darkkirb/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

Merge pull request 'update' (#161) from update-flake into main

Browse source 
Reviewed-on: #161
This commit is contained in:
Charlotte 🦝 Delenk 2023-08-06 11:21:57 +00:00
commit 11ee5c5de7
Signed by: gitea-bot
GPG key ID: C9974EDF9932B558
15 changed files with 108 additions and 320 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
config/installer.nix
View file

@ -14,4 +14,5 @@
boot.supportedFilesystems = lib.mkForce ["bcachefs" "vfat"];
boot.kernelPackages = lib.mkForce (pkgs.linuxPackagesFor pkgs.linux-bcachefs);
networking.hostId = "8425e349";
nix.settings.post-build-hook = lib.mkForce "true";
}

1
config/instance-20221213-1915.nix
View file

@ -14,7 +14,6 @@
./wireguard/public-server.nix
./services/named-submissive.nix
./services/shitalloverme.nix
./services/chir.rs
./users/remote-build.nix
./services/atticd.nix
./services/minecraft.nix

1
config/netboot.nix
View file

@ -14,4 +14,5 @@
boot.supportedFilesystems = lib.mkForce ["bcachefs" "vfat"];
boot.kernelPackages = lib.mkForce (pkgs.linuxPackagesFor pkgs.linux-bcachefs);
networking.hostId = "8425e349";
nix.settings.post-build-hook = lib.mkForce "true";
}

81
config/nix.nix
View file

@ -5,10 +5,30 @@
system,
attic,
...
}: {
}: let
attic-client =
if system == "aarch64-linux"
then attic.packages.${system}.attic-client
else pkgs.attic-client;
post-build-hook = pkgs.writeScript "post-build-hook" ''
#!${pkgs.bash}/bin/bash
set -euf
export IFS=' '
until ${attic-client}/bin/attic push chir-rs $OUT_PATHS; do
sleep 5
echo "Retrying..."
done
'';
in {
imports = [
./workarounds
];
sops.secrets."attic/config.toml" = {
sopsFile = ../secrets/shared.yaml;
owner = "root";
key = "attic/config.toml";
path = "/root/.config/attic/config.toml";
};
nixpkgs.config.allowUnfree = true;
nix = {
settings = {
@ -27,6 +47,7 @@
"riscv:TZX1ReuoIGt7QiSQups+92ym8nKJUSV0O2NkS4HAqH8="
"cache.ztier.link-1:3P5j2ZB9dNgFFFVkCQWT3mh0E+S3rIWtZvoql64UaXM="
];
post-build-hook = "${post-build-hook}";
auto-optimise-store = true;
};
package = pkgs.nix;
@ -40,40 +61,6 @@
};
buildMachines = with lib;
mkMerge [
(mkIf (config.networking.hostName != "nas") [
{
hostName = "build-nas";
systems = [
"armv7l-linux"
"powerpc-linux"
"powerpc64-linux"
"powerpc64le-linux"
"wasm32-wasi"
"x86_64-linux"
"i686-linux"
];
maxJobs = 12;
speedFactor = 1;
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark" "gccarch-znver1" "gccarch-skylake" "ca-derivations"];
}
])
(mkIf (config.networking.hostName != "nutty-noon") [
{
hostName = "build-pc";
systems = [
"armv7l-linux"
"powerpc-linux"
"powerpc64-linux"
"powerpc64le-linux"
"wasm32-wasi"
"x86_64-linux"
"i686-linux"
];
maxJobs = 16;
speedFactor = 2;
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark" "gccarch-znver2" "gccarch-znver1" "gccarch-skylake" "ca-derivations"];
}
])
(mkIf (config.networking.hostName != "instance-20221213-1915") [
{
hostName = "build-aarch64";
@ -85,30 +72,6 @@
supportedFeatures = ["nixos-test" "benchmark" "ca-derivations" "gccarch-armv8-a" "gccarch-armv8.1-a" "gccarch-armv8.2-a" "big-parallel"];
}
])
(mkIf (config.networking.hostName != "vf2") [
{
hostName = "build-riscv64";
systems = [
"riscv32-linux"
"riscv64-linux"
];
maxJobs = 4;
speedFactor = 1;
supportedFeatures = [
"nixos-test"
"benchmark"
"gccarch-rv64gc_zba_zbb"
"gccarch-rv64gc_zba"
"gccarch-rv64gc_zbb"
"gccarch-rv64gc"
"gccarch-rv32gc_zba_zbb"
"gccarch-rv32gc_zba"
"gccarch-rv32gc_zbb"
"gccarch-rv32gc"
"ca-derivations"
];
}
])
];
distributedBuilds = true;
};

1
config/nixos-8gb-fsn1-1.nix
View file

@ -31,7 +31,6 @@
./services/rspamd.nix
./wireguard/public-server.nix
./services/shitalloverme.nix
./services/chir.rs
./services/atticd.nix
./services/wordpress.nix
./services/initrd-ssh.nix

2
config/services/akkoma/default.nix
View file

@ -31,7 +31,7 @@
name = "akkoma-static";
src = pkgs.emptyDirectory;
nativeBuildInputs = with pkgs; [xorg.lndir];
akkoma_fe = pkgs.pleroma-fe;
akkoma_fe = pkgs.akkoma-fe;
akkoma_admin_fe = pkgs.admin-fe;
inherit fedibird_fe;
tos = ./terms-of-service.html;

31
config/services/chir-rs.nix
View file

@ -1,31 +0,0 @@
{pkgs, ...}: {
systemd.services.chirrs = {
enable = true;
description = "chir.rs";
script = "${pkgs.chir-rs}/chir-rs-server";
serviceConfig = {
WorkingDirectory = pkgs.chir-rs;
EnvironmentFile = "/run/secrets/services/chir.rs";
};
wantedBy = ["multi-user.target"];
};
services.caddy.virtualHosts."api.chir.rs" = {
useACMEHost = "chir.rs";
logFormat = pkgs.lib.mkForce "";
extraConfig = ''
import baseConfig
rewrite * /api.chir.rs/{path}
reverse_proxy {
to http://localhost:8621
}
'';
};
services.postgresql.ensureDatabases = ["homepage"];
services.postgresql.ensureUsers = [
{
name = "homepage";
ensurePermissions = {"DATABASE homepage" = "ALL PRIVILEGES";};
}
];
sops.secrets."services/chir.rs" = {};
}

84
config/services/chir.rs/auth.nix
View file

@ -1,84 +0,0 @@
{
pkgs,
system,
chir-rs,
config,
...
}: let
d = "$";
dhallConfig = ''
let password = ${config.sops.secrets."services/chir-rs/auth/password".path} as Text
let BaseConfig =
{ Type =
{ database_url : Text
, listen_addr : Text
, redis_url : Text
, asset_path : Text
}
, default.listen_addr = "[::1]:5621"
}
in BaseConfig::{
, database_url = "postgres://auth_chir_rs:${d}{password}@nixos-8gb-fsn1-1.int.chir.rs"
, listen_addr = "127.0.0.1:7954"
, redis_url = "redis://:${d}{password}@nixos-8gb-fsn1-1.int.chir.rs:53538/0"
, asset_path = "${chir-rs.packages.${system}.chir-rs-auth-web}"
}
'';
in {
systemd.services.auth-chir-rs = {
description = "auth.chir.rs";
after = ["network.target"];
wantedBy = ["multi-user.target"];
script = ''
export CONFIG_FILE=${pkgs.writeText "config.dhall" dhallConfig}
export RUST_LOG=info
exec ${chir-rs.packages.${system}.chir-rs-auth}/bin/chir-rs-auth
'';
serviceConfig = {
Type = "simple";
User = "auth-chir-rs";
Group = "auth-chir-rs";
Restart = "always";
};
};
sops.secrets."services/chir-rs/auth/password".owner = "auth-chir-rs";
users.users.auth-chir-rs = {
description = "auth.chir.rs";
home = "/var/empty";
useDefaultShell = true;
group = "auth-chir-rs";
isSystemUser = true;
};
users.groups.auth-chir-rs = {};
services.postgresql.ensureDatabases = [
"auth_chir_rs"
];
services.postgresql.ensureUsers = [
{
name = "auth_chir_rs";
ensurePermissions = {
"DATABASE auth_chir_rs" = "ALL PRIVILEGES";
};
}
];
services.redis.servers."auth_chir_rs" = {
enable = config.networking.hostName == "nixos-8gb-fsn1-1";
port = 53538;
save = [];
requirePassFile = config.sops.secrets."services/chir-rs/auth/password".path;
bind = null;
};
networking.firewall.interfaces."wg0".allowedTCPPorts = [53538];
services.caddy.virtualHosts."auth.chir.rs" = {
useACMEHost = "chir.rs";
logFormat = pkgs.lib.mkForce "";
extraConfig = ''
import baseConfig
reverse_proxy http://127.0.0.1:7954 {
trusted_proxies private_ranges
}
'';
};
}

5
config/services/chir.rs/default.nix
View file

@ -1,5 +0,0 @@
{
imports = [
./auth.nix
];
}

42
config/services/hydra.nix
View file

@ -80,10 +80,6 @@ in {
<git-input>
timeout = 3600
</git-input>
<runcommand>
job = *:*:*
command = cat $HYDRA_JSON | ${pkgs.jq}/bin/jq -r '.drvPath' | xargs ${pkgs.nix}/bin/nix-store -q -R --include-outputs >> /var/lib/hydra/queue-runner/upload-queue
</runcommand>
max_concurrent_evals = 1
'';
giteaTokenFile = "/run/secrets/services/hydra/gitea_token";
@ -152,6 +148,7 @@ in {
chown -Rv hydra-queue-runner /var/lib/hydra/queue-runner
ln -svf ${sshConfig} /var/lib/hydra/queue-runner/.ssh/config
'';
<<<<<<< HEAD
sops.secrets."attic/config.toml" = {
owner = "hydra-queue-runner";
key = "attic/config.toml";
@ -186,4 +183,41 @@ in {
OnUnitActiveSec = 300;
};
};
||||||| 15708fb6 (move attic push to hydra runcommand hook)
sops.secrets."attic/config.toml" = {
owner = "hydra-queue-runner";
key = "attic/config.toml";
path = "/var/lib/hydra/queue-runner/.config/attic/config.toml";
};
systemd.services."upload-hydra-results" = {
description = "Upload hydra build results";
serviceConfig = {
Type = "oneshot";
User = "hydra-queue-runner";
Group = "hydra";
};
script = ''
set -ex
if [ -e /var/lib/hydra/queue-runner/uploading ]; then
cat /var/lib/hydra/queue-runner/uploading | xargs ${pkgs.nix}/bin/nix-store -r | xargs ${pkgs.attic-client}/bin/attic push chir-rs
rm /var/lib/hydra/queue-runner/uploading
fi
mv /var/lib/hydra/queue-runner/upload-queue /var/lib/hydra/queue-runner/uploading
cat /var/lib/hydra/queue-runner/uploading | xargs ${pkgs.nix}/bin/nix-store -r | xargs ${pkgs.attic-client}/bin/attic push chir-rs
rm /var/lib/hydra/queue-runner/uploading
'';
};
systemd.timers.upload-hydra-results = {
enable = true;
description = "Upload hydra build results";
requires = ["upload-hydra-results.service"];
wantedBy = ["multi-user.target"];
timerConfig = {
OnBootSec = 300;
OnUnitActiveSec = 300;
};
};
=======
>>>>>>> parent of 15708fb6 (move attic push to hydra runcommand hook)
}

151
flake.lock
View file

@ -36,7 +36,7 @@
"nixos-config-for-netboot",
"crane"
],
"flake-compat": "flake-compat_5",
"flake-compat": "flake-compat_4",
"flake-utils": [
"nixos-config-for-netboot",
"flake-utils"
@ -66,35 +66,7 @@
},
"cargo2nix": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": [
"rust-overlay"
]
},
"locked": {
"lastModified": 1678094756,
"narHash": "sha256-FoVmeU9ITOhKO/wQt76JMZsIDxfNmzgkqHud6hrHB18=",
"owner": "DarkKirb",
"repo": "cargo2nix",
"rev": "a2c22af726db8fca367865d6631b3f321eadc647",
"type": "github"
},
"original": {
"owner": "DarkKirb",
"ref": "release-0.11.0",
"repo": "cargo2nix",
"type": "github"
}
},
"cargo2nix_2": {
"inputs": {
"flake-compat": "flake-compat_6",
"flake-compat": "flake-compat_5",
"flake-utils": [
"nixos-config-for-netboot",
"flake-utils"
@ -154,35 +126,6 @@
}
},
"chir-rs": {
"inputs": {
"cargo2nix": [
"cargo2nix"
],
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": [
"rust-overlay"
]
},
"locked": {
"lastModified": 1688145001,
"narHash": "sha256-jQrLJfqidtu4g4BauAO711jMhWW6H/qsUv6uE4nsBBs=",
"owner": "DarkKirb",
"repo": "chir.rs",
"rev": "649ae1226aba98742b08ba3292caf173c3323fdc",
"type": "github"
},
"original": {
"owner": "DarkKirb",
"repo": "chir.rs",
"type": "github"
}
},
"chir-rs_2": {
"inputs": {
"cargo2nix": [
"nixos-config-for-netboot",
@ -272,7 +215,7 @@
},
"crane": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_2",
"flake-utils": [
"flake-utils"
],
@ -299,7 +242,7 @@
},
"crane_2": {
"inputs": {
"flake-compat": "flake-compat_7",
"flake-compat": "flake-compat_6",
"flake-utils": [
"nixos-config-for-netboot",
"flake-utils"
@ -543,11 +486,11 @@
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
@ -559,11 +502,11 @@
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
@ -589,22 +532,6 @@
}
},
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_6": {
"flake": false,
"locked": {
"lastModified": 1650374568,
@ -620,7 +547,7 @@
"type": "github"
}
},
"flake-compat_7": {
"flake-compat_6": {
"flake": false,
"locked": {
"lastModified": 1668681692,
@ -636,7 +563,7 @@
"type": "github"
}
},
"flake-compat_8": {
"flake-compat_7": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@ -842,11 +769,11 @@
]
},
"locked": {
"lastModified": 1690910850,
"narHash": "sha256-diLPKIDpR9zubqGl0wPFKMNPV9QpT/eNkqUN2dSt19o=",
"lastModified": 1691225770,
"narHash": "sha256-O5slH8nW8msTAqVAS5rkvdHSkjmrO+JauuSDzZCmv2M=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "8c731978f0916b9a904d67a0e53744ceff47882c",
"rev": "0a014a729cdd54d9919ff36b714d047909d7a4c8",
"type": "github"
},
"original": {
@ -879,11 +806,11 @@
"hosts-list": {
"flake": false,
"locked": {
"lastModified": 1690922836,
"narHash": "sha256-+RVOzOqw/09okCQop9l5x5dYq+UpweyvqEUo/NS/oxo=",
"lastModified": 1691281799,
"narHash": "sha256-VtrnU7JLW6sri0FHgRVDUmtxwCplYN1aPmP6hgV+Hoc=",
"owner": "StevenBlack",
"repo": "hosts",
"rev": "439665cb9aecf57416afdf5c8b01ef3762a0326a",
"rev": "86956052240f198dad3d3a9b74b9c3a4e0f71340",
"type": "github"
},
"original": {
@ -1151,7 +1078,7 @@
"attic": [
"attic"
],
"flake-compat": "flake-compat_4",
"flake-compat": "flake-compat_3",
"flake-utils": [
"flake-utils"
],
@ -1163,11 +1090,11 @@
]
},
"locked": {
"lastModified": 1690965637,
"narHash": "sha256-Xnj+lrHlq0GThMXclLjF75UQKOPNYEwCJrovY9FbLVw=",
"lastModified": 1691311850,
"narHash": "sha256-o3sH1tqo/qDG8U0/2V2aYwwL0njluRzqJGvLlsI+HIQ=",
"ref": "main",
"rev": "a83cd9cf995c5908ad624b2a66cb46c779f6f6b1",
"revCount": 972,
"rev": "a07d703ffd3ec1a6f0061cb0abc9e2fdadba5589",
"revCount": 976,
"type": "git",
"url": "https://git.chir.rs/darkkirb/nix-packages.git"
},
@ -1183,7 +1110,7 @@
"nixos-config-for-netboot",
"attic"
],
"flake-compat": "flake-compat_8",
"flake-compat": "flake-compat_7",
"flake-utils": [
"nixos-config-for-netboot",
"flake-utils"
@ -1235,8 +1162,8 @@
"nixos-config-for-netboot": {
"inputs": {
"attic": "attic_2",
"cargo2nix": "cargo2nix_2",
"chir-rs": "chir-rs_2",
"cargo2nix": "cargo2nix",
"chir-rs": "chir-rs",
"colorpickle": "colorpickle_2",
"crane": "crane_2",
"dns": "dns_2",
@ -1292,11 +1219,11 @@
},
"nixos-hardware_2": {
"locked": {
"lastModified": 1690957133,
"narHash": "sha256-0Y4CiOIszhHDDXHFmvHUpmhUotKOIn0m3jpMlm6zUTE=",
"lastModified": 1691305349,
"narHash": "sha256-0Pig7jnmuRH3c5dOTVTOvTLwo2CRzYTyvJRQ82HWRSo=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "24f9162b26f0debd163f6d94752aa2acb9db395a",
"rev": "5426a95071d0b9782b3209b3995cde1f5689616e",
"type": "github"
},
"original": {
@ -1418,11 +1345,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1690965391,
"narHash": "sha256-ttki7YeMVKycRF3BlBeIhhc+8DpquTj7NO4vXKU9CzU=",
"lastModified": 1691311929,
"narHash": "sha256-Nj0aStA+zzENk+epxUMyymbmcX7wizMHc3oCfx8n0bY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3475fdeeea0ac11aa0210328ef2c5e53e5dcfd2f",
"rev": "4d590fb4e09fc8d0fa8417203b948addb36bb660",
"type": "github"
},
"original": {
@ -1448,11 +1375,11 @@
},
"nur_2": {
"locked": {
"lastModified": 1690960973,
"narHash": "sha256-8uBIS3fFCKHccV6iyAzg1cNdWydtE4NLADH62F9Z4Oo=",
"lastModified": 1691311438,
"narHash": "sha256-7ADj2e5jmp01vAY9fCR8w1h8ppoYghzsOjbgN7xW6e0=",
"owner": "nix-community",
"repo": "NUR",
"rev": "4d77f55fc328f46db035ed01dbdad8319954fd73",
"rev": "d8db2ba5c97665fe7ccbb8e307155b77b0c9e72f",
"type": "github"
},
"original": {
@ -1464,8 +1391,6 @@
"root": {
"inputs": {
"attic": "attic",
"cargo2nix": "cargo2nix",
"chir-rs": "chir-rs",
"colorpickle": "colorpickle",
"crane": "crane",
"dns": "dns",
@ -1522,11 +1447,11 @@
]
},
"locked": {
"lastModified": 1690942540,
"narHash": "sha256-eafSSO3Y+/TFuy+CHKyolYfGvC33IAWNx4W2NA7LfZM=",
"lastModified": 1691287991,
"narHash": "sha256-jAfKjfK1X73Zg/utl2pDdD5nBY53zLSLeTFWQLZM7jo=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "aa3994f054038262df55122dfa552b9eab71a994",
"rev": "5cf31bca06641e115b9217e682d85d4d23486e61",
"type": "github"
},
"original": {

13
flake.nix
View file

@ -11,19 +11,6 @@ rec {
inputs.nixpkgs.follows = "nixpkgs-for-crane";
inputs.nixpkgs-stable.follows = "nixpkgs-for-crane";
};
cargo2nix = {
url = "github:DarkKirb/cargo2nix/release-0.11.0";
inputs.flake-utils.follows = "flake-utils";
inputs.nixpkgs.follows = "nixpkgs";
inputs.rust-overlay.follows = "rust-overlay";
};
chir-rs = {
url = "github:DarkKirb/chir.rs";
inputs.cargo2nix.follows = "cargo2nix";
inputs.flake-utils.follows = "flake-utils";
inputs.nixpkgs.follows = "nixpkgs";
inputs.rust-overlay.follows = "rust-overlay";
};
colorpickle = {
url = "github:AgathaSorceress/colorpickle";
inputs.naersk.follows = "naersk";

6
secrets/nas.yaml
View file

@ -30,8 +30,6 @@ email:
password:
root: ENC[AES256_GCM,data:edK/dud41KmbX6v8Mxn1vVcaCwG0x4YhGjqLTw3oAigmwixTovz+4yUDrkjTQLb3/eMClqQJnjcJsRBv4chSu+UuNorKIsPM0IX9mkTmVH2soGmdPB21HXOXmisGu33oOyhyojbvlaWlFw==,iv:GiXRuhJVPgkAAp7OYufzXtHusnSPOfAP0ztdAtn14GE=,tag:nIOus2VvzE6d+r/aJOLCBw==,type:str]
darkkirb: ENC[AES256_GCM,data:vmI8B7PWeoKTwOywaGmJmD9gWb09eDcmchx241XrfNvT9QseuSElDTb3OajHornt/OFBPh7EtNi/y1BHF1+DZq0i1tmhYuJy24BLuCPH9VpCb5s5xZZCVtOC6w3qUGqIlLQHYN0Fp1Ap5A==,iv:KkcLQDJSDqeFr3gDByb66MOx8/PbpKpvM9Ym+KMB3jc=,tag:wLLOU4RhWnS+DDSOQLrLHA==,type:str]
attic:
config.toml: ENC[AES256_GCM,data:060O5ICRHpkfTIdrkrLjlJSFKh7HCcMuETkRwf8zSaPQO7NTYnX6nQjd0mYcWZvBPQF3l8cVovja19nKMQAUGTzkBxkpvfylG+UMAfxEpuwTzypyzBwLXQOZPXqdXoEKPu0ghx1nojF08CLALDMlM8J/I7KrlofmSWGO+7142EAhrf1ov5IFmfHBn1vJvfa9aSVKnYDXmMpimO8zxc876YiBiHPe9srTpAlyOu/aOiev0fRmZfWGt7X7/lBap1AcDZFvoe/8Hs0Nb1GSE4ZW9WLPBMFigGK10fCgmlk8rTkaXTNCdZ/yJ24lugganFwssET6HBS/nmDLLMjPkZ0n+6U+JdDcRtXQXq9nwFG9TpMvX9i9K1z24F1/maQ2qUS0OB/YQ/pADLJt/xYfuzfB70FHpN2YYn2Lcmup3xKvbfAL9BFJCA==,iv:3wCOLgoqKoycuitBrQCccRRYulfrhI0a5K8vARU2MM4=,tag:/Zggqm+3CCcUwyc9ubhqcA==,type:str]
sops:
kms: []
gcp_kms: []
@ -47,8 +45,8 @@ sops:
WnV3QWxtalIzWFdoQmpDTmJsNGdNOW8K++rFGXy0G6Gcu2gQwSP6xfXInQ/y5nh5
2oGp8sfOLFWnNI4SWL0ChP47K3C/9ysUHwQnUYPbRafZ/4X6cN40ZQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-08-02T17:25:38Z"
mac: ENC[AES256_GCM,data:iu4NhBQHLTuGAG70rSedcI2cwwDZpzLu18cIxO9JaVRWVanDoYTDXd9sDC7H8oBOmLnypYpXc4kOMCwsY9475W+Yi3HxHWlkcWAPWxAsJL5nIkC7Q9CwrwSCpwtsPyebsLzl299lYPjsNsLpQ6ft/GWnwAn5ISIkKV91k9hduz0=,iv:IB8YVkok7NrX2ayu2iQcwzsP/Tl+WXxjfvQ/1DkRUlk=,tag:z2tlvGWpEbXFrCmuKwUdbA==,type:str]
lastmodified: "2023-06-06T07:06:29Z"
mac: ENC[AES256_GCM,data:iuH+6PiDx+8iQlxds8/twFNaf2g2JuuBpCfQIppRxZPEWeVvWpLEaMEuFk+kKZagIrFIhl9LhyXXVqaGKDnXHmo3bOAGksWNq51PWlCODIe1gfWN6hMZHWFrZlcxv0JjyH2Zqou3udsEIc+Fkj3llGYeiNJw30M0lLhd9ORa5tA=,iv:Kdse9i3iT+Iuhxf6c7zGzgA/Jy3mDmGegQ+xcMqnXzk=,tag:ooWhhNvVbLPl+H6R9VODhw==,type:str]
pgp:
- created_at: "2022-04-24T10:34:20Z"
enc: |

6
secrets/shared.yaml
View file

@ -2,6 +2,8 @@ aws:
credentials: ENC[AES256_GCM,data:/I+mc7fHdztMu9ixDz+LBq/rR7xOni9e7ODoCEStsU/VwuwnelyedeD0OAIQsLozxP1Jss972Uq9K3RfT6HzHLEMZebjyiVGGN7wpWFpdjE4ZQtFAGpTd46vSSQn4K53DDIKO/S8zpuNw52cnHPqCg==,iv:5VaIfB94Jm3/z8RB+4+kGuRco/WncJ7Uo1qS/Xi3+BE=,tag:pyoLebONcWWAKp1OliqFUw==,type:str]
ssh:
builder_id_ed25519: ENC[AES256_GCM,data:aRcRkZS9TXsFas1xz044OECF59bQMepukSQUMFr652MXsW99O9ANuhQ7C2i3HuXtDjrWKfgrsrWQh0R41JuLoENEEd0O0y1k+uHzjtdE0CrzqIdRFwRNUbvrJ4D8S1yEdNoQCjrznvH5pegLpn8h19BQaC755QfkKxhYHQpN0Xkt5JKgZBEYShkEyTn7EhgjRMyKQzQo47TsYBU7S4qi6a4nhjv67MuIZ2Y7R2F5n8ZyFgGjgktcm0GHKq37xvFcFEa4h+vxhzu5Dtb6VfwYqUVApL1C2zv9hhZpx5sBa2/fvEg5awm9cnfnfipFUe1ceEz9zUbZAd4fUKYDvfHC+3KX1CXGauA44nXNz2XDDn3f6DTh/DrbARx4Fi9R5Gcnm8c0OfDxHEgARYIWdjfnf1h1qhTxf9Iau+bYTc7IhlenS/6S8w56XtScVkg/VVQhXZFQy0TFIWe/Sa8k1ArTok0I5Hl31gpCq1HUVkXNO/917RVDhJt42pIEA7Lwd48QXSkmRx+46F3VKjQEC0qj/VRNhd8ZHU66IdxG,iv:6YG9KmaDnwHEe14Rx9SlkFxg+u1w7F98yN17rg3ebe4=,tag:4PbNcBDCh9yloSij/ajBqQ==,type:str]
attic:
config.toml: ENC[AES256_GCM,data:m8aFjTl2B3E+r3TsQ37M75aOu+Du1iNpIfzD597xKhX5AVrVzENiDrMdiXCFL3kCiPpuMf/Dg0M9M7Q1VMKPKBGI+Ppaet/2m20NAwQCXcWoGMVQooEdkbak+cUvnoPoo8zmSW3rzqCeaK4V0uAKyD7xynyZokEZ9tM33XJLmNSZ64qCYbCckzUYX9Y4KguzQETpFbIzuu2naXn+gcLJedN21/G1i/TKsKA1QyC6YPvY66e9BSIo9eMKUW7PhUbKUpGZ9L+geW6k1HMX7n5D6hYcaigq8bdhRmW9hRb21IQd2fMptVSidV7vVC8BLPX4rwqE1OPjzd61p1SYa2F938053YaTnjjJJzdmbSnj0b9IBdEJJSCRl9j2fGtxVULCgmjjTKMFF/d6zAIYmAm8XcfRw2Su1DPWQq1W9HSbLk8OasWRSg==,iv:ai7IqG/Bc0UC5cO7qgvY54CUC3VSApjj3sEfZhPx6KA=,tag:WoxisyaBS15fSP0q5muJ6A==,type:str]
tailscale: ENC[AES256_GCM,data:OUbgLSvG3VokdF7zcZrun7KNSU0RJwLJeLDSDz4yutFJWIpgMH9vpMl4NsEXPbzNkEvi2ElmQ5Qz,iv:1NmaEp6FnzKc9Y+X66heZGqs4eg1NhAFn9RyutdTfx8=,tag:ec2iD4PHJQtbnXV3rCzoGQ==,type:str]
sops:
kms: []
@ -72,8 +74,8 @@ sops:
MmtjczU3TTVrUHMzN0lYclRoUXcrYXcKXl1y2wq/24VgTtYwMwIMRb+9AERFLT6M
vWPCs+N4rBja2WmtmPSNNL70UF8ZAQ93dBLq2Ao65N1YRG5XE8zbNQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-06T09:11:09Z"
mac: ENC[AES256_GCM,data:XujFjvx73/z+hmk4f4tRRvwl/ML25YOZw6etr0P9lhcXlYPelIrqvVLO1vmobt8TYDzngAHdHSNNlhInw00KO73luOLcQhL/1DVMqTgeMSC11ReUhd5KOZLVXOSP0+8ADLXgbGGGY8DyPnZtr1ZWa3dDIBFPt5ZD7RzWz1qKnJ4=,iv:kYPLpSrLEu9pkWw0iwqKmH6Mm8sFjAstr06mcAWnUEU=,tag:NQjXV8sHUrjU//AQJ+4E+Q==,type:str]
lastmodified: "2023-08-05T15:42:16Z"
mac: ENC[AES256_GCM,data:XGFOI0KvU9aZmJ8HbNujE4X7BFBaC8YlB8NcVaAhtAZGSPcomEfNFVbF/zOFPPD7/5vblNVrdEt3Mxw+uwaPutva+ltx/+6Zk6uywOOcNvWVrlWV0yPXL2IwrH4gFUXt6HkZ6x2ASIBDm0qRwlAxO0lL/1ibey6V08kBlsk8lFc=,iv:7U3kgJNO69RyVnxdEn6u8Kz3QWG5G3EXuVWjZWOPWuE=,tag:I6zKBfXqwspWOqg7uRXfHA==,type:str]
pgp:
- created_at: "2023-03-27T16:00:59Z"
enc: |

3
zones/chir.rs.nix
View file

@ -144,7 +144,7 @@ with dns.lib.combinators; let
SOA = {
nameServer = "ns1.chir.rs.";
adminEmail = "lotte@chir.rs";
serial = 35;
serial = 36;
};
NS = [
"ns1.chir.rs."
@ -239,7 +239,6 @@ with dns.lib.combinators; let
akko = createZone {};
peertube = createZone {};
mediaproxy.CNAME = ["mediaproxy-chir-rs.b-cdn.net."];
auth = createFullZone {};
attic = createFullZone {};
cloud = createZone oracleBase;
lotte = createZone {};