update config

This commit is contained in:
Charlotte 🦝 Delenk 2024-07-01 17:17:32 +02:00
commit af068780c6
32 changed files with 173 additions and 604 deletions

View file

@ -114,7 +114,6 @@ in {
];
services.flatpak.enable = true;
programs.java.enable = true;
hardware.opengl.driSupport = true;
hardware.opengl.driSupport32Bit = lib.mkForce (system == "x86_64-linux");
home-manager.users.darkkirb = import ./home-manager/darkkirb.nix {
desktop = true;

View file

@ -32,7 +32,6 @@
./services/yiff-stash.nix
./services/reverse-proxy.nix
./services/jellyfin.nix
../new-infra/devices/nas.nix
./services/mautrix-discord.nix
./services/mautrix-telegram.nix
./services/mautrix-whatsapp.nix
@ -124,9 +123,6 @@
nix.settings.substituters = lib.mkForce [
"https://attic.chir.rs/chir-rs/"
"https://cache.nixos.org/"
"https://beam.attic.rs/riscv"
"https://cache.ztier.in"
"https://cache.lix.systems"
];
nix.daemonCPUSchedPolicy = "idle";
nix.daemonIOSchedClass = "idle";
@ -185,7 +181,6 @@
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};

View file

@ -19,15 +19,11 @@
substituters = [
"https://attic.chir.rs/chir-rs/"
"https://hydra.int.chir.rs"
"https://cache.lix.systems"
];
trusted-public-keys = [
"nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg="
"hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
"chir-rs:rzK1Czm3RqBbZLnXYrLM6JyOhfr6Z/8lhACIPO/LNFQ="
"riscv:TZX1ReuoIGt7QiSQups+92ym8nKJUSV0O2NkS4HAqH8="
"cache.ztier.link-1:3P5j2ZB9dNgFFFVkCQWT3mh0E+S3rIWtZvoql64UaXM="
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
];
};
extraOptions = ''

View file

@ -72,10 +72,6 @@
};
featureSupport = {
};
sentry = {
enabled = true;
dsn = "https://18e36e6f16b5490c83364101717cddba@o253952.ingest.sentry.io/6449283";
};
rateLimit.enabled = false;
thumbnails = {
maxSourceBytes = 0;
@ -122,35 +118,8 @@ in {
ExecStart = "${matrix-media-repo}/bin/media_repo -config /var/lib/matrix-media-repo/config.yml";
};
};
systemd.services.purge-old-media = {
path = [pkgs.curl];
description = "Purge unused media";
script = ''
export MATRIX_TOKEN=$(cat ${config.sops.secrets."services/matrix-media-repo/matrix-token".path})
for i in $(seq 1000); do
curl -H "Authorization: Bearer $MATRIX_TOKEN" -X POST https://matrix.chir.rs/_matrix/media/unstable/admin/purge/old\?before_ts=$(date -d "3 months ago" +%s%3N)\&include_local=true && exit 0
done
'';
serviceConfig = {
Type = "oneshot";
User = "matrix-media-repo";
Group = "matrix-media-repo";
};
};
systemd.timers.purge-old-media = {
description = "Purge unused media";
after = ["network.target" "matrix-media-repo.service"];
requires = ["purge-old-media.service"];
wantedBy = ["multi-user.target"];
timerConfig = {
OnUnitInactiveSec = 300;
RandomizedDelaySec = 300;
};
};
sops.secrets."services/matrix-media-repo/access-key-id".owner = "matrix-media-repo";
sops.secrets."services/matrix-media-repo/secret-access-key".owner = "matrix-media-repo";
sops.secrets."services/matrix-media-repo/matrix-token".owner = "matrix-media-repo";
users.users.matrix-media-repo = {
description = "Matrix Media Repository";
home = "/var/lib/matrix-media-repo";

View file

@ -1,11 +1,15 @@
{pkgs, ...}: {
{
config,
pkgs,
...
}: {
imports = [
../../modules/matrix/mautrix-discord.nix
];
services.mautrix-discord = {
enable = true;
environmentFile = pkgs.emptyFile;
environmentFile = config.sops.secrets."services/mautrix/shared_secret".path;
settings = {
homeserver = {
address = "https://matrix.chir.rs";
@ -58,9 +62,13 @@
"@miifox:chir.rs" = "user";
"@lotte:chir.rs" = "admin";
};
login_shared_secret_map = {
"chir.rs" = "as_token:$SHARED_AS_TOKEN";
};
};
};
};
sops.secrets."services/mautrix/shared_secret" = {};
services.postgresql.ensureDatabases = [
"mautrix_discord"
];

View file

@ -5,7 +5,7 @@
}: {
services.mautrix-signal = {
enable = true;
environmentFile = pkgs.emptyFile;
environmentFile = config.sops.secrets."services/mautrix/shared_secret".path;
settings = {
homeserver = {
address = "https://matrix.chir.rs";
@ -43,9 +43,13 @@
"@lotte:chir.rs" = "admin";
};
relay.enabled = true;
login_shared_secret_map = {
"chir.rs" = "as_token:$SHARED_AS_TOKEN";
};
};
};
};
sops.secrets."services/mautrix/shared_secret" = {};
services.postgresql.ensureDatabases = [
"mautrix_signal"
];

View file

@ -55,6 +55,9 @@
"@miifox:chir.rs" = "full";
"@lotte:chir.rs" = "admin";
};
login_shared_secret_map = {
"chir.rs" = "as_token:$SHARED_AS_TOKEN";
};
};
telegram = {
api_id = "$API_ID";

View file

@ -1,11 +1,15 @@
{pkgs, ...}: {
{
config,
pkgs,
...
}: {
imports = [
../../modules/matrix/mautrix-whatsapp.nix
];
services.mautrix-whatsapp = {
enable = true;
environmentFile = pkgs.emptyFile;
environmentFile = config.sops.secrets."services/mautrix/shared_secret".path;
settings = {
homeserver = {
address = "https://matrix.chir.rs";
@ -58,9 +62,13 @@
"@lotte:chir.rs" = "admin";
};
relay.enabled = true;
login_shared_secret_map = {
"chir.rs" = "as_token:$SHARED_AS_TOKEN";
};
};
};
};
sops.secrets."services/mautrix/shared_secret" = {};
services.postgresql.ensureDatabases = [
"mautrix_whatsapp"
];

View file

@ -178,20 +178,6 @@ in {
}
'';
};
"keycloak.chir.rs" = {
useACMEHost = "chir.rs";
logFormat = pkgs.lib.mkForce "";
extraConfig = ''
import baseConfig
reverse_proxy {
to https://keycloak.int.chir.rs
header_up Host {upstream_hostport}
transport http {
versions 1.1
}
}
'';
};
};
services.nginx.virtualHosts."mastodon-assets.chir.rs" = {
listen = [

View file

@ -11,6 +11,7 @@
config.sops.secrets."synapse/mautrix-discord".path
config.sops.secrets."synapse/mautrix-telegram".path
config.sops.secrets."synapse/mautrix-whatsapp".path
config.sops.secrets."synapse/doublepuppet".path
];
server_name = "chir.rs";
public_baseurl = "https://matrix.chir.rs/";
@ -33,11 +34,6 @@
admin_contact = "mailto:lotte@chir.rs";
retention = {
enabled = true;
default_policy = {
max_lifetime = "12w";
};
max_lifetime = "12w";
allowed_lifetime_max = "12w";
purge_jobs = [
{
longest_max_lifetime = "3d";
@ -114,7 +110,6 @@
msc3967_enabled = true;
msc2659_enabled = true;
};
sentry.dsn = "https://18e36e6f16b5490c83364101717cddba@o253952.ingest.sentry.io/6449283";
};
withJemalloc = true;
};
@ -182,4 +177,8 @@
key = "services/mautrix/whatsapp.yaml";
owner = "matrix-synapse";
};
sops.secrets."synapse/doublepuppet" = {
key = "services/mautrix/doublepuppet.yaml";
owner = "matrix-synapse";
};
}

View file

@ -14,11 +14,11 @@
]
},
"locked": {
"lastModified": 1717767658,
"narHash": "sha256-ZqIKqAT6efziCJ6l7PCvM0SGq2imu1jFGqevIrV20uE=",
"lastModified": 1719117521,
"narHash": "sha256-FdelCMFqgxBUzFatd1hqnkA7Q9zSyRLRoNHM+NyZR/U=",
"owner": "DarkKirb",
"repo": "admin-fe",
"rev": "79ab46b5e9edbdd8485cbcd1bd0778dc0b96adce",
"rev": "65e3e446e34d346b9046d788648c5e9cc57bc654",
"type": "github"
},
"original": {
@ -41,11 +41,11 @@
]
},
"locked": {
"lastModified": 1717768591,
"narHash": "sha256-wvDGGDQbtBrs+k/Y3P+MXZOYtd/2X+pV7S3Bhexrthg=",
"lastModified": 1719054596,
"narHash": "sha256-9zqCZy6vJj6jUtWOQoRY8WjGRP6wmGh6HEGkyXpeEkQ=",
"owner": "DarkKirb",
"repo": "akkoma",
"rev": "fa0143f96581edc31c9a3f92644838b631ba630c",
"rev": "074f5e3a8b6f82a1ca04f3f8ee76b73fe20b8669",
"type": "github"
},
"original": {
@ -68,11 +68,11 @@
]
},
"locked": {
"lastModified": 1717768162,
"narHash": "sha256-HndS5SDaZx0dsJI61vcL2Mx48xv0cmrHF3FOOFadJFg=",
"lastModified": 1719120015,
"narHash": "sha256-dSlyDXj2lOwR+f9SHEOG9IXjY+DGEU8XVLkTvxnGi6k=",
"owner": "DarkKirb",
"repo": "akkoma-fe",
"rev": "0cec9bfba7e949e0aac685bd23f54facde77057d",
"rev": "a80f5ef746c1b08a7cc558ae8904cbd21bb28d1b",
"type": "github"
},
"original": {
@ -103,11 +103,11 @@
]
},
"locked": {
"lastModified": 1715087991,
"narHash": "sha256-1t22mSY2XGeqNVUATJ5dLZVWkgeKa48Cv9EFkgNeZS4=",
"lastModified": 1718545268,
"narHash": "sha256-kYnM1kr1U/+mARR3kYd1Yh9atRofKnpNQF5wd4xf8Cc=",
"owner": "DarkKirb",
"repo": "attic",
"rev": "556dc861b54e26c7f759da38d55a6e8cdbc9084d",
"rev": "7634b861f606cd21719e350da5c74475047a456d",
"type": "github"
},
"original": {
@ -127,19 +127,21 @@
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay"
"rust-overlay": [
"rust-overlay"
]
},
"locked": {
"lastModified": 1691655399,
"narHash": "sha256-hVfFMu27OMaUPxpyovnxYNrzDYFCbQaFu+XCAIPeoAk=",
"owner": "DarkKirb",
"lastModified": 1713199118,
"narHash": "sha256-MlLdAvk+zXCFUy280sY6LqtykqWXIkKVXo72J7a6HlU=",
"owner": "cargo2nix",
"repo": "cargo2nix",
"rev": "1a37221e07295f7d5a8842717e94229af72f1c20",
"rev": "1efb03f2f794ad5eed17e807e858c4da001dbc3e",
"type": "github"
},
"original": {
"owner": "DarkKirb",
"ref": "release-0.11.0",
"owner": "cargo2nix",
"ref": "main",
"repo": "cargo2nix",
"type": "github"
}
@ -265,11 +267,11 @@
]
},
"locked": {
"lastModified": 1717832360,
"narHash": "sha256-z7AvEUyqsMptSedRkE0QNnYloIsMv3dAH2OAZi+S/60=",
"lastModified": 1719124928,
"narHash": "sha256-HQIKemMotlGSuvpm5jqQUWw4hO5AT5m4G8vWpA2e+0g=",
"owner": "DarkKirb",
"repo": "element-web",
"rev": "4ca38d19db1a943891626b5d4d7387ca322678b7",
"rev": "f19601a28f62135d6980398c0fece18204e63eb0",
"type": "github"
},
"original": {
@ -362,11 +364,11 @@
]
},
"locked": {
"lastModified": 1717285511,
"narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
"lastModified": 1719745305,
"narHash": "sha256-xwgjVUpqSviudEkpQnioeez1Uo2wzrsMaJKJClh+Bls=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
"rev": "c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9",
"type": "github"
},
"original": {
@ -413,21 +415,6 @@
"type": "github"
}
},
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "lf-",
"repo": "flakey-profile",
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github"
},
"original": {
"owner": "lf-",
"repo": "flakey-profile",
"type": "github"
}
},
"gomod2nix": {
"inputs": {
"nixpkgs": [
@ -458,11 +445,11 @@
]
},
"locked": {
"lastModified": 1717931644,
"narHash": "sha256-Sz8Wh9cAiD5FhL8UWvZxBfnvxETSCVZlqWSYWaCPyu0=",
"lastModified": 1719677234,
"narHash": "sha256-qO9WZsj/0E6zcK4Ht1y/iJ8XfwbBzq7xdqhBh44OP/M=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3d65009effd77cb0d6e7520b68b039836a7606cf",
"rev": "36317d4d38887f7629876b0e43c8d9593c5cc48d",
"type": "github"
},
"original": {
@ -492,11 +479,11 @@
},
"impermanence": {
"locked": {
"lastModified": 1717932370,
"narHash": "sha256-7C5lCpiWiyPoIACOcu2mukn/1JRtz6HC/1aEMhUdcw0=",
"lastModified": 1719091691,
"narHash": "sha256-AxaLX5cBEcGtE02PeGsfscSb/fWMnyS7zMWBXQWDKbE=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "27979f1c3a0d3b9617a3563e2839114ba7d48d3f",
"rev": "23c1f06316b67cb5dabdfe2973da3785cfe9c34a",
"type": "github"
},
"original": {
@ -515,11 +502,11 @@
]
},
"locked": {
"lastModified": 1717935050,
"narHash": "sha256-UWi8G3J+pS+9LVMdjrpLJwncdiMQWrnuUd5ygxCHeNc=",
"lastModified": 1719749459,
"narHash": "sha256-sAZRJNJ9FRUPvseuH21kmh9s+Q6AfQWPNxKVm534wgk=",
"owner": "nix-community",
"repo": "lib-aggregate",
"rev": "1b6ea3be6ba37d4d3ba6e5041e2f152bb684ba2c",
"rev": "a15b020a1d0fc483386eb001ec6735b8a30bec81",
"type": "github"
},
"original": {
@ -528,50 +515,6 @@
"type": "github"
}
},
"lix": {
"flake": false,
"locked": {
"lastModified": 1714955862,
"narHash": "sha256-REWlo2RYHfJkxnmZTEJu3Cd/2VM+wjjpPy7Xi4BdDTQ=",
"ref": "refs/tags/2.90-beta.1",
"rev": "b6799ab0374a8e1907a48915d3187e07da41d88c",
"revCount": 15501,
"type": "git",
"url": "https://git@git.lix.systems/lix-project/lix"
},
"original": {
"ref": "refs/tags/2.90-beta.1",
"type": "git",
"url": "https://git@git.lix.systems/lix-project/lix"
}
},
"lix-module": {
"inputs": {
"flake-utils": [
"flake-utils"
],
"flakey-profile": "flakey-profile",
"lix": [
"lix"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1717647344,
"narHash": "sha256-m8XYt8NU2T4gvkien7H7LFGXHhSA5z4tHOeuXQ3DJi4=",
"ref": "refs/heads/main",
"rev": "4e25f1ab68f2270f9cff59216056c21073db0164",
"revCount": 87,
"type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module"
},
"original": {
"type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module"
}
},
"lowdown-src": {
"flake": false,
"locked": {
@ -604,11 +547,11 @@
]
},
"locked": {
"lastModified": 1717830354,
"narHash": "sha256-ZkTePmsYCxTv5ClOFsR71q5eK8L267p7mBEcOcDhjSE=",
"lastModified": 1719207207,
"narHash": "sha256-wcccEps6IEwjKMy7dhvqXV2eGWDoIM2AcyrN1vLJYe4=",
"owner": "DarkKirb",
"repo": "matrix-js-sdk",
"rev": "e2980d41d2a95bc9c155b60d6e7332086730c3be",
"rev": "60222f9109b1d93dd36ce50976e2b3a1bab66a55",
"type": "github"
},
"original": {
@ -636,11 +579,11 @@
]
},
"locked": {
"lastModified": 1717830817,
"narHash": "sha256-3vfHUC836vAOAS/XXFWiyW6QmtgwQY8JmGNwnwuru0I=",
"lastModified": 1719246851,
"narHash": "sha256-Mgw3dnYDg8dFy6ORe4qRgs0DGAPexux0MWC0XwHvo5Y=",
"owner": "DarkKirb",
"repo": "matrix-react-sdk",
"rev": "88be704799e3423bfdc86622f0b6b02facb43df2",
"rev": "74c6b4121bf868bb6d7422bba7743fdd696fdc09",
"type": "github"
},
"original": {
@ -656,11 +599,11 @@
]
},
"locked": {
"lastModified": 1717067539,
"narHash": "sha256-oIs5EF+6VpHJRvvpVWuqCYJMMVW/6h59aYUv9lABLtY=",
"lastModified": 1718727675,
"narHash": "sha256-uFsCwWYI2pUpt0awahSBorDUrUfBhaAiyz+BPTS2MHk=",
"owner": "nix-community",
"repo": "naersk",
"rev": "fa19d8c135e776dc97f4dcca08656a0eeb28d5c0",
"rev": "941ce6dc38762a7cfb90b5add223d584feed299b",
"type": "github"
},
"original": {
@ -705,11 +648,11 @@
]
},
"locked": {
"lastModified": 1717896375,
"narHash": "sha256-qI8f1XSFo1X29+RSVmYo5hDAMKKULnpmIZbRl77u21A=",
"lastModified": 1719710498,
"narHash": "sha256-+yqI1zvk1jNcNTWA3CGnp5N2jSXr/q/CggYZYvGsdNc=",
"owner": "fufexan",
"repo": "nix-gaming",
"rev": "6ed58348c20bab127555a3645e832591d2611f0c",
"rev": "774908e566a0b3b702219fdf90a5ed4551b3688d",
"type": "github"
},
"original": {
@ -740,11 +683,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1717995329,
"narHash": "sha256-lQJXEFHHVsFdFLx0bvoRbZH3IXUBsle6EWj9JroTJ/s=",
"lastModified": 1719681865,
"narHash": "sha256-Lp+l1IsREVbz8WM35OJYZz8sAH0XOjrZWUXVB5bJ2qg=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "58b52b0dd191af70f538c707c66c682331cfdffc",
"rev": "a59f00f5ac65b19382617ba00f360f8bc07ed3ac",
"type": "github"
},
"original": {
@ -810,11 +753,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1718042695,
"narHash": "sha256-BPbKImsGFH4QXMl3tsBwVQqdDQ9xwHaoPd7MHoWcHgU=",
"lastModified": 1719770832,
"narHash": "sha256-60+ZpoWArajSLyKMhZwiCeCbhsg9z2FlAJc3/n9g3bs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0eb15848586f2eb942f8c59949d05813f65b8967",
"rev": "54d99d57971230030c95ea3022f8bc862148b5b2",
"type": "github"
},
"original": {
@ -843,8 +786,6 @@
"hydra": "hydra",
"impermanence": "impermanence",
"lib-aggregate": "lib-aggregate",
"lix": "lix",
"lix-module": "lix-module",
"matrix-js-sdk": "matrix-js-sdk",
"matrix-react-sdk": "matrix-react-sdk",
"naersk": "naersk",
@ -853,51 +794,23 @@
"nixos-hardware": "nixos-hardware",
"nixos-vscode-server": "nixos-vscode-server",
"nixpkgs": "nixpkgs_2",
"rust-overlay": "rust-overlay_2",
"rust-overlay": "rust-overlay",
"sops-nix": "sops-nix",
"systems": "systems_2"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": [
"cargo2nix",
"flake-utils"
],
"nixpkgs": [
"cargo2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1653878966,
"narHash": "sha256-T51Gck/vrJZi1m+uTbhEFTRgZmE59sydVONadADv358=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "8526d618af012a923ca116be9603e818b502a8db",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_2": {
"inputs": {
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1717985971,
"narHash": "sha256-24h/qKp0aeI+Ew13WdRF521kY24PYa5HOvw0mlrABjk=",
"lastModified": 1719714047,
"narHash": "sha256-MeNPopLLv63EZj5L43j4TZkmW4wj1ouoc/h/E20sl/U=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "abfe5b3126b1b7e9e4daafc1c6478d17f0b584e7",
"rev": "cb216719ce89a43dfb3d1b86a9575e89f4b727a4",
"type": "github"
},
"original": {
@ -916,11 +829,11 @@
]
},
"locked": {
"lastModified": 1717902109,
"narHash": "sha256-OQTjaEZcByyVmHwJlKp/8SE9ikC4w+mFd3X0jJs6wiA=",
"lastModified": 1719716556,
"narHash": "sha256-KA9gy2Wkv76s4A8eLnOcdKVTygewbw3xsB8+awNMyqs=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "f0922ad001829b400f0160ba85b47d252fa3d925",
"rev": "b5974d4331fb6c893e808977a2e1a6d34b3162d6",
"type": "github"
},
"original": {

View file

@ -32,11 +32,11 @@ rec {
inputs.rust-overlay.follows = "rust-overlay";
};
cargo2nix = {
url = "github:DarkKirb/cargo2nix/release-0.11.0";
url = "github:cargo2nix/cargo2nix/main";
inputs.flake-compat.follows = "flake-compat";
inputs.flake-utils.follows = "flake-utils";
inputs.nixpkgs.follows = "nixpkgs";
#inputs.rust-overlay.follows = "rust-overlay";
inputs.rust-overlay.follows = "rust-overlay";
};
colorpickle = {
url = "github:AgathaSorceress/colorpickle";
@ -102,16 +102,6 @@ rec {
inputs.flake-utils.follows = "flake-utils";
inputs.nixpkgs-lib.follows = "nixpkgs";
};
lix = {
url = "git+https://git@git.lix.systems/lix-project/lix?ref=refs/tags/2.90-beta.1";
flake = false;
};
lix-module = {
url = "git+https://git.lix.systems/lix-project/nixos-module";
inputs.lix.follows = "lix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
matrix-react-sdk = {
url = "github:DarkKirb/matrix-react-sdk";
inputs.flake-parts.follows = "flake-parts";
@ -307,7 +297,6 @@ rec {
home-manager.extraSpecialArgs = args // {inherit system;};
})
(import utils/link-input.nix args)
args.lix-module.nixosModules.default
];
};
})
@ -363,17 +352,6 @@ rec {
# Uncomment the line to build an installer image
# This is EXTREMELY LARGE and will make builds take forever
# installer.x86_64-linux = nixosConfigurations.installer.config.system.build.isoImage;
tests = let
pkgs = import nixpkgs {
system = "x86_64-linux";
overlays = [
self.overlays.x86_64-linux
];
};
in {
postgresql = pkgs.callPackage ./new-infra/containers/postgresql/test.nix {};
keycloak = pkgs.callPackage ./new-infra/containers/keycloak/test.nix {};
};
};
};
}

View file

@ -1,3 +0,0 @@
# New infrastructure config
Work in progress configuration that is used for a more containerized nixos install.

View file

@ -1,150 +0,0 @@
{
lib,
pkgs,
config,
...
}: let
config' = config;
keycloakIP = config'.containers.keycloak.localAddress6;
in {
imports = [
../postgresql/default.nix
];
containers.postgresql = {
bindMounts.keycloak-db-password = {
mountPoint = "/secrets/keycloak-db-password-input";
hostPath = "/run/generated-secrets/keycloak-db-password";
};
config = {
config,
pkgs,
lib,
...
}: {
networking.firewall.extraCommands = ''
ip6tables -A nixos-fw -p tcp -s ${keycloakIP} -m tcp --dport 5432 -m comment --comment keycloak-db -j nixos-fw-accept
'';
services.postgresql = {
ensureDatabases = [
"keycloak"
];
ensureUsers = [
{
name = "keycloak";
ensureDBOwnership = true;
}
];
authentication = ''
host keycloak keycloak ${keycloakIP}/128 scram-sha-256
'';
};
systemd.services.postgresql.postStart = lib.mkAfter ''
$PSQL -c "ALTER USER keycloak PASSWORD '$(cat /secrets/keycloak-db-password)';"
'';
systemd.tmpfiles.rules = [
"C /secrets/keycloak-db-password - - - - /secrets/keycloak-db-password-input"
"z /secrets/keycloak-db-password - postgres postgres - -"
];
};
};
containers.keycloak = rec {
autoStart = true;
privateNetwork = true;
hostBridge = "containers";
localAddress6 = "fc00::3";
ephemeral = true;
bindMounts = {
keycloak-db-password = {
mountPoint = "/secrets/keycloak-db-password";
hostPath = "/run/generated-secrets/keycloak-db-password";
};
};
config = {
config,
pkgs,
...
}: {
networking.interfaces.eth0.ipv6.routes = [
{
address = "fc00::";
prefixLength = 64;
}
];
services.keycloak = {
database = {
host = config'.containers.postgresql.localAddress6;
name = "keycloak";
passwordFile = "/secrets/keycloak-db-password";
username = "keycloak";
useSSL = false;
};
enable = true;
settings = {
hostname = "keycloak.chir.rs";
hostname-strict-backchannel = true;
proxy = "edge";
proxy-headers = "xforwarded";
hostname-admin = "keycloak-admin.int.chir.rs";
http-enabled = true;
health-enabled = true;
metrics-enabled = true;
http-port = 8080;
https-port = 8443;
hostname-strict = false;
};
};
system.stateVersion = "24.05";
networking.firewall.extraCommands = ''
ip6tables -A nixos-fw -p tcp -s fc00::1 -m tcp --dport 8080 -m comment --comment caddy -j nixos-fw-accept
'';
};
};
systemd.services.keycloak-db-password = {
script = ''
umask 077
mkdir -pv /run/generated-secrets
cat /dev/urandom | tr -dc A-za-z0-9 | head -c 16 > /run/generated-secrets/keycloak-db-password
'';
};
systemd.services."container@keycloak".requires = [
"container@postgresql.service"
"keycloak-db-password.service"
];
systemd.services."container@keycloak".after = [
"container@postgresql.service"
"keycloak-db-password.service"
];
systemd.services."container@postgresql".partOf = [
"container@keycloak.service"
];
systemd.services."container@postgresql".requires = [
"keycloak-db-password.service"
];
services.caddy.virtualHosts = {
"keycloak-admin.int.chir.rs" = {
useACMEHost = "int.chir.rs";
logFormat = lib.mkForce "";
extraConfig = ''
import baseConfig
reverse_proxy http://keycloak:8080
'';
};
"keycloak.int.chir.rs" = {
useACMEHost = "int.chir.rs";
logFormat = lib.mkForce "";
extraConfig = ''
import baseConfig
@public path /js/* /realms/* /resources/* /robots.txt
reverse_proxy @public http://keycloak:8080
'';
};
};
}

View file

@ -1,21 +0,0 @@
{pkgs ? import <nixpkgs> {}, ...}:
pkgs.testers.runNixOSTest {
name = "keycloak";
nodes.keycloak = {
config,
pkgs,
...
}: {
imports = [
./default.nix
../../default.nix
];
system.stateVersion = "23.11";
};
testScript = ''
keycloak.wait_for_unit("container@keycloak.service")
keycloak.succeed("sleep 60")
keycloak.succeed("nixos-container run keycloak -- curl -v 'http://localhost:8080/health'")
'';
}

View file

@ -1,63 +0,0 @@
{pkgs, ...}: {
containers.postgresql = rec {
autoStart = true;
privateNetwork = true;
hostBridge = "containers";
localAddress6 = "fc00::2";
ephemeral = true;
bindMounts = {
persist = {
mountPoint = "/persist";
hostPath = "/persist/postgresql";
isReadOnly = false;
};
backup = {
mountPoint = "/backup";
hostPath = "/persist/backup/postgresql";
isReadOnly = false;
};
};
config = {
config,
pkgs,
...
}: {
networking.interfaces.eth0.ipv6.routes = [
{
address = "fc00::";
prefixLength = 64;
}
];
services.postgresql = {
enable = true;
package = pkgs.postgresql_16;
dataDir = "/persist/16";
enableTCPIP = true;
};
services.postgresqlBackup = {
enable = true;
pgdumpOptions = "-C";
location = "/backup";
compression = "zstd";
compressionLevel = 19;
};
networking.firewall = {
enable = true;
};
system.stateVersion = "24.05";
systemd.tmpfiles.rules = [
"d /persist - postgres postgres - -"
"d /backup - postgres postgres - -"
];
services.prometheus.exporters.postgres.enable = true;
networking.firewall.extraCommands = ''
ip6tables -A nixos-fw -p tcp -s _gateway -m tcp --dport ${toString config.services.prometheus.exporters.postgres.port} -m comment --comment postgres-exporter -j nixos-fw-accept
'';
};
};
systemd.tmpfiles.rules = [
"d /persist/postgresql - - - - -"
"d /persist/backup/postgresql - - - - -"
];
}

View file

@ -1,23 +0,0 @@
{pkgs ? import <nixpkgs> {}, ...}:
pkgs.testers.runNixOSTest {
name = "postgresql";
nodes.postgresql = {
config,
pkgs,
...
}: {
imports = [
./default.nix
../../default.nix
];
system.stateVersion = "23.11";
};
testScript = ''
postgresql.wait_for_unit("container@postgresql.service")
postgresql.succeed("nixos-container run postgresql -- systemctl start postgresqlBackup.service")
postgresql.succeed("stat /persist/backup/postgresql/all.sql.zstd")
postgresql.succeed("sleep 5")
postgresql.succeed("curl -v 'http://postgresql:9187/metrics'")
'';
}

View file

@ -1,18 +0,0 @@
{config, ...}: {
networking = {
bridges.containers.interfaces = ["container-root"];
interfaces = {
container-root = {
virtual = true;
};
containers = {
ipv6.addresses = [
{
address = "fc00::1";
prefixLength = 64;
}
];
};
};
};
}

View file

@ -1,6 +0,0 @@
{
imports = [
../default.nix
../containers/keycloak/default.nix # TODO
];
}

View file

@ -1,10 +1,10 @@
{
"url": "https://github.com/ETBCOR/nasin-nanpa",
"rev": "b208d2953e0355b352d469b07fa5650c7b92a9be",
"date": "2024-06-04T02:58:09-06:00",
"path": "/nix/store/mkkxdyh2hjw1piazl6182m8k34ryx7fj-nasin-nanpa",
"sha256": "0qh46f2am34szvhy7fab0cpdqchqlgqsvxakb7s05nlkh7jzlq66",
"hash": "sha256-xmD65YGT2gL0WVP1rfGjGDLcLgNLuePh/pqMqoQzBGI=",
"rev": "4af0db16f455bd7fc4d8f58021ddece2533326cb",
"date": "2024-06-11T04:07:18-06:00",
"path": "/nix/store/dcv4ikv7bmv4iakdfxvlpx7nb6zc9kdw-nasin-nanpa",
"sha256": "0ppjaq37mrx0iwhz2p6ggnlnsagd51d2k7jfba6jcsw4y0mc53lz",
"hash": "sha256-n47CKvCEayaNWk6eKVoo7SltqX3PXPEhj6DnegZW8l4=",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,

View file

@ -1 +1 @@
{"major": "4.0", "minor": "4.0.0"}
{"major": "4.0", "minor": "4.0.1"}

View file

@ -416,38 +416,38 @@ schema = 3
version = "v1.24.0"
hash = "sha256-FHP0hg+i7+wxCsM0u/5hQcgvvr3D+lq8o/7E/HkaW4s="
[mod."golang.org/x/crypto"]
version = "v0.21.0"
hash = "sha256-Z4k1LvFh4Jai7HUe6TTuXSG3VnuiRpMwdARIdZZqSYk="
version = "v0.23.0"
hash = "sha256-6hZjb/OazWFBef0C/aH63l49YQnzCh2vpIduzyfSSG8="
[mod."golang.org/x/exp"]
version = "v0.0.0-20240314144324-c7f7c6466f7f"
hash = "sha256-RVQIpS6Plx4r82w39/Zn/j0vbSrqcZ3vjVzXMjh772A="
[mod."golang.org/x/image"]
version = "v0.15.0"
hash = "sha256-8VvBDVh7MjaZNi5hERxKyHUrOYEmTsAylxj3fkE1QVA="
version = "v0.18.0"
hash = "sha256-g9N/y4asXG1lctPJ1KEf8XIjeJi/mQ43EXUa8HTj/zQ="
[mod."golang.org/x/mod"]
version = "v0.16.0"
hash = "sha256-aN1Cz5Wqd9YCjK8nFW6JWn+n1HfFoEcgYZmGO/FYtbw="
version = "v0.17.0"
hash = "sha256-CLaPeF6uTFuRDv4oHwOQE6MCMvrzkUjWN3NuyywZjKU="
[mod."golang.org/x/net"]
version = "v0.23.0"
hash = "sha256-ZB4504rtgsHbcRfijjlqt4/2ddb8tyQB5IBn126uVTQ="
version = "v0.25.0"
hash = "sha256-IjFfXLYNj27WLF7vpkZ6mfFXBnp+7QER3OQ0RgjxN54="
[mod."golang.org/x/sync"]
version = "v0.6.0"
hash = "sha256-LLims/wjDZtIqlYCVHREewcUOX4hwRwplEuZKPOJ/HI="
version = "v0.7.0"
hash = "sha256-2ETllEu2GDWoOd/yMkOkLC2hWBpKzbVZ8LhjLu0d2A8="
[mod."golang.org/x/sys"]
version = "v0.18.0"
hash = "sha256-bIFhfFp7Sj0E1gcE3X3l/jecCfSRLgrkb8f0Yr6tVR0="
version = "v0.20.0"
hash = "sha256-mowlaoG2k4n1c1rApWef5EMiXd3I77CsUi8jPh6pTYA="
[mod."golang.org/x/term"]
version = "v0.18.0"
hash = "sha256-lpze9arFZIhBV8Ht3VZyoiUwqPkeH2IwfXt8M3xljiM="
version = "v0.20.0"
hash = "sha256-kU+OVJbYktTIn4ZTAdomsOjL069Vj45sdroEMRKaRDI="
[mod."golang.org/x/text"]
version = "v0.14.0"
hash = "sha256-yh3B0tom1RfzQBf1RNmfdNWF1PtiqxV41jW1GVS6JAg="
version = "v0.16.0"
hash = "sha256-hMTO45upjEuA4sJzGplJT+La2n3oAfHccfYWZuHcH+8="
[mod."golang.org/x/time"]
version = "v0.5.0"
hash = "sha256-W6RgwgdYTO3byIPOFxrP2IpAZdgaGowAaVfYby7AULU="
[mod."golang.org/x/tools"]
version = "v0.19.0"
hash = "sha256-Xf05Ao398gBzxn5C8H6x+XsLjFLIm+UUfpDekQYA0cw="
version = "v0.21.1-0.20240508182429-e35e4ccd0d2d"
hash = "sha256-KfnS+3fREPAWQUBoUedPupQp9yLrugxMmmEoHvyzKNE="
[mod."google.golang.org/genproto/googleapis/rpc"]
version = "v0.0.0-20240314234333-6e1732d8331c"
hash = "sha256-P5SBku16dYnK4koUQxTeGwPxAAWH8rxbDm2pOzFLo/Q="

View file

@ -1,10 +1,10 @@
{
"url": "https://github.com/turt2live/matrix-media-repo",
"rev": "d931ed9b3b77739ec80ca6894580f24201a638eb",
"date": "2024-06-04T16:08:30-06:00",
"path": "/nix/store/4wx8zp26xfwhf2ypqgsm6c3wxx3mz68p-matrix-media-repo",
"sha256": "1kfidxclj8bq1z65nnf0z2ldhfwcmv6i0hz15mqqplg9wx0j2v19",
"hash": "sha256-KWwhQefp0YtxLeFDEM2ujDvYqPjAWVvMD3ghSVlv0c0=",
"rev": "a5ec7108c821e25bf562060ccd3a51438e7dcda3",
"date": "2024-06-26T15:28:17-06:00",
"path": "/nix/store/05sp7y0xgpxqkx6jvi91233wxpvans1c-matrix-media-repo",
"sha256": "1bslk6gbkz2x66n7m0dwczbn22pqqcslrdhn07aaf3qm87x9z2xh",
"hash": "sha256-sIuf+kEVD6fUARa2TDXD+Aph12e8gXqsMV38uZ6ZVK8=",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,

View file

@ -1,10 +1,10 @@
{
"url": "https://github.com/mautrix/discord",
"rev": "a6d9e62b497a36c4b61d240d6dc774359be65168",
"date": "2024-05-31T21:45:50+03:00",
"path": "/nix/store/xx3jsn0dggad326ss78dn9l3rl053jzh-discord",
"sha256": "0fszmdhfdmizl43dg8plzhfgi92fkfjnmindc2wihm6kkd3sh4k7",
"hash": "sha256-ZxKoR5vTVBi5YM3GaqWbTqT4HPz0otcGoT/W5mCrXzs=",
"rev": "a126a36249df7fda1d89f345a34607e9e54a077a",
"date": "2024-06-24T21:43:11+03:00",
"path": "/nix/store/j87a5wv86qh8lij8i1gyvzml7b4nm7dv-discord",
"sha256": "0m8xi74x340yrp7bhxj3b3drblsj4qswfb98klmxzykjvdhik530",
"hash": "sha256-YJQZYdty+t8rnSgtxzUmUtOV21hDdrjOzR6Q0cmJHVU=",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,

View file

@ -4,9 +4,6 @@ schema = 3
[mod."filippo.io/edwards25519"]
version = "v1.0.0"
hash = "sha256-APnPAcmItvtJ5Zsy863lzR2TjEBF9Y66TY1e4M1ap98="
[mod."github.com/beeper/libserv"]
version = "v0.0.0-20231231202820-c7303abfc32c"
hash = "sha256-C2CT1LuaLqe2VEykqnUr9dcOzE+G+v7XBaLT0RuLfMo="
[mod."github.com/beorn7/perks"]
version = "v1.0.1"
hash = "sha256-h75GUqfwJKngCJQVE5Ao5wnO3cfKD9lSIteoLp/3xJ4="
@ -74,47 +71,47 @@ schema = 3
version = "v1.2.5"
hash = "sha256-OYGNolkmL7E1Qs2qrQ3IVpQp5gkcHNU/AB/z2O+Myps="
[mod."github.com/yuin/goldmark"]
version = "v1.7.1"
hash = "sha256-3EUgwoZRRs2jNBWSbB0DGNmfBvx7CeAgEwyUdaRaeR4="
version = "v1.7.2"
hash = "sha256-0rjUJP5WJy6227Epkgm/UHU9xzvrOAvYW+Y3EC+MkTE="
[mod."go.mau.fi/libsignal"]
version = "v0.1.0"
hash = "sha256-hSZQkw/0eV5Y0pj1N+idYuKb/jtiw/qTfaOGdYCXmn0="
[mod."go.mau.fi/util"]
version = "v0.4.2"
hash = "sha256-o/d7Wd+2byFxmVxjl5o/AAUO/2d12vzItq6H5yUtcow="
version = "v0.5.0"
hash = "sha256-Gpg/orzKd3emcQecqc++y3xDp43oC8owDljiiBNIxpQ="
[mod."go.mau.fi/webp"]
version = "v0.1.0"
hash = "sha256-KIP/Onw0t/o10oBuvmRQDff7GF8G5lsMaDXpe0fjvNg="
[mod."go.mau.fi/whatsmeow"]
version = "v0.0.0-20240603101645-64bc969fbe78"
hash = "sha256-MBDcxTHM+ZxxzIrendWWEhNdkPA7cLgkduC424+j+fU="
version = "v0.0.0-20240619210240-329c2336a6f1"
hash = "sha256-J4taRK1xJMdrbQt9c5s6ncGvCtFpuGWGtaApY4BD49c="
[mod."go.mau.fi/zeroconfig"]
version = "v0.1.2"
hash = "sha256-xf4p2Z5Pl9In3ne9BVmy7YvtooSRBzqxP4Pl2jdVN8w="
[mod."golang.org/x/crypto"]
version = "v0.23.0"
hash = "sha256-6hZjb/OazWFBef0C/aH63l49YQnzCh2vpIduzyfSSG8="
version = "v0.24.0"
hash = "sha256-wpxJApwSmmn9meVdpFdOU0gzeJbIXcKuFfYUUVogSss="
[mod."golang.org/x/exp"]
version = "v0.0.0-20240409090435-93d18d7e34b8"
hash = "sha256-yJ9KBMmck/gGGTwPx26kZzqBHlh3sn3kKVjwBI1OB0w="
version = "v0.0.0-20240613232115-7f521ea00fb8"
hash = "sha256-QRK52QHPPhj+JIcQbd4/hI5ceEbKu3e9mR57XxocwOE="
[mod."golang.org/x/image"]
version = "v0.16.0"
hash = "sha256-+BOLefaFM/c+AV3kmnNvztbhZ+a9GCNwkEya8hZSKYg="
version = "v0.17.0"
hash = "sha256-tH5e4+0ero5B5/r5TwzxQZhnfCecQvmoles3UW24X/c="
[mod."golang.org/x/net"]
version = "v0.25.0"
hash = "sha256-IjFfXLYNj27WLF7vpkZ6mfFXBnp+7QER3OQ0RgjxN54="
version = "v0.26.0"
hash = "sha256-WfY33QERNbcIiDkH3+p2XGrAVqvWBQfc8neUt6TH6dQ="
[mod."golang.org/x/sync"]
version = "v0.7.0"
hash = "sha256-2ETllEu2GDWoOd/yMkOkLC2hWBpKzbVZ8LhjLu0d2A8="
[mod."golang.org/x/sys"]
version = "v0.20.0"
hash = "sha256-mowlaoG2k4n1c1rApWef5EMiXd3I77CsUi8jPh6pTYA="
version = "v0.21.0"
hash = "sha256-gapzPWuEqY36V6W2YhIDYR49sEvjJRd7bSuf9K1f4JY="
[mod."golang.org/x/text"]
version = "v0.15.0"
hash = "sha256-pBnj0AEkfkvZf+3bN7h6epCD2kurw59clDP7yWvxKlk="
version = "v0.16.0"
hash = "sha256-hMTO45upjEuA4sJzGplJT+La2n3oAfHccfYWZuHcH+8="
[mod."google.golang.org/protobuf"]
version = "v1.34.1"
hash = "sha256-qnHqY6KLZiZDbTVTN6uzF4jedxROYlPCYHoiv6XI0sc="
version = "v1.34.2"
hash = "sha256-nMTlrDEE2dbpWz50eQMPBQXCyQh4IdjrTIccaU0F3m0="
[mod."gopkg.in/natefinch/lumberjack.v2"]
version = "v2.2.1"
hash = "sha256-GaXWRDxhGy4Z4mgE+bJ8OE9SVvYUa9TnNiydnp2s1Ms="
@ -125,5 +122,5 @@ schema = 3
version = "v1.0.0"
hash = "sha256-fYc/WwqE0ev0dvnu5qGmHJsYiSTuWeOTiAVzmQIKWyY="
[mod."maunium.net/go/mautrix"]
version = "v0.18.1"
hash = "sha256-H7YcwnZ+ADiKvh5QhnDtCKh+/lot6GtcNzBNds6dgGo="
version = "v0.19.0-beta.1.0.20240619204109-68d8ab6896fd"
hash = "sha256-jvlKfDTJyctVu3Mn18wZxCm0XrnW39lLGD87h7zmeKs="

View file

@ -1,10 +1,10 @@
{
"url": "https://github.com/mautrix/whatsapp",
"rev": "73266af07558da852f6b4b0ac5129a43a71bfa7d",
"date": "2024-06-03T13:17:51+03:00",
"path": "/nix/store/wa8v5n2m6i0xjrlfryviki9r9qsfyf7y-whatsapp",
"sha256": "021w6mmw12kvz1wi1lvbsrirvagjlsbaya9jni3s25ys1hbz2hav",
"hash": "sha256-W0HxFwzaF6FHtDIpr5am8qmdY9Zr0xB5+HuKwGs1PAg=",
"rev": "c72d7cb8d51f22a92b6b41821888490417f718ac",
"date": "2024-06-20T00:06:16+03:00",
"path": "/nix/store/3151w9b8n84pkn4gvwfbwa0wzv7i5q17-whatsapp",
"sha256": "0388gy5snw7wy8kp5wagvqdymy07w2kh5f5s671k9qnlj76s0kcf",
"hash": "sha256-jk2gzZHU4jTDMbq4AqfgB/jqG95P8XIn8vxwq4t/CA0=",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,

View file

@ -1,10 +1,10 @@
{
"url": "https://github.com/matrix-org/sliding-sync",
"rev": "837163f7f883e0a0587eb8a525e68924311c5f75",
"date": "2024-06-05T09:01:44+01:00",
"path": "/nix/store/42hrh8qcps64w0pn9aj81csgmmnj41ir-sliding-sync",
"sha256": "1xmbw0j9yx6q5m8sicfdvxs2jv75knr55v8b6q4hhhrza5riyr6m",
"hash": "sha256-1WQfc1E/QwgJNgvtUrKd5WwpdN/NsahRLdh0nyTgq/Y=",
"rev": "f70dbe0186ecc1e7dcdbed32fea6326de3dbd844",
"date": "2024-06-28T16:20:09+01:00",
"path": "/nix/store/pfh4yysr6d1dfldwb86wggn49zpvw7jq-sliding-sync",
"sha256": "1bj0qya3jmj7nf87jkvgnf1mzabab3dry2wg8xzy4dd8r3w4p1f3",
"hash": "sha256-w4VL+MioNeJ/R48Ln9tYaqlfg7NvT3mQs0dWOZTHQK4=",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,

View file

@ -14,10 +14,10 @@
in
buildPythonPackage rec {
pname = "plover_lapwing_aio";
version = "1.1.12";
version = "1.1.16";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-/JymR13kwpr7sykq1vizg2Wqc0g55rGAY7hmtuI2Weo=";
sha256 = "sha256-dSMHjt/Yzof4M5qrJIGNSEiLsOtShIGjqu6ezpr1b3o=";
};
postPatch = ''

View file

@ -5,11 +5,13 @@ services:
synapse:
private_key: ENC[AES256_GCM,data:KOOrWnhvgmiH8ZrXyhOxMBpNMasRs7rz3Bakod9zM0gOH9f0iZKNk/VcAjU3pQSHIX/wtKP9LwRaQ2g=,iv:sP3pgVnVmnR+JlD3Y2j0hDJR175sq2kRCepNHPQMB6U=,tag:JkSVD4y6HxbYaXJkm9sOrw==,type:str]
mautrix:
telegram: ENC[AES256_GCM,data:7G4uRhomr62ZF32yz7zOUhr3etCEgybo7gp1WZzx8A9tnbqfLcm1buvd8z7/2wypNVt8wWr9Z8DMwACojZjtni7mSwJgfFmbBIs8jAjATZYwGWSs0JYyPsEmdNI3Jeo0XA1faqzq3m7CSLS7axUhZd0MzfkOy78Nf8+MiOcgPnC2VRj252yy+Z8fBq7bsyb7M+rOIgNBWhzfknx8ID/fdZrcYSYoDbTYFOecjzRtDkrRq10hJko3z/JR5tCj/heU5fjBy6ZgAeqgKVQoRH6bsCXkQCQtfxbcWsHJVRo60nvJBp/Djf7A4cVca75FYN91jYSFQ15njLdiyd/z4+cd//EFDxbgpA==,iv:kfDJtNpsaPCf86PLRJYFWzud/qEfxPKDTPqfSNCqN+g=,tag:DkpaHhu5fHSqKkaKbql5FQ==,type:str]
telegram: ENC[AES256_GCM,data:wwnyH5cd9UYUSSrQlo7L9j3C6cJmmS4VRsSXVjW40L17oO4FdvlDkihq2Soe/5FchjyRO3acRMPjGoNr77AsfwEylqsQ6eyray3PAHQ3oNimDwdkrsMIT3XQ44ujGK05wqlU6ywYMFtlQYkuOqQOxEnRngVwufMhKs7Yo1ycxVPc+CIE3Hlju93xTuTuIJZY9pEKCrOtdP13OmvnFf6rMvstiJrN2i+EzTwqbqSfs3uubRxpSnrKKLlkaL5TuIphU7sFcL1irzh5MCTM7aaX7RdJJuP6KuAT2iHaPz8aCOnGzHXbibrSb+6enj12P60xv0J9ayTXjL7iDLKCYBndfXNZUl05PazTL9zRhm8jSQjkYXXsMmawbdVcrH7/1UFXd1AJPWQ/O2KvDipstw==,iv:ICa1U4B1A+8qCPrK+sWO0/mJoyJxUVWyR+HaD/cC+LI=,tag:q63tvOJhDKnN6AgzvLiKJA==,type:str]
shared_secret: ENC[AES256_GCM,data:k43actfw+7pbrjOJ68dVBAPD+ZBgJaPRRDNpv/CDTCJI5HFSqE0N,iv:LaT32Dfdgs5lsz2FBusVq8tp+1clNcSGi17+BOmsL0Y=,tag:6WO20t7pPq8gjJBtZWtwzw==,type:str]
discord.yaml: ENC[AES256_GCM,data:YQrvIe8PlrJZ5c4YAEAqaW80ls+F281EdQw4dWE4LA5BZyw4B/TuPL//oYaYGXYgFvbxHGsCqYvEeag4uOv9PclVl5LfAwc1X+rNpmww0lBUE3odFSL8D7+e9uf9DD934Yr3oXKX5igQODSp5PfuOETrMXizaImtCOvAajZtg9/Cg7xKVcti2kO0I3/lugfvSWExYYu1XlSi8Bpaq+e2WfxVQcggoN0p2uTRnKMzoSyHMUADr500VNXXuQlhusLgnYI+FGfZd7dWe0vtBNKieQEr4V5fkN5xSSlppK2b23WuGUnz/UFc86QnVqchtgSeqPv+cs4/hMgHRhDrt4PA0d9Gn5UdQtS4p4XSyUAs4Df74BGSogHHy7HhLU1ScbhPoRDCWSmM2PqBLCCd4qgQ2sYnoiW5wahiIgLVyEYIZN+UEzgs/TkMErsa4YwyH/NjNrTaGCew87lOEMRlmElOB5jenrB9Udo643CzB52HIv9BuGM/HFBKLrG0LsBpF/7mha6rPQ/+oRDeo56JjYpMH5DqxnHziX4obzG2MO5mPLEpFmLT08gat41LrgTzeh9wHGJxosSqrBvQKpDeTMtZGeU48/ed3MAMsRgqW37NIbcsDFwCOwK//IFBY//D7e/8iqU5Lyr9umQKdor80doeVg==,iv:Bt+jGfXVeT5hk9wL2wRYCeYD89oQzOGky/OksfDpLjo=,tag:DmKS5a26t/JWHmm2ok9SjQ==,type:str]
signal.yaml: ENC[AES256_GCM,data:8/cn9tIIBhfOLbIHOWKr2I+UG8PcnsYozTuIuyFgkcTCuGemid4hw29KWXahQ/ILtu7e9gVVOYu6fi/bionXKAdyk2bDr7ZC+b4MGaAsLbvKvyZ03Q9aIK8t9JEFTrY9VlhfP3/84ohAoS5P7hnaoO06LFtrApG+0WOoS2TLydlS5e7xuqQxbJkutEi1kmITVTYT21HLdz9Shgmo7s9ZxLQ51kTWVhZBH8ixj4t1BwX7oql+4HCmtEltGUmY31PsINmm3GjKi/D0nuf2oWTpWRCjFkX7wjboPFFmZPV0KTm2gOqDWIXtfgLzyNXsF0kyMM0p9h7UiqiuHSJRmFu3AwQTkTsDVuTh9YmVkyhkyI6fNjrniAckj3UfYyY7AiEeA7QK9fengntwnHDODLxHkwzripxCXRPBa0BUREV3dT5gPW1pDhSNiLE0UGsmIDf80JWDsll053kxe744NBI2bFJYD2dZTbVSmYKLiwjuc2FgofZnR9N0yA+OiVOZMxb9VfoXQC0K10vJd9540UH1UdDgOgM0Z+VW6UIrK9x/UKY4U2nKqD1W8kAC2aHQjIHAs37RzboLfagbAWQ7YeKXXoaaV3a9fTI4bxiTTG8EeYzfulcbtPNMYvZaNZFj34zIvuGJAOsOf67XRtJ5ywvWbagumIW1pyyeJ2Q9onKqzBY+VSDhUNxTyueHB8A=,iv:YI4ugoPUYs9PXaRmaIYY9N+7b8qspNHCSE8qUBKtn8M=,tag:YQ0pWwarrTWQMbb1yara7g==,type:str]
telegram.yaml: ENC[AES256_GCM,data:cK/6xsY0k43X5L7pDZTyKBULtIXSw+VpmK344oRhg9Bp+Ga1W+qUvcJ/ryT7LDC1pJ/8LP5r3/IimlARnFynhkxjJCs52/TPjSSLLTbkwPZG1Mhxp00tE5/+naH7HKs5mlnZHXjNRqtI51xAec9p9gQEvYUDoWmJGV/eYIi1yiVYLy9ce5+rGQMwbWJmLoIKfuOebmqtkX93O8m3ZUOYeRRi05RdNpiKwwrqtpbEfX4IuttFqPltOd7TaFksn081+sRCUFlvfRYlcHWd0d66ekKH9yNheVtOM5fsNwfP418kjPxhf4JcgcXOn7IGUvG/0q7tdLbdfo11fmFDH3Do2J/ua6hEWxjVT/jRhRZgPl6T8nN5TF16oj1kDFJb5EOS8/ZO6dN1f/66/kb3r+JG0auBspfI0jT+2+LPxDf0GoK9/WEE/ZDeNRB08TWE9fNh4MtbPwoZGhl/Z9jzUIgQnSBkM92hRQHq8H5lL52Az+koUFULWa4lSiPuzicVByqsyhv71SwMTKWuMNQoWHIAMANSitTNWfX37/ounBDBahoo8fDob90zFvdTbY6Adyh/amZkbrPB2XLDuuFjsMTqU7ZjY84PteuR2kE48ROzHRyBKv6ECOLZarsinrs2ymQkayaBHPwQd4NsQkmjIn+U80As4G9/HgnJ+g8pCq6tUepdw6m9umgA1WFFXHcRUZtybeFBFWDXhdPtwctM162X6k8CDvUiWv93ijPMbbeU7/MJxP8nrvps7G8CZdofQH8ZiQs10i6fBE11Ew4=,iv:4Q6Nl6mogqHMhlvCppV6hcV2/uXTU/kZi/zvJKOuxYc=,tag:de9gsEpzeSW9u5+Sgm1M0Q==,type:str]
whatsapp.yaml: ENC[AES256_GCM,data:7c2mmpzaDXWlcd+DwPi8mOBeyNMXewsEmIfKIzKPtgmyKUXxTKf0ryvEwIv1hccGPalCs2xZC8rzphUqQbIgow+xgRLn9rOrAXdnZMqJvNx7HWSkq07PPJKN51wvMI24hLQXBKSocZR8MTG0cKqh6V/lUuxv/9lzpH4G5Tn6tADojfaV8B34STe8+ZnoP3+oVkEJYd85fpG10BVyJ7hj0tT3LjwhZnnRUtZ9XzFtZrQZPsXyL+XxkFfSwWn4oFRoqS6lQyS8HiUeaBR8BiA71+Bus6W/MqTFAM9+aQYzB9YHZziEnFAAUcj76khMEqS2XniQunYtGD6isaI6lMpgefarJZirbK5jQsU0RkKNx2VJFOwKMhsPHYNY2E0CzvOuDD4bh3hx4G0oL6xMA1F6rtSa5t6MuuJlLUPQIAITNXhOi8YuS1wQ/7dUmlWR4QEhtLLjJBNTillZm2gecrmBmxmmQDNF8UHe4wlce19A732XiUBs39D4UgQZom99NulfEvWQc9ZmgWPNk9b/OBt0RyjSfagEySPD9wOPYCyLueCrrw2qv7XlEsBGYD5MbRun3jsTeVntgXhsAAipZ/R8YSUUD1/3qCA9lxaHxuLguKN6nZvHcRYTxlXMiqRpmDp0XdjGO8ZjlluyJmv97IOwvS1z7cE=,iv:rGVcLY1MGNzqgXwuSacCuJGg3sBMa3vyLsBT0+EgBT8=,tag:hMFU/o9Gt4eh9Qu2eXybiA==,type:str]
doublepuppet.yaml: ENC[AES256_GCM,data:7EpOPC6vGhSdY08HR6VLtnKlQnqYRyH2ECdbjV14WdPkEYKJIN8wTr6erNMHGcw0P6XC3YZNVur/MpP1nadvGUBguIIkmnkfCLnD8usoJWRG5f+kpzfn2DtTHZ01S1/pdKUsZ+gLw29IK11KJZp2P3bALeHiuhB97QH4lwSwUbSx921LrQV5OZ+lo7GuSVXMsPhewqGu4YeSumyouN7763J5HDcA3eRAJyatxe6wRbUs5gPWHbEOYUPJgTbkc+F63rhAaBvPVaJKdIijWC4M7aByP9FTZeyzrFuwCCmjCbJacaa3e6dYjW+qqg==,iv:YNtupHWmydh6iHTlwfJeixvyA6C2GtDtQ8fngQhBf/I=,tag:qSfKhAtEdiPUbGBs8gafow==,type:str]
hydra:
cache-key: ENC[AES256_GCM,data:CLCu9BTtbIFQ3epWbJYwnj+q7Gnxe/Gs8a53pxiEFObVp9EKMMArNHsvGBIBnuBG4vU6muRw/3EhF3LwDgT/YqVaI7KFKYn0myiTviSQ1hBcWHvTdWnbrlrB0kplBcv4oQ==,iv:kw2me7DIkeq4p+vmgl/bH6yvs6Bn2ifJDh56UT5XkaM=,tag:0ZQITx1NyQ67nyuTM6anCw==,type:str]
gitea_token: ENC[AES256_GCM,data:dEXglNtESY30IOKEmTamv8Ce5w63D5T4AJWJBO4XNC2iv9/me5zOuw==,iv:DYjWgu0oQMmMmTFiULcn2ZTV8bKVGR8bouItsNYL9/4=,tag:+/G9dzBaQ130r66PQYVxzA==,type:str]
@ -57,8 +59,8 @@ sops:
Kytvc1lyRHRrRXRjaEV0V3ZDcUgzVVkKkqr0FcWUCkTYLIXJKuY5/LJX1odVaF4s
P2BLyjXj81078QjKwTyXskFV36uWM70LoVfkxBRTMZO/4O+BCwRpkg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-06T11:49:06Z"
mac: ENC[AES256_GCM,data:IH4QwCM9ieZeJ46w5LbKVDiCxueFDqriR8mFjcSXDFt11l2kpROtDzkORCk3WwTmtNl6mXa6hntJ4ZmkSvMwaGah4oI/VnXe5s6PZ/dIa8ZeYmWx3M2bUg0kTA7c6fVcXsQ2qmye2hF0QCZlXSwcqWQTPpodruMiw9/e3IInZHk=,iv:9gpbdREasNv2914WvlJRkbh1KkPo7gmQILUMaV54gd8=,tag:B5ePK5cf7QpgbYmATLRBDQ==,type:str]
lastmodified: "2024-06-25T07:41:49Z"
mac: ENC[AES256_GCM,data:ct+TcTzTZ3cAK8XIypBFdmlDtadUeN3b8jVSpre8aZ4YHiEibY3jp55EG3qOvi26bClGkfaWn7Jw/QmUjs530s7830HK2YzOY7FaMRFS9hcvoM9AuHnI7tIoaeaeIYZfsciIkVAZ0Cj0gXlQHE5UFbdIMV2GnCO4EsmaDPDR5mI=,iv:n9N01RZ7ovXwTyyCvaAt/x8AL7QXH9iu+/uU7qPltSE=,tag:rN85ZJNzOuC7tuFQw4fhug==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View file

@ -24,7 +24,6 @@ services:
matrix-media-repo:
access-key-id: ENC[AES256_GCM,data:qFc3bua0z3cCydNwoM0hA9T3zbI=,iv:zox8zBO7p+CpyHUbXt1WIbsXVtJd16L5UHRS2HAGLpU=,tag:Rv/F8TmcLm9gIz8YMrZlCQ==,type:str]
secret-access-key: ENC[AES256_GCM,data:DiQmiDXGkSe1oFUrv1oDAAp0P5keo84BXMusSIGaRmeMNw2/cKy0tA==,iv:nEhRuPBgYY7/mHJwB86qzuZ9bgJBX3f5PJU+VdIRAuk=,tag:laAam0N7/0e8I7J/BiiNpg==,type:str]
matrix-token: ENC[AES256_GCM,data:pY+qeZY087urzwoYmA6lKc7j4HzsXswG6bkS7uSxFHXhRcoClTB2,iv:9+8uM07QeYBDWZFthMn2NqBBvIYrbkCuXzvieA6eGMQ=,tag:/kXekfgLG+iJZD6Dz7sQOQ==,type:str]
hydra:
gitea_token: ENC[AES256_GCM,data:NkEXwLbofK2QnWrUuxY5QvUkYPWzY7Brsgl9FvV5Me0J5mWuHUc0Dg==,iv:UhA4JUKV/+D5lOTAx3fC+rsr61lYQJRioSyKQ3s1e0Y=,tag:E/HB2S90o7dLmeWBLsOP9w==,type:str]
gitea: ENC[AES256_GCM,data:J614G1lGr+XLRDrXoQtMHDFKrweRHWX5cvB6h4mOV63lRJEKB8c3/w==,iv:+no/ER8Ef5vsdBBT/evfguTwj3nc6aFFcOS16USEqgQ=,tag:LjNY9bRPCu5qM4ngowAlmA==,type:str]
@ -88,8 +87,8 @@ sops:
M0tUV1E2dndCTXRsOVJBU2ZNVHRFS2MKhBezoPFc0mdXassxViUfsmFTQCVbP1Js
bEpByfdW69GUCjR0HmcjF3NX/Cd5N5uivy+yLp3IrincHAz8LBIXyw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-06T08:54:33Z"
mac: ENC[AES256_GCM,data:H8sm4uNLWYHQNBaQr6/atrukO9UpD/4v0mnLmflKsuZXnQBeX5IcHfK/UTkOHrs3L32kf5NK71wBu91POQRjYb+Pa6MfBhjcb5WZFBIwLIYCeDSacLWZxl5yZ0aqFEaH9/GrhFHWgZTwzfuUlDbQI/tt4bs/R5GCMYa15GF7E48=,iv:sAQBKI7MKTtLLbHujx957+mRryYiawqZPwpWd8UPN4Y=,tag:RmPQ7zttzGruKvAb8TpC5w==,type:str]
lastmodified: "2024-06-25T06:52:54Z"
mac: ENC[AES256_GCM,data:FhxxJOAZNyaAOIj3cEiFnNgLZzc4AmY2N0lI338zqy3rStYvJACu7aGXRtuUjZnij7MyZmvPgBk+wPRvyiup44FJp/aPuUuVK8nOLkoLPvZH+8gZqS4NxOCaJcKXFKgJVVfbKa417oEwRN8jbb6ocIq/RYhycKECTFiGw7eLrM4=,iv:LJUJH01z16yyrm7u/dvpgKo4g7vmYVFNKDD9aSjLz4g=,tag:DkPXQgRiisL6EwUUD3ArMw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View file

@ -144,7 +144,7 @@ with dns.lib.combinators; let
SOA = {
nameServer = "ns1.chir.rs.";
adminEmail = "lotte@chir.rs";
serial = 51;
serial = 52;
};
NS = [
"ns1.chir.rs."
@ -248,7 +248,6 @@ with dns.lib.combinators; let
status = createZone oracleBase;
sliding-sync = createZone oracleBase;
weblate = createFullZone {};
keycloak = createFullZone {};
int =
delegateTo [

View file

@ -15,7 +15,7 @@ in {
SOA = {
nameServer = "ns1.chir.rs.";
adminEmail = "lotte@chir.rs";
serial = 35;
serial = 36;
};
NS = [
"ns1.chir.rs."
@ -239,8 +239,6 @@ in {
mautrix-whatsapp.CNAME = [(ttl zoneTTL (cname "nas"))];
weblate.CNAME = [(ttl zoneTTL (cname "nas"))];
jellyfin.CNAME = [(ttl zoneTTL (cname "nas"))];
keycloak.CNAME = [(ttl zoneTTL (cname "nas"))];
keycloak-admin.CNAME = [(ttl zoneTTL (cname "nas"))];
_acme-challenge = delegateTo [
"ns1.chir.rs."
"ns2.chir.rs."