darkkirb/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Merge pull request #300 from DarkKirb/add-rainbow-resort

Browse source 
add rainbow-resort
This commit is contained in:
Charlotte 🦝 Delenk 2023-12-06 18:28:23 +01:00 committed by GitHub
commit 448e826a0b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
24 changed files with 272 additions and 103 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
.sops.yaml
View file

@ -6,6 +6,7 @@ keys:
- &nas age1c7y687sxh428wk34s8ws6kemu62mggafpt40rmanevgkuj5xa59q6f7tlc
- &instance-20221213-1915 age1elra3uklw8rmwkevqms2l4tsd06d5utqda9d2w4qvqpz898uzuesugxkhc
- &vf2 age1gtezxkkfhpkv788x9dek6s6s342n9tkl40zvsa48m9a7yqn25fnsmd3wy0
- &rainbow-resort age12ermm5afdu7a3humlf5wlun5rjm33u6tvzu06l7s8u59h0qd0yxs5mgjuh
creation_rules:
- path_regex: secrets/shared\.yaml$
key_groups:
@ -16,6 +17,7 @@ creation_rules:
- *nas
- *instance-20221213-1915
- *vf2
- *rainbow-resort
pgp:
- *lotte
- path_regex: secrets/nixos-8gb-fsn1-1\.yaml$
@ -51,6 +53,7 @@ creation_rules:
- age:
- *nutty-noon
- *thinkrac
- *rainbow-resort
pgp:
- *lotte
- path_regex: secrets/instance-20221213-1915\.yaml$
@ -65,3 +68,9 @@ creation_rules:
- *vf2
pgp:
- *lotte
- path_regex: secrets/rainbow-resort\.yaml$
key_groups:
- age:
- *rainbow-resort
pgp:
- *lotte

3
config/default.nix
View file

@ -10,7 +10,6 @@
./users/root.nix
./nix.nix
./sops.nix
./wireguard
./home.nix
./services/restic.nix
./specialization.nix
@ -48,7 +47,6 @@
];
listenAddress = "0.0.0.0";
};
networking.firewall.interfaces."wg0".allowedTCPPorts = [config.services.prometheus.exporters.node.port];
environment.pathsToLink = ["/share/zsh"];
@ -80,7 +78,6 @@
key = "ssh/builder_id_ed25519";
path = "/home/darkkirb/.ssh/builder_id_ed25519";
};
networking.nameservers = ["fd0d:a262:1fa6:e621:b4e1:08ff:e658:6f49" "fd0d:a262:1fa6:e621:746d:4523:5c04:1453"];
programs.ssh.knownHosts = {
"nas.int.chir.rs".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhao1I1Kd1gK5bERUdjMxP9yHDrSHYZsTN2TcSk0K/U";

3
config/installer.nix
View file

@ -2,8 +2,5 @@
imports = [
"${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
];
networking.wireguard.interfaces."wg0".ips = [
"fd0d:a262:1fa6:e621:6ec2:1e4e:ce7f:d2af/64"
];
networking.hostId = "8425e349";
}

1
config/instance-20221213-1915.nix
View file

@ -27,6 +27,7 @@
./services/heisenbridge.nix
./services/uptime-kuma.nix
./services/matrix-sliding-sync.nix
./wireguard
];
boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "usbhid"];

10
config/nas.nix
View file

@ -71,7 +71,6 @@
fsType = "vfat";
};
networking.wireguard.interfaces."wg0".ips = ["fd0d:a262:1fa6:e621:bc9b:6a33:86e4:873b/64"];
environment.etc."sysconfig/lm_sensors".text = ''
# Generated by sensors-detect on Sun Apr 24 08:31:51 2022
# This file is sourced by /etc/init.d/lm_sensors and defines the modules to
@ -111,15 +110,6 @@
];
nix.daemonCPUSchedPolicy = "idle";
nix.daemonIOSchedClass = "idle";
networking.wireguard.interfaces.wg0.peers = [
# nutty-noon
{
publicKey = "YYQmSJwipRkZJUsPV5DxhfyRBMdj/O1XzN+cGYtUi1s=";
allowedIPs = [
"fd0d:a262:1fa6:e621:47e6:24d4:2acb:9437/128"
];
}
];
system.stateVersion = "22.05";
home-manager.users.darkkirb = import ./home-manager/darkkirb.nix {

26
config/nix.nix
View file

@ -102,6 +102,32 @@
];
}
])
(mkIf (config.networking.hostName != "rainbow-resort") [
{
hostName = "build-rainbow-resort";
systems = [
"armv7l-linux"
"powerpc-linux"
"powerpc64-linux"
"powerpc64le-linux"
"wasm32-wasi"
"riscv32-linux"
"riscv64-linux"
];
maxJobs = 16;
speedFactor = 1;
supportedFeatures = [
"kvm"
"nixos-test"
"big-parallel"
"benchmark"
"gccarch-znver2"
"gccarch-znver1"
"gccarch-skylake"
"ca-derivations"
];
}
])
(mkIf (config.networking.hostName != "vf2") [
{
hostName = "build-riscv";

1
config/nixos-8gb-fsn1-1.nix
View file

@ -33,6 +33,7 @@
./services/shitalloverme.nix
./services/wordpress.nix
./services/initrd-ssh.nix
./wireguard
];
boot.initrd.availableKernelModules = ["ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sd_mod" "sr_mod"];

14
config/nutty-noon.nix
View file

@ -85,8 +85,6 @@
system.stateVersion = "21.11";
networking.wireguard.interfaces."wg0".ips = ["fd0d:a262:1fa6:e621:47e6:24d4:2acb:9437/64"];
services.xserver.videoDrivers = ["amdgpu"];
environment.etc."sysconfig/lm_sensors".text = ''
@ -114,17 +112,7 @@
hardware.enableRedistributableFirmware = true;
nix.daemonCPUSchedPolicy = "idle";
nix.daemonIOSchedClass = "idle";
networking.wireguard.interfaces.wg0.peers = [
# nas
{
publicKey = "RuQImASPojufJMoJ+zZ4FceC+mMN5vhxNR+i+m7g9Bc=";
allowedIPs = [
"fd0d:a262:1fa6:e621:bc9b:6a33:86e4:873b/128"
];
endpoint = "192.168.2.1:51820";
}
];
nix.settings.system-features = [
"kvm"
"nixos-test"

7
config/programs/builders.nix
View file

@ -16,6 +16,13 @@
port = 22;
user = "remote-build";
};
"build-rainbow-resort" = {
hostname = "rainbow-resort.int.chir.rs";
identitiesOnly = true;
identityFile = "${config.home.homeDirectory}/.ssh/builder_id_ed25519";
port = 22;
user = "remote-build";
};
"build-aarch64" = {
hostname = "instance-20221213-1915.int.chir.rs";
identitiesOnly = true;

104
config/rainbow-resort.nix Normal file
View file

@ -0,0 +1,104 @@
{
config,
pkgs,
modulesPath,
lib,
nixos-hardware,
...
}: {
networking.hostName = "rainbow-resort";
networking.hostId = "776736c6";
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
./systemd-boot.nix
./desktop.nix
./services/tpm2.nix
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd
nixos-hardware.nixosModules.common-pc-ssd
./users/remote-build.nix
];
hardware.cpu.amd.updateMicrocode = true;
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" "k10temp"];
boot.initrd.kernelModules = ["amdgpu"];
boot.kernelModules = ["kvm-amd" "i2c-dev" "i2c-piix4"];
boot.extraModulePackages = [
config.boot.kernelPackages.zenpower
];
services.hardware.openrgb = {
enable = true;
package = pkgs.openrgb-with-all-plugins;
motherboard = "amd";
};
boot.kernelPackages = lib.mkForce (pkgs.linuxPackagesFor pkgs.linux_xanmod_latest);
fileSystems."/" = {
device = "/dev/disk/by-uuid/23690ff2-7a65-431e-a6ee-fea0878e0bb1";
fsType = "btrfs";
options = ["compress=zstd"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/B6BA-BE40";
fsType = "vfat";
};
services.btrfs.autoScrub = {
enable = true;
fileSystems = ["/"];
};
services.snapper.configs.main = {
SUBVOLUME = "/";
TIMELINE_LIMIT_HOURLY = "5";
TIMELINE_LIMIT_DAILY = "7";
TIMELINE_LIMIT_WEEKLY = "4";
TIMELINE_LIMIT_MONTHLY = "12";
TIMELINE_LIMIT_YEARLY = "0";
};
services.beesd.filesystems.root = {
spec = "/";
hashTableSizeMB = 2048;
verbosity = "crit";
extraOptions = ["--loadavg-target" "5.0"];
};
networking.interfaces.enp13s0.useDHCP = true;
system.stateVersion = "23.11";
services.xserver.videoDrivers = ["amdgpu"];
nix.settings.cores = 16;
boot.binfmt.emulatedSystems = [
"armv7l-linux"
"powerpc-linux"
"powerpc64-linux"
"powerpc64le-linux"
"wasm32-wasi"
"riscv32-linux"
"riscv64-linux"
];
hardware.enableRedistributableFirmware = true;
nix.daemonCPUSchedPolicy = "idle";
nix.daemonIOSchedClass = "idle";
nix.settings.system-features = [
"kvm"
"nixos-test"
"big-parallel"
"benchmark"
"gccarch-znver4"
"gccarch-znver3"
"gccarch-znver2"
"gccarch-znver1"
"gccarch-skylake"
"gccarch-skylake-avx512"
"ca-derivations"
];
services.tailscale.useRoutingFeatures = "client";
home-manager.users.darkkirb._module.args.withNSFW = lib.mkForce true;
system.autoUpgrade.allowReboot = true;
}

3
config/rpi2.nix
View file

@ -12,7 +12,4 @@ _: {
system.stateVersion = "21.11";
home-manager.users.darkkirb = import ./home-manager/darkkirb.nix false;
nix.settings.cores = 4;
networking.wireguard.interfaces."wg0".ips = [
"fd0d:a262:1fa6:e621:6a74:93b8:e164:cd7c/64"
];
}

2
config/services/cups.nix
View file

@ -22,8 +22,6 @@
publish.enable = true;
publish.userServices = true;
};
networking.firewall.interfaces.wg0.allowedUDPPorts = [631];
networking.firewall.interfaces.wg0.allowedTCPPorts = [631];
#imports = ["${nixpkgs}/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix"];
hardware.sane.enable = true;

5
config/services/hydra.nix
View file

@ -93,7 +93,6 @@ in {
"/run/hydra-machines"
];
};
networking.firewall.interfaces."wg0".allowedTCPPorts = [9199];
nix.settings.allowed-uris = ["https://github.com/" "https://git.chir.rs/" "https://darkkirb.de/" "https://git.neo-layout.org/" "https://static.darkkirb.de/" "https://gist.github.com/" "https://git.kescher.at/" "https://akkoma.dev/" "https://gitlab.com/" "https://api.github.com/" "https://git.sr.ht/"];
sops.secrets."services/hydra/gitea_token" = {};
sops.secrets."services/hydra/github_token" = {};
@ -123,8 +122,8 @@ in {
Type = "oneshot";
};
script = ''
if ${pkgs.iputils}/bin/ping -c 1 nutty-noon.int.chir.rs; then
echo "build-pc armv7l-linux,powerpc-linux,powerpc64-linux,powerpc64le-linux,wasm32-wasi,x86_64-linux,i686-linux,riscv32-linux,riscv64-linux - 16 1 kvm,nixos-test,big-parallel,benchmark,gccarch-znver2,gccarch-znver1,gccarch-skylake,ca-derivations -" > /run/hydra-machines
if ${pkgs.iputils}/bin/ping -c 1 rainbow-resort.int.chir.rs; then
echo "build-rainbow-resort armv7l-linux,powerpc-linux,powerpc64-linux,powerpc64le-linux,wasm32-wasi,x86_64-linux,i686-linux,riscv32-linux,riscv64-linux - 16 1 kvm,nixos-test,big-parallel,benchmark,gccarch-znver4,gccarch-znver3,gccarch-znver2,gccarch-znver1,gccarch-skylake,gccarch-skylake-avx512,ca-derivations -" > /run/hydra-machines
else
rm -f /run/hydra-machines
fi

1
config/services/loki.nix
View file

@ -3,5 +3,4 @@ _: {
enable = true;
configFile = ./loki.yaml;
};
networking.firewall.interfaces."wg0".allowedTCPPorts = [3100];
}

1
config/services/matrix-media-repo.nix
View file

@ -102,7 +102,6 @@
};
});
in {
networking.firewall.interfaces."wg0".allowedTCPPorts = [9000];
systemd.services.matrix-media-repo = {
description = "Matrix Media Repo";
after = ["network.target"];

1
config/services/postgres.nix
View file

@ -21,5 +21,4 @@
user = "postgres";
listenAddress = "0.0.0.0";
};
networking.firewall.interfaces."wg0".allowedTCPPorts = [9187 5432];
}

6
config/services/rspamd.nix
View file

@ -194,11 +194,5 @@
sops.secrets."services/rspamd/dkim/darkkirb.de" = {owner = "rspamd";};
sops.secrets."services/rspamd/dkim/miifox.net" = {owner = "rspamd";};
sops.secrets."services/rspamd/dkim/chir.rs" = {owner = "rspamd";};
networking.firewall.interfaces."wg0".allowedTCPPorts = [
11332
11333
11334
7980
];
services.prometheus.exporters.rspamd.enable = true;
}

1
config/services/syncthing.nix
View file

@ -3,7 +3,6 @@ _: {
enable = true;
guiAddress = "[::]:8384";
};
networking.firewall.interfaces."wg0".allowedTCPPorts = [8384];
networking.firewall.allowedTCPPorts = [22000];
networking.firewall.allowedUDPPorts = [22000];
}

3
config/thinkrac.nix
View file

@ -66,9 +66,6 @@
networking.interfaces.enp0s31f6.useDHCP = true;
system.stateVersion = "23.11";
networking.wireguard.interfaces."wg0".ips = [
"fd0d:a262:1fa6:e621:f45a:db9f:eb7c:1a3f/64"
];
services.xserver.videoDrivers = ["modesetting"];
nix.settings.cores = 4;

4
flake.nix
View file

@ -141,6 +141,10 @@ rec {
name = "vf2"; # VisionFive 2
system = "riscv64-linux";
}
{
name = "rainbow-resort"; # PC
system = "x86_64-linux";
}
];
in rec {
nixosConfigurations = builtins.listToAttrs (map

41
secrets/desktop.yaml
View file

@ -12,33 +12,42 @@ sops:
- recipient: age1c96dd2hj7qg7sl8wq277q7a4na36krd4dmu50jz5mvw4ls9grcps28zhdl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqS3o2NHF2Y21Tb1N2YTQ0
UzEwa0FGSXdtbjVBcWppcHZhd2VJRkJrUHlBCmR0bm9xSmVDa1NOQWpaR0JBR3Ev
ZjV2L3RSamYrbGxQejdUREpkYllqR3cKLS0tIGxtMGx6ZVh1N1hUa2thTVZPUyt5
Q3pwaklpQVlFcHpkM3lVK3V3RUhPYU0KLC4ORcsWbnxYNvkYU8WgAmobQpvli/yE
MaMpi/+NCMUSl+XmMZtZaymd/Q0PjUpgk1yYU+8xsF4QUIoAMqW+xQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNQldpaEVWdVRraGQvdTVU
NmN4Mm9QVjR5SHR3QWh1OThORDF3cEJIc2xrCjBMU2NDZmpmMnFjYlNVYVRSRGlx
U3dOdWJydTJQRzJLWUVHd00wSUJBVzgKLS0tIEd1OGVkTFhYRHUrYkFKWEp4ek9J
ZzJTMU5xaEd3Yiszd3NVTE1lYm9vMGcKF10r02Mw4oL1s5u265w1x+cXR2fLK4fD
facGJ8oC8o/RmOeyMOfhhAitPhsumZ871i51A1ZCm3Em8gjotQ/ZFA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1p400545a482fma40yfgytu40p6wr5a75v4f8yeudvgf7eh5erufqxhgynr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0c1ZYR3ZGSlR2NzZPSmhS
YTI1RzZyOTdpK1NBU1JnbUFiMTBaM0kvaWtJCmV5TTFRQ1Jiay9RWDBDU2x1SFVt
ZmJCVy9aQS9PZnd5Wi96b29LdVhjL0EKLS0tIFRibjFJb0IwbUtJdGVKdkhieUhm
MUUrUGxLT3R6SXAzam5xU1o0OXl2b0kKa2ehWbXLaQFTSDrtR7WXhLccInrwfLLn
SLgCulAbTe9NKnbyhIQ+WRr8v1jC+XOTi+1k/6I+H7v6s4W8ZA7dOg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4SmxrMm1Lc0FWTHl6SGdt
aVZ0RCt1NHlxN2ErWnVmV3FncUFUV2ZnRWpRCjBUL1RiMVZ5MlJxZGJyNXpBM0Jh
K21CRWN4blZCaHpVbThTK1VZWVBrS2cKLS0tIGVDSCtDVnNQZE05U2VKVjJnNXQy
c1BpSVZicTVxcVVCZE12M2NhQmRzdlUKf4waPVRIV8Zuh4QuzmcPOJ1psHVuHGzX
20L6UQqs4wOlKvB5NFTEfIoGOnABwLdzyVpF1OLNKdRzlK2I8V6keA==
-----END AGE ENCRYPTED FILE-----
- recipient: age12ermm5afdu7a3humlf5wlun5rjm33u6tvzu06l7s8u59h0qd0yxs5mgjuh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnY0g4QXFSWmppc285ZEVL
eEF4NDVaYVJvdlNNeUNhYlBBTUpnb05NTGtjClg4c0FDOU1yOFNwME01RFVvYWpK
andBOTRFN3JGSmFxSFRCWG4zcFlVYmMKLS0tIE05N0ZZaG0xenNzbHJlTnBtSnNk
bEZTbC8vVnhNL1BQWEZWYXRrTm9UMzAKSfgQ1ArK/ryEeD4qLI9nLN77V7UHEpio
IqtZUluSwQJuH6C8OKzrZOGOTCYo3RrhTItDTzqU5b/SAAoSJkGJnQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-01T11:21:31Z"
mac: ENC[AES256_GCM,data:yanyvQWXf3Yj78uyhiEjdsAJdWx56/6YwnSR9knSIcQAWZ4guKEtl86wTcJZHyt7P7lsMI+z2rsGdQ/pGRIJeUoPzW0ImrGGm3rlXn75aH0jDeSk1qlxLc4dDDxwPDeSI0/QsTsENRW/Vf3/z8xiSHPUwBfDmRqTqwZ0b2vOwZc=,iv:idWdv2m7nUUZDmrNhL97BJn9Tm+fX7y2hG4RJBXffGU=,tag:ns1OrwzupAd6608pGovkrg==,type:str]
pgp:
- created_at: "2023-11-29T14:41:45Z"
- created_at: "2023-12-06T12:54:16Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DAAAAAAAAAAASAQdAb/lR5TvzggwycCA16xc7tLycuOwCKmlInHp9MHfHTmkw
GiwTHbOOCqP4pV2Qo76hWNMzO961XZT5PxuFhM0U7cC6z3WaejQAAep39JUzds1P
0lwBQhceDlbVdA3XJ+6RuzovhhiIPG9U/h1NcEbSgNRV4t0IAaOJY/98GI1unZf4
vVUzes9Q08dbkT40RSGxi4m3EdSOXTRadffvRBRo2bq3AJIdFMVsQUZ3sE5h0w==
=eY/P
hF4DAAAAAAAAAAASAQdACsbftZkLgxiWbSGQPwgSO/JJqeQyG803rkkGUvnTbQAw
27+8v2JsGsSk4LEm8ZMKX0UIE9EeXgRicjZ+BeJvHYT1EvESubyhH4Y/9MrH3aCw
0lwBntz8MNeIE7MjweHgM7BKz9C6jBA87SXXFcb6uwH9MMUlqs7NFteDcFe71Uwm
4Ds+SwFg57K8RImA/qmU5ACw4NigrinRaPSqLy8zEPZNrUCLeKYgvAgeVeCLoQ==
=3hgf
-----END PGP MESSAGE-----
fp: 46C6A7E14BC7812E86C2700737FE303AAC2D06CD
unencrypted_suffix: _unencrypted

40
secrets/rainbow-resort.yaml Normal file
View file

@ -0,0 +1,40 @@
security:
restic:
password: ENC[AES256_GCM,data:hjOOc6TZR1U8Nv9UdKDABnz4Iqg=,iv:95CAyDS2hSEsZysvhzY32pVmKtBZ3rMTRJLed7KIHZw=,tag:hdFqZdUkcQ+R0PcCkqF1jg==,type:str]
email:
lotte@chir.rs: ENC[AES256_GCM,data:5mwX4V/e1A12VCaYhTpmYs2f+Q==,iv:AhCmjzZDDB3n9H2PKxnyLJU8nu1zmDLWne3nedYNgkQ=,tag:L9nBbJqj0G5Lm5wYgNw5pA==,type:str]
mdelenk@hs-mittweida.de: ENC[AES256_GCM,data:q/ay3nCIiobmyoZf9gyV1lEm/YAjJLWkw9yeesCxVHRJ6/isBHIBpBj5Y+Z6qQ32zDVCO4EYa2oPNWSiessOsQ==,iv:Hux4GbI0DLuo5tKg5o47ob+zlLjJwsPe0N5MpD85kqc=,tag:olARO7mLklXHqtxdetXwUg==,type:str]
password:
root: ENC[AES256_GCM,data:NLyFpKA2YgH/lfX7rdxjV7JckSaQ9vUutf7BcTXBskMRoi3oDGoMHnaLT9hhSfrp0xM3qDZWKyuVRq2bYf1JKrFnQe2btoZQj3NPxgIojNF9Eys5BFTp78eBxsB+AqqUg1LLzhIi47EDow==,iv:xtj6j7SyguvUqKhqvqFTyTQ6XpcLVpIGOJBt6N4CrL8=,tag:7A0DTcGZim4+IjIW5XO3Mg==,type:str]
darkkirb: ENC[AES256_GCM,data:d82Q/Ew17WJK/qafVt8R1517ECOuGf1XaVzH7IqmyivZSVyXSTi2Wr43kV0P66FaponFN/ZvUL8YsghiepKxNVen/vqqJuI2R7aYApHH3RkbawCVperoj4rQlPeiHThuQEXTQDUX9W0ZlA==,iv:XuRk2NPyBEMZ9vaudLI6kQum0GM2PkVjWWovoabAnaw=,tag:F5iM9TeqV8/qlyMTkeJgfQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age12ermm5afdu7a3humlf5wlun5rjm33u6tvzu06l7s8u59h0qd0yxs5mgjuh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4dDlwckJVbkU5QVZPbXJm
c1lpSTFDRmNWaVRqZkZyWk53TWJ3WVBBVFRrCkVWcnlXV0pkNXlvaDRIYUs4NUVl
QktiSnVlSWQ3a3VGeDNoZHdMOGdxY0UKLS0tIGxSSSt6OXRpdUJidlBlM1NCdW1Y
RGFCVVBLc3hwS1JnZWhVZ01HMEUxQ2cKz0bEhJuK0pTginAQLAG/Qzr3MxplHtsx
tQbqJwbmIGanbWMxO2Mfe81qwgAzKuFt/JYT/Dp0VxIokyk7KEueMQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-06T12:55:55Z"
mac: ENC[AES256_GCM,data:DpdvYGNexaRCcy2Vdvj5u4EpYdbMJXzZW6qOx4bgMnhJyH9pkU5ZtbKH4DMDAiY+4uI8mx2TcW8t40+pW43Pag7IXGeX0en00aeygnLYLHtTsSgEn1/26nrCu0o/sLqLYP5mrj7OUYUoaYBUaqjXn0MVpBuN9L5weiZvqruMjFg=,iv:i7U+Pia6QLVccv6SupYfssDHl51k1o4tHCsYohfUR34=,tag:/MZDc8WRRLmid2yd7Js3tw==,type:str]
pgp:
- created_at: "2023-12-06T12:55:39Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DAAAAAAAAAAASAQdASM6Ctv5DiKZC2o9BoyjLHPp4C/XZTRTLVZ77hcPV1wEw
2egg59Gu4iU3v33LqyMdo8imytfADHT3FvbU8+Cx96CHBhsZ2MJF6SN0rhrXcJNo
0lwBe7Xb4k/IBN/XAixZVa0fTkYTXq40blAWIHDGq+UYkHFosleqtDbSB4B3db2S
TGPP4nryvaoeG3y+50M+qGkOYf+VWR4clmSJOnSYZyHXzsnhBS0KHgLRN4Z+nQ==
=uNYU
-----END PGP MESSAGE-----
fp: 46C6A7E14BC7812E86C2700737FE303AAC2D06CD
unencrypted_suffix: _unencrypted
version: 3.8.1

81
secrets/shared.yaml
View file

@ -12,69 +12,78 @@ sops:
- recipient: age1273ps5thcy70ckdt0270s2nysqgu48t38pq3wq975v3y7mf4eavsw38wsl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwZVVOV1BhR3pFL1FPVHVq
K3JGUXlBTVpoa2VwVWhDdGpMWDVsTmI4OXc4ClN0L2J2Q2xDZW1EYWhxM29JSHpD
YkRpR0NqdmtyY2JqbmdJODBiZlludHMKLS0tIEFxd0Q3K0t3eHVFVnllWlRVRG8w
Y3hhZFIvZndpdVNzU2R4aDZ0Y1hnWm8Klzq4jsXemJ3jsKJ5n2wNOaq1a3n0D50/
C8ExEjn7Z3Hf57pRXxU+hJMTR3bLX8L02xXQ2eBt7vwtPKFg5gzvZQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArQzBRSWdKUDBRZVBrS01r
SUVBbmFaUWtwNkVnRnBTcHltTEUrQU5jT1NzCm8xRERUNmdKNVdWc0RDL09RMkl0
Znp1S21IbEcxZEFPSkprd1VWSXZyUFkKLS0tIE9oSmp1ZHJkeWpQL0hPVXRDOU0z
T1pNRHRpaFF2dGE5M3FMU2hkeFhmbFEK+SK14kw5i9d+S0XHzlgfS3ubN/PDMbh/
IqAd+1p7iOJkCRKecGxSUL9CX71t21fcbXoo0hVlYjgxzvzAK231Eg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1c96dd2hj7qg7sl8wq277q7a4na36krd4dmu50jz5mvw4ls9grcps28zhdl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzV0thMVQyb0lJSnZydml0
UlVLSVVLbTZXbXFMVS9ScDRRVkg5bDBJUUJvCmxEcEJITGVHbUF4NkZJVUxNMWhL
U2tISC82a1NtZ2pjZUtrbi8zaE5Mc2sKLS0tIE9rRUwyS3ROaE9JSnFJaTd1NWR5
TVhLT1lOM0didUxoNlo0SHZid3VGUDgKWIXEadsYqKqW18I9RErey/hfBypwB8yf
DLt9T4jdBb2rykwocJmA+L2DVwPE+KQkaov4wR5gwN07f7NSRCyu9g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLWkVDSmNGNkJyeEJOdHQ5
QkNja2Z2VGxwSWcwSWJ3NlZYOE9NK0VvWkJJCm8xYWc5MWM4MmxUMmNZT2xuRXd1
WmV1RW1Dd2puaUkzZG9XcFNXT0EvRVUKLS0tIGpEam96WU9tMzRPT3NucitESlJo
UDczaDdVVnA3MnFscVJFd2RqZlUyUVEK7rBeElH5BaqqoHLTao4o/iTLsB7TLVwO
quAtMJ9i7q1l8cmHkmMIOSZtcA6ZUSIEygk9nUJOPdFMLSTdRD7NBg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1p400545a482fma40yfgytu40p6wr5a75v4f8yeudvgf7eh5erufqxhgynr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuUEZtL1lkRkg3VGFnbnQ0
ZmxJV3gzZkI3YStYWmxjUW9lZ3NRakZyRkhFCmhJZUE4K2FaaUNWQzhKczRHZGww
S2ZZYU5oVThpeXlzRS9tbW9YSm9XUFUKLS0tICtUL3RTeHh4V0d0ZS9hK3FESnNk
MWY3N1ZySTlCUS9nTnlOS2hYTVNlSTQKIlaTOyVKR9QTQRfVWRrp3Zkqhm1JAwCx
tGHt1RGJDHeSxXwwsasm4xQWgSSQ9XJXLh+7582WYEssLB1FgcURxg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQOGYyT1pDcVdPOWtMOUIw
eCtWZFRlZndwWmxTdjY0UkdyYW9ObFUvTWxFCmdJSHRSYVV4YXRRVGliWm9SUHVW
b042a3JEcjRiQVViUmw2T1plRXJtdHcKLS0tIG5LbSt3YndkaHcrUkVoOGZORmY3
NlVad3ZYRFcrdjV0RW95eW1NTG1FRDQKPiq+H7jcjMztetSll+TwSi22fuqIERDs
50XHR+GMkELSsDbUHKZ5Zw6bLLm5TCeB7uUTt6ntEbejk5Bl+aXxqA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1c7y687sxh428wk34s8ws6kemu62mggafpt40rmanevgkuj5xa59q6f7tlc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEUHhSWGpvUk8wQXlrRVB0
VTVIV2NGa1d3bURZYko0N1BlQUpPeXloSHlNCnpHd2dPOWZqRkZrUW1Ed2NBZ09p
eHNVQUVrUUQwTjcvMU5ocTN5N2VWZjQKLS0tIGVEbDBIQjR2Z2cwaXkvU2ZRbDZI
YkFzL0pXcGxVcE5zcjF4TEpxQzBwYTQKbe5IUV1JXdjzAfrUrx4+gGtCdCXSlcAm
Qb/UL7asdHAjuPVttM7e3UiW/d49LwsWKb8WHJRX0rmt26lvB+Y0Kg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnZUNmbklSRm80MjVjWDNt
WFI0V25GZUwrQVVkTGVyUFN3SzJuN2V4NGc0ClN5aDBFaUFQN3FvcG1uUDRkYmxw
a29YSjROcG9KRVc4bUlBMmF1blRITUUKLS0tIDRoWWM2V0lmUmtuYjdlQ3Y3V0Vj
UGJGdEE4cy9NaTVaRTVYL1FTS3ZONWMKdRy0fGqKWIrOkjn9riUJJ64hm5SOv8B8
W7z6p6y6eFWYmDe7DUoRnJfOml0OQrgymI4+P2JyaTSfNqwSMatn+g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1elra3uklw8rmwkevqms2l4tsd06d5utqda9d2w4qvqpz898uzuesugxkhc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAydjZQNlFtQnY4RHhRZVVh
VFBKd2YyaWxIb3crL0xpZ1pqZlhPVkFUV3d3CjdsaFJDaUlxTWE4OG5mUzBOdzI2
RFd1cTRjeTZKMEp4bk1UUHE0VjgzdGcKLS0tIHk4Vmw3V2RDU2F2OTlON3NLS3gr
OFpBME8vY0hQV0Z5S3NpR0pySkx4K3cKxGI/3Qrw1OTQNdphEqGNLwd1U8oFlltp
U/hxnt51hQbc0EgemxZYU4Feh6sbjD3RXUeiS2sN2NRHgnNoyVfRiw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTWnJQNnhpck1SOTh6OHQ4
azR0RHJWVUdaMXIyQ2VFbjFvZ2plZHBSM0NVCnFDMkh5dlBWdExmUzB2YzdmVmVJ
aFdXTmV6aHFLNHg0OTFlWkNteDFYRkUKLS0tIE1VUytzMEpwZmtLbDM0a0JBRWpI
QTFEWk1FZU5ENDF3dFQ3VWpubGpRNkEK901SZzfkueJG99+gVqcfeU6ZaErtEXUj
HfGWzLliI3LmIxoTNBZwF3bhG5MM9mGy7zKburoSAtHLVyOu1xAexg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1gtezxkkfhpkv788x9dek6s6s342n9tkl40zvsa48m9a7yqn25fnsmd3wy0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvaVNMTkkvWTBqWnlReTkv
dFJpMWh1UnZWZ0dHUVJERFZPSGIwRUMxbkZFCi8zWDFVM3hnV0JUVTZtYlkvaFNh
UU91SlU0M0FTeEJBTXJOSU1Va3Z6QUUKLS0tIDhjSkRNM24yTmk5Wllrem50cFZZ
clhPNmVLVGtFWCtiRWZUMU4xVUV0emcKBHSrJLwboPrDBGU3jmQ0VSgkerVkqdbn
RdyW44G7nH1GenJ7vZePeSigppsGkUkw5yzFDz0UXfH2gaP7nzoYnw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPakJPcXR3amE5SE50VUxa
WDNzWGd4R2NQQ1BUOUZMenRlNWtlYnFwSUJBCnZHUjRVR1hkcGlROTJNY2xGc1hI
Q1lLL0FucHJUeGVBOWh0RlY0L0hMUUEKLS0tIDVoMmltVXhBeW9CK3FBNEZPaEJv
bXRnMGVVTXZpTGVmcElIaFRpM0oyRW8KIExU6g3zrDxc8wl5pBuo1T2ygK7XOrd5
lJsjCdFo5gAyIPUeR3q78KtZ146OhhFeZxk1zgf5NeDOBSZB2zWvRw==
-----END AGE ENCRYPTED FILE-----
- recipient: age12ermm5afdu7a3humlf5wlun5rjm33u6tvzu06l7s8u59h0qd0yxs5mgjuh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4aXRlWDRraWk2WWVCdXIy
N3A0Y21BRXphQmVZcklHQnpOd3ljQysvT0VRCnBDVXNGeWZMTjZ6Wm9rUkVXaDl5
czJTdEtCWmE4Q2ozZkt5VFduQ3JlbncKLS0tIEpKTHJxUWdWQis0TlFsMi9HbkhO
MS94TGU2MHRFN3didk15SXBodkEvK0EKkeehekFssls4ZX+n41auDjRL0imXYaCH
z0Qtc5QCbXh8BOU+OOZx3BoguIImRpgMp/AQ5MMUgvLok78Qw5Oy9Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-06T09:11:09Z"
mac: ENC[AES256_GCM,data:XujFjvx73/z+hmk4f4tRRvwl/ML25YOZw6etr0P9lhcXlYPelIrqvVLO1vmobt8TYDzngAHdHSNNlhInw00KO73luOLcQhL/1DVMqTgeMSC11ReUhd5KOZLVXOSP0+8ADLXgbGGGY8DyPnZtr1ZWa3dDIBFPt5ZD7RzWz1qKnJ4=,iv:kYPLpSrLEu9pkWw0iwqKmH6Mm8sFjAstr06mcAWnUEU=,tag:NQjXV8sHUrjU//AQJ+4E+Q==,type:str]
pgp:
- created_at: "2023-11-29T14:42:03Z"
- created_at: "2023-12-06T12:54:02Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DAAAAAAAAAAASAQdAbeKleeLCw1QqnCuhwl1mOoFFTDNQYb6iGueYoOEwwlcw
BRZDEqKWSfgak1TGE32w7SMZUOhGb4RqskgeQozK7E8eyGEmT3YV06B9uiN9GV4B
0l4BDWVHexK6hoAjQZgOH60Ao/DK/I90TBPnJmfPwfwqRVfSfqt0rAah+W31N9x2
2F/t6cwXafzglhAo7r+Esp1CzRgPDWfcIxJ+eE5fvEpinsZ0E8+D18NeGaJeWCkf
=4O3x
hF4DAAAAAAAAAAASAQdAWK9o2S/9tr0iwwu3nntRyob1qNOEzwv5IW/n8hlonxww
rn3js0kRalvmUBnJLDMfmN6qKMN9jJGkLpsUwQ3dCPNI+ksGeHSmTyhhQLFpAvTN
0l4B2pRmouH+fvvud86etK1uar5h5LUJ3lnGb+h84/cUEaUKeQ5LCo0dpLmevduM
8CFHrQoyovCMwv8C/wTs6UJROHxaFw2hyCvMUagrGlAkDagWekN9O59UOwXQawgF
=Ituw
-----END PGP MESSAGE-----
fp: 46C6A7E14BC7812E86C2700737FE303AAC2D06CD
unencrypted_suffix: _unencrypted

8
zones/int.chir.rs.nix
View file

@ -15,7 +15,7 @@ in {
SOA = {
nameServer = "ns1.chir.rs.";
adminEmail = "lotte@chir.rs";
serial = 26;
serial = 27;
};
NS = [
"ns1.chir.rs."
@ -283,6 +283,12 @@ in {
(ttl zoneTTL (aaaa "fd7a:115c:a1e0:ab12:4843:cd96:625a:5784"))
];
};
rainbow-resort = {
A = [(ttl zoneTTL (a "100.108.224.109"))];
AAAA = [
(ttl zoneTTL (aaaa "fd7a:115c:a1e0::d8ac:e06d"))
];
};
grafana.CNAME = [(ttl zoneTTL (cname "nixos-8gb-fsn1-1"))];
minio.CNAME = [(ttl zoneTTL (cname "nixos-8gb-fsn1-1"))];