diff --git a/config/domains/sea.fudo.org.nix b/config/domains/sea.fudo.org.nix index e07bd19..180dcb4 100644 --- a/config/domains/sea.fudo.org.nix +++ b/config/domains/sea.fudo.org.nix @@ -1,14 +1,13 @@ { config, lib, pkgs, ... }: -let - fudo = config.fudo.domains."fudo.org"; +let fudo = config.fudo.domains."fudo.org"; in { config.fudo.domains."sea.fudo.org" = { local-networks = fudo.local-networks; - gssapi-realm = fudo.gssapi-realm; - kerberos-master = fudo.kerberos-master; - kerberos-slaves = fudo.kerberos-slaves; + # gssapi-realm = fudo.gssapi-realm; + # kerberos-master = fudo.kerberos-master; + # kerberos-slaves = fudo.kerberos-slaves; primary-mailserver = fudo.primary-mailserver; diff --git a/config/hardware/jazz.nix b/config/hardware/jazz.nix new file mode 100644 index 0000000..72acb79 --- /dev/null +++ b/config/hardware/jazz.nix @@ -0,0 +1,75 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot = { + initrd = { + availableKernelModules = + [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + }; + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; + }; + + fileSystems = { + "/" = { + device = "jazz-root"; + fsType = "tmpfs"; + options = [ "mode=755" "noexec" ]; + }; + + "/boot" = { + device = "/dev/disk/by-label/JAZZ-BOOT"; + fsType = "vfat"; + options = [ "noatime" "noexec" ]; + }; + + "/nix" = { + device = "/dev/disk/by-label/jazz-data"; + fsType = "btrfs"; + options = [ "subvol=@nix" "noatime" "compress=zstd" ]; + }; + + "/state" = { + device = "/dev/disk/by-label/jazz-data"; + fsType = "btrfs"; + options = [ "subvol=@state" "noatime" "compress=zstd" ]; + }; + + "/home" = { + device = "/dev/disk/by-label/jazz-data"; + fsType = "btrfs"; + options = [ "subvol=@home" "noatime" "compress=zstd" ]; + }; + + "/var/log" = { + device = "/dev/disk/by-label/jazz-data"; + fsType = "btrfs"; + options = [ "subvol=@log" "noatime" "compress=zstd" "noexec" ]; + }; + }; + + swapDevices = [{ device = "/dev/disk/by-label/jazz-swap"; }]; + + hardware = { + enableAllFirmware = true; + cpu.amd.updateMicrocode = true; + }; + + networking = { + useDHCP = false; + macvlans = { + intif0 = { + interface = "enp5s0"; + mode = "bridge"; + }; + }; + interfaces.intif0.macAddress = "02:57:9a:a4:10:d3"; + }; +} diff --git a/config/hardware/lambda.nix b/config/hardware/lambda.nix index 2639a3e..e8cbb58 100644 --- a/config/hardware/lambda.nix +++ b/config/hardware/lambda.nix @@ -1,85 +1,98 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, modulesPath, ... }: with lib; -let +let generateMac = pkgs.lib.network.generate-mac-address; in { - system.stateVersion = "21.05"; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot = { - initrd = { - availableKernelModules = [ - "uhci_hcd" - "ehci_pci" - "ata_piix" - "hpsa" - "usb_storage" - "usbhid" - "sd_mod" - "sr_mod" - ]; - kernelModules = [ ]; - }; + config = { - kernelModules = [ "kvm-intel" ]; - supportedFilesystems = [ "zfs" ]; + system.stateVersion = "22.05"; - loader.grub = { - enable = true; - version = 2; - device = "/dev/disk/by-id/wwn-0x600508b1001cecf6b880f591f9b18b29"; - }; - }; + boot = { + initrd = { + luks.devices.lambda-unlocked = { + device = "/dev/disk/by-uuid/e90c9dda-4e4c-4ca1-8897-39fcebc03479"; + allowDiscards = true; + }; - fileSystems = { - "/boot" = { - device = "/dev/disk/by-label/lambda-boot"; - fsType = "ext4"; - options = [ "noexec" "noatime" "nodiratime" ]; - }; + availableKernelModules = [ + "uhci_hcd" + "ehci_pci" + "ata_piix" + "hpsa" + "usb_storage" + "usbhid" + "sd_mod" + "sr_mod" + ]; + kernelModules = [ "dm-snapshot" ]; + }; - "/" = { - device = "none"; - fsType = "tmpfs"; - options = [ "noexec" "mode=755" ]; - }; + kernelModules = [ "kvm-intel" ]; + kernelPackages = pkgs.linuxPackages_latest; - "/nix" = { - device = "lambda/transient/nix"; - fsType = "zfs"; - options = [ "noatime" "nodiratime" ]; - }; - - "/var/log" = { - device = "lambda/transient/logs"; - fsType = "zfs"; - neededForBoot = true; - options = [ "noexec" "noatime" "nodiratime" ]; - }; - - "/state" = { - device = "lambda/persistent/state"; - fsType = "zfs"; - options = [ "noexec" "noatime" "nodiratime" ]; - }; - }; - - swapDevices = [{ device = "/dev/disk/by-label/lambda-swap"; }]; - - nix.settings.max-jobs = lib.mkDefault 12; - - networking = { - macvlans = { - intif0 = { - interface = "enp3s0f1"; - mode = "bridge"; + loader.grub = { + enable = true; + version = 2; + device = "/dev/disk/by-id/scsi-3600508b1001c3be9174b4bdb31935121"; }; }; - interfaces = { - intif0 = { - # output of: echo lambda-intif0|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/' - macAddress = "02:f5:fe:8c:22:fe"; + fileSystems = { + "/" = { + device = "lambda-root"; + fsType = "tmpfs"; + options = [ "mode=755" "size=32G" "noexec" ]; + }; + "/boot" = { + device = "/dev/disk/by-label/lambda-boot"; + fsType = "ext4"; + options = [ "noatime" "noexec" ]; + }; + "/state" = { + device = "/dev/mapper/lambda-unlocked"; + fsType = "btrfs"; + options = [ "noatime" "compress=zstd" "noexec" "subvol=@state" ]; + }; + "/nix" = { + device = "/dev/mapper/lambda-unlocked"; + fsType = "btrfs"; + options = [ "noatime" "compress=zstd" "subvol=@nix" ]; + }; + "/home" = { + device = "/dev/mapper/lambda-unlocked"; + fsType = "btrfs"; + options = [ "noatime" "compress=zstd" "noexec" "subvol=@home" ]; + }; + "/var/log" = { + device = "/dev/mapper/lambda-unlocked"; + fsType = "btrfs"; + options = [ "noatime" "compress=zstd" "noexec" "subvol=@log" ]; + }; + }; + + swapDevices = [{ + device = "/dev/disk/by-id/scsi-3600508b1001c3be9174b4bdb31935121-part2"; + randomEncryption.enable = true; + }]; + + nix.settings.max-jobs = lib.mkDefault 24; + + networking = { + useDHCP = false; + macvlans = { + intif0 = { + interface = "enp4s0f1"; + mode = "bridge"; + }; + }; + + interfaces = { + intif0 = { + macAddress = generateMac config.instance.hostname "intif0"; + }; }; }; }; diff --git a/config/hardware/nostromo.nix b/config/hardware/nostromo.nix index f5313fb..77ab861 100644 --- a/config/hardware/nostromo.nix +++ b/config/hardware/nostromo.nix @@ -34,7 +34,7 @@ }; }; - nix.maxJobs = lib.mkDefault 24; + nix.settings.max-jobs = lib.mkDefault 24; hardware.bluetooth.enable = false; diff --git a/config/hardware/procul.nix b/config/hardware/procul.nix index f7f58e4..a2ef50a 100644 --- a/config/hardware/procul.nix +++ b/config/hardware/procul.nix @@ -35,7 +35,7 @@ swapDevices = [{ device = "/dev/disk/by-label/swap"; }]; - nix.maxJobs = lib.mkDefault 8; + nix.settings.max-jobs = lib.mkDefault 8; hardware.bluetooth.enable = false; diff --git a/config/hardware/toothless.nix b/config/hardware/toothless.nix new file mode 100644 index 0000000..2620014 --- /dev/null +++ b/config/hardware/toothless.nix @@ -0,0 +1,75 @@ +{ config, lib, pkgs, ... }: + +{ + system.stateVersion = "22.05"; + + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + initrd = { + availableKernelModules = + [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; + }; + + fileSystems = { + "/" = { + device = "toothless-root"; + fsType = "tmpfs"; + options = [ "mode=755" "noexec" ]; + }; + + "/boot" = { + device = "/dev/disk/by-label/TOOTH-BOOT"; + fsType = "vfat"; + options = [ "noatime" "noexec" ]; + }; + + "/nix" = { + device = "/dev/disk/by-label/toothless-data"; + fsType = "btrfs"; + options = [ "subvol=@nix" "noatime" "compress=zstd" ]; + }; + + "/state" = { + device = "/dev/disk/by-label/toothless-data"; + fsType = "btrfs"; + options = [ "subvol=@state" "noatime" "compress=zstd" "noexec" ]; + }; + + "/home" = { + device = "/dev/disk/by-label/toothless-data"; + fsType = "btrfs"; + options = [ "subvol=@home" "noatime" "compress=zstd" "noexec" ]; + }; + + "/var/log" = { + device = "/dev/disk/by-label/toothless-data"; + fsType = "btrfs"; + options = [ "subvol=@log" "noatime" "compress=zstd" "noexec" ]; + }; + }; + + swapDevices = [{ device = "/dev/disk/by-label/toothless-swap"; }]; + + hardware = { + enableAllFirmware = true; + cpu.amd.updateMicrocode = true; + }; + + networking = { + useDHCP = false; + macvlans = { + intif0 = { + interface = "enp42s0"; + mode = "bridge"; + }; + }; + interfaces.intif0.macAddress = "02:ee:76:17:99:ed"; + }; +} diff --git a/config/host-config/jazz.nix b/config/host-config/jazz.nix new file mode 100644 index 0000000..92d17f0 --- /dev/null +++ b/config/host-config/jazz.nix @@ -0,0 +1,41 @@ +{ config, lib, pkgs, ... }: + +with lib; +let stateDir = "/state"; +in { + fudo = { wallfly.location = "family_room"; }; + + networking = { + interfaces.intif0.useDHCP = true; + firewall.enable = false; + }; + + systemd.tmpfiles.rules = [ + "L /etc/adjtime - - - - ${stateDir}/etc/adjtime" + "d ${stateDir}/lib/cups 755 root root - -" + "d ${stateDir}/lib/flatpak 755 root root - -" + ]; + + fileSystems = { + "/var/lib/cups" = { + device = "${stateDir}/lib/cups"; + options = [ "bind" ]; + }; + "/var/lib/flatpak" = { + device = "${stateDir}/lib/flatpak"; + options = [ "bind" ]; + }; + }; + + environment.etc = { + nixos.source = "/etc/nixos-live"; + NIXOS.source = "${stateDir}/etc/NIXOS"; + }; + + systemd.targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; + }; +} diff --git a/config/host-config/lambda.nix b/config/host-config/lambda.nix index c043239..9f49751 100644 --- a/config/host-config/lambda.nix +++ b/config/host-config/lambda.nix @@ -1,94 +1,72 @@ { config, lib, pkgs, ... }: -let - state-dir = "/state"; # This must be a string! - - generate-mac = pkgs.lib.network.generate-mac-address; +let primaryIp = "10.0.0.11"; in { - boot = { - loader.grub.copyKernels = true; - #kernelModules = [ "rpcsec_gss_krb5" ]; - }; + config = { + boot = { loader.grub.copyKernels = true; }; - networking = { - interfaces = { - enp3s0f0.useDHCP = false; - enp3s0f1.useDHCP = false; - enp4s0f0.useDHCP = false; - enp4s0f1.useDHCP = false; + networking = { + interfaces = { + enp3s0f0.useDHCP = false; + enp3s0f1.useDHCP = false; + enp4s0f0.useDHCP = false; + enp4s0f1.useDHCP = false; - intif0.useDHCP = true; - }; - }; + intif0 = { + useDHCP = false; + ipv4.addresses = [{ + address = primaryIp; + prefixLength = 16; + }]; + }; + }; - systemd.tmpfiles.rules = [ - "L /root/.gnupg - - - - ${state-dir}/user/root/gnupg" - "L /root/.ssh/id_rsa - - - - ${state-dir}/user/root/ssh/id_rsa" - "L /root/.ssh/id_rsa.pub - - - - ${state-dir}/user/root/ssh/id_rsa.pub" - "L /root/.ssh/known_hosts - - - - ${state-dir}/user/root/ssh/known_hosts" - ]; - - services.openssh.hostKeys = [ - { - path = "${state-dir}/ssh/ssh_host_rsa_key"; - type = "rsa"; - bits = 4096; - } - { - path = "${state-dir}/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - bits = 4096; - } - ]; - - environment.etc = { - "ssh/ssh_host_rsa_key" = { - source = "${state-dir}/ssh/ssh_host_rsa_key"; - user = "root"; - group = "root"; - mode = "0400"; - }; - "ssh/ssh_host_rsa_key.pub" = { - source = "${state-dir}/ssh/ssh_host_rsa_key.pub"; - user = "root"; - group = "root"; - mode = "0444"; - }; - "ssh/ssh_host_ed25519_key" = { - source = "${state-dir}/ssh/ssh_host_ed25519_key"; - user = "root"; - group = "root"; - mode = "0400"; - }; - "ssh/ssh_host_ed25519_key.pub" = { - source = "${state-dir}/ssh/ssh_host_ed25519_key.pub"; - user = "root"; - group = "root"; - mode = "0444"; - }; - nixos.source = "/etc/nixos-live"; - adjtime.source = "/state/host/adjtime"; - NIXOS.source = "/state/host/NIXOS"; - }; - - security.sudo.extraConfig = '' - # Due to rollback, sudo will lecture after every reboot - Defaults lecture = never - ''; - - fudo = { - secrets = { - secret-group = "fudo-secrets"; - secret-users = [ "niten" ]; - secret-paths = [ "/state/secrets" ]; + defaultGateway = { + address = "10.0.0.1"; + interface = "intif0"; + }; }; - minecraft-clj = { - enable = true; - state-directory = "/state/services/minecraft-clj"; - admins = [ "fudoniten" ]; - worlds = { REPLand = { allocated-memory = 16; }; }; + environment = { + etc = { + nixos.source = "/etc/nixos-live"; + NIXOS.source = "/state/host/NIXOS"; + }; + systemPackages = with pkgs; [ nixopsUnstable openssl ]; + }; + + security.sudo.extraConfig = '' + # Due to rollback, sudo will lecture after every reboot + Defaults lecture = never + ''; + + fudo = { + secrets = { + secret-group = "fudo-secrets"; + secret-users = [ "niten" ]; + secret-paths = [ "/secrets" ]; + }; + hosts.lambda.encrypted-filesystems.secrets = { + encrypted-device = + "/dev/disk/by-id/scsi-3600508b1001c2f439e343270a365a5bd-part1"; + key-path = "/state/secrets-key/key"; + filesystem-type = "btrfs"; + remove-key = false; + type = "luks2"; + mountpoints = { + "/secrets" = { + options = [ "noatime" "compress=zstd" ]; + group = "fudo-secrets"; + users = [ "niten" ]; + world-readable = false; + }; + }; + }; + }; + + systemd = { + tmpfiles.rules = [ "L /etc/adjtime - - - - /state/etc/adjtime" ]; }; }; } diff --git a/config/host-config/legatus.nix b/config/host-config/legatus.nix index 469fbb0..03329ef 100644 --- a/config/host-config/legatus.nix +++ b/config/host-config/legatus.nix @@ -55,8 +55,8 @@ in { ldap.state-directory = "/state/auth/ldap"; kerberos = { state-directory = "/state/auth/kerberos"; - master-key-file = host-secrets.heimdal-master-key.target-file; - ipropd-keytab = host-secrets.heimdal-ipropd-keytab.target-file; + # master-key-file = host-secrets.heimdal-master-key.target-file; + # ipropd-keytab = host-secrets.heimdal-ipropd-keytab.target-file; }; }; @@ -64,15 +64,17 @@ in { state-directory = "/state/services/chat"; external-interface = "extif0"; }; + + nexus.dns-server.listen-addresses = [ host-ipv4 ]; }; secrets.host-secrets.legatus = let files = config.fudo.secrets.files; in { - postgres-keytab = { - source-file = files.service-keytabs.procul.postgres; - target-file = "/srv/postgres/secure/postgres.keytab"; - user = "root"; - }; + # postgres-keytab = { + # source-file = files.service-keytabs.procul.postgres; + # target-file = "/srv/postgres/secure/postgres.keytab"; + # user = "root"; + # }; # gitea-database-password = { # source-file = files.service-passwords.procul.gitea-database; @@ -80,17 +82,17 @@ in { # user = config.fudo.git.user; # }; - heimdal-master-key = { - source-file = files.realm-master-keys."FUDO.ORG"; - target-file = "/run/heimdal/master-key"; - user = config.fudo.auth.kdc.user; - }; + # heimdal-master-key = { + # source-file = files.realm-master-keys."FUDO.ORG"; + # target-file = "/run/heimdal/master-key"; + # user = config.fudo.auth.kdc.user; + # }; - heimdal-ipropd-keytab = { - source-file = files.service-keytabs.legatus.ipropd; - target-file = "/run/heimdal/ipropd.keytab"; - user = config.fudo.auth.kdc.user; - }; + # heimdal-ipropd-keytab = { + # source-file = files.service-keytabs.legatus.ipropd; + # target-file = "/run/heimdal/ipropd.keytab"; + # user = config.fudo.auth.kdc.user; + # }; }; client.dns = { diff --git a/config/host-config/limina.nix b/config/host-config/limina.nix index 7b118af..bcabd3b 100644 --- a/config/host-config/limina.nix +++ b/config/host-config/limina.nix @@ -93,6 +93,8 @@ in { prometheus.state-directory = "/state/services/prometheus"; }; + auth.kerberos.state-directory = "/state/services/heimdal-kdc"; + # wireguard-gateway = { # enable = true; # network = "10.0.200.0/24"; diff --git a/config/host-config/nostromo.nix b/config/host-config/nostromo.nix index b8af206..fe2a6b4 100644 --- a/config/host-config/nostromo.nix +++ b/config/host-config/nostromo.nix @@ -21,12 +21,19 @@ in { firewall.enable = false; }; + environment.systemPackages = [ pkgs.kdcConvertDatabase ]; + # Hopefully this'll help with NFS... boot.kernelModules = [ "rpcsec_gss_krb5" ]; services = { murmur.enable = true; + # objectifier = { + # enable = true; + # listen-addresses = [ "0.0.0.0" ]; + # }; + nfs = { # See ../user-config.nix for the user@REALM -> user mapping server = { @@ -117,6 +124,8 @@ in { }; ldap.base-dn = "dc=fudo,dc=org"; }; + + auth.kerberos.state-directory = "/state/services/heimdal-kdc"; }; postgresql = { diff --git a/config/host-config/nostromo/minecraft.nix b/config/host-config/nostromo/minecraft.nix index e26af9e..cfc4a44 100644 --- a/config/host-config/nostromo/minecraft.nix +++ b/config/host-config/nostromo/minecraft.nix @@ -7,7 +7,7 @@ data-dir = "/state/minecraft/data"; world-name = "selbyland"; game-mode = "creative"; - difficulty = 0; + difficulty = 2; allow-cheats = true; allocated-memory = 14; }; diff --git a/config/host-config/nutboy3.nix b/config/host-config/nutboy3.nix index cda76d2..99717af 100644 --- a/config/host-config/nutboy3.nix +++ b/config/host-config/nutboy3.nix @@ -1,6 +1,6 @@ -{ config, lib, pkgs, ... }: +{ config, pkgs, ... }: -with lib; +with pkgs.lib; let hostname = "nutboy3"; host-fqdn = config.instance.host-fqdn; @@ -32,6 +32,8 @@ in { ]; config = { + boot.kernelModules = [ "veth" ]; + networking = { nameservers = [ "1.1.1.1" ]; defaultGateway = { @@ -65,24 +67,22 @@ in { secrets.host-secrets.${hostname} = let files = config.fudo.secrets.files; in { - heimdal-master-key = { - source-file = files.realm-master-keys."FUDO.ORG"; - target-file = "/run/heimdal/master-key"; - user = config.fudo.auth.kdc.user; - }; + # heimdal-master-key = { + # source-file = files.realm-master-keys."FUDO.ORG"; + # target-file = "/run/heimdal/master-key"; + # user = config.fudo.auth.kdc.user; + # }; ldap-keytab = { - source-file = files.service-keytabs.${hostname}.openldap; + # files.service-keytabs.${hostname}.openldap; + source-file = extractFudoKeytab { + realm = domain.gssapi-realm; + principals = [ "ldap/${host-fqdn}" ]; + }; target-file = "/run/openldap/ldap.keytab"; user = config.services.openldap.user; }; - postgresql-keytab = { - source-file = files.service-keytabs.nutboy3.postgres; - target-file = "/run/postgresql/postgres.keytab"; - user = postgresql-user; - }; - grafana-database-password = { source-file = grafana-database-passwd-file; target-file = "/run/metrics/grafana/db.passwd"; @@ -129,15 +129,17 @@ in { auth = { ldap.state-directory = "/state/auth/ldap"; kerberos = { - state-directory = "/state/auth/kerberos"; - master-key-file = host-secrets.heimdal-master-key.target-file; + state-directory = "/state/services/heimdal-kdc"; + # master-key-file = host-secrets.heimdal-master-key.target-file; }; }; postgresql = { state-directory = "/state/services/postgresql"; - keytab = - config.fudo.secrets.files.service-keytabs.${hostname}.postgres; + keytab = extractFudoKeytab { + realm = domain.gssapi-realm; + principals = [ "postgres/${host-fqdn}" ]; + }; }; metrics = { diff --git a/config/host-config/nutboy3/cashew.nix b/config/host-config/nutboy3/cashew.nix index dbf2f4c..ad90ad5 100644 --- a/config/host-config/nutboy3/cashew.nix +++ b/config/host-config/nutboy3/cashew.nix @@ -6,19 +6,14 @@ let host-ipv4 = "199.87.154.175"; - local-packages = with pkgs; [ - bind - emacs-nox - mtr - vim - ]; + local-packages = with pkgs; [ bind emacs-nox mtr vim ]; - fudo-zone = pkgs.lib.dns.zoneToZonefile - config.instance.build-timestamp "fudo.org" + fudo-zone = + pkgs.lib.dns.zoneToZonefile config.instance.build-timestamp "fudo.org" config.fudo.zones."fudo.org"; - selby-zone = pkgs.lib.dns.zoneToZonefile - config.instance.build-timestamp "selby.ca" + selby-zone = + pkgs.lib.dns.zoneToZonefile config.instance.build-timestamp "selby.ca" config.fudo.zones."selby.ca"; in { @@ -36,12 +31,14 @@ in { { ipv4-address = "209.177.102.102"; ipv6-address = "2001:470:1f16:40::2"; - description = "Nameserver 2, Musashi.100percenthost.net, in Winnipeg, MB, CA"; + description = + "Nameserver 2, Musashi.100percenthost.net, in Winnipeg, MB, CA"; } { ipv4-address = "104.131.53.95"; ipv6-address = "2604:a880:800:10::8:7001"; - description = "Nameserver 3, ns2.henchmman21.net, in New York City, NY, US"; + description = + "Nameserver 3, ns2.henchmman21.net, in New York City, NY, US"; } { ipv4-address = "204.42.254.5"; @@ -52,12 +49,12 @@ in { }; "selby.ca" = { enable = true; - external-nameservers = map (n: let - i = toString n; - in { - authoritative-hostname = "ns${i}.fudo.org"; - description = "Nameserver ${i}, ns${i}.fudo.org."; - }) [2 3 4]; + external-nameservers = map (n: + let i = toString n; + in { + authoritative-hostname = "ns${i}.fudo.org"; + description = "Nameserver ${i}, ns${i}.fudo.org."; + }) [ 2 3 4 ]; }; }; @@ -82,9 +79,7 @@ in { "rspamd._metrics._tcp IN SRV 0 0 443 mail.fudo.org." ]; }; - "selby.ca" = { - default-host = host-ipv4; - }; + "selby.ca" = { default-host = host-ipv4; }; }; }; @@ -117,17 +112,15 @@ in { interfaces = [ "eno2" ]; config = { config, ... }: { + boot.kernelModules = [ "veth" ]; + nixpkgs.pkgs = pkgs; environment = { systemPackages = local-packages; etc = { - "generated-zones/fudo.org" = { - text = fudo-zone; - }; - "generated-zones/selby.ca" = { - text = selby-zone; - }; + "generated-zones/fudo.org" = { text = fudo-zone; }; + "generated-zones/selby.ca" = { text = selby-zone; }; }; }; @@ -144,17 +137,8 @@ in { ]; }; groups = { - wheel.members = [ - "niten" - "reaper" - ]; - dns = { - members = [ - "niten" - "reaper" - "named" - ]; - }; + wheel.members = [ "niten" "reaper" ]; + dns = { members = [ "niten" "reaper" "named" ]; }; }; }; diff --git a/config/host-config/procul.nix b/config/host-config/procul.nix index 0865c8f..0204bd6 100644 --- a/config/host-config/procul.nix +++ b/config/host-config/procul.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with lib; +with pkgs.lib; let hostname = "procul"; @@ -58,16 +58,14 @@ in { networking.firewall.allowedTCPPorts = [ 80 443 ]; - security.acme.email = "viator@informis.land"; + security.acme.defaults.email = "viator@informis.land"; users = { - users = { - gituser = { - isSystemUser = true; - group = "nogroup"; - }; + users.gituser = { + isSystemUser = true; + group = "nogroup"; }; - groups = { acme = { members = [ "nginx" ]; }; }; + groups.acme.members = [ "nginx" ]; }; informis = { @@ -154,11 +152,11 @@ in { user = config.services.postgresql.superUser; }; - heimdal-master-key = { - source-file = files.realm-master-keys."INFORMIS.LAND"; - target-file = "/run/heimdal/master-key"; - user = config.fudo.auth.kdc.user; - }; + # heimdal-master-key = { + # source-file = files.realm-master-keys."INFORMIS.LAND"; + # target-file = "/run/heimdal/master-key"; + # user = config.fudo.auth.kdc.user; + # }; chute-staging-credentials = { source-file = files.service-secrets.procul."chute-staging.env"; @@ -260,7 +258,11 @@ in { }; postgresql = { state-directory = "/state/services/postgresql"; - keytab = config.fudo.secrets.files.service-keytabs.procul.postgres; + keytab = extractFudoHostKeytab { + inherit hostname; + realm = domain.gssapi-realm; + services = [ "postgres" ]; + }; }; logging.loki.state-directory = "/state/services/loki"; metrics = { diff --git a/config/host-config/spark.nix b/config/host-config/spark.nix index 56e1fed..408ee22 100644 --- a/config/host-config/spark.nix +++ b/config/host-config/spark.nix @@ -1,6 +1,8 @@ { config, lib, pkgs, ... }: -with lib; { +with lib; +let state-dir = "/state"; +in { fudo = { slynk.enable = true; wallfly.location = "office"; @@ -16,6 +18,15 @@ with lib; { fcitx5.addons = with pkgs; [ fcitx5-chinese-addons fcitx5-rime ]; }; + systemd.tmpfiles.rules = [ "d ${state-dir}/lib/cups 755 root root - -" ]; + + fileSystems = { + "/var/lib/cups" = { + device = "${state-dir}/lib/cups"; + options = [ "bind" ]; + }; + }; + # fudo.adguard-dns-proxy = { # enable = true; # http.listen-ip = "10.0.0.108"; diff --git a/config/host-config/system3.nix b/config/host-config/system3.nix index 6ce11d6..c38cb9b 100644 --- a/config/host-config/system3.nix +++ b/config/host-config/system3.nix @@ -20,6 +20,7 @@ in { "L /root/.ssh/known_hosts - - - - ${state-dir}/user/root/ssh/known_hosts" "L /var/lib/flatpak - - - - ${state-dir}/lib/flatpak" "L /etc/adjtime - - - - ${state-dir}/etc/adjtime" + "d ${state-dir}/lib/cups 755 root root - -" ]; services = { @@ -38,6 +39,13 @@ in { ]; }; + fileSystems = { + "/var/lib/cups" = { + device = "${state-dir}/lib/cups"; + options = [ "bind" ]; + }; + }; + environment.etc = { nixos.source = "/etc/nixos-live"; NIXOS.source = "${state-dir}/etc/NIXOS"; diff --git a/config/host-config/toothless.nix b/config/host-config/toothless.nix new file mode 100644 index 0000000..3cc5089 --- /dev/null +++ b/config/host-config/toothless.nix @@ -0,0 +1,55 @@ +{ config, lib, pkgs, ... }: + +let + stateDir = "/state"; + primaryIp = "10.0.0.12"; + generateMac = pkgs.lib.network.generate-mac-address; +in { + networking = { + useDHCP = false; + defaultGateway = { + address = "10.0.0.1"; + interface = "intif0"; + }; + interfaces.intif0 = { + ipv4.addresses = [{ + address = primaryIp; + prefixLength = 16; + }]; + }; + }; + + security.sudo.extraConfig = '' + # Due to rollback, sudo will lecture after every reboot + Defaults lecture = never + ''; + + fudo = { + minecraft-clj = { + enable = true; + state-directory = "/state/services/minecraft-clj"; + admins = [ "fudoniten" ]; + worlds = { + REPLand = { allocated-memory = 8; }; + wof = { + world-name = "WorldOfFun"; + world-seed = 2059666523504992; + port = 25567; + difficulty = "medium"; + game-mode = "survival"; + motd = "Welcome to the World of Fun!"; + allow-cheats = true; + allocated-memory = 16; + pvp = false; + }; + }; + }; + }; + + systemd.targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; + }; +} diff --git a/config/host-config/wormhole0.nix b/config/host-config/wormhole0.nix index b40e54d..2519bc3 100644 --- a/config/host-config/wormhole0.nix +++ b/config/host-config/wormhole0.nix @@ -6,13 +6,10 @@ let primary-ip = "10.0.0.3"; state-dir = "/state"; zigbee2mqtt-statedir = "${state-dir}/services/zigbee2mqtt"; - mosquitto-statedir = "${state-dir}/services/mosquitto"; home-assistant-port = 8123; zigbee2mqtt-user = config.systemd.services.zigbee2mqtt.serviceConfig.User; - mosquitto-user = config.systemd.services.mosquitto.serviceConfig.User; - zigbee2mqtt-passwd-file = pkgs.lib.passwd.stablerandom-passwd-file "zigbee2mqtt-passwd" config.instance.build-seed; @@ -54,31 +51,21 @@ in { dhcpcd.extraConfig = concatStringsSep "\n" [ "nogateway" ]; }; - fudo.secrets.host-secrets.${hostname} = { - mosquitto-zigbee2mqtt-passwd = { - source-file = zigbee2mqtt-passwd-file; - target-file = "/run/mosquitto-secrets/zigbee2mqtt.passwd"; - user = mosquitto-user; - }; - mosquitto-home-assistant-passwd = { - source-file = host-passwds.mosquitto-home-assistant; - target-file = "/run/mosquitto-secrets/home-assistant.passwd"; - user = mosquitto-user; - }; - mosquitto-niten-passwd = { - source-file = host-passwds.mosquitto-niten; - target-file = "/run/mosquitto-secrets/niten.passwd"; - user = mosquitto-user; - }; - mosquitto-xiaoxuan-passwd = { - source-file = host-passwds.mosquitto-xiaoxuan; - target-file = "/run/mosquitto-secrets/xiaoxuan.passwd"; - user = mosquitto-user; - }; - mosquitto-wallfly-passwd = { - source-file = host-passwds.mosquitto-wallfly; - target-file = "/run/mosquitto-secrets/wallfly.passwd"; - user = mosquitto-user; + fudo.services.mqtt = { + enable = true; + state-directory = "${state-dir}/services/mosquitto"; + private = { + enable = true; + users = { + zigbee2mqtt = { + password-file = zigbee2mqtt-passwd-file; + acl = [ "readwrite #" ]; + }; + home-assistant = { + password-file = host-passwds.mosquitto-home-assistant; + acl = [ "readwrite #" ]; + }; + }; }; }; @@ -95,15 +82,6 @@ in { RemainAfterExit = true; }; }; - - zigbee2mqtt = { - after = [ config.fudo.secrets.secret-target "mosquitto.service" ]; - restartIfChanged = true; - }; - mosquitto = { - after = [ config.fudo.secrets.secret-target ]; - restartIfChanged = true; - }; }; tmpfiles.rules = [ @@ -114,7 +92,6 @@ in { "L /etc/adjtime - - - - ${state-dir}/etc/adjtime" "d /state/services 0711 root root - -" "d ${zigbee2mqtt-statedir} 0700 ${zigbee2mqtt-user} - - -" - "d ${mosquitto-statedir} 0700 ${mosquitto-user} - - -" ]; }; @@ -149,39 +126,39 @@ in { }; }; - mosquitto = { - enable = true; - dataDir = mosquitto-statedir; - listeners = [{ - settings.allow_anonymous = false; - port = 1883; - address = "0.0.0.0"; - users = { - zigbee2mqtt = { - passwordFile = - host-secrets.mosquitto-zigbee2mqtt-passwd.target-file; - acl = [ "readwrite #" ]; - }; - home-assistant = { - passwordFile = - host-secrets.mosquitto-home-assistant-passwd.target-file; - acl = [ "readwrite #" ]; - }; - # niten = { - # passwordFile = host-secrets.mosquitto-niten-passwd.target-file; - # acl = [ "readwrite #" ]; - # }; - # xiaoxuan = { - # passwordFile = host-secrets.mosquitto-xiaoxuan-passwd.target-file; - # acl = [ "readwrite #" ]; - # }; - # wallfly = { - # passwordFile = host-secrets.mosquitto-wallfly-passwd.target-file; - # acl = [ "readwrite homeassistant/binary_sensor/#" ]; - # }; - }; - }]; - }; + # mosquitto = { + # enable = true; + # dataDir = mosquitto-statedir; + # listeners = [{ + # settings.allow_anonymous = false; + # port = 1883; + # address = "0.0.0.0"; + # users = { + # zigbee2mqtt = { + # passwordFile = + # host-secrets.mosquitto-zigbee2mqtt-passwd.target-file; + # acl = [ "readwrite #" ]; + # }; + # home-assistant = { + # passwordFile = + # host-secrets.mosquitto-home-assistant-passwd.target-file; + # acl = [ "readwrite #" ]; + # }; + # niten = { + # passwordFile = host-secrets.mosquitto-niten-passwd.target-file; + # acl = [ "readwrite #" ]; + # }; + # # xiaoxuan = { + # # passwordFile = host-secrets.mosquitto-xiaoxuan-passwd.target-file; + # # acl = [ "readwrite #" ]; + # # }; + # # wallfly = { + # # passwordFile = host-secrets.mosquitto-wallfly-passwd.target-file; + # # acl = [ "readwrite homeassistant/binary_sensor/#" ]; + # # }; + # }; + # }]; + # }; zigbee2mqtt = { enable = true; @@ -191,8 +168,11 @@ in { homeassistant = true; permit_join = true; serial.port = "/dev/ttyUSB0"; - mqtt = { - server = "mqtt://127.0.0.1:1883"; + mqtt = let + mqttHost = config.fudo.services.mqtt.mqtt-hostname; + mqttPort = config.fudo.services.mqtt.private.port; + in { + server = "mqtt://${mqttHost}:${toString mqttPort}"; user = "zigbee2mqtt"; password = readFile zigbee2mqtt-passwd-file; # TODO: could make a yaml file containing password diff --git a/config/host-config/zbox.nix b/config/host-config/zbox.nix index cb88153..c351e9c 100644 --- a/config/host-config/zbox.nix +++ b/config/host-config/zbox.nix @@ -1,5 +1,6 @@ { config, lib, pkgs, ... }: +with lib; let state-dir = "/state"; in { config = { @@ -19,12 +20,20 @@ in { }; systemd.tmpfiles.rules = [ + "d ${state-dir}/lib/cups 755 root root - -" "d ${state-dir}/lib/flatpak 0755 root root - -" "d ${state-dir}/etc 0755 root root - -" "L /var/lib/flatpak - - - - ${state-dir}/lib/flatpak" "L /etc/adjtime - - - - ${state-dir}/etc/adjtime" ]; + fileSystems = { + "/var/lib/cups" = { + device = "${state-dir}/lib/cups"; + options = [ "bind" ]; + }; + }; + hardware = { bluetooth = { enable = true; @@ -32,5 +41,11 @@ in { }; xpadneo.enable = true; }; + + services.xserver = { + layout = "us"; + xkbVariant = mkForce ""; + xkbOptions = mkForce ""; + }; }; } diff --git a/config/profile-config/build/build-seed.nix b/config/profile-config/build/build-seed.nix index 50b7a99..7457b8d 100644 --- a/config/profile-config/build/build-seed.nix +++ b/config/profile-config/build/build-seed.nix @@ -1,10 +1,10 @@ { config, lib, pkgs, ... }: with lib; -let - has-secret-files = hasAttr "files" config.fudo.secrets; +let has-secret-files = hasAttr "files" config.fudo.secrets; in { config.instance = mkIf has-secret-files { + # TODO: This has a newline, I think... build-seed = builtins.readFile config.fudo.secrets.files.build-seed; }; } diff --git a/config/profile-config/common-ui.nix b/config/profile-config/common-ui.nix index ede1fa6..cc99e4e 100644 --- a/config/profile-config/common-ui.nix +++ b/config/profile-config/common-ui.nix @@ -106,4 +106,7 @@ in { }; in [ factorio ]; }; + + fudo.services.tattler.enable-notifications = + trace "${hostname}: ${toString enable-gui}" enable-gui; } diff --git a/config/profile-config/common.nix b/config/profile-config/common.nix index 4c4c9bc..64db72a 100644 --- a/config/profile-config/common.nix +++ b/config/profile-config/common.nix @@ -31,7 +31,7 @@ in { in concatMap nix-files import-paths; config = { - fudo.hosts.${hostname}.local-networks = [ "::1/128" ]; + fudo = { hosts.${hostname}.local-networks = [ "::1/128" ]; }; system.autoUpgrade.enable = false; @@ -49,28 +49,7 @@ in { nixpkgs.config.allowUnfree = true; - hardware.enableRedistributableFirmware = true; - - krb5 = { - enable = true; - - appdefaults = { - forwardable = true; - proxiable = true; - encrypt = true; - forward = true; - }; - - libdefaults = { - allow_weak_crypto = true; - dns_lookup_kdc = true; - dns_lookup_realm = true; - forwardable = true; - proxiable = true; - }; - - kerberos = pkgs.heimdal; - }; + hardware.enableAllFirmware = true; services = { openssh = { @@ -78,12 +57,12 @@ in { startWhenNeeded = true; useDns = true; permitRootLogin = "prohibit-password"; - extraConfig = '' - GSSAPIAuthentication yes - GSSAPICleanupCredentials yes - GSSAPIKeyExchange yes - GSSAPIStoreCredentialsOnRekey yes - ''; + # extraConfig = '' + # GSSAPIAuthentication yes + # GSSAPICleanupCredentials yes + # GSSAPIKeyExchange yes + # GSSAPIStoreCredentialsOnRekey yes + # ''; # FIXME: This is temporary! Getting error: Unsupported KEX algorithm "sntrup761x25519-sha512@openssh.com" kexAlgorithms = [ "curve25519-sha256" @@ -102,7 +81,7 @@ in { xserver = { layout = "us"; xkbVariant = "dvp"; - xkbOptions = ""; + xkbOptions = "ctrl:nocaps"; }; btrfs.autoScrub.enable = let @@ -111,7 +90,10 @@ in { in length btrfsFilesystems > 0; pcscd.enable = true; - udev.packages = with pkgs; [ yubikey-personalization ]; + udev = { + enable = true; + packages = with pkgs; [ yubikey-personalization ]; + }; }; networking.firewall = { @@ -139,16 +121,7 @@ in { # pinentryFlavor = if cfg.enable-gui then "gnome3" else "curses"; }; - ssh = { - startAgent = true; - - package = pkgs.openssh_gssapi; - - extraConfig = '' - GSSAPIAuthentication yes - GSSAPIDelegateCredentials yes - ''; - }; + ssh = { startAgent = true; }; }; security = { diff --git a/config/profile-config/host/kerberos.nix b/config/profile-config/host/kerberos.nix index fde557b..8acdb25 100644 --- a/config/profile-config/host/kerberos.nix +++ b/config/profile-config/host/kerberos.nix @@ -7,66 +7,83 @@ let try-attr = attr: set: if (hasAttr attr set) then set.${attr} else null; in { - config = mkIf has-secret-files - (let keytab-file = try-attr hostname config.fudo.secrets.files.host-keytabs; - in mkIf (keytab-file != null) { - ## This doesn't seem to work...timing? - # environment.etc."krb5.keytab" = mkIf (keytab-file != null) { - # source = - # config.fudo.secrets.host-secrets.${hostname}.host-keytab.target-file; - # user = "root"; - # group = "root"; - # mode = "0400"; - # }; + config = mkIf has-secret-files (let + keytab-file = + try-attr hostname config.fudo.secrets.files.kerberos.host-keytabs; + in mkIf (keytab-file != null) { + ## This doesn't seem to work...timing? + # environment.etc."krb5.keytab" = mkIf (keytab-file != null) { + # source = + # config.fudo.secrets.host-secrets.${hostname}.host-keytab.target-file; + # user = "root"; + # group = "root"; + # mode = "0400"; + # }; - systemd = let - host-keytab = - config.fudo.secrets.host-secrets.${hostname}.host-keytab.target-file; - in { - paths."${hostname}-keytab-watcher" = { - wantedBy = [ "default.target" ]; - description = "Watch host keytab for changes."; - pathConfig = { - PathChanged = host-keytab; - Unit = "${hostname}-keytab-watcher.service"; - }; - }; + krb5 = { + domain_realm = let + krbDoms = filterAttrs (_: domCfg: domCfg.gssapi-realm != null) + config.fudo.domains; + domClauses = dom: domCfg: [ + (nameValuePair dom domCfg.gssapi-realm) + (nameValuePair ".${dom}" domCfg.gssapi-realm) + ]; + concatMapAttrs = f: lst: + listToAttrs (concatMap (i: i) (mapAttrsToList f lst)); + in concatMapAttrs domClauses krbDoms; - services = { - "${hostname}-keytab-watcher" = { - description = - "When host keytab is available or changed, activate copy job."; - path = with pkgs; [ systemd ]; - serviceConfig = { Type = "oneshot"; }; - script = "systemctl restart ${hostname}-copy-keytab.service"; - }; + libdefaults.default_etypes = + "aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96"; + }; - "${hostname}-copy-keytab" = { - description = - "Copy the host krb5.keytab into place once it's available."; - serviceConfig = { - Type = "simple"; - RemainAfterExit = true; - ExecStart = pkgs.writeShellScript "${hostname}-copy-keytab.sh" '' - [ -f ${host-keytab} ] || exit 1 - [ -f /etc/krb5.keytab ] && rm /etc/krb5.keytab - cp ${host-keytab} /etc/krb5.keytab - chown root:root /etc/krb5.keytab - chmod 0400 /etc/krb5.keytab - ''; - ExecStop = pkgs.writeShellScript "${hostname}-remove-keytab.sh" '' - rm -f /etc/krb5.keytab - ''; - }; - }; + systemd = let + host-keytab = + config.fudo.secrets.host-secrets.${hostname}.host-keytab.target-file; + in { + paths."${hostname}-keytab-watcher" = { + wantedBy = [ "default.target" ]; + description = "Watch host keytab for changes."; + pathConfig = { + PathChanged = host-keytab; + Unit = "${hostname}-keytab-watcher.service"; }; }; - fudo.secrets.host-secrets.${hostname}.host-keytab = - mkIf (keytab-file != null) { - source-file = keytab-file; - target-file = "/run/kerberos/krb5.keytab"; - user = "root"; + services = { + "${hostname}-keytab-watcher" = { + description = + "When host keytab is available or changed, activate copy job."; + path = with pkgs; [ systemd ]; + serviceConfig = { Type = "oneshot"; }; + script = "systemctl restart ${hostname}-copy-keytab.service"; }; - }); + + "${hostname}-copy-keytab" = { + description = + "Copy the host krb5.keytab into place once it's available."; + serviceConfig = { + Type = "simple"; + RemainAfterExit = true; + ExecStart = pkgs.writeShellScript "${hostname}-copy-keytab.sh" '' + [ -f ${host-keytab} ] || exit 1 + [ -f /etc/krb5.keytab ] && rm /etc/krb5.keytab + cp ${host-keytab} /etc/krb5.keytab + chown root:root /etc/krb5.keytab + chmod 0400 /etc/krb5.keytab + ''; + ExecStop = pkgs.writeShellScript "${hostname}-remove-keytab.sh" '' + rm -f /etc/krb5.keytab + ''; + }; + }; + }; + }; + + fudo.secrets.host-secrets.${hostname}.host-keytab = + mkIf (keytab-file != null) { + source-file = keytab-file; + target-file = "/run/kerberos/krb5.keytab"; + user = "root"; + }; + }); } diff --git a/config/profile-config/host/ssh.nix b/config/profile-config/host/ssh.nix index 05f31a7..5c9c7b0 100644 --- a/config/profile-config/host/ssh.nix +++ b/config/profile-config/host/ssh.nix @@ -8,56 +8,54 @@ let has-secret-files = hasAttr "files" config.fudo.secrets; in { - config = mkIf has-secret-files - (let - host-keypairs = - if (hasAttr hostname config.fudo.secrets.files.host-ssh-keypairs) then - config.fudo.secrets.files.host-ssh-keypairs.${hostname} - else []; + config = mkIf has-secret-files (let + host-keypairs = + if (hasAttr hostname config.fudo.secrets.files.ssh.host-keypairs) then + config.fudo.secrets.files.ssh.host-keypairs.${hostname} + else + [ ]; + in { + fudo = let + sshfp-filename = host: keypair: + "ssh-${host}-${keypair.key-type}.sshfp-record"; + + dns-sshfp-records = host: keypair: + pkgs.stdenv.mkDerivation { + name = "${host}-sshfp-records"; + + phases = [ "installPhase" ]; + + buildInputs = with pkgs; [ openssh ]; + + installPhase = '' + ssh-keygen -r REMOVEME -f "${keypair.public-key}" | sed 's/^REMOVEME IN SSHFP //' > $out''; + }; + + host-cfg = config.fudo.hosts.${hostname}; in { - fudo = let - sshfp-filename = host: keypair: "ssh-${host}-${keypair.key-type}.sshfp-record"; + secrets.host-secrets.${hostname} = listToAttrs (map (keypair: + nameValuePair "host-${keypair.key-type}-private-key" { + source-file = keypair.private-key; + target-file = + "/run/openssh/private/host-${keypair.key-type}-private-key"; + user = "root"; + }) host-keypairs); - dns-sshfp-records = host: keypair: - pkgs.stdenv.mkDerivation { - name = "${host}-sshfp-records"; + hosts = mkIf (hasAttr "files" config.fudo.secrets) (mapAttrs + (hostname: keypairs: { + ssh-pubkeys = map (keypair: keypair.public-key) keypairs; + ssh-fingerprints = concatMap (keypair: + let fingerprint-derivation = dns-sshfp-records hostname keypair; + in read-lines "${fingerprint-derivation}") keypairs; + }) config.fudo.secrets.files.ssh.host-keypairs); + }; - phases = [ "installPhase" ]; - - buildInputs = with pkgs; [ openssh ]; - - installPhase = - "ssh-keygen -r REMOVEME -f \"${keypair.public-key}\" | sed 's/^REMOVEME IN SSHFP //' > $out"; - }; - - host-cfg = config.fudo.hosts.${hostname}; - in { - secrets.host-secrets.${hostname} = listToAttrs - (map - (keypair: nameValuePair "host-${keypair.key-type}-private-key" { - source-file = keypair.private-key; - target-file = "/run/openssh/private/host-${keypair.key-type}-private-key"; - user = "root"; - }) - host-keypairs); - - hosts = mkIf (hasAttr "files" config.fudo.secrets) - (mapAttrs (hostname: keypairs: { - ssh-pubkeys = map (keypair: keypair.public-key) keypairs; - ssh-fingerprints = concatMap (keypair: - let - fingerprint-derivation = dns-sshfp-records hostname keypair; - in read-lines "${fingerprint-derivation}") keypairs; - }) config.fudo.secrets.files.host-ssh-keypairs); - }; - - services.openssh.hostKeys = let - host-secrets = config.fudo.secrets.host-secrets.${hostname}; + services.openssh.hostKeys = + let host-secrets = config.fudo.secrets.host-secrets."${hostname}"; in map (keypair: { - path = - host-secrets."host-${keypair.key-type}-private-key".target-file; + path = host-secrets."host-${keypair.key-type}-private-key".target-file; type = keypair.key-type; }) host-keypairs; - }); + }); } diff --git a/config/service/backplane.nix b/config/service/backplane.nix index 7c481a1..d12a2bc 100644 --- a/config/service/backplane.nix +++ b/config/service/backplane.nix @@ -3,16 +3,16 @@ with lib; let hostname = config.instance.hostname; - domain-name = config.fudo.hosts.${hostname}.domain; - domain = config.fudo.domains.${domain-name}; - zone-name = config.fudo.domains.${domain-name}.zone; + domain-name = config.fudo.hosts."${hostname}".domain; + domain = config.fudo.domains."${domain-name}"; + zone-name = config.fudo.domains."${domain-name}".zone; - host-fqdn = hostname: "${hostname}.${config.fudo.hosts.${hostname}.domain}"; + host-fqdn = hostname: "${hostname}.${domain-name}"; postgresql-server = domain.postgresql-server; - isDatabase = hostname == postgresql-server; - isJabber = elem hostname domain.xmpp-servers; + isDatabaseServer = hostname == postgresql-server; + isJabberServer = elem hostname domain.xmpp-servers; isDNSBackplane = hostname == domain.backplane.dns-service; backplaneEnabled = domain.backplane != null; isNameserver = hostname == domain.backplane.nameserver; @@ -73,18 +73,18 @@ in { user = config.fudo.backplane.dns.user; }; - database-powerdns-passwd = mkIf isDatabase { + database-powerdns-passwd = mkIf isDatabaseServer { source-file = powerdns-password; target-file = "/run/postgres/powerdns.passwd"; user = config.services.postgresql.superUser; }; - database-backplane-passwd = mkIf isDatabase { + database-backplane-passwd = mkIf isDatabaseServer { source-file = backplane-database-password; target-file = "/run/postgres/backplane-database.passwd"; user = config.services.postgresql.superUser; }; - ejabberd-backplane-passwd = mkIf isJabber { + ejabberd-backplane-passwd = mkIf isJabberServer { source-file = xmpp-password; target-file = "/run/backplane-jabber/service-dns.passwd"; user = config.services.ejabberd.user; @@ -106,7 +106,7 @@ in { aliases = { backplane = "${backplane-host-fqdn}."; }; }; - postgresql = mkIf isDatabase { + postgresql = mkIf isDatabaseServer { required-services = [ "fudo-passwords.target" ]; users = { @@ -136,7 +136,7 @@ in { }; backplane = { - enable = isJabber; + enable = isJabberServer; client-hosts = mapAttrs (hostname: hostOpts: { password-file = host-password-files.${hostname}; diff --git a/config/service/dns.nix b/config/service/dns.nix index bb5583f..275caf9 100644 --- a/config/service/dns.nix +++ b/config/service/dns.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... } @ toplevel: +{ config, lib, pkgs, ... }@toplevel: with lib; let @@ -6,6 +6,18 @@ let cfg = config.fudo.services.dns; + host-secrets = config.fudo.secrets.host-secrets."${hostname}"; + + domain-name = config.instance.local-domain; + domain = config.fudo.domains.${domain-name}; + primary-nameserver = domain.primary-nameserver; + primary-nameserver-ip = pkgs.lib.network.host-ipv4 config primary-nameserver; + primary-nameserver-fqdn = "${primary-nameserver}.${domain-name}"; + + is-primary-nameserver = primary-nameserver == hostname; + + zoneKeySecret = zone: "${zone}-ksk"; + nameserverOpts = { name, ... }: { options = with types; { hostname = mkOption { @@ -39,166 +51,192 @@ let }; }; - zoneOpts = { name, ... }: let - zone-name = name; - in { - options = with types; { - enable = mkOption { - type = bool; - description = "Enable ${zone-name} zone on the local nameserver."; - default = zone-name == toplevel.config.instance.local-zone; - }; + zoneOpts = { name, ... }: + let zone-name = name; + in { + options = with types; { + enable = mkOption { + type = bool; + description = "Enable ${zone-name} zone on the local nameserver."; + default = zone-name == toplevel.config.instance.local-zone; + }; - default-host = mkOption { - type = nullOr str; - description = "IP which will respond to requests for the base domain."; - default = null; - }; + default-host = mkOption { + type = nullOr str; + description = + "IP which will respond to requests for the base domain."; + default = null; + }; - external-nameservers = mkOption { - type = listOf (submodule nameserverOpts); - description = "Off-network secondary nameservers."; - default = []; - }; + external-nameservers = mkOption { + type = listOf (submodule nameserverOpts); + description = "Off-network secondary nameservers."; + default = [ ]; + }; - domain = mkOption { - type = str; - description = "Domain which this zone serves."; - default = zone-name; + domain = mkOption { + type = str; + description = "Domain which this zone serves."; + default = zone-name; + }; + + ksk = mkOption { + type = nullOr (submodule { + options = { + private-key = mkOption { + type = path; + description = "KSK private key."; + }; + public-key = mkOption { + type = path; + description = "KSK public key."; + }; + ds = mkOption { + type = path; + description = "KSK ds record."; + }; + }; + }); + description = + "Location of the zone-signing private & public keys and DS record."; + default = + toplevel.config.fudo.secrets.files.dns.key-signing-keys."${zone-name}"; + }; }; }; - }; - - pthru = obj: - builtins.trace "TRACE: ${ obj }" obj; in { options.fudo.services.dns = with types; { zones = mkOption { type = attrsOf (submodule zoneOpts); description = "Map of served zone to extra zone details."; - default = {}; + default = { }; }; }; config.fudo = { - zones = mapAttrs (zone-name: zone-cfg: let - domain-name = zone-cfg.domain; - domain = config.fudo.domains.${domain-name}; + secrets.host-secrets."${hostname}" = mkIf is-primary-nameserver (mapAttrs' + (zone: zone-cfg: + nameValuePair (zoneKeySecret zone) { + source-file = zone-cfg.ksk.private-key; + target-file = "/run/nsd/${baseNameOf zone-cfg.ksk.private-key}"; + user = config.fudo.nsd.user; + }) cfg.zones); - make-srv-record = port: host: { - inherit port host; - }; + zones = mapAttrs (zone-name: zone-cfg: + let + domain-name = zone-cfg.domain; + domain = config.fudo.domains.${domain-name}; - served-domain = domain.primary-nameserver != null; + make-srv-record = port: host: { inherit port host; }; - primary-nameserver = domain.primary-nameserver; + served-domain = domain.primary-nameserver != null; - is-primary-nameserver = hostname == primary-nameserver; + primary-nameserver = domain.primary-nameserver; - internal-nameserver-hostnames = - [domain.primary-nameserver] ++ domain.secondary-nameservers; + is-primary-nameserver = hostname == primary-nameserver; - get-host-deets = description: hostname: { - ipv4-address = pkgs.lib.network.host-ipv4 config hostname; - ipv6-address = pkgs.lib.network.host-ipv6 config hostname; - description = description; - }; + internal-nameserver-hostnames = [ domain.primary-nameserver ] + ++ domain.secondary-nameservers; - get-ns-deets = hostname: let - host-domain = config.fudo.hosts.${hostname}.domain; - desc = "${domain-name} nameserver ${hostname}.${host-domain}."; - in get-host-deets desc hostname; + get-host-deets = description: hostname: { + ipv4-address = pkgs.lib.network.host-ipv4 config hostname; + ipv6-address = pkgs.lib.network.host-ipv6 config hostname; + description = description; + }; - nameserver-deets = let - internal-nameservers = map get-ns-deets internal-nameserver-hostnames; - in internal-nameservers ++ zone-cfg.external-nameservers; + get-ns-deets = hostname: + let + host-domain = config.fudo.hosts.${hostname}.domain; + desc = "${domain-name} nameserver ${hostname}.${host-domain}."; + in get-host-deets desc hostname; - has-auth-hostname = ns-host: ns-opts: - (hasAttr "authoritative-hostname" ns-opts) && - (ns-opts.authoritative-hostname != null); + nameserver-deets = let + internal-nameservers = map get-ns-deets internal-nameserver-hostnames; + in internal-nameservers ++ zone-cfg.external-nameservers; - all-nameservers = listToAttrs - (imap1 - (i: nsOpts: - nameValuePair "ns${toString i}" nsOpts) - nameserver-deets); + has-auth-hostname = ns-host: ns-opts: + (hasAttr "authoritative-hostname" ns-opts) + && (ns-opts.authoritative-hostname != null); - nameserver-aliases = - mapAttrs (hostname: opts: "${opts.authoritative-hostname}.") + all-nameservers = listToAttrs + (imap1 (i: nsOpts: nameValuePair "ns${toString i}" nsOpts) + nameserver-deets); + + nameserver-aliases = + mapAttrs (hostname: opts: "${opts.authoritative-hostname}.") (filterAttrs has-auth-hostname all-nameservers); - nameserver-hosts = mapAttrs (hostname: opts: { - inherit (opts) ipv4-address ipv6-address description; - }) (filterAttrs (hostname: opts: ! has-auth-hostname hostname opts) - all-nameservers); + nameserver-hosts = mapAttrs (hostname: opts: { + inherit (opts) ipv4-address ipv6-address description; + }) (filterAttrs (hostname: opts: !has-auth-hostname hostname opts) + all-nameservers); - dns-srv-records = let - nameserver-srv-records = mapAttrsToList - (hostname: hostOpts: let - target-host = if (has-auth-hostname hostname hostOpts) then - "${hostOpts.authoritative-hostname}" else + dns-srv-records = let + nameserver-srv-records = mapAttrsToList (hostname: hostOpts: + let + target-host = if (has-auth-hostname hostname hostOpts) then + "${hostOpts.authoritative-hostname}" + else "${hostname}.${domain-name}"; - in make-srv-record 53 target-host) - all-nameservers; - in { - tcp.domain = nameserver-srv-records; - udp.domain = nameserver-srv-records; - }; - - # TODO: move this to a mail service - mail-srv-records = optionalAttrs (domain.primary-mailserver != null) { - tcp = let - mailserver-domain = config.fudo.hosts.${domain.primary-mailserver}.domain; - fqdn = "mail.${mailserver-domain}"; + in make-srv-record 53 target-host) all-nameservers; in { - smtp = [(make-srv-record 25 fqdn)]; - submission = [(make-srv-record 587 fqdn)]; - imap = [(make-srv-record 143 fqdn)]; - imaps = [(make-srv-record 993 fqdn)]; - pop3 = [(make-srv-record 110 fqdn)]; - pop3s = [(make-srv-record 995 fqdn)]; + tcp.domain = nameserver-srv-records; + udp.domain = nameserver-srv-records; }; - }; - in { - gssapi-realm = domain.gssapi-realm; + # # TODO: move this to a mail service + # mail-srv-records = optionalAttrs (domain.primary-mailserver != null) { + # tcp = let + # mailserver-domain = + # config.fudo.hosts.${domain.primary-mailserver}.domain; + # fqdn = "mail.${mailserver-domain}"; + # in { + # smtp = [ (make-srv-record 25 fqdn) ]; + # submission = [ (make-srv-record 587 fqdn) ]; + # imap = [ (make-srv-record 143 fqdn) ]; + # imaps = [ (make-srv-record 993 fqdn) ]; + # pop3 = [ (make-srv-record 110 fqdn) ]; + # pop3s = [ (make-srv-record 995 fqdn) ]; + # }; + # }; - hosts = nameserver-hosts // { - mail = mkIf (domain.primary-nameserver != null) (let - mailserver-deets = host: let - host-domain = config.fudo.hosts.${host}.domain; - in get-host-deets "Primary ${domain-name} mailserver ${host}.${host-domain}." host; - in mailserver-deets domain.primary-nameserver); - }; + in { + gssapi-realm = domain.gssapi-realm; - aliases = nameserver-aliases; + hosts = nameserver-hosts // { + mail = mkIf (domain.primary-nameserver != null) (let + mailserver-deets = host: + let host-domain = config.fudo.hosts.${host}.domain; + in get-host-deets + "Primary ${domain-name} mailserver ${host}.${host-domain}." host; + in mailserver-deets domain.primary-nameserver); + }; - mx = optional (domain.primary-mailserver != null) - (let - mail-domain-name = config.fudo.hosts.${domain.primary-mailserver}.domain; - in "mail.${mail-domain-name}"); + aliases = nameserver-aliases; - dmarc-report-address = "dmarc-report@${domain-name}"; + mx = optional (domain.primary-mailserver != null) (let + mail-domain-name = + config.fudo.hosts.${domain.primary-mailserver}.domain; + in "mail.${mail-domain-name}"); - nameservers = let - direct-external = attrValues nameserver-aliases; - internal = map (hostname: "${hostname}.${domain-name}.") - (attrNames nameserver-hosts); - in internal ++ direct-external; + dmarc-report-address = "dmarc-report@${domain-name}"; - srv-records = dns-srv-records // mail-srv-records; - }) cfg.zones; + nameservers = let + direct-external = attrValues nameserver-aliases; + internal = map (hostname: "${hostname}.${domain-name}.") + (attrNames nameserver-hosts); + in internal ++ direct-external; - dns = let - domain-name = config.instance.local-domain; - domain = config.fudo.domains.${domain-name}; - primary-nameserver = domain.primary-nameserver; - primary-nameserver-ip = pkgs.lib.network.host-ipv4 config primary-nameserver; - primary-nameserver-fqdn = "${primary-nameserver}.${domain-name}"; + srv-records = dns-srv-records; # // mail-srv-records; - is-primary-nameserver = primary-nameserver == hostname; - in { + verbatim-dns-records = mkIf (zone-cfg.ksk != null) [ + (readFile zone-cfg.ksk.public-key) + (readFile zone-cfg.ksk.ds) + ]; + }) cfg.zones; + + dns = { enable = is-primary-nameserver; identity = "${hostname}.${domain-name}"; @@ -207,11 +245,11 @@ in { (pkgs.lib.network.host-ips config hostname); domains = mapAttrs' (zone-name: zone-cfg: - nameValuePair zone-cfg.domain - { - dnssec = true; - zone-definition = config.fudo.zones.${zone-name}; - }) cfg.zones; + nameValuePair zone-cfg.domain { + dnssec = zone-cfg.ksk != null; + ksk.key-file = host-secrets."${zoneKeySecret zone-name}".target-file; + zone-definition = config.fudo.zones.${zone-name}; + }) cfg.zones; }; }; } diff --git a/config/service/fudo-auth.nix b/config/service/fudo-auth.nix index 20a76af..1d2ca75 100644 --- a/config/service/fudo-auth.nix +++ b/config/service/fudo-auth.nix @@ -1,11 +1,13 @@ -{ config, lib, pkgs, ... }: +{ config, pkgs, ... }: -with lib; +with pkgs.lib; let hostname = config.instance.hostname; domain-name = config.fudo.services.auth.domain; domain = config.fudo.domains.${domain-name}; + realm = domain.gssapi-realm; + zone-name = domain.zone; ldap-server = elem hostname domain.ldap-servers; @@ -19,6 +21,11 @@ let cfg = config.fudo.services.auth; + host-secrets = config.fudo.secrets.host-secrets."${hostname}"; + + krb-user = config.fudo.auth.kerberos.user; + krb-group = config.fudo.auth.kerberos.group; + in { options.fudo.services.auth = with types; { domain = mkOption { @@ -30,20 +37,23 @@ in { ldap = { hostname = mkOption { type = str; - description = "Fully-qualified (and public-addressable) domain name of this host."; + description = + "Fully-qualified (and public-addressable) domain name of this host."; default = config.instance.host-fqdn; }; state-directory = mkOption { type = str; - description = "Directory at which to store peristent ldap-related data."; + description = + "Directory at which to store peristent ldap-related data."; }; }; kerberos = { hostname = mkOption { type = str; - description = "Fully-qualified (and public-addressable) domain name of this host."; + description = + "Fully-qualified (and public-addressable) domain name of this host."; default = config.instance.host-fqdn; }; @@ -56,15 +66,64 @@ in { type = str; description = "Path (on the build server) to the KDC master key file."; }; - - ipropd-keytab = mkOption { - type = nullOr str; - description = "ipropd keytab for kerberos database propagation."; - }; }; }; config = { + systemd = { + tmpfiles.rules = mkIf (kerberos-master || kerberos-slave) [ + "d ${cfg.kerberos.state-directory} 0700 ${krb-user} ${krb-group} - -" + ]; + + paths.heimdal-kdc-initialize = mkIf kerberos-master { + wantedBy = [ "heimdal-kdc.service" ]; + pathConfig = { + PathModified = host-secrets.kdc-principals.target-file; + }; + }; + + services = { + heimdal-kdc-initialize = mkIf (kerberos-master || kerberos-slave) { + requires = [ + host-secrets.kdc-principals.service + host-secrets.realm-master-key.service + ]; + description = "Initialize and update the Heimdal KDC database."; + path = with pkgs; [ kdcMergePrincipals coreutils ]; + serviceConfig = { + User = krb-user; + Group = krb-group; + ExecStart = let + db = config.fudo.auth.kerberos.kdc.database; + principals = host-secrets.kdc-principals.target-file; + master-key = host-secrets.realm-master-key.target-file; + init-db-cmd = concatStringsSep " " [ + "${pkgs.kdcMergePrincipals}/bin/kdc-merge-principals" + "--create" + "--database=${db}" + "--principals=${principals}" + "--key=${master-key}" + "--realm=${realm}" + "--verbose" + ]; + in pkgs.writeShellScript "heimdal-kdc-initialize.sh" '' + ${init-db-cmd} + chown ${krb-user}:${krb-group} ${db} + chmod 0700 ${db} + ''; + }; + }; + heimdal-kdc = mkIf kerberos-master { + requires = [ "heimdal-kdc-initialize.service" ]; + after = [ "heimdal-kdc-initialize.service" ]; + }; + heimdal-kdc-secondary = mkIf kerberos-slave { + requires = [ "heimdal-kdc-initialize.service" ]; + after = [ "heimdal-kdc-initialize.service" ]; + }; + }; + }; + fudo = { acme.host-domains.${hostname} = mkIf (ldap-server) { ${cfg.ldap.hostname}.local-copies.openldap = { @@ -73,52 +132,110 @@ in { }; }; - auth = { - ldap-server = mkIf (ldap-server) - (let - ldap-cert-copy = - config.fudo.acme.host-domains.${hostname}.${cfg.ldap.hostname}.local-copies.openldap; - in { - enable = ldap-server; - base = "dc=fudo,dc=org"; - organization = "Fudo"; - listen-uris = [ "ldap:///" "ldaps:///" ]; - required-services = [ ldap-cert-copy.service ]; + secrets.host-secrets."${hostname}" = let + realm-key = + config.fudo.secrets.files.kerberos.realm-master-keys."${realm}"; + in { + realm-master-key = mkIf (kerberos-master || kerberos-slave) { + source-file = realm-key; + target-file = "/run/kdc/realm.key"; + user = krb-user; + group = krb-group; + }; - # TODO: Maybe filter to Fudo-only? - users = config.fudo.users; - groups = config.fudo.groups; - system-users = config.fudo.system-users; - - state-directory = "${cfg.ldap.state-directory}"; - - ssl-chain = ldap-cert-copy.chain; - ssl-certificate = ldap-cert-copy.certificate; - ssl-private-key = ldap-cert-copy.private-key; - ssl-ca-certificate = "${pkgs.letsencrypt-ca}"; - }); - - kdc = mkIf (kerberos-master || kerberos-slave) { - enable = true; - realm = domain.gssapi-realm; - bind-addresses = - (pkgs.lib.network.host-ips config hostname) ++ - [ "127.0.0.1" ] ++ (optional config.networking.enableIPv6 "::1"); - state-directory = cfg.kerberos.state-directory; - master-key-file = cfg.kerberos.master-key-file; - master-config = mkIf (kerberos-master) { - acl = let - admin-entries = genAttrs config.instance.local-admins - (admin: { - perms = [ "add" "change-password" "list" ]; - }); - in admin-entries // { - "*/root".perms = [ "all" ]; - }; + kdc-principals = mkIf (kerberos-master || kerberos-slave) { + source-file = + config.fudo.secrets.files.kerberos.realm-principals."${realm}"; + target-file = "/run/kdc/realm.principals"; + user = krb-user; + group = krb-group; + }; + kadmind-keytab = mkIf kerberos-master { + source-file = extractFudoKeytab { + inherit realm; + principals = [ "kadmin/admin" ]; }; - slave-config = mkIf (kerberos-slave) { - master-host = domain.kerberos-master; - ipropd-keytab = cfg.kerberos.ipropd-keytab; + target-file = "/run/kdc/kadmind.keytab"; + user = krb-user; + group = krb-group; + }; + kpasswdd-keytab = mkIf kerberos-master { + source-file = extractFudoKeytab { + inherit realm; + principals = [ "kadmin/changepw" ]; + }; + target-file = "/run/kdc/kpasswdd.keytab"; + user = krb-user; + group = krb-group; + }; + hprop-keytab = + mkIf (kerberos-master && (domain.kerberos-slaves != [ ])) { + source-file = extractFudoKeytab { + inherit realm; + principals = [ "kadmin/hprop" ]; + }; + target-file = "/run/kdc/hprop.keytab"; + user = krb-user; + group = krb-group; + }; + + hpropd-keytab = mkIf kerberos-slave { + source-file = extractFudoHostKeytab { + inherit hostname realm; + services = [ "hprop" ]; + }; + target-file = "/run/kdc/hpropd.keytab"; + user = krb-user; + group = krb-group; + }; + }; + + auth = { + ldap-server = mkIf ldap-server (let + ldap-cert-copy = + config.fudo.acme.host-domains.${hostname}.${cfg.ldap.hostname}.local-copies.openldap; + in { + enable = ldap-server; + base = "dc=fudo,dc=org"; + organization = "Fudo"; + listen-uris = [ "ldap:///" "ldaps:///" ]; + required-services = [ ldap-cert-copy.service ]; + + # TODO: Maybe filter to Fudo-only? + users = config.fudo.users; + groups = config.fudo.groups; + system-users = config.fudo.system-users; + + state-directory = "${cfg.ldap.state-directory}"; + + ssl-chain = ldap-cert-copy.chain; + ssl-certificate = ldap-cert-copy.certificate; + ssl-private-key = ldap-cert-copy.private-key; + ssl-ca-certificate = "${pkgs.letsencrypt-ca}"; + }); + + kerberos = { + inherit realm; + kdc = mkIf (kerberos-master || kerberos-slave) { + state-directory = cfg.kerberos.state-directory; + master-key-file = host-secrets.realm-master-key.target-file; + primary = mkIf kerberos-master { + enable = true; + acl = let + adminEntries = genAttrs config.instance.local-admins + (admin: { perms = [ "add" "change-password" "list" ]; }); + in adminEntries // { "*/root".perms = [ "all" ]; }; + secondary-servers = map getHostFqdn domain.kerberos-slaves; + keytabs = { + kadmind = host-secrets.kadmind-keytab.target-file; + kpasswdd = host-secrets.kpasswdd-keytab.target-file; + hprop = host-secrets.hprop-keytab.target-file; + }; + }; + secondary = mkIf kerberos-slave { + enable = true; + keytabs.hpropd = host-secrets.hpropd-keytab.target-file; + }; }; }; }; @@ -129,19 +246,20 @@ in { host = hostname; }; - get-fqdn = host: - "${host}.${config.fudo.hosts.${host}.domain}"; + get-fqdn = host: "${host}.${config.fudo.hosts.${host}.domain}"; - kerberos-master-hosts = optional (kerberized-domain) - domain.kerberos-master; + kerberos-master-hosts = + optional (kerberized-domain) domain.kerberos-master; - kerberos-servers = map get-fqdn - (kerberos-master-hosts ++ domain.kerberos-slaves); + kerberos-servers = + map get-fqdn (kerberos-master-hosts ++ domain.kerberos-slaves); kerberos-masters = map get-fqdn kerberos-master-hosts; ldap-servers = map get-fqdn domain.ldap-servers; in { + gssapi-realm = realm; + srv-records = { tcp = { kerberos = map (make-srv-record 88) kerberos-servers; diff --git a/config/service/mail-server.nix b/config/service/mail-server.nix index 2c98d09..e010a8d 100644 --- a/config/service/mail-server.nix +++ b/config/service/mail-server.nix @@ -12,7 +12,7 @@ let mailserver-domain-name = config.fudo.hosts.${mailserver-host}.domain; mailserver-domain = config.fudo.domains.${mailserver-domain-name}; - mailserver-host-fqdn = "${mailserver-host}.${mailserver-domain-name}"; + mailserver-fqdn = "${mailserver-host}.${mailserver-domain-name}"; isMailServer = hostname == mailserver-host; @@ -94,15 +94,12 @@ in { }; }; - zones = mkIf isLocalMailserver { + zones = { ${mailserver-domain.zone} = let server-ipv4 = pkgs.lib.network.host-ipv4 config mailserver-host; server-ipv6 = pkgs.lib.network.host-ipv6 config mailserver-host; - srv-record = host: port: [{ - host = "${host}.${mailserver-domain-name}"; - port = port; - }]; + srv-record = host: port: [{ inherit host port; }]; in { hosts = genAttrs [ "imap" "smtp" ] (alias: { @@ -114,18 +111,17 @@ in { mx = [ "smtp.${mailserver-domain-name}" ]; - aliases = - mkIf metricsEnabled { mail-stats = "${mailserver-host-fqdn}."; }; + aliases = mkIf metricsEnabled { mail-stats = "${mailserver-fqdn}."; }; srv-records.tcp = { - pop3 = srv-record "imap" 110; - pop3s = srv-record "imap" 995; + pop3 = srv-record mailserver-fqdn 110; + pop3s = srv-record mailserver-fqdn 995; - imap = srv-record "imap" 143; - imaps = srv-record "imap" 993; + imap = srv-record mailserver-fqdn 143; + imaps = srv-record mailserver-fqdn 993; - smtp = srv-record "smtp" 25; - submission = srv-record "smtp" 587; + smtp = srv-record mailserver-fqdn 25; + submission = srv-record mailserver-fqdn 587; }; metric-records = mkIf metricsEnabled @@ -167,8 +163,7 @@ in { ssl-private-key = cert-copy.private-key; }; - local-domains = - [ mailserver-host-fqdn "smtp.${mailserver-domain-name}" ]; + local-domains = [ mailserver-fqdn "smtp.${mailserver-domain-name}" ]; mail-directory = "${cfg.state-directory}/mail"; state-directory = "${cfg.state-directory}/state"; diff --git a/config/service/mqtt.nix b/config/service/mqtt.nix new file mode 100644 index 0000000..5549f45 --- /dev/null +++ b/config/service/mqtt.nix @@ -0,0 +1,164 @@ +{ config, lib, pkgs, ... }@toplevel: + +with lib; +let + cfg = config.fudo.services.mqtt; + hostname = config.instance.hostname; + isMqttServer = cfg.host == hostname; + + aclOption = with types; + mkOption { + type = listOf str; + description = "Topic filter to which this user has access."; + example = [ "some/topic/#" "other/specific/topic" ]; + }; + + userOpts = { name, ... }: { + options = with types; { + username = mkOption { + type = str; + default = name; + }; + + password-file = mkOption { + type = str; + description = + "Path to file (on the BUILD HOST) containing the user's password."; + }; + + acl = aclOption; + }; + }; + + mosquittoUser = config.systemd.services.mosquitto.serviceConfig.User; + + pwTarget = type: username: "/run/mqtt/${type}-${username}.passwd"; + + mqttDomain = config.fudo.hosts."${cfg.host}".domain; + +in { + options.fudo.services.mqtt = with types; { + enable = mkEnableOption "Enable MQTT server."; + + host = mkOption { + type = str; + description = + "Hostname of the MQTT server for this site/domain/whatever."; + }; + + listen-address = mkOption { + type = str; + description = "IP address on which to listen."; + default = "0.0.0.0"; + }; + + private = { + enable = mkOption { + type = bool; + description = "Enable a private (authenticated) MQTT server."; + default = true; + }; + + port = mkOption { + type = port; + description = "Port at which to listen for incoming MQTT requests."; + default = 1883; + }; + + users = mkOption { + type = attrsOf (submodule userOpts); + default = { }; + }; + }; + + public = { + enable = mkEnableOption "Enable a public (anonymous) MQTT server."; + + port = mkOption { + type = port; + description = "Port at which to listen for incoming MQTT requests."; + default = 1884; + }; + + users = mkOption { + type = attrsOf (submodule userOpts); + default = { }; + }; + + acl = aclOption; + }; + + state-directory = mkOption { + type = str; + description = "Directory where server can store persistent state."; + }; + + mqtt-hostname = let + mqtt-host = toplevel.config.fudo.services.mqtt.host; + mqtt-domain = toplevel.config.fudo.hosts."${mqtt-host}".domain; + in mkOption { + type = str; + description = "Hostname at which the MQTT server can be reached."; + default = "mqtt.${mqtt-domain}"; + }; + }; + + config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = + (optional cfg.private.enable cfg.private.port) + ++ (optional cfg.public.enable cfg.public.port); + + systemd = { + services.mosquitto = { + after = [ config.fudo.secrets.secret-target ]; + restartIfChanged = true; + }; + tmpfiles.rules = optional isMqttServer + "d ${cfg.state-directory} 0700 ${mosquittoUser} - - -"; + }; + + fudo = { + zones."${mqttDomain}".aliases.mqtt = cfg.host; + + secrets.host-secrets."${hostname}" = mkIf isMqttServer (let + publicUsers = mapAttrs' (_: userOpts: + nameValuePair "mqtt-public-user-${userOpts.username}" { + source-file = userOpts.password-file; + target-file = pwTarget "public" userOpts.username; + user = mosquittoUser; + }) cfg.public.users; + privateUsers = mapAttrs' (_: userOpts: + nameValuePair "mqtt-private-user-${userOpts.username}" { + source-file = userOpts.password-file; + target-file = pwTarget "private" userOpts.username; + user = mosquittoUser; + }) cfg.private.users; + in publicUsers // privateUsers); + }; + + services.mosquitto = mkIf isMqttServer { + enable = true; + dataDir = cfg.state-directory; + listeners = (optional cfg.private.enable { + settings.allow_anonymous = false; + port = cfg.private.port; + address = cfg.listen-address; + users = mapAttrs' (_: userOpts: + nameValuePair userOpts.username { + acl = userOpts.acl; + passwordFile = pwTarget "private" userOpts.username; + }) cfg.private.users; + }) ++ (optional cfg.public.enable { + settings.allow_anonymous = true; + acl = map (line: "topic ${line}") cfg.public.acl; + port = cfg.public.port; + address = cfg.listen-address; + users = mapAttrs' (_: userOpts: + nameValuePair userOpts.username { + acl = userOpts.acl; + passwordFile = pwTarget "public" userOpts.username; + }) cfg.public.users; + }); + }; + }; +} diff --git a/config/service/nexus.nix b/config/service/nexus.nix new file mode 100644 index 0000000..77ef4b4 --- /dev/null +++ b/config/service/nexus.nix @@ -0,0 +1,260 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.fudo.services.nexus; + + hostname = config.instance.hostname; + + domainName = config.fudo.hosts."${hostname}".domain; + domain = config.fudo.domains."${domainName}"; + siteName = config.fudo.hosts."${hostname}".site; + site = config.fudo.sites."${siteName}"; + + hostNexusDomainList = host: + let + domainName = config.fudo.hosts."${host}".domain; + domain = config.fudo.domains."${domainName}"; + siteName = config.fudo.hosts."${host}".site; + site = config.fudo.sites."${siteName}"; + in unique (domain.nexus.domains ++ site.nexus.domains); + + isEmpty = lst: lst == [ ]; + + localNexusDomains = getAttrs (hostNexusDomainList hostname) + (listKeys config.fudo.nexus.domains); + + isServer = let + servers = concatMap (domainOpts: domainOpts.servers) + (attrValues config.fudo.nexus.domains); + in elem hostname servers; + + isDnsServer = let + servers = concatMap (domainOpts: domainOpts.dns-servers) + (attrValues config.fudo.nexus.domains); + in elem hostname servers; + + isDatabase = hostname == domain.postgresql-server; + + enableClient = !isEmpty (hostNexusDomainList hostname); + + enable = isServer || isDnsServer || isDatabase || enableClient; + + servedDomains = filterAttrs (_: domainOpts: + (elem hostname domainOpts.servers) + || (elem hostname domainOpts.dns-servers)) config.fudo.nexus.domains; + + clientHosts = filter (hostname: + !isEmpty + (intersectLists (hostNexusDomainList hostname) (attrNames servedDomains))) + (attrNames config.fudo.hosts); + + hostSecrets = config.fudo.secrets.host-secrets."${hostname}"; + + hostFqdn = hostname: "${hostname}.${domainName}"; + + databaseName = "nexus_dns"; + serverUser = "nexus_server"; + dnsServerUser = "nexus_dns"; + + concatMapAttrsToList = f: as: concatLists (mapAttrsToList f as); + + genServerRecords = name: domain: servers: + imap0 (i: host: { + inherit host domain; + alias = "${name}${toString i}"; + }) servers; + + serverList = concatMapAttrsToList + (domain: domainOpts: genServerRecords "nexus-" domain domainOpts.servers) + config.fudo.nexus.domains; + + dnsServerList = concatMapAttrsToList + (domain: domainOpts: genServerRecords "ns" domain domainOpts.dns-servers) + config.fudo.nexus.domains; + + genSshfp = path: + pkgs.stdenv.mkDerivation { + name = "sshfp-${baseNameOf path}"; + buildInputs = with pkgs; [ openssh ]; + phases = [ "installPhase" ]; + installPhase = + "ssh-keygen -r PLACEHOLDER -f ${path} | sed 's/PLACEHOLDER IN SSHFP //' > $out"; + }; + +in { + options.fudo.services.nexus.dns-server = with types; { + listen-addresses = mkOption { + type = nullOr (listOf str); + description = + "Listen addresses. Defaults to 0.0.0.0 (i.e. all addresses)."; + default = null; + }; + }; + + config = mkIf enable { + + nexus = { + database = { + database = databaseName; + host = pkgs.lib.getDomainPostgresqlServer domainName; + }; + + domains = mapAttrs (domain: domainOpts: { + admin = "admin@${domain}"; + inherit (domainOpts) gssapi-realm; + trusted-networks = domainOpts.trusted-networks + ++ config.instance.local-networks; + # aliases = let + # mkAlias = { host, alias, ... }: + # nameValuePair alias (pkgs.lib.getHostFqdn host); + # domainRecords = filter (record: record.domain == domain) serverList; + # in listToAttrs (map mkAlias domainRecords); + nameservers = let + domainNs = filter (record: record.domain == domain) dnsServerList; + mkNsRecord = { alias, host, ... }: + nameValuePair alias { + ipv4-address = pkgs.lib.getHostIpv4 host; + ipv6-address = pkgs.lib.getHostIpv6 host; + }; + in listToAttrs (map mkNsRecord domainNs); + records = let + domainServers = filter (record: record.domain == domain) serverList; + mkHostRecords = { host, alias, ... }: + let + ipv4-address = pkgs.lib.getHostIpv4 host; + ipv6-address = pkgs.lib.getHostIpv6 host; + in (optional (ipv4-address != null) { + name = "${alias}.${domain}"; + type = "A"; + content = ipv4-address; + }) ++ (optional (ipv6-address != null) { + name = "${alias}.${domain}"; + type = "AAAA"; + content = ipv6-address; + }); + in domainOpts.records ++ (concatMap mkHostRecords domainServers); + }) servedDomains; + + client = { + enable = enableClient; + inherit hostname; + verbose = true; + domains = unique (domain.nexus.domains ++ site.nexus.domains); + hmac-key-file = hostSecrets.nexus-key.target-file; + servers = let localDomains = hostNexusDomainList hostname; + in map ({ domain, alias, ... }: "${alias}.${domain}") + (filter ({ domain, ... }: elem domain localDomains) serverList); + ssh-key-files = map (key: key.path) config.services.openssh.hostKeys; + }; + + server = { + enable = isServer; + verbose = true; + client-keys-file = hostSecrets.nexus-client-keys.target-file; + hostnames = let + hostServerRecords = + filter ({ host, ... }: host == hostname) serverList; + in map ({ domain, alias, ... }: "${alias}.${domain}") hostServerRecords; + database = { + user = serverUser; + password-file = hostSecrets.nexus-server-passwd.target-file; + }; + }; + + dns-server = { + enable = isDnsServer; + enable-dnssec = true; + listen-addresses = mkIf (cfg.dns-server.listen-addresses != null) + cfg.dns-server.listen-addresses; + database = { + user = dnsServerUser; + password-file = hostSecrets.nexus-dns-server-passwd.target-file; + }; + }; + }; + + fudo = { + secrets.host-secrets."${hostname}" = { + nexus-client-keys = mkIf isServer { + source-file = let + clientKeyFiles = + filterAttrs (hostname: _: elem hostname clientHosts) + config.fudo.secrets.files.nexus-hmacs; + clientKeys = + mapAttrs (_: filename: readFile filename) clientKeyFiles; + in pkgs.writeText "nexus-client-keys.json" + (builtins.toJSON clientKeys); + target-file = "/run/nexus/client-keys.json"; + }; + + nexus-key = mkIf enableClient { + source-file = config.fudo.secrets.files.nexus-hmacs."${hostname}"; + target-file = "/run/nexus/client.key"; + }; + + nexus-server-passwd = mkIf isServer { + source-file = + pkgs.lib.passwd.stablerandom-passwd-file "nexus-server-passwd" + "nexus-server-${config.instance.build-seed}"; + target-file = "/run/nexus/server-db.passwd"; + }; + + postgres-nexus-server-passwd = mkIf isDatabase { + source-file = + pkgs.lib.passwd.stablerandom-passwd-file "nexus-server-passwd" + "nexus-server-${config.instance.build-seed}"; + target-file = "/run/nexus/server-db.passwd"; + user = "postgres"; + }; + + nexus-dns-server-passwd = mkIf isDnsServer { + source-file = + pkgs.lib.passwd.stablerandom-passwd-file "nexus-dns-server-passwd" + "nexus-dns-server-${config.instance.build-seed}"; + target-file = "/run/nexus/dns-server-db.passwd"; + }; + + postgres-nexus-dns-server-passwd = mkIf isDatabase { + source-file = + pkgs.lib.passwd.stablerandom-passwd-file "nexus-dns-server-passwd" + "nexus-dns-server-${config.instance.build-seed}"; + target-file = "/run/nexus-db/nexus-dns.passwd"; + user = "postgres"; + }; + }; + + postgresql = mkIf isDatabase { + required-services = [ "fudo-passwords.target" ]; + + databases."${databaseName}".users = config.instance.local-admins; + + users = { + "${serverUser}" = { + password-file = + hostSecrets.postgres-nexus-server-passwd.target-file; + databases."${databaseName}" = { + access = "CONNECT"; + entity-access = { + "ALL TABLES IN SCHEMA public" = "SELECT,INSERT,UPDATE,DELETE"; + "ALL SEQUENCES IN SCHEMA public" = "SELECT,UPDATE"; + }; + }; + }; + + "${dnsServerUser}" = { + password-file = + hostSecrets.postgres-nexus-dns-server-passwd.target-file; + databases."${databaseName}" = { + access = "CONNECT"; + entity-access = { + "ALL TABLES IN SCHEMA public" = "SELECT,INSERT,UPDATE,DELETE"; + "ALL SEQUENCES IN SCHEMA public" = "SELECT,UPDATE"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/config/service/postgresql.nix b/config/service/postgresql.nix index 6cab4d5..6661de7 100644 --- a/config/service/postgresql.nix +++ b/config/service/postgresql.nix @@ -13,8 +13,7 @@ let host-secrets = config.fudo.secrets.host-secrets.${hostname}; postgresEnabled = domain.postgresql-server == hostname; - publicNetwork = let - site-name = config.fudo.hosts.${hostname}.site; + publicNetwork = let site-name = config.fudo.hosts.${hostname}.site; in config.fudo.sites.${site-name}.local-gateway == null; isPostgresHost = hostname == domain.postgresql-server; @@ -32,7 +31,7 @@ in { }; keytab = mkOption { - type = str; + type = nullOr path; description = "Keytab for PostgreSQL."; }; }; @@ -49,18 +48,20 @@ in { }; }; - secrets.host-secrets.${hostname}.postgres-keytab = mkIf (cfg.keytab != null) { - source-file = cfg.keytab; - target-file = "/run/postgresql/postgres.keytab"; - user = postgresUser; - }; + secrets.host-secrets.${hostname}.postgres-keytab = + mkIf (cfg.keytab != null) { + source-file = cfg.keytab; + target-file = "/run/postgresql/postgres.keytab"; + user = postgresUser; + }; zones.${zone-name}.aliases.postgresql = "${domain.postgresql-server}.${domain-name}."; postgresql = mkIf isPostgresHost (let ssl-config = optionalAttrs publicNetwork (let - cert-copy = acme-copies.${postgresql-hostname}.local-copies.postgresql; + cert-copy = + acme-copies.${postgresql-hostname}.local-copies.postgresql; in { ssl-certificate = mkIf publicNetwork cert-copy.full-certificate; ssl-private-key = mkIf publicNetwork cert-copy.private-key; @@ -68,7 +69,8 @@ in { }); in { enable = true; - keytab = mkIf (cfg.keytab != null) host-secrets.postgres-keytab.target-file; + keytab = mkIf (cfg.keytab != null) + "${host-secrets.postgres-keytab.target-file}"; local-networks = config.instance.local-networks; state-directory = cfg.state-directory; required-services = [ config.fudo.secrets.secret-target ]; diff --git a/config/service/suanni.nix b/config/service/suanni.nix new file mode 100644 index 0000000..a2e1066 --- /dev/null +++ b/config/service/suanni.nix @@ -0,0 +1,156 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.fudo.services.suanni; + + hostname = config.instance.hostname; + isListener = hostname == cfg.event-listener.host; + isObjectifier = hostname == cfg.objectifier.host; + + domain-name = config.fudo.hosts."${hostname}".domain; + + host-secrets = config.fudo.secrets.host-secrets."${hostname}"; + + suanni-mqtt-passwd = pkgs.lib.passwd.stablerandom-passwd-file "suanni-mqtt" + config.instance.build-seed; + +in { + options.fudo.services.suanni = with types; { + enable = mkEnableOption "Enable Suan Ni Home Guardian."; + + mqtt-topic = mkOption { + type = str; + description = "MQTT topic on which to publish events."; + default = "suanni/events/motion"; + }; + + event-listener = { + host = mkOption { + type = str; + description = "Hostname of Event Listener server."; + }; + + port = mkOption { + type = port; + default = 5354; + }; + }; + + objectifier = { + host = mkOption { + type = str; + description = "Hostname of objectifier server."; + }; + + port = mkOption { + type = port; + default = 5121; + }; + }; + + synology = { + host = mkOption { + type = str; + description = "Hostname of the Synology server."; + }; + + port = mkOption { + type = port; + description = "Port on which to contact the Synology server."; + }; + + username = mkOption { + type = str; + description = "Username as which to connect to the Synology server."; + }; + + password-file = mkOption { + type = str; + description = "Path to file containing Synology user password."; + }; + }; + }; + + config = mkIf cfg.enable { + services = mkIf (isObjectifier || isListener) { + nginx = { + enable = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedGzipSettings = true; + + virtualHosts = { + "event-listener.${domain-name}" = mkIf isListener { + locations."/".proxyPass = + "http://127.0.0.1:${toString cfg.event-listener.port}"; + }; + "objectifier.${domain-name}" = mkIf isObjectifier { + locations."/".proxyPass = + "http://127.0.0.1:${toString cfg.objectifier.port}"; + }; + }; + }; + + objectifier = mkIf isObjectifier { + enable = true; + listen-addresses = [ "127.0.0.1" ]; + port = cfg.objectifier.port; + }; + + suanni.server = mkIf isListener { + enable = true; + verbose = true; + event-listener.hostname = "127.0.0.1"; + synology-client = { + inherit (cfg.synology) host port username; + password-file = host-secrets.suanni-synology-password.target-file; + }; + objectifier-client = { + host = "objectifier.${domain-name}"; + port = 80; + }; + mqtt-client = { + inherit (config.fudo.services.mqtt.private) port; + host = config.fudo.services.mqtt.mqtt-hostname; + username = "suanni"; + password-file = host-secrets.suanni-mqtt-password.target-file; + topic = cfg.mqtt-topic; + }; + }; + }; + + fudo = { + secrets.host-secrets."${hostname}" = { + suanni-synology-password = mkIf isListener { + source-file = + config.fudo.secrets.files.service-passwords."${hostname}".suanni-synology; + target-file = "/run/suanni/synology.passwd"; + }; + suanni-mqtt-password = mkIf isListener { + source-file = suanni-mqtt-passwd; + target-file = "/run/suanni/mqtt.passwd"; + }; + }; + + services.mqtt = { + enable = true; + private = { + enable = true; + users.suanni = { + password-file = suanni-mqtt-passwd; + acl = [ "readwrite #" ]; + }; + }; + }; + + zones."${domain-name}" = { + aliases = { + objectifier = cfg.objectifier.host; + event-listener = "${cfg.event-listener.host}"; + }; + }; + }; + + }; +} diff --git a/config/service/tattler.nix b/config/service/tattler.nix new file mode 100644 index 0000000..c957638 --- /dev/null +++ b/config/service/tattler.nix @@ -0,0 +1,104 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.fudo.services.tattler; + + hostname = config.instance.hostname; + isSnooper = config.instance.hostname == cfg.snooper-host; + domain-name = config.fudo.host."${hostname}".domain; + + snooper-mqtt-passwd = pkgs.lib.passwd.stablerandom-passwd-file "snooper-mqtt" + config.instance.build-seed; + +in { + options.fudo.services.tattler = with types; { + enable = mkEnableOption "Enable Snooper & Tattler notification system."; + + verbose = mkEnableOption "Enable verbose output and logging."; + + enable-notifications = + mkEnableOption "Enable tattler notifications on the local host."; + + event-topics = mkOption { + type = listOf str; + description = "List of MQTT topics on which to listen for motion events."; + }; + + notification-topic = mkOption { + type = str; + description = "MQTT topic on which to publish notifications."; + default = "fudo/notifications/objects"; + }; + + snooper-host = mkOption { + type = str; + description = "Host on which to run the snooper service."; + }; + }; + + config = mkIf cfg.enable { + fudo = { + secrets.host-secrets."${hostname}" = { + snooper-passwd = mkIf isSnooper { + source-file = snooper-mqtt-passwd; + target-file = "/run/snooper/mqtt.passwd"; + }; + }; + + services.mqtt = mkIf isSnooper { + enable = true; + private = { + enable = true; + users.snooper = { + password-file = snooper-mqtt-passwd; + acl = map (topic: "read ${topic}") cfg.event-topics; + }; + }; + public = { + enable = true; + acl = [ "read ${cfg.notification-topic}" ]; + users.snooper = { + password-file = snooper-mqtt-passwd; + acl = [ "readwrite ${cfg.notification-topic}" ]; + }; + }; + }; + }; + + services = { + snooper = mkIf isSnooper { + enable = true; + verbose = true; + event-topics = cfg.event-topics; + notification-topic = cfg.notification-topic; + mqtt = let + host-secrets = + (trace hostname config.fudo.secrets.host-secrets."${hostname}"); + in { + incoming = { + port = config.fudo.services.mqtt.private.port; + host = config.fudo.services.mqtt.mqtt-hostname; + username = "snooper"; + password-file = host-secrets.snooper-passwd.target-file; + }; + outgoing = { + port = config.fudo.services.mqtt.public.port; + host = config.fudo.services.mqtt.mqtt-hostname; + username = "snooper"; + password-file = host-secrets.snooper-passwd.target-file; + }; + }; + }; + tattler = mkIf cfg.enable-notifications { + enable = true; + verbose = true; + notification-topic = cfg.notification-topic; + mqtt = { + inherit (config.fudo.services.mqtt.public) port; + host = config.fudo.services.mqtt.mqtt-hostname; + }; + }; + }; + }; +} diff --git a/config/service/wallfly-presence.nix b/config/service/wallfly-presence.nix index 795fd96..7aae3c6 100644 --- a/config/service/wallfly-presence.nix +++ b/config/service/wallfly-presence.nix @@ -22,25 +22,6 @@ let in { options.fudo.services.wallfly-presence = with types; { enable = mkEnableOption "Enable WallFly presence for the local site."; - - mqtt = { - broker-host = mkOption { - type = str; - description = "Host to serve as local MQTT broker."; - }; - - port = mkOption { - type = port; - description = "Port on which to listen for MQTT connections."; - default = 1884; - }; - - listen-address = mkOption { - type = str; - description = "Address on which to listen for MQTT connections."; - default = "0.0.0.0"; - }; - }; }; config = mkIf cfg.enable { @@ -50,42 +31,30 @@ in { source-file = userOpts.password-file; target-file = "/run/wallfly-${username}/passwd"; user = username; - }) local-user-cfg) // (optionalAttrs is-mqtt-broker (mapAttrs' - (username: userOpts: - nameValuePair "wallfly-server-${username}-passwd" { - source-file = userOpts.password-file; - target-file = "/run/wallfly-mqtt/${username}.passwd"; - user = config.systemd.services.mosquitto.serviceConfig.User; - }) user-cfg)); - - zones."${domain-name}" = { - aliases.mqtt = "${mqtt-broker}.${domain-name}."; - }; + }) local-user-cfg); wallfly = { enable = true; - mqtt = { - broker-uri = - "tcp://${mqtt-broker}.${domain-name}:${toString cfg.mqtt.port}"; + mqtt = let + mqtt-hostname = config.fudo.services.mqtt.mqtt-hostname; + mqtt-port = config.fudo.services.mqtt.private.port; + in { + broker-uri = "tcp://${mqtt-hostname}:${toString mqtt-port}"; username = "wallfly-$USER"; password-file = "/run/wallfly-$USER/passwd"; }; }; - }; - services = { - mosquitto = mkIf (is-mqtt-broker) { + services.mqtt = { enable = true; - listeners = [{ - settings.allow_anonymous = false; - port = cfg.mqtt.port; - address = cfg.mqtt.listen-address; + private = { + enable = true; users = mapAttrs' (username: userOpts: nameValuePair "wallfly-${username}" { - passwordFile = "/run/wallfly-mqtt/${username}.passwd"; + password-file = userOpts.password-file; acl = [ "readwrite homeassistant/binary_sensor/#" ]; }) user-cfg; - }]; + }; }; }; }; diff --git a/config/services.nix b/config/services.nix index 908a399..c1e52ee 100644 --- a/config/services.nix +++ b/config/services.nix @@ -2,7 +2,7 @@ { imports = [ - ./service/backplane.nix + # ./service/backplane.nix ./service/chat.nix ./service/chute.nix ./service/dns.nix @@ -12,8 +12,12 @@ ./service/logging.nix ./service/mail-server.nix ./service/metrics.nix + ./service/mqtt.nix + ./service/nexus.nix ./service/postgresql.nix ./service/selby-forum.nix + ./service/suanni.nix + ./service/tattler.nix ./service/wallfly-presence.nix # ./service/wireguard-gateway.nix ]; diff --git a/config/site-config/seattle.nix b/config/site-config/seattle.nix index 7d892e6..1150f6f 100644 --- a/config/site-config/seattle.nix +++ b/config/site-config/seattle.nix @@ -3,9 +3,37 @@ with lib; let local-domain = "sea.fudo.org"; in { - fudo.services.wallfly-presence = { - enable = true; - mqtt.broker-host = "wormhole0"; + fudo.services = { + mqtt = { + enable = true; + host = "wormhole0"; + }; + + wallfly-presence.enable = true; + + tattler = let snooper-host = "wormhole0"; + in { + enable = true; + verbose = true; + event-topics = [ "suanni/events/motion" ]; + inherit snooper-host; + }; + + suanni = let + listener = "nostromo"; + objectifier = "lambda"; + in { + enable = true; + event-listener.host = listener; + objectifier.host = objectifier; + synology = { + host = "cargo.sea.fudo.org"; + port = 5001; + username = "suanni"; + password-file = + config.fudo.secrets.files.service-passwords."${listener}".suanni-synology; + }; + }; }; fileSystems = { @@ -165,7 +193,6 @@ in { DefaultDependencies = false; ConditionPathExists = [ "|!/run/gssproxy.pid" "|!/proc/net/rpc/use-gss-proxy" ]; - Restart = "always"; }; serviceConfig = { Type = "forking"; diff --git a/config/users.nix b/config/users.nix index 577cdb2..00f931b 100644 --- a/config/users.nix +++ b/config/users.nix @@ -207,7 +207,7 @@ uid = 10065; primary-group = "fudo"; common-name = "Xiaoxuan Jin"; - ldap-hashed-passwd = "{MD5}iecbyMpyVkmOaMBzSFy58Q=="; + ldap-hashed-passwd = "{SSHA}04fLLUmqNUpOUJi3IBEja8bFNm0S6W60"; login-hashed-passwd = "$6$C8lYHrK7KvdKm/RE$cHZ2hg5gEOEjTV8Zoayik8sz5h.Vh0.ClCgOlQn8l/2Qx/qdxqZ7xCsAZ1GZ.IEyESfhJeJbjLpykXDwPpfVF0"; email = "xiaoxuan@fudo.org"; diff --git a/flake.lock b/flake.lock index 2663d5c..08329fd 100644 --- a/flake.lock +++ b/flake.lock @@ -13,19 +13,6 @@ "type": "path" } }, - "build-keypairs": { - "flake": false, - "locked": { - "lastModified": 1634322891, - "narHash": "sha256-4eRLRLCzZ6kQIRZqy51bj60jhFSQ/wlKLeNgABPhTyw=", - "path": "/state/secrets/build-keypairs", - "type": "path" - }, - "original": { - "path": "/state/secrets/build-keypairs", - "type": "path" - } - }, "build-seed": { "flake": false, "locked": { @@ -87,6 +74,31 @@ "inputs": { "devshell": "devshell", "flake-utils": "flake-utils_3", + "nixpkgs": [ + "fudo-home", + "fudo-pkgs", + "helpers", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1663870497, + "narHash": "sha256-gnoyYWvZl64WBqR3tf9bKHAznEtBCHmwx7taHghH9Lw=", + "owner": "jlesquembre", + "repo": "clj-nix", + "rev": "23d9daacc80e634df078c4c6e34d592e1593d84c", + "type": "github" + }, + "original": { + "owner": "jlesquembre", + "repo": "clj-nix", + "type": "github" + } + }, + "clj-nix_10": { + "inputs": { + "devshell": "devshell_10", + "flake-utils": "flake-utils_15", "nixpkgs": [ "pricebot", "nixpkgs" @@ -106,21 +118,320 @@ "type": "github" } }, - "clj-nix_2": { + "clj-nix_11": { "inputs": { - "devshell": "devshell_2", - "flake-utils": "flake-utils_5", + "devshell": "devshell_11", + "flake-utils": "flake-utils_16", + "nixpkgs": [ + "snooper", + "helpers", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1677342613, + "narHash": "sha256-BqhKj7jQahSVThEwLHt164kJHGx9LXzBARFZaFNLPW8=", + "owner": "jlesquembre", + "repo": "clj-nix", + "rev": "7d9e244ea96988524ba3bd6c2bbafdf0a5340b96", + "type": "github" + }, + "original": { + "owner": "jlesquembre", + "repo": "clj-nix", + "type": "github" + } + }, + "clj-nix_12": { + "inputs": { + "devshell": "devshell_12", + "flake-utils": "flake-utils_17", + "nixpkgs": [ + "suanni", + "helpers", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1677342613, + "narHash": "sha256-BqhKj7jQahSVThEwLHt164kJHGx9LXzBARFZaFNLPW8=", + "owner": "jlesquembre", + "repo": "clj-nix", + "rev": "7d9e244ea96988524ba3bd6c2bbafdf0a5340b96", + "type": "github" + }, + "original": { + "owner": "jlesquembre", + "repo": "clj-nix", + "type": "github" + } + }, + "clj-nix_13": { + "inputs": { + "devshell": "devshell_13", + "flake-utils": "flake-utils_18", + "nixpkgs": [ + "tattler", + "helpers", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1677342613, + "narHash": "sha256-BqhKj7jQahSVThEwLHt164kJHGx9LXzBARFZaFNLPW8=", + "owner": "jlesquembre", + "repo": "clj-nix", + "rev": "7d9e244ea96988524ba3bd6c2bbafdf0a5340b96", + "type": "github" + }, + "original": { + "owner": "jlesquembre", + "repo": "clj-nix", + "type": "github" + } + }, + "clj-nix_14": { + "inputs": { + "devshell": "devshell_14", + "flake-utils": "flake-utils_19", + "nixpkgs": [ + "tattler", + "notifierClj", + "helpers", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1677342613, + "narHash": "sha256-BqhKj7jQahSVThEwLHt164kJHGx9LXzBARFZaFNLPW8=", + "owner": "jlesquembre", + "repo": "clj-nix", + "rev": "7d9e244ea96988524ba3bd6c2bbafdf0a5340b96", + "type": "github" + }, + "original": { + "owner": "jlesquembre", + "repo": "clj-nix", + "type": "github" + } + }, + "clj-nix_15": { + "inputs": { + "devshell": "devshell_15", + "flake-utils": "flake-utils_21", "nixpkgs": [ "wallfly", "nixpkgs" ] }, "locked": { - "lastModified": 1655801580, - "narHash": "sha256-4XUFDP1ES1KNWwDukQEixCe4uV7Z951kgaVAFhXI2ew=", + "lastModified": 1663870497, + "narHash": "sha256-gnoyYWvZl64WBqR3tf9bKHAznEtBCHmwx7taHghH9Lw=", "owner": "jlesquembre", "repo": "clj-nix", - "rev": "579141e009200fcd28d251731e9ac5ba46a1ec2a", + "rev": "23d9daacc80e634df078c4c6e34d592e1593d84c", + "type": "github" + }, + "original": { + "owner": "jlesquembre", + "repo": "clj-nix", + "type": "github" + } + }, + "clj-nix_2": { + "inputs": { + "devshell": "devshell_2", + "flake-utils": "flake-utils_5", + "nixpkgs": [ + "fudo-pkgs", + "helpers", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1663870497, + "narHash": "sha256-gnoyYWvZl64WBqR3tf9bKHAznEtBCHmwx7taHghH9Lw=", + "owner": "jlesquembre", + "repo": "clj-nix", + "rev": "23d9daacc80e634df078c4c6e34d592e1593d84c", + "type": "github" + }, + "original": { + "owner": "jlesquembre", + "repo": "clj-nix", + "type": "github" + } + }, + "clj-nix_3": { + "inputs": { + "devshell": "devshell_3", + "flake-utils": "flake-utils_7", + "nixpkgs": [ + "fudo-secrets", + "fudo-pkgs", + "helpers", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1663870497, + "narHash": "sha256-gnoyYWvZl64WBqR3tf9bKHAznEtBCHmwx7taHghH9Lw=", + "owner": "jlesquembre", + "repo": "clj-nix", + "rev": "23d9daacc80e634df078c4c6e34d592e1593d84c", + "type": "github" + }, + "original": { + "owner": "jlesquembre", + "repo": "clj-nix", + "type": "github" + } + }, + "clj-nix_4": { + "inputs": { + "devshell": "devshell_4", + "flake-utils": "flake-utils_8", + "nixpkgs": [ + "fudo-secrets", + "nexus", + "nexus-client", + "helpers", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1677342613, + "narHash": "sha256-BqhKj7jQahSVThEwLHt164kJHGx9LXzBARFZaFNLPW8=", + "owner": "jlesquembre", + "repo": "clj-nix", + "rev": "7d9e244ea96988524ba3bd6c2bbafdf0a5340b96", + "type": "github" + }, + "original": { + "owner": "jlesquembre", + "repo": "clj-nix", + "type": "github" + } + }, + "clj-nix_5": { + "inputs": { + "devshell": "devshell_5", + "flake-utils": "flake-utils_9", + "nixpkgs": [ + "fudo-secrets", + "nexus", + "nexus-crypto", + "helpers", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1677342613, + "narHash": "sha256-BqhKj7jQahSVThEwLHt164kJHGx9LXzBARFZaFNLPW8=", + "owner": "jlesquembre", + "repo": "clj-nix", + "rev": "7d9e244ea96988524ba3bd6c2bbafdf0a5340b96", + "type": "github" + }, + "original": { + "owner": "jlesquembre", + "repo": "clj-nix", + "type": "github" + } + }, + "clj-nix_6": { + "inputs": { + "devshell": "devshell_6", + "flake-utils": "flake-utils_10", + "nixpkgs": [ + "fudo-secrets", + "nexus", + "nexus-server", + "helpers", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1677342613, + "narHash": "sha256-BqhKj7jQahSVThEwLHt164kJHGx9LXzBARFZaFNLPW8=", + "owner": "jlesquembre", + "repo": "clj-nix", + "rev": "7d9e244ea96988524ba3bd6c2bbafdf0a5340b96", + "type": "github" + }, + "original": { + "owner": "jlesquembre", + "repo": "clj-nix", + "type": "github" + } + }, + "clj-nix_7": { + "inputs": { + "devshell": "devshell_7", + "flake-utils": "flake-utils_11", + "nixpkgs": [ + "nexus", + "nexus-client", + "helpers", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1677342613, + "narHash": "sha256-BqhKj7jQahSVThEwLHt164kJHGx9LXzBARFZaFNLPW8=", + "owner": "jlesquembre", + "repo": "clj-nix", + "rev": "7d9e244ea96988524ba3bd6c2bbafdf0a5340b96", + "type": "github" + }, + "original": { + "owner": "jlesquembre", + "repo": "clj-nix", + "type": "github" + } + }, + "clj-nix_8": { + "inputs": { + "devshell": "devshell_8", + "flake-utils": "flake-utils_12", + "nixpkgs": [ + "nexus", + "nexus-crypto", + "helpers", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1677342613, + "narHash": "sha256-BqhKj7jQahSVThEwLHt164kJHGx9LXzBARFZaFNLPW8=", + "owner": "jlesquembre", + "repo": "clj-nix", + "rev": "7d9e244ea96988524ba3bd6c2bbafdf0a5340b96", + "type": "github" + }, + "original": { + "owner": "jlesquembre", + "repo": "clj-nix", + "type": "github" + } + }, + "clj-nix_9": { + "inputs": { + "devshell": "devshell_9", + "flake-utils": "flake-utils_13", + "nixpkgs": [ + "nexus", + "nexus-server", + "helpers", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1677342613, + "narHash": "sha256-BqhKj7jQahSVThEwLHt164kJHGx9LXzBARFZaFNLPW8=", + "owner": "jlesquembre", + "repo": "clj-nix", + "rev": "7d9e244ea96988524ba3bd6c2bbafdf0a5340b96", "type": "github" }, "original": { @@ -149,6 +460,126 @@ "type": "github" } }, + "clj2nix_10": { + "inputs": { + "flake-compat": "flake-compat_11", + "nixpkgs": "nixpkgs_22", + "utils": "utils_26" + }, + "locked": { + "lastModified": 1673786922, + "narHash": "sha256-MrwSNEXpq20/AvMxW49MRbuqf8C2M4Vei3jtZeXYjJk=", + "owner": "hlolli", + "repo": "clj2nix", + "rev": "04b0dfbfc69c6316b8613d061e3fe4619d79cd9f", + "type": "github" + }, + "original": { + "owner": "hlolli", + "repo": "clj2nix", + "type": "github" + } + }, + "clj2nix_11": { + "inputs": { + "flake-compat": "flake-compat_12", + "nixpkgs": "nixpkgs_24", + "utils": "utils_29" + }, + "locked": { + "lastModified": 1673786922, + "narHash": "sha256-MrwSNEXpq20/AvMxW49MRbuqf8C2M4Vei3jtZeXYjJk=", + "owner": "hlolli", + "repo": "clj2nix", + "rev": "04b0dfbfc69c6316b8613d061e3fe4619d79cd9f", + "type": "github" + }, + "original": { + "owner": "hlolli", + "repo": "clj2nix", + "type": "github" + } + }, + "clj2nix_12": { + "inputs": { + "flake-compat": "flake-compat_13", + "nixpkgs": "nixpkgs_30", + "utils": "utils_35" + }, + "locked": { + "lastModified": 1673786922, + "narHash": "sha256-MrwSNEXpq20/AvMxW49MRbuqf8C2M4Vei3jtZeXYjJk=", + "owner": "hlolli", + "repo": "clj2nix", + "rev": "04b0dfbfc69c6316b8613d061e3fe4619d79cd9f", + "type": "github" + }, + "original": { + "owner": "hlolli", + "repo": "clj2nix", + "type": "github" + } + }, + "clj2nix_13": { + "inputs": { + "flake-compat": "flake-compat_14", + "nixpkgs": "nixpkgs_32", + "utils": "utils_38" + }, + "locked": { + "lastModified": 1673786922, + "narHash": "sha256-MrwSNEXpq20/AvMxW49MRbuqf8C2M4Vei3jtZeXYjJk=", + "owner": "hlolli", + "repo": "clj2nix", + "rev": "04b0dfbfc69c6316b8613d061e3fe4619d79cd9f", + "type": "github" + }, + "original": { + "owner": "hlolli", + "repo": "clj2nix", + "type": "github" + } + }, + "clj2nix_14": { + "inputs": { + "flake-compat": "flake-compat_15", + "nixpkgs": "nixpkgs_34", + "utils": "utils_41" + }, + "locked": { + "lastModified": 1673786922, + "narHash": "sha256-MrwSNEXpq20/AvMxW49MRbuqf8C2M4Vei3jtZeXYjJk=", + "owner": "hlolli", + "repo": "clj2nix", + "rev": "04b0dfbfc69c6316b8613d061e3fe4619d79cd9f", + "type": "github" + }, + "original": { + "owner": "hlolli", + "repo": "clj2nix", + "type": "github" + } + }, + "clj2nix_15": { + "inputs": { + "flake-compat": "flake-compat_16", + "nixpkgs": "nixpkgs_36", + "utils": "utils_43" + }, + "locked": { + "lastModified": 1673786922, + "narHash": "sha256-MrwSNEXpq20/AvMxW49MRbuqf8C2M4Vei3jtZeXYjJk=", + "owner": "hlolli", + "repo": "clj2nix", + "rev": "04b0dfbfc69c6316b8613d061e3fe4619d79cd9f", + "type": "github" + }, + "original": { + "owner": "hlolli", + "repo": "clj2nix", + "type": "github" + } + }, "clj2nix_2": { "inputs": { "flake-compat": "flake-compat_2", @@ -169,9 +600,190 @@ "type": "github" } }, + "clj2nix_3": { + "inputs": { + "flake-compat": "flake-compat_4", + "nixpkgs": "nixpkgs_5", + "utils": "utils_5" + }, + "locked": { + "lastModified": 1654804151, + "narHash": "sha256-D/fRFmem9MoSWAmeK8VE6EMtfBRF3xPpEXp9AotW+K0=", + "owner": "hlolli", + "repo": "clj2nix", + "rev": "a321028a6670fc6329272a4d1ac0054f0b25d920", + "type": "github" + }, + "original": { + "owner": "hlolli", + "repo": "clj2nix", + "type": "github" + } + }, + "clj2nix_4": { + "inputs": { + "flake-compat": "flake-compat_5", + "nixpkgs": "nixpkgs_7", + "utils": "utils_8" + }, + "locked": { + "lastModified": 1654804151, + "narHash": "sha256-D/fRFmem9MoSWAmeK8VE6EMtfBRF3xPpEXp9AotW+K0=", + "owner": "hlolli", + "repo": "clj2nix", + "rev": "a321028a6670fc6329272a4d1ac0054f0b25d920", + "type": "github" + }, + "original": { + "owner": "hlolli", + "repo": "clj2nix", + "type": "github" + } + }, + "clj2nix_5": { + "inputs": { + "flake-compat": "flake-compat_6", + "nixpkgs": "nixpkgs_10", + "utils": "utils_10" + }, + "locked": { + "lastModified": 1654804151, + "narHash": "sha256-D/fRFmem9MoSWAmeK8VE6EMtfBRF3xPpEXp9AotW+K0=", + "owner": "hlolli", + "repo": "clj2nix", + "rev": "a321028a6670fc6329272a4d1ac0054f0b25d920", + "type": "github" + }, + "original": { + "owner": "hlolli", + "repo": "clj2nix", + "type": "github" + } + }, + "clj2nix_6": { + "inputs": { + "flake-compat": "flake-compat_7", + "nixpkgs": "nixpkgs_12", + "utils": "utils_12" + }, + "locked": { + "lastModified": 1673786922, + "narHash": "sha256-MrwSNEXpq20/AvMxW49MRbuqf8C2M4Vei3jtZeXYjJk=", + "owner": "hlolli", + "repo": "clj2nix", + "rev": "04b0dfbfc69c6316b8613d061e3fe4619d79cd9f", + "type": "github" + }, + "original": { + "owner": "hlolli", + "repo": "clj2nix", + "type": "github" + } + }, + "clj2nix_7": { + "inputs": { + "flake-compat": "flake-compat_8", + "nixpkgs": "nixpkgs_14", + "utils": "utils_15" + }, + "locked": { + "lastModified": 1673786922, + "narHash": "sha256-MrwSNEXpq20/AvMxW49MRbuqf8C2M4Vei3jtZeXYjJk=", + "owner": "hlolli", + "repo": "clj2nix", + "rev": "04b0dfbfc69c6316b8613d061e3fe4619d79cd9f", + "type": "github" + }, + "original": { + "owner": "hlolli", + "repo": "clj2nix", + "type": "github" + } + }, + "clj2nix_8": { + "inputs": { + "flake-compat": "flake-compat_9", + "nixpkgs": "nixpkgs_16", + "utils": "utils_18" + }, + "locked": { + "lastModified": 1673786922, + "narHash": "sha256-MrwSNEXpq20/AvMxW49MRbuqf8C2M4Vei3jtZeXYjJk=", + "owner": "hlolli", + "repo": "clj2nix", + "rev": "04b0dfbfc69c6316b8613d061e3fe4619d79cd9f", + "type": "github" + }, + "original": { + "owner": "hlolli", + "repo": "clj2nix", + "type": "github" + } + }, + "clj2nix_9": { + "inputs": { + "flake-compat": "flake-compat_10", + "nixpkgs": "nixpkgs_20", + "utils": "utils_23" + }, + "locked": { + "lastModified": 1673786922, + "narHash": "sha256-MrwSNEXpq20/AvMxW49MRbuqf8C2M4Vei3jtZeXYjJk=", + "owner": "hlolli", + "repo": "clj2nix", + "rev": "04b0dfbfc69c6316b8613d061e3fe4619d79cd9f", + "type": "github" + }, + "original": { + "owner": "hlolli", + "repo": "clj2nix", + "type": "github" + } + }, + "darknet": { + "flake": false, + "locked": { + "lastModified": 1658093200, + "narHash": "sha256-Bhvbc06IeA4oNz93WiPmz9TXwxz7LQ6L8HPr8UEvzvE=", + "owner": "pjreddie", + "repo": "darknet", + "rev": "f6afaabcdf85f77e7aff2ec55c020c0e297c77f9", + "type": "github" + }, + "original": { + "owner": "pjreddie", + "repo": "darknet", + "type": "github" + } + }, "devshell": { "inputs": { "flake-utils": "flake-utils_2", + "nixpkgs": [ + "fudo-home", + "fudo-pkgs", + "helpers", + "clj-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1658746384, + "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=", + "owner": "numtide", + "repo": "devshell", + "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_10": { + "inputs": { + "flake-utils": "flake-utils_14", "nixpkgs": [ "pricebot", "clj-nix", @@ -192,9 +804,127 @@ "type": "github" } }, - "devshell_2": { + "devshell_11": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": [ + "snooper", + "helpers", + "clj-nix", + "flake-utils" + ], + "nixpkgs": [ + "snooper", + "helpers", + "clj-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1658746384, + "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=", + "owner": "numtide", + "repo": "devshell", + "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_12": { + "inputs": { + "flake-utils": [ + "suanni", + "helpers", + "clj-nix", + "flake-utils" + ], + "nixpkgs": [ + "suanni", + "helpers", + "clj-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1658746384, + "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=", + "owner": "numtide", + "repo": "devshell", + "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_13": { + "inputs": { + "flake-utils": [ + "tattler", + "helpers", + "clj-nix", + "flake-utils" + ], + "nixpkgs": [ + "tattler", + "helpers", + "clj-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1658746384, + "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=", + "owner": "numtide", + "repo": "devshell", + "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_14": { + "inputs": { + "flake-utils": [ + "tattler", + "notifierClj", + "helpers", + "clj-nix", + "flake-utils" + ], + "nixpkgs": [ + "tattler", + "notifierClj", + "helpers", + "clj-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1658746384, + "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=", + "owner": "numtide", + "repo": "devshell", + "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_15": { + "inputs": { + "flake-utils": "flake-utils_20", "nixpkgs": [ "wallfly", "clj-nix", @@ -202,11 +932,252 @@ ] }, "locked": { - "lastModified": 1644227066, - "narHash": "sha256-FHcFZtpZEWnUh62xlyY3jfXAXHzJNEDLDzLsJxn+ve0=", + "lastModified": 1658746384, + "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=", "owner": "numtide", "repo": "devshell", - "rev": "7033f64dd9ef8d9d8644c5030c73913351d2b660", + "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_2": { + "inputs": { + "flake-utils": "flake-utils_4", + "nixpkgs": [ + "fudo-pkgs", + "helpers", + "clj-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1658746384, + "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=", + "owner": "numtide", + "repo": "devshell", + "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_3": { + "inputs": { + "flake-utils": "flake-utils_6", + "nixpkgs": [ + "fudo-secrets", + "fudo-pkgs", + "helpers", + "clj-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1658746384, + "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=", + "owner": "numtide", + "repo": "devshell", + "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_4": { + "inputs": { + "flake-utils": [ + "fudo-secrets", + "nexus", + "nexus-client", + "helpers", + "clj-nix", + "flake-utils" + ], + "nixpkgs": [ + "fudo-secrets", + "nexus", + "nexus-client", + "helpers", + "clj-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1658746384, + "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=", + "owner": "numtide", + "repo": "devshell", + "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_5": { + "inputs": { + "flake-utils": [ + "fudo-secrets", + "nexus", + "nexus-crypto", + "helpers", + "clj-nix", + "flake-utils" + ], + "nixpkgs": [ + "fudo-secrets", + "nexus", + "nexus-crypto", + "helpers", + "clj-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1658746384, + "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=", + "owner": "numtide", + "repo": "devshell", + "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_6": { + "inputs": { + "flake-utils": [ + "fudo-secrets", + "nexus", + "nexus-server", + "helpers", + "clj-nix", + "flake-utils" + ], + "nixpkgs": [ + "fudo-secrets", + "nexus", + "nexus-server", + "helpers", + "clj-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1658746384, + "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=", + "owner": "numtide", + "repo": "devshell", + "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_7": { + "inputs": { + "flake-utils": [ + "nexus", + "nexus-client", + "helpers", + "clj-nix", + "flake-utils" + ], + "nixpkgs": [ + "nexus", + "nexus-client", + "helpers", + "clj-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1658746384, + "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=", + "owner": "numtide", + "repo": "devshell", + "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_8": { + "inputs": { + "flake-utils": [ + "nexus", + "nexus-crypto", + "helpers", + "clj-nix", + "flake-utils" + ], + "nixpkgs": [ + "nexus", + "nexus-crypto", + "helpers", + "clj-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1658746384, + "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=", + "owner": "numtide", + "repo": "devshell", + "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_9": { + "inputs": { + "flake-utils": [ + "nexus", + "nexus-server", + "helpers", + "clj-nix", + "flake-utils" + ], + "nixpkgs": [ + "nexus", + "nexus-server", + "helpers", + "clj-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1658746384, + "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=", + "owner": "numtide", + "repo": "devshell", + "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b", "type": "github" }, "original": { @@ -228,6 +1199,19 @@ "type": "path" } }, + "dnssec-ksks": { + "flake": false, + "locked": { + "lastModified": 1683356935, + "narHash": "sha256-jB53hHlzV/QvjedU38zpiZQl+43klmFsswMGhWonR7c=", + "path": "/state/secrets/dnssec", + "type": "path" + }, + "original": { + "path": "/state/secrets/dnssec", + "type": "path" + } + }, "doom-emacs": { "inputs": { "doom-emacs": "doom-emacs_2", @@ -260,11 +1244,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1671758850, - "narHash": "sha256-B6us/CLIIPJRJgjn/hVp7N07j90kil4HmjUVj8TBhKE=", + "lastModified": 1682645493, + "narHash": "sha256-U3TqEcBM7QSqX0B9vQYIdB/9Ls7SE6BzM4XNDpM0Lpg=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "85a48dbec84e9c26785b58fecdefa1cfc580aea7", + "rev": "33db1786e0352cad4227fb931ac96c4e2e89de29", "type": "github" }, "original": { @@ -293,11 +1277,11 @@ "doom-snippets": { "flake": false, "locked": { - "lastModified": 1662645711, - "narHash": "sha256-XKpPCtECGZQ5bFPPDUX3oAltXOJNwAI/OktxiLnADRE=", + "lastModified": 1676839496, + "narHash": "sha256-1Ay9zi0u1lycmEeFqIxr0RWH+JvH9BnzgRzkPeWEAYY=", "owner": "doomemacs", "repo": "snippets", - "rev": "03a62fe7edf7e87fdbd925713fbd3bf292d14b00", + "rev": "fe4003014ae00b866f117cb193f711fd9d72fd11", "type": "github" }, "original": { @@ -309,16 +1293,17 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1671729646, - "narHash": "sha256-crrTM9K1q8zGZ2gibEPJAudAnr0bMqPiLr1I8P+I5ls=", + "lastModified": 1676366521, + "narHash": "sha256-i4UAY8t9Au9SJtsgYppa3NHSVf1YkV6yqnNIQd+Km4g=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "9c95614e0b1a2f6a3f4cf9b99b17439887ea0373", + "rev": "c16be6de78ea878aedd0292aa5d4a1ee0a5da501", "type": "github" }, "original": { "owner": "nix-community", "repo": "emacs-overlay", + "rev": "c16be6de78ea878aedd0292aa5d4a1ee0a5da501", "type": "github" } }, @@ -338,6 +1323,25 @@ "type": "github" } }, + "entities": { + "inputs": { + "fudo-lib": "fudo-lib_3", + "nixpkgs": "nixpkgs_9" + }, + "locked": { + "lastModified": 1683473493, + "narHash": "sha256-DhXGPS2w8ucsCRy254f2B+L2kza/WjncD/bK2t95mH0=", + "ref": "refs/heads/master", + "rev": "038a50f8da3c7737f444710ad896a0bd2875fd9b", + "revCount": 134, + "type": "git", + "url": "https://git.fudo.org/fudo-nix/entities.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-nix/entities.git" + } + }, "evil-escape": { "flake": false, "locked": { @@ -447,6 +1451,118 @@ "type": "github" } }, + "flake-compat_10": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_11": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_12": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_13": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_14": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_15": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_16": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-compat_2": { "flake": false, "locked": { @@ -464,6 +1580,102 @@ } }, "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_4": { + "flake": false, + "locked": { + "lastModified": 1627913399, + "narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_5": { + "flake": false, + "locked": { + "lastModified": 1627913399, + "narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_6": { + "flake": false, + "locked": { + "lastModified": 1627913399, + "narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_7": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_8": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_9": { "flake": false, "locked": { "lastModified": 1668681692, @@ -480,12 +1692,165 @@ } }, "flake-utils": { + "inputs": { + "systems": "systems" + }, "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_10": { + "locked": { + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_11": { + "locked": { + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_12": { + "locked": { + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_13": { + "locked": { + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_14": { + "locked": { + "lastModified": 1642700792, + "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_15": { + "locked": { + "lastModified": 1644229661, + "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_16": { + "locked": { + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_17": { + "locked": { + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_18": { + "locked": { + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_19": { + "locked": { + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", "type": "github" }, "original": { @@ -509,13 +1874,43 @@ "type": "github" } }, - "flake-utils_3": { + "flake-utils_20": { "locked": { - "lastModified": 1644229661, - "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", + "lastModified": 1642700792, + "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", "owner": "numtide", "repo": "flake-utils", - "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", + "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_21": { + "locked": { + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "locked": { + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", "type": "github" }, "original": { @@ -541,11 +1936,71 @@ }, "flake-utils_5": { "locked": { - "lastModified": 1644229661, - "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", "owner": "numtide", "repo": "flake-utils", - "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_6": { + "locked": { + "lastModified": 1642700792, + "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_7": { + "locked": { + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_8": { + "locked": { + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_9": { + "locked": { + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", "type": "github" }, "original": { @@ -579,11 +2034,11 @@ ] }, "locked": { - "lastModified": 1662665220, - "narHash": "sha256-nFIPsBwT9/vgM8+mRJQpVPaabUKkN5BUYF8+nfvOuaY=", + "lastModified": 1683837890, + "narHash": "sha256-y//EIz15wflQknpKzg8KqTYYcDJClFhZ85NN42Wm7cU=", "ref": "refs/heads/master", - "rev": "0375d2c98014f0923d2cde2d1ae186533052d02c", - "revCount": 105, + "rev": "0d65fc63b8e38501d3565ac5a40350bdeb2f8eff", + "revCount": 136, "type": "git", "url": "https://git.fudo.org/fudo-nix/entities.git" }, @@ -597,18 +2052,18 @@ "doom-emacs": "doom-emacs", "fudo-pkgs": "fudo-pkgs", "gnome-manager": "gnome-manager", - "home-manager": "home-manager_2", + "home-manager": "home-manager", "niten-doom-config": "niten-doom-config", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1672858188, - "narHash": "sha256-Rc7b07aYiD1nLnDdD1ZlmGdsgiVGN3/8D7VsCnfHuns=", + "lastModified": 1683143741, + "narHash": "sha256-2YQHxCyZlaoq9Fy1deEGnMNIHYvqO3zOWvMo2kPpnHc=", "ref": "refs/heads/master", - "rev": "81cad87b318ca38af748aa3a790f645efaaf6f58", - "revCount": 284, + "rev": "032191b23a81e1ea40ffe05e37f11a50fdffe030", + "revCount": 327, "type": "git", "url": "https://git.fudo.org/fudo-nix/home.git" }, @@ -634,8 +2089,8 @@ }, "fudo-lib_2": { "locked": { - "lastModified": 1671734339, - "narHash": "sha256-Sfo5KQVG6d9PW8xQfCcLiNmX5tt06hYuxff4kqhu2+o=", + "lastModified": 1684281054, + "narHash": "sha256-qt+B8ZIofxYG3BH2ZdjT7nC8cKkZK7h7DpAtwMpRT50=", "path": "/state/fudo-lib", "type": "path" }, @@ -644,13 +2099,32 @@ "type": "path" } }, - "fudo-pkgs": { + "fudo-lib_3": { "locked": { - "lastModified": 1671908188, - "narHash": "sha256-WCMIJg++GcUhsquYsVwtozpKAtHIt9NEuEv8cn0Re1U=", + "lastModified": 1654117056, + "narHash": "sha256-Ray3c3Zv41Ax4MvTFY7pagfROUoXzS4x11l0EHFj9DE=", + "ref": "master", + "rev": "df53c13bb7f15336a2b0f110cef0a57af7089737", + "revCount": 68, + "type": "git", + "url": "https://git.fudo.org/fudo-nix/lib.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-nix/lib.git" + } + }, + "fudo-pkgs": { + "inputs": { + "helpers": "helpers", + "unstableNixpkgs": "unstableNixpkgs" + }, + "locked": { + "lastModified": 1682384116, + "narHash": "sha256-84ZunYHCAKR9+kA2v3HBxqmoU225uJcptt+6YKtgWnE=", "ref": "refs/heads/master", - "rev": "33925888f6d99ff09db36572c79c9bdc3a32c701", - "revCount": 67, + "rev": "6bf7df2b8b60cbb1b4ec08539dd69f4956a44ff6", + "revCount": 204, "type": "git", "url": "https://git.fudo.org/fudo-nix/pkgs.git" }, @@ -660,12 +2134,35 @@ } }, "fudo-pkgs_2": { + "inputs": { + "helpers": "helpers_2", + "unstableNixpkgs": "unstableNixpkgs_2" + }, "locked": { - "lastModified": 1671908188, - "narHash": "sha256-WCMIJg++GcUhsquYsVwtozpKAtHIt9NEuEv8cn0Re1U=", + "lastModified": 1683322537, + "narHash": "sha256-2x/W/dvUqVPpE91mxIcrcOJL4ufE+9LNdJRgVeUour8=", "ref": "refs/heads/master", - "rev": "33925888f6d99ff09db36572c79c9bdc3a32c701", - "revCount": 67, + "rev": "8013891628c1d709f28705e3f9b7c3f91481892b", + "revCount": 215, + "type": "git", + "url": "https://git.fudo.org/fudo-nix/pkgs.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-nix/pkgs.git" + } + }, + "fudo-pkgs_3": { + "inputs": { + "helpers": "helpers_3", + "unstableNixpkgs": "unstableNixpkgs_3" + }, + "locked": { + "lastModified": 1683322537, + "narHash": "sha256-2x/W/dvUqVPpE91mxIcrcOJL4ufE+9LNdJRgVeUour8=", + "ref": "refs/heads/master", + "rev": "8013891628c1d709f28705e3f9b7c3f91481892b", + "revCount": 215, "type": "git", "url": "https://git.fudo.org/fudo-nix/pkgs.git" }, @@ -677,22 +2174,22 @@ "fudo-secrets": { "inputs": { "blobs": "blobs", - "build-keypairs": "build-keypairs", "build-seed": "build-seed", "dnssec-keys": "dnssec-keys", + "dnssec-ksks": "dnssec-ksks", + "entities": "entities", "filesystem-keys": "filesystem-keys", - "host-keytabs": "host-keytabs", - "nixpkgs": "nixpkgs_6", - "realm-master-keys": "realm-master-keys", - "service-keytabs": "service-keytabs", + "fudo-pkgs": "fudo-pkgs_3", + "nexus": "nexus", + "nixpkgs": "nixpkgs_19", "service-passwords": "service-passwords", "service-secrets": "service-secrets", "ssh-keypairs": "ssh-keypairs", - "utils": "utils_7" + "utils": "utils_22" }, "locked": { - "lastModified": 1672857129, - "narHash": "sha256-lrKfITnPNG9iSXrVEPmDyWGfyGatL+ZEDcaazIgtHdc=", + "lastModified": 1684175031, + "narHash": "sha256-DPkpvv0AMxVm3asT14LFDADRm9029hRLQXWV0EaL4k8=", "path": "/state/secrets", "type": "path" }, @@ -745,14 +2242,17 @@ }, "gnome-manager": { "inputs": { - "home-manager": "home-manager" + "home-manager": [ + "fudo-home", + "home-manager" + ] }, "locked": { - "lastModified": 1672420375, - "narHash": "sha256-/dEy6VJHtyCh+/5vA5gLIiBbarR3HwQS+uKHXEXywqw=", + "lastModified": 1673465156, + "narHash": "sha256-pr6ytEViK59zHUNt4CZWi1zB0MarBbGP1oNNdU7lOSQ=", "owner": "fudoniten", "repo": "gnome-manager", - "rev": "6be38e0db4ccb07ca219951744a58e5d0bb17fe2", + "rev": "0da66d80d12d051846f3a7a29013c29b705e04a6", "type": "github" }, "original": { @@ -762,40 +2262,335 @@ "type": "github" } }, - "home-manager": { + "helpers": { "inputs": { - "nixpkgs": "nixpkgs_5", - "utils": "utils_5" + "clj-nix": "clj-nix", + "clj2nix": "clj2nix_3", + "nixpkgs": "nixpkgs_6", + "utils": "utils_6" }, "locked": { - "lastModified": 1672244468, - "narHash": "sha256-xaZb8AZqoXRCSqPusCk4ouf+fUNP8UJdafmMTF1Ltlw=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "89a8ba0b5b43b3350ff2e3ef37b66736b2ef8706", - "type": "github" + "lastModified": 1675466351, + "narHash": "sha256-JPDyPw0JdRds8iZ5N6v+OJ8+aTlWHfUxMKslIX2itu4=", + "ref": "refs/heads/master", + "rev": "9d7434f1ac1351f499ea08eceadb44647d6c8c9b", + "revCount": 21, + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" }, "original": { - "owner": "nix-community", - "ref": "release-22.11", - "repo": "home-manager", - "type": "github" + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" } }, - "home-manager_2": { + "helpers_10": { + "inputs": { + "clj-nix": "clj-nix_11", + "clj2nix": "clj2nix_12", + "nixpkgs": [ + "snooper", + "nixpkgs" + ], + "utils": "utils_36" + }, + "locked": { + "lastModified": 1677792046, + "narHash": "sha256-GU7czTodGN+6ijrz5MuREJMyfPo9aDsXRjaZA+nl+ys=", + "ref": "refs/heads/master", + "rev": "d54fa928c37e7f260c2b99bc733634347e83d9fd", + "revCount": 32, + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + } + }, + "helpers_11": { + "inputs": { + "clj-nix": "clj-nix_12", + "clj2nix": "clj2nix_13", + "nixpkgs": [ + "suanni", + "nixpkgs" + ], + "utils": "utils_39" + }, + "locked": { + "lastModified": 1677792046, + "narHash": "sha256-GU7czTodGN+6ijrz5MuREJMyfPo9aDsXRjaZA+nl+ys=", + "ref": "refs/heads/master", + "rev": "d54fa928c37e7f260c2b99bc733634347e83d9fd", + "revCount": 32, + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + } + }, + "helpers_12": { + "inputs": { + "clj-nix": "clj-nix_13", + "clj2nix": "clj2nix_14", + "nixpkgs": [ + "tattler", + "nixpkgs" + ], + "utils": "utils_42" + }, + "locked": { + "lastModified": 1684277086, + "narHash": "sha256-ZVolilPIqfhev+2txay6R+v57m8n5LW7IW7etSj38jI=", + "ref": "with-deps", + "rev": "dfec8f49de6a4cf4e3597d617cf8295cd987b60c", + "revCount": 57, + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + }, + "original": { + "ref": "with-deps", + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + } + }, + "helpers_13": { + "inputs": { + "clj-nix": "clj-nix_14", + "clj2nix": "clj2nix_15", + "nixpkgs": [ + "tattler", + "notifierClj", + "nixpkgs" + ], + "utils": "utils_44" + }, + "locked": { + "lastModified": 1684274921, + "narHash": "sha256-RH12Qx4u5LMomcBZaTBii1EhlHQ3TUgaKUcn+cqiClA=", + "ref": "with-deps", + "rev": "056710d1ef79ee9fabcd6808d3179779f65f45fd", + "revCount": 55, + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + }, + "original": { + "ref": "with-deps", + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + } + }, + "helpers_2": { + "inputs": { + "clj-nix": "clj-nix_2", + "clj2nix": "clj2nix_4", + "nixpkgs": "nixpkgs_8", + "utils": "utils_9" + }, + "locked": { + "lastModified": 1675466351, + "narHash": "sha256-JPDyPw0JdRds8iZ5N6v+OJ8+aTlWHfUxMKslIX2itu4=", + "ref": "refs/heads/master", + "rev": "9d7434f1ac1351f499ea08eceadb44647d6c8c9b", + "revCount": 21, + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + } + }, + "helpers_3": { + "inputs": { + "clj-nix": "clj-nix_3", + "clj2nix": "clj2nix_5", + "nixpkgs": "nixpkgs_11", + "utils": "utils_11" + }, + "locked": { + "lastModified": 1675466351, + "narHash": "sha256-JPDyPw0JdRds8iZ5N6v+OJ8+aTlWHfUxMKslIX2itu4=", + "ref": "refs/heads/master", + "rev": "9d7434f1ac1351f499ea08eceadb44647d6c8c9b", + "revCount": 21, + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + } + }, + "helpers_4": { + "inputs": { + "clj-nix": "clj-nix_4", + "clj2nix": "clj2nix_6", + "nixpkgs": [ + "fudo-secrets", + "nexus", + "nexus-client", + "nixpkgs" + ], + "utils": "utils_13" + }, + "locked": { + "lastModified": 1677792046, + "narHash": "sha256-GU7czTodGN+6ijrz5MuREJMyfPo9aDsXRjaZA+nl+ys=", + "ref": "refs/heads/master", + "rev": "d54fa928c37e7f260c2b99bc733634347e83d9fd", + "revCount": 32, + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + } + }, + "helpers_5": { + "inputs": { + "clj-nix": "clj-nix_5", + "clj2nix": "clj2nix_7", + "nixpkgs": [ + "fudo-secrets", + "nexus", + "nexus-crypto", + "nixpkgs" + ], + "utils": "utils_16" + }, + "locked": { + "lastModified": 1677792046, + "narHash": "sha256-GU7czTodGN+6ijrz5MuREJMyfPo9aDsXRjaZA+nl+ys=", + "ref": "refs/heads/master", + "rev": "d54fa928c37e7f260c2b99bc733634347e83d9fd", + "revCount": 32, + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + } + }, + "helpers_6": { + "inputs": { + "clj-nix": "clj-nix_6", + "clj2nix": "clj2nix_8", + "nixpkgs": [ + "fudo-secrets", + "nexus", + "nexus-server", + "nixpkgs" + ], + "utils": "utils_19" + }, + "locked": { + "lastModified": 1677792046, + "narHash": "sha256-GU7czTodGN+6ijrz5MuREJMyfPo9aDsXRjaZA+nl+ys=", + "ref": "refs/heads/master", + "rev": "d54fa928c37e7f260c2b99bc733634347e83d9fd", + "revCount": 32, + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + } + }, + "helpers_7": { + "inputs": { + "clj-nix": "clj-nix_7", + "clj2nix": "clj2nix_9", + "nixpkgs": [ + "nexus", + "nexus-client", + "nixpkgs" + ], + "utils": "utils_24" + }, + "locked": { + "lastModified": 1677792046, + "narHash": "sha256-GU7czTodGN+6ijrz5MuREJMyfPo9aDsXRjaZA+nl+ys=", + "ref": "refs/heads/master", + "rev": "d54fa928c37e7f260c2b99bc733634347e83d9fd", + "revCount": 32, + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + } + }, + "helpers_8": { + "inputs": { + "clj-nix": "clj-nix_8", + "clj2nix": "clj2nix_10", + "nixpkgs": [ + "nexus", + "nexus-crypto", + "nixpkgs" + ], + "utils": "utils_27" + }, + "locked": { + "lastModified": 1677792046, + "narHash": "sha256-GU7czTodGN+6ijrz5MuREJMyfPo9aDsXRjaZA+nl+ys=", + "ref": "refs/heads/master", + "rev": "d54fa928c37e7f260c2b99bc733634347e83d9fd", + "revCount": 32, + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + } + }, + "helpers_9": { + "inputs": { + "clj-nix": "clj-nix_9", + "clj2nix": "clj2nix_11", + "nixpkgs": [ + "nexus", + "nexus-server", + "nixpkgs" + ], + "utils": "utils_30" + }, + "locked": { + "lastModified": 1677792046, + "narHash": "sha256-GU7czTodGN+6ijrz5MuREJMyfPo9aDsXRjaZA+nl+ys=", + "ref": "refs/heads/master", + "rev": "d54fa928c37e7f260c2b99bc733634347e83d9fd", + "revCount": 32, + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + } + }, + "home-manager": { "inputs": { "nixpkgs": [ "fudo-home", "nixpkgs" ], - "utils": "utils_6" + "utils": "utils_7" }, "locked": { - "lastModified": 1672244468, - "narHash": "sha256-xaZb8AZqoXRCSqPusCk4ouf+fUNP8UJdafmMTF1Ltlw=", + "lastModified": 1681092193, + "narHash": "sha256-JerCqqOqbT2tBnXQW4EqwFl0hHnuZp21rIQ6lu/N4rI=", "owner": "nix-community", "repo": "home-manager", - "rev": "89a8ba0b5b43b3350ff2e3ef37b66736b2ef8706", + "rev": "f9edbedaf015013eb35f8caacbe0c9666bbc16af", "type": "github" }, "original": { @@ -805,17 +2600,168 @@ "type": "github" } }, - "host-keytabs": { - "flake": false, + "nexus": { + "inputs": { + "nexus-client": "nexus-client", + "nexus-crypto": "nexus-crypto", + "nexus-server": "nexus-server", + "nixpkgs": "nixpkgs_18", + "utils": "utils_21" + }, "locked": { - "lastModified": 1647537444, - "narHash": "sha256-SA058alChYye39gm4TwPpCufR1P+X9QnH/EunJYXd5s=", - "path": "/state/secrets/kerberos/host-keytabs", - "type": "path" + "lastModified": 1680541464, + "narHash": "sha256-aKDleW+y6boXt2xuz3oJpVz2A4dybPRjcRh0c+lpb3o=", + "ref": "refs/heads/master", + "rev": "b2cb23479d977e3c1cb65c47ac625174113a0dd4", + "revCount": 246, + "type": "git", + "url": "https://git.fudo.org/fudo-public/nexus.git" }, "original": { - "path": "/state/secrets/kerberos/host-keytabs", - "type": "path" + "type": "git", + "url": "https://git.fudo.org/fudo-public/nexus.git" + } + }, + "nexus-client": { + "inputs": { + "helpers": "helpers_4", + "nixpkgs": "nixpkgs_13", + "utils": "utils_14" + }, + "locked": { + "lastModified": 1680313539, + "narHash": "sha256-yNkEz5wnlP4BrJpnI9YY+OBk3pUdl0lPAVdcoob9oBk=", + "ref": "refs/heads/master", + "rev": "8346a158be6f3189ddd69fcf8f442f0114de9498", + "revCount": 47, + "type": "git", + "url": "https://git.fudo.org/fudo-public/nexus-client.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/nexus-client.git" + } + }, + "nexus-client_2": { + "inputs": { + "helpers": "helpers_7", + "nixpkgs": "nixpkgs_21", + "utils": "utils_25" + }, + "locked": { + "lastModified": 1680313539, + "narHash": "sha256-yNkEz5wnlP4BrJpnI9YY+OBk3pUdl0lPAVdcoob9oBk=", + "ref": "refs/heads/master", + "rev": "8346a158be6f3189ddd69fcf8f442f0114de9498", + "revCount": 47, + "type": "git", + "url": "https://git.fudo.org/fudo-public/nexus-client.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/nexus-client.git" + } + }, + "nexus-crypto": { + "inputs": { + "helpers": "helpers_5", + "nixpkgs": "nixpkgs_15", + "utils": "utils_17" + }, + "locked": { + "lastModified": 1677792070, + "narHash": "sha256-D8rqdQRjbDuuIDZE+I7pza8FJLzypiwUhUZw9Aa9FWQ=", + "ref": "refs/heads/master", + "rev": "11526a84ad72afaef0b2822df06fd2fc225864d4", + "revCount": 11, + "type": "git", + "url": "https://git.fudo.org/fudo-public/nexus-crypto.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/nexus-crypto.git" + } + }, + "nexus-crypto_2": { + "inputs": { + "helpers": "helpers_8", + "nixpkgs": "nixpkgs_23", + "utils": "utils_28" + }, + "locked": { + "lastModified": 1677792070, + "narHash": "sha256-D8rqdQRjbDuuIDZE+I7pza8FJLzypiwUhUZw9Aa9FWQ=", + "ref": "refs/heads/master", + "rev": "11526a84ad72afaef0b2822df06fd2fc225864d4", + "revCount": 11, + "type": "git", + "url": "https://git.fudo.org/fudo-public/nexus-crypto.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/nexus-crypto.git" + } + }, + "nexus-server": { + "inputs": { + "helpers": "helpers_6", + "nixpkgs": "nixpkgs_17", + "utils": "utils_20" + }, + "locked": { + "lastModified": 1680473429, + "narHash": "sha256-dbzA2yc/j2CoxvBKR2rMbdiA6FPJ7nSAefiby/dsawU=", + "ref": "refs/heads/master", + "rev": "b0a2aae0ffb972ea4b922ad1d8068869c02f6e31", + "revCount": 60, + "type": "git", + "url": "https://git.fudo.org/fudo-public/nexus-server.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/nexus-server.git" + } + }, + "nexus-server_2": { + "inputs": { + "helpers": "helpers_9", + "nixpkgs": "nixpkgs_25", + "utils": "utils_31" + }, + "locked": { + "lastModified": 1680473429, + "narHash": "sha256-dbzA2yc/j2CoxvBKR2rMbdiA6FPJ7nSAefiby/dsawU=", + "ref": "refs/heads/master", + "rev": "b0a2aae0ffb972ea4b922ad1d8068869c02f6e31", + "revCount": 60, + "type": "git", + "url": "https://git.fudo.org/fudo-public/nexus-server.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/nexus-server.git" + } + }, + "nexus_2": { + "inputs": { + "nexus-client": "nexus-client_2", + "nexus-crypto": "nexus-crypto_2", + "nexus-server": "nexus-server_2", + "nixpkgs": "nixpkgs_26", + "utils": "utils_32" + }, + "locked": { + "lastModified": 1680541464, + "narHash": "sha256-aKDleW+y6boXt2xuz3oJpVz2A4dybPRjcRh0c+lpb3o=", + "ref": "refs/heads/master", + "rev": "b2cb23479d977e3c1cb65c47ac625174113a0dd4", + "revCount": 246, + "type": "git", + "url": "https://git.fudo.org/fudo-public/nexus.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/nexus.git" } }, "niten-doom-config": { @@ -882,11 +2828,11 @@ }, "nixpkgsUnstable": { "locked": { - "lastModified": 1672617983, - "narHash": "sha256-68WDiCBs631mbDDk4UAKdGURKcsfW6hjb7wgudTAe5o=", + "lastModified": 1684215771, + "narHash": "sha256-fsum28z+g18yreNa1Y7MPo9dtps5h1VkHfZbYQ+YPbk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0fc9fca9c8d43edd79d33fea0dd8409d7c4580f4", + "rev": "963006aab35e3e8ebbf6052b6bf4ea712fdd3c28", "type": "github" }, "original": { @@ -895,6 +2841,156 @@ "type": "indirect" } }, + "nixpkgs_10": { + "locked": { + "lastModified": 1637881340, + "narHash": "sha256-/meU5CTm8GnaETZrJa0UqBQvk9T/jKp1+MLIQQ7FTTo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d460f48ddb884f7270b7f7bfcbf8a7b91140caa5", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { + "locked": { + "lastModified": 1672353432, + "narHash": "sha256-oZfgp/44/o2tWiylV30cR+DLyWTJ+5dhsdWZVpzs3e4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "913a47cd064cc06440ea84e5e0452039a85781f0", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.11", + "type": "indirect" + } + }, + "nixpkgs_12": { + "locked": { + "lastModified": 1673785507, + "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_13": { + "locked": { + "lastModified": 1672580127, + "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0874168639713f547c05947c76124f78441ea46c", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.05", + "type": "indirect" + } + }, + "nixpkgs_14": { + "locked": { + "lastModified": 1673785507, + "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_15": { + "locked": { + "lastModified": 1677624842, + "narHash": "sha256-4DF9DbDuK4/+KYx0L6XcPBeDHUFVCtzok2fWtwXtb5w=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d70f5cd5c3bef45f7f52698f39e7cc7a89daa7f0", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.11", + "type": "indirect" + } + }, + "nixpkgs_16": { + "locked": { + "lastModified": 1673785507, + "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_17": { + "locked": { + "lastModified": 1678230755, + "narHash": "sha256-SFAXgNjNTXzcAideXcP0takfUGVft/VR5CACmYHg+Fc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a7cc81913bb3cd1ef05ed0ece048b773e1839e51", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.11", + "type": "indirect" + } + }, + "nixpkgs_18": { + "locked": { + "lastModified": 1672580127, + "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0874168639713f547c05947c76124f78441ea46c", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.05", + "type": "indirect" + } + }, + "nixpkgs_19": { + "locked": { + "lastModified": 1682600000, + "narHash": "sha256-ha4BehR1dh8EnXSoE1m/wyyYVvHI9txjW4w5/oxsW5Y=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "50fc86b75d2744e1ab3837ef74b53f103a9b55a0", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.05", + "type": "indirect" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1638196344, @@ -910,6 +3006,156 @@ "type": "indirect" } }, + "nixpkgs_20": { + "locked": { + "lastModified": 1673785507, + "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_21": { + "locked": { + "lastModified": 1672580127, + "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0874168639713f547c05947c76124f78441ea46c", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.05", + "type": "indirect" + } + }, + "nixpkgs_22": { + "locked": { + "lastModified": 1673785507, + "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_23": { + "locked": { + "lastModified": 1677624842, + "narHash": "sha256-4DF9DbDuK4/+KYx0L6XcPBeDHUFVCtzok2fWtwXtb5w=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d70f5cd5c3bef45f7f52698f39e7cc7a89daa7f0", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.11", + "type": "indirect" + } + }, + "nixpkgs_24": { + "locked": { + "lastModified": 1673785507, + "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_25": { + "locked": { + "lastModified": 1678230755, + "narHash": "sha256-SFAXgNjNTXzcAideXcP0takfUGVft/VR5CACmYHg+Fc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a7cc81913bb3cd1ef05ed0ece048b773e1839e51", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.11", + "type": "indirect" + } + }, + "nixpkgs_26": { + "locked": { + "lastModified": 1672580127, + "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0874168639713f547c05947c76124f78441ea46c", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.05", + "type": "indirect" + } + }, + "nixpkgs_27": { + "locked": { + "lastModified": 1684171562, + "narHash": "sha256-BMUWjVWAUdyMWKk0ATMC9H0Bv4qAV/TXwwPUvTiC5IQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "55af203d468a6f5032a519cba4f41acf5a74b638", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.11", + "type": "indirect" + } + }, + "nixpkgs_28": { + "locked": { + "lastModified": 1672781980, + "narHash": "sha256-L+yqt2szcp+BFiWoMJCisDsNA5OrpYVW1QSbbS5U8RU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a9eedea7232f5d00f0aca7267efb69a54da1b8a1", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.11", + "type": "indirect" + } + }, + "nixpkgs_29": { + "locked": { + "lastModified": 1659446231, + "narHash": "sha256-hekabNdTdgR/iLsgce5TGWmfIDZ86qjPhxDg/8TlzhE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "eabc38219184cc3e04a974fe31857d8e0eac098d", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-21.11", + "type": "indirect" + } + }, "nixpkgs_3": { "locked": { "lastModified": 1637881340, @@ -925,6 +3171,126 @@ "type": "github" } }, + "nixpkgs_30": { + "locked": { + "lastModified": 1673785507, + "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_31": { + "locked": { + "lastModified": 1672580127, + "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0874168639713f547c05947c76124f78441ea46c", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.05", + "type": "indirect" + } + }, + "nixpkgs_32": { + "locked": { + "lastModified": 1673785507, + "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_33": { + "locked": { + "lastModified": 1672580127, + "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0874168639713f547c05947c76124f78441ea46c", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.05", + "type": "indirect" + } + }, + "nixpkgs_34": { + "locked": { + "lastModified": 1673785507, + "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_35": { + "locked": { + "lastModified": 1684171562, + "narHash": "sha256-BMUWjVWAUdyMWKk0ATMC9H0Bv4qAV/TXwwPUvTiC5IQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "55af203d468a6f5032a519cba4f41acf5a74b638", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.11", + "type": "indirect" + } + }, + "nixpkgs_36": { + "locked": { + "lastModified": 1673785507, + "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_37": { + "locked": { + "lastModified": 1672580127, + "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0874168639713f547c05947c76124f78441ea46c", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.05", + "type": "indirect" + } + }, "nixpkgs_4": { "locked": { "lastModified": 1640653651, @@ -942,27 +3308,26 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1672617983, - "narHash": "sha256-68WDiCBs631mbDDk4UAKdGURKcsfW6hjb7wgudTAe5o=", - "owner": "nixos", + "lastModified": 1637881340, + "narHash": "sha256-/meU5CTm8GnaETZrJa0UqBQvk9T/jKp1+MLIQQ7FTTo=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "0fc9fca9c8d43edd79d33fea0dd8409d7c4580f4", + "rev": "d460f48ddb884f7270b7f7bfcbf8a7b91140caa5", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable", + "owner": "NixOS", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_6": { "locked": { - "lastModified": 1672616430, - "narHash": "sha256-e18rRwDUaW/Uw1tBmtsVueJ2SVI5DLhrEGwhkIo+c50=", + "lastModified": 1672353432, + "narHash": "sha256-oZfgp/44/o2tWiylV30cR+DLyWTJ+5dhsdWZVpzs3e4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0bf3109eeb61780965c27f4a0a4affdcd0cd4d3d", + "rev": "913a47cd064cc06440ea84e5e0452039a85781f0", "type": "github" }, "original": { @@ -973,11 +3338,26 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1672616430, - "narHash": "sha256-e18rRwDUaW/Uw1tBmtsVueJ2SVI5DLhrEGwhkIo+c50=", + "lastModified": 1637881340, + "narHash": "sha256-/meU5CTm8GnaETZrJa0UqBQvk9T/jKp1+MLIQQ7FTTo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0bf3109eeb61780965c27f4a0a4affdcd0cd4d3d", + "rev": "d460f48ddb884f7270b7f7bfcbf8a7b91140caa5", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { + "locked": { + "lastModified": 1672353432, + "narHash": "sha256-oZfgp/44/o2tWiylV30cR+DLyWTJ+5dhsdWZVpzs3e4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "913a47cd064cc06440ea84e5e0452039a85781f0", "type": "github" }, "original": { @@ -986,33 +3366,16 @@ "type": "indirect" } }, - "nixpkgs_8": { - "locked": { - "lastModified": 1659446231, - "narHash": "sha256-hekabNdTdgR/iLsgce5TGWmfIDZ86qjPhxDg/8TlzhE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "eabc38219184cc3e04a974fe31857d8e0eac098d", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-21.11", - "type": "indirect" - } - }, "nixpkgs_9": { "locked": { - "lastModified": 1656265786, - "narHash": "sha256-A9RkoGrxzsmMm0vily18p92Rasb+MbdDMaSnzmywXKw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "cd90e773eae83ba7733d2377b6cdf84d45558780", - "type": "github" + "lastModified": 1653918726, + "narHash": "sha256-C+BpRKWjuwR4a9R0w5V5AFaQiyDtRPSRec7VJCX1NI4=", + "path": "/nix/store/zdc50x6ibr27smd581yxc8snjdlf1487-source", + "rev": "39945562539b572eb43915992ef82f46a7176364", + "type": "path" }, "original": { "id": "nixpkgs", - "ref": "nixos-22.05", "type": "indirect" } }, @@ -1032,6 +3395,29 @@ "type": "github" } }, + "notifierClj": { + "inputs": { + "helpers": "helpers_13", + "nixpkgs": [ + "tattler", + "nixpkgs" + ], + "utils": "utils_45" + }, + "locked": { + "lastModified": 1684275076, + "narHash": "sha256-8+1ZkJo/k/7j5uJF7PN8IOv5Z9niuO1cw1m4zyvrv9Y=", + "ref": "refs/heads/master", + "rev": "8b1327f66a31873dc0cac3d6eb2fa5c957723757", + "revCount": 6, + "type": "git", + "url": "https://git.fudo.org/fudo-public/notifier.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/notifier.git" + } + }, "ob-racket": { "flake": false, "locked": { @@ -1048,14 +3434,34 @@ "type": "github" } }, + "objectifier": { + "inputs": { + "darknet": "darknet", + "nixpkgs": "nixpkgs_28", + "utils": "utils_33" + }, + "locked": { + "lastModified": 1679246727, + "narHash": "sha256-5+fmOgoTABJ6jwoKQrYP898jMdH76yAlbJnAVTu0QIU=", + "ref": "refs/heads/master", + "rev": "21f897b5c39e4d3d32f5b2595ba7fd9f58923624", + "revCount": 71, + "type": "git", + "url": "https://git.fudo.org/fudo-public/objectifier.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/objectifier.git" + } + }, "org": { "flake": false, "locked": { - "lastModified": 1670680538, - "narHash": "sha256-afmN2tOY6Par235bVsqhtFHOSVyw4NBgTxI5Eo6Yk5A=", + "lastModified": 1682449610, + "narHash": "sha256-1I9Rpnyp9rZTYG48oxxN+scKoKTJxh/ya787zI0xIpI=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "42153ea2fec66f90c1623be25d6774d96ecf8062", + "rev": "eaf274909f595ba29b853031e1c5bcdac255fbeb", "type": "github" }, "original": { @@ -1067,11 +3473,11 @@ "org-contrib": { "flake": false, "locked": { - "lastModified": 1664301003, - "narHash": "sha256-8CAq/EB52RMQHNLZM0uc/1N5gKTfxGhf7WFt9sMKoD8=", + "lastModified": 1675694242, + "narHash": "sha256-4Fn33CTVTCqh5TyVAggSr8Fm8/hB8Xgl+hkxh3WCrI8=", "owner": "emacsmirror", "repo": "org-contrib", - "rev": "aa104c0bbc3113f6d3d167b20bd8d6bf6a285f0f", + "rev": "fff6c888065588527b1c1d7dd7e41c29ef767e17", "type": "github" }, "original": { @@ -1114,9 +3520,9 @@ }, "pricebot": { "inputs": { - "clj-nix": "clj-nix", - "nixpkgs": "nixpkgs_8", - "utils": "utils_8" + "clj-nix": "clj-nix_10", + "nixpkgs": "nixpkgs_29", + "utils": "utils_34" }, "locked": { "lastModified": 1661201877, @@ -1132,27 +3538,14 @@ "url": "https://git.fudo.org/fudo-public/pricebot.git" } }, - "realm-master-keys": { - "flake": false, - "locked": { - "lastModified": 1636586592, - "narHash": "sha256-5hDmPweE6lshRKA+AKRgJv7VwWxHsYekwMT32uAUKJU=", - "path": "/state/secrets/kerberos/master-keys", - "type": "path" - }, - "original": { - "path": "/state/secrets/kerberos/master-keys", - "type": "path" - } - }, "revealjs": { "flake": false, "locked": { - "lastModified": 1670408834, - "narHash": "sha256-2LG8/AwMC+caNK9DKDyVGw+EPT2W6ys177xQj7mdKng=", + "lastModified": 1681386605, + "narHash": "sha256-9Q7aWgjAV37iJp6oYDz45e8J+RKwKY1Uvgg/BXwf5nQ=", "owner": "hakimel", "repo": "reveal.js", - "rev": "4fe3946cb43de57f79aaa7b646aee7e78f4bcc75", + "rev": "0301ce58ab185f7191696e16b1b6389f58df2892", "type": "github" }, "original": { @@ -1170,10 +3563,15 @@ "fudo-lib": "fudo-lib_2", "fudo-pkgs": "fudo-pkgs_2", "fudo-secrets": "fudo-secrets", - "nixpkgs": "nixpkgs_7", + "nexus": "nexus_2", + "nixpkgs": "nixpkgs_27", "nixpkgs2111": "nixpkgs2111", "nixpkgsUnstable": "nixpkgsUnstable", + "objectifier": "objectifier", "pricebot": "pricebot", + "snooper": "snooper", + "suanni": "suanni", + "tattler": "tattler", "wallfly": "wallfly" } }, @@ -1193,24 +3591,11 @@ "type": "github" } }, - "service-keytabs": { - "flake": false, - "locked": { - "lastModified": 1639361926, - "narHash": "sha256-0gpaf5j/Uxy6HUXDLt0T7vg4Z2aic1IHhuNUO5IcOhY=", - "path": "/state/secrets/kerberos/service-keytabs", - "type": "path" - }, - "original": { - "path": "/state/secrets/kerberos/service-keytabs", - "type": "path" - } - }, "service-passwords": { "flake": false, "locked": { - "lastModified": 1656532749, - "narHash": "sha256-J3oy9wGPzRUQDTxTKK2nNKPXdZ8G8xXdZatMzarg4HI=", + "lastModified": 1683356935, + "narHash": "sha256-91ZjXr3/6KAwglWY9yy14LD5tat0gWkQmDscBILrocs=", "path": "/state/secrets/service-passwords", "type": "path" }, @@ -1248,11 +3633,31 @@ "type": "github" } }, + "snooper": { + "inputs": { + "helpers": "helpers_10", + "nixpkgs": "nixpkgs_31", + "utils": "utils_37" + }, + "locked": { + "lastModified": 1683670608, + "narHash": "sha256-LhHwMbrVdLo80DrV2aRvEJFXTy+MeIiiABlFgGjgFRg=", + "ref": "refs/heads/master", + "rev": "38ea8bce7048ade7ac8509e090a0f1c988b78835", + "revCount": 9, + "type": "git", + "url": "https://git.fudo.org/fudo-public/snooper.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/snooper.git" + } + }, "ssh-keypairs": { "flake": false, "locked": { - "lastModified": 1647537635, - "narHash": "sha256-pla2J8HmPHBVDp/2m/22lctwd6VvmJ2cik5n68jf3VY=", + "lastModified": 1683437114, + "narHash": "sha256-WhI0zHJxpMvG/tWF4nQKKHh9kQzujmcacqX6RmemdBI=", "path": "/state/secrets/ssh-keypairs", "type": "path" }, @@ -1261,14 +3666,130 @@ "type": "path" } }, + "suanni": { + "inputs": { + "helpers": "helpers_11", + "nixpkgs": "nixpkgs_33", + "utils": "utils_40" + }, + "locked": { + "lastModified": 1682462225, + "narHash": "sha256-6+iGhqY3Xi6/4k0eBxf+56LyAuyVFFyptd9+Pq+dcao=", + "ref": "refs/heads/master", + "rev": "f0d8f59cc176243f8238d81f88b8550cfedf47e7", + "revCount": 23, + "type": "git", + "url": "https://git.fudo.org/fudo-public/suanni.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/suanni.git" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "tattler": { + "inputs": { + "helpers": "helpers_12", + "nixpkgs": "nixpkgs_35", + "notifierClj": "notifierClj", + "utils": "utils_46" + }, + "locked": { + "lastModified": 1684277210, + "narHash": "sha256-4Wg42zU6ASKN925ESnI1+UUb0iJ0SSd1eTzcVcnx3OE=", + "ref": "refs/heads/master", + "rev": "20a1c1ccb532986cec5952fd505d1fd4738d32ce", + "revCount": 10, + "type": "git", + "url": "https://git.fudo.org/fudo-public/tattler.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/tattler.git" + } + }, "ts-fold": { "flake": false, "locked": { - "lastModified": 1671426601, - "narHash": "sha256-NrvSK+olbi4P+9q5KOomNHGgmrRtI9cW9ZqkdU4n0Sc=", + "lastModified": 1681029086, + "narHash": "sha256-z3eVkAPFI6JYZZ+2XM496zBxwnujTp4Y4KNNfqgUC/E=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "a64f5252a66253852bef1c627cea9e39928e6392", + "rev": "5fd2a5afe2112ac23b58ee1b12730fcf16068df3", "type": "github" }, "original": { @@ -1277,6 +3798,51 @@ "type": "github" } }, + "unstableNixpkgs": { + "locked": { + "lastModified": 1683014792, + "narHash": "sha256-6Va9iVtmmsw4raBc3QKvQT2KT/NGRWlvUlJj46zN8B8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "1a411f23ba299db155a5b45d5e145b85a7aafc42", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, + "unstableNixpkgs_2": { + "locked": { + "lastModified": 1684215771, + "narHash": "sha256-fsum28z+g18yreNa1Y7MPo9dtps5h1VkHfZbYQ+YPbk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "963006aab35e3e8ebbf6052b6bf4ea712fdd3c28", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, + "unstableNixpkgs_3": { + "locked": { + "lastModified": 1683408522, + "narHash": "sha256-9kcPh6Uxo17a3kK3XCHhcWiV1Yu1kYj22RHiymUhMkU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "897876e4c484f1e8f92009fd11b7d988a121a4e7", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, "utils": { "locked": { "lastModified": 1637014545, @@ -1292,6 +3858,156 @@ "type": "github" } }, + "utils_10": { + "locked": { + "lastModified": 1637014545, + "narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_11": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_12": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_13": { + "locked": { + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_14": { + "locked": { + "lastModified": 1678901627, + "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_15": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_16": { + "locked": { + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_17": { + "locked": { + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_18": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_19": { + "locked": { + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "utils_2": { "locked": { "lastModified": 1638122382, @@ -1307,6 +4023,159 @@ "type": "github" } }, + "utils_20": { + "locked": { + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_21": { + "locked": { + "lastModified": 1678901627, + "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_22": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_23": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_24": { + "locked": { + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_25": { + "locked": { + "lastModified": 1678901627, + "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_26": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_27": { + "locked": { + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_28": { + "locked": { + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_29": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "utils_3": { "locked": { "lastModified": 1637014545, @@ -1322,6 +4191,159 @@ "type": "github" } }, + "utils_30": { + "locked": { + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_31": { + "locked": { + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_32": { + "locked": { + "lastModified": 1678901627, + "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_33": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_34": { + "locked": { + "lastModified": 1653893745, + "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_35": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_36": { + "locked": { + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_37": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_38": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_39": { + "locked": { + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "utils_4": { "locked": { "lastModified": 1638122382, @@ -1337,7 +4359,22 @@ "type": "github" } }, - "utils_5": { + "utils_40": { + "locked": { + "lastModified": 1678901627, + "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_41": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -1352,6 +4389,117 @@ "type": "github" } }, + "utils_42": { + "locked": { + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_43": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_44": { + "locked": { + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_45": { + "inputs": { + "systems": "systems_4" + }, + "locked": { + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_46": { + "inputs": { + "systems": "systems_5" + }, + "locked": { + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_47": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_5": { + "locked": { + "lastModified": 1637014545, + "narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "utils_6": { "locked": { "lastModified": 1667395993, @@ -1384,11 +4532,11 @@ }, "utils_8": { "locked": { - "lastModified": 1653893745, - "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "lastModified": 1637014545, + "narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4", "type": "github" }, "original": { @@ -1399,11 +4547,11 @@ }, "utils_9": { "locked": { - "lastModified": 1656065134, - "narHash": "sha256-oc6E6ByIw3oJaIyc67maaFcnjYOz1mMcOtHxbEf9NwQ=", + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "owner": "numtide", "repo": "flake-utils", - "rev": "bee6a7250dd1b01844a2de7e02e4df7d8a0a206c", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "type": "github" }, "original": { @@ -1414,16 +4562,16 @@ }, "wallfly": { "inputs": { - "clj-nix": "clj-nix_2", - "nixpkgs": "nixpkgs_9", - "utils": "utils_9" + "clj-nix": "clj-nix_15", + "nixpkgs": "nixpkgs_37", + "utils": "utils_47" }, "locked": { - "lastModified": 1664215454, - "narHash": "sha256-pKzJQ4mmUThFY7po+c6bYXbz2RZT9QkxazW94bYF/II=", + "lastModified": 1683150365, + "narHash": "sha256-KSD+UtvsaomEkAJqaiiH0W0zsnVvSfj2ocsFad2Hg74=", "ref": "refs/heads/master", - "rev": "90ba657a24c7ab3032ce4e54faea2a8163ce1091", - "revCount": 14, + "rev": "40c136217dc6cabd592e2df2a8faed78bbee4c12", + "revCount": 20, "type": "git", "url": "https://git.fudo.org/fudo-public/wallfly.git" }, diff --git a/flake.nix b/flake.nix index 1b90b26..a99d4e4 100644 --- a/flake.nix +++ b/flake.nix @@ -6,6 +6,7 @@ fudo-home = { url = "git+https://git.fudo.org/fudo-nix/home.git"; + # url = "path:/state/fudo-home"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -20,7 +21,10 @@ url = "path:/state/fudo-lib"; }; - fudo-pkgs.url = "git+https://git.fudo.org/fudo-nix/pkgs.git"; + fudo-pkgs = { + url = "git+https://git.fudo.org/fudo-nix/pkgs.git"; + #url = "path:/state/fudo-pkgs"; + }; fudo-secrets.url = "path:/state/secrets"; @@ -35,11 +39,21 @@ nixpkgs2111.url = "nixpkgs/nixos-21.11"; wallfly.url = "git+https://git.fudo.org/fudo-public/wallfly.git"; + + objectifier.url = "git+https://git.fudo.org/fudo-public/objectifier.git"; + + nexus.url = "git+https://git.fudo.org/fudo-public/nexus.git"; + + suanni.url = "git+https://git.fudo.org/fudo-public/suanni.git"; + + snooper.url = "git+https://git.fudo.org/fudo-public/snooper.git"; + + tattler.url = "git+https://git.fudo.org/fudo-public/tattler.git"; }; outputs = { self, nixpkgs, fudo-home, fudo-lib, fudo-entities, fudo-pkgs , fudo-secrets, chute, chuteUnstable, nixpkgsUnstable, nixpkgs2111, pricebot - , wallfly, ... }@inputs: + , wallfly, objectifier, nexus, suanni, snooper, tattler, ... }@inputs: with nixpkgs.lib; let fudo-nixos-hosts = filterAttrs (hostname: hostOpts: hostOpts.nixos-system) @@ -59,11 +73,14 @@ system = arch; config = { allowUnfree = true; - permittedInsecurePackages = [ "openssh-with-gssapi-8.4p1" ]; + permittedInsecurePackages = + [ "openssh-with-gssapi-8.4p1" "python3.10-certifi-2022.9.24" ]; }; overlays = [ fudo-lib.overlay - fudo-pkgs.overlay + fudo-pkgs.overlays.default + fudo-secrets.overlays.default + fudo-entities.overlays.default (final: prev: { chute = chute.packages.${arch}.chute; chuteUnstable = chuteUnstable.packages.${arch}.chute; @@ -98,11 +115,19 @@ in { config, ... }: { imports = [ fudo-home.nixosModules.default - fudo-secrets.nixosModule + fudo-secrets.nixosModules.default fudo-lib.nixosModule fudo-entities.nixosModule pricebot.nixosModules.default wallfly.nixosModule + objectifier.nixosModules.default + suanni.nixosModules.default + snooper.nixosModules.default + tattler.nixosModules.default + + nexus.nixosModules.nexus-client + nexus.nixosModules.nexus-server + nexus.nixosModules.nexus-powerdns ./config (config-dir + "/hardware/${hostname}.nix")