644 GIT binary patch delta 998 zcmZqY*vBzJr#?HdAU`S1HPF@A!=fbLOWVh}!mKp}06h zH#Nn`)YQ;Y!6cw6DnDHz(#5hUFw@P~FWo$}!ZW+H%q`g8FeEiA(74z=wVYs>I20j1u7%c?PB49^PKX zl_?bwDM{uLNgnAYnI(~#4+*+%*W8L5S76`_$K zRUSbZj>SG+{sumtS6ReExH_!ydnl=~XE>KhbPx>crz1e!;sq&hlBIF%bF z7WwLX2ADa8yCxfyM1-P8KxtH!lX1F2uAf(7fxCHbQcyvGS-z`Jetnu(xpPKtWI<6* zn0{EEfmdFjL19#?U#@{CS4L!Nsij|JP^3kec0{gal2cfIV0KETYk6jXMSw|Rx^|X@ zv3G`Zv1Ps^x^*5&2AKtc3I?g=0mkmRm6?g28R;hG$*!S+mPNV#;ibk#DVd>_fhmdg z$=-fZ+P?as7F_04#=&_;p;>+|$(bJ7-r30|+T}?W6=oSOX$D4quBF=ENjZKIMwyP< zz98!?RGdpA^>x#WQWJ|)74pK&6^hiY<4TRHJQP9`%Wd_8g18JaU6Lb8it=+pf{fD~ zE4B0d(hHnJ0&-j;w8PT$wS5E1ee2!5-7QSCJ)Ba#O+C4Eb#)c;j3W(;y^V^~t4a#9 z%2Lb&^K(5ioy-$+0yBLb11d~R9FvR9ii(o`Jc_xNrsp0^*xG65+-1&QJ?-=!bJaQP zynjZ=PGKtk=N^}SJH^r5{!z>7m#iAAV}E%pJ+balalo}oo8V(DVN=_#ZQ`}Dixc0q zdB4wA`I~dN=ErxWLJA z;z#kYuykMjVs}TUviz`+?BJ|iLvzm@pU@(+a)VO;eAm*901M-?3`di!d}mLt{76@G z?@Y%^-*AtNFb~%#^X%Zvu&m;UGHtIalMoLBBXgs&lyXO3Z_CMXj1u7iK4Dd%*-0UJ zrRJFdCKg_4K4t;>7FoqXL52QRrcs`ihJGfQ9;W6&*%n-`-X^8ynR(_Wejz?NE|wnV zk>*wAm0_vL>4Bx`rY_zo9+^oYdF4?R=B|^^GK$xGMh0aDI(ruu8-*tpTjY5eN2aEP z6=j*a6q}o+SyojUI~TYIlty`_7@2T6=6R)5WEMF`dHTBNrB>!v6=$Y-dR3-J`W7WR zmq)r(WVu?Hx#l}(`+K5CKxtH!lX1F2l2?wuSDw2^foFJxx1&*pUwu}Dfrn>qo~4OL zQc7SzfN6@em!+XsU~Z@ZS6Zr{k71T$NLZA&S$0;0zO%DaMWtD$L0YL-SYmo{QC_xd zp0jtNuW@N8x^*5&2AKtc3Z9l>RoY=WDcNOFCWR%Xffhc&spb*>L6JT#<(`fy?mkuZ zxuL0fN#@3m#awxYMSel4AvqCQxh_VjKA!p|mgY{zW&wWrZUIJN!QQ5hd1j$WPFd#Z z1|aLwvV!z=(~D9Qi>>GyU8ZQ=+*NgHobAT(Y@zb#)aY^qou69aD-OlOn@1vJA4l zLoK5`w7oqoLoE!-JoPI~N{!51-0Lm!f(!Gxs;shH?fUYQUdOD9+cD`YL*tRi?gg5! z+fOC=>S(|H_^bG@)8^-E3Xkw zHk1~B__ws;D!EM~lB$GiFIcmDzasHjki diff --git a/secrets/nextcloud/pw.age b/secrets/nextcloud/pw.age index 27aec7ce1e43e8e392fc213ccec95c09177aa6c3..37f26c5693592068af42f9dfacfe1b484752a8cf 100644 GIT binary patch delta 678 zcmX@i*1$GFr`|2ouOht2+#}I5BgxsZBEr(Z+&!$=w<0ttE6B^oB_uZ`z|*ZFNIT2P zmn+TOzcR!zrKlv&w93#mCpeOAyuBnhUFP0 zCB^2!=7|xJem*`C+U17EzKI2v>AoR}`R;yY#ZeiB1)1eskxoeg5x$n%Ch4UXRY?|6 zW|5`Yz7|PdCMKyBm0tR#VeYBU?}raEPqSa=y& zIC&+Pr3Y2GIVOciM1_JPz|KLvRL5JZP&d6OHL*CA%OKF)KdLl6!Y{=m)IHxPFT|@d zvOYOI+cLm8wIJ0w-^e{N%_qb-AULZkJJKScGPN+H#4pN`OIKG{A-^Q5!YMJV#MsFr zz#u=MqAaW;(xk$&%s;c((6FG;JGa2wusAz3$TirLOF`K*HsSCCYgUF$H&)l*7y4Iu zzu{w2`sB;IkLJD?t6%?~>GqiupJrvGZhliNmtGa>09wNoBOvz02g%Zy8r+H delta 745 zcmZo*JIppgr#{ClyFA1{Q`_65!pqmfJS{WQEYwgx(AOnAQa?E;)vzizBr7C2*~!`1 zgv-M?A}TQ>vLH0TBQqk^v?RzpyD*^4BdOFdILsi}PunHmw8-D9z$Gx)kxSQ3p}06h zH#Nn`)YQ;Y!6cw6DnDJJD8oeGyDB0zGAqeDC(t}U&rLfyEXXx7xvbnjI4>gE%{A3C zA}8A*Co?0PE5pg%%|9U9+`OPDtSZQ>#Lqn=-#jE=Kg`%EFvKt`)HL6s+$dE$D$*iw z;z#lD^6=2G+{C;J(@gzjXGb5SL^EI4pm0kgW9KT95)1#lsw|I?Y*U}m{PIvP?JA4# zq{K4q$RO{Ez|35;OjrGq((L>!12=6;{fw#%Z|xv$<5CODa_8*H@r>eO0aX>b`DRJR zUjEr8j^$M$S+4$}LHTJx#bsIUVPP48mQEHE0fN7R7n~ zQH23Pnf_*_zL}O`W`R|S#a=01;X%dz#-WqXFiO-H7J525Wt!)dRhe0Oc)3^gr*b+rw2rZ<)!DAIeK{phgxu@I4AmehDQ_!Ir|r8m!$azdn8+Cg(qwKXL^>W z`FfZKmz5Nz2N>p7rbdDyz|}@Ky(l%YIF&2k&Co2dB)pdKfB7@IMqDO zu-?twt0X8fTi+$j#lzI7GRmbY-OD?|udvX`*v~8=JKN1MB+tZ?D>FQ+qAW4p-NHGo z#KOSC)vUs~s4OcdGc!Bar^-7!z}3{T+&nqYG&3b7FruW`(A=-Y$-pGd(lppKG%1}+ zS65dd-&8-<)UUFvAU)ADE7UpHvozGwFVVv&Fxf0GG$%ha!muhgQrpba-#NpC>o|8o zs=4IJ=r#WB%d^|9+%H~qoAN8$?ctU)htrqYeT}%f;#k#dO|K$psTIH5UDSWhee&ev bZ~dN$ae>dA-0mBn>sodCzxO;Z$zELmK12dv diff --git a/secrets/secrets.nix b/secrets/secrets.nix index cc13d63..e25ba05 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -11,7 +11,7 @@ let thenobrainer ]; - agentjones = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAbqYQrdVHmGgXZJoMWWRDGVEIj775Zrf4PxB5hoth+k root@agentjones"; + agentjones = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHOxA3uYcqS5gTrG1hS8XXwehzQYAI2I4iULtU8cXft root@agentjones"; vendetta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINxTrUPZPqttuxfmmP8BTACTAkv1yY1nfzEd64hN4LT+ root@vendetta"; vigil = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDsz1bjNAThqwF48dKIJGOECsCKHTj/Gn5Gh9XyzoSO root@vigil"; galatea = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3Mke5YtaMkLvXJxJ3y7YAIEBesoJk3qJyJsnoLUWgW root@galatea"; diff --git a/secrets/stream_ulfm.age b/secrets/stream_ulfm.age index 6db5779d069c2e3f340277019ceb6b3c6f417fba..965f5b53dc97b5b29848f93522a02ac558365d68 100644 GIT binary patch delta 2865 zcmdlj{!?s%PQ8n>xmk`|ut7njr+!e0Yj$C-Q+8gUccw{EQL$@Lc$uSVrAbhpVL^Ug zK9_lzf1-P6cydI9XHc52rF({(Td-r0p<`)kdYDs{XMRChnvta&cx+v5TXBWJzH}M5UWaqGMukdWf%OaiU|SrGdH0 z#E;_PDTVp27U9m8DG{Mrk*Q_bWnu1xfo5f1;l_qRd1;XaM&Ta8&MxMW0d9d@iC*sJ z+RiCPfqvmt-ro7XW#*yziGfLmLAjLyDdqZ(>8^hHCSlnHhS}+p;~B-nD{>9}vOSYL zQ=PKIqbw_(d`v?kGyKDx^plH9%>0tvof6HX@{@DSBFl@pk}@m8Ouh5-(u+dF3Y^Q# zLefJm%Z>b8{4+znD^emYEVbP-3JQHv{evPWpJf!U_YElaDGzWrC@wAYH#Sc!^R7tF zD$Y*H@C#20^C~q6C^0YysL0mNFiQ{Q^3=A-3i5R}^(!uP^(qSucDJ<1i71LH@=2>K z&kIip&Z|s!_VX$vv+}0a&Tl$l7+uVn3H$8tF}jCYI$as zZ+g8!N}yS3m219!NuX&_dbvlsiAiXFXi8O@v879-X;z>km#(g^f@Q8jNK~$wesOMa zL7KN)NNAFir;}5esar*$+~gU z1*apa?p6BS4@?5=jW>M#J=f#Q|4nu*JN_#BpDD2UcWqlq-5#x6tAN^^i zmjBr(f4jnqjOLp~&3{zu2-M?h_2D|*ZNfklXJWKc%Tg-d& zOh>DG z7ytCyWb5Li^^WOh(#5ltSnFp@;PQDqZ~I1G@e@}nztzjEd^E#1sN=SChRPvP-GEq& zgZsL;9eKQ2>vQ>yjAG;dF?VwM3Ta$CYM)o*;Iy)J@^ah2ll>dLeP-mB^Ih@!aQ(~n zoe!HAy585ld7F2$CG*DBTr1m71Ta67T)%h!tgCinld6hCkK{?VuibE zxzcLp!i!m>7jLgxcq*d)WXivNpWSyS8u;Hkr5My+>y|mUZ|z0@84O*T`ARR9*FU^C zCCNzq-(7`s2Yr-s44-XCTk?IYI6K=>*Q%n=rAm6nHw|y77Yglt%60CT${PohWt(o+ zmmD~y+0EP1BC&MqMfIa~i#)S4WwrXVuISgFPpuW}KPLNXf0|G7W}DWNCaK;sO8;X& z>=d|aeL})^L0h}a+5>)%4@?cXf8l(ons1~1FHsXKc};a8t=g#H!W!T35|)0L`?SL~W=w`L?T2e#elmF95mD%iGGD_D`^ zYe~c7S>n?!nRu?*ex>=>uFszYg7$spdA+wrF4uCqvW~`+`fA~fEj)J9Gnw=RHzUIarjtgy(GYpNGx8Mk%T9FU)()wD$2mp)*Gl6`f8y z6&U+F`fZ=ou2NH4`?%h^{V~JyjfbAMy?%cAm+OqA=$o$UK_ORWOf_CuV?ST|@6|gK ztC`(?2*^x-#}?9laQUYg%WbRORypx4sL7w;@$c@+4IlTJH@qsa z5za3?279lWo;bCCC9+lguvp(F@uj69><=3c{R#h}R{!F$*uiuRp9j>(z3e zEE8ubm6ZD;r&aeI)th>Lp4uek9h;qa<2T9H-I0B=@Ziy=5YJoA`#BvqpBG?NSia=A zV)4fv^;z=PzD|*AWYSWnNL>7=vBfH>^l)EO%o6mE-r z$@fz_fAVNq!Na)?Yg%-?`JUJOZwXqU;4-1&gZoPFjbVE}zn6b3H?b_fe%;YP7PfxXCx_aj){Rp(sNa$M zF)y$D#pVBXC%634Zsw1?&a~U+lIZ{JdKIHty;>a(Q*uu*S^4!`KVKR%xlCH@;@ZBI z=3b6wd3oO3J4zgq8}GcWv;FrqMX9UUT>8-|1P8Bg5E2m^~fk z3<93iY-_Z6Vz+(Igd_J4tMmlrT#b@=>=RdiWnJu&FS?FWHC}-bkKkJWt|ubYb%=g^Z22 zg7zq_w|>{zFvX!KwIRDY&OcCpf%~ybON?h-TwMI-Dw}EY!hGRXQ#)Sxgk9bgq0RQ$ zLeydD$51y0iCsbGk{{H*p4F}W=ld$oQg@DSRYqZEW_pB^PriG( zD_446wr^pXK}o1bSW#wjSb(pkzeTQ5RIb0Jg`aDdX@-YkNl95^QBHbtB$uw8LUD11 zZfc5=si~o*f=NJCRDQaGi;1g$j)9?jgp;dhNQ6mws9Ru=c1~uMb7fGPd8TVxnOm8k zfoYMqo4H{+SFT5Kj*m-fRIYQ8S!hz2o4Z?DX=;9&pK(-anv+vdphtyIM5KjrSZ+b~ z#E;_P-ls$QKl{xQ7(~*rhX+!`bo*DAyFoi;~B-nv%{UeJ-y9~ zlahjyGxd#4Dn0!I{ln4%145HR-5kS;4E+=Hf<1CdEe(pf0-P&y%MvXOBAtCrD_x9y zEGt7wD#KI!0^Q59Qd6_TGCVR9Q+!h0wJnn;pJf!UPmXYP^eYVUs*G|EHnB8IE-ZD< z3{Ca-%}pvYDl79a%&D;O^ESz=D5}Wj$}R8+NzIJ#vB-9}@N*8z3r;n(2yizK_YM#C zG_W+yj`Y`$DlASZjdXPd#ei#yZhBE_VsWZMU`|+GdajjikK}1P_ zxpuuvo~c=GVWfpefs3}Ak6&n}qh+w8cClNksbywSiN2>-l%s!QvA@5OXLwGSqgi2~ zxwes$mz#fxC0Au|ZkfKHS7fSllv6;mK~zwHYjLngRC=*rX|_{lL2#;Jl#5rGVHlUL zuC79EQC?1xlW(G7Xhcd#Zb4eAlX199dQQD|PO5vlZ@Gz~wo|Hyxre8ZXQTy}#@*NZ z+FO?W%QT9=@C*r9ZhVjW5OOKox(_lCUYv~8c=N!qqs>(@-jGNZG9ouZG`XLg9Gw5EUj_aRy zp3*FMzuo_@-dVwk*URglT;{#OWV%IPW?@9^${j{mn7j^rJj(H%y>s6Mmu;t+jSbyx zw(FdFvs1}GM`!l$Dx3LDi+Q@emkIjH#c3NSY+NE$V0rxCraM`l)rG4%ZGT*;U!r`* z`o=fu0I^kp>o=;OD^%@WkgHj>-Q-Bgr|x*`qL*xY=KPv;q-w*Vq?H?04C{?GcUd2r zT45yGIC(Qq!mt19Y@TO{JXA6G8REEc((2%ubNXLTS#!AOf$Qv#$sg73-Y=eBp_Ee0 zvD^D|-tR|>b+g!bCPl68jNM)H0WIrc7dZocs+VwW$ot*GDn z4u`f|U3yWakEVxnFR*{V>t^(;RkG)2iO##$n_FxAK)BwvvSgC)D&xg0cH6Y)F_;^= zzs+xvTp#AK)=X%j;F(Etmu+d}xtnqM(|0>#(G2lbr>|!np6=mxWq(@IT$AVn&sQpl z+&ZsOzgAY%WrnV6H+Q5=i|@q6vWv=#Oh3zfFik1QsWWR4EcC9HIQT5n^2IXA16v$9 zJ5GkV@BGd=)%ek2KI`v?zg@6=nD*&}Ihgx&R-y=KkU>xY7W zE&cWTZtju$+QEWH7MRvwmO4BCZTaf^PPOV+=NElns&`c+Kzqv>t;TmVrtXej$o`$} zAzzNwq>#S{eij8S4(M`Rrl`X=yRoih*}8|*Vn3uiq`vs&eNAQOBzaq=?(mY33kC{F zR}yBob}R2;5qdpkh3Jc}w|jYh>e|oS`p-dHBTLAm>_Wr;-Rv@d>_1*Oy{>-ykK*dy zqZ-#TteS;?Jg;}1emU)(z1l3-1>zl^p?hl63hsEM&#ifGedy6znPRz;xB5rsZOJpq zoBFFjP=zm3`$DFX!u$S-SuyYQo7PuHy!vrmJd5qcuVsI4Y|awdar2>PxZxr1fT^W- zF6OPDb9cQ%w&I^#$7f8mTs7jjPM%O}p6XB}VM z&7RzS(K2Iq^M36YDT}L`zxYOo%2@u|@$q((OET#xE9o@;hGQ>Ck|aZbjwF1pd1} z=T)y^y}_E`6CN{v_3(W2IZ(;!B=syIX5R96+XouQ8?86rxVWeK-bcQV3!c7L4Zjh) zsKD{(%~t3A=hn#UEbFW0dZZ8(Ci8CX93K`rj#&Psp;D6eebp1>w?55{^}oc>GlMP$F1bTVs3a5<~9xH5qGH zZ%EAw>B>2ix!v!z=JD^5-`fklkL>??vgpVahl7FZ>tdK0Or(D`oVoeVOqs1*+bu=h zQr|bj=(Ule5Oc*enRopf`!6wQsn-8X*mKV7t>mrz4}X7b+qOhCjO}jfZqs#Jr}-Y6 zs?TO+?O6Bg&uyc_r{yzR_Qy!ae$Llx*SvU5{^<0DC+{{H@U{P~{qgndBFhHhbyeGi zIoq~v&6GcU?DFHv7uOy-a%c#}9rLjl)$jck?Vz#rOoD8r=^=LwlbOM{esu0pye}s> zy*|voTxC(MAWLaM!;J*Rw@XDTi@MfnzR#ZirPEE{ zsA#*~ay3IikDOO?T&83OF8si&KP&9Nr%F|%!m3P}Kdj4g>&_~^U-8vXuIBaaAeKe{ tc8Z^UD;2v)Wc`U(EHl@t9h@6pn7>t1X#IsVYa(`UtzOmhjA?CWA^^maHbVda diff --git a/secrets/wolves/details.age b/secrets/wolves/details.age index 4274de6ed5a1b9596acc277644e7a52641a2f1c4..5422757185ca043e3507529faab37c88f439f086 100644 GIT binary patch delta 1182 zcmX@g*~T?Nr#{r6peWs?q{JsOBFZ$>)X2!&FQeQq%`CjEve-}G%hk!$GBvo$$;c?s zmrFY$tI#meH`B<&)y+F1**(|SJ;ErYvLv9`H^?)|!Z;+~FRjX4zrdw5nM>DBp}06h zH#Nn`)YQ;Y!6cw6DnDHzH`pgUzgXKf%QGoGvm(tb#mzg)#I(di-@rRL-8CyzJ21?m zD$Khq!Z|dOD?QB7BecNLD=RdpqBzUl%QCMZ*}%xtCDp*o)49Yr(aqE~DZALzB&yhT z;z#lD$Vkh)tST=j6JN(1$2_A_b7SME$lS6jr?Qe%gGxiUbc=!#Pwn(<%k*Tff(Rqo}MS&o4f zmMPvwkzv`s+P+2ME~b7-`EC|LMu8E=E*9n9Wdd@AYhjzw{N(a zQJ8;4N@8ZVBf51SNd}n(feOZj#u>@Qk!7V`UQs^2#-53hWm#2;8OfC&*H#&PX@C zC^fM-RY4_J!6#TDy(m;OGBHpgK;MSTNxxp-q%X(mT~Z zJtH$e&DAg`u_D{mqui&s%qQE+q$sg6AU!+0#JMWNBtI|5k}D)E*~7!cJkMBLKQSPu z*ef6~E6O~qEIi%avDmcORXeL7pv=c5(B0HHBhgYnQol0CD1b{>S69K@#~{roFRVVo z(z!S+J-o22z{s~MG1%KMA}QG*O25d+*DNwMJfp-o%`crR#^vE$hdT!DCqB+Pd&96w zbm?mOMS{57@{+`xs2A^(XBn=Xpq2dVY@ySOolEa}=imSRrTFfw YZF4n$C|y_2dSM-z@%htq=^wFg0T|AtPXGV_ delta 1117 zcmZqUI?6dgr{3MtKdme&#VE($sk9`dIK$P<&7>s5AkxLu)wkH((XBYIq^u~wugu)g zmCGlwAic0SH#sRdqq5A=vog^mGR3th(k;_4&?UmxE6ppf($w~g{1(wdG zWvLlSi9V(Isrs%iVMVT4X@MU8p7|z0DTb*j=@w?`6-L=yCRuK2mIeN4$)1@8=~*GZ z`q`P`!9JBH?jgAW;W@eGS-}-WemNl#C5euc&oYYFd;9sir{|>lB&S9>Iy+Sac@((0 zIGPlfgjp8r7rF;kq!)+go8%`3`UMtq6?#|rS6KKIdHE-~RGJ1krDp^O6`J}5mZW4B zg$I`=yZV$>1sbR2M5QL9$3SURm6LJ0f@_Mee|}_fKvtlqe}!LAYI(hOUP!h{fxC&P zYnZ85Nxr8+QgViiPhe@DFISpxfnj!#muFE#UZjC(Xrx70Vs5ZcL8*~;nNw~`rhaBf zN>XWVW?7+eKDu=tNd}n(feM8l>4lLlhW^<`VPyt6CMBtvX5}FUZf2JH7P2N$S-j8$~Q}m(sy?@$n&-cuXHWu$}osX z42jG)5A`do%JWOhw5&AFNv^Ue40ANJ$Z{$wOVoA^GV*cHNDK@Gc_rRRH@zq|u{c#h z*~m%3(JLe{-NscRE6h60p+up^PsfNW$gSS8C`&uUv9dJBpvuQLz|YdG+|<>q(6Bf^ zq^zLGB+Dc;!ot|p&?LjN)UmLj*fiCkoJ&_%SE16U*uT)n-#^dIH7Ki~#K6ov+^{Uj z$wb>PJ1Nm1JvqlDEF?TQFry%`oQqYF!Nl{hXi*a5ynf!JQ)E}x7=N$Z;gN5C%f-CD zeDeI4C7)&=^IdV5qcUl;dBx@_Es5(hU;T+SJ9u1S#$nI=pNq7`rfGgZ>=&&Ze?!Sb zV(YY%^;Jy#2Jf|_^}jK{?w?-e{3_^tp|xpQ`c8pvS4o>$wz+4vE@b7Ln;8?TIPn+L zXYW?g_sn@4MI0J3%kDV6eK9R6I$)11+nWO%c2ddR<`-&utYfmz6+YV%TN-$H;^LOP J0J$}(djK`LhpPYp From 4a95e481792f9e06d742c731e4b2337c1c2c1399 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 15 Nov 2023 20:15:53 +0000 Subject: [PATCH 191/826] feat: rebuit neuromancer to make it be able to be rebooted --- machines/cadie.nix | 1 + machines/earth.nix | 1 + machines/galatea.nix | 1 + machines/gir.nix | 1 + machines/glados.nix | 1 + machines/hardware/RM001.nix | 4 +++ machines/hardware/RM007.nix | 13 +++----- machines/hardware/_base.nix | 4 --- machines/kitt.nix | 1 + machines/optimus.nix | 1 + machines/skynet.nix | 1 + machines/vigil.nix | 1 + machines/wheatly.nix | 1 + secrets/backup/restic.age | Bin 2179 -> 2224 bytes secrets/backup/restic_pw.age | 29 +++++++++-------- secrets/bitwarden/api.age | Bin 917 -> 890 bytes secrets/bitwarden/details.age | Bin 943 -> 844 bytes secrets/discord/ldap.age | 44 ++++++++++++------------- secrets/discord/token.age | Bin 854 -> 881 bytes secrets/dns_certs.secret.age | Bin 1760 -> 1753 bytes secrets/dns_dnskeys.conf.age | Bin 953 -> 1035 bytes secrets/email/details.age | Bin 1208 -> 1178 bytes secrets/gitlab/db_pw.age | 30 ++++++++--------- secrets/gitlab/ldap_pw.age | Bin 892 -> 927 bytes secrets/gitlab/pw.age | Bin 909 -> 823 bytes secrets/gitlab/runners/runner01.age | 29 ++++++++--------- secrets/gitlab/runners/runner02.age | Bin 827 -> 783 bytes secrets/gitlab/secrets_db.age | Bin 832 -> 866 bytes secrets/gitlab/secrets_jws.age | Bin 2423 -> 2497 bytes secrets/gitlab/secrets_otp.age | Bin 931 -> 896 bytes secrets/gitlab/secrets_secret.age | Bin 892 -> 812 bytes secrets/ldap/details.age | 48 ++++++++++++++-------------- secrets/ldap/pw.age | Bin 1086 -> 1078 bytes secrets/nextcloud/pw.age | Bin 768 -> 752 bytes secrets/secrets.nix | 2 +- secrets/stream_ulfm.age | Bin 2937 -> 2979 bytes secrets/wolves/details.age | Bin 1286 -> 1155 bytes 37 files changed, 109 insertions(+), 104 deletions(-) diff --git a/machines/cadie.nix b/machines/cadie.nix index 7c7ad69..5efed45 100644 --- a/machines/cadie.nix +++ b/machines/cadie.nix @@ -12,6 +12,7 @@ Notes: pkgs, lib, nodes, + modulesPath, ... }: let # name of the server, sets teh hostname and record for it diff --git a/machines/earth.nix b/machines/earth.nix index ba2be39..c844371 100644 --- a/machines/earth.nix +++ b/machines/earth.nix @@ -13,6 +13,7 @@ Notes: lib, nodes, inputs, + modulesPath, ... }: let name = "earth"; diff --git a/machines/galatea.nix b/machines/galatea.nix index 8b77265..57f5390 100644 --- a/machines/galatea.nix +++ b/machines/galatea.nix @@ -13,6 +13,7 @@ Notes: lib, nodes, config, + modulesPath, ... }: let # name of the server, sets teh hostname and record for it diff --git a/machines/gir.nix b/machines/gir.nix index d46d153..09141db 100644 --- a/machines/gir.nix +++ b/machines/gir.nix @@ -12,6 +12,7 @@ Notes: pkgs, lib, nodes, + modulesPath, ... }: let # name of the server, sets teh hostname and record for it diff --git a/machines/glados.nix b/machines/glados.nix index 33db5f6..2b1987e 100644 --- a/machines/glados.nix +++ b/machines/glados.nix @@ -13,6 +13,7 @@ Notes: Each user has roughly 20gb os storage pkgs, lib, nodes, + modulesPath, ... }: let # name of the server, sets teh hostname and record for it diff --git a/machines/hardware/RM001.nix b/machines/hardware/RM001.nix index 0ecf097..8d1ff3d 100644 --- a/machines/hardware/RM001.nix +++ b/machines/hardware/RM001.nix @@ -13,6 +13,10 @@ ./_base.nix ]; + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.initrd.availableKernelModules = ["ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod"]; boot.initrd.kernelModules = []; boot.kernelModules = []; diff --git a/machines/hardware/RM007.nix b/machines/hardware/RM007.nix index 18e8b35..1b9c130 100644 --- a/machines/hardware/RM007.nix +++ b/machines/hardware/RM007.nix @@ -13,23 +13,20 @@ ./_base.nix ]; - boot.initrd.availableKernelModules = ["ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod"]; + boot.initrd.availableKernelModules = ["ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod"]; boot.initrd.kernelModules = []; boot.kernelModules = []; boot.extraModulePackages = []; + boot.loader.grub.device = "/dev/sda"; + fileSystems."/" = { - device = "/dev/disk/by-uuid/c48817e1-036f-49a7-adae-f63fc6c03cd5"; + device = "/dev/disk/by-uuid/a6c96ea1-1e66-4ad3-aef6-dd7131c83530"; fsType = "ext4"; }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/76CE-C65E"; - fsType = "vfat"; - }; - swapDevices = [ - {device = "/dev/disk/by-uuid/eced30bd-b785-43e0-a202-cdaee7e0f4f7";} + {device = "/dev/disk/by-uuid/5408b486-62ce-45d9-bca5-b458e68ef7f4";} ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/machines/hardware/_base.nix b/machines/hardware/_base.nix index 02a9a68..ae8b77f 100644 --- a/machines/hardware/_base.nix +++ b/machines/hardware/_base.nix @@ -11,10 +11,6 @@ with lib; let has_ip = interface: (length config.networking.interfaces."${interface}".ipv4.addresses) != 0; in { config = { - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - assertions = [ { assertion = lists.any has_ip interfaces; diff --git a/machines/kitt.nix b/machines/kitt.nix index ab313de..881d14b 100644 --- a/machines/kitt.nix +++ b/machines/kitt.nix @@ -12,6 +12,7 @@ Notes: pkgs, lib, nodes, + modulesPath, ... }: let # name of the server, sets teh hostname and record for it diff --git a/machines/optimus.nix b/machines/optimus.nix index 9e80047..9cdcfbb 100644 --- a/machines/optimus.nix +++ b/machines/optimus.nix @@ -13,6 +13,7 @@ Notes: lib, nodes, arion, + modulesPath, ... }: let # name of the server, sets teh hostname and record for it diff --git a/machines/skynet.nix b/machines/skynet.nix index 4992f5d..bbe5676 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -13,6 +13,7 @@ Notes: Does not host offical sites lib, nodes, inputs, + modulesPath, ... }: let name = "skynet"; diff --git a/machines/vigil.nix b/machines/vigil.nix index d1f8f1c..ba4d464 100644 --- a/machines/vigil.nix +++ b/machines/vigil.nix @@ -12,6 +12,7 @@ Notes: pkgs, lib, nodes, + modulesPath, ... }: let name = "vigil"; diff --git a/machines/wheatly.nix b/machines/wheatly.nix index 210db08..16fc41c 100644 --- a/machines/wheatly.nix +++ b/machines/wheatly.nix @@ -12,6 +12,7 @@ Notes: pkgs, lib, nodes, + modulesPath, ... }: let # name of the server, sets teh hostname and record for it diff --git a/secrets/backup/restic.age b/secrets/backup/restic.age index c32b42e38bbb3e75a4642e05b01fac8a07ba3a12..dba3493ddf4e8a325efb19e40ed30ce8a8a7cded 100644 GIT binary patch literal 2224 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5zLn3n(%& zh%igb)HklsH!w5K%dW_)&<_bP3UI0_&rJ<*adkBb39yKCi{uIpbxq0lO4TGn>n_&^gy2FUm+iufQnK!`;=@JY7G+ zJ3PHC(5WKSr?507#5u{x!`s8Rq8!~eQ@<2T<8lRKf0ra5kCdXyFb~6&09QYs!f@@> z+#E~q{L;{X08f9XaPOjIA0y9<+s-Pgt#FQ*wZS6c)|Ee;tU?0a6=UlJS)bL2J zkhID$SKky@bLYHJ%Sd$F3N2E-($f_(L$i{C9L=f{&Hc2Uiwmm^@_aLVP5sRMa|<1P zvLmXJ-7L#}vWtQujYGMNO>&%zjV!%G%+tIbvx*}Ef(=4UqRK48B0>zZE7MW}+=KH{ zlXJt9102z9(|1oYO%GHs^N;WfN)7W*EH+6Ga`r1oNsLHyD-J6tG)#9j3@^_J*Yd4a^J)Fg5ltHgz^j^>aye@+LG~27hS34}+zcMRIyCO0w&BG+Xxy;Ge$Hf5Mwlbqg14~DR zrVs?4>$3iC69 zvMP<-jiTJVot;ZV+>)~+Exm(sEyJ_@l1(C$@=cS>3o0GC3=0YqwZqHYj6zZkqSAeG zO9P5Si&Na4^NsZVgR(P%{G!Ud%|f!G(z8v_ZF32$3eHSd$SODW4zcjC$al;SF?0(u zOw7m+bV)W&_jJw*Dy-5j%Zjq}EspT83=NLt3N|cv3i8g#DsU~x4h%JmC=Ji|Hb{0f zOAa)xGBPL$_D*zibIo>g&Tz-bZ>3RHPR8j9skx@+>0U)ir52%{IbH=>{>6#8!KTGo z=Dra*E}4#jpa=%*syZGEDSvDa^Ps^@KGz{>H$kEQz zj?76$x6QN4(YMf1!O%D{#W^_8*EA`_pu#1xpg61a*NcQs^lc?z)V-4D3k1fAX9G(mq2$)x`pwzVdA`?d+(+o2V+l&ix^u5a!qO$dU zU5YER%segiD?=;2D_otOyuwX_T}<-|ll)AALY&GAUGv?7Qav2Gl1sh3bHW46^Gdao zeM>BYvob<5g90m(!$RCVvs?;tD?FXU32R;jyRx_+slkx^l) zx1+DWr-iqBq*-8DQekF=XQf}5OC?5G66$J}mK>;H=;M{^lWvk*nd2SmS5$m8SI!7m0Vt#lk8odnda(PlIzLklxyKyl$IP4VOA7Xd5*DoOpH-9-k>ZFRZ;@_^70&4jj%8)~&RL~_Sw_W9p*e>B8RZcbUWvJ7u7y$I zsUGg7hIvWO+HN5cc_9{DWl?#N`k|TO-rgxiW*&*&zUCQ8Mu~a8NjYiGk;TTACBZqq zIk|aNnHlLI+rqVrbkmDc6N^(7v~z-t72>KaqZD)v3e0^1xFSM=%qx9!G9pqeeBIqm z3^VghJUsLhD+;r6++C|I3^OXyN(*xnqqI#T%1pwH!@Zqz)AZBJos*La{DO_#y}7~? zi-NM8(|wJD(!v8wz1_odEDMT@3f+_POt^G)brnLw^@}nhT{BG`i^F{KN}VE{EG?^i zEsDbZOMS~LlFM?7JbhFBip$)b4Y+c0EtkG_ZZo;C=h_d;$YpZ-A8;K#QB-u_g}NZKRz;FMR)c{8?Ynz{0WEEU!&JH*#`^*yw@BPVn8jGboU+;wp!ydn-y o+Lq+axv)```=-~MhF8{8HwOOy^zHc<wnPHB8DX$PEw3_p8kC z@d;1TcTM-K3U>+hv5YFWNb&P5P51V4^Q?3;NJqELB%mrPKV8AaG|7{Ur!eQ@6pwu0T(@*pSgtO^XjMFbZ)nw2Yf6yzJ0Rt7qI z8E0387W${>n-};;mgc*JmWO+5`;-_)_~-kY6h=DdL?m;0TVz{!1XX2v7kK%5nK^6c zCRe5AMj9jrBu9m(hX#ha86~D9rj=`#1Yx8}m$0hf%yfmS;zaE#KVug|M_e{Sx1_Mluu$_5 zmjDx2i$YJwq@27W_jIG&P!sf!ERCviGEP^>HVjKl%?c>W$u04VGAYgUDXvIKbqt6y z40H?DP7BXB_0G*SDyaxaHV))+a&^rp%`gq{aZ3yGD=aa{OinjTHpxxNPD}Q2Nj7i~ z$PRUKE-z0v%qd5=t+FiGGO1j_#HXOtIW#oQ)!!g7EydK?GS?!<$T&aDE5M*KEzmtO z*{s;fETz(@$S9kuD$p>}-#97V**&o!GdsyYE6KmSFwey)!p%Iy*C?#2I5I0a+`G)M z%mgF9c~&|47CI{UMOYdIIRhGL`=k0gW4 zf8jR8ODC z@E|{b#~{;8C-<~UcZ-mcsABK3q`z$>YS+0=gtFP@5 zTwo9pUgcJ4q8;j5YEfC@R-Eb`SY+-VS!tARk!$8@Zc=WV?#PwlTohzn;*%X<=5J=| zT9T3)R+VW|QB+u&ml$H1QfiXyTH+THYFS~JXMi4W!G$hPxsD2nW~l-CQQFS_k$IWH z{#EG_DduK*6^0=h$;nQECHhr4dEVN_#-2v*!R1^AF4`GRIhGj~$!6Zc`9Xy)X$2w9 z5rr8+C7D6md10Z&7G_0WXP zN1A$vCS_-92RrBZWg5A9lvp~N1bcG1=LO{Ex`rE6B!?u2Y*JJLO8FU%*<9u67J-og9)9_OPVQc&QOPFBnMJ9NInLpwq1l1?WtKj!DZ%;P z<@!d&VB6AkH7pz*bkmDc6N^(7lngBGH8u5|6apOVN&{^}6jHPjvOKx6eS<5Ky|SuY z42;rD12SB)j66Nvf=aSXwVnNn4UJ;IA(R$3Ia_jiUyJ@j~Ock~sr)S^nwq%FVZ9I$j|{HRt`zK*$RtNUta)mx<( zl%M?;UgOoB&{#k9Xy~$^mD@H=TosmiY@7T}&J0Gw+H-k{dVAkZ=Q{e*KbtL;@l*fG ruHEmP@}o){BV6|{XrE+O!{nk=?sQLCW{>L6xzAaQA~tPy`K|^43DC{& diff --git a/secrets/backup/restic_pw.age b/secrets/backup/restic_pw.age index 1885e43..7e2c928 100644 --- a/secrets/backup/restic_pw.age +++ b/secrets/backup/restic_pw.age @@ -1,15 +1,16 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA UrkmIZL5xSVVJ//LVygMsIVjv9axkiGHQzYXytxB2Vk -EEI30Szqp55TKBUpHGhE0kG9MpiJbRYUatwjxI4uarY --> ssh-ed25519 4PzZog z4kmVHgbEbTAUK2n77K4kPep1JVKeOjJ/DsBbllwC2I -u4Cj9g0oAD08yeAh86koOQpAOnkGwDTtgQDf/i6uvSc --> ssh-ed25519 5Nd93w YKp+mkt1IJCd3upuXavalOs06kADebHehoI4EyGSJ3U -lsDewdeBFBGj+SyJCp6Eay6Ym1oervcy4k4YqWdvwbc --> ssh-ed25519 q8eJgg Zp0cx2VSagfaLWVNcThlrZDSWh00t9x7NWFNH22f3Cw -Beddl2WC2hX0iUNRlYPx0tYofpVLuvpA+1QKeXL+Ln4 --> ssh-ed25519 mKj+iw ZekINCT2/NuDprvxYC2NYaMJpy7eWFxKjz6DxX1+1U4 -OvwkA2dpaJWek5JwUNr+QFJDVTWzNaTVE8cILb+lcFk --> `^ZVU'F]-grease -bX85oZ2Oeg ---- +N65SzHOFt+I2pi7AqBvcIqKrpwK929+E3BFJeIvuTI -oxĥ8!"{YC: fnmogCz?'0iܞ(o-a U#s烏Qޛ0}B|Z \ No newline at end of file +-> ssh-ed25519 V1pwNA GYSbmrWHb3NJM8MrBn2HllMdHydtXvFI/27yCuWzfFA +VyayuPCLPv6sHa0YWF8PWIolG3tNSCtB5NqM+r3z2lk +-> ssh-ed25519 4PzZog ya1j0N8sjUwYmLDVagfGAsQHXpaBg+qpVYtdALzJD3A +Ad+ORHJ3U9OyJ+LHygjXq2yLauhFzPCPuXNx5/onH0E +-> ssh-ed25519 5Nd93w Q/iHoCAyDoqevYj5vQJ4BW1ROVZ9hpO5uKCmUVmFEkE +ucG0grsbKinz8f3v9iUDF1gb/tYArlkTneYEZc+q2xs +-> ssh-ed25519 q8eJgg T2kEFkeVrZFYCVgndnCHvstE6mNYbvqVUgcT+2JEBm4 +sOmDUGEB6gYf90t/xhEDJORMBck3E4bK7yY8eCxh3Es +-> ssh-ed25519 3pl/Kw 9WflDj4m5z4+I8+0sLL/VmqEnW/AiMZHHk4CnCplJVU +OwVHhRty3o3noQZerE2drU4FyciJLrIfYy5qrlb3coU +-> @ZM|>r-grease TMr!(t +vnQfaw8 +--- 3xV2ejaWvmMXQNbKPaVo/UzBvnRu6JT+3BwuwS4iV60 +Wa Ï$[;tOtnb4F̙";uK>!r_x3 ["9 +MN.b1C>n8 \ No newline at end of file diff --git a/secrets/bitwarden/api.age b/secrets/bitwarden/api.age index 8d4755ff8a820388a0e72ee0112c9593f816521c..1d1fa4e9c7bf2993a2b664f6c0d2a6777e083849 100644 GIT binary patch delta 802 zcmbQr{)=sbPJLKXUY1$DhqiHEQeH@TNI;UYp`S&jrB8`zuunu_lv#ReP)?C^cuI~- zB$roKen4P(aAJyiVR*7@KyamtSC+n)MNVXSNwRldPKt4gvssXfVNzvyD3`9CLUD11 zZfc5=si~o*f=NJCRDQaGbD3+ReyOREiHljTS+2f|xm#XIskXkaWn@@DaA`_biI={M zwn;%^MPXhsS4m`6k-JNoSCNH9a&CS|V3DC^W>I-jxxQPuxj|@-U%IoWfm^Xhib1f! z#E;_PCdGk4J|%f+KG{{i+2xfckrl4~#V%1kA;y`(&Q+DBety1w*;Ppu&Ka&;!4*{n zNm0cGCAozjW}XG1LD{*1QGU)rxyHWX7DWXWK85ZczQ%>6xnAXy;~B-n^YUE$OOmon zf&<*$LmdmlgS}IH1D$gd^CNTeEsFEp!b3`fDztr^Dl06wLIQm}LVZlik{pdqLtVo% z^ZoLDg9;)N^8%f+-71}Zw9T9&a*ac?6D!jvpJf!Uw}>jREc4FwG*8KOEhtr0ONL8jVIh}GMM0TMWvG5q zfKN$Al3SRkVMdOjYr316Z>W!lZ;4~Ri(5syws)nwsikXCIhU@ku0m33h+~SAWrk(C zpI5ejd6c1>r?#WJtA)O~lZTOKws&rNaY4OBPJpFnZZg-w-9O?r%5>iT`KdPh@qSf} zefGUMv(A2ve(!U1Hk58vEqy5cuO?UTQ03>UvZEDuy)Lhq(4t~9 lvCjPMBT3;4pRZLtm}t0WOZ(>ot%vTeI>tWDd!Y}D9RNUjC+q+K delta 829 zcmeyxHkEyXPQ7E5OPFD}VW@tjzo(mHRi#l>R7kdVc147-e^N<+wt-J>c7?lhidSH! zBUea4np0A-rDM5iPGCiNa)d=vQfhfvO0j2VN_j!5shM|SSz4%XTBu)$0hg|wLUD11 zZfc5=si~o*f=NJCRDQZbd4Q{9rb|vnex#SXfk#n*fm^Oyx>;C}SyoVzmr+utbFO(o zXsM-da$`g%$e724MwdKE{TAAui=yp$5j@ zj$wsG;Z^1yg#ndmAuidK!68Zc<(7T{E};dX+I~KvMtLE=&c%+C;~B-n!_&$FQ(d)< zoqWBMoee6o61~#(^U@1EinE+jExgQ~LkqOSa>G3hOL8K)JdGT4E3=FW5=#pWi+uco z%zOgVEb?=*obm#kk_`0&LrMZmBLZ^_Gu?eBpJf!U_wqAw@ro$Q4N58qbn?pzGtM_D zFEB|>PuC95HTSIykMg$+F-k5=b#yA`O0LZFcPXNdWu>2+kEN4Ym8G|TrgvtRr%zRIMOK(&lw+}zyT4Is zaB@;uNkFA(W_orZm#(g^La|$#zEMV%MQXjFnRa%0kw;)!L`te@WrTT=PnwIbWl}|i ziA$BKbB1eVAeW_4Xlu#b-wa#wx7w;J>oFYu^Pq9V<6CCl%IxbmZ8q{W6>JMNEe)Cf z?O4f$-Ot&RdfglL`QE73-M^;j2tx$_lw4h1k^kwB0}^>>sdYU+RKeIaQ%@^GEHwD- zrhF4cbrsRGXYx8%oqi_!wl2^~~ K8O5@Sti1r4>n5lG diff --git a/secrets/bitwarden/details.age b/secrets/bitwarden/details.age index ea53a6b9e8dc365d4e60d14b5b3d4b64526ea96f..766e15e1aa74b463cf325612a7215eb5a167b0ae 100644 GIT binary patch delta 755 zcmZ3_euiy=PQ9y9azU1FdSSkPc6eDvkWYH3mse<|cSf3fqH%=3nMF}bQl5T#UO`Dl zI#)`OVU=^ap^2Zdb5LZdYiU}RTdsd(j!#i=VT5s*rCUUff0~a=hQDvIBbTn7LUD11 zZfc5=si~o*f=NJCRDQZbQkJ(-a9ClKS(KBvi(h_tl3QeGW_gOaMQ*97Nm_({ice6P zg?pr_p-;96m!-E;S%`mxiC=}gV{)07e`%g)W}dg3v#+0vMRID2xp}dxleeXhQIb#j z#E;_PX{G@wrr{=zZaJYD&e?v&z6CxW5l)qnVcABJrhaLLrk0UW>E*tOIoau4S;>VV zo;lhsp(&NA=_M|i+NMt4u3=Rf>24Wi=8i#@*=C_-`2}GizEzHs;~B-nvvX3MBg6di z%uK`5a`GZwODYY#{c?Rn9W6@}4buXX)4h}Z+yjde-E+#hvciH2i!GduEDJ(P42{jr zk}J~nld^p>l3hJhEkiN`j6;pWeX2r2qg+iUpJf!UH%m^6@=7f?$*u_S&8vvYH86Je zHuUrJiYUys49GYz*4 zOUcqs&#JI+OARluC@Zo6#ekxXZLn^7QEFmwDp!z2D3`9Tu0nZMkV&Cys&8_bpQT4i zPFa1HS8%pPSY@VJM!CDAuep&)NqCr_vtNlzRX*33Yfb>5fvtdDgIBx;(_S<>aM4Fdv_4ATtYTcweAS(TGz zQh0fop|7DUSGJdro1<5;vzdj3wqrqLMW~s3Zd9O0Ws-4uwtk99nv+FIX-J5XhkjA< z#E;_PrIo&h?onR82B~EQ{uQD5UdF~jWu=amNf|{s<-YFWiQ!HW-X#_W-r4zFmW3Yv zrI}7XCfPof=D`Ji<{r7>x#gMJVJ2D5M&7B3Nv`E#0nRSDDJhYY;~B-nbM>=|EmJG? zwVlm9oGZMX^^0-?oI?WL3l02(s`9-vJ@Wl4Lmj=#4AVWiBK@*5^DF$q^Bt?q3nIPT za?-NXJQFjL%EI*{k^_n&P0ftUjWWEFvRo`CpJf!UPtPkhb}A^b45>2q$qg;_(2vs2 za`yw!5QtrFN=`qqlFOpSGJ*BA2eNu0m*OxOa9$Rz*s%S(ZzFScZ0y zYeZp0eq=<6ccfQAv9W<)qPcchRA7{uCs+L!y{i3HR`Wu1Jx{+raQ*q8y?5?x`kVNw z>C5#W`VS0)6SV5uZ+((=VD1WR4U?^W@@-prANQnro7PlzSH9D;J}9+cGjYk=8#=1j zYj#YSYB}L}!sYAtwPr|(>eu=1&*G$au#^*^R6-CEggW%U>*Po*yfJ%XIgp zqNs&4kNX)WhkG26nC?}Y9_;>2Jx`uTfX7Hr?b~XDsp5@%)>q~WtjYNz ssh-ed25519 V1pwNA /ywPcnDv9MT97QtCtZyDgwiu6PFqQ9/syRsVKJljO38 -aqgfEOOFxZ9sAZa3ma6XX1NIHHfUgExflj/wh7kMln4 --> ssh-ed25519 4PzZog diUivY//pDD5pO5DAOF/hpVFiy+UEPt//T2wSsb2hFs -8KilVjO5UOGqXzJ3DJl0Squh1KCBDLQz6Fp4P/+senI --> ssh-ed25519 5Nd93w udWVov8JSaEni4WuLH4Cj+/+gDNrtVKL6FjMcR61wzs -K//4c4SpggpOITVg5QY0vzaedQJrnfKJwaWvZyknlI0 --> ssh-ed25519 q8eJgg qHWmUmpkVNF3SZEnAgBU7EgF+q9eErnz+MldT0wwigk -MsEPbJof97Kz4emhNkZG34RZvJeC4Ky9OkncElfHumI --> ssh-ed25519 IzAMqA +NXHK30PSHgyl0gPbO/AJTdveI2qcSbRSaJnWlPBHAE -iBpfcn9BHFXgoc70cQA5u9KqW2IdAveyXM9rV79J4c0 --> ssh-ed25519 uZzB3g wD73v6MdXeeLGhOZBQcSi6/VLVtGBRk4UOwaFAJtsVo -KvGoCprdnry2gHwzTS+BfQ09DWawKKoA1q9QO0Z/n7k --> ssh-ed25519 Hb0ipQ hqMralxzBAmwwVz2t5ySnk3skhxUGr+NXjbm+ZSKVVw -/MMOfDiQtiwoAD5DJxQnjpkpi/3C3DLXTSwUOkF6CSc --> ssh-ed25519 IzAMqA yNEnWzWwhJSNsT1C8aFIiOYb7xXlKLcNL2mhisWhhmQ -9C5Iny+zpFc8wzYO5EUltD0nkHpJl6ADvDkexgHQGtE --> inJ-grease ( $$4~2,{ gN -FFbbRchWkZG7edNSxcs5qfJzAc8u8jhjOTBttADj6gqrfbsvU+md/ttHShow4MBd -IttH8tmx/5VOiSdUHDpdlTabog ---- 0z74mEAmADrq8gy7L7n/JPWCE7HdBsXDBGkOHvlpHe4 -tTX^sϷ(D?'l7t^e1|},RⰟ0Xl%(d*;D{7eIHR; x$zCɶk= 83҆ej]1CÃΟ -%J -lSt.lU]SR $֩ \ No newline at end of file +-> ssh-ed25519 V1pwNA JqIKLU1UKFknLQneMlCs59bZKyrjDMvhbOsqsl9NIFM +HV8eXdPdMJvQrm6vnP3FutvGbuztQ4ETRGsULxmiGMg +-> ssh-ed25519 4PzZog FrhwG6liee5jPg965xkHysd0OMZnRDVmfqdEz8jYD18 +P8OoT3trQiuL4PnJV2JWELxultHPap6YymqakDAdkL0 +-> ssh-ed25519 5Nd93w bCXAZAZmawgAAIHX0RAODnMIIlYJwLulGECtyjLoIz8 +Z1+pBzLNhAxDaDxQMwrRxsbXr1MwMbzKCtNSXYbCty8 +-> ssh-ed25519 q8eJgg nSHpZSbnyCveRm+sZvP8Z8IEof9g0k6Q17o+9/UyA2k +5w40Dac5yxYNSk+5QVMgx/DMvJPas7tIAd6JpNw5Gc8 +-> ssh-ed25519 IzAMqA Uvi/qrCNBwpI4cmM/5ohct7QBf8urLa0uQ4RCJtN5BQ +rKauhSYfsECiZcYbCqV7sQiD2BZcZHGbzkmtiYl2vTQ +-> ssh-ed25519 uZzB3g x2II/DSbKNhfTfLU6b9qAwyc1tI9jvtnizthdfdQYFQ +zcSeSHC5rTB5U5Q6j1z9OH+F3AWVv3Fd/QdXD1GTnbA +-> ssh-ed25519 Hb0ipQ n+qTpgqN+LK/Dze2YM61owDyG+t6r/mxYnmzXynAvH4 +UedIPtFGJUf/2oJSceV7ONsBSAxrlup9p9uTcjO0tRg +-> ssh-ed25519 IzAMqA WRSBBb/anTu0MANFS8//WAS9ZZd3CMzVauPLmrsKUFY +vySQ01H9I0WbbzsTRcLkEqFr3jgr4odcD+OTzPHWAkQ +-> _J"6$Ozlu~Sh&NmX!)ms`14vXg$4t7)iyvQvgj zHkW@;mXSwgVR2?)gE=Ne z{%NiS{+{|S=9cFACRzFw24MvrQ6_0l=KgMpA<2PNenEyorh%T5;~B-nBb^Nj3{x|+ z_5FQPohvP>oP6>_6Akl|^NoCS{hhr_3?eO)(~MGmE!-`*q5_SAQd0vWe3Hu&1GGaj zlT6H0axKfeeT~v{^*w_E1B=a*i%We9gG>!3pJf!UH+Kvz&khYva)~N0Fi)*8N%M9N za!J$o3k);!_V&;ZaW677Hm@r6D>O3Uay50%%_&JKPV_AD_Vvri&WtEZ3-By64s^^& z%{KEkcXuyH@~Q9-Pb~KZ#Xym6dQoa(ajHV9f`2(zVn#%ssX<9da$0JYd5~jPR&udp zNlATWiN0l7Xl0R!adD<;nMqbyT26A9S7lOZWr$%}rhc+lu~$TqS%Gh6Iai=xRk(g` zia|9ijgh!OKM`FE^K~a@=s+(CrK}1lQi>qOxS%q;)re!u4 zm&d(JT|3TorAfUzxO}?%@^klvYtM*0^O*bjC>OWKYfqO+WekSb{N`D>_|~xMD$;Nkx`c~)|51Ot-|UsuVw{w$|Vlg|6Cm%iQGTN)VqAvh-2 Zu(?2>VTHiGM^Ce}*FRbIk@4PJa{w+$8@2!d delta 765 zcmey!c8zUU8mb4}Mz##wo;+4&wh`GzjJF8NN0#o9qmE{>U1W*O;R70&s& zrjc3R=Gvw~0e*(5rP=wV#yLJIK3|SDw6{PBeSF2GXn#2 zTnjTp{leWceLR9Ijf2x1(<|Ll3NyUYlKo94pJf!UPfZSvvdqr6sPOlysEP>l(Kc}} z^^Yx_lRitF1xtUH~j^W7lMPK%}AWj=G=j?P!JJa6w4I}8AvwGlu7 diff --git a/secrets/dns_certs.secret.age b/secrets/dns_certs.secret.age index 351251eaca146e4722be47bac9b8660d6e418f2a..fc2ba1a5ba915db24183c025167c24f14be974c9 100644 GIT binary patch delta 1596 zcmaFBdy{v9ZhcmnV^B$$eqL^BfrWcnp>~pyaY?dappR3Mzh_a7QDl00MwO?9qi=a2 zSCM6;w|-7Vs!LjWK#9AHn@?46W}cIaesFM*he>K`Scp@8R8e@KSCDZem#&>cadC!j zYKoDmsiCEUNkCOpe!4=YXP8rXxp%s|vAJKcg>#TmsjGf)UUFubXReQBdZ0&Ca8iIv zpmuS-ORfo*eri-vWs zkK*CRL7rufet|{$X&I?T0TH2|Wgb4^VcFURB{`N!LD}xkJ|0eG={`Q$&XHWMxgnYP zLB`GoRhh|-zJ)#pSq8<%k>wE{9#MHl-d_It;rbayl>sh}so9g`8O6hM%M%UDGV%f( z%}ql5@&XNWO)P^A{R)HJaubcb6VtsseAB#BEfNbX-F&&UBlGgK9kT*_eKNGoQ(Zku zLn1A;4Jz|}OG34MLkvP93Zl~eEc}AJ4Du(RWfZTEO7To8PV_g<2n!3!F3QiW%=1nT z%y%`h@F^-b@X8H#PD}O3u5|LsPdDH)%q__&4=IVrFmyF7HHa$6(RVB|N-yy?Eps$? z%=SvxPRerh@y(8kN=ZhK0hh3<;LLOdx2U8*!;Cx=3s2vq0R3=-iuy7`C#R(3OdoTv zj1Z6ffMUmTr~DM>@~8?=E~g;>h=^QAC(mr>GVMfH6ECMS$8sYxlduA(y!5mHcf&Gs z7k5ju5Q_+m2oElFamsa6$V!XU_6#%#H`X`T&kM{8@pUh(Ov~~p3iT_GNGS^|%_^%m z&vnxFGjp$U2sHeGUsD)Rs zBUeSfXK{(EPrZ4*c}a=3M`D#(U}%uLVN{y4MX|AdaB#S5n0cyaUX){4NGQ5>o>h*% zg^mhE<&KtBE`FY+Va5e%=4C;V86J7A7Lnd*UVfDoQK3HmImT7a`F_478J=9_7FESL z#i1S{p4nzqCYj~s7MA`6!9i8RX&xp)QNf|%*{POpfk6TO5gERd&$Eb!`}+C#R)ysF z_&DYz6}g({R~EV#I~kxjT95r@H4>nB^z?IeA4y zXy>`6Cnvfl1?5zDdKmi|l$#YBgnL>91(lRfPGk`e4-WFu_Nz=SE%tOa_Vz3(O-l-N z4l2tFPl_zbG&N52cPy}UadRv+jdaiE^3V0k4$ltEG%hvE4t5Kv^vuuAaCfvYD>Ke? z4c0D-@CwV$4lxL>Ob<;4yF0KnqqN98)T|)HC_mgcG~FpUBR`@-KgcpaJlnf4BFMWq zz@xyh%-qQ}o2#tKH#Z=~G{d4KB`?%FJ2*5cKglw)$|5nt&$7_j%r(s`FrY9cIoUj; ze6lU8c)g=pa=vq-b@7?m?7jFr z*W-z_OYEl(?`e~_J4idx+I*R`KVRsIx$`@pF5@uzle7EHw7KN~0?Q>~ delta 1603 zcmcb~`+#?XZoQ9Frb|hXfoWzyg-Karj!TfIUzSNxfp40*kB675Nl{=~imS1gk6U>$ zm$RFrak8(YV^~FHKz@K*enyCgfoFC}XlPZaZ?L&(m7%|>f4R9wPEtWOm#&>cadC!j zYKoDmsiCEUNkCOpe!7BxfI(S_hliz)L9R!nepE$NscTVaZnjf|UqG6dZ*HNlvstct zprzV0QY% zkK*B;<)!I`sg}N`24T*nWuXRH?iq=>sZlv@79KtUM&3nP7F7`??uqVhdD&e0LAmbQ z;l^&>VL{o(MLFiBZb=3{X-WD8ewC5FrlzKT=8lyWWu_%Y5eAdv8O6gr$^xT`ElllJdf{!`*VD0_6c$r)a?3}L0hh3<;LLOdkBmYSFC%mR!jh0se>YRtu=)z8NJpbEQ-8Cv zknBRQVB^v-ZNI{bDx(NjF1IN6#4?kTa!Y;F5Whe(PajXm&n?b! zME6~&t65rdph7@NSXHGh*% zg^mij`sV4ONscc5o>|FRVfn@`!MTZE5$VRJuDRhJ`K48c;S~WXM(Lr#j+I_crWu9$DLDb=z7{FI-szE(&$Eb!mt_@(nWP#T zWq6pH20Q0w1ZJhAmFBrr8JVPbCObO0RThSoI)3 zR=Ve!rq592z9dHN)Ive$qETIb#$&U$;%1XFAoX}s?^ud&<{v4 zGYN|-Hq~~iF!o8RaPc$&yW65P)weJ(%edS(!qYUPG}zDEC)eDQ$$SKu3J3ra2O26Da zf3hvBczv;nkC%UVx@oa?VN`ywTUe$?X}W1?gm-9wfon!arFK<$mRnUyctk`{F_(K; zX{c9dv9m!yVNz;EuA5njp<#BpPoa5uQB{U>nTb)6er{BhrBg;4IIkFcrRDht>!uf_ zCKjhEr0QlXnCbYJc={MDffrH2I-73Uj;Sfm)| zB~}`SWd;S81V>pWhX<7FC;K`_xq4`Ol$E3g<#Q=#=^ESZ$PXyou6Ocp#gl82+xugB zc;EIj&)4-+k^ShlXiL)Vs2;uxmo7Qob~aZ0`rB@9{V8uI=`R;ISbY6_M>y!_RpxW= zWgO})c0X8fdfy3+=$R+Ivh*7-{jz?vc-M|uo8J4iI9-&i>+N}Z;xn83Bf*w`>s@*G za9l_gTkP6mbVM^@AFui*UInX?^X%-#FUK3?T+U$gb6-%{pvWfN4S^7&&0)g{h%W_(Cunfh}L*BSsh C87db5 diff --git a/secrets/dns_dnskeys.conf.age b/secrets/dns_dnskeys.conf.age index b83d6375b7890fc96640c5a58b9ad65ac3bf2296..37bb0ddcf9906865e5ae84aa569377d955ca7805 100644 GIT binary patch delta 948 zcmdnV-pw&Vr{18zFefn2!!@8H*)P!FvMkRdz%b0W+_}=fz@W(4(99_yw<<3sEziU~ zlFK>VyE4Py)w9^YG(0Ii&A2cuBT3sUBs(+LEzCKp}06h zH#Nn`)YQ;Y!6cw6DnDJpUEeV*D?8sJBOox$!pGB~#Ld&tD9tC^H?PdqPd_;)-#o(6 zC!@SH#5~=VtJu>xJF`5@DJ0y$J=~zw&@DT;%Fo-xGsCkmyed^YA}Bnd+&s@Q*V(Lm z;z#jt|A=ybqkxWrkHGY@ijb1v)Qm#?tmFt&BhRb=L*vAVazhiY2yaiL zth_vZACDwY%lx9kwA29oY+t|PT;F0dQ_H0CG|T)fXV>EJ$jao&@r>f(L8;l5r2*b4 zWmANUY=~+pEuAZd&iR&6Az@yAK2;R~#raWLX6BKT&oYYFyXQnyrKDwK8U=Vn8s|%KT9gENWSAAB$3U4;q=BWQf}gvOvx#S#rGAB}_B zcTeBUik$4C$fC-klJGoz1FxJSvxw3PzwmsYJb#1m!t4sabT5C?6w@r{vOMh!pU50j zKjSiIuhNvD%1AEvKrUTfT?N<70R417|B#@_iu7Fl$YP_!`fxYn66X|O=MoQh&x#}` z_sqb&Bg$rk>k63`5HZL<-3{`yz+Cl z=-U(>-&)uIvwyX6`eW&maUi*%noJ9ZS=i9Tl@L$Q~Wt$Cj`VTgq%L|h;8iBYv<^GQkT@R_JUdApZ}TRS*ulw Lo%(Cn+)x4ld9q1d delta 865 zcmeC?*vURYr#{TAq&UgfA|orr(%sCgBFx;vGS{-qEXc^++0@uK$uHb9EV(QoG&d|H zo69oDKQ%D4(%ZwhxKKYMD$FQ2%ge&4%sJa6BCF6cBd{XW=cIzD@D#_%@r>f(X8Bo#u1@Aj z!7fGl#Z|e9#+FHW8L4ir#^u>2!R}G11;&v{1|`1bPNAV(J~=L-Mp1r#IX<4I;TDAz zW$qzGUIs=L*Bw7jFuxl*et z3f&WPaxJ{m!rV>kBa9QBwX3{?Qv5tJjjAe5%0gVcaviyJb#)brlFGcRd<+7r@(VpI zqY5oD&C|>M+|3MALwr&)jm!LeQp-Z!D$@;|a>}{pG1pa2immL-u(qn<{m2<6HEGwM z_Z>3tFaKD2v)Xa-wN*wFi+WEdDsFqL(?cX~hoIE2obDCUOxzKv~jI8g* zN8{gxuRUeIY2kZ@)Fooaz9$vctyyx`ES&L7L8#W{WfhDJ(p|czzW?yp^E)GOs`Y`= hmKAdAvh*KDBr;2Wo1P%}v|Das)5)?B<7t220|0MaG@Aeb diff --git a/secrets/email/details.age b/secrets/email/details.age index 9421a3f1fa70103bc156020f2c009bdff4d1bec6..da61998cfd22ee7e81075cc1ff3fbaad6a7b3a8f 100644 GIT binary patch delta 1073 zcmdnNIg4|GPJMxQs-<^+wxgSKRg$+;k+ZX}yIE0UO1Y`0m$#*lQ&n=Xwo6z+x_)|2 zK38g3Zi-1>h`&p4T6Rilk$FI2esNW~xu0uAke^{*U~+MAsYz*&r?yL4GMBEMLUD11 zZfc5=si~o*f=NJCRDQaGx20irW^P$Zm`PcsqgiNWvYWXcki(5#DPicw2NtJe~pFu>9WsXPw z#E;_PhK0E)P9gcu*;Tno*`C@FxhY{~QO+gBM)}EsL7C>sY2Lv(MkW@Xr7q=MQTl=5 zMvjK1CdoNLo|eg`Ie`_4ffZ(XUJ=O#fgvTP7MY%oLAk}Ao>lpi;~B-nGs-gpBTCIG zs(b?7Q;bs$3q6fJBT7ngb4xSRf&+r|je?W?^c}+!ql`?rEPW!%-IB9i(z6SST+)n- zO3cD40$n0=-6}JS{39!iQzJrriw%tuOPvBIpJf!UFDy@T_bn}Q@p3fq4mS)42-dbt z^{OyTH7fH7O|mEq&N21$3H2~GEDST?iVQ3=FRRMeH!dy+N-c^E3%BqI@=MEb@i#Ha z&nz-8&59^Xbc+Z~^~^ItkAc#tDktM~1?@_|?4pvyu=D`Gyegv%kKp>;4C6?nC>KBN z3d^eUl7Mvc0&|~oCyM~*NUrdzWJgEuQ1gf?6Z4EbZ$H1lr1Y>L(;^q|)F|_$Wb?pE zGcT{wQ0@|(%IES8b}cIM_N$BxjOiVVqv7GS#D@>g<*+fRz|5)wx45GM5YB-QdL=T zfnR8*UsYvZcBXeultp4hv05iCJdxo)lS$R=pmTP`?P-2>smuqfuSW1~sVSYwPL{4(~ z#E;_P9%d=p1^UL}k&%J^fhHaymVx0_5r)AgsTEH7F3wS|PL;`K!6Bt7j#;i;!Iq^d z0iNE4rp~V6xyc4m*{(T>J|P)q#`;dKsack$xrQ!IK~d(}K9R|j;~B-n3$v3;O-u?c zLQR9J{C&$)ij7^e_5D+`$_r8|{Y%`kDk@W)OOnk)vYgVnoXR{33!GgdwN0Z8B9oo6 zgEFH6O)UyNN^?`fE2@f3(sG@B0#Z!_D;<3&pJf!U&q*uI^skIeOpPkcNK5lit}4oP zbF$0}3oS}63=J*HiEt`)iEwiaF3FAL@^Ue9^oj7#2{8(BHO#kD)wdzNKDlzW-Ki-m!&OPHC3i@s@gs= zotCt`)+5+?a+Pa=;RJWDRci6dPTdlx&lKAwI>pn_Wf diff --git a/secrets/gitlab/db_pw.age b/secrets/gitlab/db_pw.age index 1320e80..e9da875 100644 --- a/secrets/gitlab/db_pw.age +++ b/secrets/gitlab/db_pw.age @@ -1,16 +1,16 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA UXCtW/uWXP002XutZRASnipkdx5BPvAptnkcA4u6Umk -Q0ZzUutU5YdWaJcJ/NTUZyi0nhxumtBNBESPIs/tRcM --> ssh-ed25519 4PzZog Wm/5lKSYqbx3kv41FUv8a3VmYnN8CQ38O7aARc7ekXg -l1xdP0knjaPaasyPG+QXeZiO8oD6bvuIOTUuq+RB3Yk --> ssh-ed25519 5Nd93w M1O7v80UVWi5AWv47/7AfjXupd2/a5pNVyKQVGLQ6n0 -F+lJEC85kp+XTUs0lPqxLoy8OQcVKG1FgtSrzGl2VAs --> ssh-ed25519 q8eJgg GKsdNuEvRm4smkUtmXVOiktmFb5xKQblDqV5X1hEwHs -96R4vPwy5qb5dp/9l2IyaaUPXQm2FCHpY7lS128+Y0w --> ssh-ed25519 uZzB3g oLsuYklLEY4+MOoZP2e8OzDFGwTdTZAhAP6ROSln/wY -x1KQ2S+lZkc7t7PzNOD8qgG1TjGSHZk37d0zIOddDeE --> ~R-grease -qDnx0FzAYcsTuP0CY2r1fFEYNQU3dET8595+uLkU3JZdzXzlRyCtQJ8/LiZRWc7K -uYyAtas8LQ ---- +/4k+N0aOwHHX43C3KPxml4pBLWGzcXVvZB4OSpVHSg -[ARuGGtF= \)HajD>N&Lgrg5ֆIT/Syc]eҮ4xQc3XGӬӰmPhwt#E,>"⬨\Uɺ{VVWt \ No newline at end of file +-> ssh-ed25519 V1pwNA 3xVivB4xipuNNBxyslXGV3vvTpoUW+dJ4ko3BCaL6Ww +uf0vupoHHgigGx35t1Ajx9bxW9lGgQNORZAFochgQ+c +-> ssh-ed25519 4PzZog G3nnCeYZJqLWtBZgx7vqSR5ox6pmSIdcQJG8/BM0VV8 +mueQh4e8Put1oRWhwNlv/lf1cbBE3Xhf9/lCp3I2x3s +-> ssh-ed25519 5Nd93w J/qlxbg/RBUiYF1gJe6LLa+9cjvwuaHKYVk9TJZdg0I +oJr8A8V4HSydQ79U9iURqY9OIDfVAsENhd7pjfQ1FF0 +-> ssh-ed25519 q8eJgg x4i4QZFi/UNkgH4y1o5hqxdXMcuZTBhUAO1W6MyopA4 +Im9X1zdVtlIPI6z+159OGF7sYh2y9LioHJkDUv1xMUc +-> ssh-ed25519 uZzB3g D6Pz5qaqqNS2vqyUviaN0Zr2HK63Zwibd1gVevmmf1U +SpDpOVWsB77efvOl3mU3rA7OFyvBfRyTUfE09thjosA +-> U!-grease < jUlw? Xr E4V +OlBVgV7g2GXh9W9SEVPo3vC9+8Nsh7Z8J8iHCLKbMUxwMsrwKjsr0n0npFMYSPDM +UB5FVlfP5MBRzTX/qoIVtD0MRQ +--- agZCfMDCN3L7aumr3nNsCD3wiXp6ESBnLJpiysnmffw +>z7WO2*8}JNzHWb/ kDP&.AY]}cY>-vĆmԹ n=qGO.iwFGҸ?0C@&kgw5uaNnL 3nŤa^uH y痁|ՠZvFnB \ No newline at end of file diff --git a/secrets/gitlab/ldap_pw.age b/secrets/gitlab/ldap_pw.age index a1db3dda7fd1dbb82d8a80ab0f609549d5e02b4b..9d7081ec28e4f3e252d9742b2c19c8bc6886361c 100644 GIT binary patch delta 839 zcmeyvHlKZhPQ80!SY)zkm{UxUd5U&~0hg|wLUD11 zZfc5=si~o*f=NJCRDQZbPMB$>v1yvSetvS0OH!esxm#diTAIFxbC!{DrB6X(phbC! zp`S%)m40P9mr;;QQb}5x3ez12|k*iB~K(L4F z#E;_P*}0YBVd3t+CEfsEPDbf|X~sce2HxR0MNWqPruo6yC4nx1ZsqPp>AsGW;~B-nT|!O$lXD8f z)17^t@^X^Rd`#0_^;64CjiZu0OUlv{E6wx`!-C6vf*c*WwB5@>0u0PEEwUm_s`8VI zl9SC0Q^K=d480?L%u@1FQ{4UXoI)#o3m_ebTpP`>wW=Kg&p{ZeI zh)+;PN;#LVuC78>c)n4wUy*ZOx^uX5l4pH{PgR(Ud$CiQafXv|wxvOyd$CWlw|BZ_ zK&dNN@SA1r!QU)e5AELm`}BXu4~)|3&2y$7*;To2L08$dO~;e-QrtPGPkDPKN+j=O zB5#lV^3^`s=Z(eVo`_0q&RqJG;!P=Sctug)Qj- delta 804 zcmbQw{)cUXPJObmSBiyWVNjy6X{w*Mds%sqp?P7JiG{ItYC%$@qp?A0WKoJwwx?;8 zCs%1wsJ=;fWkgi5e?WeoYgI&sTdKaPc1dz>c!@_!uw`j*ntNuJbESV$K9{bYLUD11 zZfc5=si~o*f=NJCRDQZbT4-omsCR(Axw&VsxqhN$p__hXSfP7RcA1HPQhr9dwqtpu zkw>OQl2>^smq%qrMwDw>erBFWMwxqdmA_?GL2f~rwojpFey*=^Zd693k$aMRm7ja^ z#E;_P?gf61?xpF;e%glSUIhVxexcskIr@=_X^Bb6dASu96_&19;UQJIMq!>@u0G}Y zr3P-M22o+<-kyo+g<0j!#=$9JhF+GA&LJU{g`QdYVWq|qLGJ03;~B-nQ~fLrgG@s# zi(D(+i!)Q5Gu*t&yuu>`{R(nZLlaYjQi@!hO0^?h6Wy}8EOG+O6WyFsLmf+e(+fR|P)MjzdY*5kk%@UpQK4~^W1>N+Wq?6Ip*B~rNphKQ zm3c{iL3VkBxnXW*ReDB}p}t>nh`$k+uCA_vk(*JZVT5I=hoN&xesR8ewwFJHr`#}X3KU`>f-+I7AF$E>~MLe ovBmcKytl>DI~&d&&nniBU1%E-+P<0j1v@XpqG~6%c{ePq0Xl&v8UO$Q diff --git a/secrets/gitlab/pw.age b/secrets/gitlab/pw.age index 5bc243ffc28207cc77600b2ce651e637100178f0..9acc86505b5ee64f08bc2c41291562a8647e43ca 100644 GIT binary patch delta 733 zcmeBW-_ABcr#{rc+|=7LA~MUMI4?igB0Imz&^0QeA}Z1%C0RQ;)5)p}06h zH#Nn`)YQ;Y!6cw6DnDHzSKB2r#KX+RAm26J$2226+cmW!tklsvurl4uII|)n*T6K) z%r(l}#Wli$E3vXPEg&sF#Hg&m)uf^@z|%D|BegOpFFnZ9H_zE9F*DNBqs++3B&2fU z2Z`{~(Db4ZGe^HvpQs3b!=U7X%*;H$@~BGxl;W^3*EF9}BhR$#aPyMlh+?kN(nNnt z?ULjS1O15H0`mw@Q~$`I@T5TPaO0q&e4o-{|1gszH^+!XBa_MTjN;)Y9tC;9X}(pV zN#>y;8Q%I8j{c>-!NKO9nHf%Q$-eq|<`qfWDS1H|mA+i%PDQ4XzG+St`GpygPUYn( zhT6Fv#RaLAK8dD2<&Gs$srl)tUg^OWNd}Y8GK$xynU|SH6%|HUdL(e9Y13@-*qdxEngIQypF}rz|GE}xM@>Vvi6b%R^QG<73}*NE)X=EE291g zhh%ZZi#_hP-qZW0-uBDQe0|eyvGwEX&i1Wtp}|5N#+sEYf2?^WbALj>s}=dDIQ9E) z%(AJ!`tkJ4O-DFiWF6p-Zcv?VUNK4F;m+=K&(|NfW_-F@gv8*u1GPuMd(9E$YAiFHmD=pbPGRmv9Vq`<|n zm@A?n%)dCp!pO}zJ=d@-H^RiQw6e@S(LF0MtiZ`4DXJ*fDZ?$*($&{LluOr6p}06h zH#Nn`)YQ;Y!6cw6DnDJpr6MycDl^L^ye!!}$k4CI%gop_IJ3gNq`=G4xGb&2Eh8W=&%o5hw6MV4FT>cw+`!4*BRIr2AU9;< z2Z?YCqe_d4%1Fa1lhW(}KmURplfq=<%p|wUBulr%D(}#|@B(8;S3loek5I1M02lv6 z&*T#A^eAJKkg%k5N4F6Dv=HswP}7L0K$l$4V9&IQD5Lyr?a;~bjN;*zk)itfMR|V7 z5kV=1KCW5$E{57p;hurTiH6z!K?Y%_RfgdPKCb4z70Fx`ZY53yA)Y~j1p$s8Nh!WY zRT)N3k>z1#$)=_TInF_Wc?OQ9IWDQeUgeX|GK$w1csf;v>-7oGs`>J%#%x3S63k-ufjE`pxCr9 z)gs5mFEXSgtJpu^BBH1)Bp|iG*(5AiyWY_&z$?+U!lIljS0+R~w`01e>f#;W9u)mQ z@zzh2o8gu1lWV03XOFDf@8r5&LHz4%@tZtlzv@4_UsL|k^(tcHS ssh-ed25519 V1pwNA EHlg17AzeBr3+X9U/43BhY8CeLKO1iV9hDfkJYjZ1AU -ZL7y/JAP3uDqQebxvCSagTfkHeA2Nt48gDl4mpxD9RM --> ssh-ed25519 4PzZog Qn4RRo6tvMzGtNJm+14kJlI45LZm9ELinKYbzqQo8wM -cpPFG1H6FnKm31du6HzOiNUTYGS1jhSce+DlcGJvPSw --> ssh-ed25519 5Nd93w bkSMYuu8lGE/5wkLYYC3tUNmjz40YQs4lBK+XTH1ljs -wmDJ9YywboBGKhEJLI39lV7rthL5PrtKt2oYoZec30g --> ssh-ed25519 q8eJgg nv5HLBPzmKzQ7S1heWZ/MKL+2ld7h5xX0ib6zwI74mw -CPrtsZvE5Lc9D2UQ1Um1MWf8kDH2dFUHB8t3TE7QpDs --> ssh-ed25519 yvS9bw xStD/2bXqHHyYkrlmslW3/F/YRFA1ZvFAUJLOkOidBU -4T6zJR4NoN5F6DWKWLCFw27iOCZAi2xXNzaTs4EVYFg --> `+rr(-grease 5%=!{ 56y@" -t3EQrEvbW0U9X81vIfmSDgavBImzJX966w ---- zufFrtdon0GkwCQKSR/8EOgcHVj54PE9ZwouYnLq1gE -8+eFJPz^|8WYߠ'ITP5.]: -xSRg}!d]$Ԯf l#O=P 1gBT4#9 \ No newline at end of file +-> ssh-ed25519 V1pwNA oqRPeFJJk0DjIFaRpQr8bi8CxXL7U+YJBi3nFQd3KXg +Fp4XHTJ03MedOdxWAUFJrpKyi43wjBncwI2CbQeoK30 +-> ssh-ed25519 4PzZog mxa3ro0hDH8i+rjM+pA18pO0TBgS1LutsHyKofrhzFw +Qf/WHL+Azf8cEP0eMO0/u2qBe9e7k6ZSMX7Rrb6EvyQ +-> ssh-ed25519 5Nd93w h19z0I935uv5ilOFo12/W7FXf68bv/VqvzV3DefTSnY +1LYZVgojvwP1uhyMukJslWb1KGZgkNmA9wum3mEhqwg +-> ssh-ed25519 q8eJgg ZV8/Lykez7O6kIOIFkB1O5vVearQPLtfdUGdmGP07CA +4xXHV/jHE+Qy3o7gadXeRtD2c8oj5i7AbknhDw4U/C0 +-> ssh-ed25519 yvS9bw OslG9MLs8PGBsSH44mYmdI8+AKdE0FWIsd8TKCGF3Tc +z4Gjp4tRzKyA2mP4vXEws6aGzhHz14/+qV6yPTPLP0M +-> &-grease h<( +jubJmEEW9zZW148P1SXFcn8GXCF746vCe4SqaZYykoB6uCLyCA +--- 67gsQxaQDev5B12g8OC3aQmPC2zQ5i3bKLZ1mLldNS0 +$j jY",G<)UO@Lt7%D2khe}Zs JcR٧6tϜ=mh-K{y4G d6+ \ No newline at end of file diff --git a/secrets/gitlab/runners/runner02.age b/secrets/gitlab/runners/runner02.age index 843cdfd7848786c32508d4a07789d897f657fa2b..5037d596a88fb619c721ce76842555b4240b4793 100644 GIT binary patch delta 694 zcmdnZ*3ULUr@kyA&)8qz&D^D|)W;yz$;GrlJIU23r_|XwFta=>veYCf(YMq*$Hy-; zn=3sj$F z;z#jt1Jk_R+|@KWZ==dUPdDGB+~N%PY-fGb>f(g^@YV1^SMr zzU7vgX<_-kWkm+QNuGw~#wHOyfi7Wb&W5JJ!S3Eh23f9L`6fxJVfo&sPL+8 z=7D(zIoh6v0iJ=Gsgch50fl8*QJGOW#RiU(&oYYFmsYrVxFqEmxOlku`sStk`TLl; zd!}VL<|pPA8EN|%ctrY!mPdrAIU1&O6%-{`rn}~O7Fy=GWqKtBS_GSv=LEThIz{D~ z`-kgWW*3`zIZC^fM-mCL|4*Rj&otTHp#$iU3W+}Fgw zE3Dq!!{0B|pfr(7S65ddJUFy8+1$+}*u2sxJ*%k1r@SaA-`P7iOFt~guedzW%-A5q zFf%_eGCQAZ!P}^Qix-E59*8RSh6@#xGaDZkOEA!QFQ9y{{q(zwCERP+>J;=ZI_OR8 zkm;!^HgtI`efh76e#h|%&2B#*O=i%~^IY_*UpI2T#9jvb>@AQYv@}$UI6#x}&?Y{s3 delta 738 zcmeBY+s!sXr#>^N#9ccyCr#hkH#x$m%EBYt!!XM&!Y9j2+u5QZugE>QB-F(vJgF+s zf-A8+G$1Td+sQv7$gkAQqSDMg)T}tr)H}e^*}}6tDk#XMBG@d@FsRC_oJ-eEp}06h zH#Nn`)YQ;Y!6cw6DnDJp+|xfeDls=H!^b()BHz49-z_*iJ*&VY&$KAt(Y?|v->cFn z)i^RewIIWQE1*0qGPK+=)hpA*(T0L9LKQaU=vrL{D|N%Bj>b4m@r>f(hDpYW70GFV zrXFeD#UbehDZz#=p1E#r;rYfnzPaJSftAK?`Ud*RCWek&o*orh9>rmPDLx?{dBxso z87_rRA)zLg`dN{Yl_80y`N1i2thUObP1}A%) z_~ci)xD}M-6td znyWs{Feg7ey~Mo4z$eTy)F3C@GCRf1$2rS1MBh2lTi-jy&(t^4)I2>g&B!f3EUcm; zwb+PDS65e|D%UjFBO)xNo-u#ax4gLI00t1t|LM+nDvPyG29g~xcQzH%h zETZ&1i%Wgdyn_9Ga$F13ETVj!Ttm~tQ}T-^pJf!U&rD8BH!92x@hJ5!4a_OY4{`JL zwD8D_FxO7^O>}fMif}E6Nb~WJtZ+}}Dh(?(a&$EFDK-gBwJ=XN4z&m?@Xj#Lj`Y$m zDi1RZ%rzNm#Q){43Az z+2QN%y}z{J_pF4F_t{&MB&tuSJ=gdeeKg(5Ci1wC>E1&h{%$zc^LmvFd&tdgk01K9 z^D%BZ>!Wc%#beG{oAAgxi&hJrwYuYZ>evor)AMpmHG&-`f3KN)<5QnbuXM=t|H+); OuF}WaLPHlaW&r?awi|>1 delta 743 zcmaFFc7SbyPJM;HcX3#%aZYZff22WhL0P0vnPY*EpHGToMqqJRptDh=Sx}0pWt3ZZ zK3AS`afXwxZ(@c=pm&~MYH5~%erb+Dvag|WK~=Jud$zYlaHffSm1B~l374*&LUD11 zZfc5=si~o*f=NJCRDQaGzH_ogL~?0SRz{YgS*cN_xm$UdzPEvYa8_wpL{(;`Nnxl# zre&IWu(q)yS5;z|lYWX*YLQW}le1}YT5(W>c2Q<=v1_D9RlZrVnQ5x2S5ifgTUcu7 z#E;_PhMwkG2BxNEA!TJnCgC2=nTCd$Dft1xuIXM?RiT9`CPCRAhM7gFxnap%1{ryN z<{24L{zaz#IicP`zS*hCj)^`N5pG6_W~t_(A(ci^?v_z0d4UF#;~B-nOZ_u~OS}sz z-5uS_LIeGys(cH|QUaY#y&aRy^h=BrLyMiu3=C2-9X-mq%+sCIOw0;GvfL}2JaQ8= z^^5Y0%99O!izCy@!>f{`oXTB-%#D+ZiVH0!pJf!UPj(9R&oC?T4Jax!%T092EUBtW z_wvZ73^z?IvoymUJzH9iA%U!MXpI`p^2qQR-k`s zWN5v6dUj?`skuvFQ975duC9WwmuqokS*e+iU!-rCdu4KPWI%{VMxmu|MpU|MkV&ay zfpd{(Nky1tmMd3|LfD?>*GmdtFtIf3vdEa_xmHnF#U#O9mDl(5bGEwoZyzjOc4gA# zm(Dq#-Ya_?|94>_Q_63??_P=jn7;P?H+r*p4R>5EyYqt656iE=^wgaEh099r@tSFo zg6f8~!L|#|?$bXOCX^!@eVqNMW1d2p6@Vy=O^L8`NBMwEejX;HX-R;j+1Czr0BLUD11 zZfc5=si~o*f=NJCRDQZbd78J0f1z7yX<(wMxr=dNxtnEaK)82cSf+`7sYS9!Mx;ks zagd{DgmI`i5Z3N`XQmFo)%`7A%#gv0jU|@o+$<;KKa>`;~B-nODr5ig3O}K z%qohFebRFLL$X{ejZEB1Qlb*m%0ex@yrT5OlKlhpgF`*JvMo}aJWCTzOhTL^gZzS1 z!%KbLyo>V8^SmO>Tv9@+N-Q%gvdk^KE3+aepJf!UPY=${E(mmY_Da<*b4v;;3^UX& z&v1(hjz}!e4-Kg__e;(w2`%<7ObZX>sz}y1FU~b7G0smm%&=&dJX%aZ1dn z^fXRO^C~vhw#Y9jC^60l#ehLXik)?cZhBE_VsWZMpsQg(wvK{+TAo5cWj0r^c0^uP zR!DtmUb1V2fqPD#c5HyH9|5hOt{o zvSpx=bA)>smvf4#mt|Obo}Y7mW}$w0Wk|A5rDbZOXOvlzSwNVJp>~B+K&YEvrf;B= zf3jz>iMOSXZ*pl`qN`(MM6QQ^7+02Kicvk6uCA^^W<;W&lci&&OGKo5PEn~-h)02! zc~M$aQCLd3fnj!}i>H@UZb?C8rF$UPZ-(@Jmv*ho+FPFGyQ5>9?#d&@Y{9DKi+tZ6 zcY7E3{oyP%0fv1F>jd^FNp0S{KEq-~)YZGKE7rEi{ylqbjqq~wh&gxfJ?_#pNtrLe=}jln@^6$fm2G`5>wU`$hNgO zwl;b5AKkii&E9(nA0PbI)^*7gDJcJ|yHh7TYU^sXQ-$xRiT~K=%Uki`V7maf^~KA( zHmK!k9@UTCRJGruVU5rfiSoM(Wwx>_#)wTgU3H>DF{NHvFsJo&_0rcS^E$f@>}kK7 z^=I;4>(@T~nni~%6>^^lm~6`*)meP)R@fgG7cGx)&1CJi^s4E;w*{}CC{2HInJrlI z_*!kVMNCS%>kF+#l!X3I)w+7TWs1t`U-tWTg(4pEoqo%Fcyn8>(vEOH@6zrb=~?>6 zr|sHWEX|tpUVc?deF4MCYn%di_ZIB>_e1!M(xTqaywEq#rfmqFAdLA5_0}ZPq|s$f7GvZ_VWA7Wx6#@E^hcJDjd!f;o&D>t$dE> z*HaeBi3tk&7Iq=L;ZAe9lwMqMtG~DNoTSJ(-6ggMwokp3yDh#%%^|8jFumP&qas6C zzEqn4|HpS1yG+=c4lF6*ZhyPM;_AxB6{p^{8}{!A@MD~{R7vsH#Hl$uckoKLzdTv^ zY0W2zp0#r?KAFR^@9^uuLx0+qO>(}Jb?yJOvICDzdAn^QtF_h@MshRF&#l^Uw)DD> zP2Z7Z(8ld!bKBS6b2WHwc3b@aFJ$;9 zyfvWI`pKgHJ5B1B^>!)x@9Hz0&6^`x&{27ff#ngq%bkX`}$SHnzcSG zxOV0u+h_B#EA_ALl)P%NtUg|Nevu$+ck+?m9me%PU+&@lRC2_?u!Jiq`|oqlFH28} zOup2lS$03I!I@o}cL{6C+LYDJ23co0uc%HlYp4~^d0(LS^K8b8oyJ0DU3cT>JmX0| z`$*Jdah~mxm0An6;(m9wFeLu}yH4%N>@6=Ys|x5;{5;_KtiH;{vBgj14e$M9hxVPG zYVgf(s~HQgM}6nkw1XiFt|`207J20>7y7v^-1`-GW4T4$6+73k=(~H*onEe$xMTNJ zw_Ep4FKA0TtRBJC;=Z+h<2xzUpPSxRPCC?c)}T&Jes9o$lMnCKXltnu&*)Vin)1DRA#1vRJ?$BlR{$-LfPjC4%&;376%n8<0-Y3-Y zc%g)q$`6Crdsi%wdD{N-xDZc$eWJ|H6K;zVXnO7zL+o3n4{%rM+jeKGpdn!EkdAxv>B=Xks(NUh&t zzpdigj@>UVb2^uFv;`@}e0us&?BZ3A$86G1>%XS&>a{k%qq}~eP3!OaojJitpC;C) zI3&pZtm>4XQ?R1>*qgi~3O0s^3qr*WGICFZua9jp(k*+sv3r8U?AKo#J(SE^f1C8q z5{f-*@=L4xmJ5r8z^;ID`#X&Dm`$g%IOp2O-F|*t<1>5tj=Kv)wb{R&%t=vQVPz@O zsJ3E8r1Cn)mnKiWuc;~qyy(x`a8Wv_pLx}T`rW1yirc3~J@yPb@KAVK#*fFh&D{)6 zxeM-W?lNgV#5!eb+W}$TB~M=OxoGTt|ElO8H95_O#fyH=4|15bUAerSHKun(tAy&j zbsx9h5$BMU5jr+Mety`T);F^4{HJCz*9a`ya-40>r{95F;!9?|{MGjL#(m$ixeb4R zS_iXDba%7PF^qa({kQjh^2YNMrV02&X7N9}9Z;j1)8J5Qq|xPO%ynZfm+f<&=o>Ge zoZFI WebE(n@{?3{pW149{V)IL9g6@nk~g>j delta 2347 zcmX>o{9R~*PQ8hJcW8K?wr{R)RIsm$ zBUh!Tp`pJ)u3<@NesV#1Swx{xWJOwvvsXw&ihH3?dAgT#Nu@zENeWYgl$< zQl+<{d5Bvim$SD=x~E@InRiA>zE6}_RED2drKf+CpL2?NuxU`9Wnfiuj=zU{Rd9vt z#E;_PiRKobkC;~B-ny$eDjOtTZq zJxdBBvocCd3UY%oqkQs`Jn~GPmEnUjFs?38^gI#lzOPxbJojkoN zwL_dOy^M^t{X$EVJu{5+vJ8BS{R~P=%RNFTpJf!UFET8!a19AFadb1P2y-@#Dk(Bg zcJy;AF>+3gGzoG|Hg_~BHwnruH8rr{GRO~bt4h~S5Acr&@yl~DH%v?M&ok5xs0i>6 z@+>ViNel2S%}OaRipq2Z#elW5ZhBE_VsWa1g=>DKqN{>ooxXxrs*ZwgP$-vaL87~h zwsCzlB-8arDthck$Yx{W08S-rMthWW2JU_Ns?h?Wr2lvX1KPascU9nQk7@E zxm%e&m#(g^LS=D&igs0Ym{+i&yR&hcPmzgnNJU0KQJ%M-zL!~frcZ^NrJqM=wr@%? z7o!GStNc_Wy}H(Q0<+>?H=mB%;*?vruhp%7X4u2_3wwV}IQH+U?_mMPD4VI}vp&a4 zZQEY5LBjRC5!?H#^;zeI`DgvO8GN}>=21}GdOqLzwnxv$Jn-5Z`b+74BV)LmfA=Hf zdF78DKRF$AHuTMrf9Vg|ckwWI{`!4@?W=^%lPjJL0g2&DU$6h$-gftZMXJ;810knk zUca1?w`NlP#g_d2mAlQ~8yD`sajCju?cTNr^B35~CEVTRxt^uw?U};#w2L?H+Rovz zE%q^CcsZ@J+cCMSXb(fkO8x2KNxiCX8k7%Le13RLSZv;c36t|uug()&R}ePi1iGTgYXHK)# z!UQrhEar)5HYV#K6iM=-x^=eWOn1g z+p3FhO`JNp)<8sd2cPBU`cLc87KO(at_b>GUlNpcHdE9hWJ=1XhK!^qYb4ecZ=HGV>!p)>)IpCxte%+kX>e@f4IC~0?1zvvKHaQ3XXPx?dd4L9YMT|d`bo%XK&iu&iy z&yIUC&4dMiAC|k<ARA-U5da`*l7xVCY{_fxvcEn5wqykyfdeiHiq zPkpX!?#}kAl-L8!G;)*q6_|ZP#A+Sf)t*+LK08 zW*Bp4%=zo|T=YU)*w%$twq{S6(c!b{gG{~jiqDK2j(W>JVb<^pG+(x>=aS#dgMWEq zrG6QgCT;zYV|=_%jpj@& z7JQp)yx1hb{O4IewuNs)e&2QFUN`sHx`g?!{LWt7lpA`o!&CXn+@D2aNiz%7ZCA3b zbZv^>-d!)t`Bbr*=sd%8v{b3OJX1_29p6r|o|;%5FZmMd{ZLr>%!9?$+P+YX8NR9pQ4X-Qe$f z-v{TT8^7Pq<72w}z1jP(XshNKVb$oL_C`^@2mV^bF1)e#;Cip?nzQC4oo?945$k@} zF77$ci;bQ?=XjodA&cn=qu)%cbIIjTg~cnkRk3~qYCp(qq8ry=V!n1 z_*iMW;@?$UKIWE#FFr7u*1N=A{-L~M+CA;BoH-AxY*|luUL}2{?D86_Q(~bC0UP_`vy8n>i8bEzHy=C zd@|EBQDsT#k9Qx;{O>2Fm-S`Ggrjq=g==@b58Zpc(EgXIL#(k`tIeZyhChak^_+(% z#O`z2WLGU;Xi=K>)ng@7*sPMvyK>m;i(SuDoN+cwVoz4HY4&0HSTso}VP8VzzW#&x zm(Oxuxp=dl?JSGyB*8PB=l2`0cxV;SvAHjQhRoxi{X6_$pRFyhN(#Ac(x&{wSLd0{ zCi~_^f-3^A)roI;*;3VMq|%q8_~2ZDA#c5NU%uDF%hM%uZYbS3mi*y>$Q*59<)`WF zhnhY&IPDER8}LiEN}w-ucSFg>xaeQ*QzK7p`FeM2)x?U01}@&q-#iJu?_|C0=89{% zDLe)}Jxe#3UKX0f5HE6rdC|pZxebdG=Vlr%_z~^ootn5;!1>;rH3yeQI+Xo?@=x@F z`JuBjWa?8lY&<$u?$nRBg06=TY|bzWzq#;p;%}e+$lmTH+jdz`Y`)2{=xkx{ecemx zEGt8LF3dXoU-83&>6>RaJn3%Jxz*3|NhkkEi27G9H>8Z{JQDXJC`rCuX-vK z(QxSh_i64KPu6p95MA?7UoK<0e4adqgzXcNZI6C17?`Sj3_GAw_4xn`*UdHh4qBl* zI*;$3xNvI5r;Gp3bJSa{(6LVDSQp!x>Ga+3c=)E~C+8+N#;)@5``|R|P8heX-F-=a ze~Hu5hd(^b@zz)Te%nC!j#B0HnNo+89Ghnbe2L-RGb?D)lPKO>pNjs-%Y2B-Wft+* GQv?7D=sG|E diff --git a/secrets/gitlab/secrets_otp.age b/secrets/gitlab/secrets_otp.age index 6d6dc6d7bebcf4d38c0fd7dec51b604d4d5f3ff2..c2671aebda54bf1b2343f304b67cb0ceaa5490ce 100644 GIT binary patch delta 808 zcmZ3?-oQRVr{1!{#mmdWu+%(E-z*|CDKag>Gq1or%+=G=Am7*1#WUPH%QMh5!_zD< zkjpVBGp$75Eiu(3z#u3%z``=B$W%YABqBf1$T-a`)GWBP(B0k4z&~6+n@iVDp}06h zH#Nn`)YQ;Y!6cw6DnDHzGtea5H8;nk(lXP@$;Zqr&rLfZEF(NLytu5uH8RPqBqTFC z($}rfJfkw1E66;^z$Gi#E2lU)%``E^Dc{>E(x8%f#!r;<^sFdu<@r>f(=HZ22WyStp zL7~Ye#YQ>B7TQK$QEA!XLEe?#Zpj9T$@vl99>zXtDMqebQISCbsRjO}nZ_ZNxh@4+ zIW9rDrQXRFC20|v<^fR^ex=3f6@KZ-`F??u&oYYFXBnGD`DI2FgeM#6ySf@^yZQTO zMMj2JRvH=^S2<Nm4{cF7^G);R{AGa6_mSGxCV!&XF5721xFN` z8yFY*8|4RBT15GoIUALOVxU?#y(l%YI8`A~AwM+QUm?XW+EUvyT#GBmJeO#I+M{%`SD zug*8#CqAXQRN;@3b-zin#1+2h#+bhE@D4GvW%p}@=(+8-0Y~J@?bZkWCN2B!)&(*mkJM`!bf(`kC4VWyan) z7Cw%iK0(F)2Cm`RK^FQ^rs+w!W)b-oktQylJ_Tt3PFcxZh9w?m5vHN$DPeA|8M)q- zh9)jvPQiZZDZb`DZcgq_;mPUg#U_qX0iGt4&oYYFo13TjMS|?pMy(l%YI8`Bt%gHb-yf8P}uq?%`sI)TN-zTHo zIlbN_Dx)&nKRL^=D$&=wBFM$hD={~@G&nG{K;JvED8n)*!aUM4-QO?J(v8c-HN-Tv zFeK3+usBM;$fKYzFDl)r($6V7%hWJ3C(FCi%hS*x(Ih=8-N!vVJulM7)W|i(G%X}Q ztgt8}Fd~`DBArWDS63m*)ZDz#GT9^9*{eRv)!$j$&!f=7#lSVWz^gbnA}BJi)XCGu z-LNt@Mcb1rsL;^Ka$SPf{fb{{KV!rj>{#mizfNBxDKTm0NoBr#8T~b^ixUfDUSyv$ z@``gv6FZ)oDt7rE*V4Bt)>Cyp=S+TZRcy++oI|Po9$cOs#VP+A_V_$v&# zc|}29ewBMZmy4l`qkdj-X-Z&Jpr2_$YEo5bRe4ysNqIq(yP;8zW43vqMO0c)hDAm3 z#E;_PrQW&aMecc)6@kJ2kzx8NSvlT*;lT#3p}9GhWuX@N1u0%Wft3MX<+%wUWFBw<}OYpzGcpCMycVxK1mt=+9vv$iLQ~}W|>vl$)TQ;;~B-nQ=LN7T|!J# z3XGg`J&OX9y-b`OwM~;;%$*bUeLQ{jlS9%&{DR9vbB!Fiiae_V^D0WrBRngrf?SiF z@=SxBs?1!uZ6yhcAP z|1LHCJ0<9Y+^#K`<^DWS_xfJ7vuW%6R)3c+DF!p$XET>hoyfa&>L=;=GfCHdefask z%6|EaPTll}yXCCFAK6lAkG*=i&5|2;2k^x;6+QDRbEpmdJMUt8`-6-98`9e+?wlQZ zSWM?!{Hz Kgm>NCus8t4R11m# delta 804 zcmZ3(_J?hPPQ7=SQL%ZHS7>0NVMaifSCY4(Pj*R?lSgq?QiY?JXNp;Pc$#@YV4i`o zE0>pXXr;fSxnV}RX>hKSzkZrol(So!mzSq$NqDko?Et|lea~nVL_%@n462Ghk;W@VS1@YrBAX)RFF%) zk-K+QRi%q7myvmzYnZ7?l#@%OMRH(SP(f6_Yd~hHuakC!v43z-a86!vo}ZhyqlHiC z#E;_P=E*sJE~(DGo;ik&*%_GyrAeVV7Ae_P7U98(DOssT9>I}8CPihb7U?Ejt`R97 z5k?WI;g)HJS?-nD7HP%B`jwgf$*FFM+2!6&UR7q=$sQ>luErLV;~B-nvx+RTgUXCU zyd5o#{fmRVoQe$c4KuXELw$qNGYhk{{e8^~wY_u73d+;DGJUhNa{SZujhs_Wa!n1( z6D`Y1Bg!lN3Ov$`0!@swD|7P;%N=tKQ;Y&9pJf!U_bRi@_sB9#bgW1Z4tKH$H!Mhu z@(lJdFpThx%E>eC<*uEGB7Oi%#ErtF?GwUN{>jd)ONLWE%0$HFEb0a z$P2G@FN-YFcXV-cHnVUA#el1BdQoa(ajJqjSC(6%exRj(QG|<|Syn})MN+!CMR{(X zwts!9ey~eCsae-@4L0UnfnT2+UrAx4vep*m~c2b5{aHNa3X$qHdR%MF6x2su7 zsCG)Jr%R5XpNCOJm0w0hW`t#+YicQ%uCA_vb8&WRL3xQsq^GY@VWfU`ps|x@Www`J zcDSp%xtDikS$?Q-xQRtddZGc> ssh-ed25519 V1pwNA vBLzhFXIVLjx/E87Vv4rt7pT3xfHSFFoMLeXqQY36AQ -q061dSatWhvkmzYzoxxaMMNIADg2NcCRx3TvN26Vez8 --> ssh-ed25519 4PzZog T/XpNEvofWxgxrC+AOXQwmbebg9TkgMFo3hX2il7iCA -ThauQgVUuNQgTnwv6PnU3AsAjvDK94yTSF7uP7ATMjg --> ssh-ed25519 5Nd93w 2vLzrHNhbQWXCuMN7ryo8FnxKEl9sAG3xay+XYSX4SA -xf0/H6WYyx5CsGVP9H7jn7obFsIsI/6oS2bK6TNpY4M --> ssh-ed25519 q8eJgg IpkdkUjb9Re3AXCjMUZjy66o//SF7ccvRUG9KDOqDnE -GiS/ZBi+6LL1nNmSYF7g6jN6LQsbY4cUZolbrfGwxoU --> ssh-ed25519 IzAMqA Yk56RDAO5cSCz20SZEdlj5ZkDgism94rvHHOwQIyxnU -vy0wm5ltrgiq7dPTvtbfT5KvCzuq4Wqy/JhMMaF54TE --> ssh-ed25519 uZzB3g iM8/1r4t6WwhjVY+UC+Gv5MlqIaVuNy/k6HIba9Goic -kdIYCVAZi91WNX8wVv7P829itGeo3u8u9mVLp8PT3Cs --> ssh-ed25519 Hb0ipQ QM19G97+g9s92c1XHOWsuo7/ocVpp8SGk5pqjhF7Hmg -3OJB0vtimF/46tdXQIjPeBg3rpiuIbgPldk+dadm3Vk --> ssh-ed25519 IzAMqA iuluQkLa6gZXnK+ABjXFeP4/T3iAIDA56x4opXpKXDE -tRn6rsyspJV3PqQMgyawKBE150otAOO8w+ahM+HVaxs --> ssh-ed25519 IzAMqA evjiB4r6bHRKKTL5otFxulCMJ5IE1hoxGEalE2IBFWQ -Hhb2IIfax0rPKwrm0TcY1/GDCPne8NDujmygxHSu6g8 --> <=b-grease T"l EkF@3| g8 -RsgO4JwboDQlCD9CFUO096OtGlkBBEK93VdAfbAjmkeDzN2folUWjK87i3YexzeT -o9I ---- eyjVGczhvmjvkEvfjZy2RUH64a8lgw8saF567SPmnSw -"Hv( ?UѨ*&S*]о-o`< ->GfZf FKԶdFGe€*Ì,.L6s|.C{o^4w Hy"PZ'iAu&S< 4Y!e*ގÇ{5:})sڧaS0>.[I[,|~'Xy*s^D4yyK`BV!f⑲Ur AHKdBš \ No newline at end of file +-> ssh-ed25519 V1pwNA zMkh60zn/8ObLhvB8Q9/oaWBZXNzAwlU168GYcDY2ls +s0DPfyxCDaF5xcrVyronY4Q1UFuREAOYbLgh/WfQQtQ +-> ssh-ed25519 4PzZog /uCmpBSGpoTFizG2tdwLECh15H224qbprEeKezwrpgE +Z/6zknr6Rs8nIR6ThVLOfiUbSZW/5RBIhhroVH0WoCQ +-> ssh-ed25519 5Nd93w OW/04Qof1pyyzAItOCqdxZuoXKR6pJ7mA+GcwdJ2HGU +qQYtC4kmdsEY1JBnvYOEiHs6B90/vonIp5PXUyYuGpI +-> ssh-ed25519 q8eJgg uRy3C4oQzwfx1tLXJ0ockqYr02r3iU1aeO4QwA7Gpw0 +4yrdYFsLhvemSFeaF4dGWHFiSpZNOcv4JN22jBwzZx0 +-> ssh-ed25519 IzAMqA ymg0G4uO6nn0oVEG1QUbYiyETH4H8Noy1hfQJM3cwlE +eGmPkdVT5BFUOQ5qTxqw5AMUWeEoZMvDR32mGUwVaLU +-> ssh-ed25519 uZzB3g VKzSYHVMKmca2tp764NlCG3PwO6iqnu3foNkCEDe6Eg +Pbu+/EJGagbGn87yZo+wuXb3Bg4XuViRVHaxVkdl7uY +-> ssh-ed25519 Hb0ipQ L931VdnJ/ICVN4GZKQcw8J/dtg0N+mnjVIc94AmEPBc +R3jysqgnbUkRGbhgKkFRY1YljC66tIv4RG3jeS+nC4M +-> ssh-ed25519 IzAMqA Dje+6YLUNwxt0GlkA6bxqZpmDI9R0X4SqMDZ71OMdVc +pokqJIbeRTP/kQ9H1Wopbz03k3TPSSfYmr8yO8roT5c +-> ssh-ed25519 IzAMqA GIesGXjActWMv/mR5kaBQOf2U77ZRjTxpIVHWw/7UQU +jC5f8u+mRY7AS+yG/kv7J/nPcsrp3lZ7ZFWeUVf3+6A +-> p{-grease v;*pҪU T.zf28dCf r'6GbEz^ +as)+_0jÕ]XG-UV0{L U~+%"Z΍&ǔjsN*@ \ No newline at end of file diff --git a/secrets/ldap/pw.age b/secrets/ldap/pw.age index 60fc130468a07c7c7d02f951740ee706378aa7d5..35114e439a62f64ae530a7dc9cb5c4a7c58ca8b1 100644 GIT binary patch delta 991 zcmdnTv5jMbPJN+whNYi@msw_Ej=#2}k+Vx_P=!ULWr{&skbjt8gjs=KazIjsbEscv zAeU2WvVXcqZoX+oPJnxalV@ePQ&Dk5Ri$x~k-4dJc!XhTq@lmNX_=o_D3`9CLUD11 zZfc5=si~o*f=NJCRDQaGuTzkJZen3TRf?Iuzf-P@k6V>jPI*?bOF>?#zP^z`RC#Wt zvs03rNnnHlSFlrfxTl4accpuzzguE)j(Lv0zmbc+e`a=NVNPUTVuYu+L7qvtv8AQO z#E;_P9^Qoo6($D0Mu9<*2EGR69^tNzC5|N}QR(>w-X+;p=A~J=LHUVhW{#d*`Q;{_ zW+fJ(S>8!W{*@snruq54;f3bzE@9r0#?F<785toiIi-PK#!l&z;~B-nD_jfwy-Unf z^@|L{l0rkWL)>#S!Ynf)L(BXv(*n%>tNb#9^~(*@(?d+S%F2o}BePOn(p)pk{9TNU z9IGl)ob=62{7QX8eVi>TvO{y7DqXY6g8Z^4pJf!Ucd95$OH7Q)D0fMB^-DD=Oic38 zH%=~a$t*XDD60taE-Ws0&x*``uME+4F)|5r zPVvz9^2+ooF|RZ)NcO>qfzqfdC*yPl6AKd~XJeBJHv@fF7w^#IzEq z43B`S9Dg%|z)H77kBIbSF2lTtz>s8@iU>C!%doWKoFq5X(A1FRoa`dA@=)KvvMi7C zz=}+#ye#8L^a%GzGRQ0lRLHUP3@r4@i%9WIPjXE5t|+d`F*7eNiHy=tHA{2TuBr^F zFE91*GV}}%a^(uvFRsXoEX{PvElqOCE^sjms?x43t~7J=2?%s{_VRZ%PVp}*@^MVf z$p={%ub%FapqpNlnpm8w;9uphU~itI?GTWpP+3@~5tPN{mlEta#k=2)Jb>*OC0YEwA9=uG_Qjoq!p$rW#K|&+KDf-x^ZC zY^t1W`;hPPvLly6rT4L_uQ|`gw{-6AnrTcYSFhc6OXzIovLioE`aap_f8>U_=9Rr+ zZu?{MzdRITm>J37rN3)!q3&;+8vnOHq+UPXJjG{a_w2nQQePUMr!9Rc|GU?a>Bkg} s7HRL|O^0V^>n0rHojOZwQvc6~<=yXPpM72M_|cLptF|WuJ+nLy07^M!H~;_u delta 999 zcmdnSv5#YdPJMP@L4H!2YoM#Kheb)gm$r{{g;{x0riXb+RAgwFVOeozc8EcwacPia zK9^Zya;SNFRY8t%poyVto>`=}TS;QEZ?>yJMrFEwu189dMM|=fK}uz+374*&LUD11 zZfc5=si~o*f=NJCRDQZbq>E)yV5Xa|U%Gi{g=cnYnOm^GVMuCLpmDK#YC%Q0xj{f- znp=RcPnEj`mwQEJp-)t?pKDZExS3&QrdMHRzO!YZtC35ZQA%KVl9Od-RkC-Kez~{n z#E;_P>5j#P=7!o8Ss6ijZuyzUZXvn)jzwvSjy~R@9vMkh>5hgWd66!`#;(O&!TK(h z`Cb{3!2wBb=ElC|1ukYmg_co)mfnu#riOkc&P4@9W?lu(Rf)xu;~B-nE%FRXy*<3W ziYrqpB2tpfBa%GQO)^U&Gs|<_Jq^R1J<_Tw^?md6EF+4!OhUBFbF+=~3o=p*(<(wE zL#jN2G8~J2y!;J(JhPlL68(xQvs}WHJhTHRpJf!UuQJZaHHj(+Ds(F=t|$mGO1AVU zGssQ~&38&J4+#i~%yv)n(XPmH%d7O{^6)V<3n}+CaMd>`sC27L4GA=lN=bEej&LeB zOf2%%_Y5#|3U^I5D2WI~kAc#tDktM~g7zFztw3%Ot0;{J`v#OxNBW%L9zvb1O3wJu}ix%#&S111*bk{liO*jZ!j0D+5y! z>yy3xqO^VWLoK+>tBiy5j6$>gT#_?Aw7s*FOSH?AEGo=0T+$4T{9H@5y_0hMB8)N} zwS7U>S*SRdM(XRP7o{c^rz+%ynJW~jTgR0eRe30cCYIak2L*8%WV$3rloaLXgajF< zIaX@t`K1>)hXmxfL}-Vl>1+E2l>64Zd%IhhXnQ!NdYgK3>FVk#|Eltlon6S0e&biB+y?WZ|J?5%& z)_MPoj-A3({Leiu{dS6@x&5P-)h}5!R>%JGSbAdJqvC*Tl{Uf0TEeEbUE9QKV;3jB zYx91et@1bLaLteT$k^`maQhvrIfqTwe@p$-F(G4BUcqdKZww)FnGYAAxPJHr&rC<_ yQd5l^95c-HY#r5{8b0lmnX0eYz9TBNj(b7d)snRzzT|Jd%pUc1&3&=W8d3l;kzZ~A diff --git a/secrets/nextcloud/pw.age b/secrets/nextcloud/pw.age index 37f26c5693592068af42f9dfacfe1b484752a8cf..7f4cd79531bde109170244260ac02b7fc8254669 100644 GIT binary patch delta 663 zcmZo*`@lLur#{KYts=e3)kQnsInqC^(5ce5(lR_Jry$a^A|qeFFd*2mDmyGV(#<`{ zgsUPY$HgbJB&{qf$1=sus36q9iIUJulJ8%_7*#H>5l%(a7B;pG((Hp}06h zH#Nn`)YQ;Y!6cw6DnDJJATQCV$kDGjD=6JO$S23g&@G^%z~3{;sl-U%%{Rm>rzFiV zBelXf(jzyLD=9PAvDmaA$uQ9)CowTO-_14HBr!Q7DBa5-sI;oYv^3KvJliNN(!(ix z;z#lDjFO!ETtoBJ;1Wl}A`8Rv?DPPOiUQ{#uaw-tuu|jj&?29_%Az9k@{D4xaue<3 zfO0dpz$gn7zi`7$zoO6p{XDO#(kf@;O2-nff(2FWI=j(&c* zr7l&jVg3<0g#~W<=}CEo7G6n#`4Rbn+TlT_`5C^Zsd*M$0VN?}<<5TjIhC#!CW&Ph z-fo5w&UuDjp2=ASnS~{VmQlW$zOGIYIT^l_&oYYFmxSb}<+%kEXBMaDR9Yq)6*_sD z23h8mAdnClErgUV4Q@7&inZniYd*y}uZvWP?Gw#=lEvIT42^E^F1 xY320<&NJ1EySIg_9Nu4&yz|b74L;MmMIJ2+DdF4bddi@1ew#v0$_!(TP5>+V=z{f(AyuBnhUFP0 zCB^2!=7|xJem*`C+U17EzKI2v>AoR}`R;yY#ZeiB1)1eskxoeg5x$n%Ch4UXRY?|6 zW|5`Yz7|PdCMKyBm0tR#VeYBHWf)hP8%IQ#rzHF9N2WSum{@oj zSU7nlm!$_)xH%?;M?{5!V!+Npy;R3rt57$+C^fM-mCGQ|+&`)`J;E==Bh)?LCojaS zGO|87J=-$CIkh0wIp4@VG0i8$I3PHyDm&65pfa^Eqr@-DkxN%sS0TS7s=_HTti;&K zBfua(prS0SBGRP7vdllT*wC<`&^x!l+psu0G{`mBlS@I_G&bSz18Y`>O*dB8-xvB< zdB5RfQu^e}yN~9+7pq_Yp6T|P6Q5>fq;7swESFvt>g4zJlHkg2(c57?w=b`baK4-{ Nm+4#aHJkglLjXep?HB+6 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index e25ba05..42180ad 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -20,7 +20,7 @@ let wheatly = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEehcrWqZbTr4+do1ONE9Il/SayP0xXMvhozm845tonN root@wheatly"; kitt = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPble6JA2O/Wwv0Fztl/kiV0qj+QMjS+jTTj1Sz8k9xK root@kitt"; gir = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINL2qk/e0QBqpTQ2xDjF7Cv4c92jJ53jW2fuu88hAF/u root@gir"; - neuromancer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7NRDOGzSO4XVEezMS/9pI3chKbOH0fw2aikLRvea2P root@neuromancer"; + neuromancer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFAs6lBJSUBRhtZO3zGKhEIlWvqnHFGAQuQ//9FdAn6 root@neuromancer"; skynet = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAIFPXJswth8H1k8+zrg8vCnPkfG1hIIa3wR9DBmjpB5 root@skynet"; earth = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMpvgQcvK7iAm0QrIp5qSvUJzDhOrSBN9MJn9JUSI31I root@earth"; cadie = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIACcwg27wzzFVvzuTytcnzRmCfGkhULwlHJA/3BeVtgf root@cadie"; diff --git a/secrets/stream_ulfm.age b/secrets/stream_ulfm.age index 965f5b53dc97b5b29848f93522a02ac558365d68..f0ae4c7af05522671e44683130c9523bd60658dd 100644 GIT binary patch delta 2907 zcmew*xv#Xn>znhyym|uydx2d*;d3cmzc11{0 za$atJuw!T_SA}%l#cK9Q{ltpJf!UPfL$vt*x>K39YhYT6b7_uOL{*TNn@@g- zcScEKP_d(LqIZ6ZxpSg(m5DExu}@WASUH!juC9V-L6N(@TWFxWX-S@0rdP3BP;R7G zq(M-!S4DDwr+%n=N@hilkE?63xhI$LMBaKEUtaz_rrrT2kN5xoVY+kuP2QsqCO52! z`B`Mt*3`q)pe&rRZ>q|q@ZFIdSDaff?n=GcW1_1w)Ay)e;fg&sG*9iHA^9;z^6e|L zsO%Ye+K!@YMUIv^EuHgx58w8h?>{&$&(V2j5NS+`k~|!-5?Lr&O7DZdqT?r)8km^!0JrYQ9On z*PQ3bvERr&@+>ENkF~p1?bB+*Yqn}#F-xKzX)*RiJ?dYmAfg<5#kxTtr>5<ez5Co7HOs7{PKnOUCl1Y;SfV3Y z6*_n3i4^Yzm$brmO-x&IqyBdG;_TGtfxo9c+qv3d!k?FMB`^Oe`a8V4t69WyiQPZl8YCP72S+@Z4*2B&e6PMOILrHF{ku=R6uWU zVc8V%`Co&!uUA;)Ccn)5|F$O!cy0?$eEM%~{fj&I&Q1?Lzu?y2`(H%$etj3X5L-XL zZ}0E;*0NassK}4vW<4h#EO=5SRdqTcEW>P7W%P3G$tSiuI=;J|nrPuY=g!m8C;3%O zj2BW(^tvu4+`nq6aoqINr-i2jmWiec2y{QMza=!UO!}axDQ|)0r6$wT-4E7%WIx+_ zbh){K35#6-!{5T`9L4bkiHvcE94R#){GwE>KkD!;h;NE@UisB&U2a+IoDPlf4)rDT ze_hMuEs3+4XSQ*rqGpA{ zk%!-R3HBMB*fdSms_ykSMJe`-{?+p*>^pAT(k||m5hTI%`zMpcIZb(+yIErO@dx;q zPJM859mlZ=cI!6ntvFhr<9cRa!0(CSA*JuF+74g%bu{{+eu3`^d1H4TqqcV&&-FN+ zEh{TvPQ7F`nOEn?>Xm1UlWi3h6f$h=8E5{H_LI%H_r}p^T0X;uWlYm9Hh$lj`2X*l z2m2>#^c>DtO`jrE`0z@YWqwu>Q*p$_CZ@tuvC(_~KHa~!HTHG;<%xxEyXz+vE175% zvp?bFG0AECboJskb!C^W-dQ2>;;;Jt>-4;SdL=Jj^JC;ZmS`oTt!}I%ZW`dCU`9-&#PFHM|zj^qxt#qsC z?zgjw-RI_>UfO(2P15bB&W!oR&HQ~X^-r2!y*?xr=OW&i!t~wX&CWLW^4Zn`4?gG% z)p719zW3E*tYI#3Xb>loc}K?H9FTR zHo@$Q-p-vYhr^W0qqyZF{eQbX=k49ut$uob{^1YqnyWWdE}wpF@q4FF)*q%lneB8` z=LTE-#?Rd!(ku5(j>)Sr|Grja)oG0d1s0DYe)s*6w{yBs^3{6wnlOgTM;~{I^c|RE zdVbZ($=4fwvrh)^4KN8hU#FTK?(6=4S3ts-{jzV={OqGo>{+J6Dax;2S!V9g#QkyJ z+bRFGFUj*<)B9Gm{!6=v`eN4F=WUDEIY-rAzM{Nv*^7Ex+eK@(Y+M?DtL2=4)6)cz zhKdiX@(xRI?b`B7fY1NKs_AL*jTa0uLux zTf={A+hx&=9|p3{H>IwyaRhu$p3Ag*!=_KW_^iWc{d)IY(*NFNmPt>=u54o4RTtN7 z;m&pMluhBAh39gg+^YYyq|8cX@r}hyK7XaIFBD!Mu02=hbobK4-M{AF5N0wy`0L_~ zyADo2SkCPJX1vSv!9$ZD>-Xo}ym0OGize~1{#g07`{N_Z{HOhK|8PejojJGaq;1gs z0ESg_^$kx8PA~L!d357!+@qck=f&)eUY>e<YS{ypi zCo}!77iKSAZxI`4Kf%BA@q{(~`n`*o>N_3c*Tov#m%e_DIZ))agF<>KUJG<^Op#tu|RP`LMrg=tK7n21?%+eG|EOFvTT5;gavdxb2+V9%g*|ed6P@f(utu zUq^-Lf=wnDogPNz6tahZesp--#78%Fwk_PR&0@cMWngl> zKJ&$T*M)!n+e|y;wf06*^zrJ3soZn#?>@e|hLv3=YN>YMTB|iD=4zh5e#i7j=-nA_ zv+m~vK5E~;@MO*jC*AY0wX5CY<_qqW;4|2p`n+VN;k-%PC+Zb#;A}Y)yCGe_sOgXT zTXVS^&#c~czZCU2W%Oak;Vm6+e@1wkM!D#|aqG6L&-oQ}XzN{-%eT5r4y=vy`m%RV z!p4~7Pq}O#tsSoJN#=jOBB41*U;)pW(_gX=I2CTpsHmH_fze~>Lbmtb@3_`~E;{I2 X_FF?{(#dbxmk`|ut7njr+!e0Yj$C-Q+8gUccw{EQL$@Lc$uSVrAbhpVL^Ug zK9_lzf1-P6cydI9XHc52rF({(Td-r0p<`)kdYDs{XMRChnvta&cx+v5TXBWJzH}M5UWaqGMukdWf%OaiU|SrGdH0 z#E;_PDTVp27U9m8DG{Mrk*Q_bWnu1xfo5f1;l_qRd1;XaM&Ta8&MxMW0d9d@iC*sJ z+RiCPfqvmt-ro7XW#*yziGfLmLAjLyDdqZ(>8^hHCSlnHhS}+p;~B-nD{>9}vOSYL zQ=PKIqbw_(d`v?kGyKDx^plH9%>0tvof6HX@{@DSBFl@pk}@m8Ouh5-(u+dF3Y^Q# zLefJm%Z>b8{4+znD^emYEVbP-3JQHv{evPWpJf!U_YElaDGzWrC@wAYH#Sc!^R7tF zD$Y*H@C#20^C~q6C^0YysL0mNFiQ{Q^3=A-3i5R}^(!uP^(qSucDJ<1i71LH@=2>K z&kIip&Z|s!_VX$vv+}0a&Tl$l7+uVn3H$8tF}jCYI$as zZ+g8!N}yS3m219!NuX&_dbvlsiAiXFXi8O@v879-X;z>km#(g^f@Q8jNK~$wesOMa zL7KN)NNAFir;}5esar*$+~gU z1*apa?p6BS4@?5=jW>M#J=f#Q|4nu*JN_#BpDD2UcWqlq-5#x6tAN^^i zmjBr(f4jnqjOLp~&3{zu2-M?h_2D|*ZNfklXJWKc%Tg-d& zOh>DG z7ytCyWb5Li^^WOh(#5ltSnFp@;PQDqZ~I1G@e@}nztzjEd^E#1sN=SChRPvP-GEq& zgZsL;9eKQ2>vQ>yjAG;dF?VwM3Ta$CYM)o*;Iy)J@^ah2ll>dLeP-mB^Ih@!aQ(~n zoe!HAy585ld7F2$CG*DBTr1m71Ta67T)%h!tgCinld6hCkK{?VuibE zxzcLp!i!m>7jLgxcq*d)WXivNpWSyS8u;Hkr5My+>y|mUZ|z0@84O*T`ARR9*FU^C zCCNzq-(7`s2Yr-s44-XCTk?IYI6K=>*Q%n=rAm6nHw|y77Yglt%60CT${PohWt(o+ zmmD~y+0EP1BC&MqMfIa~i#)S4WwrXVuISgFPpuW}KPLNXf0|G7W}DWNCaK;sO8;X& z>=d|aeL})^L0h}a+5>)%4@?cXf8l(ons1~1FHsXKc};a8t=g#H!W!T35|)0L`?SL~W=w`L?T2e#elmF95mD%iGGD_D`^ zYe~c7S>n?!nRu?*ex>=>uFszYg7$spdA+wrF4uCqvW~`+`fA~fEj)J9Gnw=RHzUIarjtgy(GYpNGx8Mk%T9FU)()wD$2mp)*Gl6`f8y z6&U+F`fZ=ou2NH4`?%h^{V~JyjfbAMy?%cAm+OqA=$o$UK_ORWOf_CuV?ST|@6|gK ztC`(?2*^x-#}?9laQUYg%WbRORypx4sL7w;@$c@+4IlTJH@qsa z5za3?279lWo;bCCC9+lguvp(F@uj69><=3c{R#h}R{!F$*uiuRp9j>(z3e zEE8ubm6ZD;r&aeI)th>Lp4uek9h;qa<2T9H-I0B=@Ziy=5YJoA`#BvqpBG?NSia=A zV)4fv^;z=PzD|*AWYSWnNL>7=vBfH>^l)EO%o6mE-r z$@fz_fAVNq!Na)?Yg%-?`JUJOZwXqU;4-1&gZoPFjbVE}zn6b3H?b_fe%;YP7PfxXCx_aj){Rp(sNa$M zF)y$D#pVBXC%634Zsw1?&a~U+lIZ{JdKIHty;>a(Q*uu*S^4!`KVKR%xlCH@;@ZBI z=3b6wd3oO3J4zgq8}GcWv;FrqMX9UUT>8-|1P8Bg5E2m^~fk z3<93iY-_Z6Vz+(Igd_J4tMmlrT#b@=>=RdiWnJu&FS?FWHC}-bkKkJWt|ubYb%=g^Z22 zg7zq_w|>{zFvX!KwIRDY&OcCpf%~ybON?h-TwMI-Dw}EY!hGRXQ#)Sxgk9bgq0RQ$ zLeydD$51y0iCsbGk{{H*p4F}W=ld$oQg@DS)=&4;;np>D|=II*|SnTAVY!($+p`WQA6Xv5doa$eY926Cn8))vLU0UIo z<{fEP5t?1h1Se`=vQoJF1+j(%#ewr{9*o>7@|R-|uOv5|SDqfsDNQjn2j zp}UiJUSL?bZLXRXre@Dj%N8`M*{OtTB4-en0BA2kF(9mQq3!?%{|K!MwQm69#;0R|k zb4O1T1J~5ltPl_1G=FbXFKy@K%Df_vD&xq>XBoxo6Vr>zJdBflTwOv-d9$VOSH8!3!(ze!_zXuQVb0YT@5U_e3Byq9mCzd+&%L=B0P=!P4dc}eKIo)j4EAA zB613=vMsVoE6Ot~1I;baW1uvu%E>rgp*+aRpfo4SBRj`4GPuMtH>y6v)6uBP+pwt6 zrP$CgCD6d4ur$imJJK;LpUWpS)6&8vCoC`3OWP>B(8$R@*fq*8qad*;D%~X0snR0S z$-JV-(JR+EAKf~SB!kR?K!ubPZ++*yqAZJ`Qvbv-pX8*-T+84nV}ty(LXTXtsPYUa z(+I=RtmLAqyhtv0gCv8{3QzMy!|dRkFkjzr<5ahzGN+w6lRq~_$N1ZU|7`FKXUN4a|#1f&~q8F`xI zl_X`lnd#@dhIu=CmiQF~ntP?DJ14tGL{(NMmZW$Z7)SYL`X)z$ykg~{n_iTfSe(jb ztnXM_kY14Q~T zT#=UStDn#H>c{!uzUKEa>56q6A&#GQc#bQX9kQ(acIaNm?o`=LLb0ZAekZvcS?H41 zstK&wn#7h^AE(Vlhv#_j6_tE8b>~jayWMmZR z%cUKWRcILKn`z|X>gFAh?4IlE9$^$xSrSm}8|0Z}VH}e0msVx2U*J-j%%y9mP+Xj$ zo0?)|YHDbyU=mOjm7lJV8|)LFU##t#<(ZV8S&?Rz;^rM?Vp`&%Z{VGr?wS><9T;X& z73N(Q;T#&tl^*8k5nABrl@%IPQJm%OWtmryY+&T+l4{`P>0Dx*=w|AglwE9U5>@Ov z@uPTnWTa(YR+X2NiLYahW1dl|xv_CnWNulNQ&~x>L8YNvx%K}h7}ct-K?D)(~BEXTkK z%M@>;$gpf*ZQr7B7gN8ad^d|AqreDb7mIT5GJ_QV0OL@uf+DBF05e06Dx;F9tO9c* z=Q1Pzuw3K7jFd`?V6Wt$a_7R_97EHh;GE>iXBoxojU0<|^eufYEdrB^DvVrRgDMM? zU7f;OH|gFW(6LL4o)a*c9J3!{p?ozsimgAKBrz0=A{veMJED>EvL zv%MUnstnzXN<%75^ODQaW1uvu%E>rgAuz-_!y~P-Dmg7PFxb`0J+EFnJ6S)-G(FwC zygbXWJi^Dhz_i5D#UwZ6F{f)ZnMf6MTK;(Q<9Bn!WsR4N z09SCxnHM=a73ddx7=;yQ1i3pqIh7lF=T{n=gt(`cl({%XW#^eYB}V3F=NbEQ`8j15 zhk6!xnq;SECYqY~XS*0$7MXkbM5UCtJEa$S>3h2uh6QGsJ7pGwyi%y`6J)7VXQZ26 zl$uzas-Tjq;1jHnUKFYsnHZ=Lpl`$Fq+hRZQks>T7E<9{Tx3xd8JOo|66)hx>7DAI zo{^cK=4zOeSds1OQSMV*=9BGZQj}O3ke(f0;#`$slAo7j$rTco?BQWzo@cDBpBRu+ z>=h806=fb)7M||zSZrGCs-0C3Q0C(j=x%D9k!YzOsb8666u_mctE*t{W02;P7gir( z>0BI^9$r{hVB}ks80>8rk(6u@rC(&^YZjRro>5|)=9kVD!yNfx!j0>;wZ&=13c}e0;)Qk7YvkX^G&`SPww$SOt&ZT#~^Y8!uQhayT Ywz--=l&-61y|9kV`21 Date: Thu, 16 Nov 2023 01:09:35 +0000 Subject: [PATCH 192/826] feat: enable better seperation of lxc dependencies --- applications/proxmox-lxc.nix | 93 ++++++++++++++++++ machines/_base.nix | 182 +++++++++++++++++++---------------- machines/cadie.nix | 2 - machines/earth.nix | 2 - machines/galatea.nix | 2 - machines/gir.nix | 2 - machines/glados.nix | 2 - machines/hardware/_base.nix | 2 + machines/kitt.nix | 2 - machines/optimus.nix | 2 - machines/skynet.nix | 2 - machines/vigil.nix | 2 - machines/wheatly.nix | 2 - 13 files changed, 196 insertions(+), 101 deletions(-) create mode 100644 applications/proxmox-lxc.nix diff --git a/applications/proxmox-lxc.nix b/applications/proxmox-lxc.nix new file mode 100644 index 0000000..964454e --- /dev/null +++ b/applications/proxmox-lxc.nix @@ -0,0 +1,93 @@ +/* +Once https://github.com/NixOS/nixpkgs/pull/267764 is merged this can be removed +*/ +{ + config, + pkgs, + lib, + ... +}: +with lib; { + options.proxmoxLXC = { + enable = mkOption { + default = true; + type = types.bool; + description = lib.mdDoc "Whether to enable the ProxmoxLXC."; + }; + privileged = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Whether to enable privileged mounts + ''; + }; + manageNetwork = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Whether to manage network interfaces through nix options + When false, systemd-networkd is enabled to accept network + configuration from proxmox. + ''; + }; + manageHostName = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Whether to manage hostname through nix options + When false, the hostname is picked up from /etc/hostname + populated by proxmox. + ''; + }; + }; + + config = let + cfg = config.proxmoxLXC; + in + mkIf cfg.enable { + system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix { + storeContents = [ + { + object = config.system.build.toplevel; + symlink = "none"; + } + ]; + + contents = [ + { + source = config.system.build.toplevel + "/init"; + target = "/sbin/init"; + } + ]; + + extraCommands = "mkdir -p root etc/systemd/network"; + }; + + boot = { + isContainer = true; + loader.initScript.enable = true; + }; + + networking = mkIf (!cfg.manageNetwork) { + useDHCP = false; + useHostResolvConf = false; + useNetworkd = true; + # pick up hostname from /etc/hostname generated by proxmox + hostName = mkIf (!cfg.manageHostName) (mkForce ""); + }; + + services.openssh = { + enable = mkDefault true; + startWhenNeeded = mkDefault true; + }; + + systemd.mounts = + mkIf (!cfg.privileged) + [ + { + where = "/sys/kernel/debug"; + enable = false; + } + ]; + }; +} diff --git a/machines/_base.nix b/machines/_base.nix index d26a887..01aaf76 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -4,9 +4,17 @@ config, options, inputs, + lib, ... -}: { +}: +with lib; let + cfg = config.skynet; +in { imports = [ + # custom lxc mocule until the patch gets merged in + ../applications/proxmox-lxc.nix + # (modulesPath + "/virtualisation/proxmox-lxc.nix") + # for the secrets inputs.agenix.nixosModules.default @@ -23,94 +31,106 @@ ../applications/restic.nix ]; - boot.kernelPackages = pkgs.linuxPackages_latest; + options.skynet = { + lxc = mkOption { + type = types.bool; + # most of our servers are lxc so its true by default + default = true; + description = mdDoc "Is this a Linux Container?"; + }; + }; - nix = { - settings = { - # flakes are essensial - experimental-features = ["nix-command" "flakes"]; - trusted-users = [ - "root" - "@skynet-admins-linux" + config = { + # if its a lxc enable + proxmoxLXC.enable = cfg.lxc; + + nix = { + settings = { + # flakes are essensial + experimental-features = ["nix-command" "flakes"]; + trusted-users = [ + "root" + "@skynet-admins-linux" + ]; + }; + + # https://nixos.wiki/wiki/Storage_optimization + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + extraOptions = '' + min-free = ${toString (100 * 1024 * 1024)} + max-free = ${toString (1024 * 1024 * 1024)} + ''; + }; + + system.stateVersion = "22.11"; + + services.openssh = { + enable = true; + settings.PermitRootLogin = "prohibit-password"; + }; + + users.users.root = { + initialHashedPassword = ""; + + openssh.authorizedKeys.keys = [ + # no obligation to have name attached to keys + + # Root account + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin" + + # CI/CD key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDvexq/JjsMqL0G5P38klzoOkHs3IRyXYO1luEJuB5R colmena_key" + + # Brendan Golden + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHNLroAjCVR9Tx382cqdxPZ5KY32r/yoQH1mgsYNqpm Silver_Laptop_WSL_Deb" + + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer" ]; }; - # https://nixos.wiki/wiki/Storage_optimization - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; + # skynet-admin-linux will always be added, individual servers can override the groups option + services.skynet_ldap_client.enable = true; + + networking = { + # every sever needs to be accessable over ssh for admin use at least + firewall.allowedTCPPorts = [22]; + + # explisitly stating this is good + defaultGateway = "193.1.99.65"; + + # cannot use our own it seems? + nameservers = [ + # ns1 + "193.1.99.120" + # ns2 + "193.1.99.109" + ]; }; - extraOptions = '' - min-free = ${toString (100 * 1024 * 1024)} - max-free = ${toString (1024 * 1024 * 1024)} - ''; - }; - system.stateVersion = "22.11"; + # time on vendetta is strangely out of sync + networking.timeServers = options.networking.timeServers.default ++ ["ie.pool.ntp.org"]; + services.ntp.enable = true; - services.openssh = { - enable = true; - settings.PermitRootLogin = "prohibit-password"; - }; + # use teh above nameservers as the fallback dns + services.resolved.fallbackDns = config.networking.nameservers; - users.users.root = { - initialHashedPassword = ""; - - openssh.authorizedKeys.keys = [ - # no obligation to have name attached to keys - - # Root account - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin" - - # CI/CD key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDvexq/JjsMqL0G5P38klzoOkHs3IRyXYO1luEJuB5R colmena_key" - - # Brendan Golden - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHNLroAjCVR9Tx382cqdxPZ5KY32r/yoQH1mgsYNqpm Silver_Laptop_WSL_Deb" - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer" + environment.systemPackages = [ + # for flakes + pkgs.git + # useful tools + pkgs.ncdu_2 + pkgs.htop + pkgs.nano + pkgs.nmap + pkgs.bind + pkgs.zip + pkgs.traceroute + pkgs.openldap + pkgs.screen ]; }; - - # skynet-admin-linux will always be added, individual servers can override the groups option - services.skynet_ldap_client.enable = true; - - networking = { - # every sever needs to be accessable over ssh for admin use at least - firewall.allowedTCPPorts = [22]; - - # explisitly stating this is good - defaultGateway = "193.1.99.65"; - - # cannot use our own it seems? - nameservers = [ - # ns1 - "193.1.99.120" - # ns2 - "193.1.99.109" - ]; - }; - - # time on vendetta is strangely out of sync - networking.timeServers = options.networking.timeServers.default ++ ["ie.pool.ntp.org"]; - services.ntp.enable = true; - - # use teh above nameservers as the fallback dns - services.resolved.fallbackDns = config.networking.nameservers; - - environment.systemPackages = [ - # for flakes - pkgs.git - # useful tools - pkgs.ncdu_2 - pkgs.htop - pkgs.nano - pkgs.nmap - pkgs.bind - pkgs.zip - pkgs.traceroute - pkgs.openldap - pkgs.screen - ]; } diff --git a/machines/cadie.nix b/machines/cadie.nix index 5efed45..e7c045b 100644 --- a/machines/cadie.nix +++ b/machines/cadie.nix @@ -12,7 +12,6 @@ Notes: pkgs, lib, nodes, - modulesPath, ... }: let # name of the server, sets teh hostname and record for it @@ -21,7 +20,6 @@ Notes: hostname = "${name}.skynet.ie"; in { imports = [ - (modulesPath + "/virtualisation/proxmox-lxc.nix") ../applications/nextcloud.nix ]; diff --git a/machines/earth.nix b/machines/earth.nix index c844371..e8c2f9d 100644 --- a/machines/earth.nix +++ b/machines/earth.nix @@ -13,7 +13,6 @@ Notes: lib, nodes, inputs, - modulesPath, ... }: let name = "earth"; @@ -21,7 +20,6 @@ Notes: hostname = "${name}.skynet.ie"; in { imports = [ - (modulesPath + "/virtualisation/proxmox-lxc.nix") ../applications/skynet.ie.nix ]; diff --git a/machines/galatea.nix b/machines/galatea.nix index 57f5390..f82217c 100644 --- a/machines/galatea.nix +++ b/machines/galatea.nix @@ -13,7 +13,6 @@ Notes: lib, nodes, config, - modulesPath, ... }: let # name of the server, sets teh hostname and record for it @@ -22,7 +21,6 @@ Notes: hostname = "${name}.skynet.ie"; in { imports = [ - (modulesPath + "/virtualisation/proxmox-lxc.nix") ../applications/ulfm.nix ]; diff --git a/machines/gir.nix b/machines/gir.nix index 09141db..ebb17e2 100644 --- a/machines/gir.nix +++ b/machines/gir.nix @@ -12,7 +12,6 @@ Notes: pkgs, lib, nodes, - modulesPath, ... }: let # name of the server, sets teh hostname and record for it @@ -22,7 +21,6 @@ Notes: #hostname = ip_pub; in { imports = [ - (modulesPath + "/virtualisation/proxmox-lxc.nix") ../applications/email.nix ]; diff --git a/machines/glados.nix b/machines/glados.nix index 2b1987e..d1e7d2c 100644 --- a/machines/glados.nix +++ b/machines/glados.nix @@ -13,7 +13,6 @@ Notes: Each user has roughly 20gb os storage pkgs, lib, nodes, - modulesPath, ... }: let # name of the server, sets teh hostname and record for it @@ -22,7 +21,6 @@ Notes: Each user has roughly 20gb os storage hostname = "${name}.skynet.ie"; in { imports = [ - (modulesPath + "/virtualisation/proxmox-lxc.nix") ../applications/gitlab.nix ]; diff --git a/machines/hardware/_base.nix b/machines/hardware/_base.nix index ae8b77f..e9b831f 100644 --- a/machines/hardware/_base.nix +++ b/machines/hardware/_base.nix @@ -11,6 +11,8 @@ with lib; let has_ip = interface: (length config.networking.interfaces."${interface}".ipv4.addresses) != 0; in { config = { + skynet.lxc = false; + assertions = [ { assertion = lists.any has_ip interfaces; diff --git a/machines/kitt.nix b/machines/kitt.nix index 881d14b..5891571 100644 --- a/machines/kitt.nix +++ b/machines/kitt.nix @@ -12,7 +12,6 @@ Notes: pkgs, lib, nodes, - modulesPath, ... }: let # name of the server, sets teh hostname and record for it @@ -22,7 +21,6 @@ Notes: #hostname = ip_pub; in { imports = [ - (modulesPath + "/virtualisation/proxmox-lxc.nix") ../applications/ldap/server.nix ../applications/discord.nix ../applications/bitwarden/vaultwarden.nix diff --git a/machines/optimus.nix b/machines/optimus.nix index 9cdcfbb..095c55c 100644 --- a/machines/optimus.nix +++ b/machines/optimus.nix @@ -13,7 +13,6 @@ Notes: lib, nodes, arion, - modulesPath, ... }: let # name of the server, sets teh hostname and record for it @@ -22,7 +21,6 @@ Notes: hostname = "${name}.skynet.ie"; in { imports = [ - (modulesPath + "/virtualisation/proxmox-lxc.nix") ../applications/games.nix ]; diff --git a/machines/skynet.nix b/machines/skynet.nix index bbe5676..250f069 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -13,7 +13,6 @@ Notes: Does not host offical sites lib, nodes, inputs, - modulesPath, ... }: let name = "skynet"; @@ -23,7 +22,6 @@ Notes: Does not host offical sites hostname = "${name}.skynet.ie"; in { imports = [ - (modulesPath + "/virtualisation/proxmox-lxc.nix") ../applications/skynet_users.nix ]; diff --git a/machines/vigil.nix b/machines/vigil.nix index ba4d464..e3c811c 100644 --- a/machines/vigil.nix +++ b/machines/vigil.nix @@ -12,7 +12,6 @@ Notes: pkgs, lib, nodes, - modulesPath, ... }: let name = "vigil"; @@ -20,7 +19,6 @@ Notes: hostname = "${name}.skynet.ie"; in { imports = [ - (modulesPath + "/virtualisation/proxmox-lxc.nix") ]; deployment = { diff --git a/machines/wheatly.nix b/machines/wheatly.nix index 16fc41c..02eabce 100644 --- a/machines/wheatly.nix +++ b/machines/wheatly.nix @@ -12,7 +12,6 @@ Notes: pkgs, lib, nodes, - modulesPath, ... }: let # name of the server, sets teh hostname and record for it @@ -21,7 +20,6 @@ Notes: hostname = "${name}.skynet.ie"; in { imports = [ - (modulesPath + "/virtualisation/proxmox-lxc.nix") ../applications/gitlab_runner.nix ]; From 82b0b4aff47eec1d6514935d175384bd5f5ea3d8 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 16 Nov 2023 01:12:09 +0000 Subject: [PATCH 193/826] bitwarden: final changes --- .../bitwarden/_bitwarden_sync_module.nix | 33 ++++++------------- 1 file changed, 10 insertions(+), 23 deletions(-) diff --git a/applications/bitwarden/_bitwarden_sync_module.nix b/applications/bitwarden/_bitwarden_sync_module.nix index 2193603..6a45fb8 100644 --- a/applications/bitwarden/_bitwarden_sync_module.nix +++ b/applications/bitwarden/_bitwarden_sync_module.nix @@ -9,26 +9,6 @@ with lib; let ldap_data = builtins.toJSON cfg.ldap; sync_data = builtins.toJSON cfg.sync; - - # coping directly from nix https://github.com/NixOS/nixpkgs/blob/da4024d0ead5d7820f6bd15147d3fe2a0c0cec73/nixos/modules/config/nix.nix#L62C1-L76C49 - semanticConfType = with types; let - confAtom = - nullOr - (oneOf [ - bool - int - float - str - path - package - ]) - // { - description = "Nix config atom (null, bool, int, float, str, path or package)"; - }; - in - attrsOf (either confAtom (listOf confAtom)); - - json_string = string: builtins.replaceStrings ["\""] ["\\\""] string; in { imports = []; @@ -81,7 +61,7 @@ in { ldap = mkOption { description = lib.mdDoc "Options to configurate LDAP."; type = types.submodule { - freeformType = semanticConfType; + freeformType = types.attrsOf (pkgs.formats.json {}).type; options = { ssl = mkOption { @@ -144,7 +124,7 @@ in { sync = mkOption { description = lib.mdDoc "Options to configurate what gets synced."; type = types.submodule { - freeformType = semanticConfType; + freeformType = types.attrsOf (pkgs.formats.json {}).type; options = { removeDisabled = mkOption { @@ -303,6 +283,9 @@ in { ExecStartPre = pkgs.writeShellScript "bitwarden_directory_connector-config" '' # create the config file ${cfg.package}/bin/${cfg.binary_name} data-file + touch -- ${escapeShellArg cfg.directory}/data.json.tmp + chmod 600 ${escapeShellArg cfg.directory}/data.json + chmod 600 -- ${escapeShellArg cfg.directory}/data.json.tmp ${cfg.package}/bin/${cfg.binary_name} config server ${cfg.domain} @@ -326,7 +309,11 @@ in { ${cfg.package}/bin/${cfg.binary_name} config ldap.password --secretenv ${cfg.pw_env} ''; - ExecStart = ''${cfg.package}/bin/${cfg.binary_name} sync''; + ExecStart = "${cfg.package}/bin/${cfg.binary_name} sync"; + + ExecStartPost = pkgs.writeShellScript "bitwarden_directory_connector-cleanup" '' + rm -f -- ${escapeShellArg cfg.directory}/data.json + ''; EnvironmentFile = [ "${cfg.env.ldap}" From 03ae753b90d8d5b92348cb642acab650273490e9 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 16 Nov 2023 01:20:28 +0000 Subject: [PATCH 194/826] issue: wait until server has been physically updated to re-enable --- machines/vendetta.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/machines/vendetta.nix b/machines/vendetta.nix index f54fab9..acd0edd 100644 --- a/machines/vendetta.nix +++ b/machines/vendetta.nix @@ -28,7 +28,10 @@ in { targetPort = 22; targetUser = null; - tags = ["active-dns" "dns"]; + tags = [ + # TODO: undo once the server has been updated. + # "active-dns" "dns" + ]; }; networking = { From 2989cb5b72ac5b666ca1a972818858887a2f2439 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 17 Nov 2023 09:19:05 +0000 Subject: [PATCH 195/826] dns: fix pathing. --- applications/dns.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/applications/dns.nix b/applications/dns.nix index c75d904..973b956 100644 --- a/applications/dns.nix +++ b/applications/dns.nix @@ -432,9 +432,14 @@ in { }; # creates a folder in /etc for the dns to use + users.groups.named = {}; + users.users.named = { createHome = true; home = "/etc/skynet/dns"; + group = "named"; + # X11 is to ensure the directory can be traversed + homeMode = "711"; }; }; } From e42f718ba53d41db24431f322a583111ae17233e Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 17 Nov 2023 11:41:22 +0000 Subject: [PATCH 196/826] feat: reinstalled vendetta. Now reboots perfectly --- machines/hardware/RM002.nix | 11 +++++--- machines/vendetta.nix | 5 +--- secrets/backup/restic.age | Bin 2224 -> 2176 bytes secrets/backup/restic_pw.age | 31 ++++++++++---------- secrets/bitwarden/api.age | Bin 890 -> 899 bytes secrets/bitwarden/details.age | Bin 844 -> 981 bytes secrets/discord/ldap.age | 42 ++++++++++++++-------------- secrets/discord/token.age | Bin 881 -> 775 bytes secrets/dns_certs.secret.age | Bin 1753 -> 1834 bytes secrets/dns_dnskeys.conf.age | Bin 1035 -> 906 bytes secrets/email/details.age | 42 ++++++++++++++-------------- secrets/gitlab/db_pw.age | Bin 901 -> 867 bytes secrets/gitlab/ldap_pw.age | 31 ++++++++++---------- secrets/gitlab/pw.age | 31 ++++++++++---------- secrets/gitlab/runners/runner01.age | 29 +++++++++---------- secrets/gitlab/runners/runner02.age | Bin 783 -> 863 bytes secrets/gitlab/secrets_db.age | Bin 866 -> 819 bytes secrets/gitlab/secrets_jws.age | Bin 2497 -> 2465 bytes secrets/gitlab/secrets_otp.age | Bin 896 -> 825 bytes secrets/gitlab/secrets_secret.age | Bin 812 -> 858 bytes secrets/ldap/details.age | Bin 1420 -> 1346 bytes secrets/ldap/pw.age | Bin 1078 -> 1135 bytes secrets/nextcloud/pw.age | 28 +++++++++---------- secrets/secrets.nix | 2 +- secrets/stream_ulfm.age | Bin 2979 -> 2887 bytes secrets/wolves/details.age | Bin 1155 -> 1162 bytes 26 files changed, 127 insertions(+), 125 deletions(-) diff --git a/machines/hardware/RM002.nix b/machines/hardware/RM002.nix index d7e8e0d..1594370 100644 --- a/machines/hardware/RM002.nix +++ b/machines/hardware/RM002.nix @@ -13,23 +13,27 @@ ./_base.nix ]; + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.initrd.availableKernelModules = ["ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"]; boot.initrd.kernelModules = []; boot.kernelModules = []; boot.extraModulePackages = []; fileSystems."/" = { - device = "/dev/disk/by-uuid/34918a4f-ca27-4070-a309-94bc59bdd743"; + device = "/dev/disk/by-uuid/5c1a39c9-c458-4518-b75b-5a831bebc204"; fsType = "ext4"; }; fileSystems."/boot" = { - device = "/dev/disk/by-uuid/8B03-4D11"; + device = "/dev/disk/by-uuid/8CBD-7032"; fsType = "vfat"; }; swapDevices = [ - {device = "/dev/disk/by-uuid/c83e65ad-d252-4024-93a9-0253c5d8beac";} + {device = "/dev/disk/by-uuid/515df5d9-abad-4068-bacc-559fb76e1fb1";} ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking @@ -39,7 +43,6 @@ networking.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.eno2.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s29u1u2.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/machines/vendetta.nix b/machines/vendetta.nix index acd0edd..f54fab9 100644 --- a/machines/vendetta.nix +++ b/machines/vendetta.nix @@ -28,10 +28,7 @@ in { targetPort = 22; targetUser = null; - tags = [ - # TODO: undo once the server has been updated. - # "active-dns" "dns" - ]; + tags = ["active-dns" "dns"]; }; networking = { diff --git a/secrets/backup/restic.age b/secrets/backup/restic.age index dba3493ddf4e8a325efb19e40ed30ce8a8a7cded..5fffe796421726d2e32416362f9a2a7109340121 100644 GIT binary patch literal 2176 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5t-12=mCd ztjadebJO>Ta14$tNq2Nft19rVbaOGbs0_<<&oOfe&GRzyFySgH_D(f)@%9Z5$qsOf zG_MLY2-Y??H1?{9Vn;BODD<&8xyvGfj<4g32nrq5?}J3!^-I{Ef=ZL-Ug> zDw0#YgCo&x(|1oYO%GHkPWCe>DRxaw3CuS23bu5z$jmozEH^VKs!UAuaR~^t40Q6z z%yQ0+H1^~QG_Nw!4t6OC42dYnD9ds8^QtN-sPHfJiApy~OAB}QsVFpw$ahT3(l$Z2 z&95ZKPv23&E8WGzIWjBIMB6(r+fYB(DAzyNH6=XC)YBk8!Z*~vEIcU8*sCMGdDLdF9##u%8VinEFBdh zJrZ5=y+f-49RstRlB!a((h^P541=8WGd+R|5+mHw0s{gKf~!otjf%P4a!vIEP0b7= zw98U_!;PGbqlyj7bA7#v^&_4ABl05s%(6;Cs(cbHJ@e8177<+JXjZO}k)G@wnrLEC zSY~cs7Oowh9Ts97>XjH&8d6c|o?Kz%7gm~9;OOsao>R^hSeWZ?neLJo;204V5Rm0z zoEw;_T^w3j<{RK-;#gUcRutsqRq1IFScVajE@4%{ndu6?j%Aq>&Y@gh>ERW@e&OZeIVNS6xs_r5UZ#G5NfsXA zhFPH@1@46v!Ra}fzJ|#rQNHMYD~+mhGEP@0P7kaIHApi|@$}U%GAhk3%yKVJ_RMy1 zjx^862?#U^(>4sx&G1SJ2zTVl)h{TIH1ji!%r6e|a!oZz4~+0hEOf342ro4;w#bZd z^C>K`OiKzYO2P13Wm&LgQn^A(NN9RSg`=r zL7{=O9FGsEe*6wQ@l&uz0JK0%*`A_gM;#tN*rA)J$<|)y!_n#veVIR^GGtt zEC^KaD^2vyb4l@aF%R{R2=q11Hb_g?b}4XlFHSEEE^tYA^NlRa^Kwg0cM9by&Pnug z%89B7Nl!9&chB-Gu?+BY4=D3>3-k7lNXaeEO3wC)bPkEg3C%{g&A1>(-@9BPBEYi1 z*TXc}K-u*f`24BtSdTqteC8 z(Ws=v#5~o}+0(>F-`v<)+af8{!#^U#C8{*Y-wngI;6fLtTt@}RkTTzjoQl%WN`G&^ zLW6YQvdGdTqimmC(-hy5^de7xv+zofP>YmE$80XgD9gM;1D6nI?J|AiaD)7)EMrSY z3(o-0wDL+%7nj6Pm-HZKXH)OO6bp2}g}R!hB?l@*TZZQcTAGLZ zhNXo2re%2MWm;5f2f3Shxg~i-RHbue7#JF)=^GaWIi~O)pAKEKXIhQz%fhO>-(!P)|&bQ*bmiu5$|H3Nr9E4GoNPGOR2z z&MYntPIRmEP7ef@NxBubSudA&nPYREqB!qP0NWD$)-%$a4WjCuo5mz1OGJmy56RS&;;L!!ZCl@F n-SG8s*-7n|8;9pvurvnrEpeNloc^5oyr+(5poq+t^5bOyIZwwr literal 2224 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5zLn3n(%& zh%igb)HklsH!w5K%dW_)&<_bP3UI0_&rJ<*adkBb39yKCi{uIpbxq0lO4TGn>n_&^gy2FUm+iufQnK!`;=@JY7G+ zJ3PHC(5WKSr?507#5u{x!`s8Rq8!~eQ@<2T<8lRKf0ra5kCdXyFb~6&09QYs!f@@> z+#E~q{L;{X08f9XaPOjIA0y9<+s-Pgt#FQ*wZS6c)|Ee;tU?0a6=UlJS)bL2J zkhID$SKky@bLYHJ%Sd$F3N2E-($f_(L$i{C9L=f{&Hc2Uiwmm^@_aLVP5sRMa|<1P zvLmXJ-7L#}vWtQujYGMNO>&%zjV!%G%+tIbvx*}Ef(=4UqRK48B0>zZE7MW}+=KH{ zlXJt9102z9(|1oYO%GHs^N;WfN)7W*EH+6Ga`r1oNsLHyD-J6tG)#9j3@^_J*Yd4a^J)Fg5ltHgz^j^>aye@+LG~27hS34}+zcMRIyCO0w&BG+Xxy;Ge$Hf5Mwlbqg14~DR zrVs?4>$3iC69 zvMP<-jiTJVot;ZV+>)~+Exm(sEyJ_@l1(C$@=cS>3o0GC3=0YqwZqHYj6zZkqSAeG zO9P5Si&Na4^NsZVgR(P%{G!Ud%|f!G(z8v_ZF32$3eHSd$SODW4zcjC$al;SF?0(u zOw7m+bV)W&_jJw*Dy-5j%Zjq}EspT83=NLt3N|cv3i8g#DsU~x4h%JmC=Ji|Hb{0f zOAa)xGBPL$_D*zibIo>g&Tz-bZ>3RHPR8j9skx@+>0U)ir52%{IbH=>{>6#8!KTGo z=Dra*E}4#jpa=%*syZGEDSvDa^Ps^@KGz{>H$kEQz zj?76$x6QN4(YMf1!O%D{#W^_8*EA`_pu#1xpg61a*NcQs^lc?z)V-4D3k1fAX9G(mq2$)x`pwzVdA`?d+(+o2V+l&ix^u5a!qO$dU zU5YER%segiD?=;2D_otOyuwX_T}<-|ll)AALY&GAUGv?7Qav2Gl1sh3bHW46^Gdao zeM>BYvob<5g90m(!$RCVvs?;tD?FXU32R;jyRx_+slkx^l) zx1+DWr-iqBq*-8DQekF=XQf}5OC?5G66$J}mK>;H=;M{^lWvk*nd2SmS5$m8SI!7m0Vt#lk8odnda(PlIzLklxyKyl$IP4VOA7Xd5*DoOpH-9-k>ZFRZ;@_^70&4jj%8)~&RL~_Sw_W9p*e>B8RZcbUWvJ7u7y$I zsUGg7hIvWO+HN5cc_9{DWl?#N`k|TO-rgxiW*&*&zUCQ8Mu~a8NjYiGk;TTACBZqq zIk|aNnHlLI+rqVrbkmDc6N^(7v~z-t72>KaqZD)v3e0^1xFSM=%qx9!G9pqeeBIqm z3^VghJUsLhD+;r6++C|I3^OXyN(*xnqqI#T%1pwH!@Zqz)AZBJos*La{DO_#y}7~? zi-NM8(|wJD(!v8wz1_odEDMT@3f+_POt^G)brnLw^@}nhT{BG`i^F{KN}VE{EG?^i zEsDbZOMS~LlFM?7JbhFBip$)b4Y+c0EtkG_ZZo;C=h_d;$YpZ-A8;K#QB-u_g}NZKRz;FMR)c{8?Ynz{0WEEU!&JH*#`^*yw@BPVn8jGboU+;wp!ydn-y o+Lq+axv)```=-~MhF8{8HwOOy^zHc< ssh-ed25519 V1pwNA GYSbmrWHb3NJM8MrBn2HllMdHydtXvFI/27yCuWzfFA -VyayuPCLPv6sHa0YWF8PWIolG3tNSCtB5NqM+r3z2lk --> ssh-ed25519 4PzZog ya1j0N8sjUwYmLDVagfGAsQHXpaBg+qpVYtdALzJD3A -Ad+ORHJ3U9OyJ+LHygjXq2yLauhFzPCPuXNx5/onH0E --> ssh-ed25519 5Nd93w Q/iHoCAyDoqevYj5vQJ4BW1ROVZ9hpO5uKCmUVmFEkE -ucG0grsbKinz8f3v9iUDF1gb/tYArlkTneYEZc+q2xs --> ssh-ed25519 q8eJgg T2kEFkeVrZFYCVgndnCHvstE6mNYbvqVUgcT+2JEBm4 -sOmDUGEB6gYf90t/xhEDJORMBck3E4bK7yY8eCxh3Es --> ssh-ed25519 3pl/Kw 9WflDj4m5z4+I8+0sLL/VmqEnW/AiMZHHk4CnCplJVU -OwVHhRty3o3noQZerE2drU4FyciJLrIfYy5qrlb3coU --> @ZM|>r-grease TMr!(t -vnQfaw8 ---- 3xV2ejaWvmMXQNbKPaVo/UzBvnRu6JT+3BwuwS4iV60 -Wa Ï$[;tOtnb4F̙";uK>!r_x3 ["9 -MN.b1C>n8 \ No newline at end of file +-> ssh-ed25519 V1pwNA LoF1ddALOVnrPikVoFfIO/Hrydrqoh/4W5DaSMZHkUs +Fla3oxohjlE6oUkx9tsroXcbDqQoQfi4qixrEqy2+/4 +-> ssh-ed25519 4PzZog tojPturHggZ54bUlyCbr0hwLbhTPpBR/o90XT9DYf0Y +it+mlc2OKzxnEF08ao0J+aJezA20eAaRBW+ODgiX09k +-> ssh-ed25519 5Nd93w W5FDJ7geDB27elGpL6SHBA54Al3uTU67FNsTt63E5H4 +1N3NVwEC3QqjpwdFk/SRWFpTUk1tTH7YPQdV2MmF/II +-> ssh-ed25519 q8eJgg yJj2ImpyTpjLGiPqxQ/03tGFDnDN08Gr93rPRUYLLyk +PLSFba8JFM2na4h6XIzVeKKEw61/ZwlpQdesIHPtggY +-> ssh-ed25519 3pl/Kw Zu5dWL1GkgL8ZhmFuTg56GRGTvTTDXYOXGN75/h37wQ +nvNXCSa/VsjchPWRMoFNCRLe6SK/trUrGgKa7iJkprA +-> vZ[z@fHA-grease +mAV/h887fY2ispnlxuTZ+LR/EIYhV6LqbyuDpEc4p0jnwdpYhEAfU4KKZtnxae22 +q/IM3g +--- QXUMgsJS6LdbF4du60HslLfcBq5xNsazlzAHb7jSeDI +|eC >,Vĕ˝3Mb$iIs=qk܃Di +֟;S)<+)uR겗e[4}{61Wr EPI \ No newline at end of file diff --git a/secrets/bitwarden/api.age b/secrets/bitwarden/api.age index 1d1fa4e9c7bf2993a2b664f6c0d2a6777e083849..44e29599d410b7968cf7eb46210a82462fe27f90 100644 GIT binary patch delta 811 zcmeyx*33RZr{1fe#KptW!y_o%Al<|}u^_{=IH@GKtlY3TG~6dUw9?TqG9xq8+s`7) zm&>#&IV#9J%r(5Y+%T!i+%YN5Fd{S9xFRw)uOLf5*)pii!k{28r#LdikxSQ3p}06h zH#Nn`)YQ;Y!6cw6DnDJpF~i6_J;cPMEF{s#(6BJr(JjX`ASEf=+%2*!)7;o3t<0^c zDz`8#Cp$2iE8Qz3y{I_E%q-H?Co;*+*T^%ope#qbD$pX`H?cU!(>uu6INLibF(uV? z;z#lD@QS3u63cS8U~{uXPcv=b{IJ9@gRE3nCyyNM03W|X7ZWqL%yNsM0%HR%vm!s^ z@_>+#%;1u&;-Yfj{NMf(j!`a-=85{{ zLFFm=6$ReT<+)*15iV)oSs5uA;a? zPC@1Ap&n5Mg~1lyB|(M3rIGq&rM~GV{*~pE&oYYFXM1?MR2h31Bz0BLS$|pP1v8cqyF)=@=B*`_Tz%$LK*d-uHJAg}9S63l1 z-@Q08*(cC5x3JX7+utoTv)JD>)5Xm^Kd(MG%OWw@B{9Xays$hw(l3xpkIPlw-S^1F zU4gku2bV9Jw?M!xe0{n?aYM!4ipeSUJfDml=P%1EJ^5+le__Q-SMGjb@;xMz`9$#h zH#bGWA97q)#j|HU>zr#>txFUu_7L)$nnDKDfvBp}Jy(9a^%(x=2U*e4<|$}BxKD5uCdJSE2^ zlFKVAKOnF?I5EY%Fg)2cAh^=SD@)(YA}6xEB-uMJC&f6$*(}J#FsU*;luOr6p}06h zH#Nn`)YQ;Y!6cw6DnDJpxy&_Dztq&o#KkPvELY#f+%2!9R9oNIGBPY6xHKiJ#7o~r z+oT||qA;(Rt0Xe3$layPtH{D4IX6Efu*lFdv#7kNT;HwS+#oc^FWuSGz^&LL#UR*V z;z#jtlj6W2pOU;ZpX@5%?D9&J$O>2gVwWhN5aY~X=c-CmKR;i;?5d;+=L}b_;EJk( zq^RP8lH5WMGtYw1pzPehC_m?*Tw~vGi=u)GpF(#JU*p2kT(9!U@r>f(d3i4WB}v&O z!2#~>p^k;&!QLspfzG*!`H?yK7R7mP;UT3#71};dl@%6TA%Q*~p*|*MNsh**p{`+> z`F{DnK?MFUJG$xzMONy22e}q=rKTkX<&*|_8{`<4rljU&Yx}vD`xqq#C7Zbg z=a&=*R{Hp51zMz7B>Gr@VjwjnTQ|KZHL*CA%Pb@{D?2F3-^t6{*TN#Q)Hm11-_y<9 zw6s3h)g;@v%)-4gBP%5!+(O&mz}VBxI5#=6BBQFx#ns>0CBvn%u#n58qM*#BGE_e) zz^5c5$t}#&FeAs%HQmk3H`K?&x5P2u#jPS;+q=@;)Y7%6oJ&_%S0O1i#4*LmGQ%?6 z&nw%%Jj&3`Q`^zq)k5Fg$-~Gq+dDVCxS-x5C&1D(H<|0;?jP|QWjb&F{8XF$c)zN~ zKKtIBS!ch-zmmQ8SwUi}qNW<0x%_3F!08%npTmOhmJSCgxEsPc1F+0lx-UYA!)Xi>45 lSZDtBk)-g2&)2FROf+1xrTz1P)q2DyHTKNWNw7MNmY1wp+|;cMzObVq?frzxtVF6kC&TIT6lnw zCs%nyu8UVhu4TDlsBgGwvR|N|L9nx{OLA0Bx_N0pwy%L}cA-azUuuQECzr0BLUD11 zZfc5=si~o*f=NJCRDQZbUQv;AxTRB3hM8w!Ms{RYxLZiNf3a7VmuYHRW^qbrMs7}& zd%lr*PEuwzmy1V)dwRZic4CpAfnSD!uaSF_uUndHXi!y%d$MJiaY1o;KxI{hccgjX z#E;_PLFu01m8I^LVFroX<&~v=iLS*N=B{~0RiWl#c|I1}0l}W8;laj^A;HO98Sa6J zex9!G6)xea0nUL2NoL+=Zl<9DQ5GiU0U=3F`cB@dAydq4z^PLQxoINcP&C5bP z{Ic~;(?bHviX)06d@KutO+3849i6kveN2-lpJf!UH}drj_HZpWE6>O%^tSM@%nbJ` z%CPkJNG*2F&ntKJb8*(ss&b8RH>fb+%GD37NVG^y^YS$)Px6io4Kpt^GPDS{^fxTb z^e=KMsxk?5^$Aajh)OO7$3R$ZnYC_uQEFmwszRZ8Vsso=x?y5wkb!TAe{g`GrDvF5 zWPL$VQj~F_M|oOmNl9RaX?SR=PnBb$pSh!Dl)JmDYifz7xwofbm4#1akYj;~AD6yM zrb(oeN3M%^ZoYnrqjph}WpHu2c1fXjV46pHRZc~YL3x#7YGh)Bb7i@!XK=2$V|bNk zfMZxc1fy7 zZdFmLTcWA2Pf9-5)A#$?r6OiZXPDIo5*`xZF0|+P2|}T7{^>8 zow`_8Y|ggnC!>Y_D4bAu)4_5}n zZB??gqp2|N^MqW{ZEhh#l9L?V)>VpmTF39P4X{?E*tOIoau4S;>VV zo;lhsp(&NA=_M|i+NMt4u3=Rf>24Wi=8i#@*=C_-`2}GizEzHs;~B-nvvX3MBg6di z%uK`5a`GZwODYY#{c?Rn9W6@}4buXX)4h}Z+yjde-E+#hvciH2i!GduEDJ(P42{jr zk}J~nld^p>l3hJhEkiN`j6;pWeX2r2qg+iUpJf!UH%m^6@=7f?$*u_S&8vvYH86Je zHuUrJiYUys49GYz*4 zOUcqs&#JI+OARluC@Zo6#ekxXZLn^7QEFmwDp!z2D3`9Tu0nZMkV&Cys&8_bpQT4i zPFa1HS8%pPSY@VJM!CDAuep&)NqCr_vtNlzRX*33Yfb>5fvtdDgIBx;(_S<>aM4Fdv_4AT ssh-ed25519 V1pwNA JqIKLU1UKFknLQneMlCs59bZKyrjDMvhbOsqsl9NIFM -HV8eXdPdMJvQrm6vnP3FutvGbuztQ4ETRGsULxmiGMg --> ssh-ed25519 4PzZog FrhwG6liee5jPg965xkHysd0OMZnRDVmfqdEz8jYD18 -P8OoT3trQiuL4PnJV2JWELxultHPap6YymqakDAdkL0 --> ssh-ed25519 5Nd93w bCXAZAZmawgAAIHX0RAODnMIIlYJwLulGECtyjLoIz8 -Z1+pBzLNhAxDaDxQMwrRxsbXr1MwMbzKCtNSXYbCty8 --> ssh-ed25519 q8eJgg nSHpZSbnyCveRm+sZvP8Z8IEof9g0k6Q17o+9/UyA2k -5w40Dac5yxYNSk+5QVMgx/DMvJPas7tIAd6JpNw5Gc8 --> ssh-ed25519 IzAMqA Uvi/qrCNBwpI4cmM/5ohct7QBf8urLa0uQ4RCJtN5BQ -rKauhSYfsECiZcYbCqV7sQiD2BZcZHGbzkmtiYl2vTQ --> ssh-ed25519 uZzB3g x2II/DSbKNhfTfLU6b9qAwyc1tI9jvtnizthdfdQYFQ -zcSeSHC5rTB5U5Q6j1z9OH+F3AWVv3Fd/QdXD1GTnbA --> ssh-ed25519 Hb0ipQ n+qTpgqN+LK/Dze2YM61owDyG+t6r/mxYnmzXynAvH4 -UedIPtFGJUf/2oJSceV7ONsBSAxrlup9p9uTcjO0tRg --> ssh-ed25519 IzAMqA WRSBBb/anTu0MANFS8//WAS9ZZd3CMzVauPLmrsKUFY -vySQ01H9I0WbbzsTRcLkEqFr3jgr4odcD+OTzPHWAkQ --> _J"6$ ssh-ed25519 V1pwNA icye7bxeLugaCuSwMYAZQOrI7tcG8uc9XR5lTYBkWQ4 +HRsRB0GVkMPS0afDz0ybcTZ/oexA7zV9U6hYyyVm/hQ +-> ssh-ed25519 4PzZog ihJwwtlgiICUNgrpwVVKAAcDP9JxPgBmcruW1em8RU4 +/c6JJDzrHwyEelgMaoDeADVD/yL+ptrDdgSSMFceuXs +-> ssh-ed25519 5Nd93w aLRd09zpjgCnj84pFFfPd9FrJGsnemOb99EG/TPe+UM +hEM/T5j4oZI05597dI148eRbRU0P/E02RAD5ypsl1eo +-> ssh-ed25519 q8eJgg dwCo6ph1KTMDgFnJLrGFtzscrHxog6WGRUaPdBOuCSo +WCxgbOjZy9vkgcYTa4t/bgc5qfxlpFOiQ3vtCvb+uWM +-> ssh-ed25519 IzAMqA Q+XUnmVUAstlxgZTiXXGZN7Nzo6G0zgS3jtil8MKd0w +1VFkeEGLZLh+j7e1RJW1iCx8ueLNTljTsxpujkhwBPI +-> ssh-ed25519 uZzB3g FeuGUR8zcPUHkev9PVARM2ac4Ezk9EjO3gWL15kkjjM +W7DXwMWrIKEzs2IJ4MH/diaqkUK+lYE5ocJ3qD26NyU +-> ssh-ed25519 Hb0ipQ +hueeoIxI4+E0bkElclszUoD4ftHLkiqe6XGcMNbAn4 +mS/SFhLfjQYa76qhDXvMijkvbWkGRGcv7HWlszArX14 +-> ssh-ed25519 IzAMqA CLf1vDYSLjW2InHfHCEfq/b7j3zyRH0TTcLSQ0Evmn4 +tuq2+h0UVzt/lTFdpLn+fr5rIYdf8mgdDny8Cak+k3c +-> x-grease +Eeo9UQ7LVOjORlpR2Jf7K6P2OEdc6HWWQ6/Yt//KHWxKStUtMv2fPIHu3A8h8mHl +iQT/Xmlg +--- 0/OGiJqIu2aFUO8vqJ936PvDDNiohDSVkqpsiCxzfiE +Z l.jZEӴFx6M!:zb.tDΊz#:xc}?cF/؉;ˁ"eJM_Gve7ck\E9&O+<ړ+Պ 2Hm \ No newline at end of file diff --git a/secrets/discord/token.age b/secrets/discord/token.age index 0cd308e799489f003c9c1aa6b827210c25cdaa70..f50b0f761e4a09ece5ab3187a808a7afddb00a7d 100644 GIT binary patch delta 686 zcmey!*3LFTr`{_l*q|ae$sk!ju*5ajB+;ulIW?=$HNZH)#kts|Lff(CHfwPL6xQ@ z##R2QCIM0IW&tJHL17_9p4#D+mO+_`j+TW^5mkkWAr*mK-Ug-VB~=#bK^Z|NMt&aY z9vP*^KIvK7X^DPO$)%NrWf@7~8KFjw7UrIl&oYYF`-OOvCr2hmI3|1grib|jmHD{) znk9Nvl^Pp4x_jvBYZq#l`Bj*Cc{urUh545Gg@hEkgj#DAXE}v}VxZE|E!12$y(l%YIF(D=%q_VzLO(UovDB}~%+o#4%{hrn zSGQhQA-FKCG^O0R$|5(}EypZBw74k9DBIjLH9xB&AT2S_#8^8dGO5%($FskZEmbKO&=lpbpWwP?jc^Xd`_HQraSR`{U$EPT8uM4v^*W_E>_ug*w z6p8Ix`s8zfS_FS@}PXKbn_q! z|1{SEe@}fEb4zo5lPvuTgRlaRD3dfNbAPwQkmSHBzaYaP(?HM3@r>f(k&VMXGRpI1$dSj2Rde? zW}A7NySo=8`BeCaCzktyVxUMjy(l%YI8`B4!M~gXBs?S1(Ko7~sL08n(6l10 zB7jR*S689DB+%2cIL+N9Gbp(%!XwJrBeCAdps30_)y*uRAR?&D#nmv;tire?(=wZj z%j4dqt{vyP(xl!UTt3}>`MLYTwP!@0dCdKMl#AQrwWrIZG6utIe)B9`eCyZ_&hfIp z{xd!Ns_uu=dGD)rtW@bG_}JS(|2f`Q3~udC!-f0k3GN$366OW*G8Ee(wQ5FC?h Z*jymcutMP8qo>)~>z^$9$awFqIRH6>8)pCj diff --git a/secrets/dns_certs.secret.age b/secrets/dns_certs.secret.age index fc2ba1a5ba915db24183c025167c24f14be974c9..b0bbb732ffd678598f92e1cf2a7c9b493c575107 100644 GIT binary patch delta 1678 zcmcb~yNYjuPQ6iJVTz}hzmt2mM_{B+wqJySUr%>NkBzPxko^XrMrK6Sye`OIhU@TLUD11 zZfc5=si~o*f=NJCRDQZbxNE4pN3OnQXsWwGrdybIg_~P;VpL>MNp4|In458uab|W< zV2-1SS9)bRS7nZVL8@`GrL&=lc~)SSeyN|QpJ||Pwp(Ucu%o-BbD)Q>tADPyMQCW? z#E;_P={as$hW@!h$pOA;5fK(qe%U!?#y$o4g+}J3mIdDCK7J)`;bEcWS(*7wetg%y#m7AD#5K~<@iPQF1#87@J^PFa?Tmf9x9mT83rM#hel;~B-njoh7Gv<)h< z^$UVRQ`5rq3&YDy-Mx!Lg7wQvO*7m}ip+ET14>fEgM%%&d`;Yn^D@m1^OLiE%Sz46 zEF*k9d@Z%LGa@pp%tKP#eA3MF4Ku5f4U&>4pJf!UuS|6Iuc`_$aL;qDN-1&-Dll>j z^awN0D@bzD_sS~`Gbss+4t}Jpzj{%pks^H9Yh3r5t&w{d&;HcnoL(fnb&!l?eDsvCNpemD; za#IiEtR##4s^rSN;8atmY_3F)5Q{Vmm%QY{0E>cjSIc}Ka|1I&%Zf_B5*Mec3MV5= zk3#+2M5Ce-3v}y(3tgOY9TfsyilTfYoqdCg3v)BvJbe@WGWD}lD+BzCDvcvO%7YD3 z>V4haOLM(^s*1TnvJCRQ!`+HQjS_>*odbg_Q(Yp%3(fN)^~;iy{j+^tEWL_++!70o zLi5qB3w1S1OAb`|DmHiV%M3Qp zN-yU!G4#wTO82Yx4{$QGEJ#c$H1-P0NOAMaPp&jGGxQ2}&W-R%$+onx@TkN{&Yo3{ zzJ-norY6Oqp)R5MhOVVW!3B<<9vS7Kk>R0kCRvF|9*L!ag;gnuQDxeNX5pb+h9=Ht ziTS4Pp#_=AUPURMRRIQ(nMvOM!Uh%jk;bVR$%gJOuHh-+j>f*}lh3n=hkNQrWEWJ0 zxTHiTCYu&{Wx3|0`4zZWre~NNWaL$O<~li*IOVw(re z3bQb>@G&>7@-{Sa^9sqSC{6ZEFE@2d=5kF63Ggt;P1Fu?)GkR%%PEa0D)S39&rK^V z@;3I*%QGy>%*=LmG%hi)0K41Qpvv5>BHcGK)GyQ2**7RMuOOr}wX(uAs64}~#IdNT z%p%{cAWPfF)sxFBDJlYSTa|L zca@2Mwth&MqhF4Ba-eB(WpHwGMR;X!xKl(xNtu_6uXbvfVM=jGl?f;{DHiLd7o{c^ zrz&K{g=?GXC^#l@dFES~`4*XKm!y<9YlnyC)u)+9hG&)fyISUZ!wh9?{46&Ggbg_z~11Y2Y{rUw~i zc?Lw3rE}@(>MEE-I=My^n+KLA7aRE{B~=z?gro-+g-2ziW(6jiMC5uK=BB5ZriPnT z)+ci{zOGaLsJWy^yV(9hWToBt_$2$gB0k!h$u~7DzN&cS`aY5qwFzzGx<6s9+tkG6 zM`m2n;ja4e%r3!P{aah|{|g`XsU`cb&-m(9TvHKlwlVvWN4fdFuMQ?H{C-;k76>e= z3h&QtQCMK7#AxsJKY-W5JMsDS&!KS}^{#(WIumItzCQiURx^#PHb>WYA^}Gq9Mqd$ z`6+x>SI+D`&t-Tw@Jv50bl{WjV&nBW3jp%lMJ)gT delta 1596 zcmZ3*cawL5PJL8XnPX5%n0{VvYJr7&S)q24k#R|~VW5vwlD}tBj!|TKdPbF}g`;nI zAXkxPq_=)fMXF0$dO(T0iFMo_}tnNs4*8XMs;(W^R6&W4LE|rMZvi z#E;_P#zCHCj(&kf`e_-dMgb9_o@E|B;bGa@1tmF_NkQ4}&ORPaW$8XX+0Kz%uDKzZ z`9a3c2348Kj=qIH23ZEh#*yU_9v)G7M&4fj`r-N+MwJ0Bj;Yy`;~B-nbITJA%QEr; z9L-Ha{PF?~b4@IR4gCs(+;S6*yc5&CJbcrmeoe0?&s%~M@H zN<$(owGArseM>^MeM1aFA_}6?{Ve=~ybSUupJf!Uk4o`ODo*q_&Ik(&$}Y;!tjzOH z4$OBovG6G>Ht@;~c1}z6$gXtq%1<}oGR!T>DGw=$$S`y@Ej5TL$kBH!GDfOM<>s0=Q8a?R}(L%GRJZwGn23ar@ZvE0C&SO za~F3@vk;32j0g`dbaBdcRLDw;)b zcSQGHsH<68a-f1`M0#bmcZy@MNnxSzu_8yJ1wCvqiD7esFNOYnXYeXI_+JSV$rD4VeY35}?kr^I&t`?ErX;n}H{Zh=7o{t+3zlh3nAg!%dSR)ysF z_&DYz6}g({R~EV#I~kxjT95r@H4>nB^z?IeA4y zXy>`6Cnvfl1?5zDdKmi|l$#YBgnL>91(lRfPGk`e4-WFu_Nz=SE%tOa_Vz3(O-l-N z4l2tFPl_zbG&N52cPy}UadRv+jdaiE^3V0k4$ltEG%hvE4t5Kv^vuuAaCfvYD>Ke? z4c0D-@CwV$4lxL>Ob<<-e4a%-Jg_vQw8%WvtRTcFKioGo-6=RDKcYfE$TB}X+q*C# z$h$beqrkAt+{rbYtE|d5Hz36{!=fZ5FVs6bI5a6g$uhIbA~D0yve4PgHO(t9pfDvl z**v3svMsB4y`x!jzH_8Wo_kbrfxe?zxuscaBFs zmtT^vzmr+1xskcHxw%U~cu|Upqj6!lTZOB8ka1CzUtXk#zhza3XP$dHD0bB?19a1i zQWJ|)xhz~w%iJoBLo%}SEz`{_D%^sS(vv*{1GwsSb#)aYD#B7-{L>?f!_4$UO@o3g zy)6w3!%UOIT+)LI101W0ay`N-+_O{6^CP*$7{$K)(OJKWdvotpMz3F9x5XB9@tN7| zz4$!WyO zO+t%OZFko{6S|)E+bvveMeaTQ`5hZ){>aS^ypa>2#+(xr-4L|*m80$iXV(k5-&e88 zMsDrAwyJz#PK_SVW7p`c9px;IS9vytPcK{}pBdBM8JQ68cv9Dnf7#Y=l^@#LC2xG# yu<5?B_@gab4I?`Y?Ut!s^G;8Hc{I4%e3`UAU+9Xt^E;m|<1qS@v-{1ox#a-#t0g%A diff --git a/secrets/dns_dnskeys.conf.age b/secrets/dns_dnskeys.conf.age index 37bb0ddcf9906865e5ae84aa569377d955ca7805..af886e5e8025178d0ae357332be198d71ef9829e 100644 GIT binary patch delta 837 zcmeC?=whFsQ*Yvun&;|foR#TZ;p~*C?`Dyjk)Ca6?3d$R=2PXG=2?*%7#5P_TjpyV z$(39c;anD0?C%@plIvJiSP^1YWsvJ!?4DN=mg?i@=oO*u=~<<38WC(3$fawiP+Xj$ zo0?)|YHDbyU=mOjm7lI)nC4XM9iHeN;vR08o|#`+nmf@b}8IqA@m|SS= zo*3YgZze98{51ZsOI%tu}fuYn74tum%q7TR-|*Tp?RT)X^FFuu|YOhXu3<0 zmr+H4yN`jtp;@}Nlbe6Jezt3IzM*A~lX0Mnv1yr4Mn!I*QHIInct-L15=ZyQyt1%T zQ$NR?qGHR?d{@uVBr^{SON%hmO8w#z{hU1aT;p=1e8WJl;7D)7+;C^-9G84=n_dMD1eqQ1UCu@zZxy$c*sv^0e^uaZ8RW^9)Gz z$gU6fj|>hCD|hqqcXcv#4=9L=&^L8W4)@9l8F*hS8A|GU3ovm(qQEFmwDp!S5T4bU}PI!TVWx7X7kfn1Vm#(g^LU~b6 zu76ZPa7K}bVRm|vNwSNRpG#Iiwtkh5qiImSrAcx@Xl1>DS+a+*30Fq(S5IfI2G-(s zLjlokt@l}fm}b{VBp4TUgm#7P{&uUor!9f0>@)w$DeV7c)>L0#WO#K;!_OJpj(2;! z-~aQm`Mr!+YURrgy_}SLU=bc%!TQ;iI8z_a{cq3o=HY-f#=aNSY=APfb>i_!3 rlMC+bRhcicNY_GTt%O6r;MJuMt2=)>7S(fJ!U>N3G?p*0#U{K_2Xyz1kjGU76wU>RIex8lIG%W?UGSk)-VvlAW3B7UmpanxUQU7a8E;8dd0L!li4cP+Xj$ zo0?)|YHDbyU=mOjm7lKQuJ0I@m7Q;q5fB(=;p1sg;^t{+l;)G|n^)%Qr=OgYZyw?3 zlTlt8VxI2GRqSb;omn2{6cTRW9&S)-=$4&a<>zhUnc-O&UX`jH5fmO!Zl33u>ugp& z@uPUSe?+;zQ9w?Jw}HEhX{bw*M__tcMMz0-YDS@cR&s=?k!Mzbp>bkFxuFSHgtwj3V$aAVCo{7kFJnue;z*<9BC}j~Z9}gdi_CPc%G{LH^sJ;nSI^P_vlP?v zV(r4TOyBGb=X}ekkT5SlpQ?(0;{2#AGxJFFP%3ar@yab%aLn?nw_89`QKGhAajAuAs-vNyaavK4XJ|@jqD4@si+jCkacQ2nUxA5FlAFGBVUlx| zlQ&nIvAd^lW<^eRQDjkNQAv27zJXUxky%7(gW`KUWpMOYDWJP+eeq^yxVz`@eiF1mtbBTw$ zXGM~eduDxLUXpV}c(4Ii)yhW;gx!=<{kL_kPW5$3;&EYSGGjU=b9Rs6#C(k&xAI+0 z3SRj+Tl8&;j&H5&|JlD_*BiF>2+&l2a z{Q4qxVf9x_UuK6g9uooKdDRVSbM>&@X!Cu Q@T}D;#ZLXTYi=k30GF>$F8}}l diff --git a/secrets/email/details.age b/secrets/email/details.age index da61998..92fe461 100644 --- a/secrets/email/details.age +++ b/secrets/email/details.age @@ -1,22 +1,22 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA pKe9KokAFCzbKBrCCMG6radw5IJK9LBzcS+DVpg/glo -eVmd4nTODSfkdur7Pqoszw7NExRN1nQcsSu4uRI+Dfc --> ssh-ed25519 4PzZog K91kimvdV4vyA6Uyc70QahjOjYwuUz82AHWWsZj3oiM -GM5MzyBXDWeAVQHg5eAFLXuDFTTLutO4z+uN0Xl9lHo --> ssh-ed25519 5Nd93w 1qmdBToCkzmbkI+XmdVvZCts2ocQRi7cfKSl248IuDw -Z/QW2A1u4clRI9c5lQxaQx6nJXc0QTt58iIARmsIIzo --> ssh-ed25519 q8eJgg hwhQXu6xzLQGd3e1qI3IXttmmuifSPR/2ScN/AWaZ24 -9LXwFckDgkprDf3rt6VxQDYmFyirOYyseXTMs12auBQ --> ssh-ed25519 IzAMqA qwbGMurDJA0KW1PPS+9eJx1e2vLUb8qSl5ILUH31qV0 -YQr7vzo/3spRerYVW8LRNfhDO44oir7ujXvaFXQeIn4 --> ssh-ed25519 uZzB3g +yNkrtaVgPNnz2hHSmh3Y2ZDN+x9zwtPg7p7LwB8PCY -WzcAAKU7Xz47hnKNNQbgVR5rDKeZ7bc7Qy6JJuU+Tmc --> ssh-ed25519 Hb0ipQ lw0+lPAseuIo9Oq8/mewpJ/1gi5FZFI/drH5rd6CpBo -MSErrKNyYSY9v+wAcFmiLPBHHuDsjqo6qwEPP9Vz5aI --> ssh-ed25519 IzAMqA spoxvlYiwkmXGD/F5mnBaqYI6mUSx1tAjhuBkNAjXi8 -bzvspNUiNzynkiKlZ8aXs1YI584AnLHeYd1DXsaZr2U --> .-grease z,UXA^s q}dNt A -dGThn8g1d5IdSncd9Em78/T28IFk8UomZFVcJTc1YsBHcxNHOK+4Fk5d3Inb ---- qA0u9q/9UJEfBOW2F6oX8R/2imQ9XhDHZksqzNZJFZA -Ќ!XއD0ŀ{`d:/#ͻ*507=GM2ID8M0L.:;n:$f詡oPG?~HoE*z/ -O껕7v>=`ȡ \ No newline at end of file +-> ssh-ed25519 V1pwNA /YhGxaH+uVC4EXVNEpY6akQ3cyOFTCvbqnQDobPGbHE +pcRmdrS2h6GOmhiUQmbDncgAhfBMsI7pVc/8MrCQeiM +-> ssh-ed25519 4PzZog dsRhlBiY7h+WrKqU7KlCYQ5Ypwz76uH9AjZlfLwf/3M +wNvcPHNISI5y0eGQpAv2jSZbTbA9C8LGzI8/dnMn3ZY +-> ssh-ed25519 5Nd93w 5z8u2rWibJcfnkKJmtIv/toSUgkJdxk2HiBJ5yi1F34 +jXWyd2UcJgQLKHyl8/SbtR5uKEBPS1TWcSV+uQ6sudQ +-> ssh-ed25519 q8eJgg puPp2e3TvJOmqF68x25NsZftZOjXoQRAfT3d6dulOwE +DMKRvgnqQKJbUcKlFvFPnIWQF48v/AhR0sRG7R01LMg +-> ssh-ed25519 IzAMqA bkxqFYf3QFk4Bg+ax6l2B2/qEC1Sc2v1oNIXRxA942E +TYk7gMneWdKdx9PMJoROZy6k0A9smhQGoenypCiSSjE +-> ssh-ed25519 uZzB3g ouKif0gJlk8Ijg4htLxS6V9kDm1oO10pgoIDGHlnKg0 +TtChPqbY4BWc6320hBVsdjOYsN8FZ7+kK+gAa8cPrXU +-> ssh-ed25519 Hb0ipQ GQu3BHKFNOffCTgN6v/9dciTpSDOPHSD9L1R6OG74Hw +j9r+idSNJR0w6XgVZCGOdVsvsFPVbyc1/Nno4uqBCUw +-> ssh-ed25519 IzAMqA cQNK62FYAGQY9+0YhVvVuKMaqB9IBPLUPCnM2nSUQzI +NOMoBDtIN9w1WlxuYHTLORS2xA//D8jIip4SidBUNog +-> QjVPV-grease z #u>.AWX +ZAgcrfjgpw5J778jd9fRtQUns32SsiEybe/VTFKZw7P4J9STzRlt8/KDn8EJQ2Dh +K22xl+ENBo/+YuN1UQ +--- TYTyl621sRrBSPvYgf8uC3auUXL2ytoFi0ob6+NUSOw +pns1 螔{j7i'WWȖ ˿?+/P\~B}<څwI.W;rFćdHg>?սTl"-1_KzmEܙAY{d0,V8YV  \ No newline at end of file diff --git a/secrets/gitlab/db_pw.age b/secrets/gitlab/db_pw.age index e9da87521c55ef1c1de723d78ba22624ff99ceb8..f9b29eea3752046dff44540dba181b77d66a0c0c 100644 GIT binary patch delta 779 zcmZo=f6O*Pr#{0iw>ZNo#UR`~Jt94)AXD4OKf|mdD9X8$-9q2R(l|8NA~7)6(%;B6BQ(=D-#yC6IikQKC8xsA!%@G~fJ@g-p}06h zH#Nn`)YQ;Y!6cw6DnDJJG$hO`!^2D8+#n;vz$`y9+pQ#DKgihA)VJ8QILs|FBq!7* zz%eMzG}tJc%P}`8$THI~w9>r9N#Ebk!avEhvaF!k!_hm;Bh0x}3@r>f(5mlb0X*p%u zA$k4*#RW-Wkzu(;<&ME=MIj|68NS7)+Ggfa5dlUyB~_kWd7)nB9{z4oX<-&AP6lZi zuI>?r0m)HL243DJ`N<(sfq_P$;rZcTB`==R{ zx#a3wRC;TB7@A~M7#0VDVxS^4G$=tgy(l%YIF&0ZN;@spGRN5@!Z0Pmxiq!Vw^%!) zAho_ESlh=etJ2GI5nVzs~{}doJ&_% zSHayk*flgGDk-NhI5o}0FfS`2+u6t2*xSt@Grv3_qSP45o9}Oo$V`RHxZ?{JZ@lCZQXpoHb$Y zt+S@BI9%L!vDnP(#g^X6Am*wiOhN{W1@c#a_#ao{DAtiAI&H;-1Iw?xcpggoye3K1_0-m6eR!v delta 813 zcmaFN*2+FXr{1_CEVInXq$0DR)X&eUqOv$A!adBmtSqD;KQvrB#mgi+-`L4H(Z?*j zoU1g=pschY-@_w4Gu^$y*tEpZF{{EdsUqAm$2~pJ&p#;2(JenYBRx<%nM>DBp}06h zH#Nn`)YQ;Y!6cw6DnDJp-8e7LIW;oMtI#LB#3?Gh!p*#_FgVCGzrw5_H`p^JInc}9 zLf^^PAS}#+E4MT?FvBF(BA~RyFh3|fquej2Og|^hFgeM|)i@#}%~C(dxxm=dsKU5- z;z#jtFa5%tillV?Ag9pGNH@cDuT(Q1pG0lTNth7KwH#dXH@r>f(6(*S`fl+Rm z`k{W==^iGPhWVx$g%v3gzR9IgAx;^gj{b(>X17de{yyH%Ds zr3F=ngr>O~Se9gDJFB?JAkQGLz|A)@ zIKai1E7Zx$s%Wf@WmAPQ}^W**^@1F3p8EIM6dd)uf zeg3uovo_xT;#cJnp0sGU{;u2H*)B2x;%Ys2_1?U`?szdWwl;ZIq@8Zrk+$C4D?54e zHeI$YbbrU{e^Bq^^-R$V ssh-ed25519 V1pwNA GqVYc5VBrZigD1P2PTeZHBl+BiSBHx3MjQ/yesrGW2s -Ir0Z2I1gpmDx+9mpFLYETbN/72J6OhRa+Xam5Awd+X0 --> ssh-ed25519 4PzZog lV5y35fG/ocRDbq17Qqff/HCj23yLpaQ8wt1N8Uz/yg -2RDbtfUHze8spK8hEGT9s0pK3g9SUkCoSKjrEDkPSHE --> ssh-ed25519 5Nd93w kmyWVWGMtK0sht/D/kPnKNMoR+vOXQ6KLyXGT0ED6Hc -0pnpCvpH35ZoB2gNf3RV0KWlrB1O5oSktQDQFwGrgMA --> ssh-ed25519 q8eJgg DU5OclpWgCMBnlc6L5gE/ev53ZbItvgay6/1VSvLRAA -+GvTP07i8jY4zocrcc61dWkD1KYL6dnedGNnBUyL1Po --> ssh-ed25519 uZzB3g sEOHxoNZu+6WnWo5BN5JWRhjhrq3tUEShi2NZbPBHCE -iGedtdQGopoY/sial7Fb/7oWPdmRfvu6JIo1g3Yeodc --> `-grease N ssh-ed25519 V1pwNA 82JAj5XsvsKT8sIuARe4FTmSiCygEhTive+jIJ7h/R8 +M3U8He0axy2HLdKnmKDyvilT99LQPEkw27FF2hUI3tI +-> ssh-ed25519 4PzZog c45jK9DTUO6sXTbhs8UrUjLIELIL8XVdYiOYZsR/4yY +HS4ng3Sb4J0f9OYHZLmWHWS/c3uetn3w6HG80uZNdUY +-> ssh-ed25519 5Nd93w fBv3U1fx4kIQcPWAMl1xRUeIwiM1+0FpfhJZrHQMww4 +8ANUGKVp5Tpq/wbIgXhpi5cPsxFALOuOsisMEN5A4j0 +-> ssh-ed25519 q8eJgg HTr8SCqna6YrbpdEWdXf3vcR/ohxQStlXabHjZN+zW8 +vyoLfNsO0zW+S2+nIHfB1s8GaD/XjfqnPq/i3G4IJqs +-> ssh-ed25519 uZzB3g f6+fXpF/3aP36u+G1sDOhaQtdaWXwxoW2aWWC5E8X0Y +KRDi36ChFupksZMkxWEnUkaNBgZujYsXEhS7ngueo8E +-> /Q|[]_7-grease WOAZ6f R~_\$m7 +e0+qF+9VouiUjHXF8coBkESl7COpdlPlBQYamcTsTto6CgZUZkYqWQ +--- n0CQNPMTO1iiR+zt+dDvj0FocVteXkclIlI0EXoKV7w +OrPK]PKx>e3rd瞿ݦ9d4G cά|T7g7z +P02bڍf,Ҩ2m  z^]M$ji7uY_lNPuA%<@ c{7 \ No newline at end of file diff --git a/secrets/gitlab/pw.age b/secrets/gitlab/pw.age index 9acc865..e03e6ea 100644 --- a/secrets/gitlab/pw.age +++ b/secrets/gitlab/pw.age @@ -1,16 +1,17 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA U075K9XYj0snoS8koz1EZXxZY8dc+ciBArPWXUX4ajU -iuPwyhYEE/E0LVYnI9r5WHZaBXf1Y5+D1dBh8mL2NT4 --> ssh-ed25519 4PzZog m+DYTH6D0oEgL5hWkexVuAKQyg63ixhm05V6EZKDEX8 -ayufPfoT2vpE4xqPIEiheyRngRIMnC2aiYIHv2B4Tyw --> ssh-ed25519 5Nd93w uUgrT6ANeLZXO1RcpiinNwZyOdsVVEfLu2IfkW7tsXs -uuaO9+tch0/Xmp7XI5OYRWbQ+W3RroLusOV4bFAXa24 --> ssh-ed25519 q8eJgg 4HpnSfMzUb7UThK/xAOuMSS7IihBFcM/n7xb+dnRhyM -wBr5YMfB8oqhYBwwd1+mHspeyLa5LwAtZeogeJgS8b0 --> ssh-ed25519 uZzB3g f7v5ZrqX9Jc32UewHJ6YdjZL5pyoUOwdo16nlqvZqmg -OF5seNh0EQ01ILr5BrjKbvyjWvTdAS8qVqlbrRXu7CE --> t"*np-grease b?-8 od-5Mvl6 u0WJwqe -brY ---- Q0NhfR5zCcYv9ZPe10jNsjnAv+w9mE7v9UvPy2eCmQs - QPV\ !FY~>0F>0sZc+:ZpWR -XsxG=KNmi>;{FS3)yߐPo /ؚ<˙ j[%7xṋgIhrJn56(/fX52 \ No newline at end of file +-> ssh-ed25519 V1pwNA zbwJFS2QBIHZRiE4K5BdN7eGfbQlmRtLuLeoEpyFCFM +OndU3qfYY+iT/nYdOtas7p1dYi39xCUMb1Nj+YVJSJk +-> ssh-ed25519 4PzZog 5aTl6FlbnR1pZpULLw+jlNW0rowRIuyGO/96DXbxvD8 +d8Yg+Qz65ovpmHTITfaNR1htvi1uHpgWD4pLNJSVMIE +-> ssh-ed25519 5Nd93w hhQ2hSlt4zwb3Fd+yn5xf6n/AgYfKduNwfErOl1h0iI +lLDJeVxVHXxDVitPEO1khWp/naBS01PRhghqdwGX7/o +-> ssh-ed25519 q8eJgg 0685al0XDu1n4mW/V8XOissXUZpZWsRY2gwoPaDLx2w +Q4FBE0pRvOk46vPHurWEquxIVmUT8VNyoy1r6NE3po4 +-> ssh-ed25519 uZzB3g J3o3a8ZacO5Da98//sQuBpIesKnRqMTX8sr0utvsllM +PLRxThLCtvk5UStENFzLR1MwG4icX7skmA4SQrrhIiQ +-> mv-grease O \ Y.]cK_N +LQ04Y00qPx5cYrRotw/pR9ROOBtKr9JdruuC0UbPcyTMXImMGmU5rboZ2u269aq7 +6ik +--- ObM3b2VMeI10gASzAkq/H7poz5NBh1eGAKq5EI2z2TA +&K;m#FX"HNZ +y"\%DDw'ܽlpJeQJpKnx;0ZWl?x_h_w1w|"j]Z>9]iNxmD ́mUrxZ_<*49v0;@ r \ No newline at end of file diff --git a/secrets/gitlab/runners/runner01.age b/secrets/gitlab/runners/runner01.age index a8a2a88..1a55fb7 100644 --- a/secrets/gitlab/runners/runner01.age +++ b/secrets/gitlab/runners/runner01.age @@ -1,15 +1,16 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA oqRPeFJJk0DjIFaRpQr8bi8CxXL7U+YJBi3nFQd3KXg -Fp4XHTJ03MedOdxWAUFJrpKyi43wjBncwI2CbQeoK30 --> ssh-ed25519 4PzZog mxa3ro0hDH8i+rjM+pA18pO0TBgS1LutsHyKofrhzFw -Qf/WHL+Azf8cEP0eMO0/u2qBe9e7k6ZSMX7Rrb6EvyQ --> ssh-ed25519 5Nd93w h19z0I935uv5ilOFo12/W7FXf68bv/VqvzV3DefTSnY -1LYZVgojvwP1uhyMukJslWb1KGZgkNmA9wum3mEhqwg --> ssh-ed25519 q8eJgg ZV8/Lykez7O6kIOIFkB1O5vVearQPLtfdUGdmGP07CA -4xXHV/jHE+Qy3o7gadXeRtD2c8oj5i7AbknhDw4U/C0 --> ssh-ed25519 yvS9bw OslG9MLs8PGBsSH44mYmdI8+AKdE0FWIsd8TKCGF3Tc -z4Gjp4tRzKyA2mP4vXEws6aGzhHz14/+qV6yPTPLP0M --> &-grease h<( -jubJmEEW9zZW148P1SXFcn8GXCF746vCe4SqaZYykoB6uCLyCA ---- 67gsQxaQDev5B12g8OC3aQmPC2zQ5i3bKLZ1mLldNS0 -$j jY",G<)UO@Lt7%D2khe}Zs JcR٧6tϜ=mh-K{y4G d6+ \ No newline at end of file +-> ssh-ed25519 V1pwNA vl6hCSolsMTLhEZIULcAfC4NjdQQ6lM1RHolfb32QjE +TdNwIPNw4bLLRjuRDNQMPtURnugRXAkn8mPK0er/2Tg +-> ssh-ed25519 4PzZog uV8JiYN+n2iwNlqgFXdTYq+rd/02N6rfJXWbwGB7RHw +Q3DEh1ZOA988AVcfvD4jS074moLFiyVtuODphSPdO+8 +-> ssh-ed25519 5Nd93w jkipTx2XbXtGCVZkzPcZ2NRFNApwJ/ft+FDvMRGohUY +5f4H1R/O4m3VQeforLh+aScJF+R4tj/UsdrRCjlrC/8 +-> ssh-ed25519 q8eJgg 8IquiucwRvEgUk60vdJF3gZET0GiYjnyDAZn0MSGvSk +itdW6zBWmKC4Nhza7gWq4VKpKx93q+8DyINYzIQ4W68 +-> ssh-ed25519 yvS9bw 1Ckf/oLVICw05X/ExxJp3fZXW3+KuK3QQRzqzjGfDEg +N+czA8yQTRCM7tluIVJsBHKJkA2o8gdOBMcFbRf2jjE +-> U.CH}-grease a44Mf8 +Cl54HCa268vinKDQwl9B/lbaex8DOrLJdwbufhycBEZVGwIhxPQwlmUz3swlhInV +JBoJEpY2aTo8gih6abT2ePpzgL+J1jPfYTe6pqbAQM0b51Qdo9ub+A +--- P7OeYiH+fpWCXUVv4Om7YdnFMh+sUXBmZE6AOldDXTc +Xq 6ۙoQ ">5+NWA?]+/vْŗx;ʜ ^&$_Zv9/8x~%AcGlq58Ppxz55AMv!2X$ \ No newline at end of file diff --git a/secrets/gitlab/runners/runner02.age b/secrets/gitlab/runners/runner02.age index 5037d596a88fb619c721ce76842555b4240b4793..a2974c204df247718474e5061893337ac4d977fc 100644 GIT binary patch delta 773 zcmeBYyU#X3r{1G7*T5nxrOF`9G20|NEvY=$uPCypD%q?+-#axgyTYi{FfTMW)2BGo zkt^NV!>cUGDI&N)+dHtzT;C|n+_}u#wbD5;FVL~n&Ct))EhVZ_-!RhIl}p!7p}06h zH#Nn`)YQ;Y!6cw6DnDHzH7Y11!@xMnq%1PkEj^+l$F0aIGRHI1E2F~S%OuCpBsfdk zrP492sM0x~t13%BJHS&rIm*!8B)inn%{9X@(yZJ)ptLkSEVInL*w?bmFUvS6GQ&B0 z;z#jtzYO0<-{45gEN3^5^vv?mw9N9Nu*&R^(8|JqvY_f(ZpoFV`g!T$ zC8=&Mt}e;uhLO(2ftg8p1{PJR`90Up_0-bRL%sX1Pujvj$-8RhBb z`q|osVfmrjDMfxxLE7mhzNW?@hVDU8mR^CA&oWBXN4jQ|1_W7pxRwW`1Qd7%y80!T zr`>pN!W zWM#UB<`sIIg?fbsnWxJ1-*4Ff-G$#LwN_$Ir1cz|yZcJ+!DS z%Q(3-B|DWXxxhRxzo5XsBsg2!&%iP_%E`|)%swM5Jv-)?vf0;fuUgnJJ z^oqD}cT=@o&CaCHv1`iTd|>O@uwkD{-QScsT^8T=KAh6mEt#`IJM@M7^~Wpuihuq1 z_{;iCjQgDytzt>R GxJv*n@EYg< delta 693 zcmcc5*3ULUr@kyA&)8qz&D^D|)W;yz$;GrlJIU23r_|XwFta=>veYCf(YMq*$Hy-; zn=3sj$F z;z#jt1Jk_R+|@KWZ==dUPdDGB+~N%PY-fGb>f(g^@YV1^SMr zzU7vgX<_-kWkm+QNuGw~#wHOyfi7Wb&W5JJ!S3Eh23f9L`6fxJVfo&sPL+8 z=7D(zIoh6v0iJ=Gsgch50fl8*QJGOW#RiU(&oWBXSGah%B;^>mc)0lb=B4}j`MEZu7M}((28m4m<6eU-tyXJWoTIRTAdL;&01e=uS1i6JeMdg|M zhwEEr7n^zHr5a^gdRc%Xz#vd7T(2lNOE8UC`T=c3xQfI!zUIzQ@G>doEl6C8%na_LXTJc^u cu;g%;SGP0cx{7c2dp9lVyMAi&q{v(q0B`Q?ZU6uP diff --git a/secrets/gitlab/secrets_db.age b/secrets/gitlab/secrets_db.age index 2361d6b25987a8070c27552ddb6f26457a14df5a..1710c1623244238aef76702704257cb70eebc260 100644 GIT binary patch delta 730 zcmaFFwwY~$PJL>AZe(V7UTH*_yT5srf02QOPew_BV??M&KuDldVN_;OhHq+Rae8>A z1($D9MzMdUrFl+TR%K*BR&Y+SZ-i-aSw+5Yaez~WMM0^DPnv&NQe}oqIhU@TLUD11 zZfc5=si~o*f=NJCRDQZbM3zrlq+3y{k5P%Qmt$sPu3M5*kg->US$ctmZ&`L;nV*|) zdRSs$Kwx?{m#dq1kXfahv$mUirdyU%Wnw^ffJLFBsauJOOHe_cyM9unmuFICQADc6 z#E;_PQH~W(rFo7%9-d(p5uOqLX`V%a8Ae%_6&AVLWl2@WmR{i=xdD}ip)SQ-McxJx zk%r}oMyaN0X2Ah&$thlW<$h(^1qJB=S!n@<6$Tce#byDS+GfR*;~B-nlfA>u13hws zeR2bgGxPKFyee`F%Cya+GJ;KAiUY%vE%d9r90StILtFy6B8=U$GIH{b0-{oLasvGe z^oz~hGXwO4eZ7)`GCjPU0us#%!pyV%bIX$_pJf!U54JQZ$;~l|Obaa3H>k)j3o$py zj|z!2bae|3EOgKG4e|_gGVsdHF3HX3a(0d^PY)?iEsrQQGmFg2&rFMQPfT;lPWCYi z3C~C>_6ZM5&2Y5T&q_%L#Xww@ZhBE_VsWZMxN?${OSu=9L3U|YNr78lu}5W+Nrb*H zmu|hTu0mu+pixyyp1!t)kyn6MvPDFRb8%``j-RumdtPR^p_5CvZ%IXDR!EwqBUkTR zFTO^vs9WVGx@Bj!hd9Zw4NEdTEl}hig{?rI+*{OyHh#KtwN!|AmR|;&(>n zv3WYo_S^P}zF?B){HRdNo-u#ax4gLI00t1t|LM+nDvPyG29g~xcQzH%h zETZ&1i%Wgdyn_9Ga$F13ETVj!Ttm~tQ}T-^pJf!U&rD8BH!92x@hJ5!4a_OY4{`JL zwD8D_FxO7^O>}fMif}E6Nb~WJtZ+}}Dh(?(a&$EFDK-gBwJ=XN4z&m?@Xj#Lj`Y$m zDi1RZ%rzNm#Q){43Az z+2QN%y}z{J_pF4F_t{&MB&tuSJ=gdeeKg(5Ci1wC>E1&h{%$zc^LmvFd&tdgk01K9 z^D%BZ>!Wc%#beG{oAAgxi&hJrwYuYZ>evor)AMpmHG&-`f3KN)<5QnbuXM=t|H+); OuF}WaLPHlaW&r>|G#hsS diff --git a/secrets/gitlab/secrets_jws.age b/secrets/gitlab/secrets_jws.age index c80aa1eebd4a6e1ddcda078abbb272234df01c9d..980c302fc97b0b4491df00ae4ce85e817ec43263 100644 GIT binary patch delta 2389 zcmX>oyij<8PQ9nAwsTHZxpA&(l6FYBrMIJhK$t<9Q?9d5hQ7Z?SV_2rOKzomppijf zC|7A-LAh~-SFV1PlZm%;L9%{Sx{HxTc7U%-c9ff2m|;k9id&j?P>_X*Czr0BLUD11 zZfc5=si~o*f=NJCRDQZbcBETWU|LaDMR}-cW{7`4kXu2PVNzOFYHqn(k#A*Cc||~g zi*cn-VntOXSC~a+Z-%nqQW?o4HA0u1B^B%OENu}Wy9@+V2`sTrY1%>%8X|9=t;eJVeKA!ohNkQdYUS=-E z;aNsOk-2#;Mj@vDLE+v(zFy@{#;FyVg<%=45&1?Ykd?E}cpJf!U&vYsZbxkres|+l6af~!@b1w4p zN%twuDi2K3ugdi>^a%?!wJ^6ZHVJm*@-ug=C^WFlGR}+gH_7!$_Ser$3<%1tDh$s_ z)Xs5nHuA7=)UU`f_RlW{#el1sZhBE_VsWZMREmbFO0FqanWJxHxW1)Dc4}36T8_K7 zlV81aP+~zvMPXT(duWw&c4=^=en@bsX^Np~QBt^RT4`ElR!KlefT=-wRDOC@5SL|@ zTTotMp?_XQKu~2_dXRRqv0tR8Q9-Dat8qzkXhoWTkawh;fqrJ7QGQxUatfEOuC9W% zf22`RK%iHuX;xOAVUAI9x>;srsz3isL)Adr{ls{%|zGnZ?%UI%x ztabQP&u{x(^HP=jHeP3zUR80wM{>)RtBWTDuifHaaec2U=c=o*`w!l2KT`dELFCU8 zUd@#T^~Ryk<}Xp*Vf!@Pe&(HT%Fe`bK31Z z-Fqo4uSTmeV^-?CD%ln1p2&7w@Ym=l)!W72yll@Vkw#yq#^Nh59VzQ#{yZft>ro}~(OV>49#ppb|yxD~3zpUto1@~iL)J-%N z3;CQIk>%A`fB4kQJ6hL!ig!Kfi=6DMI6YFHt>nbr7xnw=B0n%L=iXxJCi8Zch1O}m z*DW*DiqkT5gJ#}Kv#(cD_-SOy6k4LI!TCz%uSxM#VTa;bmRw(t1*<7;)o(a6NoU~} z;r4>9k!G?%hq;;i^D54*p0jj;)|;mjcTbMIDBtmHh2}?57mJGbFFCocs+`k^+F$a; zK;)m5+I}^k74qkHnKV5TYuskO?R@ru;C$C>8s@1OShDZP zMoxQMGDX?JW}jC;VwHT>zLGM(ybPhf%g>!3%Y5O#eDle@Pu{OYMD{f~?>}`$wE4pH zBu;hrbN&La)P5YcbJ?T2S5{YW7N1>%l>2_hO>eh?M+t0Sbyvn63 zk7QRB+TIn~Hg#z_6RV?3YOJEtPL=xd{i4^V1y;N|cq4ma2WubS+R`v*+uUp~rvJZ> zD@dN)uVu}mHbb`lNVtvmF^hTIfA3y+=d9kNh4a%N+WR=jUx;`kBR0#bqHizjw|5^7 zpS~n)={0p)=YisxvZjk{e~MmgIFdbWfA%ci^0mJdXP$psvqMUzuyxnl|L;3~9^NA( zom0O*V}@PV3;7rR8?U%5*WS?MByqz*Xu|TA+!brvn$k4cbRXXODL(y`SXA4m8>e@0 zM^1TeWK)|g$GYp^%* zr@npF&Xf9=j!H!fdj_SyPTm>1HE_?0{S7W$Vi6{(^?H}17Op&ctKrtRMG22R1fB@L zaLS1ayioK}RZ*TX$gJ#M({O0)SbH{dl#l?4f{=U-ApS<7H$Z47F z*Y^CZjhow|pWS~L8fVx2#eDmkb@B^ehZFf*UX3bNXZFIj@tM2*F|7JD|TYc>ngFI%x$yXQc z^psVdZ9kpkc487s*6ufd7$?sW|M&Ha?AiTgcXgKSzdjrU#Dn)hzksR z7B{OqH!5WIzrCe_LSGxWLp(pHzfpPIY4Gva{PpE|rdvyeKWd+6bzD{7*X0*+`|v8~ z$*gZTX@5;LEnBcCZiD%z>X+|=)CHEzkA0&Z@FB7wVB4g9Y&-6~iCSsoV!1W)Q_@?5 zFu~fbN_Rf*-}L^%XU2!(S}XeU?NqsExIejl>YRQ`+->!(pUkAEYdEX?n7ui1O~_Us zO=0d%t`D)V7+>9O=HFZAR+4gMTWY;T*R`Uje~%~@YEQDhCUSyxN#yz3^6-mh%by)K z-zjNs{$^_!2g8=dXYZc*pi)nxzP&n@2J{i%h0TQoiXO>fJMnEA)fd*7MXDw|JFbslev zuaCO6Tr0if!iBAcQ7?WQtW%9X^6hb%{Ub$w{W>jG#?tkfcV{y_{Z{JtEw8WWk#Xk& zS?|kcZq*VCnwvga`5&A=>$aMURC2=e<-h(`KboELz+PrietOOE`Hnhz-b-_5TGKU{O~;|j4fM*%tKK)=s_kI&=N z-@S2fVHf)*r~7Zq>RnX4dR1G66emS2UnZy##`L`Y`kKj?h2)k=G_G89VAeTjPW~;k zJ!2PtyUVt!fuT;N<+1YgvpxIu#56Vj8oyMPbyQfpiDz!FY)41+)6~xwwA4$N>6E-( zxBPv@PBZQ|Djq(DTt{XrJf1my=KaK1wKWUV!Z delta 2421 zcmZ1|d{B6TPJMY+Mv;qlW=3{$eyU|!T9tl|cUG!Vioa1xSc#XDqi2Lia;QbRhre@X zAXj3kc}_)cszs1@ps8oFPf>W1d2p6@Vy=O^L8`NBMwEejX;HX-R;j+1Czr0BLUD11 zZfc5=si~o*f=NJCRDQZbd78J0f1z7yX<(wMxr=dNxtnEaK)82cSf+`7sYS9!Mx;ks zagd{DgmI`i5Z3N`XQmFo)%`7A%#gv0jU|@o+$<;KKa>`;~B-nODr5ig3O}K z%qohFebRFLL$X{ejZEB1Qlb*m%0ex@yrT5OlKlhpgF`*JvMo}aJWCTzOhTL^gZzS1 z!%KbLyo>V8^SmO>Tv9@+N-Q%gvdk^KE3+aepJf!UPY=${E(mmY_Da<*b4v;;3^UX& z&v1(hjz}!e4-Kg__e;(w2`%<7ObZX>sz}y1FU~b7G0smm%&=&dJX%aZ1dn z^fXRO^C~vhw#Y9jC^60l#ehLXik)?cZhBE_VsWZMpsQg(wvK{+TAo5cWj0r^c0^uP zR!DtmUb1V2fqPD#c5HyH9|5hOt{o zvSpx=bA)>smvf4#mt|Obo}Y7mW}$w0Wk|A5rDbZOXOvlzSwNVJp>~B+K&YEvrf;B= zf3jz>iMOSXZ*pl`qN`(MM6QQ^7+02Kicvk6uCA^^W<;W&lci&&OGKo5PEn~-h)02! zc~M$aQCLd3fnj!}i>H@UZb?C8rF$UPZ-(@Jmv*ho+FPFGyQ5>9?#d&@Y{9DKi+tZ6 zcY7E3{oyP%0fv1F>jd^FNp0S{KEq-~)YZGKE7rEi{ylqbjqq~wh&gxfJ?_#pNtrLe=}jln@^6$fm2G`5>wU`$hNgO zwl;b5AKkii&E9(nA0PbI)^*7gDJcJ|yHh7TYU^sXQ-$xRiT~K=%Uki`V7maf^~KA( zHmK!k9@UTCRJGruVU5rfiSoM(Wwx>_#)wTgU3H>DF{NHvFsJo&_0rcS^E$f@>}kK7 z^=I;4>(@T~nni~%6>^^lm~6`*)meP)R@fgG7cGx)&1CJi^s4E;w*{}CC{2HInJrlI z_*!kVMNCS%>kF+#l!X3I)w+7TWs1t`U-tWTg(4pEoqo%Fcyn8>(vEOH@6zrb=~?>6 zr|sHWEX|tpUVc?deF4MCYn%di_ZIB>_e1!M(xTqaywEq#rfmqFAdLA5_0}ZPq|s$f7GvZ_VWA7Wx6#@E^hcJDjd!f;o&D>t$dE> z*HaeBi3tk&7Iq=L;ZAe9lwMqMtG~DNoTSJ(-6ggMwokp3yDh#%%^|8jFumP&qas6C zzEqn4|HpS1yG+=c4lF6*ZhyPM;_AxB6{p^{8}{!A@MD~{R7vsH#Hl$uckoKLzdTv^ zY0W2zp0#r?KAFR^@9^uuLx0+qO>(}Jb?yJOvICDzdAn^QtF_h@MshRF&#l^Uw)DD> zP2Z7Z(8ld!bKBS6b2WHwc3b@aFJ$;9 zyfvWI`pKgHJ5B1B^>!)x@9Hz0&6^`x&{27ff#ngq%bkX`}$SHnzcSG zxOV0u+h_B#EA_ALl)P%NtUg|Nevu$+ck+?m9me%PU+&@lRC2_?u!Jiq`|oqlFH28} zOup2lS$03I!I@o}cL{6C+LYDJ23co0uc%HlYp4~^d0(LS^K8b8oyJ0DU3cT>JmX0| z`$*Jdah~mxm0An6;(m9wFeLu}yH4%N>@6=Ys|x5;{5;_KtiH;{vBgj14e$M9hxVPG zYVgf(s~HQgM}6nkw1XiFt|`207J20>7y7v^-1`-GW4T4$6+73k=(~H*onEe$xMTNJ zw_Ep4FKA0TtRBJC;=Z+h<2xzUpPSxRPCC?c)}T&Jes9o$lMnCKXltnu&*)Vin)1DRA#1vRJ?$BlR{$-LfPjC4%&;376%n8<0-Y3-Y zc%g)q$`6Crdsi%wdD{N-xDZc$eWJ|H6K;zVXnO7zL+o3n4{%rM+jeKGpdn!EkdAxv>B=Xks(NUh&t zzpdigj@>UVb2^uFv;`@}e0us&?BZ3A$86G1>%XS&>a{k%qq}~eP3!OaojJitpC;C) zI3&pZtm>4XQ?R1>*qgi~3O0s^3qr*WGICFZua9jp(k*+sv3r8U?AKo#J(SE^f1C8q z5{f-*@=L4xmJ5r8z^;ID`#X&Dm`$g%IOp2O-F|*t<1>5tj=Kv)wb{R&%t=vQVPz@O zsJ3E8r1Cn)mnKiWuc;~qyy(x`a8Wv_pLx}T`rW1yirc3~J@yPb@KAVK#*fFh&D{)6 zxeM-W?lNgV#5!eb+W}$TB~M=OxoGTt|ElO8H95_O#fyH=4|15bUAerSHKun(tAy&j zbsx9h5$BMU5jr+Mety`T);F^4{HJCz*9a`ya-40>r{95F;!9?|{MGjL#(m$ixeb4R zS_iXDba%7PF^qa({kQjh^2YNMrV02&X7N9}9Z;j1)8J5Qq|xPO%ynZfm+f<&=o>Ge zoZFI WebE(n@{?3{pW149{V)IL9g6@Di#KBc diff --git a/secrets/gitlab/secrets_otp.age b/secrets/gitlab/secrets_otp.age index c2671aebda54bf1b2343f304b67cb0ceaa5490ce..cf31299ab1777ef77a5e7d0d4b69147923725d05 100644 GIT binary patch delta 735 zcmZo*-^n&Xr@lP9v|QgWvmndM+{Y-iJTpz(#4J6sD9h0)FUQ|J&C|8gq{2JgBPh|) zm&?)7JG&sO+*!L+J1p6wz#?2fG{w`az&*!2M?bN+&?Pufzqqg}Hz`6pl1tZ4p}06h zH#Nn`)YQ;Y!6cw6DnDHz(Z$gqGqTdj+cCg0BD0_<#VygTz&k3;E3_y*)7jrxJKvzR z%qYw;+|whJE7dW{*DXES%+0Vw-z2=aFg-0TBP%ao-_^u7CojM#HP|q~DJ$2^+%PwE z;z#lDB45v-9K+C%WM`9N-x5nl?b0Icq@n^BuZ*HBlaRDTudsrQeO`gy57e!-RL z#{TAp+L@I`DdGCYMjjz$Ma33b5$2(OQ33j8QK^Pu#(~*frMcPOKK|xjep%_o<%Xdq zMuowV7J+$5MwynT77@-)mj0Q!DH#E-sX3F+FiOrS1CwXfJBvn{e86`(m8H5{DmF4Fb zyP4&NR)!a6IfoWU_>_Ypz$VGUC^kelSvS2XHL*BVp&-ypsm5DDTi38sLDwmzHd8|( zvp&7nz?zFoS65fTBO)s`e_D%@%D4cjp%M#A*Xwx*Che>cxo2rt!6@c3l;ym;3JuPL%#?$d-OnYl^Z zuh!K5t$s_sRq}(vsWUvEWgY8fuk^hB!sT*)wcWLOd+ujkpK!(U|GX;2opndgy-#r4 Wx}sQ=vDdPP{odkB?;8`djsgJ4{Rh?n delta 807 zcmdnV*1$eNr{1!{#mmdWu+%(E-z*|CDKag>Gq1or%+=G=Am7*1#WUPH%QMh5!_zD< zkjpVBGp$75Eiu(3z#u3%z``=B$W%YABqBf1$T-a`)GWBP(B0k4z&~6+n@iVDp}06h zH#Nn`)YQ;Y!6cw6DnDHzGtea5H8;nk(lXP@$;Zqr&rLfZEF(NLytu5uH8RPqBqTFC z($}rfJfkw1E66;^z$Gi#E2lU)%``E^Dc{>E(x8%f#!r;<^sFdu<@r>eO=HZ22WyStp zL7~Ye#YQ>B7TQK$QEA!XLEe?#Zpj9T$@vl99>zXtDMqebQISCbsRjO}nZ_ZNxh@4+ zIW9rDrQXRFC20|v<^fR^ex=3f6@KZ-`F@knFiO;C8JkA=WkwW)CmZRzx*BM^`TJ%? zMut{a8X6f_Ic4QqCOefHgz3Ax86kx@lwE&%b}J;F{uX-;Tyw=lpJv$Xj@N0stED9S#5h diff --git a/secrets/gitlab/secrets_secret.age b/secrets/gitlab/secrets_secret.age index cf0f4df3d1541d2f4d98108cb3b5b7264dfa7aac..e83ef26e6aaeeb806112f882655845b5cd0bb6dc 100644 GIT binary patch delta 769 zcmZ3(c8hI-PJMw#dPzlrds?njS)^ZinVYYEK}2L#L~2B!wy9A`k*}wdeyO9gX{JfK z1(%1Hae-NRl%Hd|efqBWMhJJo#9udBk`PpefmX)FU{(j!h`Cj_QK~4c_d4>jDE*>U% z1<4lfemTaDY2iV|nT6h^#@PXB1ySA=iMfTL>A6{X-Vw#_>6wm`;~B-nEevyVN+Ppe zD}61)3xnPK9E1HG_5D-QoJyk%%7Q9Ao!u>+EVa!dQ=DA6!aUq^4O}w)b6qmDgT34{ z@=8m~Bl43xDss#!oQ-oM{R2u(T*@kn++71FpJf!UPpmAC$kKL7&o4Jg3<;=kDseI{ zPONe&D^E5JGfMH-H_X(Isth;EE%Y$qN=vFL^)bwe2(btb@o|mFOsT92$jC3uPBJz2 z^YwG`txB#cGI1-*2+8pU#Xv!NrEYprYGQG!f@82vmY+`umrs^Qp`)*HacV(vd6<)D zjzPV@wzjrYVP>LHRi1~wk+xHwQ)G&9YKX6io3p#2XG*1SkegeHFPE;au0oWfV_}4U zuA{zJVxfm~a-zGJo3UeJxDj{Eox2mf++RJuT|Rqn z@J;)<4wc(|raqSI)Vy>5(!4m2j|~&2%Y4&YlvPx^Lf$>0s-FMx=I52QCqK@Mymg4< z%;_J|{M*k5>H6-Oa#MVPi8Y7wz0=DbZ=d*N9aI+A{jkn9Dwi|vv1F{tp%?j9DesK| D-Tf34 delta 723 zcmcb`wuWtjPQ6*GPjQZ+Tat%KMvk|+Yi6QRg|VM`c43HFLAr%|q# zc|}29ewBMZmy4l`qkdj-X-Z&Jpr2_$YEo5bRe4ysNqIq(yP;8zW43vqMO0c)hDAm3 z#E;_PrQW&aMecc)6@kJ2kzx8NSvlT*;lT#3p}9GhWuX@N1u0%Wft3MX<+%wUWFBw<}OYpzGcpCMycVxK1mt=+9vv$iLQ~}W|>vl$)TQ;;~B-nQ=LN7T|!J# z3XGg`J&OX9y-b`OwM~;;%$*bUeLQ{jlS9%&{DR9vbB!Fiiae_V^D0WrBRngrf?SiF z@=SxBs?1!uZ6yhcAP z|1LHCJ0<9Y+^#K`<^DWS_xfJ7vuW%6R)3c+DF!p$XET>hoyfa&>L=;=GfCHdefask z%6|EaPTll}yXCCFAK6lAkG*=i&5|2;2k^x;6+QDRbEpmdJMUt8`-6-98`9e+?wlQZ zSWM?!{Hz Kgm>NCus8r^P77!N diff --git a/secrets/ldap/details.age b/secrets/ldap/details.age index 2f6e58628f739ef23bdf08eb47af1a636ca2322c..7bebd5ea8a69c02c8072dbc32dbfb19fcf5ba327 100644 GIT binary patch delta 1223 zcmeC-KEyRar`{l}LO(6Q!!)xp*Vi%6IM*mSHP6Y#AfzJH%-OfnAh5{EGBDCW-(5eW zn9I+_BO}Zx+cnWJS>G+wC%vS?JKLu+BsDNY-zTHgzbewxzc|Uuv9KsHl1tZ4p}06h zH#Nn`)YQ;Y!6cw6DnDJJGAqN!H^3*@H^4QrDzhxP(k(F0FfuFB+#<5b+`z0T)xtTc z%F)F&)W|iN%fdKCUq8~>FTdP8!>rWQ$lu+|DZtSsA}P2q)FQ{lvn;iuI5DHVz`4M4 z;z#lD(9o*l%&_v1VE@PvU!&yk2uIHp*HptqO9Qu%Dko>dRBg}j(gKrGlOO{wCrkg* zfV2QF3*!Rq)Iz^vSJRL{*Wx5Y_lV*Gue4IeO?taCoW|iJ0 zhQ8XxkpWIQ6~<0!-d?7O$=)H6W&!3E=EXjxmdVbRDH#@AdHRlC8R6#o<;jWRu9bPg z9(jb>FH+vX=di$DG}MuiHYG!nURyvFiO-L>t`etnEAS-_&Np~8H5xTo9R16 z1Q|L;cvf1tdpnw@1bBO-nOdfLXPai0i z_V)`hHx8)^F^MX13U&|m_3{fY4fFJ`Nb~Rn1(ULFdQoa(ajJr!f_k04ZJJxGt3tG; zF_)#gTexwmZ)rhPBv-wzuC79;en^0eM~b^kiE*XAVW_)ngkywTR&l0wQErf1l%r8t zda_wbPC$rHUNYCA{@bl@a{Ky{UY>u&x(9k`MH(|KxLA zW?hB<{7(nDnI--kX`D-zs7$JKv$~w0w=(}o&^7y$dn_t?MRZqB_+6i^y=I#7(UmV} z?>xQLZ@aHf=LG$b#tn8dLHvjM@AymV*iSXr{a^L(%bk>{%>j|~zC=Agbbp=5zL!O; zkI$|Q+QfQH%PlZ(ue-(j$Tjmne%L=P)|c(9=;;?M-DYp5Xur#T_46fX*&l}QE5lk3 zl(I4%t%%*vsZs3I<*j$wIwE809ZkiJVYLkISBjb0t1nhF*NL?~Gtk{BAbZVF?`DK& R$?t5FoC|9XT)BE>E&xi9w!Q!W delta 1297 zcmX@a)x$kOr@qQJJHyPNDo@|SKglPf%*i6qQa?X2+$k!;ugbAJC)Ci)!aXwCCDJIT zn5)>pB_OS`!r3L!&9ox9D6Fz5KQGcG&@j}kG|1J_KQhTDJwrb{EikYokW1H2p}06h zH#Nn`)YQ;Y!6cw6DnDI8ztlOmz$w_hAV0({v&!A5#4V-V$JIH*(A2}o$fPi-pvX1V zJGH93s36^yD@xz2Dm$;pEU4Hb&ojs@BqPknKP@vfDL5)z-!#a{Gb5uYKg`1*Jl{ER z;z#jt|8RW+lfe8m!-C4nDo4)}f9JxKim1~32=5@X0x$DiM{W1y@)R#45BE^6!obK9 zXOryQlw#LNLocVivPgf|OpjtSCrbnUviv;H0@Hwq(8|bC_X5w!@r>eOr9qX(&L;VR zRpn_Fh9y1`UIzKe*@cls21Z53nW2V>ss1K`<&Ng=1?2`@CY41gk#5C48D*)t!EULE zZYC-2;T~?8!39x%{>fz~UVcVKSx)6uQ5BQVFiO-{=B69Co0R&S<>eXVhq<~N28Jd@ zW>&g}c$j!t_~lm`W~2pr`5Gse=eTmEy5|ODr-X%=I=O}V2bva!R1}t*I{Jo&r@H1x z`Ifl^85`xghn9yW`h=oKKxtH!lX1F2n0Hlhq(_*qcW!c`QAvThS-pv0jc3K<^*+K3}8R_2HZb6ZTkvUn;W@aUxWhO!H##yPs+Ih|< zzLU=~iif*orD~f+`h@zGSCkmI=VUvYB~=tg738{jS_TTCZz_21n6f6T6!3U=NBYZ85n09hXe!%r$y!#SycL46y=AQCWFkbclS&!c8|z% zOfCucEz{2pGR;nO3iMAi3N<&63d#zpDDVvP2rt(+4-E|E%5pYMvnbWh4T>~(4A!o6 z*Uv69_tMV`NG>iaFwTiGk8%r74Gl{();4nl1yez_ZhBE_VsWZMnYE2qh(c(sTLM=^ zdZ}4%Xk}1-MRJ&7L~y-lRz$i%ettnXnu)KGvv-(bS(ulnr$?Rzm#(g^f=QyGnR$|XL3naR za)5biXRSLTh4i$v-RUa)iZ>ffrD(Lc;I z|6`;{%ITuG)6VUY2fh_J-4{IkNhEpAT)D<|P2vp>lQ+xs=!!hkja&TbNYoag%`u6^ z9J5u`x5e?S?qn}DbKmNaKmV?cA|vikX@R3}lyOA4WpG|l zcu7RQez8F$SFTH0U`1hKmQh4xUX(#_fN!{=b82FEX1G&gjz@{HPqAydN2+VNb5fwe z#E;_Pju9o5VUdY}Mn0~dzD7lbMHv=JIe{J}riO(sY2|^&iJ6|JK|y8dB_8=)#ldOL z`Q?Ub+2sY1r6ES)ff;U9rKK)~-kwE42IUn_Md20x$wdJ{&c=?D;~B-neS(cL6Eh=1 zJ^eD09m@=j4GRoI(n=}={hg}xQ_~6zwLQa(NK z^i53*EcWwsDR<5-FR{o+kAc#tDktM~g>b{ffb0Ul>>#hwG`C!rO6_|0{BW<_@=W7I z)2ssHpzz9&Oz+@;0Bs`=UoJoGysYBlz(_yC65rgk$aAj9;?;QU1U0jW_a|7Kf z>vP<~!mB)T-3_?>!pjTNa|`o4eM4Q`Qavj3^3(FP4c$Xhjq?1$J+&kKQ*&}leVolR zGCV=ng}b^Ys_Ui~r6v}qD#R%Gd6t^w+sEW81Y5_rDuwEC1xHny8@d(bh9-uF<@oDmVs(oB5Yzc)95NyOtEE zyXGYsR~RIvnN~Q3MkYoXq()Umq?IL`dRrEib9vZH3qAX?;N-Mv?5+@Ns!KiAYn)=nLcA@wA$DHk% w+?hJhB!12CY;+Hlwpx5T=EF<&qkF|er5*|NE>Brz=g4GZvVXpCta8Fd0Lrj&rvLx| delta 991 zcmaFQv5jMbPJN+whNYi@msw_Ej=#2}k+Vx_P=!ULWr{&skbjt8gjs=KazIjsbEscv zAeU2WvVXcqZoX+oPJnxalV@ePQ&Dk5Ri$x~k-4dJc!XhTq@lmNX_=o_D3`9CLUD11 zZfc5=si~o*f=NJCRDQaGuTzkJZen3TRf?Iuzf-P@k6V>jPI*?bOF>?#zP^z`RC#Wt zvs03rNnnHlSFlrfxTl4accpuzzguE)j(Lv0zmbc+e`a=NVNPUTVuYu+L7qvtv8AQO z#E;_P9^Qoo6($D0Mu9<*2EGR69^tNzC5|N}QR(>w-X+;p=A~J=LHUVhW{#d*`Q;{_ zW+fJ(S>8!W{*@snruq54;f3bzE@9r0#?F<785toiIi-PK#!l&z;~B-nD_jfwy-Unf z^@|L{l0rkWL)>#S!Ynf)L(BXv(*n%>tNb#9^~(*@(?d+S%F2o}BePOn(p)pk{9TNU z9IGl)ob=62{7QX8eVi>TvO{y7DqXY6g8Z^4pJf!Ucd95$OH7Q)D0fMB^-DD=Oic38 zH%=~a$t*XDD60taE-Ws0&x*``uME+4F)|5r zPVvz9^2+ooF|RZ)NcO>qfzqfdC*yPl6AKd~XJeBJHv@fF7w^#IzEq z43B`S9Dg%|z)H77kBIbSF2lTtz>s8@iU>C!%doWKoFq5X(A1FRoa`dA@=)KvvMi7C zz=}+#ye#8L^a%GzGRQ0lRLHUP3@r4@i%9WIPjXE5t|+d`F*7eNiHy=tHA{2TuBr^F zFE91*GV}}%a^(uvFRsXoEX{PvElqOCE^sjms?x43t~7J=2?%s{_VRZ%PVp}*@^MVf z$p={%ub%FapqpNlnpm8w;9uphU~itI?GTWpP+3@~5tPN{mlEta#k=2)Jb>*OC0YEwA9=uG_Qjoq!p$rW#K|&+KDf-x^ZC zY^t1W`;hPPvLly6rT4L_uQ|`gw{-6AnrTcYSFhc6OXzIovLioE`aap_f8>U_=9Rr+ zZu?{MzdRITm>J37rN3)!q3&;+8vnOHq+UPXJjG{a_w2nQQePUMr!9Rc|GU?a>Bkg} s7HRL|O^0V^>n0rHojOZwQvc6~<=yXPpM72M_|cLptF|WuJ+nLy00;MFX#fBK diff --git a/secrets/nextcloud/pw.age b/secrets/nextcloud/pw.age index 7f4cd79..cbeac52 100644 --- a/secrets/nextcloud/pw.age +++ b/secrets/nextcloud/pw.age @@ -1,15 +1,15 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA bLFxgzED+oCYOfqByMy9WllpYIxho/qPSAzkVSYFGR4 -xdlDLitfvjl9dF2rnSNxoBxtZfgnaBF8SJMTwba2GDo --> ssh-ed25519 4PzZog pna2rANsjRg7RLlL1PxpOIbBt2/FMT6ltf1hex3YHmY -bimAs5pb1aHlaacoFES4achRgJ0Ruzt5uiLWk2VYHBk --> ssh-ed25519 5Nd93w htlom17eStA1r81wkgP8xpCRJdmQVu3WUrLnyrr7whs -w4+cPw6FQZ84NW1iNrUP/nJzuzC3yAtJcZENMO7ZiiE --> ssh-ed25519 q8eJgg 0c4eANNmuDzEVOXlqpF/gbnq8JbQoXoQ+WR5ohM5en8 -PtTVwCNolyE84av8KF1XCn1JIcjpiqtq9ZMiMEBXlhM --> ssh-ed25519 YFaxCg tTofnFPsisgly9a2qBJ5R9lvnZ0dCv3+Oge5rKCzV3E -XGOdyhjjSOEsC3Jx2hggb+IEfDN+OZ2+WK9mQrsgtiU --> pNion/Ta-grease $/[99y1J T\+^* A]BC(c eX. -/I1i5JkM6WaM ---- KmqwrhR9THhT2MURE1H8C2uTtVvTmH4wdIkrZQhXNWs - $"KmلC@iibTv ǒ` {W$ÿtcLTtE0q ld3( \ No newline at end of file +-> ssh-ed25519 V1pwNA DqbnodZkTmARvGsqUcwZJ6Z6dRJw+Pc/u/OyvLUXNlI +ra9Q9EprYEJELcQi7yS/2+AvyrEDehZ2XjIE4SD3K4Q +-> ssh-ed25519 4PzZog 1bLboYJt4kTh2oYIkPtBWOKyCdQQYY7Z/NMhdWRr7Bg +XYX6Sj2dfHJdVr52vy7F5SLNudmPw0l+qX4VXkxo5Zw +-> ssh-ed25519 5Nd93w 1V+Zb7AmYGLbBnMLy/yEuC+vUdWq8no/X6j+7Zykbw0 +Cu9av/RkbqGfE31UO1HobDcemy0C52WYt3F3ZJuPD0c +-> ssh-ed25519 q8eJgg JkrqxwHOf7vch7sa5iERrPS6GtH7SOz6vkiJZ9iejhM +G0OBTxAN1Ip3vv5loXQPejnv25tK6Xu6xNqYIBQch0Y +-> ssh-ed25519 YFaxCg ZjtuzeSNBZLGykOpsyxmeRLF8GE2eIhZBhn84bN8X08 +WXQsIs4Are7WVJhkDafrMm+FwyWfWTOHR6JYUg7nzPY +-> O1CHe-grease <`%L +yfN8CioGGgvdsecROJgtsRw1BVyHtPcNgKMk1bGsNry37eY0/8PIQA +--- jVQDWIOkjduvoYdMFhEl2Y8do4IsplwELZ1N1dlEv2E +3>pN0j{ҠqL;{{%OJ_ά3NR#4 \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 42180ad..33ecbb3 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -12,7 +12,7 @@ let ]; agentjones = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHOxA3uYcqS5gTrG1hS8XXwehzQYAI2I4iULtU8cXft root@agentjones"; - vendetta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINxTrUPZPqttuxfmmP8BTACTAkv1yY1nfzEd64hN4LT+ root@vendetta"; + vendetta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvcxiSYE38V1IopHj7Z7ZWP1IqnskYCdhj8yCQohVUM root@vendetta"; vigil = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDsz1bjNAThqwF48dKIJGOECsCKHTj/Gn5Gh9XyzoSO root@vigil"; galatea = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3Mke5YtaMkLvXJxJ3y7YAIEBesoJk3qJyJsnoLUWgW root@galatea"; optimus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqYbbWy3WWtxvD96Hx+RfTx7fJPPirIEa5bOvUILi9r root@optimus"; diff --git a/secrets/stream_ulfm.age b/secrets/stream_ulfm.age index f0ae4c7af05522671e44683130c9523bd60658dd..f54977814e3a8f646f157cc35e626f80f3a65b02 100644 GIT binary patch delta 2813 zcmZ21eq3yVPJO;-s7bL$Nr6R9R%BLKa9(z$M@3*jWkz;!p>|Gbv4Lq;MQNIMh>3ef zGM9UpOK3%ur)gnOa-Nx|eolF%qpL}%cZ7D5N3y9wfnjmBqeZ2Mi$SunCzr0BLUD11 zZfc5=si~o*f=NJCRDQZba%s6?wyU{Oxp%oyWxFuxmTpg z#E;@({wCSQxuyo?+LhUk#TlttIpu*RCi=y0#g2vg+5T?nCSk^InZ79nC4mN9Ua1lK zZsrE%9)&qhsR7C6QMsk1IYlWx`Yx^oUWVERS*8(2DaQJF1*VhZ7$w59OU%-p0z9HT z%S@8eE7J0{Q+)~xD^e<4D{{h}Gn`zqQ!N91@}ttVor<{v%$>dcU3{Z*Jqxt`l2ghm zD%|qJT+6bYjVvqmohmX4OdOLkLd%MxvOOoCWfZS3^^9`V_N#Puu5u}k^r$on&B}^! z&nV7GcFRxlF$oJYbn*_3jL=UDbg|%aFZE4yE4S3nFfg$+$<9yqt#pp?%}#ML_AIaT zFgN!13W-W7GBR*3NXrLBK!t94QEFmwDp!HNf0FAlKe-kC@HhcZBH3{(9W7xL(tK z%C24WOh2q=*&*B4a^&LomhEi6-wLUB6m>PdU8^eUThqEvZ0hPGQP&h38C1_5d46!= zA}2qtjbHiasX7YYGLt&4RkoO6{fYxmH;3PDkv6FRxu@OhQRVN4uUsKX+P6<&`>V) zS>uwJWl{Gm_TFedW%;1alkK>*_|tx!EpNPS>9?q)sX`cDpvS`Fs) zn>_8X#(C{5DO z(Q!ENV(Y!-yZ4`(UDj}F{kIoCx71Hr0&Uw+q-^4;(_k-VGHK3esjPzH6>d% z$06bEnP|Tqu}gm&Co|H&!mK_ z^;@2`NZXkdDH$9P-4ofqYr`e=#Xo0%ogwxsc*mwJ!@U7}FCW!(%b6KA>Dt}=GrTjF zdF{JcW#gt<^7b9`>(2g@znFysU!3$?96RaJ=|k6Io8qFkFWOVyam_gI*VfW&FB;$Y zUaKkCYG2W?v7+fphE>`h1A%*$Hc0|z4@FBw|D8*(=c`YcG{wVO`shUUTEPqNCp|mN zJxTlOL2j}14zuX)Kdi+iA7}h&53T>Fw96#@Xa#T0yS9^lZ|g5TI8oNAyw_N3f4cLp zt2^y|_`FJuIX!Z2CcT+;D6U@Pl(wU8=8c;!pJr(`3eIzm%`-mW+LkO=D;UzEx9*3B z$lp8f6a3lv9@k&Ho)jUTe9U+aBCQ6^i-F8-Sg3(tMK{z7>g7qlqpDoQbNpfUt&_UyPA9kg-jXM@(fDJ(<)KN|(pQCM-4^ycZMx;v zqzHAxcQd_aZP+qbp!nqZ%`*djZIY=hHtfk>J>{Nr=*)QMHAn0&)CZRtGtND?>S}WJ z?l->=28f>h8}#<*>;;SJmYYU)gdMt_rX$25z4?$@*2d>5Pq#|UwNj~Dpg3`xof1=Y zN8h&Vb*mes+spHG?mQ~5E9rRJ^rDg5KQgc4?%T7QKh^zFymE>`OdkkrR?G@LmFV)bQTLQ&$eqsDITDJ$yB|m$wVC~g z<ug@hhhDZHYj}WyS4lw>B_;_I<%R z`I~gj9M5N$W;HM$Ok49LBvB-4pHQ5C&XO}#0ud#BX>(a#4@_-{-Wbr?=S7X`m^5XJd^!3g&z@Gdpp}3yEqcX<#ZIY zEj8>^(==M@-9=XF?pl7z{me3tw(R99ZJ`rEl-lRPwJRcQ>T>emHd~Y~qrm!bcWYugI)Ed!4~V*n-)ioi9$_&_Fq1 zm4&jw7NzUoBsML3XtpFx`rFxrH$nHdNIrkB{`z#6n*Gi*;_vJ8j`sFVpQX6CsaUtx zdxM7O)CYy11Ckw@E#&UVuBw<&#Jku2L|s+vkC-U#1rJrF#M7*HJu3dB|8{oEZ^y@O z3&aebs+lV`w`4OdI@J6+ZLJOa9LL=px@*Oi-Ui&sODsCloUF@S`uFdT`L=A15eLsq zpO&8WRdD|Hi0@_*)*egl)w9hm-qun3Jaf4;dyIhB>MQAIUW;mJyf*#B)a)N%XnMR* zEHx}9_^Q*rEjjXk+w>1VJ028oHkt4E7rBFvSuDPunPTwqRhao|KfvCNIuX-_;b? z8Dh3m^tk}j?9wpJ2`~O}F`n`Jt?8NlY{N9Z?W^*hFud!Ruse74;vF+Rr;BS}ZaHgo z^R_gr@vXT`&DK|bl(ei{bD+QQaL9?Yb8C6-3G5J@AHOQT?&r#dS3+l`&7ZpMnX2cR zcR#&K?(MrJ-q?Or+$Fu%=c+jO4AtD-%et@E@1A3s)}z_~Z1WjAJFSa72Qw$NNG;I& zw`i`^qcg{HT(%0FIlx=txcf`~iTi&y&MN%#z2H1g=3O&h&HLB#FIm2~@HG2>>#j_Z z+`g{Q(nrr0m%rp^QZ6ey`9}7I>TjvvTdVaa9toJoe{|BX9io#X`adq3(kS{`Bw*&Q zlJ!s6rnR@3xZzw#zMPI7aA*I^!aiVuYGuLL*kO~FI zZ4b{K2);zC`3p gSl31F5o>A*T9AFm@C>W-npFq3`-b(U*Ug>)0QpBUng9R* delta 2906 zcmX>uwpe_EPQ9nGuVavhrFno`nXjL|kFi;{Uujsri)(JNX-JZROHoBxkZFjUi-$p$ z1y`}RNoA_3MWRJwc6zXxUzvBZQ)rr-r+#9#V@g#-SU_TCMOuEbhfj*D0hg|wLUD11 zZfc5=si~o*f=NJCRDQZbmA^@GvV~!kPk>*xv#Xn>znhyym|uydx2d*;d3cmzc11{0 za$atJuw!T_SA}LIcYcbwbE0#Vi7%J2PgP!6IhU@ku7YPlk-NTIXrQ}kNuF7zSFu}AZlqVF zK~S<+MRI_reyDp&W<`#Vt81~jCztU=-g+BfUj99%-T@|$_y7N4x^w+a-lGpDH>`>I zS!C4K)Wg)EES#}#s>-DB-H{wuoLevMO1;@*qN_90_o!asiaj?pPwk%}`7uWF?JKjW z>=}95j-qQtj+Qwso%4JT-}ajCKR7PW)+u%H^*#`-z3)hPJ%3`y_PZMw9rr1@_VGg0 zh98Bu>VF^n=Ck$qx}>X@XRz5ldia&!XkowpZI6xG3vOPxzcxPB`fL9|JLaedtn5}6 zlRvwge2)K9moe=G^VYu~w$ApRuzzhv((%Lmi#B{_Tj+TEyN>#YT^miErnerNeEp@) z=lQI+{>=Na(cf;F^Nk-)&o{{j-%aP-zaZ+vf*l8^RGD{fSzphmWuVve^>Ns0zDd5< zoae}~-^e}kEGK)9wYydA(`v(OwrX85OQIfWG4@40>R+fJq8xk0xx_}N{%G5Hb}Qd)EotYB%V!^c47+O6Y2;hI``jBf%dDeLiO$R?4$Ycaq9a)q zI(O!Y6z>I>w8C~xOj~lJ{&x1_?9}Ihzo$Lhx!PgEpOV z@9+55vRMA8$dBS?JtrS5cv4a=dUIn#+^rJjj{2GM+Z2~@$Cqb`>90uceJ|nOZE@(q zqUtPGrpr1z=PQ-C$zcRr?7bvhv|!)#S$^m6UVC$>8}zPp{8XyHBQ&ePH-`BhAe z7gA01x-KT%ziO#*-1O6@g{K3SiKYq&bU&}ZB{Z*0`k<&OZ-M2dCeza057vETKihhA zxw(M}i(LT2-@@q}#qkA+jB$n>DK#JbqExIu>hLXyZ;EwZ`PFG%ZdvS{4vp{*^(FIv zCzl(Vt3mI}<4Jz`Wn zo4H@wZgYaVy{DDgv{g2%f`6RVzY@j2?)5iCDfW#1)$=FpJ8s+3F7A~PB*FCiCzHfEO?jKUSz`6^2l$sx zeQo)DJI9i|MdS+k1?}_0drSGlU4qy0nH2R@_f$s@az z`zLDj9L`rwpCVNF@Jg6vepV4vam2+YrovOP(R=?s-M_ar_I3N^iG^;v>n9Z}nP?QV zKjGvt$!Yv__2M>lWtXkqSt0S_uloM$^t^t0B`;p{W8^%RXeFbqZJSQLeer6?o5t(+ zeq@UmJaF52OgjCkR&d2av-R^`G?!T?x^BPhX1Hu-f{^+7MYo+!S8SEPdHA!fbgSs@ zx3h}f=jNVX+I&n+((R|tjQPdQ{CzItm%5~<#~tG-2=sKPV|&n1uyz0FjLX4=WR#Ww(e^Rj`#DN|1T>wI@c*S z!R(6O&YdiW!<5RSxaA`Kf4e>B?cLd}etLfX;ScVbt2b0GpMGued#6v;8XNK*E>(vTxM1pwe7Ys7wGu2D_3|?3~H-5U*jY0PPd^Ki~>ii8;rmX2( z!+&erWzmcu2C~jKrLM4X1bj}O%d~sLrcb;0tixyhdiPw?|K4SmNl(SDY+~D07uRj! z&UNpUP2rn`=W?Iis{gd4%t~ePjm1npf2FQ36kZ>$Jy+*+_tM1OzvkZ%W->nb>*9>N z4o*K<&g}kXyvy{#Lz5rt_vhTaaP9PqCh@ZVSoyX4<0H!ar~PsNa7Q4WIk)PhZP5Jy zhE;R*4NnVBFZ6bKbmMH?qn;1v#q5nkPuiroOi#twd2$f!$Q-AJ^dG|WQ z4Lygm?0>aMEqgePr&dMm|E8MxT%swC&KqL9-qwA#uH&>>T)TR=@FG*o+4a`HVmuM>lr1E!?loV!wN3U~;`a z^Tm4Cg@69rOgrSY_C`|l@#==D+;i{mKEAq!m0c!ksdnI6t2HO)YM#G-$Mi?&-5GDQ z?&kzPYTv)`WX=gE-Se@vtKH(}3+|NQGuWH@ykw=}yh+<9>J@F^Y&jFVAzi5uwb zbGaMOtlo9M6!kb|^kK*0Egf%vMtGV=x#+%e>$a=U`4x0%>s^)0x4KLYtc~;fvUg9y z#+c+!xojV;9j@+4=6}5+p*cuk0neG!U$PH46>iL^sGGNe(PQaCw)fuexYmCzI_O*W WTSI2j$#3UZ*}alhGFn@b;{X8Lr%5OP diff --git a/secrets/wolves/details.age b/secrets/wolves/details.age index 710bd9a793539de1c14977e2676fbea2ce416925..88a6369a385d579864c71e576a72824df0901700 100644 GIT binary patch delta 1056 zcmZqX?BblDTc7S|8s;5noKav}R8pL8Vd<~$n-P%d;p3lVZebLdpXyVU85NouYHr}k zOSDpRQnDm1?P7nO~xx;a})h9PDlC< zY-pb2njOg%UX<)?P?B0@>gj4(RZ?kalIfI^91y5&>6jap7Ur9h8|+f#6P8nwSCTyO zqjKm*b?3SMxmXRFdUKyC19h_T~T3`_3<>;1cn39<6m+WN1 z6=qqOljI(iU6A9IVd!M&sa;r_TbOR<=^GJP?Bt(p78O~cpQ#@eSZJBerE8~9T%4hs znqp*XYG|oo5>OSDpRQ1n?-CsDQc@7?>1}8cSn6Gx=4$Dj>R*r?6cv^mXzrq2TH%=H z9cfk(nqAE0?BS8-R+t%->5=VN;$P;T?ip#4?30)05mK6Hp6FERXJVY_S8QhF9g;rr zqj-2mW@v$Vc2Q7~aa3rqb81$ki)&Smerm9`Z>V;jQJHgAq;FWUk$I(~Q6N`Rkdb4d zyOVcbU|6_smVQxLMVMD%xutJ-KtYC=zkiflpniylWw~ckgu&!^M)C0Sq6okI5PwtW zw9E<XwG|JUG(lINa%O^C`(!wPtEHBkd+bFxx$jLw0HOeoeAh9Sa-6Yeg(jwBy zyrRg_E7v(6-8zpXgUo_Jg_IO;edoNQEQ_F0|HLq#?BJX*U*B-!RJWosr=mp9qOgoG(+Y#K%yehp3inF? z$!8cP>PyYT^4yF9+>5G$5;H=zeM7vQwe>xXOj2`lQ-ZVfgM2(A-J{$+3>ycYj3|a0mpNvDDNRv30OVFHK@gtPtoHeJ%9n+N|G9A06yp-} z_1_EsenU0Jw%MM`^z*SZ9sM?Po2R*kMtz;9V>CabKgaXhCnI|c7Pj+d+#DCS Date: Sat, 18 Nov 2023 03:03:35 +0000 Subject: [PATCH 197/826] bitwarden: brought in line with the nixpkgs again. --- .../bitwarden/_bitwarden_sync_module.nix | 29 ++++++------- applications/bitwarden/bitwarden_sync.nix | 29 ++++++++++--- secrets/bitwarden/api.age | Bin 899 -> 0 bytes secrets/bitwarden/details.age | Bin 981 -> 900 bytes secrets/bitwarden/id.age | Bin 0 -> 809 bytes secrets/bitwarden/secret.age | 15 +++++++ secrets/ldap/pw.age | 39 +++++++++--------- secrets/secrets.nix | 5 ++- 8 files changed, 74 insertions(+), 43 deletions(-) delete mode 100644 secrets/bitwarden/api.age create mode 100644 secrets/bitwarden/id.age create mode 100644 secrets/bitwarden/secret.age diff --git a/applications/bitwarden/_bitwarden_sync_module.nix b/applications/bitwarden/_bitwarden_sync_module.nix index 6a45fb8..7582397 100644 --- a/applications/bitwarden/_bitwarden_sync_module.nix +++ b/applications/bitwarden/_bitwarden_sync_module.nix @@ -46,12 +46,6 @@ in { description = lib.mdDoc "Folder to store the config file."; default = "/etc/bitwarden/bwdc"; }; - - pw_env = mkOption { - type = types.str; - description = lib.mdDoc "The ENV var that the ldap password is stored."; - default = "LDAP_PW"; - }; interval = mkOption { type = types.str; default = "*:0,15,30,45"; @@ -229,14 +223,20 @@ in { }; }; - env = { + secrets = { ldap = mkOption rec { type = types.str; description = "Auth for the LDAP, has value defined in {option}`pw_env"; }; - bitwarden = mkOption rec { - type = types.str; - description = "Auth for Bitwarden, has BW_CLIENTID and BW_CLIENTSECRET"; + bitwarden = { + client_path_id = mkOption rec { + type = types.str; + description = "Path to file that contains Client ID."; + }; + client_path_secret = mkOption rec { + type = types.str; + description = "Path to file that contains Client Secret."; + }; }; }; }; @@ -290,6 +290,8 @@ in { ${cfg.package}/bin/${cfg.binary_name} config server ${cfg.domain} # now login to set credentials + export BW_CLIENTID="$(< ${escapeShellArg cfg.secrets.bitwarden.client_path_id})" + export BW_CLIENTSECRET="$(< ${escapeShellArg cfg.secrets.bitwarden.client_path_secret})" ${cfg.package}/bin/${cfg.binary_name} login jq '.authenticatedAccounts[0] as $account @@ -306,7 +308,7 @@ in { # final config ${cfg.package}/bin/${cfg.binary_name} config directory 0 - ${cfg.package}/bin/${cfg.binary_name} config ldap.password --secretenv ${cfg.pw_env} + ${cfg.package}/bin/${cfg.binary_name} config ldap.password --secretfile ${cfg.secrets.ldap} ''; ExecStart = "${cfg.package}/bin/${cfg.binary_name} sync"; @@ -314,11 +316,6 @@ in { ExecStartPost = pkgs.writeShellScript "bitwarden_directory_connector-cleanup" '' rm -f -- ${escapeShellArg cfg.directory}/data.json ''; - - EnvironmentFile = [ - "${cfg.env.ldap}" - "${cfg.env.bitwarden}" - ]; }; }; }; diff --git a/applications/bitwarden/bitwarden_sync.nix b/applications/bitwarden/bitwarden_sync.nix index 983904c..4136b97 100644 --- a/applications/bitwarden/bitwarden_sync.nix +++ b/applications/bitwarden/bitwarden_sync.nix @@ -4,6 +4,7 @@ lib, ... }: let + user = "bwdc"; in { imports = [ ./_bitwarden_sync_module.nix @@ -12,18 +13,31 @@ in { options = {}; config = { - age.secrets.bitwarden_sync_api.file = ../../secrets/bitwarden/api.age; - age.secrets.bitwarden_sync_ldap.file = ../../secrets/ldap/details.age; + age.secrets.bitwarden_sync_id = { + file = ../../secrets/bitwarden/id.age; + owner = user; + group = user; + }; + age.secrets.bitwarden_sync_secret = { + file = ../../secrets/bitwarden/secret.age; + owner = user; + group = user; + }; + age.secrets.bitwarden_sync_ldap = { + file = ../../secrets/ldap/pw.age; + owner = user; + group = user; + }; services.bitwarden_directory_connector = { enable = true; + user = user; + domain = "https://pw.skynet.ie"; package = pkgs.callPackage ./_bitwarden-directory-connector.nix {}; - pw_env = "LDAP_ADMIN_PW"; - ldap = { ssl = false; startTls = false; @@ -54,9 +68,12 @@ in { groupNameAttribute = "cn"; }; - env = { - bitwarden = config.age.secrets.bitwarden_sync_api.path; + secrets = { ldap = config.age.secrets.bitwarden_sync_ldap.path; + bitwarden = { + client_path_id = config.age.secrets.bitwarden_sync_id.path; + client_path_secret = config.age.secrets.bitwarden_sync_secret.path; + }; }; }; }; diff --git a/secrets/bitwarden/api.age b/secrets/bitwarden/api.age deleted file mode 100644 index 44e29599d410b7968cf7eb46210a82462fe27f90..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 899 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5!suC~@&{ z^zaA@H%K?}PAteUElw&4E-N=I4h{Fo4y|-FjLgUk_4c#K^5rtEN{$LL4|5GKE;mf7 zGIvZ$GmOX#Hm-=w%`3>#PqqvyvoI*g%PEcwaYVPxB%mrPKV88w!^k{6#Kfd5B+($yz2$<5cuGqa#9 zN4qM}BHcH!ILFgF$k;gBJ1a3I)fL?~Q@<2T<8p=Yilo94%W}71bF)NGGi~4eu*5Kf ztW;Mgj~wj)AHPBu6EnBWa*Ln>V*@U;B0uBufRK>P;F7H3qH^E-;0S|o?@ZGGmny$9 zZv$`N3jG2jzq0JWObpu!EmFPG(-j<}TpZ04^~;0GQ}Qbcyq(K)!>S@&(!8@WQZmB5 zihWXw3eB|rk_+A3e7Ult{43KfER%{VJ)9%VqFkJU%F{zVq6!LwExb#D3WG}{^~*|q z(@p#<%hCPjS>@|v0sUy|aHoR?>qpPe0^ob4R$9O2@ZqHW@&?^+z< z>unJjEYtA^?SevWd-6*8WCDFy(EXTvZBhn|z+r7-& zwaO zG}Fb+JU=fu%OWw@B{9Xays$hw(l3xpkIPlw-S^1FU4gku2bV9Jw?M!xe0{n?aYM!4 zipeSUJfDml=P%1EJ^5+le__Q-SMGjb@;xMz`9$#hH#bGWA97q)#j9qm?EHN^B diff --git a/secrets/bitwarden/details.age b/secrets/bitwarden/details.age index 4d10a484f6204dd3804ec51395869d9a1210df78..5e368464f18374210b846cf0705dcfb30aaad81d 100644 GIT binary patch delta 812 zcmcc0-oidXr#{&@#J4yqwW>rr-_6k6ry$ofz{M~z+c>i-C$KWRu*}>sF)hO-yu!Sq zoGVX1EX&8R%r_v*-PtL~&CMmO+%Mle*r3v+tAM-JIk`zz%9Jk%+Ei{x45*_J-;;2*t|5) zC&MBm)X^iG%S}7d#Uv=VOh3#m-NdmfH@Mg>wbDIUKQyP(DYV4P*)henINj7--y%13 z;z#lDv=CDxlYsKnP^avS0RK=!)6$I4RKvjH^pfJDqDn8*w8X%iqTn>MNLLfCJa^+n zA0zGJkO;$&kjPXg?Udy3Z1==S*HAAbBh$c8?Ef(g>DuVjs}6L z#vw+zLEdhLWg(k@vnNCR|!NxhsS;l!rRhfy&8C9WNm7%7F#7H;2C^fM-RiP-YNXthd+}ch-GmI-Tuq@EmI8@uQ zFr?nXATzVnx2hr_FwtE*z$4P#KQPokDm6T-xWduVGN`b`JDp2cS69I~)hRK|JH;q7 zr#!u~+%Y)JC&DMKz$>)WydbRHEYvB($vex`$lEL>Dw#`WNxgec>DHIW$_$tF=r7+q zxnO?g>UU{Lwf+0-ivISWbZ`3d{jT`d6CZf8>Q^25eyNt-{OSePiLbxa`SSYCn+mz%RqV*T_A|*DcL8G^i@XJ=rqMxS+T^pt7pMJJLLG z;z#lDpmfjh%2M~rFoQ(x^2$=bMAzaBbJskhs!;Q=JRb|~fM8G4@L*%dklf(VFs4Q1!!YC@;I*%rLkt$}u1#vZ5#`yCl^k zx2h=BEz#81CncZj>HGccQV}zyG_Pi{x~{iT+LU;?dbxq9P2|0;Ho0fZCi3hEjAO2l zPF<`kHfP)PlhHzd6iz6-X<%kQlC1QQ=k{jpV8sIeKgk!g4xOwuzQ6O!?)_RT_MhqP zwklcL(Nq}sc|xw}Hn$KV$w>}w>ng=Ot>gFD23V`_-{|wvuI|E}1%JvEx7Yrewt8ay zc7y*MMsI80g zDohQ+%{|M?!ouCM0u8u=L(D?m3W~fGG>j+=PE9c>H3Qog zqnloonpm95Wo~9%oR(SaUlv-D8<6SirJd^><(!`$?jBTGTBRLcoa3GA6lD--WS(l4 z?&|HHWL_L$6zFSg8Bkmn8Kqy~%N3;W?4FVDZ4|Dr9qH?xQ{k0bSrD1yUzJj zrK_u}U}9P2Q&QxYsU2umSy-H#Y~kfx;uT(QToGC2=jrH?T^i<*nPE{@pzZ6+<>B_g zv1UQj=a`mXo$BX3*8E;LUAAB7XY~IGscUBCPMmk~@}abZ6@o`k9djt3y+3AV^7?u8 i+LwIWjeN7KjVA{)Og^_kAYHs9PH%GC=kwfo!OsAE4-@GC literal 0 HcmV?d00001 diff --git a/secrets/bitwarden/secret.age b/secrets/bitwarden/secret.age new file mode 100644 index 0000000..bb4a338 --- /dev/null +++ b/secrets/bitwarden/secret.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> ssh-ed25519 V1pwNA BxPb6d6nlJHiTkbcwOoPrvAPBuR1iJSFAXIp9n23Ix0 +hl0X3RjOEYp2G1QU4SC6CBF5YVlCWiakMsRbGTBYkzs +-> ssh-ed25519 4PzZog Nf/tUysmhTfzaoHhubwdQ5NKZw5SBd3CEs129FGkuio +750oaBtfeBEpDuasZFr7RY5uBzFZZNMNGQkRyFfEGCo +-> ssh-ed25519 5Nd93w fI9TNLWkDkvLCDA8eTMfVw7fRPylWHPGzPupya737xY +wQcz+yf+EqDNmRWqldNuQjjy9tKc1zN//yumtGpGbaM +-> ssh-ed25519 q8eJgg T9Iv+fRwmOLYMXe3ur6dqudA1z2wQsKQX6ogkyQT3Fw +LBYKL2OtLiwq25FkvZjT4H3tu8fOA+KFmFp5vjbncLI +-> ssh-ed25519 IzAMqA O9JfKAlOUao2S14iczlnTzT2sTSAM1vOR5KjO8eJMG0 +ioTSe6X4E6jE4c9Utl2d6EUHZYilnbtRnB5QJg3S3Q4 +-> 6&-grease +BkWorA2LiphyWLmdV3AeKsI +--- +MO1wX7pJf7eq4MkiWSP+xyxThI5jnfseS8jd7LbFoY +WV>dD"`i+ ǸլSмkHOjt*k؏Ԣ9P \ No newline at end of file diff --git a/secrets/ldap/pw.age b/secrets/ldap/pw.age index 7bcc8ba..84ca23d 100644 --- a/secrets/ldap/pw.age +++ b/secrets/ldap/pw.age @@ -1,20 +1,21 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA y4Jn8Hbj1tfjCM5x0uNHYMgFUNDr6KHCcuXoPxlT9RY -tbBvpE6eGiBTpUdIq4qgZ9JRC9RptiqV+b0xghMITgA --> ssh-ed25519 4PzZog e+daH2rT2eant/6TKRpcWs6upAMZ3Xw9SnRWtXo/s0Y -mDvQxqaj2XYnZ0SPMW1CeaWiWBalHt3LsEgHeEwCbQ0 --> ssh-ed25519 5Nd93w AXtyVYaQ2LEIM2rqrh8blQHt51qDfwQ3aiI5RRvgtHo -sSfCow1fkwpYuT2WQhFzuuDqKIrR0wxBrWxOcrPRC3A --> ssh-ed25519 q8eJgg LS2iaiXUINhcAv131p1TftyQOBz/efp1+IV2tUkHwDw -ZW3ktiCi8vTspB6Sc7tq9tSAaDMtyHL5FADXLi9nlxc --> ssh-ed25519 IzAMqA SH4eaJm8kdw6Pf4eIQGsMx3Wg9dRkEjCkjbpSWPxSGE -YKTUSXXyswYkfFUdYB963isQXAEaMefQsNIDwCmwt8o --> ssh-ed25519 uZzB3g W1aPkpNkRJufFmDy+GoWJmwi3a5jp3RWyTiKSPP+2HM -N+njssQYN1tMmfcvYcFHmPR1gYSom3aJkVsTIHUpslg --> ssh-ed25519 Hb0ipQ hvEFVHPzRtX2T8AbEk/rWIf5QGDE2kmQFylFVWzHmG0 -NWwpgmqnIMUDFeHynofn+1GTe2nNWI+YOelmuLC7hhI --> WEEa'-grease \ NIu4o?\m S;\E"U. -SZy71FpmUaUVoMICsdVcYZ1i4zbDmq4+w/fKB/Dkepm5dX3u3kRimmYdOp7S/s8H -3GaZ5oFXeBt3Alj6Vw3UizOZjPwWbyyA/Q ---- ARW6OvhJD/OEtsgEnb3x0bf5xBUYaZ0eZzXfvc5K9rw -H?ɖEUP].)S(͕XN}4o{Ƹw e1!Q3¤tl;dw__(K6F#_nL(%4%eB}K i i,IGQ:\ŽU⍧d>A<4]#` \ No newline at end of file +-> ssh-ed25519 V1pwNA 7xMn5rTcihSdgzDvXVBCbcGX8d428ytwBK0G1TOAMBQ +AYXY36I3DdQc8TJeWknIW8HFRZKXalkwBnJp5J4HjKM +-> ssh-ed25519 4PzZog +V5lAWzv8+NbK3jZZeCc491F2dLcCMqaVbzX14nPcS8 +c6DqiOextznWRSOtsR8KJmyGSJL+Ubx9jHVSeH0w+zs +-> ssh-ed25519 5Nd93w 7JnyPksmvytXPorlyoNPrh8BSsZNCAXXILKlS8F+ogk +iStkE+rT43h0zkgcRehbVTX1wGYZkJj0/zIQilm78Ak +-> ssh-ed25519 q8eJgg 6EGWaxyf1vDSzdvRU4+XEsVEfaj3K6dE/3tt8MA5YAE +CrIad5K2lTWlDh7jLZr+nIWtdWpRYg6HVt0HbhmMaMk +-> ssh-ed25519 IzAMqA eh7mAmV0l35n55rnmMPV6N/MUxrCKT+v7OFKNZlakgU +6cBUHDuHX6/5x84WFIbxlVVtIyx4eiJaGB9TP718u2A +-> ssh-ed25519 uZzB3g RbnBlsD9bSqG2W6RC8eWFhV3hVSx6ItFbH+irxa+uFk +mNGkTJODGb+anzqrWIX53AfUfMBjhZMdRF4ZGmT+bBM +-> ssh-ed25519 Hb0ipQ 9dQNJXGE3uIVPGLi2J/TCVW2xPem/qwKAEq/GPzEl0E +VTQYcZjCUTkom7bloTaIvR+/fA4rNwBUU2YzCUX1sss +-> ssh-ed25519 IzAMqA Q/SCKGBzFVtk2fkXYF4cyWWSdGG8BiSztPLHyr3UnCQ +l75JzJC9hRp34yA3cBUkDOupA4UTifxSwVNqb+aWXZk +-> T4-grease & M~o 5A#" =^Z3b: +oI4xOpmGL8b+HPrdKyMomAuW2AfCqCvXxbIv7NSA+nd1dYH/QFuw +--- vSy8f0+j42gCL0K7N8yZlWajUMwKKtGptqKP6ajbW1U +wϑm*tXt.JhAޞ*ӊ叉QhwaZ!6`SXׁpu l9nˋli&Cf֥:v^=$1= gycKk@@Zc#̙d#e_.(68 \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 33ecbb3..3cdbeec 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -117,7 +117,7 @@ in { "gitlab/runners/runner02.age".publicKeys = users ++ gitlab_runners; # for ldap - "ldap/pw.age".publicKeys = users ++ ldap; + "ldap/pw.age".publicKeys = users ++ ldap ++ bitwarden; # for use connectring to teh ldap "ldap/details.age".publicKeys = users ++ ldap ++ discord ++ bitwarden; @@ -139,6 +139,7 @@ in { "wolves/details.age".publicKeys = users ++ ldap ++ discord; # for bitwarden connector - "bitwarden/api.age".publicKeys = users ++ bitwarden; + "bitwarden/id.age".publicKeys = users ++ bitwarden; + "bitwarden/secret.age".publicKeys = users ++ bitwarden; "bitwarden/details.age".publicKeys = users ++ bitwarden; } From 0a028eaf53a65042050b91506232bff72236483b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 20 Nov 2023 16:10:09 +0000 Subject: [PATCH 198/826] feat: add a test server for trainees to use --- config/users.nix | 15 ++++--- flake.nix | 3 ++ machines/marvin.nix | 68 ++++++++++++++++++++++++++++++++ secrets/backup/restic.age | 82 ++++++++++++++++++++------------------- secrets/secrets.nix | 2 + 5 files changed, 126 insertions(+), 44 deletions(-) create mode 100644 machines/marvin.nix diff --git a/config/users.nix b/config/users.nix index 96fd572..ba8dffe 100644 --- a/config/users.nix +++ b/config/users.nix @@ -34,11 +34,6 @@ in { config.skynet = { users = { - admin = [ - "silver" - "evanc" - "eoghanconlon73" - ]; committee = [ "leo" "silver" @@ -51,6 +46,16 @@ in { "sourabh1805" "kronsy" ]; + admin = [ + "silver" + "evanc" + "eoghanconlon73" + ]; + trainee = [ + "eliza" + "milan" + "esy" + ]; lifetime = []; banned = []; restricted = diff --git a/flake.nix b/flake.nix index 9ee5d65..9fac61a 100644 --- a/flake.nix +++ b/flake.nix @@ -152,6 +152,9 @@ # Nextcloud cadie = import ./machines/cadie.nix; + + # trainee server + marvin = import ./machines/marvin.nix; }; }; } diff --git a/machines/marvin.nix b/machines/marvin.nix new file mode 100644 index 0000000..89e61df --- /dev/null +++ b/machines/marvin.nix @@ -0,0 +1,68 @@ +/* + +Name: https://en.wikipedia.org/wiki/Marvin_the_Paranoid_Android +Why: Has terrible pain in all the diodes down its left side +Type: VM +Hardware: - +From: 2023 +Role: For trainees. +Notes: +*/ +{ + pkgs, + lib, + nodes, + ... +}: let + name = "marvin"; + ip_pub = "193.1.99.81"; + hostname = "${name}.skynet.ie"; +in { + imports = [ + ]; + + deployment = { + targetHost = hostname; + targetPort = 22; + targetUser = null; + + # not deployed automatically as its a test server + tags = []; + }; + + # allow trainees to deploy + nix.settings.trusted-users = [ + "root" + "@skynet-admins-linux" + "@skynet-trainees-linux" + ]; + + # allow trainees access + services.skynet_ldap_client.groups = [ + "skynet-admins-linux" + "skynet-trainees-linux" + ]; + + skynet_dns.records = [ + { + record = name; + r_type = "A"; + value = ip_pub; + server = true; + } + { + record = ip_pub; + r_type = "PTR"; + value = hostname; + } + ]; + + services.skynet_backup = { + host = { + ip = ip_pub; + name = name; + }; + }; + + # Put test services below this +} diff --git a/secrets/backup/restic.age b/secrets/backup/restic.age index 5fffe79..34e6e64 100644 --- a/secrets/backup/restic.age +++ b/secrets/backup/restic.age @@ -1,40 +1,44 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA 4PVHo9zk7nF/HXASYtgADfzpMyFD38yVnGl6DUnJ2H4 -rsKe1DKMWTkPFY7zQ0S+713Jbj4N/sTc3tA8RfgqPnQ --> ssh-ed25519 4PzZog fjzuDCOx7DR+nZdreeFWgdXjxntqT87sTBA8VsIG7R0 -fHOmuW/VRxV80b7ZYeov8jIY9YwlKPMuJZbsOCSCGmI --> ssh-ed25519 5Nd93w bKiRT7OLQFK6YwXfcraAa+hEEEi4vFbkuaE+sIZr7Tw -7SvNxSeCA4u3sukpgyJ1evindynHyYPyZ6LsGiYBxDU --> ssh-ed25519 q8eJgg 7efgCjgA5BBrTbih+mSFsNCrIeCdjGCMrbVafTkwjgA -ZOE6wXA0e7zVei53tRvyJZQuYqZHLO2w7UocxxcdKSY --> ssh-ed25519 /Gb5gQ scN0tsEedQk5JS9B8io0Aw60ryaaLDPQ9QBLijCmY3I -Q7z2+SDtQTXphvlGNJztpxOqLZg4ffWCLxq4XoAfj+4 --> ssh-ed25519 NtlN/A JgDHCYjQ4+Knk1/m2mOmEdWZ5I0oXMUOvWRV3JuhCAs -4dggG3a1MSh/Zkp4o/gkmnlQLo3lFmH6KIlOimmQnlI --> ssh-ed25519 v2Y09A YHaDoKUzQAQjBbzejfa4f1RCoiHRpaXFfQPQ0Sz4K2s -Fm5/Q561X+vdMW2B3Zs1wmMJs/YCOXnYN6jtTzLa9Io --> ssh-ed25519 XSrA6w hgcKUa48qv77vW+WkVT3UJaRuTxyGcx2NVufpAOE7lw -QqmO9gDnPAXZPPjH3mQi+sUyvMPB4AyxfrRBJyI8Qv4 --> ssh-ed25519 DVzSig MAviXeP0uCTr1+Y/zzM8+K0KhMOFud/z75qDL4nRxCU -JgWxSNWwWl4v9myVOJ5NQb8HW1jUTpGqxSgliM1c4ZM --> ssh-ed25519 uZzB3g sgQxU0f1dIM/r2ukqjGwcIkDCY7hlPQ4V+1WmhJbPWA -m/pwY6N5YosRJEe0gQXLaqCzPWu438iXFLqt9fbVrd4 --> ssh-ed25519 yvS9bw dTUghxA5+jLAEE9w6DiDHTy4IcVwCnTElpQL6BlUbXg -YvpodcVYco4JcKr5ZONeBN3AuCPSk0zOMjeCNlE7xsc --> ssh-ed25519 IzAMqA wvntN+N/Hy/EmSO90nTuABWZsP7snqQ39DAao95Rh1E -ECWyatQlw90+udKtGK7J076AUSRnbtAEyILJXJNGNkg --> ssh-ed25519 Hb0ipQ NuaKnDdMD7UOXQM3k0fg+DpAGsgqSpDgFMYvnJFcgBU -slaJBlZxTgb7GGjNt9PNGPvMFVKKXdmsjckLYCTXlUk --> ssh-ed25519 3pl/Kw XP9pMH5S0+87TqQ1XxKH3CkQQnyELcL2CgazfSnilGA -s3Z2TP+YHyDJA2tt47eACI4L/73C+8bUHOXTDZuROFk --> ssh-ed25519 SqDBmA ATvMxlxuUyOKNq0gMvYub2kLm5dMtgrIO6WyHU8dYAk -AZ9nq0DTC+v/3W0oZj39A8IPIfwyIDDaUDgRCC5Kqd8 --> ssh-ed25519 UE6fcQ Zm0tgR6B83cRS9WoQ97WMVdWMfhIni8y+RG6JFbHXzg -h010f/3pRBfDRTEZ3Gk9PJfP+FIVqLI2OgbeY2NTcvo --> ssh-ed25519 YFaxCg wAL0IkLCWok++zzq+S35hltR1nhcwWjHa0fWXg2OpiI -ofMYHtN6tqlN+SS0jyuCRJqtZ1h0+H8u5tAaCoV78T4 --> _QQW-grease > p!=fBv 'ac^ A13~BQ -R0K5UQZB1yr3issSaFyKgSVNAXuvjfOb9xWbNHg ---- LEJYFpkOhuuMwE/Ud/RNKdy2r/U0nCWodB+3ioCRNQI -c^ UΒ Wm,uH)[ơmD,ȅD*ץ!T|JUUʏvkj`r&e< [ty!R[F7e 5/ms5\bc[WTi) -|M;v+Þ8PFcgI,IQwv \ No newline at end of file +-> ssh-ed25519 V1pwNA 3JbxhP1nIEgtCqaQp0QFoIqEMepv5hZYKUvH7/lvAT8 +by+oq0T2b24w9ILmtJj2FZqxWJNl4C0m8jmONTXfGT4 +-> ssh-ed25519 4PzZog 8Pe3Tq6Wp2ml5JtW/ikJ+Re3/JV5IAjm+dEcNwR4wlg +iYsLanjZEtazwSELt0CLAyNHKHi4YqWamt9G5xeqAfY +-> ssh-ed25519 5Nd93w UdmfLH2jXkL2/osGvhFcJGDNFnWPsc3NvPDmR/epZ1o +ch6TPi4Jrmc+utO2SlkdRzu6Q5Jop3WzjkuY4EoNKr4 +-> ssh-ed25519 q8eJgg YlRTLx5zFiFZQlhwAZ1pUsBa8p7YGvO/kPGRn60MhFo +RcJZvYELckKdWGnwzqd8FgEiBD2cv512c1UqKTUVek4 +-> ssh-ed25519 /Gb5gQ iUdSnWebiZQHKQSoXqr4lRWnRjm8V7P+wdqDrXofCUE +Md1XAcZCQX7O11L/L8IZO8mm8jK5a2nON4LWh/N1ij4 +-> ssh-ed25519 NtlN/A DjECX99k1XrhbanjX+SDYquggoEGeOLCBALXJPvmtxQ +FlYhgxFJDRIJI0Azw3EjTFVbbn0tnP9XOTkWGRMT7WY +-> ssh-ed25519 v2Y09A 4QNfu0h2nLm6bL7JriQ3iWjaTzrZmnPw3/JMXErk5Q0 +uBk71I9dOOX5SrRn3BBtWLED9c/wfeTbSjo8v4FVrtU +-> ssh-ed25519 XSrA6w pw/5qQgGM3QwGMS4aIt6/cLQMzxVBy8Y+P4fGC9qCmM +89JXhqYOQV3AombZkvIfaaZcdIN0AedX5CMxI6ydGQY +-> ssh-ed25519 DVzSig W6z3BDcuauiNgmbwngqilAejOWb4K3CAtC4UUB1NQzQ +R/hX4brDwWiaqQoAHwZiWwzulqvxFdTzuqTqG/HCGVM +-> ssh-ed25519 uZzB3g RLwSmWqf67qmbCVY/D38zLSmCt81LK8Lu2NioKW/nwM +VG0lCU4SaHmShOUcyYaTYD/8/4N0CUcJYbJtvlySKzE +-> ssh-ed25519 yvS9bw g7MOI8ROpnlk6FWMCMOyCeYarsz+qgMtS27KFcINog4 +m/z/NqZiCO+1MaOekgpbW0+V/pgABbOShBZ+uc3DmQQ +-> ssh-ed25519 IzAMqA vL0NuJL0qb+L9IajxBNkUKX7nE0/Nrg2j3+VqCIUom0 +jfE9Pd12rM9TbW92ryfQ+TGUpZIEYynoWX0B+02r1aE +-> ssh-ed25519 Hb0ipQ A7GhIVIPW0jlwvB30UHGc9jiSf6HhCY0euOKzilwHgg +Wt4KcY1YbZFy/CFnND/FgCaLxIWgj36KQvwxOh8BKXY +-> ssh-ed25519 3pl/Kw WKF1Z5MPtQpZBMvnLUJb5jVI/SreY3I1RvZEh4khgEQ +vF6V0MXystoPQ9hbN09Es0HdAffa3fZSuQNvfxYj2qw +-> ssh-ed25519 SqDBmA xSLJQzRetW52eJ/XE3Bfvc5wlL1mOJUUCz1vlNadoRE +5K3RPmDq+XHuRXJ0gxMJODwqwnp8FfO40QHmScN6R4c +-> ssh-ed25519 UE6fcQ t3QXv7Xol6BBV9NQTaM1ANI19/IGWK6mwWW/jxJs1Fo +ZsuXpRilP9LHl+hslBh/PHbkYwSz/lFI9KjkEQJALFg +-> ssh-ed25519 YFaxCg 693MPBIOr1M/fq5UevSXp34ZQabAdlLs9oKROyloTVY +erQrhgVVrfn7ViCqhvru19faIgMwPvE3v7WkPZ4/NL4 +-> ssh-ed25519 elCEeg C55GXvjhHsGod2OoQGWPxDuzKEFcE7BrYKKtBGPiWzE +MLCBn4FulA9M3mPnmMflqWaEcoMwvKPWRfwALceFNRU +-> @b_F0-grease {VD GSb. +LIaz9WQq+QPF7KAUifTlTNjA3gWfdxTJRugPL+6Yyvp8upBJ7fVXWlBVy4rzwA +--- IWxpAEJY4zpLFtrWPRh7dlM9o0dw4iNmDDRvNm//fMw +pU3Qm^ +ga {@ׅ +(ift5P!uŁ,af +n[e&`uDe|D(Z9s)'-⌲UPՈZ_kJ3Jo,<9[ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 3cdbeec..863ec5e 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -24,6 +24,7 @@ let skynet = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAIFPXJswth8H1k8+zrg8vCnPkfG1hIIa3wR9DBmjpB5 root@skynet"; earth = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMpvgQcvK7iAm0QrIp5qSvUJzDhOrSBN9MJn9JUSI31I root@earth"; cadie = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIACcwg27wzzFVvzuTytcnzRmCfGkhULwlHJA/3BeVtgf root@cadie"; + marvin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIAme2vuVpGYX4La/JtXm3zunsWNDP+SlGmBk/pWmYkH root@marvin"; systems = [ agentjones @@ -39,6 +40,7 @@ let skynet earth cadie + marvin ]; dns = [ From fee6f37fb756c163645a6cddc0b4ec186a8b74a0 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 20 Nov 2023 16:40:30 +0000 Subject: [PATCH 199/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index b21de2b..207128a 100644 --- a/flake.lock +++ b/flake.lock @@ -679,11 +679,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1698402997, - "narHash": "sha256-ooyUA9oBoQxNxYr+xXg5zvLQrjl0+jah1AIX3xoBXf4=", + "lastModified": 1700497861, + "narHash": "sha256-ptX+6V+FqpWa8qdk3ufgYvbgG7SbrZaB3V8foCwpzv4=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Fbackend", - "rev": "b0bc6f35c2afd9f545d618a4a092e4efdea25299", + "rev": "303885ef0d299a8e10276df7df6218db7b801552", "type": "gitlab" }, "original": { From 56fdff757196ebd3f7a85b35b4850ad7bd2c597d Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 20 Nov 2023 16:44:38 +0000 Subject: [PATCH 200/826] fix: add the option for trainee users --- config/users.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/config/users.nix b/config/users.nix index ba8dffe..a5f864b 100644 --- a/config/users.nix +++ b/config/users.nix @@ -4,15 +4,20 @@ with lib; let in { options.skynet = { users = { + committee = mkOption rec { + type = types.listOf types.str; + default = []; + description = "array of committee members"; + }; admin = mkOption rec { type = types.listOf types.str; default = []; description = "array of admins"; }; - committee = mkOption rec { + trainee = mkOption rec { type = types.listOf types.str; default = []; - description = "array of committee members"; + description = "array of trainee admins"; }; lifetime = mkOption rec { type = types.listOf types.str; From 56bdcb3af8aeefb2e19edda585c3be3f4cadb9ce Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 20 Nov 2023 16:52:24 +0000 Subject: [PATCH 201/826] todo: update ulfm --- applications/ulfm.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/ulfm.nix b/applications/ulfm.nix index 9280084..ede9a33 100644 --- a/applications/ulfm.nix +++ b/applications/ulfm.nix @@ -46,7 +46,7 @@ in { }; config = mkIf cfg.enable { - # shove the entire config file into secrets + # TODO: extract this out into its own config age.secrets.ulfm.file = ../secrets/stream_ulfm.age; networking.firewall.allowedTCPPorts = [ From 21612fed13d1ea1e27f8d35acbe3fc6cd2bbca9f Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 20 Nov 2023 17:33:51 +0000 Subject: [PATCH 202/826] ci: better output for logs --- .gitlab-ci.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 86bd5ec..285b964 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -91,11 +91,11 @@ build: <<: *builder stage: test script: - - colmena build --on @active-dns - - colmena build --on @active-core - - colmena build --on @active - - colmena build --on @active-ext - - colmena build --on @active-gitlab + - colmena build -v --on @active-dns + - colmena build -v --on @active-core + - colmena build -v --on @active + - colmena build -v --on @active-ext + - colmena build -v --on @active-gitlab # dns always has to be deployed first deploy_dns: @@ -103,7 +103,7 @@ deploy_dns: <<: *deployment stage: deploy script: - - colmena apply --on @active-dns + - colmena apply -v --on @active-dns deploy_core: <<: *builder @@ -112,7 +112,7 @@ deploy_core: needs: - deploy_dns script: - - colmena apply --on @active-core + - colmena apply -v --on @active-core deploy_active: <<: *builder @@ -121,7 +121,7 @@ deploy_active: needs: - deploy_dns script: - - colmena apply --on @active + - colmena apply -v --on @active # this is just skynet server deploy_ext: @@ -131,7 +131,7 @@ deploy_ext: needs: - deploy_dns script: - - colmena apply --on @active-ext + - colmena apply -v --on @active-ext allow_failure: true deploy_gitlab: @@ -139,5 +139,5 @@ deploy_gitlab: <<: *deployment stage: deploy_gitlab script: - - colmena apply --on @active-gitlab + - colmena apply -v --on @active-gitlab when: manual \ No newline at end of file From 03add8f999aa77636b13a6d3984fe0e382d6f9cb Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 20 Nov 2023 20:12:11 +0000 Subject: [PATCH 203/826] [skip ci]: granted trainees permission to a server to test stuff out --- applications/ldap/client.nix | 14 ++++++++++++-- machines/marvin.nix | 24 +++++++++++++++--------- 2 files changed, 27 insertions(+), 11 deletions(-) diff --git a/applications/ldap/client.nix b/applications/ldap/client.nix index d172b42..b1102ad 100644 --- a/applications/ldap/client.nix +++ b/applications/ldap/client.nix @@ -20,6 +20,8 @@ with lib; let # thought you could escape racket? create_filter = x: create_filter_join (create_filter_array (create_filter_check_admin x)); + + sudo_create_filter = x: (concatStringsSep ", " (map (x: "cn=${x},ou=groups,${cfg.base}") x)); in { # these are needed for teh program in question imports = []; @@ -51,6 +53,13 @@ in { ]; description = lib.mdDoc "Groups we want to allow access to the server"; }; + sudo_groups = mkOption { + type = types.listOf types.str; + default = [ + "skynet-admins-linux" + ]; + description = lib.mdDoc "Groups we want to allow access to the server"; + }; }; config = mkIf cfg.enable { @@ -59,7 +68,7 @@ in { security.sudo.extraRules = [ # admin group has sudo access { - groups = ["skynet-admins-linux"]; + groups = cfg.sudo_groups; commands = [ { command = "ALL"; @@ -99,7 +108,8 @@ in { # thank ye https://medium.com/techish-cloud/linux-user-ssh-authentication-with-sssd-ldap-without-joining-domain-9151396d967d ldap_user_search_base = ou=users,${cfg.base}?sub?(|${create_filter cfg.groups}) ldap_group_search_base = ou=groups,${cfg.base} - ldap_sudo_search_base = cn=skynet-admins-linux,ou=groups,${cfg.base} + # using commas from https://support.hpe.com/hpesc/public/docDisplay?docId=c02793175&docLocale=en_US + ldap_sudo_search_base, ${sudo_create_filter cfg.sudo_groups} ldap_group_nesting_level = 5 diff --git a/machines/marvin.nix b/machines/marvin.nix index 89e61df..1c4f57b 100644 --- a/machines/marvin.nix +++ b/machines/marvin.nix @@ -17,6 +17,12 @@ Notes: name = "marvin"; ip_pub = "193.1.99.81"; hostname = "${name}.skynet.ie"; + + groups = [ + "skynet-admins-linux" + "skynet-trainees-linux" + ]; + groups_trusted = map (x: "@${x}") groups; in { imports = [ ]; @@ -31,17 +37,17 @@ in { }; # allow trainees to deploy - nix.settings.trusted-users = [ - "root" - "@skynet-admins-linux" - "@skynet-trainees-linux" - ]; + nix.settings.trusted-users = + [ + "root" + ] + ++ groups_trusted; # allow trainees access - services.skynet_ldap_client.groups = [ - "skynet-admins-linux" - "skynet-trainees-linux" - ]; + services.skynet_ldap_client = { + groups = groups; + sudo_groups = groups; + }; skynet_dns.records = [ { From 20f9a38aed51579864b65f774f4ecb7f2902ff44 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 20 Nov 2023 20:45:15 +0000 Subject: [PATCH 204/826] [skip ci]: added trainee --- config/users.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/config/users.nix b/config/users.nix index a5f864b..9a2a821 100644 --- a/config/users.nix +++ b/config/users.nix @@ -60,6 +60,7 @@ in { "eliza" "milan" "esy" + "kronsy" ]; lifetime = []; banned = []; From a1be738883854a9219b3ceb19437eccd8b17ec90 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 20 Nov 2023 20:53:39 +0000 Subject: [PATCH 205/826] feat: some slight improvements to control storage useage for teh runner --- applications/gitlab_runner.nix | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/applications/gitlab_runner.nix b/applications/gitlab_runner.nix index b0535e0..c6dda6b 100644 --- a/applications/gitlab_runner.nix +++ b/applications/gitlab_runner.nix @@ -30,7 +30,7 @@ in { docker = { image = mkOption { - default = "alpine:latest"; + default = "alpine:3.18.4"; type = types.str; }; @@ -54,6 +54,7 @@ in { age.secrets.runner_02_general.file = ../secrets/gitlab/runners/runner02.age; boot.kernel.sysctl."net.ipv4.ip_forward" = true; # 1 + virtualisation.docker.enable = true; # taken from https://github.com/NixOS/nixpkgs/issues/245365#issuecomment-1663854128 virtualisation.docker.listenOptions = ["/run/docker.sock" "127.0.0.1:2375"]; @@ -61,10 +62,10 @@ in { services.gitlab-runner = { enable = true; - clear-docker-cache = { - enable = true; - dates = cfg.runner.docker.cleanup_dates; - }; + # clear-docker-cache = { + # enable = true; + # dates = cfg.runner.docker.cleanup_dates; + # }; services = { # might make a function later to have multiple runners, might never need it though From 1db618bb804955d299725e8195c5906c05a628c2 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Thu, 23 Nov 2023 16:24:03 +0000 Subject: [PATCH 206/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 207128a..9ab33df 100644 --- a/flake.lock +++ b/flake.lock @@ -657,11 +657,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1698404034, - "narHash": "sha256-9wdSzquwHFjtkvIDKNMPTI0Ll7f0ZxchToxhQWOCZ2k=", + "lastModified": 1700755998, + "narHash": "sha256-uYW/pFl15n0GQ01EFsrpihHZ9p2kGUeT7g9LWf7wKAs=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "432dd0e4a0a1697ae9911a90f249b36727828ce5", + "rev": "5745118ede772cc6d45df9b8c3b74a7518a634d3", "type": "gitlab" }, "original": { From 9c305678859d3b3bee6a8f30c32387789de78a2d Mon Sep 17 00:00:00 2001 From: runner_nix Date: Thu, 23 Nov 2023 22:29:57 +0000 Subject: [PATCH 207/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 9ab33df..2f4e2f9 100644 --- a/flake.lock +++ b/flake.lock @@ -657,11 +657,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1700755998, - "narHash": "sha256-uYW/pFl15n0GQ01EFsrpihHZ9p2kGUeT7g9LWf7wKAs=", + "lastModified": 1700778211, + "narHash": "sha256-ooSpoHOK5vooTFMVJdXv71+yRhaXv2J6GYl9rTtfE/U=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "5745118ede772cc6d45df9b8c3b74a7518a634d3", + "rev": "7303b5782c3173142df5af2a48c639de363e332c", "type": "gitlab" }, "original": { From 7877cef87cf9f408bf32f8e365500adcc94b51a7 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sat, 25 Nov 2023 21:36:51 +0000 Subject: [PATCH 208/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 2f4e2f9..641696e 100644 --- a/flake.lock +++ b/flake.lock @@ -657,11 +657,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1700778211, - "narHash": "sha256-ooSpoHOK5vooTFMVJdXv71+yRhaXv2J6GYl9rTtfE/U=", + "lastModified": 1700947843, + "narHash": "sha256-jlf4FNal9MgRlMDemNzWWn5tML9TN9Ico2tvp6xqM24=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "7303b5782c3173142df5af2a48c639de363e332c", + "rev": "c6eaa8ad9a6e1a779b6f99589c4c2f67e984a128", "type": "gitlab" }, "original": { From 600d1f755f7e8ecd9c252f9b3844809fd2bee05d Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 25 Nov 2023 22:40:36 +0000 Subject: [PATCH 209/826] [skip ci] Removed unused network configuration, its fully set in proxmox --- machines/skynet.nix | 38 ++------------------------------------ 1 file changed, 2 insertions(+), 36 deletions(-) diff --git a/machines/skynet.nix b/machines/skynet.nix index 250f069..ee8ea13 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -18,7 +18,8 @@ Notes: Does not host offical sites name = "skynet"; # DMZ that ITD provided ip_pub = "193.1.96.165"; - ip_int = "193.1.99.81"; + # for internal network connectivity + ip_int = "193.1.99.82"; hostname = "${name}.skynet.ie"; in { imports = [ @@ -53,41 +54,6 @@ in { name = name; }; - proxmoxLXC.manageNetwork = true; - networking = { - hostName = name; - # needed to use the dmz first - defaultGateway = lib.mkForce "193.1.96.161"; - - interfaces = { - # need it for dns validation for letsencrypt - eth0.ipv4 = { - addresses = [ - { - address = ip_int; - prefixLength = 26; - } - ]; - routes = [ - { - # need to be able to get to the dns server - address = "193.1.99.120"; - prefixLength = 26; - via = "193.1.99.65"; - } - ]; - }; - - # primary ip for logging in - eth1.ipv4.addresses = [ - { - address = ip_pub; - prefixLength = 28; - } - ]; - }; - }; - services.skynet_users = { host = { ip = ip_pub; From de69ca69c9270b902a45e8d0a5f135118fc9e073 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 25 Nov 2023 22:41:48 +0000 Subject: [PATCH 210/826] bitwarden: brought in line with the nixpkgs again. (again) --- .../_bitwarden-directory-connector.nix | 27 ++- .../bitwarden/_bitwarden_sync_module.nix | 208 +++++++++--------- applications/bitwarden/bitwarden_sync.nix | 2 +- 3 files changed, 116 insertions(+), 121 deletions(-) diff --git a/applications/bitwarden/_bitwarden-directory-connector.nix b/applications/bitwarden/_bitwarden-directory-connector.nix index 249ac82..95fd336 100644 --- a/applications/bitwarden/_bitwarden-directory-connector.nix +++ b/applications/bitwarden/_bitwarden-directory-connector.nix @@ -3,12 +3,11 @@ buildNpmPackage, fetchFromGitHub, pkgs, - git, + jq, python3, pkg-config, libsecret, nodejs_18, - makeWrapper, }: let buildNpmPackage' = buildNpmPackage.override {nodejs = nodejs_18;}; in @@ -20,10 +19,14 @@ in owner = "bitwarden"; repo = "directory-connector"; rev = "v${version}"; - hash = "sha256-CgaCnMWNVWCJBypNcdoseVCwD8Mlq4YaWpK+VZT/7Qk="; - leaveDotGit = true; + hash = "sha256-PlOtTh+rpTxAv8ajHBDHZuL7yeeLVpbAfKEDPQlejIg="; }; + postPatch = '' + jq 'del(.scripts.preinstall)' package.json > package.json.tmp + mv -f package.json{.tmp,} + ''; + npmDepsHash = "sha256-jBAWWY12qeX2EDhUvT3TQpnQvYXRsIilRrXGpVzxYvw="; env.ELECTRON_SKIP_BINARY_DOWNLOAD = "1"; @@ -33,15 +36,16 @@ in installPhase = '' runHook preInstall - mkdir -p $out/bin - cp -R {build-cli,node_modules} $out + mkdir -p $out/libexec/bitwarden-directory-connector + cp -R {build-cli,node_modules} $out/libexec/bitwarden-directory-connector runHook postInstall ''; # needs to be wrapped with nodejs so that it can be executed postInstall = '' - chmod +x $out/build-cli/bwdc.js - makeWrapper $out/build-cli/bwdc.js $out/bin/${pname} --prefix PATH:"${lib.makeBinPath [nodejs_18]}" + chmod +x $out/libexec/bitwarden-directory-connector/build-cli/bwdc.js + mkdir -p $out/bin + ln -s $out/libexec/bitwarden-directory-connector/build-cli/bwdc.js $out/bin/bitwarden-directory-connector ''; buildInputs = [ @@ -49,18 +53,17 @@ in ]; nativeBuildInputs = [ - git + jq python3 pkg-config - makeWrapper ]; meta = with lib; { - description = "A LDAP connector for Bitwarden"; + description = "LDAP connector for Bitwarden"; homepage = "https://github.com/bitwarden/directory-connector"; license = licenses.gpl3Only; maintainers = with maintainers; [Silver-Golden]; platforms = platforms.linux; - mainProgram = "${pname}"; + mainProgram = "bitwarden-directory-connector"; }; } diff --git a/applications/bitwarden/_bitwarden_sync_module.nix b/applications/bitwarden/_bitwarden_sync_module.nix index 7582397..939e403 100644 --- a/applications/bitwarden/_bitwarden_sync_module.nix +++ b/applications/bitwarden/_bitwarden_sync_module.nix @@ -1,37 +1,20 @@ { - pkgs, config, lib, + pkgs, ... }: with lib; let - cfg = config.services.bitwarden_directory_connector; - - ldap_data = builtins.toJSON cfg.ldap; - sync_data = builtins.toJSON cfg.sync; + cfg = config.services.bitwarden-directory-connector; in { - imports = []; - - options.services.bitwarden_directory_connector = { + options.services.bitwarden-directory-connector = { enable = mkEnableOption "Bitwarden Directory Connector"; - package = mkOption { - type = types.package; - default = pkgs.bitwarden-directory-connector; - defaultText = literalExpression "pkgs.bitwarden-directory-connector"; - description = lib.mdDoc "Reference to the Bitwarden Directory Connector package"; - example = literalExpression "pkgs.bitwarden-directory-connector-example"; - }; - - binary_name = mkOption { - type = types.str; - description = lib.mdDoc "The main binary for the connector."; - default = "bitwarden-directory-connector"; - }; + package = mkPackageOption pkgs "bitwarden-directory-connector" {}; domain = mkOption { type = types.str; - description = lib.mdDoc "The domain the Bitwarden/Vaultwarden is accessable on."; + description = lib.mdDoc "The domain the Bitwarden/Vaultwarden is accessible on."; example = "https://vaultwarden.example.com"; }; @@ -41,68 +24,71 @@ in { default = "bwdc"; }; - directory = mkOption { - type = types.str; - description = lib.mdDoc "Folder to store the config file."; - default = "/etc/bitwarden/bwdc"; - }; interval = mkOption { type = types.str; default = "*:0,15,30,45"; - description = lib.mdDoc "When to run the connector, OnCalendar syntax."; + description = lib.mdDoc "The interval when to run the connector. This uses systemd's OnCalendar syntax."; }; ldap = mkOption { - description = lib.mdDoc "Options to configurate LDAP."; - type = types.submodule { + description = lib.mdDoc "Options to configure the LDAP connection."; + default = {}; + + type = types.submodule ({ + config, + options, + ... + }: { freeformType = types.attrsOf (pkgs.formats.json {}).type; + config.finalJSON = builtins.toJSON (removeAttrs config (filter (x: x == "finalJSON" || ! options.${x}.isDefined or false) (attrNames options))); + options = { + finalJSON = mkOption { + type = (pkgs.formats.json {}).type; + internal = true; + readOnly = true; + visible = false; + }; + ssl = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Use SSL."; + description = lib.mdDoc "Whether to use TLS."; }; startTls = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Use STARTTLS."; - }; - sslAllowUnauthorized = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc ""; - }; - port = mkOption { - type = types.int; - default = 389; - description = lib.mdDoc "Port LDAP is accessable on"; - }; - currentUser = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Unknown what this does."; - }; - ad = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Is Active Directory."; - }; - pagedSearch = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "The LDAP server paginates search results."; + description = lib.mdDoc "Whether to use STARTTLS."; }; hostname = mkOption { type = types.str; - description = lib.mdDoc "The host the LDAP is accessable on."; + description = lib.mdDoc "The host the LDAP is accessible on."; example = "ldap.example.com"; }; + port = mkOption { + type = types.port; + default = 389; + description = lib.mdDoc "Port LDAP is accessible on."; + }; + + ad = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Whether the LDAP Server is an Active Directory."; + }; + + pagedSearch = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Whether the LDAP server paginates search results."; + }; + rootPath = mkOption { type = types.str; - description = lib.mdDoc "Root path for LDAP"; + description = lib.mdDoc "Root path for LDAP."; example = "dc=example,dc=com"; }; @@ -112,26 +98,43 @@ in { example = "cn=admin,dc=example,dc=com"; }; }; - }; + }); }; sync = mkOption { - description = lib.mdDoc "Options to configurate what gets synced."; - type = types.submodule { + description = lib.mdDoc "Options to configure what gets synced."; + default = {}; + + type = types.submodule ({ + config, + options, + ... + }: { freeformType = types.attrsOf (pkgs.formats.json {}).type; + config.finalJSON = builtins.toJSON (removeAttrs config (filter (x: x == "finalJSON" || ! options.${x}.isDefined or false) (attrNames options))); + options = { + finalJSON = mkOption { + type = (pkgs.formats.json {}).type; + internal = true; + readOnly = true; + visible = false; + }; + removeDisabled = mkOption { type = types.bool; default = true; description = lib.mdDoc "Remove users from bitwarden groups if no longer in the ldap group."; }; + overwriteExisting = mkOption { type = types.bool; default = false; description = lib.mdDoc "Remove and re-add users/groups, See https://bitwarden.com/help/user-group-filters/#overwriting-syncs for more details."; }; + largeImport = mkOption { type = types.bool; default = false; @@ -146,7 +149,7 @@ in { creationDateAttribute = mkOption { type = types.str; - description = lib.mdDoc "Attribute that lists a users creation date."; + description = lib.mdDoc "Attribute that lists a user's creation date."; example = "whenCreated"; }; @@ -157,13 +160,13 @@ in { }; emailPrefixAttribute = mkOption { type = types.str; - description = lib.mdDoc "Attribute that has a users username."; - default = "accountName"; + description = lib.mdDoc "The attribute that contains the users username."; + example = "accountName"; }; emailSuffix = mkOption { type = types.str; description = lib.mdDoc "Suffix for the email, normally @example.com."; - default = "@example.com"; + example = "@example.com"; }; users = mkOption { @@ -178,7 +181,7 @@ in { }; userObjectClass = mkOption { type = types.str; - description = lib.mdDoc "A class that users will have."; + description = lib.mdDoc "Class that users must have."; default = "inetOrgPerson"; }; userEmailAttribute = mkOption { @@ -188,7 +191,7 @@ in { }; userFilter = mkOption { type = types.str; - description = lib.mdDoc "Filter for users."; + description = lib.mdDoc "LDAP filter for users."; example = "(memberOf=cn=sales,ou=groups,dc=example,dc=com)"; default = ""; }; @@ -196,7 +199,7 @@ in { groups = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Sync groups."; + description = lib.mdDoc "Whether to sync ldap groups into BitWarden."; }; groupPath = mkOption { type = types.str; @@ -215,25 +218,26 @@ in { }; groupFilter = mkOption { type = types.str; - description = lib.mdDoc "Filter for groups."; + description = lib.mdDoc "LDAP filter for groups."; example = "(cn=sales)"; default = ""; }; }; - }; + }); }; secrets = { - ldap = mkOption rec { + ldap = mkOption { type = types.str; - description = "Auth for the LDAP, has value defined in {option}`pw_env"; + description = "Path to file that contains LDAP password for user in {option}`ldap.username"; }; + bitwarden = { - client_path_id = mkOption rec { + client_path_id = mkOption { type = types.str; description = "Path to file that contains Client ID."; }; - client_path_secret = mkOption rec { + client_path_secret = mkOption { type = types.str; description = "Path to file that contains Client Secret."; }; @@ -243,20 +247,16 @@ in { config = mkIf cfg.enable { users.groups."${cfg.user}" = {}; - users.users."${cfg.user}" = { - createHome = true; isSystemUser = true; - home = "${cfg.directory}"; - group = "${cfg.user}"; - homeMode = "711"; + group = cfg.user; }; systemd = { timers.bitwarden_directory_connector = { description = "Sync timer for Bitwarden Directory Connector"; wantedBy = ["timers.target"]; - partOf = ["bitwarden_directory_connector.service"]; + after = ["network-online.target"]; timerConfig = { OnCalendar = cfg.interval; Unit = "bitwarden_directory_connector.service"; @@ -266,62 +266,54 @@ in { services.bitwarden_directory_connector = { description = "Main process for Bitwarden Directory Connector"; - wantedBy = ["multi-user.target"]; - after = ["network-online.target"]; - wants = []; path = [pkgs.jq]; environment = { - BITWARDENCLI_CONNECTOR_APPDATA_DIR = cfg.directory; + BITWARDENCLI_CONNECTOR_APPDATA_DIR = "/tmp"; BITWARDENCLI_CONNECTOR_PLAINTEXT_SECRETS = "true"; }; serviceConfig = { Type = "oneshot"; User = "${cfg.user}"; - Group = "${cfg.user}"; + PrivateTmp = true; ExecStartPre = pkgs.writeShellScript "bitwarden_directory_connector-config" '' - # create the config file - ${cfg.package}/bin/${cfg.binary_name} data-file - touch -- ${escapeShellArg cfg.directory}/data.json.tmp - chmod 600 ${escapeShellArg cfg.directory}/data.json - chmod 600 -- ${escapeShellArg cfg.directory}/data.json.tmp + set -eo pipefail - ${cfg.package}/bin/${cfg.binary_name} config server ${cfg.domain} + # create the config file + ${lib.getExe cfg.package} data-file + touch /tmp/data.json.tmp + chmod 600 /tmp/data.json{,.tmp} + + ${lib.getExe cfg.package} config server ${cfg.domain} # now login to set credentials export BW_CLIENTID="$(< ${escapeShellArg cfg.secrets.bitwarden.client_path_id})" export BW_CLIENTSECRET="$(< ${escapeShellArg cfg.secrets.bitwarden.client_path_secret})" - ${cfg.package}/bin/${cfg.binary_name} login + ${lib.getExe cfg.package} login jq '.authenticatedAccounts[0] as $account | .[$account].directoryConfigurations.ldap |= $ldap_data | .[$account].directorySettings.organizationId |= $orgID | .[$account].directorySettings.sync |= $sync_data' \ - --argjson ldap_data ${escapeShellArg ldap_data} \ + --argjson ldap_data ${escapeShellArg cfg.ldap.finalJSON} \ --arg orgID "''${BW_CLIENTID//organization.}" \ - --argjson sync_data ${escapeShellArg sync_data} \ - ${escapeShellArg cfg.directory}/data.json \ - > ${escapeShellArg cfg.directory}/data.json.tmp + --argjson sync_data ${escapeShellArg cfg.sync.finalJSON} \ + /tmp/data.json \ + > /tmp/data.json.tmp - mv -f -- ${escapeShellArg cfg.directory}/data.json.tmp ${escapeShellArg cfg.directory}/data.json + mv -f /tmp/data.json.tmp /tmp/data.json # final config - ${cfg.package}/bin/${cfg.binary_name} config directory 0 - ${cfg.package}/bin/${cfg.binary_name} config ldap.password --secretfile ${cfg.secrets.ldap} + ${lib.getExe cfg.package} config directory 0 + ${lib.getExe cfg.package} config ldap.password --secretfile ${cfg.secrets.ldap} ''; - ExecStart = "${cfg.package}/bin/${cfg.binary_name} sync"; - - ExecStartPost = pkgs.writeShellScript "bitwarden_directory_connector-cleanup" '' - rm -f -- ${escapeShellArg cfg.directory}/data.json - ''; + ExecStart = "${lib.getExe cfg.package} sync"; }; }; }; }; - meta = with lib; { - maintainers = with maintainers; [Silver-Golden]; - }; + meta.maintainers = with maintainers; [Silver-Golden]; } diff --git a/applications/bitwarden/bitwarden_sync.nix b/applications/bitwarden/bitwarden_sync.nix index 4136b97..880d4fa 100644 --- a/applications/bitwarden/bitwarden_sync.nix +++ b/applications/bitwarden/bitwarden_sync.nix @@ -29,7 +29,7 @@ in { group = user; }; - services.bitwarden_directory_connector = { + services.bitwarden-directory-connector = { enable = true; user = user; From 8d43055ddf39b43f53762a15c4577f0611559ef2 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 20 Dec 2023 13:17:51 +0000 Subject: [PATCH 211/826] doc: updated server lists --- ITD_Firewall.csv | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ITD_Firewall.csv b/ITD_Firewall.csv index e187732..fe5e0b9 100644 --- a/ITD_Firewall.csv +++ b/ITD_Firewall.csv @@ -12,4 +12,7 @@ SKYNET00010,wheatly,193.1.99.78,wheatly,"","","",Gitlab Runner SKYNET00011,earth,193.1.99.79,earth,80/443,"",i23-06-19_525,Offical website host SKYNET00012,skynet,193.1.96.165,skynet/*.users,22 80/443,"",i23-06-30_024,Skynet server. (DMZ) SKYNET00013,neuromancer,193.1.99.80,neuromancer,"","","",Local Backup Server -SKYNET00014,cadie,193.1.99.77,cadie/nextcloud/onlyoffice.nextcloud,"","80/443",i23-10-27_014,"Services VM, has nextcloud to start with" \ No newline at end of file +SKYNET00014,cadie,193.1.99.77,cadie/nextcloud/onlyoffice.nextcloud,80/443,"",i23-10-27_014,"Services VM, has nextcloud to start with" +SKYNET00015,marvin,193.1.99.81,marvin,,,,Trainee testing server +SKYNET00016,optimus,193.1.99.99,,,,,Games server manager (replacing SKYNET00006 soon) +SKYNET00017,bumblebee,193.1.99.100,,,,,Game server - Minecraft \ No newline at end of file From 8e0ec537409365bdc045b4286c84d0338adeb799 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 20 Dec 2023 14:37:08 +0000 Subject: [PATCH 212/826] feat: bump nextcloud. Had to update packages which involved setting a interface for teh default gateway --- applications/nextcloud.nix | 4 ++-- flake.lock | 10 +++++----- flake.nix | 2 +- machines/_base.nix | 5 ++++- 4 files changed, 12 insertions(+), 9 deletions(-) diff --git a/applications/nextcloud.nix b/applications/nextcloud.nix index c15da62..c2662a2 100644 --- a/applications/nextcloud.nix +++ b/applications/nextcloud.nix @@ -76,7 +76,7 @@ in { services.nextcloud = { enable = true; - package = pkgs.nextcloud27; + package = pkgs.nextcloud28; hostName = domain; https = true; @@ -93,7 +93,7 @@ in { appstoreEnable = true; extraApps = with config.services.nextcloud.package.packages.apps; { - inherit files_markdown files_texteditor forms groupfolders mail maps news notes onlyoffice polls; + inherit forms groupfolders mail maps notes onlyoffice polls; }; extraOptions = { diff --git a/flake.lock b/flake.lock index 641696e..28d949b 100644 --- a/flake.lock +++ b/flake.lock @@ -110,14 +110,14 @@ "lastModified": 1698519699, "narHash": "sha256-GK8NGWeG2gf3z/ktT0rzDVfj1UsaXxDLcSWCz6tsYSY=", "owner": "compsoc1%2Fcompsoc", - "repo": "presentations", + "repo": "presentations%2Fpresentations", "rev": "7f451b04c5cffda1558e58f65a53dbc89a678446", "type": "gitlab" }, "original": { "host": "gitlab.skynet.ie", "owner": "compsoc1%2Fcompsoc", - "repo": "presentations", + "repo": "presentations%2Fpresentations", "type": "gitlab" } }, @@ -532,11 +532,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1696207572, - "narHash": "sha256-w24NTSMrc7bMIQP5Y8BFsKbpYjbRh/+ptf/9gCEFrKo=", + "lastModified": 1703081463, + "narHash": "sha256-Z7bWFPVZbX3Qdb7QMbaNpuhmQGx3eKKfj4d+12WnQno=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fe0b3b663e98c85db7f08ab3a4ac318c523c0684", + "rev": "1a499bdaea0401ec0512330c712b63a8c68a3704", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 9fac61a..6a1e690 100644 --- a/flake.nix +++ b/flake.nix @@ -72,7 +72,7 @@ type = "gitlab"; host = "gitlab.skynet.ie"; owner = "compsoc1%2Fcompsoc"; - repo = "presentations"; + repo = "presentations%2Fpresentations"; }; }; diff --git a/machines/_base.nix b/machines/_base.nix index 01aaf76..e52cbec 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -100,7 +100,10 @@ in { firewall.allowedTCPPorts = [22]; # explisitly stating this is good - defaultGateway = "193.1.99.65"; + defaultGateway = { + address= "193.1.99.65"; + interface = "eno1"; + }; # cannot use our own it seems? nameservers = [ From 82c0c4ae42274a6c838bec956b9d21777b3274cb Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 20 Dec 2023 14:41:55 +0000 Subject: [PATCH 213/826] fix: fmt --- machines/_base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/_base.nix b/machines/_base.nix index e52cbec..19eac78 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -101,7 +101,7 @@ in { # explisitly stating this is good defaultGateway = { - address= "193.1.99.65"; + address = "193.1.99.65"; interface = "eno1"; }; From 1e8b5a39306990ec82cf64cbee03a5bc249ed31e Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 20 Dec 2023 15:20:28 +0000 Subject: [PATCH 214/826] This is going to fail but will "fix" the build --- applications/bitwarden/_bitwarden-directory-connector.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/bitwarden/_bitwarden-directory-connector.nix b/applications/bitwarden/_bitwarden-directory-connector.nix index 95fd336..d7d92d4 100644 --- a/applications/bitwarden/_bitwarden-directory-connector.nix +++ b/applications/bitwarden/_bitwarden-directory-connector.nix @@ -22,7 +22,7 @@ in hash = "sha256-PlOtTh+rpTxAv8ajHBDHZuL7yeeLVpbAfKEDPQlejIg="; }; - postPatch = '' + patch = '' jq 'del(.scripts.preinstall)' package.json > package.json.tmp mv -f package.json{.tmp,} ''; From a8f6c1e80ea1ee1face360b23056940b47538003 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 20 Dec 2023 16:08:44 +0000 Subject: [PATCH 215/826] Revert "This is going to fail but will "fix" the build" This reverts commit 1e8b5a39306990ec82cf64cbee03a5bc249ed31e. --- applications/bitwarden/_bitwarden-directory-connector.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/bitwarden/_bitwarden-directory-connector.nix b/applications/bitwarden/_bitwarden-directory-connector.nix index d7d92d4..95fd336 100644 --- a/applications/bitwarden/_bitwarden-directory-connector.nix +++ b/applications/bitwarden/_bitwarden-directory-connector.nix @@ -22,7 +22,7 @@ in hash = "sha256-PlOtTh+rpTxAv8ajHBDHZuL7yeeLVpbAfKEDPQlejIg="; }; - patch = '' + postPatch = '' jq 'del(.scripts.preinstall)' package.json > package.json.tmp mv -f package.json{.tmp,} ''; From ca9e1871cc85a424796c5fb1f91f3cfaba49ddca Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 20 Dec 2023 16:10:41 +0000 Subject: [PATCH 216/826] fix: making sure we are on unstable and not master helped --- flake.lock | 8 ++++---- flake.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 28d949b..289eb74 100644 --- a/flake.lock +++ b/flake.lock @@ -532,16 +532,16 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1703081463, - "narHash": "sha256-Z7bWFPVZbX3Qdb7QMbaNpuhmQGx3eKKfj4d+12WnQno=", + "lastModified": 1703013332, + "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1a499bdaea0401ec0512330c712b63a8c68a3704", + "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "master", + "ref": "nixos-unstable", "type": "indirect" } }, diff --git a/flake.nix b/flake.nix index 6a1e690..b63aa6b 100644 --- a/flake.nix +++ b/flake.nix @@ -3,7 +3,7 @@ inputs = { # gonna start off with a fairly modern base - nixpkgs.url = "nixpkgs/master"; + nixpkgs.url = "nixpkgs/nixos-unstable"; # Return to using unstable once the current master is merged in # nixpkgs.url = "nixpkgs/nixos-unstable"; From 93c21d309302c83e7f4d837caf3fe5c4e41f93c2 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 20 Dec 2023 16:29:39 +0000 Subject: [PATCH 217/826] [skip ci] feat/fix: networking.hostName must be set for physical servers --- machines/hardware/_base.nix | 4 ++++ machines/vendetta.nix | 2 ++ 2 files changed, 6 insertions(+) diff --git a/machines/hardware/_base.nix b/machines/hardware/_base.nix index e9b831f..d984d8c 100644 --- a/machines/hardware/_base.nix +++ b/machines/hardware/_base.nix @@ -18,6 +18,10 @@ in { assertion = lists.any has_ip interfaces; message = "Must have a ip address set"; } + { + assertion = config.networking.hostName != "nixos"; + message = "Must have networking.hostName set"; + } ]; }; } diff --git a/machines/vendetta.nix b/machines/vendetta.nix index f54fab9..db68a37 100644 --- a/machines/vendetta.nix +++ b/machines/vendetta.nix @@ -23,6 +23,8 @@ in { ./hardware/RM002.nix ]; + networking.hostName = name; + deployment = { targetHost = ip_pub; targetPort = 22; From 7c4e83f60a0f6d5c3334e046f568887fce679433 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 21 Dec 2023 06:15:11 +0000 Subject: [PATCH 218/826] feat: this should allow #40 to work --- applications/email.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/applications/email.nix b/applications/email.nix index 6ad7770..7a9a568 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -87,11 +87,7 @@ with lib; let } { account = "skynet_topdesk"; - members = ["admin"]; - } - { - account = "topdesk"; - members = ["admin"]; + members = ["admin" "trainee"]; } ]; From 02dd11c8b44b86738340566330003149b02e966b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 22 Dec 2023 15:52:34 +0000 Subject: [PATCH 219/826] fix: ensure networking remains good --- applications/skynet_users.nix | 7 ++++++- machines/_base.nix | 2 +- machines/agentjones.nix | 17 ++++++++--------- machines/neuromancer.nix | 15 +++++++++------ machines/vendetta.nix | 18 ++++++++---------- 5 files changed, 32 insertions(+), 27 deletions(-) diff --git a/applications/skynet_users.nix b/applications/skynet_users.nix index d90d7df..66c3386 100644 --- a/applications/skynet_users.nix +++ b/applications/skynet_users.nix @@ -57,7 +57,12 @@ in { environment.systemPackages = [pkgs.vim]; - networking.firewall.allowedTCPPorts = [80 443]; + networking = { + defaultGateway = { + address = lib.mkDefault "193.1.96.161"; + interface = lib.mkDefault "eth1"; + }; + }; # normally services cannot read home dirs systemd.services.nginx.serviceConfig.ProtectHome = "read-only"; diff --git a/machines/_base.nix b/machines/_base.nix index 19eac78..4c40420 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -102,7 +102,7 @@ in { # explisitly stating this is good defaultGateway = { address = "193.1.99.65"; - interface = "eno1"; + interface = "eth0"; }; # cannot use our own it seems? diff --git a/machines/agentjones.nix b/machines/agentjones.nix index b2d14f4..51a5bc5 100644 --- a/machines/agentjones.nix +++ b/machines/agentjones.nix @@ -58,15 +58,14 @@ in { networking.hostName = name; # this has to be defined for any physical servers # vms are defined by teh vm host - networking.interfaces = { - eno1 = { - ipv4.addresses = [ - { - address = ip_pub; - prefixLength = 26; - } - ]; - }; + networking = { + defaultGateway.interface = lib.mkDefault "eno1"; + interfaces.eno1.ipv4.addresses = [ + { + address = ip_pub; + prefixLength = 26; + } + ]; }; # this server is teh firewall diff --git a/machines/neuromancer.nix b/machines/neuromancer.nix index 1e4d271..d355fd3 100644 --- a/machines/neuromancer.nix +++ b/machines/neuromancer.nix @@ -26,12 +26,15 @@ in { networking.hostName = name; # this has to be defined for any physical servers # vms are defined by teh vm host - networking.interfaces.eno1.ipv4.addresses = [ - { - address = ip_pub; - prefixLength = 26; - } - ]; + networking = { + defaultGateway.interface = lib.mkDefault "eno1"; + interfaces.eno1.ipv4.addresses = [ + { + address = ip_pub; + prefixLength = 26; + } + ]; + }; deployment = { targetHost = hostname; diff --git a/machines/vendetta.nix b/machines/vendetta.nix index db68a37..24f3d9a 100644 --- a/machines/vendetta.nix +++ b/machines/vendetta.nix @@ -35,16 +35,14 @@ in { networking = { # needs to have an address statically assigned - interfaces = { - eno1 = { - ipv4.addresses = [ - { - address = "193.1.99.120"; - prefixLength = 26; - } - ]; - }; - }; + + defaultGateway.interface = lib.mkDefault "eno1"; + interfaces.eno1.ipv4.addresses = [ + { + address = "193.1.99.120"; + prefixLength = 26; + } + ]; }; services.skynet_backup = { From 440ad7d209715b5813d943b84a078248d64f0b4b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 22 Dec 2023 18:19:27 +0000 Subject: [PATCH 220/826] fix: ensure networking remains good pat2 --- machines/agentjones.nix | 2 +- machines/neuromancer.nix | 2 +- machines/vendetta.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/machines/agentjones.nix b/machines/agentjones.nix index 51a5bc5..161b001 100644 --- a/machines/agentjones.nix +++ b/machines/agentjones.nix @@ -59,7 +59,7 @@ in { # this has to be defined for any physical servers # vms are defined by teh vm host networking = { - defaultGateway.interface = lib.mkDefault "eno1"; + defaultGateway.interface = lib.mkForce "eno1"; interfaces.eno1.ipv4.addresses = [ { address = ip_pub; diff --git a/machines/neuromancer.nix b/machines/neuromancer.nix index d355fd3..660f618 100644 --- a/machines/neuromancer.nix +++ b/machines/neuromancer.nix @@ -27,7 +27,7 @@ in { # this has to be defined for any physical servers # vms are defined by teh vm host networking = { - defaultGateway.interface = lib.mkDefault "eno1"; + defaultGateway.interface = lib.mkForce "eno1"; interfaces.eno1.ipv4.addresses = [ { address = ip_pub; diff --git a/machines/vendetta.nix b/machines/vendetta.nix index 24f3d9a..73effa3 100644 --- a/machines/vendetta.nix +++ b/machines/vendetta.nix @@ -36,7 +36,7 @@ in { networking = { # needs to have an address statically assigned - defaultGateway.interface = lib.mkDefault "eno1"; + defaultGateway.interface = lib.mkForce "eno1"; interfaces.eno1.ipv4.addresses = [ { address = "193.1.99.120"; From bb2a014b29410b1e353cc7d85816c16e67e96c01 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sun, 24 Dec 2023 22:29:04 +0000 Subject: [PATCH 221/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 289eb74..0298b78 100644 --- a/flake.lock +++ b/flake.lock @@ -679,11 +679,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1700497861, - "narHash": "sha256-ptX+6V+FqpWa8qdk3ufgYvbgG7SbrZaB3V8foCwpzv4=", + "lastModified": 1703456901, + "narHash": "sha256-tVhaMQP9u+yLxvUG2UtMTDgDLUxrAMPCdEzYbvPUSC0=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Fbackend", - "rev": "303885ef0d299a8e10276df7df6218db7b801552", + "rev": "48557488664f4dd8914931e63f399a2b4189bad3", "type": "gitlab" }, "original": { From 9c85fbbc003634dfab263052dfd029adfc24042b Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sun, 24 Dec 2023 23:30:38 +0000 Subject: [PATCH 222/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 0298b78..24eb95d 100644 --- a/flake.lock +++ b/flake.lock @@ -679,11 +679,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1703456901, - "narHash": "sha256-tVhaMQP9u+yLxvUG2UtMTDgDLUxrAMPCdEzYbvPUSC0=", + "lastModified": 1703460575, + "narHash": "sha256-AAuIOQV5Mq6V3nkKp/4R4+BOVDFQYrWBUMWpJsDfGQ0=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Fbackend", - "rev": "48557488664f4dd8914931e63f399a2b4189bad3", + "rev": "9924b2a2e8136af3721c3599cf0c7ea593981d94", "type": "gitlab" }, "original": { From f1782633cd88ec721808481985bd5cc6af999b40 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Wed, 27 Dec 2023 14:54:34 +0000 Subject: [PATCH 223/826] [skip ci] Updated flake for skynet_ldap_frontend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 24eb95d..66c6ae9 100644 --- a/flake.lock +++ b/flake.lock @@ -700,11 +700,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1699276277, - "narHash": "sha256-5XXmfjH4DiZpiSRSXhH3TPr3pV5c6SyqipuVmlZB6tM=", + "lastModified": 1703688569, + "narHash": "sha256-PsNaqhtxoJNcpGavWmyQ1bc5KhXKS6Bd6cMRs3Cjtkg=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Ffrontend", - "rev": "7ab4419132a8371327f6df1c58d28f42a285a02d", + "rev": "520464b73d5938ebf1adc5922f02610f4f77e95d", "type": "gitlab" }, "original": { From 351f6b22da4245d5d086d18aad36f0ce4d1c58d4 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 27 Dec 2023 15:48:58 +0000 Subject: [PATCH 224/826] fix: feedback from https://github.com/NixOS/nixpkgs/pull/265783 --- .../_bitwarden-directory-connector.nix | 4 +--- .../bitwarden/_bitwarden_sync_module.nix | 18 ++++++++++++------ 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/applications/bitwarden/_bitwarden-directory-connector.nix b/applications/bitwarden/_bitwarden-directory-connector.nix index 95fd336..ba4f44c 100644 --- a/applications/bitwarden/_bitwarden-directory-connector.nix +++ b/applications/bitwarden/_bitwarden-directory-connector.nix @@ -2,7 +2,6 @@ lib, buildNpmPackage, fetchFromGitHub, - pkgs, jq, python3, pkg-config, @@ -23,7 +22,7 @@ in }; postPatch = '' - jq 'del(.scripts.preinstall)' package.json > package.json.tmp + ${lib.getExe jq} 'del(.scripts.preinstall)' package.json > package.json.tmp mv -f package.json{.tmp,} ''; @@ -53,7 +52,6 @@ in ]; nativeBuildInputs = [ - jq python3 pkg-config ]; diff --git a/applications/bitwarden/_bitwarden_sync_module.nix b/applications/bitwarden/_bitwarden_sync_module.nix index 939e403..0d57662 100644 --- a/applications/bitwarden/_bitwarden_sync_module.nix +++ b/applications/bitwarden/_bitwarden_sync_module.nix @@ -31,7 +31,10 @@ in { }; ldap = mkOption { - description = lib.mdDoc "Options to configure the LDAP connection."; + description = lib.mdDoc '' + Options to configure the LDAP connection. + If you used the desktop application to test the configuration you can find the settings by searching for `ldap` in `~/.config/Bitwarden\ Directory\ Connector/data.json`. + ''; default = {}; type = types.submodule ({ @@ -102,7 +105,10 @@ in { }; sync = mkOption { - description = lib.mdDoc "Options to configure what gets synced."; + description = lib.mdDoc '' + Options to configure what gets synced. + If you used the desktop application to test the configuration you can find the settings by searching for `sync` in `~/.config/Bitwarden\ Directory\ Connector/data.json`. + ''; default = {}; type = types.submodule ({ @@ -253,18 +259,18 @@ in { }; systemd = { - timers.bitwarden_directory_connector = { + timers.bitwarden-directory-connector = { description = "Sync timer for Bitwarden Directory Connector"; wantedBy = ["timers.target"]; after = ["network-online.target"]; timerConfig = { OnCalendar = cfg.interval; - Unit = "bitwarden_directory_connector.service"; + Unit = "bitwarden-directory-connector.service"; Persistent = true; }; }; - services.bitwarden_directory_connector = { + services.bitwarden-directory-connector = { description = "Main process for Bitwarden Directory Connector"; path = [pkgs.jq]; @@ -277,7 +283,7 @@ in { Type = "oneshot"; User = "${cfg.user}"; PrivateTmp = true; - ExecStartPre = pkgs.writeShellScript "bitwarden_directory_connector-config" '' + preStart = '' set -eo pipefail # create the config file From 54529e0d21c6f122f5638a60f06c1910fcdfbf5f Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 27 Dec 2023 16:52:54 +0000 Subject: [PATCH 225/826] fix: hopefully this will stop it needing to rebuild so often --- machines/_base.nix | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/machines/_base.nix b/machines/_base.nix index 4c40420..f0e5167 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -55,14 +55,16 @@ in { }; # https://nixos.wiki/wiki/Storage_optimization - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - }; + # gc = { + # automatic = true; + # dates = "weekly"; + # options = "--delete-older-than 30d"; + # }; + + # to free up to 10GiB whenever there is less than 1GiB left extraOptions = '' - min-free = ${toString (100 * 1024 * 1024)} - max-free = ${toString (1024 * 1024 * 1024)} + min-free = ${toString (1024 * 1024 * 1024)} + max-free = ${toString (1024 * 1024 * 1024 * 10)} ''; }; From f5dcdf7547dde1cc7bf5cba6df24ffaf70a6922a Mon Sep 17 00:00:00 2001 From: runner_nix Date: Wed, 27 Dec 2023 17:19:03 +0000 Subject: [PATCH 226/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 66c6ae9..6283177 100644 --- a/flake.lock +++ b/flake.lock @@ -679,11 +679,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1703460575, - "narHash": "sha256-AAuIOQV5Mq6V3nkKp/4R4+BOVDFQYrWBUMWpJsDfGQ0=", + "lastModified": 1703696689, + "narHash": "sha256-ZGHn1Ad6A5mc1juho3DI5urUxSg1g17mlt9xPCqeoQk=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Fbackend", - "rev": "9924b2a2e8136af3721c3599cf0c7ea593981d94", + "rev": "7ff179f5f23f2516487b14ac6bc008b4ca9f826f", "type": "gitlab" }, "original": { From 07601f708c421618ad56de778dbfe0d3a219aa64 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 27 Dec 2023 21:16:30 +0000 Subject: [PATCH 227/826] feat: setup script to sync repos Related to #50 --- .gitlab-ci.yml | 15 +++++++++++++-- sync/.gitignore | 2 ++ sync/README.md | 2 ++ sync/repos.csv | 2 ++ sync/sync.sh | 41 +++++++++++++++++++++++++++++++++++++++++ 5 files changed, 60 insertions(+), 2 deletions(-) create mode 100644 sync/.gitignore create mode 100644 sync/README.md create mode 100644 sync/repos.csv create mode 100644 sync/sync.sh diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 285b964..a431299 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,7 +1,7 @@ # borrowed from https://gitlab.com/nix17/nixos-config/-/blob/main/.gitlab-ci.yml stages: - - flake + - misc - test - deploy - deploy_gitlab @@ -11,7 +11,7 @@ stages: # $PACKAGE_NAME = name of the flake that needs to be updated # $UPDATE_FLAKE = flag to update the flake update: - stage: flake + stage: misc tags: - nix # from https://forum.gitlab.com/t/git-push-from-inside-a-gitlab-runner/30554/5 @@ -40,6 +40,17 @@ update: variables: - $UPDATE_FLAKE == "yes" +sync_repos: + stage: misc + image: registry.gitlab.com/gitlab-ci-utils/curl-jq:2.0.0 + script: + - cd sync + - chmod +x ./sync.sh + - ./sync.sh + rules: + - changes: + - sync/repos.csv + .scripts_base: &scripts_base # load nix environment - git pull origin $CI_COMMIT_REF_NAME diff --git a/sync/.gitignore b/sync/.gitignore new file mode 100644 index 0000000..6b8afe3 --- /dev/null +++ b/sync/.gitignore @@ -0,0 +1,2 @@ +/.idea +.env \ No newline at end of file diff --git a/sync/README.md b/sync/README.md new file mode 100644 index 0000000..a9cae7d --- /dev/null +++ b/sync/README.md @@ -0,0 +1,2 @@ +# Repo Sync +This subdir is intended for syncing repos on with \ No newline at end of file diff --git a/sync/repos.csv b/sync/repos.csv new file mode 100644 index 0000000..25a4da2 --- /dev/null +++ b/sync/repos.csv @@ -0,0 +1,2 @@ +id_local, remote_url +4,https://gitlab.com/compsoc1/skynet/nixos.git diff --git a/sync/sync.sh b/sync/sync.sh new file mode 100644 index 0000000..7fbc83e --- /dev/null +++ b/sync/sync.sh @@ -0,0 +1,41 @@ +#!/bin/bash + +Mirror-Clear(){ + # existing remotes + local response=$(curl -s -X "GET" "https://gitlab.skynet.ie/api/v4/projects/$1/remote_mirrors" --header "PRIVATE-TOKEN: $TOKEN") + + # https://stackoverflow.com/a/67638584 + readarray -t local my_array < <(jq -c '.[]' <<< $response) + # iterate through the Bash array + for item in "${my_array[@]}"; do + local id=$(jq --raw-output '.id' <<< "$item") + curl -s -X "DELETE" "https://gitlab.skynet.ie/api/v4/projects/$1/remote_mirrors/$id" --header "PRIVATE-TOKEN: $TOKEN" + done +} + +Mirror-Create(){ + # make sure the values are clean of extra characters + local ID=${1} + local REPO_TMP=$(tr -d '\n\t\r ' <<<"${2}" ) + local token=$(tr -d '\n\t\r ' <<<"$TOKEN" ) + local REPO=${REPO_TMP#"https://"} + + local body="url=https://oauth2:$token@$REPO&enabled=true&only_protected_branches=false&keep_divergent_refs=false" + local uri="https://gitlab.skynet.ie/api/v4/projects/$id/remote_mirrors" + echo $uri + local tmp="" + curl -sS -X "POST" "$uri" --header "PRIVATE-TOKEN: $token" --data $body > tmp +} + +Main() { + # for local dev + source .env + + while IFS="," read -r id remote + do + Mirror-Clear $id + Mirror-Create $id $remote + done < <(tail -n +2 ./repos.csv) +} + +Main \ No newline at end of file From 0fc2b7ee6aaf80b96672241dd3dc6ddd4a8d0032 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 27 Dec 2023 21:20:36 +0000 Subject: [PATCH 228/826] fix: had incorrect token parms --- sync/sync.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/sync/sync.sh b/sync/sync.sh index 7fbc83e..ea9902e 100644 --- a/sync/sync.sh +++ b/sync/sync.sh @@ -17,14 +17,13 @@ Mirror-Create(){ # make sure the values are clean of extra characters local ID=${1} local REPO_TMP=$(tr -d '\n\t\r ' <<<"${2}" ) - local token=$(tr -d '\n\t\r ' <<<"$TOKEN" ) local REPO=${REPO_TMP#"https://"} - local body="url=https://oauth2:$token@$REPO&enabled=true&only_protected_branches=false&keep_divergent_refs=false" + local body="url=https://oauth2:$TOKEN_REMOTE@$REPO&enabled=true&only_protected_branches=false&keep_divergent_refs=false" local uri="https://gitlab.skynet.ie/api/v4/projects/$id/remote_mirrors" echo $uri local tmp="" - curl -sS -X "POST" "$uri" --header "PRIVATE-TOKEN: $token" --data $body > tmp + curl -sS -X "POST" "$uri" --header "PRIVATE-TOKEN: $TOKEN" --data $body > tmp } Main() { From 61adbabe78c43941a33b046f21e2048af0a39cef Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 27 Dec 2023 21:41:45 +0000 Subject: [PATCH 229/826] doc: updated documentation --- sync/README.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/sync/README.md b/sync/README.md index a9cae7d..ea72e84 100644 --- a/sync/README.md +++ b/sync/README.md @@ -1,2 +1,12 @@ # Repo Sync -This subdir is intended for syncing repos on with \ No newline at end of file +This subdir is intended for syncing repos on with + +## Tokens +Tokens have a lifetime of a year. + +| Site | User | Location | Scopes | Expiry | +|--------|-----------|-------------------------------------------------------------------|--------|------------| +| Gitlab | ulcompsoc | https://gitlab.com/-/user_settings/personal_access_tokens | api | 2024-12-26 | +| Skynet | compsoc | https://gitlab.skynet.ie/groups/compsoc1/-/settings/access_tokens | api | 2024-12-26 | + +They are then stored in https://gitlab.skynet.ie/compsoc1/skynet/nixos/-/settings/ci_cd as ``TOKEN`` and ``TOKEN_REMOTE`` \ No newline at end of file From 4bcaaa25d72b8a2a651ee3c2233c0b2f846ef934 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 27 Dec 2023 21:42:14 +0000 Subject: [PATCH 230/826] fic: should now be working properly --- sync/sync.sh | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/sync/sync.sh b/sync/sync.sh index ea9902e..4bb5df3 100644 --- a/sync/sync.sh +++ b/sync/sync.sh @@ -2,28 +2,33 @@ Mirror-Clear(){ # existing remotes - local response=$(curl -s -X "GET" "https://gitlab.skynet.ie/api/v4/projects/$1/remote_mirrors" --header "PRIVATE-TOKEN: $TOKEN") + local id=$(tr -d '\n\t\r ' <<<"${1}" ) + local token=$(tr -d '\n\t\r ' <<<"$TOKEN" ) + local response=$(curl -X "GET" "https://gitlab.skynet.ie/api/v4/projects/$id/remote_mirrors" --header "PRIVATE-TOKEN: $token") # https://stackoverflow.com/a/67638584 - readarray -t local my_array < <(jq -c '.[]' <<< $response) + readarray -t my_array < <(jq -c '.[]' <<< $response) # iterate through the Bash array for item in "${my_array[@]}"; do - local id=$(jq --raw-output '.id' <<< "$item") - curl -s -X "DELETE" "https://gitlab.skynet.ie/api/v4/projects/$1/remote_mirrors/$id" --header "PRIVATE-TOKEN: $TOKEN" + local id_mirror=$(jq --raw-output '.id' <<< "$item") + curl -X "DELETE" "https://gitlab.skynet.ie/api/v4/projects/$id/remote_mirrors/$id_mirror" --header "PRIVATE-TOKEN: $token" done } Mirror-Create(){ # make sure the values are clean of extra characters - local ID=${1} + local id=$(tr -d '\n\t\r ' <<<"${1}" ) local REPO_TMP=$(tr -d '\n\t\r ' <<<"${2}" ) local REPO=${REPO_TMP#"https://"} + local token=$(tr -d '\n\t\r ' <<<"$TOKEN" ) + local token_remote=$(tr -d '\n\t\r ' <<<"$TOKEN_REMOTE" ) - local body="url=https://oauth2:$TOKEN_REMOTE@$REPO&enabled=true&only_protected_branches=false&keep_divergent_refs=false" + local body="url=https://oauth2:$token_remote@$REPO&enabled=true&only_protected_branches=false&keep_divergent_refs=false" local uri="https://gitlab.skynet.ie/api/v4/projects/$id/remote_mirrors" echo $uri + echo $body local tmp="" - curl -sS -X "POST" "$uri" --header "PRIVATE-TOKEN: $TOKEN" --data $body > tmp + curl -X "POST" "$uri" --header "PRIVATE-TOKEN: $token" --data $body } Main() { From f116c3fb252c086b5d3ef992d15e9619b75fd07a Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 27 Dec 2023 21:43:51 +0000 Subject: [PATCH 231/826] feat: add backend to test --- sync/repos.csv | 1 + 1 file changed, 1 insertion(+) diff --git a/sync/repos.csv b/sync/repos.csv index 25a4da2..8fc79e6 100644 --- a/sync/repos.csv +++ b/sync/repos.csv @@ -1,2 +1,3 @@ id_local, remote_url 4,https://gitlab.com/compsoc1/skynet/nixos.git +9,https://gitlab.com/compsoc1/skynet/ldap/backend.git \ No newline at end of file From 8fecc941c7f63ad7468862f179c94e81168cdc63 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 27 Dec 2023 21:53:26 +0000 Subject: [PATCH 232/826] fix: this should now work (?) --- sync/README.md | 4 ++++ sync/repos.csv | 2 +- sync/sync.sh | 1 - 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/sync/README.md b/sync/README.md index ea72e84..6e7c3f7 100644 --- a/sync/README.md +++ b/sync/README.md @@ -1,6 +1,10 @@ # Repo Sync This subdir is intended for syncing repos on with +## CSV file +This file is in the format of local id and remote link. +It must end on a newline + ## Tokens Tokens have a lifetime of a year. diff --git a/sync/repos.csv b/sync/repos.csv index 8fc79e6..354a175 100644 --- a/sync/repos.csv +++ b/sync/repos.csv @@ -1,3 +1,3 @@ id_local, remote_url 4,https://gitlab.com/compsoc1/skynet/nixos.git -9,https://gitlab.com/compsoc1/skynet/ldap/backend.git \ No newline at end of file +9,https://gitlab.com/compsoc1/skynet/ldap/backend.git diff --git a/sync/sync.sh b/sync/sync.sh index 4bb5df3..4ada4b6 100644 --- a/sync/sync.sh +++ b/sync/sync.sh @@ -26,7 +26,6 @@ Mirror-Create(){ local body="url=https://oauth2:$token_remote@$REPO&enabled=true&only_protected_branches=false&keep_divergent_refs=false" local uri="https://gitlab.skynet.ie/api/v4/projects/$id/remote_mirrors" echo $uri - echo $body local tmp="" curl -X "POST" "$uri" --header "PRIVATE-TOKEN: $token" --data $body } From e67595a7c4fec052663a2d3172931c1ea5ea174c Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 27 Dec 2023 21:57:16 +0000 Subject: [PATCH 233/826] fix: make the download meter silent --- sync/sync.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sync/sync.sh b/sync/sync.sh index 4ada4b6..ff5a66d 100644 --- a/sync/sync.sh +++ b/sync/sync.sh @@ -4,14 +4,14 @@ Mirror-Clear(){ # existing remotes local id=$(tr -d '\n\t\r ' <<<"${1}" ) local token=$(tr -d '\n\t\r ' <<<"$TOKEN" ) - local response=$(curl -X "GET" "https://gitlab.skynet.ie/api/v4/projects/$id/remote_mirrors" --header "PRIVATE-TOKEN: $token") + local response=$(curl -s -X "GET" "https://gitlab.skynet.ie/api/v4/projects/$id/remote_mirrors" --header "PRIVATE-TOKEN: $token") # https://stackoverflow.com/a/67638584 readarray -t my_array < <(jq -c '.[]' <<< $response) # iterate through the Bash array for item in "${my_array[@]}"; do local id_mirror=$(jq --raw-output '.id' <<< "$item") - curl -X "DELETE" "https://gitlab.skynet.ie/api/v4/projects/$id/remote_mirrors/$id_mirror" --header "PRIVATE-TOKEN: $token" + curl -s -X "DELETE" "https://gitlab.skynet.ie/api/v4/projects/$id/remote_mirrors/$id_mirror" --header "PRIVATE-TOKEN: $token" done } @@ -27,7 +27,7 @@ Mirror-Create(){ local uri="https://gitlab.skynet.ie/api/v4/projects/$id/remote_mirrors" echo $uri local tmp="" - curl -X "POST" "$uri" --header "PRIVATE-TOKEN: $token" --data $body + curl -s -X "POST" "$uri" --header "PRIVATE-TOKEN: $token" --data $body } Main() { From 225033130c15e38c621a2beff2cb58ccaa892f65 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 27 Dec 2023 22:11:26 +0000 Subject: [PATCH 234/826] feat: finished listing the repos, should be all good now Closes #50 --- sync/repos.csv | 14 ++++++++++++-- sync/sync.sh | 3 ++- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/sync/repos.csv b/sync/repos.csv index 354a175..53ca74b 100644 --- a/sync/repos.csv +++ b/sync/repos.csv @@ -1,3 +1,13 @@ id_local, remote_url -4,https://gitlab.com/compsoc1/skynet/nixos.git -9,https://gitlab.com/compsoc1/skynet/ldap/backend.git +4, https://gitlab.com/compsoc1/skynet/nixos.git +9, https://gitlab.com/compsoc1/skynet/ldap/backend.git +10, https://gitlab.com/compsoc1/skynet/ldap/frontend.git +13, https://gitlab.com/compsoc1/skynet/website/2023.git +14, https://gitlab.com/compsoc1/skynet/website/2016.git +17, https://gitlab.com/compsoc1/skynet/website/alumni-renew.git +18, https://gitlab.com/compsoc1/compsoc/constitution.git +20, https://gitlab.com/compsoc1/compsoc/presentations/presentations.git +21, https://gitlab.com/compsoc1/skynet/discord-bot.git +22, https://gitlab.com/compsoc1/skynet/scripts.git +29, https://gitlab.com/compsoc1/skynet/website/games.skynet.ie.git +44, https://gitlab.com/compsoc1/compsoc/presentations/python_catchup.git diff --git a/sync/sync.sh b/sync/sync.sh index ff5a66d..ba42cf4 100644 --- a/sync/sync.sh +++ b/sync/sync.sh @@ -26,8 +26,9 @@ Mirror-Create(){ local body="url=https://oauth2:$token_remote@$REPO&enabled=true&only_protected_branches=false&keep_divergent_refs=false" local uri="https://gitlab.skynet.ie/api/v4/projects/$id/remote_mirrors" echo $uri - local tmp="" curl -s -X "POST" "$uri" --header "PRIVATE-TOKEN: $token" --data $body + # to put output on a new line + echo "" } Main() { From 08144baa42a39860f2f16ddbb21b8d0cf30fcc49 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 27 Dec 2023 22:49:39 +0000 Subject: [PATCH 235/826] feat: will now only update teh links if they change, or if an override is passed --- .gitlab-ci.yml | 1 + sync/.gitignore | 4 +++- sync/sync.sh | 18 +++++++++++++++++- 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a431299..f9d6ad4 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -48,6 +48,7 @@ sync_repos: - chmod +x ./sync.sh - ./sync.sh rules: + - if: '$SYNC_OVERRIDE == "true"' - changes: - sync/repos.csv diff --git a/sync/.gitignore b/sync/.gitignore index 6b8afe3..a153487 100644 --- a/sync/.gitignore +++ b/sync/.gitignore @@ -1,2 +1,4 @@ /.idea -.env \ No newline at end of file +.env +repos_active.csv +repos_diff.csv \ No newline at end of file diff --git a/sync/sync.sh b/sync/sync.sh index ba42cf4..87c27e5 100644 --- a/sync/sync.sh +++ b/sync/sync.sh @@ -1,5 +1,13 @@ #!/bin/bash +Get-Existing(){ + curl -s "https://gitlab.skynet.ie/compsoc1/skynet/nixos/-/raw/main/sync/repos.csv" -o "./repos_active.csv" +} + +Get-Diff(){ + diff --changed-group-format='%<' --unchanged-group-format='' repos.csv repos_active.csv > repos_diff.csv +} + Mirror-Clear(){ # existing remotes local id=$(tr -d '\n\t\r ' <<<"${1}" ) @@ -35,11 +43,19 @@ Main() { # for local dev source .env + # if SYNC_OVERRIDE is not set then + if [ -z "${SYNC_OVERRIDE}" ]; then + Get-Existing + Get-Diff + else + cp repos.csv repos_diff.csv + fi + while IFS="," read -r id remote do Mirror-Clear $id Mirror-Create $id $remote - done < <(tail -n +2 ./repos.csv) + done < <(tail -n +2 ./repos_diff.csv) } Main \ No newline at end of file From c84951252fe16ab090628b3e1a1c625636576d6a Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 27 Dec 2023 23:04:26 +0000 Subject: [PATCH 236/826] doc: added instructions on how to force a new linking for teh sync --- sync/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sync/README.md b/sync/README.md index 6e7c3f7..ab02597 100644 --- a/sync/README.md +++ b/sync/README.md @@ -13,4 +13,6 @@ Tokens have a lifetime of a year. | Gitlab | ulcompsoc | https://gitlab.com/-/user_settings/personal_access_tokens | api | 2024-12-26 | | Skynet | compsoc | https://gitlab.skynet.ie/groups/compsoc1/-/settings/access_tokens | api | 2024-12-26 | -They are then stored in https://gitlab.skynet.ie/compsoc1/skynet/nixos/-/settings/ci_cd as ``TOKEN`` and ``TOKEN_REMOTE`` \ No newline at end of file +They are then stored in https://gitlab.skynet.ie/compsoc1/skynet/nixos/-/settings/ci_cd as ``TOKEN`` and ``TOKEN_REMOTE`` + +After the tokens have been regenerated head to https://gitlab.skynet.ie/compsoc1/skynet/nixos/-/pipelines/new and use the var ``SYNC_OVERRIDE`` with value ``true`` to force an update of all the links. \ No newline at end of file From a19d1cc9154e691ab97f9cf8a181b2c90541a7a4 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 29 Dec 2023 14:09:27 +0000 Subject: [PATCH 237/826] fix: Using a temp local module until https://github.com/NixOS/nixpkgs/pull/277382 is complete --- applications/nextcloud.nix | 1 + applications/nextcloud_.nix | 1289 +++++++++++++++++++++++++++++++++++ flake.lock | 6 +- 3 files changed, 1293 insertions(+), 3 deletions(-) create mode 100644 applications/nextcloud_.nix diff --git a/applications/nextcloud.nix b/applications/nextcloud.nix index c2662a2..06c01aa 100644 --- a/applications/nextcloud.nix +++ b/applications/nextcloud.nix @@ -12,6 +12,7 @@ in { ./acme.nix ./dns.nix ./nginx.nix + ./nextcloud_.nix ]; options.services.skynet_nextcloud = { diff --git a/applications/nextcloud_.nix b/applications/nextcloud_.nix new file mode 100644 index 0000000..2b2ac9d --- /dev/null +++ b/applications/nextcloud_.nix @@ -0,0 +1,1289 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.services.nextcloud; + fpm = config.services.phpfpm.pools.nextcloud; + + jsonFormat = pkgs.formats.json {}; + + defaultPHPSettings = { + short_open_tag = "Off"; + expose_php = "Off"; + error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT"; + display_errors = "stderr"; + "opcache.enable_cli" = "1"; + "opcache.interned_strings_buffer" = "8"; + "opcache.max_accelerated_files" = "10000"; + "opcache.memory_consumption" = "128"; + "opcache.revalidate_freq" = "1"; + "opcache.fast_shutdown" = "1"; + "openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt"; + catch_workers_output = "yes"; + }; + + appStores = { + # default apps bundled with pkgs.nextcloudXX, e.g. files, contacts + apps = { + enabled = true; + writable = false; + }; + # apps installed via cfg.extraApps + nix-apps = { + enabled = cfg.extraApps != {}; + linkTarget = "${pkgs.linkFarm "nix-apps" + (mapAttrsToList (name: path: {inherit name path;}) cfg.extraApps)}"; + writable = false; + }; + # apps installed via the app store. + store-apps = { + enabled = cfg.appstoreEnable == null || cfg.appstoreEnable; + linkTarget = "${cfg.home}/store-apps"; + writable = true; + }; + }; + + webroot = + pkgs.runCommand + "${cfg.package.name or "nextcloud"}-with-apps" + {nativeBuildInputs = [pkgs.xorg.lndir];} + '' + mkdir $out + pushd "$out" &>/dev/null + lndir "${cfg.package}" + popd &>/dev/null + ${concatStrings + (mapAttrsToList (name: store: + optionalString (store.enabled && store ? linkTarget) '' + if [ -e "$out"/${name} ]; then + echo "Didn't expect ${name} already in $out!" + exit 1 + fi + ln -sfTv ${store.linkTarget} "$out"/${name} + '') + appStores)} + ''; + + inherit (cfg) datadir; + + phpPackage = cfg.phpPackage.buildEnv { + extensions = { + enabled, + all, + }: + ( + with all; + enabled + ++ [bz2 intl sodium] # recommended + ++ optional cfg.enableImagemagick imagick + # Optionally enabled depending on caching settings + ++ optional cfg.caching.apcu apcu + ++ optional cfg.caching.redis redis + ++ optional cfg.caching.memcached memcached + ) + ++ cfg.phpExtraExtensions all; # Enabled by user + extraConfig = toKeyValue cfg.phpOptions; + }; + + toKeyValue = generators.toKeyValue { + mkKeyValue = generators.mkKeyValueDefault {} " = "; + }; + + occ = pkgs.writeScriptBin "nextcloud-occ" '' + #! ${pkgs.runtimeShell} + cd ${webroot} + sudo=exec + if [[ "$USER" != nextcloud ]]; then + sudo='exec /run/wrappers/bin/sudo -u nextcloud --preserve-env=NEXTCLOUD_CONFIG_DIR --preserve-env=OC_PASS' + fi + export NEXTCLOUD_CONFIG_DIR="${datadir}/config" + $sudo \ + ${phpPackage}/bin/php \ + occ "$@" + ''; + + inherit (config.system) stateVersion; + + mysqlLocal = cfg.database.createLocally && cfg.config.dbtype == "mysql"; + pgsqlLocal = cfg.database.createLocally && cfg.config.dbtype == "pgsql"; + + # https://github.com/nextcloud/documentation/pull/11179 + ocmProviderIsNotAStaticDirAnymore = + versionAtLeast cfg.package.version "27.1.2" + || (versionOlder cfg.package.version "27.0.0" + && versionAtLeast cfg.package.version "26.0.8"); +in { + disabledModules = ["services/web-apps/nextcloud.nix"]; + + imports = [ + (mkRemovedOptionModule ["services" "nextcloud" "config" "adminpass"] '' + Please use `services.nextcloud.config.adminpassFile' instead! + '') + (mkRemovedOptionModule ["services" "nextcloud" "config" "dbpass"] '' + Please use `services.nextcloud.config.dbpassFile' instead! + '') + (mkRemovedOptionModule ["services" "nextcloud" "nginx" "enable"] '' + The nextcloud module supports `nginx` as reverse-proxy by default and doesn't + support other reverse-proxies officially. + + However it's possible to use an alternative reverse-proxy by + + * disabling nginx + * setting `listen.owner` & `listen.group` in the phpfpm-pool to a different value + + Further details about this can be found in the `Nextcloud`-section of the NixOS-manual + (which can be opened e.g. by running `nixos-help`). + '') + (mkRemovedOptionModule ["services" "nextcloud" "enableBrokenCiphersForSSE"] '' + This option has no effect since there's no supported Nextcloud version packaged here + using OpenSSL for RC4 SSE. + '') + (mkRemovedOptionModule ["services" "nextcloud" "disableImagemagick"] '' + Use services.nextcloud.enableImagemagick instead. + '') + ]; + + options.services.nextcloud = { + enable = mkEnableOption (lib.mdDoc "nextcloud"); + + hostName = mkOption { + type = types.str; + description = lib.mdDoc "FQDN for the nextcloud instance."; + }; + home = mkOption { + type = types.str; + default = "/var/lib/nextcloud"; + description = lib.mdDoc "Storage path of nextcloud."; + }; + datadir = mkOption { + type = types.str; + default = config.services.nextcloud.home; + defaultText = literalExpression "config.services.nextcloud.home"; + description = lib.mdDoc '' + Nextcloud's data storage path. Will be [](#opt-services.nextcloud.home) by default. + This folder will be populated with a config.php file and a data folder which contains the state of the instance (excluding the database)."; + ''; + example = "/mnt/nextcloud-file"; + }; + extraApps = mkOption { + type = types.attrsOf types.package; + default = {}; + description = lib.mdDoc '' + Extra apps to install. Should be an attrSet of appid to packages generated by fetchNextcloudApp. + The appid must be identical to the "id" value in the apps appinfo/info.xml. + Using this will disable the appstore to prevent Nextcloud from updating these apps (see [](#opt-services.nextcloud.appstoreEnable)). + ''; + example = literalExpression '' + { + inherit (pkgs.nextcloud25Packages.apps) mail calendar contact; + phonetrack = pkgs.fetchNextcloudApp { + name = "phonetrack"; + sha256 = "0qf366vbahyl27p9mshfma1as4nvql6w75zy2zk5xwwbp343vsbc"; + url = "https://gitlab.com/eneiluj/phonetrack-oc/-/wikis/uploads/931aaaf8dca24bf31a7e169a83c17235/phonetrack-0.6.9.tar.gz"; + version = "0.6.9"; + }; + } + ''; + }; + extraAppsEnable = mkOption { + type = types.bool; + default = true; + description = lib.mdDoc '' + Automatically enable the apps in [](#opt-services.nextcloud.extraApps) every time Nextcloud starts. + If set to false, apps need to be enabled in the Nextcloud web user interface or with `nextcloud-occ app:enable`. + ''; + }; + appstoreEnable = mkOption { + type = types.nullOr types.bool; + default = null; + example = true; + description = lib.mdDoc '' + Allow the installation and updating of apps from the Nextcloud appstore. + Enabled by default unless there are packages in [](#opt-services.nextcloud.extraApps). + Set this to true to force enable the store even if [](#opt-services.nextcloud.extraApps) is used. + Set this to false to disable the installation of apps from the global appstore. App management is always enabled regardless of this setting. + ''; + }; + logLevel = mkOption { + type = types.ints.between 0 4; + default = 2; + description = lib.mdDoc '' + Log level value between 0 (DEBUG) and 4 (FATAL). + + - 0 (debug): Log all activity. + + - 1 (info): Log activity such as user logins and file activities, plus warnings, errors, and fatal errors. + + - 2 (warn): Log successful operations, as well as warnings of potential problems, errors and fatal errors. + + - 3 (error): Log failed operations and fatal errors. + + - 4 (fatal): Log only fatal errors that cause the server to stop. + ''; + }; + logType = mkOption { + type = types.enum ["errorlog" "file" "syslog" "systemd"]; + default = "syslog"; + description = lib.mdDoc '' + Logging backend to use. + systemd requires the php-systemd package to be added to services.nextcloud.phpExtraExtensions. + See the [nextcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/logging_configuration.html) for details. + ''; + }; + https = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Use HTTPS for generated links."; + }; + package = mkOption { + type = types.package; + description = lib.mdDoc "Which package to use for the Nextcloud instance."; + relatedPackages = ["nextcloud26" "nextcloud27" "nextcloud28"]; + }; + phpPackage = mkPackageOption pkgs "php" { + example = "php82"; + }; + + maxUploadSize = mkOption { + default = "512M"; + type = types.str; + description = lib.mdDoc '' + The upload limit for files. This changes the relevant options + in php.ini and nginx if enabled. + ''; + }; + + skeletonDirectory = mkOption { + default = ""; + type = types.str; + description = lib.mdDoc '' + The directory where the skeleton files are located. These files will be + copied to the data directory of new users. Leave empty to not copy any + skeleton files. + ''; + }; + + webfinger = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Enable this option if you plan on using the webfinger plugin. + The appropriate nginx rewrite rules will be added to your configuration. + ''; + }; + + phpExtraExtensions = mkOption { + type = with types; functionTo (listOf package); + default = all: []; + defaultText = literalExpression "all: []"; + description = lib.mdDoc '' + Additional PHP extensions to use for Nextcloud. + By default, only extensions necessary for a vanilla Nextcloud installation are enabled, + but you may choose from the list of available extensions and add further ones. + This is sometimes necessary to be able to install a certain Nextcloud app that has additional requirements. + ''; + example = literalExpression '' + all: [ all.pdlib all.bz2 ] + ''; + }; + + phpOptions = mkOption { + type = with types; attrsOf (oneOf [str int]); + defaultText = literalExpression (generators.toPretty {} defaultPHPSettings); + description = lib.mdDoc '' + Options for PHP's php.ini file for nextcloud. + + Please note that this option is _additive_ on purpose while the + attribute values inside the default are option defaults: that means that + + ```nix + { + services.nextcloud.phpOptions."opcache.interned_strings_buffer" = "23"; + } + ``` + + will override the `php.ini` option `opcache.interned_strings_buffer` without + discarding the rest of the defaults. + + Overriding all of `phpOptions` (including `upload_max_filesize`, `post_max_size` + and `memory_limit` which all point to [](#opt-services.nextcloud.maxUploadSize) + by default) can be done like this: + + ```nix + { + services.nextcloud.phpOptions = lib.mkForce { + /* ... */ + }; + } + ``` + ''; + }; + + poolSettings = mkOption { + type = with types; attrsOf (oneOf [str int bool]); + default = { + "pm" = "dynamic"; + "pm.max_children" = "32"; + "pm.start_servers" = "2"; + "pm.min_spare_servers" = "2"; + "pm.max_spare_servers" = "4"; + "pm.max_requests" = "500"; + }; + description = lib.mdDoc '' + Options for nextcloud's PHP pool. See the documentation on `php-fpm.conf` for details on configuration directives. + ''; + }; + + poolConfig = mkOption { + type = types.nullOr types.lines; + default = null; + description = lib.mdDoc '' + Options for Nextcloud's PHP pool. See the documentation on `php-fpm.conf` for details on configuration directives. + ''; + }; + + fastcgiTimeout = mkOption { + type = types.int; + default = 120; + description = lib.mdDoc '' + FastCGI timeout for database connection in seconds. + ''; + }; + + database = { + createLocally = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Whether to create the database and database user locally. + ''; + }; + }; + + config = { + dbtype = mkOption { + type = types.enum ["sqlite" "pgsql" "mysql"]; + default = "sqlite"; + description = lib.mdDoc "Database type."; + }; + dbname = mkOption { + type = types.nullOr types.str; + default = "nextcloud"; + description = lib.mdDoc "Database name."; + }; + dbuser = mkOption { + type = types.nullOr types.str; + default = "nextcloud"; + description = lib.mdDoc "Database user."; + }; + dbpassFile = mkOption { + type = types.nullOr types.str; + default = null; + description = lib.mdDoc '' + The full path to a file that contains the database password. + ''; + }; + dbhost = mkOption { + type = types.nullOr types.str; + default = + if pgsqlLocal + then "/run/postgresql" + else if mysqlLocal + then "localhost:/run/mysqld/mysqld.sock" + else "localhost"; + defaultText = "localhost"; + description = lib.mdDoc '' + Database host or socket path. + If [](#opt-services.nextcloud.database.createLocally) is true and + [](#opt-services.nextcloud.config.dbtype) is either `pgsql` or `mysql`, + defaults to the correct Unix socket instead. + ''; + }; + dbport = mkOption { + type = with types; nullOr (either int str); + default = null; + description = lib.mdDoc "Database port."; + }; + dbtableprefix = mkOption { + type = types.nullOr types.str; + default = null; + description = lib.mdDoc "Table prefix in Nextcloud's database."; + }; + adminuser = mkOption { + type = types.str; + default = "root"; + description = lib.mdDoc '' + Username for the admin account. The username is only set during the + initial setup of Nextcloud! Since the username also acts as unique + ID internally, it cannot be changed later! + ''; + }; + adminpassFile = mkOption { + type = types.str; + description = lib.mdDoc '' + The full path to a file that contains the admin's password. Must be + readable by user `nextcloud`. The password is set only in the initial + setup of Nextcloud by the systemd service `nextcloud-setup.service`. + ''; + }; + + extraTrustedDomains = mkOption { + type = types.listOf types.str; + default = []; + description = lib.mdDoc '' + Trusted domains from which the Nextcloud installation will be + accessible. You don't need to add + `services.nextcloud.hostname` here. + ''; + }; + + trustedProxies = mkOption { + type = types.listOf types.str; + default = []; + description = lib.mdDoc '' + Trusted proxies to provide if the Nextcloud installation is being + proxied to secure against, e.g. spoofing. + ''; + }; + + overwriteProtocol = mkOption { + type = types.nullOr (types.enum ["http" "https"]); + default = null; + example = "https"; + + description = lib.mdDoc '' + Force Nextcloud to always use HTTP or HTTPS i.e. for link generation. + Nextcloud uses the currently used protocol by default, but when + behind a reverse-proxy, it may use `http` for everything although + Nextcloud may be served via HTTPS. + ''; + }; + + defaultPhoneRegion = mkOption { + default = null; + type = types.nullOr types.str; + example = "DE"; + description = lib.mdDoc '' + An [ISO 3166-1](https://www.iso.org/iso-3166-country-codes.html) + country code which replaces automatic phone-number detection + without a country code. + + As an example, with `DE` set as the default phone region, + the `+49` prefix can be omitted for phone numbers. + ''; + }; + + objectstore = { + s3 = { + enable = mkEnableOption (lib.mdDoc '' + S3 object storage as primary storage. + + This mounts a bucket on an Amazon S3 object storage or compatible + implementation into the virtual filesystem. + + Further details about this feature can be found in the + [upstream documentation](https://docs.nextcloud.com/server/22/admin_manual/configuration_files/primary_storage.html). + ''); + bucket = mkOption { + type = types.str; + example = "nextcloud"; + description = lib.mdDoc '' + The name of the S3 bucket. + ''; + }; + autocreate = mkOption { + type = types.bool; + description = lib.mdDoc '' + Create the objectstore if it does not exist. + ''; + }; + key = mkOption { + type = types.str; + example = "EJ39ITYZEUH5BGWDRUFY"; + description = lib.mdDoc '' + The access key for the S3 bucket. + ''; + }; + secretFile = mkOption { + type = types.str; + example = "/var/nextcloud-objectstore-s3-secret"; + description = lib.mdDoc '' + The full path to a file that contains the access secret. Must be + readable by user `nextcloud`. + ''; + }; + hostname = mkOption { + type = types.nullOr types.str; + default = null; + example = "example.com"; + description = lib.mdDoc '' + Required for some non-Amazon implementations. + ''; + }; + port = mkOption { + type = types.nullOr types.port; + default = null; + description = lib.mdDoc '' + Required for some non-Amazon implementations. + ''; + }; + useSsl = mkOption { + type = types.bool; + default = true; + description = lib.mdDoc '' + Use SSL for objectstore access. + ''; + }; + region = mkOption { + type = types.nullOr types.str; + default = null; + example = "REGION"; + description = lib.mdDoc '' + Required for some non-Amazon implementations. + ''; + }; + usePathStyle = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Required for some non-Amazon S3 implementations. + + Ordinarily, requests will be made with + `http://bucket.hostname.domain/`, but with path style + enabled requests are made with + `http://hostname.domain/bucket` instead. + ''; + }; + sseCKeyFile = mkOption { + type = types.nullOr types.path; + default = null; + example = "/var/nextcloud-objectstore-s3-sse-c-key"; + description = lib.mdDoc '' + If provided this is the full path to a file that contains the key + to enable [server-side encryption with customer-provided keys][1] + (SSE-C). + + The file must contain a random 32-byte key encoded as a base64 + string, e.g. generated with the command + + ``` + openssl rand 32 | base64 + ``` + + Must be readable by user `nextcloud`. + + [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html + ''; + }; + }; + }; + }; + + enableImagemagick = + mkEnableOption (lib.mdDoc '' + the ImageMagick module for PHP. + This is used by the theming app and for generating previews of certain images (e.g. SVG and HEIF). + You may want to disable it for increased security. In that case, previews will still be available + for some images (e.g. JPEG and PNG). + See . + '') + // { + default = true; + }; + + configureRedis = lib.mkOption { + type = lib.types.bool; + default = config.services.nextcloud.notify_push.enable; + defaultText = literalExpression "config.services.nextcloud.notify_push.enable"; + description = lib.mdDoc '' + Whether to configure Nextcloud to use the recommended Redis settings for small instances. + + ::: {.note} + The `notify_push` app requires Redis to be configured. If this option is turned off, this must be configured manually. + ::: + ''; + }; + + caching = { + apcu = mkOption { + type = types.bool; + default = true; + description = lib.mdDoc '' + Whether to load the APCu module into PHP. + ''; + }; + redis = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Whether to load the Redis module into PHP. + You still need to enable Redis in your config.php. + See https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html + ''; + }; + memcached = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Whether to load the Memcached module into PHP. + You still need to enable Memcached in your config.php. + See https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html + ''; + }; + }; + autoUpdateApps = { + enable = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Run a regular auto-update of all apps installed from the Nextcloud app store. + ''; + }; + startAt = mkOption { + type = with types; either str (listOf str); + default = "05:00:00"; + example = "Sun 14:00:00"; + description = lib.mdDoc '' + When to run the update. See `systemd.services..startAt`. + ''; + }; + }; + occ = mkOption { + type = types.package; + default = occ; + defaultText = literalMD "generated script"; + internal = true; + description = lib.mdDoc '' + The nextcloud-occ program preconfigured to target this Nextcloud instance. + ''; + }; + globalProfiles = + mkEnableOption (lib.mdDoc "global profiles") + // { + description = lib.mdDoc '' + Makes user-profiles globally available under `nextcloud.tld/u/user.name`. + Even though it's enabled by default in Nextcloud, it must be explicitly enabled + here because it has the side-effect that personal information is even accessible to + unauthenticated users by default. + + By default, the following properties are set to “Show to everyone” + if this flag is enabled: + - About + - Full name + - Headline + - Organisation + - Profile picture + - Role + - Twitter + - Website + + Only has an effect in Nextcloud 23 and later. + ''; + }; + + extraOptions = mkOption { + type = jsonFormat.type; + default = {}; + description = lib.mdDoc '' + Extra options which should be appended to Nextcloud's config.php file. + ''; + example = literalExpression '' { + redis = { + host = "/run/redis/redis.sock"; + port = 0; + dbindex = 0; + password = "secret"; + timeout = 1.5; + }; + } ''; + }; + + secretFile = mkOption { + type = types.nullOr types.str; + default = null; + description = lib.mdDoc '' + Secret options which will be appended to Nextcloud's config.php file (written as JSON, in the same + form as the [](#opt-services.nextcloud.extraOptions) option), for example + `{"redis":{"password":"secret"}}`. + ''; + }; + + nginx = { + recommendedHttpHeaders = mkOption { + type = types.bool; + default = true; + description = lib.mdDoc "Enable additional recommended HTTP response headers"; + }; + hstsMaxAge = mkOption { + type = types.ints.positive; + default = 15552000; + description = lib.mdDoc '' + Value for the `max-age` directive of the HTTP + `Strict-Transport-Security` header. + + See section 6.1.1 of IETF RFC 6797 for detailed information on this + directive and header. + ''; + }; + }; + }; + + config = mkIf cfg.enable (mkMerge [ + { + warnings = let + latest = 28; + upgradeWarning = major: nixos: '' + A legacy Nextcloud install (from before NixOS ${nixos}) may be installed. + + After nextcloud${toString major} is installed successfully, you can safely upgrade + to ${toString (major + 1)}. The latest version available is Nextcloud${toString latest}. + + Please note that Nextcloud doesn't support upgrades across multiple major versions + (i.e. an upgrade from 16 is possible to 17, but not 16 to 18). + + The package can be upgraded by explicitly declaring the service-option + `services.nextcloud.package`. + ''; + in + (optional (cfg.poolConfig != null) '' + Using config.services.nextcloud.poolConfig is deprecated and will become unsupported in a future release. + Please migrate your configuration to config.services.nextcloud.poolSettings. + '') + ++ (optional (versionOlder cfg.package.version "25") (upgradeWarning 24 "22.11")) + ++ (optional (versionOlder cfg.package.version "26") (upgradeWarning 25 "23.05")) + ++ (optional (versionOlder cfg.package.version "27") (upgradeWarning 26 "23.11")) + ++ (optional (versionOlder cfg.package.version "28") (upgradeWarning 27 "24.05")); + + services.nextcloud.package = with pkgs; + mkDefault ( + if pkgs ? nextcloud + then + throw '' + The `pkgs.nextcloud`-attribute has been removed. If it's supposed to be the default + nextcloud defined in an overlay, please set `services.nextcloud.package` to + `pkgs.nextcloud`. + '' + else if versionOlder stateVersion "23.05" + then nextcloud25 + else if versionOlder stateVersion "23.11" + then nextcloud26 + else if versionOlder stateVersion "24.05" + then nextcloud27 + else nextcloud28 + ); + + services.nextcloud.phpPackage = pkgs.php82; + + services.nextcloud.phpOptions = mkMerge [ + (mapAttrs (const mkOptionDefault) defaultPHPSettings) + { + upload_max_filesize = cfg.maxUploadSize; + post_max_size = cfg.maxUploadSize; + memory_limit = cfg.maxUploadSize; + } + (mkIf cfg.caching.apcu { + "apc.enable_cli" = "1"; + }) + ]; + } + + { + assertions = [ + { + assertion = cfg.database.createLocally -> cfg.config.dbpassFile == null; + message = '' + Using `services.nextcloud.database.createLocally` with database + password authentication is no longer supported. + + If you use an external database (or want to use password auth for any + other reason), set `services.nextcloud.database.createLocally` to + `false`. The database won't be managed for you (use `services.mysql` + if you want to set it up). + + If you want this module to manage your nextcloud database for you, + unset `services.nextcloud.config.dbpassFile` and + `services.nextcloud.config.dbhost` to use socket authentication + instead of password. + ''; + } + ]; + } + + { + systemd.timers.nextcloud-cron = { + wantedBy = ["timers.target"]; + after = ["nextcloud-setup.service"]; + timerConfig.OnBootSec = "5m"; + timerConfig.OnUnitActiveSec = "5m"; + timerConfig.Unit = "nextcloud-cron.service"; + }; + + systemd.tmpfiles.rules = ["d ${cfg.home} 0750 nextcloud nextcloud"]; + + systemd.services = { + # When upgrading the Nextcloud package, Nextcloud can report errors such as + # "The files of the app [all apps in /var/lib/nextcloud/apps] were not replaced correctly" + # Restarting phpfpm on Nextcloud package update fixes these issues (but this is a workaround). + phpfpm-nextcloud.restartTriggers = [webroot]; + + nextcloud-setup = let + c = cfg.config; + writePhpArray = a: "[${concatMapStringsSep "," (val: ''"${toString val}"'') a}]"; + requiresReadSecretFunction = c.dbpassFile != null || c.objectstore.s3.enable; + objectstoreConfig = let + s3 = c.objectstore.s3; + in + optionalString s3.enable '' + 'objectstore' => [ + 'class' => '\\OC\\Files\\ObjectStore\\S3', + 'arguments' => [ + 'bucket' => '${s3.bucket}', + 'autocreate' => ${boolToString s3.autocreate}, + 'key' => '${s3.key}', + 'secret' => nix_read_secret('${s3.secretFile}'), + ${optionalString (s3.hostname != null) "'hostname' => '${s3.hostname}',"} + ${optionalString (s3.port != null) "'port' => ${toString s3.port},"} + 'use_ssl' => ${boolToString s3.useSsl}, + ${optionalString (s3.region != null) "'region' => '${s3.region}',"} + 'use_path_style' => ${boolToString s3.usePathStyle}, + ${optionalString (s3.sseCKeyFile != null) "'sse_c_key' => nix_read_secret('${s3.sseCKeyFile}'),"} + ], + ] + ''; + + showAppStoreSetting = cfg.appstoreEnable != null || cfg.extraApps != {}; + renderedAppStoreSetting = let + x = cfg.appstoreEnable; + in + if x == null + then "false" + else boolToString x; + + nextcloudGreaterOrEqualThan = req: versionAtLeast cfg.package.version req; + + mkAppStoreConfig = name: { + enabled, + writable, + ... + }: + optionalString enabled '' + [ 'path' => '${webroot}/${name}', 'url' => '/${name}', 'writable' => ${boolToString writable} ], + ''; + + overrideConfig = pkgs.writeText "nextcloud-config.php" '' + [ + ${concatStrings (mapAttrsToList mkAppStoreConfig appStores)} + ], + ${optionalString showAppStoreSetting "'appstoreenabled' => ${renderedAppStoreSetting},"} + 'datadirectory' => '${datadir}/data', + 'skeletondirectory' => '${cfg.skeletonDirectory}', + ${optionalString cfg.caching.apcu "'memcache.local' => '\\OC\\Memcache\\APCu',"} + 'log_type' => '${cfg.logType}', + 'loglevel' => '${builtins.toString cfg.logLevel}', + ${optionalString (c.overwriteProtocol != null) "'overwriteprotocol' => '${c.overwriteProtocol}',"} + ${optionalString (c.dbname != null) "'dbname' => '${c.dbname}',"} + ${optionalString (c.dbhost != null) "'dbhost' => '${c.dbhost}',"} + ${optionalString (c.dbport != null) "'dbport' => '${toString c.dbport}',"} + ${optionalString (c.dbuser != null) "'dbuser' => '${c.dbuser}',"} + ${optionalString (c.dbtableprefix != null) "'dbtableprefix' => '${toString c.dbtableprefix}',"} + ${ + optionalString (c.dbpassFile != null) '' + 'dbpassword' => nix_read_secret( + "${c.dbpassFile}" + ), + '' + } + 'dbtype' => '${c.dbtype}', + 'trusted_domains' => ${writePhpArray ([cfg.hostName] ++ c.extraTrustedDomains)}, + 'trusted_proxies' => ${writePhpArray (c.trustedProxies)}, + ${optionalString (c.defaultPhoneRegion != null) "'default_phone_region' => '${c.defaultPhoneRegion}',"} + ${optionalString (nextcloudGreaterOrEqualThan "23") "'profile.enabled' => ${boolToString cfg.globalProfiles},"} + ${objectstoreConfig} + ]; + + $CONFIG = array_replace_recursive($CONFIG, nix_decode_json_file( + "${jsonFormat.generate "nextcloud-extraOptions.json" cfg.extraOptions}", + "impossible: this should never happen (decoding generated extraOptions file %s failed)" + )); + + ${optionalString (cfg.secretFile != null) '' + $CONFIG = array_replace_recursive($CONFIG, nix_decode_json_file( + "${cfg.secretFile}", + "Cannot start Nextcloud, secrets file %s set by NixOS doesn't exist!" + )); + ''} + ''; + occInstallCmd = let + mkExport = { + arg, + value, + }: "export ${arg}=${value}"; + dbpass = { + arg = "DBPASS"; + value = + if c.dbpassFile != null + then ''"$(<"${toString c.dbpassFile}")"'' + else ''""''; + }; + adminpass = { + arg = "ADMINPASS"; + value = ''"$(<"${toString c.adminpassFile}")"''; + }; + installFlags = + concatStringsSep " \\\n " + (mapAttrsToList (k: v: "${k} ${toString v}") { + "--database" = ''"${c.dbtype}"''; + # The following attributes are optional depending on the type of + # database. Those that evaluate to null on the left hand side + # will be omitted. + ${ + if c.dbname != null + then "--database-name" + else null + } = ''"${c.dbname}"''; + ${ + if c.dbhost != null + then "--database-host" + else null + } = ''"${c.dbhost}"''; + ${ + if c.dbport != null + then "--database-port" + else null + } = ''"${toString c.dbport}"''; + ${ + if c.dbuser != null + then "--database-user" + else null + } = ''"${c.dbuser}"''; + "--database-pass" = "\"\$${dbpass.arg}\""; + "--admin-user" = ''"${c.adminuser}"''; + "--admin-pass" = "\"\$${adminpass.arg}\""; + "--data-dir" = ''"${datadir}/data"''; + }); + in '' + ${mkExport dbpass} + ${mkExport adminpass} + ${occ}/bin/nextcloud-occ maintenance:install \ + ${installFlags} + ''; + occSetTrustedDomainsCmd = concatStringsSep "\n" (imap0 + (i: v: '' + ${occ}/bin/nextcloud-occ config:system:set trusted_domains \ + ${toString i} --value="${toString v}" + '') ([cfg.hostName] ++ cfg.config.extraTrustedDomains)); + in { + wantedBy = ["multi-user.target"]; + before = ["phpfpm-nextcloud.service"]; + after = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service"; + requires = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service"; + path = [occ]; + script = '' + ${optionalString (c.dbpassFile != null) '' + if [ ! -r "${c.dbpassFile}" ]; then + echo "dbpassFile ${c.dbpassFile} is not readable by nextcloud:nextcloud! Aborting..." + exit 1 + fi + if [ -z "$(<${c.dbpassFile})" ]; then + echo "dbpassFile ${c.dbpassFile} is empty!" + exit 1 + fi + ''} + if [ ! -r "${c.adminpassFile}" ]; then + echo "adminpassFile ${c.adminpassFile} is not readable by nextcloud:nextcloud! Aborting..." + exit 1 + fi + if [ -z "$(<${c.adminpassFile})" ]; then + echo "adminpassFile ${c.adminpassFile} is empty!" + exit 1 + fi + + ${concatMapStrings (name: '' + if [ -d "${cfg.home}"/${name} ]; then + echo "Cleaning up ${name}; these are now bundled in the webroot store-path!" + rm -r "${cfg.home}"/${name} + fi + '') ["nix-apps" "apps"]} + + # create nextcloud directories. + # if the directories exist already with wrong permissions, we fix that + for dir in ${datadir}/config ${datadir}/data ${cfg.home}/store-apps; do + if [ ! -e $dir ]; then + install -o nextcloud -g nextcloud -d $dir + elif [ $(stat -c "%G" $dir) != "nextcloud" ]; then + chgrp -R nextcloud $dir + fi + done + + ln -sf ${overrideConfig} ${datadir}/config/override.config.php + + # Do not install if already installed + if [[ ! -e ${datadir}/config/config.php ]]; then + ${occInstallCmd} + fi + + ${occ}/bin/nextcloud-occ upgrade + + ${occ}/bin/nextcloud-occ config:system:delete trusted_domains + + ${optionalString (cfg.extraAppsEnable && cfg.extraApps != {}) '' + # Try to enable apps + ${occ}/bin/nextcloud-occ app:enable ${concatStringsSep " " (attrNames cfg.extraApps)} + ''} + + ${occSetTrustedDomainsCmd} + ''; + serviceConfig.Type = "oneshot"; + serviceConfig.User = "nextcloud"; + # On Nextcloud ≥ 26, it is not necessary to patch the database files to prevent + # an automatic creation of the database user. + environment.NC_setup_create_db_user = lib.mkIf (nextcloudGreaterOrEqualThan "26") "false"; + }; + nextcloud-cron = { + after = ["nextcloud-setup.service"]; + environment.NEXTCLOUD_CONFIG_DIR = "${datadir}/config"; + serviceConfig.Type = "oneshot"; + serviceConfig.User = "nextcloud"; + serviceConfig.ExecStart = "${phpPackage}/bin/php -f ${webroot}/cron.php"; + }; + nextcloud-update-plugins = mkIf cfg.autoUpdateApps.enable { + after = ["nextcloud-setup.service"]; + serviceConfig.Type = "oneshot"; + serviceConfig.ExecStart = "${occ}/bin/nextcloud-occ app:update --all"; + serviceConfig.User = "nextcloud"; + startAt = cfg.autoUpdateApps.startAt; + }; + }; + + services.phpfpm = { + pools.nextcloud = { + user = "nextcloud"; + group = "nextcloud"; + phpPackage = phpPackage; + phpEnv = { + NEXTCLOUD_CONFIG_DIR = "${datadir}/config"; + PATH = "/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin"; + }; + settings = + mapAttrs (name: mkDefault) { + "listen.owner" = config.services.nginx.user; + "listen.group" = config.services.nginx.group; + } + // cfg.poolSettings; + extraConfig = cfg.poolConfig; + }; + }; + + users.users.nextcloud = { + home = "${cfg.home}"; + group = "nextcloud"; + isSystemUser = true; + }; + users.groups.nextcloud.members = ["nextcloud" config.services.nginx.user]; + + environment.systemPackages = [occ]; + + services.mysql = lib.mkIf mysqlLocal { + enable = true; + package = lib.mkDefault pkgs.mariadb; + ensureDatabases = [cfg.config.dbname]; + ensureUsers = [ + { + name = cfg.config.dbuser; + ensurePermissions = {"${cfg.config.dbname}.*" = "ALL PRIVILEGES";}; + } + ]; + }; + + services.postgresql = mkIf pgsqlLocal { + enable = true; + ensureDatabases = [cfg.config.dbname]; + ensureUsers = [ + { + name = cfg.config.dbuser; + ensureDBOwnership = true; + } + ]; + }; + + services.redis.servers.nextcloud = lib.mkIf cfg.configureRedis { + enable = true; + user = "nextcloud"; + }; + + services.nextcloud = lib.mkIf cfg.configureRedis { + caching.redis = true; + extraOptions = { + "memcache.distributed" = ''\OC\Memcache\Redis''; + "memcache.locking" = ''\OC\Memcache\Redis''; + redis = { + host = config.services.redis.servers.nextcloud.unixSocket; + port = 0; + }; + }; + }; + + services.nginx.enable = mkDefault true; + + services.nginx.virtualHosts.${cfg.hostName} = { + root = webroot; + locations = { + "= /robots.txt" = { + priority = 100; + extraConfig = '' + allow all; + access_log off; + ''; + }; + "= /" = { + priority = 100; + extraConfig = '' + if ( $http_user_agent ~ ^DavClnt ) { + return 302 /remote.php/webdav/$is_args$args; + } + ''; + }; + "^~ /.well-known" = { + priority = 210; + extraConfig = '' + absolute_redirect off; + location = /.well-known/carddav { + return 301 /remote.php/dav; + } + location = /.well-known/caldav { + return 301 /remote.php/dav; + } + location ~ ^/\.well-known/(?!acme-challenge|pki-validation) { + return 301 /index.php$request_uri; + } + try_files $uri $uri/ =404; + ''; + }; + "~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)" = { + priority = 450; + extraConfig = '' + return 404; + ''; + }; + "~ ^/(?:\\.|autotest|occ|issue|indie|db_|console)" = { + priority = 450; + extraConfig = '' + return 404; + ''; + }; + "~ \\.php(?:$|/)" = { + priority = 500; + extraConfig = '' + # legacy support (i.e. static files and directories in cfg.package) + rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[s${optionalString (!ocmProviderIsNotAStaticDirAnymore) "m"}]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; + include ${config.services.nginx.package}/conf/fastcgi.conf; + fastcgi_split_path_info ^(.+?\.php)(\\/.*)$; + set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + fastcgi_param PATH_INFO $path_info; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param HTTPS ${ + if cfg.https + then "on" + else "off" + }; + fastcgi_param modHeadersAvailable true; + fastcgi_param front_controller_active true; + fastcgi_pass unix:${fpm.socket}; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + fastcgi_read_timeout ${builtins.toString cfg.fastcgiTimeout}s; + ''; + }; + "~ \\.(?:css|js|mjs|svg|gif|png|jpg|jpeg|ico|wasm|tflite|map|html|ttf|bcmap|mp4|webm|ogg|flac)$".extraConfig = '' + try_files $uri /index.php$request_uri; + expires 6M; + access_log off; + location ~ \.mjs$ { + default_type text/javascript; + } + location ~ \.wasm$ { + default_type application/wasm; + } + ''; + "~ ^\\/(?:updater|ocs-provider${optionalString (!ocmProviderIsNotAStaticDirAnymore) "|ocm-provider"})(?:$|\\/)".extraConfig = '' + try_files $uri/ =404; + index index.php; + ''; + "/remote" = { + priority = 1500; + extraConfig = '' + return 301 /remote.php$request_uri; + ''; + }; + "/" = { + priority = 1600; + extraConfig = '' + try_files $uri $uri/ /index.php$request_uri; + ''; + }; + }; + extraConfig = '' + index index.php index.html /index.php$request_uri; + ${optionalString (cfg.nginx.recommendedHttpHeaders) '' + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag "noindex, nofollow"; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + add_header X-Frame-Options sameorigin; + add_header Referrer-Policy no-referrer; + ''} + ${optionalString (cfg.https) '' + add_header Strict-Transport-Security "max-age=${toString cfg.nginx.hstsMaxAge}; includeSubDomains" always; + ''} + client_max_body_size ${cfg.maxUploadSize}; + fastcgi_buffers 64 4K; + fastcgi_hide_header X-Powered-By; + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + ${optionalString cfg.webfinger '' + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + ''} + ''; + }; + } + ]); + + meta.doc = ./nextcloud.md; +} diff --git a/flake.lock b/flake.lock index 6283177..6110b05 100644 --- a/flake.lock +++ b/flake.lock @@ -532,11 +532,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1703013332, - "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", + "lastModified": 1703438236, + "narHash": "sha256-aqVBq1u09yFhL7bj1/xyUeJjzr92fXVvQSSEx6AdB1M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", + "rev": "5f64a12a728902226210bf01d25ec6cbb9d9265b", "type": "github" }, "original": { From 5900c41ab78ff61d8fa0745b036662163ca4127e Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 30 Dec 2023 10:38:31 +0000 Subject: [PATCH 238/826] [skip ci] feat: some more changes based on https://github.com/NixOS/nixpkgs/pull/265783 --- .../_bitwarden-directory-connector.nix | 95 +++++++++---------- .../bitwarden/_bitwarden_sync_module.nix | 14 ++- applications/bitwarden/bitwarden_sync.nix | 2 +- 3 files changed, 54 insertions(+), 57 deletions(-) diff --git a/applications/bitwarden/_bitwarden-directory-connector.nix b/applications/bitwarden/_bitwarden-directory-connector.nix index ba4f44c..557a3e7 100644 --- a/applications/bitwarden/_bitwarden-directory-connector.nix +++ b/applications/bitwarden/_bitwarden-directory-connector.nix @@ -7,61 +7,60 @@ pkg-config, libsecret, nodejs_18, -}: let - buildNpmPackage' = buildNpmPackage.override {nodejs = nodejs_18;}; -in - buildNpmPackage' rec { - pname = "bitwarden-directory-connector"; - version = "2023.10.0"; +}: +buildNpmPackage rec { + pname = "bitwarden-directory-connector-cli"; + version = "2023.10.0"; + nodejs = nodejs_18; - src = fetchFromGitHub { - owner = "bitwarden"; - repo = "directory-connector"; - rev = "v${version}"; - hash = "sha256-PlOtTh+rpTxAv8ajHBDHZuL7yeeLVpbAfKEDPQlejIg="; - }; + src = fetchFromGitHub { + owner = "bitwarden"; + repo = "directory-connector"; + rev = "v${version}"; + hash = "sha256-PlOtTh+rpTxAv8ajHBDHZuL7yeeLVpbAfKEDPQlejIg="; + }; - postPatch = '' - ${lib.getExe jq} 'del(.scripts.preinstall)' package.json > package.json.tmp - mv -f package.json{.tmp,} - ''; + postPatch = '' + ${lib.getExe jq} 'del(.scripts.preinstall)' package.json > package.json.tmp + mv -f package.json{.tmp,} + ''; - npmDepsHash = "sha256-jBAWWY12qeX2EDhUvT3TQpnQvYXRsIilRrXGpVzxYvw="; + npmDepsHash = "sha256-jBAWWY12qeX2EDhUvT3TQpnQvYXRsIilRrXGpVzxYvw="; - env.ELECTRON_SKIP_BINARY_DOWNLOAD = "1"; + env.ELECTRON_SKIP_BINARY_DOWNLOAD = "1"; - makeCacheWritable = true; - npmBuildScript = "build:cli:prod"; + makeCacheWritable = true; + npmBuildScript = "build:cli:prod"; - installPhase = '' - runHook preInstall - mkdir -p $out/libexec/bitwarden-directory-connector - cp -R {build-cli,node_modules} $out/libexec/bitwarden-directory-connector - runHook postInstall - ''; + installPhase = '' + runHook preInstall + mkdir -p $out/libexec/bitwarden-directory-connector + cp -R {build-cli,node_modules} $out/libexec/bitwarden-directory-connector + runHook postInstall + ''; - # needs to be wrapped with nodejs so that it can be executed - postInstall = '' - chmod +x $out/libexec/bitwarden-directory-connector/build-cli/bwdc.js - mkdir -p $out/bin - ln -s $out/libexec/bitwarden-directory-connector/build-cli/bwdc.js $out/bin/bitwarden-directory-connector - ''; + # needs to be wrapped with nodejs so that it can be executed + postInstall = '' + chmod +x $out/libexec/bitwarden-directory-connector/build-cli/bwdc.js + mkdir -p $out/bin + ln -s $out/libexec/bitwarden-directory-connector/build-cli/bwdc.js $out/bin/bitwarden-directory-connector-cli + ''; - buildInputs = [ - libsecret - ]; + buildInputs = [ + libsecret + ]; - nativeBuildInputs = [ - python3 - pkg-config - ]; + nativeBuildInputs = [ + python3 + pkg-config + ]; - meta = with lib; { - description = "LDAP connector for Bitwarden"; - homepage = "https://github.com/bitwarden/directory-connector"; - license = licenses.gpl3Only; - maintainers = with maintainers; [Silver-Golden]; - platforms = platforms.linux; - mainProgram = "bitwarden-directory-connector"; - }; - } + meta = with lib; { + description = "LDAP connector for Bitwarden"; + homepage = "https://github.com/bitwarden/directory-connector"; + license = licenses.gpl3Only; + maintainers = with maintainers; [Silver-Golden]; + platforms = platforms.linux; + mainProgram = "bitwarden-directory-connector-cli"; + }; +} diff --git a/applications/bitwarden/_bitwarden_sync_module.nix b/applications/bitwarden/_bitwarden_sync_module.nix index 0d57662..18c02e2 100644 --- a/applications/bitwarden/_bitwarden_sync_module.nix +++ b/applications/bitwarden/_bitwarden_sync_module.nix @@ -5,12 +5,12 @@ ... }: with lib; let - cfg = config.services.bitwarden-directory-connector; + cfg = config.services.bitwarden-directory-connector-cli; in { - options.services.bitwarden-directory-connector = { + options.services.bitwarden-directory-connector-cli = { enable = mkEnableOption "Bitwarden Directory Connector"; - package = mkPackageOption pkgs "bitwarden-directory-connector" {}; + package = mkPackageOption pkgs "bitwarden-directory-connector-cli" {}; domain = mkOption { type = types.str; @@ -36,7 +36,6 @@ in { If you used the desktop application to test the configuration you can find the settings by searching for `ldap` in `~/.config/Bitwarden\ Directory\ Connector/data.json`. ''; default = {}; - type = types.submodule ({ config, options, @@ -110,7 +109,6 @@ in { If you used the desktop application to test the configuration you can find the settings by searching for `sync` in `~/.config/Bitwarden\ Directory\ Connector/data.json`. ''; default = {}; - type = types.submodule ({ config, options, @@ -259,18 +257,18 @@ in { }; systemd = { - timers.bitwarden-directory-connector = { + timers.bitwarden-directory-connector-cli = { description = "Sync timer for Bitwarden Directory Connector"; wantedBy = ["timers.target"]; after = ["network-online.target"]; timerConfig = { OnCalendar = cfg.interval; - Unit = "bitwarden-directory-connector.service"; + Unit = "bitwarden-directory-connector-cli.service"; Persistent = true; }; }; - services.bitwarden-directory-connector = { + services.bitwarden-directory-connector-cli = { description = "Main process for Bitwarden Directory Connector"; path = [pkgs.jq]; diff --git a/applications/bitwarden/bitwarden_sync.nix b/applications/bitwarden/bitwarden_sync.nix index 880d4fa..a1348c1 100644 --- a/applications/bitwarden/bitwarden_sync.nix +++ b/applications/bitwarden/bitwarden_sync.nix @@ -29,7 +29,7 @@ in { group = user; }; - services.bitwarden-directory-connector = { + services.bitwarden-directory-connector-cli = { enable = true; user = user; From fc78cfd83fe9c0d4b578e701a799d3a59b29461d Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 30 Dec 2023 12:58:52 +0000 Subject: [PATCH 239/826] feat: added former aliases to teh banned list of usernames --- config/users.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/config/users.nix b/config/users.nix index 9a2a821..d9af22d 100644 --- a/config/users.nix +++ b/config/users.nix @@ -372,6 +372,10 @@ in { "wiles" "yvonne" "zrahman" + ] ++ [ + # former aliases + "david.dolphin" + "cc" ]; }; }; From e96ec3023f4dfd3b69615d407f646c6b9725ff61 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 30 Dec 2023 12:59:25 +0000 Subject: [PATCH 240/826] fix: formatting always gets me --- config/users.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/users.nix b/config/users.nix index d9af22d..28dcccf 100644 --- a/config/users.nix +++ b/config/users.nix @@ -372,7 +372,8 @@ in { "wiles" "yvonne" "zrahman" - ] ++ [ + ] + ++ [ # former aliases "david.dolphin" "cc" From 556f3fcd1495bea27986d9ea23dd6eb3b8b9de7f Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sun, 31 Dec 2023 07:03:50 +0000 Subject: [PATCH 241/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 6110b05..2e0a6d0 100644 --- a/flake.lock +++ b/flake.lock @@ -679,11 +679,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1703696689, - "narHash": "sha256-ZGHn1Ad6A5mc1juho3DI5urUxSg1g17mlt9xPCqeoQk=", + "lastModified": 1704005789, + "narHash": "sha256-oVu73JJKwpRPYsP4wmSH2tj8+6itCFL2XcOhV0AEN6k=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Fbackend", - "rev": "7ff179f5f23f2516487b14ac6bc008b4ca9f826f", + "rev": "1ec21d22dd245e2b54689f6821ee0538125de34c", "type": "gitlab" }, "original": { From dbfcd6d86ac6592702dcd85e4132ae7c647abcfc Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 1 Jan 2024 10:11:40 +0000 Subject: [PATCH 242/826] [skip ci] Updated flake for skynet_ldap_frontend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 2e0a6d0..3e2fd46 100644 --- a/flake.lock +++ b/flake.lock @@ -700,11 +700,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1703688569, - "narHash": "sha256-PsNaqhtxoJNcpGavWmyQ1bc5KhXKS6Bd6cMRs3Cjtkg=", + "lastModified": 1704103861, + "narHash": "sha256-zVIClIEVaZFW2E0cs+sYe5A584dQB94H4nKuf0q+SMw=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Ffrontend", - "rev": "520464b73d5938ebf1adc5922f02610f4f77e95d", + "rev": "d3b4c822b9782b5c072269d18844ec6461c0fe86", "type": "gitlab" }, "original": { From 575d8dce3c4aadd5acac2511f53db92e591985e9 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Tue, 2 Jan 2024 17:07:11 +0000 Subject: [PATCH 243/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 3e2fd46..eacd9f5 100644 --- a/flake.lock +++ b/flake.lock @@ -657,11 +657,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1700947843, - "narHash": "sha256-jlf4FNal9MgRlMDemNzWWn5tML9TN9Ico2tvp6xqM24=", + "lastModified": 1704215184, + "narHash": "sha256-hbRTHQROAMVhZtjKfH6em1ckYqbWr5irXK58WnuSzVg=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "c6eaa8ad9a6e1a779b6f99589c4c2f67e984a128", + "rev": "9dafba03b595b6aff68149e90ea82bcce3dfcdc2", "type": "gitlab" }, "original": { From 0860c2fde207a6c60db46d94c7f250631c1b23a0 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Wed, 10 Jan 2024 11:26:59 +0000 Subject: [PATCH 244/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index eacd9f5..df81978 100644 --- a/flake.lock +++ b/flake.lock @@ -679,11 +679,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1704005789, - "narHash": "sha256-oVu73JJKwpRPYsP4wmSH2tj8+6itCFL2XcOhV0AEN6k=", + "lastModified": 1704885928, + "narHash": "sha256-HMe/o7/MAkyr3duMf1a52inOtJSJozH22b94w7TM9VY=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Fbackend", - "rev": "1ec21d22dd245e2b54689f6821ee0538125de34c", + "rev": "96f86985eec772a835e7867852ee6452fd9548b6", "type": "gitlab" }, "original": { From c86556bff45ceb6c8d40cc3a5b9a5eee9f9fd12b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 12 Jan 2024 18:41:25 +0000 Subject: [PATCH 245/826] fix: final changes based on nixpkgs --- applications/bitwarden/_bitwarden-directory-connector.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/applications/bitwarden/_bitwarden-directory-connector.nix b/applications/bitwarden/_bitwarden-directory-connector.nix index 557a3e7..2437601 100644 --- a/applications/bitwarden/_bitwarden-directory-connector.nix +++ b/applications/bitwarden/_bitwarden-directory-connector.nix @@ -2,7 +2,7 @@ lib, buildNpmPackage, fetchFromGitHub, - jq, + buildPackages, python3, pkg-config, libsecret, @@ -21,7 +21,7 @@ buildNpmPackage rec { }; postPatch = '' - ${lib.getExe jq} 'del(.scripts.preinstall)' package.json > package.json.tmp + ${lib.getExe buildPackages.jq} 'del(.scripts.preinstall)' package.json > package.json.tmp mv -f package.json{.tmp,} ''; From 2b6e629d30d8ebc7385f912159b5ec401fb11799 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 12 Jan 2024 18:57:34 +0000 Subject: [PATCH 246/826] feat: added phildeb minecraft server --- applications/games/minecraft.nix | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/applications/games/minecraft.nix b/applications/games/minecraft.nix index 6a9f786..5bd427a 100644 --- a/applications/games/minecraft.nix +++ b/applications/games/minecraft.nix @@ -93,6 +93,13 @@ in { r_type = "CNAME"; value = cfg.host.name; } + + # phildeb + { + record = "phildeb.${cfg.domain.sub}"; + r_type = "CNAME"; + value = cfg.host.name; + } ]; networking.firewall.allowedTCPPorts = [ @@ -131,7 +138,7 @@ in { ports = ["25565:25565/tcp"]; expose = ["25565"]; command = [ - "--mapping=compsoc_classic.${short_domain}=mc_config:20000,compsoc.${short_domain}=mc_config:20001,gsoc.${short_domain}=mc_config:20002,gsoc.${short_domain}=mc_config:20002,gsoc_abridged.${short_domain}=mc_config:20003" + "--mapping=compsoc_classic.${short_domain}=mc_config:20000,compsoc.${short_domain}=mc_config:20001,gsoc.${short_domain}=mc_config:20002,gsoc.${short_domain}=mc_config:20002,gsoc_abridged.${short_domain}=mc_config:20003,phildeb.${short_domain}=mc_config:20004" ]; }; @@ -159,6 +166,9 @@ in { "20001:20001/tcp" # games "20002:20002/tcp" + "20003:20003/tcp" + # phildeb + "20004:20004/tcp" ]; }; }; From 73330b3f6f2ff7c5930fc0459ccd02f8ccde875c Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 12 Jan 2024 21:23:45 +0000 Subject: [PATCH 247/826] fix: updated cadie to clear some networking issues --- flake.lock | 6 +++--- machines/cadie.nix | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index df81978..6545503 100644 --- a/flake.lock +++ b/flake.lock @@ -532,11 +532,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1703438236, - "narHash": "sha256-aqVBq1u09yFhL7bj1/xyUeJjzr92fXVvQSSEx6AdB1M=", + "lastModified": 1704722960, + "narHash": "sha256-mKGJ3sPsT6//s+Knglai5YflJUF2DGj7Ai6Ynopz0kI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5f64a12a728902226210bf01d25ec6cbb9d9265b", + "rev": "317484b1ead87b9c1b8ac5261a8d2dd748a0492d", "type": "github" }, "original": { diff --git a/machines/cadie.nix b/machines/cadie.nix index e7c045b..ae21be3 100644 --- a/machines/cadie.nix +++ b/machines/cadie.nix @@ -59,4 +59,7 @@ in { name = name; }; }; + + # this was causing a conflict for some reason + systemd.network.enable = lib.mkForce false; } From bb44a38bbbe6274bd44a96564635526d19b77a6c Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 12 Jan 2024 21:33:09 +0000 Subject: [PATCH 248/826] feat: now using teh upstream bitwarden connector --- .../_bitwarden-directory-connector.nix | 66 ---- .../bitwarden/_bitwarden_sync_module.nix | 323 ------------------ applications/bitwarden/bitwarden_sync.nix | 6 +- 3 files changed, 1 insertion(+), 394 deletions(-) delete mode 100644 applications/bitwarden/_bitwarden-directory-connector.nix delete mode 100644 applications/bitwarden/_bitwarden_sync_module.nix diff --git a/applications/bitwarden/_bitwarden-directory-connector.nix b/applications/bitwarden/_bitwarden-directory-connector.nix deleted file mode 100644 index 2437601..0000000 --- a/applications/bitwarden/_bitwarden-directory-connector.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ - lib, - buildNpmPackage, - fetchFromGitHub, - buildPackages, - python3, - pkg-config, - libsecret, - nodejs_18, -}: -buildNpmPackage rec { - pname = "bitwarden-directory-connector-cli"; - version = "2023.10.0"; - nodejs = nodejs_18; - - src = fetchFromGitHub { - owner = "bitwarden"; - repo = "directory-connector"; - rev = "v${version}"; - hash = "sha256-PlOtTh+rpTxAv8ajHBDHZuL7yeeLVpbAfKEDPQlejIg="; - }; - - postPatch = '' - ${lib.getExe buildPackages.jq} 'del(.scripts.preinstall)' package.json > package.json.tmp - mv -f package.json{.tmp,} - ''; - - npmDepsHash = "sha256-jBAWWY12qeX2EDhUvT3TQpnQvYXRsIilRrXGpVzxYvw="; - - env.ELECTRON_SKIP_BINARY_DOWNLOAD = "1"; - - makeCacheWritable = true; - npmBuildScript = "build:cli:prod"; - - installPhase = '' - runHook preInstall - mkdir -p $out/libexec/bitwarden-directory-connector - cp -R {build-cli,node_modules} $out/libexec/bitwarden-directory-connector - runHook postInstall - ''; - - # needs to be wrapped with nodejs so that it can be executed - postInstall = '' - chmod +x $out/libexec/bitwarden-directory-connector/build-cli/bwdc.js - mkdir -p $out/bin - ln -s $out/libexec/bitwarden-directory-connector/build-cli/bwdc.js $out/bin/bitwarden-directory-connector-cli - ''; - - buildInputs = [ - libsecret - ]; - - nativeBuildInputs = [ - python3 - pkg-config - ]; - - meta = with lib; { - description = "LDAP connector for Bitwarden"; - homepage = "https://github.com/bitwarden/directory-connector"; - license = licenses.gpl3Only; - maintainers = with maintainers; [Silver-Golden]; - platforms = platforms.linux; - mainProgram = "bitwarden-directory-connector-cli"; - }; -} diff --git a/applications/bitwarden/_bitwarden_sync_module.nix b/applications/bitwarden/_bitwarden_sync_module.nix deleted file mode 100644 index 18c02e2..0000000 --- a/applications/bitwarden/_bitwarden_sync_module.nix +++ /dev/null @@ -1,323 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.services.bitwarden-directory-connector-cli; -in { - options.services.bitwarden-directory-connector-cli = { - enable = mkEnableOption "Bitwarden Directory Connector"; - - package = mkPackageOption pkgs "bitwarden-directory-connector-cli" {}; - - domain = mkOption { - type = types.str; - description = lib.mdDoc "The domain the Bitwarden/Vaultwarden is accessible on."; - example = "https://vaultwarden.example.com"; - }; - - user = mkOption { - type = types.str; - description = lib.mdDoc "User to run the program."; - default = "bwdc"; - }; - - interval = mkOption { - type = types.str; - default = "*:0,15,30,45"; - description = lib.mdDoc "The interval when to run the connector. This uses systemd's OnCalendar syntax."; - }; - - ldap = mkOption { - description = lib.mdDoc '' - Options to configure the LDAP connection. - If you used the desktop application to test the configuration you can find the settings by searching for `ldap` in `~/.config/Bitwarden\ Directory\ Connector/data.json`. - ''; - default = {}; - type = types.submodule ({ - config, - options, - ... - }: { - freeformType = types.attrsOf (pkgs.formats.json {}).type; - - config.finalJSON = builtins.toJSON (removeAttrs config (filter (x: x == "finalJSON" || ! options.${x}.isDefined or false) (attrNames options))); - - options = { - finalJSON = mkOption { - type = (pkgs.formats.json {}).type; - internal = true; - readOnly = true; - visible = false; - }; - - ssl = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Whether to use TLS."; - }; - startTls = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Whether to use STARTTLS."; - }; - - hostname = mkOption { - type = types.str; - description = lib.mdDoc "The host the LDAP is accessible on."; - example = "ldap.example.com"; - }; - - port = mkOption { - type = types.port; - default = 389; - description = lib.mdDoc "Port LDAP is accessible on."; - }; - - ad = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Whether the LDAP Server is an Active Directory."; - }; - - pagedSearch = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Whether the LDAP server paginates search results."; - }; - - rootPath = mkOption { - type = types.str; - description = lib.mdDoc "Root path for LDAP."; - example = "dc=example,dc=com"; - }; - - username = mkOption { - type = types.str; - description = lib.mdDoc "The user to authenticate as."; - example = "cn=admin,dc=example,dc=com"; - }; - }; - }); - }; - - sync = mkOption { - description = lib.mdDoc '' - Options to configure what gets synced. - If you used the desktop application to test the configuration you can find the settings by searching for `sync` in `~/.config/Bitwarden\ Directory\ Connector/data.json`. - ''; - default = {}; - type = types.submodule ({ - config, - options, - ... - }: { - freeformType = types.attrsOf (pkgs.formats.json {}).type; - - config.finalJSON = builtins.toJSON (removeAttrs config (filter (x: x == "finalJSON" || ! options.${x}.isDefined or false) (attrNames options))); - - options = { - finalJSON = mkOption { - type = (pkgs.formats.json {}).type; - internal = true; - readOnly = true; - visible = false; - }; - - removeDisabled = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc "Remove users from bitwarden groups if no longer in the ldap group."; - }; - - overwriteExisting = mkOption { - type = types.bool; - default = false; - description = - lib.mdDoc "Remove and re-add users/groups, See https://bitwarden.com/help/user-group-filters/#overwriting-syncs for more details."; - }; - - largeImport = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Enable if you are syncing more than 2000 users/groups."; - }; - - memberAttribute = mkOption { - type = types.str; - description = lib.mdDoc "Attribute that lists members in a LDAP group."; - example = "uniqueMember"; - }; - - creationDateAttribute = mkOption { - type = types.str; - description = lib.mdDoc "Attribute that lists a user's creation date."; - example = "whenCreated"; - }; - - useEmailPrefixSuffix = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "If a user has no email address, combine a username prefix with a suffix value to form an email."; - }; - emailPrefixAttribute = mkOption { - type = types.str; - description = lib.mdDoc "The attribute that contains the users username."; - example = "accountName"; - }; - emailSuffix = mkOption { - type = types.str; - description = lib.mdDoc "Suffix for the email, normally @example.com."; - example = "@example.com"; - }; - - users = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Sync users."; - }; - userPath = mkOption { - type = types.str; - description = lib.mdDoc "User directory, relative to root."; - default = "ou=users"; - }; - userObjectClass = mkOption { - type = types.str; - description = lib.mdDoc "Class that users must have."; - default = "inetOrgPerson"; - }; - userEmailAttribute = mkOption { - type = types.str; - description = lib.mdDoc "Attribute for a users email."; - default = "mail"; - }; - userFilter = mkOption { - type = types.str; - description = lib.mdDoc "LDAP filter for users."; - example = "(memberOf=cn=sales,ou=groups,dc=example,dc=com)"; - default = ""; - }; - - groups = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Whether to sync ldap groups into BitWarden."; - }; - groupPath = mkOption { - type = types.str; - description = lib.mdDoc "Group directory, relative to root."; - default = "ou=groups"; - }; - groupObjectClass = mkOption { - type = types.str; - description = lib.mdDoc "A class that groups will have."; - default = "groupOfNames"; - }; - groupNameAttribute = mkOption { - type = types.str; - description = lib.mdDoc "Attribute for a name of group."; - default = "cn"; - }; - groupFilter = mkOption { - type = types.str; - description = lib.mdDoc "LDAP filter for groups."; - example = "(cn=sales)"; - default = ""; - }; - }; - }); - }; - - secrets = { - ldap = mkOption { - type = types.str; - description = "Path to file that contains LDAP password for user in {option}`ldap.username"; - }; - - bitwarden = { - client_path_id = mkOption { - type = types.str; - description = "Path to file that contains Client ID."; - }; - client_path_secret = mkOption { - type = types.str; - description = "Path to file that contains Client Secret."; - }; - }; - }; - }; - - config = mkIf cfg.enable { - users.groups."${cfg.user}" = {}; - users.users."${cfg.user}" = { - isSystemUser = true; - group = cfg.user; - }; - - systemd = { - timers.bitwarden-directory-connector-cli = { - description = "Sync timer for Bitwarden Directory Connector"; - wantedBy = ["timers.target"]; - after = ["network-online.target"]; - timerConfig = { - OnCalendar = cfg.interval; - Unit = "bitwarden-directory-connector-cli.service"; - Persistent = true; - }; - }; - - services.bitwarden-directory-connector-cli = { - description = "Main process for Bitwarden Directory Connector"; - path = [pkgs.jq]; - - environment = { - BITWARDENCLI_CONNECTOR_APPDATA_DIR = "/tmp"; - BITWARDENCLI_CONNECTOR_PLAINTEXT_SECRETS = "true"; - }; - - serviceConfig = { - Type = "oneshot"; - User = "${cfg.user}"; - PrivateTmp = true; - preStart = '' - set -eo pipefail - - # create the config file - ${lib.getExe cfg.package} data-file - touch /tmp/data.json.tmp - chmod 600 /tmp/data.json{,.tmp} - - ${lib.getExe cfg.package} config server ${cfg.domain} - - # now login to set credentials - export BW_CLIENTID="$(< ${escapeShellArg cfg.secrets.bitwarden.client_path_id})" - export BW_CLIENTSECRET="$(< ${escapeShellArg cfg.secrets.bitwarden.client_path_secret})" - ${lib.getExe cfg.package} login - - jq '.authenticatedAccounts[0] as $account - | .[$account].directoryConfigurations.ldap |= $ldap_data - | .[$account].directorySettings.organizationId |= $orgID - | .[$account].directorySettings.sync |= $sync_data' \ - --argjson ldap_data ${escapeShellArg cfg.ldap.finalJSON} \ - --arg orgID "''${BW_CLIENTID//organization.}" \ - --argjson sync_data ${escapeShellArg cfg.sync.finalJSON} \ - /tmp/data.json \ - > /tmp/data.json.tmp - - mv -f /tmp/data.json.tmp /tmp/data.json - - # final config - ${lib.getExe cfg.package} config directory 0 - ${lib.getExe cfg.package} config ldap.password --secretfile ${cfg.secrets.ldap} - ''; - - ExecStart = "${lib.getExe cfg.package} sync"; - }; - }; - }; - }; - - meta.maintainers = with maintainers; [Silver-Golden]; -} diff --git a/applications/bitwarden/bitwarden_sync.nix b/applications/bitwarden/bitwarden_sync.nix index a1348c1..db8b970 100644 --- a/applications/bitwarden/bitwarden_sync.nix +++ b/applications/bitwarden/bitwarden_sync.nix @@ -6,9 +6,7 @@ }: let user = "bwdc"; in { - imports = [ - ./_bitwarden_sync_module.nix - ]; + imports = []; options = {}; @@ -36,8 +34,6 @@ in { domain = "https://pw.skynet.ie"; - package = pkgs.callPackage ./_bitwarden-directory-connector.nix {}; - ldap = { ssl = false; startTls = false; From a355bc81c6a3ab2632aab8b6f90bfe37f692b270 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 12 Jan 2024 21:37:06 +0000 Subject: [PATCH 249/826] feat: now using teh upstream nextcloud again --- applications/nextcloud.nix | 5 +- applications/nextcloud_.nix | 1289 ----------------------------------- 2 files changed, 2 insertions(+), 1292 deletions(-) delete mode 100644 applications/nextcloud_.nix diff --git a/applications/nextcloud.nix b/applications/nextcloud.nix index 06c01aa..078408c 100644 --- a/applications/nextcloud.nix +++ b/applications/nextcloud.nix @@ -12,7 +12,6 @@ in { ./acme.nix ./dns.nix ./nginx.nix - ./nextcloud_.nix ]; options.services.skynet_nextcloud = { @@ -86,8 +85,6 @@ in { database.createLocally = true; config = { dbtype = "pgsql"; - defaultPhoneRegion = "IE"; - trustedProxies = ["193.1.99.65"]; adminpassFile = config.age.secrets.nextcloud_admin_pass.path; }; @@ -98,6 +95,8 @@ in { }; extraOptions = { + trusted_proxies = ["193.1.99.65"]; + default_phone_region = "IE"; mail_smtpmode = "sendmail"; mail_sendmailmode = "pipe"; }; diff --git a/applications/nextcloud_.nix b/applications/nextcloud_.nix deleted file mode 100644 index 2b2ac9d..0000000 --- a/applications/nextcloud_.nix +++ /dev/null @@ -1,1289 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.services.nextcloud; - fpm = config.services.phpfpm.pools.nextcloud; - - jsonFormat = pkgs.formats.json {}; - - defaultPHPSettings = { - short_open_tag = "Off"; - expose_php = "Off"; - error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT"; - display_errors = "stderr"; - "opcache.enable_cli" = "1"; - "opcache.interned_strings_buffer" = "8"; - "opcache.max_accelerated_files" = "10000"; - "opcache.memory_consumption" = "128"; - "opcache.revalidate_freq" = "1"; - "opcache.fast_shutdown" = "1"; - "openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt"; - catch_workers_output = "yes"; - }; - - appStores = { - # default apps bundled with pkgs.nextcloudXX, e.g. files, contacts - apps = { - enabled = true; - writable = false; - }; - # apps installed via cfg.extraApps - nix-apps = { - enabled = cfg.extraApps != {}; - linkTarget = "${pkgs.linkFarm "nix-apps" - (mapAttrsToList (name: path: {inherit name path;}) cfg.extraApps)}"; - writable = false; - }; - # apps installed via the app store. - store-apps = { - enabled = cfg.appstoreEnable == null || cfg.appstoreEnable; - linkTarget = "${cfg.home}/store-apps"; - writable = true; - }; - }; - - webroot = - pkgs.runCommand - "${cfg.package.name or "nextcloud"}-with-apps" - {nativeBuildInputs = [pkgs.xorg.lndir];} - '' - mkdir $out - pushd "$out" &>/dev/null - lndir "${cfg.package}" - popd &>/dev/null - ${concatStrings - (mapAttrsToList (name: store: - optionalString (store.enabled && store ? linkTarget) '' - if [ -e "$out"/${name} ]; then - echo "Didn't expect ${name} already in $out!" - exit 1 - fi - ln -sfTv ${store.linkTarget} "$out"/${name} - '') - appStores)} - ''; - - inherit (cfg) datadir; - - phpPackage = cfg.phpPackage.buildEnv { - extensions = { - enabled, - all, - }: - ( - with all; - enabled - ++ [bz2 intl sodium] # recommended - ++ optional cfg.enableImagemagick imagick - # Optionally enabled depending on caching settings - ++ optional cfg.caching.apcu apcu - ++ optional cfg.caching.redis redis - ++ optional cfg.caching.memcached memcached - ) - ++ cfg.phpExtraExtensions all; # Enabled by user - extraConfig = toKeyValue cfg.phpOptions; - }; - - toKeyValue = generators.toKeyValue { - mkKeyValue = generators.mkKeyValueDefault {} " = "; - }; - - occ = pkgs.writeScriptBin "nextcloud-occ" '' - #! ${pkgs.runtimeShell} - cd ${webroot} - sudo=exec - if [[ "$USER" != nextcloud ]]; then - sudo='exec /run/wrappers/bin/sudo -u nextcloud --preserve-env=NEXTCLOUD_CONFIG_DIR --preserve-env=OC_PASS' - fi - export NEXTCLOUD_CONFIG_DIR="${datadir}/config" - $sudo \ - ${phpPackage}/bin/php \ - occ "$@" - ''; - - inherit (config.system) stateVersion; - - mysqlLocal = cfg.database.createLocally && cfg.config.dbtype == "mysql"; - pgsqlLocal = cfg.database.createLocally && cfg.config.dbtype == "pgsql"; - - # https://github.com/nextcloud/documentation/pull/11179 - ocmProviderIsNotAStaticDirAnymore = - versionAtLeast cfg.package.version "27.1.2" - || (versionOlder cfg.package.version "27.0.0" - && versionAtLeast cfg.package.version "26.0.8"); -in { - disabledModules = ["services/web-apps/nextcloud.nix"]; - - imports = [ - (mkRemovedOptionModule ["services" "nextcloud" "config" "adminpass"] '' - Please use `services.nextcloud.config.adminpassFile' instead! - '') - (mkRemovedOptionModule ["services" "nextcloud" "config" "dbpass"] '' - Please use `services.nextcloud.config.dbpassFile' instead! - '') - (mkRemovedOptionModule ["services" "nextcloud" "nginx" "enable"] '' - The nextcloud module supports `nginx` as reverse-proxy by default and doesn't - support other reverse-proxies officially. - - However it's possible to use an alternative reverse-proxy by - - * disabling nginx - * setting `listen.owner` & `listen.group` in the phpfpm-pool to a different value - - Further details about this can be found in the `Nextcloud`-section of the NixOS-manual - (which can be opened e.g. by running `nixos-help`). - '') - (mkRemovedOptionModule ["services" "nextcloud" "enableBrokenCiphersForSSE"] '' - This option has no effect since there's no supported Nextcloud version packaged here - using OpenSSL for RC4 SSE. - '') - (mkRemovedOptionModule ["services" "nextcloud" "disableImagemagick"] '' - Use services.nextcloud.enableImagemagick instead. - '') - ]; - - options.services.nextcloud = { - enable = mkEnableOption (lib.mdDoc "nextcloud"); - - hostName = mkOption { - type = types.str; - description = lib.mdDoc "FQDN for the nextcloud instance."; - }; - home = mkOption { - type = types.str; - default = "/var/lib/nextcloud"; - description = lib.mdDoc "Storage path of nextcloud."; - }; - datadir = mkOption { - type = types.str; - default = config.services.nextcloud.home; - defaultText = literalExpression "config.services.nextcloud.home"; - description = lib.mdDoc '' - Nextcloud's data storage path. Will be [](#opt-services.nextcloud.home) by default. - This folder will be populated with a config.php file and a data folder which contains the state of the instance (excluding the database)."; - ''; - example = "/mnt/nextcloud-file"; - }; - extraApps = mkOption { - type = types.attrsOf types.package; - default = {}; - description = lib.mdDoc '' - Extra apps to install. Should be an attrSet of appid to packages generated by fetchNextcloudApp. - The appid must be identical to the "id" value in the apps appinfo/info.xml. - Using this will disable the appstore to prevent Nextcloud from updating these apps (see [](#opt-services.nextcloud.appstoreEnable)). - ''; - example = literalExpression '' - { - inherit (pkgs.nextcloud25Packages.apps) mail calendar contact; - phonetrack = pkgs.fetchNextcloudApp { - name = "phonetrack"; - sha256 = "0qf366vbahyl27p9mshfma1as4nvql6w75zy2zk5xwwbp343vsbc"; - url = "https://gitlab.com/eneiluj/phonetrack-oc/-/wikis/uploads/931aaaf8dca24bf31a7e169a83c17235/phonetrack-0.6.9.tar.gz"; - version = "0.6.9"; - }; - } - ''; - }; - extraAppsEnable = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc '' - Automatically enable the apps in [](#opt-services.nextcloud.extraApps) every time Nextcloud starts. - If set to false, apps need to be enabled in the Nextcloud web user interface or with `nextcloud-occ app:enable`. - ''; - }; - appstoreEnable = mkOption { - type = types.nullOr types.bool; - default = null; - example = true; - description = lib.mdDoc '' - Allow the installation and updating of apps from the Nextcloud appstore. - Enabled by default unless there are packages in [](#opt-services.nextcloud.extraApps). - Set this to true to force enable the store even if [](#opt-services.nextcloud.extraApps) is used. - Set this to false to disable the installation of apps from the global appstore. App management is always enabled regardless of this setting. - ''; - }; - logLevel = mkOption { - type = types.ints.between 0 4; - default = 2; - description = lib.mdDoc '' - Log level value between 0 (DEBUG) and 4 (FATAL). - - - 0 (debug): Log all activity. - - - 1 (info): Log activity such as user logins and file activities, plus warnings, errors, and fatal errors. - - - 2 (warn): Log successful operations, as well as warnings of potential problems, errors and fatal errors. - - - 3 (error): Log failed operations and fatal errors. - - - 4 (fatal): Log only fatal errors that cause the server to stop. - ''; - }; - logType = mkOption { - type = types.enum ["errorlog" "file" "syslog" "systemd"]; - default = "syslog"; - description = lib.mdDoc '' - Logging backend to use. - systemd requires the php-systemd package to be added to services.nextcloud.phpExtraExtensions. - See the [nextcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/logging_configuration.html) for details. - ''; - }; - https = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Use HTTPS for generated links."; - }; - package = mkOption { - type = types.package; - description = lib.mdDoc "Which package to use for the Nextcloud instance."; - relatedPackages = ["nextcloud26" "nextcloud27" "nextcloud28"]; - }; - phpPackage = mkPackageOption pkgs "php" { - example = "php82"; - }; - - maxUploadSize = mkOption { - default = "512M"; - type = types.str; - description = lib.mdDoc '' - The upload limit for files. This changes the relevant options - in php.ini and nginx if enabled. - ''; - }; - - skeletonDirectory = mkOption { - default = ""; - type = types.str; - description = lib.mdDoc '' - The directory where the skeleton files are located. These files will be - copied to the data directory of new users. Leave empty to not copy any - skeleton files. - ''; - }; - - webfinger = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Enable this option if you plan on using the webfinger plugin. - The appropriate nginx rewrite rules will be added to your configuration. - ''; - }; - - phpExtraExtensions = mkOption { - type = with types; functionTo (listOf package); - default = all: []; - defaultText = literalExpression "all: []"; - description = lib.mdDoc '' - Additional PHP extensions to use for Nextcloud. - By default, only extensions necessary for a vanilla Nextcloud installation are enabled, - but you may choose from the list of available extensions and add further ones. - This is sometimes necessary to be able to install a certain Nextcloud app that has additional requirements. - ''; - example = literalExpression '' - all: [ all.pdlib all.bz2 ] - ''; - }; - - phpOptions = mkOption { - type = with types; attrsOf (oneOf [str int]); - defaultText = literalExpression (generators.toPretty {} defaultPHPSettings); - description = lib.mdDoc '' - Options for PHP's php.ini file for nextcloud. - - Please note that this option is _additive_ on purpose while the - attribute values inside the default are option defaults: that means that - - ```nix - { - services.nextcloud.phpOptions."opcache.interned_strings_buffer" = "23"; - } - ``` - - will override the `php.ini` option `opcache.interned_strings_buffer` without - discarding the rest of the defaults. - - Overriding all of `phpOptions` (including `upload_max_filesize`, `post_max_size` - and `memory_limit` which all point to [](#opt-services.nextcloud.maxUploadSize) - by default) can be done like this: - - ```nix - { - services.nextcloud.phpOptions = lib.mkForce { - /* ... */ - }; - } - ``` - ''; - }; - - poolSettings = mkOption { - type = with types; attrsOf (oneOf [str int bool]); - default = { - "pm" = "dynamic"; - "pm.max_children" = "32"; - "pm.start_servers" = "2"; - "pm.min_spare_servers" = "2"; - "pm.max_spare_servers" = "4"; - "pm.max_requests" = "500"; - }; - description = lib.mdDoc '' - Options for nextcloud's PHP pool. See the documentation on `php-fpm.conf` for details on configuration directives. - ''; - }; - - poolConfig = mkOption { - type = types.nullOr types.lines; - default = null; - description = lib.mdDoc '' - Options for Nextcloud's PHP pool. See the documentation on `php-fpm.conf` for details on configuration directives. - ''; - }; - - fastcgiTimeout = mkOption { - type = types.int; - default = 120; - description = lib.mdDoc '' - FastCGI timeout for database connection in seconds. - ''; - }; - - database = { - createLocally = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Whether to create the database and database user locally. - ''; - }; - }; - - config = { - dbtype = mkOption { - type = types.enum ["sqlite" "pgsql" "mysql"]; - default = "sqlite"; - description = lib.mdDoc "Database type."; - }; - dbname = mkOption { - type = types.nullOr types.str; - default = "nextcloud"; - description = lib.mdDoc "Database name."; - }; - dbuser = mkOption { - type = types.nullOr types.str; - default = "nextcloud"; - description = lib.mdDoc "Database user."; - }; - dbpassFile = mkOption { - type = types.nullOr types.str; - default = null; - description = lib.mdDoc '' - The full path to a file that contains the database password. - ''; - }; - dbhost = mkOption { - type = types.nullOr types.str; - default = - if pgsqlLocal - then "/run/postgresql" - else if mysqlLocal - then "localhost:/run/mysqld/mysqld.sock" - else "localhost"; - defaultText = "localhost"; - description = lib.mdDoc '' - Database host or socket path. - If [](#opt-services.nextcloud.database.createLocally) is true and - [](#opt-services.nextcloud.config.dbtype) is either `pgsql` or `mysql`, - defaults to the correct Unix socket instead. - ''; - }; - dbport = mkOption { - type = with types; nullOr (either int str); - default = null; - description = lib.mdDoc "Database port."; - }; - dbtableprefix = mkOption { - type = types.nullOr types.str; - default = null; - description = lib.mdDoc "Table prefix in Nextcloud's database."; - }; - adminuser = mkOption { - type = types.str; - default = "root"; - description = lib.mdDoc '' - Username for the admin account. The username is only set during the - initial setup of Nextcloud! Since the username also acts as unique - ID internally, it cannot be changed later! - ''; - }; - adminpassFile = mkOption { - type = types.str; - description = lib.mdDoc '' - The full path to a file that contains the admin's password. Must be - readable by user `nextcloud`. The password is set only in the initial - setup of Nextcloud by the systemd service `nextcloud-setup.service`. - ''; - }; - - extraTrustedDomains = mkOption { - type = types.listOf types.str; - default = []; - description = lib.mdDoc '' - Trusted domains from which the Nextcloud installation will be - accessible. You don't need to add - `services.nextcloud.hostname` here. - ''; - }; - - trustedProxies = mkOption { - type = types.listOf types.str; - default = []; - description = lib.mdDoc '' - Trusted proxies to provide if the Nextcloud installation is being - proxied to secure against, e.g. spoofing. - ''; - }; - - overwriteProtocol = mkOption { - type = types.nullOr (types.enum ["http" "https"]); - default = null; - example = "https"; - - description = lib.mdDoc '' - Force Nextcloud to always use HTTP or HTTPS i.e. for link generation. - Nextcloud uses the currently used protocol by default, but when - behind a reverse-proxy, it may use `http` for everything although - Nextcloud may be served via HTTPS. - ''; - }; - - defaultPhoneRegion = mkOption { - default = null; - type = types.nullOr types.str; - example = "DE"; - description = lib.mdDoc '' - An [ISO 3166-1](https://www.iso.org/iso-3166-country-codes.html) - country code which replaces automatic phone-number detection - without a country code. - - As an example, with `DE` set as the default phone region, - the `+49` prefix can be omitted for phone numbers. - ''; - }; - - objectstore = { - s3 = { - enable = mkEnableOption (lib.mdDoc '' - S3 object storage as primary storage. - - This mounts a bucket on an Amazon S3 object storage or compatible - implementation into the virtual filesystem. - - Further details about this feature can be found in the - [upstream documentation](https://docs.nextcloud.com/server/22/admin_manual/configuration_files/primary_storage.html). - ''); - bucket = mkOption { - type = types.str; - example = "nextcloud"; - description = lib.mdDoc '' - The name of the S3 bucket. - ''; - }; - autocreate = mkOption { - type = types.bool; - description = lib.mdDoc '' - Create the objectstore if it does not exist. - ''; - }; - key = mkOption { - type = types.str; - example = "EJ39ITYZEUH5BGWDRUFY"; - description = lib.mdDoc '' - The access key for the S3 bucket. - ''; - }; - secretFile = mkOption { - type = types.str; - example = "/var/nextcloud-objectstore-s3-secret"; - description = lib.mdDoc '' - The full path to a file that contains the access secret. Must be - readable by user `nextcloud`. - ''; - }; - hostname = mkOption { - type = types.nullOr types.str; - default = null; - example = "example.com"; - description = lib.mdDoc '' - Required for some non-Amazon implementations. - ''; - }; - port = mkOption { - type = types.nullOr types.port; - default = null; - description = lib.mdDoc '' - Required for some non-Amazon implementations. - ''; - }; - useSsl = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc '' - Use SSL for objectstore access. - ''; - }; - region = mkOption { - type = types.nullOr types.str; - default = null; - example = "REGION"; - description = lib.mdDoc '' - Required for some non-Amazon implementations. - ''; - }; - usePathStyle = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Required for some non-Amazon S3 implementations. - - Ordinarily, requests will be made with - `http://bucket.hostname.domain/`, but with path style - enabled requests are made with - `http://hostname.domain/bucket` instead. - ''; - }; - sseCKeyFile = mkOption { - type = types.nullOr types.path; - default = null; - example = "/var/nextcloud-objectstore-s3-sse-c-key"; - description = lib.mdDoc '' - If provided this is the full path to a file that contains the key - to enable [server-side encryption with customer-provided keys][1] - (SSE-C). - - The file must contain a random 32-byte key encoded as a base64 - string, e.g. generated with the command - - ``` - openssl rand 32 | base64 - ``` - - Must be readable by user `nextcloud`. - - [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html - ''; - }; - }; - }; - }; - - enableImagemagick = - mkEnableOption (lib.mdDoc '' - the ImageMagick module for PHP. - This is used by the theming app and for generating previews of certain images (e.g. SVG and HEIF). - You may want to disable it for increased security. In that case, previews will still be available - for some images (e.g. JPEG and PNG). - See . - '') - // { - default = true; - }; - - configureRedis = lib.mkOption { - type = lib.types.bool; - default = config.services.nextcloud.notify_push.enable; - defaultText = literalExpression "config.services.nextcloud.notify_push.enable"; - description = lib.mdDoc '' - Whether to configure Nextcloud to use the recommended Redis settings for small instances. - - ::: {.note} - The `notify_push` app requires Redis to be configured. If this option is turned off, this must be configured manually. - ::: - ''; - }; - - caching = { - apcu = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc '' - Whether to load the APCu module into PHP. - ''; - }; - redis = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Whether to load the Redis module into PHP. - You still need to enable Redis in your config.php. - See https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html - ''; - }; - memcached = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Whether to load the Memcached module into PHP. - You still need to enable Memcached in your config.php. - See https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html - ''; - }; - }; - autoUpdateApps = { - enable = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Run a regular auto-update of all apps installed from the Nextcloud app store. - ''; - }; - startAt = mkOption { - type = with types; either str (listOf str); - default = "05:00:00"; - example = "Sun 14:00:00"; - description = lib.mdDoc '' - When to run the update. See `systemd.services..startAt`. - ''; - }; - }; - occ = mkOption { - type = types.package; - default = occ; - defaultText = literalMD "generated script"; - internal = true; - description = lib.mdDoc '' - The nextcloud-occ program preconfigured to target this Nextcloud instance. - ''; - }; - globalProfiles = - mkEnableOption (lib.mdDoc "global profiles") - // { - description = lib.mdDoc '' - Makes user-profiles globally available under `nextcloud.tld/u/user.name`. - Even though it's enabled by default in Nextcloud, it must be explicitly enabled - here because it has the side-effect that personal information is even accessible to - unauthenticated users by default. - - By default, the following properties are set to “Show to everyone” - if this flag is enabled: - - About - - Full name - - Headline - - Organisation - - Profile picture - - Role - - Twitter - - Website - - Only has an effect in Nextcloud 23 and later. - ''; - }; - - extraOptions = mkOption { - type = jsonFormat.type; - default = {}; - description = lib.mdDoc '' - Extra options which should be appended to Nextcloud's config.php file. - ''; - example = literalExpression '' { - redis = { - host = "/run/redis/redis.sock"; - port = 0; - dbindex = 0; - password = "secret"; - timeout = 1.5; - }; - } ''; - }; - - secretFile = mkOption { - type = types.nullOr types.str; - default = null; - description = lib.mdDoc '' - Secret options which will be appended to Nextcloud's config.php file (written as JSON, in the same - form as the [](#opt-services.nextcloud.extraOptions) option), for example - `{"redis":{"password":"secret"}}`. - ''; - }; - - nginx = { - recommendedHttpHeaders = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc "Enable additional recommended HTTP response headers"; - }; - hstsMaxAge = mkOption { - type = types.ints.positive; - default = 15552000; - description = lib.mdDoc '' - Value for the `max-age` directive of the HTTP - `Strict-Transport-Security` header. - - See section 6.1.1 of IETF RFC 6797 for detailed information on this - directive and header. - ''; - }; - }; - }; - - config = mkIf cfg.enable (mkMerge [ - { - warnings = let - latest = 28; - upgradeWarning = major: nixos: '' - A legacy Nextcloud install (from before NixOS ${nixos}) may be installed. - - After nextcloud${toString major} is installed successfully, you can safely upgrade - to ${toString (major + 1)}. The latest version available is Nextcloud${toString latest}. - - Please note that Nextcloud doesn't support upgrades across multiple major versions - (i.e. an upgrade from 16 is possible to 17, but not 16 to 18). - - The package can be upgraded by explicitly declaring the service-option - `services.nextcloud.package`. - ''; - in - (optional (cfg.poolConfig != null) '' - Using config.services.nextcloud.poolConfig is deprecated and will become unsupported in a future release. - Please migrate your configuration to config.services.nextcloud.poolSettings. - '') - ++ (optional (versionOlder cfg.package.version "25") (upgradeWarning 24 "22.11")) - ++ (optional (versionOlder cfg.package.version "26") (upgradeWarning 25 "23.05")) - ++ (optional (versionOlder cfg.package.version "27") (upgradeWarning 26 "23.11")) - ++ (optional (versionOlder cfg.package.version "28") (upgradeWarning 27 "24.05")); - - services.nextcloud.package = with pkgs; - mkDefault ( - if pkgs ? nextcloud - then - throw '' - The `pkgs.nextcloud`-attribute has been removed. If it's supposed to be the default - nextcloud defined in an overlay, please set `services.nextcloud.package` to - `pkgs.nextcloud`. - '' - else if versionOlder stateVersion "23.05" - then nextcloud25 - else if versionOlder stateVersion "23.11" - then nextcloud26 - else if versionOlder stateVersion "24.05" - then nextcloud27 - else nextcloud28 - ); - - services.nextcloud.phpPackage = pkgs.php82; - - services.nextcloud.phpOptions = mkMerge [ - (mapAttrs (const mkOptionDefault) defaultPHPSettings) - { - upload_max_filesize = cfg.maxUploadSize; - post_max_size = cfg.maxUploadSize; - memory_limit = cfg.maxUploadSize; - } - (mkIf cfg.caching.apcu { - "apc.enable_cli" = "1"; - }) - ]; - } - - { - assertions = [ - { - assertion = cfg.database.createLocally -> cfg.config.dbpassFile == null; - message = '' - Using `services.nextcloud.database.createLocally` with database - password authentication is no longer supported. - - If you use an external database (or want to use password auth for any - other reason), set `services.nextcloud.database.createLocally` to - `false`. The database won't be managed for you (use `services.mysql` - if you want to set it up). - - If you want this module to manage your nextcloud database for you, - unset `services.nextcloud.config.dbpassFile` and - `services.nextcloud.config.dbhost` to use socket authentication - instead of password. - ''; - } - ]; - } - - { - systemd.timers.nextcloud-cron = { - wantedBy = ["timers.target"]; - after = ["nextcloud-setup.service"]; - timerConfig.OnBootSec = "5m"; - timerConfig.OnUnitActiveSec = "5m"; - timerConfig.Unit = "nextcloud-cron.service"; - }; - - systemd.tmpfiles.rules = ["d ${cfg.home} 0750 nextcloud nextcloud"]; - - systemd.services = { - # When upgrading the Nextcloud package, Nextcloud can report errors such as - # "The files of the app [all apps in /var/lib/nextcloud/apps] were not replaced correctly" - # Restarting phpfpm on Nextcloud package update fixes these issues (but this is a workaround). - phpfpm-nextcloud.restartTriggers = [webroot]; - - nextcloud-setup = let - c = cfg.config; - writePhpArray = a: "[${concatMapStringsSep "," (val: ''"${toString val}"'') a}]"; - requiresReadSecretFunction = c.dbpassFile != null || c.objectstore.s3.enable; - objectstoreConfig = let - s3 = c.objectstore.s3; - in - optionalString s3.enable '' - 'objectstore' => [ - 'class' => '\\OC\\Files\\ObjectStore\\S3', - 'arguments' => [ - 'bucket' => '${s3.bucket}', - 'autocreate' => ${boolToString s3.autocreate}, - 'key' => '${s3.key}', - 'secret' => nix_read_secret('${s3.secretFile}'), - ${optionalString (s3.hostname != null) "'hostname' => '${s3.hostname}',"} - ${optionalString (s3.port != null) "'port' => ${toString s3.port},"} - 'use_ssl' => ${boolToString s3.useSsl}, - ${optionalString (s3.region != null) "'region' => '${s3.region}',"} - 'use_path_style' => ${boolToString s3.usePathStyle}, - ${optionalString (s3.sseCKeyFile != null) "'sse_c_key' => nix_read_secret('${s3.sseCKeyFile}'),"} - ], - ] - ''; - - showAppStoreSetting = cfg.appstoreEnable != null || cfg.extraApps != {}; - renderedAppStoreSetting = let - x = cfg.appstoreEnable; - in - if x == null - then "false" - else boolToString x; - - nextcloudGreaterOrEqualThan = req: versionAtLeast cfg.package.version req; - - mkAppStoreConfig = name: { - enabled, - writable, - ... - }: - optionalString enabled '' - [ 'path' => '${webroot}/${name}', 'url' => '/${name}', 'writable' => ${boolToString writable} ], - ''; - - overrideConfig = pkgs.writeText "nextcloud-config.php" '' - [ - ${concatStrings (mapAttrsToList mkAppStoreConfig appStores)} - ], - ${optionalString showAppStoreSetting "'appstoreenabled' => ${renderedAppStoreSetting},"} - 'datadirectory' => '${datadir}/data', - 'skeletondirectory' => '${cfg.skeletonDirectory}', - ${optionalString cfg.caching.apcu "'memcache.local' => '\\OC\\Memcache\\APCu',"} - 'log_type' => '${cfg.logType}', - 'loglevel' => '${builtins.toString cfg.logLevel}', - ${optionalString (c.overwriteProtocol != null) "'overwriteprotocol' => '${c.overwriteProtocol}',"} - ${optionalString (c.dbname != null) "'dbname' => '${c.dbname}',"} - ${optionalString (c.dbhost != null) "'dbhost' => '${c.dbhost}',"} - ${optionalString (c.dbport != null) "'dbport' => '${toString c.dbport}',"} - ${optionalString (c.dbuser != null) "'dbuser' => '${c.dbuser}',"} - ${optionalString (c.dbtableprefix != null) "'dbtableprefix' => '${toString c.dbtableprefix}',"} - ${ - optionalString (c.dbpassFile != null) '' - 'dbpassword' => nix_read_secret( - "${c.dbpassFile}" - ), - '' - } - 'dbtype' => '${c.dbtype}', - 'trusted_domains' => ${writePhpArray ([cfg.hostName] ++ c.extraTrustedDomains)}, - 'trusted_proxies' => ${writePhpArray (c.trustedProxies)}, - ${optionalString (c.defaultPhoneRegion != null) "'default_phone_region' => '${c.defaultPhoneRegion}',"} - ${optionalString (nextcloudGreaterOrEqualThan "23") "'profile.enabled' => ${boolToString cfg.globalProfiles},"} - ${objectstoreConfig} - ]; - - $CONFIG = array_replace_recursive($CONFIG, nix_decode_json_file( - "${jsonFormat.generate "nextcloud-extraOptions.json" cfg.extraOptions}", - "impossible: this should never happen (decoding generated extraOptions file %s failed)" - )); - - ${optionalString (cfg.secretFile != null) '' - $CONFIG = array_replace_recursive($CONFIG, nix_decode_json_file( - "${cfg.secretFile}", - "Cannot start Nextcloud, secrets file %s set by NixOS doesn't exist!" - )); - ''} - ''; - occInstallCmd = let - mkExport = { - arg, - value, - }: "export ${arg}=${value}"; - dbpass = { - arg = "DBPASS"; - value = - if c.dbpassFile != null - then ''"$(<"${toString c.dbpassFile}")"'' - else ''""''; - }; - adminpass = { - arg = "ADMINPASS"; - value = ''"$(<"${toString c.adminpassFile}")"''; - }; - installFlags = - concatStringsSep " \\\n " - (mapAttrsToList (k: v: "${k} ${toString v}") { - "--database" = ''"${c.dbtype}"''; - # The following attributes are optional depending on the type of - # database. Those that evaluate to null on the left hand side - # will be omitted. - ${ - if c.dbname != null - then "--database-name" - else null - } = ''"${c.dbname}"''; - ${ - if c.dbhost != null - then "--database-host" - else null - } = ''"${c.dbhost}"''; - ${ - if c.dbport != null - then "--database-port" - else null - } = ''"${toString c.dbport}"''; - ${ - if c.dbuser != null - then "--database-user" - else null - } = ''"${c.dbuser}"''; - "--database-pass" = "\"\$${dbpass.arg}\""; - "--admin-user" = ''"${c.adminuser}"''; - "--admin-pass" = "\"\$${adminpass.arg}\""; - "--data-dir" = ''"${datadir}/data"''; - }); - in '' - ${mkExport dbpass} - ${mkExport adminpass} - ${occ}/bin/nextcloud-occ maintenance:install \ - ${installFlags} - ''; - occSetTrustedDomainsCmd = concatStringsSep "\n" (imap0 - (i: v: '' - ${occ}/bin/nextcloud-occ config:system:set trusted_domains \ - ${toString i} --value="${toString v}" - '') ([cfg.hostName] ++ cfg.config.extraTrustedDomains)); - in { - wantedBy = ["multi-user.target"]; - before = ["phpfpm-nextcloud.service"]; - after = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service"; - requires = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service"; - path = [occ]; - script = '' - ${optionalString (c.dbpassFile != null) '' - if [ ! -r "${c.dbpassFile}" ]; then - echo "dbpassFile ${c.dbpassFile} is not readable by nextcloud:nextcloud! Aborting..." - exit 1 - fi - if [ -z "$(<${c.dbpassFile})" ]; then - echo "dbpassFile ${c.dbpassFile} is empty!" - exit 1 - fi - ''} - if [ ! -r "${c.adminpassFile}" ]; then - echo "adminpassFile ${c.adminpassFile} is not readable by nextcloud:nextcloud! Aborting..." - exit 1 - fi - if [ -z "$(<${c.adminpassFile})" ]; then - echo "adminpassFile ${c.adminpassFile} is empty!" - exit 1 - fi - - ${concatMapStrings (name: '' - if [ -d "${cfg.home}"/${name} ]; then - echo "Cleaning up ${name}; these are now bundled in the webroot store-path!" - rm -r "${cfg.home}"/${name} - fi - '') ["nix-apps" "apps"]} - - # create nextcloud directories. - # if the directories exist already with wrong permissions, we fix that - for dir in ${datadir}/config ${datadir}/data ${cfg.home}/store-apps; do - if [ ! -e $dir ]; then - install -o nextcloud -g nextcloud -d $dir - elif [ $(stat -c "%G" $dir) != "nextcloud" ]; then - chgrp -R nextcloud $dir - fi - done - - ln -sf ${overrideConfig} ${datadir}/config/override.config.php - - # Do not install if already installed - if [[ ! -e ${datadir}/config/config.php ]]; then - ${occInstallCmd} - fi - - ${occ}/bin/nextcloud-occ upgrade - - ${occ}/bin/nextcloud-occ config:system:delete trusted_domains - - ${optionalString (cfg.extraAppsEnable && cfg.extraApps != {}) '' - # Try to enable apps - ${occ}/bin/nextcloud-occ app:enable ${concatStringsSep " " (attrNames cfg.extraApps)} - ''} - - ${occSetTrustedDomainsCmd} - ''; - serviceConfig.Type = "oneshot"; - serviceConfig.User = "nextcloud"; - # On Nextcloud ≥ 26, it is not necessary to patch the database files to prevent - # an automatic creation of the database user. - environment.NC_setup_create_db_user = lib.mkIf (nextcloudGreaterOrEqualThan "26") "false"; - }; - nextcloud-cron = { - after = ["nextcloud-setup.service"]; - environment.NEXTCLOUD_CONFIG_DIR = "${datadir}/config"; - serviceConfig.Type = "oneshot"; - serviceConfig.User = "nextcloud"; - serviceConfig.ExecStart = "${phpPackage}/bin/php -f ${webroot}/cron.php"; - }; - nextcloud-update-plugins = mkIf cfg.autoUpdateApps.enable { - after = ["nextcloud-setup.service"]; - serviceConfig.Type = "oneshot"; - serviceConfig.ExecStart = "${occ}/bin/nextcloud-occ app:update --all"; - serviceConfig.User = "nextcloud"; - startAt = cfg.autoUpdateApps.startAt; - }; - }; - - services.phpfpm = { - pools.nextcloud = { - user = "nextcloud"; - group = "nextcloud"; - phpPackage = phpPackage; - phpEnv = { - NEXTCLOUD_CONFIG_DIR = "${datadir}/config"; - PATH = "/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin"; - }; - settings = - mapAttrs (name: mkDefault) { - "listen.owner" = config.services.nginx.user; - "listen.group" = config.services.nginx.group; - } - // cfg.poolSettings; - extraConfig = cfg.poolConfig; - }; - }; - - users.users.nextcloud = { - home = "${cfg.home}"; - group = "nextcloud"; - isSystemUser = true; - }; - users.groups.nextcloud.members = ["nextcloud" config.services.nginx.user]; - - environment.systemPackages = [occ]; - - services.mysql = lib.mkIf mysqlLocal { - enable = true; - package = lib.mkDefault pkgs.mariadb; - ensureDatabases = [cfg.config.dbname]; - ensureUsers = [ - { - name = cfg.config.dbuser; - ensurePermissions = {"${cfg.config.dbname}.*" = "ALL PRIVILEGES";}; - } - ]; - }; - - services.postgresql = mkIf pgsqlLocal { - enable = true; - ensureDatabases = [cfg.config.dbname]; - ensureUsers = [ - { - name = cfg.config.dbuser; - ensureDBOwnership = true; - } - ]; - }; - - services.redis.servers.nextcloud = lib.mkIf cfg.configureRedis { - enable = true; - user = "nextcloud"; - }; - - services.nextcloud = lib.mkIf cfg.configureRedis { - caching.redis = true; - extraOptions = { - "memcache.distributed" = ''\OC\Memcache\Redis''; - "memcache.locking" = ''\OC\Memcache\Redis''; - redis = { - host = config.services.redis.servers.nextcloud.unixSocket; - port = 0; - }; - }; - }; - - services.nginx.enable = mkDefault true; - - services.nginx.virtualHosts.${cfg.hostName} = { - root = webroot; - locations = { - "= /robots.txt" = { - priority = 100; - extraConfig = '' - allow all; - access_log off; - ''; - }; - "= /" = { - priority = 100; - extraConfig = '' - if ( $http_user_agent ~ ^DavClnt ) { - return 302 /remote.php/webdav/$is_args$args; - } - ''; - }; - "^~ /.well-known" = { - priority = 210; - extraConfig = '' - absolute_redirect off; - location = /.well-known/carddav { - return 301 /remote.php/dav; - } - location = /.well-known/caldav { - return 301 /remote.php/dav; - } - location ~ ^/\.well-known/(?!acme-challenge|pki-validation) { - return 301 /index.php$request_uri; - } - try_files $uri $uri/ =404; - ''; - }; - "~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)" = { - priority = 450; - extraConfig = '' - return 404; - ''; - }; - "~ ^/(?:\\.|autotest|occ|issue|indie|db_|console)" = { - priority = 450; - extraConfig = '' - return 404; - ''; - }; - "~ \\.php(?:$|/)" = { - priority = 500; - extraConfig = '' - # legacy support (i.e. static files and directories in cfg.package) - rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[s${optionalString (!ocmProviderIsNotAStaticDirAnymore) "m"}]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; - include ${config.services.nginx.package}/conf/fastcgi.conf; - fastcgi_split_path_info ^(.+?\.php)(\\/.*)$; - set $path_info $fastcgi_path_info; - try_files $fastcgi_script_name =404; - fastcgi_param PATH_INFO $path_info; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param HTTPS ${ - if cfg.https - then "on" - else "off" - }; - fastcgi_param modHeadersAvailable true; - fastcgi_param front_controller_active true; - fastcgi_pass unix:${fpm.socket}; - fastcgi_intercept_errors on; - fastcgi_request_buffering off; - fastcgi_read_timeout ${builtins.toString cfg.fastcgiTimeout}s; - ''; - }; - "~ \\.(?:css|js|mjs|svg|gif|png|jpg|jpeg|ico|wasm|tflite|map|html|ttf|bcmap|mp4|webm|ogg|flac)$".extraConfig = '' - try_files $uri /index.php$request_uri; - expires 6M; - access_log off; - location ~ \.mjs$ { - default_type text/javascript; - } - location ~ \.wasm$ { - default_type application/wasm; - } - ''; - "~ ^\\/(?:updater|ocs-provider${optionalString (!ocmProviderIsNotAStaticDirAnymore) "|ocm-provider"})(?:$|\\/)".extraConfig = '' - try_files $uri/ =404; - index index.php; - ''; - "/remote" = { - priority = 1500; - extraConfig = '' - return 301 /remote.php$request_uri; - ''; - }; - "/" = { - priority = 1600; - extraConfig = '' - try_files $uri $uri/ /index.php$request_uri; - ''; - }; - }; - extraConfig = '' - index index.php index.html /index.php$request_uri; - ${optionalString (cfg.nginx.recommendedHttpHeaders) '' - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag "noindex, nofollow"; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - add_header X-Frame-Options sameorigin; - add_header Referrer-Policy no-referrer; - ''} - ${optionalString (cfg.https) '' - add_header Strict-Transport-Security "max-age=${toString cfg.nginx.hstsMaxAge}; includeSubDomains" always; - ''} - client_max_body_size ${cfg.maxUploadSize}; - fastcgi_buffers 64 4K; - fastcgi_hide_header X-Powered-By; - gzip on; - gzip_vary on; - gzip_comp_level 4; - gzip_min_length 256; - gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - - ${optionalString cfg.webfinger '' - rewrite ^/.well-known/host-meta /public.php?service=host-meta last; - rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; - ''} - ''; - }; - } - ]); - - meta.doc = ./nextcloud.md; -} From 5a9ee7e1065ddd7ad8bf30ab37032426ed0fdcf3 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 17 Jan 2024 07:44:00 +0000 Subject: [PATCH 250/826] feat: added another alias --- config/users.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/config/users.nix b/config/users.nix index 28dcccf..4cc356a 100644 --- a/config/users.nix +++ b/config/users.nix @@ -377,6 +377,7 @@ in { # former aliases "david.dolphin" "cc" + "mark.brennan" ]; }; }; From 80c6fac51a01f3a6fecaf343b700546a88db6c0a Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 25 Jan 2024 21:55:04 +0000 Subject: [PATCH 251/826] feat: make eliza admin --- config/users.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/users.nix b/config/users.nix index 4cc356a..c6e4f3c 100644 --- a/config/users.nix +++ b/config/users.nix @@ -55,9 +55,9 @@ in { "silver" "evanc" "eoghanconlon73" + "eliza" ]; trainee = [ - "eliza" "milan" "esy" "kronsy" From ccf090b84162e1171cf83dea4e253628a0d76aeb Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 27 Jan 2024 18:53:49 +0000 Subject: [PATCH 252/826] feat: Added functionality to have dns for non nixos servers Closes #52 --- applications/dns.nix | 88 +++++++++++++++++++++++--------------------- config/dns.nix | 46 +++++++++++++++++++++++ 2 files changed, 92 insertions(+), 42 deletions(-) create mode 100644 config/dns.nix diff --git a/applications/dns.nix b/applications/dns.nix index 973b956..b912991 100644 --- a/applications/dns.nix +++ b/applications/dns.nix @@ -240,47 +240,49 @@ old = ""; }; - records = builtins.concatLists ( - lib.attrsets.mapAttrsToList ( - key: value: let - details_server = value.config.skynet_dns.server; - details_records = value.config.skynet_dns.records; - in - if builtins.hasAttr "skynet_dns" value.config - then - ( - # got to handle habing a dns record for the dns serves themselves. - if details_server.enable - then - ( - if details_server.primary - then - details_records - ++ [ - { - record = "ns1"; - r_type = "A"; - value = details_server.ip; - server = false; - } - ] - else - details_records - ++ [ - { - record = "ns2"; - r_type = "A"; - value = details_server.ip; - server = false; - } - ] - ) - else details_records - ) - else [] - ) - nodes - ); + records = + config.skynet.records + ++ builtins.concatLists ( + lib.attrsets.mapAttrsToList ( + key: value: let + details_server = value.config.skynet_dns.server; + details_records = value.config.skynet_dns.records; + in + if builtins.hasAttr "skynet_dns" value.config + then + ( + # got to handle habing a dns record for the dns serves themselves. + if details_server.enable + then + ( + if details_server.primary + then + details_records + ++ [ + { + record = "ns1"; + r_type = "A"; + value = details_server.ip; + server = false; + } + ] + else + details_records + ++ [ + { + record = "ns2"; + r_type = "A"; + value = details_server.ip; + server = false; + } + ] + ) + else details_records + ) + else [] + ) + nodes + ); nameserver = if cfg.server.primary @@ -288,7 +290,8 @@ else "ns2"; in { imports = [ - ../applications/firewall.nix + ./firewall.nix + ../config/dns.nix ]; options = { @@ -313,6 +316,7 @@ in { }; }; + # mirrorred in ../config/dns.nix records = lib.mkOption { description = "Records, sorted based on therir type"; type = with lib.types; diff --git a/config/dns.nix b/config/dns.nix new file mode 100644 index 0000000..24e45d3 --- /dev/null +++ b/config/dns.nix @@ -0,0 +1,46 @@ +{lib, ...}: { + imports = [ + # Paths to other modules. + # Compose this module out of smaller ones. + ]; + + # this needs to mirror ../applications/dns.nix + options.skynet.records = lib.mkOption { + description = "Records, sorted based on therir type"; + type = with lib.types; + listOf (submodule { + options = { + record = lib.mkOption { + type = str; + }; + r_type = lib.mkOption { + type = enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"]; + }; + value = lib.mkOption { + type = str; + }; + server = lib.mkOption { + description = "Core record for a server"; + type = bool; + default = false; + }; + }; + }); + }; + + config = { + skynet.records = [ + #{ + # record = "bumblebee"; + # r_type = "A"; + # value = "193.1.99.91"; + # server = true; + #} + #{ + # record = "testing"; + # r_type = "CNAME"; + # value = "bumblebee"; + #} + ]; + }; +} From c8260ad05e0084acefa843a41ff915e41adaecb6 Mon Sep 17 00:00:00 2001 From: Eliza Macovei Date: Sat, 27 Jan 2024 20:42:19 +0000 Subject: [PATCH 253/826] Update file dns.nix --- config/dns.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/config/dns.nix b/config/dns.nix index 24e45d3..14a3401 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -30,6 +30,17 @@ config = { skynet.records = [ + { + record = "optimus"; + r_type = "A"; + value = "193.1.99.90"; + server = true; + }, + { + record = "panel.games"; + r_type = "CNAME"; + value = "panel.games"; + } #{ # record = "bumblebee"; # r_type = "A"; From 215ba411fbb084c50f68e46e4b63c31878b0dd26 Mon Sep 17 00:00:00 2001 From: Eliza Macovei Date: Sat, 27 Jan 2024 20:43:02 +0000 Subject: [PATCH 254/826] Update file dns.nix --- config/dns.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/dns.nix b/config/dns.nix index 14a3401..109a242 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -31,7 +31,7 @@ config = { skynet.records = [ { - record = "optimus"; + record = "optimus-reborn"; r_type = "A"; value = "193.1.99.90"; server = true; From e7d47fa8732643e40be213620d721958eff4b11f Mon Sep 17 00:00:00 2001 From: Eliza Macovei Date: Sat, 27 Jan 2024 20:44:36 +0000 Subject: [PATCH 255/826] Update file dns.nix --- config/dns.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/dns.nix b/config/dns.nix index 109a242..75b772e 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -39,7 +39,7 @@ { record = "panel.games"; r_type = "CNAME"; - value = "panel.games"; + value = "optimus-reborn"; } #{ # record = "bumblebee"; From 16bae0bf8f256961f955622688329216bd4b9f0d Mon Sep 17 00:00:00 2001 From: Eliza Macovei Date: Sat, 27 Jan 2024 20:49:18 +0000 Subject: [PATCH 256/826] Added config folder to changes --- .gitlab-ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f9d6ad4..4d7684a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -78,6 +78,7 @@ sync_repos: - secrets/**/* - flake.* - .gitlab-ci.yml + - config/**/* # deploy items only run on main .deploy_template: &deployment @@ -92,6 +93,7 @@ sync_repos: - applications/**/* - machines/**/* - secrets/**/* + - config/**/* linter: <<: *builder @@ -152,4 +154,4 @@ deploy_gitlab: stage: deploy_gitlab script: - colmena apply -v --on @active-gitlab - when: manual \ No newline at end of file + when: manual From a7231e0d6df0511d60ff86d85b10bbbe79fc6ff3 Mon Sep 17 00:00:00 2001 From: Eliza Macovei Date: Sat, 27 Jan 2024 20:57:58 +0000 Subject: [PATCH 257/826] Fix error --- config/dns.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/dns.nix b/config/dns.nix index 75b772e..b64c2c3 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -35,7 +35,7 @@ r_type = "A"; value = "193.1.99.90"; server = true; - }, + } { record = "panel.games"; r_type = "CNAME"; From 6f9d30cb87132253ef355036654f69aaa905a8e7 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 27 Jan 2024 21:30:43 +0000 Subject: [PATCH 258/826] fix: going back to our own module for bitwarden cli --- .../bitwarden-directory-connector-cli.nix | 324 ++++++++++++++++++ applications/bitwarden/bitwarden_sync.nix | 4 +- 2 files changed, 327 insertions(+), 1 deletion(-) create mode 100644 applications/bitwarden/bitwarden-directory-connector-cli.nix diff --git a/applications/bitwarden/bitwarden-directory-connector-cli.nix b/applications/bitwarden/bitwarden-directory-connector-cli.nix new file mode 100644 index 0000000..80f8123 --- /dev/null +++ b/applications/bitwarden/bitwarden-directory-connector-cli.nix @@ -0,0 +1,324 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.services.bitwarden-directory-connector-cli; +in { + disabledModules = [ "services/security/bitwarden-directory-connector-cli.nix" ]; + + options.services.bitwarden-directory-connector-cli = { + enable = mkEnableOption "Bitwarden Directory Connector"; + + package = mkPackageOption pkgs "bitwarden-directory-connector-cli" {}; + + domain = mkOption { + type = types.str; + description = lib.mdDoc "The domain the Bitwarden/Vaultwarden is accessible on."; + example = "https://vaultwarden.example.com"; + }; + + user = mkOption { + type = types.str; + description = lib.mdDoc "User to run the program."; + default = "bwdc"; + }; + + interval = mkOption { + type = types.str; + default = "*:0,15,30,45"; + description = lib.mdDoc "The interval when to run the connector. This uses systemd's OnCalendar syntax."; + }; + + ldap = mkOption { + description = lib.mdDoc '' + Options to configure the LDAP connection. + If you used the desktop application to test the configuration you can find the settings by searching for `ldap` in `~/.config/Bitwarden\ Directory\ Connector/data.json`. + ''; + default = {}; + type = types.submodule ({ + config, + options, + ... + }: { + freeformType = types.attrsOf (pkgs.formats.json {}).type; + + config.finalJSON = builtins.toJSON (removeAttrs config (filter (x: x == "finalJSON" || ! options.${x}.isDefined or false) (attrNames options))); + + options = { + finalJSON = mkOption { + type = (pkgs.formats.json {}).type; + internal = true; + readOnly = true; + visible = false; + }; + + ssl = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Whether to use TLS."; + }; + startTls = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Whether to use STARTTLS."; + }; + + hostname = mkOption { + type = types.str; + description = lib.mdDoc "The host the LDAP is accessible on."; + example = "ldap.example.com"; + }; + + port = mkOption { + type = types.port; + default = 389; + description = lib.mdDoc "Port LDAP is accessible on."; + }; + + ad = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Whether the LDAP Server is an Active Directory."; + }; + + pagedSearch = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Whether the LDAP server paginates search results."; + }; + + rootPath = mkOption { + type = types.str; + description = lib.mdDoc "Root path for LDAP."; + example = "dc=example,dc=com"; + }; + + username = mkOption { + type = types.str; + description = lib.mdDoc "The user to authenticate as."; + example = "cn=admin,dc=example,dc=com"; + }; + }; + }); + }; + + sync = mkOption { + description = lib.mdDoc '' + Options to configure what gets synced. + If you used the desktop application to test the configuration you can find the settings by searching for `sync` in `~/.config/Bitwarden\ Directory\ Connector/data.json`. + ''; + default = {}; + type = types.submodule ({ + config, + options, + ... + }: { + freeformType = types.attrsOf (pkgs.formats.json {}).type; + + config.finalJSON = builtins.toJSON (removeAttrs config (filter (x: x == "finalJSON" || ! options.${x}.isDefined or false) (attrNames options))); + + options = { + finalJSON = mkOption { + type = (pkgs.formats.json {}).type; + internal = true; + readOnly = true; + visible = false; + }; + + removeDisabled = mkOption { + type = types.bool; + default = true; + description = lib.mdDoc "Remove users from bitwarden groups if no longer in the ldap group."; + }; + + overwriteExisting = mkOption { + type = types.bool; + default = false; + description = + lib.mdDoc "Remove and re-add users/groups, See https://bitwarden.com/help/user-group-filters/#overwriting-syncs for more details."; + }; + + largeImport = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Enable if you are syncing more than 2000 users/groups."; + }; + + memberAttribute = mkOption { + type = types.str; + description = lib.mdDoc "Attribute that lists members in a LDAP group."; + example = "uniqueMember"; + }; + + creationDateAttribute = mkOption { + type = types.str; + description = lib.mdDoc "Attribute that lists a user's creation date."; + example = "whenCreated"; + }; + + useEmailPrefixSuffix = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "If a user has no email address, combine a username prefix with a suffix value to form an email."; + }; + emailPrefixAttribute = mkOption { + type = types.str; + description = lib.mdDoc "The attribute that contains the users username."; + example = "accountName"; + }; + emailSuffix = mkOption { + type = types.str; + description = lib.mdDoc "Suffix for the email, normally @example.com."; + example = "@example.com"; + }; + + users = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Sync users."; + }; + userPath = mkOption { + type = types.str; + description = lib.mdDoc "User directory, relative to root."; + default = "ou=users"; + }; + userObjectClass = mkOption { + type = types.str; + description = lib.mdDoc "Class that users must have."; + default = "inetOrgPerson"; + }; + userEmailAttribute = mkOption { + type = types.str; + description = lib.mdDoc "Attribute for a users email."; + default = "mail"; + }; + userFilter = mkOption { + type = types.str; + description = lib.mdDoc "LDAP filter for users."; + example = "(memberOf=cn=sales,ou=groups,dc=example,dc=com)"; + default = ""; + }; + + groups = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Whether to sync ldap groups into BitWarden."; + }; + groupPath = mkOption { + type = types.str; + description = lib.mdDoc "Group directory, relative to root."; + default = "ou=groups"; + }; + groupObjectClass = mkOption { + type = types.str; + description = lib.mdDoc "A class that groups will have."; + default = "groupOfNames"; + }; + groupNameAttribute = mkOption { + type = types.str; + description = lib.mdDoc "Attribute for a name of group."; + default = "cn"; + }; + groupFilter = mkOption { + type = types.str; + description = lib.mdDoc "LDAP filter for groups."; + example = "(cn=sales)"; + default = ""; + }; + }; + }); + }; + + secrets = { + ldap = mkOption { + type = types.str; + description = "Path to file that contains LDAP password for user in {option}`ldap.username"; + }; + + bitwarden = { + client_path_id = mkOption { + type = types.str; + description = "Path to file that contains Client ID."; + }; + client_path_secret = mkOption { + type = types.str; + description = "Path to file that contains Client Secret."; + }; + }; + }; + }; + + config = mkIf cfg.enable { + users.groups."${cfg.user}" = {}; + users.users."${cfg.user}" = { + isSystemUser = true; + group = cfg.user; + }; + + systemd = { + timers.bitwarden-directory-connector-cli = { + description = "Sync timer for Bitwarden Directory Connector"; + wantedBy = ["timers.target"]; + after = ["network-online.target"]; + timerConfig = { + OnCalendar = cfg.interval; + Unit = "bitwarden-directory-connector-cli.service"; + Persistent = true; + }; + }; + + services.bitwarden-directory-connector-cli = { + description = "Main process for Bitwarden Directory Connector"; + + environment = { + BITWARDENCLI_CONNECTOR_APPDATA_DIR = "/tmp"; + BITWARDENCLI_CONNECTOR_PLAINTEXT_SECRETS = "true"; + }; + + serviceConfig = { + Type = "oneshot"; + User = "${cfg.user}"; + PrivateTmp = true; + ExecStartPre = pkgs.writeShellScript "bitwarden_directory_connector-config" '' + set -eo pipefail + + # create the config file + ${lib.getExe cfg.package} data-file + touch /tmp/data.json.tmp + chmod 600 /tmp/data.json{,.tmp} + + ${lib.getExe cfg.package} config server ${cfg.domain} + + # now login to set credentials + export BW_CLIENTID="$(< ${escapeShellArg cfg.secrets.bitwarden.client_path_id})" + export BW_CLIENTSECRET="$(< ${escapeShellArg cfg.secrets.bitwarden.client_path_secret})" + ${lib.getExe cfg.package} login + + ${lib.getExe pkgs.jq} '.authenticatedAccounts[0] as $account + | .[$account].directoryConfigurations.ldap |= $ldap_data + | .[$account].directorySettings.organizationId |= $orgID + | .[$account].directorySettings.sync |= $sync_data' \ + --argjson ldap_data ${escapeShellArg cfg.ldap.finalJSON} \ + --arg orgID "''${BW_CLIENTID//organization.}" \ + --argjson sync_data ${escapeShellArg cfg.sync.finalJSON} \ + /tmp/data.json \ + > /tmp/data.json.tmp + + mv -f /tmp/data.json.tmp /tmp/data.json + + # final config + ${lib.getExe cfg.package} config directory 0 + ${lib.getExe cfg.package} config ldap.password --secretfile ${cfg.secrets.ldap} + ''; + + ExecStart = "${lib.getExe cfg.package} sync"; + }; + }; + }; + }; + + meta.maintainers = with maintainers; [Silver-Golden]; +} diff --git a/applications/bitwarden/bitwarden_sync.nix b/applications/bitwarden/bitwarden_sync.nix index db8b970..88104d0 100644 --- a/applications/bitwarden/bitwarden_sync.nix +++ b/applications/bitwarden/bitwarden_sync.nix @@ -6,7 +6,9 @@ }: let user = "bwdc"; in { - imports = []; + imports = [ + ./bitwarden-directory-connector-cli.nix + ]; options = {}; From 46cae94f99d1bb08c39db67d7307590a61bde85c Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 27 Jan 2024 21:38:30 +0000 Subject: [PATCH 259/826] fmt: forgot to format --- applications/bitwarden/bitwarden-directory-connector-cli.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/bitwarden/bitwarden-directory-connector-cli.nix b/applications/bitwarden/bitwarden-directory-connector-cli.nix index 80f8123..85ed64f 100644 --- a/applications/bitwarden/bitwarden-directory-connector-cli.nix +++ b/applications/bitwarden/bitwarden-directory-connector-cli.nix @@ -7,7 +7,7 @@ with lib; let cfg = config.services.bitwarden-directory-connector-cli; in { - disabledModules = [ "services/security/bitwarden-directory-connector-cli.nix" ]; + disabledModules = ["services/security/bitwarden-directory-connector-cli.nix"]; options.services.bitwarden-directory-connector-cli = { enable = mkEnableOption "Bitwarden Directory Connector"; From 39594e59730cbb21ac61829d41bb9fd991d6f158 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 27 Jan 2024 23:04:48 +0000 Subject: [PATCH 260/826] fix: the network issues --- machines/_base.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/machines/_base.nix b/machines/_base.nix index f0e5167..d83e75b 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -123,6 +123,9 @@ in { # use teh above nameservers as the fallback dns services.resolved.fallbackDns = config.networking.nameservers; + # https://discourse.nixos.org/t/systemd-networkd-wait-online-934764-timeout-occurred-while-waiting-for-network-connectivity/33656/9 + systemd.network.wait-online.enable = false; + environment.systemPackages = [ # for flakes pkgs.git From 6b0507a647cc55e3c492e7e8ccdd5d635c763d50 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 31 Jan 2024 15:43:18 +0000 Subject: [PATCH 261/826] fix: redirect root IP's in nginx to skynet.ie --- applications/bitwarden/vaultwarden.nix | 17 ++++++++++++----- applications/email.nix | 6 ++++++ applications/games.nix | 6 ++++++ applications/games/minecraft.nix | 6 ++++++ applications/gitlab.nix | 6 ++++++ applications/nextcloud.nix | 5 +++++ applications/skynet_users.nix | 6 ++++++ applications/ulfm.nix | 20 ++++++++++++++++---- 8 files changed, 63 insertions(+), 9 deletions(-) diff --git a/applications/bitwarden/vaultwarden.nix b/applications/bitwarden/vaultwarden.nix index 22808e9..3e0c84e 100644 --- a/applications/bitwarden/vaultwarden.nix +++ b/applications/bitwarden/vaultwarden.nix @@ -47,11 +47,18 @@ in { } ]; - services.nginx.virtualHosts."${domain}" = { - forceSSL = true; - useACMEHost = "skynet"; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}"; + services.nginx.virtualHosts = { + "${cfg.host.ip}" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/".return = "307 https://skynet.ie"; + }; + "${domain}" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}"; + }; }; }; diff --git a/applications/email.nix b/applications/email.nix index 7a9a568..0e39139 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -245,6 +245,12 @@ in { # to provide the certs services.nginx.virtualHosts = { + "${cfg.host.ip}" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/".return = "307 https://skynet.ie"; + }; + "mail.skynet.ie" = { forceSSL = true; useACMEHost = "mail"; diff --git a/applications/games.nix b/applications/games.nix index 4959f25..1c35588 100644 --- a/applications/games.nix +++ b/applications/games.nix @@ -60,6 +60,12 @@ in { ]; services.nginx.virtualHosts = { + "${cfg.host.ip}" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/".return = "307 https://skynet.ie"; + }; + "${cfg.domain.sub}.skynet.ie" = { forceSSL = true; useACMEHost = "skynet"; diff --git a/applications/games/minecraft.nix b/applications/games/minecraft.nix index 5bd427a..5d51620 100644 --- a/applications/games/minecraft.nix +++ b/applications/games/minecraft.nix @@ -108,6 +108,12 @@ in { ]; services.nginx.virtualHosts = { + "${cfg.host.ip}" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/".return = "307 https://skynet.ie"; + }; + # https://config.minecraft.games.skynet.ie "config.${short_domain}" = { forceSSL = true; diff --git a/applications/gitlab.nix b/applications/gitlab.nix index d97b48e..36b2aae 100644 --- a/applications/gitlab.nix +++ b/applications/gitlab.nix @@ -150,6 +150,12 @@ in { services.openssh.ports = [22 2222]; services.nginx.virtualHosts = { + "${cfg.host.ip}" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/".return = "307 https://skynet.ie"; + }; + # main site "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = { forceSSL = true; diff --git a/applications/nextcloud.nix b/applications/nextcloud.nix index 078408c..f177132 100644 --- a/applications/nextcloud.nix +++ b/applications/nextcloud.nix @@ -108,6 +108,11 @@ in { }; services.nginx.virtualHosts = { + "${cfg.host.ip}" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/".return = "307 https://skynet.ie"; + }; ${domain} = { forceSSL = true; useACMEHost = "skynet"; diff --git a/applications/skynet_users.nix b/applications/skynet_users.nix index 66c3386..cc0fd22 100644 --- a/applications/skynet_users.nix +++ b/applications/skynet_users.nix @@ -68,6 +68,12 @@ in { systemd.services.nginx.serviceConfig.ProtectHome = "read-only"; services.nginx.virtualHosts = { + "${cfg.host.ip}" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/".return = "307 https://skynet.ie"; + }; + # main site "*.users.skynet.ie" = { forceSSL = true; diff --git a/applications/ulfm.nix b/applications/ulfm.nix index ede9a33..36329f9 100644 --- a/applications/ulfm.nix +++ b/applications/ulfm.nix @@ -93,10 +93,22 @@ in { }; }; - services.nginx.virtualHosts."${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = { - forceSSL = true; - useACMEHost = "skynet"; - locations."/".proxyPass = "http://localhost:8000"; + services.nginx = { + enable = true; + group = "acme"; + + virtualHosts = { + "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/".proxyPass = "http://localhost:8000"; + }; + "${cfg.host.ip}" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/".return = "307 https://skynet.ie"; + }; + }; }; }; } From e8637b1f39e6da3092a90f08a7013a39b71f354a Mon Sep 17 00:00:00 2001 From: runner_nix Date: Fri, 2 Feb 2024 14:40:41 +0000 Subject: [PATCH 262/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 6545503..2fdc821 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1698519699, - "narHash": "sha256-GK8NGWeG2gf3z/ktT0rzDVfj1UsaXxDLcSWCz6tsYSY=", + "lastModified": 1706884793, + "narHash": "sha256-74BI6bZcHeqXWDIdapBIPvJIYI51bLlMYbnkH2UxGDc=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations%2Fpresentations", - "rev": "7f451b04c5cffda1558e58f65a53dbc89a678446", + "rev": "db3ed9b0bd31dc2e23c3726141e47a45053e4b0b", "type": "gitlab" }, "original": { From 3c6250f54be1f8fb06ed8583687fdcf36d9bb84a Mon Sep 17 00:00:00 2001 From: runner_nix Date: Fri, 2 Feb 2024 17:06:08 +0000 Subject: [PATCH 263/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 2fdc821..8636ad2 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1706884793, - "narHash": "sha256-74BI6bZcHeqXWDIdapBIPvJIYI51bLlMYbnkH2UxGDc=", + "lastModified": 1706893483, + "narHash": "sha256-x9OWItfCPTQA9klaN2gpaNLdqUVS0beUMdxbjmc7WgE=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations%2Fpresentations", - "rev": "db3ed9b0bd31dc2e23c3726141e47a45053e4b0b", + "rev": "54d1fd58213e087d63331a0d94ea723617207e20", "type": "gitlab" }, "original": { From 2acaf29f634aff2fb24ba5b5996eb97dc0a86ef8 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 4 Feb 2024 20:17:46 +0000 Subject: [PATCH 264/826] [skip ci] fix: bump nixpkgs --- README.md | 2 ++ flake.lock | 83 +++++++++++++++++++++++------------------------------- flake.nix | 1 + 3 files changed, 38 insertions(+), 48 deletions(-) diff --git a/README.md b/README.md index e26bdc6..f98fd97 100644 --- a/README.md +++ b/README.md @@ -98,6 +98,8 @@ We should be updating ``nixpkgs`` at least once a semester, ideally to teh next ```shell nix flake lock --update-input nixpkgs +# newser versions +nix flake update nixpkgs ``` ### Formatting diff --git a/flake.lock b/flake.lock index 6545503..7b5edc8 100644 --- a/flake.lock +++ b/flake.lock @@ -293,7 +293,7 @@ }, "naersk_2": { "inputs": { - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1692351612, @@ -311,7 +311,7 @@ }, "naersk_3": { "inputs": { - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1686572087, @@ -374,20 +374,6 @@ } }, "nixpkgs_10": { - "locked": { - "lastModified": 1687011986, - "narHash": "sha256-ZNSi/wBw12d7LO8YcZ4aehIlPp4lgSkKbrHaoF80IKI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2c09e8eb8717e240ef9c5727c1cc9186db9fb309", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_11": { "locked": { "lastModified": 1686921029, "narHash": "sha256-J1bX9plPCFhTSh6E3TWn9XSxggBh/zDD4xigyaIQBy8=", @@ -402,7 +388,7 @@ "type": "indirect" } }, - "nixpkgs_12": { + "nixpkgs_11": { "locked": { "lastModified": 1687274257, "narHash": "sha256-TutzPriQcZ8FghDhEolnHcYU2oHIG5XWF+/SUBNnAOE=", @@ -416,7 +402,7 @@ "type": "indirect" } }, - "nixpkgs_13": { + "nixpkgs_12": { "locked": { "lastModified": 1689935543, "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", @@ -430,7 +416,7 @@ "type": "indirect" } }, - "nixpkgs_14": { + "nixpkgs_13": { "locked": { "lastModified": 1690026219, "narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=", @@ -444,7 +430,7 @@ "type": "indirect" } }, - "nixpkgs_15": { + "nixpkgs_14": { "locked": { "lastModified": 1695978539, "narHash": "sha256-lta5HToBZMWZ2hl5CautNSUgIZViR41QxN7JKbMAjgQ=", @@ -458,7 +444,7 @@ "type": "indirect" } }, - "nixpkgs_16": { + "nixpkgs_15": { "locked": { "lastModified": 1695837737, "narHash": "sha256-KcqmJ5hNacLuE7fkz5586kp/vt4NLo6+Prq3DMgrxpQ=", @@ -532,11 +518,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1704722960, - "narHash": "sha256-mKGJ3sPsT6//s+Knglai5YflJUF2DGj7Ai6Ynopz0kI=", + "lastModified": 1706913249, + "narHash": "sha256-x3M7iV++CsvRXI1fpyFPduGELUckZEhSv0XWnUopAG8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "317484b1ead87b9c1b8ac5261a8d2dd748a0492d", + "rev": "e92b6015881907e698782c77641aa49298330223", "type": "github" }, "original": { @@ -546,21 +532,6 @@ } }, "nixpkgs_7": { - "locked": { - "lastModified": 1670751203, - "narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-unstable", - "type": "indirect" - } - }, - "nixpkgs_8": { "locked": { "lastModified": 1693060755, "narHash": "sha256-KNsbfqewEziFJEpPR0qvVz4rx0x6QXxw1CcunRhlFdk=", @@ -574,7 +545,7 @@ "type": "indirect" } }, - "nixpkgs_9": { + "nixpkgs_8": { "locked": { "lastModified": 1693087214, "narHash": "sha256-Kn1SSqRfPpqcI1MDy82JXrPT1WI8c03TA2F0xu6kS+4=", @@ -589,6 +560,20 @@ "type": "indirect" } }, + "nixpkgs_9": { + "locked": { + "lastModified": 1687011986, + "narHash": "sha256-ZNSi/wBw12d7LO8YcZ4aehIlPp4lgSkKbrHaoF80IKI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2c09e8eb8717e240ef9c5727c1cc9186db9fb309", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -628,7 +613,9 @@ "inputs": { "blobs": "blobs", "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs_7", + "nixpkgs": [ + "nixpkgs" + ], "nixpkgs-22_11": "nixpkgs-22_11", "nixpkgs-23_05": "nixpkgs-23_05", "utils": "utils_3" @@ -652,7 +639,7 @@ "skynet_discord_bot": { "inputs": { "naersk": "naersk_2", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_8", "utils": "utils_4" }, "locked": { @@ -674,7 +661,7 @@ "skynet_ldap_backend": { "inputs": { "naersk": "naersk_3", - "nixpkgs": "nixpkgs_11", + "nixpkgs": "nixpkgs_10", "utils": "utils_5" }, "locked": { @@ -695,7 +682,7 @@ }, "skynet_ldap_frontend": { "inputs": { - "nixpkgs": "nixpkgs_12", + "nixpkgs": "nixpkgs_11", "utils": "utils_6" }, "locked": { @@ -716,7 +703,7 @@ }, "skynet_website": { "inputs": { - "nixpkgs": "nixpkgs_13", + "nixpkgs": "nixpkgs_12", "utils": "utils_7" }, "locked": { @@ -737,7 +724,7 @@ }, "skynet_website_2016": { "inputs": { - "nixpkgs": "nixpkgs_14", + "nixpkgs": "nixpkgs_13", "utils": "utils_8" }, "locked": { @@ -758,7 +745,7 @@ }, "skynet_website_games": { "inputs": { - "nixpkgs": "nixpkgs_15", + "nixpkgs": "nixpkgs_14", "utils": "utils_9" }, "locked": { @@ -779,7 +766,7 @@ }, "skynet_website_renew": { "inputs": { - "nixpkgs": "nixpkgs_16", + "nixpkgs": "nixpkgs_15", "utils": "utils_10" }, "locked": { diff --git a/flake.nix b/flake.nix index b63aa6b..66eb62f 100644 --- a/flake.nix +++ b/flake.nix @@ -19,6 +19,7 @@ # email # simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; simple-nixos-mailserver = { + inputs.nixpkgs.follows = "nixpkgs"; type = "gitlab"; host = "gitlab.skynet.ie"; owner = "compsoc1%2Fskynet"; From 6de8f1e9637be700a993196e5a0b9dbdf3614740 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 4 Feb 2024 21:39:57 +0000 Subject: [PATCH 265/826] fix: email how the sive was handled changed slighty, this is a temp fix Signed-off-by: Brendan Golden --- applications/email.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/applications/email.nix b/applications/email.nix index 0e39139..6633970 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -410,6 +410,9 @@ in { ''; }; + # for https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/275 + services.dovecot2.sieve.extensions = ["fileinto"]; + mailserver = { enable = true; fqdn = "${cfg.sub}.${cfg.domain}"; From 7ccc78c5bdda8c56834698789c58a522fb1d4a01 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 5 Feb 2024 17:10:14 +0000 Subject: [PATCH 266/826] [skip ci] Updated flake for skynet_website_renew --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index cedee81..bb61a3b 100644 --- a/flake.lock +++ b/flake.lock @@ -771,11 +771,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1696453842, - "narHash": "sha256-q33InJdgtxep17k5rXLNLunxC9Jdvv5nC0Hc+2NxMZA=", + "lastModified": 1707152932, + "narHash": "sha256-Dd4bvrWVoPME1OT998f3PBx/kDlC3spmr22snU0CRC0=", "owner": "compsoc1%2Fskynet", "repo": "website%2Falumni-renew", - "rev": "0e5ddb75723fc3baae19611114cb59b4673d48e0", + "rev": "43a17dd41708e6a3b0360f2f95a14c67560467c4", "type": "gitlab" }, "original": { From 2c3e87b4d84a17590849f3707deee1e5651e1cea Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 5 Feb 2024 17:30:53 +0000 Subject: [PATCH 267/826] [skip ci] Updated flake for skynet_website --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index bb61a3b..2b56540 100644 --- a/flake.lock +++ b/flake.lock @@ -708,11 +708,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1696876711, - "narHash": "sha256-WdZQBLTX6WK8iT7FwvD6sNEefGwtAWmzxZzCvvmDxGo=", + "lastModified": 1707154174, + "narHash": "sha256-oUOD6aIy8KvIsiAWxLApPgAkigDZwp3xZ8bmhKoWszY=", "owner": "compsoc1%2Fskynet", "repo": "website%2F2023", - "rev": "c4d61c753292bf73ed41b47b1607cfc92a82a191", + "rev": "c81db388fac570a8cb646391ea461b9e60282043", "type": "gitlab" }, "original": { From 26e715b2f62e406deee5e773ebcc3e3c3d200186 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 9 Feb 2024 12:47:20 +0000 Subject: [PATCH 268/826] fix: some error warnings cleared --- applications/email.nix | 2 +- applications/nextcloud.nix | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/applications/email.nix b/applications/email.nix index 6633970..82e9e7f 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -465,7 +465,7 @@ in { ]; }; - services.dovecot2.sieveScripts = { + services.dovecot2.sieve.scripts = { before = configFile; }; diff --git a/applications/nextcloud.nix b/applications/nextcloud.nix index f177132..a915980 100644 --- a/applications/nextcloud.nix +++ b/applications/nextcloud.nix @@ -91,10 +91,10 @@ in { appstoreEnable = true; extraApps = with config.services.nextcloud.package.packages.apps; { - inherit forms groupfolders mail maps notes onlyoffice polls; + inherit forms groupfolders maps notes onlyoffice polls; }; - extraOptions = { + settings = { trusted_proxies = ["193.1.99.65"]; default_phone_region = "IE"; mail_smtpmode = "sendmail"; From 8f60f9dea0429f81c69be3f7063b2d66a512bd47 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sat, 10 Feb 2024 18:26:11 +0000 Subject: [PATCH 269/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 2b56540..55a987b 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1706893483, - "narHash": "sha256-x9OWItfCPTQA9klaN2gpaNLdqUVS0beUMdxbjmc7WgE=", + "lastModified": 1707589534, + "narHash": "sha256-PJyu+NQ2dAM13+9hdF88SPYizZ0h4L2QCNkHys4RFqw=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations%2Fpresentations", - "rev": "54d1fd58213e087d63331a0d94ea723617207e20", + "rev": "58d49a20d7a13f74eedceccc68d4de9f1eae677e", "type": "gitlab" }, "original": { From 7ed840e20413defd59ac0c132b007864eb8652d3 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sat, 10 Feb 2024 20:06:07 +0000 Subject: [PATCH 270/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 55a987b..1f6cae6 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1707589534, - "narHash": "sha256-PJyu+NQ2dAM13+9hdF88SPYizZ0h4L2QCNkHys4RFqw=", + "lastModified": 1707595535, + "narHash": "sha256-L2NOgjl3aJcHk5vcQOzqJQAk6HBHsizgcWRJJf3BvPw=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations%2Fpresentations", - "rev": "58d49a20d7a13f74eedceccc68d4de9f1eae677e", + "rev": "2c15b65dbf92719e207aa27493036b434f6bd9b8", "type": "gitlab" }, "original": { From 40f33f28aa752bad4c58fa7150f6698b71aa7004 Mon Sep 17 00:00:00 2001 From: Eliza Macovei Date: Fri, 16 Feb 2024 00:08:57 +0000 Subject: [PATCH 271/826] Update file dns.nix --- config/dns.nix | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/config/dns.nix b/config/dns.nix index b64c2c3..672032b 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -41,17 +41,22 @@ r_type = "CNAME"; value = "optimus-reborn"; } - #{ - # record = "bumblebee"; - # r_type = "A"; - # value = "193.1.99.91"; - # server = true; - #} - #{ - # record = "testing"; - # r_type = "CNAME"; - # value = "bumblebee"; - #} + { + record = "bumblebee"; + r_type = "A"; + value = "193.1.99.91"; + server = true; + } + { + record = "minecraft.compsoc.games"; + r_type = "CNAME"; + value = "bumblebee"; + } + { + record = "_minecraft._tcp.minecraft.compsoc.games"; + r_type = "SRV"; + value = "0 10 25518 bumblebee.skynet.ie"; + } ]; }; } From 8d94f0c965207663fe016c48dd57e9cd277a2e02 Mon Sep 17 00:00:00 2001 From: Eliza Macovei Date: Fri, 16 Feb 2024 11:00:16 +0000 Subject: [PATCH 272/826] Update file dns.nix --- config/dns.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/dns.nix b/config/dns.nix index 672032b..c6c66e7 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -53,9 +53,9 @@ value = "bumblebee"; } { - record = "_minecraft._tcp.minecraft.compsoc.games"; + record = "_minecraft._tcp"; r_type = "SRV"; - value = "0 10 25518 bumblebee.skynet.ie"; + value = "0 10 25518 minecraft.compsoc.games.skynet.ie"; } ]; }; From 5ced7f4fe4ad9e501df0e283534ebf22e5a9d123 Mon Sep 17 00:00:00 2001 From: Eliza Macovei Date: Fri, 16 Feb 2024 12:27:47 +0000 Subject: [PATCH 273/826] Update file dns.nix --- config/dns.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/dns.nix b/config/dns.nix index c6c66e7..4b1b050 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -53,7 +53,7 @@ value = "bumblebee"; } { - record = "_minecraft._tcp"; + record = "_minecraft._tcp.minecraft.compsoc.games"; r_type = "SRV"; value = "0 10 25518 minecraft.compsoc.games.skynet.ie"; } From a0bb8b479e96582e5c49548faa928f6fdd93a19b Mon Sep 17 00:00:00 2001 From: Eliza Macovei Date: Fri, 16 Feb 2024 12:33:26 +0000 Subject: [PATCH 274/826] Update file dns.nix --- config/dns.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/dns.nix b/config/dns.nix index 4b1b050..fc6de78 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -55,7 +55,7 @@ { record = "_minecraft._tcp.minecraft.compsoc.games"; r_type = "SRV"; - value = "0 10 25518 minecraft.compsoc.games.skynet.ie"; + value = "0 10 25518 minecraft.compsoc.games"; } ]; }; From 9932efe593a7096cb386b69ce00488e744fcac32 Mon Sep 17 00:00:00 2001 From: Eliza Macovei Date: Fri, 16 Feb 2024 12:40:43 +0000 Subject: [PATCH 275/826] Update Minecraft server DNS entry --- config/dns.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/dns.nix b/config/dns.nix index fc6de78..59e1396 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -53,9 +53,9 @@ value = "bumblebee"; } { - record = "_minecraft._tcp.minecraft.compsoc.games"; + record = "_minecraft._tcp"; r_type = "SRV"; - value = "0 10 25518 minecraft.compsoc.games"; + value = "0 10 25518 minecraft.compsoc.games.skynet.ie."; } ]; }; From 93211d09cc331c86b85417c173266f2bf0a032b6 Mon Sep 17 00:00:00 2001 From: Eliza Macovei Date: Fri, 16 Feb 2024 12:59:51 +0000 Subject: [PATCH 276/826] Update dns.nix --- config/dns.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/dns.nix b/config/dns.nix index 59e1396..a77e37d 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -53,7 +53,7 @@ value = "bumblebee"; } { - record = "_minecraft._tcp"; + record = "_minecraft._tcp.minecraft.compsoc.games"; r_type = "SRV"; value = "0 10 25518 minecraft.compsoc.games.skynet.ie."; } From 5aca8874b34674a6f3d8a085d475a50018967171 Mon Sep 17 00:00:00 2001 From: Eliza Macovei Date: Fri, 16 Feb 2024 13:12:32 +0000 Subject: [PATCH 277/826] Update Minecraft server DNS entry --- config/dns.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/dns.nix b/config/dns.nix index a77e37d..991f058 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -53,7 +53,7 @@ value = "bumblebee"; } { - record = "_minecraft._tcp.minecraft.compsoc.games"; + record = "_minecraft._tcp.minecraft.compsoc.games.skynet.ie."; r_type = "SRV"; value = "0 10 25518 minecraft.compsoc.games.skynet.ie."; } From 138fd31a6e200657c31affef7f8a73aeadfd806a Mon Sep 17 00:00:00 2001 From: Eliza Macovei Date: Fri, 16 Feb 2024 15:05:29 +0000 Subject: [PATCH 278/826] Update file dns.nix --- applications/dns.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/dns.nix b/applications/dns.nix index b912991..2937d60 100644 --- a/applications/dns.nix +++ b/applications/dns.nix @@ -96,7 +96,7 @@ ; ------------------------------------------ ; SRV ; ------------------------------------------ - ${format_records sort_records_srv 31} + ${format_records sort_records_srv 65} '' From 98886d724db619d7205a5f894e568778092ac81b Mon Sep 17 00:00:00 2001 From: runner_nix Date: Fri, 16 Feb 2024 16:49:24 +0000 Subject: [PATCH 279/826] [skip ci] Updated flake for skynet_website_games --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 1f6cae6..7056573 100644 --- a/flake.lock +++ b/flake.lock @@ -750,11 +750,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1696129767, - "narHash": "sha256-cO9zQNOQKHcaepetJEmWTEM0DJLm+NLvAUpR05TEoqQ=", + "lastModified": 1708102137, + "narHash": "sha256-wRk2EevqffobmJr4E8jdasA3CxCDMzNLz6QFu0QlG/I=", "owner": "compsoc1%2Fskynet", "repo": "website%2Fgames.skynet.ie", - "rev": "d5b6a87df665c1ac0cb7ec39acc088a3de703c60", + "rev": "9d4f68463ede0764fb1d32e43716e8e7b9edcaf0", "type": "gitlab" }, "original": { From b526150547e5d960171a304c7c1409fd9ecdf7a3 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Fri, 16 Feb 2024 17:04:36 +0000 Subject: [PATCH 280/826] [skip ci] Updated flake for skynet_website_games --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 7056573..1f6cae6 100644 --- a/flake.lock +++ b/flake.lock @@ -750,11 +750,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1708102137, - "narHash": "sha256-wRk2EevqffobmJr4E8jdasA3CxCDMzNLz6QFu0QlG/I=", + "lastModified": 1696129767, + "narHash": "sha256-cO9zQNOQKHcaepetJEmWTEM0DJLm+NLvAUpR05TEoqQ=", "owner": "compsoc1%2Fskynet", "repo": "website%2Fgames.skynet.ie", - "rev": "9d4f68463ede0764fb1d32e43716e8e7b9edcaf0", + "rev": "d5b6a87df665c1ac0cb7ec39acc088a3de703c60", "type": "gitlab" }, "original": { From ec254fd6fecd0b6193489b91a98dfb12f470f53d Mon Sep 17 00:00:00 2001 From: runner_nix Date: Fri, 16 Feb 2024 17:16:57 +0000 Subject: [PATCH 281/826] [skip ci] Updated flake for skynet_website_games --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 1f6cae6..c74a04a 100644 --- a/flake.lock +++ b/flake.lock @@ -750,11 +750,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1696129767, - "narHash": "sha256-cO9zQNOQKHcaepetJEmWTEM0DJLm+NLvAUpR05TEoqQ=", + "lastModified": 1708103254, + "narHash": "sha256-/1ElBw+oc1dzwgr7VVLkQFRITteckH1IwbZpgpz8Qvg=", "owner": "compsoc1%2Fskynet", "repo": "website%2Fgames.skynet.ie", - "rev": "d5b6a87df665c1ac0cb7ec39acc088a3de703c60", + "rev": "f43a01ef62494cef3e7f1e86d8169867e2df136b", "type": "gitlab" }, "original": { From fa7cbd420e61ecce5a8b3ef6a57d6857d1b1e6bb Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sun, 18 Feb 2024 01:53:26 +0000 Subject: [PATCH 282/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index c74a04a..42cd4b4 100644 --- a/flake.lock +++ b/flake.lock @@ -666,11 +666,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1704885928, - "narHash": "sha256-HMe/o7/MAkyr3duMf1a52inOtJSJozH22b94w7TM9VY=", + "lastModified": 1708220771, + "narHash": "sha256-xjuu0FkheoEV5yShGMqtj+FjjwhnpiZvUeegjRTOvbM=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Fbackend", - "rev": "96f86985eec772a835e7867852ee6452fd9548b6", + "rev": "100b0d6552e4b4f9fd7e61bdd41b9d1402c41b51", "type": "gitlab" }, "original": { From cde7f37455fa4762e72e1f3c8827cbdeb98193c2 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sun, 18 Feb 2024 14:35:33 +0000 Subject: [PATCH 283/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 42cd4b4..23e7a38 100644 --- a/flake.lock +++ b/flake.lock @@ -666,11 +666,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1708220771, - "narHash": "sha256-xjuu0FkheoEV5yShGMqtj+FjjwhnpiZvUeegjRTOvbM=", + "lastModified": 1708266543, + "narHash": "sha256-mP9e2OYSWpE6LN6UzawrWMOcV0VxCd4WbNAjfuVzeEg=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Fbackend", - "rev": "100b0d6552e4b4f9fd7e61bdd41b9d1402c41b51", + "rev": "7576b954bb60b978722776b87dafb4b57f59bebe", "type": "gitlab" }, "original": { From 19d94808edadb7fff3fd1b162cf58877182952e7 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 18 Feb 2024 14:52:34 +0000 Subject: [PATCH 284/826] fix: cors is now being handled by the backend --- applications/ldap/backend.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/applications/ldap/backend.nix b/applications/ldap/backend.nix index 3903198..929404e 100644 --- a/applications/ldap/backend.nix +++ b/applications/ldap/backend.nix @@ -72,9 +72,6 @@ in { forceSSL = true; useACMEHost = "skynet"; locations."/".proxyPass = "http://localhost:${port_backend}"; - extraConfig = '' - add_header Access-Control-Allow-Origin "*"; - ''; }; services.skynet_ldap_backend = { From b6ecd5255d1fb6eacf54bccf55dfa98ea1bde129 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sun, 18 Feb 2024 17:29:51 +0000 Subject: [PATCH 285/826] [skip ci] Updated flake for skynet_ldap_frontend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 23e7a38..379bcbd 100644 --- a/flake.lock +++ b/flake.lock @@ -687,11 +687,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1704103861, - "narHash": "sha256-zVIClIEVaZFW2E0cs+sYe5A584dQB94H4nKuf0q+SMw=", + "lastModified": 1708277300, + "narHash": "sha256-Y8wKzGJQ69w375faAYGukvuTFez6YGeV+w4TOD4XosA=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Ffrontend", - "rev": "d3b4c822b9782b5c072269d18844ec6461c0fe86", + "rev": "36c5e5bbae7adcc404bec6d643cae5fd8a6c87bb", "type": "gitlab" }, "original": { From d3e635f2c118f73fa3e6da5a3c4d5389ee382e8d Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 21 Feb 2024 19:54:06 +0000 Subject: [PATCH 286/826] committee: Leo resigned from committee --- config/users.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/config/users.nix b/config/users.nix index c6e4f3c..0e5d042 100644 --- a/config/users.nix +++ b/config/users.nix @@ -40,7 +40,6 @@ in { config.skynet = { users = { committee = [ - "leo" "silver" "eoghanconlon73" "sidhiel" From 22cb1bcbd456a0b247d0836df32db9471ee3c10a Mon Sep 17 00:00:00 2001 From: runner_nix Date: Tue, 27 Feb 2024 14:22:03 +0000 Subject: [PATCH 287/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 379bcbd..dd932cd 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1707595535, - "narHash": "sha256-L2NOgjl3aJcHk5vcQOzqJQAk6HBHsizgcWRJJf3BvPw=", + "lastModified": 1709043592, + "narHash": "sha256-lQ4/Cx2fBsySHoQ+rEkCcFEL7XrbOFsoiibb/BCRYhE=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations%2Fpresentations", - "rev": "2c15b65dbf92719e207aa27493036b434f6bd9b8", + "rev": "54b62b4e69253314e6de04bc3d778b56c66ed178", "type": "gitlab" }, "original": { From e77d9e51e8428ced8e6aa5514b3bf865e88f5ce0 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Tue, 27 Feb 2024 15:38:56 +0000 Subject: [PATCH 288/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index dd932cd..fd58969 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1709043592, - "narHash": "sha256-lQ4/Cx2fBsySHoQ+rEkCcFEL7XrbOFsoiibb/BCRYhE=", + "lastModified": 1709048289, + "narHash": "sha256-5EEMRcmKA/e3l/CSLlaIGxedPSfyptXBG03rScjWHHY=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations%2Fpresentations", - "rev": "54b62b4e69253314e6de04bc3d778b56c66ed178", + "rev": "52adfa26f7d61eb75da83d08bfda7c90c96f53f3", "type": "gitlab" }, "original": { From 2fcf1f19d8b871b073cb33536709fcaed1385a69 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Tue, 27 Feb 2024 17:32:15 +0000 Subject: [PATCH 289/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index fd58969..ad1993e 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1709048289, - "narHash": "sha256-5EEMRcmKA/e3l/CSLlaIGxedPSfyptXBG03rScjWHHY=", + "lastModified": 1709055104, + "narHash": "sha256-6LdIy+xaHJ7bmQIMmoOOiNIKU66zc9gJe03VPv//l0E=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations%2Fpresentations", - "rev": "52adfa26f7d61eb75da83d08bfda7c90c96f53f3", + "rev": "d00717b11981de22518d98e9a2810402ede39905", "type": "gitlab" }, "original": { From 34156ba71fba0c4536e943b06d4fba155d1b0f0f Mon Sep 17 00:00:00 2001 From: runner_nix Date: Tue, 27 Feb 2024 17:49:17 +0000 Subject: [PATCH 290/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index ad1993e..c0836bd 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1709055104, - "narHash": "sha256-6LdIy+xaHJ7bmQIMmoOOiNIKU66zc9gJe03VPv//l0E=", + "lastModified": 1709056119, + "narHash": "sha256-bJgPGusHddUcLXn9JGvlY9mjvvX/eO8ggmOAChZ2aD4=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations%2Fpresentations", - "rev": "d00717b11981de22518d98e9a2810402ede39905", + "rev": "c56aeb611ce18b9e07bca0ebb3ed46e57447b7fe", "type": "gitlab" }, "original": { From d971c2e855ab866daee1c6a61e21a8cb68d70d9d Mon Sep 17 00:00:00 2001 From: runner_nix Date: Tue, 27 Feb 2024 18:05:08 +0000 Subject: [PATCH 291/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index c0836bd..d04c5a6 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1709056119, - "narHash": "sha256-bJgPGusHddUcLXn9JGvlY9mjvvX/eO8ggmOAChZ2aD4=", + "lastModified": 1709056952, + "narHash": "sha256-scoN39mUeCNZ9XNKJb4ITH8gCSn5OZ6QRctrw6zGw2Y=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations%2Fpresentations", - "rev": "c56aeb611ce18b9e07bca0ebb3ed46e57447b7fe", + "rev": "20848e361eaaca45c34d7dd6ea8684db53cbb296", "type": "gitlab" }, "original": { From 90ac5f41ef89f90d51e721366e9218b4e6f18e1e Mon Sep 17 00:00:00 2001 From: runner_nix Date: Tue, 27 Feb 2024 18:17:42 +0000 Subject: [PATCH 292/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index d04c5a6..fcc2833 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1709056952, - "narHash": "sha256-scoN39mUeCNZ9XNKJb4ITH8gCSn5OZ6QRctrw6zGw2Y=", + "lastModified": 1709057212, + "narHash": "sha256-02POtf0AvuTCb/LpyFHm0kmjDtIVAEASRol2O/BLuvQ=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations%2Fpresentations", - "rev": "20848e361eaaca45c34d7dd6ea8684db53cbb296", + "rev": "cd3d0bbc8ed81ba89f41671dada0d2c39ea60103", "type": "gitlab" }, "original": { From 4314d00322d4c37216accf53c7d63cd3571ab9c6 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Tue, 27 Feb 2024 18:30:51 +0000 Subject: [PATCH 293/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index fcc2833..bcbe490 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1709057212, - "narHash": "sha256-02POtf0AvuTCb/LpyFHm0kmjDtIVAEASRol2O/BLuvQ=", + "lastModified": 1709058068, + "narHash": "sha256-dXLty1IueFg4DsBrTsdJVx3Yoggb4Il/pJqqm+mYUGA=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations%2Fpresentations", - "rev": "cd3d0bbc8ed81ba89f41671dada0d2c39ea60103", + "rev": "0aad348a1fe25564564840d8e15c8ec3284aa659", "type": "gitlab" }, "original": { From 44f123289fb6e44e2d0b96197d243fd064057af8 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Tue, 27 Feb 2024 19:11:09 +0000 Subject: [PATCH 294/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index bcbe490..7fce941 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1709058068, - "narHash": "sha256-dXLty1IueFg4DsBrTsdJVx3Yoggb4Il/pJqqm+mYUGA=", + "lastModified": 1709060998, + "narHash": "sha256-0VGnRftMl8Iu7ffKRdYNlSqxlU9HSUw6g6xIZ9kIEoA=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations%2Fpresentations", - "rev": "0aad348a1fe25564564840d8e15c8ec3284aa659", + "rev": "b78de3eeabbd20d99f9e3b03672bd9509c4c4f6c", "type": "gitlab" }, "original": { From a42ac52f9d5341af05fe91166f878985e7fcbab0 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 28 Feb 2024 09:10:57 +0000 Subject: [PATCH 295/826] feat: add php to the skynet users server --- applications/skynet_users.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/applications/skynet_users.nix b/applications/skynet_users.nix index cc0fd22..a364361 100644 --- a/applications/skynet_users.nix +++ b/applications/skynet_users.nix @@ -55,7 +55,10 @@ in { } ]; - environment.systemPackages = [pkgs.vim]; + environment.systemPackages = with pkgs; [ + vim + php + ]; networking = { defaultGateway = { From 90d8a105f7fc9a19968c96112af9a304c7e2d69f Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 28 Feb 2024 14:12:05 +0000 Subject: [PATCH 296/826] feat: backup client will now only run if there are items to backup. Closes #54 --- applications/dns.nix | 2 + applications/restic.nix | 85 ++++++++++++++++++++++------------------- 2 files changed, 47 insertions(+), 40 deletions(-) diff --git a/applications/dns.nix b/applications/dns.nix index 2937d60..6b7bc6b 100644 --- a/applications/dns.nix +++ b/applications/dns.nix @@ -343,6 +343,8 @@ in { }; config = lib.mkIf cfg.server.enable { + # services.skynet_backup.normal.backups = ["/etc/skynet/dns"]; + # open the firewall for this skynet_firewall.forward = [ "ip daddr ${cfg.server.ip} tcp dport 53 counter packets 0 bytes 0 accept" diff --git a/applications/restic.nix b/applications/restic.nix index 4ccf611..4d6a277 100644 --- a/applications/restic.nix +++ b/applications/restic.nix @@ -9,6 +9,8 @@ with lib; let cfg = config.services.skynet_backup; + enable_client = cfg.normal.backups != null && cfg.normal.backups != []; + # since they should all have the same config we can do this base = { paths = cfg.normal.backups; @@ -150,49 +152,52 @@ in { }; }; - config = { - # these values are anabled for every client + config = + { + # these values are anabled for every client + environment.systemPackages = with pkgs; [ + restic + ]; + } + // mkIf cfg.server.enable { + networking.firewall.allowedTCPPorts = [ + cfg.server.port + ]; - environment.systemPackages = [ - # for flakes - pkgs.restic - ]; - - # A list of all login accounts. To create the password hashes, use - # nix-shell -p apacheHttpd - # htpasswd -nbB "" "password" | cut -d: -f2 - - age.secrets.restic.file = ../secrets/backup/restic.age; - - networking.firewall.allowedTCPPorts = [ - cfg.server.port - ]; - - services.restic.backups = - ownServers - // { - # merge teh two configs together - # backblaze = base // { - # # backupos for each server are stored in a folder under their name - # repository = "b2:NixOS-Main2:/${cfg.host.name}"; - # #environmentFile = config.age.secrets.backblaze.path; - # }; + age.secrets.restic_pw = { + file = ../secrets/backup/restic_pw.age; + path = "${config.services.restic.server.dataDir}/.htpasswd"; + symlink = false; + mode = "770"; + owner = "restic"; + group = "restic"; }; - age.secrets.restic_pw = mkIf cfg.server.enable { - file = ../secrets/backup/restic_pw.age; - path = "${config.services.restic.server.dataDir}/.htpasswd"; - symlink = false; - mode = "770"; - owner = "restic"; - group = "restic"; - }; + services.restic.server = { + enable = true; + listenAddress = "${cfg.host.ip}:${toString cfg.server.port}"; + appendOnly = cfg.server.appendOnly; + privateRepos = true; + }; + } + // mkIf enable_client { + # client stuff here - services.restic.server = mkIf cfg.server.enable { - enable = true; - listenAddress = "${cfg.host.ip}:${toString cfg.server.port}"; - appendOnly = cfg.server.appendOnly; - privateRepos = true; + # A list of all login accounts. To create the password hashes, use + # nix-shell -p apacheHttpd + # htpasswd -nbB "" "password" | cut -d: -f2 + + age.secrets.restic.file = ../secrets/backup/restic.age; + + services.restic.backups = + ownServers + // { + # merge teh two configs together + # backblaze = base // { + # # backupos for each server are stored in a folder under their name + # repository = "b2:NixOS-Main2:/${cfg.host.name}"; + # #environmentFile = config.age.secrets.backblaze.path; + # }; + }; }; - }; } From 7031b495999d1d592f3d69b1a99ef2e08eb6db5b Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sat, 2 Mar 2024 21:59:34 +0000 Subject: [PATCH 297/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 7fce941..38ed508 100644 --- a/flake.lock +++ b/flake.lock @@ -644,11 +644,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1704215184, - "narHash": "sha256-hbRTHQROAMVhZtjKfH6em1ckYqbWr5irXK58WnuSzVg=", + "lastModified": 1709415943, + "narHash": "sha256-hIiTckJr2Hp9FZ3rDySDW4uFdQrotrDxoUI9bi1VlgA=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "9dafba03b595b6aff68149e90ea82bcce3dfcdc2", + "rev": "480fc9b1a0fad81a68d774ac477985f98fd22315", "type": "gitlab" }, "original": { From 1790a12360b92ffada0fbeda229694ac9ac58c61 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 3 Mar 2024 12:48:48 +0000 Subject: [PATCH 298/826] [skip ci] feat: added the minecraft server key for the discord bot The key is tied to kitt --- secrets/discord/token.age | Bin 775 -> 867 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/secrets/discord/token.age b/secrets/discord/token.age index f50b0f761e4a09ece5ab3187a808a7afddb00a7d..c4969af77fa4ba8c503cb983ff0f250c10a3de5b 100644 GIT binary patch delta 779 zcmZo?d(1XLr{2;yz&x`!F(TNYG^sQt$V}h4%*8V(-y}3Lq`V;1*U%^`J-pb}*fr3_ zgv-6iIkGCsveGm>)yc!MxWqX#JuSR4Jlw~*DA~vp}06h zH#Nn`)YQ;Y!6cw6DnDHz#L^?ntI#YYG}*~S+s7y?-A%v3$Sg8AD7erp)w9STE8E9A zJrz}O^J4D;XE7vf4 z;z#jtH}gm%7VOtX?aALlAhmnh3h{anu?_sT%7@-z#l zMDq+!?_}S~#L95LY*(WU_oUopx2!5BuME$CwBYoVl#nQQ?+BC0@r>f(c|qBES%rrF z7QsGcsUAsYsfjs7=GuuVm7WEGSvN^L>Q$z z8m1YV7)JOPl=+zjr>2CZMtT}&<~TZXRXP@C_*6w%1Q@yadmESN8#rg0lvk9N8V5%D zN0b=`mlkGv1tu3c1)C*-R$Di{C^fM-RUwbdBRf3Ot)wtC+ezEa%+n__+0Z33 zJ*Ym+Jis!?$iU1@KfNkDvOKsX(lk&zg-cggS0TV4ASK5u+pVO^Im#)|%`w8a*sQXu z%qT0&BQmVQ)ZEC^Gd(BGuPRMDlqSXNS&|sCjR_;sK#inyv z=f#=4w*GiNt6$qkRrv>370+Sj^f(CHfwPL6xQ@ z##R2QCIM0IW&tJHL17_9p4#D+mO+_`j+TW^5mkkWAr*mK-Ug-VB~=#bK^Z|NMt&aY z9vP*^KIvK7X^DPO$)%NrWf@7~8KFjw7UrIl&oYYF`-OOvCr2hmI3|1grib|jmHD{) znk9Nvl^Pp4x_jvBYZq#l`Bj*Cc{urUh545Gg@hEkgj#DAXE}v}VxZE|E!12$y(l%YIF(D=%q_VzLO(UovDB}~%+o#4%{hrn zSGQhQA-FKCG^O0R$|5(}EypZBw74k9DBIjLH9xB&AT2S_#8^8dGO5%($FskZEmbKO&=lpbpWwP?jc^Xd`_HQraSR`{U$EPT8uM4v^*W_E>_ug*w z6p8Ix`s8 Date: Sun, 3 Mar 2024 15:15:04 +0000 Subject: [PATCH 299/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 38ed508..9452c85 100644 --- a/flake.lock +++ b/flake.lock @@ -644,11 +644,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1709415943, - "narHash": "sha256-hIiTckJr2Hp9FZ3rDySDW4uFdQrotrDxoUI9bi1VlgA=", + "lastModified": 1709478342, + "narHash": "sha256-0b6Kx1q+dWWaX2SslfbQvnQd0l386m7f6oaU2slOrmY=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "480fc9b1a0fad81a68d774ac477985f98fd22315", + "rev": "bd74cdd09b189cc8a9abe008fcd915ddd0625d45", "type": "gitlab" }, "original": { From 7b3b3b290c36b90888cd555b498eb80f33b152de Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sun, 3 Mar 2024 16:55:26 +0000 Subject: [PATCH 300/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 9452c85..0400008 100644 --- a/flake.lock +++ b/flake.lock @@ -644,11 +644,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1709478342, - "narHash": "sha256-0b6Kx1q+dWWaX2SslfbQvnQd0l386m7f6oaU2slOrmY=", + "lastModified": 1709484413, + "narHash": "sha256-dBdkzxcFBBAB49gC9UAuy3++hVu4dBVb2/e6Qgjvxmc=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "bd74cdd09b189cc8a9abe008fcd915ddd0625d45", + "rev": "bbd55202bd9740c579c80be30ce7bb4a7b770486", "type": "gitlab" }, "original": { From ac721c254068d31d712d22e85f79b70751a36901 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 4 Mar 2024 22:53:46 +0000 Subject: [PATCH 301/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 0400008..251a756 100644 --- a/flake.lock +++ b/flake.lock @@ -644,11 +644,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1709484413, - "narHash": "sha256-dBdkzxcFBBAB49gC9UAuy3++hVu4dBVb2/e6Qgjvxmc=", + "lastModified": 1709592232, + "narHash": "sha256-MLk2UhjbLGddzvDcfRw7uJjcpbuwDijVxs/E3qzRYg8=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "bbd55202bd9740c579c80be30ce7bb4a7b770486", + "rev": "7e6d892b67440d161f4d94ad3cd589fd79da90ea", "type": "gitlab" }, "original": { From 04a0a21ac7f1f32bb218bf1ca9cd66eedc68172a Mon Sep 17 00:00:00 2001 From: runner_nix Date: Tue, 5 Mar 2024 20:11:57 +0000 Subject: [PATCH 302/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 251a756..d1baf31 100644 --- a/flake.lock +++ b/flake.lock @@ -644,11 +644,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1709592232, - "narHash": "sha256-MLk2UhjbLGddzvDcfRw7uJjcpbuwDijVxs/E3qzRYg8=", + "lastModified": 1709668538, + "narHash": "sha256-VMlqzxm10Vtx56eeIVxZRknAduhA/OvbwgHPB1xIMgs=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "7e6d892b67440d161f4d94ad3cd589fd79da90ea", + "rev": "cf2c7683d2319bb0d885b986521b03315ada4154", "type": "gitlab" }, "original": { From 54ef36023ae7db7e555aaa350e26a06453627921 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 7 Mar 2024 11:20:09 +0000 Subject: [PATCH 303/826] committee: new HSO --- config/users.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/config/users.nix b/config/users.nix index 0e5d042..430ec09 100644 --- a/config/users.nix +++ b/config/users.nix @@ -49,6 +49,7 @@ in { "nanda" "sourabh1805" "kronsy" + "skyapples" ]; admin = [ "silver" From 4575aabcb298795f11ed79dad8dcef8653813b32 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 11 Mar 2024 20:51:27 +0000 Subject: [PATCH 304/826] [skip ci] feat: added field to enable clubs/socs --- config/users.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/users.nix b/config/users.nix index 430ec09..d515325 100644 --- a/config/users.nix +++ b/config/users.nix @@ -64,6 +64,9 @@ in { ]; lifetime = []; banned = []; + + clubs_societies = []; + restricted = [ # usernames folks arent allowed to use From 9a4ea6b9fbe84c0fe35679aa4063b8ad9e77134f Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 11 Mar 2024 21:37:36 +0000 Subject: [PATCH 305/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index d1baf31..e3a9508 100644 --- a/flake.lock +++ b/flake.lock @@ -666,11 +666,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1708266543, - "narHash": "sha256-mP9e2OYSWpE6LN6UzawrWMOcV0VxCd4WbNAjfuVzeEg=", + "lastModified": 1710192627, + "narHash": "sha256-F8VVDw45+D+m+NyzokibvZ+vg1BpYGdR1kaT1doDVXk=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Fbackend", - "rev": "7576b954bb60b978722776b87dafb4b57f59bebe", + "rev": "c85bd979675fc4fbb672b0ce637c7dcb85f1b020", "type": "gitlab" }, "original": { From f0661ba00f02b6f841b4977055a855207662c02d Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 11 Mar 2024 22:06:10 +0000 Subject: [PATCH 306/826] fix: had forgotten to add the field ehre --- config/users.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/config/users.nix b/config/users.nix index d515325..d7da397 100644 --- a/config/users.nix +++ b/config/users.nix @@ -34,6 +34,11 @@ in { default = []; description = "array of restricted user accounts"; }; + clubs_societies = mkOption rec { + type = types.listOf types.str; + default = []; + description = "array of accounts for Clubs and Societies"; + }; }; }; From 1197c50962ada871ef24c27994288dfa7c5103c1 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 11 Mar 2024 22:09:04 +0000 Subject: [PATCH 307/826] fix: danm formatting --- config/users.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/users.nix b/config/users.nix index d7da397..11e7278 100644 --- a/config/users.nix +++ b/config/users.nix @@ -35,8 +35,8 @@ in { description = "array of restricted user accounts"; }; clubs_societies = mkOption rec { - type = types.listOf types.str; - default = []; + type = types.listOf types.str; + default = []; description = "array of accounts for Clubs and Societies"; }; }; From 7e2abcae5b930bd7d3620ee4c6401e5ea234b0c2 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 11 Mar 2024 22:30:48 +0000 Subject: [PATCH 308/826] feat: enabled out in UL as a soc on wolves --- config/users.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/config/users.nix b/config/users.nix index 11e7278..4367ded 100644 --- a/config/users.nix +++ b/config/users.nix @@ -70,7 +70,9 @@ in { lifetime = []; banned = []; - clubs_societies = []; + clubs_societies = [ + "outinul" + ]; restricted = [ From 106485a754c3e37a4f625e4d3e9a3912feec2d39 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 11 Mar 2024 22:49:14 +0000 Subject: [PATCH 309/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index e3a9508..d3e0587 100644 --- a/flake.lock +++ b/flake.lock @@ -666,11 +666,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1710192627, - "narHash": "sha256-F8VVDw45+D+m+NyzokibvZ+vg1BpYGdR1kaT1doDVXk=", + "lastModified": 1710196578, + "narHash": "sha256-WCqAdEeMUgEQmBR5QzARGlM+Ae6L7OdgzpZrDJdK1NQ=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Fbackend", - "rev": "c85bd979675fc4fbb672b0ce637c7dcb85f1b020", + "rev": "44acc7378d1859e0d0d4327697e0c13350602f30", "type": "gitlab" }, "original": { From da721924e45e21914f7bc8429aee2d22550bb7a8 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 12 Mar 2024 15:30:53 +0000 Subject: [PATCH 310/826] soc: enable games dev --- config/users.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/config/users.nix b/config/users.nix index 4367ded..3f4fd28 100644 --- a/config/users.nix +++ b/config/users.nix @@ -72,6 +72,7 @@ in { clubs_societies = [ "outinul" + "gamesdev" ]; restricted = From b34300968286eaa074db8a5edb6421d92576d9d2 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Thu, 28 Mar 2024 12:48:58 +0000 Subject: [PATCH 311/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index d3e0587..36c4a91 100644 --- a/flake.lock +++ b/flake.lock @@ -666,11 +666,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1710196578, - "narHash": "sha256-WCqAdEeMUgEQmBR5QzARGlM+Ae6L7OdgzpZrDJdK1NQ=", + "lastModified": 1711629668, + "narHash": "sha256-ZLnOj4YczToeIZ5k+E2qyfAa430urUnHmGC23cmQtqo=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Fbackend", - "rev": "44acc7378d1859e0d0d4327697e0c13350602f30", + "rev": "c1b42a81320a7091e200e966354cf2c839c9f08e", "type": "gitlab" }, "original": { From 57a16a2c8f9bec5faf6f1d7cfc012684212b5550 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Thu, 28 Mar 2024 13:19:42 +0000 Subject: [PATCH 312/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 36c4a91..aa9dacc 100644 --- a/flake.lock +++ b/flake.lock @@ -644,11 +644,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1709668538, - "narHash": "sha256-VMlqzxm10Vtx56eeIVxZRknAduhA/OvbwgHPB1xIMgs=", + "lastModified": 1711630308, + "narHash": "sha256-5MW4i4TVkJbpwGrzFrjci3xhdWLCUUrM7DSlQmKXA+s=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "cf2c7683d2319bb0d885b986521b03315ada4154", + "rev": "3d925fcffff22ecaf30bcc2cd0d01773d1480b04", "type": "gitlab" }, "original": { From 7cd4f9288b10a11277ba8d2c00aeda76441247ed Mon Sep 17 00:00:00 2001 From: runner_nix Date: Tue, 2 Apr 2024 05:14:50 +0000 Subject: [PATCH 313/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index aa9dacc..27ef67c 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1709060998, - "narHash": "sha256-0VGnRftMl8Iu7ffKRdYNlSqxlU9HSUw6g6xIZ9kIEoA=", + "lastModified": 1712034846, + "narHash": "sha256-Ph3ojOz6CMP7wZ4ydVhx64UggMTcWBoVhYZ8yHLMFqE=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations%2Fpresentations", - "rev": "b78de3eeabbd20d99f9e3b03672bd9509c4c4f6c", + "rev": "ed866b74e3ed0d5213d46895158d89f43417f3fe", "type": "gitlab" }, "original": { From 05ab8b023808c17a14035b2974d5515ed9d96fe4 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Tue, 2 Apr 2024 22:40:27 +0000 Subject: [PATCH 314/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 27ef67c..f4edb27 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1712034846, - "narHash": "sha256-Ph3ojOz6CMP7wZ4ydVhx64UggMTcWBoVhYZ8yHLMFqE=", + "lastModified": 1712097585, + "narHash": "sha256-lrCe4Z6569yA8XoX4eMcDyAjfA/SgNrH4qVvxJzwLfk=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations%2Fpresentations", - "rev": "ed866b74e3ed0d5213d46895158d89f43417f3fe", + "rev": "ceb346fe8e8dfc553fff520de7864e96236e887a", "type": "gitlab" }, "original": { From 25f687cacf126f26dd087052a3f1b0b7da4cfafb Mon Sep 17 00:00:00 2001 From: runner_nix Date: Wed, 3 Apr 2024 07:18:59 +0000 Subject: [PATCH 315/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index f4edb27..3d6bf2d 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1712097585, - "narHash": "sha256-lrCe4Z6569yA8XoX4eMcDyAjfA/SgNrH4qVvxJzwLfk=", + "lastModified": 1712128630, + "narHash": "sha256-/7KFOUlxd/pT8g7LHeerF7prg/m1AbRoH2n5zd+0b6g=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations%2Fpresentations", - "rev": "ceb346fe8e8dfc553fff520de7864e96236e887a", + "rev": "5494271d84e3398831fc530f4f556cc9c442baaf", "type": "gitlab" }, "original": { From d73be0c8d3f7bda0d60fcaf709b105ff8a9341fc Mon Sep 17 00:00:00 2001 From: runner_nix Date: Wed, 3 Apr 2024 07:31:44 +0000 Subject: [PATCH 316/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 3d6bf2d..7d453da 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1712128630, - "narHash": "sha256-/7KFOUlxd/pT8g7LHeerF7prg/m1AbRoH2n5zd+0b6g=", + "lastModified": 1712128733, + "narHash": "sha256-fZr9QOimJLbpsSm8fiXt+sPNl8QJ/SOn0pzC9ytxL9w=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations%2Fpresentations", - "rev": "5494271d84e3398831fc530f4f556cc9c442baaf", + "rev": "2e8b22f8254dcd4e9c23455754ac30a1d8f7b584", "type": "gitlab" }, "original": { From d48e68d3b3e1b80d2ff45fc085ef7c19b69e53ac Mon Sep 17 00:00:00 2001 From: runner_nix Date: Wed, 3 Apr 2024 09:14:15 +0000 Subject: [PATCH 317/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 7d453da..76c7917 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1712128733, - "narHash": "sha256-fZr9QOimJLbpsSm8fiXt+sPNl8QJ/SOn0pzC9ytxL9w=", + "lastModified": 1712135613, + "narHash": "sha256-Nejx9Fsylko46jcGBeT/gPesQOwZYjqW0oOLknNLip0=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations%2Fpresentations", - "rev": "2e8b22f8254dcd4e9c23455754ac30a1d8f7b584", + "rev": "3de4184a9c08a565541bdc3f6a7eab56a0436f46", "type": "gitlab" }, "original": { From b1d7c15a4d9ccb1b7c7f42c6afc0ed5d39695cce Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sat, 13 Apr 2024 22:14:57 +0000 Subject: [PATCH 318/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 76c7917..3ddfeb5 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1712135613, - "narHash": "sha256-Nejx9Fsylko46jcGBeT/gPesQOwZYjqW0oOLknNLip0=", + "lastModified": 1713045978, + "narHash": "sha256-lFhGC4/cebx+nJyIKJV9G/+ldCQnkvVFW3vAuhpQW1M=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations%2Fpresentations", - "rev": "3de4184a9c08a565541bdc3f6a7eab56a0436f46", + "rev": "55cdb7800727c25dbeeb6299f82d76acee5b3073", "type": "gitlab" }, "original": { From 2b09716c4d75de6e549e9768e435ff2f7541d2fb Mon Sep 17 00:00:00 2001 From: runner_nix Date: Wed, 17 Apr 2024 16:27:11 +0000 Subject: [PATCH 319/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 3ddfeb5..cdae9bd 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1713045978, - "narHash": "sha256-lFhGC4/cebx+nJyIKJV9G/+ldCQnkvVFW3vAuhpQW1M=", + "lastModified": 1713355612, + "narHash": "sha256-GXa8y/H4MtQSuuww6ioWhO1/gUjdw231tGCt5I/Dyi0=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations%2Fpresentations", - "rev": "55cdb7800727c25dbeeb6299f82d76acee5b3073", + "rev": "a4482cc61893a42e2698eb66563ce03043aa4ddc", "type": "gitlab" }, "original": { From a4c52ea87c0e2d8e06183059c2adfced6a2b475b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 20 Apr 2024 02:08:57 +0100 Subject: [PATCH 320/826] feat: use colmena repo --- flake.lock | 169 ++++++++++++++++++++++++++++++++++++++++------------- flake.nix | 4 +- 2 files changed, 130 insertions(+), 43 deletions(-) diff --git a/flake.lock b/flake.lock index cdae9bd..2b590d8 100644 --- a/flake.lock +++ b/flake.lock @@ -66,7 +66,7 @@ "bfom": { "inputs": { "naersk": "naersk", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "utils": "utils" }, "locked": { @@ -99,10 +99,31 @@ "type": "gitlab" } }, + "colmena": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_3", + "stable": "stable" + }, + "locked": { + "lastModified": 1711386353, + "narHash": "sha256-gWEpb8Hybnoqb4O4tmpohGZk6+aerAbJpywKcFIiMlg=", + "owner": "zhaofengli", + "repo": "colmena", + "rev": "cd65ef7a25cdc75052fbd04b120aeb066c3881db", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "colmena", + "type": "github" + } + }, "compsoc_public": { "inputs": { "bfom": "bfom", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "utils": "utils_2" }, "locked": { @@ -166,6 +187,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1668681692, @@ -203,6 +240,21 @@ } }, "flake-utils": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "inputs": { "systems": "systems_2" }, @@ -275,7 +327,7 @@ }, "naersk": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1652722411, @@ -293,7 +345,7 @@ }, "naersk_2": { "inputs": { - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1692351612, @@ -311,7 +363,7 @@ }, "naersk_3": { "inputs": { - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_10" }, "locked": { "lastModified": 1686572087, @@ -374,6 +426,20 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1687011986, + "narHash": "sha256-ZNSi/wBw12d7LO8YcZ4aehIlPp4lgSkKbrHaoF80IKI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2c09e8eb8717e240ef9c5727c1cc9186db9fb309", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1686921029, "narHash": "sha256-J1bX9plPCFhTSh6E3TWn9XSxggBh/zDD4xigyaIQBy8=", @@ -388,7 +454,7 @@ "type": "indirect" } }, - "nixpkgs_11": { + "nixpkgs_12": { "locked": { "lastModified": 1687274257, "narHash": "sha256-TutzPriQcZ8FghDhEolnHcYU2oHIG5XWF+/SUBNnAOE=", @@ -402,7 +468,7 @@ "type": "indirect" } }, - "nixpkgs_12": { + "nixpkgs_13": { "locked": { "lastModified": 1689935543, "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", @@ -416,7 +482,7 @@ "type": "indirect" } }, - "nixpkgs_13": { + "nixpkgs_14": { "locked": { "lastModified": 1690026219, "narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=", @@ -430,7 +496,7 @@ "type": "indirect" } }, - "nixpkgs_14": { + "nixpkgs_15": { "locked": { "lastModified": 1695978539, "narHash": "sha256-lta5HToBZMWZ2hl5CautNSUgIZViR41QxN7JKbMAjgQ=", @@ -444,7 +510,7 @@ "type": "indirect" } }, - "nixpkgs_15": { + "nixpkgs_16": { "locked": { "lastModified": 1695837737, "narHash": "sha256-KcqmJ5hNacLuE7fkz5586kp/vt4NLo6+Prq3DMgrxpQ=", @@ -476,16 +542,18 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1652840887, - "narHash": "sha256-gEK4NNa4GwIgTZE63kt/4WTFAWRTJVSa30+h4ZjFh9U=", + "lastModified": 1696019113, + "narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "52dc75a4fee3fdbcb792cb6fba009876b912bfe0", + "rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a", "type": "github" }, "original": { - "id": "nixpkgs", - "type": "indirect" + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs_4": { @@ -503,6 +571,20 @@ } }, "nixpkgs_5": { + "locked": { + "lastModified": 1652840887, + "narHash": "sha256-gEK4NNa4GwIgTZE63kt/4WTFAWRTJVSa30+h4ZjFh9U=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "52dc75a4fee3fdbcb792cb6fba009876b912bfe0", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_6": { "locked": { "lastModified": 1691371061, "narHash": "sha256-BxPbPVlBIoneaXIBiHd0LVzA+L4nmvFCNBU6TmQAiMM=", @@ -516,7 +598,7 @@ "type": "indirect" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1706913249, "narHash": "sha256-x3M7iV++CsvRXI1fpyFPduGELUckZEhSv0XWnUopAG8=", @@ -531,7 +613,7 @@ "type": "indirect" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1693060755, "narHash": "sha256-KNsbfqewEziFJEpPR0qvVz4rx0x6QXxw1CcunRhlFdk=", @@ -545,7 +627,7 @@ "type": "indirect" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1693087214, "narHash": "sha256-Kn1SSqRfPpqcI1MDy82JXrPT1WI8c03TA2F0xu6kS+4=", @@ -560,28 +642,15 @@ "type": "indirect" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1687011986, - "narHash": "sha256-ZNSi/wBw12d7LO8YcZ4aehIlPp4lgSkKbrHaoF80IKI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2c09e8eb8717e240ef9c5727c1cc9186db9fb309", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, "root": { "inputs": { "agenix": "agenix", "alejandra": "alejandra", "arion": "arion", + "colmena": "colmena", "compsoc_public": "compsoc_public", - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_6", + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_7", "simple-nixos-mailserver": "simple-nixos-mailserver", "skynet_discord_bot": "skynet_discord_bot", "skynet_ldap_backend": "skynet_ldap_backend", @@ -612,7 +681,7 @@ "simple-nixos-mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "nixpkgs": [ "nixpkgs" ], @@ -639,7 +708,7 @@ "skynet_discord_bot": { "inputs": { "naersk": "naersk_2", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_9", "utils": "utils_4" }, "locked": { @@ -661,7 +730,7 @@ "skynet_ldap_backend": { "inputs": { "naersk": "naersk_3", - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_11", "utils": "utils_5" }, "locked": { @@ -682,7 +751,7 @@ }, "skynet_ldap_frontend": { "inputs": { - "nixpkgs": "nixpkgs_11", + "nixpkgs": "nixpkgs_12", "utils": "utils_6" }, "locked": { @@ -703,7 +772,7 @@ }, "skynet_website": { "inputs": { - "nixpkgs": "nixpkgs_12", + "nixpkgs": "nixpkgs_13", "utils": "utils_7" }, "locked": { @@ -724,7 +793,7 @@ }, "skynet_website_2016": { "inputs": { - "nixpkgs": "nixpkgs_13", + "nixpkgs": "nixpkgs_14", "utils": "utils_8" }, "locked": { @@ -745,7 +814,7 @@ }, "skynet_website_games": { "inputs": { - "nixpkgs": "nixpkgs_14", + "nixpkgs": "nixpkgs_15", "utils": "utils_9" }, "locked": { @@ -766,7 +835,7 @@ }, "skynet_website_renew": { "inputs": { - "nixpkgs": "nixpkgs_15", + "nixpkgs": "nixpkgs_16", "utils": "utils_10" }, "locked": { @@ -785,6 +854,22 @@ "type": "gitlab" } }, + "stable": { + "locked": { + "lastModified": 1696039360, + "narHash": "sha256-g7nIUV4uq1TOVeVIDEZLb005suTWCUjSY0zYOlSBsyE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "32dcb45f66c0487e92db8303a798ebc548cadedc", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 66eb62f..a1cbad4 100644 --- a/flake.nix +++ b/flake.nix @@ -15,6 +15,7 @@ url = "github:kamadorueda/alejandra/3.0.0"; inputs.nixpkgs.follows = "nixpkgs"; }; + colmena.url = "github:zhaofengli/colmena"; # email # simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; @@ -84,6 +85,7 @@ nixpkgs, agenix, alejandra, + colmena, ... } @ inputs: let pkgs = nixpkgs.legacyPackages.x86_64-linux.pkgs; @@ -94,7 +96,7 @@ name = "Skynet build env"; nativeBuildInputs = [ pkgs.buildPackages.git - pkgs.buildPackages.colmena + colmena.defaultPackage."x86_64-linux" pkgs.buildPackages.nmap ]; buildInputs = [agenix.packages.x86_64-linux.default]; From 54606be0df48b57de4e18c9d2a3f4475255d4356 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 20 Apr 2024 03:18:13 +0100 Subject: [PATCH 321/826] feat: got php working for the user server --- applications/skynet_users.nix | 31 ++++++++++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) diff --git a/applications/skynet_users.nix b/applications/skynet_users.nix index a364361..4620171 100644 --- a/applications/skynet_users.nix +++ b/applications/skynet_users.nix @@ -7,6 +7,7 @@ }: with lib; let cfg = config.services.skynet_users; + php_pool = "skynet_users"; in { imports = [ ./acme.nix @@ -69,6 +70,25 @@ in { # normally services cannot read home dirs systemd.services.nginx.serviceConfig.ProtectHome = "read-only"; + systemd.services."phpfpm-${php_pool}".serviceConfig.ProtectHome = lib.mkForce "read-only"; + + services.phpfpm.pools.${php_pool} = { + user = config.services.nginx.user; + group = config.services.nginx.group; + settings = { + "listen.owner" = config.services.nginx.user; + "pm" = "dynamic"; + "pm.max_children" = 32; + "pm.max_requests" = 500; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 2; + "pm.max_spare_servers" = 5; + "php_admin_value[error_log]" = "stderr"; + "php_admin_flag[log_errors]" = true; + "catch_workers_output" = true; + }; + phpEnv."PATH" = lib.makeBinPath [pkgs.php]; + }; services.nginx.virtualHosts = { "${cfg.host.ip}" = { @@ -90,9 +110,14 @@ in { locations."/" = { alias = "/home/$user/public_html/"; - index = "index.html"; - extraConfig = "autoindex on;"; - tryFiles = "$uri$args $uri$args/ /index.html"; + index = "index.html index.php"; + extraConfig = '' + autoindex on; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:${config.services.phpfpm.pools.${php_pool}.socket}; + include ${pkgs.nginx}/conf/fastcgi.conf; + ''; + tryFiles = "$uri$args $uri$args/ /index.html /index.php"; }; }; }; From 48e48c43c73ec066633be64e721d53d143872602 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 20 Apr 2024 04:55:07 +0100 Subject: [PATCH 322/826] feat: added a redirect for the old skynet format of user addresses --- applications/skynet.ie.nix | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix index b56a189..a691388 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -72,7 +72,17 @@ in { "skynet.ie" = { forceSSL = true; useACMEHost = "skynet"; - root = "${inputs.skynet_website.defaultPackage."x86_64-linux"}"; + locations = { + "/" = { + root = "${inputs.skynet_website.defaultPackage."x86_64-linux"}"; + }; + + # this redirects old links to new format + "~* ~(?[a-z_0-9]*)(?\\S+)$" = { + priority = 1; + return = "307 https://$username.users.skynet.ie$files"; + }; + }; }; # archive of teh site as it was ~2012 to 2016 From ebefd81defa0dfd229538fa2c1f9dd2d3b19536b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 20 Apr 2024 04:55:47 +0100 Subject: [PATCH 323/826] fix: split out the php config so it can serve php and html together --- applications/skynet_users.nix | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/applications/skynet_users.nix b/applications/skynet_users.nix index 4620171..ac9112f 100644 --- a/applications/skynet_users.nix +++ b/applications/skynet_users.nix @@ -108,16 +108,27 @@ in { # chmod 711 ~ # chmod -R 755 ~/public_html - locations."/" = { - alias = "/home/$user/public_html/"; - index = "index.html index.php"; - extraConfig = '' - autoindex on; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:${config.services.phpfpm.pools.${php_pool}.socket}; - include ${pkgs.nginx}/conf/fastcgi.conf; - ''; - tryFiles = "$uri$args $uri$args/ /index.html /index.php"; + locations = { + "/" = { + alias = "/home/$user/public_html/"; + index = "index.html"; + extraConfig = '' + autoindex on; + ''; + tryFiles = "$uri$args $uri$args/ /index.html"; + }; + + "~ ^(.+\\.php)(.*)$" = { + root = "/home/$user/public_html/"; + index = "index.php"; + extraConfig = '' + autoindex on; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:${config.services.phpfpm.pools.${php_pool}.socket}; + include ${pkgs.nginx}/conf/fastcgi.conf; + ''; + tryFiles = "$uri$args $uri$args/ /index.php"; + }; }; }; }; From 210845d2cd6e22f4cf8a9dd9fd5c0e224ee28a5a Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 3 May 2024 22:50:57 +0100 Subject: [PATCH 324/826] feat: create space for the open governance --- applications/open_goverance/README.md | 12 ++++ .../open_goverance/open_goverance.nix | 70 +++++++++++++++++++ applications/skynet.ie.nix | 3 + 3 files changed, 85 insertions(+) create mode 100644 applications/open_goverance/README.md create mode 100644 applications/open_goverance/open_goverance.nix diff --git a/applications/open_goverance/README.md b/applications/open_goverance/README.md new file mode 100644 index 0000000..2c9a6b3 --- /dev/null +++ b/applications/open_goverance/README.md @@ -0,0 +1,12 @@ +# Open Governance + +Started by DCU this is an initiative to make the running of (computer) societies more open and resilient. +The goal is to back these up in multiple locations. + + +| Uni | Tag | Repo | Notes | +|-----|----------|----------------------------------------------------------|-------| +| DCU | redbrick | https://github.com/redbrick/open-governance | | +| UL | skynet | https://gitlab.skynet.ie/compsoc1/compsoc/open-goverance | | +| | | | | + diff --git a/applications/open_goverance/open_goverance.nix b/applications/open_goverance/open_goverance.nix new file mode 100644 index 0000000..544a503 --- /dev/null +++ b/applications/open_goverance/open_goverance.nix @@ -0,0 +1,70 @@ +/* +This file is for hosting teh open governance for other societies +*/ +{ + lib, + config, + pkgs, + ... +}: +with lib; let + # - instead of _ for dns reasons + name = "open-goverance"; + + cfg = config.services.skynet."${name}"; + folder = "/var/skynet/${name}"; +in { + imports = [ + ../acme.nix + ../dns.nix + ]; + + options.services.skynet."${name}" = { + host = { + ip = mkOption { + type = types.str; + }; + name = mkOption { + type = types.str; + }; + }; + }; + + config = { + skynet_acme.domains = [ + "${name}.skynet.ie" + ]; + + skynet_dns.records = [ + { + record = "${name}"; + r_type = "CNAME"; + value = cfg.host.name; + } + ]; + + # create a folder to store the archives + systemd.tmpfiles.rules = [ + "d ${folder} 0755 ${config.services.nginx.user} ${config.services.nginx.group}" + "L+ ${folder}/README.md - - - - ${./README.md}" + ]; + + services.nginx.virtualHosts = { + "${name}.skynet.ie" = { + forceSSL = true; + useACMEHost = "skynet"; + root = folder; + locations = { + "/".extraConfig = "autoindex on;"; + + # show md files as plain text + "~ \.md".extraConfig = '' + types { + text/plain md; + } + ''; + }; + }; + }; + }; +} diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix index a691388..b1bed7a 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -11,6 +11,7 @@ in { imports = [ ./acme.nix ./dns.nix + ./open_goverance/open_goverance.nix ]; options.services.skynet = { @@ -62,6 +63,8 @@ in { } ]; + services.skynet.open-goverance.host = cfg.host; + networking.firewall.allowedTCPPorts = [80 443]; services.nginx = { enable = true; From aec580a93e199f3cf24866ab0adeafe31022dcfd Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 6 May 2024 01:33:12 +0000 Subject: [PATCH 325/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 2b590d8..10be33e 100644 --- a/flake.lock +++ b/flake.lock @@ -713,11 +713,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1711630308, - "narHash": "sha256-5MW4i4TVkJbpwGrzFrjci3xhdWLCUUrM7DSlQmKXA+s=", + "lastModified": 1714957946, + "narHash": "sha256-Xo4VHqECFXEYQiqEFYMqiTzaYSBCbvhKGjvnZ5rNLSM=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "3d925fcffff22ecaf30bcc2cd0d01773d1480b04", + "rev": "6cbbab80bdffea76e3990948273e523c352dd727", "type": "gitlab" }, "original": { From cb6f9c2b8ef047a9160593d26ce2e7af62f09eee Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 4 May 2024 00:15:20 +0100 Subject: [PATCH 326/826] fix: feckin typos --- applications/{open_goverance => open_governance}/README.md | 0 .../open_governance.nix} | 2 +- applications/skynet.ie.nix | 4 ++-- 3 files changed, 3 insertions(+), 3 deletions(-) rename applications/{open_goverance => open_governance}/README.md (100%) rename applications/{open_goverance/open_goverance.nix => open_governance/open_governance.nix} (97%) diff --git a/applications/open_goverance/README.md b/applications/open_governance/README.md similarity index 100% rename from applications/open_goverance/README.md rename to applications/open_governance/README.md diff --git a/applications/open_goverance/open_goverance.nix b/applications/open_governance/open_governance.nix similarity index 97% rename from applications/open_goverance/open_goverance.nix rename to applications/open_governance/open_governance.nix index 544a503..263488c 100644 --- a/applications/open_goverance/open_goverance.nix +++ b/applications/open_governance/open_governance.nix @@ -9,7 +9,7 @@ This file is for hosting teh open governance for other societies }: with lib; let # - instead of _ for dns reasons - name = "open-goverance"; + name = "open-governance"; cfg = config.services.skynet."${name}"; folder = "/var/skynet/${name}"; diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix index b1bed7a..a8cfa1d 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -11,7 +11,7 @@ in { imports = [ ./acme.nix ./dns.nix - ./open_goverance/open_goverance.nix + ./open_governance/open_governance.nix ]; options.services.skynet = { @@ -63,7 +63,7 @@ in { } ]; - services.skynet.open-goverance.host = cfg.host; + services.skynet.open-governance.host = cfg.host; networking.firewall.allowedTCPPorts = [80 443]; services.nginx = { From 6ae584c895a765b320548499575b4699188a5f67 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 7 May 2024 01:37:19 +0100 Subject: [PATCH 327/826] feat: add a keyserver --- applications/open_governance/README.md | 5 ++ applications/open_governance/keyserver.nix | 59 ++++++++++++++++++++++ applications/skynet.ie.nix | 2 + 3 files changed, 66 insertions(+) create mode 100644 applications/open_governance/keyserver.nix diff --git a/applications/open_governance/README.md b/applications/open_governance/README.md index 2c9a6b3..7ae398f 100644 --- a/applications/open_governance/README.md +++ b/applications/open_governance/README.md @@ -10,3 +10,8 @@ The goal is to back these up in multiple locations. | UL | skynet | https://gitlab.skynet.ie/compsoc1/compsoc/open-goverance | | | | | | | + +## Keys +We host our own keyserver: https://keyserver.skynet.ie +Use it in commands like so: +``gpg --keyserver hkp://keyserver.skynet.ie:80 --send-key KEY_ID`` diff --git a/applications/open_governance/keyserver.nix b/applications/open_governance/keyserver.nix new file mode 100644 index 0000000..8629e33 --- /dev/null +++ b/applications/open_governance/keyserver.nix @@ -0,0 +1,59 @@ +/* +This file is for hosting teh open governance for other societies +*/ +{ + lib, + config, + pkgs, + ... +}: +with lib; let + name = "keyserver"; + cfg = config.services.skynet."${name}"; + port = 11371; +in { + imports = [ + ../acme.nix + ../dns.nix + ]; + + options.services.skynet."${name}" = { + host = { + ip = mkOption { + type = types.str; + }; + name = mkOption { + type = types.str; + }; + }; + }; + + config = { + skynet_acme.domains = [ + "${name}.skynet.ie" + ]; + + skynet_dns.records = [ + { + record = "${name}"; + r_type = "CNAME"; + value = cfg.host.name; + } + ]; + + services.sks = { + enable = true; + hkpPort = port; + }; + + services.nginx.virtualHosts = { + "${name}.skynet.ie" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/" = { + proxyPass = "http://localhost:${toString port}"; + }; + }; + }; + }; +} diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix index a8cfa1d..02c2f7a 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -12,6 +12,7 @@ in { ./acme.nix ./dns.nix ./open_governance/open_governance.nix + ./open_governance/keyserver.nix ]; options.services.skynet = { @@ -64,6 +65,7 @@ in { ]; services.skynet.open-governance.host = cfg.host; + services.skynet.keyserver.host = cfg.host; networking.firewall.allowedTCPPorts = [80 443]; services.nginx = { From 7408873102b08e335a17fcecc0ec7029a7f64395 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 12 May 2024 03:47:20 +0100 Subject: [PATCH 328/826] feat: new server to work as a nix cache --- .gitlab-ci.yml | 7 + applications/nix_cache/nix_cache.nix | 108 ++++++++ flake.lock | 359 ++++++++++++++++++++------- flake.nix | 11 +- machines/calculon.nix | 53 ++++ secrets/backup/restic.age | Bin 2298 -> 2320 bytes secrets/backup/restic_pw.age | 28 +-- secrets/bitwarden/details.age | Bin 900 -> 825 bytes secrets/bitwarden/id.age | Bin 809 -> 701 bytes secrets/bitwarden/secret.age | 26 +- secrets/discord/ldap.age | 40 ++- secrets/discord/token.age | Bin 867 -> 805 bytes secrets/dns_certs.secret.age | 63 +++-- secrets/dns_dnskeys.conf.age | 33 ++- secrets/email/details.age | 39 ++- secrets/gitlab/db_pw.age | Bin 867 -> 781 bytes secrets/gitlab/ldap_pw.age | 28 +-- secrets/gitlab/pw.age | Bin 875 -> 781 bytes secrets/gitlab/runners/runner01.age | Bin 878 -> 735 bytes secrets/gitlab/runners/runner02.age | Bin 863 -> 735 bytes secrets/gitlab/secrets_db.age | Bin 819 -> 781 bytes secrets/gitlab/secrets_jws.age | Bin 2465 -> 2330 bytes secrets/gitlab/secrets_otp.age | Bin 825 -> 780 bytes secrets/gitlab/secrets_secret.age | Bin 858 -> 780 bytes secrets/ldap/details.age | Bin 1346 -> 1307 bytes secrets/ldap/pw.age | Bin 1194 -> 1110 bytes secrets/nextcloud/pw.age | 26 +- secrets/secrets.nix | 6 + secrets/stream_ulfm.age | Bin 2887 -> 2864 bytes secrets/wolves/details.age | 41 ++- 30 files changed, 598 insertions(+), 270 deletions(-) create mode 100644 applications/nix_cache/nix_cache.nix create mode 100644 machines/calculon.nix diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4d7684a..3ad4b00 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -65,12 +65,18 @@ sync_repos: - mkdir -p ~/.ssh - chmod 700 ~/.ssh +.scripts_cache: &scripts_cache + - nix --extra-experimental-features 'nix-command flakes' profile install nixpkgs#attic-client + - attic login skynet https://nix-cache.skynet.ie/ $CACHE_KEY + - attic use skynet-cache + # every commit on main will build and deploy .build_template: &builder tags: - nix before_script: - *scripts_base + - *scripts_cache rules: - changes: - applications/**/* @@ -105,6 +111,7 @@ build: <<: *builder stage: test script: + - attic watch-store skynet-cache & - colmena build -v --on @active-dns - colmena build -v --on @active-core - colmena build -v --on @active diff --git a/applications/nix_cache/nix_cache.nix b/applications/nix_cache/nix_cache.nix new file mode 100644 index 0000000..25061d4 --- /dev/null +++ b/applications/nix_cache/nix_cache.nix @@ -0,0 +1,108 @@ +/* +A nix cache for our use + + +atticd-atticadm make-token --sub "admin_username" --validity "10y" --pull "*" --push "*" --create-cache "*" --delete "*" --configure-cache "*" --configure-cache-retention "*" --destroy-cache "*" + +# for the gitlab runner, done eyarly +atticd-atticadm make-token --sub "wheatly-runner" --validity "1y" --pull "skynet-cache" --push "skynet-cache" +*/ +{ + lib, + config, + pkgs, + inputs, + ... +}: +with lib; let + name = "nix-cache"; + cfg = config.services.skynet."${name}"; +in { + imports = [ + inputs.attic.nixosModules.atticd + ../acme.nix + ../dns.nix + ]; + + options.services.skynet."${name}" = { + host = { + ip = mkOption { + type = types.str; + }; + name = mkOption { + type = types.str; + }; + }; + }; + + config = { + skynet_acme.domains = [ + "${name}.skynet.ie" + ]; + + skynet_dns.records = [ + { + record = "${name}"; + r_type = "CNAME"; + value = cfg.host.name; + } + ]; + + users.groups."nix-serve" = {}; + users.users."nix-serve" = { + isSystemUser = true; + group = "nix-serve"; + }; + + services.atticd = { + enable = true; + + # Replace with absolute path to your credentials file + credentialsFile = "/etc/atticd.env"; + + settings = { + listen = "127.0.0.1:8080"; + + # Data chunking + # + # Warning: If you change any of the values here, it will be + # difficult to reuse existing chunks for newly-uploaded NARs + # since the cutpoints will be different. As a result, the + # deduplication ratio will suffer for a while after the change. + chunking = { + # The minimum NAR size to trigger chunking + # + # If 0, chunking is disabled entirely for newly-uploaded NARs. + # If 1, all NARs are chunked. + nar-size-threshold = 64 * 1024; # 64 KiB + + # The preferred minimum size of a chunk, in bytes + min-size = 16 * 1024; # 16 KiB + + # The preferred average size of a chunk, in bytes + avg-size = 64 * 1024; # 64 KiB + + # The preferred maximum size of a chunk, in bytes + max-size = 256 * 1024; # 256 KiB + }; + }; + }; + + networking.firewall.allowedTCPPorts = [80 443]; + services.nginx = { + enable = true; + group = "acme"; + clientMaxBodySize = "100m"; + recommendedProxySettings = true; + virtualHosts = { + "${name}.skynet.ie" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/" = { + proxyPass = "http://127.0.0.1:8080"; + }; + }; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index 10be33e..0385d34 100644 --- a/flake.lock +++ b/flake.lock @@ -4,14 +4,15 @@ "inputs": { "darwin": "darwin", "home-manager": "home-manager", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "systems": "systems" }, "locked": { - "lastModified": 1690228878, - "narHash": "sha256-9Xe7JV0krp4RJC9W9W9WutZVlw6BlHTFMiUP/k48LQY=", + "lastModified": 1715290355, + "narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=", "owner": "ryantm", "repo": "agenix", - "rev": "d8c973fd228949736dedf61b7f8cc1ece3236792", + "rev": "8d37c5bdeade12b6479c85acd133063ab53187a0", "type": "github" }, "original": { @@ -29,11 +30,11 @@ ] }, "locked": { - "lastModified": 1660510326, + "lastModified": 1660592437, "narHash": "sha256-xFumnivtVwu5fFBOrTxrv6fv3geHKF04RGP23EsDVaI=", "owner": "kamadorueda", "repo": "alejandra", - "rev": "ef03f7ef74ec97fd91a016a51c9c9667fb315652", + "rev": "e7eac49074b70814b542fee987af2987dd0520b5", "type": "github" }, "original": { @@ -47,14 +48,15 @@ "inputs": { "flake-parts": "flake-parts", "haskell-flake": "haskell-flake", + "hercules-ci-effects": "hercules-ci-effects", "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1690376079, - "narHash": "sha256-IJiajoljCMUGlp1bwT/loXs1B3RH2FXpLepnqvcPNEY=", + "lastModified": 1714877287, + "narHash": "sha256-mf1/RfkyhzwLLeqU8AdosbBfRQuQzuVMX7XL7GejoRI=", "owner": "hercules-ci", "repo": "arion", - "rev": "f0436c8478d1b5530c115a6b1202c4478dfe2f81", + "rev": "e9945eb6cdaf5c946bacd5a330e7b5ac7b3b2fdd", "type": "github" }, "original": { @@ -63,10 +65,32 @@ "type": "github" } }, + "attic": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_3", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1711742460, + "narHash": "sha256-0O4v6e4a1toxXZ2gf5INhg4WPE5C5T+SVvsBt+45Mcc=", + "owner": "zhaofengli", + "repo": "attic", + "rev": "4dbdbee45728d8ce5788db6461aaaa89d98081f0", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "attic", + "type": "github" + } + }, "bfom": { "inputs": { "naersk": "naersk", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "utils": "utils" }, "locked": { @@ -101,9 +125,9 @@ }, "colmena": { "inputs": { - "flake-compat": "flake-compat", - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_3", + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_4", "stable": "stable" }, "locked": { @@ -123,7 +147,7 @@ "compsoc_public": { "inputs": { "bfom": "bfom", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "utils": "utils_2" }, "locked": { @@ -142,6 +166,27 @@ "type": "gitlab" } }, + "crane": { + "inputs": { + "nixpkgs": [ + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1702918879, + "narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=", + "owner": "ipetkov", + "repo": "crane", + "rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -150,11 +195,11 @@ ] }, "locked": { - "lastModified": 1673295039, - "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "type": "github" }, "original": { @@ -187,6 +232,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1650374568, @@ -202,7 +263,7 @@ "type": "github" } }, - "flake-compat_2": { + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1668681692, @@ -226,11 +287,11 @@ ] }, "locked": { - "lastModified": 1675933616, - "narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=", + "lastModified": 1714641030, + "narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "47478a4a003e745402acf63be7f9a092d51b83d7", + "rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e", "type": "github" }, "original": { @@ -239,7 +300,43 @@ "type": "github" } }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "arion", + "hercules-ci-effects", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1712014858, + "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", + "type": "github" + }, + "original": { + "id": "flake-parts", + "type": "indirect" + } + }, "flake-utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "locked": { "lastModified": 1659877975, "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", @@ -254,16 +351,16 @@ "type": "github" } }, - "flake-utils_2": { + "flake-utils_3": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -304,6 +401,28 @@ "type": "github" } }, + "hercules-ci-effects": { + "inputs": { + "flake-parts": "flake-parts_2", + "nixpkgs": [ + "arion", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1713898448, + "narHash": "sha256-6q6ojsp/Z9P2goqnxyfCSzFOD92T3Uobmj8oVAicUOs=", + "owner": "hercules-ci", + "repo": "hercules-ci-effects", + "rev": "c0302ec12d569532a6b6bd218f698bc402e93adc", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "hercules-ci-effects", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -312,11 +431,11 @@ ] }, "locked": { - "lastModified": 1682203081, - "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=", + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", "owner": "nix-community", "repo": "home-manager", - "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", "type": "github" }, "original": { @@ -327,7 +446,7 @@ }, "naersk": { "inputs": { - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1652722411, @@ -345,7 +464,7 @@ }, "naersk_2": { "inputs": { - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1692351612, @@ -363,7 +482,7 @@ }, "naersk_3": { "inputs": { - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_11" }, "locked": { "lastModified": 1686572087, @@ -381,11 +500,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1677676435, - "narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=", + "lastModified": 1703013332, + "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169", + "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", "type": "github" }, "original": { @@ -425,7 +544,38 @@ "type": "indirect" } }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1711460390, + "narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "44733514b72e732bd49f5511bd0203dea9b9a434", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_10": { + "locked": { + "lastModified": 1693087214, + "narHash": "sha256-Kn1SSqRfPpqcI1MDy82JXrPT1WI8c03TA2F0xu6kS+4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f155f0cf4ea43c4e3c8918d2d327d44777b6cad4", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.05", + "type": "indirect" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1687011986, "narHash": "sha256-ZNSi/wBw12d7LO8YcZ4aehIlPp4lgSkKbrHaoF80IKI=", @@ -439,7 +589,7 @@ "type": "indirect" } }, - "nixpkgs_11": { + "nixpkgs_12": { "locked": { "lastModified": 1686921029, "narHash": "sha256-J1bX9plPCFhTSh6E3TWn9XSxggBh/zDD4xigyaIQBy8=", @@ -454,7 +604,7 @@ "type": "indirect" } }, - "nixpkgs_12": { + "nixpkgs_13": { "locked": { "lastModified": 1687274257, "narHash": "sha256-TutzPriQcZ8FghDhEolnHcYU2oHIG5XWF+/SUBNnAOE=", @@ -468,7 +618,7 @@ "type": "indirect" } }, - "nixpkgs_13": { + "nixpkgs_14": { "locked": { "lastModified": 1689935543, "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", @@ -482,7 +632,7 @@ "type": "indirect" } }, - "nixpkgs_14": { + "nixpkgs_15": { "locked": { "lastModified": 1690026219, "narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=", @@ -496,7 +646,7 @@ "type": "indirect" } }, - "nixpkgs_15": { + "nixpkgs_16": { "locked": { "lastModified": 1695978539, "narHash": "sha256-lta5HToBZMWZ2hl5CautNSUgIZViR41QxN7JKbMAjgQ=", @@ -510,7 +660,7 @@ "type": "indirect" } }, - "nixpkgs_16": { + "nixpkgs_17": { "locked": { "lastModified": 1695837737, "narHash": "sha256-KcqmJ5hNacLuE7fkz5586kp/vt4NLo6+Prq3DMgrxpQ=", @@ -526,11 +676,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1676300157, - "narHash": "sha256-1HjRzfp6LOLfcj/HJHdVKWAkX9QRAouoh6AjzJiIerU=", + "lastModified": 1714635257, + "narHash": "sha256-4cPymbty65RvF1DWQfc+Bc8B233A1BWxJnNULJKQ1EY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "545c7a31e5dedea4a6d372712a18e00ce097d462", + "rev": "63c3a29ca82437c87573e4c6919b09a24ea61b0f", "type": "github" }, "original": { @@ -541,6 +691,22 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1711401922, + "narHash": "sha256-QoQqXoj8ClGo0sqD/qWKFWezgEwUL0SUh37/vY2jNhc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "07262b18b97000d16a4bdb003418bd2fb067a932", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1696019113, "narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=", @@ -556,20 +722,6 @@ "type": "github" } }, - "nixpkgs_4": { - "locked": { - "lastModified": 1652840887, - "narHash": "sha256-gEK4NNa4GwIgTZE63kt/4WTFAWRTJVSa30+h4ZjFh9U=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "52dc75a4fee3fdbcb792cb6fba009876b912bfe0", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, "nixpkgs_5": { "locked": { "lastModified": 1652840887, @@ -585,6 +737,20 @@ } }, "nixpkgs_6": { + "locked": { + "lastModified": 1652840887, + "narHash": "sha256-gEK4NNa4GwIgTZE63kt/4WTFAWRTJVSa30+h4ZjFh9U=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "52dc75a4fee3fdbcb792cb6fba009876b912bfe0", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_7": { "locked": { "lastModified": 1691371061, "narHash": "sha256-BxPbPVlBIoneaXIBiHd0LVzA+L4nmvFCNBU6TmQAiMM=", @@ -598,13 +764,13 @@ "type": "indirect" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { - "lastModified": 1706913249, - "narHash": "sha256-x3M7iV++CsvRXI1fpyFPduGELUckZEhSv0XWnUopAG8=", + "lastModified": 1715266358, + "narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e92b6015881907e698782c77641aa49298330223", + "rev": "f1010e0469db743d14519a1efd37e23f8513d714", "type": "github" }, "original": { @@ -613,7 +779,7 @@ "type": "indirect" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1693060755, "narHash": "sha256-KNsbfqewEziFJEpPR0qvVz4rx0x6QXxw1CcunRhlFdk=", @@ -627,30 +793,16 @@ "type": "indirect" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1693087214, - "narHash": "sha256-Kn1SSqRfPpqcI1MDy82JXrPT1WI8c03TA2F0xu6kS+4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f155f0cf4ea43c4e3c8918d2d327d44777b6cad4", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-23.05", - "type": "indirect" - } - }, "root": { "inputs": { "agenix": "agenix", "alejandra": "alejandra", "arion": "arion", + "attic": "attic", "colmena": "colmena", "compsoc_public": "compsoc_public", - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_7", + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_8", "simple-nixos-mailserver": "simple-nixos-mailserver", "skynet_discord_bot": "skynet_discord_bot", "skynet_ldap_backend": "skynet_ldap_backend", @@ -681,7 +833,7 @@ "simple-nixos-mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_3", "nixpkgs": [ "nixpkgs" ], @@ -708,7 +860,7 @@ "skynet_discord_bot": { "inputs": { "naersk": "naersk_2", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_10", "utils": "utils_4" }, "locked": { @@ -730,7 +882,7 @@ "skynet_ldap_backend": { "inputs": { "naersk": "naersk_3", - "nixpkgs": "nixpkgs_11", + "nixpkgs": "nixpkgs_12", "utils": "utils_5" }, "locked": { @@ -751,7 +903,7 @@ }, "skynet_ldap_frontend": { "inputs": { - "nixpkgs": "nixpkgs_12", + "nixpkgs": "nixpkgs_13", "utils": "utils_6" }, "locked": { @@ -772,7 +924,7 @@ }, "skynet_website": { "inputs": { - "nixpkgs": "nixpkgs_13", + "nixpkgs": "nixpkgs_14", "utils": "utils_7" }, "locked": { @@ -793,7 +945,7 @@ }, "skynet_website_2016": { "inputs": { - "nixpkgs": "nixpkgs_14", + "nixpkgs": "nixpkgs_15", "utils": "utils_8" }, "locked": { @@ -814,7 +966,7 @@ }, "skynet_website_games": { "inputs": { - "nixpkgs": "nixpkgs_15", + "nixpkgs": "nixpkgs_16", "utils": "utils_9" }, "locked": { @@ -835,7 +987,7 @@ }, "skynet_website_renew": { "inputs": { - "nixpkgs": "nixpkgs_16", + "nixpkgs": "nixpkgs_17", "utils": "utils_10" }, "locked": { @@ -885,6 +1037,21 @@ "type": "github" } }, + "systems_10": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -1022,7 +1189,7 @@ }, "utils_10": { "inputs": { - "systems": "systems_9" + "systems": "systems_10" }, "locked": { "lastModified": 1694529238, @@ -1040,7 +1207,7 @@ }, "utils_2": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1689068808, @@ -1073,7 +1240,7 @@ }, "utils_4": { "inputs": { - "systems": "systems_3" + "systems": "systems_4" }, "locked": { "lastModified": 1692799911, @@ -1091,7 +1258,7 @@ }, "utils_5": { "inputs": { - "systems": "systems_4" + "systems": "systems_5" }, "locked": { "lastModified": 1685518550, @@ -1109,7 +1276,7 @@ }, "utils_6": { "inputs": { - "systems": "systems_5" + "systems": "systems_6" }, "locked": { "lastModified": 1687171271, @@ -1127,7 +1294,7 @@ }, "utils_7": { "inputs": { - "systems": "systems_6" + "systems": "systems_7" }, "locked": { "lastModified": 1689068808, @@ -1145,7 +1312,7 @@ }, "utils_8": { "inputs": { - "systems": "systems_7" + "systems": "systems_8" }, "locked": { "lastModified": 1689068808, @@ -1163,7 +1330,7 @@ }, "utils_9": { "inputs": { - "systems": "systems_8" + "systems": "systems_9" }, "locked": { "lastModified": 1694529238, diff --git a/flake.nix b/flake.nix index a1cbad4..714096b 100644 --- a/flake.nix +++ b/flake.nix @@ -16,6 +16,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; colmena.url = "github:zhaofengli/colmena"; + attic.url = github:zhaofengli/attic; # email # simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; @@ -78,7 +79,11 @@ }; }; - nixConfig.bash-prompt-suffix = "[Skynet Dev] "; + nixConfig = { + bash-prompt-suffix = "[Skynet Dev] "; + extra-substituters = "https://nix-cache.skynet.ie/skynet-cache"; + extra-trusted-public-keys = "skynet-cache:OdfA4Or0JcHiHf05fsiIR4nZT2z2yDEtkoLqhntGAz4="; + }; outputs = { self, @@ -97,6 +102,7 @@ nativeBuildInputs = [ pkgs.buildPackages.git colmena.defaultPackage."x86_64-linux" + pkgs.attic-client pkgs.buildPackages.nmap ]; buildInputs = [agenix.packages.x86_64-linux.default]; @@ -158,6 +164,9 @@ # trainee server marvin = import ./machines/marvin.nix; + + # nix cache server + calculon = import ./machines/calculon.nix; }; }; } diff --git a/machines/calculon.nix b/machines/calculon.nix new file mode 100644 index 0000000..c11bb38 --- /dev/null +++ b/machines/calculon.nix @@ -0,0 +1,53 @@ +/* + +Name: +Why: Speed everything up +Type: VM +Hardware: - +From: 2024 +Role: Nix Cache +Notes: +*/ +{ + pkgs, + lib, + nodes, + inputs, + ... +}: let + name = "calculon"; + ip_pub = "193.1.99.82"; + hostname = "${name}.skynet.ie"; +in { + imports = [ + ../applications/nix_cache/nix_cache.nix + ]; + + deployment = { + targetHost = ip_pub; + targetPort = 22; + targetUser = null; + + tags = []; + }; + + # it has two network devices so two + skynet_dns.records = [ + { + record = name; + r_type = "A"; + value = ip_pub; + server = true; + } + { + record = ip_pub; + r_type = "PTR"; + value = hostname; + } + ]; + + services.skynet.nix-cache.host = { + ip = ip_pub; + name = name; + }; +} diff --git a/secrets/backup/restic.age b/secrets/backup/restic.age index 34e6e6422f8de1ab20a87e3e662e630066edbfc1..ee33aa47ccfd2eb07eba6e7de681eaf1e058afef 100644 GIT binary patch literal 2320 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5t-0%QQ?Z z332sGD=^CR^LMu}GYK&>$uN#AFv;}y_A+zMOwM&FbImWzbma;OF3B&-E-Ug6&rC~6 z^eryWHuB9h&<^+VcQZCCDGjbDu+)xBPN^u!azwYyB%mrPKV3oFTi?|pq&%cBz@W6G zEG0C%B+b&o$T`q5D(|1oYO%GJ4C@Klcj;QjejBu~AEHDiBbT-WNaf>i3bPdc14XaAEFipuQ z%<(bJH;Cj4_sU8yFAjHeOf?S)@D7ct%FFgDNwm=S2@Fin3AIej4l+;4&h#kqNx}$8 zzmgn3eMbdO1er&e8@u_X86^2<7#5@377<+JXjZOZo*EvU5p0oD z<{R#&pX;AmYM7d2>Xq!2ogSE5oEhTi9Ta60YLs47o?gxs;gb|nmgDB^>su6PUY75X zQ($4}nj2PB7?vJnkeOfLk!5O9aY;Zx zUbeTFiKCZuNS=S1UqDrAW@NaTTUbO$pocG)VU6K&#npz^>?Z;O!AKmD)ToCFm&}PEUYY#OexGN zcg;q(&9lnUx6n}`x70Y_H@K|I)g?GJ+^i}qsU#=axwIrZ-_SKQsVvVY!@$JPtE4R7 zz$KC^IKVS7JuKO>GSKAU8X)P`@BM$|R+#z_rB9*ef$2EGN)8!_+OyG`SqzHjgBO z%z{9L)Q~*CEYA{Gmz1brZ*L#3iX!8j)PRVHQeXEfN7Eeril~T+tiTG7fbwE4uVg3F zAQLz3!o;f7q~xS@Ll;+*P^YReBUc~osLb35bJrl#+*0ktoHC4fGcL%{_byj(4Kpjs zbzQEqmGzE`$OVnkk` zU#fO)h(&m@yGM9MP>8=pUYKcBP)?)$P3gj$fEG|PU&2}Mma&@25!Z{8Rf>sfu<1wCawYbnMsa5QC>c!rjF$0q{w`^5C2raN!RD2wRjyptE4h1?mG9m&f9uYz zl1^8bZZUt>?733&`WrC$#sd`+Uvo>Zz4s>H2)HSDSaTo(W%?WwO_W zmF3r7`S?AlSup#+s{E78jCmPCt6x7pz|5+#DL!Y7f~(W%tLb*uPmgNMu(UgLA@WhC z+bR$CoZH3o7awYCpY!ZwM%B8{7N>%LdcXN;d^uFZJ$Twe-tQ9>uRXK4aB55RQmI-U E07$3-*Z=?k literal 2298 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5t<)N~*{R zFwFCGO)qgSObjeA2z1N$EOhlvEhsb1h>G+ME%Pwf&na^ZvEWLo)Xpz72r)`BGAXz8 z^vNyp$})0`Dy#_i^2;%CHpsQe%JugPiAZw~F+sP@B%mrPKV88hAk{de&@8;bC^yH{ zt0Y`MGuul$DAicsE6mi>F)LR)#WmTlJjkRxC!H%Zve+jvFDuHmB(bVI*wv@Rz}d&K z($B-&Bhw_ZFg!80#M0fgBDK&lEfU=}Q@<2T<8p=2l-x8Q52LJzY#$^2{9^aA47X%2 zcNagmyzqeHWMjXw0GHe#{nUae!+fsf46~4cOcSr7++^+25`UxMoa~gKs#3E+Q?L92 zVJ0)5am`A#o z`Riu~xCiB#8Te+n<#PokdqtH+y80w%d#8lE=ap9#rdYV8yJkAM7$ujP8X6@Vh8B8< zgodSNW7wweo@AOHsE`?&5}X&Fnv@w8=;0k0oF7qGWRepUo)?srYY}E1pk1C)=u#As zpXMCu%H^A47~z;4m#H8|!=dMz|Jbn+6(il{#gc8+ux%`1?ng z1{Ve889O=^B1f}wg@ST@)55@XcVFYc za(CZglSI!FGyPXHW|G+R~$Nb!+sO&P& zw8X@y~76#@!dXz_HhL=~B<`kAy zxTSiyp%E>rgA;_mZI5)g7&CI+oH_16HQs2ecqRJ;Y*SW;P z(8t@tr_{(VGv7O0Kd;=EE6m*>$2rs_IME|FIKw|QxiT^_B+^CSLf^#Cz&SM8D>BKe zq%5a0*t^OV-L}fIV9TU(g>-XYe@}}b|AM@nY%{lTUuR$cO6Szb#G>LV?ZR~5l3*iq zZ?|Mmzx;F)u3Y^peZRt}OlN;>L*GRI)a>+vq;Lc6F#UpbN2etJ;0&iI?b2jpm)yWW zblW_u9DNHN70P@J{7Sui3<{I9eJni_vnrhYvO~Qi%=26g^!vjf#9NLz2QRjfyJM0<}ZjLkprjT_Y>=^1~wxoU{#$iVPDm{N|BlkXaC@ z;Arli;Th%`5N?o_Q(op|Y!K?MO^kXq{RU6q+r?vb9(6<%WEog8Tx znH1$#sqgHT=jWpDmhPPBQ{fq&o@H$29avUg;h$mQ|&%G}Jt416Ohi%aqY0xdI= z{0uBziw!(d9MjSgjnkrnO9TDN(kddej0(%qLo&F~#VOZOp(5DFE3hgkwItlsDAh|p z!qwO*tt{EJJjcf{*WW8N)Va#AEXOY~B|pfO%hcOAC?MCRP&>k-G$_K$AicuZ%ipEE zuspB8!Y$3;#30ZkH#phPEXX7o-L_Cyv$W(ug%abyh%)nt{2VhUr!Y&uz>q{=Lq|VP zLrZ;6_i%5s-16{n{j3VFVnerluBhVDh=QQZoB&H7j~wlc;vA<8{Q!@o?8x%qD*YTc zPfPEtY}Y_9M<2IzblW1`5-Xh370fJ+eFL04{fi8J_0tMXLsQFwBMOX7q5>0>98+?9 ziY@cKgZwLV@IB3p2`!N)0X35%LB?>jmyl#vjd_` z^!>{1hYq{6P2cfC`t=DsNY}WLI;iqDXJ=5-0b7 z%yjop~ z?`EKzUX+?xoT^YA=Az&poTSI)(qiq&hSyo_CTHxemo)#7np5qi&X;M^G?#QL9tE=D{UQyua>J@2HRp8@RQWPE# zlwqEd<7=63kWy}v>6h!`5>)1wtFNEtTh3MASinEy{Wa-&nK>InjrY%AyDac+?wz>H za(rCrs}p&v9avvqZ{`0X$@N>3T~Omo<`32r|I!)-OXh!`G4q*efZ~I{@4HHmHqP%8 zKA@AB_VO)P9{Y>v-`Aw>q^c#9-g0@gEOp<3ng*Aj8c~*Wma`P!(Nx!c)Uzox;N^n1 rpV@l$U+su${?zkdGCuo@*Hq)hyZ(Dk&%Y*dN@q5kjpdK%`}N`gdinN} diff --git a/secrets/backup/restic_pw.age b/secrets/backup/restic_pw.age index 16f230b..31474d1 100644 --- a/secrets/backup/restic_pw.age +++ b/secrets/backup/restic_pw.age @@ -1,17 +1,13 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA LoF1ddALOVnrPikVoFfIO/Hrydrqoh/4W5DaSMZHkUs -Fla3oxohjlE6oUkx9tsroXcbDqQoQfi4qixrEqy2+/4 --> ssh-ed25519 4PzZog tojPturHggZ54bUlyCbr0hwLbhTPpBR/o90XT9DYf0Y -it+mlc2OKzxnEF08ao0J+aJezA20eAaRBW+ODgiX09k --> ssh-ed25519 5Nd93w W5FDJ7geDB27elGpL6SHBA54Al3uTU67FNsTt63E5H4 -1N3NVwEC3QqjpwdFk/SRWFpTUk1tTH7YPQdV2MmF/II --> ssh-ed25519 q8eJgg yJj2ImpyTpjLGiPqxQ/03tGFDnDN08Gr93rPRUYLLyk -PLSFba8JFM2na4h6XIzVeKKEw61/ZwlpQdesIHPtggY --> ssh-ed25519 3pl/Kw Zu5dWL1GkgL8ZhmFuTg56GRGTvTTDXYOXGN75/h37wQ -nvNXCSa/VsjchPWRMoFNCRLe6SK/trUrGgKa7iJkprA --> vZ[z@fHA-grease -mAV/h887fY2ispnlxuTZ+LR/EIYhV6LqbyuDpEc4p0jnwdpYhEAfU4KKZtnxae22 -q/IM3g ---- QXUMgsJS6LdbF4du60HslLfcBq5xNsazlzAHb7jSeDI -|eC >,Vĕ˝3Mb$iIs=qk܃Di -֟;S)<+)uR겗e[4}{61Wr EPI \ No newline at end of file +-> ssh-ed25519 V1pwNA olslO4c+ZlJtfdnTvlUz/JToxVa4mKVMc2eImIb3R34 +xVWXF6S38aPtZnhVdJBFcNMLZbsXyfGOyP4xvVmcqwg +-> ssh-ed25519 4PzZog zmdNvTqZx9XNzXITLXZrIrtlKm1+r3BCthr5z3JNMDo +hGyzFvvPf/OpNwBKml3R7nas8n3KihaMtZipnbB6Hx4 +-> ssh-ed25519 5Nd93w FB2Q42uQesjMDfE0WpVAp/0bob/37k1BDBBH13ul5QM +tFrXKb372CcnEMaunjm9aJ6ZBEXLK/EvhAD0Lc5haqQ +-> ssh-ed25519 q8eJgg yzncjdMSAILkSPzccY9uq4yULhbVi447IkC2mk+b5GY +YdEh5Fbr4U1Jwr2r7tNDorzrxyRVy5n5Cb9hhQG+TPs +-> ssh-ed25519 3pl/Kw sZ0skpiwJWPoqGMIhIUonQkJ5Pa1i37X9OyJHVwRngs +FqHMytq+bYoQBI/BwQvmjR1hvInhltkcuV1H6mcolUY +--- 0MouBOwGiCtj1xzuEZNiu0v/1vsqrHX349hRrTADwZs +s+7pɍ`h*pBNyb:4 T۰,"yګΓ@NR]жbuk/1jDn]'z oG \ No newline at end of file diff --git a/secrets/bitwarden/details.age b/secrets/bitwarden/details.age index 5e368464f18374210b846cf0705dcfb30aaad81d..80c4e9e837e44ded274f589e8b3d101c2439bfe1 100644 GIT binary patch delta 736 zcmZo+-^n&Xr(WOFBhAgzG114cs>(am%`3b(%{9<3+|9_$%{4qw-!I%W%{$1)(a_Dv zl`AhhvotZ>-^9_)*eJ*)uhJ;QJI%-^)!#J3F{i@ZH>fnf)IB^TIY&RBm`m4Ap}06h zH#Nn`)YQ;Y!6cw6DnDJpurRSa+$W&CDA6n{G%+;S$t|-;JE$ll(5osvD9S9%*Th%f z&^tLKqQE(uD=6G0EYi3z!_lK8sw6)*#V;s0pt!<2Bfu%#z0fqd(%nP5L^~tT!>QDB z;z#lDQkN<(r=(C%R|B7711BR3lkx!LWRHl#P#;roZEu$}%P7l8&#EvVr>uM~<8;qR zgS?br&*Icf(rg>q(VSdTl zNkMrjCSiW1xdz^8m6hIpCD}oN`MGYz;Sou0+Rixz9+`n$;oiyaMui#P!LCk;j=`4U z!6CW68GZ(CrP-zdh9QL+UYSnD`A+7>`gxv{&oYYF`-K)5l=uf1=^I6s2l#{;c^dc` zctmLjhFFG1rDx^^`#4$nhqzU^x&#(;xtsYIhJ_nj6d0uXI+d9Rdl`DB75E3|XM`lC zRc4q)8U~bCX8EOOC0aOg>FVk#q(&5ayQc>Dcp8~Ho4cn3M+RmY6#JE?`sD`}nHBn{ zxdyt|8~Nu3Il7c&bH!EH%gp(-_2^!MOUwfLBInkgynX6$uUvte*SYhm&Yt;)=PB|f z*MGWN9IX~uraxK!W7!ff8M~DFnvmF-?o}t&`aa;DRC(5DCexnt?%VrLY^*<3k)lw% ztM8M1>w4*3Eqjh|Z)svGesaP!=f%Ij&TSKwvK}RDdl=5{uJFYEPTjSG(GuEw7^}B$ zn0KsC_|WU=acxP+2 aLW#=VGY{^DI{D|^e;KT8tS%$y5CH&6Cl1R1 delta 812 zcmdnV*1|qPr#{&@#J4yqwW>rr-_6k6ry$ofz{M~z+c>i-C$KWRu*}>sF)hO-yu!Sq zoGVX1EX&8R%r_v*-PtL~&CMmO+%Mle*r3v+tAM-JIk`zz%9Jk%+Ei{x45*_J-;;2*t|5) zC&MBm)X^iG%S}7d#Uv=VOh3#m-NdmfH@Mg>wbDIUKQyP(DYV4P*)henINj7--y%13 z;z#lDv=CDxlYsKnP^avS0RK=!)6$I4RKvjH^pfJDqDn8*w8X%iqTn>MNLLfCJa^+n zA0zGJkO;$&kjPXg?Udy3Z1==S*HAAbBh$c8?Ef(g>DuVjs}6L z#vw+zLEdhLWg(k@vnNCR|!NxhsS;l!rRhfy&8C9WNm7%7F#7H;2C^fM-RiP-YNXthd+}ch-GmI-Tuq@EmI8@uQ zFr?nXATzVnx2hr_FwtE*z$4P#KQPokDm6T-xWduVGN`b`JDp2cS69I~)hRK|JH;q7 zr#!u~+%Y)JC&DMKz$>)WydbRHEYvB($vex`$lEL>Dw#`WNxgec>DHIW$_$tF=r7+q zxnO?g>UU{Lwf+0-ivISWbZ`3d{jT`d6CZf8>Q^25eyNt-{OSePiLbxa`xm%z|aY2-YTX2f zPl=mFv8ii0mv4}%n@^Zewp&h1nB_{ck;~B-nebd9uqSC!H z^7BfJ{nC8%jPfj!jFU4x@=PKNf;~(!oqWpDio=4<^urCf5)FI|TqAQlyds^-vs@D` zvdZ!;J$$45{ZdWx-LuToj4i98(vrf`sw{mcpJf!UHw!ZfG_fqu4=kxDEOiMtuJZB- z2rclgN;1r?Dh)|CE6cWUtkQQkb#n{l3Jmei4lVby%*?J#4)I7a&Tw;bbIvxdtaQq; z$Tsl|HZ)5r%8d#Rc6N2;($&>fu<-W^vIwb4N-T3pb}=^e*UrrJ^Dz%JNzL)}GAawO z)OU4?a>>s3^9~6OIZk y(6f{b=ID8^OO)7t>C3oSF)y2QC}&?>$gdsC8Z}!hAK99IRw@k1u&VdVoCyGM&Cgc= delta 720 zcmdnXx{_^zPJK>Jg_*OyK|y$dQ>9^0S!rUvS)yfXQnt6ZrLVqmdAUncVtPuHb8=O1 zK9`GGRJKQ|cd&;`xu0oRP_A2)m$zqNkgG>txLKHiK}MjvQ;}10xu;=}1(&X!LUD11 zZfc5=si~o*f=NJCRDQaGX;w&=xm%dAYzgd=-Yk_{Tc4?tydZDXRV1`RnS&3<|yKka}X`ZKLaj}1fr;&g0 z#E;_P?rDaFhGt>fmHI`w0r}|$29;SA#`)Tr{sk$KMFCaC&Ylq!6^8*7XpJf!UuL#cy49;|RN-ivm%#TcWb+dGH z&GPm#Fpe|~stj;<4$BP-%`Zst49hC#a!)R-DmHg6F82tJ%&qkBEVQhODy=d|HqR*u zhz!aJFf@!P3{FikDK!fO#XyX1dQoa(aVnR&nQ?JiX0d-+Xi08BrmvTFu5*-getNij zP-T5-m3DY>j(4t8ltG}8d8%2utG9cSd2xhMps%rIKyg`QlzxFPSCGE5dq%#uQMkT# zq_1~Qg;#22L1d19RZ6k8wwoiDuCA_viDi{fNs(WscA!~hVR3G ssh-ed25519 V1pwNA BxPb6d6nlJHiTkbcwOoPrvAPBuR1iJSFAXIp9n23Ix0 -hl0X3RjOEYp2G1QU4SC6CBF5YVlCWiakMsRbGTBYkzs --> ssh-ed25519 4PzZog Nf/tUysmhTfzaoHhubwdQ5NKZw5SBd3CEs129FGkuio -750oaBtfeBEpDuasZFr7RY5uBzFZZNMNGQkRyFfEGCo --> ssh-ed25519 5Nd93w fI9TNLWkDkvLCDA8eTMfVw7fRPylWHPGzPupya737xY -wQcz+yf+EqDNmRWqldNuQjjy9tKc1zN//yumtGpGbaM --> ssh-ed25519 q8eJgg T9Iv+fRwmOLYMXe3ur6dqudA1z2wQsKQX6ogkyQT3Fw -LBYKL2OtLiwq25FkvZjT4H3tu8fOA+KFmFp5vjbncLI --> ssh-ed25519 IzAMqA O9JfKAlOUao2S14iczlnTzT2sTSAM1vOR5KjO8eJMG0 -ioTSe6X4E6jE4c9Utl2d6EUHZYilnbtRnB5QJg3S3Q4 --> 6&-grease -BkWorA2LiphyWLmdV3AeKsI ---- +MO1wX7pJf7eq4MkiWSP+xyxThI5jnfseS8jd7LbFoY -WV>dD"`i+ ǸլSмkHOjt*k؏Ԣ9P \ No newline at end of file +-> ssh-ed25519 V1pwNA GVmv4CgKJ4b8Hv52C+1f/g58CbBLacpZ1CuyMrH+P3c +2JJ0TfpA4V+ZjbcbRxVN/NKPTm/KtKQ/A5fE33n0jAU +-> ssh-ed25519 4PzZog 8ZoG98iY1oUChmdWuRzxwAY0Lk88FVwMH6M5+HctGjg +TZ6bTswrAXji/YEaqUcZpxcqZnijvZBa3nq/rDorHkc +-> ssh-ed25519 5Nd93w 1QLznyfI5HuZiFOKlDJW/tw0tRiz/VADYJTfQVxzrRg +2n5f2UMzG7BFNV7zyPw4lleQdQJsRRG+0lcbuTvP1Pg +-> ssh-ed25519 q8eJgg 1ihAcMOK6p+chq0ivA0JY5QJrjhkGc9b1AxzWHFa3Xc +nfC3dXD6J4S18qjUO91hSNxOGnukFVFykq8HqntmKv8 +-> ssh-ed25519 IzAMqA wBM3jR8cmXa6yvNi1wTsdBX6qotosuBRu1rKYLJ/FCk +MUtMJjn+8Fbx9CjpUaciJPd8NOXxsJHGT/x60OF6O1U +--- d0tAB4cQva5jGPj8G8v5GrSFu0WfmjSYU+BmvDZsaLU +w'Dzޞjǵ$d-ʢC󣘽5ݟW, FjY9[[8  \ No newline at end of file diff --git a/secrets/discord/ldap.age b/secrets/discord/ldap.age index ab6803d..f036de1 100644 --- a/secrets/discord/ldap.age +++ b/secrets/discord/ldap.age @@ -1,22 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA icye7bxeLugaCuSwMYAZQOrI7tcG8uc9XR5lTYBkWQ4 -HRsRB0GVkMPS0afDz0ybcTZ/oexA7zV9U6hYyyVm/hQ --> ssh-ed25519 4PzZog ihJwwtlgiICUNgrpwVVKAAcDP9JxPgBmcruW1em8RU4 -/c6JJDzrHwyEelgMaoDeADVD/yL+ptrDdgSSMFceuXs --> ssh-ed25519 5Nd93w aLRd09zpjgCnj84pFFfPd9FrJGsnemOb99EG/TPe+UM -hEM/T5j4oZI05597dI148eRbRU0P/E02RAD5ypsl1eo --> ssh-ed25519 q8eJgg dwCo6ph1KTMDgFnJLrGFtzscrHxog6WGRUaPdBOuCSo -WCxgbOjZy9vkgcYTa4t/bgc5qfxlpFOiQ3vtCvb+uWM --> ssh-ed25519 IzAMqA Q+XUnmVUAstlxgZTiXXGZN7Nzo6G0zgS3jtil8MKd0w -1VFkeEGLZLh+j7e1RJW1iCx8ueLNTljTsxpujkhwBPI --> ssh-ed25519 uZzB3g FeuGUR8zcPUHkev9PVARM2ac4Ezk9EjO3gWL15kkjjM -W7DXwMWrIKEzs2IJ4MH/diaqkUK+lYE5ocJ3qD26NyU --> ssh-ed25519 Hb0ipQ +hueeoIxI4+E0bkElclszUoD4ftHLkiqe6XGcMNbAn4 -mS/SFhLfjQYa76qhDXvMijkvbWkGRGcv7HWlszArX14 --> ssh-ed25519 IzAMqA CLf1vDYSLjW2InHfHCEfq/b7j3zyRH0TTcLSQ0Evmn4 -tuq2+h0UVzt/lTFdpLn+fr5rIYdf8mgdDny8Cak+k3c --> x-grease -Eeo9UQ7LVOjORlpR2Jf7K6P2OEdc6HWWQ6/Yt//KHWxKStUtMv2fPIHu3A8h8mHl -iQT/Xmlg ---- 0/OGiJqIu2aFUO8vqJ936PvDDNiohDSVkqpsiCxzfiE -Z l.jZEӴFx6M!:zb.tDΊz#:xc}?cF/؉;ˁ"eJM_Gve7ck\E9&O+<ړ+Պ 2Hm \ No newline at end of file +-> ssh-ed25519 V1pwNA f6xGNtufcGjWlCNkhlF1YMNhwMIjpW0ojqD7fDhPjBE +fCVybFD61VIpm20zeVvKCsOclGhzN7RwRViw6EeWY8o +-> ssh-ed25519 4PzZog nHWP3E5ZNvSwTjeNWL5qqmPsnXBWUEs/e7trIQuT2CI +n9zztxz/XTIY5mPLSkFabYfsGugSrP7bdrXzf993MTo +-> ssh-ed25519 5Nd93w 1Nxqu7Lgv+KBNSoWMem3dBou4xrafQcE4XFlGCgwpCk +vZe2WYM+FfrNXog4iEKAwlAQsAuDEp2tdl/WzhRaju0 +-> ssh-ed25519 q8eJgg ywDORriWBqKl15CDZccFC0EbX8StgGYP3nbkOwKDbTU +ULGvROpIUv8GG/WdRIxpfovjl/08knlgQxpipUJe5vk +-> ssh-ed25519 IzAMqA RgipLXB0jBR4ghCrXXMx9/Pu03E4gBYow4gWYDPzHCc +gVAHf9H0fZrPL/8+NWx5Jlr/7UrvQdpLSGXEMiNdmrQ +-> ssh-ed25519 uZzB3g UbeXy7a4ZkdEjIIBCLD/zNKmlY2ooTO0CbGl1Y9lJRg +aajwx+NrY7iwOkT9hkk9ocdUlNm1f4epqXNosPxJpr0 +-> ssh-ed25519 Hb0ipQ 8sdgjex0JqgckMibuS1jdiJgkjvWGO8tUvlpWoYmxiM +CoUeJ+vEbBit9JZhvyz0dHX5IgNywGE4XfeCtVV94GI +-> ssh-ed25519 IzAMqA 41gq5+Itn20lMFlS7AnJ5JLl6OEbJ9Q32M/1TUDl0is +PFjQ3Gb4LajOxSjJgp6s2dkZrDFinniDGL8hXtlomqE +--- vxbU9/Jgdf0fkUD3hrdHUgPV3ipn9MazV54zlh4s4Yc ++Id/ffț1/xO䮝="<( Ofsrh+=E{= +C&QsVu}44UٝUSj%iHXښ7F݆4>Ѩf0ƶ)DX)ϗ$2YXٮ%s \ No newline at end of file diff --git a/secrets/discord/token.age b/secrets/discord/token.age index c4969af77fa4ba8c503cb983ff0f250c10a3de5b..4e083cafce5c9139a4f5e427c3fa7c8cbbd3812a 100644 GIT binary patch delta 716 zcmaFNwv=sxPQ6L4p@mld*+geyWGRPojle zx}&yJx|d@)S4K!^h_Q*0k-m>{l2N9iw@HY8acG%~c}`|%vcG9*WL0=}PN;!blz&P7 z#E;_PE}_N-sfPL4ksgjN`TBWPW~P}&PA--%Dfup?mMJbJiN&U-!BL5p0dB=ymY$YL z$&UKzp{W(FX1>1Z8KrK)mVSk%$wd_r28r1g#)cVgNfxfA-eHcD;~B-noytu^^@|J2 zD@}YWGF&24JiQIV!n6F!E%kFuA|w4gjM9yh!@^SwgM$sYLW)f)vrRJ$3iB#MQ(ZHi zLL);1wf$X+ii>?hvMW6-!Xm=;Q-XuTT}mS-pJf!U56sL+G|&(7GO99kEiH64a}O!- zHVMxNjtnkH@p0AmbI!I%G4e7j3Jdn+GVwDvNRP_(NiH>Vbx$%3FDXdON%Tn#EDlc1 z&h>S542v`~4{%Ga$}K78($&>f$STb=@--|^b}h3Eb@nm#$cfDI@ybhec6WD5^eFO7 zN;fg8PmT1v4u)^x3vwF+XL!WQ``*68eSN#|Wzg(*hN0^wWo4C~gYFPVEU z*EM~{g$VD*E3OnXEN!l9@8(%ywW`E+b<@wiS57+U8@`k&vHGY`+_Bz#39DY-rMqpO E0CZsf2mk;8 delta 779 zcmZ3=_LyygPQ9gZfO%$dVnnb(X;NuQkeR-7nTuyozDa0gNO?i1uc1*?dU&y`v1_1< z37313b7WPNWu<9&s*{Ihafx$gdRlm8c({*qQL>R!Xj)2^MOJ8vzk9N`374*&LUD11 zZfc5=si~o*f=NJCRDQZbh^0rCSD{%*XtI-uwvSO(x|@E5ky&JLP;jAHs%McwR<@6K zdYD;3N|Bodm%nyYfPuGfp;<_IVx?zZVL_f@PGPdEX<=kurc+{$Pg#n-cZjx&SFU09 z#E;_PZsw6j##sTOo_^XTkrk0{spi>Ex!%E!nPw$V`1`njG(?v;UD%d(QWN?pq{9i8$r%1g4NDxI^_ zO$~D`vP_Z^lZ-4gN|Tc<^NX`mTto9LO)ASLpJf!UPj(5=Hz}(?E-lRT3QR6?3N}jy#Xyyvt+sA@QEFmwszM%@M|OCmTS;MPwv)D-nWs-=vY|_6 zdQg3sd4Oe(k%5_+etK1QWO;B&q-mgb3YV^~u0nu8KuV5Rwp&S+bCgq_n`4A;u~}tR znNe1lM`T!qskxD-XL?SWUsalRC|7cY_}SyVzKf*=`kp;1)XCVtp}{J5t=yNei%sXU z&Wkg7ZT<0lR=>87s`3x6DxSm4>%F!oXXYPot^aS?x<}|y%AVg7w}q@!UlFa>&@8{o z%YH|frPpt`Jy|KOJ`9d!$RzvA%cMqd(k9?SlbsXnx z&S{hEW*pG@CY7{ttK#!_v$xK_aJnOXv0d)m1B_f3*M!=JU3mQbzDTI>Ef$Ff PUc1-aF8o);bh;b>OY$6& diff --git a/secrets/dns_certs.secret.age b/secrets/dns_certs.secret.age index b0bbb73..7d1f348 100644 --- a/secrets/dns_certs.secret.age +++ b/secrets/dns_certs.secret.age @@ -1,34 +1,31 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA 2QqdIJOBGkHQYLkNX0NRvazb6IBk4SYYps1lAC8N+WM -GkubePEafiWi3SfR8GXeXU8+HH4PxdwHPd9GOgvzhWw --> ssh-ed25519 4PzZog WEUGHm/9UeG0iFVKxFkaZYRtmqlVF3b3ikRQlA4Jgyw -yl/pe3c9C147jQj/uNIN5QMkFiVSAG9CQHMEOmK8UUQ --> ssh-ed25519 5Nd93w glFj1OmRcPMfXX8ZNklv3Lpoq27u9pK7LNtFWVUwjio -FeNTpW3aqxYE84kGRze9BMR2hDRsBj9a9+439fqp23A --> ssh-ed25519 q8eJgg 2GCD+0xk/pRUefV/qWv5GKsTS/vu5hGtr7lOPteWSS8 -M4Fsni71ockMvu669XMHM9++hXiz7TdFLf6o1izc0bc --> ssh-ed25519 XSrA6w yaCOzzT0GnCzdrARp2FQHV7npbD/JnuV4tSYwIprdXE -iEIgUn1+aDXN6+qDBNj4ltdCXYqxEmXXql645cGSyrE --> ssh-ed25519 DVzSig kQJIpvtSZSw1IUDIb3z7HNRz4dw5H3jb8ozcynSe5Bk -aHT8f8DncqP8pgE9oL70619xyNtDBzxB29Hq/ma2rt8 --> ssh-ed25519 SqDBmA QDrZMYCMSsqmhFIMaNi/keyPOry3YHwS0dMGGumJLzs -Tj0oKWFsU2aR7CQSyeDYWq7nY/vbcOkMD9JrLFaq2Uo --> ssh-ed25519 UE6fcQ Hb0Bp60va2pYytRaSaLbT9sKcosbcezSJs7DNiS7jgw -41IjrgNOPB69pabq3JRhdFNocy661JSCmXLdk988Hyw --> ssh-ed25519 IzAMqA 54sUUDUo1EurSpAIHhwUYWUF4jabHauQqzdaZv+q6WU -14C6ao5GUpicJrdIzP0YibKO0xoY3ehc1GDEWdWA3Mg --> ssh-ed25519 uZzB3g I/XkpzTDdYac5rJjElfNpD9gh70hnzImBBtBnEse5z8 -9SzTUatocYlqsyoNJ3oPaA6nZ4gZaRzUUs/zSXTPLM0 --> ssh-ed25519 Hb0ipQ h/VbRE/4QmlDmxl0nuzV828L75zK14FJTlxucIgw5Fc -EbTPH0ma+TA+tbfluXrvNU7mfqrK3Onn1riikEA3t08 --> ssh-ed25519 uZzB3g M0z7FxgMYUNi5CMRYnpTueyx5RwhJtArrv8o6pj+LEI -JjlkieTaJ+kz4CxdyPN4MDR1IUoWJf/uCGZj9jc+csY --> ssh-ed25519 YFaxCg 1C4qRq/rM5B36KZ3MkGl1wT9NwsSQBoefccxiBi3qVc -TKz4Ok/TVANl7cQ5sySccxWySWBXPtvJDM+eV1dsTz4 --> !s-grease j^W+6, Ab -Io86Mr5+tdtC+WUnf7YWjuOE9oHm2iLwyRRiEKgjxDIvNtDgdiZ+0nZ7yDRmuO48 -6OKmc9Wc2nsqknT6odS8hAgR2jIPXvg ---- 4YBEXs7Qucs2NbbyqhTgQrWZhejQa4XmK1mgd5eW4yc -~#)+s?Yy>_b?L+)c(8$HmM`7'c&cOhJs|xW6kHw7@4NPzWm >"?JP 8KaU^."=g6(jAEP.yWl -3 a -M"lky Ө9#og`punҷC \ No newline at end of file +-> ssh-ed25519 V1pwNA tzgPuOSktRbzGWk2BDFHmbr1Sm05qdYjyRz2/HTx6B4 +U81/Gr5l69wte3fAtN3nYfx5OAMu5x7WTS4gygHUucc +-> ssh-ed25519 4PzZog EPHeQJYsFoEHlgScAHEsu5qvylaTzvcPw3Y2CXOSuWQ +U2PGDUHKIAR/0qovVc7ovAT9dyn/fOTncfNWrKk8ljY +-> ssh-ed25519 5Nd93w 4CHAkRax2v275ksja2Pxw+5DoZXWNKd3lHZq8+Y1W0U +Br95FoQN2AZf2io3wFTX7SCHxGoGv2O/8/kbnu2bqvg +-> ssh-ed25519 q8eJgg zds5ccfqHdh67yLnN+33eXwHF5FFKVFAxW8Ecgk7ZHg +vDZ13K30m+rx+wyteX8SuA5uEI9dZMV/vRJSt9ydKMo +-> ssh-ed25519 XSrA6w 27EVcnWYtJnsl1EJtmbucY3pyXHRZKezi8KN30bK0Vc +y41vgV5yH3aZJUx0Wl/zP29466yOl2IGgl+6ti3pAVQ +-> ssh-ed25519 DVzSig XRuB0GkA1CFvcq7mc2Nod79+jYnN26dEOfCDcRoS+nc +Oy//M5W8tspc/YmQjYK8joYYpm3SoKfrKKmrLmSy7z0 +-> ssh-ed25519 SqDBmA cSiRVHtiZbLp/OFS+5tOgmf5msgfaTUW+6U9vC8Nj1s +8pymGU7WaIx3o0WkwqFXgM9lFjvablusQF/9O9xRrcQ +-> ssh-ed25519 UE6fcQ rl54j3p+k4eMCC63Hl2hKyWkKwWAS61iBdhGolnh7g0 +fqO/fSuwRyTAW49t0w/ffTMaIAvBnJrX94grAO2f0uI +-> ssh-ed25519 8vZ9CQ old/mJ0AN9vJmvbr1/0ELh02R8tGPys+rwSj6Tq2Sh8 +W+BcsKswtQv+e7kAjHn6vrdApawGuNwIAK2hNV3SJWo +-> ssh-ed25519 IzAMqA lotJU4JW3eHjdb+ZQ3s2XN7JmZz3FFBh7CJ1t+/+Ghc +wIJsNn4SUXjtobDz1xzLSe0oEqo3nRlWjJiLqDiHv6A +-> ssh-ed25519 uZzB3g eH+/Tew6AU7j95BBMcUtwnaoReZeFp6CaF1S+JdWUCQ +VjNNv+gd1JkUVFtJx4H7qDKpOPSkgRVcsJhYFhPxbWI +-> ssh-ed25519 Hb0ipQ k732pON+GqpltKfPmArf/d6wX0L5OLVh6l56M0Vf6UU +UdEG5xrFoFnjXAb47uPO0lC957yvocPgK7iRrxwBvg0 +-> ssh-ed25519 uZzB3g 0Q1BNGOJoH41b6z8YG/QOi8wshGJsPHN7XXMAyIVTwE +ecj8oOZyRSYCXPXEQXmM/KDZktEpsgyohQtK45Du1ow +-> ssh-ed25519 YFaxCg hHWU1ehve1zeDoilyZh1QjtSiGgii0i3ks7+DCXuPmI +krPnm4YCmcg98u735WdiwCeMLG/5Ie8rk0/AE7ZP+qk +--- 6aIkITPoSXpoPQB7IqEDvbC5SqQt+91+8SiNZbfrfwQ +0fdrCT اwwTS=M(F PQжx* Tad]Dt>W0T?i}W.n0jSʫ2\~ snДle$ 3ԭ쨋8{iY.uI|vkFvOOcsA ]:3p0\91( \ No newline at end of file diff --git a/secrets/dns_dnskeys.conf.age b/secrets/dns_dnskeys.conf.age index af886e5..54ede46 100644 --- a/secrets/dns_dnskeys.conf.age +++ b/secrets/dns_dnskeys.conf.age @@ -1,18 +1,17 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA 4DenEF3jiCxCBa/F8ehgk13NlKvLzEfIxeQVTlMvM3Y -czXCvVsOMZDmAzqxT6z0mCsGntVeLNAJX+IIz/5XS6Q --> ssh-ed25519 4PzZog 1fBsKWaKTGW1gioyrDoRsCqFhGfIThj1cq3GaPDlIjs -BFcSRxbrO3n91pEXNV7pInCRAH3W4NHFOYPDlvpPqkc --> ssh-ed25519 5Nd93w 4vy51/o4XExQqMRP3DyeVK0GJO71jYCm17qH5tC230k -UgDrJ2xPGL0O16g+BFOw/kEso19lB3QD35vLhxmQ2h4 --> ssh-ed25519 q8eJgg tAGYnvVu5NAlrs9UoEIUb6H898V5y/st/lnGm3w2o1Q -SYK1mWCClDoK3dj2KYmicOLRvgDC0qdOmhE/AFFWa+s --> ssh-ed25519 NtlN/A iXJJI8ILFcZvIPaHkWOYSUVwFJOEB5GPpZX/5EcWJlQ -XpiJUa+J2rjsAhhQT4szCwDMudGjuveslcsLs3wVSA4 --> ssh-ed25519 v2Y09A SkswYtVP5bn6FJZwL9AxxONpEyB44Oct+tz+eP4bUwE -0rDV7iOQI7GAJ0VkqozwgA3guoCRvCb5e3lgPAmhlXo --> ~=-grease -xBfYaHlWp09gHdR9CQ ---- wrlmOZpShrH1kgr4cDBNDjPk/zLA5Ro94cpUy06cH34 -hsIC -s15k|`3rUVڋ`v{ע1մNjHԡӥY+NҪs浓C+&0"VyjV⠝Ͽpܽ$-8$@ե{TFF d| \ No newline at end of file +-> ssh-ed25519 V1pwNA omE94iB1hTPkde6EfVej2cCtb8tCAczYOeHa9ZibcC8 +85+fPpShqO4OmETJ72eQlJmueOcof9nWOMW9B4Kd+Gw +-> ssh-ed25519 4PzZog gAreCKVlc+bRbbwbg706yWOeMJtbQNxNm5ZO35tETjg +XYn9InewtIZgp0hu/Z+HgU0qQLWuDtk9YH2rTG8Dy7E +-> ssh-ed25519 5Nd93w 8+RDdkA6k+L0B1FaajfF7gNKAVWi+jSOEu4qGYmrvTA +453wvNGH3ghMtQ5s69U2saSNVBxHya4h6AK73l7u7Mc +-> ssh-ed25519 q8eJgg igT5/6JbBdC5SNSSmB5c/Fe/hEbkJM7shzTa40hmKm8 +uWiet2aX+Jvhm64xEBajbvWODK2s974Qx6wGBDuTP80 +-> ssh-ed25519 NtlN/A 1c+c70Cl+2NxacvNdAQSV0APTtH99HN5iRTgN36vyV4 +rPhvangDj9jL/SFW/3ztNdXpQYQxKBQUB2uTbuS3bRY +-> ssh-ed25519 v2Y09A H0G9oRW2GOP3j8zqHSbFi+N0TaBGhMa432y1xiojdkg +5C8EzqYSUvJxn4ePw4XTIsWOuVEZCCj3e0Z5PvIwTPY +--- 4H+V7sfTROtlJ+eKrXYaKnCm7cSmnQjj39cQdY39PWI +.Jo<]W}HI*4ݸgb{ETE#5bz!?oM&L'e󇷐b +B6Nc꼔/-9ھ`. ssh-ed25519 V1pwNA /YhGxaH+uVC4EXVNEpY6akQ3cyOFTCvbqnQDobPGbHE -pcRmdrS2h6GOmhiUQmbDncgAhfBMsI7pVc/8MrCQeiM --> ssh-ed25519 4PzZog dsRhlBiY7h+WrKqU7KlCYQ5Ypwz76uH9AjZlfLwf/3M -wNvcPHNISI5y0eGQpAv2jSZbTbA9C8LGzI8/dnMn3ZY --> ssh-ed25519 5Nd93w 5z8u2rWibJcfnkKJmtIv/toSUgkJdxk2HiBJ5yi1F34 -jXWyd2UcJgQLKHyl8/SbtR5uKEBPS1TWcSV+uQ6sudQ --> ssh-ed25519 q8eJgg puPp2e3TvJOmqF68x25NsZftZOjXoQRAfT3d6dulOwE -DMKRvgnqQKJbUcKlFvFPnIWQF48v/AhR0sRG7R01LMg --> ssh-ed25519 IzAMqA bkxqFYf3QFk4Bg+ax6l2B2/qEC1Sc2v1oNIXRxA942E -TYk7gMneWdKdx9PMJoROZy6k0A9smhQGoenypCiSSjE --> ssh-ed25519 uZzB3g ouKif0gJlk8Ijg4htLxS6V9kDm1oO10pgoIDGHlnKg0 -TtChPqbY4BWc6320hBVsdjOYsN8FZ7+kK+gAa8cPrXU --> ssh-ed25519 Hb0ipQ GQu3BHKFNOffCTgN6v/9dciTpSDOPHSD9L1R6OG74Hw -j9r+idSNJR0w6XgVZCGOdVsvsFPVbyc1/Nno4uqBCUw --> ssh-ed25519 IzAMqA cQNK62FYAGQY9+0YhVvVuKMaqB9IBPLUPCnM2nSUQzI -NOMoBDtIN9w1WlxuYHTLORS2xA//D8jIip4SidBUNog --> QjVPV-grease z #u>.AWX -ZAgcrfjgpw5J778jd9fRtQUns32SsiEybe/VTFKZw7P4J9STzRlt8/KDn8EJQ2Dh -K22xl+ENBo/+YuN1UQ ---- TYTyl621sRrBSPvYgf8uC3auUXL2ytoFi0ob6+NUSOw -pns1 螔{j7i'WWȖ ˿?+/P\~B}<څwI.W;rFćdHg>?սTl"-1_KzmEܙAY{d0,V8YV  \ No newline at end of file +-> ssh-ed25519 V1pwNA mAJQEFu0p2nxajUh4C7FrKnnyTEFVagT6rtCsKqDz18 +a85pGwh2S35v+VwC8DnIL0TJobCk8EihiN7p7bwlxiI +-> ssh-ed25519 4PzZog NbDMBIfNzmoG6jSRTrDpKbHm+5pd8tVLZhZbnzvGZRk +VzXjnmCR17I7ZX5b356OCRHJF7W10aj3SBF0MCcnzwY +-> ssh-ed25519 5Nd93w sNsptEu0kFqWKSTeEXvdsa38ka+h+LKXBqrTIqmE6jY +RrPnod0YsfbXGcfwKz3BfYyVQa2+OFR18X6f5V9xqX4 +-> ssh-ed25519 q8eJgg 7YPlbAGSZPq1IvLqk2EB0S7WfemTLkUv6FC5GrZHWDE +tTGgiNjuJl/3DLc/GKIczm5G38LZGekAXTF2TXUo+PU +-> ssh-ed25519 IzAMqA PcRZNr3VHZuB9XD3sRASaY8JaL45c8pF9Am/7P+94iU +Sml3WvRZ/wrUO5fqn02cJneCfjnZ5fJr9d3dTdqyCdg +-> ssh-ed25519 uZzB3g bWlsuR71mtorLasEP7+2cuH2S2B8uM222D6nQC5Rgw4 +rUQ1sXbeaehQm1e3/JVR8cQqE2hkwmUFV/PQ9Se1H1M +-> ssh-ed25519 Hb0ipQ kgBnX7+sd0rxcp88Hglenuf3qfoo1syJQceGxMbWDSQ +rb5cvTxSjInGgJRZq33vCIa23LkeFHbLCy2s3hZXSzI +-> ssh-ed25519 IzAMqA 0pLUe6dFlP9w2JPn53Mo6xXJNuJrLHH9mqerGYp4lFM +IvjADrsuDTHI0Ljzr899pG5/bwi+V+KfCt3hn6Nf/UA +--- jAsttyHTXJjcXYQym/QFfEvD8eMk+SK9IegD0p2bZ7Y +5:-l+5ņe<ëSYƣRKCH<1et"aʉ?Q&PӐ8Cw?N PWf|&BȚ][Wr|>ӫSKʳ%-&M"uпuz \ No newline at end of file diff --git a/secrets/gitlab/db_pw.age b/secrets/gitlab/db_pw.age index f9b29eea3752046dff44540dba181b77d66a0c0c..c175d33aa6ab3967818788acd08d3f19e0faa607 100644 GIT binary patch delta 692 zcmaFN*2^|Qr@qKL$KNqENjot)CC??vQQyPUr6f0^%HJ_8DKaBJGc`5B+{33bJ)VsvO zKczS@(V`-o%Tqhj%`Y<7)6_4o!pkedII+YqyCN^i-^)DAFHGOr-z}-K%EvXeBq!Zs z;z#lDAs*sFK=fLtT*CI0)qY@936n{_Ou&6}0yn<|>a5Ia^@r>f(#i^bJF6PBm z8A*mF#etbwl@*nxnU+TGemP}c78N036~5&@QR(JUL56``X?f`d{$2qYIYEYLMU{DJ z5s7X_IRRctMx~WzjyYjzk=|vV!2zBwk;Z|O&oYYFhg4=+IOh4~737ws=T&$c`(=8W z`Br5)nwJOUS~$DrC3*S;8JIX5S!9-Txs{q2=2>_}1zH3}S?1*%y1S>A2RfOW80))b zga%uh8XBfnr5E~#_=Na!>FVk#L{^3x8yQ%b`Bda(`B$bGyJQ$=d-z92l?FRTROD9W zCIy$&yCvo(rluG9a=m2Wy1=?S>u5v#hn0-2!s1zCTqiQDQyFDAPXA18(qXVn%H8;B z?|qAk^)FZQ{Ao&m^PlITdQ>0ht>3F>9(q3^=io&5zAB!S3u4zS>p9nAO-ZSL-CyN4`Q6Abyee^VYl6sP2hoOE6SXJR&d|_H&b<8Zs_m6)YmU#l ge!2fm(P`h#O^+3H(&F#lj-B$WX!BRA6HioI0nSqZZNo#UR`~Jt94)AXD4OKf|mdD9X8$-9q2R(l|8NA~7)6(%;B6BQ(=D-#yC6IikQKC8xsA!%@G~fJ@g-p}06h zH#Nn`)YQ;Y!6cw6DnDJJG$hO`!^2D8+#n;vz$`y9+pQ#DKgihA)VJ8QILs|FBq!7* zz%eMzG}tJc%P}`8$THI~w9>r9N#Ebk!avEhvaF!k!_hm;Bh0x}3@r>f(5mlb0X*p%u zA$k4*#RW-Wkzu(;<&ME=MIj|68NS7)+Ggfa5dlUyB~_kWd7)nB9{z4oX<-&AP6lZi zuI>?r0m)HL243DJ`N<(sfq_P$;rZcTB`==R{ zx#a3wRC;TB7@A~M7#0VDVxS^4G$=tgy(l%YIF&0ZN;@spGRN5@!Z0Pmxiq!Vw^%!) zAho_ESlh=etJ2GI5nVzs~{}doJ&_% zSHayk*flgGDk-NhI5o}0FfS`2+u6t2*xSt@Grv3_qSP45o9}Oo$V`RHxZ?{JZ@lCZQXpoHb$Y zt+S@BI9%L!vDnP(#g^X6Am*wiOhN{W1@c#a_#ao{DAtiAI&H;-1Iw?xcpggoye3K1_1o!6f6J$ diff --git a/secrets/gitlab/ldap_pw.age b/secrets/gitlab/ldap_pw.age index e0350a2..48c93b4 100644 --- a/secrets/gitlab/ldap_pw.age +++ b/secrets/gitlab/ldap_pw.age @@ -1,16 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA 82JAj5XsvsKT8sIuARe4FTmSiCygEhTive+jIJ7h/R8 -M3U8He0axy2HLdKnmKDyvilT99LQPEkw27FF2hUI3tI --> ssh-ed25519 4PzZog c45jK9DTUO6sXTbhs8UrUjLIELIL8XVdYiOYZsR/4yY -HS4ng3Sb4J0f9OYHZLmWHWS/c3uetn3w6HG80uZNdUY --> ssh-ed25519 5Nd93w fBv3U1fx4kIQcPWAMl1xRUeIwiM1+0FpfhJZrHQMww4 -8ANUGKVp5Tpq/wbIgXhpi5cPsxFALOuOsisMEN5A4j0 --> ssh-ed25519 q8eJgg HTr8SCqna6YrbpdEWdXf3vcR/ohxQStlXabHjZN+zW8 -vyoLfNsO0zW+S2+nIHfB1s8GaD/XjfqnPq/i3G4IJqs --> ssh-ed25519 uZzB3g f6+fXpF/3aP36u+G1sDOhaQtdaWXwxoW2aWWC5E8X0Y -KRDi36ChFupksZMkxWEnUkaNBgZujYsXEhS7ngueo8E --> /Q|[]_7-grease WOAZ6f R~_\$m7 -e0+qF+9VouiUjHXF8coBkESl7COpdlPlBQYamcTsTto6CgZUZkYqWQ ---- n0CQNPMTO1iiR+zt+dDvj0FocVteXkclIlI0EXoKV7w -OrPK]PKx>e3rd瞿ݦ9d4G cά|T7g7z -P02bڍf,Ҩ2m  z^]M$ji7uY_lNPuA%<@ c{7 \ No newline at end of file +-> ssh-ed25519 V1pwNA JVsw8ztM2WBL6uR3IHhdsrJpRddMTzcd2WwpLMTbE3Q +WSw1UmfUPZEIcJ9Rr5i1s8ZiV0O4qrEmPHPHfvzvuP0 +-> ssh-ed25519 4PzZog LgiBGLVRfnntheKxXFjqP7GNhD0hwOaTMQ70vDEkbSQ +9MGIeJUi3Y3yxUNF+NEWRj+jP52r41XRPBV0246gMDw +-> ssh-ed25519 5Nd93w 8dEhOqim1Ryg6UpeCDv3e7ykF3IMri3ut/S5yuwieyI +m56/6dPG34+lVybgmjLBQNI9ba+sz8OpUu3QapEm+BM +-> ssh-ed25519 q8eJgg wQM2ASijF3YgUBOzpB0OAIZ2XH7lLsEj0wHpzUhe72M +IycltOHlMVE/g7F31mqiIFWsCPuFAHociD2pP3bOc54 +-> ssh-ed25519 uZzB3g Q3I0tbKR4g1QRryO4Dx1B409TuS1jLcOWW+OGh0a2X8 +SjK/s4Qp/TG6ED7fg2TaFAX8FyRPVu48l9epc3wWO40 +--- CUHCxUu6RfoD6zNpkmDgWBg+SF7FvZLDZKQojCSFkg4 ++nd~op8bd@ՋGI6 [1|J7oĻWQ7yc29 RyiWpW%Ouw;)5FcBDm%MG+bE6mu!-Pb3wATd(gJFKG6)!W(2%Otcg-?g}W z;z#lDKrhpv^sIp5iX{IeM?a^aQiGDf(!D&8KjxLU- zrDf>`9&S#Ni6z>G7U8aixo%|!NoFQd-X&S)PF{IN!LI3ChOQ-!KEC;dCBZ?#xnYHl z;fZcR`d(F`xjx3`iRIeqLB9IAZvGxY2HyFT&oYYFm%Hm1xf#2dhL~CAo1|7a`Q^K0 z8+rTZM})fshF66cW|?W5m_+(!X@`_^Y5OM?8yZ{qnK&mFnK_q7TI8DMBt``3SGfD- zXGIo!1?E?!Bo({)LFVk#6q`Bco0w;%dOByj8&m}6xt9972f4Wy1(g-$_?8(K z<`lcsS4J9EWTaPRbCu}7U%TTTcaYfphgB2bo;%Y2J!bRA{`EOws_7vr)0bszk$k+N zb0PD`?(qNr^!U~?^(4h?Pinq&m7&OmJv(Na-xEuni+1s^COj4QX)PAJYQt3+=JR2F zf$O&Qv2`@X+^cZ)%8^YL%@baLH8 h9!sQNaP0r}^zde#uNxdDoPJUD`e?9x)&s-Sn*eKi1a|-c delta 787 zcmeBWd(AdMr@ktw+{-Q4DA38%BPuA<)x_J>DaFq`)jcgKFef*t#HZ9JHQ%+M(#_e; zm&-pdCDgbuEizI&GekcxGR40nvDm!8FeNh6*s{Vo)Hlh{FH1Wz%q!R{n@iVDp}06h zH#Nn`)YQ;Y!6cw6DnDJpG%+N{%q=G=FUYVUsvy+I$E{pDE5|R~peVmQ$g{N4-Cy6* z%q1eJqRhpDE5#x*T|2PK%rw8OAlDf(24)tfi8%%l zE~SQfCb{AIVHOeonZ?Bsp-}}<;l)9bM(O4G0f{a?6-MP;fhKNFt_B4`W&YVFW@P~$ zrA6Vcg{2jqVY#6p7GZvs`IUx6W`3^51^FhE&oYYFdl}~&Ct5@$Ci|PZBwAYN>lX)> zIu&@P7JKIf75aumSQHl-l$Mkg=j8Zu1^5J2gk<zQZF{yJKm4WC(yto(!iiFpu#jc zvZy{NzocBhAjmSv-`}akyU5ZjrKq&j*&sA2Ah|NcH^MX5*F87Xv?wV*%Ba-H%rddi zoXadTn@d+$SHVBY*Eq>2%s183&>-D0xXLlRP~XG6Aiv7g&nd$&)!os%(A3q_sLCkB zkxR|{wDr4OWw-4s-$W>RF#Ao7Vt%<^f$MgCr4q-*7}cc$Z(Vk|$ds$!*_*Ta6W{8B z)n2K~0#|x1EZFhR`)yvu$!8De{8;+Xda^;(r|>&D%yTx{f9Ra%M^(C6xl4gpnOnG#VVHSnX;FZ0nwhb2iFuK; zX`yS7N1BTTS87PIM@5;XxrZo#E#25u%1M&*_Mj`^198QMkVrI{vSVU-qKX}MJf zDOq_{#YN6hmhP5DM)@V#oL9lj)u+_&Se%RiRGb_;~B-n4fB%BD*fF} zjDxbOOpU|boV+|MQhh2S!XrXG9Q`Yk!lK;#l8nL)1DvwCf)gtY3PTNolDzWrtNi^V zJ=3e)^o!iXU6Os1+*~aR3-kRlLOsgU%CyTTpJf!U_i!`v3X4ee_l~g4)OLvqF3!r= z_Orm$_eyLG;lMmsLb}{3J-G)%(HX}^tI5>@h>*Z&ecy2G4u=5H?=fM zFGfNHQvQORkKJ@(fS*Eze7|G${422&#-SO{vVtbI(ty z%nT{2aSPJ+@u>_e=Q=3MyU*lY)RhI!?-SxubOg^oI>4>*K=$#!_p$4QAMmVuJH^v6 z>%|J^PwIKDozs$cb$oSd*fv3JTNB^YPQlO!MZp()g=~2LviWyS;&40iTz|s}^+VDO jJuCg3jBec2+M2a$p3TvnOV&&c_6AGUru4Vn_EOmNMxaQQHs8Sk)K&nnpZ@4 zQn|a6d5}jrSD>+rYldNzzoVsvg=1K9TA7PURpZFpbc6t*G!S zFiwk#2shUDF7-AJ3=FC&tjcmvb8$`Q^3zVPa-YgCwfxo1X2Kwx=JZfKQpad}RLXI>bW zms7r%YeA$@Vo1J4dS-@MVp51vYCu6%x{tP(VOBs|WJs!6L1B_(pszuasbOGBzGZ2W zwj-CWuC79WxqoV8riXS~LAY~7Xjqwve{Q{bWJ;c!Z-#bpXoOR4l&hJee@==^L`X7M zZ^ZXWg$+{cwys-vgLnVquRM)rw`VrJlwXn`$jhj7-tMTWwx87ga7X)C$+bJR^~-Kf zIy$}Lsr9KjGrsV|sj0+A@t2)@v&iz&1N|o!6?Lk7j=jRmjwDZY&zV+eY7tPt`bxf{ VN_-aY?p9M%N8d6TMWbsGDgcGv4>SM( diff --git a/secrets/gitlab/runners/runner02.age b/secrets/gitlab/runners/runner02.age index a2974c204df247718474e5061893337ac4d977fc..1186ce3ea499cef7c8ac7d3506e7fa18b347a491 100644 GIT binary patch delta 645 zcmcc5cAs^EPJMokpL4Q)KtM`jcD}h+aHW1leu-C*zJ*CZQfSZYDc3`r3NN!$fR#=32cv@*t zs)2W?PozgVm%hJyx=FcPj$v|&Pf=A=WL05dR;Zt&lfHIkRz;;rrdfV@kXLC~YD$Xd z#E;_PiDq7onTds#;ThiU{?7gxrNvR1ZUs(8+D7gs`P!z2ss5qP5sATt1tIBNX8A=< z$wonbl|GSf!J%0mo>9pumIdCf8NS)+<~|+$O>`^G|Vr_42klsaLz2P zD#^2SHP#MG_3f$Tz6+@hSGJ(s#=?_OSGIO9@UbiOLHuEqBXvb`9_g z_tJK$@p5&~HZb#zX>!t3lat;{D^Hmf@hoq-GW`wv($3yUn_oRik7qD+ zB$fUa-R*R%Q}*?w->bOJ-cinW?CZ8RjAEO2yF%hhhr+{Cy9FnIDJYU=wwZn|uBcpb j-QAuEn_Mp6H~qG1>$3D#ufM`vfA#HWi0;*XdMFeC1d!=A delta 774 zcmcc5dY^5APQ6EEu7O2XN|iyHW41|lT2gtgUr}UHRkB%uzISR~c7;)?VP0r%rcZIE zBUie!hgVsWQ$%oqws&BaxxP`DxpSGfYo&8yUZ7*Co1vepTS`==zG0-ZE0?aFLUD11 zZfc5=si~o*f=NJCRDQZbYE)22hJkUCNm*p7TY5xAj$4saWR7R1S4M@umr0JHNpP07 zOQmC4QKfS}S5=mNc7UgLa+IOFNp`8Dn`?$+q*=LpKxt`uSZ0}fv9D#BUzTxDWQKG0 z#E;_Pei^=zzQK`}S6zuBX_@6kVU^h-p_PRJWkKoXRmM?8rJ>oDVXo<1jxPBI z7M7)vUKJJo5w6(<1-V&)MV=OZ#XeD)CP5+D28o$LrsWZaSy|bW;~B-n-I6O!_4Crh zOH$ojTwRjQ4I`b412dEI3@oZr^NZYl6H`KSUDJ(%13a?1yp0SiQ**pR9X$fwGRo7< z^|Q4N!}3G5Q;PhYg0$01d`*o*4BdmGEWH9JpJf!UFO77~C=Cd*^l&W?NC_zL40QEN zE>9~nEcUH1w=hUa406r(b8@Q6@ej=Aa&anic6LrmE;S8IEHFsR3JUTIObYkN)z){+ z&dJJj4b3a`HVgF%4K_^%#XzlNvYuJ8ZhBE_VsWZMsk*tlU3t8jf>L0eZ4g(odzxvv zPe{F2xucGsd;T>QD}*ynOms^7uWfqUuO01djB$gY`n}F z*Xb2;;qIntxtg6xpJUgQzxlw{vth$NmAbzvbGj_P?R_|W@)iI3 z@$r}SnHcvwM-GQgo#5!Z=taS6PM?!YuD{;6WsULCjB`e(j`ODcd*-SB{uRs0BU;6h Hf^nAsO>i5m diff --git a/secrets/gitlab/secrets_db.age b/secrets/gitlab/secrets_db.age index 1710c1623244238aef76702704257cb70eebc260..df4b192987855db577a7ba879ddc6d3254bdf1c6 100644 GIT binary patch delta 692 zcmdnY*2^|Qr{32*#j>JMKeNz3#5*G^Imjoqz(1`hKTz8=G%4LNDj>?e$T!R1(4;im zm&>^#R6El#u*^81v?wGX$j~RkFDKM5Ju@%Lu*@~hEi}(5Bg@$|+|RJkf=ky+soc9F#lkf(=Fa{_j)h)9 z{>6TgQ3j3{1?hqARmHiXxdm0Bh5lxazQ*O+X%!Y3C83^NNhz)cu1--!nL&Blo_;R= z6%lEso~i!%;gN<_t`@yt`52ZK zrDtdd2Ku>ql$bdART(>S>FVk#1m(KqhXh0>re!$m7iKtSdX$=*YL{e}hnePtk(8Cj}w#KF_*u{>3EywdjBWeLPPiShu^Q9u((}y zLS4P>L`}X;J!{Whs6MD&>{rv|pOh>AP4UL0=0$I!p6<5m=Fu~r_1$u|+e4+17IJFd=Lxo^t3@Z4GzX>B7mrr*1b1Z?&{dZ{J;XvH`6 gjT@NjHb^e17f!jeB75i5*mA9vS6;|{cof3}07^mn-T(jq delta 730 zcmeBW+srmWr#>}5H!?FkuQVde-QT>*zsSJCC!?gmF(T9>ASBSKFebmD>$dvH^Q{ItRmmHIKZjGqM+2nC(S=BsWQW*oJ-eEp}06h zH#Nn`)YQ;Y!6cw6DnDHzBFiT&(yb`f$Ed{D%P})C*Dc8@$k;2wEWNf($=>1SfgZWR zKDhzLnfdv7UKP0oW!mOZ8NsG5#ereT7W!3Qjsa=qAufSj5ytLW89Dhz0a2+rIf4EK z`o(7MnF0F2zFtW|nI2wF0f}Y>VdmNXx#h`|&oYYF2V0tyh^vo}bB4a5m$z$0V3nU? zHdn5`S6W7Du#sVQVOFZIc9x~5ep$MOXIQ0~iLphxc7~B*gh`rXacH8kFPE;JLUD11 zZfc5=si~o*f=NJCRDQZbWMxG~L10Cash56+c0fo;vRisyfm?7o zDvS*)Ez*K>yn>t~3)4a}tMW67e6$TJy$f9@pJf!U_x5x0D5!8NE({F|cZ+bUC@W0L zOmz2lGjj=vN=h>G%`fNG;BD_6sO-G)^h=i1hZ(Ofs+t53Z{6PV>yqEy?$> z%#H}C5ArPZH%ko;<+|~7_vyC}L|l7sEWh=4ZKqO%e%IM{^(n5mU6)ul?)K9WJG!g> z$yLYS+sgCiYu?Iwufto$aop3*WLf;xCw#eoro^t0zHmx!R5oOc8iJ2ynp9M z&X`^)8=fdN<3K&jHm3T3f_K-Sy=JoB?t1ibMc;;9CwIJ!$Tno&Xk2&Ze98fd-i6iQ zuc+_HI@{d7Pv%R5g~e<8S=|no*|pqf$5^wh<(g7+`(pDx!9!DmR>leQx?YsO&Y3!S zL(C~Fhh%YPTdn0TJDmPqyIi-5b?*#$mx-MR@@t$_YtOpv*=?D1N^rZ!f%?+wp2KhE z-btD2c6X1x0UNS&FIK%oN=H=lh3ExL+2Rk?QeDO3^bHI(-h8*uF`A&dycuPo!UZt2--g z&6n5O=G-33lDl5CU7FLE#DB_~>DHn*^=$`)&#`&O>fDRoSy02xTbrT%E?gyHGCQm3 z|EZ0|mP;ymJ{dRS6Y7FZ?gG!>5vtLi+E#dqs_j@Xq<{T?Yvr#dDY$he>_ff z2)<}nj~CT4oIihS{a*>Q7sZ(;?>$p!{jjY*ResU#kLg>kZ(|U+vnxt6z4hky;(3gh zx>qD-Eb@)MrsI0@y}>)B?nkW`8{0cQuD1$3+W3Zj&Aas1yY{3E5%WS6|&sYdOuKy=L={cuO zYk4n=z_qqd9X2~|_1>sD*{e|`batLh_;D%ysoZL(4|{tVU0C+sBBP<_K&Vwj(C6(U zB}tDICbv3i?9AaxRD9Mjk#*^lWS&DZnOpup2#UVaz02?t)7x*^x3~iYPPrb@)X&~; zZQb3}sJ`+}UA-pTREJB6St9F}?3!MG=oI7TUFMJelvf-&qjdRGR^h|aC)-bdxg5aM zZMx1Pjx#Q0$@Im)Dr{$FTs;)sep9<^Ystqwd{>-;sxDa?kK^R!;= zb$`0o=Tk`Oi~P3>`kwciFS}IyCN-7y?zy1m4$o|dH&5s6NVDLM>-_k8w%LW&x;9LRu>$s#lyXs9#sFrrx9OVzvBlaQ|_2A;q*_f%Ol*e!XvCx?ma0 z=jf9~8|R$fzy8TC<}d44Psx*2@Uj#A_c3SxipUdZ|FiurV5E_ja#@_BP zOLGHe-rruvX*==O3+v{TdZz$41D}_7ivPTeRGX?H_^!TqeY?6)WAdraU5AzaojI-e zrdzSx#ixJHOgpQk7Vf51)s-;!yrJ7EU1P@LT;@rOH+7`oiYYZ|Ben@>&(z@k-(9EDATyl?H*Av5w zGYXwm?yYH+SU)AXq`p!1)aIRx_xCJ4qv3d}V(z|^QVaLa&fxuj^V9pBs!YSrZzZnx zFKbx->*Eq;R}Q_Ymx2ll^XG=<{E>}K7joQxTx_eQmi)3)DOrEnCf_qZ>UICS?!r}W zlNo#kpH04KdjIW;f4?{qKL?$^xSm1a=-X2T_Dh&1?K#{&rDm@}Mb2}b%`UgJR<3lt zw`%2W>%`wyo8O;4&bpH8&Uvk8w-P*;DGHUGUHjPdrtjNGX5aob`9~k@llt6vZ%ym# TyA!y>N?Y1j*G^Yzn5+r_3uPYV delta 2389 zcmbOwv`~10PQ9nAwsTHZxpA&(l6FYBrMIJhK$t<9Q?9d5hQ7Z?SV_2rOKzomppijf zC|7A-LAh~-SFV1PlZm%;L9%{Sx{HxTc7U%-c9ff2m|;k9id&j?P>_X*Czr0BLUD11 zZfc5=si~o*f=NJCRDQZbcBETWU|LaDMR}-cW{7`4kXu2PVNzOFYHqn(k#A*Cc||~g zi*cn-VntOXSC~a+Z-%nqQW?o4HA0u1B^B%OENu}Wy9@+V2`sTrY1%>%8X|9=t;eJVeKA!ohNkQdYUS=-E z;aNsOk-2#;Mj@vDLE+v(zFy@{#;FyVg<%=45&1?Ykd?E}cpJf!U&vYsZbxkres|+l6af~!@b1w4p zN%twuDi2K3ugdi>^a%?!wJ^6ZHVJm*@-ug=C^WFlGR}+gH_7!$_Ser$3<%1tDh$s_ z)Xs5nHuA7=)UU`f_RlW{#el1sZhBE_VsWZMREmbFO0FqanWJxHxW1)Dc4}36T8_K7 zlV81aP+~zvMPXT(duWw&c4=^=en@bsX^Np~QBt^RT4`ElR!KlefT=-wRDOC@5SL|@ zTTotMp?_XQKu~2_dXRRqv0tR8Q9-Dat8qzkXhoWTkawh;fqrJ7QGQxUatfEOuC9W% zf22`RK%iHuX;xOAVUAI9x>;srsz3isL)Adr{ls{%|zGnZ?%UI%x ztabQP&u{x(^HP=jHeP3zUR80wM{>)RtBWTDuifHaaec2U=c=o*`w!l2KT`dELFCU8 zUd@#T^~Ryk<}Xp*Vf!@Pe&(HT%Fe`bK31Z z-Fqo4uSTmeV^-?CD%ln1p2&7w@Ym=l)!W72yll@Vkw#yq#^Nh59VzQ#{yZft>ro}~(OV>49#ppb|yxD~3zpUto1@~iL)J-%N z3;CQIk>%A`fB4kQJ6hL!ig!Kfi=6DMI6YFHt>nbr7xnw=B0n%L=iXxJCi8Zch1O}m z*DW*DiqkT5gJ#}Kv#(cD_-SOy6k4LI!TCz%uSxM#VTa;bmRw(t1*<7;)o(a6NoU~} z;r4>9k!G?%hq;;i^D54*p0jj;)|;mjcTbMIDBtmHh2}?57mJGbFFCocs+`k^+F$a; zK;)m5+I}^k74qkHnKV5TYuskO?R@ru;C$C>8s@1OShDZP zMoxQMGDX?JW}jC;VwHT>zLGM(ybPhf%g>!3%Y5O#eDle@Pu{OYMD{f~?>}`$wE4pH zBu;hrbN&La)P5YcbJ?T2S5{YW7N1>%l>2_hO>eh?M+t0Sbyvn63 zk7QRB+TIn~Hg#z_6RV?3YOJEtPL=xd{i4^V1y;N|cq4ma2WubS+R`v*+uUp~rvJZ> zD@dN)uVu}mHbb`lNVtvmF^hTIfA3y+=d9kNh4a%N+WR=jUx;`kBR0#bqHizjw|5^7 zpS~n)={0p)=YisxvZjk{e~MmgIFdbWfA%ci^0mJdXP$psvqMUzuyxnl|L;3~9^NA( zom0O*V}@PV3;7rR8?U%5*WS?MByqz*Xu|TA+!brvn$k4cbRXXODL(y`SXA4m8>e@0 zM^1TeWK)|g$GYp^%* zr@npF&Xf9=j!H!fdj_SyPTm>1HE_?0{S7W$Vi6{(^?H}17Op&ctKrtRMG22R1fB@L zaLS1ayioK}RZ*TX$gJ#M({O0)SbH{dl#l?4f{=U-ApS<7H$Z47F z*Y^CZjhow|pWS~L8fVx2#eDmkb@B^ehZFf*UX3bNXZFIj@tM2*F|7JD|TYc>ngFI%x$yXQc z^psVdZ9kpkc487s*6ufd7$?sW|M&Ha?AiTgcXgKSzdjrU#Dn)hzksR z7B{OqH!5WIzrCe_LSGxWLp(pHzfpPIY4Gva{PpE|rdvyeKWd+6bzD{7*X0*+`|v8~ z$*gZTX@5;LEnBcCZiD%z>X+|=)CHEzkA0&Z@FB7wVB4g9Y&-6~iCSsoV!1W)Q_@?5 zFu~fbN_Rf*-}L^%XU2!(S}XeU?NqsExIejl>YRQ`+->!(pUkAEYdEX?n7ui1O~_Us zO=0d%t`D)V7+>9O=HFZAR+4gMTWY;T*R`Uje~%~@YEQDhCUSyxN#yz3^6-mh%by)K z-zjNs{$^_!2g8=dXYZc*pi)nxzP&n@2J{i%h0TQoiXO>fJMnEA)fd*7MXDw|JFbslev zuaCO6Tr0if!iBAcQ7?WQtW%9X^6hb%{Ub$w{W>jG#?tkfcV{y_{Z{JtEw8WWk#Xk& zS?|kcZq*VCnwvga`5&A=>$aMURC2=e<-h(`KboELz+PrietOOE`Hnhz-b-_5TGKU{O~;|j4fM*%tKK)=s_kI&=N z-@S2fVHf)*r~7Zq>RnX4dR1G66emS2UnZy##`L`Y`kKj?h2)k=G_G89VAeTjPW~;k zJ!2PtyUVt!fuT;N<+1YgvpxIu#56Vj8oyMPbyQfpiDz!FY)41+)6~xwwA4$N>6E-( zxBPv@PBZQ|Djq(DTt{XrJf1my=KaK1wKWU6erDmc`!(yY)ZH83#6(yc6{($BxDDkChhGAJUuAXGar zFWJr1vdqwzD>>W5H#IEZ*DTT{r99ZuFVHumB+V(PA}lrAFelL1q$3 z;z#jtb2DfCl*qi)f<#M~0>20kPp2GXqmYPzoHDndu<|h1{4$RSCu4mJXV*Zkvi!m< zqonL?C(B$Sz$D*7Q)i#-f@F{4z|hdi@r>f(1#ad^X(s7; z<{<$^Md2akM#lNMMv1xlCRrs0g~r8(QAH^xRVk%OW`PD=p(YiU`W`uzfxd+~0VVli zr9nXj>A~h@CO(d-$wfJaevT2L#@^xKc@f!@&oYYFdlb3_hPz~WgoGD6`6LH8x@wna zML2tu1eufvCg!6d1{-;DnIspwxaS)r7X}7oczUGxReB}+dnXkX8V3ZL zhG&+i=jwY`6eoJ>hm@vs>FVk#7#XBi1i89IW%>r>8DzVJW`yPV`I@?V=ci_w7UY$O zRvBd1dmEMq`-SCOaG3^8+#Qm0$>(P2F_8kZtYy6Cul_ZfQc-uT<=v7E&JtywhdFD6 z=Pds5du6!T^1HjE?f(`gy57e!-RL z#{TAp+L@I`DdGCYMjjz$Ma33b5$2(OQ33j8QK^Pu#(~*frMcPOKK|xjep%_o<%Xdq zMuowV7J+$5MwynT77@-)mj0Q!DH#E-sX2j@&oYYFyG53yhX*C58ip9;Ww<3q8vA61 z8alh^r{t#xWV%L$WVqzyWtm%gI_D*GCA+#?CYw4IYA1PX2P9QkRv9HnRT+dERF&oD z7rU9|hE|3bXE}!!NBES3V!$TJ!YDRGH(58mC^fM-RiPlzOR2_NL0i|bQbE@#r8ZMT zA+tWc*1(#JOIKG{!6PELEWIcwQ{T|hIn2k`wa7KpD>T?5t1Pj=#WXuHG0D%fC?Lq# zJlw39%hD^)x_axcyq<}Y>I^p~eK9KFSi>s+h51U#_U+2HVw;vr9nV;}u{zn|pZhtU z1%IP`|J9ZxX)4@l@eSKCCq}~b&9T%T~o^8dUl#hrCW&%IA@ X+q$Ayl(E;chyC8-OYa*KvyK7)*Axgd diff --git a/secrets/gitlab/secrets_secret.age b/secrets/gitlab/secrets_secret.age index e83ef26e6aaeeb806112f882655845b5cd0bb6dc..c360a86c7e8dd8cf345396559603595a13e10eab 100644 GIT binary patch delta 691 zcmcb`*26YIr`{(wH>fN%$09jUyU@Qlz|A|+$*3$iB_+(F+^;IlN8igk)TuD2*fKaY zpDQ`D$lb|X+t14+%OInqASuh=IJ_XFFd!?!q|nzgs4CF1B*~{N!qGd~kxSQ3p}06h zH#Nn`)YQ;Y!6cw6DnDHzs>;dLzew9H(=y9H$2cq`$E`RyPe0Yqpw!i{(7-D^In~J^ zNZ-iW)z83{tJu&yvCy(G$Tzek)HO0G+&dyMG$SCeI6E;aFFo1J)G@s>IK#anQoE>l z;z#lD!m5G_%b*aaTrI*rr0i7V$n>;ySEt-!6Ia*bvf(W~KR6K}Du{ zNydhO$;JT{!9}Tl#)d|@IqrqN2E`^WX36PA`W1PGRc_f_t~nV&jw#x~M)^i%nHCxD z6;&3&q2A^mg)U(grCt$LIl-RZp&^M$hEXPy&oYYFdl>p;`Rf-}nw3_X7l-8s1v(p9 z`sR2ih8kx_Mfv81q`8Kqms*x)c~?4eIs5vi2PYb2d0XTM8(6xz6L`W2+*7`R7r>FVk#82cMV2B&LRR#lXlhPkE&R+WdOxcD0xguD2L`Xm** z`lc1sr$&`Umbtt8a`8o4`mpGTt3@2~oGkZ0G4$<;ihXAu2TV(S$RMP0c*E6bcZcs& zrgtnj;GeL{BV(#l=k8VU-LD>BJZMs!@+F#?{n~EF3u{jv`8(ITR@gaU?JL#veEyil ziZ7V7cAA*vpGZ+$?{@J@b3k;(aV~>1&8Il~Cbu3}Hq)B#7_?vfj*7CDjCXDKR{w>~ e$@BT;$IMo&uFSsnnA@b>%w delta 769 zcmeBSyTvv^r@p`=y`-YRJuTO%EYh#M%*|K7AR@9VA~hmV+tjF}$k)?Jztqv$G}9#A zg3H6pxWKGD%F@fyG&D2F%Pi2SIN#4N$15+y-Q3&Vw>U4L+`YImEX2^#kxSQ3p}06h zH#Nn`)YQ;Y!6cw6DnDHz%-GjBJk{65B-hP2Ju%7I#VsU1)H298wKAom!nIJ}JlD4* zI561XGB-G#OW)l;KfKb_&(tS0socmnJ2JE)!^J7jBQeA&(#+eb!YDV)$jP|K+dai| z;z#lDY}3lDbpOiKz`SHrLq9(=j|kt&{Oq(K%gRuFe?M>Md@p_DAg6$|JVOI67Y~!X zf@BMKzZ_%7wD6$f%tG%{f(7KS-FC6U># zmA;nYg~4uqj=}zp`u-_tPNh)>WkHpm&hC~@mfB{KDNe3jVIFR|1}>TYxh@&n!Cvke zd8MW05&20T6**=V&c?Zs{sE;XE@c%(?yiB8&oYYFCsr0mWNAC4=a-u#h6GeNl{gs} zCssL?l_#5q8KwB^8)j-pRfZeo7J8U)r6pCB`WWU!gjfWJ__#)7rc_o1WaJlSCz%@i z`T9BeRwY*znYfi@gyi^wVxSVH3gF^mbIj6Z0x+d^lV}7&fN)K?ynx-E}y+O z_@@0_hsy0fQydA@810RnPx;^YhBulON|r-a5o_ z=Jbzf{_W?3bba?sxhcND#G1qT-s$Czw@-Ys4l0Z5epqK4mCG6TSTfe+(2IPll=sE} DeccoE diff --git a/secrets/ldap/details.age b/secrets/ldap/details.age index 7bebd5ea8a69c02c8072dbc32dbfb19fcf5ba327..82f2fae70df78fc2acc7ad120f06b2ac93bf31a0 100644 GIT binary patch delta 1185 zcmX@aHJfXKPQAWoplOa#YD7^{MTxUzR7qq>V5WspQ9)s#i>XhTf2Cu3RZ&)?W3EqF zHdm^CsE=1rafXMVcW|UdnRZS}N`!$yQAVy|W~ND1xk0FjnMX-!Zi(HzG-$=ny+JkN03Eowsv@_k4I9XfoX<&wz+p+kYA*+fnl)k z#E;_Ph5p{!+1Xj%!9K2$dEw5XrfCMrm1dQ0$!?xirFoIYhNUiLd4*{uMb7zL1(8)o zIcA3L$v!EDQGuZ*A(=@oLFLKj!Ij1yfjMce!A6BaB^KeuzOELN;~B-nBg!Llf-Dk~ z3f)8ei?iG+A`P7*Ba?E>938`b-8@_^(@d-Uy~0Ah^|L&=JTvw6D?&4z(|m(NT=IjG z^u3a@ld617lf!fT^1RHv%gd7uJ+vd7%Ze-}pJf!U&vrI0EKM>s$qov3%*m+q_3|}0 z$}x8F^A4zTOEJ$3$u_U_tI#(K4vxs?Dh@Hp2=vTI$#9B{@=p!PwD2i0aWOaaGS4>i zh;+^>u=LbV_A}4VvCQ*DkAc#tDktM~g@S^7f1{#A^O6jMJU=J1i0pc!(!esuzz83= zAj3S5B)6(;{XkPk$HG!4Pp&`<*Bq~+ERV9x#6V-;OkZ~+?O;pKvI1v!Q_IvyGi|Q` zpDedX7r&@vM|A5vk_<8n0u_?W(lUI?jDwQBQhXybEM1DD0>c8h>Ktm6=Np)w&E=c! z{w)B7?JK67Ufvw=ayp>SeX@WY#!?Er(c}o5ngWK2{OAr-8IV0qR28o z+$6QAJi;t5Ff`IRCDb$|)u_xk$*9!GD8RHVsmLNEGc=jYG1#>zz_TPE*f}k@EUm!O zJSjBF)u|+)!qPcAFV!Nu$fuw(*w4buA}x|jS65ddGdVvhNITQVz}PQRKPk{BB`nvX z%F9GQDabs}ImIY7EW5bg)5IjnAi~dpOY?_fveLW6K8^(;2b1b~72*qi7+C+0<=E?4 zInBE5*#q}0#|%C`ToLu?`G=;`r=?6mhmQunRBk=;lbdJCFV~D@k8UP`!tJl`;@KCkPiW9EJ zqQP$;tkCp{2y%RO{=4rTTe f+~%cqw$tM-Ei25Ik zm7|MmsF7$Uw*lHhFPhpk-xi_Q-GsOL{e~Js6~#8XIW}RabiY!fpdZ9 z#E;_Pp`lg9nPKH2!TymUzDCL65sscIuBnEJmIiJiRZh-^soI|5r3EIXCP4;VPL}?q z0cinV7RCkIsfB*UuBIV@uEj})?h(ZWUTLMymEL8(;e`c(QO3oS;~B-n-TjJF%__Z1 z41KkWBLkdrDvX`dyuC~llf6SC%>v9T%!_?WEt8!sQ!*^L^7I|OGQ!RE%aaqsT`Ti~ zJzR6jBF!^=($mfS)6C4hQzEjR6BEOeG9wKppJf!UH`dQcDlqePN%3_IHZlk)EH=}3 ziU=}vjPR_qaQAjJO$qS!NHeue_0Bfo%1$#2^mg|MOGzyDaVZS+jPNM)$`2|EDfUkC z(NDI_GBwRgt}xHY$cP9;kAc#tDktM~g+RyjO1D&h|3o*J@JjEh49|Kq!xI0Hz~EHp zT;IrGzk*CZqpYOx)CjNebgm-D^mKQh0!Qzh{HRFN0B2WUlhV}ELN^PiA`kbJa?@l( z7uRCXB!eWAe01wPk_<8n0u_8J&5}*i^9zE!3rq_fQ_FoUvNOv<0;>F+LZhk*lBzuN zOnnTsQ*vE1B8s`vLrRSdOWd_1!hH>r-Tm_tL%p({{R_(s{G3e+D)NiH6HC$p0@G5m zyvji#7p@=SWTKy+8sVSn7v>jfkmgfrt{>oUnd20Y?2%qx=@Xb*=4jyMU0Iyv$Yto9 zZJz9so|o+_P+&nkCq{t-LtUNg&y~-)su*}G@vLfH9FxS1Z#KVy*+{Gd^-Jr_PJvH6XEYjcE z-!H`6IHW4XB&x(I*ge$O%P+Vz%+tRj&BGHEOv<|HMX8C!sS17y>UH|IX>PHu3elFv zT$b)`;l`=Hr3F!uT=lxTx(cECAptHPDef*M#+CYpq3*5`juCEI#hKbgxj}AGjz(eW z$z~-v0UT-VG%KRfi*X&R3v8d=3(Oo^^cYU_@nrX^MSH7IR z^Ym7~?Y=sl6ZAtGH`vJp@gM5H<1eXWKh<3Kf7QP)cT%D@2Sm>M67~Gh{dFSyUKX)F zKD#n#6YDW8x4^u;?iTMO*UbO;VgIyPU$(QNr(dvio4uK${Vw~}&zGEKe;B^63~N15 z%F1-KB6dHgMzK?ux87yzh>WRsG!-|7)iStWDQ0G`zF5s%C)W1NKzFBr>@`EZn-QKR Qzq3tpF046ljMNU|N=+dsUfBN_lByp?7A4WrT5RR$-cXu9HuIah7kmVQ{d) z#E;_PZi!WX7LjQlnO?ct7AcOw&SAcJzF`@q<%vO|=^2%QnIR>PhJ_`GVR?aEQ6WAS z+1?qEsRad@<(1{(1>wPIZstB-`A#K~7M9uh=Al(SE`gP1Rb>{F;~B-n4P1+o3)0*o z^mDz;osE5pjlH7^yrT@G%)`Ay%N(P!+zQGK^c}U!g42Duv<(9+g40sUa>K)&jXb=) z9R0F$Qk+7)vx7^$&B6mcD}5ugioFWcqmnEppJf!UPfN_n3imG$&T^_O)z<|wNE+bdxNW-wIpYSSG7AC~oU#M*bCZHX(+ynBQhk&4(=zluQq25KwJTC8oFbBoP18)B z15JD?{rt0hxr(v^OM?n5!t>J8D*Usuf}A|e@^jqH!vge80wc@A%AA5+yaV0*vYaX$ z!6BEJt{sq{ZfxpR?j7#tmy#V6>RA*NkYVf@=u=wZ>sDfFSrwI1R#BGXVZoIgl~v&s zoEM_+m22SW6YS_2k&+l}lI-K2oR{QknV(ylXOWebUSJkzSk9%ZtE*7#l9pki9br;d z5mFZAR}fNKU}=<580hb8l9p_c?_!?eR#hLCpW@}~;hxPkON2e3<`HA>p^xHM7_{@_ zdlUZ8b*xyNf4E)5=3&^|#LLT;msd`C`!Hgb7fZ4TXJ>+`s;v5ie-8hTebZYOuOE5f z!d}(XSL>cg9PE5`*|c}la<%tYrK;Q=XRnyUp*xRN^KtB%RVx=h?T?XJ@_E_Lwi*2^ z3*WuA)lw3OoH0@TVfbEqMm{DxhA-2&?Duf_=XhmbS)00#&35T8Ci$4~=?A$ZbO7Hr BVNL)5 delta 1089 zcmcb{v5IqoPQ7`BZ=PvUNOERIa7ucWOIbvilXFtCdxS-biIGKRNx74^fxBUdzoV~H zAeUogM5M8qr?E>)V6sJsS88~6o@cm)hg(pTcSK@NcDYlYSAnUQiAR>VFPE;JLUD11 zZfc5=si~o*f=NJCRDQaGc9?07V|Z1Wg|=Ukw{ccflv}EEvWcakn^B5Sva@etVpvjD zgrP}ZKyt7JSF)K)VWxj-MM+g&cu=r^NpX;cw^weZd$5;}c4$(CWtK-+aH@wvxpr0Y z#E;_P=3aS~0old5WtAln0r^EamHB=FMHv=O!NpO2&W;fgo<80=!4_`X`RUnQnZYI5 zuG&Q*CdL^CRoUsuL8%!@VIdKQLQS+IT#Lh8(-O0cz0Fcw^^HqPEPNeJBOP72oQpgYQ%t>$azes$Tr$kF ze4>i9^E|^#Qo;*@BGb)0!b%K0k}`6A6MeHMpJf!UPt7pTb<7Pj$T2p}Gc_&B%k>Qi zGxO8;4Xr40_72f5GxvA%_KV6%%uWyGGD~&}^>8Wmh%nPPt*|f&ck@iD$O#K8@vN*c zNzL?1ba%202{1RbC^d3KkAc#tDktM~g`lK7r<`IJ%cS5!ccXB#Am@6E)Nr?qFyoA{ z;0iO(61OA|?aZQzMD0?yY_42C_v{cae;4;8?ZmvQ!lH1`2vcLnw9qtPr>u-9-;^LX zlPLGx5bY!wCo&DAd~_jYtO zE!1}psB+CQaODaM35-mR%5n}3$Wsz}co^v2qj=8B< zm6x++Mo@vVNu{H4vQucbi+^c>qe*B;W?DsXd6-{el6GQvL{v5?d?6b5@A5?b&3RH}}%% z?wo_?j%4zwJ#_vq#U}OeS=xfR*Opq9vB%A~WxS+fXxqfQ@Uc|-qMcHe$= ssh-ed25519 V1pwNA DqbnodZkTmARvGsqUcwZJ6Z6dRJw+Pc/u/OyvLUXNlI -ra9Q9EprYEJELcQi7yS/2+AvyrEDehZ2XjIE4SD3K4Q --> ssh-ed25519 4PzZog 1bLboYJt4kTh2oYIkPtBWOKyCdQQYY7Z/NMhdWRr7Bg -XYX6Sj2dfHJdVr52vy7F5SLNudmPw0l+qX4VXkxo5Zw --> ssh-ed25519 5Nd93w 1V+Zb7AmYGLbBnMLy/yEuC+vUdWq8no/X6j+7Zykbw0 -Cu9av/RkbqGfE31UO1HobDcemy0C52WYt3F3ZJuPD0c --> ssh-ed25519 q8eJgg JkrqxwHOf7vch7sa5iERrPS6GtH7SOz6vkiJZ9iejhM -G0OBTxAN1Ip3vv5loXQPejnv25tK6Xu6xNqYIBQch0Y --> ssh-ed25519 YFaxCg ZjtuzeSNBZLGykOpsyxmeRLF8GE2eIhZBhn84bN8X08 -WXQsIs4Are7WVJhkDafrMm+FwyWfWTOHR6JYUg7nzPY --> O1CHe-grease <`%L -yfN8CioGGgvdsecROJgtsRw1BVyHtPcNgKMk1bGsNry37eY0/8PIQA ---- jVQDWIOkjduvoYdMFhEl2Y8do4IsplwELZ1N1dlEv2E -3>pN0j{ҠqL;{{%OJ_ά3NR#4 \ No newline at end of file +-> ssh-ed25519 V1pwNA 9h+5sIlvMiZRhje5GhsNJ8ucXWTkB1hS+kZBRs+YGRI +lmZ2+18WMJY38Kup8jBZDpUjQ3QQIeSgLGc9QFH2w8I +-> ssh-ed25519 4PzZog 0FIpyjjXwCcpgKB6ElsShe238/4VMNRfDGngBpqVyUQ +WAAVgHorFOmtU80RVUILGaXwfxBeV4N4EliHvxOMfCE +-> ssh-ed25519 5Nd93w dHBRtX2dXZFWY9kw74x94UAGqdb1IVe7uqfn+xbTXm0 +mvhqFd7G3pSK/W8koJI+sRU5SOQJmUwYhXdj05sMs2o +-> ssh-ed25519 q8eJgg dBrod8ucXLwEWcCiQ7bL1YYrSGGYfJwHeEfGV6aKGWk +FMHX98NsY98sIpH+Hj6zy33/qqpUIJv4acejkvs3lNM +-> ssh-ed25519 YFaxCg SQRuisMOT2BDyXCdFnXMZZoqZgSlXf6/FRmbn5qPjng +bstuHuNKdKgflf0/8s7Nlbu46EwsN/mMj8VlDDJy8yE +--- PCjE0Ry7iVdFNMznpD7I+BfW6BHV5MExXgREFVAu2g0 +Џ+#f|M,˨6ZzAC~)#G[s#g@ubHt2ym \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 863ec5e..7fa8397 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -25,6 +25,7 @@ let earth = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMpvgQcvK7iAm0QrIp5qSvUJzDhOrSBN9MJn9JUSI31I root@earth"; cadie = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIACcwg27wzzFVvzuTytcnzRmCfGkhULwlHJA/3BeVtgf root@cadie"; marvin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIAme2vuVpGYX4La/JtXm3zunsWNDP+SlGmBk/pWmYkH root@marvin"; + calculon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGsmeBfh4Jw2GOL7Iyswzn4TVNzalDbxDgh7WuQotFxR root@calculon"; systems = [ agentjones @@ -41,6 +42,7 @@ let earth cadie marvin + calculon ]; dns = [ @@ -78,6 +80,10 @@ let skynet # our offical server earth + + # nix + + calculon ] # ldap servers are web facing ++ ldap diff --git a/secrets/stream_ulfm.age b/secrets/stream_ulfm.age index f54977814e3a8f646f157cc35e626f80f3a65b02..55710f0c43962c1229f1b63eda4c20c9ee22017d 100644 GIT binary patch delta 2791 zcmX>uwn1!yPQ8OQ(;8DYeim(L8wpi z#E;_P#Yw@=Md<;-rTRX`k$Jh11z`n+j!BjtM!tTLY3X56;W>$x&VE_`1;OQ986n0w z6`sKsZq8xOIprylj&4CtM#f%Yei0$2?tvM8E(KXx9@*}m7D?%o;~B-n^&^suawf@bk>evvf+1@Jvs%3^5I{j0p7hFUv~I$%@GFiL!J{ zb#@D?Pj*c%Ez8L(=h`J;V{u}}9i{Gd4;8Ofd%2tx-q+}q*XjJR;%1KAG}!7(H$4-@2vw)IEQkFx~gXSjV>Zn5!E)V{)-{Lbfj=NL$!S=+I=?3A|mW>-zBkSbP zxPHlqe8XVpTCMwt|2>be$Jt;p_NwVwCnuAO z&*pC1NgU>y(IpH2)c^V#)AVLn(dL98 zyKS34ONP|5P2N@6UnadbuEv@x3*k}nT0&8gR% z`9gM8Xx5)-^$43)`>Ru)FdnaZY`INi`?9{?C!&^uQpv)suhxE#wb@mFY}KUZS2NXl z%Jg{r2A5NZ~FA^$(T_2dV&wbCWUnC0OwQM>q?7r*VUzTfDx_+84D^Anx^OfK0L zQF7+^r01po8(ys_^_y}d!$)*(+q?P-9<4}$Pf`DNR@F~Ab1*XJ`QG-pIYoXepK)yq z{?hn2_itwS*Q8B1{MNjYa?0b~sGD&?R!6@1qV;O2*8ei{ySkTOmsk0;vPr=6AJ57w zdYO+KdM`Ny&SQDNx=NUDjacA|y&OK;k*{2<7yQw_bhTpp>rHHXH=A9YykVArhKNu0 zzWRFZv@}JJV)o-Ju1w0)kuy2t^s-On>-K#_E>yQ?uUO>(e=PE9TR|s9jYNJ|AS5()a%OqJGi&WPpzGyLSD1 z!F~dV?yP^3Ia`18yB)WEwx8F2HTUR;e?1CEc4XA|*5Bt`=o7zYk(0nj=Awg*_S4O5 z&U?P=Pd3_G{4H22x!%h-@^wP{9?>13bTffmZNcHjTZ*LD6i&!7< zJi=zCa^{)rxgmvr9xBB4{4|_Yy-RI|)5YVS zkE;#;PJXG*_Ud4L=A?a3Pi8LD-?l%{V5#KE#CMA&_g;9dq{#JPe@(Vpw#Gjbm=+3_^U`_BcT`Y0<`>jx9Mug59{YfY@lIwrLLz%J|DS(Z;9-kR!I zu;bE)_(K+~Pwp>xp-yb`eB>R;?P)w(srH5;+OSkqvN2dq+ zySte^r+qqdqxtmOXZF|6$DUe#)=b|l{kL0SMftOv^6UR6Z83evrGH5{qOOhY$BxDI zM_zjRxt7*yM^q|pa`==Y*na=)`^d9_L2Hj}sAPHI?QBt0b@JY=^{$t@`5ZiIG|k+u z{uN!QG2_7@ao<@zr)#8nmJ!F_&Q*#&Z%iCZWje}Iz3ju6m1SKI~&~GlefIV z%ue+o_hiPb=f5v*cX?Le@palKL00p|iXXRXFVs7Dr>(E=wPa*XJSHiu)#L6g-XJ!! z&U5QmwUDTowrx7yHm~0q{yUvC>HWI}rJZN4p5AO6ez)aS@-DexGGpO9WEapTqKJ z7xMaeTwhPG-!ye?$;FxZ>sKGR{IMrsvGWTt7vb7;<{imj8#F_e8hCAvJ?@L|ZFn?$ zyG^F=gP0=>s%l5tg3IOhb;hUeS#vgwt@XQC6_@i$`%CTZA{o(lCbQ2jWZf3S6y+Wu z5z{;K-u{Svlk$RC)OKi@#uka_btGQtdbw%S966OOPt?R3p4LAWU-7)pcwq&%cdYZ7 zPs?iehHgA~v*WelnPM@C$%c_zUMxQIt>*gj>vua26fNkQ>vQ5*)Yq6RyL75!7Mir_ zh1y16=K68gVU76bnHRkqr!n7Eymr#g(6d0na*fQ)w}QN?%E^LH{geZ%PcHi_CVx`& zOSg-_DVfTGC1)4pYX0`0Sua{?_9)}g&bFKzdi$^Mc~^R%@9`VXeI^YZoJH?H6j`24 zofTtg1@BAKp^?PPoDJ#6#;nn{ScNcl= zWpuQNn%(wTW9IMeg}gjpFGbZpZkPYQe>VSLM~%+g>q8e6o1C6p{%(f45Uv^V}*B589pIpf)XA-xhAl*sm_MY}=fg|zTe7DV8raN=(zFIM1C#Nkt zy-L;u{th{D_tWLjrP+Ls&U|fgG!2cDGAXWK7|B_(>)*de6E2AF**sNjMyVQWRrq;} zvaEstol2o*=8gOx-ZP)64m{vu{qE$sr~h}xGrB6TsI|$je3GiBQ><^vvfi7?BamzH zl}9N-3};QVUM;;5`fF#B-PVVDUtd<5{Z4R(->ll#lN%XcN+emUyB zluf8k=8WT=dmuP^+nJ2S(dfGkkjufJeH@aY!T)!8&@ GvpfLk*9s*7 delta 2814 zcmdlWc3f|Gbv4Lq;MQNIMh>3ef zGM9UpOK3%ur)gnOa-Nx|eolF%qpL}%cZ7D5N3y9wfnjmBqeZ2Mi$SunCzr0BLUD11 zZfc5=si~o*f=NJCRDQZba%s6?wyU{Oxp%oyWxFuxmTpg z#E;_P{wCSQxuyo?+LhUk#TlttIpu*RCi=y0#g2vg+5T?nCSk^InZ79nC4mN9Ua1lK zZsrE%9)&qhsR7C6QMsk1IYlWx`Yx^oUWVERS*8(2DaQJF1*VRZ;~B-nvrEj$hDKau}E=bD<#XyB_dQoa(aVl4VzJHlnQnpKRIhU@ku0l{sNMKY(VTxr% zaCUu>eneJUKzK=FsE@l(T2N8BduG0qTR?@rXMnGZQy|ygaF3YH-*<%Q$o_iVu()2+ ze#)+0^GrXiXW1d!*K*|I_m=H!zuyX}cNBFsyRZ#gPi*SyBT?5B8yQs39eI9m z;UXtLu8m*$=czgh-ZGOqu2r^}Vf~5&PdA6(Zjm;q|GB5#>rv(Jhp%2m#T`}qa`euh znWaZA)rF@_`G2XODfQRu-pP`|4>xMR3-MWJ_5ZH=+6&qa*9>wazWr$m_h~=VchFES z^jYJQm}OD-EcV`LK4tl!&Xeu9wfNJ1oh@&?ZR5T!4B5~#Vcn%?ewP$}FJ5LOWx{;z zq|mi<>s}sy!)!6Le%ICNc81H3j#vpR|M&SC^l`=NTMK?ZS*Es(i;ri=CWu>jtH zBV}FgyhW#cB47UNng8EaZ*J8szJSX+?sMmGq>FwMa}eQei{d}-_wHsrl+!*t$pRI$JP*|n(l3wQuZ67jwnsi z&(U!>@M7z|<-7NvnqAg#YW=qtKeyCRS>+}FZPnJhaW>0Y7u-tdu|Bs+_^FSY_j;S@QNB^Xtz3lfRgS17DoWkw=ddL-f_)1@7LDSYcCq# z_+G0i*lJ(Vu(6`)N`_V19|M7Vl{QHNW)DS6MgN^kuji{zm^8)1TKecj^;*FT?OpR?^bWJ=?mw)>B_C(}X%DUcr?kr?{b&Vm&AYafesAk9JvdR;sl3-%Yk#`) zud6%lefYdejX6DXZYI5%bttZ0P{!O{N9o$w9)uuzvZDx*3wsnX5AL{J8in< z)uae@!*?^iW^LFqSD^Uh`OPx}er=MeEH>=PUOnZWbLh-?=QT&{F4PB?88gm3x9Vzg z_3k&n4+e;y{TuZ5=Xw^Ec7z?eou(tiA-(yKTGqzrDo?jc%(YUfTc9{`o1GF< zbVuK|>vgLeq}$8$bnZMVuPffJ?F>h4;8%KgkTkGAaPDsPkH8Pe+7#XaVwO#jT{{^Cc|fjASJ%X8OS zrrF>6x@Gc%y|4byk>+-k^Ysp%xoZW=Ii zMMY85@1<|=)Kv1XBzHHY_kK8aC~V@AqryiPSFgydK6{ll!4{?K-y}9IduX;KP5Rr}gf~I=wn#pIum1XUmzw>~Gve>-^N#lRO`oN>xT#pT z)_a47=hO#?2niz?gbB3rNq;$c0DTor2lqy%WucW zZVSW=o~oHEHn(ImEjrZvI&G~D`y9vJ9J*`8mEH#2$xAFc(wwZzT>AI#kNLK2ju8jX zOrMsX^;K~G_K5Fh5!N0{?$xu+F5cEr`#f{GG<%GI*Xk?jXI_hHX}mW5#MJB`U}$>0 zP%JepCitq;y)8NNf7|pAKRX^2Z#J3l_!qf@k6A3fo|$6s@#Hn7U7c&Tx4V~w{n>bD zo#fKA%l|hqe-_!UY;3yrer529&nNyY?*4q^{I{~TIXn@`ZksnfzMhnn#wIV$Qs31S z*BN5AQ}nq2)9lhP%?U65aWS6p`>pAj{cOWDzU`~>o-n-Ym#{l`_2L~fJ*SInUv4>T zbn~_}tMRS5OwHC;ew4JVTXUel@Nme9v~z2D?g{J=oFBg`zV7GBg;zpnq|KkY?U}0Q znRh?EO788uCEnP6RNN)K*5|4?_YBqC-OIYK*YBQVnbxD(|7`OaJ3Fn5JqI%;hfKWJCSar9l%teMZ}J<>ToWp#N}%eQCgA*FK#D!xSI hOIX)M?h$Kh30jbS$M6iR^O{u$w)=+lrPs}#003xZGUxyR diff --git a/secrets/wolves/details.age b/secrets/wolves/details.age index 88a6369..ff19a49 100644 --- a/secrets/wolves/details.age +++ b/secrets/wolves/details.age @@ -1,23 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA cgA5VKQ3hp5rtso89O/MhPiHLOb782QoeLziZUeU70I -L2iCt0tsUJGLLLbezIABJvoRQMFteGqVFx6NL9cNlXU --> ssh-ed25519 4PzZog 7ze9+yot/hOqFsSK5LH8i0WLPUvC6Fi+2uGMS17lEkY -WrcC0tez5IE9zty14iBdcPQ+9AmZfVMdmSDrLVltntc --> ssh-ed25519 5Nd93w /w0wTVrmd9QZ/lojJugGFuOE4J5g7YFGBjFrnKcYhQA -CNiyiqzso5T2bqTAwhG1pmFY7SO9A5Te8BSDiiOHt/I --> ssh-ed25519 q8eJgg EoCZJYcZMdXkcJX60durhxuog/TTgHJqsUYplMCoE2Y -bCCKkvmKdQ5Kry3YBJcnPSE/dj6NJe8IUVQlT7lG9+Q --> ssh-ed25519 IzAMqA lb94hWJMJwWZbHwHRa/Fv9QsJdHqFBq5GBMWk/1xPkg -2edcY2p4ne64MkqRCvrbpWMnD7tBhwpwbVLcRx1VH0E --> ssh-ed25519 uZzB3g b6I8PBhisjX0/b5tgEAfHVqV+nRDWG2sPB+FGrz+iWc -a1mi9By/uYkB/Uyam8KZBcwogoWufD7jGwQ7A8zoi4Y --> ssh-ed25519 Hb0ipQ +MVbbtGivd/I0Sd54xFAZ0NoF0vFJFE3E/1Emalk4ww -lF573uIUJKvzpPt177h7j7jU+dBX3YE2bjoitCl0OXc --> ssh-ed25519 IzAMqA pM+865cvmhU/YQrEEiVmxMAMZqfzd8nuSBFdBYFK1S8 -mqudYwRO/KHhi4i3eeC6fMRv+q/VQn/MK5MSoRnRFTc --> B5i-grease b 9OK X;B_Gxz \ - ---- x5ul4yNubEnJfVA/vpTaKfV1eauqB8ahIEunq0G0GvY -8a!Q$ p>Zv!x{EGmCx"@/u镥(P ssh-ed25519 V1pwNA 64APjQFuCdQotU0idTNsNkQq4UurzLrI+sBfKVJeERw +0v6AqFqjTYNXd+01coluHCiNbXGoRux7xi7Xe2KJwMY +-> ssh-ed25519 4PzZog Qx/4nzBzpphw5zMU/Selzp0y2hxnuxt4riw5ZHn5/FM +LgKlXPi2C38thzhDYNI6xQlD7mF97xG+gBNKaZchuR8 +-> ssh-ed25519 5Nd93w qxvohVP435hgKa5ygKlagzB98r9Jli+alqrEck//FD8 +yCD2n/m8azvH8ivPzocnlx1JDl3VkIcz7fUIlWmXV14 +-> ssh-ed25519 q8eJgg AaxsYEyjuI/n8Cz7u40ruqB6rCwqpdgf5IKb2V3MUw4 +LH+r9sWo5ckvdl92pXPcw9QIQ85+XP1maq0a2n3SrFg +-> ssh-ed25519 IzAMqA +tU6QWR+ZPb6yw94POiSIYPr+su5CrHM9zn7XqkMoDg +CadoRJA8lpvo1hKQc0Ii2P1O6alZXEH/38H3GTVNf+c +-> ssh-ed25519 uZzB3g Yt2K67ZNN6/vLL6bvSlrfPs7vgxtS+ecF242++q1cCU +DLX5zRone3QdzVwD4Nxtpgd07wLgWs28zQEbj1Q+8B8 +-> ssh-ed25519 Hb0ipQ HADfPO++23LNnITJZIjpWOCqIJ3ZbIVBd1NvnbJqEzk +TyFj/I+a4kc8omedjAzKt0glVDbEJGkIluPClO5vFGA +-> ssh-ed25519 IzAMqA r74EwP4WbYv+CnF2Czp1xNocsF66j7y/Fbp9toufYms +zXD2vZaVTmaJtkxyBRYrn1xGf6i0K8PqFKweXQUeVa0 +--- nejIZ/IUpeIeZTR2jEbVjw574rHAeDzt7uMSIGb9rxQ +ǦK5蹓LCx՘Kp`"QU 8}` Date: Sun, 12 May 2024 04:57:26 +0100 Subject: [PATCH 329/826] fix: slight improvements --- .gitlab-ci.yml | 1 + applications/nix_cache/nix_cache.nix | 4 ++++ machines/calculon.nix | 2 +- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3ad4b00..1ee8177 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -91,6 +91,7 @@ sync_repos: before_script: - *scripts_deploy - *scripts_base + - *scripts_cache rules: - if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' changes: diff --git a/applications/nix_cache/nix_cache.nix b/applications/nix_cache/nix_cache.nix index 25061d4..96d4e2c 100644 --- a/applications/nix_cache/nix_cache.nix +++ b/applications/nix_cache/nix_cache.nix @@ -6,6 +6,10 @@ atticd-atticadm make-token --sub "admin_username" --validity "10y" --pull "*" -- # for the gitlab runner, done eyarly atticd-atticadm make-token --sub "wheatly-runner" --validity "1y" --pull "skynet-cache" --push "skynet-cache" + + +Documentation: +https://docs.attic.rs/introduction.html */ { lib, diff --git a/machines/calculon.nix b/machines/calculon.nix index c11bb38..b3ca0fa 100644 --- a/machines/calculon.nix +++ b/machines/calculon.nix @@ -28,7 +28,7 @@ in { targetPort = 22; targetUser = null; - tags = []; + tags = ["active"]; }; # it has two network devices so two From 63874105a8ebe5c1b5c68e5bea067eddab25e3d0 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 12 May 2024 05:31:01 +0100 Subject: [PATCH 330/826] fix: up the size limit for the cache --- applications/nix_cache/nix_cache.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/nix_cache/nix_cache.nix b/applications/nix_cache/nix_cache.nix index 96d4e2c..91a5ccb 100644 --- a/applications/nix_cache/nix_cache.nix +++ b/applications/nix_cache/nix_cache.nix @@ -96,7 +96,7 @@ in { services.nginx = { enable = true; group = "acme"; - clientMaxBodySize = "100m"; + clientMaxBodySize = "500m"; recommendedProxySettings = true; virtualHosts = { "${name}.skynet.ie" = { From 44a7fde53c5a080cffbb31f8c397cd0ab31d03e0 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sun, 12 May 2024 15:25:58 +0000 Subject: [PATCH 331/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 0385d34..b8365bd 100644 --- a/flake.lock +++ b/flake.lock @@ -865,11 +865,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1714957946, - "narHash": "sha256-Xo4VHqECFXEYQiqEFYMqiTzaYSBCbvhKGjvnZ5rNLSM=", + "lastModified": 1715527488, + "narHash": "sha256-Bib8TlcoDGSLTPKp75f9RqZZZpBuxH/bF8JULKwg5iA=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "6cbbab80bdffea76e3990948273e523c352dd727", + "rev": "ed4c46e81db5a7c412715d52003db7632e21a573", "type": "gitlab" }, "original": { From eee9632878b9877d3d79afed80a3ff3ec6fcfb4e Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sun, 12 May 2024 15:41:51 +0000 Subject: [PATCH 332/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index b8365bd..02ac97b 100644 --- a/flake.lock +++ b/flake.lock @@ -152,11 +152,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1713355612, - "narHash": "sha256-GXa8y/H4MtQSuuww6ioWhO1/gUjdw231tGCt5I/Dyi0=", + "lastModified": 1715528376, + "narHash": "sha256-J3VZBVxB+9H2dKE3gGBUFI7Xi1TvSD2ewzwkmnYf/78=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations%2Fpresentations", - "rev": "a4482cc61893a42e2698eb66563ce03043aa4ddc", + "rev": "d697cb7d78e93bd1d4d62b0525d779593e3699c1", "type": "gitlab" }, "original": { From 1b31b6535dc195d155038c131e4d8c1c02a5db79 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Sun, 12 May 2024 15:56:12 +0000 Subject: [PATCH 333/826] [skip ci] Updated flake for compsoc_public --- flake.lock | 84 +++++++++++++++++++++++++++++++++--------------------- 1 file changed, 51 insertions(+), 33 deletions(-) diff --git a/flake.lock b/flake.lock index 02ac97b..a7c2440 100644 --- a/flake.lock +++ b/flake.lock @@ -94,11 +94,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1695591744, - "narHash": "sha256-3gbqM5smCXV/MrEO9frmc/cJbKHFoUW/eOfFu88Dg9w=", + "lastModified": 1714337293, + "narHash": "sha256-QjAnpRT/LqcjNo/ofoAjylG4VyfWMIIMVc+KuQaJOZQ=", "owner": "silver_rust", "repo": "bfom", - "rev": "12301d7e8dca2312c2e7db9760b953458b43b076", + "rev": "664e5377329f8052fa7446c312ba29ca1025de4e", "type": "gitlab" }, "original": { @@ -152,11 +152,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1715528376, - "narHash": "sha256-J3VZBVxB+9H2dKE3gGBUFI7Xi1TvSD2ewzwkmnYf/78=", + "lastModified": 1715528953, + "narHash": "sha256-NWoCV1SauW8H/MibwAC+JWoomjpkIruGqfV/JTM1D4Q=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations%2Fpresentations", - "rev": "d697cb7d78e93bd1d4d62b0525d779593e3699c1", + "rev": "4855b0468e1e5118d11130b164b1d57a42251add", "type": "gitlab" }, "original": { @@ -353,7 +353,7 @@ }, "flake-utils_3": { "inputs": { - "systems": "systems_3" + "systems": "systems_4" }, "locked": { "lastModified": 1710146030, @@ -449,11 +449,11 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1652722411, - "narHash": "sha256-FxzNgYiH9c91hUVAntcjrqY//KOTUPP2a4e8Wyuysxg=", + "lastModified": 1713520724, + "narHash": "sha256-CO8MmVDmqZX2FovL75pu5BvwhW+Vugc7Q6ze7Hj8heI=", "owner": "nix-community", "repo": "naersk", - "rev": "94beb7a3edfeb3bcda65fa3f2ebc48ec6b40bf72", + "rev": "c5037590290c6c7dae2e42e7da1e247e54ed2d49", "type": "github" }, "original": { @@ -724,11 +724,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1652840887, - "narHash": "sha256-gEK4NNa4GwIgTZE63kt/4WTFAWRTJVSa30+h4ZjFh9U=", + "lastModified": 1714091391, + "narHash": "sha256-68n3GBvlm1MIeJXadPzQ3v8Y9sIW3zmv8gI5w5sliC8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "52dc75a4fee3fdbcb792cb6fba009876b912bfe0", + "rev": "4c86138ce486d601d956a165e2f7a0fc029a03c1", "type": "github" }, "original": { @@ -738,11 +738,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1652840887, - "narHash": "sha256-gEK4NNa4GwIgTZE63kt/4WTFAWRTJVSa30+h4ZjFh9U=", + "lastModified": 1714091391, + "narHash": "sha256-68n3GBvlm1MIeJXadPzQ3v8Y9sIW3zmv8gI5w5sliC8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "52dc75a4fee3fdbcb792cb6fba009876b912bfe0", + "rev": "4c86138ce486d601d956a165e2f7a0fc029a03c1", "type": "github" }, "original": { @@ -752,11 +752,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1691371061, - "narHash": "sha256-BxPbPVlBIoneaXIBiHd0LVzA+L4nmvFCNBU6TmQAiMM=", + "lastModified": 1715413075, + "narHash": "sha256-FCi3R1MeS5bVp0M0xTheveP6hhcCYfW/aghSTPebYL4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5068bc8fe943bde3c446326da8d0ca9c93d5a682", + "rev": "e4e7a43a9db7e22613accfeb1005cca1b2b1ee0d", "type": "github" }, "original": { @@ -1052,6 +1052,21 @@ "type": "github" } }, + "systems_11": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -1173,12 +1188,15 @@ } }, "utils": { + "inputs": { + "systems": "systems_2" + }, "locked": { - "lastModified": 1652776076, - "narHash": "sha256-gzTw/v1vj4dOVbpBSJX4J0DwUR6LIyXo7/SuuTJp1kM=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "04c1b180862888302ddfb2e3ad9eaa63afc60cf8", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -1189,7 +1207,7 @@ }, "utils_10": { "inputs": { - "systems": "systems_10" + "systems": "systems_11" }, "locked": { "lastModified": 1694529238, @@ -1207,14 +1225,14 @@ }, "utils_2": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -1240,7 +1258,7 @@ }, "utils_4": { "inputs": { - "systems": "systems_4" + "systems": "systems_5" }, "locked": { "lastModified": 1692799911, @@ -1258,7 +1276,7 @@ }, "utils_5": { "inputs": { - "systems": "systems_5" + "systems": "systems_6" }, "locked": { "lastModified": 1685518550, @@ -1276,7 +1294,7 @@ }, "utils_6": { "inputs": { - "systems": "systems_6" + "systems": "systems_7" }, "locked": { "lastModified": 1687171271, @@ -1294,7 +1312,7 @@ }, "utils_7": { "inputs": { - "systems": "systems_7" + "systems": "systems_8" }, "locked": { "lastModified": 1689068808, @@ -1312,7 +1330,7 @@ }, "utils_8": { "inputs": { - "systems": "systems_8" + "systems": "systems_9" }, "locked": { "lastModified": 1689068808, @@ -1330,7 +1348,7 @@ }, "utils_9": { "inputs": { - "systems": "systems_9" + "systems": "systems_10" }, "locked": { "lastModified": 1694529238, From 867e7a702fb60da812f5c424a9d2b40f725b5b95 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 12 May 2024 17:17:06 +0100 Subject: [PATCH 334/826] ci: only run teh repo sync when repos are actually updated --- .gitlab-ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1ee8177..a70a1ad 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -48,7 +48,6 @@ sync_repos: - chmod +x ./sync.sh - ./sync.sh rules: - - if: '$SYNC_OVERRIDE == "true"' - changes: - sync/repos.csv From 519e9072784f8ce4c330ba5a68126d91cb717839 Mon Sep 17 00:00:00 2001 From: daragh Date: Tue, 21 May 2024 02:23:10 +0100 Subject: [PATCH 335/826] Initial grafana setup --- applications/grafana.nix | 63 ++++++++++++++++++++++++++++++++++++++++ machines/_base.nix | 11 +++++++ machines/marvin.nix | 10 +++++++ 3 files changed, 84 insertions(+) create mode 100644 applications/grafana.nix diff --git a/applications/grafana.nix b/applications/grafana.nix new file mode 100644 index 0000000..cf99e11 --- /dev/null +++ b/applications/grafana.nix @@ -0,0 +1,63 @@ +{lib, ...}: +with lib; let + name = "grafana-server"; + cfg = config.server.grafana; +in { + imports = [ + ./acme.nix + ./dns.nix + ]; + + options.services.skynet.grafana = { + enable = mkEnableOption "Grafana Server"; + + host = { + ip = mkOption { + type = types.str; + }; + name = mkOption { + type = types.str; + }; + }; + + ip = mkOption { + type = types.str; + default = cfg.host.ip; + }; + + port = mkOption { + type = types.port; + default = 4444; + }; + }; + + config = { + services.grafana = { + enable = true; + domain = "grafana.skynet.ie"; + port = cfg.port; + addr = cfg.host.ip; + }; + + services.nginx.virtualHosts."${name}.skynet.ie" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/" = { + proxyPass = "https://localhost:${toString cfg.port}"; + proxyWebsockets = true; + }; + }; + + skynet_dns.records = [ + { + record = "${name}"; + r_type = "CNAME"; + value = cfg.host.name; + } + ]; + + skynet_acme.domains = [ + "${name}.skynet.ie" + ]; + }; +} diff --git a/machines/_base.nix b/machines/_base.nix index d83e75b..c3d3915 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -116,6 +116,17 @@ in { ]; }; + services.prometheus = { + exporters = { + node = { + enable = true; + # most of the collectors should be on by default + enabledCollectors = ["systemd"]; + port = 9002; + }; + }; + }; + # time on vendetta is strangely out of sync networking.timeServers = options.networking.timeServers.default ++ ["ie.pool.ntp.org"]; services.ntp.enable = true; diff --git a/machines/marvin.nix b/machines/marvin.nix index 1c4f57b..fdf59b1 100644 --- a/machines/marvin.nix +++ b/machines/marvin.nix @@ -25,6 +25,7 @@ Notes: groups_trusted = map (x: "@${x}") groups; in { imports = [ + ../applications/grafana.nix ]; deployment = { @@ -49,6 +50,15 @@ in { sudo_groups = groups; }; + services.skynet.grafana = { + enable = true; + + host = { + ip = ip_pub; + name = name; + }; + }; + skynet_dns.records = [ { record = name; From 115535c386ed1eb72c34e62c7ffb2fd0eb1abfee Mon Sep 17 00:00:00 2001 From: daragh Date: Tue, 21 May 2024 02:25:37 +0100 Subject: [PATCH 336/826] fix cfg variable --- applications/grafana.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/grafana.nix b/applications/grafana.nix index cf99e11..2c6a575 100644 --- a/applications/grafana.nix +++ b/applications/grafana.nix @@ -1,7 +1,7 @@ {lib, ...}: with lib; let name = "grafana-server"; - cfg = config.server.grafana; + cfg = config.services.skynet.grafana; in { imports = [ ./acme.nix From 70b1d6324db18d56bcd7006dd06690df0ce7448a Mon Sep 17 00:00:00 2001 From: daragh Date: Tue, 21 May 2024 02:51:15 +0100 Subject: [PATCH 337/826] rename grafana-server, move some things around --- applications/grafana.nix | 49 +++++++++++++++++++++++----------------- 1 file changed, 28 insertions(+), 21 deletions(-) diff --git a/applications/grafana.nix b/applications/grafana.nix index 2c6a575..d8679ba 100644 --- a/applications/grafana.nix +++ b/applications/grafana.nix @@ -1,14 +1,19 @@ -{lib, ...}: +{ + lib, + config, + ... +}: with lib; let - name = "grafana-server"; + name = "grafana"; cfg = config.services.skynet.grafana; + port = 4444; in { imports = [ ./acme.nix ./dns.nix ]; - options.services.skynet.grafana = { + options.services.skynet."${name}" = { enable = mkEnableOption "Grafana Server"; host = { @@ -27,27 +32,11 @@ in { port = mkOption { type = types.port; - default = 4444; + default = port; }; }; - config = { - services.grafana = { - enable = true; - domain = "grafana.skynet.ie"; - port = cfg.port; - addr = cfg.host.ip; - }; - - services.nginx.virtualHosts."${name}.skynet.ie" = { - forceSSL = true; - useACMEHost = "skynet"; - locations."/" = { - proxyPass = "https://localhost:${toString cfg.port}"; - proxyWebsockets = true; - }; - }; - + config = mkIf cfg.enable { skynet_dns.records = [ { record = "${name}"; @@ -59,5 +48,23 @@ in { skynet_acme.domains = [ "${name}.skynet.ie" ]; + + services.grafana = { + enable = true; + domain = "grafana.skynet.ie"; + port = cfg.port; + addr = cfg.host.ip; + }; + + services.nginx.virtualHosts = { + "${name}.skynet.ie" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/" = { + proxyPass = "https://localhost:${toString cfg.port}"; + proxyWebsockets = true; + }; + }; + }; }; } From 961509ddc8a16f3082581f09012c28ed93536790 Mon Sep 17 00:00:00 2001 From: daragh Date: Tue, 21 May 2024 02:57:32 +0100 Subject: [PATCH 338/826] fix: https to http --- applications/grafana.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/grafana.nix b/applications/grafana.nix index d8679ba..6eec760 100644 --- a/applications/grafana.nix +++ b/applications/grafana.nix @@ -61,7 +61,7 @@ in { forceSSL = true; useACMEHost = "skynet"; locations."/" = { - proxyPass = "https://localhost:${toString cfg.port}"; + proxyPass = "http://localhost:${toString cfg.port}"; proxyWebsockets = true; }; }; From 739529caae46cb290b2842aab14bab01fb27d264 Mon Sep 17 00:00:00 2001 From: daragh Date: Tue, 21 May 2024 03:02:37 +0100 Subject: [PATCH 339/826] change grafana to {name} everywhere* --- applications/grafana.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/applications/grafana.nix b/applications/grafana.nix index 6eec760..b120e89 100644 --- a/applications/grafana.nix +++ b/applications/grafana.nix @@ -5,7 +5,7 @@ }: with lib; let name = "grafana"; - cfg = config.services.skynet.grafana; + cfg = config.services.skynet."${name}"; port = 4444; in { imports = [ @@ -51,7 +51,7 @@ in { services.grafana = { enable = true; - domain = "grafana.skynet.ie"; + domain = "${name}.skynet.ie"; port = cfg.port; addr = cfg.host.ip; }; From 2a605151f80d36dac1910407bdfdb83597d11bae Mon Sep 17 00:00:00 2001 From: daragh Date: Tue, 21 May 2024 03:21:50 +0100 Subject: [PATCH 340/826] remove prometheus from base --- machines/_base.nix | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/machines/_base.nix b/machines/_base.nix index c3d3915..d83e75b 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -116,17 +116,6 @@ in { ]; }; - services.prometheus = { - exporters = { - node = { - enable = true; - # most of the collectors should be on by default - enabledCollectors = ["systemd"]; - port = 9002; - }; - }; - }; - # time on vendetta is strangely out of sync networking.timeServers = options.networking.timeServers.default ++ ["ie.pool.ntp.org"]; services.ntp.enable = true; From 4ce0f69fb3d18a1ea97afdf445b8b16b7afb597e Mon Sep 17 00:00:00 2001 From: daragh Date: Tue, 21 May 2024 03:40:58 +0100 Subject: [PATCH 341/826] remove redudnant options --- applications/grafana.nix | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/applications/grafana.nix b/applications/grafana.nix index b120e89..e3057d1 100644 --- a/applications/grafana.nix +++ b/applications/grafana.nix @@ -24,16 +24,6 @@ in { type = types.str; }; }; - - ip = mkOption { - type = types.str; - default = cfg.host.ip; - }; - - port = mkOption { - type = types.port; - default = port; - }; }; config = mkIf cfg.enable { @@ -52,7 +42,7 @@ in { services.grafana = { enable = true; domain = "${name}.skynet.ie"; - port = cfg.port; + port = port; addr = cfg.host.ip; }; @@ -61,7 +51,7 @@ in { forceSSL = true; useACMEHost = "skynet"; locations."/" = { - proxyPass = "http://localhost:${toString cfg.port}"; + proxyPass = "http://localhost:${toString port}"; proxyWebsockets = true; }; }; From 183f5a0e7df037e0e16cbb2f417ae7b932378157 Mon Sep 17 00:00:00 2001 From: daragh Date: Tue, 21 May 2024 06:16:35 +0100 Subject: [PATCH 342/826] Initial prometheus config Also did provision config for grafana, could be done directly but went through skynet.grafana config --- applications/grafana.nix | 32 ++++++++++++++++++ applications/prometheus.nix | 67 +++++++++++++++++++++++++++++++++++++ machines/_base.nix | 4 +++ machines/marvin.nix | 34 +++++++++++++++++++ 4 files changed, 137 insertions(+) create mode 100644 applications/prometheus.nix diff --git a/applications/grafana.nix b/applications/grafana.nix index e3057d1..fd06612 100644 --- a/applications/grafana.nix +++ b/applications/grafana.nix @@ -24,6 +24,26 @@ in { type = types.str; }; }; + + ip = mkOption { + type = types.str; + default = cfg.host.ip; + }; + + port = mkOption { + type = types.port; + default = port; + }; + + datasource = { + name = mkOption { + type = types.str; + }; + + url = mkOption { + type = types.str; + }; + }; }; config = mkIf cfg.enable { @@ -44,6 +64,18 @@ in { domain = "${name}.skynet.ie"; port = port; addr = cfg.host.ip; + + provision = { + enable = true; + datasources.settings.datasources = [ + { + name = cfg.datasource.name; + type = "Prometheus"; + url = cfg.datasource.url; + isDefault = true; + } + ]; + }; }; services.nginx.virtualHosts = { diff --git a/applications/prometheus.nix b/applications/prometheus.nix new file mode 100644 index 0000000..fcda5c9 --- /dev/null +++ b/applications/prometheus.nix @@ -0,0 +1,67 @@ +{ + lib, + config, + ... +}: +with lib; let + name = "prometheus"; + cfg = config.services.skynet."${name}"; +in { + imports = []; + + options.services.skynet."${name}" = { + server = { + enable = mkEnableOption "Prometheus Server"; + host = { + ip = mkOption { + type = types.str; + }; + + name = mkOption { + type = types.str; + }; + }; + + port = mkOption { + type = types.port; + default = 9001; + }; + }; + + collecter_port = mkOption { + type = types.port; + default = 9002; + }; + + #list of servers passed in for monitoring + servers = mkOption { + type = types.listOf types.str; + }; + }; + + config = + { + services.prometheus.exporters.node = { + enable = true; + # most collectors are on by default see docs for more options + enabledCollectors = ["systemd"]; + port = cfg.collecter_port; + }; + } + // mkIf cfg.server.enable { + services.prometheus = { + enable = true; + port = cfg.server.port; + scrapeConfigs = [ + { + job_name = "node_exporter"; + static_configs = [ + { + targets = map (server: "${server}.skynet.ie:9002") cfg.servers; + } + ]; + } + ]; + }; + }; +} diff --git a/machines/_base.nix b/machines/_base.nix index d83e75b..f46eef2 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -29,6 +29,10 @@ in { # every server will need the config to backup to ../applications/restic.nix + + # every server will be monitored for grafana + ../applications/prometheus.nix + #TODO: make sure no additional config needed for exporters ? ]; options.skynet = { diff --git a/machines/marvin.nix b/machines/marvin.nix index fdf59b1..963ff7c 100644 --- a/machines/marvin.nix +++ b/machines/marvin.nix @@ -10,6 +10,7 @@ Notes: */ { pkgs, + config, lib, nodes, ... @@ -26,6 +27,7 @@ Notes: in { imports = [ ../applications/grafana.nix + ../applications/prometheus.nix ]; deployment = { @@ -50,6 +52,32 @@ in { sudo_groups = groups; }; + services.skynet.prometheus.server = { + host = { + ip = ip_pub; + name = name; + }; + + port = 9001; + + servers = [ + "agentjones" + "cadie" + "earth" + "galatea" + "gir" + "glados" + "kitt" + "marvin" + "neuromancer" + "optimus" + "skynet" + "vendetta" + "vigil" + "wheatly" + ]; + }; + services.skynet.grafana = { enable = true; @@ -57,6 +85,12 @@ in { ip = ip_pub; name = name; }; + + # maybe just do provision config directly ? + datasource = { + name = "Prometheus"; + url = "localhost:${toString config.services.prometheus.port}"; + }; }; skynet_dns.records = [ From 4637777e5c9d5c532870a4a70b838f536bcdaa45 Mon Sep 17 00:00:00 2001 From: daragh Date: Tue, 21 May 2024 07:32:25 +0100 Subject: [PATCH 343/826] Fix servers list location --- applications/prometheus.nix | 9 ++++----- machines/marvin.nix | 2 +- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/applications/prometheus.nix b/applications/prometheus.nix index fcda5c9..c673600 100644 --- a/applications/prometheus.nix +++ b/applications/prometheus.nix @@ -26,17 +26,16 @@ in { type = types.port; default = 9001; }; + #list of servers passed in for monitoring + servers = mkOption { + type = types.listOf types.str; + }; }; collecter_port = mkOption { type = types.port; default = 9002; }; - - #list of servers passed in for monitoring - servers = mkOption { - type = types.listOf types.str; - }; }; config = diff --git a/machines/marvin.nix b/machines/marvin.nix index 963ff7c..3f25f48 100644 --- a/machines/marvin.nix +++ b/machines/marvin.nix @@ -86,7 +86,7 @@ in { name = name; }; - # maybe just do provision config directly ? + # maybe just do provision config directly ? datasource = { name = "Prometheus"; url = "localhost:${toString config.services.prometheus.port}"; From 7f5f21dc8a796ce836f01120df20f4ddf43ab142 Mon Sep 17 00:00:00 2001 From: daragh Date: Tue, 21 May 2024 07:34:28 +0100 Subject: [PATCH 344/826] Use port from cfg --- applications/prometheus.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/prometheus.nix b/applications/prometheus.nix index c673600..9ae7df8 100644 --- a/applications/prometheus.nix +++ b/applications/prometheus.nix @@ -56,7 +56,7 @@ in { job_name = "node_exporter"; static_configs = [ { - targets = map (server: "${server}.skynet.ie:9002") cfg.servers; + targets = map (server: "${server}.skynet.ie:{collecter_port}") cfg.servers; } ]; } From cf600e2dc10e08d5ef351e836db7a6d64e45b41f Mon Sep 17 00:00:00 2001 From: daragh Date: Tue, 21 May 2024 18:23:56 +0100 Subject: [PATCH 345/826] Using nodes instead of hardcoded server names Might not work probably did smnth wrong --- applications/prometheus.nix | 9 +++++---- machines/marvin.nix | 19 ++----------------- 2 files changed, 7 insertions(+), 21 deletions(-) diff --git a/applications/prometheus.nix b/applications/prometheus.nix index 9ae7df8..dbd7275 100644 --- a/applications/prometheus.nix +++ b/applications/prometheus.nix @@ -10,6 +10,11 @@ in { imports = []; options.services.skynet."${name}" = { + #list of servers passed in for monitoring + servers = mkOption { + type = types.listOf types.str; + }; + server = { enable = mkEnableOption "Prometheus Server"; host = { @@ -26,10 +31,6 @@ in { type = types.port; default = 9001; }; - #list of servers passed in for monitoring - servers = mkOption { - type = types.listOf types.str; - }; }; collecter_port = mkOption { diff --git a/machines/marvin.nix b/machines/marvin.nix index 3f25f48..12465f0 100644 --- a/machines/marvin.nix +++ b/machines/marvin.nix @@ -59,25 +59,10 @@ in { }; port = 9001; - - servers = [ - "agentjones" - "cadie" - "earth" - "galatea" - "gir" - "glados" - "kitt" - "marvin" - "neuromancer" - "optimus" - "skynet" - "vendetta" - "vigil" - "wheatly" - ]; }; + services.skynet.prometheus.servers = lib.attrsets.mapAttrsToList (server: server.name) nodes; + services.skynet.grafana = { enable = true; From be56e6b9e90e6c3ff511ac78e454a9ff49caa0bb Mon Sep 17 00:00:00 2001 From: daragh Date: Tue, 21 May 2024 18:32:37 +0100 Subject: [PATCH 346/826] Reorganise prometheus/marvin config --- machines/marvin.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/machines/marvin.nix b/machines/marvin.nix index 12465f0..f0c7a39 100644 --- a/machines/marvin.nix +++ b/machines/marvin.nix @@ -52,16 +52,19 @@ in { sudo_groups = groups; }; - services.skynet.prometheus.server = { + services.skynet.prometheus = { + servers = lib.attrsets.mapAttrsToList (server: server.name) nodes; + + server = { host = { ip = ip_pub; name = name; }; port = 9001; + }; }; - services.skynet.prometheus.servers = lib.attrsets.mapAttrsToList (server: server.name) nodes; services.skynet.grafana = { enable = true; From 82305d43ff1c941bc22294cd106ead312d7fb412 Mon Sep 17 00:00:00 2001 From: daragh Date: Tue, 21 May 2024 18:33:52 +0100 Subject: [PATCH 347/826] fmt --- machines/marvin.nix | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/machines/marvin.nix b/machines/marvin.nix index f0c7a39..0c240aa 100644 --- a/machines/marvin.nix +++ b/machines/marvin.nix @@ -53,19 +53,18 @@ in { }; services.skynet.prometheus = { - servers = lib.attrsets.mapAttrsToList (server: server.name) nodes; + servers = lib.attrsets.mapAttrsToList (server: server.name) nodes; - server = { - host = { - ip = ip_pub; - name = name; - }; + server = { + host = { + ip = ip_pub; + name = name; + }; - port = 9001; + port = 9001; }; }; - services.skynet.grafana = { enable = true; From 9b3e7265dd4e9e29a8663bfd4e5b753022012fc7 Mon Sep 17 00:00:00 2001 From: daragh Date: Wed, 22 May 2024 01:51:21 +0100 Subject: [PATCH 348/826] Added new option to specify ip and port for other nodes, fixed server.name to go through deployment.hostname --- applications/prometheus.nix | 15 +++++++++------ machines/marvin.nix | 2 -- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/applications/prometheus.nix b/applications/prometheus.nix index dbd7275..a431e1a 100644 --- a/applications/prometheus.nix +++ b/applications/prometheus.nix @@ -1,4 +1,5 @@ { + nodes, lib, config, ... @@ -10,11 +11,6 @@ in { imports = []; options.services.skynet."${name}" = { - #list of servers passed in for monitoring - servers = mkOption { - type = types.listOf types.str; - }; - server = { enable = mkEnableOption "Prometheus Server"; host = { @@ -31,6 +27,13 @@ in { type = types.port; default = 9001; }; + + other_nodes = mkOption { + type = types.listOf types.str; + description = '' + To add other nodes outside of nix, specify ip and port that server should listen to here + ''; + }; }; collecter_port = mkOption { @@ -57,7 +60,7 @@ in { job_name = "node_exporter"; static_configs = [ { - targets = map (server: "${server}.skynet.ie:{collecter_port}") cfg.servers; + targets = map (hostname: "${hostname}:${collecter_port}") lib.attrsets.mapAttrsToList (server: server.deployment.hostname) nodes ++ cfg.other_nodes; } ]; } diff --git a/machines/marvin.nix b/machines/marvin.nix index 0c240aa..191f0a5 100644 --- a/machines/marvin.nix +++ b/machines/marvin.nix @@ -53,8 +53,6 @@ in { }; services.skynet.prometheus = { - servers = lib.attrsets.mapAttrsToList (server: server.name) nodes; - server = { host = { ip = ip_pub; From ca872275712c7ea590b63dc5861ac2baafb204c0 Mon Sep 17 00:00:00 2001 From: daragh Date: Thu, 23 May 2024 01:21:02 +0100 Subject: [PATCH 349/826] remove redundant option --- applications/grafana.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/applications/grafana.nix b/applications/grafana.nix index fd06612..beb66a8 100644 --- a/applications/grafana.nix +++ b/applications/grafana.nix @@ -25,11 +25,6 @@ in { }; }; - ip = mkOption { - type = types.str; - default = cfg.host.ip; - }; - port = mkOption { type = types.port; default = port; From 113084148c209fddfedba9d3b36ad4fe2cbc091c Mon Sep 17 00:00:00 2001 From: daragh Date: Thu, 23 May 2024 01:21:29 +0100 Subject: [PATCH 350/826] Make map clearer, more parentheses --- applications/prometheus.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/prometheus.nix b/applications/prometheus.nix index a431e1a..67d1ca0 100644 --- a/applications/prometheus.nix +++ b/applications/prometheus.nix @@ -60,7 +60,7 @@ in { job_name = "node_exporter"; static_configs = [ { - targets = map (hostname: "${hostname}:${collecter_port}") lib.attrsets.mapAttrsToList (server: server.deployment.hostname) nodes ++ cfg.other_nodes; + targets = (map (hostname: "${hostname}:${collecter_port}") (lib.attrsets.mapAttrsToList (server: server.deployment.hostname)) nodes) ++ cfg.other_nodes; } ]; } From 1ea703bfa13da4bbcfa4a897ce8434c9bbb00f6a Mon Sep 17 00:00:00 2001 From: daragh Date: Thu, 23 May 2024 01:27:02 +0100 Subject: [PATCH 351/826] Removed redundant conf, rename portcollecter --- applications/prometheus.nix | 6 +++--- machines/marvin.nix | 2 -- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/applications/prometheus.nix b/applications/prometheus.nix index 67d1ca0..e4fd5e0 100644 --- a/applications/prometheus.nix +++ b/applications/prometheus.nix @@ -36,7 +36,7 @@ in { }; }; - collecter_port = mkOption { + port_collecter = mkOption { type = types.port; default = 9002; }; @@ -48,7 +48,7 @@ in { enable = true; # most collectors are on by default see docs for more options enabledCollectors = ["systemd"]; - port = cfg.collecter_port; + port = cfg.port_collecter; }; } // mkIf cfg.server.enable { @@ -60,7 +60,7 @@ in { job_name = "node_exporter"; static_configs = [ { - targets = (map (hostname: "${hostname}:${collecter_port}") (lib.attrsets.mapAttrsToList (server: server.deployment.hostname)) nodes) ++ cfg.other_nodes; + targets = (map (hostname: "${hostname}:${cfg.port_collecter}") (lib.attrsets.mapAttrsToList (server: server.deployment.hostname)) nodes) ++ cfg.other_nodes; } ]; } diff --git a/machines/marvin.nix b/machines/marvin.nix index 191f0a5..e4df5dc 100644 --- a/machines/marvin.nix +++ b/machines/marvin.nix @@ -58,8 +58,6 @@ in { ip = ip_pub; name = name; }; - - port = 9001; }; }; From 9aeb7313b47f359029b7b28e96a520615c2ef94d Mon Sep 17 00:00:00 2001 From: daragh Date: Thu, 23 May 2024 02:10:16 +0100 Subject: [PATCH 352/826] Moved grafana / prometheus to kitt --- machines/kitt.nix | 26 ++++++++++++++++++++++++++ machines/marvin.nix | 26 -------------------------- 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/machines/kitt.nix b/machines/kitt.nix index 5891571..88f383c 100644 --- a/machines/kitt.nix +++ b/machines/kitt.nix @@ -9,6 +9,7 @@ Role: LDAP Server Notes: */ { + config, pkgs, lib, nodes, @@ -25,6 +26,8 @@ in { ../applications/discord.nix ../applications/bitwarden/vaultwarden.nix ../applications/bitwarden/bitwarden_sync.nix + ../applications/grafana.nix + ../applications/prometheus.nix ]; deployment = { @@ -77,4 +80,27 @@ in { name = name; }; }; + services.skynet.prometheus = { + server = { + host = { + ip = ip_pub; + name = name; + }; + }; + }; + + services.skynet.grafana = { + enable = true; + + host = { + ip = ip_pub; + name = name; + }; + + # maybe just do provision config directly ? + datasource = { + name = "Prometheus"; + url = "localhost:${toString config.services.prometheus.port}"; + }; + }; } diff --git a/machines/marvin.nix b/machines/marvin.nix index e4df5dc..3bb6d1e 100644 --- a/machines/marvin.nix +++ b/machines/marvin.nix @@ -26,8 +26,6 @@ Notes: groups_trusted = map (x: "@${x}") groups; in { imports = [ - ../applications/grafana.nix - ../applications/prometheus.nix ]; deployment = { @@ -52,30 +50,6 @@ in { sudo_groups = groups; }; - services.skynet.prometheus = { - server = { - host = { - ip = ip_pub; - name = name; - }; - }; - }; - - services.skynet.grafana = { - enable = true; - - host = { - ip = ip_pub; - name = name; - }; - - # maybe just do provision config directly ? - datasource = { - name = "Prometheus"; - url = "localhost:${toString config.services.prometheus.port}"; - }; - }; - skynet_dns.records = [ { record = name; From fd3beade9b94c43b9a25ca0247219aaa1050a901 Mon Sep 17 00:00:00 2001 From: daragh Date: Thu, 23 May 2024 02:13:06 +0100 Subject: [PATCH 353/826] Added entry in secrets.nix for grafana --- secrets/secrets.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 7fa8397..6c865b3 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -69,6 +69,10 @@ let wheatly ]; + grafana = [ + kitt + ]; + # these need dns stuff webservers = [ @@ -150,4 +154,7 @@ in { "bitwarden/id.age".publicKeys = users ++ bitwarden; "bitwarden/secret.age".publicKeys = users ++ bitwarden; "bitwarden/details.age".publicKeys = users ++ bitwarden; + + # grafana + "grafana/pw.age".publicKeys = users++ grafana; } From 40e4fe5ac487aab5e3f2d05d63dd9633d9cad675 Mon Sep 17 00:00:00 2001 From: daragh Date: Thu, 23 May 2024 02:13:14 +0100 Subject: [PATCH 354/826] fmt --- secrets/secrets.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 6c865b3..0ba160e 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -70,7 +70,7 @@ let ]; grafana = [ - kitt + kitt ]; # these need dns stuff @@ -156,5 +156,5 @@ in { "bitwarden/details.age".publicKeys = users ++ bitwarden; # grafana - "grafana/pw.age".publicKeys = users++ grafana; + "grafana/pw.age".publicKeys = users ++ grafana; } From 23f77caef60dc506217631b99975d83e0af31301 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 23 May 2024 02:39:36 +0100 Subject: [PATCH 355/826] feat: setup the password for grafana --- applications/grafana.nix | 4 ++++ secrets/grafana/pw.age | 13 +++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 secrets/grafana/pw.age diff --git a/applications/grafana.nix b/applications/grafana.nix index beb66a8..84af996 100644 --- a/applications/grafana.nix +++ b/applications/grafana.nix @@ -54,12 +54,16 @@ in { "${name}.skynet.ie" ]; + age.secrets.grafana_pw.file = ../secrets/grafana/pw.age; + services.grafana = { enable = true; domain = "${name}.skynet.ie"; port = port; addr = cfg.host.ip; + settings.security.admin_password = "$__file{${config.age.secrets.grafana_pw.path}}"; + provision = { enable = true; datasources.settings.datasources = [ diff --git a/secrets/grafana/pw.age b/secrets/grafana/pw.age new file mode 100644 index 0000000..6a01432 --- /dev/null +++ b/secrets/grafana/pw.age @@ -0,0 +1,13 @@ +age-encryption.org/v1 +-> ssh-ed25519 V1pwNA ly/9CnXtgQlXTbKcK+gD+v0Ck7rmGtNrA/S9XfBdg3s +6skVNVJTgCf/EWlDbH6urfr4CUibVH/N+HcfIYPkzTo +-> ssh-ed25519 4PzZog 7+Fc9ec8zvlKP6VGKJa3MRN6p9bUrA07/BlL8rSnp3w +YgALG1b8QOmMqWuqr9iVxAal9cWFf8me0KT1Mg0onko +-> ssh-ed25519 5Nd93w /lx/evI9jsXzHMxXYQMoavWucTMiGMXwxACpjXYFZlU +nVWhQydOO8eaTYcR66u1MeH/glmwTDJnJM0I9tXUvV0 +-> ssh-ed25519 q8eJgg wYOxbUUXrTgY9XkUz02qtW8TaYJfNej9VBdwvfUWrT8 +/47DLKQGt1M3fJWDHo2Eg2ij4jCGd17ieYZ8gA/uYjY +-> ssh-ed25519 IzAMqA FfUA/kyLBOFIHFUO+PSsdTwaRjGvfsq7OTMXYo7/WjM +jEn8y+mncrOPmDzvsK90X2D/m8ZxmuIL8H0h27YP3hM +--- ibLXLaT49j/Mb8CwbcL+Gjwy5GJ5YDX31JQFqfOIXRw +ag9 aYҍ䔁GADgi^UaFY@4> *?Ʉ5F-8 \ No newline at end of file From 061453e5d19b1bdc0f95a4c29b6f159661963600 Mon Sep 17 00:00:00 2001 From: daragh Date: Thu, 23 May 2024 02:44:39 +0100 Subject: [PATCH 356/826] remove dead code --- applications/grafana.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/applications/grafana.nix b/applications/grafana.nix index 84af996..ca13ff4 100644 --- a/applications/grafana.nix +++ b/applications/grafana.nix @@ -25,11 +25,6 @@ in { }; }; - port = mkOption { - type = types.port; - default = port; - }; - datasource = { name = mkOption { type = types.str; From 03ae1c5101558dfefea4fd21f079ce1e15bf4484 Mon Sep 17 00:00:00 2001 From: daragh Date: Thu, 23 May 2024 02:57:10 +0100 Subject: [PATCH 357/826] Remove config from marvin --- machines/marvin.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/machines/marvin.nix b/machines/marvin.nix index 3bb6d1e..1c4f57b 100644 --- a/machines/marvin.nix +++ b/machines/marvin.nix @@ -10,7 +10,6 @@ Notes: */ { pkgs, - config, lib, nodes, ... From 0f75f119184c6fc351b4369471a260d2df9b58ce Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 23 May 2024 04:07:07 +0100 Subject: [PATCH 358/826] fix: this was blocking teh web interface --- applications/grafana.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/applications/grafana.nix b/applications/grafana.nix index ca13ff4..6d27d40 100644 --- a/applications/grafana.nix +++ b/applications/grafana.nix @@ -55,7 +55,6 @@ in { enable = true; domain = "${name}.skynet.ie"; port = port; - addr = cfg.host.ip; settings.security.admin_password = "$__file{${config.age.secrets.grafana_pw.path}}"; From aba1a41d4df2a598dc4f672f3bfe84f0dd43bd86 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 23 May 2024 04:07:19 +0100 Subject: [PATCH 359/826] fix: file permissions --- applications/grafana.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/applications/grafana.nix b/applications/grafana.nix index 6d27d40..a1c67b7 100644 --- a/applications/grafana.nix +++ b/applications/grafana.nix @@ -49,7 +49,11 @@ in { "${name}.skynet.ie" ]; - age.secrets.grafana_pw.file = ../secrets/grafana/pw.age; + age.secrets.grafana_pw = { + file = ../secrets/grafana/pw.age; + owner = "grafana"; + group = "grafana"; + }; services.grafana = { enable = true; From 62ead11aada617e5ce98b5c0313ee4a8949e0dae Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 23 May 2024 04:07:37 +0100 Subject: [PATCH 360/826] fix: have to actually enable it --- machines/kitt.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/machines/kitt.nix b/machines/kitt.nix index 88f383c..04d450c 100644 --- a/machines/kitt.nix +++ b/machines/kitt.nix @@ -82,6 +82,7 @@ in { }; services.skynet.prometheus = { server = { + enable = true; host = { ip = ip_pub; name = name; From 15271c1d09b73270b446f27fe92bb5a9d8403dcf Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 23 May 2024 04:08:50 +0100 Subject: [PATCH 361/826] fix: this does need a default --- applications/prometheus.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/applications/prometheus.nix b/applications/prometheus.nix index e4fd5e0..207863b 100644 --- a/applications/prometheus.nix +++ b/applications/prometheus.nix @@ -30,6 +30,7 @@ in { other_nodes = mkOption { type = types.listOf types.str; + default = []; description = '' To add other nodes outside of nix, specify ip and port that server should listen to here ''; From b8c6e153a4f124fc88b43e7da7b1e84d54c6757f Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 23 May 2024 04:10:15 +0100 Subject: [PATCH 362/826] fix: set the type of protocol --- machines/kitt.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/kitt.nix b/machines/kitt.nix index 04d450c..6d8eca5 100644 --- a/machines/kitt.nix +++ b/machines/kitt.nix @@ -101,7 +101,7 @@ in { # maybe just do provision config directly ? datasource = { name = "Prometheus"; - url = "localhost:${toString config.services.prometheus.port}"; + url = "http://localhost:${toString config.services.skynet.prometheus.server.port}"; }; }; } From 9148963c1f6d3ee6569d084737247450d0863b70 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 23 May 2024 04:20:44 +0100 Subject: [PATCH 363/826] fix: final set of changes to get it working --- applications/grafana.nix | 3 ++- applications/prometheus.nix | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/applications/grafana.nix b/applications/grafana.nix index a1c67b7..4e42f81 100644 --- a/applications/grafana.nix +++ b/applications/grafana.nix @@ -67,9 +67,10 @@ in { datasources.settings.datasources = [ { name = cfg.datasource.name; - type = "Prometheus"; + type = "prometheus"; url = cfg.datasource.url; isDefault = true; + editable = true; } ]; }; diff --git a/applications/prometheus.nix b/applications/prometheus.nix index 207863b..7c53f77 100644 --- a/applications/prometheus.nix +++ b/applications/prometheus.nix @@ -61,7 +61,7 @@ in { job_name = "node_exporter"; static_configs = [ { - targets = (map (hostname: "${hostname}:${cfg.port_collecter}") (lib.attrsets.mapAttrsToList (server: server.deployment.hostname)) nodes) ++ cfg.other_nodes; + targets = (lib.attrsets.mapAttrsToList (key: value: "${value.config.deployment.targetHost}:${toString cfg.port_collecter}") nodes) ++ cfg.server.other_nodes; } ]; } From 963a189bcbaa93177df7c6bf21d6b4730d4b7a63 Mon Sep 17 00:00:00 2001 From: daragh Date: Thu, 23 May 2024 04:34:19 +0100 Subject: [PATCH 364/826] Removed provision config away from kitt --- applications/grafana.nix | 4 ++-- machines/kitt.nix | 6 ------ 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/applications/grafana.nix b/applications/grafana.nix index 4e42f81..be8e948 100644 --- a/applications/grafana.nix +++ b/applications/grafana.nix @@ -66,9 +66,9 @@ in { enable = true; datasources.settings.datasources = [ { - name = cfg.datasource.name; + name = "Prometheus"; type = "prometheus"; - url = cfg.datasource.url; + url = "http://localhost:${toString config.services.skynet.prometheus.server.port}"; isDefault = true; editable = true; } diff --git a/machines/kitt.nix b/machines/kitt.nix index 6d8eca5..f036fe0 100644 --- a/machines/kitt.nix +++ b/machines/kitt.nix @@ -97,11 +97,5 @@ in { ip = ip_pub; name = name; }; - - # maybe just do provision config directly ? - datasource = { - name = "Prometheus"; - url = "http://localhost:${toString config.services.skynet.prometheus.server.port}"; - }; }; } From 147bd86ad56dbd9363eea6a6b95f17092cd48ac0 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 23 May 2024 21:48:23 +0100 Subject: [PATCH 365/826] fix: get the attributes merging correctly --- applications/prometheus.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/applications/prometheus.nix b/applications/prometheus.nix index 7c53f77..cd0dfcc 100644 --- a/applications/prometheus.nix +++ b/applications/prometheus.nix @@ -43,7 +43,7 @@ in { }; }; - config = + config = mkMerge [ { services.prometheus.exporters.node = { enable = true; @@ -52,7 +52,7 @@ in { port = cfg.port_collecter; }; } - // mkIf cfg.server.enable { + (mkIf cfg.server.enable { services.prometheus = { enable = true; port = cfg.server.port; @@ -67,5 +67,6 @@ in { } ]; }; - }; + }) + ]; } From f7dd90e92ba331a40c03f7bfc25a7888da5324ca Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 23 May 2024 22:04:15 +0100 Subject: [PATCH 366/826] fix: needed to open teh ports to be able to get the data --- applications/prometheus.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/applications/prometheus.nix b/applications/prometheus.nix index cd0dfcc..76281e3 100644 --- a/applications/prometheus.nix +++ b/applications/prometheus.nix @@ -51,6 +51,9 @@ in { enabledCollectors = ["systemd"]; port = cfg.port_collecter; }; + + # make sure the port is open + networking.firewall.allowedTCPPorts = [cfg.port_collecter]; } (mkIf cfg.server.enable { services.prometheus = { From 889bb0dab6cb03db010e4aebce3bdcde70778ea0 Mon Sep 17 00:00:00 2001 From: daragh Date: Thu, 23 May 2024 22:34:02 +0100 Subject: [PATCH 367/826] doc: added link to node exporter options --- applications/prometheus.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/prometheus.nix b/applications/prometheus.nix index 76281e3..eb15c48 100644 --- a/applications/prometheus.nix +++ b/applications/prometheus.nix @@ -47,7 +47,7 @@ in { { services.prometheus.exporters.node = { enable = true; - # most collectors are on by default see docs for more options + # most collectors are on by default see https://github.com/prometheus/node_exporter for more options enabledCollectors = ["systemd"]; port = cfg.port_collecter; }; From c0816ccce43bbe6b18ac6e43787c1f5e23f30bb9 Mon Sep 17 00:00:00 2001 From: daragh Date: Thu, 23 May 2024 22:35:31 +0100 Subject: [PATCH 368/826] remove todo --- machines/_base.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/machines/_base.nix b/machines/_base.nix index f46eef2..63acbb5 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -32,7 +32,6 @@ in { # every server will be monitored for grafana ../applications/prometheus.nix - #TODO: make sure no additional config needed for exporters ? ]; options.skynet = { From 44750155f159c46fadaf90bdc4f199ec85c5a41b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 24 May 2024 00:00:44 +0100 Subject: [PATCH 369/826] fix: use teh hostnames for these --- machines/earth.nix | 2 +- machines/skynet.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/machines/earth.nix b/machines/earth.nix index e8c2f9d..a6915be 100644 --- a/machines/earth.nix +++ b/machines/earth.nix @@ -24,7 +24,7 @@ in { ]; deployment = { - targetHost = ip_pub; + targetHost = hostname; targetPort = 22; targetUser = null; diff --git a/machines/skynet.nix b/machines/skynet.nix index ee8ea13..4acaf6f 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -27,7 +27,7 @@ in { ]; deployment = { - targetHost = ip_pub; + targetHost = hostname; targetPort = 22; targetUser = null; From b545c623d261274602f5759df54f4ae0111cc723 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 24 May 2024 00:30:25 +0100 Subject: [PATCH 370/826] fix: use teh hostnames for these (missed this one) --- machines/calculon.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/calculon.nix b/machines/calculon.nix index b3ca0fa..87b7a60 100644 --- a/machines/calculon.nix +++ b/machines/calculon.nix @@ -24,7 +24,7 @@ in { ]; deployment = { - targetHost = ip_pub; + targetHost = hostname; targetPort = 22; targetUser = null; From f55d23e82108b9acea956d779439deea5390c915 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 24 May 2024 15:55:12 +0100 Subject: [PATCH 371/826] fix: regex was not quite working --- applications/skynet.ie.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix index 02c2f7a..ee4059b 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -83,7 +83,7 @@ in { }; # this redirects old links to new format - "~* ~(?[a-z_0-9]*)(?\\S+)$" = { + "~* ~(?[a-z_0-9]*)(?.*)$" = { priority = 1; return = "307 https://$username.users.skynet.ie$files"; }; From e7e5d554b27f11078f29f68d70eb70bb38e9b14b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 24 May 2024 16:13:49 +0100 Subject: [PATCH 372/826] fix: regex was not quite working 2 Previous version had a + instead of * + means to match one or more * means to match 0 or more --- applications/skynet.ie.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix index ee4059b..6390b79 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -83,7 +83,7 @@ in { }; # this redirects old links to new format - "~* ~(?[a-z_0-9]*)(?.*)$" = { + "~* ~(?[a-z_0-9]*)(?\\S*)$" = { priority = 1; return = "307 https://$username.users.skynet.ie$files"; }; From a6b070a9718f666c644b18905aab32549c9c3874 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 27 May 2024 11:31:37 +0100 Subject: [PATCH 373/826] fix: nginx upload limit increased --- applications/gitlab.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/applications/gitlab.nix b/applications/gitlab.nix index 36b2aae..ebb2dd7 100644 --- a/applications/gitlab.nix +++ b/applications/gitlab.nix @@ -160,7 +160,12 @@ in { "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = { forceSSL = true; useACMEHost = "skynet"; - locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; + locations."/" = { + proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; + extraConfig = '' + client_max_body_size 1000M; + ''; + }; }; # pages From c71b3571cea00c40140eebd189618dc8c3628757 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 27 May 2024 22:26:03 +0000 Subject: [PATCH 374/826] [skip ci] Updated flake for skynet_website_renew --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index a7c2440..e7aee8a 100644 --- a/flake.lock +++ b/flake.lock @@ -992,11 +992,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1707152932, - "narHash": "sha256-Dd4bvrWVoPME1OT998f3PBx/kDlC3spmr22snU0CRC0=", + "lastModified": 1716848712, + "narHash": "sha256-0QOzHlYyuCxrsL4A+u5zW9BoV0pvmqDB681BVTxoD3c=", "owner": "compsoc1%2Fskynet", "repo": "website%2Falumni-renew", - "rev": "43a17dd41708e6a3b0360f2f95a14c67560467c4", + "rev": "054b04f46285ef80a3d059253f1ed9e607b6fd46", "type": "gitlab" }, "original": { From 9eafd6f53eef528df8854a4cad6636907ebbf682 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 30 May 2024 13:04:44 +0100 Subject: [PATCH 375/826] feat: use hockeypuck instead of sks --- applications/open_governance/keyserver.nix | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/applications/open_governance/keyserver.nix b/applications/open_governance/keyserver.nix index 8629e33..be682d4 100644 --- a/applications/open_governance/keyserver.nix +++ b/applications/open_governance/keyserver.nix @@ -41,9 +41,21 @@ in { } ]; - services.sks = { + services.hockeypuck = { enable = true; - hkpPort = port; + port = port; + }; + + # hockeypuck needs a database backend + services.postgresql = { + enable = true; + ensureDatabases = ["hockeypuck"]; + ensureUsers = [ + { + name = "hockeypuck"; + ensureDBOwnership = true; + } + ]; }; services.nginx.virtualHosts = { From 75f0a17fcbcd34ca8d50c9c5e5bfa4f33b1e6c69 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 30 May 2024 13:12:37 +0100 Subject: [PATCH 376/826] feat: use calutron as the public services server --- applications/skynet.ie.nix | 6 ------ flake.nix | 2 +- machines/calculon.nix | 20 ++++++++++++++------ 3 files changed, 15 insertions(+), 13 deletions(-) diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix index 6390b79..9b64594 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -11,8 +11,6 @@ in { imports = [ ./acme.nix ./dns.nix - ./open_governance/open_governance.nix - ./open_governance/keyserver.nix ]; options.services.skynet = { @@ -64,10 +62,6 @@ in { } ]; - services.skynet.open-governance.host = cfg.host; - services.skynet.keyserver.host = cfg.host; - - networking.firewall.allowedTCPPorts = [80 443]; services.nginx = { enable = true; group = "acme"; diff --git a/flake.nix b/flake.nix index 714096b..173639a 100644 --- a/flake.nix +++ b/flake.nix @@ -165,7 +165,7 @@ # trainee server marvin = import ./machines/marvin.nix; - # nix cache server + # Public Services calculon = import ./machines/calculon.nix; }; }; diff --git a/machines/calculon.nix b/machines/calculon.nix index 87b7a60..0557968 100644 --- a/machines/calculon.nix +++ b/machines/calculon.nix @@ -1,11 +1,11 @@ /* -Name: -Why: Speed everything up +Name: https://futurama.fandom.com/wiki/Calculon +Why: Public Service server Type: VM Hardware: - From: 2024 -Role: Nix Cache +Role: Public services such as Nix Cache, Open governance stuff. Notes: */ { @@ -18,9 +18,16 @@ Notes: name = "calculon"; ip_pub = "193.1.99.82"; hostname = "${name}.skynet.ie"; + + host = { + ip = ip_pub; + name = name; + }; in { imports = [ ../applications/nix_cache/nix_cache.nix + ../applications/open_governance/open_governance.nix + ../applications/open_governance/keyserver.nix ]; deployment = { @@ -46,8 +53,9 @@ in { } ]; - services.skynet.nix-cache.host = { - ip = ip_pub; - name = name; + services.skynet = { + nix-cache.host = host; + open-governance.host = host; + keyserver.host = host; }; } From 023b491d89055db8bee4f2f1d3682a44b9f6e6eb Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 30 May 2024 13:25:52 +0100 Subject: [PATCH 377/826] feat: standardise dns to using ``services.skynet."${name}";`` format --- applications/bitwarden/vaultwarden.nix | 2 +- applications/dns.nix | 91 +++++++++---------- applications/email.nix | 2 +- applications/games.nix | 2 +- applications/games/minecraft.nix | 2 +- applications/gitlab.nix | 2 +- applications/grafana.nix | 2 +- applications/ldap/backend.nix | 2 +- applications/ldap/server.nix | 2 +- applications/nextcloud.nix | 2 +- applications/nix_cache/nix_cache.nix | 2 +- applications/open_governance/keyserver.nix | 2 +- .../open_governance/open_governance.nix | 2 +- applications/skynet.ie.nix | 2 +- applications/skynet_users.nix | 2 +- applications/ulfm.nix | 2 +- machines/agentjones.nix | 2 +- machines/cadie.nix | 2 +- machines/calculon.nix | 2 +- machines/earth.nix | 2 +- machines/galatea.nix | 2 +- machines/gir.nix | 2 +- machines/glados.nix | 2 +- machines/kitt.nix | 2 +- machines/marvin.nix | 2 +- machines/neuromancer.nix | 2 +- machines/optimus.nix | 2 +- machines/retired/ash.nix | 2 +- machines/skynet.nix | 2 +- machines/vendetta.nix | 2 +- machines/vigil.nix | 2 +- machines/wheatly.nix | 2 +- 32 files changed, 76 insertions(+), 77 deletions(-) diff --git a/applications/bitwarden/vaultwarden.nix b/applications/bitwarden/vaultwarden.nix index 3e0c84e..1ae912c 100644 --- a/applications/bitwarden/vaultwarden.nix +++ b/applications/bitwarden/vaultwarden.nix @@ -39,7 +39,7 @@ in { domain ]; - skynet_dns.records = [ + services.skynet.dns.records = [ { record = domain_sub; r_type = "CNAME"; diff --git a/applications/dns.nix b/applications/dns.nix index 6b7bc6b..5af8b46 100644 --- a/applications/dns.nix +++ b/applications/dns.nix @@ -5,7 +5,8 @@ nodes, ... }: let - cfg = config.skynet_dns; + name = "dns"; + cfg = config.services.skynet."${name}"; # reads that date to a string (will need to be fixed in 2038) current_date = lib.readFile "${pkgs.runCommand "timestamp" {} "echo -n `date +%s` > $out"}"; @@ -245,10 +246,10 @@ ++ builtins.concatLists ( lib.attrsets.mapAttrsToList ( key: value: let - details_server = value.config.skynet_dns.server; - details_records = value.config.skynet_dns.records; + details_server = value.config.services.skynet."${name}".server; + details_records = value.config.services.skynet."${name}".records; in - if builtins.hasAttr "skynet_dns" value.config + if builtins.hasAttr "dns" value.config.services.skynet then ( # got to handle habing a dns record for the dns serves themselves. @@ -294,51 +295,49 @@ in { ../config/dns.nix ]; - options = { - skynet_dns = { - server = { - enable = lib.mkEnableOption { - default = false; - description = "Skynet DNS server"; - type = lib.types.bool; - }; - - primary = lib.mkOption { - type = lib.types.bool; - default = false; - }; - - ip = lib.mkOption { - type = lib.types.str; - description = '' - ip of this server - ''; - }; + options.services.skynet."${name}" = { + server = { + enable = lib.mkEnableOption { + default = false; + description = "Skynet DNS server"; + type = lib.types.bool; }; - # mirrorred in ../config/dns.nix - records = lib.mkOption { - description = "Records, sorted based on therir type"; - type = with lib.types; - listOf (submodule { - options = { - record = lib.mkOption { - type = str; - }; - r_type = lib.mkOption { - type = enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"]; - }; - value = lib.mkOption { - type = str; - }; - server = lib.mkOption { - description = "Core record for a server"; - type = bool; - default = false; - }; + primary = lib.mkOption { + type = lib.types.bool; + default = false; + }; + + ip = lib.mkOption { + type = lib.types.str; + description = '' + ip of this server + ''; + }; + }; + + # mirrorred in ../config/dns.nix + records = lib.mkOption { + description = "Records, sorted based on therir type"; + type = with lib.types; + listOf (submodule { + options = { + record = lib.mkOption { + type = str; }; - }); - }; + r_type = lib.mkOption { + type = enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"]; + }; + value = lib.mkOption { + type = str; + }; + server = lib.mkOption { + description = "Core record for a server"; + type = bool; + default = false; + }; + }; + }); }; }; diff --git a/applications/email.nix b/applications/email.nix index 82e9e7f..8831d14 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -285,7 +285,7 @@ in { }; # set up dns record for it - skynet_dns.records = [ + services.skynet.dns.records = [ # basic one { record = "mail"; diff --git a/applications/games.nix b/applications/games.nix index 1c35588..f112ed1 100644 --- a/applications/games.nix +++ b/applications/games.nix @@ -46,7 +46,7 @@ in { }; config = mkIf cfg.enable { - skynet_dns.records = [ + services.skynet.dns.records = [ # need a base domain { record = cfg.domain.sub; diff --git a/applications/games/minecraft.nix b/applications/games/minecraft.nix index 5d51620..3f64108 100644 --- a/applications/games/minecraft.nix +++ b/applications/games/minecraft.nix @@ -62,7 +62,7 @@ in { "*.${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" ]; - skynet_dns.records = [ + services.skynet.dns.records = [ # the minecraft (web) config server { record = "config.${cfg.domain.sub}"; diff --git a/applications/gitlab.nix b/applications/gitlab.nix index ebb2dd7..fc15cd0 100644 --- a/applications/gitlab.nix +++ b/applications/gitlab.nix @@ -106,7 +106,7 @@ in { ]; # using https://nixos.org/manual/nixos/stable/index.html#module-services-gitlab as a guide - skynet_dns.records = [ + services.skynet.dns.records = [ { record = cfg.domain.sub; r_type = "A"; diff --git a/applications/grafana.nix b/applications/grafana.nix index be8e948..11efcfe 100644 --- a/applications/grafana.nix +++ b/applications/grafana.nix @@ -37,7 +37,7 @@ in { }; config = mkIf cfg.enable { - skynet_dns.records = [ + services.skynet.dns.records = [ { record = "${name}"; r_type = "CNAME"; diff --git a/applications/ldap/backend.nix b/applications/ldap/backend.nix index 929404e..c5630f4 100644 --- a/applications/ldap/backend.nix +++ b/applications/ldap/backend.nix @@ -60,7 +60,7 @@ in { "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" ]; - skynet_dns.records = [ + services.skynet.dns.records = [ { record = cfg.domain.sub; r_type = "CNAME"; diff --git a/applications/ldap/server.nix b/applications/ldap/server.nix index 107c3f9..d531cae 100644 --- a/applications/ldap/server.nix +++ b/applications/ldap/server.nix @@ -83,7 +83,7 @@ in { domain ]; - skynet_dns.records = [ + services.skynet.dns.records = [ { record = cfg.domain.sub; r_type = "CNAME"; diff --git a/applications/nextcloud.nix b/applications/nextcloud.nix index a915980..5ed9c9e 100644 --- a/applications/nextcloud.nix +++ b/applications/nextcloud.nix @@ -59,7 +59,7 @@ in { "onlyoffice.${domain}" ]; - skynet_dns.records = [ + services.skynet.dns.records = [ { record = cfg.domain.sub; r_type = "CNAME"; diff --git a/applications/nix_cache/nix_cache.nix b/applications/nix_cache/nix_cache.nix index 91a5ccb..fd6ae5f 100644 --- a/applications/nix_cache/nix_cache.nix +++ b/applications/nix_cache/nix_cache.nix @@ -44,7 +44,7 @@ in { "${name}.skynet.ie" ]; - skynet_dns.records = [ + services.skynet.dns.records = [ { record = "${name}"; r_type = "CNAME"; diff --git a/applications/open_governance/keyserver.nix b/applications/open_governance/keyserver.nix index be682d4..e86c314 100644 --- a/applications/open_governance/keyserver.nix +++ b/applications/open_governance/keyserver.nix @@ -33,7 +33,7 @@ in { "${name}.skynet.ie" ]; - skynet_dns.records = [ + services.skynet.dns.records = [ { record = "${name}"; r_type = "CNAME"; diff --git a/applications/open_governance/open_governance.nix b/applications/open_governance/open_governance.nix index 263488c..dab1a8d 100644 --- a/applications/open_governance/open_governance.nix +++ b/applications/open_governance/open_governance.nix @@ -35,7 +35,7 @@ in { "${name}.skynet.ie" ]; - skynet_dns.records = [ + services.skynet.dns.records = [ { record = "${name}"; r_type = "CNAME"; diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix index 9b64594..6e7c542 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -33,7 +33,7 @@ in { "renew.skynet.ie" ]; - skynet_dns.records = [ + services.skynet.dns.records = [ # means root domain, so skynet.ie { record = "@"; diff --git a/applications/skynet_users.nix b/applications/skynet_users.nix index ac9112f..1b37c36 100644 --- a/applications/skynet_users.nix +++ b/applications/skynet_users.nix @@ -43,7 +43,7 @@ in { "*.users.skynet.ie" ]; - skynet_dns.records = [ + services.skynet.dns.records = [ { record = "users"; r_type = "CNAME"; diff --git a/applications/ulfm.nix b/applications/ulfm.nix index 36329f9..18e0ddd 100644 --- a/applications/ulfm.nix +++ b/applications/ulfm.nix @@ -57,7 +57,7 @@ in { "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" ]; - skynet_dns.records = [ + services.skynet.dns.records = [ { record = cfg.domain.sub; r_type = "CNAME"; diff --git a/machines/agentjones.nix b/machines/agentjones.nix index 161b001..0c36db7 100644 --- a/machines/agentjones.nix +++ b/machines/agentjones.nix @@ -31,7 +31,7 @@ in { tags = ["active-firewall"]; }; - skynet_dns.records = [ + services.skynet.dns.records = [ { record = name; r_type = "A"; diff --git a/machines/cadie.nix b/machines/cadie.nix index ae21be3..73c6bf6 100644 --- a/machines/cadie.nix +++ b/machines/cadie.nix @@ -31,7 +31,7 @@ in { tags = ["active"]; }; - skynet_dns.records = [ + services.skynet.dns.records = [ { record = name; r_type = "A"; diff --git a/machines/calculon.nix b/machines/calculon.nix index 0557968..556b605 100644 --- a/machines/calculon.nix +++ b/machines/calculon.nix @@ -39,7 +39,7 @@ in { }; # it has two network devices so two - skynet_dns.records = [ + services.skynet.dns.records = [ { record = name; r_type = "A"; diff --git a/machines/earth.nix b/machines/earth.nix index a6915be..16dd17c 100644 --- a/machines/earth.nix +++ b/machines/earth.nix @@ -32,7 +32,7 @@ in { }; # it has two network devices so two - skynet_dns.records = [ + services.skynet.dns.records = [ { record = name; r_type = "A"; diff --git a/machines/galatea.nix b/machines/galatea.nix index f82217c..e2c2574 100644 --- a/machines/galatea.nix +++ b/machines/galatea.nix @@ -32,7 +32,7 @@ in { tags = ["active"]; }; - skynet_dns.records = [ + services.skynet.dns.records = [ { record = name; r_type = "A"; diff --git a/machines/gir.nix b/machines/gir.nix index ebb17e2..eaf1d17 100644 --- a/machines/gir.nix +++ b/machines/gir.nix @@ -33,7 +33,7 @@ in { }; # add this server to dns - skynet_dns.records = [ + services.skynet.dns.records = [ { record = name; r_type = "A"; diff --git a/machines/glados.nix b/machines/glados.nix index d1e7d2c..0b9a530 100644 --- a/machines/glados.nix +++ b/machines/glados.nix @@ -32,7 +32,7 @@ in { tags = ["active-gitlab"]; }; - skynet_dns.records = [ + services.skynet.dns.records = [ { record = name; r_type = "A"; diff --git a/machines/kitt.nix b/machines/kitt.nix index f036fe0..b5c6c5e 100644 --- a/machines/kitt.nix +++ b/machines/kitt.nix @@ -39,7 +39,7 @@ in { }; # add this server to dns - skynet_dns.records = [ + services.skynet.dns.records = [ { record = name; r_type = "A"; diff --git a/machines/marvin.nix b/machines/marvin.nix index 1c4f57b..1f16c70 100644 --- a/machines/marvin.nix +++ b/machines/marvin.nix @@ -49,7 +49,7 @@ in { sudo_groups = groups; }; - skynet_dns.records = [ + services.skynet.dns.records = [ { record = name; r_type = "A"; diff --git a/machines/neuromancer.nix b/machines/neuromancer.nix index 660f618..4dc819f 100644 --- a/machines/neuromancer.nix +++ b/machines/neuromancer.nix @@ -44,7 +44,7 @@ in { tags = ["active-core"]; }; - skynet_dns.records = [ + services.skynet.dns.records = [ { record = name; r_type = "A"; diff --git a/machines/optimus.nix b/machines/optimus.nix index 095c55c..c5290cb 100644 --- a/machines/optimus.nix +++ b/machines/optimus.nix @@ -32,7 +32,7 @@ in { tags = ["active"]; }; - skynet_dns.records = [ + services.skynet.dns.records = [ { record = name; r_type = "A"; diff --git a/machines/retired/ash.nix b/machines/retired/ash.nix index ca2384b..b16fc39 100644 --- a/machines/retired/ash.nix +++ b/machines/retired/ash.nix @@ -39,7 +39,7 @@ in { "ip daddr ${ip_pub} udp dport 51820 counter packets 0 bytes 0 accept" ]; - skynet_dns.records = { + services.skynet.dns.records = { external = [ "${name} A ${ip_pub}" ]; diff --git a/machines/skynet.nix b/machines/skynet.nix index 4acaf6f..4cd0f05 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -35,7 +35,7 @@ in { tags = ["active-ext"]; }; - skynet_dns.records = [ + services.skynet.dns.records = [ { record = name; r_type = "A"; diff --git a/machines/vendetta.nix b/machines/vendetta.nix index 73effa3..0305baf 100644 --- a/machines/vendetta.nix +++ b/machines/vendetta.nix @@ -52,7 +52,7 @@ in { }; }; - skynet_dns = { + services.skynet.dns = { server = { enable = true; # primary dns server (ns1) diff --git a/machines/vigil.nix b/machines/vigil.nix index e3c811c..0bda7ad 100644 --- a/machines/vigil.nix +++ b/machines/vigil.nix @@ -36,7 +36,7 @@ in { }; }; - skynet_dns = { + services.skynet.dns = { server = { enable = true; # secondary dns server (ns2) diff --git a/machines/wheatly.nix b/machines/wheatly.nix index 02eabce..6b16cbc 100644 --- a/machines/wheatly.nix +++ b/machines/wheatly.nix @@ -31,7 +31,7 @@ in { tags = ["active-gitlab"]; }; - skynet_dns.records = [ + services.skynet.dns.records = [ { record = name; r_type = "A"; From 449ada5cec0ddfa618220671c2cec62845cfad38 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 30 May 2024 13:34:59 +0100 Subject: [PATCH 378/826] feat: standardise acme to using ``services.skynet."${name}";`` format --- applications/acme.nix | 20 +++++++++---------- applications/bitwarden/vaultwarden.nix | 2 +- applications/games.nix | 2 +- applications/games/minecraft.nix | 2 +- applications/gitlab.nix | 2 +- applications/grafana.nix | 2 +- applications/ldap/backend.nix | 2 +- applications/ldap/server.nix | 2 +- applications/nextcloud.nix | 2 +- applications/nix_cache/nix_cache.nix | 2 +- applications/open_governance/keyserver.nix | 2 +- .../open_governance/open_governance.nix | 2 +- applications/skynet.ie.nix | 2 +- applications/skynet_users.nix | 2 +- applications/ulfm.nix | 2 +- 15 files changed, 24 insertions(+), 24 deletions(-) diff --git a/applications/acme.nix b/applications/acme.nix index b4761f7..e4aec7a 100644 --- a/applications/acme.nix +++ b/applications/acme.nix @@ -5,21 +5,21 @@ ... }: with lib; let - cfg = config.skynet_acme; + name = "acme"; + cfg = config.services.skynet."${name}"; in { imports = []; - options = { - skynet_acme = { - domains = lib.mkOption { - default = []; - type = lib.types.listOf lib.types.str; - description = '' - A list of domains to use for this server. - ''; - }; + options.services.skynet."${name}" = { + domains = lib.mkOption { + default = []; + type = lib.types.listOf lib.types.str; + description = '' + A list of domains to use for this server. + ''; }; }; + config = { # group that will own the certificates users.groups.acme = {}; diff --git a/applications/bitwarden/vaultwarden.nix b/applications/bitwarden/vaultwarden.nix index 1ae912c..c4ab5a2 100644 --- a/applications/bitwarden/vaultwarden.nix +++ b/applications/bitwarden/vaultwarden.nix @@ -35,7 +35,7 @@ in { #backups = [ "/etc/silver_ul_ical/database.db" ]; # Website config - skynet_acme.domains = [ + services.skynet.acme.domains = [ domain ]; diff --git a/applications/games.nix b/applications/games.nix index f112ed1..7ab1511 100644 --- a/applications/games.nix +++ b/applications/games.nix @@ -55,7 +55,7 @@ in { } ]; - skynet_acme.domains = [ + services.skynet.acme.domains = [ "${cfg.domain.sub}.skynet.ie" ]; diff --git a/applications/games/minecraft.nix b/applications/games/minecraft.nix index 3f64108..9768b64 100644 --- a/applications/games/minecraft.nix +++ b/applications/games/minecraft.nix @@ -57,7 +57,7 @@ in { "ip daddr ${cfg.host.ip} tcp dport 25565 counter packets 0 bytes 0 accept" ]; - skynet_acme.domains = [ + services.skynet.acme.domains = [ "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" "*.${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" ]; diff --git a/applications/gitlab.nix b/applications/gitlab.nix index fc15cd0..355d4cf 100644 --- a/applications/gitlab.nix +++ b/applications/gitlab.nix @@ -99,7 +99,7 @@ in { group = cfg.user; }; - skynet_acme.domains = [ + services.skynet.acme.domains = [ "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" # Lets Encrypt seems to have a 4 levels limit for certs "*.pages.${cfg.domain.base}.${cfg.domain.tld}" diff --git a/applications/grafana.nix b/applications/grafana.nix index 11efcfe..a7f4e00 100644 --- a/applications/grafana.nix +++ b/applications/grafana.nix @@ -45,7 +45,7 @@ in { } ]; - skynet_acme.domains = [ + services.skynet.acme.domains = [ "${name}.skynet.ie" ]; diff --git a/applications/ldap/backend.nix b/applications/ldap/backend.nix index c5630f4..d94a61a 100644 --- a/applications/ldap/backend.nix +++ b/applications/ldap/backend.nix @@ -56,7 +56,7 @@ in { age.secrets.ldap_mail.file = ../../secrets/email/details.age; age.secrets.ldap_wolves.file = ../../secrets/wolves/details.age; - skynet_acme.domains = [ + services.skynet.acme.domains = [ "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" ]; diff --git a/applications/ldap/server.nix b/applications/ldap/server.nix index d531cae..e54c7e5 100644 --- a/applications/ldap/server.nix +++ b/applications/ldap/server.nix @@ -79,7 +79,7 @@ in { group = "openldap"; }; - skynet_acme.domains = [ + services.skynet.acme.domains = [ domain ]; diff --git a/applications/nextcloud.nix b/applications/nextcloud.nix index 5ed9c9e..ae23a05 100644 --- a/applications/nextcloud.nix +++ b/applications/nextcloud.nix @@ -54,7 +54,7 @@ in { group = "nextcloud"; }; - skynet_acme.domains = [ + services.skynet.acme.domains = [ domain "onlyoffice.${domain}" ]; diff --git a/applications/nix_cache/nix_cache.nix b/applications/nix_cache/nix_cache.nix index fd6ae5f..3f4802d 100644 --- a/applications/nix_cache/nix_cache.nix +++ b/applications/nix_cache/nix_cache.nix @@ -40,7 +40,7 @@ in { }; config = { - skynet_acme.domains = [ + services.skynet.acme.domains = [ "${name}.skynet.ie" ]; diff --git a/applications/open_governance/keyserver.nix b/applications/open_governance/keyserver.nix index e86c314..56c9441 100644 --- a/applications/open_governance/keyserver.nix +++ b/applications/open_governance/keyserver.nix @@ -29,7 +29,7 @@ in { }; config = { - skynet_acme.domains = [ + services.skynet.acme.domains = [ "${name}.skynet.ie" ]; diff --git a/applications/open_governance/open_governance.nix b/applications/open_governance/open_governance.nix index dab1a8d..c855f30 100644 --- a/applications/open_governance/open_governance.nix +++ b/applications/open_governance/open_governance.nix @@ -31,7 +31,7 @@ in { }; config = { - skynet_acme.domains = [ + services.skynet.acme.domains = [ "${name}.skynet.ie" ]; diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix index 6e7c542..63eae7a 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -25,7 +25,7 @@ in { }; config = { - skynet_acme.domains = [ + services.skynet.acme.domains = [ # the root one is already covered by teh certificate "2016.skynet.ie" "discord.skynet.ie" diff --git a/applications/skynet_users.nix b/applications/skynet_users.nix index 1b37c36..8e0b98f 100644 --- a/applications/skynet_users.nix +++ b/applications/skynet_users.nix @@ -38,7 +38,7 @@ in { }; # Website config - skynet_acme.domains = [ + services.skynet.acme.domains = [ "users.skynet.ie" "*.users.skynet.ie" ]; diff --git a/applications/ulfm.nix b/applications/ulfm.nix index 18e0ddd..d3073a4 100644 --- a/applications/ulfm.nix +++ b/applications/ulfm.nix @@ -53,7 +53,7 @@ in { 8000 ]; - skynet_acme.domains = [ + services.skynet.acme.domains = [ "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" ]; From 73a941979880a2d3efa447eaf6fb849ef51818c1 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 30 May 2024 13:39:12 +0100 Subject: [PATCH 379/826] fix: small nginx cleanup --- applications/nix_cache/nix_cache.nix | 3 --- applications/skynet.ie.nix | 3 --- applications/ulfm.nix | 3 --- 3 files changed, 9 deletions(-) diff --git a/applications/nix_cache/nix_cache.nix b/applications/nix_cache/nix_cache.nix index 3f4802d..88fe408 100644 --- a/applications/nix_cache/nix_cache.nix +++ b/applications/nix_cache/nix_cache.nix @@ -94,10 +94,7 @@ in { networking.firewall.allowedTCPPorts = [80 443]; services.nginx = { - enable = true; - group = "acme"; clientMaxBodySize = "500m"; - recommendedProxySettings = true; virtualHosts = { "${name}.skynet.ie" = { forceSSL = true; diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix index 63eae7a..37dfe0d 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -63,9 +63,6 @@ in { ]; services.nginx = { - enable = true; - group = "acme"; - virtualHosts = { # main site "skynet.ie" = { diff --git a/applications/ulfm.nix b/applications/ulfm.nix index d3073a4..4cf88ad 100644 --- a/applications/ulfm.nix +++ b/applications/ulfm.nix @@ -94,9 +94,6 @@ in { }; services.nginx = { - enable = true; - group = "acme"; - virtualHosts = { "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = { forceSSL = true; From e156b4ecafeeb1fd4e79514ad998ec1b79c54f53 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 30 May 2024 13:56:40 +0100 Subject: [PATCH 380/826] feat: standardise restic (backups) to using ``services.skynet."${name}";`` format --- applications/dns.nix | 2 +- applications/email.nix | 2 +- applications/restic.nix | 9 +++++---- machines/agentjones.nix | 2 +- machines/cadie.nix | 2 +- machines/earth.nix | 2 +- machines/galatea.nix | 2 +- machines/gir.nix | 2 +- machines/glados.nix | 2 +- machines/kitt.nix | 2 +- machines/marvin.nix | 2 +- machines/neuromancer.nix | 2 +- machines/optimus.nix | 2 +- machines/skynet.nix | 2 +- machines/vendetta.nix | 2 +- machines/vigil.nix | 2 +- machines/wheatly.nix | 2 +- 17 files changed, 21 insertions(+), 20 deletions(-) diff --git a/applications/dns.nix b/applications/dns.nix index 5af8b46..a3e8a8b 100644 --- a/applications/dns.nix +++ b/applications/dns.nix @@ -342,7 +342,7 @@ in { }; config = lib.mkIf cfg.server.enable { - # services.skynet_backup.normal.backups = ["/etc/skynet/dns"]; + # services.skynet.backup.normal.backups = ["/etc/skynet/dns"]; # open the firewall for this skynet_firewall.forward = [ diff --git a/applications/email.nix b/applications/email.nix index 8831d14..d60e65f 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -198,7 +198,7 @@ in { }; config = mkIf cfg.enable { - services.skynet_backup.normal.backups = [ + services.skynet.backup.normal.backups = [ "/var/vmail" "/var/dkim" ]; diff --git a/applications/restic.nix b/applications/restic.nix index 4d6a277..09365c6 100644 --- a/applications/restic.nix +++ b/applications/restic.nix @@ -7,7 +7,8 @@ ... }: with lib; let - cfg = config.services.skynet_backup; + name = "backup"; + cfg = config.services.skynet."${name}"; enable_client = cfg.normal.backups != null && cfg.normal.backups != []; @@ -37,11 +38,11 @@ with lib; let ownServers = builtins.listToAttrs (builtins.concatLists ( lib.attrsets.mapAttrsToList ( key: value: let - backup = value.config.services.skynet_backup; + backup = value.config.services.skynet.backup; in if ( - (builtins.hasAttr "skynet_backup" value.config.services) + (builtins.hasAttr "backup" value.config.services.skynet) && backup.server.enable && backup.host.name != cfg.host.name && !backup.server.appendOnly @@ -85,7 +86,7 @@ in { # using https://github.com/greaka/ops/blob/818be4c4dea9129abe0f086d738df4cb0bb38288/apps/restic/options.nix as a base # https://git.hrnz.li/Ulli/nixos/src/commit/5edca2dfdab3ce52208e4dfd2b92951e500f8418/profiles/server/restic.nix # will eb enabled on every server - options.services.skynet_backup = { + options.services.skynet."${name}" = { # backup is enabled by default # enable = mkEnableOption "Skynet backup"; diff --git a/machines/agentjones.nix b/machines/agentjones.nix index 0c36db7..5748b53 100644 --- a/machines/agentjones.nix +++ b/machines/agentjones.nix @@ -45,7 +45,7 @@ in { } ]; - services.skynet_backup = { + services.skynet.backup = { host = { ip = ip_pub; name = name; diff --git a/machines/cadie.nix b/machines/cadie.nix index 73c6bf6..c9a8ed0 100644 --- a/machines/cadie.nix +++ b/machines/cadie.nix @@ -45,7 +45,7 @@ in { } ]; - services.skynet_backup = { + services.skynet.backup = { host = { ip = ip_pub; name = name; diff --git a/machines/earth.nix b/machines/earth.nix index 16dd17c..534ffcd 100644 --- a/machines/earth.nix +++ b/machines/earth.nix @@ -46,7 +46,7 @@ in { } ]; - services.skynet_backup = { + services.skynet.backup = { host = { ip = ip_pub; name = name; diff --git a/machines/galatea.nix b/machines/galatea.nix index e2c2574..3df97b5 100644 --- a/machines/galatea.nix +++ b/machines/galatea.nix @@ -46,7 +46,7 @@ in { } ]; - services.skynet_backup = { + services.skynet.backup = { host = { ip = ip_pub; name = name; diff --git a/machines/gir.nix b/machines/gir.nix index eaf1d17..c3dfb44 100644 --- a/machines/gir.nix +++ b/machines/gir.nix @@ -47,7 +47,7 @@ in { } ]; - services.skynet_backup = { + services.skynet.backup = { host = { ip = ip_pub; name = name; diff --git a/machines/glados.nix b/machines/glados.nix index 0b9a530..a6aa5dd 100644 --- a/machines/glados.nix +++ b/machines/glados.nix @@ -46,7 +46,7 @@ in { } ]; - services.skynet_backup = { + services.skynet.backup = { host = { ip = ip_pub; name = name; diff --git a/machines/kitt.nix b/machines/kitt.nix index b5c6c5e..4c39703 100644 --- a/machines/kitt.nix +++ b/machines/kitt.nix @@ -53,7 +53,7 @@ in { } ]; - services.skynet_backup = { + services.skynet.backup = { host = { ip = ip_pub; name = name; diff --git a/machines/marvin.nix b/machines/marvin.nix index 1f16c70..e44332f 100644 --- a/machines/marvin.nix +++ b/machines/marvin.nix @@ -63,7 +63,7 @@ in { } ]; - services.skynet_backup = { + services.skynet.backup = { host = { ip = ip_pub; name = name; diff --git a/machines/neuromancer.nix b/machines/neuromancer.nix index 4dc819f..323e859 100644 --- a/machines/neuromancer.nix +++ b/machines/neuromancer.nix @@ -58,7 +58,7 @@ in { } ]; - services.skynet_backup = { + services.skynet.backup = { server.enable = true; host = { ip = ip_pub; diff --git a/machines/optimus.nix b/machines/optimus.nix index c5290cb..3f44061 100644 --- a/machines/optimus.nix +++ b/machines/optimus.nix @@ -46,7 +46,7 @@ in { } ]; - services.skynet_backup = { + services.skynet.backup = { host = { ip = ip_pub; name = name; diff --git a/machines/skynet.nix b/machines/skynet.nix index 4cd0f05..5f1cb63 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -49,7 +49,7 @@ in { } ]; - services.skynet_backup.host = { + services.skynet.backup.host = { ip = ip_pub; name = name; }; diff --git a/machines/vendetta.nix b/machines/vendetta.nix index 0305baf..702b724 100644 --- a/machines/vendetta.nix +++ b/machines/vendetta.nix @@ -45,7 +45,7 @@ in { ]; }; - services.skynet_backup = { + services.skynet.backup = { host = { ip = ip_pub; name = name; diff --git a/machines/vigil.nix b/machines/vigil.nix index 0bda7ad..66abfb4 100644 --- a/machines/vigil.nix +++ b/machines/vigil.nix @@ -29,7 +29,7 @@ in { tags = ["active-dns" "dns"]; }; - services.skynet_backup = { + services.skynet.backup = { host = { ip = ip_pub; name = name; diff --git a/machines/wheatly.nix b/machines/wheatly.nix index 6b16cbc..835e0ac 100644 --- a/machines/wheatly.nix +++ b/machines/wheatly.nix @@ -45,7 +45,7 @@ in { } ]; - services.skynet_backup = { + services.skynet.backup = { host = { ip = ip_pub; name = name; From 54b43c9962dec9663c56b05aab72fff1e7788cea Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 30 May 2024 14:11:45 +0100 Subject: [PATCH 381/826] feat: use a host attribute to make the config less verbose/complex --- machines/agentjones.nix | 9 +++++---- machines/cadie.nix | 14 ++++++-------- machines/earth.nix | 14 ++++++-------- machines/galatea.nix | 14 ++++++-------- machines/gir.nix | 15 ++++++--------- machines/glados.nix | 14 ++++++-------- machines/kitt.nix | 30 +++++++++--------------------- machines/marvin.nix | 9 +++++---- machines/neuromancer.nix | 9 +++++---- machines/optimus.nix | 14 ++++++-------- machines/skynet.nix | 14 ++++++-------- machines/vendetta.nix | 9 +++++---- machines/vigil.nix | 9 +++++---- machines/wheatly.nix | 9 +++++---- 14 files changed, 81 insertions(+), 102 deletions(-) diff --git a/machines/agentjones.nix b/machines/agentjones.nix index 5748b53..ee05feb 100644 --- a/machines/agentjones.nix +++ b/machines/agentjones.nix @@ -17,6 +17,10 @@ Notes: Used to have Agent Smith as a partner but it died (Ironically) name = "agentjones"; ip_pub = "193.1.99.72"; hostname = "${name}.skynet.ie"; + host = { + ip = ip_pub; + name = name; + }; in { imports = [ ./hardware/RM001.nix @@ -46,10 +50,7 @@ in { ]; services.skynet.backup = { - host = { - ip = ip_pub; - name = name; - }; + host = host; }; # keep the wired usb connection alive (front panel) diff --git a/machines/cadie.nix b/machines/cadie.nix index c9a8ed0..acc6810 100644 --- a/machines/cadie.nix +++ b/machines/cadie.nix @@ -18,6 +18,10 @@ Notes: name = "cadie"; ip_pub = "193.1.99.77"; hostname = "${name}.skynet.ie"; + host = { + ip = ip_pub; + name = name; + }; in { imports = [ ../applications/nextcloud.nix @@ -46,18 +50,12 @@ in { ]; services.skynet.backup = { - host = { - ip = ip_pub; - name = name; - }; + host = host; }; services.skynet_nextcloud = { enable = true; - host = { - ip = ip_pub; - name = name; - }; + host = host; }; # this was causing a conflict for some reason diff --git a/machines/earth.nix b/machines/earth.nix index 534ffcd..9cfefd2 100644 --- a/machines/earth.nix +++ b/machines/earth.nix @@ -18,6 +18,10 @@ Notes: name = "earth"; ip_pub = "193.1.99.79"; hostname = "${name}.skynet.ie"; + host = { + ip = ip_pub; + name = name; + }; in { imports = [ ../applications/skynet.ie.nix @@ -47,16 +51,10 @@ in { ]; services.skynet.backup = { - host = { - ip = ip_pub; - name = name; - }; + host = host; }; services.skynet = { - host = { - ip = ip_pub; - name = name; - }; + host = host; }; } diff --git a/machines/galatea.nix b/machines/galatea.nix index 3df97b5..8c842af 100644 --- a/machines/galatea.nix +++ b/machines/galatea.nix @@ -19,6 +19,10 @@ Notes: name = "galatea"; ip_pub = "193.1.99.111"; hostname = "${name}.skynet.ie"; + host = { + ip = ip_pub; + name = name; + }; in { imports = [ ../applications/ulfm.nix @@ -47,17 +51,11 @@ in { ]; services.skynet.backup = { - host = { - ip = ip_pub; - name = name; - }; + host = host; }; services.skynet_ulfm = { enable = true; - host = { - ip = ip_pub; - name = name; - }; + host = host; }; } diff --git a/machines/gir.nix b/machines/gir.nix index c3dfb44..3121a19 100644 --- a/machines/gir.nix +++ b/machines/gir.nix @@ -18,7 +18,10 @@ Notes: name = "gir"; ip_pub = "193.1.99.76"; hostname = "${name}.skynet.ie"; - #hostname = ip_pub; + host = { + ip = ip_pub; + name = name; + }; in { imports = [ ../applications/email.nix @@ -48,19 +51,13 @@ in { ]; services.skynet.backup = { - host = { - ip = ip_pub; - name = name; - }; + host = host; }; # we use this to pass in teh relevent infomation to the services.skynet_email = { enable = true; - host = { - ip = ip_pub; - name = name; - }; + host = host; domain = "skynet.ie"; }; } diff --git a/machines/glados.nix b/machines/glados.nix index a6aa5dd..a28e836 100644 --- a/machines/glados.nix +++ b/machines/glados.nix @@ -19,6 +19,10 @@ Notes: Each user has roughly 20gb os storage name = "glados"; ip_pub = "193.1.99.75"; hostname = "${name}.skynet.ie"; + host = { + ip = ip_pub; + name = name; + }; in { imports = [ ../applications/gitlab.nix @@ -47,17 +51,11 @@ in { ]; services.skynet.backup = { - host = { - ip = ip_pub; - name = name; - }; + host = host; }; services.skynet_gitlab = { enable = true; - host = { - ip = ip_pub; - name = name; - }; + host = host; }; } diff --git a/machines/kitt.nix b/machines/kitt.nix index 4c39703..6b8dd7c 100644 --- a/machines/kitt.nix +++ b/machines/kitt.nix @@ -19,7 +19,10 @@ Notes: name = "kitt"; ip_pub = "193.1.99.74"; hostname = "${name}.skynet.ie"; - #hostname = ip_pub; + host = { + ip = ip_pub; + name = name; + }; in { imports = [ ../applications/ldap/server.nix @@ -54,18 +57,12 @@ in { ]; services.skynet.backup = { - host = { - ip = ip_pub; - name = name; - }; + host = host; }; services.skynet_ldap = { enable = true; - host = { - ip = ip_pub; - name = name; - }; + host = host; }; services.discord_bot = { @@ -75,27 +72,18 @@ in { services.skynet_vaultwarden = { enable = true; - host = { - ip = ip_pub; - name = name; - }; + host = host; }; services.skynet.prometheus = { server = { enable = true; - host = { - ip = ip_pub; - name = name; - }; + host = host; }; }; services.skynet.grafana = { enable = true; - host = { - ip = ip_pub; - name = name; - }; + host = host; }; } diff --git a/machines/marvin.nix b/machines/marvin.nix index e44332f..1be7d49 100644 --- a/machines/marvin.nix +++ b/machines/marvin.nix @@ -17,6 +17,10 @@ Notes: name = "marvin"; ip_pub = "193.1.99.81"; hostname = "${name}.skynet.ie"; + host = { + ip = ip_pub; + name = name; + }; groups = [ "skynet-admins-linux" @@ -64,10 +68,7 @@ in { ]; services.skynet.backup = { - host = { - ip = ip_pub; - name = name; - }; + host = host; }; # Put test services below this diff --git a/machines/neuromancer.nix b/machines/neuromancer.nix index 323e859..255c503 100644 --- a/machines/neuromancer.nix +++ b/machines/neuromancer.nix @@ -18,6 +18,10 @@ Notes: name = "neuromancer"; ip_pub = "193.1.99.80"; hostname = "${name}.skynet.ie"; + host = { + ip = ip_pub; + name = name; + }; in { imports = [ ./hardware/RM007.nix @@ -60,9 +64,6 @@ in { services.skynet.backup = { server.enable = true; - host = { - ip = ip_pub; - name = name; - }; + host = host; }; } diff --git a/machines/optimus.nix b/machines/optimus.nix index 3f44061..0e7a1f6 100644 --- a/machines/optimus.nix +++ b/machines/optimus.nix @@ -19,6 +19,10 @@ Notes: name = "optimus"; ip_pub = "193.1.99.112"; hostname = "${name}.skynet.ie"; + host = { + ip = ip_pub; + name = name; + }; in { imports = [ ../applications/games.nix @@ -47,17 +51,11 @@ in { ]; services.skynet.backup = { - host = { - ip = ip_pub; - name = name; - }; + host = host; }; services.skynet_games = { enable = true; - host = { - ip = ip_pub; - name = name; - }; + host = host; }; } diff --git a/machines/skynet.nix b/machines/skynet.nix index 5f1cb63..435bbc5 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -21,6 +21,10 @@ Notes: Does not host offical sites # for internal network connectivity ip_int = "193.1.99.82"; hostname = "${name}.skynet.ie"; + host = { + ip = ip_pub; + name = name; + }; in { imports = [ ../applications/skynet_users.nix @@ -49,15 +53,9 @@ in { } ]; - services.skynet.backup.host = { - ip = ip_pub; - name = name; - }; + services.skynet.backup.host = host; services.skynet_users = { - host = { - ip = ip_pub; - name = name; - }; + host = host; }; } diff --git a/machines/vendetta.nix b/machines/vendetta.nix index 702b724..c46c988 100644 --- a/machines/vendetta.nix +++ b/machines/vendetta.nix @@ -18,6 +18,10 @@ Notes: Using the server that used to be called Earth name = "vendetta"; ip_pub = "193.1.99.120"; hostname = "${name}.skynet.ie"; + host = { + ip = ip_pub; + name = name; + }; in { imports = [ ./hardware/RM002.nix @@ -46,10 +50,7 @@ in { }; services.skynet.backup = { - host = { - ip = ip_pub; - name = name; - }; + host = host; }; services.skynet.dns = { diff --git a/machines/vigil.nix b/machines/vigil.nix index 66abfb4..7885aa4 100644 --- a/machines/vigil.nix +++ b/machines/vigil.nix @@ -17,6 +17,10 @@ Notes: name = "vigil"; ip_pub = "193.1.99.109"; hostname = "${name}.skynet.ie"; + host = { + ip = ip_pub; + name = name; + }; in { imports = [ ]; @@ -30,10 +34,7 @@ in { }; services.skynet.backup = { - host = { - ip = ip_pub; - name = name; - }; + host = host; }; services.skynet.dns = { diff --git a/machines/wheatly.nix b/machines/wheatly.nix index 835e0ac..3e6f339 100644 --- a/machines/wheatly.nix +++ b/machines/wheatly.nix @@ -18,6 +18,10 @@ Notes: name = "wheatly"; ip_pub = "193.1.99.78"; hostname = "${name}.skynet.ie"; + host = { + ip = ip_pub; + name = name; + }; in { imports = [ ../applications/gitlab_runner.nix @@ -46,10 +50,7 @@ in { ]; services.skynet.backup = { - host = { - ip = ip_pub; - name = name; - }; + host = host; }; services.skynet_gitlab_runner = { From f8c7860eb5920d4c960c0fd085c307072c31a449 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 30 May 2024 14:59:20 +0100 Subject: [PATCH 382/826] feat: standardise all services to using ``services.skynet."${name}";`` format --- applications/bitwarden/vaultwarden.nix | 5 +++-- applications/discord.nix | 6 ++++-- applications/email.nix | 5 +++-- applications/games.nix | 7 ++++--- applications/games/minecraft.nix | 5 +++-- applications/gitlab.nix | 7 ++++--- applications/gitlab_runner.nix | 5 +++-- applications/ldap/backend.nix | 6 ++++-- applications/ldap/client.nix | 7 ++++--- applications/ldap/server.nix | 7 ++++--- applications/nextcloud.nix | 7 ++++--- applications/skynet.ie.nix | 5 +++-- applications/skynet_users.nix | 9 +++++---- applications/ulfm.nix | 5 +++-- machines/_base.nix | 2 +- machines/cadie.nix | 2 +- machines/earth.nix | 2 +- machines/galatea.nix | 2 +- machines/gir.nix | 2 +- machines/glados.nix | 2 +- machines/kitt.nix | 6 +++--- machines/marvin.nix | 2 +- machines/optimus.nix | 2 +- machines/skynet.nix | 2 +- machines/wheatly.nix | 2 +- 25 files changed, 64 insertions(+), 48 deletions(-) diff --git a/applications/bitwarden/vaultwarden.nix b/applications/bitwarden/vaultwarden.nix index c4ab5a2..68698dd 100644 --- a/applications/bitwarden/vaultwarden.nix +++ b/applications/bitwarden/vaultwarden.nix @@ -6,7 +6,8 @@ ... }: with lib; let - cfg = config.services.skynet_vaultwarden; + name = "vaultwarden"; + cfg = config.services.skynet."${name}"; domain_sub = "pw"; domain = "${domain_sub}.skynet.ie"; @@ -17,7 +18,7 @@ in { ../nginx.nix ]; - options.services.skynet_vaultwarden = { + options.services.skynet."${name}" = { enable = mkEnableOption "Skynet vaultwarden server"; host = { diff --git a/applications/discord.nix b/applications/discord.nix index a4b08a4..df8f934 100644 --- a/applications/discord.nix +++ b/applications/discord.nix @@ -6,13 +6,14 @@ ... }: with lib; let - cfg = config.services.discord_bot; + name = "discord_bot"; + cfg = config.services.skynet."${name}"; in { imports = [ inputs.skynet_discord_bot.nixosModule."x86_64-linux" ]; - options.services.discord_bot = { + options.services.skynet."${name}" = { enable = mkEnableOption "Skynet LDAP backend server"; }; @@ -24,6 +25,7 @@ in { age.secrets.discord_mail.file = ../secrets/email/details.age; age.secrets.discord_wolves.file = ../secrets/wolves/details.age; + # this is what was imported services.skynet_discord_bot = { enable = true; diff --git a/applications/email.nix b/applications/email.nix index d60e65f..8ab3c72 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -6,7 +6,8 @@ ... }: with lib; let - cfg = config.services.skynet_email; + name = "email"; + cfg = config.services.skynet."${name}"; # create teh new strings create_filter_array = map (x: "(memberOf=cn=${x},ou=groups,${cfg.ldap.base})"); @@ -128,7 +129,7 @@ in { ../config/users.nix ]; - options.services.skynet_email = { + options.services.skynet."${name}" = { # options that need to be passed in to make this work enable = mkEnableOption "Skynet Email"; diff --git a/applications/games.nix b/applications/games.nix index 7ab1511..b6dd735 100644 --- a/applications/games.nix +++ b/applications/games.nix @@ -6,7 +6,8 @@ ... }: with lib; let - cfg = config.services.skynet_games; + name = "games"; + cfg = config.services.skynet."${name}"; in { imports = [ ./dns.nix @@ -14,7 +15,7 @@ in { ./games/minecraft.nix ]; - options.services.skynet_games = { + options.services.skynet."${name}" = { enable = mkEnableOption "Skynet Games"; host = { @@ -74,7 +75,7 @@ in { }; # the minecraft servers - services.skynet_games_minecraft = { + services.skynet.games_minecraft = { enable = true; host = { diff --git a/applications/games/minecraft.nix b/applications/games/minecraft.nix index 9768b64..4c20a69 100644 --- a/applications/games/minecraft.nix +++ b/applications/games/minecraft.nix @@ -6,7 +6,8 @@ ... }: with lib; let - cfg = config.services.skynet_games_minecraft; + name = "games_minecraft"; + cfg = config.services.skynet."${name}"; # got tired of how long this is so I created a var for it. short_domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; @@ -19,7 +20,7 @@ in { inputs.arion.nixosModules.arion ]; - options.services.skynet_games_minecraft = { + options.services.skynet."${name}" = { enable = mkEnableOption "Skynet Games Minecraft"; host = { diff --git a/applications/gitlab.nix b/applications/gitlab.nix index 355d4cf..32f0ddc 100644 --- a/applications/gitlab.nix +++ b/applications/gitlab.nix @@ -5,7 +5,8 @@ ... }: with lib; let - cfg = config.services.skynet_gitlab; + name = "gitlab"; + cfg = config.services.skynet."${name}"; domain_base = "${cfg.domain.base}.${cfg.domain.tld}"; domain_full = "${cfg.domain.sub}.${domain_base}"; @@ -17,7 +18,7 @@ in { ./nginx.nix ]; - options.services.skynet_gitlab = { + options.services.skynet."${name}" = { enable = mkEnableOption "Skynet Gitlab"; host = { @@ -43,7 +44,7 @@ in { sub = mkOption { type = types.str; - default = "gitlab"; + default = name; }; }; diff --git a/applications/gitlab_runner.nix b/applications/gitlab_runner.nix index c6dda6b..dc642cf 100644 --- a/applications/gitlab_runner.nix +++ b/applications/gitlab_runner.nix @@ -5,12 +5,13 @@ ... }: with lib; let - cfg = config.services.skynet_gitlab_runner; + name = "gitlab_runner"; + cfg = config.services.skynet."${name}"; in { imports = [ ]; - options.services.skynet_gitlab_runner = { + options.services.skynet."${name}" = { enable = mkEnableOption "Skynet Gitlab Runner"; runner = { diff --git a/applications/ldap/backend.nix b/applications/ldap/backend.nix index d94a61a..177add3 100644 --- a/applications/ldap/backend.nix +++ b/applications/ldap/backend.nix @@ -6,7 +6,8 @@ ... }: with lib; let - cfg = config.services.ldap_backend; + name = "ldap_backend"; + cfg = config.services.skynet."${name}"; port_backend = "8087"; in { imports = [ @@ -17,7 +18,7 @@ in { ../../config/users.nix ]; - options.services.ldap_backend = { + options.services.skynet."${name}" = { enable = mkEnableOption "Skynet LDAP backend server"; host = { @@ -74,6 +75,7 @@ in { locations."/".proxyPass = "http://localhost:${port_backend}"; }; + # this got imported services.skynet_ldap_backend = { enable = true; diff --git a/applications/ldap/client.nix b/applications/ldap/client.nix index b1102ad..038907d 100644 --- a/applications/ldap/client.nix +++ b/applications/ldap/client.nix @@ -5,7 +5,8 @@ ... }: with lib; let - cfg = config.services.skynet_ldap_client; + name = "ldap_client"; + cfg = config.services.skynet."${name}"; # always ensure the admin group has access create_filter_check_admin = x: @@ -27,9 +28,9 @@ in { imports = []; # give users access to this server - #services.skynet_ldap_client.groups = ["skynet-users-linux"]; + #services.skynet.ldap_client.groups = ["skynet-users-linux"]; - options.services.skynet_ldap_client = { + options.services.skynet."${name}" = { # options that need to be passed in to make this work enable = mkEnableOption "Skynet LDAP client"; diff --git a/applications/ldap/server.nix b/applications/ldap/server.nix index e54c7e5..9f041f0 100644 --- a/applications/ldap/server.nix +++ b/applications/ldap/server.nix @@ -9,7 +9,8 @@ Gonna use a priper nixos module for this ... }: with lib; let - cfg = config.services.skynet_ldap; + name = "ldap"; + cfg = config.services.skynet."${name}"; domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; in { # these are needed for teh program in question @@ -20,7 +21,7 @@ in { ./backend.nix ]; - options.services.skynet_ldap = { + options.services.skynet."${name}" = { # options that need to be passed in to make this work enable = mkEnableOption "Skynet LDAP service"; @@ -65,7 +66,7 @@ in { config = mkIf cfg.enable { # passthrough to the backend - services.ldap_backend = { + services.skynet.ldap_backend = { enable = true; host.ip = cfg.host.ip; host.name = cfg.host.name; diff --git a/applications/nextcloud.nix b/applications/nextcloud.nix index ae23a05..2b5bad6 100644 --- a/applications/nextcloud.nix +++ b/applications/nextcloud.nix @@ -5,7 +5,8 @@ ... }: with lib; let - cfg = config.services.skynet_nextcloud; + name = "nextcloud"; + cfg = config.services.skynet."${name}"; domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; in { imports = [ @@ -14,7 +15,7 @@ in { ./nginx.nix ]; - options.services.skynet_nextcloud = { + options.services.skynet."${name}" = { enable = mkEnableOption "Skynet Nextcloud"; host = { @@ -40,7 +41,7 @@ in { sub = mkOption { type = types.str; - default = "nextcloud"; + default = name; }; }; }; diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix index 37dfe0d..107dc89 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -6,14 +6,15 @@ ... }: with lib; let - cfg = config.services.skynet; + name = "website"; + cfg = config.services.skynet."${name}"; in { imports = [ ./acme.nix ./dns.nix ]; - options.services.skynet = { + options.services.skynet."${name}" = { host = { ip = mkOption { type = types.str; diff --git a/applications/skynet_users.nix b/applications/skynet_users.nix index 8e0b98f..341822d 100644 --- a/applications/skynet_users.nix +++ b/applications/skynet_users.nix @@ -6,8 +6,9 @@ ... }: with lib; let - cfg = config.services.skynet_users; - php_pool = "skynet_users"; + name = "website_users"; + cfg = config.services.skynet."${name}"; + php_pool = name; in { imports = [ ./acme.nix @@ -15,7 +16,7 @@ in { ./nginx.nix ]; - options.services.skynet_users = { + options.services.skynet."${name}" = { host = { ip = mkOption { type = types.str; @@ -30,7 +31,7 @@ in { # ssh access # allow more than admins access - services.skynet_ldap_client = { + services.skynet.ldap_client = { groups = [ "skynet-admins-linux" "skynet-users-linux" diff --git a/applications/ulfm.nix b/applications/ulfm.nix index 4cf88ad..77c4401 100644 --- a/applications/ulfm.nix +++ b/applications/ulfm.nix @@ -5,7 +5,8 @@ ... }: with lib; let - cfg = config.services.skynet_ulfm; + name = "ulfm"; + cfg = config.services.skynet."${name}"; in { imports = [ ./acme.nix @@ -14,7 +15,7 @@ in { ./nginx.nix ]; - options.services.skynet_ulfm = { + options.services.skynet."${name}" = { enable = mkEnableOption "ULFM service"; host = { diff --git a/machines/_base.nix b/machines/_base.nix index 63acbb5..80a8f5e 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -98,7 +98,7 @@ in { }; # skynet-admin-linux will always be added, individual servers can override the groups option - services.skynet_ldap_client.enable = true; + services.skynet.ldap_client.enable = true; networking = { # every sever needs to be accessable over ssh for admin use at least diff --git a/machines/cadie.nix b/machines/cadie.nix index acc6810..d180703 100644 --- a/machines/cadie.nix +++ b/machines/cadie.nix @@ -53,7 +53,7 @@ in { host = host; }; - services.skynet_nextcloud = { + services.skynet.nextcloud = { enable = true; host = host; }; diff --git a/machines/earth.nix b/machines/earth.nix index 9cfefd2..9854f34 100644 --- a/machines/earth.nix +++ b/machines/earth.nix @@ -54,7 +54,7 @@ in { host = host; }; - services.skynet = { + services.skynet.website = { host = host; }; } diff --git a/machines/galatea.nix b/machines/galatea.nix index 8c842af..c32d38b 100644 --- a/machines/galatea.nix +++ b/machines/galatea.nix @@ -54,7 +54,7 @@ in { host = host; }; - services.skynet_ulfm = { + services.skynet.ulfm = { enable = true; host = host; }; diff --git a/machines/gir.nix b/machines/gir.nix index 3121a19..07c5893 100644 --- a/machines/gir.nix +++ b/machines/gir.nix @@ -55,7 +55,7 @@ in { }; # we use this to pass in teh relevent infomation to the - services.skynet_email = { + services.skynet.email = { enable = true; host = host; domain = "skynet.ie"; diff --git a/machines/glados.nix b/machines/glados.nix index a28e836..7b0a277 100644 --- a/machines/glados.nix +++ b/machines/glados.nix @@ -54,7 +54,7 @@ in { host = host; }; - services.skynet_gitlab = { + services.skynet.gitlab = { enable = true; host = host; }; diff --git a/machines/kitt.nix b/machines/kitt.nix index 6b8dd7c..29fae63 100644 --- a/machines/kitt.nix +++ b/machines/kitt.nix @@ -60,16 +60,16 @@ in { host = host; }; - services.skynet_ldap = { + services.skynet.ldap = { enable = true; host = host; }; - services.discord_bot = { + services.skynet.discord_bot = { enable = true; }; - services.skynet_vaultwarden = { + services.skynet.vaultwarden = { enable = true; host = host; diff --git a/machines/marvin.nix b/machines/marvin.nix index 1be7d49..df99a32 100644 --- a/machines/marvin.nix +++ b/machines/marvin.nix @@ -48,7 +48,7 @@ in { ++ groups_trusted; # allow trainees access - services.skynet_ldap_client = { + services.skynet.ldap_client = { groups = groups; sudo_groups = groups; }; diff --git a/machines/optimus.nix b/machines/optimus.nix index 0e7a1f6..111cadf 100644 --- a/machines/optimus.nix +++ b/machines/optimus.nix @@ -54,7 +54,7 @@ in { host = host; }; - services.skynet_games = { + services.skynet.games = { enable = true; host = host; }; diff --git a/machines/skynet.nix b/machines/skynet.nix index 435bbc5..0d1442c 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -55,7 +55,7 @@ in { services.skynet.backup.host = host; - services.skynet_users = { + services.skynet.website_users = { host = host; }; } diff --git a/machines/wheatly.nix b/machines/wheatly.nix index 3e6f339..b285ce9 100644 --- a/machines/wheatly.nix +++ b/machines/wheatly.nix @@ -53,7 +53,7 @@ in { host = host; }; - services.skynet_gitlab_runner = { + services.skynet.gitlab_runner = { enable = true; runner.name = "runner01"; }; From 379cb848394957419ee4248d8b786679565394ac Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 30 May 2024 17:55:29 +0100 Subject: [PATCH 383/826] feat: simplified the config for running services, only one hosts config is required now in each server config file --- applications/_base.nix | 59 +++++++++++++++++++ applications/bitwarden/vaultwarden.nix | 19 +----- applications/email.nix | 20 +------ applications/games.nix | 23 +------- applications/games/minecraft.nix | 34 +++-------- applications/gitlab.nix | 24 ++------ applications/grafana.nix | 11 +--- applications/ldap/backend.nix | 12 +--- applications/ldap/server.nix | 20 +------ applications/nextcloud.nix | 19 +----- applications/nix_cache/nix_cache.nix | 13 +--- applications/open_governance/keyserver.nix | 13 +--- .../open_governance/open_governance.nix | 11 +--- applications/prometheus.nix | 9 --- applications/restic.nix | 29 ++++----- applications/skynet.ie.nix | 21 +++---- applications/skynet_users.nix | 19 +----- applications/ulfm.nix | 23 ++------ machines/_base.nix | 3 + machines/agentjones.nix | 18 +----- machines/cadie.nix | 24 ++------ machines/calculon.nix | 24 ++------ machines/earth.nix | 24 ++------ machines/galatea.nix | 24 ++------ machines/gir.nix | 27 ++------- machines/glados.nix | 24 ++------ machines/kitt.nix | 53 ++++------------- machines/marvin.nix | 20 +------ machines/neuromancer.nix | 19 +----- machines/optimus.nix | 24 ++------ machines/skynet.nix | 21 ++----- machines/vendetta.nix | 35 ++++------- machines/vigil.nix | 36 ++++------- machines/wheatly.nix | 26 +++----- 34 files changed, 200 insertions(+), 581 deletions(-) create mode 100644 applications/_base.nix diff --git a/applications/_base.nix b/applications/_base.nix new file mode 100644 index 0000000..bd1f017 --- /dev/null +++ b/applications/_base.nix @@ -0,0 +1,59 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + # root service + cfg = config.services.skynet; +in { + imports = [ + ./acme.nix + ./dns.nix + ./nginx.nix + ]; + + options.services.skynet = { + # since we use this basically everywhere provide a standard way to set it + host = { + ip = mkOption { + type = types.str; + }; + name = mkOption { + type = types.str; + }; + hostname = mkOption { + type = types.str; + default = "${cfg.host.name}.skynet.ie"; + }; + }; + }; + + config = { + services.skynet.dns.records = [ + { + record = cfg.host.name; + r_type = "A"; + value = cfg.host.ip; + server = true; + } + { + record = cfg.host.ip; + r_type = "PTR"; + value = cfg.host.hostname; + } + ]; + + services.nginx = { + virtualHosts = { + # for every server unless explisitly defined redirect the ip to skynet.ie + "${cfg.host.ip}" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/".return = "307 https://skynet.ie"; + }; + }; + }; + }; +} diff --git a/applications/bitwarden/vaultwarden.nix b/applications/bitwarden/vaultwarden.nix index 68698dd..52e0422 100644 --- a/applications/bitwarden/vaultwarden.nix +++ b/applications/bitwarden/vaultwarden.nix @@ -19,17 +19,7 @@ in { ]; options.services.skynet."${name}" = { - enable = mkEnableOption "Skynet vaultwarden server"; - - host = { - ip = mkOption { - type = types.str; - }; - - name = mkOption { - type = types.str; - }; - }; + enable = mkEnableOption "Skynet VaultWarden server"; }; config = mkIf cfg.enable { @@ -44,16 +34,11 @@ in { { record = domain_sub; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } ]; services.nginx.virtualHosts = { - "${cfg.host.ip}" = { - forceSSL = true; - useACMEHost = "skynet"; - locations."/".return = "307 https://skynet.ie"; - }; "${domain}" = { forceSSL = true; useACMEHost = "skynet"; diff --git a/applications/email.nix b/applications/email.nix index 8ab3c72..ade5e0f 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -134,16 +134,6 @@ in { enable = mkEnableOption "Skynet Email"; - host = { - ip = mkOption { - type = types.str; - }; - - name = mkOption { - type = types.str; - }; - }; - domain = mkOption { type = types.str; default = "skynet.ie"; @@ -246,12 +236,6 @@ in { # to provide the certs services.nginx.virtualHosts = { - "${cfg.host.ip}" = { - forceSSL = true; - useACMEHost = "skynet"; - locations."/".return = "307 https://skynet.ie"; - }; - "mail.skynet.ie" = { forceSSL = true; useACMEHost = "mail"; @@ -291,7 +275,7 @@ in { { record = "mail"; r_type = "A"; - value = cfg.host.ip; + value = config.services.skynet.host.ip; } #DNS config for K-9 Mail { @@ -345,7 +329,7 @@ in { # reverse pointer { - record = cfg.host.ip; + record = config.services.skynet.host.ip; r_type = "PTR"; value = "${cfg.sub}.${cfg.domain}."; } diff --git a/applications/games.nix b/applications/games.nix index b6dd735..7ffd9f7 100644 --- a/applications/games.nix +++ b/applications/games.nix @@ -18,16 +18,6 @@ in { options.services.skynet."${name}" = { enable = mkEnableOption "Skynet Games"; - host = { - ip = mkOption { - type = types.str; - }; - - name = mkOption { - type = types.str; - }; - }; - domain = { tld = mkOption { type = types.str; @@ -52,7 +42,7 @@ in { { record = cfg.domain.sub; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } ]; @@ -61,12 +51,6 @@ in { ]; services.nginx.virtualHosts = { - "${cfg.host.ip}" = { - forceSSL = true; - useACMEHost = "skynet"; - locations."/".return = "307 https://skynet.ie"; - }; - "${cfg.domain.sub}.skynet.ie" = { forceSSL = true; useACMEHost = "skynet"; @@ -78,11 +62,6 @@ in { services.skynet.games_minecraft = { enable = true; - host = { - ip = cfg.host.ip; - name = cfg.domain.sub; - }; - domain = { sub = "minecraft.${cfg.domain.sub}"; }; diff --git a/applications/games/minecraft.nix b/applications/games/minecraft.nix index 4c20a69..8953efe 100644 --- a/applications/games/minecraft.nix +++ b/applications/games/minecraft.nix @@ -23,16 +23,6 @@ in { options.services.skynet."${name}" = { enable = mkEnableOption "Skynet Games Minecraft"; - host = { - ip = mkOption { - type = types.str; - }; - - name = mkOption { - type = types.str; - }; - }; - domain = { tld = mkOption { type = types.str; @@ -53,9 +43,9 @@ in { config = mkIf cfg.enable { skynet_firewall.forward = [ - "ip daddr ${cfg.host.ip} tcp dport 80 counter packets 0 bytes 0 accept" - "ip daddr ${cfg.host.ip} tcp dport 443 counter packets 0 bytes 0 accept" - "ip daddr ${cfg.host.ip} tcp dport 25565 counter packets 0 bytes 0 accept" + "ip daddr ${config.services.skynet.host.ip} tcp dport 80 counter packets 0 bytes 0 accept" + "ip daddr ${config.services.skynet.host.ip} tcp dport 443 counter packets 0 bytes 0 accept" + "ip daddr ${config.services.skynet.host.ip} tcp dport 25565 counter packets 0 bytes 0 accept" ]; services.skynet.acme.domains = [ @@ -68,38 +58,38 @@ in { { record = "config.${cfg.domain.sub}"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } # our own minecraft hosts { record = "compsoc_classic.${cfg.domain.sub}"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } { record = "compsoc.${cfg.domain.sub}"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } # gsoc servers { record = "gsoc.${cfg.domain.sub}"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } { record = "gsoc_abridged.${cfg.domain.sub}"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } # phildeb { record = "phildeb.${cfg.domain.sub}"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } ]; @@ -109,12 +99,6 @@ in { ]; services.nginx.virtualHosts = { - "${cfg.host.ip}" = { - forceSSL = true; - useACMEHost = "skynet"; - locations."/".return = "307 https://skynet.ie"; - }; - # https://config.minecraft.games.skynet.ie "config.${short_domain}" = { forceSSL = true; diff --git a/applications/gitlab.nix b/applications/gitlab.nix index 32f0ddc..80664af 100644 --- a/applications/gitlab.nix +++ b/applications/gitlab.nix @@ -21,16 +21,6 @@ in { options.services.skynet."${name}" = { enable = mkEnableOption "Skynet Gitlab"; - host = { - ip = mkOption { - type = types.str; - }; - - name = mkOption { - type = types.str; - }; - }; - domain = { tld = mkOption { type = types.str; @@ -111,13 +101,13 @@ in { { record = cfg.domain.sub; r_type = "A"; - value = cfg.host.ip; + value = config.services.skynet.host.ip; } # for gitlab pages { record = "*.pages.${cfg.domain.base}.${cfg.domain.tld}."; r_type = "A"; - value = cfg.host.ip; + value = config.services.skynet.host.ip; } # for email @@ -127,7 +117,7 @@ in { value = ''10 ${domain_full}.''; } { - record = cfg.host.ip; + record = config.services.skynet.host.ip; r_type = "PTR"; value = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}."; } @@ -151,12 +141,6 @@ in { services.openssh.ports = [22 2222]; services.nginx.virtualHosts = { - "${cfg.host.ip}" = { - forceSSL = true; - useACMEHost = "skynet"; - locations."/".return = "307 https://skynet.ie"; - }; - # main site "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = { forceSSL = true; @@ -264,7 +248,7 @@ in { # default for pages is set to 8090 but that leaves an "ugly" port in the url, # override it here to make it look good port = 80; - #external_http = ["${cfg.host.ip}:80"]; + #external_http = ["${config.services.skynet.host.ip}:80"]; }; }; }; diff --git a/applications/grafana.nix b/applications/grafana.nix index a7f4e00..15c076f 100644 --- a/applications/grafana.nix +++ b/applications/grafana.nix @@ -16,15 +16,6 @@ in { options.services.skynet."${name}" = { enable = mkEnableOption "Grafana Server"; - host = { - ip = mkOption { - type = types.str; - }; - name = mkOption { - type = types.str; - }; - }; - datasource = { name = mkOption { type = types.str; @@ -41,7 +32,7 @@ in { { record = "${name}"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } ]; diff --git a/applications/ldap/backend.nix b/applications/ldap/backend.nix index 177add3..b4b0e13 100644 --- a/applications/ldap/backend.nix +++ b/applications/ldap/backend.nix @@ -21,16 +21,6 @@ in { options.services.skynet."${name}" = { enable = mkEnableOption "Skynet LDAP backend server"; - host = { - ip = mkOption { - type = types.str; - }; - - name = mkOption { - type = types.str; - }; - }; - domain = { tld = mkOption { type = types.str; @@ -65,7 +55,7 @@ in { { record = cfg.domain.sub; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } ]; diff --git a/applications/ldap/server.nix b/applications/ldap/server.nix index 9f041f0..67bd1fc 100644 --- a/applications/ldap/server.nix +++ b/applications/ldap/server.nix @@ -18,7 +18,6 @@ in { ../acme.nix ../dns.nix ../nginx.nix - ./backend.nix ]; options.services.skynet."${name}" = { @@ -26,16 +25,6 @@ in { enable = mkEnableOption "Skynet LDAP service"; - host = { - ip = mkOption { - type = types.str; - }; - - name = mkOption { - type = types.str; - }; - }; - domain = { tld = mkOption { type = types.str; @@ -65,13 +54,6 @@ in { }; config = mkIf cfg.enable { - # passthrough to the backend - services.skynet.ldap_backend = { - enable = true; - host.ip = cfg.host.ip; - host.name = cfg.host.name; - }; - # after changing teh password openldap.service has to be restarted age.secrets.ldap_pw = { file = ../../secrets/ldap/pw.age; @@ -88,7 +70,7 @@ in { { record = cfg.domain.sub; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } ]; diff --git a/applications/nextcloud.nix b/applications/nextcloud.nix index 2b5bad6..02bc5f6 100644 --- a/applications/nextcloud.nix +++ b/applications/nextcloud.nix @@ -18,16 +18,6 @@ in { options.services.skynet."${name}" = { enable = mkEnableOption "Skynet Nextcloud"; - host = { - ip = mkOption { - type = types.str; - }; - - name = mkOption { - type = types.str; - }; - }; - domain = { tld = mkOption { type = types.str; @@ -64,12 +54,12 @@ in { { record = cfg.domain.sub; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } { record = "onlyoffice.${cfg.domain.sub}"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } ]; @@ -109,11 +99,6 @@ in { }; services.nginx.virtualHosts = { - "${cfg.host.ip}" = { - forceSSL = true; - useACMEHost = "skynet"; - locations."/".return = "307 https://skynet.ie"; - }; ${domain} = { forceSSL = true; useACMEHost = "skynet"; diff --git a/applications/nix_cache/nix_cache.nix b/applications/nix_cache/nix_cache.nix index 88fe408..6716146 100644 --- a/applications/nix_cache/nix_cache.nix +++ b/applications/nix_cache/nix_cache.nix @@ -29,17 +29,10 @@ in { ]; options.services.skynet."${name}" = { - host = { - ip = mkOption { - type = types.str; - }; - name = mkOption { - type = types.str; - }; - }; + enable = mkEnableOption "Skynet Nix Cache"; }; - config = { + config = mkIf cfg.enable { services.skynet.acme.domains = [ "${name}.skynet.ie" ]; @@ -48,7 +41,7 @@ in { { record = "${name}"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } ]; diff --git a/applications/open_governance/keyserver.nix b/applications/open_governance/keyserver.nix index 56c9441..c507a50 100644 --- a/applications/open_governance/keyserver.nix +++ b/applications/open_governance/keyserver.nix @@ -18,17 +18,10 @@ in { ]; options.services.skynet."${name}" = { - host = { - ip = mkOption { - type = types.str; - }; - name = mkOption { - type = types.str; - }; - }; + enable = mkEnableOption "Skynet Public Keyserver"; }; - config = { + config = mkIf cfg.enable { services.skynet.acme.domains = [ "${name}.skynet.ie" ]; @@ -37,7 +30,7 @@ in { { record = "${name}"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } ]; diff --git a/applications/open_governance/open_governance.nix b/applications/open_governance/open_governance.nix index c855f30..93d2974 100644 --- a/applications/open_governance/open_governance.nix +++ b/applications/open_governance/open_governance.nix @@ -20,14 +20,7 @@ in { ]; options.services.skynet."${name}" = { - host = { - ip = mkOption { - type = types.str; - }; - name = mkOption { - type = types.str; - }; - }; + enable = mkEnableOption "Skynet Open Governance"; }; config = { @@ -39,7 +32,7 @@ in { { record = "${name}"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } ]; diff --git a/applications/prometheus.nix b/applications/prometheus.nix index eb15c48..556a16e 100644 --- a/applications/prometheus.nix +++ b/applications/prometheus.nix @@ -13,15 +13,6 @@ in { options.services.skynet."${name}" = { server = { enable = mkEnableOption "Prometheus Server"; - host = { - ip = mkOption { - type = types.str; - }; - - name = mkOption { - type = types.str; - }; - }; port = mkOption { type = types.port; diff --git a/applications/restic.nix b/applications/restic.nix index 09365c6..df273e6 100644 --- a/applications/restic.nix +++ b/applications/restic.nix @@ -39,21 +39,23 @@ with lib; let lib.attrsets.mapAttrsToList ( key: value: let backup = value.config.services.skynet.backup; + backup_host = value.config.services.skynet.host; in if ( (builtins.hasAttr "backup" value.config.services.skynet) && backup.server.enable - && backup.host.name != cfg.host.name + # chgeck that its not itself + && backup_host.name != config.services.skynet.host.name && !backup.server.appendOnly ) then [ { - name = backup.host.name; + name = backup_host.name; value = base // { - repositoryFile = "/etc/skynet/restic/${backup.host.name}"; + repositoryFile = "/etc/skynet/restic/${backup_host.name}"; backupPrepareCommand = '' #!${pkgs.stdenv.shell} @@ -64,13 +66,13 @@ with lib; let mkdir -p $baseDir cd $baseDir - echo -n "rest:http://root:password@${backup.host.ip}:${toString backup.server.port}/root/${cfg.host.name}" > ${backup.host.name} + echo -n "rest:http://root:password@${backup_host.ip}:${toString backup.server.port}/root/${config.services.skynet.host.name}" > ${backup_host.name} # read in teh password #PW = `cat ${config.age.secrets.restic.path}` line=$(head -n 1 ${config.age.secrets.restic.path}) - sed -i "s/password/$line/g" ${backup.host.name} + sed -i "s/password/$line/g" ${backup_host.name} ''; }; } @@ -87,8 +89,7 @@ in { # https://git.hrnz.li/Ulli/nixos/src/commit/5edca2dfdab3ce52208e4dfd2b92951e500f8418/profiles/server/restic.nix # will eb enabled on every server options.services.skynet."${name}" = { - # backup is enabled by default - # enable = mkEnableOption "Skynet backup"; + enable = mkEnableOption "Skynet backup"; # what folders to backup normal = { @@ -128,16 +129,6 @@ in { }; }; - host = { - ip = mkOption { - type = types.str; - }; - - name = mkOption { - type = types.str; - }; - }; - server = { enable = mkEnableOption "Skynet backup Server"; @@ -176,7 +167,7 @@ in { services.restic.server = { enable = true; - listenAddress = "${cfg.host.ip}:${toString cfg.server.port}"; + listenAddress = "${config.services.skynet.host.ip}:${toString cfg.server.port}"; appendOnly = cfg.server.appendOnly; privateRepos = true; }; @@ -196,7 +187,7 @@ in { # merge teh two configs together # backblaze = base // { # # backupos for each server are stored in a folder under their name - # repository = "b2:NixOS-Main2:/${cfg.host.name}"; + # repository = "b2:NixOS-Main2:/${config.services.skynet.host.name}"; # #environmentFile = config.age.secrets.backblaze.path; # }; }; diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix index 107dc89..fe83fc4 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -15,17 +15,10 @@ in { ]; options.services.skynet."${name}" = { - host = { - ip = mkOption { - type = types.str; - }; - name = mkOption { - type = types.str; - }; - }; + enable = mkEnableOption "Skynet Main Website"; }; - config = { + config = mkIf cfg.enable { services.skynet.acme.domains = [ # the root one is already covered by teh certificate "2016.skynet.ie" @@ -39,27 +32,27 @@ in { { record = "@"; r_type = "A"; - value = cfg.host.ip; + value = config.services.skynet.host.ip; } { record = "2016"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } { record = "discord"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } { record = "public"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } { record = "renew"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } ]; diff --git a/applications/skynet_users.nix b/applications/skynet_users.nix index 341822d..0ff76e1 100644 --- a/applications/skynet_users.nix +++ b/applications/skynet_users.nix @@ -17,14 +17,7 @@ in { ]; options.services.skynet."${name}" = { - host = { - ip = mkOption { - type = types.str; - }; - name = mkOption { - type = types.str; - }; - }; + enable = mkEnableOption "Skynet User Linux Server"; }; config = { @@ -48,12 +41,12 @@ in { { record = "users"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } { record = "*.users"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } ]; @@ -92,12 +85,6 @@ in { }; services.nginx.virtualHosts = { - "${cfg.host.ip}" = { - forceSSL = true; - useACMEHost = "skynet"; - locations."/".return = "307 https://skynet.ie"; - }; - # main site "*.users.skynet.ie" = { forceSSL = true; diff --git a/applications/ulfm.nix b/applications/ulfm.nix index 77c4401..b1013f3 100644 --- a/applications/ulfm.nix +++ b/applications/ulfm.nix @@ -18,16 +18,6 @@ in { options.services.skynet."${name}" = { enable = mkEnableOption "ULFM service"; - host = { - ip = mkOption { - type = types.str; - }; - - name = mkOption { - type = types.str; - }; - }; - domain = { tld = mkOption { type = types.str; @@ -62,14 +52,14 @@ in { { record = cfg.domain.sub; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } ]; skynet_firewall.forward = [ - "ip daddr ${cfg.host.ip} tcp dport 80 counter packets 0 bytes 0 accept" - "ip daddr ${cfg.host.ip} tcp dport 443 counter packets 0 bytes 0 accept" - "ip daddr ${cfg.host.ip} tcp dport 8000 counter packets 0 bytes 0 accept" + "ip daddr ${config.services.skynet.host.ip} tcp dport 80 counter packets 0 bytes 0 accept" + "ip daddr ${config.services.skynet.host.ip} tcp dport 443 counter packets 0 bytes 0 accept" + "ip daddr ${config.services.skynet.host.ip} tcp dport 8000 counter packets 0 bytes 0 accept" ]; users.groups."icecast" = {}; @@ -101,11 +91,6 @@ in { useACMEHost = "skynet"; locations."/".proxyPass = "http://localhost:8000"; }; - "${cfg.host.ip}" = { - forceSSL = true; - useACMEHost = "skynet"; - locations."/".return = "307 https://skynet.ie"; - }; }; }; }; diff --git a/machines/_base.nix b/machines/_base.nix index 80a8f5e..5972e49 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -18,6 +18,9 @@ in { # for the secrets inputs.agenix.nixosModules.default + # base config for all servers + ../applications/_base.nix + # every sever may need the firewall config stuff ../applications/firewall.nix diff --git a/machines/agentjones.nix b/machines/agentjones.nix index ee05feb..1fb3c4e 100644 --- a/machines/agentjones.nix +++ b/machines/agentjones.nix @@ -20,6 +20,7 @@ Notes: Used to have Agent Smith as a partner but it died (Ironically) host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ @@ -35,22 +36,9 @@ in { tags = ["active-firewall"]; }; - services.skynet.dns.records = [ - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; - - services.skynet.backup = { + services.skynet = { host = host; + backup.enable = true; }; # keep the wired usb connection alive (front panel) diff --git a/machines/cadie.nix b/machines/cadie.nix index d180703..96a6bed 100644 --- a/machines/cadie.nix +++ b/machines/cadie.nix @@ -21,6 +21,7 @@ Notes: host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ @@ -35,27 +36,10 @@ in { tags = ["active"]; }; - services.skynet.dns.records = [ - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; - - services.skynet.backup = { - host = host; - }; - - services.skynet.nextcloud = { - enable = true; + services.skynet = { host = host; + backup.enable = true; + nextcloud.enable = true; }; # this was causing a conflict for some reason diff --git a/machines/calculon.nix b/machines/calculon.nix index 556b605..30ad6bd 100644 --- a/machines/calculon.nix +++ b/machines/calculon.nix @@ -22,6 +22,7 @@ Notes: host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ @@ -38,24 +39,11 @@ in { tags = ["active"]; }; - # it has two network devices so two - services.skynet.dns.records = [ - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; - services.skynet = { - nix-cache.host = host; - open-governance.host = host; - keyserver.host = host; + host = host; + backup.enable = true; + nix-cache.enable = true; + open-governance.enable = true; + keyserver.enable = true; }; } diff --git a/machines/earth.nix b/machines/earth.nix index 9854f34..9106027 100644 --- a/machines/earth.nix +++ b/machines/earth.nix @@ -21,6 +21,7 @@ Notes: host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ @@ -35,26 +36,9 @@ in { tags = ["active-core"]; }; - # it has two network devices so two - services.skynet.dns.records = [ - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; - - services.skynet.backup = { - host = host; - }; - - services.skynet.website = { + services.skynet = { host = host; + backup.enable = true; + website.enable = true; }; } diff --git a/machines/galatea.nix b/machines/galatea.nix index c32d38b..62af7e3 100644 --- a/machines/galatea.nix +++ b/machines/galatea.nix @@ -22,6 +22,7 @@ Notes: host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ @@ -36,26 +37,9 @@ in { tags = ["active"]; }; - services.skynet.dns.records = [ - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; - - services.skynet.backup = { - host = host; - }; - - services.skynet.ulfm = { - enable = true; + services.skynet = { host = host; + backup.enable = true; + ulfm.enable = true; }; } diff --git a/machines/gir.nix b/machines/gir.nix index 07c5893..0f6dde4 100644 --- a/machines/gir.nix +++ b/machines/gir.nix @@ -21,6 +21,7 @@ Notes: host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ @@ -35,29 +36,9 @@ in { tags = ["active-core"]; }; - # add this server to dns - services.skynet.dns.records = [ - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; - - services.skynet.backup = { + services.skynet = { host = host; - }; - - # we use this to pass in teh relevent infomation to the - services.skynet.email = { - enable = true; - host = host; - domain = "skynet.ie"; + backup.enable = true; + email.enable = true; }; } diff --git a/machines/glados.nix b/machines/glados.nix index 7b0a277..a745ee6 100644 --- a/machines/glados.nix +++ b/machines/glados.nix @@ -22,6 +22,7 @@ Notes: Each user has roughly 20gb os storage host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ @@ -36,26 +37,9 @@ in { tags = ["active-gitlab"]; }; - services.skynet.dns.records = [ - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; - - services.skynet.backup = { - host = host; - }; - - services.skynet.gitlab = { - enable = true; + services.skynet = { host = host; + backup.enable = true; + gitlab.enable = true; }; } diff --git a/machines/kitt.nix b/machines/kitt.nix index 29fae63..54474c9 100644 --- a/machines/kitt.nix +++ b/machines/kitt.nix @@ -22,10 +22,12 @@ Notes: host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ ../applications/ldap/server.nix + ../applications/ldap/backend.nix ../applications/discord.nix ../applications/bitwarden/vaultwarden.nix ../applications/bitwarden/bitwarden_sync.nix @@ -41,49 +43,20 @@ in { tags = ["active-core"]; }; - # add this server to dns - services.skynet.dns.records = [ - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; - - services.skynet.backup = { + services.skynet = { host = host; - }; + backup.enable = true; - services.skynet.ldap = { - enable = true; - host = host; - }; + # ldap setup + ldap.enable = true; + ldap_backend.enable = true; - services.skynet.discord_bot = { - enable = true; - }; + # private member services + discord_bot.enable = true; - services.skynet.vaultwarden = { - enable = true; - - host = host; - }; - services.skynet.prometheus = { - server = { - enable = true; - host = host; - }; - }; - - services.skynet.grafana = { - enable = true; - - host = host; + # committee/admin services + vaultwarden.enable = true; + prometheus.server.enable = true; + grafana.enable = true; }; } diff --git a/machines/marvin.nix b/machines/marvin.nix index df99a32..175d61d 100644 --- a/machines/marvin.nix +++ b/machines/marvin.nix @@ -20,6 +20,7 @@ Notes: host = { ip = ip_pub; name = name; + hostname = hostname; }; groups = [ @@ -53,23 +54,8 @@ in { sudo_groups = groups; }; - services.skynet.dns.records = [ - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; - - services.skynet.backup = { + services.skynet = { host = host; + backup.enable = true; }; - - # Put test services below this } diff --git a/machines/neuromancer.nix b/machines/neuromancer.nix index 255c503..6e2cbd9 100644 --- a/machines/neuromancer.nix +++ b/machines/neuromancer.nix @@ -21,6 +21,7 @@ Notes: host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ @@ -48,22 +49,8 @@ in { tags = ["active-core"]; }; - services.skynet.dns.records = [ - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; - - services.skynet.backup = { - server.enable = true; + services.skynet = { host = host; + backup.server.enable = true; }; } diff --git a/machines/optimus.nix b/machines/optimus.nix index 111cadf..6f36726 100644 --- a/machines/optimus.nix +++ b/machines/optimus.nix @@ -22,6 +22,7 @@ Notes: host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ @@ -36,26 +37,9 @@ in { tags = ["active"]; }; - services.skynet.dns.records = [ - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; - - services.skynet.backup = { - host = host; - }; - - services.skynet.games = { - enable = true; + services.skynet = { host = host; + backup.enable = true; + games.enable = true; }; } diff --git a/machines/skynet.nix b/machines/skynet.nix index 0d1442c..360896b 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -24,6 +24,7 @@ Notes: Does not host offical sites host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ @@ -39,23 +40,9 @@ in { tags = ["active-ext"]; }; - services.skynet.dns.records = [ - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; - - services.skynet.backup.host = host; - - services.skynet.website_users = { + services.skynet = { host = host; + backup.enable = true; + website_users.enable = true; }; } diff --git a/machines/vendetta.nix b/machines/vendetta.nix index c46c988..3cff501 100644 --- a/machines/vendetta.nix +++ b/machines/vendetta.nix @@ -21,6 +21,7 @@ Notes: Using the server that used to be called Earth host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ @@ -49,32 +50,16 @@ in { ]; }; - services.skynet.backup = { + services.skynet = { host = host; - }; - - services.skynet.dns = { - server = { - enable = true; - # primary dns server (ns1) - primary = true; - ip = ip_pub; + backup.enable = true; + dns = { + server = { + enable = true; + # primary dns server (ns1) + primary = true; + ip = ip_pub; + }; }; - - records = [ - # vendetta IN A 193.1.99.120 - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - # 120 IN PTR vendetta.skynet.ie. - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; }; } diff --git a/machines/vigil.nix b/machines/vigil.nix index 7885aa4..421ebaa 100644 --- a/machines/vigil.nix +++ b/machines/vigil.nix @@ -20,6 +20,7 @@ Notes: host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ @@ -33,33 +34,16 @@ in { tags = ["active-dns" "dns"]; }; - services.skynet.backup = { + services.skynet = { host = host; - }; - - services.skynet.dns = { - server = { - enable = true; - # secondary dns server (ns2) - primary = false; - ip = ip_pub; + backup.enable = true; + dns = { + server = { + enable = true; + # secondary dns server (ns2) + primary = false; + ip = ip_pub; + }; }; - - # this server will have to have dns records - records = [ - # vigil IN A 193.1.99.109 - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - # 109 IN PTR vigil.skynet.ie. - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; }; } diff --git a/machines/wheatly.nix b/machines/wheatly.nix index b285ce9..308bef9 100644 --- a/machines/wheatly.nix +++ b/machines/wheatly.nix @@ -21,6 +21,7 @@ Notes: host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ @@ -35,26 +36,13 @@ in { tags = ["active-gitlab"]; }; - services.skynet.dns.records = [ - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; - - services.skynet.backup = { + services.skynet = { host = host; - }; + backup.enable = true; - services.skynet.gitlab_runner = { - enable = true; - runner.name = "runner01"; + gitlab_runner = { + enable = true; + runner.name = "runner01"; + }; }; } From 689344e518c87da932b5741da81ac15e2972703b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 30 May 2024 19:42:26 +0100 Subject: [PATCH 384/826] fix: all servers now require the dns secret for acme now --- secrets/dns_certs.secret.age | 71 +++++++++++++++++++++--------------- secrets/secrets.nix | 2 +- 2 files changed, 42 insertions(+), 31 deletions(-) diff --git a/secrets/dns_certs.secret.age b/secrets/dns_certs.secret.age index 7d1f348..e4e29d5 100644 --- a/secrets/dns_certs.secret.age +++ b/secrets/dns_certs.secret.age @@ -1,31 +1,42 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA tzgPuOSktRbzGWk2BDFHmbr1Sm05qdYjyRz2/HTx6B4 -U81/Gr5l69wte3fAtN3nYfx5OAMu5x7WTS4gygHUucc --> ssh-ed25519 4PzZog EPHeQJYsFoEHlgScAHEsu5qvylaTzvcPw3Y2CXOSuWQ -U2PGDUHKIAR/0qovVc7ovAT9dyn/fOTncfNWrKk8ljY --> ssh-ed25519 5Nd93w 4CHAkRax2v275ksja2Pxw+5DoZXWNKd3lHZq8+Y1W0U -Br95FoQN2AZf2io3wFTX7SCHxGoGv2O/8/kbnu2bqvg --> ssh-ed25519 q8eJgg zds5ccfqHdh67yLnN+33eXwHF5FFKVFAxW8Ecgk7ZHg -vDZ13K30m+rx+wyteX8SuA5uEI9dZMV/vRJSt9ydKMo --> ssh-ed25519 XSrA6w 27EVcnWYtJnsl1EJtmbucY3pyXHRZKezi8KN30bK0Vc -y41vgV5yH3aZJUx0Wl/zP29466yOl2IGgl+6ti3pAVQ --> ssh-ed25519 DVzSig XRuB0GkA1CFvcq7mc2Nod79+jYnN26dEOfCDcRoS+nc -Oy//M5W8tspc/YmQjYK8joYYpm3SoKfrKKmrLmSy7z0 --> ssh-ed25519 SqDBmA cSiRVHtiZbLp/OFS+5tOgmf5msgfaTUW+6U9vC8Nj1s -8pymGU7WaIx3o0WkwqFXgM9lFjvablusQF/9O9xRrcQ --> ssh-ed25519 UE6fcQ rl54j3p+k4eMCC63Hl2hKyWkKwWAS61iBdhGolnh7g0 -fqO/fSuwRyTAW49t0w/ffTMaIAvBnJrX94grAO2f0uI --> ssh-ed25519 8vZ9CQ old/mJ0AN9vJmvbr1/0ELh02R8tGPys+rwSj6Tq2Sh8 -W+BcsKswtQv+e7kAjHn6vrdApawGuNwIAK2hNV3SJWo --> ssh-ed25519 IzAMqA lotJU4JW3eHjdb+ZQ3s2XN7JmZz3FFBh7CJ1t+/+Ghc -wIJsNn4SUXjtobDz1xzLSe0oEqo3nRlWjJiLqDiHv6A --> ssh-ed25519 uZzB3g eH+/Tew6AU7j95BBMcUtwnaoReZeFp6CaF1S+JdWUCQ -VjNNv+gd1JkUVFtJx4H7qDKpOPSkgRVcsJhYFhPxbWI --> ssh-ed25519 Hb0ipQ k732pON+GqpltKfPmArf/d6wX0L5OLVh6l56M0Vf6UU -UdEG5xrFoFnjXAb47uPO0lC957yvocPgK7iRrxwBvg0 --> ssh-ed25519 uZzB3g 0Q1BNGOJoH41b6z8YG/QOi8wshGJsPHN7XXMAyIVTwE -ecj8oOZyRSYCXPXEQXmM/KDZktEpsgyohQtK45Du1ow --> ssh-ed25519 YFaxCg hHWU1ehve1zeDoilyZh1QjtSiGgii0i3ks7+DCXuPmI -krPnm4YCmcg98u735WdiwCeMLG/5Ie8rk0/AE7ZP+qk ---- 6aIkITPoSXpoPQB7IqEDvbC5SqQt+91+8SiNZbfrfwQ -0fdrCT اwwTS=M(F PQжx* Tad]Dt>W0T?i}W.n0jSʫ2\~ snДle$ 3ԭ쨋8{iY.uI|vkFvOOcsA ]:3p0\91( \ No newline at end of file +-> ssh-ed25519 V1pwNA JVysrUp8W6swlXv0ERKcVHqSaQr+oA3LC2fogPlwATQ +3hr+AvewDRSjsPJM3BbFQKAPLCGSl6IHuaOZtHMyF50 +-> ssh-ed25519 4PzZog zR6rKPs9vcvC/nk1qyHip1i9+6kbEgBcLQqDJI7e/hU +d748TFIo0EKwKreJEdEVaFO9+FxzantexynqvjHucZA +-> ssh-ed25519 5Nd93w S9jU/4qN3E9s0bXi5zoH0nxuzcGYPXLwqezNJw3TIhc +oXaibBkKdjiqDuko/GsWKkF5C92FNQIxs+fNQQEP0+g +-> ssh-ed25519 q8eJgg oCCuyZPi85tb+UxXMtfJx479RLEPtAagH9HkQ3Undww +YENj+QuWzxgJBCEXcekBGc20TQI2/Q+UKUH0V88h1JQ +-> ssh-ed25519 /Gb5gQ wv0DOmgF0JOnAIqgjFS/mxMpwovX+m8RYpWxljnN9hQ +R8h2ZzUBwX2QtSTpS6+Owp6Ih6JYK1MIBJ53xwMbCBc +-> ssh-ed25519 NtlN/A Aqz2cgvhFaYfOMw/rdQ6BvETChlgGQZN2QvKC936+lo +WkXzMfw/IJjLXgoddYZ74+i/+yM6+WXykFSH+DkZREg +-> ssh-ed25519 v2Y09A ZOHo6cr4vyTkgPsJsAZ+LImajSkXVQ3mzAPKlSS6ZmI +0sAYUb0rJUPNk0egtyksB58uPDN4F+xk7CnPI1DH/EI +-> ssh-ed25519 XSrA6w 1tciV+KCPcAvwIr1DuG4Eoe2oPNTquT7msB30HnYljs +LBYy5RQLHMIcOTUcUZ6+MpLYdnfXbSyx4kcNMxMrkKk +-> ssh-ed25519 DVzSig aarBueaR0rgOhPGIwDeboqBfQvT/dkRvf0swKm4NlWw +pxEhg8dfxz7obMdyipbpUg7IQeixNJhFfhq72jyx+bA +-> ssh-ed25519 uZzB3g g6K54jq2HOqx7wzbycJJ3ZTs98OOEb/rYFzNb4D7PC8 +yiVfm+9tFTP2Rje9HLCOWDoYpA8hMnQmovAFRLI8bb4 +-> ssh-ed25519 yvS9bw 8MuNIrtc61CGDQm/6wGBVfRZnjo7/UfbDyRq1Sj04CU +7Mnbaqeak9ykwLgh3OI3VeQ1EIZo2+80skVZZtEiSGo +-> ssh-ed25519 IzAMqA AziNzb8XO/A9IaiE5fgxTU9xNvMO5g/z6RG/loOFCGE +xxbml25nPGs1kDN/yAYOuh26Nzhx/7hOv25/8/bC8cM +-> ssh-ed25519 Hb0ipQ NDzUtPajSgMdo++L1FD5/Zx6549/8+uz3RmOYFfvV0s +cIFWJHhmvNtZjyVVBEjKYgZQcmRh6CE5fCCRpb4wPxo +-> ssh-ed25519 3pl/Kw At1BJ2WKbgJveuLxvhOUWPPJGPd9wc2AuWgQlBtnDRw +BGuaoiMt3UYwfBGPvG6JJHnQ2Ndf+J5QhsvPaL4F8ks +-> ssh-ed25519 SqDBmA WWU3AT+9L8SPXPz1sOJaBwXxT1NU5ZlcSjaPQaWydlY +aceO83wb8oNXCuWY86tOc2UqwYMHJP9y/gQc/SVXrx8 +-> ssh-ed25519 UE6fcQ b7r0Im5jYaaUMY54Tmkr+v/8n/CmfUp6+UrKPzf8wRg +1nSQ93LLZ4OVaL2D1VE5w/Wk1HaGuyGSe3jIz8cEdl8 +-> ssh-ed25519 YFaxCg cveiV9/m6G8UZWGloGOus3ftaYLTHH0N2ibTh03CqmU +NIPQrVigfgSIg01f9lzYHHemUi8fZiRllbjCBd8gG90 +-> ssh-ed25519 elCEeg inFC6DXefO27b54O70iRAhM8qzYVFYqJT2xIDDfsqWc +J4Mr0K3TIlvmY5luZPL9bYKHX1l/1rkRCKxg0gGZxZ4 +-> ssh-ed25519 8vZ9CQ xHkHzdIbHKp+qvkPG5wUgKA61wkCOTziuYbZaDo3FAI +MQh8gvvKAZahtvqqBizqVVu/rnxznzhZishIrFavIhs +--- PJAog4mRqJvcK2KqjhWxMauvAstZ02CVEIWo1+cgVMI +(>"lF$\lG[H#BpBp=q2"҇NV LEu# +ҞeY#r'XpX`B61u[=QKSq{(u!924\DY\TlsMȥIMU">(={ Lj2 Date: Thu, 30 May 2024 22:10:40 +0100 Subject: [PATCH 385/826] fix: dont have an internal ip --- machines/skynet.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/machines/skynet.nix b/machines/skynet.nix index 360896b..720e9a3 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -18,8 +18,6 @@ Notes: Does not host offical sites name = "skynet"; # DMZ that ITD provided ip_pub = "193.1.96.165"; - # for internal network connectivity - ip_int = "193.1.99.82"; hostname = "${name}.skynet.ie"; host = { ip = ip_pub; From 9316caa55928b6b2ff0ff3a01f23eb173e5533ca Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 31 May 2024 16:21:05 +0100 Subject: [PATCH 386/826] doc: up[dated csv of ports/services --- ITD_Firewall.csv | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/ITD_Firewall.csv b/ITD_Firewall.csv index fe5e0b9..a6ac0b7 100644 --- a/ITD_Firewall.csv +++ b/ITD_Firewall.csv @@ -1,18 +1,19 @@ -Index,Name,IP_Address,DNS_Name,Ports_Current,Ports_Requested,Related_Tickets,Description -SKYNET00001,agentjones,193.1.99.72,agentjones,"","","",Firewall (currently not active) -SKYNET00002,vendetta,193.1.99.120,vendetta/ns1,53,"","",DNS Nameserver 1 -SKYNET00003,jarvis,193.1.99.73,jarvis,"","","",VM Host -SKYNET00004,vigil,193.1.99.109,vigil/ns2,53,"","",DNS Nameserver 2 -SKYNET00005,galatea,193.1.99.111,galatea/stream,80/443 8000,"","",ULFM Radio -SKYNET00006,optimus,193.1.99.112,optimus/games/*.games,80/443 25565,"","",Games server -SKYNET00007,kitt,193.1.99.74,kitt/account/api.account,443,"",i23-07-28_010,"LDAP and Self-Service Password/Account management, also hosts our Discord bot" -SKYNET00008,glados,193.1.99.75,glados/gitlab/*.pages.gitlab,80/443,2222,i23-05-18_249,Gitlab server -SKYNET00009,gir,193.1.99.76,gir/mail/imap/pop3/smtp,80/443 25/143/993/587/465,"",i23-06-19_525/i23-06-19_525,Email and Webmail -SKYNET00010,wheatly,193.1.99.78,wheatly,"","","",Gitlab Runner -SKYNET00011,earth,193.1.99.79,earth,80/443,"",i23-06-19_525,Offical website host -SKYNET00012,skynet,193.1.96.165,skynet/*.users,22 80/443,"",i23-06-30_024,Skynet server. (DMZ) -SKYNET00013,neuromancer,193.1.99.80,neuromancer,"","","",Local Backup Server -SKYNET00014,cadie,193.1.99.77,cadie/nextcloud/onlyoffice.nextcloud,80/443,"",i23-10-27_014,"Services VM, has nextcloud to start with" -SKYNET00015,marvin,193.1.99.81,marvin,,,,Trainee testing server -SKYNET00016,optimus,193.1.99.99,,,,,Games server manager (replacing SKYNET00006 soon) -SKYNET00017,bumblebee,193.1.99.100,,,,,Game server - Minecraft \ No newline at end of file +Index,Name,IP_Address,DNS_Name,Ports TCP,Ports UDP,Tunnel,Ports_Requested,Related_Tickets,Description +SKYNET00001,agentjones,193.1.99.72,agentjones,,,,,,Firewall (currently not active) +SKYNET00002,vendetta,193.1.99.120,vendetta/ns1,,53,,,,DNS Nameserver 1 +SKYNET00003,jarvis,193.1.99.73,jarvis,,,,,,VM Host +SKYNET00004,vigil,193.1.99.109,vigil/ns2,,53,,,,DNS Nameserver 2 +SKYNET00005,galatea,193.1.99.111,galatea/stream,80/443 8000,,,,,ULFM Radio +SKYNET00006,optimus,193.1.99.112,optimus/games/*.games,80/443 25565,,,,,Games server +SKYNET00007,kitt,193.1.99.74,kitt/account/api.account,443,,,-> skynet:9000-9020,i23-07-28_010,"LDAP and Self-Service Password/Account management, also hosts our Discord bot" +SKYNET00008,glados,193.1.99.75,glados/gitlab/*.pages.gitlab,80/443,,,,i23-05-18_249,Gitlab server +SKYNET00009,gir,193.1.99.76,gir/mail/imap/pop3/smtp,80/443 25/143/993/587/465,,,4190,i23-06-19_525/i23-06-19_525,Email and Webmail +SKYNET00010,wheatly,193.1.99.78,wheatly,,,-> skynet:22,,,Gitlab Runner +SKYNET00011,earth,193.1.99.79,earth,80/443,,,,i23-06-19_525,Offical website host +SKYNET00012,skynet,193.1.96.165,skynet/*.users,22 80/443,,,,i23-06-30_024,Skynet server. (DMZ) +SKYNET00013,neuromancer,193.1.99.80,neuromancer,,,,,,Local Backup Server +SKYNET00014,cadie,193.1.99.77,cadie/nextcloud/onlyoffice.nextcloud,80/443,,,,i23-10-27_014,"Services VM, has nextcloud to start with" +SKYNET00015,marvin,193.1.99.81,marvin,,,,,,Trainee testing server +SKYNET00016,optimus,193.1.99.90,,80/443,,,8080,i24-02-16_065,Games server manager (replacing SKYNET00006 soon) +SKYNET00017,bumblebee,193.1.99.91,,25518-25525,19132 24418-24425,,,i24-02-16_065,Game server - Minecraft +SKYNET00018,calculon,193.1.99.82,,,,,80/443,,"Public Services such as binary cache, Open Governance and Keyserver" From 62d28bab4e04aa2712a607c06d2de96b26f5ac96 Mon Sep 17 00:00:00 2001 From: Eliza Macovei Date: Sun, 2 Jun 2024 17:51:37 +0000 Subject: [PATCH 387/826] Add records for old compsoc server, gamesoc server and philosophy and debate server. --- config/dns.nix | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/config/dns.nix b/config/dns.nix index 991f058..be272e7 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -47,7 +47,7 @@ value = "193.1.99.91"; server = true; } - { + { ### CompSoc Minecraft server record = "minecraft.compsoc.games"; r_type = "CNAME"; value = "bumblebee"; @@ -57,6 +57,36 @@ r_type = "SRV"; value = "0 10 25518 minecraft.compsoc.games.skynet.ie."; } + { ### Old Compsoc Minecraft server + record = "minecraft-classic.compsoc.games"; + r_type = "CNAME"; + value = "bumblebee"; + } + { + record = "_minecraft._tcp.minecraft-classic.compsoc.games.skynet.ie."; + r_type = "SRV"; + value = "0 10 25520 minecraft-classic.compsoc.games.skynet.ie."; + } + { ### Game Society Minecraft server + record = "minecraft.gsoc.games"; + r_type = "CNAME"; + value = "bumblebee"; + } + { + record = "_minecraft._tcp.minecraft.gsoc.games.skynet.ie."; + r_type = "SRV"; + value = "0 10 25521 minecraft.gsoc.games.skynet.ie."; + } + { ### Philosophy and Debate Minecraft server + record = "minecraft.phildeb.games"; + r_type = "CNAME"; + value = "bumblebee"; + } + { + record = "_minecraft._tcp.minecraft.phildeb.games.skynet.ie."; + r_type = "SRV"; + value = "0 10 25522 minecraft.phildeb.games.skynet.ie."; + } ]; }; } From 1fb2bba4ce70aa26e56ade991021f69dc74f7cf1 Mon Sep 17 00:00:00 2001 From: Eliza Macovei Date: Sun, 2 Jun 2024 17:56:41 +0000 Subject: [PATCH 388/826] REMOVED COMMENTS BECAUSE LINTER ERROR UGHH --- config/dns.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/config/dns.nix b/config/dns.nix index be272e7..1cdbe2d 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -47,7 +47,7 @@ value = "193.1.99.91"; server = true; } - { ### CompSoc Minecraft server + { record = "minecraft.compsoc.games"; r_type = "CNAME"; value = "bumblebee"; @@ -57,7 +57,7 @@ r_type = "SRV"; value = "0 10 25518 minecraft.compsoc.games.skynet.ie."; } - { ### Old Compsoc Minecraft server + { record = "minecraft-classic.compsoc.games"; r_type = "CNAME"; value = "bumblebee"; @@ -67,7 +67,7 @@ r_type = "SRV"; value = "0 10 25520 minecraft-classic.compsoc.games.skynet.ie."; } - { ### Game Society Minecraft server + { record = "minecraft.gsoc.games"; r_type = "CNAME"; value = "bumblebee"; @@ -77,7 +77,7 @@ r_type = "SRV"; value = "0 10 25521 minecraft.gsoc.games.skynet.ie."; } - { ### Philosophy and Debate Minecraft server + { record = "minecraft.phildeb.games"; r_type = "CNAME"; value = "bumblebee"; From cbc5af9b53a14031b7f12313077d55a9b172c8d5 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 2 Jun 2024 21:27:27 +0100 Subject: [PATCH 389/826] feat: retiring Optimus and teh games server that was hosted on it. Now fully using Pterodactyl --- ITD_Firewall.csv | 2 +- applications/{ => _retired}/games.nix | 0 applications/{ => _retired}/games/minecraft.nix | 0 config/dns.nix | 2 +- flake.nix | 3 --- machines/{ => retired}/optimus.nix | 0 6 files changed, 2 insertions(+), 5 deletions(-) rename applications/{ => _retired}/games.nix (100%) rename applications/{ => _retired}/games/minecraft.nix (100%) rename machines/{ => retired}/optimus.nix (100%) diff --git a/ITD_Firewall.csv b/ITD_Firewall.csv index a6ac0b7..41a4dc6 100644 --- a/ITD_Firewall.csv +++ b/ITD_Firewall.csv @@ -4,7 +4,7 @@ SKYNET00002,vendetta,193.1.99.120,vendetta/ns1,,53,,,,DNS Nameserver 1 SKYNET00003,jarvis,193.1.99.73,jarvis,,,,,,VM Host SKYNET00004,vigil,193.1.99.109,vigil/ns2,,53,,,,DNS Nameserver 2 SKYNET00005,galatea,193.1.99.111,galatea/stream,80/443 8000,,,,,ULFM Radio -SKYNET00006,optimus,193.1.99.112,optimus/games/*.games,80/443 25565,,,,,Games server +SKYNET00006,optimus,193.1.99.112,optimus/games/*.games,80/443 25565,,,,,Retired Games server SKYNET00007,kitt,193.1.99.74,kitt/account/api.account,443,,,-> skynet:9000-9020,i23-07-28_010,"LDAP and Self-Service Password/Account management, also hosts our Discord bot" SKYNET00008,glados,193.1.99.75,glados/gitlab/*.pages.gitlab,80/443,,,,i23-05-18_249,Gitlab server SKYNET00009,gir,193.1.99.76,gir/mail/imap/pop3/smtp,80/443 25/143/993/587/465,,,4190,i23-06-19_525/i23-06-19_525,Email and Webmail diff --git a/applications/games.nix b/applications/_retired/games.nix similarity index 100% rename from applications/games.nix rename to applications/_retired/games.nix diff --git a/applications/games/minecraft.nix b/applications/_retired/games/minecraft.nix similarity index 100% rename from applications/games/minecraft.nix rename to applications/_retired/games/minecraft.nix diff --git a/config/dns.nix b/config/dns.nix index 1cdbe2d..1851ee9 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -31,7 +31,7 @@ config = { skynet.records = [ { - record = "optimus-reborn"; + record = "optimus"; r_type = "A"; value = "193.1.99.90"; server = true; diff --git a/flake.nix b/flake.nix index 173639a..50b17f9 100644 --- a/flake.nix +++ b/flake.nix @@ -135,9 +135,6 @@ # icecast - ULFM galatea = import ./machines/galatea.nix; - # Game host - optimus = import ./machines/optimus.nix; - # LDAP host kitt = import ./machines/kitt.nix; diff --git a/machines/optimus.nix b/machines/retired/optimus.nix similarity index 100% rename from machines/optimus.nix rename to machines/retired/optimus.nix From 8d60c67722904a87813e8eddf2d3790abd599380 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 2 Jun 2024 21:29:06 +0100 Subject: [PATCH 390/826] doc: added a status col --- ITD_Firewall.csv | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/ITD_Firewall.csv b/ITD_Firewall.csv index 41a4dc6..7978336 100644 --- a/ITD_Firewall.csv +++ b/ITD_Firewall.csv @@ -1,19 +1,19 @@ -Index,Name,IP_Address,DNS_Name,Ports TCP,Ports UDP,Tunnel,Ports_Requested,Related_Tickets,Description -SKYNET00001,agentjones,193.1.99.72,agentjones,,,,,,Firewall (currently not active) -SKYNET00002,vendetta,193.1.99.120,vendetta/ns1,,53,,,,DNS Nameserver 1 -SKYNET00003,jarvis,193.1.99.73,jarvis,,,,,,VM Host -SKYNET00004,vigil,193.1.99.109,vigil/ns2,,53,,,,DNS Nameserver 2 -SKYNET00005,galatea,193.1.99.111,galatea/stream,80/443 8000,,,,,ULFM Radio -SKYNET00006,optimus,193.1.99.112,optimus/games/*.games,80/443 25565,,,,,Retired Games server -SKYNET00007,kitt,193.1.99.74,kitt/account/api.account,443,,,-> skynet:9000-9020,i23-07-28_010,"LDAP and Self-Service Password/Account management, also hosts our Discord bot" -SKYNET00008,glados,193.1.99.75,glados/gitlab/*.pages.gitlab,80/443,,,,i23-05-18_249,Gitlab server -SKYNET00009,gir,193.1.99.76,gir/mail/imap/pop3/smtp,80/443 25/143/993/587/465,,,4190,i23-06-19_525/i23-06-19_525,Email and Webmail -SKYNET00010,wheatly,193.1.99.78,wheatly,,,-> skynet:22,,,Gitlab Runner -SKYNET00011,earth,193.1.99.79,earth,80/443,,,,i23-06-19_525,Offical website host -SKYNET00012,skynet,193.1.96.165,skynet/*.users,22 80/443,,,,i23-06-30_024,Skynet server. (DMZ) -SKYNET00013,neuromancer,193.1.99.80,neuromancer,,,,,,Local Backup Server -SKYNET00014,cadie,193.1.99.77,cadie/nextcloud/onlyoffice.nextcloud,80/443,,,,i23-10-27_014,"Services VM, has nextcloud to start with" -SKYNET00015,marvin,193.1.99.81,marvin,,,,,,Trainee testing server -SKYNET00016,optimus,193.1.99.90,,80/443,,,8080,i24-02-16_065,Games server manager (replacing SKYNET00006 soon) -SKYNET00017,bumblebee,193.1.99.91,,25518-25525,19132 24418-24425,,,i24-02-16_065,Game server - Minecraft -SKYNET00018,calculon,193.1.99.82,,,,,80/443,,"Public Services such as binary cache, Open Governance and Keyserver" +Index,Status,Name,IP_Address,DNS_Name,Ports TCP,Ports UDP,Tunnel,Ports_Requested,Related_Tickets,Description +SKYNET00001,Active,agentjones,193.1.99.72,agentjones,,,,,,Firewall (currently not active) +SKYNET00002,Active,vendetta,193.1.99.120,vendetta/ns1,,53,,,,DNS Nameserver 1 +SKYNET00003,Active,jarvis,193.1.99.73,jarvis,,,,,,VM Host +SKYNET00004,Active,vigil,193.1.99.109,vigil/ns2,,53,,,,DNS Nameserver 2 +SKYNET00005,Active,galatea,193.1.99.111,galatea/stream,80/443 8000,,,,,ULFM Radio +SKYNET00006,Retired,optimus,193.1.99.112,optimus/games/*.games,80/443 25565,,,,,Retired Games server +SKYNET00007,Active,kitt,193.1.99.74,kitt/account/api.account,443,,,-> skynet:9000-9020,i23-07-28_010,"LDAP and Self-Service Password/Account management, also hosts our Discord bot" +SKYNET00008,Active,glados,193.1.99.75,glados/gitlab/*.pages.gitlab,80/443,,,,i23-05-18_249,Gitlab server +SKYNET00009,Active,gir,193.1.99.76,gir/mail/imap/pop3/smtp,80/443 25/143/993/587/465,,,4190,i23-06-19_525/i23-06-19_525,Email and Webmail +SKYNET00010,Active,wheatly,193.1.99.78,wheatly,,,-> skynet:22,,,Gitlab Runner +SKYNET00011,Active,earth,193.1.99.79,earth,80/443,,,,i23-06-19_525,Offical website host +SKYNET00012,Active,skynet,193.1.96.165,skynet/*.users,22 80/443,,,,i23-06-30_024,Skynet server. (DMZ) +SKYNET00013,Active,neuromancer,193.1.99.80,neuromancer,,,,,,Local Backup Server +SKYNET00014,Active,cadie,193.1.99.77,cadie/nextcloud/onlyoffice.nextcloud,80/443,,,,i23-10-27_014,"Services VM, has nextcloud to start with" +SKYNET00015,Active,marvin,193.1.99.81,marvin,,,,,,Trainee testing server +SKYNET00016,Active,optimus,193.1.99.90,,80/443,,,8080,i24-02-16_065,Games server manager (replacing SKYNET00006 soon) +SKYNET00017,Active,bumblebee,193.1.99.91,,25518-25525,19132 24418-24425,,,i24-02-16_065,Game server - Minecraft +SKYNET00018,Active,calculon,193.1.99.82,,,,,80/443,,"Public Services such as binary cache, Open Governance and Keyserver" From 991758ef461319f000c5ebc29cedbf9b7269e6f5 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 3 Jun 2024 03:31:40 +0000 Subject: [PATCH 391/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index e7aee8a..9013a7c 100644 --- a/flake.lock +++ b/flake.lock @@ -865,11 +865,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1715527488, - "narHash": "sha256-Bib8TlcoDGSLTPKp75f9RqZZZpBuxH/bF8JULKwg5iA=", + "lastModified": 1717384007, + "narHash": "sha256-IeCdXn//JXE68biYc2tc47gUbjehOriE7iliRhMyk4o=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "ed4c46e81db5a7c412715d52003db7632e21a573", + "rev": "55b2e534d4ce6986edfdd4fb59a6302e9cd923ad", "type": "gitlab" }, "original": { From dbf7a4d5d13d85fe9c1609bc76af8b01e0f64cc5 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 3 Jun 2024 04:36:44 +0100 Subject: [PATCH 392/826] fix: didnt set the server cname properly --- config/dns.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/dns.nix b/config/dns.nix index 1851ee9..0dd6133 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -39,7 +39,7 @@ { record = "panel.games"; r_type = "CNAME"; - value = "optimus-reborn"; + value = "optimus"; } { record = "bumblebee"; From c4e3a41831a3cbd84dad977b1c7b93138f499f62 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 3 Jun 2024 04:17:55 +0000 Subject: [PATCH 393/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 9013a7c..a44cbda 100644 --- a/flake.lock +++ b/flake.lock @@ -865,11 +865,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1717384007, - "narHash": "sha256-IeCdXn//JXE68biYc2tc47gUbjehOriE7iliRhMyk4o=", + "lastModified": 1717387764, + "narHash": "sha256-paKfG0eYMlCYFXTey0Bgza7R+z8lMqPnSFHOU5lmxyc=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "55b2e534d4ce6986edfdd4fb59a6302e9cd923ad", + "rev": "86bb566e5e5669a66bfd31de26327448b0db87ac", "type": "gitlab" }, "original": { From b2ecb14f6876ee1ff06d0a717cb439494889b40b Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 3 Jun 2024 17:25:15 +0000 Subject: [PATCH 394/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index a44cbda..218fa6a 100644 --- a/flake.lock +++ b/flake.lock @@ -865,11 +865,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1717387764, - "narHash": "sha256-paKfG0eYMlCYFXTey0Bgza7R+z8lMqPnSFHOU5lmxyc=", + "lastModified": 1717435434, + "narHash": "sha256-r02WUVXq+QojkBcvWl7kn3M42d9G5iCNtM3/j8hEmv4=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "86bb566e5e5669a66bfd31de26327448b0db87ac", + "rev": "15720a1f131efed9924482e58fceef04fcb1c1e6", "type": "gitlab" }, "original": { From a156d1ba1ec0b5b3ac95c8fab6528114d004e279 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 3 Jun 2024 20:03:49 +0100 Subject: [PATCH 395/826] fix: new cache key --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 50b17f9..397f721 100644 --- a/flake.nix +++ b/flake.nix @@ -82,7 +82,7 @@ nixConfig = { bash-prompt-suffix = "[Skynet Dev] "; extra-substituters = "https://nix-cache.skynet.ie/skynet-cache"; - extra-trusted-public-keys = "skynet-cache:OdfA4Or0JcHiHf05fsiIR4nZT2z2yDEtkoLqhntGAz4="; + extra-trusted-public-keys = "skynet-cache:zMFLzcRZPhUpjXUy8SF8Cf7KGAZwo98SKrzeXvdWABo="; }; outputs = { From b7a5042538db24d3141f60a09f273ad0a6ea4c3e Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 3 Jun 2024 20:19:50 +0000 Subject: [PATCH 396/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 218fa6a..7393009 100644 --- a/flake.lock +++ b/flake.lock @@ -865,11 +865,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1717435434, - "narHash": "sha256-r02WUVXq+QojkBcvWl7kn3M42d9G5iCNtM3/j8hEmv4=", + "lastModified": 1717445428, + "narHash": "sha256-KL5PlkkWvFtq2R1dxavvZOQzA2CI5hjpa/HJEIpla2Q=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "15720a1f131efed9924482e58fceef04fcb1c1e6", + "rev": "7c2d392e356f8a7e2a985b7c8abc0ced308001cb", "type": "gitlab" }, "original": { From 62fe4a2ba5f910e7aef926605c0cf407e323fab8 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 3 Jun 2024 22:42:04 +0000 Subject: [PATCH 397/826] [skip ci] Updated flake for skynet_discord_bot --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 7393009..a330be9 100644 --- a/flake.lock +++ b/flake.lock @@ -865,11 +865,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1717445428, - "narHash": "sha256-KL5PlkkWvFtq2R1dxavvZOQzA2CI5hjpa/HJEIpla2Q=", + "lastModified": 1717453955, + "narHash": "sha256-axbeauP+9PP4qiwCiMvvGd6XTnjv12+QkZP3K2yFCeU=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "7c2d392e356f8a7e2a985b7c8abc0ced308001cb", + "rev": "48b52f3c0905af7341e45e2b950aba43af68c80e", "type": "gitlab" }, "original": { From 37bfebec20ac84b00e9474e6e056b7003c5cd61f Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 3 Jun 2024 23:04:52 +0000 Subject: [PATCH 398/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index a330be9..8a0894f 100644 --- a/flake.lock +++ b/flake.lock @@ -887,11 +887,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1711629668, - "narHash": "sha256-ZLnOj4YczToeIZ5k+E2qyfAa430urUnHmGC23cmQtqo=", + "lastModified": 1717455454, + "narHash": "sha256-n3Q+1GU95sn4/TMErtaWuq9hKisYx9U3xBowFvbAG6g=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Fbackend", - "rev": "c1b42a81320a7091e200e966354cf2c839c9f08e", + "rev": "7ca705cc0a19d5e684f45354b9f71325bdf3b4c4", "type": "gitlab" }, "original": { From 7d8833a4514204619d7fdcd76268aa011d7e673d Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 5 Jun 2024 14:31:50 +0100 Subject: [PATCH 399/826] feat: results f testing exporters for DNS last night Relates to #70 --- applications/dns.nix | 10 +++++++++ applications/prometheus.nix | 41 +++++++++++++++++++++++++++---------- 2 files changed, 40 insertions(+), 11 deletions(-) diff --git a/applications/dns.nix b/applications/dns.nix index a3e8a8b..deec46d 100644 --- a/applications/dns.nix +++ b/applications/dns.nix @@ -342,6 +342,12 @@ in { }; config = lib.mkIf cfg.server.enable { + # logging + services.prometheus.exporters.bind = { + enable = true; + openFirewall = true; + }; + # services.skynet.backup.normal.backups = ["/etc/skynet/dns"]; # open the firewall for this @@ -386,6 +392,10 @@ in { # need to take a look at https://nixos.org/manual/nixos/unstable/#module-security-acme-config-dns extraConfig = '' include "/run/agenix/dns_dnskeys"; + + statistics-channels { + inet 127.0.0.1 port 8053 allow { 127.0.0.1; }; + }; ''; # piles of no valid RRSIG resolving 'com/DS/IN' errors diff --git a/applications/prometheus.nix b/applications/prometheus.nix index 556a16e..d60dc83 100644 --- a/applications/prometheus.nix +++ b/applications/prometheus.nix @@ -7,6 +7,25 @@ with lib; let name = "prometheus"; cfg = config.services.skynet."${name}"; + + # dont have to worry about any external addresses for this + # create a list of either "ip@port" or "" + # the ""s then get filtered out by filter_empty + exporters = { + dns = ( + lib.attrsets.mapAttrsToList ( + key: value: + if value.config.services.skynet.dns.server.enable + then "${value.config.deployment.targetHost}:${toString value.config.services.prometheus.exporters.bind.port}" + else "" + ) + nodes + ); + node = lib.attrsets.mapAttrsToList (key: value: "${value.config.deployment.targetHost}:${toString config.services.prometheus.exporters.node.port}") nodes; + }; + + # clears any invalid entries + filter_empty = inputs: (builtins.filter (value: value != "") inputs); in { imports = []; @@ -19,7 +38,7 @@ in { default = 9001; }; - other_nodes = mkOption { + external.node = mkOption { type = types.listOf types.str; default = []; description = '' @@ -27,24 +46,16 @@ in { ''; }; }; - - port_collecter = mkOption { - type = types.port; - default = 9002; - }; }; config = mkMerge [ { services.prometheus.exporters.node = { enable = true; + openFirewall = true; # most collectors are on by default see https://github.com/prometheus/node_exporter for more options enabledCollectors = ["systemd"]; - port = cfg.port_collecter; }; - - # make sure the port is open - networking.firewall.allowedTCPPorts = [cfg.port_collecter]; } (mkIf cfg.server.enable { services.prometheus = { @@ -55,7 +66,15 @@ in { job_name = "node_exporter"; static_configs = [ { - targets = (lib.attrsets.mapAttrsToList (key: value: "${value.config.deployment.targetHost}:${toString cfg.port_collecter}") nodes) ++ cfg.server.other_nodes; + targets = filter_empty (exporters.node ++ cfg.server.external.node); + } + ]; + } + { + job_name = "bind"; + static_configs = [ + { + targets = filter_empty exporters.dns; } ]; } From 5ba92dcbc136a182c5f7932dd2b456964737efc6 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 6 Jun 2024 18:45:09 +0100 Subject: [PATCH 400/826] fix: seems like some of teh dashboards want processes Closes #70 --- applications/prometheus.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/prometheus.nix b/applications/prometheus.nix index d60dc83..674d161 100644 --- a/applications/prometheus.nix +++ b/applications/prometheus.nix @@ -54,7 +54,7 @@ in { enable = true; openFirewall = true; # most collectors are on by default see https://github.com/prometheus/node_exporter for more options - enabledCollectors = ["systemd"]; + enabledCollectors = ["systemd" "processes"]; }; } (mkIf cfg.server.enable { From 8c7f2b545495d6d3bdb40a04247a9f986b65476c Mon Sep 17 00:00:00 2001 From: daragh downes Date: Thu, 6 Jun 2024 18:01:46 +0000 Subject: [PATCH 401/826] feat : make esy admin --- config/users.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/users.nix b/config/users.nix index 3f4fd28..eafa6ba 100644 --- a/config/users.nix +++ b/config/users.nix @@ -61,10 +61,10 @@ in { "evanc" "eoghanconlon73" "eliza" + "esy" ]; trainee = [ "milan" - "esy" "kronsy" ]; lifetime = []; From e94683c3d52a7b9ebb6208989198043891460f61 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 6 Jun 2024 21:35:35 +0100 Subject: [PATCH 402/826] fmt: better formatting of the backup server file --- applications/restic.nix | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/applications/restic.nix b/applications/restic.nix index df273e6..e410a5f 100644 --- a/applications/restic.nix +++ b/applications/restic.nix @@ -144,14 +144,15 @@ in { }; }; - config = + config = mkMerge [ { # these values are anabled for every client environment.systemPackages = with pkgs; [ restic ]; } - // mkIf cfg.server.enable { + + (mkIf cfg.server.enable { networking.firewall.allowedTCPPorts = [ cfg.server.port ]; @@ -171,8 +172,9 @@ in { appendOnly = cfg.server.appendOnly; privateRepos = true; }; - } - // mkIf enable_client { + }) + + (mkIf enable_client { # client stuff here # A list of all login accounts. To create the password hashes, use @@ -181,15 +183,17 @@ in { age.secrets.restic.file = ../secrets/backup/restic.age; - services.restic.backups = + services.restic.backups = mkMerge [ ownServers - // { + { # merge teh two configs together # backblaze = base // { # # backupos for each server are stored in a folder under their name # repository = "b2:NixOS-Main2:/${config.services.skynet.host.name}"; # #environmentFile = config.age.secrets.backblaze.path; # }; - }; - }; + } + ]; + }) + ]; } From ce820a5d3c96419044809c8b66d04c917f05a088 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 6 Jun 2024 23:22:55 +0000 Subject: [PATCH 403/826] fix: this should fix up this job (hopefully) --- .gitlab-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a70a1ad..4e56b1d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -48,7 +48,8 @@ sync_repos: - chmod +x ./sync.sh - ./sync.sh rules: - - changes: + - if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' + changes: - sync/repos.csv .scripts_base: &scripts_base From 8c96241b67ce4acaf924d4654c7103a35fbdd085 Mon Sep 17 00:00:00 2001 From: runner_nix Date: Fri, 7 Jun 2024 17:59:13 +0000 Subject: [PATCH 404/826] [skip ci] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 8a0894f..874f430 100644 --- a/flake.lock +++ b/flake.lock @@ -887,11 +887,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1717455454, - "narHash": "sha256-n3Q+1GU95sn4/TMErtaWuq9hKisYx9U3xBowFvbAG6g=", + "lastModified": 1717782746, + "narHash": "sha256-LZovqXjhDIUe/T+bU5wtwN1RbcPjkZK6yQNhPa9Nrwc=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Fbackend", - "rev": "7ca705cc0a19d5e684f45354b9f71325bdf3b4c4", + "rev": "5b94811276d70b00cc292081f623b6f52a710b84", "type": "gitlab" }, "original": { From 4b9a743e40b863a9127b5e6d43c0d0fbd43ff56e Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 7 Jun 2024 19:11:08 +0100 Subject: [PATCH 405/826] admin: add eliza and esy as admins to teh secrets --- secrets/backup/restic.age | Bin 2320 -> 2320 bytes secrets/backup/restic_pw.age | 24 ++++++++--------- secrets/bitwarden/details.age | Bin 825 -> 825 bytes secrets/bitwarden/id.age | Bin 701 -> 701 bytes secrets/bitwarden/secret.age | 24 ++++++++--------- secrets/discord/ldap.age | 39 ++++++++++++++-------------- secrets/discord/token.age | Bin 805 -> 805 bytes secrets/dns_certs.secret.age | Bin 2374 -> 2374 bytes secrets/dns_dnskeys.conf.age | 31 +++++++++++----------- secrets/email/details.age | Bin 1089 -> 1089 bytes secrets/gitlab/db_pw.age | Bin 781 -> 781 bytes secrets/gitlab/ldap_pw.age | Bin 780 -> 780 bytes secrets/gitlab/pw.age | Bin 781 -> 781 bytes secrets/gitlab/runners/runner01.age | Bin 735 -> 735 bytes secrets/gitlab/runners/runner02.age | Bin 735 -> 735 bytes secrets/gitlab/secrets_db.age | Bin 781 -> 781 bytes secrets/gitlab/secrets_jws.age | Bin 2330 -> 2330 bytes secrets/gitlab/secrets_otp.age | Bin 780 -> 780 bytes secrets/gitlab/secrets_secret.age | Bin 780 -> 780 bytes secrets/grafana/pw.age | Bin 694 -> 694 bytes secrets/ldap/details.age | Bin 1307 -> 1307 bytes secrets/ldap/pw.age | Bin 1110 -> 1110 bytes secrets/nextcloud/pw.age | 24 ++++++++--------- secrets/secrets.nix | 2 ++ secrets/stream_ulfm.age | Bin 2864 -> 2864 bytes secrets/wolves/details.age | Bin 1131 -> 1131 bytes 26 files changed, 73 insertions(+), 71 deletions(-) diff --git a/secrets/backup/restic.age b/secrets/backup/restic.age index ee33aa47ccfd2eb07eba6e7de681eaf1e058afef..191ec82ee821742d8d3cba3eb14ce01bfc9da5e7 100644 GIT binary patch literal 2320 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5zL6H8U|c zEz^!NtuPNMsEBekck(U{HuOz)FOSeqHZbuE%gakNHVjM)OXi9Q4$F%QO-n9KaSY6H z$+xI9$w&^%%1VhWs0hic2+hnf@k%xG_YMim%|^G)B%mrPKV6~FKPw|A$FtHfB+=W; zInywpsvO@B&FCZq9C&%KQb!I$%M<)Gs3{P&?nC)F~vPM$ko^*Gb7tL zJ<>uu-Otyj)FLONJS!(X!YC~*-51?9Q@<2T<8p-(|MIkapTyjvl1K{^i}X^1EGiRAt8yZ9f`XkY5 zJJdoy$bc)@qq01=BG9zRFeo%DFsm%MGSSJ~HzTRi&&|mt-BLd*%eTtVKRnzeFcjTy zekD16`i=?#RplxAj=n}2Ub&(EIpqbVMOCg@!AYj6A>mnuPUeBW!R|Sw6&?XmmFZl? zWdX&3>5eXuRr$e*g~nk;mgU-!0R@=`QDNl){zZXFDHfH+;T3^V0T$@Cl^I1ESUM`C zgjhIcr~0O)nWTE;XQn%Pd0XZg6z8U=n`=9nq?Sg6RRl)(Ih%Mo2bXgt8D}J$8G4w9 z7)M5Am^vF9m4>*5W~X`>rxjFL6h~SnRV0-L6&aiP`A4GL77<+JXjZOJWftO`>{D4> zYEe*Snr~ieQe2vmkr^D69FUb3SYldQnVIPCT;}NSSC!3Gk(g#`TAZAi9F!CioD=4m zpHf^IWSMFanNyOLmu+m|9hvD{Wn5n6SLupwn@d<#aAvwfQe|OMn169dcyL*!tCMR; zxuI9MV{&+)rMpX7p+|5)QBiPYxVB}Eb7(S`t3_sdc|c@daB-<|nx(gSW{J70x0gpm zo|k8dTX1Daxp`zrZnn3#n_D@$ZKY9FPR8j9#bqgFnZ^~`DftEI0pY>krU9t|E@uAW ziIJ(9t{$$Q?iD3z=^>f^w__lJclh(@Ee1Cy%azye>F!aSpVAG7cfzi|C@r)o2O@F1%#(WnY$Pkl_dEkIR^xXhnriv2YG~=24tp|M7or7S>!lp zdnEd1mSp4>ghsf8rR3>{r6-z3x`ve%X6EH3J6bwrrTUr|>3d^ zr$kTZe6ut!eG{WB3+GDhjNr7ufI|1I>|n#(tSa-oJRhU*NW)03ilETIsI;IEFaMz6 zC>Otcv#O%dQu8bi#|qaf{mdkfG_Sl6r=ZfZER%F}zXcb%IORGj_y?q$SGg9YIeHhA zqy_jSC8Zk#r<9wy=O?9_r~2oWdzotc8E5;JI(ZaxxhDpd85UH9nim=sBzigKL}fb` z_p-`sXI5strAHQ{+ZO6-mX;i-P!w2F>6n+C5*C?R;*(pFmYkw* zR_+z-?_-!#l@@5E@0(pzVq}n;>6_`uhz$dS{q<7F$N9Yn!Gdxn(5gR~Bbv z8G3kThM8pqx)eGk`DA%=Ri-;-=lYww6a>4Pre)-(IeH}rrWE@Zgyu(thI;uF1sMe- zh3F@T1f*c(fYcmk*VJ?cBmKNIpQJRu%raN~Aj{ISqGJ8@B<(7XybvGHG`A4{%n#t}*Cexyd>0Rcl$4xM*K`+uZv%Y;OViRspQL>B zkhCa^vUCnqNUt)=FfufDDsstBH3@KyO3sQ(HZ%3g3rLAf^ff3gEHbz7jW8`U$q6*! z@(;>QG{~>0G|CT8k1VQ4D@aL=G){>!Nq2S5@wISGFUWAN@~zBrDfDpU($&>f(2j@- zG6~YJ$PWqjNcT^5s|t(^Pc7Cqa&^@94=}MPbx$h~FmX%IPIXJ>G7D?oz{#I+@rYQ4 zXI*|^RjyUW+nO)j0egZjYD8$-WNhk8vs@ImwW;r=-@-YUH;c@FX_4f=KacqlCr6{P zubq<69E;9LF4$_LEUPX$mcOjKrT^wvq3V6cDG$2-)jf6zTk&=_ E0M~{DB>(^b literal 2320 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5t-0%QQ?Z z332sGD=^CR^LMu}GYK&>$uN#AFv;}y_A+zMOwM&FbImWzbma;OF3B&-E-Ug6&rC~6 z^eryWHuB9h&<^+VcQZCCDGjbDu+)xBPN^u!azwYyB%mrPKV3oFTi?|pq&%cBz@W6G zEG0C%B+b&o$T`q5D(|1oYO%GJ4C@Klcj;QjejBu~AEHDiBbT-WNaf>i3bPdc14XaAEFipuQ z%<(bJH;Cj4_sU8yFAjHeOf?S)@D7ct%FFgDNwm=S2@Fin3AIej4l+;4&h#kqNx}$8 zzmgn3eMbdO1er&e8@u_X86^2<7#5@377<+JXjZOZo*EvU5p0oD z<{R#&pX;AmYM7d2>Xq!2ogSE5oEhTi9Ta60YLs47o?gxs;gb|nmgDB^>su6PUY75X zQ($4}nj2PB7?vJnkeOfLk!5O9aY;Zx zUbeTFiKCZuNS=S1UqDrAW@NaTTUbO$pocG)VU6K&#npz^>?Z;O!AKmD)ToCFm&}PEUYY#OexGN zcg;q(&9lnUx6n}`x70Y_H@K|I)g?GJ+^i}qsU#=axwIrZ-_SKQsVvVY!@$JPtE4R7 zz$KC^IKVS7JuKO>GSKAU8X)P`@BM$|R+#z_rB9*ef$2EGN)8!_+OyG`SqzHjgBO z%z{9L)Q~*CEYA{Gmz1brZ*L#3iX!8j)PRVHQeXEfN7Eeril~T+tiTG7fbwE4uVg3F zAQLz3!o;f7q~xS@Ll;+*P^YReBUc~osLb35bJrl#+*0ktoHC4fGcL%{_byj(4Kpjs zbzQEqmGzE`$OVnkk` zU#fO)h(&m@yGM9MP>8=pUYKcBP)?)$P3gj$fEG|PU&2}Mma&@25!Z{8Rf>sfu<1wCawYbnMsa5QC>c!rjF$0q{w`^5C2raN!RD2wRjyptE4h1?mG9m&f9uYz zl1^8bZZUt>?733&`WrC$#sd`+Uvo>Zz4s>H2)HSDSaTo(W%?WwO_W zmF3r7`S?AlSup#+s{E78jCmPCt6x7pz|5+#DL!Y7f~(W%tLb*uPmgNMu(UgLA@WhC z+bR$CoZH3o7awYCpY!ZwM%B8{7N>%LdcXN;d^uFZJ$Twe-tQ9>uRXK4aB55RQmI-U E07$3-*Z=?k diff --git a/secrets/backup/restic_pw.age b/secrets/backup/restic_pw.age index 31474d1..494ddca 100644 --- a/secrets/backup/restic_pw.age +++ b/secrets/backup/restic_pw.age @@ -1,13 +1,13 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA olslO4c+ZlJtfdnTvlUz/JToxVa4mKVMc2eImIb3R34 -xVWXF6S38aPtZnhVdJBFcNMLZbsXyfGOyP4xvVmcqwg --> ssh-ed25519 4PzZog zmdNvTqZx9XNzXITLXZrIrtlKm1+r3BCthr5z3JNMDo -hGyzFvvPf/OpNwBKml3R7nas8n3KihaMtZipnbB6Hx4 --> ssh-ed25519 5Nd93w FB2Q42uQesjMDfE0WpVAp/0bob/37k1BDBBH13ul5QM -tFrXKb372CcnEMaunjm9aJ6ZBEXLK/EvhAD0Lc5haqQ --> ssh-ed25519 q8eJgg yzncjdMSAILkSPzccY9uq4yULhbVi447IkC2mk+b5GY -YdEh5Fbr4U1Jwr2r7tNDorzrxyRVy5n5Cb9hhQG+TPs --> ssh-ed25519 3pl/Kw sZ0skpiwJWPoqGMIhIUonQkJ5Pa1i37X9OyJHVwRngs -FqHMytq+bYoQBI/BwQvmjR1hvInhltkcuV1H6mcolUY ---- 0MouBOwGiCtj1xzuEZNiu0v/1vsqrHX349hRrTADwZs -s+7pɍ`h*pBNyb:4 T۰,"yګΓ@NR]жbuk/1jDn]'z oG \ No newline at end of file +-> ssh-ed25519 V1pwNA qZ7CudBTDbC2IN/xxqKXGOY6NqHtm3Vmk1VInhjawAA +MPoBpMCNwXDWr2Kv4c0BFClkWfUl2n6JMyxhQ0XRRMc +-> ssh-ed25519 4PzZog AI4ny+mDIRaaJc2spa4gWBpjK5i8M3Feh8wL+sYXUnM +hRs3ZFUIC9TQzhLwI6FvZ213pqoa6aRRdhGmX793t5M +-> ssh-ed25519 5Nd93w GpuVJYN3AYLO2YMvkaDpxeqJtsUfpS5bmIGvnHMMLmo +0niSwyHjIcMHad21h026P3zbucg7h3w4DNrkdDNw2c4 +-> ssh-ed25519 q8eJgg dNylSaId05RAVPAm6NHTGmWks0NLH4GU5mIXgo7w6To +x5iyeOAWE/K+wMbyTkvnH29WDYeIBy4ItFk//jRU5Ak +-> ssh-ed25519 3pl/Kw XPioumuJdUvoP0radVfv24qxql3HxdKjWseK0Oy3KC4 +4WbwRgjTnmugQfelfcZaArsWbFtfHydojT6gblfID9Y +--- abaCteISdhpp4Q77f7FDW4f5LJuJa21GfZUeNwM5SFQ +:-lPJL[f4V{`\¡V~gipG9IgaQRnl^qMT->QV 6ܑ F=;0$y| \ No newline at end of file diff --git a/secrets/bitwarden/details.age b/secrets/bitwarden/details.age index 80c4e9e837e44ded274f589e8b3d101c2439bfe1..500ac6e96eacfccb14408863de1db3b89c0fecea 100644 GIT binary patch delta 736 zcmdnVwv%mwPJLLaXJ}}JSGHxbW4Wi3qfb#*xvyn%L8W`KUsiT#m0x~JaHLmgfTeMH zHkWCZslS(7gm6q4O+pj%Q=Gj+J#s88BQgq|bE1k3i@gmz6Z0auBFzeuvrP5N^bN{$O9JvM zQ{6({Li0mQOVbNW^>f@pO~Z-;wVhM_OH<1ypJf!U&o8WSGssOhEwwPn4@u8TOfM)8 za7`+AH}S17&#}xZ(hjo>NX$(P^h_`2N;gciEJ!kQ4@wJk&&ka3F0U%gD~-%H3O4YL zD9bA|E_I7C@O2Kd&@am8($&>f&`&WmOZ3Yu2{+CwHY+RAPWAV24@l2St~ARiDJ-`z zsR}WwFD2E%pEH*zlMX}n}ByZJ| zKQ}lmjn+)etDmBOs7%rB?ggvQ)1=%3O4qGF?x1k#;OUs@i$pY+T;E#s=}1P_*Q(RD zcPhRYG|g_5+c;-w#^M)0qt2Jx-}7#pgH!PFeX}#_67s z26-vLp2exzZvGWT+Wwvy@-*-> z@QBh546zK2O3%y-_HnZC4{@t-bqOryayRoa3=225C@@I%bt*Ft_A>NLEAS7_&j?9O ztIRNqGz=)O%<@amO0;m~($&>fNR24;c25oP@ia1ZHg``6jttB)DE2E&^~(<|GAr~? za}9K_H}cO7a&#%l=8CJXmzncv>(RXimzV|gMb51~dHdAiUbzA_uXE>Bojvmp&r{?} zuK#qkI9e^ROn{j-|Q2u|;IDvA?B$fw8M)x=CoHBbTn7LUD11 zZfc5=si~o*f=NJCRDQaGxus-=ZfWx7{caDH%_xm!U%M82i5bBL+0iE&z3VX~vS zQ?Qw~mw&DaSCMIQd2pmzc}Z4~LArT{cbdM3X_i-IUZ7v1fpbPkLAribd46${dA6^~ z#E;_Pj-g>Le&GR@hG|Z&eqoha#YN#>NtVfGk)>%amWd{b#$o!7so~mYX^zQU8AX-) zp+%+ThWVcE&f&h5IbKDMVSY(vrIFeCZc(n;l~ENX0UkNw=Ea_q;~B-n{R~rmO^XBb zLiNq^-Mk8N^L@PC-HV;dES$5m5~E6tT%A%2vh^#oKLp(eupJf!Uk210dN=Y+G^9xS)%Qeo9^a>3z z2{iG^NvrZoEG!O4^>EKO3U*6MEO9L6@^wj!^eiY1Gfu=K4e_Vv>DC@iihFgLZZ^!4>G@b!-hDfOz*HqG`5 zGKzAEN)Jwo@T$sk delta 611 zcmdnXx|el=PQ8JCa;Q;QdZE6Fk#}~KhrWMGgtmLOt8an6eq?S&cD_Mbs-;VjYoS-D zBUe#GWpxm%z|aY2-YTX2f zPl=mFv8ii0mv4}%n@^Zewp&h1nB_{ck;~B-nebd9uqSC!H z^7BfJ{nC8%jPfj!jFU4x@=PKNf;~(!oqWpDio=4<^urCf5)FI|TqAQlyds^-vs@D` zvdZ!;J$$45{ZdWx-LuToj4i98(vrf`sw{mcpJf!UHw!ZfG_fqu4=kxDEOiMtuJZB- z2rclgN;1r?Dh)|CE6cWUtkQQkb#n{l3Jmei4lVby%*?J#4)I7a&Tw;bbIvxdtaQq; z$Tsl|HZ)5r%8d#Rc6N2;($&>fu<-W^vIwb4N-T3pb}=^e*UrrJ^Dz%JNzL)}GAawO z)OU4?a>>s3^9~6OIZk y(6f{b=ID8^OO)7t>C3oSF)y2QC}&?>$gdsC8Z}!hAK99IRw@k1u&VdVoCyG)C(mjC diff --git a/secrets/bitwarden/secret.age b/secrets/bitwarden/secret.age index 654e6dd..3118fd5 100644 --- a/secrets/bitwarden/secret.age +++ b/secrets/bitwarden/secret.age @@ -1,13 +1,13 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA GVmv4CgKJ4b8Hv52C+1f/g58CbBLacpZ1CuyMrH+P3c -2JJ0TfpA4V+ZjbcbRxVN/NKPTm/KtKQ/A5fE33n0jAU --> ssh-ed25519 4PzZog 8ZoG98iY1oUChmdWuRzxwAY0Lk88FVwMH6M5+HctGjg -TZ6bTswrAXji/YEaqUcZpxcqZnijvZBa3nq/rDorHkc --> ssh-ed25519 5Nd93w 1QLznyfI5HuZiFOKlDJW/tw0tRiz/VADYJTfQVxzrRg -2n5f2UMzG7BFNV7zyPw4lleQdQJsRRG+0lcbuTvP1Pg --> ssh-ed25519 q8eJgg 1ihAcMOK6p+chq0ivA0JY5QJrjhkGc9b1AxzWHFa3Xc -nfC3dXD6J4S18qjUO91hSNxOGnukFVFykq8HqntmKv8 --> ssh-ed25519 IzAMqA wBM3jR8cmXa6yvNi1wTsdBX6qotosuBRu1rKYLJ/FCk -MUtMJjn+8Fbx9CjpUaciJPd8NOXxsJHGT/x60OF6O1U ---- d0tAB4cQva5jGPj8G8v5GrSFu0WfmjSYU+BmvDZsaLU -w'Dzޞjǵ$d-ʢC󣘽5ݟW, FjY9[[8  \ No newline at end of file +-> ssh-ed25519 V1pwNA ug+N7c1pGJIg4FrB9FCkZRAim7+JZstHdzH9suIMvAo +Yc32pfDF7SK3oUK3MtN/1m/CeIVyL1FTXgTa1rwvLyc +-> ssh-ed25519 4PzZog lrb7BCp/RvMFUv/0w0fpUjZTjKOyxH6WI9LGvWhFdHc +Aco+AOcJO3XvutxhdE1MTArs/8uUewi87Hyq8CKb39Q +-> ssh-ed25519 5Nd93w h2tpZjb9NR6ZiRi8/QEIhNRHTDvg7sPdJBBxknLc6Us +Di3LCjAmYQEmUskQEZEsj+wZE2DJFjVOVjeZ5Dr0bs8 +-> ssh-ed25519 q8eJgg mMAWWPyVN4H3m+yNB2EQCpZ6R1yT1JcAcYlgC1fIC30 +2mi6FGPrpWES3kd4fpb/7ky/0SrN7Ra8Yaj/htLpYi4 +-> ssh-ed25519 IzAMqA Gz8ZYcpsuJ1rzsCouE058CZd1+D8SftNZUKOzMJWOC8 +B7F+k0n5a7oR6kJZDFRBbYXu8PBHUOyCgqP6bhpWiCc +--- ALFWZf/GBndskjX2wQIkQrt+CfM9/Cfng/IXZ5QsN3g +K?MFZ/vm:4 #Վ~:is8 2@7./f*{ \ No newline at end of file diff --git a/secrets/discord/ldap.age b/secrets/discord/ldap.age index f036de1..236a11c 100644 --- a/secrets/discord/ldap.age +++ b/secrets/discord/ldap.age @@ -1,20 +1,21 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA f6xGNtufcGjWlCNkhlF1YMNhwMIjpW0ojqD7fDhPjBE -fCVybFD61VIpm20zeVvKCsOclGhzN7RwRViw6EeWY8o --> ssh-ed25519 4PzZog nHWP3E5ZNvSwTjeNWL5qqmPsnXBWUEs/e7trIQuT2CI -n9zztxz/XTIY5mPLSkFabYfsGugSrP7bdrXzf993MTo --> ssh-ed25519 5Nd93w 1Nxqu7Lgv+KBNSoWMem3dBou4xrafQcE4XFlGCgwpCk -vZe2WYM+FfrNXog4iEKAwlAQsAuDEp2tdl/WzhRaju0 --> ssh-ed25519 q8eJgg ywDORriWBqKl15CDZccFC0EbX8StgGYP3nbkOwKDbTU -ULGvROpIUv8GG/WdRIxpfovjl/08knlgQxpipUJe5vk --> ssh-ed25519 IzAMqA RgipLXB0jBR4ghCrXXMx9/Pu03E4gBYow4gWYDPzHCc -gVAHf9H0fZrPL/8+NWx5Jlr/7UrvQdpLSGXEMiNdmrQ --> ssh-ed25519 uZzB3g UbeXy7a4ZkdEjIIBCLD/zNKmlY2ooTO0CbGl1Y9lJRg -aajwx+NrY7iwOkT9hkk9ocdUlNm1f4epqXNosPxJpr0 --> ssh-ed25519 Hb0ipQ 8sdgjex0JqgckMibuS1jdiJgkjvWGO8tUvlpWoYmxiM -CoUeJ+vEbBit9JZhvyz0dHX5IgNywGE4XfeCtVV94GI --> ssh-ed25519 IzAMqA 41gq5+Itn20lMFlS7AnJ5JLl6OEbJ9Q32M/1TUDl0is -PFjQ3Gb4LajOxSjJgp6s2dkZrDFinniDGL8hXtlomqE ---- vxbU9/Jgdf0fkUD3hrdHUgPV3ipn9MazV54zlh4s4Yc -+Id/ffț1/xO䮝="<( Ofsrh+=E{= -C&QsVu}44UٝUSj%iHXښ7F݆4>Ѩf0ƶ)DX)ϗ$2YXٮ%s \ No newline at end of file +-> ssh-ed25519 V1pwNA gCv+qymhOvrz4Y3m5cjOETv6DKoJpA74Uy1ARoBtUHQ +xRJ7PaS545rmlt2mFjcywHsXPnihD+MQF+1vbi/DX5U +-> ssh-ed25519 4PzZog l+6I+0bRe1SEt58W0vY0Dw1N2ChFqhK8bHxjQdKdvgQ +7IcPIy6EN4CybAZTVFbtEijjAmNlQ1BLPwCazm5kv2o +-> ssh-ed25519 5Nd93w A0ZXv5Mxtz3xqRM7YRqBjarPn2LhA1Y+n2EaAIKkJjc +DtmQLk48GhWcTsV9d+mRL0Bhbky83TGH53b8BMg6OlI +-> ssh-ed25519 q8eJgg 0fbckI9LuqibGrGNbHO70Oi0N9Uw1+FkNBjf/xy9ilA ++CbuSytnkS4IupKMATafrCUXYEnxDdmBomtTMeUtGP4 +-> ssh-ed25519 IzAMqA +/WbGfhARVDm319TR0qHLHI6hiEtkhdIsL2Sh8s6ckk +Qq47gjD6jHbd6v17hjVY2VF2N57CQDQTM+bFW0bBaaE +-> ssh-ed25519 uZzB3g RzTSqxOiFyNmhCBmv9scMZh9SIQNUBzYCjAx0UrjWCk +Ut52LPdRClX4VyVtPfMteYIL0nnbgQupAzOtiP+S8RY +-> ssh-ed25519 Hb0ipQ /kb1PQTrQgLZgIuW4+QtZsbSSDbrYI3Kv2QSBYGtv2U +HoRoUilEz0cIZbohYK1J//l1Ujc3MyGzz2XJvc+jsMs +-> ssh-ed25519 IzAMqA Li8UwQoWuxMCiXsj0IoqI1CWKIo8DP6B9Zruy242uAw +zUhpTd+uPWBvIyMoxIZbAMmP1sRi0yaoeLCfLy7ibpo +--- LPUW5Nd9pAyWqP52DXjB6UIyih9WsLZHNCDAEe08DT8 +szlq +$|#,kG[bYO +HF!`z^psj`Wgab}=y><tv#~pv/zZX8(K:-"riULV(l3{B# \ No newline at end of file diff --git a/secrets/discord/token.age b/secrets/discord/token.age index 4e083cafce5c9139a4f5e427c3fa7c8cbbd3812a..ac09624f8447e7b68a81f7019ad5ab5174f61c2b 100644 GIT binary patch delta 715 zcmZ3=wv=sxPQ6c|pIeq$s9#w~YLH==p@DOhMY>16L6u>WpSF=jMP^Wukx4{Ud5BX; zHdjVKWrlf~v$mg0RFYAmpRd20kAZioYm`xPSx%X&b6P;4n@_4=Xo#n)FPE;JLUD11 zZfc5=si~o*f=NJCRDQZbSW!t?PN6|cQF%~dfs?OSky~bdu#u%%eo9znsHJI9s+)dD zwv&rXR;p7rmr-G9qMw1Am!C^gMw+*qk*QO%cCtyKU$%2uShAC0aZqG&Nmf8+wqt4N z#E;_P1!>0F$w39>hEYB#r8)kdCPszY8A;AA{$}2$232NenWg#xZU*{!J{9R)Mt&w0 zVMdmzxt@iAX{NsJPI;yVQQ_J7QAIu_0iNmlX=avzE|rePg-*qj;~B-nbHl>(D@+2s zy)E*+N}LnRoekXFDt-JS-2>e#vdgstqRLV$lS;!1N?k&^Ts;f4lQVr%j04Lm0wWSl zD)LH=vm+}@6Wv@35-t6sN`iBe!;D=Fjl4rApJkM&H%TgrD9K4N3N|kHGE8+1ElVpi z^vE*}Dz`9oGt(|NG%3pnODZ;Ub9CiOuL!M5kFYfHNy-S%3-wQ~$_$7|^zyg#uS~Wy zN;XOhEXwoO4%QF$a`fcV)zwwdPfs`YcXoC4v-EOI%y3QejVej>cenJx198Nnbd2-|b`@C)1~85B6538wDjD z5OG`WnDVH2-A_K&z0VdX3FW7iDcr(>u+dJ1up&<1l&c%k;13G~Onld*+geyWGRPojle zx}&yJx|d@)S4K!^h_Q*0k-m>{l2N9iw@HY8acG%~c}`|%vcG9*WL0=}PN;!blz&P7 z#E;_PE}_N-sfPL4ksgjN`TBWPW~P}&PA--%Dfup?mMJbJiN&U-!BL5p0dB=ymY$YL z$&UKzp{W(FX1>1Z8KrK)mVSk%$wd_r28r1g#)cVgNfxfA-eHcD;~B-noytu^^@|J2 zD@}YWGF&24JiQIV!n6F!E%kFuA|w4gjM9yh!@^SwgM$sYLW)f)vrRJ$3iB#MQ(ZHi zLL);1wf$X+ii>?hvMW6-!Xm=;Q-XuTT}mS-pJkM&&&)_P&=2x5sxovfEp#<=4=M0A z3C{?Q3@%9Van<&7&bCM~@-i$63-;tP@iR9_kIMB)E;Vv>PcjTIDM-vo^hpgY4o=O^ z^>uX&i!?J2a7(VrEh*;G)zwwVD$O+VH7rkdEwc=D_A&OziOllx%1d>2cXvwkDDq57 zH!(`BkMztg^)t`r%96L;ne4k`-_Q6%nkMp5pTwl)D>dEM%ad=}oVAx9nAjL=O!Mrb=I|xfbgh-O3SynY7WpXF=(;0*nR_qS zHGRf~2=B)$t`svYZLVwY=2>C2s>F76)6czEPCDotzLY7k`lwLcvEF*Ad+|Q@<2T<8lSFU|$2*sBo_+&vI?wL?^@KVAtf- zGP8)R(lqUC|HQni5M%#v1MNx|qhzjfH zk1%%42=wKus)($zC<_ZJF;DUfaxp5=uPSjZ_R>!@%#Dal4bLm^Fw`zK^hrqyDlbR3 z&95ZKPv21?AS}PYDMMd7$=AuzIW^SWJJK=BOgl5&H95UF(WEjg$;%@#&E4C(JSU&4 zs4%ReBsi(Ou*$>BvB=UZ(#WD9IKZ?d-^jHhGc__hDbhb8Gt}MHKiL=Ewlbqg14~DR zBIEE0w&kA$@ zkO<$L(3C3YY(oQmms}5XOBbh!i(FmJlX44PD~v0BbMgy|Q!K*s0xZz|<`PyFoSClR8*Z3k8DW|e>K9^S78<1O z6`AFmjKe z9$r|OZ|a(zloXzmYg%Y-V1SVWN~5ZrjMEiT^oxVs%e)MeQ=KZZf^&=`jeXtCO$=Of zgHkR1%{+~=v_tbUJoWvG0u8tVl8eI9qC7)WJ-iIE{e4X{l8bW9gQ8qAd@V|ge8SRl zf-Qn`Bh5W4QbW=GR#_HonN+Ue<(L>$;_8%<7Z4KWTJ9EU78a4@mZP7ZTH=!&P+;J% z?_`ve<>3-mW#G$|mu8yhm7b_y6;u)#Se}{_5)tN7Q0VO&73`c_scoK;>t*+R%QAg(+_aO8D~()&qaqSr-Ghpp^ea8{i!;;x3^8(mN0LEi zL7;+{p<8%GhL=HmCacNPiPkxl8hnZK1mw|V#cWADYeqws1Nph)?r7L2Wx`ahWx>*=y>0^{!!G$hPxsD21i9U%&9z~{^#+gM< z7NzFqVHu?suB9$M9!9~Lfkin6?g8%3p{3zf&L&(*eg!V(Wu*m{5y9C8-XT>)R{fr03L3w1S1OAb`XC{6Y)iAvG0Dl&7bFe@?32z5+O z4fn_mF3KqkaI*BuN(xM^(AQ3j2zTWw3SGmr{*}jrlu<-2YF?ArTCWkgoh+&`x=#7B$v2kMjE)5SZ0^`1?pGign1h{ zyCk`nm3wl9h9xucFG_%!uH~&~&b( z65pt>#EKxVph`>Ew9K@m6hF^$W3Q@`FpGdpvjF#!?A(-M*Th^igFr4_U0sF3(2&3Y zS94bbv!a|ZOQY~yU#CdV^s+4H!laaf3XiO$>>{5aNA0Tc3JWgz9kR`{KP!CtqS_f1 zeOq~MP0rpeAM5X%EOnRv{3Fa{YWntxlXTB5&UsN(CDL@D`+FMyBCXd}b9%y5Pn17i z6tv^(y5|d4zsqN!p$!mHka(lUbfAuv-#G<4QbL_wW_v;ScvC* z?pgZjf8x@es#9YkFF604$tqgTr)4F5^(52((;UWAr_cGlDv{xo|22*L^lkCCZf=}o z{p9icz4bK=Oe)oL5AEQ5HYfR@k+iAl6Lu5 KzVY9g@g4wN@U3(+H9)t`B%mrPKV6|J$gIdapxCl3xy)HV zFWa!N(j&9LFw;`oEIY|H-6`28u+YWJ(>zr_Ba|z}+{7Zp%`@M?)w|rgDAmg~#WgI^ z&EHbnt)eP1uOzjiGOw^K%cC?o$`Rc*Q@<2T<8p;y%dAj+lR`gZSIc69q=-z@s(cTF zyo%DQWcSE`2%qx8)G9x(a^n!sjAX9-h{Vh!r)=+(tjt1}((HVF_u_ExY&TP9OCvYG zK+lR|?KHo@K-T~R?R0e83N2E-($f|4ot;Z7qXIH5OiPlqLn|VDOVYe5Ow28Vd|U%c z923($EIqOVjYIQN%FDSTUH!7O153lJD$>22oLwW5Q?s4ilZ^~Q0zHlN1GPiFLp=<_ zEG#k%y#mo~(|1oYO%GHkFEeoQ&rNqT@bb@d^ejxzatqeat?(@<&o7J6&b0`NEC{d2 z$;$Jy%n0NPvdA!sstR=~k1z@>2@WX;Hq-VmFEI1WF!PG^HuUv$@-j89DECcrc1lLK z&95ZKPv23&v9QW0IlU~yEip39-?v=9C?(L$smwLRIU^_CJuu48D6q`i+0xidJ13tj zJUgPwH?3UX(<{p-B0WDPB{Is~L_1SoyVBQ8J3OK?+b!5b+a)_H$Q2_b%ZwroEFBf1 z{5|r`l8a2rDnqi<1B$(h9iy~;JaZGXg0myS0*!O490R;_f`iSXay_{WiX9_ElMITy zLIeD=4N}ufDzl57Of5MPjv@5dBo$~@b4P89+T|LqL77<+JXjZOZSdyF>rtR$< zknC7i?pb8$QtEEvnxATvAK({KSQ=uUTkK?P;E@-ZlU2;+;}ltG8WiZ`;p>^~9}=1z z8fB*KTi_F!l9v{d6kJ(hlAY}5Tj5)j?VXKon@d<#aAvwfVq%d~X=-ASK~cJYMu59# zxl3wNexXxZU|EQMN_J3Lnn7{7cdm(FPIx(2L4|8ZxR{!XHiMAnW3}0OJJ_PS-HDYSXxk2URJ)jerQ^f zOJz`@VQ`j#iE}8Ixo=)lVqt1xwq<2@xlekAvA?HrSZbi5t7lZck+y|Faduc#REcY5 zuzNnbZJt$*zJ-noj#Zg{RY?{R{`!uVo{5>RrfKOFA)%HPer3M?rs?`sW z&hD;U6%|RjIYy>=0q(_y*)D$im5!1Ar5Q$MepMM2`sNw_Wk#m@7Wzrf7RkQows|BO zWEKP}__PJ(-@9DFvBc2H z%P8DCDc!3qwbZAgEW;o+gijv?BXJ{G|N z5dl?(#r|H2PUR65A%=dTrcpV`!C8p`fr;UjDLIi`iOH${7RKdC7WsY=&ZXgz7G@>> z$wr}t<&nM~UICVs`ssnm`oUolMHLq4wuQQyr6mU{B$*c(c;=dBMJ6VO`bL_Xgyd!y zX_x6+2o;mg|RS8+s(V zmsYw5ry6H@R#_ywrsQDQ7U`B);he6JT$Y*{W~rZR=57%h74Dvs@9tk(Y@Ak-80iz@ z;bGusl$jKgVPNcBm>bIF=NS-K6qcEumLBYxZeW;ZnNt<%;gOmfnrV?1l^K+ila%G` zlwy(YZi!L9rRF%hrlu=o=D9hWxkRL<`5T!hnVR^U8)ODKX82kZRz-%nMHYI67*%+> zxTF;qh9`4*nfMkNcpHa!=9J||n&y;71^8GdMS6Qg80P337G(!Hdsn0zq`OB|L}BDN zi?S$7=Rk!Dk8F>s6wf3N?*i?@vg`nN)AG=CZ$~r3@@!}SkgCkm$fT%5mwaP4M^7%_ zzzmD@vNCVSsKkttvcf{A%&Nk$uu}b^yo##4s*I@2;tbCsx5P5fjAAZbU0sC$FUS0J zliZ*}ud-xsBk#hjjPMHI#L_ay;*ux>Bj+$z&+vRh?d0?@Ur(+pPmgHW&A+L1Bxli7 zx8CnZRbq17_sc|kD8HTW#5Vi+_RpIRy_{I^_QzwV0^9aNBaT~2A1}3E`|0;FjMwL~ zYpMLxWy}&G&5S z@#SNl6ROl|r!m8}`t5(-)_Fe5e;v%)Y{YC+@VWlr^b}Fn4Jl%=6KeM{oh+Ysv%d9F J@YzM(iU6=+9EAV? diff --git a/secrets/dns_dnskeys.conf.age b/secrets/dns_dnskeys.conf.age index 54ede46..c264c36 100644 --- a/secrets/dns_dnskeys.conf.age +++ b/secrets/dns_dnskeys.conf.age @@ -1,17 +1,16 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA omE94iB1hTPkde6EfVej2cCtb8tCAczYOeHa9ZibcC8 -85+fPpShqO4OmETJ72eQlJmueOcof9nWOMW9B4Kd+Gw --> ssh-ed25519 4PzZog gAreCKVlc+bRbbwbg706yWOeMJtbQNxNm5ZO35tETjg -XYn9InewtIZgp0hu/Z+HgU0qQLWuDtk9YH2rTG8Dy7E --> ssh-ed25519 5Nd93w 8+RDdkA6k+L0B1FaajfF7gNKAVWi+jSOEu4qGYmrvTA -453wvNGH3ghMtQ5s69U2saSNVBxHya4h6AK73l7u7Mc --> ssh-ed25519 q8eJgg igT5/6JbBdC5SNSSmB5c/Fe/hEbkJM7shzTa40hmKm8 -uWiet2aX+Jvhm64xEBajbvWODK2s974Qx6wGBDuTP80 --> ssh-ed25519 NtlN/A 1c+c70Cl+2NxacvNdAQSV0APTtH99HN5iRTgN36vyV4 -rPhvangDj9jL/SFW/3ztNdXpQYQxKBQUB2uTbuS3bRY --> ssh-ed25519 v2Y09A H0G9oRW2GOP3j8zqHSbFi+N0TaBGhMa432y1xiojdkg -5C8EzqYSUvJxn4ePw4XTIsWOuVEZCCj3e0Z5PvIwTPY ---- 4H+V7sfTROtlJ+eKrXYaKnCm7cSmnQjj39cQdY39PWI -.Jo<]W}HI*4ݸgb{ETE#5bz!?oM&L'e󇷐b -B6Nc꼔/-9ھ`. ssh-ed25519 V1pwNA /aUAZW9tSsBQ8xRS/yJ+Je69j5sl8iScrzqOkywoiX4 +wmMAZavRVgBA+e1Uw7ACZkrkRC22xI7H/90K8ZeL/8w +-> ssh-ed25519 4PzZog fDgP+2ChRIH0ylChyRumpvYjFn/rM+NPxrKbNYbP5zE +iU5bZmafl+Zt8Uw0+3DmQSi+4YJVGXf88W39+mOzkmg +-> ssh-ed25519 5Nd93w 1a4QFM4DR6iTKpoIBf0zu5LVELOJrkCjqmdz9ksVP1c +U3dOhocNgCs7mwAIIIr1GdwXwzx9lzg4ygKdDoM/YHQ +-> ssh-ed25519 q8eJgg 1pSJU3CrMP7VO/nLZepMDCOoJWu+rs+lGs2n6cHuMTo +caC79crN5hoIZ8CKg8oPm2HB/swgbGRl7GWV50ZGxiQ +-> ssh-ed25519 NtlN/A PGi4H1QF9TD7QmeOdTwf8Xlvgs6+LoDpaQRjNCthiTI +VWc6rmqNT8U/y00x7suwi/hAuy+M4WGKpvraYmY0sfQ +-> ssh-ed25519 v2Y09A TJ1t55HLWxKCc6UDiZHZAl0rJyCutEeB6KP+a0/CyTk +iV6/HA6q80mPnqDvAxfiszRIOWErjhBAKqAyWQFYYJ0 +--- Y0yrlECqXY/j3N0Z0ebhSlPCdXbCMreeWyLcpipi2L4 +Yuf 'CM$4;BL|xr>jpdtyjpfp2DVSxBCXWpQ#^j#-p;rhb`Q zD3^yzVa$%%?a)gnwxl55>ak{fhPEL`tMOnCcR7i43ph<;sntpNq z#E;_Psg|aGQLd)xA$cjmkzs~uuE_?8g&u)nk&)qPRpthsB?V4}F3DkmNfE_d#@_jb z#g+Mq6^@1h6_zFC1p$^Jp2lwJK2g4=YVRoNM?L4Ns@;~B-n11vmKLyJ>P zb3z=WjIu0C!iv(&$|78IODnX)eT$5$EGs;`4P7IR(<>~vd@@a4y|ul=bDYY;0|SHo z%0vCq4MU84Tug%tz4AN~LyWVNT_e&hauc&BpJf!U_prz`%rSE+aq;vmFDVO3vot8p zO7bx(EeXu7N(u5aH!Tbg%PcVVF$;I)a<_;w)wguc$tiX-HLlEeDNRnTNb^n#iA;^k zN-qvEElf`hbu#k~@=wf0kAc#tDktM~1*5Do-;4l1mr^H-N(*OnVABep0!z!%ytJb9>`Y6i0w3ofBX0}WsNe#3|B%Rh zPvfAFfOI#PNObEwk_<8n0u}T8^;5h(3(L$> zO>+}X3``4)s~ov9{n9fF94*q4{le1%gDnHn&HVGVE7J`^lu6jtgO3=3Z!)FH_9Up|P*n|QJO@^`ih%UB0q<^ukj919a&)yu)| zPUZVrGX>|L@%beEZb$o>bneQ%^+h(>$Ju^=O0QHf;hNL|N|OWr hRbN=g_+2z8U>|pB*|Wpu^LxJSXSgXoduzg}G5|2HSOx$9 delta 984 zcmX@eagbwzPJOPUSD>p~sX>8JUPWS7XoiWixm%HUUS4I0t6NxNdWcz3iF2`cp-Yva z1y`blX@PrrhEcGwX_mz#OGp+RDnaj=t{fvj%8U3`-D z-Mu}Nt8z`SvW##sE)H@G zPK>nhO7t-?O|~d-vvkbWHxJOZG|3F*3eL?j4lfIe(l0Lx^*2o`%rh`b_R33jPRq)R zGEMU;vP>~f2}voebWTY}kAc#tDktM~g{1JD;?f{)!*MNF+ZKLE;52Iis zCyP>FBO@ahv%ElO)1dTn6Rx7rK*QpQq}0UJjKEyORAYUwupo=%z(QA}jO_BiYk%|EG#_Ib5iq4(~Jw#^79RgE4>1f zO;g<~e3Qamf&;mVl1!7!LMno@JoDVsy@H|&jg8BkJrj+LeX>*CJd%8zD~*bcGom7b zt31IWXHei1nrfEfmJ?uEZsZk^XKL)5Z&nfEJsANY2cGpRb*jlS>SG}pH!Zy9j5J_=3HW&k!R+YrXT9arK_u}kmXohQc~#= z65*AV91$56w~d?_yA3loVwi$z^J_P`CHwzZ`ATqiv}+ zhgS=|3;y1_H1gQuAaCa*PdYssZKPkmH%u-0y6~QalF*(fO{Wr1b=p5=2~_)f<@=<7 zx0fe$Hf)(L{oX>vc~-f-u-{>xmVk-d!lmA%vDBzdT;X(L*8Oj7vC-j|4;C#tc(}%H hcl+hl!QP@hO}&$QPHo<-Dx|ww%~z@P!v4~4RRE?%SA_ro diff --git a/secrets/gitlab/db_pw.age b/secrets/gitlab/db_pw.age index c175d33aa6ab3967818788acd08d3f19e0faa607..772418cf67c6e6992537a39a900e4b9adf7e6f5d 100644 GIT binary patch delta 692 zcmeBW>t&muQ}0`tlO60DZf<5~TIOL9=IEE_;p7pLm6NQW?~|66oK==#;gesSk{ccr z$W?BltzG7%9q5v1n(P`C8tz(^rJoa?mz_}+l(aTS5|7N?GheZU|tef?pBx^oLcH@7s^a;6 zZ(vEHp@*rLOJG*Mxm!S9fqrm~n~{N!XiM6EzSKsL-W1d z!!o_i@+&I6^YgRv-3zk0baizVa#DPq-6Eoj%7T(Y%99<_eXCM4v$M0!+>QKAybLTV z!is$B3p312bN!-1xhyB#i<=qT!Z_*H(wx#NU$yVOr7er&xBbab-8(6L-tW1yxYcK$ z&^h!+ss7=uLjtGsehO(_U*jz}bLp;39sX^`4LzHJtu1}mrit#}_2Pq{Z6J%Swv4A- zL~ZP}yBVh(&C~AW?@=q&mXvFJymIa>t&muQ(xqrZd7LAYERn>t zpHdu{Xi<^P<*6O%<`Q)Kl9O&R z@uPTna!QV&e`-=-u33J$fp2+gxpq>TWoda(Rfu_3rnZNRcAkl4MnH~Ng_{YNVMuUj zdU#%rQ+h>lRY*prb6|OvYmu3YQHh61iod6CSX820UO~1`xS7S|ct-K?;#AK97xUt( zj3h&o;=s(T%8JU;OiLqoznn5Ji;9r23g2>{sC4tFAj3eew7m2Jf3JXyoFK!rqRPCq zh(tG|oB*#RqtZ$<$DFXVNbfSw-~dmTNaMiCXBoxoLn^Z@9P|A03UbTR^D4ZJ{W87G ze50z zLW3<$4GmMP(hL1Vd_sJ=baizVA}d3UjSMWzd@Ay?{3}z8T{4WbJ^Ul1N`oCEDsroG zlY&d?-4b&XQ`3ulxn44GU0~gvb+jS=!%D_hVeu?6t`iy7sf;olr+=n4=`dI(1mg3 zJ;=b9xok(5rli!r?yqv2{BGnIUX{4GH9=&tgJ{F7iQ1EDXK3gpXI}ny)%MD@HOFUN gzuf<(=(KO=rpF38Y4LY&$4>cGwE3&mi6^S90Oia8jsO4v diff --git a/secrets/gitlab/ldap_pw.age b/secrets/gitlab/ldap_pw.age index 48c93b40c84f19eebd892b80f509d05cf3a2d250..b35242d18bde38f93a18acd998232a1d57e22029 100644 GIT binary patch delta 691 zcmeBS>tUOqQ*V)DR2kwP=I8FIt!)@!Y^oh)>0DXj?B!_Sm89(+lI|lpF4y&82InP+Xj$ zo0?)|YHDbyU=mOjm7lIqX>4AkpO_fzS>|ivS7l-7;pQG>VBsH@V;P!Jl;v6MTIuE# zRb-G=79Q%#RpOs$5SZ&0USJuV8Q~jXl;mNY=jHE~7m=Il8)=!GoEeZ(6yRGK9#Eb> z@uPUSNtAzRnORt5nQ4@fc0^XWPg0aYP>4}xL1mS{L8xg)XldTRRQct-JXXZL*5+(M<>IyilAV}Jd0%S&J97EE)tMm(tBP@+AbG*vJOoI!G zA`L^F%R*A~O@sXnaze|wbaizV(%d{ls(g#R+*1P0N-T1GDzkDtqB8T6k^@~#sw(nJ zU6b_d9bM8(3^PhRx!x_CT3w#;*#7rNrqrFU&95?egskDZc1c$IzzjD2IUSA@0v4^? z7;rrN<<~-?vkOB1X`gqt-CDI~n%W~(`{0vStIkiVa5QtcFY)5wy2WfP4f>}8q@3ox zo$sd09AJ3hkie{^CM_q@Erb=0$-k>{nWFc2eM)KZiWyoA&EF4f|Fuf}(alK=rx@ka gKAK9ohiv+sF#BQi$;Cgty#t*sr5{E#UF7Hk0M|_Xd;kCd delta 691 zcmeBS>tUOqQ|}d4Ty9ZS;%gM{Y40i8B}DNX;^F#l^JH>Z&Fy~nj7E|;E`5VRaP2cz@=-aP+Xj$ zo0?)|YHDbyU=mOjm7lKQlb-41?h_W2mX}wOk?LI$;pUcA7+~)1m*HZNQSP4@;u~mg zQ0C&AofI6%W$Ekgnd%jqX&h->SrO{zrtRk%9+ah>6<}&qWMUW*6yOwQU}R#J?(0%M z@uPUSMT%>Ne_>{>VNhkdS!hA3vrCzAs(EF$o3W>FQKoTeiGHwYWodb4YNaPvuBn;6 zSxSJrv59t0SY=XrZkCTzpr5B@QlfTom4$ynXsK~vVu5R}wv+GVct-K?@<3lB$KcE? zH{;0kP$&PY0w)81N6#pu2oLidpJLZ6gL038s?dy7b0c3a&&uSS5`T{z-!NDGbaOXj z!`#A5Pq*-5=YUc-N00pEOc$eq0OKV8WK)yLXBoxo1C2cmN|L;TOwtVlgNiEsOD@!iV$GE%k;qUbD<6ezzkyF1##zTBbLc;5Gp3SF>iVT-1Ds$!D@Jn8jv{K9ayRrH)fj19K_#I6x)^1NZ fu=q-upl5mg?t9Z?tu#!G<0ka}6MCk*-PQ>JzH0gN diff --git a/secrets/gitlab/pw.age b/secrets/gitlab/pw.age index 0459d2f16fb1acee49c9e02f4025c08f70e2aebc..b6b627ee6cea2512cdaf02102a251e2f3e9218b8 100644 GIT binary patch delta 692 zcmeBW>t&muQ}3Q0l33~OXX0&M>FHM(>T2klkrr7Q;S}lXUXbhOlAh=pkXq?#np7C> z%N5`oY?>lK*pIMMtW#*Ef=@^i0n4WHAVrH6?ne12YYMPnol$leU&!uapP+Xj$ zo0?)|YHDbyU=mOjm7lJlZ4prAo|2W78RTseo?Gfv;^rPw=AGe{Rh8viRhS!C9O74O zVicV1mX{UDWttdRl@uOe=49&RZ0egMC;TVUxErd^ai z@uPTnu7_v3VY;JpevX-kfs=Pmd6buLdT^*)s+*a6R(gqZL79Gre{O2ANlrGGzN?d) zUqz0SnPWk2a8y}Ra#>+WYE^|no`<<%zKMByhEImOi<@?taengTct-K?KvS=hyu=87 z=ls;5fQqy{ll;ueg3L<&+4@=DVHw}8;Hu*!6<3g;5@?DRB0BR^lmlENIL zlB{CwV&lYAlU%ndLrc@7j6$zSBeVDjmJt(hXg5lR{F%BQ2ab3kAJ!i6%Wj}ePaMtD63hU!%F5W-i!z27MFkR|@?EIdBiM?faO)m#jzRyW+PT5w! zYtl~j%W3uoZ!dd^T?t)Me`t!V_|~9*YI;r^=dAl+5~{uLXZi-S`kAhls_~L{`<%rd g_?D;h6vYJ_l|{Wi`0t&muQ(s&WQWBYG8eUwfUErkeZkCafo|aNpkss+AnNkpJ>7G?-U~E>Eo0V&9 z!e#7ISZ*4XXk3vQS{UK!lIL3D8(x{8<5yfz?vh>^WTtQF6do3lT2>fX%%y9mP+Xj$ zo0?)|YHDbyU=mOjm7lIq;8EWa>EY&5m7QIp?H3S`6=rPV?&}j-kQk}$9ad53>h0|1WfEGL?^;|w z@uPTnpqFV-dR9PjMUsD#qn}eysX<9_RFq3)RB~i;o_AESzj>v9p?^S;WlkVhaav@l zQNDLpv9>{mucdRaMW%j$X`pFnrJJR(v!S1Vq(QEmQLsT}qCxrOct-K?;545qM;Axa z(z0{|4>zaC#1d^oi*VP%T(>fVBr}sJ?~*KYC$BuCVApgmL)Q{VAK(1KlHj1=+^|B& z@I<#DeXpv}Tpwfe#B%NQAYc7lH-C>H1MmFFXBoxo%iZ;h+>BjJL(DAmO;RhI{PJD0 zjlBKyBf?z*!>d9Jv&^(jOd@@=v_s0dwEdHc4UH}QOq>&o%$&<3EpknB5+j22E8P9^ zvm%SV0`sdWmI&mHOi9<%vl|N5LT)$|aR>B};rVQ=1ecxZdyTu^4`S`bcI=Sv4 hk0nwsIQIW~dU&(W*9{I6PQR#neKc4;>w)3vO#p3E1Q`GT diff --git a/secrets/gitlab/runners/runner01.age b/secrets/gitlab/runners/runner01.age index 235b3b04557827a4fa7a6a22ae5f4e891e813f8a..6b9d42b1c98fcef8a04d11c77795a6a7063c78cc 100644 GIT binary patch delta 644 zcmcc5dY^TIPJKq1NoaCmhGTYUVnkYEqH(#ALAbALctk~Nh_<$$NwB$bilbLnQMrq| z0auxMT86tORScHjhprc1lm3FREVR>1(E0?aFLUD11 zZfc5=si~o*f=NJCRDQaGlZ&TzO0ZvwWr|N#P=UEYiJOsjaaovQMvg~SvW2gak8w$a zyFr0hagkdnS3q8%iFs+bMP9Z+NxE}XxKV1Vv8PLkiBUDzQ&GR$w{6* zX;lTTWuacaW!Zt=hE66yxrT6xC9`6iR&7$w3Bi_CqivXcU` z11d`@JVR5=JhEMioGUWQ9gRxLDoPv+y|XgPQ{2px+)cO=gY}J)y?o45Obg1hEel-C zT{C_1BMYkvd|ZOG4Slq;+>9%HL$V6peA6eNWfZTkDsannHHa`U2uSjXEHTQe%y%=$ zx5$jjF)A|FFUmDeE({4zbSVor49(`s%QwwUj&#ZNs){rT%t(rg@NfwWtMV+!i_8l$ zF*C{a@o`Fb^>p;h&r0Uf)zwun$OteGjR*?L4Gzst4h)RQ3vx>@iO9~X%&;g=FU|Ef z^YX2U(k{vK3e73!I#V*g=udbkpW|ok96jlVTUD!`Trr;(;QQ#$j#+;hU+gzg{>Li7 z^fzJEwvCT+KFa(LXqT=$D1E5Ra%M^(C6xl4gpnOnG#VVHSnX;FZ0nwhb2iFuK; zX`yS7N1BTTS87PIM@5;XxrZo#E#25u%1M&*_Mj`^198QMkVrI{vSVU-qKX}MJf zDOq_{#YN6hmhP5DM)@V#oL9lj)u+_&Se%RiRF{y7$w3D^ODRe{oPHB zgR-hjjlIql6{lhTrCO<^ZhbHJ<8L{w96--WfZUXa5M4>i%9hMj_VK^>vFn5%@T_|~#nUnC z#R}(7>Upl6(~@^}e06HrHbHG$6W`NL!O#dr!54dlYBi>i`GxtRsfIa$?wRFTCKjHP;~B-n4T2mE!ptqx zO;eHz%%hwf4PDbJ0)xzo9Zj7hio$)gT{Dc#ffu!!>T%Zp5p2y_ebEpbeaFvzZq@=A9v$#yF=v$V`k zwD1h7F)Ip6F3ilf;9~Cj(%C-w+`}D<#Ez+l|8lYl_}{I?JH2^oTJf!0#kudw9F}Q2 z?P~gG^m3`~IS%dBc?T}N=>Prrob{?_&*yh1A9H*&a|dIE{39h j9SJ=`OnjEoA`2SAq#f7Q|9##4-$Q-tjcsd$ME3yzKv?4{ delta 645 zcmcc5dY^TIPJMokpL4Q)KtM`jcD}h+aHW1leu-C*zJ*CZQfSZYDc3`r3NN!$fR#=32cv@*t zs)2W?PozgVm%hJyx=FcPj$v|&Pf=A=WL05dR;Zt&lfHIkRz;;rrdfV@kXLC~YD$Xd z#E;_PiDq7onTds#;ThiU{?7gxrNvR1ZUs(8+D7gs`P!z2ss5qP5sATt1tIBNX8A=< z$wonbl|GSf!J%0mo>9pumIdCf8NS)+<~|+$O>`^G|Vr_42klsaLz2P zD#^2SHP#MG_3f$Tz6+@hSGJ(s#=?_OSGIO9@UbiOLHuEqBXvb`9_g z_tJK$@p5&~HZb#zX>!t3lat;{D^Hmf@hoq-GW`wv($3yUn_oRik7qD+ zB$fUa-R*R%Q}*?w->bOJ-cinW?CZ8RjAEO2yF%hhhr+{Cy9FnIDJYU=wwZn|uBcpb j-QAuEn_Mp6H~qG1>$3D#ufM`vfA#HWi0;*XdMFeC0u1Rj diff --git a/secrets/gitlab/secrets_db.age b/secrets/gitlab/secrets_db.age index df4b192987855db577a7ba879ddc6d3254bdf1c6..f464de84071336c657a6d66378acb6b3d83f80e5 100644 GIT binary patch delta 692 zcmeBW>t&muQ}2y%Gg1E0%%y9mP+Xj$ zo0?)|YHDbyU=mOjm7lHd{A==9lFdS>#n=U})(( z@uPTnX_TX>b7n=ZYfz}Eg^8z;zCmVKK~`0^qpx{kps{gEzJXAyk+z?= zQ>BZ)Z@!_oi8T?QYf=eqSQj?urA~MUlQnHMKT}t%BGeRm&3v&%3OacM}LM$U9ijyl` zoQr}Z{Zl=Q+_RhtoXs4$baizVLXE?`+`Wypo&0<=lS(s-4U)_9DxGuPT+-Yv!;%uc zt0F?`ODnVu9o-U>xzW=ibvLeBsmRoRw9Ec*q{nLMd;LlE;hn;Y zCfuv8&r472aar_Yvhe4%Tht;rBYA#B7e_GEu2mN{{3okrF>AiW)Twu}47UESm>%

^QaGQ7my+^@jN+tM`BD5WscJw4UDGN>fc)hO7kG%+nGF)^7-S65fT zyu`9FD8<**&7v$PsVp?4u+TU;OW(!V+qW{HtinGd!o{s1-9q2ZCnuZh@lTg-`+_e! z^>_T(QG1_BF)LxY^y>WXS26E4^=4^)(mv!df6wFWee%Cw)^}c;emK|Q|z22hk$vtQ5V*31Sk1-xt_{+BFaOT|F z? za4U25kI+vFbM#Mfa&j|rt4uOTEp;!kG>y#4@J~)Fa8LKhHsLbM_cMt|N;C*JP1jE` zc8xGfbT;ub3v~-i)6e&CPfrP{a7y+~%JNL{$Va!$B%mrPKV2a>%Q4wMtt2tZ$<@&@ zNoo?c8vWOh>M)0&SPPl+>hf*OY8a?eY@+ys}^epR}N2w=|0o zbL|x0w6yTt3geQ1atn0ZO#M10yZMvkbUWor*2eB8yTDErQ&`EwqC?OuS4Sb5h-nv;7L3qYM($9n+HY zvx1!~jUv%)E3`=UN>5j?42?>0Dm2QEGO`TS&#p@K^LNkFF0=?r%Jxa}D)%)=4fgUV z4E6~#bIs-|D@-&qG$=8RsPM@2b_z~2FH7}LHn5Cxiwrk+bu;uX@Jw1Nx5+fx2N^<=49ThB%lQT=wvkNR8vkZM)yiG$> zs=Nv#!@?pH!_!Ojos-QfeZ8_1wUd)8Be}dok}Fg6gDcbheF{u+13V3@++9Mvo&7@0 zebT~0%MFd3%JmELLh^hIFmgbdQKW&Tqk?u?xSy+0Rj77Om8rLTsgY}nk*`ORWoSf| zS3sy^XsJ_pW{#V_W3XXhK38a%S9qRdR#38wd4yS}qkcweet1e$NOEy#u(n~Cue)hZ zs;5Uqc$B-JBYH?i1Q$7)l`EvBl^ADQmCYF0zR#=qf1^SsL<>mRMrny!|Mz|P97MA;$ z`=Z^$QnXZs%TBx0wn^hQI7*bW~Yn&LW9a>iAUS?eGVI1TW5|E>vU6!a_7#1At zR?HQUpH!8pZyFU=ndY7m=53PfTUh2>nCO_FV;Nzh9blZ{ni!huk&>C1jFI0;qpF;Y z(-oWyU5tV)%(W{6ip|7@D4yUKA8rU|^Q+9iANG8XoGBRheXxmf{lPV!&mdmFkw7@9UIVQts{+ z=o4I-7a3OR8CmR_;gM?YXpx(eV`iG3pBZ7Aj8SrVRyq0>Iw}O_mLz+aCZ;8)rkVKp z21S@S`WA(Hgd3JP2e|v^cxk75W@NayWrsQkM{;?ZM5bGmrRPVwCl`mA7#9{Am}ut} zWmNfk85yJ|24?xYn7DfR8dMooVB`RgB!kR?Km})i^Sr>|VDF;b>_B~IGnZ1Yiqv9H zU$5L;OUu;2$`YR{FKuJ}Kw}F>PcHpzr@X?{%(DDIAKyerNAtW0gAx<{P{*=lf6wF$ z*HX(QukZ@b(op{}1N4wIF38dME>|cFb_ea&fIlbJZ@ej0!Qz z^N1=k!AO(Ag)UCHjtWlhg`79#P>D+Wy{w1&%(2MFC}wM%vCf z#-?U2CS306W|rZOB}Lkfj%kr0hVI(o$sxg>InGIbg~6sSl@-NNVa^fmXh%r`9wGz$nT_x8;)vdGMHw%`h? zbPW&6^-U^`NUe&D$}1@jNeS~z%Bs|lbWJKs%PI6N$Sg`pH?Rl|3q-dq(k-#VIbFdg zq&PF%DZA9E+`ly0sIVw6#L+jbBq*^ws?sUHI4U?fHO<4KFx<1SDv&GDCo|03Ji^V> zBGV-(#M#}$sM0Ghw4gF2E2O~O&&@D0JwMyb#mFt+#01^8)EsBm)O3Xq??CTV$FfM{ z>^xJ?(lU?yV1wZBk_a;s^E}r)!;%V@w2~6@f`C9*cMC5607tjN0QZ#OVB^pf?R2*i z-w1bu;*6q*;M}kxPp7J~@?=9x$7Dl4FATp~lto!O2P*iv`?y)A76cR~rzHi3CnuHo zrbc=udl+OnM){Wcn*^ALCV7|SSmd||MRG-XnI@*W`+FK2`A0exgcq9?q#Bx58F@Ns zn^vUz8<^<(7kd|&WmbfkVzh#aa*N8c$`wk|(tRt+NEzDeeee^ATBl1Iv4Z_3o^sD?bO@cBkgPk%GJ#vh~ zosE*RGkubB%ei!Qbrk|l5_2n}(!+C8Jd)GQ6AKf|j6w>$9WA^gESxN&JW8E1syvgu z%ahzfin(0(J)T*_Ki4MasQv2&Vge5DYENeeUDas*DJHqr`b3;@z_bfqPy8o84!+ZU zL*Y@vwq=~fN%odM7Og)d_P;{q<8S@mA9W@Yr`)*f=X00E3$OTBU{YsR#FIlx!=KtYNuS-O-v3xre<>f+_1M*44xV`Z?ZMRYc>*WB zRsZF4I!R~=2&mn=zPdUls%L7!>&4#RdYU(%ThE$Zd;aO$`#e_!Y6EP0cKqIM&uH^? b&8|wP*7oA0u9p7)7gwo1QduOfET;qj&-|T0 literal 2814 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5wAQ%J4GP z*H1N$GA~LBcQf+!uLz1NF*R}yOUv~N&UAGScPqB6F!jg^E9S~{O{p@D^eZz9aV&BP z%_z*NDvojq2?)?HEH`nf3i0;OC~{47%_+$(2}QTfB%mrPKV6|HDnHB8B{13FAgI*9 z)ZehcEhIEJEv&G_(KXaGD%YpbGb=YT%-_sB%Yw_?%+$Rw)1)-ipxC7#SG&;FyST*D z!#L2eLf^#Ctf;coFUQ-c(zV1OF&W*q6i0)ypmYT@m!c4}#EL@G+yKiwBjc*FC=Zi} z6z9^iM5EHGOar%+u#g~^LKioSbYCtPKYw3C=is6!HzP~uVs96h(6C^46W{ElNJDd@ zN>9U5)4b54G~?pR&}?+uO#M5j)D0kBK3n+KW^7RgL$u+Uaba5?q3(CqV&-0Be&(L-YPBU}% zFEA)74@~C@&Ghn(bPjV2agWS)EAsX0i!GA>H?^$jv}swhlLstEQhbgB$-4>mxz z%{#2fqNrS<&_6REtT-yzCp$kh$k@XIp1DaSM@(l01G%*3!Tv7#i$+&R3o$_vA9X_<+JseuZ4 zPOcuFDWMU8<%QWPet{2?9wC_qK|yJWCP|s$?vANt-Wc(w@1A6u9;o0FTyBtFT;Zc% z;O>{L9~o)pW|*628d{-UR$`o<>R#YlVwRI^T9)DDY{69!l;Lb*URY@sXyj)Y>f~q` zlAY|Eo8jdfUSgSAl~U}go$gcQp6uymiIFD#N^<=49Tf_~JyQIFt4hO7yge&ieUsf& zvr|fgQp&UgT>?DZEiH|`T*|USB9ojWvbkJL4ZK|w!%8Bvvi-x&69dXCEd6~gU5#AA zy@RUq^s~&3Dxxfli~TY(%hBVl%qY^p(ovx*$i<)Ps%XX&T}kwOfAR`E~&~iOE%7|Owuk5^9=V%%Pui+ zFXnRAwhZ>qP73$(3h=gY(KmOlur#so@-Yc0&o%JPaWe^aDhSrkEG{YY@J07qX;hVy zak@g1rG8a-L10dWvx{*`zENSmsb^$BzHyLCs)c1ms&-y-c9vIKdSqZ$g)dilJ+LyUlIiB7H#y$mJ7Ebxeu7O_uW=2)n9xiF# z!Oq3be$JLvk@=2M7-`bDAV=T3Tp_VCqbMxh*fAn7T|2KTps3U_KQAQG+0VSJ(9okQ z(zGl>-!D5nD#^ppl`AqbJ6At2yRf)8xyaBhJjW-sEZxU6Gd$efsW`>o*-1Oy%rQ^f ztS~Ce1U=q@3tgOY9Tl>IODyur(hKw>lZ*9p!Yd2?Gc%LCLW+#b!b{T4L$y=Fl5%sM zTzrf2%DK$FeS8C*Q#_*#lPj`H6TK2M-NTbA5f(@M$G2$)M z)hsPJP{GjIs4_6avCz{z($6O^H774I)juyV%s)8X*StK;#KXzJ&@eb4Ju1-Mk;^H- zBiG$Gx2(iFH6%F4#G^DTEjK5nsH7~?*)7j2CB(nNKh4+6uPQUm6Wwo-ZiyAn=?WfR zQToXlMj=_HMSjN4L2jWT<)($@o>>KM zq2(^wUY4Fdg~2AdQ3d(Nl@U4FhQ$_M-j0r$M%l)m7&T66jR;g@vPIaArzML1Iu@T9jp$1y_V?xm#jJYIdrte~Fo8phZqd zSb3s{TS}EhfKhQ?MMim6sEd1PW_FraI=bI1%Azct0~Im?%~PVXQ_BL1OHy(p15#48 zJ;RKAQxeTQOfnsP^-~S}jEq7(D_y*UEV#nM{Zq}0bFz)AN|T+_D&0y_UA-eiQUl$c z(>;rPQ%#%;!rY7UlS3UtFha5@x2PJl`NFrKqqVFeBF_QQI## zA~4t}(zn7=-&H#@*Vr@Ikt?9WB*`hSIJDHnF{jkSq$0$%$f+tY)hj5!*eg6WJU7fS zGASj%Gsz{_mrGYyS0OCSG}0$G(=;I0q}3O|muh*NT1U?A=sx}HjpLlwsin0a zv|hMc*$8Kyd0js5>1VyuFZ$kAI{iL>-=b~no&2&O2hXxS8+sx;Pfpfe8|@^mGg+(m a@bY~xW_^6)6?tlz221yZUYo8>KDPmIwWT=# diff --git a/secrets/dns_dnskeys.conf.age b/secrets/dns_dnskeys.conf.age index 6f73e30e6ca333a89a788982257bdf19b37974f4..0808d0bcd91089e42e294ea5f19241a8cdcb2478 100644 GIT binary patch literal 1204 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5zg{O}7Xy z@eK5d@-|G)@XX6HFf=sw&n`?%weZXhP6;UsjEr<~F*UWwOy^3>H!s%@%`Z1Ab}q>; z400(ljm|DY=4^vD7y(|}B0Q5iXi72*k@y;=I3Nv-J$aimgRdHXJ!_d7Wt(oyXJFwMi{0!rsbxT zq(=CZN4S{>nELxvXy~v*MyB4GK%_pIXK}7Z2UO z|D#=+zA*N@_b7M9eBr8SDYC9|Sdvj;p9FzDncWyGPMg7=4 Q^?byJ^=8^`hxhja05WZyVgLXD literal 1204 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5!sx4EAsf zFe(YjEY7kB2`?}-cXTsIN_4HXs3=d?E;mb0j&d_9wk${t^W}0i&&&)lsM0q|^^Y)( zNGhrH*UxbC$~5%LD-S7;@HNbLF3Uib$6-*A&w< z*H9C`ax>oo$KXN}i)3`$O#M2dO+t){iw&Fu3JQZgGownilOtS% zO0(SjGCa|3E3`=UN>5jaEG#OIEKW5K@y-qoPE9uRFe)&%NJ{nh3{Lee^R{&IaWW5% z$a2j{3bNqJGRVwG3)c>E(@yj@Ep~}0_Y5#j$*OYl@bYjfHY=|Ts!H+9@in*bFbhPt z%{#2fqNrTKxGcY-$R)t1*uW#q%QZ*aE3LpSqry8f+t0)_*R;~p(=$0a*C;62!pVdy zAUQP1*)vDmCn%~gqQphNvP!$s)wDb*DmOnZE8EN|DkQ=s(a+d7xXc9IwzSMd!_+{9 z!lKZ;NXvq(yajcmZ3{ySLl@^XlPHU*0+STKBv-TIj0h7h&xlOV!15d) z--;afs8myZlkBP#uRNDBFR!Y?ob-@L(-0>g%L<>;v}9Lw+x$v${PZ0a3{x!hGcwY$ zONye5l7dUp4PCv%yb5z1y>f$7s&f3D(<0r1-E$LtQVk=yw7o(-k^)Uq(<_V(or{ga zg408c(haLT@(lBWwf)1w42rV64YNEF6H72cvdk#bz|v8{wJ;>#D<{#wBcnn;D>XEI6+;xy;`n*u=@FAi~ez+}|kB z!Y@28JS`|J*~G=dKfr`*cYEc14(?f17Oso#^sQ{)_S4{|WK_~_w=?1U!j>0(Wzn14 zcx#2vf)n996MtxL+ZUl~pIEIP^}^<9uNS z)F;!)yUIO1Fd`@{$1>m1GqOzEt-LD0*x%VZ!+^`PII6tRIN8j|G_tTN-LTj@)7{9~ zwZN?`Dl#)M)H5?JG%vrxAUz|?!~)&66i0)ypmYU)?W&N_$n-22WPJpBWWOG=CMJ&k=_Oni*BgG|E%LMq&f zqY_PmO-&5-6SIqbTur#r%uUQplaez6^DVS5iXPWR0|VOgB$5D+|<4^0Q1W)K1AODor;lF?7?f&^E0I%a6!$vGmT&2n#hg%EyQ| z@310^qH+b(tgKv14_~ujL!ZJF^Pu3Oyrd$NAa_GYj}ZN!0GA5aumInZ>~xc?U;{4g zVxv4GKg*O5@1Xp2FSE+zz|7ntH)HcKzmN*oY~zANqf(P3Z^J;BFbvz$G7}9`0~H)| z+(Vs9oiYnk4cv0db1a;V4V{ymBfJXSgPh!Q%u*uUl0Abx(n|^glesFBLM(mD{1QD) zl5&j_oej#|or+z9Tr&(yQ$tLmO3Ok@0wcAZ3cXA`J<&tbv&zx8&`}{RA|=?XEUUQ8 zr_9LQ%QrhT$s^D^&CI=^%GcE2+#`0g7 z!0<@_(DYzS{S-svlnh_*Bm;EYJdzAD3j!5VQi46bi#)x{B2x^@$}>w#(?U%P0}YGa za?KONQjN26&4P<9+!6yka(%giJwx46P0}n=N-Gj00xP|oBa9ObTrw-2Jd8ZFJ++-m z^YZ<3y&??Ki+#~;gN9^kXrgaOQGSF`sAo|?vUYJ^y0f3ZVM@NaYjQ@2yI*ESV1{2= zWMyG)r6ZTVQ(>8ZP()>pyH|j|Q(Bm5K%RkrnL$;KrKNt5V{(vRQND$9NWNQ0a5|T+ zuC78#vSp@uVOmOZX?aSJS58S(kY!jviobJInNOsLM__qaYL#PgYCy6D(<$ z$`=oAUoh`|`0f_t!`Geb|E_u>$-Gd$fbWT3duFq~_x1mFzaE8~o?0?*6(95d(#C0x q>=C~T8>9s$-#S}nnG<#(JaKWy?obOJldzeK?b8mc3v%u8{|*2U=Gj63 literal 1419 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5!uLOm$8R zjEFMO&MQkROOFh2OZCjvHV!mO@((V}E6Onp3UvuAG7rp3FXu{j%r;Le(YCZK^oukr z2nh<&Ha83Ka7%Ixtc>zX3<=8hO9_s2u5dTYPDi)RB%mrPKV6}!EXgy;)F2?k%Oun- z+^EdmCC|*+zbMHf&@m|}QrpF=AYD5@JJPi{B%Le7G}7PMxvJ3D%sV^CzdY64DL*sW z*fqdAL_0Jj)zdvS+bgT0tjN;R!V}%L6i0)ypmc@Ii1Mo76gO`l?+Euolgj+EF!xFW z(|ki`i-=Og;?#2A2=R#lCpxh+$?7W<`kdjnC zzs!I%%e>6|LjU3dGYr3(`lVPJmn$S&mN{A``uOK32j!+!m3f(jW>+MaI;EGIn3r3) zmwI~VC1yt?I~FH!11-2ry>m?h3&Sf+ zO~d^{&E1_VoSZTY3-rA#_07U7e6>@O0=z29TmzCSoG?Ptv&zx8&`}{I$)~ueIL#+8 zB-ys+czLIC0F0u4a2t5s46GpbOry&!eB?|&}0{r&};*DFHbXX zizLI+loZ2Er()L-$E=KibSF#w!Zhbx11|lHlC)$OKO+N|!t(Oe2(QYr+?`Zh0 zl+ehef?Vgsa#N=wztE~QU-XdlNHWMQ2vjHxvMA0eE^#yo*LE_|HY;^D@O5)GGW2jy ztkCy22`Dvn%=0z&^ViP}PUgxo$}h_`uT0F)_YMyTuPU)DEzU8GboLJnOo=jz2saA| zcX2QC2ud$4&qucn8j?W)k%`G39+tV@{+9YxZjM=nr6%T_#}(f5-{{8ERedX! plLL#lPTu+8jc%KfkIMYA#zjSnXD2AGdmg3k&n@?T@wH@;;{Zn;-s}JX diff --git a/secrets/forgejo/runners/ssh.age b/secrets/forgejo/runners/ssh.age index b4fab38dadf75cbd15b5436744f70fb294ce0786..294bd09506606f954e12f3c04c6f42b3a93bc9ea 100644 GIT binary patch delta 1296 zcmaFL^^|LZPJKqWUwLSSTc(k3W_FroW@Kf#OQDmYiLr~Re^sSLMoF2USBbN!V`4;j zHdj<~ke^wkLAjxsS+;&aP`O2MPD+$c|_mqDbPzNw*OI+w1ULUD11 zZfc5=si~o*f=NJCRDQaGc|n-BZ-iH}xrLK!riEp4rfX7Gsdh-JTZXAwWNu+;dPI7K zvteaKmQ#)=S6XCBp?8K?j(=)sl~1NYpmU0)Nu*b>eqlyxq*t+9gr~QoZ?I=%Vr1aN z4-(;t1wKVd!NKkoxxQYdrRF6mAr_WCAs$uEg_+u^c_vO~PT>ZD23amqZh>5(1wKB3 z*_Iw9sp0xgkrla>X2E8aP7yvSRcWQJNoB^lk;Rt2fyUk@;rWx}8O6iHEz|RiEDW8T zy@FGU^wTP;vcm#0%p!99yvjX%qpC7<^uruOlC?d}@=UlQ0|Fe)!%}^mOS249jm=96 z{ep5GqnwRGl5?C5og?!7i+wVxywXFAbIK>5WfZS>FDx|nj!a1_3#f>4F)20hG;u90 zGA_&vN_RFfON8&kM*YaWhT#cdkk?&5HCYO9~J4 za(7BhHqOdS^^1(CvT#I?0PnCOi=uLcM8iOH?SR6xD95S{U;iMp^!mVx5R=HXFt^ll zN8|hwUz612yu>o2%*Y&9u7dnx%Yc$_cZ>XNzwAuYl4PHXpvZ9N z)TGF~z%rM7bnDVG6Ae=X6%vaalf6tM!p+Mq^~(cIJxvk|O8lK8P0~ueDuOHu!iv)C zy*$H;GQ*3j9J$QAi+oHBb923%yaSTG14^~soGQXfN?bFeoRTa`oYM3?Eqq)Hi~Vym zveB(`F7yv^4^*g3FLMv9NH-04GOF^gDs-=`N-_^933E2_$xKfQOY<=*G>Qxl@(wDi zGT^Ex)vqWCx2R7u*EcZq3~-97(AW1YD9j!gFUE{<}}F^}ZZ)zww- zG01ZE4ax*;vPv>j~cSYNVKujp8r#j>el^_6QF|D~k?P#AXm`?Km1j353#I4;aw@)9 zy!T6Bnylao-i14Z6r|Gr7V8AQ+3?QeA@5epoRuvTe^)=3RG%4T(mYq#^qa%i0LB;7 p)-vh8+j(Wq&0XuwGk>NonnXk8#qlIa4X0nS#xN~A+a(-lBZiTBsetJrI zI#-yhU#X>Um}^o&s&__sRfSumTd-+)sk?K5Sx`!0svqzz4fq$W;lbb8~x{r5J zn6Y-MQF&-KSH4?WW{^{XWs+rZqPBUGi?@e!nyICupIg4RtEE#}nYo#TNrq2)L9xrk z4-(-S0r^oGj@nK}*{Oy4Sp`uMo|PV%>4D`rkwun{etvmb9^n=GDF*rGhRIxoJoE_8r z3nGG}!a_?-O`U!6O7eq4iYpRBO#HM>J@O}?WfZSBDfSOG3JEXF%BaXO&JU>yv8c?> zGBzvCNHVNSEH`qhGBpk~cQMH^^>E~J%rDLe&Nq)LH1$k3tMVx_jY!H2$xO>E3i2^d z&G%2%k1!8U$*>4Ba`!}!0PnCOi=uJ`mx55wL~oa(lyEOo&p-f~1OMF5gfCi|~R9AFqgjoD54Bqri%MKc8&F%&5|EN23hyv~ZKG zfV6-L?|^I!>(Vk44O0UZk`pV_GTd`A3qzBF%JT{WqKe&9Lk#>}!pjWP3(9gcjV6mSvTpShXQx+OzVV;=klbT#;<{#$jW#s4>>S1D7 z&XsQxRN@wHSYH$pkY?^*7?_)qX;f+Ao|%_e>X#p!9^&I@>QQBGYLJ-WTFj-ZtE-UX z8(LMIXP)ems$G#E;Z>He?^zL5UKCK|7hD`=s&7%6;hXB8Zs=BQkk1v$@k?|?>{KO& z+5o37E2@|m9@!AM`ya!E(5j{LY>gF|?+IOabNKX%#KkG~`hPDvcxM?Do_@W!YR+jP z?yXyIt}}mhYwhOF>D;Sdx_l`TxZAsN>G5+?8xn)s=O5cO?Zq;MB|K_-9zX7y&i}=7 zk?kU838TQ2d&z&@-j+8npBlSxO2cwvNz2`-3x2VFNvy3FH#iv_d^Yc-{RHmB?>Ri& zZGlx$PkANkLi!87NWZT4uB$$nYFIR*qWOmN?7K$`FNrpr{M(**QuxOv9afza=JzcM zcuz=5C7m@|@v$IlomT7Rs@4vjI}aLJ_?dEVUQtxM_j5LPuk;6=lrD*s)$`r&8~#?e za@DK4S;P<$#qBib%-{X3H_yIs*{bF);NU&U=Vwvz27fOb?esY{w_7Vb>tmzW?Fy|u ztTUq`N${jod}Ywaxst|Lmpz;z?|wk%`0))Ps&^e0E4P?&IZZiN|I<=@QpK|4f&q^L ziscU8S@$_!_Xx+n&-<5Hh}En+E5&>83a{0=Pjfyg`z4v1Y|W@%CwIfUZG}oH%W{!` lTeBj1+t&Zv5dB4T!ttltE04r&pK&6X!+WZ=pKi4J4FI}z>{ ssh-ed25519 V1pwNA WVFiA92ZgJeUK8nqIDSgJez/RmZBN8xa0hsQURIitBI -3U6oEXcOzR4IvLyqxoZ9EASxy/zrLneNfC6i3jA6k7k --> ssh-ed25519 4PzZog KuCLxZN6OhSPX/4NAKgVEfRnFsjVVOlEglmZXTazHW4 -SZoxI6JqY502CCvf47UdOIR03zqUD3Wq1RgJrOS6ses --> ssh-ed25519 dA0vRg 7x9LrBgnVx45VcEHcS8NUcoaHqzlhy9CtfQ3R2yAAn8 -anutykjHH0r8K7ZdcByyfU8GlJr216Tu0JO2oJwYtmU --> ssh-ed25519 5Nd93w GzzqXHBA6reqmVRgnojBcwH7OUMDXBcb0w6dSvAx8QE -h0JK3Gy+22br72YJKEMHAsFKaRhqtaEyznUTlwnSJdM --> ssh-ed25519 q8eJgg 5DHBi0TP4zOqk8gaCw6dXn/9jkDJwijOg6mgzPqQUDg -Ck4yt4Buy79RygyADtPWyqBHO2rJBSwIsnkJ6KuslCM --> ssh-ed25519 KVr8rw FeDC2FfZRAWfLAxVov+bjIi/SvKcsQOFmAUtAFaKkjg -WP0WhV2ri61B90R0H+xj+Cx70um24CcmyXrwk55yb/4 --> ssh-ed25519 fia1eQ dQUiH/S8DW7X8Y/Urug17Crzv/+khFdE3oKLvvmGOHE -0CaTFR6Ccb7kSl4GW4Iy5H95+unkMcchwy4f1RawYHg --> ssh-ed25519 CqOTGQ oR76yJX7315RPp7LTZX5lmFHf35t5G5lybvpn9PZdw4 -7qgpY3pLW0ygHl2NsezmOfMRTh91ciZ0RyfSkJuzhjY ---- 8B1YHPeGspJhu+TnQ72FJKAkm+t8nIMVrbrBMTUMMpM -ϨZ -NFdx}{]'k/ jt>U$݄$j%XS-X@ج.ΛM ,qd" \ No newline at end of file +-> ssh-ed25519 V1pwNA 8acWnck16a9QK194orAzlQgQKINum/cyUzJqO6i0rkg +In2UpSbBR6QoTMTZR/GpZJN3x+5CK3hZcEvr5fORoOI +-> ssh-ed25519 4PzZog /YeuXUmWrWFohgOSEmUygaTax668bLZpYO2T7KXl8n8 +mgnBBIsPycR6RMhLk4HQei5xQLzVHiBHaooOzZdb4YA +-> ssh-ed25519 dA0vRg DidrxIBYvAfPkwNzQXy2+f6inafUafoX8cfUChA7l2Q +/wfxyJAyrQ3Uycxwov+0b9pKKOxPP9mySRK5g4BzMnY +-> ssh-ed25519 5Nd93w i+oP7x/eHY/Roj4mdpOFHrBe5rxUL7/4617F4O3jPh8 +yTVD0dR3ljoUSv1qyuKcOvr1fMRm9C8YAZKKjURtCPk +-> ssh-ed25519 q8eJgg Y0yxgrLm9/E8nYBg6Yvd0GPbY7PwCJCumQ9CtgWFxxo +9BfGPSP7pTTM8Dm9qXagKaw95hbqvvp7qsFkhQgQco4 +-> ssh-ed25519 KVr8rw pXha2ebkoIFX9dMX3uRz+0rcbwcQ1mwPnLWp/wCzx10 +BQQ77pXJl75c6myecmKlEpqHtWB/rSdG6Pwpbxzcfbk +-> ssh-ed25519 fia1eQ gCgas1CqGNZ7n09J7iXOvh2xeGgoszn36ABZwiskBBw +3a7WMN9aB6ZvwFyP98At9V9K99hD1vkvSJgnY16/JKY +-> ssh-ed25519 CqOTGQ DU1oon3RPo4MCdzigrM2+b3KnTzzTSG/WDSvtBaF1VE +zwKaQnXT004dMojYFXPz9UERL4ULe7mPZ+vwlZMxFvY +--- FWICxx8MWe7awI8P5t0XsbA4Ye0zbxCdMbapTs325HI +w-d!=g&ܞH?IےᕪύҢلLL-ٸU? )VJbC \ No newline at end of file diff --git a/secrets/gitlab/db_pw.age b/secrets/gitlab/db_pw.age index f555db74585773b75067d5756ce7394c124db773..b98b8a6a369d468a9548fcd4a295b6fdcd5a3470 100644 GIT binary patch delta 1024 zcmcc4ah+p=PJKweWr=%QWN~RpPHt9VL{yTSmv%@=Ns60eUQ&6aWqwMqud9EVXGv~) zIai=Xa=4#in43vbSY~l}n6JO9qnT$!VMeNvS5-iczNN2aXlO)uc$k4xGMBEMLUD11 zZfc5=si~o*f=NJCRDQZbsxUo&~0b zjuysAj_xIqo~eaphUEs8`KI|vK^fX^;gMdR&guT4rrKWlsgZ$`;~B-ns|?K?jmkp8 z+*2yjy>rt&@`Edby)3;glFN$%({s{tio#tooXVoieO(Q>Jbh9ujS9l6D#P6KLi{7j z^UHFgj9nwleTv;849qeLQ&Ymt{mYD;BRxGQpJf!U4@xr+H3&|LDh@F5b4|~5$+3vC zv@CJX_s{k$FDlA0EjCDuEQs)TH>(WfDoNLlGz#}9&CgDB4)Zi|cCIKbvkVP4cK1xQ zaP}>YF!1tn4G#&)F3$=@j{)znB8#GOg~(7p)3BV7#ENipzs&NIT+4cGw-9%KPaps6 zoFrFwA5+(`azm%mWcRWNN3N=f$mGmoQ%ApI7x#cvxBM`}#GtAWuT1~INTUG5C?Ahv zFPCgr%OJN96Ljm+G7}9`0~JE@f^+;M+yf1qO2e{^Oe3=_BMZXAOCodg^KyJmGqg*c z>n$@v3ypn!ja|7cyom@F;XjajeMa($&>f zsPZ%l3idAXb1`x)FtaQx&L|4X_BHhO&kRa+)6X?6ONlhe^7JtG3odiy`u(O`bYG}f)Onr{mL8j{L&>G+Y}!Bs^69p zP`lJU%HD=of4U;S#Om+K^1Lm!Jdz53-V0^qMJ34JH<-BTP{%66sd>^l6F1&@zPs$m z)wJ@)BUzVS9hf;djOH3v-~ZWqf$^8?jT`BcYhHW|j4=|v@Hus7-EqNL2W>B}*%zCZ L5|sCO+ru3IUoLAt delta 1024 zcmcc4ah+p=PQ8ARrE{p0X}YslmcCoCtC3}m8on1qW z3X?38)3kFeO;eN83%xx2yj;>;^8EZPOU<&3oQu=l977_xd_6t#D$+a>{d|1%i(M>@ zL;QWq0}@NU%RD{8f-=pFJwp6lLS2HwQbK(vpJf!U_YUw*EA;RSsz^_F5A*Xd^vpLd zDK>XDFi-UHbBXjV^zlte3(xUMHV?AkG70bqOD!OCw_s zH~nnwOtbLfknBkRlJK%1UoID~!17!}eQ!(uFoU2nuSg?j&)~$W)W8DsQlCWEfP;~3kG7}9`0~M-#0!qrt69Y}03iZvLQp?PW{UXgPeZ5_cEnULhDk_ai z>z(qwt8#*zBTTrGqmoKOBm4~Ai-O#PjogCFD#9wF!YZ6yvmFbwoXsta42_CI41CJ6 z5|h!bD~+mhGEP^>GYYIoHFtHgFb;DJ4|H^OF)&DT&2cKUNc2nbjVSjt@$)VY&G+>w z4UFV+OVbZ?PYSBfHt;j|DRfP?C@u@m@OO1IHF3`iE(^;Kb~ZJ3P7KKNigNYj($&>f z@Qko@^78Y`(spz7t}Jm6)=x|?@^nlL5Aky~D@`)?^i7ZOj&e=SbWC#OiguUV-JoIr z#jbW<>M?_Gn^@`8izPLmKQg&()0}QUmd8u!J1ZK+e4Z8PBx!)&!*e(Y*`lZ&-&TXX8awpAtr6Z^@c4_#(GMoaA};1$E?yj#w&wYb+YAn7asHZ| LVjFl_YQ6yg6Ubi^ diff --git a/secrets/gitlab/ldap_pw.age b/secrets/gitlab/ldap_pw.age index be9b53aed6f104791bf92c3dfb62d178e7e7ca5e..35339892f729800d8d6a5f91598ad136cdd7e6b1 100644 GIT binary patch delta 1023 zcmcb{agAewPJLozRzPTWR+LA6V6KH(ghz#OSdx2jxlg58ScnYmr1^3sdq$)mq~VUS!uCbgt5P`aaci0RhnZ_QF=~=SBRfQwsT5`XI4?@ z#E;_Pj#cgzmIf~7nN^m?=^iD)WnrfIo=HyG<>`U01!0lqE+IjIo>7Koo|%DM?m522 z`9&sv6{Q&-#fBbU>1Ia$#!)2!Zf4FN9&X7dW+|C@W@)(=mhKjl;~B-n^BpS_qq0JS z-JLCS^Bv6#e1c50Q>ya49n;g@O1(qgvcypk&43gi0RsHmuL_sC3h z*RtgBOt*p%kIGPe?Se4lK(0vric*7&qKrhhs1$$8$ViJaPrm|Vb4xRiC~Y4{AML<0 zr(DnQ-27m3M|A7bG7}9`0~M;=%$yyI+)RqYBC0%tQuESW3eCekstnA+BivH*&C7h# z>s<^@{XF%HgG{(`jf>sA{CrCsQzP{&Jqxv6jPm^QlHL6(BDB4|BT5X)o&62NeWP-N zLom`;X;hVyak@f5NPcp9h;e#|d6QX=r3xQD}WwQhH*cmvcq9cWQdFL7_oFSwN7PW0bjLj;Co_nn`LvT9z-DuCA_v zrFXDpg_~1OYGhb(MP+tLW_FZzNQ9-fwqbc;M6QcdR7I$9x_Mc7xlbsUO|^W{+)(`) zdwVwA7YZ#6@7|DPJ}DR-z>jW)+oiZqWJjC+@gSMi!SOqONc-GB%58&QQ2hUF{Aky J=e?*m>Hv_kX88aB delta 1023 zcmcb{agAewPJKmjfoX_;xOcv3hFfl>pNmCyUanbzS+ag*x<`6|Ye{K}e}-#Cx>1#L zK9`qKij$9al$&;`qf5TAad1>oNKR&YuD?NAS-5MIua99~WTlsZV{WNeK9{bYLUD11 zZfc5=si~o*f=NJCRDQaGvsZ|3Xt-s%MTS?tXJTGPm0M0$QJP0tT6RU4nSQBxczSU_ zL`amQiGNi-SCW@YQi)+jaJWx~YoSG0j$?R^d9jgMskU#LMZU4NiFRZ`RGN{KpI?sa z#E;_P5q<$)E;)G-#)hWad1cyZra8qG*(nyuA>L-%nQoazh503cWuc~76=C^YncgLZ zIRUQuCH_7o<{^n@hK1o~mL~d%Re=^E&S?QI#lc>o`Pv@ZW@Vm};~B-nT@3=9{UR#T zJ&MyDvy+32osEK%^2?I~10%dW4TB0ZvXWB*Dv~m@gK`bHf-W#BDqVy0!#$HD zT?(9vea)T2%OdhBTvD||ybJ>({Zf66%*~T0pJf!U_x6d<_s?;&&@cB+3Wz9mit=+e zG)qnj_KYYl^Kz*uuFNqANH0otHVw4k3UaE-jkGAvH1aDb(Kk#tw2VqEFn0|1u*`Qd zH?znJF*3_YbSW|_GdABBTLUjgB1NDeVwUt!bBcoe!y~!$jg8VxBg+hfee{cqigF6eob${x!V7Z>io6|5{LBN&oh!Bs zj4{$zX;hVyak_$gNRgjgWO{L7KuDC4S5{IT3M<^a&bkZuV-jhl6GoTVWF#2 zwgs10R#u^9c~*T{X_`S)VT4a*aayppOQ=z0mPb*!i;J;$x@k~lNoHzJO1TM_uCA^^ zazw6~Q>u2DQE_>dmw&KJhIUGpYlv@|Pgtr+QF?fOnpwKHt9fKzRb@VxAA`>l>GC|{?|r)Vjs4A}pxTAkir(*3 zy*-V~MEu3OA1w!hcS~G-{@Cu8g8Q=1LSKGu5R&A)FJ^jZpPt|hzY7s-QY?+KGo^Mm LDaHARpL+)YHJfXC diff --git a/secrets/gitlab/pw.age b/secrets/gitlab/pw.age index fed6cf7..cea4beb 100644 --- a/secrets/gitlab/pw.age +++ b/secrets/gitlab/pw.age @@ -1,19 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA rITnhjccFQTSCG3yY1gfUd3RFPtymz2PBBPafKqDgzk -14U+liTyDY/cPPDPLqtDzzB8VEOjT1OiQHW7ZsdqTwQ --> ssh-ed25519 4PzZog vQpDvof5krUhHTT3QVXpRoBglQ4xZsUVobDmmZFcsVs -/wGu8wiBV+zIP9aTDydg9B8mXwk9mhu64pHkOPlL/e8 --> ssh-ed25519 dA0vRg 7PnZ7JoatOi//MWTodmrzjfJJzauh4kUO6ErGpN5rBk -p8cXhiS7odlvzarQiqnrvll/RnECkZ0jPnMjuA8vgAM --> ssh-ed25519 5Nd93w J5vVy6L4UjYswx0g3xVK3WVU6nwaLZwcQuTRoYJAsSA -qzmRfEMcZI8P40fER+V6KfxVJXxttQpbAjChNk0k4gU --> ssh-ed25519 q8eJgg G1iqzNqpPeyIlOt8CelGhgC7Y09+c3W0LLoVl49vzE0 -7Pao8KniI7QJdnMw/q0fMQrjInF0CTbfnCSL9FLJrjY --> ssh-ed25519 KVr8rw FMvso907mXDbRRv1LGmrRJIo9BMQz5Swzv1ZHjh0j1o -RrqdTZsEpnWgkGvGNprnk963KMx/ShhSdvK5VOe/xNI --> ssh-ed25519 fia1eQ 2tppsKE/FfdgBN74214/etyJhnzNSBtxWvP+OHaY3xw -feXjn9T46anxhofgwQXTn3Bj9usC9/f48I7irrtfTZE --> ssh-ed25519 uZzB3g 1JNZJ2MOAeOgPH+jWjNf9qi5ncEaXczIMkr54vnHITE -/IWEATVkAioRB7DFiEZp7QiD3tRAX6WcyFVEZT82snM ---- lgmy+3gc+bFhK9OPeSHJWPnjjbZgZ1GHjBGz4q+fRa4 -.~68@|5m"ҟ NN`dÍx=:ІN%0;DƬ18ti fÛ==j]qҨ"!} Ivϗ?"pam\i!w~,{DKVQ#UdSjKW \ No newline at end of file +-> ssh-ed25519 V1pwNA RT5AJD4kBHmv0pPNB9TASl4j8h4cIS418P3V9rUUjWs +tupAAUlbIdszxHMO3T/LgFcl0LlyxnSmu2E7MWuCFDI +-> ssh-ed25519 4PzZog Vq8xPSUr64TjNwWY/5aV9tw2UqmCcflWphHQgl1qNmM +WBWAJUfJ5+otsz5ubRqIMPvk5p0/h/yQhyg+sV41hBE +-> ssh-ed25519 dA0vRg Hkzhdyy2NueyE6zrVxzkXvPBzPiczjCYsT63XpqcSHY +bP2gd7I43q9vjKdyvrxddxxlG9b3mRq+NS8gC6NXc78 +-> ssh-ed25519 5Nd93w SLwM7TepNucy+RZJpEHm6ZffUInNzsNVqbqYz1QcGFo +nnxkYPOQkHkDFIBOVoB0/96NblBpy3sBwSf4JHjQWMA +-> ssh-ed25519 q8eJgg GZpY0Ya99WQl+SaQ9+uROl00vRnQ7AKfAL7L/f2UEjc +Ylvcy7f/6whLkWW8a9V7cFHQynznmoiK59d1KouN+nA +-> ssh-ed25519 KVr8rw dkq2lBd6MX7QwX7VLYoERu0TH1kl5mQps+oPtrwcUBc +gAdFa9ycxKUDErboYQRgIs1B6QK9ExWLkl6bzwHjOcE +-> ssh-ed25519 fia1eQ PBbnQ2fhPW2GB5y8DpYAu9Kugb3sdWb86h0bSYwXRzc +1HVvMRgb7c9V53ApEasPXetfBvsz9GSArJOxGtRXbMM +-> ssh-ed25519 uZzB3g BMRR0RZLtsSAzI1EsQzeeLx1JyCZ7QzhnGvn255rlyk +jPWO8HsZFX2TGtRbxwHV6x2OWwbCJb+sPl45f0mAHp0 +--- J1ejh1XpuAwFhOdWUga4WiJzgFmFdAgLpp2pe0K7cnA +EзPs*w⎲[ ~Ğ6H=].!C?#$5Av EasxKdVѿDQײ$;-S;%0EۂR0)F)b1D +yʪ zWmbimm#d>Mmz%GjQ-QCUzmG{#uxq}Ldup10a%7RAVPJ^AabS@}nUh;sT1G};RbpZG z#E;_Pc^QR{#?I+EK_NxHj@iD3&LM8;W`-_-CPrx~-r40I1qEq|r3S(JVZp9krWsxy z<`t$P!FeTl>25i`#jY7ng&`RgDgJrh`9;PVWs&7kWs#2N{w}VQ;~B-nJ+pm7jZ-50 zjmt|*^Ar7Z64PALOv{|o%aU?^^D2A`Qyhybs#3DDbHYuyA_^+~bJJ7uihVNt42_)q z-9v**%=5EKy-Fj>!rjBlE8JZD3r$MBvYZVjpJf!UFD|l7FAEB=h$t!uNKWxjcQ&oa zbkBAz$tlh;wx~2K%MDI94tLY{%?vW&Dor;u&kxTEtPBhCGBh$MOv=|U&j>b1DM`r; za?Wtii^woFGj|Hg@(r^a-bOYzgVy?8X0%Nm8ugYNUa`%wjyvz{S;M80{!wBt6i#(5V-<*_W z-_T6gs$xe+Pju_jG7}9`0~PYJlghKpgZ(oTOAVs3gSdTV6OY^fc0)4r1O+$;cvpw_tTnn;1i%tDgygj2lD)bElvnosr%Zf_N0|Rp`vx5S) zee%(*b1w7`aSv2*PPcILG^z42sBkmRa5Ks_GII^h4A3sEO7|*Fb}2S8^2swRPEB=n zjY#IQ$SbT2&yT1#FiUcAuSjw$2u`XrNy{m+F!uBcGz$;*%`ymeG50QvDlAUs($&>f za7=RyjI=Z`G557_iA3%%`@;zCs delta 978 zcmZ3a+Z;)pSPc3eyB@iaZ03jZj@y}aaD*}SY=*Td6AcEnVUyZN=AC< z#E;_P8LnpK#^q)vfhmcO89AnfiQ0xHVMR$r#YrKl`MG|1p1B5T!2u~{Il0MP1x8-w z8DZrfi9R7!K9&(-;o9Dg5e1RCNp6;THOnlmEY!A)axU<5_4W2KGsGR=xIOZ3b(%=GcCD38i7 z3q-fhxzInvJy4;tqTH!0D%UsE%Q!GAA}HJ6z&Fj$C_OkcCDJ*) z#DFUx-NM_T(!5^VD>U7&D$^i2AT`n4FWuX)Fw{)nB|S5(yxc4@vPwHGz1W0HS65e| z)HA~+*dV>!*H=5R%*oBoImOE|$k(ep!aXV1qcGP$!@x2uB`+}C#XpES`HUs=>pW6obxah$c^*4gJTv#P<0ZKh?v1M+ ze3$#1e(H1GDgFbwfy*QxGzE0pvfV!LFyOWH#7!TfLf7uR_+E2G)60Vm+M1q)>x~mG PU3+oO=vbx^!_rIu@*!9I diff --git a/secrets/gitlab/runners/runner02.age b/secrets/gitlab/runners/runner02.age index 49f3dfece2722b93ea0ca41a3d79e32c2dac5b1b..28aefadda7cbcbc9db38f03b6f0fc92186c827a8 100644 GIT binary patch delta 976 zcmZ3hM1(&X!LUD11 zZfc5=si~o*f=NJCRDQaGp+}Ormr-P*L1>1vsiQ@eyPHe4r%8Bfage@GQD9J!uX%=_ zM@djwXr!wNS71h2rk`PCpqX)Hrm;~`ig8L%gm!sknsZj9YlwD)f1ycgP>^X}m3OY| z#E;@(+U_2O-q{`{`r(B|<%v=GhURWAt|jS?{wdl8?!hK*-r-&r&Pi#B`W3ERh5Qjflk^6Ayt{q=B2qANkL8}W&wVFA)dyO;eJk8rmmCY7$w3}lhVAyytAr8 z^D2W1{7SGAc4O3JHy=ZDgRCHf zBnww#w=ARZ0@q42v%)Z6E}x20LsPGasPMx4++1(J%)-PxqtXbkEQ^fbyaK1ZB){xL zqayzj57Quw_)g1AG)xUtNJ{f64v9=jE=~#YE6nyuG4}TM%=fSiFDybph8xKg}0BZMQT=JkWXGln2AMJke^9zskd`Zm~&=8m7A+sW|Bu$m~&!f zGMB4yl2cKpOMO6ynVU~akVQnki%&&%a)v=bdQpC5TDECvUQ}{msi{Gwr6ZTFuC78_ zmT^)}hF4TXMOnIqYjRn(seY=7wt;WDS$cU;QFu;9pkb9kVuWi&RwS26|FcIQydKT4 zWqEV{hJJG6yI%2Clbp5%K0MLhA$0gxisfp)ZN0yKU1mJRSQp7c1BCu{Q)2(MZBAXKPKC*k}Y*6;|NLf`Mw@NeSmW}$X M^5Eq2QiWA_0TDD&@Bjb+ delta 977 zcmZ3%v65qgPJMtyNs*URR-Q?@r%SSjX?jL_iJ!4+xR1B1sYy<@YgUoDrAe@{k$zyN zBbRw*X-1Ndxj|5Ng;S_YMoCaXdZo5^dX|M>L~e*lfumD-R9I-Xr?ZoXE0?aFLUD11 zZfc5=si~o*f=NJCRDQaGv7wu>yK!M!u2W^AUxYzOkeiu*qGL&gUv`F9Xi=heUXpp4 zL3*iAZi+!Rmw{!KWtDe;yFqE5QBX-%SX6p)ltE5dct}ceqElv6WM!2}VX3cok$alw z#E;@(6-ikEMuz4Ajv+-(A!U)3?rzz^0g*x4u7ye7zTwV^dA=TzdD-PvLGC78rf$Vv zhUVq@?g18+72eJTnQ0~_k@^PZMcH}2RergJg?Xmh6%mep?p2fH7$w59jKhsW3zAGj zGL4hXjY@*T%%cht3o-)z4PCq<%5o!31JW}*oxO?+jXk+SOsiZg{R`96d{dKLimQ^t zstO7Wb8`IBi(H)2igP{6oQvEov<=*gDf z^2#bsF-t7*aJF>ME(k@B0PnCOi=uLc@Dg)(lf>Mh5Yv3)B%?An&w5LjaHGwX;1<&C2q_($gGGUA;rI(##7&1B-m~GTak=Bf@fg z4bZJ~F7yv^4^%KK2=S?iO7}|5O)l}s$}FzRFwP1O%kee|%n1$3bu36T^L9+}NOexH z4CIP*%T5n8@TzwXh{_Ig_sVzkNiz!02+DQ~$}n{EjW8}R&oJ`v3kY%!t#akk)zww- zD$Daq)lNw*^mR3lN(qW`HZV*~3dm0kF;34)cS@@)GEXfEH1yOqDo^M7V$ZknpstRvEs=1SqyLNh{FPE;JLUD11 zZfc5=si~o*f=NJCRDQZbqJKbMXn}{ho3UfCnP*~YqFY8%L11KLWN?IeMzB|MW`&Wn zp>uj@aek%+SB8agW_F~%XJKBtex!F=zEO}@vZZf%Qc9wCm_eAaiopXP^OvV z#E;@(`QF-9d6~`ufhoow<@!#!hWg3wW+?`qX=dSt=3!we6+wo1MIQRT9*%)r$(Dg; z>6L|hPgJ8p` zqTob>;$ZE7L~ZTL&?v)vF5`kc%T!~}Dt|WvuZsK(-vARM6Gyl3ax>2&=YU-8w7g(* zgXFY4?hJuK7GBe~2&jDod8yiBuF%#+jdoD(fG!+jFdjH*IC+>IkWL!;dCO7v5+jSD@DNZ&CHBU754G7G4EC>kkOQ}rC&#N#BN{I+{Pc}0Qce2Pa z@Z^g0$oJ9qwx~Bvj7V_~am+O~_D{AHk#vRRa=oAaiz2zQ zZn?@h>i%8(yYjJ`pOKoR@6@^Pnev)=Ib?ZF6q7g2j8j!8C+xBq8kz-hA J6mI_682~*~U)lfw delta 1023 zcmcc4ah+p=PJN-1wr{y%q@{CeZj@tySyE_na*<_Knq^`}PMD=jXrW7Fk!7ZHzL#O9 zBbQ}Gnzvh$flF#)c79oji&2@EM@4{1iKSa=T2y72lZlysfw{YvZ)&zdK9{bYLUD11 zZfc5=si~o*f=NJCRDQaGxl@&8kU?N>WR|;UR6%l5l$(=(P-bveqOqe%lu>zLdT2^y zj$2ZNM@pqHS7D){OJ=IGpQn3zVW3f>mwuIDK&pqkc4mQ(QFdizRAEqViK%v~UuCK1 z#E;@(##J7PrjAwVr4fz=VV)_5d7;J0X%XoLhAAe#6;+;z#@eA~j=A0`$?1Vyo@tgD z#xB|6uEmw%$)?5Tg(gXknFZQD?(WXHenut+5tiu{mEM_N=?0VI7$w5p0}Atu0#bt9 zi_AlkExfBDT@u~(&5ON5++92j-HiNv+|2cTi##GSD-F2ZgFJE#O7pY*%QF)V0xMkg zQ>t5szUvWeO)J?WfZRuuJR};OwUdCOEJrKEl(*7Hx0{8 z^bU&*NXgA~4$aMV%yy|T_NcHdaZcy*F>*4_a`s9LFb*;DDNPJ0$V~F{N)PbJ@iL4k z)VA~t@No*&H!TkFu82gB0PnCOi=uLc3KK)al&IXaVy6nX+$f*4f_gunkbvTXB)@?2 zq)^{5ztActXQ$%a9A8&YuBzf(6GNkn5YtdIM@Og7ps0eJaIYYbw8)f_?8p-1Kr^3o z{lri|%g~~9bnDVG6Ae=X70k7r{i8xNO4H5#O)8ut{F02ki<9yV10(!=OpOfO-4jFV zqY9$TEAxvo47iLfqYAw$GCV?(3beC>d@LjLf(rCKeO-fG+>I*qLk+94ypqZavrCN) zUD2&8jjD1oPFE-i&`)&A3^K|wOv-g~wI~nrH})v;aq;u7C{1+FE(xv(_fB!l4GE~q zPUcFA3ODlij;z=AC^1j=ady_vFwM`e3JfsFw#+fe@QU!uEj97VC~)%dOSa(B)zwun ziYQ9X@k;eb&af~mwaE6!N-y;+b2RXCHcd||uP{n-_b&3y$w~9}OO523#_499Y08~Z z`A+0j7w77h|38)#_pPXKE|6ICx2|=$p2I#H>q;BuvNLMsdDr))C>i~F%AhKu9&(P? zZ0S9T`5%Pu&-y20Zc!^Z=MDd>OTT(}+t>I7zG5#c(Y@T%FM79Q^Ujl2ALi7lwR6nB zcE+JMNK!5NvX$24V{5{zzv`(8ot1d{re{v{$@hm3UI<^`8}{Ohk#T~+*SHJ*KO16R K-C+pbW)1+IfMs9+ diff --git a/secrets/gitlab/secrets_jws.age b/secrets/gitlab/secrets_jws.age index 461b442a7b9f3bad11169fa8c39d4cc6a049c84f..a06e1f383780915f1c7d0ff44e51c06a276a06ee 100644 GIT binary patch delta 2584 zcmaDN@ufC^Ss;PFmccHU^ z1(&H~qI;@QW~!-4rlE&{yLV1ra6pQmzhjwahH-9rW<*7iNtugFa+O(mB$uw8LUD11 zZfc5=si~o*f=NJCRDQZbo@H=aMQWC_V}(<(NqBH#fLmy&XS!dYg-dXOVS!hfM^0gc zk+XTYTV6ylm!WTlzJFF$l2@vedsa$GzQ2iQQe;-Sxr_~J@rk) zLR~`)^Igreqx>UEl0x*;lY#=XoxKa3jEfzMjE$qRO`ROMl0!U0oO3J6f&<+PODu8> z3(^Dg%kz^hD$64s3xZ1XN?iZPi^mfKOfJmJPUIZH@~VX=hVs| zgFFi(uM87(>(Vk44O0UZavbv_%TiJ^DhnclTzuTT%yTj$Jx$U~3_Od&%}bMW&AsX~ z%Zw_coE@_rxx&+(5)Bgr^K@GYiYf4#v3^zA-E-$U}bTZ5Ki1Lpxb&D!aG4v?OD|K@(#oEZ6?$iWFVj$Bizrc6 zIXWxmnD6y{9R8N`6Io5Q?ke71(2@33*|*^_LztM-{Ju`U`7bBx2OP5e-)?(&Yw@?Z z-B+jEs{4!WPb&KoSW*9ZVUE4?`)`knf1XI)Zc=wgyRFhr=jz-=-4Sjkan1$>LP6pc z`Q?{hz3Y8l+O;lElw*A+&-;00u3NBsRyt2!;uspf_l&+EHrTR*ivh&^7 z_X_HN@-*nVxlwY(mhG<5>664oqaI9^YB2vI;@zb3Vg>sLOPTqb&o9?7{dUIu`0+=6 zpB0T2^)}Bb-*xBXbPuM>YXmba>b6O2zAhbHzxitv#ERCe^|Y~#wYPfSj3ZE^*`q(zM6RSg5byc)W2s}EA1>hV`SxC-LQ72 zW&F!cNrx`GzLuKQJb8x8x`^kIF^9X@#cb!d^%!6CIxTf$0-w)8r!r-t3N8X)|4u=|oRbRPevD#h=3uZs9wddPG9v z-JO?V^|5c>9$+?!NKUYC%&cBKec9g?mIhKk>b?bSTJ+ris`FZxiar_DG~E-;MH%k* zAJ5mz^07KJ`J>QRwvS>b|F*r@FR>&{`qf&b0T^~WIs zM!OX4E#~LT_;tDz)jzraf3n26cYF6|2f2stF0e71UUoEY&)bU*TOTe~yk}FwC?o4DX1-gz$G+r&6dw*As z9Iu+~4dpl8a!>6T98bKrT&GqT@7=Rzi>^kXr{1BJS9VxER#HvW4qjSPpVrpfp5qhD zcde#Ca9Ne_`3c5#2Cq+dPFx-TtXuu+`*(*Hm`fYiyv%owv(*!~jh~W#RL1j1=z_UE z>%+eN+?`e(xqrKIrMvB}Or8$A?Pu7dL|5MkQ~EQTd&!-%{zr9Ql)U@2?zz#w*4(Wt z%UPJ;Gkg4Us;XWm75_m{cUSiFpoaR(jqeOSI_~P7+xcdJ&#`^+1#3@D+$tMgovQHT zR`??BQ>!}tb}N3mbNr)f_@&yajp=-g-!t)v=w8oU@z$69=0fe3d(*qU1md5q6W986 zfB)8khKsFwU(WF#x666s|LI6}>!Tz6j0aA-Pkd1Sw`gvH{sYN1`umSqPBU1%-rmaY z{o;Bh<-c?9Y9w}W=I@j^@@?hTl4ZH;*Y5lLi@kC_?@!Bb(VxthI{a97KIX`*o3Y!9 z&gvEV-D&arx_4@a+TqimE<`pRV$#-}&?FMEagr9Rmbug!$44_BPnpPezHqX!X z=D#w%^KA~>s(HSSntUkb{L#&~UcCzPD=0g-*W$nMGtv49N7$yGlD=Pj=v8YUQ~8zE zENARbd{A0>`^&aV&KxB>E=pIWv^+b$aQW)U{{bvcyQiPpboiQHubJPD196U*_bc`C zh)&!dQ?0|0eEXSs_sK)sctSqbi5uIkQ9mmDF7+Qz$Kj{dn>Ws=m}>aGW^Y|>KLVbRl*w-_!JDHomVD6ERW*nwfzZY>>a8J84CpBEj^KYld+4Hu$=gz!7 z`|X`c%XI%lKdMp4UR1Zxclo8P7oH6#m(I}*`Lp=Xe$G8I`(CAdP1r48!B?;|#ieuY z$F-j`z9zqMn7n~GT-jbeVYd9elzo3h^t-uuxVo#~KJ1QQw-5hZ7E;39QNJRxIrV#= z?d02cHviAwW_`4+ovAeP#BCpi){|!}%&o6@p|-tV z@nP2WZF}YGO(Ye!n#l%v<>fb>zHn=ElS9gqe)AK%WEdvh`!}U_k*VdK)ZN|}CYTAqE4 delta 2584 zcmaDN@0xNsc~t(TSP^LXQ8Q)QGtG7iMzH_MwUykCzr0BLUD11 zZfc5=si~o*f=NJCRDQZbrM^jIM0jDEbFzMwVPRypqnn?vhrX+KsAG9 zd48%%k(rSzSEf@)V0oHRxQS7ARlZ}0p-E~*PI;DFx`~-~azIIFeq@H5Sy^Ucnz2FP z#E;_P`o<=OJ|U6b`K49C?k>dzhM@tOe%bD2NiM||DLJVoM&{v3hC!A=Q3mN;fq{la zexYf8o<`2vo*tfVfv!anW~mvzSwS9El|cc)mJufUk^YI9hAt+P;~B+6Gpf=Qhi+AqB6Y91O1&U0^Rdm!Y7|*l&sG)_s=RdG7B~~^fvX(^bF4lH4ZiL zwv2MAO3Ka34JyboEHlVYb+W9C$meoPaSih_iZBmM%qUFFH8b-s5A}^oEcCYY_9)D8 z%lGmP%nht43393`%SI1>@310^qH=|ztirUS^z=0M@DP(M?O?y8`rs-9bI;NMBQK-G z3J=#vld8(Vk44O0UZJUq-T&7v$qopZcQN?qJtLdx?jy%MY3t5V9-(u+*e%-rft z)AYSFd>jq4xk5t&tK7VUi?UKm4c)z*f+JERl09-POUjZ%phO;zGJz`K^JslXmlc`tf~E2A@zY8|Q=c4d330cXnP)QSZOyvBK)^ z7rAuDZ9ccJ-ni>u_r2rzB0<%E{*%;0m&>#*Rf^XU*4N@ z7rhKSy>hWnoz;{tS8~snzGHhC&evn_5WTmL?eRl3<;t|(lU}7fTfJvKTYb*^+eg>u zZgdUv6a01c?S;8N=6&7#=<*bP-DB&XO|w|IJ6%HNeL?H(D=kgz(F>nlHcq^_FwpnM zm;D!&e)d^k+4n}eC$_xy568=QC*yXm{BomLip4YOrZ%&o#zsS(%Uh%kXU>$8%zAU+ zxTlC8_c`;7m#J=7cwLgMkM?fSVw?G3Vf|LgwK?j~HbvPUn5fMA>dz9+8LBs})|4k+ z$?{QlD6)BZfWPJc+m&on9{0{Oe$B%uuaVII?q99-`Qv$IHUA?@PHk_w6Ogcc(X(EW z+lPb~=*T?Ke&v%ld29R>HUInX|Hw|?wJ=VQRXgRXXzS;TT@fF9-gJuw$M4>n?Bt<$ zql7b|{$Ehv+-VP6&7zmO$`}gOZOdd#7yKOmPwe|Lr72oT6{jj5RCwqMY|h+Nv9%#r zX2qJV=Px=wak-Z~d55iobIyl~9VLfFQ`ag5O}`-cdds<|*UyOQ??3yylH^<#={$UT^x`qkyp>II3i=V5T+A0V_G(sKu=uRpBw1Z{tndBtmz|f-wK@4|cGk^Z zZXhpy*3Nvj+q^Cwr-#e51NoY!%XF0el}%!9v6vTOqbgr?`{=&1>TRsHNkZ1!xNNVk zX!*8lmsV%Huz%yG-}SBQ+p~ggznL^|w_4#`z3=S5iQ0FCj$U{%hnMy6D*cic zF80Oq+mCd~D!={1_i^)*fDOL9o#t~+l(6~LZne-l>itgIbA$3v&T~f?_Xuv)I&>}W zsj@G>&dCP{H22s{7kVq~GtqTl-{QL*OYgKB<(-)+**^cPhsDRjKjo%f_3D1n7aaQy z91pKL_Wni|e{JuYhdLYgFdpDG=?`psa&hy;#*VV>$EW>QZ(7MRV{QEEY1Pe64eKAw zt@wSgGX7BMoB&rY8-cWkDi;nizYY7mGtGNW{Mwz$YrYAt?JQt!(f54BxnB10JAt6< zzO3DHt$ep9&Rsdx(fgD7x%owsKKJ_TU%5Tzd|dH1m90%oXtJ^7zO?e}g6dsw_(H2c zFZj9a{hDdoaXZ{PYbFODo_+i+@4`AQQ~g%ICCy*nJSyqs*6GT;&3g8u`!&0={ig)@ z6I2>olQ#bSTQ2kYn%l%zi_1lSMM=n}zx+uyP-M;F*-PPp%`$Yu#I0LS0JM>lk_sluuai}xHLfHR1$LjoziyL46 zdwJ5-B3S&TT2M`C}Yi$X5H=<)U$f_@S|D(_~i48j!zvH=oO$NCnXPeKpPT&ClskL! z7i~+}QTi~<+^pwxz0@r4J@+0?^Y6-^z08;6QsCCG=|%T0G*4V?c=po%mo^v9Yp8zp zY$+8lTC9FZc*?6fkMA0h0#D~mc$V|dV&CEnrKMS}ni-e4Z)QnM@oueBI3Qa0*Wi`y6T$PH+rIhLe|VXslemoa zSj^WmYrE2~&0@1Rhb{V=fCNODQ|e+f7tLg z|K(LH#}eVb9o0G;T5qh=%F2~l`0=jsg{&h-R~>)0BVDI$qQ}DNGRFQ}54?|&|Dd6E uUG2k{3DQEWS@VOUm3odpxRO|U@w1-brHf->g>h71K9{bYLUD11 zZfc5=si~o*f=NJCRDQZbMTuo%PO+znnSOF+g@?0iu$z%rc4cT@x~orEVOWMqWRZ4p zp>cM8d8KnGS9qazsGDVxyK}yazMDmWTaI>Sflq`}a!6@jwrioOc~C)-yFsyMkynw$ z#E;_PrLHMC<)$89Ng098`MFM(r9}oVRW25RVTnCS?Yb;~B-nor44XP4$Dz zb0X5yoYGT+0!xDmjDigf+_Uwo44v~*ON){NLW(RSOLHu^k~4}5lXFb-4YRxq(<_S2 z(gQ-m(~RBHjGQC03VltBiVO>aveT0cD$~*@pJf!U&kL&vD-SNONDZ(w545Z*Gb+eS zb~G?_Gsv{?$4zVoA z3yw+(2~RG{Pt7STC~(4v0q?LPi=uLcV)NkCR7>9+eRKB+_w?k#zK7l;W~Tvmj3kA4|); za@S(>loD?X^axMOOf*alR4|Jw3@J-Ct1yo;$?&T%%J=m%aLO@CcFjw1cGPz^b2inl zkMzo~sxolQ%;yR&^$v6i@U9B=G0yWd^3AOBh|F~|cF``$aZd9#%yZ7mE%nP!DJl)A zazwYTG^)zUI9(wxAR?{QC^5glE4!@F$=}Do+0djsEVIff)X~W|GtJx4EzcrD-@?qu zEs`rNu++mW$Gko{T-!1yD>Bka+pjDwGrZU*BOo^-J+R2kQ9nJ@#NRBfz}t~aS65dd zx7^$~$FDHO$TQo*->}Nt%RoEAKi|i>!on%CEV0lyFC#6(t=zyVOWT(#hT~J^{XI$? z3lmFUZ&OzhTx`Vp;@SF^O9C|}-*z8(^V{LCLU~?ax2CO1+4Y5ruUAW_2OKJ&QPb_H zU=k>=!?dZ-EiNEHRLjfgzVx28eVj`}PrYcqUg_jh-6@#2rK?o+X(;=at^%Izl{2PD zWQWZ-b)DgH%rmXT9KC&FY&GrSPv36-@klFtltoCDlZT^;xsRivp?7XTvUZf0xqel!M`~iA z372P7Nm!<(TZEI3OJ;CzWkzn9wrg@_cxrZXo_4BtL9mHQNrq#kS%_IdF_*5LLUD11 zZfc5=si~o*f=NJCRDQaGMV@Jvwy%+~Pq=}zi*aF5iCcPzVNObAfRA%>W}%6vpFwVb zfs>`HX_8|yS7DZ~VQxs6S8{4unpswkN2RuYUUqg^Zh)CrM5ud3fPT7vWT{uNiFRcA z#E;_P`C&ns?xChtd8Q>Le(7#5>52Z~fmKP)2KmYQmbn$-+BsG3-sLXddG01$&Vfal zepO~+9wi}VUWwYCrY42?ZceGmRR#f3S*ac&nWcHbog9ta zLW3+rT|&LW0*k96oD0mt4Xb>;a?9Mp%nS;P(sDdaGO``H5<`-*{8REhg9BWmax=}m z4U1iiic3r~BV00!{KJ9@Q__vKwM(+{d`*%kpJf!U4>a|yD)zN7&kZXyEOfPW$|wwp zEQ-uD4)k-Zuq?_?@+t|-FxIY2HVO6Q3N8w>2n_c%4)HPzaC3?bPcIJk@pbd{^{gll z*EWtUxAe@*@K5&hHx7+Nj{)znB8#GOh05~C;G*I%(=7e6G$T)o?6CTrg33IToWSC8 zv%I9Rz)Byt$WY^QLwD1RKrVMbL%%|8A2S1wqEz3MqQLy($g+saBv03*f+&w-m+aEg z%Fy6&Pv6{BS9I&rG7}9`0~HEPtHM(9GD4H8j15g4wVg{$^D6u-Ljo<`4ZSVA3p`xB z>I(uZ{VEEKLmaunLrjf4(tHAQBg*q56VpsQvMcn{f=vBW%~A~uGeSH})AP$xQuQ-U zy|U4*D~+mhGEP@;^D{9v_el0k4)D&cstiwe@eB4eH&53tDJU$D2sVq z&xzzR_baJL&abF<3re!c3ot0~4KPa7PV&)C_ALmE@JKJO2rQ_oFp9_u&dv1X($&>f zD2d1|^R6s14AnOADmCzna(B|tHH}KMh^nmeFtYHElJkpMYwUI zNnV&?c0gr1S9nEenQM5mi<@zTTYyPqc0_V&P=$d(aCoG7VoHT`lu=%;dvRrnlZ$KU z#E;_Pz9E67$w?u>Zq7LszJ`9j`aZ!1hDH{SuEE*vS=nI${wW0^#qLS2u5P|u5r!46 znPrus`4y%50f|LsrA`qp#^z}T`tGR_`6(WyiRo^I>7}I}fyw!k;~B-ni=wJhqKdMD zlT%H-G6F&Z0-UQnyehmsL*0^Hydo`glan3I^aJyp6OA3Y!t=FL^DB~~qKtDbjLJ=u zD$A40iV8d`@+$KzGV{zrTtbr!@)Of@99{A!pJf!Uk0>_JcMNilEH^37b+jxn^f5Ne z3Mwx!EHdy8in7#>NDWAg^vnh&attr<%rVV056MdR@-_+&s4@97pr03X{~ZY)_NybnP7P3Vj#tpnOxOq&%bY@Bm{o zkGzV+V)G~yPju_jG7}9`0~LHC{mngmeR3)zf(pF6ywbf4ODl^ai;B}yoRfkg3o9bh z>rEH$t!E;K7NjdJ!Y&vEn02upQ! z&GhB+N%k{M^$4!_Pj_{z2r??lbv85z%J%Th$w>+fw~TUe3<`DEwv0%PFfwuF($&>f zD9&_G&vVX7^e8tA@pp_2GRe&4RXx(Oi7L8noz54ETsN7 zlBX?NU+Z_Y6GVZ|kV0>NT2g8!MN%Gw?LOgh=uJqzfu6;1Fn zx7pex{2;OWanh`dn;370`k5cLT&s|>RkgnE)3a)c<9`)ie%vMP#VWmT_OFDK9yK%B zPsr-LdmX)fx5=rb{kC%^|Nni-ZQ?=Cop1Sa54=wDZJBg?smaY*c`{YHbD1o=7yEmb Kwrq9#%ntzFm1HUa delta 1023 zcmcb{agAewPJLKtwyRrlRD_wYbFqb~lR>JZM{$U=NqKoxU}AbeW@cuhc448ZS$So- zBbTFTc3!Ecep#TCuTgkZRCutrn|?s1OPG69RavEXKvL_SbAdrsQbDCp zL0NE8m``3dS7m{>pI51GaJrj$SVdTvV^OfNcW$^@j+>XKOG=(=k)dyuTUKafQjTx& z#E;_PxmkuTHS-I}{;Q=@5 zqa6M7Jsk^uQhZ8-3v!AB-GUuMwNo4oQ=GFWpJf!UFY(MP^N#RM2~PFR^~-WfFDlLn zN(uKb3r@{TO>xWDF7?cDFG=%Hk92b6D##5>i3ltY^!G6`txDGSNwx@x49oKhj7l{0 z^ep!_DX#KyH*)lGF)?*Sj{)znB8#GO1vl-ABEP_p@GQ^ZP=DjJyvTZUXM+r{2=CGY z6E`<+-y);Ja*N=g0++;0N3M*jya2Y zqoR=9aFZ}+S9I&rG7}9`0~Lx2%SI!%LD%{BwPcOR_Qy z>-}=8yi>BP(zCgoywi#^{DT84gENX9^-D_(eT)lBoIOo*T+5R5vkcNr40C*wgFMY# zGfmK~D~+mhGEP@0t#HlvHq15%Hj2=<%<&2=w=@V3O*O4b3XjqbP1APq^$PU#E-S9g zHumMpGb+jt_6n}AO!0J#@(9h#^T>BGPj|^IO)pGKNw-Lf zNH;ULD9v@uPYTJ_&M~g^D0fP6iS#uq%`5WpF(|jpcJVAK@+kLAcZn$G`c!?D-NfeV z?~cD#DXRZsOl!9)tlC|v@=MrzJI{gN>3@ooTMsF)C}e$SDf_eRWo@HUI1cSG08D{p<)r`u;Xu-^K;yU8xdq2|Sp??rPIYr;=1^WP^FUU|*p L)+@tb+jao}!(DD^ diff --git a/secrets/grafana/pw.age b/secrets/grafana/pw.age index 53bc965..fb49dc8 100644 --- a/secrets/grafana/pw.age +++ b/secrets/grafana/pw.age @@ -1,19 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA ocbo4VYNAuSMl+cwAnQox8FgSfIIL6EcjEZ2w81Ahhc -D0lErQCzwi9TBMSd6dkqivQ6bHCZrtlkgaTjQVdfAEM --> ssh-ed25519 4PzZog PpuPLWrKMhSn3VFuVe4EtbeHdIGRBPsN42jJqP6vJnc -lHF5+sdN8B/2Iv9kxt0q7SsRm0KKmnRYOTj9tQz/aD4 --> ssh-ed25519 dA0vRg 3fAA/TDGslCUZKiYHjm2qZmP2x1w/RX80mAVQD1sKlM -Po0PftPgHBij9jBoj4iCRq6ARmek9ooo9ONFh3Q5kD0 --> ssh-ed25519 5Nd93w lXvLkIuGZJRAvgmvd+SBay7qJizd9UUs3cM5z4Z26Vw -HSohmw9oO2IKdiH4Iu0ZuL56kjpmKJ713sLF/tty/1A --> ssh-ed25519 q8eJgg z7HYPsacyFXBnpIkRFnUSjEavyDG49fIT1VNoLGsCEQ -s56VpGW2ubBAWp5FoHrgQDZySqINJda+44xokM+Kb9k --> ssh-ed25519 KVr8rw 22pOg0xxlJg13RyZqMYakteo2vw/6mjsK8ce26nqaUc -xjJHXIpWQ/Y17R5zUp1hnpIF3zdqkfJIzvgppGPMJD4 --> ssh-ed25519 fia1eQ sFOx3dxfZ5uGKjqVHoW5QcwEIvHja/+uWsZrdnoQvz8 -Kczr+yv3PEmTqDXJ3W7hn3bZ6wrpivhmkrg8fhmOcsc --> ssh-ed25519 rmrvjw 9nQAeB301lCj6p2rnnumD+G3WLjMmZ4NYAY/GFLy+0k -FfnwVEYqZ/odWg5NOeizDMCkRMLiNQBtpW7ko4pgmGg ---- k4P7z8pNs8T/QFPUfC4E7/FjsbKzhiM26rD7YcJ39uo -M{$lG=59}qޯP (wJKcT e [Aw;Y \ No newline at end of file +-> ssh-ed25519 V1pwNA Je94T4psgEbYV6YBZ2BSQ4JZbKubHtPEKNuVjL9CaSk +Fp8uHwymTnjkFQBfezrFj2ycXsYrnqqW2+KeKfsjONY +-> ssh-ed25519 4PzZog paDltxaTs3odGMIkWFMuTfe+LnO2RqvRTqAi7pK8EB0 ++ZtGVOK71gSGzgY6nSlDT32Q6IQFFvZd8xMp42GD/xg +-> ssh-ed25519 dA0vRg 2ZGLw9dW0qbzkJb+M1DhhEaW19VaPdgy9YvzxeEuZzw +Gycx9hEatq1jOQpE7EqF4G8y3+XvRnIC8oNK3hJmOzw +-> ssh-ed25519 5Nd93w uyUnDy48bjq4cfG/HfIF57bnCxNGSFze18MTW2XmDmc +TWCJRIC3J9KyjbCaM/WmCoD0x2MtrGGKVgHCA/TBe0I +-> ssh-ed25519 q8eJgg qPb7JIMkwOWIWw4yIhQku0u6d09QqFKtOXx1gC3XowA +8+YLpW8xzEzq02zKFhlbjOggEWfMZ6j2G5RGIq/TE/o +-> ssh-ed25519 KVr8rw zcZRh0qTa55ENUWXRIPk/kAv3tKB0+anEQ+IuEhsFjY +8oN0U8jD1BA07XOS4idvHgu8LA7/E5aciLZOshsZJJY +-> ssh-ed25519 fia1eQ gkdxv6Uda41PT9GhALDwPCfzzSiCDWluZG5m3WRwKAQ +5YSmnIYFXmBgTur0Z7PcLOT9ANvLJgIech5gp4Pqwjk +-> ssh-ed25519 rmrvjw H0ZmvmeUIpb4ZAUvh+7k47mUmZidcsKxDHC2oC/100A +IjYufbdJxMMANqicCHQQAU0Vh/NvROfCfaxJBM3rai8 +--- TrZyyHaK0o4ot71wVxZzBT+3mVrVUQ3jKv6FuWNO4Mc +R3g GVgX3cP\ygqqҷ"KO(. 8ͷ&3p)4:MRSpK \ No newline at end of file diff --git a/secrets/ldap/details.age b/secrets/ldap/details.age index e693051e00465c8a64053f9f24556c374deab8b5..4b5366453d97dd98d38d344056f76678a605f2d3 100644 GIT binary patch literal 1637 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5w9LbMXu= zG%PmpEDuc!N%8isEXs;-G%ZN43px*oOI)mQg?knm*Pt8#N6-# z<1lXzOQ(YLNY|)BcQ=<@vm#56a9=L7!rc7gq_WJ^%#;wvN;89q6eA5iPOp7dWbj}U-P0Gk}$u+BTFEtI#F|16@O)+rvh$<-2PctYA zh&1!kclP9R&P&U4HF9++E%mdAs4{dmjEwR$j10>tGe|0_G|kJ;OmYp%^Gr0W@W=3* zcUX}{QMp36TS`h%K~hw>M`=oWxodJ>ilbkkV@Q%oU|v#aqHASwuwiJnr;D#qo&}eu zdxUnrNq|RGWO9acZdy)wabC7bgk`9cSDv?lyGvAIR-$KcWMHUsFotbunTdv}feMEC zd8Qd*<>l#KW|dhfg{cPlj{26Rex=Uo{w4Z(9t9;4`Ua(@0Rd^Dj$EN8rK#!ZDOH|s z+JzpT7KR~#MkOhse!hN@u6`aCzQzR=ey&c%#t~(hA?aD==v(NhkYk#YVN&W?8I@k* zSs7GT;GF3c>Ywjn=xUJ6l@eLvWag1<=o##q9%W?eo9URW zo#$teni$|8o>~>`>FW_vn3@!np`VeA9&e>lRZhm~3Zdqij-{#P{uRMx?mmeT#m-ep z7A_$<9^r{W!I5d1{>d3x?wOvUY2|szT$wJZh8a$k=1$pR+DU~Tfg#~(#ZFa`fhC1S zr6wjp6&5~*CECfR`dL*b=(c$z8Dtg&DwGEsga(+UIc8>RaZynp+weFf32MJg7V)$bw7u=)tSpjni*Fyr#jIb#?N)wo;AB z$G?dOENh%xBB*ldIQQk&hsWlv)6)H=?Xs$Ru=`VcqCe2JtH(#!kyYF|!oOnIH+CI6Xt%5ak ze#TDU8FTz#(saL5{gq2{li#GIN%8B(DIG6W*LWV>e%$-`hl!UQw*HE??)Em^cj?#J j?T;qj?Ney~=I%dB-n-i%I`8+ZZ{>!Yp2*#OGAR%Mxoj^4 literal 1636 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5sb3@{4rL zF-Y=G4RuQnFw6|ejLP#fFE7rraB)pf4RLjKOsy((%d9YVHsK0LbT3bJtO!dhDGbXt z3U*8jh)N1ED$0t;cg=7QPRVsK%5teJtH|~abVRq!B%mrPKV2a=DlanA(BHkHAkV-# zDKoOfC^s-AAi_H}FDuy5!XVPwv&t;jydozsFPqEA&&R}E-_5kZ$0wl3-A_NvsG_vU zGt)3RD%Zf(EjP;9vA`oFF~6)_-xb}q6i0)ypmYW2Y!^dM!!k=3H}7nhVqf2otgIq8 zeW$31vQ(ecVE;lh{p`q8N0TDU@O-W!ZAZUiZO?oQ$1qnflYo?vFq0z7WS@!*S2JU; z^b!{zgTioc*UV7ABnx!gO#MU3|GJ+#^d8LygLVb1KrzTwTf?Eh@8JGb~Fp%DqyHEBrjQU2}p8 zQ=L*%{6f)fE3`=UN>5kN_D<0*EzOT~&W(yP$aJwRj!2DgH}j4(H>h+ED0DXP$uTQ0 z4slK~sVwF)@Nn|?&h<<#cD1NA!mzwNGqS|8B-5}cz@#cIGTF~K%Fx}{DFh=V(=rncQv($u zypuDulQWH@vfT`m)6z1s(j0TMQ#{kMd{YWNJu`CLi;M~*OfuY)JwmyX0`rTb()F|a zQr(kW^aINCOnmh7vO|lKf-Id1O#>}UvjWTVU7h^Q(lA2Ov&zx8&{3hn&?GRZ*x$TF zyUI6A-@T;R#49U2wW7kZ)IT*Vz^BC6KPjxLFs&ja%af}jz%AFmz$?EpH^RR%I4vV5 zF+|_9!X!1jGNj6+EYQ2ysUoj5J3k;i$P+yzOQWisjMEj$(z5gPJqt<#yh>9HDtt=Q z{j<}ZEpnoAbNoZJD+h#8oH9N2y_`Y{vivN)4g8JrJ&Q6; zE%o#L12SAgD=JJXv(kNhQZQ`uNHWMQ2vmr0FEQ6H%h4{%%CpE#$xQQ3@k&X~H!sTz z4);s)sSK?2%gN5na4ilCHQ;g!E)CE0D>X|@DK-gCDarCH%QbZg$PRY5$PO_rF!S+9 zcP&bG%1VhU3q9l7!YOA6dl@Edk?nCN3}o@)^p8J<#=o6i*#J; z@1E=$O_?d)o1ZWNRjk(&`2QIuQEu6k)zICBg0kEUgR^=j&l$Lh}Q><}vdID3oK7mW`_)BmQ* zHFD0$T4R3ew&c6zYI26r+|@r^zkm9-RnY36EwkCSR&BwWmmZmGIpjo|q&>TtL)V|s~S(4TGg`D_~-!e<5k?nsg|n7E?$;>sn~{L56mt*>uC*_Oa1IAzXR-`#Vb zNOsN8KD1G4#*&`G88ww2%1jd;3DhSad@^(0Nrqn>uDaq;oS)_&`(>0h>BYK#O8dUg hxqok`$O4<)zur!{?&2L(Ic34TEpe+vCa*a^9RMJ`HvIqq diff --git a/secrets/ldap/pw.age b/secrets/ldap/pw.age index 5d9f2304154db371fa3af01a48fa7cee3ae59a37..2b4c4c079968029196cd027d40802a3db2b97084 100644 GIT binary patch literal 1440 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5t--_o_0f zGW7~eGR+N*@J#me2n{N=EVcA4_bd)h@eem~&WbdubWF-NjN~$`$~1@wP1g=^$_V!@ zGW0C3a?H!jDi6+eGOH>L4av_i@G0=gG4%1xPe!-RB%mrPKV88w#H6IeDa|suq%=Pu zJUhrJCCke>Bsa%2&8;#(JHS1pA}H89#I>+2!;vdJ(9EqWvZ6dEs=U;@+&$be-y}J$ytI;HN5?c%H&3qQ@G3LY!jb|fQ?IDP;<)3P%S%!7OkbMv_z-O2-VJu*`&Eko0NvdcovE3(5Qs!9q%A}k}#i@gmkiwezB zOnjo!ibK(DE3`=UN>5iXN-YeiGzoPH$qIzpBhBG1)mFJtDxPz#!ZyG9BG-X_<+JseuYE z28m_f&RHJ5X#pjE#wNwi6(va_p4kOO;okb*`WfD#q2+l&#Z}slj_F*%-X8ja`kvuo z-lZWvX&L?@21%vi>1D-5PQm8IAr+Nrt`(k9&e|DK!Nusdc~&|47CI`Jr5R+G1)F<% zCzj?q89OEhCj~@BX*;L*<`!iJ`+4PfnERGz7!(;^XcamS;fU>+o3sWPD zsJukaP*WpcFHh|p$E?CEw@|KP3-`#P5Z|C&W8biJud)zJ=VX_N(8OG$)LiGv5Q|ik zNO!N)B=>OFJQH-=pdpzZXi->P6zE@=ZERFgm2OmEQj+aaVxHyiotYmLXcA%R?p>9e z7g28EXu@R{R%}+Ho#q;5o?7bb<(QOP6`5;TrCnL%o<7?l-KmS5uOT@oIi6w0Nm ztE&*@WNKbyQ0V0p<{a!9RZ?6MW~5yeRB0GwP?=)r<{26lQj+eO7?I*qWWY7|!fMS$ z-eH*$MtgLFKAt=9D*kNBB7WhOm%Dn7RmH6UC-)n8Y*787Ve$J_r%s%c0=IxR!?nbqdEUOwtESwQote{LvU%k`wepWCj?cu- zaunq+PWbjV_qm3~45{u9Z!Nb9h@O90_xAFkAG#;LZ2$Vw{@Up@S&4X`gvst%2X$-D MZ>_N2;KTR;01_7Q0ssI2 literal 1440 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5uwvEDi`N z@ej!J3-hS-FLce!atteV4XJSU$ubK!b2Kq8jxq^xbksIh9tH48}d^9(QbiHeAf%yzcO3NkBC3PiWfB%mrPKV2ccI4aX9C$})SG(59B z%fdA;(jX)%!rk97DJw7_HKo$4JhIBvU0XjdsFQi;{!=@-r%f&0Ldx zeazh~e8Rk(4boCvjeNP%%*sQ|A`N}YExnAYBEwu#42+X~41xpQ{T5kt4)m&WcP;cU2{SXZD0M7xa*fQ)h$Zo(A~!PB$j7ieGCRyDz`P)}z|bwoKPb~T!WYA~w9G`q)IbGe zb1w_CvUD#qk7Q%N05`MB$O=a{^PH+gr_6xFfC^tD!?3hav!v1r_jE2xOP6eSlawsS zf*fs^@Bn9vKo`TrK#P(J_lgK3ub|*67vrL0SF_9_k79Jcc~&|47CI`Jm>C2nM--Xo z8XEegE~&zU+9*YlUib&7+PND zZRY3ZQ<`pQ>6YRckZDkyVi6TuY+f80QW46PX_8T{?-XX_>=6IQBk8B|^#QIhBp zk`wM@SXPqZWmx278D356L(;9xG{DQFq`bl?G}Fh&*dVB)(!-+IE6>Q+$t^j#AhM#$y&%Io zE6*>?m#fex$|Ez^vdBLtBF!Mr&m!A6IXk^5G{`+YG%7pQBFW#+#4Ox1Cnwm@giBXf zSHasL%d$Aztt28OB(2QH(J&}1(aAH+u`)B&BPB66JkZPA$k@rmBr(&#g3BZJNJ3$s z#G@r*89sqq)lcj@Z?~|{(tS(D)sUk*U4Gsxd#}EgpVQ=)W3c~o!|B)7Pq{e9nfaHr zwn^^@q~&mOgTG+$-jLuwJDXPjPGoxTnrpmB_@HE6a-a}j zAM27^Gv{trvrw4OWh~6jz;~HnKKF%0VBTWByMONPI3ea(XCL4qbjNSz!r-3zzxC5= K8H`z91_1!IZrpPK diff --git a/secrets/nextcloud/pw.age b/secrets/nextcloud/pw.age index 98b1e9a..d1e20c2 100644 --- a/secrets/nextcloud/pw.age +++ b/secrets/nextcloud/pw.age @@ -1,20 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA MHUOcqeJDIssKJltAjsvWURE1DqJ1ey6pkLvLHJAtWk -hQjhau12rn66Ub6UAtG8TZ4lB6QAo4b2rutUOams3FQ --> ssh-ed25519 4PzZog gr84HXoNDyPZQJPDVCKO4R3d81wuznjW/0GjX+qdqlM -ibouoWY1xjMDEFsnSyu3Sm8owZpHcHpSWoU9yeJ9uOs --> ssh-ed25519 dA0vRg B6tUnzySxNAu6y+BI/GzkQrcxJby9AkMCiaHw9h+tWI -xlJg0NR2DS1T3pPSqVcSObmE4g9NrH1Qm0FWMTjXJ/k --> ssh-ed25519 5Nd93w fk0dRqO+p5Di4viidYPit9H8OKITR5IlKEb1Y2m4WDw -Qye8lfTf9y1Cpi/usPPk4ekMQUDt4HP21RrMeRyqdMk --> ssh-ed25519 q8eJgg 7t82641gHHp1gZW03+CeDGxpWAk9mtacNR1d3f1GcFE -kiP/KgZ3HnNzdxtTEODLXVH8VYHgfYUVIAm4qvjdLjs --> ssh-ed25519 KVr8rw RE4pXGAc6EqtU9O0IYQZ0OMwHvtMHij4x2ZjNTzNly0 -G7bQD10CmiEj/jPEwNYUWk3o+HdmBMFN2L7MUyeeeWg --> ssh-ed25519 fia1eQ HlPonZtDSFpYlfeUnTZCP4aRtSlg82orvifaMbdhHXU -ty95INO0wifV3qzmsVdwU6ME9HmK6LuYfcSjlLAHrAM --> ssh-ed25519 YFaxCg bG3Wm0GEjdrwKBs/oCeUBktQnclkBmFhwHCDVeP2YGM -ArdeYouDXiGDYFcDJqy0H9Ie0NZFvWRG5/VrHoeUPGg ---- VH7sefkXHZVY8WzFUW4NyPGRZ0Nbcx1rPfFtRCQgXtc -EBv?\nWVB -I"l".f.}nX焫vbNKJpmnZdo; \ No newline at end of file +-> ssh-ed25519 V1pwNA wC7Nch41YKEjrwpf/sDR+SUWKm1porqP2DyQhz/MLh0 +Mu8NGcxWphZZLgb0F7h10EJGCPiontn6y2lWNSldNGw +-> ssh-ed25519 4PzZog 6H6fsEDq6xiIkmIy6gUUGL+Mm03HSEaSGnjel3EO8EU +xzqv1RZijhQqeiWIFq7ReVzh2JLtBoo9HmZJ1VXrMPU +-> ssh-ed25519 dA0vRg UC9Vm0pLH8N9XGxKAZ/3Efe/9SRvx/rlxCYx0u5oljg +gF4IFYdCIXfvPPrOsJFvGMf1PzrSyureKpOP66ZHB1Q +-> ssh-ed25519 5Nd93w 338ts/scFEwjZ+3f4Vcd8C9Q//E/ZGoSxIutAxKgpAo +C0vs3fiisD9FsZ8gYJZj/I81mT3Psw3g1jN5ztyuDQ4 +-> ssh-ed25519 q8eJgg eIHEYfE/50IRNy+gnNmqQD4jtVgJRla4ilAQp2gYfjE +bFNJA6KPlBiZWrB5vjyTilXC+rkW+xqVSWcvHln9H/8 +-> ssh-ed25519 KVr8rw Kq/0pxm2r136ezrKRugC1So2cIIx2VTShPv6WTc6m1E +W7VrsPf9jkkxqndVjrFuGBwqJR3v4hwig7Fed9xJSAI +-> ssh-ed25519 fia1eQ 1sA1YfEKVatTzHV5Wd/tzqwRiIPUBQlfoKZkJpxRYig +lLtPzvg8H0y+FpfGfF/Q5g1nCap1TgW2wipIKU+Q+WA +-> ssh-ed25519 YFaxCg zUYYpsC6BXvPRcIignITwUmvBhfhy9EnxFeCFg1niQk +QcmAhpDajw2lJyttDX9kn+0bdugmYYifSl1esaa3xpU +--- 0sQ4g4YxMBe/VBe39F9ZfwVh9XEOHYHqgiX5oakBzPU +chWp@ "L[)t/+My' +8K[m}q1{]OS%ᙯ> \ No newline at end of file diff --git a/secrets/stream_ulfm.age b/secrets/stream_ulfm.age index 8b0b7e2da6c5fea0910a14441bef7f964a75d556..ee6ab1ca90c527cefcfbd446b361346e0aa72260 100644 GIT binary patch delta 3124 zcmew*@k?TYPJMxKqKR8xRH;j_Q@D9ms;_=(Nu^nGN};D$V0y8!ez3PkvPGqlwtrEu zE0=##NKR2olBKtCws)pqm}yyrd2WtVRH>J9T19$@NxE^KbC7v*x|@4hD3`9CLUD11 zZfc5=si~o*f=NJCRDQaGV^)QwafL@lRYjS(L0*==uUn9Bcx1A9UXZ!3S&~;+XrM`I zvUh-~wtlcHm!-Z}qD!QuQ=yAnW?G`NUus6AYm{Y9m}hE!P?UdeMpdbIO0H)}vaezK z#E;_P*~MmhOedCVAPD;~B-njoq?6JbZ$x zN=vgsjl#{s+{!(?Qp&@;3xfju3oUc}v^_)pOv3XWv)x^}qRbtALvu>aj0;i>vdc@; z!hEwM)69*Wqe_d)3M~B0!oxg0a*e&s!c5X9pJf!U_e-xz_cE(64KEBb%t$s*H}wd~ zGcpc|3JEC)3`#L8OHPS0Gj$5g^3N>hDho;s*3M5c3CR!g_RBTRE-%aWj_}TKHS|k~ zEc7(?EQ%`5O3ceDPR!3oj{)znB8#GOg`oUgL*GQB(ulNdV~eE3?BMzo!(umm|FUpn zk79G*$TV|{BG)`m({yj6K(6qpB%`u$s*D2)-I9C*LIR!23sOC!(#*X5DvFC7{ap03 z>XXBLyvmZ3(j&Pl^9(98Jd5;w{Cq6kOUj%}%kmA3B1t^Q(wT^bL10@(IrhuQajH_HfJdD~{3+cJ*;e%`?plu5v7n za8Bnk$oI8$_QpW^~{O#%rnmP@$@uwt@Jj}Nh@^rHL^_S($&>f zaP)R5_SQGdD6O<~&NB7%b~g3&^vgGnG&3-Z^3Evt3C&M6tcoo4Gc+;b;yr9C_UwLj z+ZyeK^9mLp+A+1;v_a$L-z%Z#uP>TfEwcQs^m5MZo`V6)LhGwyR_4@hVO|oxYlR#u zUu&%1$GQhnVQqz}#+8$;bX06k)$g{Obo0;c@UVSCENT}edgeQRTK&Fk!vE|4HfQcz zC>tEIuW*K1*(aIzpEJ7tzyGYoZpAk1&b!hTXNqj2wkUS)G~zQZO{(8xsJlj?X4~PV zUGsL^TLvVpdRj=NQ_iavKWJNucacLUG9N}ek-itxl}lap+_~QJUQ%t$Lrd^2cSVX)8EC{rg=XXK$aU zU@mm5ThKGb^vwCCBIlNK-wN-Z*OUImA*&?TJKyKFr@l~8SN@MgldGW;UPr6W%-j9V znt2}I?=K(t@1O8CUy@i;V!3qMy$$UXU%z5&Yj8i(Z{g#9r0-#zq4!L`r2Pt~g5K73 z1QstkoM(1($(2hXJ!fmSFZ!G$xbgBQs^RYnE+s*qyh(KG$lmYh-DX!<-EdZ}o)E zHT_w%rIr00?`O^R<(Hh&X3AchEc^6@bkx+CO$*#6?q@d5T7TEJ!{N%*9?5GJuMeo5 zQ`odELF6y*jBb~6KN==XE_xI!VA;K;dV+F)&a7iS@t-`C>sDDGk6b;?d!vS|OisYp znR5j`CA$aNT(md%dh$WN-_OYAz8d?l^}Y@1?>_vt4*QfN;C|nQDdNxkt%o8~tyvp9 zTXx4*9)6I}e`TS9$4Neh^Y)*@>zV(pQ++PqQ)HmDBP&_-@Wv_Lb#wouZ`Z%3FE*jz zxE{w(la#9szp9zSjY>U3uI~SPGdVz)t>MJHHr78UTo->0l8>;``(Wxfqh2%A=r|vD zjwbuG*wv2{@6Be=zGiG5w61UQ%vH(?=`!j^#aq3d_bm2Z9MqDWQFTj}g?n#n`oq{N zqf$<-w}ql=AI+~x*!ncTj~1K0Ol!evMwR}8^$YK9jr?ep!fVI7ZqBmolWQ4vuGasW zw9VqF-4dVqeFs?%u>PNUMqeg8&E-Y?O#!2w@u!yBHC-%=E%a2l`BhjkKuR-bPO5oN zL;JpNt^N8;QHi(KtG%B0YtzgPZ&RzSm3uoj+DdSF@GJQ`2F8Bzw)s*Pb3(dD^~Po+ z$rh^}h5S)6Uw9u)lash9cA901SGPwQbIl?71)jGX_Pkzc^Y?$G>zsqF7gTp^EN9MD ztiKTO{rRTbYiGQ+e6rir7d*At$%A?v--aO{?qp4hSWcMcdfQC+j!@sR4~8R z^&g=sT{8`Jy>}gJYqS@beEn!F+nSqvW}n)3eivEN-D~da{6+a! znJ-UWZYwD-=H_a+Y}G~UiO09Yig_ignl~=vV|9OLHE)$csq7hkCB~)B5_=gYu}!gAeD<1r zobc6xX)={Fc8Y#>;F}=ndqU{^-@WyVF3&zRY4feqH@Ci7G~G#8aTV$HH)v{h{>A2`;KI*)8_BJ}zj=Om*v`(D#Pt_vmL+?19`<;>`rs`k&BR-OBGTLZY^2|M ztJK$BGw+`Fkg4zAg)KX-GChir6?NOEuaIlyKIwb8V!zUj`Tq~=9_cdj;Q1pWJ?TPF zObG|;=6!Ysi4AuDmX#J5E$eo*WVrH{!-&saap{+xQl6noPJ47`F$+Gfe*e}$S&qeH z?-33E=-MNHY!@}UynSP8-T2F=X;JrvKY>dZwY%5XTjTg)9Bxwvz9lfZ0k67=FQ)0 zr7JJ%9KJGfN{V~^^4S$LSod9amip?)ZylY@;=TXCIrfY5Uv0gg(^uvSJ{7R zrRS&Y-zCVpu<(=QFU#1BMV&g`-ICi1-d09jJItf{Cw;{_k4aAwltN3kx>moI;}kx? zw4c{t^=W~blZ%D^@BVAIbbFz~$s_kWr4Bv$duZED7TLc2lX=Syb?w#eS>}7~g6P^6 q!c!uqeb(Bix-+^h{A1Z=-hD@(9}uqobb6Vi_0co)H3LPGZvp@f&vX?4 delta 3124 zcmew*@k?TYPJK{ec)DY`cS&Vwh-;y?ac+@GWxk1-wttp(QDj7gQ>wFHV18LfSX72b zAXi9*b4YT&Ur2>-L}Z0!PEl2MaFw>ZWmbwuZhCHkk9JO;Wny-SnMa|8Czr0BLUD11 zZfc5=si~o*f=NJCRDQZbUS)YwqN!)5uX#aHRESrVt6P3WWS~K1R9dC8OJaCpUXDw) zPgGcmi$R4WmrIC=Q+{f2nzpC5b7ECPr$1uj9(xlSpO&JjkA&XExjo)y_#=7vt$ zzS-gW<|Q6s#V)y3nTAy*`KbXF!NqA_&d$MA1(mrzg=JZlCjOC=;~B-nQ$2IT%5$?k zjH`-*L&__QwadK1f=iN$TnzHdEBy-sOuT|3Dzq(3vfNF$Oe0hC{cs>q_EN@wlD zjKHW;Cl@D^Vsz`$G7}9`0~Ne|vxA%~A~Ta+Q_B5|gACpBj1r9u@{+@hjUx?`Q;a>* z>P^xUjV&z-D+9TVg7Y(j)6KMl%q`4~jMB|5vvZ7c^%J#|oW1;960=j?OAMWZ9dnFw z+%eKuL~xO#S-C<$rB|t!XGLbNeo(ftah_3FQ9yyGQ)RJnRaU;gtCwqOYEr7Hb9lH{ zXfjuJRfU0XWN^KUc7Z`fh`W!ci%+I|X`xqMo>P%QN~xoFo@JzmYq7agNO(4vuCA_v zXP|+FqiJejn3qLyaHWrDfNz0;uVa>Bsj*{Nm8X|wKvacWrdLvSS(OQwxa&)mDrpVh z8Mo%0^1GsCz;^Fv`^AfFmk!x2{hU$g^EPDl?LU3VmbR)(>LXuD#V$J2@nTMk*EU|^ zXc_K(roKNtef&+?no+~#dUw(c%EFnQMjC*^v;HDDk^^dDkqn>zueHqfW?MijU6h>C}@|Zb44(B-* zgsinlzLWSunBVRHiI{p({V-wo(@w39y3@|Kok==4$&Pzx>^^PB>(YOxD(+X>ZqpjK z`-3)(E=3mCfCHy^pCA47>@HiSytZM=G2h$CcP!q@*LpqnuAh68S0z07 z?4y{M7eA(Z3+CSp+QxJGWLfXA&2ekhpWNWR;nb{=)BarB{@rxD7iWu4&(S$8M- z<@0HiC%eBj6?pi|cC%BjuBDs6i?56v*J{`fF)?m;4|h%eaBZ!7kVm2Udx^)HJN~cU z7Q6EN73RaM{x=lOjn&lo?Ha#|wMQef{-D~i`+tI~_KVnM=tZPIo;X2g$(42i_l*wL zRm*(dUC~Z0E_?Udjq7^VzVnUDp$Vl03F}wdcyeB}+WOFtf#b?1gBqdxpZ(fDUt1*W z^{{%efPKO2T}Et2YcAx6pIgH%{6**O$u<|xU-4I0i7N!ubAj9C(zq(>%EerB9o*3UciO9%ii?c<`!J9vYfnl6}#!|wAQ?Ya0$K( zpL0sPv=)iDo=YI&ThQC&Q|wK`ixiMqG^eJ^WHrvnYXUPwdudeyU4q;`hu62$@)un6|uj4 zVb9RX-XK~YTA!X`tGp>X+P~{P?}#eRW=AuDVu% ziI=K%#3}7ezV@A^xxZ%iyyIIDJOm{`6-_ttHQREw?6d3V)sOGydI|xD)d(aLKI{JR*Nh+KGQcki$UE!<$3D8BvI^Pdsd-etW>+%V;<*zB#%Ej*X9Le8%a>KA8x7T6Y~tg-Uc zynr9y75;o(ZBSWxGO)XrdrCc5?%TE+evMytQsF*a_6zP>Y&nsu8AmDP2G-X$yj)p?b__WSFmTMVUrZ*DhgYaZ2= zicn?hy!N}6D?s}mhx>{7Ij?*^TCM&l@_D)ayPM4ScN|f?uI^gZ6e?G9Bv(7Xo}24q zgbc%Rg(zNwRSzO&yMHS&UGr!{o}c%uo$c{KHL`)9c3zB`aX0-<<|G-d@5eVxS&$Hw zy4_iHlfwcNC$3=2zeNYWv0Te8-hQMi`sSR43C+8^dY;O}d5cHK6$HCI3GTXJ_EBk@ z@q(~d&vX~@F}$0X{)qL(&x@fyE5x%el})aHA=kK~HJ$(2+b3+(>vg?;Zhw`trasoY ze9ws_)&=@oW-aGenKAXTbM~oUbsCvVJVLJAc2Aqc_vVHSlN0x)*>R24`_k6UKDV$% zOJ`*(oA=BkCFifSJgq;`d$QNxT=l(5-sQPVaub$G8X3$~GFf%}wdkgYEvkF>UEh0{ zamM-=l_B*#S;;#>GWBAZv+l*U8#qMNa^!rKoW=dtM2=m4Nq-Y=h$=z5|m{VF#*RID=pzwC=C7vvX3yzEO@@NlM}Mn=+Q^|Hy< zpKsk~SkbQ#Wi&maf}`!=(dZ(fKAqpULoa%}=q9#CH%y=Lt!JO5hxJdppJpN7)~zah zTlA5|jB(mudBMLu@y8x}+&q8VIOyS-S-;jFHkvIkS7ousGHZP{(WkMojm#PKS8nLb z89#mHpjEQ-z1zmTi=V>kC0AQU_o;WCePC+xJnQ>cX}7Im=~2SJtVJKYueX$C_}z2k z%ZJ5bz1sZyG7W_kt)=!g9ZuNP5x4)D%egOSOGC_S%HA#8cl(6l!HYem>z9cgR6U`a z`t|Nii#c`iYxc78vhG`XwB^qUzfO&SM=JG88wCU3UOQ%(u;J0yjeN{n9nbddJ7BAu zBQv#{W#;KkO>dg+zMOs4IOXGm14n0uER{9*t)^U{SZRN#gw4)P?ryq7*4H?Wb({QN zXch#YoLCcL+V7LI?$Ht^fGb;H&NAin}bLFUn3v?!9fili&E}=Khq-RGG4^N4w&?-Oq@~%)Pdgb?v>C z_6rx;t(7T05^(Hel(}WnYLL!+)4Y<)w&;N)(E^St3D94n0w0n z_@qA*Hg-PmWHCyR^qmtU=*$)zW>)u?P3iyS&kjoW+e@Rh-Y~9|vhnyO9 i({o+oR;+#U>B5|!d9xU}7y5_FC)7X84vPNAEdu}|Notz_ diff --git a/secrets/wolves/details.age b/secrets/wolves/details.age index a3a0a76dd0cb098f8a5a344fd726b3397dd7ab3f..ba63ef50500c5cf9031eb33b181d4a67af0d7b77 100644 GIT binary patch literal 1461 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5uz32r~>b zH!gM!iPSDG%*hH%%(L(;^ht3sD+w;H$Sz2BDl~AiaCS3w4dn6;stPC$4lFkJNjEHa zDkv`vNq5T$&rP&2DXBD1EsZj)$PNxmGN?){HbA${B%mrPKV2cqDKgKyD%ZQvusEqA z!z0qQFx|N@%stSvDl*s4DN5fcFU!$5F*7(QG?`1^J0Ku9(8A0wJ1f7~GR-yFGcv@& zv%)h!JhRx{$-lD1w>Z@_&&4tzHyz!!6i0)ypmYU&r%3+*6EokWfROaG;&jJKUvDD= zmvrN-h)V4u!<>xBf}DWNz;M5yuyn49(xB3);9?J_DAW8*{mepr*C4~(Vvq2&BrjiW z&yuo$L>FI|>;ThB|7>*IO#M5kF^-WF8aCfvw3kj$)$}TT8HE}ohE;dfe%*?R#w{$m4&vlAQ zF0ab53@_$#GITWyG|^8q56N=YH}uN%)V45Abgjzwj4IF2b}uwF&+v6D@lEpaNDM@` z%{#2fqNrRU*t|sB)2A%Nup-;lKd{Is(IYoX+u0?@G$f)RsW8MfvCQ00+cU%?)j5Joh%cCSL-!mZBxvId`v9us0GRGI)wzSMd!_+_p zcO%~n|DY6;vSbVG(%{0NvLZtxXP;2_JlCx9v^o+bTvxq9ks;X?Rl#r_6ENAZu z!|+mV(+rRNvUJ0ORG&)caA)JB5HG{9Aoqgwz=|N}TsI4J+dQireG45GvLgZ`46}?1 zlOsyQ4Z_N$wFYY2F3yIfi*&UfP8wLB_tu zPRNujx}ra}5ao~5O}LFxMWRe7#uf!Sdm#uc8K2F?|} zg%(j2jwW2Dg?YYd24y9tg(lAVK2Zj4`Vs#5ktV5O9)=-qSx(tzVP2VuWj?;fl?Gh8 zy1EJ}RjyT*;o6}_;h~uo{;7G9Np7JQ9?q4KL81PY+9if*+AiTq#$Fjg0R~*VcS(22 z?9yjib!=&Y;OXqY7xF!yWiQNZHByHam@m^!oK~F|DUn#JTc>Td&owWndx(y z6mwF{Zf)4MYKx>`B!|kI$;PGgRYRs0s!W>j@>%>IM!Ag>`MH#AZI}JJcp~LT*fNRL zOE;K&Z4Akub4T~m`rfZ|Z*BR!H}hGj&ylEQ9=#EK+t+L8|2b-xF*{Fc-h>C|pC6r~ j_2s{+&-uRv*@ngQmguoBsL_6tR2Z;v+W~2@SdKaXb-VCx literal 1461 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5!uEGz`m( zF!e|?@$<6C@egxKOfxGl_6w^pN=x%G3@rCfch)ZOPcip!P3F>fk0@|1af%Ac$}g!5 z%_#{eEDA4mOmj8yF7h#U^))i|O-=Ihb25!|E=IS_B%mrPKV6|TGRRZAFtoxbv!FE4 zHPq8D#WSoR$JejQC_O08sLUuoJUuZn%q=-3+knf{pfJ6_!mltmIIz?=CBLe~+qJRjY*6i0)ypmYUu*W^f-ocw~!FsGd2upCq4On+~; zoWvl{>?GfuBK-iTG}Ex;^dk50bQ7+8?Qqw?h@cSP%&eR$|KNfgCu6U|sM5mV46i6l zmw?=KfBoQ0k4U#<0|Rv1O#M~S{ za$TH_O45=XjY4uN-8{K0ib|a$bDaXrGRxDGJc4opk_&u1Q#_L*os*0Vos#lXN{t)? zGCeX1!yM6VE3`=UN>5j)N(n4*Oeri340aC;D9mvSOEUH-clJ)o_J}G>&oI#TGBr1_ z@YK(7cQW8|iwZW#FfBZ8BO=SY%(XZtqujmR$=#yVr!qMz(zV3JM>{t)!`Yz3HN&7JJjj)1}a`*v&0GFry^h+|4w?MBCe=#3UrcqB6-RJTN6N)Y;KBDWx3UwzSMd!_+{9 zum}T_u-vrd6hn^+i%3T^%jBfssB%L`x8&4};;1ak;HqM$h_dv^(!g>qm+V}Nj3^_c zko@v&zg({pzYwEfvz&+`3s=X?KKUbx6-I8C*yR5ilA`g5W}j9)WC3Wm#PY% z(jw1D_nc7A0{5WYq@qak?7*T(i=3bwzi?l!DzoG=gVNkWcSi#cZ5PK(Q@23Z{X9KOeT_>^(%rla-HeP=%S#gj zDl*DVGBZtGj14f-Bs3&Lvm=bcQp|l4-J=}S%iMxO^s~|}@|`Ta-LgxHBF)XiOkDJh z%R^0aD^0k3GE$N}yo1V(jWbdW0t+LHlMJd7^P(aw!rhERf=t~r%u)(+vV5Y-5-qrN zb#)a2{XNPIi_ODbiYxTZObxON15MJyf_<|Mi=6|~3LQ)GLJP_QQ+z_4@`|~#0`7Il zxv Date: Tue, 5 Nov 2024 17:39:56 +0000 Subject: [PATCH 621/826] feat: outinul.ie now has ssl --- applications/acme.nix | 4 ++-- applications/skynet_users.nix | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/applications/acme.nix b/applications/acme.nix index 1cf168d..62f97d4 100644 --- a/applications/acme.nix +++ b/applications/acme.nix @@ -32,13 +32,13 @@ in { defaults = { email = "admin_acme@skynet.ie"; - # we use our own dns authorative server for verifying we own the domain. - dnsProvider = "rfc2136"; credentialsFile = config.age.secrets.acme.path; }; certs = { "skynet" = { + # we use our own dns authorative server for verifying we own the domain. + dnsProvider = "rfc2136"; domain = "skynet.ie"; extraDomainNames = lists.naturalSort cfg.domains; }; diff --git a/applications/skynet_users.nix b/applications/skynet_users.nix index d186092..b17c731 100644 --- a/applications/skynet_users.nix +++ b/applications/skynet_users.nix @@ -86,8 +86,8 @@ in { services.nginx.virtualHosts = { "outinul.ie" = { - forceSSL = false; - useACMEHost = "skynet"; + addSSL = true; + enableACME = true; locations = { "/" = { alias = "/home/outinul/public_html/"; From 2728487448e203544c28c463628356f12a33efff Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 6 Nov 2024 01:25:57 +0000 Subject: [PATCH 622/826] fix: this should get some items built and deployed --- applications/acme.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/applications/acme.nix b/applications/acme.nix index 62f97d4..1031cf5 100644 --- a/applications/acme.nix +++ b/applications/acme.nix @@ -33,12 +33,12 @@ in { defaults = { email = "admin_acme@skynet.ie"; credentialsFile = config.age.secrets.acme.path; + # we use our own dns authorative server for verifying we own the domain. + dnsProvider = "rfc2136"; }; certs = { "skynet" = { - # we use our own dns authorative server for verifying we own the domain. - dnsProvider = "rfc2136"; domain = "skynet.ie"; extraDomainNames = lists.naturalSort cfg.domains; }; From 19a0b8044f16e2b464368cccd193b11edbe6bb63 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 6 Nov 2024 01:35:23 +0000 Subject: [PATCH 623/826] fix: force ssl --- applications/skynet_users.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/skynet_users.nix b/applications/skynet_users.nix index b17c731..2812bcc 100644 --- a/applications/skynet_users.nix +++ b/applications/skynet_users.nix @@ -86,7 +86,7 @@ in { services.nginx.virtualHosts = { "outinul.ie" = { - addSSL = true; + forceSSL = true; enableACME = true; locations = { "/" = { From af1535b7dcc99cc5e75a44e5edc9e5b0ebea96f7 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 8 Nov 2024 18:23:16 +0000 Subject: [PATCH 624/826] fix: backup of all teh email dirs was causing conjection issues --- applications/email.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/email.nix b/applications/email.nix index 003580b..519f3e0 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -202,7 +202,7 @@ in { config = mkIf cfg.enable { services.skynet.backup.normal.backups = [ - "/var/vmail" + #"/var/vmail" "/var/dkim" ]; From 7799bda982d7d5a4c87d5d5eb2fa0d66abb02bcf Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 8 Nov 2024 18:24:13 +0000 Subject: [PATCH 625/826] feat: added Shay --- config/users.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/config/users.nix b/config/users.nix index 659b6b3..0a705ec 100644 --- a/config/users.nix +++ b/config/users.nix @@ -66,6 +66,10 @@ in { "amymucko" "archiedms" ] + # Committee - SISTEM + ++ [ + "peace" + ] # Admins are part of Committee as well ++ cfg.admin ); From 67c3787d2ee2df6536b5ffdaf503c3a749f7f20d Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 9 Nov 2024 01:22:41 +0000 Subject: [PATCH 626/826] feat: pre-added the api key needed to access more resources --- secrets/wolves/details.age | Bin 1461 -> 1589 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/secrets/wolves/details.age b/secrets/wolves/details.age index ba63ef50500c5cf9031eb33b181d4a67af0d7b77..c8a6e84828c9f124f6ba4bfef1be26e74bfa0a58 100644 GIT binary patch delta 1469 zcmdnWy_IKzPJK{NS#nl(n5$trfu&aNmr;)Lvfm>!!WoEHQp0T&SzQ3DmIhU@TLUD11 zZfc5=si~o*f=NJCRDQaGd#Ou6SXgRaL_|n-RlZMfid%tuP?4pvlX*~;Wn{8TMR16= zXR3dcqkEtyS4yapX`+FvUut@yk5N=uW@4^?qGd+5X^E3_hN-Jlgp+x4fm2>VsBeWMIEHY0{POG%cwoEHBC@Kj~ z56(^rFb(!_%1FwyEH3oS_ArSwa}UnuDo-l(jZ7>{FY^rus?0E`%+hvE5BGHmO?FAH z49^U(^fga*3JXXIG08SSj{)znB8#GO1)p4_$XtDYbKkPcDr5KjB-i@F6h99meGAjv za<{zPU^An9eOHfyO7EaxN3OzxAX6VxZ*y}eFa4aHNaIA0q5{tnU!NkgV%KbsY_o!Z zq9Rw%OhZ?ne01y5G7}9`0~I1e5)Je#!`vd>T{9wra|+W_d=s@T&4TlM!#rJ6oJy06 zOuYg#1AR-&TmrdLJcHd!eN2kOvx`lAvYZObEqol4b2A(b%L*+WOP!rd!-Eoia!Yfa zeLW{9vWVAf`}>%=xpMSNUf~I2ISXrIx3g>YL^HY3I3CSeQh*Rfcl8 z7UsGXnG{x-S{mo%_$THW6}x+R0~$Sep{Ff1xCOf@gh zD$X&o@Go%+&NA>d4vq>eC`+qwtOzL%FE%wT2+a41Fw(Cm=d$oH_je6StT4^?^@%Vn z^GxxK@X8JKEAtESb2N)Aaw##-H4Abn^z|((28UdZPeqk$U`kT1sij4>QBi(*x~X?n zevV^#S#nmQX=y=mh-W~lVU}-{M?P1fwyT?^mxpOiQn5#PhES*o*TPGvw+N}yv}V3MJ~cagcjeyV3q zl3BfFUXXu8dZHs&fst=}R3X>Ksj1IY6EE#o5A~nvaQ^PALwQkY<}On#MN3VR3M&3R z5beGlbn<(E#lHUf(ziA|2?BxF7B5wMTn)WxRd&!2WDN(7ylI=DA9gb%kxHm)di8TWSD9Q}dUJa*2NauiEc# zj7wdmwDpqKV>jpCIZHPGXA#`5A=J0m*<*&p;=d<1RX)uXywRg9nOA&V@Z~Pus2dTF zB7Se#GArrBgs<5_XUn7RxJ}uid$COGPGHEAw15hQJ6CO=ZL3I$*Z=L1<|yOxGP|Hx zM#l51S?~78ZqprJY~c4VT|IkUPcff)>n)eb zH!gM!iPSDG%*hH%%(L(;^ht3sD+w;H$Sz2BDl~AiaCS3w4dn6;stPC$4lFkJNjEHa zDkv`vNq5T$&rP&2DXBD1EsZj)$PNxmGN?){HbA${B%mrPKV2cqDKgKyD%ZQvusEqA z!z0qQFx|N@%stSvDl*s4DN5fcFU!$5F*7(QG?`1^J0Ku9(8A0wJ1f7~GR-yFGcv@& zv%)h!JhRx{$-lD1w>Z@_&&4tzHyz!!6i0)ypmYU&r%3+*6EokWfROaG;&jJKUvDD= zmvrN-h)V4u!<>xBf}DWNz;M5yuyn49(xB3);9?J_DAW8*{mepr*C4~(Vvq2&BrjiW z&yuo$L>FI|>;ThB|7>*IO#M5kF^-WF8aCfvw3kj$)$}TT8HE}ohE;dfe%*?R#w{$m4&vlAQ zF0ab53@_$#GITWyG|^8q56N=YH}uN%)V45Abgjzwj4IF2b}uwF&+v6D@lEpaNDM@` z%{#2fqNrRU*t|sB)2A%Nup-;lKd{Is(IYoX+u0?@G$f)RsW8MfvCQ00+cU%?)j5Joh%cCSL-!mZBxvId`v9us0GRGI)wzSMd!_+_p zcO%~n|DY6;vSbVG(%{0NvLZtxXP;2_JlCx9v^o+bTvxq9ks;X?Rl#r_6ENAZu z!|+mV(+rRNvUJ0ORG&)caA)JB5HG{9Aoqgwz=|N}TsI4J+dQireG45GvLgZ`46}?1 zlOsyQ4Z_N$wFYY2F3yIfi*&UfP8wLB_tu zPRNujx}ra}5ao~5O}LFxMWRe7#uf!Sdm#uc8K2F?|} zg%(j2jwW2Dg?YYd24y9tg(lAVK2Zj4`Vs#5ktV5O9)=-qSx(tzVP2VuWj?;fl?Gh8 zy1EJ}RjyT*;o6}_;h~uo{;7G9Np7JQ9?q4KL81PY+9if*+AiTq#$Fjg0R~*VcS(22 z?9yjib!=&Y;OXqY7xF!yWiQNZHByHam@m^!oK~F|DUn#JTc>Td&owWndx(y z6mwF{Zf)4MYKx>`B!|kI$;PGgRYRs0s!W>j@>%>IM!Ag>`MH#AZI}JJcp~LT*fNRL zOE;K&Z4Akub4T~m`rfZ|Z*BR!H}hGj&ylEQ9=#EK+t+L8|2b-xF*{Fc-h>C|pC6r~ j_2s{+&-uRv*@ngQmguoBsL_6tR2Z;v+W~2@SdKaXb-VCx From a1c9125397ea55068d6b88246edc05adece033c5 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 9 Nov 2024 16:53:54 +0000 Subject: [PATCH 627/826] feat: pre-added more stuff for the new bot --- secrets/wolves/details.age | Bin 1589 -> 1907 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/secrets/wolves/details.age b/secrets/wolves/details.age index c8a6e84828c9f124f6ba4bfef1be26e74bfa0a58..e49dbaf6751496f53506cf637ff4f353f3f93b39 100644 GIT binary patch delta 1790 zcmdnW^OqGMBEMLUD11 zZfc5=si~o*f=NJCRDQaGd0tX(SzxwBQEq@id7furkefwBwo#O2WPoc~WQwt;PpG3o zWLlo5Q*wDSS8`&eOQmUmM^0W~glAc)S7K>KL9(`UVoFM-flG3Den^hCxwf%|S+J?^ z#E;_Pf##;+`TC}oMM>tCmBxAA!S4B`=DGS=rB2yF0dARLA)aMnxp^VZX?cNM-lnN# zeksL4X5N|ReicpzE+wv}PA;Jlei0c#m64IIS&nX=ZbhY$rd8RK;~B-n{hiW1b1EWC ze53pcQ%Y#gFeR7N4y#q|M zoQ;dkEZtJla=e`^eY0|t^u0>VeT?&+y^PW)pJf!U4^N4T^iK`+at{ctG%76$&JHj& za1YL{%Jg&d$f>l5uqX&9j?(tcH3{_PDzeNs@(#=o2=;MKDfe_Q&MnI{GAS_h3G_?U z_YNp2@r_7}a84<3P6;hWj{)znB8#GOg}i+460^!YZ%3zyuI19a=sG7}9`0~In00`xud(u0g5DkGholYR5UbMk{j9Rs|43X}b_%!|`A zOr3)>lL|ZxveLPXopOA%{as9oBi)V7J-mDhOOp$O{FC!Sb1jVXa}or^MggCp4lg&C=T=$+AG(SU=C-6WuGNQB_XH=?WHM z&f1m{MJ0}2$szg1uAUL~h8abU;ZA8@ky$BGsgCAV?#9{vWu`e!ZlPQyQJ%(O0XeRQ z78MZ&=^?2W*-l~lA?6;HVTQ)ZMy}>*W^RcdMHUqS&KTBtBpGBD1S$k&mKN)~L|B#? zSU84-1iOZs6uS7Oh8Ttxm!^bgl(~nSnR-^02I&WTx-$!i zrJ9GN`#6@Q7p579S%zw7o91N|mKX-Pgt>x4t~5Q-)7-+Z(6QKE-!~)2sM545F(4&5 z(9OlC%)KhG)I8BI#VNfgtTZs4%gfz3FVoPsIJh{#qBPUXtTaETO54&gBcRgRGa$Dj z*S|E>G$5cL*(1V&OIKG{p*+(kxH37#-^10(%Ph^&*~ij7r!3MW*(=d9B0SG5Bs9gl zKF!}T$R{|voa;<$V#MZtN3jgkQ#0Mq9cfIG-ZH!J`RR?SVoVQwjDH+!Z$AFi?OXev zCjK>C*ONrdU0n3uGqbG@*V(Z^XLXRYgznPVf;kaMch%Hy#;@6(Udypdx>hyx!SU=5 z&m|Y%x@qR-@QCC0te(4Hc<1Qo?v_u^l?xJ*o?EYFbba;YL(vt&PVD9%_RrQcmA$pW zb>+5$ntv6)&U|35A^D-e^uNg5uD@~*XC7`VaQwWZN@Z_iQixReS;LwO_1v27M;}+} zp0ru#I@_;MQgy}ElZV~6y=>6FlWe8OCi}0W;RHvnrRd^Q+*_GV*K2cKWjh<{vbe|-|ien+zWY0xU)1u=&E&CYiPuYA;T`+JPDSiqtD6%5s4 zXBIE9-~U3ZT|wL~WJ0?81o3+7jIUMKAJ5smc2L^FCC( zmEaN*K2`bg(lYi#|GL&Q?~_0HD`sincF#tuyW-b{&4X6>M(+xUogWwfE%B%+quS9~ z%y!cC!nfB?IO1Kh=F{d4SxKfFx{qkz^*`?!t2Sr4`D7;6sH*Gt?uf=)NJY+PWlRGA D!%U$3 delta 1469 zcmey&x0PptPJK{NS#nl(n5$trfu&aNmr;)Lvfm>!!WoEHQp0T&SzQ3DmIhU@TLUD11 zZfc5=si~o*f=NJCRDQaGd#Ou6SXgRaL_|n-RlZMfid%tuP?4pvlX*~;Wn{8TMR16= zXR3dcqkEtyS4yapX`+FvUut@yk5N=uW@4^?qGd+5X^E3_hN-Jlgp+x4fm2>VsBeWMIEHY0{POG%cwoEHBC@Kj~ z56(^rFb(!_%1FwyEH3oS_ArSwa}UnuDo-l(jZ7>{FY^rus?0E`%+hvE5BGHmO?FAH z49^U(^fga*3JXXIG08SSj{)znB8#GO1)p4_$XtDYbKkPcDr5KjB-i@F6h99meGAjv za<{zPU^An9eOHfyO7EaxN3OzxAX6VxZ*y}eFa4aHNaIA0q5{tnU!NkgV%KbsY_o!Z zq9Rw%OhZ?ne01y5G7}9`0~I1e5)Je#!`vd>T{9wra|+W_d=s@T&4TlM!#rJ6oJy06 zOuYg#1AR-&TmrdLJcHd!eN2kOvx`lAvYZObEqol4b2A(b%L*+WOP!rd!-Eoia!Yfa zeLW{9vWVAf`}>%=xpMSNUf~I2ISXrIx3g>YL^HY3I3CSeQh*Rfcl8 z7UsGXnG{x-S{mo%_$THW6}x+R0~$Sep{Ff1xCOf@gh zD$X&o@Go%+&NA>d4vq>eC`+qwtOzL%FE%wT2+a41Fw(Cm=d$oH_je6StT4^?^@%Vn z^GxxK@X8JKEAtESb2N)Aaw##-H4Abn^z|((28UdZPeqk$U`kT1sij4>QBi(*x~X?n zevV^#S#nmQX=y=mh-W~lVU}-{M?P1fwyT?^mxpOiQn5#PhES*o*TPGvw+N}yv}V3MJ~cagcjeyV3q zl3BfFUXXu8dZHs&fst=}R3X>Ksj1IY6EE#o5A~nvaQ^PALwQkY<}On#MN3VR3M&3R z5beGlbn<(E#lHUf(ziA|2?BxF7B5wMTn)WxRd&!2WDN(7ylI=DA9gb%kxHm)di8TWSD9Q}dUJa*2NauiEc# zj7wdmwDpqKV>jpCIZHPGXA#`5A=J0m*<*&p;=d<1RX)uXywRg9nOA&V@Z~Pus2dTF zB7Se#GArrBgs<5_XUn7RxJ}uid$COGPGHEAw15hQJ6CO=ZL3I$*Z=L1<|yOxGP|Hx zM#l51S?~78ZqprJY~c4VT|IkUPcff)>n)e Date: Mon, 18 Nov 2024 12:16:31 +0000 Subject: [PATCH 628/826] Updated flake for skynet_ldap_backend --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 2c4fae8..4c66b31 100644 --- a/flake.lock +++ b/flake.lock @@ -946,11 +946,11 @@ "utils": "utils_4" }, "locked": { - "lastModified": 1727122069, - "narHash": "sha256-Dr8CxlBbw5vKL2sH0QiJPWIxKX7KFxg+pdPWSKqJ9FY=", + "lastModified": 1731932013, + "narHash": "sha256-T10JNkkBeAS7qzuvh0ZraApyzpj1xv4/ikmYSdUpKno=", "ref": "refs/heads/main", - "rev": "aa0cfc017d3b70457c9fc34cbb296351aa5373f9", - "revCount": 233, + "rev": "00ac57de634314d9f1e914e5bafda4e1432e2a3d", + "revCount": 234, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/ldap_backend" }, From e012fdf3a76986b1ef9c1682a0b1604b95460c44 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 18 Nov 2024 12:06:40 +0000 Subject: [PATCH 629/826] fix: ensure ldap can access values --- secrets/wolves/details.age | Bin 1907 -> 1943 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/secrets/wolves/details.age b/secrets/wolves/details.age index e49dbaf6751496f53506cf637ff4f353f3f93b39..5173592c9b3681b5df999d7bf2b42ba8193ebc7d 100644 GIT binary patch delta 1826 zcmey&H=TciPQ7HR6vq>NQ6g- z30I||TdH4{erSb-c~xn)YgMXirM{D=M}CnO--wET(qkygCaeQ z5?xZlT)oY!e3C*!E3#4wjU4kMOHM0mt?+V-@+{1B%dE_E3h@X_ zDGG@+3&}Dw%s2D$EOOSi$TTSn%g!<3G72fnboTQwHBR+U(GCiAO0RMZswgWr)6Or= z^Uw~-&I^q+F$xXx$SHM1j{)znB8#GOg^KLds`6m3oWPuH?MPEMbMJb~uwqje3&(P& z(h{RoUjsisGYhu>g9^W@d@g?%LxWUN0;?jaDzr1|kqLlDTpQwKiR#cB0S2+Fsq~_x!%mfH89`6Gq57P#KO}rsWdMqLc1v3+}I_M%eOQy!!sy5 z)yT6lB-64m)7U_}EYv04B{j&qz{1@3G6R%Kh z-$HMbAlHJRkWg(`!>G*4@SwERC@+`v3QK*{%3!1Lis109bgqIz3lEcEkIKq`l+0@FLL{3WGv-qsV->pin>KVsOa0qdKVcv7VGDw zMW$J#1?H7iIT~enCpmKI>gp=Eghdr)him)jCmH0Fn3NP|dgU0Dl{)%*l^eJfTUvy9 zSeVyG`C6tJxMlfrt)2H__oZ2lnOPp!JHG6gCN4f}??v4+(cSlFGx{x7TJ74jb(yS) zfpm~>1+Wno(@4Csf?M*gzTy3y%_2CXqHRTD}nhS2OO1OAer|7)dcI^un zk8jVnys$Lo*Dc13gNM1YPfR;zbURz<_*BLn+rK(Lsi^0(z2Q~5XUUS97yGQ#5AGCg z{imREMlWwtWpOu8Z&GP^es7R>+qH)#YyEF$i(L#cI?C}$`q7*<8UoQ17uT1Xu24Vt zYq`-uwMPsS_XS-MU$FkG>BI|{c0T|0Nj+}Qrcw=`isl;WpW7bK{l)$(rtP!{HDdOt6NX1aP59puVtHZ_?=y0 z5&zU=n>`nG0zGyes5zNic+Rv#S?`Ih_H+H_Q-?kEIWDy?vN&_|%9`1%4k~Zj^Zqwa zW>PxW*lm;6b?2AU%HPKlfA3cP!NAz!{_>sXL2K9TbvE3-rxL6zw`%L0ez)$gl=zYz z3=V4RSbTiG>dV=rc5;yuVwuz&Trmm_G@Am-|oa*wqgs;qGMBEMLUD11 zZfc5=si~o*f=NJCRDQaGd0tX(SzxwBQEq@id7furkefwBwo#O2WPoc~WQwt;PpG3o zWLlo5Q*wDSS8`&eOQmUmM^0W~glAc)S7K>KL9(`UVoFM-flG3Den^hCxwf%|S+J?^ z#E;_Pf##;+`TC}oMM>tCmBxAA!S4B`=DGS=rB2yF0dARLA)aMnxp^VZX?cNM-lnN# zeksL4X5N|ReicpzE+wv}PA;Jlei0c#m64IIS&nX=ZbhY$rd8RK;~B-n{hiW1b1EWC ze53pcQ%Y#gFeR7N4y#q|M zoQ;dkEZtJla=e`^eY0|t^u0>VeT?&+y^PW)pJf!U4^N4T^iK`+at{ctG%76$&JHj& za1YL{%Jg&d$f>l5uqX&9j?(tcH3{_PDzeNs@(#=o2=;MKDfe_Q&MnI{GAS_h3G_?U z_YNp2@r_7}a84<3P6;hWj{)znB8#GOg}i+460^!YZ%3zyuI19a=sG7}9`0~In00`xud(u0g5DkGholYR5UbMk{j9Rs|43X}b_%!|`A zOr3)>lL|ZxveLPXopOA%{as9oBi)V7J-mDhOOp$O{FC!Sb1jVXa}or^MggCp4lg&C=T=$+AG(SU=C-6WuGNQB_XH=?WHM z&f1m{MJ0}2$szg1uAUL~h8abU;ZA8@ky$BGsgCAV?#9{vWu`e!ZlPQyQJ%(O0XeRQ z78MZ&=^?2W*-l~lA?6;HVTQ)ZMy}>*W^RcdMHUqS&KTBtBpGBD1S$k&mKN)~L|B#? zSU84-1iOZs6uS7Oh8Ttxm!^bgl(~nSnR-^02I&WTx-$!i zrJ9GN`#6@Q7p579S%zw7o91N|mKX-Pgt>x4t~5Q-)7-+Z(6QKE-!~)2sM545F(4&5 z(9OlC%)KhG)I8BI#VNfgtTZs4%gfz3FVoPsIJh{#qBPUXtTaETO54&gBcRgRGa$Dj z*S|E>G$5cL*(1V&OIKG{p*+(kxH37#-^10(%Ph^&*~ij7r!3MW*(=d9B0SG5Bs9gl zKF!}T$R{|voa;<$V#MZtN3jgkQ#0Mq9cfIG-ZH!J`RR?SVoVQwjDH+!Z$AFi?OXev zCjK>C*ONrdU0n3uGqbG@*V(Z^XLXRYgznPVf;kaMch%Hy#;@6(Udypdx>hyx!SU=5 z&m|Y%x@qR-@QCC0te(4Hc<1Qo?v_u^l?xJ*o?EYFbba;YL(vt&PVD9%_RrQcmA$pW zb>+5$ntv6)&U|35A^D-e^uNg5uD@~*XC7`VaQwWZN@Z_iQixReS;LwO_1v27M;}+} zp0ru#I@_;MQgy}ElZV~6y=>6FlWe8OCi}0W;RHvnrRd^Q+*_GV*K2cKWjh<{vbe|-|ien+zWY0xU)1u=&E&CYiPuYA;T`+JPDSiqtD6%5s4 zXBIE9-~U3ZT|wL~WJ0?81o3+7jIUMKAJ5smc2L^FCC( zmEaN*K2`bg(lYi#|GL&Q?~_0HD`sincF#tuyW-b{&4X6>M(+xUogWwfE%B%+quS9~ z%y!cC!nfB?IO1Kh=F{d4SxKfFx{qkz^*`?!t2Sr4`D7;6sH*Gt?uf=)NJY+PWlRGA D27jR8 From 70a83bd97b17d185fb0a4a8bb0e5e760bd8ecc68 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 18 Nov 2024 12:14:45 +0000 Subject: [PATCH 630/826] fix: ldap has no need for discord stuff --- applications/ldap/backend.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/applications/ldap/backend.nix b/applications/ldap/backend.nix index 180221e..a24f259 100644 --- a/applications/ldap/backend.nix +++ b/applications/ldap/backend.nix @@ -40,7 +40,6 @@ in { #backups = [ "/etc/silver_ul_ical/database.db" ]; age.secrets.ldap_details.file = ../../secrets/ldap/details.age; - age.secrets.ldap_discord.file = ../../secrets/discord/ldap.age; age.secrets.ldap_mail.file = ../../secrets/email/details.age; age.secrets.ldap_wolves.file = ../../secrets/wolves/details.age; @@ -69,7 +68,6 @@ in { # contains teh password in env form env = { ldap = config.age.secrets.ldap_details.path; - discord = config.age.secrets.ldap_discord.path; mail = config.age.secrets.ldap_mail.path; wolves = config.age.secrets.ldap_wolves.path; }; From 2d9a3cbd11ec1a1e5edc0770147557a5c744f168 Mon Sep 17 00:00:00 2001 From: sysadm Date: Mon, 18 Nov 2024 14:40:07 +0000 Subject: [PATCH 631/826] Updated flake for skynet_ldap_backend --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 4c66b31..d68f875 100644 --- a/flake.lock +++ b/flake.lock @@ -946,11 +946,11 @@ "utils": "utils_4" }, "locked": { - "lastModified": 1731932013, - "narHash": "sha256-T10JNkkBeAS7qzuvh0ZraApyzpj1xv4/ikmYSdUpKno=", + "lastModified": 1731940725, + "narHash": "sha256-W909eUlyTlvS/ty5Ns4p042NuSMppbC0N19zGpVCG0w=", "ref": "refs/heads/main", - "rev": "00ac57de634314d9f1e914e5bafda4e1432e2a3d", - "revCount": 234, + "rev": "0b397369d185edee7d890f09786fd3450355d89c", + "revCount": 235, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/ldap_backend" }, From f92fea12241de908752206791749de471883271a Mon Sep 17 00:00:00 2001 From: sysadm Date: Mon, 18 Nov 2024 16:26:58 +0000 Subject: [PATCH 632/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index d68f875..59310c8 100644 --- a/flake.lock +++ b/flake.lock @@ -926,11 +926,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1727651998, - "narHash": "sha256-2YtDLIxtaA/BN8g1nCx753OYs/+4R0etW//j2d5UWjQ=", + "lastModified": 1731946960, + "narHash": "sha256-Uw19Q4RG25gG2fqWrr2tIrXM+gp+SEb4wHOeDk12pVg=", "ref": "refs/heads/main", - "rev": "80c9191eeec29ba20ef4084713eca7fe0cab7412", - "revCount": 151, + "rev": "d8d4bbd706594726acb63e2415428e90fc77e2d4", + "revCount": 156, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 111c77aa61d8bd0a1133fe754ca892724e9f0f38 Mon Sep 17 00:00:00 2001 From: sysadm Date: Sat, 23 Nov 2024 14:49:58 +0000 Subject: [PATCH 633/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 59310c8..478b8b0 100644 --- a/flake.lock +++ b/flake.lock @@ -1072,11 +1072,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1730578917, - "narHash": "sha256-ByFTg5oIkGCFORnV3dnN29UFVHjrUefQvjUTE0fa48E=", + "lastModified": 1732373358, + "narHash": "sha256-r4VUwCzbh59wDj8fYGWwrqLqCMxQ4UB54kPBPWx+tQ4=", "ref": "refs/heads/main", - "rev": "0262d4dc8f22898d53e12d4dbf41e46af9c81014", - "revCount": 113, + "rev": "3ca52f0a3dc81c73b11565d0f3611a7e0a4e1ca6", + "revCount": 114, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 249addc5be691feb08728a1e8ef4ec5b4fe41172 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 23 Nov 2024 15:10:45 +0000 Subject: [PATCH 634/826] fix: seems we really have to use this format for lfs enabled repos --- flake.lock | 48 ++++++++++++++++++++++++++++-------------------- flake.nix | 8 ++++---- 2 files changed, 32 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 478b8b0..833a472 100644 --- a/flake.lock +++ b/flake.lock @@ -985,14 +985,16 @@ }, "locked": { "lastModified": 1727122068, - "narHash": "sha256-KeZxFw51lKC0MQpai1HbcWSGmxEbG1Si6gBlyOzP9nQ=", + "narHash": "sha256-C+PD6NveB9tascXQ84rekqlDkSNwe1mFhzZXqVlNvuQ=", + "ref": "refs/heads/main", "rev": "d6b13f9c6e0a09346e0e210aa1733a7258e13763", - "type": "tarball", - "url": "https://forgejo.skynet.ie/api/v1/repos/Skynet/website_2017/archive/d6b13f9c6e0a09346e0e210aa1733a7258e13763.tar.gz?rev=d6b13f9c6e0a09346e0e210aa1733a7258e13763" + "revCount": 28, + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/website_2017" }, "original": { - "type": "tarball", - "url": "https://forgejo.skynet.ie/Skynet/website_2017/archive/main.tar.gz" + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/website_2017" } }, "skynet_website_2009": { @@ -1002,14 +1004,16 @@ }, "locked": { "lastModified": 1727122067, - "narHash": "sha256-s+K1bZsYxeBrsus4vjNeGxljUj/Wtb0qYQ+5xNbZexQ=", + "narHash": "sha256-AAj5tmfT8IuAvgcMjlIjf5CD1LNC/gDCvFRt1NAedPw=", + "ref": "refs/heads/main", "rev": "a9f125fb750f33747d28271bef3b3425563096a0", - "type": "tarball", - "url": "https://forgejo.skynet.ie/api/v1/repos/Skynet/website_2009/archive/a9f125fb750f33747d28271bef3b3425563096a0.tar.gz?rev=a9f125fb750f33747d28271bef3b3425563096a0" + "revCount": 15, + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/website_2009" }, "original": { - "type": "tarball", - "url": "https://forgejo.skynet.ie/Skynet/website_2009/archive/main.tar.gz" + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/website_2009" } }, "skynet_website_2017": { @@ -1019,14 +1023,16 @@ }, "locked": { "lastModified": 1689960297, - "narHash": "sha256-Hw/9Bo6YdILbbXPymkfiMaah6/t4w7h3fYeUh1+PBe8=", + "narHash": "sha256-+43nNv4RSQMXMRGdN8xVKYs2B13w5FJtefuykYcpywM=", "rev": "edd922c5b13fa1f520e8e265a3d6e4e189852b99", - "type": "tarball", - "url": "https://forgejo.skynet.ie/api/v1/repos/Skynet/website_2017/archive/edd922c5b13fa1f520e8e265a3d6e4e189852b99.tar.gz?rev=edd922c5b13fa1f520e8e265a3d6e4e189852b99" + "revCount": 6, + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/website_2017" }, "original": { - "type": "tarball", - "url": "https://forgejo.skynet.ie/Skynet/website_2017/archive/edd922c5b13fa1f520e8e265a3d6e4e189852b99.tar.gz" + "rev": "edd922c5b13fa1f520e8e265a3d6e4e189852b99", + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/website_2017" } }, "skynet_website_2023": { @@ -1036,14 +1042,16 @@ }, "locked": { "lastModified": 1696876711, - "narHash": "sha256-gfQFYN5/qK5aqN+nGSfyQFOjOQzahbqTKadra5zSIL0=", + "narHash": "sha256-WdZQBLTX6WK8iT7FwvD6sNEefGwtAWmzxZzCvvmDxGo=", "rev": "c4d61c753292bf73ed41b47b1607cfc92a82a191", - "type": "tarball", - "url": "https://forgejo.skynet.ie/api/v1/repos/Skynet/website_2017/archive/c4d61c753292bf73ed41b47b1607cfc92a82a191.tar.gz?rev=c4d61c753292bf73ed41b47b1607cfc92a82a191" + "revCount": 12, + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/website_2017" }, "original": { - "type": "tarball", - "url": "https://forgejo.skynet.ie/Skynet/website_2017/archive/c4d61c753292bf73ed41b47b1607cfc92a82a191.tar.gz" + "rev": "c4d61c753292bf73ed41b47b1607cfc92a82a191", + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/website_2017" } }, "skynet_website_games": { diff --git a/flake.nix b/flake.nix index 5184299..e600e63 100644 --- a/flake.nix +++ b/flake.nix @@ -47,15 +47,15 @@ ################# # this should always point to teh current website - skynet_website.url = "https://forgejo.skynet.ie/Skynet/website_2017/archive/main.tar.gz"; + skynet_website.url = "git+https://forgejo.skynet.ie/Skynet/website_2017"; # these are past versions of teh website - skynet_website_2023.url = "https://forgejo.skynet.ie/Skynet/website_2017/archive/c4d61c753292bf73ed41b47b1607cfc92a82a191.tar.gz"; + skynet_website_2023.url = "git+https://forgejo.skynet.ie/Skynet/website_2017?rev=c4d61c753292bf73ed41b47b1607cfc92a82a191"; # this is not 100% right since this is from teh archive from 2022 or so - skynet_website_2017.url = "https://forgejo.skynet.ie/Skynet/website_2017/archive/edd922c5b13fa1f520e8e265a3d6e4e189852b99.tar.gz"; + skynet_website_2017.url = "git+https://forgejo.skynet.ie/Skynet/website_2017?rev=edd922c5b13fa1f520e8e265a3d6e4e189852b99"; # this is more of 2012 than 2009 but started in 2009 - skynet_website_2009.url = "https://forgejo.skynet.ie/Skynet/website_2009/archive/main.tar.gz"; + skynet_website_2009.url = "git+https://forgejo.skynet.ie/Skynet/website_2009"; }; nixConfig = { From 872ccfe62d48138dd70c18ab098dfcf943be0566 Mon Sep 17 00:00:00 2001 From: sysadm Date: Sat, 23 Nov 2024 15:17:26 +0000 Subject: [PATCH 635/826] Updated flake for skynet_website --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 833a472..a066b46 100644 --- a/flake.lock +++ b/flake.lock @@ -984,11 +984,11 @@ "utils": "utils_6" }, "locked": { - "lastModified": 1727122068, - "narHash": "sha256-C+PD6NveB9tascXQ84rekqlDkSNwe1mFhzZXqVlNvuQ=", + "lastModified": 1732375016, + "narHash": "sha256-Y+bJw85TNOp8N369OV0VrDdm3oDy8CXG+GUuG6pZjbo=", "ref": "refs/heads/main", - "rev": "d6b13f9c6e0a09346e0e210aa1733a7258e13763", - "revCount": 28, + "rev": "8987e33cb709e7f2c30017e77edf9161b87d9885", + "revCount": 29, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2017" }, From 32ed44a55979baa33f1e939b2cfb9ae734a94f11 Mon Sep 17 00:00:00 2001 From: sysadm Date: Sat, 23 Nov 2024 15:22:04 +0000 Subject: [PATCH 636/826] Updated flake for skynet_website_2009 --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index a066b46..5434ca1 100644 --- a/flake.lock +++ b/flake.lock @@ -1003,11 +1003,11 @@ "utils": "utils_7" }, "locked": { - "lastModified": 1727122067, - "narHash": "sha256-AAj5tmfT8IuAvgcMjlIjf5CD1LNC/gDCvFRt1NAedPw=", + "lastModified": 1732375097, + "narHash": "sha256-LthEi+y3a+i/VNLBlQZ1v9nkffgJMykMjonFtTt8Yxg=", "ref": "refs/heads/main", - "rev": "a9f125fb750f33747d28271bef3b3425563096a0", - "revCount": 15, + "rev": "42a1ca5c83a6c21c734d4cc10eec2b06ae25f7ec", + "revCount": 16, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2009" }, From cd346bb6be4f8a612c94dc993c47a3a9fced588d Mon Sep 17 00:00:00 2001 From: sysadm Date: Sat, 23 Nov 2024 22:39:40 +0000 Subject: [PATCH 637/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 5434ca1..8052e8d 100644 --- a/flake.lock +++ b/flake.lock @@ -926,11 +926,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1731946960, - "narHash": "sha256-Uw19Q4RG25gG2fqWrr2tIrXM+gp+SEb4wHOeDk12pVg=", + "lastModified": 1732400840, + "narHash": "sha256-AueoSQb1hjI4UUIuLnvg1LxwleCKX60jg283rZg7RrM=", "ref": "refs/heads/main", - "rev": "d8d4bbd706594726acb63e2415428e90fc77e2d4", - "revCount": 156, + "rev": "bab6e4fdec14b58112b2328bcc9f0ef809022734", + "revCount": 161, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 8b86b74dc65bfcace08eca439ee8e0ad03201913 Mon Sep 17 00:00:00 2001 From: sysadm Date: Sun, 24 Nov 2024 00:02:36 +0000 Subject: [PATCH 638/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 8052e8d..4f1313e 100644 --- a/flake.lock +++ b/flake.lock @@ -926,11 +926,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1732400840, - "narHash": "sha256-AueoSQb1hjI4UUIuLnvg1LxwleCKX60jg283rZg7RrM=", + "lastModified": 1732405825, + "narHash": "sha256-c7IVTtnb4DS5B62YJzK80E7Hoc780F4AxY3YN5+R5sA=", "ref": "refs/heads/main", - "rev": "bab6e4fdec14b58112b2328bcc9f0ef809022734", - "revCount": 161, + "rev": "1f3c33458e680bfb5ade7e4f5760ffeaff964c77", + "revCount": 162, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From f34d3c10cb493199d8a55a5c99859912627a8661 Mon Sep 17 00:00:00 2001 From: sysadm Date: Sun, 24 Nov 2024 00:26:50 +0000 Subject: [PATCH 639/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 4f1313e..3d7c0e8 100644 --- a/flake.lock +++ b/flake.lock @@ -926,11 +926,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1732405825, - "narHash": "sha256-c7IVTtnb4DS5B62YJzK80E7Hoc780F4AxY3YN5+R5sA=", + "lastModified": 1732407282, + "narHash": "sha256-fBANe3CQGIkAG74lPAjSj7aFvW0AzrUeEeNV2XxVwn8=", "ref": "refs/heads/main", - "rev": "1f3c33458e680bfb5ade7e4f5760ffeaff964c77", - "revCount": 162, + "rev": "ad94b197ae887d8b1ddefd4574b69ebd8d41cc00", + "revCount": 163, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 3c5a3dc84a15fc25f88f589aab53bf3f8a09ac3b Mon Sep 17 00:00:00 2001 From: sysadm Date: Mon, 25 Nov 2024 17:57:38 +0000 Subject: [PATCH 640/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 3d7c0e8..bc06311 100644 --- a/flake.lock +++ b/flake.lock @@ -926,11 +926,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1732407282, - "narHash": "sha256-fBANe3CQGIkAG74lPAjSj7aFvW0AzrUeEeNV2XxVwn8=", + "lastModified": 1732556704, + "narHash": "sha256-Ll4TjmbyJJQ95yPsBl4qBml2xP+kROK7vJZX27Rcp18=", "ref": "refs/heads/main", - "rev": "ad94b197ae887d8b1ddefd4574b69ebd8d41cc00", - "revCount": 163, + "rev": "bf55dfe31e0f2e8e70382e8d00f99c8cd9965682", + "revCount": 164, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From b1dc47c5cb5b7696a5dbaa04ba2f21c2193a91d6 Mon Sep 17 00:00:00 2001 From: sysadm Date: Mon, 25 Nov 2024 18:19:35 +0000 Subject: [PATCH 641/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index bc06311..c14a04b 100644 --- a/flake.lock +++ b/flake.lock @@ -926,11 +926,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1732556704, - "narHash": "sha256-Ll4TjmbyJJQ95yPsBl4qBml2xP+kROK7vJZX27Rcp18=", + "lastModified": 1732558040, + "narHash": "sha256-8BwVv/D0mpXfhS4HTJ0paqSutUgFvg7bBn57DE4g69I=", "ref": "refs/heads/main", - "rev": "bf55dfe31e0f2e8e70382e8d00f99c8cd9965682", - "revCount": 164, + "rev": "68d7b53905215d6ad752a57125fb10b2d7a4cda8", + "revCount": 165, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From f57302ee1af74b0a9eaa61381c9c08ac0c16c0dd Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 27 Nov 2024 14:03:17 +0000 Subject: [PATCH 642/826] feat: added Kaiden to teh list of committee accounts in place of Irene --- config/users.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/users.nix b/config/users.nix index 0a705ec..770260f 100644 --- a/config/users.nix +++ b/config/users.nix @@ -60,11 +60,11 @@ in { ] # Committee - OCM ++ [ - "sidhiel" "skyapples" "eliza" "amymucko" "archiedms" + "kaiden" ] # Committee - SISTEM ++ [ From f5316024d2a29f403c634d22d5d0229d0d31fd2b Mon Sep 17 00:00:00 2001 From: sysadm Date: Wed, 27 Nov 2024 16:06:10 +0000 Subject: [PATCH 643/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index c14a04b..d92adb0 100644 --- a/flake.lock +++ b/flake.lock @@ -148,11 +148,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1730578327, - "narHash": "sha256-+2l8cLQG8rfU8szsLJGTs339Y+ephbC1ByPVkEfi3BY=", + "lastModified": 1732723529, + "narHash": "sha256-8Mb/UlUvElrDJmLGMcce2CR0DhCJHxWeDDdFCc/Ojak=", "ref": "refs/heads/main", - "rev": "b6d9ae059174252fdb683db6f1f17fa3c4a79e39", - "revCount": 108, + "rev": "2b6c47b365e45ae9f8a7f88aac83b60cc423452f", + "revCount": 109, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From 6f09cbb30c897e6b436814bf581a5e3aa7dc4b76 Mon Sep 17 00:00:00 2001 From: sysadm Date: Wed, 27 Nov 2024 16:12:41 +0000 Subject: [PATCH 644/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index d92adb0..39718c1 100644 --- a/flake.lock +++ b/flake.lock @@ -148,11 +148,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1732723529, - "narHash": "sha256-8Mb/UlUvElrDJmLGMcce2CR0DhCJHxWeDDdFCc/Ojak=", + "lastModified": 1732723930, + "narHash": "sha256-25w50gGNTIyPgkcQa39XSFFX8gYVVniL01CX+IXfC8w=", "ref": "refs/heads/main", - "rev": "2b6c47b365e45ae9f8a7f88aac83b60cc423452f", - "revCount": 109, + "rev": "744777c990434c9a84304ce6fd8c4582e6078a4c", + "revCount": 110, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From e97b7ad0c66bf791f26dbc44460d70ac693b6fb6 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 30 Nov 2024 00:33:18 +0000 Subject: [PATCH 645/826] feat: added an api key for MCProfile --- secrets/discord/token.age | Bin 1141 -> 1204 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/secrets/discord/token.age b/secrets/discord/token.age index 4def5264b4f7a371249f683141a0df5e90e9893c..d9fed9a832fb9a80e1bfe719974831b2a0bb00e9 100644 GIT binary patch delta 1117 zcmey$v4wMjPJOn!hf9D-W|UiqyJc2RVR)#QM}b>psgGA$V6tIKT49=BaH(IBg?q5E zFPCq*e}<=zd1+~Wd1-h+MYwjhaiWuPVTx&ilW~ZXr+HP0fp1Qrc6wDnK9{bYLUD11 zZfc5=si~o*f=NJCRDQZbRe6!4zfqY{KyH?2aZ!%ByIWO3iCI9TcTrJARI#6hZ(wm! za%Fg!iHmVES4miMiF1i}siA3ZntyOea%O;=f0d(!r)h|3R9<$tX>o3(X?R$rNlKXG z#E;_PK9Pk%;lZAsMNuZ+C0WkerN)I7`e7M?Io?UBMM=d`sV?aT=9#`JmYL;TAs#+? z#gVRoVeaJ-7RezIuA%v6S=wG6-sZlU<&OSkSt+@dPH7?TLAkz@;~B-nEQ&nyT#G`y z_0zq)OpDCJwJQw6TpdF*z5TOIlT(ATa#AZxL$u95j165( zE!=%wvpoaD(le8*l1nok%bik_or`^a)6yoNVU(!POE1dFNK7?02~8}_&vrEPcg%Oq z^$K$-)=v(J^vf@c3X6!03=XMG&NAW3vq&wE@G{Xa^Gvjih|F>-chB)MGIjGQE02iE zjB+&0E_C;D*LKe`G%`Vt0PnCOi=uLcNXyLP)KZI-5chn2?}E~Nulmq(^9pmHlF0mQ zCkr<(Z|(HbBC{f=^il&?F89RBlHzRrBIlBT3g^<)GLMwX2ODucB z&)&;>KkQw+h(+e?IhzYdXEJ0wo#B^Y6x`B%d~%y@i+kw0dKb2=Cx?~3m)t)7U|-S6 z^O8Rnt*@+lce2}_|Ydk*DqZ*DCa${eCpV|PY+hN zxv{$B|ClZq_H4}t&Q&HSOB$~$R2iPTkP?-{GTYvf$9enSFF_|hvb>+8)$V3w@F-%2 ztGJu+E29fff^9SAx~%vbIw!w!XW_x%8w-}2l^-xZHO1WP==yt?RT#4z0+(hUIGWMA zWctz+`JFSIwJrx9FV&7c+*#25&P*}G$an4G-A3gxu7?XPlJn+m`m^-1#+r*i&y`+M HsLloew_=;v delta 1054 zcmdnO`ITdWPJLRIaYU+XX=FfAXi2$AV6bU~TUw}DQi!=@Nw#CKfkCK~V`8L>o0n%q zF;_~3M`C)hZ>gbwW`&!3dWCU?pOdAzpHD_fV3cuYp07n{uuD)uu$O6IF_*5LLUD11 zZfc5=si~o*f=NJCRDQZbg@2-FW|FsgnWI5vYE_ntn_HSid2yOwrN6ODnT2^&sYifm zl|gt_wrf}Lr3Rt?9wljoA<0F-u9czL9%kj{ML`B!p$54* zfgVK_VYw!z={ZqBrbeM9ZiQLNh7m#O{>k3?rrEx^Sy_gW-UY>z;~B-nJd?|Vi~YPx zjZGtslB0@TEh=10vWlHeqqL2jjJ&d4Oj69sl1nVoLMj8fg3WW1Q+y4=l8wWPEOU$V z!!zAIi`?`5jr{!#{i4iF^uvOEa&jtj3<@WoVU(!PuM93tH4cq(swz*^Hq6)0jwmb( zcMnV}uhh?VN~}l>4+{5BF*h=C4@&3Ca0*Wi$k8`4D$8&)_ROg?2sKQ~3NG=@b1O9~ z^)^pVvk1vIDylFIh=@dw0PnCOi=uLceth`ih&xp|6$bdBe zG{0OU6U!hIbnDVG6Ae=X6|&0%%MvYIlZuLie6yUAqsl`p3|s|q{EX_m1%elN=Q%iG`D%^bnD}2iXLc;a)Tq;uwQbG($%C$qHEOIT2EWC>f-7|{A z^Uk{VFH8zduWp!Sse_A%`eTh~p$E2Em$Mn<(oi;2h1zt$*NuOhAASo!8T!%c6!Bg_&K zJkP6S5AE~$G;yYcDWPdrhg$kttT(%z=tO;h)Abse_R6=r>P zy!(qp_mp>1FTR~Qs~NIS?a%IPYwM;*cUN!r-Tc>Xi7j3ps=6*QxTw#|5zaAT&z*3i2TyM>Pe0NKxacK`qY From ab1c347b11b3efff986985629018544cea97a1d3 Mon Sep 17 00:00:00 2001 From: sysadm Date: Sat, 30 Nov 2024 01:14:04 +0000 Subject: [PATCH 646/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 39718c1..0b0f9da 100644 --- a/flake.lock +++ b/flake.lock @@ -926,11 +926,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1732558040, - "narHash": "sha256-8BwVv/D0mpXfhS4HTJ0paqSutUgFvg7bBn57DE4g69I=", + "lastModified": 1732928719, + "narHash": "sha256-N9m3X802go2otaPatgYbG1kOtaW1StY0XG8aDdSa+Y4=", "ref": "refs/heads/main", - "rev": "68d7b53905215d6ad752a57125fb10b2d7a4cda8", - "revCount": 165, + "rev": "9b3c71e3215b6f525bc25e91c0dc542f5fe7e9ba", + "revCount": 170, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 51ea03ea78f64d16000d66a1f1cfaeb31387156f Mon Sep 17 00:00:00 2001 From: sysadm Date: Sat, 30 Nov 2024 01:23:42 +0000 Subject: [PATCH 647/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 0b0f9da..e9ece69 100644 --- a/flake.lock +++ b/flake.lock @@ -926,11 +926,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1732928719, - "narHash": "sha256-N9m3X802go2otaPatgYbG1kOtaW1StY0XG8aDdSa+Y4=", + "lastModified": 1732929700, + "narHash": "sha256-y2iJpVC34UNYKJOjAg8vxq+Aib42jOPYoTmONDlN0Cs=", "ref": "refs/heads/main", - "rev": "9b3c71e3215b6f525bc25e91c0dc542f5fe7e9ba", - "revCount": 170, + "rev": "68ffa55dc5b48933e38771983e0f87a11a2b6369", + "revCount": 171, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 8970f558214da97d0a01802a6a706958cb536687 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 30 Nov 2024 13:50:46 +0000 Subject: [PATCH 648/826] dbg: add option to test a local build of an import --- flake.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/flake.nix b/flake.nix index e600e63..6ae4c98 100644 --- a/flake.nix +++ b/flake.nix @@ -36,6 +36,8 @@ skynet_website_wiki.url = "git+https://forgejo.skynet.ie/Skynet/wiki"; skynet_website_games.url = "git+https://forgejo.skynet.ie/Skynet/website_games"; skynet_discord_bot.url = "git+https://forgejo.skynet.ie/Skynet/discord-bot"; + # for testing a local build + # skynet_discord_bot.url = "git+file:/_college/CompSoc/Skynet/discord_bot?shallow=1"; ##################### ### compsoc stuff ### From b03c6482311f4879a94caf937891a982823056f1 Mon Sep 17 00:00:00 2001 From: sysadm Date: Sat, 30 Nov 2024 13:52:01 +0000 Subject: [PATCH 649/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index e9ece69..1083040 100644 --- a/flake.lock +++ b/flake.lock @@ -926,11 +926,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1732929700, - "narHash": "sha256-y2iJpVC34UNYKJOjAg8vxq+Aib42jOPYoTmONDlN0Cs=", + "lastModified": 1732974570, + "narHash": "sha256-y7DflW/V4/9Df/0/FncvzBOnEVTK/p4hCh2K0/TCaM0=", "ref": "refs/heads/main", - "rev": "68ffa55dc5b48933e38771983e0f87a11a2b6369", - "revCount": 171, + "rev": "b7d36de976ca8a0e2e9724043b1890e6eb4d3e10", + "revCount": 172, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 8844b1e41323cebb12229d0b1ff3233fe7988e09 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 2 Dec 2024 18:09:16 +0000 Subject: [PATCH 650/826] feat: give ultron its IP address --- ITD/Server_Inventory.csv | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ITD/Server_Inventory.csv b/ITD/Server_Inventory.csv index 5b3d8c0..6c121c2 100644 --- a/ITD/Server_Inventory.csv +++ b/ITD/Server_Inventory.csv @@ -1,7 +1,7 @@ Index,Name,Status,IP_Address,OS,Description SKYNET00001,agentjones,Active,193.1.99.72,Nixos-24.05,Firewall (currently not active) SKYNET00002,vendetta,Active,193.1.99.120,Nixos-24.05,DNS Nameserver 1 -SKYNET00003,jarvis,Active,193.1.99.73,Nixos-24.05,VM Host +SKYNET00003,jarvis,Active,193.1.99.73,Proxmox,VM Host SKYNET00004,vigil,Active,193.1.99.109,Nixos-24.05,DNS Nameserver 2 SKYNET00005,galatea,Active,193.1.99.111,Nixos-24.05,ULFM Radio SKYNET00006,optimus,Retired,193.1.99.112,Nixos-24.05,Retired Games server @@ -19,4 +19,5 @@ SKYNET00017,bumblebee,Active,193.1.99.91,Debian-12,Game server - Minecraft SKYNET00018,calculon,Active,193.1.99.82,Nixos-24.05,"Public Services such as binary cache, Open Governance and Keyserver" SKYNET00019,deepthought,Active,193.1.99.112,Nixos-24.05,Backup Test Server using restic SKYNET00020,ariia,Active,193.1.99.83,Nixos-24.05,"Metrics, Grafana and Prometheus" -SKYNET00021,ash,Active,193.1.99.114,NA,Server Room Network access \ No newline at end of file +SKYNET00021,ash,Active,193.1.99.114,NA,Server Room Network access +SKYNET00022,ultron,Active,193.1.99.84,Proxmox,VM Host \ No newline at end of file From 721e8cf7c09f610fa2b303d328dae077ec39c0d8 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 4 Dec 2024 19:28:38 +0000 Subject: [PATCH 651/826] fix: add leading 0 to allow sortign IP's --- ITD/Server_Inventory.csv | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/ITD/Server_Inventory.csv b/ITD/Server_Inventory.csv index 6c121c2..c4ac711 100644 --- a/ITD/Server_Inventory.csv +++ b/ITD/Server_Inventory.csv @@ -1,23 +1,23 @@ Index,Name,Status,IP_Address,OS,Description -SKYNET00001,agentjones,Active,193.1.99.72,Nixos-24.05,Firewall (currently not active) +SKYNET00001,agentjones,Active,193.1.99.072,Nixos-24.05,Firewall (currently not active) SKYNET00002,vendetta,Active,193.1.99.120,Nixos-24.05,DNS Nameserver 1 -SKYNET00003,jarvis,Active,193.1.99.73,Proxmox,VM Host +SKYNET00003,jarvis,Active,193.1.99.073,Proxmox,VM Host SKYNET00004,vigil,Active,193.1.99.109,Nixos-24.05,DNS Nameserver 2 SKYNET00005,galatea,Active,193.1.99.111,Nixos-24.05,ULFM Radio SKYNET00006,optimus,Retired,193.1.99.112,Nixos-24.05,Retired Games server -SKYNET00007,kitt,Active,193.1.99.74,Nixos-24.05,"LDAP and Self-Service Password/Account management, also hosts our Discord bot" -SKYNET00008,glados,Active,193.1.99.75,Nixos-24.05,Gitlab server -SKYNET00009,gir,Active,193.1.99.76,Nixos-24.05,Email and Webmail -SKYNET00010,wheatly,Active,193.1.99.78,Nixos-24.05,Gitlab Runner -SKYNET00011,earth,Active,193.1.99.79,Nixos-24.05,Offical website host +SKYNET00007,kitt,Active,193.1.99.074,Nixos-24.05,"LDAP and Self-Service Password/Account management, also hosts our Discord bot" +SKYNET00008,glados,Active,193.1.99.075,Nixos-24.05,Gitlab server +SKYNET00009,gir,Active,193.1.99.076,Nixos-24.05,Email and Webmail +SKYNET00010,wheatly,Active,193.1.99.078,Nixos-24.05,Gitlab Runner +SKYNET00011,earth,Active,193.1.99.079,Nixos-24.05,Offical website host SKYNET00012,skynet,Active,193.1.96.165,Nixos-24.05,Skynet server. (DMZ) -SKYNET00013,neuromancer,Active,193.1.99.80,Nixos-24.05,Local Backup Server -SKYNET00014,cadie,Active,193.1.99.77,Nixos-24.05,"Services VM, has nextcloud to start with" -SKYNET00015,marvin,Active,193.1.99.81,Nixos-24.05,Trainee testing server -SKYNET00016,optimus,Active,193.1.99.90,Debian-12,Games server manager (replacing SKYNET00006 soon) -SKYNET00017,bumblebee,Active,193.1.99.91,Debian-12,Game server - Minecraft -SKYNET00018,calculon,Active,193.1.99.82,Nixos-24.05,"Public Services such as binary cache, Open Governance and Keyserver" +SKYNET00013,neuromancer,Active,193.1.99.080,Nixos-24.05,Local Backup Server +SKYNET00014,cadie,Active,193.1.99.077,Nixos-24.05,"Services VM, has nextcloud to start with" +SKYNET00015,marvin,Active,193.1.99.081,Nixos-24.05,Trainee testing server +SKYNET00016,optimus,Active,193.1.99.090,Debian-12,Games server manager (replacing SKYNET00006 soon) +SKYNET00017,bumblebee,Active,193.1.99.091,Debian-12,Game server - Minecraft +SKYNET00018,calculon,Active,193.1.99.082,Nixos-24.05,"Public Services such as binary cache, Open Governance and Keyserver" SKYNET00019,deepthought,Active,193.1.99.112,Nixos-24.05,Backup Test Server using restic -SKYNET00020,ariia,Active,193.1.99.83,Nixos-24.05,"Metrics, Grafana and Prometheus" +SKYNET00020,ariia,Active,193.1.99.083,Nixos-24.05,"Metrics, Grafana and Prometheus" SKYNET00021,ash,Active,193.1.99.114,NA,Server Room Network access -SKYNET00022,ultron,Active,193.1.99.84,Proxmox,VM Host \ No newline at end of file +SKYNET00022,ultron,Active,193.1.99.084,Proxmox,VM Host \ No newline at end of file From e34f93df012737fce0605d8d4994e71fae42b5a3 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 4 Dec 2024 19:32:51 +0000 Subject: [PATCH 652/826] fix: give proxmox servers an IP so they can access teh dns server --- config/dns.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/config/dns.nix b/config/dns.nix index 592ed3a..8383746 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -12,6 +12,19 @@ config = { skynet.records = [ + # Proxmox hosts + { + record = "jarvis"; + r_type = "A"; + value = "193.1.99.73"; + server = true; + } + { + record = "ultron"; + r_type = "A"; + value = "193.1.99.84"; + server = true; + } # wifi in server room { record = "ash"; From 2056c43a02471d1fe22e2bb34c77f68bc2826785 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 4 Dec 2024 19:34:28 +0000 Subject: [PATCH 653/826] test: a test server allocation to see if we can create a server to run teh pelican panel --- ITD/Server_Inventory.csv | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ITD/Server_Inventory.csv b/ITD/Server_Inventory.csv index c4ac711..dfbc30d 100644 --- a/ITD/Server_Inventory.csv +++ b/ITD/Server_Inventory.csv @@ -20,4 +20,5 @@ SKYNET00018,calculon,Active,193.1.99.082,Nixos-24.05,"Public Services such as bi SKYNET00019,deepthought,Active,193.1.99.112,Nixos-24.05,Backup Test Server using restic SKYNET00020,ariia,Active,193.1.99.083,Nixos-24.05,"Metrics, Grafana and Prometheus" SKYNET00021,ash,Active,193.1.99.114,NA,Server Room Network access -SKYNET00022,ultron,Active,193.1.99.084,Proxmox,VM Host \ No newline at end of file +SKYNET00022,ultron,Active,193.1.99.084,Proxmox,VM Host +SKYNET00023,optimus-test,Active,193.1.99.085,Nixos,Testing flake for Pelecian \ No newline at end of file From 9001157fc6def4828b957f874a8db2a6412ddfd9 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 4 Dec 2024 19:49:03 +0000 Subject: [PATCH 654/826] feat: add the new server to the secrets --- secrets/backup/restic.age | Bin 2760 -> 2870 bytes secrets/backup/restic_pw.age | 37 ++++++----- secrets/bitwarden/details.age | Bin 1155 -> 1155 bytes secrets/bitwarden/id.age | 36 +++++----- secrets/bitwarden/secret.age | 36 +++++----- secrets/discord/token.age | Bin 1204 -> 1204 bytes secrets/dns_certs.secret.age | 98 ++++++++++++++-------------- secrets/dns_dnskeys.conf.age | 42 ++++++------ secrets/email/details.age | Bin 1419 -> 1419 bytes secrets/forgejo/runners/ssh.age | Bin 1381 -> 1381 bytes secrets/forgejo/runners/token.age | 36 +++++----- secrets/gitlab/db_pw.age | 37 ++++++----- secrets/gitlab/ldap_pw.age | 36 +++++----- secrets/gitlab/pw.age | Bin 1111 -> 1111 bytes secrets/gitlab/runners/runner01.age | Bin 1065 -> 1065 bytes secrets/gitlab/runners/runner02.age | Bin 1064 -> 1065 bytes secrets/gitlab/secrets_db.age | 38 +++++------ secrets/gitlab/secrets_jws.age | Bin 2660 -> 2660 bytes secrets/gitlab/secrets_otp.age | Bin 1110 -> 1110 bytes secrets/gitlab/secrets_secret.age | Bin 1110 -> 1110 bytes secrets/grafana/pw.age | 36 +++++----- secrets/ldap/details.age | Bin 1637 -> 1637 bytes secrets/ldap/pw.age | Bin 1440 -> 1440 bytes secrets/nextcloud/pw.age | 37 +++++------ secrets/secrets.nix | 3 + secrets/stream_ulfm.age | Bin 3194 -> 3194 bytes secrets/wolves/details.age | Bin 1943 -> 1943 bytes 27 files changed, 240 insertions(+), 232 deletions(-) diff --git a/secrets/backup/restic.age b/secrets/backup/restic.age index 9ac27b6521ab08f3b19d327555252c3928fc1865..75ee0c0091f7e881192ae9a497c868ef1300017b 100644 GIT binary patch literal 2870 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5tlPjmp&z z3NjB1ugG-^NUyA{$aV59NYAWHF?V(~FE8}UGS&|AGRRMKa^*4z4@$|kOw!LyOHIqF za4YfiD)R|QvdpzCFLF&v^vg3Y2s1Qxtu!~SvOu@ZB%mrPKV8Aqywb-o!!$C?G|DU8 zE3D8$+a$n0(f1u(lk8Pt(dDc#NXS)AUV>xqFg`Mvpn3-GCjS@ zP}|Kn&#}xP#5FxEKRqWrB-}YWEg9Xm6i0)ypmc>C%XB|yi?Hx0rzBI4ip~h)`qm@X-81b}CpIm5`ZIPPkpA{HTR_W=J7?o^ZS?X<=6Xcp{l4k5? zXkwY@?#Pv%ZBbfQWvm}y?604ZYmr&(UTEr_>X;nhnC5GgW|W^39#B+L=H!tPn2v6n zcUX}{QMp27YMFkDL3uz@W{8Woc|fXrg}JL=o{^=yrM{1eezuc)xLcH=MMg$iMLAbR zW~F6Bs;{3f$#Wo6D;+1W{cj>TMw{{9)2UM>ax z>EXqOein|NsU;P;W~qkyCZVY*DPj7BeikW#Wu_rXmY(Rg>ANSHrUxoyr=`04=KDD6 zyLshjMrFAABpYQ`CcA`}7Wa91TUg2pG;!_Z5oD`H6 zl;`cCpX8V47+_N5lUnK$<{Iqdo}Fc!9-PjlU!Gi)os}Jx6;N)O>{j7lWn%7E5MWqn zP@Wo@7*v# z(orEVKO!w9$Sgf2-z2%j%}d|V#V|K1#4X6FDBZ}=J)<}z(A~n(JkhYKvYaa=sysa{ z*C5Q>wElYD; ztEvhOGF(l{yrK+E^Nsu>ll=3|Dh*N`U4lI-9bE!FeS*E+T)F(iy*wgJ3>}j*qasZ+ z{X;90^4v3BT+Kr(qI?aKjZN~5&5Auu-5s3*G2+d+&_BdIP{BDpEjX{tI4mL(V(!v*wi&IyUbEQy&^2kf-5hmG&eoj+b7G|EH&HBIXg2uIN!wB z#H36=EIHjPBBH3+J1MBb+tkAs!#2+HJ4CmY+ z_p}hlh{UR-!kjc;^fc*_WRO`9sNj`dSz2mdQC{j=6yX?Fl4+Tq;uYX)o@)`|>KtfU zS>WhunV6gEVr&@h$W>wL6PQz;nv(A2nw;mAo8p;j>0Tb1l#-K@?pIKmT%7CZ@0}TB znrPvSQ7Ri3xe$R27w`78+{%MkM8@xdny$hv-KZXN3A>m!$YtM)_JKMic}E z7lcQ6a+$iBx>$r71o#_dR~nh*2l<#J6`BMGcov#v6<1XF1>||SnEI3k1AI6o-M)v>g^peWVU%qcQiyTHrKC#=FR**z)G5#6>>SF^O_Km`M1 z_b}}s{hV@bH^*StyhK+cqe}lQ1MduflPI&)wDdxk;>3`!iV*EUPp(q0l46q}i{dDg zLca*F@U#?j3llf(oIsa=%21C&leB`wY+r5Dst99Wj2sZ@mRRAOu8{gNzUg2io z928RMo9656W?-3I5R{c4ky4gaoNMWmXc8LWo9dF8%%vR><(cPW9_&^YW4DZouJf`G6< zXRqAcq{t#|Pvf9$H&+*o+SH;f%F;PdAw4O~+25nm)hxNx!zkU^*)Px|E!!k0JuRTZ z!=Td4Hzd)q(7iCj(>U0Kt1Pgppft3k$gjAxs3gtZCt2S!GP2y$qbMN4%P%#vz&tR| z*DTeg%q$oqO%~-Am1UJHL=|R+MLPQC>X%lTa`rANACd!}VYl@wSed$@ROXJt7Bdg@!cg%lMy2N$F|7n>FYr58k&x@8t~ z>FVk#ct%y}2UnJ48VCB7XIr>MrDwYvnY-sFr)ETY8Tos9g!}kgn!A;nI~loh#jKF+ zyI{L+yTydM--~*Vo7IKCXe%lFZ)9L77_gjh4VdvO(vdA_+UjL0_ zrty?g$4bu-g|l0AzvNvFTEBLCVeF%vjDzP&%g?5zbiB#fd+Ti0-~5>mjKnv;E;MXg N;NWu2UrfHF3;>9gvl0LR literal 2760 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5!tjtq4nx zNUCshPd0Wm2n=-z_RTQyG6*bnN;Aqg@J}hOD6z;7_sw&0cjO9nicCqVC@D$I$oGjz z)^;{Z^Y_X(EcS~Cb1TsgEOggSOA8Fh&nO7@_eHnOB%mrPKV8AkF)h2oC)p&TpfWr= z)6X*B*gw3&Ez2O($v4Bp!@R&az_+SgyPz;9ET1bPz1S%=G{d4ItH{ke(ZD=2JITYt zKRqDJ)j!-ZBP_hUxT?~{G$*AzDHPqd6i0)ypmc?T>;MDjumImGPg9rTLT6`3Lo>(x zQa6LJJabFG;;Krws4RDbApQKRELX0I3jf^jN*BMVLih3#i~JP-e)Uq&N^T2|D z%u?TCBl8r4&@huA<6?B%O#MU3<9Nl~@%Kh^zEg~a5LVe700)jKk0;?P|y~3E3`=UN>5j)N{;Z&$|^H3t8~gNG|cf!vIsHr$<9a*)(-b9j;IPtN)D_v z4fAygHZb9;GD`O;EjP^fG^y}6^9jgw){h9x2sAbhO3W%Q$ukbhuXN5YFLlz+^-o5( z%{#2fqNrRUE6p|C+|50u!Y9K&$-~6esU*l-JI~$G#W=UzGcVaEsoWqcz#}N%!q|W- z)7&sP#mm&hBB|J=D%Z3k$f7vRJG98u$JIaE!pkkNGEX}#(Jjc|GsghkwzSMd!_+_p zZA-6o=K!O~g7D;Wf5TEomx$tQ^W=&Mw;ZR6l%y!1QqzdS3|F6=fOG?{jLMSWl;qMB z|G=uSbjO^?AQzt~?Ft{`N*@=;Y`;>o(){!+vpkpVY-3k++w|R&Ow$7uOkAS$OTDZ7 zjY@K&3R9d73iHeI(o-^ua-zzOoZLb(s}f7yj697h%PK9nOntP?3cXzo^IgjWlPywx zGOL`NO$$py13a@lecZFci;A72ax0wO%)%YfZSyP1@zZxyFpcocPft(xE_Dv}O$$r$ z5BG9&%S&?)tO`o4a&`}KN%0Sf2zPU}%r-LM3NNzoN%Bn!C=bkX%kptbO36$!PxC7F zv`A0SF?LI-GIufdP7et*&8)!4Z)HZ229}Nr&L)1Dnf?XlmhR@R1{q;_ZpFEVm0lM5 z=^1A3!TF^*=0O>`Ar%q6W*&}QCP{{&W=4*wj&7lbrG`=2MUFlpp~XenE+MI@{`rN@ zsZmwMDM@9e9+ej8ev1e$ax^Pf&^9VAit>*P^L8r8cS-b0)-NlsG&cy$^Dj0qGt|#5 zbsGPi#@DeYJ{BT#UN>}3m^E59nH`hRy z5_kVfb4%xZAII=8FIR70e-F=`9AE8F58u?lvSf^s%d^VSx6n}`)wIB{%Bk2Zy&#|} zpe!uXSwAz`JTt)8)V&}-L)+gl)YQ!~u%fWSB*K#`)yLB_v82=@(AB%xGSMVQ+rXp9 zBq%gbKit_rJff_u*vK(EJhdXoyb!}Sk0gW4f7=-1e zlskGG6mxl5Mmi!@$l~+}kc%`P5R2b$}RfgpmJNx^jdYBdEV$^S; zu4ZY;feOB6r2&S)Mv(!=7LgI|Sy|!cc}ZDmsg7xp#Q}aP0Y1jr=0={Gm9C)%CS3aZ z7U^yVe&GR8RlbIfIr;fU`h|rVk?94NnSK=p`BhG7xj9A|<>i5fCg}Ms(k-#VIbFdl zygV<}(ly90z|th!*eJ)u->JkkFU2_3HLb|S*Wbt_+al24KO)s9!;{M|%`_`1C^^~H zvdAk%J3T8XyfC0JDcMBdBdR#W&pGpsTrgm7_&r2}ZmXrJYIr*iBcoZdSdz*x&dK(wG zR~c3sSU4AEn0x2=`xbMG=z=BF1%nWXsmnYw6)M`;&&nd`fHxVk3=B&WEf8>Q#@S|%BW zq!;A-`f{DRQtPwu>#48{ye>-aw>#FAFmb9@?@!H}5oYT(*Kf_y<+t_z?oeFDH-+zj zWO(uA+dYe~$;?aH$ns-e+ly%(J6?WP`^>kZPIBX&wO*eqyqb(TvSx3(Rhskjk;BB? z>EBsGzOCzE$nd&4DfIWXm@uzA-o!{n#h7#R%l-NfmPx)&cK@cYy7lVTQi~vaBd(b8 XLjhM$pGuRztdx08*YZ!HOu}ve=g5gQ diff --git a/secrets/backup/restic_pw.age b/secrets/backup/restic_pw.age index d7a4b6b..ea0bc3b 100644 --- a/secrets/backup/restic_pw.age +++ b/secrets/backup/restic_pw.age @@ -1,19 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA d/AgQuQidsB5+UMBxg3/YIA/4EVMF9+BeZrEMzgU52Y -gPmTDd4oeIwwJ5ZdnWp/s6cEupsYPY08TBvmL5fe3NE --> ssh-ed25519 4PzZog iR02KGER5WMrs4djPPpMRc3v5qN5FpcpjTkB+O4GyV0 -ibvzSePq1ruF03QBsHRr40VCZ6ZcnWjvcJzybB5vt4g --> ssh-ed25519 dA0vRg pVsTTA9yknN8gl6K/CkY/HnUc8eW1F/pSqXq/Upq3SE -3ymQH0jBAk9ktwBUvth8G9ZdDzr9Ozqi9YNVB8fyvGE --> ssh-ed25519 5Nd93w fSPTiW3c4va0F5IYoFF+QoN4u1tFGRBrMO9lypICiXo -8MgZPPUXJGGOdmGknXhaV0xgJl76dg9B1e5r0Ud/iW8 --> ssh-ed25519 q8eJgg UFiK3B6YB3YR8fVOWOPLlpGuo5pWpK6b7zteIngC2Cc -K+e9B1V7AdimOMdy7YCJ7tJnHsHoQChAmWmOJDIdwMU --> ssh-ed25519 KVr8rw FeMibaL1ITDNByDL26VRXVz6d2FP13SpKoN87RgTYDo -e0LPmpAe9wRRvgKTYq96Qk+WiUhfixiatuWPPi72Nlk --> ssh-ed25519 fia1eQ i5+7lIZDOm48wywy6CRMOLVhHWnmV71WM0QLSbyhqV4 -S5nAEPHEmAn3AGxN04FpVKwVHrWtZS2s/dPeVv4ryCE --> ssh-ed25519 3pl/Kw Mhc4y4szabQQaeBWtZ7mVdDnZYRwtninrBhcyHoUm24 -lQpLgpgU0ak9WDQIJxd5Yz/DUe14szLvsUGxAil+5dk ---- eUzkrzEEXETs3FXa2YqSW4yqQiRLFC8Umr1D+Bq334c -ڙءm }9.I^Y%KcSȮ#hV{7Z'i ssh-ed25519 V1pwNA mGy7a3SPHMxFaJ5S68jaRkPk16Ahxqp7C2YGnK6A4nM +TrEf7fz6yY7G2HXNxhnM4v7QkVrR5D6vdh+eUVbWbdQ +-> ssh-ed25519 4PzZog 5ixIvICVbbk2z8gqvodMAhCevBWdnfmpskWupnpMm04 +r33h6oeu1jQQGs3mP15xtbRq50FGpKwtbbqWbSTQ1jE +-> ssh-ed25519 dA0vRg gUxwHHDBhxpYMxBE+UfTYJ4I8nY7cEdWG1XBSLLWtlY +pNawroXlES4EyNZSUUiEPNy+WNdG9AnHnUl+7qLB5Os +-> ssh-ed25519 5Nd93w AchMesYdEdLHtphyfCumqrdCRFABzNOEf7KfFgQWFAk +Xnier5jnPDl9n8F5r/R4CjBoEvmwAJRLQWnoWoAudec +-> ssh-ed25519 q8eJgg AgmUpmYT5z1qAFZ+uUY5a7huZ8Bhifs1ZuDBlg7ZJxU +kgaKF9t8cEKBc715dNocxA3o+2dwpK8erRo42NzeP9A +-> ssh-ed25519 KVr8rw AafFkG0axLsqGVs/k0DrzLFsKk4uXtqRbJIFhuAmj18 +shiQFq5ZznBovnNXWfTNvSVX/O1X47hK6g13P8r6xN4 +-> ssh-ed25519 fia1eQ AKbaMyAtdDHSpP5taXQQjaunzvO6yZuCOUjgV2+4iDc +yDFZ54QNklvVHUD1AkiaQ0sntqiRxkMGZw9yos/IvcI +-> ssh-ed25519 3pl/Kw KD86EfxdUwpfFW7wqf283Wmdw8o/qnVzXxTCrtNPsWI +L1a9WXktp4a9s1GxF6O7VV14ZPQOp/VqwS286Dqa3Tk +--- +jytGaOhLk0unuAlkbbtAFNde8Z+tKJ/3l3Y3tBgcFQ +VV7P =O]bZjpQKaXINl_v +Hsh3~FW/ ^a\ #/ڇi[fbX \ No newline at end of file diff --git a/secrets/bitwarden/details.age b/secrets/bitwarden/details.age index acae7c7bb8e99451e61872cc0fcca3fa3ae1e0f4..7c53a8d075d8c11ddcd27be00e352781b4e3e5e7 100644 GIT binary patch delta 1069 zcmZqXZ04MxQ=e)Oo}c0pZeVWilwMMvogA8(wKq7L*(s z%9ZWx;v10anqQt3P-zxsW@uiVW|EX>7@6rEVya&dWFF~iVxXO9uI*i%%%y9mP+Xj$ zo0?)|YHDbyU=mOjm7lJVpJ-@q9BH7RU6y50rC(B&?Plo}92$}5?jIcCoNpeHYZ|Uy zk>ZygXzA?By(nF?PzRS8Dd)Kn_q5doS1K96zG#Z z@uPUSVPS-MO1h_inW<4=wr74wK|qy%vX@Drx1*U$Wo}w=Zh2IOeqecMad0`8i)VIH zpi7Z^WT0C{igQ4oc|@qcb3vJbe^G!%flF3Wx3-cmp z?{d$w%FLjuoMMB@Ot-)w{fbmq59eG910RFQXBoxo!?pdqBmE0J3WxOz0fo(BeB9KLOaJ%+sQaG%f!pnRXf8p zyDYLI+}kie9o@RL%tXV~Km~VG=kfyW5*PhU?c~tXVDIn@gW^2TqJVrSbAL0#^rYbA z`tnGNaQzIgN)s+0KgaZx5}*7W@1P=6W5+~`kfhSe9Ovwy^q_KQKhLPBvIwu7vaHaG zC=+z+JgXdi3mp}b^Ham!N|H>SUG+^PO*4wZwGD$J-E;j76T`CIg3}^>4I|AW12gme zbMm<|Gg5%zd0)jSQS!EM0?=GJ?u8%)A_pLh@a?baizV zJRFM({8Mt0b4`u>!adT;jh##bOtihq(z4Txb8||wONu-lBl9dmf)g#cPBd>S;oms% z)Rwu8XEv3{cwRZZn$x(x*+}e+^91SNtud!?4ATd7o-QMG^i2hFS_Pm1=uIc$`i*Esdbk*hVk-UaE_GftQiX>+My zt8U?exzQY()gyky delta 1069 zcmZqXZ04MxQ}1pWq;KL}o@rVf5EfD58*G%DUY2EH?4RoyU>R;4R$1m}S)AizVV0fe z$mQwlm1F7SU+$AwWtFko55@>GV zVv<+pT$vfkm7nh)YLe<|?313P?-uH8o*3+rljc&8m*VDEr5_%i>Zot(o@trqTAG|c z@uPTnl6O(MzqX63yGg#ANxF}@S5RQKqjRahaeh)@wti}WYoT_&VSbiTl}99(SCV_U zeq@$kxJh8Xr;kCpWktSgk*i^fQ>a@~woiFLuz8A?vx#MeXIkjwct-K?f=aLOth{2w zvS5$Yq_P|XcdxQi-xAYoXYbIUEcZa)V9SiEAXoqN6eCZrQvLFj@<8WY55tl&W9OU{ z?bJepL^BVkR3D$DwEVPGkI1AHx4agWSR*^7W0ALyYseEcMG$oQ(XP@)IkvBLmCILw#Md0RU-@P<1)Y3b> zz&SVD%h$;u8Qr?H%tXV~Kn25~jHF1f@}#KXAa^g%Y>T4g3~e*l!ju&MwB#t?JR@)a zdW)invRqf6ifk?)XW#UQsL;#|Z%+$-_W&3nKKhbG5x(($g|Mog&H%%d5;o zf?c_CeY`UYeBJ63Q!@iALy97EvbBSYvI>h$QvItOy+bRF1HH;pJ(3;Mb8=j{baizV z0u8(ilMPZTOI=e6^9)UWs(cJgEb^U`+}%AaeX}ETozg~;8D)eW&ye{sby8_BwTQ?AU}|KR_=g%Rc#T%NlvukT%a`9I%yH<>yah7hX|2@psb) z!%r?s{l%@<%eq4wpViAJRZfvA7oK`vjeB0_OO1eyCO3+NOvQ8;UyIr+_mFwE|F5H# z-m~Mr&#V=fUbi)nKiWj4p*wzKs5|E|jiMDBi*|aqR!vj*q4I)5=ed6B&OIOVTAyU) Gumb?u@qAza diff --git a/secrets/bitwarden/id.age b/secrets/bitwarden/id.age index 897ec17..7c2ae23 100644 --- a/secrets/bitwarden/id.age +++ b/secrets/bitwarden/id.age @@ -1,19 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA xqavLiNuEoc7Gn7MchvoSEC2RrsFDrf9MEGFYVf5vEs -ZwOkERtRi8yxlZ6sUl+mzJ+YFw/h82vV0WzhRjQOTo0 --> ssh-ed25519 4PzZog eiC4yLeOytE1jTUaQDOxtVHsM2jJAvGLrI75XJXRCSA -HJg+GqSKlXld1uB2WPTM28XEygsm3+4iObC7SCMWl8c --> ssh-ed25519 dA0vRg rStUstoZRf0i7Ot/0Gn6zd1cQMQjDlLQ8ScEIM3XMXE -PR2UGWuO5VOBVee3bndRxipU/m2ZRXMo0HQkX8pvTyk --> ssh-ed25519 5Nd93w hn5Oo+ZoIG+UwAb/DUUJmkDcey35fG5WDBgbe494T2s -TxUgeQb8UdxlowGV1/j2Tr7DTNqc6d56NGaFGZfeidQ --> ssh-ed25519 q8eJgg vcWProg0hXGuIRVWXpFSzyS4Ei4YHSdq17A08avwCmI -4iKGWyyGfCKEliEa/9r8y+D5LsyLglFvcUeXyzO+FCg --> ssh-ed25519 KVr8rw 2kNscJDgyfKH6WrfSKWnX5dgRM0Kk7FztGhoJ89VUWw -/biNgciz7/fDOyY6GfwEI57ESdUyRwmKaI4OG5pJs20 --> ssh-ed25519 fia1eQ lv06SnwwoBlmG4AVAeNpeIFgISkt6FktNuRq+P0eJgs -VX8O0FYWrEyBVR13t8AkvIq1VpwFdkMX+wBUQHBzXPI --> ssh-ed25519 IzAMqA b0DnkDgWeERguN/u9wgiBB1sbxHaMXmMZdPOJ14/UDg -tmKw26Fs6iKbVq7BBK60UoQSjykp4BzLW59/ZbbD0hw ---- rR+hloCeC8YmoV34TBL7hLk/4CSfmYKwtAbmtUjHvKE -7RHSIΔC# /:HImIdjklalb\L 6إ/Pܢ+cUM Yt \ No newline at end of file +-> ssh-ed25519 V1pwNA +Bzh++C1+jxdz1VwwhxPpO3XWn8fy7bsP2wX4mlQ63A +1GZxY76fwUOo/t/XeoCOEuxxq+oiU8+GDaasH7VTOkA +-> ssh-ed25519 4PzZog lkqPlBejVuYcBQwAZX96296VjJqyz3Q7J7O7OzfSDmw +x+bGIiw4SYhEePIkF5PLK6KK7EJ8Iay1oQIOJ18DtQY +-> ssh-ed25519 dA0vRg o0tqstSEhdxxdu4Bu8T/r8al3XJpIHvXp7xe8YNbJgo +m1OKX0L8Nn6ZrXI0Sk61fe8JIRbh+os7p0wzCMtdi6Y +-> ssh-ed25519 5Nd93w pYmPUfDB3HfJZDPgNh4Vmdu3UlTimrX4+EtUzSONyw4 +C/URv/SZEtUlI2SBPNTfni4oI+bsYZ/Wq3xilcS6mMc +-> ssh-ed25519 q8eJgg k5Ml805g9vQ5Wv3hozSCAq8EGzvczTfpssrOeBlB+GE +IxRgNIg7Xi1RN9MthSqjsHoaLpsFWoUVd9f+ak9Qm08 +-> ssh-ed25519 KVr8rw 5YvUQVmarpS4FgsFI8EFLz8tucmvs3V3Q8I0hT9q1i8 +Lifm2EUWhv5hDU9mwkOu4fH8zyjEtGXW1qVBbC4dfvs +-> ssh-ed25519 fia1eQ sSzTT/AeSH5y4vyKt1Vl0bnkT11ZXINQi/pGU+M3oh0 +Qm0ktboSsC0/+HBCIsOu2Oa+EAdT/DlStNLRpC+EOtw +-> ssh-ed25519 IzAMqA DhHry81R6JO3xWujL4l3uOmtqvdmk40srcWuXCU03kg +L4AWjbf1+bNXSMfBpC6DTKU1hvql+1mIRemeHZCFXos +--- Jlkn7bKGiezveI2e56iV/3B08/z/JxsJxgyvgZ6WhN0 +|s X#?WٺW(@L [^tnhGc\z^>^D{*.! b \ No newline at end of file diff --git a/secrets/bitwarden/secret.age b/secrets/bitwarden/secret.age index 0fc2d37..fde27b6 100644 --- a/secrets/bitwarden/secret.age +++ b/secrets/bitwarden/secret.age @@ -1,19 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA LbYb1XP9bLe1lcsAfGwPkK2/r2+TnkkEgfS9fi1YKRo -Z20C/zQluu+Qanf4d9GSj4pLirCyqJpa60H9hodMt5k --> ssh-ed25519 4PzZog IFlhg/gbQpiMugcQZUHwfAnSvhxCwW67XmfSNmYOSQE -nOp4xPFMvIhUH9OUVz8B3L8GI+Um2egjHV0FgmdNwwM --> ssh-ed25519 dA0vRg OAmV1KiprjoIgOPHCYcme2uLiU1xEdohTWA5CiN0yG8 -4/LHk5LCGrpMISvpjfo7QuhnRrE3ycFGwGTQ1i6VaZE --> ssh-ed25519 5Nd93w jv27aiNze8Nxp2ohY7NIRtZv5lBxAdKYGWdqWD12zU0 -E5Rk0r8To4B39UsaZavEkAZlIPiaXswsShMgsyNPMoY --> ssh-ed25519 q8eJgg /o798N6b1KlQfMM9gQf48TF9V7nXORxW4SOpcpYCuhI -RVYXWwZLFL6ZUjGbmXBzEj0+Pe2wpZFPIj5yH9kRIwY --> ssh-ed25519 KVr8rw +N2w/8vvD7/uG3TMYb+9vml/vZhLkoS+03KEDlQWNhs -Hne+3S6vVc5Sx7QJ+OCrPCt4s5usZ7B7WwusnFQLmSo --> ssh-ed25519 fia1eQ PJYYKfL1GolRt90KC52dvUyZ/HjWRJm9vMTjBvrCOkQ -Xc7SpT5TZLTOORLO3uE8tPXKx7thUwaJi3ixngLRljM --> ssh-ed25519 IzAMqA AtoNahZ3dTQasdfP3wf7U1RJyx//Kt82e1TMSIkW6QA -neLAeCvnsl4RDq2H1slZJ+5i3JErqy4aRGoscpRUi/0 ---- W8B6kla08fEkl4Kpp+0eAHj7B1j3WYCDcuwJvAIEW58 -)8G( 򝐞r_t֩z|>od6*0jrT\*v^# \ No newline at end of file +-> ssh-ed25519 V1pwNA ud7vkafWPnZmwU0gvby16a/lB4VVkUhVpqnwvkMdKig +/PR7w91ONFOWIvObEKI+wD9XTxbjqQoMjlar9yqN8D0 +-> ssh-ed25519 4PzZog nttwEm+xO2qLIkb+FqRmDeqbdidUune5CdS9AvHCmUs +raINPneffb9cQ6Zq3Jpwfz0MiIaTtoOI6s+1wB/S5t4 +-> ssh-ed25519 dA0vRg uuSSiAgzEPgfh+VqE2QfB+8fkJlnUJsffF5/3C4Ovx0 +1oFB/dDSQRpcETXb5IxYSqSG7oI8Y0i/myB6IaJqtUc +-> ssh-ed25519 5Nd93w ZZA2ylM3mB4xjxMzLmrYNujWTcjVsgKRzIYVsmPSqXI +30g14yh+pO4moRvnd9Xxe1/QQxmE2h2zHP9mqn8dULc +-> ssh-ed25519 q8eJgg lkPUz5/vn10nmk03AeA1W/6fp3tfyrdLq+kgoR5Cjy0 +fHtjZtjYG18wWhhvZY3cn3FxxJiY41zQg16ltudBue8 +-> ssh-ed25519 KVr8rw E2OijEik9tPfGCeRe+XDV+tKHTOOxojVbG0esTKuLCk +wXIOcUGlmF9GinF+Z81KQNiVACN2pthS1nwCK41IHMA +-> ssh-ed25519 fia1eQ VIfFJCbkM8ZvKKXN3+ZjxXIgK2y9vHpFdQopX25kUAk +utaTUdI2GBRxkDJT6qmxsdbGqjgSRP0ss4ZgQRQhQBM +-> ssh-ed25519 IzAMqA WX0QlrMPSMMvv3KnbOedpKcQrarKBQLHRXThmvveGmU +uz/jl2Ze8sdlCv5G6U1Dn5EiucQ1wlK4+/wwezX6jTI +--- fLAcK+fEa833GdqAvbD+sIr2ViSHQat1WQgPook94Ag +xIi*X|*>!KG7o)EU7U \ No newline at end of file diff --git a/secrets/discord/token.age b/secrets/discord/token.age index d9fed9a832fb9a80e1bfe719974831b2a0bb00e9..a346d9bd6dbec104b3b8803c7707cfe0daecc60e 100644 GIT binary patch delta 1117 zcmdnOxrK9rPQ7EYnO}0Gn_GHzewlMgrg5roafV@;X+UajzKL6MwnRDK}1xLesP4ScD{aKvRSfGNk*o5aoMJ|*daL1ty4UZ#Z^`6)#KG^?^;~B-n!<_@n9o;O; zvRzE|i~UpFTzu2Q(@Z11{DQPg+`V%noh+Oj-CW$la)TVX3X)un3Q~P5LK6+E^wW|& zEOL!gjq@Wi9Mh|`6Wt?yGP08NBO-H)jJ!-HpJkM&ukc7o&56uQ@vm@qNzN+BE;XnO zGBAsD_sj4t4vNZl)OR*ED{xBl4ld?$$}ulYH3ZN z$u}0~gbzya=OwFUJ%!pL%Z-e`5oW04I;a ziVzb|C&M7~H0@;bfU0yZA5%ZyP%r&_Z*A|=;IKr)^vY20j7U@eY)1=YSN9~(^voO= zQ*Y;}q})LC_)g1AG)xUtFsUf@PtQqrGb|`I4e~EevkY@H^>Pdi$u$fyOE(P&c1icI zuhiBrF|kZf=W-0nH4exK4fHMzOb*RTF7`|J*d>r!o}GuFx)Y}BErNt*)*{*E6pV;*^^6GS63k; zzqr&WDAiCqDbOfN-z?Ix*f&3?$gDig%&fpAxHP{wHM7jEBt6*I&z0+^=J6HR^wfeT z_Pa=a(rS2k>37ZE9Sc?!oI1K&$LfgZvFa|T2=BkS)hh+h*J}q&`hDz~!iEF??N}1u zKPYRQd5%jo@JGK<-~Q9$t&5KyOt@LywZ~<-&1$g>;gqc|3F_8c805Iws{MamYwEwr ztTXA%QJ)nuf^(R}d%|XE2gVlN2{^x4|LtSBJTI&BtM)LiN&LG{-Z(qwu;Gl=rH(gW zIv&)0bVGc@q`B7n99_psgGA$V6tIKT49=BaH(IBg?q5E zFPCq*e}<=zd1+~Wd1-h+MYwjhaiWuPVTx&ilW~ZXr+HP0fp1Qrc6wDnK9{bYLUD11 zZfc5=si~o*f=NJCRDQZbRe6!4zfqY{KyH?2aZ!%ByIWO3iCI9TcTrJARI#6hZ(wm! za%Fg!iHmVES4miMiF1i}siA3ZntyOea%O;=f0d(!r)h|3R9<$tX>o3(X?R$rNlKXG z#E;_PK9Pk%;lZAsMNuZ+C0WkerN)I7`e7M?Io?UBMM=d`sV?aT=9#`JmYL;TAs#+? z#gVRoVeaJ-7RezIuA%v6S=wG6-sZlU<&OSkSt+@dPH7?TLAkz@;~B-nEs8wzT#G`y z_0zq)OpDCJwJQw6TpdF*z5TOIlT(ATa#AZxL$u95j165( zE!=%wvpoaD(le8*l1nok%bik_or`^a)6$YBpJkM&PcO>JNK7?02~8}_&vrEPcg%Oq z^$K$-)=v(J^vf@c3X6!03=XMG&NAW3vq&wE@G{Xa^Gvjih|F>-chB)MGIjGQE02iE zjB+&0E_C;D*LKe`G%`Vt0PnCOi=uLcNXyLP)KZI-5chn2?}E~Nuh9B(^9pmHlF0mQ zCkr<(Z|(HbBC{f=^il&?F89RBlHzRrBIlBT3g^<)GLMwX2eEcMeS<7qUAd~ODucB z&)&;>KkQw+h(+e?IhzYdXEJ0wo#B^Y6x`B%d~%y@i+kugmwL9WCx?~3m)t)7U|-S6 z^O8Rnt*@+lce2}_|Ydk*DqZ*DCa${eCpV|PY+hN zxv{$B|ClZq_H4}t&Q&HSOB$~$R2iPTkP?-{GTYvf$9enSFF_|hvb>+8)$V3w@F-%2 ztGJu+E29fff^9SAx~%v*CnUdeXW_x%8w-}2l^-xZHO1WP==yt?RT#4z0+(hUIGWMA zWctz+`JFSIwJrx9FV&7c+*#25&P*}G$an4G-A3gxu7?XPlJn+m`m^-1#+r*i&y`+M HsLloeh4!0{ diff --git a/secrets/dns_certs.secret.age b/secrets/dns_certs.secret.age index edaf67f..02a18dc 100644 --- a/secrets/dns_certs.secret.age +++ b/secrets/dns_certs.secret.age @@ -1,49 +1,51 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA 5xvtgxFvEOX/bVAOdBBF2Fyb0euGt95YjhOcfpGgHk4 -6oN4Xba0W5g/d3EX2aC4N6UFVf/oHGgdTxBcMbjIdHo --> ssh-ed25519 4PzZog SjAcOftaZBEAAZ/P+Z9OTira4/QLSMRefC+JkQcf0G8 -zG0R3/r+PBjWj7WBABmHPXpqx18uLyuFMJKB2az9i2E --> ssh-ed25519 dA0vRg k8fekPA7w/QFMVnDfCrpOlfv531/nw9tO7B0d+mWHiA -jp+DndebWEdk9+wt/nvS0LfRsFf8T7+dMffWmx3tPw8 --> ssh-ed25519 5Nd93w dYe/tZ5qHoacI1IBa7yvDL/grZU7Lc40gU8boQY8Wj0 -eBs8fYre18RGW8+RH4J4AleG3kNpCZ0agAfcojSCy2Y --> ssh-ed25519 q8eJgg 9UZdBq2oZ29U/kzeNOGn+q8RbkLbJwM0eSJHqSLV6Ek -vqa610t5XxHiKBSf7veOc09ZFYW7EF1KpIbCpdCsegw --> ssh-ed25519 KVr8rw 1CkykLAC3c615TDRlOeI4GHmqu0VT2kclWkr+DT9dSM -0MyPNEmkHICQZxpKt0jBZpce13c+jn4WC7IJL4uWZHo --> ssh-ed25519 fia1eQ OtFYStmc1y+yqYNaNgHxEheIIVykYAa/uR0dKS4xX3Y -c2HYDyrD6Db3FNLP8tebLngtS2S8LHsmHovbofsUk3U --> ssh-ed25519 /Gb5gQ rAc4CqbqdkIAFystL0rLqGNH56GrKxOBamqhiIFAY3c -RR+NsZe0HQdQv6SgeIqy9IcIChXdvrsspNDBngW6Byw --> ssh-ed25519 NtlN/A 93citgkp9Aj1LDK5UdzJqYVVYaWgt/Cc6yMJka+ccyY -KTcyd/SygOLp4mPI1zGDTKCNT7LfVUw12Bw/qnTnMpE --> ssh-ed25519 v2Y09A +fWNE2zU+lz5KGu2Ed2MHb9UXzJPUAUuBWilF/AS1Qo -UVJWnAjRcD7X6iA/heoWdZTcsUS+1VMG5leIHxWZGNA --> ssh-ed25519 XSrA6w fft3i85PNprS9QqQo2yKr3lx3qHuSVFeVYuT5Gtfyng -lNOo2jQXvaMElQawI9x8vnQN5bnnNefEyYXD3YqwOwM --> ssh-ed25519 DVzSig a5q+imjqWqTzyM3aU+UvvGv3wH3RLTPl+kva+qVSSFs -Pobzi/5ZVyfGhVK4cMqvMqaAol9X4+P3hEaUeHdiacY --> ssh-ed25519 uZzB3g B1D2S87+yPr66EikAqLw7s5pazfQeQUxAj4FFnk0nAE -3lEw0t99aSGqkZdi+ILl3+s+JWRKpY4BHLXdrHfFxng --> ssh-ed25519 CqOTGQ urZpNzMYvDnGR1UgjgrRYp06gKWcTEWUDjyb4fdDTD0 -7jeFeoMBitwGFQLSynYVyIYsEhHe7A8mdl65goiX5c8 --> ssh-ed25519 IzAMqA QmtcH5afcef4NMRX4AMrUHW1tCPGOlJ+gIhhDFkUCSY -I4Yg8vgoYGcsV43qq04+nrhzMJ20eaQjOD4EJM0z2xw --> ssh-ed25519 Hb0ipQ CO7nQSSKrmkQ/C6DuJxesIMJmm99eQytLzJ+3/Q38AI -/kBnqeivoQLMaAA7nX0t4/UAvcOIchEu9bJWxIuUOV0 --> ssh-ed25519 3pl/Kw qUD++i8FGbEAuqa+/v6f664tlVTwHGYF3AmTo0cuZyA -vjImiKQm0SHiuO7jZTKRg/3MKzDExfE+p9ZT2nHZr4M --> ssh-ed25519 SqDBmA BGwTqAeEptBFRbwwVkHZWX+OKQpALqrPvA2+Cl356D4 -Gg69WAtr+AAfYT1G+WcTSIlCbNqS5DyxsZw81DaBSkk --> ssh-ed25519 UE6fcQ 4JZzLWThfgJQSNDDtDp8ayM7N9o5tQ6PVwKMj28inC8 -RyEWRmMbuXezYZntsTdVIbjy/YEbrflqMpirdg08UVQ --> ssh-ed25519 YFaxCg LTsikBkuBwOuc2qrnTAMVtRawZyBosZScefH8qWIqzQ -aLiVK7XFI8iDRTCGH2yJnUpydjTp7NF1Ygok6D2Fo44 --> ssh-ed25519 elCEeg TKQKeAvY3kn5IuvHoS0SWtX647nEn1txDftt7pPQEG8 -OPAFqPGdSS3Ud+gFtMXG0shrXSmVrIBzvwc19Ac1NJQ --> ssh-ed25519 8vZ9CQ NGLF9epPqcfbQWcbtMeYIcH0jAZMvO4P7UbKtl8lGRY -ZJ5afGOI32OYBpWs6pe15z2IB+5xgO04/OsKp6ixT5o --> ssh-ed25519 rmrvjw tfgMxvtTE2vv2qQJtQk1J+YV2UC/2iZSs0nvbVzV1Hc -HW86DML/9MXoTs0WWn/zNi4Rh9SBhaHl2WC2bkiLbmw ---- Q4amxZgWmdHcf7aqav2TpKA8KX8B8ZHuBhzIcKwbFTs -Er<\?@}kR(;^3PJOS܋ ` sb?9x$/~4F  v_p4{5 GZf"BͶ')/]wK%o B*&׫{\ZpKίk} }P=? ssh-ed25519 V1pwNA ikotG+f48KCxKj5DIdhwIEYHtspuBfGj9DvlXLchllk +TQ8OlL5uDpwnjveBk1RbpB+cCOpqlPQtOu7c0/LRiqw +-> ssh-ed25519 4PzZog ptPetu+OMhjcqwIZD2EtPWojceX/p+xFRu8SdFBEBzk +5HKDrQTBiv+hTKhkLtnYOq7sUO8+dKOS52bXGjGXwxI +-> ssh-ed25519 dA0vRg nQ1GTSQwHt806xrFMyqwQ86iBSLbgGDIL+GIWMD3AFw +OPyLNOxp5k40I4WvDStpKun/AdOuWZyEQLPyyFdqtcE +-> ssh-ed25519 5Nd93w uYt44+U3T3DOThXDGvl5WPDPGj506O2Fc271qlw/lBo +tcRUll9+PIfcvcdvIzD8fcIU85+d8lw7ThPetfq24nU +-> ssh-ed25519 q8eJgg wLIZSQp/YAKSohUD5NsbADyYua8p2qik9lRlzdvZuSk +f/b9Jt8Qk7dcor+5xczk7zRzOxTgknGYstcLQv7ztJA +-> ssh-ed25519 KVr8rw InbHZ+pieHIQGGW3LOOfYHS+RkuXRMzxMblHHLOV9Cs +0oHx4kyD8AW5vgpds6EirGHeYznJ+z2WiGmn7+6bPww +-> ssh-ed25519 fia1eQ UTuEfUIL1xVc5W/HSXpVvPxeQriwC6Tot1G0vRaT1XM +6mWM2A8DVPMKzp7ccqTj+3go39xsyKIHuu4zZypHD9c +-> ssh-ed25519 /Gb5gQ Q6uPEnhxFPRulsd5YWVXfrVUJqSN3oM02g4yK2IYUQc +qqcy7z7RohVz/GDpB2FfjE2V42Bs023N6+G4qIJN9Bo +-> ssh-ed25519 NtlN/A F4k9xBWDxeIS+v+DldjlN5e0WQmKH7Pt23XnKxkxTVQ +PgCuox8LSeYaamogydWcXyP4aVCQadeVfnjnFngWC+A +-> ssh-ed25519 v2Y09A Dq/SngPnj9Or0XiVOoo7EQNdsh9mby1F9v2zSZOfMH8 +Y6J+nWC58lxZKc+wMFUGeymONf9LOxJhMonP1Vo/LMo +-> ssh-ed25519 XSrA6w KnF8xhrzss3txgoF0JK84/M7b81NuFeB9Ir4590LYRw +jilyzwKpL/A4CmO/hMOMjZqPfwGsNYsngAw2trX7hKM +-> ssh-ed25519 DVzSig A4EU6+2yqw3S2ISYUBbZYOq4xBEfXoEy1fTUhTzGXV8 +c6CyaaBcdHA6ZNdJApUcQT/ED0hQYPqqyvPF+zwCLME +-> ssh-ed25519 MhHMYA ixDHJ+PFXFxsCu41Ye2Vwlk8wVlXofq2ztKIU9qxH0k +8JBxpk9/nQqR2y6i8GU9PpoHfyitJwIHxMr8nb2Y5As +-> ssh-ed25519 uZzB3g zZAxSWF9i6321ifYiizQn6kvadhQ17/fNkYSgOyR+x4 +H5jsIQmgVgRoMRRQ11K17eD9HqU78CpKu5ylkgqrtq8 +-> ssh-ed25519 CqOTGQ TzL9qPqBl8M3d9whmAaBgx3Wo/hPKc7Q/P6Kt3pPxn4 +BTnEU/156/8BKqdFcWisleg/K69RIiMaNDg6h9MX9og +-> ssh-ed25519 IzAMqA +w67jWJmcVuPwjlkKn5Y/ryZBzA7ZzLl4va6KxfMm1I +mO9xeZV3RYUbGu5TJfnRAaJumAzM5u3wmIByawDdFn4 +-> ssh-ed25519 Hb0ipQ y/srd2GpXb5EMVySg3BYOr+41u/NnJlx/2sQlhRyEg8 +s3Se3Rf8N4WqP6QdmkAmNtgZKgsvmuWfiOpC6pKGNuo +-> ssh-ed25519 3pl/Kw u+QbsaYgVdhbsYBlbuusG/1nOXQ3PLCwtwWE2nUTUFQ +laEpITIyaNx7opXwqT9SHo9qNWCRH0WozQYt8SW1cz0 +-> ssh-ed25519 SqDBmA 0dlLmNcgAOBOUrVUT/t0oaF+AcXUWqkDN3fu64rLx0A +y9Xw6atnsCX66Q+iIMHwsq8vxeL4kxTihIbMut+JMlA +-> ssh-ed25519 UE6fcQ qBrP+r+1jy06z90mQgk05zLog586HGUMDgHTbExoMj0 +TnZAUZUNNIAJzd8Efqb7KqR/n26YXr4jV6zPvZXu4eA +-> ssh-ed25519 YFaxCg SXGoMkrpgduoXNIZXDy93gkzlnKtr1fAOQJxZDcZ6Q8 +jKdd+OufjXk1UYsXcJc/Q4JeiRhCcHW2nrDuBrHu/pw +-> ssh-ed25519 elCEeg jPd0A53zK9OFThb4pCF30/My3QxiwGyGiDp64ob1vWA +L0Rj+47bdVVwii4LIMoI2by9qmzk4H1kHoyEc7rUO9w +-> ssh-ed25519 8vZ9CQ lgEkLneoENKWwNXRtXRbN5VSm1joh7NDSSUn/bp/81k +X2A6sHl6dFe2p9hfVINA1G6nR8lqMQNjBKc1FvM9cnE +-> ssh-ed25519 rmrvjw NX2NPt0SVGc3+2p/ob735mUIb4t9nhwUrdbdFk8CnSY +sL3zmOASMti3QcIfa0CGEcJex95qGX4aeIqO5LS1LFg +--- 9+vokggbkBI5tk1kvqpdPkePahvTIcYWtU1MU1zTyCs +{.xXq55˱{Gzᆄ6 :p6[YUQ`ؼaRS]ucYXH"h 7ޅ6چo=*GiɨLA?ĆÛTpaKa2 n`\N34XrʴI9Adq \ No newline at end of file diff --git a/secrets/dns_dnskeys.conf.age b/secrets/dns_dnskeys.conf.age index 0808d0b..adbf427 100644 --- a/secrets/dns_dnskeys.conf.age +++ b/secrets/dns_dnskeys.conf.age @@ -1,21 +1,23 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA +Ug8WtIQLZK1chInj0113Okqae8ImSdTvQYYDD558ig -ao7w/Uow6sCtoqRDr3Y8NjuF6f9P62sKfx5+5+3yV8k --> ssh-ed25519 4PzZog KZwHoIkqMTVHcHma22+hG19oBgCNZ3zZ9fgs0i3NMx8 -hxgtsHVx2KATvEQM790y7foAaWVBFnqXz72CovkbcyU --> ssh-ed25519 dA0vRg QORz3gYpB5PiM5Dgm4s2JNyJSBFTzY15tlC0JNMtoTE -1AuUbuw4YSoyly/iHY2DGBOhRijWoXjsFfFM1pKKlUY --> ssh-ed25519 5Nd93w glPMyqAhDvJSOgief6VEWflVervhftUbNgnDOVtKX1I -xDSl0Oe0UPiWRnFythx/6ErNSy04paTWWKrlheEEzLo --> ssh-ed25519 q8eJgg 4Xs8DKl5BV5E8oGE9MrhBanGuTltQZz3JsCI57UYwiU -c99NCU+f8vbvFq9T+P4Gi51ae5xygzuyLMFGf8px9CQ --> ssh-ed25519 KVr8rw mPvw8t8On+jnc97m5f8x79Kcx9ZhHWyL/YW2zVllqUU -X8CuzLbLfT6sDhZp4rGif9RDD0zHQzjEp+v5PHX2BAk --> ssh-ed25519 fia1eQ CRUdnRPTZQtB/YlTqGcghTUjUlN7avoJ3iip5rNgcEo -IX1fAfmdteXLwXF7S4aFidVmzr7ClQE5Dlh5siyQZPM --> ssh-ed25519 NtlN/A BRTimkF1zqBp4N1cep8+Mzet7cX45ZHTz9NekWNaNTw -//1gIudKHmPM5A/1fJNPaQO5TqbZzV7FDFM8EhEFzIk --> ssh-ed25519 v2Y09A U0jsaGMHVO2LpKActT5oYiJrbw6oLeSwzgzR7ufQpF8 -CfB7xVWpyMHsRZbfwhtlBdZyUwAuLic9R0LBm6vXNUo ---- wiRWKVnnLoriKkk//al7FuIGYKru0nO1/XGhpz6yWls -$rlk=nCxgA3֕^%8sJ& -C&Y(e(jv! ?9^U>fA(1#\0c"Z^4_&ZX6+Fÿ \ No newline at end of file +-> ssh-ed25519 V1pwNA UBWTUleT3gH3VTd/ahMfx1iSc1JTTlZWKxD4Sx61Dmk +rGgE6UbDrVFRBbCfw2+o49aIlk4qOHDNYD5nQnt97vU +-> ssh-ed25519 4PzZog OGYMrxkoi+q8ysF/6+HYm+RQshv6jhZyjqQr+d5/vlk +1PY3xrn9dHVnXOOlEukTwnF0S5KL6AsDRXh5MvWioyo +-> ssh-ed25519 dA0vRg eVrtU8/e3XSCjOHFeujDNIZHPWDq3qcot/+RXmBwYyk +mOFaEqWEnYtKxlilozF2QRyKPsOP3HvNWnQ3KLRON9Q +-> ssh-ed25519 5Nd93w WXvBheSNZ8CJOtyxeK6GBLRgt3n1hgYGGnksp4pUhBM +0mr6EjSJnnJezPk1nXIEpaIMmn30tAFJj7pmpS7vHzc +-> ssh-ed25519 q8eJgg SLkAt5hvW2niDBIqeKjcYZvDR9CkJzu4wf1y+0Fizzo +ZNm7qSf+Bl981GJuZPPjRL1HcCJbZ58eOUQe+jFE7K0 +-> ssh-ed25519 KVr8rw xfJAoIGIRNVyRsPxjlARAFXm3jDnYxBZws0/8mkqr2E +w//2SGsPl3BjEgGIWAsomH8jGwnOKCpn0SJsbb4y2EU +-> ssh-ed25519 fia1eQ MjtOJN21srAeob/eGpKQON1FGebBqvZo1bKfQFz2bhY +eSRZ3DTQ/HfueI4k56nkAmUdy7MARgcNYgPGD5amCTM +-> ssh-ed25519 NtlN/A n5uN0giDnRaRrfa0jCpqkDnzx1x6hQipumVP/dM9Sw0 +J5Z3ETAYMQbugOUsak+k0suWd3SInz2kfRDrJhP5ObA +-> ssh-ed25519 v2Y09A KxmOke5LEOx90sSm3W5gdNHTxk9Smrwya36g8rxFyhw +2FUiiEe5v1CUG/Gkyu1Gw0/tmo64wCIq/vsCjevL3l8 +--- eFkoeakUQHfc0nofk2Sm/k0ujxlkKkahdm/MmMqPHrg +Š +a +5'?c0 5Sh h mȍfZG+>6uϿrzYЍޯѦJ|a>7iYa.P&dKZS̩/Jr;׾io9hNæ \ No newline at end of file diff --git a/secrets/email/details.age b/secrets/email/details.age index 4ee9f379ff01d0c77170c4867a7d90f402da584b..d8c9aa56e9c8dff7d093aff5efb4bc9a8fce66df 100644 GIT binary patch literal 1419 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5tk_GS~MG z4lpXtPB!(3a`CgYNH;d{^o%I=bMY!p&j<`ps|<59HBZk8H{i+-E{MzvEA;VCDst8L z4fONK&#Us!EpX4)cS?4t^sOil2nb9p4Rx}J%15`&B%mrPKV2ay)H~PIt+2wxz$;MS z!YRe8EWpsTBCyOet31T9qSUdlI6uJCu`C=}hc6i0)ypmc?hN+Va-@)BcHM~kS;bpPzI+{hfC z^oS(i)BsQ8a7UjKUqj#IVz-jOyg;tX^il)EWM{v~oWyX;R0GEVzakg+fUGnxS3~b? zze2;j!c5Z?v$XQUTnlvDO#MjRMS4lR^#j6Z10jgG%*XqtXjf z()9f-^aIgtE3`=UN>5j?F!C($@y&77w+t^ZNprCX@bJv^E>26c%<_u#D#;IUGqtF2 z&Py_LcMRq7EHE-pP0z11%koVxD+>uqH!C#ti%1R0DYJBS%kZ`g@UY)-KIU_b+gA zE=&)}($B8+FwCej^a&5~2+qllG7C&HNH)o|Oe*(}GC&VW&nidXLPv${;6!8Zq$NSiZI_yv%tVGgQ6_Qfb^6k*W6sMAV;oXe{)|`Co`WQ!^9|yBJ*6g zEH_6t?Wi2XlAPi~<1Bq+eW$SO;DB(qWLI?CN~5ZrjMEhi!?Uu|yi5)JqWq1V%?rH? zOv3$3Ts&MubF$qGoZWIWQ!{*vBQ5mJ!n3(T0?gdXUAzhm^1M^D-4dM)O7fx-EhF+> zEJ^|k^7BG0%Ds&$qV%)%9Zk?}^GGttEC^I63n~w`EH^LlH>fPC^vKUF&@L`aDt0k5 z&nb-XanUx*@N)6Xw2XAlaSY}1%k-?&*Ecs$_bUyw4E0JcD=`cWD0H#34D_l>OUf__ zcgsmJ_sKJGFTwB|G$g%DiwhDxT}}KQy}gRdQVcWvD~)}PlAV)s9o-G|EprS~iu1g4 zqS7idO}K(WEKRfBQccRdiwryh!>Y8++|zQ+3ldArJ<5U;GjdXms(dqC69X+=e7SUW zbrllR&Gape!h&2~oQf>+14F%&-IB75ObfkD(vy8tJQB52vy3y+v@_F_lDXuM7Fq53 zeY^g0+A+=IUF`M0?^~bVl;#<|G2KRe?Wa}7MZZ}N7fH1g)#neC5+SnfK_ z+@+n|9)9L|&G#n)GwN5=^_-TTVlI36@v6t?w}$rCzTxC{b^f&A?NS z)F;!)yUIO1Fd`@{$1>m1GqOzEt-LD0*x%VZ!+^`PII6tRIN8j|G_tTN-LTj@)7{9~ zwZN?`Dl#)M)H5?JG%vrxAUz|?!~)&66i0)ypmYU)?W&N_$n-22WPJpBWWOG=CMJ&k=_Oni*BgG|E%LMq&f zqY_PmO-&5-6SIqbTur#r%uUQplaez6^DVS5iXPWR0|VOgB$5D+|<4^0Q1W)K1AODor;lF?7?f&^E0I%a6!$vGmT&2n#hg%EyQ| z@310^qH+b(tgKv14_~ujL!ZJF^Pu3Oyrd$NAa_GYj}ZN!0GA5aumInZ>~xc?U;{4g zVxv4GKg*O5@1Xp2FSE+zz|7ntH)HcKzmN*oY~zANqf(P3Z^J;BFbvz$G7}9`0~H)| z+(Vs9oiYnk4cv0db1a;V4V{ymBfJXSgPh!Q%u*uUl0Abx(n|^glesFBLM(mD{1QD) zl5&j_oej#|or+z9Tr&(yQ$tLmO3Ok@0wcAZ3cXA`J<&tbv&zx8&`}{RA|=?XEUUQ8 zr_9LQ%QrhT$s^D^&CI=^%GcE2+#`0g7 z!0<@_(DYzS{S-svlnh_*Bm;EYJdzAD3j!5VQi46bi#)x{B2x^@$}>w#(?U%P0}YGa za?KONQjN26&4P<9+!6yka(%giJwx46P0}n=N-Gj00xP|oBa9ObTrw-2Jd8ZFJ++-m z^YZ<3y&??Ki+#~;gN9^kXrgaOQGSF`sAo|?vUYJ^y0f3ZVM@NaYjQ@2yI*ESV1{2= zWMyG)r6ZTVQ(>8ZP()>pyH|j|Q(Bm5K%RkrnL$;KrKNt5V{(vRQND$9NWNQ0a5|T+ zuC78#vSp@uVOmOZX?aSJS58S(kY!jviobJInNOsLM__qaYL#PgYCy6D(<$ z$`=oAUoh`|`0f_t!`Geb|E_u>$-Gd$fbWT3duFq~_x1mFzaE8~o?0?*6(95d(#C0x q>=C~T8>9s$-#S}nnG<#(JaKWy?obOJldzeK?b8mc3v%u8{|*2U=Gj63 diff --git a/secrets/forgejo/runners/ssh.age b/secrets/forgejo/runners/ssh.age index 294bd09506606f954e12f3c04c6f42b3a93bc9ea..7a716d1b83c03bf40c05fa613d047819829ce36a 100644 GIT binary patch delta 1297 zcmaFL^^|LZPQ7bpP+qb{Rho-)rlpyAslQ*2TVi2`Z%~!FXPJ+QSx`V#L~(|1qP~BG zCzn}Zu#rKKb5yQ{pI2yTkhg(Pgn3A0Ns7O5NnwqVFoUqd5#qZez`ubz8TsHuf-=jXFnwd=bgqK3Di6=FR1>4}Qs07*Fy|;wKTmVd(4g!9U&qYivYfnN z|Kf1-l#Gn5e01y5G7}9`0~MTH%H1O^D#FX1D+3L+EAzvWt4vb^EZw7=T#Nm)3SGR7 z>pjB*9m7%+U46Ms3j$JtoC7>k{4%ngBZ@Nhquj$hLJf;eD?E$6y%LLzjLW0K0=-<) zsf zC=H4*E6y;=&enHz3oOr!Fbhbk@b%Bg&nU0T&dAGkw=^?N^)dAGcC{$x%Dg&P^_cM6 z_f<)qnl7^odJa1naC{07Sbp}q-q$vk(+d~A7XIdYsOD?s*7^Wr;R6%T>VGV&ENi+Z za`dky|FyV7{JB*;)~4F-J!FvdNpr$R z*~bf{A3XeYqk8@7?ML;?qh^>q3v$fZyg1GI)%FJqW4BlFzcb%?^4PP_*QQ23J<1j3 zZ*CubS1U@p&FYf<37^K-^*sG=<(Bmy6fJuhc>d&7{biX2ThwT~VBE)_kOI~x@v;Bx8C(oO@TO9i(<+pXd zIvloeUQCzi)Ag|ho29k{nX>MY%J7_~W)j2nvCgC7#W%+Jrp|4ePH)dRyil)C+ijDq zT$OVFgbm9bMi!$}7pv7-)t(Ew?ci3;=(6eR1_Jv#8lo|B;;xCc#5g%^ii=R?w#^Wl)sc_&J+)4H-9lXLCw(S msJY&CtG0;m3#t!m%=LZ3&aKPl`|V$80>{y**At}MBZ>gYnd)x< delta 1297 zcmaFL^^|LZPJKqWUwLSSTc(k3W_FroW@Kf#OQDmYiLr~Re^sSLMoF2USBbN!V`4;j zHdj<~ke^wkLAjxsS+;&aP`O2MPD+$c|_mqDbPzNw*OI+w1ULUD11 zZfc5=si~o*f=NJCRDQaGc|n-BZ-iH}xrLK!riEp4rdv{0sdh-JTZXAwWNu+;dPI7K zvteaKmQ#)=S6XCBp?8K?j(=)sl~1NYpmU0)Nu*b>eqlyxq*t+9gr~QoZ?I=%Vq{?P z#E;_Pi3L7INx{MH6}i4%rKRR2DIpe?J|P}e&V`xUsd*+&W=`P-fd*MFQEq`;p#?rZ zf!UTGC8^>1PLUP4m1e(&BIcCoJ+F|Q;p3_ z3jKm|9iyC$LXvZw4V@$M{fm7vs=U%ejC0B-pJf!UcP}h7_Kr+RD+{QIaxp12@HBBP zEix|53`%!4F-wdLG*9%*3M_Ofh%zwYGV=YlcFzmQDRDDR_jj&JG0lqfDoY9v z^m2DfOg7HSO!bS5sIqWGj{)znB8#GOg+#+ZbM1h_v?#}_3}62sv-JAFiV%~?v@o~S za!2F*5?_%Ba~iZa8Cs~ow^yo-EH40Ch6oV){)y#q?M-JB}IN=jTaqnwf~N}SU4JuQ4(3yb}8 zGqTaGb1w7`aSv3eOfPc}tVlNvcQUH-uPSt}tV%KuC<${m@ySe23QO}bDm01=5AqHw zt1{rKDAlhh3AdEGW-0GI9#Y%q|P@b&gE-_AZWc&M}YV($&>f z@G;18_6^I7s?gVtbT%kGMsYmWSiRN z#i9$2KUiO~RIlh*nZ>fHV)d1482_cMxf)wHS!~LQTK;R=<)#yYxPIPH__1iq9#2P2 z#gol4rzYP1pU=JVab8VjLdk}>nbjP6>%CX{A2DJ1qgni4e)%cAD8)AuLgw~m-dz#W z^VrDp*1mTKPu+Xy{N?f@Zk1@`AIob_9^%bb-h6Mt7fmsFn_WzsxX*z}vj*8s*B q)7CQSzuS3b&dpux%`< ssh-ed25519 V1pwNA 8acWnck16a9QK194orAzlQgQKINum/cyUzJqO6i0rkg -In2UpSbBR6QoTMTZR/GpZJN3x+5CK3hZcEvr5fORoOI --> ssh-ed25519 4PzZog /YeuXUmWrWFohgOSEmUygaTax668bLZpYO2T7KXl8n8 -mgnBBIsPycR6RMhLk4HQei5xQLzVHiBHaooOzZdb4YA --> ssh-ed25519 dA0vRg DidrxIBYvAfPkwNzQXy2+f6inafUafoX8cfUChA7l2Q -/wfxyJAyrQ3Uycxwov+0b9pKKOxPP9mySRK5g4BzMnY --> ssh-ed25519 5Nd93w i+oP7x/eHY/Roj4mdpOFHrBe5rxUL7/4617F4O3jPh8 -yTVD0dR3ljoUSv1qyuKcOvr1fMRm9C8YAZKKjURtCPk --> ssh-ed25519 q8eJgg Y0yxgrLm9/E8nYBg6Yvd0GPbY7PwCJCumQ9CtgWFxxo -9BfGPSP7pTTM8Dm9qXagKaw95hbqvvp7qsFkhQgQco4 --> ssh-ed25519 KVr8rw pXha2ebkoIFX9dMX3uRz+0rcbwcQ1mwPnLWp/wCzx10 -BQQ77pXJl75c6myecmKlEpqHtWB/rSdG6Pwpbxzcfbk --> ssh-ed25519 fia1eQ gCgas1CqGNZ7n09J7iXOvh2xeGgoszn36ABZwiskBBw -3a7WMN9aB6ZvwFyP98At9V9K99hD1vkvSJgnY16/JKY --> ssh-ed25519 CqOTGQ DU1oon3RPo4MCdzigrM2+b3KnTzzTSG/WDSvtBaF1VE -zwKaQnXT004dMojYFXPz9UERL4ULe7mPZ+vwlZMxFvY ---- FWICxx8MWe7awI8P5t0XsbA4Ye0zbxCdMbapTs325HI -w-d!=g&ܞH?IےᕪύҢلLL-ٸU? )VJbC \ No newline at end of file +-> ssh-ed25519 V1pwNA kZ6MC1GXuminn2Hlomkep1wIv1lp6KpJOJcpXkhQWWM +K1B58FSyb4QpINlhuvVv4dGFNjTChU1KNoezZcS/a6Y +-> ssh-ed25519 4PzZog pbxwzRvcsOgY9hd48BZEOH6VHFLn93gJ8yDHQyNIiSI +Fa/Z6si9vyox/pmPvWTndyYCQxo7tcvdlRuTgw6IY9g +-> ssh-ed25519 dA0vRg OW2y/LkN/287NVuRRlSpihR+k/MZ+a0R5cIrHFne6RI +U0ZqipfDlpz9LeXKNWkl7tYCnsBjSQz8q4mETBVEalI +-> ssh-ed25519 5Nd93w jDy3i1Z1NWYqdVdw4h+maaBjokVWNrSfHtSQotb2bWg +PtgX9L78wpJHiX4lmP+H0bfRZd/tNfHrUEAShJ38ss8 +-> ssh-ed25519 q8eJgg BCaUEZ3H3BglgKPAbl/ITQaEv9Jc2rRAoFuPXhy4WFI +DMqJu0vjDJ8rIXLSL17Dx4Aoq8Uhdo4jU8g1jTSvMK4 +-> ssh-ed25519 KVr8rw dKk0SN9SXTQsPwMFiKKMuoRwzTHJB8kr33nadRzBoDc +m2xPKYFMC/y5fKkgaBc+5TVg9ZH+zVSM9I4I3htSm7I +-> ssh-ed25519 fia1eQ NGl1o/38iTm6QiQB7pl0NBkohMZGLMeaXZ37TV184B4 +zk/DTLhuGfhDU3gNA7S0BjGOowteEhR9v5oNmOkWTGU +-> ssh-ed25519 CqOTGQ JbZYKqGfWeVu/JEAAeC6wE4QvKLEeidvggQnm6beJxA +ArogOkTDAnvC1SKPkSGapNix2W6yvku1QFOFs9bvuGA +--- yWZoUAOfSIL4FbWSAvhVkOEbUA1u3XPGKB1gNka/xfo +zlȑ LC$?Hc|۹.-j l}9:KӮU^IO6 \ No newline at end of file diff --git a/secrets/gitlab/db_pw.age b/secrets/gitlab/db_pw.age index b98b8a6..ea6ef85 100644 --- a/secrets/gitlab/db_pw.age +++ b/secrets/gitlab/db_pw.age @@ -1,19 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA To9tGfYsutlmjqXZbFJ+TttdFAnbwY9odSMEOvItmgw -Q8cWN1VF4bVisWVMOEA6IXqhe2JzPl/9M9UUXWWV0Bc --> ssh-ed25519 4PzZog e3OTx6aEjhNCwyiysZkbwSC8ecVvVaVNfZV/3iNpZCE -o8jHkyg0lptJh2Iew9ZtVi3AUOSAtmDzBIz2nE4mj8k --> ssh-ed25519 dA0vRg 7smMdyMEq1stuvSBUsBZXJoeap4Aru6AsljjFPPpfiM -Ip5qA83bAGtYIeqv1w0yo5obRh+FWYJICgOU5+JoeYQ --> ssh-ed25519 5Nd93w z16A2vTVGdxgKmgHoSySJ9K8cwrQglflrWDhBvZ7ME0 -ILd92pWzyVGnTOXwovlZ3EX7LsFX06hqedW7Ov2CYII --> ssh-ed25519 q8eJgg Rf7U0SdZsP4NEgiDl8Z99tCoOkIwrrl5s0aYpXOG6yQ -tg+Y2WHuokaCVI4CCxuv9UW3GIa8CMuX0JJEWTTkwjU --> ssh-ed25519 KVr8rw YUN5VlTaxW7Niwtm9+FTGOILOklbEGL5EVw1BucGvXA -zXYcis5ANsDGPeFoV1aRzTJiOQY2P1ZLHsJDkE9RFT4 --> ssh-ed25519 fia1eQ TnSlOXGQ0BuVk25Yj9YpWWtYmonlM5h+uC9hUq3MM3E -8KrW7R5AgumY9wLVQyUmKlHD3zcUNIc+VU/X+vvY2LY --> ssh-ed25519 uZzB3g 9ms4lu4KjQED/2AHQwr9oLd/6ws01IxuK7Z05CY6N3U -H/4AnWwt5fnZMvWjmXdoe/Os5ttJFYsMmjaHHqBdAxo ---- zI2RSKtND2Ep69vshrRkM1KOiReF/m5vdY4jIH7NSvA -n I $͍[PU"κZXNnNg dP}GZ?< /!c =  hnZ`0ˆ1nlvfwjE@21{Eg|Q\2e~=Ӭ]fdRn \ No newline at end of file +-> ssh-ed25519 V1pwNA TtxqHD3bJI046SXF61CKfpDRI+HHTRpc/iznIMdQiUs +WWgm2OdnPjj29tIrAMa2sJCNEaR2iTAl/hMfPLv2QoY +-> ssh-ed25519 4PzZog 0I9h+D7DjRwupkHWDUKIxJlVBUWwbCTR1nx8UcEm6Xg +NIYzimYGAo8ou93B/tzjmB1K7hu2tXy4XMRiwlDqI0k +-> ssh-ed25519 dA0vRg 1U+1fUueu2k7FaY8GVN4BAbiF71OvKbGOC4oZ4mV3ko +/fKxmEFW/L9A/1fDIteeTcz/SOv24HNct88oakdAkn0 +-> ssh-ed25519 5Nd93w IjwMC1ZruM915vwA+lExdIq/OFT/4SlWgwOm9xgUPAQ +mOOTbPdcDjORB1GhS0m4/p3MA6TfHXzWXvAMzKhw/n0 +-> ssh-ed25519 q8eJgg mODUrCPf9GAix0jaPaKUs4ws1D9BM4huHbK2mst0SH4 +7qbxM/Wa9pMpB7TjQZgBojXR5qDJUBZvplsrI6EdSO0 +-> ssh-ed25519 KVr8rw ybBiUHmEOyesWxdTEa1LPwI5J/PQaxYi02QJCAuYyGA +LoRQ15hQdVGLj9pJY3TabBFhtPGBvU+bnAa2dzrkOY4 +-> ssh-ed25519 fia1eQ Qu2RTOQiZY9i2SDs0NVlA1zcert0oFcFA3mXDDl59G0 +6akg1POXrvIrzITX6B8yTDw3cCqlxsD0k40mYnv5r/Y +-> ssh-ed25519 uZzB3g xNdZ8eSTFQZ/RcrNR4BpedX2pfceZwPjvgt9Wd8rMwo +kMxoKyE0bjXEZ9tNykOUMZ0uHkqdx///QJB5QnLRhcA +--- 1DKMo46SYm7JlzFo3nZwtaK21TFmapfXqxXzxMXWb0Y +8̋},^mmHv`#?0>ّX;λ LV8=]ԬsEhɂL(`"ZKc1.|G??ep_ۤ +᷎zuPqϪ9SVv~I4 \ No newline at end of file diff --git a/secrets/gitlab/ldap_pw.age b/secrets/gitlab/ldap_pw.age index 3533989..3cdcb5b 100644 --- a/secrets/gitlab/ldap_pw.age +++ b/secrets/gitlab/ldap_pw.age @@ -1,19 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA aYjPUkjZHoQm86XHx3VbGswLy6VdKNaaHe3f3CGa1ls -HMuWoZj4tY/nWj1nrgOxob1hJJD/mPD3kQnDgJJafeI --> ssh-ed25519 4PzZog GojGaXIg5RK7WjJSCZxJksXvsm9TZTlbHITuksMivBY -4oAuKXtJ4ksvusFX3OM3VpdzfArrglxJTN8kCdhIjrU --> ssh-ed25519 dA0vRg AzGx90D7iz93gHtSvV5oIbBkwgQEpVY7DTRQIZ16IiQ -GlMsor4NxuhHs1HJg62O3ZtPF6CHHFc46din6fm89G8 --> ssh-ed25519 5Nd93w oAyaZjUSGC9moA7pLR4+dzoKAggFuKUNMnRbn/fm2FQ -eHa/2iLWrqv/pPXjgfxtk68MgBX6EYW1YWfs1kXkazU --> ssh-ed25519 q8eJgg xBdXNLjZqKi2o+cbCXGdOOSFnlfPgaxjQb+IK60MYHw -dxV3kTuaJ1ANFgRaYchwAa0kjGZHZ3POc/Wrw/per+w --> ssh-ed25519 KVr8rw TR3AjhWy5K1ntzMx3mZZZWGYi7EvcWiFpTHyU/+pV3Q -Y/xu0hrhaFZdO9YY8vINp3796HZ+LAL+QvBmIWmoS7A --> ssh-ed25519 fia1eQ zF6CArF4sVXzIRenfDq7WHz06WXFdo7vMgD15NI/sR4 -m3sGJNMtAeY/yIq+D2nNncGNxX+KKXt0wCO1WMZmSTI --> ssh-ed25519 uZzB3g pTocgT3gT7VHD7BWt+rGRIqUZYuh2G+1VeTJxyb7Xxs -q5UYfrUVbgaqJCxWKegc0q0PvPR6AZ7AlI5ff4ePfjM ---- 9KS9xFBleYVsxyktikZ+TX9++1wqXmDBZxU3g7vwwLU -<{rU/R*Jd),#9ns!LsW#_wҁ MM8s]ߕ837@YNXl Il^0p"aMfG SdB/s,4!̝rP֢-Cky ssh-ed25519 V1pwNA 2mRcx22kddqldRvOQY7i32z0sMwCuGlbCkJJ8vlJKDY +aL+OgWP6uTute1b5dlPG5Tz12KHeFlCG/Su9+MBTceo +-> ssh-ed25519 4PzZog 67PxsXDuqXhmcyvNAu2jZrDtd+XgUQnEakPw4pR150Y +nOCZQmAhHCptlAz134hin/UKKpuIL+ueRJ7Kzhf5Aiw +-> ssh-ed25519 dA0vRg tiN/eg2X6g4x6KndLJs6ze8i8brhXcsBqP1ZWq2s0T4 +1lx0Qqo81L12eIG4XfQUWYgpimEfgaPweZQ65GTHSaI +-> ssh-ed25519 5Nd93w Iq6wxlnODEkmZaYpf1s3XxKmROa/JwXLdXOtCpXuM3g +0oENjjsAh2c5tIHNEghw1TE50xRfU5yWHnZenYT2UgA +-> ssh-ed25519 q8eJgg HrJ8YlZTp7YhRpKpv5ZBUbxv/777ATRtYzcbGH1JVhI +Cytu763lKuwmLLUhFJo8VunzHxYn75YRLiN3vnhxyL0 +-> ssh-ed25519 KVr8rw s60G0Eusw0rEW3woOFeE++5C4vI8L6NOUXATml2egBo +tPGsNcE3H9crSOCXCkktBzjRq5JyaGvgmx0ZIs3ehOQ +-> ssh-ed25519 fia1eQ P7oFu5pYYdJu2fcqTYbKuENBWiFnNVQxg2N8QAXNVhg +aZUyPG6FpfFo7GixaofYbCeajExpKFME6PBb6fTzk6s +-> ssh-ed25519 uZzB3g hP2SPeZNhsmePX55N6g4Y8q2KIwRONPBEAqSp273Mzk +y2c9S06vYQl9v0G/7IrbEx+kGv3DOnpz6+9+vo1o1wA +--- 7prlMrCmXuXHtiD1+44Pg0LV05OvyIEF9fYkCiLEv1k +_2":Go*.T5.(N4OS6U1 CcO[Q Z#I1 cӍM;/~`=&'?n}e#/q ۱`xjh:?Υ/J3.+OxkYbkdϏ \ No newline at end of file diff --git a/secrets/gitlab/pw.age b/secrets/gitlab/pw.age index cea4bebb871839c8228e97649ba620e6bc6f0809..6ef6846a207a94a4c0b5d046a9c194c60c504abc 100644 GIT binary patch delta 1024 zcmcc4ah+p=PJK>kibX|GaipbwX;pfWU$|wKsc)fCag=_JmvfF|Vs2(eVNQOKVUbB* zI#)(&u3@@`hfk6vX}Eq^NQP;CNL09!S#oxAMpTkhHkYoQLUD11 zZfc5=si~o*f=NJCRDQaGtG;8FlUZR%RZ5zLiLYmrvzt?zlezrmLg2myc(-xo>h>PHJF&L2gdq z#E;_P-kuR&0mUwUe)^7KA%W$EE;+_VDQTHiS;pBBDFMN5#@a@u`B}bUY1zJ9ULo#2 zZaF!A?pa=;&MC&(p}tQ3dF5%^nME1Sxh5%<=6+d*MFAnHnNG=*;~B-n!@R@N3q1S{ zOntq*(zGp8%Co%76N8g8^72cgDswFjGqNgzGyH-*Lh`b?9QC6d-Td^8igLXYlUyw$ zJS!4QJu1V@Qrs-GlZ}I2A{?VUjLjl_EZlr2pJf!UcMNvROb;n6bq)zP%PPq;%W^C( z$uQFQjH>Vm@HX^xPtgv|_sI1!4>AnoDl@8ZHOuyo2rJIYbSyWFH1W<)DNHIi({?cl zj!G)eGxAFb_A^c~ajFVLj{)znB8#GOg~EUo_oVOw^Q@>!kANyacY}J@O7BD$x3o%FrglS9K&U6Z*&a&r7r+#~WmtISL)EK2kI3td73%9HXueDYj^T$3`&Oe_mL3N6iD z(=mKk8dc?FoUV}S>gAqoVPssE?cy7lWSE>>nOjzDnOYcRWab@QTv3o?ZkAtQVc}k8 zoX-`MooixgT2h}K?pIXqU0#&#mYSAc>g8o(;gjc9Tx#ZNYM8F?mtzrW66DIItE;P! zQx%?HZj$Zi7?EROl9cUXmRaOjS{xo`Y-CuTpPP|b6z*!45@DY0k)O}S+aUDrRd>(a zH%DXsZdBaM67{u;p+w8;?VOp$tGP}cdD9{%`0t**>M514<#U?0ZBza5a^vm!ii(;n z-!I&fOLTwoJN<*JgWFCyU)@cS&$SaX&(B<7X7#VftZ3z*M_JM)WeXZk8sA@YEV|!~ zvC`z{Q@6J_r&=D`eEFW@de?N$o?51s-*XbT$OisxHqEnN`XX}D^tNBG|1V8^7j$c; LgMmTfjKUNEoXBm& delta 1024 zcmcc4ah+p=PJK{_siT*RNw$+mZka(rfS;3Ph+}Y$NtQ*1NwR0KiJ?V+ahPRMXlPb= zF;_`xfumz+PLgLzaaDzfufK7KzE8Saa*lydPGv=2aBiuQtGRD@sk57lCzr0BLUD11 zZfc5=si~o*f=NJCRDQZbSfNElKyYZ0nMp{NUwL?>zME-cm}N=1QD|YVb8=cvctM6o zV0w;Wp7p?WknS!DHRnt?v_c$xj}{6e!&*$&SriQ$>tW5;~B-ngMG?<%|lWP z{7RE6wS%I(3S2#M&7#uMLOt{Rs*3%>3X=*Ws|*8^-QDuJ^71OOBLn;cvpuq1+&rE9 z!}6UB^exT&l5(61DvgVs%7fEPygaf3!+jkmpJf!UcaJKFG>A;JvSNtjw#* z%gxX9HnmJK^v*B!)6R25j{)znB8#GOg_P_>ShFz=C4!{D6|8^5jsbWUh3_6t_gn%H#^~P#4#tr2NRhpmfh-LnpI9Z%fyTaG&fP zv!tqWk1YRWS9I&rG7}9`0~G?ClJWwL(lP?Vjoh6~D=l0KA{|RDy-U-RjEhsklPt_K z>J5^DBg-R#s*<@3J;KU-gVK}ClP$wcjU5YI6N>{PQcKdD%8IKj-Gd#Ay!f z@G?xz$}o&5D0M7%%kWPL4^2-r3D5MZN_We3OL0v1DJU>1NHy>_PtJ4Xy5xFcdjQM& z;x*D*kB^sc5pB5lsBcp=XWfx`W*)Y&QhL7>o$Wi7XRGi%EjNArQ1J5u$1cn0(Y#pz7*6Awr+1$HMsPC!r9ZV z9aHDrZkpQlKgi(8mqkDJPSCvI_Oj!W=Cb8dkCS?ry)u02vV-%*Y_5fsr&ihAy#LXC Mo%sa^wx_OV diff --git a/secrets/gitlab/runners/runner01.age b/secrets/gitlab/runners/runner01.age index 00fd51bcd54adfb5763bf3451a5af78be8a97cf1..59a5614c6c56fa7b10b14165914d10e98c07e747 100644 GIT binary patch delta 978 zcmZ3vl@`Um`MHj1fd=J1h6ed=foZNTA=(+)c`3e=;~B-nQ?f#m%ER1C zeG3E1lZ+|~bISvZ%X8e4bG@@I)6`&ChV;s;nvv4GAm`EjMzj%1+MA(@)H^%=ULSaQ4b` zGto8=aSk^&GBt1sGPDduj{)znB8#GOh0stF^N6yvO2cBKu)w5}oYMNL#Iz9o$owMX zB-gAQa|1X1L}zF7pu$MkK(6w<0R6JaOpn~6oZLJw;|L$qz?4D@OW!Qlv=r|&pOh@~ zV14fpw-iff4C~S|6Ae=X6$*?>3ksdmqe{$kEsec%GE0riBEt)v!+kvc-80fWO)D+x zi}f9I{XCNlvbkIW&CA@2jY9)XT+8!}0}_)83sSQ)OA`YV13cX;O8opSwKI$gEQ~C} z%h7%3T<9O-9;lE}9-1BH=#~)>=wp&u5$PTfkXlsf9vSMLl9K9}5>}*6Q4o|=5u8;V>R;+vQBm#|Rax%p>l|62Z|0ikm=VaOtE;OJ z9%&X8RGeJl9aroVgh%Iv@tPqs9taFJbq9~E5?cRTTU z_svCRhJO@zvTZhh$XOzq*XG6?JWVb7)A46>gR}dNh$fxPdZy`@uy`VGM*ESIx8k#3 O#P9ktjq{4Cd^!Ms!&GDd delta 978 zcmZ3 zWmbimm#d>Mmz%GjQ-QCUzmG{#uxq}Ldup10a%7RAVPJ^AabS@}nUh;sT1G};RbpZG z#E;_Pc^QR{#?I+EK_NxHj@iD3&LM8;W`-_-CPrx~-r40I1qEq|r3S(JVZp9krWsxy z<`t$P!FeTl>25i`#jY7ng&`RgDgJrh`9;PVWs&7kWs#2N{w}VQ;~B-nJ+pm7jZ-50 zjmt|*^Ar7Z64PALOv{|o%aU?^^D2A`Qyhybs#3DDbHYuyA_^+~bJJ7uihVNt42_)q z-9v**%=5EKy-Fj>!rjBlE8JZD3r$MBvYZVjpJf!UFD|l7FAEB=h$t!uNKWxjcQ&oa zbkBAz$tlh;wx~2K%MDI94tLY{%?vW&Dor;u&kxTEtPBhCGBh$MOv=|U&j>b1DM`r; za?Wtii^woFGj|Hg@(r^a-bOYzgVy?8X0%Nm8ugYNUa`%wjyvz{S;M80{!wBt6i#(5V-<*_W z-_T6gs$xe+Pju_jG7}9`0~PYJlghKpgZ(oTOAVs3gSdTV6OY^fc0)4r1O+$;cvpw_tTnn;1i%tDgygj2lD)bElvnosr%Zf_N0|Rp`vx5S) zee%(*b1w7`aSv2*PPcILG^z42sBkmRa5Ks_GII^h4A3sEO7|*Fb}2S8^2swRPEB=n zjY#IQ$SbT2&yT1#FiUcAuSjw$2u`XrNy{m+F!uBcGz$;*%`ymeG50QvDlAUs($&>f za7=RyjI=Z`G557_iA3%%`@;zCs diff --git a/secrets/gitlab/runners/runner02.age b/secrets/gitlab/runners/runner02.age index 28aefadda7cbcbc9db38f03b6f0fc92186c827a8..4df759a7c80bd0cccd87c9bcee8a133f8a88f794 100644 GIT binary patch delta 977 zcmZ3%v65qgPQ9UintxJBL}5m#S+;X_l~0bJzQ0qFVM=9iVTxNxmV173K)6qeXJ|y0 zE0=a=zHf+SnNewWaducvS$bNseuPg@Ns(K&OF@{Mp=Dx@L6}itMR`$nB$uw8LUD11 zZfc5=si~o*f=NJCRDQaGk3ogAzOzAYsfU+AxM#9ovYVN+nMZ25Nko!yWNDOkWMGk3 zWtfLckw=IlmziNzRYbaTMV^nbQAn|YQJ$%1RjOB%X?kLDV48PeK!jzAX_0n$N}_4< z#E;@(8Ga=`MZuZAQ6ZM0+Qn5x?&*cb`WeZg?iCRpP6k1R=A}Mv&fekqM&Yhp$r)x| z$%d%~q5k?tZdE0z*_npsdFCPRW`X5dZoWn3xk<^vCS}Ebg~pTP7$w3@%iPk;{0+_h zeLWqM%Tglpt6aU!s+>H%^t0Ux@+(vPJo607Qhm+M9h12Xol1)GD@#lAJ^eFM3W|y? z5?#Ym)0{E_3Ug9&D|15AExlb*@_mgeoQo%)WfZSZG)=8a_Q>@2De?Akbc{?X3(3r_ zs0=Jjvown^GIc373d<-ylAuKa)qpIonyAa@^s-$Hi-XP+ojLt`%&b3<+aw9LeCCqL7W zQvXPI-^gMMbnDVG6Ae=X6$;B!9Ww*H(macz3e&Zn3iBe;JcA=FLoKt4^NovwjomEj zwF6x|{gRS%0=d$Rl7mB2%(GIw%F@k@qbdr_B0@^NvXU|i3!?I~4Kk}T{FBpiy_^ez zFsySf^bc_lREY8_Ff)#D$#yAs@-GXkG&J>bF$gybbIkEcGA?tm@Gq!Lb}VuA%gD{M z;4*MeD@`#Ctk=#-cQegQ3r`P-wD7NR$_g;cFwIYONisDk3Uy7iEb(?twBXX!)l~>c zGxGE*HcWGkD0VN&PVp*ot_(8Gh)Q)14DiV)_fE?;FHR0f2?{dzHsH#f=%LPu8FGL^X)4A%o`b|o=%mHV073OW6pL&u$ zd(Y*O-}zu__1hT=7hFGD*6!2RcXJ9qH*?+w=}lb^Mb=-lWYwBvvgGX)p#Hj13HUNrHQ3?P6 delta 976 zcmZ3hM1(&X!LUD11 zZfc5=si~o*f=NJCRDQaGp+}Ormr-P*L1>1vsiQ@eyPHe4r%8Bfage@GQD9J!uX%=_ zM@djwXr!wNS71h2rk`PCpqX)Hrm;~`ig8L%gm!sknsZj9YlwD)f1ycgP>^X}m3OY| z#E;@(+U_2O-q{`{`r(B|<%v=GhURWAt|jS?{wdl8?!hK*-r-&r&Pi#B`W3ERh5Qjflk^6Ayt{q=B2qANkL8}W&wVFA)dyO;eJk8rmmCY7$w3}lhVAyytAr8 z^D2W1{7SGAc4O3JHy=ZDgRCHf zBnww#w=ARZ0@q42v%)Z6E}x20LsPGasPMx4++1(J%)-PxqtXbkEQ^fbyaK1ZB){xL zqayzj57Quw_)g1AG)xUtNJ{f64v9=jE=~#YE6nyuG4}TM%=fSiFDybph8xKg}0BZMQT=JkWXGln2AMJke^9zskd`Zm~&=8m7A+sW|Bu$m~&!f zGMB4yl2cKpOMO6ynVU~akVQnki%&&%a)v=bdQpC5TDECvUQ}{msi{Gwr6ZTFuC78_ zmT^)}hF4TXMOnIqYjRn(seY=7wt;WDS$cU;QFu;9pkb9kVuWi&RwS26|FcIQydKT4 zWqEV{hJJG6yI%2Clbp5%K0MLhA$0gxisfp)ZN0yKU1mJRSQp7c1BCu{Q)2(MZBAXKPKC*k}Y*6;|NLf`Mw@NeSmW}$X M^5Eq2QiWA_0TDD&@Bjb+ diff --git a/secrets/gitlab/secrets_db.age b/secrets/gitlab/secrets_db.age index 1d9d563..3043014 100644 --- a/secrets/gitlab/secrets_db.age +++ b/secrets/gitlab/secrets_db.age @@ -1,20 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA rEsQ/q9FmFkVdXfXfYG3zHN4KvXTfRmZBLEibdzbQBo -fJSlFRK0Oi4OpGBf7Z65U5+OFu4+Ts8MqKe7B2G+gYM --> ssh-ed25519 4PzZog aOPnUpH7F3AS6IauahbpQYYYSX7hSJcix2C1CgUsoi8 -h83ikYOIqng/YKfo2RJc9MwbdaKV0V3DFLj5socRi6A --> ssh-ed25519 dA0vRg oK+zniCPQd3Hw/Bm1/cG6d0If6Wq7VVdxR1nrH/MHAQ -c9Q6gyqil1XvTsl/QB9dpvYHa9Bi8bbfWNNfEx2wwo8 --> ssh-ed25519 5Nd93w B1mA5u9RHQ28ZopDLlJh8Z5Q530tJ9wjOzhMzsJSTUE -KbCpkJ666a/dnnatT5QIcPbEOMP+dUkiMERcc9tRMvc --> ssh-ed25519 q8eJgg ps+fnslUfJUthZB+bLXZdvwXgaM/Jsec5YVJiTZy6AU -vpwxjfgKkieWlxSjWz+b6U0p16zJq4Q+NqO2zXISWbg --> ssh-ed25519 KVr8rw sIxHbaWSfSZVoMIchJnvEPH0S1ZrSa0sS+Pa++yUZ1o -3pn9e3IzOF0JxohMP424AFWw6IrCPm+fnS70cfnKZ1U --> ssh-ed25519 fia1eQ XPBMusFIRQ2mqQgnYPpbn40heCrqiqa2P5tiq5H9fgY -7T2S+TJ5jd7cfnCa9iWLaf2zUHG3YIUZFnt/ek3pHUk --> ssh-ed25519 uZzB3g NxRK4Dsc4U7a3MPQoApPTNdybonx2RdXUGc61WB8l0I -YHoL+K85aXdCTAm33Oc9d1/BD6xFXCHZ8uJCqqn8pQ0 ---- BHDuf9Sxnh49jes8mUA6Rq2cTNqBxpsz51UZgL2np4c -C <\2fkL+\زp&6~ ssh-ed25519 V1pwNA AbGjaacp7Tp3DYhUzCOUzzNlUGXYDTU9vEv1DJpzqww +grRQCuht2PKdwsdbABRIO/QLX2HikbnnPDYDfRNeeOY +-> ssh-ed25519 4PzZog loCPiNwbEIOtBgQnBRSuiCuizZdrh/l4lbdvv1/SYCQ +WMu8NXj0LYaWS0qxcuBsG/GdH/E8C8OmbYb2mYuRkrc +-> ssh-ed25519 dA0vRg 4UnugzCjQxs4Xqii2PWA7prXrjS4wP3wJQtUbrQi4QU +HqjVoiYSZ70DdNRui4yZjR5oGiCyR6Rly+CoM0MEbxI +-> ssh-ed25519 5Nd93w +PwbmFGDmpdwKvuHWLQOJExFZm2P8pl15RpRqeM17Vk +HvDt20lZsSpyZ8z2BShXHlAOzIM+15UpMonz3sqSwR8 +-> ssh-ed25519 q8eJgg SYtYX+5Q35sygmo6PdlUzG04g2bGnSyVGgnYPkJKoCI +nrZN3mp0jxSQfblj0pDE/7/pO2jAg0byTm4HQOQzQBU +-> ssh-ed25519 KVr8rw CzJ3Fn25Lq8zZOAHKKbLsiHhTHlAMDNHv3yLa7gaqSk +O1gss3s7y0VfE6ZS2GkdskeCfLJNytTNfFWz/bzEebY +-> ssh-ed25519 fia1eQ WWju+k3tswiyQfc7XR/txDAIaIjX7Xfnv2IcbKH/s2k +mAxPhLCJjwX68AwGSkJxMSF5PkGPQDSCkBMoCi1Ozf0 +-> ssh-ed25519 uZzB3g EbWWbRWM+8jrtg/ZX8AC8VKMOtf3ch0QrBn5QCia6TQ +8/TISW7rN55/vfkBH9HKx7GKaWAMIEVz6xmtCh5fjfw +--- +L6TvqJA1YZEmK9PDIzh2r5wtzB1BI+qz+i9JotMejk + }sIc>}5bTТrN1,4ONRzf=اNx7һ[)G gw!sN>#ggGҩ\kت2g#@ao47wx6mfCQ2H +>maH/uv \ No newline at end of file diff --git a/secrets/gitlab/secrets_jws.age b/secrets/gitlab/secrets_jws.age index a06e1f383780915f1c7d0ff44e51c06a276a06ee..25926fdc3eae492e990abedc4491e15fd9276b93 100644 GIT binary patch delta 2585 zcmaDN@&#Np87oP(WFPk#kUL zv9n8QeprPsSBayeTa=MUKwwE$xG{d!Rf!?qeo0Q@k^ZLUDUp-o7$w4;3(Y-~3e&@k zi?YK*vV0Qtv%}3@{F0L#!*e4tyvtn*O47YO^MZX$b9}i1@{KIBLQ;IfGs3+qN`ed$ zjZ%{`T}}P`f`arzLem00TulnYeGQYflaeQ&WfZS3b_qy#v`ou2%gE8s3^WePD-Cc9 z3=ar)j?fM&3G)k2FAK;F3N{D`%_!zdb@$B(@yiPJiW5A^Nn0WExf{$jmwG*Dk{>F%OaBN zb4#m=GEB3pin&~>3==DIB2Ds(vU3W8vXj%JN}a>fbG^&bQ+*9XTnYpHEi(%ZyweQ} zL(#1(jjD1oPFILXPc5r5FbGQXiOLFb%_=SkjkGlJceV6Oax(G`@lUHNDt0o}Pt8aV zw%|%J_6>JWbg9qr5A-Y5_t(}hiqdwj2=I2!53%&92#v@K%eU|g_V+hU3h?F9)zwwV z&nn1w&MkDx(k{2i3bm{X^ffH2@G%I_s?x4XF)GRni>k`1bc!@h%<|=uJigP*{ktds zPnIqJG&x?s40d6+N;&&%JSdH1~`45|LB;LTs*dZJ9Ua%x!hqUkbNY zoDykP&`q2iT|9w(+iLat#|Bl+8@LwSk>B;<*wc>__eB&GhGj*G_^**}+51&`<`OB+ z+Pyng%~R%j6XMaZKO}kYnfXdFNqtKTdp|F`EA;P_vhxI!*X&cz@7gtMYQ+z^*6Ygg zM~>&XhJC9)vS@j@>+ea+SvQx@zp^W5>#B-}Q)gdsmCygz=E;BX#)jBBS@xp(a~8G- zqD0w66C7o%3IsldY1Sqe+!N}LYhJ(Zl^H1XZpu%i ze7;8#771AEr++s5;ssOexBiO zH^=N?U(Y@H_r3LfcPkQ~Z_ocD;(m;2t_X+X8uvXjnB4z+ zYWF;@t!Lz1b2snJ0;80!Q(M?x9iH)Wr|9N0a_=_Y-pAw<;axvgR$%MG?qZ1_~e({sgn+}nTf zX1T_z+%j=WvsT|wnOGmb>A3UHOUXL=A3B!>&zfm_o7Z#Rvznie*D`#+{A2X^;E1JruOD1pZ_C8+>6Vz8zjiF& zv!iV@Q+hxAcoMJYBqo1*Lu>feH8G)w95rjqbtWV<$L>)Le8{u?S=YCduJxPv6HSwU z+_GHJTFbqRqtwp|lx`!(ddYUQaSM`?9SC3cprh4W>Ua%VK8&hzL|KONEX$#mhR{WTxwy!s*6 zsM9RXTscdX+vnr_a6Y5NuKQCf9eMt-==e;T=cezN zq?}iOwsBW|=*#O14?EY-_3pNooAPk>n;E;;Sgyald77EF>%Ykt7pTnJDP{FjKdW(4 z&g{9ix7;7url`ybwXqPBVx3&JbE*Gt&gJ<*x2@}1#1DV`7;yi`hKEyj>D6@^zB?W} z#W0?MU*&9`nd*jD&z3gswkUZqT_Gb{?~d-wy^oDKavJLSlKvg5tQRqx^FGafH^V3Q z$Ty`PyBKTEuWjVH1w%KArt_*2gg^j~}-(S9aBF45lT;xV5kNWe~asU5b z=8918uPpp65~#OqucSKHvPN;c+dBcG>N@K5M7&l~00iW{J)}{(M#CG@<_0$FgO(ECD*PZZ!Y^ delta 2585 zcmaDN@ufC^Ss;PFmccHU^ z1(&H~qI;@QW~!-4rlE&{yLV1ra6pQmzhjwahH-9rW<*7iNtugFa+O(mB$uw8LUD11 zZfc5=si~o*f=NJCRDQZbo@H=aMQWC_V}(<(NqBH#fLmy&XS!dYg-dXOVS!hfM^0gc zk+XTYTV6ylm!WTlzJFF$l2@vedsa$GzQ2iQQe;-SxrUCpzj{3A+|LiE#3^EN5b@nJtu5zjHE~yN2HYoA%bu05U zGqdnEbIuQUi*zzFaj`&;0PnCOi=uLcY>&j8aOWz^FtZ}Zg3!n?&-%<9-=dPTM1NBY zr|_bJ>^!58LjPR9s;oQ%F0I6F0xAD(BS7 zAcH&$Bd-h-bnDVG6Ae=X6>=Q&BFj=zGb#%rf?Ryuyv%blBRx&hObk4W!_7;RbIrZ# zGs}!BqnsVH9l65Ooe~Wb1M_q9!V1g+GAoKbD=l696Ae;=E7E;Sow9?Rb3BUE-3l_D zJ<+WzjjD1oPFKh^HZXSbEp#^ZGqlKX3QEZ_H1^3ZtuS;;%}va9_q9w-%kWMNEDDRv zaOCpR&o0ak(yq@>Dl-eq$qvYf@(VF_Ee%QZ*DrO+4oWVKbV)Q%4of!l2(sYP)zwvS zH45@gcC5%=|mzrNn-7hY6>-XQyhd!QLU#~N-X#IJq%nuU}D?hiM z(zw`H_}G%?EwwBURlByFmP+Nky}a+`tl9{fdO2^+qGE@zThhv&krjGpelOEdVv8tI zRyjH==9usGeH{Ll^AlN3weBk3UeJ;DRN1%TF+-S`()_+ozWFaF>IWRM{NHYScx&;u zxZPK$+p7DE?N2KE5?E3Hd0~#d^ZRd)i+`R--ELBMN4u@kPUq^}Mcol@CUMRN1wujM z75U|tUcKvmUEF={XtS#Jf9K^U9$Qs47Efo3s#y6*$!Er;=QAz2PjmB3Teas0gV~pV zOhPftzfJblU;MH4eZY+?3oTF1|F-?twcm?>_X;ju+Pt#Mx3E09{gkee=B4^dma_BR z*Y^tQfATcwxw%nt#g^@^(dm=KMWY@}m1;2mBI4bo@?r)12TPgxo6j%TF#UGM{P^)l zexDVM74VfC?Z-X35!iAYYcZ_KP-Jbl^U6_y54KkB{(ZCdo)|Elv^mx?|a)im7`%|#jR z_aD#K%kr^0H2I^@SGJF0C;zs+*e|gpO#0Pa_W&dQ=4|=oIL@EDt2LL)Kkwx&mFTZ5 z6uCV0X^C0lYtde|i#axO?!u9$GA{i+p(Qr!hW}n`hhx?C$y(y+O2R=i`m&a$Z4nk; zE%u+cW7o$+la*AbaQCGNOgd!QYBOthb?^(87b&*Z`fOS@_Gh);v-fH)pI)ry*LdTk z=l9h!0zTHw`_~mzsZgVrsj_j$tdPf&1~{_DwYPxZ$k z0!F(O?Jef#%lLJ=6xBbu|9`T?xp#Z_X9u~5?k=z~n_hM_ZqM6`4qG2CR=j6Z!YC$v zqIa{l-7@~2RlgS=Jk7n|ps( zjvTL=?G5EO-EvRu7#vT$w_K-I81LP)W{a*ypr_uUl~;CHJyudp)DB)+QlHk=+n(bS z%y+G(KyX==@A(PFbq23bcTQX#|Eyd6>ic(x7MM#L*SySkjT=CYI{pLdLmV48?y#(T)trOS! zb$|cXf`*H&dSA}*AGgbSvvg8l=^HTwIHSWYuoyx!i* z?)~C=CFQ?!?`kA=aOUrnIPz`f){(}o4{ENMEKJQPq`?_~(huY!OpDsi;9b(efoX{i^v2l_XtCqRc8OKL69#5Ibm&3TDayHM; z_2$1az4L7j+p2lKj+%TZ<^0jjw_d#p@+&AixYy#p@H5f+2}jtbo|3*_eCSncA5;02 z)huW1Pkc~XdHc(@OU@i6J1$CBrL;UdzHs^K$o~N>PP?a{+I0AuUay(ojstOym-j36 z@`z5{9#gHukbL`@dH2af+jv4g)`=V2tx-QJ{4Vt$Psib>)tfiYsF-TE#E*BDYGY&8 zr|cc9zVrAjr9ypvo7mSguREEWzhLf>k7gXERlgT;Sa46fGbc4%$@6cg#@X|>yXVfl zKKt#RNy~KqL_exg$X-;p(0BQztQVdQCzsCA4f(V9&wkE5GW%Yod`;LbU%^+fGsUHI z?Z>sBGrlIjahSY;Ib7LZK4G@}y_9`_MD)A4c(}T&-#+Y)V7CwdTozKo-BG_HvN`p8 zpY7z^cQ*ge-e!HYt(~bf^2BW)h1Qd5vsAX~*6!T7{OrEsTx0=ZYdFACdoxX5ubCW~Ll790OyJQ$9-TODCc9E&&oz&gl7bcwP wOo*Q_bIwL7bI%LYjz_LMR#)k``I7Vg3xZq@@7<*(bkc6TfAM+xT4~P`0A7WC*8l(j diff --git a/secrets/gitlab/secrets_otp.age b/secrets/gitlab/secrets_otp.age index 02ad9fb5ba2f6b35d502a45aaa5022ae8bd40dc4..7cc8e3040790c5e07e17ae45c791e83588ab85a6 100644 GIT binary patch delta 1021 zcmcb{agAewPQ7u3xrcdXXjE=`phdaAQL$H9M36y_kCRhGhPI_oesX4cL{XxJXLx?L z30GdBM@49HK)9v9Pk3&CyK{v_R(h0oMtZS-n2}+Axl2W$iM~^6j!B7GIhU@TLUD11 zZfc5=si~o*f=NJCRDQaGi(^h=POe`>zJZ~ML6~K@shdYyQc+n+m|0pzvUY%lWs!4* zS4p^eXm&;lwj6+Plivzur z^P@^K^%H%Z-68|RgL2$_D+>&Bf|4ve3MZdol&IIX$TT&}3k<7pPBQWKOK~suDmF1U z^)Dzfx6Dm8OAd%KPxm*@j_|NBjO6k)()P%WaxBiP%JTDzC`r>#H!blii^vZw2=z+z zD|2^DDGVv{@JVv6N=6TV@310^qH=}eh^Szn#LDt2f9D9N(C}Q(`tnFePvh{iz{<)H zORsFRD#wVbNUze0i1J9T0JAc`Y(o>Liky-_BOgl-FTe8e;zF~4MAH%z_mcE-k6dHz zfJ_hVq;gku>(Vk44O0UZ0s|_%!b1xReJb<9vfR=O^TW$cTrx8ai@b}ge3SADv!d!l ze8PP)J*pf{xKiA`GM&7#^L*TVEDha#i`-Mfyv)NQJWK-oDjXB@lgq=4JuJ18TujPL z(5)+ts&X<;SMVxL^9l5K&yC74Fim$1%?hfDNcHxuOm)vG$Vv`y3Ji-V@Xv5DHj8qL z>3_D9|A)%REa`ZYi5^!=;1c<;_x Jeoo752LK>NY}x<- delta 1021 zcmcb{agAewPQ9OJMQWjQP?fiVeqvO)o0+3?VUBT9ie-jnQdx+$n`30EWu|4GYi?F$ zI#)oNk5Q^qwxvZ{PGVqiqDQV_NM?GjeyXu!p?A2mpQU$>rHf->g>h71K9{bYLUD11 zZfc5=si~o*f=NJCRDQZbMTuo%PO+znnSOF+g@?0iu$z%rc4cT@x~orEVOWMqWRZ4p zp>cM8d8KnGS9qazsGDVxyK}yazMDmWTaI>Sflq`}a!6@jwrioOc~C)-yFsyMkynw$ z#E;@(rLHMC<)$89Ng098`MFM(r9}oVRW25RVTnCS{Z37$w4-g9H3c^@GcE zBGS{G(o=&1OM?oGf(;Gav-PVCo%2#li;@FEiYy~bb1b-$Gl~k6b4>FMv%Cz`D~iq1 z146>njNQ_VoFlUeeNBss3=4v?(~}G;(}tSU1q$V+xK zFmyA>wD8H!&PWaS&`)vHuM7^!4&@3B_ww;B@-y=Y&(luHF^)`%s5DC}Hc1Y#EXWIv zN(u>2F3L~MDJ&>(!U%uwup*11a)n~^;M7!0-yD5&_Xzj&T}o*R06Oph&KQtct2C!;s8~l7fiPh(v=(f8&C5ckPtovPiQaPYWMQ%e->e zV)K*|ZwvJ3PRmR*Obt{piz*B$OE#-8k21;dt1!y<^)qnFF-msLOL2D8cQ$i2)vu5A z%CD+2aLml-3NG~ybP4dT3iUD0^E2|ztn!G=buxC*F3E9D^ES+L&dV+J%TFmP4XJWO zx2`m*%E>rgAuk{zt<)$nzrZWItkB8d$H3Xpq&zIM$|=;*$u~32+tDr0B17N8%*ZX0 zD=e_o!z{?5GAAoC(n;H|EG;v<*e4?(HzGZ-$jnhcJ=DbCEUm!XkxN%sS0T6D z+&IUtFvZ9-+rrUKhPJ1LCzr0BLUD11 zZfc5=si~o*f=NJCRDQZbsbjujfTg)XxJinUzI%3nwwp;vcwk{sX@;+3kU@c~Z&-nG za%rNgp|*EHErCOLsLl2rbJE$qz`jFmOrcsDadKmYVFzYKTZ?Bt?!<1BBVi~wzO6PGgA{Olyt zpk&L^lzh(;j0jK5Of*alR0uGy()I`_G|x55%`7ns&IpVMN=h%xjtWf74)Bc%F7>jk z_XzebEvj${GvSJ=D0Ga}cXthl47JDz@brl&@k|X3^mTPkGcZjqHBQP(&GjfK$}q^W zEJycUX;hVyak_$bSxTi@R(eF4uc>jKrMFK(Vnk-KMX^t|nOUfRRb-BKh<~|Dgr~WC zU^Z7?NwIdmNqBvBrk81zxq+ciwq;OemZf2etAAEhWn@NSP^x}pL~&7gxqm2^uCA_v zPo|-zdtR`me!h38TV_t8SGh}?Nr|VWafVxEQdD7DVNP0syL(Djd4>g-{<1&wqa|Jn zUSlv{ojQNU)7L*!O%Ju__Sq_Dy9HawI8S=#%W!kWs?U>@%B~%E+x_iGNQ%k9*i?yhRD^A7p{A@bys zq}`j#y(ZYsHQ17zHJkOkib~|ymQSC}cs~_xJ(QF9dlsw0o9&x;84n0d>0Vs^lk4E0 L&g_jW`~Ls{{&;I7 delta 1023 zcmcb{agAewPQ90LsJXt8V??r9VyT5irCD;6VSY(Tp?OrKeoCmmpIL=Vx`9tnKvG0S zK9@m8VwACKSw=x>YHElJkpMYwUI zNnV&?c0gr1S9nEenQM5mi<@zTTYyPqc0_V&P=$d(aCoG7VoHT`lu=%;dvRrnlZ$KU z#E;_Pz9E67$w?u>Zq7LszJ`9j`aZ!1hDH{SuEE*vS=nI${wW0^#qLS2u5P|u5r!46 znPrus`4y%50f|LsrA`qp#^z}T`tGR_`6(WyiRo^I>7}I}fyw!k;~B-ni=wJhqKdMD zlT%H-G6F&Z0-UQnyehmsL*0^Hydo`glan3I^aJyp6OA3Y!t=FL^DB~~qKtDbjLJ=u zD$A40iV8d`@+$KzGV{zrTtbr!@)Of@99{A!pJf!Uk0>_JcMNilEH^37b+jxn^f5Ne z3Mwx!EHdy8in7#>NDWAg^vnh&attr<%rVV056MdR@-_+&s4@97pr03X{~ZY)_NybnP7P3Vj#tpnOxOq&%bY@Bm{o zkGzV+V)G~yPju_jG7}9`0~LHC{mngmeR3)zf(pF6ywbf4ODl^ai;B}yoRfkg3o9bh z>rEH$t!E;K7NjdJ!Y&vEn02upQ! z&GhB+N%k{M^$4!_Pj_{z2r??lbv85z%J%Th$w>+fw~TUe3<`DEwv0%PFfwuF($&>f zD9&_G&vVX7^e8tA@pp_2GRe&4RXx(Oi7L8noz54ETsN7 zlBX?NU+Z_Y6GVZ|kV0>NT2g8!MN%Gw?LOgh=uJqzfu6;1Fn zx7pex{2;OWanh`dn;370`k5cLT&s|>RkgnE)3a)c<9`)ie%vMP#VWmT_OFDK9yK%B zPsr-LdmX)fx5=rb{kC%^|Nni-ZQ?=Cop1Sa54=wDZJBg?smaY*c`{YHbD1o=7yEmb Kwrq9#%ntzFm1HUa diff --git a/secrets/grafana/pw.age b/secrets/grafana/pw.age index fb49dc8..ace35e4 100644 --- a/secrets/grafana/pw.age +++ b/secrets/grafana/pw.age @@ -1,19 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA Je94T4psgEbYV6YBZ2BSQ4JZbKubHtPEKNuVjL9CaSk -Fp8uHwymTnjkFQBfezrFj2ycXsYrnqqW2+KeKfsjONY --> ssh-ed25519 4PzZog paDltxaTs3odGMIkWFMuTfe+LnO2RqvRTqAi7pK8EB0 -+ZtGVOK71gSGzgY6nSlDT32Q6IQFFvZd8xMp42GD/xg --> ssh-ed25519 dA0vRg 2ZGLw9dW0qbzkJb+M1DhhEaW19VaPdgy9YvzxeEuZzw -Gycx9hEatq1jOQpE7EqF4G8y3+XvRnIC8oNK3hJmOzw --> ssh-ed25519 5Nd93w uyUnDy48bjq4cfG/HfIF57bnCxNGSFze18MTW2XmDmc -TWCJRIC3J9KyjbCaM/WmCoD0x2MtrGGKVgHCA/TBe0I --> ssh-ed25519 q8eJgg qPb7JIMkwOWIWw4yIhQku0u6d09QqFKtOXx1gC3XowA -8+YLpW8xzEzq02zKFhlbjOggEWfMZ6j2G5RGIq/TE/o --> ssh-ed25519 KVr8rw zcZRh0qTa55ENUWXRIPk/kAv3tKB0+anEQ+IuEhsFjY -8oN0U8jD1BA07XOS4idvHgu8LA7/E5aciLZOshsZJJY --> ssh-ed25519 fia1eQ gkdxv6Uda41PT9GhALDwPCfzzSiCDWluZG5m3WRwKAQ -5YSmnIYFXmBgTur0Z7PcLOT9ANvLJgIech5gp4Pqwjk --> ssh-ed25519 rmrvjw H0ZmvmeUIpb4ZAUvh+7k47mUmZidcsKxDHC2oC/100A -IjYufbdJxMMANqicCHQQAU0Vh/NvROfCfaxJBM3rai8 ---- TrZyyHaK0o4ot71wVxZzBT+3mVrVUQ3jKv6FuWNO4Mc -R3g GVgX3cP\ygqqҷ"KO(. 8ͷ&3p)4:MRSpK \ No newline at end of file +-> ssh-ed25519 V1pwNA CGCG7vFUJ9hUdJWRax68aDpHZEREFnrjo3expN7oUTM +/eCKERrmnmceosD45BENTxtoyLmjGmGVvxkGWAtCRyI +-> ssh-ed25519 4PzZog DSUIoivSmbzN0AvKIPXhtjTBft9D9AaRioe6biuh6XQ +XlV7xKGi2BY+sCgJCEiSB9AlpXFoQnbeIxKxNhPRetY +-> ssh-ed25519 dA0vRg sYBG5Ld7lMw+cm5zUgVR9Bi8YVwDrRglII36Tj8Jfl8 +cQMY6UyMrRtfoU6mn0pg47Vf4DB2KcjwiRHEmvU/Rmg +-> ssh-ed25519 5Nd93w H3k1nFMs8wkqsVKzGp3n4CE7MuyxJWRZ+xgSgDbnuzw +2fff1rsfvE5NikWjF9gkvHuthgLKLOey3PebYG26yNs +-> ssh-ed25519 q8eJgg UR21V4UAJ7/ALE7IcfMVYO3mD2jbanhBu1fj1iEjpBI +8Yl7/sLlQmCvGJvKZt1B4lJMSnPt6gHi/k1u6Gm2sII +-> ssh-ed25519 KVr8rw ur14/Gp1Z9ODFFVaUf50i4+ELKy9RHmsXjbaj5h9IGI +FTZn1ZuBixaehBW3hnVjfXrt2m8co1KSp5aUTA+TRdg +-> ssh-ed25519 fia1eQ 5bmpon54otL6GnIhyYT7CbLuCR8vk0td3kPBGxsSWCU +PSngrN6yQODB/Vmu8ka3vvDv5DkShktyOWrhzC9K1LQ +-> ssh-ed25519 rmrvjw J6YtkhTuDaUtc8LUp/zfvQD3LST00arsbe37bZw4nAY +r3TDmtyB0Cc7Mx8EXb1yytvpF3+4//6cy4jkK+cWTls +--- mSjAJK/sd2Qj4Ffuee/T5LTADcNLVTCcKL/4VlqZvd0 +RU$iUXsf_o/&c&{*ي/h\L[%=,Qq \ No newline at end of file diff --git a/secrets/ldap/details.age b/secrets/ldap/details.age index 4b5366453d97dd98d38d344056f76678a605f2d3..3317f9c781e97deeb182539d180a94b617759a22 100644 GIT binary patch literal 1637 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5yV>s`M>) zG)ngkakH#Q3QOD;1A%H}GrtSm7rk90SUFstwm zH!CdgFLE}{uQW~x^)w1`_BSyI)Hd_T$SJnWOh>oPB%mrPKV3mP&?hM+Jv_0}*`mm? zA|=G!D90kx*VVt+(=(;qrJ%~)JE^e9Jj&0pGMURI!aY62F~u=4B{aAsJT*Viz&Fgo zz&p#(+04ScAl==-xhTBCs35Z3-51@q6i0)ypmc@O>;RuYUrSRXBbVY7&s4+IsA5ys z#L~2KAAhGpFLx7XmtxoS(1=Wb4_~e-r@)}xz>0{%usq+quuSiaqAYXoyquJ*azFok zmnt7WZ{PCru)J)aEDXPy`lVPJmn)QKrR9WXdFQ8S8-!>V<+^5tRd|QHBzuSZS7v*Z z`MBiyxjC8z6dISi6?5gKmxXwlr-UVzW*1vJ`sP|%)!8knJk&WPpfJaGtH8GQ#_K44Jysjk{ydoybUt-4b1XN+`XJlEmG1#1G)Tt zvRz%>oQs2fG73XHqe{!Xiu0VaL(Fp0%&QDDliefz$}K&OOOkRb4A5;$%S<#(4ODOn zFe)j_cP%b)FE(^^N-YgDNcRcO%5}=i2r5e}DK?HuG7s}NFwRL#cjYoK&n~nK@sDsS zHngw^@=tcFs&We|_p2}u_Hqm;_VLS3PPR-mwWvr+!U##vDo5W!M+NOD{ZQwm?9vR& z!l;0Jb8jQJl2o7Ubm#0M&w%{&;=J@!qp+-OgW|#pM=rmV(5jH&vWmc@LQ8|p9Fyck zL&xNh+`O_}Lw83Lx4;Uc2#??(_mJE`S1z>tRvK01WSp*$7ZF}*oMVy`9*`6k9AZ{c z5}X=n8D&{g8d>RHP?(!!5aFX8>7AYD?h?pV>ZP6T>YZg8njYyC5K*30pzT#$Y2p!* zXIP*e?o*KC5mc3Ks-ITnlV*W#n@5sCWXkcJsUbcBrdS)?KURJ2Tk)^v|L}s#2epo?KqHj=XX+>UCZl0NOsfl-1 zP_k2IVpN%nzad5{freycnxlDDh^wP%N>xOXrL$vIx{HyMWs+sENxq?hMTKXgdtR}2 zUU7DbOEFhOdAPGjMNUaUL|SlJkeQKtqM3zRc!{H_i+6rlZf1_ZuXbKZZf=lgNjbXT zptgl)wKXLC80WQAEc z`Bg-kmU}0bzQM@Hq8g{6A=2I{+4MCR<2LyTNl!R-C zxfHpTo0bRZhdP(}1?T!#lopp{JC&OTdT8rs2fFHqgmQTneyL6HIPyfsQf|^^@g@Zo zq3rK*o|QAs9VwPg$yuHd`0UTlX8sGB^4&{rH`;zO4PJXXDfdDb@QiHMicH@%B3 z_ws)@?I^zYW&JbG&hx7AwGXce0fvH@FU(`=1*W5S%&5Z!Y=RT7*G6jB>c&MKC mY2BQ_pmgS0hjSmq)QC8o`TsQFKx7z)UwxZ}_tUr9%!dJB`#YKd literal 1637 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5w9LbMXu= zG%PmpEDuc!N%8isEXs;-G%ZN43px*oOI)mQg?knm*Pt8#N6-# z<1lXzOQ(YLNY|)BcQ=<@vm#56a9=L7!rc7gq_WJ^%#;wvN;89q6eA5iPOp7dWbj}U-P0Gk}$u+BTFEtI#F|16@O)+rvh$<-2PctYA zh&1!kclP9R&P&U4HF9++E%mdAs4{dmjEwR$j10>tGe|0_G|kJ;OmYp%^Gr0W@W=3* zcUX}{QMp36TS`h%K~hw>M`=oWxodJ>ilbkkV@Q%oU|v#aqHASwuwiJnr;D#qo&}eu zdxUnrNq|RGWO9acZdy)wabC7bgk`9cSDv?lyGvAIR-$KcWMHUsFotbunTdv}feMEC zd8Qd*<>l#KW|dhfg{cPlj{26Rex=Uo{w4Z(9t9;4`Ua(@0Rd^Dj$EN8rK#!ZDOH|s z+JzpT7KR~#MkOhse!hN@u6`aCzQzR=ey&c%#t~(hA?aD==v(NhkYk#YVN&W?8I@k* zSs7GT;GF3c>Ywjn=xUJ6l@eLvWag1<=o##q9%W?eo9URW zo#$teni$|8o>~>`>FW_vn3@!np`VeA9&e>lRZhm~3Zdqij-{#P{uRMx?mmeT#m-ep z7A_$<9^r{W!I5d1{>d3x?wOvUY2|szT$wJZh8a$k=1$pR+DU~Tfg#~(#ZFa`fhC1S zr6wjp6&5~*CECfR`dL*b=(c$z8Dtg&DwGEsga(+UIc8>RaZynp+weFf32MJg7V)$bw7u=)tSpjni*Fyr#jIb#?N)wo;AB z$G?dOENh%xBB*ldIQQk&hsWlv)6)H=?Xs$Ru=`VcqCe2JtH(#!kyYF|!oOnIH+CI6Xt%5ak ze#TDU8FTz#(saL5{gq2{li#GIN%8B(DIG6W*LWV>e%$-`hl!UQw*HE??)Em^cj?#J j?T;qj?Ney~=I%dB-n-i%I`8+ZZ{>!Yp2*#OGAR%Mxoj^4 diff --git a/secrets/ldap/pw.age b/secrets/ldap/pw.age index 2b4c4c079968029196cd027d40802a3db2b97084..e5deda43ba685036906fda9dbb0f1e0667d49baf 100644 GIT binary patch literal 1440 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5uxADk*U) z&y6f8G&3*D&d4v$E>83_F7R~=a?!5zjIvBN&dLrg^vS9!Pv$E2u5zx>P74YPF|f#S zwG0mOFU=_S&NeB{b~|>&DA8y%hEC1%gxakDz_6$wEiJDq-N+-tC%8D`$kd!Qc|Io^+&}4MmO#MBo|TiE&Q%-|l9Q_)o)R7s;+`RZ56Ka#e6* zX<(7DCs(4kM^U+(Z;6R_nWwW;M6O9%N{Oj?RAQogc4khQp=)BPd8AoLfRk|!M!b24 z6W65W|$|LC+GVc8D+Wz>3ilynN~zvWcnoM8hX2>hdKv)az%y) zdKs8jTACX9dFF?vI%kBsB$t-?TV|J<1)CS|;G2hvw9Njk0Do5W!M+MK4!pOitw;ZSB z#H5gPi^`O616S8V%P4>I;KbbIs8Dz3lBiH;$CBXOe6FCflFG=SlyKKv-;7YRQb&vM zV7H9Ys{C>b=i-R)sN71gAj@2BXP12abadNFqpF;Y(-qR)4ZKUWvn`!VEL_Z^N<9LK zT`WDL{0+4Ijm@&W3yRGGT_Rm8Ga`d44Y*A53W`iaodXgJioHoB4&^cqDh(_w)Q&O>GbnTnb~AL%D9Lom$TRhgGBYhs$@Q|x zs7g%=%5}`~wm`QH8j==;#{NcC=_aWWCWh`w85RM-VIdWjW~JH5Miv2KW%-^#{@F?1 z$zFwFCR|B*!Iojg*+E6&-cdmY-Y&%%7O6R*CS@5;5v5VyVcO=!Sth;}7J;P^fn~lvt`_E{fn1kYiI#cq zRZtd)x$^OobfCKRoUG#4NJ+Z1~A}uVlSMUtVqzTRg+? z%=Jg_H{Rk{)uYbinWuWyv1f+$?TL~OJ2qPS7@tqP66x!CDB)dy-WxV?>yjd??|K0( L7yI9FT^9oYtFY#q literal 1440 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5t--_o_0f zGW7~eGR+N*@J#me2n{N=EVcA4_bd)h@eem~&WbdubWF-NjN~$`$~1@wP1g=^$_V!@ zGW0C3a?H!jDi6+eGOH>L4av_i@G0=gG4%1xPe!-RB%mrPKV88w#H6IeDa|suq%=Pu zJUhrJCCke>Bsa%2&8;#(JHS1pA}H89#I>+2!;vdJ(9EqWvZ6dEs=U;@+&$be-y}J$ytI;HN5?c%H&3qQ@G3LY!jb|fQ?IDP;<)3P%S%!7OkbMv_z-O2-VJu*`&Eko0NvdcovE3(5Qs!9q%A}k}#i@gmkiwezB zOnjo!ibK(DE3`=UN>5iXN-YeiGzoPH$qIzpBhBG1)mFJtDxPz#!ZyG9BG-X_<+JseuYE z28m_f&RHJ5X#pjE#wNwi6(va_p4kOO;okb*`WfD#q2+l&#Z}slj_F*%-X8ja`kvuo z-lZWvX&L?@21%vi>1D-5PQm8IAr+Nrt`(k9&e|DK!Nusdc~&|47CI`Jr5R+G1)F<% zCzj?q89OEhCj~@BX*;L*<`!iJ`+4PfnERGz7!(;^XcamS;fU>+o3sWPD zsJukaP*WpcFHh|p$E?CEw@|KP3-`#P5Z|C&W8biJud)zJ=VX_N(8OG$)LiGv5Q|ik zNO!N)B=>OFJQH-=pdpzZXi->P6zE@=ZERFgm2OmEQj+aaVxHyiotYmLXcA%R?p>9e z7g28EXu@R{R%}+Ho#q;5o?7bb<(QOP6`5;TrCnL%o<7?l-KmS5uOT@oIi6w0Nm ztE&*@WNKbyQ0V0p<{a!9RZ?6MW~5yeRB0GwP?=)r<{26lQj+eO7?I*qWWY7|!fMS$ z-eH*$MtgLFKAt=9D*kNBB7WhOm%Dn7RmH6UC-)n8Y*787Ve$J_r%s%c0=IxR!?nbqdEUOwtESwQote{LvU%k`wepWCj?cu- zaunq+PWbjV_qm3~45{u9Z!Nb9h@O90_xAFkAG#;LZ2$Vw{@Up@S&4X`gvst%2X$-D MZ>_N2;KTR;01_7Q0ssI2 diff --git a/secrets/nextcloud/pw.age b/secrets/nextcloud/pw.age index d1e20c2..02fdf3f 100644 --- a/secrets/nextcloud/pw.age +++ b/secrets/nextcloud/pw.age @@ -1,20 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA wC7Nch41YKEjrwpf/sDR+SUWKm1porqP2DyQhz/MLh0 -Mu8NGcxWphZZLgb0F7h10EJGCPiontn6y2lWNSldNGw --> ssh-ed25519 4PzZog 6H6fsEDq6xiIkmIy6gUUGL+Mm03HSEaSGnjel3EO8EU -xzqv1RZijhQqeiWIFq7ReVzh2JLtBoo9HmZJ1VXrMPU --> ssh-ed25519 dA0vRg UC9Vm0pLH8N9XGxKAZ/3Efe/9SRvx/rlxCYx0u5oljg -gF4IFYdCIXfvPPrOsJFvGMf1PzrSyureKpOP66ZHB1Q --> ssh-ed25519 5Nd93w 338ts/scFEwjZ+3f4Vcd8C9Q//E/ZGoSxIutAxKgpAo -C0vs3fiisD9FsZ8gYJZj/I81mT3Psw3g1jN5ztyuDQ4 --> ssh-ed25519 q8eJgg eIHEYfE/50IRNy+gnNmqQD4jtVgJRla4ilAQp2gYfjE -bFNJA6KPlBiZWrB5vjyTilXC+rkW+xqVSWcvHln9H/8 --> ssh-ed25519 KVr8rw Kq/0pxm2r136ezrKRugC1So2cIIx2VTShPv6WTc6m1E -W7VrsPf9jkkxqndVjrFuGBwqJR3v4hwig7Fed9xJSAI --> ssh-ed25519 fia1eQ 1sA1YfEKVatTzHV5Wd/tzqwRiIPUBQlfoKZkJpxRYig -lLtPzvg8H0y+FpfGfF/Q5g1nCap1TgW2wipIKU+Q+WA --> ssh-ed25519 YFaxCg zUYYpsC6BXvPRcIignITwUmvBhfhy9EnxFeCFg1niQk -QcmAhpDajw2lJyttDX9kn+0bdugmYYifSl1esaa3xpU ---- 0sQ4g4YxMBe/VBe39F9ZfwVh9XEOHYHqgiX5oakBzPU -chWp@ "L[)t/+My' -8K[m}q1{]OS%ᙯ> \ No newline at end of file +-> ssh-ed25519 V1pwNA ZlR8h9qHUL9sOogTAS4jhOkSqgeWOMgrI2jpzZeB43E +c1B+g2ke5kRtFZ1us5Sb8gxYdb7DUx5l1IzVAfbXxW4 +-> ssh-ed25519 4PzZog uPUS/whEnUBue936Q95LCG31yz987AGVTULqCLfQrSs +cGgATnRDcpNJ7CRUkouyoDk80EYB/QgzkX5snfs2qjg +-> ssh-ed25519 dA0vRg gabrxTdlYIjZWYnRMdID7aLu3hgHKmTG6RQHMMnsdjM +HIKk6j8Cntw6/SAtbAjDTSDqXhRzItris/gcm3UQT2w +-> ssh-ed25519 5Nd93w 9enbyAo/XabNmXWppWZWC0Do+6hwzjLPc/RgpFSsOkY +tLBW23QTKZKYZ0nlJ1WDdqsu8u0vsyNoZ10qrk06p3E +-> ssh-ed25519 q8eJgg 4Un1ZATrDODVT5Nr1qNkQzfhBeWcDkujxvFmXumHKl4 +MW1gkllR6yl4FiR/84jV04TgN/B4WEPbmrIWPVG7yKg +-> ssh-ed25519 KVr8rw ld3Xw4y/UIN6RADoJt+2gwnMbcl7qC4sF2X/pJcdJjU +8b3N70CMfQpXY01EjNxn4dZJ2PwbWG7JgYgfOlGfZT8 +-> ssh-ed25519 fia1eQ 5J0q5b+gAlELovtLXXTwr9jfhOl5L5SEy7+qRxUicCQ +k4Xd1ypatsY4rFPAVZoA89V6NrnLxrIrWBhYCY0BEis +-> ssh-ed25519 YFaxCg UgvKYVP36n85x6AaAIGysm9Kzl4TrMip9GTxVMRuWgM +HuTioTpbARDViBacuvqHM2WDNvL+hDyDCb8YJW2uukE +--- ig5Vtym6PTLi2FyPk/bdMBeQV8qICqxGONQGU2lGfxI +z|^ځ~0]|Ѹ"Qzb"gmr냍u ye$c \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 9a9b5bf..f473e25 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -33,6 +33,7 @@ let marvin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIAme2vuVpGYX4La/JtXm3zunsWNDP+SlGmBk/pWmYkH root@marvin"; calculon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGsmeBfh4Jw2GOL7Iyswzn4TVNzalDbxDgh7WuQotFxR root@calculon"; ariia = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA4kV6W1/tP/nf2ZWNhRoV1mK04R4pS+c5vdsA1n5gpN root@ariia"; + optimus-test = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFv0Hb4qfzXUll+Hct1NQOE0bCf0MpE24Cqskd8vAFyj root@optimus-test"; systems = [ agentjones @@ -40,6 +41,7 @@ let vigil galatea optimus + optimus-test glados wheatly kitt @@ -88,6 +90,7 @@ let galatea # Games optimus + optimus-test # skynet is a webserver for users skynet # our offical server diff --git a/secrets/stream_ulfm.age b/secrets/stream_ulfm.age index ee6ab1ca90c527cefcfbd446b361346e0aa72260..c91deb681ff928b31b06507081aee6a24fd2730a 100644 GIT binary patch delta 3123 zcmew*@k?TYPJKY3M^;LyX_RMqPOwpBMy`R0e_DjIYeacSiJ56hX0U#qe?)RgR6$;L zHdjcYUzT}!RHRu-NJW&Vv5#>{SXi!Ely*R>Nw9Zua$-nmpmBbFfoXt6HkYoQLUD11 zZfc5=si~o*f=NJCRDQZbL1}4LMv=d^iDO`qPo|q?pqry%R*-X^k9K5Km6@qwVz#qK zsHdx6YMFB}S4L^3PjHD@WoBtoL6CEvNlv-Hd$3`qxwETDvWHt#c~Oz2p=qd(xp$@S z#E;_Pp}B?yIYD`rzNIeN!O0OWxlT@16|QMf!J!#BWuX~{$v&AO5rv^ap;eAtxshfD z9zHHndA@Fme#T)LCIw|7&bevD0b!XrzUD?o&Oz=ag(>AGrd7q0;~B-n+#HiULjp~b zOG2E?%MuNYoeDg{qr6P35(D)^4a3d79i2kcGqlT7lMIWwOngF4!t(f4vK$@VBU_eoDr zk4nmMFUvNrjBrWxEpLIx1fASU)PG1Y?J&9uTl%+Oq1}$Bnz+dsC*Zr z0#j%A)UrqubnDVG6Ae=X6~eu!~z4RDPJ(e})CGBYU2w2W{y_3<{zF7fklF)1%kicHA}a8BmZ)zww7 z^!Cn)C=aeEPYiI&P0jN$$aF36DRqlXE%veqNH_3IG7X9_(+)@s&v4~pFJ5;1ugFmj zg_$=lOnq^D_llS;QK>rYE0W(8-%g$yUb4RLz(#=`ZjC#e>nAfVVhJ>@t-l?c8t~hp z=HUA|g)?N2bZnoIyW@JBsgqXt_tb;y9{)`Ed3m3o>-}nz-AvE+oXcqm$v(kRoA z+zZxhFetkGs_xP3Q#xmuFLmXF_8695YdZJ(<0FHM@7{^0F&dSt_C; zNl&F8U)|_!?YuLSw|jM9*xV~+Sp_Q18wA;N9+|YP@G!g|*CFPRVZo`?p2T{GTcc-I z+S@f5mU6Af@;~JHgga*3@phT3R-y5?UUQed?1Y zC0E^ga4^;CS>gH6EA#e=Hm<3*T6^Z)O%uP^d6Oa@xR>lc?{!e@Q1Z`z`x`GWlwjVu z@Uq(;58=Vn}Eqh^{;=CrcV`XHe|VZ{R-7x(MrFRBkU^)kGC{NAkgoc*u0vd-Br z*l$^7toAWML{m0tsmsAh%$(EfUioilblUyOYUOfwz9$F&O!YW&)IT^oHT7{?Z|s+1 zkFKNMqBqNqZE}$*^XB*dbK=aui?(Ynck-RJ{T1on{A?O)C;t~xTWS4=d?M(DFaDqrl8wjKMs ztYf7jLhWX@d)$q@{`S48)XNFaE7GjCatiV-T4*}?P_@=vse3&&+ouRb&H5hcr*E{N zu%upedkx#7627gG^|$BsI&~d?y=&j8{ft&gzkBzd6m`DEJ8ydLsn(@mb8j|!PDn0Y z_;q%SVwG)8WUE>5|6qeDZ;~cGd^jgGYysO6mQ!!HrSh6y2zs>qxKr;j)_vy}C7m~j z3$eFs^plH`d|}sJy({F%>-!6LDc4mV?Te4OC^aX+qW6RFrHktlrDlZIPZd1IoVduf z{&3QREz)8ALAO6oRhv7-=3#B-!Sf$kf-|nM$(e6HU7%EETzGoUvg|AWdUck6Y*u@q zFMU)dOW=Z-^xq3J?6?~rbUSMA^wbqv`0oA6Ur}F{`<_1aE8OEq_#*E9Zxeo)o?pyk zwp*}%Uh&s?lNW!Jn{=w^cAvVe%i34z@DxW2;ATUgye{l}dEe|`r||M=q@|CxWe zdDKuNAjqZj>Q*W4hVxSU1Ja#LKl>+~zB_s5Tq*zeL5F|3y=uAfsQ*unUUG96=TWu4 z%fsqy1DxwYNgk6C(;tKQzZ_F#6`VjaG>7WJ81FCMcMbzbi)*Jr}O zk)xfl{gdornV8&(TUo`|-HoW;ZWMQpVSeaT-o{_;C*HjLzwkZ#yqv%$-)lQ=TWF{q z_SPwEWOod=6>mAXUg2rRmbI4JHmiPJ`(t)y)xtwtv+Avs4l@`nm^Wd$`sou#Ef$+J zdWp>Cxo7v&V0X`#;%EEBOOI;r`FogyRq*1MV`;nkUYK{sbS>zWKU1{6pOIsq{F=H+ z%T`_4t{5=W;Im58j8)Z-vx1GkCO+`eZ#%)0eo3eGZ7_4BLMih!(N>4e{o5^NT{9Y^ z&&VI^QSmCi@HJ*t{m!D$@SDYXDcVbx$LsbQShl{BIPq?h_|tVtii^UcFS>4=*uhn0 z+UvY@ioIL=Dfd3Ff*q~rcks{JK4TMe*pm(2J$H(hPiq&RKKJyh{6}mpUtd4#Kk;44 z`NPGUBL}wGt<}F4eaZ0gl4;(Hqsx{iRa%LkKk1@@#*{@On0u-Z`}Ki1Ncnim&74?XpMr%wS-z2n{u0_n3G zlZ}gK6bQZ+VjvW4l&8^bEAwt z`ZRx1;*E0&xXM1o?V9rXR&9CDj(UzeW+JtST6f;Xxgmv;RQt@-ZE{MlbX~MS@>b<8>s@P=&UN%He8{}Z zqT4HdwOr@tE1p^^CP((0@0zq>3c;J2%1ydW3y{?5;3=U(<|MNWEoEj9Yw zidvigYpvVF7u>tICSuB+eP26yPgnmwlj;9(!@WojsSI!V2P-4K{=aV}%+mSm$M0iv zdl{Y;v&7|>s@=<*bMp4wrd5;N55C{_`qkcQfk^g)$du}k@=N4FaxyW2mSM|Q3Xx5g;>Ux4=q29~? zEZHbs*vVUK(`|D;;*M$b^RRakEZ4sGZEUt|n^Ekn@1h>4bNge~%SlfIZ`3$u7018* z8~5zBBJYdNXMb;aYT4u-FY)TVH1BuR`HT8zSkB2yM@;$ooBz$ir`lbU^JEVwya}GO nsig7K(a*tmDs_T^+ghwK{w?0tiP delta 3123 zcmew*@k?TYPJMxKqKR8xRH;j_Q@D9ms;_=(Nu^nGN};D$V0y8!ez3PkvPGqlwtrEu zE0=##NKR2olBKtCws)pqm}yyrd2WtVRH>J9T19$@NxE^KbC7v*x|@4hD3`9CLUD11 zZfc5=si~o*f=NJCRDQaGV^)QwafL@lRYjS(L0*==uUn9Bcx1A9UXZ!3S&~;+XrM`I zvUh-~wtlcHm!-Z}qD!QuQ=yAnW?G`NUus6AYm{Y9m}hE!P?UdeMpdbIO0H)}vaezK z#E;_P*~MmhOedCVAPD;~B-njNP(5JbZ$x zN=vgsjl#{s+{!(?Qp&@;3xfju3oUc}v^_)pOv3XWv)x^}qRbtALvu>aj0;i>vdc@; z!hEwM)69*Wqe_d)3M~B0!oxg0a*e&s!b~QgVU(!%ORq}zGOI8RFAOrwNH$M5^$5u` zG7gCf2`LB+N----PKh!zbqdV#&n)ID3rY;u&QCE3$q(}O%Qej|FU$6h@Xl~G^h=2> z^fdM?iYm@Z%*!fH%+E)U0PnCOi=uLcp!{4z-$bL*h_q~Di=@Qt;QAE9VmE#NvT$RM zVsqcfG;@n0*E~Z%)%AmkVbnDVG6Ae=X6@2tf{6oE}i~|bYl6(U~0-eeWQaz*6%)I?7ii;fmT=cW* zlf!+y%94}PBe^Q`3@S4`i}Zc`d@S8d%A8Bf@(qk4OClW&t6U0IqgGtCRGax9K; zPUkYn_qBBP$gQsoP4`H(%=Hd;E=?`<%!%^MGtTt!^fYv>^fu2)D|GfXvP|dF)zwvS z^mZxs);G*3t+aH`GWGO!Hud!M%QucRGcb$t&M5Z@%}+I~iY)arG%?}gJ!~rW?0$9I z8tsMi3Kk#QF}2&YLF47$E1~DFFPd5{viz>}a?b3Yg8|Dz>#Jf`=G1OsUJ|}*g&Zqi zYpmYKx(8BWZH1}Em6NS>RBTSw@3xzC^Uv+@uzf--Y8NGX<~x2`{l09%|LgxYXYN}l z8yvE)aE4mhCz8FoK6f=c`y&>`&}PrZ=a`N zE_AG0&@;vK%=x7v=azHd3h$oRlm5jat0dMt-{-cczEDwD{*OeHtDzEJN2|`v+x^X& zc^=>IFCX~tpYS$cl2}t>xpdmS4eb+OzhY}^a6i&-;p2X!?_r#w_e{T}{R*do-qv*l z7B4!SXLfVRl}jN#XKS`E`kW-V@$x6*`c|9wf@QNh($56+sJ@@BDx6km#Fevd;+rp9 z6=%N*xm3Jn&Uw9Xzq4;lC6=9ave85$IU(&w*TD?srnMZ5AmcNeHyj$jFL0&;(y}Sohp6^QcVz$)Ts`kgO%3hl+`}Bo$)YO-6Ul&cNDs+q!#N?skFe7FVCpxcUNh9_I3IV8 zCi}G5)sGYJ&1TTPW^5j`u5a{AiWJYsb58&a&*2YZ-Q~*8iHc z&El!u5})~f2U!lV{-1e9UnV@w(3&dpkDTN^p7bEBQJG#(wd(`BD~hLb^xw#%3eQ z7ONeF{82JrcppuZlej5%nq`Vtw?`Rs%^~>(p0^wJyk2SZ_kX18oP(_wRCjAEXU5)(C8GD7DIr zTPy4kbhzgFg$?bW-`#pW&nM&g=C4MIf~@m5p51kvTWq~Z)hs>U<_y-~>DOQQ<@ebt zo?dc0p@(SkTs%xo9lKLb@;_?${f}WT^NXss zl{-XN{Iu0{{dVTfN1;y~zgC3jvWpz(ZfR+3e)?nckD1p4qrOf&*r>ht;B2NFK+-f!#l%5BXnFWL4lnE6odj8agK&Bgrx=J!Lnb}8-e@7HlEI`DMI+W5aS z*M2yZeRQg6O4Z$Z7S5<68+di4Ep)=Ie`{W|`o91E)Ar4Fu&II zAE7E;GYxgUcO7eMv=^9s{b(%PnwxxPpW1hR7g^HXYx+xU*1jiJ%8ySfEt1Pv=={p@ zn5pN%gf&hzd;MnLpUx+=sl1FY=8}!?x(7!-OSdkm=iIh6yoxz6=}*1*xsQzeMfq2m zFHc==D=9DL=4!ZX)kW)x$G7TDYFu*OJ^XfrJ^#k7)|bPrQ+5iSydnP2y`dsxs`EEF z<{gqNcULRy`pxxT;o<*^c_piwH!kC2b$@3yZ=}L~#-+{@dl@FNO|e;g_L_X0 z@YRB8GLR`gsV=O~ z+afkI_ApPJB$pNM{fzzbIR~%muXZmri?85_$(q0Wj%2IT=I`^RS1Iv}$W6C7ckF|~ z8fUx1e5@iYFLGAdoLVivd471<&d!#^^%rNBC3|!p_ISPe;4LN1#9MzN(%bxOq~Ch0 z)Yn}z@1FONsqf!~Ejz93g|iztWBQ{}1aP=`!-*`6D7d=|WIU z2?y)ueRc+k4R-&Ql@=H+>vpwdxbl|6h|gVd>6e{So}o%kdvs?p3qG!X|JFcRj>Ti| z5e@(7+9Q8#7d5)PePe3f_{*nhQTK*FflC*)yVuuS=+DYl+@xK%Xq$1t*W+~$X5Zy@ z2>w^%JF`8!18vvr(JRJmgiU5wfH$NJpWKeG$S|D=--{QmN%zt>o|7i&EIRK zD=+IDzA|x2ihKR?*%dQb_g!|D`s&AT9i7eMz5l>D_KWjhZM~o4xm&aA*JKe_*?(%K z=cnx7CCIw4@RQ^(%h-%XojTp!lG_U2Rz_Sq%%l1zeZ@MDNly}#LQA%~R=<|x6h6ST zpVwgZX@QxOi-rF0{%f~%d!fR~BlkO{4n6sMXxmK|*}nagdCLxU?bYsC=6mge=-L&+ pQzE8)*4n4KGrBGOW7%cieMg@k5U&1odYPm3(KGWk14WW=0suDUbFBaX diff --git a/secrets/wolves/details.age b/secrets/wolves/details.age index 5173592c9b3681b5df999d7bf2b42ba8193ebc7d..31b96ee529b1522538a04715aa5bca3dce6a7e23 100644 GIT binary patch delta 1826 zcmbQvKb?PqPJLoVqHDHycyVxOfOCPTb5KD^S&^fcw`F!lK!j^$XsL-;hH+F`l2L@a z373CWcuGK3o^z_RZ&`4rnNM(bX>L%3qrX>_vw>fgc~O>Ma)y()X<>FqK9{bYLUD11 zZfc5=si~o*f=NJCRDQZbW}=guPfm75c%g~Ed1zLtzMGj-s!2+IQB_ivnNhHNkyl=^ zqrYoeiC?8Bmqk@tm|2ubMvzlMVRmV0Xpm!}ey&e$sAZ-kE6ukxnLQewL|W1^L;gDgGImex~`8;~B-nQ$q4Ql034C zBiyyK40C-v9rN?U9LuuGEHcae%>9cJquf0GD>I6c3mo&gaw4jtLUMd6D@^n~Q%o$) zbG_4&-HKiFlYFxxLtOmzlfw+E{IV+j!UJ6=pJf!Uj|%cNH1o~RHStdgPWDO<&hRlR zPw~&o_NgebFf+e0vQ)>sAV>4clJbh&Jk$E*+#(CJqzJ?O zR8P~8fYj8|3T^Gcz(Qk#WUg%A^!)O2i@@R}%L-#tr?A8l!(v07oGXe8Q_YQX{L{VMs)`JAO|^@YwUd)FQbU5X zOd~BUjFXJZUGurzD=Yks4KlMGLrwDnJS##hjEd5Wll`JXeWMCo3|vb}J*)IRE8NSf z!Yn2yvWVB4Mw)p>75gOn_~i%cr=<9Kq`9XidAj-}hUiBg znK+pSni^H5d07NRdZg+*`llL1B?p$91O>TfSQJEsgqm0;`Q zzp^CXB{0atsj5t0JG8REqdvmlT|d~&HzhYBBqU6~IMpe_)x**_F{Q$l%ilL7!!6LP zvbem`(6iXxD>*;3q&(2qGutfP-zz;cEF>yS+s8jK%A`CQ-8zpXgUo_J1&?C=s(io5 zlF*Rg5_j_moCqkPk{sKE4s z(lQq>i~KxK!_-8}RR1z}uZk+8++6=0r%IO!UvS8IXQvbeX1YbV`&bkg7^FJ8Rh3w# zIR^T<78RAddSnOsXnO@$rjgp<#M!6ZA`WvU_Mpgx7hr5*o86>(F`e;{_76$nw=4KZ9 z7be%|copPUlsFr3*=#t=Q=pLM?dKEnK7F$P{ge5xYUl9?_%a^ewEpNpxn0l7ef1el zvi7xY5A0NwXy^L&z`xLsllQS>)R`G}>W9y)xYa$o^1jZQneDPuB>VY0+(kC;cHGv! zEJVQds+Ue`ot|J(|Gw)jOL*b-FM3Xeg*)#p)L1uX*&%O-F#ECFQ*$Ue4DJ(!TI)#-M8GG4BhpOHm%kA{1t9*LsA$l9jACaO1V_FT_Ea- z(1gyQ>g_65EK}<}_eP%M*Sy?)*ZJtlmu4Fu&O1>$=e)V{e}$TFYU+taZO^^`{gue` z?U=Y~-I)M}MGqqr#5h*OSt(r>k3BX$Ea%tqtmWJWA{W)2U7IU69{aNQ>H09hxwxVwuFDDfr*tNUiY2W)} z#y#_U=d2a0;=L0%-I`~~f6wK&r(TbaJ91hucG@+iA3P7ASzq2zq8xPN=pU_*HkR#& zv{e{|m$#-xv~XPB_xNwWLz$dI{i`|3?FxT>_$H)ra@}-y&{*EEW}eWKk_yT2KX;gO zi~G)BeVlM{S4rGN_sr6FxqId=UbAO7sz2ALlZriE;)1NzdCfwgNm!*w2VbRnJhxR}I-d4R? r)w#1S^}$;GRc<+V{>P>{DkR_jSjWncE_@><@lo3`wt&u`xBR^TF)6{S delta 1826 zcmbQvKb?PqPQ7HR6vq>NQ6g- z30I||TdH4{erSb-c~xn)YgMXirM{D=M}CnO--wET(qkygCaeQ z5?xZlT)oY!e3C*!E3#4wjU4kMOHM0mt?+V-@+{1B%dE_E3h@X_ zDGG@+3&}Dw%s2D$EOOSi$TTSn%g!<3G72fnboTQwHBR+U(GCiAO0RMZswgWr)6Or= z^Uw~-&I^q+F$xXx$SHM1j{)znB8#GOg^KLds`6m3oWPuH?MPEMbMJb~uwqje3&(P& z(h{RoUjsisGYhu>g9^W@d@g?%LxWUN0;?jaDzr1|kqLlDTpQwKiR#cB0S2+Fsq~_x!%mfH89`6Gq57P#KO}rsWdMqLc1v3+}I_M%eOQy!!sy5 z)yT6lB-64m)7U_}EYv04B{j&qz{1@3G6R%Kh z-$HMbAlHJRkWg(`!>G*4@SwERC@+`v3QK*{%3!1Lis109bgqIz3lEcEkIKq`l+0@FLL{3WGv-qsV->pin>KVsOa0qdKVcv7VGDw zMW$J#1?H7iIT~enCpmKI>gp=Eghdr)him)jCmH0Fn3NP|dgU0Dl{)%*l^eJfTUvy9 zSeVyG`C6tJxMlfrt)2H__oZ2lnOPp!JHG6gCN4f}??v4+(cSlFGx{x7TJ74jb(yS) zfpm~>1+Wno(@4Csf?M*gzTy3y%_2CXqHRTD}nhS2OO1OAer|7)dcI^un zk8jVnys$Lo*Dc13gNM1YPfR;zbURz<_*BLn+rK(Lsi^0(z2Q~5XUUS97yGQ#5AGCg z{imREMlWwtWpOu8Z&GP^es7R>+qH)#YyEF$i(L#cI?C}$`q7*<8UoQ17uT1Xu24Vt zYq`-uwMPsS_XS-MU$FkG>BI|{c0T|0Nj+}Qrcw=`isl;WpW7bK{l)$(rtP!{HDdOt6NX1aP59puVtHZ_?=y0 z5&zU=n>`nG0zGyes5zNic+Rv#S?`Ih_H+H_Q-?kEIWDy?vN&_|%9`1%4k~Zj^Zqwa zW>PxW*lm;6b?2AU%HPKlfA3cP!NAz!{_>sXL2K9TbvE3-rxL6zw`%L0ez)$gl=zYz z3=V4RSbTiG>dV=rc5;yuVwuz&Trmm_G@Am-|oa*wqgs; Date: Wed, 4 Dec 2024 20:09:32 +0000 Subject: [PATCH 655/826] feat: code from https://github.com/pelican-dev/panel/issues/533#issuecomment-2466168233 Gives us a start for workign on pelecan in nixos --- applications/pelican/nginx.nix | 110 ++++++++++++++++++ applications/pelican/panel/panel.nix | 64 ++++++++++ .../pelican/panel/pelican-install.nix | 28 +++++ applications/pelican/panel/pelican-update.nix | 46 ++++++++ applications/pelican/wings/package.nix | 19 +++ applications/pelican/wings/wings.nix | 42 +++++++ 6 files changed, 309 insertions(+) create mode 100644 applications/pelican/nginx.nix create mode 100644 applications/pelican/panel/panel.nix create mode 100644 applications/pelican/panel/pelican-install.nix create mode 100644 applications/pelican/panel/pelican-update.nix create mode 100644 applications/pelican/wings/package.nix create mode 100644 applications/pelican/wings/wings.nix diff --git a/applications/pelican/nginx.nix b/applications/pelican/nginx.nix new file mode 100644 index 0000000..b1bb259 --- /dev/null +++ b/applications/pelican/nginx.nix @@ -0,0 +1,110 @@ +{ lib, config, pkgs, ... }: +with lib; +let + appUser = "nginx"; + name = "panel"; + module = "pelican-panel"; + cfg = config.modules.nginx.${name}; + serverName = "${name}."; + dataDir = "/var/www/pelican/public"; + port = 443; +in +{ + options.modules.nginx.${name} = { + enable = mkEnableOption "Enable ${name}"; + }; + + config = mkIf cfg.enable { + modules.${module}.enable = true; + networking.firewall.allowedTCPPorts = [ port ]; + + services.phpfpm.pools.${appUser} = { + user = appUser; + settings = { + "listen.owner" = appUser; + "listen.group" = appUser; + "listen.mode" = "0600"; + "pm" = "dynamic"; + "pm.max_children" = 75; + "pm.start_servers" = 10; + "pm.min_spare_servers" = 5; + "pm.max_spare_servers" = 20; + "pm.max_requests" = 500; + "catch_workers_output" = 1; + }; + }; + + services.nginx.virtualHosts."${serverName}" = { + root = "${dataDir}"; + listen = [{ inherit port; addr="0.0.0.0"; ssl=true; }]; + + forceSSL = true; + enableACME = true; + + extraConfig = '' + index index.html index.htm index.php; + charset utf-8; + + access_log off; + error_log /var/log/nginx/pelican.app-error.log error; + + client_max_body_size 100m; + client_body_timeout 120s; + + sendfile off; + + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; + ssl_prefer_server_ciphers on; + + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header Content-Security-Policy "frame-ancestors 'self'"; + add_header X-Frame-Options DENY; + add_header Referrer-Policy same-origin; + ''; + + locations = { + "/" = { + extraConfig = '' + try_files $uri $uri/ /index.php?$query_string; + ''; + }; + + "/favicon.ico".extraConfig = '' + access_log off; + log_not_found off; + ''; + + "/robots.txt".extraConfig = '' + access_log off; + log_not_found off; + ''; + + "~ \\.php$" = { + extraConfig = '' + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:${config.services.phpfpm.pools.${appUser}.socket}; + fastcgi_index index.php; + include ${config.services.nginx.package}/conf/fastcgi_params; + fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M"; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param HTTP_PROXY ""; + fastcgi_intercept_errors off; + fastcgi_buffer_size 16k; + fastcgi_buffers 4 16k; + fastcgi_connect_timeout 300; + fastcgi_send_timeout 300; + fastcgi_read_timeout 300; + ''; + }; + + "~ /\\.ht".extraConfig = '' + deny all; + ''; + }; + }; + }; +} \ No newline at end of file diff --git a/applications/pelican/panel/panel.nix b/applications/pelican/panel/panel.nix new file mode 100644 index 0000000..c5bc198 --- /dev/null +++ b/applications/pelican/panel/panel.nix @@ -0,0 +1,64 @@ +{ inputs, pkgs, lib, config, ... }: + +with lib; let + cfg = config.modules.pelican-panel; + dir = "/var/www/pelican"; +in { + options = { + modules.pelican-panel = { + enable = mkEnableOption "Pelican Panel"; + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ + pkgs.curl + pkgs.gnutar + pkgs.unzip + pkgs.php83 + pkgs.php83Packages.composer + pkgs.php83Extensions.gd + pkgs.php83Extensions.mysqli + pkgs.php83Extensions.mbstring + pkgs.php83Extensions.bcmath + pkgs.php83Extensions.xml + pkgs.php83Extensions.curl + pkgs.php83Extensions.zip + pkgs.php83Extensions.intl + pkgs.php83Extensions.sqlite3 + ( import ./pelican-install.nix { inherit pkgs; inherit dir; } ) + ( import ./pelican-update.nix { inherit pkgs; inherit dir; } ) + ]; + + systemd.timers."pelican-cron" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = "5m"; + OnUnitActiveSec = "1m"; + Unit = "pelican-cron.service"; + }; + }; + + systemd.services."pelican-cron" = { + script = '' + ${pkgs.php83}/bin/php ${dir}/artisan schedule:run >> /dev/null 2>&1 + ''; + serviceConfig = { + Type = "oneshot"; + }; + }; + + systemd.services.pelican-queue = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nginx"; + Group = "nginx"; + Restart = "always"; + ExecStart = "${pkgs.php83}/bin/php ${dir}/artisan queue:work --tries=3"; + startLimitInterval = 180; + startLimitBurst = 30; + RestartSec = "5"; + }; + }; + }; +} \ No newline at end of file diff --git a/applications/pelican/panel/pelican-install.nix b/applications/pelican/panel/pelican-install.nix new file mode 100644 index 0000000..75e3f53 --- /dev/null +++ b/applications/pelican/panel/pelican-install.nix @@ -0,0 +1,28 @@ +{ pkgs, dir }: + +pkgs.writeShellScriptBin "pelican-install" '' + DIR=${dir} + + echo "Installing Pelican panel to $DIR ..." + if [ -d $DIR ]; then + echo "Directory $DIR already exists, exiting" + exit 1 + fi + echo "Creating directory ..." + mkdir -p $DIR + cd $DIR + + echo "Downloading Pelican panel ..." + curl -L https://github.com/pelican-dev/panel/releases/latest/download/panel.tar.gz | tar -xzv + echo "Installing Pelican panel using composer ..." + yes | composer install --no-dev --optimize-autoloader + + echo "Setting up the environment ..." + yes "" | php artisan p:environment:setup + + echo "Setting permissions ..." + chmod -R 755 storage/* bootstrap/cache/ + chown -R nginx:nginx $DIR + + echo "Pelican panel installed successfully" +'' \ No newline at end of file diff --git a/applications/pelican/panel/pelican-update.nix b/applications/pelican/panel/pelican-update.nix new file mode 100644 index 0000000..d359d44 --- /dev/null +++ b/applications/pelican/panel/pelican-update.nix @@ -0,0 +1,46 @@ +{ pkgs, dir }: + +pkgs.writeShellScriptBin "pelican-update" '' + DIR=${dir} + + echo "Updateing Pelican panel in $DIR ..." + if [ -d $DIR ]; then + echo "Directory $DIR found, entering maintenance mode ..." + else + echo "Directory $DIR does not exist, exiting" + exit 1 + fi + + cd $DIR + php artisan down + + echo "Downloading Pelican panel update ..." + curl -L https://github.com/pelican-dev/panel/releases/latest/download/panel.tar.gz | tar -xzv + + echo "Setting permissions ..." + chmod -R 755 storage/* bootstrap/cache + + echo "Updating Pelican panel using composer ..." + yes | composer install --no-dev --optimize-autoloader + + echo "Clearing compiled template cache ..." + php artisan view:clear + php artisan config:clear + + echo "Optimizing Pelican panel ..." + php artisan filament:optimize + + echo "Updating the database ..." + php artisan migrate --seed --force + + echo "Setting permissions ..." + chown -R nginx:nginx $DIR + + echo "Restart Pelican queue service ..." + systemctl restart pelican-queue.service + + echo "Exiting maintenance mode ..." + php artisan up + + echo "Pelican panel updated successfully" +'' \ No newline at end of file diff --git a/applications/pelican/wings/package.nix b/applications/pelican/wings/package.nix new file mode 100644 index 0000000..fa483e9 --- /dev/null +++ b/applications/pelican/wings/package.nix @@ -0,0 +1,19 @@ +{ stdenv, lib, fetchurl, docker, gnutar }: + +stdenv.mkDerivation rec { + pname = "pelican-wings"; + version = "v1.0.0-beta6"; + + src = fetchurl { + url = "https://github.com/pelican-dev/wings/releases/download/${version}/wings_linux_amd64"; + hash = "sha256-a2T4BjqS8Hy5YqwDEJpbvGqqsrVjdRhxvJLgk3MCXag="; + }; + + buildInputs = [ docker gnutar ]; + + phases = [ "installPhase" ]; + + installPhase = '' + install -D $src $out/bin/wings + ''; +} \ No newline at end of file diff --git a/applications/pelican/wings/wings.nix b/applications/pelican/wings/wings.nix new file mode 100644 index 0000000..0dd8b24 --- /dev/null +++ b/applications/pelican/wings/wings.nix @@ -0,0 +1,42 @@ +{ inputs, pkgs, lib, config, ... }: + +with lib; let + cfg = config.modules.pelican-wings; +in { + options = { + modules.pelican-wings = { + enable = mkEnableOption "Pelican Wings"; + }; + }; + + config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = [ 8080 8443 ]; + + virtualisation.docker.enable = true; + + environment.systemPackages = [ + ( pkgs.callPackage ./package.nix {} ) + ]; + + systemd.services.pelican-wings = { + description = "Wings Daemon"; + after = [ "docker.service" ]; + requires = [ "docker.service" ]; + partOf = [ "docker.service" ]; + + serviceConfig = { + User = "root"; + WorkingDirectory = "/etc/pelican"; + LimitNOFILE = 4096; + PIDFile = "/var/run/wings/daemon.pid"; + ExecStart = "/run/current-system/sw/bin/wings"; + Restart = "on-failure"; + startLimitInterval = 180; + startLimitBurst = 30; + RestartSec = "5"; + }; + + wantedBy = [ "multi-user.target" ]; + }; + }; +} \ No newline at end of file From de1aea7abddb43318ed9df75ae7a0acc46606b14 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 9 Dec 2024 23:08:39 +0000 Subject: [PATCH 656/826] feat: got teh panel working --- applications/pelican/nginx.nix | 29 ++- ...-install.nix => pelican-panel-install.nix} | 10 +- ...an-update.nix => pelican-panel-update.nix} | 10 +- .../package.nix => pelican-wing-package.nix} | 15 +- applications/pelican/pelican.nix | 244 ++++++++++++++++++ flake.nix | 4 + machines/{retired => }/optimus.nix | 10 +- 7 files changed, 294 insertions(+), 28 deletions(-) rename applications/pelican/{panel/pelican-install.nix => pelican-panel-install.nix} (93%) rename applications/pelican/{panel/pelican-update.nix => pelican-panel-update.nix} (95%) rename applications/pelican/{wings/package.nix => pelican-wing-package.nix} (73%) create mode 100644 applications/pelican/pelican.nix rename machines/{retired => }/optimus.nix (79%) diff --git a/applications/pelican/nginx.nix b/applications/pelican/nginx.nix index b1bb259..587db71 100644 --- a/applications/pelican/nginx.nix +++ b/applications/pelican/nginx.nix @@ -1,6 +1,10 @@ -{ lib, config, pkgs, ... }: -with lib; -let +{ + lib, + config, + pkgs, + ... +}: +with lib; let appUser = "nginx"; name = "panel"; module = "pelican-panel"; @@ -8,15 +12,14 @@ let serverName = "${name}."; dataDir = "/var/www/pelican/public"; port = 443; -in -{ +in { options.modules.nginx.${name} = { enable = mkEnableOption "Enable ${name}"; }; config = mkIf cfg.enable { modules.${module}.enable = true; - networking.firewall.allowedTCPPorts = [ port ]; + networking.firewall.allowedTCPPorts = [port]; services.phpfpm.pools.${appUser} = { user = appUser; @@ -36,7 +39,13 @@ in services.nginx.virtualHosts."${serverName}" = { root = "${dataDir}"; - listen = [{ inherit port; addr="0.0.0.0"; ssl=true; }]; + listen = [ + { + inherit port; + addr = "0.0.0.0"; + ssl = true; + } + ]; forceSSL = true; enableACME = true; @@ -71,7 +80,7 @@ in extraConfig = '' try_files $uri $uri/ /index.php?$query_string; ''; - }; + }; "/favicon.ico".extraConfig = '' access_log off; @@ -83,7 +92,7 @@ in log_not_found off; ''; - "~ \\.php$" = { + "~ \\.php$" = { extraConfig = '' fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:${config.services.phpfpm.pools.${appUser}.socket}; @@ -107,4 +116,4 @@ in }; }; }; -} \ No newline at end of file +} diff --git a/applications/pelican/panel/pelican-install.nix b/applications/pelican/pelican-panel-install.nix similarity index 93% rename from applications/pelican/panel/pelican-install.nix rename to applications/pelican/pelican-panel-install.nix index 75e3f53..da372e4 100644 --- a/applications/pelican/panel/pelican-install.nix +++ b/applications/pelican/pelican-panel-install.nix @@ -1,5 +1,7 @@ -{ pkgs, dir }: - +{ + pkgs, + dir, +}: pkgs.writeShellScriptBin "pelican-install" '' DIR=${dir} @@ -22,7 +24,7 @@ pkgs.writeShellScriptBin "pelican-install" '' echo "Setting permissions ..." chmod -R 755 storage/* bootstrap/cache/ - chown -R nginx:nginx $DIR + chown -R nginx:acme $DIR echo "Pelican panel installed successfully" -'' \ No newline at end of file +'' diff --git a/applications/pelican/panel/pelican-update.nix b/applications/pelican/pelican-panel-update.nix similarity index 95% rename from applications/pelican/panel/pelican-update.nix rename to applications/pelican/pelican-panel-update.nix index d359d44..a159659 100644 --- a/applications/pelican/panel/pelican-update.nix +++ b/applications/pelican/pelican-panel-update.nix @@ -1,5 +1,7 @@ -{ pkgs, dir }: - +{ + pkgs, + dir, +}: pkgs.writeShellScriptBin "pelican-update" '' DIR=${dir} @@ -34,7 +36,7 @@ pkgs.writeShellScriptBin "pelican-update" '' php artisan migrate --seed --force echo "Setting permissions ..." - chown -R nginx:nginx $DIR + chown -R nginx:acme $DIR echo "Restart Pelican queue service ..." systemctl restart pelican-queue.service @@ -43,4 +45,4 @@ pkgs.writeShellScriptBin "pelican-update" '' php artisan up echo "Pelican panel updated successfully" -'' \ No newline at end of file +'' diff --git a/applications/pelican/wings/package.nix b/applications/pelican/pelican-wing-package.nix similarity index 73% rename from applications/pelican/wings/package.nix rename to applications/pelican/pelican-wing-package.nix index fa483e9..088ed4f 100644 --- a/applications/pelican/wings/package.nix +++ b/applications/pelican/pelican-wing-package.nix @@ -1,5 +1,10 @@ -{ stdenv, lib, fetchurl, docker, gnutar }: - +{ + stdenv, + lib, + fetchurl, + docker, + gnutar, +}: stdenv.mkDerivation rec { pname = "pelican-wings"; version = "v1.0.0-beta6"; @@ -9,11 +14,11 @@ stdenv.mkDerivation rec { hash = "sha256-a2T4BjqS8Hy5YqwDEJpbvGqqsrVjdRhxvJLgk3MCXag="; }; - buildInputs = [ docker gnutar ]; + buildInputs = [docker gnutar]; - phases = [ "installPhase" ]; + phases = ["installPhase"]; installPhase = '' install -D $src $out/bin/wings ''; -} \ No newline at end of file +} diff --git a/applications/pelican/pelican.nix b/applications/pelican/pelican.nix new file mode 100644 index 0000000..395f155 --- /dev/null +++ b/applications/pelican/pelican.nix @@ -0,0 +1,244 @@ +{ + inputs, + pkgs, + lib, + config, + ... +}: +with lib; let + name = "pelican"; + cfg = config.services.skynet."${name}"; + php_pool = name; + domain_panel = "${cfg.panel.domain.sub}.${cfg.panel.domain.base}.${cfg.panel.domain.tld}"; +in { + imports = [ + ]; + + options.services.skynet."${name}" = { + panel = { + enable = mkEnableOption "Pelican Panel"; + + dir = mkOption { + type = types.str; + default = "/var/www/pelican"; + }; + + domain = { + tld = mkOption { + type = types.str; + default = "ie"; + }; + + base = mkOption { + type = types.str; + default = "skynet"; + }; + + sub = mkOption { + type = types.str; + #default = name; + default = "panel-test"; + }; + }; + }; + + wing = { + enable = mkEnableOption "Pelican Wing"; + }; + }; + + config = mkMerge [ + (mkIf cfg.panel.enable { + services.skynet.acme.domains = [ + domain_panel + ]; + + # using https://nixos.org/manual/nixos/stable/index.html#module-services-gitlab as a guide + services.skynet.dns.records = [ + { + record = cfg.panel.domain.sub; + r_type = "CNAME"; + value = config.services.skynet.host.name; + } + ]; + + environment.systemPackages = let + dir = cfg.panel.dir; + in [ + pkgs.curl + pkgs.gnutar + pkgs.unzip + pkgs.php83 + pkgs.php83Packages.composer + pkgs.php83Extensions.gd + pkgs.php83Extensions.mysqli + pkgs.php83Extensions.mbstring + pkgs.php83Extensions.bcmath + pkgs.php83Extensions.xml + pkgs.php83Extensions.curl + pkgs.php83Extensions.zip + pkgs.php83Extensions.intl + pkgs.php83Extensions.sqlite3 + (import ./pelican-panel-install.nix { + inherit pkgs; + inherit dir; + }) + (import ./pelican-panel-update.nix { + inherit pkgs; + inherit dir; + }) + ]; + + systemd.timers."pelican-cron" = { + wantedBy = ["timers.target"]; + timerConfig = { + OnBootSec = "5m"; + OnUnitActiveSec = "1m"; + Unit = "pelican-cron.service"; + }; + }; + + systemd.services."pelican-cron" = { + script = '' + ${pkgs.php83}/bin/php ${cfg.panel.dir}/artisan schedule:run >> /dev/null 2>&1 + ''; + serviceConfig = { + Type = "oneshot"; + }; + }; + + systemd.services.pelican-queue = { + wantedBy = ["multi-user.target"]; + serviceConfig = { + User = config.services.nginx.user; + Group = config.services.nginx.group; + Restart = "always"; + ExecStart = "${pkgs.php83}/bin/php -q ${cfg.panel.dir}/artisan queue:work --tries=3"; + startLimitInterval = 180; + startLimitBurst = 30; + RestartSec = "5"; + }; + }; + + services.phpfpm.pools.${php_pool} = { + user = config.services.nginx.user; + group = config.services.nginx.group; + settings = { + "listen.owner" = config.services.nginx.user; + "listen.group" = config.services.nginx.group; + "listen.mode" = "0600"; + "pm" = "dynamic"; + "pm.max_children" = 75; + "pm.start_servers" = 10; + "pm.min_spare_servers" = 5; + "pm.max_spare_servers" = 20; + "pm.max_requests" = 500; + "catch_workers_output" = 1; + }; + }; + + services.nginx.virtualHosts."${domain_panel}" = { + root = "${cfg.panel.dir}/public"; + + forceSSL = true; + useACMEHost = "skynet"; + + extraConfig = '' + index index.html index.htm index.php; + charset utf-8; + + access_log off; + error_log /var/log/nginx/pelican.app-error.log error; + + client_max_body_size 100m; + client_body_timeout 120s; + + sendfile off; + + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; + ssl_prefer_server_ciphers on; + + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header Content-Security-Policy "frame-ancestors 'self'"; + add_header X-Frame-Options DENY; + add_header Referrer-Policy same-origin; + ''; + + locations = { + "/" = { + extraConfig = '' + try_files $uri $uri/ /index.php?$query_string; + ''; + }; + + "/favicon.ico".extraConfig = '' + access_log off; + log_not_found off; + ''; + + "/robots.txt".extraConfig = '' + access_log off; + log_not_found off; + ''; + + "~ \\.php$" = { + extraConfig = '' + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:${config.services.phpfpm.pools.${php_pool}.socket}; + fastcgi_index index.php; + include ${config.services.nginx.package}/conf/fastcgi_params; + fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M"; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param HTTP_PROXY ""; + fastcgi_intercept_errors off; + fastcgi_buffer_size 16k; + fastcgi_buffers 4 16k; + fastcgi_connect_timeout 300; + fastcgi_send_timeout 300; + fastcgi_read_timeout 300; + ''; + }; + + "~ /\\.ht".extraConfig = '' + deny all; + ''; + }; + }; + }) + + (mkIf cfg.wing.enable { + networking.firewall.allowedTCPPorts = [8080 8443]; + + virtualisation.docker.enable = true; + + environment.systemPackages = [ + (pkgs.callPackage ./pelican-wing-package.nix {}) + ]; + + systemd.services.pelican-wings = { + description = "Wings Daemon"; + after = ["docker.service"]; + requires = ["docker.service"]; + partOf = ["docker.service"]; + + serviceConfig = { + User = "root"; + WorkingDirectory = "/etc/pelican"; + LimitNOFILE = 4096; + PIDFile = "/var/run/wings/daemon.pid"; + ExecStart = "/run/current-system/sw/bin/wings"; + Restart = "on-failure"; + startLimitInterval = 180; + startLimitBurst = 30; + RestartSec = "5"; + }; + + wantedBy = ["multi-user.target"]; + }; + }) + ]; +} diff --git a/flake.nix b/flake.nix index 6ae4c98..bf876fe 100644 --- a/flake.nix +++ b/flake.nix @@ -148,6 +148,10 @@ # metrics ariia = import ./machines/ariia.nix; + + + # games server - panel/host + optimus = import ./machines/optimus.nix; }; }; } diff --git a/machines/retired/optimus.nix b/machines/optimus.nix similarity index 79% rename from machines/retired/optimus.nix rename to machines/optimus.nix index 6f36726..e766795 100644 --- a/machines/retired/optimus.nix +++ b/machines/optimus.nix @@ -16,8 +16,8 @@ Notes: ... }: let # name of the server, sets teh hostname and record for it - name = "optimus"; - ip_pub = "193.1.99.112"; + name = "optimus-test"; + ip_pub = "193.1.99.85"; hostname = "${name}.skynet.ie"; host = { ip = ip_pub; @@ -26,7 +26,7 @@ Notes: }; in { imports = [ - ../applications/games.nix + ../applications/pelican/pelican.nix ]; deployment = { @@ -39,7 +39,7 @@ in { services.skynet = { host = host; - backup.enable = true; - games.enable = true; + #backup.enable = true; + pelican.panel.enable = true; }; } From 58787628d224ac8b139306e5b20ca06fbe202d1b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 10 Dec 2024 00:43:48 +0000 Subject: [PATCH 657/826] nix: fmt --- applications/pelican/panel/panel.nix | 39 ++++++++++++++++++---------- applications/pelican/wings/wings.nix | 23 +++++++++------- 2 files changed, 39 insertions(+), 23 deletions(-) diff --git a/applications/pelican/panel/panel.nix b/applications/pelican/panel/panel.nix index c5bc198..a1bcfd4 100644 --- a/applications/pelican/panel/panel.nix +++ b/applications/pelican/panel/panel.nix @@ -1,5 +1,10 @@ -{ inputs, pkgs, lib, config, ... }: - +{ + inputs, + pkgs, + lib, + config, + ... +}: with lib; let cfg = config.modules.pelican-panel; dir = "/var/www/pelican"; @@ -26,12 +31,18 @@ in { pkgs.php83Extensions.zip pkgs.php83Extensions.intl pkgs.php83Extensions.sqlite3 - ( import ./pelican-install.nix { inherit pkgs; inherit dir; } ) - ( import ./pelican-update.nix { inherit pkgs; inherit dir; } ) + (import ./pelican-install.nix { + inherit pkgs; + inherit dir; + }) + (import ./pelican-update.nix { + inherit pkgs; + inherit dir; + }) ]; systemd.timers."pelican-cron" = { - wantedBy = [ "timers.target" ]; + wantedBy = ["timers.target"]; timerConfig = { OnBootSec = "5m"; OnUnitActiveSec = "1m"; @@ -49,16 +60,16 @@ in { }; systemd.services.pelican-queue = { - wantedBy = [ "multi-user.target" ]; + wantedBy = ["multi-user.target"]; serviceConfig = { - User = "nginx"; - Group = "nginx"; - Restart = "always"; - ExecStart = "${pkgs.php83}/bin/php ${dir}/artisan queue:work --tries=3"; - startLimitInterval = 180; - startLimitBurst = 30; - RestartSec = "5"; + User = "nginx"; + Group = "nginx"; + Restart = "always"; + ExecStart = "${pkgs.php83}/bin/php ${dir}/artisan queue:work --tries=3"; + startLimitInterval = 180; + startLimitBurst = 30; + RestartSec = "5"; }; }; }; -} \ No newline at end of file +} diff --git a/applications/pelican/wings/wings.nix b/applications/pelican/wings/wings.nix index 0dd8b24..af32740 100644 --- a/applications/pelican/wings/wings.nix +++ b/applications/pelican/wings/wings.nix @@ -1,5 +1,10 @@ -{ inputs, pkgs, lib, config, ... }: - +{ + inputs, + pkgs, + lib, + config, + ... +}: with lib; let cfg = config.modules.pelican-wings; in { @@ -10,19 +15,19 @@ in { }; config = mkIf cfg.enable { - networking.firewall.allowedTCPPorts = [ 8080 8443 ]; + networking.firewall.allowedTCPPorts = [8080 8443]; virtualisation.docker.enable = true; environment.systemPackages = [ - ( pkgs.callPackage ./package.nix {} ) + (pkgs.callPackage ./package.nix {}) ]; systemd.services.pelican-wings = { description = "Wings Daemon"; - after = [ "docker.service" ]; - requires = [ "docker.service" ]; - partOf = [ "docker.service" ]; + after = ["docker.service"]; + requires = ["docker.service"]; + partOf = ["docker.service"]; serviceConfig = { User = "root"; @@ -36,7 +41,7 @@ in { RestartSec = "5"; }; - wantedBy = [ "multi-user.target" ]; + wantedBy = ["multi-user.target"]; }; }; -} \ No newline at end of file +} From 34b2ef6a8464b811b003f93a5f19c502d9939148 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 10 Dec 2024 00:44:38 +0000 Subject: [PATCH 658/826] feat: got teh wing working its not 100% ready for prod yet as there is no way to transfer from ptero yet --- applications/pelican/Notes.md | 16 +++++++++++++++ applications/pelican/pelican.nix | 35 ++++++++++++++++++++++++++++++++ flake.nix | 5 ++--- machines/optimus.nix | 8 +++++++- 4 files changed, 60 insertions(+), 4 deletions(-) create mode 100644 applications/pelican/Notes.md diff --git a/applications/pelican/Notes.md b/applications/pelican/Notes.md new file mode 100644 index 0000000..8516be7 --- /dev/null +++ b/applications/pelican/Notes.md @@ -0,0 +1,16 @@ +# Notes on Pelican + +## Panel + +* ``pelican-install`` is in env that can be used to isntall +* then go to ``panel-address.skynet.ie/installer`` to finish the setup + +## Wing + +In the config the ssl must be set as so: +```yaml + ssl: + enabled: true + cert: /var/lib/acme/skynet/fullchain.pem + key: /var/lib/acme/skynet/key.pem +``` \ No newline at end of file diff --git a/applications/pelican/pelican.nix b/applications/pelican/pelican.nix index 395f155..e0ecce1 100644 --- a/applications/pelican/pelican.nix +++ b/applications/pelican/pelican.nix @@ -44,6 +44,10 @@ in { wing = { enable = mkEnableOption "Pelican Wing"; + + node_name = mkOption { + type = types.str; + }; }; }; @@ -211,6 +215,26 @@ in { }) (mkIf cfg.wing.enable { + services.skynet.acme.domains = [ + "${cfg.wing.node_name}.${domain_panel}" + ]; + + # using https://nixos.org/manual/nixos/stable/index.html#module-services-gitlab as a guide + services.skynet.dns.records = [ + { + record = "${cfg.wing.node_name}.${cfg.panel.domain.sub}"; + r_type = "CNAME"; + value = config.services.skynet.host.name; + } + ]; + services.nginx.virtualHosts = { + "${cfg.wing.node_name}.${domain_panel}" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/".proxyPass = "http://127.0.0.1:8080"; + }; + }; + networking.firewall.allowedTCPPorts = [8080 8443]; virtualisation.docker.enable = true; @@ -219,6 +243,17 @@ in { (pkgs.callPackage ./pelican-wing-package.nix {}) ]; + users.groups.pelican = {}; + users.users.pelican = { + #createHome = true; + isSystemUser = true; + #home = "/etc/pelican"; + group = "pelican"; + extraGroups = ["docker" "acme"]; + # X11 is to ensure the directory can be traversed + #homeMode = "711"; + }; + systemd.services.pelican-wings = { description = "Wings Daemon"; after = ["docker.service"]; diff --git a/flake.nix b/flake.nix index bf876fe..6699f9e 100644 --- a/flake.nix +++ b/flake.nix @@ -149,9 +149,8 @@ # metrics ariia = import ./machines/ariia.nix; - - # games server - panel/host - optimus = import ./machines/optimus.nix; + # games server - panel/host + optimus = import ./machines/optimus.nix; }; }; } diff --git a/machines/optimus.nix b/machines/optimus.nix index e766795..dbc085a 100644 --- a/machines/optimus.nix +++ b/machines/optimus.nix @@ -40,6 +40,12 @@ in { services.skynet = { host = host; #backup.enable = true; - pelican.panel.enable = true; + pelican = { + panel.enable = true; + wing = { + enable = true; + node_name = "node01"; + }; + }; }; } From 88db47d13d87768245e759a4666b7b305f1bf160 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 1 Jan 2025 18:58:37 +0000 Subject: [PATCH 659/826] feat: set the panel folder to a better path --- applications/pelican/pelican.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/pelican/pelican.nix b/applications/pelican/pelican.nix index e0ecce1..32dadb6 100644 --- a/applications/pelican/pelican.nix +++ b/applications/pelican/pelican.nix @@ -20,7 +20,7 @@ in { dir = mkOption { type = types.str; - default = "/var/www/pelican"; + default = "/var/lib/pelican_panel"; }; domain = { From d9ce8c5a793809adcc29f4562b4eda2016b93750 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 1 Jan 2025 18:59:15 +0000 Subject: [PATCH 660/826] feat: panel now installs properly when enabled --- applications/pelican/pelican.nix | 91 +++++++++++++++++++++++--------- 1 file changed, 65 insertions(+), 26 deletions(-) diff --git a/applications/pelican/pelican.nix b/applications/pelican/pelican.nix index 32dadb6..4360334 100644 --- a/applications/pelican/pelican.nix +++ b/applications/pelican/pelican.nix @@ -10,6 +10,30 @@ with lib; let cfg = config.services.skynet."${name}"; php_pool = name; domain_panel = "${cfg.panel.domain.sub}.${cfg.panel.domain.base}.${cfg.panel.domain.tld}"; + + packages = let + dir = cfg.panel.dir; + in [ + pkgs.curl + pkgs.gnutar + pkgs.unzip + pkgs.gzip + pkgs.php83 + pkgs.php83Packages.composer + pkgs.php83Extensions.gd + pkgs.php83Extensions.mysqli + pkgs.php83Extensions.mbstring + pkgs.php83Extensions.bcmath + pkgs.php83Extensions.xml + pkgs.php83Extensions.curl + pkgs.php83Extensions.zip + pkgs.php83Extensions.intl + pkgs.php83Extensions.sqlite3 + (import ./pelican-panel-update.nix { + inherit pkgs; + inherit dir; + }) + ]; in { imports = [ ]; @@ -66,32 +90,7 @@ in { } ]; - environment.systemPackages = let - dir = cfg.panel.dir; - in [ - pkgs.curl - pkgs.gnutar - pkgs.unzip - pkgs.php83 - pkgs.php83Packages.composer - pkgs.php83Extensions.gd - pkgs.php83Extensions.mysqli - pkgs.php83Extensions.mbstring - pkgs.php83Extensions.bcmath - pkgs.php83Extensions.xml - pkgs.php83Extensions.curl - pkgs.php83Extensions.zip - pkgs.php83Extensions.intl - pkgs.php83Extensions.sqlite3 - (import ./pelican-panel-install.nix { - inherit pkgs; - inherit dir; - }) - (import ./pelican-panel-update.nix { - inherit pkgs; - inherit dir; - }) - ]; + environment.systemPackages = packages; systemd.timers."pelican-cron" = { wantedBy = ["timers.target"]; @@ -124,6 +123,46 @@ in { }; }; + systemd.services.pelican-panel-setup = { + wantedBy = ["pelican-queue.target" "pelican-cron.target"]; + partOf = []; + path = packages; + serviceConfig = { + Type = "oneshot"; + User = "root"; + Group = "root"; + TimeoutSec = "infinity"; + Restart = "on-failure"; + RemainAfterExit = true; + ExecStart = pkgs.writeShellScript "pelican-panel-install" '' + DIR=${cfg.panel.dir} + + echo "Installing Pelican panel to $DIR ..." + if [ -d $DIR ]; then + echo "Directory $DIR already exists, exiting" + exit 1 + fi + echo "Creating directory ..." + mkdir -p $DIR + cd $DIR + + echo "Downloading Pelican panel ..." + curl -L https://github.com/pelican-dev/panel/releases/latest/download/panel.tar.gz | tar -xzv + echo "Installing Pelican panel using composer ..." + yes | composer install --no-dev --optimize-autoloader + + echo "Setting up the environment ..." + yes "" | php artisan p:environment:setup + + echo "Setting permissions ..." + chmod -R 755 storage/* bootstrap/cache/ + chown -R ${config.services.nginx.user}:${config.services.nginx.group} $DIR + + echo "Pelican panel installed successfully" + ''; + }; + }; + services.phpfpm.pools.${php_pool} = { user = config.services.nginx.user; group = config.services.nginx.group; From 55fe2c81edbbc861613b48a7a7bc61715b48b883 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 1 Jan 2025 19:32:47 +0000 Subject: [PATCH 661/826] feat: by default the wing will look in a specific location for teh certs, which isnt teh right one for us, so provide a symlink to teh right ones --- applications/pelican/pelican.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/applications/pelican/pelican.nix b/applications/pelican/pelican.nix index 4360334..1232b4e 100644 --- a/applications/pelican/pelican.nix +++ b/applications/pelican/pelican.nix @@ -313,6 +313,11 @@ in { wantedBy = ["multi-user.target"]; }; + + systemd.tmpfiles.rules = [ + "L+ /etc/letsencrypt/live/${cfg.wing.node_name}.${domain_panel}/fullchain.pem - pelican acme - /var/lib/acme/skynet/fullchain.pem" + "L+ /etc/letsencrypt/live/${cfg.wing.node_name}.${domain_panel}/privkey.pem - pelican acme - /var/lib/acme/skynet/key.pem" + ]; }) ]; } From e9bc5e389b9055307ff0d680b17e0aae389fd168 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 1 Jan 2025 19:38:06 +0000 Subject: [PATCH 662/826] feat: some changes to begin to switch over to the new panel --- applications/pelican/pelican.nix | 2 +- config/dns.nix | 22 +++++++++++----------- machines/optimus.nix | 2 +- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/applications/pelican/pelican.nix b/applications/pelican/pelican.nix index 1232b4e..a03980d 100644 --- a/applications/pelican/pelican.nix +++ b/applications/pelican/pelican.nix @@ -61,7 +61,7 @@ in { sub = mkOption { type = types.str; #default = name; - default = "panel-test"; + default = "panel.games"; }; }; }; diff --git a/config/dns.nix b/config/dns.nix index 8383746..30f2b85 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -32,17 +32,17 @@ value = "193.1.99.114"; server = true; } - { - record = "optimus"; - r_type = "A"; - value = "193.1.99.90"; - server = true; - } - { - record = "panel.games"; - r_type = "CNAME"; - value = "optimus"; - } +# { +# record = "optimus"; +# r_type = "A"; +# value = "193.1.99.90"; +# server = true; +# } +# { +# record = "panel.games"; +# r_type = "CNAME"; +# value = "optimus"; +# } { record = "bumblebee"; r_type = "A"; diff --git a/machines/optimus.nix b/machines/optimus.nix index dbc085a..a30296e 100644 --- a/machines/optimus.nix +++ b/machines/optimus.nix @@ -16,7 +16,7 @@ Notes: ... }: let # name of the server, sets teh hostname and record for it - name = "optimus-test"; + name = "optimus"; ip_pub = "193.1.99.85"; hostname = "${name}.skynet.ie"; host = { From a0ba2d09031247df6851ffb916ce697fd01b2cb2 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 2 Jan 2025 22:19:39 +0000 Subject: [PATCH 663/826] fix: optimus will occupy the same ip address as its predicessor --- machines/optimus.nix | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/machines/optimus.nix b/machines/optimus.nix index a30296e..40c6e85 100644 --- a/machines/optimus.nix +++ b/machines/optimus.nix @@ -17,7 +17,7 @@ Notes: }: let # name of the server, sets teh hostname and record for it name = "optimus"; - ip_pub = "193.1.99.85"; + ip_pub = "193.1.99.90"; hostname = "${name}.skynet.ie"; host = { ip = ip_pub; @@ -39,13 +39,9 @@ in { services.skynet = { host = host; - #backup.enable = true; + backup.enable = true; pelican = { panel.enable = true; - wing = { - enable = true; - node_name = "node01"; - }; }; }; } From 7b3fc3a5e1570188ec1085dd264ff84869065b77 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 2 Jan 2025 22:19:55 +0000 Subject: [PATCH 664/826] feat: bumblebee created --- config/dns.nix | 12 ++--- flake.nix | 5 +- machines/bumblebee.nix | 50 ++++++++++++++++++ secrets/backup/restic.age | Bin 2870 -> 2870 bytes secrets/discord/token.age | Bin 1204 -> 1204 bytes secrets/dns_certs.secret.age | 100 +++++++++++++++++------------------ secrets/secrets.nix | 28 ++-------- 7 files changed, 113 insertions(+), 82 deletions(-) create mode 100644 machines/bumblebee.nix diff --git a/config/dns.nix b/config/dns.nix index 30f2b85..0e96e8e 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -43,12 +43,12 @@ # r_type = "CNAME"; # value = "optimus"; # } - { - record = "bumblebee"; - r_type = "A"; - value = "193.1.99.91"; - server = true; - } +# { +# record = "bumblebee"; +# r_type = "A"; +# value = "193.1.99.91"; +# server = true; +# } { record = "minecraft.compsoc.games"; r_type = "CNAME"; diff --git a/flake.nix b/flake.nix index 6699f9e..65b0d23 100644 --- a/flake.nix +++ b/flake.nix @@ -149,8 +149,11 @@ # metrics ariia = import ./machines/ariia.nix; - # games server - panel/host + # games server - panel optimus = import ./machines/optimus.nix; + + # games server - host + bumblebee = import ./machines/bumblebee.nix; }; }; } diff --git a/machines/bumblebee.nix b/machines/bumblebee.nix new file mode 100644 index 0000000..fcdf70f --- /dev/null +++ b/machines/bumblebee.nix @@ -0,0 +1,50 @@ +/* + +Name: https://en.wikipedia.org/wiki/Optimus_Prime +Why: Created to sell toys so this vm is for games +Type: VM +Hardware: - +From: 2023 +Role: Game host +Notes: +*/ +{ + pkgs, + lib, + nodes, + arion, + ... +}: let + # name of the server, sets teh hostname and record for it + name = "bumblebee"; + ip_pub = "193.1.99.91"; + hostname = "${name}.skynet.ie"; + host = { + ip = ip_pub; + name = name; + hostname = hostname; + }; +in { + imports = [ + ../applications/pelican/pelican.nix + ]; + + deployment = { + targetHost = hostname; + targetPort = 22; + targetUser = null; + + tags = ["active"]; + }; + + services.skynet = { + host = host; + backup.enable = true; + pelican = { + wing = { + enable = true; + node_name = "node01"; + }; + }; + }; +} diff --git a/secrets/backup/restic.age b/secrets/backup/restic.age index 75ee0c0091f7e881192ae9a497c868ef1300017b..1910186cc84b9ad68af9ec481b3e011288dceaf7 100644 GIT binary patch literal 2870 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5sa%&+;w~ zsj>|6P4)FN@y-r(&NMZ%bPWvkEb=U}Og5=X&(2H=^a(FB&gKdza4zyrPINI(H4G0l zOmqve@QVzn^v_DQ@J;bEk23K$j0`M`h|rJn%0{=%B%mrPKV8AxIWi>4$jmgdB-Gu~ z%-6&)BQVQAJHtQQ%hfW|T-&nDvMjAQ#ksO7Ba|zt%E!YuH@vdU*(@z0tH3SLC^^x~ z-=oMfT)V2+u{@-#tT4$qGAzqGG8Emm6i0)ypmc>qvkc>+oCs&<@X~Nc<4ngCuMi9U zvg|;Us3Oa(EWgl_ zuwb*&O0y)>V#mTlQ&)7`O#MZ3nI$1w7m-T zbJL40eJ#*!E3`=UN>5kNPA)D8OHYgPC^0h#b~gz!a!k%DH_5B;4KqtLbn$j|2{KM8 zOSW)#b2H!yF3&Pf35X~)aSAC<3Uvy|%&E#vGtACR3EE(yy>^OE-*6Pd7og z%{#2fqNrTKw?e6Hgx(r@$m9^ORCE4{v?_%-oVlGZ)98sw@kxs?;L0N~e4$ zeV>f1DubxPT+0XpOOL{&T!S#D@Ce_?0FM&?yin5!uOwe|+w|R&Ow$7uilSU{94nGD zvJx#*g3bI&^Y#7m-O^L@-7E9FN|Q|e3O&;!i=ETT@{P*5Li1BABZJdD!W@0fO${=V z!;MX=vdYba(#i|NokM+$4HAcC~>PYt}-tu%1BDe@=6I!jdD%qDlM@HGj%u9cX9SC3w1UzDa} z+@(0oGtIa#pdbv3Uy9F4RIaekcWE7jF zmYQOeCB7LRzLAa!`eh}~X&%~%nPG<7UIjruxs@d*?q)^WnN>lder1k^fx%S)j#ZHc z8P4TgxsD!&0VSdS*(s)hk^WVdg(c>ORmB#CX{M>UhT$ejX4)wRL8+nX<*pd1#5lDm z+@oB<+1JC^w=hH7A|Tl;A}6@gqa?5(%-biaDlsY4#JIGi(7Y_ipe#4kvOJP2z&FD& zEYd7FGAqj8JHRi=)z`n=&BZM=s6@X!C^$PQ%-q+o%G; z{AVWXbvh0d-zmQVX6pVQDta9`%bX3T(G^#AkDNQTMbjMaCWxroI8e=8^9Di5Xc*fi6B}PDut4 zW???*SuSB|d5NBRfm|6SY3b&np{}{6nI5jiuKt$hc}eFA>RRP}SCP`_zd4|qL zX(#izuw%s3#ctkSo*(9AF?BdoMI-7zaD$k^9ArPxP5DQB%h{~5BC{&j(8t_0)hR!~Dbml<&)7FLI3>iiDk3O7!#6M@2P2gP z7rHp*Ix2WX8Hf6qI$1=O1v=%qCI`70Rh1d}r>2;fq-AfTivdxV= zTmmXea`lTseZuv%{hd9ET@2EFwNp)!jSZ7sQ(e=OxpGp%waaomax>GD%+lS1Q%%i7 z%=H7ZQiA-=9SZ{8i%o(9oKy0`4ZQu5(c>*O$JsSCT_LKf(9JO{DAFa&Bp|%9I4|2P z+sM(t+^yI>yuc#7BF!twCBnS2)G@WPoU1I$tT@WWG|9L)Ah^7+AU(0NvOFt0-z~*A zDmNs{!Xvn_FfGV0I6T7#BfnXcMOiurD&(f*7-afHL>V~x`Wu>BxLQ^jyShYqM!0Bu zQo0h-H|2M!spbkyD~ao=;vN zm#(g^f>BAbOQy4Bs83F2wwH5acv66qg>jjWmv>o2wwr;0Yd~UXh(S<9WWKuzmwUZq zvfZn2FZOo=qD3>Sj~nkj>{=#x%kpxd;ORYy!n=#+JA@fq9bbGp;!c0Zn<$r(0%Zod zug?z$1RmMjoG~^2^i=JWzA}>ew)yn!8TUTFecHR;Q$JI+aPQ)|)dGzRWtnI1 z+#d6P=8huT-kJ literal 2870 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5tlPjmp&z z3NjB1ugG-^NUyA{$aV59NYAWHF?V(~FE8}UGS&|AGRRMKa^*4z4@$|kOw!LyOHIqF za4YfiD)R|QvdpzCFLF&v^vg3Y2s1Qxtu!~SvOu@ZB%mrPKV8Aqywb-o!!$C?G|DU8 zE3D8$+a$n0(f1u(lk8Pt(dDc#NXS)AUV>xqFg`Mvpn3-GCjS@ zP}|Kn&#}xP#5FxEKRqWrB-}YWEg9Xm6i0)ypmc>C%XB|yi?Hx0rzBI4ip~h)`qm@X-81b}CpIm5`ZIPPkpA{HTR_W=J7?o^ZS?X<=6Xcp{l4k5? zXkwY@?#Pv%ZBbfQWvm}y?604ZYmr&(UTEr_>X;nhnC5GgW|W^39#B+L=H!tPn2v6n zcUX}{QMp27YMFkDL3uz@W{8Woc|fXrg}JL=o{^=yrM{1eezuc)xLcH=MMg$iMLAbR zW~F6Bs;{3f$#Wo6D;+1W{cj>TMw{{9)2UM>ax z>EXqOein|NsU;P;W~qkyCZVY*DPj7BeikW#Wu_rXmY(Rg>ANSHrUxoyr=`04=KDD6 zyLshjMrFAABpYQ`CcA`}7Wa91TUg2pG;!_Z5oD`H6 zl;`cCpX8V47+_N5lUnK$<{Iqdo}Fc!9-PjlU!Gi)os}Jx6;N)O>{j7lWn%7E5MWqn zP@Wo@7*v# z(orEVKO!w9$Sgf2-z2%j%}d|V#V|K1#4X6FDBZ}=J)<}z(A~n(JkhYKvYaa=sysa{ z*C5Q>wElYD; ztEvhOGF(l{yrK+E^Nsu>ll=3|Dh*N`U4lI-9bE!FeS*E+T)F(iy*wgJ3>}j*qasZ+ z{X;90^4v3BT+Kr(qI?aKjZN~5&5Auu-5s3*G2+d+&_BdIP{BDpEjX{tI4mL(V(!v*wi&IyUbEQy&^2kf-5hmG&eoj+b7G|EH&HBIXg2uIN!wB z#H36=EIHjPBBH3+J1MBb+tkAs!#2+HJ4CmY+ z_p}hlh{UR-!kjc;^fc*_WRO`9sNj`dSz2mdQC{j=6yX?Fl4+Tq;uYX)o@)`|>KtfU zS>WhunV6gEVr&@h$W>wL6PQz;nv(A2nw;mAo8p;j>0Tb1l#-K@?pIKmT%7CZ@0}TB znrPvSQ7Ri3xe$R27w`78+{%MkM8@xdny$hv-KZXN3A>m!$YtM)_JKMic}E z7lcQ6a+$iBx>$r71o#_dR~nh*2l<#J6`BMGcov#v6<1XF1>||SnEI3k1AI6o-M)v>g^peWVU%qcQiyTHrKC#=FR**z)G5#6>>SF^O_Km`M1 z_b}}s{hV@bH^*StyhK+cqe}lQ1MduflPI&)wDdxk;>3`!iV*EUPp(q0l46q}i{dDg zLca*F@U#?j3llf(oIsa=%21C&leB`wY+r5Dst99Wj2sZ@mRRAOu8{gNzUg2io z928RMo9656W?-3I5R{c4ky4gaoNMWmXc8LWo9dF8%%vR><(cPW9_&^YW4DZouJf`G6< zXRqAcq{t#|Pvf9$H&+*o+SH;f%F;PdAw4O~+25nm)hxNx!zkU^*)Px|E!!k0JuRTZ z!=Td4Hzd)q(7iCj(>U0Kt1Pgppft3k$gjAxs3gtZCt2S!GP2y$qbMN4%P%#vz&tR| z*DTeg%q$oqO%~-Am1UJHL=|R+MLPQC>X%lTa`rANACd!}VYl@wSed$@ROXJt7Bdg@!cg%lMy2N$F|7n>FYr58k&x@8t~ z>FVk#ct%y}2UnJ48VCB7XIr>MrDwYvnY-sFr)ETY8Tos9g!}kgn!A;nI~loh#jKF+ zyI{L+yTydM--~*Vo7IKCXe%lFZ)9L77_gjh4VdvO(vdA_+UjL0_ zrty?g$4bu-g|l0AzvNvFTEBLCVeF%vjDzP&%g?5zbiB#fd+Ti0-~5>mjKnv;E;MXg N;NWu2UrfHF3;>9gvl0LR diff --git a/secrets/discord/token.age b/secrets/discord/token.age index a346d9bd6dbec104b3b8803c7707cfe0daecc60e..1550f8cbca817587bb6d7299e16c2f8f89fef451 100644 GIT binary patch delta 1116 zcmdnOxrK9rPQ77dnnyrUqPL}oe`#r1R<2u?xrI?qVq|iXpI<;!c%_L!p+}fgMP`w^ zCzrXmziF7hu|ZI(MPX@Cfn$Y_vw=xycCM4VSww_KnsH=unMIXRrM88U0hg|wLUD11 zZfc5=si~o*f=NJCRDQaGeu|NAqFe0ZjQE>g^_DnQo4)h z#E;@(&iWSV20?*o=_Y<3LY_-ySXPCxmvK~9S!Hp)dA@mZkdt{)rnXNNu9>U0MXqI;mv3%%L0V#EuzRLqX;ij{WkIn^QcgjYE0?aWu0oM_ zdPRPiTW+XhnNgB!NKuY&wvlOytD(7JnNv}4T0xp)nP+ygcco*BE7wH%xD`h$g&rx$ z`ERMrWZ$e^^WxKWnYsl%scgUGmZ)BzrL`|}Lxt(*yW#amCI~6rZ`xzg9bc#2HT7J~ zEe+>PKZbkW_l+`Bw03L~Es|fQWs~K5Mv?Vm(lJfL;yqe6ciwMtoAc5s@Iz|LpM`=f zYZ>ZaYI%H{k{)8ZTxyHv$<_b(rNV#iwP{HJeTR3#RF_C6dq z^W5>oV*&dM#7^Ft8@cNAF|TE*{=uRO=Swg16_pnq72+uM-E=d7@5kX!mBx?%)#k7R E0CYo_egFUf delta 1116 zcmdnOxrK9rPQ7EYnO}0Gn_GHzewlMgrg5roafV@;X+UajzKL6MwnRDK}1xLesP4ScD{aKvRSfGNk*o5aoMJ|*daL1ty4UZ#Z^`6)#KG_l67$w5Oode7r-7L$p zT}<_h{ZrgreAB|yOe4Mgg0xHAy>la-ESwzOT-?HPgB-aEl3a}nQhh5z6Ai2M(~>+a za*b1s^CL1G)2p---6MT6vXb;8B6Ew3ye6Mvl&H_E@JLC`iOfs!uW)xs&ML?*HK+_S zFpG5e%kV7@ipqA>cQ!UFa7yzIF6MH|F)vIt2@FgzvZzchudK{Vadt^ga!D>rH}Ut$ zH!kxDFLB8Zb<2$M#0Y=yup*11as}hOjG_ty7t^G?2%~&2#}u=AA8!+XV*`%>Cy&C4 z5ED-)!yxlC?PT+Ss&p> z)YdOCu}n|ratz8f4#)@%^ezod4$Vp~_Dn5}$}z3*$TG{!*LJcn^)JjU&G#?&jZAk$ zx6ZT5(YMf1A=1*VDl5=8*(E$Xz_&CkC0D<+SU)GnK-=9cqs+-P#5~*3&&j|kr_jlf zE8DTi(IVfgK0Lr6tG`~1Cv&^j|J=oXJmFuVG@fFwf)Pg4V zyGVZ0YIu0*cg@}%3sx1JI=WlO>WJsD>Mo}U@4va#D+TM%YX?pGee9XSh6DfYSQ6hq zC~KT~j!QJ~N54_u{?p>Ei;o^mxLMt`$7Q+AYOxIAl&vla>egErc7dX zGwIAxpA|BKbC|??!e(g)#unWPIKNo`?PIw-FRSyb_AstV{JT%yI6LRC;f&R#jyGRA z9@KqwLwv)exz_s}T|&?NJGDjfekx-`_2q4uTGR6R diff --git a/secrets/dns_certs.secret.age b/secrets/dns_certs.secret.age index 02a18dc..f146486 100644 --- a/secrets/dns_certs.secret.age +++ b/secrets/dns_certs.secret.age @@ -1,51 +1,51 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA ikotG+f48KCxKj5DIdhwIEYHtspuBfGj9DvlXLchllk -TQ8OlL5uDpwnjveBk1RbpB+cCOpqlPQtOu7c0/LRiqw --> ssh-ed25519 4PzZog ptPetu+OMhjcqwIZD2EtPWojceX/p+xFRu8SdFBEBzk -5HKDrQTBiv+hTKhkLtnYOq7sUO8+dKOS52bXGjGXwxI --> ssh-ed25519 dA0vRg nQ1GTSQwHt806xrFMyqwQ86iBSLbgGDIL+GIWMD3AFw -OPyLNOxp5k40I4WvDStpKun/AdOuWZyEQLPyyFdqtcE --> ssh-ed25519 5Nd93w uYt44+U3T3DOThXDGvl5WPDPGj506O2Fc271qlw/lBo -tcRUll9+PIfcvcdvIzD8fcIU85+d8lw7ThPetfq24nU --> ssh-ed25519 q8eJgg wLIZSQp/YAKSohUD5NsbADyYua8p2qik9lRlzdvZuSk -f/b9Jt8Qk7dcor+5xczk7zRzOxTgknGYstcLQv7ztJA --> ssh-ed25519 KVr8rw InbHZ+pieHIQGGW3LOOfYHS+RkuXRMzxMblHHLOV9Cs -0oHx4kyD8AW5vgpds6EirGHeYznJ+z2WiGmn7+6bPww --> ssh-ed25519 fia1eQ UTuEfUIL1xVc5W/HSXpVvPxeQriwC6Tot1G0vRaT1XM -6mWM2A8DVPMKzp7ccqTj+3go39xsyKIHuu4zZypHD9c --> ssh-ed25519 /Gb5gQ Q6uPEnhxFPRulsd5YWVXfrVUJqSN3oM02g4yK2IYUQc -qqcy7z7RohVz/GDpB2FfjE2V42Bs023N6+G4qIJN9Bo --> ssh-ed25519 NtlN/A F4k9xBWDxeIS+v+DldjlN5e0WQmKH7Pt23XnKxkxTVQ -PgCuox8LSeYaamogydWcXyP4aVCQadeVfnjnFngWC+A --> ssh-ed25519 v2Y09A Dq/SngPnj9Or0XiVOoo7EQNdsh9mby1F9v2zSZOfMH8 -Y6J+nWC58lxZKc+wMFUGeymONf9LOxJhMonP1Vo/LMo --> ssh-ed25519 XSrA6w KnF8xhrzss3txgoF0JK84/M7b81NuFeB9Ir4590LYRw -jilyzwKpL/A4CmO/hMOMjZqPfwGsNYsngAw2trX7hKM --> ssh-ed25519 DVzSig A4EU6+2yqw3S2ISYUBbZYOq4xBEfXoEy1fTUhTzGXV8 -c6CyaaBcdHA6ZNdJApUcQT/ED0hQYPqqyvPF+zwCLME --> ssh-ed25519 MhHMYA ixDHJ+PFXFxsCu41Ye2Vwlk8wVlXofq2ztKIU9qxH0k -8JBxpk9/nQqR2y6i8GU9PpoHfyitJwIHxMr8nb2Y5As --> ssh-ed25519 uZzB3g zZAxSWF9i6321ifYiizQn6kvadhQ17/fNkYSgOyR+x4 -H5jsIQmgVgRoMRRQ11K17eD9HqU78CpKu5ylkgqrtq8 --> ssh-ed25519 CqOTGQ TzL9qPqBl8M3d9whmAaBgx3Wo/hPKc7Q/P6Kt3pPxn4 -BTnEU/156/8BKqdFcWisleg/K69RIiMaNDg6h9MX9og --> ssh-ed25519 IzAMqA +w67jWJmcVuPwjlkKn5Y/ryZBzA7ZzLl4va6KxfMm1I -mO9xeZV3RYUbGu5TJfnRAaJumAzM5u3wmIByawDdFn4 --> ssh-ed25519 Hb0ipQ y/srd2GpXb5EMVySg3BYOr+41u/NnJlx/2sQlhRyEg8 -s3Se3Rf8N4WqP6QdmkAmNtgZKgsvmuWfiOpC6pKGNuo --> ssh-ed25519 3pl/Kw u+QbsaYgVdhbsYBlbuusG/1nOXQ3PLCwtwWE2nUTUFQ -laEpITIyaNx7opXwqT9SHo9qNWCRH0WozQYt8SW1cz0 --> ssh-ed25519 SqDBmA 0dlLmNcgAOBOUrVUT/t0oaF+AcXUWqkDN3fu64rLx0A -y9Xw6atnsCX66Q+iIMHwsq8vxeL4kxTihIbMut+JMlA --> ssh-ed25519 UE6fcQ qBrP+r+1jy06z90mQgk05zLog586HGUMDgHTbExoMj0 -TnZAUZUNNIAJzd8Efqb7KqR/n26YXr4jV6zPvZXu4eA --> ssh-ed25519 YFaxCg SXGoMkrpgduoXNIZXDy93gkzlnKtr1fAOQJxZDcZ6Q8 -jKdd+OufjXk1UYsXcJc/Q4JeiRhCcHW2nrDuBrHu/pw --> ssh-ed25519 elCEeg jPd0A53zK9OFThb4pCF30/My3QxiwGyGiDp64ob1vWA -L0Rj+47bdVVwii4LIMoI2by9qmzk4H1kHoyEc7rUO9w --> ssh-ed25519 8vZ9CQ lgEkLneoENKWwNXRtXRbN5VSm1joh7NDSSUn/bp/81k -X2A6sHl6dFe2p9hfVINA1G6nR8lqMQNjBKc1FvM9cnE --> ssh-ed25519 rmrvjw NX2NPt0SVGc3+2p/ob735mUIb4t9nhwUrdbdFk8CnSY -sL3zmOASMti3QcIfa0CGEcJex95qGX4aeIqO5LS1LFg ---- 9+vokggbkBI5tk1kvqpdPkePahvTIcYWtU1MU1zTyCs -{.xXq55˱{Gzᆄ6 :p6[YUQ`ؼaRS]ucYXH"h 7ޅ6چo=*GiɨLA?ĆÛTpaKa2 n`\N34XrʴI9Adq \ No newline at end of file +-> ssh-ed25519 V1pwNA nMGYHPjBRQ+8FE2j3JLTb2gfqxFvEDSF5XKvVYILgS4 +xoFB5NeaXLMQhM9ELoooDNNnrjJWFCA+f45Y+YtAOBs +-> ssh-ed25519 4PzZog zuhv6HbfpcIlcueD6SyHD7hRcrPnvMDy1hvXcXTLEBY +VI6ZX5745Tsv1AMvjPKrHWEI2YO4rCVtAMDWLQrzsFs +-> ssh-ed25519 dA0vRg U1zhPjiM0ANz4i9iRSaX9ut/kACtrH/uk4VYk/Cmtx4 +DryI/XiQeggMAIBu4Qb9P7Od4cnQUNFFuim2OKwib5M +-> ssh-ed25519 5Nd93w VICIqg3swkEAagNzDppCX2/lDMh5D/pYqi8wjL9ilH8 +DLcvw4k9r1RDrueCD/vqX1iEL55hxld3eJr5MCS7YNE +-> ssh-ed25519 q8eJgg DyH3qYX/PfoltL0P2lBzP4wwH/VmYusidfD7MaS1PBQ +ilj+oIaQwj6jSsDNagpLTJXZywWB2IeLUa6pKlcEvIw +-> ssh-ed25519 KVr8rw +JGGMHN2zMPN4leJIZkBTOrhzb8BYQKMbSrAuIpCU2k +Sa2V0qsQbKPLvuVewBjTdIgv1acTYIN+CMIlB+ExIok +-> ssh-ed25519 fia1eQ jG4Lr4j3f0QNucooo80HUJAOnLiTAg8mxzYRDnjXrFQ +C+cZWCaRemvsiCMJ7wn/6g/12ABvKEaYIaU6b3Fpo8g +-> ssh-ed25519 /Gb5gQ QO7t0R8SjnfqZZ6upxKXALytoi6OFZZ4mFpS7XgnlDQ ++yQd4GdflWOzRutCAplDqvee+0dCNdd/ScT8QZyioNQ +-> ssh-ed25519 NtlN/A Y56En/7BcL9IIzBWbOfPzuAah/nPFANXxu3iN6+q8XM +gqw6EsuuDx49aTb6DWtI1ZACDAGL1VnsKB6LAOH6F0U +-> ssh-ed25519 v2Y09A 9MgpxeQcQDGvHkEyb0+f0vRZfyXE7EUUcBXCyw8w7mk +sdM/6DwpC5kv8yg39edGpm6YV3VzkFLRkIleiwhOKew +-> ssh-ed25519 XSrA6w tp83J4GXjFjQFq14M+Z+PDCmO4ZjJ1qufdQEO6GHzkk +KVri/HL0E/byrA0C3iM8+AMsR0x46pdMrRKipvliSzw +-> ssh-ed25519 MhHMYA Pwi4Tq4iJv8/ylaI4VAEzcGAPPfl+T2S/oUp3JsPTVo +8Q0DSQMe9gunPGxYv6M4ilBapKfNx7qacddEc39lgNY +-> ssh-ed25519 3erWHw vo6DeH1ub4VcT3dnvPYZC95MHxaABkZ4MW8NRxqOBUw +6yHGAoHq/u9pSi06jWCkcN230ntCkYADsCB//ISO+0Q +-> ssh-ed25519 uZzB3g FbeDwGg3Se/SVIVVAhgtRAO9wZM72M4ulGcXKBtw51k ++T7O+KNr/QXoGUG8uULBYgDXRWhrwv4ZImjWp8ltxRk +-> ssh-ed25519 CqOTGQ yG/8YtD4tRo8X5Q4kDyIr0xT5JwBg/Wk9NrkJMMCqgI +ZszCJYQGN1eRnRJ9KLpLrxy7j45bL5CtRTfLt4KwRt4 +-> ssh-ed25519 IzAMqA 9AIaFKdsA4yqORM9NNlFkp4TI2q14uy1dtUUP31a6A8 +9FwzT1ZQABt3om9OTodEKgxxgVU9H+VlV8X9AucxndY +-> ssh-ed25519 Hb0ipQ 2jhZm+mZoKzeBRjt0q5+T2HX+VM/H2Zy/7SyXuTeGxY +J6ds5gRKFv754f7NrbGGCXKLTcad8YGVrM0ndDHlFZ8 +-> ssh-ed25519 3pl/Kw IrzcYOatmG1O2I0CbNz2Phs32G3nz5Jv9Uizj4cqhAE +YDFNtbNUVpAQXyWIZssNANKEc4LoG4cEdmKBRWMFdas +-> ssh-ed25519 SqDBmA erRarQNCMp2QrQBAThQ23RoTAK0Uzz9//SqgBdldFDI +bi/LlSWcaPDHc7lxXuzMJUf6tAlv/6oF/go6NcQEcmA +-> ssh-ed25519 UE6fcQ QjWmHf2lgJ5QctSg9WlvLRueeE1N9WQdV1ZRrDIGsWA +K2IdKT9WpS6bsONh44h28i3Vm64YxhJFDas+rFPRbs0 +-> ssh-ed25519 YFaxCg wUWp3BvPpjSKKySmCb3gsO06P+F6GiYJU/wwfTAqTU4 +1D1+FEXxZES4cVbl/tSaMfiVk5yJlb9y9RsThyaK13A +-> ssh-ed25519 elCEeg jyijilsUuQ14LYrZPzE6CAMxgVmGFaxR2EbIP48l5Cw +kdEeI5a8gfh5d1mVbiMWOgGP9qmxc01EEifN00l51yM +-> ssh-ed25519 8vZ9CQ k55pfEEYf/3sC7M9YyA0zlQdv69N324fvNgW7/0/hxQ +EPJ0Bv///iKOz0y1dVT/jGTobSYjKGW8+Os1lLBMDtc +-> ssh-ed25519 rmrvjw kqTB4IBJ/wr6P2g21TmbqdNQB5XDxCSU9lwVRAPiZhM +3d9tjv3l3ws74DW+LeHVYUDViJWg+zv93mFv1C3mS2c +--- cUHw7QjEwLsUCL+1WhhNByWzfOIFrRmA/4JPbYgukCE + *8Q˚=R=Łygu "eSI\[G3.Uz û4Eʌ \) eX}HfX1S){x+c13mck? h:b2gB@ϝ-'F/ #H+Ԗs<KCQ˧ie;-kRx= (#}ine \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index f473e25..ca7480f 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -21,7 +21,6 @@ let vendetta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvcxiSYE38V1IopHj7Z7ZWP1IqnskYCdhj8yCQohVUM root@vendetta"; vigil = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDsz1bjNAThqwF48dKIJGOECsCKHTj/Gn5Gh9XyzoSO root@vigil"; galatea = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3Mke5YtaMkLvXJxJ3y7YAIEBesoJk3qJyJsnoLUWgW root@galatea"; - optimus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqYbbWy3WWtxvD96Hx+RfTx7fJPPirIEa5bOvUILi9r root@optimus"; glados = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6go7ScvOga9vYqC5HglPfh2Nu8wQTpEKpvIZuMAZom root@glados"; wheatly = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPlgCGtyvd3xwYg9ZNyjTJNB/LvUSJO01SzN8PGcDLP root@wheatly"; kitt = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPble6JA2O/Wwv0Fztl/kiV0qj+QMjS+jTTj1Sz8k9xK root@kitt"; @@ -33,7 +32,8 @@ let marvin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIAme2vuVpGYX4La/JtXm3zunsWNDP+SlGmBk/pWmYkH root@marvin"; calculon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGsmeBfh4Jw2GOL7Iyswzn4TVNzalDbxDgh7WuQotFxR root@calculon"; ariia = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA4kV6W1/tP/nf2ZWNhRoV1mK04R4pS+c5vdsA1n5gpN root@ariia"; - optimus-test = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFv0Hb4qfzXUll+Hct1NQOE0bCf0MpE24Cqskd8vAFyj root@optimus-test"; + optimus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFv0Hb4qfzXUll+Hct1NQOE0bCf0MpE24Cqskd8vAFyj root@optimus"; + bumblebee = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINF31tsOZTEpPFCu4wZvJjxxvgFhRpxvo9SKyDMNWHZu root@bumblebee"; systems = [ agentjones @@ -41,7 +41,7 @@ let vigil galatea optimus - optimus-test + bumblebee glados wheatly kitt @@ -83,28 +83,6 @@ let ariia ]; - # these need dns stuff - webservers = - [ - # ULFM - galatea - # Games - optimus - optimus-test - # skynet is a webserver for users - skynet - # our offical server - earth - - # nix - - calculon - ] - # ldap servers are web facing - ++ ldap - ++ gitlab - ++ nextcloud; - restic = [ neuromancer ]; From aabb9d0708ec6a86500c485c7c95db72aa92cce3 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 2 Jan 2025 22:47:42 +0000 Subject: [PATCH 665/826] feat: small bit of a cleanup of the pelican --- applications/pelican/Notes.md | 10 --- applications/pelican/nginx.nix | 119 --------------------------- applications/pelican/panel/panel.nix | 75 ----------------- applications/pelican/wings/wings.nix | 47 ----------- 4 files changed, 251 deletions(-) delete mode 100644 applications/pelican/nginx.nix delete mode 100644 applications/pelican/panel/panel.nix delete mode 100644 applications/pelican/wings/wings.nix diff --git a/applications/pelican/Notes.md b/applications/pelican/Notes.md index 8516be7..d5cc785 100644 --- a/applications/pelican/Notes.md +++ b/applications/pelican/Notes.md @@ -4,13 +4,3 @@ * ``pelican-install`` is in env that can be used to isntall * then go to ``panel-address.skynet.ie/installer`` to finish the setup - -## Wing - -In the config the ssl must be set as so: -```yaml - ssl: - enabled: true - cert: /var/lib/acme/skynet/fullchain.pem - key: /var/lib/acme/skynet/key.pem -``` \ No newline at end of file diff --git a/applications/pelican/nginx.nix b/applications/pelican/nginx.nix deleted file mode 100644 index 587db71..0000000 --- a/applications/pelican/nginx.nix +++ /dev/null @@ -1,119 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -with lib; let - appUser = "nginx"; - name = "panel"; - module = "pelican-panel"; - cfg = config.modules.nginx.${name}; - serverName = "${name}."; - dataDir = "/var/www/pelican/public"; - port = 443; -in { - options.modules.nginx.${name} = { - enable = mkEnableOption "Enable ${name}"; - }; - - config = mkIf cfg.enable { - modules.${module}.enable = true; - networking.firewall.allowedTCPPorts = [port]; - - services.phpfpm.pools.${appUser} = { - user = appUser; - settings = { - "listen.owner" = appUser; - "listen.group" = appUser; - "listen.mode" = "0600"; - "pm" = "dynamic"; - "pm.max_children" = 75; - "pm.start_servers" = 10; - "pm.min_spare_servers" = 5; - "pm.max_spare_servers" = 20; - "pm.max_requests" = 500; - "catch_workers_output" = 1; - }; - }; - - services.nginx.virtualHosts."${serverName}" = { - root = "${dataDir}"; - listen = [ - { - inherit port; - addr = "0.0.0.0"; - ssl = true; - } - ]; - - forceSSL = true; - enableACME = true; - - extraConfig = '' - index index.html index.htm index.php; - charset utf-8; - - access_log off; - error_log /var/log/nginx/pelican.app-error.log error; - - client_max_body_size 100m; - client_body_timeout 120s; - - sendfile off; - - ssl_session_cache shared:SSL:10m; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; - ssl_prefer_server_ciphers on; - - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header Content-Security-Policy "frame-ancestors 'self'"; - add_header X-Frame-Options DENY; - add_header Referrer-Policy same-origin; - ''; - - locations = { - "/" = { - extraConfig = '' - try_files $uri $uri/ /index.php?$query_string; - ''; - }; - - "/favicon.ico".extraConfig = '' - access_log off; - log_not_found off; - ''; - - "/robots.txt".extraConfig = '' - access_log off; - log_not_found off; - ''; - - "~ \\.php$" = { - extraConfig = '' - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:${config.services.phpfpm.pools.${appUser}.socket}; - fastcgi_index index.php; - include ${config.services.nginx.package}/conf/fastcgi_params; - fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M"; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param HTTP_PROXY ""; - fastcgi_intercept_errors off; - fastcgi_buffer_size 16k; - fastcgi_buffers 4 16k; - fastcgi_connect_timeout 300; - fastcgi_send_timeout 300; - fastcgi_read_timeout 300; - ''; - }; - - "~ /\\.ht".extraConfig = '' - deny all; - ''; - }; - }; - }; -} diff --git a/applications/pelican/panel/panel.nix b/applications/pelican/panel/panel.nix deleted file mode 100644 index a1bcfd4..0000000 --- a/applications/pelican/panel/panel.nix +++ /dev/null @@ -1,75 +0,0 @@ -{ - inputs, - pkgs, - lib, - config, - ... -}: -with lib; let - cfg = config.modules.pelican-panel; - dir = "/var/www/pelican"; -in { - options = { - modules.pelican-panel = { - enable = mkEnableOption "Pelican Panel"; - }; - }; - - config = mkIf cfg.enable { - environment.systemPackages = [ - pkgs.curl - pkgs.gnutar - pkgs.unzip - pkgs.php83 - pkgs.php83Packages.composer - pkgs.php83Extensions.gd - pkgs.php83Extensions.mysqli - pkgs.php83Extensions.mbstring - pkgs.php83Extensions.bcmath - pkgs.php83Extensions.xml - pkgs.php83Extensions.curl - pkgs.php83Extensions.zip - pkgs.php83Extensions.intl - pkgs.php83Extensions.sqlite3 - (import ./pelican-install.nix { - inherit pkgs; - inherit dir; - }) - (import ./pelican-update.nix { - inherit pkgs; - inherit dir; - }) - ]; - - systemd.timers."pelican-cron" = { - wantedBy = ["timers.target"]; - timerConfig = { - OnBootSec = "5m"; - OnUnitActiveSec = "1m"; - Unit = "pelican-cron.service"; - }; - }; - - systemd.services."pelican-cron" = { - script = '' - ${pkgs.php83}/bin/php ${dir}/artisan schedule:run >> /dev/null 2>&1 - ''; - serviceConfig = { - Type = "oneshot"; - }; - }; - - systemd.services.pelican-queue = { - wantedBy = ["multi-user.target"]; - serviceConfig = { - User = "nginx"; - Group = "nginx"; - Restart = "always"; - ExecStart = "${pkgs.php83}/bin/php ${dir}/artisan queue:work --tries=3"; - startLimitInterval = 180; - startLimitBurst = 30; - RestartSec = "5"; - }; - }; - }; -} diff --git a/applications/pelican/wings/wings.nix b/applications/pelican/wings/wings.nix deleted file mode 100644 index af32740..0000000 --- a/applications/pelican/wings/wings.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - inputs, - pkgs, - lib, - config, - ... -}: -with lib; let - cfg = config.modules.pelican-wings; -in { - options = { - modules.pelican-wings = { - enable = mkEnableOption "Pelican Wings"; - }; - }; - - config = mkIf cfg.enable { - networking.firewall.allowedTCPPorts = [8080 8443]; - - virtualisation.docker.enable = true; - - environment.systemPackages = [ - (pkgs.callPackage ./package.nix {}) - ]; - - systemd.services.pelican-wings = { - description = "Wings Daemon"; - after = ["docker.service"]; - requires = ["docker.service"]; - partOf = ["docker.service"]; - - serviceConfig = { - User = "root"; - WorkingDirectory = "/etc/pelican"; - LimitNOFILE = 4096; - PIDFile = "/var/run/wings/daemon.pid"; - ExecStart = "/run/current-system/sw/bin/wings"; - Restart = "on-failure"; - startLimitInterval = 180; - startLimitBurst = 30; - RestartSec = "5"; - }; - - wantedBy = ["multi-user.target"]; - }; - }; -} From 8334e2be701cdefd7bb4ff46a1ef60376aed5f53 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 3 Jan 2025 00:19:21 +0000 Subject: [PATCH 666/826] feat: created nopde for pelican --- applications/games/minecraft.nix | 56 ++++++++++++++++++++++++++++++++ machines/bumblebee.nix | 5 +-- 2 files changed, 59 insertions(+), 2 deletions(-) create mode 100644 applications/games/minecraft.nix diff --git a/applications/games/minecraft.nix b/applications/games/minecraft.nix new file mode 100644 index 0000000..b294698 --- /dev/null +++ b/applications/games/minecraft.nix @@ -0,0 +1,56 @@ +{ + config, + pkgs, + lib, + inputs, + ... +}: let + # function to create the cname record for eachs erver + create_cname = configs: + lib.lists.forEach configs ( + c: { + record = "${c.address}.games"; + r_type = "CNAME"; + value = config.services.skynet.host.name; + } + ); + + # function to create the srv record + # this allows us to change the port without impacting (java) users + create_srv = configs: + lib.lists.forEach configs (c: { + record = "_minecraft._tcp.${c.address}.games.skynet.ie."; + r_type = "SRV"; + value = "0 10 ${c.port} ${config.services.skynet.host.name}.skynet.ie."; + }); + + servers = [ + { + address = "minecraft.compsoc"; + port = "25518"; + } + { + address = "minecraft-classic.compsoc"; + port = "25518"; + } + { + address = "minecraft-aged.compsoc"; + port = "25519"; + } + { + address = "minecraft.gsoc"; + port = "25521"; + } + { + address = "minecraft.phildeb"; + port = "25522"; + } + ]; +in { + imports = [ + ]; + + config = { + services.skynet.dns.records = (create_cname servers) ++ (create_srv servers); + }; +} diff --git a/machines/bumblebee.nix b/machines/bumblebee.nix index fcdf70f..e8e7a40 100644 --- a/machines/bumblebee.nix +++ b/machines/bumblebee.nix @@ -1,10 +1,10 @@ /* -Name: https://en.wikipedia.org/wiki/Optimus_Prime +Name: https://en.wikipedia.org/wiki/Bumblebee_(Transformers) Why: Created to sell toys so this vm is for games Type: VM Hardware: - -From: 2023 +From: 2024 Role: Game host Notes: */ @@ -27,6 +27,7 @@ Notes: in { imports = [ ../applications/pelican/pelican.nix + ../applications/games/minecraft.nix ]; deployment = { From d7e60b92b410231c0a3a36bf85db513381249696 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 3 Jan 2025 00:19:29 +0000 Subject: [PATCH 667/826] fmt: formatting --- config/dns.nix | 67 -------------------------------------------------- flake.nix | 4 +-- 2 files changed, 2 insertions(+), 69 deletions(-) diff --git a/config/dns.nix b/config/dns.nix index 0e96e8e..9cd7484 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -32,73 +32,6 @@ value = "193.1.99.114"; server = true; } -# { -# record = "optimus"; -# r_type = "A"; -# value = "193.1.99.90"; -# server = true; -# } -# { -# record = "panel.games"; -# r_type = "CNAME"; -# value = "optimus"; -# } -# { -# record = "bumblebee"; -# r_type = "A"; -# value = "193.1.99.91"; -# server = true; -# } - { - record = "minecraft.compsoc.games"; - r_type = "CNAME"; - value = "bumblebee"; - } - { - record = "_minecraft._tcp.minecraft.compsoc.games.skynet.ie."; - r_type = "SRV"; - value = "0 10 25518 bumblebee.skynet.ie."; - } - { - record = "minecraft-classic.compsoc.games"; - r_type = "CNAME"; - value = "bumblebee"; - } - { - record = "_minecraft._tcp.minecraft-classic.compsoc.games.skynet.ie."; - r_type = "SRV"; - value = "0 10 25518 bumblebee.skynet.ie."; - } - { - record = "minecraft.gsoc.games"; - r_type = "CNAME"; - value = "bumblebee"; - } - { - record = "_minecraft._tcp.minecraft.gsoc.games.skynet.ie."; - r_type = "SRV"; - value = "0 10 25521 bumblebee.skynet.ie."; - } - { - record = "minecraft.phildeb.games"; - r_type = "CNAME"; - value = "bumblebee"; - } - { - record = "_minecraft._tcp.minecraft.phildeb.games.skynet.ie."; - r_type = "SRV"; - value = "0 10 25522 bumblebee.skynet.ie."; - } - { - record = "minecraft-aged.compsoc.games"; - r_type = "CNAME"; - value = "bumblebee"; - } - { - record = "_minecraft._tcp.minecraft-aged.compsoc.games.skynet.ie."; - r_type = "SRV"; - value = "0 10 25519 bumblebee.skynet.ie."; - } ] # non skynet domains ++ [ diff --git a/flake.nix b/flake.nix index 65b0d23..4097942 100644 --- a/flake.nix +++ b/flake.nix @@ -152,8 +152,8 @@ # games server - panel optimus = import ./machines/optimus.nix; - # games server - host - bumblebee = import ./machines/bumblebee.nix; + # games server - host + bumblebee = import ./machines/bumblebee.nix; }; }; } From 45eb4324b73354d8d8f0da39b256a2cf950406cc Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 3 Jan 2025 19:42:19 +0000 Subject: [PATCH 668/826] fix: set teh right token for this --- secrets/discord/token.age | Bin 1204 -> 1204 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/secrets/discord/token.age b/secrets/discord/token.age index 1550f8cbca817587bb6d7299e16c2f8f89fef451..c6c06dd99891421e48fcc8dedfb1d6f069342086 100644 GIT binary patch delta 1118 zcmdnOxrK9rPJL#UtCO#`Sz?)=VQ#)tWI=&`sexm-TdGS`h+)2Eu3vFdx<_uXXPB{D zK3AltpG!t)VpdXVcu_!zlaH%GWr4q$S72&LNUE8uV`#8>X}OO$5 zM3}R)TYzIZS8z#sR%p6Wuu*PyM3_f$fLpO&dP$LwpL3>hjzMarUrAz0PFiGfPD!ET z#E;_P$wuy_Ro(%m;RPZ7mBxX7DPDnQc@{}NC1$Q!ZoXB%Ar*lJg&8G&X6gA{hK7d8 z631FEvQoIK1bB2BzY-P}#hld@CO zjIx6reO#RajmwivolU$ljLp5vEt2%zBk~+4pJf!UPc-%RGssDHEDm;cN((5>&~`U= zOZN)RNKDNzkM#6%iYhYpGs};1sme~~DhkOAF9`}Lh%8P{403l*%F;JVDh|kWO||s$ z_i&Byj7%y_jwrM&C`z$Fj{)znB8#GO1=A=G@1$Z=bC1G;DE|VFVxxMm+|;O${J<>t zh{BAVD(_H_91m}=%F-04Y%T-y46l%?jH)c}GGmvFkkV8qqu`RXs@!5{SHDs-7hk`M z@@yXum#V_Fbad;|G7}9`0~Lz$lJbfQd^`*E1Dq?$B7=)vEAm_uoh@7w3rjKr)6&c; z>+}5c{HomiB0{-}s*23Rf|JWriz8i%%Y1#awJklo14F|7qWpr20|L!UO@lox%rc!y za+1-l^Q?08Ep$|HamgDh_qZt_sz64K*t-b5HW9@QcXJs?c`N zaw+C=^!6|hP06cIs`9fe4)gR(F)+0V4KOaLsB{j?PxLo%^6*b`jY=tZHw-u6($&>f zNJ>of%!@E`bIdo*@hwd%4u~+!%Pa|SwlFm}$~E>%$uSH`_DqflC{AcK$_g~qyPX%X72Op1n z%(L-l(ydfJ%bf-J)l$c`Yj5Z43n=-xc$BUB#}W7_&%XTHohse1s^5L#M>1^MW>)FR z-JPU*@Z$-u#GpM6!rG3ZzxZ$HOkQKDcKb+Baii$;)z5D%%+}t{vU$rI+hkw6&nAn+`0%89)gmLW*@;t2w^**IQFG}C%Ve+Q(p(wddi#kYL-N-TU*+82uy0?Rd9{1i GuG0YYo0q@< delta 1118 zcmdnOxrK9rPQ77dnnyrUqPL}oe`#r1R<2u?xrI?qVq|iXpI<;!c%_L!p+}fgMP`w^ zCzrXmziF7hu|ZI(MPX@Cfn$Y_vw=xycCM4VSww_KnsH=unMIXRrM88U0hg|wLUD11 zZfc5=si~o*f=NJCRDQaGeu|NAqFe0ZjQE>g^_DnQo4)h z#E;_P&iWSV20?*o=_Ya+v&}5M z%SyeAJ@XBGEXuu1y^1QLs$6{it6a3bOx;SHB7({s3*6JWyz`B!+(J@a^4$#*y(1I- z^TN{fa|^@L!-~oc0?HGeGMy}4A|msgBT7vspJf!UH}diGcP-5HGYRr8s4DR<2oEha z^h~cX%}a98_wouza`$yKG0rkJPRh#X%E+qBxAe$$jx_NuFHX-aiSSHIE;mj0Ht>t^ zjSA08vGmI;^tP;U2}rU)j{)znB8#GOh1_D_5GOMu$M7<*?8Jh!VEuaIw4|(%^nj?a z(n`OGNS_GDu!z*;3b)GaNUjW%@}OdW?-Zv>f9C+NeCKj~)1pv)Z{x@UXK!}{@5&Ni zkFsRT)YPalj0jK5Of*alRPb~Oj?5`BG%N|Vs0cB&aLqS!iE_*>&j|Aft29sX49(20 zuQD+)_benxHO_M{&C>Tx@F2xQ^+zTMDcx_{W6>R7r`R)Pke4COUV!B*vi{|7DS5n^m`m-Q(^`x7r9}3Icu6@{Qym3{!dSAAZR|a>) z>4l4=^2$`_&pN+O;N$ktTQ_&>pGpw0<-f#LpWUc@%C7e>AA4fQTIu|!Z(dX-7Jv3W z960mb@x)^R`wPTQ-kKY^>hv+MWvTwbq6+6rFY^_Z7abMiDD~ZRGlB2N;ZK#ukN?%? Gumb?}DVPNS From b804b40a5657fe55ecd6f18a23b959c78b27811a Mon Sep 17 00:00:00 2001 From: sysadm Date: Fri, 3 Jan 2025 20:00:35 +0000 Subject: [PATCH 669/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 1083040..f91d34e 100644 --- a/flake.lock +++ b/flake.lock @@ -926,11 +926,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1732974570, - "narHash": "sha256-y7DflW/V4/9Df/0/FncvzBOnEVTK/p4hCh2K0/TCaM0=", + "lastModified": 1735934280, + "narHash": "sha256-4JE4CYd7kG/WMVTcAfvjPklHT8E6OO9W9i6kRQPRf+U=", "ref": "refs/heads/main", - "rev": "b7d36de976ca8a0e2e9724043b1890e6eb4d3e10", - "revCount": 172, + "rev": "a9d3af024ea16cc8f0db4acb42d4fdd2106e21b8", + "revCount": 173, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 46b0d36ceeb5badaf72c3dfeac7489a4de93be09 Mon Sep 17 00:00:00 2001 From: sysadm Date: Fri, 3 Jan 2025 21:03:41 +0000 Subject: [PATCH 670/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index f91d34e..4063660 100644 --- a/flake.lock +++ b/flake.lock @@ -926,11 +926,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1735934280, - "narHash": "sha256-4JE4CYd7kG/WMVTcAfvjPklHT8E6OO9W9i6kRQPRf+U=", + "lastModified": 1735938087, + "narHash": "sha256-Vx44a4GTL8+p6Xy4Ot3lKHvBngnqosTFdWbzq4vIdjU=", "ref": "refs/heads/main", - "rev": "a9d3af024ea16cc8f0db4acb42d4fdd2106e21b8", - "revCount": 173, + "rev": "0a4f5281a545281c11c68185836ded2c17453306", + "revCount": 174, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 9ac74c1c8625cf0f9a06ceb7ca5b4a60e31390cb Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 5 Jan 2025 19:13:24 +0000 Subject: [PATCH 671/826] feat: added example machiene --- machines/_template.nix | 56 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 machines/_template.nix diff --git a/machines/_template.nix b/machines/_template.nix new file mode 100644 index 0000000..36a1189 --- /dev/null +++ b/machines/_template.nix @@ -0,0 +1,56 @@ +/* +Name: Link to where information on the name can be found +Why: Why is it named this +Type: VM/Physical +Hardware: - if its a VM, the hardware (PowerEdge r210) if its physical +From: 2023/2024/2025/... +Role: What role does it have in teh cluster +Notes: +*/ +{ + pkgs, + lib, + nodes, + ... +}: let + # name of the server, sets teh hostname and record for it + name = "name"; + # Assigned IP address + ip_pub = "193.1.99.000"; + + # dont need to change these + hostname = "${name}.skynet.ie"; + host = { + ip = ip_pub; + name = name; + hostname = hostname; + }; +in { + # what configurrations to import, email in this example + imports = [ + ../applications/email.nix + ]; + + deployment = { + # dont need to change these + targetHost = hostname; + targetPort = 22; + targetUser = null; + + # deployment option: active-dns/active-core/active-ext/active + tags = [ + "active" + ]; + }; + + services.skynet = { + # pass in the details of the host server + host = host; + + # enable the backup service + backup.enable = true; + + # enable the imported service + email.enable = true; + }; +} From ac2ee93cb6524dfd4bd31b46a10f2125bc938761 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 5 Jan 2025 21:32:29 +0000 Subject: [PATCH 672/826] feat: www.skynet.ie --- applications/skynet.ie/skynet.ie.nix | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/applications/skynet.ie/skynet.ie.nix b/applications/skynet.ie/skynet.ie.nix index fcb46e7..cb2e778 100644 --- a/applications/skynet.ie/skynet.ie.nix +++ b/applications/skynet.ie/skynet.ie.nix @@ -23,6 +23,7 @@ in { config = mkIf cfg.enable { services.skynet.acme.domains = [ + "www.skynet.ie" "discord.skynet.ie" "public.skynet.ie" ]; @@ -34,6 +35,11 @@ in { r_type = "A"; value = config.services.skynet.host.ip; } + { + record = "www"; + r_type = "CNAME"; + value = config.services.skynet.host.name; + } { record = "discord"; r_type = "CNAME"; @@ -47,9 +53,8 @@ in { ]; services.nginx = { - virtualHosts = { - # main site - "skynet.ie" = { + virtualHosts = let + main_site = { forceSSL = true; useACMEHost = "skynet"; locations = { @@ -62,6 +67,10 @@ in { }; }; }; + in { + # main site + "www.skynet.ie" = main_site; + "skynet.ie" = main_site; # a custom discord url, because we are too cheap otehrwise "discord.skynet.ie" = { From ea0e5ff7f598e3b99e151f136da02011a126f99f Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 6 Jan 2025 00:15:47 +0000 Subject: [PATCH 673/826] feat: update the pelican-wing --- applications/pelican/pelican-wing-package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/applications/pelican/pelican-wing-package.nix b/applications/pelican/pelican-wing-package.nix index 088ed4f..8b0aa7b 100644 --- a/applications/pelican/pelican-wing-package.nix +++ b/applications/pelican/pelican-wing-package.nix @@ -7,11 +7,11 @@ }: stdenv.mkDerivation rec { pname = "pelican-wings"; - version = "v1.0.0-beta6"; + version = "v1.0.0-beta9"; src = fetchurl { url = "https://github.com/pelican-dev/wings/releases/download/${version}/wings_linux_amd64"; - hash = "sha256-a2T4BjqS8Hy5YqwDEJpbvGqqsrVjdRhxvJLgk3MCXag="; + hash = "sha256-YaS1bthNSeWXH5drc2yensRqsRAOa2VXvivJOaPybqc="; }; buildInputs = [docker gnutar]; From ba8b14878418db720d5994f489e9c81f34e99ba3 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 6 Jan 2025 16:45:58 +0000 Subject: [PATCH 674/826] feat: nixpkgs --- flake.lock | 138 ++++++++++++++++++++++------------------------------- 1 file changed, 58 insertions(+), 80 deletions(-) diff --git a/flake.lock b/flake.lock index 4063660..78efad6 100644 --- a/flake.lock +++ b/flake.lock @@ -30,11 +30,11 @@ ] }, "locked": { - "lastModified": 1719514321, - "narHash": "sha256-ys1nJdZ8zB8JlpUbQmnj0hZalg03bEPgQdZN30DhETE=", + "lastModified": 1733729059, + "narHash": "sha256-5xYai0KZirUX2EQpNMMCWoC27932n/i1E4KeVRIss7s=", "owner": "kamadorueda", "repo": "alejandra", - "rev": "d7552fef2ccf1bbf0d36b27f6fddb19073f205b7", + "rev": "6db88764334bd6a8b7a33cb312c318baad1d5e93", "type": "github" }, "original": { @@ -67,15 +67,14 @@ "inputs": { "flake-parts": "flake-parts", "haskell-flake": "haskell-flake", - "hercules-ci-effects": "hercules-ci-effects", "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1729444465, - "narHash": "sha256-+lCi3cQlFNGAGKaVeUNhTeR40zvMy9JX4hp1JA0dLwE=", + "lastModified": 1733918465, + "narHash": "sha256-hSuGa8Hh67EHr2x812Ay6WFyFT2BGKn+zk+FJWeKXPg=", "owner": "hercules-ci", "repo": "arion", - "rev": "94d092fffd5cfd4f09b8988aca1b857a9d37c4d6", + "rev": "f01c95c10f9d4f04bb08d97b3233b530b180f12e", "type": "github" }, "original": { @@ -124,15 +123,16 @@ "inputs": { "flake-compat": "flake-compat", "flake-utils": "flake-utils", + "nix-github-actions": "nix-github-actions", "nixpkgs": "nixpkgs_3", "stable": "stable" }, "locked": { - "lastModified": 1728263678, - "narHash": "sha256-gyUVsPAWY9AgVKjrNPoowrIr5BvK4gI0UkDXvv8iSxA=", + "lastModified": 1734897875, + "narHash": "sha256-LLpiqfOGBippRax9F33kSJ/Imt8gJXb6o0JwSBiNHCk=", "owner": "zhaofengli", "repo": "colmena", - "rev": "b0a62f234fae02a006123e661ff70e62af16106b", + "rev": "a6b51f5feae9bfb145daa37fd0220595acb7871e", "type": "github" }, "original": { @@ -192,11 +192,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1668234453, - "narHash": "sha256-FmuZThToBvRsqCauYJ3l8HJoGLAY5cMULeYEKIaGrRw=", + "lastModified": 1730615655, + "narHash": "sha256-2HBR3zLn57LXKNRtxBb+O+uDqHM4n0pz51rPayMl4cg=", "owner": "nix-community", "repo": "fenix", - "rev": "8f219f6b36e8d0d56afa7f67e6e3df63ef013cdb", + "rev": "efeb50e2535b17ffd4a135e6e3e5fd60a525180c", "type": "github" }, "original": { @@ -268,11 +268,11 @@ ] }, "locked": { - "lastModified": 1722555600, - "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -281,27 +281,6 @@ "type": "github" } }, - "flake-parts_2": { - "inputs": { - "nixpkgs-lib": [ - "arion", - "hercules-ci-effects", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1712014858, - "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", - "type": "github" - }, - "original": { - "id": "flake-parts", - "type": "indirect" - } - }, "flake-utils": { "locked": { "lastModified": 1659877975, @@ -322,11 +301,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -356,11 +335,11 @@ "flakeCompat": { "flake": false, "locked": { - "lastModified": 1650374568, - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -416,28 +395,6 @@ "type": "github" } }, - "hercules-ci-effects": { - "inputs": { - "flake-parts": "flake-parts_2", - "nixpkgs": [ - "arion", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1719226092, - "narHash": "sha256-YNkUMcCUCpnULp40g+svYsaH1RbSEj6s4WdZY/SHe38=", - "owner": "hercules-ci", - "repo": "hercules-ci-effects", - "rev": "11e4b8dc112e2f485d7c97e1cee77f9958f498f5", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "hercules-ci-effects", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -548,6 +505,27 @@ "type": "github" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "colmena", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729742964, + "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1703013332, @@ -724,11 +702,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1722630782, - "narHash": "sha256-hMyG9/WlUi0Ho9VkRrrez7SeNlDzLxalm9FwY7n/Noo=", + "lastModified": 1733212471, + "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d04953086551086b44b6f3c6b7eeb26294f207da", + "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", "type": "github" }, "original": { @@ -740,11 +718,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1725103162, - "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", + "lastModified": 1734119587, + "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", + "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5", "type": "github" }, "original": { @@ -798,11 +776,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1730200266, - "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", + "lastModified": 1736012469, + "narHash": "sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs+rI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", + "rev": "8f3e1f807051e32d8c95cd12b9b421623850a34d", "type": "github" }, "original": { @@ -865,11 +843,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1668182250, - "narHash": "sha256-PYGaOCiFvnJdVz+ZCaKF8geGdffXjJUNcMwaBHv0FT4=", + "lastModified": 1730555913, + "narHash": "sha256-KNHZUlqsEibg3YtfUyOFQSofP8hp1HKoY+laoesBxRM=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "45ec315e01dc8dd1146dfeb65f0ef6e5c2efed78", + "rev": "f17a5bbfd0969ba2e63a74505a80e55ecb174ed9", "type": "github" }, "original": { @@ -1095,11 +1073,11 @@ }, "stable": { "locked": { - "lastModified": 1724316499, - "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", + "lastModified": 1730883749, + "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", + "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede", "type": "github" }, "original": { From 078e12cbd737e880eedb5323d26516989857397f Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 6 Jan 2025 16:47:23 +0000 Subject: [PATCH 675/826] feat: enable the whiteboard --- applications/nextcloud.nix | 45 +++++++++++++++++++------------------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/applications/nextcloud.nix b/applications/nextcloud.nix index 04f52fa..bc7b1ae 100644 --- a/applications/nextcloud.nix +++ b/applications/nextcloud.nix @@ -59,11 +59,11 @@ in { r_type = "CNAME"; value = config.services.skynet.host.name; } - # { - # record = "whiteboard.${cfg.domain.sub}"; - # r_type = "CNAME"; - # value = config.services.skynet.host.name; - # } + { + record = "whiteboard.${cfg.domain.sub}"; + r_type = "CNAME"; + value = config.services.skynet.host.name; + } ]; # /var/lib/nextcloud/data @@ -87,6 +87,7 @@ in { extraApps = { inherit (config.services.nextcloud.package.packages.apps) richdocuments; }; + extraAppsEnable = true; settings = { trusted_proxies = ["193.1.99.65"]; @@ -96,15 +97,15 @@ in { }; }; - # environment.etc."nextcloud-whiteboard-secret".text = '' - # JWT_SECRET_KEY=test123 - # ''; - # - # services.nextcloud-whiteboard-server = { - # enable = true; - # settings.NEXTCLOUD_URL = "https://nextcloud.skynet.ie"; - # secrets = ["/etc/nextcloud-whiteboard-secret"]; - # }; + environment.etc."nextcloud-whiteboard-secret".text = '' + JWT_SECRET_KEY=test123 + ''; + + services.nextcloud-whiteboard-server = { + enable = true; + settings.NEXTCLOUD_URL = "https://nextcloud.skynet.ie"; + secrets = ["/etc/nextcloud-whiteboard-secret"]; + }; nixpkgs.config.allowUnfree = true; # impacted by https://github.com/NixOS /nixpkgs/issues/352443 @@ -122,14 +123,14 @@ in { useACMEHost = "skynet"; locations."/".proxyPass = "http://127.0.0.1:8000"; }; - # "whiteboard.${domain}" = { - # forceSSL = true; - # useACMEHost = "skynet"; - # locations."/" = { - # proxyPass = "http://localhost:3002"; - # proxyWebsockets = true; - # }; - # }; + "whiteboard.${domain}" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/" = { + proxyPass = "http://localhost:3002"; + proxyWebsockets = true; + }; + }; }; }; } From b46eca16b0b207d14e173d4e40286160749c5c07 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 9 Jan 2025 22:53:14 +0000 Subject: [PATCH 676/826] fix: switch over to usign ``active-git`` instead of ``active-gitlab`` --- .forgejo/workflows/deploy.yaml | 2 +- .forgejo/workflows/deploy_forgejo.yaml | 2 +- .gitlab-ci.yml | 4 ++-- README.md | 6 +++--- machines/glados.nix | 2 +- machines/wheatly.nix | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml index 0d0e32f..b3f6453 100644 --- a/.forgejo/workflows/deploy.yaml +++ b/.forgejo/workflows/deploy.yaml @@ -37,7 +37,7 @@ jobs: # - run: colmena build -v --on @active-core # - run: colmena build -v --on @active # - run: colmena build -v --on @active-ext -# - run: colmena build -v --on @active-gitlab +# - run: colmena build -v --on @active-git deploy_dns: runs-on: nix diff --git a/.forgejo/workflows/deploy_forgejo.yaml b/.forgejo/workflows/deploy_forgejo.yaml index 8a07870..0fee7f9 100644 --- a/.forgejo/workflows/deploy_forgejo.yaml +++ b/.forgejo/workflows/deploy_forgejo.yaml @@ -8,5 +8,5 @@ jobs: runs-on: nix steps: - uses: actions/checkout@v4 - - run: colmena apply -v --on @active-gitlab --show-trace + - run: colmena apply -v --on @active-git --show-trace shell: bash \ No newline at end of file diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 9a921fc..8b6254c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -124,7 +124,7 @@ build: - colmena build -v --on @active-core - colmena build -v --on @active - colmena build -v --on @active-ext - - colmena build -v --on @active-gitlab + - colmena build -v --on @active-git # dns always has to be deployed first deploy_dns: @@ -167,5 +167,5 @@ deploy_gitlab: <<: *deployment stage: deploy_gitlab script: - - colmena apply -v --on @active-gitlab + - colmena apply -v --on @active-git when: manual diff --git a/README.md b/README.md index f98fd97..1990b82 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ colmena build --on @active-dns Deploying is putting (apply-ing) the config tat was built onto the server, there is no need to build first, it will automatically do so. While the ***recommended way of deploying is using the CI/CD process*** there are times when you will have to manually deploy the config. -One such case is the ``@active-gitlab`` group if either Gitlab or Gitlab-runner got updated. +One such case is the ``@active-git`` group if either Gitlab or Gitlab-runner got updated. Another is if ye have fecked up DNS. Your ``~/.ssh/config`` should be set up as follows and you should be a member of ``skynet-admins-linux`` @@ -60,10 +60,10 @@ Then you can run the following commands like so: ```shell colmena apply colmena apply --on @active-dns -colmena apply --on @active-gitlab +colmena apply --on @active-git ``` -The CI/CD pipeline has a manual job that can be triggered to update ``@active-gitlab`` if you know it wont cause issues. +The CI/CD pipeline has a manual job that can be triggered to update ``@active-git`` if you know it wont cause issues. ### Agenix diff --git a/machines/glados.nix b/machines/glados.nix index cb2040e..842da0c 100644 --- a/machines/glados.nix +++ b/machines/glados.nix @@ -35,7 +35,7 @@ in { targetPort = 22; targetUser = null; - tags = ["active-gitlab"]; + tags = ["active-git"]; }; services.skynet = { diff --git a/machines/wheatly.nix b/machines/wheatly.nix index cbd6d4f..f38000b 100644 --- a/machines/wheatly.nix +++ b/machines/wheatly.nix @@ -33,7 +33,7 @@ in { targetPort = 22; targetUser = null; - tags = ["active-gitlab"]; + tags = ["active-git"]; }; services.skynet = { From 6d5d025e75accbcc6ca350709547b8c8f0e763be Mon Sep 17 00:00:00 2001 From: sysadm Date: Sat, 11 Jan 2025 18:27:13 +0000 Subject: [PATCH 677/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 78efad6..bcfc466 100644 --- a/flake.lock +++ b/flake.lock @@ -1058,11 +1058,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1732373358, - "narHash": "sha256-r4VUwCzbh59wDj8fYGWwrqLqCMxQ4UB54kPBPWx+tQ4=", + "lastModified": 1736620004, + "narHash": "sha256-4EkXBaZiOpmDlz+8SjNWDau/f6+v14LSd+6WR51Par0=", "ref": "refs/heads/main", - "rev": "3ca52f0a3dc81c73b11565d0f3611a7e0a4e1ca6", - "revCount": 114, + "rev": "e1da7f7c9a053205b1f0e970b2fa2f2d86567029", + "revCount": 116, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 3a7e23569a6fd379e49e3ffb2a3b95a79d91e606 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 15 Jan 2025 20:56:34 +0000 Subject: [PATCH 678/826] feat: add dns allocation for anime&manga minecraft server --- applications/games/minecraft.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/applications/games/minecraft.nix b/applications/games/minecraft.nix index b294698..9dce4bb 100644 --- a/applications/games/minecraft.nix +++ b/applications/games/minecraft.nix @@ -45,6 +45,10 @@ address = "minecraft.phildeb"; port = "25522"; } + { + address = "minecraft.anime"; + port = "25523"; + } ]; in { imports = [ From fcde956c939ba77ae6c8cac26b653f84621f877a Mon Sep 17 00:00:00 2001 From: sysadm Date: Sun, 26 Jan 2025 20:09:24 +0000 Subject: [PATCH 679/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index bcfc466..b04cbc8 100644 --- a/flake.lock +++ b/flake.lock @@ -904,11 +904,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1735938087, - "narHash": "sha256-Vx44a4GTL8+p6Xy4Ot3lKHvBngnqosTFdWbzq4vIdjU=", + "lastModified": 1737922006, + "narHash": "sha256-IcD9wXppeoP6SRWIJTV784XiuTKhU7SaKOH2SWscgHM=", "ref": "refs/heads/main", - "rev": "0a4f5281a545281c11c68185836ded2c17453306", - "revCount": 174, + "rev": "5fcc24a867c98be772eec8c6a65eddfbe52ab070", + "revCount": 175, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From b3732cfb166d1aca1f69f196d0b03ae160afa125 Mon Sep 17 00:00:00 2001 From: eliza Date: Thu, 6 Feb 2025 19:11:26 +0000 Subject: [PATCH 680/826] Log rule for Minecraft Bedrock servers Some UDP ports have been opened for Bedrock --- ITD/Firewall_Rules.csv | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ITD/Firewall_Rules.csv b/ITD/Firewall_Rules.csv index 64f2e32..d59d1c3 100644 --- a/ITD/Firewall_Rules.csv +++ b/ITD/Firewall_Rules.csv @@ -42,4 +42,5 @@ SKYNET_FIREWALL_00030,Add,i24-06-04_017,Complete,193.1.99.83,SKYNET00020,193.1.9 SKYNET_FIREWALL_00031,Add,i24-06-04_017,Complete,All,-,193.1.99.83,SKYNET00020,"80, 443",-,Web interface for Metrics server SKYNET_FIREWALL_00032,Remove,i24-06-04_017,Complete,All,-,193.1.99.90,SKYNET00016,8080,-,Had incorrectly opened 8080 on the main panel SKYNET_FIREWALL_00033,Add,i24-06-04_017,Complete,All,-,193.1.99.91,SKYNET00017,8080,-,Websocket for admin panel on games management server -,Add,i24-07-15_112,Denied,193.1.99.75,-,-,-,22,-,Response from ITD - 'Our IT Security team have advised that port 22 and port 2222 are only to be allowed through the VPN and will not be opened to allow inbound ssh connections directly from the internet' \ No newline at end of file +,Add,i24-07-15_112,Denied,193.1.99.75,-,-,-,22,-,Response from ITD - 'Our IT Security team have advised that port 22 and port 2222 are only to be allowed through the VPN and will not be opened to allow inbound ssh connections directly from the internet' +SKYNET_FIREWALL_00034,Add,i25-01-26_075,Complete,All,-,193.1.99.91,SKYNET00017,23318-23325 UDP,-,Ports for Minecraft Bedrock on the main games server. \ No newline at end of file From f84d4342f3d3829be6822b0be075f07f63b8a150 Mon Sep 17 00:00:00 2001 From: eliza Date: Thu, 6 Feb 2025 19:11:57 +0000 Subject: [PATCH 681/826] Update ITD/Firewall_Rules.csv --- ITD/Firewall_Rules.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ITD/Firewall_Rules.csv b/ITD/Firewall_Rules.csv index d59d1c3..1563996 100644 --- a/ITD/Firewall_Rules.csv +++ b/ITD/Firewall_Rules.csv @@ -43,4 +43,4 @@ SKYNET_FIREWALL_00031,Add,i24-06-04_017,Complete,All,-,193.1.99.83,SKYNET00020," SKYNET_FIREWALL_00032,Remove,i24-06-04_017,Complete,All,-,193.1.99.90,SKYNET00016,8080,-,Had incorrectly opened 8080 on the main panel SKYNET_FIREWALL_00033,Add,i24-06-04_017,Complete,All,-,193.1.99.91,SKYNET00017,8080,-,Websocket for admin panel on games management server ,Add,i24-07-15_112,Denied,193.1.99.75,-,-,-,22,-,Response from ITD - 'Our IT Security team have advised that port 22 and port 2222 are only to be allowed through the VPN and will not be opened to allow inbound ssh connections directly from the internet' -SKYNET_FIREWALL_00034,Add,i25-01-26_075,Complete,All,-,193.1.99.91,SKYNET00017,23318-23325 UDP,-,Ports for Minecraft Bedrock on the main games server. \ No newline at end of file +SKYNET_FIREWALL_00034,Add,i25-01-26_075,Complete,All,-,193.1.99.91,SKYNET00017,-,23318-23325,Ports for Minecraft Bedrock on the main games server. \ No newline at end of file From c190f527eec9de92f55b6de3a5046470453d94af Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Sun, 9 Feb 2025 21:22:52 +0000 Subject: [PATCH 682/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index b04cbc8..d8aa587 100644 --- a/flake.lock +++ b/flake.lock @@ -1058,11 +1058,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1736620004, - "narHash": "sha256-4EkXBaZiOpmDlz+8SjNWDau/f6+v14LSd+6WR51Par0=", + "lastModified": 1739136116, + "narHash": "sha256-JOgNm1WkPs1rpoVihRztRJEF8niIogiFfz6gvyEA+OY=", "ref": "refs/heads/main", - "rev": "e1da7f7c9a053205b1f0e970b2fa2f2d86567029", - "revCount": 116, + "rev": "96822e7b2fd693bb45bae11a1763ba52f7d3af82", + "revCount": 118, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From f866767c89cf0196fcfdc97c5209d0ef316a24fb Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 9 Feb 2025 22:30:21 +0000 Subject: [PATCH 683/826] feat: update nixpkgs to get teh new forgejo version Roundcube is failing to build though --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index d8aa587..3965e0d 100644 --- a/flake.lock +++ b/flake.lock @@ -776,11 +776,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1736012469, - "narHash": "sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs+rI=", + "lastModified": 1739020877, + "narHash": "sha256-mIvECo/NNdJJ/bXjNqIh8yeoSjVLAuDuTUzAo7dzs8Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8f3e1f807051e32d8c95cd12b9b421623850a34d", + "rev": "a79cfe0ebd24952b580b1cf08cd906354996d547", "type": "github" }, "original": { From 2f3fd4f56532094fb6d50a514043af07cb2b2ac0 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 9 Feb 2025 22:39:39 +0000 Subject: [PATCH 684/826] feat: update lix --- flake.lock | 20 ++++++++++---------- flake.nix | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/flake.lock b/flake.lock index 3965e0d..07ea4f0 100644 --- a/flake.lock +++ b/flake.lock @@ -419,15 +419,15 @@ "lix": { "flake": false, "locked": { - "lastModified": 1729298361, - "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=", - "rev": "ad9d06f7838a25beec425ff406fe68721fef73be", + "lastModified": 1737234286, + "narHash": "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=", + "rev": "2837da71ec1588c1187d2e554719b15904a46c8b", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2837da71ec1588c1187d2e554719b15904a46c8b.tar.gz?rev=2837da71ec1588c1187d2e554719b15904a46c8b" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/2.92.0.tar.gz" } }, "lix-module": { @@ -440,15 +440,15 @@ ] }, "locked": { - "lastModified": 1729360442, - "narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=", - "rev": "9098ac95768f7006d7e070b88bae76939f6034e6", + "lastModified": 1737237494, + "narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=", + "rev": "b90bf629bbd835e61f1317b99e12f8c831017006", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/9098ac95768f7006d7e070b88bae76939f6034e6.tar.gz?rev=9098ac95768f7006d7e070b88bae76939f6034e6" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/b90bf629bbd835e61f1317b99e12f8c831017006.tar.gz?rev=b90bf629bbd835e61f1317b99e12f8c831017006" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0.tar.gz" } }, "naersk": { diff --git a/flake.nix b/flake.nix index 4097942..2d96432 100644 --- a/flake.nix +++ b/flake.nix @@ -8,7 +8,7 @@ # nixpkgs.url = "nixpkgs/nixos-unstable"; lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; From bff4e873663564ee14c0caf7fcb0de9aa949033e Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Mon, 10 Feb 2025 00:00:40 +0000 Subject: [PATCH 685/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 07ea4f0..22ba51d 100644 --- a/flake.lock +++ b/flake.lock @@ -1058,11 +1058,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1739136116, - "narHash": "sha256-JOgNm1WkPs1rpoVihRztRJEF8niIogiFfz6gvyEA+OY=", + "lastModified": 1739145015, + "narHash": "sha256-xjp0xVnmV5Swg/7TOEC6yeTmxPGhOMQF4qegArwXapY=", "ref": "refs/heads/main", - "rev": "96822e7b2fd693bb45bae11a1763ba52f7d3af82", - "revCount": 118, + "rev": "b4d202739efe473f473b38d5ceec926a17239aa9", + "revCount": 120, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 1c608bbb76d89e27ec67ee27ac3e71a72cdeafbe Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Mon, 10 Feb 2025 00:09:28 +0000 Subject: [PATCH 686/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 22ba51d..365ce6a 100644 --- a/flake.lock +++ b/flake.lock @@ -1058,11 +1058,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1739145015, - "narHash": "sha256-xjp0xVnmV5Swg/7TOEC6yeTmxPGhOMQF4qegArwXapY=", + "lastModified": 1739146138, + "narHash": "sha256-EtXWx3wg0Y8bKLdTPwm7GzA72CnT2GckYvzRaKf66Zk=", "ref": "refs/heads/main", - "rev": "b4d202739efe473f473b38d5ceec926a17239aa9", - "revCount": 120, + "rev": "b2c134d950e4fa736b0608a295abbc3fc37c2626", + "revCount": 121, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 6fe6c531cc55538f011666e55c2ff015d35c941a Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 11 Feb 2025 19:29:35 +0000 Subject: [PATCH 687/826] temp: adding Shay for reasons related to a template for the user_deploy --- config/users.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/users.nix b/config/users.nix index 770260f..51ec6d2 100644 --- a/config/users.nix +++ b/config/users.nix @@ -78,6 +78,8 @@ in { "evanc" "eliza" "esy" + # for temp reasons + "peace" ]; trainee = []; lifetime = []; From 8824d7c62a3fe3cef110954b5cdab63a2e45f72f Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 12 Feb 2025 14:21:06 +0000 Subject: [PATCH 688/826] feat: bump nixpkgs to get gir building properly again --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 365ce6a..e6ed1e0 100644 --- a/flake.lock +++ b/flake.lock @@ -776,11 +776,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1739020877, - "narHash": "sha256-mIvECo/NNdJJ/bXjNqIh8yeoSjVLAuDuTUzAo7dzs8Y=", + "lastModified": 1739214665, + "narHash": "sha256-26L8VAu3/1YRxS8MHgBOyOM8xALdo6N0I04PgorE7UM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a79cfe0ebd24952b580b1cf08cd906354996d547", + "rev": "64e75cd44acf21c7933d61d7721e812eac1b5a0a", "type": "github" }, "original": { From 66e8436133d224878fafe138d374546672be2bfd Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Wed, 12 Feb 2025 15:09:16 +0000 Subject: [PATCH 689/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index e6ed1e0..7f72b07 100644 --- a/flake.lock +++ b/flake.lock @@ -1058,11 +1058,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1739146138, - "narHash": "sha256-EtXWx3wg0Y8bKLdTPwm7GzA72CnT2GckYvzRaKf66Zk=", + "lastModified": 1739372916, + "narHash": "sha256-biW8No02zuEfwu9Xxo02LEEkDB2n7W5DGmixC1Rezug=", "ref": "refs/heads/main", - "rev": "b2c134d950e4fa736b0608a295abbc3fc37c2626", - "revCount": 121, + "rev": "b6f4f3b1bae936343a1ed94b4e2b8a02bd3509d1", + "revCount": 122, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From ba8999b419ff42fd04e646606f2191ec961a46ec Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Thu, 13 Feb 2025 17:59:34 +0000 Subject: [PATCH 690/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 7f72b07..3804a6b 100644 --- a/flake.lock +++ b/flake.lock @@ -1058,11 +1058,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1739372916, - "narHash": "sha256-biW8No02zuEfwu9Xxo02LEEkDB2n7W5DGmixC1Rezug=", + "lastModified": 1739469536, + "narHash": "sha256-WjumGLWkAeVoXWQ7eqC1ki32ehU626n9HfrWwefMwWI=", "ref": "refs/heads/main", - "rev": "b6f4f3b1bae936343a1ed94b4e2b8a02bd3509d1", - "revCount": 122, + "rev": "ad79fb617da1204097e1d04aaf65b159db042a98", + "revCount": 123, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 7ed5cf1b807516a80677199ceb0b44abba111067 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Sat, 15 Feb 2025 00:45:59 +0000 Subject: [PATCH 691/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 3804a6b..aef7599 100644 --- a/flake.lock +++ b/flake.lock @@ -1058,11 +1058,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1739469536, - "narHash": "sha256-WjumGLWkAeVoXWQ7eqC1ki32ehU626n9HfrWwefMwWI=", + "lastModified": 1739580335, + "narHash": "sha256-n9LuI33Ycen3bLS/F5b6df7F61A2wpCRG7Cf1FeVRlc=", "ref": "refs/heads/main", - "rev": "ad79fb617da1204097e1d04aaf65b159db042a98", - "revCount": 123, + "rev": "1df4c0bcd32414fee9bd7ef47bed1137d9f4576a", + "revCount": 126, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From c57ca6ab119defca7be507e16e19f37ef3559f9d Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 12 Feb 2025 22:30:23 +0000 Subject: [PATCH 692/826] feat: adding another runner to speed up deployment Closes #139 --- applications/git/forgejo_runner.nix | 56 ++++++++++++++-------------- machines/glados.nix | 5 +++ machines/wheatly.nix | 5 ++- secrets/forgejo/runners/ssh.age | Bin 1381 -> 1491 bytes secrets/forgejo/runners/token.age | 19 ---------- secrets/forgejo/runners/token1.age | Bin 0 -> 1138 bytes secrets/forgejo/runners/token2.age | 21 +++++++++++ secrets/secrets.nix | 6 ++- 8 files changed, 63 insertions(+), 49 deletions(-) delete mode 100644 secrets/forgejo/runners/token.age create mode 100644 secrets/forgejo/runners/token1.age create mode 100644 secrets/forgejo/runners/token2.age diff --git a/applications/git/forgejo_runner.nix b/applications/git/forgejo_runner.nix index 29029cb..c43ecec 100644 --- a/applications/git/forgejo_runner.nix +++ b/applications/git/forgejo_runner.nix @@ -15,21 +15,23 @@ in { options.services.skynet."${name}" = { enable = mkEnableOption "Skynet ForgeJo Runner"; - runner = { - name = mkOption { - type = types.str; - default = config.networking.hostName; - }; + name = mkOption { + type = types.str; + default = config.networking.hostName; + }; - website = mkOption { - default = "https://forgejo.skynet.ie"; - type = types.str; - }; + website = mkOption { + default = "https://forgejo.skynet.ie"; + type = types.str; + }; - user = mkOption { - default = "gitea-runner"; - type = types.str; - }; + user = mkOption { + default = "gitea-runner"; + type = types.str; + }; + + secret = mkOption { + type = types.path; }; }; @@ -40,23 +42,23 @@ in { ]; age.secrets.forgejo_runner_token = { - file = ../../secrets/forgejo/runners/token.age; - owner = cfg.runner.user; - group = cfg.runner.user; + file = cfg.secret; + owner = cfg.user; + group = cfg.user; }; # make sure the ssh config stuff is in teh right palce systemd.tmpfiles.rules = [ - #"d /home/${cfg.runner.user} 0755 ${cfg.runner.user} ${cfg.runner.user}" - "L+ /home/${cfg.runner.user}/.ssh/config 0755 ${cfg.runner.user} ${cfg.runner.user} - ${./ssh_config}" + #"d /home/${cfg.user} 0755 ${cfg.user} ${cfg.user}" + "L+ /home/${cfg.user}/.ssh/config 0755 ${cfg.user} ${cfg.user} - ${./ssh_config}" ]; age.secrets.forgejo_runner_ssh = { file = ../../secrets/forgejo/runners/ssh.age; mode = "600"; - owner = "${cfg.runner.user}"; - group = "${cfg.runner.user}"; + owner = "${cfg.user}"; + group = "${cfg.user}"; symlink = false; - path = "/home/${cfg.runner.user}/.ssh/skynet/root"; + path = "/home/${cfg.user}/.ssh/skynet/root"; }; nix = { @@ -94,14 +96,14 @@ in { # give teh runner user a home to store teh ssh config stuff systemd.services.gitea-runner-default.serviceConfig = { DynamicUser = lib.mkForce false; - User = lib.mkForce cfg.runner.user; + User = lib.mkForce cfg.user; }; users = { - groups."${cfg.runner.user}" = {}; - users."${cfg.runner.user}" = { + groups."${cfg.user}" = {}; + users."${cfg.user}" = { #isSystemUser = true; isNormalUser = true; - group = cfg.runner.user; + group = cfg.user; createHome = true; shell = pkgs.bash; }; @@ -118,8 +120,8 @@ in { package = pkgs.forgejo-actions-runner; instances.default = { enable = true; - name = cfg.runner.name; - url = cfg.runner.website; + name = cfg.name; + url = cfg.website; tokenFile = config.age.secrets.forgejo_runner_token.path; labels = [ ## optionally provide native execution on the host: diff --git a/machines/glados.nix b/machines/glados.nix index 842da0c..5e499d8 100644 --- a/machines/glados.nix +++ b/machines/glados.nix @@ -28,6 +28,7 @@ in { imports = [ ../applications/git/gitlab.nix ../applications/git/forgejo.nix + ../applications/git/forgejo_runner.nix ]; deployment = { @@ -43,5 +44,9 @@ in { backup.enable = true; gitlab.enable = true; forgejo.enable = true; + forgejo_runner = { + enable = true; + secret = ../secrets/forgejo/runners/token2.age; + }; }; } diff --git a/machines/wheatly.nix b/machines/wheatly.nix index f38000b..cb9cdb6 100644 --- a/machines/wheatly.nix +++ b/machines/wheatly.nix @@ -39,6 +39,9 @@ in { services.skynet = { host = host; backup.enable = true; - forgejo_runner.enable = true; + forgejo_runner = { + enable = true; + secret = ../secrets/forgejo/runners/token1.age; + }; }; } diff --git a/secrets/forgejo/runners/ssh.age b/secrets/forgejo/runners/ssh.age index 7a716d1b83c03bf40c05fa613d047819829ce36a..ffda5eb6e8a0c5b981cac03e17035e0102c69a43 100644 GIT binary patch delta 1406 zcmaFLb(wpDPJNVDcA`OcVP0lpNlA`{d3r@=c13}=Wm05bmX}wtxqnb#NvLUxi$QXb zFIQlqab#IlNO`iCr*pV*X^LTbfU#$Icz8vMS$=9zWKxx%UxcTnxsiFI1(&X!LUD11 zZfc5=si~o*f=NJCRDQZbL12YfQDB8*Xm(MOc6qp0qML=6X}OPcnqg#VWM-*fxl6jA zK|y$VX_i|#S6EtlsF8EIiCaZPRar=qwo!PAcR)yxSyn-1xsOv&d1|3$xv8^3N{XlF z#E;_P6^Z8FA$cyPnNCK=RjD4iMQ$beP8o$k`eqebUcM12C5|4J#=(y6*;~B-n%&H8Fs~lam z%REc93(Lxbf{I+DJS%)HgCi^gQ$sz1o$^Z!{e3M`oLpSF94$)IjeQbBlfuFRf~(A3 zwaWudojnrMQv59pGK}4gjSBoTy#14$G6E)_VU(y3H8G5EFLy~bHE^^j4AwXGERXax zO0vidam_HZa4Gb&NbyQc%?&d2&I#l)&MnHyND3@5GpI@nG&S?~Gz=;!GOx-t%k}Uq zb}uu^cg`s{^G^>-s&qw<0PnCOi=uLc%A(-J{3^%t^um;+NY_G3&-$W3m!zOf{alOk z{9Lp0f`Fiski@jiG@rb5uA;oa(mapk@&Z#&*WmR0Eb}bq3ZuYC18?`LQpW<55XY)~ z=a2v=Gar8gbnDVG6Ae=X74rR4a&o-^n)`JokA?? zgPc-Bg9BUwL%A$m%2SdIjZ!R<9YZ3LBHgo!Op6P`Lk*L1ioGq(Ow--WT+OpGj9nc~ z1JSK>F7yv^4^#;9Eis8SE;5OzFiUg|P0WbQFUxW%F)>TgHwf@|GPiVg_ILEj3XBRd zbma<8EORt8DX5QhGdGK>2zL(;&MGYR$qq?$^7X262`F~cPSbaB^fYs;GIT_@t~9F3 z$v9mh(ySuXD^1%n(Zn||D9_9(D$L8E(lXu6Bgd_(GFiXWJlokMr^F*a!oz|qC^EQM zJ2A)5&CJ_8#GpK|Fw(C$HK(ei-pAaj(8$ZZG~LZ7(A3+@#I3@WOIKG{At9rWW^z97zJ;cn(%$+j zMz3alymfJ%z25l`$2SLlUVAg}%F`3?uiUAxTR!`0;O^4JYma_CaATR)=T)Ly^;d4U zykwc*D7Ak{<+~*(>euC(@HHBT-ClV-o@xHktNiQjK3^(7aZ92x|IqE(e^Qd~U73;l zzvSKR$>u!jSEnlGSFC2@KGY@qs6xiYo=w?xZ^8uYLyMOMEOWnlxMK&axkSd~Os}O( zleV>;CgA{_hjv{L*%G&MeylS;a9n(BePzTg+9oG-^JJKU8z!4p)+AM?Y?DPhW= f4~5Mo3u==ex-xrBK3y>9MLgeP-T9mM^@afeh87SR delta 1296 zcmcc2{gi8hPQ7bpP+qb{Rho-)rlpyAslQ*2TVi2`Z%~!FXPJ+QSx`V#L~(|1qP~BG zCzn}Zu#rKKb5yQ{pI2yTkhg(Pgn3A0Ns7O5NnwqVFoUqd5#qZez`ubz8Tst=3QZ|6Ez2}8am@2e zHg*Y0bayHW@vKZr%=alwkBT((uFU7kG>R(o@C@|O*A6H%sPaj!GIDn|3e3$b^EB~G zE_6>e$#C_^i3-WI%t=O%0PnCOi=uLc($sKwDJ9H$^l1E-=A(|XsmiWEN+_plJ> z$nu=TGHug>GRvSaePiQvu7a{E56`ev6QlA{--3`Z=O|AOj83a-J_gbi~X|-UA&F! zJ;MVX!%`DneYs2v0#bsU13XgvGP0c`iZb=1+`~LV4U0`HJd3@(5{rzC%cH^qyc?EcP@B za^-;&M?Z()^~LaEYFNE3rMQ)_0P!9D6h)S$jf!NG&4>0G4%6xwJ7GwygFC)nDE>8 zRY{$iF0%`I4m%iddXQ8lpT^hqJpFIwmh~SLEqfVw{^V8tXvr0;z6VVIF3uWw&c5)=Kl4pT z_Z=$>jI@z(^Re}3-XyTHh@Wxl`qa0F?HT1F#C{%2UUS;B{fHwc&zrhi9Q!5Zw{^Zc z9JX*?Oqc1?^|1w;rM3i_vhI<}@SLV*62tVd&ZFYRH^%v<&TX1bZ_hZqP_IwhZIi5A zm2&@t4a*%y7Nb)atJPWLCc55R`L5&D*~S>t=}QtT4{f<7(R$2KGEymS%HALPYQI?P z-aT8lLVb(k!Y5l)6dAX~RNh)77?O$mE$I+?R6QtWCiU2AV>LmaG diff --git a/secrets/forgejo/runners/token.age b/secrets/forgejo/runners/token.age deleted file mode 100644 index 2bdb872..0000000 --- a/secrets/forgejo/runners/token.age +++ /dev/null @@ -1,19 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 V1pwNA kZ6MC1GXuminn2Hlomkep1wIv1lp6KpJOJcpXkhQWWM -K1B58FSyb4QpINlhuvVv4dGFNjTChU1KNoezZcS/a6Y --> ssh-ed25519 4PzZog pbxwzRvcsOgY9hd48BZEOH6VHFLn93gJ8yDHQyNIiSI -Fa/Z6si9vyox/pmPvWTndyYCQxo7tcvdlRuTgw6IY9g --> ssh-ed25519 dA0vRg OW2y/LkN/287NVuRRlSpihR+k/MZ+a0R5cIrHFne6RI -U0ZqipfDlpz9LeXKNWkl7tYCnsBjSQz8q4mETBVEalI --> ssh-ed25519 5Nd93w jDy3i1Z1NWYqdVdw4h+maaBjokVWNrSfHtSQotb2bWg -PtgX9L78wpJHiX4lmP+H0bfRZd/tNfHrUEAShJ38ss8 --> ssh-ed25519 q8eJgg BCaUEZ3H3BglgKPAbl/ITQaEv9Jc2rRAoFuPXhy4WFI -DMqJu0vjDJ8rIXLSL17Dx4Aoq8Uhdo4jU8g1jTSvMK4 --> ssh-ed25519 KVr8rw dKk0SN9SXTQsPwMFiKKMuoRwzTHJB8kr33nadRzBoDc -m2xPKYFMC/y5fKkgaBc+5TVg9ZH+zVSM9I4I3htSm7I --> ssh-ed25519 fia1eQ NGl1o/38iTm6QiQB7pl0NBkohMZGLMeaXZ37TV184B4 -zk/DTLhuGfhDU3gNA7S0BjGOowteEhR9v5oNmOkWTGU --> ssh-ed25519 CqOTGQ JbZYKqGfWeVu/JEAAeC6wE4QvKLEeidvggQnm6beJxA -ArogOkTDAnvC1SKPkSGapNix2W6yvku1QFOFs9bvuGA ---- yWZoUAOfSIL4FbWSAvhVkOEbUA1u3XPGKB1gNka/xfo -zlȑ LC$?Hc|۹.-j l}9:KӮU^IO6 \ No newline at end of file diff --git a/secrets/forgejo/runners/token1.age b/secrets/forgejo/runners/token1.age new file mode 100644 index 0000000000000000000000000000000000000000..50ad61e1019d108e153f0a30a0a6bd6fa460a806 GIT binary patch literal 1138 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5!v5N-8eP z$TBuAu1YN|$urMQ4=we{t;#9Sb~nliD$Ub2H8eIX^eM>-b>;H5a1A!IOw$fDN;kDI zG4S?F2{5xX^)pGzEb?~=bn++*Dou4uu1pLHaYeVyB%mrPKV8AY!=x%Z%sV49+n~ZM zBE2Hr-^iuZ!^y3*z~3!1#K6?l+$}AwFt4mA%#q8(E7-&@C@s*`*ef`>!oxp3JIgXp z-`6WU(Z|f(Ff!T9Lf_r5vNFj#JR9A%6i0)ypmc=-=ZqBRDg#5aynt*|e|L|_3 z63gUr4-*TQsw`u}%5-$wO#Ms89O)Vk=^YWqs4a`$h91Q}ha(xT6 zb3(H$$_&tLE3`=UN>5kts7lRn$_WZIH})zBH#c+)cGV9t%P+$)jmpipNOjD1^v0Ia^;vT5rr=L^ewg}6p~XMl44~HRp91xUcV47|ik&_rzQD~lTnvzuH8;D_BX;hVyak_$!VY;E8K~Ys`u6|}nMQL_! zNK|E!cVwxdae8@4W^sXmuaAYFet^4=vm;lQsaHs3W~Nb&d%1p*pSyXMV^v~OW@2W! zdwHlyq_&U0dtiiRP;f!2ejt~wuC9WwpKnA^UXnqcvv+_|rfX5DM@F!*zNKMWvRS!V zNTyj?MPWp?Q%;D1aXwebR#!12;aRy)j@jI5TFapBl_(LgRo7)Je_iv%-V2qrcV@Ch xOV3Z=Bi;4z?=L>D``4l-Zn@m>u{<~1_wvTvI-e><57$oH)YpsZI#%dE1^_c)ahw1E literal 0 HcmV?d00001 diff --git a/secrets/forgejo/runners/token2.age b/secrets/forgejo/runners/token2.age new file mode 100644 index 0000000..3c1c894 --- /dev/null +++ b/secrets/forgejo/runners/token2.age @@ -0,0 +1,21 @@ +age-encryption.org/v1 +-> ssh-ed25519 V1pwNA DmSENr+7db9t/epcMdOAjr2qt4rSHWopkuS3/xyz+xY +ClfO4iYTReIp6jvUBqQutkXx4XRJ++u8EsspNdDZ8kw +-> ssh-ed25519 4PzZog QzQ5iPiSSruoDS+PDNI+/6PnIYEnnFTvnrxK4W2ZK3Y +iTETtsauc6clML06hoMr7kinsOirURTECfB/PzJaFT4 +-> ssh-ed25519 dA0vRg UCPTgYh2/8JTajlTIgvk64eKNNMHe4ZxIDILxIGAL18 +Qj0ZS/iNwusCONf9Rh05ftd4cHSmWz7bLZ8HHtQewMo +-> ssh-ed25519 5Nd93w D/87p469o+CW9TOqQb4C+3a9+xRvZ4bzk7vr0wXhdRk +E/uvMfpOPvWosWS4s18f+xmexQcpJ0NED1N35pL5IjI +-> ssh-ed25519 q8eJgg pSW+R1LjAdCTL/ys1X93jSSC+ga1phB8iYqAJ1Ic0yw +IFl+195woVbHjz23w3mxBPkjtbfke3C+jYacWWKOpio +-> ssh-ed25519 KVr8rw KfPs+1IA7M7dYqkUW9vty+xl/8loMZDgVFee/ZR+F0M +mTK9yjQR18aKfw/xEdfsnGXPKxqDi1bKPj2mLtB2Xg4 +-> ssh-ed25519 fia1eQ M7nASBk9cGmZmMHf115JAazAEx3tS+sIVB49KlXltWc +YJ48iqVSJQooltbXvw+olKC4ZZt9a92TR2uQ0xROAPY +-> ssh-ed25519 CqOTGQ CeIqatgAbFS8oNy3fOOJdIkLM0X9AwV2zbpQHcOcICM +qAHOkFsbM5fTxcpLFz9Iz16MVBA1oVqlxUADrLxDRrA +-> ssh-ed25519 uZzB3g eA/GpdA5UKoleGcq9BHwj59Hz86YX7oF3LoG6zZ1ogE +sIs5D3s72gVGglG37S0eDLUTEzuy2U9Nbi03aOJ3W4c +--- rkCxZNLeKI9HMNZnwiFRaL1AsIUYtXYJT/YyJ1UMRqc +!Vp-p|_to Ukt`@ xzWں GF=]iY;YOi}J/, \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index ca7480f..cad986a 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -77,6 +77,7 @@ let gitlab_runners = [ wheatly + glados ]; grafana = [ @@ -117,7 +118,8 @@ in { "gitlab/runners/runner01.age".publicKeys = users ++ gitlab_runners; "gitlab/runners/runner02.age".publicKeys = users ++ gitlab_runners; - "forgejo/runners/token.age".publicKeys = users ++ gitlab_runners; + "forgejo/runners/token1.age".publicKeys = users ++ gitlab_runners; + "forgejo/runners/token2.age".publicKeys = users ++ gitlab_runners; "forgejo/runners/ssh.age".publicKeys = users ++ gitlab_runners; # for ldap @@ -130,7 +132,7 @@ in { "backup/restic_pw.age".publicKeys = users ++ restic; # discord bot and discord - "discord/token.age".publicKeys = users ++ discord; + "discord/token1.age".publicKeys = users ++ discord; # email stuff "email/details.age".publicKeys = users ++ ldap ++ discord; From af828b56e5d454a30e9e4878d72906e4a3f17892 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 14 Feb 2025 11:52:13 +0000 Subject: [PATCH 693/826] doc: updated the servers list --- ITD/Server_Inventory.csv | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/ITD/Server_Inventory.csv b/ITD/Server_Inventory.csv index dfbc30d..f4c6ed9 100644 --- a/ITD/Server_Inventory.csv +++ b/ITD/Server_Inventory.csv @@ -14,11 +14,14 @@ SKYNET00012,skynet,Active,193.1.96.165,Nixos-24.05,Skynet server. (DMZ) SKYNET00013,neuromancer,Active,193.1.99.080,Nixos-24.05,Local Backup Server SKYNET00014,cadie,Active,193.1.99.077,Nixos-24.05,"Services VM, has nextcloud to start with" SKYNET00015,marvin,Active,193.1.99.081,Nixos-24.05,Trainee testing server -SKYNET00016,optimus,Active,193.1.99.090,Debian-12,Games server manager (replacing SKYNET00006 soon) -SKYNET00017,bumblebee,Active,193.1.99.091,Debian-12,Game server - Minecraft +SKYNET00016,optimus,Retired,193.1.99.090,Debian-12,Games server manager (replacing SKYNET00006 soon) +SKYNET00017,bumblebee,Retired,193.1.99.091,Debian-12,Game server - Minecraft SKYNET00018,calculon,Active,193.1.99.082,Nixos-24.05,"Public Services such as binary cache, Open Governance and Keyserver" SKYNET00019,deepthought,Active,193.1.99.112,Nixos-24.05,Backup Test Server using restic SKYNET00020,ariia,Active,193.1.99.083,Nixos-24.05,"Metrics, Grafana and Prometheus" SKYNET00021,ash,Active,193.1.99.114,NA,Server Room Network access SKYNET00022,ultron,Active,193.1.99.084,Proxmox,VM Host -SKYNET00023,optimus-test,Active,193.1.99.085,Nixos,Testing flake for Pelecian \ No newline at end of file +SKYNET00023,optimus-test,Retired,193.1.99.085,Nixos,Testing flake for Pelecian +SKYNET00024,optimus,Active,193.1.99.090,Nixos,Games server manager (replaced SKYNET00016) +SKYNET00025,bumblebee,Active,193.1.99.091,Nixos,Game server - Minecraft (replaced SKYNET00017) +SKYNET00027,Raspberry Pi,Active,193.1.99.085,Raspbian,Proxmox Qurom server \ No newline at end of file From 8b168f3b11afd0c01105c1c138a5144dea51abc0 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 14 Feb 2025 11:52:37 +0000 Subject: [PATCH 694/826] doc: add teh pending port request for teh forgejo runner --- ITD/Firewall_Rules.csv | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ITD/Firewall_Rules.csv b/ITD/Firewall_Rules.csv index 1563996..b8b1b97 100644 --- a/ITD/Firewall_Rules.csv +++ b/ITD/Firewall_Rules.csv @@ -43,4 +43,5 @@ SKYNET_FIREWALL_00031,Add,i24-06-04_017,Complete,All,-,193.1.99.83,SKYNET00020," SKYNET_FIREWALL_00032,Remove,i24-06-04_017,Complete,All,-,193.1.99.90,SKYNET00016,8080,-,Had incorrectly opened 8080 on the main panel SKYNET_FIREWALL_00033,Add,i24-06-04_017,Complete,All,-,193.1.99.91,SKYNET00017,8080,-,Websocket for admin panel on games management server ,Add,i24-07-15_112,Denied,193.1.99.75,-,-,-,22,-,Response from ITD - 'Our IT Security team have advised that port 22 and port 2222 are only to be allowed through the VPN and will not be opened to allow inbound ssh connections directly from the internet' -SKYNET_FIREWALL_00034,Add,i25-01-26_075,Complete,All,-,193.1.99.91,SKYNET00017,-,23318-23325,Ports for Minecraft Bedrock on the main games server. \ No newline at end of file +SKYNET_FIREWALL_00034,Add,i25-01-26_075,Complete,All,-,193.1.99.91,SKYNET00017,-,23318-23325,Ports for Minecraft Bedrock on the main games server. +,Add,,Pending,193.1.99.75,SKYNET00008,193.1.96.165,SKYNET00012,22,-,Allow our forgejo runner to access and deploy to teh external server \ No newline at end of file From 82108776ce97bd4d782d1ed48e3cd09f4fe00378 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 19 Feb 2025 10:00:58 +0000 Subject: [PATCH 695/826] doc: updated teh spreadsheet for the ports --- ITD/Firewall_Rules.csv | 2 +- ITD/Server_Inventory.csv | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ITD/Firewall_Rules.csv b/ITD/Firewall_Rules.csv index b8b1b97..c955339 100644 --- a/ITD/Firewall_Rules.csv +++ b/ITD/Firewall_Rules.csv @@ -44,4 +44,4 @@ SKYNET_FIREWALL_00032,Remove,i24-06-04_017,Complete,All,-,193.1.99.90,SKYNET0001 SKYNET_FIREWALL_00033,Add,i24-06-04_017,Complete,All,-,193.1.99.91,SKYNET00017,8080,-,Websocket for admin panel on games management server ,Add,i24-07-15_112,Denied,193.1.99.75,-,-,-,22,-,Response from ITD - 'Our IT Security team have advised that port 22 and port 2222 are only to be allowed through the VPN and will not be opened to allow inbound ssh connections directly from the internet' SKYNET_FIREWALL_00034,Add,i25-01-26_075,Complete,All,-,193.1.99.91,SKYNET00017,-,23318-23325,Ports for Minecraft Bedrock on the main games server. -,Add,,Pending,193.1.99.75,SKYNET00008,193.1.96.165,SKYNET00012,22,-,Allow our forgejo runner to access and deploy to teh external server \ No newline at end of file +SKYNET_FIREWALL_00035,Add,i25-02-14_114,Complete,193.1.99.75,SKYNET00008,193.1.96.165,SKYNET00012,22,-,Allow our forgejo runner to access and deploy to teh external server \ No newline at end of file diff --git a/ITD/Server_Inventory.csv b/ITD/Server_Inventory.csv index f4c6ed9..d9a63f5 100644 --- a/ITD/Server_Inventory.csv +++ b/ITD/Server_Inventory.csv @@ -24,4 +24,4 @@ SKYNET00022,ultron,Active,193.1.99.084,Proxmox,VM Host SKYNET00023,optimus-test,Retired,193.1.99.085,Nixos,Testing flake for Pelecian SKYNET00024,optimus,Active,193.1.99.090,Nixos,Games server manager (replaced SKYNET00016) SKYNET00025,bumblebee,Active,193.1.99.091,Nixos,Game server - Minecraft (replaced SKYNET00017) -SKYNET00027,Raspberry Pi,Active,193.1.99.085,Raspbian,Proxmox Qurom server \ No newline at end of file +SKYNET00027,vision,Active,193.1.99.085,Raspbian,Proxmox Qurom server \ No newline at end of file From d212d0c820199de597501b6e6d1b8ac37c6ae5db Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Wed, 19 Feb 2025 10:59:51 +0000 Subject: [PATCH 696/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index aef7599..61f5e76 100644 --- a/flake.lock +++ b/flake.lock @@ -904,11 +904,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1737922006, - "narHash": "sha256-IcD9wXppeoP6SRWIJTV784XiuTKhU7SaKOH2SWscgHM=", + "lastModified": 1739961054, + "narHash": "sha256-ojss5zsq3wL809hT+Arl+XOyFdEQcdc4G/hd0YJdrUE=", "ref": "refs/heads/main", - "rev": "5fcc24a867c98be772eec8c6a65eddfbe52ab070", - "revCount": 175, + "rev": "25fcc04287741b9b9e38c82a10753a3e33138f12", + "revCount": 218, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From a7c6dde11d3fb9ac3f3ea35515defde749e6b2af Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 19 Feb 2025 11:55:35 +0000 Subject: [PATCH 697/826] feat: updated token id for teh second runner --- secrets/forgejo/runners/token2.age | Bin 1138 -> 1138 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/secrets/forgejo/runners/token2.age b/secrets/forgejo/runners/token2.age index 3c1c894e8a0d0f4dcb66440e643746d1c5610ca3..bd13ac11352095ddded648bba2cf40a7d46164f7 100644 GIT binary patch literal 1138 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5tqa74GwB%mrPKV88m%iX&oqeMT~!XV0{ zJUc0)*sU_nI3+N}C_gJK#oREhAS=r-+tA-U!-OltJH0H}(bqW9&@rVr!?Cy`IY_(8 z+&`?aBH7|M}xAUbcG_*^kAP#A0vx03uoi(B!lwAjG&_Q zOt+wdP`^~OAQy{>l1gJkzcQc9d@f7#!cs3MvvkYSjN&X)gObA3RNsK8kbGmm$TIgz zcYo7di=u*J53kI`a&*6$`lVPJmn#_fdl+ly8krks1(v!;CYMDNex+GS4mAK~wJ4fUN zxcfQ=S)kiiXp!obo~~fv=v)+@>k;4=7FO&P>gns^=@c27Ym}5*Y*HEFXd3RFn&xR) zRi5V>=*X2>Wn7+OTICd+o2g%vTWDxn=w)b76y#HwmTnPfT;!G+YMPxxS^?eYH^isu(`Xtv15`^T0}u+Nin)@X_<+JseuYr zrCz25iKb!t?s3ciDee%`Z?uUp&8D3#aSt-5$RmMQJGGbCgE;* z`j!TH24-Q!euhc;Zsp<5`hiBN`X#w8-W~;kIX(q>h8TWxF7yv^4^(iA(9W;OD)GxK z&W@;bFLo@BNVN1Ri;D6H@HeRn%lCFk@=Y`Lv&=0COXo7RwDbrz%nK^c&-MyWb@$KA zcJeJxHYiPsiV95i@e8XmH?DLs@(;)}_C)tvX;hVyak@gbex-JCRCZFOyMBpVmXS$L zaba?Sp-Z5Xqf3>urEi|AMUJh{p;=i)Nj8_RuC79;qfcsXN{U%Xuve~2fw`%#Z$XZ>W2U!HZmFqP zc9})Exld6=L}<3RTOgO(tF0ch?$3$O6TT4Pe?hkS%O#f^ON#zpRlGE3>iVMJTbFxF y-HJ4Mb-259k!aG%(|a~aWqw?4T*dg-r{Yg(Cd2K<*n?W1lL~?sb5+ldi~s<834Nyk literal 1138 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5wB24R-Y_ z(l$>?vMkY0ElBoF@psHBGAb-FDGK%o&o9U>4K~)VsI1bih~#q4N%J?!j0_1%^(-*U zDhqWg3@k0lj;Jt+2=da_F12tiE-vs(af!0XE=RY`B%mrPKV2cPD$q1DATv0)s5IXt zSUbSQ&r@69EFjM_(lsy7Eu<{3sKVPM+$hT1IFc(f#5JU(II%R@EIG&5$G|Kj-?zv- zJ2S7?KeH$_D8$t{%}GC?$}7<=#01^86i0)ypmc>$=YWv($P6QW3$KvGtegd%KVOejlc)+$7f+uGPj^QjLkq6JEQ6?E{Y<~|(qday&C7}m$|EvTg0i_>^-Ifq(+d0p%EI%D!-GwV4K32ND{@mS0+S284E$VO4E>Bv z3w%sHvpmslE3`=UN>5iP2oBc{GW5xEOmPnJ(XT8vjIcD$3J!MGPERx}$Z)dAj4X8Y zGW1L~s4VC5bj#5;v@|Wx4@>gMsxmSzH_oka3dqhXNlMF3HFnm{icCxn5BK&j$i(oQ zcUX}{QMrP5T0pV3p{Jv{uX##jVRmS^Wm!q3c14c9MNYnNluLS;TWYF)RFJltfiG8X zh__{BR$!2!MWT0FxqgLfN?LKAdqjYDMWIWkVUl-1mQk)xiIY)8I!3&uWhNS?1}gZP z=Q##DWm_h@=SJoFdZZZ|ntC}VRyn#>7?%WV7kh>|nOJ(~MC6o&Cv!!5nOI~Nh6Q^C z=I7^>Bt?{!Yv<>9JDWsBl~^WP8ifQIl?EDA1o=A#M52eJbD@8Td!T}Is%K$hNxEZ_ zTd+mGU!`%HzrR8L4>7ad6-dEQbC|cvVXFtvoBYnqlbUCTXB-FX8@PGp2emv#>M7F>0$2aIqt^h!3L==KA|D5 zRi%|ip_YD0nFhv*{$9r6Cdpj7y1EKQ+0GSFem<$*o|YcIeo=YlnQlReK8B9Po}rN? z5s_XY`jM4hhM~Seg~?osVFj0T3)c15d};f6?_PXK{-1LX5J; xS>8P|_bRHw`EKpn%q=<9z5mZUx9_&6V>5S0p0SSf&wR;urgn+f% Date: Wed, 19 Feb 2025 12:03:03 +0000 Subject: [PATCH 698/826] tmp: remove ariia from active deployment Thankfully this server is ephemeral --- machines/ariia.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/machines/ariia.nix b/machines/ariia.nix index 121dd63..724d115 100644 --- a/machines/ariia.nix +++ b/machines/ariia.nix @@ -34,7 +34,9 @@ in { targetPort = 22; targetUser = null; - tags = ["active-core"]; + tags = [ + # "active-core" + ]; }; services.skynet = { From 28843e5c8a57227c9b6b7b41360f32f3e9d6da19 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Wed, 19 Feb 2025 12:42:01 +0000 Subject: [PATCH 699/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 61f5e76..0eb2887 100644 --- a/flake.lock +++ b/flake.lock @@ -904,11 +904,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1739961054, - "narHash": "sha256-ojss5zsq3wL809hT+Arl+XOyFdEQcdc4G/hd0YJdrUE=", + "lastModified": 1739968720, + "narHash": "sha256-KyDeIzhAZA5LVG5OV6MPftbaJqQVdmFFSBkTd4+rtzk=", "ref": "refs/heads/main", - "rev": "25fcc04287741b9b9e38c82a10753a3e33138f12", - "revCount": 218, + "rev": "8645a9b3ce01129d2db4981c83493e0acac2c14a", + "revCount": 220, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From d03d45143c8aba9ac825540dc2a74848b9e6e93b Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Wed, 19 Feb 2025 22:41:16 +0000 Subject: [PATCH 700/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 0eb2887..22929f4 100644 --- a/flake.lock +++ b/flake.lock @@ -904,11 +904,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1739968720, - "narHash": "sha256-KyDeIzhAZA5LVG5OV6MPftbaJqQVdmFFSBkTd4+rtzk=", + "lastModified": 1740004599, + "narHash": "sha256-xVSjBplK98+OycOudlopTDFV+Uj9kS3xGSBn1mn5wz8=", "ref": "refs/heads/main", - "rev": "8645a9b3ce01129d2db4981c83493e0acac2c14a", - "revCount": 220, + "rev": "348020ecfee0963ef97458db25d16f5ddf1653a9", + "revCount": 221, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 62ea725950525c7498b977bb5c6ee2aceb49bd0e Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Mon, 24 Feb 2025 17:01:53 +0000 Subject: [PATCH 701/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 22929f4..32dfcad 100644 --- a/flake.lock +++ b/flake.lock @@ -904,11 +904,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1740004599, - "narHash": "sha256-xVSjBplK98+OycOudlopTDFV+Uj9kS3xGSBn1mn5wz8=", + "lastModified": 1740415462, + "narHash": "sha256-uIYEHckBibf6FvFeF2GllzbbHXL47Vf3D76GnaVdD14=", "ref": "refs/heads/main", - "rev": "348020ecfee0963ef97458db25d16f5ddf1653a9", - "revCount": 221, + "rev": "9ce5b8136b42b5a390381e5aa08f9ec2fb7a053f", + "revCount": 222, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From f365a6770ac08ca2605670f9486b523f2030b548 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Mon, 24 Feb 2025 17:15:37 +0000 Subject: [PATCH 702/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 32dfcad..a187f09 100644 --- a/flake.lock +++ b/flake.lock @@ -904,11 +904,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1740415462, - "narHash": "sha256-uIYEHckBibf6FvFeF2GllzbbHXL47Vf3D76GnaVdD14=", + "lastModified": 1740416846, + "narHash": "sha256-SFoMn+bL1b/KxoXWuyLHy6mlGDlYfnj16Bp1VmL3ph0=", "ref": "refs/heads/main", - "rev": "9ce5b8136b42b5a390381e5aa08f9ec2fb7a053f", - "revCount": 222, + "rev": "6481fcb89fa7684cb22d083812ce829730f1f309", + "revCount": 223, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From bee0c476e8619286aa8b2bfed26a54801cd6fc4f Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Mon, 24 Feb 2025 17:33:35 +0000 Subject: [PATCH 703/826] Updated flake for skynet_ldap_backend --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index a187f09..0af1f3e 100644 --- a/flake.lock +++ b/flake.lock @@ -924,11 +924,11 @@ "utils": "utils_4" }, "locked": { - "lastModified": 1731940725, - "narHash": "sha256-W909eUlyTlvS/ty5Ns4p042NuSMppbC0N19zGpVCG0w=", + "lastModified": 1740417868, + "narHash": "sha256-huFGMY58DU5vh4n9KZUpxkvRr+xe5eqqjaHphZdGJV8=", "ref": "refs/heads/main", - "rev": "0b397369d185edee7d890f09786fd3450355d89c", - "revCount": 235, + "rev": "faa6233ecb734ca567ca25a40299e7fa54bac7f0", + "revCount": 236, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/ldap_backend" }, From 87469cc6c31d2dca91af59651f138e169e6152f1 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Tue, 25 Feb 2025 17:40:01 +0000 Subject: [PATCH 704/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 0af1f3e..3efeecf 100644 --- a/flake.lock +++ b/flake.lock @@ -904,11 +904,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1740416846, - "narHash": "sha256-SFoMn+bL1b/KxoXWuyLHy6mlGDlYfnj16Bp1VmL3ph0=", + "lastModified": 1740504873, + "narHash": "sha256-I0XkJmBzEYOeskh4P8K0XA8NMPE/A2iEC9K7IszJfvA=", "ref": "refs/heads/main", - "rev": "6481fcb89fa7684cb22d083812ce829730f1f309", - "revCount": 223, + "rev": "b67894fc6e7d883aa24a004a4f19fcb47dc40f5e", + "revCount": 224, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 51eab3faf85dfa5eb6799b99c488fc63c58049df Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 25 Feb 2025 23:14:30 +0000 Subject: [PATCH 705/826] feat: create a vanity URL for teh committee server --- applications/skynet.ie/skynet.ie.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/applications/skynet.ie/skynet.ie.nix b/applications/skynet.ie/skynet.ie.nix index cb2e778..5082080 100644 --- a/applications/skynet.ie/skynet.ie.nix +++ b/applications/skynet.ie/skynet.ie.nix @@ -25,6 +25,7 @@ in { services.skynet.acme.domains = [ "www.skynet.ie" "discord.skynet.ie" + "*.discord.skynet.ie" "public.skynet.ie" ]; @@ -50,6 +51,11 @@ in { r_type = "CNAME"; value = config.services.skynet.host.name; } + { + record = "*.discord"; + r_type = "CNAME"; + value = config.services.skynet.host.name; + } ]; services.nginx = { @@ -78,6 +84,16 @@ in { useACMEHost = "skynet"; locations."/".return = "307 https://discord.gg/mkuKJkCuyM"; }; + "compsoc.discord.skynet.ie" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/".return = "307 https://discord.gg/mkuKJkCuyM"; + }; + "committee.discord.skynet.ie" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/".return = "307 https://discord.gg/D6mbASJKxU"; + }; "public.skynet.ie" = { forceSSL = true; From fbb77fda9db9f92e4d13ab31d90144e9cd8eabac Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Wed, 26 Feb 2025 14:50:50 +0000 Subject: [PATCH 706/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 3efeecf..8232a57 100644 --- a/flake.lock +++ b/flake.lock @@ -904,11 +904,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1740504873, - "narHash": "sha256-I0XkJmBzEYOeskh4P8K0XA8NMPE/A2iEC9K7IszJfvA=", + "lastModified": 1740581082, + "narHash": "sha256-En4BRHTocnYml3LGCgP2wF6JxfThSyNsUYX7TzLenWA=", "ref": "refs/heads/main", - "rev": "b67894fc6e7d883aa24a004a4f19fcb47dc40f5e", - "revCount": 224, + "rev": "09ce45f70fcb088baccef85535af5ffd86d336ff", + "revCount": 225, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 39b72522f34e6054d7f89251605b682c9d1ea667 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Wed, 26 Feb 2025 16:01:07 +0000 Subject: [PATCH 707/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 8232a57..79d9445 100644 --- a/flake.lock +++ b/flake.lock @@ -904,11 +904,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1740581082, - "narHash": "sha256-En4BRHTocnYml3LGCgP2wF6JxfThSyNsUYX7TzLenWA=", + "lastModified": 1740585342, + "narHash": "sha256-/8yS/itZ/qI77yQBg8DqHaTwJoCUKxik62t4AzupxZM=", "ref": "refs/heads/main", - "rev": "09ce45f70fcb088baccef85535af5ffd86d336ff", - "revCount": 225, + "rev": "7406f0e6206b3fcec4c471949d6c428503fa9e91", + "revCount": 226, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From fbfdb84a1a03515ca29e913d5be76c21d2df55ae Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Wed, 26 Feb 2025 17:08:11 +0000 Subject: [PATCH 708/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 79d9445..2bd6cdd 100644 --- a/flake.lock +++ b/flake.lock @@ -904,11 +904,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1740585342, - "narHash": "sha256-/8yS/itZ/qI77yQBg8DqHaTwJoCUKxik62t4AzupxZM=", + "lastModified": 1740589618, + "narHash": "sha256-bnpYreruqF9tq8pRWRivaTC2J7f6EgHhqYp7rtSzFXg=", "ref": "refs/heads/main", - "rev": "7406f0e6206b3fcec4c471949d6c428503fa9e91", - "revCount": 226, + "rev": "6a5f651ba2419639323e6c7d7219b82d4b8a7f9d", + "revCount": 229, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 19fbcaa51db1b3ead42617e223a42454e146ea06 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Fri, 28 Feb 2025 00:10:26 +0000 Subject: [PATCH 709/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 2bd6cdd..477c2b2 100644 --- a/flake.lock +++ b/flake.lock @@ -904,11 +904,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1740589618, - "narHash": "sha256-bnpYreruqF9tq8pRWRivaTC2J7f6EgHhqYp7rtSzFXg=", + "lastModified": 1740701157, + "narHash": "sha256-EXW+GvlA+i19n39RQR7hFrbg2KvqBQX8ldfw6CvVI8k=", "ref": "refs/heads/main", - "rev": "6a5f651ba2419639323e6c7d7219b82d4b8a7f9d", - "revCount": 229, + "rev": "b43f760fb1ff965e171bbde0440531ac17e46a9b", + "revCount": 236, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 9d57662b160d38d7f99d24f784727b7cf0768093 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Fri, 28 Feb 2025 11:02:17 +0000 Subject: [PATCH 710/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 477c2b2..cac7d90 100644 --- a/flake.lock +++ b/flake.lock @@ -904,11 +904,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1740701157, - "narHash": "sha256-EXW+GvlA+i19n39RQR7hFrbg2KvqBQX8ldfw6CvVI8k=", + "lastModified": 1740740324, + "narHash": "sha256-GOn77Y8MgAdmHNFAOAOBv7ji9+KXPxvauFGcm1dSjS4=", "ref": "refs/heads/main", - "rev": "b43f760fb1ff965e171bbde0440531ac17e46a9b", - "revCount": 236, + "rev": "058f8a7a7dc04bd9dcb26105b2a07e711fad9b93", + "revCount": 237, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From a9ea0583a7579451fa28b305e41c4dfa743c6cb9 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 3 Mar 2025 18:33:09 +0000 Subject: [PATCH 711/826] committee: removed Emily and Sean --- config/users.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/config/users.nix b/config/users.nix index 51ec6d2..ea5ff0a 100644 --- a/config/users.nix +++ b/config/users.nix @@ -55,8 +55,6 @@ in { "silver" "eoghanconlon73" "nanda" - "emily1999" - "dgr" ] # Committee - OCM ++ [ From 1d946308b6814c082c560c7b5de757f5994b2a37 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 3 Mar 2025 18:34:53 +0000 Subject: [PATCH 712/826] feat: scream test for Gitlab --- machines/glados.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/machines/glados.nix b/machines/glados.nix index 5e499d8..c5be714 100644 --- a/machines/glados.nix +++ b/machines/glados.nix @@ -26,7 +26,6 @@ Notes: Each user has roughly 20gb os storage }; in { imports = [ - ../applications/git/gitlab.nix ../applications/git/forgejo.nix ../applications/git/forgejo_runner.nix ]; @@ -42,7 +41,6 @@ in { services.skynet = { host = host; backup.enable = true; - gitlab.enable = true; forgejo.enable = true; forgejo_runner = { enable = true; From 6fba8bdec4835ffb4c3246a5327c6fe2ee3fe263 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Mon, 3 Mar 2025 23:01:15 +0000 Subject: [PATCH 713/826] Updated flake for skynet_ldap_backend --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index cac7d90..02beeb2 100644 --- a/flake.lock +++ b/flake.lock @@ -924,11 +924,11 @@ "utils": "utils_4" }, "locked": { - "lastModified": 1740417868, - "narHash": "sha256-huFGMY58DU5vh4n9KZUpxkvRr+xe5eqqjaHphZdGJV8=", + "lastModified": 1741042377, + "narHash": "sha256-DdoRaiqXTu49D3VR6Xf8Ms5LBUhtjiLokwmVZpjrAlQ=", "ref": "refs/heads/main", - "rev": "faa6233ecb734ca567ca25a40299e7fa54bac7f0", - "revCount": 236, + "rev": "9178a16f95a872562f3e022842fb66a7c633db51", + "revCount": 237, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/ldap_backend" }, From 2790848de9b5de155c920adeb955599c316b29fc Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Tue, 4 Mar 2025 10:50:26 +0000 Subject: [PATCH 714/826] Updated flake for skynet_ldap_backend --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 02beeb2..d4a4318 100644 --- a/flake.lock +++ b/flake.lock @@ -924,10 +924,10 @@ "utils": "utils_4" }, "locked": { - "lastModified": 1741042377, - "narHash": "sha256-DdoRaiqXTu49D3VR6Xf8Ms5LBUhtjiLokwmVZpjrAlQ=", + "lastModified": 1741084972, + "narHash": "sha256-YiiAXFN6hhA2h5IQx7FCHnDYookYqNLYS6a/gYVq3OM=", "ref": "refs/heads/main", - "rev": "9178a16f95a872562f3e022842fb66a7c633db51", + "rev": "d0d25b77e8aff7f10aaea5a4c8415b47934b3f1d", "revCount": 237, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/ldap_backend" From b195208462dec8440d02ebec6f03464578cfa99d Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Tue, 4 Mar 2025 23:42:09 +0000 Subject: [PATCH 715/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index d4a4318..7267d0d 100644 --- a/flake.lock +++ b/flake.lock @@ -148,11 +148,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1732723930, - "narHash": "sha256-25w50gGNTIyPgkcQa39XSFFX8gYVVniL01CX+IXfC8w=", + "lastModified": 1741131635, + "narHash": "sha256-W65UdgryecEzfS6myQ+1Sj5P3yBCJRlGRf+fU78Ei2g=", "ref": "refs/heads/main", - "rev": "744777c990434c9a84304ce6fd8c4582e6078a4c", - "revCount": 110, + "rev": "b5089910d0d0b303b634c7e125ac0b9ba8728bd9", + "revCount": 111, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From 4d83ecb584baabbea6485559a28710eed6c692f3 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 6 Mar 2025 13:14:40 +0000 Subject: [PATCH 716/826] feat: we have to handle the old lists domains --- applications/email.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/applications/email.nix b/applications/email.nix index 519f3e0..4d0c905 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -50,6 +50,10 @@ with lib; let account = "contact"; members = ["committee"]; } + { + account = "committee"; + members = ["committee"]; + } { account = "dbadmin"; members = ["admin"]; @@ -291,6 +295,12 @@ in { # the number is the priority in teh case of multiple mailservers value = "10 mail.${cfg.domain}."; } + { + record = "@"; + r_type = "MX"; + # the number is the priority in teh case of multiple mailservers + value = "10 lists.${cfg.domain}."; + } # basic one { @@ -298,6 +308,11 @@ in { r_type = "A"; value = config.services.skynet.host.ip; } + { + record = "lists"; + r_type = "A"; + value = config.services.skynet.host.ip; + } #DNS config for K-9 Mail { record = "imap"; @@ -429,6 +444,7 @@ in { fqdn = "${cfg.sub}.${cfg.domain}"; domains = [ cfg.domain + "lists.skynet.ie" ]; enableManageSieve = true; From 02969ba8947f744208adc7db8f3aa0750c2fd63b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 6 Mar 2025 13:15:13 +0000 Subject: [PATCH 717/826] feat: added milan to teh sistem committee --- config/users.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/config/users.nix b/config/users.nix index ea5ff0a..fe8063a 100644 --- a/config/users.nix +++ b/config/users.nix @@ -67,6 +67,7 @@ in { # Committee - SISTEM ++ [ "peace" + "milan" ] # Admins are part of Committee as well ++ cfg.admin From 1ef8b0ddcede57217c0451607dffc5f57511e63d Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Thu, 6 Mar 2025 19:27:40 +0000 Subject: [PATCH 718/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 7267d0d..81d7dd4 100644 --- a/flake.lock +++ b/flake.lock @@ -904,11 +904,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1740740324, - "narHash": "sha256-GOn77Y8MgAdmHNFAOAOBv7ji9+KXPxvauFGcm1dSjS4=", + "lastModified": 1741288877, + "narHash": "sha256-11cMTAJyWoBAL3AaR57xHdFn4HYXtd7FBrbA1l21usQ=", "ref": "refs/heads/main", - "rev": "058f8a7a7dc04bd9dcb26105b2a07e711fad9b93", - "revCount": 237, + "rev": "3a39084f407392ea7f7c6a797bd0b4567d2c5f1d", + "revCount": 238, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From f41221f67b7541aff3953e3e1428da7b83275c71 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Thu, 6 Mar 2025 21:45:11 +0000 Subject: [PATCH 719/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 81d7dd4..7482172 100644 --- a/flake.lock +++ b/flake.lock @@ -904,11 +904,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1741288877, - "narHash": "sha256-11cMTAJyWoBAL3AaR57xHdFn4HYXtd7FBrbA1l21usQ=", + "lastModified": 1741297347, + "narHash": "sha256-X+yD0wk7vHsT6MNL2yoTVqs7tv2x/FiY99CcXlGOoyY=", "ref": "refs/heads/main", - "rev": "3a39084f407392ea7f7c6a797bd0b4567d2c5f1d", - "revCount": 238, + "rev": "f307fcea43fe0d002c96921fb4b819c8e78cca84", + "revCount": 243, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 6788aa249dd75ea0dbe3909719111630b03f5158 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Tue, 11 Mar 2025 01:19:31 +0000 Subject: [PATCH 720/826] Updated flake for skynet_ldap_backend --- flake.lock | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/flake.lock b/flake.lock index 7482172..f30fc54 100644 --- a/flake.lock +++ b/flake.lock @@ -492,11 +492,11 @@ "nixpkgs": "nixpkgs_10" }, "locked": { - "lastModified": 1686572087, - "narHash": "sha256-jXTut7ZSYqLEgm/nTk7TuVL2ExahTip605bLINklAnQ=", + "lastModified": 1739824009, + "narHash": "sha256-fcNrCMUWVLMG3gKC5M9CBqVOAnJtyRvGPxptQFl5mVg=", "owner": "nix-community", "repo": "naersk", - "rev": "8507af04eb40c5520bd35d9ce6f9d2342cea5ad1", + "rev": "e5130d37369bfa600144c2424270c96f0ef0e11d", "type": "github" }, "original": { @@ -559,11 +559,11 @@ }, "nixpkgs_10": { "locked": { - "lastModified": 1687011986, - "narHash": "sha256-ZNSi/wBw12d7LO8YcZ4aehIlPp4lgSkKbrHaoF80IKI=", + "lastModified": 1741462378, + "narHash": "sha256-ZF3YOjq+vTcH51S+qWa1oGA9FgmdJ67nTNPG2OIlXDc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2c09e8eb8717e240ef9c5727c1cc9186db9fb309", + "rev": "2d9e4457f8e83120c9fdf6f1707ed0bc603e5ac9", "type": "github" }, "original": { @@ -573,16 +573,16 @@ }, "nixpkgs_11": { "locked": { - "lastModified": 1686921029, - "narHash": "sha256-J1bX9plPCFhTSh6E3TWn9XSxggBh/zDD4xigyaIQBy8=", + "lastModified": 1741513245, + "narHash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c7ff1b9b95620ce8728c0d7bd501c458e6da9e04", + "rev": "e3e32b642a31e6714ec1b712de8c91a3352ce7e1", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-23.05", + "ref": "nixos-unstable", "type": "indirect" } }, @@ -924,11 +924,11 @@ "utils": "utils_4" }, "locked": { - "lastModified": 1741084972, - "narHash": "sha256-YiiAXFN6hhA2h5IQx7FCHnDYookYqNLYS6a/gYVq3OM=", + "lastModified": 1741655438, + "narHash": "sha256-oUpa/82OF6YJJ2Aj52P0IQZGw0MH+bKGyacnRQycL+Q=", "ref": "refs/heads/main", - "rev": "d0d25b77e8aff7f10aaea5a4c8415b47934b3f1d", - "revCount": 237, + "rev": "b00b5cac6d119a30fa60a1703d3e526985015477", + "revCount": 244, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/ldap_backend" }, @@ -1392,11 +1392,11 @@ "systems": "systems_7" }, "locked": { - "lastModified": 1685518550, - "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { From 970c449efbc87f1b158e7cefb870adb1b6c3cbd4 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Tue, 11 Mar 2025 11:15:58 +0000 Subject: [PATCH 721/826] Updated flake for skynet_ldap_backend --- flake.lock | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index f30fc54..b5364ce 100644 --- a/flake.lock +++ b/flake.lock @@ -557,6 +557,22 @@ "type": "indirect" } }, + "nixpkgs-mozilla": { + "flake": false, + "locked": { + "lastModified": 1740762144, + "narHash": "sha256-I7a6e3IYJAp9u3PwUSW1+oilO1tAfnbeN3/YJQ+ObCo=", + "owner": "mozilla", + "repo": "nixpkgs-mozilla", + "rev": "e35b0e071cae97469d80222be988fdd972b22c3b", + "type": "github" + }, + "original": { + "owner": "mozilla", + "repo": "nixpkgs-mozilla", + "type": "github" + } + }, "nixpkgs_10": { "locked": { "lastModified": 1741462378, @@ -921,14 +937,15 @@ "inputs": { "naersk": "naersk_3", "nixpkgs": "nixpkgs_11", + "nixpkgs-mozilla": "nixpkgs-mozilla", "utils": "utils_4" }, "locked": { - "lastModified": 1741655438, - "narHash": "sha256-oUpa/82OF6YJJ2Aj52P0IQZGw0MH+bKGyacnRQycL+Q=", + "lastModified": 1741691220, + "narHash": "sha256-OSRyKWVqSdeciy1DGYh63fxs7SbppeGRu8/ui54sTtc=", "ref": "refs/heads/main", - "rev": "b00b5cac6d119a30fa60a1703d3e526985015477", - "revCount": 244, + "rev": "35896efa04bb50e2342946e33367245b1cb4460e", + "revCount": 246, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/ldap_backend" }, From 3f82622e97a5f53df7d781bf109c4a3beaea49ae Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Fri, 14 Mar 2025 04:09:42 +0000 Subject: [PATCH 722/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index b5364ce..86cca21 100644 --- a/flake.lock +++ b/flake.lock @@ -920,11 +920,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1741297347, - "narHash": "sha256-X+yD0wk7vHsT6MNL2yoTVqs7tv2x/FiY99CcXlGOoyY=", + "lastModified": 1741925000, + "narHash": "sha256-hq5jVJJw6Xf+nIKsWPfHk3TYH31d/t89p5Tvv8SGkpM=", "ref": "refs/heads/main", - "rev": "f307fcea43fe0d002c96921fb4b819c8e78cca84", - "revCount": 243, + "rev": "b44518c467b61650eab420d979f46166680c8a8a", + "revCount": 246, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From b3a40b9d0493248e448dab809e1d6dd1b5f7d2f0 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Fri, 14 Mar 2025 04:49:19 +0000 Subject: [PATCH 723/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 86cca21..2d6e9af 100644 --- a/flake.lock +++ b/flake.lock @@ -920,11 +920,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1741925000, - "narHash": "sha256-hq5jVJJw6Xf+nIKsWPfHk3TYH31d/t89p5Tvv8SGkpM=", + "lastModified": 1741927472, + "narHash": "sha256-OMnHKUpVk5oEij6q2WduoO0vJkmXXCDD6TGeF9vOLVA=", "ref": "refs/heads/main", - "rev": "b44518c467b61650eab420d979f46166680c8a8a", - "revCount": 246, + "rev": "a90724398683c245be2a5647fbeca78b2e7f5b5c", + "revCount": 247, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From bf10347dca6c56ca59947a9471323911176a9b62 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Fri, 14 Mar 2025 05:03:10 +0000 Subject: [PATCH 724/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 2d6e9af..ce99479 100644 --- a/flake.lock +++ b/flake.lock @@ -920,11 +920,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1741927472, - "narHash": "sha256-OMnHKUpVk5oEij6q2WduoO0vJkmXXCDD6TGeF9vOLVA=", + "lastModified": 1741928371, + "narHash": "sha256-IhZQ8XJsQ1hmf3+plWSYEqw7dFjcgbPUhRWkpsQOrOk=", "ref": "refs/heads/main", - "rev": "a90724398683c245be2a5647fbeca78b2e7f5b5c", - "revCount": 247, + "rev": "7f7e7ac598f4a9e03c5bd205f1507cd7a76394fe", + "revCount": 248, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 70263f4b1f1a645f0e0b5edd9aed04fc7a4157f6 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 21 Mar 2025 16:54:25 +0000 Subject: [PATCH 725/826] feat: setup the mail filter --- ITD/Firewall_Rules.csv | 3 ++- ITD/Server_Inventory.csv | 3 ++- applications/email.nix | 10 +++++++++- config/dns.nix | 6 ++++++ 4 files changed, 19 insertions(+), 3 deletions(-) diff --git a/ITD/Firewall_Rules.csv b/ITD/Firewall_Rules.csv index c955339..76cd029 100644 --- a/ITD/Firewall_Rules.csv +++ b/ITD/Firewall_Rules.csv @@ -44,4 +44,5 @@ SKYNET_FIREWALL_00032,Remove,i24-06-04_017,Complete,All,-,193.1.99.90,SKYNET0001 SKYNET_FIREWALL_00033,Add,i24-06-04_017,Complete,All,-,193.1.99.91,SKYNET00017,8080,-,Websocket for admin panel on games management server ,Add,i24-07-15_112,Denied,193.1.99.75,-,-,-,22,-,Response from ITD - 'Our IT Security team have advised that port 22 and port 2222 are only to be allowed through the VPN and will not be opened to allow inbound ssh connections directly from the internet' SKYNET_FIREWALL_00034,Add,i25-01-26_075,Complete,All,-,193.1.99.91,SKYNET00017,-,23318-23325,Ports for Minecraft Bedrock on the main games server. -SKYNET_FIREWALL_00035,Add,i25-02-14_114,Complete,193.1.99.75,SKYNET00008,193.1.96.165,SKYNET00012,22,-,Allow our forgejo runner to access and deploy to teh external server \ No newline at end of file +SKYNET_FIREWALL_00035,Add,i25-02-14_114,Complete,193.1.99.75,SKYNET00008,193.1.96.165,SKYNET00012,22,-,Allow our forgejo runner to access and deploy to teh external server +SKYNET_FIREWALL_00036,Add,i25-03-11_125,Complete,All,-,193.1.99.86,SKYNET00027,25,-,Email Filter \ No newline at end of file diff --git a/ITD/Server_Inventory.csv b/ITD/Server_Inventory.csv index d9a63f5..c7a57f1 100644 --- a/ITD/Server_Inventory.csv +++ b/ITD/Server_Inventory.csv @@ -24,4 +24,5 @@ SKYNET00022,ultron,Active,193.1.99.084,Proxmox,VM Host SKYNET00023,optimus-test,Retired,193.1.99.085,Nixos,Testing flake for Pelecian SKYNET00024,optimus,Active,193.1.99.090,Nixos,Games server manager (replaced SKYNET00016) SKYNET00025,bumblebee,Active,193.1.99.091,Nixos,Game server - Minecraft (replaced SKYNET00017) -SKYNET00027,vision,Active,193.1.99.085,Raspbian,Proxmox Qurom server \ No newline at end of file +SKYNET00026,vision,Active,193.1.99.085,Raspbian,Proxmox Qurom server +SKYNET00027,mimi,Active,193.1.99.086,Proxmox-Mail-Gateway,Proxmox Mail Gateway \ No newline at end of file diff --git a/applications/email.nix b/applications/email.nix index 4d0c905..2129de2 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -288,8 +288,16 @@ in { # set up dns record for it services.skynet.dns.records = [ - # core record { + # This is the mail gateway, try to send all mail to it first + # Lower number = higher priority + record = "@"; + r_type = "MX"; + # the number is the priority in teh case of multiple mailservers + value = "5 mimi.${cfg.domain}."; + } + { + # this is the main email server record = "@"; r_type = "MX"; # the number is the priority in teh case of multiple mailservers diff --git a/config/dns.nix b/config/dns.nix index 9cd7484..636dede 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -32,6 +32,12 @@ value = "193.1.99.114"; server = true; } + { + record = "mimi"; + r_type = "A"; + value = "193.1.99.86"; + server = true; + } ] # non skynet domains ++ [ From 69ec3abb3b131cb03b7928ccb280acdde9d124a1 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 23 Mar 2025 00:06:29 +0000 Subject: [PATCH 726/826] feat: we now have a sso/oauth server ther we can use to connect services to Currently works with Proxmox (VE and MG) and Forgejo --- applications/sso.nix | 77 +++++++++++++++++++++++++++++++++++++++++ machines/kitt.nix | 3 ++ secrets/keycloak/pw.age | 20 +++++++++++ secrets/secrets.nix | 7 ++++ 4 files changed, 107 insertions(+) create mode 100644 applications/sso.nix create mode 100644 secrets/keycloak/pw.age diff --git a/applications/sso.nix b/applications/sso.nix new file mode 100644 index 0000000..3bae2c2 --- /dev/null +++ b/applications/sso.nix @@ -0,0 +1,77 @@ +{ + lib, + config, + ... +}: +with lib; let + name = "sso"; + cfg = config.services.skynet."${name}"; +in { + imports = [ + ]; + + options.services.skynet."${name}" = { + enable = mkEnableOption "Keycloak server"; + + datasource = { + name = mkOption { + type = types.str; + }; + + url = mkOption { + type = types.str; + }; + }; + }; + + config = mkIf cfg.enable { + services.skynet.dns.records = [ + { + record = "${name}"; + r_type = "CNAME"; + value = config.services.skynet.host.name; + } + ]; + + services.skynet.acme.domains = [ + "${name}.skynet.ie" + ]; + + age.secrets.keycloak_pw.file = ../secrets/keycloak/pw.age; + + services.nginx.virtualHosts = { + "${name}.skynet.ie" = { + forceSSL = true; + useACMEHost = "skynet"; + locations = { + "/" = { + proxyPass = "http://localhost:${toString config.services.keycloak.settings.http-port}/"; + }; + }; + }; + }; + + services.postgresql.enable = true; + + services.keycloak = { + enable = true; + + initialAdminPassword = "sharky_loves_sso"; + + database = { + type = "postgresql"; + createLocally = true; + + username = "keycloak"; + passwordFile = config.age.secrets.keycloak_pw.path; + }; + + settings = { + hostname = "${name}.skynet.ie"; + http-port = 38080; + proxy-headers = "xforwarded"; + http-enabled = true; + }; + }; + }; +} diff --git a/machines/kitt.nix b/machines/kitt.nix index 71a0fe0..93298ac 100644 --- a/machines/kitt.nix +++ b/machines/kitt.nix @@ -31,6 +31,7 @@ in { ../applications/discord.nix ../applications/bitwarden/vaultwarden.nix ../applications/bitwarden/bitwarden_sync.nix + ../applications/sso.nix ]; deployment = { @@ -54,5 +55,7 @@ in { # committee/admin services vaultwarden.enable = true; + + sso.enable = true; }; } diff --git a/secrets/keycloak/pw.age b/secrets/keycloak/pw.age new file mode 100644 index 0000000..7792aed --- /dev/null +++ b/secrets/keycloak/pw.age @@ -0,0 +1,20 @@ +age-encryption.org/v1 +-> ssh-ed25519 V1pwNA /0giXND9iXet45Qdm45LbVQlIN1JYDiIJ1EFpMn+QgM +qxCesmTuF6auI9upI0V9rJSiSfzENLLHXIMrDewjvf4 +-> ssh-ed25519 4PzZog iSvze8+tKCozFbiXcc8BGfQ0qrlVUHNEPc0E13505wY ++queuxWzkBHBR7q1pHhBahdSqgKYmpOZ2avC+S4u2tk +-> ssh-ed25519 dA0vRg MAQ9mfNn3wwB0hFaV/Wg6nxM1vafopAeJynREcbSvAA +VjD1Sy41PEy1TQ5Wc/R9gh1gN/T8y/bUAdItWRz64GQ +-> ssh-ed25519 5Nd93w RAh3fYyjUmldiUFkw59/JZDTgZ+jrVd31akiV1UgYGM +HvoJTTxM+sCkXIDv0+FtN4ACkTy7tqr/BNeTrR8Jumo +-> ssh-ed25519 q8eJgg c4+/61Jhm+/QyV0s3ikemMqhWBRb+ous4kl7Psx5/WU +GUqakK0Rrsgg48U9QkcpV20zvQAswk/anoACzORuxiU +-> ssh-ed25519 KVr8rw /mBl8ejPUBEwVsDVFcwWfW1i0tIG5JH/OWlRSrRk+TM +K3SJpjAm6VDtsBk6HyDdLgbImh4If5Od2qu+sL8Dj9Y +-> ssh-ed25519 fia1eQ khFHXNgPUQ39oTpd1lWycrMUin8Ii2pawwFY1vIhRSs +2XhIsPrtN+XOBlTR/sEaaG5XCLlsIroYspOaEz+cM2U +-> ssh-ed25519 IzAMqA u6W5klKqqGx22yCJx0yGgwPs3vs+iAeH5z36isWL8Co +Ij4ncciynno2m9ZKtAegFy5mjAGS86jM7NrCL73LROc +--- mINzTQYjXCu318AiJxgsF7az4LUGc9iVS7hcyfFNTQs +m.>i~8$pBѐzh:q 'S:Ld + QQLي{,;ѵ~ # \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index cad986a..9757a3f 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -99,6 +99,10 @@ let bitwarden = [ kitt ]; + + sso = [ + kitt + ]; in { # nix run github:ryantm/agenix -- -e secret1.age @@ -148,6 +152,9 @@ in { "bitwarden/secret.age".publicKeys = users ++ bitwarden; "bitwarden/details.age".publicKeys = users ++ bitwarden; + # Keycloak/sso + "keycloak/pw.age".publicKeys = users ++ sso; + # grafana "grafana/pw.age".publicKeys = users ++ grafana; } From 2ae2caaa94984b05cb3932112c2fab27db9e46a2 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 30 Mar 2025 19:10:41 +0100 Subject: [PATCH 727/826] feat: properly set up grafana Currently works with Proxmox (VE and MG) and Forgejo --- applications/grafana.nix | 2 ++ secrets/backup/restic.age | Bin 2870 -> 2870 bytes secrets/backup/restic_pw.age | 38 ++++++++++----------- secrets/bitwarden/details.age | Bin 1155 -> 1155 bytes secrets/bitwarden/id.age | 36 ++++++++++---------- secrets/bitwarden/secret.age | Bin 1012 -> 1012 bytes secrets/dns_certs.secret.age | Bin 2924 -> 2924 bytes secrets/dns_dnskeys.conf.age | 42 +++++++++++------------ secrets/email/details.age | 49 +++++++++++++------------- secrets/forgejo/runners/ssh.age | Bin 1491 -> 1491 bytes secrets/forgejo/runners/token1.age | Bin 1138 -> 1138 bytes secrets/forgejo/runners/token2.age | Bin 1138 -> 1138 bytes secrets/gitlab/db_pw.age | Bin 1111 -> 1111 bytes secrets/gitlab/ldap_pw.age | 37 ++++++++++---------- secrets/gitlab/pw.age | Bin 1111 -> 1111 bytes secrets/gitlab/runners/runner01.age | Bin 1065 -> 1175 bytes secrets/gitlab/runners/runner02.age | Bin 1065 -> 1175 bytes secrets/gitlab/secrets_db.age | 38 ++++++++++----------- secrets/gitlab/secrets_jws.age | Bin 2660 -> 2660 bytes secrets/gitlab/secrets_otp.age | Bin 1110 -> 1110 bytes secrets/gitlab/secrets_secret.age | Bin 1110 -> 1110 bytes secrets/grafana/pw.age | 36 ++++++++++---------- secrets/keycloak/pw.age | Bin 1024 -> 1024 bytes secrets/ldap/details.age | Bin 1637 -> 1637 bytes secrets/ldap/pw.age | 51 ++++++++++++++-------------- secrets/nextcloud/pw.age | Bin 1024 -> 1024 bytes secrets/secrets.nix | 2 +- secrets/stream_ulfm.age | Bin 3194 -> 3194 bytes secrets/wolves/details.age | Bin 1943 -> 1943 bytes 29 files changed, 167 insertions(+), 164 deletions(-) diff --git a/applications/grafana.nix b/applications/grafana.nix index 3bce51b..953b02e 100644 --- a/applications/grafana.nix +++ b/applications/grafana.nix @@ -49,6 +49,8 @@ in { domain = "${name}.skynet.ie"; port = port; + settings.server.root_url = "https://${name}.skynet.ie"; + settings.security.admin_password = "$__file{${config.age.secrets.grafana_pw.path}}"; provision = { diff --git a/secrets/backup/restic.age b/secrets/backup/restic.age index 1910186cc84b9ad68af9ec481b3e011288dceaf7..8f7c0425ea8ab0fe4651961ea1c328003fd1f320 100644 GIT binary patch literal 2870 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5sZk%&iDF z$~W;U$ty7m)J`dJ2@Wm`%uF%O^(u{w@Jw?u(+{#ND7Em-wcyH1^mlVCaw`Z3Dk%&I z2`Y2(baE~>_74p*_6_mPHS_j23^DUf_b$jX2}HNeB%mrPKV2a=u*54kqRLr2%)}|G zFvH0xFs-=6$vHFF%d8@^Fgwu0skq$TCCfK6$bc&>!pF6$EYmo*G~LL}C)M2~%(*l& z$+Iv#)!#KIworG6Tiq}lgPvzgJiC}zzC19s`4za!i)lQe@}CZbhnDMNV80{oDBUk zSO0YPWbexC0?$J2Vn=k_O#M`n>{Rj-rstC-^GxW1e$_`F5NOK9!FiA4@uqe}aaq$XuFXnPA@rkGm4GKs~ zF*i3b4KOuz56*JV%=HN^%&RahtS~Alx6pQt%ytg&^+orazI&2sdZ0p8j=!&?ds0SO ze!01OnqyQ*Rgp=gpP^r9vSW(3NobC-hq0?!L`a}Pjw@GiWpajPWSMc6c4>i8NTG>= zU#hubnwfTbhGAl&NkN{kvx}u?g+ZxT2u3RLE6MTGcU1654lUP?tTZt2&NVR4O$_ob zO4Ltx3$gTY53=wz%@4^mFbN7aip&cLw%|%GbutceO{+8tHS}`JkMb&Z35fJ7$}&kQ z2`S79GIq*M&NOuMs;CIbH9+@UnNg&HrK5tMf4+r#NqJ>PVYo+HnRb$ivtguTl%Zc~ zW>UI;Sa6n`U#VekQBZ}SfiIVHYJo*Xxv8a#L8zm*Z?SVkuxGGysB4i~VMVb|Wk!TS zy0f;Uxq)AbAx0{R2rhCoD_008^7gGV@-;Vi&NC~sFewOh_fGfoi}Lr5Fia};O*1GB zH+Cuu3CpZ773J^ld zkZ+Xb99dYNQ|9L%WLD~)p5zheZIKe0E~+hoQ-ZAfteu| z7JUIi}Z?uCWnRi4RSe#ySBsgYIQZV_PxB^Hi`nMHv) zCVmB3nV6}hAV=T3T%n{;+qA4C)iBl6IUvj+T-zrw(=^#EqtGm{I5^7HJ2lO;z|=F# zGAt_Bm#e_VQrjdY+&e4CN88B9A|o|XJ0#!0Fvp;%IM*dT*~KHnH88R)vm`MeBi@1w zU7T_q71BI1ssgJFy-X_H^Nq8@$~}GEObbg33bhl>^~=IstFpo~vqF75(zPo+xhxB_ zN}c?pOd^siN=%GBon4)>(zSzKv&(YBEh8Nb-6~8?9Na%$$leeSL42(EN~q!gAw$^mvPOORR8CS15E1^UL-y_V>>z z&o>QE_X^QZag8X?OAPZ4_w^{MG)ZzX_sh0)&#bH{=PE1?iwtuO@=FYM@-MG&3`%he z%lFDDOExpm_ckpr&I@n~%k_!0h|u=Kuq`#m*)=s?p(@m}xGdjW-?PXkqcklq#U;C< z)Ga;3*e}r6!zDZen=BB?O3$fz=zE63l^-`zXQU%w=!pwu8YNk1>u-y|ubD&5;K zAi%^evmn(o++1JZEx!<>oU|y5vUCnq@OLVA5A-pN$_omquyitaObyC5PBJWT4E9ee zau4+?D)1}tF?F)gcX7|=(vQ&h_sq>KPfe^UNzVu{EAme)^{vRw^K{NCi!`z*a?dqM zH*+$L@DIW$Cp`;%T>Q%wjEW12vfVB6^NLfvk_}V+L&IGHGAs;2-OGz23`0UI{f!+f zoV80TEOP?63M|SZlTtI&qavz|Or3))tCHP3N>j~?f-8*uQ%elY+)6{!GJT6nO-c;7 zbaizV!jkigQw>}kL;R9*^YqPfEHYhFll9Zx42^ON@?A^{gUr0VqH?nRGLtR1`t|lr zU1w*A z{dOoxny&J6`;*l|6P4)FN@y-r(&NMZ%bPWvkEb=U}Og5=X&(2H=^a(FB&gKdza4zyrPINI(H4G0l zOmqve@QVzn^v_DQ@J;bEk23K$j0`M`h|rJn%0{=%B%mrPKV8AxIWi>4$jmgdB-Gu~ z%-6&)BQVQAJHtQQ%hfW|T-&nDvMjAQ#ksO7Ba|zt%E!YuH@vdU*(@z0tH3SLC^^x~ z-=oMfT)V2+u{@-#tT4$qGAzqGG8Emm6i0)ypmc>qvkc>+oCs&<@X~Nc<4ngCuMi9U zvg|;Us3Oa(EWgl_ zuwb*&O0y)>V#mTlQ&)7`O#MZ3nI$1w7m-T zbJL40eJ#*!E3`=UN>5kNPA)D8OHYgPC^0h#b~gz!a!k%DH_5B;4KqtLbn$j|2{KM8 zOSW)#b2H!yF3&Pf35X~)aSAC<3Uvy|%&E#vGtACR3EE(yy>^OE-*6Pd7og z%{#2fqNrTKw?e6Hgx(r@$m9^ORCE4{v?_%-oVlGZ)98sw@kxs?;L0N~e4$ zeV>f1DubxPT+0XpOOL{&T!S#D@Ce_?0FM&?yin5!uOwe|+w|R&Ow$7uilSU{94nGD zvJx#*g3bI&^Y#7m-O^L@-7E9FN|Q|e3O&;!i=ETT@{P*5Li1BABZJdD!W@0fO${=V z!;MX=vdYba(#i|NokM+$4HAcC~>PYt}-tu%1BDe@=6I!jdD%qDlM@HGj%u9cX9SC3w1UzDa} z+@(0oGtIa#pdbv3Uy9F4RIaekcWE7jF zmYQOeCB7LRzLAa!`eh}~X&%~%nPG<7UIjruxs@d*?q)^WnN>lder1k^fx%S)j#ZHc z8P4TgxsD!&0VSdS*(s)hk^WVdg(c>ORmB#CX{M>UhT$ejX4)wRL8+nX<*pd1#5lDm z+@oB<+1JC^w=hH7A|Tl;A}6@gqa?5(%-biaDlsY4#JIGi(7Y_ipe#4kvOJP2z&FD& zEYd7FGAqj8JHRi=)z`n=&BZM=s6@X!C^$PQ%-q+o%G; z{AVWXbvh0d-zmQVX6pVQDta9`%bX3T(G^#AkDNQTMbjMaCWxroI8e=8^9Di5Xc*fi6B}PDut4 zW???*SuSB|d5NBRfm|6SY3b&np{}{6nI5jiuKt$hc}eFA>RRP}SCP`_zd4|qL zX(#izuw%s3#ctkSo*(9AF?BdoMI-7zaD$k^9ArPxP5DQB%h{~5BC{&j(8t_0)hR!~Dbml<&)7FLI3>iiDk3O7!#6M@2P2gP z7rHp*Ix2WX8Hf6qI$1=O1v=%qCI`70Rh1d}r>2;fq-AfTivdxV= zTmmXea`lTseZuv%{hd9ET@2EFwNp)!jSZ7sQ(e=OxpGp%waaomax>GD%+lS1Q%%i7 z%=H7ZQiA-=9SZ{8i%o(9oKy0`4ZQu5(c>*O$JsSCT_LKf(9JO{DAFa&Bp|%9I4|2P z+sM(t+^yI>yuc#7BF!twCBnS2)G@WPoU1I$tT@WWG|9L)Ah^7+AU(0NvOFt0-z~*A zDmNs{!Xvn_FfGV0I6T7#BfnXcMOiurD&(f*7-afHL>V~x`Wu>BxLQ^jyShYqM!0Bu zQo0h-H|2M!spbkyD~ao=;vN zm#(g^f>BAbOQy4Bs83F2wwH5acv66qg>jjWmv>o2wwr;0Yd~UXh(S<9WWKuzmwUZq zvfZn2FZOo=qD3>Sj~nkj>{=#x%kpxd;ORYy!n=#+JA@fq9bbGp;!c0Zn<$r(0%Zod zug?z$1RmMjoG~^2^i=JWzA}>ew)yn!8TUTFecHR;Q$JI+aPQ)|)dGzRWtnI1 z+#d6P=8huT-kJ diff --git a/secrets/backup/restic_pw.age b/secrets/backup/restic_pw.age index ea0bc3b..941d6a4 100644 --- a/secrets/backup/restic_pw.age +++ b/secrets/backup/restic_pw.age @@ -1,20 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA mGy7a3SPHMxFaJ5S68jaRkPk16Ahxqp7C2YGnK6A4nM -TrEf7fz6yY7G2HXNxhnM4v7QkVrR5D6vdh+eUVbWbdQ --> ssh-ed25519 4PzZog 5ixIvICVbbk2z8gqvodMAhCevBWdnfmpskWupnpMm04 -r33h6oeu1jQQGs3mP15xtbRq50FGpKwtbbqWbSTQ1jE --> ssh-ed25519 dA0vRg gUxwHHDBhxpYMxBE+UfTYJ4I8nY7cEdWG1XBSLLWtlY -pNawroXlES4EyNZSUUiEPNy+WNdG9AnHnUl+7qLB5Os --> ssh-ed25519 5Nd93w AchMesYdEdLHtphyfCumqrdCRFABzNOEf7KfFgQWFAk -Xnier5jnPDl9n8F5r/R4CjBoEvmwAJRLQWnoWoAudec --> ssh-ed25519 q8eJgg AgmUpmYT5z1qAFZ+uUY5a7huZ8Bhifs1ZuDBlg7ZJxU -kgaKF9t8cEKBc715dNocxA3o+2dwpK8erRo42NzeP9A --> ssh-ed25519 KVr8rw AafFkG0axLsqGVs/k0DrzLFsKk4uXtqRbJIFhuAmj18 -shiQFq5ZznBovnNXWfTNvSVX/O1X47hK6g13P8r6xN4 --> ssh-ed25519 fia1eQ AKbaMyAtdDHSpP5taXQQjaunzvO6yZuCOUjgV2+4iDc -yDFZ54QNklvVHUD1AkiaQ0sntqiRxkMGZw9yos/IvcI --> ssh-ed25519 3pl/Kw KD86EfxdUwpfFW7wqf283Wmdw8o/qnVzXxTCrtNPsWI -L1a9WXktp4a9s1GxF6O7VV14ZPQOp/VqwS286Dqa3Tk ---- +jytGaOhLk0unuAlkbbtAFNde8Z+tKJ/3l3Y3tBgcFQ -VV7P =O]bZjpQKaXINl_v -Hsh3~FW/ ^a\ #/ڇi[fbX \ No newline at end of file +-> ssh-ed25519 V1pwNA mN/1o9VKKc+kBc0s2DEmjHJn6AUbCQUoaCsvswNHzUM +SlqlUx/Ok6lrc71g7uJYG4/Y+DG9nnumw0GsHtFH9Ao +-> ssh-ed25519 4PzZog Hm/dzRXkAtX8iopSdsrRw0rIAKtagbRtS9zGnFZdjAk +dIhBGvUOUd7SgqADywQnnv/lggussXa+AxOdxI/gp4E +-> ssh-ed25519 dA0vRg mP3xepL4DnV1V0sYrS8n5a9XFaY3HlYn88IjukBW2C4 +KpUv1UGZdzx3kHH8LlkqCIgGK9DAOZSyN+bLfaPABcU +-> ssh-ed25519 5Nd93w E8tGoDN/aQoe9gmMkIWxB7vsgQ5fJ8WzjO6+NefmcXM +HY65eZHHm3GovuZoVgOMh8kveA1aaxyYBvXDMuw5Ry4 +-> ssh-ed25519 q8eJgg j86zF1fq/TSyxl0CTlvnJw0MJVVtG03oqGDumyovogI +gNZY0eSlLIstaHlbY/6n44/BKaQITXqD8qNOJGotplI +-> ssh-ed25519 KVr8rw 7T8vLuXcc0jrtvQTu/FU3ZZC963YkAizU5Q79OQEvxg +R9YC1AZsrJa6PZ0Vzum9TKCwFPd5EWJ4McJqtNgQQ34 +-> ssh-ed25519 fia1eQ bzqIMpD3LmkKUPRZ8HibiqJDZfR2lIcMCICputpX2w0 +2TMqO/yxAMPB4b13/r6jBytD5lhbhauxTrmCx95w/4s +-> ssh-ed25519 3pl/Kw 9qEhAIqJFP6XrMsT5ju8XQeG5dNG/U0/wTUiPYT7xHU +gT+zRjaAhAK/BUOZXAWNUq90F1I9T/y6qZuGRnbHroQ +--- QGGO/WedFvcHW4JxdpMHP1PbfaB1ITP4KVb5vWF3Kzc +Y@/ܻKhA@0K +.uq_9`, W%Tn`Cʯ÷1n3?ŹєǍV] \ No newline at end of file diff --git a/secrets/bitwarden/details.age b/secrets/bitwarden/details.age index 7c53a8d075d8c11ddcd27be00e352781b4e3e5e7..4777128a8e12ba8668dd82eff7893033a22bc17a 100644 GIT binary patch delta 1069 zcmZqXZ04MxQ(t0QoSWxf;qB(AUvA-A8JJX@T=sp-YEtZ$rk|B)nCD#SY>}Q? z5Rze<;}KHMW#ZzLWl$Voo|jz~>Kf&o8tm>HSQ=;%k*1xS7@litQsHB69_;9D5Lg&E z@uPTndX{TpUQ$q&ucxPHVuhP!aY&+JuwkWPLAF zSU`cNWr22viA7|Nk#}CWUqHHNdA66Yc~N?mYgTb)RGMd~pJ)E$ct-K?$izg8tVqvH zlk~LUAnnS+;vy$g?aXB3qRPMmw-mp~^a$6elI*Nv|B!qx*W|)-k5bcusBrVdT>ZSl zpp3lG0>>iH$XvtZ48Ozz|HP0gKYi_dpUlX~XBoxo(|nThT}msnD$4`I{N23G44f-M z%Oiq9!xD=MeY6Yx-3%f<%>znyP!O>*wHXKJ0v36Ej7}x$}v1J%EQ8> zI6ula-QU?T65YDA%tXV~Km|Xqj0zK%6qD4{Y%t$WNQp;2)&-`MSH2w5~QkTGBZ?i}fgCdgxbF<{KqQXdXzYwo9 zY)^FSJgXdi3mp|qyeiC0k}Lf(i#;;E{3AmQLz6>1y$o|Rsxm8$JS=>@jl8QIbApP~ za*Mf~l1+-V1O4h<{9RLna&t=!GRj@k@-s8sErNqG9W(t>N-7-7!_C}`(kj!rbaizV z3L zndG2(m5cR1d;In3>v^x+e=~S^INd|zy;>1dW6rs*XThe|3td*O-}mwAeg5^87dh{h ze2)3`XsV&FLc7baQ-PcL1>K!B=WeXK@XmKp-Vd?W%)B?;9z@){VE?+kJo-lMytyaN zYQ%c`B=VeI-p3UDKzHk7l??q^(z65;9`j^vHvO05asPCmfJ%H;{Nw*Nzl)gIRuq|= HuN4FUALN1I delta 1069 zcmZqXZ04MxQ=e)Oo}c0pZeVWilwMMvogA8(wKq7L*(s z%9ZWx;v10anqQt3P-zxsW@uiVW|EX>7@6rEVya&dWFF~iVxXO9uI*i%%%y9mP+Xj$ zo0?)|YHDbyU=mOjm7lJVpJ-@q9BH7RU6y50rC(B&?Plo}92$}5?jIcCoNpeHYZ|Uy zk>ZygXzA?By(nF?PzRS8Dd)Kn_q5doS1K96zG#Z z@uPUSVPS-MO1h_inW<4=wr74wK|qy%vX@Drx1*U$Wo}w=Zh2IOeqecMad0`8i)VIH zpi7Z^WT0C{igQ4oc|@qcb3vJbe^G!%flF3Wx3-cmp z?{d$w%FLjuoMMB@Ot-)w{fbmq59eG910RFQXBoxo!?pdqBmE0J3WxOz0fo(BeB9KLOaJ%+sQaG%f!pnRXf8p zyDYLI+}kie9o@RL%tXV~Km~VG=kfyW5*PhU?c~tXVDIn@gW^2TqJVrSbAL0#^rYbA z`tnGNaQzIgN)s+0KgaZx5}*7W@1P=6W5+~`kfhSe9Ovwy^q_KQKhLPBvIwu7vaHaG zC=+z+JgXdi3mp}b^Ham!N|H>SUG+^PO*4wZwGD$J-E;j76T`CIg3}^>4I|AW12gme zbMm<|Gg5%zd0)jSQS!EM0?=GJ?u8%)A_pLh@a?baizV zJRFM({8Mt0b4`u>!adT;jh##bOtihq(z4Txb8||wONu-lBl9dmf)g#cPBd>S;oms% z)Rwu8XEv3{cwRZZn$x(x*+}e+^91SNtud!?4ATd7o-QMG^i2hFS_Pm1=uIc$`i*Esdbk*hVk-UaE_GftQiX>+My zt8U?exzQY()gyky diff --git a/secrets/bitwarden/id.age b/secrets/bitwarden/id.age index 7c2ae23..4ea38d7 100644 --- a/secrets/bitwarden/id.age +++ b/secrets/bitwarden/id.age @@ -1,19 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA +Bzh++C1+jxdz1VwwhxPpO3XWn8fy7bsP2wX4mlQ63A -1GZxY76fwUOo/t/XeoCOEuxxq+oiU8+GDaasH7VTOkA --> ssh-ed25519 4PzZog lkqPlBejVuYcBQwAZX96296VjJqyz3Q7J7O7OzfSDmw -x+bGIiw4SYhEePIkF5PLK6KK7EJ8Iay1oQIOJ18DtQY --> ssh-ed25519 dA0vRg o0tqstSEhdxxdu4Bu8T/r8al3XJpIHvXp7xe8YNbJgo -m1OKX0L8Nn6ZrXI0Sk61fe8JIRbh+os7p0wzCMtdi6Y --> ssh-ed25519 5Nd93w pYmPUfDB3HfJZDPgNh4Vmdu3UlTimrX4+EtUzSONyw4 -C/URv/SZEtUlI2SBPNTfni4oI+bsYZ/Wq3xilcS6mMc --> ssh-ed25519 q8eJgg k5Ml805g9vQ5Wv3hozSCAq8EGzvczTfpssrOeBlB+GE -IxRgNIg7Xi1RN9MthSqjsHoaLpsFWoUVd9f+ak9Qm08 --> ssh-ed25519 KVr8rw 5YvUQVmarpS4FgsFI8EFLz8tucmvs3V3Q8I0hT9q1i8 -Lifm2EUWhv5hDU9mwkOu4fH8zyjEtGXW1qVBbC4dfvs --> ssh-ed25519 fia1eQ sSzTT/AeSH5y4vyKt1Vl0bnkT11ZXINQi/pGU+M3oh0 -Qm0ktboSsC0/+HBCIsOu2Oa+EAdT/DlStNLRpC+EOtw --> ssh-ed25519 IzAMqA DhHry81R6JO3xWujL4l3uOmtqvdmk40srcWuXCU03kg -L4AWjbf1+bNXSMfBpC6DTKU1hvql+1mIRemeHZCFXos ---- Jlkn7bKGiezveI2e56iV/3B08/z/JxsJxgyvgZ6WhN0 -|s X#?WٺW(@L [^tnhGc\z^>^D{*.! b \ No newline at end of file +-> ssh-ed25519 V1pwNA H7YH2bTxZIlSQR6h9LTj/rdgIH1FzrT3zGujEGWa/T0 +EB/hy708s62jz9yhqVMp/iouRC3Hf/GahvtZzgTK6Uk +-> ssh-ed25519 4PzZog 0UlgzFAlGE4dOOHlGaI9DNBu2UaNTGOzjICpA218m1E +guZIR8Czh3zt4W4mKkHzp0VzhdK2nzM1hDB94t4AyFY +-> ssh-ed25519 dA0vRg 7J2jo8Y7mlp91/N41e+cuv4Y46Ui+DKnNhfeXd2dsj8 +HqAFiScEAKMK4z4bfx+7PQQJQwm80GxjzjBghplVQtg +-> ssh-ed25519 5Nd93w VIsfbZTy3Ima3RoXrVDmzm/bBlPRT7vgzwKLkQ+7WCE +ZTX0Gryg/XoQ7Pu0jmBb0MBKv0ee6GUFuOj27SThHIo +-> ssh-ed25519 q8eJgg FOcmChMzV93MYDuFEraXcksxUi2YSxM0t1VXXmZOVXk +vBdFZBUquAmb1GQV+Gs8wLzzK0IS2yV/o9cnYiMGBPs +-> ssh-ed25519 KVr8rw qC6uMcLvYz4gIK4Ajrfqzr1PBC4Iqgw6elBPRztTUzM +ww7UnTYn+ZwUwTg2xpNIp9cmPCxRztn+NWGzVfSgCMs +-> ssh-ed25519 fia1eQ o3z/yAM9iwIYMJnmp/uJ/ul7nNp447VgumnKzSQyvig +dUXr5Za7VZzHJSmMwUw76TptIRHdtBRdHv4IRKfzZog +-> ssh-ed25519 IzAMqA otPdEEaDoxx4CiZkn+Ho+Vp+l+BPC2a5vkSv1DCg4Bw +FCFjzX4tueayqW2vhzowZfntufX8uR5ViGFH78r82J4 +--- Tnv8fDlZG/DndtKdjbuxPnw6d36W0lZ0uetXa1VcaOs +5m P_\@%ǖ2ƺMCyz*=QM>X3/1 4A5(c4gf,k \ No newline at end of file diff --git a/secrets/bitwarden/secret.age b/secrets/bitwarden/secret.age index fde27b6aa93e4768b604aab66b9ba4953a30eb32..f48af48ef1bda0cb2d10b69f4678b2d88de6df4c 100644 GIT binary patch delta 925 zcmeyu{)K&lPJOCVs9|PFrb%W+azMD5Yo%XhK}uk5d9F!LPPkz}xPfDEdPZKkzQ0>| zI#)@gS$0vOaZzDTazLeLPH>8aesE#2pP#3Xv$kd{;7#><<7oboiS%JcLnh)VM>4KyyX z^!N8kGY{8KN-FmD_AIGPwM;Y!cXQ0QUiT`Pj3T%Z6nuEeed+LD8Hn@iWD;w z$569^N`tBbPju_jG7}9`0~NB2Q?&hx(@KrPd?LL-|Hb{7lQj0`s|i{0;Se1AV=cGXjgXBeT52+`_!P%_?(zt4a-v${ZalLaItFN{b@0 zBGS>V^Q?08Ep${UaCddpx5x|2$xQPJatSjJ^NTEWbTe?t%{DYDk8%z(bf zFv(5#anJRN@C)$>EYx<(GY&O(it_SEGA?pAaEVMd@ee36$}lX+3XSyS%G`K&%f_>6 z{(k~iEsDErNJ+lGr&+PKVY!ojuxW|O z#E;_PrKQ2anU3jIt^w(38QNimu10}rPTCe}*O+a#?B`GWfcZohWTzz z`YA5Kfk6eyt|1Xgrk)j%!G*!@=J}o$kp`Lixs^_4o{3(CC85ca;~B-nqoN#*Dsy~| zbDc~ovMPM5d~%B-{YtaKLz1(?iqpM=syrjZigN>k3nM(aj1AHaO)4|A3;a!T^MlIr zQY<4XQVsP311oY}jWUd?JOV6p3-c^eLVc1apJf!U&&du5tuoaw%QG~{%gr`0c1(3N z4A(bHD=;oet1L?KDb&tR&kr(n&Z;!vO7kemiYm#9bT_mp56{Rbi;6T(&NFtasPM{+ zG%>6SOgA*kDJe~HDowROj{)znB8#GO1y>{g%q-W;Y|D~>G>?@}M+=gDj7+mb9kaPgOAaV|4;Hw!g%$uo7$EKLqHEYI;a(bg|7PpyhD%L?)2($&>f zNb_+__SQ~wO|&pJc26mEEK73HF7_-k3d;=k2uv(73=d2X$j{HVG;vJll3UZg=HS{5 z70+iq^j!aHf2P*|LlLKHu1L)9);c6Q&#s~VrQ$zU@2L~r=ZiEizG?n0|Lg-z*U*KX Mv(0aZPUx5m0C9Icv;Y7A diff --git a/secrets/dns_certs.secret.age b/secrets/dns_certs.secret.age index f146486594541c9e73bc894bc4801296ec2c6eed..2f4966b5c71bb8a5e9d37cb94e88694436c538c5 100644 GIT binary patch literal 2924 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5yVl(sl_C z$tl+NC@c<6G7HpCHjT_nDfTQ)ElW0a_O~>%NOlSi%QY^owBRx*@-@jfjL411HT9^- zFHZG!Dh^67b;))PjY=}fNiGh|aW6E8sLTv-@kO`IB%mrPKV2cp!#}aq&Coxfpg35& zAju=ZML*TsyV9jROy9+;xWu%`JJ7|))za9zDw#_^H#{RXyCh#&e_G}qrS zH!(FV#ls}2#52XoASBzkJh0ryKO5b)6i0)ypmYWE(4_3FN^PIyAfLj(tjLfeBYjtW z_b^jSOOG6*qMV4T%HZPcl2BKta$hb-3lp;pPalK80K=m2#Hfm-jJ#0SkWlSnFUulJ zOG~HVio)O$eHX*<)MRwqO#M5jaGRyG^DDWsubuTWga;wa#Fifp*4GDM3ElM;gGIR|#jxtX1 zcds-E3@+yi3QP7Zi!9O4@=VXn4=ggxHTTrcN_2C}ceD&~bBip<3C>P-wk-4wj4VdC z%{#2fqNrTK#~?Q-$0#HvHQ&i2%gewyC)v9+wK&hoJJrK4DAh7G(y<^f&@$2^)Xm$GRq8aW0$HR z_k2f-L`P!-Gowlme|M+M2p@}zEE5A4?Z7At)?UA-+cd~+hXit}8G1A>zEv;FlWgB{DV z!hFjL%OfL_!%DLZoJ@Q|!h@nB1B$$JOOr4{(yt`PPv23&y)-a2+utzB#U)(3D#tZ2 zFh8##(8aMb%FQdd)Fi^fH8e7$(#$Z$&BK+;FtEfcEGD$=}V* z(y7$Ltis2vsKg{ZJh>pOD9r%fZ)HZ229}NrmD%1wj=3H|-jQJjK4~U7*%n?FK>;4V zu8{^#S)sl;IflvQMj_6rWx*y~h5`B^6$MUtq1xH$d6wp`sV3>}g~6_Au0FwjUIEEr zA&w!=Wo}g_K^_+9wnYRNIhvI#1Uh*Z6lpt_1_f35YC9)ac;y&*c)1xAmt}-RW`$aq zCkLgMX9k89L`0Nxm4&97Tjmry2NnconFd5exCG|2xF&j~xTa^hxtOLzMOqpr zmS*Im+vc0$;T!3w5Rn&=mzQQ@mTI1n=bRkmtMBhpZt0Q|7~vW2lkA$~S{m%`Vd$J6 zRvc=a@0nv_7U_WzlE$e; z;U47*p~VpqImW3*RZbb@1r`7D1NYK@ovrE>*rBR-cj^UAhQD*sWkzrmKRu(>Bxmv2RIk{hqwnSWagw*MTC2l8Tn@g zJB9}qnpe4br+9{082X!4MHFZ|1$#QD=X*Ful;kCIC0P`d=DL~Xr6fj_x_dc=86-v) zR^)ql8Wu)+dRV5KxaE6hrX^dHgrsBC0iIQkzJ-noC9Wo=!7kx}mX#5HQEA17#hJl@ zhUHG#>E)>Q5_S+E6{zIJJ-Z*H2Ud4W+@Nl-w3UXgxqrN3vDlaXVTi&IoUp0-Cy zQDjPqqdrEBV_cA6%yJmz!-G?C*&l zZ^4BwPPvW>=7oh}##v!eIRT!P>4uJu{*^%m#<|837DkZ<;hEZ&fnKIgULl@&#*Us` z{`o~wg-#}ZfmOj~1#ZSB7WxsDRS_OhW=83j-sxVMA<2e$W(7_Lj#U^rAk@_?Ejdsj z+g;nj)7K;`(7CuYAkU=I#i=qm!#A@$*gL|@)ugJZ($}#nud*;HyF8N1w=yWtEWj|W z#K+aUz@(@sC@DNE$Jog|FFP>B(;`15#n{56GTT4Nq!go^jC4z^a86fnGdI-tHw!Q= zbxBMO4-P2ubIhqUv?z=+@Ttm6F?4jVG%7GKstR>U3{2+=^vX>1i72=9_R4klbMg1{ z%qTC*b4?3&^D*$ra7j1UPf08;t1|PeN_9mK$#nj9JE7@Qaoo*WvM zuU!;wWab`d!ex{e>E-BX5S3c!qV1be7Hkq=p6(JE;++$o=i^zFT9#dsZk*?3?2_V{ z&84fWt59H=9}w)M@2_tj=^UbMniLgfURjxy6;>AP;Zv1dkY46uRORlRSfU>s$QA$n zGQWk1oqps(^@0MafQ-v2kN=C*t(@9e@F687lySj82gpq&g1;mkSYD@ zx~Nx6gzLtm(=No_(aU<`?#Xgo@yC_RUcm=%_2tSRvYPe3c;U`W)832%haGD*UnT}N zuQAMc<9@X_jD3nnOZ7qKgzn`Re(s-CoAzq!v#5|7If0Wrz5X)8VQv#uXG{z$xZ!=!65kvB|soZtLV^5dea^7{#) U3+6q#)VeW5NbCOOH48og0JYP|rT_o{ literal 2924 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5zLlb&vE2 z$Z`q_)V6SQHOeyf@(D>YN>3}Sa4U0l33fA$@Gc9B^z=y&HsPwscXKlJOHGXM@eR!I zwRH8#&(C-9^UEvB@(OozcGONYF^$xYEOGRADn_@>B%mrPKV6}!G^5PSBPp#Q*)u1( zG}Xl{xYEPLJR>N%C?K!Q*QL@hqbwphBE-klDUvJ9(<~~&)ZD~0q`1t`(YGusz`MvJ z+||=4(%+=WIjqFd*CpI1u&Aoo4a2q+M}xAUbcImEs*HfFOkV>>zbcbV%gmtQ#0bmM z68&sP=aM21{nBicu*htE=iHJC6E2scN>BZW%)r$2bYDkLr&5!^B+CGE{}hwtyueUD zH@DKvTqA$)^2{VtUv$5j`lVPJmn(#MI(rtT8yA;nyE-PO`&GFV6gWp1>F2okW|+F@ z7ep3jT9jw`SZ3yUSa7-cB$t(&WLp*)2DucKraHUmmlZ}BX1e;Anr2kwq!_1q6`A@v z2b)LwxuV-vXp!obp040h>0w+L8KEDLmY-ANV-R4J<5U%3QeN(%AC?hr6%kcg9`0o1nd%doXjb5zlk8gNS&nX- zcUX}{QMrP)m%F>Kho4cEZ-AdkPO6t@RJK!ye^EwNl7&-bpto;QaFJuFXMuC5Q8rg_ zqEVPZVR2xRcYse>X;^BxQ&vcdXL^}oVsc2Nr=Pa7uV;>vwrhoFem1&oX_<+JseuYv z?j}A(CRxU527!L1$@%&D76u-nUXK2GKA9no=@z*aRgpn1d07!fZh>6R+R0Jj&WS;( zxn;$f&c0se<$3yM>H3C7j!tFXu8EPJiJ@jm#%=}q7U}4=>ANSHrUxnn`kR*+1X%=U z<)sxyMVXZrRCq@?`c#(WXPWuDMMat9x)lVQN2KTFxCC-(R|ck-xTmD$g!@+om6kX= z7UZ}TmZhd@8>Be)0r*H0*>|^QaS>+U- z5?vQva}Ww}MUd2TjWaf+|LnM-+rvuSpjMP<6NWon9hL9SV3m~mKDwwq5- zwr5UiW_gCccPd6Ii3l!oG%HsqDX=j1GI5W{a?1*ID>O9m)sE5*aB%FgEU4lByk_wX@r)laG{ax`!@&h)j=cJwU{GN>>yD@gGz3i8e@D9gzV zuEMa*H^aj>(orFxJkunk&?M8V%tF61C(+X+%+a+f+1)W9AT38b#3)!lKeWKut2iJe zET79F(7+`)&^OgGy)-Yty&|&A%-19{$0@PEJI$}cyf862CB-$_*fJ;GFA_Z@jZ=%l zJ<1iz^37aQJq$~eOu~{wj8pQ;0wSZFElqtrDiR%?vZG9V!!7)RDhmCbLd&_#Dm~mC z^F0dnODzk6GY!nL!kx2|{fvwa@=BbuBOP6eot^acJ%jzV4KPwkX;hVyak_$AQmRY2 zd%AIOs(x^oXIPkHMtVt*qrYW&l&`swuSsc+dvb)gQ%Sk0VK$d`h`GPEw_lNdU_`!q zsJlgJsE<=*x=Tb*ct%lqnMssqZdQ1KMNUaY5JrA;F7yv^4^*gh*SCl)aWN?g%D0Fx z4K&Gisq`!|s0cCjDtAiP56`yrE6Vor^>r>x_vDHyu5$K@40QK1ObyBl^0M^yDex(( zs5H+qF-`I@buI}CN%JW&@h%T4F+mSW&nidXLPrHlN6$nz@04OklgdK>AYV&AzZ|#h z0+SF=qe4TI(n`aWlF-lqW5YxB+^GdDF!GxsY>a(8!*@b(EwPE4_gbPp@?HONbG z@yKzDvOxEnaY2s0ce#RRQB`uJe_~0lyP?04r-5^lUzJfnMzOJxyK!EXsaKh0Xl7NG zNpfL^qbpaWi<@6bl3!?8fn#7qWw>Wlaj~DHpSNqWiBG<}NwRB7uD4TAxUXAEB1Zid zT!^@g6qHyL=;!QPU=&ys=;RoZ5olx_lpo^gZ4g>jWvQnei zsqd2$9G;vQ;Np>No>LJ~TIK5%nr2qwm{X>2mhYyYo^R%t9O#;y>xk~RP*=0GFJl7f<)%a7Qk0BhM7?5XY9lMEw^OyjUzGn2@Q3@ZUq=^O5!?jB%S zm|Kx-VCd?andWC;kYj3CiP2K9D2uXm4phiCH7!VUb&X8ZH!gNI_qB|ybTp{S2}~(7 zv-C4IGD$1*OAj~KH_*?h2;_1N@G@{J)7RI}^!BeZs5DFo3(?PV56Mpoj?D6Q54X_v zFE-5aaq@L3Nk$LJqTHggta63y!Vo7DPbV+^@*=YUqjV#~kldug6u&?x(+HOe=ipGw zobs?B$AHYJ3|}te6w8vVGUFWM@?vunmvC*LRFAO8P?xYwukdv3sxnLCT(>eqXXD&p zqhu~!U0sFbP>*u+z%18tpW;wwA8o_%j0``g%J8Z*e^0lfpj=0N6R&`z$n?@|XIHM5 z+~Qgm|CzT1O5Z#^%Qk4H?a{`{^z{?ON;!M}DD6lM_Uw5;ueeZkMQ$2qV@ZOJM+x=IQheIOu!+ZWc5w#v0(w47@FkJ9_a`3|)$2F^WR%qW! z{$cp|=TBp{++>-}+4gfd1>a{_{cV|)H0eu|(c~rj(w!V6&d=3-sQ&24{|!%PpL5gi zo5QL6zv~#EhxV0edy02VwfP~;`gG>2d++`+GJ3bMzHvTya8}^y1NOC V2&%B<)KIR?Tr~GV ssh-ed25519 V1pwNA UBWTUleT3gH3VTd/ahMfx1iSc1JTTlZWKxD4Sx61Dmk -rGgE6UbDrVFRBbCfw2+o49aIlk4qOHDNYD5nQnt97vU --> ssh-ed25519 4PzZog OGYMrxkoi+q8ysF/6+HYm+RQshv6jhZyjqQr+d5/vlk -1PY3xrn9dHVnXOOlEukTwnF0S5KL6AsDRXh5MvWioyo --> ssh-ed25519 dA0vRg eVrtU8/e3XSCjOHFeujDNIZHPWDq3qcot/+RXmBwYyk -mOFaEqWEnYtKxlilozF2QRyKPsOP3HvNWnQ3KLRON9Q --> ssh-ed25519 5Nd93w WXvBheSNZ8CJOtyxeK6GBLRgt3n1hgYGGnksp4pUhBM -0mr6EjSJnnJezPk1nXIEpaIMmn30tAFJj7pmpS7vHzc --> ssh-ed25519 q8eJgg SLkAt5hvW2niDBIqeKjcYZvDR9CkJzu4wf1y+0Fizzo -ZNm7qSf+Bl981GJuZPPjRL1HcCJbZ58eOUQe+jFE7K0 --> ssh-ed25519 KVr8rw xfJAoIGIRNVyRsPxjlARAFXm3jDnYxBZws0/8mkqr2E -w//2SGsPl3BjEgGIWAsomH8jGwnOKCpn0SJsbb4y2EU --> ssh-ed25519 fia1eQ MjtOJN21srAeob/eGpKQON1FGebBqvZo1bKfQFz2bhY -eSRZ3DTQ/HfueI4k56nkAmUdy7MARgcNYgPGD5amCTM --> ssh-ed25519 NtlN/A n5uN0giDnRaRrfa0jCpqkDnzx1x6hQipumVP/dM9Sw0 -J5Z3ETAYMQbugOUsak+k0suWd3SInz2kfRDrJhP5ObA --> ssh-ed25519 v2Y09A KxmOke5LEOx90sSm3W5gdNHTxk9Smrwya36g8rxFyhw -2FUiiEe5v1CUG/Gkyu1Gw0/tmo64wCIq/vsCjevL3l8 ---- eFkoeakUQHfc0nofk2Sm/k0ujxlkKkahdm/MmMqPHrg -Š -a -5'?c0 5Sh h mȍfZG+>6uϿrzYЍޯѦJ|a>7iYa.P&dKZS̩/Jr;׾io9hNæ \ No newline at end of file +-> ssh-ed25519 V1pwNA bfDBtLa7MSSEgZq6q64mkMwGcra6xtlATR/S9dFN/lI +4un/JaBnt4N3ngrxiTpKl401sFRTJ8OxzSPa1iSwCyA +-> ssh-ed25519 4PzZog sWxeGJic+1kkrMf9DNNAQ/EyxXhXy3QT0t7okQSJiQw +tOEBzods/724JTETOyzmY4DHbMssaQjB3rkLKlG8I9g +-> ssh-ed25519 dA0vRg 87wl9rQyDUMz3Saacc8YdDUqBSMgQEGsDW017ADdwkU +GLPkwXaS1MAi3L9T9NRsRabQ3N+4b0T2q2K7ezGQfG4 +-> ssh-ed25519 5Nd93w +O5uYPYYHF1ocJzVLw7sM6BeetboqoOFsI5B1l5lYi0 +qgq9suCE/JxRI/1vDqE0DtqTnJ1sNLfTsYheTZPimoU +-> ssh-ed25519 q8eJgg ymbogv1TZLM/yTyyVx6IF6EoWC9eUPYkwfP0mjmmCGg +F5haIRqiWoeJ9ZNk2XriYHJTiUtLq04r9o0c5uS2nWw +-> ssh-ed25519 KVr8rw XcHHH2VwKPrb7Xk3G4nxBfVzqZqQItTRXlm3j15O1zY +Oz4R27q7EeVKoCq5CAui9zQxlr9ESaAC5XkKun2kmKk +-> ssh-ed25519 fia1eQ xC9LxTGN4aLjBwea1lt/J1m1eSJFV/SJtNlLcd/mTX0 +JwvVaXTDNslhhsXyAskV4zpJz6g0NhLx7DosrD/b7yM +-> ssh-ed25519 NtlN/A akFElU7sdSYVTmNrji5lAOt6cVzTHprTZaJT+w22HgY +1Xe7+C8SyYhVnoB5FsuSY8mXkpyLpS6FmqVXnceWuMI +-> ssh-ed25519 v2Y09A +ROUvtp1wJt2HmtsB465uVPNxHPuEd254znvk+7VRmA +P8+NmCIY3nGHIBoAVPW/CknO325q5f4lIaNhUUEh0TE +--- LfSoY4IcP9WX5VHX4ECx8E29AMKQzLI5lhCK0Qgy+kU +3x99LF'E4R۶8ZR%TbX5ጢ1==}l8LlYLWf3;#/4cZoS~[+V:2]mɍ?µND[oќ] \ No newline at end of file diff --git a/secrets/email/details.age b/secrets/email/details.age index d8c9aa5..aee60aa 100644 --- a/secrets/email/details.age +++ b/secrets/email/details.age @@ -1,25 +1,26 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA rR7/KSP2skc5HZDN98g30IIXuNDJsghQWfyVF57glW0 -oSpYnVqLObrE/MQNHonzOmpGk/BcDyMxwPPQauUB8Zo --> ssh-ed25519 4PzZog bUKm5Fqx40JQ/8BdJvP15xQvIjwTAxuAqsoPIAyRDi0 -xGvp4hTdaiqD7cxjJTjmJHgehY8VCOVqvvXNIQoGrRU --> ssh-ed25519 dA0vRg Ty2EEwt35A8ZigOkVmYlLgXbMePI3WALtM1McsFtQnQ -ygu01cCNYlaW9e0APNrDGPjfJE1KkNq1nqi5d6fwqm8 --> ssh-ed25519 5Nd93w UwOXbO00n1/2pxpz98BZ7yIaEr1PXEvOg7F3Nl80yTY -+E2VbVQXngXUHUQlc2P6ebU0/anioRu/EZgpdf/N8/Q --> ssh-ed25519 q8eJgg 82IpLMlE/9Wp4fD8PHIiKsff9jJYJtoPF58xCnb6GAU -Ip27egoy6jMgvvTRg6q5NXeTlv9EFhK9PM8rCFu8LhU --> ssh-ed25519 KVr8rw xEE59aHcuIIB/5pbH3bZuZQ7W2CDUCoyT6EmdOWiZ2s -2uaA7Nx8DNbmGvY/ns/DRHZ1zTZ+JifkR4eVtSzCRd8 --> ssh-ed25519 fia1eQ /YtGDHVjZTzDO7baOphkGvY0zCgElNT9UMpMhhjFCEw -03+ungOpBCqgTj/kyH1hz1LWTHSlkZ6Qb0c4i9bwOZ0 --> ssh-ed25519 IzAMqA kSa3Kbz9SyIe1pXTBi39RxVMi6QQV0rjAPgdbEmmJRA -SO7M5B6LR1aZ8r7mFjFAF+Zl1tlsq3j/3/BVkSPWFcE --> ssh-ed25519 uZzB3g 1WjjfJ50NZO2C7qKp4WOtDHEUlkF0CFmiehMsY8/6Wk -TP6FwDJp0nKd+FaB0tnZa9XoD8tQponT8wK2xZ/k/A4 --> ssh-ed25519 Hb0ipQ vRwS9w7tO0yryHoip+sqbsD67lqXLD+6hJDNi9YClAU -NiIy//77gNuQ9UJgvt1UPqD99QJzfbh4WFld7Ln0GtE --> ssh-ed25519 IzAMqA J5spaIE4OAKJsvd1hOy3M2cCbmAG0/9l0dsnKlZfxi4 -RT95kFe4vKr0HQVz+6Gfm7pat7HvSahle2zMhEaQ8DM ---- ag6/92VREDBr8oQUKcFbj25qK4gcMdHa+ej3hf+igbc -r:f)s;˲fI[g<'3rrkיB+cW|~7ϵU} ECq!j71VS4G8i9:Hl9VDmnvS \ No newline at end of file +-> ssh-ed25519 V1pwNA P8uCL9OgS5BrRWrGEFOSqvO4KsGc3Y3q02OL4sFBQCg +XuuBTNDWEkcDzcO/aFgh7d3XhRmj/8maHx2U6l4KOgc +-> ssh-ed25519 4PzZog 20A9EEcTrw/ZJjkvawiiUqHmMaNmwuP72VErLL8Z3B8 +w2Pl4/J0+MI07Blk3rRLAULbxMbFNLQpZkdJPhnoTK8 +-> ssh-ed25519 dA0vRg jn2VA10+qrRAktjhSARaE+MAS5HsHsoIZfc1/ao/mV8 +3ahsWtZ8/Bb3tpQnLSyEPFHeW7dsX9uEaLZbJ200u7E +-> ssh-ed25519 5Nd93w WKXWwcQBExcz6niKqBYT3JcL8EHfY2VeYfnTIEtEfGs +gzJOdp1j4QX3bWDzJgBig4/vDxlRRQl+jsGmcp95drE +-> ssh-ed25519 q8eJgg I1J3jOc15TsBijQW8/DZbRETY+233V81vPLKfGI0ji0 +SLtoYZ+8T72c+FWAi8dz57VJ8wweJY737AKPF0PQEtE +-> ssh-ed25519 KVr8rw CQZs4smVwaFAaFbLeyTFi/IaJyle199te4X8Zq0AfjA +/74zAyuwEmB1KcGBZK4QGgwShhqxOcEQ5wlpmtAT7Xw +-> ssh-ed25519 fia1eQ CkkfDdt9iAaUxUZt+aD+VDMPUcMegomtFiR6CCux/UY +WQcE9ck0HuSXYCWqsy6NOXAHOlE4VIRUkgz/i+7AVQE +-> ssh-ed25519 IzAMqA 2pbs+DJzOw4rgM80o0lUFzIgdMN/X0/7wrUh/OAxykA +291gUsUfOEEsf9o/qVoVI3s3gHmPK400NCEmpxNsefw +-> ssh-ed25519 uZzB3g YP3htz8c1QJzFyAyGopjelQCKPyTx0SOOTVEL/uTK1I +iupAfrSbl5ybwi9Le655pU3Kw+KKndFZI9M+AlSrBWk +-> ssh-ed25519 Hb0ipQ odISOFTymnTj8TnenWHMHeU0Qh4OSGYFy6vJUieehhE +G+Jje+2S+l9bSnKKrwGV5V2xLczDDPFXlZ8MsrL6jHs +-> ssh-ed25519 IzAMqA HIG1qsEisRUws33TxC8yGSrITlwDxuL/RIL6lkdjwUk +IWMnSXxQzv8cAQKNmiY/+hRb86aAuFloQk9WFFcCSWY +--- UK7VzqqXFlN+IVB2hl81+7o1d1NjbFNY7tYRbTvnKmo +(myHC|B,ì# kWsI{KHf⡒4F,zXv +W1!*{B)ReGK=@Q>BǜeL6D( GN $=A_Y!0tGqwK1n0atmc%@53vU6ZbfLl>SxV}kofq#K(sIjkpZe)R* zhi_VVvQMxHm%Cd^hP%I+v9U=+Nq&^RSBPgwl|huROHf&`S&Bh;rmMF_WKuw3foDMZ z#E;_PPX1=@W>GoWu7S=z?%|dG;qEzJCQeDF&ORP)nZbS@q53IRWhRFCzIlOMB>`?u zMK0xrA#Tnl-sxFp9ucJ>-Y!*M>4~m}ei=df75c@=`H@x5>AohD;~B-nbG@s)B7-AM za>`93yxrVG3*217BO;7V%Je-wBHeP5%{)x}b4tq0!h_4X5`D`8Gm46`OMQGi+}%Ts zU9x?hgL56tP24SAi;azZ%2HB{oh*wTos3K-pJf!U*G~5>OLDIY@=VT*vMARNNXaZI z4hYOo$+I*LNX^sFu`KZP^ENcebW1PhvM4DG57&}$9LtpOO6?NU5W`@jh-Bl^5HtOtbiaTq_h66w zD$DY$@N5gqP;~3kG7}9`0~NfI3$=>^v@896O7%mFEP~BboxKgSDwEuNa`RkrjH&{h z>(k4P@-s~;GCa9_TuLG;!pigg!izIgd?F3aybbdFOUs;0Q$36d(vnNv&CCfm@id7lboC0-cPmWH_IJ)K5AilmHpug} zH1_232@DF2@^-Fw@eT?IFiFZO&I)&Nt_U~CG4yfqEH8Bl4=ykA%Sey1Ow4gax2`m* z%E>rg!6d9QCDp(s+{rsXG1Dd3*{q~6)Y9L=*R3Sb&(XEWD=;ZD&o$W8!mZMm%Oxr^ z)g{ZUBG<@0!z|4&B(mJKAiFHAsNOs)ry!&-si?%c%q7t~IJej}kV{urSHUCHB0n*> zDBR6IvfMZ_%q%CoFg!W1yu>*>LOa{TJfomE-!RF<#Lzd`gv*}I@}K>JFF8*4%-3?B z?yfssSNu41iDr319k0NYbXmn?M`T3BRntDatmgRp^Jb)9-g9m{p`0ieW~GDmOM)ku zu6j7FM#f{eP~g_n6Yd>g)R=A2erSpK5x!Q5yB#~^I{P*)Ixn#1Z|zLAiVrH!UsWbb z?AibI>dx;~B-n&8iHGs~lam z%REc93(Lxbf{I+DJS%)HgCi^gQ$sz1o$^Z!{e3M`oLpSF94$)IjeQbBlfuFRf~(A3 zwaWudojnrMQv59pGK}4gjSBoTy#14$G6F0npJf!U4>d82a4&aBH8pUwC=Av&^(>F{ zHA=F`3~|jcvv4W&vq;^19a=sG7}9`0~PZ9Q*v^={4Jf03(}IZ0*l=v3@UStD=JI8!}NnQ5}iUU z>Vuq8LxTfc0zrgA=0cO)GJNfGSS30FDTE)I8hSB&Wn9Kf=R;D=0F! zSUWMt(9O)-Jj9?purSiEI5nrLq~6EesnE#Fy)@m;C(zW}%fzk1l}lGwS0T$i#iF3p zF+43h+at@kFvT~$GEqN2&B8D(SKrjq(y%Dgzof)WyTBy1oaBKXFTQ|>K=2xs{;y%qCo|1uS#Fdbnc;tGPtR%n zOp~^?o{w?5%)8;Jv({;kzkJi@N9>b%_rmT}Sp9syQ16jo}Hq$0YA1sNDl2{OPxBONX zgWT0%hohxM5uUkOEKy%sY+ScUTTj_KPuEg@S4WFoq@diMW2?GETf&l!&9v+tEiY9i zNgohu+cvw*Qd@WCluDoG^einc2ARkHId(R>tAF(v9{c2G{KfJ4gNXU6+~>UZ&hKEH zuDN}si0A6|yl#tF(*8fE#~<^<$|+&W gpAUu2B@1ekAG$JoO+H;P=S4iz>% diff --git a/secrets/forgejo/runners/token1.age b/secrets/forgejo/runners/token1.age index 50ad61e1019d108e153f0a30a0a6bd6fa460a806..bf7d1d52639c29aecf771ce66bfe70974b7a75d2 100644 GIT binary patch literal 1138 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5zhS@C?*8 zC@m{2b#e+djq(dj%ghYTF9_7n%umU82@Y^64)=3(cJwRAPUbRq49Yc1E_Msi&xwpo zPR=$qG)m9YE_6%HHA@c8^vEE#0`ZC?hE<#F49@FvBa#BPz?yIm^=DsL5kt_lz*FD9#NG4bRICiA?qJE%tFVFfptsu5$Cs4fZS5Pbp5R zEH*9naZTsScF)jGba69qO?ECW3P~|e_3$k7NG>pos?yFgG&J!mOV!SFv`q2xb1O%; z%{#2fqNrRUA}2Y|(aY1=Ak)j&!!RP#$i>yyFVrjCDX}oIG|w$CG_)|wJJiBGKew1m zzsk)$+b_s8Slc4mDLFSUDAR{P!(dH8ReUm=5E3jRb1hn78$N@RA`oym#ghr8tmv7;Nf4I zUu5iF;pOLEQsrWq;}l}#l9SA(tE;P!q-|*)kgV;LVU$yz9cbjAk(1_LQV?Qbnp0Ko zl$7gN5m{*-Qjr~4mgvZ}I?3Qp;&RcB>R&aRWOS?9n|-*%ZyVcW3UwSgEiF1{d-3A+ yU%u@R^@+W@w5#;;>nqt8gj)FBg$3Pya+EaB-SJv{;skfm@ZA>7qKsRn6#xJb*L4#B literal 1138 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5!v5N-8eP z$TBuAu1YN|$urMQ4=we{t;#9Sb~nliD$Ub2H8eIX^eM>-b>;H5a1A!IOw$fDN;kDI zG4S?F2{5xX^)pGzEb?~=bn++*Dou4uu1pLHaYeVyB%mrPKV8AY!=x%Z%sV49+n~ZM zBE2Hr-^iuZ!^y3*z~3!1#K6?l+$}AwFt4mA%#q8(E7-&@C@s*`*ef`>!oxp3JIgXp z-`6WU(Z|f(Ff!T9Lf_r5vNFj#JR9A%6i0)ypmc=-=ZqBRDg#5aynt*|e|L|_3 z63gUr4-*TQsw`u}%5-$wO#Ms89O)Vk=^YWqs4a`$h91Q}ha(xT6 zb3(H$$_&tLE3`=UN>5kts7lRn$_WZIH})zBH#c+)cGV9t%P+$)jmpipNOjD1^v0Ia^;vT5rr=L^ewg}6p~XMl44~HRp91xUcV47|ik&_rzQD~lTnvzuH8;D_BX;hVyak_$!VY;E8K~Ys`u6|}nMQL_! zNK|E!cVwxdae8@4W^sXmuaAYFet^4=vm;lQsaHs3W~Nb&d%1p*pSyXMV^v~OW@2W! zdwHlyq_&U0dtiiRP;f!2ejt~wuC9WwpKnA^UXnqcvv+_|rfX5DM@F!*zNKMWvRS!V zNTyj?MPWp?Q%;D1aXwebR#!12;aRy)j@jI5TFapBl_(LgRo7)Je_iv%-V2qrcV@Ch xOV3Z=Bi;4z?=L>D``4l-Zn@m>u{<~1_wvTvI-e><57$oH)YpsZI#%dE1^_c)ahw1E diff --git a/secrets/forgejo/runners/token2.age b/secrets/forgejo/runners/token2.age index bd13ac11352095ddded648bba2cf40a7d46164f7..aec16c6e23de8fe0b497f35b5aa1b68cd158e1e1 100644 GIT binary patch literal 1138 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5ux9cJ?$* z39KkiG>UT0Fo-G(D~+lQ%W=<0%5`y%$|wlXH;nSnH_0%_GvO+Z3QN=u&h_`sPfH3c z^vO?7b`EncO)gDxa*5LRHS@{}Fwc#2F)R*9$w#-%B%mrPKV6|LG_p9=I4C_l)YT)* zG`t`&BtJhQ#62h{swlwEGN{ZnJH5aq(9JZd%9G2)IU>w0w9?th&o9l-t)##&!ooB# zsjRY~%srzpx3J72Im)e~IMt#s(gNMK6i0)ypmc?_EGM7BV1MHrf5&XMEYHw1fqx{O8y(>H_gECW# z3QPPQ^$pN%E3`=UN>5kFu8K5qa|+7L^$7Q`aB?;=2=Vtxa*XiEN>7c*4=VEVOAPa< za`w#3a4zP`@G&Y*N%2oB4J!yYNDMOYj0i2yamvdG&8#RWFUd8^^RtNZaVyXBuE6k{ zcUX}{QMp21S(2xRk(*C|wqasHly7igQfRJwnY*Q)ET->q@g2O_+ zqKvc?L&A$P^SlE63eCfubEAA+4bqY=9nFK&1JX-MvI5asZt%`)IBbaOQKb@jC{s&Y*6PEHAP zs>sc(C4t(GBZK9tu(62$v9oX-y^5cG{ViVv>+)b#5Kt` z(>Nit+1jv$kkUn#H5@{S65fTExml8#w^<+kip< literal 1138 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5tqa74GwB%mrPKV88m%iX&oqeMT~!XV0{ zJUc0)*sU_nI3+N}C_gJK#oREhAS=r-+tA-U!-OltJH0H}(bqW9&@rVr!?Cy`IY_(8 z+&`?aBH7|M}xAUbcG_*^kAP#A0vx03uoi(B!lwAjG&_Q zOt+wdP`^~OAQy{>l1gJkzcQc9d@f7#!cs3MvvkYSjN&X)gObA3RNsK8kbGmm$TIgz zcYo7di=u*J53kI`a&*6$`lVPJmn#_fdl+ly8krks1(v!;CYMDNex+GS4mAK~wJ4fUN zxcfQ=S)kiiXp!obo~~fv=v)+@>k;4=7FO&P>gns^=@c27Ym}5*Y*HEFXd3RFn&xR) zRi5V>=*X2>Wn7+OTICd+o2g%vTWDxn=w)b76y#HwmTnPfT;!G+YMPxxS^?eYH^isu(`Xtv15`^T0}u+Nin)@X_<+JseuYr zrCz25iKb!t?s3ciDee%`Z?uUp&8D3#aSt-5$RmMQJGGbCgE;* z`j!TH24-Q!euhc;Zsp<5`hiBN`X#w8-W~;kIX(q>h8TWxF7yv^4^(iA(9W;OD)GxK z&W@;bFLo@BNVN1Ri;D6H@HeRn%lCFk@=Y`Lv&=0COXo7RwDbrz%nK^c&-MyWb@$KA zcJeJxHYiPsiV95i@e8XmH?DLs@(;)}_C)tvX;hVyak@gbex-JCRCZFOyMBpVmXS$L zaba?Sp-Z5Xqf3>urEi|AMUJh{p;=i)Nj8_RuC79;qfcsXN{U%Xuve~2fw`%#Z$XZ>W2U!HZmFqP zc9})Exld6=L}<3RTOgO(tF0ch?$3$O6TT4Pe?hkS%O#f^ON#zpRlGE3>iVMJTbFxF y-HJ4Mb-259k!aG%(|a~aWqw?4T*dg-r{Yg(Cd2K<*n?W1lL~?sb5+ldi~s<834Nyk diff --git a/secrets/gitlab/db_pw.age b/secrets/gitlab/db_pw.age index ea6ef850b0b1732f52f20ee3993a06ab41d63d71..0e130b3d50070bb8b63b7e1376260407b999bdc7 100644 GIT binary patch delta 1024 zcmcc4ah+p=PQ7cntGQD}aD|DFPeiV7QF(ZBj<2D=M}=dKbCpR^g=&c?&W16=B_4_;~B-njf~Q&j7pM= zEK4$c99`U;D+-GX^xcECLyN+Eiy|^}{X#ADOI$r8!?PW^vb}Q(Ov_v=Lju!FLi0@w zw2eZYolRU#GtFFlvmGmf@}l&;Elet_ob>}IpJf!U*LO;EO(``uH>*n0_e~2A%*-;- zt_-gVwPOJ-h-+%1yXTO#&UGT%0R>@`^p2O3Ex#jf*1uoD;L$%gW7C&BDX7!+ebmGt4U@ z-Sg3{D~+mhGEP@0a&{{#%BieO4oeL;3(yZMDM>4E3M#1dDez9NFpJ6$^!Ls8aLTsu z&IshH@H8%PGEJ?wG%L*w^v?D6^iJ0fP4PFb2y{#jjmj#wh)5|aEcdOftgMLS($&>f z@UJWg_jard$kESBOpmmT%JuXv57jTr2`NZ-O|C4+DGM+#jLfz$HS&n$nyBfuPp6I@ zTxr~W?(sJJqh~(oXv}tGe74@d@hR`Kf3p1R`3f7Kz25V73y*rX%ogoyPjjM7vu3L9 MbE~>DdCF&10QkmlJ^%m! delta 1024 zcmcc4ah+p=PJKv8MWKg_agvv(fr(jggqxY6vv*p7OOU6whet?IL9%{kRi3ABN?>Ma zF;{qadajXwN?t%#mXT$NXOW|CqEWGzv!82XkWprcV~&1?Z(4v)nNeVVB$uw8LUD11 zZfc5=si~o*f=NJCRDQaGfv07Lwu`w-R#16qLAFP@i(9C-XN6Zzm{VwYd6IKTkYQeh zMQE~Xu31Dnm!D^3Rc3CayJNmZeyOFglYU86R<4tww|PdXQAtFlNrZ1uW_gZFp{GIi z#E;_PhN0SqX`!X5rAFE2Zi$f=?qPl=PL4^LZsvymW!_2d{>~=(Q6{-z#@YE?`f1)3 zxvp;E`aYJ9`i5yPo+YWNA<0$x!Tx1NCLVstB^DO>iP#_^b3rA9nC`0JR+*XBg!0otGqMH_45oSpJf!U&-Hf+EpiS>vvhaNtT4z*3`q12 zEjB4HHgvIc@-@jQ^+@tI$}KK22=*}HGA~T3@YN4bv@Gx~a54|c3XDp3%Fl`jGA(rR z3U!JqE66D>@-%Zz3HCQYj{)znB8#GOg~}wS%utV9SO3b?;_!-;5ZC%dL!W?hPg5`b zfWX9x$V>yHKrd&<(#T48M=qcIpg=>@jKGvIcb_cF0w~Ueicc-#Y?W8=% zM5C0dqHO<26Ljm+G7}9`0~G>GjevJPqTyjh;-3_?R60_3{1N4)^U6$% z^fA&`X;hVyak@fOW7l0hVw#k-d?&UDKQ z);^oXr}OM~oOo{TJCFTk34O{RgybjM8!TA;V95o$n-e46m+usius*k&N9L)|@vuou z78`71udG>A>?%Kpuj6Hg@a0EhC!2g;Xf!8W`FmVxUX-`MyX2jQd-Q7DZ%91-{M_EY zH}&R;g8ujyk7u41I5=_Vo7+pSF&$&&dh&34-}$PSKlxubmI? ssh-ed25519 V1pwNA 2mRcx22kddqldRvOQY7i32z0sMwCuGlbCkJJ8vlJKDY -aL+OgWP6uTute1b5dlPG5Tz12KHeFlCG/Su9+MBTceo --> ssh-ed25519 4PzZog 67PxsXDuqXhmcyvNAu2jZrDtd+XgUQnEakPw4pR150Y -nOCZQmAhHCptlAz134hin/UKKpuIL+ueRJ7Kzhf5Aiw --> ssh-ed25519 dA0vRg tiN/eg2X6g4x6KndLJs6ze8i8brhXcsBqP1ZWq2s0T4 -1lx0Qqo81L12eIG4XfQUWYgpimEfgaPweZQ65GTHSaI --> ssh-ed25519 5Nd93w Iq6wxlnODEkmZaYpf1s3XxKmROa/JwXLdXOtCpXuM3g -0oENjjsAh2c5tIHNEghw1TE50xRfU5yWHnZenYT2UgA --> ssh-ed25519 q8eJgg HrJ8YlZTp7YhRpKpv5ZBUbxv/777ATRtYzcbGH1JVhI -Cytu763lKuwmLLUhFJo8VunzHxYn75YRLiN3vnhxyL0 --> ssh-ed25519 KVr8rw s60G0Eusw0rEW3woOFeE++5C4vI8L6NOUXATml2egBo -tPGsNcE3H9crSOCXCkktBzjRq5JyaGvgmx0ZIs3ehOQ --> ssh-ed25519 fia1eQ P7oFu5pYYdJu2fcqTYbKuENBWiFnNVQxg2N8QAXNVhg -aZUyPG6FpfFo7GixaofYbCeajExpKFME6PBb6fTzk6s --> ssh-ed25519 uZzB3g hP2SPeZNhsmePX55N6g4Y8q2KIwRONPBEAqSp273Mzk -y2c9S06vYQl9v0G/7IrbEx+kGv3DOnpz6+9+vo1o1wA ---- 7prlMrCmXuXHtiD1+44Pg0LV05OvyIEF9fYkCiLEv1k -_2":Go*.T5.(N4OS6U1 CcO[Q Z#I1 cӍM;/~`=&'?n}e#/q ۱`xjh:?Υ/J3.+OxkYbkdϏ \ No newline at end of file +-> ssh-ed25519 V1pwNA HYKtH5eSIXo8kMrS2Y15Dk5h1rACkzbFp2Au/2JExHc +ei3/hAN9Uars2aH62Ri6ue9N+tX29yxV0cTdxDThXMI +-> ssh-ed25519 4PzZog HtprLR1voqpk5ESBcCBNUfh34Q6EsU/3K2X/8Vbth2o +vbYCsZvSXCSB20fLNGwWbUgLkPrx7aRqwMFAnWdy38E +-> ssh-ed25519 dA0vRg ix/hHlYzo63deUYDx9UnW5DkJlb6bY9InUZ3uaICtmk +qjDwnXymOM0k9pgvfw/XNOVq1UoqZVdCx+vvPiPUDng +-> ssh-ed25519 5Nd93w O77U44+F1MkFUQeHufrlXFagp4saKodduMmbBG6J8Ck +zriyFrdnZ61OuMBUtUIvye4vUZ4AFaySsNwTiJmeq2k +-> ssh-ed25519 q8eJgg bzoTPXyLF5wiScYUKyob6E9BE5/cA22DJJhSL+jLgEE +0oXd/EqGnpxpAaKgWPHw3Keks4UEldfpbc9zMc0nrVM +-> ssh-ed25519 KVr8rw g+ht9Go3cMVPAzUkxhsM1zj5CrADjKqbWNVgPTIJ2Hk +ryMzelkyfOY/IZDiE0gURovSm6fzuBsJfwr4row3J0o +-> ssh-ed25519 fia1eQ K7HJ1EJQmjVeYLu6zYpTjWbUDOTZe3m1GwSIbnWa8Ck +WSFnQ6RMQMU6YXNFwEPRRymlFMTSPCW0B7wE67k8JTg +-> ssh-ed25519 uZzB3g 0/9ETo7Do0PxXog0PM+/rylYK/lf3dgcv1AvVS871A4 +/PUIHJx8tsX7vb+ID7W8t/WPVoFj/6iiVRFdhs8sEfo +--- j0TLY296m7nfn9xagQQqMMYGTcLt1bn0Uu33CqNKPCg +b]P3xM{Jmu  RŘ]B(;gO r6 Z0nTR8]|T&)W̵ + M"zQ({T$\N\T=dϯw):ڹ1[*N1NnL'K9~MiJ5[H!W \ No newline at end of file diff --git a/secrets/gitlab/pw.age b/secrets/gitlab/pw.age index 6ef6846a207a94a4c0b5d046a9c194c60c504abc..9002d809236e5e59015ed2570fcaecaf173d3f18 100644 GIT binary patch delta 1024 zcmcc4ah+p=PQ8hROR;IVlZSCgMo^M_WO#&YR&t=ZTZVySa$r$ju6B~AOHoipXtASv zF_&*@Vr7_Ra+IT4im_|HX<2HPQ(8n-W};(=QMqqPlzU=kWQLKxnQLZHB$uw8LUD11 zZfc5=si~o*f=NJCRDQaGb9Sy@q;Gj)xqfkpfn#>LzFW9+QBX)&gm;pmqi154yPtP@ zglBe6VPR!9S8kGNv2n6-nPE;rR;G4Qgj2AmYgk}PW_o3SiBW!0N z3jBO5($kYt{gQnm3IiNV)4~c&BP@f%&HVExpJf!U&k2gmEO$09Pc$ql*Y)6;PRjA*%F9Yh4-a+r%Pt8mNe^}`&Z#VOsSGfW2=?*P z5BEs6F!3tZ4l*zBbIUJBj{)znB8#GOg|O_@Qe)@J^wdNr{|No0(&T!7*F=}ns0_pW z+@hrN(0q3%OUu9tmjDx2UoNxEq|{Om%OaEDTwm>o(tNLCZEpkDs6sP+AKwTUQ~gR8 z|1h^mrwUU~Pju_jG7}9`0~K=9{L`G=Q;GsBe9FCwi}HfJvV9AyEOK03{L1{(11emS z>QnNPv~#`uB7C{3QmXumjEX&dt3tB06Z0*NlH3Emj0@eoN(=%F%(R^oUHwd*LQS0f zvmDW_D~+mhGEP@;4)D(__AE{gsB-cP_b4~aH*yY2cFZ*?i7+zq(XK4dcXY`z^$kc$ zEl=k%D2((@jqt0l3NAB_GR+9djx6$v^fxv1H1y<)($&>f zh;Ru{&Nt03H1_f-j<6_madb<}F*Pp;%*?j13=K|BOU!XiGc}5|EHO*w3S}(5(BsM) zY4Y{3B%kiS2an2?lGr1wb5B2*crEk>vt@MNx!u1uF6J|hD`zTXxt@A7!uofaC_{LH z(1Tw)c59?sEm-pSo}ZCV&P3-B1>G$<=h<|xFg@>Qn0J+JH=9-Y`S{~P*kibX|GaipbwX;pfWU$|wKsc)fCag=_JmvfF|Vs2(eVNQOKVUbB* zI#)(&u3@@`hfk6vX}Eq^NQP;CNL09!S#oxAMpTkhHkYoQLUD11 zZfc5=si~o*f=NJCRDQaGtG;8FlUZR%RZ5zLiLYmrvzt?zlezrmLg2myc(-xo>h>PHJF&L2gdq z#E;_P-kuR&0mUwUe)^7KA%W$EE;+_VDQTHiS;pBBDFMN5#@a@u`B}bUY1zJ9ULo#2 zZaF!A?pa=;&MC&(p}tQ3dF5%^nME1Sxh5%<=6+d*MFAnHnNG=*;~B-n!@R@N3q1S{ zOntq*(zGp8%Co%76N8g8^72cgDswFjGqNgzGyH-*Lh`b?9QC6d-Td^8igLXYlUyw$ zJS!4QJu1V@Qrs-GlZ}I2A{?VUjLjl_EZlr2pJf!UcMNvROb;n6bq)zP%PPq;%W^C( z$uQFQjH>Vm@HX^xPtgv|_sI1!4>AnoDl@8ZHOuyo2rJIYbSyWFH1W<)DNHIi({?cl zj!G)eGxAFb_A^c~ajFVLj{)znB8#GOg~EUo_oVOw^Q@>!kANyacY}J@O7BD$x3o%FrglS9K&U6Z*&a&r7r+#~WmtISL)EK2kI3td73%9HXueDYj^T$3`&Oe_mL3N6iD z(=mKk8dc?FoUV}S>gAqoVPssE?cy7lWSE>>nOjzDnOYcRWab@QTv3o?ZkAtQVc}k8 zoX-`MooixgT2h}K?pIXqU0#&#mYSAc>g8o(;gjc9Tx#ZNYM8F?mtzrW66DIItE;P! zQx%?HZj$Zi7?EROl9cUXmRaOjS{xo`Y-CuTpPP|b6z*!45@DY0k)O}S+aUDrRd>(a zH%DXsZdBaM67{u;p+w8;?VOp$tGP}cdD9{%`0t**>M514<#U?0ZBza5a^vm!ii(;n z-!I&fOLTwoJN<*JgWFCyU)@cS&$SaX&(B<7X7#VftZ3z*M_JM)WeXZk8sA@YEV|!~ zvC`z{Q@6J_r&=D`eEFW@de?N$o?51s-*XbT$OisxHqEnN`XX}D^tNBG|1V8^7j$c; LgMmTfjKUNEoXBm& diff --git a/secrets/gitlab/runners/runner01.age b/secrets/gitlab/runners/runner01.age index 59a5614c6c56fa7b10b14165914d10e98c07e747..60eddc91c081b64600afd01f38c193836cfe7729 100644 GIT binary patch literal 1175 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5tnHcFIgn zOZNA4weZOfax70ZbIJ5~k4Q}q^0Leb4J>mhOY%+jOm!@9apWp8@JaIV*7pnZ^-1&% z%+2x1HTNA8 z%Ox-^*dW5hx6CP|Ks(v8Af?JAB*iBrInUkIz?CaG*xBF3E2-4W!zjO`)UYC`q98ZS zH^;v)CC{iVvM|gwv9dU;ydvDcFdf~t6i0)ypmc@I)Ih)TtnB3Es7%kCfIN54z%-W- z3y)ND|LpXTVo!H(&yXO0qZAVtqjau9)8ar^w|s5$h>CI_{Yr~WGc(gdv&@PpLv8(} zNXvkzO5}^a^9w42s>0mTq9WY_qsq+E$_k>&LOn_{%sj#z zgTtNN%zV*pE3`=UN>5jCb@nuO4%W`d4omgacS&~3Hp>pM@F)(=&ML~P3<@;%_4hII z$;(Xi3@zp=_6!a&@J=uCadA%xa?y|QbIUXd^UButb571JGd6Isj0#Wm%k_JTIm$FL*;L=8$jcx-tR&N-Aj37JJS3E> zO1~n+tlTrbEL=amQrp5&+a(~oGO;i%FG)YG)Gxij(ZoEYGPyJ}x6A`lYO8p=w{oG_O3lFE9kce~- z|Hz1x5@%l@r;x-fr{K^i$GiZuDu452lid82#K;^AGfxb^IT!kexCbg^==8C;0>xx+a?j7dr+81_q-0tu(62$v9mhAUi81S358?%_zhmBc~+G z(b6ro(85XIz$-nm*dV7QTszg(qAI{YC@`HX)Xz87%_}X?(JZPYGPkgx&@wE`)Fje7 zD97E*z{o2#v)nf`)3V&HG~bm=S65dd#XmCNNk7A|D#XJmC?~z3EX~QsHM7LsH77Bu ztSYSB-=!ch$+gVI$UmDax6o5))#k5_pA275TPL_mRN?4XSG|+7m}lk$Pq$EKke=W$ z^VzJ8v)p^mwC$HT6<@IVSi94Pc}<7^9PV7&QQJOm%JB^gs>13YtJZElobr-k#q(WD m3^TVjRCS8nXk?0!D1UgJnJYTKY;xoI$zf?tE2p+?-VOlz2#cct delta 976 zcmbQvxsqdoPJKjVWq?;@WM)Q`ae=;Twpp6DYgwXSsEJcB)ZS7Kv3Q*&*SH`7R}{CBYVDslMfj;hEl*76G|==9TGAuCCh71{PfUP63G} zQJIBh+O8Rvm1P;_>4Dz)xsGXp2IW462KjD*X|66I+8Nn-DZZ2A8O6g=vO*J9eM}2eQ%amt3-VHZ47^fY zs~js$^0dnf67!4-{VNK6gPr{IgDVZR!zQ0$l&DWGF>^P_Pj)giFwICc$TLhbbSW^% z&yMuYDtGqC)-O#nP6^8m(ofCLaOA42Dh&+@EDkL`M{`l`gV5dFyfBI6|2 ztQ>O#H~mCsXY-)KNY_BF^1J~3vdB!2+@hS^JTK!2AJf2;LJLdZEZ4LY?=+v3Ec0M} z?+~{XOJ@x0(lQebQv($Wj7kd%ozkO9%yTV`y>l{4jmsj#3!TG#JpJ7>(mYKoE$WN) z9drFWlMJ%CTmsF@+>4Dv15I4Z^Na%$lL`w`volK*0}}&0-78A`{4KRJj0!A_EW^vu zedk>0AL1UUkWn6*9p&hj5fJEOl35Yy9uSaPROucW>Yb93>X_u>YMc{T=H-`Co)MPM z<&mCIU|8i;?-E&&SQt?dlvEL%RUGPH>RC}y?iN*9?&|9tS)gy`n&+4i$fc{Rs}LS( z78O*ST;UyB8BtXkQW)&vmsR3Z*uVhT>gP zeofk+jgwAlZMIqR@OkvQ%>5fpR7I_N)A^>qd-KZdz!XomG^cQpU4I`HT@ZIW@p<>n zMP-J66nL_2Hh;)jBAVCc#vD9NE&9{(XLEzI`;Levoy>Zs>6fs0B5y|fk(0OLvtPvT M`ZA64imH4%0FA*@od5s; diff --git a/secrets/gitlab/runners/runner02.age b/secrets/gitlab/runners/runner02.age index 4df759a7c80bd0cccd87c9bcee8a133f8a88f794..50405a419dadb2f1b9f589bb16c1a2bdefaeeb0a 100644 GIT binary patch literal 1175 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5tnLFLp9Y z^a?lhH8#|D@h;~&PKP*B%mrPKV6|Lx6(YkqRh z(4;W0Ksz$i$o(g?OZoA&m?cp#AE~Qz#OM! z*RT**gW$wSuMo@JNS_RSx1vgROS6(plgc7eobtI+g0x*yOdTt|Gs2QxlB4vq^*!?(!z{uxEHaWU!+cUh)5|Lg zavdGZD_zlTE3`=UN>5iP^h!>1t&GaC%#SQLF-kTL42m%E3@QkBEh_O(^2~EBjdUuh z3JHxgG>YWPDD$(-&MO)IW+%F%WXii-5|$|{a>^)E-a z%{#2fqNrRUKO?dCfU&x&NOf<&*tKtIpi zL^nULY=7gjyqqvI%K{U>%)+32XGaqQUyqcmjI7i!&rnZv+nfviL)-%uj7s#&!z)tU zT_asA_5Fh@(hZEu3r&)9@?A~RN=nU>jSCDCJ;M!h(!=A@vt-w%kuFu4RSLra&dPLGA@WLFAU1(($5TcO3p3uHqJLP2zIIRHV(}fFe*0miVR8j@(FNvE6(>XayJQxaXf?y$nB^M9wccxM+d>@ATr1b1|ph-2Sbx zqUa8LQPm&rhl^%%h45Uv79sp$w@Ao?hO>Odyvf|p|Ez5?y63jTZe;+M@u3xBOAfy{ m{!(k9YvCNsFHV delta 978 zcmbQvxsqdoPQ9UintxJBL}5m#S+;X_l~0bJzQ0qFVM=9iVTxNxmV173K)6qeXJ|y0 zE0=a=zHf+SnNewWaducvS$bNseuPg@Ns(K&OF@{Mp=Dx@L6}itMR`$nB$uw8LUD11 zZfc5=si~o*f=NJCRDQaGk3ogAzOzAYsfU+AxM#9ovYVN+nMZ25Nko!yWNDOkWMGk3 zWtfLckw=IlmziNzRYbaTMV^nbQAn|YQJ$%1RjOB%X?kLDV48PeK!jzAX_0n$N}_4< z#E;_P8Ga=`MZuZAQ6ZM0+Qn5x?&*cb`WeZg?iCRpP6k1R=A}Mv&fekqM&Yhp$r)x| z$%d%~q5k?tZdE0z*_npsdFCPRW`X5dZoWn3xk<^vCS}Ebg~sKR;~B-nP0QTU%=`__ z{e3+hlgm;f@~d3E&8nO{z4Wu)3i2yc{5O3qA9^>)t4@JugE(l5+QHw!Yd$ni2x*Ei2f z40AO~E_cbut8h#TvGg=Rj{)znB8#GOg{1tjLYEAm$jUS`pR6!npX~bF0`HLI@}M*? z?aUP85a_!1JpGcAa{{^2jFN*xQ_QncyvowejH4B}XYW3S03Kv{ITGsB<)^~FXKR0vU2I);*4@K5rvt-qpWU}P#6y;@G%-x=~ OO!C_?GsLLtsWt%bT~TrX diff --git a/secrets/gitlab/secrets_db.age b/secrets/gitlab/secrets_db.age index 3043014..f5f2ba7 100644 --- a/secrets/gitlab/secrets_db.age +++ b/secrets/gitlab/secrets_db.age @@ -1,20 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA AbGjaacp7Tp3DYhUzCOUzzNlUGXYDTU9vEv1DJpzqww -grRQCuht2PKdwsdbABRIO/QLX2HikbnnPDYDfRNeeOY --> ssh-ed25519 4PzZog loCPiNwbEIOtBgQnBRSuiCuizZdrh/l4lbdvv1/SYCQ -WMu8NXj0LYaWS0qxcuBsG/GdH/E8C8OmbYb2mYuRkrc --> ssh-ed25519 dA0vRg 4UnugzCjQxs4Xqii2PWA7prXrjS4wP3wJQtUbrQi4QU -HqjVoiYSZ70DdNRui4yZjR5oGiCyR6Rly+CoM0MEbxI --> ssh-ed25519 5Nd93w +PwbmFGDmpdwKvuHWLQOJExFZm2P8pl15RpRqeM17Vk -HvDt20lZsSpyZ8z2BShXHlAOzIM+15UpMonz3sqSwR8 --> ssh-ed25519 q8eJgg SYtYX+5Q35sygmo6PdlUzG04g2bGnSyVGgnYPkJKoCI -nrZN3mp0jxSQfblj0pDE/7/pO2jAg0byTm4HQOQzQBU --> ssh-ed25519 KVr8rw CzJ3Fn25Lq8zZOAHKKbLsiHhTHlAMDNHv3yLa7gaqSk -O1gss3s7y0VfE6ZS2GkdskeCfLJNytTNfFWz/bzEebY --> ssh-ed25519 fia1eQ WWju+k3tswiyQfc7XR/txDAIaIjX7Xfnv2IcbKH/s2k -mAxPhLCJjwX68AwGSkJxMSF5PkGPQDSCkBMoCi1Ozf0 --> ssh-ed25519 uZzB3g EbWWbRWM+8jrtg/ZX8AC8VKMOtf3ch0QrBn5QCia6TQ -8/TISW7rN55/vfkBH9HKx7GKaWAMIEVz6xmtCh5fjfw ---- +L6TvqJA1YZEmK9PDIzh2r5wtzB1BI+qz+i9JotMejk - }sIc>}5bTТrN1,4ONRzf=اNx7һ[)G gw!sN>#ggGҩ\kت2g#@ao47wx6mfCQ2H ->maH/uv \ No newline at end of file +-> ssh-ed25519 V1pwNA 51Y21teSJryE0zPWFftIdmaw+ajp7Fom8Xoc5EnZWBs +iDvtT3UwjuPf8MRwxnxKGbfGPg7y24JQWcm/WjOP3qQ +-> ssh-ed25519 4PzZog qZgoJXZsAfqAXKnIsktzB5nl00eErrn0hjevF9pcu1U +xUYDshqLKabFlmW4QRo+OewDFHFFuvLONaJnx5jbBQM +-> ssh-ed25519 dA0vRg sWKzaacPSC6AnLXWKPBT5etAHGqtzzse6UVsIIC/6yw +l1TZMSwnz6e6w6UZgPEOzG29DMCF9InQ5dK1H9XuPAA +-> ssh-ed25519 5Nd93w EgPejsyAUBLjgPwQmSH6KVjgNrFA7Y2UiKuAUjjqpxM +mUypoPJQJx49NDQ9esdzAi0KbfwcjQXGXa7IPB9T/SA +-> ssh-ed25519 q8eJgg EZgoUSh7Cjs4/VeGw8N7dEGaFcqA6FbdKfdTirlQfBM +wL5BVBG4lVJuj/3wkBy7Y/PMXDU9SvKSNmh7KVw1rHk +-> ssh-ed25519 KVr8rw E9d6+qCeB8S4ZWOzbXfNRgrYfKy2qfYj6ZT9cMfFAWk +GtNuM3DBYy5TyFZ3aw97BjRiIrSBkZ/g5p3QRMNhP/c +-> ssh-ed25519 fia1eQ Z1QtqqvvSEGVbJJSxU+8MizwWlDtoiT/V66Hoxw3Mjg +dKBCDtW+PfFKRkvAHh6oNNp1rHvfBXtpgIvOlxFs3Zk +-> ssh-ed25519 uZzB3g XqKGXqaeUiGOnvASUbdcB5BDTCRNrN7uqUO545F9zxs +Whs8NFVFoUZ7wY5FKKd3kplc8bVIudvxUUyZ0AzeXeM +--- S9gM1mjnuKGKAmZazNYfjNUAoQfqMmOUYCTxAvj1W8M +ޛXMV)=3xݶ?,yn!#'—wýhJFh#k p=9_X8(lN 5@֎nQۀ +SLOLuo <Hdo+1)i>c \ No newline at end of file diff --git a/secrets/gitlab/secrets_jws.age b/secrets/gitlab/secrets_jws.age index 25926fdc3eae492e990abedc4491e15fd9276b93..c7747b10eb0eb849495212013da2a3e0cb5ac77d 100644 GIT binary patch delta 2586 zcmaDN@wwq6gQ%Jd6m7}w}OQeajv3HPT zrju`ucZ6{TB_-KuNmZqOK|#*$CH_I#t{#DwiBYL}iJ6A}!P-@h87}D_hJmhJp%s=U zMvmIX$!Sj7CVsg&6&8U}sUF!zVaD1fC28pa7U7O5$)Uaxx#7u^;~B-nUG8%1GL7>mpJf!UuP6#E_e%6Pj`S~zG|h^1@p3gU z@GJ{Sb5C*datTgK5BBlQwe&9VGztpksx&Go3iB=Vc8e@A@^_6a4oxcyDXt1kGjk3t zc6BW^DJ@A)$#4ltjr8ri%fMl zEJpWTX;hVyak_%5MVfD>e`th3p;vfOu5W&ppIeHVrAK9OqMwO*gn>c1S-!q!cDjCU zXgQa;OJYQNiBo-*rH4;&XtASrSyE)Ug-fKDyP2a|dPTaSZ@RW|dSscSc33i(uCA_v zd2&HPMs`R}P(+Y z$(fx^{uM{cQD%`Jdk@Y~o+{=gVwh3eqvDk@`Kt6m=F=0;g#=czshizDn8BrHcuT-j z$98e^C%L*6e?*rg9gMH%vAoLXwD-x5?>vUn{Oz|DGR%=&DD&{3w`R(t^SkoW^KTa_ z{aO@(uy^O( zDcxzM(gok=-OXy^{AiuEw`3aI50>viqCcu`J-8>Ko>gpHbt*M><6$oQyY+W;i)NYM zoUzhJli_Ip%eq(3Zd%AEv(zbkDLpY+#Y{9;_`E;pHvH4=n*^Z9LB~<(lnrRrfbq7wZ`3zh*mgP`aG? zuI!1v3vv3JL_79zhea7~R!tH3Y_Z;^-f>aJy!P5lu1D`hUuKtX^RnG4Xwa_JaM$hK z@>yb4r~cj$nr6r0-EXdZVB+VR7_HXZtC|crE}DoSmwwOIL)&JUGqnfF=&9Tcn!MuNq3P#e|2W%R z_20k#)DQQXvF@PWO4GR>q5YsmrrAzn$PWEn7FnM7jRdT5X+d-RDf7@?ICu`~Tj1 z*P{o&TK7&my2yY3yA}(3E93Wb6JO{mbnj%%f7xugFgCGF#JcuVqqv&<&6Juwdp5mD z-mxO4_WH{7RiTloFV4CjN$Ed4`RkdJ^Ui0M=T2yTC@#zY=Jw8eR{WXMI>WM?mMz=+ z<4c^I%92SdMN?0#@vlF9xN6CZT@O4rwHj>N={V(y^q$D@Fg`&So%6e2Ce)tp^bJz5|TvdU+;(@1Wj$8lf`)nx>I@ZGe;+LgT?!{ATm+Md7G<

zQr}4TNNT(Lv=b|5gk7^=C2?SrUlPad?|C}B-?beUS>2t$ou%Hl)%CWr(fo-06;5WG z$`7kdNse^UEKqlC7nrkd(ajD;Y2Jf1Z)#`HnfaFEP^VIdxr}k2!=`{L%gHkeOOx+; z_`4^rX%-c1RsH7QKP`2Yr+fKo^R=Aye`jtf<9}*jEk4DuVRuA}&NUmJtVsuJ8aijs z-^89NzJ8y<3Il#A%~Nv6Ja7I#@*!@;_Cp`1GM_oUx*=HW*G!(tlh&l|c=V*nIpy8< z3qSI!J~TM2n(M$&eeK?v*GGh_rRBE%Xsr_Z&Q)moc*m*-7nnNctO#E1v&+cjdgFfg zs?W>ouWVkoOQW3s#=W!6&scsQR5R3a&sKZ?rH&@ z8uwNgvNFqA$V?5{!?}FUgRox@#AB}6TJ@}bwetJ(zM}g)*SxcreF}B4@xLCPsjRNE zS4_y4hjIHxpXgSdIMx!ag^I}$H~*M+ecHe{FFIM8eOLX%;Gfm%-e>K%aYjmY+3C)3 ze$XFaH}~hG&o&2mnFU2HKNUAxB{=2I-Z)39O7U65llL|k&Q7RneW>8^XVZ_Lu5}tR zAHsD?_V{d>ta$zMHJL{jawT8yK6rQX{m0C+xBckVFaEjZUQW>3MVp@~?TkG!ZwBw0 z6-!Gm=XEe#{{Oexdw%^MVVh0rl6=j6(*!wI{n)qd@xHMA72mc?Z(rgOq^DkjEe_x^P^<HSwSFaRx2iThe6F6$D?>VQ zvT9U}ZOw}hzn<7Roi+OK-ev1c7ma6YJ}hza?c|@X%gBy`Hbqh*=C7%rY+4Fll2T$rjo&#Np87oP(WFPk#kUL zv9n8QeprPsSBayeTa=MUKwwE$xG{d!Rf!?qeo0Q@k^ZLUDUlYF;~B-noeRx9lM2(r zjEl0vL$Z7l^|QmxUHp=h9K&-XGQ7)O3QE$wJ@bNnOmlp>0`iS4vqDmQ!ZX6XD@uY4 z5{*)mGF?sm{DOk?LqgL6JzPx+!+i~twUd%3pJf!UFLnt?ceG5)HOt7+&kQsU$}0_U z3k(kkc8<^vDhcxoPcI9|3<@>~2+b(wN_F?m2=UHHG|MzFEy(gJbq=WXE(pudO*YPr zum~}+OvwpNH!CqWO*8UDj{)znB8#GOg<}1zvP%C*i%egWOqZYvi->x&(qhNZQm62; z;;_hy!j$YJSErQxd{f7~axN49ATJ-23TOA65c5cn3bXu(l!%-HAHVX#)bvy*50lbh z^WqfGK);Mk3v}z!G7}9`0~O5Na&t1Ay}a`aT|B+Avh$5xLM^<)la0%Y3@R$plFK5J z>vK!1iZV>ItBSc?stgk=aw1Lgi?VYHg0hp-qe`8_(sRAb(o=m6LtF|2{4FyJ4ZPD0 z3q#SZD~+mhGEP^BNKY-RGB5~A^NGp|am^|&2#vHf@prZKOL8*u4)IT`Dk^p|)lbbx z54PY+G4>62Pjsoz@elMX)%VxdFN)H3t_bjU&JVHls0fY73(L3g3-f z$j>Uscg`(z%F-^k$O^Tr3iLHBtMD-h&#Ka{N--+R3yZ4Cs&tApP0aG;l03fC%l*42 z|4)`J|1>#XzYKO^w@Nwtba~tvlMP|6g;HC*ORwEHwJao~w|=Qh=N-AonUktY1hjt^ zPH=mp9F*9uU^sKx42#r@W(+nh`V1S6X60pE{nW^JY`^L|{w+P<7j+1q=({k@(^@v4 z>-^W(e?t$N_R0KLnG*TlXcOzU+c%93Cr`>g&NTOn_7ag(`$BB4bZwb8<;-n$*zh);n>rU6Zb_F6ozF*iTJOPZrS@)dgc-- z&f2{@R?So9dK2Q&us#lh^E1&+pnbYih+0xz_8- z@kfs5xQ2bJKeA|fxa;pp%UL&<&%d%OXX~nphf`-?ah1>i*XGH8@WzJNI$8Fj`g0bx z2cksTMH3ultO^7^g=~4W#P!;-l!a`%GJgw>FrRGC-aT{S?Ky4B_iJ9i?v)uR^lr*e zqkO(c66H50JaxRVROgQ7>XUEcbJ6AiN-zp zv31_W=O3m|F{nD=Vll&Q=gfIhE@Hld-~1=lOG{Zr2!8JAh;IFO*`~APYM8}NpZ3GT z!n;%$5AAv?b&)Soxns`4M;SFtMV-5UD1PJWkMxOVk>|90sek9{O1{*WwsOaQUw)q9 zZa2r;=56=`J_$pgle?MpH{6p*K3~s0`S-o`eRnGopKs6qBjSFHX|4!|;u`loGnm}} zdusPQuB~U}Tyrtv8u2WmsULBtCa;NC#Gji`X-rmRL6X9OLIeBr1+S1E+_U*a5 z!t~+{_Tr@8`1gx~lMj^^Kees=afZvjX0p21_KvAq`Y#@z*gKCUF1dWtbAI7CMxj~S z#!dhJUpN`k)F!yuBxTcaMP9uXt;Moezg3>&p0it7zU+<=_mhs>H8skY9I6BC#aakOwV6r z{q9;(~Y-f zmgos(+?@M$lfrEyvA9om_ceDssVZ%mT6}{$q1kTM+2Dw!d#@i{U2n_8@adMAnZI@{ z-?O7_GgEp${CEU3lBTj&-L!MmYec$_L~{I*I2H3AM2hlVY7*wsWcfZ_efULAR~zTEq{3{1|Zm$A*VfcInl18NNFn zJH;@bfnVipo|)=~SI?FoAW-+emBD> z_sBP;9=jN8&aZ9cx#R9*_t}22+g7IPV)d8@-#JC?UY)zp!CTFk)Y^7q&g8z=#?8DO zliQz5yg3zQ{#QUtd>ZFF?mK#B({_1HTO_QLzvRB4Q`yu+jO&5>{%YhgVWdWv6xov u{dnU3{j0{MA?n7vop#ynxjt*B@Rd)3Z)SHkYoQLUD11 zZfc5=si~o*f=NJCRDQaGv$j#Hm%pQM*bd{bRQtCBJ@N<%HPLW+XjgVS9if{h}%B2to!^veq(a}u3>ef>+4 z^F5P_(!-OqOTAq6Q*zzXd@TGT&9jpN%!)iGpJf!U56pK8%y)7MudoPCH#RWx_R1{C z%rFd!@^#L24s$UJ%Z-Zg@T&@sDs~U$@-hi3EDAHt%JeS|&PXcE2=j@E3QjEb@yhk9 zC^XG6@%A<{4=_x0OwI^Ij{)znB8#GOg=|Y>FBARrAXDSq0<(a;sF3>5uz&#n>|+0{ z@UT>iKyT-wFrR?*)I>*vVyJ=HwZmQYE%E|9 z>O<2DJj=DU4MVvc&61Ns3XAjHsw$%ND_qTror<(`lZ~THGE0&TJ%XG|jNQvUL#i@D z4NTCjD~+mhGEP^Bh{%odkJ2_O3ikI&b14qi_bB!a@+vR0%<`!!FHA}<&d$p=%P?|v zb+X_x%5t*MuF9@2Pfu~n3(G0Ub;)(A3^zB@*AMp%DoZNJGRrhJOpVH|G_f$?($&>f z2=UIUuqdl?^sfkxC^5B2&doIm%ryxyOA0dZ40rSP@htMsDX)wSHgR#}I#sZs?@i?a z<%Kgvca$(ZZ{EXZBM_e+Uvc@zyjQM2FCTh;rC0X&_qjXvT9)mY|H16TwYaBJbMH81 z^J=T@3(0q$E08#I?gP~#Z9!E(xi^om{gZBQOnUt)(}&&jz~-3^S6qC;zx%t(zWUW` zT`yHKQ=0wGnoW01XRJTan)mF4#ows~ia*1uBxZh=tax@KaLUCH{qA2=FR9EfZ7-k2 L%HD9;c3vO=hPGzJZ~ML6~K@shdYyQc+n+m|0pzvUY%lWs!4* zS4p^eXm&;G9vT* zvI=~1^IR&-oP4tbTtkyR0-bz9Oap^Gvb6p3%fdX%%gSB3f{QK96DzZ_{ft9Qy^90A zlk=lWGW8REoZTV=!h>?$d@BnKbApmAJPOk%pJf!U*S5$sHOmVOt8h*-@%Bq`FZL=n zF*o%uC^5IpO*Tsoh%!(2H_ndmurQ3|@-@=-$c=I=&a2Au^NT1+(@!@o@hgkS4=f1v zO7tspcT6b^De~}1a;{27j{)znB8#GOh2n^)V4uXw@+yDl2&d5ST+jOQNJmfO@UprK-@(Qz} z>O*|OeKI|&98I`V+`TfLyt4Cr+f zNHqy7aPiE@H1bZ*H4n)*sR|7Z&Z>0xa57EK&ouKk(RR@fN=r=*F>!R{@;Sq6!+BSK zU4!W>(O`~qQ_ni3-1_>)$b6^CU6)&$zZt^sBt9-Sc5llb zdES2EX|_tg<`{7P-zMAi;hFKZXlaF{@YkY;g#P?JG(Yx7-R;%)SN{4nKkD@TtG9UX L&RKp=%WMY#kydSU diff --git a/secrets/gitlab/secrets_secret.age b/secrets/gitlab/secrets_secret.age index 60b9321c64a1de3d3664693e0b0a2c0ab2c452a8..621e1b82cae3a34d69fcfcd630e39b316b792288 100644 GIT binary patch delta 1022 zcmcb{agAewPJK$Te~FVU`g_oI8s#A85TbQF!m~oY*YiVvopru<_ zF;_@_YCxK4Qc;nao3>-ViHlo+cSVSEq+xbcxoJqSXF*bFSx8x7L8-Y#B$uw8LUD11 zZfc5=si~o*f=NJCRDQaGaZq-#MTuj$L4aj=qJO4|i)(sHQbDdoXhD{7Qecitc2bn1 zm${3%V_s+|mxoVAuxpNGxQnY>rjNI4Rb^g*vwn7Ev2%)lMo?ZvV6MJPMPg;Tce&rh z4-(;(>Hbb0#ZIm{*`|432F}i5p4u)Ej&30tg(hjvNhKzs9{y3LX?dx6+1XsCC0CeaxG0QJj}JjTtYoP!%Gr_ilh9CogK@{(*wdnf<3vaB8<|b0`xaEJ{NwlL|d6 z0@1B2jjD1oPFE<4Do8Ig@kmKA(GRb5GD&kuwFq*{b9Ky)3JP=c){b-zb4)b~jVSUm zO6MvJw(t!OGpmi%fA3)i0?uDbMH9)zwwV z_A4_?4RX#3C{GOWv&al^3CXAo4Jf1=IFDR2JWF6ndeB(<8g%eBPJe>aHQjBj0GaSgq4>7Uc+yUtf7V z=v(rp3I2by)+$V%%63wu@+&LX-kNlu23F2)=T&@UKhPJ1LCzr0BLUD11 zZfc5=si~o*f=NJCRDQZbsbjujfTg)XxJinUzI%3nwyQ}yB9v<0|W<}<%+U7;(A>nSumf8WS9{E8fc_v)0ksgJ4 zPG$b#r4jjVS^3$1!7e44X3lx}QKeO7W+g#^xw%C?S*51NUgeYH8O6i%yebWYLftA8 zT@#bFLrmQCjr0S}w2i_ugA=RD({o%yiqdielQNz1jZC=G!jn>q4Lwc0%qnwDoxS}- z@`{}@11d5MT}++RQmV`=!pi*JJ;HN6GeakzWfZT^EOpHF4h=T6$S93+DRIy8uSm+) z_jj)>Ff1-hcQrQ%Ez1qb4@kB!a7pH>vMe@t3e@%qbMnr}@HMndHMFQI%BW0<(yl0V zPc{n)(k?LdH8&`542VRJ0PnCOi=uLcP@k&gq^NKM*8+>Aw8#Jx_j=FV%y6Gl%Ro=3 zaP7n>kAmd%)a;^&G?&~^F2m%Aij*op|MW1w40qq`?G5m zWXsZ&e9sb$_)g1AG)xUt2r#eG_6R66&o#@5s&EN2;fks#bd1z@cMXUPwa5tY^oc0(Obre6b#+cNFikEsPRdHn^(ZLHFvzhi zNB3Q6RF#u)x`K9DN~Kv=dPJG8sd1jAw@*Q0L}sx?u}`*{S*U+iWR7--f4NJ9r@4Dz zHdkIrv39;mczt%JmuZ!`fuT>fWl(08rD2Mze^yjwWJY07s(xfdaZz}=e<+u(uC9Vl zrlF;KUa+NpzIUiwW=^74xl5W!iKnG;hFfJ)RAE|SPFjJxdrDS$h6R`YvOn{qC0+_% zV=!NxI)BE~*FRHD54Gp^*(ztd1zX5CPkQIeaC60~&y$qOt{r#V{q0Cdipjy*Ut$6! z7TkZ<_VU}ja}{YPt3LWMw^b@`n9aTMY-_8N;4PnkhYcY`a|~zhu4=FI4*CBf^5l}F z-J8q3CfLq3*pi$zoAtbkO61p;PoK?rKNW60l#}>-7OTRW?VETR4+u=@UR?f@>)@Zx K?2Rn@{{R3XFlzGv diff --git a/secrets/grafana/pw.age b/secrets/grafana/pw.age index ace35e4..44dbbc7 100644 --- a/secrets/grafana/pw.age +++ b/secrets/grafana/pw.age @@ -1,19 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA CGCG7vFUJ9hUdJWRax68aDpHZEREFnrjo3expN7oUTM -/eCKERrmnmceosD45BENTxtoyLmjGmGVvxkGWAtCRyI --> ssh-ed25519 4PzZog DSUIoivSmbzN0AvKIPXhtjTBft9D9AaRioe6biuh6XQ -XlV7xKGi2BY+sCgJCEiSB9AlpXFoQnbeIxKxNhPRetY --> ssh-ed25519 dA0vRg sYBG5Ld7lMw+cm5zUgVR9Bi8YVwDrRglII36Tj8Jfl8 -cQMY6UyMrRtfoU6mn0pg47Vf4DB2KcjwiRHEmvU/Rmg --> ssh-ed25519 5Nd93w H3k1nFMs8wkqsVKzGp3n4CE7MuyxJWRZ+xgSgDbnuzw -2fff1rsfvE5NikWjF9gkvHuthgLKLOey3PebYG26yNs --> ssh-ed25519 q8eJgg UR21V4UAJ7/ALE7IcfMVYO3mD2jbanhBu1fj1iEjpBI -8Yl7/sLlQmCvGJvKZt1B4lJMSnPt6gHi/k1u6Gm2sII --> ssh-ed25519 KVr8rw ur14/Gp1Z9ODFFVaUf50i4+ELKy9RHmsXjbaj5h9IGI -FTZn1ZuBixaehBW3hnVjfXrt2m8co1KSp5aUTA+TRdg --> ssh-ed25519 fia1eQ 5bmpon54otL6GnIhyYT7CbLuCR8vk0td3kPBGxsSWCU -PSngrN6yQODB/Vmu8ka3vvDv5DkShktyOWrhzC9K1LQ --> ssh-ed25519 rmrvjw J6YtkhTuDaUtc8LUp/zfvQD3LST00arsbe37bZw4nAY -r3TDmtyB0Cc7Mx8EXb1yytvpF3+4//6cy4jkK+cWTls ---- mSjAJK/sd2Qj4Ffuee/T5LTADcNLVTCcKL/4VlqZvd0 -RU$iUXsf_o/&c&{*ي/h\L[%=,Qq \ No newline at end of file +-> ssh-ed25519 V1pwNA wg5YKE7/sMO2/uHVH21A5Ezp5jTGyWICQE0hjgdOPFI +0BdMLvNfdkdawh6+binpY5cP3+SUih9GqXqGRjIMuPU +-> ssh-ed25519 4PzZog ig5HQ0wsF9mdSplrAA+k47YEnLKXxsq0mbLSBcuhLz8 +j7lejLu7Nm7rscsILqxJ7c2CTV52a8auuzRfuyT8tyc +-> ssh-ed25519 dA0vRg A3FTxSbl06XeRXwqtSEdp8zrbNRrYEhIzxggBa87yFw +MDLSG1m3Ss7mRB1D18VL1XzEPJqUJTay2BCgRrR2MTk +-> ssh-ed25519 5Nd93w 7FA1lC5wmw07jEoTAJteqj25VU9LgpS4aS+UDhfJ3Us +ss6DD0KevDM1MWr9ZtUi/ZwvRi6KxAHUvQoQlhDvhso +-> ssh-ed25519 q8eJgg tynydC/TKwdRGYYFhkOUeBSQhbReny5WqFiksVBfhik +uuvgLJZGfeCIudTGb/E91YUWtMuX4Q4+dP/ixM5ppr0 +-> ssh-ed25519 KVr8rw 0PrEzDMMr5NRKLPwh5FUdsK+IgmmOaR+vsjkRlaPaW0 +12tS3tR3BAEBTVQunX//RAXefZ+b422Q2uaDViMPcmw +-> ssh-ed25519 fia1eQ Phy3mMJqUjc+np7zDI0UVeHEMF9aDJGBKQGeNDWWcC8 +/B5W/0j5Ziq/ToQKswSHyLaVw7cl5DyQ0PhhQK8MnkI +-> ssh-ed25519 IpLDOw g8f5bCJc2CSqqNi5ZbzykknpsWFEffdEjT+ZxHkUZ3g +sSfMc85BkNYiDO7JKm3yzK+dA94qry15c/GyZx4sTLE +--- iE3MElTwsLIYXZDjxLu2iz9LU/NieS1hbcuFfMn1erk +?Q1uLL*;)!Ek.qLچ hF<Tcu=;9V=5n^EETcexndGIPSm>RRXIi4~Vj584?wOVx=#k@|0{y=>ExCgP?YJO;_DpY?B!S#7#{3n7Lr!zT;W=2;Z{&$nq`zf z@uPTnV!D5TWmb`QT0~Mrg+)M_iC=1@UzkyLdS+rlczAAjNQkk1XhlheZ>9y8Ns_Nu zUPP&ZZ(c=CWQwO*QDI1xv6p#CR!XsJREcGPzL7_`X_QNrzoqBoct-JXU;P3P^GYXk zpLG57V8?VvCyShjRR7EzCyNL}lkgnhf*^}v$HFQI+pR5$0@WNcrd_$8WS7U=5zXB(hoZQgKXBoxoL-gIu{0&N-3JT4A%gPKwoyzik zoRTbaG7OE(%Unz>%=JUvTwS%DE7Egn zTyoM9{VGdROLGlE{fe{EW57GC$fBrRA*(ne(m6ZC%|9zDKQq%K)u28#H!m?fG1)C7 zF}xx;(J8g4Ff=*eIV>!sn5!(?H^bB<$s^aqI6pG9EG)>_FuB4YIW)*QJT;0nP9TT<9b1PjV9m9;w!(2+jqx6F+O@iD@&C5)k6Z1m3n2)$S+x=17 z%)V53uZ696QlFgPGq>eRx(st3-49GqJaR|AE#R=E^MY3!6pV^_yXQ@}nB(bZ=oRUb>FH(Y>Q>;JryZE? z%T-w6oLZb4QtD=wSn6q6THt9AW?AGFoEe-}i7+!li4cP+Xj$ zo0?)|YHDbyU=mOjm7lJV8C+JCYN1`??VMlbmXsNh?3QfdW8jx(@ zYG`a~U|Jr@rCnH>T3QiamF?u=6l7j#Sm2T2l$encT$t`1nOoo=Wt3RvtQ~ApYE+Uv z@uPUSuVbKPZkk`7ae29uL55pmn0|P=Szd*&VOe5Yet~1ES7lz1YjRR>nWH0DSeA=n zaHWZ1fNP~;NT6wWvVM?ddWK=TpMHo%rG8SVV~S@6gTW57GC$fBrRK|j|i$09W=Ak@jVJgnFy%&k7TJUlJjFw>yK z)7{j|L*G9@#52v*KgFo9 zRJ+*6!X?Wx65YDA%tXV~K!xlKH;)Lv^nlPnW6S)If)vA?@XF*O-_XoF3(riWg2eLj zdbdc!GS7^l;9@SLhz!r-fT9vV?FfIToRA>>V%Nk(chd-GpPXXPqWs9>0{=wUD(z%n zBMjepRyq0>Ix3W!g_~yQco!DBR~Q*pI(tDcYrh1rG8JlGmhx=GK z=W}^xndBuWXVzEd<>edYT1I)7IHsn%Rhs5zIl2d1m}U8z`xQC+m>c^9`6qMf>gp=w zdiqs`1V&~>IF}k5S~zBURiqcYnI~46_=LJATV{p@n`b0frn&ir1Qv6#j`hW@H=oq4d%f)hLy diff --git a/secrets/ldap/details.age b/secrets/ldap/details.age index 3317f9c781e97deeb182539d180a94b617759a22..1c763b952341230441de35f6d9c59f1c55c9e9e1 100644 GIT binary patch literal 1637 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5sZq%eJrx zNh>lBjwp5s@iR6}^oz{#(XVn(^Nh?Z&8;dZ&T%Tu$t*CgaOLvKD>M%9Hge0&_BAdy z%m^?nNQ=tKt@1T2&#f{m_YZYR(Kd|oFE79yey@-xHKTs+axn5vpmf^*OMzbE6Uj{tgtdK)5$p3z%$j^D9S(B zOh41t(Jk1&D7ehCz$>F9#X~#IsT|$56i0)ypmYUCvjWp7)7)IM)bz5H;INdclnVE% zk_fNN3eU(8law+)m+Yhh9}i#cjBKtv?~1TM@8ZgIV@u;aS1&J*tWx8&3Rfee9OLA2 zXZOsos)C{{ZxfRu-)wZ-O#MgFUlLBD9NrqfDGj5+i)V3$qN;ohm&t@}k_! zvrKdJb21#A42!Egb6vSYLQIoW@=B@_i#5iP%GWlkEJ@F;$g40a^em_<$_%q`$u3PVj&wIluhMtQND20; zbW15M2@d2k3@q|7v4}L$E^#V0&UW&Sa1D3#OHYmn^)U%F2=}PSEUWTJ4++jl4m3fx z%{#2fqNrRU%&Rce#KO-@-?>=Z*V(|t$R#(kFx17>wID+~E7jOD-Lfnqv^c%g*xi>a zD99|r!_+UYswz)kJ2JxCwAj+!OWQ5d%rnE?(A7N9$lSchsLVXCJSPy{wzSMd!_+_p zzX<)bs)EAY{7?(iaFZkx-zxvaw6u~uXV<98M7P9JS8Wr&phVLEM}tr<@6yWj!Z5?a zVpHP)-;^L1Q;Wcoe1Cm|Qn#Qm(_C*C7mJi~Cv5`{_fm{B=~?CITj;2eSR7?gR+%4~ zW9;gbX=!fepQ|0{=9(F75|(9T5LJQrBPK*#_0;h=^p7B-q{6ap`PWX;ejdP z8IdNDuKHmm0TxD4WvTh8Mv;+WF69QUPJvueKJNM@9^pY{+TK}J1_1^x{w0Z(Zss|D z{%#@KS-!bZ$!0~`l@(dxk@@H$>5*iRSrDj@9qH}sk{RY}=#rFLl>>^!AfwzAC*QP+ zLf-=Oih?BLH1|NCLj7VR6Rtpyh_qt;0ACMBulyW~%3%Hc0JoBm5c3@UyyP^C;z$e6 z$ZU_YJywZS6S65ddr6k46KeZ^QG(0)U ztEHHih zJ;CdbfYO2RU2&J#HHwxm6YEQIdNg&1z_DE$-sswYefs3ZHU|;SE1!S=yHWjd<7?A{ zZj$~pO9kuNTxK8p?>1fAHSWZ=+vd_<; zBF$0HMdD%Rln-}W%Rkh~Xx!B+2(CSuIYYAU*o#gc!-hjgRp)%Jb!l9@PP}pZ&z+?~ kuQlRYLfQ@8cbzz5f1^dz--$u{*lLw6)7GkgJO6Jg02%-`p8x;= literal 1637 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5yV>s`M>) zG)ngkakH#Q3QOD;1A%H}GrtSm7rk90SUFstwm zH!CdgFLE}{uQW~x^)w1`_BSyI)Hd_T$SJnWOh>oPB%mrPKV3mP&?hM+Jv_0}*`mm? zA|=G!D90kx*VVt+(=(;qrJ%~)JE^e9Jj&0pGMURI!aY62F~u=4B{aAsJT*Viz&Fgo zz&p#(+04ScAl==-xhTBCs35Z3-51@q6i0)ypmc@O>;RuYUrSRXBbVY7&s4+IsA5ys z#L~2KAAhGpFLx7XmtxoS(1=Wb4_~e-r@)}xz>0{%usq+quuSiaqAYXoyquJ*azFok zmnt7WZ{PCru)J)aEDXPy`lVPJmn)QKrR9WXdFQ8S8-!>V<+^5tRd|QHBzuSZS7v*Z z`MBiyxjC8z6dISi6?5gKmxXwlr-UVzW*1vJ`sP|%)!8knJk&WPpfJaGtH8GQ#_K44Jysjk{ydoybUt-4b1XN+`XJlEmG1#1G)Tt zvRz%>oQs2fG73XHqe{!Xiu0VaL(Fp0%&QDDliefz$}K&OOOkRb4A5;$%S<#(4ODOn zFe)j_cP%b)FE(^^N-YgDNcRcO%5}=i2r5e}DK?HuG7s}NFwRL#cjYoK&n~nK@sDsS zHngw^@=tcFs&We|_p2}u_Hqm;_VLS3PPR-mwWvr+!U##vDo5W!M+NOD{ZQwm?9vR& z!l;0Jb8jQJl2o7Ubm#0M&w%{&;=J@!qp+-OgW|#pM=rmV(5jH&vWmc@LQ8|p9Fyck zL&xNh+`O_}Lw83Lx4;Uc2#??(_mJE`S1z>tRvK01WSp*$7ZF}*oMVy`9*`6k9AZ{c z5}X=n8D&{g8d>RHP?(!!5aFX8>7AYD?h?pV>ZP6T>YZg8njYyC5K*30pzT#$Y2p!* zXIP*e?o*KC5mc3Ks-ITnlV*W#n@5sCWXkcJsUbcBrdS)?KURJ2Tk)^v|L}s#2epo?KqHj=XX+>UCZl0NOsfl-1 zP_k2IVpN%nzad5{freycnxlDDh^wP%N>xOXrL$vIx{HyMWs+sENxq?hMTKXgdtR}2 zUU7DbOEFhOdAPGjMNUaUL|SlJkeQKtqM3zRc!{H_i+6rlZf1_ZuXbKZZf=lgNjbXT zptgl)wKXLC80WQAEc z`Bg-kmU}0bzQM@Hq8g{6A=2I{+4MCR<2LyTNl!R-C zxfHpTo0bRZhdP(}1?T!#lopp{JC&OTdT8rs2fFHqgmQTneyL6HIPyfsQf|^^@g@Zo zq3rK*o|QAs9VwPg$yuHd`0UTlX8sGB^4&{rH`;zO4PJXXDfdDb@QiHMicH@%B3 z_ws)@?I^zYW&JbG&hx7AwGXce0fvH@FU(`=1*W5S%&5Z!Y=RT7*G6jB>c&MKC mY2BQ_pmgS0hjSmq)QC8o`TsQFKx7z)UwxZ}_tUr9%!dJB`#YKd diff --git a/secrets/ldap/pw.age b/secrets/ldap/pw.age index e5deda4..057cdcb 100644 --- a/secrets/ldap/pw.age +++ b/secrets/ldap/pw.age @@ -1,26 +1,27 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA gbttBwmYtq67vkhosksaN3pMFRD+yIZ9c3jkUqLjzwc -sKzCx+fRVT08lE9SROuhsKk4umCokWSafCQtK6NzX3s --> ssh-ed25519 4PzZog 1n6kEJ2pIjIt1u6DUG2P0PL8s8k2316YnPR4cGLgW0I -EFE4bJ9AkJFAITUIMUSVaFszK01rpffnzg2HXLSskFU --> ssh-ed25519 dA0vRg g9Xtgji4q1bjaGGiTqvBW9f/N9D2qZQimo9Wz8aNb10 -zj/0VlNRk3jX054Nu9hZGP+Vpx6YsBtxUTdjOOUyzUc --> ssh-ed25519 5Nd93w xwTEItzkfxNRvwPcncZGqUGeOpY3eSJSYP7vkhWjlmg -sTTlm+WdWTTKfr+KTUVa5nLJAHv8UcsWJDXAuFqFZOY --> ssh-ed25519 q8eJgg Jj02qd+MlAOSGLWEsaosZtfo3f0zZyzdT0czSauQr3I -aKHrwFMt4KvICBXm4fdt57ZaaGkilv1Eau7Y6TPB3ls --> ssh-ed25519 KVr8rw DKp/IrXZ3Cqh7b7coO22iDR/InZ5xY8iLcm1KFgUCSI -YUQJ05y952NIoUeChUDcuvO9ku6S7qoBafRwSmCzLUk --> ssh-ed25519 fia1eQ w1p/K436VeeWLjTtxZAGeOl0oZWeE88C2OfAg4Vc6Vg -eLcoL3kV2fhtZREEmgIEiX6ci05tU4PypX+WrRaoC4w --> ssh-ed25519 IzAMqA ItqYQQFlBcabTg8ydW0EEq9ZO7SamcZUGCtZUCAtSmo -RvtyYRdWEmMhU6uA8WSFhuzow8CsXWZmyJR9m+CDo/g --> ssh-ed25519 uZzB3g gG0Ku+k9Ct8D7ZuHPsD9IZO0+O36jKps6QDYEyhYSy0 -4npr5UCPapsWmyANaX08JVVCmU3mpgD93kGWvEFP4F4 --> ssh-ed25519 Hb0ipQ jO43lRL6JA0dLRfei2uR4xo7b+hKItvQmYEjauLEvkU -3RuQqq+Z6V0qASF1EhtiDhn5MZ65sdmJ8hzebRmAlK8 --> ssh-ed25519 IzAMqA 8q3O2zg4eX41Gbh8PSVTxy6ukc28PVvoIROkbKcJqV4 -bnS9VskRrWKZR0KDsh8elU4vhBXuZKV+7sj4Mx8QuXw ---- 3yQiKJMfU9JyNxvcZLea+2FlHsoGWpaAeKQvMLE87uQ -ӪvK #\Q';—Wy:%8]^|>JMF+!Z2<@26S?` C\˘ńKÌbWɞJӄ1' In%A;ۑ@9L3aYMI`n;tr:.Pя - \ No newline at end of file +-> ssh-ed25519 V1pwNA U0WP4K92oRNJ1Dz7siaR+8IcCuKO+diy9VhnuyMQ3w8 +Ral58VncypJzKyBweTNDn0uyFfmqbVBsZAgsxd16I8s +-> ssh-ed25519 4PzZog ADJzfpJ3mw+42CriE25RkMq49zMrkaQM+mYO450fDBo +lkz7JlpkgOOg/clVAOJ3BBnSmo84u+hxHAqxgj4VfgQ +-> ssh-ed25519 dA0vRg TbBXDcY0qSdQ8X+CsumrUV8DATgyjybFmMSr7vKcvEQ +VA0TrtKta0ObYcXio/usanpsD/cAtS/FSd6IcOLYzaQ +-> ssh-ed25519 5Nd93w dFpBpeouKn6S84QDP3mvQmecCnGO1DbEFRf4IgnsHjc +9xoxDilLBwS1QxXnXk2CUaoyQs8udAZJqbgwMpj5ivI +-> ssh-ed25519 q8eJgg 7bSXg/HPIYoAMK/aLs+IrN9Y9BEPUyTsIo3PLEmH4yk +l0Pe13zucVpLKDE9LnBtQMkdQQuAbR/hCYhjmji6xHo +-> ssh-ed25519 KVr8rw cDXOR2vdFmc8V0cDFzJd+7024ez99Th7v+i/7aK6Zwg +av5jiCaB5Q4Pa6Jbmeyx7RFwrj/qkmIN+BC7d8IMP+g +-> ssh-ed25519 fia1eQ 1VFDFHIJ58+ybs3uUVIXHMpOCweDRBH1h/9b/qfUc1Y +W74hrPdMJ8sriTxN7FMoGkY22Ba3uq8DB+H1Rb4AGII +-> ssh-ed25519 IzAMqA pIdk0fdfM7FZB/TTA9EN38qzBxVO1IMgDSi03tpJR3s +f4UURtxj2/YnmepYeoiFeSVwsWo4u/YYZzPZr+vybVY +-> ssh-ed25519 uZzB3g JhwS814323gjfUA4JxkPFuBfNppmI5N4sN2bLxOXTVY +Up6477aZtVmbVV0s+dAafQZm1Fk4L3zA5nGG/JOMnX8 +-> ssh-ed25519 Hb0ipQ 7eBD6LAaLzBep1Ihw5ElMkeT8lYTeaQJGoYlsN6AVm8 +9QLQ1Uja0PfiQdpnB4ykW8GAXdzDZUfertdRB1V/+/Q +-> ssh-ed25519 IzAMqA TPkc8WaH/jYOcTvFD43lwQR6fgnJ9bLdMJI5ns49hX0 +FoUbMUqIfkiFxk8YqwHmeVb5/k7H+0EJcFDzNZoPs8s +--- Rfu7lKgz3e8yBtCwf1rlh2lH5pMTtBeCAR2HtL8Lehw +X_bp9e +K۬Op + 8putJ[W:Q +\SWzu3Ȑc&`JTXݒRK8ͳu8[SK`[3?hT7atL1|H`nۡ;i2 \ No newline at end of file diff --git a/secrets/nextcloud/pw.age b/secrets/nextcloud/pw.age index 02fdf3fc198303e2ea6417601ecf49e25c2f48f7..1e381170f4ea55290d3993a2b167a7b92b09066d 100644 GIT binary patch delta 936 zcmZqRXyBNjQ=e!SU|5=5lpCB}>Qhw} z$faK#VB%x$r|lG$7El!E9ch}I;S^rvmhR&2m0p=q;_YW>>E$0$fawiP+Xj$ zo0?)|YHDbyU=mOjm7lIqVc~0%>1UAa>m2E75oTPT<(A_T78z<59Bf{sou3+LQ0V26 zm2c)}Q5KQRRi2Skq8(Wk>YQAXAMWCkZt7xaQsro9no%6?=u==>T$Wkt7!Z--VX5yq z@uNgoR#uc*h=)&pVVX->QAA;6MnQUNQF@TKNm_7aq(w+hg-c;Zrlr1XXe5_*aezy* zZ=SiAkw=L|qM4ItdX;%pS$d#Tlv`kcw?T$wrm0bCRg$5ff$!vaM)B}KmsHa#r}E0w zyp%HiBCnw297}DBuwv&(w~XL4Z6D*RoS@{8%%XH7cUP{!%81ZR=K!B_3sXPOsE{nn zoT`u#Poq*N^PpTem;6M_66df&&+y1l3&+W48O7_1^ed9mTmzHJqdc_>aAJkQ*zEYmVkJ1Q$YvA)Q_AkV)dFDu(9 z*r>|Wr!p_q!#v0>&^#-dtI$8q)GRI3ye!lwwK6a%H^?&I*vQ|k$knJI&#BP7I4L{X z*(p0L%BRc#-MX~QM8niT1;^C#OivGgH^*{!<5K-V_eggir>fwzBzKpLV)MYrq@v3D zqMS%W3j^mc3oheS=PKXIpdbUIe2d_`$jUGeKR1u0ywXVR^rDI3&^nLWx$~=q0ywd~Cz5S9RGP6s9+`NpVqEey^bF!n# zeYpxt^|MP#GU~nj+}w@yqs)sv4T{Yx1Dy*i^sBO}QbO~6Le2eB@(e??Ez-Gkb#)aI zUEKpygHwEy+|1KVO3bT*9V0w_^aH{Ti^9u&5?#}b%iR1-G75`*^ewo;PfN?L(dMXc zWH|Tbyyf<)NBX)g>qAd}TX|j9UcNupEjr%t?`yl~OIKe~;5Prg=aSCXwAM7?uN5y^ W4`*$WJrH|krqM~$?nITxKNSFaK|U`4 delta 936 zcmZqRXyBNjQy-NRWRYQ6=n?8;S?r&m9^x2ml9l0~9bA~68t(6#UgT+%RZta`>SSW< z%9U*Bq@8Y*oobpLRN@w8SXyivoMe$+5t))??h;yInq%l$73P?h6j2dw!li4cP+Xj$ zo0?)|YHDbyU=mOjm7lIq8W0++U!LKb7wS}+YH4g1=w@l^NJ>tmXI4~rWL}VOil>WtqED%DM!JW0Ziu^CP@speZ(eaqmM@owr+2nl zmW6X(Nx7MRuwzM*W0p%uuuEY?Mo^V!Nl|98etL4QacE$OQTgO}M)7dV)V!oh$9(;W z#3aAmi131f@ThQS1DAYlvyAepET4d6{h;&$x8P#`>`1N>AE$65K_DDTK9gS;Fs z!*G|B!s1ekQiHPMO27OlLxaMiYy-0bW7o-N8O7^OLh}rx97Bp+{9VFAO#O-s3;nVK ztI{%@Qp1y7vP-in%G`1zN^?EDb4<8=!wu83b8>>rDsxQSGK2IjOtQiZOhVHA^qow? zT?3MGi#)>v!raX(z0=Vnz&otSqNrRUC&f6T+@w-J)YH!_$k8R=tG-0rD7`$-Hz_&C zywKUC*v%+HzrZUw#Vae6%Oc6x&)mS-H!ZLrBGSOnHOsFe&m<+v%P62cDcs%MD?Ktj z%|FLIEh@wU-MX~QM8niT1ye7BLenJebjKW5pZu~CpNNQ%@*>Nuv<&|oQym{ za)_sPhOuKZmrF@djz@Z$OKNVOzN>bzms6BckaKEfTE3&HV@OtnYiUS@p}D1bN=1_6 z#E;_PRh1?tevXyJA%4b{u8zf383hrZ{uNotmc==)xsHZDCEmfIhIt;wiJ`t+nfZm@ zSsrc?e)+{2Wf>t!Ddm;=W^Ty=`N7UXNg-i*KKUj7e!k9LZUv!};~B-n-Hn0*s=`wI z^<6x3)6+u?O>!c$LyDaJy-Z3?Ewjq2LR|{0-19@qLNZLaJY5S*vjcOS0xa@fO440Y zO5B4g%G^SN9kY$H!qYRf1Kg_$%%dXpJ-o{&pJf!U_i#`3G4{_lGcnUIN%nIow{S}G z3Mp|mGb=VMC=7LXFE?<_PE5%+Pb@FyO7Sdl&#j0EaW@G|c8|(&3UYGwa;oqwH8;qs z%t<#gbxBRB^e_x64>qtsj{)znB8#GOg+NcoqT<55B2UYVOp8K~WW)MQ^TP5HC%>Qy z=Sri<%;Ly`2%|KY93#sRN3O^u*Ti7&wA8TVJhMte!|Xt_(&YTKvJ~@N!=gz4@=OzUgleC?Se2sJSL){#!oFfcVB8_vxs?3tz z>n$u?i#;;@J+isV{G+leLxK%W3;gw6@{%)xjeMNTi;K*?$_<@EQVj|UBFvIYgSAb~ z3i8pdiwG`qG%Hs~ch;`dPKgZi$}ZK;P4i0hF|kO`%&!VBEc8sT2+j6(@pVs3DKL&I z4bA6Da!W4r$T6u8$;*n!NlN$g@e49e3o7(C_RXyf zsI1IS3aSkC3JfXEHO9fEq8I{vgws}jZ>;g zeRKC`6T_8ui7*wpws!SDFQ%1k=e^ftwm0(Cy@d20SJ96`_1YWM*FTVBW z2E#j(x@IGj((l>F6g6`^9ImO!eZS1l#I#O6da~2;#mVd9HtXHp|KO>MiMt-pmkIAP z1y`8(^~AnXY!r3gE4!wC_V3&ki+8V+=svzxb@Q>qD)Jp7r)H(-Uoc|fYb%R?qu)?5 zc^0o8r*_Yd($))V&-R)`oX+u`o*5K+(_{7eV5>*}q;=FEupd|8+g==WU%Jt&P;k4# z&bE#pg4)%2>O4#TsHKzYk>JqPAoz9T(Us>$&%TqHSPpZGNdDfMJ zK7Tt`-c@S3FFG$~s>ak7>oH}$vNp-tCANEU`0LP(U5EHS`Lu4D&A2aHa-sgTy3G;~ z->?Xm=kJL3n|!32U24%*|MI82Tc57a^%2y*$(iQ+Z8sC+YPK5LJf_EUk1@|E*eGIU zx8ae)-H>B$a!a;OTcBlg>i#u3T`|2C^?TVm%xk20i;IGGS7&bHo%W{PR&A=R^sLKU z-pqzEbTsJ#$ev97kN#kR1HyWIPJ zwR`$|XA^;=r<-E_oc}uU3-`tQ*3aj>Sg35jMDgI)mQ`j;Rm&Ytd$RpJpc&j_y=zzP zl-$7j)c$X!R@){huGsgZvg(;|_d~N6YZ5Km;}7;VEjhLSbIyWb=NIXFEabk4u4mvvm~75YBT7W*VKHTL%YnAcNs za@W+bs_kdE^2+Jok&9AR-24{*y%*cH6}_w9tl(=(SewUpR5>(j#~*#c%zt|G{$5Gu++e>+ z|3lbz2QEv#c}G7=rRU%x_Y!CbH3{THIW-lab?s7biD zu>Eb0$sRMauBY42x%8d3$@%knPN4mSb1iZ$sw=NgmW|GR|3h}q>nk~1c1~leXJfov zHLKuz@~7v8E$7as-4UL?N$PXa-a1{^`zFu!F&4QvJZG+c)xK|seeAlNjfIyIcuF4# z#b+#&cM7oDHK#yn?X34z0oPBPJt-00rL}hz%gpVm%g#i(>HXPXtzIZr7Ae?W5nFb+ zfY)d9=6f;=&ZUK}X}WC8pUFEzIWhY4!XNbuZ(imTUdQ*m#NW6uHtO(O9rkn4|13|; zxcd9!M%@)Y;rzbS+&APcb^3SjOq8gHV9m!%cTH~3;bZWOHoBd!-RPEmDINrbLA^{-6~jZeB<&?*4JCJ?fYF;WK4V0nE%B7ZF$ix$<*&}E<8QF zU7DriLA`jsc)*43fG3Z+Ss+CM|a1* z^>5c7KJkgivskY(%^~fu=N+#lQM{a~J)u#)0iX9<+ppNcwm`;@YgbmKckl`(tM7?Z zH0#Zt7)+jIv#$Pusr1gwvsU?!E=8NJ$<&!Bbo9;njTZ6s9JidbGfg8;yu7|}=ll7& zGvyuH?9vw}Z4E1Nx?BQkWcbAZE>`6@;QK`iYxsWC4X zC>cg(zL?N>^4s#;26EXCSKP2je`9v!?dr&moP(jgDT>Y&5>?G>rlB5!~*8Dg=>y1T!eaf$+s}?QgJO1;O7SpDX`sEAFx2KkT zTGDpkJ@oy0tJB<7%a=HwstTTgS8i@m+=i-;Z4T&Q|c^RqU1eXK$RDCLR;L%luF3rJYH1^Cc;XyIZX9F&i(2bDA<t>B?yIcSfJo+Jx&NLUJrvyDw02JTYvo<5s@n}*-+5MW6bO{vN-TX7`r(dqR`~I( z%PS82tXUe6%FSI?B^R^4bw}x^%EXKbCWqy^@(cK%np>`!%*FeAp75)OZFUI@cNG2l zd~QB({rt?}P}TTG#no@-MzqT2e3-HOVydT?`^Br|-jxnS|z6*tw3 zFCGhD_)&eX_LnNPPn{SXi!Ely*R>Nw9Zua$-nmpmBbFfoXt6HkYoQLUD11 zZfc5=si~o*f=NJCRDQZbL1}4LMv=d^iDO`qPo|q?pqry%R*-X^k9K5Km6@qwVz#qK zsHdx6YMFB}S4L^3PjHD@WoBtoL6CEvNlv-Hd$3`qxwETDvWHt#c~Oz2p=qd(xp$@S z#E;_Pp}B?yIYD`rzNIeN!O0OWxlT@16|QMf!J!#BWuX~{$v&AO5rv^ap;eAtxshfD z9zHHndA@Fme#T)LCIw|7&bevD0b!XrzUD?o&Oz=ag(>AGrd7q0;~B-n-5irVLjp~b zOG2E?%MuNYoeDg{qr6P35(D)^4a3d79i2kcGqlT7lMIWwOngFxlb~LTZwD9xu@X~fPF7@}Wa&`~p%E-&kGY|F3s*G@V3ez?ZbJ6#5Ey?yMHTOwR zPmfB9lx&my46jlP<4lwA#3T!^@~C_l zqXJWB_tdgT6Ljm+G7}9`0~Nx(vrBUWsV3RC%Yu9Ya*MfwGMoxBv$JxHOwuchN;0yNjKWj$OGDj?^Lz`<^i9okazZkyqLSTm zk}c4!iwG`qG%HsqObjuKEDm({a?Q#J4RO-XOfSnw&+sg$@(TAiFLT$=4RdwQNy^SL z&-COfaxBlzHjAu}$_;Rh2+{V;b}}<4$+V1cHTCf}$u9Bpa4{(_Pl`;*2yjm3($&>f zu=MuMi6{@QC{GM<%T3MmG01c+@F{hROfB}Z2uL^ZOfn6MFw+i549{@oVlQ5H{IAGS z4uzRFE=+xKeD{i&Em5gD>?@Mr72i&t8eX!#@4!ZZ9d3;~o9ibtE@BBZt*yTun;P)j zq2}QGIfXN1k92IGk-Ou1o2ipl`1jO<>mL71_<4DspX>ch#9hQrNT+oiqEXLE7%S~xj=+848lLEYt9S!!(csmGrc zxzx95m&{yJ;l{abu znc(*RM7{eF_3z!Yv?rM?dC9Txx{*-M=ZSNbPfRg1mn>TE_*Jm$k6_-00Y%nOg{HpHJ>{B{tm@jqZg!UMgUu!z|`r{*mi|^ivr!g9py{czix@cQ{YRVrG z{aJd<+BNEzKizsgF{L$wWm?~AKmC*!m#)8wXO8S#cB1*v?A}SfGp5}+%v5L3v+HL5 zp-E4rA79<*ZSA}>lec?yVA$L%WmyF(%^L*Sa~_$rtne_rAJ-w~kYT~8)Skq8hg+j( zR@&P&8J2Rb$MQeq`Gh-W-0^mqt5%`$w_bCi#c|EfiyR_{j8|^|Ts7PG7|YxH{C(<^ zCM8$hdT=n+>RI9W&@1!yi8ijOwpx4U+)Wd|*m;v89=Mn6KJRr<>`?O0fBPFRFO*>3 zx$v^v9uMKDO}?4m+=YMSeBZz8Z}2V;&-H8@lc)CUMfBd#ocV3djixI>%3h{FYWC<= z9k%37slR(7L+55(W20u8PUf_-(E1>uKw-rL9T)fONz9zn>t6Y9XLQ>A%4+3ucfKbF|4j8ba@0RKJ2mxjT5s%^ zVvnw)-l8|lj%{+0Df8y{{&V8Yzl*kOE_d>swfz<8-u|^-aMR>}`?sbEZudE-t@BOf z$i2taGxx~{@JYFzSkUM2zVEZ}^PaF!J$4yozwKYnEUr2-uUAYo$wuh2K`LMDk+vQC zyR2iSB0}wEwtL)-y#DsRsnp8}&nwcbwsH#cEm~+g`B1giT&a6KHQT2MM9umh>8EeB zps=J~bbAfkq7uHXk@dId^*VJOf4ytpsr`&rNxysdo)mSy#XE0$@2S?MUvqCZdQM0# zUHEl&jAE5-O=PQC@c&?gDQ}V{J$yJPG;9Ie5|&eMx25u$UI==${J2x^G1h(O7bTrH zhzqf|Z1j_hk$hp-UA-&h$m{zHcPZCZ9_@>dxhOR!!J_wr@TH6E5~XH@)=w2Y#+c#pYpc=E3tHS%NdJvB{ZlK3$+xW?XoB&a&()|9W+ne{5EJ zpf7z?CQIOgnDpNZGwiqSq zxp~x3BOu77^XgV9?uPSH`vcOQOh5Z4oW47G=3FWN_d$n$y1i<-@u>e#j$U$e7w1v6 zzstkwc{TEE@6Px&Q?2FiG`Y3i+>cp$kE`C^x%Oao*J2&Mw-)u8TQ4576?I%Y!vHg?mVVRiRiCbC4*WHb%-fk3kj$wZ2RNls4?I+&6{J-!$`@EdMCf{p2Zd+)m z9ro5KY-D!~w-s+WxL)CD#+J2~+BU0xUHfBpX4S$&TeIq|lnyf(Etof9x%%l7M=chc zGrwG4zVJ0>RsGJQ(D0kZc`4dUmdES%8d$czk~r~hlK9hgN{WlZqA$8`oY=ut zW!me!bc(%O`ziN6uYw(|=XdbW+CF0wbJ&v&-92}TmQQOJo<8^Vs{BW6Enip$^b z%K5{^nj;6c*{#*T7JbR^@serYi=)eyCRJLApX560(`>$Q(Tf&6&l%+-iUd|KJPkE{o3=;D-JQq?{lM! zKKe9&QsRws3AoBW#qFB%`c`du&yISIJ7yxgnm#mqa`e0Za$ilai~7SC7F+pm{Ya^J zTFvjJn{;H$OwW(D{~wq%OIR-ZaA?}B^WgJ}=%9UXrBFBwP>>YkPEZia6b#J!8 z>-ySX*G<;f)V@FUzkNsKw*yzU1;1@hJY*ig!z5xSeuW{Pp>B#n^JeQE!dvX7S!~m9 ztye76VcRUJdufM~XS>&qfXpQvDcd#8=BBd!%-1wHAbD5nPHXVS>+{%6&v%+yZ+%(G z$@=QjkGorYRn7Lz`Stig%zfj!%Y4!Dd4xOXS^U6^8U`xW#?Y@YDG?Zc`Y^i z+=^P8{%ft<#24JVw&CCt+K>&Ne7 zb9)({6|=%n{)E^+@@8N+z-Cr_WIS{YJo`hgUQlSt3(6cYaJh%-gdN=c+LJ{ z;_ZnC?T*<0N}c?qK9I+3o_vuCv(~*YGJ9??-RBlqc)7@2QCIc8p=j2Y$Le~5Vxiv4 z|18-kUD(N6YtwCWKH`pP^z*QH5-iug_ib#pY@1Q+tnZ>8sB`;c*2_sx18>wgW);W3 z{Tuh}wIc6}&S!sbcxu_?9xw6gy)^H4)cK40XIRe3OGixk`J4aE!l&9@lk;Q`D7*=t ov#F%<)6vhtcjZ-rdfxOn@WuGBvN##vUQkrX_#e%Ww4*IpOcHFTUBOgXh=p$D3`9CLUD11 zZfc5=si~o*f=NJCRDQZbZc(b2hqqf)PPuVal3977shfpSc7U5(p|6o^q>-tip>c+L zUT{fKZn2{QS3z)ja8fe@#ZIYJ!P%9TX+DKH2Bq5h+4{+o;~B-n9Rss00xfe4 z-JDWj>5 za>KAZNgG0P>GKw6H96by&LyC)2jZBN8s*GH6%pIdLOG~}= zP2JMX3d(cxJ<_?796kKBlS~Vooh>a)^RiuYD$~qU3@bvtjEgL@Qyu*b%FA*rTyr9G zow6q3+$lGk%fcteH&?&1 zAj91(%q_B{xFFTrI4LK$C^6W{IU^{_)Htm)%Qq*&E!#I8-8zpXgUo_Jh2jv?)F6wB z90UKfGIy`+>_CHxkd*YKLgQ4I^pJ8-%k%=%vZ5f1@{)27U#_am662t%^zzj5+@x%; z>`D)hGEb8{ePfRbOJiS4=irj0)Xe-MPbWWrM{vkh_+~m4h8mk@C;O-7c^eg_=erx| zCz|FvmlYalr{!komlhT$o0Sxo=NNF6N0xhgnMe3VhWk5agpM@8I@l()AF{%vw}D7^k- zp6f^Z^%n(N&hK2JAekzio^v$IY1P{Qhn~r?+}{4$y#An2TKV(MSLb?KuqU)lUHAOZ zV~%y%Q|Bq(O*TBST+dthL*4bIe9XezVjoVtoU(e^nwaM%BI-Bi&)1rmF1=Iy?%o2E z-z%QwYHkhPE;7;G%KJcR>BX-Mv0Zz$I&Cl3#2jf1cNF}ybmB{&j+t9ez25qGlK<@^ z$Ky7Y?)-FF#pjJ{Z9T(E?c5!$bMJW;wzgjQQ@TQY!`UyJZXRnXf3P~MeyL%Dw)d+^ zA&kl=%O|S+zHcwwy)KULLqv0zW|sD?-QQ%bBKGaS5_dHxY{fBWr=7pPczH~i$6g%q zm-kYa@4?$YXWr&(`<+&GYRf9Ko!>s~m&y93dtUo*Q;tQ3cDwTL-%R{E^$WL}YCYyD z%}$m!`?$@3-h$} zvaK3yrgnd+6AwDE_`tj~hSB>}Hru+fbK1)@>#UBB zz}w8w`_=0g{{78U>r=yNVDR$q?xI6ot2~8o{je1@tT}j>?QX$()%h=0g*k58{m?dL v&v!@FNp~KHt+ce;Y%y*297*A2l?&daX)7N4ba%g4L%3qrX>_vw>fgc~O>Ma)y()X<>FqK9{bYLUD11 zZfc5=si~o*f=NJCRDQZbW}=guPfm75c%g~Ed1zLtzMGj-s!2+IQB_ivnNhHNkyl=^ zqrYoeiC?8Bmqk@tm|2ubMvzlMVRmV0Xpm!}ey&e$sAZ-kE6ukxnLQewL|W1^L;gDgGImex~`8;~B-nQ$q4Ql034C zBiyyK40C-v9rN?U9LuuGEHcae%>9cJquf0GD>I6c3mo&gaw4jtLUMd6D@^n~Q%o$) zbG_4&-HKiFlYFxxLtOmzlfw+E{IV+j!UJ6=pJf!Uj|%cNH1o~RHStdgPWDO<&hRlR zPw~&o_NgebFf+e0vQ)>sAV>4clJbh&Jk$E*+#(CJqzJ?O zR8P~8fYj8|3T^Gcz(Qk#WUg%A^!)O2i@@R}%L-#tr?A8l!(v07oGXe8Q_YQX{L{VMs)`JAO|^@YwUd)FQbU5X zOd~BUjFXJZUGurzD=Yks4KlMGLrwDnJS##hjEd5Wll`JXeWMCo3|vb}J*)IRE8NSf z!Yn2yvWVB4Mw)p>75gOn_~i%cr=<9Kq`9XidAj-}hUiBg znK+pSni^H5d07NRdZg+*`llL1B?p$91O>TfSQJEsgqm0;`Q zzp^CXB{0atsj5t0JG8REqdvmlT|d~&HzhYBBqU6~IMpe_)x**_F{Q$l%ilL7!!6LP zvbem`(6iXxD>*;3q&(2qGutfP-zz;cEF>yS+s8jK%A`CQ-8zpXgUo_J1&?C=s(io5 zlF*Rg5_j_moCqkPk{sKE4s z(lQq>i~KxK!_-8}RR1z}uZk+8++6=0r%IO!UvS8IXQvbeX1YbV`&bkg7^FJ8Rh3w# zIR^T<78RAddSnOsXnO@$rjgp<#M!6ZA`WvU_Mpgx7hr5*o86>(F`e;{_76$nw=4KZ9 z7be%|copPUlsFr3*=#t=Q=pLM?dKEnK7F$P{ge5xYUl9?_%a^ewEpNpxn0l7ef1el zvi7xY5A0NwXy^L&z`xLsllQS>)R`G}>W9y)xYa$o^1jZQneDPuB>VY0+(kC;cHGv! zEJVQds+Ue`ot|J(|Gw)jOL*b-FM3Xeg*)#p)L1uX*&%O-F#ECFQ*$Ue4DJ(!TI)#-M8GG4BhpOHm%kA{1t9*LsA$l9jACaO1V_FT_Ea- z(1gyQ>g_65EK}<}_eP%M*Sy?)*ZJtlmu4Fu&O1>$=e)V{e}$TFYU+taZO^^`{gue` z?U=Y~-I)M}MGqqr#5h*OSt(r>k3BX$Ea%tqtmWJWA{W)2U7IU69{aNQ>H09hxwxVwuFDDfr*tNUiY2W)} z#y#_U=d2a0;=L0%-I`~~f6wK&r(TbaJ91hucG@+iA3P7ASzq2zq8xPN=pU_*HkR#& zv{e{|m$#-xv~XPB_xNwWLz$dI{i`|3?FxT>_$H)ra@}-y&{*EEW}eWKk_yT2KX;gO zi~G)BeVlM{S4rGN_sr6FxqId=UbAO7sz2ALlZriE;)1NzdCfwgNm!*w2VbRnJhxR}I-d4R? r)w#1S^}$;GRc<+V{>P>{DkR_jSjWncE_@><@lo3`wt&u`xBR^TF)6{S From 6e496b48678ca45b930e073030b8bfedd9a64ef4 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 3 Apr 2025 14:41:44 +0100 Subject: [PATCH 728/826] feat: results of EGM, Hans is now core, Lorcan is now also core --- config/users.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/users.nix b/config/users.nix index fe8063a..f7c3f84 100644 --- a/config/users.nix +++ b/config/users.nix @@ -55,10 +55,11 @@ in { "silver" "eoghanconlon73" "nanda" + "skyapples" + "generically" ] # Committee - OCM ++ [ - "skyapples" "eliza" "amymucko" "archiedms" From 07b6e478ccda8d43f701847d409c361e8db2217b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 3 Apr 2025 22:32:32 +0100 Subject: [PATCH 729/826] feat: slight reworks and added the 2006 site --- applications/skynet.ie/old_site.nix | 26 ++++- applications/skynet.ie/skynet.ie.nix | 19 +++- applications/skynet.ie/wiki.nix | 5 - flake.lock | 139 ++++++++++++++++++++------- flake.nix | 3 + 5 files changed, 144 insertions(+), 48 deletions(-) diff --git a/applications/skynet.ie/old_site.nix b/applications/skynet.ie/old_site.nix index 1e43255..18f80df 100644 --- a/applications/skynet.ie/old_site.nix +++ b/applications/skynet.ie/old_site.nix @@ -9,10 +9,6 @@ with lib; { imports = []; config = { - services.skynet.acme.domains = [ - "${year}.skynet.ie" - ]; - services.skynet.dns.records = [ { record = year; @@ -27,6 +23,28 @@ with lib; { forceSSL = true; useACMEHost = "skynet"; root = "${inputs."skynet_website_${year}".defaultPackage."x86_64-linux"}"; + # Handle any of the old php sites + # https://stackoverflow.com/a/21911610 + locations = { + "/" = { + index = "index.html index.htm index.php"; + tryFiles = "$uri $uri.html $uri/ @extensionless-php"; + }; + + "~ \\.php$" = { + extraConfig = '' + fastcgi_pass unix:${config.services.phpfpm.pools.old_sites.socket}; + fastcgi_index index.php; + ''; + tryFiles = "$uri =404"; + }; + + "@extensionless-php" = { + extraConfig = '' + rewrite ^(.*)$ $1.php last; + ''; + }; + }; }; }; }; diff --git a/applications/skynet.ie/skynet.ie.nix b/applications/skynet.ie/skynet.ie.nix index 5082080..147174d 100644 --- a/applications/skynet.ie/skynet.ie.nix +++ b/applications/skynet.ie/skynet.ie.nix @@ -15,6 +15,7 @@ in { (import ./old_site.nix {year = "2023";}) (import ./old_site.nix {year = "2017";}) (import ./old_site.nix {year = "2009";}) + (import ./old_site.nix {year = "2006";}) ]; options.services.skynet."${name}" = { @@ -23,10 +24,8 @@ in { config = mkIf cfg.enable { services.skynet.acme.domains = [ - "www.skynet.ie" - "discord.skynet.ie" + "*.skynet.ie" "*.discord.skynet.ie" - "public.skynet.ie" ]; services.skynet.dns.records = [ @@ -103,5 +102,19 @@ in { }; }; }; + + # Some old sites need a php pool running + services.phpfpm.pools.old_sites = { + user = "nobody"; + settings = { + "pm" = "dynamic"; + "listen.owner" = config.services.nginx.user; + "pm.max_children" = 5; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 1; + "pm.max_spare_servers" = 3; + "pm.max_requests" = 500; + }; + }; }; } diff --git a/applications/skynet.ie/wiki.nix b/applications/skynet.ie/wiki.nix index 6d1aa57..19250b3 100644 --- a/applications/skynet.ie/wiki.nix +++ b/applications/skynet.ie/wiki.nix @@ -17,11 +17,6 @@ in { }; config = mkIf cfg.enable { - services.skynet.acme.domains = [ - "renew.skynet.ie" - "wiki.skynet.ie" - ]; - services.skynet.dns.records = [ { record = "renew"; diff --git a/flake.lock b/flake.lock index ce99479..4a4262b 100644 --- a/flake.lock +++ b/flake.lock @@ -47,7 +47,7 @@ "inputs": { "fenix": "fenix_2", "flakeCompat": "flakeCompat_2", - "nixpkgs": "nixpkgs_18" + "nixpkgs": "nixpkgs_19" }, "locked": { "lastModified": 1719514321, @@ -632,11 +632,11 @@ }, "nixpkgs_14": { "locked": { - "lastModified": 1690026219, - "narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=", + "lastModified": 1741037377, + "narHash": "sha256-SvtvVKHaUX4Owb+PasySwZsoc5VUeTf1px34BByiOxw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f465da166263bc0d4b39dfd4ca28b777c92d4b73", + "rev": "02032da4af073d0f6110540c8677f16d4be0117f", "type": "github" }, "original": { @@ -646,11 +646,11 @@ }, "nixpkgs_15": { "locked": { - "lastModified": 1689935543, - "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", + "lastModified": 1690026219, + "narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e43e2448161c0a2c4928abec4e16eae1516571bc", + "rev": "f465da166263bc0d4b39dfd4ca28b777c92d4b73", "type": "github" }, "original": { @@ -673,6 +673,20 @@ } }, "nixpkgs_17": { + "locked": { + "lastModified": 1689935543, + "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e43e2448161c0a2c4928abec4e16eae1516571bc", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_18": { "locked": { "lastModified": 1695978539, "narHash": "sha256-lta5HToBZMWZ2hl5CautNSUgIZViR41QxN7JKbMAjgQ=", @@ -686,7 +700,7 @@ "type": "indirect" } }, - "nixpkgs_18": { + "nixpkgs_19": { "locked": { "lastModified": 1668226844, "narHash": "sha256-G/S4FBWDAqHeBS/hfXwUCJbnaKnrQFoeeKwzvZEOgxM=", @@ -702,20 +716,6 @@ "type": "github" } }, - "nixpkgs_19": { - "locked": { - "lastModified": 1724395761, - "narHash": "sha256-zRkDV/nbrnp3Y8oCADf5ETl1sDrdmAW6/bBVJ8EbIdQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ae815cee91b417be55d43781eb4b73ae1ecc396c", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1733212471, @@ -732,6 +732,20 @@ "type": "github" } }, + "nixpkgs_20": { + "locked": { + "lastModified": 1724395761, + "narHash": "sha256-zRkDV/nbrnp3Y8oCADf5ETl1sDrdmAW6/bBVJ8EbIdQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ae815cee91b417be55d43781eb4b73ae1ecc396c", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, "nixpkgs_3": { "locked": { "lastModified": 1734119587, @@ -849,6 +863,7 @@ "skynet_ldap_backend": "skynet_ldap_backend", "skynet_ldap_frontend": "skynet_ldap_frontend", "skynet_website": "skynet_website", + "skynet_website_2006": "skynet_website_2006", "skynet_website_2009": "skynet_website_2009", "skynet_website_2017": "skynet_website_2017", "skynet_website_2023": "skynet_website_2023", @@ -992,11 +1007,30 @@ "url": "https://forgejo.skynet.ie/Skynet/website_2017" } }, - "skynet_website_2009": { + "skynet_website_2006": { "inputs": { "nixpkgs": "nixpkgs_14", "utils": "utils_7" }, + "locked": { + "lastModified": 1743715699, + "narHash": "sha256-BgXlk7bT9q+cOE9u74ZfmqxxW0zIHZ/ebLyldO682Zg=", + "ref": "refs/heads/main", + "rev": "616040e0e7636c1e33a06262cc20fb1bf1fb61b6", + "revCount": 15, + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/website_2006" + }, + "original": { + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/website_2006" + } + }, + "skynet_website_2009": { + "inputs": { + "nixpkgs": "nixpkgs_15", + "utils": "utils_8" + }, "locked": { "lastModified": 1732375097, "narHash": "sha256-LthEi+y3a+i/VNLBlQZ1v9nkffgJMykMjonFtTt8Yxg=", @@ -1013,8 +1047,8 @@ }, "skynet_website_2017": { "inputs": { - "nixpkgs": "nixpkgs_15", - "utils": "utils_8" + "nixpkgs": "nixpkgs_16", + "utils": "utils_9" }, "locked": { "lastModified": 1689960297, @@ -1032,8 +1066,8 @@ }, "skynet_website_2023": { "inputs": { - "nixpkgs": "nixpkgs_16", - "utils": "utils_9" + "nixpkgs": "nixpkgs_17", + "utils": "utils_10" }, "locked": { "lastModified": 1696876711, @@ -1051,8 +1085,8 @@ }, "skynet_website_games": { "inputs": { - "nixpkgs": "nixpkgs_17", - "utils": "utils_10" + "nixpkgs": "nixpkgs_18", + "utils": "utils_11" }, "locked": { "lastModified": 1727122069, @@ -1071,8 +1105,8 @@ "skynet_website_wiki": { "inputs": { "alejandra": "alejandra_2", - "nixpkgs": "nixpkgs_19", - "utils": "utils_11" + "nixpkgs": "nixpkgs_20", + "utils": "utils_12" }, "locked": { "lastModified": 1739580335, @@ -1194,6 +1228,21 @@ "type": "github" } }, + "systems_15": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -1336,6 +1385,24 @@ "inputs": { "systems": "systems_13" }, + "locked": { + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_11": { + "inputs": { + "systems": "systems_14" + }, "locked": { "lastModified": 1694529238, "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", @@ -1350,9 +1417,9 @@ "type": "github" } }, - "utils_11": { + "utils_12": { "inputs": { - "systems": "systems_14" + "systems": "systems_15" }, "locked": { "lastModified": 1710146030, @@ -1463,11 +1530,11 @@ "systems": "systems_10" }, "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 2d96432..2554929 100644 --- a/flake.nix +++ b/flake.nix @@ -58,6 +58,9 @@ # this is more of 2012 than 2009 but started in 2009 skynet_website_2009.url = "git+https://forgejo.skynet.ie/Skynet/website_2009"; + + # these are from a snapshot archive + skynet_website_2006.url = "git+https://forgejo.skynet.ie/Skynet/website_2006"; }; nixConfig = { From 8f47404b0e7cc22b6a04043605867c624ab0f53d Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 3 Apr 2025 23:28:38 +0100 Subject: [PATCH 730/826] =?UTF-8?q?feat:=20added=20the=202003=20website,?= =?UTF-8?q?=20recovered=20by=20Lorc=C3=A1n?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- applications/skynet.ie/skynet.ie.nix | 1 + flake.lock | 145 ++++++++++++++++++++------- flake.nix | 1 + 3 files changed, 108 insertions(+), 39 deletions(-) diff --git a/applications/skynet.ie/skynet.ie.nix b/applications/skynet.ie/skynet.ie.nix index 147174d..3e1ffb5 100644 --- a/applications/skynet.ie/skynet.ie.nix +++ b/applications/skynet.ie/skynet.ie.nix @@ -16,6 +16,7 @@ in { (import ./old_site.nix {year = "2017";}) (import ./old_site.nix {year = "2009";}) (import ./old_site.nix {year = "2006";}) + (import ./old_site.nix {year = "2003";}) ]; options.services.skynet."${name}" = { diff --git a/flake.lock b/flake.lock index 4a4262b..8db4d9b 100644 --- a/flake.lock +++ b/flake.lock @@ -47,7 +47,7 @@ "inputs": { "fenix": "fenix_2", "flakeCompat": "flakeCompat_2", - "nixpkgs": "nixpkgs_19" + "nixpkgs": "nixpkgs_20" }, "locked": { "lastModified": 1719514321, @@ -646,11 +646,11 @@ }, "nixpkgs_15": { "locked": { - "lastModified": 1690026219, - "narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=", + "lastModified": 1741037377, + "narHash": "sha256-SvtvVKHaUX4Owb+PasySwZsoc5VUeTf1px34BByiOxw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f465da166263bc0d4b39dfd4ca28b777c92d4b73", + "rev": "02032da4af073d0f6110540c8677f16d4be0117f", "type": "github" }, "original": { @@ -660,11 +660,11 @@ }, "nixpkgs_16": { "locked": { - "lastModified": 1689935543, - "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", + "lastModified": 1690026219, + "narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e43e2448161c0a2c4928abec4e16eae1516571bc", + "rev": "f465da166263bc0d4b39dfd4ca28b777c92d4b73", "type": "github" }, "original": { @@ -687,6 +687,20 @@ } }, "nixpkgs_18": { + "locked": { + "lastModified": 1689935543, + "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e43e2448161c0a2c4928abec4e16eae1516571bc", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_19": { "locked": { "lastModified": 1695978539, "narHash": "sha256-lta5HToBZMWZ2hl5CautNSUgIZViR41QxN7JKbMAjgQ=", @@ -700,22 +714,6 @@ "type": "indirect" } }, - "nixpkgs_19": { - "locked": { - "lastModified": 1668226844, - "narHash": "sha256-G/S4FBWDAqHeBS/hfXwUCJbnaKnrQFoeeKwzvZEOgxM=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "dd4767bf613bf9553eee6ff37c0996b9c876e7d8", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable-small", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1733212471, @@ -733,6 +731,22 @@ } }, "nixpkgs_20": { + "locked": { + "lastModified": 1668226844, + "narHash": "sha256-G/S4FBWDAqHeBS/hfXwUCJbnaKnrQFoeeKwzvZEOgxM=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "dd4767bf613bf9553eee6ff37c0996b9c876e7d8", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_21": { "locked": { "lastModified": 1724395761, "narHash": "sha256-zRkDV/nbrnp3Y8oCADf5ETl1sDrdmAW6/bBVJ8EbIdQ=", @@ -863,6 +877,7 @@ "skynet_ldap_backend": "skynet_ldap_backend", "skynet_ldap_frontend": "skynet_ldap_frontend", "skynet_website": "skynet_website", + "skynet_website_2003": "skynet_website_2003", "skynet_website_2006": "skynet_website_2006", "skynet_website_2009": "skynet_website_2009", "skynet_website_2017": "skynet_website_2017", @@ -1007,11 +1022,30 @@ "url": "https://forgejo.skynet.ie/Skynet/website_2017" } }, - "skynet_website_2006": { + "skynet_website_2003": { "inputs": { "nixpkgs": "nixpkgs_14", "utils": "utils_7" }, + "locked": { + "lastModified": 1743701395, + "narHash": "sha256-5QNUdhjPIP55WIdzEmYHMryMxs3msmfB1z0X502GSPU=", + "ref": "refs/heads/main", + "rev": "e3774b2c7a75b838a0cd6424ce0e0e9a41c443c4", + "revCount": 10, + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/website_2003" + }, + "original": { + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/website_2003" + } + }, + "skynet_website_2006": { + "inputs": { + "nixpkgs": "nixpkgs_15", + "utils": "utils_8" + }, "locked": { "lastModified": 1743715699, "narHash": "sha256-BgXlk7bT9q+cOE9u74ZfmqxxW0zIHZ/ebLyldO682Zg=", @@ -1028,8 +1062,8 @@ }, "skynet_website_2009": { "inputs": { - "nixpkgs": "nixpkgs_15", - "utils": "utils_8" + "nixpkgs": "nixpkgs_16", + "utils": "utils_9" }, "locked": { "lastModified": 1732375097, @@ -1047,8 +1081,8 @@ }, "skynet_website_2017": { "inputs": { - "nixpkgs": "nixpkgs_16", - "utils": "utils_9" + "nixpkgs": "nixpkgs_17", + "utils": "utils_10" }, "locked": { "lastModified": 1689960297, @@ -1066,8 +1100,8 @@ }, "skynet_website_2023": { "inputs": { - "nixpkgs": "nixpkgs_17", - "utils": "utils_10" + "nixpkgs": "nixpkgs_18", + "utils": "utils_11" }, "locked": { "lastModified": 1696876711, @@ -1085,8 +1119,8 @@ }, "skynet_website_games": { "inputs": { - "nixpkgs": "nixpkgs_18", - "utils": "utils_11" + "nixpkgs": "nixpkgs_19", + "utils": "utils_12" }, "locked": { "lastModified": 1727122069, @@ -1105,8 +1139,8 @@ "skynet_website_wiki": { "inputs": { "alejandra": "alejandra_2", - "nixpkgs": "nixpkgs_20", - "utils": "utils_12" + "nixpkgs": "nixpkgs_21", + "utils": "utils_13" }, "locked": { "lastModified": 1739580335, @@ -1243,6 +1277,21 @@ "type": "github" } }, + "systems_16": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -1403,6 +1452,24 @@ "inputs": { "systems": "systems_14" }, + "locked": { + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_12": { + "inputs": { + "systems": "systems_15" + }, "locked": { "lastModified": 1694529238, "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", @@ -1417,9 +1484,9 @@ "type": "github" } }, - "utils_12": { + "utils_13": { "inputs": { - "systems": "systems_15" + "systems": "systems_16" }, "locked": { "lastModified": 1710146030, @@ -1548,11 +1615,11 @@ "systems": "systems_11" }, "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 2554929..778558c 100644 --- a/flake.nix +++ b/flake.nix @@ -61,6 +61,7 @@ # these are from a snapshot archive skynet_website_2006.url = "git+https://forgejo.skynet.ie/Skynet/website_2006"; + skynet_website_2003.url = "git+https://forgejo.skynet.ie/Skynet/website_2003"; }; nixConfig = { From f668dc0d5590df70e1d2ecdd816c568997ee265e Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Thu, 3 Apr 2025 23:07:57 +0000 Subject: [PATCH 731/826] Updated flake for skynet_website_2003 --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 8db4d9b..4ee5719 100644 --- a/flake.lock +++ b/flake.lock @@ -1028,11 +1028,11 @@ "utils": "utils_7" }, "locked": { - "lastModified": 1743701395, - "narHash": "sha256-5QNUdhjPIP55WIdzEmYHMryMxs3msmfB1z0X502GSPU=", + "lastModified": 1743721206, + "narHash": "sha256-n9JGscEsckoasfmvpWKJ0kifQp1KPw8MbWPHhmmkLCU=", "ref": "refs/heads/main", - "rev": "e3774b2c7a75b838a0cd6424ce0e0e9a41c443c4", - "revCount": 10, + "rev": "855b4c7139caeb3c520d75c9a02393f74fdb3be1", + "revCount": 14, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2003" }, From a89f8144211b3fc3814e070cd0e9f84a2fa9c607 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 4 Apr 2025 00:26:58 +0100 Subject: [PATCH 732/826] feat: properly set the 2016 site as 2016 --- applications/skynet.ie/skynet.ie.nix | 2 +- flake.lock | 16 ++++++++-------- flake.nix | 5 +---- 3 files changed, 10 insertions(+), 13 deletions(-) diff --git a/applications/skynet.ie/skynet.ie.nix b/applications/skynet.ie/skynet.ie.nix index 3e1ffb5..6fcf74e 100644 --- a/applications/skynet.ie/skynet.ie.nix +++ b/applications/skynet.ie/skynet.ie.nix @@ -14,7 +14,7 @@ in { # at teh end of teh year add it here (import ./old_site.nix {year = "2023";}) (import ./old_site.nix {year = "2017";}) - (import ./old_site.nix {year = "2009";}) + (import ./old_site.nix {year = "2016";}) (import ./old_site.nix {year = "2006";}) (import ./old_site.nix {year = "2003";}) ]; diff --git a/flake.lock b/flake.lock index 4ee5719..8737553 100644 --- a/flake.lock +++ b/flake.lock @@ -879,7 +879,7 @@ "skynet_website": "skynet_website", "skynet_website_2003": "skynet_website_2003", "skynet_website_2006": "skynet_website_2006", - "skynet_website_2009": "skynet_website_2009", + "skynet_website_2016": "skynet_website_2016", "skynet_website_2017": "skynet_website_2017", "skynet_website_2023": "skynet_website_2023", "skynet_website_games": "skynet_website_games", @@ -1060,23 +1060,23 @@ "url": "https://forgejo.skynet.ie/Skynet/website_2006" } }, - "skynet_website_2009": { + "skynet_website_2016": { "inputs": { "nixpkgs": "nixpkgs_16", "utils": "utils_9" }, "locked": { - "lastModified": 1732375097, - "narHash": "sha256-LthEi+y3a+i/VNLBlQZ1v9nkffgJMykMjonFtTt8Yxg=", + "lastModified": 1743722645, + "narHash": "sha256-uelPrPuv/Z3i4NZ01BlbAqmpB4IlA6zaFL4DlaDWHuo=", "ref": "refs/heads/main", - "rev": "42a1ca5c83a6c21c734d4cc10eec2b06ae25f7ec", - "revCount": 16, + "rev": "316da6b20fe26a6c4c751e74ee214a23265a8205", + "revCount": 18, "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2009" + "url": "https://forgejo.skynet.ie/Skynet/website_2016" }, "original": { "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2009" + "url": "https://forgejo.skynet.ie/Skynet/website_2016" } }, "skynet_website_2017": { diff --git a/flake.nix b/flake.nix index 778558c..d26ce5c 100644 --- a/flake.nix +++ b/flake.nix @@ -56,10 +56,7 @@ # this is not 100% right since this is from teh archive from 2022 or so skynet_website_2017.url = "git+https://forgejo.skynet.ie/Skynet/website_2017?rev=edd922c5b13fa1f520e8e265a3d6e4e189852b99"; - # this is more of 2012 than 2009 but started in 2009 - skynet_website_2009.url = "git+https://forgejo.skynet.ie/Skynet/website_2009"; - - # these are from a snapshot archive + skynet_website_2016.url = "git+https://forgejo.skynet.ie/Skynet/website_2016"; skynet_website_2006.url = "git+https://forgejo.skynet.ie/Skynet/website_2006"; skynet_website_2003.url = "git+https://forgejo.skynet.ie/Skynet/website_2003"; }; From 6bf65a55d78d20a84b234e8f15206d4cabbcc931 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 4 Apr 2025 00:36:38 +0100 Subject: [PATCH 733/826] fix: properly got teh start date of teh new website --- applications/skynet.ie/skynet.ie.nix | 2 +- flake.lock | 16 ++++++++-------- flake.nix | 9 ++++----- 3 files changed, 13 insertions(+), 14 deletions(-) diff --git a/applications/skynet.ie/skynet.ie.nix b/applications/skynet.ie/skynet.ie.nix index 6fcf74e..a73b695 100644 --- a/applications/skynet.ie/skynet.ie.nix +++ b/applications/skynet.ie/skynet.ie.nix @@ -13,7 +13,7 @@ in { # import in past website versions, available at $year.skynet.ie # at teh end of teh year add it here (import ./old_site.nix {year = "2023";}) - (import ./old_site.nix {year = "2017";}) + (import ./old_site.nix {year = "2021";}) (import ./old_site.nix {year = "2016";}) (import ./old_site.nix {year = "2006";}) (import ./old_site.nix {year = "2003";}) diff --git a/flake.lock b/flake.lock index 8737553..e0c3973 100644 --- a/flake.lock +++ b/flake.lock @@ -880,7 +880,7 @@ "skynet_website_2003": "skynet_website_2003", "skynet_website_2006": "skynet_website_2006", "skynet_website_2016": "skynet_website_2016", - "skynet_website_2017": "skynet_website_2017", + "skynet_website_2021": "skynet_website_2021", "skynet_website_2023": "skynet_website_2023", "skynet_website_games": "skynet_website_games", "skynet_website_wiki": "skynet_website_wiki" @@ -1015,11 +1015,11 @@ "rev": "8987e33cb709e7f2c30017e77edf9161b87d9885", "revCount": 29, "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2017" + "url": "https://forgejo.skynet.ie/Skynet/website_2021" }, "original": { "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2017" + "url": "https://forgejo.skynet.ie/Skynet/website_2021" } }, "skynet_website_2003": { @@ -1079,7 +1079,7 @@ "url": "https://forgejo.skynet.ie/Skynet/website_2016" } }, - "skynet_website_2017": { + "skynet_website_2021": { "inputs": { "nixpkgs": "nixpkgs_17", "utils": "utils_10" @@ -1090,12 +1090,12 @@ "rev": "edd922c5b13fa1f520e8e265a3d6e4e189852b99", "revCount": 6, "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2017" + "url": "https://forgejo.skynet.ie/Skynet/website_2021" }, "original": { "rev": "edd922c5b13fa1f520e8e265a3d6e4e189852b99", "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2017" + "url": "https://forgejo.skynet.ie/Skynet/website_2021" } }, "skynet_website_2023": { @@ -1109,12 +1109,12 @@ "rev": "c4d61c753292bf73ed41b47b1607cfc92a82a191", "revCount": 12, "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2017" + "url": "https://forgejo.skynet.ie/Skynet/website_2021" }, "original": { "rev": "c4d61c753292bf73ed41b47b1607cfc92a82a191", "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2017" + "url": "https://forgejo.skynet.ie/Skynet/website_2021" } }, "skynet_website_games": { diff --git a/flake.nix b/flake.nix index d26ce5c..c28a21a 100644 --- a/flake.nix +++ b/flake.nix @@ -49,12 +49,11 @@ ################# # this should always point to teh current website - skynet_website.url = "git+https://forgejo.skynet.ie/Skynet/website_2017"; + skynet_website.url = "git+https://forgejo.skynet.ie/Skynet/website_2021"; - # these are past versions of teh website - skynet_website_2023.url = "git+https://forgejo.skynet.ie/Skynet/website_2017?rev=c4d61c753292bf73ed41b47b1607cfc92a82a191"; - # this is not 100% right since this is from teh archive from 2022 or so - skynet_website_2017.url = "git+https://forgejo.skynet.ie/Skynet/website_2017?rev=edd922c5b13fa1f520e8e265a3d6e4e189852b99"; + # past versions of the current website + skynet_website_2023.url = "git+https://forgejo.skynet.ie/Skynet/website_2021?rev=c4d61c753292bf73ed41b47b1607cfc92a82a191"; + skynet_website_2021.url = "git+https://forgejo.skynet.ie/Skynet/website_2021?rev=edd922c5b13fa1f520e8e265a3d6e4e189852b99"; skynet_website_2016.url = "git+https://forgejo.skynet.ie/Skynet/website_2016"; skynet_website_2006.url = "git+https://forgejo.skynet.ie/Skynet/website_2006"; From c57b7679418484a71206a1068f77c502bdf526b2 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 4 Apr 2025 00:46:33 +0100 Subject: [PATCH 734/826] ci: have had issues with websites not being updated properly in nixos --- .forgejo/workflows/update_websites.yaml | 39 +++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 .forgejo/workflows/update_websites.yaml diff --git a/.forgejo/workflows/update_websites.yaml b/.forgejo/workflows/update_websites.yaml new file mode 100644 index 0000000..e517f25 --- /dev/null +++ b/.forgejo/workflows/update_websites.yaml @@ -0,0 +1,39 @@ +# The websites can sometimes cause issues when being built and deployed +# This pipeline is to update the inputs from the server + +name: Update_Flake_Websites + +run-name: "[Update Flake Websites]" + +on: + workflow_dispatch: + +jobs: + update: + runs-on: nix + + permissions: + # Give the default GITHUB_TOKEN write permission to commit and push the + # added or changed files to the repository. + contents: write + + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.head_ref }} + token: ${{ secrets.PIPELINE_TOKEN }} + - run: nix flake update skynet_website_2003 + shell: bash + - run: nix flake update skynet_website_2006 + shell: bash + - run: nix flake update skynet_website_2016 + shell: bash + - run: nix flake update skynet_website_2021 + shell: bash + - run: nix flake update skynet_website_2023 + shell: bash + - run: nix flake update skynet_website + shell: bash + - uses: https://github.com/stefanzweifel/git-auto-commit-action@v5 + with: + commit_message: "Updated flake for Websites" \ No newline at end of file From b943e5ec0d823f7e086cb2803c08043728df62a1 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 4 Apr 2025 00:58:37 +0100 Subject: [PATCH 735/826] fix: some errors with teh websites also add 2024 snapshot --- .forgejo/workflows/update_websites.yaml | 2 ++ applications/skynet.ie/skynet.ie.nix | 1 + flake.lock | 16 ++++++++++------ flake.nix | 5 +++-- 4 files changed, 16 insertions(+), 8 deletions(-) diff --git a/.forgejo/workflows/update_websites.yaml b/.forgejo/workflows/update_websites.yaml index e517f25..c27629e 100644 --- a/.forgejo/workflows/update_websites.yaml +++ b/.forgejo/workflows/update_websites.yaml @@ -32,6 +32,8 @@ jobs: shell: bash - run: nix flake update skynet_website_2023 shell: bash + - run: nix flake update skynet_website_2024 + shell: bash - run: nix flake update skynet_website shell: bash - uses: https://github.com/stefanzweifel/git-auto-commit-action@v5 diff --git a/applications/skynet.ie/skynet.ie.nix b/applications/skynet.ie/skynet.ie.nix index a73b695..98a401a 100644 --- a/applications/skynet.ie/skynet.ie.nix +++ b/applications/skynet.ie/skynet.ie.nix @@ -12,6 +12,7 @@ in { imports = [ # import in past website versions, available at $year.skynet.ie # at teh end of teh year add it here + (import ./old_site.nix {year = "2024";}) (import ./old_site.nix {year = "2023";}) (import ./old_site.nix {year = "2021";}) (import ./old_site.nix {year = "2016";}) diff --git a/flake.lock b/flake.lock index e0c3973..ced0274 100644 --- a/flake.lock +++ b/flake.lock @@ -674,11 +674,11 @@ }, "nixpkgs_17": { "locked": { - "lastModified": 1689935543, - "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", + "lastModified": 1724114134, + "narHash": "sha256-V/w5MIQy4jTG/L7/V/AL2BF5gSEWCfxHVDQdzLBCV18=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e43e2448161c0a2c4928abec4e16eae1516571bc", + "rev": "f02fa2f654c7bcc45f0e815c29d093da7f1245b4", "type": "github" }, "original": { @@ -1087,12 +1087,14 @@ "locked": { "lastModified": 1689960297, "narHash": "sha256-+43nNv4RSQMXMRGdN8xVKYs2B13w5FJtefuykYcpywM=", + "ref": "main", "rev": "edd922c5b13fa1f520e8e265a3d6e4e189852b99", "revCount": 6, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2021" }, "original": { + "ref": "main", "rev": "edd922c5b13fa1f520e8e265a3d6e4e189852b99", "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2021" @@ -1106,12 +1108,14 @@ "locked": { "lastModified": 1696876711, "narHash": "sha256-WdZQBLTX6WK8iT7FwvD6sNEefGwtAWmzxZzCvvmDxGo=", + "ref": "main", "rev": "c4d61c753292bf73ed41b47b1607cfc92a82a191", "revCount": 12, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2021" }, "original": { + "ref": "main", "rev": "c4d61c753292bf73ed41b47b1607cfc92a82a191", "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2021" @@ -1435,11 +1439,11 @@ "systems": "systems_13" }, "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index c28a21a..95f2a0e 100644 --- a/flake.nix +++ b/flake.nix @@ -52,8 +52,9 @@ skynet_website.url = "git+https://forgejo.skynet.ie/Skynet/website_2021"; # past versions of the current website - skynet_website_2023.url = "git+https://forgejo.skynet.ie/Skynet/website_2021?rev=c4d61c753292bf73ed41b47b1607cfc92a82a191"; - skynet_website_2021.url = "git+https://forgejo.skynet.ie/Skynet/website_2021?rev=edd922c5b13fa1f520e8e265a3d6e4e189852b99"; + skynet_website_2024.url = "git+https://forgejo.skynet.ie/Skynet/website_2021?ref=main&rev=8987e33cb709e7f2c30017e77edf9161b87d9885"; + skynet_website_2023.url = "git+https://forgejo.skynet.ie/Skynet/website_2021?ref=main&rev=c4d61c753292bf73ed41b47b1607cfc92a82a191"; + skynet_website_2021.url = "git+https://forgejo.skynet.ie/Skynet/website_2021?ref=main&rev=edd922c5b13fa1f520e8e265a3d6e4e189852b99"; skynet_website_2016.url = "git+https://forgejo.skynet.ie/Skynet/website_2016"; skynet_website_2006.url = "git+https://forgejo.skynet.ie/Skynet/website_2006"; From 5143b683e483fd6099aca1e8fe64510898726977 Mon Sep 17 00:00:00 2001 From: silver <+silver@users.noreply.github.com> Date: Thu, 3 Apr 2025 23:59:32 +0000 Subject: [PATCH 736/826] Updated flake for Websites --- flake.lock | 101 ++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 85 insertions(+), 16 deletions(-) diff --git a/flake.lock b/flake.lock index ced0274..88a74f1 100644 --- a/flake.lock +++ b/flake.lock @@ -47,7 +47,7 @@ "inputs": { "fenix": "fenix_2", "flakeCompat": "flakeCompat_2", - "nixpkgs": "nixpkgs_20" + "nixpkgs": "nixpkgs_21" }, "locked": { "lastModified": 1719514321, @@ -674,11 +674,11 @@ }, "nixpkgs_17": { "locked": { - "lastModified": 1724114134, - "narHash": "sha256-V/w5MIQy4jTG/L7/V/AL2BF5gSEWCfxHVDQdzLBCV18=", + "lastModified": 1689935543, + "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f02fa2f654c7bcc45f0e815c29d093da7f1245b4", + "rev": "e43e2448161c0a2c4928abec4e16eae1516571bc", "type": "github" }, "original": { @@ -702,11 +702,11 @@ }, "nixpkgs_19": { "locked": { - "lastModified": 1695978539, - "narHash": "sha256-lta5HToBZMWZ2hl5CautNSUgIZViR41QxN7JKbMAjgQ=", + "lastModified": 1724114134, + "narHash": "sha256-V/w5MIQy4jTG/L7/V/AL2BF5gSEWCfxHVDQdzLBCV18=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bd9b686c0168041aea600222be0805a0de6e6ab8", + "rev": "f02fa2f654c7bcc45f0e815c29d093da7f1245b4", "type": "github" }, "original": { @@ -731,6 +731,20 @@ } }, "nixpkgs_20": { + "locked": { + "lastModified": 1695978539, + "narHash": "sha256-lta5HToBZMWZ2hl5CautNSUgIZViR41QxN7JKbMAjgQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "bd9b686c0168041aea600222be0805a0de6e6ab8", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_21": { "locked": { "lastModified": 1668226844, "narHash": "sha256-G/S4FBWDAqHeBS/hfXwUCJbnaKnrQFoeeKwzvZEOgxM=", @@ -746,7 +760,7 @@ "type": "github" } }, - "nixpkgs_21": { + "nixpkgs_22": { "locked": { "lastModified": 1724395761, "narHash": "sha256-zRkDV/nbrnp3Y8oCADf5ETl1sDrdmAW6/bBVJ8EbIdQ=", @@ -882,6 +896,7 @@ "skynet_website_2016": "skynet_website_2016", "skynet_website_2021": "skynet_website_2021", "skynet_website_2023": "skynet_website_2023", + "skynet_website_2024": "skynet_website_2024", "skynet_website_games": "skynet_website_games", "skynet_website_wiki": "skynet_website_wiki" } @@ -1121,11 +1136,32 @@ "url": "https://forgejo.skynet.ie/Skynet/website_2021" } }, - "skynet_website_games": { + "skynet_website_2024": { "inputs": { "nixpkgs": "nixpkgs_19", "utils": "utils_12" }, + "locked": { + "lastModified": 1732375016, + "narHash": "sha256-Y+bJw85TNOp8N369OV0VrDdm3oDy8CXG+GUuG6pZjbo=", + "ref": "main", + "rev": "8987e33cb709e7f2c30017e77edf9161b87d9885", + "revCount": 29, + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/website_2021" + }, + "original": { + "ref": "main", + "rev": "8987e33cb709e7f2c30017e77edf9161b87d9885", + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/website_2021" + } + }, + "skynet_website_games": { + "inputs": { + "nixpkgs": "nixpkgs_20", + "utils": "utils_13" + }, "locked": { "lastModified": 1727122069, "narHash": "sha256-GOPYcXDc+KN6LmxMqobFUOn6e9e0khBW3SrFLj6+2i4=", @@ -1143,8 +1179,8 @@ "skynet_website_wiki": { "inputs": { "alejandra": "alejandra_2", - "nixpkgs": "nixpkgs_21", - "utils": "utils_13" + "nixpkgs": "nixpkgs_22", + "utils": "utils_14" }, "locked": { "lastModified": 1739580335, @@ -1296,6 +1332,21 @@ "type": "github" } }, + "systems_17": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -1439,11 +1490,11 @@ "systems": "systems_13" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", "type": "github" }, "original": { @@ -1474,6 +1525,24 @@ "inputs": { "systems": "systems_15" }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_13": { + "inputs": { + "systems": "systems_16" + }, "locked": { "lastModified": 1694529238, "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", @@ -1488,9 +1557,9 @@ "type": "github" } }, - "utils_13": { + "utils_14": { "inputs": { - "systems": "systems_16" + "systems": "systems_17" }, "locked": { "lastModified": 1710146030, From 5f5e54efd6cc38465eaee4c6acc08c89d6013aed Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 4 Apr 2025 01:44:31 +0100 Subject: [PATCH 737/826] feat: added teh 2022 site --- applications/skynet.ie/skynet.ie.nix | 2 +- flake.lock | 46 ++++++++++++++-------------- flake.nix | 8 ++--- 3 files changed, 28 insertions(+), 28 deletions(-) diff --git a/applications/skynet.ie/skynet.ie.nix b/applications/skynet.ie/skynet.ie.nix index 98a401a..8a625f3 100644 --- a/applications/skynet.ie/skynet.ie.nix +++ b/applications/skynet.ie/skynet.ie.nix @@ -14,7 +14,7 @@ in { # at teh end of teh year add it here (import ./old_site.nix {year = "2024";}) (import ./old_site.nix {year = "2023";}) - (import ./old_site.nix {year = "2021";}) + (import ./old_site.nix {year = "2022";}) (import ./old_site.nix {year = "2016";}) (import ./old_site.nix {year = "2006";}) (import ./old_site.nix {year = "2003";}) diff --git a/flake.lock b/flake.lock index 88a74f1..65c6161 100644 --- a/flake.lock +++ b/flake.lock @@ -674,11 +674,11 @@ }, "nixpkgs_17": { "locked": { - "lastModified": 1689935543, - "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", + "lastModified": 1724114134, + "narHash": "sha256-V/w5MIQy4jTG/L7/V/AL2BF5gSEWCfxHVDQdzLBCV18=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e43e2448161c0a2c4928abec4e16eae1516571bc", + "rev": "f02fa2f654c7bcc45f0e815c29d093da7f1245b4", "type": "github" }, "original": { @@ -894,7 +894,7 @@ "skynet_website_2003": "skynet_website_2003", "skynet_website_2006": "skynet_website_2006", "skynet_website_2016": "skynet_website_2016", - "skynet_website_2021": "skynet_website_2021", + "skynet_website_2022": "skynet_website_2022", "skynet_website_2023": "skynet_website_2023", "skynet_website_2024": "skynet_website_2024", "skynet_website_games": "skynet_website_games", @@ -1030,11 +1030,11 @@ "rev": "8987e33cb709e7f2c30017e77edf9161b87d9885", "revCount": 29, "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2021" + "url": "https://forgejo.skynet.ie/Skynet/website_2023" }, "original": { "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2021" + "url": "https://forgejo.skynet.ie/Skynet/website_2023" } }, "skynet_website_2003": { @@ -1094,25 +1094,25 @@ "url": "https://forgejo.skynet.ie/Skynet/website_2016" } }, - "skynet_website_2021": { + "skynet_website_2022": { "inputs": { "nixpkgs": "nixpkgs_17", "utils": "utils_10" }, "locked": { - "lastModified": 1689960297, - "narHash": "sha256-+43nNv4RSQMXMRGdN8xVKYs2B13w5FJtefuykYcpywM=", - "ref": "main", - "rev": "edd922c5b13fa1f520e8e265a3d6e4e189852b99", - "revCount": 6, + "lastModified": 1743727062, + "narHash": "sha256-myrgO0BU23zCD+mZnLfjmr/txjCWQizqlR72Hjv+E3s=", + "ref": "2022", + "rev": "687a0b1811987cfc27c2e6f5a625c4d59ef577c2", + "revCount": 30, "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2021" + "url": "https://forgejo.skynet.ie/Skynet/website_2023" }, "original": { - "ref": "main", - "rev": "edd922c5b13fa1f520e8e265a3d6e4e189852b99", + "ref": "2022", + "rev": "687a0b1811987cfc27c2e6f5a625c4d59ef577c2", "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2021" + "url": "https://forgejo.skynet.ie/Skynet/website_2023" } }, "skynet_website_2023": { @@ -1127,13 +1127,13 @@ "rev": "c4d61c753292bf73ed41b47b1607cfc92a82a191", "revCount": 12, "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2021" + "url": "https://forgejo.skynet.ie/Skynet/website_2023" }, "original": { "ref": "main", "rev": "c4d61c753292bf73ed41b47b1607cfc92a82a191", "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2021" + "url": "https://forgejo.skynet.ie/Skynet/website_2023" } }, "skynet_website_2024": { @@ -1148,13 +1148,13 @@ "rev": "8987e33cb709e7f2c30017e77edf9161b87d9885", "revCount": 29, "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2021" + "url": "https://forgejo.skynet.ie/Skynet/website_2023" }, "original": { "ref": "main", "rev": "8987e33cb709e7f2c30017e77edf9161b87d9885", "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2021" + "url": "https://forgejo.skynet.ie/Skynet/website_2023" } }, "skynet_website_games": { @@ -1490,11 +1490,11 @@ "systems": "systems_13" }, "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 95f2a0e..5c7dc2b 100644 --- a/flake.nix +++ b/flake.nix @@ -49,12 +49,12 @@ ################# # this should always point to teh current website - skynet_website.url = "git+https://forgejo.skynet.ie/Skynet/website_2021"; + skynet_website.url = "git+https://forgejo.skynet.ie/Skynet/website_2023"; # past versions of the current website - skynet_website_2024.url = "git+https://forgejo.skynet.ie/Skynet/website_2021?ref=main&rev=8987e33cb709e7f2c30017e77edf9161b87d9885"; - skynet_website_2023.url = "git+https://forgejo.skynet.ie/Skynet/website_2021?ref=main&rev=c4d61c753292bf73ed41b47b1607cfc92a82a191"; - skynet_website_2021.url = "git+https://forgejo.skynet.ie/Skynet/website_2021?ref=main&rev=edd922c5b13fa1f520e8e265a3d6e4e189852b99"; + skynet_website_2024.url = "git+https://forgejo.skynet.ie/Skynet/website_2023?ref=main&rev=8987e33cb709e7f2c30017e77edf9161b87d9885"; + skynet_website_2023.url = "git+https://forgejo.skynet.ie/Skynet/website_2023?ref=main&rev=c4d61c753292bf73ed41b47b1607cfc92a82a191"; + skynet_website_2022.url = "git+https://forgejo.skynet.ie/Skynet/website_2023?ref=2022&rev=687a0b1811987cfc27c2e6f5a625c4d59ef577c2"; skynet_website_2016.url = "git+https://forgejo.skynet.ie/Skynet/website_2016"; skynet_website_2006.url = "git+https://forgejo.skynet.ie/Skynet/website_2006"; From e5554963d1520772c9e855b6e4d08cff531b9e28 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 7 Apr 2025 00:07:38 +0100 Subject: [PATCH 738/826] feat: enable better repo searching --- applications/git/forgejo.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/applications/git/forgejo.nix b/applications/git/forgejo.nix index c7b3572..aa8fd86 100644 --- a/applications/git/forgejo.nix +++ b/applications/git/forgejo.nix @@ -105,6 +105,11 @@ in { DEFAULT_ACTIONS_URL = "github"; }; + indexer = { + # Will consume more disk space, but we have plenty of that + REPO_INDEXER_ENABLED = true; + }; + # Allow for signing off merge requests # "repository.signing" = { # SIGNING_KEY = "5B2DED0FE9F8627A"; From 9059554c586cea4a02215dd9fff0a2c1800f1135 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 7 Apr 2025 23:44:22 +0100 Subject: [PATCH 739/826] feat: re-enable the dns for the nuked server --- config/dns.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/config/dns.nix b/config/dns.nix index 636dede..ccb1df3 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -38,6 +38,11 @@ value = "193.1.99.86"; server = true; } + { + record = "nuked"; + r_type = "CNAME"; + value = "neuromancer.skynet.ie."; + } ] # non skynet domains ++ [ From cef7588212206d35c6bd3fcaac85fe6c43d24c80 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 7 Apr 2025 23:49:22 +0100 Subject: [PATCH 740/826] feat: got the 1996 site up and running --- applications/skynet.ie/skynet.ie.nix | 1 + flake.lock | 161 +++++++++++++++++++-------- flake.nix | 1 + 3 files changed, 116 insertions(+), 47 deletions(-) diff --git a/applications/skynet.ie/skynet.ie.nix b/applications/skynet.ie/skynet.ie.nix index 8a625f3..fb1bf69 100644 --- a/applications/skynet.ie/skynet.ie.nix +++ b/applications/skynet.ie/skynet.ie.nix @@ -18,6 +18,7 @@ in { (import ./old_site.nix {year = "2016";}) (import ./old_site.nix {year = "2006";}) (import ./old_site.nix {year = "2003";}) + (import ./old_site.nix {year = "1996";}) ]; options.services.skynet."${name}" = { diff --git a/flake.lock b/flake.lock index 65c6161..ee90678 100644 --- a/flake.lock +++ b/flake.lock @@ -47,7 +47,7 @@ "inputs": { "fenix": "fenix_2", "flakeCompat": "flakeCompat_2", - "nixpkgs": "nixpkgs_21" + "nixpkgs": "nixpkgs_22" }, "locked": { "lastModified": 1719514321, @@ -659,6 +659,20 @@ } }, "nixpkgs_16": { + "locked": { + "lastModified": 1741037377, + "narHash": "sha256-SvtvVKHaUX4Owb+PasySwZsoc5VUeTf1px34BByiOxw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "02032da4af073d0f6110540c8677f16d4be0117f", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_17": { "locked": { "lastModified": 1690026219, "narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=", @@ -672,7 +686,7 @@ "type": "indirect" } }, - "nixpkgs_17": { + "nixpkgs_18": { "locked": { "lastModified": 1724114134, "narHash": "sha256-V/w5MIQy4jTG/L7/V/AL2BF5gSEWCfxHVDQdzLBCV18=", @@ -686,27 +700,13 @@ "type": "indirect" } }, - "nixpkgs_18": { - "locked": { - "lastModified": 1689935543, - "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e43e2448161c0a2c4928abec4e16eae1516571bc", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, "nixpkgs_19": { "locked": { - "lastModified": 1724114134, - "narHash": "sha256-V/w5MIQy4jTG/L7/V/AL2BF5gSEWCfxHVDQdzLBCV18=", + "lastModified": 1689935543, + "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f02fa2f654c7bcc45f0e815c29d093da7f1245b4", + "rev": "e43e2448161c0a2c4928abec4e16eae1516571bc", "type": "github" }, "original": { @@ -731,6 +731,20 @@ } }, "nixpkgs_20": { + "locked": { + "lastModified": 1724114134, + "narHash": "sha256-V/w5MIQy4jTG/L7/V/AL2BF5gSEWCfxHVDQdzLBCV18=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f02fa2f654c7bcc45f0e815c29d093da7f1245b4", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_21": { "locked": { "lastModified": 1695978539, "narHash": "sha256-lta5HToBZMWZ2hl5CautNSUgIZViR41QxN7JKbMAjgQ=", @@ -744,7 +758,7 @@ "type": "indirect" } }, - "nixpkgs_21": { + "nixpkgs_22": { "locked": { "lastModified": 1668226844, "narHash": "sha256-G/S4FBWDAqHeBS/hfXwUCJbnaKnrQFoeeKwzvZEOgxM=", @@ -760,7 +774,7 @@ "type": "github" } }, - "nixpkgs_22": { + "nixpkgs_23": { "locked": { "lastModified": 1724395761, "narHash": "sha256-zRkDV/nbrnp3Y8oCADf5ETl1sDrdmAW6/bBVJ8EbIdQ=", @@ -891,6 +905,7 @@ "skynet_ldap_backend": "skynet_ldap_backend", "skynet_ldap_frontend": "skynet_ldap_frontend", "skynet_website": "skynet_website", + "skynet_website_1996": "skynet_website_1996", "skynet_website_2003": "skynet_website_2003", "skynet_website_2006": "skynet_website_2006", "skynet_website_2016": "skynet_website_2016", @@ -1037,11 +1052,30 @@ "url": "https://forgejo.skynet.ie/Skynet/website_2023" } }, - "skynet_website_2003": { + "skynet_website_1996": { "inputs": { "nixpkgs": "nixpkgs_14", "utils": "utils_7" }, + "locked": { + "lastModified": 1744063133, + "narHash": "sha256-MAevnJsxpaimUzJepL2BpbxlbRVCq3l9G990+LxNKEY=", + "ref": "refs/heads/main", + "rev": "3f9ef8b4ca0d65b059c0be1277bd2f0c7a9968fb", + "revCount": 10, + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/website_1996" + }, + "original": { + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/website_1996" + } + }, + "skynet_website_2003": { + "inputs": { + "nixpkgs": "nixpkgs_15", + "utils": "utils_8" + }, "locked": { "lastModified": 1743721206, "narHash": "sha256-n9JGscEsckoasfmvpWKJ0kifQp1KPw8MbWPHhmmkLCU=", @@ -1058,8 +1092,8 @@ }, "skynet_website_2006": { "inputs": { - "nixpkgs": "nixpkgs_15", - "utils": "utils_8" + "nixpkgs": "nixpkgs_16", + "utils": "utils_9" }, "locked": { "lastModified": 1743715699, @@ -1077,8 +1111,8 @@ }, "skynet_website_2016": { "inputs": { - "nixpkgs": "nixpkgs_16", - "utils": "utils_9" + "nixpkgs": "nixpkgs_17", + "utils": "utils_10" }, "locked": { "lastModified": 1743722645, @@ -1096,8 +1130,8 @@ }, "skynet_website_2022": { "inputs": { - "nixpkgs": "nixpkgs_17", - "utils": "utils_10" + "nixpkgs": "nixpkgs_18", + "utils": "utils_11" }, "locked": { "lastModified": 1743727062, @@ -1117,8 +1151,8 @@ }, "skynet_website_2023": { "inputs": { - "nixpkgs": "nixpkgs_18", - "utils": "utils_11" + "nixpkgs": "nixpkgs_19", + "utils": "utils_12" }, "locked": { "lastModified": 1696876711, @@ -1138,8 +1172,8 @@ }, "skynet_website_2024": { "inputs": { - "nixpkgs": "nixpkgs_19", - "utils": "utils_12" + "nixpkgs": "nixpkgs_20", + "utils": "utils_13" }, "locked": { "lastModified": 1732375016, @@ -1159,8 +1193,8 @@ }, "skynet_website_games": { "inputs": { - "nixpkgs": "nixpkgs_20", - "utils": "utils_13" + "nixpkgs": "nixpkgs_21", + "utils": "utils_14" }, "locked": { "lastModified": 1727122069, @@ -1179,8 +1213,8 @@ "skynet_website_wiki": { "inputs": { "alejandra": "alejandra_2", - "nixpkgs": "nixpkgs_22", - "utils": "utils_14" + "nixpkgs": "nixpkgs_23", + "utils": "utils_15" }, "locked": { "lastModified": 1739580335, @@ -1347,6 +1381,21 @@ "type": "github" } }, + "systems_18": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -1489,6 +1538,24 @@ "inputs": { "systems": "systems_13" }, + "locked": { + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_11": { + "inputs": { + "systems": "systems_14" + }, "locked": { "lastModified": 1710146030, "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", @@ -1503,9 +1570,9 @@ "type": "github" } }, - "utils_11": { + "utils_12": { "inputs": { - "systems": "systems_14" + "systems": "systems_15" }, "locked": { "lastModified": 1689068808, @@ -1521,9 +1588,9 @@ "type": "github" } }, - "utils_12": { + "utils_13": { "inputs": { - "systems": "systems_15" + "systems": "systems_16" }, "locked": { "lastModified": 1710146030, @@ -1539,9 +1606,9 @@ "type": "github" } }, - "utils_13": { + "utils_14": { "inputs": { - "systems": "systems_16" + "systems": "systems_17" }, "locked": { "lastModified": 1694529238, @@ -1557,9 +1624,9 @@ "type": "github" } }, - "utils_14": { + "utils_15": { "inputs": { - "systems": "systems_17" + "systems": "systems_18" }, "locked": { "lastModified": 1710146030, @@ -1706,11 +1773,11 @@ "systems": "systems_12" }, "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 5c7dc2b..214862d 100644 --- a/flake.nix +++ b/flake.nix @@ -59,6 +59,7 @@ skynet_website_2016.url = "git+https://forgejo.skynet.ie/Skynet/website_2016"; skynet_website_2006.url = "git+https://forgejo.skynet.ie/Skynet/website_2006"; skynet_website_2003.url = "git+https://forgejo.skynet.ie/Skynet/website_2003"; + skynet_website_1996.url = "git+https://forgejo.skynet.ie/Skynet/website_1996"; }; nixConfig = { From 82848f6f5ac18d7d428bbfa9ca3473d028b93e33 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 7 Apr 2025 23:51:45 +0100 Subject: [PATCH 741/826] tmp: leaving this here to work on teh ldap after my fyp demo day --- flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/flake.nix b/flake.nix index 214862d..fe31021 100644 --- a/flake.nix +++ b/flake.nix @@ -32,6 +32,7 @@ ### skynet backend ### ###################### skynet_ldap_backend.url = "git+https://forgejo.skynet.ie/Skynet/ldap_backend"; +# skynet_ldap_backend.url = "git+file:/_college/CompSoc/Skynet/ldap_backend?shallow=1"; skynet_ldap_frontend.url = "git+https://forgejo.skynet.ie/Skynet/ldap_frontend"; skynet_website_wiki.url = "git+https://forgejo.skynet.ie/Skynet/wiki"; skynet_website_games.url = "git+https://forgejo.skynet.ie/Skynet/website_games"; From 555d3d465df2cbbc58ea503243da320dc1cf2526 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 8 Apr 2025 00:15:39 +0100 Subject: [PATCH 742/826] feat: joys of being an admin, able to bend the rules for myself --- applications/git/forgejo.nix | 1 + flake.nix | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/applications/git/forgejo.nix b/applications/git/forgejo.nix index aa8fd86..51f2869 100644 --- a/applications/git/forgejo.nix +++ b/applications/git/forgejo.nix @@ -70,6 +70,7 @@ in { locations."/" = { proxyPass = "http://localhost:${toString cfg.forgejo.port}"; extraConfig = '' + add_header Content-Security-Policy "frame-ancestors 'self' https://silver.users.skynet.ie"; client_max_body_size 1000M; ''; }; diff --git a/flake.nix b/flake.nix index fe31021..c773a8c 100644 --- a/flake.nix +++ b/flake.nix @@ -32,7 +32,7 @@ ### skynet backend ### ###################### skynet_ldap_backend.url = "git+https://forgejo.skynet.ie/Skynet/ldap_backend"; -# skynet_ldap_backend.url = "git+file:/_college/CompSoc/Skynet/ldap_backend?shallow=1"; + # skynet_ldap_backend.url = "git+file:/_college/CompSoc/Skynet/ldap_backend?shallow=1"; skynet_ldap_frontend.url = "git+https://forgejo.skynet.ie/Skynet/ldap_frontend"; skynet_website_wiki.url = "git+https://forgejo.skynet.ie/Skynet/wiki"; skynet_website_games.url = "git+https://forgejo.skynet.ie/Skynet/website_games"; From 74c2a029cc6b22efa00a3077532bc62bfbbd9d6e Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Tue, 8 Apr 2025 13:21:04 +0000 Subject: [PATCH 743/826] Updated flake for skynet_website_1996 --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index ee90678..0e5fc9e 100644 --- a/flake.lock +++ b/flake.lock @@ -1058,11 +1058,11 @@ "utils": "utils_7" }, "locked": { - "lastModified": 1744063133, - "narHash": "sha256-MAevnJsxpaimUzJepL2BpbxlbRVCq3l9G990+LxNKEY=", + "lastModified": 1744118392, + "narHash": "sha256-0W+9obJUFjArArqULQ8pqJuFN5cY5ir0yRZPfhReh8I=", "ref": "refs/heads/main", - "rev": "3f9ef8b4ca0d65b059c0be1277bd2f0c7a9968fb", - "revCount": 10, + "rev": "19ec9fa4c4dafc68ce8b24653782598834a5405d", + "revCount": 13, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_1996" }, From c6a50e2d20731c2991302c2157d2d54d8d72a31d Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Tue, 8 Apr 2025 23:29:44 +0000 Subject: [PATCH 744/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 0e5fc9e..023973d 100644 --- a/flake.lock +++ b/flake.lock @@ -980,11 +980,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1741928371, - "narHash": "sha256-IhZQ8XJsQ1hmf3+plWSYEqw7dFjcgbPUhRWkpsQOrOk=", + "lastModified": 1744153580, + "narHash": "sha256-/De9zVIAGnAhvP2HxVukKQTHoAM8v9F4DhuaUsYGdv8=", "ref": "refs/heads/main", - "rev": "7f7e7ac598f4a9e03c5bd205f1507cd7a76394fe", - "revCount": 248, + "rev": "e7425588a6aa93af44b7f9f33d3b318992306bdb", + "revCount": 249, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From f7412b08fb57b9818a4aebe6f457f360ce16f392 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Thu, 24 Apr 2025 03:50:05 +0000 Subject: [PATCH 745/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 023973d..fb653aa 100644 --- a/flake.lock +++ b/flake.lock @@ -1217,11 +1217,11 @@ "utils": "utils_15" }, "locked": { - "lastModified": 1739580335, - "narHash": "sha256-n9LuI33Ycen3bLS/F5b6df7F61A2wpCRG7Cf1FeVRlc=", + "lastModified": 1745466454, + "narHash": "sha256-st63Yf+KzhrontRBVdlQ/TR6TXAqpoOHvP0VqEYTDY4=", "ref": "refs/heads/main", - "rev": "1df4c0bcd32414fee9bd7ef47bed1137d9f4576a", - "revCount": 126, + "rev": "e135e90a8ee46e57f35e6d74799a8e4ccaea70a9", + "revCount": 151, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 6390d090590b6212a1d3ccf2af9d25d98a10b522 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 29 Apr 2025 01:01:55 +0100 Subject: [PATCH 746/826] feat: all mail from our own internal mail gateway gets put into its own folder for everyone --- applications/email.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/applications/email.nix b/applications/email.nix index 2129de2..2341952 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -113,7 +113,11 @@ with lib; let address :domain ["To", "Cc"] "skynet.ie" ){ if address :matches ["To", "Cc"] "*@skynet.ie" { - if header :is "X-Spam" "Yes" { + # handle spam reports specifically for teh service accounts in each users inbox + if address :matches ["From"] "postmaster@mimi.skynet.ie" { + fileinto :create "''${1}.Spam_Report"; + stop; + } else if header :is "X-Spam" "Yes" { fileinto :create "''${1}.Junk"; stop; } else { @@ -122,6 +126,13 @@ with lib; let } } } + + # handle spam Reports for general users + if address :matches ["From"] "postmaster@mimi.skynet.ie" { + fileinto :create "INBOX..Spam_Report"; + stop; + } + if allof ( address :localpart ["From"] ["${toString create_config_to}"], address :domain ["From"] "skynet.ie" From b71a516fe44380becf635fca03f6bae0d4ebb9b2 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 8 May 2025 17:12:34 +0100 Subject: [PATCH 747/826] doc: add the request to open teh TF2/CSGO2 ports --- ITD/Firewall_Rules.csv | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ITD/Firewall_Rules.csv b/ITD/Firewall_Rules.csv index 76cd029..ebc5333 100644 --- a/ITD/Firewall_Rules.csv +++ b/ITD/Firewall_Rules.csv @@ -45,4 +45,5 @@ SKYNET_FIREWALL_00033,Add,i24-06-04_017,Complete,All,-,193.1.99.91,SKYNET00017,8 ,Add,i24-07-15_112,Denied,193.1.99.75,-,-,-,22,-,Response from ITD - 'Our IT Security team have advised that port 22 and port 2222 are only to be allowed through the VPN and will not be opened to allow inbound ssh connections directly from the internet' SKYNET_FIREWALL_00034,Add,i25-01-26_075,Complete,All,-,193.1.99.91,SKYNET00017,-,23318-23325,Ports for Minecraft Bedrock on the main games server. SKYNET_FIREWALL_00035,Add,i25-02-14_114,Complete,193.1.99.75,SKYNET00008,193.1.96.165,SKYNET00012,22,-,Allow our forgejo runner to access and deploy to teh external server -SKYNET_FIREWALL_00036,Add,i25-03-11_125,Complete,All,-,193.1.99.86,SKYNET00027,25,-,Email Filter \ No newline at end of file +SKYNET_FIREWALL_00036,Add,i25-03-11_125,Complete,All,-,193.1.99.86,SKYNET00027,25,-,Email Filter +SKYNET_FIREWALL_00037,Add,i25-03-30_018,Complete,All,-,193.1.99.91,SKYNET00017,27015/27016/27020,27015/27020,CSGO/TF2 Ports \ No newline at end of file From a7a7b8489a34f649e27fed2088ef600810793e75 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 13 May 2025 14:49:35 +0100 Subject: [PATCH 748/826] fix: sieve script had errors involving teh if else --- applications/email.nix | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/applications/email.nix b/applications/email.nix index 2341952..72fd7ea 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -117,19 +117,21 @@ with lib; let if address :matches ["From"] "postmaster@mimi.skynet.ie" { fileinto :create "''${1}.Spam_Report"; stop; - } else if header :is "X-Spam" "Yes" { - fileinto :create "''${1}.Junk"; - stop; } else { - fileinto :create "''${1}"; - stop; + if header :is "X-Spam" "Yes" { + fileinto :create "''${1}.Junk"; + stop; + } else { + fileinto :create "''${1}"; + stop; + } } } } # handle spam Reports for general users if address :matches ["From"] "postmaster@mimi.skynet.ie" { - fileinto :create "INBOX..Spam_Report"; + fileinto :create "INBOX.Spam_Report"; stop; } From 5e33119b147696794422ecbee035c17d7800c5eb Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 13 May 2025 15:21:06 +0100 Subject: [PATCH 749/826] feat: better sieve script --- applications/email.nix | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/applications/email.nix b/applications/email.nix index 72fd7ea..4808c35 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -106,10 +106,11 @@ with lib; let require ["fileinto", "reject"]; require "variables"; require "regex"; + require "subaddress"; # this should be close to teh last step if allof ( - address :localpart ["To", "Cc"] ["${toString create_config_to}"], + address :user ["To", "Cc"] ["${toString create_config_to}"], address :domain ["To", "Cc"] "skynet.ie" ){ if address :matches ["To", "Cc"] "*@skynet.ie" { @@ -118,12 +119,21 @@ with lib; let fileinto :create "''${1}.Spam_Report"; stop; } else { - if header :is "X-Spam" "Yes" { - fileinto :create "''${1}.Junk"; - stop; + # no detail, proceed normally + if address :detail ["To", "Cc"] "" { + if header :is "X-Spam" "Yes" { + fileinto :create "''${1}.Junk"; + stop; + } else { + fileinto :create "''${1}"; + stop; + } } else { - fileinto :create "''${1}"; - stop; + # user+subdir + if address :matches ["To", "Cc"] "*+*@skynet.ie" { + fileinto :create "''${1}.''${2}"; + stop; + } } } } From 575a617a10adf85e52edaf334034790d1d2db967 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 13 May 2025 16:17:07 +0100 Subject: [PATCH 750/826] fix: the gateway does spf checking, so no need to do it twice --- applications/email.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/applications/email.nix b/applications/email.nix index 4808c35..8c49dcd 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -490,6 +490,10 @@ in { # 20MB max size messageSizeLimit = 20000000; + policydSPFExtraConfig = '' + skip_addresses = 193.1.99.86/32 + ''; + ldap = { enable = true; uris = cfg.ldap.hosts; From 14732ead0fda42ab64427a392472bb12dead2e0b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 15 May 2025 00:41:15 +0100 Subject: [PATCH 751/826] fix: simplify sieve script --- applications/email.nix | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/applications/email.nix b/applications/email.nix index 8c49dcd..ec5e2a6 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -118,23 +118,21 @@ with lib; let if address :matches ["From"] "postmaster@mimi.skynet.ie" { fileinto :create "''${1}.Spam_Report"; stop; + } + + # user+subdir + if address :matches ["To", "Cc"] "*+*@skynet.ie" { + fileinto :create "''${1}.''${2}"; + stop; + } + + # no detail, proceed normally + if header :is "X-Spam" "Yes" { + fileinto :create "''${1}.Junk"; + stop; } else { - # no detail, proceed normally - if address :detail ["To", "Cc"] "" { - if header :is "X-Spam" "Yes" { - fileinto :create "''${1}.Junk"; - stop; - } else { - fileinto :create "''${1}"; - stop; - } - } else { - # user+subdir - if address :matches ["To", "Cc"] "*+*@skynet.ie" { - fileinto :create "''${1}.''${2}"; - stop; - } - } + fileinto :create "''${1}"; + stop; } } } From b600af4ff5d87f4976531ee1fa34294690bc5f2a Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 15 May 2025 00:44:17 +0100 Subject: [PATCH 752/826] feat: add the gateway ip to teh rspamd whitelist --- applications/email.nix | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/applications/email.nix b/applications/email.nix index ec5e2a6..9c972b4 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -563,14 +563,23 @@ in { }; # tune the spam filter - /* - services.rspamd.extraConfig = '' - actions { - reject = null; # Disable rejects, default is 15 - add_header = 7; # Add header when reaching this score - greylist = 4; # Apply greylisting when reaching this score - } - ''; - */ + services.rspamd.locals = { + "multimap.conf" = { + text = '' + IP_WHITELIST { + type = "ip"; + prefilter = true; + map = "/etc/rspamd/local.d/ip_whitelist.map"; + action = "accept"; + } + ''; + }; + + "ip_whitelist.map" = { + text = '' + 193.1.99.86 + ''; + }; + }; }; } From 53c1869f8a656f58977ec121466fdffa6117ec52 Mon Sep 17 00:00:00 2001 From: silver <+silver@users.noreply.github.com> Date: Fri, 6 Jun 2025 16:21:50 +0000 Subject: [PATCH 753/826] Updated flake for skynet_ldap_backend --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index fb653aa..6d50b52 100644 --- a/flake.lock +++ b/flake.lock @@ -1001,11 +1001,11 @@ "utils": "utils_4" }, "locked": { - "lastModified": 1741691220, - "narHash": "sha256-OSRyKWVqSdeciy1DGYh63fxs7SbppeGRu8/ui54sTtc=", + "lastModified": 1745459480, + "narHash": "sha256-ER4nCZQrbTmeRE+P+xm1T9GjBf4YvgeTMrOMGandmkE=", "ref": "refs/heads/main", - "rev": "35896efa04bb50e2342946e33367245b1cb4460e", - "revCount": 246, + "rev": "b714571b85bcd80600c743d3da4c840ff83adb86", + "revCount": 247, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/ldap_backend" }, From d1929bfca25e3463c94977b90f8b94b98b713c9f Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Mon, 16 Jun 2025 13:20:09 +0000 Subject: [PATCH 754/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 6d50b52..0b48129 100644 --- a/flake.lock +++ b/flake.lock @@ -980,11 +980,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1744153580, - "narHash": "sha256-/De9zVIAGnAhvP2HxVukKQTHoAM8v9F4DhuaUsYGdv8=", + "lastModified": 1750079273, + "narHash": "sha256-Z3N6AsyKLwFyJzUrBgrpWV8oXSIfplhNVYn7IyZYG0U=", "ref": "refs/heads/main", - "rev": "e7425588a6aa93af44b7f9f33d3b318992306bdb", - "revCount": 249, + "rev": "8560ed6de541dbe64f00b8ea1bb3a334a9d33f70", + "revCount": 252, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 8591ccd97c6dc442696e36c804e5134cd6844ae2 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 16 Jun 2025 21:10:53 +0100 Subject: [PATCH 755/826] fix: for some reason this secret had gotten renamed --- secrets/secrets.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 2428526..db5670f 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -136,7 +136,7 @@ in { "backup/restic_pw.age".publicKeys = users ++ restic; # discord bot and discord - "discord/token1.age".publicKeys = users ++ discord; + "discord/token.age".publicKeys = users ++ discord; # email stuff "email/details.age".publicKeys = users ++ ldap ++ discord; From ef5cc7dba879b3bc86c6bbb1ee4d42c530af3718 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 16 Jun 2025 21:12:02 +0100 Subject: [PATCH 756/826] feat: added ``COMPSOC_DISCORD`` and expanded ``COMMITTEE_CATEGORY`` --- secrets/wolves/details.age | Bin 1943 -> 2048 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/secrets/wolves/details.age b/secrets/wolves/details.age index 27a607684bf92907023fdfcfe23453a9f1c69d55..2dd6bfac53a4a5d0cb6c04b5a539f823304f5429 100644 GIT binary patch delta 1932 zcmbQv-ykqSr#>Phz{ADGyTY_MCrdji)uPJP%fiptH$9}(sWQ~H&{e;}(jcX>#GouR zk}EqgEz>PC%*WT;Bg`YRz{$WhG`KL!Ij1lv$S2ZJKRwH_FgQY6yClEdmrK`9p}06h zH#Nn`)YQ;Y!6cw6DnDJJpv)vYH!-_BH!VHG-!dXA+|4B1B_l1_$gr#`E5M}0tkA76 zA|=1lQa{&|%h0H>)X_g6-9IBN*E`iY+`OzP(cRO?ud>)HBP%u6*f-3=sKPrh-6Al1 z;z#lDY=bPFUJh+0`tIPf1|R{v?v$HjEX=mZ_6S# z|1b-uk_vzGQj@$QPou0tQ|}CC@4}?SbR&f(zUfgZhWcfx zsm2v1=7FWTIZjUQCQ%VC#${z?=J}3g#h%H5UX>YvWmU;shQ(Fkt|q>Pfv%MUWO^@CdE0H#R18a&oYYFnC1(U?7?fFt6{i%tTl!~3 z28Wqe1X(y`7KHg4YNsa}rdt|0nP(((WqCxnSR|VyXISQh+xmLLrmbw;u zmgi^(ghv>rSO%M#7ke3?$AEWOkwsCtLT*`LW^$l`f0=)AR)mF@e_4G}gpWl8O zc}{?3ut}-0vv+R3qqnDHI#+mZQl7hER+4#=Nk~q(tD}BssB4J1g}HgEftg!*xMfOc zL}8?JftP`gE4p=QnTdv}feH~WW|d}zKFP^J$w`43UKYgxW(Fq40YyPsRmti3Wm#nf zrsXcVrS4fi&dFScL1`J`z9y+TF5zkB>3M0PIT`Nm6-HjAmbpHG0p>orL3xqMY5Bex z>7kPoS;XtpoGo3GLvxEOOmixIQ%$n zOud`~5*^bm({hSk3xji0!aaP01Ka}ii?dCma$F38vdmnHxhnMYGO~+{EBt)JBhp=R zN<;np{3?rri!(g^QVI-w3Q_|~Q_?ewLfz7eAt6_iZ5mn>mXn`Xo|EHTo*10rVU|&* zoss0_6qQ(#YvSaVUJ#U-=I&UY%oVEdVd0qMnXPYDnO0nuZC;vbpdXf;RpMpgYGIJ= z>0z23oSu^yTAAXK&84fWt6=O?6=v!mSQX^u7M`6Q8JJ~WoSC1K66N7s=~fbD;im2A zTW?;PR_<@&>C3fv+VnSHB^ys=8SnHB%==%PwDL*O^m%%}SKeN=_G@tJ?wcOBla-(4 zF)h^$-1h6<>X;ID-}jrQ_x_$}d0C?Gnct7?&f(ot3_^~o{11F<*xqtpaDTTV-|B3; zKZbVOe>Cea>TkZEGH=`2qRZ1ib$&eYcJZSduY0Gk)o*A$_NwCV_Dg2|Cz_6F1Y7O+ z`O|(PYsyW%3&*PVsw>BTaMjE$m!PBYmcm)B2K%V-|}YH znSeFUFM__AIzQ8N>9sm_Hy*7S1QedB&2`gT@uYrNnNS=jPfafBdmTFTVfx^P5MRH5EOhRRcF}4*R_Otdad}gH31s|1PO? z>9O^@H1|$hNg|WFgSM2sbw{_){TIozHaF-^UTgbbpZ~+GliMe)JhzH>=Hw5*8@0W8 z9OKTjO~3Z-+`5LVHjA8P_%`Rde$DavJrCzy zW?x~jwb-ib>mP2H$yWb)-ygNoH@WBJow>(1$1~yY$K<(wSGs0y)O_>jLhP%%$LC85 ztUldT;oSI7@T}tfe7R{g$}dYdHPzm!?@yes$du^y!Wm)8t0m zGpE0mUhxgyH|Om2wxi4wr%YdJtG9Ih!acqHU*m3DEVf?Dvh}xUMRitVw}t+eIMW6F zD|$M2bEdzW^4ra*?83)0VjG&L$vsLfFi*KUgZ*f#{KT}VWxu0N2fjK|9KTscTK&U5 zb;iB*iYud41%GBo@d(B-+Y7I*ykj@vwdcC%j2Mxo>Th>aj%r5#iFAKZC_8E0fzQT9 zo2U2r#+ffau(WjbO`&RyC%uolIU0(l3&&gXB_Enl;Z)vQwPq2+v(33@iob`g*1snw z;8T`!X5)0DRdVld^xbEXFT4_vH7#M$6KzRbu6-Y!GT6`9&&kEottvA#G$f-WluOr6p}06h zH#Nn`)YQ;Y!6cw6DnDHzwf(j)7SgftERj zZcZt_Nma@DW*$jZo{>QT1&*Eu#TCwG!A9XG9&V+f6$a&8+1Vz61$jvU#?Jn^L75)K z<`zY621W%Q1?4$8{$2(7spjF9m2Sp?Mj-~1&oYYFXIVy+N4lB$d6jcoen?2F zrManBp0A;4MnPtvk6%PyHdl~QMMz4CXGy7Fv2TPyPD!b|TY6eaRBCRpzJG?RMO9X2 zxnWqIacQVwKDu>jnTdv}feHbs!69Bb8AXmpjvfY?A;rb1My5qkRYop3=8jRBrKR5b zrf%tG1?4&U9_d_3jvjv6Nu~wP&XyLYdD*Txm1*WFh83Y+#zmIdsg8aI{fu3UON|NwJWPv^_EZi(zEX&fIg7lNZGSU*mBU1u=oWk-PGqi)Xv%_<9B7##2v`x^xQW{m|WSp*G z;8gked5t?ZnmSY%dUglAl=o?a1?v$I&W#Ne89dPupaWqN^WSy7Nhc}cm4FIQD&iE&U>dUf z6HW7-%L)y&({eNPOACvW%}R>Pa}2o3Bg?(L%p?3F!~GpIa@?arJPMpVA}q2BE4BSg z0t1~&^a~5K+=DF4!#%llb#)ayEs~7Wf3>-b^y=#qpu_oekUcj{x`N1O8BzLx#O<4ldSQE0#Wlhe>sq+-?CL5kuuIDZMq3-%pK4#%5%rt%=W9(&m)iUGfVr{?r*YI5&QOEiMyH;w&Iwx)6QRCygVk%V=s>Q z%X_KI_u%cHGjH>?{Z6YowPlsr&TpUg%Vd4iJ+J+@DaRs1yIuMBZzg`7`h{CfwI1`7 zadBSK*}5!e;j1g2dmevjJ^A2Wics?7TQXB`I3;yy``e$WdCju0GGFW82DL}at2ZY^ zN!-7n#B?WxOM022=c%N%tU@O@Etxkze!`Dt<~0*jVyss7_)Tv%W=d+rsXCyO<5 zV}sJN_!DPN3J9{%j(mLei`V+iH`3hez31#+7Vu}$>{}nF#V23p_2QcOVeg@{g?Uiie0!W=j4erTJr v=ewioq&ttpR$AI^wwN}1j->Fi$^~!Iv=xtiy1QSj@|m%VF?Xt**bhMft)|Yh From 1131f51382f2c50b3d5c037c76149120155c78a5 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Tue, 17 Jun 2025 16:33:17 +0000 Subject: [PATCH 757/826] Updated flake for skynet_discord_bot --- flake.lock | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 0b48129..5975f6d 100644 --- a/flake.lock +++ b/flake.lock @@ -558,6 +558,22 @@ } }, "nixpkgs-mozilla": { + "flake": false, + "locked": { + "lastModified": 1744624473, + "narHash": "sha256-S6zT/w5SyAkJ//dYdjbrXgm+6Vkd/k7qqUl4WgZ6jjk=", + "owner": "mozilla", + "repo": "nixpkgs-mozilla", + "rev": "2292d4b35aa854e312ad2e95c4bb5c293656f21a", + "type": "github" + }, + "original": { + "owner": "mozilla", + "repo": "nixpkgs-mozilla", + "type": "github" + } + }, + "nixpkgs-mozilla_2": { "flake": false, "locked": { "lastModified": 1740762144, @@ -977,14 +993,15 @@ "inputs": { "naersk": "naersk_2", "nixpkgs": "nixpkgs_9", + "nixpkgs-mozilla": "nixpkgs-mozilla", "utils": "utils_3" }, "locked": { - "lastModified": 1750079273, - "narHash": "sha256-Z3N6AsyKLwFyJzUrBgrpWV8oXSIfplhNVYn7IyZYG0U=", + "lastModified": 1750173717, + "narHash": "sha256-eyBR9LqrzTH6pSKJi3sgZC4ascjcmqBaaLUZUpTQ1BY=", "ref": "refs/heads/main", - "rev": "8560ed6de541dbe64f00b8ea1bb3a334a9d33f70", - "revCount": 252, + "rev": "3a56d7bba5fa2ca562ab5288f8799339cdc947e3", + "revCount": 286, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, @@ -997,7 +1014,7 @@ "inputs": { "naersk": "naersk_3", "nixpkgs": "nixpkgs_11", - "nixpkgs-mozilla": "nixpkgs-mozilla", + "nixpkgs-mozilla": "nixpkgs-mozilla_2", "utils": "utils_4" }, "locked": { From 6bd5061c04b32874491d9be75df65507cb77b0bf Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 17 Jun 2025 17:41:24 +0100 Subject: [PATCH 758/826] feat: some minor improvements to teh devshell --- flake.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index c773a8c..b1402af 100644 --- a/flake.nix +++ b/flake.nix @@ -64,7 +64,6 @@ }; nixConfig = { - bash-prompt-suffix = "[Skynet Dev] "; extra-substituters = "https://nix-cache.skynet.ie/skynet-cache"; extra-trusted-public-keys = "skynet-cache:zMFLzcRZPhUpjXUy8SF8Cf7KGAZwo98SKrzeXvdWABo="; }; @@ -82,7 +81,7 @@ formatter.x86_64-linux = alejandra.defaultPackage."x86_64-linux"; devShells.x86_64-linux.default = pkgs.mkShell { - name = "Skynet build env"; + name = "Skynet"; nativeBuildInputs = [ pkgs.buildPackages.git colmena.defaultPackage."x86_64-linux" @@ -90,7 +89,7 @@ pkgs.buildPackages.nmap ]; buildInputs = [agenix.packages.x86_64-linux.default]; - shellHook = ''export EDITOR="${pkgs.nano}/bin/nano --nonewlines"; unset LD_LIBRARY_PATH;''; + shellHook = ''export PROMPT_DIRTRIM=3; export PS1="[Skynet] \w:\$ "''; }; colmena = { From 5744a0575f7dae9f6ef1df7a329f76c10b1f576c Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 17 Jun 2025 19:53:44 +0100 Subject: [PATCH 759/826] feat: update nixpkgs and the mailserver --- applications/email.nix | 12 +++--- flake.lock | 86 +++++++++++++++++++++++++++++++++--------- 2 files changed, 75 insertions(+), 23 deletions(-) diff --git a/applications/email.nix b/applications/email.nix index 9c972b4..d7a6381 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -470,6 +470,8 @@ in { mailserver = { enable = true; + stateVersion = 1; + fqdn = "${cfg.sub}.${cfg.domain}"; domains = [ cfg.domain @@ -488,9 +490,9 @@ in { # 20MB max size messageSizeLimit = 20000000; - policydSPFExtraConfig = '' - skip_addresses = 193.1.99.86/32 - ''; + # policydSPFExtraConfig = '' + # skip_addresses = 193.1.99.86/32 + # ''; ldap = { enable = true; @@ -504,13 +506,13 @@ in { searchScope = "sub"; dovecot = { - userFilter = "(skMail=%u)"; + userFilter = "(skMail=%{user})"; # can lock down how much space each user has access to from ldap userAttrs = "quotaEmail=quota_rule=*:bytes=%$,=quota_rule2=Trash:storage=+100M"; # accept emails in, but only allow access to paid up members - passFilter = "(&(|${create_filter cfg.groups})(skMail=%u))"; + passFilter = "(&(|${create_filter cfg.groups})(skMail=%{user}))"; }; postfix = { diff --git a/flake.lock b/flake.lock index 5975f6d..804e475 100644 --- a/flake.lock +++ b/flake.lock @@ -247,11 +247,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -379,6 +379,54 @@ "type": "github" } }, + "git-hooks": { + "inputs": { + "flake-compat": [ + "simple-nixos-mailserver", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "simple-nixos-mailserver", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1749636823, + "narHash": "sha256-WUaIlOlPLyPgz9be7fqWJA5iG6rHcGRtLERSCfUDne4=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "623c56286de5a3193aa38891a6991b28f9bab056", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "simple-nixos-mailserver", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "haskell-flake": { "locked": { "lastModified": 1675296942, @@ -542,19 +590,20 @@ "type": "github" } }, - "nixpkgs-24_05": { + "nixpkgs-25_05": { "locked": { - "lastModified": 1717144377, - "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", + "lastModified": 1749727998, + "narHash": "sha256-mHv/yeUbmL91/TvV95p+mBVahm9mdQMJoqaTVTALaFw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "805a384895c696f802a9bf5bf4720f37385df547", + "rev": "fd487183437963a59ba763c0cc4f27e3447dd6dd", "type": "github" }, "original": { - "id": "nixpkgs", - "ref": "nixos-24.05", - "type": "indirect" + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs-mozilla": { @@ -864,11 +913,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1739214665, - "narHash": "sha256-26L8VAu3/1YRxS8MHgBOyOM8xALdo6N0I04PgorE7UM=", + "lastModified": 1749794982, + "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "64e75cd44acf21c7933d61d7721e812eac1b5a0a", + "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81", "type": "github" }, "original": { @@ -970,17 +1019,18 @@ "inputs": { "blobs": "blobs", "flake-compat": "flake-compat_2", + "git-hooks": "git-hooks", "nixpkgs": [ "nixpkgs" ], - "nixpkgs-24_05": "nixpkgs-24_05" + "nixpkgs-25_05": "nixpkgs-25_05" }, "locked": { - "lastModified": 1723233349, - "narHash": "sha256-0NqGJ+wFxmK6DEEvlZ+jGMdDkIaQ+S54kBStwkGUaO8=", + "lastModified": 1750183846, + "narHash": "sha256-owKJ2rsa/0WVZQAprlbqgVAAGlz3MFuvgNea3+ic4fs=", "ref": "refs/heads/master", - "rev": "a98a93cf22cd53a92143703a0a5b6f76438a15ba", - "revCount": 594, + "rev": "c097bd662c9e1aea8c1fca10d57188e81c5574a0", + "revCount": 743, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/misc_nixos-mailserver" }, From f010291c57017e45bba736e79c7091a4e448b855 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 17 Jun 2025 20:13:48 +0100 Subject: [PATCH 760/826] feat: dont tie lix to nixpkgs This will mean that it will only be built again once the package is updated --- flake.lock | 156 +++++++++++++++++++++++++++++------------------------ flake.nix | 2 +- 2 files changed, 86 insertions(+), 72 deletions(-) diff --git a/flake.lock b/flake.lock index 804e475..f922c31 100644 --- a/flake.lock +++ b/flake.lock @@ -47,7 +47,7 @@ "inputs": { "fenix": "fenix_2", "flakeCompat": "flakeCompat_2", - "nixpkgs": "nixpkgs_22" + "nixpkgs": "nixpkgs_23" }, "locked": { "lastModified": 1719514321, @@ -483,9 +483,7 @@ "flake-utils": "flake-utils_3", "flakey-profile": "flakey-profile", "lix": "lix", - "nixpkgs": [ - "nixpkgs" - ] + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1737237494, @@ -519,7 +517,7 @@ }, "naersk_2": { "inputs": { - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1721727458, @@ -537,7 +535,7 @@ }, "naersk_3": { "inputs": { - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_11" }, "locked": { "lastModified": 1739824009, @@ -639,6 +637,21 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1722995383, + "narHash": "sha256-UzuXo7ZM8ZK0SkWFhHocKkLSGQPHS4JxaE1jvVR4fUo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "957d95fc8b9bf1eb60d43f8d2eba352b71bbf2be", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1741462378, "narHash": "sha256-ZF3YOjq+vTcH51S+qWa1oGA9FgmdJ67nTNPG2OIlXDc=", @@ -652,7 +665,7 @@ "type": "indirect" } }, - "nixpkgs_11": { + "nixpkgs_12": { "locked": { "lastModified": 1741513245, "narHash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=", @@ -667,7 +680,7 @@ "type": "indirect" } }, - "nixpkgs_12": { + "nixpkgs_13": { "locked": { "lastModified": 1687274257, "narHash": "sha256-TutzPriQcZ8FghDhEolnHcYU2oHIG5XWF+/SUBNnAOE=", @@ -681,7 +694,7 @@ "type": "indirect" } }, - "nixpkgs_13": { + "nixpkgs_14": { "locked": { "lastModified": 1724114134, "narHash": "sha256-V/w5MIQy4jTG/L7/V/AL2BF5gSEWCfxHVDQdzLBCV18=", @@ -695,20 +708,6 @@ "type": "indirect" } }, - "nixpkgs_14": { - "locked": { - "lastModified": 1741037377, - "narHash": "sha256-SvtvVKHaUX4Owb+PasySwZsoc5VUeTf1px34BByiOxw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "02032da4af073d0f6110540c8677f16d4be0117f", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, "nixpkgs_15": { "locked": { "lastModified": 1741037377, @@ -738,6 +737,20 @@ } }, "nixpkgs_17": { + "locked": { + "lastModified": 1741037377, + "narHash": "sha256-SvtvVKHaUX4Owb+PasySwZsoc5VUeTf1px34BByiOxw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "02032da4af073d0f6110540c8677f16d4be0117f", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_18": { "locked": { "lastModified": 1690026219, "narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=", @@ -751,7 +764,7 @@ "type": "indirect" } }, - "nixpkgs_18": { + "nixpkgs_19": { "locked": { "lastModified": 1724114134, "narHash": "sha256-V/w5MIQy4jTG/L7/V/AL2BF5gSEWCfxHVDQdzLBCV18=", @@ -765,20 +778,6 @@ "type": "indirect" } }, - "nixpkgs_19": { - "locked": { - "lastModified": 1689935543, - "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e43e2448161c0a2c4928abec4e16eae1516571bc", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1733212471, @@ -796,6 +795,20 @@ } }, "nixpkgs_20": { + "locked": { + "lastModified": 1689935543, + "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e43e2448161c0a2c4928abec4e16eae1516571bc", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_21": { "locked": { "lastModified": 1724114134, "narHash": "sha256-V/w5MIQy4jTG/L7/V/AL2BF5gSEWCfxHVDQdzLBCV18=", @@ -809,7 +822,7 @@ "type": "indirect" } }, - "nixpkgs_21": { + "nixpkgs_22": { "locked": { "lastModified": 1695978539, "narHash": "sha256-lta5HToBZMWZ2hl5CautNSUgIZViR41QxN7JKbMAjgQ=", @@ -823,7 +836,7 @@ "type": "indirect" } }, - "nixpkgs_22": { + "nixpkgs_23": { "locked": { "lastModified": 1668226844, "narHash": "sha256-G/S4FBWDAqHeBS/hfXwUCJbnaKnrQFoeeKwzvZEOgxM=", @@ -839,7 +852,7 @@ "type": "github" } }, - "nixpkgs_23": { + "nixpkgs_24": { "locked": { "lastModified": 1724395761, "narHash": "sha256-zRkDV/nbrnp3Y8oCADf5ETl1sDrdmAW6/bBVJ8EbIdQ=", @@ -912,6 +925,22 @@ } }, "nixpkgs_7": { + "locked": { + "lastModified": 1749794982, + "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { "locked": { "lastModified": 1749794982, "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=", @@ -926,7 +955,7 @@ "type": "indirect" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1723151389, "narHash": "sha256-9AVY0ReCmSGXHrlx78+1RrqcDgVSRhHUKDVV1LLBy28=", @@ -940,21 +969,6 @@ "type": "indirect" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1722995383, - "narHash": "sha256-UzuXo7ZM8ZK0SkWFhHocKkLSGQPHS4JxaE1jvVR4fUo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "957d95fc8b9bf1eb60d43f8d2eba352b71bbf2be", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-unstable", - "type": "indirect" - } - }, "root": { "inputs": { "agenix": "agenix", @@ -964,7 +978,7 @@ "compsoc_public": "compsoc_public", "flake-utils": "flake-utils_2", "lix-module": "lix-module", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "simple-nixos-mailserver": "simple-nixos-mailserver", "skynet_discord_bot": "skynet_discord_bot", "skynet_ldap_backend": "skynet_ldap_backend", @@ -1042,7 +1056,7 @@ "skynet_discord_bot": { "inputs": { "naersk": "naersk_2", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_10", "nixpkgs-mozilla": "nixpkgs-mozilla", "utils": "utils_3" }, @@ -1063,7 +1077,7 @@ "skynet_ldap_backend": { "inputs": { "naersk": "naersk_3", - "nixpkgs": "nixpkgs_11", + "nixpkgs": "nixpkgs_12", "nixpkgs-mozilla": "nixpkgs-mozilla_2", "utils": "utils_4" }, @@ -1083,7 +1097,7 @@ }, "skynet_ldap_frontend": { "inputs": { - "nixpkgs": "nixpkgs_12", + "nixpkgs": "nixpkgs_13", "utils": "utils_5" }, "locked": { @@ -1102,7 +1116,7 @@ }, "skynet_website": { "inputs": { - "nixpkgs": "nixpkgs_13", + "nixpkgs": "nixpkgs_14", "utils": "utils_6" }, "locked": { @@ -1121,7 +1135,7 @@ }, "skynet_website_1996": { "inputs": { - "nixpkgs": "nixpkgs_14", + "nixpkgs": "nixpkgs_15", "utils": "utils_7" }, "locked": { @@ -1140,7 +1154,7 @@ }, "skynet_website_2003": { "inputs": { - "nixpkgs": "nixpkgs_15", + "nixpkgs": "nixpkgs_16", "utils": "utils_8" }, "locked": { @@ -1159,7 +1173,7 @@ }, "skynet_website_2006": { "inputs": { - "nixpkgs": "nixpkgs_16", + "nixpkgs": "nixpkgs_17", "utils": "utils_9" }, "locked": { @@ -1178,7 +1192,7 @@ }, "skynet_website_2016": { "inputs": { - "nixpkgs": "nixpkgs_17", + "nixpkgs": "nixpkgs_18", "utils": "utils_10" }, "locked": { @@ -1197,7 +1211,7 @@ }, "skynet_website_2022": { "inputs": { - "nixpkgs": "nixpkgs_18", + "nixpkgs": "nixpkgs_19", "utils": "utils_11" }, "locked": { @@ -1218,7 +1232,7 @@ }, "skynet_website_2023": { "inputs": { - "nixpkgs": "nixpkgs_19", + "nixpkgs": "nixpkgs_20", "utils": "utils_12" }, "locked": { @@ -1239,7 +1253,7 @@ }, "skynet_website_2024": { "inputs": { - "nixpkgs": "nixpkgs_20", + "nixpkgs": "nixpkgs_21", "utils": "utils_13" }, "locked": { @@ -1260,7 +1274,7 @@ }, "skynet_website_games": { "inputs": { - "nixpkgs": "nixpkgs_21", + "nixpkgs": "nixpkgs_22", "utils": "utils_14" }, "locked": { @@ -1280,7 +1294,7 @@ "skynet_website_wiki": { "inputs": { "alejandra": "alejandra_2", - "nixpkgs": "nixpkgs_23", + "nixpkgs": "nixpkgs_24", "utils": "utils_15" }, "locked": { diff --git a/flake.nix b/flake.nix index b1402af..cf722be 100644 --- a/flake.nix +++ b/flake.nix @@ -9,7 +9,7 @@ lix-module = { url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0.tar.gz"; - inputs.nixpkgs.follows = "nixpkgs"; + # inputs.nixpkgs.follows = "nixpkgs"; }; # utility stuff From 4ff68b45f78820f6cded83f9f2dce6e49811df8e Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 17 Jun 2025 20:50:01 +0100 Subject: [PATCH 761/826] feat: bump the lix version This will mean that it will only be built again once the package is updated --- flake.lock | 20 ++++++++++---------- flake.nix | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/flake.lock b/flake.lock index f922c31..b55bbe0 100644 --- a/flake.lock +++ b/flake.lock @@ -467,15 +467,15 @@ "lix": { "flake": false, "locked": { - "lastModified": 1737234286, - "narHash": "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=", - "rev": "2837da71ec1588c1187d2e554719b15904a46c8b", + "lastModified": 1746827285, + "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=", + "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2837da71ec1588c1187d2e554719b15904a46c8b.tar.gz?rev=2837da71ec1588c1187d2e554719b15904a46c8b" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?rev=47aad376c87e2e65967f17099277428e4b3f8e5a" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.92.0.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz" } }, "lix-module": { @@ -486,15 +486,15 @@ "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1737237494, - "narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=", - "rev": "b90bf629bbd835e61f1317b99e12f8c831017006", + "lastModified": 1746838955, + "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=", + "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/b90bf629bbd835e61f1317b99e12f8c831017006.tar.gz?rev=b90bf629bbd835e61f1317b99e12f8c831017006" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz?rev=cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz" } }, "naersk": { diff --git a/flake.nix b/flake.nix index cf722be..034dd7b 100644 --- a/flake.nix +++ b/flake.nix @@ -8,7 +8,7 @@ # nixpkgs.url = "nixpkgs/nixos-unstable"; lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"; # inputs.nixpkgs.follows = "nixpkgs"; }; From 79167f3966ee777e30b010b2b397274497ee051f Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 18 Jun 2025 01:57:35 +0100 Subject: [PATCH 762/826] fix: dnssec-validation needed to be set to auto, which is now its default value. https://bind9.readthedocs.io/en/v9.18.13/reference.html#namedconf-statement-dnssec-validation --- applications/dns/dns.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/dns/dns.nix b/applications/dns/dns.nix index da8577f..3286a98 100644 --- a/applications/dns/dns.nix +++ b/applications/dns/dns.nix @@ -369,7 +369,7 @@ in { # piles of no valid RRSIG resolving 'com/DS/IN' errors extraOptions = '' - dnssec-validation yes; + dnssec-validation auto; ''; # set the upstream dns servers From dfdc1e0fcc581887d023b8c495f499a4bab31216 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 18 Jun 2025 02:25:55 +0100 Subject: [PATCH 763/826] feat: the changes have been merged in, use the upstream module --- applications/proxmox-lxc.nix | 96 ------------------------------------ machines/_base.nix | 5 +- 2 files changed, 2 insertions(+), 99 deletions(-) delete mode 100644 applications/proxmox-lxc.nix diff --git a/applications/proxmox-lxc.nix b/applications/proxmox-lxc.nix deleted file mode 100644 index 9f1c970..0000000 --- a/applications/proxmox-lxc.nix +++ /dev/null @@ -1,96 +0,0 @@ -/* -Once https://github.com/NixOS/nixpkgs/pull/267764 is merged this can be removed -*/ -{ - config, - pkgs, - lib, - ... -}: -with lib; { - options.proxmoxLXC = { - enable = mkOption { - default = true; - type = types.bool; - description = lib.mdDoc "Whether to enable the Proxmox VE LXC module."; - }; - privileged = mkOption { - type = types.bool; - default = false; - description = '' - Whether to enable privileged mounts - ''; - }; - manageNetwork = mkOption { - type = types.bool; - default = false; - description = '' - Whether to manage network interfaces through nix options - When false, systemd-networkd is enabled to accept network - configuration from proxmox. - ''; - }; - manageHostName = mkOption { - type = types.bool; - default = false; - description = '' - Whether to manage hostname through nix options - When false, the hostname is picked up from /etc/hostname - populated by proxmox. - ''; - }; - }; - - config = let - cfg = config.proxmoxLXC; - in - mkIf cfg.enable { - system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix { - storeContents = [ - { - object = config.system.build.toplevel; - symlink = "none"; - } - ]; - - contents = [ - { - source = config.system.build.toplevel + "/init"; - target = "/sbin/init"; - } - ]; - - extraCommands = "mkdir -p root etc/systemd/network"; - }; - - boot = { - isContainer = true; - loader.initScript.enable = true; - }; - - console.enable = true; - - networking = mkIf (!cfg.manageNetwork) { - useDHCP = false; - useHostResolvConf = false; - useNetworkd = true; - # pick up hostname from /etc/hostname generated by proxmox - hostName = mkIf (!cfg.manageHostName) (mkForce ""); - }; - - services.openssh = { - enable = mkDefault true; - startWhenNeeded = mkDefault true; - }; - - systemd = { - mounts = mkIf (!cfg.privileged) [ - { - enable = false; - where = "/sys/kernel/debug"; - } - ]; - services."getty@".unitConfig.ConditionPathExists = ["" "/dev/%I"]; - }; - }; -} diff --git a/machines/_base.nix b/machines/_base.nix index 0fa84e6..18da744 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -11,9 +11,8 @@ with lib; let cfg = config.skynet; in { imports = [ - # custom lxc mocule until the patch gets merged in - ../applications/proxmox-lxc.nix - # (modulesPath + "/virtualisation/proxmox-lxc.nix") + # This is required for LXC to function properly + (modulesPath + "/virtualisation/proxmox-lxc.nix") # for the secrets inputs.agenix.nixosModules.default From 4fc1071225184d9ca2e74a04a2a9d54674a1a4aa Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 18 Jun 2025 03:14:04 +0100 Subject: [PATCH 764/826] temp: temp switch the dns servers since the recent changes left them unavailable --- machines/vendetta.nix | 2 +- machines/vigil.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/machines/vendetta.nix b/machines/vendetta.nix index 3cff501..7b89f84 100644 --- a/machines/vendetta.nix +++ b/machines/vendetta.nix @@ -57,7 +57,7 @@ in { server = { enable = true; # primary dns server (ns1) - primary = true; + primary = false; ip = ip_pub; }; }; diff --git a/machines/vigil.nix b/machines/vigil.nix index 421ebaa..78527fd 100644 --- a/machines/vigil.nix +++ b/machines/vigil.nix @@ -41,7 +41,7 @@ in { server = { enable = true; # secondary dns server (ns2) - primary = false; + primary = true; ip = ip_pub; }; }; From 5ca3265cc17bea668fb6c13f8a8b237d2dfbf2ca Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 18 Jun 2025 03:14:35 +0100 Subject: [PATCH 765/826] feat: fixed how sometimes updating servers mean that ye had to reset teh MAC address in Proxmox. This is done by letting each server manage its own network interface. --- applications/_base.nix | 24 ++++++++++++++++++++++++ machines/_base.nix | 6 +++++- machines/agentjones.nix | 14 +------------- machines/neuromancer.nix | 14 +------------- machines/skynet.nix | 2 ++ machines/vendetta.nix | 16 ++-------------- 6 files changed, 35 insertions(+), 41 deletions(-) diff --git a/applications/_base.nix b/applications/_base.nix index f96d7e4..c9f7f61 100644 --- a/applications/_base.nix +++ b/applications/_base.nix @@ -42,6 +42,16 @@ in { type = types.str; default = "${cfg.host.name}.skynet.ie"; }; + interface = mkOption { + type = types.str; + description = "Will most likely be ``eno1`` for physical servers."; + default = "eth0"; + }; + cidr = mkOption { + type = types.int; + description = "Most of our servers are /26, "; + default = 26; + }; }; }; @@ -60,6 +70,20 @@ in { } ]; + # set + networking = { + hostName = cfg.host.name; + defaultGateway.interface = lib.mkForce cfg.host.interface; + + # needs to have an address statically assigned + interfaces."${cfg.host.interface}".ipv4.addresses = [ + { + address = cfg.host.ip; + prefixLength = cfg.host.cidr; + } + ]; + }; + services.nginx = { virtualHosts = { # for every server unless explisitly defined redirect the ip to skynet.ie diff --git a/machines/_base.nix b/machines/_base.nix index 18da744..44dfadd 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -35,7 +35,11 @@ in { config = { # if its a lxc enable - proxmoxLXC.enable = cfg.lxc; + proxmoxLXC = { + enable = cfg.lxc; + manageNetwork = true; + manageHostName = true; + }; nix = { settings = { diff --git a/machines/agentjones.nix b/machines/agentjones.nix index 1fb3c4e..2c1ae09 100644 --- a/machines/agentjones.nix +++ b/machines/agentjones.nix @@ -21,6 +21,7 @@ Notes: Used to have Agent Smith as a partner but it died (Ironically) ip = ip_pub; name = name; hostname = hostname; + interface = "en01"; }; in { imports = [ @@ -44,19 +45,6 @@ in { # keep the wired usb connection alive (front panel) # networking.interfaces.enp0s29u1u5u2.useDHCP = true; - networking.hostName = name; - # this has to be defined for any physical servers - # vms are defined by teh vm host - networking = { - defaultGateway.interface = lib.mkForce "eno1"; - interfaces.eno1.ipv4.addresses = [ - { - address = ip_pub; - prefixLength = 26; - } - ]; - }; - # this server is teh firewall skynet_firewall = { # always good to know oneself diff --git a/machines/neuromancer.nix b/machines/neuromancer.nix index 6e2cbd9..7068310 100644 --- a/machines/neuromancer.nix +++ b/machines/neuromancer.nix @@ -22,25 +22,13 @@ Notes: ip = ip_pub; name = name; hostname = hostname; + interface = "en01"; }; in { imports = [ ./hardware/RM007.nix ]; - networking.hostName = name; - # this has to be defined for any physical servers - # vms are defined by teh vm host - networking = { - defaultGateway.interface = lib.mkForce "eno1"; - interfaces.eno1.ipv4.addresses = [ - { - address = ip_pub; - prefixLength = 26; - } - ]; - }; - deployment = { targetHost = hostname; targetPort = 22; diff --git a/machines/skynet.nix b/machines/skynet.nix index 720e9a3..546596e 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -23,6 +23,8 @@ Notes: Does not host offical sites ip = ip_pub; name = name; hostname = hostname; + interface = "eth1"; + cidr = 28; }; in { imports = [ diff --git a/machines/vendetta.nix b/machines/vendetta.nix index 7b89f84..faea1a5 100644 --- a/machines/vendetta.nix +++ b/machines/vendetta.nix @@ -22,14 +22,14 @@ Notes: Using the server that used to be called Earth ip = ip_pub; name = name; hostname = hostname; + # only required for physical servers + interface = "en01"; }; in { imports = [ ./hardware/RM002.nix ]; - networking.hostName = name; - deployment = { targetHost = ip_pub; targetPort = 22; @@ -38,18 +38,6 @@ in { tags = ["active-dns" "dns"]; }; - networking = { - # needs to have an address statically assigned - - defaultGateway.interface = lib.mkForce "eno1"; - interfaces.eno1.ipv4.addresses = [ - { - address = "193.1.99.120"; - prefixLength = 26; - } - ]; - }; - services.skynet = { host = host; backup.enable = true; From ffe77907c9e0a7c4ccd529eb469d7b0cb09a66f9 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Wed, 18 Jun 2025 03:05:58 +0000 Subject: [PATCH 766/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index b55bbe0..0274176 100644 --- a/flake.lock +++ b/flake.lock @@ -1061,11 +1061,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1750173717, - "narHash": "sha256-eyBR9LqrzTH6pSKJi3sgZC4ascjcmqBaaLUZUpTQ1BY=", + "lastModified": 1750215424, + "narHash": "sha256-vpvSJIa8q5NPup0dkG3GFtW6lgqasVZ1KOuKCno/Sj8=", "ref": "refs/heads/main", - "rev": "3a56d7bba5fa2ca562ab5288f8799339cdc947e3", - "revCount": 286, + "rev": "1dc5c105df7ba80643b596d3de025a28871aba2c", + "revCount": 287, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 5fd9e297b051d57ea88a519d61a1a21be06befc2 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 20 Jun 2025 11:17:16 +0100 Subject: [PATCH 767/826] fix: had used the wrong interface --- machines/agentjones.nix | 2 +- machines/neuromancer.nix | 2 +- machines/vendetta.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/machines/agentjones.nix b/machines/agentjones.nix index 2c1ae09..f661104 100644 --- a/machines/agentjones.nix +++ b/machines/agentjones.nix @@ -21,7 +21,7 @@ Notes: Used to have Agent Smith as a partner but it died (Ironically) ip = ip_pub; name = name; hostname = hostname; - interface = "en01"; + interface = "eno1"; }; in { imports = [ diff --git a/machines/neuromancer.nix b/machines/neuromancer.nix index 7068310..ed49d06 100644 --- a/machines/neuromancer.nix +++ b/machines/neuromancer.nix @@ -22,7 +22,7 @@ Notes: ip = ip_pub; name = name; hostname = hostname; - interface = "en01"; + interface = "eno1"; }; in { imports = [ diff --git a/machines/vendetta.nix b/machines/vendetta.nix index faea1a5..1113ab7 100644 --- a/machines/vendetta.nix +++ b/machines/vendetta.nix @@ -23,7 +23,7 @@ Notes: Using the server that used to be called Earth name = name; hostname = hostname; # only required for physical servers - interface = "en01"; + interface = "eno1"; }; in { imports = [ From af2613feaabeb2712d0894e16ef9098e93c7777d Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 20 Jun 2025 11:18:30 +0100 Subject: [PATCH 768/826] feat: create a password so michenes can eb physically logged into --- machines/_base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/_base.nix b/machines/_base.nix index 44dfadd..857e458 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -73,7 +73,7 @@ in { }; users.users.root = { - initialHashedPassword = ""; + initialHashedPassword = "$y$j9T$lf/Z1Db.lAXan2WN/YQEF.$ILMN5CK4eImzrioB04D.VgD7wrV2rwUjcTi..WE5ea6"; openssh.authorizedKeys.keys = [ # no obligation to have name attached to keys From fc1e1c5806c740497ab5ae9de8a7162e6d1a40a9 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 20 Jun 2025 11:19:13 +0100 Subject: [PATCH 769/826] Revert "temp: temp switch the dns servers since the recent changes left them unavailable" This reverts commit 4fc1071225184d9ca2e74a04a2a9d54674a1a4aa. --- machines/vendetta.nix | 2 +- machines/vigil.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/machines/vendetta.nix b/machines/vendetta.nix index 1113ab7..3244ba6 100644 --- a/machines/vendetta.nix +++ b/machines/vendetta.nix @@ -45,7 +45,7 @@ in { server = { enable = true; # primary dns server (ns1) - primary = false; + primary = true; ip = ip_pub; }; }; diff --git a/machines/vigil.nix b/machines/vigil.nix index 78527fd..421ebaa 100644 --- a/machines/vigil.nix +++ b/machines/vigil.nix @@ -41,7 +41,7 @@ in { server = { enable = true; # secondary dns server (ns2) - primary = true; + primary = false; ip = ip_pub; }; }; From 1823ae396f7c50095ab6c5ff690eb7ba89f7f8ee Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 20 Jun 2025 11:20:50 +0100 Subject: [PATCH 770/826] feat: more agressive recovery of storage --- machines/_base.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/machines/_base.nix b/machines/_base.nix index 857e458..36c087b 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -58,10 +58,10 @@ in { # options = "--delete-older-than 30d"; # }; - # to free up to 10GiB whenever there is less than 1GiB left + # to free up to 100GiB whenever there is less than 10GiB left extraOptions = '' - min-free = ${toString (1024 * 1024 * 1024)} - max-free = ${toString (1024 * 1024 * 1024 * 10)} + min-free = ${toString (1024 * 1024 * 1024 * 10)} + max-free = ${toString (1024 * 1024 * 1024 * 100)} ''; }; From d7e1e44f1be6dae31749a9d560293583376a9ed4 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Mon, 23 Jun 2025 23:22:09 +0000 Subject: [PATCH 771/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 0274176..a97a824 100644 --- a/flake.lock +++ b/flake.lock @@ -1061,11 +1061,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1750215424, - "narHash": "sha256-vpvSJIa8q5NPup0dkG3GFtW6lgqasVZ1KOuKCno/Sj8=", + "lastModified": 1750720601, + "narHash": "sha256-NDYXjqGEOXfge1kMd/4W5PdHz9HjZuAF2ssOsVYRmkM=", "ref": "refs/heads/main", - "rev": "1dc5c105df7ba80643b596d3de025a28871aba2c", - "revCount": 287, + "rev": "d27befdac6927c686d4bf96e05e6f677f477c79a", + "revCount": 289, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 017d383d0887bd9df98b1df5008cb7ee23f5fe31 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 24 Jun 2025 00:37:08 +0100 Subject: [PATCH 772/826] fix: recovering space was too agressive --- machines/_base.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/machines/_base.nix b/machines/_base.nix index 36c087b..555666e 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -58,9 +58,9 @@ in { # options = "--delete-older-than 30d"; # }; - # to free up to 100GiB whenever there is less than 10GiB left + # to free up to 100GiB whenever there is less than 1GiB left extraOptions = '' - min-free = ${toString (1024 * 1024 * 1024 * 10)} + min-free = ${toString (1024 * 1024 * 1024 * 1)} max-free = ${toString (1024 * 1024 * 1024 * 100)} ''; }; From 319522e4d37501bfd21537962361b54d674ee635 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 24 Jun 2025 01:24:52 +0100 Subject: [PATCH 773/826] feat: properly set a root user password for physical access --- machines/_base.nix | 30 ++++++++++++++++++------------ secrets/base/root_pass.age | Bin 0 -> 2849 bytes secrets/secrets.nix | 1 + 3 files changed, 19 insertions(+), 12 deletions(-) create mode 100644 secrets/base/root_pass.age diff --git a/machines/_base.nix b/machines/_base.nix index 555666e..84abb5c 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -41,6 +41,8 @@ in { manageHostName = true; }; + age.secrets.root_pw.file = ../secrets/base/root_pass.age; + nix = { settings = { # flakes are essensial @@ -72,23 +74,27 @@ in { settings.PermitRootLogin = "prohibit-password"; }; - users.users.root = { - initialHashedPassword = "$y$j9T$lf/Z1Db.lAXan2WN/YQEF.$ILMN5CK4eImzrioB04D.VgD7wrV2rwUjcTi..WE5ea6"; + users = { + mutableUsers = false; - openssh.authorizedKeys.keys = [ - # no obligation to have name attached to keys + users.root = { + hashedPasswordFile = config.age.secrets.root_pw.path; - # Root account - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin" + openssh.authorizedKeys.keys = [ + # no obligation to have name attached to keys - # CI/CD key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDvexq/JjsMqL0G5P38klzoOkHs3IRyXYO1luEJuB5R colmena_key" + # Root account + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin" - # Brendan Golden - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHNLroAjCVR9Tx382cqdxPZ5KY32r/yoQH1mgsYNqpm Silver_Laptop_WSL_Deb" + # CI/CD key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDvexq/JjsMqL0G5P38klzoOkHs3IRyXYO1luEJuB5R colmena_key" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer" - ]; + # Brendan Golden + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHNLroAjCVR9Tx382cqdxPZ5KY32r/yoQH1mgsYNqpm Silver_Laptop_WSL_Deb" + + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer" + ]; + }; }; # skynet-admin-linux will always be added, individual servers can override the groups option diff --git a/secrets/base/root_pass.age b/secrets/base/root_pass.age new file mode 100644 index 0000000000000000000000000000000000000000..2313336437c6050b924be3bcd8aa192dcf6d1356 GIT binary patch literal 2849 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5zJmF45Nx z$g0Rl(YJ64F)B+p$Dv(P!q(j(a{us9_rwW2sG+?C5Yz$@50F)%TpB-}VP!_m(qKhdq& z&!xD)(KXrM%rPLUJSxo7%P_^%q#WJ06i0)ypmYT@Uzf^EH?#cgv`Xhh%Pj5Ug7Rda zAj`1u$h4v&=QQVZm(o(p3YQR{j6g1f^yJDw{luWqL?746!Yu7FlM1I`ZBGL?mm~u- zFV8H??25pOqKqW{s7Q3%O#Mv)%n7v_o>TQ!P^5OhSqx!V9yEDnd*0Oe2C* zT(Tqb^*xG0Gs=o8D+0O9++6kZ!z(@Y1H!en158~D5(`7K3f*&3viyAuT=Eh_J*omK zgM19bEz{9$E3`=UN>5j?@XAXu2+(&ki%O0PHYzd>PBTc!EHU&?a`JOBad)gJ3(5*| zOwP&9a`xm3EH@0u%BV`oNOX5J^ouab4N5ULs4y@!_fBWy>3JWf`l;mPx?Gj6G zGxL0-iu^FAyzH!`$gGT{tP=Br;>b$hs#F87iU33JP*-%n>ANSHrUxpd<`%dmre+wp zriY~#1V-glWfb}vYnK^0m6{tTg+`cFhB>=dhKE_YRQPh0C0pnlyO8JnQn=2w#Ar|+oXW~y!CUG7zwn-@@O>gOEl zk#AuZWR{oZ;U1Y7m=l=f7Z#P~8xd-mSXIvD9%$y_?vYnm<(->k>Fs7*5@KFeX6BUT z?(Sh;lw*{Y9}wQrpM~MKGNVWXOGky!QZpYTzksO9G#97P%FIH?^b{}W(v;+K z*JK}K=TNucs`S7@XYJxdk5I0ZAUETbv^;Ik)PSn2qB6I%WGC}Tm(*y>5nSYGR<4j2ndBE9>KSG1my~E?>RKLJk>XpF9${h_RZyPlo}5wY zl2H{FSe{#&mCfasVHxQe?CYH68t4|4TI}!boS$19kQEwWVd|XZWa5~Wl4TfPo>=8+ zgi)6GW_b8UIw}~1l%)Flm8KaNI{8MVBxMA->H9@gxt0Z1_x_c!CrKaTSCmEKPW#<)J`dJuQn7L+0nMGAaxi}j+xffQXI-I{Sfy{Kvqec>c3NO*g)f(rvtzEI zYjIwAMTKE;WwBXuphbjZVQE%nQIKb1nWL+bvy)?`vqg5Xc{aLjrBPK*#_0;#j(%og zmPw&$i5__troOJJuH|m|M%e)=!9D?nm0p$}u4zFo7L`#Ud68Uckp|vDmKl+`Zute_ zkwGr{{;6r%S;2vZ;bGw^f$3$2NzU$mX0C-k!5I0?xzInvJy0Rfu+Xm{z&kvt#MHwh z$HF4X)z88(vp~Dd!Xi93(8Dy#)!4+S%GWR=%#|xIH`qDNu*@l|$fPJTr6k$U+&L&H z%A?4{Im$Ftzs#_tz}vkjJUqIx1w9XPQP-6^3L~m>ZQBM}`M^nIu{G zWSW+h7>7Am6}c6c7da)Hct)jGWOId=1bY;OnWR=GrRA9BC;Ap;RvEeGL>YuRnVFfp zIl32nR1_rZms#ZHB%_CVMvmGPHB-vxl4FxaYdy`Vs1v5fvK^6c(#R4 zNp6~FL@2s##sxY0-sK7zdBGlu9{$A{MtOl*d11cA#f4?gA%@8nIf)r25$4(fp{1TC zAz5yrq1jyihS|;$-l^us`XPoz<%xwkWo3DOMFHAD5eCU6fi5M9?%Jh60VRGpnHZ@g zxX{HZ*HOWsC?`8PBGEs;ywo!>I5fZ`B_hk%I6ctFQ9I37zbeDqTfaQX$Tu+2EuE{} zKO{LgDl4bbq|_|S$S)&ByUfVAFfz!?x2nX^$H&CPEy~-!z{@qs2qSlgx|*dW2Py;^ zWEMx3WmjZI8Alm9Rhs4{yBQZ*1|?OQCZ|~>78ZI|6{MG&RAib*q;usu`-cQM8d#Vc zSXP;u8e|v+2bCLnrn_c(n+FEESUUMS2c`!WR0d}GV5E{rx5NtPbcKNAfDkiRKg(>> z@J#Je4~we6;QTCKgJjoC|Iom2;{xsc+@Pwe3e$*?WUj!Rh}^I|3&Wrilbk?{P_Kf} z(gHV=0`D@f%Jjk{$J|86vd~adqtJ3=jF3#tadu5jSBOkWi6}^Q3i1zeaWTs-2sUyK zHVh2)570MH*A6Zz&nk=x4KXwI^UBK2=F&I!swgTmHq5s4Do+ebbqk5ouS~Bf$uY2W zO0Vz^%nWu(%nUOtv+(!E@S8$npZ@gU#fd@cxrNvPoT4zUrK7WSyDt^ zMn$QwuZebOZctQ`Q&wOkS3s(>qib=Zxs$PbdP$^zs$aO1OHM$NhjxxnmA7SfmWz=^ zuu*W9Q$(^adYbes@Nw}kSMYKVcdRNYDs?k+EY%MzaI?rYO!SP%F(@o5h$yuvGIUEb za>)+Xc1?2fQI~+Zpsuu9p8fLwwJit&a^3ad|WU<15Q}#4TSr)7@uZWv*i7p|=axgsoJ) z`cOuvJ=1fkdtsu-oWIkaZ~0o}e`=B9^`l>PBA>_9xb(f1>f93PU)sN9OPq$;jXKuP sOHK*dB`&+`u=j*$Vd#_3A#ygC3^I!S14EW8uMIvm{rBd&qEi_g0iCI%&;S4c literal 0 HcmV?d00001 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index db5670f..5321af2 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -105,6 +105,7 @@ let ]; in { # nix run github:ryantm/agenix -- -e secret1.age + "base/root_pass.age".publicKeys = users ++ systems; "dns_certs.secret.age".publicKeys = users ++ systems; "dns_dnskeys.conf.age".publicKeys = users ++ dns; From 4061e143f0e52400bf1cb84dfa522e7045e63035 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Sun, 29 Jun 2025 22:17:15 +0000 Subject: [PATCH 774/826] Updated flake for skynet_ldap_backend --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index a97a824..75e9573 100644 --- a/flake.lock +++ b/flake.lock @@ -1082,11 +1082,11 @@ "utils": "utils_4" }, "locked": { - "lastModified": 1745459480, - "narHash": "sha256-ER4nCZQrbTmeRE+P+xm1T9GjBf4YvgeTMrOMGandmkE=", + "lastModified": 1751234352, + "narHash": "sha256-OeNGbd3kn2jjJq9nbNcLq7wquc8leOyWkahuWopKnv4=", "ref": "refs/heads/main", - "rev": "b714571b85bcd80600c743d3da4c840ff83adb86", - "revCount": 247, + "rev": "1dae2ecb2623d55c88a237d55198efd51e0fd8fe", + "revCount": 249, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/ldap_backend" }, From 4b3cf6c22e84076e90a16934bbf463cb1baf23e6 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 1 Jul 2025 17:01:34 +0100 Subject: [PATCH 775/826] [skip ci] feat: added teh logging bot --- applications/discord_t-800.nix | 32 ++++ flake.lock | 292 +++++++++++++++++++++++---------- flake.nix | 1 + machines/kitt.nix | 4 + secrets/discord/t-800.age | Bin 0 -> 1538 bytes secrets/secrets.nix | 1 + 6 files changed, 244 insertions(+), 86 deletions(-) create mode 100644 applications/discord_t-800.nix create mode 100644 secrets/discord/t-800.age diff --git a/applications/discord_t-800.nix b/applications/discord_t-800.nix new file mode 100644 index 0000000..cad630a --- /dev/null +++ b/applications/discord_t-800.nix @@ -0,0 +1,32 @@ +{ + config, + pkgs, + lib, + inputs, + ... +}: +with lib; let + name = "discord_bot_t-800"; + cfg = config.services.skynet."${name}"; +in { + imports = [ + inputs.skynet_discord_bot_t-800.nixosModule."x86_64-linux" + ]; + + options.services.skynet."${name}" = { + enable = mkEnableOption "Logging Bot"; + }; + + config = mkIf cfg.enable { + #backups = [ "/etc/silver_ul_ical/database.db" ]; + + age.secrets.discord_t-800_details.file = ../secrets/discord/t-800.age; + + # this is what was imported + services.skynet_discord_bot_t-800 = { + enable = true; + + env = config.age.secrets.discord_t-800_details.path; + }; + }; +} diff --git a/flake.lock b/flake.lock index 75e9573..f719ece 100644 --- a/flake.lock +++ b/flake.lock @@ -47,7 +47,7 @@ "inputs": { "fenix": "fenix_2", "flakeCompat": "flakeCompat_2", - "nixpkgs": "nixpkgs_23" + "nixpkgs": "nixpkgs_25" }, "locked": { "lastModified": 1719514321, @@ -537,6 +537,24 @@ "inputs": { "nixpkgs": "nixpkgs_11" }, + "locked": { + "lastModified": 1745925850, + "narHash": "sha256-cyAAMal0aPrlb1NgzMxZqeN1mAJ2pJseDhm2m6Um8T0=", + "owner": "nix-community", + "repo": "naersk", + "rev": "38bc60bbc157ae266d4a0c96671c6c742ee17a5f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "naersk", + "type": "github" + } + }, + "naersk_4": { + "inputs": { + "nixpkgs": "nixpkgs_13" + }, "locked": { "lastModified": 1739824009, "narHash": "sha256-fcNrCMUWVLMG3gKC5M9CBqVOAnJtyRvGPxptQFl5mVg=", @@ -621,6 +639,22 @@ } }, "nixpkgs-mozilla_2": { + "flake": false, + "locked": { + "lastModified": 1744624473, + "narHash": "sha256-S6zT/w5SyAkJ//dYdjbrXgm+6Vkd/k7qqUl4WgZ6jjk=", + "owner": "mozilla", + "repo": "nixpkgs-mozilla", + "rev": "2292d4b35aa854e312ad2e95c4bb5c293656f21a", + "type": "github" + }, + "original": { + "owner": "mozilla", + "repo": "nixpkgs-mozilla", + "type": "github" + } + }, + "nixpkgs-mozilla_3": { "flake": false, "locked": { "lastModified": 1740762144, @@ -652,6 +686,37 @@ } }, "nixpkgs_11": { + "locked": { + "lastModified": 1750731501, + "narHash": "sha256-Ah4qq+SbwMaGkuXCibyg+Fwn00el4KmI3XFX6htfDuk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "69dfebb3d175bde602f612915c5576a41b18486b", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_12": { + "locked": { + "lastModified": 1750506804, + "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4206c4cb56751df534751b058295ea61357bbbaa", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, + "nixpkgs_13": { "locked": { "lastModified": 1741462378, "narHash": "sha256-ZF3YOjq+vTcH51S+qWa1oGA9FgmdJ67nTNPG2OIlXDc=", @@ -665,7 +730,7 @@ "type": "indirect" } }, - "nixpkgs_12": { + "nixpkgs_14": { "locked": { "lastModified": 1741513245, "narHash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=", @@ -680,7 +745,7 @@ "type": "indirect" } }, - "nixpkgs_13": { + "nixpkgs_15": { "locked": { "lastModified": 1687274257, "narHash": "sha256-TutzPriQcZ8FghDhEolnHcYU2oHIG5XWF+/SUBNnAOE=", @@ -694,7 +759,7 @@ "type": "indirect" } }, - "nixpkgs_14": { + "nixpkgs_16": { "locked": { "lastModified": 1724114134, "narHash": "sha256-V/w5MIQy4jTG/L7/V/AL2BF5gSEWCfxHVDQdzLBCV18=", @@ -708,34 +773,6 @@ "type": "indirect" } }, - "nixpkgs_15": { - "locked": { - "lastModified": 1741037377, - "narHash": "sha256-SvtvVKHaUX4Owb+PasySwZsoc5VUeTf1px34BByiOxw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "02032da4af073d0f6110540c8677f16d4be0117f", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_16": { - "locked": { - "lastModified": 1741037377, - "narHash": "sha256-SvtvVKHaUX4Owb+PasySwZsoc5VUeTf1px34BByiOxw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "02032da4af073d0f6110540c8677f16d4be0117f", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, "nixpkgs_17": { "locked": { "lastModified": 1741037377, @@ -752,11 +789,11 @@ }, "nixpkgs_18": { "locked": { - "lastModified": 1690026219, - "narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=", + "lastModified": 1741037377, + "narHash": "sha256-SvtvVKHaUX4Owb+PasySwZsoc5VUeTf1px34BByiOxw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f465da166263bc0d4b39dfd4ca28b777c92d4b73", + "rev": "02032da4af073d0f6110540c8677f16d4be0117f", "type": "github" }, "original": { @@ -766,11 +803,11 @@ }, "nixpkgs_19": { "locked": { - "lastModified": 1724114134, - "narHash": "sha256-V/w5MIQy4jTG/L7/V/AL2BF5gSEWCfxHVDQdzLBCV18=", + "lastModified": 1741037377, + "narHash": "sha256-SvtvVKHaUX4Owb+PasySwZsoc5VUeTf1px34BByiOxw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f02fa2f654c7bcc45f0e815c29d093da7f1245b4", + "rev": "02032da4af073d0f6110540c8677f16d4be0117f", "type": "github" }, "original": { @@ -796,11 +833,11 @@ }, "nixpkgs_20": { "locked": { - "lastModified": 1689935543, - "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", + "lastModified": 1690026219, + "narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e43e2448161c0a2c4928abec4e16eae1516571bc", + "rev": "f465da166263bc0d4b39dfd4ca28b777c92d4b73", "type": "github" }, "original": { @@ -823,6 +860,34 @@ } }, "nixpkgs_22": { + "locked": { + "lastModified": 1689935543, + "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e43e2448161c0a2c4928abec4e16eae1516571bc", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_23": { + "locked": { + "lastModified": 1724114134, + "narHash": "sha256-V/w5MIQy4jTG/L7/V/AL2BF5gSEWCfxHVDQdzLBCV18=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f02fa2f654c7bcc45f0e815c29d093da7f1245b4", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_24": { "locked": { "lastModified": 1695978539, "narHash": "sha256-lta5HToBZMWZ2hl5CautNSUgIZViR41QxN7JKbMAjgQ=", @@ -836,7 +901,7 @@ "type": "indirect" } }, - "nixpkgs_23": { + "nixpkgs_25": { "locked": { "lastModified": 1668226844, "narHash": "sha256-G/S4FBWDAqHeBS/hfXwUCJbnaKnrQFoeeKwzvZEOgxM=", @@ -852,7 +917,7 @@ "type": "github" } }, - "nixpkgs_24": { + "nixpkgs_26": { "locked": { "lastModified": 1724395761, "narHash": "sha256-zRkDV/nbrnp3Y8oCADf5ETl1sDrdmAW6/bBVJ8EbIdQ=", @@ -981,6 +1046,7 @@ "nixpkgs": "nixpkgs_8", "simple-nixos-mailserver": "simple-nixos-mailserver", "skynet_discord_bot": "skynet_discord_bot", + "skynet_discord_bot_t-800": "skynet_discord_bot_t-800", "skynet_ldap_backend": "skynet_ldap_backend", "skynet_ldap_frontend": "skynet_ldap_frontend", "skynet_website": "skynet_website", @@ -1074,13 +1140,34 @@ "url": "https://forgejo.skynet.ie/Skynet/discord-bot" } }, - "skynet_ldap_backend": { + "skynet_discord_bot_t-800": { "inputs": { "naersk": "naersk_3", "nixpkgs": "nixpkgs_12", "nixpkgs-mozilla": "nixpkgs-mozilla_2", "utils": "utils_4" }, + "locked": { + "lastModified": 1751383566, + "narHash": "sha256-MchpwkTBUlpa8Spj8UJbvPPW1TOaAtffsraQQSJ4a58=", + "ref": "refs/heads/main", + "rev": "4fe416b9e7280d02e6ecc4b5e77c95b8d218f419", + "revCount": 23, + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/discord-bot-t-800" + }, + "original": { + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/discord-bot-t-800" + } + }, + "skynet_ldap_backend": { + "inputs": { + "naersk": "naersk_4", + "nixpkgs": "nixpkgs_14", + "nixpkgs-mozilla": "nixpkgs-mozilla_3", + "utils": "utils_5" + }, "locked": { "lastModified": 1751234352, "narHash": "sha256-OeNGbd3kn2jjJq9nbNcLq7wquc8leOyWkahuWopKnv4=", @@ -1097,8 +1184,8 @@ }, "skynet_ldap_frontend": { "inputs": { - "nixpkgs": "nixpkgs_13", - "utils": "utils_5" + "nixpkgs": "nixpkgs_15", + "utils": "utils_6" }, "locked": { "lastModified": 1727122070, @@ -1116,8 +1203,8 @@ }, "skynet_website": { "inputs": { - "nixpkgs": "nixpkgs_14", - "utils": "utils_6" + "nixpkgs": "nixpkgs_16", + "utils": "utils_7" }, "locked": { "lastModified": 1732375016, @@ -1135,8 +1222,8 @@ }, "skynet_website_1996": { "inputs": { - "nixpkgs": "nixpkgs_15", - "utils": "utils_7" + "nixpkgs": "nixpkgs_17", + "utils": "utils_8" }, "locked": { "lastModified": 1744118392, @@ -1154,8 +1241,8 @@ }, "skynet_website_2003": { "inputs": { - "nixpkgs": "nixpkgs_16", - "utils": "utils_8" + "nixpkgs": "nixpkgs_18", + "utils": "utils_9" }, "locked": { "lastModified": 1743721206, @@ -1173,8 +1260,8 @@ }, "skynet_website_2006": { "inputs": { - "nixpkgs": "nixpkgs_17", - "utils": "utils_9" + "nixpkgs": "nixpkgs_19", + "utils": "utils_10" }, "locked": { "lastModified": 1743715699, @@ -1192,8 +1279,8 @@ }, "skynet_website_2016": { "inputs": { - "nixpkgs": "nixpkgs_18", - "utils": "utils_10" + "nixpkgs": "nixpkgs_20", + "utils": "utils_11" }, "locked": { "lastModified": 1743722645, @@ -1211,8 +1298,8 @@ }, "skynet_website_2022": { "inputs": { - "nixpkgs": "nixpkgs_19", - "utils": "utils_11" + "nixpkgs": "nixpkgs_21", + "utils": "utils_12" }, "locked": { "lastModified": 1743727062, @@ -1232,8 +1319,8 @@ }, "skynet_website_2023": { "inputs": { - "nixpkgs": "nixpkgs_20", - "utils": "utils_12" + "nixpkgs": "nixpkgs_22", + "utils": "utils_13" }, "locked": { "lastModified": 1696876711, @@ -1253,8 +1340,8 @@ }, "skynet_website_2024": { "inputs": { - "nixpkgs": "nixpkgs_21", - "utils": "utils_13" + "nixpkgs": "nixpkgs_23", + "utils": "utils_14" }, "locked": { "lastModified": 1732375016, @@ -1274,8 +1361,8 @@ }, "skynet_website_games": { "inputs": { - "nixpkgs": "nixpkgs_22", - "utils": "utils_14" + "nixpkgs": "nixpkgs_24", + "utils": "utils_15" }, "locked": { "lastModified": 1727122069, @@ -1294,8 +1381,8 @@ "skynet_website_wiki": { "inputs": { "alejandra": "alejandra_2", - "nixpkgs": "nixpkgs_24", - "utils": "utils_15" + "nixpkgs": "nixpkgs_26", + "utils": "utils_16" }, "locked": { "lastModified": 1745466454, @@ -1477,6 +1564,21 @@ "type": "github" } }, + "systems_19": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -1620,11 +1722,11 @@ "systems": "systems_13" }, "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -1637,6 +1739,24 @@ "inputs": { "systems": "systems_14" }, + "locked": { + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_12": { + "inputs": { + "systems": "systems_15" + }, "locked": { "lastModified": 1710146030, "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", @@ -1651,9 +1771,9 @@ "type": "github" } }, - "utils_12": { + "utils_13": { "inputs": { - "systems": "systems_15" + "systems": "systems_16" }, "locked": { "lastModified": 1689068808, @@ -1669,9 +1789,9 @@ "type": "github" } }, - "utils_13": { + "utils_14": { "inputs": { - "systems": "systems_16" + "systems": "systems_17" }, "locked": { "lastModified": 1710146030, @@ -1687,9 +1807,9 @@ "type": "github" } }, - "utils_14": { + "utils_15": { "inputs": { - "systems": "systems_17" + "systems": "systems_18" }, "locked": { "lastModified": 1694529238, @@ -1705,9 +1825,9 @@ "type": "github" } }, - "utils_15": { + "utils_16": { "inputs": { - "systems": "systems_18" + "systems": "systems_19" }, "locked": { "lastModified": 1710146030, @@ -1782,11 +1902,11 @@ "systems": "systems_8" }, "locked": { - "lastModified": 1687171271, - "narHash": "sha256-BJlq+ozK2B1sJDQXS3tzJM5a+oVZmi1q0FlBK/Xqv7M=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "abfb11bd1aec8ced1c9bb9adfe68018230f4fb3c", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -1800,11 +1920,11 @@ "systems": "systems_9" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1687171271, + "narHash": "sha256-BJlq+ozK2B1sJDQXS3tzJM5a+oVZmi1q0FlBK/Xqv7M=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "abfb11bd1aec8ced1c9bb9adfe68018230f4fb3c", "type": "github" }, "original": { @@ -1818,11 +1938,11 @@ "systems": "systems_10" }, "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 034dd7b..f63e7c8 100644 --- a/flake.nix +++ b/flake.nix @@ -37,6 +37,7 @@ skynet_website_wiki.url = "git+https://forgejo.skynet.ie/Skynet/wiki"; skynet_website_games.url = "git+https://forgejo.skynet.ie/Skynet/website_games"; skynet_discord_bot.url = "git+https://forgejo.skynet.ie/Skynet/discord-bot"; + skynet_discord_bot_t-800.url = "git+https://forgejo.skynet.ie/Skynet/discord-bot-t-800"; # for testing a local build # skynet_discord_bot.url = "git+file:/_college/CompSoc/Skynet/discord_bot?shallow=1"; diff --git a/machines/kitt.nix b/machines/kitt.nix index 93298ac..35600c8 100644 --- a/machines/kitt.nix +++ b/machines/kitt.nix @@ -29,6 +29,7 @@ in { ../applications/ldap/server.nix ../applications/ldap/backend.nix ../applications/discord.nix + ../applications/discord_t-800.nix ../applications/bitwarden/vaultwarden.nix ../applications/bitwarden/bitwarden_sync.nix ../applications/sso.nix @@ -53,6 +54,9 @@ in { # private member services discord_bot.enable = true; + # for logging on our own discord + discord_bot_t-800.enable = true; + # committee/admin services vaultwarden.enable = true; diff --git a/secrets/discord/t-800.age b/secrets/discord/t-800.age new file mode 100644 index 0000000000000000000000000000000000000000..496116149eda9783e6a21436482a21f0255f16fa GIT binary patch literal 1538 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5w{*E76Zk zvk34?H#Lq-%g!;)^7HVEGB-|7^YchI4k``wGBXeGHHdU}i{#4ijBxVtO3XAWEl+eQ zj;N{(PjxcN2(>iMOe`sMGO!HK@D8X*FZ3ub$VRu#B%mrPKV88~-$}dD*uv5;CoIw+ zG~3s=BG)oG#XL9CGB7eszfixVu-w!qz}Y>^!-Ol})ga5zH!#xF!dc%d%+f2O&@I!r z#K<(jC^E+>)Y-y3HPI|8sJJN2+ZElm6i0)ypmc=-mkfVr%is`?6w81jL%$$5H}^a* z*Ie(yBuDr1GLK?oqX74CpWM=*N>?t6iolA%LlRvx(+cvkoD4k-vcjBGGLmz$&2kb$wX=$} zLwzgCoy{vsd`$DRjgq;-D)YRuEu38a@*~X6T@y=<%iaC;1N}U`UCc{7U0n>y-Q9Bx zTtXcS3i8oyE3`=UN>5iX3UCgp2+Z;hbj!&!_A?5}%y%lNbj*$Nj&e`(F^LE?bPX}{ zN%AvJHn8BTDl$&>$_w%|j_@xHj54&0GBF6uO)CjCaVn20O!m^YEb??qG7BrwFEBv2 z%{#2fqNrTKG{U_&-y+f5(%;y^FVWpN$~nq3CELp=$}7bnF(o&-)U=?|yU5McBO;J1 z-`vu#wA|Fv$;;5oGSb5%$D%5@szN)eIMge|**_`YBGNh7!Z9;^Q?08Ep$|f@^UjPFZ1-Q z^iDT)3U)3?EYI~1^foOhN~ww{_6V;s_4IPFG))S0aSG)sGOh}U406%VH4Ci>EzK=S zD-E*DHcCs&G&gcG^h-?1)=$bUbqV#()i37K)zwwV^a#{X$;)v|@-+1^FVFJJj0#IK zs4_JQ3NzNP$g8RhGP3k4_wg??Eez%Ak*M^H-r5uy(9mM>)$_dDdPbAbeXKikrq=)V z?zdps6L8vd(V}k?j5{(VwLfdG6>xh|rg+B6{K?zT3SV^ zYmd}Fjh)rIR9>g&xbWY-#MUF_u}$*L(SK*&GrbSvyZVJ;`}4cb|6jGohTr84lk+VX zv#vPvWscgtqd`2Hf}exymWO@b@pSWD4zHY3X0Jp`-szY(`p@6FQ^#^H?`dwU$yyOg zQF|tT;_XlCVmNny-QuglKR;=x9Xhh)cJ#VsKfSektBjsJG2{FrDSgXYb^GGTlqHR& z5&MhEyVmv}PiA$n{J-!8ho_iIP4}tWAI-COEHwX?cFbP!dK90Szs%{2e?Keuul~_- z@8Ge7!~{FOXU{StidG5D+ Date: Tue, 1 Jul 2025 16:21:18 +0000 Subject: [PATCH 776/826] Updated flake for skynet_discord_bot_t-800 --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index f719ece..61cc024 100644 --- a/flake.lock +++ b/flake.lock @@ -1148,11 +1148,11 @@ "utils": "utils_4" }, "locked": { - "lastModified": 1751383566, - "narHash": "sha256-MchpwkTBUlpa8Spj8UJbvPPW1TOaAtffsraQQSJ4a58=", + "lastModified": 1751386095, + "narHash": "sha256-LKo+rvR6/rXJwDQJXU+McooE+8PQF8F5ARAYplLG3oM=", "ref": "refs/heads/main", - "rev": "4fe416b9e7280d02e6ecc4b5e77c95b8d218f419", - "revCount": 23, + "rev": "9d26d8f159ca391380f672fba29f9c90151e1793", + "revCount": 25, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot-t-800" }, From 6ae308007f4a337803629d496f1017e66e10c8cf Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Tue, 1 Jul 2025 16:25:54 +0000 Subject: [PATCH 777/826] Updated flake for skynet_discord_bot_t-800 --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 61cc024..3a63ce8 100644 --- a/flake.lock +++ b/flake.lock @@ -1148,11 +1148,11 @@ "utils": "utils_4" }, "locked": { - "lastModified": 1751386095, - "narHash": "sha256-LKo+rvR6/rXJwDQJXU+McooE+8PQF8F5ARAYplLG3oM=", + "lastModified": 1751386942, + "narHash": "sha256-3byZajmYDFvOOHlp/QQwu8cCXdpJ9WEWAm92Nlnm+rM=", "ref": "refs/heads/main", - "rev": "9d26d8f159ca391380f672fba29f9c90151e1793", - "revCount": 25, + "rev": "6171e1d2e1b04a1b632c577f94df581780b1d574", + "revCount": 26, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot-t-800" }, From 3085a3a5a40a0290106fa669603fb0c47e004b2a Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Tue, 1 Jul 2025 19:16:49 +0000 Subject: [PATCH 778/826] Updated flake for skynet_discord_bot_t-800 --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 3a63ce8..fe97196 100644 --- a/flake.lock +++ b/flake.lock @@ -1148,11 +1148,11 @@ "utils": "utils_4" }, "locked": { - "lastModified": 1751386942, - "narHash": "sha256-3byZajmYDFvOOHlp/QQwu8cCXdpJ9WEWAm92Nlnm+rM=", + "lastModified": 1751397287, + "narHash": "sha256-9G1T1nJS6itGsUhZxr8e1KDIx1naTSO916QN0HyCwRw=", "ref": "refs/heads/main", - "rev": "6171e1d2e1b04a1b632c577f94df581780b1d574", - "revCount": 26, + "rev": "b26a7c23678fb7ad922e4b7f28330182d0e6844b", + "revCount": 27, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot-t-800" }, From 8a8a1a3c7f22b1559b948baa1b733393862273d9 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 3 Jul 2025 14:35:37 +0100 Subject: [PATCH 779/826] feat: updated nixpkgs and lix --- flake.lock | 26 +++++++++++++------------- flake.nix | 2 +- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/flake.lock b/flake.lock index fe97196..6ebf952 100644 --- a/flake.lock +++ b/flake.lock @@ -467,15 +467,15 @@ "lix": { "flake": false, "locked": { - "lastModified": 1746827285, - "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=", - "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a", + "lastModified": 1751235704, + "narHash": "sha256-Jzm3KPZ2gL+0Nl3Mw/2E0B3vqDDi1Xt5+9VCXghUDZ8=", + "rev": "f3a7bbe5f8d1a8504ddb6362d50106904523e440", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?rev=47aad376c87e2e65967f17099277428e4b3f8e5a" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/f3a7bbe5f8d1a8504ddb6362d50106904523e440.tar.gz?rev=f3a7bbe5f8d1a8504ddb6362d50106904523e440" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/release-2.93.tar.gz" } }, "lix-module": { @@ -486,15 +486,15 @@ "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1746838955, - "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=", - "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc", + "lastModified": 1751240025, + "narHash": "sha256-SXUAlxpjPRkArRMHy5+Hdi+PiC+ND9yzzIjiaHmTvQU=", + "rev": "8b1094356f4723d6e89d3f8a95b333ee16d9ab02", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz?rev=cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/8b1094356f4723d6e89d3f8a95b333ee16d9ab02.tar.gz?rev=8b1094356f4723d6e89d3f8a95b333ee16d9ab02" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.2-1.tar.gz" } }, "naersk": { @@ -1007,11 +1007,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1749794982, - "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=", + "lastModified": 1751271578, + "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81", + "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index f63e7c8..3ff66a7 100644 --- a/flake.nix +++ b/flake.nix @@ -8,7 +8,7 @@ # nixpkgs.url = "nixpkgs/nixos-unstable"; lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.2-1.tar.gz"; # inputs.nixpkgs.follows = "nixpkgs"; }; From a2000ec6da816e3d889f22ead7c5d717d10b9447 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 3 Jul 2025 14:40:36 +0100 Subject: [PATCH 780/826] fix: force using our nameservers --- machines/_base.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/machines/_base.nix b/machines/_base.nix index 84abb5c..dafb0fc 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -104,6 +104,8 @@ in { # every sever needs to be accessable over ssh for admin use at least firewall.allowedTCPPorts = [22]; + resolvconf.useLocalResolver = false; + resolvconf.extraConfig = "name_servers='193.1.99.120 193.1.99.109'"; # explisitly stating this is good defaultGateway = { address = "193.1.99.65"; From 183fc70d03699068fddaad74cc7acaf2ab7d2fe9 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Sat, 5 Jul 2025 14:37:35 +0000 Subject: [PATCH 781/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 6ebf952..a177edb 100644 --- a/flake.lock +++ b/flake.lock @@ -1127,11 +1127,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1750720601, - "narHash": "sha256-NDYXjqGEOXfge1kMd/4W5PdHz9HjZuAF2ssOsVYRmkM=", + "lastModified": 1751725913, + "narHash": "sha256-7/hUVgjLRZH2ZcFErIb4GuUGKGknKm4605hiOhJRRaI=", "ref": "refs/heads/main", - "rev": "d27befdac6927c686d4bf96e05e6f677f477c79a", - "revCount": 289, + "rev": "c4da3e91096741dc827f3a5ac3c184160b8f1e8c", + "revCount": 290, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 96a7af86cbfa16d5a418a2b6dff0fa373181ce6a Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 6 Jul 2025 21:45:09 +0100 Subject: [PATCH 782/826] feat: add esy to the admin list --- machines/_base.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/machines/_base.nix b/machines/_base.nix index dafb0fc..d824939 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -93,6 +93,8 @@ in { "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHNLroAjCVR9Tx382cqdxPZ5KY32r/yoQH1mgsYNqpm Silver_Laptop_WSL_Deb" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer" + + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDxHpsApRyCvuP2ToGm46G308Og8lO7BYPuz+EqHVU5w esy root" ]; }; }; From 17d69245a54f4dc5853374ee64804a16039d6f9c Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 6 Jul 2025 21:52:29 +0100 Subject: [PATCH 783/826] [skip ci] test: added esy's root key to test if it works --- secrets/backup/restic.age | Bin 2870 -> 2980 bytes secrets/backup/restic_pw.age | 39 ++++++++++---------- secrets/base/root_pass.age | Bin 2849 -> 2959 bytes secrets/bitwarden/details.age | Bin 1155 -> 1265 bytes secrets/bitwarden/id.age | 38 ++++++++++---------- secrets/bitwarden/secret.age | Bin 1012 -> 1122 bytes secrets/discord/t-800.age | Bin 1538 -> 1648 bytes secrets/discord/token.age | Bin 1204 -> 1314 bytes secrets/dns_certs.secret.age | Bin 2924 -> 3034 bytes secrets/dns_dnskeys.conf.age | Bin 1204 -> 1314 bytes secrets/email/details.age | 53 +++++++++++++++------------- secrets/forgejo/runners/ssh.age | Bin 1491 -> 1601 bytes secrets/forgejo/runners/token1.age | 43 +++++++++++----------- secrets/forgejo/runners/token2.age | 42 +++++++++++----------- secrets/gitlab/db_pw.age | Bin 1111 -> 1221 bytes secrets/gitlab/ldap_pw.age | 40 +++++++++++---------- secrets/gitlab/pw.age | Bin 1111 -> 1221 bytes secrets/gitlab/runners/runner01.age | Bin 1175 -> 1285 bytes secrets/gitlab/runners/runner02.age | Bin 1175 -> 1285 bytes secrets/gitlab/secrets_db.age | Bin 1111 -> 1221 bytes secrets/gitlab/secrets_jws.age | Bin 2660 -> 2770 bytes secrets/gitlab/secrets_otp.age | Bin 1110 -> 1220 bytes secrets/gitlab/secrets_secret.age | Bin 1110 -> 1220 bytes secrets/grafana/pw.age | 38 ++++++++++---------- secrets/keycloak/pw.age | Bin 1024 -> 1134 bytes secrets/ldap/details.age | Bin 1637 -> 1747 bytes secrets/ldap/pw.age | 52 +++++++++++++-------------- secrets/nextcloud/pw.age | Bin 1024 -> 1134 bytes secrets/secrets.nix | 2 ++ secrets/stream_ulfm.age | Bin 3194 -> 3304 bytes secrets/wolves/details.age | Bin 2048 -> 2158 bytes 31 files changed, 181 insertions(+), 166 deletions(-) diff --git a/secrets/backup/restic.age b/secrets/backup/restic.age index 8f7c0425ea8ab0fe4651961ea1c328003fd1f320..00a5b352c4b76884b9e7cc035f3ca3b787e091e0 100644 GIT binary patch literal 2980 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5yYO4tMrV zwk-3>a4roEF19ptDsf42Np~wVH#K)HH7qqwHx4TmBg=v$5jCN;L9yHVx16aCIwlGY^ld3@<4uN>9u-E-UsjF^mi{PYnun zNlLFY3kl^i$g0fqO7@Nj@b{=H&G9X9DR<5_H%Up3NH6fy4~Pi#_R4eiEziyO2sS{s z%{#2fqNrTKBgE3ZQad9o+{oS4vC<{QxX{(v#Hlo_&@nPBFWAQ*#k1VVGbK2(GSrpJ zIMEj{*E!3yGz}vp(=rncQv((B z_5Hjflk+S*@{HUf4GfBl%uHP~z1_<*D^jx!f{b!4gG=JV zt1A7q^*xgdQ~b&kJ@X1oBHfHb)5|l$T*?jIf|5(pJ(4l}mTPVp<*1Mrp5kPd6Xs}9 zmQqrXmus2mn;ueR;g;`J;+z)hR#_6BTjXCH9^{?vp3bG678PRdAL46X;_e#Y>z`a^ zQ0SU&;$vZ8Qjuxq;^`Xcl3Q6EVwB^bSB!3(zI&2sdZ2=tYi?z5d0|GVmx)(qvZr5_ zxqf24shgvJdSpO$zEP30Uvg1sw!cq7ZX{P~rgMIxcTQoLxtEJiMp0T=L`hUwg;Tn( zVV1sWMUrD+Vpe6LX=Q#&1V(=IE6MTGcT@aCdQ@sjG`iXt;NTuS-&BGFL`=P)Js& zOPYCjpmvV8MY6Gbd2xEViHEjpT12LIvRQDrNqLcDx|vTdhTn`+i^4t16--0QJwp>M z1Eaz-N-~VH)3w9HUGvk614<$+jVuDpoReG%Lo3aEBC>N#xZEqfy$u7+vs3cRjngXw z3Jt0Xjl5jkLdwiNjE&7q5-Uud!jfHlv$ahy{8k!OF8lpo>yT}>S&ha z?p>AaYhIXGRZ(7H=4E7%k(cM166WKR>z|&?Wu)y|Z0Z{7VUcIyT^8!%n(Szi6`17b zX<1yASY(-HnOb3%~@HaBc%rh`B_K%44F!eRIG>bHKE6VXp z^bg4~LAT8#$sn^JP@%FiG|k<~B_ztHyuu^PIWNF0$Slb#F)^&f)!5Y2HN8A5B+J(& zs-iT)gsaTJHK4%D*E7k~B*@pSBq%SaAT2vTAUh>0Evl-_+|($m$X(kd$jHYh9o;tL zf*gJCas|(*lw8mBpiq~bQdb|(#Nsr=LgNVUvchtsU`z8%!%(BtV{5`Y_iqbuTi_4ueBN9uDLL%J*xeSfV%9H()f*h;D z0@E#1-HIa(-O^psiwwOA%QMT0%{=lg^Ml;{%Z=SJ>bFo=v$W(ug$Tb&)1Z9wkmQ0Y zlcFk1OTS8wpkg;){oKIBWNnLp3S+-uCv$iA{9wa$E{~83*RaG&qjF0pOA{Z{lEg?u zZ9m^iU&E-1q7qMk?X&<#AOC#Uil9u4c#CvPtZ+_ONJt%K%1UuJGPf+O@=Nn_F7vI@H#P9&iZXH3E)59t^T%7Rsc(?z?VVl`>|EjPQ{m!SY7|jy>FeTDV&IqP?P^%g zl^N+>R8mwD7?|kcSn2Cu>Fk_pR2AkP;Nj($otUF-tncq%;Z&TK8kJVgrK_u};OM1q zlI)Y^Zf25~=HZ>aV!d$<|X=@m> ze}|jDT^V~tr*_S@g17$)L)&LuWm*tCA-t$2rJG~I$@}NZQdIX_o_E}NWO9qTZmhkt z`1)TH-Dj_F^7FEhl9>H1o3VP2vW-_tAqQi5$|_f>=KP#j;e9P}+DlFTiS&JJvC!Rf zA%6v@zz+Vu4ihxwmQ`?g?Ni=2J1yhFB<*9u4vfAle6u)a#Icy4|8V`Ylkt%gC$!ai E05s#mr~m)} literal 2870 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5sZk%&iDF z$~W;U$ty7m)J`dJ2@Wm`%uF%O^(u{w@Jw?u(+{#ND7Em-wcyH1^mlVCaw`Z3Dk%&I z2`Y2(baE~>_74p*_6_mPHS_j23^DUf_b$jX2}HNeB%mrPKV2a=u*54kqRLr2%)}|G zFvH0xFs-=6$vHFF%d8@^Fgwu0skq$TCCfK6$bc&>!pF6$EYmo*G~LL}C)M2~%(*l& z$+Iv#)!#KIworG6Tiq}lgPvzgJiC}zzC19s`4za!i)lQe@}CZbhnDMNV80{oDBUk zSO0YPWbexC0?$J2Vn=k_O#M`n>{Rj-rstC-^GxW1e$_`F5NOK9!FiA4@uqe}aaq$XuFXnPA@rkGm4GKs~ zF*i3b4KOuz56*JV%=HN^%&RahtS~Alx6pQt%ytg&^+orazI&2sdZ0p8j=!&?ds0SO ze!01OnqyQ*Rgp=gpP^r9vSW(3NobC-hq0?!L`a}Pjw@GiWpajPWSMc6c4>i8NTG>= zU#hubnwfTbhGAl&NkN{kvx}u?g+ZxT2u3RLE6MTGcU1654lUP?tTZt2&NVR4O$_ob zO4Ltx3$gTY53=wz%@4^mFbN7aip&cLw%|%GbutceO{+8tHS}`JkMb&Z35fJ7$}&kQ z2`S79GIq*M&NOuMs;CIbH9+@UnNg&HrK5tMf4+r#NqJ>PVYo+HnRb$ivtguTl%Zc~ zW>UI;Sa6n`U#VekQBZ}SfiIVHYJo*Xxv8a#L8zm*Z?SVkuxGGysB4i~VMVb|Wk!TS zy0f;Uxq)AbAx0{R2rhCoD_008^7gGV@-;Vi&NC~sFewOh_fGfoi}Lr5Fia};O*1GB zH+Cuu3CpZ773J^ld zkZ+Xb99dYNQ|9L%WLD~)p5zheZIKe0E~+hoQ-ZAfteu| z7JUIi}Z?uCWnRi4RSe#ySBsgYIQZV_PxB^Hi`nMHv) zCVmB3nV6}hAV=T3T%n{;+qA4C)iBl6IUvj+T-zrw(=^#EqtGm{I5^7HJ2lO;z|=F# zGAt_Bm#e_VQrjdY+&e4CN88B9A|o|XJ0#!0Fvp;%IM*dT*~KHnH88R)vm`MeBi@1w zU7T_q71BI1ssgJFy-X_H^Nq8@$~}GEObbg33bhl>^~=IstFpo~vqF75(zPo+xhxB_ zN}c?pOd^siN=%GBon4)>(zSzKv&(YBEh8Nb-6~8?9Na%$$leeSL42(EN~q!gAw$^mvPOORR8CS15E1^UL-y_V>>z z&o>QE_X^QZag8X?OAPZ4_w^{MG)ZzX_sh0)&#bH{=PE1?iwtuO@=FYM@-MG&3`%he z%lFDDOExpm_ckpr&I@n~%k_!0h|u=Kuq`#m*)=s?p(@m}xGdjW-?PXkqcklq#U;C< z)Ga;3*e}r6!zDZen=BB?O3$fz=zE63l^-`zXQU%w=!pwu8YNk1>u-y|ubD&5;K zAi%^evmn(o++1JZEx!<>oU|y5vUCnq@OLVA5A-pN$_omquyitaObyC5PBJWT4E9ee zau4+?D)1}tF?F)gcX7|=(vQ&h_sq>KPfe^UNzVu{EAme)^{vRw^K{NCi!`z*a?dqM zH*+$L@DIW$Cp`;%T>Q%wjEW12vfVB6^NLfvk_}V+L&IGHGAs;2-OGz23`0UI{f!+f zoV80TEOP?63M|SZlTtI&qavz|Or3))tCHP3N>j~?f-8*uQ%elY+)6{!GJT6nO-c;7 zbaizV!jkigQw>}kL;R9*^YqPfEHYhFll9Zx42^ON@?A^{gUr0VqH?nRGLtR1`t|lr zU1w*A z{dOoxny&J6`;*l ssh-ed25519 V1pwNA mN/1o9VKKc+kBc0s2DEmjHJn6AUbCQUoaCsvswNHzUM -SlqlUx/Ok6lrc71g7uJYG4/Y+DG9nnumw0GsHtFH9Ao --> ssh-ed25519 4PzZog Hm/dzRXkAtX8iopSdsrRw0rIAKtagbRtS9zGnFZdjAk -dIhBGvUOUd7SgqADywQnnv/lggussXa+AxOdxI/gp4E --> ssh-ed25519 dA0vRg mP3xepL4DnV1V0sYrS8n5a9XFaY3HlYn88IjukBW2C4 -KpUv1UGZdzx3kHH8LlkqCIgGK9DAOZSyN+bLfaPABcU --> ssh-ed25519 5Nd93w E8tGoDN/aQoe9gmMkIWxB7vsgQ5fJ8WzjO6+NefmcXM -HY65eZHHm3GovuZoVgOMh8kveA1aaxyYBvXDMuw5Ry4 --> ssh-ed25519 q8eJgg j86zF1fq/TSyxl0CTlvnJw0MJVVtG03oqGDumyovogI -gNZY0eSlLIstaHlbY/6n44/BKaQITXqD8qNOJGotplI --> ssh-ed25519 KVr8rw 7T8vLuXcc0jrtvQTu/FU3ZZC963YkAizU5Q79OQEvxg -R9YC1AZsrJa6PZ0Vzum9TKCwFPd5EWJ4McJqtNgQQ34 --> ssh-ed25519 fia1eQ bzqIMpD3LmkKUPRZ8HibiqJDZfR2lIcMCICputpX2w0 -2TMqO/yxAMPB4b13/r6jBytD5lhbhauxTrmCx95w/4s --> ssh-ed25519 3pl/Kw 9qEhAIqJFP6XrMsT5ju8XQeG5dNG/U0/wTUiPYT7xHU -gT+zRjaAhAK/BUOZXAWNUq90F1I9T/y6qZuGRnbHroQ ---- QGGO/WedFvcHW4JxdpMHP1PbfaB1ITP4KVb5vWF3Kzc -Y@/ܻKhA@0K -.uq_9`, W%Tn`Cʯ÷1n3?ŹєǍV] \ No newline at end of file +-> ssh-ed25519 V1pwNA kWC0Tr0nlHEelEzS9xAzZ5UwI1vTgeaBS+zQJCxHe1A +dcVKgK28SA4abje/xfC2bqlDzrkThJh0hpsyCtfGPDM +-> ssh-ed25519 4PzZog H/hrMeDv4EmuSvR79vX7spZyF6t506ZKVHWHl4HN1wQ +E4+skv4K1fTqG1cIbRqRr89Ti6D78wxEzap3Sl0UZU8 +-> ssh-ed25519 dA0vRg SgmoRqftGwIG34Py02bfdEv2HlI6fPBiKmcBmz2VaiI +DKzlODXbQf9xzUzJHlwtIZbGw3qG2ApfssEF1/nZe+Q +-> ssh-ed25519 5Nd93w Q8fxVcYwxbeXJzpKCOWH4/D3t8bWSUm9E4spASzIKnQ +80fe2FiI+5OTojxu32OfFJwS3l/cMPr+5tErOr5wmcM +-> ssh-ed25519 q8eJgg zgw/JH1HOdTE38Cr/61gcGo6OruuFUCAUJ4wmNHSXWs +l7ta9JGOwCZCjnfui2Zo3PVF+Ge/UoPL0xm5lZ0GGF8 +-> ssh-ed25519 KVr8rw CcJymhaWM76X91C0ECPlZqaN2IARwxo1WMZRmlevnzA +syAw8YySWxtDonZ5txKVNynCdziInCzy4u5kv6mH8PU +-> ssh-ed25519 fia1eQ 0ocrOjhQ+CEJK8Li3rDegYkMXkBpjAAStjgvVHGQx3Q +YORVM3sEbE6PLVuwfMkxe9gYqTVVT7DGoG+kQcxaPiQ +-> ssh-ed25519 Km71ZA 9W2stpyr/9osFppfqBDjeDzZ6ltU+spmBoeWJ+I8sys +C6DGgwvbwW0r1E3L6o7LUOnPo/n8Sl8tGzm3NlsXGcw +-> ssh-ed25519 3pl/Kw pm1noozCEdPbd4f8rkSD/gicvfWTEN1kvYp7TLb68Uo +VH2XUbhIf4nYTmp6rkGt99RcI2xxa7F9QXmDp88r1CY +--- lNlQ5pwix455easITfJ8dztlPYg8Pi77sbAsOQF19dI +#@3|K%kxL,5x/QTbz j.7-]2b_>NJam^ C]Vvh|D̀" \ No newline at end of file diff --git a/secrets/base/root_pass.age b/secrets/base/root_pass.age index 2313336437c6050b924be3bcd8aa192dcf6d1356..92697682e737cb17a5bbdda6411e86a548f82acd 100644 GIT binary patch literal 2959 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5zJG^C*uj zuJ8{}O)E9fHgiu8b1cuSEDATxPER*BO)d-y4|8+M^|45)u;B8k40YEIcQiE4H7&>q z)-Nrx%yA9%N)7SNFSGCniF9@>D{?I|)DH;@4@9@kB%mrPKV2cU$UoQ5B`Va(vm(gd z(BG@HEU6@|%sV6^-?+@6Fv>*V)v2P$Dbvd{$dgOI#3MM*IU+JNF*!B7G&9S|-P6Q3 z+@i=WwJ^iaGu1r6&A&V}!qd_yHyhoy6i0)ypmc@MKm*GvH;eG{@bvKHurkkb|H$C% zGK=ES%!0xQgFGk8oD_e zEKI#B&63e=E3`=UN>5h^C`|Rqay2r_GjVk`w)83wE(`H@%l9ld334~eDKJeojS4Bx zG%zkn3(Dt;sL~HH4vNrr)-OtOElf2v2uksC&NXl~%1LzbcTe%iH>%XvPYI5+FfK;7 z%{#2fqNrRUP&=u-EKNJj*eu&JJ)^)q!=lP9CC|_~)zUD@t1>b%q9h>7JHRa2IVhhi zEz(!JB2qulxgfYKGC9d5*)1S1Ff|}M*rF_~D!3xDEXBPr)x$C()6)XowzSMd!_+{9 z^qlN0V~4YV@@jZN~xD$|O>GD}U%lZ%Tj)AEc$GJ{RH!o!V%j5Etj!cC)`D+)rq zy(=RELQPZ4eG2@tLX#t^l2e?#%>1$ zu1La2lM%s1j%MWwX4(N>Q2}o0{;8=>Cfbf+#TMqKWmUPwMLuao2DuicE;%77u70Mb zj;_Wua+qDG>n{W)YzU#@Z?6sZpj*rrsE7(l^7y zH_}nTAWT0nImOl3EZ3woAjP;Wys#|L(lE`_KRMagGbyV$CEwDbAjCK+J`FCJi?dw$Om||p-6{YX%Smu^*5fohE zRBY&KQey6#R+(E>QBoOTo)nVq5>bwBn{%Omh&QM2JygLOpQf`^+TV`mHn3wMu8sX_`oL?C37wG63Sx}Pd>2DMo=2@7T z;pCX_7KM=mJdzAD3j!5N!~If9%fl^7qkO9zlZ-N=0t$>P3_LtdJc2BXb3F6?aso13 z&C7jDjY7G?L(B>@y^5TR!jp_6JSxnS@D6AqhvC^o@Fufupvz#j+ z&)34c+~2Gq!qGR>EiApFEYdg4yD-o+(9|niJ5jqZx5&)fGQ7&M*bzP6f(u=oavc@C zwEYZIoeK<8D_kO+OG7NuGK#_@Ljt1G4KmY1lFUl;Gn4fbeacdE%9FXW1HG!elYN6d zD++TW0`+r>UBj|N%W@+!ohs6OOTB!`i_9wnE6c*XNN34D$-k%`~h?u1w7>H^_`K&NAV03d#x3)h}>y4fYN%@zU0= z$hRyk4oa*vFYpgc_VP3@$nexQ%J9<)!L zI3m?6B+4VqEHT8$)ilr~%hJuu%rVk9Kh%ON*C4$(r!3VwH8|V1Alxg=%r!kdT|Ya? zu_DROEik3PDAO-IH95*9(HO&TsX5NBsp$%dNr~D10S0-=&MB3KIUeo?j=@zHmi~F> zm1Tz6#yM%31!bn8DVA9|5f)tO2B8stVMRf{-o>stC0UMDflB| z7U@yNf!VpGUKqAnlto!O2P$|6o269+R-^`Im?wKD`*|BimPa~An1>|!2IZxcr(~uD zgqNC`>E{JiMRFAsXLxCQh9_sFlz0_+Mf$oq1tuCLW_tM;XNKvg1o=DXCsvr5I=O_K zV6?eB3w&Js%N4RK@{$~@60?K7U9vOXBf|_T^GqFmy!6Wq^pkS3a*cy?ode2}9epfA ze7XGcLVZh0%|eQd^Rf#vDkB5D5-al@Jq?@epPw0G5q&sY4{+>)Ge;;dov+1RJjEv1tZ*qgS$F2A^zG0k4`(y}vB%O@~IZPoat z$@f}Ee%YBxzwJ-7?B%{8t6sQ6V*kRuW~u+U#R|_JvQ3G1<&R(a``9DLPcKg}PHva~ l!^^Cw6h8Gp=1di)EoG-T;Gtzc>H@ literal 2849 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5zJmF45Nx z$g0Rl(YJ64F)B+p$Dv(P!q(j(a{us9_rwW2sG+?C5Yz$@50F)%TpB-}VP!_m(qKhdq& z&!xD)(KXrM%rPLUJSxo7%P_^%q#WJ06i0)ypmYT@Uzf^EH?#cgv`Xhh%Pj5Ug7Rda zAj`1u$h4v&=QQVZm(o(p3YQR{j6g1f^yJDw{luWqL?746!Yu7FlM1I`ZBGL?mm~u- zFV8H??25pOqKqW{s7Q3%O#Mv)%n7v_o>TQ!P^5OhSqx!V9yEDnd*0Oe2C* zT(Tqb^*xG0Gs=o8D+0O9++6kZ!z(@Y1H!en158~D5(`7K3f*&3viyAuT=Eh_J*omK zgM19bEz{9$E3`=UN>5j?@XAXu2+(&ki%O0PHYzd>PBTc!EHU&?a`JOBad)gJ3(5*| zOwP&9a`xm3EH@0u%BV`oNOX5J^ouab4N5ULs4y@!_fBWy>3JWf`l;mPx?Gj6G zGxL0-iu^FAyzH!`$gGT{tP=Br;>b$hs#F87iU33JP*-%n>ANSHrUxpd<`%dmre+wp zriY~#1V-glWfb}vYnK^0m6{tTg+`cFhB>=dhKE_YRQPh0C0pnlyO8JnQn=2w#Ar|+oXW~y!CUG7zwn-@@O>gOEl zk#AuZWR{oZ;U1Y7m=l=f7Z#P~8xd-mSXIvD9%$y_?vYnm<(->k>Fs7*5@KFeX6BUT z?(Sh;lw*{Y9}wQrpM~MKGNVWXOGky!QZpYTzksO9G#97P%FIH?^b{}W(v;+K z*JK}K=TNucs`S7@XYJxdk5I0ZAUETbv^;Ik)PSn2qB6I%WGC}Tm(*y>5nSYGR<4j2ndBE9>KSG1my~E?>RKLJk>XpF9${h_RZyPlo}5wY zl2H{FSe{#&mCfasVHxQe?CYH68t4|4TI}!boS$19kQEwWVd|XZWa5~Wl4TfPo>=8+ zgi)6GW_b8UIw}~1l%)Flm8KaNI{8MVBxMA->H9@gxt0Z1_x_c!CrKaTSCmEKPW#<)J`dJuQn7L+0nMGAaxi}j+xffQXI-I{Sfy{Kvqec>c3NO*g)f(rvtzEI zYjIwAMTKE;WwBXuphbjZVQE%nQIKb1nWL+bvy)?`vqg5Xc{aLjrBPK*#_0;#j(%og zmPw&$i5__troOJJuH|m|M%e)=!9D?nm0p$}u4zFo7L`#Ud68Uckp|vDmKl+`Zute_ zkwGr{{;6r%S;2vZ;bGw^f$3$2NzU$mX0C-k!5I0?xzInvJy0Rfu+Xm{z&kvt#MHwh z$HF4X)z88(vp~Dd!Xi93(8Dy#)!4+S%GWR=%#|xIH`qDNu*@l|$fPJTr6k$U+&L&H z%A?4{Im$Ftzs#_tz}vkjJUqIx1w9XPQP-6^3L~m>ZQBM}`M^nIu{G zWSW+h7>7Am6}c6c7da)Hct)jGWOId=1bY;OnWR=GrRA9BC;Ap;RvEeGL>YuRnVFfp zIl32nR1_rZms#ZHB%_CVMvmGPHB-vxl4FxaYdy`Vs1v5fvK^6c(#R4 zNp6~FL@2s##sxY0-sK7zdBGlu9{$A{MtOl*d11cA#f4?gA%@8nIf)r25$4(fp{1TC zAz5yrq1jyihS|;$-l^us`XPoz<%xwkWo3DOMFHAD5eCU6fi5M9?%Jh60VRGpnHZ@g zxX{HZ*HOWsC?`8PBGEs;ywo!>I5fZ`B_hk%I6ctFQ9I37zbeDqTfaQX$Tu+2EuE{} zKO{LgDl4bbq|_|S$S)&ByUfVAFfz!?x2nX^$H&CPEy~-!z{@qs2qSlgx|*dW2Py;^ zWEMx3WmjZI8Alm9Rhs4{yBQZ*1|?OQCZ|~>78ZI|6{MG&RAib*q;usu`-cQM8d#Vc zSXP;u8e|v+2bCLnrn_c(n+FEESUUMS2c`!WR0d}GV5E{rx5NtPbcKNAfDkiRKg(>> z@J#Je4~we6;QTCKgJjoC|Iom2;{xsc+@Pwe3e$*?WUj!Rh}^I|3&Wrilbk?{P_Kf} z(gHV=0`D@f%Jjk{$J|86vd~adqtJ3=jF3#tadu5jSBOkWi6}^Q3i1zeaWTs-2sUyK zHVh2)570MH*A6Zz&nk=x4KXwI^UBK2=F&I!swgTmHq5s4Do+ebbqk5ouS~Bf$uY2W zO0Vz^%nWu(%nUOtv+(!E@S8$npZ@gU#fd@cxrNvPoT4zUrK7WSyDt^ zMn$QwuZebOZctQ`Q&wOkS3s(>qib=Zxs$PbdP$^zs$aO1OHM$NhjxxnmA7SfmWz=^ zuu*W9Q$(^adYbes@Nw}kSMYKVcdRNYDs?k+EY%MzaI?rYO!SP%F(@o5h$yuvGIUEb za>)+Xc1?2fQI~+Zpsuu9p8fLwwJit&a^3ad|WU<15Q}#4TSr)7@uZWv*i7p|=axgsoJ) z`cOuvJ=1fkdtsu-oWIkaZ~0o}e`=B9^`l>PBA>_9xb(f1>f93PU)sN9OPq$;jXKuP sOHK*dB`&+`u=j*$Vd#_3A#ygC3^I!S14EW8uMIvm{rBd&qEi_g0iCI%&;S4c diff --git a/secrets/bitwarden/details.age b/secrets/bitwarden/details.age index 4777128a8e12ba8668dd82eff7893033a22bc17a..173c7e3316722934efbf8f5cf25cae1839ecb2c6 100644 GIT binary patch literal 1265 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5y7*b@DVV zvkXcpbS-sv@iTQcDm5?9&@S=|DDudP3`i+XGpp1$_sPk~3*`#cH}ov7@OG~#E$}dQ z_cQf!F{yG5wXDdo2+XlecTUMnvGDbYFmo}ea74GwB%mrPKV6|H-ORnHvck|H%P(2q zBd5gJt31uc*f=ybup~d*D6up*#3(y5Br(Jy(16RR$h@S;$IT?y%%eQfB-}s1Jjoz8 z(k-PtKs(hb%&97{&^XyVP~XfgFB#po6i0)ypmYV#h^#=54705Cau<_|h-BwPBNy}V zqyV1~m%^~Tz(A8oGiQ_1imCv&3{Ni8Fy}}kOYMR{x3J2>Y>%LDi^2?pbf1V+?*QZS z496gIS8p@l@&X@Y??80hO#M z5|gzHgCpIee6k$P4PCh+tGoj}L(N0;U9v1H!~OG0&GPaJElmR~(~(dE3`=UN>5iX^+J{_b&=fEJ`EFr)yNawwzSMd!_+_p zcPB4nUqkm~7Z0yW{fta+?eNk-i;yy>L=O}9R8trCG?Vml7w3q)uuw;?tQ@y|lgiM< zTt_dr+z9_%kG#m-bZ5sR^T>iUvnc(fsC@0HK&SHJ;0OzJ+q`ql4Wk?tA}jpLjhy`r zi@f!n^-~HA%hJsZN|TGL+;Z}bea(%GEVH5tD@@JvOtbU30zAw7TrKiLt5Thc^uvve zvoaFR@=HoR%`=lSyqrw4E4=&SUu2i>otxm^=|8vy-NHKHAJtF*x}QEh}HM^RtcA? zd+S&>P5k`#gOfm;K<{Rwg39oK_1s^~*Et*)%aMG%dfi%%u*1)eRVXFczp_r)QDVz@ zf7ThtW1)|D`=way69n%*TpDN@*UI+&vB9hg|1!yaEs8M`wYNM^dK)Qjk6)};_Nwlr aU+bEe-17IBA4o99d|>^z@6P4R=NSQ(fU?~H delta 1069 zcmey!*~~dXr@q9rI5*F|!rRSJzudyLGBBw)xzNqX!_%aqAk8Q-(K0Q}zr?*X)U2{9 zkjp5k+|SR^yTr{jz}ZdTDLJsnJSwO#tu)-gu);Mtpd{PPB|XG1HLS|Km`m4Ap}06h zH#Nn`)YQ;Y!6cw6DnDHzDAh98Jv-Udq{=U~)Uwd9*e$9u)uh-hO+PEqFweQt*&;o) zASA;y$0MYi%f!Vg%b+;GJTJQ})HTXEHQ3!Zur$yjB27CtF+A7Qq{7GCJlN6QAh0lS z;z#lD^eorHyriHkUr$fZ#0odd;*dncV8cqof^4tc?6jc7z?`)3EY}=MOZP}F_k8D& zuz&(j%L45T6N|_kBk#O$zkqbl@@y|(^P==B*R0~qs5H+|KhONh@r>f(k%@^GS&^QZ zCh2LxLE4pt#YIl0+L_75MU{aCZYh3|=@G6`CD~cU{vr8XuE~Yv9;K!QQQ_u^x%zp9 zK^b|W1&&3Yk-3J+8GeZc{)r(~e)`(^KADk|&oYYFr}-r1yOdUDRh9>a`MY_W88}yj zmPZ7Ih9wpi`e+yWyBS1!ng^5yM|e1LSwv=pm4_8pWv2yM24NAQAzHp z^^T7D$$mK%nUP$krIx8qp83TtY5M5}r7nTN-e!>|21O(ej#3I##!M$ z*`Dauc~&|47CI`JcvYC0Bv<-n7JFoR`A3Erh9-x2dKurrB$YL>FVk# z7zT!vT3Ccs207(h7->7@C58AE7h9xry^hvx*m5G~ zbI-J*qUuf=R}-JRzvdRDa!<{jZEZ7ugWT2SPbXB=O#gCYTK)9gMwhvM(=27oXJ0uh zGRZ;nDi`a2_W0}5*YjSt|7P&;aJq-ad$l5_#+-9q&w@>_7rLxmzwhJK`~2%GFLK^1 z`5g1>(NsfUg?5);rvf+g3%WaN&fQpd;hpcIydPq#nR#!xJ&3q@!Txo7dGw9id2>&k z)rj@>N#r@bypJjPf$rAFDjE8-q-O~xJm$&TZ2B+9Xz>q&x7 diff --git a/secrets/bitwarden/id.age b/secrets/bitwarden/id.age index 4ea38d7..a2c3bc7 100644 --- a/secrets/bitwarden/id.age +++ b/secrets/bitwarden/id.age @@ -1,19 +1,21 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA H7YH2bTxZIlSQR6h9LTj/rdgIH1FzrT3zGujEGWa/T0 -EB/hy708s62jz9yhqVMp/iouRC3Hf/GahvtZzgTK6Uk --> ssh-ed25519 4PzZog 0UlgzFAlGE4dOOHlGaI9DNBu2UaNTGOzjICpA218m1E -guZIR8Czh3zt4W4mKkHzp0VzhdK2nzM1hDB94t4AyFY --> ssh-ed25519 dA0vRg 7J2jo8Y7mlp91/N41e+cuv4Y46Ui+DKnNhfeXd2dsj8 -HqAFiScEAKMK4z4bfx+7PQQJQwm80GxjzjBghplVQtg --> ssh-ed25519 5Nd93w VIsfbZTy3Ima3RoXrVDmzm/bBlPRT7vgzwKLkQ+7WCE -ZTX0Gryg/XoQ7Pu0jmBb0MBKv0ee6GUFuOj27SThHIo --> ssh-ed25519 q8eJgg FOcmChMzV93MYDuFEraXcksxUi2YSxM0t1VXXmZOVXk -vBdFZBUquAmb1GQV+Gs8wLzzK0IS2yV/o9cnYiMGBPs --> ssh-ed25519 KVr8rw qC6uMcLvYz4gIK4Ajrfqzr1PBC4Iqgw6elBPRztTUzM -ww7UnTYn+ZwUwTg2xpNIp9cmPCxRztn+NWGzVfSgCMs --> ssh-ed25519 fia1eQ o3z/yAM9iwIYMJnmp/uJ/ul7nNp447VgumnKzSQyvig -dUXr5Za7VZzHJSmMwUw76TptIRHdtBRdHv4IRKfzZog --> ssh-ed25519 IzAMqA otPdEEaDoxx4CiZkn+Ho+Vp+l+BPC2a5vkSv1DCg4Bw -FCFjzX4tueayqW2vhzowZfntufX8uR5ViGFH78r82J4 ---- Tnv8fDlZG/DndtKdjbuxPnw6d36W0lZ0uetXa1VcaOs -5m P_\@%ǖ2ƺMCyz*=QM>X3/1 4A5(c4gf,k \ No newline at end of file +-> ssh-ed25519 V1pwNA 79HhvqifubFk4bhlUPgKbgSplC41o8/uZV27eaeM0SA +mSJ2rkmOlgXyQAXj6pbFoajxCwPzKDBUWRPXqvHrW+8 +-> ssh-ed25519 4PzZog w+6c3JxUfEkgvDz7pq+451XSGC64TCNWau9zOGajpjQ +mEdXqG+GpaYVj6ICYPkCyA9ZRNmMtNsxWNeOpYOhkF0 +-> ssh-ed25519 dA0vRg Iy3bkGWSkMvk3wH05ETCFqZzUIc835XyJGHXlfmG2VI +ShexjmkSwsEgHR3uj+sftcB49zbp2z40Mi7NN7VYcII +-> ssh-ed25519 5Nd93w TM6CtcmxkTqQTP5UVD/1HPijQhMQsYdPrknDREwxtFw ++ld4GvbKQSKAUwMYzDSxtZqiN3OdnWlszYVzOrMbU0Q +-> ssh-ed25519 q8eJgg UgE7W6Lf/jdlSs2TpZNX2wRTY3iwQ1MzZE7zAN5Abz0 +oYf9iiAeoVg4RLYWEvw5xyGevxYQiiqELw/NLiBCZWI +-> ssh-ed25519 KVr8rw ZtAdKYXNsNCo7MzfBlQrax/sWItsFQtEo/tESJaviXs +Njql6s/+QtIbBmsbMYllDxodpIaBnRaMoojap4jUVwQ +-> ssh-ed25519 fia1eQ nIgFm64i5MPK/GvKl35nnXOO4hoD6+mFzJsFeB/6ICw +bJoDOMX3ek/5lVLeI1v99C24l4EwFcXIFAAlTMJb+Co +-> ssh-ed25519 Km71ZA sTHVMQlRs5/xewuUa6yFjuqCEqmWlekSwab0z4OWJRc +ExJw8np5XfBSSLo4cwwYoDoi/GxSGKkTn5rcKdMmI34 +-> ssh-ed25519 IzAMqA N6d6EYxr2LUzuHrH83h06JE5MGPcqdAMixJH3GZed0Q ++dE0EBX7jPvMv2qMI3mIuiM9TrhFYQwwC/+Ta+DiCNY +--- g8A4+bzRE56xnD8tVagvXopX6VlcS5iJcOcKTxC0ZGk +K!'_*VEJɇ?{&\AurAXwgzƠXÚzؤeN0&ɵ$$&Ɉ: \ No newline at end of file diff --git a/secrets/bitwarden/secret.age b/secrets/bitwarden/secret.age index f48af48ef1bda0cb2d10b69f4678b2d88de6df4c..2b24b470bd8a077ef66bfa24c92871f9628777ea 100644 GIT binary patch literal 1122 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5sZoch1cy zGW5+daSHR$Ht_W_s&aA;3iJ(&bo16ubuBP*%t(n02@ej+Ea!6dF?Y!cj;Kt{O^qt? zD%Um)_SY^8PBZdzPuDLFaIG>e(k?Le&nqc%%SX4(B%mrPKV8AYv#_c%C_AIrGu=PE z!pSen+t9-)#3|IXz$3sV$~D6?E#I;#H^Q~BDwNA8*V4n%IIGymti;R9qukddIaS-j z#lt+`C(XFZ)hRX5xH!bP%A>$PzyRI06i0)ypmYVpa6{uj)7%I%Lst)DLnmK-H`i?Q z97`jge0|gK(tKZ^d}GV<-14xja1*YgM8A}f;&iWM@0{|&TqjrUsxa5AG#|6DfXXV5 zjAY*ezoO(Evq&?S+(>lWO#M15njVd<}%t_IX z@C!CFjN~#iE%(X{&M8dEipn((C^m9QH*s+?@Tm&$NiR>13@r0X4=M}FPEE>jDo6L5 zcUX}{QMp2zk#ClxV_|M-xk+epdRbO>P8SW4Xbc0 zE-7>hF)u81%g_T3QWd#YeM)}fd%Y8>y7ynHe!MC#Z)&e`s-}Uh gPwqkKnc}~@tna<)(b7M?@?`m@3yTey!V0DV0A$H=;Q#;t delta 925 zcmaFF@r8YYPJOCVs9|PFrb%W+azMD5Yo%XhK}uk5d9F!LPPkz}xPfDEdPZKkzQ0>| zI#)@gS$0vOaZzDTazLeLPH>8aesE#2pP#3Xv$kd{;7#><<7oboiS%JcLnh)VM>4KyyX z^!N8kGY{8KN-FmD_AIGPwM;Y!cXQ0QUiT`Pj3T%Z6nuEeed+LD8Hn@iWD;w z$569^N`tBbPju_jG7}9`0~NB2Q?&hx(@KrPd?LL-|Hb{7lQj0`s|i{0;Se1AV=cGXjgXBeT52+`_!P%_?(zt4a-v${ZalLaItFN{b@0 zBGS>V^Q?08Ep${UaCddpx5x|2$xQPJatSjJ^NTEWbTe?t%{DYDk8%z(bf zFv(5#anJRN@C)$>EYx<(GY&O(it_SEGA?pAaEVMd@ee36$}lX+3XSyS%G`K&%f_>6 z{(k~iEstCHH_a@dD5SK|$1)-*E3@1z zE7?EL&(koJOS`hlB{4@o#h@&wDl@4fu-q)lB0It`(jv>G(y}T!J2Nn%tgyn!&$A+X z;z#jtFE5w$N{fn+f-J)*r();QLa$2a3VrRcfTBWu&+Pn^%7Cy$)2c9I!|Xt=KvRE1 zpWJNAlHdr#(CkQy>@;6*gMjq#tfc%5?Fz@L?7}jq(4s2e^emIf@r>f(mXS%BzKLG? z-Uc2?#V!&4B__dP1!iteMWN|MX@Le=VZp^lI(ZZt znkHuDd6*@a7rU7kX5}~s zri2@YIeTTKx_FqTC#E{0$AEWOkwsCtLa>{DQb?w+nUi^XWp+wfU`f48Sb0QlUT(RQ ziKkDVXR=#aW~f_uK#-@CCs%e#vVUGsv9^Dqr=?R;L~5v!ajPUnTdv}fePks{uNarkxph+*%3v)7N&tlX+@DM4@<_5<36-kz<&iVQg zWs&ICdFPrNMmZ`tnR#SnglAWjrF%O1n-)c-1vuq}W@NiNrWO`Eg}YRw;Q`S=Bem>7jd=DC#=IO`Xe2ZU6)I_oEU_5#VnUWtf#@kXB$BnHOPLkmeN@=oaSdKf^n?_6A3y ziyK~he&x<=npAS>+wRisqB=jO%0Ew1w^;ruabf4{7|#yjYfHW!@_rW0`dMGOetpGv zVaEO`^(#8O_>F9qt#aggZus9`#q+zueXZ?T2e+Afx_&C$(3kW?q2S~Kw%ZdEfA~JU zcx3;ot#_{&GBqkbuYB8g;_tR)C;2)yE8qXySg`zjUSH7H`x~RLFV89F6K_`YX$Yt; znDhKcZj9Tb&$*K9lO>8=lL9z(Jx(62Wo@o+`&88K{Po<&mt41g`{SOsNC=`NWUkcy#`s-;?)Mna*dJ zSZXioToH-6@OOPf?~S*)+jG6H2FZD|8jE&aF8H=sfg*!Mn1x;L}$ zdC3lsJ9hQD3#I#B#}`NZ(6Wf>30W?G#wcW+-|Z{RPo-_x7nR&)3wnF*@J rDe&~+X)mL{e9I9ipP=X<>i6O01&QR%(YI9?g|0j8DBK($ubKk@cY0-{ delta 1455 zcmeys)5J4Dr#>pJL_adkBET!%)HpINJI6H3&%-au+&DeW&m-M9s5H>a%sjx?Akx__ zk}JbA!pX-gG1I8DJkg~%qN*}H)yXI$)Y3RJv82$+z%o3;JD?)H(4)8@n@iVDp}06h zH#Nn`)YQ;Y!6cw6DnDJpOW#Sm(%8b%FDES0AT-<8*R3MgGC9ROH_|dNGEBcvzof9- z)F;5%J1%g{G4($vCP-z&`0E27XX)40UQG{7h_$0^j=!aOz6EGnqDD9zh- z;z#lD0+$SbXUpIaj}*&*B169*H#he@FV|e}!X!uc@-mNNW1|4~aG%`Lph{ORi;BRC zz~pqJsI;sKFVpN&&qBvgC!b8uL=%q`pR&>@x5`Shl1NKqH-o^*@r>f(nIVa;nP~-i zSx$x?23cXwDH+K**=9M3q1stR+M&J`<<906B|fJ4*+$7+VU>Aa*%nT&e)$pR=B|mQ z#^vt*`hk9)-Y(`Po~|wiqF1qJz&&oYYF8wEHARRm^v2fF2C8v7ZAWac{+ zR66EHc}KY?`Itlm8oGv<`6T%nCmUFBRTUYhdgTRq8b|n-21XfLMwu7{=BAZ|nmCn5 z6()OWTNZh`C7Fel=oc8E$AEWOkwsCtf@y?%alS>Ox23c2sewSBSHJQoco` zbFhVDW}c&2KDu>jnTdv}feL=%5iTZ97D;*DuCD1u=9TW=;n^n1{uY*I?nORE#jYiu z^`*(K!IqZ#t|nZ?=2-zAK7LLvX8x|(zD8B1iB5*85vGNyxj7-l9wDw(VNT^GKDo{X z`H|?>c~&|47CI_KdAXUDmw9?tdZ!yY1v?icmgo8hdYcv$rBp=}dxTe+dV0B7nkEIh zIE8W*8CL~F2D#L0=bD99gqG%(q?HC)W*eoYWttl~8TuurWa}s8mb!#`=js=8>FVk# zWO@YZr{v|hC3%|qn3reyWk!W18C01X1%(;wSL9Vy1{qm;mHYUYnHGj}^+;5DMsID3 z3}|Sv`09DyZ9St&=swn+IaBL@d-q$g>r7Z-TnK9@h>~#)to+`>X-02y!cY$ zTPr{R^Z83yQ+dx_G0$SV)A_9H-fPjIs*~HNgz4^;FnlT&`eoaz4BZWCo)g}cb*_z` zb$!2z7|%T6ch~=I+g2G{-=J}FzVV*Q)GgmSo>or$7IXRcEAHc`)P6^CPO;@)^u%6f z`L6e++z0B6Kh3P|B>m_LozeR)^w+AgOzCzZN|84nr;RUc>; zZ*w%~{(EOH|0S*)^;X`K`ad?DF7dv#N9v!(&gxw%uhVl}`0rj~>yh%6F`T=u=-uvvLeq4=8;KP1lKt%w!W<1~k diff --git a/secrets/discord/token.age b/secrets/discord/token.age index c6c06dd99891421e48fcc8dedfb1d6f069342086..71485f4f55b267a675f2b560b5502afdf12b55b2 100644 GIT binary patch literal 1314 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5w}R4fM(g zE_TYy$_uEhv`n`sPA$ui^fa_6ODu2?PBAa@a?Li)G|LZkOXo5U$P6+!D9gyPO!9M0 zEKc$cwlqz3EY5K^bBhS6N;9o0GfpZiEilh<&qlY+B%mrPKV2ceJjcV|qf9%y+^yU+ z#n`gSso1pGGc?`LxwNb*%_qeqB_}vC*EOla!-UH*Jt)b)vLY)g(5ukj&BP+9G}6?= z-6zMyz&}ObH96lWJt(}=pgcS@7sIv`M}xAUbOk53L?Z*Qh~i2MN7MY^0+Z6PfC>{w z!_*S(AVaf2*U&J3qk>Xx3k#g}KBV`dtb8&>XNY+;a}m+O)19ua7sZV~3^=j7xTS!fz%;E8UV zcUX}{QMrOys$qqBiEpM$aA0tzhp&HOa;jNGNn(*_XoZu7re`v8^MzUFXT8Mi=N@S3)QL1B#S-EpYx+}VEX_<+Jseuaq zNyQl{P9C9^6{SXb{-If!&gD^6DIV#8+ED?a6@dkLC3%)*AucW@M)_Pp`Dp=ZIVIjv zN#!{v=9zwpRjFAfrjce&DZZ6P{>dH{zUdYE!QtkXRq5!qdFPrNMmZ{Ex`!s0dIcL5 zn1!2pxH_izR+LnRBs*1Qc^f(B8Jl^AnOTNaW>y#`hBU$^WT1!BaTXO*LGp`${Hk9mcWV^LLscVL=VXkwK| ziMf7CWkkMlu6d@uL6&K9W>L9ely{n6NFbMIKzLzpL{yn;pi_o{Yg%ZOdzzzBfp?;F zR#B9PVN{TNT12>IX^N{?sR5U+uC79`QL1NHctMJfw!4vIRbW!7g^{0;u}grZZ)&B9 zOPEtPd-kW-G9Tb z)Oh9wq0==78=wC1x|{OnO6|rz!mFIUV^q5O-n8e;#zvx5A zr**nX}OO$5 zM3}R)TYzIZS8z#sR%p6Wuu*PyM3_f$fLpO&dP$LwpL3>hjzMarUrAz0PFiGfPD!ET z#E;_P$wuy_Ro(%m;RPZ7mBxX7DPDnQc@{}NC1$Q!ZoXB%Ar*lJg&8G&X6gA{hK7d8 z631FEvQoIK1bB2BzY-P}#hld@CO zjIx6reO#RajmwivolU$ljLp5vEt2%zBk~+4pJf!UPc-%RGssDHEDm;cN((5>&~`U= zOZN)RNKDNzkM#6%iYhYpGs};1sme~~DhkOAF9`}Lh%8P{403l*%F;JVDh|kWO||s$ z_i&Byj7%y_jwrM&C`z$Fj{)znB8#GO1=A=G@1$Z=bC1G;DE|VFVxxMm+|;O${J<>t zh{BAVD(_H_91m}=%F-04Y%T-y46l%?jH)c}GGmvFkkV8qqu`RXs@!5{SHDs-7hk`M z@@yXum#V_Fbad;|G7}9`0~Lz$lJbfQd^`*E1Dq?$B7=)vEAm_uoh@7w3rjKr)6&c; z>+}5c{HomiB0{-}s*23Rf|JWriz8i%%Y1#awJklo14F|7qWpr20|L!UO@lox%rc!y za+1-l^Q?08Ep$|HamgDh_qZt_sz64K*t-b5HW9@QcXJs?c`N zaw+C=^!6|hP06cIs`9fe4)gR(F)+0V4KOaLsB{j?PxLo%^6*b`jY=tZHw-u6($&>f zNJ>of%!@E`bIdo*@hwd%4u~+!%Pa|SwlFm}$~E>%$uSH`_DqflC{AcK$_g~qyPX%X72Op1n z%(L-l(ydfJ%bf-J)l$c`Yj5Z43n=-xc$BUB#}W7_&%XTHohse1s^5L#M>1^MW>)FR z-JPU*@Z$-u#GpM6!rG3ZzxZ$HOkQKDcKb+Baii$;)z5D%%+}t{vU$rI+hkw6&nAn+`0%89)gmLW*@;t2w^**IQFG}C%Ve+Q(p(wddi#kYL-N-TU*+82uy0?Rd9{1i GuG0XjT$ir^ diff --git a/secrets/dns_certs.secret.age b/secrets/dns_certs.secret.age index 2f4966b5c71bb8a5e9d37cb94e88694436c538c5..507273eaa1055c019a0b63e7871a9455ba2ba794 100644 GIT binary patch literal 3034 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5t-a3=Rto zvoyY1-N3}n$ratU6i0)ypmYVJ^wiL_q$1-2Q_mbvue_|(O80c_ z#A5GkFGDBKV9z9@ESJ#CbmuJB;AF0>%(M(s?chYuR8O~Ji-2(R4AU|v!@}gqViQ02 z@CcVwLnm*q3S(!#3JkxQ`lVPJmn*mi`xmCC8Ado|`xW@)IA%I~rnp-;Cx-i#Rk@S~ zr{x*@<(fEKItFIA2XbYHWf;5oR5&NOg%*WJgjR*>7kXxdmihXXWafB;m0AW?CKozI zW;m8aC8PVT&?40+pj&?CECTR+V+Im^$f!5@m|W-|P^N93nr;!58D^Ah;LDYnn;qqql4l;^ zW8vcCm6Y$7n_iTuZJ6U55gwkDQCb;lVQ!fg66NTYX@YK>cdof%l%qmKS!hX>yHj9V zNmXfxS6N_qxrKAMX_S+vPmz&FzE5dRa%E_eg>#-kWipqcOL0I%XqvZUWJG?cTX9%< zNm8kIa%Ew0dTw4-fm^<@enD=Ce|Em9Qz*J^`tC`l>46GPd4b;k#swCp##MQFk!4Qa zIaQ99u6Y(-PLAdIj!xcQMrn@vQALKqdHG!7CTW2=1@5I~SrOr$fgZ-L+M$-^-X)G+ z<@!}+xhclRh8~&a1_7a2p@HbO`IY4O={qV!W`-nI1UXk(riT}2JDCSZxE6)xQ@;io2HakCRY`t z0n2V=xrnNg&HrK5s#ZbqO-icxVpNV6hu~TYszJ8`l zp=m&VgtJqnQz%zJxj}$wVqSTGZ;(M=si#w7hNWwecd344NQswQo?)SnbGD^nex^@Y zDn@>b2rhCoD_8KbC=3ZT4fnLn_DC`*^bQF%@$(L>$O+Ch33AK|2+S%kFRUyKDaa0V zHQ{oNOtUDiOv!Ufi8Rx<2r4P?4Gj%VtI{_ODsv4@@hdHetPCqm^htHbj5ps558p^f zg@P)d(9E2`sEEv{h~f;hVr_${QjY?U%z{F9-#{m$!r(~1EYtiH|Ekbzu54fJu#A92 zWB>AssMG+<@Pbh7VqfiGztTMCWOGONDl`46#AL^U3=1=i+-;m%6z);3kY8R{=;{}t zU!JFL6p`Umq+jKhm#FQUSnd*R7-pDNk{%G18SZ21o8;!oWtNoh7g=GFlV|AUAMBdr zn;T|WZ1n z%1SfRk}XS;)AGUsBEnK!43aWT11r)zQp5v67!Za&5-MMb%3e)=Zv&XtvsnHg!xC6OtC z8O7P&`7RM<{wd*sT%oDX>6Mx3q4}w%NkxU8;rjad0sgt>kp_j~g`Rl^`CdNG?k@UH z<;H~=x!WVjAhRG)A+ID+KQY_eH^tK|%Ol4%Inyt<($dT@uqf3rEX5SBjtSr;Tv8)&)-i!-! z^u5a!g1jP(3w({kGqodqJzT?b!;<}SozvZmOpIOA3nHsh!hBN$%`@FAGh7|H3d}>J zs$8?&jJ1t&d@M`-!}O~xeY`8((mkUp%6(iDbM+1}daN&e}f6%~a=ZjoG3eqPx*MUGy@8NRuuxfvc++NLRK zx#_8vQO4%ZAyF>5t|0-&QJFc#5#{JO%Od?Svx=Ok zzz`=((=d!Wz@jY5(m7DUEW5-YD>*A5$1Bh*!=%)?+%n&{vLGZYJ*6zv$;a3*$Ri*! zC#l#%JFA?_H7rwGzc|v_z_27R*r3qe#K1QoIm6U3G&|BVD9AC&$-OevzoII|#T=tH z^(^pl@h?{h2{ZCf%*;+LEzHdhD>ID9FsMw62-VK9^fidgH#5&ScJ}lMFg14ysf^_E zN%IOTjSNmL@k;dx3kdY}a5cy^HHxtC&nq!7sEBY0D$H@Q@UV=^FUaQ7)zwwVH1TyV zNVG67N)2!>OLb2Q4+t|$%C1by$qp+kG57OuN)GqVa`q2Q&9>m0;qY-<&V>`b5bO=M7PpD=+p6Usc|9g*D;b>AgQ4O(xF2bFP{F zU!={67@v0IzdWkJQ`SFxX5VyiZ5Z!-XXaPToSc%s{7&tSfA~q$W0NcwvzsGF!+ZYo zu8H*`9<~>v?`~acnl99^McnD}*~R6Gx7ms#4`#Z)WZCoSQq#qPFpF5d)!b)q@B}Rr z&h5G#wccw-;~sPQ#O+R>u5Q+?SBYt}-u)@y@IupAbN2I}@-hv#C)|7bsXFLYQdG`~ Kpr5Or_X7X|eeA>l literal 2924 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5yVl(sl_C z$tl+NC@c<6G7HpCHjT_nDfTQ)ElW0a_O~>%NOlSi%QY^owBRx*@-@jfjL411HT9^- zFHZG!Dh^67b;))PjY=}fNiGh|aW6E8sLTv-@kO`IB%mrPKV2cp!#}aq&Coxfpg35& zAju=ZML*TsyV9jROy9+;xWu%`JJ7|))za9zDw#_^H#{RXyCh#&e_G}qrS zH!(FV#ls}2#52XoASBzkJh0ryKO5b)6i0)ypmYWE(4_3FN^PIyAfLj(tjLfeBYjtW z_b^jSOOG6*qMV4T%HZPcl2BKta$hb-3lp;pPalK80K=m2#Hfm-jJ#0SkWlSnFUulJ zOG~HVio)O$eHX*<)MRwqO#M5jaGRyG^DDWsubuTWga;wa#Fifp*4GDM3ElM;gGIR|#jxtX1 zcds-E3@+yi3QP7Zi!9O4@=VXn4=ggxHTTrcN_2C}ceD&~bBip<3C>P-wk-4wj4VdC z%{#2fqNrTK#~?Q-$0#HvHQ&i2%gewyC)v9+wK&hoJJrK4DAh7G(y<^f&@$2^)Xm$GRq8aW0$HR z_k2f-L`P!-Gowlme|M+M2p@}zEE5A4?Z7At)?UA-+cd~+hXit}8G1A>zEv;FlWgB{DV z!hFjL%OfL_!%DLZoJ@Q|!h@nB1B$$JOOr4{(yt`PPv23&y)-a2+utzB#U)(3D#tZ2 zFh8##(8aMb%FQdd)Fi^fH8e7$(#$Z$&BK+;FtEfcEGD$=}V* z(y7$Ltis2vsKg{ZJh>pOD9r%fZ)HZ229}NrmD%1wj=3H|-jQJjK4~U7*%n?FK>;4V zu8{^#S)sl;IflvQMj_6rWx*y~h5`B^6$MUtq1xH$d6wp`sV3>}g~6_Au0FwjUIEEr zA&w!=Wo}g_K^_+9wnYRNIhvI#1Uh*Z6lpt_1_f35YC9)ac;y&*c)1xAmt}-RW`$aq zCkLgMX9k89L`0Nxm4&97Tjmry2NnconFd5exCG|2xF&j~xTa^hxtOLzMOqpr zmS*Im+vc0$;T!3w5Rn&=mzQQ@mTI1n=bRkmtMBhpZt0Q|7~vW2lkA$~S{m%`Vd$J6 zRvc=a@0nv_7U_WzlE$e; z;U47*p~VpqImW3*RZbb@1r`7D1NYK@ovrE>*rBR-cj^UAhQD*sWkzrmKRu(>Bxmv2RIk{hqwnSWagw*MTC2l8Tn@g zJB9}qnpe4br+9{082X!4MHFZ|1$#QD=X*Ful;kCIC0P`d=DL~Xr6fj_x_dc=86-v) zR^)ql8Wu)+dRV5KxaE6hrX^dHgrsBC0iIQkzJ-noC9Wo=!7kx}mX#5HQEA17#hJl@ zhUHG#>E)>Q5_S+E6{zIJJ-Z*H2Ud4W+@Nl-w3UXgxqrN3vDlaXVTi&IoUp0-Cy zQDjPqqdrEBV_cA6%yJmz!-G?C*&l zZ^4BwPPvW>=7oh}##v!eIRT!P>4uJu{*^%m#<|837DkZ<;hEZ&fnKIgULl@&#*Us` z{`o~wg-#}ZfmOj~1#ZSB7WxsDRS_OhW=83j-sxVMA<2e$W(7_Lj#U^rAk@_?Ejdsj z+g;nj)7K;`(7CuYAkU=I#i=qm!#A@$*gL|@)ugJZ($}#nud*;HyF8N1w=yWtEWj|W z#K+aUz@(@sC@DNE$Jog|FFP>B(;`15#n{56GTT4Nq!go^jC4z^a86fnGdI-tHw!Q= zbxBMO4-P2ubIhqUv?z=+@Ttm6F?4jVG%7GKstR>U3{2+=^vX>1i72=9_R4klbMg1{ z%qTC*b4?3&^D*$ra7j1UPf08;t1|PeN_9mK$#nj9JE7@Qaoo*WvM zuU!;wWab`d!ex{e>E-BX5S3c!qV1be7Hkq=p6(JE;++$o=i^zFT9#dsZk*?3?2_V{ z&84fWt59H=9}w)M@2_tj=^UbMniLgfURjxy6;>AP;Zv1dkY46uRORlRSfU>s$QA$n zGQWk1oqps(^@0MafQ-v2kN=C*t(@9e@F687lySj82gpq&g1;mkSYD@ zx~Nx6gzLtm(=No_(aU<`?#Xgo@yC_RUcm=%_2tSRvYPe3c;U`W)832%haGD*UnT}N zuQAMc<9@X_jD3nnOZ7qKgzn`Re(s-CoAzq!v#5|7If0Wrz5X)8VQv#uXG{z$xZ!=!65kvB|soZtLV^5dea^7{#) U3+6q#)VeW5NbCOOH48og0JYP|rT_o{ diff --git a/secrets/dns_dnskeys.conf.age b/secrets/dns_dnskeys.conf.age index 16c3f341e0a66d3669b3c0c23e3d0936125f2e6b..dc88913a3d85c524c2a2c9257f8e0fd6914a9b52 100644 GIT binary patch literal 1314 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5w{-40p3M zGW1CGHgw4eFY^p?bWIE~_o}MMGs^X|FmN}^j_@n<_Vi2-E9bH_@~Fzra?}p7Nb=J+ z2o5!KPt5TTH3|zbHt-47Pd0OOiP8^uHOwik@HU{-BLf$%OcM)rP9~jC#~F6yTHTO*^w)|u&5xtG~Y5MDI-1CGRG)A*)cUF zJUH3HB0}5Dvdl6+z|Ykpr_d$YDIeXo6i0)ypmYVt60@lC@~{*$qsnrF0+-SVgP>%u zfM6$=Fwe4#0DW!qbQ5RK(h%q5oKP-PqX@&Qi2Q7A|Ln-1Tvtb9qYS?^{Ya0>NaL)^ zqHwRkveI;8$Iwds2n@fO`lVPJmn(!CWCa`eBsp976a*G}ho)JEhMPMYmlX$>8-|yZ zm>K7qWLvnU2YIB0I&xV$I~95d7Md7&Ia#$j%7V*FJ2|7m-6$Ed4BOH&6Ae=X6-v_5 z@(N0WEd#>}l2VM!J*qMaJOj&&3Nn2y{Y(-Q3*0=y+}#7s+$@89xw1U+a*Fefozp`L z12Zcg=*S%!Xcp`~*qSA>yvxksp%Nkm9yaB{Fql)rw6 zV^M*2l9_(6S%!I$S-P2NW{#g_PFeYvdk#bz|v76w6sJ!FTBJp(kL?}+$lXj*C*TDH7vxlEXv>2 z#68I0JIu$z)ziy6#4VjGATlYSDxlaqCm_SeC_6OSH@G6oAi~%(w=y`hEZN81FTKn% z%+lM#EysjQS65fT*w@d(I4~;DB*HAy+{@WD!@|6<($}>tv>@HNG9%5PBsVR{IWN21 zpwgGC;!dZ#yT$vs36ofT5~lr DcZ{=R literal 1204 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5ux5b8#y1 zNi_Ej4t7nCDl{uJGs(^NEq6~YN;In|$#Dz`(hs&war4v9@#Hco&C~Zvbjm9+@iWd# zFRI84De%rQF)%E43kvbF@UN%}4oEc23@&%BbVRq!B%mrPKV6|Xydu@zD>GT!Fgv@* zH_g(;&(ASX-?g$LA|s;GI55PZ#5_McFxV?Iu$-&J-_@xqKc!gT+{nZ$#5KgfvMM*y z#Kj}Yx41YlFw4ofDBH(7$KAryG9BHv6i0)ypmYTb^YR?aqQFX*P~R%!;Kan_WQ)iY zm(W6|VBhpWSNCF`*RupMdQ0h{Rw+U&l;iAIlI+zo6ov#H2uDKW&pF zgAk)aBX9H6D)+!NcN28mO#M5j)%uUKqFEb2@^6}NL45_RPt1$C)Gjq)kceYFo4T#JxPYW=} z&C1Pnc2DPWGtEf!3@XeF&rkKTjPlDiiYUsA^zaJF3@z~~G%zW$%r{6jEe$rx3ol2v z%{#2fqNrRUBH6>k!zirWJD@1ZJR;lJ-6XHVDJ`t3Fsd-nvm_)aA}7~4%h1%{uqu+v zzse-Y$h^?pH8spT-?`A#*|9X!vMR75r^wPZIMLDBG$Px(G|wnI*E<{CwzSMd!_+{9 z3TI27iV$}{lSH2^r}ET9!<-U*FT-5J)L<{SF#TY!62Bau+$A{YH6^GaWI+x$v${PZ0a60_Z0b3)CF zQ-UMILUR3zvNBC`9Q{kolEbP(JPL|Jq7uDAw9Ac*Jkle%3?ov_wVf@3Df@JS2Kk2LX24zLW5Fb(sFFmZLRuy8f9boBKO ztn%?R&B<`~HV90w)Xom&+WX76!jffy<&q{QAGa;)t|pV2cLd$uW)UUcGHv7XAk}Lj zlcu&Ny__9!=(g~ltELZo78%-pTxk1$jqt;E$=aO%Q=2S&n!Duo2wZ>tYZXUMQ{*n6 z31`EPoRmJAw##_QFYCL?`X)@zlcOHwZ(I<(?27c-hWfg7(b{2FMzQ?4Cwq5)Ja517 R$)T-&F46h3FV2Zw2>|)Wm^J_a diff --git a/secrets/email/details.age b/secrets/email/details.age index aee60aa..e38bd00 100644 --- a/secrets/email/details.age +++ b/secrets/email/details.age @@ -1,26 +1,29 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA P8uCL9OgS5BrRWrGEFOSqvO4KsGc3Y3q02OL4sFBQCg -XuuBTNDWEkcDzcO/aFgh7d3XhRmj/8maHx2U6l4KOgc --> ssh-ed25519 4PzZog 20A9EEcTrw/ZJjkvawiiUqHmMaNmwuP72VErLL8Z3B8 -w2Pl4/J0+MI07Blk3rRLAULbxMbFNLQpZkdJPhnoTK8 --> ssh-ed25519 dA0vRg jn2VA10+qrRAktjhSARaE+MAS5HsHsoIZfc1/ao/mV8 -3ahsWtZ8/Bb3tpQnLSyEPFHeW7dsX9uEaLZbJ200u7E --> ssh-ed25519 5Nd93w WKXWwcQBExcz6niKqBYT3JcL8EHfY2VeYfnTIEtEfGs -gzJOdp1j4QX3bWDzJgBig4/vDxlRRQl+jsGmcp95drE --> ssh-ed25519 q8eJgg I1J3jOc15TsBijQW8/DZbRETY+233V81vPLKfGI0ji0 -SLtoYZ+8T72c+FWAi8dz57VJ8wweJY737AKPF0PQEtE --> ssh-ed25519 KVr8rw CQZs4smVwaFAaFbLeyTFi/IaJyle199te4X8Zq0AfjA -/74zAyuwEmB1KcGBZK4QGgwShhqxOcEQ5wlpmtAT7Xw --> ssh-ed25519 fia1eQ CkkfDdt9iAaUxUZt+aD+VDMPUcMegomtFiR6CCux/UY -WQcE9ck0HuSXYCWqsy6NOXAHOlE4VIRUkgz/i+7AVQE --> ssh-ed25519 IzAMqA 2pbs+DJzOw4rgM80o0lUFzIgdMN/X0/7wrUh/OAxykA -291gUsUfOEEsf9o/qVoVI3s3gHmPK400NCEmpxNsefw --> ssh-ed25519 uZzB3g YP3htz8c1QJzFyAyGopjelQCKPyTx0SOOTVEL/uTK1I -iupAfrSbl5ybwi9Le655pU3Kw+KKndFZI9M+AlSrBWk --> ssh-ed25519 Hb0ipQ odISOFTymnTj8TnenWHMHeU0Qh4OSGYFy6vJUieehhE -G+Jje+2S+l9bSnKKrwGV5V2xLczDDPFXlZ8MsrL6jHs --> ssh-ed25519 IzAMqA HIG1qsEisRUws33TxC8yGSrITlwDxuL/RIL6lkdjwUk -IWMnSXxQzv8cAQKNmiY/+hRb86aAuFloQk9WFFcCSWY ---- UK7VzqqXFlN+IVB2hl81+7o1d1NjbFNY7tYRbTvnKmo -(myHC|B,ì# kWsI{KHf⡒4F,zXv -W1!*{B)ReGK=@Q>BǜeL6D( GN $=A_Y!0tGq ssh-ed25519 V1pwNA sW9NG3ZnVZ7XN4iMceA+WNwEmGp5mB8fYRML4JMxTx4 +Ugwsmg4yXfq9YH99RoV2MymOyhHn+WEFbhSq3jOS+Jk +-> ssh-ed25519 4PzZog ncbPVDYkLeBV89U+YKVSGRyNDIdLDuN/YV9AiGcYfkY +rifseFii9IZI6t2cDfhi1GXQQRngI8IM+3H8znbMA/0 +-> ssh-ed25519 dA0vRg ZU44BDl8VU2ri+qNYEEj8GF4x4gGUQPnr6YlFA5itGk +zV29wfmrtyxEU1JFEm5P7pfkWwzmNpXflfLRsyZ3vCA +-> ssh-ed25519 5Nd93w BCqKxqNscTU2iEm4h/78KCzMjRWtHlO3rwZZjq2lJFQ +Y9yLQ33RvcO1g3a1q3w47Y0kgg1NZpdlYk34LrZ69mw +-> ssh-ed25519 q8eJgg lWbDTedbgvxvGpMPDWdrghAKO3duh85kaOR+7xsPd3E +MzwcVM+gzJ/IApGVZNNM+RuYp7EKZyxCDjRkipL3aYU +-> ssh-ed25519 KVr8rw 8vJTA9ABfwuZyFwhFZD4n187b6gmq7zCLALqp56mFyw +iQ4MtJ1YtYycFi8qCs4N0/nIXccaw2swi9yIvOLmVmA +-> ssh-ed25519 fia1eQ hZzB90WDGom3oaOlWlcBg8iAMAfbZGyosgFIa8AiTWI +HekDEc26Y121KRtKLavDD1xKcaClVgn2tGPrgQYWQBo +-> ssh-ed25519 Km71ZA uunwnxdg7A6ZGTbV51r5XL/2hJN/VFIUas0TVxid0Xc +zGx6iHfu+rZ9WbtIITtzDk0nzkFCeIRQpdRVoj7dj0E +-> ssh-ed25519 IzAMqA 17lTeNgkOhX6iOPix/YeKZyztDHYLu6OIjZOctANpmQ +fu8VIba1ZNy3QvnVk3bPmCA1n6/dcB02epAs0GLb6zE +-> ssh-ed25519 uZzB3g I0QOJAnUor5hnoKDlFeSuW82o94zcWcs6VvKTq37lVo +S6o+cem4L12E8V/DzbvL75azwrhLgZJXkxWXuCd4+Z4 +-> ssh-ed25519 Hb0ipQ cEsppH2jMi71R0513L/vq7MaFYYWiRrWZKricdhW/H8 +IvRQejJ2AOQAeWUumh4an0LUSBJYMMnOIr9PU8FjYiA +-> ssh-ed25519 IzAMqA cL7V3gfdSkpHtkcDhaH0ATTWUzBir09Xhe91wlaGJ14 +GU8IQvHlwyBBONJKufQRwEr7nZy6y36XszV+E97VA94 +--- Nq7IuDZY4GM8UBq0wdEnn/kZEJRdUlmqR75SlX75Q7w +oTjo(RZlmђ&f7;a8B|ӔB/l +g#L"/* ,a.f.Q +ՓoEMV=2q;IawkF\" Q7$.`MRX۰ \ No newline at end of file diff --git a/secrets/forgejo/runners/ssh.age b/secrets/forgejo/runners/ssh.age index 9a87cf315aad1c018c71b9e1f52cd48bb8a2be84..ec1e6ffb8c8855ba70c679581ec3f49cc0d3bbfc 100644 GIT binary patch literal 1601 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5wB8@-M9N za`P&6G`2_!3D1tq4ff2<%`r~$a52&^DoSw-^9}I|a5nYK@Z?H1_VJCVvhWQL*3ULf z&MXMY)ptqCP75k5%dkifbS%s<2`(!MHY;&4w?MbeB%mrPKV6~R%hWw2E7{j2$|u<} zq9Qdg$ke>lwYVfF-`U*KvAonWKRC>|(9$u{$(1Y0K;PTYBsnwG*I7Hv(mXFDxWLoG zIM>O?D<{g=-6K;!q$JNcG~6$!EF0an6i0)ypmYV_5RW|LFxT=lZ6~*4i=xP+sH6x( z!|?PZvxvgvJWuVUVh_heCrhu~P*<+1qO7P&%c`P`h!ivZ%A{hK;IeSv+|Zohz~m4! zv%s<-?FbXoi2Q=QEE9CwO#M@^ZDD5IrQ*G7}9`0~MSy z{Qb1kgTmd)jkC)$Tr)C4qY4aj@(Qveaw`n{sx0%|Od={u3JRUw0=bfkN=?$zJhM^? zOcFD+L(U|?jVN4l$iD7xRA3;jdf0~M-5iVV!MjI+uzje~;Aw9Qj3 z!%cnMeZ7JV5|fQ8A`%meBYX>jON=rDEx6oWibF~bvx3Zg0&@fP-7}1;jLHl01AMcq zLh=)%!U77TER0I3Dzd`MJ<)9|jjD1oPFKi}2=j?daV|+R40WqaHpnh95ArR_OfN`I zGs+7$OpeUYFAvK1tSYf|&*w79@GnU6^Yiu$Gxf;MGj%D?&CU++^ENjw@(XfI%d?Cq z3y(4g3vlww59HF-)l~@5_Hi=F53F*v@UP1B$_})s45@NX&++ti(+>+a^DcL`bn=ME zudK)mOXiw<>RG#Zwu|GUT^W@`=z9K3q5JmlAwwsMW7JKsqh z@-c7dG&fkEC%+|h;@l(hm-PQTPTctIYs;+1&K#=o!OS_!wBOV(ZZ*h>oygQwFww-D zyL#Ss7ww&YJZp4k*?iTB%rMz$A1Jpp?ce!a>2>dBdd^VP&EvMyt-iE8;;P!B?j0L8 z&i%3U-5TKqyf!wuhFcEghsiZGTsUL9^ghGibpi7f&K~pq>vv&&ke%uJ4xOuRD^|tL z(F)_cG)=+EXX49Gzc~KAvwpq6CNJowOB?rEqt!JsNBqvaO?l*E(c5IQ#x$~P-Ad8N z2bS&roY(9h7dc09R!i(g&uw3#q9e96r5UTwXZkaVwKSuRZ+@EKoPAdh*}mt?D=+qI zxw0a9{pT%atCEygfBi0yl|4eJt;vaibTh~?Nnzvt@x y$dh|{QSYVwQL1tV2YhPw=bQXmr8W1^$wda-Ext-;s{cp#cg~yU8r@^1_W%IvM^6U; delta 1405 zcmX@ebD4XBPQ6!Ju)ddmhL?qwK1n0atmc%@53vU6ZbfLl>SxV}kofq#K(sIjkpZe)R* zhi_VVvQMxHm%Cd^hP%I+v9U=+Nq&^RSBPgwl|huROHf&`S&Bh;rmMF_WKuw3foDMZ z#E;@(PX1=@W>GoWu7S=z?%|dG;qEzJCQeDF&ORP)nZbS@q53IRWhRFCzIlOMB>`?u zMK0xrA#Tnl-sxFp9ucJ>-Y!*M>4~m}ei=df75c@=`H@x5>AsWW7$w4Ty{o(;gCk9H z%1tA@-P}V9++4yVB8*MS^gTTy-Exx6JWTv^O3KW_gUh)Reaiwfii)yJeSAFJ-9wFC zvVEO{a~;i1+$~*;jg5TDQc{eaEQ=kTj3%F9l&IHE_bp3uuL|-^&Wy4s*AGa^EGZ5M z%umU)G!973)6cOi@bvRGG|6;JFXpl+DGU$Sj_@~%3dk?=2+nZ|bv2IgaLY=`2(e6d zbj-6b(=N}oNQv}u%SR7?@310^qH+blFvC(0V@D&4j1rS1PXm+EdK0g7eP`pyOhdEe zoB*c`7Zc0Uob<%1Lbq(L6u*E96Zag;l<-RJ64MaFV55j+(Vk44O0UZypjvGivqMO{e4RHLyIhe%~PGd4YMkf+6gO)4@xxqMtoA}Yel^Zmk$GgEvb4b8j_^88E7oJ>%wa6%`YUf+_fOPEUc*BJS(Rlq%f(d#JS8R(K|S|*fo$#S65fTBh(^4F}Nt) z%|Ei-I5NyEC%iB`Ik3FMIXgl-+rvDgpg7+!$;8CaH`s*Bp3U-~{emw!PWQ~$a-Qz4 zJ6%`&ICP0-c|skpz?5`Z#bZZgM8#FpKD?~v`1|u_q+i~1ZablzC>Lg>gY`>-Cz!5! zIITv;W4BP?*3%R29bnX$ZP9*ciTDw|R*AbEJLEe1HZ3|Yu;y>=Otp#+D$ie4CQ9tt z|Mlw5?}t974g<1uEK0akK3H7fTUb=X%SfgEdSy|0vVXO)!_-XvbC+hsJ>Rr&eh zoDZKm%fxh+Oez1jE_z8>m&mNT%4wUY%drV+HD~@R_IvF8bzZDTTSM~3F8j{RMWhr}n2O%wkiU9<}nr!-ZZ}J4&a;%51Hyk;}Nb dJ7I#+`zk*5PB*QD*Ic<3LAI7h7Q{U|4gijd4l)1$ diff --git a/secrets/forgejo/runners/token1.age b/secrets/forgejo/runners/token1.age index bf7d1d5..723b2c9 100644 --- a/secrets/forgejo/runners/token1.age +++ b/secrets/forgejo/runners/token1.age @@ -1,22 +1,23 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA +pIQ+0uvquBBU5ZNQfiiUopQ/iodoDSPDsWNACANpkc -7ARm2csFT/lYYcck312gn+qFem6cSiHi1uzjd5uTSEM --> ssh-ed25519 4PzZog Ow4kjpBSlYqqOUnwyXfpuyVVG4V90AO+Ufg3urhbZTA -pqhJZHZjFCj9O2qKFJEesyw3QZ0KdtKM9aabt0qqyqY --> ssh-ed25519 dA0vRg LYcB23Z1a8veGkdyjVcrfLfpnRbeSYLLIwbqFkfkOwY -FgXSEffN3aa8p7mdbUg4ju05A6w7sgu9TEVZCuLg9H8 --> ssh-ed25519 5Nd93w +YYFQk5KWGpSB9Yd+RlfGBfuaJ4e4KoN+x6QOI8yLyU -4aDGQeg+qhWKbb8aIp/M931zbpFjvqUVDQr5luzKetI --> ssh-ed25519 q8eJgg OIX7xsmQUWnkTYeLMsLA041xszFNmSNu/dsdys5sLEg -kGh+aDF0EcCsrTd3eHIvHcp6Zz+n114Nve+iA9dJNFw --> ssh-ed25519 KVr8rw XlcnAJI30iJMH1Xi2DEMNUJWBaqaunFQUUqjKU8Goms -/zFGkNR5S+8cBcmnjlSVOP3sih4Xm4E5GtRpkG3fbWw --> ssh-ed25519 fia1eQ 1vb0ZzbLFiCWD/bEEQ+7ZqLOJpcNZA1v6fmBNMml9UA -/XFV734jcIrJCtwY63MgRcN3pyhGRmdE5WAhzCTrZlo --> ssh-ed25519 CqOTGQ oQFa2N/oo1mnS0d2Hn7sTr4XiKMm+AAANvTB3q+Cn1M -bBBOtb6zNevJiBU/PB3dE5TjaBzs5y6SAl1MOADwFqE --> ssh-ed25519 uZzB3g EtRrpCF2zNXG+Ap6orXxKCpgdp6OGBA20zT7iZMjfG4 -ZsxKfYW/2q6lnm+IuSANPHOuor3GxJNGtzD9lBT2Dlc ---- b+97Pc+Bh2lwkQ2OhlfGtpT05lzwBbmNxYy7TxkQvaA -b0a{|-{L -3 ssh-ed25519 V1pwNA ZZzPHXiieqnKeatxqOpOyJJdPCSrpU151rNY3PgewCc +usq82uQE6qxnwb5EYHlfXSl1A+oqV/DZcKlHmheNrLs +-> ssh-ed25519 4PzZog GPaAefwdrHHdkDJT4OHYFdmjUbXEQz3lLkGfu2M/c30 +hoWO80LE9PEMkqlQLD4WXIDc9rgX0uMbNzHkiXcVWRM +-> ssh-ed25519 dA0vRg 1WCuZ91cuKBZi7gFFVArvvAvMh6aU0AufX2vDHiXvTI +yUUbM5kXyyiNlvV7UWXNNhBe3JZ+ZxdoXf1FRwQiHt4 +-> ssh-ed25519 5Nd93w 8HkcjdSrVbg3TQFn/ldlqYEU3aPHFBIcXnzovwMv2Vc ++2kX+X1uYoUnyUyLYLLWeRw99OC3St30ky6Xsf7ls+Y +-> ssh-ed25519 q8eJgg moUF6G0Qsz6+vJTMFoKIusiCfapHvaRBdOoB9r2uP00 +limKEFL+4G28+jc5pOiNt1OkpQRzSXKq+3If8/Dfe+E +-> ssh-ed25519 KVr8rw /G4TpEFysiCx/eF25IA9gjmX4w1yGM6m2Lx1mTmf0mU +nXIuYPbV3S+0+3Ce45iPeAzZlIr1i0RnGWSLg3KBH5I +-> ssh-ed25519 fia1eQ tXV4gH4gIjFYWNxLV0AQVOvahTtvFWK5W6tNZTjA9ig +pxpIIZ4+/ItpG6nolOS7lxGwSkhwq1XvdxePxWsJYCE +-> ssh-ed25519 Km71ZA QRM3tBeZJGVMwZ51ZBlxGIzwGOyMB9ppGNq4pUyRsHo ++0QO4JlKaOUH5MY+w02Rq0DDNk76eSD2EVIAvQeiZ9Y +-> ssh-ed25519 CqOTGQ Ystm+4YnAlTTYPiHBXVa8lM/MGEfZ3OcmxiT8QcdKSY +F2b5grk6m2sVnhhWF68WxUemgtZHYSIJZ9e7eBKtIjA +-> ssh-ed25519 uZzB3g PepFlWAg+221m5eOVoNl1TIRVrS6lpkrQ9Dgce+Grwc +6/8sTiO+P/HgNbB8YyRVylAPPp3lwF4D6FbWWaPSxtE +--- 0PQ3rJZdbEfye9mLMrQJ0jGvJSiZ+9dh9Bv6bpGEBNs +^;Yh=p3>F:2b6+CE63TE.[,['3P 6_| *AQ*jc \ No newline at end of file diff --git a/secrets/forgejo/runners/token2.age b/secrets/forgejo/runners/token2.age index aec16c6..5360a17 100644 --- a/secrets/forgejo/runners/token2.age +++ b/secrets/forgejo/runners/token2.age @@ -1,21 +1,23 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA ccCI3dQxsa2ZCh0ZvVuZyVlGhbmDGZhpP/1ZOo4h0n4 -sZVa+SmOKofbQqLoccCVCucubBDZ+M6JjP7mYD1sPdo --> ssh-ed25519 4PzZog vUYse3RgWUEHV5WpaTooXTGRlZrPN9Rv5kgpDQF5bzI -4CXVFUyCBNNfNFtpNX85QbvypvGhqmqv8cZFxse8qY8 --> ssh-ed25519 dA0vRg fjBLqSO3lOAkFjIUf3cw9KcS6GiI3XHygzLqHZ8HWCI -r51K0Qn5CQ6bWjPMsbbx7GcZBFkfznlwUeAT7k48bTY --> ssh-ed25519 5Nd93w lm/dILoCnula6pjMSU36exugjaDUQdMyXu9J8o9aAGU -XKNybvPiP8p8ekJOYoYyQe0weZNvCKxHyRierqtOA/0 --> ssh-ed25519 q8eJgg kzY4FBRimHWOxBC40TOLbAXHjgeXoRrJNaVHzCIihCs -hL2sddOfuVpW0aR0IXUwlBnhUixpwtm2nN8ZLFwnKxY --> ssh-ed25519 KVr8rw nvbIH2FLP+1apZMSQbUmGvG9A7+8eRgH8aILlWtePBg -SJY3KmiPUHLjiPB92jW20RxzlHgie0cNyAmWbxn86Ck --> ssh-ed25519 fia1eQ gSgrywCP2+DAokxgLSRjh7g8kxqYMLyxXCpO1JyNOyk -vDFj0SVUJZ2+aTWrinJQNq7VCmZME0fc9A7SgPgttjQ --> ssh-ed25519 CqOTGQ Vh2iFaSEnJMD1Lg4PpNCnU5zF26t2yq6CjM1Fw1Xej0 -qFA7MEM82zAdKcdVBxmixpWXqQRbYYtUgYgvv+5Qr64 --> ssh-ed25519 uZzB3g OHlq5XFNupblTEbMi3jaf/LqvFCkD8Ni0ya5j5b2m3I -wamah1nxgBUQUkIEFXHuG9O5DvB9HnyaFqxsREM+T4w ---- FPKedvAzPcmXhVexIy1UpwSfwKCsdyfTxcl/AFagFt8 -"[V!h|*aٮ{4tG|}=/ib>?L"Ljje-㒤:;  \ No newline at end of file +-> ssh-ed25519 V1pwNA Lw89KnIDDurZQ0UaqDS1utTrKCGXR+Uxs3od/5n09io +1JECYcXRBNWwzoagvEKeoWoW2d8da15eWPfTD8nKqX0 +-> ssh-ed25519 4PzZog LB5CnkEPX2RH8vWdD15KMs/qgNbw3e7G8qCV1CMf8kE +pO77W91WR/8MRPLIuJrLk5ib9CPp7xHuUmTS8fmQ3KM +-> ssh-ed25519 dA0vRg QhtuGTY1MEpEjRahnU3WtON6Xda7y3HvGXpB3HcDfBk +6sCAQhU4K2nQ5pMbGYY75TKUXxZ4BKHCb6sOHMAuNEA +-> ssh-ed25519 5Nd93w 2QcbhnmxOkTrRUMrHR4X3spMUnsLXN9DDnh49qFAYx0 +SD47vo7tOPWmvXR2wTj+BSsxJUqnlXOu8HlTEOExeC4 +-> ssh-ed25519 q8eJgg 9TqmbSDG4KOl14FNZmZKFZ5Q/60K657phquz+qpIgyU +odOvsccHqgXoC7WgKcFjJDm5it9ZGm5ifjU2pt5hQZ4 +-> ssh-ed25519 KVr8rw w0fZq3VUrN8wi4UrhMUfrviUiaWl4Ol+tbTXN/urISs +TY+dO2Z6TmN9DBPuo1vyxgeXbDcqZlRoP+Q1IN6O/ks +-> ssh-ed25519 fia1eQ 5Aqk1jkUQkomeBioV7LAPMzurJ1dHdYHbzLHXH7mrRQ +j+7aPUOeJAI10FL4DjXKlYEkC25gM7TNy/X5vFk68+8 +-> ssh-ed25519 Km71ZA S9le6/bZxnkPVuCLqiYc8VMk8LXlk0BVJUtJYc/CmB4 +DTjvS3wBo+RHy0klprrgKS1wYAMAkfzPkpw/ip7KwpE +-> ssh-ed25519 CqOTGQ xba3GuenbljaFEcgaX5UknPWjJSyQOMBaJSGk4VHZg4 +uzGnhgquJHT4+0zop9wNg6Fm8ka/9Ri1yPjw65VnGtA +-> ssh-ed25519 uZzB3g WaU+50ui82IQHobA1QB62WX7bnjgxSVy9LAGjYifuHI +H0O4GIRchLil79zqim5v46RT8Xbu5zi0dKSRPiT6kHc +--- vg0SOy4LbcYEcxJMe6lbREFPPcxrRI/dJM7Lx3VC1rQ +bxmV^h0l@^RyS\rյ;@t~UYM)A?ƲW˹m,1I \ No newline at end of file diff --git a/secrets/gitlab/db_pw.age b/secrets/gitlab/db_pw.age index 0e130b3d50070bb8b63b7e1376260407b999bdc7..2c4ae22a1ff1b0aab7b4f2e6f43c0aa3125842c3 100644 GIT binary patch literal 1221 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5uxm$_;Vx zwFq}h3HJ{RF!D(?j5N`9j`B|pPB%|AsYtGn+chFT&nrL3*eIpc*+0Um62rC>M}xAUbOlqV)X4Clq|#(3kMt0u%#^aMq_VWM zq~Z!~bCZgsu%K)M(=?;NbOYxc6E0J;Jg@X@=K>S6e1nK2C+G6yA~(~5N>`7(oTRcS zWAl=<$RzKutcno-Ky<&E`lVPJmn)?ESO(@-n49=pROb8YCmI?WI(rBDBu2SJWT%y9 z6lIlU7zR`&x)g5)h6;x*CZWdG)Q5fXo zl2YPP&Q+G{mE`PS7VhtBZ0Hu892l4$6%p*@=Ng$|?r&fbWitab> zup*11a)o?XlML;sL|1M7Fc%-k(lRHPV&B||U=J5x3(KOoP1qu*@P4&oHy%WOUooG7}9`0~OLs zJq(@P+&!~{D-*r50!#x#{Czwl(@Ro(Q;Ix7oHL?Q%8W`QT+9m7Be{Y-a>|0uB2ub~ zb5iv69sM$cT|AQ9eT$q5O!7mkN`eZ5yeh*IL(8@E^3iSc&NVlTa#W}YFmN;Ubqme* zk20+EOL0o_$THL}bkuh>tME08^vX(hN=^>T4l^#wN#}Aj@p3DS2s1LzGN{ZdHO(yY zO*77Matd@cPV>w%5BKo4OsXoYh|2J)zzE6Gs46GpbOp!E?2Ix~|C|)p3fB;~pn{70 z)Q}2OzkHA4C@;rcqY%fcyi`kXry`4TUoIo3U>E)GT-8|aF3wuY`1`-d@fyGU4`_>{1W%zoZu>xDE+9SDyQ%Qmz)68fHG~TB8zZu zzoMkfB$whc$85vWd@gII>+Ji!-tj(?uhikp^}46{xqtCoF>Y5iHLoM?r@C{M?1YZ~ zDQXbUyu8dWhcB>L=7Zjzq&Hdo+!o#}?@S!tWvr3<0iX5zGr*fjF1fL8RCD|Ro~gFXOlV+0Czl~4*&oF delta 1023 zcmX@gd7Wc|PQ7cntGQD}aD|DFPeiV7QF(ZBj<2D=M}=dKbCpR^g=&c?&W16=B_4_;~B-njEvH%j7pM= zEK4$c99`U;D+-GX^xcECLyN+Eiy|^}{X#ADOI$r8!?PW^vb}Q(Ov_v=Lju!FLi0@w zw2eZYolRU#GtFFlvmGmf@}l&;Elet_ob@N4VU(!XcS>|kDK$4Yt4h-MO$!gq%relf z46igub}KE*%MZzQ&q^xt2(C)>@<`@Nij1g;$~DW%D=jd}FE?{43@A1TkMQ*~%`!`k z^vNqSsq}SE33WFq4tGV50PnCOi=uLc;^0ExFv|ib9}^RoV2|MRy!uSD+{rvQXpfz=E*ilJZIm zk3x@%B$Kj8bnDVG6Ae=X6+(l{jT5udL(^T%0-aopG6IY|f{fi9%RNgoN+QZVEWEPn zgUj7LyaGzfO}I==0v)4VoGX0tianf4$}Cfjiz57-6SLgQ%FR;E!o#w|e2on=%qt?@ z^Uo5_s#ck%C_*% z2;{2pG%j#5O|7>yE6ok`&h_^6PS*}i@i(prbW9J8$||>rNGU2T_pPj~tcc{&)zww- zuPg}ncB~A@(a%dvkF<=+_4F ssh-ed25519 V1pwNA HYKtH5eSIXo8kMrS2Y15Dk5h1rACkzbFp2Au/2JExHc -ei3/hAN9Uars2aH62Ri6ue9N+tX29yxV0cTdxDThXMI --> ssh-ed25519 4PzZog HtprLR1voqpk5ESBcCBNUfh34Q6EsU/3K2X/8Vbth2o -vbYCsZvSXCSB20fLNGwWbUgLkPrx7aRqwMFAnWdy38E --> ssh-ed25519 dA0vRg ix/hHlYzo63deUYDx9UnW5DkJlb6bY9InUZ3uaICtmk -qjDwnXymOM0k9pgvfw/XNOVq1UoqZVdCx+vvPiPUDng --> ssh-ed25519 5Nd93w O77U44+F1MkFUQeHufrlXFagp4saKodduMmbBG6J8Ck -zriyFrdnZ61OuMBUtUIvye4vUZ4AFaySsNwTiJmeq2k --> ssh-ed25519 q8eJgg bzoTPXyLF5wiScYUKyob6E9BE5/cA22DJJhSL+jLgEE -0oXd/EqGnpxpAaKgWPHw3Keks4UEldfpbc9zMc0nrVM --> ssh-ed25519 KVr8rw g+ht9Go3cMVPAzUkxhsM1zj5CrADjKqbWNVgPTIJ2Hk -ryMzelkyfOY/IZDiE0gURovSm6fzuBsJfwr4row3J0o --> ssh-ed25519 fia1eQ K7HJ1EJQmjVeYLu6zYpTjWbUDOTZe3m1GwSIbnWa8Ck -WSFnQ6RMQMU6YXNFwEPRRymlFMTSPCW0B7wE67k8JTg --> ssh-ed25519 uZzB3g 0/9ETo7Do0PxXog0PM+/rylYK/lf3dgcv1AvVS871A4 -/PUIHJx8tsX7vb+ID7W8t/WPVoFj/6iiVRFdhs8sEfo ---- j0TLY296m7nfn9xagQQqMMYGTcLt1bn0Uu33CqNKPCg -b]P3xM{Jmu  RŘ]B(;gO r6 Z0nTR8]|T&)W̵ - M"zQ({T$\N\T=dϯw):ڹ1[*N1NnL'K9~MiJ5[H!W \ No newline at end of file +-> ssh-ed25519 V1pwNA dHoon26BhGIqe6TjYS7Q93OC2vhr64B7ofHzX8FiJxk +EcH7j44+zOHBcJOw0AwpziXtUPxOH//MGacSa7rDNT0 +-> ssh-ed25519 4PzZog CrrMq81Ep/Gm9qYcZjRJ1IpXtFGp/1XDfBCB6OSGbiY +gJ+PFL0Sx7izMk54jJr3LPvfZ9DMQP5/FjAXkRw/mkc +-> ssh-ed25519 dA0vRg r5S3Fqlmqeeeu75r9COpp4mS07YWY0HP11zby9AjCyY +DGkeIp0M6dIA4WM4KYVZiwalHjou6qzLOFUnksIPU2Q +-> ssh-ed25519 5Nd93w bm2DM8tuydnEqbcM7/aMgHtU/cnnfENGHgMgXPft414 +7bFV4Mx/gSaEM7+rJbqjjuod0U7tl8ODbK1+qY7gtmE +-> ssh-ed25519 q8eJgg 35Ce/4wweXHadDG1ryl1d53G7IxEOwOFQATYgC6WzBY +5va0fHjZXbH/2ZAFioTcmyeFCid8vrgTFXK6wR/ranA +-> ssh-ed25519 KVr8rw dyfXPAGfWlbmjpiol87idweWsU/c1v4gwq18Y/4oZBo +MiuhfBeQeMlHsi7hz0OgOiLIbFjeSaUoJ+xlIHkAmpY +-> ssh-ed25519 fia1eQ +GTfP3+0hcdmM9qtZvUw2bZ+32guClfXwRTfvOg5Tzc +8gSAdoh1DRoiD6KTpm5F/hFvT02/3bf4ayD/dICjpTs +-> ssh-ed25519 Km71ZA g3doqjZJ0GP9PgkZ5l/ePPxI3gyvILvrQAx4En6r2kA +O2lJGGq/LLsjtzwnfyUSD8Avw+5KbuNGd5XA8FwWJOw +-> ssh-ed25519 uZzB3g 79FGgQhIwzLPTKUBhv6RdT3RqBe+JRb3DYLPt5mAPDg +gp9dUDfNPnhAX75SJhFxBmyNdaH8umAQcYzjBHkPEoo +--- XZ+0tCvAK9SgY5daynCjTqE5M0N3ip+wVIg8o/18AEs +`T6,NH]*qzC'T +#\Lb0zB F̽H@ s! "z֫8j} %FEi 䅎Bf@AJq}cUC=%s&lbpˀ\_ed_su*#I6sEPnrCr2+6?;!W8lDtZ%luG~5JhvRj zK(9cj$WZMxue7YJ)O2*)O#MK&{^9r;JLqn1i6O9YY zosG54ay=|6wS!C3Lz1}y&5VqT%Y7{LEsOF}gNyYY6SK-ZvfT5l0<*#m(zT0%T{7Lg z3p27q4YJW~E3`=UN>5iXGR+N5Pc1bvFRn~62{sQ*adynsF80ZYN=!G%&khVs_AvGj zDa7PM161b?-JwS;8NcV%Shi4*ZlOrtn9oJ-zbytijZtBvsC?JPvb;W zSA#IWe8Y%{%yNr@jGU_Al)$`z9D@QQ-y-AU^1v#yloE`P^v*RmjB->6sxr+m&$A5k zDToX;F4T7q3Q4at_4PH)bTRcTGVpfFFerA+&vz;dDo^Li%y2Go^>q%7iYf{U4azFX zPxDC2&^HN9^J>H!XwuH=By~BzHW!p#G`)zkzY)%pAsRQzmMEF6r-o zt0(S%g;lEY?CdjVSMZ1_9D8^#e2ZG!nG7r>a~V>sEHYF99sAECBuYr6T|U delta 1024 zcmX@gd7Wc|PQ8hROR;IVlZSCgMo^M_WO#&YR&t=ZTZVySa$r$ju6B~AOHoipXtASv zF_&*@Vr7_Ra+IT4im_|HX<2HPQ(8n-W};(=QMqqPlzU=kWQLKxnQLZHB$uw8LUD11 zZfc5=si~o*f=NJCRDQaGb9Sy@q;Gj)xqfkpfn#>LzFW9+QBX)&gm;pmqi154yPtP@ zglBe6VPR!9S8kGNv2n6-nPE;rR;G4Qgj2AmYgk}PW_o3SiBW!0N z3jBO5($kYt{gQnm3IiNV)4~c&BP@f%&HVExpJf!U&k2gmEO$09Pc$ql*Y)6;PRjA*%F9Yh4-a+r%Pt8mNe^}`&Z#VOsSGfW2=?*P z5BEs6F!3tZ4l*zBbIUJBj{)znB8#GOg|O_@Qe)@J^wdNr{|No0(&T!7*F=}ns0_pW z+@hrN(0q3%OUu9tmjDx2UoNxEq|{Om%OaEDTwm>o(tNLCZEpkDs6sP+AKwTUQ~gR8 z|1h^mrwUU~Pju_jG7}9`0~K=9{L`G=Q;GsBe9FCwi}HfJvV9AyEOK03{L1{(11emS z>QnNPv~#`uB7C{3QmXumjEX&dt3tB06Z0*NlH3Emj0@eoN(=%F%(R^oUHwd*LQS0f zvmDW_D~+mhGEP@;4)D(__AE{gsB-cP_b4~aH*yY2cFZ*?i7+zq(XK4dcXY`z^$kc$ zEl=k%D2((@jqt0l3NAB_GR+9djx6$v^fxv1H1y<)($&>f zh;Ru{&Nt03H1_f-j<6_madb<}F*Pp;%*?j13=K|BOU!XiGc}5|EHO*w3S}(5(BsM) zY4Y{3B%kiS2an2?lGr1wb5B2*crEk>vt@MNx!u1uF6J|hD`zTXxt@A7!uofaC_{LH z(1Tw)c59?sEm-pSo}ZCV&P3-B1>G$<=h<|xFg@>Qn0J+JH=9-Y`S{~P*+a;l1Q(bhLI%IAvoNi@{gk4P-6h;X#b zO!LUg^ze4HFvu$i%PA;J3ovkX@y_)!NDlWhHbA${B%mrPKV8AsK-<(H!>A-JC8f&H zC(_G5w9GrA!Zg%0C_K0*$}ri>HQmF&FUvRFwV2D$&?m^Z*upz4Fr?5o-OD^gJEmQoD+{e_rB*-^2DnH*p-MzreG7{Zy z-eE-+Mdb>{MkZw?rrt&d>A6W+MW$hid9E3rF8(D(MVUcCK3?G^0R_3H6~0-OIj&sh ziP;5F85V_^Mj1xhMWJ5dImX$ACY9cWW}Zea<|%dL=0}33y{L?~= zEd3+1f&+6rs**$fL)^oh@-u@>3(|8P^SS&(b27p$^|c-S^4y~Q@-uxbvI@gJiVDLb zlU$6wtAfo+yiDE9gVIw2J<)9|jjD1oPFE;2ipn)k4GGXUH3}_=a5b-VG0--5F{`vp z4KsCdiS)HJ4~a;LGIq(T%;(Cr^wv*t4f8Y!cK7lR&NM0w$<0qrH1tcYC@yv`$SMy? z%MU5ZEQ$y>P3O|p)l~?#bTX)P4li(WH7yOPG)VFa4-9q7EO##q3Cu1EHcUw|HMFRz zEOt$C^W>VnbIp?TC)Z|QvC;W|Ls_D@$0+=vX0O{n{+%1;4VOKzPG+j!e!t2xKID)4 z;;j>Nv;I%5vAurwKl=v<-)G$Y3pHJYO%ANheYEt8(Vb_UYNF37FEUsBsmT;_oZo%J ctZmJE=AtcGHM3nx`c8kH(vvrV;qIoN0LN;qg#Z8m literal 1175 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5tnHcFIgn zOZNA4weZOfax70ZbIJ5~k4Q}q^0Leb4J>mhOY%+jOm!@9apWp8@JaIV*7pnZ^-1&% z%+2x1HTNA8 z%Ox-^*dW5hx6CP|Ks(v8Af?JAB*iBrInUkIz?CaG*xBF3E2-4W!zjO`)UYC`q98ZS zH^;v)CC{iVvM|gwv9dU;ydvDcFdf~t6i0)ypmc@I)Ih)TtnB3Es7%kCfIN54z%-W- z3y)ND|LpXTVo!H(&yXO0qZAVtqjau9)8ar^w|s5$h>CI_{Yr~WGc(gdv&@PpLv8(} zNXvkzO5}^a^9w42s>0mTq9WY_qsq+E$_k>&LOn_{%sj#z zgTtNN%zV*pE3`=UN>5jCb@nuO4%W`d4omgacS&~3Hp>pM@F)(=&ML~P3<@;%_4hII z$;(Xi3@zp=_6!a&@J=uCadA%xa?y|QbIUXd^UButb571JGd6Isj0#Wm%k_JTIm$FL*;L=8$jcx-tR&N-Aj37JJS3E> zO1~n+tlTrbEL=amQrp5&+a(~oGO;i%FG)YG)Gxij(ZoEYGPyJ}x6A`lYO8p=w{oG_O3lFE9kce~- z|Hz1x5@%l@r;x-fr{K^i$GiZuDu452lid82#K;^AGfxb^IT!kexCbg^==8C;0>xx+a?j7dr+81_q-0tu(62$v9mhAUi81S358?%_zhmBc~+G z(b6ro(85XIz$-nm*dV7QTszg(qAI{YC@`HX)Xz87%_}X?(JZPYGPkgx&@wE`)Fje7 zD97E*z{o2#v)nf`)3V&HG~bm=S65dd#XmCNNk7A|D#XJmC?~z3EX~QsHM7LsH77Bu ztSYSB-=!ch$+gVI$UmDax6o5))#k5_pA275TPL_mRN?4XSG|+7m}lk$Pq$EKke=W$ z^VzJ8v)p^mwC$HT6<@IVSi94Pc}<7^9PV7&QQJOm%JB^gs>13YtJZElobr-k#q(WD m3^TVjRCS8nXk?0!D1UgJnJYTKY;xoI$zf?tE2p+?-VOlz2#cct diff --git a/secrets/gitlab/runners/runner02.age b/secrets/gitlab/runners/runner02.age index 50405a419dadb2f1b9f589bb16c1a2bdefaeeb0a..d1517c4f7606a1c55fa7fd39364efbe79a7d2753 100644 GIT binary patch literal 1285 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5ziF4E4`3 zbv5<(_sBGKv-I^!Hw-DaNY)Sbsc_ZzDlKt$%uT8Y@JzGxu;8+EN%64A_BHTu4t6yw z%rMLj@z-|s&P`7W@OQ5;3of=Sh;j+_F}JLAw?MbeB%mrPKV6};!aE`5iPNi!`m%=C13%J*}w^!811@l7(;&PlFv&NfT8$jq)Zt;lx| z^UBT)ck$%%3~+a@Fm&^E3&~GPbM$p7EedhfHZ6#BG>AwF_RLM!Hjc80^2iSg2rEXn z%{#2fqNrRU)H2M{-7wK3Ezls@E4U;-+bgfwtgz5M)g&-2zskuoyV$fO*v}&~G{TXq zz}r2vFw7t=$Gs%oAlJ`0*f-VNq$Ib5(Z>MYwzSMd!_+{9 zkV^NQ5(~G;!aNi2#0=vS*ND^Bsz+?-Hs(erF0@JVz65XBk^C~cGb1w7`aSv2T$}uxHF%J#Mca91!NeRyO zC@c;NF3WKD_w-K+_lh)g3vx8hsPYfWGO*xEDaa`)2=wxf%t%biHTHH3aW(ZY392+R zEDUpXbq_Skb%}5dcZqP$EXPPCrBPK*#_0-KhTfLBeul2$E{;AHp8DQNk*=w(Df(re z7JkkFm1$wwo;gvDDXwAK?&(~4xo(A-X{CPdQN|?!t`Su^*`*f6W`4%`C1J^x?&W6T zp%zBkuHmj}DHdG1y1EMC&i)l876pL@mfj}$mTmzkKM}AGjwskcG~WKpOmJmRW6%djFTj9_=mt=^8(lY>mf7cG;eb`&D6eh z{m`*nUF+AF7j8{@Ipflc+Cz^8zD@~9|5$OqEB^D;~&PKP*B%mrPKV6|Lx6(YkqRh z(4;W0Ksz$i$o(g?OZoA&m?cp#AE~Qz#OM! z*RT**gW$wSuMo@JNS_RSx1vgROS6(plgc7eobtI+g0x*yOdTt|Gs2QxlB4vq^*!?(!z{uxEHaWU!+cUh)5|Lg zavdGZD_zlTE3`=UN>5iP^h!>1t&GaC%#SQLF-kTL42m%E3@QkBEh_O(^2~EBjdUuh z3JHxgG>YWPDD$(-&MO)IW+%F%WXii-5|$|{a>^)E-a z%{#2fqNrRUKO?dCfU&x&NOf<&*tKtIpi zL^nULY=7gjyqqvI%K{U>%)+32XGaqQUyqcmjI7i!&rnZv+nfviL)-%uj7s#&!z)tU zT_asA_5Fh@(hZEu3r&)9@?A~RN=nU>jSCDCJ;M!h(!=A@vt-w%kuFu4RSLra&dPLGA@WLFAU1(($5TcO3p3uHqJLP2zIIRHV(}fFe*0miVR8j@(FNvE6(>XayJQxaXf?y$nB^M9wccxM+d>@ATr1b1|ph-2Sbx zqUa8LQPm&rhl^%%h45Uv79sp$w@Ao?hO>Odyvf|p|Ez5?y63jTZe;+M@u3xBOAfy{ m{!(k9YvCNsFHV diff --git a/secrets/gitlab/secrets_db.age b/secrets/gitlab/secrets_db.age index f5f2ba7ad2cfecdeb88885744f964097e584f15e..12efa5dbdef3496b013a11051ac21c5436b03e98 100644 GIT binary patch literal 1221 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5!v2^o?{% zGA%4mcMH@G3iplDHVgI1jZAe9xAZqi^a=?oFiZC>4=~QpFyS&Ua!*b3F>opJ_qEI| zF)EMD^0Lr(FV`;*^$AWdi%3k5iU=_G4$wDDN=CQMB%mrPKV2ce$j8sqJR`K&&(|o# zJH^qx!Xm0PI3nFKyRgD1)lJ_o+u6dxILO)E(S$48B{I27Hs6i0)ypmYV(bR%C==cEibqf+;z9Bq@-tV9d* zFyAmkladVAbf@rA3pZo)aHmAauyn2{gL03=@}L0EqLe^y(_oLVBKN#Nzpx^=Vwb=G zN3$v)?d;UZeCM)|ykd0QO#Mag%oKlLyTuiHiLL;3@v%F0c zLsES!vM~HsXp!obp01GT6Ic}BpBU(F>S|$gj$_T2m$c{?13@#5z4T~rVu1E}Z%5sfJE;PvZ3B>SQuDM~9qk?6DL2*u+QFdaA zeuX-;N|ktu%Z z+U9}9DVEv(-r=4Vfn04dPww1!e2zUj{m15iK^m(o3|u-i?dAXPnsb?tX|?5}=-?x( zR>>#1m~ub;vDnOI)0ZRbz8n*-+jiyb^py24mN(qu4Q%1{I@28UeCm_EYg{Bu*^m7e zzJ5i|=&z6CjTv#v8{RV*7sYOq&PrK>?zK)734iDyb~V!3u=R)M)&ey&ACezK`+UR1bK zF;}KbSxJa-Xn9s?K$?YbP49`1!DRaM2QW}#ulo}SM7W|ie!Iffxo zzQN^rRc5JXe|(RqjTXF22rgmY#WmrYYWr9+nZM0gjH7;~B-nUDE?nvx+Mn zL!ErG(gVr^bAvt1yu-56{fgWi%_EIMGrdb4L$k693o3lMaziT%@&mjAy(&yB{agYq zQ;Soo95W5PlhVqQvjQXBBNEL$1Dq^F^n)EIpJf!Uca2KV4-L*Rcg`v{(GN>?FSqbB zPjPimbW1LDG;>Qz@lHz#$t=nVOmp((D)%vU3UhKd$qDl+&C)k6&vvRbkJJzFjc^II z3@-By_RGyM_YNyJEb_=kj{)znB8#GO1y{=yGwnj>R40pIlc;e2s-*geG{2zqqR2Gw zN~6NG$Skv{5X)rWG&jfaY%cc_zfxag7pKTd(~wHHDC5L(OLM2JpiIxAV5jUT{dCg; z(azl;F=WOVD&G7}9`0~MkS14{}E%gTaX-NTZ+yn-u2wJm%ztIET3TuSmYL-fPU z>didzE6R<1v(mXzyq%m~O2V}R(%ig*vdbJjGR*S*{0a<F%Fb<`^8Bl#=XZ>f{pQ9OPHzXI@$u>Thad>SkG0 zQOp&dQEcJo7FO?;9~xy|9%<_4?VVzrU67M(krd`xno?E~8d@1;;8>L!k?PB(tE;OJ zY?h13Bm>ZQ?>To)-ql`!a}@lm&S$L2X@Qm_(>}K+hTgy;r+F~ zDS6kf9{A1vByj1YzS|94^Ij|np6%m*&gWNY{!QM^hitySTqNp|lFzzoV#D^9E85cx MH8YpmJxV?W0DuE zFwV*jDswJzPw^{F%yBF7D)uxB$ui*b3(kuwbT4)BbPLZgC~+%JH4AYLPYQGoNKP@% zv@}b~4KverboVrM_svI-0PnCOi=uJ`;~>+ltiaHKVo&{0U;l!Docc;51J7`8FYlD7 z6qmA$g0hNyqi~CIvv4O1F5}dK%(BYz;6QChXMN*J!_>$;=L%2%vPj27L;d1lw;VUe zu#}YYto+JIbnDVG6Ae=X6&&-cT*^!Wd|f?@D$0F>jXd*%1ASeM98052(<6iYd;*Q? zJ@UNVvx)-(9l887vm<=7(hQTU(n4^lX-J~4Ymh-zMTuu>S&p%JkwH~nKzUVaTA+t_r7Krec3xIc zvWc-vSiVzmWpRkVv5`+&a#Bcrl|iU?q`ON}Qb|Epn3ri;aH=DhuCA_vp<}*zx~rLX zph2cVuuDNmu17&>l&6PrNJ*fvQ<;Htghi=yQksEhRY)?I>NlyNfLn$oDnS}Dd7G=Y zM_+bW;_k{YyRh%cOTsHG`ePP{lr@P`~KgKuQKbeO=T3= zA|_`ka*exUElcap$o^^hZ~yr%?!S`4pOoYA!hS-*3a;1Od8?u(OU_!K>~Gt!-B+(A z{ztGZb3NCzkhHJ2vOTAFI!rm%;cp{R+1w;>)$PWXAJfl&+4Lq(+<&WGfA=Q4ckS`% zIuT`)E-ZZ+uKg+}e17jI4p(+N-iP~C>)%<2s5H5+t8aPdowUkWt*qrF!yIHyNyp-c(=FqmZ8n@HO3-`Ud@Iz%wxTEO{jZLKo0w=1vs1;sqpTzq~ z-odJ#WA?vif}Z+SKQ7dy3oqGw>#GERiK$fSguNxbFCHCtu;aQGIZH~qbT(7$UPYx( z758&>WM=fg=-(?LpZo6M+TyPl?wPXcB*iYC+CHa6vi4QoOU0C!4&jU?k18h>bp5%| zkYyZvdwKaGmd{ZK4$X{Tzg6cUpR@X6X68s+h9@BlW$KeIGsb^-l(i-5u9Zf(a%I(; z#VgkBkj(sA;a9~pNAhK!N!PoR2lvdg`D32>BSyPtNl&3`9oK|2oJU3Yl==NjmP9^u zF5G`KwS8J)z0aRlR}?nz;$O`k80>S$w(=-Ywn}Jj?h+W167ke0%1e1M==mw^Yt-u4Lylb@$(L zAi*L|@eMUokn^s_&G{ zoo1g$WubWs?B#z4FMj@HlghW6-!F9?K5t-9`l(!V?bSZXcwY8pTtfA>lQPqFw2TwH zODb=hS2Qckd#Jm6`fRoCYOy%Wj@CODCKS)BpOX0`d2#HIb-G2u-wfl{yn3?y^bOA) zzb~D-yPjooLui|va!}WgiH#Q?o4wg&*rTvmaz@(xE{)EvS8p24*Rw60Gk3x_;gu%O zCz-uFb4Ka2@^rqyX>xNOWtmQ!=w1Jbw>thf=fYVrymI!_8HEhCiTJr#3&c)x%4W7) zsC9-Z@lF`Wj5T|%pSRgFOF^FR%%`C15npYhQ?(m9$}$W23)F13y{yU>&0l@a`k>tW z8OE0jp1G}zjelOxuJ`wA{H{Yz@3d{5Pd}L2BdnHGsT%&YcfRkY3kHEZyDA!$wK^u( z-$`?6dA{JTS?_(TyFpxDQ zo00!ym!6%_3ePXrZv^4C0X9ay;7&D-?;wgQC!hIb9yTBLrR zOcmvQ@h;kag2YbQ^8GedrzRKw&`9z#dzzniPAI;1p`v%e)q@i+a|T)(S6A<=$Ztwp zxLtnb4aa$P0rd>G{-}rLu4lR*B*@|@dBkABgtYhXzKT`P?3^9$@1oONY<4#5NO)#P z636;CK8mNmX&rfb;K~$EDaB{6_Dt>3$k1Lr-??vA`G$p=U(W5l=Ogt%U@hn6$<6aj zr4`T4p79~<*|E(ISzp#Kv)m-Id}H*AsC2-8UKG)X8*G4m!I2T*vof^IiC02HpY@JuI%)(GfwyQuI*3Wuh#m! zc4EipChtz4^ItwXUJ$F;!2iaI%X!+(nLB*$pQ?Dz8@q>Hr7q-J&b>chTyi`)ucT}I z?9JeE`tdleqa;hJYvV_^PTiev9$Oi{5&HYZ)v;xue6wwq6gQ%Jd6m7}w}OQeajv3HPT zrju`ucZ6{TB_-KuNmZqOK|#*$CH_I#t{#DwiBYL}iJ6A}!P-@h87}D_hJmhJp%s=U zMvmIX$!Sj7CVsg&6&8U}sUF!zVaD1fC28pa7U7O5$)Uaxx#5%J7$w48^^;2j%S+Aj zP0jt%{0*Iqlakz%4N~=U%hOT7u&5CsKay2jT zEDK3^GS4cEKDqRFUu$h&+sn`_D-tL zPO8v0DRy!;;PTG#F*7Z)C`)q*OmxjRuMF1@@G3OQH401(2{sA{4Tz{H4oeA(Om#Ob zM)zH5RF#u)x`L}kns26mXoNwbS9npbZ+@1aTZ);bM`duLpNV;dfkC-hzP@L6x_)kG zIhVOhVnlk0Q+<`Chfi>5v7>icQe?P=OQe^(nWI^HMY^GHy0&q8WSOIOSTdKcuC9W4 zazQ~xc1TW8M38xMxld`9NoIOZsDGxmr=x#zcutgIp^sTwaFVZwwfi0&1&NOXq~mUWE$HKmhVBLKdNp$xF?~WRcu>zDm8ZFVJ`c-^>=iOW|`ld zvC>DA;b{NMx>wI`TF57})G2%^Juz9uOf*;c!n#(O;}8GEEp{=tkDK$F#ryD*TUzPI zzC?HXdaelR<`LPk`C`r4lFYQt`%k;3S3eGIJkK!Yn(c8__cvM>>lo+1W;=6Gx}5p0 z?1{b$ar&D?JN9vhMHy~ZO%eEPvEHWMaZ$#+_S#FXNAE>nW|waBvfV0Z(5}^R*X`Z% zSz=YE{@xIpX2;>(Z?1e`;^&$et=8MCnhZEDnutwX{KeG4H@Bj2n_c_Ttr;!LHgCQf zeL<_Y>aD|39f|i+E8?&0-Sqs`ab0(pe$UoJ+h&+EwFk-QsoV^jyyD!U>E~bnINMzH z-@pFU5BI`(*(^(+=v$rpb|UM}8NMZF`qxd_=xMJI|CcZDh34t$I`8j=S@tLG-ppII z=c@Nv z`MAal(R(WDmTF;6_j#pO#*2BW%dRC&bl8-=|4RA>zR}D&S#eAPH288F3bPs_Rf1&{F&1_!?K%}E!+F! zOPrg^l1VE?Q%|h%uRndbYRQXT4?H)u8f@C>IOU1-p2+YpK0z0q^Sh>=wz6xRdy3<) zNPKAHZPj-*^W$gSxpc7T<7USri|6J}6wCjm+H^bkE&Guj=Nz_%L&R_!Jm(*YvzxRe`q*24bcm!(qf#ZzjR>rdV^e0m^K z-$?gJYP$abS~Q636ZDc{;q`wH+2&-JQUlrQWyI^|rFn{D}P(PG+0R z535W`j&#v1P zyC<$`78Pt&{pR04Ep?Trd--bfwVd^TXKpFue`;SXKE<(NcSMWMH5;C+Ne62hI%m({ z#GWa>exJb#1AZyZQ*y^VZ~i~>A#TO?Lm#IypE%dTb?cSN!M}(`T<+lE4trGgqRcQKn$EpVxm^$XH2wv^8%gE$<<9_$5 z&&%ttY+koZqn!W7y|c~FSbiQBj>Gki>3dlYrs~Ii7M^(c&DNOfO?>Pc z_f{9OGRs-WObyw?xqQxpuwM_vW3Jg+^{joh^853?qWe78yt9{m3U#sZzaE~ctgf?H zOvsmqar;J}=vJLL))K9Sipdc-|Cn}t+Q2w3I$4^1SN+4_pVjK#XYIFfMoM+r>CSL| z&>vto_vfR}HV1f_1w}1C6*pQXIOWdXI7g~V@ma)^_cj;KPN-{rsNnHu(~qC7bs91s z!gWga_-vW1c>VG{&hFy&v|=k+rqPN)$IQ#R4sP<91N@I05`l<588PUWw+Mn#HD-WMYHbmnfo<1M$pL~pN|{!UI?L<#`g7j(G* diff --git a/secrets/gitlab/secrets_otp.age b/secrets/gitlab/secrets_otp.age index 013859e12c46a550ed2dd6f6b1c32341c7a353ca..e2f666b1f6d59a7fae19074bfcfad3ae745c1ea9 100644 GIT binary patch literal 1220 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5!s$%nDER z4oUI|_st7Scg@d<4E9S7u5!yQN)Gf7Osw>BDG18;@G|!e59IQ9OHU0pGtG%GFf}O; z^9%~CGR<-~a4&IAHp>X`^z=3hjf(UL%Crcp@|igOV{8IBg z<1{nFtO#?%!r;tur$BVuO#M5iX^3%@=^tLdI3e`7qEpkdqEzM5x@y|^TH#RlRE6dWh4AJ+_ z5BG5{2#n-%%5~Qdt}-;PsxmPPNKOmajxZ@NDXGjhjta{ub4~RM^))nbPR=bf%QQi^ z%{#2fqNrTKGBY*Dz`(UUC(1a=BGoB0$}!Qr*wWJ?ts>jVw>&l2)U&d}BrG`9up*Qz zKhGf8$k;qL-_zM3C!`=R!^AAr(4wrY%G5I?FjL>atkAVM&s{$>+Ylq((lQebQv(%3 z41@J^{M}N^lk@W|OiNuH^*s%eip{f(4ZKP#-Mv%&%iUee3(Q@Ea$ULd++Cbav(0iX z(t=X83v%>*j8hUTjr?-W^mAQFDKC?#ZQ{=A9C0R8iuZRhjGKTvBA7 zW~?6^>6Yu~nd??*Ug%StVo_z`=$_{3Y=LfDX;hVyak_$jT3}UVS*DA3Ua7HVWmRxQ zie;%!rdMQWrC*qKVL)J7hJjzGx4XGnxi6PXR8nA$c~nWVc50MiQdCHYYhGY^S&+H6 zacQBaVUD(6aHOlVkH5BGNjaCUuC9V#MSf9=Nvc~|iM~N*plNz;rE7L-T6t)mbBei1 zVo*s^fn|P#v3F@iWgypOHNn{tVXN3Cz1&l2tlB8??$Ga}f$PpAG&1AMTwv% zESv?eR>)3f%X{it$I5#oYeh7_k(kepJuSbtWj8oYPgp7QHkYoQLUD11 zZfc5=si~o*f=NJCRDQaGv$j#Hm%pQM*bd{bRQtCBJ@N<%HPLW+XjgVS9if{h}%B2to!^veq(a}u3>ef>+4 z^F5P_(!-OqOTAq6Q*zzXd@TGT&9jpN%!)iGpJf!U56pK8%y)7MudoPCH#RWx_R1{C z%rFd!@^#L24s$UJ%Z-Zg@T&@sDs~U$@-hi3EDAHt%JeS|&PXcE2=j@E3QjEb@yhk9 zC^XG6@%A<{4=_x0OwI^Ij{)znB8#GOg=|Y>FBARrAXDSq0<(a;sF3>5uz&#n>|+0{ z@UT>iKyT-wFrR?*)I>*vVyJ=HwZmQYE%E|9 z>O<2DJj=DU4MVvc&61Ns3XAjHsw$%ND_qTror<(`lZ~THGE0&TJ%XG|jNQvUL#i@D z4NTCjD~+mhGEP^Bh{%odkJ2_O3ikI&b14qi_bB!a@+vR0%<`!!FHA}<&d$p=%P?|v zb+X_x%5t*MuF9@2Pfu~n3(G0Ub;)(A3^zB@*AMp%DoZNJGRrhJOpVH|G_f$?($&>f z2=UIUuqdl?^sfkxC^5B2&doIm%ryxyOA0dZ40rSP@htMsDX)wSHgR#}I#sZs?@i?a z<%Kgvca$(ZZ{EXZBM_e+Uvc@zyjQM2FCTh;rC0X&_qjXvT9)mY|H16TwYaBJbMH81 z^J=T@3(0q$E08#I?gP~#Z9!E(xi^om{gZBQOnUt)(}&&jz~-3^S6qC;zx%t(zWUW` zT`yHKQ=0wGnoW01XRJTan)mF4#ows~ia*1uBxZh=tax@KaLUCH{qA2=FR9EfZ7-k2 L%HD9;c3vO=LdI&Y diff --git a/secrets/gitlab/secrets_secret.age b/secrets/gitlab/secrets_secret.age index 621e1b82cae3a34d69fcfcd630e39b316b792288..54feb45bed9f268c90024e37cbfccb58ab3eb96a 100644 GIT binary patch literal 1220 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5w{5(KdJX z(GN3pa`nheuE_Oqvq%a~%MNo%^U(H4iSP+Dbt$c&8ivj{TC4GhW3G7KyVaYeVyB%mrPKV8AGFge>R+1cDXJk%#Y z*(f=$JS4-=%`H65KO{dOGcwcC#4#5kt4e+h9)Xyp`F-)%t4)BjE&5QJk%q%hT%=I*kh_rMqHH%C% z$@B~kjY#K8%1tv5PcHC@OiML1uL}1!cMHujEH5k9H+D+&%`!+yNy-h2a7^|}^EN@Z z%{#2fqNrTKB`w)UKe8gn#M7WK(xR#|*d!^^CBV<8%sC{-IKtT_J3J>R+^;awJIs?S zrL3STBqB|}z#?3`JUBSTFswYdG|bz;v9vHE(kmq=*g4B3BQZ5a-!&QCwzSMd!_+{9 zlAQ7i$H<_tH0>f2_b_LFleEx+@;rZ!h}^QOD2uABG=IPHkjijB^T2d2A8o^`#E7C2 zHy`IDZ78qC80DxC6i`y?oKafj zXc4I&VdfF(7-UkJmE~_>;i+F9nV#nFQSM_|?4uu<=5D~1=#*ueSfE|xQ&y^PZsDD0 z;%RE(lAfF8mf>ZXkyIF%R%IBHW{?!<8sv-ax6-I8C*yR5WFv#}lu$$Wh(tr}(mac> ztQ;fv;Lz}-!ZNcQ$H;8$(vZ|b_e9f3gB$~{WCJ%pw;YcQb7%MbV6%*raL3YuvaD2J zZ|~5O#MG+5!u%?yqB8e9U&mrDU0q#;JPRZJfGlrcM^nSdknE~T?=1Z=$DBlO7k7i4 ztW14>H#hAtGshHPqbf(P`3%l(XBnAfj>JE3`xeoV;~RY}KrZ&fVUc#VV>(I9pYA*? zUUmKDtH@8Sjdh6^_CC7rYWaNs+W494we)y4l^dqYaI}^e?cfrf$J{r0)%O{(zLRse z^w~SgZCECh`s>z->xC=$ip7oOrfnOWm`p_OrAK$u@%rtZ#bsZT1OaLcl<=-H|} hHGAud`^`&sZktoMU;^u6`QwEyeedHwyCrRl2LOf4p49*V delta 1023 zcmX@Yd5vR&PJK$Te~FVU`g_oI8s#A85TbQF!m~oY*YiVvopru<_ zF;_@_YCxK4Qc;nao3>-ViHlo+cSVSEq+xbcxoJqSXF*bFSx8x7L8-Y#B$uw8LUD11 zZfc5=si~o*f=NJCRDQaGaZq-#MTuj$L4aj=qJO4|i(7h1QbDdoXhD{7Qecitc2bn1 zm${3%V_s+|mxoVAuxpNGxQnY>rjNI4Rb^g*vwn7Ev2%)lMo?ZvV6MJPMPg;Tce$Uz z#E;_PmFfOY9>q?sIoYOpUIxz2VV>G95sq#l8HFZk&PgREp&tHGrfGSpdD+=qrX^lg zDgH&~Wfp~biC%tX+Lqx_8DYU5{%OJ5m5%-u>6XFi#)csg=6Q~j;~B-nvn-q=Gs8Sg z-J-N319B}*Ej-M%!(2i=J;O^9gNmd4i=7?I%F_eFLV`WHsv?ZiqXP6pjP>;meIi|b z4g5_)5>ujF41yzlEmC|-(u^ZL4RXs$%Y)M=pJf!UH_H#t_w~qfbW2W24b^w_$#?hG zPD(Mr2zJWmiuBLaHYv+A_xJY9EJ1p*e|O`=Digy% zeb353Z)b~Sm*g_jJcE#&Y_80le1Dfx)6lF+!@R8QVCSl=%Akr&AJY)uQtyn?bc4_W zKW$gTq8$CQP;~3kG7}9`0~LaTymA8#@=c1(9E;0KGqb&_ES$W3L-Q=nQ&UVc($Y)P z>dkWU9JAbwog=v_(oC|8qnt7=lOoG4BMgc{4Gnxs3_S9EDsoCH%Sf z$o4BUObv3*3Mfwu@w3Pba0$t%3=J$VDk?EEN-WQJPxXn^jw(!aOo~kA>bd-?H2#O< zr0vV%o?q(ZnRoW)wsU)%Qe?sfOYIbAux~$Te&o`gO{Gc850p);(NTT)a;f}D=A+u_ zkM+;L&iwJSC_QrP;sw+8JyaIoZxni=h0`Ou<9yzi-|DU*$0OfpxLB>zaTetWjbC4R zJm_2UrV0LkwALz2p2~Jor1C2(*WQ|Rp9WUWZs%2ek8T+pJNWOVf)Q_D>&q|tn#EID LZEhB}Zx00k447xw diff --git a/secrets/grafana/pw.age b/secrets/grafana/pw.age index 44dbbc7..f9285e2 100644 --- a/secrets/grafana/pw.age +++ b/secrets/grafana/pw.age @@ -1,19 +1,21 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA wg5YKE7/sMO2/uHVH21A5Ezp5jTGyWICQE0hjgdOPFI -0BdMLvNfdkdawh6+binpY5cP3+SUih9GqXqGRjIMuPU --> ssh-ed25519 4PzZog ig5HQ0wsF9mdSplrAA+k47YEnLKXxsq0mbLSBcuhLz8 -j7lejLu7Nm7rscsILqxJ7c2CTV52a8auuzRfuyT8tyc --> ssh-ed25519 dA0vRg A3FTxSbl06XeRXwqtSEdp8zrbNRrYEhIzxggBa87yFw -MDLSG1m3Ss7mRB1D18VL1XzEPJqUJTay2BCgRrR2MTk --> ssh-ed25519 5Nd93w 7FA1lC5wmw07jEoTAJteqj25VU9LgpS4aS+UDhfJ3Us -ss6DD0KevDM1MWr9ZtUi/ZwvRi6KxAHUvQoQlhDvhso --> ssh-ed25519 q8eJgg tynydC/TKwdRGYYFhkOUeBSQhbReny5WqFiksVBfhik -uuvgLJZGfeCIudTGb/E91YUWtMuX4Q4+dP/ixM5ppr0 --> ssh-ed25519 KVr8rw 0PrEzDMMr5NRKLPwh5FUdsK+IgmmOaR+vsjkRlaPaW0 -12tS3tR3BAEBTVQunX//RAXefZ+b422Q2uaDViMPcmw --> ssh-ed25519 fia1eQ Phy3mMJqUjc+np7zDI0UVeHEMF9aDJGBKQGeNDWWcC8 -/B5W/0j5Ziq/ToQKswSHyLaVw7cl5DyQ0PhhQK8MnkI --> ssh-ed25519 IpLDOw g8f5bCJc2CSqqNi5ZbzykknpsWFEffdEjT+ZxHkUZ3g -sSfMc85BkNYiDO7JKm3yzK+dA94qry15c/GyZx4sTLE ---- iE3MElTwsLIYXZDjxLu2iz9LU/NieS1hbcuFfMn1erk -?Q1uLL*;)!Ek.qLچ hF< ssh-ed25519 V1pwNA sIoha/7vcAIuauOaV8gQA1spz0NZWfcc4rr2zgUP2k8 ++XELN1EFpMnDsVYgPnSaRm4qduSY+80RCfEFnBPCj/0 +-> ssh-ed25519 4PzZog ffub2ZpZEkysUNemtue5UroJj+/Oxi+nIstX7/txi2w +MsvvInOvekc27UTViomCZbeikTKm1vqTKsanOpeSQ8c +-> ssh-ed25519 dA0vRg ymDF91ZONYNjDV5Gktf0at2kUkfYbPSja9iWOqcBxVk +gw7IgyRSVKfxeebADqYH7z+TZJcWIMS3g14U3FrDS7c +-> ssh-ed25519 5Nd93w n17TARvCsIOmSp0WjZQEczLCFsAVYf9lDlJDdZeqzFU +gRRE87qCSiKevHShj1k0bw+kwOVblwhMGh94WRYdqIM +-> ssh-ed25519 q8eJgg 7ZJM3hSRIaQSpMnE594tD3qsufP0IwI5ngmitx/SW34 +Yibvj3cTOT6TOHSFBgeBwpXbGNFjeYs+oNjbfP3GRgc +-> ssh-ed25519 KVr8rw O8njcmXqC4uurmzk0MLECH/pVlVqA0dqM9uL00vKlls +h1dhNulCkCc3O8GmNSt67dxK2XhibTJHxx2loo2Y26s +-> ssh-ed25519 fia1eQ NE6qJvq6AK7bIlbq7QSJqQwpGv6cgQFv/L/6MXOQUzI +uk1G8a1cECFkjbt7bjcXOYQDHcTBCQwhyqcTg3pIC0o +-> ssh-ed25519 Km71ZA wQh+XFb10AF8fdeDGM3mMJG6N43ej48QML69Xa+xFHQ +eDuMG3MT8EuzS+QCAHLUi1NhRWp67jJamSL5iUQKi9c +-> ssh-ed25519 IpLDOw wTE9a1YrhG1NqYTOBoihrNH3xt2fKOmGHvx5liEfeHM +Rv9+kBZamBTDS8XGRaTsuUW/t6p5kYnbfNyyZY5n590 +--- 2HVyulzZ1Z3kQSSDH6HN/mu8uT+u8yohmt0bpe/VNQw +M\$0giSmlgJJ_yJ<.l< c~84vGP$ ˉN{5c \ No newline at end of file diff --git a/secrets/keycloak/pw.age b/secrets/keycloak/pw.age index cb13415ecd01af9be1f42c1299432120737e7654..61651308d3d9ff38b1a6f4eb9f82a68998737640 100644 GIT binary patch literal 1134 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5zI)Gj??H z@(wA@ON{i^E;cu_Fm(3waw;n@@bcC7&j=3A%MLUua5K$u&*lot&vwhz&NVJBaWnSF zN=>Tpcgpq53=at`%ymi(4$=|??OZK5^qcWA}8%IzmUj4{lxr` zD%a$+s#IUEkZeEgM1B7%1MPIn>|(AEzakG;<21KKM_1pXA}>QDGn1kW&>BXdntO|m?-Qw+=egUdplqk_ELJq!J! z^uu#g0*cXXE3`=UN>5iPb@B@JN(?eDCLBYn-qH_1(;-2q!vVaxMp)1RA#&6xEPh@ zS|nPgho&YPdPNkurv;b=76*iByM%iN6sEbDCMT6SJ7dI~cdof%l%qn9qgSDEaJFAX zXn0g|ZnPPXvysVH^H^7b_;G0%0j;0jDl%}h#iDl855&kD=TO)n{~@(l>7s7fym z3-v3_G)ygZGRe-%t}6F2;L_FARq(d-(M~fl4hs$OEDaC$b+?Ertt!_xGOzLsNHxpR z&o3$oHp$eE$Vl->=3-QlEKaSAQ&CzuQ~TGR%T2$&_*(DXH)+w@trf4<*e4o2`D^@7 spEG-hx?jZEOu4Y7TX=UUJ^A#tK}RfX!wjxFOx%19TX!Y6zrLsn08^TGd;kCd delta 937 zcmaFI(ZDf5r#{0cJt8?f(8n?;G9@_4H7(8DG_p7&v%n=S(8Vp#BE-PRxzsh=A~Yi? zpR2?y%gM*XGs#OovCums&$L9}#WbM8-7_sY&?Cn^$tAehG%K$pFQ_CpkW1H2p}06h zH#Nn`)YQ;Y!6cw6DnDHz-!sxYE6Xy;AgwYm*vl_8(XAjPPe0kjv!pyU!X($*r>ZK{ z(=x~}!`v{PE6l{l)5pX$(#b6~peWNl#n(B)*~_sgFg)1DEF`Vaxx%&5!mXghG|MP| z;z#lD#B~1v%d8^rw1}jL3X6a;6Tj3*zc8ch^vuM9@bKL5kPu`2(29}_-%JZGlO$iS zyogc*-@J;P$P`brqQa0WV=wcPtdwHcs1nNneIt)>(f(zWN0o=9Nz7 zKI!`D!H(&UP8K;4ss5QcP8Jb{CgC~01wj_Uj)hfzt}c#TmD+_)MUGCPVdc*Lh3@&q zSsBSuK3OR~;f1-L`GzJ%uEqvAeg#f0Ik};e&oYYFhv>VR`5Tlv6%?BLmX#TVI+f-7 zI3-!;WEdKmm${f&nCpkSxw>jQSET!Lxfm5@`WS^2m{#P4R(ff>BxSm#hvc~w1^86D zx#XlJ`c;;smgX9S`W0uR$AEWOkwsCtLRN7`q;qzNn}1eRerBdeszH5fZeC(|VzOIE zVt7SxqEl*7VQ6x`b68kNF;`i(Z-%K!l1HwIaeicISy+&FVk# zlzJu=JB2w%xw@ApIwoqH=T^E#I))jUhq;u5N9hMungqF*nwOb6C+3B6F&}Yvw)>;D znSH77UJG0Cq&_*nXKu@tbQ$J6x*wRJc;t?JTfkvS=LN4eC>Ry$q#bODk!mt$mWXF_p?aV&q*qAFSMvI zjqrALEXr_qGBPQy%!x`jvTzP{sWglV@O5=Eb49n!B%mrPKV2a;CEXw^#nLdPtSZOc z-MJt#BRL{5RohVCOF!7$J>5Lt$->*RFw{FLw4AHVDLgqR&)q4kIHWK$)YQ4GvNSEI z*v~IH-`};=wK%dk!`~#))I8N7!V}%L6i0)ypmYVVs0_E{#3BpdfRu>9!tkghL*D>5 z7pK%TPmA!1{8Hzru&S~s?acI4mwc`y^B`m2$`D6W?SLG|EEA{ll8EdOXRoBxfc)gb zf~->SEQ6}R0(T4Zpk#F0O#M(-Ed5e4LL<4t%6+oa{41S(0>kn%jLj-6Tun<&UDCDljY=#FQ_EA6LJWOE z0)oQKGt$v*E3`=UN>5h^DNRcAGEdPqum}rGigZg$OY^8mD$9t>NY1XRtgx^bCtCFm}r-4U2I1%P2;- z%{#2fqNrRU(jY0k#KqLjx5`gDqR_u8!oWSUA}hc#E!9UqD#WMQ+dS9RFDKC@%p;%6 z*eE|JDy3N8tg@=2$Tg?1Fxji9)F&X`()A+q`ql4Wk?tl8P&{E%n_j zeTxGPjLWkv!-La`^gRppT??avlG0tx+}#{girw_xBAk7>Qhkj*BlEJ2Qp3y&9diSN zeRBMggCmMuvdW6RBg3 zJKfX8GrQEou*kwaqaexC)VR_!%P_2>vci?iH7p_|Br_r+BR$I5HPE6c)gUR|H_A=B z)UU`qGsrR9%rrBpqRJ$*GSU&3RHPR8j9MJ0u48MzgX?jezt28P*@Mk!Hg8SVvs zh5?DLIX*#EWo~}%*@1apRh7wH;imb<`T>=G&i>_5h9&wD9$|^uj%9vTS;jdjPUYsw z?qP}A<_3udDFr6zws|BOWEKP}~d^Rb)7a_!nDbdK8*^ zdX{IS+XfBEKu>e$R7;mAOOqhSTqjFQBa13i_d@e3Q?s<-vI@U|l(gcYG!M_PqI6#_ zZTI5x@Y1wE%R-L|qY7vL{6tUFY{SwtQwvis^QoDi~*ahZ>|s`1z$d8_dCxSB_X=Op?Wn)_6S=J{p>a><^1xQVy4FL|ZH{O4bf_-|tr%n%WH6gTsK z=<3#IeJuUccla*az2f!$OP<{3{`_joPrqAPo+1A8RE-Z`M%e0GjBOeH8IfBPUhj^% zp5eYL|J0K6w?1yL%?gxy<{7){XU4<59nTUucfJYV`}}^*rj%wyy9bF83(ecx*oyx9 z$$aX$z_z%|>dSM%XY&sHjhrg6NXcbqv!nanzn@-r+U}9aTD;}x8=sU7($^M!yZ+#g zvl5%Z#j-gc6MK}EC!U?Ya!bSs-CaRXW(mFtC{yXF*>Y#&Z?=cRhWF+P?PfEuOU*o2 f(R=rczyiyL`OFvI*a@Erd%C*HBhD*lOK1lGLV;dA delta 1480 zcmcc2`;=#bPJMV-wuMDVT9J8hM6pYVpRsA8Uu2GtewBNgXJlS!ZdE~Xj#Ft)W`S{q zE0cq>ky~!IuW`9yMu1^KT2xkUm9JrWZk1WNf2d1}wqcZixk0F-FPE;JLUD11 zZfc5=si~o*f=NJCRDQZbph=~Pw@XE)m$`{oRb@_zk6V~oP-S?QpSO8gN^x;%K&H1z zW=>{#ns=@zS8`UAvsqYSWnQL}ajt=9sQKq@MW~u3ADZybWRVfwjRV5K#nH8RqAtothelFQb1wJ0W+8NngdEOOa zf!@WH>Bg4Ed9Gew9$BTvX%((UMmfgG<<9PzVO0f1S>7flMZVdS;~B-n-Ge=|OCq$3 zeWOgAOA;e|!V9wu(w!#^m8&CoeYbsJab*SLPAWFQ}Rlx5{o@T+_Eh) z%AL#nGTkE+Ju^K5%JM8+tEx!EeQ_fG7K#8F|mj=(JpZ+HqLhPj&Kck^h-~U2=y@u zGzj;o$SkY!NDm3lNDeeXj{)znB8#GOg)pzeP!kJ3FMa1?ZC_^t6Qg>U+|0sI7gyJU z4DGB`W6yNUvWU>)^ipGYU#_4avj`7Uzr3odJbmrR2yfG3OLs4Aw@5S340l6U^FSkW z^CF`%^Stt$Ky>TUG7}9`0~P!t^wX*e3Ul*AElk5rl1zN7{1emCO7fgtqbd{K5=&jR zO-=lQ5={df4MMrRODoe0!wd_HO^pM5Q-WMfEdopO{q+q>-GahQbG=<$EK%sIt`jRHMkqFqd)zSEoR(C?9wI5|8kp zGHvgyDuVz67ypvPN;mTyKYzCn?JVEisARJu?aGR*@W}khi7evb*^%D9E}3DzhAv5| zRXLzY3Np$~aq>;8DD*8buP8_|PIC|RDbz1EGT{pJh)65e5AgMH^vch%s0`N64{$39 z2{F&n&r43TD2}x7jLh~ZORg&MF9!uvcz#x}sY#}(OGa*(L3VzITZy(yN>P|$T1iq) zx@kplSdekCWoU@8pTDsymq&WGMY&gUxocFCXOU;Nk6Bh(Qe{@9V^&bEPr0*ppl^0y znrT6~pHqGy$n5$gAGZt>_mI-`KvTo4Jg*?5z`Uv)?UE>$kWh3vKuGWIuiH@UjpmixmBU&`38oeU~Cf<3#NO*HF{!&2OY?fKH0SIBuar`mL< z>%F!ewk+&kvB320_XMv$0!jzMcg0;|*C<-POsp@->Cx030>^f3c%y6o_34ur+Z;qR zuYCUf??&~ ssh-ed25519 V1pwNA U0WP4K92oRNJ1Dz7siaR+8IcCuKO+diy9VhnuyMQ3w8 -Ral58VncypJzKyBweTNDn0uyFfmqbVBsZAgsxd16I8s --> ssh-ed25519 4PzZog ADJzfpJ3mw+42CriE25RkMq49zMrkaQM+mYO450fDBo -lkz7JlpkgOOg/clVAOJ3BBnSmo84u+hxHAqxgj4VfgQ --> ssh-ed25519 dA0vRg TbBXDcY0qSdQ8X+CsumrUV8DATgyjybFmMSr7vKcvEQ -VA0TrtKta0ObYcXio/usanpsD/cAtS/FSd6IcOLYzaQ --> ssh-ed25519 5Nd93w dFpBpeouKn6S84QDP3mvQmecCnGO1DbEFRf4IgnsHjc -9xoxDilLBwS1QxXnXk2CUaoyQs8udAZJqbgwMpj5ivI --> ssh-ed25519 q8eJgg 7bSXg/HPIYoAMK/aLs+IrN9Y9BEPUyTsIo3PLEmH4yk -l0Pe13zucVpLKDE9LnBtQMkdQQuAbR/hCYhjmji6xHo --> ssh-ed25519 KVr8rw cDXOR2vdFmc8V0cDFzJd+7024ez99Th7v+i/7aK6Zwg -av5jiCaB5Q4Pa6Jbmeyx7RFwrj/qkmIN+BC7d8IMP+g --> ssh-ed25519 fia1eQ 1VFDFHIJ58+ybs3uUVIXHMpOCweDRBH1h/9b/qfUc1Y -W74hrPdMJ8sriTxN7FMoGkY22Ba3uq8DB+H1Rb4AGII --> ssh-ed25519 IzAMqA pIdk0fdfM7FZB/TTA9EN38qzBxVO1IMgDSi03tpJR3s -f4UURtxj2/YnmepYeoiFeSVwsWo4u/YYZzPZr+vybVY --> ssh-ed25519 uZzB3g JhwS814323gjfUA4JxkPFuBfNppmI5N4sN2bLxOXTVY -Up6477aZtVmbVV0s+dAafQZm1Fk4L3zA5nGG/JOMnX8 --> ssh-ed25519 Hb0ipQ 7eBD6LAaLzBep1Ihw5ElMkeT8lYTeaQJGoYlsN6AVm8 -9QLQ1Uja0PfiQdpnB4ykW8GAXdzDZUfertdRB1V/+/Q --> ssh-ed25519 IzAMqA TPkc8WaH/jYOcTvFD43lwQR6fgnJ9bLdMJI5ns49hX0 -FoUbMUqIfkiFxk8YqwHmeVb5/k7H+0EJcFDzNZoPs8s ---- Rfu7lKgz3e8yBtCwf1rlh2lH5pMTtBeCAR2HtL8Lehw -X_bp9e +K۬Op - 8putJ[W:Q -\SWzu3Ȑc&`JTXݒRK8ͳu8[SK`[3?hT7atL1|H`nۡ;i2 \ No newline at end of file +-> ssh-ed25519 V1pwNA qDFD8i1k1rzDBYBtXj6sYiQdmfGhDfXS5vMcYRF32Gs +7zO8QwPzrrqH6JPBRuasWwUw2/O1siBySFvHSp5j0n0 +-> ssh-ed25519 4PzZog u2Eg6RB/AmN5GtU/d/WfaJPew8reKZnC8C8AZWVnYRY +5tGVoNyuPKbCQSHnEy61rfuG59t1aEY1XQRJNmuj21E +-> ssh-ed25519 dA0vRg wkxiozefM16DTQAF7Ts74MP6R7jZ0FormDqg4SJkjzs +ee9kJkSDUwm3feZhBcsUeWvG90Cy6X+qwuL/PpLSKHI +-> ssh-ed25519 5Nd93w LwnaKhjUgCrVDxj0G5WTwHuzjN+nWLApK8LBgXeJAxI +WNicDBw71xFfnSn1R9f0XeAnGPHAfc0QCj9yjHk2Ra0 +-> ssh-ed25519 q8eJgg fgH9K/UiFJaCiV/NPDu1RbkMMH6tumir0qhO0gfKGTs +bycdxFG/VHcSbd1g9Ou36sZeTdUarIG5Hyn+Nji6MHk +-> ssh-ed25519 KVr8rw 1we04j3ymB7zbOJnarg67KzI/yMiQHr1ytBS8PxVywM +Jjq2uJtOAn62PeTJX021zHgCd6yPkxRnSt4IFc/T6Xc +-> ssh-ed25519 fia1eQ 3ywHsF86PLUY5Vr4hE4DI62bsGgA3iU4QFEk9SvHWHU +TvkQ/+gQJ3DXnvpD6U+jKS4EG6kIJa+nX08nUJFs1Wg +-> ssh-ed25519 Km71ZA IG4kxxGPSU/CvwDfTjlp1hUgmnzRqK+YCYTfd1qLgxA +B3cTR3mZkipgVe9tdU4re/GYuSlSDdI6Bok7yHPhhOQ +-> ssh-ed25519 IzAMqA /eXLqE1/nW5vpiaCC+NH3ytm1XrjQPgKo2rR7igOyBE +EUsEQWWTaS3uhOu/ayZNlwYw3vY7Rb2IeYl6QOelmY8 +-> ssh-ed25519 uZzB3g 5SrR6ZP2zqFHCLeykkmpeR+Km4/4ml2AcPnOAxgpq1k +BD5IXtf2/S+ME5mPHPu/yQVqQ02+aivLLV84fBSeq+Y +-> ssh-ed25519 Hb0ipQ 5z6PimjHhHU2bXtloaoYqcJk0/S/mrmXqs4u8TJjPnE +2I+d+g8Xivns+fT9W9Ws6rYCcMXJamuZ+uBnXcukcFY +-> ssh-ed25519 IzAMqA ZwdALhB/2dqaFC4bSqgXNYPbN0hgUKdEmyNyDpDg3F8 +ukgzLa7A0bVryf4GEXtqbAU6uMlEiZC6ZYnNgIdbPAg +--- XF4TF6aDYrTOXdaLTJgns3ZMeVVCO4OO+LSIczz8vag +nX~' #WY!&XsRBȻgiGʶ7}[myzug]_~:9u(y.v?r4e:0?7,ϻK5dP?40S3a G]I)RN! \ No newline at end of file diff --git a/secrets/nextcloud/pw.age b/secrets/nextcloud/pw.age index 1e381170f4ea55290d3993a2b167a7b92b09066d..047db6e3abdcd742bebb451dfae43c1126a57f22 100644 GIT binary patch literal 1134 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5uyptMW*S ztPF5*NiVbv&&l-3OEt@NbE*jSO7?WmG0O2baP`km(k{-;GvLxLu&63daw|wR^~;Vj z%c(TZt;#KTtMUm5F$)WD_OEabb@ojPs7jAY^+mVMB%mrPKV2cCG_9zrJUA=NBhxg^ z)1oZHEv2xk)XP6FF)2ALJHWsqC?h{PFuBsm&4Q~aJKRuTKgqk?Jix`(u{gBQBginw zJJ-n~+$%IU$;>3Az&xTLD7`e*s~Fw36i0)ypmc>&?GV?LY_}xC?Bt|;w;&gzoZ{3l z&-C(&pa4gsP!Df!*V0IXP{%AwcMGmu(;&Apx8R~8i*m03ePg%MP}fM4(!3xK=agjk zRKF5kFaW6=(2&y!#%1ulTFUyE>^YRUFEONK3C<;vsH!28sbIG#I zw9GcMaCGD<%TG*B4i3sR_X;X2&hZUQGPE!W({^{y@Nv&eN%J=FtqiL)4Nr-13Bw3U z@310^qH+c8WS2tsh$Ma2@I>QM0}~$~^Wd_G&rUoiF zhPh`uRizsk8wOOS8U(sj$?~wr6oECgm^iJxSN!fq(y}qxI}UpC#G9Er<+&h zRQM$Oxf>MwS%w9sxdr+adE|xp7r9oMBvwW`7F1OldzPcy=ACP980Dy7W{{d^6lLjC z7Le)con+=5o)l>jrXS&NYV7C~;q9N|tY4m%ZI&3E>EX#`>8c%2V(Mv-7gXhF9ugE$ zUgDbQ5oG36>=a;VT9F)Rky~V$onmGdP~?biTclfJg>$-skCBU+nPX9ecWHi9Xi8*I zk!f~ia&Az1v6-v8VTNIpepMJ3lqhpwP=B zE8on|qAVhrt2`s8L_4x7)H%5%KitJ7-PFa$c%#Y)S~ntZ?*U(5V?cxBJ zWZyhf(fi9`0RZiuV zsd*`7`bAzr$vKwV7GcHCk!~5mY1%%3uL zmN``+C7wp5PUbsMP636 zQLs^!r%z>Gs)u=yTcCMXGFPF0nyFb@sCikaPikdgQf`oCzOj+NS&^$zL7r2gd2v#9 zva?fmSd>qh0lIZ*nTdv}feMbP<(Zxy{%(%t?#8A1f$ov+K2BA^X-V!b8O7#-kx50B z^+h?6h870SVHRA*sm@itl|exUM)?-Od6AW29)4~fNqMD_+UZ3(Y0f#WRhDK2nZ>3q zZlUPbMY<(cIHxO^CT4jB<^`o17U=uvrFVk# zB)Yl>rUs|@Cb^lXnUt7U1v^G~`sfFQ8y1C^`y{%i8JD^FnPe0e`{-M6g`bv|U8BuW z-^g(8%X!P~Rgd&_Th@o3{wjdB6}eA%1on^rrn7ukAErv0CtW)1ONa4 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index a69d2c4..08d748a 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -6,6 +6,7 @@ let thenobrainer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer"; eliza = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIJaVEGPDxG/0gbYJovPB+tiODgBDUABlgc1OokmF3WA eliza-skynet"; esy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINS2UR/o+nK8lNHHTj5I84ZAAp6P+ZhXqhedMfx0KHE4 "; + esy_root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDxHpsApRyCvuP2ToGm46G308Og8lO7BYPuz+EqHVU5w esy root"; users = [ admin @@ -15,6 +16,7 @@ let thenobrainer eliza esy + esy_root ]; agentjones = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHOxA3uYcqS5gTrG1hS8XXwehzQYAI2I4iULtU8cXft root@agentjones"; diff --git a/secrets/stream_ulfm.age b/secrets/stream_ulfm.age index 118eeb28fd4b2934879ef2ce17d157fdb51bb08e..b014d5f7da16c63976a6fbe4fdd1a0071e1ca2d1 100644 GIT binary patch delta 3235 zcmew*@j`NfPJK>tdQe7Tj!S8Nd6sucxUsfrflsKuYek-=OJZ4Ip1zB=e`dB%fq8(7 zCs#;LU~oZ(X-cA5U~#T~L1~n~t9MCoNpVSvx3)`ENs4JzN?59qM{seKBbTn7LUD11 zZfc5=si~o*f=NJCRDQaGWnMsmdv0DtkztB~Q<6c5hg)8ru~~MMuXeIyrHi(3Pn+Atk2CRZ%Gc!C6rOK~9bZkztXZrmn^2c`5l(-jya?Nq%X0 zAqGa;rmkU5iI!zSNiO=nrTQVRiD~6kMy>{-?o|dw$-&vh`4JYA;~B-nvrJ3Fv!kj4 zgHm#GD?F;olX6lFymHF@LW`;lOik0AJgO42jDm|Tw6i?9{9UrmbB$9fJ(Bd3Gm;&R z%#%!Aa}0_t-AaA3i@owZ^ebGF3KBCa(?bm=pJf!UcMdKHD0C~cNOH~3GLG`8$ngvI z$O_J=^!7E$^v^8MPs*~$b2QDwj{)znB8#GO1>cY)r`&?7lysvsCqo0{u*&-Kq^gpD)cmlt zDE<5r10Um(61SxEaPz1T11_ham6N!3d{=qJuJ9#%AL}ZjKkeifCTDE?+b4oyQW~reo*M=n?=clqfE85DvXPw22 zUsWo9C+WorWqnd`G#7Bv^5%k=riJ{m|W6{j4xjd$Y_+2aQYh%uD9o zK5^=B@@8Y-s7hPzn(KM*I40arNQt`gsI2JU9qErAq0-+H&vvr!m*t7`5UXQncJfm# zEIY4Nwn1Ib+{{Rj$Axpx-h&J*x97Jp@4OcAqvb5ufA$x0K^0pUg-9p=+Z1uFsW@G5 zLA1=AmY8EH4q1MI+EchUSZ)w~_P5xOtNyV^R?fM1nH@q~3bq!Vw4D3!i|Y#O%W0=W zXGQIrpRDw5XL;7a#~Zijo$T8n$!7ml*6aNZ?duA>atd3OuVqe6SXy(HUM;t+xoI(#eX6t5S-Hj^mjo4N?3b*lGRV|uxz=EQ#aOrP#BG@c(U)7-b0=Jz zS9feeeIe5-j&|vJcS`J!F|3*N=UmR74I(E(x3>PCuXVe?|IXY~nw(SaPFrZp7-b!D z_%r|O8;fR4RZ&uM_+D`K&vW+G1@jsLJHJ-%yYZv9{buOZIiG!hTUzB>#x$*YTo%>g z^y5R_roA_wzPIQ0l6+&rY8rN=AdKb1C0~sbukKx1)Z;5sFVHj1HR#DUWvw#PHz(Gu z@PE2e^sJuc{kQK!SbXZt4)1*y#%0&E@W(3tpw{)N$>+^42AN)!+Pii2wsUdU!%yeG zlWT1ZvF^SRk&&POchjHw>IPH(+)Jsp4bo853+wOS9+y}qI!jSCLeT}C*UhO8 z5A59DRvg`Odyo8Ej)eNuC6BLL{3`2fYx(l=ZF~EW@tx|=5|%x*>gos^pYCN6w z{7~_`);^V^W(yK7cAdG$WbJ*!Wv}N<2Fq%3{fI}p_@Sn|^kx3V zCb>cnZ#l+0uqhoEe!NqB@4{cZ<}pUp?_D?B+1Z_K$?NY1dqvJm?E0;0`)BH=&-VU1 z98XBhE>bw#_MFkDKX6*^wzrP_&1U;qC9T%Vdr7`oZDWx9uFvM`MaFc!FHaB7KI(iy zqi|AceDF=jIn{z$5bykdN>X)>3z z6>>KIzslJ3>Oy@$q<-YS9h;q(X`lP0(cKzkCY8+KQqK{-tVWM3yT&!lPHpD%s6{0j zxA#f^TRF|IR9Haf*|i8yJ7eQ77i&*kdu_~Obhdhiz4EE%?WM2G*&L?_mfd4(_oTX9zxtSk(3EhU$^z z)8U4PqK!-?|E;foyYT2)x1Qy%UN3Jtd~1cpFVFH^zqaa;*!sT*r$6O3*!-}4 z<=t-yxqrD|H+F7mT`{@8VQjr`HzZb4GarT*f*=+M&!}!$n84*0)_EMe>o(bZ=({6;G_E&py zqa@;$LkQ1>A7@uy%`D6+o__tRE_|GmGhIrS44;Mwck{(trp0?ACb&YpJlEsHAo22yc=PV}E{QCdy{TmRn zE#jy|t5t_{-9onJ423zKiPL`;o#|ro*uRQZyGqRH?V0TyZ2#_h`5H(bHhyo>Xu5er zP5!?X`)0q&K4JV?;Pv{_Kno>>-~^*>JB#ysEF|;lT_$Fl#UHv=cs6b6?iG%@doG{; z{c{_8N_qB^ACGtfzIYc+3GJJl%G=82Uq97lrr6uH&mUPD9kY-5)v-NLr%a*l)A?6x zkDn;ru{H66Wny_@?8y&HW#29+X7#;V!D6&de^vI3^@Yl&>1pc<9lhqPE1Z(i+I{#+ z*g=P5KX*-@!@yk6t>*pkS`9mUyXvW*()l5GAKx{f^k8lO>b>G^GsSW$R>*O0xLwK} z9WqfdU}I!TR>}5@P7j=>yRoiR{`7Rtk@Hqr0SrsxlvtyMO{XOktkztq<90GErDPem zir5GFt-HT+&A9Ku!}fWGT_^jwcRt+W>5{t-3z)9nZgFi6TiMA28|xEp<#ltE%~rm$ z!uFNcV&QnMeL78(SZ>W%;dJJ5n(p^^_8l*|fCVpNW@Ic`$RWMq9ruxyPkkP3dMN4i zL48)!>CoQ#gM|t_(`OxK+_vHAo5O*1EpC~sPp{nC!n4xhr$dkQLd!*m{JWQkUq7`; z`&-em%Kk+GO&W6!M;XVP$7S3~st*c!b94U$Taza*-x_XB+4S@Ki(R^Rb6<4{eSLE9 zMu6x(tv!vEXEw$Ch>5NLP*-Qha{r!}c|wH0Zocof#(=XsTQ>!~%;A@s{XW$DbLL7J zQ<;q8(oZ;V@Sa|IT-~#^*yO~WBdwi^p1j+Ix;Y+v>S|c5C_LqEi)YsEo=hJL+rWuZ gdJ{qe&m1g2!1ON4;^B&F6}>ro;;zdIDx0nX0C94cLjV8( delta 3124 zcmaDM`AcGgPJO9+NtJ#|VYs<}XrW1zuUU9lh_R_m{ za)_sPhOuKZmrF@djz@Z$OKNVOzN>bzms6BckaKEfTE3&HV@OtnYiUS@p}D1bN=1_6 z#E;_PRh1?tevXyJA%4b{u8zf383hrZ{uNotmc==)xsHZDCEmfIhIt;wiJ`t+nfZm@ zSsrc?e)+{2Wf>t!Ddm;=W^Ty=`N7UXNg-i*KKUj7e!k9LZUv!};~B-n-Hn0*s=`wI z^<6x3)6+u?O>!c$LyDaJy-Z3?Ewjq2LR|{0-19@qLNZLaJY5S*vjcOS0xa@fO440Y zO5B4g%G^SN9kY$H!qYRf1Kg_$%%dXpJ-o{&pJf!U_i#`3G4{_lGcnUIN%nIow{S}G z3Mp|mGb=VMC=7LXFE?<_PE5%+Pb@FyO7Sdl&#j0EaW@G|c8|(&3UYGwa;oqwH8;qs z%t<#gbxBRB^e_x64>qtsj{)znB8#GOg+NcoqT<55B2UYVOp8K~WW)MQ^TP5HC%>Qy z=Sri<%;Ly`2%|KY93#sRN3O^u*Ti7&wA8TVJhMte!|Xt_(&YTKvJ~@N!=gz4@=OzUgleC?Se2sJSL){#!oFfcVB8_vxs?3tz z>n$u?i#;;@J+isV{G+leLxK%W3;gw6@{%)xjeMNTi;K*?$_<@EQVj|UBFvIYgSAb~ z3i8pdiwG`qG%Hs~ch;`dPKgZi$}ZK;P4i0hF|kO`%&!VBEc8sT2+j6(@pVs3DKL&I z4bA6Da!W4r$T6u8$;*n!NlN$g@e49e3o7(C_RXyf zsI1IS3aSkC3JfXEHO9fEq8I{vgws}jZ>;g zeRKC`6T_8ui7*wpws!SDFQ%1k=e^ftwm0(Cy@d20SJ96`_1YWM*FTVBW z2E#j(x@IGj((l>F6g6`^9ImO!eZS1l#I#O6da~2;#mVd9HtXHp|KO>MiMt-pmkIAP z1y`8(^~AnXY!r3gE4!wC_V3&ki+8V+=svzxb@Q>qD)Jp7r)H(-Uoc|fYb%R?qu)?5 zc^0o8r*_Yd($))V&-R)`oX+u`o*5K+(_{7eV5>*}q;=FEupd|8+g==WU%Jt&P;k4# z&bE#pg4)%2>O4#TsHKzYk>JqPAoz9T(Us>$&%TqHSPpZGNdDfMJ zK7Tt`-c@S3FFG$~s>ak7>oH}$vNp-tCANEU`0LP(U5EHS`Lu4D&A2aHa-sgTy3G;~ z->?Xm=kJL3n|!32U24%*|MI82Tc57a^%2y*$(iQ+Z8sC+YPK5LJf_EUk1@|E*eGIU zx8ae)-H>B$a!a;OTcBlg>i#u3T`|2C^?TVm%xk20i;IGGS7&bHo%W{PR&A=R^sLKU z-pqzEbTsJ#$ev97kN#kR1HyWIPJ zwR`$|XA^;=r<-E_oc}uU3-`tQ*3aj>Sg35jMDgI)mQ`j;Rm&Ytd$RpJpc&j_y=zzP zl-$7j)c$X!R@){huGsgZvg(;|_d~N6YZ5Km;}7;VEjhLSbIyWb=NIXFEabk4u4mvvm~75YBT7W*VKHTL%YnAcNs za@W+bs_kdE^2+Jok&9AR-24{*y%*cH6}_w9tl(=(SewUpR5>(j#~*#c%zt|G{$5Gu++e>+ z|3lbz2QEv#c}G7=rRU%x_Y!CbH3{THIW-lab?s7biD zu>Eb0$sRMauBY42x%8d3$@%knPN4mSb1iZ$sw=NgmW|GR|3h}q>nk~1c1~leXJfov zHLKuz@~7v8E$7as-4UL?N$PXa-a1{^`zFu!F&4QvJZG+c)xK|seeAlNjfIyIcuF4# z#b+#&cM7oDHK#yn?X34z0oPBPJt-00rL}hz%gpVm%g#i(>HXPXtzIZr7Ae?W5nFb+ zfY)d9=6f;=&ZUK}X}WC8pUFEzIWhY4!XNbuZ(imTUdQ*m#NW6uHtO(O9rkn4|13|; zxcd9!M%@)Y;rzbS+&APcb^3SjOq8gHV9m!%cTH~3;bZWOHoBd!-RPEmDINrbLA^{-6~jZeB<&?*4JCJ?fYF;WK4V0nE%B7ZF$ix$<*&}E<8QF zU7DriLA`jsc)*43fG3Z+Ss+CM|a1* z^>5c7KJkgivskY(%^~fu=N+#lQM{a~J)u#)0iX9<+ppNcwm`;@YgbmKckl`(tM7?Z zH0#Zt7)+jIv#$Pusr1gwvsU?!E=8NJ$<&!Bbo9;njTZ6s9JidbGfg8;yu7|}=ll7& zGvyuH?9vw}Z4E1Nx?BQkWcbAZE>`6@;QK`iYxsWC4X zC>cg(zL?N>^4s#;26EXCSKP2je`9v!?dr&moP(jgDT>Y&5>?G>rlB5!~*8Dg=>y1T!eaf$+s}?QgJO1;O7SpDX`sEAFx2KkT zTGDpkJ@oy0tJB<7%a=HwstTTgS8i@m+=i-;Z4T&Q|c^RqU1eXK$RDCLR;L%luF3rJYH1^Cc;XyIZX9F&i(2bDA<t>B?yIcSfJo+Jx&NLUJrvyDw02JTYvo<5s@n}*-+5MW6bO{vN-TX7`r(dqR`~I( z%PS82tXUe6%FSI?B^R^4bw}x^%EXKbCWqy^@(cK%np>`!%*FeAp75)OZFUI@cNG2l zd~QB({rt?}P}TTG#no@-MzqT2e3-HOVydT?`^Br|-jxnS|z6*tw3 zFCGhD_)&eX_LnNPPn2@`$3G zM4!k)zw%5^m)y)yBZC0L$g1!l%VLYd68*C9OeYUFmoz`Ku)N~Q@r>f(`ngrXLAlx4 zCTYeMrKy=Ar9LU99v&%4CBZ@3`6(5V?%vt?MWqFWmSLV;dHJrsDW2J$##w&J?uqFZ zRe^rt&Lx(iPWeXe5#C0{&id}jDPAca1&-yD&oYYFM;JOgdQ>F4I;NTVgr}xChIqMD z1_y?23C1;S!5Z6gu58HxTgl^nt2CUWP0ltWn_D$`)A}C z<@!{W1?EST8i$pe=DWC}$AEWOkwsCtLRhfAQ<-;gK!K-!S!JS|vuC||n6Z9Qda;|S zM`n?8lzC8zk$X~cMP7DpHdk75y18#iMUtsoX|_?8qpy2;rFLROuu*b~iN1TPyT5^j zU$VPPgsWe6F}ihWnTdv}feI-`Mww;d1{G!ciGF68IR)k!zWVyP*@js@St(JK*=dCt z^*MpTg;mPIEI3N>49z3@NNC z=Q7PQH}o7QBQ>uBL&X<1omlxZAb9LW`s<`a-+;h!0j zURq+7V&InPSgBoDSnleU8)%xJSzMGK>F;9};OXyX7>XWprBPK*#_0+v-W3)eUgni% zx#1=`Ugj>&^%fbK9#wgHsje2~{-sV{=_Za@+3w*fCXSI@f!=1B#fApuMvjh^KH7dB zu30AeiLPeO$wn^8QKq4Z=~*To!C8Sp;enp$)_EiuWEKP}_?S2qT9}rZnYbpEhUNK0 z<$L=X8iqP0d6ikFl~@{-6*`&vX=j-f7?|f+a7E<%nI;F9M&(xp`@4mh6q>k~dm0Ct z8#+bln^h#0ngwO$T9g$#8Rmo;fI}`UNk6D0J<%kvs3^tJ%_q>pu);4aH@Gs#Imn~L zvE0Q!KQtoPqa@JZ&48=IBsU`8)H0{iKRmg#Bv(JrOxxMRATU|qEzBt}q%h2&(%Z|_ zugb){(11%GrF)g(qrX9v3Ovx@3OyY{s=~P9*pGE>p>SVso=s!a<08_wo1}S8lMg$2OiR zH0LUOuXaggN8f^f>l}lxlq86reJ=Fpa@gNVQs+98A8=bFS94fy*teJ~E#lkC*>dGl z8o{0=iP<@yj-NH+@SEeRsWgjso6SDm`YSm+XTPrPaj4%UTDtYb+VrW0Tg4+9-YC6r zb$NVZnLW>DvpdJr{hz+NaaCElK(WEMdsSA!BR9qG*;eH{Ys1sbwbfSItvTnmL!u+9 z=5l$Y6e#EW+nE=HR!Jacw$&XJi{e!V)-qNtG1uw|=FS!Bm!hQHa; z)Ayd&yiv1yO4Od5Pey{FSw9ZUnfQ+7rPWi-h}?-+m8iHBd*+h6xJc^E`L0+Tz!}@_wmq zSn0Oe42PyE{uk`eH@hFLox|HcQ{$F))>XC0DA^?m4b%AbI)i+#E(m@TU8&xfXqdX2 zQ^)$2wv6u{hqLU@PAp&foa>z9&irFqYAYGlf z{N&u{KJuZ<+e#0oHr0pOUn}5#_HRST)CZ4bPL|7`+_%D`D#|7-MgH@uBvpUuil6P} z<{9@FWZY-2J2IzDL^rs4r$nW?xf)l^F0GF$A8zK=Ebag5#jKFMIJr^ie%jPUT~{aW zwP>@f`y;dW;Z}`SE?*X7jqSNL&DZ`_CtaB}Pv*$X!o8)34+dzS&P>#)_f)-Oe<{Z; zc7~7}!%`2iZMT=+JHi@eb?=VQEUy{eQ4HI51jwuJ2<3g`Ae!;^NzL|XUYe)B0QU&B^AYdM{@ r&Yt%6@K0a=kA((0fyZ}pb=WTzeqGM5$Mi-%#I8AOarkPRLq}x*4(k(F delta 1913 zcmaDS&>%2Dr#>Phz{ADGyTY_MCrdji)uPJP%fiptH$9}(sWQ~H&{e;}(jcX>#GouR zk}EqgEz>PC%*WT;Bg`YRz{$WhG`KL!Ij1lv$S2ZJKRwH_FgQY6yClEdmrK`9p}06h zH#Nn`)YQ;Y!6cw6DnDJJpv)vYH!-_BH!VHG-!dXA+|4B1B_l1_$gr#`E5M}0tkA76 zA|=1lQa{&|%h0H>)X_g6-9IBN*E`iY+`OzP(cRO?ud>)HBP%u6*f-3=sKPrh-6Al1 z;z#lDY=bPFUJh+0`tIPf1|R{v?v$HjEX=mZ_6S# z|1b-uk_vzGQj@$QPou0tQ|}CC@4}?SbR&f(zUfgZhWcfx zsm2v1=7FWTIZjUQCQ%VC#${z?=J}3g#h%H5UX>YvWmU;shQ(Fkt|q>Pfv%MUWO^@CdE0H#R18a&oYYFnC1(U?7?fFt6{i%tTl!~3 z28Wqe1X(y`7KHg4YNsa}rdt|0nP(((WqCxnSR|VyXISQh+xmLLrmbw;u zmgi^(ghv>rSO%M#7ke3?$AEWOkwsCtLT*`LW^$l`f0=)AR)mF@e_4G}gpWl8O zc}{?3ut}-0vv+R3qqnDHI#+mZQl7hER+4#=Nk~q(tD}BssB4J1g}HgEftg!*xMfOc zL}8?JftP`gE4p=QnTdv}feH~WW|d}zKFP^J$w`43UKYgxW(Fq40YyPsRmti3Wm#nf zrsXcVrS4fi&dFScL1`J`z9y+TF5zkB>3M0PIT`Nm6-HjAmbpHG0p>orL3xqMY5Bex z>7kR)vxwKHIa|6WhvpVnnC4XarkZ5y=R}1V7v>sTnq_z;dm5KH8iu$hB^l*dW_xmF zC6zi=czNW96&B?rW|dS0h9z63nOBx(2bPEXri8hgBv~32__;dfW(J~rr8KI_$v9oX zLchdWyTG_2-&Nbu-96VN+sz=^Cp*G9In1Tf*|4mrFeq7sVXF~EYUeEGSwiW%0J3?aw3a(cyXkAN~x)TfvJ~s zK%!&1Wm-&;8k z%Kc3|eYqA-oBrmjWaFtUiV5=QJf7(xE zO}VLe;aJt4yxHFu>{=LdRo-~r(`m7JeQT_C%dy)CIo;ZN?U9vJ#A&zlTi)zC6R^hl zMbI}>=VzKOy;i60W^(<1ow9d^fWkAixo&zZp49Iu6N+P~$}iXufAq^b;lCHP_|#t& zWywGN%(8rUeZb55k3W{^#rOYye)A}^rlM!GYT(ArVV`%OHL{;=u<5M--zAkUJ+^+A z=H6*5Nn}!Y(3X<7?&$Wp{~~$T<_5jVYiDRt}T-dw4<&yP6hjY)*cAD|+zSTb0_*=Q|wdF@$S01{fQ+M!recsobwhY^kH9Rz| zW4T!@yC%S}r0jO0>ke)v<^8OCJH>b9JoVMln0R5vW|6ZD-{xG`uQ^`7=i$7|>?;hm z7F%_F{lo1t+3G*<`=eI+Cik4YGxzxBcqaV)m^|0-O4rPdns5GGh<$bU_( zoE!fMo>jb`FE_15`DN**rrJC8{fYAxnG(I8e33gj&Ff@1_rx9UPiL)mn%ro6=JdDH zE55<|=A6CWc9ePIl<7-t^_H$*xTm-OYus&%#nx+Cw*D5asLpEaw$R@aXS$$&MNj8$ z&h&Rve!Cf!UHEuLY(w)jxksr5<|$Waupdp8pO_Z4?03}Zz*k3#<2TDltAE(1&bYT; zab>is;Lq$R9>F+fd*RiUckCv-_FNa85hK!6{q0W5QO)Q-k?s!)WhbpW@Y&dC^YlL7 zIP>KPmX@x*DO9cTr1w!bM?=wc;do2FIJU?sa$B)vX8hZocc>d*GVFm!CVGCaX From 13aa5b37a7361a78686bf95dd9a9571a96205247 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Sun, 6 Jul 2025 23:33:47 +0000 Subject: [PATCH 784/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index a177edb..3c8228f 100644 --- a/flake.lock +++ b/flake.lock @@ -1127,11 +1127,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1751725913, - "narHash": "sha256-7/hUVgjLRZH2ZcFErIb4GuUGKGknKm4605hiOhJRRaI=", + "lastModified": 1751844531, + "narHash": "sha256-vxOybwQM2pQU0hhoO6DvsZrfB8nqLu2k5UKOBZIbOaU=", "ref": "refs/heads/main", - "rev": "c4da3e91096741dc827f3a5ac3c184160b8f1e8c", - "revCount": 290, + "rev": "764e8cd620d61ed6ca6d168cd06489e94d40b615", + "revCount": 292, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From c57f5b5f6f0ae4048ec575378e475c0978490c84 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Mon, 7 Jul 2025 20:35:05 +0000 Subject: [PATCH 785/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 3c8228f..e6dca48 100644 --- a/flake.lock +++ b/flake.lock @@ -1127,11 +1127,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1751844531, - "narHash": "sha256-vxOybwQM2pQU0hhoO6DvsZrfB8nqLu2k5UKOBZIbOaU=", + "lastModified": 1751920177, + "narHash": "sha256-m9XL0STa3cP8BmAj8xvZQfIbmhst1E+1X3OKzYIUW3s=", "ref": "refs/heads/main", - "rev": "764e8cd620d61ed6ca6d168cd06489e94d40b615", - "revCount": 292, + "rev": "b8ffd421844414b44cc66d7ef671c206072027da", + "revCount": 293, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 6ca361d42b692356a045fa0993ed3e9c890635a3 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Mon, 7 Jul 2025 21:26:12 +0000 Subject: [PATCH 786/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index e6dca48..e2f7264 100644 --- a/flake.lock +++ b/flake.lock @@ -1127,11 +1127,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1751920177, - "narHash": "sha256-m9XL0STa3cP8BmAj8xvZQfIbmhst1E+1X3OKzYIUW3s=", + "lastModified": 1751923345, + "narHash": "sha256-KfAb51GCg5Syjpc5RXC0vkOML/Q+eVzKR90dkjUdUa4=", "ref": "refs/heads/main", - "rev": "b8ffd421844414b44cc66d7ef671c206072027da", - "revCount": 293, + "rev": "e901f3ed74120cb533b6eff7a873a8cd07776efd", + "revCount": 295, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From abddb133ecccc49a23844954a7e4a63306e55e1f Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Fri, 11 Jul 2025 11:26:33 +0000 Subject: [PATCH 787/826] Updated flake for skynet_discord_bot_t-800 --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index e2f7264..cce90b3 100644 --- a/flake.lock +++ b/flake.lock @@ -1148,11 +1148,11 @@ "utils": "utils_4" }, "locked": { - "lastModified": 1751397287, - "narHash": "sha256-9G1T1nJS6itGsUhZxr8e1KDIx1naTSO916QN0HyCwRw=", + "lastModified": 1752232947, + "narHash": "sha256-WW6gL8JSoJu6p+3Xnea9J8+epWtSOs3O9Sk/+Uz+ZnM=", "ref": "refs/heads/main", - "rev": "b26a7c23678fb7ad922e4b7f28330182d0e6844b", - "revCount": 27, + "rev": "379cc1d431ec8395c368dae773d7c4120bee57d7", + "revCount": 28, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot-t-800" }, From eed6c54c1ab0448f0ef9631c862c94992a2263b2 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Sun, 13 Jul 2025 18:13:07 +0000 Subject: [PATCH 788/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index cce90b3..4a4a4bd 100644 --- a/flake.lock +++ b/flake.lock @@ -1385,11 +1385,11 @@ "utils": "utils_16" }, "locked": { - "lastModified": 1745466454, - "narHash": "sha256-st63Yf+KzhrontRBVdlQ/TR6TXAqpoOHvP0VqEYTDY4=", + "lastModified": 1752358668, + "narHash": "sha256-B0SzdQrrOLxhafWrY+8wZLwAQndRGCiH/Crwz5ZqR90=", "ref": "refs/heads/main", - "rev": "e135e90a8ee46e57f35e6d74799a8e4ccaea70a9", - "revCount": 151, + "rev": "be0baabd7eaf3f44b723cb121c6f9f170355d713", + "revCount": 152, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 180c3bdbcbd61110f7cbcef9bc26cf40000bbf48 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Sun, 13 Jul 2025 18:59:49 +0000 Subject: [PATCH 789/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 4a4a4bd..36b6290 100644 --- a/flake.lock +++ b/flake.lock @@ -1385,11 +1385,11 @@ "utils": "utils_16" }, "locked": { - "lastModified": 1752358668, - "narHash": "sha256-B0SzdQrrOLxhafWrY+8wZLwAQndRGCiH/Crwz5ZqR90=", + "lastModified": 1752433143, + "narHash": "sha256-oMfwxl4i+VcYNizv2k8M5PtiGPBc9RB0Px5iCdvzypA=", "ref": "refs/heads/main", - "rev": "be0baabd7eaf3f44b723cb121c6f9f170355d713", - "revCount": 152, + "rev": "0abad978f3fd8c191d2f57edd94da405e3f816a8", + "revCount": 160, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From b45accbd9e5ab60e5b9070fc86e07b0798e0d101 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Sat, 19 Jul 2025 11:39:35 +0000 Subject: [PATCH 790/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 36b6290..1d8488c 100644 --- a/flake.lock +++ b/flake.lock @@ -1385,11 +1385,11 @@ "utils": "utils_16" }, "locked": { - "lastModified": 1752433143, - "narHash": "sha256-oMfwxl4i+VcYNizv2k8M5PtiGPBc9RB0Px5iCdvzypA=", + "lastModified": 1752925027, + "narHash": "sha256-APuWWdod4L3mgSBXJTukfbB8s37NvzUkju+lELUD7PI=", "ref": "refs/heads/main", - "rev": "0abad978f3fd8c191d2f57edd94da405e3f816a8", - "revCount": 160, + "rev": "917c316e7606995362b436f5c6248f058c762176", + "revCount": 166, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From f3aaa522b29512ad6051c6522b909319d2b0114a Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Mon, 21 Jul 2025 01:08:00 +0000 Subject: [PATCH 791/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 1d8488c..c4e9355 100644 --- a/flake.lock +++ b/flake.lock @@ -1127,11 +1127,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1751923345, - "narHash": "sha256-KfAb51GCg5Syjpc5RXC0vkOML/Q+eVzKR90dkjUdUa4=", + "lastModified": 1753059987, + "narHash": "sha256-e7swS3m94iVuUN6tVlrcePCnCm8E351WvxmTokOUxjA=", "ref": "refs/heads/main", - "rev": "e901f3ed74120cb533b6eff7a873a8cd07776efd", - "revCount": 295, + "rev": "18fd45d39b3a47642467dd8d64bd56847dfc45ea", + "revCount": 315, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From e3d5a6faf447571965df138797726cfacab9a148 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Mon, 21 Jul 2025 01:57:40 +0000 Subject: [PATCH 792/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index c4e9355..ddeb07d 100644 --- a/flake.lock +++ b/flake.lock @@ -1127,11 +1127,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1753059987, - "narHash": "sha256-e7swS3m94iVuUN6tVlrcePCnCm8E351WvxmTokOUxjA=", + "lastModified": 1753062779, + "narHash": "sha256-hTDomWgg3cp9fw7HyzxYWUxBAwSyHq+ocZQ2rgVeTUg=", "ref": "refs/heads/main", - "rev": "18fd45d39b3a47642467dd8d64bd56847dfc45ea", - "revCount": 315, + "rev": "095ff6f2cea5b3d35880d4a55b60930b60e3efcb", + "revCount": 316, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 9fcc01278f5ec43621f7b4b10ac527c2218f4630 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Mon, 21 Jul 2025 03:47:45 +0000 Subject: [PATCH 793/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index ddeb07d..b5b7584 100644 --- a/flake.lock +++ b/flake.lock @@ -1127,11 +1127,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1753062779, - "narHash": "sha256-hTDomWgg3cp9fw7HyzxYWUxBAwSyHq+ocZQ2rgVeTUg=", + "lastModified": 1753068543, + "narHash": "sha256-7nzgRSIXrtKFY3y9z184enq8VMnizVy91I42wsM1J58=", "ref": "refs/heads/main", - "rev": "095ff6f2cea5b3d35880d4a55b60930b60e3efcb", - "revCount": 316, + "rev": "a225c14b4fdaafe390dc8840065946d8c2a2e4b8", + "revCount": 317, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From b9903cdc7ce0f2c1d78e6b7cbafe4d8e7e8ae323 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Sun, 31 Aug 2025 11:58:37 +0000 Subject: [PATCH 794/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index b5b7584..79f9311 100644 --- a/flake.lock +++ b/flake.lock @@ -1127,11 +1127,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1753068543, - "narHash": "sha256-7nzgRSIXrtKFY3y9z184enq8VMnizVy91I42wsM1J58=", + "lastModified": 1756641335, + "narHash": "sha256-jnBhbxGjNzOKkNJHWB+yHIfMDQPrguFF2lhW1RQgqxA=", "ref": "refs/heads/main", - "rev": "a225c14b4fdaafe390dc8840065946d8c2a2e4b8", - "revCount": 317, + "rev": "3149a5f99fc927397fec18840ceb9cbe54d65ce0", + "revCount": 319, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 7b99b640055b17336f0b50a676bb39e0ca4967b1 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 4 Sep 2025 13:26:32 +0100 Subject: [PATCH 795/826] testing: WAL for teh DB seems to be working in small scale tests, lets see if it works long term --- applications/git/forgejo.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/applications/git/forgejo.nix b/applications/git/forgejo.nix index 51f2869..cfe0a60 100644 --- a/applications/git/forgejo.nix +++ b/applications/git/forgejo.nix @@ -111,6 +111,10 @@ in { REPO_INDEXER_ENABLED = true; }; + database = { + SQLITE_JOURNAL_MODE = "WAL"; + }; + # Allow for signing off merge requests # "repository.signing" = { # SIGNING_KEY = "5B2DED0FE9F8627A"; From b0fd7d3b7fe33c7cb6124d18f22c6d0ec57fb479 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 4 Sep 2025 16:21:53 +0100 Subject: [PATCH 796/826] fix: got www.outinul.ie working --- applications/skynet_users.nix | 96 +++++++++++++++++++---------------- 1 file changed, 52 insertions(+), 44 deletions(-) diff --git a/applications/skynet_users.nix b/applications/skynet_users.nix index 2812bcc..88347a2 100644 --- a/applications/skynet_users.nix +++ b/applications/skynet_users.nix @@ -9,6 +9,23 @@ with lib; let name = "website_users"; cfg = config.services.skynet."${name}"; php_pool = name; + + custom = domain: user: { + "${domain}" = { + forceSSL = true; + enableACME = true; + locations = { + "/" = { + alias = "/home/${user}/public_html/"; + index = "index.html"; + extraConfig = '' + autoindex on; + ''; + tryFiles = "$uri$args $uri$args/ /index.html"; + }; + }; + }; + }; in { imports = [ ]; @@ -84,55 +101,46 @@ in { phpEnv."PATH" = lib.makeBinPath [pkgs.php]; }; - services.nginx.virtualHosts = { - "outinul.ie" = { - forceSSL = true; - enableACME = true; - locations = { - "/" = { - alias = "/home/outinul/public_html/"; - index = "index.html"; - extraConfig = '' - autoindex on; - ''; - tryFiles = "$uri$args $uri$args/ /index.html"; - }; - }; - }; + services.nginx.virtualHosts = lib.mkMerge [ # main site - "*.users.skynet.ie" = { - forceSSL = true; - useACMEHost = "skynet"; - serverName = "~^(?.+)\.users\.skynet\.ie"; + { + "*.users.skynet.ie" = { + forceSSL = true; + useACMEHost = "skynet"; + serverName = "~^(?.+)\.users\.skynet\.ie"; - # username.users.skynet.ie/ - # user goes: - # chmod 711 ~ - # chmod -R 755 ~/public_html + # username.users.skynet.ie/ + # user goes: + # chmod 711 ~ + # chmod -R 755 ~/public_html - locations = { - "/" = { - alias = "/home/$user/public_html/"; - index = "index.html"; - extraConfig = '' - autoindex on; - ''; - tryFiles = "$uri$args $uri$args/ /index.html"; - }; + locations = { + "/" = { + alias = "/home/$user/public_html/"; + index = "index.html"; + extraConfig = '' + autoindex on; + ''; + tryFiles = "$uri$args $uri$args/ /index.html"; + }; - "~ ^(.+\\.php)(.*)$" = { - root = "/home/$user/public_html/"; - index = "index.php"; - extraConfig = '' - autoindex on; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:${config.services.phpfpm.pools.${php_pool}.socket}; - include ${pkgs.nginx}/conf/fastcgi.conf; - ''; - tryFiles = "$uri$args $uri$args/ /index.php"; + "~ ^(.+\\.php)(.*)$" = { + root = "/home/$user/public_html/"; + index = "index.php"; + extraConfig = '' + autoindex on; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:${config.services.phpfpm.pools.${php_pool}.socket}; + include ${pkgs.nginx}/conf/fastcgi.conf; + ''; + tryFiles = "$uri$args $uri$args/ /index.php"; + }; }; }; - }; - }; + } + + (custom "outinul.ie" "outinul") + (custom "www.outinul.ie" "outinul") + ]; }; } From ddf27a279480b6e3c20dd46f4a245163be1d179f Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 29 Aug 2025 10:02:05 +0100 Subject: [PATCH 797/826] tool: would be useful to have inetutils on every machiene --- machines/_base.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/machines/_base.nix b/machines/_base.nix index d824939..632ee50 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -147,6 +147,7 @@ in { traceroute openldap screen + inetutils ]; }; } From 0c90d041e0b110ce88cc779d0fbafd1129dd21d5 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 4 Sep 2025 22:40:19 +0100 Subject: [PATCH 798/826] feat: move to teh lix overlay instead of compilling it each time --- applications/_base.nix | 3 + flake.lock | 250 +++++++++++++---------------------------- flake.nix | 18 ++- machines/_base.nix | 3 - 4 files changed, 91 insertions(+), 183 deletions(-) diff --git a/applications/_base.nix b/applications/_base.nix index c9f7f61..79a83df 100644 --- a/applications/_base.nix +++ b/applications/_base.nix @@ -70,6 +70,9 @@ in { } ]; + # use lix instead of nix + nix.package = pkgs.lixPackageSets.stable.lix; + # set networking = { hostName = cfg.host.name; diff --git a/flake.lock b/flake.lock index 79f9311..325fe34 100644 --- a/flake.lock +++ b/flake.lock @@ -47,7 +47,7 @@ "inputs": { "fenix": "fenix_2", "flakeCompat": "flakeCompat_2", - "nixpkgs": "nixpkgs_25" + "nixpkgs": "nixpkgs_24" }, "locked": { "lastModified": 1719514321, @@ -314,24 +314,6 @@ "type": "github" } }, - "flake-utils_3": { - "inputs": { - "systems": "systems_5" - }, - "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "flakeCompat": { "flake": false, "locked": { @@ -364,21 +346,6 @@ "type": "github" } }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "git-hooks": { "inputs": { "flake-compat": [ @@ -464,39 +431,6 @@ "type": "github" } }, - "lix": { - "flake": false, - "locked": { - "lastModified": 1751235704, - "narHash": "sha256-Jzm3KPZ2gL+0Nl3Mw/2E0B3vqDDi1Xt5+9VCXghUDZ8=", - "rev": "f3a7bbe5f8d1a8504ddb6362d50106904523e440", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/f3a7bbe5f8d1a8504ddb6362d50106904523e440.tar.gz?rev=f3a7bbe5f8d1a8504ddb6362d50106904523e440" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/release-2.93.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": "flake-utils_3", - "flakey-profile": "flakey-profile", - "lix": "lix", - "nixpkgs": "nixpkgs_7" - }, - "locked": { - "lastModified": 1751240025, - "narHash": "sha256-SXUAlxpjPRkArRMHy5+Hdi+PiC+ND9yzzIjiaHmTvQU=", - "rev": "8b1094356f4723d6e89d3f8a95b333ee16d9ab02", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/8b1094356f4723d6e89d3f8a95b333ee16d9ab02.tar.gz?rev=8b1094356f4723d6e89d3f8a95b333ee16d9ab02" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.2-1.tar.gz" - } - }, "naersk": { "inputs": { "nixpkgs": "nixpkgs_4" @@ -517,7 +451,7 @@ }, "naersk_2": { "inputs": { - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1721727458, @@ -535,7 +469,7 @@ }, "naersk_3": { "inputs": { - "nixpkgs": "nixpkgs_11" + "nixpkgs": "nixpkgs_10" }, "locked": { "lastModified": 1745925850, @@ -553,7 +487,7 @@ }, "naersk_4": { "inputs": { - "nixpkgs": "nixpkgs_13" + "nixpkgs": "nixpkgs_12" }, "locked": { "lastModified": 1739824009, @@ -671,21 +605,6 @@ } }, "nixpkgs_10": { - "locked": { - "lastModified": 1722995383, - "narHash": "sha256-UzuXo7ZM8ZK0SkWFhHocKkLSGQPHS4JxaE1jvVR4fUo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "957d95fc8b9bf1eb60d43f8d2eba352b71bbf2be", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-unstable", - "type": "indirect" - } - }, - "nixpkgs_11": { "locked": { "lastModified": 1750731501, "narHash": "sha256-Ah4qq+SbwMaGkuXCibyg+Fwn00el4KmI3XFX6htfDuk=", @@ -701,7 +620,7 @@ "type": "github" } }, - "nixpkgs_12": { + "nixpkgs_11": { "locked": { "lastModified": 1750506804, "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=", @@ -716,7 +635,7 @@ "type": "indirect" } }, - "nixpkgs_13": { + "nixpkgs_12": { "locked": { "lastModified": 1741462378, "narHash": "sha256-ZF3YOjq+vTcH51S+qWa1oGA9FgmdJ67nTNPG2OIlXDc=", @@ -730,7 +649,7 @@ "type": "indirect" } }, - "nixpkgs_14": { + "nixpkgs_13": { "locked": { "lastModified": 1741513245, "narHash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=", @@ -745,7 +664,7 @@ "type": "indirect" } }, - "nixpkgs_15": { + "nixpkgs_14": { "locked": { "lastModified": 1687274257, "narHash": "sha256-TutzPriQcZ8FghDhEolnHcYU2oHIG5XWF+/SUBNnAOE=", @@ -759,7 +678,7 @@ "type": "indirect" } }, - "nixpkgs_16": { + "nixpkgs_15": { "locked": { "lastModified": 1724114134, "narHash": "sha256-V/w5MIQy4jTG/L7/V/AL2BF5gSEWCfxHVDQdzLBCV18=", @@ -773,6 +692,20 @@ "type": "indirect" } }, + "nixpkgs_16": { + "locked": { + "lastModified": 1741037377, + "narHash": "sha256-SvtvVKHaUX4Owb+PasySwZsoc5VUeTf1px34BByiOxw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "02032da4af073d0f6110540c8677f16d4be0117f", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, "nixpkgs_17": { "locked": { "lastModified": 1741037377, @@ -803,11 +736,11 @@ }, "nixpkgs_19": { "locked": { - "lastModified": 1741037377, - "narHash": "sha256-SvtvVKHaUX4Owb+PasySwZsoc5VUeTf1px34BByiOxw=", + "lastModified": 1690026219, + "narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "02032da4af073d0f6110540c8677f16d4be0117f", + "rev": "f465da166263bc0d4b39dfd4ca28b777c92d4b73", "type": "github" }, "original": { @@ -832,20 +765,6 @@ } }, "nixpkgs_20": { - "locked": { - "lastModified": 1690026219, - "narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f465da166263bc0d4b39dfd4ca28b777c92d4b73", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_21": { "locked": { "lastModified": 1724114134, "narHash": "sha256-V/w5MIQy4jTG/L7/V/AL2BF5gSEWCfxHVDQdzLBCV18=", @@ -859,7 +778,7 @@ "type": "indirect" } }, - "nixpkgs_22": { + "nixpkgs_21": { "locked": { "lastModified": 1689935543, "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", @@ -873,7 +792,7 @@ "type": "indirect" } }, - "nixpkgs_23": { + "nixpkgs_22": { "locked": { "lastModified": 1724114134, "narHash": "sha256-V/w5MIQy4jTG/L7/V/AL2BF5gSEWCfxHVDQdzLBCV18=", @@ -887,7 +806,7 @@ "type": "indirect" } }, - "nixpkgs_24": { + "nixpkgs_23": { "locked": { "lastModified": 1695978539, "narHash": "sha256-lta5HToBZMWZ2hl5CautNSUgIZViR41QxN7JKbMAjgQ=", @@ -901,7 +820,7 @@ "type": "indirect" } }, - "nixpkgs_25": { + "nixpkgs_24": { "locked": { "lastModified": 1668226844, "narHash": "sha256-G/S4FBWDAqHeBS/hfXwUCJbnaKnrQFoeeKwzvZEOgxM=", @@ -917,7 +836,7 @@ "type": "github" } }, - "nixpkgs_26": { + "nixpkgs_25": { "locked": { "lastModified": 1724395761, "narHash": "sha256-zRkDV/nbrnp3Y8oCADf5ETl1sDrdmAW6/bBVJ8EbIdQ=", @@ -990,22 +909,6 @@ } }, "nixpkgs_7": { - "locked": { - "lastModified": 1749794982, - "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_8": { "locked": { "lastModified": 1751271578, "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", @@ -1020,7 +923,7 @@ "type": "indirect" } }, - "nixpkgs_9": { + "nixpkgs_8": { "locked": { "lastModified": 1723151389, "narHash": "sha256-9AVY0ReCmSGXHrlx78+1RrqcDgVSRhHUKDVV1LLBy28=", @@ -1034,6 +937,21 @@ "type": "indirect" } }, + "nixpkgs_9": { + "locked": { + "lastModified": 1722995383, + "narHash": "sha256-UzuXo7ZM8ZK0SkWFhHocKkLSGQPHS4JxaE1jvVR4fUo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "957d95fc8b9bf1eb60d43f8d2eba352b71bbf2be", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -1042,8 +960,7 @@ "colmena": "colmena", "compsoc_public": "compsoc_public", "flake-utils": "flake-utils_2", - "lix-module": "lix-module", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_7", "simple-nixos-mailserver": "simple-nixos-mailserver", "skynet_discord_bot": "skynet_discord_bot", "skynet_discord_bot_t-800": "skynet_discord_bot_t-800", @@ -1122,7 +1039,7 @@ "skynet_discord_bot": { "inputs": { "naersk": "naersk_2", - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_9", "nixpkgs-mozilla": "nixpkgs-mozilla", "utils": "utils_3" }, @@ -1143,7 +1060,7 @@ "skynet_discord_bot_t-800": { "inputs": { "naersk": "naersk_3", - "nixpkgs": "nixpkgs_12", + "nixpkgs": "nixpkgs_11", "nixpkgs-mozilla": "nixpkgs-mozilla_2", "utils": "utils_4" }, @@ -1164,7 +1081,7 @@ "skynet_ldap_backend": { "inputs": { "naersk": "naersk_4", - "nixpkgs": "nixpkgs_14", + "nixpkgs": "nixpkgs_13", "nixpkgs-mozilla": "nixpkgs-mozilla_3", "utils": "utils_5" }, @@ -1184,7 +1101,7 @@ }, "skynet_ldap_frontend": { "inputs": { - "nixpkgs": "nixpkgs_15", + "nixpkgs": "nixpkgs_14", "utils": "utils_6" }, "locked": { @@ -1203,7 +1120,7 @@ }, "skynet_website": { "inputs": { - "nixpkgs": "nixpkgs_16", + "nixpkgs": "nixpkgs_15", "utils": "utils_7" }, "locked": { @@ -1222,7 +1139,7 @@ }, "skynet_website_1996": { "inputs": { - "nixpkgs": "nixpkgs_17", + "nixpkgs": "nixpkgs_16", "utils": "utils_8" }, "locked": { @@ -1241,7 +1158,7 @@ }, "skynet_website_2003": { "inputs": { - "nixpkgs": "nixpkgs_18", + "nixpkgs": "nixpkgs_17", "utils": "utils_9" }, "locked": { @@ -1260,7 +1177,7 @@ }, "skynet_website_2006": { "inputs": { - "nixpkgs": "nixpkgs_19", + "nixpkgs": "nixpkgs_18", "utils": "utils_10" }, "locked": { @@ -1279,7 +1196,7 @@ }, "skynet_website_2016": { "inputs": { - "nixpkgs": "nixpkgs_20", + "nixpkgs": "nixpkgs_19", "utils": "utils_11" }, "locked": { @@ -1298,7 +1215,7 @@ }, "skynet_website_2022": { "inputs": { - "nixpkgs": "nixpkgs_21", + "nixpkgs": "nixpkgs_20", "utils": "utils_12" }, "locked": { @@ -1319,7 +1236,7 @@ }, "skynet_website_2023": { "inputs": { - "nixpkgs": "nixpkgs_22", + "nixpkgs": "nixpkgs_21", "utils": "utils_13" }, "locked": { @@ -1340,7 +1257,7 @@ }, "skynet_website_2024": { "inputs": { - "nixpkgs": "nixpkgs_23", + "nixpkgs": "nixpkgs_22", "utils": "utils_14" }, "locked": { @@ -1361,7 +1278,7 @@ }, "skynet_website_games": { "inputs": { - "nixpkgs": "nixpkgs_24", + "nixpkgs": "nixpkgs_23", "utils": "utils_15" }, "locked": { @@ -1381,7 +1298,7 @@ "skynet_website_wiki": { "inputs": { "alejandra": "alejandra_2", - "nixpkgs": "nixpkgs_26", + "nixpkgs": "nixpkgs_25", "utils": "utils_16" }, "locked": { @@ -1564,21 +1481,6 @@ "type": "github" } }, - "systems_19": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -1719,7 +1621,7 @@ }, "utils_10": { "inputs": { - "systems": "systems_13" + "systems": "systems_12" }, "locked": { "lastModified": 1731533236, @@ -1737,7 +1639,7 @@ }, "utils_11": { "inputs": { - "systems": "systems_14" + "systems": "systems_13" }, "locked": { "lastModified": 1689068808, @@ -1755,7 +1657,7 @@ }, "utils_12": { "inputs": { - "systems": "systems_15" + "systems": "systems_14" }, "locked": { "lastModified": 1710146030, @@ -1773,7 +1675,7 @@ }, "utils_13": { "inputs": { - "systems": "systems_16" + "systems": "systems_15" }, "locked": { "lastModified": 1689068808, @@ -1791,7 +1693,7 @@ }, "utils_14": { "inputs": { - "systems": "systems_17" + "systems": "systems_16" }, "locked": { "lastModified": 1710146030, @@ -1809,7 +1711,7 @@ }, "utils_15": { "inputs": { - "systems": "systems_18" + "systems": "systems_17" }, "locked": { "lastModified": 1694529238, @@ -1827,7 +1729,7 @@ }, "utils_16": { "inputs": { - "systems": "systems_19" + "systems": "systems_18" }, "locked": { "lastModified": 1710146030, @@ -1863,7 +1765,7 @@ }, "utils_3": { "inputs": { - "systems": "systems_6" + "systems": "systems_5" }, "locked": { "lastModified": 1710146030, @@ -1881,7 +1783,7 @@ }, "utils_4": { "inputs": { - "systems": "systems_7" + "systems": "systems_6" }, "locked": { "lastModified": 1731533236, @@ -1899,7 +1801,7 @@ }, "utils_5": { "inputs": { - "systems": "systems_8" + "systems": "systems_7" }, "locked": { "lastModified": 1731533236, @@ -1917,7 +1819,7 @@ }, "utils_6": { "inputs": { - "systems": "systems_9" + "systems": "systems_8" }, "locked": { "lastModified": 1687171271, @@ -1935,7 +1837,7 @@ }, "utils_7": { "inputs": { - "systems": "systems_10" + "systems": "systems_9" }, "locked": { "lastModified": 1710146030, @@ -1953,7 +1855,7 @@ }, "utils_8": { "inputs": { - "systems": "systems_11" + "systems": "systems_10" }, "locked": { "lastModified": 1731533236, @@ -1971,7 +1873,7 @@ }, "utils_9": { "inputs": { - "systems": "systems_12" + "systems": "systems_11" }, "locked": { "lastModified": 1731533236, diff --git a/flake.nix b/flake.nix index 3ff66a7..3053145 100644 --- a/flake.nix +++ b/flake.nix @@ -7,11 +7,6 @@ # Return to using unstable once the current master is merged in # nixpkgs.url = "nixpkgs/nixos-unstable"; - lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.2-1.tar.gz"; - # inputs.nixpkgs.follows = "nixpkgs"; - }; - # utility stuff flake-utils.url = "github:numtide/flake-utils"; agenix.url = "github:ryantm/agenix"; @@ -97,7 +92,18 @@ meta = { nixpkgs = import nixpkgs { system = "x86_64-linux"; - overlays = []; + overlays = [ + (final: prev: { + inherit + (final.lixPackageSets.stable) + nixpkgs-review + nix-direnv + nix-eval-jobs + nix-fast-build + colmena + ; + }) + ]; }; specialArgs = { inherit inputs self; diff --git a/machines/_base.nix b/machines/_base.nix index 632ee50..a8f53ff 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -19,9 +19,6 @@ in { # base application config for all servers ../applications/_base.nix - - # - inputs.lix-module.nixosModules.default ]; options.skynet = { From 6ef89cac05dba1bbd9933ec51f90783dfb20267e Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Thu, 4 Sep 2025 22:14:49 +0000 Subject: [PATCH 799/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 325fe34..81c5faa 100644 --- a/flake.lock +++ b/flake.lock @@ -1044,11 +1044,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1756641335, - "narHash": "sha256-jnBhbxGjNzOKkNJHWB+yHIfMDQPrguFF2lhW1RQgqxA=", + "lastModified": 1757023884, + "narHash": "sha256-E+lp2PyQo9vakrwAjcB+krIGPi095CaAbZ/49tWvCtw=", "ref": "refs/heads/main", - "rev": "3149a5f99fc927397fec18840ceb9cbe54d65ce0", - "revCount": 319, + "rev": "7526a82bb7c384c16a09992458868b2f669ed279", + "revCount": 320, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 64ece3c0fda7f3175c0f885ebb0fcacabc4c5d51 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Sun, 7 Sep 2025 17:29:47 +0000 Subject: [PATCH 800/826] Updated flake for skynet_ldap_backend --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 81c5faa..45e958b 100644 --- a/flake.lock +++ b/flake.lock @@ -1086,11 +1086,11 @@ "utils": "utils_5" }, "locked": { - "lastModified": 1751234352, - "narHash": "sha256-OeNGbd3kn2jjJq9nbNcLq7wquc8leOyWkahuWopKnv4=", + "lastModified": 1757266039, + "narHash": "sha256-EAXz2LRlVMEN5RA/TmhSNaF/ox34cVmdayJj+rlU8lg=", "ref": "refs/heads/main", - "rev": "1dae2ecb2623d55c88a237d55198efd51e0fd8fe", - "revCount": 249, + "rev": "0a21ac2f5d99ac846d8dbfb91444ce2e3b0cf075", + "revCount": 250, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/ldap_backend" }, From 30c2ee5349cbd6c6d35fa5e94e9b516857dca2f0 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Sun, 7 Sep 2025 17:59:56 +0000 Subject: [PATCH 801/826] Updated flake for skynet_ldap_backend --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 45e958b..64079b6 100644 --- a/flake.lock +++ b/flake.lock @@ -1086,11 +1086,11 @@ "utils": "utils_5" }, "locked": { - "lastModified": 1757266039, - "narHash": "sha256-EAXz2LRlVMEN5RA/TmhSNaF/ox34cVmdayJj+rlU8lg=", + "lastModified": 1757267915, + "narHash": "sha256-cJA/dTc+VCjODKu5WEycBrEZRxd4STzxhpfUK2kIS4g=", "ref": "refs/heads/main", - "rev": "0a21ac2f5d99ac846d8dbfb91444ce2e3b0cf075", - "revCount": 250, + "rev": "3d882056bc78707ff57321862522ca8d1fc2a3c1", + "revCount": 252, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/ldap_backend" }, From b56bfecd4edafd9feb4221fdc564417d4f41e68f Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Mon, 8 Sep 2025 00:36:22 +0000 Subject: [PATCH 802/826] Updated flake for compsoc_public --- flake.lock | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index 64079b6..3420bf5 100644 --- a/flake.lock +++ b/flake.lock @@ -90,11 +90,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1723391194, - "narHash": "sha256-04UThV4LZNRHg/+GbEl7M2ginWbm8FrQ5jBVmYcroNg=", + "lastModified": 1723500950, + "narHash": "sha256-t1eApFGI+JzLIW2YToLlDV20n+Nevk1q4fZBYU1m93I=", "owner": "silver_rust", "repo": "bfom", - "rev": "fffd69b6433a2d2fd359b92e3816ae9938b3e99c", + "rev": "7f339f28442758ecc3f1697e3f70d441973664b9", "type": "gitlab" }, "original": { @@ -148,11 +148,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1741131635, - "narHash": "sha256-W65UdgryecEzfS6myQ+1Sj5P3yBCJRlGRf+fU78Ei2g=", + "lastModified": 1757291639, + "narHash": "sha256-lRv6lixWuFF9gEyriNRRveWq+AIhLDmy2n7Dfee5r2U=", "ref": "refs/heads/main", - "rev": "b5089910d0d0b303b634c7e125ac0b9ba8728bd9", - "revCount": 111, + "rev": "72d9f4cc7f59b832c0831af043943b072ce92da4", + "revCount": 118, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, @@ -896,15 +896,16 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1715413075, - "narHash": "sha256-FCi3R1MeS5bVp0M0xTheveP6hhcCYfW/aghSTPebYL4=", + "lastModified": 1756787288, + "narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e4e7a43a9db7e22613accfeb1005cca1b2b1ee0d", + "rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1", "type": "github" }, "original": { "id": "nixpkgs", + "ref": "nixos-unstable", "type": "indirect" } }, From 53afebb619c78863d4b47fb885d21d564ae3235b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 11 Sep 2025 10:39:43 +0100 Subject: [PATCH 803/826] feat: add a wolves subdomain --- applications/skynet.ie/skynet.ie.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/applications/skynet.ie/skynet.ie.nix b/applications/skynet.ie/skynet.ie.nix index fb1bf69..b387468 100644 --- a/applications/skynet.ie/skynet.ie.nix +++ b/applications/skynet.ie/skynet.ie.nix @@ -80,6 +80,12 @@ in { "www.skynet.ie" = main_site; "skynet.ie" = main_site; + "wolves.skynet.ie" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/".return = "307 https://ulwolves.ie/society/computer"; + }; + # a custom discord url, because we are too cheap otehrwise "discord.skynet.ie" = { forceSSL = true; From fb9eef1adf1492c40be55465ba60161e9032f88b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 11 Sep 2025 12:13:27 +0100 Subject: [PATCH 804/826] fix: forgot to actually set a DNS record for wolves --- applications/skynet.ie/skynet.ie.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/applications/skynet.ie/skynet.ie.nix b/applications/skynet.ie/skynet.ie.nix index b387468..99cc46d 100644 --- a/applications/skynet.ie/skynet.ie.nix +++ b/applications/skynet.ie/skynet.ie.nix @@ -48,6 +48,11 @@ in { r_type = "CNAME"; value = config.services.skynet.host.name; } + { + record = "wolves"; + r_type = "CNAME"; + value = config.services.skynet.host.name; + } { record = "public"; r_type = "CNAME"; From d21d7b25b964d24ae66ab39ac3f5209bb3432253 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Thu, 11 Sep 2025 11:39:34 +0000 Subject: [PATCH 805/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 3420bf5..a1f507a 100644 --- a/flake.lock +++ b/flake.lock @@ -148,11 +148,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1757291639, - "narHash": "sha256-lRv6lixWuFF9gEyriNRRveWq+AIhLDmy2n7Dfee5r2U=", + "lastModified": 1757590727, + "narHash": "sha256-ahg2fT8Ez1T0rLthHwcLUV+x3JOdr6pGbqI9dfOWapM=", "ref": "refs/heads/main", - "rev": "72d9f4cc7f59b832c0831af043943b072ce92da4", - "revCount": 118, + "rev": "6fd88f9064082ed7a1fe43d925c4995ba58418b8", + "revCount": 120, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From 4555186ba06d4ce67bd9470765ac28c2cbcd79ad Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Thu, 11 Sep 2025 11:51:17 +0000 Subject: [PATCH 806/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index a1f507a..13c84d1 100644 --- a/flake.lock +++ b/flake.lock @@ -1045,11 +1045,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1757023884, - "narHash": "sha256-E+lp2PyQo9vakrwAjcB+krIGPi095CaAbZ/49tWvCtw=", + "lastModified": 1757591343, + "narHash": "sha256-Inqutuj6WsLq5dht13AATbM/4S+Pnu0cgMq7VVeGWWQ=", "ref": "refs/heads/main", - "rev": "7526a82bb7c384c16a09992458868b2f669ed279", - "revCount": 320, + "rev": "d8f785b0db241c677b2eadec6e12d23b84d7e99b", + "revCount": 323, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 494d9bdf38eed509487d37c8076fd1756dee531b Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Thu, 11 Sep 2025 12:03:07 +0000 Subject: [PATCH 807/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 13c84d1..a5a5364 100644 --- a/flake.lock +++ b/flake.lock @@ -1045,11 +1045,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1757591343, - "narHash": "sha256-Inqutuj6WsLq5dht13AATbM/4S+Pnu0cgMq7VVeGWWQ=", + "lastModified": 1757592151, + "narHash": "sha256-CumEGWBqR+91Rk7FCCcS9AfLQpJfYwqn8QSGwOAOT7c=", "ref": "refs/heads/main", - "rev": "d8f785b0db241c677b2eadec6e12d23b84d7e99b", - "revCount": 323, + "rev": "6353d77360c7949a62ada56729b53be106b81a47", + "revCount": 325, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 6af7acaac36d9e91eb188d60e1421862316e6200 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Sat, 13 Sep 2025 23:44:23 +0000 Subject: [PATCH 808/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index a5a5364..30b6328 100644 --- a/flake.lock +++ b/flake.lock @@ -148,11 +148,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1757590727, - "narHash": "sha256-ahg2fT8Ez1T0rLthHwcLUV+x3JOdr6pGbqI9dfOWapM=", + "lastModified": 1757807029, + "narHash": "sha256-nRhdi1spkA235OsZC1oesR+YeUyOoD86ZSRJ2rZ9krU=", "ref": "refs/heads/main", - "rev": "6fd88f9064082ed7a1fe43d925c4995ba58418b8", - "revCount": 120, + "rev": "03201efe407571d17602937157f6e885e7615cbf", + "revCount": 122, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From 6c6068bf8974a48207732d4df338cb6e21cf3b52 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Sun, 14 Sep 2025 00:00:25 +0000 Subject: [PATCH 809/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 30b6328..7e9da39 100644 --- a/flake.lock +++ b/flake.lock @@ -148,11 +148,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1757807029, - "narHash": "sha256-nRhdi1spkA235OsZC1oesR+YeUyOoD86ZSRJ2rZ9krU=", + "lastModified": 1757807975, + "narHash": "sha256-tCdOzMu1C21iUbqfTmEl3Wq7HWii6NGLFRUsJjf5kSc=", "ref": "refs/heads/main", - "rev": "03201efe407571d17602937157f6e885e7615cbf", - "revCount": 122, + "rev": "bd5ff0579ebaa44d4ebecb10cf2d85942c230e84", + "revCount": 123, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From 6788ca566a8613ceac04d671a721c9e51ec325eb Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Tue, 16 Sep 2025 20:31:42 +0000 Subject: [PATCH 810/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 7e9da39..494eca2 100644 --- a/flake.lock +++ b/flake.lock @@ -148,11 +148,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1757807975, - "narHash": "sha256-tCdOzMu1C21iUbqfTmEl3Wq7HWii6NGLFRUsJjf5kSc=", + "lastModified": 1758054586, + "narHash": "sha256-YULa+rQnCSIt0yLLVVdMdxL1P2TQZ3VaMXtmtRz3Jic=", "ref": "refs/heads/main", - "rev": "bd5ff0579ebaa44d4ebecb10cf2d85942c230e84", - "revCount": 123, + "rev": "4a687d3f1060a50968cf06ca86e4dd4f1cccb444", + "revCount": 124, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From 84cd3538fd9c652a1266b2cf3d0e64058f58d49d Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Tue, 16 Sep 2025 22:33:02 +0000 Subject: [PATCH 811/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 494eca2..683f3f3 100644 --- a/flake.lock +++ b/flake.lock @@ -148,11 +148,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1758054586, - "narHash": "sha256-YULa+rQnCSIt0yLLVVdMdxL1P2TQZ3VaMXtmtRz3Jic=", + "lastModified": 1758061944, + "narHash": "sha256-41pCkNuk3HnMvtgmdpYw++VOSjOOcXAecaxcnSAVQz0=", "ref": "refs/heads/main", - "rev": "4a687d3f1060a50968cf06ca86e4dd4f1cccb444", - "revCount": 124, + "rev": "e5d5f7401fba81b758dc7b24ffe92eb9814e8490", + "revCount": 126, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From 8f45538316bcd9c0f8c7bd2f2b1074c304263328 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Wed, 17 Sep 2025 14:23:16 +0000 Subject: [PATCH 812/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 683f3f3..9181c32 100644 --- a/flake.lock +++ b/flake.lock @@ -148,11 +148,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1758061944, - "narHash": "sha256-41pCkNuk3HnMvtgmdpYw++VOSjOOcXAecaxcnSAVQz0=", + "lastModified": 1758118941, + "narHash": "sha256-OWPKyL2GNTCbRVpPadtYrluhBJJNkM57fqaEiDSZ/bc=", "ref": "refs/heads/main", - "rev": "e5d5f7401fba81b758dc7b24ffe92eb9814e8490", - "revCount": 126, + "rev": "7fa129fac4b4b464b2c41454408040d66f43d095", + "revCount": 127, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From 3629567abc4c85205c28b72cfcd1d6a7adc1be4b Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Thu, 18 Sep 2025 11:43:29 +0000 Subject: [PATCH 813/826] Updated flake for skynet_website --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 9181c32..4f6ddfa 100644 --- a/flake.lock +++ b/flake.lock @@ -1125,11 +1125,11 @@ "utils": "utils_7" }, "locked": { - "lastModified": 1732375016, - "narHash": "sha256-Y+bJw85TNOp8N369OV0VrDdm3oDy8CXG+GUuG6pZjbo=", + "lastModified": 1758195787, + "narHash": "sha256-YK5rEiaPqH19PPwMO/smF3SJDdEosGyqUQ8pDEmnfK8=", "ref": "refs/heads/main", - "rev": "8987e33cb709e7f2c30017e77edf9161b87d9885", - "revCount": 29, + "rev": "afd55717913278d4541ae0d21ca915a045423574", + "revCount": 31, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2023" }, From f99c50a039fe4d3a3064470f72a06ab1b53aed74 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Thu, 18 Sep 2025 19:04:33 +0000 Subject: [PATCH 814/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 4f6ddfa..02a1dac 100644 --- a/flake.lock +++ b/flake.lock @@ -148,11 +148,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1758118941, - "narHash": "sha256-OWPKyL2GNTCbRVpPadtYrluhBJJNkM57fqaEiDSZ/bc=", + "lastModified": 1758222226, + "narHash": "sha256-/PkJgIquoXAnh7LgiYp41XGkg3s8ET+TMJELtYrMNVg=", "ref": "refs/heads/main", - "rev": "7fa129fac4b4b464b2c41454408040d66f43d095", - "revCount": 127, + "rev": "a4213f2d3ae4558270fc01090715e3b11ca37f94", + "revCount": 128, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From cc49e0da6d58d6ae8744e768960ccb50bcd75684 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Fri, 19 Sep 2025 15:21:10 +0000 Subject: [PATCH 815/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 02a1dac..47c810b 100644 --- a/flake.lock +++ b/flake.lock @@ -1045,11 +1045,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1757592151, - "narHash": "sha256-CumEGWBqR+91Rk7FCCcS9AfLQpJfYwqn8QSGwOAOT7c=", + "lastModified": 1758295049, + "narHash": "sha256-h14Vl/OVguj5jD54xf+3w3DBIloQkoFBH86/xJ35jV8=", "ref": "refs/heads/main", - "rev": "6353d77360c7949a62ada56729b53be106b81a47", - "revCount": 325, + "rev": "313be247d96131fbea418b826d7b68521c48bd8a", + "revCount": 326, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From f33e14d8d1bb869c8f125153a763fae5b3990fa3 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Sat, 20 Sep 2025 11:27:40 +0000 Subject: [PATCH 816/826] Updated flake for simple-nixos-mailserver --- flake.lock | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index 47c810b..3083a51 100644 --- a/flake.lock +++ b/flake.lock @@ -359,11 +359,11 @@ ] }, "locked": { - "lastModified": 1749636823, - "narHash": "sha256-WUaIlOlPLyPgz9be7fqWJA5iG6rHcGRtLERSCfUDne4=", + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "623c56286de5a3193aa38891a6991b28f9bab056", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", "type": "github" }, "original": { @@ -542,11 +542,11 @@ }, "nixpkgs-25_05": { "locked": { - "lastModified": 1749727998, - "narHash": "sha256-mHv/yeUbmL91/TvV95p+mBVahm9mdQMJoqaTVTALaFw=", + "lastModified": 1753749649, + "narHash": "sha256-+jkEZxs7bfOKfBIk430K+tK9IvXlwzqQQnppC2ZKFj4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fd487183437963a59ba763c0cc4f27e3447dd6dd", + "rev": "1f08a4df998e21f4e8be8fb6fbf61d11a1a5076a", "type": "github" }, "original": { @@ -1024,11 +1024,11 @@ "nixpkgs-25_05": "nixpkgs-25_05" }, "locked": { - "lastModified": 1750183846, - "narHash": "sha256-owKJ2rsa/0WVZQAprlbqgVAAGlz3MFuvgNea3+ic4fs=", + "lastModified": 1758367587, + "narHash": "sha256-crj6Ps1BwNbmsk7I7v6K2Dw55vczuQRtTklYiFiQ0Jw=", "ref": "refs/heads/master", - "rev": "c097bd662c9e1aea8c1fca10d57188e81c5574a0", - "revCount": 743, + "rev": "8bca7ebf09d3eb2bfcafe41b9133ee262f09558d", + "revCount": 794, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/misc_nixos-mailserver" }, From 48b7cd2e547b07dd72aed44831f910b0286c621a Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 20 Sep 2025 17:33:30 +0100 Subject: [PATCH 817/826] nix: bump nixpkgs and mailserver --- applications/acme.nix | 1 - applications/email.nix | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/applications/acme.nix b/applications/acme.nix index 1031cf5..97aff51 100644 --- a/applications/acme.nix +++ b/applications/acme.nix @@ -27,7 +27,6 @@ in { age.secrets.acme.file = ../secrets/dns_certs.secret.age; security.acme = { - preliminarySelfsigned = false; acceptTerms = true; defaults = { diff --git a/applications/email.nix b/applications/email.nix index d7a6381..97b2362 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -470,7 +470,7 @@ in { mailserver = { enable = true; - stateVersion = 1; + stateVersion = 3; fqdn = "${cfg.sub}.${cfg.domain}"; domains = [ From 8ae0d53932ca8f172be6a7ebde8f58caef935f95 Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Mon, 22 Sep 2025 21:44:55 +0000 Subject: [PATCH 818/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 3083a51..34445f1 100644 --- a/flake.lock +++ b/flake.lock @@ -148,11 +148,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1758222226, - "narHash": "sha256-/PkJgIquoXAnh7LgiYp41XGkg3s8ET+TMJELtYrMNVg=", + "lastModified": 1758577443, + "narHash": "sha256-tNUJw0LV+kiVg0JOkRkWIul589ecWezOA/67dZo1S1g=", "ref": "refs/heads/main", - "rev": "a4213f2d3ae4558270fc01090715e3b11ca37f94", - "revCount": 128, + "rev": "f21056566c8304d20aa6065fbb88d480f5e7e9ea", + "revCount": 129, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From 85fe376560261dc7508a96fb4dbfac554264b18a Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Mon, 22 Sep 2025 23:01:41 +0000 Subject: [PATCH 819/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 34445f1..8144a6c 100644 --- a/flake.lock +++ b/flake.lock @@ -148,11 +148,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1758577443, - "narHash": "sha256-tNUJw0LV+kiVg0JOkRkWIul589ecWezOA/67dZo1S1g=", + "lastModified": 1758582048, + "narHash": "sha256-SIt6rPXx7O3YMrEw8YrwHNMjOrrJLu/Tf1sMll1Qp9A=", "ref": "refs/heads/main", - "rev": "f21056566c8304d20aa6065fbb88d480f5e7e9ea", - "revCount": 129, + "rev": "4d825caf25cb966ddb5ce33a0e9b2aa73b0262c6", + "revCount": 130, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From 5e40212eccfe9be158accc1753a71fd4bc782e5d Mon Sep 17 00:00:00 2001 From: sysadm <+sysadm@users.noreply.github.com> Date: Tue, 23 Sep 2025 13:59:36 +0000 Subject: [PATCH 820/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 8144a6c..6f89ba0 100644 --- a/flake.lock +++ b/flake.lock @@ -1303,11 +1303,11 @@ "utils": "utils_16" }, "locked": { - "lastModified": 1752925027, - "narHash": "sha256-APuWWdod4L3mgSBXJTukfbB8s37NvzUkju+lELUD7PI=", + "lastModified": 1758635905, + "narHash": "sha256-PPqhD2RHUOwJrbey72H1wnmdpeELilwKlND4TR5qo2k=", "ref": "refs/heads/main", - "rev": "917c316e7606995362b436f5c6248f058c762176", - "revCount": 166, + "rev": "eb1fc042b5d410b17dd63c492c03be78443ed07f", + "revCount": 167, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 5577446d6c9a8a5ae81831a5dd701ac01b6fd99f Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 21 Sep 2025 14:46:16 +0100 Subject: [PATCH 821/826] feat: remove non committee and reorganise based on who was already on committee. Also added labels for Core --- config/users.nix | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/config/users.nix b/config/users.nix index f7c3f84..f2ccef4 100644 --- a/config/users.nix +++ b/config/users.nix @@ -52,24 +52,25 @@ in { committee = lib.lists.unique ( # Committee - Core [ + # President "silver" - "eoghanconlon73" - "nanda" + # Secretary + "kaiden" + # Treasurer + "peace" + # PRO + "amymucko" + # HSO "skyapples" - "generically" ] # Committee - OCM ++ [ "eliza" - "amymucko" - "archiedms" - "kaiden" + "generically" + "nanda" ] # Committee - SISTEM - ++ [ - "peace" - "milan" - ] + ++ [] # Admins are part of Committee as well ++ cfg.admin ); @@ -78,8 +79,6 @@ in { "evanc" "eliza" "esy" - # for temp reasons - "peace" ]; trainee = []; lifetime = []; From e0957270ae459411ac81c60f9f0132bd257af488 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 21 Sep 2025 15:00:57 +0100 Subject: [PATCH 822/826] feat: initial batch of new committee --- config/users.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/config/users.nix b/config/users.nix index f2ccef4..8d6b611 100644 --- a/config/users.nix +++ b/config/users.nix @@ -65,9 +65,13 @@ in { ] # Committee - OCM ++ [ + "connormc" + "cordlesscoder" "eliza" "generically" + "mysticwolf" "nanda" + "sunny" ] # Committee - SISTEM ++ [] From 90f8ed3af24e8b2c7891397354a3e0bee0f6771b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 22 Sep 2025 11:35:54 +0100 Subject: [PATCH 823/826] feat: second batch of new committee --- config/users.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/users.nix b/config/users.nix index 8d6b611..7ab18bf 100644 --- a/config/users.nix +++ b/config/users.nix @@ -67,11 +67,14 @@ in { ++ [ "connormc" "cordlesscoder" + "dca_" "eliza" + "emilyrutai" "generically" "mysticwolf" "nanda" "sunny" + "tatabbyi" ] # Committee - SISTEM ++ [] From 42be2a0efce31fb22d1b5125058c4aaf4c43b205 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 22 Sep 2025 18:38:53 +0100 Subject: [PATCH 824/826] feat: third batch of new committee --- config/users.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/config/users.nix b/config/users.nix index 7ab18bf..f4758b2 100644 --- a/config/users.nix +++ b/config/users.nix @@ -73,6 +73,7 @@ in { "generically" "mysticwolf" "nanda" + "rituk_0817" "sunny" "tatabbyi" ] From b5b6c67ea94dd6a0b9434985c252326c0dab24ea Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 23 Sep 2025 15:15:45 +0100 Subject: [PATCH 825/826] feat: final batch of new committee --- config/users.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/users.nix b/config/users.nix index f4758b2..f88db70 100644 --- a/config/users.nix +++ b/config/users.nix @@ -74,8 +74,10 @@ in { "mysticwolf" "nanda" "rituk_0817" + "shourjyo24_" "sunny" "tatabbyi" + "wormyworm5" ] # Committee - SISTEM ++ [] From 94a5fb65746519c71d2ff899634bb3c7225586d4 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 23 Sep 2025 15:43:48 +0100 Subject: [PATCH 826/826] fix: had forgotten someone --- config/users.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/config/users.nix b/config/users.nix index f88db70..d49d998 100644 --- a/config/users.nix +++ b/config/users.nix @@ -74,6 +74,7 @@ in { "mysticwolf" "nanda" "rituk_0817" + "sania_m" "shourjyo24_" "sunny" "tatabbyi"

z8csR?uX4{>GzvtAqQ6bLDco4QBcQ08@AO!vFvP delta 692 zcmeBW>t&muQ}1h@Vp&nBpIPW1;+>I|9ORQ);Gb5MAE<2_nw0Js6%gfKzX}?q^tN!KG`bP+Xj$ zo0?)|YHDbyU=mOjm7lI)>6&RATu>2J9$1wfU~KGJ?pExdnD0}ZRPJ4oV&R`;<`a~f zYh>;e73dns6{eq@m}Ow%Z{g*g9qwM1XcpiTlI<64P>|1LPF18|w!49)v1f*Vg;#*KUs6#(PPu`5q){c@T??vG)3P18jKa!u{LBm8vZI1MA`&x-!@OK`J)8@Sd<;vA z(lfLJ1O41QN=%&ms*D}EbaizVf^uE*Ljocb(=wd(3o{%uJxa|@wM(+g!%TBR@{%!c2LTh99am?r+&AT1cy6tVw6+l&)9>9z0yg^}z0?wawBnok g#tqDM8zh(13#Z&!k-c+jY`NCTD=*|eJc{7~0ONZ4xBvhE diff --git a/secrets/gitlab/secrets_jws.age b/secrets/gitlab/secrets_jws.age index e693ddc10d227a6bbe415f508fa5a9ca734445e0..df1bf93eb37433ba584ff91cf9d45a73b967e50c 100644 GIT binary patch delta 2253 zcmbOwG)riLPQ6=7Sh0Ujk!OW#sCz+ShZnPPtP`SygUXK|yd-L}HF(aez@}s-tgiU|y6{q<3VPBbTn7LUD11 zZfc5=si~o*f=NJCRDQaGZ=_>bPFYZBgpaXHmbboJsGELrao@aW1 zOIo@|K~YXVmr-(BZm~~(wx?lgm8YqJhoxnPQCW$0dO?0#qNhtzeoAg$o^xt(Qbv%; z#E;_PZaLaH9^v_h+Uce~#=-8+>1pof+U6zxmf=~>W)?=io+&PQi2=?Pj?N}rnZ??s z*wId&dSXSF^)7U&kjkqD9MfFip)0fE)A)0bkFvvObs*lNGlI4$qYzLHmWo! z)-Q9cOiFYPsxm7p%S=h<($&>fs5JBU%P9#dbqOxaDM>U+4v6$GiAWAlb=Gz^GpY2= z%}!0OH*wB0G6*hpAqKIZIB@y5ZWy z*%NDCemMD2^P0rlT#rnDP0{FB=5C_6KTkh;-~XVdx$b$V?ztVfy8X{8Pp6s|hs*^D zYG#fT8arn^Up6WH>PM#C>mxsJ&%b%`g&uG01TWSzha~EIE#=P~V>x7${326bQbob` z>Z|YWQU`ZmzP?y8@kI77PE!?oCyfQaPTI89Te-g3yf1&|C|UHt*wx89#&{?}&M(q^zizl;ow( zqf?f8T`MM9{ZWQ#D3jgX3+|%MzE|(Om}2&D?X>pas|pW3oE7*-J4w}%x#7L4{_%)S zAs7DWrcPtsy+ikSrD!guS^&Dw4&5ut1H7a^0 z*{(fzaplvk77E$XmWS2Lo*cY>X~~62tu|6er9}+6v#!4B{OG&;Ci{+4g7bX%w`_j6 zy@BoQR)&Ytwu@Hm|HpIQOl;SwEtX4?>aV@BEu6D$MU(f!&7DC)!L6EalvlhsATur5 zH){Wjyp_{BCI9TMSj2V8S^m1@lF61AcAZz4ck;8%-Y41el2gN71@2GV&752sv@1SV zI-uCH{o11c4oW4{WR&0V-ewBmuhw1X#w~wgU0Lu>k6*jbIaSu2KCorKa-Gg*Nq6aG z>-Oi@hZlaDawI zc8c;+2KST*t9R!`qtee#$oZ8$=ShEYOuN~GCx;$3U4JPVJ?rrfM#Hrhnv#W+9a?>} z?)A@?H?Z%Yl05nJXU<90A8HTHnSbVe>uOo`+1obkTX0`+qEcqAot4DL(p0ut<$oZIO7ob~3lZLMw3`L)G1{o0T; zalW+N+tS;WI8FKbn;Zoh7 zfjtie%U3P7=;^CxOJ$zH%6aSS{Qd&L(7H9jR)!*C8{e1;EVllo_->iqtLZy>_E`M# zzj!_2uQB5l?YZ1@Jpx`jG4t#>^nC$mL;b?J_S|*um61yqyx6{aS#|kz#ZRRQ_e1){ zr*y5eO`4o3*e$4$sGG&KivMwc&>itRp0|Q_oZGg*Wv%b>v&D07Do(v`7qB*0@rtbU z!4&7Cr%rFM>u8-Hkh0K!sqlimI#1b_D9bbN|K=XbYri0bm37UP%tJb}HLi#}nAZ_^ ze&$`v`dnk{`L~=~%dTEm@rs!wsyB-xtvvFl(64_lxHEjGSMOwND%xP5JhP@sTWmY$ zMu{0S-5%K3a@}ysd+hC=uBqa=D=5rzlF{)BGs!dkTxXA$O>GN$Rn73~mfYq^zkl~u z3f|pb_vh=1jB_nUQ`&nX+qQm@usm~#`J0l&?e#H5UlZ!>&U|{ZC$n)!{8IkhEpxx$ z`4{^4zjJ%K#JMkxJ52q9Y+ZX+*=B4zf7f`;DX~o%y;D=;Y}L7aZ#+xc_-UVuU5Ib< z;YZ7xMfvUHjLz?${&GR+#(B3mW23^v@7rBXS3lXASnOTA)}g%H|HvV^rmx>BS@pLc zE*IC2nL6)4s?gPcg7vJ0W%E~G{dS;~J@m-`x$jN$tklJ>S-)bf-~9FEhYJE3;aQ94 zW^MV$ZoU4s|Cw!9-}Y#nW zh^vo}bB4a5m$z$0V3nU? zHdn5`S6W7Du#sVQVOFZIc9x~5ep$MOXIQ0~iLphxc7~B*gh`rXacH8kFPE;JLUD11 zZfc5=si~o*f=NJCRDQZbWMxG~L10Cash56+c0fo;vRisyfm?7o zDvS*)Ez*K>yn>t~3)4a}tMW67e6$TJy$f9@pJf!U_x5x0D5!8NE({F|cZ+bUC@W0L zOmz2lGjj=vN=h>G%`fNG;BD_6sO-G)^h=i1hZ(Ofs+t53Z{6PV>yqEy?$> z%#H}C5ArPZH%ko;<+|~7_vyC}L|l7sEWh=4ZKqO%e%IM{^(n5mU6)ul?)K9WJG!g> z$yLYS+sgCiYu?Iwufto$aop3*WLf;xCw#eoro^t0zHmx!R5oOc8iJ2ynp9M z&X`^)8=fdN<3K&jHm3T3f_K-Sy=JoB?t1ibMc;;9CwIJ!$Tno&Xk2&Ze98fd-i6iQ zuc+_HI@{d7Pv%R5g~e<8S=|no*|pqf$5^wh<(g7+`(pDx!9!DmR>leQx?YsO&Y3!S zL(C~Fhh%YPTdn0TJDmPqyIi-5b?*#$mx-MR@@t$_YtOpv*=?D1N^rZ!f%?+wp2KhE z-btD2c6X1x0UNS&FIK%oN=H=lh3ExL+2Rk?QeDO3^bHI(-h8*uF`A&dycuPo!UZt2--g z&6n5O=G-33lDl5CU7FLE#DB_~>DHn*^=$`)&#`&O>fDRoSy02xTbrT%E?gyHGCQm3 z|EZ0|mP;ymJ{dRS6Y7FZ?gG!>5vtLi+E#dqs_j@Xq<{T?Yvr#dDY$he>_ff z2)<}nj~CT4oIihS{a*>Q7sZ(;?>$p!{jjY*ResU#kLg>kZ(|U+vnxt6z4hky;(3gh zx>qD-Eb@)MrsI0@y}>)B?nkW`8{0cQuD1$3+W3Zj&Aas1yY{3E5%WS6|&sYdOuKy=L={cuO zYk4n=z_qqd9X2~|_1>sD*{e|`batLh_;D%ysoZL(4|{tVU0C+sBBP<_K&Vwj(C6(U zB}tDICbv3i?9AaxRD9Mjk#*^lWS&DZnOpup2#UVaz02?t)7x*^x3~iYPPrb@)X&~; zZQb3}sJ`+}UA-pTREJB6St9F}?3!MG=oI7TUFMJelvf-&qjdRGR^h|aC)-bdxg5aM zZMx1Pjx#Q0$@Im)Dr{$FTs;)sep9<^Ystqwd{>-;sxDa?kK^R!;= zb$`0o=Tk`Oi~P3>`kwciFS}IyCN-7y?zy1m4$o|dH&5s6NVDLM>-_k8w%LW&x;9LRu>$s#lyXs9#sFrrx9OVzvBlaQ|_2A;q*_f%Ol*e!XvCx?ma0 z=jf9~8|R$fzy8TC<}d44Psx*2@Uj#A_c3SxipUdZ|FiurV5E_ja#@_BP zOLGHe-rruvX*==O3+v{TdZz$41D}_7ivPTeRGX?H_^!TqeY?6)WAdraU5AzaojI-e zrdzSx#ixJHOgpQk7Vf51)s-;!yrJ7EU1P@LT;@rOH+7`oiYYZ|Ben@>&(z@k-(9EDATyl?H*Av5w zGYXwm?yYH+SU)AXq`p!1)aIRx_xCJ4qv3d}V(z|^QVaLa&fxuj^V9pBs!YSrZzZnx zFKbx->*Eq;R}Q_Ymx2ll^XG=<{E>}K7joQxTx_eQmi)3)DOrEnCf_qZ>UICS?!r}W zlNo#kpH04KdjIW;f4?{qKL?$^xSm1a=-X2T_Dh&1?K#{&rDm@}Mb2}b%`UgJR<3lt zw`%2W>%`wyo8O;4&bpH8&Uvk8w-P*;DGHUGUHjPdrtjNGX5aob`9~k@llt6vZ%ym# TyA!y>N?Y1j*G^Yzn5+r_#P1&6 diff --git a/secrets/gitlab/secrets_otp.age b/secrets/gitlab/secrets_otp.age index c10014f4565d68d7811eb87c9aa8f1facd242e40..2c547b7252a57e357bda04945d1fdaf38a2768b9 100644 GIT binary patch delta 691 zcmeBS>tUOqQ}65+;BDdQpPm?MknL5F@8shb8tmoclM|%vA=;mdfn;n)~k(OiR9$K21ml7Ci zP?S?q8d{#sos?*jZ<<{ZnB^ak7Lt+gZsC_57MbUmXKq%W=%Sq#;%pX>5s~gY z@uPUSOSVr`vPY^@x^`5qzIT{!c~yo*s+&nkp-E|Jm0wtBevU_~Z)JX7NnSoza)D2I zQl43+m%Ce0c6e#7hrW+bVq!sRNqCW2NN`|gq;pVGX_9`pYq7!Pct-JX_hk3%up*aI z$8gWw5*K~P3df*))6|SC7vE$bi!@iGu!71mNAD{0yo_wFa3>F+szS^3vSh!kU|*LC ziz-jwBJC(w%k+wH$H>eamqdLR)7(U3gUI~JXBoxojl;r2jZye3If85ea&-Hj2w-e z!y>%WLo$5x^PF;0ygg00baizVf=l%c3^Ic)jm@(X!;CXM4D?OBOAWj;OmYI#&5ff1 z-69R^ohynX4II-AxYma0Ca&oCxiW7_sp&bf(`C{Xd(stI>)J%u>e4lcxj$ z0S>!n?wvaQjmVakTTAO1&Ci9oT#l80vrBR3cGmRL;JEdn)7L${$e-#rJO9PJ&x@T7 zWh68mop`o%_PL42&tCrWp!-2TTa<>o#bO(`n?*S`D`m9y@}Jz3b!g?bNk5&nnIl^D gZ>Id*;MAYE$M*ay_sx&IR1Up$Q(ZDkb^E0001TG_-v9sr delta 691 zcmeBS>tUOqQy*Ss;O-e_l37wzRA5E~Znl@XR$85EIS5UL%R zm+WS0S!U?Vm7Hzjn;MqyYZmE}QXXvS7wDT&lI9dt5tf>5m=kDhQkCaZQBhtH8kUhi z@uPUSxtX(mN@QMYL87HgfnS7&r&ErxQAk8UPMKR!Sb3Ohewjyvld-;qvuhw%S$<)b zQBroclVz@_r-`4JYmTw8w||+oM{;>uV3Kd4sk2XZL9$12U})&%ct-K?0yp!dG?Vl^ z^N@g|qVSM%BjfyBqr_Z&ldKYhLgQk?sG<~;s+7_svp@r`P?HKveUF^VK;OcgfRg;M z(x9M%^kDNc6CcOaR1y$#EQ{lfAsxJ-j4?heVhocatPl-*L}cY~#mmX8R_DVSSK{=NC<$8!q27*SND3&l9=w=G>-f zBFmGX=x}N1uj8MygEe}JVYsQ&ude!I=~liM93MM>y{h$Z@%nqIv!4nr^kH4k<=p;o g-bDx9t=XMybEf{tUOqQy*y&X728q>{Sqz6ryeD9;Q9-QrE;8`A?otEO_%B5?kP+Xj$ zo0?)|YHDbyU=mOjm7lH{^=VY7lB^5?tZo;#*o73WK!~BYK}lg`W>_(on_Eg! zu#=NxR;ja5c4nn}RbqKwfl+9tiFST=U{#W7N|9StcyL)^j$8KRct-KCyo|J9BTHXP z-?TjcJd5D$U<=RS@Qf&TS2N3uG}lm1BcnY3FsDqDEMs4;N}tTipzILCA~O@SV5dqG z%glg`@{H6fkB}(W+yM8qLU(QdN=M857$xc>g43KsJ&m%{LjqE&!ZY%7vn)eP z5_2M43QZjiyoz1S%G~qP9V^SUb4|EXy^C`S^%Gr63cS4x{i-~2ysKQ2f+8G)jr>wd zqTH)|A`O!x9rd+KTnxB$b#)aii#)R20{xOpqRJDif-EDnEut*5EHa$EGQAQF^;3tUOqQ}2_T8&sB>W04%FUFcsN;O3p^WKQoq1Y#AJy z&y}26Sy4}RcvUUSZG-oKd68?j4aBnh_9KoShhzm!529>X=>`oZ(&(sa;e& z@uPTnVO2qeWl)Gyu9;5uB(Z5c37CJzP^udqG#mfct-Isv(o&kpd!<} zBxA$CWaEH};G$GNV?(3d9QQ(BgJKgGv*h$5{fa!pDz|Jd*PM(X#}w^gqkN;XOp6Tn ziYklXP;YaOLYJ_LQm=@roM2Dy(2&F=!>Gw;7$xdG41Kcv^$RP_N-NEa!}5ayosBGg zbG#EnjkBYoeDgxmTtm`JElab!D;>F>RN6m1=rEf6QXV z7ff0^O-%Anq$sX;yLhEJAiCl>m%*9lQ=EO1TaPQ7Y0Y;G+An@bMOjP6yS96)|H9_v d`TTNn|KwAR)&^?0DeSeF|36!!C#CEx4*&vV_IUsR diff --git a/secrets/grafana/pw.age b/secrets/grafana/pw.age index 6a014327e0b12de1077364d468c87a1d7d03b2ed..0feb54596c7a7ba72deca46c8e3f657853e412ef 100644 GIT binary patch delta 604 zcmdnSx{Y;$PJM+_VYXY9VZNJruz7KQVQFwiriE8vsAo=waZYYdlyz*T3%qdv6-b|iJNJPuVsjtSy@O*M1{9;L6A>k zNM?Ard0JjMmxq6uzfqo>xk+ArrGX$2M9&OzE1?onlF1%-y*rFpJg=79x1 zDMi{QW?o?)0b!{Dy#3P(qCAVzwSz*rJo1uD3JU#79JTe+eDss@ zQ_51b4Sl`J{L}m@EsCAo%Cn6;y#0K=ef%vZpJf!UFY_(Ui13XvaF6sfbj~WM)UQYh z@b}HuF3>LaF7pa>%nT?rGRZcJFij8SN-;J`OEmFIu`KjR)X#S@OENJpPS+1JjtDSu zcgwGIO7X}m2+B0^&Ga(i($&>fFv#=`2`UQ+Ofm4v^3iwnFi7+B$gnW4($6rgN=tMJ zHgGKn4lvfYNY_tut7S4g^Zn!amzj!TkT1kzMr;7a++skKz3C~K9{bYLUD11 zZfc5=si~o*f=NJCRDQaGxwc!fWooiTRauUAfLWNkx0_d@v2T!{S%GCzXpy6VxxQ15 zk3~^%UV(8rS7f@QkGo-#MWBDKZ((?8VUcBKScPL^j%9MVTbe~~s)2Wip>MiDeqMI| z#E;_P`Z*Q)sb!v)S;Y}m9=;V3k%7MXiDluX$sxX(?!FP_6^_mYSrL(LQ8}Spd12uh zft4x#{uZf;A(6>JW@e>^zNsGi={dROAue8dUcLsNmL(CPWnl)B;~B-n%Om|Ol0rix zibB#OEhDl+s|<_^OTsNe5+l9R{8Ff$V~Ey@JS3YvCPuR6xtX!HM@X1k zGFO(XXGL~Su#16NdZ}Bwr&*b2rf+CoRZdENu6t#8abB@exqEU>Kz5K}IhU@TLUD11 zZfc5=si~o*f=NJCRDQZblD~7Zk8xtLN2!ZrRbX(Ei(9a>t8rjqp;?HRtFcK*hPGQ# zwthucMRs61S4L`bK$>}up_xgMN0q;YL5_Zof3b&QmZ5P#xwlV*u}Nf6QiW%Vp_y~? z#E;_PxhBqzX>J8hh52FHxu(v!p_Rq?=6R_(0g=8g>HfxUAtu_z#zw(OmBF4|e#ub* z8M)=-z-NMQ(3)3q~%mYJx^Yx1|a$P*Re6#$LD~c+DOCx;3bHWo{ zJzPACyqt0~^ut^toQkwvf=pdJ%W~aJv$8!WpJf!U53F=@(>FIx%GJ(F_6^T>3w8`C z3Ue>;Ni%i}Hw$<6^K(yhbg!r=Of$6LG70m{4bCz5%e6H0(l*HtF-k6VDJ+cec1kHL zbk_GUi*hy%NeL|~4D|3skAc#tDktM~g~IdzV+)UTj{rw^-$egpv($Ra;)=2ov&uqm zm#RQV_aaZT)ZoN`imE6#S1#v_RR4^0w>%5KG~cw0#E4+;G=rQ(^UUPbs9^nkQ;#Z_ z!qAL-%d$L6j0pEgGRQ0lR7ffa3C}DEF3GFXHaD&;D^AaHs?0Je2=_GiE66G;3`oo| zEl5vx^)rreG2sde$}p|)jB@f#%k~UR@eVRGOv*4X2uSnxFg1-Z_AxE0GS5uRbat%J zHUNcOc!`rwmPwgkVz_&LxO0A~p^vw5WvX$2zk7CSTDfCNp^;&UXL4qmpMg<2S9xxk zv6*?EnYV9FreB0nVTpf=QEEk=MX6_iX_BLnTZx&8e}JR8NwBXk$n1LGj6fqNcmH(v zN)JZ%0s<0f3qST_Cq9iwCW5c{GqnxzBB2%9#cLS~rZ+|aW_tdB=?Megl+!W_< z1HZJiJny`a^ok5;KesRwm%{SwieQ&y?MN9Iah6 z#Zpv6-8FFI0rwS=tQ$DmC*HEy_h-i;(~dn3&L4E$@4aAWI+-Tf{a|BfecqOejwMGf zepYt75xVqvT7V5WspQ9)s#i>XhTf2Cu3RZ&)?W3EqF zHdm^CsE=1rafXMVcW|UdnRZS}N`!$yQAVy|W~ND1xk0FjnMX-!Zi(HzG-$=ny+JkN03Eowsv@_k4I9XfoX<&wz+p+kYA*+fnl)k z#E;_Ph5p{!+1Xj%!9K2$dEw5XrfCMrm1dQ0$!?xirFoIYhNUiLd4*{uMb7zL1(8)o zIcA3L$v!EDQGuZ*A(=@oLFLKj!Ij1yfjMce!A6BaB^KeuzOELN;~B-nBg!Llf-Dk~ z3f)8ei?iG+A`P7*Ba?E>938`b-8@_^(@d-Uy~0Ah^|L&=JTvw6D?&4z(|m(NT=IjG z^u3a@ld617lf!fT^1RHv%gd7uJ+vd7%Ze-}pJf!U&vrI0EKM>s$qov3%*m+q_3|}0 z$}x8F^A4zTOEJ$3$u_U_tI#(K4vxs?Dh@Hp2=vTI$#9B{@=p!PwD2i0aWOaaGS4>i zh;+^>u=LbV_A}4VvCQ*DkAc#tDktM~g@S^7f1{#A^O6jMJU=J1i0pc!(!esuzz83= zAj3S5B)6(;{XkPk$HG!4Pp&`<*Bq~+ERV9x#6V-;OkZ~+?O;pKvI1v!Q_IvyGi|Q` zpDedX7r&@vM|A5vk_<8n0u_?W(lUI?jDwQBQhXybEM1DD0>c8h>Ktm6=Np)w&E=c! z{w)B7?JK67Ufvw=ayp>SeX@WY#!?Er(c}o5ngUE`3$2(eY$IunMILh zez-|$QF(+}USMdXb4sXbNUBkpagtG~kx_tYSyGWjNM>j zMU|I{eo~Nmo^y&(YFKu0y{Cyul0k%@0hi_v#bl*-iG3UkLJlU?^D4v_{4lWoAIq`V zvvQhs+p`DmSB@Ece7GX&(en>YrB6$lf({=Ie5u@e@JlwYnH$sXNI0)^*KAK^V4 zk$*1o-@@)YSJ&=;ld{&wdGkND{W>}Srn~1Kur%n|HDRGdb({LHH2W#yYgg4jTbh?+ zwDujgTU0PO{FC(KFqrKPmK&?}b7gOg#0Oz}@Y5)KL diff --git a/secrets/ldap/pw.age b/secrets/ldap/pw.age index b369e0fe7652dfa89eb47d868aaa02417acaee82..37febec6c6028ff9ca0468da063a2cb977159649 100644 GIT binary patch delta 1005 zcmcb{agAewPQ71%S!%XLZmDN-Scso_go&whqKS7!R;FKhfoDK^rI%S?K!~Ytgh#%M zCzqFFN~K?=VXAYUse!(`MZRTdl(t7mv012RS$b(sVN_Xpl$TLqKzVvjIhU@TLUD11 zZfc5=si~o*f=NJCRDQZbg=bP(Rj{*#skd2)X^y$RiJP-UrFUp*NpY^5d0|#WKw5}F zW}=sIcz8rPmsg&9SV*yZiHl)+Xt{f3uy>MAWJrOTkx4;GP`-PRyGK|~R#`+|xKCc_ z#E;_PDY=C~<`Km?p%vL?sRg-NZaKy2eoh`fUO~;OS9Yqvoc*nwOxIkgCl$=pJf!U_c9Ev$TBcawoDIqsVFMUc1bmL zD$-BOPe}<3$O{RyNXv0ANpua3%8#(%at#i5D$FiTbI-3x40bCDDNIe(Hw#P2a;r*B z^l{BLEG^5aOsXl1gW1S8Wf+fPgA@ZNvKTC@+(!bPscX z->Br^@GA3Mb8V*_bF(O8PcGkJOV4oED3eNG&%#vq^a8^Sqx58_5X17K(9kUJ(gN?q z!nDL-X9L4P19a;=k_<8n0u_8cOxO`|;Wvh%q@{X;X2)4ZJxDv~NPwDU8)atj>;on6C9T$7AlgChzvEz67Y!t#ql z4PC(@7w8n=A6A)Z8RFuc?BSnZo>JoMl)=5uRbdRTgHE zSW;~4niA++YF23CX_4Y%ETgTV(FG`5?tyRYEWWol;>i?rK_u}5SW(g6=tlT z=$h&8ZIoeP860JnQxsViQS4Syo|2}Y>hEY$pP%j@Wa4X_%vGP3G>zpm=LOY6;>JNL z-`D8B`663&Zt7>pm4ACQ%7 z4$HmQnV&u@x`F+IadJ%7x8R6Ntv@;Eq=wwtBvi9rT}I!$f5CC(4>g)4|Ic~*9A<7_ z#8RhmLRL#y@banh&pnIXj7}=eua>Cv&n#Ov^+twUabEW7<1)h2*T4F>dqJG`wZLEi D?+aoU delta 1005 zcmcb{agAewPJKX5g=b=+afN?sSayoLet~~_UZPJ{dXRU7mvL%_nUi0Zg=dnhV`fBz z30Fw6Q)FPGL4;3XQhH)aprdD%r(=;(rlpsgdqlCPyN_ptPg!cEQ9xNzHkYoQLUD11 zZfc5=si~o*f=NJCRDQaGnU{r2RFJ#3mq)&@M}~=0mRo9ZdSr^Wn`LOCd%k~^XMvw~ zrDvXxp-Hd_SBRsTr>jMNU|N=+dsUfBN_lByp?7A4WrT5RR$-cXu9HuIah7kmVQ{d) z#E;_PZi!WX7LjQlnO?ct7AcOw&SAcJzF`@q<%vO|=^2%QnIR>PhJ_`GVR?aEQ6WAS z+1?qEsRad@<(1{(1>wPIZstB-`A#K~7M9uh=Al(SE`gP1Rb>{F;~B-n4P1+o3)0*o z^mDz;osE5pjlH7^yrT@G%)`Ay%N(P!+zQGK^c}U!g42Duv<(9+g40sUa>K)&jXb=) z9R0F$Qk+7)vx7^$&B6mcD}5ugioFWcqmnEppJf!UPfN_n3imG$&T^_O)z<|wNE+bdxNW-wIpYSSG7AC~oU#M*bCZHX(+ynBQhk&4(=zluQq25KwJTC8oFbBoP18)B z15JD?{rt0hxr(v^OM?n5!t>J8D*Usuf}A|e@^jqH!vge80wc@A%AA5+yaV0*vYaX$ z!6BEJt{sq{ZfxpR?j7#tmy#V6>RA*NkYVf@=u=wZ>sDfFSrwI1R#BGXVZoIgl~v&s zoEM_+m22SW6YS_2k&+l}lI-K2oR{QknV(ylXOWebUSJkzSk9%ZtE*7#l9pki9br;d z5mFZAR}fNKU}=<580hb8l9p_c?_!?eR#hLCpW@}~;hxPkON2e3<`HA>p^xHM7_{@_ zdlUZ8b*xyNf4E)5=3&^|#LLT;msd`C`!Hgb7fZ4TXJ>+`s;v5ie-8hTebZYOuOE5f z!d}(XSL>cg9PE5`*|c}la<%tYrK;Q=XRnyUp*xRN^KtB%RVx=h?T?XJ@_E_Lwi*2^ z3*WuA)lw3OoH0@TVfbEqMm{DxhA-2&?Duf_=XhmbS)00#&35T8Ci$4~=?A$ZbO4AI BVR--m diff --git a/secrets/nextcloud/pw.age b/secrets/nextcloud/pw.age index 1335375..e5612e1 100644 --- a/secrets/nextcloud/pw.age +++ b/secrets/nextcloud/pw.age @@ -1,13 +1,13 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA 9h+5sIlvMiZRhje5GhsNJ8ucXWTkB1hS+kZBRs+YGRI -lmZ2+18WMJY38Kup8jBZDpUjQ3QQIeSgLGc9QFH2w8I --> ssh-ed25519 4PzZog 0FIpyjjXwCcpgKB6ElsShe238/4VMNRfDGngBpqVyUQ -WAAVgHorFOmtU80RVUILGaXwfxBeV4N4EliHvxOMfCE --> ssh-ed25519 5Nd93w dHBRtX2dXZFWY9kw74x94UAGqdb1IVe7uqfn+xbTXm0 -mvhqFd7G3pSK/W8koJI+sRU5SOQJmUwYhXdj05sMs2o --> ssh-ed25519 q8eJgg dBrod8ucXLwEWcCiQ7bL1YYrSGGYfJwHeEfGV6aKGWk -FMHX98NsY98sIpH+Hj6zy33/qqpUIJv4acejkvs3lNM --> ssh-ed25519 YFaxCg SQRuisMOT2BDyXCdFnXMZZoqZgSlXf6/FRmbn5qPjng -bstuHuNKdKgflf0/8s7Nlbu46EwsN/mMj8VlDDJy8yE ---- PCjE0Ry7iVdFNMznpD7I+BfW6BHV5MExXgREFVAu2g0 -Џ+#f|M,˨6ZzAC~)#G[s#g@ubHt2ym \ No newline at end of file +-> ssh-ed25519 V1pwNA PiQsqOT6Kgdo6s5Xj7/YrOF/xcFUY79IVGWh9QrqiTM +oDH/CXTFBNOQFFJRIcP2jrJhPb/CabqxBOPUyjCBgBE +-> ssh-ed25519 4PzZog //UFKnG6srGzPvcZZGBoV3C7LCV3mkbiRwyKRfk5txU +sOIxSDePjj7gt4fsgy134MaYasE6bylaxMgwCYEsopA +-> ssh-ed25519 5Nd93w uJVBYfAdaQD9F6Ps3/K1BvjmHd0KL1A38G+6tZ8uTB4 +ua+xSp1+tSVMEM7kG/0x6XcXg4zllyxGGt6UT4o0tH8 +-> ssh-ed25519 q8eJgg 9F7SNeeEpCWgH3EnigRYnX48R/1ST2xjcPEX70qcklU +8JisSMHjwXWAYH22V4EfaFN1rQk/fr5kG8Uf6vFcfeE +-> ssh-ed25519 YFaxCg 4ZlNZRZ0DPBGXA10Rkvy7Iyk+r8nSREK71n93aZrbUs +YWFtPzyae1TZ+cA/vmWAHFr9P3bA6NYxkpAUeVNK7gs +--- e1ZdhiA8AMinAmj4jY5ApJ6ASLdH/wK95iWw8jjWg6o +Ttdl~ ou8/.wՕ=*1r}@ Fyׁ;J!IƿAV =l \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 80ee5e8..6cc5101 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -3,6 +3,8 @@ let silver_laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQWfVKls31yK1aZeAu5mCE+xycI9Kt3Xoj+gfvEonDg NixOS Laptop"; silver_desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN34yTh0nk7HAz8id5Z/wiIX3H7ptleDyXy5bfbemico Desktop"; thenobrainer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer"; + eliza = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIJaVEGPDxG/0gbYJovPB+tiODgBDUABlgc1OokmF3WA eliza-skynet"; + esy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINS2UR/o+nK8lNHHTj5I84ZAAp6P+ZhXqhedMfx0KHE4 "; users = [ admin diff --git a/secrets/stream_ulfm.age b/secrets/stream_ulfm.age index 55710f0c43962c1229f1b63eda4c20c9ee22017d..7405101deae928f263551687f491de79f3ac8239 100644 GIT binary patch delta 2791 zcmdlWwn1!yPQ8(fOJ=&Czd@y0xp{$Uppj>|XSqq3m%eM7MQM<8X|jupziDuBagvLx zFITWdl)F=+S8jQ>Z>EcnS5{F@frUpzN|k=NzDan7w|=ul0nWZ$Aw`M4 zUIG4QQK^;zE@p1IKB*~XK~+)tDLLN0hUNLjp6NyfCS_$s*@4-U;~B-n3(QTEd_AIk zj5AA%N~2sVg3`ju6U|M0gDpz^d@P*`GRpIv!u`X_G9nzgLPEnTj1tR@Go3=TP4k>Q zas%^=^m7aR%*;)Evr^6c_5G^?)3bvuaxDxdpJf!U_b{?73N14-sLU!ePctydF$t^8 za&*ab%r&m?^YPE{j`A-w4KE1GP7V#_^6)G0G7b)R4l_0I_O2=_@DIy(G72p5aP-W# zC<@FEH?fQ;b+Jsf$gPOv($&>f@G0>vH#GK(G$<`~Da}gC&({tv_ev`=OG~#1)2=Ei zEAcO?&nT=c2}(>#=c=8YXWzF&#`fs*SJjuzZ!LHb&HOyK{BL}q&6|~$7TVuj#9f(p z?MP4%S^0n3!Ab95@ZJhE%73!f#6D1QnWWAFKlMj5eje%8R;;$&AF$@Z66-iq1_+r^C%??8j#GbWc!^bL?ynbo-)ep!^Z3y%@zb9@ziu<> z@z1H5Obh})yWSfVe+#)bKjWtHz5OT7KYa3dom{C~TG-K#*8}3*U-l=u8x*zi|y zx9s2L8ogb2U)q@%vvoH=@J`IQqO^fsf3sGYt@d6n+qbzBHZQ4^aCql+vUOJcDz*BF z>B}3Ke|#=gWtukgdwuBEFvcV;;fWS$7u)8hF@0nH)_CLWw1&Kt4~txP{@b{0{ic(v z4|yDlxt1napYWM~_anx_k{!10Qt{SHRwmXcX~j>Sy?Wl9|3^-5jjA}`GNq(G@U2YX zMrNbUKXb)DXgyO;YdxX%Q`Y9%)}yn(Ctg18^1AZEgcWKFZ!PY=T)E-Mi+aZoeEyvO z=8456xCbT7Ufpx?)8zVz<%e8v)pe(t-J9g{F-6YtXX>L5Z+CAA(z)@h@|_FstLIle zcYId&{w4Qh1;dGxOuHBy*Br+UvWlP-Sgn;U*@`I~!B@6WQR1cRCnn{RKa zJzXCVr1Na|tSggt9(SFmTrvNjf-3XkbM-wU9;QEBb4-%i*(?^Io!`}#|EcQ+c_v;WppnD@4QQ$YB44o6#w z>a3hu#*1uo%hI%?IDg*DknsB|ZteE{qPzZ<*>y+!&u^^e`02;}V%gq?o_rU-eV;CH z`aU~R-hvcwWlRmUo|&6{q$*D(|;x@SHj`LB+d1y`C$`}w=J44&8oGfk4ZUt z$G!l5xuUP$1t&cYE0$eJ-5JB8`z%GsEA86m&XmoG93~#-5sx=&IImmzXH8hmq9@v) zE;?V-nBaKi_m?;GGkk8`KHatS&32jV&mz^f|2dfZsidNQk<-Kgl{?|{)vkS*xZ3@O z%>>i1)j{hzL;6=2M|*6I{=2QJ?(f@Zeu4RBC%i42d+Qp?11BH8yyfir`_udn+2r(l zz0HsJG41~H`}6iS(RVg&-zhN5V0zbwqS_Djp=Yb6HeTPmd(rgBCmt($9*90KIj~2D zN#(+&hrF5Lru(g;XS}S}6|*{!@%qq%ScW+)GKEWQKN>tQN^kL9G_U;nt&7rg?1SRY z27h_nc%*r6bk!?9OHNnOW6KK*LeEB=0}{{Z7UGuSd4{ zosm@QxHtX5Z*}cIKN%W~Cr?+Mu}Xu^C3V6gkw;$Q8vp$RawTidc(D3(`hOGC&%J;C z{Ddcy;`^MEd<7*I8=xwdT&2hrk6{SfAms#|c-!&&Ge+qXqJSZAzTC?or z(S0}NmVc8IIbN_ual2K^`-7zo*$-y@t`~RyU{vy5%xSw_TDwxk`^&TTZq{U3+Yz@( z;k;+O)WKjP$Gw{gY234YV~u1PpB?Ub-z zZecO!vUIO>WqR$R2jz#uOXHItP1&y*`*u;ONxl6Hv!uG%DX%gcCy4%W3Yd`Q@ph?d z0%Li-{WmtTm6?}P4hkpvS0zrqRi#&QmiGq7^6mwb=H`0t4qCVRQ@`3>XTc9mzbv8 z>hR3jaqbLLLcA;Po$#F7GoxL%?1j*NmCYp)ZyyTX-B@pX#pSr%$H#{?I{j+GM9P~& z>P|>rxo#IJTc`2sf$_WTA^cu`MHUwYkJWF{mdnqM(YKyEBfRLu*UIwF_iI^BZ>!pB zE_3R($N?qa?Dty@_IoW--oEO2-itS~5;@Cte>>Ngcm4D&=5_1Z!o5uGU77o1)2BPv z3Apnq{hrF9nAqAB&WnEo8B??JCyx3BS>nWm)YJwDxQJSV$L6y&N^t-!R$VnrGWqM zr;C9ze{a!W!d>9h%V zNJqNw=3P`IF5)HpeIK>V4I9FZ|55y>1I7-PV2i zvTt8`&_?}@u(D0 z4mAWhEqzgzjZP(wR9_TI$nLeGpg%QajmjtKZ%b6WNBoaB#3 zj@Z=Ko|y3M=QNY5|LHtyz9~=Vu>iy(75LUcKj=^#4bG`^=mcD^9y|uU+@omG7@Yrde^W4>9cS&D_bq zbN!y^>+LfqI_?ZuxX$`{uT@L3{Go?e#NJ<>Q@6ZvRd)U354KKA|2#Clc5#z$mxXbh z&$HnK+xywc=);%|NbS`JRv}NN7zeDPWzip6?tEkk| zGUVadn66P@ePGvKPlk!XbF)M|=JCv~>D5@|@id$3mFWcIPF(}hjM^p^nbVISRs}>? zebo>Ba_6S}aqAbBafyP`6>;AmD@xa?uMOpAuH1AjLuc~~arf+Jp7TD=b4m`$ShDo~ z=7+mNnSS$o$lw0S^ZaSM)&JCYB_*2=sQg(`e8a9b=wR=pxr@y9ukKv1Ttz&uWL8<( MgJkPzTV&eO0EC|?L;wH) delta 2791 zcmdlWwn1!yPQ8OQ(;8DYeim(L8wpi z#E;_P#Yw@=Md<;-rTRX`k$Jh11z`n+j!BjtM!tTLY3X56;W>$x&VE_`1;OQ986n0w z6`sKsZq8xOIprylj&4CtM#f%Yei0$2?tvM8E(KXx9@*}m7D?%o;~B-n^&^suawf@bk>evvf+1@Jvs%3^5I{j0p7hFUv~I$%@GFiL!J{ zb#@D?Pj*c%Ez8L(=h`J;V{u}}9i{Gd4;8Ofd%2tx-q+}q*XjJR;%1KAG}!7(H$4-@2vw)IEQkFx~gXSjV>Zn5!E)V{)-{Lbfj=NL$!S=+I=?3A|mW>-zBkSbP zxPHlqe8XVpTCMwt|2>be$Jt;p_NwVwCnuAO z&*pC1NgU>y(IpH2)c^V#)AVLn(dL98 zyKS34ONP|5P2N@6UnadbuEv@x3*k}nT0&8gR% z`9gM8Xx5)-^$43)`>Ru)FdnaZY`INi`?9{?C!&^uQpv)suhxE#wb@mFY}KUZS2NXl z%Jg{r2A5NZ~FA^$(T_2dV&wbCWUnC0OwQM>q?7r*VUzTfDx_+84D^Anx^OfK0L zQF7+^r01po8(ys_^_y}d!$)*(+q?P-9<4}$Pf`DNR@F~Ab1*XJ`QG-pIYoXepK)yq z{?hn2_itwS*Q8B1{MNjYa?0b~sGD&?R!6@1qV;O2*8ei{ySkTOmsk0;vPr=6AJ57w zdYO+KdM`Ny&SQDNx=NUDjacA|y&OK;k*{2<7yQw_bhTpp>rHHXH=A9YykVArhKNu0 zzWRFZv@}JJV)o-Ju1w0)kuy2t^s-On>-K#_E>yQ?uUO>(e=PE9TR|s9jYNJ|AS5()a%OqJGi&WPpzGyLSD1 z!F~dV?yP^3Ia`18yB)WEwx8F2HTUR;e?1CEc4XA|*5Bt`=o7zYk(0nj=Awg*_S4O5 z&U?P=Pd3_G{4H22x!%h-@^wP{9?>13bTffmZNcHjTZ*LD6i&!7< zJi=zCa^{)rxgmvr9xBB4{4|_Yy-RI|)5YVS zkE;#;PJXG*_Ud4L=A?a3Pi8LD-?l%{V5#KE#CMA&_g;9dq{#JPe@(Vpw#Gjbm=+3_^U`_BcT`Y0<`>jx9Mug59{YfY@lIwrLLz%J|DS(Z;9-kR!I zu;bE)_(K+~Pwp>xp-yb`eB>R;?P)w(srH5;+OSkqvN2dq+ zySte^r+qqdqxtmOXZF|6$DUe#)=b|l{kL0SMftOv^6UR6Z83evrGH5{qOOhY$BxDI zM_zjRxt7*yM^q|pa`==Y*na=)`^d9_L2Hj}sAPHI?QBt0b@JY=^{$t@`5ZiIG|k+u z{uN!QG2_7@ao<@zr)#8nmJ!F_&Q*#&Z%iCZWje}Iz3ju6m1SKI~&~GlefIV z%ue+o_hiPb=f5v*cX?Le@palKL00p|iXXRXFVs7Dr>(E=wPa*XJSHiu)#L6g-XJ!! z&U5QmwUDTowrx7yHm~0q{yUvC>HWI}rJZN4p5AO6ez)aS@-DexGGpO9WEapTqKJ z7xMaeTwhPG-!ye?$;FxZ>sKGR{IMrsvGWTt7vb7;<{imj8#F_e8hCAvJ?@L|ZFn?$ zyG^F=gP0=>s%l5tg3IOhb;hUeS#vgwt@XQC6_@i$`%CTZA{o(lCbQ2jWZf3S6y+Wu z5z{;K-u{Svlk$RC)OKi@#uka_btGQtdbw%S966OOPt?R3p4LAWU-7)pcwq&%cdYZ7 zPs?iehHgA~v*WelnPM@C$%c_zUMxQIt>*gj>vua26fNkQ>vQ5*)Yq6RyL75!7Mir_ zh1y16=K68gVU76bnHRkqr!n7Eymr#g(6d0na*fQ)w}QN?%E^LH{geZ%PcHi_CVx`& zOSg-_DVfTGC1)4pYX0`0Sua{?_9)}g&bFKzdi$^Mc~^R%@9`VXeI^YZoJH?H6j`24 zofTtg1@BAKp^?PPoDJ#6#;nn{ScNcl= zWpuQNn%(wTW9IMeg}gjpFGbZpZkPYQe>VSLM~%+g>q8e6o1C6p{%(f45Uv^V}*B589pIpf)XA-xhAl*sm_MY}=fg|zTe7DV8raN=(zFIM1C#Nkt zy-L;u{th{D_tWLjrP+Ls&U|fgG!2cDGAXWK7|B_(>)*de6E2AF**sNjMyVQWRrq;} zvaEstol2o*=8gOx-ZP)64m{vu{qE$sr~h}xGrB6TsI|$je3GiBQ><^vvfi7?BamzH zl}9N-3};QVUM;;5`fF#B-PVVDUtd<5{Z4R(->ll#lN%XcN+emUyB zluf8k=8WT=dmuP^+nJ2S(dfGkkjufJeH@aY!T)!8&@ GvpfLq2MP`V diff --git a/secrets/wolves/details.age b/secrets/wolves/details.age index ff19a49ec51246d1504aee6458645a5e33c5932d..2e2e63cd32cfc1a635ec21b8feb0a659fed281ab 100644 GIT binary patch delta 1025 zcmaFO@tR|TPQ81sQCYc{MSf9vrnh#Ig_EC=zE_f4Wu$Ykxkse7YihD#d7*xepb{uwS}+}wqbZ6m!*4nc(OsByPHvQXi2cKud$17fV)LxzI$PLVz`BWxKUVfqGe`5R%%%G z#E;_P;pzFAk(Sv$rIyLXu9nF;PMK*Q*^%i%PRZtF*@oT`$!3OSxjB)+!BzQOIhG;$ z6~0-aX(pA4;hE)y;fAiB`DS@}rDiFvrs+w=+R3R=VQvQDF6N$-;~B-n^UT8h^ApX> z{XO#>3tWsm41KH0{Ty9V%!|D%@;#zl61{>9JR=Pg3k{RGLcAkOeT_{0ip(v7^%IM7 zOLNRq^2;4P3@khgyq$xpLINyQG0Je%kMuDz zN%Si;PBqInO9_hb3{T3*@lJBeb#mqMPcAUY$~1Nf_A#~0@y&2Cu`D+Z@+%1`FwaVL zNe@m<3ytu|baL~nDlbNlfYPWcC*yR5K)>=_OQXsZb1&~ClM4S*qtg0JZ+GJ&?LZ65 zQpcbW?Z_P0Vw0ePY)_X+t|T8%CzD|R@SLKQh@8U0H2~^u_Q1g(lIkVtFW}BEYs03%OlS`-Oo4IkxN%sS0T_pC@`zjr%Qwa1vT_~r-hSv#ljT0EHbJ?)}s#?7VO0^5cEa=oys_x0D=l-#Rv zqV@Crf?J0Rer~c`X@AX9>&2IR8`TPi^GhxVhtw&p*4Vb|;Hz)q&ShomJyzsfTWm`* zknf$r!?D|bO@LteQk5M~o$K3sqa!=t{+KFha6q;H<@vLo7N@kBU$ZlGe<`}Le$}^a auCJbJW|m9t>AM*unw%}}y5rQbSXlt(Mr;}Y delta 1025 zcmaFO@tR|TPQ96lV?b7*Td8wOV17xcL1s#bU$I|yV4+E9X;GC=k*9XCQ<`^}SE_4J zIhR41nPZ__VOB__Uqp(wfnjofPN|1;re9Kodwx)9g?UA$c|@v_w^zAuB$uw8LUD11 zZfc5=si~o*f=NJCRDQZbV1>R(UX@c-K|w~jX_arNzFTl=PE~Mrn}6 z#E;_Pg%xG_8DRk?#-E1bs=~Yga7Dbj`IhoptIfX^8$=Uk)ZY~yFmCi0k zdHT5)iB)AD7MW!MRr$$zITeOpE;+_w*`CQ&=4qjxIpMhxVTLA?;~B-n9TO{xBV8-A zN#DpJkM&F9|gZ3=h(d3P>`mEVncX@XrkP zj0`B!E-p27F7oiTtjaTwD9rZFcS+}RPE5%U@^ZAuDJaV~%+M!(``BE*GB&)2g8Syj0`Bl&Y|D7ZbmVl7jRU1M_m9^zdRMi>g4^ zq%6ZgZ3`z0bn85l3^EG>6+9eW(gOUowT+B@{PH|QyrMj_3c~%J3q8Gzqmn$soKg(^ zOv>_-yb4{bvbjPk-LmvOwG&OUlP&UdQ&X}WtGr7L(sROGl3cyqvpsW41DtdGP0QTe z9Vee<6t6EbH*qZwFbPkJEYo(*b2D9hP4p_suBdbhiY&@AtZ+{=%QWz|2q<*(E>DdJ3{4G7G~m+J)m6w#&GL-W z_Y5sa^-PTl2{OuZO$y5@H#IjY@^DObsVXrq^{o%~bWgG@stDxTGJET$uH(zRO_wuI ztbeg{@qGPkq}aCzy7OXOjL??l*P{NlZExf&P|zgXpiWNy=iOf9zRPu>3i&oyxsxD>+xH7 b Date: Fri, 7 Jun 2024 19:19:03 +0100 Subject: [PATCH 406/826] admin: add eliza and esy as admins to teh secrets Actually add the keys this time.... --- secrets/backup/restic.age | 84 +++++++++++++++------------- secrets/backup/restic_pw.age | 29 ++++++---- secrets/bitwarden/details.age | Bin 825 -> 1045 bytes secrets/bitwarden/id.age | Bin 701 -> 921 bytes secrets/bitwarden/secret.age | Bin 682 -> 902 bytes secrets/discord/ldap.age | 42 +++++++------- secrets/discord/token.age | Bin 805 -> 1025 bytes secrets/dns_certs.secret.age | Bin 2374 -> 2594 bytes secrets/dns_dnskeys.conf.age | 33 ++++++----- secrets/email/details.age | Bin 1089 -> 1309 bytes secrets/gitlab/db_pw.age | 29 ++++++---- secrets/gitlab/ldap_pw.age | Bin 780 -> 1000 bytes secrets/gitlab/pw.age | Bin 781 -> 1001 bytes secrets/gitlab/runners/runner01.age | 29 +++++----- secrets/gitlab/runners/runner02.age | Bin 735 -> 955 bytes secrets/gitlab/secrets_db.age | Bin 781 -> 1001 bytes secrets/gitlab/secrets_jws.age | Bin 2330 -> 2550 bytes secrets/gitlab/secrets_otp.age | Bin 780 -> 1000 bytes secrets/gitlab/secrets_secret.age | 33 ++++++----- secrets/grafana/pw.age | Bin 694 -> 914 bytes secrets/ldap/details.age | Bin 1307 -> 1527 bytes secrets/ldap/pw.age | 40 +++++++------ secrets/nextcloud/pw.age | 29 ++++++---- secrets/secrets.nix | 2 + secrets/stream_ulfm.age | Bin 2864 -> 3084 bytes secrets/wolves/details.age | Bin 1131 -> 1351 bytes 26 files changed, 193 insertions(+), 157 deletions(-) diff --git a/secrets/backup/restic.age b/secrets/backup/restic.age index 191ec82..df98b44 100644 --- a/secrets/backup/restic.age +++ b/secrets/backup/restic.age @@ -1,41 +1,45 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA jm6475v+Z5x7TpxZE7BKsS1McGwX/c04NVnna31QfVc -XSVnZUfcudAQlDo8y4hcVjjdYpxTnxUil4Je6OKTVmk --> ssh-ed25519 4PzZog qOjhllIy1TaKJCi1PzxiZGLjCeMW3tdsJXpipoYZjB4 -5IX0MqLnLadGmRE3Hihk3gY8+gNMLu8lhwjlgX2ffgM --> ssh-ed25519 5Nd93w tOwfoLamrtY848gu0ccQps/l5HpaCXklYmLBMc2bBBY -Z+3jT9h6ZidFK1o3WoOq0j0A7c00IRJ2ePXwXpi1yv4 --> ssh-ed25519 q8eJgg W9CplimyN1y6VTqlIQ/MiusqwM/BgBiwSikAl8PlGUs -s/V3Oxu/b2U29Mqf3nBKd8yauzlYlRSBxaI6sXx415k --> ssh-ed25519 /Gb5gQ 9n1xFcZt4P1nhe5/plprSfN2A0DkYgXeLlwuykU8/R0 -SHywmxQ5r1RUjQjvSyaBKMhbyNFBDg9/jjMz1OWWDQU --> ssh-ed25519 NtlN/A Pzwd/AM2hJmUOlwpurzEjSb5eTWj1B7QMSGluxHPZyg -svPsQgADYzoSaq3Vr9w+YPpi0ZVwPOrQbd8y3WxQZP8 --> ssh-ed25519 v2Y09A dT8AkeMff4eHoigAJK9n0smgg7+B4euXVxQXNC4ICSw -b3hc61H7T3YXh5C32uTFUkeH3fpz8sY9bxbuRr36NOY --> ssh-ed25519 XSrA6w z6TCcLysu8pz5o7u4suhhiSRcPjfQt5uyiaOCvAONzk -xaf55scacRbTSlVIodsyR9e8Yltjnk30KYiMz3wzNyE --> ssh-ed25519 DVzSig byqbVOsTWSviEBETw1JWAcWQ9GDfqHSPrrSYW+9lCUc -E8igwPYnSsu3f9K7it7EKJHXnJItFSyTw7YTmkKKFFw --> ssh-ed25519 uZzB3g svdvi3x+dopgPWSK5PePD6OWaYeiEHEIGxtfgTiOwHo -pdXk70JPzCGBsl2JbgeGn32kZkwTBjJHTJ0ObLOL1L0 --> ssh-ed25519 yvS9bw EIixVKmCU3K72ci1Cc6CirPD+m5fGbghwjhqxVfgtjA -NPsnqCMOZdAk9lZgmeZut29uPja28rc1f1z0OYMyu/M --> ssh-ed25519 IzAMqA HgXRxXv+lZNxyQI65GwVvCNxbTqEtwZu5bG4Z0wJIBc -g1wD9iDLaAHwfHlw04zsQpMDqn2oL6WTNW/gBkIboEc --> ssh-ed25519 Hb0ipQ unKeQMV37ghjPWdZ7D1rtbNbCPSWW79GRHU5PietYDw -8lCkHaMithmpUXDVdn/Vga5YEVvqinncA9BjeM7r/JE --> ssh-ed25519 3pl/Kw BLeXBaICo6fJ/42j8Cy+hSfQPqGjkS1mjz7nnL2WY1Y -xRUQZfRTJORSZDNo6zrUu7jHAxEz/ibHfJnTBRuvj4g --> ssh-ed25519 SqDBmA OPg7zErfAKptfPLbbg0Sdw6Gobe7eOnwJ5+N3kMuBHs -GaRv1pzU7q2paJAlZkAplhU69n05Omadm2HkbnbRgYs --> ssh-ed25519 UE6fcQ rQtyAncdVYitLmtfcd/6wJSOL1lzfQ2/Mkrt20miMiA -NWl8Bv/vMaaQNwylum4s5RWtyzlImP+wtlGITZwVSWk --> ssh-ed25519 YFaxCg FUJ76CPiKh6Is9Yg+5dbFhaoyshj1HIiV6hQDqBbLjI -ygBkmO7DpSE5fhofAJcQdsOpUoXUUJLrR2PbT/cTPd0 --> ssh-ed25519 elCEeg 2/nfLbfNivE/R9uvrs/gb+zHnTLIfFTOiTKRr6USuGQ -HQRLH7N7sSbObTYPEb6hoDH0ddlUEgDOK0/095uaLbo --> ssh-ed25519 8vZ9CQ gz2h213BrDoe4PEZcjZc65JnPdYaM0uqr78MX5v4lQ4 -ORma0oxy2oWgYrxfpdeY3dZ4gEClM8EgphCzMyjDqHA ---- +XZR4R/xoTSHgOeFzQYWes+2EA+OP48uGfwP4FgkeFc -6V hhI~oQzm:h| PR(X)"8\jQ֖+hhXo=&3.Z VzZK:ԍ`ol6Rbg5`Aw~/q%~DV \ No newline at end of file +-> ssh-ed25519 V1pwNA 7yvURMKPgnbCWAE2q51v3fDFuXCivslOvDuxGIi2JHc +numnCMoai7pCs0qBhsWr/CjU8FfrUeQsfq9mvMTVj34 +-> ssh-ed25519 4PzZog O2zDjiWrxoqWp0QYlwXw8Oushe2wwlw1J336+QksnUc +oBJ9zPd7+Agc9KSYgA64Sbj0aZLJRRQS2MgnPGHbcic +-> ssh-ed25519 5Nd93w adTzuNLU94FC3fR/uK3XsI5XZSANXZmwp6fG9ZeoA14 +7U4C8ZbZKsl3kdPMymoHc42k4i1Wom+wi/THXosDgYg +-> ssh-ed25519 q8eJgg bgfuSRzrmyVG7ewvPztde7o0QJyQXXBbvK+Rs5JdN3U +2wABMhVimVi4Nyrfa7EWji5YClqh6GhOjFUKzcJqJcs +-> ssh-ed25519 KVr8rw xQcp6gQPq/AxA8cEKjhgvQ8NBmSmXd9LN1ZBxxqSlQU +gy7wbZiCsKdCUAPH82xgnxWXc/sxY2S8JKcnzzypyOY +-> ssh-ed25519 fia1eQ Xh2ErHfrIvHTvUyDHmDD1X0Dxnz9bUnnRne0RYPIPk8 +V3+5H/8vMWV3lriiiEd/C7lg8IcQSKkO0JrhD8KrNGw +-> ssh-ed25519 /Gb5gQ ftm+TgiEOPimzA+qsus9/rFUqTjWn/VVORIs96Lgy2E +mzRiPpqZj/tkFvdphOWn15IHv+GhTd4vj+T/lpsXJtA +-> ssh-ed25519 NtlN/A 2t0YPeV7uzYhrIZU1TDi8xxPGvpCReUL5Rxt8sflK28 +r61bhrJj6irlo2xTU8iCJj8YzSbYWFjH8iiC88SOrAA +-> ssh-ed25519 v2Y09A BXWbnz7DUn5tssTCFkM9cFzF4M5oj3rcFMrfhFzL5lM +2GVsK4gq4HIBVJWlQVd1G0kags2peJ63AfuBdOxbY70 +-> ssh-ed25519 XSrA6w OJ2j5EQe69sPH+wTsiMBlopI4QmHiLsfJDQj+F9rEiw +u/9MNFViy7TvNTA7lvBKnL/qYWlkOJrJKcSG563Btnk +-> ssh-ed25519 DVzSig 6djjmbfge5li1ZTlaA4Wc58xfk0Kb4EdXPxX1bPdJAE +HMnnH5Cd5ffp9t+tJdhagDLoGk9HKpjI28SMQGcMvIc +-> ssh-ed25519 uZzB3g NS2dkA9o84OuCTUSoHU7MaUMJG85vr2tnCq3rSKtTGo +6+7gqBrSIogz7nYdDUmtS3650x/y4rmgy4ru9sOf7hY +-> ssh-ed25519 yvS9bw /CoelQvArSJCFKTV8x/OHVWTYEsNTkbRqweqaIvlykA +TGuI9tt8EnEThL3l+wgipOtDMPPTkVTdFLpRKHGFMpU +-> ssh-ed25519 IzAMqA Hb0cVXd+8WrWJWVs6j/qxBUCOv67M+Se+v2y7470oB4 +i8GWMK8uXbaODkQm02TqCn79+b1zu9Zq2W7c7Rg3FHE +-> ssh-ed25519 Hb0ipQ 3Gr6C7Q1yfHWcxn0pImpI4mQjdIHJKyzSZDv+5Eo1Vk +8WFp3fNRKFb0jxmSDNVlRM+ec4bd2O5POeY69T0bVz0 +-> ssh-ed25519 3pl/Kw GCks2XrtAKpVRl7nC2g+q7c+Q1gqh2tSfPDHHI+wxng +iyblirNv3byNgI27599Dq6kc0ae2xaoMh7thSIoVLJ4 +-> ssh-ed25519 SqDBmA FxJJFJboiAe5T4TTcx7VY2brEQN5DqlQ3Ak5C03MKzw +yLYdnZHSftMTwruQYJy1I2oWmWZNPykqxe6nlAdLTDs +-> ssh-ed25519 UE6fcQ Y7XmsyOOMffkb7GofPufJ6d/JdVi9fg3LK17C1zL1wo +hfo5xZcNpVSOiNuZFe1fJ8o4mPF2cHoyAoyc2LO6XhY +-> ssh-ed25519 YFaxCg 1t6GiHkJUaJ795x9PRVkDU0P0FP+RC1QEedl4qHgNAE +o9hxn0jLFBqej4D7xJdtVCB9UnUBrCXZM5gpFbibldA +-> ssh-ed25519 elCEeg TunOY5HCLU87gGej0HWFm775FLsbtL+41HqYS3hgLyk +E6rAZdQUj/Zia6i0Q32SfqugEJ3rrQt8OM9sPQ+ZXOk +-> ssh-ed25519 8vZ9CQ Pwqq6eKEIf/fLLiB+j5IQTFxRXrEi2ajORzH8GQpHVY +nmrnjLLmUPPOgk1y64Zcfhhhm87dRg5V8GM5GIfB6oE +--- dBHJ3bG+te1AZd+FHj/ssxBbrCBiyl3VARjnd5F0yz0 +8|ph1DMZOs+^:ˌkLṻ]gi`j;Jp/ ^a<@} ۶䠍 J\P7K7 ~ +6N2k<<^9Pi/X4u \ No newline at end of file diff --git a/secrets/backup/restic_pw.age b/secrets/backup/restic_pw.age index 494ddca..31c2bbf 100644 --- a/secrets/backup/restic_pw.age +++ b/secrets/backup/restic_pw.age @@ -1,13 +1,18 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA qZ7CudBTDbC2IN/xxqKXGOY6NqHtm3Vmk1VInhjawAA -MPoBpMCNwXDWr2Kv4c0BFClkWfUl2n6JMyxhQ0XRRMc --> ssh-ed25519 4PzZog AI4ny+mDIRaaJc2spa4gWBpjK5i8M3Feh8wL+sYXUnM -hRs3ZFUIC9TQzhLwI6FvZ213pqoa6aRRdhGmX793t5M --> ssh-ed25519 5Nd93w GpuVJYN3AYLO2YMvkaDpxeqJtsUfpS5bmIGvnHMMLmo -0niSwyHjIcMHad21h026P3zbucg7h3w4DNrkdDNw2c4 --> ssh-ed25519 q8eJgg dNylSaId05RAVPAm6NHTGmWks0NLH4GU5mIXgo7w6To -x5iyeOAWE/K+wMbyTkvnH29WDYeIBy4ItFk//jRU5Ak --> ssh-ed25519 3pl/Kw XPioumuJdUvoP0radVfv24qxql3HxdKjWseK0Oy3KC4 -4WbwRgjTnmugQfelfcZaArsWbFtfHydojT6gblfID9Y ---- abaCteISdhpp4Q77f7FDW4f5LJuJa21GfZUeNwM5SFQ -:-lPJL[f4V{`\¡V~gipG9IgaQRnl^qMT->QV 6ܑ F=;0$y| \ No newline at end of file +-> ssh-ed25519 V1pwNA Q6fzzE0ZuVtBGR3fFnmw45hrQU/vKj2y2aEzYA2cvAs +c0A5Ieu188qIE3QKvC+6DqjDxAC4HqfBUbPu3m72NTA +-> ssh-ed25519 4PzZog AzQaulqa+X3fxgk/sP5jjFfPGAPMzGlbacGIQdKpSxs +d5OgkPftJ8wqrMlfGcxLld+DWVQ58/SvXGOmPj79SUQ +-> ssh-ed25519 5Nd93w u+Fu4cNNKnHht6Gj8NgCK96U8SL4h+hFv9SZ+DSMrGg +zy6Jf8ZBInhOVDuFuFAZso6KJl8gLlklqWCayPqb14w +-> ssh-ed25519 q8eJgg s6jAIb95QqWDKGEx2lbnJruSfp6mgERcI2SzTip+Gnw +IHPOcqeagr79owKNqyk9dLjz5Qz1fQ1A/vOxt+NPlu4 +-> ssh-ed25519 KVr8rw VO/YREcq6mknjN2JdAr3GWg91Hml4k1Ojx1tUMXAXks +1BhUi7kRCZV+c9TROQIFeNt2WSL9Xa14J40vo/qyJ70 +-> ssh-ed25519 fia1eQ w6T0/iajXe7pgvX75tm/94HueS6OlKlXAo3IgIIlcm0 +Cun2Xmb7fbXCg18lLmsdhqViEG8lqOAGGoghJlvunu0 +-> ssh-ed25519 3pl/Kw cpVAh+pifXN3ohww8TqmyCrCRWU06OAPPdLX/5DBUwo ++GQ7xCXSJp6nwGymXD+9AqeZC7ScJl4a/A/2XWQzKbA +--- GhvvZMgI8VzeGNtLQ+EUIPYpR6EgLpxiuxn9Upu6o7g +KihPSd~p{%Pbc'tk?[e0b +銐{ &$tW."Xf\-vIL{]1;U \ No newline at end of file diff --git a/secrets/bitwarden/details.age b/secrets/bitwarden/details.age index 500ac6e96eacfccb14408863de1db3b89c0fecea..9cf7d05126dae1c94f96c3e5e77f81a73afa65f8 100644 GIT binary patch delta 958 zcmdnVHkD(7PQ6!^Wkr^=PeoovzNK?!PI9upTd=RAYh-?)epNx0Q4zEN6w zF_%S-n^9)6WxkWXMO99|Q(;bMh)0QcaduR4PGGvZc49Nuoiqr<+G!dS;fdabiibv1L$YWMX(; zae0MVXj--_SF%y1sd<#PfkCigYE)!WqGyhAPOzh?XfRRz) z#E;_P<^HA_CHn5Zd7hRY>3O9=5f%RCSy^Rn$q}LDmFX!tLGC5_c>zYD?&+>v8D-&B zX<-3w6`p1J!P!Yssil=>S(OHPj!EUlPKN1070Fpyf!?ke-sO&y;~B;44LmYDbHkG& zT%5B^Jks(EdBk zBfZTmGn4$Y(_8|BG7Z9t0xWZ!GCh4uD?{?pL&-a=$fBrRAt)y-6Py7uiV@@pDQ@YGN>TZusl0mJHRq5!#k@Y*VQz# z(9y)vFCfyzB-203**VXtq)I!j9NoIK%tXV~K!sAr@PN#0FH1}FeA7_N^ui*qq^h(q z-^!3YKSxK)0AELa)AFz)C++M~Lsu>fx3cU~3;pb1)4UOH*?)Ov`-T1Ilv)yuGr*3!VL|a{XMw3QN2_{X!j$L&D91 z%F?-Xb#)bdQXQj`(j&_)osyFy%S{S%O#OZHJu@>ROiYtaOe~FjO$+PY-ODR{qFjr) z=2H{x-_jed3^m`2wQCLk&_!e z&nAgJJMs7U-nUm4i0#;Lud!y$DK--;shq9+wWmy8O#*m382o ODkmtmTg-~pKnVc6q4O+pj%Q=Gj+J#s88BQgq|bE1k3i@gmz6Z0auBFzeuvrP5N^bN{$O9JvM zQ{6({Li0mQOVbNW^>f@pO~Z-;wVhM_OH<3yL&>ws(YMf1A-}M~%^)}3wA8{NKO{XX zF}=Q^Jis-n+}*^t!aT<^t4KS{G9WQGG0-!;m@C~d&9WfL%snVA&^;$J$Gg0$Ft0Q+ z+bGz;JEAPF%(&Do%D~q-$U?s;pG#L)S3y6;&@9m}vn1R&uh^`tNITWv!#yB9E4k7v zqolCh!lWw1sI;`wFUmD1oomL6kBUkux7O8Pzof)D@swKm$49F36{o-XY_iz=;1tDb zTa&z1PyXECuryjTF|U4#{-H8OySo>xK2MW!4=7!?{h(3elbQGay)AzO*kHO*9mTV z-X9qCP|@*G{N&%w~Wnaw##~!$ gRc*>FHv&RMZbz(ht3W^N`SNsgs{X2qsXNdbobKE9LV8O7^8EPYG^Gd%OM zeZ!sdQi37_Jv;+La!Y-~oQix)5+e$oiwayL!t^r=oLspAeT+;BlTzH1(o%BEjFQrW z4ND`lf;^l|)4T(U(sGk>eKS+CJS|gPJ=4(x$vdpbqNrTKy)f4!#V;-0-_1KY%1pbe zqTbsjJYC;2*D=gB!XqTOpvooJDb*rPzbrSO%cRsOHQUt1Bh{tUDYGiF!XPgwHPyh# zJ7&v+~B|*N3NpM0`0Pr$`s$?f{2LJz(7mSJdt#p?t8GyQ`@{VUAPJUyM0EQ*5j4g4!YN-CrBDk~i=@}l$$ z%1T|LlEczMJ-NzULW9$t%u>>-y!|{298L5M0+PzS^u4Q+!_vbob4peDEs{cg!=nmIBaDjNEe*I9 z9)Duewn}>;&$2@o0?$r!a*H(DAU|1U-Vs)d;*WbSwiGhX(&Gzd-glyZmFd_1wnx(f lw^w?<&QD)1wxDILMcnz*8SkWi>20)~aPHas%{?bwB>_c}9$Nqa delta 629 zcmbQqzL#}^PJKzLqd};7g?_faM@nXTp{j-|Q2u|;IDvA?B$fw8M)x=CoHBbTn7LUD11 zZfc5=si~o*f=NJCRDQaGxus-=ZfWx7{caDH%_xobf{M82i5bBL+0iE&z3VX~vS zQ?Qw~mw&DaSCMIQd2pmzc}Z4~LArT{cbdM3X_i-IUZ7v1fpbPkLAribd46${dA9Gw z4-(;yp%jZMV0!Y zMWyA2`JV31;l7nQUPX>!eo1Aek=gogQLfpQQ57Wt9y#IW#h#Pn8O7`U3{!ngiv#mQ z_096#yb5yjeZ1Y>i=E0WoU^kMqe_fiol*<3^()GqU46MCy$VCzGc$@({QNyF+#TIY zf`i=5lU-ATgY*-#Oe?kZiz6~z(^5P`JUr0@$+ODQx6n}`%E%%pCCwzwFF4sR*El=U zt3EWuB+$esC#}jWv9LHG)x$mCDA+A2vBa^M%hx3_(zBp6(A+&JIm19d*CI4u+sU}n z*f}TC-P1oL)GM^uBOoLr->smSOIKG{!P2*?*w;(nqp-N5z}(cr(%09&z}G)2q|~cI z+ceuN$SBGsJvb@Ct18QtYq6-eew@G*anGH{Qbm`jRPQK1ta#$lqkz_%qDLlnT#{I{ zLiX^d&?DlE46Vo6Zns&N7;Cz{on$+UEWYzsvvv{x4&kc+ DU;frw diff --git a/secrets/bitwarden/secret.age b/secrets/bitwarden/secret.age index 3118fd550e63eba12a2aeccbae1a3adaa9404094..cfdd6e450f349b84624209cdf043f5bee49bb31d 100644 GIT binary patch delta 813 zcmZ3*+QvRXr@kP}yDYsTDLJ<&u|nIx&o86M#nmFYBrzv2Te~8{KO!s2%{1H9+oi~` zn5)FlxXioQD9Fd%G0;3M-P^?^+as?cC%Lku$iLjI!pzwy(cB~@(=^P~kxSQ3p}06h zH#Nn`)YQ;Y!6cw6DnDJp-P^#pFsv%PB0MZS&C=1c#MQ^h-zO}>uQ;gKJup$*t2p1% zIjJnOur$Jxt1>s+JUqw5FyGK9J1fO9JvSuGG04!%tK7#VCp$MY*d)_EG}qNwJGf}# z2Z`{!H0Lb$G9TxXe9PSOr1IpvtdM+n3-=r|gOISih}^0`%PiA!kJS7e*K96F_q4o7 zPnXQJ%D|F>eD{K?P|rYvN#!+D4fXVfkF<+39Bfh1uR_-sO(Y{zfJd zo(8^27U5ZrL17+-L8ZwRp~l6*#qN=jxd!Ng;Es667m5>Q;~(5m;H7>t>vt>7?(AZe3btqG4*Ff`w;Mq-$E1cUq)(S%7x7hhtG>dQ_4{ zq)SOweqLl@flrcYR=S6Ww_j9dB$s)XfnQ2)ZbV9!Yf-R?g&OXKFK0#5Q zjul2Fkp{)tfn51PS>+{0g?<6vp`Hd#+7ad!DJGRkP61`k`306no|f7XIa$tmP9|9< z>0G+Hx(d!FVP!?7$)4ItCW#h4#h#f}B{?~n0r`gc?#>n3>29u}>F)l8S><8HnFd_( z>aTs-vf^_Y`li29yE?;C_KSSvk>@UR86&wJm9%RT-Je&Sb>N>qLAxa3T%q@>hf$X4 QoC~vNZP%r@k~@+s{1Nu)y8RGu_0k$jQ>pIXf!IF*Da(+bgQL#3QB3!?L*4)3?kq zpDQxi*r*`Q#mzj}+c-be+t|0nPv0DBp}06h zH#Nn`)YQ;Y!6cw6DnDHzrzpwX$+ zy(~P#EyW|5%P~1$+tEMS%ilPnthA&eBgNIwH^i~1Sl^;FG_^d_!rY^>(8Ad}$=Gt@ z2Z`_uqmqKCtRzdnAhW2Kv&NUzaWngm$G#8;(!z{C#Q<+JfCE<&|)r^Ok*GC zEXUl)K-b*R;_N`zDA(dF?eZvBBNs2XtT6wutkft|mm-6tVvEV~jNSb6|RqUK! zTJLILYT+D}VyNw65u8@y7ZvL5U*+o+?(b~DD6PloT0J zY7yY%5$a#*oL(4UmXuKtp6Q&-rK_u};OOHP9+jr=?v$5OoShY6R37M=9avPN?VRRo zsqdVYm#*&_5oH=!>}QUym*=M`IU|K%`}a(KMeyhm@p{(-day;@5iRDS>ffwRj~ diff --git a/secrets/discord/ldap.age b/secrets/discord/ldap.age index 236a11c..a72d82c 100644 --- a/secrets/discord/ldap.age +++ b/secrets/discord/ldap.age @@ -1,21 +1,23 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA gCv+qymhOvrz4Y3m5cjOETv6DKoJpA74Uy1ARoBtUHQ -xRJ7PaS545rmlt2mFjcywHsXPnihD+MQF+1vbi/DX5U --> ssh-ed25519 4PzZog l+6I+0bRe1SEt58W0vY0Dw1N2ChFqhK8bHxjQdKdvgQ -7IcPIy6EN4CybAZTVFbtEijjAmNlQ1BLPwCazm5kv2o --> ssh-ed25519 5Nd93w A0ZXv5Mxtz3xqRM7YRqBjarPn2LhA1Y+n2EaAIKkJjc -DtmQLk48GhWcTsV9d+mRL0Bhbky83TGH53b8BMg6OlI --> ssh-ed25519 q8eJgg 0fbckI9LuqibGrGNbHO70Oi0N9Uw1+FkNBjf/xy9ilA -+CbuSytnkS4IupKMATafrCUXYEnxDdmBomtTMeUtGP4 --> ssh-ed25519 IzAMqA +/WbGfhARVDm319TR0qHLHI6hiEtkhdIsL2Sh8s6ckk -Qq47gjD6jHbd6v17hjVY2VF2N57CQDQTM+bFW0bBaaE --> ssh-ed25519 uZzB3g RzTSqxOiFyNmhCBmv9scMZh9SIQNUBzYCjAx0UrjWCk -Ut52LPdRClX4VyVtPfMteYIL0nnbgQupAzOtiP+S8RY --> ssh-ed25519 Hb0ipQ /kb1PQTrQgLZgIuW4+QtZsbSSDbrYI3Kv2QSBYGtv2U -HoRoUilEz0cIZbohYK1J//l1Ujc3MyGzz2XJvc+jsMs --> ssh-ed25519 IzAMqA Li8UwQoWuxMCiXsj0IoqI1CWKIo8DP6B9Zruy242uAw -zUhpTd+uPWBvIyMoxIZbAMmP1sRi0yaoeLCfLy7ibpo ---- LPUW5Nd9pAyWqP52DXjB6UIyih9WsLZHNCDAEe08DT8 -szlq -$|#,kG[bYO -HF!`z^psj`Wgab}=y><tv#~pv/zZX8(K:-"riULV(l3{B# \ No newline at end of file +-> ssh-ed25519 V1pwNA FJbuXA9iZkVimh/bRdl2MnswKZpHkF6HmIqG/cmE62s +2vP3FNg2f1ijAMwWGcLa7aZQD7/Tq8iXwf6+/bMEgb8 +-> ssh-ed25519 4PzZog 75e7m7A1i4/XjB+b9OozGjKttQ3VzJuoNwKV6z1xYB4 +9/czRQ3V/Kb/8p9h3cdiXXbNBECeZfLLEWg8gR+WBE4 +-> ssh-ed25519 5Nd93w Kier0iAHycxtmgq9n5Mq/eLR2akqKB2Z/JBA2ACjaE8 +HokkZ2jHa7DV6KqODEH5rF+YprwNwBIjLLFGbfXdkrc +-> ssh-ed25519 q8eJgg cFNBrJQ1R4tDi4HTI/1lGEy44cjCDpnUXGYsXQ4daA4 +GPJ3fX/AxxhUjvfnAJNREQDEGp/Bz4zvfiTWHD5bwMI +-> ssh-ed25519 KVr8rw hzHh/c9qM7v7eFFpvD/uvCcDD12kSaTabVVA8CKosgI +3bwDd/aWeYWmYf8b2ko4N37XXgTP5LeP98qYXSlaxwM +-> ssh-ed25519 fia1eQ gol262stWS/VMaXgAJNC/VK5QkNb/UHN8X2khm3PHFQ +3eBj1/cUkTSNBGANSYp6S7IvMU+8dKKEtZxqo7kMzxY +-> ssh-ed25519 IzAMqA Z70Jqsw7IR9vk4uLef56F1+YCQtK2YvDC950d+WVNHk +nXqGHPrbh3VS2DMToRKs9FxBsn8PftR6HTkeA2KXRLU +-> ssh-ed25519 uZzB3g Zrc8idjRB+ZPHq9ScsCnXDqipGM83pio/V8mO6YYa0I +JFVQ8V3Jkn8vxklAZzwGpmOcaKUd8QBDFO/+gAyb3Ug +-> ssh-ed25519 Hb0ipQ Yhn/pwNTNmMdW3L2RV2MJECEYRlAzNTYztcA5MfRCjk +S3rkfwU9Nln8WFPSr102lX+H96wnHWVZa6z8upTRgvk +-> ssh-ed25519 IzAMqA 8SVaC/2C2+xmeCP07Mu+/xGFSB1UXrIlVJ/i8YfQXUU +y4mt/hZRuc0+5OXFs3VjYH/Q/nEACAd30YlyUyNzSqw +--- M8Emn3XUVeSu5qTgSbR7/93DjFawmR5iZ2qxQEJ9gd0 +zg*Fx?7,a1'ܥtmR t[VFl=+Mm᜴j;ĔFy6O\ӬҪo=UG#%{o=j- zpR2N5-?75UsMsLX*~vfHz05x`+0@e0C9T-cNV_~RBtk#W%iJ{A(Z#~jf=kyg2#@b09j(Nd` z`e_m686K9t`Kiek`iTaP{@F>zA$egYA-?A3r9Mt>DF&`w0f{E2QN zZoydrxyezLK_%vvk%@jq-tHO3#@Q(bK1K%Uq2wJ_WKmSE;AvXu6K0v}mzV786YAP( zVQ86Y=H!^2Rge^(ROarOZ|>;hif&z6W};zgpn_qDWkra7YHnnDsbxS>U}3RgQIuI! zPL@}&VQPv&nsG?BX}Z3nzqVtEhY44dccqWNf2En5lVyIoXL*QUxn-qqWmdjVUZI<1 zdR9e{qh&x=YKVEcPxj=qjNwd1v#N1L2249{$^Fq zE~&+39u_WzP8M8=Az4|b=I-vke!2eI89^!jrbZE_{uSoot_5Be7G)7ZdEq|(1zx@p zLB(9Uy1EMfneJt-8QBq4!LC6`5pF*2L7_=0Ro+4ACOKjGE-tRV`dRfpp%&r3k^Y`s z|M+grtl|H0`EG5Z>AH^(*th9)@lH*bepIVhbyqiWL*~BLDm@NIzV+(`K3_RD_0Ov> zpMD5N2%a$scQf9rClY4eAh-YL1;NKto$95Hrpp#*zJI&S^quBY=hl2{KP9X()Y7yl)lEMn z+sVZxE7d8R%c!t4(a*rm%g-e#BhA~*$kZuWJK3brFWb2+EZNDhI4H8XBr6~@+p#os z;z#lDf;8jog2xnbe?6(#}R z-WK^@CC-WE&IWF7l|Fuv?t$(V+2z^+QDv!>Nu^;0r7odduAT+j$(cSW#(`xOff0!& z6?vt`*^!l{iEge1iI)CRCBZq#Va6_oM&6<5q2yWR=v(Nh5NMKA6j73sVias#?q!(j z8d_hLR%YmtXBt#)Vd`e4U2bSnmJyazY~<$X%9UObT9qDQY2uTV5uO+7pInt05RvHR zZ|Pr|Y-yBilonW&=dT^CAMEAm$)&5StDv8rZtU;u>gs3d<(Qb^n&cZ*lIZVl>7N%- zSXO9Z7U3P7=USB$@=Ps<+c ztxPuxN;)9ow%Re}QSrK;e5`w?ef?S4!0VP0Y!SR$Hhos9Gef&TRxo0Trg+Loqwnm>11>T<_n^4gc_U(ad0O?3b8=Xdw|UB8k}J8uhd zn9Ot5&xlLz1f L8l=~5ne7e$%V-Q5 diff --git a/secrets/dns_certs.secret.age b/secrets/dns_certs.secret.age index 4b1089da42d83f4e020fa9b452462c14ad213ec8..8b370a8c5876a92821f28bd6c6095290a4a1365c 100644 GIT binary patch literal 2594 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5t--&vWqz z%qkDhOAPcf$}A2Jb@VRFb+$CH@CwoPFHMaoGA)YCa*WCdPv zOxJdDE-OlMGtF{LNixlg)Q?E=cQMZNH;yo@j6}E1B%mrPKV8AyFT^|F!!bC$GB+{F zIM+NtJ3lqU+ch^W+c>4r-PFT5)io-}(J3gb%9pFsBs3+(%q!nD#L+)5#IZCq#NDzy zvAEpP&?vIpBFe0y)F-Pvw<4`5)Dzt{Q@<2T<8p<<{IrU!#K=OY)M6vg45t#$Bom{m z5Pfa)RKtwC5MNWH#NbNjKo`%X%s{TB!j#C8Krcr_6N_An3J+706mK^ZXTS15|EPdK z=fI3Gi{OZy%8<<3(O0Q zigL?*Qu5Jl^A0PrC@NQ|)X()#3G<0abu%DKC`&H#HA?YI&MOZJGYd%0H>@Zq%ZLbZiA)U(2*`8HuQZ7aadt$v zEiE(AFf~x2u&5#+*(t);+$Y7v+tfHR!=>EJBEQHnz}Yd$qO2&%+r`}1yF%Y6%rTHF zJj*51FQO`?!q?D5Te~dVsG!oqH$NvVGBGVJBhWM=)IT87$veZ<(hb9J`tC`l>46Gv zQJz6Txs{Gp$tgi$*(NE4kr_qd#uilp70Hg31wke5p<%}QMj5W&73Ey+5&6mKNvW3E z?#52$&UwK`{`tnPJ{8)&{z>JoIhEx}CAmhy*}*1WX&7nJuO!D$-%+73OWQL=-@_#} zJJi?MIkC#es4`1CJ18~Z!>c6N)jhq!yDBR!JjK<|)sZWrGS4sDNWU!7-?PLpB0a(~ z(?dJLyEMnpEyXj*t;##iGq@zuFx|(@7bBIF8ATdcIx4uBRg@TI6`7iZr&;(FmQ;E< zh6iQ@xp_LLXZe~Gm*n~uMOrvoy5(0GT5uVblRZ@t7X^@dcK~#a6N1ktFK}4j9f2x_I zp+`oZWm33jwqHSkVSb5$1y`~`RK9sok-v$TS)xZyX_{qTiMe@dX-NK8&GoNJa`Mr4EU3)Y z5A@6n^)aca2;{QxF)l5#%<#?1b}vuL%+fDONe(dzEe^7D&rkC8^N7+fD|8C8%r~tF z#IUV2s>;bYT_M~hFd(VKAS28zN57yXGD|zr-OszsIm167zaS{d$j3R~-_*`Js1RvTn&?|- zT5b_u>F5<1VwP4Clx~=jk`ip7om%N=lC14*nCIr55~yF5%w_Ip>XqSXSYlxoQRbHI zW1ee}qn}X_nN(_0=2dK&Ul>?k>J#Md6O`zW`#>Zs99xxfvb^6eqgXmYH^TnsaZrsp@*YmdT61E zSGI*wYH(0cd2TXShGA(?PHB=!dRm@oj#FuVL1d7NV`hM3M7f(&Mn*(srgm7qmxpn> zzXwL{4s|t4OAb^B%#N%wEK73?NGWsntjx`|OewH1&QC4SE-}e7^{pxo3-h%|)lbv* z$VuiZ2=~tNOY_YwC@L*TO007AcXTo+2r;U%2n)0H3JVR)@Jr4zN;mM&x3EA@laX$T z70&4jP9*^bZl$jN{-uVwIbjCA$ss;vMH%i+>FHHIq2=l3No9FiUe4xOz7dgJg}&Y< zZY}{Kg+=b=`UYl+xn`c;{@TW=PR1T!}CVK~YN4fiEmU*QadWKjOq?`B`hMGk9=!fPf>K6o8J8_?4I$ z2ZkjXL`9{zo49xt24@@l8tEH)=V@C6`I!azrj}vEn?+farE{P{QdVGKdYXl^uX~hB zdPZ1wkWZdjrE77TWr35oL4Kr3R%((vlwnaS@xu1 zm-v;fHsT9t#hg}DuD$Tl>njV-H_!0wCGl(zUGAQ`YWF(-*U{~De}8}d=HeU59v!&-l)Y(Q zT*Ad+|Q@<2T<8lSFU|$2*sBo_+&vI?wL?^@KVAtf- zGP8)R(lqUC|HQni5M%#v1MNx|qhzjfH zk1%%42=wKus)($zC<_ZJF;DUfaxp5=uPSjZ_R>!@%#Dal4bLm^Fw`zK^hrqyDlbR3 z&95ZKPv21?AS}PYDMMd7$=AuzIW^SWJJK=BOgl5&H95UF(WEjg$;%@#&E4C(JSU&4 zs4%ReBsi(Ou*$>BvB=UZ(#WD9IKZ?d-^jHhGc__hDbhb8Gt}MHKiL=Ewlbqg14~DR zBIEE0w&kA$@ zkO<$L(3C3YY(oQmms}5XOBbh!i(FmJlX44PD~v0BbMgy|Q!K*s0xZz|<`PyFoSClR8*Z3k8DW|e>K9^S78<1O z6`AFmjKe z9$r|OZ|a(zloXzmYg%Y-V1SVWN~5ZrjMEiT^oxVs%e)MeQ=KZZf^&=`jeXtCO$=Of zgHkR1%{+~=v_tbUJoWvG0u8tVl8eI9qC7)WJ-iIE{e4X{l8bW9gQ8qAd@V|ge8SRl zf-Qn`Bh5W4QbW=GR#_HonN+Ue<(L>$;_8%<7Z4KWTJ9EU78a4@mZP7ZTH=!&P+;J% z?_`ve<>3-mW#G$|mu8yhm7b_y6;u)#Se}{_5)tN7Q0VO&73`c_scoK;>t*+R%QAg(+_aO8D~()&qaqSr-Ghpp^ea8{i!;;x3^8(mN0LEi zL7;+{p<8%GhL=HmCacNPiPkxl8hnZK1mw|V#cWADYeqws1Nph)?r7L2Wx`ahWx>*=y>0^{!!G$hPxsD21i9U%&9z~{^#+gM< z7NzFqVHu?suB9$M9!9~Lfkin6?g8%3p{3zf&L&(*eg!V(Wu*m{5y9C8-XT>)R{fr03L3w1S1OAb`XC{6Y)iAvG0Dl&7bFe@?32z5+O z4fn_mF3KqkaI*BuN(xM^(AQ3j2zTWw3SGmr{*}jrlu<-2YF?ArTCWkgoh+&`x=#7B$v2kMjE)5SZ0^`1?pGign1h{ zyCk`nm3wl9h9xucFG_%!uH~&~&b( z65pt>#EKxVph`>Ew9K@m6hF^$W3Q@`FpGdpvjF#!?A(-M*Th^igFr4_U0sF3(2&3Y zS94bbv!a|ZOQY~yU#CdV^s+4H!laaf3XiO$>>{5aNA0Tc3JWgz9kR`{KP!CtqS_f1 zeOq~MP0rpeAM5X%EOnRv{3Fa{YWntxlXTB5&UsN(CDL@D`+FMyBCXd}b9%y5Pn17i z6tv^(y5|d4zsqN!p$!mHka(lUbfAuv-#G<4QbL_wW_v;ScvC* z?pgZjf8x@es#9YkFF604$tqgTr)4F5^(52((;UWAr_cGlDv{xo|22*L^lkCCZf=}o z{p9icz4bK=Oe)oL5AEQ5HYfR@k+iAl6Lu5 KzVY9g@g4wN ssh-ed25519 V1pwNA /aUAZW9tSsBQ8xRS/yJ+Je69j5sl8iScrzqOkywoiX4 -wmMAZavRVgBA+e1Uw7ACZkrkRC22xI7H/90K8ZeL/8w --> ssh-ed25519 4PzZog fDgP+2ChRIH0ylChyRumpvYjFn/rM+NPxrKbNYbP5zE -iU5bZmafl+Zt8Uw0+3DmQSi+4YJVGXf88W39+mOzkmg --> ssh-ed25519 5Nd93w 1a4QFM4DR6iTKpoIBf0zu5LVELOJrkCjqmdz9ksVP1c -U3dOhocNgCs7mwAIIIr1GdwXwzx9lzg4ygKdDoM/YHQ --> ssh-ed25519 q8eJgg 1pSJU3CrMP7VO/nLZepMDCOoJWu+rs+lGs2n6cHuMTo -caC79crN5hoIZ8CKg8oPm2HB/swgbGRl7GWV50ZGxiQ --> ssh-ed25519 NtlN/A PGi4H1QF9TD7QmeOdTwf8Xlvgs6+LoDpaQRjNCthiTI -VWc6rmqNT8U/y00x7suwi/hAuy+M4WGKpvraYmY0sfQ --> ssh-ed25519 v2Y09A TJ1t55HLWxKCc6UDiZHZAl0rJyCutEeB6KP+a0/CyTk -iV6/HA6q80mPnqDvAxfiszRIOWErjhBAKqAyWQFYYJ0 ---- Y0yrlECqXY/j3N0Z0ebhSlPCdXbCMreeWyLcpipi2L4 -Yuf 'CM$4;BL| ssh-ed25519 V1pwNA QUveqW1V2eyNUoLz3VlbU1eoeKqpMhKhM3xidvLzmAc +ONNE8H73iwIqsGOugXQdeH12oro0eAU2qBgIMc6/OS0 +-> ssh-ed25519 4PzZog oYUJKbA2TI8onEnEDLBLpRDqXBZlX4Wa5qk/vT165iY +J9LPEQfwudit3Fa7Po4tR+ZGMGJEVAL6QWD8S2pVeXk +-> ssh-ed25519 5Nd93w r3fH+siDMDiuo7MAYUzxpcCk+SM/kY/cL/ndRWn4OhA +zPQrQS9E7narD++03B1ECfz3w7Wtckbk3nC002GkjD0 +-> ssh-ed25519 q8eJgg l4ZcaUycpCI4o4NDfsQlsnl/BzS4UKhxSEYKbIclmik +lqT4jCsxhtK2tNNzRIiiZmB5iHFfzMR9w2TayZlTuvs +-> ssh-ed25519 KVr8rw CRuDx3JbAfKvRQ1SyD5whrlw2MpFnlP33YMiClgXvC4 +LKZIzgEEjLvKQgDJOZUi6tP9hi/lXehYQyodLOiNrYg +-> ssh-ed25519 fia1eQ uOoglDTy0OlQm+aUqsg3KfPFXynHnJi7d7WStsw7hmQ +Vt214X0k+A+BWzDwbk3JHX9/lOY74bUPVt0CdYUxHHg +-> ssh-ed25519 NtlN/A yAVmup2BnnPIyRVQD4+e3Fh0RTfc6mJZRLKTPV69AHw +dEAj8GqDaIMq84hU5DHEQsba5d7Fvp71xaMVQfMD6CQ +-> ssh-ed25519 v2Y09A 5rxrWgwLfUKqbWIyPzODXJiFSCPYB+Xlchj+9wF2RTg +x9qWFO8KJ6R2EUqbdkFVFYMs7nHelnqZ9XF4bZ6bx8k +--- XvVzqiGGv9j443pVSwh9lZYRjgSuUn98bICJichEzhY +/"cŖR"_`QSyp)ꐯ zeNjTc:9%I }$~ۢRW`0Q'XVJ[@V]$,ѱ[?uwK!̹uB:)xݍi \ No newline at end of file diff --git a/secrets/email/details.age b/secrets/email/details.age index e058d9ff20a105adbde8df406ff25bc4a3522b82..6e3f187bfd319e6c13e85f19f2f30e703a98b010 100644 GIT binary patch literal 1309 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5t<13`+M4 zDojhUEC}{1_3|yUuqdi>3(Kt3uZRpzE-fhYD@~3x$?|s$a^><)4RJEhOA5*Kt_U`F z$}tQLh%)!g_c4pe3GuEdb#?Jf49$$H%ql9bFhRG?B%mrPKV2cnB*n!sDBm)$pfJeY zvd}xL$f&X;yTB{by-?r6$S5Ku)5q1x#m(P0+k(r_B0Rh(vBJy1!^bf_)y>x+$@%rn5WATiwE&?q3is5HY8(>7DT6iefBg|MXjoUFv)psd8KqHN~^!^|9CXS2dG zmoj7RAb(dga|4fJ!%ROn@1Tf$uBy<8h^or+QvKlaprXRuz!JaI%tC{V{KQH>m(p-U z3sND})s$x#}nBr=+-~<(LF#RHTL*d!`tdWkrN}IRzMc zM|tOYg@t+*yXKS^b5)v`hUU0MWEqC$c;^LH6dOcjXI7M%l=_5PRs=;wWS8Vd8s&Mq z=sUW(qTA*jR%B6Bu8`vFuCJdSVV+ZEkXGbrVv$~&>E@Sf8B$i7@91UdWT_vhpKsz8 zm>KS#&s83!9T@JXZ4l{g<`UuIT#}noQR3v1TaxWj;+N*{ROFqQZ0zXbS>df8if&t4 zW};zgpn_qsX{JX}VU)gkNJ@sYVOgkoVY$DNb9#|wxS?xcP>NG|gln#OsCGndD3`y5 zM`V7UVWNIUa$seaYhZSkk9KL8XPJvpVvwalwsugyg|R_KrFmeQC%SE(RgS)ejtZWU zCLyj)iJ7@3jwKcTCVtwHUXBH2p*b#@X~|yM$(}_X21ZGt0Y(OupTiPB~ughT#=H7QvZb<>8x0JnnT!hG#4v(k)^^2CU!lG1>(DtCP^ zzkGw_U`qqXGDG(?$KuF5Tp?NE?(Gwmlw;;v<7BmYe5ilI)`&nd6t3U1C`1 z7GCI`;qR4L5y_RARcdOQmtGN^ZQ@x_;+hu}Wolw> z=*gw4tE*61;O>{}m=$249aLIeR2&iRoZ?a*9^sW)=x>%}n4Xtc6cTg)SV3DbMxw6vR09`EEFU uHtGG7hLGyZ9e*m@j%jEK3%y#zGOf~S-m=f9n-8#rGS1Gw|J!iO;bj1M2E6A0 literal 1089 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5uz6(vNg6 z4@*xmH#A5MHFxoGc25jREbz@tE(^(Xu`Etb%Q1`6&eSh+3+3|gDy;I!Ei(1WsWOgm z&9Q>Qa?Gu$k^Pa$geov z*(E2Z$l0PS+&n5Ixg^k}!Z=O8I3L|MQ@<2T<8p;mOH;onSJU*6yp-U`FvB$0WP`*) zkHE0V$ndl(a|6$k0;fWk7gA2X#JQ72Uvy)vT z(k*fmv(f$LS>@04e>7L;abP@0wGV^mram|c|;70{O>}G0QneS4XoLZ6QofHz88kLn^9Aa9So*L?8<{jjZXBnPZ$^NhOR1AZrG>j$m`9|uUt*bWfRkmoS#Cy^Ye=fUPk^PqPku!tmy=1b zX@yULrDbVeT2Xp-rlnJXk8_Zbw}op|aDlsjNMydJaZpG=x|>TRy5BsK3^EG>74$um zBU1xXT}mqh+`^o4%nM3#a}rI0jLR+cQ@lM3%gj=96HN?E3yZ59xibCIGYcFo(vtnc z(*lDn1Jcd>^R+9}4LwT|D?@!;OS7s1Ql0cu1APM=(QSiXjm#(g^LZ*3kws%&3a<;iogrjF@WtF3mhhbq*Zj?t< zW_VhXv3YKJn2T|EP^hsl*C#>4UoVbz)hyp|;oyejt0X@!+#t!2xn@t5rGZn;$*e=A zr>8A{`5-25;>GgI-`OfGV;y*z3;1htEKGD&F9*9jmG5iK6r6v?=acli9qnh*xhwb9 z7ujSVXZ!sry;8x1Yfj@I$_o Lrugiw38%^cZ7p)^ diff --git a/secrets/gitlab/db_pw.age b/secrets/gitlab/db_pw.age index 772418c..cd1ad00 100644 --- a/secrets/gitlab/db_pw.age +++ b/secrets/gitlab/db_pw.age @@ -1,13 +1,18 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA MqlkSEW7665vH8VANnHBHTjlc/oLffcjvh8LosdmWRQ -w4++vB+QDa5cEZUWEzj/lWnkhzRmHkJbXvYzW+h1bCY --> ssh-ed25519 4PzZog jABRNvu9+DWUp7tQwqmSeuM2LcpFwW4wH6wJ4sYWhxc -HyaQan5J3FJXkngmaMJZRzPCCGv0NX4k6Ui0R28+Tvs --> ssh-ed25519 5Nd93w ETCnB462oOWu7uapPz06qHlLOw9lX6E9KLKr2zvENC8 -q3lYMQta1H5JDQjo7FPnp/SlF20L5fwD547SK8uiu0Q --> ssh-ed25519 q8eJgg 66LBY5S1DAXFdVnOHcpsNF/+w+X3c5gRC6f44Ql/QAE -qp0qjWWWcP4Ke+8ecq7v7xi1bCmRjWvKxc/qYXXuq2M --> ssh-ed25519 uZzB3g Mxi2ZLmLnoZH8iQW7fCu0+Rq5a1xyJsboJBp/vL1EUY -Wpp1drSllzmrsx5MJlwq97OIUoJGViK6oxyKoojoGpk ---- ldMCFXZrvRbTwcAgMzeikkk6G2O4J08xVrMqh65mNZU -9^SڥluzM&u_h%g ',"n*׬Ki,3S;9MfN=Q=+IX}]hA7fo&u+㩝#rQPXky&"UO+8H׎'.ܻ3 \ No newline at end of file +-> ssh-ed25519 V1pwNA a2hqKI7aO4y8QLvINHmeFrAeUthzoE3gcsNiJS87yTk +iy7zvTi6gh3/t42Pe+f5ylDx4eq1hINSAFhI3S1wOks +-> ssh-ed25519 4PzZog S4zRlO88rWpco1NY/7yJDQvCtPnRvYjWosE8VNtYkWU +iX+b3W2Pa3kw+ErHo/Qk+ZTH5B8svQTfMcXdN4IWVZY +-> ssh-ed25519 5Nd93w WDwhO/1jtbE+DbLq8BkReY/Vdyhdc35win+n3HMqclM +v2lqyU6RwTm6KX1z99FE78jv1KlyuoAWRG2x/Wq/X6U +-> ssh-ed25519 q8eJgg J7F4QM4iT3+8HbJo4ARh7iLn5/GBptn1wGM7amyr8ms +9DuYiyXOOWzXdlUAO7/rUYuPy9MyyxB88w814aM3XE0 +-> ssh-ed25519 KVr8rw BEBn1R3n2JYWqcjgfO5IIRWnrcPnMtI2E/hQGktypVk +ErzCxi8fht4tWQxzMAvkDnbNUtcbiyBiC9pNdp1vbaY +-> ssh-ed25519 fia1eQ G6EtgOxK54K97LCUNZ8h87WwWwXrn8cKtkCXa75pKGc +M86xqkKJ/DtjB7mIE1gPhoXTYzHp2393w0cZMOHQNQQ +-> ssh-ed25519 uZzB3g /sd3xL4WAKbPxvdqq/fihyAhxkn0FAiBCYydIXB1/VY +/hdi7E2cEU8U82/CVB+OpGacC+OfVpXXYEu6B8bQnB0 +--- HGKIhGq5mH/k6m63FdnLdO2R1fs7o7K/wlP6zBwopL0 +w71׻ }5-g-+GXVpD)Iorңm!]7Z)Ő"tu$zUyJg_Y'94Th_*d%IoQ7JH#TulS|i5p}06h zH#Nn`)YQ;Y!6cw6DnDJp#n3V^Ex^UtCDq)lq|#sC+$|_fJ3QGy_$$k{VBH!;H3B0I`= z;z#lDa9^kJK&OaY-_-2Dau=tlDib69z+_inw{&xlg2q24~G6~3iO zAyvtS-enbKKDjRGX(5@ZrGY`^j;WrB7VhbVhIu)WP6p*%xi0y|kv=(=mBF6j`azLi zzAhF{7JkM~5q|!a-sOebITnSvQRbGBX4;PEq2wJ_WKmSE5K?YbUhM6k=U1Fsk)2c$ zoL-+=l5aE;_QWoYB?qrb{k?ori%H3hCjNy1EJ$LB^JW-Ua395&jjSSyh?o9!^P>#-*l?AqE90-WkqL9wGH9RR%5*DcPP} z9~|^@f4hEj{<%f%r2PRAyPP>U>fKf^D3bmx(6r{|zMrQ`8?2XC*GzId?^iQt$N7#m zr|Lvaj4vK4kgS;fxm(_>NpI09uF983w-hj(kkHR7Gg;2(-Y4tz?qK`U9L3x3N;mC~ zTd*T~-=%}AKR;5OzT(ht@q4RN6t$XkAG-=D^zz?W(6W72xn%p=)Aq4vWNu6}b=7@) T=CFPotB?5?{i<7UjTZm_3e!Xa delta 710 zcmaFC-orLQr`{sRs4~Po%+K9ZTiYmR#EIibetHeLiATZZ0yudOzGr~8(D9OV(&&%H}FCsV9H_|dWIWr)oD8RQeJfJ*% z;z#jtlPLetGPAJAGSes{?TD;$pQI>*pb(?Xg32m?gHY3q(!BhTvJ`#y;w(q5(84h1 zk`On?@^F&~_xwU_gKWRdl2CuIst^}%_prQ-oP0OqlA?&9^wjjp@r>g2&hGi9x%v9q zsoIvFc}{*oj!uSY6+yv{c^1jup&8DWeu+Mr!9^Cn!5N-hM!6YIVP;vL={W`Fg&v6k z!EOcyZu%t!k;z^qr5-_1IflMoiJ_IrCE3O3p;Q`GTDk3T$)xD?BkRg;N+ibQdtmeSrV0Nz~z))7#$2%k8Vz4 lIK?QR_EFMQ$~|P$=Y-i0n@=wO>FpipY$^RPqUj<>9{^hL0m}dY diff --git a/secrets/gitlab/pw.age b/secrets/gitlab/pw.age index b6b627ee6cea2512cdaf02102a251e2f3e9218b8..cbe77d7944c16b39df0bf0871a984dd3b8b1f8e6 100644 GIT binary patch delta 914 zcmeBWd&xdQr@qKMAlKKcEHgaHB*@Fd#U(r`JlrfOF~`u!zrfU0zoH_|&&jnswLHnu zmCMcDLqAnN#jhgY$fC^4Eu$>mIK$7^(cjP6+d0cMqoTMlG&4Qf-KDbBf=kyTj593V#WS6K);|l%Mtn}o3CzH%@-^vivoJ`lGT(@j4-$1W` zbnWD%NUul_58w3gV&5>I2n#2VfQr=O+`ym!@6!By!%%aJ6bqBd@r>g2My|dgMH%|R zxe-M^;l&|E7Loq>?*3UOc}01FmW8?Ap5;a!CVqM0#@W7H86mDwuKH0}P6}?4s}J?PsbV zl2PyC9hg{|9;|I%QR-FdQ4x@3n&W9%=9L+0z~yOTZjhB0VdiC!3U{Qca zn08)RrI$%|j;TqhkICe-jN17$FiDr@c$;s*I z<)K`!3M^;sTH2d>A9{xfsQ%FiBb7(mL^pto_U2%SxNN)ZdD~k0nW)> z-~4v3{`l>|lkMv6zbmhO>{@$oQ@|4AtEcjgPLBJ$WOkJM#5D`zRu^oXmpeI5{KAGy zkuNwKO9OA@%_}Nvc)P_QV~4~N))>v@to6IjWk~Qvyt*$V+E-S7i=q4H^!$y!Nqg3; z5_0OSnBe#}P^0n98pbyhSGXp$&e7JsTO-{WV_5JrGNPx+QsUqLrHmKVUq0Dxx4_aTOuHz3 z;z#lDTo2E5!*oaI{2Vh611ImC@+dFg^x#mpR5vsCtn?D+f-?OK|J>AKlbmcWeOD(p zzlt0uGslA5;Ha{sg2fu>$1d5IDF z&iSc90TpR^Ci$6_1(}ul$(3d$QNdn8<&~xZZULcXVU_7z70xB*+39J1Mt;7AC51Ug zC0WJV#m0%LCb@1^hL)yD8HHYv#>JH;=?2B0AUS^T!6nqq0`o|#(i;br7kWsp%>oDyMH zY?PR0RuCDeol;)rnVK8voKo(d&84fWtKgXHRgn|sZBgmy<(6*flA9Eg8Xjrk^!aYT)6S&-K2x>ey`7I}!EE-Wesi{t`JaBjF#LaHU#$P0794Y6;;x zPjJ+>3RJJ ssh-ed25519 V1pwNA hv4UcqhAkUaXfaa3w20WMEWXxeT++N4S73dAJjrwDG0 -v7fhGJZx12JXb1S9lqAYu3R3K+VX4MQAHlz+mBqwvwE --> ssh-ed25519 4PzZog BDI+dSNd9dLzRp70t2+svV1hlHzc8M2L3tXG0pJsrFU -PnQ47uW8nk0tgCZW2ee3IDt42tZA4vDz2NUIlsgvcKo --> ssh-ed25519 5Nd93w 53iuwGqWfa4rtJPoG5u18V4yS2PZEodQiJZlA1JiM3A -cbILfzpEvUJMvkQK1B4Rm11+3FB5l7a6cxsCgiIYo4U --> ssh-ed25519 q8eJgg qr7MzkbPkPytxIUd6HkDrCxhwA2tvxtAqKjhwdF7bG4 -aS/2cJL7d5pwk9pD7EiLoYqzpLDR+1L+jF3xMTjqFMg --> ssh-ed25519 yvS9bw zpFmE0X00PbHYt2jyoF0o8iZl2r3/rm3cqTWaDvW1Uk -no5mcYDiJzY4QhbZXHDVVzIpnYnR464mLLBgEIANojc ---- 0hP7UXRRmSUkcQQXnRFgtXkjyh8wgumK6JMZ+tnJUlw -trWUA+l.z7PM4#`lPy{5-0H:K`~j -(dN]PIj-_~ \ No newline at end of file +-> ssh-ed25519 V1pwNA ho0uObE03nO0vqsvZTMzPnCtKtrDY97NPnB7gEB/jQw +ACi9I0H6kVueAxy78vk/O9jRCWWg3oNqUpZca9DRxaM +-> ssh-ed25519 4PzZog tDFtlM+D+UCo4S1mvrsza3oITzMP4Ce5aoA2qHH/cic +xANLix3cVUbIaDoITNMmeWhGwDBI2Or6dRzHVgX90pc +-> ssh-ed25519 5Nd93w D0hUE96J87zkA4RFBeWT+DNQ1+Ias22qCBGJqCoNy3E +T5LQfnfbDroncMKocmQncKNn5hNk8DbHr7PbxRiREsI +-> ssh-ed25519 q8eJgg AAaT4eLvau98av6noniPXsxO2/hNe5zKhe4/652Q5gY +Fm8LUMsas1I+7Gk7bgCQLDglgWNBzoU35pOOYhrAhas +-> ssh-ed25519 KVr8rw di5+pJXvYhhCorxEEMtzCUaVyxAfj4lou7dHGJTa3TA +BlpXjM4e1nHQMP6l4yDqIyqDeSxBPqY+d00ovsXWxfU +-> ssh-ed25519 fia1eQ HQh4QEHVWYSUjfnXUa3hBjFiNztpUht3WQfrOdJUHiY +rBls9Iu1MJVl1kWlcXAuMfkvSUYTBgXX/+Z47zpNGCY +-> ssh-ed25519 yvS9bw +E73rDWXej0/ZciIvu+femktarnlQoXF7zZUQy6q5TY +u/+L9EEdQcztppqUIIX46cxFtneEEZXdIeCUQDHhApk +--- C9L0vzou3KDkzfFX3SvziLf3k14nDFtuCvrO53WKdZM +#9+k(@4P$p Ʊ/7)|K'), ,5hZmX)Rޗ[m %EƔ^b_a"we?jyc0L-; \ No newline at end of file diff --git a/secrets/gitlab/runners/runner02.age b/secrets/gitlab/runners/runner02.age index 820393fa1774604052e50515de68bcf31e79ebb2..2901579acabfa034ce58ccc9828422e801d15bc9 100644 GIT binary patch delta 867 zcmcc5x|@B1PJOv$a$;3(kzcZLgm#9$f3}xnNV!3dmv&xNX-HC}M_Hzac|n*-ex6Ub z1(&Bsaj2PjR+UeYPl1=CTVSGrrBg*op1yuXQn{~jP^e3~eri>CvP-C!Czr0BLUD11 zZfc5=si~o*f=NJCRDQaGk!NU1v2mh)n5$uCT0nN5yPI~IYqqmjj&`zHS+Sc}o>`)q zMUjVoVOnM~S5lUDV4-1fn0H=sfSHR)M2cf#R7Hk|uSrI6WubwGdt`D+iDim=Xi0wH z#E;_Pt|lqoVIc*EhW^Et<(65=<|$E;*^!~z7TV_dr55=nm6oQ3Ze_uhZtmG!xqcNH zsRf2nLFri~hThs~!9EqHMG>y1KDLmdkf^GwZhk`05)lFb~s&_c;OtjMCMTp=RFE!{cPCnL$j#nh+N z&pe~PC@;t`Kixby#W^dbG_1_n)zQc})TKB#$Cb-FFsIxx$0^dSDmf&jB-GR?Ju2BS zIKVI6y(-w>*UL22H_EHTuq>@K1;e_u%tXV~K!s8tU$+922yY+n()291Qb!YQFJr^V zknn6T*R%@bY>UhgQxkJ-_YBLj@IbDt3g6`5^pF5olR)i)yzJcKbPFG^@{Azw>}<;v zUssQcRG-AuLRY_lh~&v73zf8Eldp;!{-_ zQDx$4TxJ-W%~j%E5|J2KkQV7#oEZ>m99d=V?h)o|o@yFd8IbOpk&_mr?O5nml4}qU z%B8ETtKeF0UKEsEW{~0USW#k;l<25$F(s8ZjkNfZU9TSuzH>B8p?9zU8yvy^u4kgQo{*Ug*7 zy>joRGS9m$^RLVjKkT@9yMf581nKreukM7-;GQRaWk>ghXP3S#6jj``W5Bi>i`GxtRsfIa$?wRFTCKjHP;~B;44T2mE!ptqx zO;eHz%%hwf4PDbJ0)xzo9Zj7hio$)gT{Dc#fM#i zHQCwArLZ`nG*jEeJ<`(5-y)#GgiBXfSHU96!!Iu~JtEL8$hX8XIl>^jGRiC6y(HVM z(9F^@JJG^3$gC(RxiB-^f{VH9OK1D!a}Tq3ED}4W9{$V8D&T*&7Vq@tscFTxZWZUg zD|1+;?X;`upV7;uw&yssSLYqL^rHXw<8#)lo;{!6oqWvk&CDH)74na~cvL(qE3(Ba oIht#>@O32g2r=0^0$jBlw#VxAHEx_9}%EZ{xQr{vyDa|4= zJm0az)7&GJt1L+0z$H5(BQ!8KDJ`YS*D1`=%_YS!Sl`0j#ibzKvdkd8GRh^a%qTQ+ z;z#jt=g^Sc(4wgP+zQV~v-0xP+(^&zL{BGwOJ}#>fTHBUM9=VI!;;Vx-&_l>q>?cA zfRvE*vdW6W6qBOJ%u>$?A9t_hzg2<=$BZo{kZD z+NN%f&IXp1sd?$;#a_9N=>cJpCQiYA{@GQ|W=Sbgp-#SBKB1Xu1rhq8em>3y>8bjT z1%=KAVNqs&;pL_27G|dIB?YD>M*40^nOPX2uczo7+#oa zQeRLIT$X2CZP~wzk8B&pB>1!Tb z73!MpnD63c7M9^2SQ=R366BnY9w}*=iH50x3QqZsS>?elCMkjL+Qz1SKJHlo<&nv* zen}uLB_?k9C0Usv>66bgir1&>SGpHQ<|l`mr==U2JNajsn^uOVyG44WMP~S8=E+$ z7IW$9>MB@fx_J6mrW&{=78jcoRTMcJMJ1hPWHJnFa^u`_?;Vnuqxpr=@cp z-kQ7IKV|3Bp1l=cA8gN8K5v@YxqgxLX^F_sSMFHZwdv&PY?hY`{KB`S*1LMIyyl$D z6%nuQgigsS3ud#=`lYd|$U*&cTW|4mhi?kcANmLewmxq>de1rT@A~rY-iC-dpK}Vk zl9|OX`X5+*EMVWo3BGyH<0nXKXUW|wy_OdxoVZjB0aS*KioSaJR-_GG@{(q zkt-u2D$mT#C8#pW$-}8IJKM-RINKxLvN*yo$}K3pOy9>f$3N0D)X66~nM>DBp}06h zH#Nn`)YQ;Y!6cw6DnDHzqSBx;!X#h6#4NzO$k|&z(k-gkKgqPvDaYT#%*?wY*Tl!E z!rVQ#FeAN~E8L(wIWIfi$1yq2DJ>|n*do|1&^Np|#4R)_BhN9#%`eL_vdF8#z|hin z;z#lD(kMq$=gf*+*Pu{S3lmQxeS^%ff~=}+M_=>8Kx5;Sd;`lIlhV?hV%KCYBW*u# zr%D%p-+V)F7ccFq%GBH>*UHiY_b@}JsFdVF*CbCT|J({g4`a{C@r>g2mKEVf5yme5 z+WMY3ep&hAD$6XX&GORN!pp$fc{Rs}O1&=H>2ftnK9Io0(LaS!|G8mRISV>*kW? zZW)%8=v@^NQd*&H=;)T1%(YI+b?XJ5XAA1BC-fN3Fs!?A)k;OC_M=_)ha){!OW*5H zst@lJRy5&Wb$woXVvozB7n6lQuic^+!5PW(E4ny>p?0mhu;D*hEsI(6C8kcjlVz~= zf5r5ece7o$hnCI=Xv%%KFx_4H?&g;23I8p>nnpKeDhdnKrq6iy_S+GrnR>o=EcAmU l!&piuNNsZ{iCw>BgSUbv!}B*D)mt6hFPtlv+ift@4*=Ku{R031 diff --git a/secrets/gitlab/secrets_jws.age b/secrets/gitlab/secrets_jws.age index df1bf93eb37433ba584ff91cf9d45a73b967e50c..57748892d9e6094eb6ac67437de8bd0925d39e19 100644 GIT binary patch delta 2475 zcmbOw^i6nzPJNPjMZQHvkwHY3kDo_|NrhKXaB*3fZ+f0zNr<7ZWm&e1Ww5u4aaD1Z z373;cfPqW7i=lT&da|K*a)`5+xkYHPV?af5K(R++P?b@hS!8ILnT303D3`9CLUD11 zZfc5=si~o*f=NJCRDQaGS)`G7Sg1!uUa(7$sjFvYu3KSgcCKeej!$5slb2a>mQi}7 zsi$X|UuvK)S5lNqzJIQBet5a3v169Lr*UpxK}uC*M2K^?Q;EK}k5Q&~X?jX-WpbIt z#E;_P!NEplDN)%$VcBW=S&0Fb7H%F@RpCyhg?^R3`c7d%Zn>^r#V$^H<}R*WQO*(i ze)&m$X?dn5mZ^a`mM+2W`r1wwi9t?@1{I}A#zl#NIYq%C21VJE;~B;4L!663L){F# z3p}fmjgtMNq9Q{=!;PK19n)!G|x2e;?T%~V()UZY|G5-+;HQt;zTFc zN{=M-VD}_L?a<_+lU4qEG%=i4XUCnD@y}H4e~6joFhzqoh?E_ zJc5(+vVy8Sf_%CBjC@T@BYYf7EweIBgS-v3vrI#>eDey7OQNb$4LvIpjUy8EQ^Jc3 z^8&eab#)aoU4nx1eJcth{M?J3O#Ft)Plu8)hHHv94h5yx&*w-?X7&fM5@H|FCesbIgH2A# zJpJ(X?p%e0Ql z+_H|C-)8jmnVa~TnI0E@>+Li6U43C=+@oI)7RoF=Ya$SO>UwGUpSElD#%nbHItiNy z)=%$MdAW5HSG~iZ=dbxsY+=}SUcUED;hfS#Oo|P2->=GK6Y21C=(nD+LU+UaM;Gc- zW;iO#Oge18Xj9LY)w7i5$gMwd?1$fn^>TCCFYEK=&z-Sj5<^0#m9+J(|H?O5q<@tC zF5i>kW4gCs$L7!S8_vG!_}%Rm7^~%>S2UZQ)27PZb@{T{3r}e8s%KdeXPv8}RMWD- zPw1SX_~!=y29{YDidfZd2`=Q^v*OeJYJuiA-7!Becs^?{_-=VQYUYc8srm0CnY6Rk zo_ucY-moEY-g1Wr$@j}9O*>e5`~T!SVl%AjohC1-I%2PD!?yW&t-0&LqX*wbe*eVv zCeiC|%Fg2c%JtGQJmvgBADN5#-dU-eJyu_>vn{(;q8P5Lrtx;MDr1d|@_jeanNrIS zrW}uUW^(wg$gA}3eXn1~iS?_6l649e@BYFz`Q`M2Wnp_#4m$`<;N1Oct(1CM`Q!Ru zdmBtnS0q1J>G@=0lZ{XDMD?1+w_=O9S7wGCcqM0Jp=9hKs?h&x^3{`^Ow+BFYz|Wn zx^%NgYoFHB9lOsQeH#3!<8*rP;-TuhFdyn<=w(h)hyEM(mVYO`a ztesg4W?x|pcA5EOm8qzM!pyIAqHjVME4@7RlcV1J`75ml(_Wu1*y_0PAmcOz<=r!v z>t-_5%bG@UnQ}&44+|F0Ub~lH@uQEP@l+F+4K2KO+tXzGJeT?ke|hz*<4R6R!#dfC zetuD0Vht=k8=RLmp4?UNaSi|O|4$jRRr`GB$waoft z={8#?t3QSn_4z#=zE`zBfAjj^rCYGM{TkDq*i<3i2t(_yqNlVCP6ci~`2K5?{<2$t z8@I3C6q4f7r5M`~Y^@ZTuJ!UWtNPKP%D1n~vod5FZb~@EPF)jQ8I|f-ao#5Lhm4A= z_VWqKjV~>W=ZwRk{C{bH`r2Eqcmm-Zc*?H&5}3C2rn^L3|A}q|^RwU$@3o?}t~HSwT`? z;_AlZr5x*$r@1?xa$aJP`Y@T_`g;4z9@|ZtI>#?2UsSL&+xMn;o|(f!=>yffuBS}= z6#ciOzQ%j$sSn261@>Bgs$Xh-T*&s)4GHHv*(*<(djGp<6ZPs$&7R}erz}3CUn+F> z-hZYJt3o)wUl#$6kH$y~87Js1h9ZRHOaHyB4oW zV!tJ(D>iXe9Tu#-9*`|4LPM*RPjj0>DMo_7NP)ZnPPtP`SygUXK|yd-L}HF(aez@}s-tgiU|y6{q<3VPBbTn7LUD11 zZfc5=si~o*f=NJCRDQaGZ=_>bPFYZBgpaXHmbboJsGELrao@aW1 zOIo@|K~YXVmr-(BZm~~(wx?lgm8YqJhoxnPQCW$0dO?0#qNhtzeoAg$o^xt(Qbv%; z#E;_PZaLaH9^v_h+Uce~#=-8+>1pof+U6zxmf=~>W)?=io+&PQi2=?Pj?N}rnZ??s z*rgAw91oxyryNA~4D%z|}b_ zwXnVmq|_z2FsCHZC^;a~za%0#Jk?p- z+03NUH#a*q*~B@|$RN1Xk?Yg5+4)&py?@s4I&hNVshby1<=t(P`7@$ATZ3I3{^l$> zJ?n;R6K7AXdHLbwN6l*zZ*x5|{WV3SW0|{&;{H7S=zaf#n&!Iaox10C;Oh22t2~`* zS{yPLB&eA=PH60$@qF2&@T(u0cCU~8ygmQs#TRUFJ{X!S=KrlCxBb1%4yI{RL|^J0qG!?n}ef3GS$_;6O>AMGSnN9Kn2 zs`|$xHicaHqnkR7b@vY4&!zgA3VeSbN(vpm_}JG2dnV9#np49%``tc z{nx1InPj{6+{Kkow^}Gc{8zHr?yxwNxJsRws6k26;0j?H+KdJ1-EL}zfoTC z;(*MwWZ$U$FY;DS>y-SnyJ8X7DQEfXl1nCAUf6YBVcyBlHhZ6B%S%oTcNMrlZ8vjr zY0$3tSm}Ub%l2!F{yQj@Op{T5!+V=4fWKOIog26Og>_}YJ3W5wKIc?fbNaxR{mOMZ znDjAIRR^L2xAlBoef^S9x#uH+-#7l6 z|6eJ6?y1IB%jjRf#VhxIEBW-u;$CF-nmHTTY#QbVF?Jnzt0d!5SCuy}qU?Y46QiC5 zGqoRH4c47lem)_yuvVvvZPK)>VoFh4)!ouwY`*dG_6gDA-~G$}*_1Gg%@+<{dBZ8A z#qyl-+9~zQOBvi#BCOt>7mZ3kJ0a&+_M9jE#WC$>51t%)*mV7+Wb~}ZI~WbuT4+iZ zPIhSZ&AQh=U*5pJe@gP?)1NsfRez{GG-v*q_pPgC)n{+puy4VA!HG(lxpr0(A4^l& zW|fysn(I_}{O9XutWv47zP#TpxG(3AvPtd*S58`J?GaJ z+w^Ng(!}}Fa+mLjIb`S>y+0=Pj>kmSXWEx%^(^zhcb?r?RNin=mv`d@y}xa;8$0u4 zqLTKlRo(LTY`~;FhALb17n};@RLOcQ(e&%mY|d91Z@FLd_W8vNckZ-Rp3a_=w)4*n z78WK!)$NSObRM2ocxrrtz5ZrfsXo)Ca~nV24Bojl`{;(FKZGVHT#bDuJF~iYw`R!M zXN603e+KqE6f9r0*rKPeo-LJm1}o>Suk-s01ViiA1X~%3h;4jhDzMo4m*Tr+cCV)I z=-FfO%m3o_gulj&SG4DH&-Dm+>BP*l=g{{BoDB=-+H=>rS4J*f@M8PwW!2@=>lHth zD%=n07oXC#&NgXsreL?AMxt&O(<=VQ{Xuuc?|9w{+Hr2%0++SE%g+|iy{S0$zFolD zT*WK0(g#zVkDfZc!LFlqen84X|E0nU_Ub%kTcRw_y#JefD6jp35LVVTS27Rj%+|Of z@?c&^-1(VzEpv^n=ihQ}ExUSM#Vcl#sNSr4jz2MI9onF0@t*K~(ee%qj zDs8dtoEs%(%yfHTW6O2JDetkjd%C8I=dPeI%SlGZE6gO%^mCm(UN*HY=v6htt6OrL zC;k52TPb*Vd)=R}D>BZt7)@#KiEP{YMZ)sTCFXBR61UgK6n#ywJM-zup3KG_@k{x0 zx6J*1=U;v3-~Z0-=@RF@H106<53+UbS!J8C?fhNiHK)WjW%N!>jk8tf_Py~eW#gxP zE_NZl&4(W?Zx-dZk25;IfBMS>p&RGj;*5<76TfeFHC_E=XJWB;@mh!SZvP{Pf7jd;wcas3yLhI>=V`BVzFt4D;zzV` zN84RKwvroK+8$d^CO??%o%8+5@5&==yE2n*PrKHu@NPruYi<3P-KSz78@EOG-`PB; zs_o*muf0}0yk}NP+tzJ5Y@B$Q+lgzD;*Kqx*Nuy9?&V$fy`3uf@3C>&M)qeMAq-P< Yb_t%J$-8;N_Q%<$me+BF^nE!A0JRbvy8r+H diff --git a/secrets/gitlab/secrets_otp.age b/secrets/gitlab/secrets_otp.age index 2c547b7252a57e357bda04945d1fdaf38a2768b9..b397015d1d29df634bf82b4dd6416021b2a59746 100644 GIT binary patch delta 912 zcmeBSd%-?Ir@qv<$jj8UytF7O(5TYL$=JlD%);2cD&N!B)88_pz%eJYsIVX`(mN+F znX5E6DAYJOBCD*xu-wdB+bG%C&m<`)DJUl`%0RnF+c?lXvC<_VH9a%jlS|i5p}06h zH#Nn`)YQ;Y!6cw6DnDJJ+$_k@&o{)WG%vu+BOo%{#Vyq}P(Llg-zX%|w;-^}KRqnj zw=^W!)Ue8vDS{Irsg3hm(1auc)A{E7erW3QCtqKsm$N|PY{ zWG_!`)4-I7f{Ms0lj7jQTvHd1EH_u@#Nv{Wf{dU*GjDhOz{tSK@r>g2CE=DO8NT7! zj`^X1MZS6A*@jWZIcXtD0eMDgnLgV3PFZ1DA^L89MInJ)SrJ9%#Ra~psZp6pWrqH) zer16r#pxkw5n0}zc>xB-VUZ?jCgxRfz#39vYHv z} zVPJZRWuZ%;muazyNmyEBq?ci?dnlKIOOc_sQ%JIBPO*n)P`PWefmv>vf2D;*UXi~~ zzM+AiS!JT#F6P<#RYt*XW{$2V$yF6Wq3))p9*%BqVHPQs z#az0&x(Y5ySteN_`mRP%+Bua)p)Q3!?g9DPt^s)w`W_LM5vHk;W%YqRff;UoUddcJ z7vJu`{M&N9K{e+qzKXw#LcL8)(>F6P9(t81`!cC}nvN$c*TS9+atm_zuHU4uz2lbu zK3%!W4<7t2LasA!^K^7Mu%|rY7BiPTY89^MfAxXsxhXDX(WZH>GkXpD-8lu~eS+3a zl~+EmXmh%B?^N!84GPws=gw#yn_ZK6Z^^08RcBtV>z`aVcgv%@Ra*O)^`0z^^w6HZ R$FBD?_iDYbhdKX00{~0*KH&fW delta 710 zcmaFC-orLQr{38uz}v#pKRq$jAls`T-^s@>G}z0>CnreT$3H32B0DrJGO@rdt3p55 zmCHA^!rU~XIKv`5-8{UiINdAC(=yXJw8GFJ$SJ}*FsRC_z%Zpu-^I}|olDnFp}06h zH#Nn`)YQ;Y!6cw6DnDJpFVUmG$kMCO(A(49Fe@rK(9O#{H#;n~A}ze@~RArR5z27LX*FlDvGb#KeNslJFw4kl?_~NavuW(j@(G*J6Xo@r>g2?#b@iVMQ*b zj^UoUB`*4o6^=pqrl}cOF22b=7HO_VVFi_Cj^0(~c^TPU;Z7btRfU%6WyyY7!M-jP z7FC|UMcPrWmgyDYj**!;E{Xasrn!m629f#bp;Q`Gp`6YLpsiT4GsIRgzg; zVqWj)oR%Nz5>ezH;A~W$=ogS_TA}ZkSW+Aj$rY)sZDlj7}Z!lkRLs}NkOZ(xuaY-wzsl^AB6>0zL6;$3Rsonev_ zm~L(y73dae=v+}8Y2cV{z_m6^H*rPB&z1FgOG-`8iJdN!uGo{V$XeGXx^_-Cf1q6V z^HncC>2E}~wA@-+&uD%w%;j>d{F_~hJGZl@mj=hJ51qd5=|%ojzuEaO z=6zo5bSNXC>FC6>rL)gXJbw1_mj~Ss`q`p1+$|Q{xZNzuu~{jzm;dCRtV1ieP5SAq m%^cCHe^WB$=LV<##67m>U%797 ssh-ed25519 V1pwNA Y8V7GEcJpZbT+1JLRePnZqvhDS0XKI46MYNbY8HAAAA -+J8be6Slfuy1J00wkTjt3pznu/lz/s7SkJ0IwWkfdDE --> ssh-ed25519 4PzZog Zwyx5zJMwmL2A8yyvw+kKzDRIWuEgO2Gbgft7YYv4WU -/I/FfVENjO+dbl2CEunE0U94SxHDMuyRGWsdyTRtNdU --> ssh-ed25519 5Nd93w CfTiEdDV6lQz93KtvsvBThNc1psegKNlPT1K0tqYiVs -FFdbSBBAjuC2kiyGzawnp2Ui4+okQzb5drFzWSvqlFk --> ssh-ed25519 q8eJgg nhfS29M9MfnOn8SkS8ISWhZGE69hfEUI22nOVBi4j3M -yLiyRkT1r646SBy49iPhwhezHTZEmPGfqG+OyA9ocx4 --> ssh-ed25519 uZzB3g XSfCUI2kgTPdzWhomj9UtalXDq5A0JsD6vGngAyv+m4 -eKslq/aDtpKJ1NzHlKzDbRXAS2NdtZGzLY1cYA/+tD0 ---- 9rHjFQNctZwazR9X+8Z9j8hCJiJa1/e2zmJIG8b2gzo -+f5^,9k+!C>?&ӳ4(fs-`%3Cx%WE.(gI -l -CŜLIV uE}G~v!肞NvhS`S`l|k^Aֆ;uXϬwӕ"V6)@ -[gBII \ No newline at end of file +-> ssh-ed25519 V1pwNA 9M7GmhZKBWIG3aKDhybPf3j9L4lhTrGG9aGpV7dRKy8 +BfUZCdKn6rZGgHMf3475lgPqJamnm2W0tPkPctZHqyk +-> ssh-ed25519 4PzZog ijLfuYQCg2bofPXdcj+2wo4yar/Rcocw4e69nO/Kuyk +H8/Un3MCa/u+WvWUIl1L0W6agAC7qMm6XyRslDy/4SE +-> ssh-ed25519 5Nd93w ti92GZohdr4Yr2ezaLt4iJJaBeu6xfe3cU8YUvW0vH0 +NFm7YCcsy+X3OykCrBcO5/83qVojV2JacoSSdR1ctaw +-> ssh-ed25519 q8eJgg PvJPouqT8s+EeBv+SZUsfVXk6VY4R+o8SktSyDdxvHE +kGVDmEqA2kKGwmtK6Ue/rq8rmOUIdrF7tvZI4qjCuoc +-> ssh-ed25519 KVr8rw iQOHwjOQgTHEnn63/GBv9mRS5DZMouNK6ssawJIomGU +5wrSu/IlWpOWQ5WW0Ii0JhgWfY2qDRTT2dIayJWfPPQ +-> ssh-ed25519 fia1eQ ORWzCW6WqJttUok3KIJOJuR2a3mvJRD6EqJMDhaTHi4 +cO4hefRRmCNJT/5ShZ5G68JR5nNqsjIuCsMm9ymWW84 +-> ssh-ed25519 uZzB3g tlXiwBwJtKqA8xIJpUtS3/3R0loyD2uYI57P7HzcwXs +8Y1cOMDwGTPIUOKSZpx8ngab7dgtTRzvTb3r87x6Um8 +--- KZjYtWrcPBYnbBRRzKuyOr1IUvEdd+XggCg3rzPLKX8 +lM04a'h^/!֍{D#]Ԕ ;qax&1(zw"6YaWv:و߁Ovc +8djbA +\lO>=GYQ  \ No newline at end of file diff --git a/secrets/grafana/pw.age b/secrets/grafana/pw.age index 0feb54596c7a7ba72deca46c8e3f657853e412ef..22587894a8ec0f3c863b7363ea42e6e9ddf12d9e 100644 GIT binary patch delta 826 zcmdnSI*EOPPQ8z#t9N#qVTG|}K#Gs2ho!l{SBa-rT1Zrcp|4qbh=pIiMPXq`WPqb_ zGM7=Nf4EDLwo{UeXJSZ|sfCldW0jwYUwDXlP+;W|)_$xszd*0hg|wLUD11 zZfc5=si~o*f=NJCRDQaGbGb!!c6NwMYE@`NRiIINfm?>ZW0_G_u#0zCzH5-DrKO`; zNo7e^d6{uCS4N~?N|8xucyLZpo>4%#o3m4nr-5g+aj!SrQQmJ27ieq_xNoq#^ z#E;_P0jY+CC28SV7UqQ|er7J=rB0bnrhfTOKAzf%!D+$i9{GhPMuvHb=0*lw=GjRm z&KZ6l8D(h&<{7@0S*H$ObL+`zoD$TFlb z)2!Yw$hWMtJk2aW(lac{D>Nf5MB6RhsXW~^oy()DGS?);NIy;A%uzoyG9<+_$tkfc z%Q&N`(74#$+0WlRw>-5xSU)%20^Pc_%tXV~K!r4;h`{V{*U;Q-gFH)@l3??)jHnXJ zd}HmzfRgmg@}hhTQ`b_<+~mBn+-xp=6XWvI49~m_kF?-`WVfnJ|D^nMkF3h5O0&X< zBJ&8tEXRNl->T9aFVD$m8O7^U3mwz5!h-VCEb}~~G9#-Z4RTF=gK}J}Dh+&`A}W&f zD>DrZy^Sohvje%xgDuRQD!e`OLoB2G!wvH+BJ$1L^K&!&bAqZ$oC?fc3IhGg^ouP6 zf{M9xb#)aIE7CK)EIbSSN{dQLv`sP{eay0qbAx;`&5ix?vhv+cwL^k^Q$4-QvpfyB zuJBr3?)uio_Q-AR?Usmt5%KRdnD2J!^(0p_&D~Qs^F{jE+6lpuYZ@OYSsHn-@iJ*C eHo0D^Y}n0tz*T3%qdv6-b|iJNJPuVsjtSy@O*M1{9;L6A>k zNM?Ard0JjMmxq6uzfqo>xk+ArrGX$2M9&OzE1?onlF1%-y*rFpJg=79x1 zDMi{QW?o?)0b!{Dy#3P(qCAVzwSz*rJo1uD3JU#79JTe+eDss@ zQ_51b4Sl`J{L}m@EsCAo%Cn6;y#0K=ef%xZL&>ws(YMf1q0F~5Bf>Yzz&+B_&^fE1 zQop_;CBWY|Tf0EJ*t^Ut&@nTh(8wg)EW$KBkSoR5BrVazFU7LZBT+x!#VpChyf|Gy z%s3*z#N92w(kaCwuOKMX#5dE+giBXfSHU3DHzcSmATY(iE6YdU(Ze9k&m+Uayh=aA zuqrLlCD_2VAi!APB3(btk?YvG*PmXY_D5}aTHw`k#P3H9%}3ua z-QUO4#W~AAD$1z9z{A2PGCkR{*ihTQ!dE}hDU_=?McX?l(kr7p)jzi+J<`J`IX~1q zz`v}}%gZCOBt6m9EyvU;GBP*Vvl!hrQ@<2T<8lR;a<5#=+{m0%i!2}Glv1sb4*=|(yEG`QbPm6%JnV7ETRmHBTGzD z^po;ae6zJ(Gs2zxj7+#3qkOZo(nC_yeM<{`yi=k=wIkh%{G4*MON@if0;_zoeVjeY z@+yB4b%FgyS*EcgP zG%-tybj{|9OtUNs$O#UL3iojLFwL=WG&2s)4GjwL3-JiBjLI@Ibv8)}@USQ{&A_lN zEi=(DHBiAhAgsvD)6Y`h!!ft2!n-K4+{-jLE!n5ayDTri(%U;JC%+^#)XCB}qMR$j zDa1RfJftKg(=aN{+27H)Fw870Gc4c4GR?>*#Jxbh*%g^miw z+HM);X&IRjd6r&D?wO&P7T%TR{t*?$W>H}&rR9;8g;gcN7G6n4PM%yAA;=0V<`mYyyd;mM^&9_i?|l}1%L8K)}*=A}9&<`idH z>YF4P=0ye-<_BfEmbm#PIhQymX6xtqW|+7;I;I(fh5B;kMUnU?2OmQ`Bl zmgMXnk)P}smF8v|2K-?zM?Ff%Et!Xn96KR1-i zDJU<%(KyGzC9SH^(yuJ1G(R&k*VxfAD?L2VJG4@})G@FyJku*G-!+*_S65ddE7>63 zG$6g)#KhAe#K|}_x4^{Br#z^*)U!OT(z3$S*DylP&<^l^V$K}NY~3u75m56HG1}5*x zM`c!XtqPo9CeZUkNi*hw9AtI#0YFs#0@7qORNbjJ5N5anlVoewD)Nt;=2%w6G_%Ss2d6j2Uu&ig~PYSYq_&YoIUVl7D8h!U{|51t0%6lP}Bt-1zoU r%hEt$&2q)XQ{FE;^kZ|%9vd@`6R$4hFX!d8iQ7>YQZmi-daxM)?IREb delta 1185 zcmey)J)3KSPJLKXVXnKOms4R6xtX!HM@X1k zGFO(XXGL~Su#16NdZ}Bwr&*b2rf+CoRZdENu6t#8abB@exqEU>Kz5K}IhU@TLUD11 zZfc5=si~o*f=NJCRDQZblD~7Zk8xtLN2!ZrRbX(Ei(9a>t8rjqp;?HRtFcK*hPGQ# zwthucMRs61S4L`bK$>}up_xgMN0q;YL5_Zof3b&QmZ5P#xwlV*u}Nf6QiW%Vp_y~? z#E;_PxhBqzX>J8hh52FHxu(v!p_Rq?=6R_(0g=8g>HfxUAtu_z#zw(OmBF4|e#ub* z8M)=-z-NMQ(3)3q~%mYJx^Yx1|a$P*Re6#$LD~c+DOCx;3bHWo{ zJzPACyqt0~^ut^toQkwvf=pdJ%W~aJv$8!WC$fmw2Ua?{>6;rTr;brWsmrnS^=f2IrXjq=Xg~26}j+$3SURm6LJ0LScGN z*vvf7%-c67(=WoPu*5&bD77NbqSQ0MG|AD(t;Ed4Kfux4B-qy%WOlu8Mxc?CyMMZS zrH83cu6|^0RalNiQEE|6QIeanv0+}8QBGQ5k*QCWy8%~*x4)OGdumjbcBO%NZi;ib zfnQo$o_AhIdPRn_pIexTOJR9-MX*bn~q;0uGp2NXrO_jMY*zSSqJQxq^$on_9iPVSXU z62HE#YSoi^8R9zqYvue&8w>tv3NNYYulJq)?|gm$%feE2mjAh7nPO(_g=6wolKMLez38#K5t7!$C4u# zKP$W42wi$SEkfB&d0Xzj1BPDG7f)RHT&cVBp~JUNpXwR%9$dfg5|jCiNB&5~$8^I< zQt>R`-tOJU@TGP|)Z&|2U%Sk|oqsg{UF&5%$>wHG72hM*7MlO~5^eQB>banPZ<0Bi eKWAIumA!u+?{l`e(r6ML8_VbP=JzqCvkd?p;;lab diff --git a/secrets/ldap/pw.age b/secrets/ldap/pw.age index 37febec..c5f5459 100644 --- a/secrets/ldap/pw.age +++ b/secrets/ldap/pw.age @@ -1,19 +1,23 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA NP6ek8muIcVTN7X45Ca4KxjiNwpIPgyJ6QPT5MXHoDI -JAdyNy1eCn50/G8o9UZ+HTs6UIvgulqZvwZJ2qPwglw --> ssh-ed25519 4PzZog xIbvzSC85K6t5l7/4C8yKUetsmF7qjXPfT0iaJ3WWXw -JnGVTsGtD1gUwGySKbLYTp624ptRoGRGHVljvXnWLnU --> ssh-ed25519 5Nd93w dmqR7XslUxk6epmjFlsgNBHLJRCTJEXYp8yg204/CFs -s2dgY+P2Kbk5W+3afA5dDhRExu7yDDdEIk7a2hjiYuA --> ssh-ed25519 q8eJgg w/wr6gwWRhNiOH7eXtGsvll4yVqHNHyTMGkV/DQOFTM -2Kh/Y9RoKQkrVVNZmXIKea1YimkUujGQjiEU+EMCSXM --> ssh-ed25519 IzAMqA J1Uxj03c9gWDxrqkDe5Br/foddQPnTQ8flGtaEUZoX8 -ESWBqkufGoxaSFrTqee/6VdjFzeaLEk1uvlycyZu1UY --> ssh-ed25519 uZzB3g QtwtyCCE+HAPPzG+1WZJ4ZgH7OMZcSWz7m7+Bl76Z3I -MS9IWEZ4yMIqeGgp1h2gcBT1wrUUjKupKaqfaSC01Q0 --> ssh-ed25519 Hb0ipQ MH5FmXTUgMaos5XJZadaf0EFEQWap0KFFFmUC5ZHnko -UOUi3fKC0xbxh+oiJmqAQCEVtEb3ESXqi9wrnVosU1E --> ssh-ed25519 IzAMqA QBPOVyi9TDCcHOowdtCBcH2dX1bxDOQnl3a/5hixWh0 -vV8ats3EdQMu6q4I8dL2HpbiHHzt9Fk4SuNU0t52nD4 ---- QfeJV3/aEiOK2h09SZ6lrYvXsFtwdf/eOA4ogOR4M3c -fb %3R$/zΕA1-2a/vf}e@W9Vmމog[3c\jSX҅ eTܲ|'/7#|)tKL~(wF2"{yOivhFsnk^+QS \ No newline at end of file +-> ssh-ed25519 V1pwNA 87SmLeH/I1VzLSj65xOuPZsPDnVl9xliQ5/CVijnYmM +2RNAdkwpR7AHsYrh4/NnANF5oNa6NnKF2TvqiuMrxAA +-> ssh-ed25519 4PzZog BUlnW06UQsJzwcQ3Jtca5Mzgj+iFUunwhisvtIYlv2g +8zGP78Pcw7Sx2mCWAEBf/v8vH3PXqqQ5GmBXvLQN0jk +-> ssh-ed25519 5Nd93w 985aPULvm7eHx4VACN0MU9tkZvuhEGfTse5rCILxCWE +kX2GxHAC1XJe837p6kJtaqnESrNQZgBOnw47zE7enf4 +-> ssh-ed25519 q8eJgg J4Gdo5cacvP19ZyUFSsIQdy6imX6oJDrBIH2nLUC4D4 +d4VhUAvqAyIAYKJjNPg5rsM7GifGQo+nl1+Oyvk7tsQ +-> ssh-ed25519 KVr8rw cmAn4m7om7xJ8ByH1mWE9sG4NZVOOENZYuqh8yly7CM +qgZjhu1fvNbDgbF3xFMqVI0klgZOZ0gEuXU/dq7ZziA +-> ssh-ed25519 fia1eQ xTLCJGaocQf99+Fl6FHXu6hOXLmq2i8aFDoS7RevYV4 +K4JxlKPHjUfQZj9LnVXAryWln2c10lZhrpt4ALCF6k4 +-> ssh-ed25519 IzAMqA VCMeNgMAgywehKU6Fvh9O0nXHWSFD2PkNM8++ZqWYB8 +uCnmYYPiuKt22eplH3Ms0LzBynU1JqMjWDDx9Zep2Q0 +-> ssh-ed25519 uZzB3g OIeb65JzQmV+GPw1RxBYEKrWBovyqD+yUNkvD5ey7Ds +7RlSzUGmwcuV+NwwOIJ1dAsiBk48lD3vbsnq7U/xJks +-> ssh-ed25519 Hb0ipQ s5bT1+VXT8ySjSTCoD6dDqc+cU49SDv1AgUIKmaKcno +oa+M7RQq31nzSccRUdEw1NuHQo4xHaSva6CaIBgz9V8 +-> ssh-ed25519 IzAMqA hvFsxUBn484Uga9+JGPDxsjhZBhmNGlLXn/jX2BxwA4 +pSdMVOfWttPbioa0Pkl2eSjE+TpocHu5+/l0f8IoOFA +--- B28xN6XA1WfkiAYzDCfdKMxbosPv9ad0V/NFX3KeJNw +X1*Hk,2><ÄfiP# ّ3h<MRDASe!2`?0F='ŧCr@XvƘ{"+s[E65Cxxr]d3_1J7ڔ \ No newline at end of file diff --git a/secrets/nextcloud/pw.age b/secrets/nextcloud/pw.age index e5612e1..2a15d74 100644 --- a/secrets/nextcloud/pw.age +++ b/secrets/nextcloud/pw.age @@ -1,13 +1,18 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA PiQsqOT6Kgdo6s5Xj7/YrOF/xcFUY79IVGWh9QrqiTM -oDH/CXTFBNOQFFJRIcP2jrJhPb/CabqxBOPUyjCBgBE --> ssh-ed25519 4PzZog //UFKnG6srGzPvcZZGBoV3C7LCV3mkbiRwyKRfk5txU -sOIxSDePjj7gt4fsgy134MaYasE6bylaxMgwCYEsopA --> ssh-ed25519 5Nd93w uJVBYfAdaQD9F6Ps3/K1BvjmHd0KL1A38G+6tZ8uTB4 -ua+xSp1+tSVMEM7kG/0x6XcXg4zllyxGGt6UT4o0tH8 --> ssh-ed25519 q8eJgg 9F7SNeeEpCWgH3EnigRYnX48R/1ST2xjcPEX70qcklU -8JisSMHjwXWAYH22V4EfaFN1rQk/fr5kG8Uf6vFcfeE --> ssh-ed25519 YFaxCg 4ZlNZRZ0DPBGXA10Rkvy7Iyk+r8nSREK71n93aZrbUs -YWFtPzyae1TZ+cA/vmWAHFr9P3bA6NYxkpAUeVNK7gs ---- e1ZdhiA8AMinAmj4jY5ApJ6ASLdH/wK95iWw8jjWg6o -Ttdl~ ou8/.wՕ=*1r}@ Fyׁ;J!IƿAV =l \ No newline at end of file +-> ssh-ed25519 V1pwNA gR4aFo/u2ow8mMgTInSPElO6gBhgig2s9Wzp+IkGjlY +mVWoBrKH7AihCbdrspCIzPjF8N0kQGDML6pkybH5Y4U +-> ssh-ed25519 4PzZog BhiSfpYVlUgTLX6rHisiyzLOmzrqcZ8JKDqwY1lg+D4 +nSxNNHRYPy0C0ufqa2QMIylMr5IPlPUiDcg+d79KkDA +-> ssh-ed25519 5Nd93w +bZMaaPc0jTIQ/eu/uWWgA41UQnKveaaVjgqoIaAGyw +elodhm0K17eQQInvae1tkkhFY1aPrbTdaRsviYDEBEg +-> ssh-ed25519 q8eJgg LlaIdTPw3c2H8R5mDIIam4Ygvvk5gpgPahNJvf9UnB8 +BN901oRUt0j75RnQZnn4uFiLKEtRhCvFtKHug7Ikg8U +-> ssh-ed25519 KVr8rw Bv9wfs5KP7lvH3Bpnsbzpgzduq1xiQlwVcWndWFL7Qo +LgGA4X5MOelYhpXWfsX95J+YGjcPzL6ISlPKr9ZNv/w +-> ssh-ed25519 fia1eQ WaxlI+aHWQdJs2YtttcQ4TzI3aIlkmdbm21mhv71VRE +yI6QKxZ/TwXRDdaHxt6+ZVldnB7sZRGQFABnd7zeXtE +-> ssh-ed25519 YFaxCg /V6Ab/BqFQ13K0qN1DOfaw8LLGR049s0S/FuK6dL6WA +fZbxvQWiPh/MH4/fOzV5trPL+B4H2o2WtVBIPuFsdLE +--- kUKnoRQARSlp+lGUNu5Zu7KztkK36VZeK9xozWZwmyY +϶tT)Q*12wcvѶ^E~]!TB3? +R}D> u-.9D \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 6cc5101..07213ca 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -11,6 +11,8 @@ let silver_laptop silver_desktop thenobrainer + eliza + esy ]; agentjones = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHOxA3uYcqS5gTrG1hS8XXwehzQYAI2I4iULtU8cXft root@agentjones"; diff --git a/secrets/stream_ulfm.age b/secrets/stream_ulfm.age index 7405101deae928f263551687f491de79f3ac8239..85b35f3c94d729cb633403e689a9458ddce726e0 100644 GIT binary patch delta 3013 zcmdlW)*~@Nr@ma@)FmppvM4DmB|9Uz(9k==(84sZETF_JxZKw}A~?LnCqE}B-6h>E zlFK{S)GIY5$lEWt)Y;iMEw3^o$|BpP&>%ZFq%0!8*fAt2G}K5tTt6ZxnM>DBp}06h zH#Nn`)YQ;Y!6cw6DnDHz-OVJ`-7+-AI3&3^+&?AM(XG;@yujEw#Uj@$sI1(jGC#92 z%rm4aJjBg{E8H{E%q%(8!>l~p$fVe^G%?x7zrw8|B|<+cHOMLWm#|{45DPC) z6Q|UyR1^K6vg2j>SHq9zi+I z1v&a|g^mU$X8F!$+2LlUUg6~dMxoj0q2wJ_WKmSEkm2T4RcxxA5}Iz5<>why zo?D+^`n7QvZ8Atinp`o4yKz5)7aMqUL;Sx%Map~j{DDSi==#m32rx#~~6^SgH#**;JYKDj7gQgV|p8FhL-&xd?b1?dDt=p~h>TKU{ggCR$ z?46YNyl_t^-_PlmhugThv)zqnmImgV=;e2wJl*jrYx#oSgah}hHGC9a@H}y@u$i!e z;hTQpHj}T1U3GhVYA&q%%A>coKBDcVoc%G&GJ7uRsN|DE&exbW$S~)KkBelbE>fIW{GhA^*`&F_tAq4Yv+6X`@i}W4}0mWdL6BO2ArAULDf}d%FBXV zLuP!wQ>4WkbMHxoTwd~9v+swt?w+B=JYm0Ot+-Qd&xWetY0EUuFbdE3z^wN+^-T)P z@`+dG9y`%{aJrg+X~M@97N0Vj=!aV~!C1MVZ1Y{6z1-|$uBnqJ@dXIski`$ua}Ti!de+lEtUh1gY2 z!xwYgr8g~iulIYZx9;DXrY-kc??3cnUOnYZt2f7ovdQ6jvYo_~M*E`;^(jJ}MI#SPFh~JX6`UJ0kqkdDi@m$Ar3f zv_9|Ja6M@6cRq6qi7GuI#jPGnO_e2G%ez<`Wqu~NJlb!6tJ|VJbit#deP-%;&iB8a zu73LGGqX7B?};BH{*~X%e-*x4bMd4O_bxNzIlHZ|cPrM>o9c@ruDO8g zPG+*J_P%F_xUNo={_vSUYi4tqi1@<`zAO_$K16M7*E#8!9(;r;D1CWWVNK2EjrE7B ze#^ZI5{#RoH$!P%+s=Cn!u@?s8Q1SuOnD|8leTQ>u}2bfcsA@{X7f(0)0pIbDo@4i zMc7fn^Y54J6}Nu7Gr6EB>!Rhc#m3_5+ZkS3N$?t8@|i4oLvV6dv-m9kxM_d4#;^Fu zCK4ZE_BZQmcigs*#(%{v;__WO9XpM;Pr4CQAHFo&DJ@{}$wy)jmG`PFfBja=a`k@S zHDz9_uXo&5do$JiWsuUkyG)wC6Cc$J38dB^oquhn!3k!)d&PhECmc1GeD@-&sh#!L zeihZGvfLHhmhKUpjN)}X?=bAapz;_iy``~JfB2Y|7`kD zR9Ur6r2TfioLkGv>OV7&zvwNG?tf|t(W!q^8CvTPKC#g+P>dnlzywn#Z6<5dBW|-1zhpZcLklDwfWy{v1V@1k6P1w zo;;X#!1T`~ejk%J3+B%Kbh-N1O^H%f^%Dl_X?MO{zx=4?ThiZiryVpWh%H<$zb|EyziQ>T`ah;k zU)|y#vX#V7S?k!iOUUHAn8#C{W!vuc#~zJxO)0kBYOBE*nyQeMw=s9I-uY$uccU{) zJYKAv8fNgSrssHf;l}L;+vglwb?a^U{S{9wKUaMD_IppBo z+syp5bz%|(lIC+g$xx%Rd@ACnabmVQ|w z5x3DNQO1m4^kl2L>v|>D)JOAXRIO0AR#WczbFgLMr?T zj@7+)(@su2*mxIKppGMh!n03505{$c0Bp(`L@%!CqtI8RD^U(oOXS8Sz>u} z9M7d4tM(ggxZBrCSx0D7t vN7Ubl{r>h(ZqT!D2N`(7;>*@;e)e7@^lY%$3a4K+;(6BLj;oJc_ptx~kS%Lm delta 2810 zcmeB?*dR7Rr{2iLB{SX6-=Na0+`Pav(8x2~v)m-iOW!rkqBO|4G}*<)-!!%Jt*`vVHBrxB#I8QsbB;3oiEGN`t z;z#lDjC6~Ls8o*<7mrGxK=X2oD!;S{e{(;h^nx<&0B2vWkfKCi zuK<6us8q`U7c;k9pVXAHpsJ|+lpJqg!}5G%&vc^#ld`g+?7-~F@r>g21?Hwnz8+CN z#+ju>rBN;wL1|&-iRLE0!4{={K9)`e8Rhv-;r?M|84-?LA)#RvMv3LdnNA_vrg=^t zxqDj>+xfTZKp%f8Z6mL=;pgL@;T`2)Xc}G+mYp0L%H`o#;AI>f?i^-n;O$*iRNx<$?_?BM z;^F9-Z&4JOA8uk9QR-ruYLQzJ$)&5StKd`OTW)CV7imyh>Qb7Ol%KC1T<(=tWR{k0 z5vE;LR950&lu=k&5|o&f&Q&`(&%SSmjBWkV=dY?So8MaSAe#AkZu#H%K$|x!EiJUa zxrn(UXq5kCt%-f0;xb8{1%B#}X8b(Tt*uyXyFXyfgC*8+ zrV5;sa&%($?^M)vSdq9${b+xGmD!Ex_fCG9Qyr)N((n?i(A+QhzSaCd=JBIj;-^1* ze%)r$Cv09)DdF(W>tyS! z_*H846VsPBF#q^ms>(EN=J(L8VT?&y!V@jhF1F20WBSHi|E=-H*=Y@VDIXTO?)zQPPT^I(zlJIscEG-WpYLzGX^D zec)S}z>UmCn}6ntf6#iSp4NIo?We5GwXH{Ie^0!8+~sxUg$XOv7T#LieYtYOkr$31 z`20El%@d1Da1TnDy}IXO{in(G6Uz^|-m2?PGrKp*-zy z-dE4BdhYnF?)^*d$qI%OCz*CJIIca^A-&^SM^5#gT_#=p(lCu$nP(2=4bfaxP7{7>6`5`*PlhIZU1vH_ftv5BBzM~DtE%?t6lpr zakcvmn+f%%VXK4Ib%yk>E{^ut8vS=$Ro&mW(fk7Q%}#h*Huu&wlm|{ee0j^+_4lXw zAF|2m_j;Qj?_=8i<@e|9YohOL+P+g@mcjI{4@I>f>O;>~O>MlsclV;{kxx8U^gIxK zUUFcM43o-*OAmQ7!%g>FMbCJtD`s^dGc05 zrk{KN{P_t_Cd+fCs^@NfXZMY(bH>*orqJ73hnwSstt(2C3@)?iE5B<_QvMX~W_VCE z(zIsT$)o#j$}RsUCvv=Ci{f^xmiGrs8?qnF`YrDK!KmcBnA3K8=*dlUSo@m-T} zVA?5RzudxN&SmLd>B{ulMGwjkhnL1DKbo>%GxqJGQj>c78D>d!u~S}UHck-z;}kF< z&ExG-)da?J`)_PwD>E;p928FSuS%SJtEyhFtWF>Nz>;87GFYo&4Tg>a$wS{|`+PgCM z$EHtrt`l(QQ~EuXLouB7Iu>tcg1f#IFVhS@wvE(yRqlzmh{bkZh4USvnYetaNJ}mwB^Wx^pM4c6iz{t6_@ZAJb_Q?#OlAtkIKVJg_Y6 zqN0S$k&blV$5El*r`E6X|D5OGU_04+QoXEqe6q^t6VoZF}7o zO1iE4@@3z?@}Q0S8_RW0oQ~g9>#}v>*1Qi@onpsU+`kvm5&!N<&WVY84t;w+`BOl2 z@5(C$xAaQdFDo=J_+9vmwQmlJ!?C4z1c4^DT6Ml!(4}aSr z9amAQr)9{)u`ykvzWTtfy`BscgXd<6c+BIOUDKO&phXSoadAr zlCfmz{ml<|g);r-_mIE+ljr%D?OyuhQ- z)6YHFFf_!#uhQ5ov&=g&%r&hvGQis}D9bIt*^?_Tzsw@6EX^z}EG0QI%hxH-sn{na zvMjLN$T5Y zGriry$^!F)tBlQEf_%B0qRIo!!p*$WQ%sB9-E%BLld}vREfa&P-13~OBAxZ~QnQ22 zj7@XOO%2d(^A0PrC@NPdb_ys+vP^VKOG?j3a<+60Pxg=04)k$K%XjrGP4oS%q-^8Pbo+>F3ipKtMtuE3`_A!cPuvaEH_U!bSsMR$Z^X|^h^#73biOo*Uv_` zEiE(AFf~x2+}*{a$UiD6xx6&W($Ce{GO5_yF|pDkCo8EkJ=eV~#lXiq*;3!9+&z%X zz}+`1Fxj}k!aKvc*g4X>$j!~UEG*b7C@CY$qP(g&xv;PxGS}a?G6KVIo>h*%g^mhE z89~0D!BNSXsj2RXsU?1u0bVIC#zj@yE?J>YuG*H7MHZPArG=^KIR;!tei^Cxkxn5M z72zf&`lXctp?*1eiDpT8mO<{0$zJY`g@LYB27w{2K_=*aD~+mhGEP@Wt91AD%Pi7P zOmZ~U&d;kbbMbd{4>phT$*S}&3o|b?%=N2Gj)<_VGB)9I%kt2U^3O3(GBh%aaxV=E zHgn7M&9AaF&vQx(E-!ZWPj)KtbhI!{slu?$Bgr7MAW$JO#4kTGGR-n4EYQE$BFHr_ zFD)#@AX(cav?{>2Ks#GIL)$qbBFrnVBA?62-_WHZGBw06#W2jZsKBDIthh3*G_X9x z)XcK7yvoBQH8&$PA|R~1ARpat(2&e7N{-SF4fOOcii|7^NQp|yO!o*dH;oE+4hl7K z^DH&-%Pp%acd1OPu;2<#cK1)pD)vltEHU;o$}lL@H!LVgiA?q@D@f8d47JP*@yc^E zOmZyFOXt$n)m6w0^$RP`EUk1gFbOV84E1tO&hR(PH!$}1sR|8=@O1VpE7Uis49jrO z&F9+m`^jSthRD@V@5;7J-m~eFqO4N=yeE_RI@skbH`~Qsbk;s~qff%KATvLMuRON|^NZYnL_cLmOV+ zSe@m5E;{G)Oh=y#pBC@C&w~~m(%dkAiS_?uAA0%ABhSuQocmCaxxYnr#nd0CvTrD# ryK|7?%T%=;>$Q{ER_f2-_tE^OzJt|okLR2#%#+vhH+IM8mrVu$cVf}F literal 1131 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5wB8H7YCj zvdAwg&-B(#vT*V<()UVotBiCGHus3sc1=w-EHBj0F*HmKiR6m1)Gl$2EH#eus|-xZ z5B9PM_HipqPfIcK4Kzvi3-(LbFD+s5rDF*x1+D#W%p+ zA~N5-usku`!av+7tT@p!vmh%qEF0Z6Q@<2T<8p=Y^!&_7%WR)g%j9BL%j6uV%ruYe z$n+qmWb?9YL+^-WGsCjnoXFtds(h{-%aHsE->lFylgh;K%<{r;Ls!pyv%I`gvlLg; z^rT|#&N0#~;nfeu(TLkMT7Uh=an5X2IJ9-#ccouj&2UUdxSO&Ye z1)1jLm81L3v&zx8&{09#Fx)r5(I>DZqQEo9D8o@d(#Oao(XY@r)hypEB`Cr(JSiu~ zJIN{6$(74LxxgeV)7T~0$J8>%H^armvfMbxuOy_vJS){DJvcQjG{Pg($<42-ycpfK z(x@sY<8*~Uzw%s5qskO>FYhFi3jb20(oAo6<09=q3(Hc+pb+iI9M@u#pn_~qmq@N8 zA5SNfVE^!(qLhf7!ooEFsFEx%{jkd1BIlG)Uw@x`Z|}&o7 zQLSJ&zvOaoNS)GZjcvOQzWOHaTvoQ;V@1BT#kM2^`Q8~k9J|*92$nBZ+40o5zP&d( zvh(easgecbYiSx#XU{n?a(<+2XD{P92Mt F1pqLghO7Vp From fee1e34ca88b06ad6ea0ee3da9a08f61574387df Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 14 Jun 2024 20:36:16 +0100 Subject: [PATCH 407/826] fix: move to a better naming scheme for previous versions of teh skynet sites --- applications/skynet.ie.nix | 28 ++++++++++++----- flake.lock | 64 +++++++++++++++++++------------------- flake.nix | 8 ++--- 3 files changed, 56 insertions(+), 44 deletions(-) diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix index fe83fc4..188bc64 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -21,7 +21,8 @@ in { config = mkIf cfg.enable { services.skynet.acme.domains = [ # the root one is already covered by teh certificate - "2016.skynet.ie" + "2017.skynet.ie" + "2009.skynet.ie" "discord.skynet.ie" "public.skynet.ie" "renew.skynet.ie" @@ -35,7 +36,12 @@ in { value = config.services.skynet.host.ip; } { - record = "2016"; + record = "2017"; + r_type = "CNAME"; + value = config.services.skynet.host.name; + } + { + record = "2009"; r_type = "CNAME"; value = config.services.skynet.host.name; } @@ -63,9 +69,8 @@ in { forceSSL = true; useACMEHost = "skynet"; locations = { - "/" = { - root = "${inputs.skynet_website.defaultPackage."x86_64-linux"}"; - }; + # this alwas points to teh current version of teh site + "/".root = "${inputs.skynet_website_2017.defaultPackage."x86_64-linux"}"; # this redirects old links to new format "~* ~(?[a-z_0-9]*)(?\\S*)$" = { @@ -75,11 +80,18 @@ in { }; }; - # archive of teh site as it was ~2012 to 2016 - "2016.skynet.ie" = { + # 2017 to now + "2017.skynet.ie" = { forceSSL = true; useACMEHost = "skynet"; - root = "${inputs.skynet_website_2016.defaultPackage."x86_64-linux"}"; + root = "${inputs.skynet_website_2017.defaultPackage."x86_64-linux"}"; + }; + + # archive of teh site as it was ~2009 to 2017 + "2009.skynet.ie" = { + forceSSL = true; + useACMEHost = "skynet"; + root = "${inputs.skynet_website_2009.defaultPackage."x86_64-linux"}"; }; # a custom discord url, because we are too cheap otehrwise diff --git a/flake.lock b/flake.lock index 874f430..d9c6ef2 100644 --- a/flake.lock +++ b/flake.lock @@ -620,11 +620,11 @@ }, "nixpkgs_14": { "locked": { - "lastModified": 1689935543, - "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", + "lastModified": 1690026219, + "narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e43e2448161c0a2c4928abec4e16eae1516571bc", + "rev": "f465da166263bc0d4b39dfd4ca28b777c92d4b73", "type": "github" }, "original": { @@ -634,11 +634,11 @@ }, "nixpkgs_15": { "locked": { - "lastModified": 1690026219, - "narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=", + "lastModified": 1689935543, + "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f465da166263bc0d4b39dfd4ca28b777c92d4b73", + "rev": "e43e2448161c0a2c4928abec4e16eae1516571bc", "type": "github" }, "original": { @@ -807,8 +807,8 @@ "skynet_discord_bot": "skynet_discord_bot", "skynet_ldap_backend": "skynet_ldap_backend", "skynet_ldap_frontend": "skynet_ldap_frontend", - "skynet_website": "skynet_website", - "skynet_website_2016": "skynet_website_2016", + "skynet_website_2009": "skynet_website_2009", + "skynet_website_2017": "skynet_website_2017", "skynet_website_games": "skynet_website_games", "skynet_website_renew": "skynet_website_renew" } @@ -922,45 +922,45 @@ "type": "gitlab" } }, - "skynet_website": { + "skynet_website_2009": { "inputs": { "nixpkgs": "nixpkgs_14", "utils": "utils_7" }, - "locked": { - "host": "gitlab.skynet.ie", - "lastModified": 1707154174, - "narHash": "sha256-oUOD6aIy8KvIsiAWxLApPgAkigDZwp3xZ8bmhKoWszY=", - "owner": "compsoc1%2Fskynet", - "repo": "website%2F2023", - "rev": "c81db388fac570a8cb646391ea461b9e60282043", - "type": "gitlab" - }, - "original": { - "host": "gitlab.skynet.ie", - "owner": "compsoc1%2Fskynet", - "repo": "website%2F2023", - "type": "gitlab" - } - }, - "skynet_website_2016": { - "inputs": { - "nixpkgs": "nixpkgs_15", - "utils": "utils_8" - }, "locked": { "host": "gitlab.skynet.ie", "lastModified": 1690726067, "narHash": "sha256-/BrljRmgR65bdqWgGBBWlTFiBzr0EBh1OeMlLj+xTg4=", "owner": "compsoc1%2Fskynet", - "repo": "website%2F2016", + "repo": "website%2F2009", "rev": "63e0b33c5a48cbd4e68f23dde4987959b6c8e97e", "type": "gitlab" }, "original": { "host": "gitlab.skynet.ie", "owner": "compsoc1%2Fskynet", - "repo": "website%2F2016", + "repo": "website%2F2009", + "type": "gitlab" + } + }, + "skynet_website_2017": { + "inputs": { + "nixpkgs": "nixpkgs_15", + "utils": "utils_8" + }, + "locked": { + "host": "gitlab.skynet.ie", + "lastModified": 1707154174, + "narHash": "sha256-oUOD6aIy8KvIsiAWxLApPgAkigDZwp3xZ8bmhKoWszY=", + "owner": "compsoc1%2Fskynet", + "repo": "website%2F2017", + "rev": "c81db388fac570a8cb646391ea461b9e60282043", + "type": "gitlab" + }, + "original": { + "host": "gitlab.skynet.ie", + "owner": "compsoc1%2Fskynet", + "repo": "website%2F2017", "type": "gitlab" } }, diff --git a/flake.nix b/flake.nix index 397f721..3480a59 100644 --- a/flake.nix +++ b/flake.nix @@ -41,17 +41,17 @@ owner = "compsoc1%2Fskynet"; repo = "ldap%2Ffrontend"; }; - skynet_website = { + skynet_website_2017 = { type = "gitlab"; host = "gitlab.skynet.ie"; owner = "compsoc1%2Fskynet"; - repo = "website%2F2023"; + repo = "website%2F2017"; }; - skynet_website_2016 = { + skynet_website_2009 = { type = "gitlab"; host = "gitlab.skynet.ie"; owner = "compsoc1%2Fskynet"; - repo = "website%2F2016"; + repo = "website%2F2009"; }; skynet_website_renew = { type = "gitlab"; From 34f8f0eb8c50cb056b8ab96e719108b07a4ca919 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 14 Jun 2024 20:38:46 +0100 Subject: [PATCH 408/826] femt: move skynet into its own subfolder --- applications/{ => skynet.ie}/skynet.ie.nix | 5 +---- machines/earth.nix | 2 +- 2 files changed, 2 insertions(+), 5 deletions(-) rename applications/{ => skynet.ie}/skynet.ie.nix (98%) diff --git a/applications/skynet.ie.nix b/applications/skynet.ie/skynet.ie.nix similarity index 98% rename from applications/skynet.ie.nix rename to applications/skynet.ie/skynet.ie.nix index 188bc64..fa69885 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie/skynet.ie.nix @@ -9,10 +9,7 @@ with lib; let name = "website"; cfg = config.services.skynet."${name}"; in { - imports = [ - ./acme.nix - ./dns.nix - ]; + imports = []; options.services.skynet."${name}" = { enable = mkEnableOption "Skynet Main Website"; diff --git a/machines/earth.nix b/machines/earth.nix index 9106027..4e63521 100644 --- a/machines/earth.nix +++ b/machines/earth.nix @@ -25,7 +25,7 @@ Notes: }; in { imports = [ - ../applications/skynet.ie.nix + ../applications/skynet.ie/skynet.ie.nix ]; deployment = { From 5c8dcdef000bc22c10f29c128ece3c0cf2dcab18 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 14 Jun 2024 21:28:52 +0100 Subject: [PATCH 409/826] feat: really easy to import in old versions of the site --- applications/skynet.ie/old_site.nix | 43 ++++++++++++++++++++++++++++ applications/skynet.ie/skynet.ie.nix | 33 ++++----------------- 2 files changed, 48 insertions(+), 28 deletions(-) create mode 100644 applications/skynet.ie/old_site.nix diff --git a/applications/skynet.ie/old_site.nix b/applications/skynet.ie/old_site.nix new file mode 100644 index 0000000..3b4a211 --- /dev/null +++ b/applications/skynet.ie/old_site.nix @@ -0,0 +1,43 @@ +{year}: { + config, + pkgs, + lib, + inputs, + ... +}: +with lib; { + imports = []; + + config = { + assertions = [ + { + assertion = asserts.assertOneOf "year" year [ + "2009" + "2017" + ]; + } + ]; + + services.skynet.acme.domains = [ + "${year}.skynet.ie" + ]; + + services.skynet.dns.records = [ + { + record = year; + r_type = "CNAME"; + value = config.services.skynet.host.name; + } + ]; + + services.nginx = { + virtualHosts = { + "${year}.skynet.ie" = { + forceSSL = true; + useACMEHost = "skynet"; + root = "${inputs."skynet_website_${year}".defaultPackage."x86_64-linux"}"; + }; + }; + }; + }; +} diff --git a/applications/skynet.ie/skynet.ie.nix b/applications/skynet.ie/skynet.ie.nix index fa69885..b5bcdf9 100644 --- a/applications/skynet.ie/skynet.ie.nix +++ b/applications/skynet.ie/skynet.ie.nix @@ -9,7 +9,11 @@ with lib; let name = "website"; cfg = config.services.skynet."${name}"; in { - imports = []; + imports = [ + # import in past website versions, available at $year.skynet.ie + (import ./old_site.nix {year = "2009";}) + (import ./old_site.nix {year = "2017";}) + ]; options.services.skynet."${name}" = { enable = mkEnableOption "Skynet Main Website"; @@ -17,9 +21,6 @@ in { config = mkIf cfg.enable { services.skynet.acme.domains = [ - # the root one is already covered by teh certificate - "2017.skynet.ie" - "2009.skynet.ie" "discord.skynet.ie" "public.skynet.ie" "renew.skynet.ie" @@ -32,16 +33,6 @@ in { r_type = "A"; value = config.services.skynet.host.ip; } - { - record = "2017"; - r_type = "CNAME"; - value = config.services.skynet.host.name; - } - { - record = "2009"; - r_type = "CNAME"; - value = config.services.skynet.host.name; - } { record = "discord"; r_type = "CNAME"; @@ -77,20 +68,6 @@ in { }; }; - # 2017 to now - "2017.skynet.ie" = { - forceSSL = true; - useACMEHost = "skynet"; - root = "${inputs.skynet_website_2017.defaultPackage."x86_64-linux"}"; - }; - - # archive of teh site as it was ~2009 to 2017 - "2009.skynet.ie" = { - forceSSL = true; - useACMEHost = "skynet"; - root = "${inputs.skynet_website_2009.defaultPackage."x86_64-linux"}"; - }; - # a custom discord url, because we are too cheap otehrwise "discord.skynet.ie" = { forceSSL = true; From 1d3549d54149cf2397b25e31d36459453f0b3cb8 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 14 Jun 2024 21:34:43 +0100 Subject: [PATCH 410/826] feat: current version is always on top --- applications/skynet.ie/old_site.nix | 9 --- applications/skynet.ie/skynet.ie.nix | 3 +- flake.lock | 95 ++++++++++++++++++++++++---- flake.nix | 32 ++++++---- 4 files changed, 103 insertions(+), 36 deletions(-) diff --git a/applications/skynet.ie/old_site.nix b/applications/skynet.ie/old_site.nix index 3b4a211..1e43255 100644 --- a/applications/skynet.ie/old_site.nix +++ b/applications/skynet.ie/old_site.nix @@ -9,15 +9,6 @@ with lib; { imports = []; config = { - assertions = [ - { - assertion = asserts.assertOneOf "year" year [ - "2009" - "2017" - ]; - } - ]; - services.skynet.acme.domains = [ "${year}.skynet.ie" ]; diff --git a/applications/skynet.ie/skynet.ie.nix b/applications/skynet.ie/skynet.ie.nix index b5bcdf9..ee99134 100644 --- a/applications/skynet.ie/skynet.ie.nix +++ b/applications/skynet.ie/skynet.ie.nix @@ -57,8 +57,7 @@ in { forceSSL = true; useACMEHost = "skynet"; locations = { - # this alwas points to teh current version of teh site - "/".root = "${inputs.skynet_website_2017.defaultPackage."x86_64-linux"}"; + "/".root = "${inputs.skynet_website.defaultPackage."x86_64-linux"}"; # this redirects old links to new format "~* ~(?[a-z_0-9]*)(?\\S*)$" = { diff --git a/flake.lock b/flake.lock index d9c6ef2..d3ee8ab 100644 --- a/flake.lock +++ b/flake.lock @@ -619,6 +619,20 @@ } }, "nixpkgs_14": { + "locked": { + "lastModified": 1689935543, + "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e43e2448161c0a2c4928abec4e16eae1516571bc", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_15": { "locked": { "lastModified": 1690026219, "narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=", @@ -632,7 +646,7 @@ "type": "indirect" } }, - "nixpkgs_15": { + "nixpkgs_16": { "locked": { "lastModified": 1689935543, "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", @@ -646,7 +660,7 @@ "type": "indirect" } }, - "nixpkgs_16": { + "nixpkgs_17": { "locked": { "lastModified": 1695978539, "narHash": "sha256-lta5HToBZMWZ2hl5CautNSUgIZViR41QxN7JKbMAjgQ=", @@ -660,7 +674,7 @@ "type": "indirect" } }, - "nixpkgs_17": { + "nixpkgs_18": { "locked": { "lastModified": 1695837737, "narHash": "sha256-KcqmJ5hNacLuE7fkz5586kp/vt4NLo6+Prq3DMgrxpQ=", @@ -807,6 +821,7 @@ "skynet_discord_bot": "skynet_discord_bot", "skynet_ldap_backend": "skynet_ldap_backend", "skynet_ldap_frontend": "skynet_ldap_frontend", + "skynet_website": "skynet_website", "skynet_website_2009": "skynet_website_2009", "skynet_website_2017": "skynet_website_2017", "skynet_website_games": "skynet_website_games", @@ -922,11 +937,32 @@ "type": "gitlab" } }, - "skynet_website_2009": { + "skynet_website": { "inputs": { "nixpkgs": "nixpkgs_14", "utils": "utils_7" }, + "locked": { + "host": "gitlab.skynet.ie", + "lastModified": 1707154174, + "narHash": "sha256-oUOD6aIy8KvIsiAWxLApPgAkigDZwp3xZ8bmhKoWszY=", + "owner": "compsoc1%2Fskynet", + "repo": "website%2F2017", + "rev": "c81db388fac570a8cb646391ea461b9e60282043", + "type": "gitlab" + }, + "original": { + "host": "gitlab.skynet.ie", + "owner": "compsoc1%2Fskynet", + "repo": "website%2F2017", + "type": "gitlab" + } + }, + "skynet_website_2009": { + "inputs": { + "nixpkgs": "nixpkgs_15", + "utils": "utils_8" + }, "locked": { "host": "gitlab.skynet.ie", "lastModified": 1690726067, @@ -945,8 +981,8 @@ }, "skynet_website_2017": { "inputs": { - "nixpkgs": "nixpkgs_15", - "utils": "utils_8" + "nixpkgs": "nixpkgs_16", + "utils": "utils_9" }, "locked": { "host": "gitlab.skynet.ie", @@ -966,8 +1002,8 @@ }, "skynet_website_games": { "inputs": { - "nixpkgs": "nixpkgs_16", - "utils": "utils_9" + "nixpkgs": "nixpkgs_17", + "utils": "utils_10" }, "locked": { "host": "gitlab.skynet.ie", @@ -987,8 +1023,8 @@ }, "skynet_website_renew": { "inputs": { - "nixpkgs": "nixpkgs_17", - "utils": "utils_10" + "nixpkgs": "nixpkgs_18", + "utils": "utils_11" }, "locked": { "host": "gitlab.skynet.ie", @@ -1067,6 +1103,21 @@ "type": "github" } }, + "systems_12": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -1223,6 +1274,24 @@ "type": "github" } }, + "utils_11": { + "inputs": { + "systems": "systems_12" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "utils_2": { "inputs": { "systems": "systems_3" @@ -1351,11 +1420,11 @@ "systems": "systems_10" }, "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", "owner": "numtide", "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 3480a59..667754b 100644 --- a/flake.nix +++ b/flake.nix @@ -41,18 +41,6 @@ owner = "compsoc1%2Fskynet"; repo = "ldap%2Ffrontend"; }; - skynet_website_2017 = { - type = "gitlab"; - host = "gitlab.skynet.ie"; - owner = "compsoc1%2Fskynet"; - repo = "website%2F2017"; - }; - skynet_website_2009 = { - type = "gitlab"; - host = "gitlab.skynet.ie"; - owner = "compsoc1%2Fskynet"; - repo = "website%2F2009"; - }; skynet_website_renew = { type = "gitlab"; host = "gitlab.skynet.ie"; @@ -77,6 +65,26 @@ owner = "compsoc1%2Fcompsoc"; repo = "presentations%2Fpresentations"; }; + + # skynet.ie + skynet_website = { + type = "gitlab"; + host = "gitlab.skynet.ie"; + owner = "compsoc1%2Fskynet"; + repo = "website%2F2017"; + }; + skynet_website_2017 = { + type = "gitlab"; + host = "gitlab.skynet.ie"; + owner = "compsoc1%2Fskynet"; + repo = "website%2F2017"; + }; + skynet_website_2009 = { + type = "gitlab"; + host = "gitlab.skynet.ie"; + owner = "compsoc1%2Fskynet"; + repo = "website%2F2009"; + }; }; nixConfig = { From 5c33399d97e8a4a4dc275ea804b7297379aa87d9 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 14 Jun 2024 22:03:21 +0100 Subject: [PATCH 411/826] feat: add teh snapshot at the end of the year --- applications/skynet.ie/skynet.ie.nix | 4 +- flake.lock | 82 ++++++++++++++++++++++++++-- flake.nix | 7 +++ 3 files changed, 86 insertions(+), 7 deletions(-) diff --git a/applications/skynet.ie/skynet.ie.nix b/applications/skynet.ie/skynet.ie.nix index ee99134..6a2afd3 100644 --- a/applications/skynet.ie/skynet.ie.nix +++ b/applications/skynet.ie/skynet.ie.nix @@ -11,8 +11,10 @@ with lib; let in { imports = [ # import in past website versions, available at $year.skynet.ie - (import ./old_site.nix {year = "2009";}) + # at teh end of teh year add it here + (import ./old_site.nix {year = "2023";}) (import ./old_site.nix {year = "2017";}) + (import ./old_site.nix {year = "2009";}) ]; options.services.skynet."${name}" = { diff --git a/flake.lock b/flake.lock index d3ee8ab..ed93cde 100644 --- a/flake.lock +++ b/flake.lock @@ -661,6 +661,20 @@ } }, "nixpkgs_17": { + "locked": { + "lastModified": 1689935543, + "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e43e2448161c0a2c4928abec4e16eae1516571bc", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_18": { "locked": { "lastModified": 1695978539, "narHash": "sha256-lta5HToBZMWZ2hl5CautNSUgIZViR41QxN7JKbMAjgQ=", @@ -674,7 +688,7 @@ "type": "indirect" } }, - "nixpkgs_18": { + "nixpkgs_19": { "locked": { "lastModified": 1695837737, "narHash": "sha256-KcqmJ5hNacLuE7fkz5586kp/vt4NLo6+Prq3DMgrxpQ=", @@ -824,6 +838,7 @@ "skynet_website": "skynet_website", "skynet_website_2009": "skynet_website_2009", "skynet_website_2017": "skynet_website_2017", + "skynet_website_2023": "skynet_website_2023", "skynet_website_games": "skynet_website_games", "skynet_website_renew": "skynet_website_renew" } @@ -1000,11 +1015,33 @@ "type": "gitlab" } }, - "skynet_website_games": { + "skynet_website_2023": { "inputs": { "nixpkgs": "nixpkgs_17", "utils": "utils_10" }, + "locked": { + "host": "gitlab.skynet.ie", + "lastModified": 1696876711, + "narHash": "sha256-WdZQBLTX6WK8iT7FwvD6sNEefGwtAWmzxZzCvvmDxGo=", + "owner": "compsoc1%2Fskynet", + "repo": "website%2F2017", + "rev": "c4d61c753292bf73ed41b47b1607cfc92a82a191", + "type": "gitlab" + }, + "original": { + "host": "gitlab.skynet.ie", + "owner": "compsoc1%2Fskynet", + "repo": "website%2F2017", + "rev": "c4d61c753292bf73ed41b47b1607cfc92a82a191", + "type": "gitlab" + } + }, + "skynet_website_games": { + "inputs": { + "nixpkgs": "nixpkgs_18", + "utils": "utils_11" + }, "locked": { "host": "gitlab.skynet.ie", "lastModified": 1708103254, @@ -1023,8 +1060,8 @@ }, "skynet_website_renew": { "inputs": { - "nixpkgs": "nixpkgs_18", - "utils": "utils_11" + "nixpkgs": "nixpkgs_19", + "utils": "utils_12" }, "locked": { "host": "gitlab.skynet.ie", @@ -1118,6 +1155,21 @@ "type": "github" } }, + "systems_13": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -1260,6 +1312,24 @@ "inputs": { "systems": "systems_11" }, + "locked": { + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_11": { + "inputs": { + "systems": "systems_12" + }, "locked": { "lastModified": 1694529238, "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", @@ -1274,9 +1344,9 @@ "type": "github" } }, - "utils_11": { + "utils_12": { "inputs": { - "systems": "systems_12" + "systems": "systems_13" }, "locked": { "lastModified": 1694529238, diff --git a/flake.nix b/flake.nix index 667754b..1cf7b96 100644 --- a/flake.nix +++ b/flake.nix @@ -73,6 +73,13 @@ owner = "compsoc1%2Fskynet"; repo = "website%2F2017"; }; + skynet_website_2023 = { + type = "gitlab"; + host = "gitlab.skynet.ie"; + owner = "compsoc1%2Fskynet"; + repo = "website%2F2017"; + rev = "c4d61c753292bf73ed41b47b1607cfc92a82a191"; + }; skynet_website_2017 = { type = "gitlab"; host = "gitlab.skynet.ie"; From d3030aa2d1dd869030d1a9ab83e61403935fa03f Mon Sep 17 00:00:00 2001 From: daragh Date: Sat, 15 Jun 2024 13:22:18 +0100 Subject: [PATCH 412/826] Changing spf and dmarc config --- applications/email.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/applications/email.nix b/applications/email.nix index ade5e0f..5d9f41a 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -299,7 +299,7 @@ in { { record = "${cfg.domain}."; r_type = "TXT"; - value = ''"v=spf1 a:${cfg.sub}.${cfg.domain} -all"''; + value = ''"v=spf1 include:mail.skynet.ie include:skynet.ie ip4:${cfg.host.ip} -all"''; } # DKIM keys @@ -324,7 +324,7 @@ in { # adkim : alignment policy for DKIM, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed # aspf : alignment policy for SPF, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed # sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent - value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=s; aspf=s; sp=none"''; + value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=s; aspf=s; sp=quarantine"''; } # reverse pointer From 1b848029e26f2a56d204ce2128fb16a4e6dd8ae3 Mon Sep 17 00:00:00 2001 From: daragh Date: Sat, 15 Jun 2024 14:30:40 +0100 Subject: [PATCH 413/826] fix host ip variable --- applications/email.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/email.nix b/applications/email.nix index 5d9f41a..0d13325 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -299,7 +299,7 @@ in { { record = "${cfg.domain}."; r_type = "TXT"; - value = ''"v=spf1 include:mail.skynet.ie include:skynet.ie ip4:${cfg.host.ip} -all"''; + value = ''"v=spf1 include:mail.skynet.ie include:skynet.ie ip4:${config.services.skynet.host.ip} -all"''; } # DKIM keys From 149b58ce0978f562d78d27670b26a0be4f2c9478 Mon Sep 17 00:00:00 2001 From: daragh Date: Sat, 15 Jun 2024 14:42:36 +0100 Subject: [PATCH 414/826] use cfg variables --- applications/email.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/email.nix b/applications/email.nix index 0d13325..008828e 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -299,7 +299,7 @@ in { { record = "${cfg.domain}."; r_type = "TXT"; - value = ''"v=spf1 include:mail.skynet.ie include:skynet.ie ip4:${config.services.skynet.host.ip} -all"''; + value = ''"v=spf1 include:${cfg.sub}.${cfg.domain} include:${cfg.domain} ip4:${config.services.skynet.host.ip} -all"''; } # DKIM keys From 452f33baa8d9b932e3e080d9e53746c80b9a7604 Mon Sep 17 00:00:00 2001 From: daragh downes Date: Sat, 15 Jun 2024 13:51:51 +0000 Subject: [PATCH 415/826] Update .gitlab-ci.yml file --- .gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4e56b1d..72841cc 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -54,6 +54,7 @@ sync_repos: .scripts_base: &scripts_base # load nix environment + - echo $CI_COMMIT_REF_NAME - git pull origin $CI_COMMIT_REF_NAME - . "$HOME/.nix-profile/etc/profile.d/nix.sh" - nix --extra-experimental-features 'nix-command flakes' profile install nixpkgs#colmena From ed331c3f08c12db361638725c2e9405271323fb3 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 15 Jun 2024 14:02:01 +0000 Subject: [PATCH 416/826] Originally this was set up so updating teh flake and pushing out to servers would occur in a single pipeline. Add Relates to #79 --- .gitlab-ci.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 72841cc..696538e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -30,7 +30,7 @@ update: # the part that updates the flake - nix --experimental-features 'nix-command flakes' flake lock --update-input $PACKAGE_NAME - git add flake.lock - - git commit -m "[skip ci] Updated flake for $PACKAGE_NAME" || echo "No changes, nothing to commit" + - git commit -m "Updated flake for $PACKAGE_NAME" || echo "No changes, nothing to commit" # we have a custom domain - git remote rm origin && git remote add origin ssh://git@gitlab.skynet.ie:2222/compsoc1/skynet/nixos.git - git push origin HEAD:$CI_COMMIT_REF_NAME @@ -51,11 +51,11 @@ sync_repos: - if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' changes: - sync/repos.csv + - if: $UPDATE_FLAKE == "yes" + when: never .scripts_base: &scripts_base # load nix environment - - echo $CI_COMMIT_REF_NAME - - git pull origin $CI_COMMIT_REF_NAME - . "$HOME/.nix-profile/etc/profile.d/nix.sh" - nix --extra-experimental-features 'nix-command flakes' profile install nixpkgs#colmena @@ -86,6 +86,8 @@ sync_repos: - flake.* - .gitlab-ci.yml - config/**/* + - if: $UPDATE_FLAKE == "yes" + when: never # deploy items only run on main .deploy_template: &deployment @@ -102,6 +104,8 @@ sync_repos: - machines/**/* - secrets/**/* - config/**/* + - if: $UPDATE_FLAKE == "yes" + when: never linter: <<: *builder @@ -155,7 +159,6 @@ deploy_ext: - deploy_dns script: - colmena apply -v --on @active-ext - allow_failure: true deploy_gitlab: <<: *builder From e0a461bb0aba734e08fa381b52488fa0c05f823a Mon Sep 17 00:00:00 2001 From: daragh Date: Sat, 15 Jun 2024 15:07:08 +0100 Subject: [PATCH 417/826] test --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f98fd97..57aab1f 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Skynet -This is teh core config for teh skynet cluster which uses [NixOS][1]. +This is teh core config for teh skynet cluster which uses [NixOS][1]. ## Dev ### Prep @@ -122,4 +122,4 @@ nix fmt [6]: https://github.com/ryantm/agenix [7]: https://docs.gitlab.com/ee/user/ssh.html#see-if-you-have-an-existing-ssh-key-pair [8]: https://gitlab.skynet.ie/compsoc1/skynet/nixos/-/blob/main/secrets/secrets.nix#L2 -[9]: https://gitlab.skynet.ie/compsoc1/skynet/nixos/-/merge_requests/4 \ No newline at end of file +[9]: https://gitlab.skynet.ie/compsoc1/skynet/nixos/-/merge_requests/4 From c0ddc2d6a913c6406536f498b7b64a0fd894e30d Mon Sep 17 00:00:00 2001 From: daragh Date: Sat, 15 Jun 2024 15:23:36 +0100 Subject: [PATCH 418/826] switch include to a, remove skynet.ie --- applications/email.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/email.nix b/applications/email.nix index 008828e..182c280 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -299,7 +299,7 @@ in { { record = "${cfg.domain}."; r_type = "TXT"; - value = ''"v=spf1 include:${cfg.sub}.${cfg.domain} include:${cfg.domain} ip4:${config.services.skynet.host.ip} -all"''; + value = ''"v=spf1 a:${cfg.sub}.${cfg.domain} ip4:${config.services.skynet.host.ip} -all"''; } # DKIM keys From 5933cb5dfe918dfb4a27eb2297ae5167a206440e Mon Sep 17 00:00:00 2001 From: daragh Date: Sat, 15 Jun 2024 15:25:19 +0100 Subject: [PATCH 419/826] Revert "test" This reverts commit e0a461bb0aba734e08fa381b52488fa0c05f823a. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 57aab1f..f98fd97 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Skynet -This is teh core config for teh skynet cluster which uses [NixOS][1]. +This is teh core config for teh skynet cluster which uses [NixOS][1]. ## Dev ### Prep @@ -122,4 +122,4 @@ nix fmt [6]: https://github.com/ryantm/agenix [7]: https://docs.gitlab.com/ee/user/ssh.html#see-if-you-have-an-existing-ssh-key-pair [8]: https://gitlab.skynet.ie/compsoc1/skynet/nixos/-/blob/main/secrets/secrets.nix#L2 -[9]: https://gitlab.skynet.ie/compsoc1/skynet/nixos/-/merge_requests/4 +[9]: https://gitlab.skynet.ie/compsoc1/skynet/nixos/-/merge_requests/4 \ No newline at end of file From 40ece2f683ecfb6073af521f4a65a713504eb31b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 16 Jun 2024 15:10:14 +0100 Subject: [PATCH 420/826] fix: originally this was a spreadsheet, split out and emulate the form better --- ITD_Firewall.csv => ITD/Firewall_Rules.csv | 0 ITD/Server_Inventory.csv | 19 +++++++++++++++++++ 2 files changed, 19 insertions(+) rename ITD_Firewall.csv => ITD/Firewall_Rules.csv (100%) create mode 100644 ITD/Server_Inventory.csv diff --git a/ITD_Firewall.csv b/ITD/Firewall_Rules.csv similarity index 100% rename from ITD_Firewall.csv rename to ITD/Firewall_Rules.csv diff --git a/ITD/Server_Inventory.csv b/ITD/Server_Inventory.csv new file mode 100644 index 0000000..7978336 --- /dev/null +++ b/ITD/Server_Inventory.csv @@ -0,0 +1,19 @@ +Index,Status,Name,IP_Address,DNS_Name,Ports TCP,Ports UDP,Tunnel,Ports_Requested,Related_Tickets,Description +SKYNET00001,Active,agentjones,193.1.99.72,agentjones,,,,,,Firewall (currently not active) +SKYNET00002,Active,vendetta,193.1.99.120,vendetta/ns1,,53,,,,DNS Nameserver 1 +SKYNET00003,Active,jarvis,193.1.99.73,jarvis,,,,,,VM Host +SKYNET00004,Active,vigil,193.1.99.109,vigil/ns2,,53,,,,DNS Nameserver 2 +SKYNET00005,Active,galatea,193.1.99.111,galatea/stream,80/443 8000,,,,,ULFM Radio +SKYNET00006,Retired,optimus,193.1.99.112,optimus/games/*.games,80/443 25565,,,,,Retired Games server +SKYNET00007,Active,kitt,193.1.99.74,kitt/account/api.account,443,,,-> skynet:9000-9020,i23-07-28_010,"LDAP and Self-Service Password/Account management, also hosts our Discord bot" +SKYNET00008,Active,glados,193.1.99.75,glados/gitlab/*.pages.gitlab,80/443,,,,i23-05-18_249,Gitlab server +SKYNET00009,Active,gir,193.1.99.76,gir/mail/imap/pop3/smtp,80/443 25/143/993/587/465,,,4190,i23-06-19_525/i23-06-19_525,Email and Webmail +SKYNET00010,Active,wheatly,193.1.99.78,wheatly,,,-> skynet:22,,,Gitlab Runner +SKYNET00011,Active,earth,193.1.99.79,earth,80/443,,,,i23-06-19_525,Offical website host +SKYNET00012,Active,skynet,193.1.96.165,skynet/*.users,22 80/443,,,,i23-06-30_024,Skynet server. (DMZ) +SKYNET00013,Active,neuromancer,193.1.99.80,neuromancer,,,,,,Local Backup Server +SKYNET00014,Active,cadie,193.1.99.77,cadie/nextcloud/onlyoffice.nextcloud,80/443,,,,i23-10-27_014,"Services VM, has nextcloud to start with" +SKYNET00015,Active,marvin,193.1.99.81,marvin,,,,,,Trainee testing server +SKYNET00016,Active,optimus,193.1.99.90,,80/443,,,8080,i24-02-16_065,Games server manager (replacing SKYNET00006 soon) +SKYNET00017,Active,bumblebee,193.1.99.91,,25518-25525,19132 24418-24425,,,i24-02-16_065,Game server - Minecraft +SKYNET00018,Active,calculon,193.1.99.82,,,,,80/443,,"Public Services such as binary cache, Open Governance and Keyserver" From d226e905a2f45f57f5a61077d55d45ff24700e67 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 16 Jun 2024 15:21:23 +0100 Subject: [PATCH 421/826] fix: cut don what we have to fit better in the original format --- ITD/Server_Inventory.csv | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/ITD/Server_Inventory.csv b/ITD/Server_Inventory.csv index 7978336..4f4b69b 100644 --- a/ITD/Server_Inventory.csv +++ b/ITD/Server_Inventory.csv @@ -1,19 +1,19 @@ -Index,Status,Name,IP_Address,DNS_Name,Ports TCP,Ports UDP,Tunnel,Ports_Requested,Related_Tickets,Description -SKYNET00001,Active,agentjones,193.1.99.72,agentjones,,,,,,Firewall (currently not active) -SKYNET00002,Active,vendetta,193.1.99.120,vendetta/ns1,,53,,,,DNS Nameserver 1 -SKYNET00003,Active,jarvis,193.1.99.73,jarvis,,,,,,VM Host -SKYNET00004,Active,vigil,193.1.99.109,vigil/ns2,,53,,,,DNS Nameserver 2 -SKYNET00005,Active,galatea,193.1.99.111,galatea/stream,80/443 8000,,,,,ULFM Radio -SKYNET00006,Retired,optimus,193.1.99.112,optimus/games/*.games,80/443 25565,,,,,Retired Games server -SKYNET00007,Active,kitt,193.1.99.74,kitt/account/api.account,443,,,-> skynet:9000-9020,i23-07-28_010,"LDAP and Self-Service Password/Account management, also hosts our Discord bot" -SKYNET00008,Active,glados,193.1.99.75,glados/gitlab/*.pages.gitlab,80/443,,,,i23-05-18_249,Gitlab server -SKYNET00009,Active,gir,193.1.99.76,gir/mail/imap/pop3/smtp,80/443 25/143/993/587/465,,,4190,i23-06-19_525/i23-06-19_525,Email and Webmail -SKYNET00010,Active,wheatly,193.1.99.78,wheatly,,,-> skynet:22,,,Gitlab Runner -SKYNET00011,Active,earth,193.1.99.79,earth,80/443,,,,i23-06-19_525,Offical website host -SKYNET00012,Active,skynet,193.1.96.165,skynet/*.users,22 80/443,,,,i23-06-30_024,Skynet server. (DMZ) -SKYNET00013,Active,neuromancer,193.1.99.80,neuromancer,,,,,,Local Backup Server -SKYNET00014,Active,cadie,193.1.99.77,cadie/nextcloud/onlyoffice.nextcloud,80/443,,,,i23-10-27_014,"Services VM, has nextcloud to start with" -SKYNET00015,Active,marvin,193.1.99.81,marvin,,,,,,Trainee testing server -SKYNET00016,Active,optimus,193.1.99.90,,80/443,,,8080,i24-02-16_065,Games server manager (replacing SKYNET00006 soon) -SKYNET00017,Active,bumblebee,193.1.99.91,,25518-25525,19132 24418-24425,,,i24-02-16_065,Game server - Minecraft -SKYNET00018,Active,calculon,193.1.99.82,,,,,80/443,,"Public Services such as binary cache, Open Governance and Keyserver" +Index,Name,Status,IP_Address,OS,Description +SKYNET00001,agentjones,Active,193.1.99.72,Nixos-24.05,Firewall (currently not active) +SKYNET00002,vendetta,Active,193.1.99.120,Nixos-24.05,DNS Nameserver 1 +SKYNET00003,jarvis,Active,193.1.99.73,Nixos-24.05,VM Host +SKYNET00004,vigil,Active,193.1.99.109,Nixos-24.05,DNS Nameserver 2 +SKYNET00005,galatea,Active,193.1.99.111,Nixos-24.05,ULFM Radio +SKYNET00006,optimus,Retired,193.1.99.112,Nixos-24.05,Retired Games server +SKYNET00007,kitt,Active,193.1.99.74,Nixos-24.05,"LDAP and Self-Service Password/Account management, also hosts our Discord bot" +SKYNET00008,glados,Active,193.1.99.75,Nixos-24.05,Gitlab server +SKYNET00009,gir,Active,193.1.99.76,Nixos-24.05,Email and Webmail +SKYNET00010,wheatly,Active,193.1.99.78,Nixos-24.05,Gitlab Runner +SKYNET00011,earth,Active,193.1.99.79,Nixos-24.05,Offical website host +SKYNET00012,skynet,Active,193.1.96.165,Nixos-24.05,Skynet server. (DMZ) +SKYNET00013,neuromancer,Active,193.1.99.80,Nixos-24.05,Local Backup Server +SKYNET00014,cadie,Active,193.1.99.77,Nixos-24.05,"Services VM, has nextcloud to start with" +SKYNET00015,marvin,Active,193.1.99.81,Nixos-24.05,Trainee testing server +SKYNET00016,optimus,Active,193.1.99.90,Debian-12,Games server manager (replacing SKYNET00006 soon) +SKYNET00017,bumblebee,Active,193.1.99.91,Debian-12,Game server - Minecraft +SKYNET00018,calculon,Active,193.1.99.82,Nixos-24.05,"Public Services such as binary cache, Open Governance and Keyserver" From 7ea813667be93301cb511a42b46ddac2db391c5f Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 17 Jun 2024 01:17:27 +0100 Subject: [PATCH 422/826] git: update the lockfile to deal with open office --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index 0d38c4e..3e54b4d 100644 --- a/.gitignore +++ b/.gitignore @@ -6,6 +6,9 @@ *.tmp tmp +# open office tmp lockfiles +.~lock.* + # Test files test.* *.test.* From 897c52cc3ee93b4b048f24381ea97dafab112abd Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 17 Jun 2024 01:17:52 +0100 Subject: [PATCH 423/826] doc: added the new servers --- ITD/Server_Inventory.csv | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ITD/Server_Inventory.csv b/ITD/Server_Inventory.csv index 4f4b69b..81db6db 100644 --- a/ITD/Server_Inventory.csv +++ b/ITD/Server_Inventory.csv @@ -17,3 +17,5 @@ SKYNET00015,marvin,Active,193.1.99.81,Nixos-24.05,Trainee testing server SKYNET00016,optimus,Active,193.1.99.90,Debian-12,Games server manager (replacing SKYNET00006 soon) SKYNET00017,bumblebee,Active,193.1.99.91,Debian-12,Game server - Minecraft SKYNET00018,calculon,Active,193.1.99.82,Nixos-24.05,"Public Services such as binary cache, Open Governance and Keyserver" +SKYNET00019,deepthought,Active,193.1.99.112,Nixos-24.05,Backup Test Server using restic +SKYNET00020,,,193.1.99.83,Nixos-24.05,"Metrics, Grafana and Prometheus" \ No newline at end of file From 44c81b1f3e88e7f0712df579598077f28089e022 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 17 Jun 2024 01:20:29 +0100 Subject: [PATCH 424/826] doc: reorganised to encompass all teh tickets we have submitted over time. May work on a tool that compiles this together into a unified output? --- ITD/Firewall_Rules.csv | 61 +++++++++++++++++++++++++++++------------- 1 file changed, 42 insertions(+), 19 deletions(-) diff --git a/ITD/Firewall_Rules.csv b/ITD/Firewall_Rules.csv index 7978336..2419b0d 100644 --- a/ITD/Firewall_Rules.csv +++ b/ITD/Firewall_Rules.csv @@ -1,19 +1,42 @@ -Index,Status,Name,IP_Address,DNS_Name,Ports TCP,Ports UDP,Tunnel,Ports_Requested,Related_Tickets,Description -SKYNET00001,Active,agentjones,193.1.99.72,agentjones,,,,,,Firewall (currently not active) -SKYNET00002,Active,vendetta,193.1.99.120,vendetta/ns1,,53,,,,DNS Nameserver 1 -SKYNET00003,Active,jarvis,193.1.99.73,jarvis,,,,,,VM Host -SKYNET00004,Active,vigil,193.1.99.109,vigil/ns2,,53,,,,DNS Nameserver 2 -SKYNET00005,Active,galatea,193.1.99.111,galatea/stream,80/443 8000,,,,,ULFM Radio -SKYNET00006,Retired,optimus,193.1.99.112,optimus/games/*.games,80/443 25565,,,,,Retired Games server -SKYNET00007,Active,kitt,193.1.99.74,kitt/account/api.account,443,,,-> skynet:9000-9020,i23-07-28_010,"LDAP and Self-Service Password/Account management, also hosts our Discord bot" -SKYNET00008,Active,glados,193.1.99.75,glados/gitlab/*.pages.gitlab,80/443,,,,i23-05-18_249,Gitlab server -SKYNET00009,Active,gir,193.1.99.76,gir/mail/imap/pop3/smtp,80/443 25/143/993/587/465,,,4190,i23-06-19_525/i23-06-19_525,Email and Webmail -SKYNET00010,Active,wheatly,193.1.99.78,wheatly,,,-> skynet:22,,,Gitlab Runner -SKYNET00011,Active,earth,193.1.99.79,earth,80/443,,,,i23-06-19_525,Offical website host -SKYNET00012,Active,skynet,193.1.96.165,skynet/*.users,22 80/443,,,,i23-06-30_024,Skynet server. (DMZ) -SKYNET00013,Active,neuromancer,193.1.99.80,neuromancer,,,,,,Local Backup Server -SKYNET00014,Active,cadie,193.1.99.77,cadie/nextcloud/onlyoffice.nextcloud,80/443,,,,i23-10-27_014,"Services VM, has nextcloud to start with" -SKYNET00015,Active,marvin,193.1.99.81,marvin,,,,,,Trainee testing server -SKYNET00016,Active,optimus,193.1.99.90,,80/443,,,8080,i24-02-16_065,Games server manager (replacing SKYNET00006 soon) -SKYNET00017,Active,bumblebee,193.1.99.91,,25518-25525,19132 24418-24425,,,i24-02-16_065,Game server - Minecraft -SKYNET00018,Active,calculon,193.1.99.82,,,,,80/443,,"Public Services such as binary cache, Open Governance and Keyserver" +Rule,Action,Ticket,Status,Source_IP,Source_Server,Destination_IP,Destination_Server,Port_TCP,Port_UDP,Notes +SKYNET_FIREWALL_00000,Add,,Complete,VPN,-,93.1.99.71 - 193.1.99.126,All,22,-,sftp/ssh required from vpn to servers for admins +SKYNET_FIREWALL_00001,Add,,Complete,All,-,193.1.99.109,SKYNET00004,-,53,Nameserver for skynet.ie +SKYNET_FIREWALL_00002,Add,,Complete,All,-,193.1.99.111,SKYNET00005,"80, 443, 8000",-,"ULFM, http(s) for internet streaming, 8000 for connecting to the server." +SKYNET_FIREWALL_00003,Add,,Complete,All,-,193.1.99.112,SKYNET00006,"80, 443, 25565",-,"Games host, Minecraft uses 25565 (will have more ports in the future)" +SKYNET_FIREWALL_00004,Add,,Complete,All,-,193.1.99.120,SKYNET00002,-,53,Nameserver for skynet.ie +SKYNET_FIREWALL_00005,Add,i23-01-19_681,Complete,193.1.99.72,SKYNET00001,All,-,-,-,Allow outbound access +SKYNET_FIREWALL_00006,Add,i23-01-19_681,Complete,193.1.99.75,SKYNET00008,All,-,-,-,Allow outbound access +SKYNET_FIREWALL_00007,Add,i23-01-19_681,Complete,193.1.99.109,SKYNET00004,All,-,-,-,Allow outbound access +SKYNET_FIREWALL_00008,Add,i23-01-19_681,Complete,193.1.99.111,SKYNET00005,All,-,-,-,Allow outbound access +SKYNET_FIREWALL_00009,Add,i23-01-19_681,Complete,193.1.99.112,SKYNET00006,All,-,-,-,Allow outbound access +SKYNET_FIREWALL_00010,Add,i23-01-19_681,Complete,193.1.99.120,SKYNET00002,All,-,-,-,Allow outbound access +SKYNET_FIREWALL_00011,Add,i23-05-18_249,Complete,All,-,193.1.99.75,SKYNET00008,"80, 443",-,For gitlab Access +SKYNET_FIREWALL_00012,Add,i23-05-18_249,Complete,193.1.99.72 - 193.1.99.126,-,All,-,-,-,"I would also like to extend the outbound access to cover our entire range (193.1.99.72 to 193.1.99.126) to allow for setup for more servers on those ip's (need to download updates and packages). +I have a few servers I plan to setup over the next two weeks, one after another as the later ones depend on earlier ones. +In such a case asking for permission for each individual IP would induce several tickets and a few weeks of paperwork going through change control. +Only a few of these sevices will need inbound ports opened on ITD's firewall, which can be requested when the systems are up, running and secured." +SKYNET_FIREWALL_00013,Add,i23-05-18_249,Complete,All,-,193.1.99.76,SKYNET00009,"143, 993, 587, 465",-,Email Server +SKYNET_FIREWALL_00014,Add,i23-06-19_525,Complete,All,-,193.1.99.76,SKYNET00009,"80, 443, 25",-,"Mailserver here, SPF, DKIM and DMARC are all set up" +SKYNET_FIREWALL_00015,Add,i23-06-19_525,Complete,All,-,193.1.99.79,SKYNET00011,"80, 443",-,Main Skynet webserver +SKYNET_FIREWALL_00016,Add,i23-06-30_024,Complete,All,-,193.1.96.165,SKYNET00012,22,-,"Skynet user's server +Outlet is 131 or 132" +SKYNET_FIREWALL_00017,Add,i23-06-30_024,Complete,193.1.96.165,SKYNET00012,193.1.99.120,SKYNET00002,-,53,Allow Skynet server to use our own internal DNS +SKYNET_FIREWALL_00018,Add,i23-06-30_024,Complete,193.1.96.165,SKYNET00012,193.1.99.74,SKYNET00007,389/636,-,Allow Skynet server to access LDAP +,Add,i23-07-28_010,Denied,All,-,193.1.99.74,SKYNET00007,"80, 443",-,Self Service site for Skynet accounts – Only 443 on account modification pages +SKYNET_FIREWALL_00019,Add,i23-07-28_010,Complete,All,-,193.1.99.74,SKYNET00007,443,-,Self Service site for Skynet accounts +SKYNET_FIREWALL_00020,Add,i23-09-05_639,Complete,All,-,193.1.96.165,SKYNET00012,"80, 443",-,Web hosting for user sites +SKYNET_FIREWALL_00021,Add,i23-10-27_014,Complete,All,-,193.1.99.77,SKYNET00014,"80, 443",-,"Nextcloud, selfhosted google services, filestorage and documents" +SKYNET_FIREWALL_00022,Add,i24-02-01_102,Complete,193.1.96.165,SKYNET00012,103.1.99.109,SKYNET00004,-,53,Give the Skynet server access to ur secondary DNS +SKYNET_FIREWALL_00023,Add,i24-02-01_102,Complete,193.1.99.78,SKYNET00010,193.1.96.165,SKYNET00012,22,-,Allow our gitlab runner to access and deploy to teh external server +SKYNET_FIREWALL_00024,Add,i24-02-16_065,Complete,All,-,193.1.99.90,SKYNET00016,"80, 443",-,Games Server Administrative panel +SKYNET_FIREWALL_00025,Add,i24-02-16_065,Complete,All,-,193.1.99.91,SKYNET00017,25518-25525,"19132, 24418-24425",Minecraft Games server +SKYNET_FIREWALL_00026,Add,i24-06-04_017,Complete,All,-,193.1.99.76,SKYNET00009,4190,-,"Email sieve to allow members to add email filters to their +skynet mail." +SKYNET_FIREWALL_00027,Add,i24-06-04_017,Complete,All,-,193.1.99.82,SKYNET00018,80/443,-,"Public services such as a binary cache, open governance and keyserver" +,Add,i24-06-04_017,Denied,All,-,193.1.99.90,SKYNET00016,8080,-,"Websocket for admin panel on games management server +Denied because more information on wat it was for was requested" +,Add,i24-06-04_017,Denied,193.1.99.74,SKYNET00007,193.1.96.165,SKYNET00012,9000-9020,-,"Metrics collection, not done because not enough info provided" +SKYNET_FIREWALL_00028,Remove,i24-06-04_017,Complete,-,-,193.1.99.112,SKYNET00019,25565,-,No longer the minecraft game host +,Add,i24-06-04_017,Pending,All,-,193.1.99.90,SKYNET00016,8080,-,Websocket for admin panel on games management server +,Add,i24-06-04_017,Pending,193.1.99.83,SKYNET00020,193.1.96.165,SKYNET00012,9000-9010,-,Metrics Collection +,Add,i24-06-04_017,Pending,All,-,193.1.99.83,SKYNET00020,"80, 443",-,Web interface for Metrics server From 435379e61099009bf30c3269ac7c443868c5449b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 17 Jun 2024 01:24:53 +0100 Subject: [PATCH 425/826] doc: imported in the VPN Admins --- ITD/VPN_Admins.csv | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ITD/VPN_Admins.csv diff --git a/ITD/VPN_Admins.csv b/ITD/VPN_Admins.csv new file mode 100644 index 0000000..73b1e41 --- /dev/null +++ b/ITD/VPN_Admins.csv @@ -0,0 +1,4 @@ +Index,First Name,Surname,UL Student Email,Status,Date Modified +SKYNET_VPN_ADM_001,Brendan,Golden,12136891@studentmail.ul.ie,Active,2023/04/04 +SKYNET_VPN_ADM_002,Evan,Cassidy,,Active,2023/04/04 +SKYNET_VPN_ADM_003,Eoghan,Conlon,21310262@studentmail.ul.ie,Active,2023/04/04 \ No newline at end of file From c197f0df85f040f97ee439af026ae6066ccc736b Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 17 Jun 2024 00:48:14 +0000 Subject: [PATCH 426/826] Updated flake for skynet_website_2009 --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index ed93cde..167b380 100644 --- a/flake.lock +++ b/flake.lock @@ -980,11 +980,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1690726067, - "narHash": "sha256-/BrljRmgR65bdqWgGBBWlTFiBzr0EBh1OeMlLj+xTg4=", + "lastModified": 1718585207, + "narHash": "sha256-jlCZv+KCCiI0Cx0nnMFPalBdx/fN2JgLNXvc4OAwNvE=", "owner": "compsoc1%2Fskynet", "repo": "website%2F2009", - "rev": "63e0b33c5a48cbd4e68f23dde4987959b6c8e97e", + "rev": "12712f3b3ffc80782cc520d46f91b9f5df1fab69", "type": "gitlab" }, "original": { From 6229abcefa2dc63b2b40f2ef855e9c6849f48ebc Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 17 Jun 2024 01:11:03 +0000 Subject: [PATCH 427/826] fix: put teh blockers for teh update of teh flakes first --- .gitlab-ci.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 696538e..319bd66 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -48,11 +48,11 @@ sync_repos: - chmod +x ./sync.sh - ./sync.sh rules: + - if: $UPDATE_FLAKE == "yes" + when: never - if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' changes: - sync/repos.csv - - if: $UPDATE_FLAKE == "yes" - when: never .scripts_base: &scripts_base # load nix environment @@ -79,6 +79,8 @@ sync_repos: - *scripts_base - *scripts_cache rules: + - if: $UPDATE_FLAKE == "yes" + when: never - changes: - applications/**/* - machines/**/* @@ -86,8 +88,6 @@ sync_repos: - flake.* - .gitlab-ci.yml - config/**/* - - if: $UPDATE_FLAKE == "yes" - when: never # deploy items only run on main .deploy_template: &deployment @@ -96,6 +96,8 @@ sync_repos: - *scripts_base - *scripts_cache rules: + - if: $UPDATE_FLAKE == "yes" + when: never - if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' changes: - flake.nix @@ -104,8 +106,6 @@ sync_repos: - machines/**/* - secrets/**/* - config/**/* - - if: $UPDATE_FLAKE == "yes" - when: never linter: <<: *builder From 07cb42dd6597b85bcf86ed7a22e19db8755d856e Mon Sep 17 00:00:00 2001 From: runner_nix Date: Mon, 17 Jun 2024 01:39:31 +0000 Subject: [PATCH 428/826] Updated flake for skynet_website_renew --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 167b380..b686b3e 100644 --- a/flake.lock +++ b/flake.lock @@ -1065,11 +1065,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1716848712, - "narHash": "sha256-0QOzHlYyuCxrsL4A+u5zW9BoV0pvmqDB681BVTxoD3c=", + "lastModified": 1718588317, + "narHash": "sha256-nQNHu9H7oLXO7dNFZ2bSQKwCvhz01/9wzeqOVsvsQyQ=", "owner": "compsoc1%2Fskynet", "repo": "website%2Falumni-renew", - "rev": "054b04f46285ef80a3d059253f1ed9e607b6fd46", + "rev": "5c169522049c7a2dbbcbfdde0eeda3cabd22f561", "type": "gitlab" }, "original": { From 8009b7c8d11c6c89829f513952d4e96d216b2754 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 17 Jun 2024 20:52:03 +0100 Subject: [PATCH 429/826] fix: some small fixes for prometheus --- applications/prometheus.nix | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/applications/prometheus.nix b/applications/prometheus.nix index 674d161..a342a76 100644 --- a/applications/prometheus.nix +++ b/applications/prometheus.nix @@ -21,7 +21,7 @@ with lib; let ) nodes ); - node = lib.attrsets.mapAttrsToList (key: value: "${value.config.deployment.targetHost}:${toString config.services.prometheus.exporters.node.port}") nodes; + node = lib.attrsets.mapAttrsToList (key: value: "${value.config.deployment.targetHost}:${toString value.config.services.prometheus.exporters.node.port}") nodes; }; # clears any invalid entries @@ -37,8 +37,10 @@ in { type = types.port; default = 9001; }; + }; - external.node = mkOption { + external = { + node = mkOption { type = types.listOf types.str; default = []; description = '' @@ -46,12 +48,20 @@ in { ''; }; }; + + ports = { + node = mkOption { + type = types.port; + default = 9100; + }; + }; }; config = mkMerge [ { services.prometheus.exporters.node = { enable = true; + port = cfg.ports.node; openFirewall = true; # most collectors are on by default see https://github.com/prometheus/node_exporter for more options enabledCollectors = ["systemd" "processes"]; @@ -66,7 +76,7 @@ in { job_name = "node_exporter"; static_configs = [ { - targets = filter_empty (exporters.node ++ cfg.server.external.node); + targets = filter_empty (exporters.node ++ cfg.external.node); } ]; } From cd13520aba32df2c4a9ed462a8dcb5f2e890d88b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 17 Jun 2024 20:53:27 +0100 Subject: [PATCH 430/826] feat: new server for stats, ariia, danm I love this naming scheme --- ITD/Firewall_Rules.csv | 6 +- ITD/Server_Inventory.csv | 2 +- applications/skynet_users.nix | 5 +- flake.nix | 3 + machines/ariia.nix | 48 +++++++++++++++ machines/kitt.nix | 4 -- secrets/backup/restic.age | 91 ++++++++++++++-------------- secrets/backup/restic_pw.age | Bin 937 -> 937 bytes secrets/bitwarden/details.age | Bin 1045 -> 1045 bytes secrets/bitwarden/id.age | 32 +++++----- secrets/bitwarden/secret.age | Bin 902 -> 902 bytes secrets/discord/ldap.age | 45 +++++++------- secrets/discord/token.age | Bin 1025 -> 1025 bytes secrets/dns_certs.secret.age | Bin 2594 -> 2704 bytes secrets/dns_dnskeys.conf.age | Bin 1094 -> 1094 bytes secrets/email/details.age | 44 +++++++------- secrets/gitlab/db_pw.age | Bin 1001 -> 1001 bytes secrets/gitlab/ldap_pw.age | Bin 1000 -> 1000 bytes secrets/gitlab/pw.age | Bin 1001 -> 1001 bytes secrets/gitlab/runners/runner01.age | Bin 955 -> 955 bytes secrets/gitlab/runners/runner02.age | Bin 955 -> 955 bytes secrets/gitlab/secrets_db.age | 32 +++++----- secrets/gitlab/secrets_jws.age | Bin 2550 -> 2550 bytes secrets/gitlab/secrets_otp.age | Bin 1000 -> 1000 bytes secrets/gitlab/secrets_secret.age | Bin 1000 -> 1000 bytes secrets/grafana/pw.age | Bin 914 -> 914 bytes secrets/ldap/details.age | Bin 1527 -> 1527 bytes secrets/ldap/pw.age | Bin 1330 -> 1330 bytes secrets/nextcloud/pw.age | 33 +++++----- secrets/secrets.nix | 4 +- secrets/stream_ulfm.age | Bin 3084 -> 3084 bytes secrets/wolves/details.age | Bin 1351 -> 1351 bytes 32 files changed, 202 insertions(+), 147 deletions(-) create mode 100644 machines/ariia.nix diff --git a/ITD/Firewall_Rules.csv b/ITD/Firewall_Rules.csv index 2419b0d..e9f547c 100644 --- a/ITD/Firewall_Rules.csv +++ b/ITD/Firewall_Rules.csv @@ -37,6 +37,6 @@ SKYNET_FIREWALL_00027,Add,i24-06-04_017,Complete,All,-,193.1.99.82,SKYNET00018,8 Denied because more information on wat it was for was requested" ,Add,i24-06-04_017,Denied,193.1.99.74,SKYNET00007,193.1.96.165,SKYNET00012,9000-9020,-,"Metrics collection, not done because not enough info provided" SKYNET_FIREWALL_00028,Remove,i24-06-04_017,Complete,-,-,193.1.99.112,SKYNET00019,25565,-,No longer the minecraft game host -,Add,i24-06-04_017,Pending,All,-,193.1.99.90,SKYNET00016,8080,-,Websocket for admin panel on games management server -,Add,i24-06-04_017,Pending,193.1.99.83,SKYNET00020,193.1.96.165,SKYNET00012,9000-9010,-,Metrics Collection -,Add,i24-06-04_017,Pending,All,-,193.1.99.83,SKYNET00020,"80, 443",-,Web interface for Metrics server +SKYNET_FIREWALL_00029,Add,i24-06-04_017,Complete,All,-,193.1.99.90,SKYNET00016,8080,-,Websocket for admin panel on games management server +SKYNET_FIREWALL_00030,Add,i24-06-04_017,Complete,193.1.99.83,SKYNET00020,193.1.96.165,SKYNET00012,9000-9010,-,Metrics Collection +SKYNET_FIREWALL_00031,Add,i24-06-04_017,Complete,All,-,193.1.99.83,SKYNET00020,"80, 443",-,Web interface for Metrics server diff --git a/ITD/Server_Inventory.csv b/ITD/Server_Inventory.csv index 81db6db..eabe2a7 100644 --- a/ITD/Server_Inventory.csv +++ b/ITD/Server_Inventory.csv @@ -18,4 +18,4 @@ SKYNET00016,optimus,Active,193.1.99.90,Debian-12,Games server manager (replacing SKYNET00017,bumblebee,Active,193.1.99.91,Debian-12,Game server - Minecraft SKYNET00018,calculon,Active,193.1.99.82,Nixos-24.05,"Public Services such as binary cache, Open Governance and Keyserver" SKYNET00019,deepthought,Active,193.1.99.112,Nixos-24.05,Backup Test Server using restic -SKYNET00020,,,193.1.99.83,Nixos-24.05,"Metrics, Grafana and Prometheus" \ No newline at end of file +SKYNET00020,ariia,Active,193.1.99.83,Nixos-24.05,"Metrics, Grafana and Prometheus" \ No newline at end of file diff --git a/applications/skynet_users.nix b/applications/skynet_users.nix index 0ff76e1..1b07875 100644 --- a/applications/skynet_users.nix +++ b/applications/skynet_users.nix @@ -21,7 +21,10 @@ in { }; config = { - # ssh access + # we havea more limited ports range on the skynet server + services.skynet.prometheus.ports = { + node = 9000; + }; # allow more than admins access services.skynet.ldap_client = { diff --git a/flake.nix b/flake.nix index 1cf7b96..397c1fe 100644 --- a/flake.nix +++ b/flake.nix @@ -179,6 +179,9 @@ # Public Services calculon = import ./machines/calculon.nix; + + # metrics + ariia = import ./machines/ariia.nix; }; }; } diff --git a/machines/ariia.nix b/machines/ariia.nix new file mode 100644 index 0000000..f3f095c --- /dev/null +++ b/machines/ariia.nix @@ -0,0 +1,48 @@ +/* + +Name: https://en.wikipedia.org/wiki/Eagle_Eye +Why: ARIIA - Autonomous Reconnaissance Intelligence Integration Analyst +Type: VM +Hardware: - +From: 2024 +Role: Metrics gathering and Analysis +Notes: +*/ +{ + config, + pkgs, + lib, + nodes, + ... +}: let + # name of the server, sets teh hostname and record for it + name = "ariia"; + ip_pub = "193.1.99.83"; + hostname = "${name}.skynet.ie"; + host = { + ip = ip_pub; + name = name; + hostname = hostname; + }; +in { + imports = [ + ../applications/grafana.nix + ../applications/prometheus.nix + ]; + + deployment = { + targetHost = hostname; + targetPort = 22; + targetUser = null; + + tags = ["active-core"]; + }; + + services.skynet = { + host = host; + backup.enable = true; + + prometheus.server.enable = true; + grafana.enable = true; + }; +} diff --git a/machines/kitt.nix b/machines/kitt.nix index 54474c9..71a0fe0 100644 --- a/machines/kitt.nix +++ b/machines/kitt.nix @@ -31,8 +31,6 @@ in { ../applications/discord.nix ../applications/bitwarden/vaultwarden.nix ../applications/bitwarden/bitwarden_sync.nix - ../applications/grafana.nix - ../applications/prometheus.nix ]; deployment = { @@ -56,7 +54,5 @@ in { # committee/admin services vaultwarden.enable = true; - prometheus.server.enable = true; - grafana.enable = true; }; } diff --git a/secrets/backup/restic.age b/secrets/backup/restic.age index df98b44..ca3bf45 100644 --- a/secrets/backup/restic.age +++ b/secrets/backup/restic.age @@ -1,45 +1,48 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA 7yvURMKPgnbCWAE2q51v3fDFuXCivslOvDuxGIi2JHc -numnCMoai7pCs0qBhsWr/CjU8FfrUeQsfq9mvMTVj34 --> ssh-ed25519 4PzZog O2zDjiWrxoqWp0QYlwXw8Oushe2wwlw1J336+QksnUc -oBJ9zPd7+Agc9KSYgA64Sbj0aZLJRRQS2MgnPGHbcic --> ssh-ed25519 5Nd93w adTzuNLU94FC3fR/uK3XsI5XZSANXZmwp6fG9ZeoA14 -7U4C8ZbZKsl3kdPMymoHc42k4i1Wom+wi/THXosDgYg --> ssh-ed25519 q8eJgg bgfuSRzrmyVG7ewvPztde7o0QJyQXXBbvK+Rs5JdN3U -2wABMhVimVi4Nyrfa7EWji5YClqh6GhOjFUKzcJqJcs --> ssh-ed25519 KVr8rw xQcp6gQPq/AxA8cEKjhgvQ8NBmSmXd9LN1ZBxxqSlQU -gy7wbZiCsKdCUAPH82xgnxWXc/sxY2S8JKcnzzypyOY --> ssh-ed25519 fia1eQ Xh2ErHfrIvHTvUyDHmDD1X0Dxnz9bUnnRne0RYPIPk8 -V3+5H/8vMWV3lriiiEd/C7lg8IcQSKkO0JrhD8KrNGw --> ssh-ed25519 /Gb5gQ ftm+TgiEOPimzA+qsus9/rFUqTjWn/VVORIs96Lgy2E -mzRiPpqZj/tkFvdphOWn15IHv+GhTd4vj+T/lpsXJtA --> ssh-ed25519 NtlN/A 2t0YPeV7uzYhrIZU1TDi8xxPGvpCReUL5Rxt8sflK28 -r61bhrJj6irlo2xTU8iCJj8YzSbYWFjH8iiC88SOrAA --> ssh-ed25519 v2Y09A BXWbnz7DUn5tssTCFkM9cFzF4M5oj3rcFMrfhFzL5lM -2GVsK4gq4HIBVJWlQVd1G0kags2peJ63AfuBdOxbY70 --> ssh-ed25519 XSrA6w OJ2j5EQe69sPH+wTsiMBlopI4QmHiLsfJDQj+F9rEiw -u/9MNFViy7TvNTA7lvBKnL/qYWlkOJrJKcSG563Btnk --> ssh-ed25519 DVzSig 6djjmbfge5li1ZTlaA4Wc58xfk0Kb4EdXPxX1bPdJAE -HMnnH5Cd5ffp9t+tJdhagDLoGk9HKpjI28SMQGcMvIc --> ssh-ed25519 uZzB3g NS2dkA9o84OuCTUSoHU7MaUMJG85vr2tnCq3rSKtTGo -6+7gqBrSIogz7nYdDUmtS3650x/y4rmgy4ru9sOf7hY --> ssh-ed25519 yvS9bw /CoelQvArSJCFKTV8x/OHVWTYEsNTkbRqweqaIvlykA -TGuI9tt8EnEThL3l+wgipOtDMPPTkVTdFLpRKHGFMpU --> ssh-ed25519 IzAMqA Hb0cVXd+8WrWJWVs6j/qxBUCOv67M+Se+v2y7470oB4 -i8GWMK8uXbaODkQm02TqCn79+b1zu9Zq2W7c7Rg3FHE --> ssh-ed25519 Hb0ipQ 3Gr6C7Q1yfHWcxn0pImpI4mQjdIHJKyzSZDv+5Eo1Vk -8WFp3fNRKFb0jxmSDNVlRM+ec4bd2O5POeY69T0bVz0 --> ssh-ed25519 3pl/Kw GCks2XrtAKpVRl7nC2g+q7c+Q1gqh2tSfPDHHI+wxng -iyblirNv3byNgI27599Dq6kc0ae2xaoMh7thSIoVLJ4 --> ssh-ed25519 SqDBmA FxJJFJboiAe5T4TTcx7VY2brEQN5DqlQ3Ak5C03MKzw -yLYdnZHSftMTwruQYJy1I2oWmWZNPykqxe6nlAdLTDs --> ssh-ed25519 UE6fcQ Y7XmsyOOMffkb7GofPufJ6d/JdVi9fg3LK17C1zL1wo -hfo5xZcNpVSOiNuZFe1fJ8o4mPF2cHoyAoyc2LO6XhY --> ssh-ed25519 YFaxCg 1t6GiHkJUaJ795x9PRVkDU0P0FP+RC1QEedl4qHgNAE -o9hxn0jLFBqej4D7xJdtVCB9UnUBrCXZM5gpFbibldA --> ssh-ed25519 elCEeg TunOY5HCLU87gGej0HWFm775FLsbtL+41HqYS3hgLyk -E6rAZdQUj/Zia6i0Q32SfqugEJ3rrQt8OM9sPQ+ZXOk --> ssh-ed25519 8vZ9CQ Pwqq6eKEIf/fLLiB+j5IQTFxRXrEi2ajORzH8GQpHVY -nmrnjLLmUPPOgk1y64Zcfhhhm87dRg5V8GM5GIfB6oE ---- dBHJ3bG+te1AZd+FHj/ssxBbrCBiyl3VARjnd5F0yz0 -8|ph1DMZOs+^:ˌkLṻ]gi`j;Jp/ ^a<@} ۶䠍 J\P7K7 ~ +6N2k<<^9Pi/X4u \ No newline at end of file +-> ssh-ed25519 V1pwNA WdpvBu5B0F7lNrhIDN4JnSAGxwerkNfuMtxBmqsSbFQ ++yqqHmppGkWlfUT1jf4xywUKCsxlklUVjFq0800bK+E +-> ssh-ed25519 4PzZog IGKAk6Fz/Do9GVZgRq/eFtKYMMFXvgeo+ZSHmecfUz0 +ggd3H0ArigVeax78Xx5LnFHfBuHwHGeWiO0pm9oycds +-> ssh-ed25519 5Nd93w ezGlRW3CBZfmIwvVOt8owMbc37ezvSxj3How4g5/l2g +Xyp4Ix7SI4+5SyDjueM+sNTu3v2YrFLX5SrkXtqqcT0 +-> ssh-ed25519 q8eJgg AEEj4tf7DQeJKK1uYFSqYt0QYRJGBMMceClF/NzbPlU +qgN3HtLARKVjFE+hq75Iqt3Lis7iNllCSMIM5CbmMzo +-> ssh-ed25519 KVr8rw CGF24atSBzYxmsVZ7MIVqxq4krD0PS4cCc+oagUYamo +xNsVbh5YVwWXrSGNoN3puJTk2R1G93etQmOo8CIeK9Y +-> ssh-ed25519 fia1eQ 4h04u1YB75cibHXF4R1tR2TQ1XJzc7j81nuTgrSSICI +HU8FBGgrMBYHEC3mkWcejrfIr1QU6KkvnPhF3lOVFg8 +-> ssh-ed25519 /Gb5gQ MBw9NTSoMoBdf386nDipc8yEgEh2hcDPWaZlSygMLEw +FhgEto1Vv9i0CgInyvR1B6p0aDRDN24Nrhi9t/QmDRw +-> ssh-ed25519 NtlN/A RiUoN4Ob8wL9fDdaJoJNbPg9U+7pRZNJgiNRoZ5QDWk +SDAUVwONhx9HoOck2Qma3ZttGUvHJ2Ck8UEmQvSfYyg +-> ssh-ed25519 v2Y09A mf03fGORjv4EF6KhJ+GHz0IdV/Ej5hhY9ST+PwVgOko +hRORqRlCLbuGm1m/mN4i0tG7CmHWNXF+wCvoGSEsEcI +-> ssh-ed25519 XSrA6w K6yI67N15RFO2y8axsZPRKd3J7IQ9w/0yd0s7MVoVD8 +Vyrt5VnqiDw1bE2gpWBkQfjOIaUC3nQdK5F9jcz/+B0 +-> ssh-ed25519 DVzSig 1zqb411u/ru+ocwVE1UJn+0+cSl3s7924LZhPUUWkTo +NpyMPxbB7WzBLFP8do+dhJ3fNMSv25ieICBp39zrd64 +-> ssh-ed25519 uZzB3g K6DWPq3lYJVfhfnTDfwe43MOLMYp/gM0uoQDldW85Ec +A6suKVUDuLX81qhN2C3DeqvZtQAySRkp2XSBHO7jue0 +-> ssh-ed25519 yvS9bw cwe5oeORn21s5ktm3KXMZaY8reJXAlqAmtWuyoy7uQE +LgODRokOzmaoxWNC4I9kaQ6O6ZLlif2eKQtfWGBBM9c +-> ssh-ed25519 IzAMqA ofZfWGgErnXxGiV1iXuNQMYwuRC8fPexs+Esy3aygSk +U9LzM2iwO4Fp1Ody8Zh2Shl5L7tYc6LnUgKrtHgOhbk +-> ssh-ed25519 Hb0ipQ pQKzbZN5sSrYYTSF7WdsLj2aS5LlaxM/1uVl6TyZnzY +aNcXRvhjqdrkaVGOdbJEPmCS36lQLfoFeww8ENA21g8 +-> ssh-ed25519 3pl/Kw xCC/77p1FWABov3UxIUxS4XD2JSiJXI98ljy6iO2+mk +XUKMYrjZN13TPH7utSzm5ESyyJm1Zz1C1mQA79fz6W0 +-> ssh-ed25519 SqDBmA JmZ6CJCLuydd/pwkIMQjh04Kl77mfnzX/LbJoujbCDI +5mzTyEZ6ABDTMud8R0WAfTnOFnsXIvlXYqA5aU1ayZM +-> ssh-ed25519 UE6fcQ N/uzTyKosxblLbPHkxMFZbIeg+C/pD4o/U7+xYhhCys +oyPBYf7Vvf0cRlElGRbai5Nar/FfzIlxCrBqnlvRzRY +-> ssh-ed25519 YFaxCg YVgmf0i7fAkwvXF3WUy3DzZq+0N+1T2Luhg51+2KslA +/uT7MDEd02k8R+OF/0DyZvQuqq/du9drg3V2qe5MIsg +-> ssh-ed25519 elCEeg HF9Ua3oMfKhm/YzWpXRN4B1LiaC7Ss/nXMSQCZ2iqVc +RbeYqUX3qJpCcupg2dw+gcgCx8waKB9xJhSSYBkjh7U +-> ssh-ed25519 8vZ9CQ HFNS1Z+N1xH1+XcY+xbAIysDIdRHqL2/h8d2Uo2ryAE +jiBSRN7RMEnt9/3Xyf4MnMDeAEpLlu3B6ORYWH+4L7k +-> ssh-ed25519 rmrvjw /+gpmIu5L6kWmiNoVRym7zYm33xEoJgz6bkYACRog0M +maTKfbA/oxOi7AkFlyz4+8ZhCBsNXtHQaF4SJTA683k +--- xo01QzRZ1aT+v2/7cJskTcWTWnG262iJE0l8Jt4tEvk +G$C _+TFAU QD1Nz' +b{)fEMx&hA9"''vsL(ka?]5jCp9/|E^z椀);2'M%Җ: "3B` 0LJ% \ No newline at end of file diff --git a/secrets/backup/restic_pw.age b/secrets/backup/restic_pw.age index 31c2bbf52960b0d87f075fc89636fc497744d38d..b71676496674039751db732f353b62dd4119f700 100644 GIT binary patch delta 849 zcmZ3X=;RiMM=IvK}c|ER+)EHg@v2r z#E;_P6%lFqz7=lzt_B%~PMNOSArby%X%WFmK?VL^X>J+GxvAlnQR%rML2lVxWd+)9 zsXpfVE`}jy;qG3h#TH?vx#p!uL`nl!hNx9|4UVh1w;~B-nbKEWRd@?P< zwIfZk4GL1jEQ2B~Gn1W5lP#S?ER)Q0{f$B*1EVVQOv;P7@>7D7D-0qm%7b!K%gfSI z0`dZa%H6#Dy#q>(%2M*&gDSi--AZy2b1EYzpJf!U56-bPDGdtrOscRf_jC4j3ir3H z$SL=94K8*}taLNccXf?$%n$I;_i*#&$}9_wDhRYRC@)M7E)H}waI-XYvo!RmFo~?l zG%e26HZdy7aWyE?4~j5BkAbwzM8niTg{mB51Iu#Xoc!c;ZPU_>aP#_*tO6tL{EXy) z)Qm!dl=1-ML@$4RA2;XpP_96yT=&!v^MK^2P@kf5QxhNW6i@H)l%m|g;?%T=M010n z!YKD_i<~S^Pju^y3v%?m%N6_#QuQq}+=3$mlZ>O%T-+nQ^xYGUDzZ%~!=0)eGtCk$ z>#O|p+ylM6a?-gnLY<;4LIXTq(mg}7D?$>JQndq$5);ELi_(gVjSS67y^OWfJu(cv(n}*Mjgoy_aw1CH^&PXbtHN`FQv7`kQbJq}9J9IZ zP8XcV9xD^67ICdTUxML~*wO{R_!b;qE9J4l<ewlZcQKeC$YgMG9QF57M zF;}vIqp4?VsiB2Mp{J{Hpm&+GwwX&|mP>`Bvx!Gxnp0>}K&f%AxshLpBbTn7LUD11 zZfc5=si~o*f=NJCRDQaGV^v^cX-;9Hc7$voGh9>2c;~B-ni_NkeJ(Da= z0}I1lyxmLG08Uc&#Evi3H6O|jL0tLGIYua%{0#ra*hhqPPPmQ@(=WMOZ6);3J>thH1O3dztcXCgOj~-OcM1S^^GFJ1FO7~ z9JzFLbrsw*%F3dA(>*Q1s#4wkN_+yfT|+$sA`61dT+@9DDl$te@+?COO3m`k)4A9_ zcxPrj4hVjIC8e&QyIQp|;6c)=^-YV9CFvf3G>XUUp5WZoI{F zOiiUEyz8}I;~b^m$0BB=$t;c0?Jo2D>r-7HJLU7&Sz-(MM6ViJ{}%bh_$PGPTmVq1 BB(VSh diff --git a/secrets/bitwarden/details.age b/secrets/bitwarden/details.age index 9cf7d05126dae1c94f96c3e5e77f81a73afa65f8..3627423f1bdaa10514ccf24acf404694bad1f03a 100644 GIT binary patch delta 958 zcmbQrF_mM2PQ8DUQF6X(xL1U`MMR;QXJENYZm4T|fJb6paJpf3qJB0zySZzHg=uz}u|bGMGMBEMLUD11 zZfc5=si~o*f=NJCRDQaGNkv3PX{NrvMYdyllv{p&p<7V7sfTAyKzf>6rlC(prdNKc zQ>J!KX=Gk8mt&}QQh{S-pnrv>r>VJVzKNr+UrwUGslS0sXr@!PlW|c&dZ49wdXaPT z#E;_P*+pqit|neVk>+_W#U^T>18b__H#bu;j&Oi3!U^fe6D z4$Ka;bPdjn%JM8P^r^^3kAbwzM8niTg_P1TcN2f3kg7_b|FH84yKgZl6FW(@ibgt6u2vZY}>{2J^f?N;7{FJ=HVuMg4gJS3GLf?!4eQ&p5 z1LORF!~oBvP;~1&s~mj`9Tk$Y-8?gW0#g(7gOW3yjPufbGCZ`s(=5XivrChG0n%deGm`c59h13IiV~fS{WFR@Gt;v3LtT7b(u{J-s`AStgAI)e^F5M-!b37D!$Vwh zvn{xEb#)c8i#)Roe9N*zNuvsV zQ~JELLB`a!v__Hr`y`LPEO{lQc1z}(;29^i4So7WvS&GN3O-u&$~e_6V`Z%-jdN%r;U OkNRh)U7a4G-3kB?^4zEN6w zF_%S-n^9)6WxkWXMO99|Q(;bMh)0QcaduR4PGGvZc49Nuoiqr<+G!dS;fdabiibv1L$YWMX(; zae0MVXj--_SF%y1sd<#PfkCigYE)!WqGyhAPOzh?XfRRz) z#E;_P<^HA_CHn5Zd7hRY>3O9=5f%RCSy^Rn$q}LDmFX!tLGC5_c>zYD?&+>v8D-&B zX<-3w6`p1J!P!Yssil=>S(OHPj!EUlPKN1070Fpyf!?ke-sO&y;~B-n4LmYDbHkG& zT%5B^Jks(EdBk zBfZTmGn4$Y(_8|BG7Z9t0xWZ!GCh4uD?{=ppJf!U4~iNDu^^J&ra74unf!a&Z@|DHH|EEG;#C` zh;%W@^v`m3&T}fM(oQQ!kAbwzM8niTg;K}xfXr+!OH1>7(@@Lw!lHVwq^h(q-^!3Y zKSxK)0AEM_@~|Q&?d(!RS1t>;vg}d|{p?`Vz|t^(%Tkx5$n=VIZ==Xm{}Qtl|8k3* zO8qR~#K;K8P;~1&s~mj`9TftK0wZ%gvXX;?0?bnLwNspv15CWLLQ=wgGmJbPL$ia+ z>fQZJO1#Z;f(^J_4RQ>UOH*?)Ov`-T1Ilv)yuGr*3!VL|a{XMw3QN2_{X!j$L&D91 z%F?-Xb#)bdQXQj`(j&_)osyFy%S{S%O#OZHJu@>ROiYtaOe~FjO$*)K%PV}MT#LEp zSu9Y~aVdXSyhBr?{bWw{_QmIJES&jpiC_K1bHC3Rh)j+7+`BkANUTxD|9jBC`YG&- zo+j~!o!H|&|LgS=d}#?nOBk#*m382o ODkmtmTg-~pKnVa?-dp|v diff --git a/secrets/bitwarden/id.age b/secrets/bitwarden/id.age index 80ce23a..81fa3ae 100644 --- a/secrets/bitwarden/id.age +++ b/secrets/bitwarden/id.age @@ -1,17 +1,17 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA abYqfp05DkkiK7wdTOn+E9+FU9iX8y/UcoVNUJQ1wwQ -BLIH6HkjumaaeKntAMm5BXC4ADfqLRh3vsq26gVB470 --> ssh-ed25519 4PzZog gNCidb7IlrQLJah7iqpLKLFzlhe/4RLk5hexSq96My0 -ynnNvbbit8U8CNel3cBEeel006ftNPArV+oAFNdmv/4 --> ssh-ed25519 5Nd93w YnGe4yzhVDQD1z7Mq58KgnF2GJjkBLyiOZBmCygazRU -dZg81Rb+XSoeho2Xbth+pIza+6F4TbAuN6s5BbP1OLM --> ssh-ed25519 q8eJgg H9L5QhInkMWBndRYQHIQTmuMVBrMtaXqCrpEXV/hpBE -QL24qbdGbfdmv2bgS1uYjRHB5fKPrfmbmMidjI9dEIg --> ssh-ed25519 KVr8rw GqmHdNfgOFKcZ6+zxKDWg/ImAVEXHTSpzDmBe8f/vmo -4u2ek5DHeDuBizYx0nRee02Gf6492fjWM8U7/HL2XwQ --> ssh-ed25519 fia1eQ zYA2FI8k6675UAQn1AlwWzPV5e52dAmv/ESDFMmSQlA -rup+vtydMspXXeQQ9In4s0HQnBNY4IvqRIlIdKPVaZk --> ssh-ed25519 IzAMqA QOiOSUOx76IICb8rSo0OxTtyZnyyA8nZ/pvuDZcVfUI -vDUSgB6dfzKNIpA4/0PbvJ/KzcVgW9l5KqqV6rKbyhM ---- 7Lo9nyTOtFbzsGyr/5Kanvj+yoszus8bUMWquX2rG90 -4+ Q͖BFY2$8sфq.Uȏ5QyKog8^h.=柳E \ No newline at end of file +-> ssh-ed25519 V1pwNA pcFat8+oFhOWSZyYBM1Ij11K5vLcrGSWGcopZTIUv3M +NDNVRUQU3SqOPRm3N/rCMhf+DyMg21d9uAJkrqLrKcc +-> ssh-ed25519 4PzZog xwjC1NO/yqurBivCPbTQgtsavmBmOcHMrjcB/W+wy0o +zdFH8I0W4ItbKVlAW4mHIPNDPPlIwdSLnIIu/1kEXBs +-> ssh-ed25519 5Nd93w ojB2kKZWtrcbf34sdYPNKIUJ65nGskCXU4wOq/SbH3A +hhr/RyiTv0tFC/pvNHBFxFenHuVWpiW1hzVcyH8Iplo +-> ssh-ed25519 q8eJgg DA1GO1/lDUAnFI9lPoOUQ1C33SHpNGVvqAF6aZCoLlU +9Cyl198clJHzc/pYmOe3hMM4EZVi/EE6XjSlSnLeRdc +-> ssh-ed25519 KVr8rw NNeHe1ExbX5I4CdibTc1772nJoiEHHcC5gs/t4v6/wE +FeSYrhUeMxCWJ/DOmp66w+KJlhKnXCsBqCJ+lDGT1kM +-> ssh-ed25519 fia1eQ yZVFUGXdWqNW1fnNRHTrBGN1WYoXemIkGdRwKPF613U +k/7eulnPGaePxUzXtt9tHOfhOyhJlTT4pQ1KfhzTwfI +-> ssh-ed25519 IzAMqA +TNjvQx4ee/T30kv/UyFu1rCf8aG71T8WUJj3WBnVzg +3ooxsLz09cBO88/BRChFrMXpx7QjZVFfopgSEcxlfpw +--- kRZI09vrkArnL0mRQaSvoY6bpH8OTV4nT8JbDzP8nWo ++ P:( 8.m(e+igH WzqRvM|$z<ד}C{)qAg`* \ No newline at end of file diff --git a/secrets/bitwarden/secret.age b/secrets/bitwarden/secret.age index cfdd6e450f349b84624209cdf043f5bee49bb31d..29637dd4d368a555ca7e25d7805068d31eaecbf7 100644 GIT binary patch delta 814 zcmZo;Z)2aJQ(u*zTN!3y<`te&Zt5K#Ri&R%;2CJ*V;L6V8g5b^;!@~olI-JN>{py; zz*Sjk9^#!@o>?5=of8-s8txzAT$x>w6d7Dp?rNIq?(ORrVBzoN7@F;Gz@=-aP+Xj$ zo0?)|YHDbyU=mOjm7lKQXi{Mr=^dya=^T=t;~Nxd?iOJl5SCq7o}FFdZx&=xnONps zR1{E_?v@$JRb=EI8W@lr=;9P)o@nXkp6wc$k?v|5Q5o(Pn&cN5;1rqc9_s6q>uqi@ z@uPTnL8w=zL1tcfRj6fEkzcB-kynzNi*HVeQ<`s** zzDJUCRA!~ISwvK3K#`|$WvX|0sf&eCM2KaIn{jw?VN^(&XL0)Ect-JXbF+xV%wmfy z-xOoVuu{vkti0@;kgWVjM{Sc7pD^>x$c%DJSF@C?%t{lkbWiu>O#KWC)10u1K<9$I zs^r}COnnQNl+-j6uSjz*!%{;J|IlnFcgOU}XBoxo6Magu$RTti*Cyj-=t^Rx|1E5b5e0<*L&d=10O{0qJG%L_cK z{BnwYEGvA?(~EpdOe@RLV<0Uv(J(bop`;?pz}d7aMcc?XB*??GxV+xXKd7{#tkl`P zv?44w&&43Wz`HEew<;*3m@6wktjr>}(#tX2IVvwWBFZqJs<0w3#mT5NB(x~3D%~?A zB-A*{Gu^`#!#d9@N8dt61;1jmhyo9{>>{VE{4}SqNVB4dNXrcUlE8q(6feu5^hED^ z@5IpXtnlKnd@kcaed987lk(KuU{n2)^qg|D=0v!nv|WK)w2{gldp@bEGt%Osc5iqN3oP_F;o z+qPW&nY_~H^r@aXN0ZW@o_DmEzv6+_Bh}4wzGmA@3z)pguP$Oy4NsHUi#wk}3O8Q- RQX5qw{a)`&)9VdiX zoK%)sSQ_EURhgS@9-d=jm~Uv5ot0vlo*NS87-Z<>RqkVwlbxFxY?A37n(Jz;9b6PR z@uPTnUYc{3dzp`ONxo%nc~W_DURFrHyM=p>nL$WcUPNwHpkxZ|8^#N6(bR^2qR_LT#hWh_HMv^Xzmp|H5oQk!?C_7GCeBEBGRQK zD?cx?u)rrNE8WAx+b=3JlFK~Hz%L~?HzFm=wJ6xc!Y?x4BBjK<(yu7Zyv))oDl#oA z$2~DP*~p_Z5ZyY@Do5W!M+M_3vkKo}i!cj6%VO_>H0P>f_fYSEa_uBbXP;topP(qu zddCW*l1PK%>_D#kpsex|qe8y`?@&(zC+!GxixiW}B&UEf=llXoBTq~1h@33vJSUSZ zlXNa!U0nrdld!U)(qvEVB$Gr7pJLCT{(4*=by65jv- diff --git a/secrets/discord/ldap.age b/secrets/discord/ldap.age index a72d82c..5626a56 100644 --- a/secrets/discord/ldap.age +++ b/secrets/discord/ldap.age @@ -1,23 +1,24 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA FJbuXA9iZkVimh/bRdl2MnswKZpHkF6HmIqG/cmE62s -2vP3FNg2f1ijAMwWGcLa7aZQD7/Tq8iXwf6+/bMEgb8 --> ssh-ed25519 4PzZog 75e7m7A1i4/XjB+b9OozGjKttQ3VzJuoNwKV6z1xYB4 -9/czRQ3V/Kb/8p9h3cdiXXbNBECeZfLLEWg8gR+WBE4 --> ssh-ed25519 5Nd93w Kier0iAHycxtmgq9n5Mq/eLR2akqKB2Z/JBA2ACjaE8 -HokkZ2jHa7DV6KqODEH5rF+YprwNwBIjLLFGbfXdkrc --> ssh-ed25519 q8eJgg cFNBrJQ1R4tDi4HTI/1lGEy44cjCDpnUXGYsXQ4daA4 -GPJ3fX/AxxhUjvfnAJNREQDEGp/Bz4zvfiTWHD5bwMI --> ssh-ed25519 KVr8rw hzHh/c9qM7v7eFFpvD/uvCcDD12kSaTabVVA8CKosgI -3bwDd/aWeYWmYf8b2ko4N37XXgTP5LeP98qYXSlaxwM --> ssh-ed25519 fia1eQ gol262stWS/VMaXgAJNC/VK5QkNb/UHN8X2khm3PHFQ -3eBj1/cUkTSNBGANSYp6S7IvMU+8dKKEtZxqo7kMzxY --> ssh-ed25519 IzAMqA Z70Jqsw7IR9vk4uLef56F1+YCQtK2YvDC950d+WVNHk -nXqGHPrbh3VS2DMToRKs9FxBsn8PftR6HTkeA2KXRLU --> ssh-ed25519 uZzB3g Zrc8idjRB+ZPHq9ScsCnXDqipGM83pio/V8mO6YYa0I -JFVQ8V3Jkn8vxklAZzwGpmOcaKUd8QBDFO/+gAyb3Ug --> ssh-ed25519 Hb0ipQ Yhn/pwNTNmMdW3L2RV2MJECEYRlAzNTYztcA5MfRCjk -S3rkfwU9Nln8WFPSr102lX+H96wnHWVZa6z8upTRgvk --> ssh-ed25519 IzAMqA 8SVaC/2C2+xmeCP07Mu+/xGFSB1UXrIlVJ/i8YfQXUU -y4mt/hZRuc0+5OXFs3VjYH/Q/nEACAd30YlyUyNzSqw ---- M8Emn3XUVeSu5qTgSbR7/93DjFawmR5iZ2qxQEJ9gd0 -zg*Fx?7,a1'ܥtmR t[VFl=+Mm᜴j;ĔFy6O\ӬҪo=UG#%{o ssh-ed25519 V1pwNA oKU5WHTVFbMzlj3VCOz8SK6HUXSMx/+O0GRBgrHz4SE +UhAfuzpx+3pVzaADb8IboXPrVdjc+6nTBs58vl6UM5Y +-> ssh-ed25519 4PzZog P8oILoh4jxjLWlJ/8P6ZFo3gVnPLf/5rCXKt+VNbwno +Z2LPtqT7vxDVXo67vUE++kZsgR8EW/g5p6ukannudWk +-> ssh-ed25519 5Nd93w SCPXtK32yRY9SHlXW37lWn5o3kVyGLvE25JC7OYrqgY +jXDPZBtkFaQ0zrWQ+q4t7gPXdzH3FXxi/GoGQ6A5Xp8 +-> ssh-ed25519 q8eJgg c0Pm3CbI20Xx+ZDG21YFBBYcRXhm7XJtL4upmfQk7Sc +zoj5rfYv0LlKNcqxPCEmgn7Q9fC/zglkacJ+RdRGFAA +-> ssh-ed25519 KVr8rw dlnvbfFVgq8/fCJ+VVNt82McHYcCYOyej2q4Xw7lHQc +7GvA1OChHOY8H+tNtBc7t0dGX0htnwru/xiOk22uz2g +-> ssh-ed25519 fia1eQ WkNk6q+ujMGaMndfrj4RCUhE2UTkYze9Hj7iDueXqgE +70nqJIlhPFLAUCt8p4c/GulYOCc45hvqKDFuh1TkaP0 +-> ssh-ed25519 IzAMqA 4ribVEiuHMHX7rZYHi6iiW/5BwvVvydrsBzlVgRjT14 +OaEvZPbPJKAbOySo/7DcIuwM7F8Lowa8mnYSkXmKMwA +-> ssh-ed25519 uZzB3g HBpDQeuRn/7ST7n+K9V1O6uLNnbu6qinqrjO000lyDg +ACVdyMFSsJgRcHxU85ns7RVTWlKTCRbUqkvgmSr/7CI +-> ssh-ed25519 Hb0ipQ zThy7Iiq+mfgOic4F8FN94LfUvxqFM/k2Z3Qrs4NNUI +E8HEerENg4ypEiV3PnvghUzBuL85SkWSBeEdQw7xUUo +-> ssh-ed25519 IzAMqA hvEU3NLfxGsQkA1hlwkumtgEgscd0HRcBKHbavr22Ro +omEGJ/nRcqeXRI8HQkWD1lnabodUNSipnmedtZjNyfA +--- OeFgK+AG4MnUHFFRjJYmDKDonM8qNnGZ7sQzdv9GZK0 + {J7bW"){N62l8Q A +-'qGr}֤#, B(~Im /F>`RF+tC-p]͡# m |Y7È*+f{׷R*XUl:yM;my9&1g ӑ+1=OBI6 \ No newline at end of file diff --git a/secrets/discord/token.age b/secrets/discord/token.age index 5d092e209af13772cfe3ba659a2df6403ed801cb..ddee942460ef6797ae238dce82a9bb0eaec627e8 100644 GIT binary patch delta 938 zcmZqVXyllnQ*YsGRF&=RWagEhqaB=Gn46=jrL}m06T&;u)12 z$(0mn5R{%$<(2M~UgYjunip2!e& z7~&Z0W9V+cRb^)6t?v@*5u8_6;qO_MpYLaqQ{k6XW*HokWtd~>UX*7RTpVEG5*|=K z@uPTnUS4>Smx*^oaFMT(c1TXTOJ-T3ezAc^m1~u+hfkJQUY>DLR7p}wXjMK}u6dZB zxk;jTN>X7!riE9kX;8kofwpm&hpC~tX?UWyi>Xt!$4#Gqzu>O2!mWtkKEMs0=I&)6jw)|{Gf6!^NJjksER`8Dt~|1V&?$k z%;bpt5Z5gK%t(Fhq%5yOza&2k&+L+P=dk?AXBoxo4U4k^-HN?kii$Jc3iN|A6Z1Wi z10(X%!c0?4JzWfn(gWP{(@TOp?SKz)PM{31g`f8S)o0{1Ex1J9uBsvNfh zcLOe6U0sFn?h0Bitj(OEDiZv60oj` z!&B^7-**#_YL4}2djQwlhg-!eFeekL4h3-a<9a~gA8IJ4D_f4I;VDAnG z7a@_Bqp!ZoL`(NNR6IYyYXj)W!-wVJy}o6zp?zAcPsf}cF*%I9RP55Q-A;f delta 938 zcmZqVXyllnQy*&NpJeY-;K0l2+_zq+K2u5}}{xWp0}5=we}M!KG`bP+Xj$ zo0?)|YHDbyU=mOjm7lJVQ4;Q-Q*7XoADI?ZVD4I(;g(x$UaTLO?pzt}Rcz^&=o(mM zkm(+rZI+SGWt>`EUQ%9BTv;CJ<6@~FZ0_t4=veGknO_>Jp%(wGja{m0xEpD{HqKz&GHSS!m=#Q%!-rEBSS-7)AJ(?Ei=uW z9J8|ulERb9+#U1H9erHUV<0Uv(J(bo!7#+KB1AtmH!{7{GN351u(;l^D9S7%{U}GUEk4P+p)yMge%Is(#PMw(#*}tGC$q3JjAcuveLIQE8i!t(9JSEt0KtJ zG9W88#Jt=m8{In3Do5W!M+G;R2MQ=W2VAr6e2sa=1pwOh0D(|3llbo=87Z+Dw{VbnQi*Vmae^0J| ze79!S@c+1cw>Hsq-Ny&)+jP2kr>09ks;$?nx~rSGA#-1Al^%y9-}?0epRXL7`sdY` zPd@}B1kad+yBY7*6A80!klX+Bg5cw+PW948(`Ab@-@jdE`cCtyb8Eh}@!EGk`2S=@ zd|le$xfxt;uMLudvTOxId|IZ8qnflK*L~^Nj-@0sx%OPn-Y% diff --git a/secrets/dns_certs.secret.age b/secrets/dns_certs.secret.age index 8b370a8c5876a92821f28bd6c6095290a4a1365c..4a182f375cc0a698313b6937b36dace2a62ad82e 100644 GIT binary patch literal 2704 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5sb;wa7Lz zst8OA4ROh`a5gFptVk)cH1i8h^vNpC4iEG-t*mnKt_-&{Napg&EH6xpDswN%%C0a9 zt@O_;HZIOc@yX8c&&sQ)EU?US^>r^!F9~zYa74GwB%mrPKV2cxJh!saNZZxG-MykT zB{RKPKQ*hwKQu8Z%*oH+GqJ4HQ9C28!m+?9$AU|{#4pd&BFxCc%)-MYD960grz{}E zyv!}x&A7_RHN7;i(ksOyD#)}T$P?W*Q@<2T<8lSpEdQvme3v9IeUGRDA7k%|LeETt z6qhoWprWWCSN|YW_llC@QvE{LkbJI6pNQbHKohgFbOV2F?WDj^?+VL+2oL=-=Ww5b zNXP6#ANSH!^Qf$U)xtkC(Lbu#BP^RM zx42!bH@ym!h%%u||50_%!)z0uOFDc1OHIE8Rjzka1h~OeevvP%kU<=pcijZ(4mx^3J&*D_a2+yeCob()R zcaO5*sK}hcQsaV>l9J#wgJQ0f^m5-E^TLpHr=p^$QnXX{s85U;YnqOLJnQrc4?v!hyogHNEtRJ457ZDufrSDVe zT99dyS`rpkWxz8kynvtkeQrinpohY?_yf+nrNP1R#}wlSj^>{o|c@Glc}9t=A~^`T9Q`i9Fmn) z?vYaH8Sa(p78IPClAD?5ZkbXVhLHn|3v%?m%M}c~JwYX~OGTBVxtqCrwq1_qbpSB4r} z_!dV77*zPVIY$}>av2wy=UM3cxR<47dU#nln}nt%r-kLa8z?c7?UtFGr*E3gRS@ND7-nRN5pR)h zi51T23dR13`EG_4Ss|Go$(G^yhG~XT+2*cMrTJcN-WKj<1wN_zmi}o;T%&F)urk%g7}_-`(9`KPW9Z z&%~s(C@RsgqQJzzq{_1@)iTvE(<{m|D?BhHB+LgRzgd(;Svm(QgqnwCdItNJ=Xw;B z1sS`AJ6Q&l>j#$P6uB9dnkJ=YmL%o51RI!S1iK}3MWrS=re%2>6y^t}8s}LCdYR=0 z=v(^eI~t~znmKudn5QO&q-5lH`6OYalA_$AvaE82f|4*}6R&dLNFy&tZ+)MP$TDAx zQUm8G6St@cuh7t>h~h*`3y+{OpNL{EbEB+mH}|CULXZ3`{R;i$l8B(n@{A0R-1O{> zp!|q{j0o>!|FS&GN>C2a)m1P^4-d>W)lN#$4$loQHV*I%DfKdP4^DG83eR&caWZyx z%S?3j3C>NnjO4P|$6?}@T7U0y*uRK5M=q}3#+~Q%IHx_N#K^VCCD8Eu=9>xiNp*sn z|B^2McIr|1Fn@08HvQv@zXD~tL}U^UKh66+IbzyrCDz88`}ZFhXw|jaW*qIn$G%fy0q*m$hasXwr3BB$2P zWV763^DK82Ni~1nw#i=f+&$w9nXAhS=h#-fGWp2q_UrueSIu1oQ#ehEMb~JG&0sy{ fwI^!b5?M=KMk9Hdrxh!2|9O17YS$r-oC((f_5O-I literal 2594 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5t--&vWqz z%qkDhOAPcf$}A2Jb@VRFb+$CH@CwoPFHMaoGA)YCa*WCdPv zOxJdDE-OlMGtF{LNixlg)Q?E=cQMZNH;yo@j6}E1B%mrPKV8AyFT^|F!!bC$GB+{F zIM+NtJ3lqU+ch^W+c>4r-PFT5)io-}(J3gb%9pFsBs3+(%q!nD#L+)5#IZCq#NDzy zvAEpP&?vIpBFe0y)F-Pvw<4`5)Dzt{Q@<2T<8p<<{IrU!#K=OY)M6vg45t#$Bom{m z5Pfa)RKtwC5MNWH#NbNjKo`%X%s{TB!j#C8Krcr_6N_An3J+706mK^ZXTS15|EPdK z=fI3Gi{OZy%8<<3(O0Q zigL?*Qu5Jl^A0PrC@NQ|)X()#3G<0abu%DKC`&H#HA?YI&MOZJGYd%0H>@Zq%ZLbZiA)U(2*`8HuQZ7aadt$v zEiE(AFf~x2u&5#+*(t);+$Y7v+tfHR!=>EJBEQHnz}Yd$qO2&%+r`}1yF%Y6%rTHF zJj*51FQO`?!q?D5Te~dVsG!oqH$NvVGBGVJBhWM=)IT87$veZ<(hb9J`tC`l>46Gv zQJz6Txs{Gp$tgi$*(NE4kr_qd#uilp70Hg31wke5p<%}QMj5W&73Ey+5&6mKNvW3E z?#52$&UwK`{`tnPJ{8)&{z>JoIhEx}CAmhy*}*1WX&7nJuO!D$-%+73OWQL=-@_#} zJJi?MIkC#es4`1CJ18~Z!>c6N)jhq!yDBR!JjK<|)sZWrGS4sDNWU!7-?PLpB0a(~ z(?dJLyEMnpEyXj*t;##iGq@zuFx|(@7bBIF8ATdcIx4uBRg@TI6`7iZr&;(FmQ;E< zh6iQ@xp_LLXZe~Gm*n~uMOrvoy5(0GT5uVblRZ@t7X^@dcK~#a6N1ktFK}4j9f2x_I zp+`oZWm33jwqHSkVSb5$1y`~`RK9sok-v$TS)xZyX_{qTiMe@dX-NK8&GoNJa`Mr4EU3)Y z5A@6n^)aca2;{QxF)l5#%<#?1b}vuL%+fDONe(dzEe^7D&rkC8^N7+fD|8C8%r~tF z#IUV2s>;bYT_M~hFd(VKAS28zN57yXGD|zr-OszsIm167zaS{d$j3R~-_*`Js1RvTn&?|- zT5b_u>F5<1VwP4Clx~=jk`ip7om%N=lC14*nCIr55~yF5%w_Ip>XqSXSYlxoQRbHI zW1ee}qn}X_nN(_0=2dK&Ul>?k>J#Md6O`zW`#>Zs99xxfvb^6eqgXmYH^TnsaZrsp@*YmdT61E zSGI*wYH(0cd2TXShGA(?PHB=!dRm@oj#FuVL1d7NV`hM3M7f(&Mn*(srgm7qmxpn> zzXwL{4s|t4OAb^B%#N%wEK73?NGWsntjx`|OewH1&QC4SE-}e7^{pxo3-h%|)lbv* z$VuiZ2=~tNOY_YwC@L*TO007AcXTo+2r;U%2n)0H3JVR)@Jr4zN;mM&x3EA@laX$T z70&4jP9*^bZl$jN{-uVwIbjCA$ss;vMH%i+>FHHIq2=l3No9FiUe4xOz7dgJg}&Y< zZY}{Kg+=b=`UYl+xn`c;{@TW=PR1T!}CVK~YN4fiEmU*QadWKjOq?`B`hMGk9=!fPf>K6o8J8_?4I$ z2ZkjXL`9{zo49xt24@@l8tEH)=V@C6`I!azrj}vEn?+farE{P{QdVGKdYXl^uX~hB zdPZ1wkWZdjrE77TWr35oL4Kr3R%((vlwnaS@xu1 zm-v;fHsT9t#hg}DuD$Tl>njV-H_!0wCGl(zUGAQ`YWF(-*U{~De}8}d=HeU59v!&-l)Y(Q zTPaX_U>c8YO8NM=Yuu4$k}Ubdk@v1hQEc4n2CS9o^d z#E;_P7OweeJ}&02X5s$fu0F2*S?MLg&ZS9_2KfbP*_NIueu)9T6)8p~MOmI)fljH( zWudM?Sr*BK9;vRTVTpOA=@kYAJ|+HM$@$6QW;uo7-sX{M!DXS7;~B-nlYMe>3yRXy zJWGPB(*4Z>Q=EOGTn$XqEGiAc5{m)?lN^1s-2DC0lMJ)Df_$R%-5itMDohHZ^es&b zOGC=Djk8@#E0S_kOSQdB0=3h_^4vnq!m{!wpJf!U&rYp0HVtqIEXYVq%y+j;HFc>l ziE&sv?a-p4)Xe-07thRW6D~`yDkpCv6Xz&HHzzL>BO_lQgDg)Y)AGy$qXO?TvuwWt z7te~!^wdT;N^<=49TmbtD+>K{i%rUnatuw3^iz%eot)iVv@KkMBQ4xR3-yyT z>n&VTBT9oU0t2}sb8{;a%e*W+g7m$Ub9{o0!bI5Tuyj<=FSAUKaPzDvaw~JobPV<|^b7DeFn0CI2}=wQ@-8a%j5Ny#k4!a4 z&5Gp8&5kMvEcU85igZkI52y+^w9E)JkFp5#cJ?<&GH~&X@-s}$jxg2MFVN5C($&>f zD2vd}&j>Cvst8IcFiA7<_pdPaOf4!;sW9`a%Ce}e)OIR!bTcfesK`m@vS-kXJ+=2x zdVTBs(gi7Ii8fECN2$+zo}{b!D&p_khYZs4!pCRqJRI=nMjF$ywvWkw+ups7w2*II z87deuaqhy5#Kn~>vkbzrg)}W&ZruAkYi*CM_QE3N31N tCdrCBGE$QxCP-h%S(IQ|dW-jcH^%LF#2F79M}o?38HXJN6se`$I|U`ncop;3NOzCo&Es8OL)x~FflnZAFp0hg|wLUD11 zZfc5=si~o*f=NJCRDQZbeq^YZcaoz~h^Iw!iLqOvc|g8NNsxAwyRW;KYnY>tSzx$}MX*spSZYM} z#E;_PMaF3!+QpeJzAl-i`R2Zkk)c%;1uif$=ONS#(B;L21f4LSuO^X;~B-nb4;R=6GJPL z3!FVo@=g3)(uxCfit}>xovMOOLcKF8f?XrMlRT4iax=5JatcFCvYd-6GD^ISO8oq) zf;=-bqjH^0GdXi z&nU_%H}WlT%gYHcHjebobk0eSD04R9^6`%HtV(xv&GISp4or9P@{bD5G%E?P%*fQw ziAc?e46Mvg@$t{}D~e1gOZ^=GNOO~<(15TK z1Lu^;&8M~@R8bV3Uhb0?>Rp%=?pYa7@}?q(De zlFn6OSs3o-Z&B~6BQYhl^$FgnrCT|J diff --git a/secrets/email/details.age b/secrets/email/details.age index 6e3f187..1b5144c 100644 --- a/secrets/email/details.age +++ b/secrets/email/details.age @@ -1,23 +1,23 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA 69RgNRqfd9pSNuJMr88rzFViy/xYScupvNucY4jOARE -KeTB7nbTiKxS7Bl1UPZ7IoL6XlTKxuEDIaUiZyjrsx4 --> ssh-ed25519 4PzZog R4dDARo9QpqRG9qKjr2ytkpJYGq/822XdiLEBDFOMk8 -N8WWraxJ0HLAgeFM0b5BPeRB1VIP5paWO12Pgruh9x4 --> ssh-ed25519 5Nd93w VboljaSRjajrkCp1ilMC6qvDv3+ROE670Hs1iNFKRXo -zUXXzywu/SwRrqmQtNeiq0hoayNDuW18EJuRZY07Z6A --> ssh-ed25519 q8eJgg VqbE/b/ddDfl4ShxeW3Id3vjXVJBP1KZKnJVUJsElws -y7uUlFXj1UlKnQxs0Xkixv4uLU9xRZXktmY2nID/AFE --> ssh-ed25519 KVr8rw dCG//gX7lz0frI48guiFNm9TvuoAJ1B9/Q/o4FQiWGo -wZ+QWN+0YK6DXHCtmdxtBDmtkHtNfOBrKac3ADIxK/U --> ssh-ed25519 fia1eQ 1s5iHrqZ/7TdhC1vU7qwO2Cgr9W1EQRdBwXEm7U+XmU -O8HYon1a/hcQyjEQkjL+uVIvD2aR90k+Ro830hy7QfI --> ssh-ed25519 IzAMqA IY4TEBaim4AtxO4N+YJApvUlDifcJkcIrH02bUP20yU -lQzfhUpnEuQdBep1ZKxdzZ6kIyP2g/BlJG1WxL8SiJw --> ssh-ed25519 uZzB3g z/mf484FBG7MNOnAV0iGksnv+NnuEzzfcCRl7UFosjM -a6fCYyU/6Rq3eKXecch64GJQ/a6bVNd5TJYu4SmUgf4 --> ssh-ed25519 Hb0ipQ rTavA3BBHDOm1oBTOAeB/E/ZfOumL82FFHbqk1c3rlM -VBPFpsqo+j6uhTwaXZtuPvzG/JNo0cS90Av1GfAsYnI --> ssh-ed25519 IzAMqA xGKLZbl6ErNlp9zH56mnN4cL/YlNakt1qFWqKhOJaxY -iju55ngxSk4IptEnRZ5435ocDloskNIENnkYGbR151I ---- ypGNmAjP0+RusrsXWCdDwWXJiqO6b1gnnzSyLGcQHLo -OMhIt^=Խ5!1 Žo-4+ ^7-{mPK{T"jd/.  MbT{ӈy(*yB˃Uo1æ \ No newline at end of file +-> ssh-ed25519 V1pwNA fUmQeNgoFbbsFaWOuoZil65Wb9QXt0ombUUaowzGiw0 +f37D0PiBMFwmgUtsNmjr3GD4u9VjSUhRKRdRAV/m6NY +-> ssh-ed25519 4PzZog 8IbMdWcBQxNl1gJSAxDZ4wX01jU8xVcrFculOfhdW1I +qrMJW01W17kyc4+61PTUf3fYYeqiEIerzLb4Qyjomh0 +-> ssh-ed25519 5Nd93w InDd1HzgxvHNVZAdAxoeybHI3kRggQh2dTI/abS9YlA +v9ONGUDVrFSJyham1OfkxRtmPzdOBQqs9zD/u0XkHqE +-> ssh-ed25519 q8eJgg L0cOuysyQN+oBz7sG8NL8JHPvoPyKi8qSlSVan7s3V8 +6uxUttvfD6gbNLdFiGxo88ZfpNucTBpCTd7OlAYdx8E +-> ssh-ed25519 KVr8rw IWOO1WfFljVKcU6WkziAvX3KaRoBZoRT9PsihqkK8UQ +fpK1yiGhKxlUOzhI+FP1AmEP9csPhMcBjzi14spJThQ +-> ssh-ed25519 fia1eQ M+Z470oQzYWBwjQIqBgxBNieMeJRzoL6rc/rit1dkjs +xArp+UWpskcsc9q1XEzJ+1rM55/fK4/7WL9d9oXYla8 +-> ssh-ed25519 IzAMqA Iv7rCzraDezK5u7baBxdyXOMVWUQJZpQrTc1W0bWEGQ +U/d2awrDMpw6OP6Z3kEgzfpCRfmxPdI+7LjkRrBLWx0 +-> ssh-ed25519 uZzB3g Sn4Ufi02xZpJq6zJc267P9L3rlAL6Boy2YP/kj4PW38 +UWaxsni30Z3cEH+oVRv5wP6EguVAnLvbkC9zB2xG4OA +-> ssh-ed25519 Hb0ipQ IgVkXC91wdBmJcoksMSAmMVn29poksBQLMOgr2xQm04 +d+fI4goKUHwn2jsA8jJzLUc0n1vHKUplsl+zG4O+g4g +-> ssh-ed25519 IzAMqA 9V3QfuSB7mbnjnYRiRG/lznwwbAqROGXGKKni+ut9SU +nDxzIJAl7JIs+Q6YAiHbOQWXwfvQ75OATgEcp1SEKMk +--- 24F4ekcTgmg1WahdpZX+TsLycKdl6ulrJEGu7m5hr7s +Hu5c\Yo7t5e)/=;->kLS'=NV於 D=}KCPâ8c5!Vnd63I|3iyI>Jb/SsrUrV \ No newline at end of file diff --git a/secrets/gitlab/db_pw.age b/secrets/gitlab/db_pw.age index cd1ad00db2ebd9cc38199ff892105e4dbd90f2c9..1d34129534a7c9c5959e5bec7f781fe5dced0622 100644 GIT binary patch delta 914 zcmaFK{*rxyPJMn>xwfB~pHYQxkwI{xfqp@FhG&#>icx84L}`#qNI*)ZpSg2{VP1Z2 zGM7hqad4rdxo22lv1MwJM^28rv%ZVIQJRl&V76;vZdOJ`gmGa;u6bFwFPE;JLUD11 zZfc5=si~o*f=NJCRDQaGi%X8Sv73*+m%merX+V0KrCXVaQBX=+fqrFJh`Fh@kz-&; zc$QI)etCE@SDLqvagmohF&MFxra zJ{846s?prR7zR+WroF-*{Pv91%>I8;~B-n)5=XMon2DA zvkRSlQjIE{oxI&saw79G%uGWwEiJ+_{j)2LO(UXAvw~f@++8CBD$P?XOruN+lYC2( z!^2F=oJx%&3Vrjl9TN?`gZ(oc%W@6ED?$P%pJf!U&kS@l^oVpSC<*lp^~wwN)AlS* z3@|q-OEC_1b`EeX4>0vGEHlnC32=<$@-26cGVq8r@bPf3h;#|6@W`&xFDN(lGcU~W zHZk|kN{cjc%TKP<4l{E_kAbwzM8niTg$QROXUi;SeeZyr@W`}K!@T;;OtVm<4AX!> z7t50H^0YwL5EI8FPuGwj3$DsUKVK7zETdFQmvFPd(xL)$6N^0Uz}!%$Br~tvkl=#k z{E$GC?Bbx3WOVCFqpF;Y(-l1ZQ;o_}{PK!?EcLVUipvfCvYaw4GxJiClcSvdgEBHg z>m7^2gDeYubF;Zp+)J}V%UnT;FfS`C#Wf(wMBh16ze>B(uQ)xbs3fQ;CqKQy&B!z= zn@d+$S0UFYG9@`8DLu5PFfT7tKg-W`4hD6l~*o3ayckudvLLbp7^oY`Y#_ElqROEw|e|PYS}Ek9)&Wm_~n-0JH<>H z8CJYbxP8fW*-Y19-fz0WKVJMSkl6aR@2|7ep)yhV8-m*{q9?AW&AxpSLK%eVAEYLvg?-Wm5n>{eoep8d$i-u$&5$yxen*= SunC>W>7iBq!_jj(g9iZGRYbS| delta 914 zcmaFK{*rxyPJNHF_*5LLUD11 zZfc5=si~o*f=NJCRDQZbut`-=j=zOPQFuXezM)^FzMFZamrG!ob4fs6P+4SFcz&^~ zMVMbnWOjHcS7wBEl5x0EK%#MWxwdPON4|bwwsusAhpCfAaamwUns0JMil2#Rcvw{A z#E;_P;V$JF{`!VlB}uN@E=fLx7Eakgsge3&DU}&1$;PJTnR(iI#vZa=<`!9HhTb`qrTLEGLGDHs`r(E85oV#2;~B-nz0BQA0)0&~ zLyWa8Jd(WfO&o(V%rkxRO!eKJ3QF<}%iVp=6LTwzEOLvvEL}LBU}w8pJf!UcXD;gGYm4$GxCZIFHFu#PxCkR z^b88mD@qQ?^DXf-a@EfWbk8oSEC|cyaxJQIuE?}V%P27^2@kBO@^viBcF9Zf3oS`b z%B*zCbha$;ODQlcOG=DHkAbwzM8niT1$Q&ol63zHZ&MR*OLHIRP`~;piwq0%@bd8T zh@w1;Wbcw}=ZHje(*kezWG-I|vx>rOZ!dk9k}N0lTu)cS^ni@~h>*xCj{+lOOXG5b zR$qpF;Y(-riKQ;aKoOu`+#lL9KrQVI+8(=szE9WyGj^9nl?{Bb*HN!y>u#Gg30mU5%1mLoGrrjP#wuoV5K5+!K?Xwf)n=3L+vRT}#cJERq8A zoD8^hb#)ay+`T*VXZ55D27HC>@QAzhbU+r2)5DeOkUDwj!5H*0#n&X+IxEOTkGSgtr* zzrYs7PdlHlW0j3He?KisbNA5+8+-WwD*bQWIO}DJ@cL_|Dpij{W$smawezLN@9%7k z{Go1X(ioD_bSPe{C1sDQr+kx5vWmbnMV5KTR=HItIz?K@2}|p#aJ^%m_iMM;oXj>} S=0CqVFP+p{b>h+U6Z`;T8a=uI diff --git a/secrets/gitlab/ldap_pw.age b/secrets/gitlab/ldap_pw.age index 4ee36642f5e17d308fd54967777ebe87f3f1202b..fece9747145c8e3fad8d86bdc5cb3523e26bf725 100644 GIT binary patch delta 913 zcmaFC{(^miPJM-8LAg^#SgyWzNrr2-d%m`(rD>&SRhfmOaduQys;sas-NNlIRnb4pa0vu9FbrFM#bgl|}oMNy)gWpbW@wws$vGMBEMLUD11 zZfc5=si~o*f=NJCRDQZbk(rCOQ-x7#SZbh)Sx$0_wwqZ*WN~hpYeiy3p;usNkwvb4 zKv8KyRc=T+mv?$jhDD`EWU@s{SzvBxS)NgbN0_mbxqnrFr=@dFplh~Ks6kqmPpNzU z#E;_P>ET|vQRx){#a_AkA^Pb~9#uhpQ4t;yCV^=gnVI^Y`iWkZrR9~DW(I*=Rry(l zLB0hUnQq?Z?v=qQ!P#yFDaIDXmd1YJj*-Qd`TpU#CMMbbjs@wH;~B-n11hsjUEP9; zA~H-|4YN~1i_*;v^UB@z1EZ3RJzP@^b5nx?J^hU;v@<=q0yEtbONztNeZA969i3eA z!;LIF3(NvD0usvt+=I(~v(r36J;Kw&Qv6*fpJf!U_l(l_Da`aTiO9$|OEf4*F)$7Z zEO#+*$#iq7vPkpwEOs-gs&X`Q%5V?lN^vwYbuTon@QiRvE{n?cG>9m*h>Y^8swg)v z3CxZ13~}_xN-H)Kk53{U*-1Pcn1 z%#w(_NOSGL#Jq|i=TiTSbgm5l!o(t@9N$8(qCDT^GA~1;vf@%B%L1R`G`~t8i!zI- zRP#iG%IvBV4C_jxs+^3|71F%TQj)^_N+UBJT}n;7y|Z0Pl1%g54E!?-Ei8&m{C&df zD@w{N6Ai=MUAZEo!UBs8wbSzq-A%lWi$mN(qKpiqqSBKhef5*IgY%3$Jsi!03&PUV zvbl71brrmG5)IQU0!^LG{37%XQ{2p)bMo^uJu?Er%JMSuiVQP@D$DY-i?WS%ZM R*}t4Qg4VSPWrTj-1OV8*M{xiE delta 913 zcmaFC{(^miPJKa0U`TReh=F!twozGbxO-l(c0{pLxv_gmv16HWuAyb3r%OetXRw!( z373gwYDT(;XRbl9kz+`9W<^et~Oi;~B-nL%n@WD|}0n zLaLGty~`@fd~#jV(?T*+O9O+-9aB9ME!@)!4fAp$oeavka$WL^BYko#D}z15^@Ae4 zd|fP@Ec}d}BK-U-y~_)=b1VvTqs%QM&9ogSpJf!U4=Fb)FZTA&^D9oR$WAH=PERe$ zcJ)d&ba}V%O%}v*@aL-QD&+xZ! zb`0>=4)BgFPV!F;^(jq8kAbwzM8niTh2reM$n;9foHA!^1ML8F{i=FX)6{~p>=d6o z1JhJDLsPGCPlM9%qJXHZY_3S7QqNMSl!7vg$^Z-R2*-K+EsGP4r33(bAYjXcf# z>Jz;(ij4G&Lh`xXeVu*uGZI}4jhs?4oSX|i%>A>Hi_6l=OZ>}BofA!*!wuY%oHGht zE0Vc%b#)aif{ZN#y$j0IBm65uv#K)FJ)Dv%jY~}(LktR1yfd7gJVH{c3|t~ovOT#z zIOyg6cKzo3bBo$Z`vW3&Idg8*yRBYOBwhbmplQv^eLqi?HdrsOu9@U^-mhlPj`JOB zPSuH;7+*Y8AXzc{bGN)%lis3JT$L}6ZYf|mA)%jFX0n{my-(Kb-NE*yIf}R6m2TP} zw_r!~zDoyJe}1GmeZ`^Q;`dgkC^qRnb`?``c=2y8ZQ6UWp<*wzP?jdah^wLSY~#nMTLP=n15A)& zC|8kRURhSQrN56+if@KriBFENzGYfKc~YW*mv@Srxlek5g?~{_K)Qi;IhU@TLUD11 zZfc5=si~o*f=NJCRDQaGUsaKBhG%MVqH%79p}CWRyIZ7%Wub*nWplEX{Kq0uAT)>q2|f%mEjd8ZeFRyrhX}|LrM*^NP&M@5CyX$W(1}%hI%xfbztu%5eR}eA8l2ZKov9 zyihaWFk`cfVsz_DqpF;Y(-n$}!h${XGs8W#odT1c^Q%I0%frkZLp_a+lgj;~g3SvJ z>jNU9JPHg6NB>njZ6YV98KNbQY(T3eN**A4V;Sf^#l9@N-X^YJS)OWef7&y zk_@UK$L!7U#>x9fkiSUK2C zeoSvTpmJC{Qgd~h&C|TsA#1K&S!Q^YNsyO^i%WP?c(_?mVveDce}Sp1enmx^pOb5OYI%~Q zE0>$QhkmMlieE*(kwux8TSi&BafY9-qracCw{w|alWO#X?|*MQGkzWa(I|YhI65jvvy(V z#E;_PhLz^o#bN#)<`%x59>$se$u3cq#ufUhS?S67P9~Y*zLg=SIhn3Wxo+89zJXo= z>DtLjkzSD=9=_?}#lB%a5f)A!0Trpmxq(3e-lh5ZhN0#bDHbM^;~B-nja+?0iZb+r zb0dm;!iz(SEF%5$-Tkvn@`~~TEemtKJ{*m+<uK(5rJ2m@o+0R77FC5?UE?%s4|nlq5zLD?Yyu` zFO%#XQ+hB+)SMO^Fv(x z>Wf`Xiz_X2BRsi`(^4vfOvAlBgUqwCaG>OdllH7x zCFImuF~RX|phn}HHH>d2u5e9gouhrXM!GY`u;6E8L{F2Y#J~Sb88528eA<;>Ubki5 UtaIIo+c{^|o}2g9GyS0z00c2eOaK4? diff --git a/secrets/gitlab/runners/runner01.age b/secrets/gitlab/runners/runner01.age index 387705c27249e7eef475f73017912460c51ceee8..13ac650790b50caae58d035f7c92ad95532d95d6 100644 GIT binary patch delta 867 zcmdnZzMFl5PQ9s5wsVQ8S8jlRVp5`?mv%)#o}<5sK~AZAP-##_evq55Yk-Agpl3?B zBUgr*xwcVBsCQT z#E;_Pj)CRAUS7_HIYw#b`l)8dRi$Oc*1HaamM|Z&g5^bBT9JkxQhdxnDq@lX<$UlYUlU zIhUhzrlqHWhgo)5X{uvIrMX2}w!Xh*R*-Xec)D@EUtwrLRC1!FOHf6kFPE;JLUD11 zZfc5=si~o*f=NJCRDQZbiHloFj<2?hcBpf{Nw8sVnOjkDRibgeXGoQAfQfUeX=1*k zQK5&2esX3qSB0aWPiBR2a#(1RXQE5KXNaF~Zfbajd%25~r;&e=SxQiqM_77}f$=-f>rWt3ns`5jPO$+?}BQuH|GZKp@pJf!UPsudZF7S#di_FMy&M&HPb@eT& zat=)ltE_NL%QDHyFEvl`aQ6yHG!Aj(a>^-)$nrHwHO%t}^bIh}F{yMZ^sFp&Ne!-W z3Mh=!PBAdZFDs4+uSg3;kAbwzM8niT1&_cClR#IGu<*#>(5$q)h|u~(;|!-Pw@kmP zl7i5T665f|v?Bi$uTYQ7NUkEMoMKDQQbS*_upGne@SNlb$5P+4?6Tm{$PlOWhzNb{ zC=>Il0zY@>NObEe%YrSF$`!O-&5es(!Xr|%4D_RtGd;^nwbN2_vr7_-@^S+6BiziZ z>Z3vfE6oZ`Ln66K^|gI0U0qWGldDP!3JOC#JtIuak}KRw@={%0qaso~Q=LNtT|6=z z3$nR%b#)b-Eqx5is`5*Xyjl;cDqI|iI zDO+m)*tBs<_FIiZ4k91BrkPCs$i5)p!1SouU;nVEyf5HAwsFEreRIu)HQvJNqSs%p z)a-t&!+oCfoQ~=8#WOP=oQ>khJ#Z_cTQlh1^jQl;qjMEh#V7E$_ug;ToDr^7% diff --git a/secrets/gitlab/runners/runner02.age b/secrets/gitlab/runners/runner02.age index 2901579acabfa034ce58ccc9828422e801d15bc9..f29310fa2e2b237e83e12905b502de6747c68b58 100644 GIT binary patch delta 867 zcmdnZzMFl5PJN1(eqc&?SwX&$U!q5Na)fWOdwx~8c~YrGKw?ouP?mA7x4WUQv87>n zI#*)8Z?b1_g+)b5URXwzhpUNyc#1)icXFjcaz;dclt)p3hmn`JV^K;~D3`9CLUD11 zZfc5=si~o*f=NJCRDQZbm}Q7rnMFysrE7kOe@cXYo|{u;rk6=%V3d27V?>!>c}S{R zqCupwQ$>a=S7}h7iFQP~xrKpYuBD4tkgs>TN0N7{bBTMZfnR8dWtpdwdr@empMH4q z#E;_PZth+s$-V(qmAf-jykC&MCo`VS%Ok2A;)6E26n*^ZV;28q6t;~B-nee%kT%F;7T zL(Pm+3i4B2LnD0LB16MND$0{9{q&7JJ&avEwG9&^ecZFT41GMZz1=-B^|M_~%S(b> zy?k=QB1=lMqjJn$LZdtbBcqDLEX>n0jLiclpJf!Uukb80_IA%N33S#^it-IMPmRbg z$g|WBtMI9G4M}lJu`Dz64)MtaQcTcVK^C}6-a;-`-HY?UobN9)}@-ov7 zum~$PPc2L~N%l)m40X>(kAbwzM8niTg`8BMoHFm^(!`{QA`?e%m%#c!ZxbKS!YFMI zuaY1GpGZ#wi^}Z$;-W(5NUlh(QLEXwlD9n-n8JrdnrgN?kkGknY~i_J`Zo1Tb*0q%_z9+f3GPR{7uubjU`RBWc&+_CvP-C!Czr0BLUD11 zZfc5=si~o*f=NJCRDQaGk!NU1v2mh)n5$uCT0nN5yPI~IYqqmjj&`zHS+Sc}o>`)q zMUjVoVOnM~S5lUDV4-1fn0H=sfSHR)M2cf#R7Hk|uSrI6WubwGdt`D+iDim=Xi0wH z#E;_Pt|lqoVIc*EhW^Et<(65=<|$E;*^!~z7TV_dr55=nm6oQ3Ze_uhZtmG!xqcNH zsRf2nLFri~hThs~!9EqHMG>y1KDLmdkf^GwZhk`05)lFb|^pJf!Uj|g!~cMkQ*Nb+zo^(pl;&nU_Z zGR#jm4^DB;N+}I1Gj??}G7fbq&dqV<@(#=?cg%5$bgN1ZNht|6bxMy)HVh8%OLwmd z_V@KN4fT!kDlsfeD@}3aLW_a4%tXV~K!s8tU$+922yY+n()291Qb&_|Z7*ZP$dK@C zFW0mR<7|t}5EFB4_YBLj@IbDt3g6`5^pF5olR)i)yzJcKbPFG^@{Azw>}<;vUssQc zRG-AuLRY_lh-7r@D$9Z`lgbscJOcvrGJNwaO0z0MLUVFc@_pRH4K1BBd@X}bazlKo zD(fSvOk9o23`4WIO1w)V5(5j;B0Y;U144}>tIXX!!hFqBO(QD<(p@uh(t@-d3*Aa` z4FW>BbaizVT+7Xif|AP&GW;DYN-UBR9rca;ib68oo&3`cvfca*^NW&_Q_Vahb1W^m z&TaHmJaYf0<-!NdTWT!q81{euaL#9^*y}}6*RFr-NOd?}_`Jd6N0Vrl((WCSHLL8p zd9%1z?!8pzdADW$m09A49XD?`5Sf)A-G1oRozNNF^Q5or=-%+`(wBvziko)qxDmZ- ZZmGxBfBWC8Ts7sS^fiUvKSwtO0sys2Hh};D diff --git a/secrets/gitlab/secrets_db.age b/secrets/gitlab/secrets_db.age index 474331d..678aae4 100644 --- a/secrets/gitlab/secrets_db.age +++ b/secrets/gitlab/secrets_db.age @@ -1,17 +1,17 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA nvvDGnr/WMta+0XVEnUlmg8KV3mO+5zX9ZlFQZQS1Bg -YyVLxI+TxfXXsncaIyi9Su6tzh5KLTbHxHxbWhplXXw --> ssh-ed25519 4PzZog zuxuhtcAiEhrr28adZrFPK5Z4399/8gbf8aWoAtI7HU -vR/0DkXhUQmbfdzMBVAFDd1S/87DDpg9v0gyZDVv2UY --> ssh-ed25519 5Nd93w CUTmUrZomxIY6wwemYIwaIBO9CFSPrcQaIWs1tUdMm8 -btVGPdTgvyxqd4rYiuIXLGJcQoF45g1hx5OnTHQgCrg --> ssh-ed25519 q8eJgg wKjpIAXn+5FAC09yengwsJmAgPVY4BSNOkzC6bdZUBM -LUifpX/UNLC0ge/ApqC0VZ6NWwug865Gtp5t2/Fbijw --> ssh-ed25519 KVr8rw 0YwXdULrmM1CaWqe4ppSvn3rI4qaHpjVFxZLtE/jFiY -GXxdfK6NU0M0tBf9Txl9M7SzUEkAoDJ6VhGQuQtDRCg --> ssh-ed25519 fia1eQ BoAjwSD4dQG+35NLGjPwYcENbtkukIoEVxo23A3mukE -1YAgdZedWip4daImkXA1UnHJNGu5LBF5g8t4FotjiTg --> ssh-ed25519 uZzB3g g/yGqYocU7fg27BOj75yUgFYHfYhLg5iOA490U7xpUY -huOnWVaBT71Li8CO/NialjSzBC0jscJIE7Vddc34Aes ---- 9iDIOye0Eass4rxrC2ZcfxXu09TG0F5SQoMAi7VOsfg -õmOd匽xo#5i;Y:>,n,Q}K{)iXUjvS?j(r@'s@ LQC^wXlqcOPѐMn_j ssh-ed25519 V1pwNA 7I3aWhw7iw2mwJnswJkVfIQ246p80yB//uG+0sEyqTA +adGO+PNHWVXIlDQKyxSPXvZH5XFONNNPr9iLeVq2OfA +-> ssh-ed25519 4PzZog 1MB3obSvF4K2IHF8beEcTwZ6gisII/iXq7uGKsDK4GQ +dVPFnOW0d/IuqNtrcLdr9AtNCWV4NYXTtVHHZS+kVHM +-> ssh-ed25519 5Nd93w CNxhP+Y45tiXD7WvDbQgo7ejsWfBoq40SygJDhksCz8 +h3usonhy4UfpnSkuHw5pKEV1WS7IMvWqqd1Y6t8J1lo +-> ssh-ed25519 q8eJgg yZ7BmDxy1tXK7q51r5oAFvhM9mQYHtexwOILnq/2BD8 +dKwf0oHUUiVBNQod8Zbvxn/YfMnhXNZbqo3Qv5uIdME +-> ssh-ed25519 KVr8rw L3rQAswf0dc7Ok5AuTFlSl6fuOhcRNKI+donwmJj9B8 +BO7TsPdPqhxy8KfzPW0QU1qHWKd07fZSQ7TqS7+2ep0 +-> ssh-ed25519 fia1eQ aEskvIGIekFwG8z+jlK3VOlhhBGLYPsEnS/1w42cKg4 +phKYN4MjToHeljP1s4/gb42D4t6dlLnbyut24vBFjB8 +-> ssh-ed25519 uZzB3g lczlYBZbn3f39jfC1fp52EXXRYX3nDrQ2c7X1QlqbRU +eBjI6305+Zigh8+3esXt+qbmJOVJIARVPA9ROeedtIk +--- LOIDMgRcQ6CDPqWhDTSW0vzaTV6XggXW2/HDF2nB8fA +jtFީ\ 11}&QwwVNGzQS?]KD:K675Gp=r;$bN8/FV,!J%Q""=ozԔfTp~mZfŹT2岪 0_~ \ No newline at end of file diff --git a/secrets/gitlab/secrets_jws.age b/secrets/gitlab/secrets_jws.age index 57748892d9e6094eb6ac67437de8bd0925d39e19..78007ce379030626be17613b770e4d8974ca535e 100644 GIT binary patch delta 2475 zcmew+{7ra*PQ9^zS#EZCW?+^_L~^ECenv&UVTOrIaY(kGg>#9ad!Au#U>5iplQGRAsQDLRNE{3688Gh-J zDH-M_DcT`r5$R@5K~)7Qkr7pn0WNukp%sCKS$^97MMhDPnJEU7;~B-neLZq3O)9jL zb4&x%vjdINoGpwhvVGE%wX58`UA#i`oK3vkjY^8s)51)+oO~?Gfg)@kAbwzM8niT1@p|jvalS>s!E>_mz)5vpyK-Ufbc3OGxLzV zfWSPrf^xs0@?bCLQ0I_xPcFBzAal!-&|D8Q->|IoK<}umBuf+hFeCST18w&pgT%7X zyi&gkmr@T;j0i7{s&X<;SBNr*s0cQ6j>t<(ODiqb_K1kAbPKSEG*1dFEq6AG%E%9> zcdc@Z@^`m%@#M<(4z}<$^9rdfF$waFGA;0lG)eV$&MEXQGYNFEuy8cYNhu5TDlras zx8Ty%)m3m#&MZhNHb}||H8l^(&kxhiC`oaQN;Ap}FpVnq@=Wy($uu+2E;ULuDdsv_ z@%PZ;bjLZhJ9S>&p05+8*weCk;)}^)N%i(d5B)Rd#Mn#Q8qQ7P`)eL?FVH`UrEuY# z8EUBkT|Zu#s2-WQU5Zb8nRH?G+_k!H7laIV&TT#U;AXR4Y|C`kM(vyky;lXwdZ&yp zeRq)Z|NNNm&#^S~$a}HhH#4a3mY@5uh#hIYo z>C7O)4upAMhNX`p(jRd0X6;8zKKonivl2?fvP*b8w!)=7r~6>+#SO0?vr$Fl8bi5ul#(D^@k-Nr1|(3 z>0d}Uk?`Gk(9O3i^8jay(9*-+r#$=gmou|oGBDCwu)Ln_^Og-?_`VdLNlbK}c4*;^ z&aK-VJyyIK}% zC;xu4DB9T^H%)wc{b76S_B(qc56olyAhhOASoOEr*2@zPJipXtd%3p%&eCtybzbaA z+y^cMIp?k6PmT@W(YvPLILGYo_ix$deJxzrbNq?I+6OiARSP3d#=LM3-SOQj?a$8& z?sY0+OwaWeZTrUUxnWa%>y__+G+0=ep0;O9$+&MG?koBI&ckK@4l0G#|67n8eC(3g zNjLk=p^WUx21oYEM{NFT(=jXB^}pS(P1C+V+sGJvceYiY{ZtndiN|xLW%Fa-f7rLt zpmc7xQh$p!^JhQlEAJm|+OaQFlGXOyvJxxa#k|>}rY4Fe@^7otCY%*`P}uuMcy`ED z=AZwZ*z-^3vWiG-9Z7@OXR?q*m z^lAOevMooS$gTUGX_LJCs)GyH%`F;^uS!HOv|ic}9X*HbnE8N19}4!f_A ze6U<|;cxGYO6;M>9ABEceXcp$x9;QK1ugELyhX{G8-GvD7oD(hYV-UHIs4Z|#qGJW z;gloq@>%)Q7gv2>vy6XYh)t64#9o*6Z^Wbpw7T9c4XtOX?OMPl)Xkf?SEf67eIMs+ z^@*IuPxqRcmOklFs-8N7xqRLOOz@?x$t% zd%Toynv^=mls#csTxMChw^^Ghq9l7-b+FLtw&$rIdrn^S@eendW7t*j-Xkt&W+nfY zhV#F@>>h7){Fr^d-ZU&`qTl;=z6yS37OtkHlTBE~`q$Q1tYLM}&|rNe`?D0 zpiB4L)Pr^eH}A-tr~TRJ%%Z}{(O*~|wp`o9kTTVS%hkhC_L(h{ZhU?2Zf>my3YC)S zF8foj*_qy6c4!mlvii`4YPD|_)j2s=7{+tIdVb);&-gx{{h4|ydLC&3%VzyP@Z-*& zx`_|&b2yyvUw$v*@gtoz%>1lof{$a(uiI1!U5&lGmvP0ve#;LpzEwMJJRTrm0Rt2zW%-UQTOXzTb)^d6mxe!*zLD&+Enp(*3We<7VVJS z`qbgsttk7d`Xe_dsu~1&ved4qDXDxl7F?tzujs5zyk{`wMCQRI=`&@fX8(%`W z@adeM**bz;@3O9P8qZG8%vWJ}T=BhqUXtr8<{0j|C(8Go{=#?Qn89uK#1mq!ojc#x zi|GhfKmTHy=x(_B=C_rPMc#fgUNgEP~LFX|KY-ioNYbAvUBUL<{v(g>@KM-#5coPrDdLcnb?Wd zj{mC9w{j}l9?WR(J#~J+US?S1QnM#h>q6gM)G#T`-Q%+0=ltxrTNkT}qOz{oUGH&U z8&JM#{q4W^*oEZ+7=yZxb(i;fOmS=5!5TB|GvneL=giEm&gY6h`lr%g=KWLq7U%VU ye4a_3S&;epiqes*8#l5Y|I3?Mud=RU(w6_)^H+V{{Dt>+qnhYuj_?igi@X4BBSCHe delta 2475 zcmew+{7ra*PJNPjMZQHvkwHY3kDo_|NrhKXaB*3fZ+f0zNr<7ZWm&e1Ww5u4aaD1Z z373;cfPqW7i=lT&da|K*a)`5+xkYHPV?af5K(R++P?b@hS!8ILnT303D3`9CLUD11 zZfc5=si~o*f=NJCRDQaGS)`G7Sg1!uUa(7$sjFvYu3KSgcCKeej!$5slb2a>mQi}7 zsi$X|UuvK)S5lNqzJIQBet5a3v169Lr*UpxK}uC*M2K^?Q;EK}k5Q&~X?jX-WpbIt z#E;_P!NEplDN)%$VcBW=S&0Fb7H%F@RpCyhg?^R3`c7d%Zn>^r#V$^H<}R*WQO*(i ze)&m$X?dn5mZ^a`mM+2W`r1wwi9t?@1{I}A#zl#NIYq%C21VJE;~B-nL!663L){F# z3p}fmjgtMNq9Q{=!;PK19nvj0`BuG%YAANOsE1x5%uBj7lvv z^ei&Y@HX&^h_dtz4K4IVkAbwzM8niT1+P%oba(B5?DRB06VIa143B#6tkhyZzqE9p zEKB`@Qu9pn$kL*6{j|g?UoM|S3s0Xk&ouAi(8z*f?{c$j%gpTDaO1GzL?_ouk0kS8 z_asB@(Bz_&Y;@~NqpF;Y(-pK$(tO>+szQS-EOWIDs-i3_O9Mg;@+_;IBTRjrEkZ&( z>VuQ>vVy8Sf_%CBjC@T@BYYf7EweIBgS-v3vrI#>eDey7OQNb$4LvIpjUy8EQ^Jc3 z^8&eab#)aoU4nx1eJcth{M?J3O#F4qrNRj?o9oavlF*nP&A*D_LYCTrSSEuH9CnNhG|o# zJQfP{f5~!Y#t)Plj*FZ&`|<`6$8J-%7tg)U+}LwB=Hn)*V85K?r|k{* zW%o*m*Ee-kFgN(?y9O)FO)2A#-7 zM@6?=8=gqh{};h_%6eAEMF#HICq7JKDpQkQRua9BS@>W5H819^ZPMy}oJL2!?a8iQ z-}ctOjYp{)m7ugZoiwa38(5j z{qXhfT!n<=v(k=wmDWF5@`y{d=7@#l!+X);oSWs=ah^S{w$XFhwWmMSyo{~fW7>Ql z+_H|C-)8jmnVa~TnI0E@>+Li6U43C=+@oI)7RoF=Ya$SO>UwGUpSElD#%nbHItiNy z)=%$MdAW5Hm&2duulY}GVc2zEzV}VxoYF%~iVbt$ugYW->F{&tx1O;=w|>L>M;Gc- zW;iO#Oge18Xj9LY)w7i5$gMwd?1$fn^>TCCFYEK=&z-Sj5<^0#m9+J(|H?O5q<@tC zF5i>kW4gCs$L7!S8_vG!_}%Rm7^~%>S2UZQ)27PZb@{T{3r}e8Vp$SrovWf$)3U)& z=$xVW=LY`e5`~T!SVl%AjohC1-I%2PD!?yW&t-0&LqX*wbvn{(;q8P5Lrtx;MDr1d|@_jeanNrIS zrW}uUW^(wg$gA}3eXn1~iS?_6l649e@BYFz`Q`M2Wnp_#4m$`<;N1Oct(1CM`Qu-E z8%$1DBtKZ``D9{~jZg7J^_s@FVvD#}W`-SjC1+!yWL)nds?h&x^3{`^Ow+BFYz|Wn zx^%NgYoFHB9lOsQeH#3!<8*rP;-TuhFdyn<=w(h)hyEM(mVYO`a ztesg4W?x|pcA5EOm8qzM!pyIAqHjVME4@7Rlf(S^E3F69UY{@6>bUVB<1_{3-7}Z# zW-`^wnnrP%azUb~lH@uQEP@l+F+4K2KO+tXzGJeT?ke|hz*<4R6R!#dfC zetuD0Vht=k8=RLmp4?UNaSi|O|4$jRRr`GB$waoft z={8#?t3QSn`8^%JSG7NX^ZMVVTd=wP8q=NFR3Y66L+h`ir?d@D1#Uf9|Nd)}{<2$t z8@I3C6q4f7r5M`~Y^@ZTuJ!UWtNPKP%D1n~vod5FZb~@EPF)jQ8I|f-ao#5Lhm4A= z_VWqKj#?2UsSL&+xMn;o|(f!=>yffuBS}= z6#ciOzQ%j$sSn261@>BgT55e<$oA3=3FkZ6D^Hnv|GQ`t_3BK`p5xc2EIy=PDs=bW zgZj`Cj=S+y+Qx659cDK!IH|%}%6d>ZYJt3o)wUl#$6kH$y~87Js1h9ZRHOaHyB4oW zV!tJ(D>iXe9Tu#-9*`|q&|85BBg+h?7vD9R?XdDw&vX4xv5VK%^IGb%>4LPM*RPjj0>DMo_7NP@k&N} diff --git a/secrets/gitlab/secrets_otp.age b/secrets/gitlab/secrets_otp.age index b397015d1d29df634bf82b4dd6416021b2a59746..7b94f37219464cb54d8d1343efcb9245465d8503 100644 GIT binary patch delta 913 zcmaFC{(^miPQ685L|%G&mU*T@U{HZ~c7AYHTCz)+zo~0tm3~f1ig|Xft5HB+fs2WI zC|6QqXr_~Ict&8FvwoqkXHsfrZb52DZlIS}L7{f2lUH$iWvX^bWVx$lAeXM4LUD11 zZfc5=si~o*f=NJCRDQaGw{eAGo?}v_p{svYYCx`Qxm#tad8V;xwpY4gqLYh@c3^N? za8Oj0Yel*vSAIZ}n{S~}dPG5lNw!b1pIe$=Re*kIRbpaBgnqhfu6KrST4}ngMNU@s z#E;_PUQX$GZZ7Vj78bd|#%6(m5tW%f<>BVOjuus(#^p|qd6r2*;Z@nC`IW_7PWlBt z=^5sZeue(&krA1RNoM}u`H^OZ0e)^(-rBk5ktUT!NdW=oK8c}|;~B-n%^kD-4SgLg zy?nD%^UIyIwF4|YlQS)niYzPxjdQ&%v-J&~^TWI|LbA)b42{ctO`L=Zx8%x<&^%v@ z05e0=;Iy#tWOVCFqpF;Y(-llpvMYn~oGSdC%Pf*AlLNwYU4se(g8VEq6GL1~N^%Xg z>r-5`vl4^K+>5ykqx=iX^o#ZV+(HX7eDg9v>8vW)z#u8Nz&s^0v@kcrv%Iu8-#aoO znM+q!SHaLDr=ZNgsKBcrBHi6HC8DY@B&)X-GrmX)1pcf+r|RlQO2w!X6>*!B7O!e=KwmfSL&Ui)vY>fyMnUstZy z{J|3Ydz-M&i_WLZucJxg#G-Q`*| zHN4R7_(H#bw_X?h^w*eZZ};z$ckb15&z2qioH*lC$b!qaj;whTu;}-utka<}G1W%9 Sd{!Qg=XiQAwa`<3FEapZlv3OP delta 913 zcmaFC{(^miPJO9yk(a4yd1+Bnpi!lfld*|QnT4@?RlcXMr@v)Hfn!c)QDH$?q<2nU zGFNGCP^fWmL{?dWVY!*Nwo$UNpGi_qQczA>l!11UwsD|&Vx>z!YIAI$_)Ko z{mKGMiqk{VBC@Fbi4-H8-a`y5q ztqgF_$_**W^7PMk46Ag~F7`<@jxh4&vaIy9%*Z#(DlhX54Kz#4aLq9A3N&*x3vf=& ztZ;IxH1-HgNlvONFDo!XkAbwzM8niT1;-5M@-nB4%#!3Ni!^OB{gC>|h{!y{!oc(r z%R-kxFVkX^u(ZfXFT-5-P%ZqkPOQoV^MH z>$S5Ti(TAHbIZAcN>U8`$}`=AJE5Z_{~8pmJI|dtHoGSC-jY+FtIoV!*FU*#?v_V)tF-np>pfW->7hM+ Sk6rI)4(`=@Uk`Kse+B^Nl0TmS diff --git a/secrets/gitlab/secrets_secret.age b/secrets/gitlab/secrets_secret.age index a8fb3289cc5b124814493d461d7fccb363900471..86192458622b92c69e2cfc0ad943c9a2ebf8ebdb 100644 GIT binary patch delta 913 zcmaFC{(^miPJK?gNqAJgQ9-4*LB6xGXPUmhxr?`%dw!lzWVS(~dtOLcgnmw%L6m8E zGMBHmZ*qQ6dSPIBWMq(UT4HdXtFdEHu5(scPL8j6MY?&hiBXn*RH#pRD3`9CLUD11 zZfc5=si~o*f=NJCRDQZbs$aTUWJO3pS&^GpahPvqx?53Xo_SP8V0u)ZiIHzsSh25r zn5kKwaj=mmmt|7Ar-8GPb5@alzI%A6U!|k3SwXp{kzu8Qn|5(UkZXodh=*gMb8dRz z#E;_P`en{0#g-MuDM?u=j*i*c!O1BG*%m2L`APa!CAo=)i3Jfk7G;$tc_9{DzKL!I zz9t?%Ibl^vWvS(***Uqs#aWI{QToLO5$+z@+Ere@K8|jQMUKUj;~B-n9ZLeT{f%>z zogKrp{mKiH!aU1eUBca>qC$Ml$`XUKgA0rjbM;dTTn&=B!qW0{w1eFOT%5CgL$&?O zOU%s*aw<$*3cV@~&3to$vIBk6Dw6}UO9NdepJf!U56LL=b=LL_Gc2ew4a?T{DlvC2 zb@tXbk4h{xNKJRmE=Y7u);9DBs&LKc@((Hu)Yh+Z&NH`g%Z*44DR4{9%`b2&%SqAB z%5t&D3J=L~_YMs9i7K!_kAbwzM8niTg-rLXQV-wAg2)WZoM2CHAGi8^w}P@FPs5z_ zB#%_15)a=TeM7f=17q`?d@e`roU#%FUrUQz=R$YwC>JviBe%SA-=bV6-|X} z!hrHLuL%FVe01wdqpF;Y(-l(E%d;Fk{6njX^uv<012U7+wT+B}eas`ub3+XSElPYn z>mzb2y@N9IDkHgkQ(Qb#6N8QO3Zi_qD@~m}QVa@wEIjmsjlJCs+>%R-wS&sM&5N>9 zECRW7b#)c|-AW2g!hPKRQ?yOXgDkxRs{*`Jg9;qW^Bv1`qOyz9DkFXME5eOj3tYL( zctp&Pv2ks2mU(2(zvE8Gvb^tiqOF##$gekYJUnB2gI=?8g6PHefSDg$n8eooxS@FB zQsk`I)FXGc$DOm-A(msP;=6(A&B?iqFIK-)mF=ntaZ1c-bnYa@%lE^>nwnGcpq|rmda5m7n+U Sfojuq4mtk4uRClerU3x&>poxr delta 913 zcmaFC{(^miPQ9hCxqEI#l($p3r@L{Yw@XH4Qb3wtx=~VoT0lffvRjt6QF*>eWnz(jP;!29xk;*- zWuCvjcWGrdmxqOZXr8gJbE1B!c6eEMsArC$k3qOuV!ETVd7*EvSwv+}agIx+zDcm_ z#E;_PC7G5+?os&}DMcocMMkMri9RJJnOe%`f%yHY+YpEcf!v&vg&wGA%C(F4gzU2`}&u4>S!AH}K3f@XAOJPm44v zbO{OxF-q}Ftn>;`3kV2AkAbwzM8niT1^=M%D(7&s@ItSWlF&*kqJ*tw+BZ|2!A`O%MeO=1kLjpWQ{k?;u3Mwq}(i4-+Q_@R9f~v|wl8lQi%qz@7 zb1k@Zb#)cIqp~7P!i$mvoFem*oPvU?yh|(niwr$O%Un}Zv?J2fozsnrssenxBP_Ub zX80~(U4O;km`UP_`BM%^t7pVDF*k1Jn^!+;-G;gI^hG|rd8xSa^R?b;NhTNN*eg@s zeckq(w@=}R^{>LjitD0kdrnGRG+d`4S5^L2$*ec>YT`zL{a4;}hd&T1vsx*5;ARKg zDV9z58?W5t_b*GH%5~bJf7!_tk*p-ghFy!ca>YnUZ~rkZXUS}K|9N&Fp4fJ~|CeF> Tv~NyiAjk91AJ-hc$tef`P*_IU diff --git a/secrets/grafana/pw.age b/secrets/grafana/pw.age index 22587894a8ec0f3c863b7363ea42e6e9ddf12d9e..23c80a3a6b46e8bd88a09987852b69b536c7c2e4 100644 GIT binary patch delta 826 zcmbQlK8byTPQ7JGfw^gxYp9z^TE0=@o))t(hv5IDz1zu z_6ZLTaPtfGEHZOUcJ%hK@OL!~3p6U{%5`zg^ENIni}DPx@N{=g$|^R_izx9+%`pph z%dm8dDoJ-Ycg!^}NiQ})kAbwzM8niT1rOt(LgTz*W8?hnBnv0)D((7wKT{8Fm0aNLt{_JOk)rK!eXO9?bOKhQoqD(b3-#f{tixa&{ z>x-QO@(L0o^DMYBor@weigH{{B202~eR8}^s=~?)oy`o~s!9TLUHyY912g=*$}LJv zwDY-ib#)cWjZM5g{Po=fGW^|rLY!Qj{oK3^O>>;H0xJt5BdS7NT|){>oGMFFDw4U@ zT;DV2=F+tR|Jv?3Tb{c9g)>J_c5(P`$H#`Nz8H5}?sPoA`QDcGU)s!%g;W%|SjV?M fwB7XVtkx&zxAhkp%8gYwb~XkStX2BDz{CRpCS)4^ delta 826 zcmbQlK8byTPQ8z#t9N#qVTG|}K#Gs2ho!l{SBa-rT1Zrcp|4qbh=pIiMPXq`WPqb_ zGM7=Nf4EDLwo{UeXJSZ|sfCldW0jwYUwDXlP+;W|)_$xszd*0hg|wLUD11 zZfc5=si~o*f=NJCRDQaGbGb!!c6NwMYE@`NRiIINfm?>ZW0_G_u#0zCzH5-DrKO`; zNo7e^d6{uCS4N~?N|8xucyLZpo>4%#o3m4nr-5g+aj!SrQQmJ27ieq_xNoq#^ z#E;_P0jY+CC28SV7UqQ|er7J=rB0bnrhfTOKAzf%!D+$i9{GhPMuvHb=0*lw=GjRm z&KZ6l8D(h&<{7@01&Pt!MZ)DMjeN%2f_N-WDV&L}E0 zE_QeJ^Eb~ePc0AD&rP>LkAbwzM8niTg*2mx!0d3>(A;c;JWH37VDtL2jHnXJd}Hmz zfRgmg@}hhT*HX*eoW}vy^Sohvje%xgDuRQD!e`OLoB2G!wvH+BJ$1L^K&!&bAqZ$oC?fc3IhGg^ouP6 zf{M9xb#)aIE7CK)EIbSSN{dQLv`sP{eay0qbAx;`&5ix?vhv+cwL^SUJ-y4bJPo+6 z@LFE(`qsww$ZhTImWY25@$WR4?{?|+BpX&U&D~Qs^F{jE+6lpuYZ@OYSsHn-@iJ*C eHo0D^Y}n0tkN! z30GBdWtd@Rs=uMOX=qhiWSD!Rw!5EWSz=aBL8^O(QMP`5fQzqteq>gnBbTn7LUD11 zZfc5=si~o*f=NJCRDQaGS#FL;a!E>3NJLt?kzZ6~rdx)8aAkyhly9b&t7S>LmvfS5 zS)y@qY@NwP1m1I?m*0(>kji!*}43(cKPQnK?WpJf!U&vVL14fV<}N%RkPGtV@uC@FFC zOmebt(GJYAuq?=NbuEp|39wA@$uYLz%69fB^)AmTch0G@2(5@PaValMH8V5}$xF*h zEw%_ZwTKMQ40bL_HZIOakAbwzM8niT1z)ccldMw9VzbPkHLNo7xfTW1h(t<$kN`H$2$26mov|QiF$iVX4 zV3RUuCh{K<(d;`JV$QRUu=e*U55`Duw>{^kYVPRW%%N%=W`&cWVgS(UzduEDNl z`Dw*Qo?I5G6=B&1WudN)S)qx=mgS!Mf#m@a`NnQe$)U~$Sw3E&DSlDmA+E(C7U*6n zjjD1oPFKh`FVT0(clGuR$;?j6O3w7HHwY~@F$^-bG;ue}@-`}}j0&hsEAXkzsS4yW za`f>u^)}3pC{IeS$}vwY_lb1QPcKMu4KQ>m3v$+Ws;F`@3Jp&S$TLB=&Lhbnvmj8x zGCMEHAj2)x(J-VUuPiI8+*sc~*s~zO)k#0ZAk{FrJj~R+AgHV~!y+V|%RH$fEF#e_ zB;BQ|I55LJB&pokFEl4PH`K4Jyfi!8u-LKEE8Nkuz|*fB6msE4DVf1helG6WK?Wr$ zX%QAq#?B!Y&Kc>6X;B&B6?qw^W?{v~`AOwoAtqcIIUyAuCO&2s+QzA+`k^NN0p$_e z6-gzjh2H6guG&69Il(4H>3&H@ktQIs>&^8`^)vOODhvEF)BKD>%ue0;nO$}5dR49dMzJ@fK| zLwwV7(jvkGxpZ}P70f&%^b0GU4YSh?EtA8NQ=DDO93woPA`4R@g0lU*imD8}>Yal^ z@{&Tl47h&%y*E$p)j>-(QReA+Z)5GgENa_T>@Zu5|3<#w%2j85WaO**mIM{>$LVG) zN|8$t{Kk3Wx_;6NxydF9>e{C^oGQP`taBhBEB4AU)%~kt&jhz+{D1dz+7te|xP}(3 zQ)^OfrewI?XR~K)Up@UkLk{=d`3bf+PTACRz5BOvsZw;tiK8M&ia)pN-?S&iB)-ZqO$#;kDtH$*>9CoUC$@I!z)gPmdKxoe32vjC43iuRi^ea zxx>t7|9eEwDJ;4zA$)U2`4!iyb<>OAb05x}6d;~Bx0m01rS$R?{ESdM?VesGe%V@gtPXqIDTnnjtRw?UqfUy5sZXhu?zn_ro6K9{bYLUD11 zZfc5=si~o*f=NJCRDQZbvPF5gk40E|P@0dvU%J1Kr<;p&mVZ=~QGtPng->L9vSqQM zwtt1Mexg$-S8t`@vVELA%JM3c(hGbipJf!U&rS-DGIcC349+esNXa(J@%PO1 z)K0E+&n{0%3Chm)HrF>ZEHp7oi*(KAicGUC3dji#iVF8|_b|<|a5OUx&J7I;@C)$> zu#CzwGj%pe3GlEeGR^QskAbwzM8niT1?PaUA~R1vOMMT=+^P!iqDZ%LFVo<(WS=VU zvb_9CZ||g>{F2a6CrjUma;^xc5bvn+kdl;4!>BZ8e@ElOFtf1CuzVBCG$Wr7_X2I- zEPrF;g5ZLb^2v!T;`PSbZW-li8JQ7zmR?EjnW32$-j(J45f#N|QDG^i<&l+zRVBd| zUP(qyo?I3o&e|0g;U#A2F8-O8uBINz85RZlIR!z98G+8`LEfI0o-P^T$)!df>F8c5 zjjD1oPFD!bOLa`lDbBLgH%T(giwr8P&kxFUEphWpaxQUB%+}BI%`kCybWAe{3-#s7 z%Pr1H%5u*QD0R)Y%nD5N^fJz^jLLHk%M1%O^))xBNHTTxGcC`n$icAABgr7MAW*?1 zIl#@y(b3#D%QPj&EUUE8Ey>wEB0t$ND$UI_$~Pj>*R(h*Jl9gcxICGwGS{dg%Euth zGry|JAlFDc$SADRsj95Pu)sSn$-^ks(;_XZ+&8e?-6Rkca^dBno_=}W0Fiuk(n-`ffad9&d#|}-g#M$sTJBO zUM^*ksd=e+0jZYSZeiITp}8etks!0{Go4Z@%Obo?3)7O#qg;GkJtJ~WLfjo)%~Rc? z@_oxI3Nw?UDlC$G^>ahHoPzQK9F21fT+*rvE&a-JO7k-#bB!G>v(m%!yhAIsOC19X z!!y02@?Dd;baizVvXTwbO#{-)O-wuuLY#~*cKY!4 zIpd*w0iE8rB3Fs1#%*Boo_thhHP@=Z`DFq;HT?HVX0+ z%MRCFTB5hrT<%^}yI4GX=*G>KXLWZdbk!d?blJSVH+G@(#Ot9dH5Vl6x_!@BJD(Rf z-B9CKDXiYQ>_tHfdqSJV46g-Oa^+@LM^qbCMt-_pwL-+0A@`@4#~OzvMt{Br`Z6y0 zXC^DGu*6>Q@qaVh{lY^(HmB^dG2=M#>O%fyEHQ^-4oq5Q@<2T<8p-p&(zd(4{xXRz?|YRZ}ZSl^W?Mw z_rMCzM5j`ZWZxXG4D*1>@PMN5%s_P83N2E-($f`+BFp?r{EG_R0$t5211-{WN-_=0f-Qs0ywlQh zEqt=VOCw4OLy8QXjMBLxjdDyPLM-y#LyL_(b21Ggj8nbSv@P{LO#{9C%>AW|6G%L}tD9t0w-8?zm$f-Om%{p%-qzwGAKDT%_%D1wJfCA&(KWY-`ub$&)lS>%rD%{*}%`JDiYmq zX_<+JseuYX!LA(jic~NP;QAzI3-r5;yhT&nE5x%AQ8J=8j z`kCqe<^I~f-o8l{7CAxr;VEgwj)BFg-bLmWWl^OmY5tWKdAa)KWf-=3Ryq0>Ix2V+ zRR$&&S2$-!MH+c!hxvJy`&b5)YM1Alg=+^E8E25Wpm{ihq$`xn-^O+ z`}w&98I|R_8|E7u8#+1V7i5GO=VeCt=S1Y^yM=lBnV|cvG^)zUI9(yN%G)$Gr@SID zA~ns+C?_MWTt7)WKRnya)g(2-JS{u1IMtvss@yv?G?~jK&7&eJLqFKkE7CQo*rG5o zCA}=wz0fH)GgCV;sl?0F(K5BX(j+Q555qQ(B!kR?Kn0Jo5WkX;kVI$yV#~Dh9N&^) zldR-a(_ljv?VPH_R3pR8lyXZ;|A@@2axRzTLgS*a)L;wCQV;ErlC<22k^qy)vlD4olq%00l`A|SckJh;Lr*E!tL)hSKC z%%aT0I3S|1FwoRJ*D0dRC(zFzD;wQ5Q@<2T<8lQ{3)94aP@l3~^Hh%tlQ2hTKLg)T z%aZJ zbSMA3auf3^SM$`oG!t~&3N2E-($f{ZOx#oQO_LLo%K{87qbft)f{Q%^Q!33eb0f_1 zykEG^8i zsLZJ}clPBfOpnUSC^bwg^Gk9`PjWM^aPut;^EAlLNssc6GDvqVjR@6GDKw9&%EXAb zw9G`q)If!b5FckR_r(0bffta9`%bW{j) z_D%Im_jOFKEKkkw4mEQt%dqq}$cyj@4|a1g3dr{Jwb0g%Dh!WwvfwIp&dZIA49G0? zE-^AnEy(dO_ANH>sdB2!3pMmA^vw!)ajCG3N-Z!7G(Zo@(x@sY<8%do&(tI{Q?IJP z+%RqTfO5m23a3a{@1k(0{IbeI7wyVWzw9y>)6`0HmtrpSpq${UQ1{&O|%7=JdzAD3j!62O_M?lwZkGpEGmPufyLrpA$UCIm{(?dPIa}&Lj^YXd!6SaNKg8~bU4fCpklaqr&Q(Vgp{YpIo z^Gzx|5`)VU&72cGozkl;!z|EkgN9^AnOkv1s8gPag-K|7qNTQ%dw@$taaKl@Q%0_z zdyY>;o_NaC_D#_!VXaW#V*CB847N^l+wl{q ssh-ed25519 V1pwNA gR4aFo/u2ow8mMgTInSPElO6gBhgig2s9Wzp+IkGjlY -mVWoBrKH7AihCbdrspCIzPjF8N0kQGDML6pkybH5Y4U --> ssh-ed25519 4PzZog BhiSfpYVlUgTLX6rHisiyzLOmzrqcZ8JKDqwY1lg+D4 -nSxNNHRYPy0C0ufqa2QMIylMr5IPlPUiDcg+d79KkDA --> ssh-ed25519 5Nd93w +bZMaaPc0jTIQ/eu/uWWgA41UQnKveaaVjgqoIaAGyw -elodhm0K17eQQInvae1tkkhFY1aPrbTdaRsviYDEBEg --> ssh-ed25519 q8eJgg LlaIdTPw3c2H8R5mDIIam4Ygvvk5gpgPahNJvf9UnB8 -BN901oRUt0j75RnQZnn4uFiLKEtRhCvFtKHug7Ikg8U --> ssh-ed25519 KVr8rw Bv9wfs5KP7lvH3Bpnsbzpgzduq1xiQlwVcWndWFL7Qo -LgGA4X5MOelYhpXWfsX95J+YGjcPzL6ISlPKr9ZNv/w --> ssh-ed25519 fia1eQ WaxlI+aHWQdJs2YtttcQ4TzI3aIlkmdbm21mhv71VRE -yI6QKxZ/TwXRDdaHxt6+ZVldnB7sZRGQFABnd7zeXtE --> ssh-ed25519 YFaxCg /V6Ab/BqFQ13K0qN1DOfaw8LLGR049s0S/FuK6dL6WA -fZbxvQWiPh/MH4/fOzV5trPL+B4H2o2WtVBIPuFsdLE ---- kUKnoRQARSlp+lGUNu5Zu7KztkK36VZeK9xozWZwmyY -϶tT)Q*12wcvѶ^E~]!TB3? -R}D> u-.9D \ No newline at end of file +-> ssh-ed25519 V1pwNA rsxHHZv+xG+iJisNaFeX5WbKBhvjd4jntP7+peGvPUc +r5WN+Sea6cecItEpql6KWiYiQL6NjIoC9LjGgH0fuZY +-> ssh-ed25519 4PzZog /DJ29u2BYSSpk3GvrKStCQZJSGkCfIJ9Li4zQwuC3S8 +S243BTRk7bfOCmQRzy5+3StzgipYEUn5GazN+lmVRZw +-> ssh-ed25519 5Nd93w CAau55luv9BjQeDY4zppvkn1KjqgE7IjAMVSac+Mmmc +9W6PtfpUx1A0q5l4Ey0gT519Vs0qqD4c36iNDwlN0mI +-> ssh-ed25519 q8eJgg zMdYGgPr7smwvTAIsgPjecuzjem3Lu3vEMrS37qvyiU +rgm1RP21BDXYnARlxlpR7ANN4dN7BW1M10fRR9+K4pI +-> ssh-ed25519 KVr8rw VB5vgPySOPVoZPoylXo+rprkWkUkdEfk84NWdGyQ5lM +cxbbOQ4XpTbhHCa2p5mZ583A4JJfxGn+OMuMdhaB7iQ +-> ssh-ed25519 fia1eQ 3t2LnYQB9vgsj0d+Z88aiyNsJRLlM/iGpv8Eg/NUyho +Qq0zuWYCI3bYzmTSdc6TsTy8RfdeYqnlHVuQiKHly4M +-> ssh-ed25519 YFaxCg a+E0mXvB794agVPpk2uCKl3UHzytGijvXW1LBzLJLk4 +VgqnvihuBnBuJ4JGx9Evu+gaKa7tE43Sg41K9rUs9/w +--- hH0UWx2WXfw7HeDUfLAVfpKFwHpJR/fjJhbt1U8euIo +5抈s&kG}ʔE'~5?Ak\l24ڶ#:~z!8*Pݰ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 07213ca..fa93261 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -30,6 +30,7 @@ let cadie = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIACcwg27wzzFVvzuTytcnzRmCfGkhULwlHJA/3BeVtgf root@cadie"; marvin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIAme2vuVpGYX4La/JtXm3zunsWNDP+SlGmBk/pWmYkH root@marvin"; calculon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGsmeBfh4Jw2GOL7Iyswzn4TVNzalDbxDgh7WuQotFxR root@calculon"; + ariia = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA4kV6W1/tP/nf2ZWNhRoV1mK04R4pS+c5vdsA1n5gpN root@ariia"; systems = [ agentjones @@ -47,6 +48,7 @@ let cadie marvin calculon + ariia ]; dns = [ @@ -74,7 +76,7 @@ let ]; grafana = [ - kitt + ariia ]; # these need dns stuff diff --git a/secrets/stream_ulfm.age b/secrets/stream_ulfm.age index 85b35f3c94d729cb633403e689a9458ddce726e0..032841c4e0e94855e04c45f68fceddd9e2cc027c 100644 GIT binary patch delta 3013 zcmeB?=#iM9Q}3Uct8EgHnc-9A8fg$>Xl@vpT2@x-m}lnf=Kfd z%$4bv?O0fnn3ob@Vib{?m>B3-n4avM5uBW!mz7ka9a<5Y7L^&51OC`;F4ufR#I$QmFkm~8*XTv z8eV9ck>ys*WfqxOn(t|8=H_CQt6x=8oNrQCkrxyZ;HDiJ=$e*PW}KcAXyTR_TvZV{ z@uPTnuzNwFn`vQgh*@QTQ?hB1si}KqK!#DUZ&0~QQc_ewWJ;M!PEc}iuCW1EaZX8K zKu(dbrFKqvgt<#Rp(pL{<pOhV{cdYatki$ z3jrtYe^xU6$zFY5TKCJ=_LuJxYy3aDn$=5Zx_hsWV_eA)?&=hFKyKQsATgJV>}&UP zpG&bjx9UTv`-^`Mf1PL$Ree{{9HOxIbkeWq-wN+fRWvB+i}$hHlJrUU*5Omfqu$GD zFMd;=rqOUb`B!TAnwbl1j+=1W{i$Ckc%pEHg`-}G*Q$q=i>e)+zPPD6wjN7Zy(?!{ zt;oit`bW=ovX}Y0lqh7aN$WJ5e6`sr<^HeLMl-l{maovcCbF`lPw`J?kCTx9{ z_1?Jj)}79&2Upp1c-+d|v74{Z+{n?^H)dnv#-)G5cpE-i{N)zv&pPH4ti5~P&VYBX zU)_ITU%Y*v+LYRc0QSJ+nyu^y}z-yd|wKz3*S^7MB(ANTjkCR~g9Q0B?R z`&e<|0hPNVJ8Y}3KH^rN`qD9^H++YN(t*iEzY=%4oh-U>w@$vGm9O-}_XAVwE;nvk z=qAD)xsa1XhhL*P^J8uI!#&wjp^7DD9bA8;^pKP^7cpGx4O-$7v1dw)0PGGad-B~%a z>*XQaZ?WC{zs_@0tVGDcD6aIrZI(>xnd>M1{IPDAna=8~1}2s%d*USxbvG8*tomQ` zwEybc19O+NmbOiBIMAeC)N@E?SNDM|rMa9>8wG-@dg}k~=Q?&S_s$H%`WwOqvmUcg zvCj5eSoc=VS7_VE&Aw~Ix2he|f3j7^*RAnKv0dS;Ydz~_{vQgpo4NIy(XZond|kpb zeH8=_tvm2y-c8NOn5fgYJmx-`w9);Q-OMY@WvwiyypQi%wKi&fq|wn?Z9L(xBc$S! zPF3!0tSuF+oAvHiT-~-G9b)Q7s;sl>8-6%u_~tN3uPWr9by?FxR2g6=A$}i0^RCiLa3%u%geapSZ^pH==X4Ycg58t`CA?d>HQuep)jq1q< zT&%B7JbxxbqR*sW=E03!e=3%r_AYHLD!TdcFzYhA8jaMNtf$UK&bdi^tch>8_5Ip@ zb54EJlIL1CI?{v_EO|m6Ya}R#?L72%@!fW>xaSw&R=>aab$09Tz!i7*>+4l`?@+k4 zy+KpnG*~d_ZBgvoTXW9dm?Ocl+jYyN`8#@2LOxneTCewZqR-r3#zmVqCw+HZ=s)j^ z;m)$F<$v7;QiYaGbxL^q!*I&a6WJVR8|yWMHrTsGMb|IMeIs#J;o>60mSyF9++U=B z3oYOF`9`36iJXJdWR6gG^{RVSS>+0>?>i>)%2#O~%3{{N-E-G1hNVVCjQ8uBQ`4>3 zol1|DUU?cDnOJ);BIL#WTOPM(&iu?)@SM}=73&5KPSl=7qI+(>kJwr28OVKjsqvW)*%6=A_vg81 zcI}&ae$ii1-gD>gynJ5bd9nFWtW|7f>Xckl#(y>n6C$R3l6RGFG`am~q3#*?-)~p$ z{vOQn`CKt8dqubE`%g~~_zAUTeDXNyG3nZEVRf#MV3)))@h<=EW!N>)6&V@jzeyD*DP)cgbAW)zi5KTWk*WU{-9#c|!#_Dzr9zm{GwDOS5y zr|bNz1=$-X2yJKyU=lGeY5yuLSzpFI^@-J@Z71aUm;{;4t>;8Jc3eE6yLZCc<5dPc zEmk#U5f^vQj0?N;=hvi;rS%TqJ5n{vdP5pdgnz!Oxm%T^g5%{*52+O|n7+6l6g7$M zk6o%MYB}SRVN5*hbloi#PaoIRFqjDMxxaMd$Cy3dp>c=I>SGv}x!mRQ|G#y$oA``+ z*|oa^6;z||$2El#T}dXib;N3HrXKNPRus_ z#g83C@64LC@NbZ6<-Zlt&;B$#`bqbKNs7t`m6G34&QEz^EcY|3Z8LQ zntosC--47?T~3aXdRJUDCMP{Tey2#V`0b%TfsXZG*H{{JXtTZOHfoLbnz_zJC$7Bz z%;|~i>mS*)27R+<_$*kw^k3-Xe_@KM$u<&kI$HvBWIygPmv5K!P<}Uk;m?_7Z{M{VC)FaDYNZ&380Kt< z`rBu^;uy2needjFISzC@h+nc{)y*0a?@hh9DHQEr*-aC$88br zbCPrBU)`23^y6_^a@uMit_#&ojQe$k@*j1mL~qY{-cXYpc{Zh9n*HF(KZ5%=uQ}hi zTV<eoZprp;bHbCN8x;R!Eir&oRE<(IapKiwJfW0lo@kqZ+hITR{qJrGe~GOnuK zvHxw{*Yk_jnuAZAmc1O|{@kYcx?0zbYf2&S&hl2g3=4V1C;!}9v*zP!yX|RP84ew& zi%ELHz>@s*^Mqq6s$YZUCPvhE^3Ax-ns=^!0@Lnk^Y;f#kl{Ny>4nB~k$M}2rj4fy z+|RU}cX52BQZ%U{+4s}_BT{-#(iTdzPb#p!vOH<;XBP1QzYB}GlBUJ>Zak@^wpHk9 zW5rJ2Wv62gyqo;{@obaunWs*CoNa!fd69@1XLL&Qrm&>wz(ZV(36r|Egee{2{!|}X zQaDfYmZY`XoyaRvpSUZHR&DlOZMog!}9IYVrxyltc=?GRN~uFwo~Wk+HRSpwJA$||IfK!u6+1m6D=}V zNuYj9Zr8k)i^{?9hdcyjT{-?h7Twj09`X~FwibF4)7l$((`vm~=s#W;_ delta 3013 zcmeB?=#iM9Q(vxc>JpV)S(Fr(lAV!UXy_ebXki*y7EodqT<+@~5gcCPlb;im?vm~n z$>p7E>Xn)jg;TsmRFe(Ws&VtXpkKoQWlY4>==?18fv5+t{)MU%%y9mP+Xj$ zo0?)|YHDbyU=mOjm7lJV?q-teZW)?l9Fkld?w=Cs=vL`cUSRB;Vv*|=R95a%nV(r1 z<{45I9^z)f748{nW|o}lVOE}PWKwKdnwae4U*T4f5}_ZJnr7%;T9}w$RcTt4Wa;EO z@uPTnWMEEqk!5g2WTJLfl4U_~S$Soyd1o}(ak86lxnXvxOIR^ih=rG@ ziBoD;s)>G3T7;>8NkNrYa&T3KS6--#n@MJbg^zP_p<}XBxS8wZct-JX$6}vQkDwgq zf*gIfLPrCW@&L#De6IqFtO)Pq4DX=qkkl&A$RdCDL`O%i+}u##0CV%OBv;2guc$PO z%&Mx4d~>~J$vuki8!qtNWhXBoxoGu*tYicPgsLeq`1{5+$|bMvd* z0{zSby?v7N+#Cyn^L;Ce!t~2Bqbkz5ic`Ha)3w8L(hN(Sy^HfxB1$}i1AHUgg8dWC zQw`H|{5y_ET>BIP~%en6u*ebV&mk*+;oF< zlWZXRwR}Nu!h!qM8a@gyc%C>{*i2Z# z@J+vPo5|P1uDZQFH5b-><Vx$*DT zW&7FnTQ=;kIq>Y~AN?(rwO_5j2^R14Jd}Ln!tTgt#(~`zRX@akE|*v>C}^DL-F{{J zj-^_Q{3n}EG+mxlCgNGTF7Dr^f0;)Y+?>x{Sv%AH|MibeZ!&`U^1hxw+x6Sp@Y!bO ze_7%mby%u7RoHg3L^%KYpLNXp=s||H^F99kUww*)z4TRmy^hvC1J2Cwpz5kJOG zAu~STDbnJNx%Z?(E-(45+4nqiVAgw^`X+^C z`NS)8kDcf}I9*M^G~we4i%%KNar+JCG_TzfrhTd7N7n%f_FtSD?UoF!myQc`lqHCp zoG<;R`6s34&g1)45%u@Gx8C~ipZc%3bAzV-x%H|G+1nrFG(OOd%YRU#qu|tgQBGOK z+4|RicfQZzdqOYVI2XV60rwG0wqUc1Z}=*5O|NhKvn}QM{iC&~E$-&Gxa>@``=Di zKmGHWS)BFv#E%jG%5Ubs3g4}{cv45bdzYE>24=gc3g#+5{=Qt<)P zN87Kz^ZRoAM_$<9mWmHyx2-n2Pp;Zr`mtj6j~dxMb`#1R*!}zF{=2+Ev3)vUvj0pS zgIV=@ZeLFS|C%5=!}R0#5c?CkzyDauIj}sntP$0Dv}&Sx&fmO?4nNNE>6~eQ*IdAL zCo|bqd*8D|TvsPbfB4LwHM6-)MEv0eUzQ0WAEGw4>zs5<4?e;al)gNxu%>47#zR%V z-Q_BJQI#dTekGrqk4%sJR5c}vw0`hX-slIm8W9% zBJ8N(`S(lqid(8ye>Qz6 zs;t^3(tcactz~8PpP9#B^p;2WKQn!I)aAAHR*4Gi)~&oL>b0x$dcRyUguyl;PeCTi&URg(v=o zTd(}f*2{W)dH!Vvr@~`LZQpM(O25_P;-)djJmL1^0}STnchN3Cf- zPaaG=VEShgzmLhA1#{-N#>)dXXDe&#`}<3BB7{z@acX-}cP-(6(3d^`FSWfAT5vvfJ^RwedED3BQ*;+@ z?cS2T=+5?%?AFV|rImB^x-)XB4(*>Gw&lQv2)B@Qmc*pR!uER-)|~xt()L?fZqti9 z`c2O^-|4EfI#?%uS!lb(-$FB%l<6n@i|?#^ouR({Pd?xK{m1TjZ!4{j>|>OQPfGHR z`6@g)yu|F$>dRB|Y7ek>h;Gy^T(e-i`PrCR`Q|^+t10*VIoPuB@|OFt#)-1;wioYtIOERakA1CC z&l2CxD5*Z3wp-yxRHG7mta8D+$|;TyH+|hbOTt8!NBtDz%jZ)Ii}P0d=9WDFKfm8* zN>K7j4nMI6NoC9XJGtJ6s4h)P(GmXr;a-+`L0Ki^7mNFGWs3JUg_L@g+^W>HxNTEE z$Lij@X(uNh?7Z4@Qm8>9ppJEBL<-l2hsU2=JD&XYeB0^VlOfAkDnhy?PP@LlEU~;f zj_1;jRr?J#+->iVz39kk>ns0D`~Qh}9n-sq;sXE4vSn(g*sMR$IxWZJ%s~_0l_yOX zIPMcaw8rY3u#a8Gbnef$Y8nE!3$H5vwlC%Ct~Q%*t*1l8-eq67a7?py?JMDvTS^0+ vBkFI&et-KXH|W{7gABZ3@n!2aKYK3{dNx>Wh10JZ@jUBr$JIx!`&a+~o~vsS diff --git a/secrets/wolves/details.age b/secrets/wolves/details.age index ef6a233156fa3c57b745fda01579d7064611b832..c886fcff69f005cfb471a8d2acaf6bc4937ae9c4 100644 GIT binary patch literal 1351 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5yW2bocf5 z$P5aLDu@hl^vy{$*G?|5$gIcSGjPgo1 zHTO%ZG))Z;$}}`_E6mDqGV=-WHE=U=atb!{&PKP*B%mrPKV88uDatgsG%zRGEZ3sS zBrMw~qa-^p$sonez&|4+#N0e3FR;=gJlr_SDU>TM(X7zXTi?^gC(ks`FDu+FH89D~ zEhoY!D!@G?EVa@gAV0^)+cPpf$N=3oQ@<2T<8lR~WPj)Kv?~4VG@m3R?Z8YkZ|~g7 z@Z7La=X6igGJW&Rbnk*pvx+RU;AE~mKPR&yZ-Y!Db3fmTw6J1#zapcItQ@nd!0fDm z-~z);%dFD8s>;M-!%%eF3N2E-($f|EBOSvc@=}9+vmE`h@(Mi-5-p9YJc|9Rf=#^B z)2f2?LxOWE$|8JxgOa(NGgI6GT)o4S^9y~GqXJUQEIg9+b3+T$qMXf2JR_4VTtmH# zvRpzdk}S||^A0PrC@NP7Pw_SmGWQDcj`Rrebu)-CkH`=3OwM+5bka7@EcSCO&9u<> zFH25!%?;(s3XaGza4&EPvrMjXOEpccC<#j|H!e?cHz;vVH@4JIO{@wk@JcE3if}}? zEiE(AFf~x2G&#R4+$AI}G}6@F*V!*WEHuEq+|kk}uQ<3Yuhh>d$-A)F#VIW~*D#Vx zzaYy$Dm2?K-AF$q*~BO{*S8|O#5dQ+RNtiBBPrB5KQqZ+KPb&5#~H&m&nidXLPv!{ zU!$z_Qr~ie9Mcj%mW;t?srKSf5ReBf(=cIbNCM7zW zq(bI zgJe(N%=}3As4(-QjEMZIkYsefK|@l%*gdMmKie=h)66W{DAB_>$0XD(FvO$W)u}u< zC%e)t(Na4IGf9;syIqJu-wEXGuha~HKQQSBURg3+tSzH*WJR*G}TYPA~Gt% z&C)LZ_eR?tgS}vk6(94gc|xH|$%^F+)ge>+cuhrY pl(uiLGBsXX=5ToNie<(LZypGp;I)yFcicDisqUU1|1KQa3ILV9$us}} literal 1351 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5wB8^|UbZ ztnhNp^3nGSNlG@%4^H*ePIGb!(KgF4POeG~&G&E)&rdUUOXqU*EAw_tFLCnmj7aqi z@iEc&Fv`g`D6L8_D60zf^m8u_vk3IF^s6#3_e8hNB%mrPKV2b8Tid|g->D?OyuhQ- z)6YHFFf_!#uhQ5ov&=g&%r&hvGQis}D9bIt*^?_Tzsw@6EX^z}EG0QI%hxH-sn{na zvMjLN$T5Y zGriry$^!F)tBlQEf_%B0qRIo!!p*$WQ%sB9-E%BLld}vREfa&P-13~OBAxZ~QnQ22 zj7@XOO%2d(^A0PrC@NPdb_ys+vP^VKOG?j3a<+60Pxg=04)k$K%XjrGP4oS%q-^8Pbo+>F3ipKtMtuE3`_A!cPuvaEH_U!bSsMR$Z^X|^h^#73biOo*Uv_` zEiE(AFf~x2+}*{a$UiD6xx6&W($Ce{GO5_yF|pDkCo8EkJ=eV~#lXiq*;3!9+&z%X zz}+`1Fxj}k!aKvc*g4X>$j!~UEG*b7C@CY$qP(g&xv;PxGS}a?G6KVIo>h*%g^mhE z89~0D!BNSXsj2RXsU?1u0bVIC#zj@yE?J>YuG*H7MHZPArG=^KIR;!tei^Cxkxn5M z72zf&`lXctp?*1eiDpT8mO<{0$zJY`g@LYB27w{2K_=*aD~+mhGEP@Wt91AD%Pi7P zOmZ~U&d;kbbMbd{4>phT$*S}&3o|b?%=N2Gj)<_VGB)9I%kt2U^3O3(GBh%aaxV=E zHgn7M&9AaF&vQx(E-!ZWPj)KtbhI!{slu?$Bgr7MAW$JO#4kTGGR-n4EYQE$BFHr_ zFD)#@AX(cav?{>2Ks#GIL)$qbBFrnVBA?62-_WHZGBw06#W2jZsKBDIthh3*G_X9x z)XcK7yvoBQH8&$PA|R~1ARpat(2&e7N{-SF4fOOcii|7^NQp|yO!o*dH;oE+4hl7K z^DH&-%Pp%acd1OPu;2<#cK1)pD)vltEHU;o$}lL@H!LVgiA?q@D@f8d47JP*@yc^E zOmZyFOXt$n)m6w0^$RP`EUk1gFbOV84E1tO&hR(PH!$}1sR|8=@O1VpE7Uis49jrO z&F9+m`^jSthRD@V@5;7J-m~eFqO4N=yeE_RI@skbH`~Qsbk;s~qff%KATvLMuRON|^NZYnL_cLmOV+ zSe@m5E;{G)Oh=y#pBC@C&w~~m(%dkAiS_?uAA0%ABhSuQocmCaxxYnr#nd0CvTrD# ryK|7?%T%=;>$Q{ER_f2-_tE^OzJt|okLR2#%#+vhH+IM8mrVu$cVf}F From a0215b227197b82e0d37a1d226de3883abb6468c Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 17 Jun 2024 20:54:17 +0100 Subject: [PATCH 431/826] doc: added a new page for names ideas --- Possible_Server_Names.md | 1 + 1 file changed, 1 insertion(+) diff --git a/Possible_Server_Names.md b/Possible_Server_Names.md index 435cdec..27c5d1d 100644 --- a/Possible_Server_Names.md +++ b/Possible_Server_Names.md @@ -1,5 +1,6 @@ https://web.archive.org/web/20180815150202/https://wiki.skynet.ie/Admin/SkynetMachines https://en.m.wikipedia.org/wiki/Category:Fictional_artificial_intelligences +https://en.wikipedia.org/wiki/List_of_artificial_intelligence_films * agentsmith * skynet From 9583eaa9be0cbbf223a6e88ae2a38aefa24ef85e Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 18 Jun 2024 10:14:06 +0100 Subject: [PATCH 432/826] doc: update the firewall changes --- ITD/Firewall_Rules.csv | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ITD/Firewall_Rules.csv b/ITD/Firewall_Rules.csv index e9f547c..0dbf7b2 100644 --- a/ITD/Firewall_Rules.csv +++ b/ITD/Firewall_Rules.csv @@ -40,3 +40,5 @@ SKYNET_FIREWALL_00028,Remove,i24-06-04_017,Complete,-,-,193.1.99.112,SKYNET00019 SKYNET_FIREWALL_00029,Add,i24-06-04_017,Complete,All,-,193.1.99.90,SKYNET00016,8080,-,Websocket for admin panel on games management server SKYNET_FIREWALL_00030,Add,i24-06-04_017,Complete,193.1.99.83,SKYNET00020,193.1.96.165,SKYNET00012,9000-9010,-,Metrics Collection SKYNET_FIREWALL_00031,Add,i24-06-04_017,Complete,All,-,193.1.99.83,SKYNET00020,"80, 443",-,Web interface for Metrics server +SKYNET_FIREWALL_00032,Remove,i24-06-04_017,Complete,All,-,193.1.99.90,SKYNET00016,8080,-,Had incorrectly opened 8080 on the main panel +SKYNET_FIREWALL_00033,Add,i24-06-04_017,Complete,All,-,193.1.99.91,SKYNET00017,8080,-,Websocket for admin panel on games management server \ No newline at end of file From dac45073d626a49cf8b2778d0f94dfa762e44743 Mon Sep 17 00:00:00 2001 From: Eliza Macovei Date: Tue, 18 Jun 2024 19:22:29 +0000 Subject: [PATCH 433/826] Add entries for modded minecraft server --- config/dns.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/config/dns.nix b/config/dns.nix index 0dd6133..46702b6 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -87,6 +87,16 @@ r_type = "SRV"; value = "0 10 25522 minecraft.phildeb.games.skynet.ie."; } + { + record = "minecraft-aged.compsoc.games"; + r_type = "CNAME"; + value = "bumblebee"; + } + { + record = "_minecraft._tcp.minecraft-aged.compsoc.games.skynet.ie."; + r_type = "SRV"; + value = "0 10 25519 minecraft.phildeb.games.skynet.ie."; + } ]; }; } From 09e7f8f0d4aae9f9e20e0b08975b060a6428aa0b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 18 Jun 2024 22:50:28 +0000 Subject: [PATCH 434/826] fix: what is old is new again --- config/dns.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/dns.nix b/config/dns.nix index 46702b6..ef07285 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -65,7 +65,7 @@ { record = "_minecraft._tcp.minecraft-classic.compsoc.games.skynet.ie."; r_type = "SRV"; - value = "0 10 25520 minecraft-classic.compsoc.games.skynet.ie."; + value = "0 10 25518 minecraft-classic.compsoc.games.skynet.ie."; } { record = "minecraft.gsoc.games"; From e6954d3448cb87c5d4c8ee353e89c6b9c66118fa Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 27 Jun 2024 13:19:12 +0100 Subject: [PATCH 435/826] git: merging in some upstream changes while still waiting for ther patch to be merged in --- applications/proxmox-lxc.nix | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/applications/proxmox-lxc.nix b/applications/proxmox-lxc.nix index 964454e..9f1c970 100644 --- a/applications/proxmox-lxc.nix +++ b/applications/proxmox-lxc.nix @@ -12,19 +12,19 @@ with lib; { enable = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Whether to enable the ProxmoxLXC."; + description = lib.mdDoc "Whether to enable the Proxmox VE LXC module."; }; privileged = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable privileged mounts ''; }; manageNetwork = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to manage network interfaces through nix options When false, systemd-networkd is enabled to accept network configuration from proxmox. @@ -33,7 +33,7 @@ with lib; { manageHostName = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to manage hostname through nix options When false, the hostname is picked up from /etc/hostname populated by proxmox. @@ -68,6 +68,8 @@ with lib; { loader.initScript.enable = true; }; + console.enable = true; + networking = mkIf (!cfg.manageNetwork) { useDHCP = false; useHostResolvConf = false; @@ -81,13 +83,14 @@ with lib; { startWhenNeeded = mkDefault true; }; - systemd.mounts = - mkIf (!cfg.privileged) - [ + systemd = { + mounts = mkIf (!cfg.privileged) [ { - where = "/sys/kernel/debug"; enable = false; + where = "/sys/kernel/debug"; } ]; + services."getty@".unitConfig.ConditionPathExists = ["" "/dev/%I"]; + }; }; } From 2a45bc4f709ee24bd03cd2e4a2961a4087043070 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 2 Jul 2024 14:13:08 +0100 Subject: [PATCH 436/826] cve: bumped system to have the updated sshd package relates to CVE-2024-6387 --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index b686b3e..bb0f8d3 100644 --- a/flake.lock +++ b/flake.lock @@ -794,11 +794,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1715266358, - "narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=", + "lastModified": 1719848872, + "narHash": "sha256-H3+EC5cYuq+gQW8y0lSrrDZfH71LB4DAf+TDFyvwCNA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f1010e0469db743d14519a1efd37e23f8513d714", + "rev": "00d80d13810dbfea8ab4ed1009b09100cca86ba8", "type": "github" }, "original": { From b7cb7eeadef0268c0b88fb238968a449ee3ade3b Mon Sep 17 00:00:00 2001 From: runner_nix Date: Tue, 9 Jul 2024 20:54:14 +0000 Subject: [PATCH 437/826] Updated flake for skynet_website_renew --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index bb0f8d3..7b40a6c 100644 --- a/flake.lock +++ b/flake.lock @@ -1065,11 +1065,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1718588317, - "narHash": "sha256-nQNHu9H7oLXO7dNFZ2bSQKwCvhz01/9wzeqOVsvsQyQ=", + "lastModified": 1720558362, + "narHash": "sha256-fNKFqkP35tzBhBy0L8xGOJ7B3EXh+khu3bOBlGqlPks=", "owner": "compsoc1%2Fskynet", "repo": "website%2Falumni-renew", - "rev": "5c169522049c7a2dbbcbfdde0eeda3cabd22f561", + "rev": "44ab695bab61d20d6d873f1c3a702b5a8874dd5e", "type": "gitlab" }, "original": { From b6b9ae0579315f377dfa05820c85ffe78192a19f Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 9 Jul 2024 22:12:41 +0100 Subject: [PATCH 438/826] feat: new wiki domain --- applications/skynet.ie/skynet.ie.nix | 13 ------- applications/skynet.ie/wiki.nix | 55 ++++++++++++++++++++++++++++ machines/earth.nix | 2 + 3 files changed, 57 insertions(+), 13 deletions(-) create mode 100644 applications/skynet.ie/wiki.nix diff --git a/applications/skynet.ie/skynet.ie.nix b/applications/skynet.ie/skynet.ie.nix index 6a2afd3..fcb46e7 100644 --- a/applications/skynet.ie/skynet.ie.nix +++ b/applications/skynet.ie/skynet.ie.nix @@ -25,7 +25,6 @@ in { services.skynet.acme.domains = [ "discord.skynet.ie" "public.skynet.ie" - "renew.skynet.ie" ]; services.skynet.dns.records = [ @@ -45,11 +44,6 @@ in { r_type = "CNAME"; value = config.services.skynet.host.name; } - { - record = "renew"; - r_type = "CNAME"; - value = config.services.skynet.host.name; - } ]; services.nginx = { @@ -82,13 +76,6 @@ in { root = "${inputs.compsoc_public.packages.x86_64-linux.default}"; locations."/".extraConfig = "autoindex on;"; }; - - # for alumni members to renew their account - "renew.skynet.ie" = { - forceSSL = true; - useACMEHost = "skynet"; - root = "${inputs.skynet_website_renew.defaultPackage."x86_64-linux"}"; - }; }; }; }; diff --git a/applications/skynet.ie/wiki.nix b/applications/skynet.ie/wiki.nix new file mode 100644 index 0000000..a447a1f --- /dev/null +++ b/applications/skynet.ie/wiki.nix @@ -0,0 +1,55 @@ +{ + config, + pkgs, + lib, + inputs, + ... +}: +with lib; let + name = "wiki"; + cfg = config.services.skynet."${name}"; +in { + imports = [ + ]; + + options.services.skynet."${name}" = { + enable = mkEnableOption "Skynet Wiki"; + }; + + config = mkIf cfg.enable { + services.skynet.acme.domains = [ + "renew.skynet.ie" + "wiki.skynet.ie" + ]; + + services.skynet.dns.records = [ + { + record = "renew"; + r_type = "CNAME"; + value = config.services.skynet.host.name; + } + { + record = "wiki"; + r_type = "CNAME"; + value = config.services.skynet.host.name; + } + ]; + + services.nginx = { + virtualHosts = { + "wiki.skynet.ie" = { + forceSSL = true; + useACMEHost = "skynet"; + root = "${inputs.skynet_website_renew.defaultPackage."x86_64-linux"}"; + }; + + # redirect old links to the new wiki + "renew.skynet.ie" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/".return = "307 https://wiki.skynet.ie"; + }; + }; + }; + }; +} diff --git a/machines/earth.nix b/machines/earth.nix index 4e63521..fadcef1 100644 --- a/machines/earth.nix +++ b/machines/earth.nix @@ -26,6 +26,7 @@ Notes: in { imports = [ ../applications/skynet.ie/skynet.ie.nix + ../applications/skynet.ie/wiki.nix ]; deployment = { @@ -40,5 +41,6 @@ in { host = host; backup.enable = true; website.enable = true; + wiki.enable = true; }; } From 3837ff2dd18b9bf29addcd4f11d7013668b01938 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 9 Jul 2024 22:16:09 +0100 Subject: [PATCH 439/826] fix: sort the domains, prevents errors in cert renewal --- applications/acme.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/acme.nix b/applications/acme.nix index e4aec7a..1cf168d 100644 --- a/applications/acme.nix +++ b/applications/acme.nix @@ -40,7 +40,7 @@ in { certs = { "skynet" = { domain = "skynet.ie"; - extraDomainNames = cfg.domains; + extraDomainNames = lists.naturalSort cfg.domains; }; }; }; From 9fb45cba7efa90a6fd6259ed33175f9b3ce1f147 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 15 Jul 2024 15:14:44 +0100 Subject: [PATCH 440/826] feat: bump the nixpkgs version, specifically bringing in newer gitlab --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 7b40a6c..6b860ec 100644 --- a/flake.lock +++ b/flake.lock @@ -794,11 +794,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1719848872, - "narHash": "sha256-H3+EC5cYuq+gQW8y0lSrrDZfH71LB4DAf+TDFyvwCNA=", + "lastModified": 1720957393, + "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "00d80d13810dbfea8ab4ed1009b09100cca86ba8", + "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", "type": "github" }, "original": { From b1bd6ca40a14fa36db2aa3bb7a47d342bc298668 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 16 Jul 2024 22:31:28 +0100 Subject: [PATCH 441/826] feat: unify the record options --- applications/dns.nix | 23 +++-------------------- applications/dns/options-records.nix | 23 +++++++++++++++++++++++ config/dns.nix | 25 +++---------------------- 3 files changed, 29 insertions(+), 42 deletions(-) create mode 100644 applications/dns/options-records.nix diff --git a/applications/dns.nix b/applications/dns.nix index deec46d..9bb7d48 100644 --- a/applications/dns.nix +++ b/applications/dns.nix @@ -316,28 +316,11 @@ in { }; }; - # mirrorred in ../config/dns.nix records = lib.mkOption { description = "Records, sorted based on therir type"; - type = with lib.types; - listOf (submodule { - options = { - record = lib.mkOption { - type = str; - }; - r_type = lib.mkOption { - type = enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"]; - }; - value = lib.mkOption { - type = str; - }; - server = lib.mkOption { - description = "Core record for a server"; - type = bool; - default = false; - }; - }; - }); + type = lib.types.listOf (lib.types.submodule (import ./dns/options-records.nix { + inherit lib; + })); }; }; diff --git a/applications/dns/options-records.nix b/applications/dns/options-records.nix new file mode 100644 index 0000000..1795099 --- /dev/null +++ b/applications/dns/options-records.nix @@ -0,0 +1,23 @@ +/* +Define the options for dns records here. +They are imported into anything that needs to use them +*/ +{lib, ...}: +with lib; { + options = { + record = lib.mkOption { + type = lib.types.str; + }; + r_type = lib.mkOption { + type = lib.types.enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"]; + }; + value = lib.mkOption { + type = lib.types.str; + }; + server = lib.mkOption { + description = "Core record for a server"; + type = lib.types.bool; + default = false; + }; + }; +} diff --git a/config/dns.nix b/config/dns.nix index ef07285..931a176 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -1,31 +1,12 @@ {lib, ...}: { imports = [ - # Paths to other modules. - # Compose this module out of smaller ones. ]; - # this needs to mirror ../applications/dns.nix options.skynet.records = lib.mkOption { description = "Records, sorted based on therir type"; - type = with lib.types; - listOf (submodule { - options = { - record = lib.mkOption { - type = str; - }; - r_type = lib.mkOption { - type = enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"]; - }; - value = lib.mkOption { - type = str; - }; - server = lib.mkOption { - description = "Core record for a server"; - type = bool; - default = false; - }; - }; - }); + type = lib.types.listOf (lib.types.submodule (import ../applications/dns/options-records.nix { + inherit lib; + })); }; config = { From cb0cfbaf4a7d27403e4fef891639b00a764834a9 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 16 Jul 2024 22:33:27 +0100 Subject: [PATCH 442/826] fmt: move the dns into its own folder --- applications/_base.nix | 2 +- applications/{ => dns}/dns.nix | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) rename applications/{ => dns}/dns.nix (98%) diff --git a/applications/_base.nix b/applications/_base.nix index bd1f017..3224563 100644 --- a/applications/_base.nix +++ b/applications/_base.nix @@ -10,7 +10,7 @@ with lib; let in { imports = [ ./acme.nix - ./dns.nix + ../dns/dns.nix ./nginx.nix ]; diff --git a/applications/dns.nix b/applications/dns/dns.nix similarity index 98% rename from applications/dns.nix rename to applications/dns/dns.nix index 9bb7d48..9503539 100644 --- a/applications/dns.nix +++ b/applications/dns/dns.nix @@ -291,8 +291,8 @@ else "ns2"; in { imports = [ - ./firewall.nix - ../config/dns.nix + ../firewall.nix + ../../config/dns.nix ]; options.services.skynet."${name}" = { @@ -318,7 +318,7 @@ in { records = lib.mkOption { description = "Records, sorted based on therir type"; - type = lib.types.listOf (lib.types.submodule (import ./dns/options-records.nix { + type = lib.types.listOf (lib.types.submodule (import ./options-records.nix { inherit lib; })); }; @@ -357,7 +357,7 @@ in { # secrets required age.secrets.dns_dnskeys = { - file = ../secrets/dns_dnskeys.conf.age; + file = ../../secrets/dns_dnskeys.conf.age; owner = "named"; group = "named"; }; From e9d5985adf7beca18f8c264da63b1edb0d04bc50 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 16 Jul 2024 23:09:22 +0100 Subject: [PATCH 443/826] fmt: remove duplicate imports, now unified in applications/_base.nix --- applications/_base.nix | 17 ++++++++++++++++- applications/_retired/games.nix | 1 - applications/_retired/games/minecraft.nix | 4 ---- applications/bitwarden/vaultwarden.nix | 3 --- applications/dns/dns.nix | 1 - applications/email.nix | 3 --- applications/gitlab.nix | 4 ---- applications/grafana.nix | 2 -- applications/ldap/backend.nix | 3 --- applications/ldap/server.nix | 3 --- applications/nextcloud.nix | 3 --- applications/nix_cache/nix_cache.nix | 2 -- applications/open_governance/keyserver.nix | 2 -- .../open_governance/open_governance.nix | 2 -- applications/skynet_users.nix | 3 --- applications/ulfm.nix | 4 ---- machines/_base.nix | 17 +---------------- machines/retired/ash.nix | 3 --- 18 files changed, 17 insertions(+), 60 deletions(-) diff --git a/applications/_base.nix b/applications/_base.nix index 3224563..f96d7e4 100644 --- a/applications/_base.nix +++ b/applications/_base.nix @@ -9,9 +9,24 @@ with lib; let cfg = config.services.skynet; in { imports = [ + # every server needs to have a dns record + ./dns/dns.nix + + # every server should have proper certs ./acme.nix - ../dns/dns.nix ./nginx.nix + + # every server may need the firewall config stuff + ./firewall.nix + + # every server needs teh ldap client for admins + ./ldap/client.nix + + # every server will need the config to backup to + ./restic.nix + + # every server will be monitored for grafana + ./prometheus.nix ]; options.services.skynet = { diff --git a/applications/_retired/games.nix b/applications/_retired/games.nix index 7ffd9f7..2f48ae0 100644 --- a/applications/_retired/games.nix +++ b/applications/_retired/games.nix @@ -10,7 +10,6 @@ with lib; let cfg = config.services.skynet."${name}"; in { imports = [ - ./dns.nix ./nginx.nix ./games/minecraft.nix ]; diff --git a/applications/_retired/games/minecraft.nix b/applications/_retired/games/minecraft.nix index 8953efe..a71121c 100644 --- a/applications/_retired/games/minecraft.nix +++ b/applications/_retired/games/minecraft.nix @@ -13,10 +13,6 @@ with lib; let short_domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; in { imports = [ - ../acme.nix - ../dns.nix - ../firewall.nix - ../nginx.nix inputs.arion.nixosModules.arion ]; diff --git a/applications/bitwarden/vaultwarden.nix b/applications/bitwarden/vaultwarden.nix index 52e0422..fad00f4 100644 --- a/applications/bitwarden/vaultwarden.nix +++ b/applications/bitwarden/vaultwarden.nix @@ -13,9 +13,6 @@ with lib; let domain = "${domain_sub}.skynet.ie"; in { imports = [ - ../acme.nix - ../dns.nix - ../nginx.nix ]; options.services.skynet."${name}" = { diff --git a/applications/dns/dns.nix b/applications/dns/dns.nix index 9503539..ff80e89 100644 --- a/applications/dns/dns.nix +++ b/applications/dns/dns.nix @@ -291,7 +291,6 @@ else "ns2"; in { imports = [ - ../firewall.nix ../../config/dns.nix ]; diff --git a/applications/email.nix b/applications/email.nix index 182c280..f16a3e4 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -120,9 +120,6 @@ with lib; let ''; in { imports = [ - ./dns.nix - ./acme.nix - ./nginx.nix inputs.simple-nixos-mailserver.nixosModule # for teh config diff --git a/applications/gitlab.nix b/applications/gitlab.nix index 80664af..a65c43e 100644 --- a/applications/gitlab.nix +++ b/applications/gitlab.nix @@ -12,10 +12,6 @@ with lib; let domain_full = "${cfg.domain.sub}.${domain_base}"; in { imports = [ - ./acme.nix - ./dns.nix - ./firewall.nix - ./nginx.nix ]; options.services.skynet."${name}" = { diff --git a/applications/grafana.nix b/applications/grafana.nix index 15c076f..3bce51b 100644 --- a/applications/grafana.nix +++ b/applications/grafana.nix @@ -9,8 +9,6 @@ with lib; let port = 4444; in { imports = [ - ./acme.nix - ./dns.nix ]; options.services.skynet."${name}" = { diff --git a/applications/ldap/backend.nix b/applications/ldap/backend.nix index b4b0e13..180221e 100644 --- a/applications/ldap/backend.nix +++ b/applications/ldap/backend.nix @@ -11,9 +11,6 @@ with lib; let port_backend = "8087"; in { imports = [ - ../acme.nix - ../dns.nix - ../nginx.nix inputs.skynet_ldap_backend.nixosModule."x86_64-linux" ../../config/users.nix ]; diff --git a/applications/ldap/server.nix b/applications/ldap/server.nix index 67bd1fc..ee55600 100644 --- a/applications/ldap/server.nix +++ b/applications/ldap/server.nix @@ -15,9 +15,6 @@ with lib; let in { # these are needed for teh program in question imports = [ - ../acme.nix - ../dns.nix - ../nginx.nix ]; options.services.skynet."${name}" = { diff --git a/applications/nextcloud.nix b/applications/nextcloud.nix index 02bc5f6..e31f67c 100644 --- a/applications/nextcloud.nix +++ b/applications/nextcloud.nix @@ -10,9 +10,6 @@ with lib; let domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; in { imports = [ - ./acme.nix - ./dns.nix - ./nginx.nix ]; options.services.skynet."${name}" = { diff --git a/applications/nix_cache/nix_cache.nix b/applications/nix_cache/nix_cache.nix index 6716146..4dcfdae 100644 --- a/applications/nix_cache/nix_cache.nix +++ b/applications/nix_cache/nix_cache.nix @@ -24,8 +24,6 @@ with lib; let in { imports = [ inputs.attic.nixosModules.atticd - ../acme.nix - ../dns.nix ]; options.services.skynet."${name}" = { diff --git a/applications/open_governance/keyserver.nix b/applications/open_governance/keyserver.nix index c507a50..7e239a7 100644 --- a/applications/open_governance/keyserver.nix +++ b/applications/open_governance/keyserver.nix @@ -13,8 +13,6 @@ with lib; let port = 11371; in { imports = [ - ../acme.nix - ../dns.nix ]; options.services.skynet."${name}" = { diff --git a/applications/open_governance/open_governance.nix b/applications/open_governance/open_governance.nix index 93d2974..1b02248 100644 --- a/applications/open_governance/open_governance.nix +++ b/applications/open_governance/open_governance.nix @@ -15,8 +15,6 @@ with lib; let folder = "/var/skynet/${name}"; in { imports = [ - ../acme.nix - ../dns.nix ]; options.services.skynet."${name}" = { diff --git a/applications/skynet_users.nix b/applications/skynet_users.nix index 1b07875..56d9e07 100644 --- a/applications/skynet_users.nix +++ b/applications/skynet_users.nix @@ -11,9 +11,6 @@ with lib; let php_pool = name; in { imports = [ - ./acme.nix - ./dns.nix - ./nginx.nix ]; options.services.skynet."${name}" = { diff --git a/applications/ulfm.nix b/applications/ulfm.nix index b1013f3..d7bd97b 100644 --- a/applications/ulfm.nix +++ b/applications/ulfm.nix @@ -9,10 +9,6 @@ with lib; let cfg = config.services.skynet."${name}"; in { imports = [ - ./acme.nix - ./dns.nix - ./firewall.nix - ./nginx.nix ]; options.services.skynet."${name}" = { diff --git a/machines/_base.nix b/machines/_base.nix index 5972e49..f730ba3 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -18,23 +18,8 @@ in { # for the secrets inputs.agenix.nixosModules.default - # base config for all servers + # base application config for all servers ../applications/_base.nix - - # every sever may need the firewall config stuff - ../applications/firewall.nix - - # every sever needs to have a dns record - ../applications/dns.nix - - # every server needs teh ldap client for admins - ../applications/ldap/client.nix - - # every server will need the config to backup to - ../applications/restic.nix - - # every server will be monitored for grafana - ../applications/prometheus.nix ]; options.skynet = { diff --git a/machines/retired/ash.nix b/machines/retired/ash.nix index b16fc39..a350975 100644 --- a/machines/retired/ash.nix +++ b/machines/retired/ash.nix @@ -22,9 +22,6 @@ Notes: Thius vpn is for admin use only, to give access to all the servers via hostname = ip_pub; in { imports = [ - # applications for this particular server - ../applications/firewall.nix - ../applications/dns.nix ]; deployment = { From 15e534c2222cfe05a1716fbe5e12a412c5984d92 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 16 Jul 2024 23:17:38 +0100 Subject: [PATCH 444/826] feat: add new option for dns records --- applications/dns/options-records.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/applications/dns/options-records.nix b/applications/dns/options-records.nix index 1795099..53e443f 100644 --- a/applications/dns/options-records.nix +++ b/applications/dns/options-records.nix @@ -5,13 +5,21 @@ They are imported into anything that needs to use them {lib, ...}: with lib; { options = { + domain = lib.mkOption { + description = "Domain this record is for"; + type = lib.types.str; + default = "skynet.ie"; + }; record = lib.mkOption { + description = "What you want to name the subdomain."; type = lib.types.str; }; r_type = lib.mkOption { + description = "Type of record that this is."; type = lib.types.enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"]; }; value = lib.mkOption { + description = "What the record points to, normally ip or another record."; type = lib.types.str; }; server = lib.mkOption { From 1a07781c4dbd102a8f681d51c897b863872302b8 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 17 Jul 2024 00:47:45 +0100 Subject: [PATCH 445/826] feat: the right width for records will now be auto calculated --- applications/dns/dns.nix | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/applications/dns/dns.nix b/applications/dns/dns.nix index ff80e89..6c355e2 100644 --- a/applications/dns/dns.nix +++ b/applications/dns/dns.nix @@ -30,7 +30,18 @@ sort_records_ptr = builtins.sort (a: b: (lib.strings.toInt a.record) < (lib.strings.toInt b.record)) (process_ptr (filter_records_type "PTR")); sort_records_srv = builtins.sort (a: b: a.record < b.record) (filter_records_type "SRV"); - format_records = records: offset: lib.strings.concatMapStrings (x: "${padString x.record offset} IN ${padString x.r_type 5} ${x.value}\n") records; + max = x: y: + assert builtins.isInt x; + assert builtins.isInt y; + if x < y + then y + else x; + max_len = records: lib.lists.foldr (a: b: (max a b)) 0 (lib.lists.forEach records (record: lib.strings.stringLength record.record)); + + format_records = records: let + offset = (max_len records) + 1; + in + lib.strings.concatMapStrings (x: "${padString x.record offset} IN ${padString x.r_type 5} ${x.value}\n") records; # small function to trim it down a tad padString = text: length: fixedWidthString_post length " " text; @@ -72,32 +83,32 @@ ; ------------------------------------------ ; Server Names (A Records) ; ------------------------------------------ - ${format_records sort_records_server 31} + ${format_records sort_records_server} ; ------------------------------------------ ; A (non server names ; ------------------------------------------ - ${format_records sort_records_a 31} + ${format_records sort_records_a} ; ------------------------------------------ ; CNAMES ; ------------------------------------------ - ${format_records sort_records_cname 31} + ${format_records sort_records_cname} ; ------------------------------------------ ; TXT ; ------------------------------------------ - ${format_records (filter_records_type "TXT") 31} + ${format_records (filter_records_type "TXT")} ; ------------------------------------------ ; MX ; ------------------------------------------ - ${format_records (filter_records_type "MX") 31} + ${format_records (filter_records_type "MX")} ; ------------------------------------------ ; SRV ; ------------------------------------------ - ${format_records sort_records_srv 65} + ${format_records sort_records_srv} '' @@ -125,7 +136,7 @@ ; ------------------------------------------ ; PTR ; ------------------------------------------ - ${format_records sort_records_ptr 3} + ${format_records sort_records_ptr} '' ); From 356ac2e505d52604a69c976a1a1dfc58dde866f9 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 17 Jul 2024 00:52:55 +0100 Subject: [PATCH 446/826] fix: move the mailserver dns config to the proper file --- applications/dns/dns.nix | 5 ----- applications/email.nix | 8 ++++++++ 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/applications/dns/dns.nix b/applications/dns/dns.nix index 6c355e2..96dd70a 100644 --- a/applications/dns/dns.nix +++ b/applications/dns/dns.nix @@ -74,11 +74,6 @@ @ NS ns2.${domain}. ; @ stands for teh root domain so teh A record below is where ${domain} points to ;@ A 193.1.99.76 - ;@ MX 5 ${domain}. - - ; can have multiple mailserves - @ MX 10 mail.${domain}. - ; ------------------------------------------ ; Server Names (A Records) diff --git a/applications/email.nix b/applications/email.nix index f16a3e4..e988b0d 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -268,6 +268,14 @@ in { # set up dns record for it services.skynet.dns.records = [ + # core record + { + record = "@"; + r_type = "MX"; + # the number is the priority in teh case of multiple mailservers + value = "10 mail.${cfg.domain}."; + } + # basic one { record = "mail"; From 0b25b5ac548f9a1342c413085b0c5763f3baf56e Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 17 Jul 2024 00:53:28 +0100 Subject: [PATCH 447/826] fix: smol cleanup --- applications/dns/dns.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/applications/dns/dns.nix b/applications/dns/dns.nix index 96dd70a..82bec0e 100644 --- a/applications/dns/dns.nix +++ b/applications/dns/dns.nix @@ -70,10 +70,9 @@ 3600 ; Minimum (1 hour) ) + ; @ stands for teh root domain so teh A record below is where ${domain} points to @ NS ns1.${domain}. @ NS ns2.${domain}. - ; @ stands for teh root domain so teh A record below is where ${domain} points to - ;@ A 193.1.99.76 ; ------------------------------------------ ; Server Names (A Records) From 2a8a7cc7f4471bb54159ad79ea2ece0b2b4f739a Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 17 Jul 2024 01:38:31 +0100 Subject: [PATCH 448/826] feat: simplify the zone creation --- applications/dns/dns.nix | 58 +++++++++++++++++++++++----------------- 1 file changed, 33 insertions(+), 25 deletions(-) diff --git a/applications/dns/dns.nix b/applications/dns/dns.nix index 82bec0e..a2725f3 100644 --- a/applications/dns/dns.nix +++ b/applications/dns/dns.nix @@ -11,6 +11,22 @@ # reads that date to a string (will need to be fixed in 2038) current_date = lib.readFile "${pkgs.runCommand "timestamp" {} "echo -n `date +%s` > $out"}"; + # this gets a list of all domains we have records for + domains = lib.lists.naturalSort ( + lib.lists.unique ( + lib.lists.forEach records (record: record.domain) + ) + ); + + domains_owned = [ + # for historic reasons we own this + "csn.ul.ie" + # the main one we use now + "skynet.ie" + # a backup + "ulcompsoc.ie" + ]; + # gets a list of records that match this type filter_records_type = r_type: builtins.filter (x: x.r_type == r_type) records; filter_records_server = builtins.filter (x: builtins.hasAttr "server" x && x.server) (filter_records_type "A"); @@ -205,10 +221,19 @@ then create_entry_etc_sub domain (text.old domain) else {}; - create_entry_zone = domain: extraConfig: { + create_entry_zone = domain: let + if_primary_and_owned = + if cfg.server.primary && (lib.lists.any (item: item == domain) domains_owned) + then '' + allow-update { key rfc2136key.skynet.ie.; }; + dnssec-policy default; + inline-signing yes; + '' + else ""; + in { "${domain}" = { extraConfig = '' - ${extraConfig} + ${if_primary_and_owned} // for bumping the config // ${current_date} ''; @@ -229,23 +254,6 @@ old = domain: get_config_file_old_domains domain; }; - extraConfig = { - owned = - if cfg.server.primary - then '' - allow-update { key rfc2136key.skynet.ie.; }; - - dnssec-policy default; - inline-signing yes; - '' - else ""; - - # no extra config for reverse - reverse = ""; - - old = ""; - }; - records = config.skynet.records ++ builtins.concatLists ( @@ -344,12 +352,12 @@ in { ]; services.bind.zones = - (create_entry_zone "csn.ul.ie" extraConfig.owned) - // (create_entry_zone "skynet.ie" extraConfig.owned) - // (create_entry_zone "ulcompsoc.ie" extraConfig.owned) - // (create_entry_zone "64-64.99.1.193.in-addr.arpa" extraConfig.reverse) - // (create_entry_zone "conradcollins.net" extraConfig.old) - // (create_entry_zone "edelharty.net" extraConfig.old); + (create_entry_zone "csn.ul.ie") + // (create_entry_zone "skynet.ie") + // (create_entry_zone "ulcompsoc.ie") + // (create_entry_zone "64-64.99.1.193.in-addr.arpa") + // (create_entry_zone "conradcollins.net") + // (create_entry_zone "edelharty.net"); environment.etc = (create_entry_etc "csn.ul.ie" "owned") From 454e58b08575f17e33d203dfc73c34fb87bbf5ec Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 17 Jul 2024 03:00:20 +0100 Subject: [PATCH 449/826] feat: generate the zones directly from teh dns records --- applications/dns/dns.nix | 27 ++++--- config/dns.nix | 161 ++++++++++++++++++++++----------------- 2 files changed, 107 insertions(+), 81 deletions(-) diff --git a/applications/dns/dns.nix b/applications/dns/dns.nix index a2725f3..044632c 100644 --- a/applications/dns/dns.nix +++ b/applications/dns/dns.nix @@ -14,7 +14,7 @@ # this gets a list of all domains we have records for domains = lib.lists.naturalSort ( lib.lists.unique ( - lib.lists.forEach records (record: record.domain) + lib.lists.forEach records (x: x.domain) ) ); @@ -76,8 +76,8 @@ get_config_file = ( domain: '' $TTL 60 ; 1 minute - ; hostmaster@${domain} is an email address that recieves stuff related to dns - @ IN SOA ${nameserver}.${domain}. hostmaster.${domain}. ( + ; hostmaster@skynet.ie is an email address that recieves stuff related to dns + @ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. ( ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated ${current_date} 600 ; Refresh (10 minutes) @@ -87,8 +87,8 @@ ) ; @ stands for teh root domain so teh A record below is where ${domain} points to - @ NS ns1.${domain}. - @ NS ns2.${domain}. + @ NS ns1.skynet.ie. + @ NS ns2.skynet.ie. ; ------------------------------------------ ; Server Names (A Records) @@ -274,6 +274,7 @@ details_records ++ [ { + domain = "skynet.ie"; record = "ns1"; r_type = "A"; value = details_server.ip; @@ -284,6 +285,7 @@ details_records ++ [ { + domain = "skynet.ie"; record = "ns2"; r_type = "A"; value = details_server.ip; @@ -351,13 +353,14 @@ in { "ip daddr ${cfg.server.ip} udp dport 53 counter packets 0 bytes 0 accept" ]; - services.bind.zones = - (create_entry_zone "csn.ul.ie") - // (create_entry_zone "skynet.ie") - // (create_entry_zone "ulcompsoc.ie") - // (create_entry_zone "64-64.99.1.193.in-addr.arpa") - // (create_entry_zone "conradcollins.net") - // (create_entry_zone "edelharty.net"); + services.bind.zones = lib.attrsets.mergeAttrsList ( + # uses teh domains lsited in teh records + (lib.lists.forEach domains (domain: (create_entry_zone domain))) + # we have to do a reverse dns + ++ [ + (create_entry_zone "64-64.99.1.193.in-addr.arpa") + ] + ); environment.etc = (create_entry_etc "csn.ul.ie" "owned") diff --git a/config/dns.nix b/config/dns.nix index 931a176..08eeb4c 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -10,74 +10,97 @@ }; config = { - skynet.records = [ - { - record = "optimus"; - r_type = "A"; - value = "193.1.99.90"; - server = true; - } - { - record = "panel.games"; - r_type = "CNAME"; - value = "optimus"; - } - { - record = "bumblebee"; - r_type = "A"; - value = "193.1.99.91"; - server = true; - } - { - record = "minecraft.compsoc.games"; - r_type = "CNAME"; - value = "bumblebee"; - } - { - record = "_minecraft._tcp.minecraft.compsoc.games.skynet.ie."; - r_type = "SRV"; - value = "0 10 25518 minecraft.compsoc.games.skynet.ie."; - } - { - record = "minecraft-classic.compsoc.games"; - r_type = "CNAME"; - value = "bumblebee"; - } - { - record = "_minecraft._tcp.minecraft-classic.compsoc.games.skynet.ie."; - r_type = "SRV"; - value = "0 10 25518 minecraft-classic.compsoc.games.skynet.ie."; - } - { - record = "minecraft.gsoc.games"; - r_type = "CNAME"; - value = "bumblebee"; - } - { - record = "_minecraft._tcp.minecraft.gsoc.games.skynet.ie."; - r_type = "SRV"; - value = "0 10 25521 minecraft.gsoc.games.skynet.ie."; - } - { - record = "minecraft.phildeb.games"; - r_type = "CNAME"; - value = "bumblebee"; - } - { - record = "_minecraft._tcp.minecraft.phildeb.games.skynet.ie."; - r_type = "SRV"; - value = "0 10 25522 minecraft.phildeb.games.skynet.ie."; - } - { - record = "minecraft-aged.compsoc.games"; - r_type = "CNAME"; - value = "bumblebee"; - } - { - record = "_minecraft._tcp.minecraft-aged.compsoc.games.skynet.ie."; - r_type = "SRV"; - value = "0 10 25519 minecraft.phildeb.games.skynet.ie."; - } - ]; + skynet.records = + [ + { + record = "optimus"; + r_type = "A"; + value = "193.1.99.90"; + server = true; + } + { + record = "panel.games"; + r_type = "CNAME"; + value = "optimus"; + } + { + record = "bumblebee"; + r_type = "A"; + value = "193.1.99.91"; + server = true; + } + { + record = "minecraft.compsoc.games"; + r_type = "CNAME"; + value = "bumblebee"; + } + { + record = "_minecraft._tcp.minecraft.compsoc.games.skynet.ie."; + r_type = "SRV"; + value = "0 10 25518 minecraft.compsoc.games.skynet.ie."; + } + { + record = "minecraft-classic.compsoc.games"; + r_type = "CNAME"; + value = "bumblebee"; + } + { + record = "_minecraft._tcp.minecraft-classic.compsoc.games.skynet.ie."; + r_type = "SRV"; + value = "0 10 25518 minecraft-classic.compsoc.games.skynet.ie."; + } + { + record = "minecraft.gsoc.games"; + r_type = "CNAME"; + value = "bumblebee"; + } + { + record = "_minecraft._tcp.minecraft.gsoc.games.skynet.ie."; + r_type = "SRV"; + value = "0 10 25521 minecraft.gsoc.games.skynet.ie."; + } + { + record = "minecraft.phildeb.games"; + r_type = "CNAME"; + value = "bumblebee"; + } + { + record = "_minecraft._tcp.minecraft.phildeb.games.skynet.ie."; + r_type = "SRV"; + value = "0 10 25522 minecraft.phildeb.games.skynet.ie."; + } + { + record = "minecraft-aged.compsoc.games"; + r_type = "CNAME"; + value = "bumblebee"; + } + { + record = "_minecraft._tcp.minecraft-aged.compsoc.games.skynet.ie."; + r_type = "SRV"; + value = "0 10 25519 minecraft.phildeb.games.skynet.ie."; + } + ] + # non skynet domains + ++ [ + { + domain = "conradcollins.net"; + record = "www"; + r_type = "CNAME"; + value = "skynet.skynet.ie."; + } + + { + domain = "edelharty.net"; + record = "www"; + r_type = "CNAME"; + value = "skynet.skynet.ie."; + } + { + domain = "damienconroy.com"; + record = "www"; + r_type = "CNAME"; + value = "skynet.skynet.ie."; + } + ]; }; } From 4c8ebb455e7a23c057f56b2ba7067f3a955f564f Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 17 Jul 2024 03:50:20 +0100 Subject: [PATCH 450/826] feat: the actual bind files are now created directly from teh records --- applications/dns/dns.nix | 83 ++++++++++++++-------------------------- 1 file changed, 29 insertions(+), 54 deletions(-) diff --git a/applications/dns/dns.nix b/applications/dns/dns.nix index 044632c..0202922 100644 --- a/applications/dns/dns.nix +++ b/applications/dns/dns.nix @@ -28,9 +28,9 @@ ]; # gets a list of records that match this type - filter_records_type = r_type: builtins.filter (x: x.r_type == r_type) records; - filter_records_server = builtins.filter (x: builtins.hasAttr "server" x && x.server) (filter_records_type "A"); - filter_records_a = builtins.filter (x: builtins.hasAttr "server" x && !x.server) (filter_records_type "A"); + filter_records_type = records: r_type: builtins.filter (x: x.r_type == r_type) records; + filter_records_server = records: builtins.filter (x: builtins.hasAttr "server" x && x.server) (filter_records_type records "A"); + filter_records_a = records: builtins.filter (x: builtins.hasAttr "server" x && !x.server) (filter_records_type records "A"); process_ptr = records: lib.lists.forEach records (x: process_ptr_sub x); process_ptr_sub = record: { @@ -40,11 +40,11 @@ }; ip_ptr_to_int = ip: lib.strings.toInt (builtins.substring 9 3 ip); - sort_records_server = builtins.sort (a: b: a.record < b.record) filter_records_server; - sort_records_a = builtins.sort (a: b: (ip_ptr_to_int a.value) < (ip_ptr_to_int b.value)) filter_records_a; - sort_records_cname = builtins.sort (a: b: a.value < b.value) (filter_records_type "CNAME"); - sort_records_ptr = builtins.sort (a: b: (lib.strings.toInt a.record) < (lib.strings.toInt b.record)) (process_ptr (filter_records_type "PTR")); - sort_records_srv = builtins.sort (a: b: a.record < b.record) (filter_records_type "SRV"); + sort_records_server = records: builtins.sort (a: b: a.record < b.record) (filter_records_server records); + sort_records_a = records: builtins.sort (a: b: (ip_ptr_to_int a.value) < (ip_ptr_to_int b.value)) (filter_records_a records); + sort_records_cname = records: builtins.sort (a: b: a.value < b.value) (filter_records_type records "CNAME"); + sort_records_ptr = records: builtins.sort (a: b: (lib.strings.toInt a.record) < (lib.strings.toInt b.record)) (process_ptr (filter_records_type records "PTR")); + sort_records_srv = records: builtins.sort (a: b: a.record < b.record) (filter_records_type records "SRV"); max = x: y: assert builtins.isInt x; @@ -74,7 +74,7 @@ # base config for domains we own (skynet.ie, csn.ul.ie, ulcompsoc.ie) get_config_file = ( - domain: '' + domain: records: '' $TTL 60 ; 1 minute ; hostmaster@skynet.ie is an email address that recieves stuff related to dns @ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. ( @@ -93,32 +93,32 @@ ; ------------------------------------------ ; Server Names (A Records) ; ------------------------------------------ - ${format_records sort_records_server} + ${format_records (sort_records_server records)} ; ------------------------------------------ ; A (non server names ; ------------------------------------------ - ${format_records sort_records_a} + ${format_records (sort_records_a records)} ; ------------------------------------------ ; CNAMES ; ------------------------------------------ - ${format_records sort_records_cname} + ${format_records (sort_records_cname records)} ; ------------------------------------------ ; TXT ; ------------------------------------------ - ${format_records (filter_records_type "TXT")} + ${format_records (filter_records_type records "TXT")} ; ------------------------------------------ ; MX ; ------------------------------------------ - ${format_records (filter_records_type "MX")} + ${format_records (filter_records_type records "MX")} ; ------------------------------------------ ; SRV ; ------------------------------------------ - ${format_records sort_records_srv} + ${format_records (sort_records_srv records)} '' @@ -146,27 +146,7 @@ ; ------------------------------------------ ; PTR ; ------------------------------------------ - ${format_records sort_records_ptr} - '' - ); - - # domains we dont have proper ownship over, only here to ensure the logs dont get cluttered. - get_config_file_old_domains = ( - domain: '' - $TTL 60 ; 1 minute - ; hostmaster@skynet.ie is an email address that recieves stuff related to dns - @ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. ( - ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated - ${current_date} - 600 ; Refresh (10 minutes) - 300 ; Retry (5 minutes) - 604800 ; Expire (1 week) - 3600 ; Minimum (1 hour) - ) - - @ NS ns1.skynet.ie. - @ NS ns2.skynet.ie. - + ${format_records (sort_records_ptr records)} '' ); @@ -212,13 +192,13 @@ # (text.owned "csn.ul.ie") # standard function to create the etc file, pass in the text and domain and it makes it - create_entry_etc = domain: type: + create_entry_etc = domain: type: let + domain_records = lib.lists.filter (x: x.domain == domain) records; + in if type == "owned" - then create_entry_etc_sub domain (text.owned domain) + then create_entry_etc_sub domain (get_config_file domain domain_records) else if type == "reverse" - then create_entry_etc_sub domain (text.reverse domain) - else if type == "old" - then create_entry_etc_sub domain (text.old domain) + then create_entry_etc_sub domain (get_config_file_rev domain) else {}; create_entry_zone = domain: let @@ -248,12 +228,6 @@ }; }; - text = { - owned = domain: get_config_file domain; - reverse = domain: get_config_file_rev domain; - old = domain: get_config_file_old_domains domain; - }; - records = config.skynet.records ++ builtins.concatLists ( @@ -362,13 +336,14 @@ in { ] ); - environment.etc = - (create_entry_etc "csn.ul.ie" "owned") - // (create_entry_etc "skynet.ie" "owned") - // (create_entry_etc "ulcompsoc.ie" "owned") - // (create_entry_etc "64-64.99.1.193.in-addr.arpa" "reverse") - // (create_entry_etc "conradcollins.net" "old") - // (create_entry_etc "edelharty.net" "old"); + environment.etc = lib.attrsets.mergeAttrsList ( + # uses teh domains lsited in teh records + (lib.lists.forEach domains (domain: (create_entry_etc domain "owned"))) + # we have to do a reverse dns + ++ [ + (create_entry_etc "64-64.99.1.193.in-addr.arpa" "reverse") + ] + ); # secrets required age.secrets.dns_dnskeys = { From 1287160cdf7d95a0876e76ff3f8b90d6f84dadd0 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 17 Jul 2024 04:08:04 +0100 Subject: [PATCH 451/826] feat: reduced some complexity --- applications/dns/dns.nix | 52 +++++++++++----------------------------- 1 file changed, 14 insertions(+), 38 deletions(-) diff --git a/applications/dns/dns.nix b/applications/dns/dns.nix index 0202922..ec32461 100644 --- a/applications/dns/dns.nix +++ b/applications/dns/dns.nix @@ -230,46 +230,14 @@ records = config.skynet.records + /* + Need to "manually" grab it from each server. + Nix is laxy evalusted so if it does not need to open a file it wont. + This is to iterate through each server (node) and evaluate the dns records for that server. + */ ++ builtins.concatLists ( lib.attrsets.mapAttrsToList ( - key: value: let - details_server = value.config.services.skynet."${name}".server; - details_records = value.config.services.skynet."${name}".records; - in - if builtins.hasAttr "dns" value.config.services.skynet - then - ( - # got to handle habing a dns record for the dns serves themselves. - if details_server.enable - then - ( - if details_server.primary - then - details_records - ++ [ - { - domain = "skynet.ie"; - record = "ns1"; - r_type = "A"; - value = details_server.ip; - server = false; - } - ] - else - details_records - ++ [ - { - domain = "skynet.ie"; - record = "ns2"; - r_type = "A"; - value = details_server.ip; - server = false; - } - ] - ) - else details_records - ) - else [] + key: value: value.config.services.skynet."${name}".records ) nodes ); @@ -327,6 +295,14 @@ in { "ip daddr ${cfg.server.ip} udp dport 53 counter packets 0 bytes 0 accept" ]; + services.skynet.dns.records = [ + { + record = nameserver; + r_type = "A"; + value = config.services.skynet.host.ip; + } + ]; + services.bind.zones = lib.attrsets.mergeAttrsList ( # uses teh domains lsited in teh records (lib.lists.forEach domains (domain: (create_entry_zone domain))) From c5c44acc8bd1cdfedf1d09067438d072e97d127f Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 17 Jul 2024 04:20:48 +0100 Subject: [PATCH 452/826] fmt: prepping for #80 --- applications/email.nix | 190 +++++++++++++++++++++-------------------- 1 file changed, 98 insertions(+), 92 deletions(-) diff --git a/applications/email.nix b/applications/email.nix index e988b0d..8b74703 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -267,103 +267,109 @@ in { }; # set up dns record for it - services.skynet.dns.records = [ - # core record - { - record = "@"; - r_type = "MX"; - # the number is the priority in teh case of multiple mailservers - value = "10 mail.${cfg.domain}."; - } + services.skynet.dns.records = + [ + # core record + { + record = "@"; + r_type = "MX"; + # the number is the priority in teh case of multiple mailservers + value = "10 mail.${cfg.domain}."; + } - # basic one - { - record = "mail"; - r_type = "A"; - value = config.services.skynet.host.ip; - } - #DNS config for K-9 Mail - { - record = "imap"; - r_type = "CNAME"; - value = "mail"; - } - { - record = "pop3"; - r_type = "CNAME"; - value = "mail"; - } - { - record = "smtp"; - r_type = "CNAME"; - value = "mail"; - } + # basic one + { + record = "mail"; + r_type = "A"; + value = config.services.skynet.host.ip; + } + #DNS config for K-9 Mail + { + record = "imap"; + r_type = "CNAME"; + value = "mail"; + } + { + record = "pop3"; + r_type = "CNAME"; + value = "mail"; + } + { + record = "smtp"; + r_type = "CNAME"; + value = "mail"; + } - # TXT records, all tehse are inside escaped strings to allow using "" + # TXT records, all tehse are inside escaped strings to allow using "" + + # reverse pointer + { + record = config.services.skynet.host.ip; + r_type = "PTR"; + value = "${cfg.sub}.${cfg.domain}."; + } + + # SRV records to help gmail on android etc find the correct mail.skynet.ie domain for config rather than just defaulting to skynet.ie + # https://serverfault.com/questions/935192/how-to-setup-auto-configure-email-for-android-mail-app-on-your-server/1018406#1018406 + # response should be: + # _imap._tcp SRV 0 1 143 imap.example.com. + { + record = "_imaps._tcp"; + r_type = "SRV"; + value = "0 1 993 ${cfg.sub}.${cfg.domain}."; + } + { + record = "_imap._tcp"; + r_type = "SRV"; + value = "0 1 143 ${cfg.sub}.${cfg.domain}."; + } + { + record = "_submissions._tcp"; + r_type = "SRV"; + value = "0 1 465 ${cfg.sub}.${cfg.domain}."; + } + { + record = "_submission._tcp"; + r_type = "SRV"; + value = "0 1 587 ${cfg.sub}.${cfg.domain}."; + } + ] # SPF record - { - record = "${cfg.domain}."; - r_type = "TXT"; - value = ''"v=spf1 a:${cfg.sub}.${cfg.domain} ip4:${config.services.skynet.host.ip} -all"''; - } - + ++ [ + { + record = "${cfg.domain}."; + r_type = "TXT"; + value = ''"v=spf1 a:${cfg.sub}.${cfg.domain} ip4:${config.services.skynet.host.ip} -all"''; + } + ] # DKIM keys - { - record = "mail._domainkey.skynet.ie."; - r_type = "TXT"; - value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxju1Ie60BdHwyFVPNQKovL/cX9IFPzBKgjnHZf+WBzDCFKSBpf7NvnfXajtFDQN0poaN/Qfifid+V55ZCNDBn8Y3qZa4Y69iNiLw2DdvYf0HdnxX6+pLpbmj7tikGGLJ62xnhkJhoELnz5gCOhpyoiv0tSQVaJpaGZmoll861/QIDAQAB"''; - } - { - record = "mail._domainkey.ulcompsoc.ie."; - r_type = "TXT"; - value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"''; - } - + ++ [ + { + record = "mail._domainkey.skynet.ie."; + r_type = "TXT"; + value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxju1Ie60BdHwyFVPNQKovL/cX9IFPzBKgjnHZf+WBzDCFKSBpf7NvnfXajtFDQN0poaN/Qfifid+V55ZCNDBn8Y3qZa4Y69iNiLw2DdvYf0HdnxX6+pLpbmj7tikGGLJ62xnhkJhoELnz5gCOhpyoiv0tSQVaJpaGZmoll861/QIDAQAB"''; + } + { + domain = "ulcompsoc.ie"; + record = "mail._domainkey.ulcompsoc.ie."; + r_type = "TXT"; + value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"''; + } + ] # DMARC - { - record = "_dmarc.${cfg.domain}."; - r_type = "TXT"; - # p : quarantine => sends to spam, reject => never sent - # rua : mail that receives reports about DMARC activity - # pct : percentage of unathenticated messages that DMARC stops - # adkim : alignment policy for DKIM, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed - # aspf : alignment policy for SPF, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed - # sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent - value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=s; aspf=s; sp=quarantine"''; - } - - # reverse pointer - { - record = config.services.skynet.host.ip; - r_type = "PTR"; - value = "${cfg.sub}.${cfg.domain}."; - } - - # SRV records to help gmail on android etc find the correct mail.skynet.ie domain for config rather than just defaulting to skynet.ie - # https://serverfault.com/questions/935192/how-to-setup-auto-configure-email-for-android-mail-app-on-your-server/1018406#1018406 - # response should be: - # _imap._tcp SRV 0 1 143 imap.example.com. - { - record = "_imaps._tcp"; - r_type = "SRV"; - value = "0 1 993 ${cfg.sub}.${cfg.domain}."; - } - { - record = "_imap._tcp"; - r_type = "SRV"; - value = "0 1 143 ${cfg.sub}.${cfg.domain}."; - } - { - record = "_submissions._tcp"; - r_type = "SRV"; - value = "0 1 465 ${cfg.sub}.${cfg.domain}."; - } - { - record = "_submission._tcp"; - r_type = "SRV"; - value = "0 1 587 ${cfg.sub}.${cfg.domain}."; - } - ]; + ++ [ + { + record = "_dmarc.${cfg.domain}."; + r_type = "TXT"; + # p : quarantine => sends to spam, reject => never sent + # rua : mail that receives reports about DMARC activity + # pct : percentage of unathenticated messages that DMARC stops + # adkim : alignment policy for DKIM, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed + # aspf : alignment policy for SPF, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed + # sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent + value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=s; aspf=s; sp=quarantine"''; + } + ]; #https://nixos-mailserver.readthedocs.io/en/latest/add-roundcube.html users.groups.nginx = {}; From 2a949f8e8211cb8ff6029af493cb4d4fc49a9de9 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 20 Jul 2024 00:51:24 +0100 Subject: [PATCH 453/826] fix: test the new format --- applications/dns/dns.nix | 8 ++++---- config/dns.nix | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/applications/dns/dns.nix b/applications/dns/dns.nix index ec32461..155cfea 100644 --- a/applications/dns/dns.nix +++ b/applications/dns/dns.nix @@ -9,7 +9,7 @@ cfg = config.services.skynet."${name}"; # reads that date to a string (will need to be fixed in 2038) - current_date = lib.readFile "${pkgs.runCommand "timestamp" {} "echo -n `date +%s` > $out"}"; + current_date = builtins.currentTime; # this gets a list of all domains we have records for domains = lib.lists.naturalSort ( @@ -79,7 +79,7 @@ ; hostmaster@skynet.ie is an email address that recieves stuff related to dns @ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. ( ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated - ${current_date} + ${toString current_date} 600 ; Refresh (10 minutes) 300 ; Retry (5 minutes) 604800 ; Expire (1 week) @@ -133,7 +133,7 @@ ; hostmaster@skynet.ie is an email address that recieves stuff related to dns @ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. ( ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated - ${current_date} + ${toString current_date} 600 ; Refresh (10 minutes) 300 ; Retry (5 minutes) 604800 ; Expire (1 week) @@ -215,7 +215,7 @@ extraConfig = '' ${if_primary_and_owned} // for bumping the config - // ${current_date} + // ${toString current_date} ''; # really wish teh nixos config didnt use master/slave master = cfg.server.primary; diff --git a/config/dns.nix b/config/dns.nix index 08eeb4c..f4b0119 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -37,7 +37,7 @@ { record = "_minecraft._tcp.minecraft.compsoc.games.skynet.ie."; r_type = "SRV"; - value = "0 10 25518 minecraft.compsoc.games.skynet.ie."; + value = "0 10 25518 bumblebee.skynet.ie."; } { record = "minecraft-classic.compsoc.games"; @@ -47,7 +47,7 @@ { record = "_minecraft._tcp.minecraft-classic.compsoc.games.skynet.ie."; r_type = "SRV"; - value = "0 10 25518 minecraft-classic.compsoc.games.skynet.ie."; + value = "0 10 25518 bumblebee.skynet.ie."; } { record = "minecraft.gsoc.games"; @@ -57,7 +57,7 @@ { record = "_minecraft._tcp.minecraft.gsoc.games.skynet.ie."; r_type = "SRV"; - value = "0 10 25521 minecraft.gsoc.games.skynet.ie."; + value = "0 10 25521 bumblebee.skynet.ie."; } { record = "minecraft.phildeb.games"; @@ -67,7 +67,7 @@ { record = "_minecraft._tcp.minecraft.phildeb.games.skynet.ie."; r_type = "SRV"; - value = "0 10 25522 minecraft.phildeb.games.skynet.ie."; + value = "0 10 25522 bumblebee.skynet.ie."; } { record = "minecraft-aged.compsoc.games"; @@ -77,7 +77,7 @@ { record = "_minecraft._tcp.minecraft-aged.compsoc.games.skynet.ie."; r_type = "SRV"; - value = "0 10 25519 minecraft.phildeb.games.skynet.ie."; + value = "0 10 25519 bumblebee.skynet.ie."; } ] # non skynet domains From a4d83fde501ea7c0c0ccc630d3eacaf22a4201ad Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 20 Jul 2024 12:20:36 +0100 Subject: [PATCH 454/826] ci: test using lix on teh runner Relates to #81 Also bump the base image to teh latest alpine --- applications/gitlab_runner.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/applications/gitlab_runner.nix b/applications/gitlab_runner.nix index dc642cf..13d296a 100644 --- a/applications/gitlab_runner.nix +++ b/applications/gitlab_runner.nix @@ -31,7 +31,7 @@ in { docker = { image = mkOption { - default = "alpine:3.18.4"; + default = "alpine:latest"; type = types.str; }; @@ -95,9 +95,10 @@ in { mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root mkdir -p -m 0700 "$HOME/.nix-defexpr" . ${pkgs.nix}/etc/profile.d/nix-daemon.sh - ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixos-unstable nixpkgs # 3 + ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixos-unstable nixpkgs ${pkgs.nix}/bin/nix-channel --update nixpkgs - ${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [nix cacert git openssh])} + ${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [lix cacert git openssh])} + nix --version ''; environmentVariables = { ENV = "/etc/profile"; From 648b437767b3561b602cef54f6becfdcfcad4128 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 20 Jul 2024 12:21:30 +0100 Subject: [PATCH 455/826] dns: use better date for teh serial --- applications/dns/dns.nix | 3 ++- flake.nix | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/applications/dns/dns.nix b/applications/dns/dns.nix index 155cfea..8b4b8b5 100644 --- a/applications/dns/dns.nix +++ b/applications/dns/dns.nix @@ -3,13 +3,14 @@ pkgs, config, nodes, + self, ... }: let name = "dns"; cfg = config.services.skynet."${name}"; # reads that date to a string (will need to be fixed in 2038) - current_date = builtins.currentTime; + current_date = self.lastModified; # this gets a list of all domains we have records for domains = lib.lists.naturalSort ( diff --git a/flake.nix b/flake.nix index 397c1fe..91e8f7b 100644 --- a/flake.nix +++ b/flake.nix @@ -131,7 +131,7 @@ overlays = []; }; specialArgs = { - inherit inputs; + inherit inputs self; }; }; From c5a651d98ea7328f92cce85ee69603aa6fc29404 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 20 Jul 2024 12:45:16 +0100 Subject: [PATCH 456/826] nix: bump nixpkgs to get the patched gitlab --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 6b860ec..8e63bca 100644 --- a/flake.lock +++ b/flake.lock @@ -794,11 +794,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1720957393, - "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", + "lastModified": 1721379653, + "narHash": "sha256-8MUgifkJ7lkZs3u99UDZMB4kbOxvMEXQZ31FO3SopZ0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", + "rev": "1d9c2c9b3e71b9ee663d11c5d298727dace8d374", "type": "github" }, "original": { From 2834fbba8dcc72a4ee0c9ac83517bb7dffcef814 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 20 Jul 2024 13:38:35 +0100 Subject: [PATCH 457/826] ci: improve teh pipeline --- .gitlab-ci.yml | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 319bd66..8a5e066 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -55,9 +55,16 @@ sync_repos: - sync/repos.csv .scripts_base: &scripts_base - # load nix environment + # load nix environment, enter dev shell, load cache and - . "$HOME/.nix-profile/etc/profile.d/nix.sh" - - nix --extra-experimental-features 'nix-command flakes' profile install nixpkgs#colmena + # load teh dev shell so pipeline uses same binaries as devs + - nix --extra-experimental-features 'nix-command flakes' develop + # setup the cache + - attic login skynet https://nix-cache.skynet.ie/ $CACHE_KEY + - attic use skynet-cache + - attic watch-store skynet-cache & + # push all everything from the current system into cache (if its not already cached) + - attic push skynet-cache /run/current-system .scripts_deploy: &scripts_deploy # setup ssh key @@ -66,18 +73,12 @@ sync_repos: - mkdir -p ~/.ssh - chmod 700 ~/.ssh -.scripts_cache: &scripts_cache - - nix --extra-experimental-features 'nix-command flakes' profile install nixpkgs#attic-client - - attic login skynet https://nix-cache.skynet.ie/ $CACHE_KEY - - attic use skynet-cache - # every commit on main will build and deploy .build_template: &builder tags: - nix before_script: - *scripts_base - - *scripts_cache rules: - if: $UPDATE_FLAKE == "yes" when: never @@ -94,7 +95,6 @@ sync_repos: before_script: - *scripts_deploy - *scripts_base - - *scripts_cache rules: - if: $UPDATE_FLAKE == "yes" when: never @@ -117,7 +117,6 @@ build: <<: *builder stage: test script: - - attic watch-store skynet-cache & - colmena build -v --on @active-dns - colmena build -v --on @active-core - colmena build -v --on @active From 5c6939bc839d94fd2a0dafed292fdd649456efc7 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 20 Jul 2024 14:07:47 +0100 Subject: [PATCH 458/826] Revert "ci: improve teh pipeline" This reverts commit 2834fbba8dcc72a4ee0c9ac83517bb7dffcef814. --- .gitlab-ci.yml | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8a5e066..319bd66 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -55,16 +55,9 @@ sync_repos: - sync/repos.csv .scripts_base: &scripts_base - # load nix environment, enter dev shell, load cache and + # load nix environment - . "$HOME/.nix-profile/etc/profile.d/nix.sh" - # load teh dev shell so pipeline uses same binaries as devs - - nix --extra-experimental-features 'nix-command flakes' develop - # setup the cache - - attic login skynet https://nix-cache.skynet.ie/ $CACHE_KEY - - attic use skynet-cache - - attic watch-store skynet-cache & - # push all everything from the current system into cache (if its not already cached) - - attic push skynet-cache /run/current-system + - nix --extra-experimental-features 'nix-command flakes' profile install nixpkgs#colmena .scripts_deploy: &scripts_deploy # setup ssh key @@ -73,12 +66,18 @@ sync_repos: - mkdir -p ~/.ssh - chmod 700 ~/.ssh +.scripts_cache: &scripts_cache + - nix --extra-experimental-features 'nix-command flakes' profile install nixpkgs#attic-client + - attic login skynet https://nix-cache.skynet.ie/ $CACHE_KEY + - attic use skynet-cache + # every commit on main will build and deploy .build_template: &builder tags: - nix before_script: - *scripts_base + - *scripts_cache rules: - if: $UPDATE_FLAKE == "yes" when: never @@ -95,6 +94,7 @@ sync_repos: before_script: - *scripts_deploy - *scripts_base + - *scripts_cache rules: - if: $UPDATE_FLAKE == "yes" when: never @@ -117,6 +117,7 @@ build: <<: *builder stage: test script: + - attic watch-store skynet-cache & - colmena build -v --on @active-dns - colmena build -v --on @active-core - colmena build -v --on @active From ed4dcbc75603ff3c9ddf4022ee143d11d9b475e8 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 20 Jul 2024 14:12:03 +0100 Subject: [PATCH 459/826] ci: improve teh pipeline --- .gitlab-ci.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 319bd66..2e05fae 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -70,6 +70,10 @@ sync_repos: - nix --extra-experimental-features 'nix-command flakes' profile install nixpkgs#attic-client - attic login skynet https://nix-cache.skynet.ie/ $CACHE_KEY - attic use skynet-cache + # make sure everything locally is in teh cache + - attic push skynet-cache /run/current-system + # add any new items to the cache + - attic watch-store skynet-cache & # every commit on main will build and deploy .build_template: &builder @@ -117,7 +121,7 @@ build: <<: *builder stage: test script: - - attic watch-store skynet-cache & + - nix --extra-experimental-features 'nix-command flakes' develop - colmena build -v --on @active-dns - colmena build -v --on @active-core - colmena build -v --on @active From 537863c91360d2e9a78c8a606fe10ab419b4486d Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 20 Jul 2024 14:16:55 +0100 Subject: [PATCH 460/826] ci: improve teh pipeline --- .gitlab-ci.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2e05fae..9a921fc 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -70,8 +70,6 @@ sync_repos: - nix --extra-experimental-features 'nix-command flakes' profile install nixpkgs#attic-client - attic login skynet https://nix-cache.skynet.ie/ $CACHE_KEY - attic use skynet-cache - # make sure everything locally is in teh cache - - attic push skynet-cache /run/current-system # add any new items to the cache - attic watch-store skynet-cache & From d64997991dd97b6f8aa766feb6100eb82f3b555f Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 21 Jul 2024 13:10:18 +0100 Subject: [PATCH 461/826] update: rebased the mailserver to pull in updates from upstream --- flake.lock | 122 ++++++++++++++++++++--------------------------------- 1 file changed, 45 insertions(+), 77 deletions(-) diff --git a/flake.lock b/flake.lock index 8e63bca..b2efc10 100644 --- a/flake.lock +++ b/flake.lock @@ -266,11 +266,11 @@ "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1668681692, - "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -514,33 +514,18 @@ "type": "github" } }, - "nixpkgs-22_11": { + "nixpkgs-24_05": { "locked": { - "lastModified": 1669558522, - "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", + "lastModified": 1717144377, + "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", + "rev": "805a384895c696f802a9bf5bf4720f37385df547", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-22.11", - "type": "indirect" - } - }, - "nixpkgs-23_05": { - "locked": { - "lastModified": 1684782344, - "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-23.05", + "ref": "nixos-24.05", "type": "indirect" } }, @@ -867,17 +852,15 @@ "nixpkgs": [ "nixpkgs" ], - "nixpkgs-22_11": "nixpkgs-22_11", - "nixpkgs-23_05": "nixpkgs-23_05", - "utils": "utils_3" + "nixpkgs-24_05": "nixpkgs-24_05" }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1696865182, - "narHash": "sha256-zyUUOA+RiwRjLP6+zi80p5pqftYK3+9yIN5wQ9VlGkw=", + "lastModified": 1721563560, + "narHash": "sha256-y+Rag94tKu8Z6ouJlfxFb8EK9fKs1TNZa4nX7MT2kZg=", "owner": "compsoc1%2Fskynet", "repo": "misc%2Fnixos-mailserver", - "rev": "14007ae0eaeba4cc0235135f872122e398f09040", + "rev": "903190561842dd9cc2e7c25dda10ea26fccfd7e9", "type": "gitlab" }, "original": { @@ -891,7 +874,7 @@ "inputs": { "naersk": "naersk_2", "nixpkgs": "nixpkgs_10", - "utils": "utils_4" + "utils": "utils_3" }, "locked": { "host": "gitlab.skynet.ie", @@ -913,7 +896,7 @@ "inputs": { "naersk": "naersk_3", "nixpkgs": "nixpkgs_12", - "utils": "utils_5" + "utils": "utils_4" }, "locked": { "host": "gitlab.skynet.ie", @@ -934,7 +917,7 @@ "skynet_ldap_frontend": { "inputs": { "nixpkgs": "nixpkgs_13", - "utils": "utils_6" + "utils": "utils_5" }, "locked": { "host": "gitlab.skynet.ie", @@ -955,7 +938,7 @@ "skynet_website": { "inputs": { "nixpkgs": "nixpkgs_14", - "utils": "utils_7" + "utils": "utils_6" }, "locked": { "host": "gitlab.skynet.ie", @@ -976,7 +959,7 @@ "skynet_website_2009": { "inputs": { "nixpkgs": "nixpkgs_15", - "utils": "utils_8" + "utils": "utils_7" }, "locked": { "host": "gitlab.skynet.ie", @@ -997,7 +980,7 @@ "skynet_website_2017": { "inputs": { "nixpkgs": "nixpkgs_16", - "utils": "utils_9" + "utils": "utils_8" }, "locked": { "host": "gitlab.skynet.ie", @@ -1018,7 +1001,7 @@ "skynet_website_2023": { "inputs": { "nixpkgs": "nixpkgs_17", - "utils": "utils_10" + "utils": "utils_9" }, "locked": { "host": "gitlab.skynet.ie", @@ -1040,7 +1023,7 @@ "skynet_website_games": { "inputs": { "nixpkgs": "nixpkgs_18", - "utils": "utils_11" + "utils": "utils_10" }, "locked": { "host": "gitlab.skynet.ie", @@ -1061,7 +1044,7 @@ "skynet_website_renew": { "inputs": { "nixpkgs": "nixpkgs_19", - "utils": "utils_12" + "utils": "utils_11" }, "locked": { "host": "gitlab.skynet.ie", @@ -1309,24 +1292,6 @@ } }, "utils_10": { - "inputs": { - "systems": "systems_11" - }, - "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_11": { "inputs": { "systems": "systems_12" }, @@ -1344,7 +1309,7 @@ "type": "github" } }, - "utils_12": { + "utils_11": { "inputs": { "systems": "systems_13" }, @@ -1381,21 +1346,6 @@ } }, "utils_3": { - "locked": { - "lastModified": 1605370193, - "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5021eac20303a61fafe17224c087f5519baed54d", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_4": { "inputs": { "systems": "systems_5" }, @@ -1413,7 +1363,7 @@ "type": "github" } }, - "utils_5": { + "utils_4": { "inputs": { "systems": "systems_6" }, @@ -1431,7 +1381,7 @@ "type": "github" } }, - "utils_6": { + "utils_5": { "inputs": { "systems": "systems_7" }, @@ -1449,7 +1399,7 @@ "type": "github" } }, - "utils_7": { + "utils_6": { "inputs": { "systems": "systems_8" }, @@ -1467,7 +1417,7 @@ "type": "github" } }, - "utils_8": { + "utils_7": { "inputs": { "systems": "systems_9" }, @@ -1485,7 +1435,7 @@ "type": "github" } }, - "utils_9": { + "utils_8": { "inputs": { "systems": "systems_10" }, @@ -1502,6 +1452,24 @@ "repo": "flake-utils", "type": "github" } + }, + "utils_9": { + "inputs": { + "systems": "systems_11" + }, + "locked": { + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } } }, "root": "root", From bd96a84fe8210a441fe450fb9f79706946fefd32 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 21 Jul 2024 21:18:06 +0100 Subject: [PATCH 462/826] committee: added Emilia --- config/users.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/config/users.nix b/config/users.nix index eafa6ba..ac428e2 100644 --- a/config/users.nix +++ b/config/users.nix @@ -55,6 +55,7 @@ in { "sourabh1805" "kronsy" "skyapples" + "emi05h" ]; admin = [ "silver" From ba6d831f736bb3c1128cfe94a7b5d48693d4f16b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 22 Jul 2024 13:02:31 +0100 Subject: [PATCH 463/826] itd: vpn users has been updated --- ITD/VPN_Admins.csv | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ITD/VPN_Admins.csv b/ITD/VPN_Admins.csv index 73b1e41..e0ea229 100644 --- a/ITD/VPN_Admins.csv +++ b/ITD/VPN_Admins.csv @@ -1,4 +1,6 @@ Index,First Name,Surname,UL Student Email,Status,Date Modified SKYNET_VPN_ADM_001,Brendan,Golden,12136891@studentmail.ul.ie,Active,2023/04/04 -SKYNET_VPN_ADM_002,Evan,Cassidy,,Active,2023/04/04 -SKYNET_VPN_ADM_003,Eoghan,Conlon,21310262@studentmail.ul.ie,Active,2023/04/04 \ No newline at end of file +SKYNET_VPN_ADM_002,Evan,Cassidy,External,Active,2023/04/04 +SKYNET_VPN_ADM_003,Eoghan,Conlon,21310262@studentmail.ul.ie,Disabled,2024/07/21 +SKYNET_VPN_ADM_004,Eliza,Macovei,23382619@studentmail.ul.ie,Active,2024/07/21 +SKYNET_VPN_ADM_005,Darragh,Downes,22351159@studentmail.ul.ie,Active,2024/07/21 \ No newline at end of file From bbcc8fc1f63a054daf313050790fd7b01e61f92f Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 22 Jul 2024 13:04:24 +0100 Subject: [PATCH 464/826] itd: add the ticket to the rules --- ITD/VPN_Admins.csv | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ITD/VPN_Admins.csv b/ITD/VPN_Admins.csv index e0ea229..fa6cb84 100644 --- a/ITD/VPN_Admins.csv +++ b/ITD/VPN_Admins.csv @@ -1,6 +1,6 @@ -Index,First Name,Surname,UL Student Email,Status,Date Modified -SKYNET_VPN_ADM_001,Brendan,Golden,12136891@studentmail.ul.ie,Active,2023/04/04 -SKYNET_VPN_ADM_002,Evan,Cassidy,External,Active,2023/04/04 -SKYNET_VPN_ADM_003,Eoghan,Conlon,21310262@studentmail.ul.ie,Disabled,2024/07/21 -SKYNET_VPN_ADM_004,Eliza,Macovei,23382619@studentmail.ul.ie,Active,2024/07/21 -SKYNET_VPN_ADM_005,Darragh,Downes,22351159@studentmail.ul.ie,Active,2024/07/21 \ No newline at end of file +Index,Ticket,First Name,Surname,UL Student Email,Status,Date Modified +SKYNET_VPN_ADM_001,,Brendan,Golden,12136891@studentmail.ul.ie,Active,2023/04/04 +SKYNET_VPN_ADM_002,,Evan,Cassidy,External,Active,2023/04/04 +SKYNET_VPN_ADM_003,i24-07-22_760,Eoghan,Conlon,21310262@studentmail.ul.ie,Disabled,2024/07/21 +SKYNET_VPN_ADM_004,i24-07-22_760,Eliza,Macovei,23382619@studentmail.ul.ie,Active,2024/07/21 +SKYNET_VPN_ADM_005,i24-07-22_760,Darragh,Downes,22351159@studentmail.ul.ie,Active,2024/07/21 From 1212ecc7a1c18f7edd5894924dd3afeec7e0a4f0 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 22 Jul 2024 13:18:12 +0100 Subject: [PATCH 465/826] its: better handling of changes over time for teh vpn users --- ITD/VPN_Admins.csv | 12 ++++++------ ITD/VPN_Admins_changes.csv | 7 +++++++ 2 files changed, 13 insertions(+), 6 deletions(-) create mode 100644 ITD/VPN_Admins_changes.csv diff --git a/ITD/VPN_Admins.csv b/ITD/VPN_Admins.csv index fa6cb84..8d7e9b9 100644 --- a/ITD/VPN_Admins.csv +++ b/ITD/VPN_Admins.csv @@ -1,6 +1,6 @@ -Index,Ticket,First Name,Surname,UL Student Email,Status,Date Modified -SKYNET_VPN_ADM_001,,Brendan,Golden,12136891@studentmail.ul.ie,Active,2023/04/04 -SKYNET_VPN_ADM_002,,Evan,Cassidy,External,Active,2023/04/04 -SKYNET_VPN_ADM_003,i24-07-22_760,Eoghan,Conlon,21310262@studentmail.ul.ie,Disabled,2024/07/21 -SKYNET_VPN_ADM_004,i24-07-22_760,Eliza,Macovei,23382619@studentmail.ul.ie,Active,2024/07/21 -SKYNET_VPN_ADM_005,i24-07-22_760,Darragh,Downes,22351159@studentmail.ul.ie,Active,2024/07/21 +Index,First Name,Surname,UL Student Email +SKYNET_VPN_ADM_001,Brendan,Golden,12136891@studentmail.ul.ie +SKYNET_VPN_ADM_002,Evan,Cassidy,External +SKYNET_VPN_ADM_003,Eoghan,Conlon,21310262@studentmail.ul.ie +SKYNET_VPN_ADM_004,Eliza,Macovei,23382619@studentmail.ul.ie +SKYNET_VPN_ADM_005,Darragh,Downes,22351159@studentmail.ul.ie diff --git a/ITD/VPN_Admins_changes.csv b/ITD/VPN_Admins_changes.csv new file mode 100644 index 0000000..f9e4a0e --- /dev/null +++ b/ITD/VPN_Admins_changes.csv @@ -0,0 +1,7 @@ +Date,Date Modified,Action,Ticket,ID +SKYNET_VPN_ADM_CHANGE_001,2023/04/04,Added,,SKYNET_VPN_ADM_001 +SKYNET_VPN_ADM_CHANGE_002,2023/04/04,Added,,SKYNET_VPN_ADM_002 +SKYNET_VPN_ADM_CHANGE_003,2023/04/04,Added,,SKYNET_VPN_ADM_003 +SKYNET_VPN_ADM_CHANGE_003,2024/07/21,Removed,i24-07-22_760,SKYNET_VPN_ADM_003 +SKYNET_VPN_ADM_CHANGE_004,2024/07/21,Added,i24-07-22_760,SKYNET_VPN_ADM_004 +SKYNET_VPN_ADM_CHANGE_005,2024/07/21,Added,i24-07-22_760,SKYNET_VPN_ADM_005 From ba527ead3bc77884ea93a24218c99f5684c23bca Mon Sep 17 00:00:00 2001 From: daragh downes Date: Mon, 22 Jul 2024 13:01:37 +0000 Subject: [PATCH 466/826] Update VPN_Admins.csv --- ITD/VPN_Admins.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ITD/VPN_Admins.csv b/ITD/VPN_Admins.csv index 8d7e9b9..6e3860a 100644 --- a/ITD/VPN_Admins.csv +++ b/ITD/VPN_Admins.csv @@ -3,4 +3,4 @@ SKYNET_VPN_ADM_001,Brendan,Golden,12136891@studentmail.ul.ie SKYNET_VPN_ADM_002,Evan,Cassidy,External SKYNET_VPN_ADM_003,Eoghan,Conlon,21310262@studentmail.ul.ie SKYNET_VPN_ADM_004,Eliza,Macovei,23382619@studentmail.ul.ie -SKYNET_VPN_ADM_005,Darragh,Downes,22351159@studentmail.ul.ie +SKYNET_VPN_ADM_005,Daragh,Downes,22351159@studentmail.ul.ie From 35920eda0c085eb59af3ad9592d9099e9feb5ba8 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 22 Jul 2024 18:54:23 +0100 Subject: [PATCH 467/826] feat: this should put an automatic bcc on outgoing mail as well as a corrosponding filter to put it in teh right inboxes Relates to #84 --- applications/email.nix | 48 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/applications/email.nix b/applications/email.nix index 8b74703..e47a7ae 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -114,6 +114,21 @@ with lib; let stop; } else { fileinto :create "''${1}"; + stop; + } + } + } + if allof ( + address :localpart ["From"] ["${toString create_config_to}"], + address :domain ["From"] "skynet.ie" + ){ + if address :matches ["From"] "*@skynet.ie" { + if header :is "X-Spam" "Yes" { + fileinto :create "''${1}.Junk"; + stop; + } else { + fileinto :create "''${1}"; + stop; } } } @@ -465,6 +480,39 @@ in { before = configFile; }; + # This is to add a bcc to outgoing mail + # this then interacts with teh filters to put it in the right folder + # we can directly add to the postfix service here + services.postfix = let + # mostly copied from the upstream mailserver config/functions + mappedFile = name: "hash:/var/lib/postfix/conf/${name}"; + + sender_bcc_maps_file = let + content = lookupTableToString create_skynet_service_bcc; + in + builtins.toFile "sender_bcc_maps" content; + + lookupTableToString = attrs: let + valueToString = value: lib.concatStringsSep ", " value; + in + lib.concatStringsSep "\n" (lib.mapAttrsToList (name: value: "${name} ${valueToString value}") attrs); + + # convert the mailboxes config to something that can be used here + create_skynet_email_bcc = mailbox: { + name = "${mailbox}@skynet.ie"; + value = ["${mailbox}@skynet.ie"]; + }; + create_skynet_service_bcc = builtins.listToAttrs (map (mailbox: (create_skynet_email_bcc mailbox.account)) service_mailboxes); + in { + mapFiles."sender_bcc_maps" = sender_bcc_maps_file; + + config = { + sender_bcc_maps = [ + (mappedFile "sender_bcc_maps") + ]; + }; + }; + # tune the spam filter /* services.rspamd.extraConfig = '' From 9c7d08c153f7960ee3643cc3d95ce4166015ca9d Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 22 Jul 2024 18:57:31 +0100 Subject: [PATCH 468/826] fix: slight bit of formatting and a renaming Closes #84 --- applications/email.nix | 48 +++++++++++++++++++++--------------------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/applications/email.nix b/applications/email.nix index e47a7ae..bd03f77 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -92,7 +92,7 @@ with lib; let } ]; - configFile = + sieveConfigFile = # https://doc.dovecot.org/configuration_manual/sieve/examples/#plus-addressed-mail-filtering pkgs.writeText "basic_sieve" '' @@ -105,32 +105,32 @@ with lib; let # this should be close to teh last step if allof ( - address :localpart ["To"] ["${toString create_config_to}"], - address :domain ["To"] "skynet.ie" - ){ - if address :matches ["To"] "*@skynet.ie" { - if header :is "X-Spam" "Yes" { - fileinto :create "''${1}.Junk"; - stop; - } else { - fileinto :create "''${1}"; - stop; - } + address :localpart ["To"] ["${toString create_config_to}"], + address :domain ["To"] "skynet.ie" + ){ + if address :matches ["To"] "*@skynet.ie" { + if header :is "X-Spam" "Yes" { + fileinto :create "''${1}.Junk"; + stop; + } else { + fileinto :create "''${1}"; + stop; } + } } if allof ( - address :localpart ["From"] ["${toString create_config_to}"], - address :domain ["From"] "skynet.ie" - ){ - if address :matches ["From"] "*@skynet.ie" { - if header :is "X-Spam" "Yes" { - fileinto :create "''${1}.Junk"; - stop; - } else { - fileinto :create "''${1}"; - stop; - } + address :localpart ["From"] ["${toString create_config_to}"], + address :domain ["From"] "skynet.ie" + ){ + if address :matches ["From"] "*@skynet.ie" { + if header :is "X-Spam" "Yes" { + fileinto :create "''${1}.Junk"; + stop; + } else { + fileinto :create "''${1}"; + stop; } + } } ''; in { @@ -477,7 +477,7 @@ in { }; services.dovecot2.sieve.scripts = { - before = configFile; + before = sieveConfigFile; }; # This is to add a bcc to outgoing mail From cd002aec03a3f2ef6212816c6398a2896397ba82 Mon Sep 17 00:00:00 2001 From: daragh downes Date: Mon, 22 Jul 2024 20:02:38 +0000 Subject: [PATCH 469/826] fix : remove unneeded import Prometheus is imported through base --- machines/ariia.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/machines/ariia.nix b/machines/ariia.nix index f3f095c..121dd63 100644 --- a/machines/ariia.nix +++ b/machines/ariia.nix @@ -27,7 +27,6 @@ Notes: in { imports = [ ../applications/grafana.nix - ../applications/prometheus.nix ]; deployment = { From 4f87e56d639f467a55e1a044bcde4641de8c13d0 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 24 Jul 2024 20:47:58 +0100 Subject: [PATCH 470/826] fix: include cc's for incoming mail --- applications/email.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/applications/email.nix b/applications/email.nix index bd03f77..003580b 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -105,10 +105,10 @@ with lib; let # this should be close to teh last step if allof ( - address :localpart ["To"] ["${toString create_config_to}"], - address :domain ["To"] "skynet.ie" + address :localpart ["To", "Cc"] ["${toString create_config_to}"], + address :domain ["To", "Cc"] "skynet.ie" ){ - if address :matches ["To"] "*@skynet.ie" { + if address :matches ["To", "Cc"] "*@skynet.ie" { if header :is "X-Spam" "Yes" { fileinto :create "''${1}.Junk"; stop; From 98136e802bc6aa72de13ecb53159815a985c2c5b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 6 Aug 2024 15:41:59 +0100 Subject: [PATCH 471/826] fix: git is important enough that it should have its own folder --- applications/{ => git}/gitlab.nix | 12 ++++++------ applications/{ => git}/gitlab_runner.nix | 4 ++-- machines/glados.nix | 2 +- machines/wheatly.nix | 2 +- 4 files changed, 10 insertions(+), 10 deletions(-) rename applications/{ => git}/gitlab.nix (95%) rename applications/{ => git}/gitlab_runner.nix (96%) diff --git a/applications/gitlab.nix b/applications/git/gitlab.nix similarity index 95% rename from applications/gitlab.nix rename to applications/git/gitlab.nix index a65c43e..0d90b7b 100644 --- a/applications/gitlab.nix +++ b/applications/git/gitlab.nix @@ -56,32 +56,32 @@ in { # grep -r --exclude-dir={docker,containers,log,sys,nix,proc} gitlab / age.secrets.gitlab_pw = { - file = ../secrets/gitlab/pw.age; + file = ../../secrets/gitlab/pw.age; owner = cfg.user; group = cfg.user; }; age.secrets.gitlab_secrets_db = { - file = ../secrets/gitlab/secrets_db.age; + file = ../../secrets/gitlab/secrets_db.age; owner = cfg.user; group = cfg.user; }; age.secrets.gitlab_secrets_secret = { - file = ../secrets/gitlab/secrets_secret.age; + file = ../../secrets/gitlab/secrets_secret.age; owner = cfg.user; group = cfg.user; }; age.secrets.gitlab_secrets_otp = { - file = ../secrets/gitlab/secrets_otp.age; + file = ../../secrets/gitlab/secrets_otp.age; owner = cfg.user; group = cfg.user; }; age.secrets.gitlab_secrets_jws = { - file = ../secrets/gitlab/secrets_jws.age; + file = ../../secrets/gitlab/secrets_jws.age; owner = cfg.user; group = cfg.user; }; age.secrets.gitlab_db_pw = { - file = ../secrets/gitlab/db_pw.age; + file = ../../secrets/gitlab/db_pw.age; owner = cfg.user; group = cfg.user; }; diff --git a/applications/gitlab_runner.nix b/applications/git/gitlab_runner.nix similarity index 96% rename from applications/gitlab_runner.nix rename to applications/git/gitlab_runner.nix index 13d296a..f5041bf 100644 --- a/applications/gitlab_runner.nix +++ b/applications/git/gitlab_runner.nix @@ -51,8 +51,8 @@ in { pkgs.gitlab-runner ]; - age.secrets.runner_01_nix.file = ../secrets/gitlab/runners/runner01.age; - age.secrets.runner_02_general.file = ../secrets/gitlab/runners/runner02.age; + age.secrets.runner_01_nix.file = ../../secrets/gitlab/runners/runner01.age; + age.secrets.runner_02_general.file = ../../secrets/gitlab/runners/runner02.age; boot.kernel.sysctl."net.ipv4.ip_forward" = true; # 1 virtualisation.docker.enable = true; diff --git a/machines/glados.nix b/machines/glados.nix index a745ee6..4a76b21 100644 --- a/machines/glados.nix +++ b/machines/glados.nix @@ -26,7 +26,7 @@ Notes: Each user has roughly 20gb os storage }; in { imports = [ - ../applications/gitlab.nix + ../applications/git/gitlab.nix ]; deployment = { diff --git a/machines/wheatly.nix b/machines/wheatly.nix index 308bef9..35f1f0f 100644 --- a/machines/wheatly.nix +++ b/machines/wheatly.nix @@ -25,7 +25,7 @@ Notes: }; in { imports = [ - ../applications/gitlab_runner.nix + ../applications/git/gitlab_runner.nix ]; deployment = { From 97d1783561ee9cf4fd5203e9f08be32084f00caa Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 6 Aug 2024 20:52:19 +0100 Subject: [PATCH 472/826] feat: basic config for ForgeJo --- applications/git/forgejo.nix | 116 +++++++++++++++++++++++++++++++++++ flake.lock | 6 +- machines/glados.nix | 2 + 3 files changed, 121 insertions(+), 3 deletions(-) create mode 100644 applications/git/forgejo.nix diff --git a/applications/git/forgejo.nix b/applications/git/forgejo.nix new file mode 100644 index 0000000..fc6e19a --- /dev/null +++ b/applications/git/forgejo.nix @@ -0,0 +1,116 @@ +{ + config, + pkgs, + lib, + ... +}: +with lib; let + name = "forgejo"; + cfg = config.services.skynet."${name}"; + + domain_base = "${cfg.domain.base}.${cfg.domain.tld}"; + domain_full = "${cfg.domain.sub}.${domain_base}"; +in { + imports = [ + ]; + + options.services.skynet."${name}" = { + enable = mkEnableOption "Skynet Forgejo"; + + domain = { + tld = mkOption { + type = types.str; + default = "ie"; + }; + + base = mkOption { + type = types.str; + default = "skynet"; + }; + + sub = mkOption { + type = types.str; + default = name; + }; + }; + + forgejo = { + port = mkOption { + type = types.port; + default = 3000; + }; + + + }; + }; + + config = mkIf cfg.enable { + +# age.secrets.forgejo-mailer-password = { +# file = ../../secrets/forgejo/mailer-password.age; +# mode = "400"; +# owner = "forgejo"; +# }; + + services.skynet.acme.domains = [ + "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" + ]; + + # using https://nixos.org/manual/nixos/stable/index.html#module-services-gitlab as a guide + services.skynet.dns.records = [ + { + record = cfg.domain.sub; + r_type = "CNAME"; + value = config.services.skynet.host.name; + } + ]; + + services.nginx.virtualHosts = { + # main site + "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/" = { + proxyPass = "http://localhost:${toString cfg.forgejo.port}"; + extraConfig = '' + client_max_body_size 1000M; + ''; + }; + }; + }; + + + services.forgejo = { + enable = true; + database.type = "sqlite3"; + # Enable support for Git Large File Storage + lfs.enable = true; + settings = { + server = { + DOMAIN = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; + # You need to specify this to remove the port from URLs in the web UI. + ROOT_URL = "https://${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}/"; + HTTP_PORT = cfg.forgejo.port; + }; + + # You can temporarily allow registration to create an admin user. + service.DISABLE_REGISTRATION = true; + # Add support for actions, based on act: https://github.com/nektos/act +# actions = { +# ENABLED = true; +# DEFAULT_ACTIONS_URL = "github"; +# }; + # Sending emails is completely optional + # You can send a test email from the web UI at: + # Profile Picture > Site Administration > Configuration > Mailer Configuration +# mailer = { +# ENABLED = true; +# SMTP_ADDR = "mail.${cfg.domain.base}.${cfg.domain.tld}"; +# FROM = "noreply@${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; +# USER = "noreply@${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; +# }; + }; +# mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path; + }; + }; +} diff --git a/flake.lock b/flake.lock index b2efc10..a5bfaad 100644 --- a/flake.lock +++ b/flake.lock @@ -779,11 +779,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1721379653, - "narHash": "sha256-8MUgifkJ7lkZs3u99UDZMB4kbOxvMEXQZ31FO3SopZ0=", + "lastModified": 1722813957, + "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1d9c2c9b3e71b9ee663d11c5d298727dace8d374", + "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa", "type": "github" }, "original": { diff --git a/machines/glados.nix b/machines/glados.nix index 4a76b21..cb2040e 100644 --- a/machines/glados.nix +++ b/machines/glados.nix @@ -27,6 +27,7 @@ Notes: Each user has roughly 20gb os storage in { imports = [ ../applications/git/gitlab.nix + ../applications/git/forgejo.nix ]; deployment = { @@ -41,5 +42,6 @@ in { host = host; backup.enable = true; gitlab.enable = true; + forgejo.enable = true; }; } From f00ae5bd2dcaf650daeb9180a471abd06b442fd1 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 7 Aug 2024 21:52:50 +0100 Subject: [PATCH 473/826] feat: basic forgejo setup --- applications/git/forgejo.nix | 81 ++++++++-------- applications/git/forgejo_runner.nix | 145 ++++++++++++++++++++++++++++ applications/git/ssh_config | 5 + machines/wheatly.nix | 3 + secrets/forgejo/runners/ssh.age | Bin 0 -> 1271 bytes secrets/forgejo/runners/token.age | 17 ++++ secrets/secrets.nix | 3 + 7 files changed, 212 insertions(+), 42 deletions(-) create mode 100644 applications/git/forgejo_runner.nix create mode 100644 applications/git/ssh_config create mode 100644 secrets/forgejo/runners/ssh.age create mode 100644 secrets/forgejo/runners/token.age diff --git a/applications/git/forgejo.nix b/applications/git/forgejo.nix index fc6e19a..fdf7b97 100644 --- a/applications/git/forgejo.nix +++ b/applications/git/forgejo.nix @@ -35,22 +35,19 @@ in { }; forgejo = { - port = mkOption { - type = types.port; - default = 3000; - }; - - + port = mkOption { + type = types.port; + default = 3000; + }; }; }; config = mkIf cfg.enable { - -# age.secrets.forgejo-mailer-password = { -# file = ../../secrets/forgejo/mailer-password.age; -# mode = "400"; -# owner = "forgejo"; -# }; + # age.secrets.forgejo-mailer-password = { + # file = ../../secrets/forgejo/mailer-password.age; + # mode = "400"; + # owner = "forgejo"; + # }; services.skynet.acme.domains = [ "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" @@ -79,38 +76,38 @@ in { }; }; - services.forgejo = { - enable = true; - database.type = "sqlite3"; - # Enable support for Git Large File Storage - lfs.enable = true; - settings = { - server = { - DOMAIN = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; - # You need to specify this to remove the port from URLs in the web UI. - ROOT_URL = "https://${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}/"; - HTTP_PORT = cfg.forgejo.port; - }; - - # You can temporarily allow registration to create an admin user. - service.DISABLE_REGISTRATION = true; - # Add support for actions, based on act: https://github.com/nektos/act -# actions = { -# ENABLED = true; -# DEFAULT_ACTIONS_URL = "github"; -# }; - # Sending emails is completely optional - # You can send a test email from the web UI at: - # Profile Picture > Site Administration > Configuration > Mailer Configuration -# mailer = { -# ENABLED = true; -# SMTP_ADDR = "mail.${cfg.domain.base}.${cfg.domain.tld}"; -# FROM = "noreply@${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; -# USER = "noreply@${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; -# }; + enable = true; + package = pkgs.forgejo; + database.type = "sqlite3"; + # Enable support for Git Large File Storage + lfs.enable = true; + settings = { + server = { + DOMAIN = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; + # You need to specify this to remove the port from URLs in the web UI. + ROOT_URL = "https://${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}/"; + HTTP_PORT = cfg.forgejo.port; }; -# mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path; + + # You can temporarily allow registration to create an admin user. + service.DISABLE_REGISTRATION = true; + # Add support for actions, based on act: https://github.com/nektos/act + # actions = { + # ENABLED = true; + # DEFAULT_ACTIONS_URL = "github"; + # }; + # Sending emails is completely optional + # You can send a test email from the web UI at: + # Profile Picture > Site Administration > Configuration > Mailer Configuration + # mailer = { + # ENABLED = true; + # SMTP_ADDR = "mail.${cfg.domain.base}.${cfg.domain.tld}"; + # FROM = "noreply@${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; + # USER = "noreply@${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; + # }; }; + # mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path; + }; }; } diff --git a/applications/git/forgejo_runner.nix b/applications/git/forgejo_runner.nix new file mode 100644 index 0000000..cb99dae --- /dev/null +++ b/applications/git/forgejo_runner.nix @@ -0,0 +1,145 @@ +{ + config, + pkgs, + lib, + inputs, + ... +}: +with lib; let + name = "forgejo_runner"; + cfg = config.services.skynet."${name}"; +in { + imports = [ + ]; + + options.services.skynet."${name}" = { + enable = mkEnableOption "Skynet ForgeJo Runner"; + + runner = { + name = mkOption { + type = types.str; + default = config.networking.hostName; + }; + + website = mkOption { + default = "https://forgejo.skynet.ie"; + type = types.str; + }; + + user = mkOption { + default = "gitea-runner"; + type = types.str; + }; + }; + }; + + config = mkIf cfg.enable { + # https://search.nixos.org/options?from=0&size=50&sort=alpha_desc&type=packages&query=services.gitlab-runner. + environment.systemPackages = with pkgs; [ + forgejo-actions-runner + ]; + + age.secrets.forgejo_runner_token = { + file = ../../secrets/forgejo/runners/token.age; + owner = cfg.runner.user; + group = cfg.runner.user; + }; + + # make sure the ssh config stuff is in teh right palce + systemd.tmpfiles.rules = [ + #"d /home/${cfg.runner.user} 0755 ${cfg.runner.user} ${cfg.runner.user}" + "L+ /home/${cfg.runner.user}/.ssh/config 0755 ${cfg.runner.user} ${cfg.runner.user} - ${./ssh_config}" + ]; + age.secrets.forgejo_runner_ssh = { + file = ../../secrets/forgejo/runners/ssh.age; + mode = "600"; + owner = "${cfg.runner.user}"; + group = "${cfg.runner.user}"; + symlink = false; + path = "/home/${cfg.runner.user}/.ssh/skynet/root"; + }; + + nix = { + settings = { + trusted-users = [ + # allow the runner to build nix stuff and to use the cache + "gitea-runner" + ]; + trusted-public-keys = [ + "skynet-cache:zMFLzcRZPhUpjXUy8SF8Cf7KGAZwo98SKrzeXvdWABo=" + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + ]; + substituters = [ + "https://nix-cache.skynet.ie/skynet-cache/" + "https://cache.nixos.org/" + ]; + trusted-substituters = [ + "https://nix-cache.skynet.ie/skynet-cache/" + "https://cache.nixos.org/" + ]; + }; + }; + + # very basic setup to always be watching for changes in teh cache + systemd.services.attic-uploader = { + enable = true; + serviceConfig = { + ExecStart = "${pkgs.attic-client}/bin/attic watch-store skynet-cache"; + User = "root"; + Restart = "always"; + RestartSec = 1; + }; + }; + + # give teh runner user a home to store teh ssh config stuff + systemd.services.gitea-runner-default.serviceConfig = { + DynamicUser = lib.mkForce false; + User = lib.mkForce cfg.runner.user; + }; + users = { + groups."${cfg.runner.user}" = {}; + users."${cfg.runner.user}" = { + #isSystemUser = true; + isNormalUser = true; + group = cfg.runner.user; + createHome = true; + shell = pkgs.bash; + }; + }; + + # the actual runner + services.gitea-actions-runner = { + package = pkgs.forgejo-actions-runner; + instances.default = { + enable = true; + name = cfg.runner.name; + url = cfg.runner.website; + tokenFile = config.age.secrets.forgejo_runner_token.path; + labels = [ + ## optionally provide native execution on the host: + "nix:host" + "docker:docker://node:16-bullseye" + "ubuntu-latest:docker://node:16-bullseye" + ]; + + hostPackages = with pkgs; [ + # default ones + bash + coreutils + curl + gawk + gitMinimal + gnused + nodejs + wget + + # used in deployments + inputs.colmena.defaultPackage."x86_64-linux" + attic-client + nix + openssh + ]; + }; + }; + }; +} diff --git a/applications/git/ssh_config b/applications/git/ssh_config new file mode 100644 index 0000000..70bbef0 --- /dev/null +++ b/applications/git/ssh_config @@ -0,0 +1,5 @@ +Host *.skynet.ie 193.1.99.* 193.1.96.165 + User root + IdentityFile ~/.ssh/skynet/root + IdentitiesOnly yes + diff --git a/machines/wheatly.nix b/machines/wheatly.nix index 35f1f0f..6d78395 100644 --- a/machines/wheatly.nix +++ b/machines/wheatly.nix @@ -26,6 +26,7 @@ Notes: in { imports = [ ../applications/git/gitlab_runner.nix + ../applications/git/forgejo_runner.nix ]; deployment = { @@ -44,5 +45,7 @@ in { enable = true; runner.name = "runner01"; }; + + forgejo_runner.enable = true; }; } diff --git a/secrets/forgejo/runners/ssh.age b/secrets/forgejo/runners/ssh.age new file mode 100644 index 0000000000000000000000000000000000000000..c30e3ba05a09a4c50671f911f4803f427ee79e67 GIT binary patch literal 1271 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5sa3bh5|} zOic7F&q}ID@wW(dDs}fy&UUhJNscrtuCg?D@%0SI3{7#%D(A|IGRyYz4)o3}FLv_G za7)&AbBf5eu&D6K^Rmnh(>KgcEO&N{jPi0Rk3_f4B%mrPKV8AZKwsN1+o+(_B`7=C zG}zBGurS%fJfy;+A~C?jG%wZDBPhq$JlQ2EH-Az9~s?@YNOFuiu z$=fWfG)cRvv@q19)Y32|&@9l&F(2JFQ@<2T<8p;?$0FmP(CN z!ptfviqfJ?DqR8%GCaA$Eb5$g{*PB+uAOzslLb)i^RM)1$;W%`eQN%sC}7!r3v= zOuyXK&4kM&%-g>rIZ?kd(lCBZ&fW<_B^2nvog4CN})uM9EEFw0Kz z$*}Zu($DrQbJosJi!!P(3`sI{&Tua?G57Zm*Z0lQ4&>6+)m89J&P-0vC~(Uw&2cJD zHqj2s3kxx-%(2MuN>4QQb;@?uFV8Co4KAp1%;wtkxM{-6ujyhI-Fo7QPkR@$Oz2~j zI`aGAubl1*mFH=!Qw&UB3V)hmrQPtd;%-Nfxvu96O{2%&)yItF~$|MlI6zh^l2OU`@unr+tVqepEQt`53qbal1aMi!pnI0eC;3nH8H zSbW_wKb!2RWGL?DRs6i{G9zEjTUPE5Uu}v$@4mvRazEl(o9F7CcKNCCzYcKZ=J-5k z3gD@HJ$t*l4$qBcHpiIEK5~o)e#=kf<``8PeZ7-yAC+yw%E2NA0B@bijf%hM;@QPnp X8RjojW9&a?_8pTqiXW$(5q}B*ffMYF literal 0 HcmV?d00001 diff --git a/secrets/forgejo/runners/token.age b/secrets/forgejo/runners/token.age new file mode 100644 index 0000000..03ac739 --- /dev/null +++ b/secrets/forgejo/runners/token.age @@ -0,0 +1,17 @@ +age-encryption.org/v1 +-> ssh-ed25519 V1pwNA bGirG6sUND19fSIwyvtjS3RDjyNUc+kXmzRoN4P1bC8 +kPJr2S9BlGWWnoggce6dx1OR0/r57AB5Rcgz+qY0qKE +-> ssh-ed25519 4PzZog iciiKCHhfK38SwvSPrdoMK7C250qTV5eBgv657iyKwU +dEiSS1FuxEpovNAl1HPZk+MRCcjLGiKgTfpi5Ssi38M +-> ssh-ed25519 5Nd93w FFgxLg0NNK6Op64FHu24sjaerv3jgDaPz6uKPi/A8AE +ZvHbJ2K3T7CUJSrrpF9fMmP6FWCQ3i6m/5Fi2UNtbew +-> ssh-ed25519 q8eJgg nVm1H/mbEsGt2O87i7VKUL5do6Rc7n5nvSilUtQ4cBU +WWtsNbIatU5ZostueLntGgKD/nxcavZPheU9afRvbH0 +-> ssh-ed25519 KVr8rw Nnroz2PgUoJsd/frf+N+b7xdJDAzj3NsmJaogsIkYGk +xX73tnCCYGBNA3BRjjPMn/IV+qwjIwEUk+IZbhCCfHY +-> ssh-ed25519 fia1eQ GLYqWGKYKwkBRwQ7SxSnErmz1MFw5gPCexfap8VM9Rk +Z+dIKhk+JH7W07diX1Abr/Deezkw8xGkzXQuYn1HfJI +-> ssh-ed25519 yvS9bw Lwo77pDciewUZemyFc1EUboIlXFCBx3CY6BGuizach4 +AkWzgV1zRJzLtfRxkfhmd80EU8fW1w+5sxMAfWgdEMI +--- ac6h3StxSHr+HFsyPIBPENQRcfKzXX8fzJlZ0MER/8c +zwyC>ָ\ku/{zծjD4{^mDs妞#kinxo \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index fa93261..b0f3be3 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -134,6 +134,9 @@ in { "gitlab/runners/runner01.age".publicKeys = users ++ gitlab_runners; "gitlab/runners/runner02.age".publicKeys = users ++ gitlab_runners; + "forgejo/runners/token.age".publicKeys = users ++ gitlab_runners; + "forgejo/runners/ssh.age".publicKeys = users ++ gitlab_runners; + # for ldap "ldap/pw.age".publicKeys = users ++ ldap ++ bitwarden; # for use connectring to teh ldap From 1fb4318310993ebf8dc7e7df0c28980817576799 Mon Sep 17 00:00:00 2001 From: silver Date: Wed, 7 Aug 2024 00:32:41 +0100 Subject: [PATCH 474/826] feat: got the pipelines configured now Update .mailmap See if making it .mailmap fixes it Signed-off-by: silver Add .forgejo/workflows/testing.yaml Update .forgejo/workflows/testing.yaml Update .forgejo/workflows/testing.yaml Update .forgejo/workflows/testing.yaml Update .forgejo/workflows/testing.yaml Update .forgejo/workflows/testing.yaml Update .forgejo/workflows/testing.yaml feat: initial test of flake update Signed-off-by: silver test: seeing if I can push changes testing fix: set the url of the external plugin correctly Signed-off-by: silver fix: go back to using nix fix: update command Signed-off-by: silver Apply automatic changes revert 26c7781fad350452c70f23e0d6c004b0fe00ad14 revert Apply automatic changes test: add teh cache and colmena build Signed-off-by: silver test: see if this helps Signed-off-by: silver test: see if using another plugin will work Signed-off-by: silver test: the cache key test: more testing Update .forgejo/workflows/update_input.yaml Update .forgejo/workflows/update_input.yaml test: s[pplit up teh build and cache propegation attic push --ignore-upstream-cache-filter mycache $(ls -d /nix/store/*/ | grep -v fake_nixpkgs) Signed-off-by: silver Update .forgejo/workflows/update_input.yaml Update .forgejo/workflows/update_input.yaml Update .forgejo/workflows/update_input.yaml Signed-off-by: silver Update .forgejo/workflows/update_input.yaml Signed-off-by: silver Update .forgejo/workflows/update_input.yaml Signed-off-by: silver Update .forgejo/workflows/update_input.yaml Update .forgejo/workflows/update_input.yaml Update .forgejo/workflows/update_input.yaml revert 35887a8fba8371f31503ede3793d6de5ca67bfe3 revert Update .forgejo/workflows/update_input.yaml Update .forgejo/workflows/update_input.yaml Signed-off-by: silver fix: no need to upload in pipeline now, Signed-off-by: silver ci: initial commit of the deploy pipeline Signed-off-by: silver Update .forgejo/workflows/deploy.yaml Signed-off-by: silver Update .forgejo/workflows/deploy.yaml Signed-off-by: silver Update .forgejo/workflows/update_input.yaml Signed-off-by: silver Updated flake for agenix test: force pipeline Signed-off-by: silver Update .forgejo/workflows/update_input.yaml ci: testing if I can get this working right Signed-off-by: silver Updated flake for arion revert b6cd168c384e7d1b0c8197414df89f672dded7e7 revert Updated flake for arion ci: more changes to see if this will help Signed-off-by: silver Updated flake for arion revert da380ed0f449bdebeb87f8b44f195ed6fa095234 revert Updated flake for arion Update .forgejo/workflows/deploy.yaml Signed-off-by: silver Updated flake for arion revert f0ee4a9e690021521ba1d83c20df39237ece7422 revert Updated flake for arion fix: reformatted flake ci: testing out deploy ci: testing out deploy, new ssh manager ci: more testing ci: see if going back to basics helps ci: test a few things ci: test a few things ci: for testing ci: more testing ci: some bastardisation for thbe ssh ci: more testing ci: check if setting root as teh user helps ci: check if setting root as teh user helps2 ci: check if setting root as teh user helps2 ci: check if setting root as teh user helps2 ci: more testing ci: more testing ci: more testing ci: more testing2 ci: more testing2 ci: more testing2 ci: more testing2 ci: more testing2 ci: more testing2 ci: clean up testing ci: final tests ci:: final, fixing ci: need logging ci: more testing ci: gahhhhhhhhhh ci: AAAAAAAAAAAAAAAAAA ci: lets go back ci: lets go backaaaaaaaa ci: lets go backaaaaaaaaqweadadsasdasdasdasd ci: lets go backaaaaaaaaqweadadsasdasdasdasd ci: add the final deploy config Add .forgejo/workflows/testing.yaml (cherry picked from commit f2cf71ef9836398fa2ad7ecc7c6c442edd6d70e5) Update .forgejo/workflows/testing.yaml (cherry picked from commit e156b61105689134d4ccf4b0df545e888977f515) Update .forgejo/workflows/testing.yaml (cherry picked from commit 80e1fcc545e1df4432c67790e66ec2a6a7f1aa37) Update .forgejo/workflows/testing.yaml (cherry picked from commit 423f2dd5b369c2ccd093b66637eb60c830357a56) Update .forgejo/workflows/testing.yaml (cherry picked from commit f446ba54433d894f82c05fae4a39350e223a6c6f) Update .forgejo/workflows/testing.yaml (cherry picked from commit 44a7186a4061aeff8182db97ae9e19e49501cea4) Update .forgejo/workflows/testing.yaml (cherry picked from commit ed0be4507a29b92ac62a255ec004c9594e4bb558) --- .forgejo/workflows/deploy.yaml | 53 ++++++++++++++++++++++++++++ .forgejo/workflows/update_input.yaml | 29 +++++++++++++++ mailmap => .mailmap | 0 3 files changed, 82 insertions(+) create mode 100644 .forgejo/workflows/deploy.yaml create mode 100644 .forgejo/workflows/update_input.yaml rename mailmap => .mailmap (100%) diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml new file mode 100644 index 0000000..2e9aa37 --- /dev/null +++ b/.forgejo/workflows/deploy.yaml @@ -0,0 +1,53 @@ +name: Build_Deploy + +on: + workflow_run: + workflows: [ "Update_Flake" ] + types: + - completed + push: + paths: + - applications/**/* + - machines/**/* + - secrets/**/* + - flake.* + - config/**/* + - .forgejo/**/* + +jobs: + linter: + runs-on: nix + steps: + - uses: actions/checkout@v4 + - run: nix fmt -- --check . + + #if: github.repository == 'Skynet/nixos' + build: + runs-on: nix + steps: + - uses: actions/checkout@v4 + - run: nix develop + - run: colmena build -v --on @active-dns + - run: colmena build -v --on @active-core + - run: colmena build -v --on @active + - run: colmena build -v --on @active-ext + - run: colmena build -v --on @active-gitlab + + deploy_dns: + runs-on: nix + needs: [ linter, build ] + steps: + - uses: actions/checkout@v4 + - run: colmena apply -v --on @active-dns --show-trace + shell: bash + + deploy_active: + strategy: + matrix: + batch: [ active-core, active, active-ext ] + runs-on: nix + needs: [ deploy_dns ] + steps: + - uses: actions/checkout@v4 + - run: colmena apply -v --on @${{ matrix.batch }} --show-trace + shell: bash \ No newline at end of file diff --git a/.forgejo/workflows/update_input.yaml b/.forgejo/workflows/update_input.yaml new file mode 100644 index 0000000..8a62c4f --- /dev/null +++ b/.forgejo/workflows/update_input.yaml @@ -0,0 +1,29 @@ +name: Update_Flake + +on: + workflow_dispatch: + inputs: + input_to_update: + description: 'Flake input to update' + required: true + type: string + +jobs: + update: + runs-on: nix + + permissions: + # Give the default GITHUB_TOKEN write permission to commit and push the + # added or changed files to the repository. + contents: write + + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.head_ref }} + token: ${{ secrets.PIPELINE_TOKEN }} + - run: nix flake lock --update-input "${{ inputs.input_to_update }}" + shell: bash + - uses: https://github.com/stefanzweifel/git-auto-commit-action@v5 + with: + commit_message: "Updated flake for ${{ inputs.input_to_update }}" \ No newline at end of file diff --git a/mailmap b/.mailmap similarity index 100% rename from mailmap rename to .mailmap From 529b0e13ecabfece5045aed038e0da6240707bd1 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 8 Aug 2024 14:53:13 +0100 Subject: [PATCH 475/826] ci: give teh flake update workflow a better name --- .forgejo/workflows/update_input.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.forgejo/workflows/update_input.yaml b/.forgejo/workflows/update_input.yaml index 8a62c4f..5004979 100644 --- a/.forgejo/workflows/update_input.yaml +++ b/.forgejo/workflows/update_input.yaml @@ -1,5 +1,7 @@ name: Update_Flake +run-name: "[Update Flake] ${{ inputs.input_to_update }}" + on: workflow_dispatch: inputs: From 5a21783b63c06903d4962b0862ca5562efe03f93 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Thu, 8 Aug 2024 14:55:29 +0100 Subject: [PATCH 476/826] ci: no need to run buiold and deploy on a workflow update --- .forgejo/workflows/deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml index 2e9aa37..ddde7a0 100644 --- a/.forgejo/workflows/deploy.yaml +++ b/.forgejo/workflows/deploy.yaml @@ -12,7 +12,7 @@ on: - secrets/**/* - flake.* - config/**/* - - .forgejo/**/* + #- .forgejo/**/* jobs: linter: From 31f54b1e921a39d54dd5734ea2b9af4ab374a636 Mon Sep 17 00:00:00 2001 From: sysadm Date: Fri, 9 Aug 2024 19:56:31 +0000 Subject: [PATCH 477/826] Updated flake for simple-nixos-mailserver --- flake.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.lock b/flake.lock index a5bfaad..ff6fe66 100644 --- a/flake.lock +++ b/flake.lock @@ -856,11 +856,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1721563560, + "lastModified": 1721563973, "narHash": "sha256-y+Rag94tKu8Z6ouJlfxFb8EK9fKs1TNZa4nX7MT2kZg=", "owner": "compsoc1%2Fskynet", "repo": "misc%2Fnixos-mailserver", - "rev": "903190561842dd9cc2e7c25dda10ea26fccfd7e9", + "rev": "806a4cfd2174b3941e9426d75ed09561c547e6fd", "type": "gitlab" }, "original": { From 186833f70c5829b1b6203095f5b644b79ea08bde Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 10 Aug 2024 19:51:35 +0100 Subject: [PATCH 478/826] fix: use github as the default url for actions, will still be recommending to use the fully qualified link for it though --- applications/git/forgejo.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/applications/git/forgejo.nix b/applications/git/forgejo.nix index fdf7b97..4f35e0b 100644 --- a/applications/git/forgejo.nix +++ b/applications/git/forgejo.nix @@ -93,10 +93,10 @@ in { # You can temporarily allow registration to create an admin user. service.DISABLE_REGISTRATION = true; # Add support for actions, based on act: https://github.com/nektos/act - # actions = { - # ENABLED = true; - # DEFAULT_ACTIONS_URL = "github"; - # }; + actions = { + ENABLED = true; + DEFAULT_ACTIONS_URL = "github"; + }; # Sending emails is completely optional # You can send a test email from the web UI at: # Profile Picture > Site Administration > Configuration > Mailer Configuration From 9120a81d6b7ec7307ad1b051858a91abedf62364 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 10 Aug 2024 21:32:51 +0100 Subject: [PATCH 479/826] feat: switch over to using forjo for inputs --- flake.lock | 241 ++++++++++++++++++++++++----------------------------- flake.nix | 98 +++++++--------------- 2 files changed, 138 insertions(+), 201 deletions(-) diff --git a/flake.lock b/flake.lock index ff6fe66..b963590 100644 --- a/flake.lock +++ b/flake.lock @@ -151,19 +151,17 @@ "utils": "utils_2" }, "locked": { - "host": "gitlab.skynet.ie", - "lastModified": 1715528953, - "narHash": "sha256-NWoCV1SauW8H/MibwAC+JWoomjpkIruGqfV/JTM1D4Q=", - "owner": "compsoc1%2Fcompsoc", - "repo": "presentations%2Fpresentations", - "rev": "4855b0468e1e5118d11130b164b1d57a42251add", - "type": "gitlab" + "lastModified": 1723315618, + "narHash": "sha256-03V1tJGmg+T5fvfAAwoHaDxDbrNwJHe7Y/AwNLDfqbw=", + "ref": "refs/heads/main", + "rev": "f62ddd8f0a3c59c85e62ee6e9c80e3d9e058e484", + "revCount": 70, + "type": "git", + "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, "original": { - "host": "gitlab.skynet.ie", - "owner": "compsoc1%2Fcompsoc", - "repo": "presentations%2Fpresentations", - "type": "gitlab" + "type": "git", + "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" } }, "crane": { @@ -467,11 +465,11 @@ "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1692351612, - "narHash": "sha256-KTGonidcdaLadRnv9KFgwSMh1ZbXoR/OBmPjeNMhFwU=", + "lastModified": 1721727458, + "narHash": "sha256-r/xppY958gmZ4oTfLiHN0ZGuQ+RSTijDblVgVLFi1mw=", "owner": "nix-community", "repo": "naersk", - "rev": "78789c30d64dea2396c9da516bbcc8db3a475207", + "rev": "3fb418eaf352498f6b6c30592e3beb63df42ef11", "type": "github" }, "original": { @@ -547,16 +545,16 @@ }, "nixpkgs_10": { "locked": { - "lastModified": 1693087214, - "narHash": "sha256-Kn1SSqRfPpqcI1MDy82JXrPT1WI8c03TA2F0xu6kS+4=", + "lastModified": 1722995383, + "narHash": "sha256-UzuXo7ZM8ZK0SkWFhHocKkLSGQPHS4JxaE1jvVR4fUo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f155f0cf4ea43c4e3c8918d2d327d44777b6cad4", + "rev": "957d95fc8b9bf1eb60d43f8d2eba352b71bbf2be", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-23.05", + "ref": "nixos-unstable", "type": "indirect" } }, @@ -794,11 +792,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1693060755, - "narHash": "sha256-KNsbfqewEziFJEpPR0qvVz4rx0x6QXxw1CcunRhlFdk=", + "lastModified": 1723151389, + "narHash": "sha256-9AVY0ReCmSGXHrlx78+1RrqcDgVSRhHUKDVV1LLBy28=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c66ccfa00c643751da2fd9290e096ceaa30493fc", + "rev": "13fe00cb6c75461901f072ae62b5805baef9f8b2", "type": "github" }, "original": { @@ -855,19 +853,17 @@ "nixpkgs-24_05": "nixpkgs-24_05" }, "locked": { - "host": "gitlab.skynet.ie", - "lastModified": 1721563973, - "narHash": "sha256-y+Rag94tKu8Z6ouJlfxFb8EK9fKs1TNZa4nX7MT2kZg=", - "owner": "compsoc1%2Fskynet", - "repo": "misc%2Fnixos-mailserver", - "rev": "806a4cfd2174b3941e9426d75ed09561c547e6fd", - "type": "gitlab" + "lastModified": 1723233349, + "narHash": "sha256-0NqGJ+wFxmK6DEEvlZ+jGMdDkIaQ+S54kBStwkGUaO8=", + "ref": "refs/heads/master", + "rev": "a98a93cf22cd53a92143703a0a5b6f76438a15ba", + "revCount": 594, + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/misc_nixos-mailserver" }, "original": { - "host": "gitlab.skynet.ie", - "owner": "compsoc1%2Fskynet", - "repo": "misc%2Fnixos-mailserver", - "type": "gitlab" + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/misc_nixos-mailserver" } }, "skynet_discord_bot": { @@ -877,19 +873,17 @@ "utils": "utils_3" }, "locked": { - "host": "gitlab.skynet.ie", - "lastModified": 1717453955, - "narHash": "sha256-axbeauP+9PP4qiwCiMvvGd6XTnjv12+QkZP3K2yFCeU=", - "owner": "compsoc1%2Fskynet", - "repo": "discord-bot", - "rev": "48b52f3c0905af7341e45e2b950aba43af68c80e", - "type": "gitlab" + "lastModified": 1723319789, + "narHash": "sha256-hrWDD9U0YSdvYayyDk1R6ZT7rmJp2jBx1/si3p/DuDY=", + "ref": "refs/heads/main", + "rev": "905aaa96206310a638498d91d04e16641b33d842", + "revCount": 105, + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, "original": { - "host": "gitlab.skynet.ie", - "owner": "compsoc1%2Fskynet", - "repo": "discord-bot", - "type": "gitlab" + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/discord-bot" } }, "skynet_ldap_backend": { @@ -899,19 +893,17 @@ "utils": "utils_4" }, "locked": { - "host": "gitlab.skynet.ie", - "lastModified": 1717782746, - "narHash": "sha256-LZovqXjhDIUe/T+bU5wtwN1RbcPjkZK6yQNhPa9Nrwc=", - "owner": "compsoc1%2Fskynet", - "repo": "ldap%2Fbackend", - "rev": "5b94811276d70b00cc292081f623b6f52a710b84", - "type": "gitlab" + "lastModified": 1723234129, + "narHash": "sha256-tfsT9VYV3YgFRUKbjFyV4o1kVJHcUY87kh2vcu6jAkU=", + "ref": "refs/heads/main", + "rev": "5f6a086e808b811095e36875fb656864cf11c5f5", + "revCount": 232, + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/ldap_backend" }, "original": { - "host": "gitlab.skynet.ie", - "owner": "compsoc1%2Fskynet", - "repo": "ldap%2Fbackend", - "type": "gitlab" + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/ldap_backend" } }, "skynet_ldap_frontend": { @@ -920,19 +912,17 @@ "utils": "utils_5" }, "locked": { - "host": "gitlab.skynet.ie", - "lastModified": 1708277300, - "narHash": "sha256-Y8wKzGJQ69w375faAYGukvuTFez6YGeV+w4TOD4XosA=", - "owner": "compsoc1%2Fskynet", - "repo": "ldap%2Ffrontend", - "rev": "36c5e5bbae7adcc404bec6d643cae5fd8a6c87bb", - "type": "gitlab" + "lastModified": 1723234619, + "narHash": "sha256-jHqIg3ltestGKaR4vHr44nnq3Pv7yr9gGwkvONEJxoA=", + "ref": "refs/heads/main", + "rev": "71f5928c66a43e788a9a00b90a1326c1bb82ffd2", + "revCount": 228, + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/ldap_frontend" }, "original": { - "host": "gitlab.skynet.ie", - "owner": "compsoc1%2Fskynet", - "repo": "ldap%2Ffrontend", - "type": "gitlab" + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/ldap_frontend" } }, "skynet_website": { @@ -941,19 +931,17 @@ "utils": "utils_6" }, "locked": { - "host": "gitlab.skynet.ie", - "lastModified": 1707154174, - "narHash": "sha256-oUOD6aIy8KvIsiAWxLApPgAkigDZwp3xZ8bmhKoWszY=", - "owner": "compsoc1%2Fskynet", - "repo": "website%2F2017", - "rev": "c81db388fac570a8cb646391ea461b9e60282043", - "type": "gitlab" + "lastModified": 1723316173, + "narHash": "sha256-sluWHNA4pvhlVkJHZ8PGOxz7qqHm5uTAUWd94Dhq4ys=", + "ref": "refs/heads/main", + "rev": "871ecc6c232b82f0e67e30cf1485250ec603108e", + "revCount": 14, + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/website_2017" }, "original": { - "host": "gitlab.skynet.ie", - "owner": "compsoc1%2Fskynet", - "repo": "website%2F2017", - "type": "gitlab" + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/website_2017" } }, "skynet_website_2009": { @@ -962,19 +950,17 @@ "utils": "utils_7" }, "locked": { - "host": "gitlab.skynet.ie", - "lastModified": 1718585207, - "narHash": "sha256-jlCZv+KCCiI0Cx0nnMFPalBdx/fN2JgLNXvc4OAwNvE=", - "owner": "compsoc1%2Fskynet", - "repo": "website%2F2009", - "rev": "12712f3b3ffc80782cc520d46f91b9f5df1fab69", - "type": "gitlab" + "lastModified": 1723317982, + "narHash": "sha256-qkTYtwcPAKmdN2cJidhBbGcm6yY1M76zw9NFyqjJnn4=", + "ref": "refs/heads/main", + "rev": "2d0e20c683068b692bf8765273b3531d77005d09", + "revCount": 12, + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/website_2009" }, "original": { - "host": "gitlab.skynet.ie", - "owner": "compsoc1%2Fskynet", - "repo": "website%2F2009", - "type": "gitlab" + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/website_2009" } }, "skynet_website_2017": { @@ -983,19 +969,17 @@ "utils": "utils_8" }, "locked": { - "host": "gitlab.skynet.ie", - "lastModified": 1707154174, - "narHash": "sha256-oUOD6aIy8KvIsiAWxLApPgAkigDZwp3xZ8bmhKoWszY=", - "owner": "compsoc1%2Fskynet", - "repo": "website%2F2017", - "rev": "c81db388fac570a8cb646391ea461b9e60282043", - "type": "gitlab" + "lastModified": 1723316173, + "narHash": "sha256-sluWHNA4pvhlVkJHZ8PGOxz7qqHm5uTAUWd94Dhq4ys=", + "ref": "refs/heads/main", + "rev": "871ecc6c232b82f0e67e30cf1485250ec603108e", + "revCount": 14, + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/website_2017" }, "original": { - "host": "gitlab.skynet.ie", - "owner": "compsoc1%2Fskynet", - "repo": "website%2F2017", - "type": "gitlab" + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/website_2017" } }, "skynet_website_2023": { @@ -1004,20 +988,17 @@ "utils": "utils_9" }, "locked": { - "host": "gitlab.skynet.ie", "lastModified": 1696876711, - "narHash": "sha256-WdZQBLTX6WK8iT7FwvD6sNEefGwtAWmzxZzCvvmDxGo=", - "owner": "compsoc1%2Fskynet", - "repo": "website%2F2017", + "narHash": "sha256-gfQFYN5/qK5aqN+nGSfyQFOjOQzahbqTKadra5zSIL0=", "rev": "c4d61c753292bf73ed41b47b1607cfc92a82a191", - "type": "gitlab" + "revCount": 12, + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/website_2017" }, "original": { - "host": "gitlab.skynet.ie", - "owner": "compsoc1%2Fskynet", - "repo": "website%2F2017", "rev": "c4d61c753292bf73ed41b47b1607cfc92a82a191", - "type": "gitlab" + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/website_2017" } }, "skynet_website_games": { @@ -1026,19 +1007,17 @@ "utils": "utils_10" }, "locked": { - "host": "gitlab.skynet.ie", - "lastModified": 1708103254, - "narHash": "sha256-/1ElBw+oc1dzwgr7VVLkQFRITteckH1IwbZpgpz8Qvg=", - "owner": "compsoc1%2Fskynet", - "repo": "website%2Fgames.skynet.ie", - "rev": "f43a01ef62494cef3e7f1e86d8169867e2df136b", - "type": "gitlab" + "lastModified": 1723240375, + "narHash": "sha256-kFQ3Eu2A3M8L5nyEnUj0cRjvliIYElLXVsHjQygLRaQ=", + "ref": "refs/heads/main", + "rev": "cf37628959054ad24dbc988d28ea1183aa94a14e", + "revCount": 10, + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/website_games" }, "original": { - "host": "gitlab.skynet.ie", - "owner": "compsoc1%2Fskynet", - "repo": "website%2Fgames.skynet.ie", - "type": "gitlab" + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/website_games" } }, "skynet_website_renew": { @@ -1047,19 +1026,17 @@ "utils": "utils_11" }, "locked": { - "host": "gitlab.skynet.ie", - "lastModified": 1720558362, - "narHash": "sha256-fNKFqkP35tzBhBy0L8xGOJ7B3EXh+khu3bOBlGqlPks=", - "owner": "compsoc1%2Fskynet", - "repo": "website%2Falumni-renew", - "rev": "44ab695bab61d20d6d873f1c3a702b5a8874dd5e", - "type": "gitlab" + "lastModified": 1723232841, + "narHash": "sha256-uWMUKTp7rIrwYr4CWRmlPmFJo97ezBUQL7VLnAJBXac=", + "ref": "refs/heads/main", + "rev": "baa8b6d8a59fc4fd7c6abcbb7b0dda4b8482df49", + "revCount": 44, + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/wiki" }, "original": { - "host": "gitlab.skynet.ie", - "owner": "compsoc1%2Fskynet", - "repo": "website%2Falumni-renew", - "type": "gitlab" + "type": "git", + "url": "https://forgejo.skynet.ie/Skynet/wiki" } }, "stable": { @@ -1350,11 +1327,11 @@ "systems": "systems_5" }, "locked": { - "lastModified": 1692799911, - "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 91e8f7b..f157a25 100644 --- a/flake.nix +++ b/flake.nix @@ -18,80 +18,40 @@ colmena.url = "github:zhaofengli/colmena"; attic.url = github:zhaofengli/attic; - # email - # simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; + # we host our own simple-nixos-mailserver = { inputs.nixpkgs.follows = "nixpkgs"; - type = "gitlab"; - host = "gitlab.skynet.ie"; - owner = "compsoc1%2Fskynet"; - repo = "misc%2Fnixos-mailserver"; + url = "git+https://forgejo.skynet.ie/Skynet/misc_nixos-mailserver"; }; - # account.skynet.ie - skynet_ldap_backend = { - type = "gitlab"; - host = "gitlab.skynet.ie"; - owner = "compsoc1%2Fskynet"; - repo = "ldap%2Fbackend"; - }; - skynet_ldap_frontend = { - type = "gitlab"; - host = "gitlab.skynet.ie"; - owner = "compsoc1%2Fskynet"; - repo = "ldap%2Ffrontend"; - }; - skynet_website_renew = { - type = "gitlab"; - host = "gitlab.skynet.ie"; - owner = "compsoc1%2Fskynet"; - repo = "website%2Falumni-renew"; - }; - skynet_website_games = { - type = "gitlab"; - host = "gitlab.skynet.ie"; - owner = "compsoc1%2Fskynet"; - repo = "website%2Fgames.skynet.ie"; - }; - skynet_discord_bot = { - type = "gitlab"; - host = "gitlab.skynet.ie"; - owner = "compsoc1%2Fskynet"; - repo = "discord-bot"; - }; - compsoc_public = { - type = "gitlab"; - host = "gitlab.skynet.ie"; - owner = "compsoc1%2Fcompsoc"; - repo = "presentations%2Fpresentations"; - }; + ###################### + ### skynet backend ### + ###################### + skynet_ldap_backend.url = "git+https://forgejo.skynet.ie/Skynet/ldap_backend"; + skynet_ldap_frontend.url = "git+https://forgejo.skynet.ie/Skynet/ldap_frontend"; + skynet_website_renew.url = "git+https://forgejo.skynet.ie/Skynet/wiki"; + skynet_website_games.url = "git+https://forgejo.skynet.ie/Skynet/website_games"; + skynet_discord_bot.url = "git+https://forgejo.skynet.ie/Skynet/discord-bot"; - # skynet.ie - skynet_website = { - type = "gitlab"; - host = "gitlab.skynet.ie"; - owner = "compsoc1%2Fskynet"; - repo = "website%2F2017"; - }; - skynet_website_2023 = { - type = "gitlab"; - host = "gitlab.skynet.ie"; - owner = "compsoc1%2Fskynet"; - repo = "website%2F2017"; - rev = "c4d61c753292bf73ed41b47b1607cfc92a82a191"; - }; - skynet_website_2017 = { - type = "gitlab"; - host = "gitlab.skynet.ie"; - owner = "compsoc1%2Fskynet"; - repo = "website%2F2017"; - }; - skynet_website_2009 = { - type = "gitlab"; - host = "gitlab.skynet.ie"; - owner = "compsoc1%2Fskynet"; - repo = "website%2F2009"; - }; + ##################### + ### compsoc stuff ### + ##################### + compsoc_public.url = "git+https://forgejo.skynet.ie/Computer_Society/presentations_compsoc"; + + ################# + ### skynet.ie ### + ################# + + # this should always point to teh current website + skynet_website.url = "git+https://forgejo.skynet.ie/Skynet/website_2017"; + + # these are past versions of teh website + skynet_website_2023.url = "git+https://forgejo.skynet.ie/Skynet/website_2017?rev=c4d61c753292bf73ed41b47b1607cfc92a82a191"; + # this is not 100% right since this is from teh archive from 2022 or so + skynet_website_2017.url = "git+https://forgejo.skynet.ie/Skynet/website_2017"; + + # this is more of 2012 than 2009 but started in 2009 + skynet_website_2009.url = "git+https://forgejo.skynet.ie/Skynet/website_2009"; }; nixConfig = { From c2ace73a9b4a92af9278dccc4cf7c3411fd80450 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 10 Aug 2024 23:08:35 +0100 Subject: [PATCH 480/826] ci: add workflow for updating forgejo --- .forgejo/workflows/deploy_forgejo.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .forgejo/workflows/deploy_forgejo.yaml diff --git a/.forgejo/workflows/deploy_forgejo.yaml b/.forgejo/workflows/deploy_forgejo.yaml new file mode 100644 index 0000000..8a07870 --- /dev/null +++ b/.forgejo/workflows/deploy_forgejo.yaml @@ -0,0 +1,12 @@ +name: Update_Forgejo + +on: + workflow_dispatch: + +jobs: + deploy: + runs-on: nix + steps: + - uses: actions/checkout@v4 + - run: colmena apply -v --on @active-gitlab --show-trace + shell: bash \ No newline at end of file From 0e7048be31a03b4c0303ad0b9f0c6776e3416d4d Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 11 Aug 2024 04:13:25 +0100 Subject: [PATCH 481/826] feat: add a few extra useful tools to teh runner --- applications/git/forgejo_runner.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/applications/git/forgejo_runner.nix b/applications/git/forgejo_runner.nix index cb99dae..1d5f37b 100644 --- a/applications/git/forgejo_runner.nix +++ b/applications/git/forgejo_runner.nix @@ -133,6 +133,12 @@ in { nodejs wget + # useful to have in path + jq + which + dpkg + zip + # used in deployments inputs.colmena.defaultPackage."x86_64-linux" attic-client From 62115a3d93a5c8d29689af9d0c0f0697ade6f449 Mon Sep 17 00:00:00 2001 From: sysadm Date: Sun, 11 Aug 2024 16:50:00 +0000 Subject: [PATCH 482/826] Updated flake for compsoc_public --- flake.lock | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index b963590..f3a02d0 100644 --- a/flake.lock +++ b/flake.lock @@ -94,11 +94,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1714337293, - "narHash": "sha256-QjAnpRT/LqcjNo/ofoAjylG4VyfWMIIMVc+KuQaJOZQ=", + "lastModified": 1723391194, + "narHash": "sha256-04UThV4LZNRHg/+GbEl7M2ginWbm8FrQ5jBVmYcroNg=", "owner": "silver_rust", "repo": "bfom", - "rev": "664e5377329f8052fa7446c312ba29ca1025de4e", + "rev": "fffd69b6433a2d2fd359b92e3816ae9938b3e99c", "type": "gitlab" }, "original": { @@ -151,11 +151,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1723315618, - "narHash": "sha256-03V1tJGmg+T5fvfAAwoHaDxDbrNwJHe7Y/AwNLDfqbw=", + "lastModified": 1723394877, + "narHash": "sha256-26Y1d0FvgN2BFt1EvXSgU/tBpAQoM/fobrpEsSnfqu8=", "ref": "refs/heads/main", - "rev": "f62ddd8f0a3c59c85e62ee6e9c80e3d9e058e484", - "revCount": 70, + "rev": "2e1733761b3383d75f57fedfe55f2e8943a18595", + "revCount": 71, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From f61b9c8d6d7258d1e4be05b66464342118edfda1 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 11 Aug 2024 18:47:18 +0100 Subject: [PATCH 483/826] fix: should only deploy from main --- .forgejo/workflows/deploy.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml index ddde7a0..cc1e25d 100644 --- a/.forgejo/workflows/deploy.yaml +++ b/.forgejo/workflows/deploy.yaml @@ -6,6 +6,8 @@ on: types: - completed push: + branches: + - 'main' paths: - applications/**/* - machines/**/* From 9c6844fed2b4c07c44ec80cac4c34dbc773b2333 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 11 Aug 2024 20:38:20 +0100 Subject: [PATCH 484/826] fix: should only deploy from main --- applications/git/forgejo_runner.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/applications/git/forgejo_runner.nix b/applications/git/forgejo_runner.nix index 1d5f37b..1cf9776 100644 --- a/applications/git/forgejo_runner.nix +++ b/applications/git/forgejo_runner.nix @@ -138,6 +138,7 @@ in { which dpkg zip + git-lfs # used in deployments inputs.colmena.defaultPackage."x86_64-linux" From 20f0c16e2f9bf5d289fea0930e03fc618991db16 Mon Sep 17 00:00:00 2001 From: sysadm Date: Sun, 11 Aug 2024 20:14:50 +0000 Subject: [PATCH 485/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index f3a02d0..230c7fc 100644 --- a/flake.lock +++ b/flake.lock @@ -151,11 +151,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1723394877, - "narHash": "sha256-26Y1d0FvgN2BFt1EvXSgU/tBpAQoM/fobrpEsSnfqu8=", + "lastModified": 1723407254, + "narHash": "sha256-FSqTMznlBD9lIlC9LyXjPbajZtOvBhD4bWwV9/3zNiM=", "ref": "refs/heads/main", - "rev": "2e1733761b3383d75f57fedfe55f2e8943a18595", - "revCount": 71, + "rev": "a8460a130e7c831ea59f93c8703370a3b1776bef", + "revCount": 73, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From e76262aa435143d13dbd5c489df5a7e86889b872 Mon Sep 17 00:00:00 2001 From: sysadm Date: Sun, 11 Aug 2024 20:23:18 +0000 Subject: [PATCH 486/826] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 230c7fc..ebf9023 100644 --- a/flake.lock +++ b/flake.lock @@ -151,10 +151,10 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1723407254, - "narHash": "sha256-FSqTMznlBD9lIlC9LyXjPbajZtOvBhD4bWwV9/3zNiM=", + "lastModified": 1723407748, + "narHash": "sha256-jaoGuURV/rFccHmXN21xxIaxvV7Vl7HB29Ny/g7wPu8=", "ref": "refs/heads/main", - "rev": "a8460a130e7c831ea59f93c8703370a3b1776bef", + "rev": "e26b812749d0b0e6c03b94f479b4072b89ef80a3", "revCount": 73, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" From f49bf144aef17e59446c31977f9a47c6b1e4593b Mon Sep 17 00:00:00 2001 From: sysadm Date: Sun, 11 Aug 2024 20:24:02 +0000 Subject: [PATCH 487/826] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index ebf9023..d062990 100644 --- a/flake.lock +++ b/flake.lock @@ -151,10 +151,10 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1723407748, - "narHash": "sha256-jaoGuURV/rFccHmXN21xxIaxvV7Vl7HB29Ny/g7wPu8=", + "lastModified": 1723407798, + "narHash": "sha256-GYDlfG0X/4RN3q0EcNvOwQMikT4bWSH5jacRcHfL/KE=", "ref": "refs/heads/main", - "rev": "e26b812749d0b0e6c03b94f479b4072b89ef80a3", + "rev": "091e5409f3962e76dd14fee12786ffebd6a6c610", "revCount": 73, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" From fea5ec177e5baa74cf90614baf276b38e5b710fc Mon Sep 17 00:00:00 2001 From: sysadm Date: Sun, 11 Aug 2024 20:47:47 +0000 Subject: [PATCH 488/826] Updated flake for compsoc_public --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index d062990..3b81a26 100644 --- a/flake.lock +++ b/flake.lock @@ -151,10 +151,10 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1723407798, - "narHash": "sha256-GYDlfG0X/4RN3q0EcNvOwQMikT4bWSH5jacRcHfL/KE=", + "lastModified": 1723409220, + "narHash": "sha256-Qwwsb/D+waAhL5/qFkn8h7mJDcRfbrZNNpRlRpPU4k8=", "ref": "refs/heads/main", - "rev": "091e5409f3962e76dd14fee12786ffebd6a6c610", + "rev": "de685b6d6f2bb5ff3048f20333cccba0f9fe4ae8", "revCount": 73, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" From 25c4007e3e52c3d70827bb5cf77e8b78b3cc6e56 Mon Sep 17 00:00:00 2001 From: sysadm Date: Sun, 11 Aug 2024 20:55:34 +0000 Subject: [PATCH 489/826] Updated flake for skynet_website --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 3b81a26..e6b88e5 100644 --- a/flake.lock +++ b/flake.lock @@ -931,11 +931,11 @@ "utils": "utils_6" }, "locked": { - "lastModified": 1723316173, - "narHash": "sha256-sluWHNA4pvhlVkJHZ8PGOxz7qqHm5uTAUWd94Dhq4ys=", + "lastModified": 1723409425, + "narHash": "sha256-/ER7jLbpECx4Q5hry3Fng672KknG0g9RIb+xWpCkm/M=", "ref": "refs/heads/main", - "rev": "871ecc6c232b82f0e67e30cf1485250ec603108e", - "revCount": 14, + "rev": "a9fba1bb9c28a2eb7508089413a829b591084c45", + "revCount": 15, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2017" }, From 5cdcd97f6b88c6e5cc08225d5e2e140d94fc4347 Mon Sep 17 00:00:00 2001 From: sysadm Date: Sun, 11 Aug 2024 20:57:59 +0000 Subject: [PATCH 490/826] Updated flake for skynet_website_games --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index e6b88e5..e848774 100644 --- a/flake.lock +++ b/flake.lock @@ -1007,11 +1007,11 @@ "utils": "utils_10" }, "locked": { - "lastModified": 1723240375, - "narHash": "sha256-kFQ3Eu2A3M8L5nyEnUj0cRjvliIYElLXVsHjQygLRaQ=", + "lastModified": 1723409493, + "narHash": "sha256-nZwNkGHL8aRlYroTfCSXYlI9Q7qzYXcnd6RlH50W9W8=", "ref": "refs/heads/main", - "rev": "cf37628959054ad24dbc988d28ea1183aa94a14e", - "revCount": 10, + "rev": "5884131ff5e2d631695b91fb4efc3253e302e7d5", + "revCount": 11, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_games" }, From de72894701732ca60d189c8df36d1623f818b8af Mon Sep 17 00:00:00 2001 From: sysadm Date: Mon, 12 Aug 2024 18:25:36 +0000 Subject: [PATCH 491/826] Updated flake for skynet_website_renew --- flake.lock | 118 +++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 109 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index e848774..17336ed 100644 --- a/flake.lock +++ b/flake.lock @@ -107,6 +107,26 @@ "type": "gitlab" } }, + "bfom_2": { + "inputs": { + "naersk": "naersk_4", + "nixpkgs": "nixpkgs_20", + "utils": "utils_11" + }, + "locked": { + "lastModified": 1723427350, + "narHash": "sha256-iSwiK87kEBOIN2Sh7WnbYMCLaLXmrgLrhrz8sSwIoMg=", + "owner": "silver_rust", + "repo": "bfom", + "rev": "3b7547144dced3a42a65d589158fca5b89938fcc", + "type": "gitlab" + }, + "original": { + "owner": "silver_rust", + "repo": "bfom", + "type": "gitlab" + } + }, "blobs": { "flake": false, "locked": { @@ -496,6 +516,24 @@ "type": "github" } }, + "naersk_4": { + "inputs": { + "nixpkgs": "nixpkgs_19" + }, + "locked": { + "lastModified": 1713520724, + "narHash": "sha256-CO8MmVDmqZX2FovL75pu5BvwhW+Vugc7Q6ze7Hj8heI=", + "owner": "nix-community", + "repo": "naersk", + "rev": "c5037590290c6c7dae2e42e7da1e247e54ed2d49", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "naersk", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1703013332, @@ -673,11 +711,11 @@ }, "nixpkgs_19": { "locked": { - "lastModified": 1695837737, - "narHash": "sha256-KcqmJ5hNacLuE7fkz5586kp/vt4NLo6+Prq3DMgrxpQ=", + "lastModified": 1714091391, + "narHash": "sha256-68n3GBvlm1MIeJXadPzQ3v8Y9sIW3zmv8gI5w5sliC8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "517501bcf14ae6ec47efd6a17dda0ca8e6d866f9", + "rev": "4c86138ce486d601d956a165e2f7a0fc029a03c1", "type": "github" }, "original": { @@ -701,6 +739,34 @@ "type": "github" } }, + "nixpkgs_20": { + "locked": { + "lastModified": 1714091391, + "narHash": "sha256-68n3GBvlm1MIeJXadPzQ3v8Y9sIW3zmv8gI5w5sliC8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4c86138ce486d601d956a165e2f7a0fc029a03c1", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_21": { + "locked": { + "lastModified": 1695837737, + "narHash": "sha256-KcqmJ5hNacLuE7fkz5586kp/vt4NLo6+Prq3DMgrxpQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "517501bcf14ae6ec47efd6a17dda0ca8e6d866f9", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, "nixpkgs_3": { "locked": { "lastModified": 1711401922, @@ -1022,15 +1088,16 @@ }, "skynet_website_renew": { "inputs": { - "nixpkgs": "nixpkgs_19", - "utils": "utils_11" + "bfom": "bfom_2", + "nixpkgs": "nixpkgs_21", + "utils": "utils_12" }, "locked": { - "lastModified": 1723232841, - "narHash": "sha256-uWMUKTp7rIrwYr4CWRmlPmFJo97ezBUQL7VLnAJBXac=", + "lastModified": 1723487002, + "narHash": "sha256-lujLqN9WsskbWLYTHzGUZF0/n6icNuLtL3+kdTcCFbQ=", "ref": "refs/heads/main", - "rev": "baa8b6d8a59fc4fd7c6abcbb7b0dda4b8482df49", - "revCount": 44, + "rev": "d294ae428b6b78d9047c7d66168d5b4187393001", + "revCount": 47, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, @@ -1130,6 +1197,21 @@ "type": "github" } }, + "systems_14": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -1290,6 +1372,24 @@ "inputs": { "systems": "systems_13" }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_12": { + "inputs": { + "systems": "systems_14" + }, "locked": { "lastModified": 1694529238, "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", From fbff2a4ab2211c93925fd89fea8f373a3ae36936 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 12 Aug 2024 19:32:59 +0100 Subject: [PATCH 492/826] fix: point teh wiki to teh right subfolder --- applications/skynet.ie/wiki.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/skynet.ie/wiki.nix b/applications/skynet.ie/wiki.nix index a447a1f..c5f106e 100644 --- a/applications/skynet.ie/wiki.nix +++ b/applications/skynet.ie/wiki.nix @@ -40,7 +40,7 @@ in { "wiki.skynet.ie" = { forceSSL = true; useACMEHost = "skynet"; - root = "${inputs.skynet_website_renew.defaultPackage."x86_64-linux"}"; + root = "${inputs.skynet_website_renew.defaultPackage."x86_64-linux"}/wiki"; }; # redirect old links to the new wiki From 04944584c6ccf952a5a30cb5aac0da3b0d0093e2 Mon Sep 17 00:00:00 2001 From: sysadm Date: Mon, 12 Aug 2024 21:00:14 +0000 Subject: [PATCH 493/826] Updated flake for skynet_website_renew --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 17336ed..6367b4c 100644 --- a/flake.lock +++ b/flake.lock @@ -1093,11 +1093,11 @@ "utils": "utils_12" }, "locked": { - "lastModified": 1723487002, - "narHash": "sha256-lujLqN9WsskbWLYTHzGUZF0/n6icNuLtL3+kdTcCFbQ=", + "lastModified": 1723496374, + "narHash": "sha256-oRM9L/vuyz3k9lj6vFK5Ay1dcJLXN8stB7BdfyGp0qs=", "ref": "refs/heads/main", - "rev": "d294ae428b6b78d9047c7d66168d5b4187393001", - "revCount": 47, + "rev": "5441eba5bcf0b9ba9c76109b7307a47d40d990fe", + "revCount": 48, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 692ed8e3f020611d71cfb1ab83d627dd275fe5bc Mon Sep 17 00:00:00 2001 From: sysadm Date: Mon, 12 Aug 2024 22:38:47 +0000 Subject: [PATCH 494/826] Updated flake for skynet_website_renew --- flake.lock | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index 6367b4c..8b3e4af 100644 --- a/flake.lock +++ b/flake.lock @@ -114,11 +114,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1723427350, - "narHash": "sha256-iSwiK87kEBOIN2Sh7WnbYMCLaLXmrgLrhrz8sSwIoMg=", + "lastModified": 1723500950, + "narHash": "sha256-t1eApFGI+JzLIW2YToLlDV20n+Nevk1q4fZBYU1m93I=", "owner": "silver_rust", "repo": "bfom", - "rev": "3b7547144dced3a42a65d589158fca5b89938fcc", + "rev": "7f339f28442758ecc3f1697e3f70d441973664b9", "type": "gitlab" }, "original": { @@ -1093,11 +1093,11 @@ "utils": "utils_12" }, "locked": { - "lastModified": 1723496374, - "narHash": "sha256-oRM9L/vuyz3k9lj6vFK5Ay1dcJLXN8stB7BdfyGp0qs=", + "lastModified": 1723502220, + "narHash": "sha256-MT0cFuTtOsoAjSEWPcf7veoD8I5g3ce/oqfLwY9OZvQ=", "ref": "refs/heads/main", - "rev": "5441eba5bcf0b9ba9c76109b7307a47d40d990fe", - "revCount": 48, + "rev": "4b8ef5127d99528982171298d84ba92079e6afa3", + "revCount": 49, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 2d95094fbd3223616b5e69a218f0af84cf9164da Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 13 Aug 2024 00:09:32 +0100 Subject: [PATCH 495/826] feat: allow having nice links without .html --- applications/skynet.ie/wiki.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/applications/skynet.ie/wiki.nix b/applications/skynet.ie/wiki.nix index c5f106e..5e9530b 100644 --- a/applications/skynet.ie/wiki.nix +++ b/applications/skynet.ie/wiki.nix @@ -41,6 +41,15 @@ in { forceSSL = true; useACMEHost = "skynet"; root = "${inputs.skynet_website_renew.defaultPackage."x86_64-linux"}/wiki"; + # https://stackoverflow.com/a/38238001/11964934 + extraConfig = '' + location / { + if ($request_uri ~ ^/(.*)\.html) { + return 302 /$1; + } + try_files $uri $uri.html $uri/ =404; + } + ''; }; # redirect old links to the new wiki From 39978054063c07bd3c18328789627e144579c539 Mon Sep 17 00:00:00 2001 From: sysadm Date: Mon, 12 Aug 2024 23:49:28 +0000 Subject: [PATCH 496/826] Updated flake for skynet_website_renew --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 8b3e4af..3c6471a 100644 --- a/flake.lock +++ b/flake.lock @@ -1093,11 +1093,11 @@ "utils": "utils_12" }, "locked": { - "lastModified": 1723502220, - "narHash": "sha256-MT0cFuTtOsoAjSEWPcf7veoD8I5g3ce/oqfLwY9OZvQ=", + "lastModified": 1723506523, + "narHash": "sha256-w2VjAs/lxV7xa33523oag96+ou0Eo2loV9gsOED75ps=", "ref": "refs/heads/main", - "rev": "4b8ef5127d99528982171298d84ba92079e6afa3", - "revCount": 49, + "rev": "aeeda00a755e2adb3b636896cd701b06f1a3f20d", + "revCount": 50, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 9a67dfee373eb7b8817dffe4c3e2dd38c101f503 Mon Sep 17 00:00:00 2001 From: sysadm Date: Mon, 12 Aug 2024 23:59:18 +0000 Subject: [PATCH 497/826] Updated flake for skynet_website_renew --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 3c6471a..7e13a02 100644 --- a/flake.lock +++ b/flake.lock @@ -1093,11 +1093,11 @@ "utils": "utils_12" }, "locked": { - "lastModified": 1723506523, - "narHash": "sha256-w2VjAs/lxV7xa33523oag96+ou0Eo2loV9gsOED75ps=", + "lastModified": 1723507113, + "narHash": "sha256-p3l5AozrsGbto40TIoZKDUP28sdCr9graCq9BlL/J3M=", "ref": "refs/heads/main", - "rev": "aeeda00a755e2adb3b636896cd701b06f1a3f20d", - "revCount": 50, + "rev": "2984673b5b868a03520c067a4ca177d1d1f73d29", + "revCount": 51, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 8302b216e00c6285030939d03f04a837b4f8c4e1 Mon Sep 17 00:00:00 2001 From: sysadm Date: Fri, 16 Aug 2024 14:38:20 +0000 Subject: [PATCH 498/826] Updated flake for skynet_website_renew --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 7e13a02..bbb0fa8 100644 --- a/flake.lock +++ b/flake.lock @@ -1093,11 +1093,11 @@ "utils": "utils_12" }, "locked": { - "lastModified": 1723507113, - "narHash": "sha256-p3l5AozrsGbto40TIoZKDUP28sdCr9graCq9BlL/J3M=", + "lastModified": 1723819045, + "narHash": "sha256-0F9lEHz/LQL45e2q+1ORa1fFvvQC22gKAQ++zfe57Hc=", "ref": "refs/heads/main", - "rev": "2984673b5b868a03520c067a4ca177d1d1f73d29", - "revCount": 51, + "rev": "2a069a12258d4bc3676d25a048fd8aaa34874fd4", + "revCount": 52, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 0e5990e563771557dee9a10bfd5ff8c327b9cc1b Mon Sep 17 00:00:00 2001 From: esy Date: Fri, 16 Aug 2024 18:55:18 +0000 Subject: [PATCH 499/826] Update ITD/Firewall_Rules.csv add git ssh ticket --- ITD/Firewall_Rules.csv | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ITD/Firewall_Rules.csv b/ITD/Firewall_Rules.csv index 0dbf7b2..b64c6af 100644 --- a/ITD/Firewall_Rules.csv +++ b/ITD/Firewall_Rules.csv @@ -41,4 +41,5 @@ SKYNET_FIREWALL_00029,Add,i24-06-04_017,Complete,All,-,193.1.99.90,SKYNET00016,8 SKYNET_FIREWALL_00030,Add,i24-06-04_017,Complete,193.1.99.83,SKYNET00020,193.1.96.165,SKYNET00012,9000-9010,-,Metrics Collection SKYNET_FIREWALL_00031,Add,i24-06-04_017,Complete,All,-,193.1.99.83,SKYNET00020,"80, 443",-,Web interface for Metrics server SKYNET_FIREWALL_00032,Remove,i24-06-04_017,Complete,All,-,193.1.99.90,SKYNET00016,8080,-,Had incorrectly opened 8080 on the main panel -SKYNET_FIREWALL_00033,Add,i24-06-04_017,Complete,All,-,193.1.99.91,SKYNET00017,8080,-,Websocket for admin panel on games management server \ No newline at end of file +SKYNET_FIREWALL_00033,Add,i24-06-04_017,Complete,All,-,193.1.99.91,SKYNET00017,8080,-,Websocket for admin panel on games management server +,Add,i24-07-15_112,Denied,193.1.99.75,-,-,-,22,-,Response from ITD "Our IT Security team have advised that port 22 and port 2222 are only to be allowed through the VPN and will not be opened to allow inbound ssh connections directly from the internet" \ No newline at end of file From afa3515cd85088bbc73e5d888f4ee5908f516d97 Mon Sep 17 00:00:00 2001 From: esy Date: Fri, 16 Aug 2024 18:57:47 +0000 Subject: [PATCH 500/826] fix: not showing in preview single quotes works double doesnt for some reason --- ITD/Firewall_Rules.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ITD/Firewall_Rules.csv b/ITD/Firewall_Rules.csv index b64c6af..64f2e32 100644 --- a/ITD/Firewall_Rules.csv +++ b/ITD/Firewall_Rules.csv @@ -42,4 +42,4 @@ SKYNET_FIREWALL_00030,Add,i24-06-04_017,Complete,193.1.99.83,SKYNET00020,193.1.9 SKYNET_FIREWALL_00031,Add,i24-06-04_017,Complete,All,-,193.1.99.83,SKYNET00020,"80, 443",-,Web interface for Metrics server SKYNET_FIREWALL_00032,Remove,i24-06-04_017,Complete,All,-,193.1.99.90,SKYNET00016,8080,-,Had incorrectly opened 8080 on the main panel SKYNET_FIREWALL_00033,Add,i24-06-04_017,Complete,All,-,193.1.99.91,SKYNET00017,8080,-,Websocket for admin panel on games management server -,Add,i24-07-15_112,Denied,193.1.99.75,-,-,-,22,-,Response from ITD "Our IT Security team have advised that port 22 and port 2222 are only to be allowed through the VPN and will not be opened to allow inbound ssh connections directly from the internet" \ No newline at end of file +,Add,i24-07-15_112,Denied,193.1.99.75,-,-,-,22,-,Response from ITD - 'Our IT Security team have advised that port 22 and port 2222 are only to be allowed through the VPN and will not be opened to allow inbound ssh connections directly from the internet' \ No newline at end of file From 39be11301a75b5ec8129021f19399375d7802865 Mon Sep 17 00:00:00 2001 From: sysadm Date: Mon, 19 Aug 2024 22:09:25 +0000 Subject: [PATCH 501/826] Updated flake for skynet_website_renew --- flake.lock | 118 ++++------------------------------------------------- 1 file changed, 9 insertions(+), 109 deletions(-) diff --git a/flake.lock b/flake.lock index bbb0fa8..d077288 100644 --- a/flake.lock +++ b/flake.lock @@ -107,26 +107,6 @@ "type": "gitlab" } }, - "bfom_2": { - "inputs": { - "naersk": "naersk_4", - "nixpkgs": "nixpkgs_20", - "utils": "utils_11" - }, - "locked": { - "lastModified": 1723500950, - "narHash": "sha256-t1eApFGI+JzLIW2YToLlDV20n+Nevk1q4fZBYU1m93I=", - "owner": "silver_rust", - "repo": "bfom", - "rev": "7f339f28442758ecc3f1697e3f70d441973664b9", - "type": "gitlab" - }, - "original": { - "owner": "silver_rust", - "repo": "bfom", - "type": "gitlab" - } - }, "blobs": { "flake": false, "locked": { @@ -516,24 +496,6 @@ "type": "github" } }, - "naersk_4": { - "inputs": { - "nixpkgs": "nixpkgs_19" - }, - "locked": { - "lastModified": 1713520724, - "narHash": "sha256-CO8MmVDmqZX2FovL75pu5BvwhW+Vugc7Q6ze7Hj8heI=", - "owner": "nix-community", - "repo": "naersk", - "rev": "c5037590290c6c7dae2e42e7da1e247e54ed2d49", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "naersk", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1703013332, @@ -711,11 +673,11 @@ }, "nixpkgs_19": { "locked": { - "lastModified": 1714091391, - "narHash": "sha256-68n3GBvlm1MIeJXadPzQ3v8Y9sIW3zmv8gI5w5sliC8=", + "lastModified": 1695837737, + "narHash": "sha256-KcqmJ5hNacLuE7fkz5586kp/vt4NLo6+Prq3DMgrxpQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4c86138ce486d601d956a165e2f7a0fc029a03c1", + "rev": "517501bcf14ae6ec47efd6a17dda0ca8e6d866f9", "type": "github" }, "original": { @@ -739,34 +701,6 @@ "type": "github" } }, - "nixpkgs_20": { - "locked": { - "lastModified": 1714091391, - "narHash": "sha256-68n3GBvlm1MIeJXadPzQ3v8Y9sIW3zmv8gI5w5sliC8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "4c86138ce486d601d956a165e2f7a0fc029a03c1", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_21": { - "locked": { - "lastModified": 1695837737, - "narHash": "sha256-KcqmJ5hNacLuE7fkz5586kp/vt4NLo6+Prq3DMgrxpQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "517501bcf14ae6ec47efd6a17dda0ca8e6d866f9", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, "nixpkgs_3": { "locked": { "lastModified": 1711401922, @@ -1088,16 +1022,15 @@ }, "skynet_website_renew": { "inputs": { - "bfom": "bfom_2", - "nixpkgs": "nixpkgs_21", - "utils": "utils_12" + "nixpkgs": "nixpkgs_19", + "utils": "utils_11" }, "locked": { - "lastModified": 1723819045, - "narHash": "sha256-0F9lEHz/LQL45e2q+1ORa1fFvvQC22gKAQ++zfe57Hc=", + "lastModified": 1724104639, + "narHash": "sha256-UB7T5+imyk9crwziTp+D2leC9tDMxr7mCpwx4pFpOgE=", "ref": "refs/heads/main", - "rev": "2a069a12258d4bc3676d25a048fd8aaa34874fd4", - "revCount": 52, + "rev": "e892ed9f0bc7a4fb076fc7e401ceaf8c3d27e81f", + "revCount": 59, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, @@ -1197,21 +1130,6 @@ "type": "github" } }, - "systems_14": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -1372,24 +1290,6 @@ "inputs": { "systems": "systems_13" }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_12": { - "inputs": { - "systems": "systems_14" - }, "locked": { "lastModified": 1694529238, "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", From a7b559972b711ac83ff381e8067a563f084a4024 Mon Sep 17 00:00:00 2001 From: Daragh Downes Date: Mon, 19 Aug 2024 23:31:28 +0100 Subject: [PATCH 502/826] feat : adjust nginx to point at root of new docs, update name of flake --- applications/skynet.ie/wiki.nix | 2 +- flake.lock | 6 +++--- flake.nix | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/applications/skynet.ie/wiki.nix b/applications/skynet.ie/wiki.nix index 5e9530b..6d1aa57 100644 --- a/applications/skynet.ie/wiki.nix +++ b/applications/skynet.ie/wiki.nix @@ -40,7 +40,7 @@ in { "wiki.skynet.ie" = { forceSSL = true; useACMEHost = "skynet"; - root = "${inputs.skynet_website_renew.defaultPackage."x86_64-linux"}/wiki"; + root = "${inputs.skynet_website_wiki.defaultPackage."x86_64-linux"}"; # https://stackoverflow.com/a/38238001/11964934 extraConfig = '' location / { diff --git a/flake.lock b/flake.lock index d077288..195325f 100644 --- a/flake.lock +++ b/flake.lock @@ -823,7 +823,7 @@ "skynet_website_2017": "skynet_website_2017", "skynet_website_2023": "skynet_website_2023", "skynet_website_games": "skynet_website_games", - "skynet_website_renew": "skynet_website_renew" + "skynet_website_wiki": "skynet_website_wiki" } }, "rust-analyzer-src": { @@ -1020,14 +1020,14 @@ "url": "https://forgejo.skynet.ie/Skynet/website_games" } }, - "skynet_website_renew": { + "skynet_website_wiki": { "inputs": { "nixpkgs": "nixpkgs_19", "utils": "utils_11" }, "locked": { "lastModified": 1724104639, - "narHash": "sha256-UB7T5+imyk9crwziTp+D2leC9tDMxr7mCpwx4pFpOgE=", + "narHash": "sha256-Jjl8MQok6IqCsN4QlT/0zpBm3qm8Lrm81zbxAL7tIjI=", "ref": "refs/heads/main", "rev": "e892ed9f0bc7a4fb076fc7e401ceaf8c3d27e81f", "revCount": 59, diff --git a/flake.nix b/flake.nix index f157a25..6954637 100644 --- a/flake.nix +++ b/flake.nix @@ -29,7 +29,7 @@ ###################### skynet_ldap_backend.url = "git+https://forgejo.skynet.ie/Skynet/ldap_backend"; skynet_ldap_frontend.url = "git+https://forgejo.skynet.ie/Skynet/ldap_frontend"; - skynet_website_renew.url = "git+https://forgejo.skynet.ie/Skynet/wiki"; + skynet_website_wiki.url = "git+https://forgejo.skynet.ie/Skynet/wiki"; skynet_website_games.url = "git+https://forgejo.skynet.ie/Skynet/website_games"; skynet_discord_bot.url = "git+https://forgejo.skynet.ie/Skynet/discord-bot"; From 68d5a91b0b8a61e34ac216c6fa83a6d74e31f0ea Mon Sep 17 00:00:00 2001 From: sysadm Date: Mon, 19 Aug 2024 22:38:29 +0000 Subject: [PATCH 503/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 195325f..8433747 100644 --- a/flake.lock +++ b/flake.lock @@ -1026,11 +1026,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1724104639, - "narHash": "sha256-Jjl8MQok6IqCsN4QlT/0zpBm3qm8Lrm81zbxAL7tIjI=", + "lastModified": 1724107081, + "narHash": "sha256-UZEZxuzSk0Ah6OsnCFxn4eimPapBc3agrU6B/iv/X4o=", "ref": "refs/heads/main", - "rev": "e892ed9f0bc7a4fb076fc7e401ceaf8c3d27e81f", - "revCount": 59, + "rev": "7eeb861097293b96f21d81cabc8093058a84dffb", + "revCount": 61, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 58800bf7b2e894ae00305936aa97cbc07373965b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 20 Aug 2024 23:07:50 +0100 Subject: [PATCH 504/826] fix: incorrect hashes --- flake.lock | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/flake.lock b/flake.lock index 8433747..4c47bd0 100644 --- a/flake.lock +++ b/flake.lock @@ -152,7 +152,7 @@ }, "locked": { "lastModified": 1723409220, - "narHash": "sha256-Qwwsb/D+waAhL5/qFkn8h7mJDcRfbrZNNpRlRpPU4k8=", + "narHash": "sha256-LnwpBFF1DmvX1ejlD/EA9vyEMC0qZgl2Ec4wzczBNko=", "ref": "refs/heads/main", "rev": "de685b6d6f2bb5ff3048f20333cccba0f9fe4ae8", "revCount": 73, @@ -932,7 +932,7 @@ }, "locked": { "lastModified": 1723409425, - "narHash": "sha256-/ER7jLbpECx4Q5hry3Fng672KknG0g9RIb+xWpCkm/M=", + "narHash": "sha256-/gCNGbSSFV/cEyH4gqhcgPP/0/EBKWwR1CEd8wkwY8o=", "ref": "refs/heads/main", "rev": "a9fba1bb9c28a2eb7508089413a829b591084c45", "revCount": 15, @@ -969,11 +969,11 @@ "utils": "utils_8" }, "locked": { - "lastModified": 1723316173, - "narHash": "sha256-sluWHNA4pvhlVkJHZ8PGOxz7qqHm5uTAUWd94Dhq4ys=", + "lastModified": 1723409425, + "narHash": "sha256-/gCNGbSSFV/cEyH4gqhcgPP/0/EBKWwR1CEd8wkwY8o=", "ref": "refs/heads/main", - "rev": "871ecc6c232b82f0e67e30cf1485250ec603108e", - "revCount": 14, + "rev": "a9fba1bb9c28a2eb7508089413a829b591084c45", + "revCount": 15, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2017" }, @@ -1008,7 +1008,7 @@ }, "locked": { "lastModified": 1723409493, - "narHash": "sha256-nZwNkGHL8aRlYroTfCSXYlI9Q7qzYXcnd6RlH50W9W8=", + "narHash": "sha256-XcXpvs7go7o3kLxz/JHZlvGf5uxADzpvuskYQYR10LA=", "ref": "refs/heads/main", "rev": "5884131ff5e2d631695b91fb4efc3253e302e7d5", "revCount": 11, @@ -1026,11 +1026,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1724107081, - "narHash": "sha256-UZEZxuzSk0Ah6OsnCFxn4eimPapBc3agrU6B/iv/X4o=", + "lastModified": 1724108073, + "narHash": "sha256-AL1oG6QcCNAVMVzznHGRvwWAg6bFGC1lOxQPn1UdiJ8=", "ref": "refs/heads/main", - "rev": "7eeb861097293b96f21d81cabc8093058a84dffb", - "revCount": 61, + "rev": "cba889a56fed4bfff1d23aa01f801c36ea8b67c1", + "revCount": 62, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 1638e44caaf07692b9f3c7b9c7d3f5657aa86851 Mon Sep 17 00:00:00 2001 From: sysadm Date: Tue, 20 Aug 2024 22:37:19 +0000 Subject: [PATCH 505/826] Updated flake for skynet_website --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 4c47bd0..9100e4f 100644 --- a/flake.lock +++ b/flake.lock @@ -931,11 +931,11 @@ "utils": "utils_6" }, "locked": { - "lastModified": 1723409425, - "narHash": "sha256-/gCNGbSSFV/cEyH4gqhcgPP/0/EBKWwR1CEd8wkwY8o=", + "lastModified": 1724193389, + "narHash": "sha256-Gy+jGGSXb0pJP2WoyToZspYJ0uay9nyN1b5uIZqI1s4=", "ref": "refs/heads/main", - "rev": "a9fba1bb9c28a2eb7508089413a829b591084c45", - "revCount": 15, + "rev": "429dc79209587bf5c984b068fb0f9fd47fbcd1f3", + "revCount": 17, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2017" }, From 8e57469ee287238a3969ba0da188a31957d4b33c Mon Sep 17 00:00:00 2001 From: sysadm Date: Tue, 20 Aug 2024 22:45:23 +0000 Subject: [PATCH 506/826] Updated flake for skynet_website --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 9100e4f..f4a71de 100644 --- a/flake.lock +++ b/flake.lock @@ -931,11 +931,11 @@ "utils": "utils_6" }, "locked": { - "lastModified": 1724193389, - "narHash": "sha256-Gy+jGGSXb0pJP2WoyToZspYJ0uay9nyN1b5uIZqI1s4=", + "lastModified": 1724193889, + "narHash": "sha256-yB+CezE29d6rvBezBfdyyJo0orzrEB8YqPnoHTnJ2AM=", "ref": "refs/heads/main", - "rev": "429dc79209587bf5c984b068fb0f9fd47fbcd1f3", - "revCount": 17, + "rev": "76ef90e2111b7ce74930779362533fe0cf367935", + "revCount": 18, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2017" }, From 6376e910f1ed16de687603bfb349de5d873e1c53 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 21 Aug 2024 00:03:07 +0100 Subject: [PATCH 507/826] ci: test using ref=main for the inputs --- flake.lock | 19 +++++++++++-------- flake.nix | 6 +++--- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/flake.lock b/flake.lock index f4a71de..19f083d 100644 --- a/flake.lock +++ b/flake.lock @@ -932,14 +932,15 @@ }, "locked": { "lastModified": 1724193889, - "narHash": "sha256-yB+CezE29d6rvBezBfdyyJo0orzrEB8YqPnoHTnJ2AM=", - "ref": "refs/heads/main", + "narHash": "sha256-Z7zTh5e1bwzE0wmqj9Eyl39QCyLJhlMetOXhQo3gd7E=", + "ref": "main", "rev": "76ef90e2111b7ce74930779362533fe0cf367935", "revCount": 18, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2017" }, "original": { + "ref": "main", "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2017" } @@ -952,13 +953,14 @@ "locked": { "lastModified": 1723317982, "narHash": "sha256-qkTYtwcPAKmdN2cJidhBbGcm6yY1M76zw9NFyqjJnn4=", - "ref": "refs/heads/main", + "ref": "main", "rev": "2d0e20c683068b692bf8765273b3531d77005d09", "revCount": 12, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2009" }, "original": { + "ref": "main", "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2009" } @@ -969,15 +971,16 @@ "utils": "utils_8" }, "locked": { - "lastModified": 1723409425, - "narHash": "sha256-/gCNGbSSFV/cEyH4gqhcgPP/0/EBKWwR1CEd8wkwY8o=", - "ref": "refs/heads/main", - "rev": "a9fba1bb9c28a2eb7508089413a829b591084c45", - "revCount": 15, + "lastModified": 1724193889, + "narHash": "sha256-Z7zTh5e1bwzE0wmqj9Eyl39QCyLJhlMetOXhQo3gd7E=", + "ref": "main", + "rev": "76ef90e2111b7ce74930779362533fe0cf367935", + "revCount": 18, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2017" }, "original": { + "ref": "main", "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2017" } diff --git a/flake.nix b/flake.nix index 6954637..38863c2 100644 --- a/flake.nix +++ b/flake.nix @@ -43,15 +43,15 @@ ################# # this should always point to teh current website - skynet_website.url = "git+https://forgejo.skynet.ie/Skynet/website_2017"; + skynet_website.url = "git+https://forgejo.skynet.ie/Skynet/website_2017?ref=main"; # these are past versions of teh website skynet_website_2023.url = "git+https://forgejo.skynet.ie/Skynet/website_2017?rev=c4d61c753292bf73ed41b47b1607cfc92a82a191"; # this is not 100% right since this is from teh archive from 2022 or so - skynet_website_2017.url = "git+https://forgejo.skynet.ie/Skynet/website_2017"; + skynet_website_2017.url = "git+https://forgejo.skynet.ie/Skynet/website_2017?ref=main"; # this is more of 2012 than 2009 but started in 2009 - skynet_website_2009.url = "git+https://forgejo.skynet.ie/Skynet/website_2009"; + skynet_website_2009.url = "git+https://forgejo.skynet.ie/Skynet/website_2009?ref=main"; }; nixConfig = { From 75740f9bae068360017bb51138c5db9b5b3cc6ee Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 21 Aug 2024 00:17:57 +0100 Subject: [PATCH 508/826] ci: more testing --- flake.lock | 17 +++++++---------- flake.nix | 6 +++--- 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/flake.lock b/flake.lock index 19f083d..498496f 100644 --- a/flake.lock +++ b/flake.lock @@ -933,14 +933,13 @@ "locked": { "lastModified": 1724193889, "narHash": "sha256-Z7zTh5e1bwzE0wmqj9Eyl39QCyLJhlMetOXhQo3gd7E=", - "ref": "main", + "ref": "refs/heads/main", "rev": "76ef90e2111b7ce74930779362533fe0cf367935", "revCount": 18, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2017" }, "original": { - "ref": "main", "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2017" } @@ -953,14 +952,13 @@ "locked": { "lastModified": 1723317982, "narHash": "sha256-qkTYtwcPAKmdN2cJidhBbGcm6yY1M76zw9NFyqjJnn4=", - "ref": "main", + "ref": "refs/heads/main", "rev": "2d0e20c683068b692bf8765273b3531d77005d09", "revCount": 12, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2009" }, "original": { - "ref": "main", "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2009" } @@ -971,16 +969,15 @@ "utils": "utils_8" }, "locked": { - "lastModified": 1724193889, - "narHash": "sha256-Z7zTh5e1bwzE0wmqj9Eyl39QCyLJhlMetOXhQo3gd7E=", - "ref": "main", - "rev": "76ef90e2111b7ce74930779362533fe0cf367935", - "revCount": 18, + "lastModified": 1696876711, + "narHash": "sha256-gfQFYN5/qK5aqN+nGSfyQFOjOQzahbqTKadra5zSIL0=", + "rev": "c4d61c753292bf73ed41b47b1607cfc92a82a191", + "revCount": 12, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2017" }, "original": { - "ref": "main", + "rev": "c4d61c753292bf73ed41b47b1607cfc92a82a191", "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2017" } diff --git a/flake.nix b/flake.nix index 38863c2..5d21a81 100644 --- a/flake.nix +++ b/flake.nix @@ -43,15 +43,15 @@ ################# # this should always point to teh current website - skynet_website.url = "git+https://forgejo.skynet.ie/Skynet/website_2017?ref=main"; + skynet_website.url = "git+https://forgejo.skynet.ie/Skynet/website_2017"; # these are past versions of teh website skynet_website_2023.url = "git+https://forgejo.skynet.ie/Skynet/website_2017?rev=c4d61c753292bf73ed41b47b1607cfc92a82a191"; # this is not 100% right since this is from teh archive from 2022 or so - skynet_website_2017.url = "git+https://forgejo.skynet.ie/Skynet/website_2017?ref=main"; + skynet_website_2017.url = "git+https://forgejo.skynet.ie/Skynet/website_2017?rev=c4d61c753292bf73ed41b47b1607cfc92a82a191"; # this is more of 2012 than 2009 but started in 2009 - skynet_website_2009.url = "git+https://forgejo.skynet.ie/Skynet/website_2009?ref=main"; + skynet_website_2009.url = "git+https://forgejo.skynet.ie/Skynet/website_2009"; }; nixConfig = { From fb1ef7b66b3681964a26d65a65efdf0d7edc9dff Mon Sep 17 00:00:00 2001 From: sysadm Date: Tue, 20 Aug 2024 23:36:29 +0000 Subject: [PATCH 509/826] Updated flake for skynet_website --- flake.lock | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index 498496f..8ef3c47 100644 --- a/flake.lock +++ b/flake.lock @@ -603,11 +603,11 @@ }, "nixpkgs_14": { "locked": { - "lastModified": 1689935543, - "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", + "lastModified": 1724114134, + "narHash": "sha256-V/w5MIQy4jTG/L7/V/AL2BF5gSEWCfxHVDQdzLBCV18=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e43e2448161c0a2c4928abec4e16eae1516571bc", + "rev": "f02fa2f654c7bcc45f0e815c29d093da7f1245b4", "type": "github" }, "original": { @@ -931,11 +931,11 @@ "utils": "utils_6" }, "locked": { - "lastModified": 1724193889, - "narHash": "sha256-Z7zTh5e1bwzE0wmqj9Eyl39QCyLJhlMetOXhQo3gd7E=", + "lastModified": 1724196861, + "narHash": "sha256-0lVMcGQ+r5ieJQqe7DSAnWrGj0Fm2GnAGj6BNXmRKwg=", "ref": "refs/heads/main", - "rev": "76ef90e2111b7ce74930779362533fe0cf367935", - "revCount": 18, + "rev": "7138e6ee4a49af718d78cdc4dd7c909e074239b8", + "revCount": 20, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2017" }, @@ -1381,11 +1381,11 @@ "systems": "systems_8" }, "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { From 6c9df1256603978121c40c3052583c78671e3bff Mon Sep 17 00:00:00 2001 From: sysadm Date: Wed, 21 Aug 2024 00:01:21 +0000 Subject: [PATCH 510/826] Updated flake for skynet_website_2009 --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 8ef3c47..b9772f0 100644 --- a/flake.lock +++ b/flake.lock @@ -950,11 +950,11 @@ "utils": "utils_7" }, "locked": { - "lastModified": 1723317982, - "narHash": "sha256-qkTYtwcPAKmdN2cJidhBbGcm6yY1M76zw9NFyqjJnn4=", + "lastModified": 1724198445, + "narHash": "sha256-7cN70t/qqmUsShNhIbOSSMToiCRGhEhwZayN2n93KrA=", "ref": "refs/heads/main", - "rev": "2d0e20c683068b692bf8765273b3531d77005d09", - "revCount": 12, + "rev": "3aa4568ae82846a9d365fc464dfc523be07e7ac3", + "revCount": 14, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2009" }, From deb43c0768afaa1d9cca86f70d1d39bd9cbba039 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 21 Aug 2024 01:12:04 +0100 Subject: [PATCH 511/826] ci: more testing --- flake.lock | 11 ++++++----- flake.nix | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index b9772f0..02268cc 100644 --- a/flake.lock +++ b/flake.lock @@ -969,15 +969,16 @@ "utils": "utils_8" }, "locked": { - "lastModified": 1696876711, - "narHash": "sha256-gfQFYN5/qK5aqN+nGSfyQFOjOQzahbqTKadra5zSIL0=", - "rev": "c4d61c753292bf73ed41b47b1607cfc92a82a191", - "revCount": 12, + "lastModified": 1689960297, + "narHash": "sha256-Hw/9Bo6YdILbbXPymkfiMaah6/t4w7h3fYeUh1+PBe8=", + "ref": "refs/heads/main", + "rev": "edd922c5b13fa1f520e8e265a3d6e4e189852b99", + "revCount": 6, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2017" }, "original": { - "rev": "c4d61c753292bf73ed41b47b1607cfc92a82a191", + "rev": "edd922c5b13fa1f520e8e265a3d6e4e189852b99", "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2017" } diff --git a/flake.nix b/flake.nix index 5d21a81..05a84e8 100644 --- a/flake.nix +++ b/flake.nix @@ -48,7 +48,7 @@ # these are past versions of teh website skynet_website_2023.url = "git+https://forgejo.skynet.ie/Skynet/website_2017?rev=c4d61c753292bf73ed41b47b1607cfc92a82a191"; # this is not 100% right since this is from teh archive from 2022 or so - skynet_website_2017.url = "git+https://forgejo.skynet.ie/Skynet/website_2017?rev=c4d61c753292bf73ed41b47b1607cfc92a82a191"; + skynet_website_2017.url = "git+https://forgejo.skynet.ie/Skynet/website_2017?rev=edd922c5b13fa1f520e8e265a3d6e4e189852b99"; # this is more of 2012 than 2009 but started in 2009 skynet_website_2009.url = "git+https://forgejo.skynet.ie/Skynet/website_2009"; From 6ce2a6337fe55800e1981b24cbbdbef1b97dabcc Mon Sep 17 00:00:00 2001 From: sysadm Date: Wed, 21 Aug 2024 00:21:34 +0000 Subject: [PATCH 512/826] Updated flake for skynet_website --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 02268cc..45630e2 100644 --- a/flake.lock +++ b/flake.lock @@ -931,11 +931,11 @@ "utils": "utils_6" }, "locked": { - "lastModified": 1724196861, - "narHash": "sha256-0lVMcGQ+r5ieJQqe7DSAnWrGj0Fm2GnAGj6BNXmRKwg=", + "lastModified": 1724199668, + "narHash": "sha256-1VVpX9GWgBKC7AcrwKQ6A09taogu3q/Zd712vTADAbA=", "ref": "refs/heads/main", - "rev": "7138e6ee4a49af718d78cdc4dd7c909e074239b8", - "revCount": 20, + "rev": "2e4d22b7197127a2a3d944edea06dd3efe04d2b6", + "revCount": 22, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2017" }, From 987db0c6aa10bf5c969d4c4fbcc0db6234a937ff Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 21 Aug 2024 01:31:53 +0100 Subject: [PATCH 513/826] ci: more testing --- .forgejo/workflows/deploy.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml index cc1e25d..3c48889 100644 --- a/.forgejo/workflows/deploy.yaml +++ b/.forgejo/workflows/deploy.yaml @@ -22,6 +22,7 @@ jobs: steps: - uses: actions/checkout@v4 - run: nix fmt -- --check . + - run: nix --version #if: github.repository == 'Skynet/nixos' build: From 961a35b990c92ceacd91c378c7d5fb3a140610eb Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 21 Aug 2024 01:32:34 +0100 Subject: [PATCH 514/826] ci: more testing --- .forgejo/workflows/deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml index 3c48889..efee5b0 100644 --- a/.forgejo/workflows/deploy.yaml +++ b/.forgejo/workflows/deploy.yaml @@ -14,7 +14,7 @@ on: - secrets/**/* - flake.* - config/**/* - #- .forgejo/**/* + - .forgejo/**/* jobs: linter: From 4688eec1534126805fe5495f1194089e4f6696ec Mon Sep 17 00:00:00 2001 From: sysadm Date: Wed, 21 Aug 2024 00:35:11 +0000 Subject: [PATCH 515/826] Updated flake for skynet_website --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 45630e2..69e331b 100644 --- a/flake.lock +++ b/flake.lock @@ -931,11 +931,11 @@ "utils": "utils_6" }, "locked": { - "lastModified": 1724199668, - "narHash": "sha256-1VVpX9GWgBKC7AcrwKQ6A09taogu3q/Zd712vTADAbA=", + "lastModified": 1724200482, + "narHash": "sha256-puA3NcmbFQtEeq7N5P5Ruq18PJLf4M/e1AoAwNjT46I=", "ref": "refs/heads/main", - "rev": "2e4d22b7197127a2a3d944edea06dd3efe04d2b6", - "revCount": 22, + "rev": "1799b7dcb26359fbaa775e952dd7685b7bbb3bff", + "revCount": 23, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2017" }, From bf939cc9414ff13a45d9041960ebb4329aa42ba6 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 21 Aug 2024 01:46:32 +0100 Subject: [PATCH 516/826] ci: newer versions of nix have this format for updating flake inputs --- .forgejo/workflows/update_input.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/update_input.yaml b/.forgejo/workflows/update_input.yaml index 5004979..cf2ac5c 100644 --- a/.forgejo/workflows/update_input.yaml +++ b/.forgejo/workflows/update_input.yaml @@ -24,7 +24,7 @@ jobs: with: ref: ${{ github.head_ref }} token: ${{ secrets.PIPELINE_TOKEN }} - - run: nix flake lock --update-input "${{ inputs.input_to_update }}" + - run: nix flake update "${{ inputs.input_to_update }}" shell: bash - uses: https://github.com/stefanzweifel/git-auto-commit-action@v5 with: From 598ae73b3ed6d799295cd4834911e94a039ed660 Mon Sep 17 00:00:00 2001 From: sysadm Date: Wed, 21 Aug 2024 00:48:28 +0000 Subject: [PATCH 517/826] Updated flake for skynet_website --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 69e331b..0497b05 100644 --- a/flake.lock +++ b/flake.lock @@ -931,11 +931,11 @@ "utils": "utils_6" }, "locked": { - "lastModified": 1724200482, - "narHash": "sha256-puA3NcmbFQtEeq7N5P5Ruq18PJLf4M/e1AoAwNjT46I=", + "lastModified": 1724201270, + "narHash": "sha256-GQFKLpHJi0R225lodgjFUHzTHnIzU6mopiP84HgVVCE=", "ref": "refs/heads/main", - "rev": "1799b7dcb26359fbaa775e952dd7685b7bbb3bff", - "revCount": 23, + "rev": "eb6eabb1c0e4dd828ca5552c36faf36e17f4836d", + "revCount": 25, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2017" }, From aefd9bbdb09a4eecea1c3305921bd8ba54e09b6c Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 21 Aug 2024 01:56:25 +0100 Subject: [PATCH 518/826] ci: ``nix flake update`` --- flake.lock | 119 ++++++++++++++++++++++++++++++----------------------- 1 file changed, 68 insertions(+), 51 deletions(-) diff --git a/flake.lock b/flake.lock index 0497b05..15a319a 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1715290355, - "narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=", + "lastModified": 1723293904, + "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", "owner": "ryantm", "repo": "agenix", - "rev": "8d37c5bdeade12b6479c85acd133063ab53187a0", + "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", "type": "github" }, "original": { @@ -52,11 +52,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1714877287, - "narHash": "sha256-mf1/RfkyhzwLLeqU8AdosbBfRQuQzuVMX7XL7GejoRI=", + "lastModified": 1722825873, + "narHash": "sha256-bFNXkD+s9NuidZePiJAjjFUnsMOwXb7hEZ4JEDdSALw=", "owner": "hercules-ci", "repo": "arion", - "rev": "e9945eb6cdaf5c946bacd5a330e7b5ac7b3b2fdd", + "rev": "90bc85532767c785245f5c1e29ebfecb941cf8c9", "type": "github" }, "original": { @@ -74,11 +74,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1711742460, - "narHash": "sha256-0O4v6e4a1toxXZ2gf5INhg4WPE5C5T+SVvsBt+45Mcc=", + "lastModified": 1724086414, + "narHash": "sha256-jcY81r8PdMQ9dCGhT0YLZzxPj3kQJXyWCmvQLXbR1EI=", "owner": "zhaofengli", "repo": "attic", - "rev": "4dbdbee45728d8ce5788db6461aaaa89d98081f0", + "rev": "acf3c351f8de47c6857f31948ab253f9c7ce2a6f", "type": "github" }, "original": { @@ -172,11 +172,11 @@ ] }, "locked": { - "lastModified": 1702918879, - "narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=", + "lastModified": 1722960479, + "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", "owner": "ipetkov", "repo": "crane", - "rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb", + "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", "type": "github" }, "original": { @@ -232,11 +232,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -285,11 +285,11 @@ ] }, "locked": { - "lastModified": 1714641030, - "narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=", + "lastModified": 1722555600, + "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e", + "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", "type": "github" }, "original": { @@ -320,12 +320,15 @@ } }, "flake-utils": { + "inputs": { + "systems": "systems_2" + }, "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -351,7 +354,7 @@ }, "flake-utils_3": { "inputs": { - "systems": "systems_4" + "systems": "systems_5" }, "locked": { "lastModified": 1710146030, @@ -408,11 +411,11 @@ ] }, "locked": { - "lastModified": 1713898448, - "narHash": "sha256-6q6ojsp/Z9P2goqnxyfCSzFOD92T3Uobmj8oVAicUOs=", + "lastModified": 1719226092, + "narHash": "sha256-YNkUMcCUCpnULp40g+svYsaH1RbSEj6s4WdZY/SHe38=", "owner": "hercules-ci", "repo": "hercules-ci-effects", - "rev": "c0302ec12d569532a6b6bd218f698bc402e93adc", + "rev": "11e4b8dc112e2f485d7c97e1cee77f9958f498f5", "type": "github" }, "original": { @@ -529,11 +532,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1711460390, - "narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=", + "lastModified": 1720535198, + "narHash": "sha256-zwVvxrdIzralnSbcpghA92tWu2DV2lwv89xZc8MTrbg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "44733514b72e732bd49f5511bd0203dea9b9a434", + "rev": "205fd4226592cc83fd4c0885a3e4c9c400efabb5", "type": "github" }, "original": { @@ -687,11 +690,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1714635257, - "narHash": "sha256-4cPymbty65RvF1DWQfc+Bc8B233A1BWxJnNULJKQ1EY=", + "lastModified": 1722630782, + "narHash": "sha256-hMyG9/WlUi0Ho9VkRrrez7SeNlDzLxalm9FwY7n/Noo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "63c3a29ca82437c87573e4c6919b09a24ea61b0f", + "rev": "d04953086551086b44b6f3c6b7eeb26294f207da", "type": "github" }, "original": { @@ -703,11 +706,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1711401922, - "narHash": "sha256-QoQqXoj8ClGo0sqD/qWKFWezgEwUL0SUh37/vY2jNhc=", + "lastModified": 1723827930, + "narHash": "sha256-EU+W5F6y2CVNxGrGIMpY7nSVYq72WRChYxF4zpjx0y4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "07262b18b97000d16a4bdb003418bd2fb067a932", + "rev": "d4a7a4d0e066278bfb0d77bd2a7adde1c0ec9e3d", "type": "github" }, "original": { @@ -777,11 +780,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1722813957, - "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=", + "lastModified": 1723991338, + "narHash": "sha256-Grh5PF0+gootJfOJFenTTxDTYPidA3V28dqJ/WV7iis=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa", + "rev": "8a3354191c0d7144db9756a74755672387b702ba", "type": "github" }, "original": { @@ -932,7 +935,7 @@ }, "locked": { "lastModified": 1724201270, - "narHash": "sha256-GQFKLpHJi0R225lodgjFUHzTHnIzU6mopiP84HgVVCE=", + "narHash": "sha256-XPh9pQh+cs3cwkA7OqPrGZq8oAw/c9T4cbDCttab1ZE=", "ref": "refs/heads/main", "rev": "eb6eabb1c0e4dd828ca5552c36faf36e17f4836d", "revCount": 25, @@ -951,7 +954,7 @@ }, "locked": { "lastModified": 1724198445, - "narHash": "sha256-7cN70t/qqmUsShNhIbOSSMToiCRGhEhwZayN2n93KrA=", + "narHash": "sha256-Vc/IFOMHax46Ct+1/9DiAxuByRLehr99XA1c7CAVQb4=", "ref": "refs/heads/main", "rev": "3aa4568ae82846a9d365fc464dfc523be07e7ac3", "revCount": 14, @@ -971,7 +974,6 @@ "locked": { "lastModified": 1689960297, "narHash": "sha256-Hw/9Bo6YdILbbXPymkfiMaah6/t4w7h3fYeUh1+PBe8=", - "ref": "refs/heads/main", "rev": "edd922c5b13fa1f520e8e265a3d6e4e189852b99", "revCount": 6, "type": "git", @@ -1131,6 +1133,21 @@ "type": "github" } }, + "systems_14": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -1253,7 +1270,7 @@ }, "utils": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1710146030, @@ -1271,7 +1288,7 @@ }, "utils_10": { "inputs": { - "systems": "systems_12" + "systems": "systems_13" }, "locked": { "lastModified": 1694529238, @@ -1289,7 +1306,7 @@ }, "utils_11": { "inputs": { - "systems": "systems_13" + "systems": "systems_14" }, "locked": { "lastModified": 1694529238, @@ -1307,7 +1324,7 @@ }, "utils_2": { "inputs": { - "systems": "systems_3" + "systems": "systems_4" }, "locked": { "lastModified": 1710146030, @@ -1325,7 +1342,7 @@ }, "utils_3": { "inputs": { - "systems": "systems_5" + "systems": "systems_6" }, "locked": { "lastModified": 1710146030, @@ -1343,7 +1360,7 @@ }, "utils_4": { "inputs": { - "systems": "systems_6" + "systems": "systems_7" }, "locked": { "lastModified": 1685518550, @@ -1361,7 +1378,7 @@ }, "utils_5": { "inputs": { - "systems": "systems_7" + "systems": "systems_8" }, "locked": { "lastModified": 1687171271, @@ -1379,7 +1396,7 @@ }, "utils_6": { "inputs": { - "systems": "systems_8" + "systems": "systems_9" }, "locked": { "lastModified": 1710146030, @@ -1397,7 +1414,7 @@ }, "utils_7": { "inputs": { - "systems": "systems_9" + "systems": "systems_10" }, "locked": { "lastModified": 1689068808, @@ -1415,7 +1432,7 @@ }, "utils_8": { "inputs": { - "systems": "systems_10" + "systems": "systems_11" }, "locked": { "lastModified": 1689068808, @@ -1433,7 +1450,7 @@ }, "utils_9": { "inputs": { - "systems": "systems_11" + "systems": "systems_12" }, "locked": { "lastModified": 1689068808, From 350f4266ed1edad9f60dff2557894421f35864de Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 21 Aug 2024 02:14:07 +0100 Subject: [PATCH 519/826] ci: test with keep failed --- .forgejo/workflows/deploy.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml index efee5b0..6c94772 100644 --- a/.forgejo/workflows/deploy.yaml +++ b/.forgejo/workflows/deploy.yaml @@ -30,6 +30,7 @@ jobs: steps: - uses: actions/checkout@v4 - run: nix develop + - run: colmena build -v --on earth --nix-option keep-failed true - run: colmena build -v --on @active-dns - run: colmena build -v --on @active-core - run: colmena build -v --on @active From 41dd05cd365e4aa301eae4f2dace8b4c38a091d6 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 21 Aug 2024 02:20:44 +0100 Subject: [PATCH 520/826] ci: test with keep failed --- .forgejo/workflows/deploy.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml index 6c94772..e008938 100644 --- a/.forgejo/workflows/deploy.yaml +++ b/.forgejo/workflows/deploy.yaml @@ -31,6 +31,9 @@ jobs: - uses: actions/checkout@v4 - run: nix develop - run: colmena build -v --on earth --nix-option keep-failed true + - name: Archive Test Results + if: always() + run: wait 100m - run: colmena build -v --on @active-dns - run: colmena build -v --on @active-core - run: colmena build -v --on @active From 5d93ffb71fe34e5b294669cd6e084796412b7f4e Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 21 Aug 2024 02:21:40 +0100 Subject: [PATCH 521/826] ci: test with keep failed --- .forgejo/workflows/deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml index e008938..f0305ac 100644 --- a/.forgejo/workflows/deploy.yaml +++ b/.forgejo/workflows/deploy.yaml @@ -33,7 +33,7 @@ jobs: - run: colmena build -v --on earth --nix-option keep-failed true - name: Archive Test Results if: always() - run: wait 100m + run: sleep 100m - run: colmena build -v --on @active-dns - run: colmena build -v --on @active-core - run: colmena build -v --on @active From fc78bb7287d4f02578caa509790707bec7e87f38 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 21 Aug 2024 02:38:25 +0100 Subject: [PATCH 522/826] ci: test with keep failed --- .forgejo/workflows/deploy.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml index f0305ac..ceea941 100644 --- a/.forgejo/workflows/deploy.yaml +++ b/.forgejo/workflows/deploy.yaml @@ -31,9 +31,9 @@ jobs: - uses: actions/checkout@v4 - run: nix develop - run: colmena build -v --on earth --nix-option keep-failed true - - name: Archive Test Results - if: always() - run: sleep 100m +# - name: Archive Test Results +# if: always() +# run: sleep 100m - run: colmena build -v --on @active-dns - run: colmena build -v --on @active-core - run: colmena build -v --on @active From 97d750ac66318cc787e2098249676d6dd7c5b023 Mon Sep 17 00:00:00 2001 From: sysadm Date: Wed, 21 Aug 2024 01:40:04 +0000 Subject: [PATCH 523/826] Updated flake for skynet_website --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 15a319a..efbc174 100644 --- a/flake.lock +++ b/flake.lock @@ -934,11 +934,11 @@ "utils": "utils_6" }, "locked": { - "lastModified": 1724201270, - "narHash": "sha256-XPh9pQh+cs3cwkA7OqPrGZq8oAw/c9T4cbDCttab1ZE=", + "lastModified": 1724204378, + "narHash": "sha256-dXVflGm6RkLk0chZa1Kjn1ruXynCNnryMnFj6Okp/E0=", "ref": "refs/heads/main", - "rev": "eb6eabb1c0e4dd828ca5552c36faf36e17f4836d", - "revCount": 25, + "rev": "e49ee92630967440c94f427172e13043e90a6a6f", + "revCount": 26, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2017" }, From 36e9e6b76d7143d5b02fe3aa1b6b7f93db81384d Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 21 Aug 2024 03:19:10 +0100 Subject: [PATCH 524/826] ci: update input now works on everything --- .forgejo/workflows/update_input.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/update_input.yaml b/.forgejo/workflows/update_input.yaml index cf2ac5c..5cea57f 100644 --- a/.forgejo/workflows/update_input.yaml +++ b/.forgejo/workflows/update_input.yaml @@ -7,7 +7,7 @@ on: inputs: input_to_update: description: 'Flake input to update' - required: true + required: false type: string jobs: From 99b2ba14779991cb5343d9c93e4b18126647fc95 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 21 Aug 2024 03:20:56 +0100 Subject: [PATCH 525/826] ci: update input now works on everything --- .forgejo/workflows/update_input.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/update_input.yaml b/.forgejo/workflows/update_input.yaml index 5cea57f..8e13da6 100644 --- a/.forgejo/workflows/update_input.yaml +++ b/.forgejo/workflows/update_input.yaml @@ -24,7 +24,7 @@ jobs: with: ref: ${{ github.head_ref }} token: ${{ secrets.PIPELINE_TOKEN }} - - run: nix flake update "${{ inputs.input_to_update }}" + - run: nix flake update ${{ inputs.input_to_update }} shell: bash - uses: https://github.com/stefanzweifel/git-auto-commit-action@v5 with: From ac7db8f099df6296e860c8c4a89ab349026a3ea3 Mon Sep 17 00:00:00 2001 From: silver Date: Wed, 21 Aug 2024 02:22:02 +0000 Subject: [PATCH 526/826] Updated flake for --- flake.lock | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index efbc174..4df505f 100644 --- a/flake.lock +++ b/flake.lock @@ -152,7 +152,7 @@ }, "locked": { "lastModified": 1723409220, - "narHash": "sha256-LnwpBFF1DmvX1ejlD/EA9vyEMC0qZgl2Ec4wzczBNko=", + "narHash": "sha256-Qwwsb/D+waAhL5/qFkn8h7mJDcRfbrZNNpRlRpPU4k8=", "ref": "refs/heads/main", "rev": "de685b6d6f2bb5ff3048f20333cccba0f9fe4ae8", "revCount": 73, @@ -916,7 +916,7 @@ }, "locked": { "lastModified": 1723234619, - "narHash": "sha256-jHqIg3ltestGKaR4vHr44nnq3Pv7yr9gGwkvONEJxoA=", + "narHash": "sha256-6a0sJkhabJOxCEdGz3moKeQjYfqV9Bqa8Q0byPipPQo=", "ref": "refs/heads/main", "rev": "71f5928c66a43e788a9a00b90a1326c1bb82ffd2", "revCount": 228, @@ -954,7 +954,7 @@ }, "locked": { "lastModified": 1724198445, - "narHash": "sha256-Vc/IFOMHax46Ct+1/9DiAxuByRLehr99XA1c7CAVQb4=", + "narHash": "sha256-7cN70t/qqmUsShNhIbOSSMToiCRGhEhwZayN2n93KrA=", "ref": "refs/heads/main", "rev": "3aa4568ae82846a9d365fc464dfc523be07e7ac3", "revCount": 14, @@ -973,7 +973,8 @@ }, "locked": { "lastModified": 1689960297, - "narHash": "sha256-Hw/9Bo6YdILbbXPymkfiMaah6/t4w7h3fYeUh1+PBe8=", + "narHash": "sha256-+43nNv4RSQMXMRGdN8xVKYs2B13w5FJtefuykYcpywM=", + "ref": "refs/heads/main", "rev": "edd922c5b13fa1f520e8e265a3d6e4e189852b99", "revCount": 6, "type": "git", @@ -992,7 +993,8 @@ }, "locked": { "lastModified": 1696876711, - "narHash": "sha256-gfQFYN5/qK5aqN+nGSfyQFOjOQzahbqTKadra5zSIL0=", + "narHash": "sha256-WdZQBLTX6WK8iT7FwvD6sNEefGwtAWmzxZzCvvmDxGo=", + "ref": "refs/heads/main", "rev": "c4d61c753292bf73ed41b47b1607cfc92a82a191", "revCount": 12, "type": "git", @@ -1011,7 +1013,7 @@ }, "locked": { "lastModified": 1723409493, - "narHash": "sha256-XcXpvs7go7o3kLxz/JHZlvGf5uxADzpvuskYQYR10LA=", + "narHash": "sha256-nZwNkGHL8aRlYroTfCSXYlI9Q7qzYXcnd6RlH50W9W8=", "ref": "refs/heads/main", "rev": "5884131ff5e2d631695b91fb4efc3253e302e7d5", "revCount": 11, @@ -1030,7 +1032,7 @@ }, "locked": { "lastModified": 1724108073, - "narHash": "sha256-AL1oG6QcCNAVMVzznHGRvwWAg6bFGC1lOxQPn1UdiJ8=", + "narHash": "sha256-J7bJKQ1PzeYI4Pmkl7l7VwKpvW6qh+RrGrJQ9ia2kXY=", "ref": "refs/heads/main", "rev": "cba889a56fed4bfff1d23aa01f801c36ea8b67c1", "revCount": 62, From 39fd65d467b1f4e45fe360e5bc2d14b586b5f53f Mon Sep 17 00:00:00 2001 From: sysadm Date: Wed, 21 Aug 2024 08:34:33 +0000 Subject: [PATCH 527/826] Updated flake for skynet_website --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 4df505f..4e753ed 100644 --- a/flake.lock +++ b/flake.lock @@ -934,11 +934,11 @@ "utils": "utils_6" }, "locked": { - "lastModified": 1724204378, - "narHash": "sha256-dXVflGm6RkLk0chZa1Kjn1ruXynCNnryMnFj6Okp/E0=", + "lastModified": 1724210543, + "narHash": "sha256-JLt77gajtOPwM20m86Kh2JkWuOq1+kmHr+98UMzbjAY=", "ref": "refs/heads/main", - "rev": "e49ee92630967440c94f427172e13043e90a6a6f", - "revCount": 26, + "rev": "0af67c9ece40fb683238093d857d96aae2414522", + "revCount": 27, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2017" }, From 884617ddb7668ded4fdd9be7541b894afb8e0fae Mon Sep 17 00:00:00 2001 From: sysadm Date: Wed, 21 Aug 2024 22:46:27 +0000 Subject: [PATCH 528/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 4e753ed..e79aa8c 100644 --- a/flake.lock +++ b/flake.lock @@ -1031,11 +1031,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1724108073, - "narHash": "sha256-J7bJKQ1PzeYI4Pmkl7l7VwKpvW6qh+RrGrJQ9ia2kXY=", + "lastModified": 1724280311, + "narHash": "sha256-WXrs/9HeGAl/GFtrLR2bVMdx1TOROQ9/ekyh9i4l820=", "ref": "refs/heads/main", - "rev": "cba889a56fed4bfff1d23aa01f801c36ea8b67c1", - "revCount": 62, + "rev": "c22628f29c3fafd252f315952ca3852d67113f1d", + "revCount": 67, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 34ffe6c37f012f90533467edc25568ca96b49ab8 Mon Sep 17 00:00:00 2001 From: sysadm Date: Wed, 21 Aug 2024 22:53:41 +0000 Subject: [PATCH 529/826] Updated flake for skynet_website_wiki --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index e79aa8c..bdb5fe1 100644 --- a/flake.lock +++ b/flake.lock @@ -1031,10 +1031,10 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1724280311, - "narHash": "sha256-WXrs/9HeGAl/GFtrLR2bVMdx1TOROQ9/ekyh9i4l820=", + "lastModified": 1724280680, + "narHash": "sha256-gkxNaXe0dwfy5Mw2Rel+QR0/n0RBNEDzwiBQWNWNrd0=", "ref": "refs/heads/main", - "rev": "c22628f29c3fafd252f315952ca3852d67113f1d", + "rev": "c65d46803214f3668623d70892e46727de7ca1a2", "revCount": 67, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" From 31c94bc8d27c2ae3e48783c455567e2a378bcbaa Mon Sep 17 00:00:00 2001 From: sysadm Date: Thu, 22 Aug 2024 17:03:12 +0000 Subject: [PATCH 530/826] Updated flake for skynet_website_wiki --- flake.lock | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index bdb5fe1..c69ce90 100644 --- a/flake.lock +++ b/flake.lock @@ -676,11 +676,11 @@ }, "nixpkgs_19": { "locked": { - "lastModified": 1695837737, - "narHash": "sha256-KcqmJ5hNacLuE7fkz5586kp/vt4NLo6+Prq3DMgrxpQ=", + "lastModified": 1724300212, + "narHash": "sha256-x3jl6OWTs+L9C7EtscuWZmGZWI0iSBDafvg3X7JMa1A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "517501bcf14ae6ec47efd6a17dda0ca8e6d866f9", + "rev": "4de4818c1ffa76d57787af936e8a23648bda6be4", "type": "github" }, "original": { @@ -1031,11 +1031,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1724280680, - "narHash": "sha256-gkxNaXe0dwfy5Mw2Rel+QR0/n0RBNEDzwiBQWNWNrd0=", + "lastModified": 1724346134, + "narHash": "sha256-SWsK4tP4J5s09cvYBq0jw+r8YKr/8QmFDL1si8Fu7cE=", "ref": "refs/heads/main", - "rev": "c65d46803214f3668623d70892e46727de7ca1a2", - "revCount": 67, + "rev": "08862ebe5dbbd02b83596edfd05810a965fa668d", + "revCount": 68, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 287b268161d86bd44be3b35355b278cc69a2d12d Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 26 Aug 2024 09:13:25 +0100 Subject: [PATCH 531/826] fix: inputs have to be quoted --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 05a84e8..9140459 100644 --- a/flake.nix +++ b/flake.nix @@ -16,7 +16,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; colmena.url = "github:zhaofengli/colmena"; - attic.url = github:zhaofengli/attic; + attic.url = "github:zhaofengli/attic"; # we host our own simple-nixos-mailserver = { From ddf5a22d8be2a68231e494329699dfb5daa95bb9 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 26 Aug 2024 09:14:42 +0100 Subject: [PATCH 532/826] nix: switch over to using Lix Related to #81 --- flake.lock | 105 +++++++++++++++++++++++++++++++++++++++++---- flake.nix | 11 +++++ machines/_base.nix | 3 ++ 3 files changed, 110 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index c69ce90..622fc20 100644 --- a/flake.lock +++ b/flake.lock @@ -370,6 +370,24 @@ "type": "github" } }, + "flake-utils_4": { + "inputs": { + "systems": "systems_6" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "flakeCompat": { "flake": false, "locked": { @@ -386,6 +404,21 @@ "type": "github" } }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "haskell-flake": { "locked": { "lastModified": 1675296942, @@ -445,6 +478,43 @@ "type": "github" } }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1724624492, + "narHash": "sha256-J3COggDipocT+ozSxz96GuwSyMrT5+Xa2fGfxaIShqw=", + "rev": "b6884388a1281d70bb4e5bb12e1cadd34bb832f0", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/b6884388a1281d70bb4e5bb12e1cadd34bb832f0.tar.gz?rev=b6884388a1281d70bb4e5bb12e1cadd34bb832f0" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": "flake-utils_4", + "flakey-profile": "flakey-profile", + "lix": [ + "lix" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1723511483, + "narHash": "sha256-rT/OkVXKkns2YvyF1nFvl+8Gc3sld1c1sXPtGkbqaDY=", + "rev": "cecf70b77539c1a593f60ec9d0305b5e537ab6a9", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cecf70b77539c1a593f60ec9d0305b5e537ab6a9.tar.gz?rev=cecf70b77539c1a593f60ec9d0305b5e537ab6a9" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz" + } + }, "naersk": { "inputs": { "nixpkgs": "nixpkgs_5" @@ -816,6 +886,8 @@ "colmena": "colmena", "compsoc_public": "compsoc_public", "flake-utils": "flake-utils_3", + "lix": "lix", + "lix-module": "lix-module", "nixpkgs": "nixpkgs_8", "simple-nixos-mailserver": "simple-nixos-mailserver", "skynet_discord_bot": "skynet_discord_bot", @@ -1150,6 +1222,21 @@ "type": "github" } }, + "systems_15": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -1290,7 +1377,7 @@ }, "utils_10": { "inputs": { - "systems": "systems_13" + "systems": "systems_14" }, "locked": { "lastModified": 1694529238, @@ -1308,7 +1395,7 @@ }, "utils_11": { "inputs": { - "systems": "systems_14" + "systems": "systems_15" }, "locked": { "lastModified": 1694529238, @@ -1344,7 +1431,7 @@ }, "utils_3": { "inputs": { - "systems": "systems_6" + "systems": "systems_7" }, "locked": { "lastModified": 1710146030, @@ -1362,7 +1449,7 @@ }, "utils_4": { "inputs": { - "systems": "systems_7" + "systems": "systems_8" }, "locked": { "lastModified": 1685518550, @@ -1380,7 +1467,7 @@ }, "utils_5": { "inputs": { - "systems": "systems_8" + "systems": "systems_9" }, "locked": { "lastModified": 1687171271, @@ -1398,7 +1485,7 @@ }, "utils_6": { "inputs": { - "systems": "systems_9" + "systems": "systems_10" }, "locked": { "lastModified": 1710146030, @@ -1416,7 +1503,7 @@ }, "utils_7": { "inputs": { - "systems": "systems_10" + "systems": "systems_11" }, "locked": { "lastModified": 1689068808, @@ -1434,7 +1521,7 @@ }, "utils_8": { "inputs": { - "systems": "systems_11" + "systems": "systems_12" }, "locked": { "lastModified": 1689068808, @@ -1452,7 +1539,7 @@ }, "utils_9": { "inputs": { - "systems": "systems_12" + "systems": "systems_13" }, "locked": { "lastModified": 1689068808, diff --git a/flake.nix b/flake.nix index 9140459..bc55d95 100644 --- a/flake.nix +++ b/flake.nix @@ -7,6 +7,17 @@ # Return to using unstable once the current master is merged in # nixpkgs.url = "nixpkgs/nixos-unstable"; + lix = { + url = "https://git.lix.systems/lix-project/lix/archive/main.tar.gz"; + flake = false; + }; + + lix-module = { + url = "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.lix.follows = "lix"; + }; + # utility stuff flake-utils.url = "github:numtide/flake-utils"; agenix.url = "github:ryantm/agenix"; diff --git a/machines/_base.nix b/machines/_base.nix index f730ba3..81baf36 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -20,6 +20,9 @@ in { # base application config for all servers ../applications/_base.nix + + # + inputs.lix-module.nixosModules.default ]; options.skynet = { From 6c9a852e7814033ce609755a6c60eb1f453341ab Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 26 Aug 2024 09:15:44 +0100 Subject: [PATCH 533/826] fix: bump the wiki See https://forgejo.skynet.ie/Skynet/nixos/actions/runs/192 for details on the issue --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 622fc20..daadb50 100644 --- a/flake.lock +++ b/flake.lock @@ -1103,11 +1103,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1724346134, - "narHash": "sha256-SWsK4tP4J5s09cvYBq0jw+r8YKr/8QmFDL1si8Fu7cE=", + "lastModified": 1724627980, + "narHash": "sha256-n64oKqJSXJxgchBoF1mEPPaNVTLQhMyq65NafLdaWyc=", "ref": "refs/heads/main", - "rev": "08862ebe5dbbd02b83596edfd05810a965fa668d", - "revCount": 68, + "rev": "39c216bc6c9c3a8b1be076e683caac23e338f1af", + "revCount": 69, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 35b12b57aa0a0909ccb672ee4f3a433e6990ad03 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 26 Aug 2024 09:43:09 +0100 Subject: [PATCH 534/826] fix: bump alejandra to a newer version as the existing version didnt have an input quoted --- flake.lock | 7 +++---- flake.nix | 2 +- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index daadb50..ec846ce 100644 --- a/flake.lock +++ b/flake.lock @@ -30,16 +30,15 @@ ] }, "locked": { - "lastModified": 1660592437, - "narHash": "sha256-xFumnivtVwu5fFBOrTxrv6fv3geHKF04RGP23EsDVaI=", + "lastModified": 1719514321, + "narHash": "sha256-ys1nJdZ8zB8JlpUbQmnj0hZalg03bEPgQdZN30DhETE=", "owner": "kamadorueda", "repo": "alejandra", - "rev": "e7eac49074b70814b542fee987af2987dd0520b5", + "rev": "d7552fef2ccf1bbf0d36b27f6fddb19073f205b7", "type": "github" }, "original": { "owner": "kamadorueda", - "ref": "3.0.0", "repo": "alejandra", "type": "github" } diff --git a/flake.nix b/flake.nix index bc55d95..3669f39 100644 --- a/flake.nix +++ b/flake.nix @@ -23,7 +23,7 @@ agenix.url = "github:ryantm/agenix"; arion.url = "github:hercules-ci/arion"; alejandra = { - url = "github:kamadorueda/alejandra/3.0.0"; + url = "github:kamadorueda/alejandra"; inputs.nixpkgs.follows = "nixpkgs"; }; colmena.url = "github:zhaofengli/colmena"; From 4196934565be4ad29f0d65ee1e8b8c2b7083a65d Mon Sep 17 00:00:00 2001 From: sysadm Date: Mon, 26 Aug 2024 19:44:20 +0000 Subject: [PATCH 535/826] Updated flake for skynet_website_wiki --- flake.lock | 121 ++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 107 insertions(+), 14 deletions(-) diff --git a/flake.lock b/flake.lock index ec846ce..f946664 100644 --- a/flake.lock +++ b/flake.lock @@ -43,6 +43,26 @@ "type": "github" } }, + "alejandra_2": { + "inputs": { + "fenix": "fenix_2", + "flakeCompat": "flakeCompat_2", + "nixpkgs": "nixpkgs_19" + }, + "locked": { + "lastModified": 1719514321, + "narHash": "sha256-ys1nJdZ8zB8JlpUbQmnj0hZalg03bEPgQdZN30DhETE=", + "owner": "kamadorueda", + "repo": "alejandra", + "rev": "d7552fef2ccf1bbf0d36b27f6fddb19073f205b7", + "type": "github" + }, + "original": { + "owner": "kamadorueda", + "repo": "alejandra", + "type": "github" + } + }, "arion": { "inputs": { "flake-parts": "flake-parts", @@ -228,6 +248,29 @@ "type": "github" } }, + "fenix_2": { + "inputs": { + "nixpkgs": [ + "skynet_website_wiki", + "alejandra", + "nixpkgs" + ], + "rust-analyzer-src": "rust-analyzer-src_2" + }, + "locked": { + "lastModified": 1668234453, + "narHash": "sha256-FmuZThToBvRsqCauYJ3l8HJoGLAY5cMULeYEKIaGrRw=", + "owner": "nix-community", + "repo": "fenix", + "rev": "8f219f6b36e8d0d56afa7f67e6e3df63ef013cdb", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -403,6 +446,22 @@ "type": "github" } }, + "flakeCompat_2": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flakey-profile": { "locked": { "lastModified": 1712898590, @@ -745,16 +804,18 @@ }, "nixpkgs_19": { "locked": { - "lastModified": 1724300212, - "narHash": "sha256-x3jl6OWTs+L9C7EtscuWZmGZWI0iSBDafvg3X7JMa1A=", - "owner": "NixOS", + "lastModified": 1668226844, + "narHash": "sha256-G/S4FBWDAqHeBS/hfXwUCJbnaKnrQFoeeKwzvZEOgxM=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "4de4818c1ffa76d57787af936e8a23648bda6be4", + "rev": "dd4767bf613bf9553eee6ff37c0996b9c876e7d8", "type": "github" }, "original": { - "id": "nixpkgs", - "type": "indirect" + "owner": "nixos", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs_2": { @@ -773,6 +834,20 @@ "type": "github" } }, + "nixpkgs_20": { + "locked": { + "lastModified": 1724395761, + "narHash": "sha256-zRkDV/nbrnp3Y8oCADf5ETl1sDrdmAW6/bBVJ8EbIdQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ae815cee91b417be55d43781eb4b73ae1ecc396c", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, "nixpkgs_3": { "locked": { "lastModified": 1723827930, @@ -917,6 +992,23 @@ "type": "github" } }, + "rust-analyzer-src_2": { + "flake": false, + "locked": { + "lastModified": 1668182250, + "narHash": "sha256-PYGaOCiFvnJdVz+ZCaKF8geGdffXjJUNcMwaBHv0FT4=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "45ec315e01dc8dd1146dfeb65f0ef6e5c2efed78", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, "simple-nixos-mailserver": { "inputs": { "blobs": "blobs", @@ -1098,15 +1190,16 @@ }, "skynet_website_wiki": { "inputs": { - "nixpkgs": "nixpkgs_19", + "alejandra": "alejandra_2", + "nixpkgs": "nixpkgs_20", "utils": "utils_11" }, "locked": { - "lastModified": 1724627980, - "narHash": "sha256-n64oKqJSXJxgchBoF1mEPPaNVTLQhMyq65NafLdaWyc=", + "lastModified": 1724701416, + "narHash": "sha256-7fVQ5+q6DpySInK9JaQ+WBnLWl96qtYMAddKu8/Dx8o=", "ref": "refs/heads/main", - "rev": "39c216bc6c9c3a8b1be076e683caac23e338f1af", - "revCount": 69, + "rev": "5297fdb65d695ed02bb684415a9f87c5008c543b", + "revCount": 87, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, @@ -1397,11 +1490,11 @@ "systems": "systems_15" }, "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { From 11d4c2269c6bbfc73c144008235d05ce9336da9e Mon Sep 17 00:00:00 2001 From: sysadm Date: Mon, 26 Aug 2024 20:53:28 +0000 Subject: [PATCH 536/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index f946664..7a77d05 100644 --- a/flake.lock +++ b/flake.lock @@ -1195,11 +1195,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1724701416, - "narHash": "sha256-7fVQ5+q6DpySInK9JaQ+WBnLWl96qtYMAddKu8/Dx8o=", + "lastModified": 1724705575, + "narHash": "sha256-+fXOim6W7xvdpeiE4LchTJa1Fc1GgoqF4/TW8M2C254=", "ref": "refs/heads/main", - "rev": "5297fdb65d695ed02bb684415a9f87c5008c543b", - "revCount": 87, + "rev": "201429baaa730cbecd5fef67eb3074de5c32a05a", + "revCount": 88, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 9143fdc77cbde02e40e9369dbfa3669dd05b6f4f Mon Sep 17 00:00:00 2001 From: sysadm Date: Mon, 26 Aug 2024 22:19:31 +0000 Subject: [PATCH 537/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 7a77d05..d6fe618 100644 --- a/flake.lock +++ b/flake.lock @@ -1195,11 +1195,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1724705575, - "narHash": "sha256-+fXOim6W7xvdpeiE4LchTJa1Fc1GgoqF4/TW8M2C254=", + "lastModified": 1724710787, + "narHash": "sha256-3MsyAfDZnEm72p3FBpcN6UYt+khakzILHZvDoTwV4QQ=", "ref": "refs/heads/main", - "rev": "201429baaa730cbecd5fef67eb3074de5c32a05a", - "revCount": 88, + "rev": "32451169457cb756c2dfdbb525db12cf12a0111c", + "revCount": 89, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 3347ac8a89bb82395786944b11712b725233e662 Mon Sep 17 00:00:00 2001 From: sysadm Date: Mon, 26 Aug 2024 22:32:11 +0000 Subject: [PATCH 538/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index d6fe618..7a77d05 100644 --- a/flake.lock +++ b/flake.lock @@ -1195,11 +1195,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1724710787, - "narHash": "sha256-3MsyAfDZnEm72p3FBpcN6UYt+khakzILHZvDoTwV4QQ=", + "lastModified": 1724705575, + "narHash": "sha256-+fXOim6W7xvdpeiE4LchTJa1Fc1GgoqF4/TW8M2C254=", "ref": "refs/heads/main", - "rev": "32451169457cb756c2dfdbb525db12cf12a0111c", - "revCount": 89, + "rev": "201429baaa730cbecd5fef67eb3074de5c32a05a", + "revCount": 88, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 31dc474c846843df82bf027fb7ef3ee6c74e5bac Mon Sep 17 00:00:00 2001 From: sysadm Date: Mon, 26 Aug 2024 22:39:52 +0000 Subject: [PATCH 539/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 7a77d05..35fecc7 100644 --- a/flake.lock +++ b/flake.lock @@ -1195,11 +1195,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1724705575, - "narHash": "sha256-+fXOim6W7xvdpeiE4LchTJa1Fc1GgoqF4/TW8M2C254=", + "lastModified": 1724711686, + "narHash": "sha256-AfeFS60J2kaIhp8LGnQGIDLRjZ+/s8vknkh4t1Y5qQA=", "ref": "refs/heads/main", - "rev": "201429baaa730cbecd5fef67eb3074de5c32a05a", - "revCount": 88, + "rev": "7bf0db32b3740b764357e1f2c8a50ee54c6a400a", + "revCount": 89, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 38e0322f6731d4ac69626efaf82c3988867754fc Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 26 Aug 2024 23:48:59 +0100 Subject: [PATCH 540/826] feat: skynet admins are committee --- config/users.nix | 38 ++++++++++++++++++++++++-------------- 1 file changed, 24 insertions(+), 14 deletions(-) diff --git a/config/users.nix b/config/users.nix index ac428e2..fbe14f6 100644 --- a/config/users.nix +++ b/config/users.nix @@ -1,6 +1,11 @@ -{lib, ...}: +{ + lib, + config, + ... +}: with lib; let port_backend = "8087"; + cfg = config.skynet.users; in { options.skynet = { users = { @@ -44,19 +49,24 @@ in { config.skynet = { users = { - committee = [ - "silver" - "eoghanconlon73" - "sidhiel" - "maksimsger1" - "kaiden" - "pine" - "nanda" - "sourabh1805" - "kronsy" - "skyapples" - "emi05h" - ]; + committee = lib.lists.unique ( + # Committee + [ + "silver" + "eoghanconlon73" + "sidhiel" + "maksimsger1" + "kaiden" + "pine" + "nanda" + "sourabh1805" + "kronsy" + "skyapples" + "emi05h" + ] + # Admins are part of Committee as well + ++ cfg.admin + ); admin = [ "silver" "evanc" From a050b6ced7ab2d248d3f4cf88b79bdf15665d17d Mon Sep 17 00:00:00 2001 From: sysadm Date: Thu, 29 Aug 2024 21:26:11 +0000 Subject: [PATCH 541/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 35fecc7..6eb7e22 100644 --- a/flake.lock +++ b/flake.lock @@ -1195,11 +1195,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1724711686, - "narHash": "sha256-AfeFS60J2kaIhp8LGnQGIDLRjZ+/s8vknkh4t1Y5qQA=", + "lastModified": 1724965052, + "narHash": "sha256-DXR+GfwTlqnERWTVgMHhGczIXmOBp7NmwfWzZi/DwLM=", "ref": "refs/heads/main", - "rev": "7bf0db32b3740b764357e1f2c8a50ee54c6a400a", - "revCount": 89, + "rev": "551bdb31653508674cf6eca6f3f952d18b6e7232", + "revCount": 90, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 5fa1bbd8181a0a54e02290cc0c29cd86940b5ca9 Mon Sep 17 00:00:00 2001 From: sysadm Date: Sat, 31 Aug 2024 18:33:57 +0000 Subject: [PATCH 542/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 6eb7e22..fa7fe7f 100644 --- a/flake.lock +++ b/flake.lock @@ -1039,11 +1039,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1723319789, - "narHash": "sha256-hrWDD9U0YSdvYayyDk1R6ZT7rmJp2jBx1/si3p/DuDY=", + "lastModified": 1725128654, + "narHash": "sha256-xF75eDbiCSlnZVPvBfaUWhElQrcNMQHgoygSPevBe4M=", "ref": "refs/heads/main", - "rev": "905aaa96206310a638498d91d04e16641b33d842", - "revCount": 105, + "rev": "50d2923425be1cac9f29e1e75670694507e376e0", + "revCount": 110, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 4b2720df360db215f5830e256ca29d8406e52e40 Mon Sep 17 00:00:00 2001 From: sysadm Date: Mon, 2 Sep 2024 12:54:32 +0000 Subject: [PATCH 543/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index fa7fe7f..4af5f72 100644 --- a/flake.lock +++ b/flake.lock @@ -1039,11 +1039,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1725128654, - "narHash": "sha256-xF75eDbiCSlnZVPvBfaUWhElQrcNMQHgoygSPevBe4M=", + "lastModified": 1725281518, + "narHash": "sha256-MC0IY+bWgHtEgDj29VBYr6OUbXsMRBMWvAYKNXTc+NY=", "ref": "refs/heads/main", - "rev": "50d2923425be1cac9f29e1e75670694507e376e0", - "revCount": 110, + "rev": "8ba92cc47eab748510adb975e3d9197b1afb4e2b", + "revCount": 111, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 7dcbf88fa4e486341a97858963a2dc8778d2dfca Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 9 Sep 2024 19:45:13 +0100 Subject: [PATCH 544/826] feat: adding my second laptop to the secrets list --- secrets/backup/restic.age | Bin 2650 -> 2760 bytes secrets/backup/restic_pw.age | Bin 937 -> 1047 bytes secrets/bitwarden/details.age | Bin 1045 -> 1155 bytes secrets/bitwarden/id.age | 34 ++++++++++---------- secrets/bitwarden/secret.age | 34 ++++++++++---------- secrets/discord/ldap.age | 48 +++++++++++++++------------- secrets/discord/token.age | Bin 1025 -> 1135 bytes secrets/dns_certs.secret.age | Bin 2704 -> 2814 bytes secrets/dns_dnskeys.conf.age | Bin 1094 -> 1204 bytes secrets/email/details.age | 46 +++++++++++++------------- secrets/forgejo/runners/ssh.age | Bin 1271 -> 1381 bytes secrets/forgejo/runners/token.age | 34 ++++++++++---------- secrets/gitlab/db_pw.age | Bin 1001 -> 1111 bytes secrets/gitlab/ldap_pw.age | Bin 1000 -> 1110 bytes secrets/gitlab/pw.age | 35 ++++++++++---------- secrets/gitlab/runners/runner01.age | Bin 955 -> 1065 bytes secrets/gitlab/runners/runner02.age | Bin 955 -> 1065 bytes secrets/gitlab/secrets_db.age | 34 ++++++++++---------- secrets/gitlab/secrets_jws.age | Bin 2550 -> 2660 bytes secrets/gitlab/secrets_otp.age | 34 ++++++++++---------- secrets/gitlab/secrets_secret.age | Bin 1000 -> 1110 bytes secrets/grafana/pw.age | Bin 914 -> 1024 bytes secrets/ldap/details.age | Bin 1527 -> 1637 bytes secrets/ldap/pw.age | Bin 1330 -> 1440 bytes secrets/nextcloud/pw.age | Bin 914 -> 1024 bytes secrets/secrets.nix | 4 ++- secrets/stream_ulfm.age | Bin 3084 -> 3194 bytes secrets/wolves/details.age | Bin 1351 -> 1461 bytes 28 files changed, 161 insertions(+), 142 deletions(-) diff --git a/secrets/backup/restic.age b/secrets/backup/restic.age index ca3bf45384bb9096f64e60da7f28425d9ef272a9..d2ecfde1f0860b56493f2088995f2848760fee21 100644 GIT binary patch literal 2760 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5uwQE(i!s z^D^`cs7f^t&Zu+?N;J+c3^fS$tjrJ2b_y*`&MFN|HFwN2aOE;j_crtk^T{yRcQ*?1 z%FA=I2=LGKN~!S8D)XzTv`Eo*3&<@G%{DVM^hLMLB%mrPKV8AAG&kMS#5p}m->f9c zG$+cuFgv?6x1cI2H^(c$+b1}^A}OlG#LU0IHJ{5YD>cU{B`r8Gs5ro{D#ba|xxghO z#W|$REF~x?$jz;+#4|T4sn9>sFcjUk6i0)ypmYTfea9+C(@d|->@uSiGjq%Aq7aL0 z&nRbi|8lPY(?ZA4vXUUftTcc9bWg5Si}4RZ3FbBnp$0|SD+^Ic2aJ(Ii)va|!T3mv0MvYm4cT`Q{$LL(DRibEU? z%nHH^OkL4!E3`=UN>5iv^-jz83Jmth3H1s~GRn^h_9!%uEKPDw%=8U($_?`=HK-^p z&y38;3^L&gil_=mcJ&G=sfzUXOAa>n_bJSd%neQtG|Dmvsx%L`sK|6I3pTQ}%(p&9W?(7tp znOf*k7*dc?5mDk8mR;iI=RyQe~0ul37$@>FCSlsh#K(;#O?nW0+@>5oPWi z=A3Gh?Ufki>=y2m?B#4yVdUkL=T%;6VSy2EekD16`i=^znJFGgmZoOG{sm?gDVFZZ zc_kjMiI#b}eo?7m=3btr5s@h_X?{k@p~+m~p1Dz}*;VEiDQOmV3MSM;a&Pm*rR%1(f7wAL{@kuMrel?rg;Qw2Sru7XXbgP1%(=> zx;O@<=2yCSc%p}7L~xO#S-C=4eqOR!u5)Nsq=$!lMpb}gxpRoNr+ZLwYIamaN}-3Z zd#I&Fn5B=qM?P1nt4~E~pi@zbN2O!9nPpCqi+hAyrGJpVVX3*7OL=irwugyZR8WYK zWj?xXE@4%{ndu4^NseK8o&_ld`i0>Z5#|OJ*_F9rA(>^Kt{IWVhIuI-Va3U=IWDRB zZjoFD9>L{lsrms?g@!K9p?Mx|g`S}%7DYL^24?Bb=7zb3ktNCbK3+*FWhUshl}1%L z8K)~47$#*nJLi{FS{AwH=7u|#WCS~xCuW#=dnPBPcMH*IC1cel&l$p5c8<(e=RYhhd<%O50x@46FMUqzJ*ymj3mp|Ky^~B0)5}~FBeKIQ z%F}|(oO7H?Duc5N-O7T4Qk@F4vrKho~?1&zc#sxY0-sK8uewF!#MS+P1;pUZv0r`GDo+Xi0Wf_G&kttdE zMSiKlmabJ9{+@1C#`#nl!o@hp zKf|riBa$mW&&V&&CBW4vFvGOUDb+l~yCP6OE5I)+q&zXgu)-iR-^?$<*&{VHCmY>w zp{{0W$$<*aW(DSHp@x-VQQ2Olg-O9VIZ)2KWn|8P_NGLHan zFHgUu%#`#ZXY;DOsL+h0s?r?q^h%$!Nc51jD2uXm4ph+2&(6$B(bvwXO3Cyxs|d(* zO%5?KF^;SXbtwuc&i68NPcf({^35~PHQ@>}PxWyOHBT-obgPO?@`|zy3Ck++@%6O~ zG_$Czbo4JWHwmeX%E?Tt!l>Vha*N8c$`#W6L%mZ|OAXR9Dk8&7(>(kN5=(s3%)@dW z^#d!ClQJzzt4h)xOA}oj%egWwt4t%xa(#+(oXtuLjojSLgM!QTO}rutL%f~5Q-h2% zN|O9ia??XSe7SUWbrmX8tK33-O9BjxoV+YED~n1C0}7MwPqjRso*K~qHzsmlj!!g)&8pTEd5-Pz zhKEkct9@bUKA!WZT`z6Qk7*i(Ez67-t=XB$GD&^c#Km(P!t?tt*w&cqwW)7Y(QZ-* z`M8sr^SFY&^t3a*FDAJ;Yh8(G?(y0>sj%{e&gzU=jSe$Fi7&&c15?%B%mrPKV8Ao-Pa0*DazfJvCoDD%c}8H90M`%7809J;m6=z_BPZJuEe`!rUUF!qg|v z%_GgJ)T7+PJvBVj-=HAZGQTo8r5N2dQ@<2T<8p=6D)*eAaARkusI*+q^0F}h5{vwD z-=t(?^VF)c;EF6`kNk3zbW{Btqjau_$^sM53iDu36K&JrN|&tCRA234zmQVnGNZ^M zH=hX8;G*n^lET8|5Ce4E3N2E-($f_jU0t(GO47_-0#m)by$wqv-GU1vOAG=dgS_0G ze0`Hsopapu{i>1zazeQZ)BTJ+N_-rHyu-5GT(vU_%}qTEON@Ooi_J6ra&nx5eLa0m zos)8XtMbup^A0PrC@NQQc6T!}Nh}F=s*0@0Ee?w^_w@`btSB_eE^;vl2sTM}PS(y( zOb?Ar%+2Sj@GA~W$}o)#D-Vw-3U>F)_cJai^$N*03Nm!JG)^rE%=OQ=aP~~~wv0r# zEiE(AFf~xYB*Va@)G*S?+%!2e$s@weB*?HN$S5SxFv6=U**wd_Ft0Quy(l=?)7g{D zBhL0$S^R}%saa*FCfFsILANCE!_g$HhuRb)AT?E zU#D_QzmVX3-+ZT(G-C_1JeSOZWQ$7Ibk_`{jAWO9@WiN`;L3DgAJ=j&w~Tbxl6=Fk zGRsT@=XB4!%CaCsC$j>BM3*2JKO+;rqKr(-68*qjm!NWV+x$v${PZ0af-*z%{Y?Cm zEXsW>(_B&#z4E>Mk^<5#L$%Edf};Gq(lh;n@}o=xUBa`uf?XU#!^-{rGAb-R^8J&u zjRJEMjiX9R+(XMeyo{W)Eka#$1IvQbA}iC;Z7Va1G_Z73$W1daPILDU$|^H)bu;tM z@X~hos504k!;x_s`Df$_VlgDh$eT_DL#r&o#`|&-F9OG$?U5 zch2<)_lt1TE_W`=cMoA|ev7$ICAjmt# z*vs5A(6U_Lpfbgv*xWZPKg`8~E3C4p#563gFw>>nFv-;@y&&8vJ1{NF-!n1P**GsS z#oN@)GAp@CU)u>I2e^b)1!tx!7*-V~nHUKB!2=O>qkxf+Igiyp%E>rg!Q0FwJfP4xC(-^VwyKtJ8rpfo?wB_}1^ z!qhdH%h9a3)H^KHrPL?F!mu#I&&b)>CAF|DswB{{GB_x^z$hZv$;00~t27nEZpi0`KkUvc}9lCrr9OA#@-RWQHhZjMX6p9jyZ*nxh3JHmHCzCrGc(oKI#50 zLHXJKRk?}z72$r)CZ3kriGgPRW>G#lnQ2C;-hm});qFdOzLv@8e)Fty^euE$$WMz( z3wKX@_+$1J2WDz7S%E731GBB(4Qt1zV~J2A}NKPAb_ zH6YhH*w`#5&?hb5Ew#Md!qv~w$PhDk8yDp0dzULzI6Lc`n->_mg*!Usml=mvc!pL4 zn?$%6c?D;BMR;0TNTc%Z+g=559aG{G+uA_oiZj_m`m$Of4WlD;EL3y^PZ(vr2fr)pHxp{6{ zUR8v?Pm))DX;zZ6izk<9ZdFL7Ym}LzlS_ziX^KUVLAYaDNS?o2UU7tHSx!V`p`&SH zs9|DdlrMTnhPs-iB?l__>6cc8RC?zZS0v^5Bn5b6SNOU`C3&W%Ydh-~xR~VYhnj0w zL}p|-R~B>SR|YsmrkRJ8r5Pj#<+$d!2PGwDn))Rc>AR&>dFE6&7daK?<&*_g1!0uR zk#30<&glw~Vd=SP2ASq*j@jj95pKrep_RriRZ)f727cOxAx1u>8R@2m+D6{RIgVWV zr6K0NF0LsCM%flY+Wv0(1}>FRWr3xIh59L_mMKN)#$iT43STa{oQfg#jXoPX0 zSAlbKX+gSCO1XA=a=LScMR}sPlVychMsRSXQ+8H{c_?~FT9iduItMCvxcLPeMrr#Q zR(Kd{MrUZEu`WWeFSfm(*<{K4NI=XUYWjX~1`I!g#y5^Nw>KjK? zrkVKW`MRV!x)%84lo~sk`3FUYduW^Zm}BICqTHggta1f??ev0N&r(w#v+VHPOuziF zpvqkHs>obp;|kY&ukM4| zr((Z|5|6+{H)G3U@jp*g1=g)Jv4Emwc4UbaK3*yo8x_P<2? zk7BW=S?ljRFE4m+sbAyT%okVnmF3#AB@L_JXj&Uxkx}%rlo=`Gd^=O9r>}{;CQ>l!uP5GaP3~R diff --git a/secrets/backup/restic_pw.age b/secrets/backup/restic_pw.age index b71676496674039751db732f353b62dd4119f700..ceec390623a27fd76e23d448e89458082f0a472a 100644 GIT binary patch delta 960 zcmZ34=SCy*?S8%b1eo{r1Z6uRb7p#ZRkCj} zx^*dz24z9%3MN6uE)_X$$!?ZzkvUbFc|q=}PCoh}DF(TQIeBgt{$V+$X5|Kf7LJ(_ z*<2>3l~EpsPM%)L24Nm<`9a=Mse#TG*~LjY<-VceB_>XR{#Dt25hh+4t`k3shnt1x zIa`EQ>K9do`s=58JBQ_mXPCHpRvDOkRuqM1I5`?+Sw=WnR#}Ewa24g08x(u^JLgtr znHHzIg_mTy_$4|fSr|p;rDs>_M`mW12Nzf*hWhIlPmX644-X8<&x=a0au0Schzcsn z)y@yrcPh_J%nGRVPb!Ntvoy;oj0#CL$uA1_JDJ?2D49Uz* zb~CChj_^(|%1<-OGSbh@bI;9Ao_v;3yxz~y#lNaBGRe(9AgjnN(AOfcI5a2IA~88A z**Uwa%)rPis8Bnzs<5=ukt;JZ!$;f8rzjxB&C;ka*q}5iHQc+@wW7#9B-G!_Ag$b@ zveLKGKP)d4BL>nk6Ae=X6|~DuEL^KHoL%x=0t^Fuos8;TT>W!0BZHG7!VJw_!jf`5 zeUe?u!t%p147iFy(_FKHlakBBOUu1o9doL@oV1;sG7N&!wSALQwZkfl(~~mOE%O4> zlF=jFxFAR0yIdjBD>I|2B;6w4GB`>^8uga)6%Gj4{`?MIQt?v!* z-?Q8!v`Tl-IQ zh~T840)MYGw~XZ6)NsqF^xTjjw`{Jm0&TZcA9H;d!w|D@cQ4aoi!jsjlI%kLAPb-3 z^t>Sb-173I-11^CzhrdV3N2E-($f`k+%58aGA+WjBTcdm3R1%?gCZ?6lbuVGEuBLw zlgxAdjY1*=qbl=E%8R-3Q-YH#3?eMbgK|^L%hFN;@&ba&-Msw014@m`Qu5q`D!ek? zN^%l&DkITt^A0PrC@NP7&apHp4GQ#3s<15gbM|!#_qVLbDfe^@E_O_;bTiR+b&YV$ z5Ae|UaP#HLEDMb)2(&aPFH8#iZDU9 zEiE(AFf~x2D#zHsvfMW(KRI37v@|2!JS3~YNIO3xIUqHo&>*Eez&O#%U*E^gIX#ps z&?(nFHN-q1IV#krsNB@V$2-N-J3OT*H?TN0Eh5p}AgD0PJ=-ED%hMCxHsgXEeeZGw zKZ8_#%M7>R$iO7ys5BS%NH2Z&M5Bsqlge0`4)&iOtB&$T@k8rQ~PX+Bv#P@g`h?xp^i1 ho~Z`)k@rtOXsCSPoFiUP7o(l5rLtPlbD_wOcmQ@MH8=nO diff --git a/secrets/bitwarden/details.age b/secrets/bitwarden/details.age index 3627423f1bdaa10514ccf24acf404694bad1f03a..bedec27bbc1eb74bce5bdedd877342eab6fefc62 100644 GIT binary patch delta 1069 zcmbQr(abqPr@pEp-LW{?v?SZVI4{(|s4~MKB2nMdDJ00FqQEaVqbNNjSihpkCE3Fx zkjo>$&CE3DBp}06h zH#Nn`)YQ;Y!6cw6DnDJpB_h%#EF!?H+&jn6xX3j(t-dVNH_*c=)ho9+&CJl!BUisD zJ=rTD-7Gzj%d0dmD5oN-SU)(^DcvL7!Xv++%Gf(G*(^ILAgCZKIU_2u%q2J2(kUep z-MSPg-W*q;|kBb$O`A2g0y7)%&1bM^nzqRqp0){Cw=|Y6t5&xSF_NJ!oZMh zUoQ7j<6?s_)9louTsOb83O95AWFPM;vyw{V5<~s$Gy}H^S0nS%5|^aJz={iULU5PlM|F%oSs{eX%K4W9_(QlQjwG%7L=dv znr>;7RpD1!;*soKVjh{E&y{FW5@DPYmg{evm!26J6r5v{QRx_15L|4j?QiK@?(Gp( zmRRUs=2VgCiXH=LnTdv}feOai6_rMLDVC;YhS^o&X=VELW<`lv6)wT0evUaA;feV^ zm0_g?UM_Cg=_XtedD&iup2cMu*`Ah;{*mS7<@%KY#ic<}CEA5yCcdW0M(#e&E)juc zslMpec~&|47CI_8I;CY7=ayNR`WhO!hMH!lNBWdyR91zh=bD?AC6FVk# zWap)%W2O2~L`8Wnzp=1$!3 zCqFz-|H{;_N7K*m?2*4AUUj>^c1Q4+$$P)835@gex*dHfl|NQWN#wL+#p6X0+j5lq zTb7>Pt-AX}yoUO_2Nm*5#8)0y=zKOI$9dg-?tfeFx$ay&b?a7%7)GJWFP{%jQJJ7G z>LeH0Y`^p7*_rK@c`n--c;$`ocLr2mbTe_uo`1 zcHs(%zwr}}`7u`=kF_cKpv&kV^5B#EuD~Uq*aSSczh5=y`+_;zdKY7g#PqfY$(QWn HlL!U?e0PC3 delta 978 zcmZqXoXRmlr`|uwC^_FX+$+M}BBIdDGqBtxH`Fyfz#}m)INdNiQ9ma)F<9Fz$vxF6 zlFLHd-_s{7rz+U3M7zi}(KFvYpgg}gJh&*S$kHj<-Q2ap!ZbU~*dW9rnM>DBp}06h zH#Nn`)YQ;Y!6cw6DnDJpq#`1tG*jQ-BHJ-N$}K;?&@HIk)Wb6;AU(}3)6gd)(<{H! zDN{SAG%~N4%P~|tslc%^(7(dc)70EF-^9_^FDKF8)Zf4*G}9^D$+)N>J{mldFkWP^5XDOL0lIyQg<$s(Vtlr&(5MlBcCbs8f!Kg;%AIv88c3S4Kgy zp?+>@cxtGdX_~QFzO$*9M`cpETdqe%K}2bYPhv_yX;iwaWvNT?o`z0Nm6bm3VV223B^JRs86o}|hLOQp5$@?e#-+g~T>1q$rDdMU?xhtzSzf6H zRS`wyDcXi+Ii)2|sm><;`NbjmB~Cf6p1whW=)vS2R%B6BuHaMb=0wr08ITc_6UbHJ@8V?UtDokP=dSG-XlCkW;8B^9 zRA%XG7_1$b9cbwqoEMelSzhQdcB`xZjqO7kW)HWX?BFEiAQ#+lXF3?hhct7USY98sF6Xjb9SL` zMu5JzTd;v~en4V?XHqD-b)Hp@zJ-noN!f0mnLdH3iTOdvnNG%eX+9Yq+TLlF;fdL$ z$vy#Dnf?|b<{8QQ`Hsn4DMg7+#{L=gMV^^y+4-R^zAkA-Ib~J(<&nXLMuqtv$wA>E z8I|E7F1gtjT)Mit3fV=TSq8pkSs|sKxk06cCB~6CP9fz^Wu?Uh8R^d6`pK21-rR&3 zkAw9#|F|iAUfLjIYFk>P$o_qjM_-n_5>mS*b4~D!liG$p{UX`395)3YE&Al=`9b3) z_m+pNWd!3US*Mrw9{BFIjuegd!wCmt z^Pe}VtajzTzbyIEqCLycY@H^!i`y+C;B512m0$A~q%D4R^6CR8{tV3v|DwMvUEa5+ UkfS8~`twKqv(v6lkI-%f0AZ(MkpKVy diff --git a/secrets/bitwarden/id.age b/secrets/bitwarden/id.age index 81fa3ae..6a78c9e 100644 --- a/secrets/bitwarden/id.age +++ b/secrets/bitwarden/id.age @@ -1,17 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA pcFat8+oFhOWSZyYBM1Ij11K5vLcrGSWGcopZTIUv3M -NDNVRUQU3SqOPRm3N/rCMhf+DyMg21d9uAJkrqLrKcc --> ssh-ed25519 4PzZog xwjC1NO/yqurBivCPbTQgtsavmBmOcHMrjcB/W+wy0o -zdFH8I0W4ItbKVlAW4mHIPNDPPlIwdSLnIIu/1kEXBs --> ssh-ed25519 5Nd93w ojB2kKZWtrcbf34sdYPNKIUJ65nGskCXU4wOq/SbH3A -hhr/RyiTv0tFC/pvNHBFxFenHuVWpiW1hzVcyH8Iplo --> ssh-ed25519 q8eJgg DA1GO1/lDUAnFI9lPoOUQ1C33SHpNGVvqAF6aZCoLlU -9Cyl198clJHzc/pYmOe3hMM4EZVi/EE6XjSlSnLeRdc --> ssh-ed25519 KVr8rw NNeHe1ExbX5I4CdibTc1772nJoiEHHcC5gs/t4v6/wE -FeSYrhUeMxCWJ/DOmp66w+KJlhKnXCsBqCJ+lDGT1kM --> ssh-ed25519 fia1eQ yZVFUGXdWqNW1fnNRHTrBGN1WYoXemIkGdRwKPF613U -k/7eulnPGaePxUzXtt9tHOfhOyhJlTT4pQ1KfhzTwfI --> ssh-ed25519 IzAMqA +TNjvQx4ee/T30kv/UyFu1rCf8aG71T8WUJj3WBnVzg -3ooxsLz09cBO88/BRChFrMXpx7QjZVFfopgSEcxlfpw ---- kRZI09vrkArnL0mRQaSvoY6bpH8OTV4nT8JbDzP8nWo -+ P:( 8.m(e+igH WzqRvM|$z<ד}C{)qAg`* \ No newline at end of file +-> ssh-ed25519 V1pwNA 6tVe3xNaSixJpjbdLEH+8qjYyiPrhW/zkHUw7PGA/H4 +ldA3wsf+IP3sThSl8biympvXXA8JhdmUFTRWsb3QkIs +-> ssh-ed25519 4PzZog I48nrFVZDzCf1fh1MbyZlVRgslC2v8sH7NgQDMnP9Uc +0OB4KjT8yb/ThKIWiBZVaFfHoRHpBbCt5cqFUzutIDM +-> ssh-ed25519 dA0vRg 4Dd1x2Ei+6cV+h3s6jMFD3Btq6RXQAggvOt6LXQMalE +lJ5cCt4lsqVy6K86rwsgZoqmMJlw9IbBtgIWFMAXm6U +-> ssh-ed25519 5Nd93w 9mJtwmZeGSiYl9ICT6KaBufaFM5knv2qweHRI7gyojM +9k6EfBRmOGduu3qkI26rB1BNy1F5Kd2iFBUKCh7GwUA +-> ssh-ed25519 q8eJgg lBbdp6ys+jQhcdgF6WooCGVxHclhTTG+ayhWWHxK3QI +/MvFVmTKRSAUceL0nzyUvfhnp7PjOyQZVLupu6vSToE +-> ssh-ed25519 KVr8rw uPzjpOH1IBCrMbe7VaCfWrgHqzWubwPliBPnl4cwSyQ +7bTP9jAvsJpt0qXO5klC3bphyWB6L6g39ra/dNnjsGk +-> ssh-ed25519 fia1eQ Klz4SMU2+fKxVg+CRW9kgWN1/26dbcbVGcV6PByxZAM +ZLjVMD/RSOUzIqvEkcWTp8hSpR87DVQ2FH5gcKhAhIc +-> ssh-ed25519 IzAMqA n7rKJTg9SIhgFNEWTEWKBJ067AaavacyFxgF43LwH34 +GaxH14AKF8a+H2VAO3RH8DAEGnhQuP3lzPXktWJWudo +--- v+2lxuXwMa8MWotaPS7ozEWQ6Dukh7IRSR/N4M+07DI + ުO֖̊ons;^1hMZ (RJe+*3en"TeƁsfC5wӪߣfX \ No newline at end of file diff --git a/secrets/bitwarden/secret.age b/secrets/bitwarden/secret.age index 29637dd..54f07c3 100644 --- a/secrets/bitwarden/secret.age +++ b/secrets/bitwarden/secret.age @@ -1,17 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA zomyV86JWdw5KWZz/hpIQ4L9VXEW4wTDqI4cLGsNsn0 -yy7TKiwisPKlQQUWOXCykxbYSrwE5eGKMNP8OBAUkO0 --> ssh-ed25519 4PzZog A4x9YKQ/YCTglMRY7X7PVkqwkktO6R8yavKrrPvgFiY -r2GUQPkQDBR7a9NGkEYhgE5XyWJUbNYPBYcGUMBmK70 --> ssh-ed25519 5Nd93w pUJi0inWzU9zrNeE2JbFDMltBfMjIZV5e+aAvkX0pnc -oE06oHbCZiy36XZiPrI3yeKWuD82XT9dF3WsqZTvIsg --> ssh-ed25519 q8eJgg 76Xais8jMd3AVu9fjnklTjoYA+4dLV7iYhw9E6djiy4 -gIGci/h85lVxQCpnzcmgi/8Ddef4JY7J1u1HOUkBGAg --> ssh-ed25519 KVr8rw aLuWLwlVKlfsRetAGXib+wyewtokiLiHpg5+6PWhEUE -JE+Kn+1uxViDQj+8M1VvOqJ/wpIzNlsL9xM7grMt5yw --> ssh-ed25519 fia1eQ txZ0C5zd+2MTRH5sw6ORuxvuCGuxVmnD0opKvUMzRhs -joVv8myJAWCZnSXZ1PzqxQdB2uTUrVzgITTU3ZIgHEw --> ssh-ed25519 IzAMqA Ns6XpHFkrBjofBVY6rXY9h/tQPadJ9RgaKKaUWjWsVo -3Q/3v74wemS5/tglw6cefS8j/z/0vz1C/sDAPnf+0HA ---- AK6Yp/Zk8mqKBt/zzp6bpGc54h/dyPWWv29bDuxURSU -cLʌbgA8:Ⳝk \ No newline at end of file +-> ssh-ed25519 V1pwNA YScTD2GeXDwg6pVitdF8G3dPpPg4xclLTtb2NYn6n2A +Kv8RiNzEIELwiBnyq6S7BQlJJ3Y4tSf6qS9pvZLc2kg +-> ssh-ed25519 4PzZog 8lnyXYhDxCMVgSb9fc+eylgh4PNyiyWbkyR5qYEQBU8 +mdFUq2z4nIw+ffhGFsQnO7JTqFfS51NqyFlq1nvYp8Y +-> ssh-ed25519 dA0vRg laNNBfJdmv08S8DDiJRFMqJYJtRj/dLXqQ0yHGLhFCI +NRqL9+8AqzwfgNeVIuCAQNxzWNRHK0SlJEW4k9JZv3A +-> ssh-ed25519 5Nd93w FletvMID8uTwelny7qrjacrU4rLd2nM/CByUIZZ+Azc +Mha4WZJ9N/O7RDFw33jXqp2y28MzqC/vCY6iTN6Qf7o +-> ssh-ed25519 q8eJgg KNKT5k4Uaee2ggscZpmSnclWI+9gdBc4T+Lt2M4wzgM +6xo5fCHgbhf3rE3lErsDMhEiZ8SGI1CizTFswLfjbJY +-> ssh-ed25519 KVr8rw htxnJOvYzVzDuS0zdOCjN1HCGml6hc0M5pbA9JVo3Xg +mJE5zOMtSKshRlwo/2YRzXnGO2On20dS1builMpXwFk +-> ssh-ed25519 fia1eQ o/iDYcyxH13zQBQbxIglv+K84s3PV5aAIB4ln+4PHxY +iA/1FWOIJj3qt/s4DcfM73fMXz0GPiqwDJ5nh1Sl7ag +-> ssh-ed25519 IzAMqA P+/aiLPHi5tlibSilwOJ6FxROHjJpv2ncWYBruftaWc +46KeZ7kOY/8vkryznVvpgEnWlXDkG14PfAlLWdzrm0E +--- dQXX0WKOt6wXrNLkzBNLVipb2lZNJcRCX+nSRpy+2Tg +2I Hr }I0d&eٹb]BאT]2ZN1Ґ|l1 \ No newline at end of file diff --git a/secrets/discord/ldap.age b/secrets/discord/ldap.age index 5626a56..fff7875 100644 --- a/secrets/discord/ldap.age +++ b/secrets/discord/ldap.age @@ -1,24 +1,26 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA oKU5WHTVFbMzlj3VCOz8SK6HUXSMx/+O0GRBgrHz4SE -UhAfuzpx+3pVzaADb8IboXPrVdjc+6nTBs58vl6UM5Y --> ssh-ed25519 4PzZog P8oILoh4jxjLWlJ/8P6ZFo3gVnPLf/5rCXKt+VNbwno -Z2LPtqT7vxDVXo67vUE++kZsgR8EW/g5p6ukannudWk --> ssh-ed25519 5Nd93w SCPXtK32yRY9SHlXW37lWn5o3kVyGLvE25JC7OYrqgY -jXDPZBtkFaQ0zrWQ+q4t7gPXdzH3FXxi/GoGQ6A5Xp8 --> ssh-ed25519 q8eJgg c0Pm3CbI20Xx+ZDG21YFBBYcRXhm7XJtL4upmfQk7Sc -zoj5rfYv0LlKNcqxPCEmgn7Q9fC/zglkacJ+RdRGFAA --> ssh-ed25519 KVr8rw dlnvbfFVgq8/fCJ+VVNt82McHYcCYOyej2q4Xw7lHQc -7GvA1OChHOY8H+tNtBc7t0dGX0htnwru/xiOk22uz2g --> ssh-ed25519 fia1eQ WkNk6q+ujMGaMndfrj4RCUhE2UTkYze9Hj7iDueXqgE -70nqJIlhPFLAUCt8p4c/GulYOCc45hvqKDFuh1TkaP0 --> ssh-ed25519 IzAMqA 4ribVEiuHMHX7rZYHi6iiW/5BwvVvydrsBzlVgRjT14 -OaEvZPbPJKAbOySo/7DcIuwM7F8Lowa8mnYSkXmKMwA --> ssh-ed25519 uZzB3g HBpDQeuRn/7ST7n+K9V1O6uLNnbu6qinqrjO000lyDg -ACVdyMFSsJgRcHxU85ns7RVTWlKTCRbUqkvgmSr/7CI --> ssh-ed25519 Hb0ipQ zThy7Iiq+mfgOic4F8FN94LfUvxqFM/k2Z3Qrs4NNUI -E8HEerENg4ypEiV3PnvghUzBuL85SkWSBeEdQw7xUUo --> ssh-ed25519 IzAMqA hvEU3NLfxGsQkA1hlwkumtgEgscd0HRcBKHbavr22Ro -omEGJ/nRcqeXRI8HQkWD1lnabodUNSipnmedtZjNyfA ---- OeFgK+AG4MnUHFFRjJYmDKDonM8qNnGZ7sQzdv9GZK0 - {J7bW"){N62l8Q A --'qGr}֤#, B(~Im /F>`RF+tC-p]͡# m |Y7È*+f{׷R*XUl:yM;my9&1g ӑ+1=OBI6 \ No newline at end of file +-> ssh-ed25519 V1pwNA 6NKUbOSUbwVjzW/ZUpl8qEiUTTegFlji4+tVJyqY3SE +fRQvaKnLMkVBboTEriQpWlGY9VBAP3ppsEbAB2QTScs +-> ssh-ed25519 4PzZog mp/+b5LpB+DvRduqAZiKWqkZq6+tlyQgVTZz7Oge2Us +OycqmZyDr3levWSfRFxypJOkITLDix0Q15Todya6BNc +-> ssh-ed25519 dA0vRg yp/4LvS9DbdatHFWFsP5qhH8CP8Bs0IjVSenUtG4+Xs +hHiJEtl1ffYXltsJzuEMLGUl2i/i3pFzv4bjbx/cbOI +-> ssh-ed25519 5Nd93w BTngmy4NGLGKhC8lPos63QEVBKoQT82KswQ22EypcQQ +OCnJMkOwwXQVbtCitUizXM4nynC6a1tiPSkm7MxulWA +-> ssh-ed25519 q8eJgg NaEjVcDBVICRgXuJchEdE4vg3qmkNmJAbDDxLq1fX0M +YFwUmEPwJIik5YJ2SV5IAmqGlY+h24voJJlrBaoCBwA +-> ssh-ed25519 KVr8rw ZnyVITZFkuozEs/rbTdxXDQNS3Nggo+JkBL1Icht2SM +B4jVVts5lK1kIlOWMl0eiN7TpsTeJZWIu7NqildxeGE +-> ssh-ed25519 fia1eQ kvzARRScl/eypC2a5cY66sXcH+TZqz4sYg4W/k9iJxQ +Ga+4TVvXiQ6i5/+fgUQ3E5tJiLqdBsEsXjenXEpRV/A +-> ssh-ed25519 IzAMqA 5sizvlhLhAhAR1bViHJtRJ8fAIO56TAuLVSOwE177QE +b9oJ8BC2xiBjvc3D0H0EF7bSNDlpvIidyBCTf04ndJI +-> ssh-ed25519 uZzB3g g9y66zNmQbqP6Rbhg2t06W3YOgy8DkRvJZbWVegT71s +2dH7E76tDMrWQJbLPefyORP66iaPHQnSjwu8NCdSyJo +-> ssh-ed25519 Hb0ipQ azOzBLXfshInlFVpV0PzIBidL/VzA/+kKRXFFVD6ZF4 +iXBF/Wcv4KWo5qUXUlyimuo0l6aClKxOCtkm3MxAIBc +-> ssh-ed25519 IzAMqA EWitYyV8RsPIB6HEFE2OI/C1zcC6WfBEeDI62rGVmkk +Bk9tdSqIjLjat21J2LM8RXAt9GwdQxYdfPzqDtCjunE +--- waY7j+HMEOdqEZs/TcLEhUY9gJs6ZSc51VNfuCmCxJ4 +;d9Avnq<;TB؇$Gvh +\^l֯`?l au~Чy[juv;]!6XIs4nj!@|">e[VV,58Nh[״ZD,z&I>|zm \ No newline at end of file diff --git a/secrets/discord/token.age b/secrets/discord/token.age index ddee942460ef6797ae238dce82a9bb0eaec627e8..657f2f39e38ee67b34b16ffd975440566e15f64c 100644 GIT binary patch delta 1049 zcmZqVc+W9Gr@q3+(cd|##LLVz#mUey!@t0}DzG@k*gvcyD9F>$)w8P7v#8KCE4wrz zlFP!eGPlyx+tpIrJ2j&qDj+-Gz%MV`FWWoW%`(8(**7ZKKPfES+|xfdnM>DBp}06h zH#Nn`)YQ;Y!6cw6DnDHzJIdHUE8H(BpuD2Wy*$Mrv);I zDb=DpGbJ~hE8N&Huh612IWNkg|whzKZ_g}!%}Zc|B4ikN{c}KO0#TV|I~8#Oe4#PlyVo-sN~#YQzMh` zWUk_(6kq+S0N)Ht1OLLpNasky2ruUlC;bqoU{_}^ZPOGdSI1l@uZSee;)x%{!-Mk^ zb3)8Kiz0k|vNN?^Q$zj30}9QY46@R5J-h>5gH3YNa|?>9%=4=vxvJ7D3&Sid-NLg= z%S)=l!aPI6iYr4cv-1pG0z53tUG=>T3k}LWEV9g8C&x32hnGZ!MN}61Bv)i)6dDH? zo0#ZFnUEx6dTu|ZclqqkoNwXnTAUaW z=A34bZeD2Miyi}MnTdv}feK}o*_OV+rK#EFUKJ_k`3Cy+m1Y^q#@?Rh25uJqp#{a| zCa(FuA(2ig;gMW^Zn=q0ZizlAQQofFIfW6WiB%!#Zf=!f`B{}gmL5T##ewBsZk|;s z&aUXzc~&|47CI`F=NY7Vh6R|Em!~+T6_|x)q!_q_8TmQ}`IJODCq^XZ7S|_Q6nbQM zXglR|FVk# zl$&O!IU1A(CsyW{7kioex%%X}h7~v_S(XGFdq%Z+7V5W<11uq2ey*>D2RUf1gynyJf+hgE!B# zC-oM1)O~p8n=++(Q~y>Wcl)1he}5O8G3RD?_%iW4+hw+e=l1?!-5KwCmc@imQH#a? z?7FT;1-jlJ>h%jWv=kddxBdFluupFXkLcWxSKM2F9GrRc#KV~@-9)T;rtei_U8QI% l5t_@luu)=CgDOv+{-+J6uOH{)+dXsFj;+y21#N1M>{yX%GXUlyCg8nH`~4 zk}E0DASgYh$}8O|y~y3SG%u{c$0;#0y`ZGXz~4weGtbhfD$yxF%`8bfl1tZ4p}06h zH#Nn`)YQ;Y!6cw6DnDHzpfIw++|ti1+tsze!Z_5!->o>)%S*e!Pdlj0s3_8)%A%^k zF~l+0$I#t?tIEvCTi+$rBRH?D!r!whKi|(Jr@}9(%rZD6%P_~%y(rHtxH!PVB|M;f zay+AWcwSz3k(Y^gL~xO>k#cQK3Qdr`binC$q@#*o*ucW=>={DWht(XKKViAT;>%yCQ%iI&Q<>YuEov) z#+k_x`5~@Z{+W^b+DTbng?>qX7M|H9>CR#K=)vS2R%B6Bu3%W473fy%?NU^n=~kd0 zl$ltc?~xoBk(U-`nqundVo;PG;GUme5|kR68OT-U@8y?cWD;zg<`i61T98$&pA;J8 zR+(0oQs`@8YGj~q5*QvCSm>PNWr1#8T4thQYM_F*Np8ANhDT~(a<+bjNrqolj)j*? zmcMIcZe?gtut#N~LA`frm|v<#g@G@ZcBZdIwo7ScQDwPhPH3cslcPn2X|j)RT7E@< zXI^?rd6-F1Rd9ZOT97Ncb)Hp@zJ-nosm@UbfvL_F28mIrDHSHBRff(LzWPqiPWomk z?j=TnzDAM3CM5=j-mb-5<=$nM#=++G{#B8Qq58QYp%H=l2C4Z)hKByW$%X~)RW1ge zLD^L~ZUycJT)Mit3gO8~#aRIc6~0xb&WULy=1$)E?xyL^rKzUnrj|wpkpU+9#*Sgy zmd@c8T*A+m*}wX}>#x=B$9|>^iD?yL+p80`{#JeTDSB$RSU4lT@#0=*s;jeU*up?scqWz5j6OCBY{?e8F9l&rf=5(66w%#Un{RaD%h=&vVCT z_upJM_n3f_mB_R27OqFH-v%#Sc|j|k5(Gx0Lf_RXkF3eI*j&xouv4&+MD4>EO5cJT`GH+3{} zwTN`gbo5U*^bg6*^A3wN_YCn&^K!BX%QOnBN=CQMB%mrPKV88rNk7~pFDN`URX-{z zDmU2IB`CPK)Fit&$~D8&H7K&UJli~}JS?jqyqL?ipfcMdCA%ckz*t|~)S%Qe&mbq! z%pytKC?wsz)H}W0-=!!uGBqW_$P?YR6i0)ypmc@Q5X;m^-w3ZF!}P-PlmPAgP>af> zD%X_!RJV|zya z3QXONgPbihQj^_$Dh;?y-CP39jq-}~vO--4H!3k*VX zy}c}wO7qceE3`=UN>5h^FAXlt3HK=QHZaO{)^>Lb4Jt12%MS1fPBu1lD=0GYDGACh z$#5(y%1q`mi^|T<$}MpWDhenoDe*2ea&d7^NeXdI^eN8D3r@{WwG0n)PSf}D3B(9V z@310^qH=|ZqRrUojw zd*lRF`s@3Yr@IH5R{53sWq3KecxU++xo4OMndc^lx|F8nMd>FSg_v*!=D1{KmK&Cs z>W2qM`gjCp`GzHWg=B>U7+ILRdO8|<`5BgExfSM{1i7Nyrth9)njWZ-ol|72udz5Rs7? zl#_4a*aMWK&J zQkq#*MP{Z^uuoE1rm?4aUa>gCx*IJC51%=Iz@6-X_vX>7o~U=`eYa7looipy95@v6d0PCCHe(81t(dQ zJ9)Y}rIlr5Szy=}5nSYGR<00i8RS-EQts;HWSL~>6P8};?B;Axpl@yw8EhUBQf8Fx zm7Wn1QdD758Or6OpBIv0nQfS!W}0IVsh^acXX>2qW?Gh3nidgWoLXt@U0#rs>hGQ( z5{e#@E@4%{ndu5NPt6zjW0MLJi724@=?21Rl?`z2?l zxhIGCd*~Y)r8*l0lvI>C`s5fzhNQU#rh0f5Ygbz4xp_Ey7iFW{R#_HonN+S|8Wx^a znIBo=Yi{P_9+hUCY80X!;_jFgR_bJs;u2NvS{UV3pzRpo8Xn4(;u(?~VBuRFl^q#g zm6~rBTA1XXRu+}$obH|OXy%(@R8(T(VruE(VT@s$XO*LGp`(JIiI2XgS88&RXSijA znP*;!SC(gizCr(GcL%{_byimb}BHU#^ff4~ zC`@rO35qiGa8Ggy3@hiVG%In+ukdsA3O4Zz_ILNNGz#!`DNZxg4~X&%PP42^_x5r! zH#9CbFT%*(!G$hPxsD2k`7RY<`Ds~R!H(%Jp{{|s-ht)$g^{LdnSuEp5iSOWZu-fN z+4}B2VWC_B0cjD&j)q3QDUqSYhT-KoF8*#FmaZ0|WrqGCX`!jP+9BoH7Re@MQI6<- z3w1S1OAb_U4Jt}=(J%6>D#$2L4$h8n%PKYuOfS_g3~UOQW2#^$nAP+&$A1JyQeS&CK-83X{z}f*iSuoOAQid~=PX zoHLy=D*Tg@oDJQ*%>wi-JzTs>JxwbuJ+z(jqAZOf%P?|xYL2sOYPy1Dc5YQjnM+w_ zaY#X^QF&TuYFK2bMNX-oqiaf$L8*UMQBXuhntq6jqc2y1c5!NUcxAeOs#BhJL2{n4 zS8{=~Q(lCjp{HePX_<3zfk$?JNJwgkA4dIVQ5I$C9Hg?*3?_M5mmSd5UUsUOnmYE(B7Ri<6p6=ul1}k{<3DTx61;tnHOm zYEf<)?rpB0>~5G`Rp3$;j8T>pRyY~>g(mxClo^-@Wn`5El!o~_2WFXMnHU#Z zdKX0mRv9`v`Eu#%>MD3-rWTm{1~{4JmYRfACTCl?l=NOYWb6Fvy(A(Ze>c`(p8a&|CWuF)>QIn#`-^Q_}u1lNc&3qQwtoR z^GfQiwuPrdn6`Zkye9blmiZF%&!6(A?`1TX2w|vx@N`OQzQ(o7ul-N|dBf1KNb4P& cKY#qReQa9YCTEljtvw%0^fIiK+UL3v0DD568~^|S literal 2704 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5sb;wa7Lz zst8OA4ROh`a5gFptVk)cH1i8h^vNpC4iEG-t*mnKt_-&{Napg&EH6xpDswN%%C0a9 zt@O_;HZIOc@yX8c&&sQ)EU?US^>r^!F9~zYa74GwB%mrPKV2cxJh!saNZZxG-MykT zB{RKPKQ*hwKQu8Z%*oH+GqJ4HQ9C28!m+?9$AU|{#4pd&BFxCc%)-MYD960grz{}E zyv!}x&A7_RHN7;i(ksOyD#)}T$P?W*Q@<2T<8lSpEdQvme3v9IeUGRDA7k%|LeETt z6qhoWprWWCSN|YW_llC@QvE{LkbJI6pNQbHKohgFbOV2F?WDj^?+VL+2oL=-=Ww5b zNXP6#ANSH!^Qf$U)xtkC(Lbu#BP^RM zx42!bH@ym!h%%u||50_%!)z0uOFDc1OHIE8Rjzka1h~OeevvP%kU<=pcijZ(4mx^3J&*D_a2+yeCob()R zcaO5*sK}hcQsaV>l9J#wgJQ0f^m5-E^TLpHr=p^$QnXX{s85U;YnqOLJnQrc4?v!hyogHNEtRJ457ZDufrSDVe zT99dyS`rpkWxz8kynvtkeQrinpohY?_yf+nrNP1R#}wlSj^>{o|c@Glc}9t=A~^`T9Q`i9Fmn) z?vYaH8Sa(p78IPClAD?5ZkbXVhLHn|3v%?m%M}c~JwYX~OGTBVxtqCrwq1_qbpSB4r} z_!dV77*zPVIY$}>av2wy=UM3cxR<47dU#nln}nt%r-kLa8z?c7?UtFGr*E3gRS@ND7-nRN5pR)h zi51T23dR13`EG_4Ss|Go$(G^yhG~XT+2*cMrTJcN-WKj<1wN_zmi}o;T%&F)urk%g7}_-`(9`KPW9Z z&%~s(C@RsgqQJzzq{_1@)iTvE(<{m|D?BhHB+LgRzgd(;Svm(QgqnwCdItNJ=Xw;B z1sS`AJ6Q&l>j#$P6uB9dnkJ=YmL%o51RI!S1iK}3MWrS=re%2>6y^t}8s}LCdYR=0 z=v(^eI~t~znmKudn5QO&q-5lH`6OYalA_$AvaE82f|4*}6R&dLNFy&tZ+)MP$TDAx zQUm8G6St@cuh7t>h~h*`3y+{OpNL{EbEB+mH}|CULXZ3`{R;i$l8B(n@{A0R-1O{> zp!|q{j0o>!|FS&GN>C2a)m1P^4-d>W)lN#$4$loQHV*I%DfKdP4^DG83eR&caWZyx z%S?3j3C>NnjO4P|$6?}@T7U0y*uRK5M=q}3#+~Q%IHx_N#K^VCCD8Eu=9>xiNp*sn z|B^2McIr|1Fn@08HvQv@zXD~tL}U^UKh66+IbzyrCDz88`}ZFhXw|jaW*qIn$G%fy0q*m$hasXwr3BB$2P zWV763^DK82Ni~1nw#i=f+&$w9nXAhS=h#-fGWp2q_UrueSIu1oQ#ehEMb~JG&0sy{ fwI^!b5?M=KMk9Hdrxh!2|9O17YS$r-oC((f_5O-I diff --git a/secrets/dns_dnskeys.conf.age b/secrets/dns_dnskeys.conf.age index 4c6b7a97c7458a75437a513408b34e47e0a9223d..b7c199c9683045aa823f80e8c62b59995fe4dfa3 100644 GIT binary patch literal 1204 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5zJKNUv}T z(RcGL@hz=P_0DwC&o?fs2+s{Kb22N6aQ2QY$#ODJtTL?%_2ml8b+!x(D=2byjdHRG z3-&JXNG=G?tMD|4D)b7{aQ*N=&%m;rGS9M- z;;^*bVoxXS(yElwqKb;d)XcEV90M+|l58{o3a@fEH%E`i0>3itpsFDM3OA=DzYt5u ziVRN=3-hq_g0s28GR^%0vxCX!nK19z5TRHGeZM13XHw{LVdK0 zDuaUzN?g%xE3`=UN>5iX_R`MuN^{pwNr`Yw39!(%^eu7?whS)N_6sXYEGP*sGl_I` z3Jl9mF?8jM@Uy5&2{o;7bk_HF$}p?6@byl%@H9-#k4$k)adQnRE;aN^F-k1=GtEY~ z%{#2fqNrRUFf=s1$gnWLz|1wVq};zC$uQ6&IU>+FucV|R$D`ELtUT2xBh53>HzS)X z$J58zCp#r6BcM1t%*@9>G^aS!q@XOsJj>arxYRf?TiZ+9H?K6=BFO;VwzSMd!_+{9 z$c)0m0{Qq ztV**yCsU8mRP*rgsyzK7$3l-x(_sH(_W&;g19R7`>>!MI^DD{m(|1$|HOeAd_P6v1%?so*&37y|FLF$etjrAcHcCp) z%l0wM^vfzp*EeztE-E(GH#Ezy$Tu@dEeb^UTbWU$fu*BDSz<+~VY$0ml(%K5S7c^| zvqh4dYm#dB1e_4P@YO-IBcZqkUd6`*|rGB`hYhk`w zc1oyeV!pO_n!dSXzFAUYWqKr+uCA^^k&$_7r9r5_Tcmzsc|c`RN=k9CafwlCzFVGI zM2bt9my?sLMMa8!fMX!nYKMMre*vzf(0f~?_D0m6>|6c$aqy&z_y`s*7uXo9w_^8FKoQ;IqjPJo9?M4k{4txxD@W3Sk4!IUdh*Qk<^5h zvknPz*BbWEboJ=^uyom1&5sXccG=mUW%rE!UAgsi-h}poY;Av?9ir8N+%J{PZvIfQ QG2U%hzh_zNys9e}00vH(2mk;8 literal 1094 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5yAED~+lu zk8(GO($5KtEN}~obT@T%4)Q7W%k$CC_X-XONRJ9O)K4qScI0w)HTTOhGqETwG&J}0 zuc%DS$}%h|EHU(RDJ#rKweZg}PjWSKu5vQ>H9)t`B%mrPKV6|TK-)Ym!o=0x-y_J~ zIWHrqNZ%qL*f`TGI47mjx!lm)rLr_jzbq=(Fr6zfKdj0(!Z$Um+@v_5(j+^@I3Of5 zq#)Nc&>}C}(4g2e*i1XK%FHV~I}qJAQ@<2T<8lQH*Zede7jsv$aQ|>uA6NgZ^parb z(xga({DQP>OV1R)!~oxl6r+-&EKjaLr_|)KP}iU=i{wI&R9Dlm#Jtk<3WEZl5`VAc z{N!-6oWgK#^T@Q|vQTu}3N2E-($f`^eR6UOiqg|OOMsHFL6wA z4tCE;b@An@@(T2g$S5LksnjGc86qdkP!(=y znGt9nWfAD@>~D}{;NltOXPBBDVXCcPpr6g9tE;O}7NMP=5nN_e5tLG3l4j!XUt#Q- zT2!7=VdhtrWl>qF?NsLIW>`{Dk(174&!883YVV=+`qufS3sTGyZJth#QlI%eNmuh# z#NW3M8KmWfkI&e7IN;9>re$p(lmE88dmU*Z-?}nXFl6G~g&B#9D_3S2gk=k9TDIJ{ z_j%UZ9$W2&MamP*_+7uu%bj?@Q*@fAOv&Xfb)`*`6?bH$CPz$=zL2vh-(c0RHif(; XXH%95Y)oC;$@o0A;H1XirB@jN(^qnr diff --git a/secrets/email/details.age b/secrets/email/details.age index 1b5144c..9c02ed7 100644 --- a/secrets/email/details.age +++ b/secrets/email/details.age @@ -1,23 +1,25 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA fUmQeNgoFbbsFaWOuoZil65Wb9QXt0ombUUaowzGiw0 -f37D0PiBMFwmgUtsNmjr3GD4u9VjSUhRKRdRAV/m6NY --> ssh-ed25519 4PzZog 8IbMdWcBQxNl1gJSAxDZ4wX01jU8xVcrFculOfhdW1I -qrMJW01W17kyc4+61PTUf3fYYeqiEIerzLb4Qyjomh0 --> ssh-ed25519 5Nd93w InDd1HzgxvHNVZAdAxoeybHI3kRggQh2dTI/abS9YlA -v9ONGUDVrFSJyham1OfkxRtmPzdOBQqs9zD/u0XkHqE --> ssh-ed25519 q8eJgg L0cOuysyQN+oBz7sG8NL8JHPvoPyKi8qSlSVan7s3V8 -6uxUttvfD6gbNLdFiGxo88ZfpNucTBpCTd7OlAYdx8E --> ssh-ed25519 KVr8rw IWOO1WfFljVKcU6WkziAvX3KaRoBZoRT9PsihqkK8UQ -fpK1yiGhKxlUOzhI+FP1AmEP9csPhMcBjzi14spJThQ --> ssh-ed25519 fia1eQ M+Z470oQzYWBwjQIqBgxBNieMeJRzoL6rc/rit1dkjs -xArp+UWpskcsc9q1XEzJ+1rM55/fK4/7WL9d9oXYla8 --> ssh-ed25519 IzAMqA Iv7rCzraDezK5u7baBxdyXOMVWUQJZpQrTc1W0bWEGQ -U/d2awrDMpw6OP6Z3kEgzfpCRfmxPdI+7LjkRrBLWx0 --> ssh-ed25519 uZzB3g Sn4Ufi02xZpJq6zJc267P9L3rlAL6Boy2YP/kj4PW38 -UWaxsni30Z3cEH+oVRv5wP6EguVAnLvbkC9zB2xG4OA --> ssh-ed25519 Hb0ipQ IgVkXC91wdBmJcoksMSAmMVn29poksBQLMOgr2xQm04 -d+fI4goKUHwn2jsA8jJzLUc0n1vHKUplsl+zG4O+g4g --> ssh-ed25519 IzAMqA 9V3QfuSB7mbnjnYRiRG/lznwwbAqROGXGKKni+ut9SU -nDxzIJAl7JIs+Q6YAiHbOQWXwfvQ75OATgEcp1SEKMk ---- 24F4ekcTgmg1WahdpZX+TsLycKdl6ulrJEGu7m5hr7s -Hu5c\Yo7t5e)/=;->kLS'=NV於 D=}KCPâ8c5!Vnd63I|3iyI>Jb/SsrUrV \ No newline at end of file +-> ssh-ed25519 V1pwNA OXq8Ez0V4LJUKYl+5ql1M45ZHLP0pRg1+wpROKw31EM +VRu9/cu9HpKLzf+ChRYl+Q7CmLJotHsgtuONSiF7xI4 +-> ssh-ed25519 4PzZog wjZuT9yZn6m0pkIaEqZG8Lyhn0tDd7SWaG7CMe8axHs +g1xgcY98I7PkOGr5U7wXW1+WmKkhw0IbIjEqkpJ9qVA +-> ssh-ed25519 dA0vRg jNryFpGJIll+ShRBJfSeDxoregZChDjfML7T7GK5tQY +EKwpPdl+lsxPUOwiZejGoDhW5AtnlPb5o6pP//QdNsY +-> ssh-ed25519 5Nd93w bUK/vkl4JdDTiYjJ87y1W16Q3+UHYJydd4uurTt64lg +i9ewXjr6156XlJfXlkexxzz0e3GgR9qiRd4xGD/ET1Q +-> ssh-ed25519 q8eJgg PZgB71YUUBZR3f400P3eyr+XBxTfzzK3uW95jUkdEBE +ZE4jDg/b7RsGthpdrY0EApD2gSNnRWCUysrooiEsTb8 +-> ssh-ed25519 KVr8rw NBamDqepGTVk+fRuSRh1fBcFi+SXt5E3SdeNOHu+eTs +a99yadLXBDuyo6fVYTXW12HJRBKJe89QtAgTsw0CSjs +-> ssh-ed25519 fia1eQ AxTNqh5CUr8sLDTCbAJyv4y8j0uys4+2u8IZcdh9mAQ +ERVJjXxP1P8DGDZltLViSRUQpBVqgUPBG5rA0vX+QWo +-> ssh-ed25519 IzAMqA mG2TOePS2xp2zfN6tm3df79MbQmahP0Zrz/Wv6m9VRE +DHCR0kPJ+FYi/8cbNo1wYg9W+ibhNulhjC+4ZT+xQkE +-> ssh-ed25519 uZzB3g JZiMYvKnSx0MDl7ajstoNqdogJi0oo0o0RWYiXYdLCU +wdlxY9xLC2+CdhOq6XFCL27k6hoUIb2iB6uXVzoVjgE +-> ssh-ed25519 Hb0ipQ q3pj0zGX6KYAQt92tWGcVnpzMztez5qMD42Mf8kq+D4 +jFCtS7SLEcA8hc6rxgnCojW66HMAqKiHzyqBVs5dAFA +-> ssh-ed25519 IzAMqA 9zAaZRjN+SdSeBnn3ocISeDFcZTUFlAwIO1dzRb96lw +7T2xjV4CTcCMwm2g3nGdVXCCXzQNrNGY5fG0I3f/y84 +--- Xry5yKvldlqJm4/4WINhgNr4zLuZncxJtZNJ/ruwZOE +XntYyB01EḾ‷*1F'$ӿkLtGŎӳo5-X2a<1_I;KzGkŸFњrac[gOBb/߅4oU \ No newline at end of file diff --git a/secrets/forgejo/runners/ssh.age b/secrets/forgejo/runners/ssh.age index c30e3ba05a09a4c50671f911f4803f427ee79e67..64629716a76c9b376ee98678b9ccd94e0d28166b 100644 GIT binary patch delta 1297 zcmey)`IKvdPQ9UTc5+pPw_%!hQeIU~T4Gv}xs!>1URFe;QDJ~~nQ>BqZ@IsAZcbu( zC|8 z>TCO(Xs0KoMP-F21(~@7MEzeg37WyA|kw;qWpa7Ba%#Ag0hUW6J3oB^9u`- zyh8IzLUS{nDnhv|%gUl6L!#0{-K)$~vYe|zO!LFj%>3MpGV)Bb3tTMAJ-pKbEK&kZ ze3H?vt1Jt)Oe$9hE%8hbwf zC^2$Q&+rV%N%wS2uL?;kw9HH@h>GycPRk9-ObtslGtSD(%*r$^&nwO6TD|0`?*q5f zy>I=t34EKVW3RihF>B`DtM@ePw?0%TD7$f|Wa&mNogYtrpLJU&+}Clk?&`s>vIlO6 z>b-Ca*6~mGkc&x5yqG?-u{}g6f5L5tXP56^-m9Z~S4m&EezAql)KkC(_!N8=32S+WcU>T}1z2|8#bt)4v-^_*MpF^Gw|E za3XuM+u|^u|0=3){7&j6Kiai4XU#s(nBy%Bw%&o3t&3CpE>DtT?Oez%BD^|%Zfg(w zQt|bl4yh&VOP>Dmo@z(D@*0__3okC6U{*fw>Ld2Zlkv9P_ip#1TlwJ%TOGMnyS_FY n)m%`madVTT+$X#KK(UtBD@`8UQ$BRy@0<2h({{YLaKRh^V(;%c delta 1206 zcmaFL^__EqPJNi6lSOu5VxnhxR#HWZzeT81sk?u2wv&ZRa->;tm8H3huV+AJXo_1_ zIagMcS+pc*c8-&`Sy*Y3c2#L%s7a}%VM?G`pp#?% z z;Gh6Mvqbj-gCcVa@0`>y<8r6SWKW9_ZP&!W(t;90?MSC&qx4kQ$!8hG>#Ir%E&MEf zB1!^6O8iPH4YCSybECovwN0wZGsD8nDk_T7qD(4X0u3@exxy^+3`%_py|OclT>V0_ zJU#P^0xB$uvNMf>3_Q~!bIS5vjFX%llggbjg2_9q$fBrRA<{I`)G5fb#4RMx*h|04 z*`VIlI5I2Kqr^GQFU+FMIVCZ|*)h>fzueW$gv%t%+rJ_?QNJ?NBsbW(Af+b)xp&5Y6toy)o0(t|3i%-qsl6H`nKjk8iJ!csE~%98v8OM-o} z%!AbISDNEgoNS^Ulou9aRGDLu;gz0f?CX^6tY4m25E@)i z<(SR2>2cG9mtWJxEV}i?6QA}jW|`2(D0Srb!CyJu6)MluSf?16z7+m6!%DlM{$<78 zjv#Yg&lj3TmD8%TURG2tGKj8otC97pyty|i_+`gN_2gp_C#Oz3_ds70?ltlUPV#4qKRUVQS{-}j_qhH?HPH?4@9Xt= zC0z6kcPrhaceXzMkW}ve-oRf*zN_D@e*3ik>mlhc!gV_)a^Ib9@FqUKVrM%W$?ws&v5RSocHcE z+pN_`kJ>I=9dys=>T0u%EIh$+3W7ZsL^kEI__}3&HrY|hP~6R{_<7l7M!uT2tlS^I z+7x}>eTB1L<$lDoHqX^N?ebIOe;we+&GC886u?vYdiHj89iAJ@Y>rn&&RC`rEUVAE zmwoM(d7oCbCaV3|_V4VT;FDRIoh-`g-Bf(GeB~Gs{jDK-z z_OTZ_+g?cLPT0HiS4bE0OCHA51Mfdx;T6BIGR$A5#@K((>^mGLZxlaHIV1iQ0KTl; A8~^|S diff --git a/secrets/forgejo/runners/token.age b/secrets/forgejo/runners/token.age index 03ac739..77a80e3 100644 --- a/secrets/forgejo/runners/token.age +++ b/secrets/forgejo/runners/token.age @@ -1,17 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA bGirG6sUND19fSIwyvtjS3RDjyNUc+kXmzRoN4P1bC8 -kPJr2S9BlGWWnoggce6dx1OR0/r57AB5Rcgz+qY0qKE --> ssh-ed25519 4PzZog iciiKCHhfK38SwvSPrdoMK7C250qTV5eBgv657iyKwU -dEiSS1FuxEpovNAl1HPZk+MRCcjLGiKgTfpi5Ssi38M --> ssh-ed25519 5Nd93w FFgxLg0NNK6Op64FHu24sjaerv3jgDaPz6uKPi/A8AE -ZvHbJ2K3T7CUJSrrpF9fMmP6FWCQ3i6m/5Fi2UNtbew --> ssh-ed25519 q8eJgg nVm1H/mbEsGt2O87i7VKUL5do6Rc7n5nvSilUtQ4cBU -WWtsNbIatU5ZostueLntGgKD/nxcavZPheU9afRvbH0 --> ssh-ed25519 KVr8rw Nnroz2PgUoJsd/frf+N+b7xdJDAzj3NsmJaogsIkYGk -xX73tnCCYGBNA3BRjjPMn/IV+qwjIwEUk+IZbhCCfHY --> ssh-ed25519 fia1eQ GLYqWGKYKwkBRwQ7SxSnErmz1MFw5gPCexfap8VM9Rk -Z+dIKhk+JH7W07diX1Abr/Deezkw8xGkzXQuYn1HfJI --> ssh-ed25519 yvS9bw Lwo77pDciewUZemyFc1EUboIlXFCBx3CY6BGuizach4 -AkWzgV1zRJzLtfRxkfhmd80EU8fW1w+5sxMAfWgdEMI ---- ac6h3StxSHr+HFsyPIBPENQRcfKzXX8fzJlZ0MER/8c -zwyC>ָ\ku/{zծjD4{^mDs妞#kinxo \ No newline at end of file +-> ssh-ed25519 V1pwNA g2fcL863aQ9Fyd46ou1tLRUyk+lgmaq2ebrHtsGS/2w +dnE1XFTUYBtF/JU5WKqt5hPC+uDGWS8kT/m3JBm1FqU +-> ssh-ed25519 4PzZog DPgMcSEWU2eOVSEzznG/gRrkhJzhrZvFgJeI/nzjCVQ +STlzeXPR6YRa6iQQVOuYKTtvSRmG8u7Ne/WdWtSJd9k +-> ssh-ed25519 dA0vRg 91a3/mO9Mc8z9UXzPAHwUA+sZSvveNWMXHdKiy76jlI +sOph7DsS4uQ9lDpGSJCxUP6zz6HDQ4CCXfa5XDHShpM +-> ssh-ed25519 5Nd93w mP1uWGQiUgBPWHV6JuCif1CtR73z/nkiGEr+9WFmjDI +KGoT0BxUxlE9f2BPPnw10Tya2+SHfAigtSYTQwGFqlE +-> ssh-ed25519 q8eJgg e84g2UFFvCR0WL87MISDVeGyqS+2WJwSWx9Ei1f11gc +PrlpA8SWBLskYxujLpOi/7yeUy6q0b71sFicHcS+otU +-> ssh-ed25519 KVr8rw MEUHwxdpXsX5i5m7mcDLXK30Tmpznl18pE2U/ey3DVs +mCKEB6ZeZQRFUzaGqH8BVBNDbgHa1UocNxPjThciMh8 +-> ssh-ed25519 fia1eQ 3fVdGpKBs3gsiHWQW0hj8Z7LzgvQ3CfR2d3zAczNzxQ +xqMW2BNyTyDCT2qew5VLVi22toQ/SUnx8L3xCpWKtQM +-> ssh-ed25519 yvS9bw 8hv9OFOBacjS03cT73lluCDfbQa4U4YY0Mhb/fzXhCs +WoNTbQ72XUCtxxRjS+D7sBnShmmpoeQNvwqpNa1F7M0 +--- 1mryHIWXt0MNzqKgZlzikiIr8pfTWZxcwtZVvI0YSJY +>T%l殓;z䆝/Lbd2$&Z(JI?g0f=iP~nKSrzGCiK!M*<+(*%LpChdY@T z2IZK$xK{?7JGSR z8W{$=C%cvBdSrN%msDhVxjKg=yO||w`x;xOn}nHpPL5|356_A;buP#=GfNCIwFnRJ zbuu$9_wmgRG$_wD3=MEeFHOm_G&VESH#Dns<*JA~FpDWeHtfV~G&B;GKG^N;}%q7ypwKT;!EjQFTsv@(*Bem4U z%Q(v1GB`BX06hlMG7}9`0~I{8(_ErT6HNmGBLZ9s%c>mf-Ez#_y^IQ7OS~hB^729= zj7u|*LIN~3&|(!KJEj7vRp(;VIXN{#&73^NSNy}dHZ zvqRCXD~+mhGEP@8$V&Bg%n!{C%Zl*J4K^wdF>(s^3G&J@FAfRM4ahJJPpU5|3HB_@ z%}saYN;V4(N^|r#PLE2-G1D$~EHEypa?Hy!^$s?)@W~9wjV$sB%?vE^PYKQD($&>f zFfz=_FSYaxx3Dk?bq**kHB56VFpCHePOS6|a?8mIt#CD|Ov}%;$SLvU+Teb7&+2;@ zzMr-5jEcT`K>eGbxqD-W=p)N|!=sORf0`dNsy(B%_!7S&>+6$ld1<>D5?deYY)ra* zV%-MI8!LVA{Wo92ivnt1Ea2|IHiOLfi( N603}_A7;)t4gjs|XexwfB~pHYQxkwI{xfqp@FhG&#>icx84L}`#qNI*)ZpSg2{VP1Z2 zGM7hqad4rdxo22lv1MwJM^28rv%ZVIQJRl&V76;vZdOJ`gmGa;u6bFwFPE;JLUD11 zZfc5=si~o*f=NJCRDQaGi%X8Sv73*+m%merX+V0KrCXVaQBX=+fqrFJh`Fh@kz-&; zc$QI)etCE@SDLqvagmoxhv(SK)s?7XMCr{TLr>x|Pl{++=g#z%s+)%Iwt8oPxsi$!8hG>(k0jDxFOtXSrx!heN11il^D@>zI3X^$0SeJkRS`L%0xe36N@aPR7;m|v%u1#0&^3KJng{TP^Tm_ zuiTK}g5>;=K$Gm^pps;C>q?`loQ%^IJpEIR%2NFDihL~fv+|0|4gIp5GA%RnQj(LS zoc)6`GD01T!hXJ*ucAs3<2t zy~54NG%A}*S65dd*C#S1IU*@Nw5TvIFH=9u+|tXk&?(oquq@Ri&BZai#NSujBq}I5 zDYKmG;o`VCvnBZxwCwn*96 zR5HBs=A(`bsTaRr{8d<#yoqmF_2FgwJw8|Emi}PVT`scgmg<#_JMw-_ztMZN%e{ln37I)euQ4}?j0 diff --git a/secrets/gitlab/ldap_pw.age b/secrets/gitlab/ldap_pw.age index fece9747145c8e3fad8d86bdc5cb3523e26bf725..9998666e77223fcd96857a45e96963278592d1fc 100644 GIT binary patch delta 1023 zcmaFCevM;-PQ9y9zQ3baQMqrDMW}Y5S(%e>en?lbicf)OQfWXzLB3CRAeXM4LUD11 zZfc5=si~o*f=NJCRDQaGX=zceaYS-uN>X5ocWGr}Wqqh|n0`vRg|k<=g?pJ(sb6_o zQj&pRR9Sj9mxoK0n`@YFR%Ky!P)UV{tAUGIaFnBKNVZEzk#lNsu1iH?xJyJ-VwQmc zx^*dz24z9%3ckrMIjK=z`er%iMP+{3$v*BmS^B1~p=SCKC7wx9h6S#s`sD`sCK=Az z$y}};$=Mm1xdBcQft3Me=K6^tRS_<}xsKtE{QVXH{mGS>$DyB<7{0MVf?GgrplAOpa%i2y;(Q$qC7J^Nq}mFbFc$ z&rYl~^$o8u%L;NzE-BYe3Mm!*vrgOJ2%_3II+Mzqs%wUqueq)(mS*`Biu>f z%O}DwF(};?Jp$4)6Ae=X6;j;&TywKa-7Q0ni}FG%{B!DE0#dRvBYm_}N~!`pgF{j* z%sk!0Q?hz#@1^|drNjf^m@$P06GGBqzOs0^uyDDiMEtoO)pwv05$ zH%R8H%=h(<$WC_kPBeCRcJVhcv2+eKOZPWPDJa(V^~$#h4@otyC`(EWD>vZM)zwuf z4$90fFYwSWC^1W~3d;6yG_}mijLPvU3klQDH1$f=k8n&34^Jz}^!MeeJhR^Lcl*4A zwuDrtDN6T$t#WeIQs<~Vw!QwGVeS=g?$-)$CtVjPmu=nYX#KQMr{8OZXrOse;$+_| zRr|LW{@zx7Ws2?bq~ar*RCQf}r&SRhfmOaduQys;sas-NNlIRnb4pa0vu9FbrFM#bgl|}oMNy)gWpbW@wws$vGMBEMLUD11 zZfc5=si~o*f=NJCRDQZbk(rCOQ-x7#SZbh)Sx$0_wwqZ*WN~hpYeiy3p;usNkwvb4 zKv8KyRc=T+mv?$jhDD`EWU@s{SzvBxS)NgbN0_mbxqnrFr=@dFplh~Ks6kqmPpNzU zMOHMUEP9; zA~H-|4YN~1i_*;v^UB@z1EZ3RJzP@^b5nx?J^hU;v@<=q0yEtbONztNeZA969i3eA z!;LIF3(NvD0usvt+=I(~v(r36J;Kw&Qv6-fL&-a=$fBrR!81zVr!dpYBqAfHzr6fnXAiTifZX(C1%#w(_NOSGL#QMC7Am>v5jC8IH|H8x~qa5EtucAEPsBg+Dx;xxZX zAB!@Js8sVrgUalx5)A7~qpF;Y(-qRZ%~F!W{7NG;9bHOIyuGtsN|H?T+zk9P3oR^) zO#FSqD@w{N6Ai=MUAZEo!UBs8wbSeK4BbtvPQ6NlYbwMQ_h#Dhii9+^5>J(9mGxzkcO#=PYjbnP>M*E;)6ojI-S? VIr3TV+S$LHgVwbQWrTj-1OW8IOW^ ssh-ed25519 V1pwNA a4NtEaRWmr9kaG//BjsnHUViki8x0BVOzhCxs+LPNUU -rNnvjk9OL2dMhNtLlM/9fPwba0JKdF7Lgp8OrlPg0+w --> ssh-ed25519 4PzZog NzrMhIesa3mh17B0GY89q8LykrLZbs2ZbYYKpDui3iY -R40VQvvVK+qkL7z+JYG3/GShIS0NgWhn+gQ5VCJ8/Lk --> ssh-ed25519 5Nd93w 07HrZszUf5f1EIpBU7cGyWx4FJes5NdEwzPBHENjWH8 -wkpbLH4QJxN+Vu3JTG5jlBLn3QRih4mC3vHKABuRil0 --> ssh-ed25519 q8eJgg HYQ1pJ7UZ/wt/dzgaNOW+YCYV0JR9WjeTu1jtT8sNDg -WDqCEkt/zXkLbYRnqqdGF4yKy0bVKO937BADdp1wcGk --> ssh-ed25519 KVr8rw gvJBgBa/1llkpO7b/Mu6EgdujBYOldYCln0wIsysyXs -UlizPe1iqUaci6Qd9EGmpoV5BUjYCJ6BL5pOqBEoK3k --> ssh-ed25519 fia1eQ uHt487+wluXVQNoB+v7ED+VfUjedj6FPCvV3o5cjHyE -tqMzgDKazDYe+79uftPwazyW/ao5sI+BbInU6MV36hs --> ssh-ed25519 uZzB3g rrVSIoiWI+BQcCozUmwV6AUI33bwNZS7q1PXZHp04W0 -WaRnO24QTA5GFexSQMe/U0Br//PNPt9OPIxWuM/vdb0 ---- 9CleuN83VCsUUIsMLbU8274FdYLcy0IWe57C7ffU8sE -RK{a :@H;᯽oh٬|wPPq7f{]R%͑rys P%.ă-5DOfuFL.Fj4$+Y)fvD0/Y}UTl>L"; \ No newline at end of file +-> ssh-ed25519 V1pwNA Og+Yx3IddAIK5EXVRkGkGQo1uLTbHIe0PqOsbc8Zhhc +8cRXulCpUe0g0d9g+1Rco3KSDv9SsnZIPZpCURJLhjM +-> ssh-ed25519 4PzZog 2QPPJ1aHcSGwDAEsZDoul0i7gNhrDUiTnTMZDIkZY28 +q6/hLB31d6bZBb1cyMFns5DZA1w/cWOnAfOCnSD4+w4 +-> ssh-ed25519 dA0vRg q3E6IEJnhmyBspbZZkN0AzULmhosvo+3DfskLI8SoiQ +9zzEGaEQA4244oT9M7gSf+x9JR4tpRyigrUm6VtjZw8 +-> ssh-ed25519 5Nd93w k+YFpnrg3PelZb6VkWU3jNIRbcdVefDulVcB97Ty50A +H9oIXUHfQmBOyrUwCD4wecdieZ9r68BKll5LiSq8gpI +-> ssh-ed25519 q8eJgg YuI+KWmKVOb7nAxYfBcDpw8w3yAzr4zbJx9XmAosbyM +ulG7By5LTkTwRsizDy9Dvbo0Aq9hvkR7OYg0k7x3c+4 +-> ssh-ed25519 KVr8rw 9rGKrg4728MIyCTvpZujfb6MerMvWAcceEVJqkrhjgI +XwEylc2XK6IbPKa1KbnmRpxOBocaJA3u8GP75ZtDkDc +-> ssh-ed25519 fia1eQ 304jqcYsqS0Zv1bPBVryRtUev8LNy02Zh8X+6QiV1C0 +LoUFCs4oRgcUU9BIImEBY4YPa7IR16b3uU2a3fUv+nM +-> ssh-ed25519 uZzB3g 6ChChOsFGTpa8ndrvfx5SEBHJJxSPyy3GDmBMwABcXw +c+p3NG8gHiekqiiVesAtXSInzd4PIQDsHEsnTnDcmDo +--- hOqrvD4RR5WmtwXSZvjH2Xs14ymC0hECQIXA1vaDb54 + 2P[c͍ v[Տ_aFy\PҷB;urpPk_E @d8%cGJm2E +L\ .-jqO;0Z;p`(M~W1W]Xo0vuUN2R-GB!*-q8bl>)2UcaJWokzRa=DpDrMr3rRGB3O z6sD&XW%!wfzhXNi5Kha?kK{$=h1&dW>6 z$_mmiDROfSFU>5@D7AFX%JQ{HpL~{4ygt*_#5p9x-#yc#%EGWJxXLm|KP#&&JTk-5 zG%_^Ixme%FR694NLOaVflq;~zAS0+SG$gk&(=a0q@pCF(z(Di$jsRz ztHQ6yAiymt56`@G(yd z_jdB-G7fYsDY6VN^a%0I&@T$EEDNkO4|g>$wMf zFe^2TaEvf7HMP`EE=~2$GR-lqFb*s)bg48h2{AMX4o$W+3N!REbqmYpI^3cX)xY?J zrjSrhHh;h=-S7+Rrf{jA%G8cp_Wskp&>kz3HwP>Y59j~B&s?3F*!E&Qi_f~Q(B8R! z-tK8W^6$oDO_$Ogwz{7?k38$!_~6madxD;o2bu3F?fEA1Z&s`Cwy%?26`nD^&)>&U PpXl|9-HrK;W%eHcQ)5vz literal 955 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5t<($#yO= z^~w$KPfSYm^U|&;$aC~JF~})(4=N3+$PaS!bq%m^4D?J1cjU@2GuJjM3H8p5)HW>4 z_H@s!%5n4vNeqcn57zpqz@t zQd1ZI%#;#;Km9z5fOK@*3N2E-($f`Ob4v580x~^{y-Sn*y~=ZZ!h+KcE%H(wGhHlA z(k!y{U3|5Z{ava|)62QC@*~SLO+!k&qH?lQinA-7O3kw)QnRx%@`{3e%{?pqJ%Xdm z+yYG^0x&|-JFLi}s9d4g(la0`$ z+%=;(*n%rP)X62)I6W;Xyf`4z!pqFfBg?|V!_CChFDT2T$i=6;JlV)B%Q7v;(E{CX zX_<+JseuYPX<5cj#%WH@73Bft!RbCBj+I%CsZ~aPsl`4PIgX`{&Z)(oP9bhd2BBPO z;fCgBo`xZb&PK_OsqR(A9u*dDZUOG5fkEj$Ze}iyiN2Oa5l$Y){us7ZmIYfTl`FXA z`uXO#S%zmun&%svhvpO~mX-PxnOYhKdHd(&2c$V>1>_nOM+TRcn{YWt8n~vrMR^67 z6_#oHmm38KX1W$t`kN#tYloEMHn@7kOugy6Wc}WVn^( zmm8bw=ZA%aWLD%E6sGux7-pnrCI?oP7*tx68gO0Kw|m~ov$Ey;z5f*}&f1%H#qBw4 zeV6sV#+m&}4~3djd@`JbG_J8r{rmdJ_-vktV!Z diff --git a/secrets/gitlab/runners/runner02.age b/secrets/gitlab/runners/runner02.age index f29310fa2e2b237e83e12905b502de6747c68b58..6bbf420a39d42a269a206a3d421512412a2234e7 100644 GIT binary patch delta 978 zcmdnZzLH~tPQ9s*ab#q&Uqotofpc+*k72NPRA7LsmqnsUnRjlgK}cR|m1S6RU`3H( zHkZC-h<;#Bp?8XTq+y0@Vs28TucMcjxodK!VVQo4b45m>zl&c~ZiIK9BbTn7LUD11 zZfc5=si~o*f=NJCRDQZbiFvMfKz3TDiBC{cp_{(9NqwT3Usz^QVQ^Mbs85zxaENPu zQL1C6cTT!1S3qKlt4CExx<_VqhObdngtM`KL~2NOW>IN&zKK_2ns= z*<9hyP61)%j-~}sfhFk`MZU)RKIW08USZ{aVHS?sSq5%7IaO5^#qQdr=@UPShZh+H zJ7?>c7lnl6nR!H{7kL_+ItNvyrj(j^riEC9=I2_J`DQwoW=93(b7dN38>IRbq<9)d znWjc1g}G*#N4UCWduI8hX%~2Sl(~82x|=zNCRId+PL5|35BGBoC^yYD%yaTc%1g-$ zcJr^y&a}w2^bbpnN^#LP4ogl=HE{C?4oS}QuSIws0)Y zh)i=Yafvbr4hsm%DX&b*jCAykoP3s1yxt_J)Yz{)AkRCctklxqrz$YeqNuXm$GxH| z&7#bxAhR^UJv~V~G}XgBlq<=|!!Rq&(9fha!^b4t)vUzRC^g;NGTYFkGN&*vGAgjb zHOo9J#W2~$fD0|c(=rncQv(%3f-}pLlLL}V!mIoXlRd)9>zz$3O;gK_s-nWR3(A5l zjVoP4(jzKzw8I0r49qGsOtVwd4Z?FQER(a$@?AVFvU~y}19MDW6SLjTQ%zlrebaMY zU2}`kt*a~xwoEEl@Q=*#G|CPR)i;VLGtTe{4~oc%2rJajEeiB$px6fgcHkf?V#ot>o%BDp1@}*qX+#gd@cqYtlk}haJ+&2G{`kUumQfi^U zir4LR*|zZO`H0nNlI?uAu79+DKlgy0&)Z{GVdvjyT9gF2Ub6b=6eYhe>eR$1CLhDa QWR7u!gvZGTzWeY907zI+EC2ui literal 955 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5uz2(hp1t zFDuA5@=NpxPmb^{cF(U0H%}_H2uLi72+A_f^>#P(HMTSiPv=U^_f7T;uCS;`$qUP< z@^Cfr4^J^j@=mTaNY04JkMbxA@G$c7b}UM%3PrcgB%mrPKV2crGQ_ORq9okXH9y2Z zB|<;XsWQ{cBr-6{J|KQ@<2T<8lQzcdwFU-+-!0-&E%aOLNCSW6PpM zLq9`5i=v3!#LBQF-@LSxg3N5+JPWQ;FE_)aGJg~A$`m)}lwixSz*2n!&tfB&phyd^ zg7CCR?{M#IN6RFGL|=5<3N2E-($f`u^2&_L(lbm$&5TnD@>5(xBYfN0|j9omn4HF}M+_Sk1eLS+g-90k(vt3QgOM+azd~(7fOG>k&a?D*qqdWs6ql&{U z%+oWB%>&VG^A0PrC@NQ|@GLX-cF!*fbkF)5+rz6Q$iOGk)4-xKJHNQ7&^eN; z)FV>cGPJ5J$ji~KFkIio&pXxBT-!9*urSTV$jvOVq^dkAz|>zm*Ub^#w#u?#%cOFJ zbko#w!|;IYlmMs1V3RO^Kl5}$x1gM&LXWikvOupu&k}tP6N|EZbH{Y9Y>z~D*I*-W z?F=7t%VIOrsGus3sIm-g#|(c@*Q`=6!!Q$nXP2b>FtcnfU0q#;LSyra{9=>Js1TDR zqXPfjT;uQvzu+|1e)J`}Q9%oH}ZkbzLd-K7N8JV1oM* z?}c_MB^zZ={`oHAvphc3-lulkZn??d*W5bJ(%JUss7VuJHN)Tfn;zHhy!mFcXJTPn zqQA}4T1$&luNd-W6r$Q})utTaezM`3{56kGt_yAQxks0+u)qB=-e{VB$*WwZRsbh# BLazV- diff --git a/secrets/gitlab/secrets_db.age b/secrets/gitlab/secrets_db.age index 678aae4..6064f30 100644 --- a/secrets/gitlab/secrets_db.age +++ b/secrets/gitlab/secrets_db.age @@ -1,17 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA 7I3aWhw7iw2mwJnswJkVfIQ246p80yB//uG+0sEyqTA -adGO+PNHWVXIlDQKyxSPXvZH5XFONNNPr9iLeVq2OfA --> ssh-ed25519 4PzZog 1MB3obSvF4K2IHF8beEcTwZ6gisII/iXq7uGKsDK4GQ -dVPFnOW0d/IuqNtrcLdr9AtNCWV4NYXTtVHHZS+kVHM --> ssh-ed25519 5Nd93w CNxhP+Y45tiXD7WvDbQgo7ejsWfBoq40SygJDhksCz8 -h3usonhy4UfpnSkuHw5pKEV1WS7IMvWqqd1Y6t8J1lo --> ssh-ed25519 q8eJgg yZ7BmDxy1tXK7q51r5oAFvhM9mQYHtexwOILnq/2BD8 -dKwf0oHUUiVBNQod8Zbvxn/YfMnhXNZbqo3Qv5uIdME --> ssh-ed25519 KVr8rw L3rQAswf0dc7Ok5AuTFlSl6fuOhcRNKI+donwmJj9B8 -BO7TsPdPqhxy8KfzPW0QU1qHWKd07fZSQ7TqS7+2ep0 --> ssh-ed25519 fia1eQ aEskvIGIekFwG8z+jlK3VOlhhBGLYPsEnS/1w42cKg4 -phKYN4MjToHeljP1s4/gb42D4t6dlLnbyut24vBFjB8 --> ssh-ed25519 uZzB3g lczlYBZbn3f39jfC1fp52EXXRYX3nDrQ2c7X1QlqbRU -eBjI6305+Zigh8+3esXt+qbmJOVJIARVPA9ROeedtIk ---- LOIDMgRcQ6CDPqWhDTSW0vzaTV6XggXW2/HDF2nB8fA -jtFީ\ 11}&QwwVNGzQS?]KD:K675Gp=r;$bN8/FV,!J%Q""=ozԔfTp~mZfŹT2岪 0_~ \ No newline at end of file +-> ssh-ed25519 V1pwNA kJHAcriJ+sFCzoV1VVboGB0/1xRlwl2mH1cV8Vy1mjc +Ry1QA7YlBU/t5nfoi5s8I+wy1HTU3rVAFAr6rUabYpg +-> ssh-ed25519 4PzZog 67l2OiK7ENJ+HsVrXSDCRe7XgIe/dFDj+Ms/Rm+ueUY +EEIiyD0piXb+gj0gy0oW0X2kN9mdMZGN7Avi7oclSnA +-> ssh-ed25519 dA0vRg hRHg9X0Gb92TYsY7eIZNPzt1DZQiKHiqOpaHK5nKPBY +qp5dEMpv3WpFnSesd0Arq9aKDnMxdo+wDXi2fA/U/9k +-> ssh-ed25519 5Nd93w awByDyEArWq75lcY/3uvlIlGx83boSnWLMQWcPSyuzU +C4L9KT6Bo9kc1BJO2BgRzGCQK4PtsFXgkfgO4VO0W9M +-> ssh-ed25519 q8eJgg 3JAmUOYLDgLChFBadKXfeFYSAYWraiizPw42XOziBUs +KvATsOkmpg0R0umowi23ZRcATUYsUM4SMqU+OTP7dLw +-> ssh-ed25519 KVr8rw CAh+Am4nDLqeGfZdWYgQbUOXrh0RRdCepxCbtNqoZl0 +uXuSAtx2osOXSSSnYzuXaNW9lvoKMQwcRgws4NP0kzw +-> ssh-ed25519 fia1eQ NQsgR5u4GIzBUFJufkDFdSifZO2bUhuUMMxtgRLi0Fw +jkOAECCGrTKuwu1etx2dfQXxaGOBs5RtY4IKHhebagU +-> ssh-ed25519 uZzB3g WUh+ofw2E45Ch0GnLFkuXizAIUJ/MXGWJkt6BQTD5FI +ScfYZzf4U1E105vqLEoRCpSbluyimcKXm3tlLHQNr4M +--- cnStsCjzqGq07hOA4OlSZ9Zz2PE+WTyzmfZlDjost2U +օrL rEW潜Vn_OɝBZjp*حLV َɊ7ݫhqdto y];%s .p+&8)an/Q&D;x-F'_q`A[ak. \ No newline at end of file diff --git a/secrets/gitlab/secrets_jws.age b/secrets/gitlab/secrets_jws.age index 78007ce379030626be17613b770e4d8974ca535e..50d3bc6a86a7f872e3f1f3846952ad40e828b011 100644 GIT binary patch delta 2586 zcmew+{6u7ePJMDnxp7iNaAa9ZL}qTTzMrX+tDAdvcu8iUZ&j#cwsUTNq?u!|c6zCE zF;`-^aiVshi+^HvXkbL7sc(d@K}CsCTBKoQNoh!ae!5S3ibtkbUYe;{D3`9CLUD11 zZfc5=si~o*f=NJCRDQaGXNFgDL9uqQer|fYrF(IHWqp1~uD-d2SyE7PWmc}Xi%V*D zkW+?VRf$_5msdfhd0}{VXl7-JbFo>3d4yY)eqMS?cwtnbccf)OX+>C;qhpn$sY_@i zx^*dz24z9%3eFY!mLYkDX_+ob{*fVmsV>E4+PP&0m3|cwMX3euUM7L2rn%k`W)yp!(qa-lTEZoJzUppr! z(8a^a%{|4(6FmmfG7}9`0~L()E5n>TQi_vG{nLtawX+@T-7U1ujKfQk)60U3le5Cz zQw__rqXL5~Gc350^@GCw&jtcelHBHTPxAct+GtWygE>6xUPja(J40QGLbFGicFQ|<2 zcMJ~Xa*gt=3NbP>@C+#PbV~A0aw-ZnDff0w^YsliFHFhK%n$X?bguHXaLO^@($&>f z2+B+;Gp|bV4)BlEuJSW2HFK*fOiOe0smf3E@^&mw47DgT&Nk1n3`)x83Z5ukba7MW zl6jwk>aQI4J0CaUA#eU`aVEj~)BahDCrxz@zObTD?()OSxvZNXZ{nyguTaSitkq4g zD?ROd{rN3}vRiL5MemxWT@O*UdN|{q;pa?8`-4d*s^re}mdNF8sNC41B=AVcTEST9 zP4D zkhb^V=`U|r2JFwi;`-$4x^-U_Uzqv5TFA;5-hDo}YMJ1^RWE97Za-P~B_&Qi*FRy$ z#aSy;yPWmdR|$Mrr<3M$|Ek_GnGomM46C%x&Z=i$xU%Adv5sSWn)|of)B@|J|C77_ zmWK*U?2;{ZdGsmDY_CcoV_x*7&F%A+9FlvcJ#&U2U-(wf!XPu*otdzl>ynu+_onm(wP$QP{O$hs zB`?E!8HCHU(-A6)5kH@HMP;u|@%neO z=Uw!?#A&tKW(V4r%$J$LDZ5|e_BHMwoyToz!c>{8<=%G71+L8 zLx)?rqGnuQH(5#48ZUe*TEMh3op;ya*puB47lo~G>#}5XcAT8B%R%i-*7dxWAC=oC z@hne1DVgb=oHV=eRI;gLVcx}8>_&W(KQwyRyZrN z%+>dfYh{zl-WsC`k4`N=QKO;GwP4QfwF&bQ>z%x89hVQc zO7FI)wnDeuMhV9om*MTLYwLO+U0_GP}H)(q%v4yS7Fg{p&Y*%iWx% zywrSY{>n!k4;SnWR-AKJw0?7wyuyJ+OWPY>78V-uH%(g?WVqsTf#oW_qsQ$NG}ESR zH~Mi*?)}CP;pu7}EdhDenZ5lA3sWm4-MG)z=QJO_!r=Vag?(!+hkaN5AuI2T{};#c zm@vrBeW)%X!^k1k_?t0fi`>e?JYf-jm9HCCI{fy!c_wf|q_Vuq%!u1@UkmFuUA`L5 zx8gJF^*=1)Vp>o9x)~qTopsdMGe<2dS@~b-5-y*hj9ZG*(z0FI5pn<3YPNChSb6M} zWLs%%qixI11Gjj;g*&bNA!u`c!{blOj;xIhHC?+P?Gh*BD$V{RwWc4Y_iTixJFE=( zeU>wfRe$fR{E7+6Z>C*nualfDxHaT(N4<;Mo>#hgd5&wIUf!^OeUPOx)AcM3gAIM| zHy8_7PM(_M7^o4YyEw;Ya?=Uca~E%F?QLKCt4Z8y?a^3{8jD-2*K7llAM=&=d^v8 tyQa@gX-bsBY|GlSs}7!8uzF(#m+F$o-4BwlFZ%T3@a|xjp28fPa{!aBYC`}3 delta 2495 zcmaDN@=bVxPQ9^zS#EZCW?+^_L~^ECenv&UVTOrIaY(kGg>#9ad!AujNM@^r^ivnW5as;ID1Ul+qrt_;8Q z$dn9olN9ZcvWRpur=Y5Wl*ouG#{ieS!qAF9!z@2-|01KP$jlUj$!8hG>wP_PD@`i2 zlXFZ1)3XDO(wr@fDzbgjleMedyj{FP^PEk*+>J_#)6>FCxSV_~1CyOy+#+3yLiE$T z3mhv7je_#c&4bfR-IB^v+_Q`FO-l{Ra{PP@(1Xc4tjMCMT%kC`InmIkBG zJt@r8Ik(g!v%)ncEZ?lCz`)Hk9mBe`%tXV~Kn3&6yt1$y%c@GB5SN?)ub|@efbc3O zGxLzVfWSPrf^xs0`to2e=TPU6a!)R|vLJKIlF(caGvBbR^g!>ZtRzbl{V*fnfm9cbYxm-7W|j?ws3t^1;n!z1WuNtc}_^5qhr* zl=V&-U;6GK<^TCH-=AY?=8^Yezi(zx-z`7)gVFo~@wjIuWeN2@+xV|Z-d;R$oI0SgvSe7HM=+ubMW+9Vh4ieLHp9P1BD zK1lQNEz-Y`ZX)5k@t~V;SLOlE7NMnwy-#`e=`Uwyy<}jdwO~2h=Pet)@O>#flbGl{ z?a;y-o%LI{IeM&|>pI6UL^h&kw`%hDOJR#K`WIc}Qx^uzYn?RWM@9+=1YL1@jLu$mw-kz&PQ@8z?&c5jM!+Hgq7hA+` z$Q<}2Bl_-EwfgPTs*ktrxpd9st5US`p$_E_Url6_vh}wq8A^A4d-0a>`?`YyrZW>} ztU7SZO?dMMnH4wBiay!r&8qM4=;n6K)qw{*-k9BIm%foVDJ|2WS=o1sqgc|>-8{2? zeypDVY3b9KWm}Fukz4mW()(h;3utw{TN=tz+qHmAsGB!&uS|FF z`aaIt_39Hjji2r{GcA46p;SF}26OqmX-t!zopriVr+314*9i}gmFqot=6%f#nALs$ z^4(9%-uHMZ-!v(8j46A?d)YnS==d@FylGg>M8Eg#d=>o6EL=@XC!5r>iuJFpuUNzCo}m?7_h9j# z_^h9b8z$}b>dLUd<`02RWh07--?mQ@aw=hnBWy|^6ABVCg_`mW}vblR%P2PW= z+W*v)>p_?9x2Xs12yWhyIZyku(V0bslcT?|JZ!nPi6LdG2bZgdqwF(VCf)el-P~Fa z6e=atUG}G5vopQDtp3m@&SmwX3)O1hDynmGt}u+}e)asohoA9%KKnEERP;R30+!AC zec;EPJ#`Zw+~;sO;lKP|#N$UgYnb_2%>*CEnqRl661p0Dc`xINfBlvpUVN)|+;}`d z^4fpnnpU257L$G0nE!~rTjaV~oGZ85@%(%5qwd$cwmP%^DCX{du-k84{j{m#@2sEe zS}fWjx%H{Tvs+R2RrN=1PE<7r^2kw4Vfw^p@y}ZNK4bJU<{JC;Yb8I5=S`TnOZU0< znl`?KaN*NAJ+pNLx!z@6WX88yb?w!!n|_-;_BK*_d}+?|8pGn-^%}*0 z4?W>L`}Eh#V6XM}EO>cT%p?Nsi|zL73!GHbtY0?0ysiD`CWAw>wD<0tcl42t0S~L) z4>{XmzBZtI)%x3i@39NZ1uzD6AL}mf^O)k+wu3ch+GobaH_n-vU7gPrfAmkKzs&om z_ASoq|M)zUJhLG4^OYl4H*RD*{+BniUS(ayq%Hro1?R8&y7>$5?M5}x%^cwy ssh-ed25519 V1pwNA 8nXnggj7i0QRpKkoSjfcDVO5Eaz/ltd7kmE2PnpD4GU -baUiBMWhQfC/qMIbeimpeTmQJJpq+UBJsgye+tYwE9Q --> ssh-ed25519 4PzZog K3x1nAby1EOzePmEwyu7i35kJg1aBDD+QSfSRZzExgA -oPbFMq2gXpX4kLsNFfNzP/UzaahX/gEmKhMfugE8ljk --> ssh-ed25519 5Nd93w JBgnFDGU88mS36QQXyiLwW7MA8zI3wBAn9bRWzkuoys -B/pLgh7ANqOgYXiab6OKoY61PNFzK+m7Y4y2bPP7LaU --> ssh-ed25519 q8eJgg 7AkO1MA9JMkeowB++P9Ici8br89Q3mK9k/1CoVKhTkw -13vM4CR7IqrJlpASgikdGJRjrTeKrPuM6j5xB97M8q0 --> ssh-ed25519 KVr8rw CEohiMguUTRoc2YssHIT4IqgsHfM+Au3BI2TS01ZfAY -PFodBpRdFwl5FebHwkbZuVP1GI3BsqCipw3hZc+ELek --> ssh-ed25519 fia1eQ 5c7MWZm+CCoJKGnnpJPzAozuknYY7PkRrwVwueMOkz8 -6duBp+UaZSIvioI2zl3nBLAcgjFcyhUnM8P615SfVWc --> ssh-ed25519 uZzB3g 5dkyRnBxOCv8bycPWmERqPRN9iaTD4tm1+dD+jaRvGs -1ZOpv/s/NFUphMniQfC/zS00bmp7diUqmhIwusoKYPc ---- 1HlpvOrpJpXgGIdXzqTjt2gUMT5lbb6i4MKcvbozJpo ->ܗŨ 9yfW%txSEqt1}%^)]>:BI{yUD?-\|h?M`2`GErWq>ǡNrO(?>KmaTĬPjU\\{2L_eqI \ No newline at end of file +-> ssh-ed25519 V1pwNA Thv2F2iFu5tsMShYDWtpOLV9QInGpSQ6ULAU0Eeu/GU +VWR38aDNoRZvlNmUo6THY+079E/AVQR55jQGqlauoLU +-> ssh-ed25519 4PzZog jz1DS0Dai3ZAyVy+GIz32ratqEmxa8lHQWaKPt6bDjU +8RV/HxJmFGgnrhHuwc9gx7JHrjaqyYvye9chB+GE9Es +-> ssh-ed25519 dA0vRg VP3uZNMQS/F/1gvoGz1ICRvnRkPsVOv+4loYQohWsHw +yiS2tHhxHgNvXmVXxI44TPPn+/jlvihPHno3UMve6Gk +-> ssh-ed25519 5Nd93w 0+7d32Me3wym7Z8cqyRwqKtp46HL7DNS638oFj8YvU4 +v6h+tzKdcinPvnLmuKQ54JhB6m9Gs3I6mPNt6XiWui8 +-> ssh-ed25519 q8eJgg pOCYtaW7RI14JCI3PCoYe+5bzXeRityNIqn/MFOIXSI +mhnxKW8omo8klXzfGwPzYJBr4oA9WLHuSe6be3CovU4 +-> ssh-ed25519 KVr8rw mZBMV+ZP0Y7ZzXtuBzB6AeV+GqKaoWh7HqOr4I4zaAk +JHJvpCrxL5qDNlIRNopTzH/aHZoajc6cH5dDBIAfQng +-> ssh-ed25519 fia1eQ HIZp+I0j6Qbxv1ub/EWTWGJ8EIfZUO+p6BAE/o+FdCE +16XYxcj24vdk8+PD/inZQ008NcAE//2YiEYBaGG5yZ0 +-> ssh-ed25519 uZzB3g r08ZTT7HTZFmC3A4ZDG+wyGp+9+Uw1bDINNJY6sTqA0 +o0+xylKkAnINzfJZ734vd77WZ1tl3Y0sTIOSE97Nb5A +--- xqKxcy+L90hIZu2sbU74rBYE9BD4DfzE+GnvqBCHnMY +}9t1-Jt0k`Iw_ƢiYd{FJk2u  V&_ζ,n&~ҋ )! }lk*0*+Cuoe2C}XN"xG3bz4;1 \ No newline at end of file diff --git a/secrets/gitlab/secrets_secret.age b/secrets/gitlab/secrets_secret.age index 86192458622b92c69e2cfc0ad943c9a2ebf8ebdb..ed1e37cf51b929612ebbda54ba9336458b609145 100644 GIT binary patch delta 1023 zcmaFCevM;-PJL05X=rMOXGwWtURqdSzKe5aevqejSY%;9vA216WoTHLNwJ@Yc8Gai zC|7c+Wks-mxlg81UPWP*XQ88KTC%p0cd~J4oK?Wf_j4}{$@j>ee1=h?zSJ+bvN+H$B*4(vBFNR*G%wLPUE9Dd$Jf%^ zC_A*O$loA1JU7iS%_pOr%Qq{;B|oq{z|+LMC_P8t*tonrC_Tj3)it%$H8j#lyD%)x zB*L`7-!r)!Jp$4)6Ae=X6+-=t3LH%=GW?VEBTId~3`*-Q3JtR(UGf6+j9mOe3rw>k zEJA(rebTZ#Jh{>$N+K=1y^B-JObP?i!Xlh~gNsbeOI@AJj6Dkr49rUsy*(q+!rlFh zv(c?9jjD1oPFKi|2s5g*H1P>G@=H(22o7>CN-Zx)bIU3-PPNE23-b&MuP@88DDp~A zs&wQ^3=YpMbJ7m*2#NI94=gY*wx~4n3^eh}HZ@81$Sm^7$;^ogt&B=@3QgzI)zwv~ z$Vkc#b}aD7a?Wz{v@ACF3yAc~Pc89^bPaa$@Cq&S$#Kecb;)oKDly=*LhQK?W?tDlr-GeWU%*T zq0ip7r=5Aed}gnXI~d7!xEJ?!GYRl#haSJDAG)l?Kzqx~vll)u-RT(RDYAE+D9!^DD!9E-9_le`cMF5g5q z178ylpPaC&q_WiV((IgE-{LGsrzrhmg9vwzZ0#y9Umr)e#3IMy$!8hG>m5r1vi*&7 zlbs#IwEfBplEOU8U0uT6qM|~4&B_vkvx5ta5_9!a3tSD7xx&)&bF_oq0$iN4eM7bV z%S+773UVq;TnfD^4b6OWg0cgB(khb!vP%P9(Syl5tjMCMTp=W*%-31lGt97{$}}un z+pDDB+`ZJq?`loQ%^IQqs$_96kI)tBUl)lC%RdlhU<~jDvm5Bg%6_ z4FfGod_5y_E4_m<^C}~`d{bOJQxk*hjq?hke6=f0ojpw3QfX&-2GFuP0NEUy#uQPyiivNYH^Eizo+EzGbaGQCXOH%;Fn)j2a8 z-MSP1&@#rQ^)euWK&~p*L0K2l5+R(B43Me%VJ~wG`Ez3K(8cIKaZkHKg&YL ze6HY#Pl14-d;k$B7@s!^1LM ziULA{eYL|Zb3y_NGOJv(^Yh$&^@~i)qQc#b(*qp!GxN(#vct2|xxC9vL&M9Xip=$m ziwr|5+#D?|&9(j0vm>%2^oxUi0y2}GT>O193SE6eC&x2NggO;O7N+NgrzDr;_-7gT zc~m$$28WbJ2Bj64C8s4@`a6cE`xSfpS7t|YWtMpuR~1{9S!h?5Ruu*o`?wld6gyTq z7N_WER=IhYCz&~hgcX~5cv?==-0 z;#%UCZ5HY8pIew-;uy+h8W!r2l$W02Zk|(~lx!BA{%M(shN*!H#-aMANfz3P{*KP675@H(!S!a^u2m(;nI)c?A?_vyQ6=SB z6}}ch0U?f_T&9kBCf5@9`3;@hR#_g0g0A@ z=++hG7L{d{D}?*H`go*=l~r1%7U_qX`k7f;gt}Qqxn-6orlzL&6<4^`dzpshWEn^0 z1ajq+YZrTj7a5m&gc&6n8CCdIt_~PL?jiMMMCf5 zdRUZIrWPbtgnNXRWja@S85N~_nfWIN2IV?A8yQ6z7=$^Qhv%iZxpMvdXqP W9C9mE?d#@wF8(QZHD-oH=@I~|V>;Ua delta 845 zcmZqRn8ZFor{1!pz}z&;HPp={E#D}w*dx6#*e}<$GRjRm)YB)>IlDA7-LNbvJv_WT zkSj4=JH#ioI5e@i*v%(6$kHb_H?cIaGRrG8$|W(ywLB@u#5u#YOyAkfgiF^>p}06h zH#Nn`)YQ;Y!6cw6DnDJJG}AP{Jf%3TGR(=}Gb`82)6KjvtH3lp*w8gO(=xl#FxR=% zE6=Fh$0f{wE6B^-C^FYn-ykEbG9%sJB+WB8up-neASu|{(y**D$*eT2)HgpV$v7f( zay+AWxTTk6QHY_NrDIjFe`2YtcUq`-l973$Q;}CyNo9d&T0o$mi+(|=w?UWzm!F5b zYi?O~KvbovrEg|LYCx)MptGfOQIbJeN?MAcc}QlSaaCk?j<%=gRDvwnC$57W8v>=7#3($&Xw!pn&)j?To&aSVBzWRnv_*+oEK5z zmzrZ1?3Q8a7FCk&Ztj?CUXosHfNot{W};zgpn`{SP@!>Nv9WP}c9MmYc9nL%pQ(pa zPI7rjl!c*(zH>%yWxYkVS(vs@h9g&*mzP1Mx1q78W2Ui(e_^pvpmu6xdZ}Mxwz;91 zuR(@ch-;u+1(Nv3`VMg_TrrhdsO`bC}@No6L5nWfs9x#3kw z#l?wUrNzzxc?F4)c@|um&P5R!MLDkZCJ`pNxjs2wCRJf&hR$XNZdE0Lxvu^}m4O+4 zUgZ`gCffO2y1Kdw<;Eu79{&370U7@8J|Rvn&VFuQhNd~rS%H-Wkr7oPuC5`4B~Fzk zDHX|FYp(B^b93q1fPZcGoGnjX|H7H0C%ZWOx8vhgUyM5~cRHTmd~eJ8FKy<>LMr5o kT&&|;AKGquc2?_?^V|B14CThE8#@~V3f3xpU0~t?056aqj{pDw diff --git a/secrets/ldap/details.age b/secrets/ldap/details.age index 954ee5bdf97f3520ab16a6932f8ad472f3577dcf..d79875c625e9895fc7fedb493850065ee7bb97bc 100644 GIT binary patch literal 1637 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5!thD)aJm z3=j1*D<}_4)eou4NOml;@C`2V_i;}QHZ>{tsB&`+aCE8&&*t*ZPIfJgbn}la&JME- zN-s)F%uMmtPb;v9bn-Ov&rho?$V>Ffb@$3EG(fk_B%mrPKV8AZFQCw%Fx|M+(OEkw zA~)a9HzhRHE7HqIJIB#6*T~V?(b3dHKh4p_IGxKoB+J<-%pzkUCJG%M028a1Nnk0Ez zmPD3#q?#KVI+qt#xpMitSfrJjyA`*~zoSG%DFV!Zj=0G$S*^ z)i|P{DwNALJ18*9psdKx#VpL}Qe|RbZKsSD+spnvZUqXO*LGp`(IxL3Xf*n?-tx zS%|-%slTOfhqj{Q1Nq%ZsLArZ+Wih&KrBPK*#_0;7&S6QJscxQ?NmYjV`Vr-3 zCFzzHex{+u7RA{C`bkNSiRFGp&dEM`~qE1p8Kn7w9KiL?&fBS2=}6rlq7= z1Z8Drq^GB7n_#3#XhUHJ+`|2*dG-G-p0&-aOK#owQ>Ybi_A<^Lfn}j!0(sowWO8=i`Xw0*fyJVr8bfn?c o%A}!s> zFDf!K!#}t(!ad42)63PeB;Ct7$+IlcIKwF2z<{gVtGKkd*tI0tBg?74w9+6uRok$z zz|_|~F|x!p$kIL4J5t{-Gc!BUzy#ekQ@<2T<8lQ{mx?@RZ>LOznsWLsQH0kVuzc?~tIpplpw_K!XT_ zg7Ex&BUj7Nw8AW(v}|LLCDQWj9s~kGg8b#&GI60J-w6tQ!<@h62r9iSN^Vt!qgT0WXiA=bUZP7tieYY)S(r~rNtC{Og$b8q zK$T&oL7|yAcBQ{Xfn%CcNm{ONWMp7@Zm>z2vy)>Irr$iP9DNHN6+Aqn z%Dof){6ow0(-OV>%?rGpk}G|Z@^k#0gT2eLDt+@@gI&w=(~6BexhzsE!me7r(a{G!4`T#G|2&_l8`s>;bYT_NARMBgdj)!Q>9 zGdnFSIn&o5wAjQj$kfur-7L%7sHie3pfat%r!uE1kju!?$J5l?Fh8O^DZMJkJh9v- z(m6l9AjLJn(4{QMS=*_i%E>4+JS`v(BTafF8Dtg&Dp+RcB^hM6g*qCBROFRqWtAK2 z`v-d#1h_ishZv+9CYOh~7X+1+W>|!zbD1YqgheF!g`~Sw6$fURha{C7`-SEt=Z5-~ zm6v8`8x}iOdWAcB7I^xVqx%gSl13?+!BKuL?%6>GB`IkU7EZ>_Ar{UV>4|Ak8Q~Rq z8K!1o#m4zbqp>4vV_K0!IbCPnFf zNk)+-IBYZ5FV)Y~kE$&2%S`h#4lzqH3d%@#4)hK*FEA+6cXIa1*A8*aHt{wL@#QKi zN;eM9HZsi$G0`r_NzC){&+zf_HYl$&3Na}6PW8;o4-WB7&q<3259HF-)m1R_jL-tGA1CPOV9`nUdjlpUs}Jef9MF3_09) z=O@_SIAz22?%&F#O3@i7j?O3uZkk^#|H2@m<40}T_kRaD>sO{I#i(*5R^`=+%JzRg ze*W%fzg13kJ)iUruQ(Z6B7Y+CMUL#3@Ll{>ncBzX4l|$q?-4zxu;{jg@XZPcfOz8EUVihH(#uo$+b;7-ZVPDi{ryUu>(Jw%nS}sO#Ss<& diff --git a/secrets/ldap/pw.age b/secrets/ldap/pw.age index 31f173e51dc269f6c57990f9dd02eb81531d2455..4853aac4808fbfade31525d8e7951d835369802a 100644 GIT binary patch literal 1440 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5tlOF-bEC zGfv3}cdjzX%}>h7Dm2dt4lC173oOiv$d3%K49WBHb#>H_$mjAaPB%|3HZBSXbjz&F zPcbPB)V4?q&-C_jbn!~j&d@e34M_8=GDr$daYeVyB%mrPKV2cPFeN9++1xTSz%1P- zH!-uoB_pNWqcAKpBeOI;RNE{nH#E{c!#T0iIFc(rrNk@1Jj&3ws4~zmv8W(9*VU^u z-6+E|)IH47v)t9f(9}6R*vu%W(gfYM6i0)ypmYVlvOKe-v>^S!#H1>x(j4RPME~&g zg3O>&^U`$JGRI)c+)$IWya@f$z$` zsKQF~97~q~_oxCtb5C^JO#M8Ui}Lc^Gt#+S!>fWl{GvQcLdt{8oZR#LDoZPaBFs}$3j$pH{3Bc=Qd1nw zibC@9LJZJtE3`=UN>5iX$aD5EO!qJ<4Knl0b1n193kfkS3W+GyHYnB3E_e0~(zozQ z3r#EakI3e#Dl{(f^h_z#E{QU-EQm}>EH=qWcX0}=46f8q(KgbLh%nJkN)GU=iYiC9 z%{#2fqNrTKJUy$#KQBBWBqLux%OW{E*geR_*v-!IuD*f=6RF(MG%wzSMd!_+_p zgQASkq^KOnEaN0I%lwRB!!)Ddu*&3oeG|h#x1x~zY}eFC6I0{z(uzQ?lG4=7?23|- zg353wQ|Gea5RXce5XsO&rrJ{L0Eo3Mwsw{LGCFP0I`_4RVXoZ7YqcaxzX=@HO*xcPp<9tt#-!NG!;7 zb8_QHVjKfx6LETAhRG)!PT)eB;UlX(#X8hHzg>mG|$p9Aj2&z zr`*8B%stW7HKa1lzp%6bsH#K+&VJjuu<&(X;_ATZ0% zyUgD-y}T$h-8&H@-k>4r=3$nY?pN%d<6~@OmhWYrTxpo*UsV>C;pQErA6%N{lv|h_ zS!Pm^>Eg*%?%`yT9Gc}=73yuE?^afn;g?sQqwkWD?vb2iQjuHk;S%O*TA}ZlSK`T~ ztE;Qv?(Jq$Xl$A7?_})j?^s??T5eKR7;fm|V(O$FSY)OhT9K|@Vd0eOVQj%wcx|Ft z)Vr-~Oc*DeHQW`De7WKO&RvZ7ROBLHYc#c2R=?ih#ZBns# z8Rw~Q!Z+pyvs5be9I%|MWGpjB^b(I&ysS)Z{E@b%E1ws78o3;p9;Ybbb~xac7x#L; zqNQ8(-PQiM{hc*s+4hdrYnSHb#iqAU?KQgpvu|I*HRB~Yz5<(Cx2ZpJQ(n>aNFnWB NrQDfQM^`-m2>|b<>RA8) literal 1330 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5zK%%ulm4 z*7hn0cMq=&c5?SMDJV*D2@Xy14=VC5GLJIOH*qzt3@R?pjN}UOFUtz8^6@Nkjmr1e z4oKH8)OX7*F3ipLwJdhmFETAlGdD}A^z_a!$ws%$B%mrPKV6|REIcyEHQ^-4oq5Q@<2T<8p-p&(zd(4{xXRz?|YRZ}ZSl^W?Mw z_rMCzM5j`ZWZxXG4D*1>@PMN5%s_P83N2E-($f`+BFp?r{EG_R0$t5211-{WN-_=0f-Qs0ywlQh zEqt=VOCw4OLy8QXjMBLxjdDyPLM-y#LyL_(b21Ggj8nbSv@P{LO#{9C%>AW|6G%L}tD9t0w-8?zm$f-Om%{p%-qzwGAKDT%_%D1wJfCA&(KWY-`ub$&)lS>%rD%{*}%`JDiYmq zX_<+JseuYX!LA(jic~NP;QAzI3-r5;yhT&nE5x%AQ8J=8j z`kCqe<^I~f-o8l{7CAxr;VEgwj)BFg-bLmWWl^OmY5tWKdAa)KWf-=3Ryq0>Ix2V+ zRR$&&S2$-!MH+c!hxvJy`&b5)YM1Alg=+^E8E25Wpm{ihq$`xn-^O+ z`}w&98I|R_8|E7u8#+1V7i5GO=VeCt=S1Y^yM=lBnV|cvG^)zUI9(yN%G)$Gr@SID zA~ns+C?_MWTt7)WKRnya)g(2-JS{u1IMtvss@yv?G?~jK&7&eJLqFKkE7CQo*rG5o zCA}=wz0fH)GgCV;sl?0F(K5BX(j+Q555qQ(B!kR?Kn0Jo5WkX;kVI$yV#~Dh9N&^) zldR-a(_ljv?VPH_R3pR8lyXZ;|A@@2axRzTLgS*a)L;wCQV;ErlC<22k^qy)v_%-2XiJI~wD*wZ(? zn9H|3s4B$V*RtF-!??iLILWlA%u+u+EH}y`FDt`LKft@l+0fA-C&1I(mrK`9p}06h zH#Nn`)YQ;Y!6cw6DnDHzE4RQjET_1{*didwE!Zg{vOX!g*4;xNQ=V!6i@Rs|I8GNz${mDe_!K_j5Lc}zvO~!KT`vf;9^6t9BHi611wBfQf* z91AUrgY&9N!wiz$QnON=Gc7aR64NcJ3@wYjN9sy~YiH50x3jTrK8Ae6gZlML4ewKmW+4}W4d0}Rb+K!1qE>!_(CQ+3o zsYy8|KKiZ|23+ON`oYC%-X30IrWVPTsjdbgmIYp=LHVwcmTuWme&!{?mK9lsE|%U! z+340qx+PXPrz@D3Mfe9qx`Y+`ItJwX8kv-ZXN3hCOZ~nWqJh})hC8KnifVB zx<+!jRYrK0dgr(%x`$PU`sQW@_gp;) z>bn{kCZ-uBns^wv6b5-`B}F(YsHr?0maR XDKGlp+RY9VW3Mo5IBLI1O?n;xAd5E@ literal 914 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5tlQuJG`P zD$}lT*Ut3HEcQ!uON}rMPx5xkD9cJQ$;vAUFxM_fbuSADP39^x4foRyPE9mRPEGbK zaV;p!G4l@3jLZ!5G4spv%y+i*$#PHkFi0znibS`~B%mrPKV3oJ#mmUD)W|6^IJh9& z*uAXCJGjI-Fv=^~J=;0W)63E))1)e}ywuq^*n%tA$i&zwBq-ZFDb3$GH!!HG(p1|x zxTGpQvmnwnG|$vMvC2<7CpRo8svO-mQ@<2T<8lRO$HY=o)11;WOQ)>BRF_DTs)B;D z>^wv7tip6xbI&YC->~4sWNqKv++;4xaI=7tw1UtILq~%`(;O4mN`v$eQ$x$JVuQj$ z7n5XTvrIpi@*F>dTu*e{3N2E-($f{Hd{ZLb(*ugki*w7%LL5Dd(*v?nlS`|zQge-c zN{!20eT#yP%?ryaGefzG(sK=i0*nluTp}X#9D{NyateaX9sT@FQvA%F!VP^54bp;w zEVaE&3NUQ*4lA-KDpv?|GA&CFs0{WG2+NNO$gj+a$k#3^D9R4c4$V$+P0O}0@e5CJ zuM9NJ@#RXcNJ{b#G>Iq(Ny_kWPBbbo&5bg(Fm^QY@=B|4&(rqzE%i;wNOUsK3`F-^ zT4thQYM_E~iIGoUWT2B}S$c7nL5g;ig+*d!rC+gEkWY@Uex`dtnT2b*zF%l%Mm|?y zp+Qw?c%-wZaZ+SeZb)!SvRO!RNTo$kT1skUVP1|$SZQFUw?|H;i7&csk#30<&glw? z+O7t<5oJ#1mL`emVF3l%My1Z)ImV$LRh1>~nOS8K;f6j=RX$!m*(O|J>4kY^nHi-{ zc}}HXCSL9pmab)`+UbejiRLA)CdR?(CWhXYMWMx(`sG}@y1EJ(9tNS|6-MC^Y31e~ zsV<>uK8|5&1>SDu9tB=O`e|8S8A&CEp%$s7p7~tAe*N2L`mC$t;f3NSY8$iNYfnv) zbA7p6ecgkHb@MKo+Rt-5m>sj=+L`y0g#HLk_>^O0^7Ga<<;{Yxtm@jUK3-E4u=vmP Kf2UT!-3OgN znJdR2JzP7vpd!lHInUEEHPpkR)GRzH*d@RxBFs1}JU7xK+0`t}C_6N;oJ-eEp}06h zH#Nn`)YQ;Y!6cw6DnDJpu*4+K-@VEp*D2A<%sj-{q`opL#3QfFx5Cw_Fd`|^$Felv zIbA!@Ip58KD=O2X+}9(bBGoHDq$oGbCDJvb*euL3Kf5&3u{b=%Ffc8^z%k6oD>W(* z-MSPg)ozRuP~b7QZt0!J6~yqrSQ{7M6ZLf;Z+ zU#=8=149GP0^>-ZlKkRCx9p_6eD6wc(*pg(un4z|l7O;`KtJW0OH(3?{mo3B`~u9Ks}kL#EWC`9xk}2M^9*u~(z0Eg z+>BhZ1Cj$wBC>re+%kNVsyzG(or)3*k~1wsbG*zPC&x32ho^d06_>e0hMA>kXPD-c zCI=R06h)RsR+^Mm1Q!*imlQ@sW(K%sM3jaGa(Sc$h6a}Vd88Vc`5NR`W#pCxlt=pI z7nvCOX}d*cnwthX85^Xfm=w9^Pd>{iUZ3ofVQNyEoSGHvAC%!)W|Zra6B+25o|Wg9 z>f>4D>zeK2T3J-=lav*j&sCUWnGu@omgAq7p6Qfp9PDe6;!~=h9+v1^5Ncjfp&uBP zpOa=<6z-XW5d&$NiH50x3KdZ)dHJEm0V#f|;l(NG&aU-Fp~)eE8JW%@N#TxFrB#-} zrj-`{DP_s7u3UzeKIy)>fyMa&nGr>SE@nZArlFZGB^iDeRS}*6?(R7Sp22CxW|c*T z+2|1-5nSYGR<4keVPu)(T;iT(Zt7g*Sm5Mr;#8a#QkLdk65*N{m}cp0;p`aX6lGjqm|q$gUT&1=VQNs2t6!CFYEe+?mEy{!tE;P! z>t$>flx?YP7#W^g9F%8NP*LjVpPmz-?VV>H5?mG>k&&LBmt^2%nUT-M_%W^_nxL z7at0~yg@_xTvnI5+q@6+PW-uYc=r27RzA%aEDvgp*5n*l;xM|qbwSC6Tl2$a$%;I^ zKjllY#rh`)6fzE^OD!sz~H4>x%;G=1pG>7M+)i&kSnm->>$gYW8d?;eD4kx8_MzuU`~- z=7#@`oZT&+g+bG;Z!f!+{g7SySG?oX_tqw2l9u&F4q}-%Jr+O8lkN7B+}mgu!M(G; zMAv@j%DM-;FPg`GxJG`Qnv#;@57H`SfU2@rK#$JTW;Y)vx9&?AfR?OKlj0{2J=t;-7B$}>+K?svOlH?63T~nzMA%8`@ZSz=9OztxwhwOysFPz z>>v1}DYU+`Y-4ZDmWnHx(QNWpOGQzCeI+X$AEdo2mN=On%`d$ z`uu(m-AMB8s_FmrO``z#Vc*}SCSl^s+{eVnG zNLQ=G{lj+pte#8X^m=}@y0Go!q&*k*O7v{(*s-!99^?Ob%*MGajVnrDDaRY4=FwMm(bv!Ankp1`F+j5?H7RR*7UauxR{m@W;^R|-hdah^Obw{2{)#hAQ zlfGbeRq~YIxh9{-?>)o~>K`~Yi`m^=`5yrbQZ6p@Y=~;AN@%_>kYe5#_Sf)0 z)vrVLB{qRg`(}B6U`X8btEqc8?@|pR7sgG|Rq3on?9AH&4vX^{^Ipi<_WYc3rC_Za z1{QJg05c)3B6{`Yt*<*wu<6tHj5=@0MBIZ|xsC zC%jDj8d+!~c&U9#yYiRY_bT{~TbXaal~?a0$8telqHOvhCe?(Lg@Q@jcXAplynLCl zW$!t~zH`&|HVJhbWM8~163S=rr|`FWLM=0|^zCKr{~mk(IH+-^ri>%X?7@P-sk?ZK z>)r|1d|#XNmOZ%Wv8qC@cTr`m^K`Abi{_l{SG}LhZFXpblJWRkfU$2p(fHc->?SBmP31w5-o_1Tj}3e7M7FTHB{OjyRKXZiGJ zCC7Sw!-{1L59=O~PFb_G=;^~JnF&5q4}`CMxw`$H2vgz5h*P`lWX1FnM7~!$FF8;a z{i~|6(|YN2smnUN+b@2&`7=JZXx%LSlp4m!`1W7H>526(TXwyEb=s(ZYl+5|Kj*T2 zKjnS<#b5lr=4#eq%lOWtca-~7Y8uQY&a!p>u=Bbzf1cOvFx{D)W;}cczx=)0Wxlc? zVFr`i%7-EgDrP8UY39tE`(J0;+xl5iEB%FL1YE!JmBX#anDNI%{;8Q(-Cy5N-;xtBKJ31c4uvVe*5_EiM-#9uWaTw z{~!6qwr^g__bu!S?bXs5jTzH6HFe$HDSlPHfZ>CQe}l*wEVouwNs zICDNDBio#1HxDs*EEVhcGCiEzf0~lc?o~zKdNPC=IyemH6tfHLFix;OXWQERD)qF8 z(0?wT1igwEd<(avO9}kW=QO+!m?Se*aFis30ZF*(D?^ znJd#T+p(}DF)t;+#3&*&F)`4wFg@8hBRDxdFDt1;JG3G)Eh;lA$;&S)kW1H2p}06h zH#Nn`)YQ;Y!6cw6DnDJp!nZKT-{0KBJy_ql+&wkd(#_D>z$MF|tfbhqD%B?|H{8%T zHN4O?Bg?Ir%PcanG~d(G%+19pSHG&HINzkOA}=T+z)d?c&^0Zo%s4$K(8MhFXWtR%Tk@nw?&fn~!c?T4thQYM_F5xPC}RuxW`!eqd2%mUCc!Ws-q= zZn}w2NP0v?R)B?3XnnY0UW9&FWM(>-M~S&}l~068W{5#{uyJm(xqfkmvv*pcYigK# zVNyxCK~b=Aj#))%N?4wJM zuI}X)T+$Z;PTc>jWcri6`o6U8m#ytD-zC=ge{?mI&UE))AIG?oA>7p|?10>~S@l6; zE*II??&m(2Vs~!Uhfwzy{~rE2(IBe&uA(_aVejdrU(df4-k+*yP|_FgW49&glkTm< zr;bOxm(yPSraVof;dt_|)bKSk7uXy(;k5fxzfSN(;R*{!y%4We4=Wc{J34)FQ*~@T zmauwP&a7IIjY*H5>trwUcPUZGT9ejkHu-9Ey;I8lU#pE~aOo^xp>s`SWk;d*9E!3ZN%qLiT z_qv?{?_R&U|G>U@`#!ZPwNnk5PW!XvhH0;`uM}cESS`Lk=!}8v&gJRvaz5_wlTEl5 z^`Xp@iT826;=%(ecSUyCR$qO@tv>aoV@PlK4h^LPlZ$>O?sPj@bmMNFd_gN;>4)zJ zrq*3<+_cb5ggbH}Cx;HdMsw!J+U|#YvZX>5OUydB{z&O9*DOlPj1E6~srAFMtpSh4 zlKU2>bco2F|GCUm;l&AsEe}pxZ+UMp!{zOdyl-`zRWG{R1=go63+m(W7LKURR_fmE zxPQ`@neNuhL$=>yyZL{e=cZVRkb_ZN>3!QQnbb4aPyG2~-7Yho)mIHnEK~NxOB(8K zEUsDgzvgNG)wc)cE@v%mo8WMuNxi7&kj$>`16fLQIiEHP1XcCa|J~1Z>|E}h8HP86 z4Q4%NpJJWux3KQ5ny=8d`j4A^*NAUbJEZ?)tBkK(o=oc z$L;vKglGCH2pn2>;KjU~nvpS4r*C=8eKKjI`zyPdSD4FMSx$K$-?eIO)cQ!HqqEw0 z!e2*7#V4Jr+}l`NDp)t`-L1H~Z9h81)Q?nIXEpqA%<#=&kX}{DKkJ}N_N;sJ1i}x7y=;_Unq#Q$q+l0#)$jV2dyVNKpOnq4#l9cDb8$n`h1;d< zZ`&KylMlF9U!8dVOol|CNxjU28@v8gEI;jC+FDd}^W$OGWp*_hsWn+oosFDxllWK@ z-)`&swf*LtrX|m{ZgivxCs^`?Jl0514y)gJ=^rVD*w3@VD@9jjNxxI{wHg8V) z?zqr@-WS82Wmn7px(lQVEt%?+@b-t{l%FTEInFlLYY1(ycZ-T%lKV#Dtir`bhAqp= z`MAGG|E?EWzU}jkK=l$i2c^jzq3-Hc_o}kW6$S{R`t>vGcdA|~7t_-DQ2)TUY+A+zZ=I+;i$wR--+Ujjv(z(?`|wiZGas@e zKB@1|bIR>mN}A(uLKqQRXEqre!13aMo@}(J^KbD8LuU~FGTz(*EF5ARD9he86V$AeteTU zD-&zX{N&cZUti0yx$l*%cyz~0Gr zyBf&Sd%Q#A4w==*FfMbs%jN%n z>uNXg8M1442P&vW-^urg=5pzmIDNKWH=HFtjlDCkVui zwCxo<T@lZ{?FX0lm2#sxxh>H9_63MjQMS&voRc#jZK{$aYWb z+^de;BHZUB=ghylEnn!zk8#R>QIT^p7Fe)CO7hIiZuJdlYa#F zZ(ei0akt7=<FuT`vj)l)8_9Fm>^TncXHATjpriu zHVRD}PZzkKX*uuW_)4W{QbV%ur~OBy^q!oxaOX#~ye$`S;`5CgC$ro%lH0{6O;}5i!o_l;%xgNzs9axEd2Cb!`b# zI>P-avZQdH3I%uT8cG7SjujLOr_N-2#BHa5xd@Cb6L%;xfR&5!cQNiE3ANexaf zbxpGf^f9P1Ff=sqHq0$G^C~L$D=^D*HZHMDv_QAbB%mrPKV6|T-Av!Lz%bK0*EGt* z#5E@?D>2d~F)1J~GdtV6%qKar$Rnx1$E-5IwVbQW%fPJ4!Z6ga(l<9TsI0OwF~zUE zz`!@i(>F)kDLE?1E7IG?)gUs|%>doD6i0)ypmc@w5%#8A4FGKS@Un7?s zFEew4oCu%7oYI1Dr$}_$O#M2b6U#GlGK;zLa=b&_GQC`!Q!_*JD}&420)2gp%%j}gT)d3)-KtWP0}BGu zssb}yBeKzLE3`=UN>5j?(2mOX3pNT$49hIecg{}qa}7>+^9WC>a!&TEa@7y_i1Y{x ztSrm*aLne4s50|0u5#4(uMDjyDGAOAa7i^Ovdl?N(@rUmDAe}$4>gTQ%?Yz~O~VLD z@310^qH+Znm&7n9r}E5zvciyj(@4XtazAaeve1x}sB*Kk5@W*>6C+oToU)v3Ltn1E zWbeS_ERS68Jpa;^rUoj6 z8m9OpJDPbo8s)iKx)k{p1*ZiiM^^b{gm_i>JLZ{YhiCYuq?#8R`vgWNW>y6U z=!fT&2NehTyPBA|lo_TO=OlA^mgh$$nV6?r8sr&OdRCeyc}92{86vPa8RQig`$xHEM|hP*rKd+Gn^q?48yS>GM8`8=9%aF8kU$vcxCBl_`8-E7Nq28XGY}dyEtk4I_4G_I-2=c29*{^I&yI^M(JI% z`KFgqbl}JDizl@o-IX`D)IBb`aedyrxG4&kcgF~I{dv#+?dYv&q@y|m!@9r?Hwhp*1JlbBnVez0V-p^$Rlj!WfP4{prvw!XV~O;NI*#ZJ%07>g)f i>9bEtp8C#ol2#?uNCW^C?Dly8 literal 1351 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5yW2bocf5 z$P5aLDu@hl^vy{$*G?|5$gIcSGjPgo1 zHTO%ZG))Z;$}}`_E6mDqGV=-WHE=U=atb!{&PKP*B%mrPKV88uDatgsG%zRGEZ3sS zBrMw~qa-^p$sonez&|4+#N0e3FR;=gJlr_SDU>TM(X7zXTi?^gC(ks`FDu+FH89D~ zEhoY!D!@G?EVa@gAV0^)+cPpf$N=3oQ@<2T<8lR~WPj)Kv?~4VG@m3R?Z8YkZ|~g7 z@Z7La=X6igGJW&Rbnk*pvx+RU;AE~mKPR&yZ-Y!Db3fmTw6J1#zapcItQ@nd!0fDm z-~z);%dFD8s>;M-!%%eF3N2E-($f|EBOSvc@=}9+vmE`h@(Mi-5-p9YJc|9Rf=#^B z)2f2?LxOWE$|8JxgOa(NGgI6GT)o4S^9y~GqXJUQEIg9+b3+T$qMXf2JR_4VTtmH# zvRpzdk}S||^A0PrC@NP7Pw_SmGWQDcj`Rrebu)-CkH`=3OwM+5bka7@EcSCO&9u<> zFH25!%?;(s3XaGza4&EPvrMjXOEpccC<#j|H!e?cHz;vVH@4JIO{@wk@JcE3if}}? zEiE(AFf~x2G&#R4+$AI}G}6@F*V!*WEHuEq+|kk}uQ<3Yuhh>d$-A)F#VIW~*D#Vx zzaYy$Dm2?K-AF$q*~BO{*S8|O#5dQ+RNtiBBPrB5KQqZ+KPb&5#~H&m&nidXLPv!{ zU!$z_Qr~ie9Mcj%mW;t?srKSf5ReBf(=cIbNCM7zW zq(bI zgJe(N%=}3As4(-QjEMZIkYsefK|@l%*gdMmKie=h)66W{DAB_>$0XD(FvO$W)u}u< zC%e)t(Na4IGf9;syIqJu-wEXGuha~HKQQSBURg3+tSzH*WJR*G}TYPA~Gt% z&C)LZ_eR?tgS}vk6(94gc|xH|$%^F+)ge>+cuhrY pl(uiLGBsXX=5ToNie<(LZypGp;I)yFcicDisqUU1|1KQa3ILV9$us}} From 31e7cca4ed8717e427d6d95d227b3552f7fda832 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 10 Sep 2024 21:58:42 +0100 Subject: [PATCH 545/826] feat: now hosting Out in UL --- applications/skynet_users.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/applications/skynet_users.nix b/applications/skynet_users.nix index 56d9e07..d186092 100644 --- a/applications/skynet_users.nix +++ b/applications/skynet_users.nix @@ -85,6 +85,20 @@ in { }; services.nginx.virtualHosts = { + "outinul.ie" = { + forceSSL = false; + useACMEHost = "skynet"; + locations = { + "/" = { + alias = "/home/outinul/public_html/"; + index = "index.html"; + extraConfig = '' + autoindex on; + ''; + tryFiles = "$uri$args $uri$args/ /index.html"; + }; + }; + }; # main site "*.users.skynet.ie" = { forceSSL = true; From 32d534be455b08fa80fb7a0a0b2a1cec0ddefec0 Mon Sep 17 00:00:00 2001 From: sysadm Date: Fri, 13 Sep 2024 21:20:09 +0000 Subject: [PATCH 546/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 4af5f72..1f701f1 100644 --- a/flake.lock +++ b/flake.lock @@ -1195,11 +1195,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1724965052, - "narHash": "sha256-DXR+GfwTlqnERWTVgMHhGczIXmOBp7NmwfWzZi/DwLM=", + "lastModified": 1726261851, + "narHash": "sha256-+m32xqV6q8NaaWoYmixWK1T4P6DpydYb7zvdUWuHS+0=", "ref": "refs/heads/main", - "rev": "551bdb31653508674cf6eca6f3f952d18b6e7232", - "revCount": 90, + "rev": "e2ac80381e4f40234a777ac55fbaaba7a38138ad", + "revCount": 91, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 5d6aec46dee04f24fed1ed0d0c12501db68b9681 Mon Sep 17 00:00:00 2001 From: sysadm Date: Sat, 14 Sep 2024 21:40:07 +0000 Subject: [PATCH 547/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 1f701f1..c033c2e 100644 --- a/flake.lock +++ b/flake.lock @@ -1195,11 +1195,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1726261851, - "narHash": "sha256-+m32xqV6q8NaaWoYmixWK1T4P6DpydYb7zvdUWuHS+0=", + "lastModified": 1726349960, + "narHash": "sha256-tUczQK8oBfD5xCHx93fPgfjH7j6HSaSd6TBrBZyuLDI=", "ref": "refs/heads/main", - "rev": "e2ac80381e4f40234a777ac55fbaaba7a38138ad", - "revCount": 91, + "rev": "00c08c4b1b6133df52f8206873c6bfaa00c8e615", + "revCount": 94, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From fdd2c24bbd56d19fba82e5c1ea7190f6094ce52a Mon Sep 17 00:00:00 2001 From: sysadm Date: Sat, 14 Sep 2024 22:46:07 +0000 Subject: [PATCH 548/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index c033c2e..8ce3123 100644 --- a/flake.lock +++ b/flake.lock @@ -1195,11 +1195,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1726349960, - "narHash": "sha256-tUczQK8oBfD5xCHx93fPgfjH7j6HSaSd6TBrBZyuLDI=", + "lastModified": 1726353796, + "narHash": "sha256-rhJpfoN4k6zHIzXwpDmaTTsYh4kKzHxmZA/Kg2s+Zwo=", "ref": "refs/heads/main", - "rev": "00c08c4b1b6133df52f8206873c6bfaa00c8e615", - "revCount": 94, + "rev": "1bd4ae2961b3482e9bbc02dcc36f19dfc637237e", + "revCount": 92, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 37c564be749d7e05369f730eee3eda615b1979f6 Mon Sep 17 00:00:00 2001 From: sysadm Date: Sun, 15 Sep 2024 00:02:53 +0000 Subject: [PATCH 549/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 8ce3123..7669399 100644 --- a/flake.lock +++ b/flake.lock @@ -1195,11 +1195,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1726353796, - "narHash": "sha256-rhJpfoN4k6zHIzXwpDmaTTsYh4kKzHxmZA/Kg2s+Zwo=", + "lastModified": 1726358529, + "narHash": "sha256-D9DEgXEaF37DHlSBdrBSBF1OcQQGzvRvk26iXf1t57A=", "ref": "refs/heads/main", - "rev": "1bd4ae2961b3482e9bbc02dcc36f19dfc637237e", - "revCount": 92, + "rev": "92ea4b1319cc533dc0d381ae026abfdcc99fe4c3", + "revCount": 93, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From c692663e0ea17bd7c05473fb6d4a5ff6309d0464 Mon Sep 17 00:00:00 2001 From: sysadm Date: Sun, 15 Sep 2024 17:28:26 +0000 Subject: [PATCH 550/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 7669399..17b9294 100644 --- a/flake.lock +++ b/flake.lock @@ -170,11 +170,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1723409220, - "narHash": "sha256-Qwwsb/D+waAhL5/qFkn8h7mJDcRfbrZNNpRlRpPU4k8=", + "lastModified": 1726421229, + "narHash": "sha256-pFqb2sfMCKUnBi/9fM9A4Q1GhSzNYTSMPy6xeF1jVWs=", "ref": "refs/heads/main", - "rev": "de685b6d6f2bb5ff3048f20333cccba0f9fe4ae8", - "revCount": 73, + "rev": "3a9b4d12c6dd833be88400bd4acbea72362eafcb", + "revCount": 74, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From 97ca87ec11f3a3a49c990614aedbf3f073c0d193 Mon Sep 17 00:00:00 2001 From: sysadm Date: Sun, 15 Sep 2024 17:57:44 +0000 Subject: [PATCH 551/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 17b9294..7669399 100644 --- a/flake.lock +++ b/flake.lock @@ -170,11 +170,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1726421229, - "narHash": "sha256-pFqb2sfMCKUnBi/9fM9A4Q1GhSzNYTSMPy6xeF1jVWs=", + "lastModified": 1723409220, + "narHash": "sha256-Qwwsb/D+waAhL5/qFkn8h7mJDcRfbrZNNpRlRpPU4k8=", "ref": "refs/heads/main", - "rev": "3a9b4d12c6dd833be88400bd4acbea72362eafcb", - "revCount": 74, + "rev": "de685b6d6f2bb5ff3048f20333cccba0f9fe4ae8", + "revCount": 73, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From 7c8d9641b5e7ccc168b6088b524d30d109d32335 Mon Sep 17 00:00:00 2001 From: sysadm Date: Mon, 16 Sep 2024 23:37:14 +0000 Subject: [PATCH 552/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 7669399..641df9c 100644 --- a/flake.lock +++ b/flake.lock @@ -1039,11 +1039,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1725281518, - "narHash": "sha256-MC0IY+bWgHtEgDj29VBYr6OUbXsMRBMWvAYKNXTc+NY=", + "lastModified": 1726528867, + "narHash": "sha256-Y6HYt4exntAw7TJsGEfs+g+6WBXWeemB/duBDixZrCw=", "ref": "refs/heads/main", - "rev": "8ba92cc47eab748510adb975e3d9197b1afb4e2b", - "revCount": 111, + "rev": "9452c0ac2ed84f31e9dd1314ac1e6e18c98bb07e", + "revCount": 112, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 8c828738ca3ee6564519d40c58e7bf5506cafdf2 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 17 Sep 2024 00:20:48 +0100 Subject: [PATCH 553/826] feat: updated the inputs for the discord bot --- applications/discord.nix | 4 ---- secrets/discord/token.age | Bin 1135 -> 1141 bytes secrets/secrets.nix | 1 - 3 files changed, 5 deletions(-) diff --git a/applications/discord.nix b/applications/discord.nix index df8f934..27c1bc9 100644 --- a/applications/discord.nix +++ b/applications/discord.nix @@ -21,7 +21,6 @@ in { #backups = [ "/etc/silver_ul_ical/database.db" ]; age.secrets.discord_token.file = ../secrets/discord/token.age; - age.secrets.discord_ldap.file = ../secrets/discord/ldap.age; age.secrets.discord_mail.file = ../secrets/email/details.age; age.secrets.discord_wolves.file = ../secrets/wolves/details.age; @@ -31,12 +30,9 @@ in { env = { discord = config.age.secrets.discord_token.path; - ldap = config.age.secrets.discord_ldap.path; mail = config.age.secrets.discord_mail.path; wolves = config.age.secrets.discord_wolves.path; }; - - discord.server = "689189992417067052"; }; }; } diff --git a/secrets/discord/token.age b/secrets/discord/token.age index 657f2f39e38ee67b34b16ffd975440566e15f64c..c7fcbe76be16c790b2ef2dee8dd38cc886037dff 100644 GIT binary patch delta 1055 zcmaFQ@s(qOPQ8b}v2(s}evn&eWT~lfK&hcmgr#AIX^xwLQidmSKNmX#3 zCzp9*NxElwewlw(Vt|KBSz=jOc5%6{S8#||g}G&7cxF+iTaa6Txv5{UFPE;JLUD11 zZfc5=si~o*f=NJCRDQZbq*<IJTxs$VjLAsftd9tUev72v^saI5bs!v|v z#E;_PVZj0Z=6-o8DITWgk-kxBxw(e=DcL1{K0c{_RbI{p2Bx7U-sy%>fq@oW$%UD2 z;V$~ACaHc|5$67R;m$dUWzL2H!I75bg>D6b{-J(m!Rg^fCb{L4;~B-n!*k6|3?tI= zvwcEL++9tKqLR`IT|+~wN=uWHO|!C#(-Tt?Ljp~zG99zI{Pe?;Dyp=d4b7vXN`1Yw zlgrIr%FBz2Gn}+DgH0TZ%#5?LGxaS^`~xBc0q?LPi=uLcjMCx~LoZLy6pyT^e7~xE@A^_t*Fxt2gOn2g zssh7^()6qV6K!o*pS;{+uF%R9*MQ*Af{cKY@{I5(M+>)*jO2h|g9=OE%Bo}^^$qNn1FbXSha||!3 zPYyQnajzdNHNMRPVxI5o&C%qKs`A|SsqAjrMIIXl2SveJ=DS65e| z)Uh&OzbMJ0I4sn{+$G)BxH8kVEF&Z|w93>yGRH6=wXi7ArK-fkv%;0@yVi4ol4A`pgt7lcEXHlVPR(5Gb zB$tI_Wp1UXx2vVLcWOpKR6usVfnQ#>U$%F$n`MBnvu{+ee^OYuxu<__GMBEMLUD11 zZfc5=si~o*f=NJCRDQZbc9gMyR=8hMKzT)#dwGgMrkk&ciFuZ5M2<;HXSeX4$^}spamOMwSsNO>)z73yP}D^Q$7cs?sY9!z?V_!m~@uORB=c zJVV2ZD?=@_^9)=9JS@yz^}P%W4az+%vdmm3pJf!UFNq3^s4VtLuE@wJG!8B{G0~4Q zEj1}IDGSM}49_U3@bL^y%nS?&G|I~6iVQPJH*?IXDE7$B@^>mq@-nw5$@0y~uQJZ4 zbcu8_3Wy3z3f9i|bPKRRj{)znB8#GOh2SC&ugdU9?M&}TC#THdf{J=)C!cUvkBHKe z;(T*=qsoHBOv5~nyoiWESFYq@b5s8m$4m=fv#bnnLklO*tmJ}>T+h%T<9rKm*W$#8 zFy}Obbn`+3Uv%rzG7}9`0~N|Fvn_ptOH;GUy(&`7^9}SX%`%dWy*Rt1FLn570!Xvr-+;S70+!B3KqP$(Ta|$C$6RSef-P|g}^0O*~EIooeiv!EO+&rsN zoL$ka^Q?08Ep${U&ofB#3=1$RFHdnwD=-VqNHK5;GxBu|@+paQPK-#*El#v3^vLkg zcFO03)2sbEYuJ7E04%8axn@sP4h1?k8(HEPA@g`OfGcg($&>f zC^yYcb2KOoPOQu?FZMF`bM?t{4J&X=vMdQU%Fn1Q3r-2HNGmBUG|Nlo>V7J%C$ULk zeufaUet4E`R0V_Nj^l3+Z|1XF$6r<7?9jo@c!>8x#a+(R^{MCA{ywRCcguo12XCHf zPwFl3sQd8FH)Trorv9x$?)E?1{{AjFW6sU)@MYq8w##e_&+Yxex-;JOEQ<-Bq85w& z*>zoy3Us|c)aw^$Xel;^Zu|A8VV~X(9?`iWuei7VI5_j>iH9>+x`|lxOy8@bNr diff --git a/secrets/secrets.nix b/secrets/secrets.nix index d0121b8..8461339 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -149,7 +149,6 @@ in { "backup/restic_pw.age".publicKeys = users ++ restic; # discord bot and discord - "discord/ldap.age".publicKeys = users ++ ldap ++ discord; "discord/token.age".publicKeys = users ++ discord; # email stuff From 2bcdfb0f83496efa2b0e9c2ab3c7339bdc3dc38a Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 17 Sep 2024 00:38:24 +0100 Subject: [PATCH 554/826] fix: dont run earch seperately --- .forgejo/workflows/deploy.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml index ceea941..cb535fd 100644 --- a/.forgejo/workflows/deploy.yaml +++ b/.forgejo/workflows/deploy.yaml @@ -30,7 +30,6 @@ jobs: steps: - uses: actions/checkout@v4 - run: nix develop - - run: colmena build -v --on earth --nix-option keep-failed true # - name: Archive Test Results # if: always() # run: sleep 100m From 65d4a91fa4c0e4be9e523f00c7e52722de79ef02 Mon Sep 17 00:00:00 2001 From: sysadm Date: Tue, 17 Sep 2024 11:12:18 +0000 Subject: [PATCH 555/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 641df9c..c092c65 100644 --- a/flake.lock +++ b/flake.lock @@ -170,11 +170,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1723409220, - "narHash": "sha256-Qwwsb/D+waAhL5/qFkn8h7mJDcRfbrZNNpRlRpPU4k8=", + "lastModified": 1726571489, + "narHash": "sha256-4p0g6Zn0pgHnaHUdzpH7oBR8yaFj5vgOXjZbAPkrjBY=", "ref": "refs/heads/main", - "rev": "de685b6d6f2bb5ff3048f20333cccba0f9fe4ae8", - "revCount": 73, + "rev": "ac55cd45e297ade761184d1fcaf0ed6fc4c77edc", + "revCount": 77, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From 2e06a80dfca05048f4e3f81ae2fd4a223b6d843b Mon Sep 17 00:00:00 2001 From: sysadm Date: Tue, 17 Sep 2024 11:40:09 +0000 Subject: [PATCH 556/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index c092c65..74a850f 100644 --- a/flake.lock +++ b/flake.lock @@ -170,11 +170,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1726571489, - "narHash": "sha256-4p0g6Zn0pgHnaHUdzpH7oBR8yaFj5vgOXjZbAPkrjBY=", + "lastModified": 1726573168, + "narHash": "sha256-XmN6OYB1DT7c+Sumfv8gJ2SUBzIqJOCWbrRw/633u5s=", "ref": "refs/heads/main", - "rev": "ac55cd45e297ade761184d1fcaf0ed6fc4c77edc", - "revCount": 77, + "rev": "3fb2fd46cc5709fa9a2225ae81f08657de87e2f0", + "revCount": 78, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From 5012dd992f0e3a7afd376423b38fab31b8a95e7e Mon Sep 17 00:00:00 2001 From: sysadm Date: Tue, 17 Sep 2024 21:35:54 +0000 Subject: [PATCH 557/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 74a850f..c61112d 100644 --- a/flake.lock +++ b/flake.lock @@ -1039,11 +1039,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1726528867, - "narHash": "sha256-Y6HYt4exntAw7TJsGEfs+g+6WBXWeemB/duBDixZrCw=", + "lastModified": 1726608802, + "narHash": "sha256-HNG0m8oq240Ch6yuft+Qi+/w+qogsC9D6Oc5RoQpteU=", "ref": "refs/heads/main", - "rev": "9452c0ac2ed84f31e9dd1314ac1e6e18c98bb07e", - "revCount": 112, + "rev": "d9211dca9a700b298b08b3cb64cfb0a31615dae4", + "revCount": 133, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 5eeda983eb783cf3a8a715600c72e8d92e5ba880 Mon Sep 17 00:00:00 2001 From: sysadm Date: Tue, 17 Sep 2024 22:23:02 +0000 Subject: [PATCH 558/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index c61112d..1650d0e 100644 --- a/flake.lock +++ b/flake.lock @@ -1039,11 +1039,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1726608802, - "narHash": "sha256-HNG0m8oq240Ch6yuft+Qi+/w+qogsC9D6Oc5RoQpteU=", + "lastModified": 1726611631, + "narHash": "sha256-zNZ9/Jci7WibMTV71GxqnFr0DREmsM9kGQ4gjCIqRds=", "ref": "refs/heads/main", - "rev": "d9211dca9a700b298b08b3cb64cfb0a31615dae4", - "revCount": 133, + "rev": "43c5cd2effcada4e2b417b692d99c5add88034bc", + "revCount": 134, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 5d72d1aa84007ec2ba3b846938a444fe6bedc6c7 Mon Sep 17 00:00:00 2001 From: sysadm Date: Tue, 17 Sep 2024 23:06:27 +0000 Subject: [PATCH 559/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 1650d0e..a541f14 100644 --- a/flake.lock +++ b/flake.lock @@ -1039,11 +1039,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1726611631, - "narHash": "sha256-zNZ9/Jci7WibMTV71GxqnFr0DREmsM9kGQ4gjCIqRds=", + "lastModified": 1726614233, + "narHash": "sha256-B9SgMs3fpJrLXtiunCxYbm1dDXajRK3OOKXS75PWlnQ=", "ref": "refs/heads/main", - "rev": "43c5cd2effcada4e2b417b692d99c5add88034bc", - "revCount": 134, + "rev": "0ab290a8768e3fbe8e05036b2892a18c7f7f6d46", + "revCount": 136, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 951a72d0a64f61e054bd6857e1d0d62c828bf468 Mon Sep 17 00:00:00 2001 From: sysadm Date: Wed, 18 Sep 2024 06:17:25 +0000 Subject: [PATCH 560/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index a541f14..cd22daa 100644 --- a/flake.lock +++ b/flake.lock @@ -1039,11 +1039,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1726614233, - "narHash": "sha256-B9SgMs3fpJrLXtiunCxYbm1dDXajRK3OOKXS75PWlnQ=", + "lastModified": 1726640125, + "narHash": "sha256-pjiC2vLJVhFaGP5TATkOoK4wIRiX8LyP7vCc2Te34Ws=", "ref": "refs/heads/main", - "rev": "0ab290a8768e3fbe8e05036b2892a18c7f7f6d46", - "revCount": 136, + "rev": "5e17a98bff0d15dc34ae36af4817e585b14cd5fb", + "revCount": 137, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 839009195aebc2a984bfddb24f310abd32da345b Mon Sep 17 00:00:00 2001 From: sysadm Date: Wed, 18 Sep 2024 11:04:52 +0000 Subject: [PATCH 561/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index cd22daa..fbeec0d 100644 --- a/flake.lock +++ b/flake.lock @@ -170,11 +170,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1726573168, - "narHash": "sha256-XmN6OYB1DT7c+Sumfv8gJ2SUBzIqJOCWbrRw/633u5s=", + "lastModified": 1726657463, + "narHash": "sha256-/8T5K5dm6h34giXPl6QvGx8CQkUTOSJED/6t0ZV2KYk=", "ref": "refs/heads/main", - "rev": "3fb2fd46cc5709fa9a2225ae81f08657de87e2f0", - "revCount": 78, + "rev": "1181367a11365a6580042345674e7eadf26bb9fa", + "revCount": 79, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From fdebdb6cc5437647f41cae888cd73309c9789305 Mon Sep 17 00:00:00 2001 From: sysadm Date: Wed, 18 Sep 2024 15:46:32 +0000 Subject: [PATCH 562/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index fbeec0d..efe3c54 100644 --- a/flake.lock +++ b/flake.lock @@ -1195,11 +1195,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1726358529, - "narHash": "sha256-D9DEgXEaF37DHlSBdrBSBF1OcQQGzvRvk26iXf1t57A=", + "lastModified": 1726674347, + "narHash": "sha256-x4L6nf1ephWIHhuyErlyETn1XCQkCuKq0VCG+Q/Ivu8=", "ref": "refs/heads/main", - "rev": "92ea4b1319cc533dc0d381ae026abfdcc99fe4c3", - "revCount": 93, + "rev": "88c9104dd7c178e6fc62a992f790822b7c45a996", + "revCount": 94, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 0907c36e18fd4dfcd913ae11efab96079ac50e91 Mon Sep 17 00:00:00 2001 From: sysadm Date: Wed, 18 Sep 2024 15:51:32 +0000 Subject: [PATCH 563/826] Updated flake for skynet_website_wiki --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index efe3c54..9a5c84d 100644 --- a/flake.lock +++ b/flake.lock @@ -1195,10 +1195,10 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1726674347, - "narHash": "sha256-x4L6nf1ephWIHhuyErlyETn1XCQkCuKq0VCG+Q/Ivu8=", + "lastModified": 1726674372, + "narHash": "sha256-llwNokioxgiBVW3SoWa+9Ygdd/UpCDQR7KHITcyFIUo=", "ref": "refs/heads/main", - "rev": "88c9104dd7c178e6fc62a992f790822b7c45a996", + "rev": "d272a03ee05e28ba1d91f8bb10f90321be5e675f", "revCount": 94, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" From b215f105136bd4a8e923ceeadb0ffab83f4b4a4c Mon Sep 17 00:00:00 2001 From: sysadm Date: Fri, 20 Sep 2024 14:16:11 +0000 Subject: [PATCH 564/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 9a5c84d..73425db 100644 --- a/flake.lock +++ b/flake.lock @@ -1195,11 +1195,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1726674372, - "narHash": "sha256-llwNokioxgiBVW3SoWa+9Ygdd/UpCDQR7KHITcyFIUo=", + "lastModified": 1726841737, + "narHash": "sha256-n7ugJch0sg38+FEXKj9P245pOBxLne5A1vt8nYIMcik=", "ref": "refs/heads/main", - "rev": "d272a03ee05e28ba1d91f8bb10f90321be5e675f", - "revCount": 94, + "rev": "20d3a3c6834e3205bd1d131d26862cb0f3acb62f", + "revCount": 95, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 668dd903588db799a98df81e109b462ff6cc6a79 Mon Sep 17 00:00:00 2001 From: sysadm Date: Sun, 22 Sep 2024 17:06:21 +0000 Subject: [PATCH 565/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 73425db..7cc2816 100644 --- a/flake.lock +++ b/flake.lock @@ -1195,11 +1195,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1726841737, - "narHash": "sha256-n7ugJch0sg38+FEXKj9P245pOBxLne5A1vt8nYIMcik=", + "lastModified": 1727024742, + "narHash": "sha256-9KJ3M5Dih1FJqWOViLxNdxSjQ1JJoBDU4enB9MWLfNw=", "ref": "refs/heads/main", - "rev": "20d3a3c6834e3205bd1d131d26862cb0f3acb62f", - "revCount": 95, + "rev": "52b8dd70da37d6c67ae5917caf6b90951f9a7bb1", + "revCount": 96, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 8725a9af9d2ad38838cfe3d62e53dd79a82fc6f2 Mon Sep 17 00:00:00 2001 From: sysadm Date: Sun, 22 Sep 2024 18:46:10 +0000 Subject: [PATCH 566/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 7cc2816..e022e84 100644 --- a/flake.lock +++ b/flake.lock @@ -1195,11 +1195,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1727024742, - "narHash": "sha256-9KJ3M5Dih1FJqWOViLxNdxSjQ1JJoBDU4enB9MWLfNw=", + "lastModified": 1727030734, + "narHash": "sha256-PfFXTdyI+pz/V6f1Qoy8C2yxGAgF+MjhzO+V5SaInbc=", "ref": "refs/heads/main", - "rev": "52b8dd70da37d6c67ae5917caf6b90951f9a7bb1", - "revCount": 96, + "rev": "cf3853c2dbe3ed201b934a682c1dd5050470284c", + "revCount": 98, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 103bd93772c12c5e78e784a6a15dd315b5460a38 Mon Sep 17 00:00:00 2001 From: sysadm Date: Mon, 23 Sep 2024 12:47:45 +0000 Subject: [PATCH 567/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index e022e84..c0d25f7 100644 --- a/flake.lock +++ b/flake.lock @@ -170,11 +170,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1726657463, - "narHash": "sha256-/8T5K5dm6h34giXPl6QvGx8CQkUTOSJED/6t0ZV2KYk=", + "lastModified": 1727095598, + "narHash": "sha256-Nx2vcjA0RZV5gn9Ky2hEhKWlyGa6oBTKdgwx14B0MC0=", "ref": "refs/heads/main", - "rev": "1181367a11365a6580042345674e7eadf26bb9fa", - "revCount": 79, + "rev": "7cfce43b8c3ad38e0884311d7491b8738c785af0", + "revCount": 81, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From 683197680570c7095c515db40df8be7932fd5359 Mon Sep 17 00:00:00 2001 From: sysadm Date: Mon, 23 Sep 2024 13:26:32 +0000 Subject: [PATCH 568/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index c0d25f7..297407e 100644 --- a/flake.lock +++ b/flake.lock @@ -170,11 +170,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1727095598, - "narHash": "sha256-Nx2vcjA0RZV5gn9Ky2hEhKWlyGa6oBTKdgwx14B0MC0=", + "lastModified": 1727097956, + "narHash": "sha256-7dljON1S2Oj67xcrv+r+A1n8Oo7ky5V5tqX8l+g46Ng=", "ref": "refs/heads/main", - "rev": "7cfce43b8c3ad38e0884311d7491b8738c785af0", - "revCount": 81, + "rev": "08c19c1a646db9bf98f18041f6461ba449c0d0af", + "revCount": 83, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From 13e9552799729228522740810ac80b98f685035e Mon Sep 17 00:00:00 2001 From: sysadm Date: Mon, 23 Sep 2024 14:01:41 +0000 Subject: [PATCH 569/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 297407e..5ac5da0 100644 --- a/flake.lock +++ b/flake.lock @@ -170,11 +170,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1727097956, - "narHash": "sha256-7dljON1S2Oj67xcrv+r+A1n8Oo7ky5V5tqX8l+g46Ng=", + "lastModified": 1727100058, + "narHash": "sha256-1HSR8dxeHgWFdYCpumiyQjNUHe+6D3mGwzi6JN+p2Sg=", "ref": "refs/heads/main", - "rev": "08c19c1a646db9bf98f18041f6461ba449c0d0af", - "revCount": 83, + "rev": "34a05e9baf1eb91fa7ebeed79804ec3028d36a55", + "revCount": 84, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From 95e9b971b2ef49c06173d25088b174cd7edd556e Mon Sep 17 00:00:00 2001 From: esy Date: Mon, 23 Sep 2024 20:07:43 +0000 Subject: [PATCH 570/826] feat: add license --- LICENSE | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..3283b25 --- /dev/null +++ b/LICENSE @@ -0,0 +1,9 @@ +MIT License + +Copyright (c) 2024 Skynet + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. \ No newline at end of file From 743f6faa446bb26d3fc4530ceb0e58ce84164a1b Mon Sep 17 00:00:00 2001 From: sysadm Date: Mon, 23 Sep 2024 20:09:07 +0000 Subject: [PATCH 571/826] Updated flake for skynet_website_games --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 5ac5da0..6919e37 100644 --- a/flake.lock +++ b/flake.lock @@ -1175,11 +1175,11 @@ "utils": "utils_10" }, "locked": { - "lastModified": 1723409493, - "narHash": "sha256-nZwNkGHL8aRlYroTfCSXYlI9Q7qzYXcnd6RlH50W9W8=", + "lastModified": 1727122069, + "narHash": "sha256-GOPYcXDc+KN6LmxMqobFUOn6e9e0khBW3SrFLj6+2i4=", "ref": "refs/heads/main", - "rev": "5884131ff5e2d631695b91fb4efc3253e302e7d5", - "revCount": 11, + "rev": "e6d9056653610ca12839ac6c6d699bb36e5fa6db", + "revCount": 12, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_games" }, From 7eb83514cad59ebdf0bc2f90c1367b6fc4c83398 Mon Sep 17 00:00:00 2001 From: sysadm Date: Tue, 24 Sep 2024 10:07:51 +0000 Subject: [PATCH 572/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 6919e37..a70e9ab 100644 --- a/flake.lock +++ b/flake.lock @@ -170,11 +170,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1727100058, - "narHash": "sha256-1HSR8dxeHgWFdYCpumiyQjNUHe+6D3mGwzi6JN+p2Sg=", + "lastModified": 1727172430, + "narHash": "sha256-R342biR6aDlMpomqrBf9Lk3r3IuzncOPlMKyfk03J/Q=", "ref": "refs/heads/main", - "rev": "34a05e9baf1eb91fa7ebeed79804ec3028d36a55", - "revCount": 84, + "rev": "0103180b055be94a5547b3a4c893949321946fe7", + "revCount": 85, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From a6a368457ab5bf5d1a278b95d2bbee957a2a077b Mon Sep 17 00:00:00 2001 From: sysadm Date: Tue, 24 Sep 2024 12:56:58 +0000 Subject: [PATCH 573/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index a70e9ab..e52a631 100644 --- a/flake.lock +++ b/flake.lock @@ -170,11 +170,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1727172430, - "narHash": "sha256-R342biR6aDlMpomqrBf9Lk3r3IuzncOPlMKyfk03J/Q=", + "lastModified": 1727182581, + "narHash": "sha256-zawwjPNh3D8RhqzO4XfKs7hYQbmqfwgWYUZdMCmkqzQ=", "ref": "refs/heads/main", - "rev": "0103180b055be94a5547b3a4c893949321946fe7", - "revCount": 85, + "rev": "aca7ed10f3f00aa60a3b13f24c9995a5a0f6a644", + "revCount": 86, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From 181a78286ee17fbe23f9cf399bfae1af61b882c2 Mon Sep 17 00:00:00 2001 From: sysadm Date: Tue, 24 Sep 2024 18:24:08 +0000 Subject: [PATCH 574/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index e52a631..58dcc14 100644 --- a/flake.lock +++ b/flake.lock @@ -1195,11 +1195,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1727030734, - "narHash": "sha256-PfFXTdyI+pz/V6f1Qoy8C2yxGAgF+MjhzO+V5SaInbc=", + "lastModified": 1727202084, + "narHash": "sha256-mjIqzAOPthSDG7/EvnUDdfZrWsiBmoKv8tl5Wmzd94A=", "ref": "refs/heads/main", - "rev": "cf3853c2dbe3ed201b934a682c1dd5050470284c", - "revCount": 98, + "rev": "ab0add44756d4992fc2b2da4eba163016ccb3d1c", + "revCount": 100, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 14334cbee4d5400371a9fcba59387ed33f19c0c6 Mon Sep 17 00:00:00 2001 From: sysadm Date: Wed, 25 Sep 2024 14:31:56 +0000 Subject: [PATCH 575/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 58dcc14..b8d9798 100644 --- a/flake.lock +++ b/flake.lock @@ -170,11 +170,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1727182581, - "narHash": "sha256-zawwjPNh3D8RhqzO4XfKs7hYQbmqfwgWYUZdMCmkqzQ=", + "lastModified": 1727274677, + "narHash": "sha256-LPIJX+bm+44/2xheZAwOIja0YKvPjyZFJw/h3PqY56Q=", "ref": "refs/heads/main", - "rev": "aca7ed10f3f00aa60a3b13f24c9995a5a0f6a644", - "revCount": 86, + "rev": "022f8b6428ca6caf4a961eb94e433d5665737393", + "revCount": 88, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From 71d6d7555b9576bfccea0ec2f21941e4dbfd736d Mon Sep 17 00:00:00 2001 From: sysadm Date: Wed, 25 Sep 2024 14:56:13 +0000 Subject: [PATCH 576/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index b8d9798..0a1e104 100644 --- a/flake.lock +++ b/flake.lock @@ -170,11 +170,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1727274677, - "narHash": "sha256-LPIJX+bm+44/2xheZAwOIja0YKvPjyZFJw/h3PqY56Q=", + "lastModified": 1727276130, + "narHash": "sha256-LGQf3pWdnsCxMHrci2Hz4Lopp+0+OyHVxg+ILk8+lZs=", "ref": "refs/heads/main", - "rev": "022f8b6428ca6caf4a961eb94e433d5665737393", - "revCount": 88, + "rev": "6e851d7d5d1a741eb99a668211588f70138658ab", + "revCount": 89, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From be4f8dbe8967fa8f906d2617b28fa1aae2f46bc7 Mon Sep 17 00:00:00 2001 From: sysadm Date: Wed, 25 Sep 2024 15:10:03 +0000 Subject: [PATCH 577/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 0a1e104..5619561 100644 --- a/flake.lock +++ b/flake.lock @@ -170,11 +170,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1727276130, - "narHash": "sha256-LGQf3pWdnsCxMHrci2Hz4Lopp+0+OyHVxg+ILk8+lZs=", + "lastModified": 1727276962, + "narHash": "sha256-r4jvZImjYSgXrd2JfVI4tZGugvN5zF18aAHBmGA9HaY=", "ref": "refs/heads/main", - "rev": "6e851d7d5d1a741eb99a668211588f70138658ab", - "revCount": 89, + "rev": "84e9b71303b7b2ec504bf59c1f1bd05412248fc9", + "revCount": 90, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From d76d5acbb70e6909fae64ce81d2a2f1c88217b7d Mon Sep 17 00:00:00 2001 From: sysadm Date: Wed, 25 Sep 2024 15:23:37 +0000 Subject: [PATCH 578/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 5619561..f73821b 100644 --- a/flake.lock +++ b/flake.lock @@ -170,11 +170,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1727276962, - "narHash": "sha256-r4jvZImjYSgXrd2JfVI4tZGugvN5zF18aAHBmGA9HaY=", + "lastModified": 1727277778, + "narHash": "sha256-rP2F3DJqHwi7TiZngRqJfkCTHth6eStViM6o0uTMBdU=", "ref": "refs/heads/main", - "rev": "84e9b71303b7b2ec504bf59c1f1bd05412248fc9", - "revCount": 90, + "rev": "0a59b61902b8b72341faf662622a1f782ed6dff1", + "revCount": 91, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From 8275f3063b6f9e7f8d4ec69570c54432d81c961e Mon Sep 17 00:00:00 2001 From: sysadm Date: Wed, 25 Sep 2024 16:31:32 +0000 Subject: [PATCH 579/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index f73821b..1bae1db 100644 --- a/flake.lock +++ b/flake.lock @@ -170,11 +170,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1727277778, - "narHash": "sha256-rP2F3DJqHwi7TiZngRqJfkCTHth6eStViM6o0uTMBdU=", + "lastModified": 1727281839, + "narHash": "sha256-ZAE++E11aghE6F1s72EEYrx6LZOKf3jbI9i1S8jy2DA=", "ref": "refs/heads/main", - "rev": "0a59b61902b8b72341faf662622a1f782ed6dff1", - "revCount": 91, + "rev": "96c18575195b6f42c77478e3a086bb96a368e68c", + "revCount": 98, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From d47abf2527162918f5fb8800a7c65dace3b1533a Mon Sep 17 00:00:00 2001 From: sysadm Date: Wed, 25 Sep 2024 16:40:29 +0000 Subject: [PATCH 580/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 1bae1db..5716634 100644 --- a/flake.lock +++ b/flake.lock @@ -170,11 +170,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1727281839, - "narHash": "sha256-ZAE++E11aghE6F1s72EEYrx6LZOKf3jbI9i1S8jy2DA=", + "lastModified": 1727282381, + "narHash": "sha256-psKmP2ZNtS07zF0CoYYiJQ88n0H2/vix06r9HrnKxlw=", "ref": "refs/heads/main", - "rev": "96c18575195b6f42c77478e3a086bb96a368e68c", - "revCount": 98, + "rev": "01bbbb681355a5e8c630ce727cc52da080c28dbb", + "revCount": 99, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From 335f2f08f1e4f146d6639ecac3f8c99ae8f2417d Mon Sep 17 00:00:00 2001 From: sysadm Date: Wed, 25 Sep 2024 19:46:01 +0000 Subject: [PATCH 581/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 5716634..705b34f 100644 --- a/flake.lock +++ b/flake.lock @@ -170,11 +170,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1727282381, - "narHash": "sha256-psKmP2ZNtS07zF0CoYYiJQ88n0H2/vix06r9HrnKxlw=", + "lastModified": 1727293483, + "narHash": "sha256-dypS15lTArGNMu1Bsz936zPz7CFW+50sNJXOcJ9t4X8=", "ref": "refs/heads/main", - "rev": "01bbbb681355a5e8c630ce727cc52da080c28dbb", - "revCount": 99, + "rev": "f71419f0f579bf89c6f1e67fa2e96d7b6f6db67e", + "revCount": 101, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From df6825cb7ef34435b949dd26ea86048ceedf6f64 Mon Sep 17 00:00:00 2001 From: sysadm Date: Fri, 27 Sep 2024 19:23:52 +0000 Subject: [PATCH 582/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 705b34f..20c2c5f 100644 --- a/flake.lock +++ b/flake.lock @@ -170,11 +170,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1727293483, - "narHash": "sha256-dypS15lTArGNMu1Bsz936zPz7CFW+50sNJXOcJ9t4X8=", + "lastModified": 1727464970, + "narHash": "sha256-j6krbOmMDxZVGZ7WDdSKrKe6ensi/0vu/QOuYGvkS/I=", "ref": "refs/heads/main", - "rev": "f71419f0f579bf89c6f1e67fa2e96d7b6f6db67e", - "revCount": 101, + "rev": "ece869efae2208dd6d05f888690aed0cdbf9b31e", + "revCount": 102, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From 542ee2858eccac3684f3292b0de57016b22e0a11 Mon Sep 17 00:00:00 2001 From: sysadm Date: Sun, 29 Sep 2024 09:37:14 +0000 Subject: [PATCH 583/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 20c2c5f..6c8a160 100644 --- a/flake.lock +++ b/flake.lock @@ -170,11 +170,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1727464970, - "narHash": "sha256-j6krbOmMDxZVGZ7WDdSKrKe6ensi/0vu/QOuYGvkS/I=", + "lastModified": 1727602550, + "narHash": "sha256-xTMWzYuM2ZoTRa30AYp+10dpbflvzlF9lBCOA8vxhdk=", "ref": "refs/heads/main", - "rev": "ece869efae2208dd6d05f888690aed0cdbf9b31e", - "revCount": 102, + "rev": "4af037f195249d5db2aafc612c562f790ad91f9a", + "revCount": 103, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From e1a3a64a8d28e75138a10085f18f1bb01fdd2ab8 Mon Sep 17 00:00:00 2001 From: sysadm Date: Sun, 29 Sep 2024 19:10:15 +0000 Subject: [PATCH 584/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 6c8a160..beaac1c 100644 --- a/flake.lock +++ b/flake.lock @@ -1039,11 +1039,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1726640125, - "narHash": "sha256-pjiC2vLJVhFaGP5TATkOoK4wIRiX8LyP7vCc2Te34Ws=", + "lastModified": 1727636858, + "narHash": "sha256-cnibo+gNTy4onnRMCoORbrvXDMdloWqHbK0U1JZ+9a0=", "ref": "refs/heads/main", - "rev": "5e17a98bff0d15dc34ae36af4817e585b14cd5fb", - "revCount": 137, + "rev": "42f301455a18a8d3a023374b3d7b21a067c286c0", + "revCount": 141, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From c0aa5c138d876676cf5ac7b725147e8616d5f2c2 Mon Sep 17 00:00:00 2001 From: sysadm Date: Sun, 29 Sep 2024 23:22:29 +0000 Subject: [PATCH 585/826] Updated flake for skynet_discord_bot --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index beaac1c..a0dcd44 100644 --- a/flake.lock +++ b/flake.lock @@ -1039,11 +1039,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1727636858, - "narHash": "sha256-cnibo+gNTy4onnRMCoORbrvXDMdloWqHbK0U1JZ+9a0=", + "lastModified": 1727651998, + "narHash": "sha256-2YtDLIxtaA/BN8g1nCx753OYs/+4R0etW//j2d5UWjQ=", "ref": "refs/heads/main", - "rev": "42f301455a18a8d3a023374b3d7b21a067c286c0", - "revCount": 141, + "rev": "80c9191eeec29ba20ef4084713eca7fe0cab7412", + "revCount": 151, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/discord-bot" }, From 259a6df8a7fc47db35246e2cea41beb49c359767 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 4 Oct 2024 11:58:00 +0100 Subject: [PATCH 586/826] feat: allow for the sserver instance to sign off merge commits --- applications/git/forgejo.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/applications/git/forgejo.nix b/applications/git/forgejo.nix index 4f35e0b..d0ff9ef 100644 --- a/applications/git/forgejo.nix +++ b/applications/git/forgejo.nix @@ -76,6 +76,12 @@ in { }; }; + # for signing reasons + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + services.forgejo = { enable = true; package = pkgs.forgejo; @@ -92,11 +98,21 @@ in { # You can temporarily allow registration to create an admin user. service.DISABLE_REGISTRATION = true; + # Add support for actions, based on act: https://github.com/nektos/act actions = { ENABLED = true; DEFAULT_ACTIONS_URL = "github"; }; + + # Allow for signing off merge requests + "repository.signing" = { + SIGNING_KEY = "5B2DED0FE9F8627A"; + SIGNING_NAME = "Skynet"; + SIGNING_EMAIL = "forgejo@glados.skynet.ie"; + MERGES = "always"; + }; + # Sending emails is completely optional # You can send a test email from the web UI at: # Profile Picture > Site Administration > Configuration > Mailer Configuration From 51d8a84432e13dba6d8fc7c26fb77816b0efac48 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 4 Oct 2024 11:58:53 +0100 Subject: [PATCH 587/826] feat: initial removal of the gitlab runner For scream testing --- machines/wheatly.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/machines/wheatly.nix b/machines/wheatly.nix index 6d78395..a2cab80 100644 --- a/machines/wheatly.nix +++ b/machines/wheatly.nix @@ -25,7 +25,7 @@ Notes: }; in { imports = [ - ../applications/git/gitlab_runner.nix + # ../applications/git/gitlab_runner.nix ../applications/git/forgejo_runner.nix ]; @@ -41,10 +41,10 @@ in { host = host; backup.enable = true; - gitlab_runner = { - enable = true; - runner.name = "runner01"; - }; + # gitlab_runner = { + # enable = true; + # runner.name = "runner01"; + # }; forgejo_runner.enable = true; }; From ad9e434a286b5b8c997c3812b912c774f8ac2a13 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 4 Oct 2024 12:00:48 +0100 Subject: [PATCH 588/826] feat: forgejo runner needs docker enabled --- applications/git/forgejo_runner.nix | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/applications/git/forgejo_runner.nix b/applications/git/forgejo_runner.nix index 1cf9776..f1903ff 100644 --- a/applications/git/forgejo_runner.nix +++ b/applications/git/forgejo_runner.nix @@ -107,6 +107,12 @@ in { }; }; + boot.kernel.sysctl."net.ipv4.ip_forward" = true; # 1 + virtualisation.docker.enable = true; + + # taken from https://github.com/NixOS/nixpkgs/issues/245365#issuecomment-1663854128 + virtualisation.docker.listenOptions = ["/run/docker.sock" "127.0.0.1:2375"]; + # the actual runner services.gitea-actions-runner = { package = pkgs.forgejo-actions-runner; @@ -118,8 +124,8 @@ in { labels = [ ## optionally provide native execution on the host: "nix:host" - "docker:docker://node:16-bullseye" - "ubuntu-latest:docker://node:16-bullseye" + "docker:docker://node:22-bookworm" + "ubuntu-latest:docker://node:22-bookworm" ]; hostPackages = with pkgs; [ @@ -128,7 +134,7 @@ in { coreutils curl gawk - gitMinimal + git gnused nodejs wget @@ -145,6 +151,7 @@ in { attic-client nix openssh + sudo ]; }; }; From a4be5de575274cb1123c24ed499df02d1cf9462b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 4 Oct 2024 12:37:56 +0100 Subject: [PATCH 589/826] feat: switching over the committee --- config/users.nix | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/config/users.nix b/config/users.nix index fbe14f6..2da4c25 100644 --- a/config/users.nix +++ b/config/users.nix @@ -50,19 +50,21 @@ in { config.skynet = { users = { committee = lib.lists.unique ( - # Committee + # Committee - Core [ "silver" "eoghanconlon73" - "sidhiel" - "maksimsger1" - "kaiden" - "pine" "nanda" - "sourabh1805" - "kronsy" + # Emily + # Sean + ] + # Committee - OCM + ++ [ + "sidhiel" "skyapples" - "emi05h" + "eliza" + "amymucko" + # Archie ] # Admins are part of Committee as well ++ cfg.admin @@ -70,14 +72,10 @@ in { admin = [ "silver" "evanc" - "eoghanconlon73" "eliza" "esy" ]; - trainee = [ - "milan" - "kronsy" - ]; + trainee = []; lifetime = []; banned = []; From 5c5ea3678d3b94d2a7f3ca874f16405b28860277 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 4 Oct 2024 12:37:56 +0100 Subject: [PATCH 590/826] feat: switching over the committee --- config/users.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config/users.nix b/config/users.nix index 2da4c25..659b6b3 100644 --- a/config/users.nix +++ b/config/users.nix @@ -55,8 +55,8 @@ in { "silver" "eoghanconlon73" "nanda" - # Emily - # Sean + "emily1999" + "dgr" ] # Committee - OCM ++ [ @@ -64,7 +64,7 @@ in { "skyapples" "eliza" "amymucko" - # Archie + "archiedms" ] # Admins are part of Committee as well ++ cfg.admin From 0b0db08f0108a53491145b479b3ecc839b8b4332 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 5 Oct 2024 11:15:38 +0100 Subject: [PATCH 591/826] feat: actually record our wifi network --- ITD/Server_Inventory.csv | 3 ++- config/dns.nix | 7 +++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/ITD/Server_Inventory.csv b/ITD/Server_Inventory.csv index eabe2a7..5b3d8c0 100644 --- a/ITD/Server_Inventory.csv +++ b/ITD/Server_Inventory.csv @@ -18,4 +18,5 @@ SKYNET00016,optimus,Active,193.1.99.90,Debian-12,Games server manager (replacing SKYNET00017,bumblebee,Active,193.1.99.91,Debian-12,Game server - Minecraft SKYNET00018,calculon,Active,193.1.99.82,Nixos-24.05,"Public Services such as binary cache, Open Governance and Keyserver" SKYNET00019,deepthought,Active,193.1.99.112,Nixos-24.05,Backup Test Server using restic -SKYNET00020,ariia,Active,193.1.99.83,Nixos-24.05,"Metrics, Grafana and Prometheus" \ No newline at end of file +SKYNET00020,ariia,Active,193.1.99.83,Nixos-24.05,"Metrics, Grafana and Prometheus" +SKYNET00021,ash,Active,193.1.99.114,NA,Server Room Network access \ No newline at end of file diff --git a/config/dns.nix b/config/dns.nix index f4b0119..592ed3a 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -12,6 +12,13 @@ config = { skynet.records = [ + # wifi in server room + { + record = "ash"; + r_type = "A"; + value = "193.1.99.114"; + server = true; + } { record = "optimus"; r_type = "A"; From 91d76c08f1eaaba18b62f826fc94406189812340 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 5 Oct 2024 12:20:24 +0100 Subject: [PATCH 592/826] feat: limit the dns to explicitly servers we are using Closes #134 --- applications/dns/dns.nix | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/applications/dns/dns.nix b/applications/dns/dns.nix index 8b4b8b5..9206b75 100644 --- a/applications/dns/dns.nix +++ b/applications/dns/dns.nix @@ -13,11 +13,14 @@ current_date = self.lastModified; # this gets a list of all domains we have records for - domains = lib.lists.naturalSort ( - lib.lists.unique ( - lib.lists.forEach records (x: x.domain) - ) - ); + domains = lib.lists.naturalSort (lib.lists.unique ( + lib.lists.forEach records (x: x.domain) + )); + + # get the ip's of our servers + servers = lib.lists.naturalSort (lib.lists.unique ( + lib.lists.forEach (sort_records_server records) (x: x.value) + )); domains_owned = [ # for historic reasons we own this @@ -175,7 +178,9 @@ ); # small function to tidy up the spam of the cache networks, would use teh subnet except all external traffic has the ip of teh router - create_cache_networks = map (x: "193.1.99.${toString x}/32") (lib.lists.range 71 126); + # now limited explicitly to servers that we are administering + # See i24-09-30_050 for more information + create_cache_networks = map (x: "${toString x}/32") servers; # standard function to create the etc file, pass in the text and domain and it makes it create_entry_etc_sub = domain: text: { @@ -238,7 +243,7 @@ */ ++ builtins.concatLists ( lib.attrsets.mapAttrsToList ( - key: value: value.config.services.skynet."${name}".records + key: value: value.config.services.skynet.dns.records ) nodes ); From 1fcfc78c6b09af38d6b252122c579fccb2fd7780 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 5 Oct 2024 12:35:22 +0100 Subject: [PATCH 593/826] doc: add a pile of documentation to teh dns file --- applications/dns/dns.nix | 50 +++++++++++++++++++++++++--------------- 1 file changed, 32 insertions(+), 18 deletions(-) diff --git a/applications/dns/dns.nix b/applications/dns/dns.nix index 9206b75..1717a50 100644 --- a/applications/dns/dns.nix +++ b/applications/dns/dns.nix @@ -19,7 +19,7 @@ # get the ip's of our servers servers = lib.lists.naturalSort (lib.lists.unique ( - lib.lists.forEach (sort_records_server records) (x: x.value) + lib.lists.forEach (sort_records_a_server records) (x: x.value) )); domains_owned = [ @@ -33,9 +33,12 @@ # gets a list of records that match this type filter_records_type = records: r_type: builtins.filter (x: x.r_type == r_type) records; - filter_records_server = records: builtins.filter (x: builtins.hasAttr "server" x && x.server) (filter_records_type records "A"); + # Get all the A records that are for servers (base record for them) + filter_records_a_server = records: builtins.filter (x: builtins.hasAttr "server" x && x.server) (filter_records_type records "A"); + # Every other A record filter_records_a = records: builtins.filter (x: builtins.hasAttr "server" x && !x.server) (filter_records_type records "A"); + # These functions are to get the final 3 digits of an IP address so we can use them for reverse pointer process_ptr = records: lib.lists.forEach records (x: process_ptr_sub x); process_ptr_sub = record: { record = builtins.substring 9 3 record.record; @@ -44,39 +47,49 @@ }; ip_ptr_to_int = ip: lib.strings.toInt (builtins.substring 9 3 ip); - sort_records_server = records: builtins.sort (a: b: a.record < b.record) (filter_records_server records); + # filter and sort records so we cna group them in the right place later + sort_records_a_server = records: builtins.sort (a: b: a.record < b.record) (filter_records_a_server records); sort_records_a = records: builtins.sort (a: b: (ip_ptr_to_int a.value) < (ip_ptr_to_int b.value)) (filter_records_a records); sort_records_cname = records: builtins.sort (a: b: a.value < b.value) (filter_records_type records "CNAME"); sort_records_ptr = records: builtins.sort (a: b: (lib.strings.toInt a.record) < (lib.strings.toInt b.record)) (process_ptr (filter_records_type records "PTR")); sort_records_srv = records: builtins.sort (a: b: a.record < b.record) (filter_records_type records "SRV"); + # a tad overkill but type guarding is useful max = x: y: assert builtins.isInt x; assert builtins.isInt y; if x < y then y else x; + + # get teh max length of a list of strings max_len = records: lib.lists.foldr (a: b: (max a b)) 0 (lib.lists.forEach records (record: lib.strings.stringLength record.record)); + # now that we can get teh max lenth of a list of strings + # we can pad it out to the max len +1 + # this is so that teh generated file is easier for a human to read format_records = records: let offset = (max_len records) + 1; in lib.strings.concatMapStrings (x: "${padString x.record offset} IN ${padString x.r_type 5} ${x.value}\n") records; - # small function to trim it down a tad + # small function to add spaces until it reaches teh required length padString = text: length: fixedWidthString_post length " " text; # like lib.strings.fixedWidthString but postfix + # recursive function to extend a string up to a limit fixedWidthString_post = width: filler: str: let strw = lib.stringLength str; reqWidth = width - (lib.stringLength filler); in + # this is here because we were manually setting teh length, now max_len does that for us assert lib.assertMsg (strw <= width) "fixedWidthString_post: requested string length (${toString width}) must not be shorter than actual length (${toString strw})"; if strw == width then str else (fixedWidthString_post reqWidth filler str) + filler; # base config for domains we own (skynet.ie, csn.ul.ie, ulcompsoc.ie) + # ";" are comments in this file get_config_file = ( domain: records: '' $TTL 60 ; 1 minute @@ -97,7 +110,7 @@ ; ------------------------------------------ ; Server Names (A Records) ; ------------------------------------------ - ${format_records (sort_records_server records)} + ${format_records (sort_records_a_server records)} ; ------------------------------------------ ; A (non server names @@ -123,13 +136,11 @@ ; SRV ; ------------------------------------------ ${format_records (sort_records_srv records)} - - '' ); # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/4/html/reference_guide/s2-bind-configuration-zone-reverse - # config for our reverse dnspointers (not properly working) + # config for our reverse dns pointers (not properly working) get_config_file_rev = ( domain: '' $ORIGIN 64-64.99.1.193.in-addr.arpa. @@ -154,26 +165,26 @@ '' ); - # arrys of teh two nameservers - tmp1 = ["193.1.99.109"]; - tmp2 = ["193.1.99.120"]; + # arrays of teh two nameservers + nameserver_1 = ["193.1.99.109"]; + nameserver_2 = ["193.1.99.120"]; primaries = ( if cfg.server.primary then # primary servers have no primaries (ones they listen to) [] - else if builtins.elem cfg.server.ip tmp1 - then tmp2 - else tmp1 + else if builtins.elem cfg.server.ip nameserver_1 + then nameserver_2 + else nameserver_1 ); secondaries = ( if cfg.server.primary then - if builtins.elem cfg.server.ip tmp1 - then tmp2 - else tmp1 + if builtins.elem cfg.server.ip nameserver_1 + then nameserver_2 + else nameserver_1 else [] ); @@ -192,17 +203,19 @@ # The UNIX file mode bits mode = "0664"; + # content of the file text = text; }; }; - # (text.owned "csn.ul.ie") # standard function to create the etc file, pass in the text and domain and it makes it create_entry_etc = domain: type: let domain_records = lib.lists.filter (x: x.domain == domain) records; in + # this is the main type of record that most folks are used to if type == "owned" then create_entry_etc_sub domain (get_config_file domain domain_records) + # reverse lookups allow for using an IP to find domains pointing to it else if type == "reverse" then create_entry_etc_sub domain (get_config_file_rev domain) else {}; @@ -334,6 +347,7 @@ in { group = "named"; }; + # basic but ensure teh dns ports are open networking.firewall = { allowedTCPPorts = [53]; allowedUDPPorts = [53]; From 86efe11f8326bd90becd4d7275f81e5c7a3d0dc3 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 5 Oct 2024 12:41:25 +0100 Subject: [PATCH 594/826] fmt: formatting --- applications/dns/dns.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/applications/dns/dns.nix b/applications/dns/dns.nix index 1717a50..da8577f 100644 --- a/applications/dns/dns.nix +++ b/applications/dns/dns.nix @@ -61,11 +61,11 @@ if x < y then y else x; - + # get teh max length of a list of strings max_len = records: lib.lists.foldr (a: b: (max a b)) 0 (lib.lists.forEach records (record: lib.strings.stringLength record.record)); - # now that we can get teh max lenth of a list of strings + # Now that we can get teh max lenth of a list of strings # we can pad it out to the max len +1 # this is so that teh generated file is easier for a human to read format_records = records: let From 8e48b6147399d7b21784b88214055be0f99c97ed Mon Sep 17 00:00:00 2001 From: sysadm Date: Sun, 6 Oct 2024 20:09:08 +0000 Subject: [PATCH 595/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index a0dcd44..a48a56c 100644 --- a/flake.lock +++ b/flake.lock @@ -170,11 +170,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1727602550, - "narHash": "sha256-xTMWzYuM2ZoTRa30AYp+10dpbflvzlF9lBCOA8vxhdk=", + "lastModified": 1728245298, + "narHash": "sha256-8C7ORHibvDpBPzXCUg5wC8KJXgIjK62IVG3B0Ju+o1s=", "ref": "refs/heads/main", - "rev": "4af037f195249d5db2aafc612c562f790ad91f9a", - "revCount": 103, + "rev": "1d158667a577e1b008e99d99afa60608d33e7f94", + "revCount": 104, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From cd104570350afbb734ca90c80c4e028bcab7b936 Mon Sep 17 00:00:00 2001 From: sysadm Date: Mon, 7 Oct 2024 19:54:10 +0000 Subject: [PATCH 596/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index a48a56c..5daee23 100644 --- a/flake.lock +++ b/flake.lock @@ -170,11 +170,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1728245298, - "narHash": "sha256-8C7ORHibvDpBPzXCUg5wC8KJXgIjK62IVG3B0Ju+o1s=", + "lastModified": 1728330802, + "narHash": "sha256-Vx1IN4KkERt+au/ON/29K1OuxFq748ypbxqFJCLJMtk=", "ref": "refs/heads/main", - "rev": "1d158667a577e1b008e99d99afa60608d33e7f94", - "revCount": 104, + "rev": "4868914966b837a42dbd4465dfa281243ca6b216", + "revCount": 105, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From 2fc07e49aa2c07b1caccf5b8c118a7c7bc061035 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 9 Oct 2024 15:16:07 +0100 Subject: [PATCH 597/826] fix: disable gpg signing on forgejo --- applications/git/forgejo.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/applications/git/forgejo.nix b/applications/git/forgejo.nix index d0ff9ef..c7b3572 100644 --- a/applications/git/forgejo.nix +++ b/applications/git/forgejo.nix @@ -106,12 +106,12 @@ in { }; # Allow for signing off merge requests - "repository.signing" = { - SIGNING_KEY = "5B2DED0FE9F8627A"; - SIGNING_NAME = "Skynet"; - SIGNING_EMAIL = "forgejo@glados.skynet.ie"; - MERGES = "always"; - }; + # "repository.signing" = { + # SIGNING_KEY = "5B2DED0FE9F8627A"; + # SIGNING_NAME = "Skynet"; + # SIGNING_EMAIL = "forgejo@glados.skynet.ie"; + # MERGES = "always"; + # }; # Sending emails is completely optional # You can send a test email from the web UI at: From 87383ccaae7d6dffff2dba70d755ed4c52552ace Mon Sep 17 00:00:00 2001 From: sysadm Date: Wed, 9 Oct 2024 16:10:43 +0000 Subject: [PATCH 598/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 5daee23..7a02af4 100644 --- a/flake.lock +++ b/flake.lock @@ -170,11 +170,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1728330802, - "narHash": "sha256-Vx1IN4KkERt+au/ON/29K1OuxFq748ypbxqFJCLJMtk=", + "lastModified": 1728490019, + "narHash": "sha256-G7WWtku2ubuEGIzaQTZmSOYNbc8mX/+KLhpm6z9xD+k=", "ref": "refs/heads/main", - "rev": "4868914966b837a42dbd4465dfa281243ca6b216", - "revCount": 105, + "rev": "5c4394efd5de27755f09596d25396d78041cb8dd", + "revCount": 106, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From 74a3f11f9b38d1924191ee39f2704c4be88e5179 Mon Sep 17 00:00:00 2001 From: sysadm Date: Wed, 9 Oct 2024 16:51:49 +0000 Subject: [PATCH 599/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 7a02af4..55d696f 100644 --- a/flake.lock +++ b/flake.lock @@ -170,11 +170,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1728490019, - "narHash": "sha256-G7WWtku2ubuEGIzaQTZmSOYNbc8mX/+KLhpm6z9xD+k=", + "lastModified": 1728492673, + "narHash": "sha256-UtHjRQEojBuH7Kx/XaCYsrcSXgwfhOsPJpyvurf4P9A=", "ref": "refs/heads/main", - "rev": "5c4394efd5de27755f09596d25396d78041cb8dd", - "revCount": 106, + "rev": "4b01336503479806efefb84823f4d827f39bd50f", + "revCount": 107, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From c114f31d2e0bb978ffb3237b2a685b4702272b0e Mon Sep 17 00:00:00 2001 From: sysadm Date: Fri, 18 Oct 2024 22:27:21 +0000 Subject: [PATCH 600/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 55d696f..435d6d2 100644 --- a/flake.lock +++ b/flake.lock @@ -1195,11 +1195,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1727202084, - "narHash": "sha256-mjIqzAOPthSDG7/EvnUDdfZrWsiBmoKv8tl5Wmzd94A=", + "lastModified": 1729290386, + "narHash": "sha256-9A0f1RueEtf6+NhgqyJMLR6o0I2uYhSLPZM//oyz77w=", "ref": "refs/heads/main", - "rev": "ab0add44756d4992fc2b2da4eba163016ccb3d1c", - "revCount": 100, + "rev": "a32b3ced29cbd9cd26482222ce74ea725baf19ce", + "revCount": 112, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 50459f79823a893c14747761bc0dd32a6cd30077 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 1 Nov 2024 13:12:14 +0000 Subject: [PATCH 601/826] fix: solves i24-09-03_614 --- applications/nginx.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/applications/nginx.nix b/applications/nginx.nix index 254de6c..5970a20 100644 --- a/applications/nginx.nix +++ b/applications/nginx.nix @@ -9,8 +9,6 @@ recommendedGzipSettings = true; recommendedProxySettings = true; - statusPage = true; - # give Nginx access to our certs group = "acme"; }; From 5448662230eaf0a204031e40efaaff07c2829096 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 2 Nov 2024 11:14:41 +0000 Subject: [PATCH 602/826] fix: getattic working Seems to have been mainstreamed --- applications/nix_cache/nix_cache.nix | 4 +--- flake.nix | 1 - 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/applications/nix_cache/nix_cache.nix b/applications/nix_cache/nix_cache.nix index 4dcfdae..aead693 100644 --- a/applications/nix_cache/nix_cache.nix +++ b/applications/nix_cache/nix_cache.nix @@ -15,7 +15,6 @@ https://docs.attic.rs/introduction.html lib, config, pkgs, - inputs, ... }: with lib; let @@ -23,7 +22,6 @@ with lib; let cfg = config.services.skynet."${name}"; in { imports = [ - inputs.attic.nixosModules.atticd ]; options.services.skynet."${name}" = { @@ -53,7 +51,7 @@ in { enable = true; # Replace with absolute path to your credentials file - credentialsFile = "/etc/atticd.env"; + environmentFile = "/etc/atticd.env"; settings = { listen = "127.0.0.1:8080"; diff --git a/flake.nix b/flake.nix index 3669f39..150054a 100644 --- a/flake.nix +++ b/flake.nix @@ -27,7 +27,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; colmena.url = "github:zhaofengli/colmena"; - attic.url = "github:zhaofengli/attic"; # we host our own simple-nixos-mailserver = { From 8a85846c0d9f84584a18a8ac557424f09fe00c60 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 1 Nov 2024 13:44:50 +0000 Subject: [PATCH 603/826] feat: using the upstreamed bitwarden directory conenctor --- .../bitwarden-directory-connector-cli.nix | 324 ------------------ applications/bitwarden/bitwarden_sync.nix | 4 +- 2 files changed, 1 insertion(+), 327 deletions(-) delete mode 100644 applications/bitwarden/bitwarden-directory-connector-cli.nix diff --git a/applications/bitwarden/bitwarden-directory-connector-cli.nix b/applications/bitwarden/bitwarden-directory-connector-cli.nix deleted file mode 100644 index 85ed64f..0000000 --- a/applications/bitwarden/bitwarden-directory-connector-cli.nix +++ /dev/null @@ -1,324 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.services.bitwarden-directory-connector-cli; -in { - disabledModules = ["services/security/bitwarden-directory-connector-cli.nix"]; - - options.services.bitwarden-directory-connector-cli = { - enable = mkEnableOption "Bitwarden Directory Connector"; - - package = mkPackageOption pkgs "bitwarden-directory-connector-cli" {}; - - domain = mkOption { - type = types.str; - description = lib.mdDoc "The domain the Bitwarden/Vaultwarden is accessible on."; - example = "https://vaultwarden.example.com"; - }; - - user = mkOption { - type = types.str; - description = lib.mdDoc "User to run the program."; - default = "bwdc"; - }; - - interval = mkOption { - type = types.str; - default = "*:0,15,30,45"; - description = lib.mdDoc "The interval when to run the connector. This uses systemd's OnCalendar syntax."; - }; - - ldap = mkOption { - description = lib.mdDoc '' - Options to configure the LDAP connection. - If you used the desktop application to test the configuration you can find the settings by searching for `ldap` in `~/.config/Bitwarden\ Directory\ Connector/data.json`. - ''; - default = {}; - type = types.submodule ({ - config, - options, - ... - }: { - freeformType = types.attrsOf (pkgs.formats.json {}).type; - - config.finalJSON = builtins.toJSON (removeAttrs config (filter (x: x == "finalJSON" || ! options.${x}.isDefined or false) (attrNames options))); - - options = { - finalJSON = mkOption { - type = (pkgs.formats.json {}).type; - internal = true; - readOnly = true; - visible = false; - }; - - ssl = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Whether to use TLS."; - }; - startTls = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Whether to use STARTTLS."; - }; - - hostname = mkOption { - type = types.str; - description = lib.mdDoc "The host the LDAP is accessible on."; - example = "ldap.example.com"; - }; - - port = mkOption { - type = types.port; - default = 389; - description = lib.mdDoc "Port LDAP is accessible on."; - }; - - ad = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Whether the LDAP Server is an Active Directory."; - }; - - pagedSearch = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Whether the LDAP server paginates search results."; - }; - - rootPath = mkOption { - type = types.str; - description = lib.mdDoc "Root path for LDAP."; - example = "dc=example,dc=com"; - }; - - username = mkOption { - type = types.str; - description = lib.mdDoc "The user to authenticate as."; - example = "cn=admin,dc=example,dc=com"; - }; - }; - }); - }; - - sync = mkOption { - description = lib.mdDoc '' - Options to configure what gets synced. - If you used the desktop application to test the configuration you can find the settings by searching for `sync` in `~/.config/Bitwarden\ Directory\ Connector/data.json`. - ''; - default = {}; - type = types.submodule ({ - config, - options, - ... - }: { - freeformType = types.attrsOf (pkgs.formats.json {}).type; - - config.finalJSON = builtins.toJSON (removeAttrs config (filter (x: x == "finalJSON" || ! options.${x}.isDefined or false) (attrNames options))); - - options = { - finalJSON = mkOption { - type = (pkgs.formats.json {}).type; - internal = true; - readOnly = true; - visible = false; - }; - - removeDisabled = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc "Remove users from bitwarden groups if no longer in the ldap group."; - }; - - overwriteExisting = mkOption { - type = types.bool; - default = false; - description = - lib.mdDoc "Remove and re-add users/groups, See https://bitwarden.com/help/user-group-filters/#overwriting-syncs for more details."; - }; - - largeImport = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Enable if you are syncing more than 2000 users/groups."; - }; - - memberAttribute = mkOption { - type = types.str; - description = lib.mdDoc "Attribute that lists members in a LDAP group."; - example = "uniqueMember"; - }; - - creationDateAttribute = mkOption { - type = types.str; - description = lib.mdDoc "Attribute that lists a user's creation date."; - example = "whenCreated"; - }; - - useEmailPrefixSuffix = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "If a user has no email address, combine a username prefix with a suffix value to form an email."; - }; - emailPrefixAttribute = mkOption { - type = types.str; - description = lib.mdDoc "The attribute that contains the users username."; - example = "accountName"; - }; - emailSuffix = mkOption { - type = types.str; - description = lib.mdDoc "Suffix for the email, normally @example.com."; - example = "@example.com"; - }; - - users = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Sync users."; - }; - userPath = mkOption { - type = types.str; - description = lib.mdDoc "User directory, relative to root."; - default = "ou=users"; - }; - userObjectClass = mkOption { - type = types.str; - description = lib.mdDoc "Class that users must have."; - default = "inetOrgPerson"; - }; - userEmailAttribute = mkOption { - type = types.str; - description = lib.mdDoc "Attribute for a users email."; - default = "mail"; - }; - userFilter = mkOption { - type = types.str; - description = lib.mdDoc "LDAP filter for users."; - example = "(memberOf=cn=sales,ou=groups,dc=example,dc=com)"; - default = ""; - }; - - groups = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Whether to sync ldap groups into BitWarden."; - }; - groupPath = mkOption { - type = types.str; - description = lib.mdDoc "Group directory, relative to root."; - default = "ou=groups"; - }; - groupObjectClass = mkOption { - type = types.str; - description = lib.mdDoc "A class that groups will have."; - default = "groupOfNames"; - }; - groupNameAttribute = mkOption { - type = types.str; - description = lib.mdDoc "Attribute for a name of group."; - default = "cn"; - }; - groupFilter = mkOption { - type = types.str; - description = lib.mdDoc "LDAP filter for groups."; - example = "(cn=sales)"; - default = ""; - }; - }; - }); - }; - - secrets = { - ldap = mkOption { - type = types.str; - description = "Path to file that contains LDAP password for user in {option}`ldap.username"; - }; - - bitwarden = { - client_path_id = mkOption { - type = types.str; - description = "Path to file that contains Client ID."; - }; - client_path_secret = mkOption { - type = types.str; - description = "Path to file that contains Client Secret."; - }; - }; - }; - }; - - config = mkIf cfg.enable { - users.groups."${cfg.user}" = {}; - users.users."${cfg.user}" = { - isSystemUser = true; - group = cfg.user; - }; - - systemd = { - timers.bitwarden-directory-connector-cli = { - description = "Sync timer for Bitwarden Directory Connector"; - wantedBy = ["timers.target"]; - after = ["network-online.target"]; - timerConfig = { - OnCalendar = cfg.interval; - Unit = "bitwarden-directory-connector-cli.service"; - Persistent = true; - }; - }; - - services.bitwarden-directory-connector-cli = { - description = "Main process for Bitwarden Directory Connector"; - - environment = { - BITWARDENCLI_CONNECTOR_APPDATA_DIR = "/tmp"; - BITWARDENCLI_CONNECTOR_PLAINTEXT_SECRETS = "true"; - }; - - serviceConfig = { - Type = "oneshot"; - User = "${cfg.user}"; - PrivateTmp = true; - ExecStartPre = pkgs.writeShellScript "bitwarden_directory_connector-config" '' - set -eo pipefail - - # create the config file - ${lib.getExe cfg.package} data-file - touch /tmp/data.json.tmp - chmod 600 /tmp/data.json{,.tmp} - - ${lib.getExe cfg.package} config server ${cfg.domain} - - # now login to set credentials - export BW_CLIENTID="$(< ${escapeShellArg cfg.secrets.bitwarden.client_path_id})" - export BW_CLIENTSECRET="$(< ${escapeShellArg cfg.secrets.bitwarden.client_path_secret})" - ${lib.getExe cfg.package} login - - ${lib.getExe pkgs.jq} '.authenticatedAccounts[0] as $account - | .[$account].directoryConfigurations.ldap |= $ldap_data - | .[$account].directorySettings.organizationId |= $orgID - | .[$account].directorySettings.sync |= $sync_data' \ - --argjson ldap_data ${escapeShellArg cfg.ldap.finalJSON} \ - --arg orgID "''${BW_CLIENTID//organization.}" \ - --argjson sync_data ${escapeShellArg cfg.sync.finalJSON} \ - /tmp/data.json \ - > /tmp/data.json.tmp - - mv -f /tmp/data.json.tmp /tmp/data.json - - # final config - ${lib.getExe cfg.package} config directory 0 - ${lib.getExe cfg.package} config ldap.password --secretfile ${cfg.secrets.ldap} - ''; - - ExecStart = "${lib.getExe cfg.package} sync"; - }; - }; - }; - }; - - meta.maintainers = with maintainers; [Silver-Golden]; -} diff --git a/applications/bitwarden/bitwarden_sync.nix b/applications/bitwarden/bitwarden_sync.nix index 88104d0..db8b970 100644 --- a/applications/bitwarden/bitwarden_sync.nix +++ b/applications/bitwarden/bitwarden_sync.nix @@ -6,9 +6,7 @@ }: let user = "bwdc"; in { - imports = [ - ./bitwarden-directory-connector-cli.nix - ]; + imports = []; options = {}; From c648bded749c4a4b403d957554612f6acefcd565 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 1 Nov 2024 23:16:45 +0000 Subject: [PATCH 604/826] testing: to see if we can get a whiteboard working --- applications/nextcloud.nix | 31 ++++++++++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) diff --git a/applications/nextcloud.nix b/applications/nextcloud.nix index e31f67c..e1ca27e 100644 --- a/applications/nextcloud.nix +++ b/applications/nextcloud.nix @@ -45,6 +45,7 @@ in { services.skynet.acme.domains = [ domain "onlyoffice.${domain}" + "whiteboard.${domain}" ]; services.skynet.dns.records = [ @@ -58,13 +59,18 @@ in { r_type = "CNAME"; value = config.services.skynet.host.name; } + # { + # record = "whiteboard.${cfg.domain.sub}"; + # r_type = "CNAME"; + # value = config.services.skynet.host.name; + # } ]; # /var/lib/nextcloud/data services.nextcloud = { enable = true; - package = pkgs.nextcloud28; + package = pkgs.nextcloud30; hostName = domain; https = true; @@ -78,8 +84,8 @@ in { appstoreEnable = true; - extraApps = with config.services.nextcloud.package.packages.apps; { - inherit forms groupfolders maps notes onlyoffice polls; + extraApps = { + inherit (config.services.nextcloud.package.packages.apps) richdocuments; }; settings = { @@ -90,7 +96,18 @@ in { }; }; + # environment.etc."nextcloud-whiteboard-secret".text = '' + # JWT_SECRET_KEY=test123 + # ''; + # + # services.nextcloud-whiteboard-server = { + # enable = true; + # settings.NEXTCLOUD_URL = "https://nextcloud.skynet.ie"; + # secrets = ["/etc/nextcloud-whiteboard-secret"]; + # }; + nixpkgs.config.allowUnfree = true; + # impacted by https://github.com/NixOS /nixpkgs/issues/352443 services.onlyoffice = { enable = true; }; @@ -105,6 +122,14 @@ in { useACMEHost = "skynet"; locations."/".proxyPass = "http://127.0.0.1:8000"; }; + # "whiteboard.${domain}" = { + # forceSSL = true; + # useACMEHost = "skynet"; + # locations."/" = { + # proxyPass = "http://localhost:3002"; + # proxyWebsockets = true; + # }; + # }; }; }; } From 2c196ae87efbccd097b08d1af7d69df130e87776 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 2 Nov 2024 00:18:49 +0000 Subject: [PATCH 605/826] fix: disable the document writer untl its fixed --- applications/nextcloud.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/applications/nextcloud.nix b/applications/nextcloud.nix index e1ca27e..04f52fa 100644 --- a/applications/nextcloud.nix +++ b/applications/nextcloud.nix @@ -108,9 +108,9 @@ in { nixpkgs.config.allowUnfree = true; # impacted by https://github.com/NixOS /nixpkgs/issues/352443 - services.onlyoffice = { - enable = true; - }; + # services.onlyoffice = { + # enable = true; + # }; services.nginx.virtualHosts = { ${domain} = { From ff6af9916d8b0eea7aca1ea6750959d668ae4bc0 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 2 Nov 2024 11:38:15 +0000 Subject: [PATCH 606/826] fix: dont update lix yet, causes a pile of errors --- flake.lock | 335 +++++++++++++++++------------------------------------ 1 file changed, 105 insertions(+), 230 deletions(-) diff --git a/flake.lock b/flake.lock index 435d6d2..86104f8 100644 --- a/flake.lock +++ b/flake.lock @@ -47,7 +47,7 @@ "inputs": { "fenix": "fenix_2", "flakeCompat": "flakeCompat_2", - "nixpkgs": "nixpkgs_19" + "nixpkgs": "nixpkgs_18" }, "locked": { "lastModified": 1719514321, @@ -84,32 +84,10 @@ "type": "github" } }, - "attic": { - "inputs": { - "crane": "crane", - "flake-compat": "flake-compat", - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_3", - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1724086414, - "narHash": "sha256-jcY81r8PdMQ9dCGhT0YLZzxPj3kQJXyWCmvQLXbR1EI=", - "owner": "zhaofengli", - "repo": "attic", - "rev": "acf3c351f8de47c6857f31948ab253f9c7ce2a6f", - "type": "github" - }, - "original": { - "owner": "zhaofengli", - "repo": "attic", - "type": "github" - } - }, "bfom": { "inputs": { "naersk": "naersk", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_5", "utils": "utils" }, "locked": { @@ -144,9 +122,9 @@ }, "colmena": { "inputs": { - "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_4", + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_3", "stable": "stable" }, "locked": { @@ -166,7 +144,7 @@ "compsoc_public": { "inputs": { "bfom": "bfom", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_6", "utils": "utils_2" }, "locked": { @@ -183,27 +161,6 @@ "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" } }, - "crane": { - "inputs": { - "nixpkgs": [ - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722960479, - "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", - "owner": "ipetkov", - "repo": "crane", - "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, "darwin": { "inputs": { "nixpkgs": [ @@ -272,22 +229,6 @@ } }, "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { "flake": false, "locked": { "lastModified": 1650374568, @@ -303,7 +244,7 @@ "type": "github" } }, - "flake-compat_3": { + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1696426674, @@ -362,24 +303,6 @@ } }, "flake-utils": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { "locked": { "lastModified": 1659877975, "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", @@ -394,9 +317,9 @@ "type": "github" } }, - "flake-utils_3": { + "flake-utils_2": { "inputs": { - "systems": "systems_5" + "systems": "systems_4" }, "locked": { "lastModified": 1710146030, @@ -412,9 +335,9 @@ "type": "github" } }, - "flake-utils_4": { + "flake-utils_3": { "inputs": { - "systems": "systems_6" + "systems": "systems_5" }, "locked": { "lastModified": 1710146030, @@ -552,7 +475,7 @@ }, "lix-module": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_3", "flakey-profile": "flakey-profile", "lix": [ "lix" @@ -575,7 +498,7 @@ }, "naersk": { "inputs": { - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1713520724, @@ -593,7 +516,7 @@ }, "naersk_2": { "inputs": { - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1721727458, @@ -611,7 +534,7 @@ }, "naersk_3": { "inputs": { - "nixpkgs": "nixpkgs_11" + "nixpkgs": "nixpkgs_10" }, "locked": { "lastModified": 1686572087, @@ -658,38 +581,7 @@ "type": "indirect" } }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1720535198, - "narHash": "sha256-zwVvxrdIzralnSbcpghA92tWu2DV2lwv89xZc8MTrbg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "205fd4226592cc83fd4c0885a3e4c9c400efabb5", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_10": { - "locked": { - "lastModified": 1722995383, - "narHash": "sha256-UzuXo7ZM8ZK0SkWFhHocKkLSGQPHS4JxaE1jvVR4fUo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "957d95fc8b9bf1eb60d43f8d2eba352b71bbf2be", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-unstable", - "type": "indirect" - } - }, - "nixpkgs_11": { "locked": { "lastModified": 1687011986, "narHash": "sha256-ZNSi/wBw12d7LO8YcZ4aehIlPp4lgSkKbrHaoF80IKI=", @@ -703,7 +595,7 @@ "type": "indirect" } }, - "nixpkgs_12": { + "nixpkgs_11": { "locked": { "lastModified": 1686921029, "narHash": "sha256-J1bX9plPCFhTSh6E3TWn9XSxggBh/zDD4xigyaIQBy8=", @@ -718,7 +610,7 @@ "type": "indirect" } }, - "nixpkgs_13": { + "nixpkgs_12": { "locked": { "lastModified": 1687274257, "narHash": "sha256-TutzPriQcZ8FghDhEolnHcYU2oHIG5XWF+/SUBNnAOE=", @@ -732,7 +624,7 @@ "type": "indirect" } }, - "nixpkgs_14": { + "nixpkgs_13": { "locked": { "lastModified": 1724114134, "narHash": "sha256-V/w5MIQy4jTG/L7/V/AL2BF5gSEWCfxHVDQdzLBCV18=", @@ -746,7 +638,7 @@ "type": "indirect" } }, - "nixpkgs_15": { + "nixpkgs_14": { "locked": { "lastModified": 1690026219, "narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=", @@ -760,6 +652,20 @@ "type": "indirect" } }, + "nixpkgs_15": { + "locked": { + "lastModified": 1689935543, + "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e43e2448161c0a2c4928abec4e16eae1516571bc", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, "nixpkgs_16": { "locked": { "lastModified": 1689935543, @@ -775,20 +681,6 @@ } }, "nixpkgs_17": { - "locked": { - "lastModified": 1689935543, - "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e43e2448161c0a2c4928abec4e16eae1516571bc", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_18": { "locked": { "lastModified": 1695978539, "narHash": "sha256-lta5HToBZMWZ2hl5CautNSUgIZViR41QxN7JKbMAjgQ=", @@ -802,7 +694,7 @@ "type": "indirect" } }, - "nixpkgs_19": { + "nixpkgs_18": { "locked": { "lastModified": 1668226844, "narHash": "sha256-G/S4FBWDAqHeBS/hfXwUCJbnaKnrQFoeeKwzvZEOgxM=", @@ -818,6 +710,20 @@ "type": "github" } }, + "nixpkgs_19": { + "locked": { + "lastModified": 1724395761, + "narHash": "sha256-zRkDV/nbrnp3Y8oCADf5ETl1sDrdmAW6/bBVJ8EbIdQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ae815cee91b417be55d43781eb4b73ae1ecc396c", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1722630782, @@ -834,37 +740,7 @@ "type": "github" } }, - "nixpkgs_20": { - "locked": { - "lastModified": 1724395761, - "narHash": "sha256-zRkDV/nbrnp3Y8oCADf5ETl1sDrdmAW6/bBVJ8EbIdQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ae815cee91b417be55d43781eb4b73ae1ecc396c", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, "nixpkgs_3": { - "locked": { - "lastModified": 1723827930, - "narHash": "sha256-EU+W5F6y2CVNxGrGIMpY7nSVYq72WRChYxF4zpjx0y4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d4a7a4d0e066278bfb0d77bd2a7adde1c0ec9e3d", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { "locked": { "lastModified": 1696019113, "narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=", @@ -880,6 +756,20 @@ "type": "github" } }, + "nixpkgs_4": { + "locked": { + "lastModified": 1714091391, + "narHash": "sha256-68n3GBvlm1MIeJXadPzQ3v8Y9sIW3zmv8gI5w5sliC8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4c86138ce486d601d956a165e2f7a0fc029a03c1", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, "nixpkgs_5": { "locked": { "lastModified": 1714091391, @@ -895,20 +785,6 @@ } }, "nixpkgs_6": { - "locked": { - "lastModified": 1714091391, - "narHash": "sha256-68n3GBvlm1MIeJXadPzQ3v8Y9sIW3zmv8gI5w5sliC8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "4c86138ce486d601d956a165e2f7a0fc029a03c1", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_7": { "locked": { "lastModified": 1715413075, "narHash": "sha256-FCi3R1MeS5bVp0M0xTheveP6hhcCYfW/aghSTPebYL4=", @@ -922,13 +798,13 @@ "type": "indirect" } }, - "nixpkgs_8": { + "nixpkgs_7": { "locked": { - "lastModified": 1723991338, - "narHash": "sha256-Grh5PF0+gootJfOJFenTTxDTYPidA3V28dqJ/WV7iis=", + "lastModified": 1730200266, + "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8a3354191c0d7144db9756a74755672387b702ba", + "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", "type": "github" }, "original": { @@ -937,7 +813,7 @@ "type": "indirect" } }, - "nixpkgs_9": { + "nixpkgs_8": { "locked": { "lastModified": 1723151389, "narHash": "sha256-9AVY0ReCmSGXHrlx78+1RrqcDgVSRhHUKDVV1LLBy28=", @@ -951,18 +827,32 @@ "type": "indirect" } }, + "nixpkgs_9": { + "locked": { + "lastModified": 1722995383, + "narHash": "sha256-UzuXo7ZM8ZK0SkWFhHocKkLSGQPHS4JxaE1jvVR4fUo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "957d95fc8b9bf1eb60d43f8d2eba352b71bbf2be", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, "root": { "inputs": { "agenix": "agenix", "alejandra": "alejandra", "arion": "arion", - "attic": "attic", "colmena": "colmena", "compsoc_public": "compsoc_public", - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "lix": "lix", "lix-module": "lix-module", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_7", "simple-nixos-mailserver": "simple-nixos-mailserver", "skynet_discord_bot": "skynet_discord_bot", "skynet_ldap_backend": "skynet_ldap_backend", @@ -1012,7 +902,7 @@ "simple-nixos-mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_2", "nixpkgs": [ "nixpkgs" ], @@ -1035,7 +925,7 @@ "skynet_discord_bot": { "inputs": { "naersk": "naersk_2", - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_9", "utils": "utils_3" }, "locked": { @@ -1055,7 +945,7 @@ "skynet_ldap_backend": { "inputs": { "naersk": "naersk_3", - "nixpkgs": "nixpkgs_12", + "nixpkgs": "nixpkgs_11", "utils": "utils_4" }, "locked": { @@ -1074,7 +964,7 @@ }, "skynet_ldap_frontend": { "inputs": { - "nixpkgs": "nixpkgs_13", + "nixpkgs": "nixpkgs_12", "utils": "utils_5" }, "locked": { @@ -1093,7 +983,7 @@ }, "skynet_website": { "inputs": { - "nixpkgs": "nixpkgs_14", + "nixpkgs": "nixpkgs_13", "utils": "utils_6" }, "locked": { @@ -1112,7 +1002,7 @@ }, "skynet_website_2009": { "inputs": { - "nixpkgs": "nixpkgs_15", + "nixpkgs": "nixpkgs_14", "utils": "utils_7" }, "locked": { @@ -1131,7 +1021,7 @@ }, "skynet_website_2017": { "inputs": { - "nixpkgs": "nixpkgs_16", + "nixpkgs": "nixpkgs_15", "utils": "utils_8" }, "locked": { @@ -1151,7 +1041,7 @@ }, "skynet_website_2023": { "inputs": { - "nixpkgs": "nixpkgs_17", + "nixpkgs": "nixpkgs_16", "utils": "utils_9" }, "locked": { @@ -1171,7 +1061,7 @@ }, "skynet_website_games": { "inputs": { - "nixpkgs": "nixpkgs_18", + "nixpkgs": "nixpkgs_17", "utils": "utils_10" }, "locked": { @@ -1191,7 +1081,7 @@ "skynet_website_wiki": { "inputs": { "alejandra": "alejandra_2", - "nixpkgs": "nixpkgs_20", + "nixpkgs": "nixpkgs_19", "utils": "utils_11" }, "locked": { @@ -1314,21 +1204,6 @@ "type": "github" } }, - "systems_15": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -1451,7 +1326,7 @@ }, "utils": { "inputs": { - "systems": "systems_3" + "systems": "systems_2" }, "locked": { "lastModified": 1710146030, @@ -1469,7 +1344,7 @@ }, "utils_10": { "inputs": { - "systems": "systems_14" + "systems": "systems_13" }, "locked": { "lastModified": 1694529238, @@ -1487,7 +1362,7 @@ }, "utils_11": { "inputs": { - "systems": "systems_15" + "systems": "systems_14" }, "locked": { "lastModified": 1710146030, @@ -1505,7 +1380,7 @@ }, "utils_2": { "inputs": { - "systems": "systems_4" + "systems": "systems_3" }, "locked": { "lastModified": 1710146030, @@ -1523,7 +1398,7 @@ }, "utils_3": { "inputs": { - "systems": "systems_7" + "systems": "systems_6" }, "locked": { "lastModified": 1710146030, @@ -1541,7 +1416,7 @@ }, "utils_4": { "inputs": { - "systems": "systems_8" + "systems": "systems_7" }, "locked": { "lastModified": 1685518550, @@ -1559,7 +1434,7 @@ }, "utils_5": { "inputs": { - "systems": "systems_9" + "systems": "systems_8" }, "locked": { "lastModified": 1687171271, @@ -1577,7 +1452,7 @@ }, "utils_6": { "inputs": { - "systems": "systems_10" + "systems": "systems_9" }, "locked": { "lastModified": 1710146030, @@ -1595,7 +1470,7 @@ }, "utils_7": { "inputs": { - "systems": "systems_11" + "systems": "systems_10" }, "locked": { "lastModified": 1689068808, @@ -1613,7 +1488,7 @@ }, "utils_8": { "inputs": { - "systems": "systems_12" + "systems": "systems_11" }, "locked": { "lastModified": 1689068808, @@ -1631,7 +1506,7 @@ }, "utils_9": { "inputs": { - "systems": "systems_13" + "systems": "systems_12" }, "locked": { "lastModified": 1689068808, From 6d4160fe65ade285d7a869a1679c1d10bfea1d22 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 2 Nov 2024 14:19:39 +0000 Subject: [PATCH 607/826] fix: bump everythign after all --- flake.lock | 98 +++++++++++++++++++++++++++--------------------------- 1 file changed, 49 insertions(+), 49 deletions(-) diff --git a/flake.lock b/flake.lock index 86104f8..3de006b 100644 --- a/flake.lock +++ b/flake.lock @@ -71,11 +71,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1722825873, - "narHash": "sha256-bFNXkD+s9NuidZePiJAjjFUnsMOwXb7hEZ4JEDdSALw=", + "lastModified": 1729444465, + "narHash": "sha256-+lCi3cQlFNGAGKaVeUNhTeR40zvMy9JX4hp1JA0dLwE=", "owner": "hercules-ci", "repo": "arion", - "rev": "90bc85532767c785245f5c1e29ebfecb941cf8c9", + "rev": "94d092fffd5cfd4f09b8988aca1b857a9d37c4d6", "type": "github" }, "original": { @@ -128,11 +128,11 @@ "stable": "stable" }, "locked": { - "lastModified": 1711386353, - "narHash": "sha256-gWEpb8Hybnoqb4O4tmpohGZk6+aerAbJpywKcFIiMlg=", + "lastModified": 1728263678, + "narHash": "sha256-gyUVsPAWY9AgVKjrNPoowrIr5BvK4gI0UkDXvv8iSxA=", "owner": "zhaofengli", "repo": "colmena", - "rev": "cd65ef7a25cdc75052fbd04b120aeb066c3881db", + "rev": "b0a62f234fae02a006123e661ff70e62af16106b", "type": "github" }, "original": { @@ -192,11 +192,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1657607339, - "narHash": "sha256-HaqoAwlbVVZH2n4P3jN2FFPMpVuhxDy1poNOR7kzODc=", + "lastModified": 1668234453, + "narHash": "sha256-FmuZThToBvRsqCauYJ3l8HJoGLAY5cMULeYEKIaGrRw=", "owner": "nix-community", "repo": "fenix", - "rev": "b814c83d9e6aa5a28d0cf356ecfdafb2505ad37d", + "rev": "8f219f6b36e8d0d56afa7f67e6e3df63ef013cdb", "type": "github" }, "original": { @@ -322,11 +322,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { @@ -340,11 +340,11 @@ "systems": "systems_5" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { @@ -462,11 +462,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1724624492, - "narHash": "sha256-J3COggDipocT+ozSxz96GuwSyMrT5+Xa2fGfxaIShqw=", - "rev": "b6884388a1281d70bb4e5bb12e1cadd34bb832f0", + "lastModified": 1730433081, + "narHash": "sha256-1oqkMcFQyAqCvqkjG9K3NaRLyB1qkXXiZoxe4rwM6ag=", + "rev": "834450e237b82230934b5d25ed212b5a55938cc5", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/b6884388a1281d70bb4e5bb12e1cadd34bb832f0.tar.gz?rev=b6884388a1281d70bb4e5bb12e1cadd34bb832f0" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/834450e237b82230934b5d25ed212b5a55938cc5.tar.gz?rev=834450e237b82230934b5d25ed212b5a55938cc5" }, "original": { "type": "tarball", @@ -485,11 +485,11 @@ ] }, "locked": { - "lastModified": 1723511483, - "narHash": "sha256-rT/OkVXKkns2YvyF1nFvl+8Gc3sld1c1sXPtGkbqaDY=", - "rev": "cecf70b77539c1a593f60ec9d0305b5e537ab6a9", + "lastModified": 1727752861, + "narHash": "sha256-jowmo2aEzrEpPSM96IWtajuogdJm7DjAWxFTEb7Ct0s=", + "rev": "fd186f535a4ac7ae35d98c1dd5d79f0a81b7976d", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cecf70b77539c1a593f60ec9d0305b5e537ab6a9.tar.gz?rev=cecf70b77539c1a593f60ec9d0305b5e537ab6a9" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/fd186f535a4ac7ae35d98c1dd5d79f0a81b7976d.tar.gz?rev=fd186f535a4ac7ae35d98c1dd5d79f0a81b7976d" }, "original": { "type": "tarball", @@ -742,11 +742,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1696019113, - "narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=", + "lastModified": 1725103162, + "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a", + "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", "type": "github" }, "original": { @@ -868,11 +868,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1657557289, - "narHash": "sha256-PRW+nUwuqNTRAEa83SfX+7g+g8nQ+2MMbasQ9nt6+UM=", + "lastModified": 1668182250, + "narHash": "sha256-PYGaOCiFvnJdVz+ZCaKF8geGdffXjJUNcMwaBHv0FT4=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "caf23f29144b371035b864a1017dbc32573ad56d", + "rev": "45ec315e01dc8dd1146dfeb65f0ef6e5c2efed78", "type": "github" }, "original": { @@ -949,11 +949,11 @@ "utils": "utils_4" }, "locked": { - "lastModified": 1723234129, - "narHash": "sha256-tfsT9VYV3YgFRUKbjFyV4o1kVJHcUY87kh2vcu6jAkU=", + "lastModified": 1727122069, + "narHash": "sha256-Dr8CxlBbw5vKL2sH0QiJPWIxKX7KFxg+pdPWSKqJ9FY=", "ref": "refs/heads/main", - "rev": "5f6a086e808b811095e36875fb656864cf11c5f5", - "revCount": 232, + "rev": "aa0cfc017d3b70457c9fc34cbb296351aa5373f9", + "revCount": 233, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/ldap_backend" }, @@ -968,11 +968,11 @@ "utils": "utils_5" }, "locked": { - "lastModified": 1723234619, - "narHash": "sha256-6a0sJkhabJOxCEdGz3moKeQjYfqV9Bqa8Q0byPipPQo=", + "lastModified": 1727122070, + "narHash": "sha256-X6g3kBASjv8NZxea2cdkBQ9YAIZdPWdAButM+LjeYm0=", "ref": "refs/heads/main", - "rev": "71f5928c66a43e788a9a00b90a1326c1bb82ffd2", - "revCount": 228, + "rev": "e09818ca6b27bf98cf63c3427a7253309c39a816", + "revCount": 229, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/ldap_frontend" }, @@ -987,11 +987,11 @@ "utils": "utils_6" }, "locked": { - "lastModified": 1724210543, - "narHash": "sha256-JLt77gajtOPwM20m86Kh2JkWuOq1+kmHr+98UMzbjAY=", + "lastModified": 1727122068, + "narHash": "sha256-C+PD6NveB9tascXQ84rekqlDkSNwe1mFhzZXqVlNvuQ=", "ref": "refs/heads/main", - "rev": "0af67c9ece40fb683238093d857d96aae2414522", - "revCount": 27, + "rev": "d6b13f9c6e0a09346e0e210aa1733a7258e13763", + "revCount": 28, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2017" }, @@ -1006,11 +1006,11 @@ "utils": "utils_7" }, "locked": { - "lastModified": 1724198445, - "narHash": "sha256-7cN70t/qqmUsShNhIbOSSMToiCRGhEhwZayN2n93KrA=", + "lastModified": 1727122067, + "narHash": "sha256-AAj5tmfT8IuAvgcMjlIjf5CD1LNC/gDCvFRt1NAedPw=", "ref": "refs/heads/main", - "rev": "3aa4568ae82846a9d365fc464dfc523be07e7ac3", - "revCount": 14, + "rev": "a9f125fb750f33747d28271bef3b3425563096a0", + "revCount": 15, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2009" }, @@ -1100,16 +1100,16 @@ }, "stable": { "locked": { - "lastModified": 1696039360, - "narHash": "sha256-g7nIUV4uq1TOVeVIDEZLb005suTWCUjSY0zYOlSBsyE=", + "lastModified": 1724316499, + "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "32dcb45f66c0487e92db8303a798ebc548cadedc", + "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.05", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } From 59855b06e3450b370eb26e26e95adf2dec0cea3c Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 2 Nov 2024 14:50:03 +0000 Subject: [PATCH 608/826] ci: make verbose to see what is running on it --- .forgejo/workflows/deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml index cb535fd..ac25612 100644 --- a/.forgejo/workflows/deploy.yaml +++ b/.forgejo/workflows/deploy.yaml @@ -29,7 +29,7 @@ jobs: runs-on: nix steps: - uses: actions/checkout@v4 - - run: nix develop + - run: nix develop -v # - name: Archive Test Results # if: always() # run: sleep 100m From 45e9d60967ef7224e67a62c77ed11811d009436e Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 2 Nov 2024 15:27:34 +0000 Subject: [PATCH 609/826] ci: test only building develop --- .forgejo/workflows/deploy.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml index ac25612..0d0e32f 100644 --- a/.forgejo/workflows/deploy.yaml +++ b/.forgejo/workflows/deploy.yaml @@ -33,11 +33,11 @@ jobs: # - name: Archive Test Results # if: always() # run: sleep 100m - - run: colmena build -v --on @active-dns - - run: colmena build -v --on @active-core - - run: colmena build -v --on @active - - run: colmena build -v --on @active-ext - - run: colmena build -v --on @active-gitlab +# - run: colmena build -v --on @active-dns +# - run: colmena build -v --on @active-core +# - run: colmena build -v --on @active +# - run: colmena build -v --on @active-ext +# - run: colmena build -v --on @active-gitlab deploy_dns: runs-on: nix From 50fc67917268aacce1e177aadab4e02b1e4d2e0b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 2 Nov 2024 17:09:11 +0000 Subject: [PATCH 610/826] cleanup: gettign rid of the gitlab runner config --- applications/git/gitlab_runner.nix | 123 ----------------------------- machines/wheatly.nix | 7 -- 2 files changed, 130 deletions(-) delete mode 100644 applications/git/gitlab_runner.nix diff --git a/applications/git/gitlab_runner.nix b/applications/git/gitlab_runner.nix deleted file mode 100644 index f5041bf..0000000 --- a/applications/git/gitlab_runner.nix +++ /dev/null @@ -1,123 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -with lib; let - name = "gitlab_runner"; - cfg = config.services.skynet."${name}"; -in { - imports = [ - ]; - - options.services.skynet."${name}" = { - enable = mkEnableOption "Skynet Gitlab Runner"; - - runner = { - name = mkOption { - type = types.str; - }; - - gitlab = mkOption { - default = "https://gitlab.skynet.ie"; - type = types.str; - }; - - description = mkOption { - default = cfg.runner.name; - type = types.str; - }; - - docker = { - image = mkOption { - default = "alpine:latest"; - type = types.str; - }; - - cleanup_dates = mkOption { - # https://man.archlinux.org/man/systemd.time.7#CALENDAR_EVENTS - # it will use a lot of storage so clear it daily, may change to hourly if required - default = "daily"; - type = types.str; - }; - }; - }; - }; - - config = mkIf cfg.enable { - # https://search.nixos.org/options?from=0&size=50&sort=alpha_desc&type=packages&query=services.gitlab-runner. - environment.systemPackages = [ - pkgs.gitlab-runner - ]; - - age.secrets.runner_01_nix.file = ../../secrets/gitlab/runners/runner01.age; - age.secrets.runner_02_general.file = ../../secrets/gitlab/runners/runner02.age; - - boot.kernel.sysctl."net.ipv4.ip_forward" = true; # 1 - virtualisation.docker.enable = true; - - # taken from https://github.com/NixOS/nixpkgs/issues/245365#issuecomment-1663854128 - virtualisation.docker.listenOptions = ["/run/docker.sock" "127.0.0.1:2375"]; - - services.gitlab-runner = { - enable = true; - - # clear-docker-cache = { - # enable = true; - # dates = cfg.runner.docker.cleanup_dates; - # }; - - services = { - # might make a function later to have multiple runners, might never need it though - runner_nix = { - cloneUrl = cfg.runner.gitlab; - description = "For Nix only"; - registrationFlags = ["--docker-host" "tcp://127.0.0.1:2375"]; - registrationConfigFile = config.age.secrets.runner_01_nix.path; - dockerImage = cfg.runner.docker.image; - - # from https://nixos.wiki/wiki/Gitlab_runner - dockerVolumes = [ - "/nix/store:/nix/store:ro" - "/nix/var/nix/db:/nix/var/nix/db:ro" - "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro" - ]; - dockerDisableCache = true; - preBuildScript = pkgs.writeScript "setup-container" '' - mkdir -p -m 0755 /nix/var/log/nix/drvs - mkdir -p -m 0755 /nix/var/nix/gcroots - mkdir -p -m 0755 /nix/var/nix/profiles - mkdir -p -m 0755 /nix/var/nix/temproots - mkdir -p -m 0755 /nix/var/nix/userpool - mkdir -p -m 1777 /nix/var/nix/gcroots/per-user - mkdir -p -m 1777 /nix/var/nix/profiles/per-user - mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root - mkdir -p -m 0700 "$HOME/.nix-defexpr" - . ${pkgs.nix}/etc/profile.d/nix-daemon.sh - ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixos-unstable nixpkgs - ${pkgs.nix}/bin/nix-channel --update nixpkgs - ${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [lix cacert git openssh])} - nix --version - ''; - environmentVariables = { - ENV = "/etc/profile"; - USER = "root"; - NIX_REMOTE = "daemon"; - PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin"; - NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"; - }; - tagList = ["nix"]; - }; - - runner_general = { - cloneUrl = cfg.runner.gitlab; - description = "General Runner"; - registrationFlags = ["--docker-host" "tcp://127.0.0.1:2375"]; - registrationConfigFile = config.age.secrets.runner_02_general.path; - dockerImage = cfg.runner.docker.image; - }; - }; - }; - }; -} diff --git a/machines/wheatly.nix b/machines/wheatly.nix index a2cab80..cbd6d4f 100644 --- a/machines/wheatly.nix +++ b/machines/wheatly.nix @@ -25,7 +25,6 @@ Notes: }; in { imports = [ - # ../applications/git/gitlab_runner.nix ../applications/git/forgejo_runner.nix ]; @@ -40,12 +39,6 @@ in { services.skynet = { host = host; backup.enable = true; - - # gitlab_runner = { - # enable = true; - # runner.name = "runner01"; - # }; - forgejo_runner.enable = true; }; } From be75fcb2961bffcf2f956a67cf0546d31051d779 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 2 Nov 2024 17:09:45 +0000 Subject: [PATCH 611/826] fix: stop using teh bleeding edge lix --- flake.lock | 27 +++++++++++---------------- flake.nix | 8 +------- 2 files changed, 12 insertions(+), 23 deletions(-) diff --git a/flake.lock b/flake.lock index 3de006b..0026c38 100644 --- a/flake.lock +++ b/flake.lock @@ -462,38 +462,36 @@ "lix": { "flake": false, "locked": { - "lastModified": 1730433081, - "narHash": "sha256-1oqkMcFQyAqCvqkjG9K3NaRLyB1qkXXiZoxe4rwM6ag=", - "rev": "834450e237b82230934b5d25ed212b5a55938cc5", + "lastModified": 1729298361, + "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=", + "rev": "ad9d06f7838a25beec425ff406fe68721fef73be", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/834450e237b82230934b5d25ed212b5a55938cc5.tar.gz?rev=834450e237b82230934b5d25ed212b5a55938cc5" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz" } }, "lix-module": { "inputs": { "flake-utils": "flake-utils_3", "flakey-profile": "flakey-profile", - "lix": [ - "lix" - ], + "lix": "lix", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1727752861, - "narHash": "sha256-jowmo2aEzrEpPSM96IWtajuogdJm7DjAWxFTEb7Ct0s=", - "rev": "fd186f535a4ac7ae35d98c1dd5d79f0a81b7976d", + "lastModified": 1729360442, + "narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=", + "rev": "9098ac95768f7006d7e070b88bae76939f6034e6", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/fd186f535a4ac7ae35d98c1dd5d79f0a81b7976d.tar.gz?rev=fd186f535a4ac7ae35d98c1dd5d79f0a81b7976d" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/9098ac95768f7006d7e070b88bae76939f6034e6.tar.gz?rev=9098ac95768f7006d7e070b88bae76939f6034e6" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz" } }, "naersk": { @@ -850,7 +848,6 @@ "colmena": "colmena", "compsoc_public": "compsoc_public", "flake-utils": "flake-utils_2", - "lix": "lix", "lix-module": "lix-module", "nixpkgs": "nixpkgs_7", "simple-nixos-mailserver": "simple-nixos-mailserver", @@ -1027,7 +1024,6 @@ "locked": { "lastModified": 1689960297, "narHash": "sha256-+43nNv4RSQMXMRGdN8xVKYs2B13w5FJtefuykYcpywM=", - "ref": "refs/heads/main", "rev": "edd922c5b13fa1f520e8e265a3d6e4e189852b99", "revCount": 6, "type": "git", @@ -1047,7 +1043,6 @@ "locked": { "lastModified": 1696876711, "narHash": "sha256-WdZQBLTX6WK8iT7FwvD6sNEefGwtAWmzxZzCvvmDxGo=", - "ref": "refs/heads/main", "rev": "c4d61c753292bf73ed41b47b1607cfc92a82a191", "revCount": 12, "type": "git", diff --git a/flake.nix b/flake.nix index 150054a..e600e63 100644 --- a/flake.nix +++ b/flake.nix @@ -7,15 +7,9 @@ # Return to using unstable once the current master is merged in # nixpkgs.url = "nixpkgs/nixos-unstable"; - lix = { - url = "https://git.lix.systems/lix-project/lix/archive/main.tar.gz"; - flake = false; - }; - lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; - inputs.lix.follows = "lix"; }; # utility stuff From 97a062180eac6fdbdff2fd88c5a327f3edae23e4 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 2 Nov 2024 17:10:09 +0000 Subject: [PATCH 612/826] ci: make lix available in builds --- applications/git/forgejo_runner.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/git/forgejo_runner.nix b/applications/git/forgejo_runner.nix index f1903ff..29029cb 100644 --- a/applications/git/forgejo_runner.nix +++ b/applications/git/forgejo_runner.nix @@ -149,7 +149,7 @@ in { # used in deployments inputs.colmena.defaultPackage."x86_64-linux" attic-client - nix + lix openssh sudo ]; From 6d2a13cf0362e389c095c5a285f307b08690e407 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 2 Nov 2024 17:10:25 +0000 Subject: [PATCH 613/826] feat: rebuilt wheatly --- secrets/backup/restic.age | Bin 2760 -> 2760 bytes secrets/backup/restic_pw.age | Bin 1047 -> 1047 bytes secrets/bitwarden/details.age | Bin 1155 -> 1155 bytes secrets/bitwarden/id.age | Bin 1031 -> 1031 bytes secrets/bitwarden/secret.age | Bin 1012 -> 1012 bytes secrets/discord/token.age | 37 ++++++++++++++-------------- secrets/dns_certs.secret.age | Bin 2814 -> 2814 bytes secrets/dns_dnskeys.conf.age | Bin 1204 -> 1204 bytes secrets/email/details.age | Bin 1419 -> 1419 bytes secrets/forgejo/runners/ssh.age | Bin 1381 -> 1381 bytes secrets/forgejo/runners/token.age | 37 ++++++++++++++-------------- secrets/gitlab/db_pw.age | Bin 1111 -> 1111 bytes secrets/gitlab/ldap_pw.age | Bin 1110 -> 1110 bytes secrets/gitlab/pw.age | 37 ++++++++++++++-------------- secrets/gitlab/runners/runner01.age | Bin 1065 -> 1065 bytes secrets/gitlab/runners/runner02.age | Bin 1065 -> 1065 bytes secrets/gitlab/secrets_db.age | Bin 1111 -> 1111 bytes secrets/gitlab/secrets_jws.age | Bin 2660 -> 2660 bytes secrets/gitlab/secrets_otp.age | Bin 1110 -> 1110 bytes secrets/gitlab/secrets_secret.age | Bin 1110 -> 1110 bytes secrets/grafana/pw.age | 36 +++++++++++++-------------- secrets/ldap/details.age | Bin 1637 -> 1636 bytes secrets/ldap/pw.age | Bin 1440 -> 1440 bytes secrets/nextcloud/pw.age | Bin 1024 -> 1024 bytes secrets/secrets.nix | 2 +- secrets/stream_ulfm.age | Bin 3194 -> 3194 bytes secrets/wolves/details.age | Bin 1461 -> 1461 bytes 27 files changed, 75 insertions(+), 74 deletions(-) diff --git a/secrets/backup/restic.age b/secrets/backup/restic.age index d2ecfde1f0860b56493f2088995f2848760fee21..0d7ffd893554e33043e6def7db1ec95c520042e5 100644 GIT binary patch literal 2760 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5tlv^~&@x z4-5~_sxVLY$gD^;NY71lGS*Hl^Knk8Ofz;(4K6P+_153=T8M zC@f4h%8Dp2ta5h@^3D(QF!U&_C^t5=bkWY!PDi)RB%mrPKV6|Bvaq0_B-f(E-Q6$8 zP~Y9jH`6WEv7*=@(LBpF!pS8$+&|Yd$k5Y2JejK~z%wVOD6*(HFC)r3w=~Syu+-Qh zOh3$|s?t0w&#~0J(8Vve!Z^gJ)Dhjb6i0)ypmc@QBLA|WD4!G;<0K2WsaAZI_HP|F-QqjWBF?*gMB{S5!WGViKvUoST^udGs&R1eQ!|6C(q zqXK=;bSDd=l)P}~qEK|(O#M5kNjx=>LE>H6^@^myvD#+I^H1*9hE-nc1HLxhH2zAK_G79j_ z&Wy^=4JqcTC^W6i_i_tNFHejxEj294%{C5=tTK$O$fz>62+uY*NpmlBip(o_GQseh zcUX}{QMp2}V`XS!iix&~zCl!2h`x!DL2yNBnP+ZbW^qnbNwK+WrnY5XnR94JPBvFi zvP+O@d9G7vmVv3UyLmuqj=yVxer8U9wsC<+UXEFiQB;0uSWb`WJayM3q*0 zrj=BlSv0~dYAV*ecd%AoQzzcP!Q67xhC&m!$$6E3g7WFIr_0#82^r@)Ltql%>b zDuYmWKiAB#^l-P(s*+&Gs1oyFbC)a&jCk`a$??;7R4{c+P7f_L4oSkb1y9MF3z+} z_jd}*2nhDdEAb6AHFb5v@LQQtq=BWQLY{A^lUb&hMOsdNRb-`^kwsRSuTxNPwrgmi zYl%@tl4-7AzG+xMa-q8`SAMZiSdMXdSXFqkNnW^%VOD`@vS+z@NlIaWk$Hxtn?bRK zrIB%Zfw>EYZ4tpmj%MWw`Xw%I1*Ha6sTLkpj{X%XUMWRM=6)__i4_@@LFtYqIhkgq zzS$NfB{_jyseZX3j*jMGk-i2=h5-fIWzJQ>RmLeE1?EMiNk&1r9;KmqmboRlsjdd- zIlv{XDmXJ;AuPz*%sjio*{>qmEzHZHBrqjEJ-whLGs!G0Bq=L3!oo1HxH36cKPShP ztHj*U**(9?)w#^c!@xT?GEh6)$=EZ(Bso0FJT*HsA|xl!y)wDXEIii}-L}%GDktM~ zh0M^PluXMI{S?#OWP?NtzcOQ!yc~~$qB27d-^2*FK$i%w%s`_=kFbb9uEM4ZEPsR0%2ZG1O7E;9$JAg9+nfviL)-%u^ovZh+>?Ei zBYcg5!p#$XjE(csLLwuB%+1q0{r$8}@+zE4OT9}o%PL*DiXxq|^UG6>vx_QB0{lH4 zT`jzQsysq{-8_7~Bg*~Cv`tLXolG*)%nLAbw`Y~3Z=s_?q?wC$Mw)4cp^vMjMSgC1 zUao7XcCdxHo1<50YH(?3iLZsZp|*jOerPgRQHZ&xSH5$aTZVI9Xr`sMufAiBlbdmF zhJ`_5aCnf5XL^1`QAS#BX|4%+NO~k0WEKP}R0JD%n1mXZ1~_Ns=DQfVyZIKG82V&e zx|&9%Y5V#6r0JU{hGv=v<~gNvm84~4msR*yMmSp(x(0g{`DYbnm*rUcMuwOBI;FTf zXN3Bs8~FJLh2*%R+h$ylqwig=kRF;>S!7{R5$qrCRO}e(<{6crX=YU5;$EETq@NZT z=9*;W8yIMr>X>E174BaVU|C>dl5T2fk!tDZ5$WYq=vv`sP!eDfXq4sT8=7vO9qf~v zVIH21Zd-7ni&L(nLT-d>X^usqSAJ2pS)zHWV|kuiL}7WFySuSTxJP1Asz*>tkc)|b zR=7tomy=VXNtM1|gt1SKW3H!bWO+$$pj&>ZX|hLPp`~Yjg|lavXNIFkK%N0cyoI`& zr6mU{q$HLH`-O+OWEBRKdU__M8N2DH>l?WQhFByg2S!9XMOLPir-X%TXF0oaW#l;( zIr}(g+A zxg^jcy(B{4!p$c!-BjN^#k(}qQaiIUEx0f}SU(>X1Dh-3eo!rbkO|zUUavY0;f{HO}9E-9jOXolZ)4+h-+_c=FAP;@hK+95}a?fO+ zk_xAMw_?wXLg%2u^b8l*$U^@B&)jUTZ0*WiW8b2PVy}oyW9`svmlUHAzfcb+e-G_2 z|BNydi=1SSLX)h3$WmW)zZK;cm1UJHq-hr!nx~W-BnPLPMg*mMyLhG;nK@T@L|UZg zWaQ)&Rl?6pc z6zPYiJ0|;b>FVk#6opupR26BLcxB{9mW3GTo4FJPg+v6nTZWodRGMTu`gsRMc;#oB z_=S6N$@+S8zr1s5{W>}R>x;tn-etb~Y+C3}zw&u?;Y~XOl{aUuW4*e{NM^a&+ciHL zTf@aIE356i#eQ;!JLTP-R3`v=A6Ei^5IN=PvLCW zk8?eo7r$^fvgB^%dU5J2%UgHXSAA7C_Spt|ulQOSJ$c!^rnSMlc3->U+vKz$Bl~cH Vf9c zG$+cuFgv?6x1cI2H^(c$+b1}^A}OlG#LU0IHJ{5YD>cU{B`r8Gs5ro{D#ba|xxghO z#W|$REF~x?$jz;+#4|T4sn9>sFcjUk6i0)ypmYTfea9+C(@d|->@uSiGjq%Aq7aL0 z&nRbi|8lPY(?ZA4vXUUftTcc9bWg5Si}4RZ3FbBnp$0|SD+^Ic2aJ(Ii)va|!T3mv0MvYm4cT`Q{$LL(DRibEU? z%nHH^OkL4!E3`=UN>5iv^-jz83Jmth3H1s~GRn^h_9!%uEKPDw%=8U($_?`=HK-^p z&y38;3^L&gil_=mcJ&G=sfzUXOAa>n_bJSd%neQtG|Dmvsx%L`sK|6I3pTQ}%(p&9W?(7tp znOf*k7*dc?5mDk8mR;iI=RyQe~0ul37$@>FCSlsh#K(;#O?nW0+@>5oPWi z=A3Gh?Ufki>=y2m?B#4yVdUkL=T%;6VSy2EekD16`i=^znJFGgmZoOG{sm?gDVFZZ zc_kjMiI#b}eo?7m=3btr5s@h_X?{k@p~+m~p1Dz}*;VEiDQOmV3MSM;a&Pm*rR%1(f7wAL{@kuMrel?rg;Qw2Sru7XXbgP1%(=> zx;O@<=2yCSc%p}7L~xO#S-C=4eqOR!u5)Nsq=$!lMpb}gxpRoNr+ZLwYIamaN}-3Z zd#I&Fn5B=qM?P1nt4~E~pi@zbN2O!9nPpCqi+hAyrGJpVVX3*7OL=irwugyZR8WYK zWj?xXE@4%{ndu4^NseK8o&_ld`i0>Z5#|OJ*_F9rA(>^Kt{IWVhIuI-Va3U=IWDRB zZjoFD9>L{lsrms?g@!K9p?Mx|g`S}%7DYL^24?Bb=7zb3ktNCbK3+*FWhUshl}1%L z8K)~47$#*nJLi{FS{AwH=7u|#WCS~xCuW#=dnPBPcMH*IC1cel&l$p5c8<(e=RYhhd<%O50x@46FMUqzJ*ymj3mp|Ky^~B0)5}~FBeKIQ z%F}|(oO7H?Duc5N-O7T4Qk@F4vrKho~?1&zc#sxY0-sK8uewF!#MS+P1;pUZv0r`GDo+Xi0Wf_G&kttdE zMSiKlmabJ9{+@1C#`#nl!o@hp zKf|riBa$mW&&V&&CBW4vFvGOUDb+l~yCP6OE5I)+q&zXgu)-iR-^?$<*&{VHCmY>w zp{{0W$$<*aW(DSHp@x-VQQ2Olg-O9VIZ)2KWn|8P_NGLHan zFHgUu%#`#ZXY;DOsL+h0s?r?q^h%$!Nc51jD2uXm4ph+2&(6$B(bvwXO3Cyxs|d(* zO%5?KF^;SXbtwuc&i68NPcf({^35~PHQ@>}PxWyOHBT-obgPO?@`|zy3Ck++@%6O~ zG_$Czbo4JWHwmeX%E?Tt!l>Vha*N8c$`#W6L%mZ|OAXR9Dk8&7(>(kN5=(s3%)@dW z^#d!ClQJzzt4h)xOA}oj%egWwt4t%xa(#+(oXtuLjojSLgM!QTO}rutL%f~5Q-h2% zN|O9ia??XSe7SUWbrmX8tK33-O9BjxoV+YED~n1C0}7MwPqjRso*K~qHzsmlj!!g)&8pTEd5-Pz zhKEkct9@bUKA!WZT`z6Qk7*i(Ez67-t=XB$GD&^c#Km(P!t?tt*w&cqwW)7Y(QZ-* z`M8sr^SFY&^t3a*FDAJ;Yh8(G?(y0>sj%{e&gzU=j8e~C+yNkB$uWMGkTp__SfW}%a%Z+Uq|v9Yg3Zf=EX zfVs1=Yf-o-m%d}5WpPwUT49-CXl6*1e`ZlZc$Al4dYM~fV1YqZm}O>Zlv%lDQJ$ge z#E;_PNlsNoF8RK$ZWSewL2miwk%^hE5lOC9S*}s3erZ|3Ays*9>AwDsMM33UM(M%f z*`+0Z{^5QudBu)_6>dou&c-H|8LlBEscz;LCPo>ViLSZEXnN+OEGB1(%2oJ&F{pJf!U&$aM(OD+$}$uczzFb{MIuB!A7 z3=Q`TDbo)x*Un6-^s6#7%@21i@((oOGA=R;*LL;RjwtXlH+6E2tT3pEaP*2WOY{yY zNc8heiLfxM401Oti^{V=j{)znB8#GO1)~go&-}{Dfbg);Ort^%_oRAvQ$rWGazn3V zUze=3^g=IlPfthF;5_53P_9y+oC;6x;NX(H>>R&{TizS~EGtaPG6T7MUCdJ|G77`8lXFrG%yRsKeIkv#{et}r3&PB@i_8ms`~tEnyu8zs zBZ|?jGcL%{_bylPEDttMbt#I-Ep_pB&MV4|G)@jO2{FhG_i_(UDvruc_sKFYHO)@) zb9Ll$3Cjz0F)XeR)h`Ok^RDy@HA*b@a`n$jF)ob^&2q|jjC9T@^$9I2clOEW($&>f zC^j?A&n?L`u*l6WFY|~h^NlF>jY==}aMw0<%F7RMt4dGG&k9IRE)GuSdj24+Pb{Op zMBH;jp^oI_Z*F(^PB!=bIrHG;lqX#(GKISoYR`9shUZPGF*kPDeCyxObHxmEpPY4b w{v^_I|Io!9QRcr2Or&;~F3WoC@mKNb)cE7a4owccGhwGm-eR>U78VW;0EWm?tpET3 delta 960 zcmbQvF`Z+APJOt(Ur4=SCy*?S8%b1eo{r1Z6uRb7p#ZRkCmK z#E;_PCPBt76*+FnZkBG5IaQf?LGGzeKKdak2Dyegd2SZ|VL4{y27wlinGxAsCZ?59 z9)?byUdaYw9&Y(T-chN6&KB9lNjc@dq2VPaPJ#Ya*?tiwUKy^F;~B-n&BF7XEkY~x zi>gBX_0zna!}7y3Ok6#y49q<%ib6A-9F4LpBb+R&EW<3gigL;giaq?Db1SnWvn%x@GqcNs3oH^t{q>6{pJf!U4-CoAi%PF@4|Xny3M$Ff&JWgi zD$h*J3aIo?DvL6+G|MTB3Q0A|FADbL3J*36H4FB3D=LnPiYh57Eh;w*$;?f5Gpa0( z@J=tvPczCg($CFv&&^Ioj{)znB8#GO1wTU<|Ej{sBsc$ntRlBSUyJ&{;?SH-i^Sxh zWasRvG6N&8phE4;s>0GrN3P7w3?FSTpQ3;iH%p_!V1v@6)Nt=o*NP(dkWhawgS2vs z%1Yl#|FFE!Vsz`$G7}9`0~NH(O)OliGMruVT>=aPe4UJ3T>W!0BZHG7!VJw_!jf`5 z>wS`4%EI!)G7PwiLepHcf|HWV!%NG(T^)0(yqvV1oH7i8(zSh)Q?89SS#FY)S842P9_SIOZIJHk zVZdc%7?hTooKbJ&8kufVU})qKRi14a8WLP=X*%>tE;O} zrte-H;bT-#7VXnkzeGVXXNIa=VVz}nHW*%m6Mj4S7lTjW$eqfeOe6D*7t_@ zZ_V2mlYLVn==3YS1y+~d-m2C1wf~xY|G$XVvL8ZD>-Vl_GM|?;oAKd9iARrDL_V6d vP?|%UKO&b~TY@=d{Y9s9u3~9UD$H@&g>ovdtxBK0OVQ)giL;*aW=jwN=DS8M diff --git a/secrets/bitwarden/details.age b/secrets/bitwarden/details.age index bedec27bbc1eb74bce5bdedd877342eab6fefc62..ffc2fa715987313c9e43c483631ea41a5a8b8418 100644 GIT binary patch delta 1069 zcmZqXZ04MxQ*W9Wlxq+W8k!mqQ01GGm7M7tQdCiBUXbBzVd$>!Y!KpXXkk>4=VO%P z$`xwp>>VCb;%#7IU}Th6;gxL?;bduQmJ$)J9T1Uj5t*ZHQ5F^+k>Zu($)#(jP+Xj$ zo0?)|YHDbyU=mOjm7lI)WbAHYZt3EiYGPXKQkvxA?iO5X;T)M_To9NURuZml5@=Bo zRaIJL?rq@8m>TG6l53XY=9XjPl$~PiU1*eQV(3^}X5tg->|a)tZlIk% z@uPUSTTX?xuSIrt#(ml(fn$$H?NzXBoxo-6P!tLNY4NUBgntybS%!Ljpo8 z9WC=pODbIqyn^xzeFObH!&5W-vYkS?f~vG59X(8woz2~yoKhVt^gYW<4FfY=oeYAF zy^8%S4N_8#bIkH{TufZiW57GC$fBrRAt*e{C#fi@w5&3xB*ot%skA=TOh3XfsW2z9 z(kP?cE77OOFVVx_Gt@UYnJcj%#M3gXywb}rvrJ#xBq%k{!^hLz+a%XqKg%N^B-G0% z#W5f`!_d$?65YDA%tXV~Km|+hEN}e~_n@krtn9*Y%OLNd5NG|+vWhg<;viFtGX3C) z`U3AHr>uYs=TNTVD7S#3C{OpiB%=U}WM9*AOFu{LLX$v~;s{TZV%Ji0pFm3sLv0`L zLJZ$|Ryq0>Ix3`;>-!qG8gp<_ zm>8r7`4|>@2ZdCGx|jLpSymYaCR=0%Rs{$9J7=bZ6oi7l>?0GNNI)?_%cqj8f?b7Mc)1t@pdp##G_~hHxi`y=*(a9Ar)6B|vzWK|A ziK1WPrvKralWDL!e;)I>t>O**viBR^Ie2qwcPeEZ+7)ko>`KeuFHIBX2p7%@6S$nM z7P)x+lzl7elYYlX671_8LFRNZkC$q7vxywnV#(#=;)MfoEIKa>=s;Dl$&Uf?Q80v%%y9mP+Xj$ zo0?)|YHDbyU=mOjm7lKQ5)tVV77<`p?ww<3T;!UY=2n*J8|dMb>XloZW@c#Vk*i;n zp6nHnZk8U%68*V z@uPTnrCWhz0pTC#p-RH;#VL9(AwRCR5rE!U&es-FHTZOBUd1;ADQexobct-K?!~%CSgCc!5 z*GfZoXH(OtQvHIWlu&~eG3EKijC6qowcK~eL_m} z^W9S{LM@VleWTK|vl0{Y+(T2n3-gM(@?AUw(+Vmh%~FfC2GbaizV zvhz~X@(oJUoqc`G0}Y~rd>jKUauYp^v2 zlOLX^e`V^|qv_{&_Q>B5uex2kBlyeYz2DXZ#`$^Oj=q%2Umq)_By!rZ;_;%0Z8^&Q zElbbtR^5FfUPJxeg9`a2;wz6UbUvGqX4?96t{JeTbZyz<4%W3}(HU4CFHWpGBx@S|P6!;)obec>FR1OIvK`!5x{ zaD~L*_zB1Sn5&M*+7x|I(Pi`xdGN`7SKyLQYyzI!->;hUeZd@Uy^AqLVtU(y79JeplTljfk{9CUksDQ7oz#;g_9UVqoFxWbB#|l$eoiX>6J7?pm1|X<+7G?v&(amSkLHnr7_d%B5?kP+Xj$ zo0?)|YHDbyU=mOjm7lI)np5QFV&oK-QJLp#P>`SE>J}22o)zj9Zk}6V>0acXn(O1^ z73FSGTojVcbXl&@1W8jwL?BQQXupXFqlt({yv z@uPTnQj)uWhNGi}yNR!7a!zHMe??wIeny#hL1u(kL3*}-QD}&BQdWMNxnVh%o3@LO zhox^yWROX^OOmBYwr`HVg?5o~c6gq?PqAfaKv-~8ns2#tNJRPMct-K?NCR``G%_|J}D%_0 z^3kpHta9`%bX3r`^eQqe^C@!<_Da!?^a&~Q_75_Ss&otruL{cXaWhKH%l1igNh&J{ z^5rtq_V@Sl$g00u^6LrtKMETpW@SoMVxcS(#f<77^iS;gyk+8|oGk6keQU9GLA{%%y9mP+Xj$ zo0?)|YHDbyU=mOjm7lKQX=0IAy}g*l@k_}UYz4>RAy1^VeXe6 z=;E6fU>TasW#I2*;++*@QJJJ4lHu(cp6L`7mgtt|kssty;FRQCVwzm&7FtzW;_2c$ z@uPUSiA#!Mg^_EfwpntRc7}1WS(dMxi?LHlp;=HwpksP^nSY6yPeh<^VvZ|Uj+be& zbBRe#abZ}cnYV>mQF(ECRDNNuuUAgFrDu{;NxEmao3CR;u36~hct-JX%UrLL^4zFY z_u$OP97|8<5Hs&Yr_!`UH(%52yfUN0@>Gu?PxJK3{48HC%WN~(G^e0kfA^HqQscsG zPb0G;CqpN{N<%kO?-ZjXf<=L~cA@=(XgXBoxobDWY=3d|~twX*^q!#ygzjRQTo^nJ_R!g52rgMuAHlT&>R@~SFB%hEFP3d{qt z{3`>a!hA{#O3liGL-JkGW57GC$fBrRp){Z>tH9sG(9_Ae$Tum~Jgh#^IW4>>-J`H7 zyfmpiAScr)ATP%xxjeWskjp$NB)~Guv8>pupv0gs!rwGI$JsckAfqze$;`(r-Pp1y zQ9s2mFRR!+8{N9J%tXV~Kn3rdDwAN}P$TU$?~1T=ZRenH%k1=UKSO;Zvy`Odq%im7 z`Y^Kqr^<>bM_;ZepR6!n7yY1M|IjMW!ZO$F57YEy?+nKb z&t!D#JgXdi3mp~m%!|CeLeedRJu}kX{9MCBT*JMcybR3D9TOAF5|b<4D$?CdjD5;I zj7_-Q6DvFnO&sgJ-7FHdJ&eK}{f&b>ELbaizV z%CwDgDoP{DeG@Hw!}CiL1A@)-t6aka&0I>eGt51Mf`jz^OnkKs%w0UWcHNTVTp;`A z-YWke*QT+Y>B`@gx1)IeHEWT$KEsUqEvJ2>X7XqR9rsGTp{{*X%eeb=>cVq*N+GGo f8jDXzq%GS!eS-5Bfgh&jyB3_eyz2g9xwHrX(BMH? diff --git a/secrets/bitwarden/secret.age b/secrets/bitwarden/secret.age index 54f07c34eafde0d6efa2c75920e3a14ebd2f7ff0..aa140a744a6a987d1e0c278bd9583850554ff0cb 100644 GIT binary patch delta 924 zcmeyu{)K&lPJLjqkA7;Uxk-wLPegF8pG!%qOKxaEiAA_kX0S^{L1=ECeu_^>VYr1; zF_&LJa#m@1vUW*nrCC{SRibxjmUgb6vrkEGZmF3?R;7tcS!6+;k7IVIE0?aFLUD11 zZfc5=si~o*f=NJCRDQaGr(dW?R#I_EX<@dDU%pwOuWM33Wv08CXL5>nKwws?cCeXa zZdhrGbH1x1mzRM_g;}a&NKtTNX?AILnM+WmS872?p0|EbRzPBrbEZc|N@|cnS#k2j z4-(;?!HJc=Zaxv^sg8juRgT(`xz6Qj0YUD?Df;=Q-Z?3`1(l)N5snt6ZjM|@=9xwj z$zGN2`Tk{@24xXpUYY*p*_J6$1`*-mF3DAn#fHY|K9-4=LD`ez8O6g*(p=4=Je)!c zvcin=L%a%-BlA6+6Ft2x%w5aPeM3xw@^cdti=4Gf!}GcP&5go+3J+u8I^NXs2%Sy6*BMtLhE6kiN^IRvNWfZTEa4(4parQ}aE;8{53HEl?5BA83 zwDgY%PpSw{4Dyc%bjmXJ3C?!O%X8&&E(@p#&PXZn3Gp!U%FA;zsxr$Ci_{J-&oB43 z$SKMwFiTD`^K~w?aPmcu0PnCOi=uLc{16}C%&f|Y+={B)WRno%#Cprz@}go_|LoGz zEW@(wuypSzr)-a$tO$=}F4M~F)I{g3L<^I&lq!Am!b;=7Bm>{7BtIYH()23rs)(r4 z42$%#^sGP&bnDVG6Ae=X6^zOaJkt_GJu)lIQv!lA+}*;Q+;h!6veP2nD^0VbLIO?d z%?qOUS zF|6~fa`Y{9RLC#!$O=pKD=-erO3N+wicIr$2`?`9s?bi&_j0SsGjVfr^>uSD%gr-L z=dv^m^(=Dot#>l?a?EgX_s;Z5OUX}9F)DC($qWp4PV~tP2?-79`dDd*DF)m1QZ zHSx*xEKYQCHMO*itn|w&h>8l+*N-ajC@)U(aq~7vcZmx1^saDow%`(t{Gg|naVh3f z)L#dwKMBv*${C+n%kVM1@FIU>OpS%ua{05><`T-h%vVJ^O2Yl`KK?X!{yx^?EyeHd JrdyxM1^|O0IpY8T delta 924 zcmeyu{)K&lPJLu>a)^tOduoJBdAeCaSY}Czn}xe^N`ue zBbRrXMNp<+m8++#PkE+OUS*+Ku(?xUj+d8lq)AC|npt76WkFe#PqI;VI+w1ULUD11 zZfc5=si~o*f=NJCRDQaGMNVF2L}Z3bg|ly1dT^3unrpIlYGqD(hDm^5WoBh~Qg&sK zXWenB4I2EjRAuHh!xmR?b1#*UNY8O6iha#Bmmd_7$( zN<+$1bMh+93yZQ6lZ!%4ihNRx@_hB3ohm~;qoTAOtCG2VGZIb0qr5Er^!?3)T-?fy zjk6*O3ydm_EPSg9o%PF{Bh4~H{LBK=%=0IoWfZUX_VW%g%{B>5OieXPPcKf6D##7a zOU?=R)V54daY{A`(e^1Z@-->1O84b5tH?J^bM{D2%1ARVay8CzEh={L&2Y_(vIutf zG<43a3UMng_esl2@`^-{0PnCOi=uLcjFO5xFaNU0s<0}T(qMzClzM;XEI&gJXZPG3 zvy5Z|U(h;p}VbnDVG6Ae=X74r2nT_Te!D?AL1s{)+@lPWyZbIP>6Eli4y1Hw!b9X*}u zO>*+IO#(bBBDpdh^$p#^{XM<1j0;Qji%ndT(|pa1(|jYU4BP`U3(H-+O!G1fgLBLi zF_M>Om7{N=qe6hTeqyFifJdfjNls=`aAr=qzn7U?MUcNomRCWUQC@O*q*GC8T1jGf zGM9;&cWRV*cD;Y3zC~GfQDs$LSXn{3YhHLxgiE%&p-DiRV~$UFN>x#=fh(7;uC78# zU_^vLxVL|aS$RZ}pHFs`lb=smW ssh-ed25519 V1pwNA HO3CoMoRFUYu53Pu1LX91h5lF0BzOLlUfLd6VJ4zSnI -7atgIwovOjaPHDvavVkswMJSTJx79aWiriFRFP75NSM --> ssh-ed25519 4PzZog Y6mMkSE1mokAsIZL0A3jBM47S87iO6Lkv7PSqnOi0gY -TU6PMO8MlVU0LvugBiU7BC00g617cI53FMr5JZgeLnQ --> ssh-ed25519 dA0vRg VSPO7NnddH57YMZfmm1/dktNLLeNzJC005UtKg1ZQQ8 -cqiFWD/e4eNjX7OnWClavC1PSY9wqFpQOUN6SgW24mw --> ssh-ed25519 5Nd93w Wm741XfokLT4GE42ZbfqEUUzuubc5jksgadaTQ4ziAk -N/Vbxz+C17ZZuMJ+cw7DwwrshB+iS4Ar63jki/94OPY --> ssh-ed25519 q8eJgg EqOr15ZLJs6aJsJyEOI82nM3Ywb7o16pRIrG8baEqTo -a2qdPY+ISpjyL0V8MA/hkltpY2JUaLVLpCHgpA+veYM --> ssh-ed25519 KVr8rw hust1JIIdHjZoNzoKuIEqCP0dtOzp1XugjP4++ELnms -UydEPSUphPtwhWZA8FThcPS0x9MyzcL3eZs24Z+Ve1c --> ssh-ed25519 fia1eQ MnLuWkPlZ8+vW2gBOX4siYDnUTh2VpFAWtcS2LGzqFY -AqBKFG5sT5CdvAPAYhHigI/wEnbDZXd2isbMTExV+h0 --> ssh-ed25519 IzAMqA wsKTiCAsPqDZPmXjfeOXDxIJ3dgMSxTtSlguX6Eu2FA -ac37JPjLfM4aCNKQzjG8SeRJVLol8PoyPRGpCkP7YyA ---- uAyo/rbHsVU87DgE3yiEvhTUUz5GYl1PeqrQDztHIxE -*t MƷ\׀~^j쾞jj م,1֞W/)l՝fP**FZA\z,bѫ2O~(Z$ZJ$ŜsM|9ֹ)ƿ,DF Y&*.Td/CV+ZSNe{:O~=%$ 9זTـ \ No newline at end of file +-> ssh-ed25519 V1pwNA yAXv1Yf5cEeD82SIn1Jl7abXadIEHaeQgNF81IuUNSs +Uo52RGQKIuE4SpS8SUtg+mu+SV73d28S89R921P7oTs +-> ssh-ed25519 4PzZog e37Cp1r7wkQcOPcD5/kYUvCcBrvkTaSNc19L1XZnfE0 +MjP2tY5GBKsd4liVGx7co97otBTex9iTGLKv1wR3koE +-> ssh-ed25519 dA0vRg Bm+JWggvHAUh2gwJciC+vNljgavsLjdLfl6eRGjqDkM +k6UgIXDTyVpxyLH63jssdB8V1MwaYzeS4pXnm/ZaQUA +-> ssh-ed25519 5Nd93w Xb5zseV34mZ3rSfTqD96aAMGZi7zsE9eacaAIrHH7hQ +8uHzgm3NuYxdOe4e5PC6g25KSgmbpws6/mx6/bnu+vY +-> ssh-ed25519 q8eJgg Q1NOLn8bvsRkglPBvXePM2OgnRJlxVrF5vgR3+fDTnM +abvDruxSUw/T7s7iJFbEmF9nxjATId0zlSwnOW4XCPs +-> ssh-ed25519 KVr8rw F/9sikG7MFodVtYc/BQimUKo+hCnsuI5uxztGjacOAs +rVMTXo3pxKOE7DcToi93ZPoAAm2BdFDgLhFsiZXz7tE +-> ssh-ed25519 fia1eQ Gaf4r3oMiuPONpsr17jqFrSYgt6aK3fyGBHR/kenCys +MFAsCFnmIIJv6+LJiHER0bLJyhkVTuCg4FXeqjNqqYI +-> ssh-ed25519 IzAMqA sKzeU9SFlFwPw7zJHfl/u5yys4UBLrbxlTObTXEzkXg +3P3ez/1ZyWtG7NpBK95Y2dqYGge7yRtaE2S6uafRaac +--- 7t9qRdM5F8vlbvUTqq3cj/D3KMyPvxOhXDFpg8/FLlk +D?p/}!j`o\j)+Hk֗m0ɶBPİ,v@ +i6xF 6iލr~\N==ri}cݮ&?N՚V@ |%#H-% c ⪊@;; p$Pnh;ꓲ-Ûm-ɞKrH \ No newline at end of file diff --git a/secrets/dns_certs.secret.age b/secrets/dns_certs.secret.age index 9145587b959492b7744133efbcfcd4aca525dc64..8e145e7d0a611896eb6cf57f07b98629ac514f72 100644 GIT binary patch literal 2814 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5wAQ%J4GP z*H1N$GA~LBcQf+!uLz1NF*R}yOUv~N&UAGScPqB6F!jg^E9S~{O{p@D^eZz9aV&BP z%_z*NDvojq2?)?HEH`nf3i0;OC~{47%_+$(2}QTfB%mrPKV6|HDnHB8B{13FAgI*9 z)ZehcEhIEJEv&G_(KXaGD%YpbGb=YT%-_sB%Yw_?%+$Rw)1)-ipxC7#SG&;FyST*D z!#L2eLf^#Ctf;coFUQ-c(zV1OF&W*q6i0)ypmYT@m!c4}#EL@G+yKiwBjc*FC=Zi} z6z9^iM5EHGOar%+u#g~^LKioSbYCtPKYw3C=is6!HzP~uVs96h(6C^46W{ElNJDd@ zN>9U5)4b54G~?pR&}?+uO#M5j)D0kBK3n+KW^7RgL$u+Uaba5?q3(CqV&-0Be&(L-YPBU}% zFEA)74@~C@&Ghn(bPjV2agWS)EAsX0i!GA>H?^$jv}swhlLstEQhbgB$-4>mxz z%{#2fqNrS<&_6REtT-yzCp$kh$k@XIp1DaSM@(l01G%*3!Tv7#i$+&R3o$_vA9X_<+JseuZ4 zPOcuFDWMU8<%QWPet{2?9wC_qK|yJWCP|s$?vANt-Wc(w@1A6u9;o0FTyBtFT;Zc% z;O>{L9~o)pW|*628d{-UR$`o<>R#YlVwRI^T9)DDY{69!l;Lb*URY@sXyj)Y>f~q` zlAY|Eo8jdfUSgSAl~U}go$gcQp6uymiIFD#N^<=49Tf_~JyQIFt4hO7yge&ieUsf& zvr|fgQp&UgT>?DZEiH|`T*|USB9ojWvbkJL4ZK|w!%8Bvvi-x&69dXCEd6~gU5#AA zy@RUq^s~&3Dxxfli~TY(%hBVl%qY^p(ovx*$i<)Ps%XX&T}kwOfAR`E~&~iOE%7|Owuk5^9=V%%Pui+ zFXnRAwhZ>qP73$(3h=gY(KmOlur#so@-Yc0&o%JPaWe^aDhSrkEG{YY@J07qX;hVy zak@g1rG8a-L10dWvx{*`zENSmsb^$BzHyLCs)c1ms&-y-c9vIKdSqZ$g)dilJ+LyUlIiB7H#y$mJ7Ebxeu7O_uW=2)n9xiF# z!Oq3be$JLvk@=2M7-`bDAV=T3Tp_VCqbMxh*fAn7T|2KTps3U_KQAQG+0VSJ(9okQ z(zGl>-!D5nD#^ppl`AqbJ6At2yRf)8xyaBhJjW-sEZxU6Gd$efsW`>o*-1Oy%rQ^f ztS~Ce1U=q@3tgOY9Tl>IODyur(hKw>lZ*9p!Yd2?Gc%LCLW+#b!b{T4L$y=Fl5%sM zTzrf2%DK$FeS8C*Q#_*#lPj`H6TK2M-NTbA5f(@M$G2$)M z)hsPJP{GjIs4_6avCz{z($6O^H774I)juyV%s)8X*StK;#KXzJ&@eb4Ju1-Mk;^H- zBiG$Gx2(iFH6%F4#G^DTEjK5nsH7~?*)7j2CB(nNKh4+6uPQUm6Wwo-ZiyAn=?WfR zQToXlMj=_HMSjN4L2jWT<)($@o>>KM zq2(^wUY4Fdg~2AdQ3d(Nl@U4FhQ$_M-j0r$M%l)m7&T66jR;g@vPIaArzML1Iu@T9jp$1y_V?xm#jJYIdrte~Fo8phZqd zSb3s{TS}EhfKhQ?MMim6sEd1PW_FraI=bI1%Azct0~Im?%~PVXQ_BL1OHy(p15#48 zJ;RKAQxeTQOfnsP^-~S}jEq7(D_y*UEV#nM{Zq}0bFz)AN|T+_D&0y_UA-eiQUl$c z(>;rPQ%#%;!rY7UlS3UtFha5@x2PJl`NFrKqqVFeBF_QQI## zA~4t}(zn7=-&H#@*Vr@Ikt?9WB*`hSIJDHnF{jkSq$0$%$f+tY)hj5!*eg6WJU7fS zGASj%Gsz{_mrGYyS0OCSG}0$G(=;I0q}3O|muh*NT1U?A=sx}HjpLlwsin0a zv|hMc*$8Kyd0js5>1VyuFZ$kAI{iL>-=b~no&2&O2hXxS8+sx;Pfpfe8|@^mGg+(m a@bY~xW_^6)6?tlz221yZUYo8>KDPmIwWT=# literal 2814 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5w|`N=}Uo z3imQ{Dl*YF_e#>v%#Sc|j|k5(Gx0Lf_RXkF3eI*j&xouv4&+MD4>EO5cJT`GH+3{} zwTN`gbo5U*^bg6*^A3wN_YCn&^K!BX%QOnBN=CQMB%mrPKV88rNk7~pFDN`URX-{z zDmU2IB`CPK)Fit&$~D8&H7K&UJli~}JS?jqyqL?ipfcMdCA%ckz*t|~)S%Qe&mbq! z%pytKC?wsz)H}W0-=!!uGBqW_$P?YR6i0)ypmc@Q5X;m^-w3ZF!}P-PlmPAgP>af> zD%X_!RJV|zya z3QXONgPbihQj^_$Dh;?y-CP39jq-}~vO--4H!3k*VX zy}c}wO7qceE3`=UN>5h^FAXlt3HK=QHZaO{)^>Lb4Jt12%MS1fPBu1lD=0GYDGACh z$#5(y%1q`mi^|T<$}MpWDhenoDe*2ea&d7^NeXdI^eN8D3r@{WwG0n)PSf}D3B(9V z@310^qH=|ZqRrUojw zd*lRF`s@3Yr@IH5R{53sWq3KecxU++xo4OMndc^lx|F8nMd>FSg_v*!=D1{KmK&Cs z>W2qM`gjCp`GzHWg=B>U7+ILRdO8|<`5BgExfSM{1i7Nyrth9)njWZ-ol|72udz5Rs7? zl#_4a*aMWK&J zQkq#*MP{Z^uuoE1rm?4aUa>gCx*IJC51%=Iz@6-X_vX>7o~U=`eYa7looipy95@v6d0PCCHe(81t(dQ zJ9)Y}rIlr5Szy=}5nSYGR<00i8RS-EQts;HWSL~>6P8};?B;Axpl@yw8EhUBQf8Fx zm7Wn1QdD758Or6OpBIv0nQfS!W}0IVsh^acXX>2qW?Gh3nidgWoLXt@U0#rs>hGQ( z5{e#@E@4%{ndu5NPt6zjW0MLJi724@=?21Rl?`z2?l zxhIGCd*~Y)r8*l0lvI>C`s5fzhNQU#rh0f5Ygbz4xp_Ey7iFW{R#_HonN+S|8Wx^a znIBo=Yi{P_9+hUCY80X!;_jFgR_bJs;u2NvS{UV3pzRpo8Xn4(;u(?~VBuRFl^q#g zm6~rBTA1XXRu+}$obH|OXy%(@R8(T(VruE(VT@s$XO*LGp`(JIiI2XgS88&RXSijA znP*;!SC(gizCr(GcL%{_byimb}BHU#^ff4~ zC`@rO35qiGa8Ggy3@hiVG%In+ukdsA3O4Zz_ILNNGz#!`DNZxg4~X&%PP42^_x5r! zH#9CbFT%*(!G$hPxsD2k`7RY<`Ds~R!H(%Jp{{|s-ht)$g^{LdnSuEp5iSOWZu-fN z+4}B2VWC_B0cjD&j)q3QDUqSYhT-KoF8*#FmaZ0|WrqGCX`!jP+9BoH7Re@MQI6<- z3w1S1OAb_U4Jt}=(J%6>D#$2L4$h8n%PKYuOfS_g3~UOQW2#^$nAP+&$A1JyQeS&CK-83X{z}f*iSuoOAQid~=PX zoHLy=D*Tg@oDJQ*%>wi-JzTs>JxwbuJ+z(jqAZOf%P?|xYL2sOYPy1Dc5YQjnM+w_ zaY#X^QF&TuYFK2bMNX-oqiaf$L8*UMQBXuhntq6jqc2y1c5!NUcxAeOs#BhJL2{n4 zS8{=~Q(lCjp{HePX_<3zfk$?JNJwgkA4dIVQ5I$C9Hg?*3?_M5mmSd5UUsUOnmYE(B7Ri<6p6=ul1}k{<3DTx61;tnHOm zYEf<)?rpB0>~5G`Rp3$;j8T>pRyY~>g(mxClo^-@Wn`5El!o~_2WFXMnHU#Z zdKX0mRv9`v`Eu#%>MD3-rWTm{1~{4JmYRfACTCl?l=NOYWb6Fvy(A(Ze>c`(p8a&|CWuF)>QIn#`-^Q_}u1lNc&3qQwtoR z^GfQiwuPrdn6`Zkye9blmiZF%&!6(A?`1TX2w|vx@N`OQzQ(o7ul-N|dBf1KNb4P& cKY#qReQa9YCTEljtvw%0^fIiK+UL3v0DD568~^|S diff --git a/secrets/dns_dnskeys.conf.age b/secrets/dns_dnskeys.conf.age index b7c199c9683045aa823f80e8c62b59995fe4dfa3..6f73e30e6ca333a89a788982257bdf19b37974f4 100644 GIT binary patch literal 1204 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5!sx4EAsf zFe(YjEY7kB2`?}-cXTsIN_4HXs3=d?E;mb0j&d_9wk${t^W}0i&&&)lsM0q|^^Y)( zNGhrH*UxbC$~5%LD-S7;@HNbLF3Uib$6-*A&w< z*H9C`ax>oo$KXN}i)3`$O#M2dO+t){iw&Fu3JQZgGownilOtS% zO0(SjGCa|3E3`=UN>5jaEG#OIEKW5K@y-qoPE9uRFe)&%NJ{nh3{Lee^R{&IaWW5% z$a2j{3bNqJGRVwG3)c>E(@yj@Ep~}0_Y5#j$*OYl@bYjfHY=|Ts!H+9@in*bFbhPt z%{#2fqNrTKxGcY-$R)t1*uW#q%QZ*aE3LpSqry8f+t0)_*R;~p(=$0a*C;62!pVdy zAUQP1*)vDmCn%~gqQphNvP!$s)wDb*DmOnZE8EN|DkQ=s(a+d7xXc9IwzSMd!_+{9 z!lKZ;NXvq(yajcmZ3{ySLl@^XlPHU*0+STKBv-TIj0h7h&xlOV!15d) z--;afs8myZlkBP#uRNDBFR!Y?ob-@L(-0>g%L<>;v}9Lw+x$v${PZ0a3{x!hGcwY$ zONye5l7dUp4PCv%yb5z1y>f$7s&f3D(<0r1-E$LtQVk=yw7o(-k^)Uq(<_V(or{ga zg408c(haLT@(lBWwf)1w42rV64YNEF6H72cvdk#bz|v8{wJ;>#D<{#wBcnn;D>XEI6+;xy;`n*u=@FAi~ez+}|kB z!Y@28JS`|J*~G=dKfr`*cYEc14(?f17Oso#^sQ{)_S4{|WK_~_w=?1U!j>0(Wzn14 zcx#2vf)n996MtxL+ZUl~pIEIP^}^<9u{aQ*N=&%m;rGS9M- z;;^*bVoxXS(yElwqKb;d)XcEV90M+|l58{o3a@fEH%E`i0>3itpsFDM3OA=DzYt5u ziVRN=3-hq_g0s28GR^%0vxCX!nK19z5TRHGeZM13XHw{LVdK0 zDuaUzN?g%xE3`=UN>5iX_R`MuN^{pwNr`Yw39!(%^eu7?whS)N_6sXYEGP*sGl_I` z3Jl9mF?8jM@Uy5&2{o;7bk_HF$}p?6@byl%@H9-#k4$k)adQnRE;aN^F-k1=GtEY~ z%{#2fqNrRUFf=s1$gnWLz|1wVq};zC$uQ6&IU>+FucV|R$D`ELtUT2xBh53>HzS)X z$J58zCp#r6BcM1t%*@9>G^aS!q@XOsJj>arxYRf?TiZ+9H?K6=BFO;VwzSMd!_+{9 z$c)0m0{Qq ztV**yCsU8mRP*rgsyzK7$3l-x(_sH(_W&;g19R7`>>!MI^DD{m(|1$|HOeAd_P6v1%?so*&37y|FLF$etjrAcHcCp) z%l0wM^vfzp*EeztE-E(GH#Ezy$Tu@dEeb^UTbWU$fu*BDSz<+~VY$0ml(%K5S7c^| zvqh4dYm#dB1e_4P@YO-IBcZqkUd6`*|rGB`hYhk`w zc1oyeV!pO_n!dSXzFAUYWqKr+uCA^^k&$_7r9r5_Tcmzsc|c`RN=k9CafwlCzFVGI zM2bt9my?sLMMa8!fMX!nYKMMre*vzf(0f~?_D0m6>|6c$aqy&z_y`s*7uXo9w_^8FKoQ;IqjPJo9?M4k{4txxD@W3Sk4!IUdh*Qk<^5h zvknPz*BbWEboJ=^uyom1&5sXccG=mUW%rE!UAgsi-h}poY;Av?9ir8N+%J{PZvIfQ QG2U%hzh_zNys9e}00vH(2mk;8 diff --git a/secrets/email/details.age b/secrets/email/details.age index 9c02ed7368fb7d1c70ffdb47e8ea9068da236c7e..0f821b0ddca2203bea4d0f761dbcb49937a71ee2 100644 GIT binary patch literal 1419 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5!uLOm$8R zjEFMO&MQkROOFh2OZCjvHV!mO@((V}E6Onp3UvuAG7rp3FXu{j%r;Le(YCZK^oukr z2nh<&Ha83Ka7%Ixtc>zX3<=8hO9_s2u5dTYPDi)RB%mrPKV6}!EXgy;)F2?k%Oun- z+^EdmCC|*+zbMHf&@m|}QrpF=AYD5@JJPi{B%Le7G}7PMxvJ3D%sV^CzdY64DL*sW z*fqdAL_0Jj)zdvS+bgT0tjN;R!V}%L6i0)ypmc@Ii1Mo76gO`l?+Euolgj+EF!xFW z(|ki`i-=Og;?#2A2=R#lCpxh+$?7W<`kdjnC zzs!I%%e>6|LjU3dGYr3(`lVPJmn$S&mN{A``uOK32j!+!m3f(jW>+MaI;EGIn3r3) zmwI~VC1yt?I~FH!11-2ry>m?h3&Sf+ zO~d^{&E1_VoSZTY3-rA#_07U7e6>@O0=z29TmzCSoG?Ptv&zx8&`}{I$)~ueIL#+8 zB-ys+czLIC0F0u4a2t5s46GpbOry&!eB?|&}0{r&};*DFHbXX zizLI+loZ2Er()L-$E=KibSF#w!Zhbx11|lHlC)$OKO+N|!t(Oe2(QYr+?`Zh0 zl+ehef?Vgsa#N=wztE~QU-XdlNHWMQ2vjHxvMA0eE^#yo*LE_|HY;^D@O5)GGW2jy ztkCy22`Dvn%=0z&^ViP}PUgxo$}h_`uT0F)_YMyTuPU)DEzU8GboLJnOo=jz2saA| zcX2QC2ud$4&qucn8j?W)k%`G39+tV@{+9YxZjM=nr6%T_#}(f5-{{8ERedX! plLL#lPTu+8jc%KfkIMYA#zjSnXD2AGdmg3k&n@?T@wH@;;{Zn;-s}JX literal 1419 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5!t;D70{` zG6*yA@e1{h%+WS2%rW#eF^%%@2{0%KN;lLlF9`DYE;lxG_2mi+Dz(&4F17S1@b;-n z({|1XipSzoJUF0(URZoE+`oj36hkwBS^i ziu|I~^eE>Hm#j2jAM+4%cW={@z(_7v@A86xlpO7x;);M!|MJYJ)GYUWmyB>z$CA99 zfF#p=vw{G9{lFBz;z)GcO#M5ywW0avQsN6s;Uf9jos6OEDJM(QcNn` zUG!Z;35h^h)Q=dH;fDob&3iyPBSqu2ry2qEYgl}st8G|s`5524YxGS z3e8S&b#mp3ay7|vN!L#@4=Q#q$tXxEiZpO_EO0SO5BAFo3U>~zEH28=&vY#gNwPq< z%{#2fqNrTK&nYq2r7*R?JtQn!J1wX*I4Hv~%_-R}Q#&}K#MIR|I3?B3-=kDJHKdp; z(bBRqF~ujs$)&V1-z+UGG9)70(8$9p$jRF))xt8c#4$ajxZJ=wII9@lwzSMd!_+_p z$BGcY!VFXA&?1XsAD0m4BuB5xGLuS+EQ8X@ViRqnQVY+h!@+dQireG45Ga@~zW{8Iyh zjVcO^s?z+-N^*@;(#$P=lLB)SGXe~vimLR(%gk~u!-8D7Ts)kE46*~fwA~^z^(~T< z{PGRUBhxLzwKJ14{7Q2&vYfR|qC&JQ0<&GwZ7YqcaxzX=@QTXxjV$xd3$8Hmb;&VL z%qlL)_bW`vPxs0+$j>*(HwX%k%#4Uk@o^62Do@F&h_tNmaW>L+PRZ~uG>dR^_AxTg zHp|El^-MC#bTTWA2&>8u%Sy+v%_GSmvmj8R(6}JWpvpbM%sbLCu*A}+B-}kYEU%!- zx2hzy%Cyke#l*-r%_6%{+r@+{%gwnY*gV+BHQCW3BiXE|B0bMJKP%kK%){5Q&^yzk zsr zD9O?+r<}_?#Hb=G%)~h)+1a-|*C^dM&pjn9!r3{ZD$uXU&ppyK&E3G$I8DFO!h}m# zS63mTsM563yDTRqr_d|cMBgOb(=Q|4ugIjzr!*=rxx%X?%Fj!`sI)xF-<9i-{4Rlr zypmIYBWG1ge3fuAFno86|HKd1`Mzfxcd&@ed(^PKLvD_ip&R=&^-dMG7vh)q^NAd} zm;Gh0Psy^M?nnD39%Wg5d2{~!o2E|}=rTtbCEDCFe0MM2bHg3$=iXKPYusOEzxZECZP$ro)1nXk8#qlIa4X0nS#xN~A+a(-lBZiTBsetJrI zI#-yhU#X>Um}^o&s&__sRfSumTd-+)sk?K5Sx`!0svqzz4fq$W;lbb8~x{r5J zn6Y-MQF&-KSH4?WW{^{XWs+rZqPBUGi?@e!nyICupIg4RtEE#}nYo#TNrq2)L9t8m z#E;@(83FlG8IIacM%k%_`dI~05uTMEndyP$Igv${j(&c5SsvjP`Y8ta=7z~!h2>!d zRW4y>WjS8jZlOL!+1`2Cd69;>RjCoC*~LDAk%r~^Zj~;{0bY~i7$w3@@`B96D}z&f zoPtB0j6*7u{37x!GX0#2Ec}yGz4P;&^!43xLmYjwBZ|2a!(DUA)4~gby#w>JoE_8r z3nGG}!a_?-O`U!6O7eq4iYpRBO#HM>J@O}?WfZSBDfSOG3JEXF%BaXO&JU>yv8c?> zGBzvCNHVNSEH`qhGBpk~cQMH^^>E~J%rDLe&Nq)LH1$k3tMVx_jY!H2$xO>E3i2^d z&G%2%k1!8U$*>4Ba`!}!0PnCOi=uJ`mx55wL~oa(lyEOo&p-f~1OMF5gfCi|~R9AFqgjoD54Bqri%MKc8&F%&5|EN23hyv~ZKG zfV6-L?|^I!>(Vk44O0UZk`pV_GTd`A3qzBF%JT{WqKe&9Lk#>}!pjWP3(9gcjV6mSvTpShXQx+OzVV;=klbT#;<{#$jW#s4>>S1D7 z&XsQxRN@wHSYH$pkY?^*7?_)qX;f+Ao|%_e>X#p!9^&I@>QQBGYLJ-WTFj-ZtE-UX z8(LMIXP)ems$G#E;Z>He?^zL5UKCK|7hD`=s&7%6;hXB8Zs=BQkk1v$@k?|?>{KO& z+5o37E2@|m9@!AM`ya!E(5j{LY>gF|?+IOabNKX%#KkG~`hPDvcxM?Do_@W!YR+jP z?yXyIt}}mhYwhOF>D;Sdx_l`TxZAsN>G5+?8xn)s=O5cO?Zq;MB|K_-9zX7y&i}=7 zk?kU838TQ2d&z&@-j+8npBlSxO2cwvNz2`-3x2VFNvy3FH#iv_d^Yc-{RHmB?>Ri& zZGlx$PkANkLi!87NWZT4uB$$nYFIR*qWOmN?7K$`FNrpr{M(**QuxOv9afza=JzcM zcuz=5C7m@|@v$IlomT7Rs@4vjI}aLJ_?dEVUQtxM_j5LPuk;6=lrD*s)$`r&8~#?e za@DK4S;P<$#qBib%-{X3H_yIs*{bF);NU&U=Vwvz27fOb?esY{w_7Vb>tmzW?Fy|u ztTUq`N${jod}Ywaxst|Lmpz;z?|wk%`0))Ps&^e0E4P?&IZZiN|I<=@QpK|4f&q^L ziscU8S@$_!_Xx+n&-<5Hh}En+E5&>83a{0=Pjfyg`z4v1Y|W@%CwIfUZG}oH%W{!` lTeBj1+t&Zv5dB4T!ttltE04r&pK&6X!+WZ=pKi4J4FHFt?2G^a delta 1296 zcmaFL^^|LZPQ9UTc5+pPw_%!hQeIU~T4Gv}xs!>1URFe;QDJ~~nQ>BqZ@IsAZcbu( zC|8(#okG-p044EE@|b)=7A;2DXxi@0g;8FW2#U-M)i!i3DG3cOay2fu zEQrc2s4_`4EON?ptx89a0PnCOi=uLch@3QIZ+|1>V*Pw=?L6l|w|etn+4N@C?aG_jF9J3P~%p%uFhXitx-%%MHp*4NEmM&dSTo$}}y{E6wLxz2vCx1Gm$? zZ~e9je4D6aue-4^Yv$go_cXUYR46FBai?VIMlGEmPkx_ut6wMF*KxA$>cOwF2X2V! zy>JWG@lW@Vi%Cknm_D?k34uA1ZHpA z6MQXilD*i;0Kpk9--?A(lbpC@=W3gMv%R)He4-rlAGaq*?9O@>9hiN<`(D-uvyw*> zSBI|etF*eY%&~VJ`zP0W2D|;9>^Ukqp}(rq7anZznWPebv1PZ{;pI~==RM88@$K7e z`CH0Cee5Uh9!%W*GOl5k7jqM<>}tssmafyUG`)zrnv=G_L^n7zq=Lnx+;sN7zcXCt zKJ(P_{b{-B;*JEPisx-7(%P3Bnd^Jn{9wK8e&Fn6*Dn8bcA?Y18%p?A2GnQsOx*Br zB73si;xL~7Dynb%PUF`QZv%9l2DyzBU}y mTu`lXbCcXByZ%72me(sy9^6wtbl~qBj`ma2cD%T7!5jb#=I<5& diff --git a/secrets/forgejo/runners/token.age b/secrets/forgejo/runners/token.age index 77a80e3..ea25e52 100644 --- a/secrets/forgejo/runners/token.age +++ b/secrets/forgejo/runners/token.age @@ -1,19 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA g2fcL863aQ9Fyd46ou1tLRUyk+lgmaq2ebrHtsGS/2w -dnE1XFTUYBtF/JU5WKqt5hPC+uDGWS8kT/m3JBm1FqU --> ssh-ed25519 4PzZog DPgMcSEWU2eOVSEzznG/gRrkhJzhrZvFgJeI/nzjCVQ -STlzeXPR6YRa6iQQVOuYKTtvSRmG8u7Ne/WdWtSJd9k --> ssh-ed25519 dA0vRg 91a3/mO9Mc8z9UXzPAHwUA+sZSvveNWMXHdKiy76jlI -sOph7DsS4uQ9lDpGSJCxUP6zz6HDQ4CCXfa5XDHShpM --> ssh-ed25519 5Nd93w mP1uWGQiUgBPWHV6JuCif1CtR73z/nkiGEr+9WFmjDI -KGoT0BxUxlE9f2BPPnw10Tya2+SHfAigtSYTQwGFqlE --> ssh-ed25519 q8eJgg e84g2UFFvCR0WL87MISDVeGyqS+2WJwSWx9Ei1f11gc -PrlpA8SWBLskYxujLpOi/7yeUy6q0b71sFicHcS+otU --> ssh-ed25519 KVr8rw MEUHwxdpXsX5i5m7mcDLXK30Tmpznl18pE2U/ey3DVs -mCKEB6ZeZQRFUzaGqH8BVBNDbgHa1UocNxPjThciMh8 --> ssh-ed25519 fia1eQ 3fVdGpKBs3gsiHWQW0hj8Z7LzgvQ3CfR2d3zAczNzxQ -xqMW2BNyTyDCT2qew5VLVi22toQ/SUnx8L3xCpWKtQM --> ssh-ed25519 yvS9bw 8hv9OFOBacjS03cT73lluCDfbQa4U4YY0Mhb/fzXhCs -WoNTbQ72XUCtxxRjS+D7sBnShmmpoeQNvwqpNa1F7M0 ---- 1mryHIWXt0MNzqKgZlzikiIr8pfTWZxcwtZVvI0YSJY ->T%l殓;z䆝/Lb ssh-ed25519 V1pwNA WVFiA92ZgJeUK8nqIDSgJez/RmZBN8xa0hsQURIitBI +3U6oEXcOzR4IvLyqxoZ9EASxy/zrLneNfC6i3jA6k7k +-> ssh-ed25519 4PzZog KuCLxZN6OhSPX/4NAKgVEfRnFsjVVOlEglmZXTazHW4 +SZoxI6JqY502CCvf47UdOIR03zqUD3Wq1RgJrOS6ses +-> ssh-ed25519 dA0vRg 7x9LrBgnVx45VcEHcS8NUcoaHqzlhy9CtfQ3R2yAAn8 +anutykjHH0r8K7ZdcByyfU8GlJr216Tu0JO2oJwYtmU +-> ssh-ed25519 5Nd93w GzzqXHBA6reqmVRgnojBcwH7OUMDXBcb0w6dSvAx8QE +h0JK3Gy+22br72YJKEMHAsFKaRhqtaEyznUTlwnSJdM +-> ssh-ed25519 q8eJgg 5DHBi0TP4zOqk8gaCw6dXn/9jkDJwijOg6mgzPqQUDg +Ck4yt4Buy79RygyADtPWyqBHO2rJBSwIsnkJ6KuslCM +-> ssh-ed25519 KVr8rw FeDC2FfZRAWfLAxVov+bjIi/SvKcsQOFmAUtAFaKkjg +WP0WhV2ri61B90R0H+xj+Cx70um24CcmyXrwk55yb/4 +-> ssh-ed25519 fia1eQ dQUiH/S8DW7X8Y/Urug17Crzv/+khFdE3oKLvvmGOHE +0CaTFR6Ccb7kSl4GW4Iy5H95+unkMcchwy4f1RawYHg +-> ssh-ed25519 CqOTGQ oR76yJX7315RPp7LTZX5lmFHf35t5G5lybvpn9PZdw4 +7qgpY3pLW0ygHl2NsezmOfMRTh91ciZ0RyfSkJuzhjY +--- 8B1YHPeGspJhu+TnQ72FJKAkm+t8nIMVrbrBMTUMMpM +ϨZ +NFdx}{]'k/ jt>U$݄$j%XS-X@ج.ΛM ,qd" \ No newline at end of file diff --git a/secrets/gitlab/db_pw.age b/secrets/gitlab/db_pw.age index 5053de7b47217ae4f0c9bcc2c999c1a5f029acea..f555db74585773b75067d5756ce7394c124db773 100644 GIT binary patch delta 1024 zcmcc4ah+p=PQ8ARrE{p0X}YslmcCoCtC3}m8on1qW z3X?38)3kFeO;eN83%xx2yj;>;^8EZPOU<&3oQu=l977_xd_6t#D$+a>{d|1%i(M>@ zL;QWq0}@NU%RD{8f-=pFJwp6lLS2HwQbK(vpJf!U_YUw*EA;RSsz^_F5A*Xd^vpLd zDK>XDFi-UHbBXjV^zlte3(xUMHV?AkG70bqOD!OCw_s zH~nnwOtbLfknBkRlJK%1UoID~!17!}eQ!(uFoU2nuSg?j&)~$W)W8DsQlCWEfP;~3kG7}9`0~M-#0!qrt69Y}03iZvLQp?PW{UXgPeZ5_cEnULhDk_ai z>z(qwt8#*zBTTrGqmoKOBm4~Ai-O#PjogCFD#9wF!YZ6yvmFbwoXsta42_CI41CJ6 z5|h!bD~+mhGEP^>GYYIoHFtHgFb;DJ4|H^OF)&DT&2cKUNc2nbjVSjt@$)VY&G+>w z4UFV+OVbZ?PYSBfHt;j|DRfP?C@u@m@OO1IHF3`iE(^;Kb~ZJ3P7KKNigNYj($&>f z@Qko@^78Y`(spz7t}Jm6)=x|?@^nlL5Aky~D@`)?^i7ZOj&e=SbWC#OiguUV-JoIr z#jbW<>M?_Gn^@`8izPLmKQg&()0}QUmd8u!J1ZK+e4Z8PBx!)&!*e(Y*`lZ&-&TXX8awpAtr6Z^@c4_#(GMoaA};1$E?yj#w&wYb+YAn7asHZ| LVjFl_YQ6yg6Ubi^ delta 1024 zcmcc4ah+p=PJLB)iiMkHlzCyHyP1cjx3*`LK}dLnwnwo`PGN;%iMDG-wsW9|c9?~; zCzol8xxZIvMrcZSUSM!qPM({ow`-VxUSyz2WKnUNze%uBfsspPQc+4#GMBEMLUD11 zZfc5=si~o*f=NJCRDQZbZh5w2n7gNTRb`sDc0oj-nOmNzM|p*xNo0AJsZYLVZlZg6 zo@1tISVWcqmw}n3XOUrGxp%2YMR8P6nSr^br9p0nwr5FHhO3unxnaJ4RY|6qk-xF$ z#E;_PnV}VK{uO><;pzTP0mT+hCBX$rPC1n&hEd**F4_7{K2cF7&L(c!C1J%}1(rpQ zdEOOnIWEqrnN{uq1yzaKW}aCU>0XJc7E$H7MyUplet!BsjxO1g;~B-nolFaZa?D-a ztAbrijh*v-yhA4BV1RinDTyy}UAw41?X1 z-O6)4GCaylDzdy>okNn{%o4SIjV;qn!puA;pJf!U&x$m4F32-8OAIo#2oLaeGBYms z@y!l2D9<(w4RA>>P06z~HZ#*VG^=#ws)#T*FfDPeG&D9gDswEZ2rEw4_IC=j%r8iH zjdb+!Pd6-Zs;sJXOmQ_qj{)znB8#GOg<@CjLQmgvPs3azqulJ|in4moi1NfN?^HJ* zv+S_Y$~5y#!;s)$vyjN#e6Ca%vy$>$Hz)t}(3E0>GM7jX*U}W{wA@hVsEW)IkJM5Z zFXJe4%iz#l19a=sG7}9`0~I{8(_ErT6HNmGBLZ9s%c>mRa?ISlj0#;#yd#S8@q|3}Dk?mKT@1L)%PS)zBTa(S(>*LIN~3&|(!KJEj7vRp(;VIXN{#&73^NSNy}dHZ zvqRCXD~+mhGEP@8$V&Bg%n!{C%Zl*J4K^wdF>(s^3G&J@FAfRM4ahJJPbw)1_AJZI zO?Tuf zFfz=_FSYaxx3Dk?bq**kHB56VFpCHePOS6|a?8mIt#CD|Ov}%;$SLvU+Teb7&+2;@ zzMr-5jEcT`K>eGbxqD-W=p#$RqmOxinjbT&J)^bw62Btr>++Lsd1<>D5?deYY)ra* zV%-MI8!LVA{Wo92ivnt1Ea2|IHiOZ5p7 MtBkK7X3jVc0Q-<=O8@`> diff --git a/secrets/gitlab/ldap_pw.age b/secrets/gitlab/ldap_pw.age index 9998666e77223fcd96857a45e96963278592d1fc..be9b53aed6f104791bf92c3dfb62d178e7e7ca5e 100644 GIT binary patch delta 1023 zcmcb{agAewPJKmjfoX_;xOcv3hFfl>pNmCyUanbzS+ag*x<`6|Ye{K}e}-#Cx>1#L zK9`qKij$9al$&;`qf5TAad1>oNKR&YuD?NAS-5MIua99~WTlsZV{WNeK9{bYLUD11 zZfc5=si~o*f=NJCRDQaGvsZ|3Xt-s%MTS?tXJTGPm0M0$QJP0tT6RU4nSQBxczSU_ zL`amQiGNi-SCW@YQi)+jaJWx~YoSG0j$?R^d9jgMskU#LMZU4NiFRZ`RGN{KpI?sa z#E;_P5q<$)E;)G-#)hWad1cyZra8qG*(nyuA>L-%nQoazh503cWuc~76=C^YncgLZ zIRUQuCH_7o<{^n@hK1o~mL~d%Re=^E&S?QI#lc>o`Pv@ZW@Vm};~B-nT@3=9{UR#T zJ&MyDvy+32osEK%^2?I~10%dW4TB0ZvXWB*Dv~m@gK`bHf-W#BDqVy0!#$HD zT?(9vea)T2%OdhBTvD||ybJ>({Zf66%*~T0pJf!U_x6d<_s?;&&@cB+3Wz9mit=+e zG)qnj_KYYl^Kz*uuFNqANH0otHVw4k3UaE-jkGAvH1aDb(Kk#tw2VqEFn0|1u*`Qd zH?znJF*3_YbSW|_GdABBTLUjgB1NDeVwUt!bBcoe!y~!$jg8VxBg+hfee{cqigF6eob${x!V7Z>io6|5{LBN&oh!Bs zj4{$zX;hVyak_$gNRgjgWO{L7KuDC4S5{IT3M<^a&bkZuV-jhl6GoTVWF#2 zwgs10R#u^9c~*T{X_`S)VT4a*aayppOQ=z0mPb*!i;J;$x@k~lNoHzJO1TM_uCA^^ zazw6~Q>u2DQE_>dmw&KJhIUGpYlv@|Pgtr+QF?fOnpwKHt9fKzRb@VxAA`>l>GC|{?|r)Vjs4A}pxTAkir(*3 zy*-V~MEu3OA1w!hcS~G-{@Cu8g8Q=1LSKGu5R&A)FJ^jZpPt|hzY7s-QY?+KGo^Mm LDaHARpL+)YHJfXC delta 1023 zcmcb{agAewPQ9y9zQ3baQMqrDMW}Y5S(%e>en?lbicf)OQfWXzLB3CRAeXM4LUD11 zZfc5=si~o*f=NJCRDQaGX=zceaYS-uN>X5ocWGr}rCX?Rn0`vRg|k<=g?pJ(sb6_o zQj&pRR9Sj9mxoK0n`@YFR%Ky!P)UV{tAUGIaFnBKNVZEzk#lNsu1iH?xJyJ-VwQoy z#E;_PzR4~*sZn0~W;y0XWq#SoKJGbL`lha-X8I8&o=H)L1+Mz#2Kgo#&e_Rat{%zR z8JW2OP7#5X0cGa;i6K=HF21>r;mN+=3yiW0Djf^-qYBF` zgY&BN^MlQ^DznQh@-j>k^HS0xO+qU|(v1x!pJf!U4{%RU$qC7J^Nq}mFbFc$&rYl~ z^$o8u%L;NzE-BYe3M?$%%aTHEZ=(lpmKlxGS|HD z;0W(L7yn!Xg96V$#}co+NUkC$kMb;cw_-0dNA28f)8fPe_lz>%ERS-_@JR2_;*4-7 zeJ`H~zr>()S9I&rG7}9`0~J!-{akaiOWiF)jf?U^EBtd@0#dRvBYm_}N~!`pgF{j* z>dide!&9}rvMjjr%={8Pogz&lT~d5pqs$V`-3>epd?Nz`vUAM+%PO*+e9K)@t4#d@ zlG4$wD~+mhGEP^h3=7G~t%wZs&Gof3H;s%it;h>=b22qAET{~rh$!)JF7(K7wv05$ zH%R8H%=h(<$WE?z^-eT)cXshNF|l+GHB0w5Nhv7S_VvoQ2oFg$t|&`N4J$X`($&>f zC=SZZE-&!VFDNlfuL{cca5S~d%8bhKDhmnI&ouQ))sJvY3=dB$$@KT-sywsa@OS&X zgtmlKrzuMJf30$I)KcfDJhuIuVeS=g?$-)$CtVjPmu=nYSZ4jSP^aH(g=nC8P~v3Y zD^>fq7yjN>ePxR6@#QsT#X|F5JW%@LdsVTqrnASt`SH~!yv6r#W>1*1?Cn3TM9W1C z-l1s^etzz)v2&`l)^YmuRZ?!|Og0V$|C_a^51gHp`EZiqb@zEItg2nan}1B6 ssh-ed25519 V1pwNA Og+Yx3IddAIK5EXVRkGkGQo1uLTbHIe0PqOsbc8Zhhc -8cRXulCpUe0g0d9g+1Rco3KSDv9SsnZIPZpCURJLhjM --> ssh-ed25519 4PzZog 2QPPJ1aHcSGwDAEsZDoul0i7gNhrDUiTnTMZDIkZY28 -q6/hLB31d6bZBb1cyMFns5DZA1w/cWOnAfOCnSD4+w4 --> ssh-ed25519 dA0vRg q3E6IEJnhmyBspbZZkN0AzULmhosvo+3DfskLI8SoiQ -9zzEGaEQA4244oT9M7gSf+x9JR4tpRyigrUm6VtjZw8 --> ssh-ed25519 5Nd93w k+YFpnrg3PelZb6VkWU3jNIRbcdVefDulVcB97Ty50A -H9oIXUHfQmBOyrUwCD4wecdieZ9r68BKll5LiSq8gpI --> ssh-ed25519 q8eJgg YuI+KWmKVOb7nAxYfBcDpw8w3yAzr4zbJx9XmAosbyM -ulG7By5LTkTwRsizDy9Dvbo0Aq9hvkR7OYg0k7x3c+4 --> ssh-ed25519 KVr8rw 9rGKrg4728MIyCTvpZujfb6MerMvWAcceEVJqkrhjgI -XwEylc2XK6IbPKa1KbnmRpxOBocaJA3u8GP75ZtDkDc --> ssh-ed25519 fia1eQ 304jqcYsqS0Zv1bPBVryRtUev8LNy02Zh8X+6QiV1C0 -LoUFCs4oRgcUU9BIImEBY4YPa7IR16b3uU2a3fUv+nM --> ssh-ed25519 uZzB3g 6ChChOsFGTpa8ndrvfx5SEBHJJxSPyy3GDmBMwABcXw -c+p3NG8gHiekqiiVesAtXSInzd4PIQDsHEsnTnDcmDo ---- hOqrvD4RR5WmtwXSZvjH2Xs14ymC0hECQIXA1vaDb54 - 2P[c͍ v[Տ_aFy\PҷB;urpPk_E @d8%cGJm2E -L\ .-jqO;0Z;p`(M~W1W] ssh-ed25519 V1pwNA rITnhjccFQTSCG3yY1gfUd3RFPtymz2PBBPafKqDgzk +14U+liTyDY/cPPDPLqtDzzB8VEOjT1OiQHW7ZsdqTwQ +-> ssh-ed25519 4PzZog vQpDvof5krUhHTT3QVXpRoBglQ4xZsUVobDmmZFcsVs +/wGu8wiBV+zIP9aTDydg9B8mXwk9mhu64pHkOPlL/e8 +-> ssh-ed25519 dA0vRg 7PnZ7JoatOi//MWTodmrzjfJJzauh4kUO6ErGpN5rBk +p8cXhiS7odlvzarQiqnrvll/RnECkZ0jPnMjuA8vgAM +-> ssh-ed25519 5Nd93w J5vVy6L4UjYswx0g3xVK3WVU6nwaLZwcQuTRoYJAsSA +qzmRfEMcZI8P40fER+V6KfxVJXxttQpbAjChNk0k4gU +-> ssh-ed25519 q8eJgg G1iqzNqpPeyIlOt8CelGhgC7Y09+c3W0LLoVl49vzE0 +7Pao8KniI7QJdnMw/q0fMQrjInF0CTbfnCSL9FLJrjY +-> ssh-ed25519 KVr8rw FMvso907mXDbRRv1LGmrRJIo9BMQz5Swzv1ZHjh0j1o +RrqdTZsEpnWgkGvGNprnk963KMx/ShhSdvK5VOe/xNI +-> ssh-ed25519 fia1eQ 2tppsKE/FfdgBN74214/etyJhnzNSBtxWvP+OHaY3xw +feXjn9T46anxhofgwQXTn3Bj9usC9/f48I7irrtfTZE +-> ssh-ed25519 uZzB3g 1JNZJ2MOAeOgPH+jWjNf9qi5ncEaXczIMkr54vnHITE +/IWEATVkAioRB7DFiEZp7QiD3tRAX6WcyFVEZT82snM +--- lgmy+3gc+bFhK9OPeSHJWPnjjbZgZ1GHjBGz4q+fRa4 +.~68@|5m"ҟ NN`dÍx=:ІN%0;DƬ18ti fÛ==j]qҨ"!} Ivϗ?"pam\i!w~,{DKVQ#UdSjKW \ No newline at end of file diff --git a/secrets/gitlab/runners/runner01.age b/secrets/gitlab/runners/runner01.age index 6bd12523bb46997f584b75b1ffb094a9f6ab010d..d94ee8f122326dc3590239772b08c0b5898ea0fd 100644 GIT binary patch delta 978 zcmZ3a+Z;)pSPc3eyB@iaZ03jZj@y}aaD*}SY=*Td6AcEnVUyZN=AC< z#E;_P8LnpK#^q)vfhmcO89AnfiQ0xHVMR$r#YrKl`MG|1p1B5T!2u~{Il0MP1x8-w z8DZrfi9R7!K9&(-;o9Dg5e1RCNp6;THOnlmEY!A)axU<5_4W2KGsGR=xIOZ3b(%=GcCD38i7 z3q-fhxzInvJy4;tqTH!0D%UsE%Q!GAA}HJ6z&Fj$C_OkcCDJ*) z#DFUx-NM_T(!5^VD>U7&D$^i2AT`n4FWuX)Fw{)nB|S5(yxc4@vPwHGz1W0HS65e| z)HA~+*dV>!*H=5R%*oBoImOE|$k(ep!aXV1qcGP$!@x2uB`+}C#XpES`HUs=>pW6obxah$c^*4gJTv#P<0ZKh?v1M+ ze3$#1e(H1GDgFbwfy*QxGzE0pvfV!LFyOWH#7!TfLf7uR_+E2G)60Vm+M1q)>x~mG PU3+oO=vbx^!_rIu@*!9I delta 978 zcmZ3v{M_}6Q!~>|%%c3G(%mx>L$VSLqLQ@(tFqEEwIc$#+{~lWT|EM-%#s2M(^HBv z{7l1gi%c_1QvLjlveQGIe2ui7+>8B+{3D7dpJf!UH>xm6EYOc~&+v1}&v()eGtINi zFm@>m3Qe~RjZ8K!E3V3j@D48t)pv5_^3*pl^Gzvq3@r2H z)5y>;=VE;yQ|;W83hgY{P_Do-gN&fU(2(59Ov8+bye#h|&r}mjlZujzO6LO8ATwu= ztO~y(g8;XrNObGcG7}9`0~IU{vdy)V469NdJqjw^!}W~|BTa*XeY{*Og3aAc!VN7= z>%CLUk^@6i4I{aHjKd;a${qbny}iSVa-E9x{hdA2ip{FL3NkIzN=z#&64RXYopS?| zqAbv@t1Jt)Oe$9h45`vCvhYsI%C1Zf_0A4S337}ycCPeD%ndcJ$jk`|&T$wMf zFe^2TaEvf7HMP`EE=~2$GR-lqFb*s)bg48h2{AMX4o$W+3N!REbqmYpI^3cX)xY?J zrjSrhHh;h=-S7+Rrf{jA%G6%={?oqD9xIbK2P_Q_=l{OX>{*?f*!E&Qi_f~Q(B8R! z-tK8W^6$oDO_$Ogwz{7?k38$!_~6madxD;o2bu3F?fEA1Z&s`Cwy%?26`nD^&)>&U PpXl|9-HrK;W%eHc8`)7* diff --git a/secrets/gitlab/runners/runner02.age b/secrets/gitlab/runners/runner02.age index 6bbf420a39d42a269a206a3d421512412a2234e7..49f3dfece2722b93ea0ca41a3d79e32c2dac5b1b 100644 GIT binary patch delta 978 zcmZ3L~e*lfumD-R9I-Xr?ZoXE0?aFLUD11 zZfc5=si~o*f=NJCRDQaGv7wu>yK!M!u2W^AUxYzOkeiu*qGL&gUv`F9Xi=heUXpp4 zL3*iAZi+!Rmw{!KWtDe;yFqE5QBX-%SX6p)ltE5dct}ceqElv6WM!2}VX3cok$alw z#E;_P6-ikEMuz4Ajv+-(A!U)3?rzz^0g*x4u7ye7zTwV^dA=TzdD-PvLGC78rf$Vv zhUVq@?g18+72eJTnQ0~_k@^PZMcH}2RergJg?Xmh6%mep?p5WJ;~B-nvy8)yLJN{i zLo$t%&5cTe!px%z5(_c{{S95bBFb_jO#{+1Je|FY3ynRwLQJb%EBy=8(|l8tT#Bob z!>S4j40Ce)(u-W2(u#9E%AAYbEwl~Xiz_21pJf!U_jHPiFpn~{%#Jk8&rJ7l3@$Hp zEGP+&a4gAna!pK4arHNGO7c$3Fm|`#DlzfM@HTKWDY7)G%5W>HEGW(__Vi7v@=Q&% zF!IVOPBBX?@o=_u&n^f>j{)znB8#GOh42z{cay~2pb*o1<0PXpH_v)YmvE!ffN;N1 zS7TSd^eT&r5|8x!{0uX;3dy^pl;l9SyjGvW&9A!}Edze6_PZP0h;k!_w0nOf z@G8smO4UwDE%bFYk4g!OayBqbObWr4N=Gk^F$S#&u)+Hj{TyT=#zt?{i}eg*7#=NtBb^JTydB~PxyMKbpcqC47u*hz}c zV~DxdEaAIjrrP;cr|g!iXt=vXvn)FKgrR;?R=wx7xX#68-yfwY9}C?xd+|<-r#b8P PKF(@zy1$&6`%?e_{@PLc delta 978 zcmZ3zl&c~ZiIK9BbTn7LUD11 zZfc5=si~o*f=NJCRDQZbiFvMfKz3TDiBC{cp_{(9iCdzXUsz^QVQ^Mbs85zxaENPu zQL1C6cTT!1S3qKlt4CExx<_VqhObdngtM`KL~2NOW>IN&zKK_2ns?^=9U$%sX_W-z9#7fWljdJrrM4v!J#>!1{LLb=2-^m;Q`wD=8oB1;m%G0 zVdajd1yO+|=@mu3#`-?yk)~c@<$hrnj@nrUZaFzsRTahV+NJ4};~B-niwuIDv-Qi1 zLPGM)JR;JIJdI7AgQ`+fN=-b|LM%e_b1lkzGo4Gbqk{6eGL5ngQvC{2JdL7EQ=^i? zT(it0T-~xgvwYID3p_l^+&psK&74D%Dk4KCpJf!U_j3&>H_bK7bMi>aOUVm%^RLX# zw8*ve4@-B$px6fgcHkf?V#ot@erbPAfrCiqBA5&9!Cd_VeR$1CLhDa QWR7u!gvZGTzWeY900&f1O8@`> diff --git a/secrets/gitlab/secrets_db.age b/secrets/gitlab/secrets_db.age index 6064f30f5f682428c7b77643adf1220bbdc366b6..dbfb4eb1bd160bb427f0980b618360ecc054e4bd 100644 GIT binary patch delta 1024 zcmcc4ah+p=PJN-1wr{y%q@{CeZj@tySyE_na*<_Knq^`}PMD=jXrW7Fk!7ZHzL#O9 zBbQ}Gnzvh$flF#)c79oji&2@EM@4{1iKSa=T2y72lZlysfw{YvZ)&zdK9{bYLUD11 zZfc5=si~o*f=NJCRDQaGxl@&8kU?N>WR|;UR6%l5l$(=(P-bveqOqe%lu>zLdT2^y zj$2ZNM@pqHS7D){OJ=IGpQn3zVW3f>mwuIDK&pqkc4mQ(QFdizRAEqViK%v~UuCK1 z#E;_P##J7PrjAwVr4fz=VV)_5d7;J0X%XoLhAAe#6;+;z#@eA~j=A0`$?1Vyo@tgD z#xB|6uEmw%$)?5Tg(gXknFZQD?(WXHenut+5tiu{mEM_N=>`^);~B-n-2)2qi~>@E z+>6XZk}bTeB3%;Q_05aDL)=|F4Bd?UeB8|SeTzIIGAj+Z+=D!F4NCK~{mU~G4FW4% z^;4>H93w*v(vq}|%?vC93|(?ljH*KYihW%tpJf!U53cekDNN5z_e(L$b}dgS3^xtS zP4o_n3`oh%bPmnUb~?lI+M5<3KZ? zbp6CoKg-afbad;|G7}9`0~O4*o&BRiGfLCV{Y@&IBm9z#yo;0a4FeZ1yx%q#PYG7PwkEu#v(Dl$Amk_xo5gM2I_^MVTWJ$+q+T-=Q+^g|7+vb>VY3bRX% z4PDW#D~+mhGEP@03D8e;$_z5fF-*#Jas z%1-7=iV8RK_l~UB_9!t=_HlOB&oIr;uL=w>$hOQe$nc8r%PlqW$|!L1@JqJf($&>f zFp4Nj&hbk1NY1b@E49e>$VxBuEORvQb2d#+Dz7j~a`!Is&B;mg_DhZAn#Sp7oN3CP zQTa~fRTt;#mj6GN6!)#Da4wKo^tY~cxt_y58|z9N=CU(t<$2flr6?Kwddi?Gq8@UN z*KFxMiTNLd@6Y-tV{TC^IOh%jt4qInc-zP{QLcw!a+pO}rD1MX zGFMQgVW6XVWR6p)eu-&bT7IT!v4y90d8MI8NT_j9n4_Cxky%k_Vp3#5I+w1ULUD11 zZfc5=si~o*f=NJCRDQaGnR$+pf2Oy&tDl#)M{!tDgj=wSb5N>zM7n3Heu|q*mbP!P zeo(G*% z#E;_P89^TDmJtT-NtQ+-k;Rebsh&}O0aYc2E>VG*-X58S{soC1-llop0Zx%zg$1T5 zuD%6j#^D8SdBLg0DF%*3g_eolE_uEcDf!yvE)khVX^#4#`j**~;~B-n6U&_{T`FB2 zi^2=dO>>eX^^Hr*ay)a~D=dtY@`LljeS8DMlLLY)ORGY;oK1Wzy+h2L@-4HI4V}FF zjhxbhs@$Cey-fm2irpg8v(wW3O~U*Q!YzF#pJf!UH}-PO4fT)oaY^@a&Tw-|O!1CL zOLdD3c8m-!O3cix3Me-*itw+>bP6rz@-A}>DfZ9KEl4*AGAPZ>FV8eGjtWY43<-@a z4)rw&_ALz6_74d#Pw^>7j{)znB8#GO1!u<$ZO2@bJQttBRQI%~l<@k<^uVN0|A?Xt zgP@=k=hT7<=cE$9!u+Tl1Fq7D(qPAu3ZwjD|A^q=;JnDH(uhRAaLb&sd~e^t^5mfO z@?sOe0E6r*4C~S|6Ae=X75oB=(}PS)P24@JoI>5aO4G7k+){!w)1v&1l0q{|Lw$Yg zD@xLXd@>E(%DJ+#{T*GMo!yH;GXB>mR%Z=S>@;%>ZR`+;U4alU1H`G7~*2; z=E)VDoE8~Xl~!*OYUpZcU|Lq_7Wf@gv6yT~I9#UDAn--Phl9gXvVid}Ct+mKUp{wYK z>-6pX;jRDo%RSpWM=?Z3?svX6zxSw_E6=uEA0xNsc~t(TSP^LXQ8Q)QGtG7iMzH_MwUykCzr0BLUD11 zZfc5=si~o*f=NJCRDQZbrM^jIM0jDEbFzMwVPRypqnn?vhrX+KsAG9 zd48%%k(rSzSEf@)V0oHRxQS7ARlZ}0p-E~*PI;DFx`~-~azIIFeq@H5Sy^Ucnz2FP z#E;@(`o<=OJ|U6b`K49C?k>dzhM@tOe%bD2NiM||DLJVoM&{v3hC!A=Q3mN;fq{la zexYf8o<`2vo*tfVfv!anW~mvzSwS9El|cc)mJufUk^YI9hAxxi7$w3ps?tNM{FAdR zvOL@pOC!9Ee2Uy7b1U*3gY!~K{3?B%(@Ncw^z$ssT#~tbGF&Pv3Q`<>lEaP7%rh)P z69cleeVlw!eO%q5GQ7+K{hcZT-Sb?+JuN1mWfZT^GxyIbH8Kk}HuN_2%=8S;2{jHi z@wSX|sY=St$_*;WGAuL5Pj#}ajL7G5OK}bJGKw${Ow1@u%{4RgFAw#NN-XrY^!6ys zam)Ae4a^O!C<$_^D$7QX0PnCOi=uLcqO8KSqV)7M_wW#tEbU;wr261019Q*P03$D> z#0n4BNRz6}(DZ_^s8aVxt{i>8+;r_6M-w+!C+%=AmmE(Em((Ix-?EJC6f?uXz+#_> zT<72_qX?HkbnDVG6Ae=X6+Ar5EzP1VLY;HGOiEqcT|&z9EWHw|+^bT`)6$Df(#+iI zP1E$fGkhEkv$;Y;1FPJ;gNw3KN)6q;oPr}#Ba%IGEKACgOTx3v3nGg1gA0A!&D~3U z^3km;jjD1oPFDywG;)kINcA)*H+N1pads=p@=YlZNDg;53d#)(vGnpTtxQiU@XD&n z4dpTmEAq_s^RD-=GH`azFw%C*EDVY&4|nzoa`(&jN%tx94%YW^OZHE9bjs(_)zwu< z^au-b^D4D)cP|L`@b)b#$;oy}N()N$E-MHzaxqBDG%+Kd<*`uI0xu(P6)6_Jtq4}zIL`t z-*QW{?ATN-$IE4UO?LGknXj?R|5K87pUL{=%Gze{gE`+`UXv`;KfkOj_G9AC)IIOK zkA2@hRpd|@JUY~MejP(BVXQ| za~Hh~JH2wTPo342FIRHUm%d|r8P3;Z?-0GWkL~e8HRZ~*-IHFWJX^hIK3jdx``bs? z=WcWj^Ar4a_3eeZKjwYi{OIx&e%)j1o=vk@xI0}!=6yly?JF%!?9mIKT{cdQ7 z$Cv#Vm45bFU)lFYx+k{0_7BI)cPHa^uKaSNSBk|m>83Wbp~gl-oy%LK4QI}jlFWK@ z;JBxVANM))jF+iyS9o2Lt&jF@(PEqVU}61M$+bD^&o)Kb9+;@i`|8gU&KasVt=5z$ zUdi%Nb||uWd4Rv=|J#*pQy%xuGk(p(D6f&w|L$L{_4(s@Wi|gJN=|KWxf77Ee9^OB zk=uua7wE`5(0=8UH+gIP6gB_*@Bhe7-?cDKkX1Y7s%Y!yi(L^Pd){=52FLH-n(XAE zccX+eq5fY`-`r^rTg{@Ey2=;|)osgUOc(qd|4;1uGNmb6NfoCm9#nYf3vABZRI#-o zS7ybUt>-T~K5@C1Jb8z$gLBS@iXA0~MN`)*1x>#o_F+=LyW@oM&+^Cr zY;GC6lSwmOKP}QcMcH%5j^pan934W{N>?uZcXT<6$HBkv>lMrPweMMYO>^GT-)Vu` z3asj@rs+IwcETd9;b)Pv;+B?rpt7c{gq8(Zn2mbVWTQvbo=POvg&QDwn;+P+qi76 zu4wtTYnN7MyRd)brr-6g>)W$}ZNHf`Z?{_ET;uq6p}p_yzlqv+g^pf$F^8A+@GAY1 z7B2S1^V^Sf$tu77!}oFXl7J1qyq)HAPL#0u)o!)WI_mvS+H-^QPtJ2k821Qn)jD)7 z?y0gbzs|`A2Q>HCOc#19>@(4IU*F=p982%C8|9suDcL^%tB1wM!awDvUG?gI(H9*1 z4IB@zI`;lX7JqH;nuj_Y_b?vdHt7#+dvbB}#m0`Z?Z>D6S8rO$GGlH0>S@)@P7UiH z%&qu+urmHo>6`#pE*pWghbk8iGQSP`yfe*vPW;-P%4@y}uI(&fZqfIA#JOJf@H>H^ z>%Oera;tDG&=6qc7HkGYSOlY#P?1JiDZ}>v1 zKQH*X?ERW)+HpJFI%_5eAD(^uE$_lQEmQqgza`CI-aIPl<<{xSyv=&{qx&_xvi+w7 z_!CqbTaz~a{aY^c`I_6rSBujvA~WJb{1)Eg_);(NL}{_q+-LTCHhkN1KWYnlG4ZwM=| zX0=P$^)<&&KI&>vo%rPQi;lKF3SP-Q>3ynTa^|h72~9VmKGc=i*N5GitYT>L+Y(PV?`|pS{eN<5J+(u<1qjE;LVEYFIudANO;PtI*;!fkpfTWOn8>_&SKx<45g)6u9_K_xNl}je_g__l75Nfq>t_d zuG@TC({5?3Irc8%ugcuJjGGd*)hs!7I`M9;QaB)5_t)T+?GwTCo!h?o)qi-Iq?5Re z^;pc;Gi$rjugzjfO4-mKC^kWBznV<+Y7NH@w%D~B=FYS2J5`wSE5{Pyz8%#%8(MFy)5^+~S@`j;@rA4-M^_zxwj*7qZKB7*=`zOtTMxXCk^i8f vc3thmmkH8BtXcDeqLq4%Ke&=udhxTK;N=MBEv|o)_8011s$Z$z<8%}NY{q$M delta 2585 zcmaDN@3d4yY)eqMS?cwtnbccf)OX+>C;qhpn$sY__& z#E;@(&K3HWA$f*rnJ!8Gks*GmF2!crxn%~Geiac#sRiy{CV{58-VtU#$u6N>&aT0k z`u^!rrg{24>Ar?hfnIs8k!2B;K~Y`>t{#rg#r~!Ge#P#VMX8hH7$w33GF|f%J+wph zP5hJGlH5Yv-7QPJ3o<+_lY@OTyi>DWBC?7sOVTRK+%34u%w1dxw8N81%d`9fOj3ix zLrgLq&5iSNQcCjjD+9C4y$Z@BQnK>B9MdPCWfZT^2r2dU&P?`AFV;42%+#;&2n_JF z$Z`+T4|gst^)xiAa`Es9b194P&dKIVHFI@Jam)ADj|z$k2ywQs3=7pR&QC3J3NuM7 z@eN5X$xZS!%}Q~0_rQn%@310^qH=`*%c{`I5I>KkD3c_=aF@!IdZ(&D%W^|c)399q zobZ4=lM1gYQ`a2Nv_Ma;;;JmmOtUf6x0cTcT1 zEYFS#46e+u;7ZmH4l@WfPV}uT%y#tj3eQRkNOLs~H_Z(&EU}0(NH?zx^>sHdDh-M( zN4Ksts>;bYUBM~OEIBzU)YsQEHP7ABH!{pTFU7bxIiozu%_1?-)z8m0D!-sI%HJ_K zkjpj7vns^Mtlq#gpv==L$verZDAc6f+cnMCH`Kf^B|9@e)IZa?%Gbgv$AC*$S63k@ zGo{SDD#bg%KT^BO&$QIct*S6B&C#bSKhewEu{<%Z+^UqqrSXCB{#5EH@&X( zwD0xjw+zZ|y~z~4YnFCBMAhoyjCY2gGac;@CY`8~JJVYtm$#vEV~di&BOz-AW2HCQ zGa^MfRZX1cRkDaqTR-ib{BxIGmTu3;xhE<6@9wu(R~Ko-?RfhxLvume z-hZdRyj>ZvKl_U7ldtR6eN}v6=J#qLD_?l``QWN$g8NpzsI|HMWZjpPIQd-vgdG=W ztxWB5)?;5K@L`=!n$P{KddFl!oM$tv(mFefec{TA55_u<@oDbgYEuiWm)8GJ?*3aI zDlD-}w%Fy-rzo?%Dus-B(U&&2&s%ax?wR(?8G?M_TRjVx{5d{#mxcWiMyJLjvPKVA z7ZpgCyw4K6d?NVc2dVh=%8xr{B+Si-UH^i^t6lMz*`XOJ_m>v>vHtqA>G@5Kz_*4| zHe5TscExMUMRE_0t-F3_aokC>xM?Z1jP-dcjqe{ED~pSKc5}}Wb)MMN{b%-yr*SPf z^{V*r+sS{=ANOvl&06wxi{eyeSNU~5^P+!$TC-BKX~&gSF4>Rf9=JZGEG+o@uh2Xv zq01c4rk!M46=Q6ZB0jCP;91P<0@uGk-e_+1{rYY~II|$biXWNscO)BA)(Cs#ytyFn zk(@Tuyk1Oa|8novM?0H}ZWSpljz1e=6n)}^N9(VPm6oqdX1d&)(iha8vFY%)``eei z4DV$SE`OiyY?S0<*r~pCjoxg#J8ma9*38-}VY;B*QvJq_zw#kj*WbTd6sDPS=k&QQ zfe4$Y`g?r2@0E**R(6a?>)I2+JVZZWR*^0&Yg-%D*t0+eNeA*S2y*9<`-_4$P z(eo0g)oPm^XkRj4W(KG1evRALxPNpWx2XwJWwMrg+bxrGZE~%_%jJ9O8Y4Xld}ca^ ztw?BeT4-{<{hfl$i%mh!d26&LF57&+yR&+dU58^&c0XJcw!*E;lFiw1a>6bLwKG}Q^ICpXZkxoj zJo%(#rgw7E?7~yYrjmtu7hka(@lF2NRD8d9^(p0b`Wj`24@n)J{V|{IQoCE>tjID~ z-#f0AO)7h9j3zufwfsblhC0`RIlI>;%u96gvUP0Qa^~{COL9f8WnR}<)yMK_=v64a z+oIl{V0Sbryg=)Cz{_RANrK9ZiW6A3aV^<-yie6{*PCCLUq8D#|9pSe9NH&&X*@FdYwCe^PMe$%lAHxll!u( zp1n3Q(PqI^&ip|3d+{}_tk)RTuYdJeyY1!KJ_+$(kyEV#=N6n?W@~TQCY0fMd}8#2 zg*Nr)&$MUtr(OKMds!&cmrJwOE9<(&9QB$R(fnz;+UDsjs%3_U-sLdJ9o=GFHQ8~I zpilDu$geII+Oh49GllpK>N9s}Tgq$=ke)UD(2mLM@@7hx{eL z$1%D08$*Prt97&l|ZdmE?+w10;zzLDc@+vbUZpVEs+;sVBINyrT ztk?grh>K}G@$0TwWws}f2B*fe1bA=DN0Mrc4bGz{a35m#paa<<^ski#7=YI|Pk=H)rAd3t%n{`EnY%Jodwvos7g^ts<) zEL=HxYK~)|MwIU29Gl5aCs@y2ys5RfeeJI%ajUgQV>xOpZmpI(WuVQmM(Cu}VqH5| zk@DM9rJP-r?wCIgxhquiOMlLltoCDlZT^;xsRivp?7XTvUZf0xqel!M`~iA z372P7Nm!<(TZEI3OJ;CzWkzn9wrg@_cxrZXo_4BtL9mHQNrq#kS%_IdF_*5LLUD11 zZfc5=si~o*f=NJCRDQaGMV@Jvwy%+~Pq=}zi*aF5iCcPzVNObAfRA%>W}%6vpFwVb zfs>`HX_8|yS7DZ~VQxs6S8{4unpswkN2RuYUUqg^Zh)CrM5ud3fPT7vWT{uNiFRcA z#E;_P`C&ns?xChtd8Q>Le(7#5>52Z~fmKP)2KmYQmbn$-+BsG3-sLXddG01$&Vfal zepO~+9wi}VUWwYCrY42?ZceGmRR#f3S*ac&nWcHbog9ta zLW3+rT|&LW0*k96oD0mt4Xb>;a?9Mp%nS;P(sDdaGO``H5<`-*{8REhg9BWmax=}m z4U1iiic3r~BV00!{KJ9@Q__vKwM(+{d`*%kpJf!U4>a|yD)zN7&kZXyEOfPW$|wwp zEQ-uD4)k-Zuq?_?@+t|-FxIY2HVO6Q3N8w>2n_c%4)HPzaC3?bPcIJk@pbd{^{gll z*EWtUxAe@*@K5&hHx7+Nj{)znB8#GOh05~C;G*I%(=7e6G$T)o?6CTrg33IToWSC8 zv%I9Rz)Byt$WY^QLwD1RKrVMbL%%|8A2S1wqEz3MqQLy($g+saBv03*f+&w-m+aEg z%Fy6&Pv6{BS9I&rG7}9`0~HEPtHM(9GD4H8j15g4wVg{$^D6u-Ljo<`4ZSVA3p`xB z>I(uZ{VEEKLmaunLrjf4(tHAQBg*q56VpsQvMcn{f=vBW%~A~uGeSH})AP$xQuQ-U zy|U4*D~+mhGEP@;^D{9v_el0k4)D&cstiwe@eB4eH&53tDJU$D2sVq z&xzzR_baJL&abF<3re!c3ot0~4KPa7PV&)C_ALmE@JKJO2rQ_oFp9_u&dv1X($&>f zD2d1|^R6s14AnOADmCzna(B|tHH}KMh^nmeFtuuA6&$UQvceX?e0`dWE@{M^RQ{VP#}lWvXRzhLg6ttEFr4 z#E;_PVFAXaQGULG!TN6chUsPb?p21K&Ov2)LD>PtVg6;>COP?$f%zHX#UABcm6^dt zB_0_S9_fB%5xHRz6`m$0Aprq-+WJ{JWtkZP9(no3p}u9QX71UO;~B-n4YbWujE#I# zjms-@&7&-m3oC=l3%yGUOw2rd%w7C~&5SMb-Lfnq%R)`K%FHsfORBt6k~8xH%JO`2 zOT7b4O}sLk%yKQ=i;X?aas&KI%px+wOEWDdpJf!UFYtGcEJ+ME5ArlL@pASw4sgzo zOw~3`s)|Sr$}Fk$^DNBM_jU94j0pDR%FW2D@D8`g&&{{U&WWf>b1x65iu7_SGRb$e z4EOOU4Nf&nN;P)Q2e|_+2E4Q;siMrVG)dnzJS5!R%fi(&Eh^MsyTHt; z-qBS*U)wFk*_F%CEF!WZIm^hTEG64QJHSOhGcPL8z`(*U+0j*B-zYNEHPR{3-QBb@ z$^hNE(x@sY<8*~01BTXv*M6K zM+2^W1MP~+9Pj#U$2?EJsx+@Cb7PaT6m#?ND8rH*<4A+z5KsSLS4(rhBvVH&U0q#; zibC&-B{BBw}KOD7i-m$WKZZTGygLMLaBJl{yJT7Ju!;(KR* zoK#{cuG{9-`Mkv7LiW)+58fp_zy8^?oa0aY47p>AGM9-(maX_VC#8B1)4F~)uWX~z zrx&iW%;xO7C)dXtCjDGsuiC)_pX2YI+jc|ez{T%(^VH_=t-I7cb#fm!qo(3kR-W1o zr*g8jwzU{&t-F3x+qqOIzd6-N*7*zbw|%t{A7=QiQsTIExZJZM{$U=NqKoxU}AbeW@cuhc448ZS$So- zBbTFTc3!Ecep#TCuTgkZRCutrn|?s1OPG69RavEXKvL_SbAdrsQbDCp zL0NE8m``3dS7m{>pI51GaJrj$SVdTvV^OfNcW$^@j+>XKOG=(=k)dyuTUKafQjTx& z#E;_PxmkuTHS-I}{;Q=@5 zqa6M7Jsk^uQhZ8-3v!AB-GUuMwNo4oQ=BKCVU(yZ@ysjpj_^$hPW8?8%W_IDD$WT? z3HL7xPR&bAam&{(^~`ZEN%K#SbaLb>$PG)02rLiu_c1c9O4j#Dwg`v}%kv71N;LHJ zEcZ4kuJUm=a`bUAF?B?b0PnCOi=uJ`H|>fdzrc|2EYILjf8(^g$a-^UgAA_-@6rMj zH#cwJBBR1`i{PLFm&8m*u8gX@0K>eDNY8B3oQTY_LVy3rh?Jnx4DqS(~2|vg99srGm0JcOG^xWj0;PgJxz05%aZi74AM;ub9|G7Jk4A) zP0+0?jjD1oPFEaF|PC|cS>=I^ffEZEAsI%D7VaZ@hmFxDECZvi74j!RDG4*#OCVn zj=xqZs{dk4Yqu(_+FhygOW1om&w=0Re~Ob^4=J!HWPN8T`?Kt2ZMF2Z*mhs;xbm{+ z+{N!cYbf8@yf^Y#8sm)fYugvG`plJMT7K@M@{|>c*Y z8RnK|j_FAOVZq)($)(;^mLX;4MiKepX(h(Krf!7+5fzCUCAry?;~B-na-1WoD#I)s zjg#Dbs)D?us@xpYvh*!X(z84ZOhQ~7vn&#Q^qrFn%MH@GB23FH-ID?%!V0pg4Be_6 zi;NR<%Upa-f(yz+Ew#N8&5BHmf-^z{obHO`8v(l>T-k4WZ9aR~{_56lS<_4e`3NiHlfFZ9+AiYU%6Es65< z@hwe{tV;KDFAT}|$aO`J0PnCOi=uLcQor2F;y}NU07GMoAXjJ8y!u4vbZrB-9A8Us zqwLVCB7cM6@Z2=RG@p!eF5j#Wm;Au;08bP1qVybnW8?Djp!5)9SJ%{1*U(5K?ZU7$ zlL*rSf6wG{bnDVG6Ae=X6+-=t3LH%=GW?VEBTId~3`#8u4YMO%@&faWT>L@{OtT~E zEkb?sebTZ#Jh{>$N+K=1y^B-JObP?i!Xlh~gNsbeOI@AJj6Dkr49rUsy*(q+!rlFh zv(c?9jjD1oPFKi|2s5g*H1P>G@=H(22o7>CN-Zx)bIU3-PPNE23-b&MFUzth@=8yt zbmU454$mxe(ykBi2#NI94=gY*wx~4n3^eh}HZ@81$Sm^7$;^ogt&B=@3QgzI)zwv~ z$Vkc#b}aD7a?Wz{v@ACF3yAc~Pc89^bPaa$@Cq&S$#Kecb;)oKDlyNfX@ J8@E_2GXP@QX2$>k diff --git a/secrets/grafana/pw.age b/secrets/grafana/pw.age index ebc15aa..53bc965 100644 --- a/secrets/grafana/pw.age +++ b/secrets/grafana/pw.age @@ -1,19 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA kcb3u3/R79sZvwHPXxp1faFzYpnTUJjnDnyA3LCb7js -KQaHb04I9t/ah32d09P3AW4y78EXxqlKMZegAMv0D/8 --> ssh-ed25519 4PzZog Gc9EMmfVfQVsUDv/EGwiExDWzA263KxCc81TpnF/bHs -2QGJpcxDqQYly8tpyyq9uSCfYW/FV1tYgv+Mf/8eCik --> ssh-ed25519 dA0vRg HTT5Awec53+Eg4itwGWrM8W9s3/fFdpQJbNHryN9qAo -SXcqmaUfjBIfgJtkqafX75wgqWOfRPIYgwH66SHH9aA --> ssh-ed25519 5Nd93w VhDrPTSM+V9lTPpizEkonGM/r5vZWF3gPA/iov4kWjg -Kv5UWwZr7/3r1TxFA897+OgkXkX/sSLPicBDOLhqEMU --> ssh-ed25519 q8eJgg /BpYqgnWdctlOj0NHxAASTuYRfp6cfc9OAUgNsKOykY -ivH3zs9v8+yuzqQsLE08sAzAsd/izFH7b6ATVs5HI9w --> ssh-ed25519 KVr8rw gTcaaJC6XYsyLyxnoP5/HdWJCAPe4EtFk6YOOmqgtAU -5VUHbnghG7lwbk5xCl+q0nJtS1S5mSv6vD37NgCJAgU --> ssh-ed25519 fia1eQ 3U/5b8+aOACexOOqS6+EztcitIiTG40ZtwjxM8RPTAI -5An4KawPz4EcrAY0EGUS83lHFOGJXKOHGSd1Cj4Pa9Q --> ssh-ed25519 rmrvjw WMELHgVvy9er/V5N698UF9ZFiwaeedNsxFJ5Tlj3ZlQ -lw+sHWr3uHV2b22xNxnD+vSPis/iq8Xbp7XaIWG5XDo ---- +UH8vyepaxWHUviCyJ2rgJ6OcQRmBC22Z00VB7WndFE -3fؿȘڪ_'騠3'LܨbeG<6é)"P%?~I\u \ No newline at end of file +-> ssh-ed25519 V1pwNA ocbo4VYNAuSMl+cwAnQox8FgSfIIL6EcjEZ2w81Ahhc +D0lErQCzwi9TBMSd6dkqivQ6bHCZrtlkgaTjQVdfAEM +-> ssh-ed25519 4PzZog PpuPLWrKMhSn3VFuVe4EtbeHdIGRBPsN42jJqP6vJnc +lHF5+sdN8B/2Iv9kxt0q7SsRm0KKmnRYOTj9tQz/aD4 +-> ssh-ed25519 dA0vRg 3fAA/TDGslCUZKiYHjm2qZmP2x1w/RX80mAVQD1sKlM +Po0PftPgHBij9jBoj4iCRq6ARmek9ooo9ONFh3Q5kD0 +-> ssh-ed25519 5Nd93w lXvLkIuGZJRAvgmvd+SBay7qJizd9UUs3cM5z4Z26Vw +HSohmw9oO2IKdiH4Iu0ZuL56kjpmKJ713sLF/tty/1A +-> ssh-ed25519 q8eJgg z7HYPsacyFXBnpIkRFnUSjEavyDG49fIT1VNoLGsCEQ +s56VpGW2ubBAWp5FoHrgQDZySqINJda+44xokM+Kb9k +-> ssh-ed25519 KVr8rw 22pOg0xxlJg13RyZqMYakteo2vw/6mjsK8ce26nqaUc +xjJHXIpWQ/Y17R5zUp1hnpIF3zdqkfJIzvgppGPMJD4 +-> ssh-ed25519 fia1eQ sFOx3dxfZ5uGKjqVHoW5QcwEIvHja/+uWsZrdnoQvz8 +Kczr+yv3PEmTqDXJ3W7hn3bZ6wrpivhmkrg8fhmOcsc +-> ssh-ed25519 rmrvjw 9nQAeB301lCj6p2rnnumD+G3WLjMmZ4NYAY/GFLy+0k +FfnwVEYqZ/odWg5NOeizDMCkRMLiNQBtpW7ko4pgmGg +--- k4P7z8pNs8T/QFPUfC4E7/FjsbKzhiM26rD7YcJ39uo +M{$lG=59}qޯP (wJKcT e [Aw;Y \ No newline at end of file diff --git a/secrets/ldap/details.age b/secrets/ldap/details.age index d79875c625e9895fc7fedb493850065ee7bb97bc..e693051e00465c8a64053f9f24556c374deab8b5 100644 GIT binary patch literal 1636 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5sb3@{4rL zF-Y=G4RuQnFw6|ejLP#fFE7rraB)pf4RLjKOsy((%d9YVHsK0LbT3bJtO!dhDGbXt z3U*8jh)N1ED$0t;cg=7QPRVsK%5teJtH|~abVRq!B%mrPKV2a=DlanA(BHkHAkV-# zDKoOfC^s-AAi_H}FDuy5!XVPwv&t;jydozsFPqEA&&R}E-_5kZ$0wl3-A_NvsG_vU zGt)3RD%Zf(EjP;9vA`oFF~6)_-xb}q6i0)ypmYW2Y!^dM!!k=3H}7nhVqf2otgIq8 zeW$31vQ(ecVE;lh{p`q8N0TDU@O-W!ZAZUiZO?oQ$1qnflYo?vFq0z7WS@!*S2JU; z^b!{zgTioc*UV7ABnx!gO#MU3|GJ+#^d8LygLVb1KrzTwTf?Eh@8JGb~Fp%DqyHEBrjQU2}p8 zQ=L*%{6f)fE3`=UN>5kN_D<0*EzOT~&W(yP$aJwRj!2DgH}j4(H>h+ED0DXP$uTQ0 z4slK~sVwF)@Nn|?&h<<#cD1NA!mzwNGqS|8B-5}cz@#cIGTF~K%Fx}{DFh=V(=rncQv($u zypuDulQWH@vfT`m)6z1s(j0TMQ#{kMd{YWNJu`CLi;M~*OfuY)JwmyX0`rTb()F|a zQr(kW^aINCOnmh7vO|lKf-Id1O#>}UvjWTVU7h^Q(lA2Ov&zx8&{3hn&?GRZ*x$TF zyUI6A-@T;R#49U2wW7kZ)IT*Vz^BC6KPjxLFs&ja%af}jz%AFmz$?EpH^RR%I4vV5 zF+|_9!X!1jGNj6+EYQ2ysUoj5J3k;i$P+yzOQWisjMEj$(z5gPJqt<#yh>9HDtt=Q z{j<}ZEpnoAbNoZJD+h#8oH9N2y_`Y{vivN)4g8JrJ&Q6; zE%o#L12SAgD=JJXv(kNhQZQ`uNHWMQ2vmr0FEQ6H%h4{%%CpE#$xQQ3@k&X~H!sTz z4);s)sSK?2%gN5na4ilCHQ;g!E)CE0D>X|@DK-gCDarCH%QbZg$PRY5$PO_rF!S+9 zcP&bG%1VhU3q9l7!YOA6dl@Edk?nCN3}o@)^p8J<#=o6i*#J; z@1E=$O_?d)o1ZWNRjk(&`2QIuQEu6k)zICBg0kEUgR^=j&l$Lh}Q><}vdID3oK7mW`_)BmQ* zHFD0$T4R3ew&c6zYI26r+|@r^zkm9-RnY36EwkCSR&BwWmmZmGIpjo|q&>TtL)V|s~S(4TGg`D_~-!e<5k?nsg|n7E?$;>sn~{L56mt*>uC*_Oa1IAzXR-`#Vb zNOsN8KD1G4#*&`G88ww2%1jd;3DhSad@^(0Nrqn>uDaq;oS)_&`(>0h>BYK#O8dUg hxqok`$O4<)zur!{?&2L(Ic34TEpe+vCa*a^9RMJ`HvIqq literal 1637 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5!thD)aJm z3=j1*D<}_4)eou4NOml;@C`2V_i;}QHZ>{tsB&`+aCE8&&*t*ZPIfJgbn}la&JME- zN-s)F%uMmtPb;v9bn-Ov&rho?$V>Ffb@$3EG(fk_B%mrPKV8AZFQCw%Fx|M+(OEkw zA~)a9HzhRHE7HqIJIB#6*T~V?(b3dHKh4p_IGxKoB+J<-%pzkUCJG%M028a1Nnk0Ez zmPD3#q?#KVI+qt#xpMitSfrJjyA`*~zoSG%DFV!Zj=0G$S*^ z)i|P{DwNALJ18*9psdKx#VpL}Qe|RbZKsSD+spnvZUqXO*LGp`(IxL3Xf*n?-tx zS%|-%slTOfhqj{Q1Nq%ZsLArZ+Wih&KrBPK*#_0;7&S6QJscxQ?NmYjV`Vr-3 zCFzzHex{+u7RA{C`bkNSiRFGp&dEM`~qE1p8Kn7w9KiL?&fBS2=}6rlq7= z1Z8Drq^GB7n_#3#XhUHJ+`|2*dG-G-p0&-aOK#owQ>Ybi_A<^Lfn}j!0(sowWO8=i`Xw0*fyJVr8bfn?c oh9tH48}d^9(QbiHeAf%yzcO3NkBC3PiWfB%mrPKV2ccI4aX9C$})SG(59B z%fdA;(jX)%!rk97DJw7_HKo$4JhIBvU0XjdsFQi;{!=@-r%f&0Ldx zeazh~e8Rk(4boCvjeNP%%*sQ|A`N}YExnAYBEwu#42+X~41xpQ{T5kt4)m&WcP;cU2{SXZD0M7xa*fQ)h$Zo(A~!PB$j7ieGCRyDz`P)}z|bwoKPb~T!WYA~w9G`q)IbGe zb1w_CvUD#qk7Q%N05`MB$O=a{^PH+gr_6xFfC^tD!?3hav!v1r_jE2xOP6eSlawsS zf*fs^@Bn9vKo`TrK#P(J_lgK3ub|*67vrL0SF_9_k79Jcc~&|47CI`Jm>C2nM--Xo z8XEegE~&zU+9*YlUib&7+PND zZRY3ZQ<`pQ>6YRckZDkyVi6TuY+f80QW46PX_8T{?-XX_>=6IQBk8B|^#QIhBp zk`wM@SXPqZWmx278D356L(;9xG{DQFq`bl?G}Fh&*dVB)(!-+IE6>Q+$t^j#AhM#$y&%Io zE6*>?m#fex$|Ez^vdBLtBF!Mr&m!A6IXk^5G{`+YG%7pQBFW#+#4Ox1Cnwm@giBXf zSHasL%d$Aztt28OB(2QH(J&}1(aAH+u`)B&BPB66JkZPA$k@rmBr(&#g3BZJNJ3$s z#G@r*89sqq)lcj@Z?~|{(tS(D)sUk*U4Gsxd#}EgpVQ=)W3c~o!|B)7Pq{e9nfaHr zwn^^@q~&mOgTG+$-jLuwJDXPjPGoxTnrpmB_@HE6a-a}j zAM27^Gv{trvrw4OWh~6jz;~HnKKF%0VBTWByMONPI3ea(XCL4qbjNSz!r-3zzxC5= K8H`z91_1!IZrpPK literal 1440 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5tlOF-bEC zGfv3}cdjzX%}>h7Dm2dt4lC173oOiv$d3%K49WBHb#>H_$mjAaPB%|3HZBSXbjz&F zPcbPB)V4?q&-C_jbn!~j&d@e34M_8=GDr$daYeVyB%mrPKV2cPFeN9++1xTSz%1P- zH!-uoB_pNWqcAKpBeOI;RNE{nH#E{c!#T0iIFc(rrNk@1Jj&3ws4~zmv8W(9*VU^u z-6+E|)IH47v)t9f(9}6R*vu%W(gfYM6i0)ypmYVlvOKe-v>^S!#H1>x(j4RPME~&g zg3O>&^U`$JGRI)c+)$IWya@f$z$` zsKQF~97~q~_oxCtb5C^JO#M8Ui}Lc^Gt#+S!>fWl{GvQcLdt{8oZR#LDoZPaBFs}$3j$pH{3Bc=Qd1nw zibC@9LJZJtE3`=UN>5iX$aD5EO!qJ<4Knl0b1n193kfkS3W+GyHYnB3E_e0~(zozQ z3r#EakI3e#Dl{(f^h_z#E{QU-EQm}>EH=qWcX0}=46f8q(KgbLh%nJkN)GU=iYiC9 z%{#2fqNrTKJUy$#KQBBWBqLux%OW{E*geR_*v-!IuD*f=6RF(MG%wzSMd!_+_p zgQASkq^KOnEaN0I%lwRB!!)Ddu*&3oeG|h#x1x~zY}eFC6I0{z(uzQ?lG4=7?23|- zg353wQ|Gea5RXce5XsO&rrJ{L0Eo3Mwsw{LGCFP0I`_4RVXoZ7YqcaxzX=@HO*xcPp<9tt#-!NG!;7 zb8_QHVjKfx6LETAhRG)!PT)eB;UlX(#X8hHzg>mG|$p9Aj2&z zr`*8B%stW7HKa1lzp%6bsH#K+&VJjuu<&(X;_ATZ0% zyUgD-y}T$h-8&H@-k>4r=3$nY?pN%d<6~@OmhWYrTxpo*UsV>C;pQErA6%N{lv|h_ zS!Pm^>Eg*%?%`yT9Gc}=73yuE?^afn;g?sQqwkWD?vb2iQjuHk;S%O*TA}ZlSK`T~ ztE;Qv?(Jq$Xl$A7?_})j?^s??T5eKR7;fm|V(O$FSY)OhT9K|@Vd0eOVQj%wcx|Ft z)Vr-~Oc*DeHQW`De7WKO&RvZ7ROBLHYc#c2R=?ih#ZBns# z8Rw~Q!Z+pyvs5be9I%|MWGpjB^b(I&ysS)Z{E@b%E1ws78o3;p9;Ybbb~xac7x#L; zqNQ8(-PQiM{hc*s+4hdrYnSHb#iqAU?KQgpvu|I*HRB~Yz5<(Cx2ZpJQ(n>aNFnWB NrQDfQM^`-m2>|b<>RA8) diff --git a/secrets/nextcloud/pw.age b/secrets/nextcloud/pw.age index 0c9899808f917eea774f494d6c21594d13eb1819..98b1e9aee4fbcc18158c9411c67d493dda4f90d6 100644 GIT binary patch delta 937 zcmZqRXyBNjQ}62$>YrSg>gD2DTjI66&9rTWstW$fawiP+Xj$ zo0?)|YHDbyU=mOjm7lJVUSwh75s~lbQW+2x=oR1+=H~3}ZxUpjVqsWbT9ua-u5aL; z6`@_2Qkdh*m6?=Znjao%Sdr!H;_6nM7hG9t9Gq*BUmjK9k?c_r9G)L)S()l(S?XUr z@uPUSlUYeV{qBEmc@!XiD= z(;`E|JRNgQ3d^!me6otsW57GC$fBrRA;{IFAi~`-+03=DB-GO1z_UIwFv`H+x7?$w z#MdJ;%cR06D$6gV$}gwVfXm%HDbU5xz&SV5HA_D$z_r{jGBiBfIA7Z%CD+N<&Ckfk z+&8o`H8nLn9o@RL%tXV~Kn0JSfc(6u5|?1Ng2OI?4cuL`Qi{sGor?AIol`@dvP%N+ni&9b}^GoYpA~M}wBHfZ*yb3D~JS;s^4g8|q%EE)(P4&ZyJn~aR1KiWObaizV z!aU52Q`52|JfgxPEyAnZLc>k`Dg)euq73|!k}C|00@B<{f}8`>BTACFTpw%{l71-G zctP^5Q<;5C-tF)(CyvLPx$6J#@sv`^QR>l4W8b2;>(LgHTxQkkCalU8BmoaJcjnBtgd=4+&%o#$<6?CG0c z%;j4iR25?GYgz7^VO-#AoMc*5W~rYZmK$Y}mz80rAK+c&Z0Kl^6X0p?%cX0lP+Xj$ zo0?)|YHDbyU=mOjm7lJVm0MsMmQ!3}Y!Q&;7VH!e>6Vminw}Br7+`8x8E)e5svS~Q zYT|3*nx31@WolqjnC2do>Q`8qXY5^(=alK~>JeJ(6d4pyR21grnwcGuXk6%=R%DPq z@uPTnnsIrgMPYu5r+J!xW{O2%maDnHuW?33nnkW(azVDAsX=jCP<~KEkxM?8Q?g@l zKwemcfor)zVo_LlhNZTnshOc~W=f`Gl5tU`msfycSwV_dL1p>mct-K?2=6ox$3n~E z;Jm8RFoR^b)T|WeOv?C&BrPP$P}|5n zCE3+Gr`S~AJUGas*s?4qkSoL0DKptM*x9twttj6@-zy~1Frvu2EHbB1Kg-myyxi2J zq&UUU&oIm{6y3VC%tXV~Kn4Fm?+l|NZMV>ZOh3y&?`-{?yf8CIZO6nQm#Tm?lc>s) z`qZQx6CZuo3InckXZ_&fG;a^DFjI?U%T!l`5X%Cu(x80TNK3cuC_nR(V9SauLl;Z$ zqHJ{QBHa=zoYNJ|%Od;(B3;6YeH{bxeT_`Y!n4AHDsea6WzlqLw$3z0(?F5OD%%ZqCyK20|U}?BVC-mTnv-F49z0BbaizV zBK2Jj3=`9g5=}e|TndA{vyvhmojiQqQoW*_EOLS^0&)VvoQoa9(=+qAEcoV5RrJ}( z!mwQ8fwar@O}3U<+l#hj%9rZ~an1<1b7s4Txxl&2``&Ilt?iLqB0HXOCzq$WKN0DNmVtN;K2 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 8461339..9a9b5bf 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -23,7 +23,7 @@ let galatea = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3Mke5YtaMkLvXJxJ3y7YAIEBesoJk3qJyJsnoLUWgW root@galatea"; optimus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqYbbWy3WWtxvD96Hx+RfTx7fJPPirIEa5bOvUILi9r root@optimus"; glados = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6go7ScvOga9vYqC5HglPfh2Nu8wQTpEKpvIZuMAZom root@glados"; - wheatly = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEehcrWqZbTr4+do1ONE9Il/SayP0xXMvhozm845tonN root@wheatly"; + wheatly = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPlgCGtyvd3xwYg9ZNyjTJNB/LvUSJO01SzN8PGcDLP root@wheatly"; kitt = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPble6JA2O/Wwv0Fztl/kiV0qj+QMjS+jTTj1Sz8k9xK root@kitt"; gir = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINL2qk/e0QBqpTQ2xDjF7Cv4c92jJ53jW2fuu88hAF/u root@gir"; neuromancer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFAs6lBJSUBRhtZO3zGKhEIlWvqnHFGAQuQ//9FdAn6 root@neuromancer"; diff --git a/secrets/stream_ulfm.age b/secrets/stream_ulfm.age index e567e338e608ff2564e6629897c0099948ba5005..8b0b7e2da6c5fea0910a14441bef7f964a75d556 100644 GIT binary patch delta 3124 zcmew*@k?TYPJK{ec)DY`cS&Vwh-;y?ac+@GWxk1-wttp(QDj7gQ>wFHV18LfSX72b zAXi9*b4YT&Ur2>-L}Z0!PEl2MaFw>ZWmbwuZhCHkk9JO;Wny-SnMa|8Czr0BLUD11 zZfc5=si~o*f=NJCRDQZbUS)YwqN!)5uX#aHRESrVt6P3WWS~K1R9dC8OJaCpUXDw) zPgGcmi$R4WmrIC=Q+{f2nzpC5b7ECPr$1uj9(xlSpO&JjkA&XExjo)y_#=7vt$ zzS-gW<|Q6s#V)y3nTAy*`KbXF!NqA_&d$MA1(mrzg=JZlCjOC=;~B-nQ$2IT%5$?k zjH`-*L&__QwadK1f=iN$TnzHdEBy-sOuT|3Dzq(3vfNF$Oe0hC{cs>q_EN@wlD zjKHW;Cl@D^Vsz`$G7}9`0~Ne|vxA%~A~Ta+Q_B5|gACpBj1r9u@{+@hjUx?`Q;a>* z>P^xUjV&z-D+9TVg7Y(j)6KMl%q`4~jMB|5vvZ7c^%J#|oW1;960=j?OAMWZ9dnFw z+%eKuL~xO#S-C<$rB|t!XGLbNeo(ftah_3FQ9yyGQ)RJnRaU;gtCwqOYEr7Hb9lH{ zXfjuJRfU0XWN^KUc7Z`fh`W!ci%+I|X`xqMo>P%QN~xoFo@JzmYq7agNO(4vuCA_v zXP|+FqiJejn3qLyaHWrDfNz0;uVa>Bsj*{Nm8X|wKvacWrdLvSS(OQwxa&)mDrpVh z8Mo%0^1GsCz;^Fv`^AfFmk!x2{hU$g^EPDl?LU3VmbR)(>LXuD#V$J2@nTMk*EU|^ zXc_K(roKNtef&+?no+~#dUw(c%EFnQMjC*^v;HDDk^^dDkqn>zueHqfW?MijU6h>C}@|Zb44(B-* zgsinlzLWSunBVRHiI{p({V-wo(@w39y3@|Kok==4$&Pzx>^^PB>(YOxD(+X>ZqpjK z`-3)(E=3mCfCHy^pCA47>@HiSytZM=G2h$CcP!q@*LpqnuAh68S0z07 z?4y{M7eA(Z3+CSp+QxJGWLfXA&2ekhpWNWR;nb{=)BarB{@rxD7iWu4&(S$8M- z<@0HiC%eBj6?pi|cC%BjuBDs6i?56v*J{`fF)?m;4|h%eaBZ!7kVm2Udx^)HJN~cU z7Q6EN73RaM{x=lOjn&lo?Ha#|wMQef{-D~i`+tI~_KVnM=tZPIo;X2g$(42i_l*wL zRm*(dUC~Z0E_?Udjq7^VzVnUDp$Vl03F}wdcyeB}+WOFtf#b?1gBqdxpZ(fDUt1*W z^{{%efPKO2T}Et2YcAx6pIgH%{6**O$u<|xU-4I0i7N!ubAj9C(zq(>%EerB9o*3UciO9%ii?c<`!J9vYfnl6}#!|wAQ?Ya0$K( zpL0sPv=)iDo=YI&ThQC&Q|wK`ixiMqG^eJ^WHrvnYXUPwdudeyU4q;`hu62$@)un6|uj4 zVb9RX-XK~YTA!X`tGp>X+P~{P?}#eRW=AuDVu% ziI=K%#3}7ezV@A^xxZ%iyyIIDJOm{`6-_ttHQREw?6d3V)sOGydI|xD)d(aLKI{JR*Nh+KGQcki$UE!<$3D8BvI^Pdsd-etW>+%V;<*zB#%Ej*X9Le8%a>KA8x7T6Y~tg-Uc zynr9y75;o(ZBSWxGO)XrdrCc5?%TE+evMytQsF*a_6zP>Y&nsu8AmDP2G-X$yj)p?b__WSFmTMVUrZ*DhgYaZ2= zicn?hy!N}6D?s}mhx>{7Ij?*^TCM&l@_D)ayPM4ScN|f?uI^gZ6e?G9Bv(7Xo}24q zgbc%Rg(zNwRSzO&yMHS&UGr!{o}c%uo$c{KHL`)9c3zB`aX0-<<|G-d@5eVxS&$Hw zy4_iHlfwcNC$3=2zeNYWv0Te8-hQMi`sSR43C+8^dY;O}d5cHK6$HCI3GTXJ_EBk@ z@q(~d&vX~@F}$0X{)qL(&x@fyE5x%el})aHA=kK~HJ$(2+b3+(>vg?;Zhw`trasoY ze9ws_)&=@oW-aGenKAXTbM~oUbsCvVJVLJAc2Aqc_vVHSlN0x)*>R24`_k6UKDV$% zOJ`*(oA=BkCFifSJgq;`d$QNxT=l(5-sQPVaub$G8X3$~GFf%}wdkgYEvkF>UEh0{ zamM-=l_B*#S;;#>GWBAZv+l*U8#qMNa^!rKoW=dtM2=m4Nq-Y=h$=z5|m{VF#*RID=pzwC=C7vvX3yzEO@@NlM}Mn=+Q^|Hy< zpKsk~SkbQ#Wi&maf}`!=(dZ(fKAqpULoa%}=q9#CH%y=Lt!JO5hxJdppJpN7)~zah zTlA5|jB(mudBMLu@y8x}+&q8VIOyS-S-;jFHkvIkS7ousGHZP{(WkMojm#PKS8nLb z89#mHpjEQ-z1zmTi=V>kC0AQU_o;WCePC+xJnQ>cX}7Im=~2SJtVJKYueX$C_}z2k z%ZJ5bz1sZyG7W_kt)=!g9ZuNP5x4)D%egOSOGC_S%HA#8cl(6l!HYem>z9cgR6U`a z`t|Nii#c`iYxc78vhG`XwB^qUzfO&SM=JG88wCU3UOQ%(u;J0yjeN{n9nbddJ7BAu zBQv#{W#;KkO>dg+zMOs4IOXGm14n0uER{9*t)^U{SZRN#gw4)P?ryq7*4H?Wb({QN zXch#YoLCcL+V7LI?$Ht^fGb;H&NAin}bLFUn3v?!9fili&E}=Khq-RGG4^N4w&?-Oq@~%)Pdgb?v>C z_6rx;t(7T05^(Hel(}WnYLL!+)4Y<)w&;N)(E^St3D94n0w0n z_@qA*Hg-PmWHCyR^qmtU=*$)zW>)u?P3iyS&kjoW+e@Rh-Y~9|vhnyO9 i({o+oR;+#U>B5|!d9xU}7y5_FC)7X84vPNAEdu}|Notz_ delta 3124 zcmew*@k?TYPJM8MXTD!$RC%yrN>HM85<3jM&S z{G2q?qHxcgKy>TUG7}9`0~IQwQu6Xcivv>pQp1Z=(w$w6LX$%RGcuh+lENLUN~rE>y{8P%3U0t~hEq&5`a|4U>12Q9u0$t345=}!hT}m?iEUF?r1Kizn3Os|;jLj;G z471U#iwG`qG%Hs~$uP3aaV~MsGBG)%K}ws3X~a*8r8FU&6u3@f z$n`Qd3(B_CHjE5UEe^^vDyS&+^H0wS(Du$V4+$;{j>t$)&r33JvdqZmVtl?M#{BLc zEh)#f3cRO|Jxscs@!#qzckgP^q6el^&tB^&bWpi;d5TNQ|N31Y{=7Y^zu^ae{Cdq9 z(~A!UU*4dhd@id?-EH27c_;o{IXwG)BP*Zg3zi49Mr(48D{&az-MXOU!masXvt&h{ z-k9j|Mf+Ib@QgL28+(i#b*Y!^zT>uQ8jzEl<>aGn_Kgws@E@y zJafbUM$YaQ&%&VT*0+~k%YMi%{VU$_>3eGvF-glJ2eHhX9*ZC4$##25?rpS-sOR3< zU!rTjb7kFw-51Sb9Jn1Tj3zo2AF5r+FYs4=Qo4b-;gszvG5aIrDxSYmeyPiKa_&P< z6ZeK9>HlT@+H((wge^2#&!ZOH-?Sr5E$6_=-g@7^Jqf0}`UHZw-c6P>DxdS1XNC6s z7aC<25<7w)N3zqk6L>h5rbsav1Wrcipx*|NY(MfS=7JOSzka-w3|DEqu<(pIIt;nONLs z-7ixwvdsupQ`yh*P~b!H+M}(q;mF^)wkwqRjr*i?RsC4WkYx0?mKzcg@j`tUU_4t zsq}lRmVEKbJMn8b$$WaWs(8cfcAl6Vlj>LV74~dYneox0yjSn6b=0p-QwqdG>Nmgn z7baVLeYv3Do@swqtYq5E*Z$+{?MI1Me9wsTn25KmTC5%JTmMo@cBWyr{Icie7bp2E zJMpvHbE+usYg%x^`nC1D$!+`@?2DS2I{H@5y>oZhxqO~C+r1B{Sbe?nDQo2(x%~+e z<(t?|_kTKtR)hH`|L&Do%=LDWN7*0K1PSHCJ6}zEv3=k4cJs=$r(D}}HD2W{ z_7D8g6k6X|wz0QnOU0GU`e-)!Hpw?LM9;5wbjtPY&CkdXb(3e1+GD`H;)DLXP0jDG z2z~#hnKoOD<&bKcVyRSwzEtVsW9z;2-sDZ4um87lKSN~DIbZI){R+o!oa9eYxZbm> zPGs3W!CfqE+%d|lb!VL{(p&oYQJ&p8j`cT-4tB^)doSV`#4)~TNn9P{H( zXO(uPeDZ7O@G%xSI>V!LUCzmg2U|8Vn71?SaL7E&)t=+D!Lnk-r1JrJVODxPNmX-w zgP(}hznkng+vCfH!-riSn0wprV0K@g^S*OU_JsxK(w;2nsCc4g$Gh$GRI?X1#irl> zH)-b|ojDC$9IC%`oI0MARmlGP?rk~GJd0!6WUp5fo_=U3zj<59c0JcK?z$t-rD}67 zt4Uw5x+;0f?_875`yPtH}NF zeB+>5!N>P(edU9*C+pcaSHBH9Zod5&hu^GSXQW!J`hTol`?$>amCj$)s$)W3CS|`a zv0Z48G;JlQF;m)?{1`+m`o_o2bYK>N8bt}Aa-65T7*`c>j%-gnC^?zi?2 zofBRrevK@&5xmqsrCs^U?Ryn`$F0n_-^%lmW4RzNQ8xV$lWIcBLcyf%^*cF@6<)r~ z*s}MWV&A!Gdz*y14YDuZ6$#}t_*3{>J)xGFSNirc_J5B(e;m{}Q&YwfW%gh};M85b z#dYt5Yrd~dddnVM^jK9P*Sn}P)_Jm_D_$x*A#R8tyqWbK~B8BFc|Ce61d?qYo)U$m0 zvyx-IzG1~OhKF?zNT;k>TJ-eclgtF4sRzQ>zFggYPlT!PW5lUlcCuo62_oOCotGRa zi~d#B*lE3Vy3}PI-t8AZ-254zTeNN#e@YEwWPJOt;Pk|oExTU7I&IXywM1jfpL5y1 zpX&3z{o*hFUUN0;uw{Jb(L2h0Dm4ve6KB~vf7p55nLp3#c9`x=PBR|9gJ1q$?J{3k zkT8SEZRJCe1r;-tvNUt%&Hb-4?QQ+6sFnUgGXkz(`O4weW6bztBLCD(tM0Gwr*Fv& zEnO$+%$_s(0*AtWHSHOdv8UBGt8YG3HD!IOX4%R4^_#1VFe#J|Dhpm+WHI4;FSj`Q!e&eDw* zoH?J7k!{Yhn}-53?LSRPXZNb2Z#@~p3>_SXbBfsob{HpEpR;XkewBJ! zMCd;kPl8^>3%-S0(xn7`=W`lf2uzZhD!JJ2-mK*@cfKAz66&;PYV-fyvTL*dF+14Q zp0WM$NpaQh=nJgB3jEes8HuGm*k<)-LNT+G`@K`UQYN%8K2b1UTc*8dM|k+lOzVg> o%3BxdG(5Q9qrwv@G$rkH#qnC*%YBoqS4JcknsC46zVLf103LgK-2eap diff --git a/secrets/wolves/details.age b/secrets/wolves/details.age index 579b11e8e3c2df9042312ff970a8c781e750b0de..a3a0a76dd0cb098f8a5a344fd726b3397dd7ab3f 100644 GIT binary patch literal 1461 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5!uEGz`m( zF!e|?@$<6C@egxKOfxGl_6w^pN=x%G3@rCfch)ZOPcip!P3F>fk0@|1af%Ac$}g!5 z%_#{eEDA4mOmj8yF7h#U^))i|O-=Ihb25!|E=IS_B%mrPKV6|TGRRZAFtoxbv!FE4 zHPq8D#WSoR$JejQC_O08sLUuoJUuZn%q=-3+knf{pfJ6_!mltmIIz?=CBLe~+qJRjY*6i0)ypmYUu*W^f-ocw~!FsGd2upCq4On+~; zoWvl{>?GfuBK-iTG}Ex;^dk50bQ7+8?Qqw?h@cSP%&eR$|KNfgCu6U|sM5mV46i6l zmw?=KfBoQ0k4U#<0|Rv1O#M~S{ za$TH_O45=XjY4uN-8{K0ib|a$bDaXrGRxDGJc4opk_&u1Q#_L*os*0Vos#lXN{t)? zGCeX1!yM6VE3`=UN>5j)N(n4*Oeri340aC;D9mvSOEUH-clJ)o_J}G>&oI#TGBr1_ z@YK(7cQW8|iwZW#FfBZ8BO=SY%(XZtqujmR$=#yVr!qMz(zV3JM>{t)!`Yz3HN&7JJjj)1}a`*v&0GFry^h+|4w?MBCe=#3UrcqB6-RJTN6N)Y;KBDWx3UwzSMd!_+{9 zum}T_u-vrd6hn^+i%3T^%jBfssB%L`x8&4};;1ak;HqM$h_dv^(!g>qm+V}Nj3^_c zko@v&zg({pzYwEfvz&+`3s=X?KKUbx6-I8C*yR5ilA`g5W}j9)WC3Wm#PY% z(jw1D_nc7A0{5WYq@qak?7*T(i=3bwzi?l!DzoG=gVNkWcSi#cZ5PK(Q@23Z{X9KOeT_>^(%rla-HeP=%S#gj zDl*DVGBZtGj14f-Bs3&Lvm=bcQp|l4-J=}S%iMxO^s~|}@|`Ta-LgxHBF)XiOkDJh z%R^0aD^0k3GE$N}yo1V(jWbdW0t+LHlMJd7^P(aw!rhERf=t~r%u)(+vV5Y-5-qrN zb#)a2{XNPIi_ODbiYxTZObxON15MJyf_<|Mi=6|~3LQ)GLJP_QQ+z_4@`|~#0`7Il zxv3I%uT8cG7SjujLOr_N-2#BHa5xd@Cb6L%;xfR&5!cQNiE3ANexaf zbxpGf^f9P1Ff=sqHq0$G^C~L$D=^D*HZHMDv_QAbB%mrPKV6|T-Av!Lz%bK0*EGt* z#5E@?D>2d~F)1J~GdtV6%qKar$Rnx1$E-5IwVbQW%fPJ4!Z6ga(l<9TsI0OwF~zUE zz`!@i(>F)kDLE?1E7IG?)gUs|%>doD6i0)ypmc@w5%#8A4FGKS@Un7?s zFEew4oCu%7oYI1Dr$}_$O#M2b6U#GlGK;zLa=b&_GQC`!Q!_*JD}&420)2gp%%j}gT)d3)-KtWP0}BGu zssb}yBeKzLE3`=UN>5j?(2mOX3pNT$49hIecg{}qa}7>+^9WC>a!&TEa@7y_i1Y{x ztSrm*aLne4s50|0u5#4(uMDjyDGAOAa7i^Ovdl?N(@rUmDAe}$4>gTQ%?Yz~O~VLD z@310^qH+Znm&7n9r}E5zvciyj(@4XtazAaeve1x}sB*Kk5@W*>6C+oToU)v3Ltn1E zWbeS_ERS68Jpa;^rUoj6 z8m9OpJDPbo8s)iKx)k{p1*ZiiM^^b{gm_i>JLZ{YhiCYuq?#8R`vgWNW>y6U z=!fT&2NehTyPBA|lo_TO=OlA^mgh$$nV6?r8sr&OdRCeyc}92{86vPa8RQig`$xHEM|hP*rKd+Gn^q?48yS>GM8`8=9%aF8kU$vcxCBl_`8-E7Nq28XGY}dyEtk4I_4G_I-2=c29*{^I&yI^M(JI% z`KFgqbl}JDizl@o-IX`D)IBb`aedyrxG4&kcgF~I{dv#+?dYv&q@y|m!@9r?Hwhp*1JlbBnVez0V-p^$Rlj!WfP4{prvw!XV~O;NI*#ZJ%07>g)f i>9bEtp8C#ol2#?uNCW^C?Dly8 From cb2fba3f81e0a868c56b26d2d8925e69192705b1 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 2 Nov 2024 18:54:27 +0000 Subject: [PATCH 614/826] fix: servers need to have git lfs installed as well --- flake.lock | 2 ++ machines/_base.nix | 1 + 2 files changed, 3 insertions(+) diff --git a/flake.lock b/flake.lock index 0026c38..7e53c95 100644 --- a/flake.lock +++ b/flake.lock @@ -1024,6 +1024,7 @@ "locked": { "lastModified": 1689960297, "narHash": "sha256-+43nNv4RSQMXMRGdN8xVKYs2B13w5FJtefuykYcpywM=", + "ref": "refs/heads/main", "rev": "edd922c5b13fa1f520e8e265a3d6e4e189852b99", "revCount": 6, "type": "git", @@ -1043,6 +1044,7 @@ "locked": { "lastModified": 1696876711, "narHash": "sha256-WdZQBLTX6WK8iT7FwvD6sNEefGwtAWmzxZzCvvmDxGo=", + "ref": "refs/heads/main", "rev": "c4d61c753292bf73ed41b47b1607cfc92a82a191", "revCount": 12, "type": "git", diff --git a/machines/_base.nix b/machines/_base.nix index 81baf36..cfaaffe 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -123,6 +123,7 @@ in { environment.systemPackages = [ # for flakes pkgs.git + pkgs.git-lfs # useful tools pkgs.ncdu_2 pkgs.htop From 49d69b1a102c46922a52718d610ca2d08da99b2d Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 2 Nov 2024 18:55:40 +0000 Subject: [PATCH 615/826] fix: slight improvement in how packages are added to eachs erver --- machines/_base.nix | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/machines/_base.nix b/machines/_base.nix index cfaaffe..0fa84e6 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -120,20 +120,20 @@ in { # https://discourse.nixos.org/t/systemd-networkd-wait-online-934764-timeout-occurred-while-waiting-for-network-connectivity/33656/9 systemd.network.wait-online.enable = false; - environment.systemPackages = [ + environment.systemPackages = with pkgs; [ # for flakes - pkgs.git - pkgs.git-lfs + git + git-lfs # useful tools - pkgs.ncdu_2 - pkgs.htop - pkgs.nano - pkgs.nmap - pkgs.bind - pkgs.zip - pkgs.traceroute - pkgs.openldap - pkgs.screen + ncdu_2 + htop + nano + nmap + bind + zip + traceroute + openldap + screen ]; }; } From 45afc95d9911488df78dfbc8991d0beab33dd947 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 2 Nov 2024 19:09:47 +0000 Subject: [PATCH 616/826] fix: back to old version of the websites Dont fuck with them --- flake.lock | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/flake.lock b/flake.lock index 7e53c95..4eccf2f 100644 --- a/flake.lock +++ b/flake.lock @@ -322,11 +322,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -984,11 +984,11 @@ "utils": "utils_6" }, "locked": { - "lastModified": 1727122068, - "narHash": "sha256-C+PD6NveB9tascXQ84rekqlDkSNwe1mFhzZXqVlNvuQ=", + "lastModified": 1724210543, + "narHash": "sha256-JLt77gajtOPwM20m86Kh2JkWuOq1+kmHr+98UMzbjAY=", "ref": "refs/heads/main", - "rev": "d6b13f9c6e0a09346e0e210aa1733a7258e13763", - "revCount": 28, + "rev": "0af67c9ece40fb683238093d857d96aae2414522", + "revCount": 27, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2017" }, @@ -1003,11 +1003,11 @@ "utils": "utils_7" }, "locked": { - "lastModified": 1727122067, - "narHash": "sha256-AAj5tmfT8IuAvgcMjlIjf5CD1LNC/gDCvFRt1NAedPw=", + "lastModified": 1724198445, + "narHash": "sha256-7cN70t/qqmUsShNhIbOSSMToiCRGhEhwZayN2n93KrA=", "ref": "refs/heads/main", - "rev": "a9f125fb750f33747d28271bef3b3425563096a0", - "revCount": 15, + "rev": "3aa4568ae82846a9d365fc464dfc523be07e7ac3", + "revCount": 14, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/website_2009" }, From 8c98281eff281f5a0930166058cf7e065adb2be1 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 2 Nov 2024 19:49:35 +0000 Subject: [PATCH 617/826] fix: finally got items that have git-lfs working Long story short it seems that ``git+`` does not handle lfs objects when hashing it The reason we are using teh archives is as follows: https://nixos-and-flakes.thiscute.world/other-usage-of-flakes/inputs > # Regular git input doesn't support LFS yet. > # git-example-lfs.url = "https://codeberg.org/solver-orgz/treedome/archive/master.tar.gz"; --- flake.lock | 58 ++++++++++++++++++++++-------------------------------- flake.nix | 8 ++++---- 2 files changed, 28 insertions(+), 38 deletions(-) diff --git a/flake.lock b/flake.lock index 4eccf2f..00e2d0f 100644 --- a/flake.lock +++ b/flake.lock @@ -984,17 +984,15 @@ "utils": "utils_6" }, "locked": { - "lastModified": 1724210543, - "narHash": "sha256-JLt77gajtOPwM20m86Kh2JkWuOq1+kmHr+98UMzbjAY=", - "ref": "refs/heads/main", - "rev": "0af67c9ece40fb683238093d857d96aae2414522", - "revCount": 27, - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2017" + "lastModified": 1727122068, + "narHash": "sha256-KeZxFw51lKC0MQpai1HbcWSGmxEbG1Si6gBlyOzP9nQ=", + "rev": "d6b13f9c6e0a09346e0e210aa1733a7258e13763", + "type": "tarball", + "url": "https://forgejo.skynet.ie/api/v1/repos/Skynet/website_2017/archive/d6b13f9c6e0a09346e0e210aa1733a7258e13763.tar.gz?rev=d6b13f9c6e0a09346e0e210aa1733a7258e13763" }, "original": { - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2017" + "type": "tarball", + "url": "https://forgejo.skynet.ie/Skynet/website_2017/archive/main.tar.gz" } }, "skynet_website_2009": { @@ -1003,17 +1001,15 @@ "utils": "utils_7" }, "locked": { - "lastModified": 1724198445, - "narHash": "sha256-7cN70t/qqmUsShNhIbOSSMToiCRGhEhwZayN2n93KrA=", - "ref": "refs/heads/main", - "rev": "3aa4568ae82846a9d365fc464dfc523be07e7ac3", - "revCount": 14, - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2009" + "lastModified": 1727122067, + "narHash": "sha256-s+K1bZsYxeBrsus4vjNeGxljUj/Wtb0qYQ+5xNbZexQ=", + "rev": "a9f125fb750f33747d28271bef3b3425563096a0", + "type": "tarball", + "url": "https://forgejo.skynet.ie/api/v1/repos/Skynet/website_2009/archive/a9f125fb750f33747d28271bef3b3425563096a0.tar.gz?rev=a9f125fb750f33747d28271bef3b3425563096a0" }, "original": { - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2009" + "type": "tarball", + "url": "https://forgejo.skynet.ie/Skynet/website_2009/archive/main.tar.gz" } }, "skynet_website_2017": { @@ -1023,17 +1019,14 @@ }, "locked": { "lastModified": 1689960297, - "narHash": "sha256-+43nNv4RSQMXMRGdN8xVKYs2B13w5FJtefuykYcpywM=", - "ref": "refs/heads/main", + "narHash": "sha256-Hw/9Bo6YdILbbXPymkfiMaah6/t4w7h3fYeUh1+PBe8=", "rev": "edd922c5b13fa1f520e8e265a3d6e4e189852b99", - "revCount": 6, - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2017" + "type": "tarball", + "url": "https://forgejo.skynet.ie/api/v1/repos/Skynet/website_2017/archive/edd922c5b13fa1f520e8e265a3d6e4e189852b99.tar.gz?rev=edd922c5b13fa1f520e8e265a3d6e4e189852b99" }, "original": { - "rev": "edd922c5b13fa1f520e8e265a3d6e4e189852b99", - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2017" + "type": "tarball", + "url": "https://forgejo.skynet.ie/Skynet/website_2017/archive/edd922c5b13fa1f520e8e265a3d6e4e189852b99.tar.gz" } }, "skynet_website_2023": { @@ -1043,17 +1036,14 @@ }, "locked": { "lastModified": 1696876711, - "narHash": "sha256-WdZQBLTX6WK8iT7FwvD6sNEefGwtAWmzxZzCvvmDxGo=", - "ref": "refs/heads/main", + "narHash": "sha256-gfQFYN5/qK5aqN+nGSfyQFOjOQzahbqTKadra5zSIL0=", "rev": "c4d61c753292bf73ed41b47b1607cfc92a82a191", - "revCount": 12, - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2017" + "type": "tarball", + "url": "https://forgejo.skynet.ie/api/v1/repos/Skynet/website_2017/archive/c4d61c753292bf73ed41b47b1607cfc92a82a191.tar.gz?rev=c4d61c753292bf73ed41b47b1607cfc92a82a191" }, "original": { - "rev": "c4d61c753292bf73ed41b47b1607cfc92a82a191", - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2017" + "type": "tarball", + "url": "https://forgejo.skynet.ie/Skynet/website_2017/archive/c4d61c753292bf73ed41b47b1607cfc92a82a191.tar.gz" } }, "skynet_website_games": { diff --git a/flake.nix b/flake.nix index e600e63..5184299 100644 --- a/flake.nix +++ b/flake.nix @@ -47,15 +47,15 @@ ################# # this should always point to teh current website - skynet_website.url = "git+https://forgejo.skynet.ie/Skynet/website_2017"; + skynet_website.url = "https://forgejo.skynet.ie/Skynet/website_2017/archive/main.tar.gz"; # these are past versions of teh website - skynet_website_2023.url = "git+https://forgejo.skynet.ie/Skynet/website_2017?rev=c4d61c753292bf73ed41b47b1607cfc92a82a191"; + skynet_website_2023.url = "https://forgejo.skynet.ie/Skynet/website_2017/archive/c4d61c753292bf73ed41b47b1607cfc92a82a191.tar.gz"; # this is not 100% right since this is from teh archive from 2022 or so - skynet_website_2017.url = "git+https://forgejo.skynet.ie/Skynet/website_2017?rev=edd922c5b13fa1f520e8e265a3d6e4e189852b99"; + skynet_website_2017.url = "https://forgejo.skynet.ie/Skynet/website_2017/archive/edd922c5b13fa1f520e8e265a3d6e4e189852b99.tar.gz"; # this is more of 2012 than 2009 but started in 2009 - skynet_website_2009.url = "git+https://forgejo.skynet.ie/Skynet/website_2009"; + skynet_website_2009.url = "https://forgejo.skynet.ie/Skynet/website_2009/archive/main.tar.gz"; }; nixConfig = { From 4f4431cd6ddc207a67653724383dc5ea7e969aa2 Mon Sep 17 00:00:00 2001 From: sysadm Date: Sat, 2 Nov 2024 20:14:25 +0000 Subject: [PATCH 618/826] Updated flake for compsoc_public --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 00e2d0f..8fbab5c 100644 --- a/flake.lock +++ b/flake.lock @@ -148,11 +148,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1728492673, - "narHash": "sha256-UtHjRQEojBuH7Kx/XaCYsrcSXgwfhOsPJpyvurf4P9A=", + "lastModified": 1730578327, + "narHash": "sha256-+2l8cLQG8rfU8szsLJGTs339Y+ephbC1ByPVkEfi3BY=", "ref": "refs/heads/main", - "rev": "4b01336503479806efefb84823f4d827f39bd50f", - "revCount": 107, + "rev": "b6d9ae059174252fdb683db6f1f17fa3c4a79e39", + "revCount": 108, "type": "git", "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" }, From b2297e28430cf843369b69aa82c0e896b98951ee Mon Sep 17 00:00:00 2001 From: sysadm Date: Sat, 2 Nov 2024 20:23:02 +0000 Subject: [PATCH 619/826] Updated flake for skynet_website_wiki --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 8fbab5c..2c4fae8 100644 --- a/flake.lock +++ b/flake.lock @@ -1072,11 +1072,11 @@ "utils": "utils_11" }, "locked": { - "lastModified": 1729290386, - "narHash": "sha256-9A0f1RueEtf6+NhgqyJMLR6o0I2uYhSLPZM//oyz77w=", + "lastModified": 1730578917, + "narHash": "sha256-ByFTg5oIkGCFORnV3dnN29UFVHjrUefQvjUTE0fa48E=", "ref": "refs/heads/main", - "rev": "a32b3ced29cbd9cd26482222ce74ea725baf19ce", - "revCount": 112, + "rev": "0262d4dc8f22898d53e12d4dbf41e46af9c81014", + "revCount": 113, "type": "git", "url": "https://forgejo.skynet.ie/Skynet/wiki" }, From 1baeb24761ec07667040e061913f6a9137e36a8e Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 2 Nov 2024 21:06:06 +0000 Subject: [PATCH 620/826] fix: errors in the secrets so just rekeyed --- secrets/backup/restic.age | Bin 2760 -> 2760 bytes secrets/backup/restic_pw.age | Bin 1047 -> 1047 bytes secrets/bitwarden/details.age | Bin 1155 -> 1155 bytes secrets/bitwarden/id.age | Bin 1031 -> 1031 bytes secrets/bitwarden/secret.age | Bin 1012 -> 1012 bytes secrets/discord/token.age | Bin 1141 -> 1141 bytes secrets/dns_certs.secret.age | Bin 2814 -> 2814 bytes secrets/dns_dnskeys.conf.age | Bin 1204 -> 1204 bytes secrets/email/details.age | Bin 1419 -> 1419 bytes secrets/forgejo/runners/ssh.age | Bin 1381 -> 1381 bytes secrets/forgejo/runners/token.age | 37 +++++++++++++-------------- secrets/gitlab/db_pw.age | Bin 1111 -> 1111 bytes secrets/gitlab/ldap_pw.age | Bin 1110 -> 1110 bytes secrets/gitlab/pw.age | 37 ++++++++++++++------------- secrets/gitlab/runners/runner01.age | Bin 1065 -> 1065 bytes secrets/gitlab/runners/runner02.age | Bin 1065 -> 1064 bytes secrets/gitlab/secrets_db.age | Bin 1111 -> 1111 bytes secrets/gitlab/secrets_jws.age | Bin 2660 -> 2660 bytes secrets/gitlab/secrets_otp.age | Bin 1110 -> 1110 bytes secrets/gitlab/secrets_secret.age | Bin 1110 -> 1110 bytes secrets/grafana/pw.age | 36 +++++++++++++------------- secrets/ldap/details.age | Bin 1636 -> 1637 bytes secrets/ldap/pw.age | Bin 1440 -> 1440 bytes secrets/nextcloud/pw.age | 38 ++++++++++++++-------------- secrets/stream_ulfm.age | Bin 3194 -> 3194 bytes secrets/wolves/details.age | Bin 1461 -> 1461 bytes 26 files changed, 74 insertions(+), 74 deletions(-) diff --git a/secrets/backup/restic.age b/secrets/backup/restic.age index 0d7ffd893554e33043e6def7db1ec95c520042e5..9ac27b6521ab08f3b19d327555252c3928fc1865 100644 GIT binary patch literal 2760 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5!tjtq4nx zNUCshPd0Wm2n=-z_RTQyG6*bnN;Aqg@J}hOD6z;7_sw&0cjO9nicCqVC@D$I$oGjz z)^;{Z^Y_X(EcS~Cb1TsgEOggSOA8Fh&nO7@_eHnOB%mrPKV8AkF)h2oC)p&TpfWr= z)6X*B*gw3&Ez2O($v4Bp!@R&az_+SgyPz;9ET1bPz1S%=G{d4ItH{ke(ZD=2JITYt zKRqDJ)j!-ZBP_hUxT?~{G$*AzDHPqd6i0)ypmc?T>;MDjumImGPg9rTLT6`3Lo>(x zQa6LJJabFG;;Krws4RDbApQKRELX0I3jf^jN*BMVLih3#i~JP-e)Uq&N^T2|D z%u?TCBl8r4&@huA<6?B%O#MU3<9Nl~@%Kh^zEg~a5LVe700)jKk0;?P|y~3E3`=UN>5j)N{;Z&$|^H3t8~gNG|cf!vIsHr$<9a*)(-b9j;IPtN)D_v z4fAygHZb9;GD`O;EjP^fG^y}6^9jgw){h9x2sAbhO3W%Q$ukbhuXN5YFLlz+^-o5( z%{#2fqNrRUE6p|C+|50u!Y9K&$-~6esU*l-JI~$G#W=UzGcVaEsoWqcz#}N%!q|W- z)7&sP#mm&hBB|J=D%Z3k$f7vRJG98u$JIaE!pkkNGEX}#(Jjc|GsghkwzSMd!_+_p zZA-6o=K!O~g7D;Wf5TEomx$tQ^W=&Mw;ZR6l%y!1QqzdS3|F6=fOG?{jLMSWl;qMB z|G=uSbjO^?AQzt~?Ft{`N*@=;Y`;>o(){!+vpkpVY-3k++w|R&Ow$7uOkAS$OTDZ7 zjY@K&3R9d73iHeI(o-^ua-zzOoZLb(s}f7yj697h%PK9nOntP?3cXzo^IgjWlPywx zGOL`NO$$py13a@lecZFci;A72ax0wO%)%YfZSyP1@zZxyFpcocPft(xE_Dv}O$$r$ z5BG9&%S&?)tO`o4a&`}KN%0Sf2zPU}%r-LM3NNzoN%Bn!C=bkX%kptbO36$!PxC7F zv`A0SF?LI-GIufdP7et*&8)!4Z)HZ229}Nr&L)1Dnf?XlmhR@R1{q;_ZpFEVm0lM5 z=^1A3!TF^*=0O>`Ar%q6W*&}QCP{{&W=4*wj&7lbrG`=2MUFlpp~XenE+MI@{`rN@ zsZmwMDM@9e9+ej8ev1e$ax^Pf&^9VAit>*P^L8r8cS-b0)-NlsG&cy$^Dj0qGt|#5 zbsGPi#@DeYJ{BT#UN>}3m^E59nH`hRy z5_kVfb4%xZAII=8FIR70e-F=`9AE8F58u?lvSf^s%d^VSx6n}`)wIB{%Bk2Zy&#|} zpe!uXSwAz`JTt)8)V&}-L)+gl)YQ!~u%fWSB*K#`)yLB_v82=@(AB%xGSMVQ+rXp9 zBq%gbKit_rJff_u*vK(EJhdXoyb!}Sk0gW4f7=-1e zlskGG6mxl5Mmi!@$l~+}kc%`P5R2b$}RfgpmJNx^jdYBdEV$^S; zu4ZY;feOB6r2&S)Mv(!=7LgI|Sy|!cc}ZDmsg7xp#Q}aP0Y1jr=0={Gm9C)%CS3aZ z7U^yVe&GR8RlbIfIr;fU`h|rVk?94NnSK=p`BhG7xj9A|<>i5fCg}Ms(k-#VIbFdl zygV<}(ly90z|th!*eJ)u->JkkFU2_3HLb|S*Wbt_+al24KO)s9!;{M|%`_`1C^^~H zvdAk%J3T8XyfC0JDcMBdBdR#W&pGpsTrgm7_&r2}ZmXrJYIr*iBcoZdSdz*x&dK(wG zR~c3sSU4AEn0x2=`xbMG=z=BF1%nWXsmnYw6)M`;&&nd`fHxVk3=B&WEf8>Q#@S|%BW zq!;A-`f{DRQtPwu>#48{ye>-aw>#FAFmb9@?@!H}5oYT(*Kf_y<+t_z?oeFDH-+zj zWO(uA+dYe~$;?aH$ns-e+ly%(J6?WP`^>kZPIBX&wO*eqyqb(TvSx3(Rhskjk;BB? z>EBsGzOCzE$nd&4DfIWXm@uzA-o!{n#h7#R%l-NfmPx)&cK@cYy7lVTQi~vaBd(b8 XLjhM$pGuRztdx08*YZ!HOu}ve=g5gQ literal 2760 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Gb||gb5tlv^~&@x z4-5~_sxVLY$gD^;NY71lGS*Hl^Knk8Ofz;(4K6P+_153=T8M zC@f4h%8Dp2ta5h@^3D(QF!U&_C^t5=bkWY!PDi)RB%mrPKV6|Bvaq0_B-f(E-Q6$8 zP~Y9jH`6WEv7*=@(LBpF!pS8$+&|Yd$k5Y2JejK~z%wVOD6*(HFC)r3w=~Syu+-Qh zOh3$|s?t0w&#~0J(8Vve!Z^gJ)Dhjb6i0)ypmc@QBLA|WD4!G;<0K2WsaAZI_HP|F-QqjWBF?*gMB{S5!WGViKvUoST^udGs&R1eQ!|6C(q zqXK=;bSDd=l)P}~qEK|(O#M5kNjx=>LE>H6^@^myvD#+I^H1*9hE-nc1HLxhH2zAK_G79j_ z&Wy^=4JqcTC^W6i_i_tNFHejxEj294%{C5=tTK$O$fz>62+uY*NpmlBip(o_GQseh zcUX}{QMp2}V`XS!iix&~zCl!2h`x!DL2yNBnP+ZbW^qnbNwK+WrnY5XnR94JPBvFi zvP+O@d9G7vmVv3UyLmuqj=yVxer8U9wsC<+UXEFiQB;0uSWb`WJayM3q*0 zrj=BlSv0~dYAV*ecd%AoQzzcP!Q67xhC&m!$$6E3g7WFIr_0#82^r@)Ltql%>b zDuYmWKiAB#^l-P(s*+&Gs1oyFbC)a&jCk`a$??;7R4{c+P7f_L4oSkb1y9MF3z+} z_jd}*2nhDdEAb6AHFb5v@LQQtq=BWQLY{A^lUb&hMOsdNRb-`^kwsRSuTxNPwrgmi zYl%@tl4-7AzG+xMa-q8`SAMZiSdMXdSXFqkNnW^%VOD`@vS+z@NlIaWk$Hxtn?bRK zrIB%Zfw>EYZ4tpmj%MWw`Xw%I1*Ha6sTLkpj{X%XUMWRM=6)__i4_@@LFtYqIhkgq zzS$NfB{_jyseZX3j*jMGk-i2=h5-fIWzJQ>RmLeE1?EMiNk&1r9;KmqmboRlsjdd- zIlv{XDmXJ;AuPz*%sjio*{>qmEzHZHBrqjEJ-whLGs!G0Bq=L3!oo1HxH36cKPShP ztHj*U**(9?)w#^c!@xT?GEh6)$=EZ(Bso0FJT*HsA|xl!y)wDXEIii}-L}%GDktM~ zh0M^PluXMI{S?#OWP?NtzcOQ!yc~~$qB27d-^2*FK$i%w%s`_=kFbb9uEM4ZEPsR0%2ZG1O7E;9$JAg9+nfviL)-%u^ovZh+>?Ei zBYcg5!p#$XjE(csLLwuB%+1q0{r$8}@+zE4OT9}o%PL*DiXxq|^UG6>vx_QB0{lH4 zT`jzQsysq{-8_7~Bg*~Cv`tLXolG*)%nLAbw`Y~3Z=s_?q?wC$Mw)4cp^vMjMSgC1 zUao7XcCdxHo1<50YH(?3iLZsZp|*jOerPgRQHZ&xSH5$aTZVI9Xr`sMufAiBlbdmF zhJ`_5aCnf5XL^1`QAS#BX|4%+NO~k0WEKP}R0JD%n1mXZ1~_Ns=DQfVyZIKG82V&e zx|&9%Y5V#6r0JU{hGv=v<~gNvm84~4msR*yMmSp(x(0g{`DYbnm*rUcMuwOBI;FTf zXN3Bs8~FJLh2*%R+h$ylqwig=kRF;>S!7{R5$qrCRO}e(<{6crX=YU5;$EETq@NZT z=9*;W8yIMr>X>E174BaVU|C>dl5T2fk!tDZ5$WYq=vv`sP!eDfXq4sT8=7vO9qf~v zVIH21Zd-7ni&L(nLT-d>X^usqSAJ2pS)zHWV|kuiL}7WFySuSTxJP1Asz*>tkc)|b zR=7tomy=VXNtM1|gt1SKW3H!bWO+$$pj&>ZX|hLPp`~Yjg|lavXNIFkK%N0cyoI`& zr6mU{q$HLH`-O+OWEBRKdU__M8N2DH>l?WQhFByg2S!9XMOLPir-X%TXF0oaW#l;( zIr}(g+A zxg^jcy(B{4!p$c!-BjN^#k(}qQaiIUEx0f}SU(>X1Dh-3eo!rbkO|zUUavY0;f{HO}9E-9jOXolZ)4+h-+_c=FAP;@hK+95}a?fO+ zk_xAMw_?wXLg%2u^b8l*$U^@B&)jUTZ0*WiW8b2PVy}oyW9`svmlUHAzfcb+e-G_2 z|BNydi=1SSLX)h3$WmW)zZK;cm1UJHq-hr!nx~W-BnPLPMg*mMyLhG;nK@T@L|UZg zWaQ)&Rl?6pc z6zPYiJ0|;b>FVk#6opupR26BLcxB{9mW3GTo4FJPg+v6nTZWodRGMTu`gsRMc;#oB z_=S6N$@+S8zr1s5{W>}R>x;tn-etb~Y+C3}zw&u?;Y~XOl{aUuW4*e{NM^a&+ciHL zTf@aIE356i#eQ;!JLTP-R3`v=A6Ei^5IN=PvLCW zk8?eo7r$^fvgB^%dU5J2%UgHXSAA7C_Spt|ulQOSJ$c!^rnSMlc3->U+vKz$Bl~cH VW=bCg+Ba$a~=S+ZAEWs;L=S&2#d z#E;_P1!2V@A&!=n*?E2z={aWJ`p(&r`W|_q$rh>MhHm-=!G#fp`k@7d#=)*!#+A8& z9tK%Xj@g#kCFM?`WhEIF?v_z0E>%UA{#AvUmXUs8P8MmEW$vz%;~B-n(}Dv+GQ*9N zP0A7t+)OiUWQqnD*3{y>u3_?@%Gs7(=pJf!U4|U7*Hg+>%lGB5GU^CH~d(lPWU`!%Vn>P4gUG13X-F9rKJG-7EYIOxy~>yvxHpio#2xf{lvxQvy=M%1nwX zoiWmvaY2s0ce#RZMzTqzNpV$TQea?Ws#ADLlzDDgic4NpWKelYUS?jAQ$}*7M}BCo zkqK8$V1ZA1L3(|tL1MOLxJ#g?S4E0xWR<>4XsV$}ag|S5aj1KRV`h%FX-YPiuCA^^ zYG_q8e~C+yNkB$uWMGkTp__SfW}%a%Z+Uq|v9Yg3Zf=EX zfVs1=Yf-o-m%d}5WpPwUT49-CXl6*1e`ZlZc$Al4dYM~fV1YqZm}O>Zlv%lDQJ$ge z#E;_PNlsNoF8RK$ZWSewL2miwk%^hE5lOC9S*}s3erZ|3Ays*9>AwDsMM33UM(M%f z*`+0Z{^5QudBu)_6>dou&c-H|8LlBEscz;LCPo>ViLSZEXnN+OEGB1(%2oJ&F{pJf!U&$aM(OD+$}$uczzFb{MIuB!A7 z3=Q`TDbo)x*Un6-^s6#7%@21i@((oOGA=R;*LL;RjwtXlH+6E2tT3pEaP*2WOY{yY zNc8heiLfxM401Oti^{V=j{)znB8#GO1)~go&-}{Dfbg);Ort^%_oRAvQ$rWGazn3V zUze=3^g=IlPfthF;5_53P_9y+oC;6x;NX(H>>R&{TizS~EGtaPG6T7MUCdJ|G77`8lXFrG%yRsKeIkv#{et}r3&PB@i_8ms`~tEnyu8zs zBZ|?jGcL%{_bylPEDttMbt#I-Ep_pB&MV4|G)@jO2{FhG_i_(UDvruc_sKFYHO)@) zb9Ll$3Cjz0F)XeR)h`Ok^RDy@HA*b@a`n$jF)ob^&2q|jjC9T@^$9I2clOEW($&>f zC^j?A&n?L`u*l6WFY|~h^NlF>jY==}aMw0<%F7RMt4dGG&k9IRE)GuSdj24+Pb{Op zMBH;jp^oI_Z*F(^PB!=bIrHG;lqX#(GKISoYR`9shUZPGF*kPDeCyxObHxmEpPY4b w{v^_I|Io!9QRcr2Or&;~F3WoC@mKNb)cE7a4owccGhwGm-eR>U78VW;0EWm?tpET3 diff --git a/secrets/bitwarden/details.age b/secrets/bitwarden/details.age index ffc2fa715987313c9e43c483631ea41a5a8b8418..acae7c7bb8e99451e61872cc0fcca3fa3ae1e0f4 100644 GIT binary patch delta 1068 zcmZqXZ04MxQ}1pWq;KL}o@rVf5EfD58*G%DUY2EH?4RoyU>R;4R$1m}S)AizVV0fe z$mQwlm1F7SU+$AwWtFko55@>GV zVv<+pT$vfkm7nh)YLe<|?313P?-uH8o*3+rljc&8m*VDEr5_%i>Zot(o@trqTADoZ zgG6|ecTu{(wu`H~Nxqv&x{tY6P++#BbE&^^eo|nzerkYgp?1DuewI;{M$s9RFDPkBJFd5V{_iDiXnTIl3>M)B~1O0V#&ykf($ zV2{+KvK#|yu3n!Epjt*yi3wNGcEFi+@icn z^$pC5Q=;56%94|V+`=OA^^KE5jPtoH^~+M6jQpMQ6DzVK1Ix-oeOD>*zWxxT#6w=k$IB-=T} zy}U}hI5DHdw6e(9t285$E6CD2BQK-CAf-IRD9^$*FF(S-BFe%ts30TXy)-Y>(mTDt zIXBzO*U2Cm-MX~QM8niT1;e0>q)4ywq^RH^cQ4Oui=yNVZ8O)xlobE8id#}cQ+tjNN&NK40LuQU%A z19a;=s~mj`9TnUPopQY^OrWO2d%5uu> zE}j$Yb@*J>4Y5*xam6qj$+~@0uFTp0;Qzjb5#|?Mp1Uot?_GTPKi`FOF`t|_yA@yd zHw`&%s&Y9~Oh4!PrN>+|dl~iyHwTn0lv(baI=$%0tLPjL&ndIz=TBo7UQs*ochd*M zPcBOR#jV%NxDjew0NH;RNz#dH^6i`pyqka@QMucMaU zv*W(ctQD7Dw>6MI+C-(HJAPxRJLfTtq7@s9c6zr~O;h-x@`6L>xqj--Js!Y!KpXXkk>4=VO%P z$`xwp>>VCb;%#7IU}Th6;gxL?;bduQmJ$)J9T1Uj5t*ZHQ5F^+k>Zu($)#(jP+Xj$ zo0?)|YHDbyU=mOjm7lI)WbAHYZt3EiYGPXKQkvxA?iyTb;T)M_To9NURuZml5@=Bo zRaIJL?rq@8m>TG6l53XY=9XjPl$~PiU1*eQV(3^}X5tg->|a)tZlFE! zgG9JnPKCCwMRth3qq%lySZa>GWoCI*Qf8K!Q;3hZWl>UoMT&k}fJb^%s0CMMg@u`y zhp~4+o=1L^X;qGwW2kXPMx}mgV5n1RN|CX1P*!G+UvPw9a{lCaM)7cuG;f0tGbgje z5KG6>Oh>mYvrO&$fTUy-|J>B#oJt=L?J^_x6ifdI_dqUFlhFJKCuff^C#NVk1COWz zQ%94C!U})G3=_v(?{L@BK&OzDw8|{U$l}Ro8O7_}Bi#c+GAhko!&1Y%4E@YQ0zxYt zE%QoCDqRe`g7OP}1N}Y2Q#1UsokF>SsSv_92LKf*AnFekFo zD5Kmf(Wl5S(Zk;})HgVpE3qKN(=w~P(#tQiOkdk1C^gT+$J5>0B-dO&%OfBp)XOKu zF(5g^(9k>*-MX~QM8niT1xxQNZ~YMWpsJj#?80!%An%|MXZ_H!iZs{aAXAGn{osiD z0`DZJtbh#XP_E)Aw}7H3PxrheqX3I!U(<3+KS%9ClR%T=2v3t@*HUwzKuZflZ6EJK z4BvTHIr|#n5U&yl?Fr_mzJdGNBM??mS*KtgqCG$SLOMK=xZA~rv?Oj za(SC38U}df))!Zn`MY@;n*_~(@S=9Y$LM{?=v>MEp| z7^DaJ7#4a5g;a#Pm-*&dRv88+TVw`S1qb^(XQqS{gqW43cvk2aCv$bo7Tf5Xl=G~@ z;GagV;3n(rc`w#FhX&4gC-Xq<(&^CCqQ~@mJtr{u^s|KXdHX|Owg9`m`a;tl+=_Z!_gcynrZDrFqn6>oj)O3U9bO%vt_7tRV3xSXvP zxp@7QeJkpde#dXBn9n&`cK@R{b*d&y4*%FAtP)~0IpO!_64hBdLK6i~eSW@?J*$0B z=;@W&sai!UPYzbpcd4x1;%mgH()T$xu1f15U)C*=RqskWl@H&abL8fhnd-_GXN+Ho F0|41_bz1-c diff --git a/secrets/bitwarden/id.age b/secrets/bitwarden/id.age index f6e46def36a6f34556012afe5e7e1ecdbd61369c..897ec179b662593c5640a6c390b1b176dd7a6571 100644 GIT binary patch delta 944 zcmZqYXy=%qQ(sY-Smu-ISL&LdZ0??C?wg!ZmLKfuY!p;f?B-IGX6ftd?iLxAW?JT2 z%oSDcpY0k{5|n9CS&67YTS>kG#6%v{l=;q>IQ4;1+>}!8gC?Oqt{ofDChVp!^A6dn-bYh)4OTA5y)YpiXO>7V3m9_;KJo@0?b z@uPTnQE*9UaY=quP?|xexqpeifqR}=Rf=J9pl@K7OO8*VMR2mKr>}8@Z-gsXK#)MP@;$ey&keP=s&3fk$9=ghfGFNM-iqct-K?j675SeC?=w zPj~Ima>pcnm(WnJ+-#TR)JkL1G`c9%!2dE%k!Oba@|cF!yHrn3Q|4Y(mjK-OU&G|OZ-af zg9^0+3{t()i@CxgEc^}JBEySZE1klE42?@H9J9+j3k|~x%H2}3eIvBXok9aWoT?%M zJkfpUS>@s@YS=2l;9mg$`oR%q_z(5!)UvnNL&bXMP{*@^yrrBp3H~*$JW}-Ki ew&}Bf3AnRJTP&Gz*Y`=G^_{*)xg$$fasU7nfjve5 delta 944 zcmZqYXy=%qQ*Rm;R1oDG;FTSm?&?@>79JeplTljfk{9CUksDQ7oz#;g_9UVqoFxWbB#|l$eoiX>6J7?pm1|X<+7G?v&(amSkLHnr7_d%B5?kP+Xj$ zo0?)|YHDbyU=mOjm7lI)np5QFV&oK-QJLp#P>`SE>J}22o)zj9Zk}6V>0acXn(O1^ z73FSGTojVcbXl&@1W8jwL?BQQXupXFqlt({yv z@uPTnQj)uWhNGi}yNR!7a!zHMe??wIeny#hL1u(kL3*}-QD}&BQdWMNxnVh%o3@LO zhox^yWROX^OOmBYwr`HVg?5o~c6gq?PqAfaKv-~8ns2#tNJRPMct-K?NCR``G%_|J}D%_0 z^3kpHta9`%bX3r`^eQqe^C@!<_Da!?^a&~Q_75_Ss&otruL{cXaWhKH%l1igNh&J{ z^5rtq_V@Sl$g0kn zuwQPZe{i5HSDt@?NkxF0Z<%LCsE4J0Xjqknld+G5yQg+&u2E`wmPeR@TY7GaUwOIj z#E;_P{*Jj}hTfS4MOpct>HYy8&XLKvsYazfnW2Uit||E$A>odu&Y6A&mF^Z?Ci*@e z*`_|u?nMQ@p21}WS!wy^fu$LFK}D{{mC0`IxOmmzn98y6@=ctKEklbF zqY}$pvmK*yJOeTlBZ|w5gEM^7i!1#CeDfnGpJf!U*UvY%wD2=aGW5;~O!M`%Ob<*m zu?TUq3^UJ*@DHj8HwpGHNG^zUF3s@d3JQyi2rrNFaq}^Y3e9p)%8hWUa?LW(4oEdB zFNksr@XRu;^svkh@+^-;j{)znB8#GO1#Lg0a(#=kG8c3GQg`DJ-^ltTZOgLU9R0GW z44>@$U~L0qZ&#O`z;M5eVlI!oRBhv6v$C*c)8Gp8Krd~7=b`}T5|d)n(&8v{C-d;~ z(&9X~K%d;;e01y5G7}9`0~G?iA|t)id<@<5bAn1N4ZNLAjZ(@&E2H#1vciMBaxKez z>qD}f%8H!*vje#zlFfq)LQF%Vd_w&FgM9prOIANLH4O5qtkBo@F0n95H4O0$_RJ19 z3v}elOZ9O~buO#VE6yf z2)A%D%g#wOut;;w&N1;WD9|=Yb@a$GcQVW}4v%zpNiHq-Ds%L74L7ym(zN*Nt|2>b z8>jG_Pje^CyZx*vepZS6l4~ogwk{RrtFc>@pVIo_`cJd1KSZ<)vUax?HEsFG7xHIy Lj8<73vvLyv0+==Y delta 925 zcmeyu{)K&lPJLjqkA7;Uxk-wLPegF8pG!%qOKxaEiAA_kX0S^{L1=ECeu_^>VYr1; zF_&LJa#m@1vUW*nrCC{SRibxjmUgb6vrkEGZmF3?R;7tcS!6+;k7IVIE0?aFLUD11 zZfc5=si~o*f=NJCRDQaGr(dW?R#I_EX<@dDU%pwOuUk?;Wv08CXL5>nKwws?cCeXa zZdhrGbH1x1mzRM_g;}a&NKtTNX?AILnM+WmS872?p0|EbRzPBrbEZc|N@|cnS#fgY z#E;_Pp23NgzHUAd<*AN=DOHZzk-5(0X#qj*#VPvvrrtRzxdoM>+7XTxrEZQ~N#>bG z5y@Va?)m;@nFeJMVP2X3=Gm4hQ3es=;V#Klj>U$?={}Z;mOd?O9>Tr13+E%RI_pJf!Uk8m%E3UT&HaxOCQ2nqIf)erW_ ziL~^O2v4dAPYm*p2z1Ia_6g2*$;)%)axM#~2+l|;@CorS^2*C|GpaJn4vW+dF3&Ib zw#X^UC@@P-G4pjUv~co8j{)znB8#GOh5Qg7-^{Gah}?>*++>pwUn?9@c(tV9cww3I4+^TJBwz$63Tsw6)jdgzIB0NmWG9$Udjs0>gLc$6yE3=YH3fxWnjC>;syh2JM+=D}Wjf|r#eL{i*tFrXV z{V}Zbta9`%bX3SM@yH5G^(!zA%Sy{F_KHmNbqOyn_o~oN&G&Mv$}@3ua`km{F3Zg` zNawON4D~E>@~w9=^m5E_are&jNlVF3PcbTRcgYM4cTV)l3<(JiDN0Y&4k_o-)zwun zay9YE^ej$vay7NIjI8v_Du{{-)7OtG@F*`%@^SMvNOy?}_4KZAbGG0Tjr^demT@WO zQq*4usXqzN*UA~6Sj+G+z3?J`V@!>O*mC)^)#eh)yv$ccI!eO*?>_!Ccm6)s;w{DR K?xtIx$p!$%j5<94 diff --git a/secrets/discord/token.age b/secrets/discord/token.age index 5d5e1e329e0b6505a8cade83a6faa19ba1409976..4def5264b4f7a371249f683141a0df5e90e9893c 100644 GIT binary patch delta 1055 zcmey$@s(qOPJLRIaYU+XX=FfAXi2$AV6bU~TUw}DQi!=@Nw#CKfkCK~V`8L>o0n%q zF;_~3M`C)hZ>gbwW`&!3dWCU?pOdAzpHD_fV3cuYp07n{uuD)uu$O6IF_*5LLUD11 zZfc5=si~o*f=NJCRDQZbg@2-FW|FsgnWI5vYE_ntn_HSid2yOwrN6ODnT2^&sYifm zl|gt_wrf}Lr3Rt?9wljoA<0F-u9czL9%kj{ML`B!p$54* zfgVK_VYw!z={ZqBrbeM9ZiQLNh7m#O{>k3?rrEx^Sy_gW-UY>z;~B-nJ(J6Wi~YPx zjZGtslB0@TEh=10vWlHeqqL2jjJ&d4Oj69sl1nVoLMj8fg3WW1Q+y4=l8wWPEOU$V z!!zAIi`?`5jr{!#{i4iF^uvOEa&jtj3<{GcpJf!U&#w$FO*IaUa;hp%)Hcl5&yFZ8 z3wIApE3eegbxN#A3=azTPcb(#aSux8%5Vx#4am_qGAhe(Gxp4>Gzc|J$_g&=&2uX? zEA=){PO}KfH!7+y4Ty+Dj{)znB8#GOh2*3NKkd*|e@AE2q{vDWi^Tf0V(%>Ps}^IR%Z3sOQ1O3JlEqAYSPi!8j03f(h` z!}HOt^Q?08Ep${UNGuLYEDlM|2#hePFe)|j@((PCEG;g~4-d`tEQ-v~FU%{*^o>dl zcZ%dn3ODiaE%U68taOXa%5>2#GW9QTEiFqb&T};^DX#Jks7iDxFVA*%b<_6b($&>f z@HeQ;axY8@Os{bEH}^_6HE_@N@D9<=%ye>diVASfEe#sgrzodw*nom4YqR7@=b<*CZ-c3{YadjQG(G_NW zb-eqFME8_;QZK%pIjb46Pwmg{Y-{VLM|W3m_T@Ypy(Qq(xw)kmE3C!8i8x(k`gnKw tJyw$+?|Zi%vfFU=g?Romv5X}lcNH|Fg|^Ljm2hLG!q(8c54(kr0sv&~dm8`% delta 1055 zcmey$@s(qOPJN|gM44e^nrX6Ys*8nDuxFm3SB`mNQbb~kr>jR|YGAsbn}wlgX{cXt zF;{55sZo%7ptonKt4VM{utjiaNxF7!sdjLfxp9h-MX-fskfo7ffO&pMF_*5LLUD11 zZfc5=si~o*f=NJCRDQZbsnPGX5ady7z z#E;_PPPy7%;pypR9*&_IM(O2V$(hdDWqvtX>4{~(1*i-OZa3SBJC5*>ZrqcY8_id`*J6O$7iJ&Qa%%rgSHEJ{79(sPadN+T;${8LR* zO#__G(v3{LgVS@93d)Pk^m8lB^po;RwaX$WpJf!U4>a`i_sO$JDk~1kPR|K&DvL-B z@HO&J&kOR(sR%1_Gc8LGGS*IW3CZ*2N=zzqDJrc94lUOYF)udH^m0pb&2_WPtH^Q; z@k}wO$_Xyd^A9(Pa1OwT0q?LPi=uJ`H+{?E%xrgaU$^{}u#(7R{d%Xs%-m4#eC-V9 zyy8+%)6$Bn68EgcWPitEuA(sCkcfQaf(mbcS96!-ko-(b@UsD)SOo^axMOOf*alRB%sBGbu98_suK~@b@byE;2OFDs(Ffj!Z8xOY}BQt8{m& z_XyI@PR(Ni%2cZ@+&Ni z^hCGLv&zx8&{3h-yDBx*GT1H0tvsOIyvoZXEl0o9w6e0;B-F{LD5)YR#6Kw{!nG