From de24170e881f94e038a2fd81ca242a32352f658f Mon Sep 17 00:00:00 2001
From: niten <niten@fudo.org>
Date: Tue, 16 May 2023 22:40:08 -0700
Subject: [PATCH] Commit to move
---
config/domains/sea.fudo.org.nix | 9 +-
config/hardware/jazz.nix | 75 +
config/hardware/lambda.nix | 151 +-
config/hardware/nostromo.nix | 2 +-
config/hardware/procul.nix | 2 +-
config/hardware/toothless.nix | 75 +
config/host-config/jazz.nix | 41 +
config/host-config/lambda.nix | 142 +-
config/host-config/legatus.nix | 36 +-
config/host-config/limina.nix | 2 +
config/host-config/nostromo.nix | 9 +
config/host-config/nostromo/minecraft.nix | 2 +-
config/host-config/nutboy3.nix | 38 +-
config/host-config/nutboy3/cashew.nix | 60 +-
config/host-config/procul.nix | 30 +-
config/host-config/spark.nix | 13 +-
config/host-config/system3.nix | 8 +
config/host-config/toothless.nix | 55 +
config/host-config/wormhole0.nix | 126 +-
config/host-config/zbox.nix | 15 +
config/profile-config/build/build-seed.nix | 4 +-
config/profile-config/common-ui.nix | 3 +
config/profile-config/common.nix | 55 +-
config/profile-config/host/kerberos.nix | 127 +-
config/profile-config/host/ssh.nix | 88 +-
config/service/backplane.nix | 22 +-
config/service/dns.nix | 288 +-
config/service/fudo-auth.nix | 238 +-
config/service/mail-server.nix | 27 +-
config/service/mqtt.nix | 164 +
config/service/nexus.nix | 260 ++
config/service/postgresql.nix | 22 +-
config/service/suanni.nix | 156 +
config/service/tattler.nix | 104 +
config/service/wallfly-presence.nix | 53 +-
config/services.nix | 6 +-
config/site-config/seattle.nix | 35 +-
config/users.nix | 2 +-
flake.lock | 3544 ++++++++++++++++++--
flake.nix | 35 +-
40 files changed, 5188 insertions(+), 936 deletions(-)
create mode 100644 config/hardware/jazz.nix
create mode 100644 config/hardware/toothless.nix
create mode 100644 config/host-config/jazz.nix
create mode 100644 config/host-config/toothless.nix
create mode 100644 config/service/mqtt.nix
create mode 100644 config/service/nexus.nix
create mode 100644 config/service/suanni.nix
create mode 100644 config/service/tattler.nix
diff --git a/config/domains/sea.fudo.org.nix b/config/domains/sea.fudo.org.nix
index e07bd19..180dcb4 100644
--- a/config/domains/sea.fudo.org.nix
+++ b/config/domains/sea.fudo.org.nix
@@ -1,14 +1,13 @@
{ config, lib, pkgs, ... }:
-let
- fudo = config.fudo.domains."fudo.org";
+let fudo = config.fudo.domains."fudo.org";
in {
config.fudo.domains."sea.fudo.org" = {
local-networks = fudo.local-networks;
- gssapi-realm = fudo.gssapi-realm;
- kerberos-master = fudo.kerberos-master;
- kerberos-slaves = fudo.kerberos-slaves;
+ # gssapi-realm = fudo.gssapi-realm;
+ # kerberos-master = fudo.kerberos-master;
+ # kerberos-slaves = fudo.kerberos-slaves;
primary-mailserver = fudo.primary-mailserver;
diff --git a/config/hardware/jazz.nix b/config/hardware/jazz.nix
new file mode 100644
index 0000000..72acb79
--- /dev/null
+++ b/config/hardware/jazz.nix
@@ -0,0 +1,75 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+ boot = {
+ initrd = {
+ availableKernelModules =
+ [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+ kernelModules = [ ];
+ };
+ loader = {
+ systemd-boot.enable = true;
+ efi.canTouchEfiVariables = true;
+ };
+ kernelModules = [ "kvm-amd" ];
+ extraModulePackages = [ ];
+ };
+
+ fileSystems = {
+ "/" = {
+ device = "jazz-root";
+ fsType = "tmpfs";
+ options = [ "mode=755" "noexec" ];
+ };
+
+ "/boot" = {
+ device = "/dev/disk/by-label/JAZZ-BOOT";
+ fsType = "vfat";
+ options = [ "noatime" "noexec" ];
+ };
+
+ "/nix" = {
+ device = "/dev/disk/by-label/jazz-data";
+ fsType = "btrfs";
+ options = [ "subvol=@nix" "noatime" "compress=zstd" ];
+ };
+
+ "/state" = {
+ device = "/dev/disk/by-label/jazz-data";
+ fsType = "btrfs";
+ options = [ "subvol=@state" "noatime" "compress=zstd" ];
+ };
+
+ "/home" = {
+ device = "/dev/disk/by-label/jazz-data";
+ fsType = "btrfs";
+ options = [ "subvol=@home" "noatime" "compress=zstd" ];
+ };
+
+ "/var/log" = {
+ device = "/dev/disk/by-label/jazz-data";
+ fsType = "btrfs";
+ options = [ "subvol=@log" "noatime" "compress=zstd" "noexec" ];
+ };
+ };
+
+ swapDevices = [{ device = "/dev/disk/by-label/jazz-swap"; }];
+
+ hardware = {
+ enableAllFirmware = true;
+ cpu.amd.updateMicrocode = true;
+ };
+
+ networking = {
+ useDHCP = false;
+ macvlans = {
+ intif0 = {
+ interface = "enp5s0";
+ mode = "bridge";
+ };
+ };
+ interfaces.intif0.macAddress = "02:57:9a:a4:10:d3";
+ };
+}
diff --git a/config/hardware/lambda.nix b/config/hardware/lambda.nix
index 2639a3e..e8cbb58 100644
--- a/config/hardware/lambda.nix
+++ b/config/hardware/lambda.nix
@@ -1,85 +1,98 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, modulesPath, ... }:
with lib;
-let
+let generateMac = pkgs.lib.network.generate-mac-address;
in {
- system.stateVersion = "21.05";
+ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
- boot = {
- initrd = {
- availableKernelModules = [
- "uhci_hcd"
- "ehci_pci"
- "ata_piix"
- "hpsa"
- "usb_storage"
- "usbhid"
- "sd_mod"
- "sr_mod"
- ];
- kernelModules = [ ];
- };
+ config = {
- kernelModules = [ "kvm-intel" ];
- supportedFilesystems = [ "zfs" ];
+ system.stateVersion = "22.05";
- loader.grub = {
- enable = true;
- version = 2;
- device = "/dev/disk/by-id/wwn-0x600508b1001cecf6b880f591f9b18b29";
- };
- };
+ boot = {
+ initrd = {
+ luks.devices.lambda-unlocked = {
+ device = "/dev/disk/by-uuid/e90c9dda-4e4c-4ca1-8897-39fcebc03479";
+ allowDiscards = true;
+ };
- fileSystems = {
- "/boot" = {
- device = "/dev/disk/by-label/lambda-boot";
- fsType = "ext4";
- options = [ "noexec" "noatime" "nodiratime" ];
- };
+ availableKernelModules = [
+ "uhci_hcd"
+ "ehci_pci"
+ "ata_piix"
+ "hpsa"
+ "usb_storage"
+ "usbhid"
+ "sd_mod"
+ "sr_mod"
+ ];
+ kernelModules = [ "dm-snapshot" ];
+ };
- "/" = {
- device = "none";
- fsType = "tmpfs";
- options = [ "noexec" "mode=755" ];
- };
+ kernelModules = [ "kvm-intel" ];
+ kernelPackages = pkgs.linuxPackages_latest;
- "/nix" = {
- device = "lambda/transient/nix";
- fsType = "zfs";
- options = [ "noatime" "nodiratime" ];
- };
-
- "/var/log" = {
- device = "lambda/transient/logs";
- fsType = "zfs";
- neededForBoot = true;
- options = [ "noexec" "noatime" "nodiratime" ];
- };
-
- "/state" = {
- device = "lambda/persistent/state";
- fsType = "zfs";
- options = [ "noexec" "noatime" "nodiratime" ];
- };
- };
-
- swapDevices = [{ device = "/dev/disk/by-label/lambda-swap"; }];
-
- nix.settings.max-jobs = lib.mkDefault 12;
-
- networking = {
- macvlans = {
- intif0 = {
- interface = "enp3s0f1";
- mode = "bridge";
+ loader.grub = {
+ enable = true;
+ version = 2;
+ device = "/dev/disk/by-id/scsi-3600508b1001c3be9174b4bdb31935121";
};
};
- interfaces = {
- intif0 = {
- # output of: echo lambda-intif0|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'
- macAddress = "02:f5:fe:8c:22:fe";
+ fileSystems = {
+ "/" = {
+ device = "lambda-root";
+ fsType = "tmpfs";
+ options = [ "mode=755" "size=32G" "noexec" ];
+ };
+ "/boot" = {
+ device = "/dev/disk/by-label/lambda-boot";
+ fsType = "ext4";
+ options = [ "noatime" "noexec" ];
+ };
+ "/state" = {
+ device = "/dev/mapper/lambda-unlocked";
+ fsType = "btrfs";
+ options = [ "noatime" "compress=zstd" "noexec" "subvol=@state" ];
+ };
+ "/nix" = {
+ device = "/dev/mapper/lambda-unlocked";
+ fsType = "btrfs";
+ options = [ "noatime" "compress=zstd" "subvol=@nix" ];
+ };
+ "/home" = {
+ device = "/dev/mapper/lambda-unlocked";
+ fsType = "btrfs";
+ options = [ "noatime" "compress=zstd" "noexec" "subvol=@home" ];
+ };
+ "/var/log" = {
+ device = "/dev/mapper/lambda-unlocked";
+ fsType = "btrfs";
+ options = [ "noatime" "compress=zstd" "noexec" "subvol=@log" ];
+ };
+ };
+
+ swapDevices = [{
+ device = "/dev/disk/by-id/scsi-3600508b1001c3be9174b4bdb31935121-part2";
+ randomEncryption.enable = true;
+ }];
+
+ nix.settings.max-jobs = lib.mkDefault 24;
+
+ networking = {
+ useDHCP = false;
+ macvlans = {
+ intif0 = {
+ interface = "enp4s0f1";
+ mode = "bridge";
+ };
+ };
+
+ interfaces = {
+ intif0 = {
+ macAddress = generateMac config.instance.hostname "intif0";
+ };
};
};
};
diff --git a/config/hardware/nostromo.nix b/config/hardware/nostromo.nix
index f5313fb..77ab861 100644
--- a/config/hardware/nostromo.nix
+++ b/config/hardware/nostromo.nix
@@ -34,7 +34,7 @@
};
};
- nix.maxJobs = lib.mkDefault 24;
+ nix.settings.max-jobs = lib.mkDefault 24;
hardware.bluetooth.enable = false;
diff --git a/config/hardware/procul.nix b/config/hardware/procul.nix
index f7f58e4..a2ef50a 100644
--- a/config/hardware/procul.nix
+++ b/config/hardware/procul.nix
@@ -35,7 +35,7 @@
swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
- nix.maxJobs = lib.mkDefault 8;
+ nix.settings.max-jobs = lib.mkDefault 8;
hardware.bluetooth.enable = false;
diff --git a/config/hardware/toothless.nix b/config/hardware/toothless.nix
new file mode 100644
index 0000000..2620014
--- /dev/null
+++ b/config/hardware/toothless.nix
@@ -0,0 +1,75 @@
+{ config, lib, pkgs, ... }:
+
+{
+ system.stateVersion = "22.05";
+
+ boot = {
+ loader = {
+ systemd-boot.enable = true;
+ efi.canTouchEfiVariables = true;
+ };
+ initrd = {
+ availableKernelModules =
+ [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+ kernelModules = [ ];
+ };
+ kernelModules = [ "kvm-amd" ];
+ extraModulePackages = [ ];
+ };
+
+ fileSystems = {
+ "/" = {
+ device = "toothless-root";
+ fsType = "tmpfs";
+ options = [ "mode=755" "noexec" ];
+ };
+
+ "/boot" = {
+ device = "/dev/disk/by-label/TOOTH-BOOT";
+ fsType = "vfat";
+ options = [ "noatime" "noexec" ];
+ };
+
+ "/nix" = {
+ device = "/dev/disk/by-label/toothless-data";
+ fsType = "btrfs";
+ options = [ "subvol=@nix" "noatime" "compress=zstd" ];
+ };
+
+ "/state" = {
+ device = "/dev/disk/by-label/toothless-data";
+ fsType = "btrfs";
+ options = [ "subvol=@state" "noatime" "compress=zstd" "noexec" ];
+ };
+
+ "/home" = {
+ device = "/dev/disk/by-label/toothless-data";
+ fsType = "btrfs";
+ options = [ "subvol=@home" "noatime" "compress=zstd" "noexec" ];
+ };
+
+ "/var/log" = {
+ device = "/dev/disk/by-label/toothless-data";
+ fsType = "btrfs";
+ options = [ "subvol=@log" "noatime" "compress=zstd" "noexec" ];
+ };
+ };
+
+ swapDevices = [{ device = "/dev/disk/by-label/toothless-swap"; }];
+
+ hardware = {
+ enableAllFirmware = true;
+ cpu.amd.updateMicrocode = true;
+ };
+
+ networking = {
+ useDHCP = false;
+ macvlans = {
+ intif0 = {
+ interface = "enp42s0";
+ mode = "bridge";
+ };
+ };
+ interfaces.intif0.macAddress = "02:ee:76:17:99:ed";
+ };
+}
diff --git a/config/host-config/jazz.nix b/config/host-config/jazz.nix
new file mode 100644
index 0000000..92d17f0
--- /dev/null
+++ b/config/host-config/jazz.nix
@@ -0,0 +1,41 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let stateDir = "/state";
+in {
+ fudo = { wallfly.location = "family_room"; };
+
+ networking = {
+ interfaces.intif0.useDHCP = true;
+ firewall.enable = false;
+ };
+
+ systemd.tmpfiles.rules = [
+ "L /etc/adjtime - - - - ${stateDir}/etc/adjtime"
+ "d ${stateDir}/lib/cups 755 root root - -"
+ "d ${stateDir}/lib/flatpak 755 root root - -"
+ ];
+
+ fileSystems = {
+ "/var/lib/cups" = {
+ device = "${stateDir}/lib/cups";
+ options = [ "bind" ];
+ };
+ "/var/lib/flatpak" = {
+ device = "${stateDir}/lib/flatpak";
+ options = [ "bind" ];
+ };
+ };
+
+ environment.etc = {
+ nixos.source = "/etc/nixos-live";
+ NIXOS.source = "${stateDir}/etc/NIXOS";
+ };
+
+ systemd.targets = {
+ sleep.enable = false;
+ suspend.enable = false;
+ hibernate.enable = false;
+ hybrid-sleep.enable = false;
+ };
+}
diff --git a/config/host-config/lambda.nix b/config/host-config/lambda.nix
index c043239..9f49751 100644
--- a/config/host-config/lambda.nix
+++ b/config/host-config/lambda.nix
@@ -1,94 +1,72 @@
{ config, lib, pkgs, ... }:
-let
- state-dir = "/state"; # This must be a string!
-
- generate-mac = pkgs.lib.network.generate-mac-address;
+let primaryIp = "10.0.0.11";
in {
- boot = {
- loader.grub.copyKernels = true;
- #kernelModules = [ "rpcsec_gss_krb5" ];
- };
+ config = {
+ boot = { loader.grub.copyKernels = true; };
- networking = {
- interfaces = {
- enp3s0f0.useDHCP = false;
- enp3s0f1.useDHCP = false;
- enp4s0f0.useDHCP = false;
- enp4s0f1.useDHCP = false;
+ networking = {
+ interfaces = {
+ enp3s0f0.useDHCP = false;
+ enp3s0f1.useDHCP = false;
+ enp4s0f0.useDHCP = false;
+ enp4s0f1.useDHCP = false;
- intif0.useDHCP = true;
- };
- };
+ intif0 = {
+ useDHCP = false;
+ ipv4.addresses = [{
+ address = primaryIp;
+ prefixLength = 16;
+ }];
+ };
+ };
- systemd.tmpfiles.rules = [
- "L /root/.gnupg - - - - ${state-dir}/user/root/gnupg"
- "L /root/.ssh/id_rsa - - - - ${state-dir}/user/root/ssh/id_rsa"
- "L /root/.ssh/id_rsa.pub - - - - ${state-dir}/user/root/ssh/id_rsa.pub"
- "L /root/.ssh/known_hosts - - - - ${state-dir}/user/root/ssh/known_hosts"
- ];
-
- services.openssh.hostKeys = [
- {
- path = "${state-dir}/ssh/ssh_host_rsa_key";
- type = "rsa";
- bits = 4096;
- }
- {
- path = "${state-dir}/ssh/ssh_host_ed25519_key";
- type = "ed25519";
- bits = 4096;
- }
- ];
-
- environment.etc = {
- "ssh/ssh_host_rsa_key" = {
- source = "${state-dir}/ssh/ssh_host_rsa_key";
- user = "root";
- group = "root";
- mode = "0400";
- };
- "ssh/ssh_host_rsa_key.pub" = {
- source = "${state-dir}/ssh/ssh_host_rsa_key.pub";
- user = "root";
- group = "root";
- mode = "0444";
- };
- "ssh/ssh_host_ed25519_key" = {
- source = "${state-dir}/ssh/ssh_host_ed25519_key";
- user = "root";
- group = "root";
- mode = "0400";
- };
- "ssh/ssh_host_ed25519_key.pub" = {
- source = "${state-dir}/ssh/ssh_host_ed25519_key.pub";
- user = "root";
- group = "root";
- mode = "0444";
- };
- nixos.source = "/etc/nixos-live";
- adjtime.source = "/state/host/adjtime";
- NIXOS.source = "/state/host/NIXOS";
- };
-
- security.sudo.extraConfig = ''
- # Due to rollback, sudo will lecture after every reboot
- Defaults lecture = never
- '';
-
- fudo = {
- secrets = {
- secret-group = "fudo-secrets";
- secret-users = [ "niten" ];
- secret-paths = [ "/state/secrets" ];
+ defaultGateway = {
+ address = "10.0.0.1";
+ interface = "intif0";
+ };
};
- minecraft-clj = {
- enable = true;
- state-directory = "/state/services/minecraft-clj";
- admins = [ "fudoniten" ];
- worlds = { REPLand = { allocated-memory = 16; }; };
+ environment = {
+ etc = {
+ nixos.source = "/etc/nixos-live";
+ NIXOS.source = "/state/host/NIXOS";
+ };
+ systemPackages = with pkgs; [ nixopsUnstable openssl ];
+ };
+
+ security.sudo.extraConfig = ''
+ # Due to rollback, sudo will lecture after every reboot
+ Defaults lecture = never
+ '';
+
+ fudo = {
+ secrets = {
+ secret-group = "fudo-secrets";
+ secret-users = [ "niten" ];
+ secret-paths = [ "/secrets" ];
+ };
+ hosts.lambda.encrypted-filesystems.secrets = {
+ encrypted-device =
+ "/dev/disk/by-id/scsi-3600508b1001c2f439e343270a365a5bd-part1";
+ key-path = "/state/secrets-key/key";
+ filesystem-type = "btrfs";
+ remove-key = false;
+ type = "luks2";
+ mountpoints = {
+ "/secrets" = {
+ options = [ "noatime" "compress=zstd" ];
+ group = "fudo-secrets";
+ users = [ "niten" ];
+ world-readable = false;
+ };
+ };
+ };
+ };
+
+ systemd = {
+ tmpfiles.rules = [ "L /etc/adjtime - - - - /state/etc/adjtime" ];
};
};
}
diff --git a/config/host-config/legatus.nix b/config/host-config/legatus.nix
index 469fbb0..03329ef 100644
--- a/config/host-config/legatus.nix
+++ b/config/host-config/legatus.nix
@@ -55,8 +55,8 @@ in {
ldap.state-directory = "/state/auth/ldap";
kerberos = {
state-directory = "/state/auth/kerberos";
- master-key-file = host-secrets.heimdal-master-key.target-file;
- ipropd-keytab = host-secrets.heimdal-ipropd-keytab.target-file;
+ # master-key-file = host-secrets.heimdal-master-key.target-file;
+ # ipropd-keytab = host-secrets.heimdal-ipropd-keytab.target-file;
};
};
@@ -64,15 +64,17 @@ in {
state-directory = "/state/services/chat";
external-interface = "extif0";
};
+
+ nexus.dns-server.listen-addresses = [ host-ipv4 ];
};
secrets.host-secrets.legatus = let files = config.fudo.secrets.files;
in {
- postgres-keytab = {
- source-file = files.service-keytabs.procul.postgres;
- target-file = "/srv/postgres/secure/postgres.keytab";
- user = "root";
- };
+ # postgres-keytab = {
+ # source-file = files.service-keytabs.procul.postgres;
+ # target-file = "/srv/postgres/secure/postgres.keytab";
+ # user = "root";
+ # };
# gitea-database-password = {
# source-file = files.service-passwords.procul.gitea-database;
@@ -80,17 +82,17 @@ in {
# user = config.fudo.git.user;
# };
- heimdal-master-key = {
- source-file = files.realm-master-keys."FUDO.ORG";
- target-file = "/run/heimdal/master-key";
- user = config.fudo.auth.kdc.user;
- };
+ # heimdal-master-key = {
+ # source-file = files.realm-master-keys."FUDO.ORG";
+ # target-file = "/run/heimdal/master-key";
+ # user = config.fudo.auth.kdc.user;
+ # };
- heimdal-ipropd-keytab = {
- source-file = files.service-keytabs.legatus.ipropd;
- target-file = "/run/heimdal/ipropd.keytab";
- user = config.fudo.auth.kdc.user;
- };
+ # heimdal-ipropd-keytab = {
+ # source-file = files.service-keytabs.legatus.ipropd;
+ # target-file = "/run/heimdal/ipropd.keytab";
+ # user = config.fudo.auth.kdc.user;
+ # };
};
client.dns = {
diff --git a/config/host-config/limina.nix b/config/host-config/limina.nix
index 7b118af..bcabd3b 100644
--- a/config/host-config/limina.nix
+++ b/config/host-config/limina.nix
@@ -93,6 +93,8 @@ in {
prometheus.state-directory = "/state/services/prometheus";
};
+ auth.kerberos.state-directory = "/state/services/heimdal-kdc";
+
# wireguard-gateway = {
# enable = true;
# network = "10.0.200.0/24";
diff --git a/config/host-config/nostromo.nix b/config/host-config/nostromo.nix
index b8af206..fe2a6b4 100644
--- a/config/host-config/nostromo.nix
+++ b/config/host-config/nostromo.nix
@@ -21,12 +21,19 @@ in {
firewall.enable = false;
};
+ environment.systemPackages = [ pkgs.kdcConvertDatabase ];
+
# Hopefully this'll help with NFS...
boot.kernelModules = [ "rpcsec_gss_krb5" ];
services = {
murmur.enable = true;
+ # objectifier = {
+ # enable = true;
+ # listen-addresses = [ "0.0.0.0" ];
+ # };
+
nfs = {
# See ../user-config.nix for the user@REALM -> user mapping
server = {
@@ -117,6 +124,8 @@ in {
};
ldap.base-dn = "dc=fudo,dc=org";
};
+
+ auth.kerberos.state-directory = "/state/services/heimdal-kdc";
};
postgresql = {
diff --git a/config/host-config/nostromo/minecraft.nix b/config/host-config/nostromo/minecraft.nix
index e26af9e..cfc4a44 100644
--- a/config/host-config/nostromo/minecraft.nix
+++ b/config/host-config/nostromo/minecraft.nix
@@ -7,7 +7,7 @@
data-dir = "/state/minecraft/data";
world-name = "selbyland";
game-mode = "creative";
- difficulty = 0;
+ difficulty = 2;
allow-cheats = true;
allocated-memory = 14;
};
diff --git a/config/host-config/nutboy3.nix b/config/host-config/nutboy3.nix
index cda76d2..99717af 100644
--- a/config/host-config/nutboy3.nix
+++ b/config/host-config/nutboy3.nix
@@ -1,6 +1,6 @@
-{ config, lib, pkgs, ... }:
+{ config, pkgs, ... }:
-with lib;
+with pkgs.lib;
let
hostname = "nutboy3";
host-fqdn = config.instance.host-fqdn;
@@ -32,6 +32,8 @@ in {
];
config = {
+ boot.kernelModules = [ "veth" ];
+
networking = {
nameservers = [ "1.1.1.1" ];
defaultGateway = {
@@ -65,24 +67,22 @@ in {
secrets.host-secrets.${hostname} = let files = config.fudo.secrets.files;
in {
- heimdal-master-key = {
- source-file = files.realm-master-keys."FUDO.ORG";
- target-file = "/run/heimdal/master-key";
- user = config.fudo.auth.kdc.user;
- };
+ # heimdal-master-key = {
+ # source-file = files.realm-master-keys."FUDO.ORG";
+ # target-file = "/run/heimdal/master-key";
+ # user = config.fudo.auth.kdc.user;
+ # };
ldap-keytab = {
- source-file = files.service-keytabs.${hostname}.openldap;
+ # files.service-keytabs.${hostname}.openldap;
+ source-file = extractFudoKeytab {
+ realm = domain.gssapi-realm;
+ principals = [ "ldap/${host-fqdn}" ];
+ };
target-file = "/run/openldap/ldap.keytab";
user = config.services.openldap.user;
};
- postgresql-keytab = {
- source-file = files.service-keytabs.nutboy3.postgres;
- target-file = "/run/postgresql/postgres.keytab";
- user = postgresql-user;
- };
-
grafana-database-password = {
source-file = grafana-database-passwd-file;
target-file = "/run/metrics/grafana/db.passwd";
@@ -129,15 +129,17 @@ in {
auth = {
ldap.state-directory = "/state/auth/ldap";
kerberos = {
- state-directory = "/state/auth/kerberos";
- master-key-file = host-secrets.heimdal-master-key.target-file;
+ state-directory = "/state/services/heimdal-kdc";
+ # master-key-file = host-secrets.heimdal-master-key.target-file;
};
};
postgresql = {
state-directory = "/state/services/postgresql";
- keytab =
- config.fudo.secrets.files.service-keytabs.${hostname}.postgres;
+ keytab = extractFudoKeytab {
+ realm = domain.gssapi-realm;
+ principals = [ "postgres/${host-fqdn}" ];
+ };
};
metrics = {
diff --git a/config/host-config/nutboy3/cashew.nix b/config/host-config/nutboy3/cashew.nix
index dbf2f4c..ad90ad5 100644
--- a/config/host-config/nutboy3/cashew.nix
+++ b/config/host-config/nutboy3/cashew.nix
@@ -6,19 +6,14 @@ let
host-ipv4 = "199.87.154.175";
- local-packages = with pkgs; [
- bind
- emacs-nox
- mtr
- vim
- ];
+ local-packages = with pkgs; [ bind emacs-nox mtr vim ];
- fudo-zone = pkgs.lib.dns.zoneToZonefile
- config.instance.build-timestamp "fudo.org"
+ fudo-zone =
+ pkgs.lib.dns.zoneToZonefile config.instance.build-timestamp "fudo.org"
config.fudo.zones."fudo.org";
- selby-zone = pkgs.lib.dns.zoneToZonefile
- config.instance.build-timestamp "selby.ca"
+ selby-zone =
+ pkgs.lib.dns.zoneToZonefile config.instance.build-timestamp "selby.ca"
config.fudo.zones."selby.ca";
in {
@@ -36,12 +31,14 @@ in {
{
ipv4-address = "209.177.102.102";
ipv6-address = "2001:470:1f16:40::2";
- description = "Nameserver 2, Musashi.100percenthost.net, in Winnipeg, MB, CA";
+ description =
+ "Nameserver 2, Musashi.100percenthost.net, in Winnipeg, MB, CA";
}
{
ipv4-address = "104.131.53.95";
ipv6-address = "2604:a880:800:10::8:7001";
- description = "Nameserver 3, ns2.henchmman21.net, in New York City, NY, US";
+ description =
+ "Nameserver 3, ns2.henchmman21.net, in New York City, NY, US";
}
{
ipv4-address = "204.42.254.5";
@@ -52,12 +49,12 @@ in {
};
"selby.ca" = {
enable = true;
- external-nameservers = map (n: let
- i = toString n;
- in {
- authoritative-hostname = "ns${i}.fudo.org";
- description = "Nameserver ${i}, ns${i}.fudo.org.";
- }) [2 3 4];
+ external-nameservers = map (n:
+ let i = toString n;
+ in {
+ authoritative-hostname = "ns${i}.fudo.org";
+ description = "Nameserver ${i}, ns${i}.fudo.org.";
+ }) [ 2 3 4 ];
};
};
@@ -82,9 +79,7 @@ in {
"rspamd._metrics._tcp IN SRV 0 0 443 mail.fudo.org."
];
};
- "selby.ca" = {
- default-host = host-ipv4;
- };
+ "selby.ca" = { default-host = host-ipv4; };
};
};
@@ -117,17 +112,15 @@ in {
interfaces = [ "eno2" ];
config = { config, ... }: {
+ boot.kernelModules = [ "veth" ];
+
nixpkgs.pkgs = pkgs;
environment = {
systemPackages = local-packages;
etc = {
- "generated-zones/fudo.org" = {
- text = fudo-zone;
- };
- "generated-zones/selby.ca" = {
- text = selby-zone;
- };
+ "generated-zones/fudo.org" = { text = fudo-zone; };
+ "generated-zones/selby.ca" = { text = selby-zone; };
};
};
@@ -144,17 +137,8 @@ in {
];
};
groups = {
- wheel.members = [
- "niten"
- "reaper"
- ];
- dns = {
- members = [
- "niten"
- "reaper"
- "named"
- ];
- };
+ wheel.members = [ "niten" "reaper" ];
+ dns = { members = [ "niten" "reaper" "named" ]; };
};
};
diff --git a/config/host-config/procul.nix b/config/host-config/procul.nix
index 0865c8f..0204bd6 100644
--- a/config/host-config/procul.nix
+++ b/config/host-config/procul.nix
@@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }:
-with lib;
+with pkgs.lib;
let
hostname = "procul";
@@ -58,16 +58,14 @@ in {
networking.firewall.allowedTCPPorts = [ 80 443 ];
- security.acme.email = "viator@informis.land";
+ security.acme.defaults.email = "viator@informis.land";
users = {
- users = {
- gituser = {
- isSystemUser = true;
- group = "nogroup";
- };
+ users.gituser = {
+ isSystemUser = true;
+ group = "nogroup";
};
- groups = { acme = { members = [ "nginx" ]; }; };
+ groups.acme.members = [ "nginx" ];
};
informis = {
@@ -154,11 +152,11 @@ in {
user = config.services.postgresql.superUser;
};
- heimdal-master-key = {
- source-file = files.realm-master-keys."INFORMIS.LAND";
- target-file = "/run/heimdal/master-key";
- user = config.fudo.auth.kdc.user;
- };
+ # heimdal-master-key = {
+ # source-file = files.realm-master-keys."INFORMIS.LAND";
+ # target-file = "/run/heimdal/master-key";
+ # user = config.fudo.auth.kdc.user;
+ # };
chute-staging-credentials = {
source-file = files.service-secrets.procul."chute-staging.env";
@@ -260,7 +258,11 @@ in {
};
postgresql = {
state-directory = "/state/services/postgresql";
- keytab = config.fudo.secrets.files.service-keytabs.procul.postgres;
+ keytab = extractFudoHostKeytab {
+ inherit hostname;
+ realm = domain.gssapi-realm;
+ services = [ "postgres" ];
+ };
};
logging.loki.state-directory = "/state/services/loki";
metrics = {
diff --git a/config/host-config/spark.nix b/config/host-config/spark.nix
index 56e1fed..408ee22 100644
--- a/config/host-config/spark.nix
+++ b/config/host-config/spark.nix
@@ -1,6 +1,8 @@
{ config, lib, pkgs, ... }:
-with lib; {
+with lib;
+let state-dir = "/state";
+in {
fudo = {
slynk.enable = true;
wallfly.location = "office";
@@ -16,6 +18,15 @@ with lib; {
fcitx5.addons = with pkgs; [ fcitx5-chinese-addons fcitx5-rime ];
};
+ systemd.tmpfiles.rules = [ "d ${state-dir}/lib/cups 755 root root - -" ];
+
+ fileSystems = {
+ "/var/lib/cups" = {
+ device = "${state-dir}/lib/cups";
+ options = [ "bind" ];
+ };
+ };
+
# fudo.adguard-dns-proxy = {
# enable = true;
# http.listen-ip = "10.0.0.108";
diff --git a/config/host-config/system3.nix b/config/host-config/system3.nix
index 6ce11d6..c38cb9b 100644
--- a/config/host-config/system3.nix
+++ b/config/host-config/system3.nix
@@ -20,6 +20,7 @@ in {
"L /root/.ssh/known_hosts - - - - ${state-dir}/user/root/ssh/known_hosts"
"L /var/lib/flatpak - - - - ${state-dir}/lib/flatpak"
"L /etc/adjtime - - - - ${state-dir}/etc/adjtime"
+ "d ${state-dir}/lib/cups 755 root root - -"
];
services = {
@@ -38,6 +39,13 @@ in {
];
};
+ fileSystems = {
+ "/var/lib/cups" = {
+ device = "${state-dir}/lib/cups";
+ options = [ "bind" ];
+ };
+ };
+
environment.etc = {
nixos.source = "/etc/nixos-live";
NIXOS.source = "${state-dir}/etc/NIXOS";
diff --git a/config/host-config/toothless.nix b/config/host-config/toothless.nix
new file mode 100644
index 0000000..3cc5089
--- /dev/null
+++ b/config/host-config/toothless.nix
@@ -0,0 +1,55 @@
+{ config, lib, pkgs, ... }:
+
+let
+ stateDir = "/state";
+ primaryIp = "10.0.0.12";
+ generateMac = pkgs.lib.network.generate-mac-address;
+in {
+ networking = {
+ useDHCP = false;
+ defaultGateway = {
+ address = "10.0.0.1";
+ interface = "intif0";
+ };
+ interfaces.intif0 = {
+ ipv4.addresses = [{
+ address = primaryIp;
+ prefixLength = 16;
+ }];
+ };
+ };
+
+ security.sudo.extraConfig = ''
+ # Due to rollback, sudo will lecture after every reboot
+ Defaults lecture = never
+ '';
+
+ fudo = {
+ minecraft-clj = {
+ enable = true;
+ state-directory = "/state/services/minecraft-clj";
+ admins = [ "fudoniten" ];
+ worlds = {
+ REPLand = { allocated-memory = 8; };
+ wof = {
+ world-name = "WorldOfFun";
+ world-seed = 2059666523504992;
+ port = 25567;
+ difficulty = "medium";
+ game-mode = "survival";
+ motd = "Welcome to the World of Fun!";
+ allow-cheats = true;
+ allocated-memory = 16;
+ pvp = false;
+ };
+ };
+ };
+ };
+
+ systemd.targets = {
+ sleep.enable = false;
+ suspend.enable = false;
+ hibernate.enable = false;
+ hybrid-sleep.enable = false;
+ };
+}
diff --git a/config/host-config/wormhole0.nix b/config/host-config/wormhole0.nix
index b40e54d..2519bc3 100644
--- a/config/host-config/wormhole0.nix
+++ b/config/host-config/wormhole0.nix
@@ -6,13 +6,10 @@ let
primary-ip = "10.0.0.3";
state-dir = "/state";
zigbee2mqtt-statedir = "${state-dir}/services/zigbee2mqtt";
- mosquitto-statedir = "${state-dir}/services/mosquitto";
home-assistant-port = 8123;
zigbee2mqtt-user = config.systemd.services.zigbee2mqtt.serviceConfig.User;
- mosquitto-user = config.systemd.services.mosquitto.serviceConfig.User;
-
zigbee2mqtt-passwd-file =
pkgs.lib.passwd.stablerandom-passwd-file "zigbee2mqtt-passwd"
config.instance.build-seed;
@@ -54,31 +51,21 @@ in {
dhcpcd.extraConfig = concatStringsSep "\n" [ "nogateway" ];
};
- fudo.secrets.host-secrets.${hostname} = {
- mosquitto-zigbee2mqtt-passwd = {
- source-file = zigbee2mqtt-passwd-file;
- target-file = "/run/mosquitto-secrets/zigbee2mqtt.passwd";
- user = mosquitto-user;
- };
- mosquitto-home-assistant-passwd = {
- source-file = host-passwds.mosquitto-home-assistant;
- target-file = "/run/mosquitto-secrets/home-assistant.passwd";
- user = mosquitto-user;
- };
- mosquitto-niten-passwd = {
- source-file = host-passwds.mosquitto-niten;
- target-file = "/run/mosquitto-secrets/niten.passwd";
- user = mosquitto-user;
- };
- mosquitto-xiaoxuan-passwd = {
- source-file = host-passwds.mosquitto-xiaoxuan;
- target-file = "/run/mosquitto-secrets/xiaoxuan.passwd";
- user = mosquitto-user;
- };
- mosquitto-wallfly-passwd = {
- source-file = host-passwds.mosquitto-wallfly;
- target-file = "/run/mosquitto-secrets/wallfly.passwd";
- user = mosquitto-user;
+ fudo.services.mqtt = {
+ enable = true;
+ state-directory = "${state-dir}/services/mosquitto";
+ private = {
+ enable = true;
+ users = {
+ zigbee2mqtt = {
+ password-file = zigbee2mqtt-passwd-file;
+ acl = [ "readwrite #" ];
+ };
+ home-assistant = {
+ password-file = host-passwds.mosquitto-home-assistant;
+ acl = [ "readwrite #" ];
+ };
+ };
};
};
@@ -95,15 +82,6 @@ in {
RemainAfterExit = true;
};
};
-
- zigbee2mqtt = {
- after = [ config.fudo.secrets.secret-target "mosquitto.service" ];
- restartIfChanged = true;
- };
- mosquitto = {
- after = [ config.fudo.secrets.secret-target ];
- restartIfChanged = true;
- };
};
tmpfiles.rules = [
@@ -114,7 +92,6 @@ in {
"L /etc/adjtime - - - - ${state-dir}/etc/adjtime"
"d /state/services 0711 root root - -"
"d ${zigbee2mqtt-statedir} 0700 ${zigbee2mqtt-user} - - -"
- "d ${mosquitto-statedir} 0700 ${mosquitto-user} - - -"
];
};
@@ -149,39 +126,39 @@ in {
};
};
- mosquitto = {
- enable = true;
- dataDir = mosquitto-statedir;
- listeners = [{
- settings.allow_anonymous = false;
- port = 1883;
- address = "0.0.0.0";
- users = {
- zigbee2mqtt = {
- passwordFile =
- host-secrets.mosquitto-zigbee2mqtt-passwd.target-file;
- acl = [ "readwrite #" ];
- };
- home-assistant = {
- passwordFile =
- host-secrets.mosquitto-home-assistant-passwd.target-file;
- acl = [ "readwrite #" ];
- };
- # niten = {
- # passwordFile = host-secrets.mosquitto-niten-passwd.target-file;
- # acl = [ "readwrite #" ];
- # };
- # xiaoxuan = {
- # passwordFile = host-secrets.mosquitto-xiaoxuan-passwd.target-file;
- # acl = [ "readwrite #" ];
- # };
- # wallfly = {
- # passwordFile = host-secrets.mosquitto-wallfly-passwd.target-file;
- # acl = [ "readwrite homeassistant/binary_sensor/#" ];
- # };
- };
- }];
- };
+ # mosquitto = {
+ # enable = true;
+ # dataDir = mosquitto-statedir;
+ # listeners = [{
+ # settings.allow_anonymous = false;
+ # port = 1883;
+ # address = "0.0.0.0";
+ # users = {
+ # zigbee2mqtt = {
+ # passwordFile =
+ # host-secrets.mosquitto-zigbee2mqtt-passwd.target-file;
+ # acl = [ "readwrite #" ];
+ # };
+ # home-assistant = {
+ # passwordFile =
+ # host-secrets.mosquitto-home-assistant-passwd.target-file;
+ # acl = [ "readwrite #" ];
+ # };
+ # niten = {
+ # passwordFile = host-secrets.mosquitto-niten-passwd.target-file;
+ # acl = [ "readwrite #" ];
+ # };
+ # # xiaoxuan = {
+ # # passwordFile = host-secrets.mosquitto-xiaoxuan-passwd.target-file;
+ # # acl = [ "readwrite #" ];
+ # # };
+ # # wallfly = {
+ # # passwordFile = host-secrets.mosquitto-wallfly-passwd.target-file;
+ # # acl = [ "readwrite homeassistant/binary_sensor/#" ];
+ # # };
+ # };
+ # }];
+ # };
zigbee2mqtt = {
enable = true;
@@ -191,8 +168,11 @@ in {
homeassistant = true;
permit_join = true;
serial.port = "/dev/ttyUSB0";
- mqtt = {
- server = "mqtt://127.0.0.1:1883";
+ mqtt = let
+ mqttHost = config.fudo.services.mqtt.mqtt-hostname;
+ mqttPort = config.fudo.services.mqtt.private.port;
+ in {
+ server = "mqtt://${mqttHost}:${toString mqttPort}";
user = "zigbee2mqtt";
password = readFile zigbee2mqtt-passwd-file;
# TODO: could make a yaml file containing password
diff --git a/config/host-config/zbox.nix b/config/host-config/zbox.nix
index cb88153..c351e9c 100644
--- a/config/host-config/zbox.nix
+++ b/config/host-config/zbox.nix
@@ -1,5 +1,6 @@
{ config, lib, pkgs, ... }:
+with lib;
let state-dir = "/state";
in {
config = {
@@ -19,12 +20,20 @@ in {
};
systemd.tmpfiles.rules = [
+ "d ${state-dir}/lib/cups 755 root root - -"
"d ${state-dir}/lib/flatpak 0755 root root - -"
"d ${state-dir}/etc 0755 root root - -"
"L /var/lib/flatpak - - - - ${state-dir}/lib/flatpak"
"L /etc/adjtime - - - - ${state-dir}/etc/adjtime"
];
+ fileSystems = {
+ "/var/lib/cups" = {
+ device = "${state-dir}/lib/cups";
+ options = [ "bind" ];
+ };
+ };
+
hardware = {
bluetooth = {
enable = true;
@@ -32,5 +41,11 @@ in {
};
xpadneo.enable = true;
};
+
+ services.xserver = {
+ layout = "us";
+ xkbVariant = mkForce "";
+ xkbOptions = mkForce "";
+ };
};
}
diff --git a/config/profile-config/build/build-seed.nix b/config/profile-config/build/build-seed.nix
index 50b7a99..7457b8d 100644
--- a/config/profile-config/build/build-seed.nix
+++ b/config/profile-config/build/build-seed.nix
@@ -1,10 +1,10 @@
{ config, lib, pkgs, ... }:
with lib;
-let
- has-secret-files = hasAttr "files" config.fudo.secrets;
+let has-secret-files = hasAttr "files" config.fudo.secrets;
in {
config.instance = mkIf has-secret-files {
+ # TODO: This has a newline, I think...
build-seed = builtins.readFile config.fudo.secrets.files.build-seed;
};
}
diff --git a/config/profile-config/common-ui.nix b/config/profile-config/common-ui.nix
index ede1fa6..cc99e4e 100644
--- a/config/profile-config/common-ui.nix
+++ b/config/profile-config/common-ui.nix
@@ -106,4 +106,7 @@ in {
};
in [ factorio ];
};
+
+ fudo.services.tattler.enable-notifications =
+ trace "${hostname}: ${toString enable-gui}" enable-gui;
}
diff --git a/config/profile-config/common.nix b/config/profile-config/common.nix
index 4c4c9bc..64db72a 100644
--- a/config/profile-config/common.nix
+++ b/config/profile-config/common.nix
@@ -31,7 +31,7 @@ in {
in concatMap nix-files import-paths;
config = {
- fudo.hosts.${hostname}.local-networks = [ "::1/128" ];
+ fudo = { hosts.${hostname}.local-networks = [ "::1/128" ]; };
system.autoUpgrade.enable = false;
@@ -49,28 +49,7 @@ in {
nixpkgs.config.allowUnfree = true;
- hardware.enableRedistributableFirmware = true;
-
- krb5 = {
- enable = true;
-
- appdefaults = {
- forwardable = true;
- proxiable = true;
- encrypt = true;
- forward = true;
- };
-
- libdefaults = {
- allow_weak_crypto = true;
- dns_lookup_kdc = true;
- dns_lookup_realm = true;
- forwardable = true;
- proxiable = true;
- };
-
- kerberos = pkgs.heimdal;
- };
+ hardware.enableAllFirmware = true;
services = {
openssh = {
@@ -78,12 +57,12 @@ in {
startWhenNeeded = true;
useDns = true;
permitRootLogin = "prohibit-password";
- extraConfig = ''
- GSSAPIAuthentication yes
- GSSAPICleanupCredentials yes
- GSSAPIKeyExchange yes
- GSSAPIStoreCredentialsOnRekey yes
- '';
+ # extraConfig = ''
+ # GSSAPIAuthentication yes
+ # GSSAPICleanupCredentials yes
+ # GSSAPIKeyExchange yes
+ # GSSAPIStoreCredentialsOnRekey yes
+ # '';
# FIXME: This is temporary! Getting error: Unsupported KEX algorithm "sntrup761x25519-sha512@openssh.com"
kexAlgorithms = [
"curve25519-sha256"
@@ -102,7 +81,7 @@ in {
xserver = {
layout = "us";
xkbVariant = "dvp";
- xkbOptions = "";
+ xkbOptions = "ctrl:nocaps";
};
btrfs.autoScrub.enable = let
@@ -111,7 +90,10 @@ in {
in length btrfsFilesystems > 0;
pcscd.enable = true;
- udev.packages = with pkgs; [ yubikey-personalization ];
+ udev = {
+ enable = true;
+ packages = with pkgs; [ yubikey-personalization ];
+ };
};
networking.firewall = {
@@ -139,16 +121,7 @@ in {
# pinentryFlavor = if cfg.enable-gui then "gnome3" else "curses";
};
- ssh = {
- startAgent = true;
-
- package = pkgs.openssh_gssapi;
-
- extraConfig = ''
- GSSAPIAuthentication yes
- GSSAPIDelegateCredentials yes
- '';
- };
+ ssh = { startAgent = true; };
};
security = {
diff --git a/config/profile-config/host/kerberos.nix b/config/profile-config/host/kerberos.nix
index fde557b..8acdb25 100644
--- a/config/profile-config/host/kerberos.nix
+++ b/config/profile-config/host/kerberos.nix
@@ -7,66 +7,83 @@ let
try-attr = attr: set: if (hasAttr attr set) then set.${attr} else null;
in {
- config = mkIf has-secret-files
- (let keytab-file = try-attr hostname config.fudo.secrets.files.host-keytabs;
- in mkIf (keytab-file != null) {
- ## This doesn't seem to work...timing?
- # environment.etc."krb5.keytab" = mkIf (keytab-file != null) {
- # source =
- # config.fudo.secrets.host-secrets.${hostname}.host-keytab.target-file;
- # user = "root";
- # group = "root";
- # mode = "0400";
- # };
+ config = mkIf has-secret-files (let
+ keytab-file =
+ try-attr hostname config.fudo.secrets.files.kerberos.host-keytabs;
+ in mkIf (keytab-file != null) {
+ ## This doesn't seem to work...timing?
+ # environment.etc."krb5.keytab" = mkIf (keytab-file != null) {
+ # source =
+ # config.fudo.secrets.host-secrets.${hostname}.host-keytab.target-file;
+ # user = "root";
+ # group = "root";
+ # mode = "0400";
+ # };
- systemd = let
- host-keytab =
- config.fudo.secrets.host-secrets.${hostname}.host-keytab.target-file;
- in {
- paths."${hostname}-keytab-watcher" = {
- wantedBy = [ "default.target" ];
- description = "Watch host keytab for changes.";
- pathConfig = {
- PathChanged = host-keytab;
- Unit = "${hostname}-keytab-watcher.service";
- };
- };
+ krb5 = {
+ domain_realm = let
+ krbDoms = filterAttrs (_: domCfg: domCfg.gssapi-realm != null)
+ config.fudo.domains;
+ domClauses = dom: domCfg: [
+ (nameValuePair dom domCfg.gssapi-realm)
+ (nameValuePair ".${dom}" domCfg.gssapi-realm)
+ ];
+ concatMapAttrs = f: lst:
+ listToAttrs (concatMap (i: i) (mapAttrsToList f lst));
+ in concatMapAttrs domClauses krbDoms;
- services = {
- "${hostname}-keytab-watcher" = {
- description =
- "When host keytab is available or changed, activate copy job.";
- path = with pkgs; [ systemd ];
- serviceConfig = { Type = "oneshot"; };
- script = "systemctl restart ${hostname}-copy-keytab.service";
- };
+ libdefaults.default_etypes =
+ "aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96";
+ };
- "${hostname}-copy-keytab" = {
- description =
- "Copy the host krb5.keytab into place once it's available.";
- serviceConfig = {
- Type = "simple";
- RemainAfterExit = true;
- ExecStart = pkgs.writeShellScript "${hostname}-copy-keytab.sh" ''
- [ -f ${host-keytab} ] || exit 1
- [ -f /etc/krb5.keytab ] && rm /etc/krb5.keytab
- cp ${host-keytab} /etc/krb5.keytab
- chown root:root /etc/krb5.keytab
- chmod 0400 /etc/krb5.keytab
- '';
- ExecStop = pkgs.writeShellScript "${hostname}-remove-keytab.sh" ''
- rm -f /etc/krb5.keytab
- '';
- };
- };
+ systemd = let
+ host-keytab =
+ config.fudo.secrets.host-secrets.${hostname}.host-keytab.target-file;
+ in {
+ paths."${hostname}-keytab-watcher" = {
+ wantedBy = [ "default.target" ];
+ description = "Watch host keytab for changes.";
+ pathConfig = {
+ PathChanged = host-keytab;
+ Unit = "${hostname}-keytab-watcher.service";
};
};
- fudo.secrets.host-secrets.${hostname}.host-keytab =
- mkIf (keytab-file != null) {
- source-file = keytab-file;
- target-file = "/run/kerberos/krb5.keytab";
- user = "root";
+ services = {
+ "${hostname}-keytab-watcher" = {
+ description =
+ "When host keytab is available or changed, activate copy job.";
+ path = with pkgs; [ systemd ];
+ serviceConfig = { Type = "oneshot"; };
+ script = "systemctl restart ${hostname}-copy-keytab.service";
};
- });
+
+ "${hostname}-copy-keytab" = {
+ description =
+ "Copy the host krb5.keytab into place once it's available.";
+ serviceConfig = {
+ Type = "simple";
+ RemainAfterExit = true;
+ ExecStart = pkgs.writeShellScript "${hostname}-copy-keytab.sh" ''
+ [ -f ${host-keytab} ] || exit 1
+ [ -f /etc/krb5.keytab ] && rm /etc/krb5.keytab
+ cp ${host-keytab} /etc/krb5.keytab
+ chown root:root /etc/krb5.keytab
+ chmod 0400 /etc/krb5.keytab
+ '';
+ ExecStop = pkgs.writeShellScript "${hostname}-remove-keytab.sh" ''
+ rm -f /etc/krb5.keytab
+ '';
+ };
+ };
+ };
+ };
+
+ fudo.secrets.host-secrets.${hostname}.host-keytab =
+ mkIf (keytab-file != null) {
+ source-file = keytab-file;
+ target-file = "/run/kerberos/krb5.keytab";
+ user = "root";
+ };
+ });
}
diff --git a/config/profile-config/host/ssh.nix b/config/profile-config/host/ssh.nix
index 05f31a7..5c9c7b0 100644
--- a/config/profile-config/host/ssh.nix
+++ b/config/profile-config/host/ssh.nix
@@ -8,56 +8,54 @@ let
has-secret-files = hasAttr "files" config.fudo.secrets;
in {
- config = mkIf has-secret-files
- (let
- host-keypairs =
- if (hasAttr hostname config.fudo.secrets.files.host-ssh-keypairs) then
- config.fudo.secrets.files.host-ssh-keypairs.${hostname}
- else [];
+ config = mkIf has-secret-files (let
+ host-keypairs =
+ if (hasAttr hostname config.fudo.secrets.files.ssh.host-keypairs) then
+ config.fudo.secrets.files.ssh.host-keypairs.${hostname}
+ else
+ [ ];
+ in {
+ fudo = let
+ sshfp-filename = host: keypair:
+ "ssh-${host}-${keypair.key-type}.sshfp-record";
+
+ dns-sshfp-records = host: keypair:
+ pkgs.stdenv.mkDerivation {
+ name = "${host}-sshfp-records";
+
+ phases = [ "installPhase" ];
+
+ buildInputs = with pkgs; [ openssh ];
+
+ installPhase = ''
+ ssh-keygen -r REMOVEME -f "${keypair.public-key}" | sed 's/^REMOVEME IN SSHFP //' > $out'';
+ };
+
+ host-cfg = config.fudo.hosts.${hostname};
in {
- fudo = let
- sshfp-filename = host: keypair: "ssh-${host}-${keypair.key-type}.sshfp-record";
+ secrets.host-secrets.${hostname} = listToAttrs (map (keypair:
+ nameValuePair "host-${keypair.key-type}-private-key" {
+ source-file = keypair.private-key;
+ target-file =
+ "/run/openssh/private/host-${keypair.key-type}-private-key";
+ user = "root";
+ }) host-keypairs);
- dns-sshfp-records = host: keypair:
- pkgs.stdenv.mkDerivation {
- name = "${host}-sshfp-records";
+ hosts = mkIf (hasAttr "files" config.fudo.secrets) (mapAttrs
+ (hostname: keypairs: {
+ ssh-pubkeys = map (keypair: keypair.public-key) keypairs;
+ ssh-fingerprints = concatMap (keypair:
+ let fingerprint-derivation = dns-sshfp-records hostname keypair;
+ in read-lines "${fingerprint-derivation}") keypairs;
+ }) config.fudo.secrets.files.ssh.host-keypairs);
+ };
- phases = [ "installPhase" ];
-
- buildInputs = with pkgs; [ openssh ];
-
- installPhase =
- "ssh-keygen -r REMOVEME -f \"${keypair.public-key}\" | sed 's/^REMOVEME IN SSHFP //' > $out";
- };
-
- host-cfg = config.fudo.hosts.${hostname};
- in {
- secrets.host-secrets.${hostname} = listToAttrs
- (map
- (keypair: nameValuePair "host-${keypair.key-type}-private-key" {
- source-file = keypair.private-key;
- target-file = "/run/openssh/private/host-${keypair.key-type}-private-key";
- user = "root";
- })
- host-keypairs);
-
- hosts = mkIf (hasAttr "files" config.fudo.secrets)
- (mapAttrs (hostname: keypairs: {
- ssh-pubkeys = map (keypair: keypair.public-key) keypairs;
- ssh-fingerprints = concatMap (keypair:
- let
- fingerprint-derivation = dns-sshfp-records hostname keypair;
- in read-lines "${fingerprint-derivation}") keypairs;
- }) config.fudo.secrets.files.host-ssh-keypairs);
- };
-
- services.openssh.hostKeys = let
- host-secrets = config.fudo.secrets.host-secrets.${hostname};
+ services.openssh.hostKeys =
+ let host-secrets = config.fudo.secrets.host-secrets."${hostname}";
in map (keypair: {
- path =
- host-secrets."host-${keypair.key-type}-private-key".target-file;
+ path = host-secrets."host-${keypair.key-type}-private-key".target-file;
type = keypair.key-type;
}) host-keypairs;
- });
+ });
}
diff --git a/config/service/backplane.nix b/config/service/backplane.nix
index 7c481a1..d12a2bc 100644
--- a/config/service/backplane.nix
+++ b/config/service/backplane.nix
@@ -3,16 +3,16 @@
with lib;
let
hostname = config.instance.hostname;
- domain-name = config.fudo.hosts.${hostname}.domain;
- domain = config.fudo.domains.${domain-name};
- zone-name = config.fudo.domains.${domain-name}.zone;
+ domain-name = config.fudo.hosts."${hostname}".domain;
+ domain = config.fudo.domains."${domain-name}";
+ zone-name = config.fudo.domains."${domain-name}".zone;
- host-fqdn = hostname: "${hostname}.${config.fudo.hosts.${hostname}.domain}";
+ host-fqdn = hostname: "${hostname}.${domain-name}";
postgresql-server = domain.postgresql-server;
- isDatabase = hostname == postgresql-server;
- isJabber = elem hostname domain.xmpp-servers;
+ isDatabaseServer = hostname == postgresql-server;
+ isJabberServer = elem hostname domain.xmpp-servers;
isDNSBackplane = hostname == domain.backplane.dns-service;
backplaneEnabled = domain.backplane != null;
isNameserver = hostname == domain.backplane.nameserver;
@@ -73,18 +73,18 @@ in {
user = config.fudo.backplane.dns.user;
};
- database-powerdns-passwd = mkIf isDatabase {
+ database-powerdns-passwd = mkIf isDatabaseServer {
source-file = powerdns-password;
target-file = "/run/postgres/powerdns.passwd";
user = config.services.postgresql.superUser;
};
- database-backplane-passwd = mkIf isDatabase {
+ database-backplane-passwd = mkIf isDatabaseServer {
source-file = backplane-database-password;
target-file = "/run/postgres/backplane-database.passwd";
user = config.services.postgresql.superUser;
};
- ejabberd-backplane-passwd = mkIf isJabber {
+ ejabberd-backplane-passwd = mkIf isJabberServer {
source-file = xmpp-password;
target-file = "/run/backplane-jabber/service-dns.passwd";
user = config.services.ejabberd.user;
@@ -106,7 +106,7 @@ in {
aliases = { backplane = "${backplane-host-fqdn}."; };
};
- postgresql = mkIf isDatabase {
+ postgresql = mkIf isDatabaseServer {
required-services = [ "fudo-passwords.target" ];
users = {
@@ -136,7 +136,7 @@ in {
};
backplane = {
- enable = isJabber;
+ enable = isJabberServer;
client-hosts = mapAttrs (hostname: hostOpts: {
password-file = host-password-files.${hostname};
diff --git a/config/service/dns.nix b/config/service/dns.nix
index bb5583f..275caf9 100644
--- a/config/service/dns.nix
+++ b/config/service/dns.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... } @ toplevel:
+{ config, lib, pkgs, ... }@toplevel:
with lib;
let
@@ -6,6 +6,18 @@ let
cfg = config.fudo.services.dns;
+ host-secrets = config.fudo.secrets.host-secrets."${hostname}";
+
+ domain-name = config.instance.local-domain;
+ domain = config.fudo.domains.${domain-name};
+ primary-nameserver = domain.primary-nameserver;
+ primary-nameserver-ip = pkgs.lib.network.host-ipv4 config primary-nameserver;
+ primary-nameserver-fqdn = "${primary-nameserver}.${domain-name}";
+
+ is-primary-nameserver = primary-nameserver == hostname;
+
+ zoneKeySecret = zone: "${zone}-ksk";
+
nameserverOpts = { name, ... }: {
options = with types; {
hostname = mkOption {
@@ -39,166 +51,192 @@ let
};
};
- zoneOpts = { name, ... }: let
- zone-name = name;
- in {
- options = with types; {
- enable = mkOption {
- type = bool;
- description = "Enable ${zone-name} zone on the local nameserver.";
- default = zone-name == toplevel.config.instance.local-zone;
- };
+ zoneOpts = { name, ... }:
+ let zone-name = name;
+ in {
+ options = with types; {
+ enable = mkOption {
+ type = bool;
+ description = "Enable ${zone-name} zone on the local nameserver.";
+ default = zone-name == toplevel.config.instance.local-zone;
+ };
- default-host = mkOption {
- type = nullOr str;
- description = "IP which will respond to requests for the base domain.";
- default = null;
- };
+ default-host = mkOption {
+ type = nullOr str;
+ description =
+ "IP which will respond to requests for the base domain.";
+ default = null;
+ };
- external-nameservers = mkOption {
- type = listOf (submodule nameserverOpts);
- description = "Off-network secondary nameservers.";
- default = [];
- };
+ external-nameservers = mkOption {
+ type = listOf (submodule nameserverOpts);
+ description = "Off-network secondary nameservers.";
+ default = [ ];
+ };
- domain = mkOption {
- type = str;
- description = "Domain which this zone serves.";
- default = zone-name;
+ domain = mkOption {
+ type = str;
+ description = "Domain which this zone serves.";
+ default = zone-name;
+ };
+
+ ksk = mkOption {
+ type = nullOr (submodule {
+ options = {
+ private-key = mkOption {
+ type = path;
+ description = "KSK private key.";
+ };
+ public-key = mkOption {
+ type = path;
+ description = "KSK public key.";
+ };
+ ds = mkOption {
+ type = path;
+ description = "KSK ds record.";
+ };
+ };
+ });
+ description =
+ "Location of the zone-signing private & public keys and DS record.";
+ default =
+ toplevel.config.fudo.secrets.files.dns.key-signing-keys."${zone-name}";
+ };
};
};
- };
-
- pthru = obj:
- builtins.trace "TRACE: ${ obj }" obj;
in {
options.fudo.services.dns = with types; {
zones = mkOption {
type = attrsOf (submodule zoneOpts);
description = "Map of served zone to extra zone details.";
- default = {};
+ default = { };
};
};
config.fudo = {
- zones = mapAttrs (zone-name: zone-cfg: let
- domain-name = zone-cfg.domain;
- domain = config.fudo.domains.${domain-name};
+ secrets.host-secrets."${hostname}" = mkIf is-primary-nameserver (mapAttrs'
+ (zone: zone-cfg:
+ nameValuePair (zoneKeySecret zone) {
+ source-file = zone-cfg.ksk.private-key;
+ target-file = "/run/nsd/${baseNameOf zone-cfg.ksk.private-key}";
+ user = config.fudo.nsd.user;
+ }) cfg.zones);
- make-srv-record = port: host: {
- inherit port host;
- };
+ zones = mapAttrs (zone-name: zone-cfg:
+ let
+ domain-name = zone-cfg.domain;
+ domain = config.fudo.domains.${domain-name};
- served-domain = domain.primary-nameserver != null;
+ make-srv-record = port: host: { inherit port host; };
- primary-nameserver = domain.primary-nameserver;
+ served-domain = domain.primary-nameserver != null;
- is-primary-nameserver = hostname == primary-nameserver;
+ primary-nameserver = domain.primary-nameserver;
- internal-nameserver-hostnames =
- [domain.primary-nameserver] ++ domain.secondary-nameservers;
+ is-primary-nameserver = hostname == primary-nameserver;
- get-host-deets = description: hostname: {
- ipv4-address = pkgs.lib.network.host-ipv4 config hostname;
- ipv6-address = pkgs.lib.network.host-ipv6 config hostname;
- description = description;
- };
+ internal-nameserver-hostnames = [ domain.primary-nameserver ]
+ ++ domain.secondary-nameservers;
- get-ns-deets = hostname: let
- host-domain = config.fudo.hosts.${hostname}.domain;
- desc = "${domain-name} nameserver ${hostname}.${host-domain}.";
- in get-host-deets desc hostname;
+ get-host-deets = description: hostname: {
+ ipv4-address = pkgs.lib.network.host-ipv4 config hostname;
+ ipv6-address = pkgs.lib.network.host-ipv6 config hostname;
+ description = description;
+ };
- nameserver-deets = let
- internal-nameservers = map get-ns-deets internal-nameserver-hostnames;
- in internal-nameservers ++ zone-cfg.external-nameservers;
+ get-ns-deets = hostname:
+ let
+ host-domain = config.fudo.hosts.${hostname}.domain;
+ desc = "${domain-name} nameserver ${hostname}.${host-domain}.";
+ in get-host-deets desc hostname;
- has-auth-hostname = ns-host: ns-opts:
- (hasAttr "authoritative-hostname" ns-opts) &&
- (ns-opts.authoritative-hostname != null);
+ nameserver-deets = let
+ internal-nameservers = map get-ns-deets internal-nameserver-hostnames;
+ in internal-nameservers ++ zone-cfg.external-nameservers;
- all-nameservers = listToAttrs
- (imap1
- (i: nsOpts:
- nameValuePair "ns${toString i}" nsOpts)
- nameserver-deets);
+ has-auth-hostname = ns-host: ns-opts:
+ (hasAttr "authoritative-hostname" ns-opts)
+ && (ns-opts.authoritative-hostname != null);
- nameserver-aliases =
- mapAttrs (hostname: opts: "${opts.authoritative-hostname}.")
+ all-nameservers = listToAttrs
+ (imap1 (i: nsOpts: nameValuePair "ns${toString i}" nsOpts)
+ nameserver-deets);
+
+ nameserver-aliases =
+ mapAttrs (hostname: opts: "${opts.authoritative-hostname}.")
(filterAttrs has-auth-hostname all-nameservers);
- nameserver-hosts = mapAttrs (hostname: opts: {
- inherit (opts) ipv4-address ipv6-address description;
- }) (filterAttrs (hostname: opts: ! has-auth-hostname hostname opts)
- all-nameservers);
+ nameserver-hosts = mapAttrs (hostname: opts: {
+ inherit (opts) ipv4-address ipv6-address description;
+ }) (filterAttrs (hostname: opts: !has-auth-hostname hostname opts)
+ all-nameservers);
- dns-srv-records = let
- nameserver-srv-records = mapAttrsToList
- (hostname: hostOpts: let
- target-host = if (has-auth-hostname hostname hostOpts) then
- "${hostOpts.authoritative-hostname}" else
+ dns-srv-records = let
+ nameserver-srv-records = mapAttrsToList (hostname: hostOpts:
+ let
+ target-host = if (has-auth-hostname hostname hostOpts) then
+ "${hostOpts.authoritative-hostname}"
+ else
"${hostname}.${domain-name}";
- in make-srv-record 53 target-host)
- all-nameservers;
- in {
- tcp.domain = nameserver-srv-records;
- udp.domain = nameserver-srv-records;
- };
-
- # TODO: move this to a mail service
- mail-srv-records = optionalAttrs (domain.primary-mailserver != null) {
- tcp = let
- mailserver-domain = config.fudo.hosts.${domain.primary-mailserver}.domain;
- fqdn = "mail.${mailserver-domain}";
+ in make-srv-record 53 target-host) all-nameservers;
in {
- smtp = [(make-srv-record 25 fqdn)];
- submission = [(make-srv-record 587 fqdn)];
- imap = [(make-srv-record 143 fqdn)];
- imaps = [(make-srv-record 993 fqdn)];
- pop3 = [(make-srv-record 110 fqdn)];
- pop3s = [(make-srv-record 995 fqdn)];
+ tcp.domain = nameserver-srv-records;
+ udp.domain = nameserver-srv-records;
};
- };
- in {
- gssapi-realm = domain.gssapi-realm;
+ # # TODO: move this to a mail service
+ # mail-srv-records = optionalAttrs (domain.primary-mailserver != null) {
+ # tcp = let
+ # mailserver-domain =
+ # config.fudo.hosts.${domain.primary-mailserver}.domain;
+ # fqdn = "mail.${mailserver-domain}";
+ # in {
+ # smtp = [ (make-srv-record 25 fqdn) ];
+ # submission = [ (make-srv-record 587 fqdn) ];
+ # imap = [ (make-srv-record 143 fqdn) ];
+ # imaps = [ (make-srv-record 993 fqdn) ];
+ # pop3 = [ (make-srv-record 110 fqdn) ];
+ # pop3s = [ (make-srv-record 995 fqdn) ];
+ # };
+ # };
- hosts = nameserver-hosts // {
- mail = mkIf (domain.primary-nameserver != null) (let
- mailserver-deets = host: let
- host-domain = config.fudo.hosts.${host}.domain;
- in get-host-deets "Primary ${domain-name} mailserver ${host}.${host-domain}." host;
- in mailserver-deets domain.primary-nameserver);
- };
+ in {
+ gssapi-realm = domain.gssapi-realm;
- aliases = nameserver-aliases;
+ hosts = nameserver-hosts // {
+ mail = mkIf (domain.primary-nameserver != null) (let
+ mailserver-deets = host:
+ let host-domain = config.fudo.hosts.${host}.domain;
+ in get-host-deets
+ "Primary ${domain-name} mailserver ${host}.${host-domain}." host;
+ in mailserver-deets domain.primary-nameserver);
+ };
- mx = optional (domain.primary-mailserver != null)
- (let
- mail-domain-name = config.fudo.hosts.${domain.primary-mailserver}.domain;
- in "mail.${mail-domain-name}");
+ aliases = nameserver-aliases;
- dmarc-report-address = "dmarc-report@${domain-name}";
+ mx = optional (domain.primary-mailserver != null) (let
+ mail-domain-name =
+ config.fudo.hosts.${domain.primary-mailserver}.domain;
+ in "mail.${mail-domain-name}");
- nameservers = let
- direct-external = attrValues nameserver-aliases;
- internal = map (hostname: "${hostname}.${domain-name}.")
- (attrNames nameserver-hosts);
- in internal ++ direct-external;
+ dmarc-report-address = "dmarc-report@${domain-name}";
- srv-records = dns-srv-records // mail-srv-records;
- }) cfg.zones;
+ nameservers = let
+ direct-external = attrValues nameserver-aliases;
+ internal = map (hostname: "${hostname}.${domain-name}.")
+ (attrNames nameserver-hosts);
+ in internal ++ direct-external;
- dns = let
- domain-name = config.instance.local-domain;
- domain = config.fudo.domains.${domain-name};
- primary-nameserver = domain.primary-nameserver;
- primary-nameserver-ip = pkgs.lib.network.host-ipv4 config primary-nameserver;
- primary-nameserver-fqdn = "${primary-nameserver}.${domain-name}";
+ srv-records = dns-srv-records; # // mail-srv-records;
- is-primary-nameserver = primary-nameserver == hostname;
- in {
+ verbatim-dns-records = mkIf (zone-cfg.ksk != null) [
+ (readFile zone-cfg.ksk.public-key)
+ (readFile zone-cfg.ksk.ds)
+ ];
+ }) cfg.zones;
+
+ dns = {
enable = is-primary-nameserver;
identity = "${hostname}.${domain-name}";
@@ -207,11 +245,11 @@ in {
(pkgs.lib.network.host-ips config hostname);
domains = mapAttrs' (zone-name: zone-cfg:
- nameValuePair zone-cfg.domain
- {
- dnssec = true;
- zone-definition = config.fudo.zones.${zone-name};
- }) cfg.zones;
+ nameValuePair zone-cfg.domain {
+ dnssec = zone-cfg.ksk != null;
+ ksk.key-file = host-secrets."${zoneKeySecret zone-name}".target-file;
+ zone-definition = config.fudo.zones.${zone-name};
+ }) cfg.zones;
};
};
}
diff --git a/config/service/fudo-auth.nix b/config/service/fudo-auth.nix
index 20a76af..1d2ca75 100644
--- a/config/service/fudo-auth.nix
+++ b/config/service/fudo-auth.nix
@@ -1,11 +1,13 @@
-{ config, lib, pkgs, ... }:
+{ config, pkgs, ... }:
-with lib;
+with pkgs.lib;
let
hostname = config.instance.hostname;
domain-name = config.fudo.services.auth.domain;
domain = config.fudo.domains.${domain-name};
+ realm = domain.gssapi-realm;
+
zone-name = domain.zone;
ldap-server = elem hostname domain.ldap-servers;
@@ -19,6 +21,11 @@ let
cfg = config.fudo.services.auth;
+ host-secrets = config.fudo.secrets.host-secrets."${hostname}";
+
+ krb-user = config.fudo.auth.kerberos.user;
+ krb-group = config.fudo.auth.kerberos.group;
+
in {
options.fudo.services.auth = with types; {
domain = mkOption {
@@ -30,20 +37,23 @@ in {
ldap = {
hostname = mkOption {
type = str;
- description = "Fully-qualified (and public-addressable) domain name of this host.";
+ description =
+ "Fully-qualified (and public-addressable) domain name of this host.";
default = config.instance.host-fqdn;
};
state-directory = mkOption {
type = str;
- description = "Directory at which to store peristent ldap-related data.";
+ description =
+ "Directory at which to store peristent ldap-related data.";
};
};
kerberos = {
hostname = mkOption {
type = str;
- description = "Fully-qualified (and public-addressable) domain name of this host.";
+ description =
+ "Fully-qualified (and public-addressable) domain name of this host.";
default = config.instance.host-fqdn;
};
@@ -56,15 +66,64 @@ in {
type = str;
description = "Path (on the build server) to the KDC master key file.";
};
-
- ipropd-keytab = mkOption {
- type = nullOr str;
- description = "ipropd keytab for kerberos database propagation.";
- };
};
};
config = {
+ systemd = {
+ tmpfiles.rules = mkIf (kerberos-master || kerberos-slave) [
+ "d ${cfg.kerberos.state-directory} 0700 ${krb-user} ${krb-group} - -"
+ ];
+
+ paths.heimdal-kdc-initialize = mkIf kerberos-master {
+ wantedBy = [ "heimdal-kdc.service" ];
+ pathConfig = {
+ PathModified = host-secrets.kdc-principals.target-file;
+ };
+ };
+
+ services = {
+ heimdal-kdc-initialize = mkIf (kerberos-master || kerberos-slave) {
+ requires = [
+ host-secrets.kdc-principals.service
+ host-secrets.realm-master-key.service
+ ];
+ description = "Initialize and update the Heimdal KDC database.";
+ path = with pkgs; [ kdcMergePrincipals coreutils ];
+ serviceConfig = {
+ User = krb-user;
+ Group = krb-group;
+ ExecStart = let
+ db = config.fudo.auth.kerberos.kdc.database;
+ principals = host-secrets.kdc-principals.target-file;
+ master-key = host-secrets.realm-master-key.target-file;
+ init-db-cmd = concatStringsSep " " [
+ "${pkgs.kdcMergePrincipals}/bin/kdc-merge-principals"
+ "--create"
+ "--database=${db}"
+ "--principals=${principals}"
+ "--key=${master-key}"
+ "--realm=${realm}"
+ "--verbose"
+ ];
+ in pkgs.writeShellScript "heimdal-kdc-initialize.sh" ''
+ ${init-db-cmd}
+ chown ${krb-user}:${krb-group} ${db}
+ chmod 0700 ${db}
+ '';
+ };
+ };
+ heimdal-kdc = mkIf kerberos-master {
+ requires = [ "heimdal-kdc-initialize.service" ];
+ after = [ "heimdal-kdc-initialize.service" ];
+ };
+ heimdal-kdc-secondary = mkIf kerberos-slave {
+ requires = [ "heimdal-kdc-initialize.service" ];
+ after = [ "heimdal-kdc-initialize.service" ];
+ };
+ };
+ };
+
fudo = {
acme.host-domains.${hostname} = mkIf (ldap-server) {
${cfg.ldap.hostname}.local-copies.openldap = {
@@ -73,52 +132,110 @@ in {
};
};
- auth = {
- ldap-server = mkIf (ldap-server)
- (let
- ldap-cert-copy =
- config.fudo.acme.host-domains.${hostname}.${cfg.ldap.hostname}.local-copies.openldap;
- in {
- enable = ldap-server;
- base = "dc=fudo,dc=org";
- organization = "Fudo";
- listen-uris = [ "ldap:///" "ldaps:///" ];
- required-services = [ ldap-cert-copy.service ];
+ secrets.host-secrets."${hostname}" = let
+ realm-key =
+ config.fudo.secrets.files.kerberos.realm-master-keys."${realm}";
+ in {
+ realm-master-key = mkIf (kerberos-master || kerberos-slave) {
+ source-file = realm-key;
+ target-file = "/run/kdc/realm.key";
+ user = krb-user;
+ group = krb-group;
+ };
- # TODO: Maybe filter to Fudo-only?
- users = config.fudo.users;
- groups = config.fudo.groups;
- system-users = config.fudo.system-users;
-
- state-directory = "${cfg.ldap.state-directory}";
-
- ssl-chain = ldap-cert-copy.chain;
- ssl-certificate = ldap-cert-copy.certificate;
- ssl-private-key = ldap-cert-copy.private-key;
- ssl-ca-certificate = "${pkgs.letsencrypt-ca}";
- });
-
- kdc = mkIf (kerberos-master || kerberos-slave) {
- enable = true;
- realm = domain.gssapi-realm;
- bind-addresses =
- (pkgs.lib.network.host-ips config hostname) ++
- [ "127.0.0.1" ] ++ (optional config.networking.enableIPv6 "::1");
- state-directory = cfg.kerberos.state-directory;
- master-key-file = cfg.kerberos.master-key-file;
- master-config = mkIf (kerberos-master) {
- acl = let
- admin-entries = genAttrs config.instance.local-admins
- (admin: {
- perms = [ "add" "change-password" "list" ];
- });
- in admin-entries // {
- "*/root".perms = [ "all" ];
- };
+ kdc-principals = mkIf (kerberos-master || kerberos-slave) {
+ source-file =
+ config.fudo.secrets.files.kerberos.realm-principals."${realm}";
+ target-file = "/run/kdc/realm.principals";
+ user = krb-user;
+ group = krb-group;
+ };
+ kadmind-keytab = mkIf kerberos-master {
+ source-file = extractFudoKeytab {
+ inherit realm;
+ principals = [ "kadmin/admin" ];
};
- slave-config = mkIf (kerberos-slave) {
- master-host = domain.kerberos-master;
- ipropd-keytab = cfg.kerberos.ipropd-keytab;
+ target-file = "/run/kdc/kadmind.keytab";
+ user = krb-user;
+ group = krb-group;
+ };
+ kpasswdd-keytab = mkIf kerberos-master {
+ source-file = extractFudoKeytab {
+ inherit realm;
+ principals = [ "kadmin/changepw" ];
+ };
+ target-file = "/run/kdc/kpasswdd.keytab";
+ user = krb-user;
+ group = krb-group;
+ };
+ hprop-keytab =
+ mkIf (kerberos-master && (domain.kerberos-slaves != [ ])) {
+ source-file = extractFudoKeytab {
+ inherit realm;
+ principals = [ "kadmin/hprop" ];
+ };
+ target-file = "/run/kdc/hprop.keytab";
+ user = krb-user;
+ group = krb-group;
+ };
+
+ hpropd-keytab = mkIf kerberos-slave {
+ source-file = extractFudoHostKeytab {
+ inherit hostname realm;
+ services = [ "hprop" ];
+ };
+ target-file = "/run/kdc/hpropd.keytab";
+ user = krb-user;
+ group = krb-group;
+ };
+ };
+
+ auth = {
+ ldap-server = mkIf ldap-server (let
+ ldap-cert-copy =
+ config.fudo.acme.host-domains.${hostname}.${cfg.ldap.hostname}.local-copies.openldap;
+ in {
+ enable = ldap-server;
+ base = "dc=fudo,dc=org";
+ organization = "Fudo";
+ listen-uris = [ "ldap:///" "ldaps:///" ];
+ required-services = [ ldap-cert-copy.service ];
+
+ # TODO: Maybe filter to Fudo-only?
+ users = config.fudo.users;
+ groups = config.fudo.groups;
+ system-users = config.fudo.system-users;
+
+ state-directory = "${cfg.ldap.state-directory}";
+
+ ssl-chain = ldap-cert-copy.chain;
+ ssl-certificate = ldap-cert-copy.certificate;
+ ssl-private-key = ldap-cert-copy.private-key;
+ ssl-ca-certificate = "${pkgs.letsencrypt-ca}";
+ });
+
+ kerberos = {
+ inherit realm;
+ kdc = mkIf (kerberos-master || kerberos-slave) {
+ state-directory = cfg.kerberos.state-directory;
+ master-key-file = host-secrets.realm-master-key.target-file;
+ primary = mkIf kerberos-master {
+ enable = true;
+ acl = let
+ adminEntries = genAttrs config.instance.local-admins
+ (admin: { perms = [ "add" "change-password" "list" ]; });
+ in adminEntries // { "*/root".perms = [ "all" ]; };
+ secondary-servers = map getHostFqdn domain.kerberos-slaves;
+ keytabs = {
+ kadmind = host-secrets.kadmind-keytab.target-file;
+ kpasswdd = host-secrets.kpasswdd-keytab.target-file;
+ hprop = host-secrets.hprop-keytab.target-file;
+ };
+ };
+ secondary = mkIf kerberos-slave {
+ enable = true;
+ keytabs.hpropd = host-secrets.hpropd-keytab.target-file;
+ };
};
};
};
@@ -129,19 +246,20 @@ in {
host = hostname;
};
- get-fqdn = host:
- "${host}.${config.fudo.hosts.${host}.domain}";
+ get-fqdn = host: "${host}.${config.fudo.hosts.${host}.domain}";
- kerberos-master-hosts = optional (kerberized-domain)
- domain.kerberos-master;
+ kerberos-master-hosts =
+ optional (kerberized-domain) domain.kerberos-master;
- kerberos-servers = map get-fqdn
- (kerberos-master-hosts ++ domain.kerberos-slaves);
+ kerberos-servers =
+ map get-fqdn (kerberos-master-hosts ++ domain.kerberos-slaves);
kerberos-masters = map get-fqdn kerberos-master-hosts;
ldap-servers = map get-fqdn domain.ldap-servers;
in {
+ gssapi-realm = realm;
+
srv-records = {
tcp = {
kerberos = map (make-srv-record 88) kerberos-servers;
diff --git a/config/service/mail-server.nix b/config/service/mail-server.nix
index 2c98d09..e010a8d 100644
--- a/config/service/mail-server.nix
+++ b/config/service/mail-server.nix
@@ -12,7 +12,7 @@ let
mailserver-domain-name = config.fudo.hosts.${mailserver-host}.domain;
mailserver-domain = config.fudo.domains.${mailserver-domain-name};
- mailserver-host-fqdn = "${mailserver-host}.${mailserver-domain-name}";
+ mailserver-fqdn = "${mailserver-host}.${mailserver-domain-name}";
isMailServer = hostname == mailserver-host;
@@ -94,15 +94,12 @@ in {
};
};
- zones = mkIf isLocalMailserver {
+ zones = {
${mailserver-domain.zone} = let
server-ipv4 = pkgs.lib.network.host-ipv4 config mailserver-host;
server-ipv6 = pkgs.lib.network.host-ipv6 config mailserver-host;
- srv-record = host: port: [{
- host = "${host}.${mailserver-domain-name}";
- port = port;
- }];
+ srv-record = host: port: [{ inherit host port; }];
in {
hosts = genAttrs [ "imap" "smtp" ] (alias: {
@@ -114,18 +111,17 @@ in {
mx = [ "smtp.${mailserver-domain-name}" ];
- aliases =
- mkIf metricsEnabled { mail-stats = "${mailserver-host-fqdn}."; };
+ aliases = mkIf metricsEnabled { mail-stats = "${mailserver-fqdn}."; };
srv-records.tcp = {
- pop3 = srv-record "imap" 110;
- pop3s = srv-record "imap" 995;
+ pop3 = srv-record mailserver-fqdn 110;
+ pop3s = srv-record mailserver-fqdn 995;
- imap = srv-record "imap" 143;
- imaps = srv-record "imap" 993;
+ imap = srv-record mailserver-fqdn 143;
+ imaps = srv-record mailserver-fqdn 993;
- smtp = srv-record "smtp" 25;
- submission = srv-record "smtp" 587;
+ smtp = srv-record mailserver-fqdn 25;
+ submission = srv-record mailserver-fqdn 587;
};
metric-records = mkIf metricsEnabled
@@ -167,8 +163,7 @@ in {
ssl-private-key = cert-copy.private-key;
};
- local-domains =
- [ mailserver-host-fqdn "smtp.${mailserver-domain-name}" ];
+ local-domains = [ mailserver-fqdn "smtp.${mailserver-domain-name}" ];
mail-directory = "${cfg.state-directory}/mail";
state-directory = "${cfg.state-directory}/state";
diff --git a/config/service/mqtt.nix b/config/service/mqtt.nix
new file mode 100644
index 0000000..5549f45
--- /dev/null
+++ b/config/service/mqtt.nix
@@ -0,0 +1,164 @@
+{ config, lib, pkgs, ... }@toplevel:
+
+with lib;
+let
+ cfg = config.fudo.services.mqtt;
+ hostname = config.instance.hostname;
+ isMqttServer = cfg.host == hostname;
+
+ aclOption = with types;
+ mkOption {
+ type = listOf str;
+ description = "Topic filter to which this user has access.";
+ example = [ "some/topic/#" "other/specific/topic" ];
+ };
+
+ userOpts = { name, ... }: {
+ options = with types; {
+ username = mkOption {
+ type = str;
+ default = name;
+ };
+
+ password-file = mkOption {
+ type = str;
+ description =
+ "Path to file (on the BUILD HOST) containing the user's password.";
+ };
+
+ acl = aclOption;
+ };
+ };
+
+ mosquittoUser = config.systemd.services.mosquitto.serviceConfig.User;
+
+ pwTarget = type: username: "/run/mqtt/${type}-${username}.passwd";
+
+ mqttDomain = config.fudo.hosts."${cfg.host}".domain;
+
+in {
+ options.fudo.services.mqtt = with types; {
+ enable = mkEnableOption "Enable MQTT server.";
+
+ host = mkOption {
+ type = str;
+ description =
+ "Hostname of the MQTT server for this site/domain/whatever.";
+ };
+
+ listen-address = mkOption {
+ type = str;
+ description = "IP address on which to listen.";
+ default = "0.0.0.0";
+ };
+
+ private = {
+ enable = mkOption {
+ type = bool;
+ description = "Enable a private (authenticated) MQTT server.";
+ default = true;
+ };
+
+ port = mkOption {
+ type = port;
+ description = "Port at which to listen for incoming MQTT requests.";
+ default = 1883;
+ };
+
+ users = mkOption {
+ type = attrsOf (submodule userOpts);
+ default = { };
+ };
+ };
+
+ public = {
+ enable = mkEnableOption "Enable a public (anonymous) MQTT server.";
+
+ port = mkOption {
+ type = port;
+ description = "Port at which to listen for incoming MQTT requests.";
+ default = 1884;
+ };
+
+ users = mkOption {
+ type = attrsOf (submodule userOpts);
+ default = { };
+ };
+
+ acl = aclOption;
+ };
+
+ state-directory = mkOption {
+ type = str;
+ description = "Directory where server can store persistent state.";
+ };
+
+ mqtt-hostname = let
+ mqtt-host = toplevel.config.fudo.services.mqtt.host;
+ mqtt-domain = toplevel.config.fudo.hosts."${mqtt-host}".domain;
+ in mkOption {
+ type = str;
+ description = "Hostname at which the MQTT server can be reached.";
+ default = "mqtt.${mqtt-domain}";
+ };
+ };
+
+ config = mkIf cfg.enable {
+ networking.firewall.allowedTCPPorts =
+ (optional cfg.private.enable cfg.private.port)
+ ++ (optional cfg.public.enable cfg.public.port);
+
+ systemd = {
+ services.mosquitto = {
+ after = [ config.fudo.secrets.secret-target ];
+ restartIfChanged = true;
+ };
+ tmpfiles.rules = optional isMqttServer
+ "d ${cfg.state-directory} 0700 ${mosquittoUser} - - -";
+ };
+
+ fudo = {
+ zones."${mqttDomain}".aliases.mqtt = cfg.host;
+
+ secrets.host-secrets."${hostname}" = mkIf isMqttServer (let
+ publicUsers = mapAttrs' (_: userOpts:
+ nameValuePair "mqtt-public-user-${userOpts.username}" {
+ source-file = userOpts.password-file;
+ target-file = pwTarget "public" userOpts.username;
+ user = mosquittoUser;
+ }) cfg.public.users;
+ privateUsers = mapAttrs' (_: userOpts:
+ nameValuePair "mqtt-private-user-${userOpts.username}" {
+ source-file = userOpts.password-file;
+ target-file = pwTarget "private" userOpts.username;
+ user = mosquittoUser;
+ }) cfg.private.users;
+ in publicUsers // privateUsers);
+ };
+
+ services.mosquitto = mkIf isMqttServer {
+ enable = true;
+ dataDir = cfg.state-directory;
+ listeners = (optional cfg.private.enable {
+ settings.allow_anonymous = false;
+ port = cfg.private.port;
+ address = cfg.listen-address;
+ users = mapAttrs' (_: userOpts:
+ nameValuePair userOpts.username {
+ acl = userOpts.acl;
+ passwordFile = pwTarget "private" userOpts.username;
+ }) cfg.private.users;
+ }) ++ (optional cfg.public.enable {
+ settings.allow_anonymous = true;
+ acl = map (line: "topic ${line}") cfg.public.acl;
+ port = cfg.public.port;
+ address = cfg.listen-address;
+ users = mapAttrs' (_: userOpts:
+ nameValuePair userOpts.username {
+ acl = userOpts.acl;
+ passwordFile = pwTarget "public" userOpts.username;
+ }) cfg.public.users;
+ });
+ };
+ };
+}
diff --git a/config/service/nexus.nix b/config/service/nexus.nix
new file mode 100644
index 0000000..77ef4b4
--- /dev/null
+++ b/config/service/nexus.nix
@@ -0,0 +1,260 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ cfg = config.fudo.services.nexus;
+
+ hostname = config.instance.hostname;
+
+ domainName = config.fudo.hosts."${hostname}".domain;
+ domain = config.fudo.domains."${domainName}";
+ siteName = config.fudo.hosts."${hostname}".site;
+ site = config.fudo.sites."${siteName}";
+
+ hostNexusDomainList = host:
+ let
+ domainName = config.fudo.hosts."${host}".domain;
+ domain = config.fudo.domains."${domainName}";
+ siteName = config.fudo.hosts."${host}".site;
+ site = config.fudo.sites."${siteName}";
+ in unique (domain.nexus.domains ++ site.nexus.domains);
+
+ isEmpty = lst: lst == [ ];
+
+ localNexusDomains = getAttrs (hostNexusDomainList hostname)
+ (listKeys config.fudo.nexus.domains);
+
+ isServer = let
+ servers = concatMap (domainOpts: domainOpts.servers)
+ (attrValues config.fudo.nexus.domains);
+ in elem hostname servers;
+
+ isDnsServer = let
+ servers = concatMap (domainOpts: domainOpts.dns-servers)
+ (attrValues config.fudo.nexus.domains);
+ in elem hostname servers;
+
+ isDatabase = hostname == domain.postgresql-server;
+
+ enableClient = !isEmpty (hostNexusDomainList hostname);
+
+ enable = isServer || isDnsServer || isDatabase || enableClient;
+
+ servedDomains = filterAttrs (_: domainOpts:
+ (elem hostname domainOpts.servers)
+ || (elem hostname domainOpts.dns-servers)) config.fudo.nexus.domains;
+
+ clientHosts = filter (hostname:
+ !isEmpty
+ (intersectLists (hostNexusDomainList hostname) (attrNames servedDomains)))
+ (attrNames config.fudo.hosts);
+
+ hostSecrets = config.fudo.secrets.host-secrets."${hostname}";
+
+ hostFqdn = hostname: "${hostname}.${domainName}";
+
+ databaseName = "nexus_dns";
+ serverUser = "nexus_server";
+ dnsServerUser = "nexus_dns";
+
+ concatMapAttrsToList = f: as: concatLists (mapAttrsToList f as);
+
+ genServerRecords = name: domain: servers:
+ imap0 (i: host: {
+ inherit host domain;
+ alias = "${name}${toString i}";
+ }) servers;
+
+ serverList = concatMapAttrsToList
+ (domain: domainOpts: genServerRecords "nexus-" domain domainOpts.servers)
+ config.fudo.nexus.domains;
+
+ dnsServerList = concatMapAttrsToList
+ (domain: domainOpts: genServerRecords "ns" domain domainOpts.dns-servers)
+ config.fudo.nexus.domains;
+
+ genSshfp = path:
+ pkgs.stdenv.mkDerivation {
+ name = "sshfp-${baseNameOf path}";
+ buildInputs = with pkgs; [ openssh ];
+ phases = [ "installPhase" ];
+ installPhase =
+ "ssh-keygen -r PLACEHOLDER -f ${path} | sed 's/PLACEHOLDER IN SSHFP //' > $out";
+ };
+
+in {
+ options.fudo.services.nexus.dns-server = with types; {
+ listen-addresses = mkOption {
+ type = nullOr (listOf str);
+ description =
+ "Listen addresses. Defaults to 0.0.0.0 (i.e. all addresses).";
+ default = null;
+ };
+ };
+
+ config = mkIf enable {
+
+ nexus = {
+ database = {
+ database = databaseName;
+ host = pkgs.lib.getDomainPostgresqlServer domainName;
+ };
+
+ domains = mapAttrs (domain: domainOpts: {
+ admin = "admin@${domain}";
+ inherit (domainOpts) gssapi-realm;
+ trusted-networks = domainOpts.trusted-networks
+ ++ config.instance.local-networks;
+ # aliases = let
+ # mkAlias = { host, alias, ... }:
+ # nameValuePair alias (pkgs.lib.getHostFqdn host);
+ # domainRecords = filter (record: record.domain == domain) serverList;
+ # in listToAttrs (map mkAlias domainRecords);
+ nameservers = let
+ domainNs = filter (record: record.domain == domain) dnsServerList;
+ mkNsRecord = { alias, host, ... }:
+ nameValuePair alias {
+ ipv4-address = pkgs.lib.getHostIpv4 host;
+ ipv6-address = pkgs.lib.getHostIpv6 host;
+ };
+ in listToAttrs (map mkNsRecord domainNs);
+ records = let
+ domainServers = filter (record: record.domain == domain) serverList;
+ mkHostRecords = { host, alias, ... }:
+ let
+ ipv4-address = pkgs.lib.getHostIpv4 host;
+ ipv6-address = pkgs.lib.getHostIpv6 host;
+ in (optional (ipv4-address != null) {
+ name = "${alias}.${domain}";
+ type = "A";
+ content = ipv4-address;
+ }) ++ (optional (ipv6-address != null) {
+ name = "${alias}.${domain}";
+ type = "AAAA";
+ content = ipv6-address;
+ });
+ in domainOpts.records ++ (concatMap mkHostRecords domainServers);
+ }) servedDomains;
+
+ client = {
+ enable = enableClient;
+ inherit hostname;
+ verbose = true;
+ domains = unique (domain.nexus.domains ++ site.nexus.domains);
+ hmac-key-file = hostSecrets.nexus-key.target-file;
+ servers = let localDomains = hostNexusDomainList hostname;
+ in map ({ domain, alias, ... }: "${alias}.${domain}")
+ (filter ({ domain, ... }: elem domain localDomains) serverList);
+ ssh-key-files = map (key: key.path) config.services.openssh.hostKeys;
+ };
+
+ server = {
+ enable = isServer;
+ verbose = true;
+ client-keys-file = hostSecrets.nexus-client-keys.target-file;
+ hostnames = let
+ hostServerRecords =
+ filter ({ host, ... }: host == hostname) serverList;
+ in map ({ domain, alias, ... }: "${alias}.${domain}") hostServerRecords;
+ database = {
+ user = serverUser;
+ password-file = hostSecrets.nexus-server-passwd.target-file;
+ };
+ };
+
+ dns-server = {
+ enable = isDnsServer;
+ enable-dnssec = true;
+ listen-addresses = mkIf (cfg.dns-server.listen-addresses != null)
+ cfg.dns-server.listen-addresses;
+ database = {
+ user = dnsServerUser;
+ password-file = hostSecrets.nexus-dns-server-passwd.target-file;
+ };
+ };
+ };
+
+ fudo = {
+ secrets.host-secrets."${hostname}" = {
+ nexus-client-keys = mkIf isServer {
+ source-file = let
+ clientKeyFiles =
+ filterAttrs (hostname: _: elem hostname clientHosts)
+ config.fudo.secrets.files.nexus-hmacs;
+ clientKeys =
+ mapAttrs (_: filename: readFile filename) clientKeyFiles;
+ in pkgs.writeText "nexus-client-keys.json"
+ (builtins.toJSON clientKeys);
+ target-file = "/run/nexus/client-keys.json";
+ };
+
+ nexus-key = mkIf enableClient {
+ source-file = config.fudo.secrets.files.nexus-hmacs."${hostname}";
+ target-file = "/run/nexus/client.key";
+ };
+
+ nexus-server-passwd = mkIf isServer {
+ source-file =
+ pkgs.lib.passwd.stablerandom-passwd-file "nexus-server-passwd"
+ "nexus-server-${config.instance.build-seed}";
+ target-file = "/run/nexus/server-db.passwd";
+ };
+
+ postgres-nexus-server-passwd = mkIf isDatabase {
+ source-file =
+ pkgs.lib.passwd.stablerandom-passwd-file "nexus-server-passwd"
+ "nexus-server-${config.instance.build-seed}";
+ target-file = "/run/nexus/server-db.passwd";
+ user = "postgres";
+ };
+
+ nexus-dns-server-passwd = mkIf isDnsServer {
+ source-file =
+ pkgs.lib.passwd.stablerandom-passwd-file "nexus-dns-server-passwd"
+ "nexus-dns-server-${config.instance.build-seed}";
+ target-file = "/run/nexus/dns-server-db.passwd";
+ };
+
+ postgres-nexus-dns-server-passwd = mkIf isDatabase {
+ source-file =
+ pkgs.lib.passwd.stablerandom-passwd-file "nexus-dns-server-passwd"
+ "nexus-dns-server-${config.instance.build-seed}";
+ target-file = "/run/nexus-db/nexus-dns.passwd";
+ user = "postgres";
+ };
+ };
+
+ postgresql = mkIf isDatabase {
+ required-services = [ "fudo-passwords.target" ];
+
+ databases."${databaseName}".users = config.instance.local-admins;
+
+ users = {
+ "${serverUser}" = {
+ password-file =
+ hostSecrets.postgres-nexus-server-passwd.target-file;
+ databases."${databaseName}" = {
+ access = "CONNECT";
+ entity-access = {
+ "ALL TABLES IN SCHEMA public" = "SELECT,INSERT,UPDATE,DELETE";
+ "ALL SEQUENCES IN SCHEMA public" = "SELECT,UPDATE";
+ };
+ };
+ };
+
+ "${dnsServerUser}" = {
+ password-file =
+ hostSecrets.postgres-nexus-dns-server-passwd.target-file;
+ databases."${databaseName}" = {
+ access = "CONNECT";
+ entity-access = {
+ "ALL TABLES IN SCHEMA public" = "SELECT,INSERT,UPDATE,DELETE";
+ "ALL SEQUENCES IN SCHEMA public" = "SELECT,UPDATE";
+ };
+ };
+ };
+ };
+ };
+ };
+ };
+}
diff --git a/config/service/postgresql.nix b/config/service/postgresql.nix
index 6cab4d5..6661de7 100644
--- a/config/service/postgresql.nix
+++ b/config/service/postgresql.nix
@@ -13,8 +13,7 @@ let
host-secrets = config.fudo.secrets.host-secrets.${hostname};
postgresEnabled = domain.postgresql-server == hostname;
- publicNetwork = let
- site-name = config.fudo.hosts.${hostname}.site;
+ publicNetwork = let site-name = config.fudo.hosts.${hostname}.site;
in config.fudo.sites.${site-name}.local-gateway == null;
isPostgresHost = hostname == domain.postgresql-server;
@@ -32,7 +31,7 @@ in {
};
keytab = mkOption {
- type = str;
+ type = nullOr path;
description = "Keytab for PostgreSQL.";
};
};
@@ -49,18 +48,20 @@ in {
};
};
- secrets.host-secrets.${hostname}.postgres-keytab = mkIf (cfg.keytab != null) {
- source-file = cfg.keytab;
- target-file = "/run/postgresql/postgres.keytab";
- user = postgresUser;
- };
+ secrets.host-secrets.${hostname}.postgres-keytab =
+ mkIf (cfg.keytab != null) {
+ source-file = cfg.keytab;
+ target-file = "/run/postgresql/postgres.keytab";
+ user = postgresUser;
+ };
zones.${zone-name}.aliases.postgresql =
"${domain.postgresql-server}.${domain-name}.";
postgresql = mkIf isPostgresHost (let
ssl-config = optionalAttrs publicNetwork (let
- cert-copy = acme-copies.${postgresql-hostname}.local-copies.postgresql;
+ cert-copy =
+ acme-copies.${postgresql-hostname}.local-copies.postgresql;
in {
ssl-certificate = mkIf publicNetwork cert-copy.full-certificate;
ssl-private-key = mkIf publicNetwork cert-copy.private-key;
@@ -68,7 +69,8 @@ in {
});
in {
enable = true;
- keytab = mkIf (cfg.keytab != null) host-secrets.postgres-keytab.target-file;
+ keytab = mkIf (cfg.keytab != null)
+ "${host-secrets.postgres-keytab.target-file}";
local-networks = config.instance.local-networks;
state-directory = cfg.state-directory;
required-services = [ config.fudo.secrets.secret-target ];
diff --git a/config/service/suanni.nix b/config/service/suanni.nix
new file mode 100644
index 0000000..a2e1066
--- /dev/null
+++ b/config/service/suanni.nix
@@ -0,0 +1,156 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ cfg = config.fudo.services.suanni;
+
+ hostname = config.instance.hostname;
+ isListener = hostname == cfg.event-listener.host;
+ isObjectifier = hostname == cfg.objectifier.host;
+
+ domain-name = config.fudo.hosts."${hostname}".domain;
+
+ host-secrets = config.fudo.secrets.host-secrets."${hostname}";
+
+ suanni-mqtt-passwd = pkgs.lib.passwd.stablerandom-passwd-file "suanni-mqtt"
+ config.instance.build-seed;
+
+in {
+ options.fudo.services.suanni = with types; {
+ enable = mkEnableOption "Enable Suan Ni Home Guardian.";
+
+ mqtt-topic = mkOption {
+ type = str;
+ description = "MQTT topic on which to publish events.";
+ default = "suanni/events/motion";
+ };
+
+ event-listener = {
+ host = mkOption {
+ type = str;
+ description = "Hostname of Event Listener server.";
+ };
+
+ port = mkOption {
+ type = port;
+ default = 5354;
+ };
+ };
+
+ objectifier = {
+ host = mkOption {
+ type = str;
+ description = "Hostname of objectifier server.";
+ };
+
+ port = mkOption {
+ type = port;
+ default = 5121;
+ };
+ };
+
+ synology = {
+ host = mkOption {
+ type = str;
+ description = "Hostname of the Synology server.";
+ };
+
+ port = mkOption {
+ type = port;
+ description = "Port on which to contact the Synology server.";
+ };
+
+ username = mkOption {
+ type = str;
+ description = "Username as which to connect to the Synology server.";
+ };
+
+ password-file = mkOption {
+ type = str;
+ description = "Path to file containing Synology user password.";
+ };
+ };
+ };
+
+ config = mkIf cfg.enable {
+ services = mkIf (isObjectifier || isListener) {
+ nginx = {
+ enable = true;
+ recommendedOptimisation = true;
+ recommendedProxySettings = true;
+ recommendedGzipSettings = true;
+
+ virtualHosts = {
+ "event-listener.${domain-name}" = mkIf isListener {
+ locations."/".proxyPass =
+ "http://127.0.0.1:${toString cfg.event-listener.port}";
+ };
+ "objectifier.${domain-name}" = mkIf isObjectifier {
+ locations."/".proxyPass =
+ "http://127.0.0.1:${toString cfg.objectifier.port}";
+ };
+ };
+ };
+
+ objectifier = mkIf isObjectifier {
+ enable = true;
+ listen-addresses = [ "127.0.0.1" ];
+ port = cfg.objectifier.port;
+ };
+
+ suanni.server = mkIf isListener {
+ enable = true;
+ verbose = true;
+ event-listener.hostname = "127.0.0.1";
+ synology-client = {
+ inherit (cfg.synology) host port username;
+ password-file = host-secrets.suanni-synology-password.target-file;
+ };
+ objectifier-client = {
+ host = "objectifier.${domain-name}";
+ port = 80;
+ };
+ mqtt-client = {
+ inherit (config.fudo.services.mqtt.private) port;
+ host = config.fudo.services.mqtt.mqtt-hostname;
+ username = "suanni";
+ password-file = host-secrets.suanni-mqtt-password.target-file;
+ topic = cfg.mqtt-topic;
+ };
+ };
+ };
+
+ fudo = {
+ secrets.host-secrets."${hostname}" = {
+ suanni-synology-password = mkIf isListener {
+ source-file =
+ config.fudo.secrets.files.service-passwords."${hostname}".suanni-synology;
+ target-file = "/run/suanni/synology.passwd";
+ };
+ suanni-mqtt-password = mkIf isListener {
+ source-file = suanni-mqtt-passwd;
+ target-file = "/run/suanni/mqtt.passwd";
+ };
+ };
+
+ services.mqtt = {
+ enable = true;
+ private = {
+ enable = true;
+ users.suanni = {
+ password-file = suanni-mqtt-passwd;
+ acl = [ "readwrite #" ];
+ };
+ };
+ };
+
+ zones."${domain-name}" = {
+ aliases = {
+ objectifier = cfg.objectifier.host;
+ event-listener = "${cfg.event-listener.host}";
+ };
+ };
+ };
+
+ };
+}
diff --git a/config/service/tattler.nix b/config/service/tattler.nix
new file mode 100644
index 0000000..c957638
--- /dev/null
+++ b/config/service/tattler.nix
@@ -0,0 +1,104 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ cfg = config.fudo.services.tattler;
+
+ hostname = config.instance.hostname;
+ isSnooper = config.instance.hostname == cfg.snooper-host;
+ domain-name = config.fudo.host."${hostname}".domain;
+
+ snooper-mqtt-passwd = pkgs.lib.passwd.stablerandom-passwd-file "snooper-mqtt"
+ config.instance.build-seed;
+
+in {
+ options.fudo.services.tattler = with types; {
+ enable = mkEnableOption "Enable Snooper & Tattler notification system.";
+
+ verbose = mkEnableOption "Enable verbose output and logging.";
+
+ enable-notifications =
+ mkEnableOption "Enable tattler notifications on the local host.";
+
+ event-topics = mkOption {
+ type = listOf str;
+ description = "List of MQTT topics on which to listen for motion events.";
+ };
+
+ notification-topic = mkOption {
+ type = str;
+ description = "MQTT topic on which to publish notifications.";
+ default = "fudo/notifications/objects";
+ };
+
+ snooper-host = mkOption {
+ type = str;
+ description = "Host on which to run the snooper service.";
+ };
+ };
+
+ config = mkIf cfg.enable {
+ fudo = {
+ secrets.host-secrets."${hostname}" = {
+ snooper-passwd = mkIf isSnooper {
+ source-file = snooper-mqtt-passwd;
+ target-file = "/run/snooper/mqtt.passwd";
+ };
+ };
+
+ services.mqtt = mkIf isSnooper {
+ enable = true;
+ private = {
+ enable = true;
+ users.snooper = {
+ password-file = snooper-mqtt-passwd;
+ acl = map (topic: "read ${topic}") cfg.event-topics;
+ };
+ };
+ public = {
+ enable = true;
+ acl = [ "read ${cfg.notification-topic}" ];
+ users.snooper = {
+ password-file = snooper-mqtt-passwd;
+ acl = [ "readwrite ${cfg.notification-topic}" ];
+ };
+ };
+ };
+ };
+
+ services = {
+ snooper = mkIf isSnooper {
+ enable = true;
+ verbose = true;
+ event-topics = cfg.event-topics;
+ notification-topic = cfg.notification-topic;
+ mqtt = let
+ host-secrets =
+ (trace hostname config.fudo.secrets.host-secrets."${hostname}");
+ in {
+ incoming = {
+ port = config.fudo.services.mqtt.private.port;
+ host = config.fudo.services.mqtt.mqtt-hostname;
+ username = "snooper";
+ password-file = host-secrets.snooper-passwd.target-file;
+ };
+ outgoing = {
+ port = config.fudo.services.mqtt.public.port;
+ host = config.fudo.services.mqtt.mqtt-hostname;
+ username = "snooper";
+ password-file = host-secrets.snooper-passwd.target-file;
+ };
+ };
+ };
+ tattler = mkIf cfg.enable-notifications {
+ enable = true;
+ verbose = true;
+ notification-topic = cfg.notification-topic;
+ mqtt = {
+ inherit (config.fudo.services.mqtt.public) port;
+ host = config.fudo.services.mqtt.mqtt-hostname;
+ };
+ };
+ };
+ };
+}
diff --git a/config/service/wallfly-presence.nix b/config/service/wallfly-presence.nix
index 795fd96..7aae3c6 100644
--- a/config/service/wallfly-presence.nix
+++ b/config/service/wallfly-presence.nix
@@ -22,25 +22,6 @@ let
in {
options.fudo.services.wallfly-presence = with types; {
enable = mkEnableOption "Enable WallFly presence for the local site.";
-
- mqtt = {
- broker-host = mkOption {
- type = str;
- description = "Host to serve as local MQTT broker.";
- };
-
- port = mkOption {
- type = port;
- description = "Port on which to listen for MQTT connections.";
- default = 1884;
- };
-
- listen-address = mkOption {
- type = str;
- description = "Address on which to listen for MQTT connections.";
- default = "0.0.0.0";
- };
- };
};
config = mkIf cfg.enable {
@@ -50,42 +31,30 @@ in {
source-file = userOpts.password-file;
target-file = "/run/wallfly-${username}/passwd";
user = username;
- }) local-user-cfg) // (optionalAttrs is-mqtt-broker (mapAttrs'
- (username: userOpts:
- nameValuePair "wallfly-server-${username}-passwd" {
- source-file = userOpts.password-file;
- target-file = "/run/wallfly-mqtt/${username}.passwd";
- user = config.systemd.services.mosquitto.serviceConfig.User;
- }) user-cfg));
-
- zones."${domain-name}" = {
- aliases.mqtt = "${mqtt-broker}.${domain-name}.";
- };
+ }) local-user-cfg);
wallfly = {
enable = true;
- mqtt = {
- broker-uri =
- "tcp://${mqtt-broker}.${domain-name}:${toString cfg.mqtt.port}";
+ mqtt = let
+ mqtt-hostname = config.fudo.services.mqtt.mqtt-hostname;
+ mqtt-port = config.fudo.services.mqtt.private.port;
+ in {
+ broker-uri = "tcp://${mqtt-hostname}:${toString mqtt-port}";
username = "wallfly-$USER";
password-file = "/run/wallfly-$USER/passwd";
};
};
- };
- services = {
- mosquitto = mkIf (is-mqtt-broker) {
+ services.mqtt = {
enable = true;
- listeners = [{
- settings.allow_anonymous = false;
- port = cfg.mqtt.port;
- address = cfg.mqtt.listen-address;
+ private = {
+ enable = true;
users = mapAttrs' (username: userOpts:
nameValuePair "wallfly-${username}" {
- passwordFile = "/run/wallfly-mqtt/${username}.passwd";
+ password-file = userOpts.password-file;
acl = [ "readwrite homeassistant/binary_sensor/#" ];
}) user-cfg;
- }];
+ };
};
};
};
diff --git a/config/services.nix b/config/services.nix
index 908a399..c1e52ee 100644
--- a/config/services.nix
+++ b/config/services.nix
@@ -2,7 +2,7 @@
{
imports = [
- ./service/backplane.nix
+ # ./service/backplane.nix
./service/chat.nix
./service/chute.nix
./service/dns.nix
@@ -12,8 +12,12 @@
./service/logging.nix
./service/mail-server.nix
./service/metrics.nix
+ ./service/mqtt.nix
+ ./service/nexus.nix
./service/postgresql.nix
./service/selby-forum.nix
+ ./service/suanni.nix
+ ./service/tattler.nix
./service/wallfly-presence.nix
# ./service/wireguard-gateway.nix
];
diff --git a/config/site-config/seattle.nix b/config/site-config/seattle.nix
index 7d892e6..1150f6f 100644
--- a/config/site-config/seattle.nix
+++ b/config/site-config/seattle.nix
@@ -3,9 +3,37 @@
with lib;
let local-domain = "sea.fudo.org";
in {
- fudo.services.wallfly-presence = {
- enable = true;
- mqtt.broker-host = "wormhole0";
+ fudo.services = {
+ mqtt = {
+ enable = true;
+ host = "wormhole0";
+ };
+
+ wallfly-presence.enable = true;
+
+ tattler = let snooper-host = "wormhole0";
+ in {
+ enable = true;
+ verbose = true;
+ event-topics = [ "suanni/events/motion" ];
+ inherit snooper-host;
+ };
+
+ suanni = let
+ listener = "nostromo";
+ objectifier = "lambda";
+ in {
+ enable = true;
+ event-listener.host = listener;
+ objectifier.host = objectifier;
+ synology = {
+ host = "cargo.sea.fudo.org";
+ port = 5001;
+ username = "suanni";
+ password-file =
+ config.fudo.secrets.files.service-passwords."${listener}".suanni-synology;
+ };
+ };
};
fileSystems = {
@@ -165,7 +193,6 @@ in {
DefaultDependencies = false;
ConditionPathExists =
[ "|!/run/gssproxy.pid" "|!/proc/net/rpc/use-gss-proxy" ];
- Restart = "always";
};
serviceConfig = {
Type = "forking";
diff --git a/config/users.nix b/config/users.nix
index 577cdb2..00f931b 100644
--- a/config/users.nix
+++ b/config/users.nix
@@ -207,7 +207,7 @@
uid = 10065;
primary-group = "fudo";
common-name = "Xiaoxuan Jin";
- ldap-hashed-passwd = "{MD5}iecbyMpyVkmOaMBzSFy58Q==";
+ ldap-hashed-passwd = "{SSHA}04fLLUmqNUpOUJi3IBEja8bFNm0S6W60";
login-hashed-passwd =
"$6$C8lYHrK7KvdKm/RE$cHZ2hg5gEOEjTV8Zoayik8sz5h.Vh0.ClCgOlQn8l/2Qx/qdxqZ7xCsAZ1GZ.IEyESfhJeJbjLpykXDwPpfVF0";
email = "xiaoxuan@fudo.org";
diff --git a/flake.lock b/flake.lock
index 2663d5c..08329fd 100644
--- a/flake.lock
+++ b/flake.lock
@@ -13,19 +13,6 @@
"type": "path"
}
},
- "build-keypairs": {
- "flake": false,
- "locked": {
- "lastModified": 1634322891,
- "narHash": "sha256-4eRLRLCzZ6kQIRZqy51bj60jhFSQ/wlKLeNgABPhTyw=",
- "path": "/state/secrets/build-keypairs",
- "type": "path"
- },
- "original": {
- "path": "/state/secrets/build-keypairs",
- "type": "path"
- }
- },
"build-seed": {
"flake": false,
"locked": {
@@ -87,6 +74,31 @@
"inputs": {
"devshell": "devshell",
"flake-utils": "flake-utils_3",
+ "nixpkgs": [
+ "fudo-home",
+ "fudo-pkgs",
+ "helpers",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1663870497,
+ "narHash": "sha256-gnoyYWvZl64WBqR3tf9bKHAznEtBCHmwx7taHghH9Lw=",
+ "owner": "jlesquembre",
+ "repo": "clj-nix",
+ "rev": "23d9daacc80e634df078c4c6e34d592e1593d84c",
+ "type": "github"
+ },
+ "original": {
+ "owner": "jlesquembre",
+ "repo": "clj-nix",
+ "type": "github"
+ }
+ },
+ "clj-nix_10": {
+ "inputs": {
+ "devshell": "devshell_10",
+ "flake-utils": "flake-utils_15",
"nixpkgs": [
"pricebot",
"nixpkgs"
@@ -106,21 +118,320 @@
"type": "github"
}
},
- "clj-nix_2": {
+ "clj-nix_11": {
"inputs": {
- "devshell": "devshell_2",
- "flake-utils": "flake-utils_5",
+ "devshell": "devshell_11",
+ "flake-utils": "flake-utils_16",
+ "nixpkgs": [
+ "snooper",
+ "helpers",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1677342613,
+ "narHash": "sha256-BqhKj7jQahSVThEwLHt164kJHGx9LXzBARFZaFNLPW8=",
+ "owner": "jlesquembre",
+ "repo": "clj-nix",
+ "rev": "7d9e244ea96988524ba3bd6c2bbafdf0a5340b96",
+ "type": "github"
+ },
+ "original": {
+ "owner": "jlesquembre",
+ "repo": "clj-nix",
+ "type": "github"
+ }
+ },
+ "clj-nix_12": {
+ "inputs": {
+ "devshell": "devshell_12",
+ "flake-utils": "flake-utils_17",
+ "nixpkgs": [
+ "suanni",
+ "helpers",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1677342613,
+ "narHash": "sha256-BqhKj7jQahSVThEwLHt164kJHGx9LXzBARFZaFNLPW8=",
+ "owner": "jlesquembre",
+ "repo": "clj-nix",
+ "rev": "7d9e244ea96988524ba3bd6c2bbafdf0a5340b96",
+ "type": "github"
+ },
+ "original": {
+ "owner": "jlesquembre",
+ "repo": "clj-nix",
+ "type": "github"
+ }
+ },
+ "clj-nix_13": {
+ "inputs": {
+ "devshell": "devshell_13",
+ "flake-utils": "flake-utils_18",
+ "nixpkgs": [
+ "tattler",
+ "helpers",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1677342613,
+ "narHash": "sha256-BqhKj7jQahSVThEwLHt164kJHGx9LXzBARFZaFNLPW8=",
+ "owner": "jlesquembre",
+ "repo": "clj-nix",
+ "rev": "7d9e244ea96988524ba3bd6c2bbafdf0a5340b96",
+ "type": "github"
+ },
+ "original": {
+ "owner": "jlesquembre",
+ "repo": "clj-nix",
+ "type": "github"
+ }
+ },
+ "clj-nix_14": {
+ "inputs": {
+ "devshell": "devshell_14",
+ "flake-utils": "flake-utils_19",
+ "nixpkgs": [
+ "tattler",
+ "notifierClj",
+ "helpers",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1677342613,
+ "narHash": "sha256-BqhKj7jQahSVThEwLHt164kJHGx9LXzBARFZaFNLPW8=",
+ "owner": "jlesquembre",
+ "repo": "clj-nix",
+ "rev": "7d9e244ea96988524ba3bd6c2bbafdf0a5340b96",
+ "type": "github"
+ },
+ "original": {
+ "owner": "jlesquembre",
+ "repo": "clj-nix",
+ "type": "github"
+ }
+ },
+ "clj-nix_15": {
+ "inputs": {
+ "devshell": "devshell_15",
+ "flake-utils": "flake-utils_21",
"nixpkgs": [
"wallfly",
"nixpkgs"
]
},
"locked": {
- "lastModified": 1655801580,
- "narHash": "sha256-4XUFDP1ES1KNWwDukQEixCe4uV7Z951kgaVAFhXI2ew=",
+ "lastModified": 1663870497,
+ "narHash": "sha256-gnoyYWvZl64WBqR3tf9bKHAznEtBCHmwx7taHghH9Lw=",
"owner": "jlesquembre",
"repo": "clj-nix",
- "rev": "579141e009200fcd28d251731e9ac5ba46a1ec2a",
+ "rev": "23d9daacc80e634df078c4c6e34d592e1593d84c",
+ "type": "github"
+ },
+ "original": {
+ "owner": "jlesquembre",
+ "repo": "clj-nix",
+ "type": "github"
+ }
+ },
+ "clj-nix_2": {
+ "inputs": {
+ "devshell": "devshell_2",
+ "flake-utils": "flake-utils_5",
+ "nixpkgs": [
+ "fudo-pkgs",
+ "helpers",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1663870497,
+ "narHash": "sha256-gnoyYWvZl64WBqR3tf9bKHAznEtBCHmwx7taHghH9Lw=",
+ "owner": "jlesquembre",
+ "repo": "clj-nix",
+ "rev": "23d9daacc80e634df078c4c6e34d592e1593d84c",
+ "type": "github"
+ },
+ "original": {
+ "owner": "jlesquembre",
+ "repo": "clj-nix",
+ "type": "github"
+ }
+ },
+ "clj-nix_3": {
+ "inputs": {
+ "devshell": "devshell_3",
+ "flake-utils": "flake-utils_7",
+ "nixpkgs": [
+ "fudo-secrets",
+ "fudo-pkgs",
+ "helpers",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1663870497,
+ "narHash": "sha256-gnoyYWvZl64WBqR3tf9bKHAznEtBCHmwx7taHghH9Lw=",
+ "owner": "jlesquembre",
+ "repo": "clj-nix",
+ "rev": "23d9daacc80e634df078c4c6e34d592e1593d84c",
+ "type": "github"
+ },
+ "original": {
+ "owner": "jlesquembre",
+ "repo": "clj-nix",
+ "type": "github"
+ }
+ },
+ "clj-nix_4": {
+ "inputs": {
+ "devshell": "devshell_4",
+ "flake-utils": "flake-utils_8",
+ "nixpkgs": [
+ "fudo-secrets",
+ "nexus",
+ "nexus-client",
+ "helpers",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1677342613,
+ "narHash": "sha256-BqhKj7jQahSVThEwLHt164kJHGx9LXzBARFZaFNLPW8=",
+ "owner": "jlesquembre",
+ "repo": "clj-nix",
+ "rev": "7d9e244ea96988524ba3bd6c2bbafdf0a5340b96",
+ "type": "github"
+ },
+ "original": {
+ "owner": "jlesquembre",
+ "repo": "clj-nix",
+ "type": "github"
+ }
+ },
+ "clj-nix_5": {
+ "inputs": {
+ "devshell": "devshell_5",
+ "flake-utils": "flake-utils_9",
+ "nixpkgs": [
+ "fudo-secrets",
+ "nexus",
+ "nexus-crypto",
+ "helpers",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1677342613,
+ "narHash": "sha256-BqhKj7jQahSVThEwLHt164kJHGx9LXzBARFZaFNLPW8=",
+ "owner": "jlesquembre",
+ "repo": "clj-nix",
+ "rev": "7d9e244ea96988524ba3bd6c2bbafdf0a5340b96",
+ "type": "github"
+ },
+ "original": {
+ "owner": "jlesquembre",
+ "repo": "clj-nix",
+ "type": "github"
+ }
+ },
+ "clj-nix_6": {
+ "inputs": {
+ "devshell": "devshell_6",
+ "flake-utils": "flake-utils_10",
+ "nixpkgs": [
+ "fudo-secrets",
+ "nexus",
+ "nexus-server",
+ "helpers",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1677342613,
+ "narHash": "sha256-BqhKj7jQahSVThEwLHt164kJHGx9LXzBARFZaFNLPW8=",
+ "owner": "jlesquembre",
+ "repo": "clj-nix",
+ "rev": "7d9e244ea96988524ba3bd6c2bbafdf0a5340b96",
+ "type": "github"
+ },
+ "original": {
+ "owner": "jlesquembre",
+ "repo": "clj-nix",
+ "type": "github"
+ }
+ },
+ "clj-nix_7": {
+ "inputs": {
+ "devshell": "devshell_7",
+ "flake-utils": "flake-utils_11",
+ "nixpkgs": [
+ "nexus",
+ "nexus-client",
+ "helpers",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1677342613,
+ "narHash": "sha256-BqhKj7jQahSVThEwLHt164kJHGx9LXzBARFZaFNLPW8=",
+ "owner": "jlesquembre",
+ "repo": "clj-nix",
+ "rev": "7d9e244ea96988524ba3bd6c2bbafdf0a5340b96",
+ "type": "github"
+ },
+ "original": {
+ "owner": "jlesquembre",
+ "repo": "clj-nix",
+ "type": "github"
+ }
+ },
+ "clj-nix_8": {
+ "inputs": {
+ "devshell": "devshell_8",
+ "flake-utils": "flake-utils_12",
+ "nixpkgs": [
+ "nexus",
+ "nexus-crypto",
+ "helpers",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1677342613,
+ "narHash": "sha256-BqhKj7jQahSVThEwLHt164kJHGx9LXzBARFZaFNLPW8=",
+ "owner": "jlesquembre",
+ "repo": "clj-nix",
+ "rev": "7d9e244ea96988524ba3bd6c2bbafdf0a5340b96",
+ "type": "github"
+ },
+ "original": {
+ "owner": "jlesquembre",
+ "repo": "clj-nix",
+ "type": "github"
+ }
+ },
+ "clj-nix_9": {
+ "inputs": {
+ "devshell": "devshell_9",
+ "flake-utils": "flake-utils_13",
+ "nixpkgs": [
+ "nexus",
+ "nexus-server",
+ "helpers",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1677342613,
+ "narHash": "sha256-BqhKj7jQahSVThEwLHt164kJHGx9LXzBARFZaFNLPW8=",
+ "owner": "jlesquembre",
+ "repo": "clj-nix",
+ "rev": "7d9e244ea96988524ba3bd6c2bbafdf0a5340b96",
"type": "github"
},
"original": {
@@ -149,6 +460,126 @@
"type": "github"
}
},
+ "clj2nix_10": {
+ "inputs": {
+ "flake-compat": "flake-compat_11",
+ "nixpkgs": "nixpkgs_22",
+ "utils": "utils_26"
+ },
+ "locked": {
+ "lastModified": 1673786922,
+ "narHash": "sha256-MrwSNEXpq20/AvMxW49MRbuqf8C2M4Vei3jtZeXYjJk=",
+ "owner": "hlolli",
+ "repo": "clj2nix",
+ "rev": "04b0dfbfc69c6316b8613d061e3fe4619d79cd9f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hlolli",
+ "repo": "clj2nix",
+ "type": "github"
+ }
+ },
+ "clj2nix_11": {
+ "inputs": {
+ "flake-compat": "flake-compat_12",
+ "nixpkgs": "nixpkgs_24",
+ "utils": "utils_29"
+ },
+ "locked": {
+ "lastModified": 1673786922,
+ "narHash": "sha256-MrwSNEXpq20/AvMxW49MRbuqf8C2M4Vei3jtZeXYjJk=",
+ "owner": "hlolli",
+ "repo": "clj2nix",
+ "rev": "04b0dfbfc69c6316b8613d061e3fe4619d79cd9f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hlolli",
+ "repo": "clj2nix",
+ "type": "github"
+ }
+ },
+ "clj2nix_12": {
+ "inputs": {
+ "flake-compat": "flake-compat_13",
+ "nixpkgs": "nixpkgs_30",
+ "utils": "utils_35"
+ },
+ "locked": {
+ "lastModified": 1673786922,
+ "narHash": "sha256-MrwSNEXpq20/AvMxW49MRbuqf8C2M4Vei3jtZeXYjJk=",
+ "owner": "hlolli",
+ "repo": "clj2nix",
+ "rev": "04b0dfbfc69c6316b8613d061e3fe4619d79cd9f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hlolli",
+ "repo": "clj2nix",
+ "type": "github"
+ }
+ },
+ "clj2nix_13": {
+ "inputs": {
+ "flake-compat": "flake-compat_14",
+ "nixpkgs": "nixpkgs_32",
+ "utils": "utils_38"
+ },
+ "locked": {
+ "lastModified": 1673786922,
+ "narHash": "sha256-MrwSNEXpq20/AvMxW49MRbuqf8C2M4Vei3jtZeXYjJk=",
+ "owner": "hlolli",
+ "repo": "clj2nix",
+ "rev": "04b0dfbfc69c6316b8613d061e3fe4619d79cd9f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hlolli",
+ "repo": "clj2nix",
+ "type": "github"
+ }
+ },
+ "clj2nix_14": {
+ "inputs": {
+ "flake-compat": "flake-compat_15",
+ "nixpkgs": "nixpkgs_34",
+ "utils": "utils_41"
+ },
+ "locked": {
+ "lastModified": 1673786922,
+ "narHash": "sha256-MrwSNEXpq20/AvMxW49MRbuqf8C2M4Vei3jtZeXYjJk=",
+ "owner": "hlolli",
+ "repo": "clj2nix",
+ "rev": "04b0dfbfc69c6316b8613d061e3fe4619d79cd9f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hlolli",
+ "repo": "clj2nix",
+ "type": "github"
+ }
+ },
+ "clj2nix_15": {
+ "inputs": {
+ "flake-compat": "flake-compat_16",
+ "nixpkgs": "nixpkgs_36",
+ "utils": "utils_43"
+ },
+ "locked": {
+ "lastModified": 1673786922,
+ "narHash": "sha256-MrwSNEXpq20/AvMxW49MRbuqf8C2M4Vei3jtZeXYjJk=",
+ "owner": "hlolli",
+ "repo": "clj2nix",
+ "rev": "04b0dfbfc69c6316b8613d061e3fe4619d79cd9f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hlolli",
+ "repo": "clj2nix",
+ "type": "github"
+ }
+ },
"clj2nix_2": {
"inputs": {
"flake-compat": "flake-compat_2",
@@ -169,9 +600,190 @@
"type": "github"
}
},
+ "clj2nix_3": {
+ "inputs": {
+ "flake-compat": "flake-compat_4",
+ "nixpkgs": "nixpkgs_5",
+ "utils": "utils_5"
+ },
+ "locked": {
+ "lastModified": 1654804151,
+ "narHash": "sha256-D/fRFmem9MoSWAmeK8VE6EMtfBRF3xPpEXp9AotW+K0=",
+ "owner": "hlolli",
+ "repo": "clj2nix",
+ "rev": "a321028a6670fc6329272a4d1ac0054f0b25d920",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hlolli",
+ "repo": "clj2nix",
+ "type": "github"
+ }
+ },
+ "clj2nix_4": {
+ "inputs": {
+ "flake-compat": "flake-compat_5",
+ "nixpkgs": "nixpkgs_7",
+ "utils": "utils_8"
+ },
+ "locked": {
+ "lastModified": 1654804151,
+ "narHash": "sha256-D/fRFmem9MoSWAmeK8VE6EMtfBRF3xPpEXp9AotW+K0=",
+ "owner": "hlolli",
+ "repo": "clj2nix",
+ "rev": "a321028a6670fc6329272a4d1ac0054f0b25d920",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hlolli",
+ "repo": "clj2nix",
+ "type": "github"
+ }
+ },
+ "clj2nix_5": {
+ "inputs": {
+ "flake-compat": "flake-compat_6",
+ "nixpkgs": "nixpkgs_10",
+ "utils": "utils_10"
+ },
+ "locked": {
+ "lastModified": 1654804151,
+ "narHash": "sha256-D/fRFmem9MoSWAmeK8VE6EMtfBRF3xPpEXp9AotW+K0=",
+ "owner": "hlolli",
+ "repo": "clj2nix",
+ "rev": "a321028a6670fc6329272a4d1ac0054f0b25d920",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hlolli",
+ "repo": "clj2nix",
+ "type": "github"
+ }
+ },
+ "clj2nix_6": {
+ "inputs": {
+ "flake-compat": "flake-compat_7",
+ "nixpkgs": "nixpkgs_12",
+ "utils": "utils_12"
+ },
+ "locked": {
+ "lastModified": 1673786922,
+ "narHash": "sha256-MrwSNEXpq20/AvMxW49MRbuqf8C2M4Vei3jtZeXYjJk=",
+ "owner": "hlolli",
+ "repo": "clj2nix",
+ "rev": "04b0dfbfc69c6316b8613d061e3fe4619d79cd9f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hlolli",
+ "repo": "clj2nix",
+ "type": "github"
+ }
+ },
+ "clj2nix_7": {
+ "inputs": {
+ "flake-compat": "flake-compat_8",
+ "nixpkgs": "nixpkgs_14",
+ "utils": "utils_15"
+ },
+ "locked": {
+ "lastModified": 1673786922,
+ "narHash": "sha256-MrwSNEXpq20/AvMxW49MRbuqf8C2M4Vei3jtZeXYjJk=",
+ "owner": "hlolli",
+ "repo": "clj2nix",
+ "rev": "04b0dfbfc69c6316b8613d061e3fe4619d79cd9f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hlolli",
+ "repo": "clj2nix",
+ "type": "github"
+ }
+ },
+ "clj2nix_8": {
+ "inputs": {
+ "flake-compat": "flake-compat_9",
+ "nixpkgs": "nixpkgs_16",
+ "utils": "utils_18"
+ },
+ "locked": {
+ "lastModified": 1673786922,
+ "narHash": "sha256-MrwSNEXpq20/AvMxW49MRbuqf8C2M4Vei3jtZeXYjJk=",
+ "owner": "hlolli",
+ "repo": "clj2nix",
+ "rev": "04b0dfbfc69c6316b8613d061e3fe4619d79cd9f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hlolli",
+ "repo": "clj2nix",
+ "type": "github"
+ }
+ },
+ "clj2nix_9": {
+ "inputs": {
+ "flake-compat": "flake-compat_10",
+ "nixpkgs": "nixpkgs_20",
+ "utils": "utils_23"
+ },
+ "locked": {
+ "lastModified": 1673786922,
+ "narHash": "sha256-MrwSNEXpq20/AvMxW49MRbuqf8C2M4Vei3jtZeXYjJk=",
+ "owner": "hlolli",
+ "repo": "clj2nix",
+ "rev": "04b0dfbfc69c6316b8613d061e3fe4619d79cd9f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hlolli",
+ "repo": "clj2nix",
+ "type": "github"
+ }
+ },
+ "darknet": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1658093200,
+ "narHash": "sha256-Bhvbc06IeA4oNz93WiPmz9TXwxz7LQ6L8HPr8UEvzvE=",
+ "owner": "pjreddie",
+ "repo": "darknet",
+ "rev": "f6afaabcdf85f77e7aff2ec55c020c0e297c77f9",
+ "type": "github"
+ },
+ "original": {
+ "owner": "pjreddie",
+ "repo": "darknet",
+ "type": "github"
+ }
+ },
"devshell": {
"inputs": {
"flake-utils": "flake-utils_2",
+ "nixpkgs": [
+ "fudo-home",
+ "fudo-pkgs",
+ "helpers",
+ "clj-nix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1658746384,
+ "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=",
+ "owner": "numtide",
+ "repo": "devshell",
+ "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "devshell",
+ "type": "github"
+ }
+ },
+ "devshell_10": {
+ "inputs": {
+ "flake-utils": "flake-utils_14",
"nixpkgs": [
"pricebot",
"clj-nix",
@@ -192,9 +804,127 @@
"type": "github"
}
},
- "devshell_2": {
+ "devshell_11": {
"inputs": {
- "flake-utils": "flake-utils_4",
+ "flake-utils": [
+ "snooper",
+ "helpers",
+ "clj-nix",
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "snooper",
+ "helpers",
+ "clj-nix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1658746384,
+ "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=",
+ "owner": "numtide",
+ "repo": "devshell",
+ "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "devshell",
+ "type": "github"
+ }
+ },
+ "devshell_12": {
+ "inputs": {
+ "flake-utils": [
+ "suanni",
+ "helpers",
+ "clj-nix",
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "suanni",
+ "helpers",
+ "clj-nix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1658746384,
+ "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=",
+ "owner": "numtide",
+ "repo": "devshell",
+ "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "devshell",
+ "type": "github"
+ }
+ },
+ "devshell_13": {
+ "inputs": {
+ "flake-utils": [
+ "tattler",
+ "helpers",
+ "clj-nix",
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "tattler",
+ "helpers",
+ "clj-nix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1658746384,
+ "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=",
+ "owner": "numtide",
+ "repo": "devshell",
+ "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "devshell",
+ "type": "github"
+ }
+ },
+ "devshell_14": {
+ "inputs": {
+ "flake-utils": [
+ "tattler",
+ "notifierClj",
+ "helpers",
+ "clj-nix",
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "tattler",
+ "notifierClj",
+ "helpers",
+ "clj-nix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1658746384,
+ "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=",
+ "owner": "numtide",
+ "repo": "devshell",
+ "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "devshell",
+ "type": "github"
+ }
+ },
+ "devshell_15": {
+ "inputs": {
+ "flake-utils": "flake-utils_20",
"nixpkgs": [
"wallfly",
"clj-nix",
@@ -202,11 +932,252 @@
]
},
"locked": {
- "lastModified": 1644227066,
- "narHash": "sha256-FHcFZtpZEWnUh62xlyY3jfXAXHzJNEDLDzLsJxn+ve0=",
+ "lastModified": 1658746384,
+ "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=",
"owner": "numtide",
"repo": "devshell",
- "rev": "7033f64dd9ef8d9d8644c5030c73913351d2b660",
+ "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "devshell",
+ "type": "github"
+ }
+ },
+ "devshell_2": {
+ "inputs": {
+ "flake-utils": "flake-utils_4",
+ "nixpkgs": [
+ "fudo-pkgs",
+ "helpers",
+ "clj-nix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1658746384,
+ "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=",
+ "owner": "numtide",
+ "repo": "devshell",
+ "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "devshell",
+ "type": "github"
+ }
+ },
+ "devshell_3": {
+ "inputs": {
+ "flake-utils": "flake-utils_6",
+ "nixpkgs": [
+ "fudo-secrets",
+ "fudo-pkgs",
+ "helpers",
+ "clj-nix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1658746384,
+ "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=",
+ "owner": "numtide",
+ "repo": "devshell",
+ "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "devshell",
+ "type": "github"
+ }
+ },
+ "devshell_4": {
+ "inputs": {
+ "flake-utils": [
+ "fudo-secrets",
+ "nexus",
+ "nexus-client",
+ "helpers",
+ "clj-nix",
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "fudo-secrets",
+ "nexus",
+ "nexus-client",
+ "helpers",
+ "clj-nix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1658746384,
+ "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=",
+ "owner": "numtide",
+ "repo": "devshell",
+ "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "devshell",
+ "type": "github"
+ }
+ },
+ "devshell_5": {
+ "inputs": {
+ "flake-utils": [
+ "fudo-secrets",
+ "nexus",
+ "nexus-crypto",
+ "helpers",
+ "clj-nix",
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "fudo-secrets",
+ "nexus",
+ "nexus-crypto",
+ "helpers",
+ "clj-nix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1658746384,
+ "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=",
+ "owner": "numtide",
+ "repo": "devshell",
+ "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "devshell",
+ "type": "github"
+ }
+ },
+ "devshell_6": {
+ "inputs": {
+ "flake-utils": [
+ "fudo-secrets",
+ "nexus",
+ "nexus-server",
+ "helpers",
+ "clj-nix",
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "fudo-secrets",
+ "nexus",
+ "nexus-server",
+ "helpers",
+ "clj-nix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1658746384,
+ "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=",
+ "owner": "numtide",
+ "repo": "devshell",
+ "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "devshell",
+ "type": "github"
+ }
+ },
+ "devshell_7": {
+ "inputs": {
+ "flake-utils": [
+ "nexus",
+ "nexus-client",
+ "helpers",
+ "clj-nix",
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "nexus",
+ "nexus-client",
+ "helpers",
+ "clj-nix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1658746384,
+ "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=",
+ "owner": "numtide",
+ "repo": "devshell",
+ "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "devshell",
+ "type": "github"
+ }
+ },
+ "devshell_8": {
+ "inputs": {
+ "flake-utils": [
+ "nexus",
+ "nexus-crypto",
+ "helpers",
+ "clj-nix",
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "nexus",
+ "nexus-crypto",
+ "helpers",
+ "clj-nix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1658746384,
+ "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=",
+ "owner": "numtide",
+ "repo": "devshell",
+ "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "devshell",
+ "type": "github"
+ }
+ },
+ "devshell_9": {
+ "inputs": {
+ "flake-utils": [
+ "nexus",
+ "nexus-server",
+ "helpers",
+ "clj-nix",
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "nexus",
+ "nexus-server",
+ "helpers",
+ "clj-nix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1658746384,
+ "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=",
+ "owner": "numtide",
+ "repo": "devshell",
+ "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b",
"type": "github"
},
"original": {
@@ -228,6 +1199,19 @@
"type": "path"
}
},
+ "dnssec-ksks": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1683356935,
+ "narHash": "sha256-jB53hHlzV/QvjedU38zpiZQl+43klmFsswMGhWonR7c=",
+ "path": "/state/secrets/dnssec",
+ "type": "path"
+ },
+ "original": {
+ "path": "/state/secrets/dnssec",
+ "type": "path"
+ }
+ },
"doom-emacs": {
"inputs": {
"doom-emacs": "doom-emacs_2",
@@ -260,11 +1244,11 @@
"ws-butler": "ws-butler"
},
"locked": {
- "lastModified": 1671758850,
- "narHash": "sha256-B6us/CLIIPJRJgjn/hVp7N07j90kil4HmjUVj8TBhKE=",
+ "lastModified": 1682645493,
+ "narHash": "sha256-U3TqEcBM7QSqX0B9vQYIdB/9Ls7SE6BzM4XNDpM0Lpg=",
"owner": "nix-community",
"repo": "nix-doom-emacs",
- "rev": "85a48dbec84e9c26785b58fecdefa1cfc580aea7",
+ "rev": "33db1786e0352cad4227fb931ac96c4e2e89de29",
"type": "github"
},
"original": {
@@ -293,11 +1277,11 @@
"doom-snippets": {
"flake": false,
"locked": {
- "lastModified": 1662645711,
- "narHash": "sha256-XKpPCtECGZQ5bFPPDUX3oAltXOJNwAI/OktxiLnADRE=",
+ "lastModified": 1676839496,
+ "narHash": "sha256-1Ay9zi0u1lycmEeFqIxr0RWH+JvH9BnzgRzkPeWEAYY=",
"owner": "doomemacs",
"repo": "snippets",
- "rev": "03a62fe7edf7e87fdbd925713fbd3bf292d14b00",
+ "rev": "fe4003014ae00b866f117cb193f711fd9d72fd11",
"type": "github"
},
"original": {
@@ -309,16 +1293,17 @@
"emacs-overlay": {
"flake": false,
"locked": {
- "lastModified": 1671729646,
- "narHash": "sha256-crrTM9K1q8zGZ2gibEPJAudAnr0bMqPiLr1I8P+I5ls=",
+ "lastModified": 1676366521,
+ "narHash": "sha256-i4UAY8t9Au9SJtsgYppa3NHSVf1YkV6yqnNIQd+Km4g=",
"owner": "nix-community",
"repo": "emacs-overlay",
- "rev": "9c95614e0b1a2f6a3f4cf9b99b17439887ea0373",
+ "rev": "c16be6de78ea878aedd0292aa5d4a1ee0a5da501",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "emacs-overlay",
+ "rev": "c16be6de78ea878aedd0292aa5d4a1ee0a5da501",
"type": "github"
}
},
@@ -338,6 +1323,25 @@
"type": "github"
}
},
+ "entities": {
+ "inputs": {
+ "fudo-lib": "fudo-lib_3",
+ "nixpkgs": "nixpkgs_9"
+ },
+ "locked": {
+ "lastModified": 1683473493,
+ "narHash": "sha256-DhXGPS2w8ucsCRy254f2B+L2kza/WjncD/bK2t95mH0=",
+ "ref": "refs/heads/master",
+ "rev": "038a50f8da3c7737f444710ad896a0bd2875fd9b",
+ "revCount": 134,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-nix/entities.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-nix/entities.git"
+ }
+ },
"evil-escape": {
"flake": false,
"locked": {
@@ -447,6 +1451,118 @@
"type": "github"
}
},
+ "flake-compat_10": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1668681692,
+ "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "009399224d5e398d03b22badca40a37ac85412a1",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "flake-compat_11": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1668681692,
+ "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "009399224d5e398d03b22badca40a37ac85412a1",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "flake-compat_12": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1668681692,
+ "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "009399224d5e398d03b22badca40a37ac85412a1",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "flake-compat_13": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1668681692,
+ "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "009399224d5e398d03b22badca40a37ac85412a1",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "flake-compat_14": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1668681692,
+ "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "009399224d5e398d03b22badca40a37ac85412a1",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "flake-compat_15": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1668681692,
+ "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "009399224d5e398d03b22badca40a37ac85412a1",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "flake-compat_16": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1668681692,
+ "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "009399224d5e398d03b22badca40a37ac85412a1",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
"flake-compat_2": {
"flake": false,
"locked": {
@@ -464,6 +1580,102 @@
}
},
"flake-compat_3": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1673956053,
+ "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "flake-compat_4": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1627913399,
+ "narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "flake-compat_5": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1627913399,
+ "narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "flake-compat_6": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1627913399,
+ "narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "flake-compat_7": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1668681692,
+ "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "009399224d5e398d03b22badca40a37ac85412a1",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "flake-compat_8": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1668681692,
+ "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "009399224d5e398d03b22badca40a37ac85412a1",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "flake-compat_9": {
"flake": false,
"locked": {
"lastModified": 1668681692,
@@ -480,12 +1692,165 @@
}
},
"flake-utils": {
+ "inputs": {
+ "systems": "systems"
+ },
"locked": {
- "lastModified": 1667395993,
- "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+ "lastModified": 1681202837,
+ "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+ "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_10": {
+ "locked": {
+ "lastModified": 1656928814,
+ "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_11": {
+ "locked": {
+ "lastModified": 1656928814,
+ "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_12": {
+ "locked": {
+ "lastModified": 1656928814,
+ "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_13": {
+ "locked": {
+ "lastModified": 1656928814,
+ "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_14": {
+ "locked": {
+ "lastModified": 1642700792,
+ "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_15": {
+ "locked": {
+ "lastModified": 1644229661,
+ "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_16": {
+ "locked": {
+ "lastModified": 1656928814,
+ "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_17": {
+ "locked": {
+ "lastModified": 1656928814,
+ "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_18": {
+ "locked": {
+ "lastModified": 1656928814,
+ "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_19": {
+ "locked": {
+ "lastModified": 1656928814,
+ "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
"type": "github"
},
"original": {
@@ -509,13 +1874,43 @@
"type": "github"
}
},
- "flake-utils_3": {
+ "flake-utils_20": {
"locked": {
- "lastModified": 1644229661,
- "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
+ "lastModified": 1642700792,
+ "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797",
+ "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_21": {
+ "locked": {
+ "lastModified": 1656928814,
+ "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_3": {
+ "locked": {
+ "lastModified": 1656928814,
+ "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
"type": "github"
},
"original": {
@@ -541,11 +1936,71 @@
},
"flake-utils_5": {
"locked": {
- "lastModified": 1644229661,
- "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
+ "lastModified": 1656928814,
+ "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797",
+ "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_6": {
+ "locked": {
+ "lastModified": 1642700792,
+ "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_7": {
+ "locked": {
+ "lastModified": 1656928814,
+ "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_8": {
+ "locked": {
+ "lastModified": 1656928814,
+ "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_9": {
+ "locked": {
+ "lastModified": 1656928814,
+ "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
"type": "github"
},
"original": {
@@ -579,11 +2034,11 @@
]
},
"locked": {
- "lastModified": 1662665220,
- "narHash": "sha256-nFIPsBwT9/vgM8+mRJQpVPaabUKkN5BUYF8+nfvOuaY=",
+ "lastModified": 1683837890,
+ "narHash": "sha256-y//EIz15wflQknpKzg8KqTYYcDJClFhZ85NN42Wm7cU=",
"ref": "refs/heads/master",
- "rev": "0375d2c98014f0923d2cde2d1ae186533052d02c",
- "revCount": 105,
+ "rev": "0d65fc63b8e38501d3565ac5a40350bdeb2f8eff",
+ "revCount": 136,
"type": "git",
"url": "https://git.fudo.org/fudo-nix/entities.git"
},
@@ -597,18 +2052,18 @@
"doom-emacs": "doom-emacs",
"fudo-pkgs": "fudo-pkgs",
"gnome-manager": "gnome-manager",
- "home-manager": "home-manager_2",
+ "home-manager": "home-manager",
"niten-doom-config": "niten-doom-config",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
- "lastModified": 1672858188,
- "narHash": "sha256-Rc7b07aYiD1nLnDdD1ZlmGdsgiVGN3/8D7VsCnfHuns=",
+ "lastModified": 1683143741,
+ "narHash": "sha256-2YQHxCyZlaoq9Fy1deEGnMNIHYvqO3zOWvMo2kPpnHc=",
"ref": "refs/heads/master",
- "rev": "81cad87b318ca38af748aa3a790f645efaaf6f58",
- "revCount": 284,
+ "rev": "032191b23a81e1ea40ffe05e37f11a50fdffe030",
+ "revCount": 327,
"type": "git",
"url": "https://git.fudo.org/fudo-nix/home.git"
},
@@ -634,8 +2089,8 @@
},
"fudo-lib_2": {
"locked": {
- "lastModified": 1671734339,
- "narHash": "sha256-Sfo5KQVG6d9PW8xQfCcLiNmX5tt06hYuxff4kqhu2+o=",
+ "lastModified": 1684281054,
+ "narHash": "sha256-qt+B8ZIofxYG3BH2ZdjT7nC8cKkZK7h7DpAtwMpRT50=",
"path": "/state/fudo-lib",
"type": "path"
},
@@ -644,13 +2099,32 @@
"type": "path"
}
},
- "fudo-pkgs": {
+ "fudo-lib_3": {
"locked": {
- "lastModified": 1671908188,
- "narHash": "sha256-WCMIJg++GcUhsquYsVwtozpKAtHIt9NEuEv8cn0Re1U=",
+ "lastModified": 1654117056,
+ "narHash": "sha256-Ray3c3Zv41Ax4MvTFY7pagfROUoXzS4x11l0EHFj9DE=",
+ "ref": "master",
+ "rev": "df53c13bb7f15336a2b0f110cef0a57af7089737",
+ "revCount": 68,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-nix/lib.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-nix/lib.git"
+ }
+ },
+ "fudo-pkgs": {
+ "inputs": {
+ "helpers": "helpers",
+ "unstableNixpkgs": "unstableNixpkgs"
+ },
+ "locked": {
+ "lastModified": 1682384116,
+ "narHash": "sha256-84ZunYHCAKR9+kA2v3HBxqmoU225uJcptt+6YKtgWnE=",
"ref": "refs/heads/master",
- "rev": "33925888f6d99ff09db36572c79c9bdc3a32c701",
- "revCount": 67,
+ "rev": "6bf7df2b8b60cbb1b4ec08539dd69f4956a44ff6",
+ "revCount": 204,
"type": "git",
"url": "https://git.fudo.org/fudo-nix/pkgs.git"
},
@@ -660,12 +2134,35 @@
}
},
"fudo-pkgs_2": {
+ "inputs": {
+ "helpers": "helpers_2",
+ "unstableNixpkgs": "unstableNixpkgs_2"
+ },
"locked": {
- "lastModified": 1671908188,
- "narHash": "sha256-WCMIJg++GcUhsquYsVwtozpKAtHIt9NEuEv8cn0Re1U=",
+ "lastModified": 1683322537,
+ "narHash": "sha256-2x/W/dvUqVPpE91mxIcrcOJL4ufE+9LNdJRgVeUour8=",
"ref": "refs/heads/master",
- "rev": "33925888f6d99ff09db36572c79c9bdc3a32c701",
- "revCount": 67,
+ "rev": "8013891628c1d709f28705e3f9b7c3f91481892b",
+ "revCount": 215,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-nix/pkgs.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-nix/pkgs.git"
+ }
+ },
+ "fudo-pkgs_3": {
+ "inputs": {
+ "helpers": "helpers_3",
+ "unstableNixpkgs": "unstableNixpkgs_3"
+ },
+ "locked": {
+ "lastModified": 1683322537,
+ "narHash": "sha256-2x/W/dvUqVPpE91mxIcrcOJL4ufE+9LNdJRgVeUour8=",
+ "ref": "refs/heads/master",
+ "rev": "8013891628c1d709f28705e3f9b7c3f91481892b",
+ "revCount": 215,
"type": "git",
"url": "https://git.fudo.org/fudo-nix/pkgs.git"
},
@@ -677,22 +2174,22 @@
"fudo-secrets": {
"inputs": {
"blobs": "blobs",
- "build-keypairs": "build-keypairs",
"build-seed": "build-seed",
"dnssec-keys": "dnssec-keys",
+ "dnssec-ksks": "dnssec-ksks",
+ "entities": "entities",
"filesystem-keys": "filesystem-keys",
- "host-keytabs": "host-keytabs",
- "nixpkgs": "nixpkgs_6",
- "realm-master-keys": "realm-master-keys",
- "service-keytabs": "service-keytabs",
+ "fudo-pkgs": "fudo-pkgs_3",
+ "nexus": "nexus",
+ "nixpkgs": "nixpkgs_19",
"service-passwords": "service-passwords",
"service-secrets": "service-secrets",
"ssh-keypairs": "ssh-keypairs",
- "utils": "utils_7"
+ "utils": "utils_22"
},
"locked": {
- "lastModified": 1672857129,
- "narHash": "sha256-lrKfITnPNG9iSXrVEPmDyWGfyGatL+ZEDcaazIgtHdc=",
+ "lastModified": 1684175031,
+ "narHash": "sha256-DPkpvv0AMxVm3asT14LFDADRm9029hRLQXWV0EaL4k8=",
"path": "/state/secrets",
"type": "path"
},
@@ -745,14 +2242,17 @@
},
"gnome-manager": {
"inputs": {
- "home-manager": "home-manager"
+ "home-manager": [
+ "fudo-home",
+ "home-manager"
+ ]
},
"locked": {
- "lastModified": 1672420375,
- "narHash": "sha256-/dEy6VJHtyCh+/5vA5gLIiBbarR3HwQS+uKHXEXywqw=",
+ "lastModified": 1673465156,
+ "narHash": "sha256-pr6ytEViK59zHUNt4CZWi1zB0MarBbGP1oNNdU7lOSQ=",
"owner": "fudoniten",
"repo": "gnome-manager",
- "rev": "6be38e0db4ccb07ca219951744a58e5d0bb17fe2",
+ "rev": "0da66d80d12d051846f3a7a29013c29b705e04a6",
"type": "github"
},
"original": {
@@ -762,40 +2262,335 @@
"type": "github"
}
},
- "home-manager": {
+ "helpers": {
"inputs": {
- "nixpkgs": "nixpkgs_5",
- "utils": "utils_5"
+ "clj-nix": "clj-nix",
+ "clj2nix": "clj2nix_3",
+ "nixpkgs": "nixpkgs_6",
+ "utils": "utils_6"
},
"locked": {
- "lastModified": 1672244468,
- "narHash": "sha256-xaZb8AZqoXRCSqPusCk4ouf+fUNP8UJdafmMTF1Ltlw=",
- "owner": "nix-community",
- "repo": "home-manager",
- "rev": "89a8ba0b5b43b3350ff2e3ef37b66736b2ef8706",
- "type": "github"
+ "lastModified": 1675466351,
+ "narHash": "sha256-JPDyPw0JdRds8iZ5N6v+OJ8+aTlWHfUxMKslIX2itu4=",
+ "ref": "refs/heads/master",
+ "rev": "9d7434f1ac1351f499ea08eceadb44647d6c8c9b",
+ "revCount": 21,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nix-helpers.git"
},
"original": {
- "owner": "nix-community",
- "ref": "release-22.11",
- "repo": "home-manager",
- "type": "github"
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nix-helpers.git"
}
},
- "home-manager_2": {
+ "helpers_10": {
+ "inputs": {
+ "clj-nix": "clj-nix_11",
+ "clj2nix": "clj2nix_12",
+ "nixpkgs": [
+ "snooper",
+ "nixpkgs"
+ ],
+ "utils": "utils_36"
+ },
+ "locked": {
+ "lastModified": 1677792046,
+ "narHash": "sha256-GU7czTodGN+6ijrz5MuREJMyfPo9aDsXRjaZA+nl+ys=",
+ "ref": "refs/heads/master",
+ "rev": "d54fa928c37e7f260c2b99bc733634347e83d9fd",
+ "revCount": 32,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nix-helpers.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nix-helpers.git"
+ }
+ },
+ "helpers_11": {
+ "inputs": {
+ "clj-nix": "clj-nix_12",
+ "clj2nix": "clj2nix_13",
+ "nixpkgs": [
+ "suanni",
+ "nixpkgs"
+ ],
+ "utils": "utils_39"
+ },
+ "locked": {
+ "lastModified": 1677792046,
+ "narHash": "sha256-GU7czTodGN+6ijrz5MuREJMyfPo9aDsXRjaZA+nl+ys=",
+ "ref": "refs/heads/master",
+ "rev": "d54fa928c37e7f260c2b99bc733634347e83d9fd",
+ "revCount": 32,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nix-helpers.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nix-helpers.git"
+ }
+ },
+ "helpers_12": {
+ "inputs": {
+ "clj-nix": "clj-nix_13",
+ "clj2nix": "clj2nix_14",
+ "nixpkgs": [
+ "tattler",
+ "nixpkgs"
+ ],
+ "utils": "utils_42"
+ },
+ "locked": {
+ "lastModified": 1684277086,
+ "narHash": "sha256-ZVolilPIqfhev+2txay6R+v57m8n5LW7IW7etSj38jI=",
+ "ref": "with-deps",
+ "rev": "dfec8f49de6a4cf4e3597d617cf8295cd987b60c",
+ "revCount": 57,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nix-helpers.git"
+ },
+ "original": {
+ "ref": "with-deps",
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nix-helpers.git"
+ }
+ },
+ "helpers_13": {
+ "inputs": {
+ "clj-nix": "clj-nix_14",
+ "clj2nix": "clj2nix_15",
+ "nixpkgs": [
+ "tattler",
+ "notifierClj",
+ "nixpkgs"
+ ],
+ "utils": "utils_44"
+ },
+ "locked": {
+ "lastModified": 1684274921,
+ "narHash": "sha256-RH12Qx4u5LMomcBZaTBii1EhlHQ3TUgaKUcn+cqiClA=",
+ "ref": "with-deps",
+ "rev": "056710d1ef79ee9fabcd6808d3179779f65f45fd",
+ "revCount": 55,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nix-helpers.git"
+ },
+ "original": {
+ "ref": "with-deps",
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nix-helpers.git"
+ }
+ },
+ "helpers_2": {
+ "inputs": {
+ "clj-nix": "clj-nix_2",
+ "clj2nix": "clj2nix_4",
+ "nixpkgs": "nixpkgs_8",
+ "utils": "utils_9"
+ },
+ "locked": {
+ "lastModified": 1675466351,
+ "narHash": "sha256-JPDyPw0JdRds8iZ5N6v+OJ8+aTlWHfUxMKslIX2itu4=",
+ "ref": "refs/heads/master",
+ "rev": "9d7434f1ac1351f499ea08eceadb44647d6c8c9b",
+ "revCount": 21,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nix-helpers.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nix-helpers.git"
+ }
+ },
+ "helpers_3": {
+ "inputs": {
+ "clj-nix": "clj-nix_3",
+ "clj2nix": "clj2nix_5",
+ "nixpkgs": "nixpkgs_11",
+ "utils": "utils_11"
+ },
+ "locked": {
+ "lastModified": 1675466351,
+ "narHash": "sha256-JPDyPw0JdRds8iZ5N6v+OJ8+aTlWHfUxMKslIX2itu4=",
+ "ref": "refs/heads/master",
+ "rev": "9d7434f1ac1351f499ea08eceadb44647d6c8c9b",
+ "revCount": 21,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nix-helpers.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nix-helpers.git"
+ }
+ },
+ "helpers_4": {
+ "inputs": {
+ "clj-nix": "clj-nix_4",
+ "clj2nix": "clj2nix_6",
+ "nixpkgs": [
+ "fudo-secrets",
+ "nexus",
+ "nexus-client",
+ "nixpkgs"
+ ],
+ "utils": "utils_13"
+ },
+ "locked": {
+ "lastModified": 1677792046,
+ "narHash": "sha256-GU7czTodGN+6ijrz5MuREJMyfPo9aDsXRjaZA+nl+ys=",
+ "ref": "refs/heads/master",
+ "rev": "d54fa928c37e7f260c2b99bc733634347e83d9fd",
+ "revCount": 32,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nix-helpers.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nix-helpers.git"
+ }
+ },
+ "helpers_5": {
+ "inputs": {
+ "clj-nix": "clj-nix_5",
+ "clj2nix": "clj2nix_7",
+ "nixpkgs": [
+ "fudo-secrets",
+ "nexus",
+ "nexus-crypto",
+ "nixpkgs"
+ ],
+ "utils": "utils_16"
+ },
+ "locked": {
+ "lastModified": 1677792046,
+ "narHash": "sha256-GU7czTodGN+6ijrz5MuREJMyfPo9aDsXRjaZA+nl+ys=",
+ "ref": "refs/heads/master",
+ "rev": "d54fa928c37e7f260c2b99bc733634347e83d9fd",
+ "revCount": 32,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nix-helpers.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nix-helpers.git"
+ }
+ },
+ "helpers_6": {
+ "inputs": {
+ "clj-nix": "clj-nix_6",
+ "clj2nix": "clj2nix_8",
+ "nixpkgs": [
+ "fudo-secrets",
+ "nexus",
+ "nexus-server",
+ "nixpkgs"
+ ],
+ "utils": "utils_19"
+ },
+ "locked": {
+ "lastModified": 1677792046,
+ "narHash": "sha256-GU7czTodGN+6ijrz5MuREJMyfPo9aDsXRjaZA+nl+ys=",
+ "ref": "refs/heads/master",
+ "rev": "d54fa928c37e7f260c2b99bc733634347e83d9fd",
+ "revCount": 32,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nix-helpers.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nix-helpers.git"
+ }
+ },
+ "helpers_7": {
+ "inputs": {
+ "clj-nix": "clj-nix_7",
+ "clj2nix": "clj2nix_9",
+ "nixpkgs": [
+ "nexus",
+ "nexus-client",
+ "nixpkgs"
+ ],
+ "utils": "utils_24"
+ },
+ "locked": {
+ "lastModified": 1677792046,
+ "narHash": "sha256-GU7czTodGN+6ijrz5MuREJMyfPo9aDsXRjaZA+nl+ys=",
+ "ref": "refs/heads/master",
+ "rev": "d54fa928c37e7f260c2b99bc733634347e83d9fd",
+ "revCount": 32,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nix-helpers.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nix-helpers.git"
+ }
+ },
+ "helpers_8": {
+ "inputs": {
+ "clj-nix": "clj-nix_8",
+ "clj2nix": "clj2nix_10",
+ "nixpkgs": [
+ "nexus",
+ "nexus-crypto",
+ "nixpkgs"
+ ],
+ "utils": "utils_27"
+ },
+ "locked": {
+ "lastModified": 1677792046,
+ "narHash": "sha256-GU7czTodGN+6ijrz5MuREJMyfPo9aDsXRjaZA+nl+ys=",
+ "ref": "refs/heads/master",
+ "rev": "d54fa928c37e7f260c2b99bc733634347e83d9fd",
+ "revCount": 32,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nix-helpers.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nix-helpers.git"
+ }
+ },
+ "helpers_9": {
+ "inputs": {
+ "clj-nix": "clj-nix_9",
+ "clj2nix": "clj2nix_11",
+ "nixpkgs": [
+ "nexus",
+ "nexus-server",
+ "nixpkgs"
+ ],
+ "utils": "utils_30"
+ },
+ "locked": {
+ "lastModified": 1677792046,
+ "narHash": "sha256-GU7czTodGN+6ijrz5MuREJMyfPo9aDsXRjaZA+nl+ys=",
+ "ref": "refs/heads/master",
+ "rev": "d54fa928c37e7f260c2b99bc733634347e83d9fd",
+ "revCount": 32,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nix-helpers.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nix-helpers.git"
+ }
+ },
+ "home-manager": {
"inputs": {
"nixpkgs": [
"fudo-home",
"nixpkgs"
],
- "utils": "utils_6"
+ "utils": "utils_7"
},
"locked": {
- "lastModified": 1672244468,
- "narHash": "sha256-xaZb8AZqoXRCSqPusCk4ouf+fUNP8UJdafmMTF1Ltlw=",
+ "lastModified": 1681092193,
+ "narHash": "sha256-JerCqqOqbT2tBnXQW4EqwFl0hHnuZp21rIQ6lu/N4rI=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "89a8ba0b5b43b3350ff2e3ef37b66736b2ef8706",
+ "rev": "f9edbedaf015013eb35f8caacbe0c9666bbc16af",
"type": "github"
},
"original": {
@@ -805,17 +2600,168 @@
"type": "github"
}
},
- "host-keytabs": {
- "flake": false,
+ "nexus": {
+ "inputs": {
+ "nexus-client": "nexus-client",
+ "nexus-crypto": "nexus-crypto",
+ "nexus-server": "nexus-server",
+ "nixpkgs": "nixpkgs_18",
+ "utils": "utils_21"
+ },
"locked": {
- "lastModified": 1647537444,
- "narHash": "sha256-SA058alChYye39gm4TwPpCufR1P+X9QnH/EunJYXd5s=",
- "path": "/state/secrets/kerberos/host-keytabs",
- "type": "path"
+ "lastModified": 1680541464,
+ "narHash": "sha256-aKDleW+y6boXt2xuz3oJpVz2A4dybPRjcRh0c+lpb3o=",
+ "ref": "refs/heads/master",
+ "rev": "b2cb23479d977e3c1cb65c47ac625174113a0dd4",
+ "revCount": 246,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nexus.git"
},
"original": {
- "path": "/state/secrets/kerberos/host-keytabs",
- "type": "path"
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nexus.git"
+ }
+ },
+ "nexus-client": {
+ "inputs": {
+ "helpers": "helpers_4",
+ "nixpkgs": "nixpkgs_13",
+ "utils": "utils_14"
+ },
+ "locked": {
+ "lastModified": 1680313539,
+ "narHash": "sha256-yNkEz5wnlP4BrJpnI9YY+OBk3pUdl0lPAVdcoob9oBk=",
+ "ref": "refs/heads/master",
+ "rev": "8346a158be6f3189ddd69fcf8f442f0114de9498",
+ "revCount": 47,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nexus-client.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nexus-client.git"
+ }
+ },
+ "nexus-client_2": {
+ "inputs": {
+ "helpers": "helpers_7",
+ "nixpkgs": "nixpkgs_21",
+ "utils": "utils_25"
+ },
+ "locked": {
+ "lastModified": 1680313539,
+ "narHash": "sha256-yNkEz5wnlP4BrJpnI9YY+OBk3pUdl0lPAVdcoob9oBk=",
+ "ref": "refs/heads/master",
+ "rev": "8346a158be6f3189ddd69fcf8f442f0114de9498",
+ "revCount": 47,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nexus-client.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nexus-client.git"
+ }
+ },
+ "nexus-crypto": {
+ "inputs": {
+ "helpers": "helpers_5",
+ "nixpkgs": "nixpkgs_15",
+ "utils": "utils_17"
+ },
+ "locked": {
+ "lastModified": 1677792070,
+ "narHash": "sha256-D8rqdQRjbDuuIDZE+I7pza8FJLzypiwUhUZw9Aa9FWQ=",
+ "ref": "refs/heads/master",
+ "rev": "11526a84ad72afaef0b2822df06fd2fc225864d4",
+ "revCount": 11,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nexus-crypto.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nexus-crypto.git"
+ }
+ },
+ "nexus-crypto_2": {
+ "inputs": {
+ "helpers": "helpers_8",
+ "nixpkgs": "nixpkgs_23",
+ "utils": "utils_28"
+ },
+ "locked": {
+ "lastModified": 1677792070,
+ "narHash": "sha256-D8rqdQRjbDuuIDZE+I7pza8FJLzypiwUhUZw9Aa9FWQ=",
+ "ref": "refs/heads/master",
+ "rev": "11526a84ad72afaef0b2822df06fd2fc225864d4",
+ "revCount": 11,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nexus-crypto.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nexus-crypto.git"
+ }
+ },
+ "nexus-server": {
+ "inputs": {
+ "helpers": "helpers_6",
+ "nixpkgs": "nixpkgs_17",
+ "utils": "utils_20"
+ },
+ "locked": {
+ "lastModified": 1680473429,
+ "narHash": "sha256-dbzA2yc/j2CoxvBKR2rMbdiA6FPJ7nSAefiby/dsawU=",
+ "ref": "refs/heads/master",
+ "rev": "b0a2aae0ffb972ea4b922ad1d8068869c02f6e31",
+ "revCount": 60,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nexus-server.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nexus-server.git"
+ }
+ },
+ "nexus-server_2": {
+ "inputs": {
+ "helpers": "helpers_9",
+ "nixpkgs": "nixpkgs_25",
+ "utils": "utils_31"
+ },
+ "locked": {
+ "lastModified": 1680473429,
+ "narHash": "sha256-dbzA2yc/j2CoxvBKR2rMbdiA6FPJ7nSAefiby/dsawU=",
+ "ref": "refs/heads/master",
+ "rev": "b0a2aae0ffb972ea4b922ad1d8068869c02f6e31",
+ "revCount": 60,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nexus-server.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nexus-server.git"
+ }
+ },
+ "nexus_2": {
+ "inputs": {
+ "nexus-client": "nexus-client_2",
+ "nexus-crypto": "nexus-crypto_2",
+ "nexus-server": "nexus-server_2",
+ "nixpkgs": "nixpkgs_26",
+ "utils": "utils_32"
+ },
+ "locked": {
+ "lastModified": 1680541464,
+ "narHash": "sha256-aKDleW+y6boXt2xuz3oJpVz2A4dybPRjcRh0c+lpb3o=",
+ "ref": "refs/heads/master",
+ "rev": "b2cb23479d977e3c1cb65c47ac625174113a0dd4",
+ "revCount": 246,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nexus.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/nexus.git"
}
},
"niten-doom-config": {
@@ -882,11 +2828,11 @@
},
"nixpkgsUnstable": {
"locked": {
- "lastModified": 1672617983,
- "narHash": "sha256-68WDiCBs631mbDDk4UAKdGURKcsfW6hjb7wgudTAe5o=",
+ "lastModified": 1684215771,
+ "narHash": "sha256-fsum28z+g18yreNa1Y7MPo9dtps5h1VkHfZbYQ+YPbk=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "0fc9fca9c8d43edd79d33fea0dd8409d7c4580f4",
+ "rev": "963006aab35e3e8ebbf6052b6bf4ea712fdd3c28",
"type": "github"
},
"original": {
@@ -895,6 +2841,156 @@
"type": "indirect"
}
},
+ "nixpkgs_10": {
+ "locked": {
+ "lastModified": 1637881340,
+ "narHash": "sha256-/meU5CTm8GnaETZrJa0UqBQvk9T/jKp1+MLIQQ7FTTo=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "d460f48ddb884f7270b7f7bfcbf8a7b91140caa5",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_11": {
+ "locked": {
+ "lastModified": 1672353432,
+ "narHash": "sha256-oZfgp/44/o2tWiylV30cR+DLyWTJ+5dhsdWZVpzs3e4=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "913a47cd064cc06440ea84e5e0452039a85781f0",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-22.11",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_12": {
+ "locked": {
+ "lastModified": 1673785507,
+ "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_13": {
+ "locked": {
+ "lastModified": 1672580127,
+ "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "0874168639713f547c05947c76124f78441ea46c",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-22.05",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_14": {
+ "locked": {
+ "lastModified": 1673785507,
+ "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_15": {
+ "locked": {
+ "lastModified": 1677624842,
+ "narHash": "sha256-4DF9DbDuK4/+KYx0L6XcPBeDHUFVCtzok2fWtwXtb5w=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "d70f5cd5c3bef45f7f52698f39e7cc7a89daa7f0",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-22.11",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_16": {
+ "locked": {
+ "lastModified": 1673785507,
+ "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_17": {
+ "locked": {
+ "lastModified": 1678230755,
+ "narHash": "sha256-SFAXgNjNTXzcAideXcP0takfUGVft/VR5CACmYHg+Fc=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "a7cc81913bb3cd1ef05ed0ece048b773e1839e51",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-22.11",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_18": {
+ "locked": {
+ "lastModified": 1672580127,
+ "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "0874168639713f547c05947c76124f78441ea46c",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-22.05",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_19": {
+ "locked": {
+ "lastModified": 1682600000,
+ "narHash": "sha256-ha4BehR1dh8EnXSoE1m/wyyYVvHI9txjW4w5/oxsW5Y=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "50fc86b75d2744e1ab3837ef74b53f103a9b55a0",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-22.05",
+ "type": "indirect"
+ }
+ },
"nixpkgs_2": {
"locked": {
"lastModified": 1638196344,
@@ -910,6 +3006,156 @@
"type": "indirect"
}
},
+ "nixpkgs_20": {
+ "locked": {
+ "lastModified": 1673785507,
+ "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_21": {
+ "locked": {
+ "lastModified": 1672580127,
+ "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "0874168639713f547c05947c76124f78441ea46c",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-22.05",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_22": {
+ "locked": {
+ "lastModified": 1673785507,
+ "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_23": {
+ "locked": {
+ "lastModified": 1677624842,
+ "narHash": "sha256-4DF9DbDuK4/+KYx0L6XcPBeDHUFVCtzok2fWtwXtb5w=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "d70f5cd5c3bef45f7f52698f39e7cc7a89daa7f0",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-22.11",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_24": {
+ "locked": {
+ "lastModified": 1673785507,
+ "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_25": {
+ "locked": {
+ "lastModified": 1678230755,
+ "narHash": "sha256-SFAXgNjNTXzcAideXcP0takfUGVft/VR5CACmYHg+Fc=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "a7cc81913bb3cd1ef05ed0ece048b773e1839e51",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-22.11",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_26": {
+ "locked": {
+ "lastModified": 1672580127,
+ "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "0874168639713f547c05947c76124f78441ea46c",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-22.05",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_27": {
+ "locked": {
+ "lastModified": 1684171562,
+ "narHash": "sha256-BMUWjVWAUdyMWKk0ATMC9H0Bv4qAV/TXwwPUvTiC5IQ=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "55af203d468a6f5032a519cba4f41acf5a74b638",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-22.11",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_28": {
+ "locked": {
+ "lastModified": 1672781980,
+ "narHash": "sha256-L+yqt2szcp+BFiWoMJCisDsNA5OrpYVW1QSbbS5U8RU=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "a9eedea7232f5d00f0aca7267efb69a54da1b8a1",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-22.11",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_29": {
+ "locked": {
+ "lastModified": 1659446231,
+ "narHash": "sha256-hekabNdTdgR/iLsgce5TGWmfIDZ86qjPhxDg/8TlzhE=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "eabc38219184cc3e04a974fe31857d8e0eac098d",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-21.11",
+ "type": "indirect"
+ }
+ },
"nixpkgs_3": {
"locked": {
"lastModified": 1637881340,
@@ -925,6 +3171,126 @@
"type": "github"
}
},
+ "nixpkgs_30": {
+ "locked": {
+ "lastModified": 1673785507,
+ "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_31": {
+ "locked": {
+ "lastModified": 1672580127,
+ "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "0874168639713f547c05947c76124f78441ea46c",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-22.05",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_32": {
+ "locked": {
+ "lastModified": 1673785507,
+ "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_33": {
+ "locked": {
+ "lastModified": 1672580127,
+ "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "0874168639713f547c05947c76124f78441ea46c",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-22.05",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_34": {
+ "locked": {
+ "lastModified": 1673785507,
+ "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_35": {
+ "locked": {
+ "lastModified": 1684171562,
+ "narHash": "sha256-BMUWjVWAUdyMWKk0ATMC9H0Bv4qAV/TXwwPUvTiC5IQ=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "55af203d468a6f5032a519cba4f41acf5a74b638",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-22.11",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_36": {
+ "locked": {
+ "lastModified": 1673785507,
+ "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_37": {
+ "locked": {
+ "lastModified": 1672580127,
+ "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "0874168639713f547c05947c76124f78441ea46c",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-22.05",
+ "type": "indirect"
+ }
+ },
"nixpkgs_4": {
"locked": {
"lastModified": 1640653651,
@@ -942,27 +3308,26 @@
},
"nixpkgs_5": {
"locked": {
- "lastModified": 1672617983,
- "narHash": "sha256-68WDiCBs631mbDDk4UAKdGURKcsfW6hjb7wgudTAe5o=",
- "owner": "nixos",
+ "lastModified": 1637881340,
+ "narHash": "sha256-/meU5CTm8GnaETZrJa0UqBQvk9T/jKp1+MLIQQ7FTTo=",
+ "owner": "NixOS",
"repo": "nixpkgs",
- "rev": "0fc9fca9c8d43edd79d33fea0dd8409d7c4580f4",
+ "rev": "d460f48ddb884f7270b7f7bfcbf8a7b91140caa5",
"type": "github"
},
"original": {
- "owner": "nixos",
- "ref": "nixos-unstable",
+ "owner": "NixOS",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
- "lastModified": 1672616430,
- "narHash": "sha256-e18rRwDUaW/Uw1tBmtsVueJ2SVI5DLhrEGwhkIo+c50=",
+ "lastModified": 1672353432,
+ "narHash": "sha256-oZfgp/44/o2tWiylV30cR+DLyWTJ+5dhsdWZVpzs3e4=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "0bf3109eeb61780965c27f4a0a4affdcd0cd4d3d",
+ "rev": "913a47cd064cc06440ea84e5e0452039a85781f0",
"type": "github"
},
"original": {
@@ -973,11 +3338,26 @@
},
"nixpkgs_7": {
"locked": {
- "lastModified": 1672616430,
- "narHash": "sha256-e18rRwDUaW/Uw1tBmtsVueJ2SVI5DLhrEGwhkIo+c50=",
+ "lastModified": 1637881340,
+ "narHash": "sha256-/meU5CTm8GnaETZrJa0UqBQvk9T/jKp1+MLIQQ7FTTo=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "0bf3109eeb61780965c27f4a0a4affdcd0cd4d3d",
+ "rev": "d460f48ddb884f7270b7f7bfcbf8a7b91140caa5",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_8": {
+ "locked": {
+ "lastModified": 1672353432,
+ "narHash": "sha256-oZfgp/44/o2tWiylV30cR+DLyWTJ+5dhsdWZVpzs3e4=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "913a47cd064cc06440ea84e5e0452039a85781f0",
"type": "github"
},
"original": {
@@ -986,33 +3366,16 @@
"type": "indirect"
}
},
- "nixpkgs_8": {
- "locked": {
- "lastModified": 1659446231,
- "narHash": "sha256-hekabNdTdgR/iLsgce5TGWmfIDZ86qjPhxDg/8TlzhE=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "eabc38219184cc3e04a974fe31857d8e0eac098d",
- "type": "github"
- },
- "original": {
- "id": "nixpkgs",
- "ref": "nixos-21.11",
- "type": "indirect"
- }
- },
"nixpkgs_9": {
"locked": {
- "lastModified": 1656265786,
- "narHash": "sha256-A9RkoGrxzsmMm0vily18p92Rasb+MbdDMaSnzmywXKw=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "cd90e773eae83ba7733d2377b6cdf84d45558780",
- "type": "github"
+ "lastModified": 1653918726,
+ "narHash": "sha256-C+BpRKWjuwR4a9R0w5V5AFaQiyDtRPSRec7VJCX1NI4=",
+ "path": "/nix/store/zdc50x6ibr27smd581yxc8snjdlf1487-source",
+ "rev": "39945562539b572eb43915992ef82f46a7176364",
+ "type": "path"
},
"original": {
"id": "nixpkgs",
- "ref": "nixos-22.05",
"type": "indirect"
}
},
@@ -1032,6 +3395,29 @@
"type": "github"
}
},
+ "notifierClj": {
+ "inputs": {
+ "helpers": "helpers_13",
+ "nixpkgs": [
+ "tattler",
+ "nixpkgs"
+ ],
+ "utils": "utils_45"
+ },
+ "locked": {
+ "lastModified": 1684275076,
+ "narHash": "sha256-8+1ZkJo/k/7j5uJF7PN8IOv5Z9niuO1cw1m4zyvrv9Y=",
+ "ref": "refs/heads/master",
+ "rev": "8b1327f66a31873dc0cac3d6eb2fa5c957723757",
+ "revCount": 6,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/notifier.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/notifier.git"
+ }
+ },
"ob-racket": {
"flake": false,
"locked": {
@@ -1048,14 +3434,34 @@
"type": "github"
}
},
+ "objectifier": {
+ "inputs": {
+ "darknet": "darknet",
+ "nixpkgs": "nixpkgs_28",
+ "utils": "utils_33"
+ },
+ "locked": {
+ "lastModified": 1679246727,
+ "narHash": "sha256-5+fmOgoTABJ6jwoKQrYP898jMdH76yAlbJnAVTu0QIU=",
+ "ref": "refs/heads/master",
+ "rev": "21f897b5c39e4d3d32f5b2595ba7fd9f58923624",
+ "revCount": 71,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/objectifier.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/objectifier.git"
+ }
+ },
"org": {
"flake": false,
"locked": {
- "lastModified": 1670680538,
- "narHash": "sha256-afmN2tOY6Par235bVsqhtFHOSVyw4NBgTxI5Eo6Yk5A=",
+ "lastModified": 1682449610,
+ "narHash": "sha256-1I9Rpnyp9rZTYG48oxxN+scKoKTJxh/ya787zI0xIpI=",
"owner": "emacs-straight",
"repo": "org-mode",
- "rev": "42153ea2fec66f90c1623be25d6774d96ecf8062",
+ "rev": "eaf274909f595ba29b853031e1c5bcdac255fbeb",
"type": "github"
},
"original": {
@@ -1067,11 +3473,11 @@
"org-contrib": {
"flake": false,
"locked": {
- "lastModified": 1664301003,
- "narHash": "sha256-8CAq/EB52RMQHNLZM0uc/1N5gKTfxGhf7WFt9sMKoD8=",
+ "lastModified": 1675694242,
+ "narHash": "sha256-4Fn33CTVTCqh5TyVAggSr8Fm8/hB8Xgl+hkxh3WCrI8=",
"owner": "emacsmirror",
"repo": "org-contrib",
- "rev": "aa104c0bbc3113f6d3d167b20bd8d6bf6a285f0f",
+ "rev": "fff6c888065588527b1c1d7dd7e41c29ef767e17",
"type": "github"
},
"original": {
@@ -1114,9 +3520,9 @@
},
"pricebot": {
"inputs": {
- "clj-nix": "clj-nix",
- "nixpkgs": "nixpkgs_8",
- "utils": "utils_8"
+ "clj-nix": "clj-nix_10",
+ "nixpkgs": "nixpkgs_29",
+ "utils": "utils_34"
},
"locked": {
"lastModified": 1661201877,
@@ -1132,27 +3538,14 @@
"url": "https://git.fudo.org/fudo-public/pricebot.git"
}
},
- "realm-master-keys": {
- "flake": false,
- "locked": {
- "lastModified": 1636586592,
- "narHash": "sha256-5hDmPweE6lshRKA+AKRgJv7VwWxHsYekwMT32uAUKJU=",
- "path": "/state/secrets/kerberos/master-keys",
- "type": "path"
- },
- "original": {
- "path": "/state/secrets/kerberos/master-keys",
- "type": "path"
- }
- },
"revealjs": {
"flake": false,
"locked": {
- "lastModified": 1670408834,
- "narHash": "sha256-2LG8/AwMC+caNK9DKDyVGw+EPT2W6ys177xQj7mdKng=",
+ "lastModified": 1681386605,
+ "narHash": "sha256-9Q7aWgjAV37iJp6oYDz45e8J+RKwKY1Uvgg/BXwf5nQ=",
"owner": "hakimel",
"repo": "reveal.js",
- "rev": "4fe3946cb43de57f79aaa7b646aee7e78f4bcc75",
+ "rev": "0301ce58ab185f7191696e16b1b6389f58df2892",
"type": "github"
},
"original": {
@@ -1170,10 +3563,15 @@
"fudo-lib": "fudo-lib_2",
"fudo-pkgs": "fudo-pkgs_2",
"fudo-secrets": "fudo-secrets",
- "nixpkgs": "nixpkgs_7",
+ "nexus": "nexus_2",
+ "nixpkgs": "nixpkgs_27",
"nixpkgs2111": "nixpkgs2111",
"nixpkgsUnstable": "nixpkgsUnstable",
+ "objectifier": "objectifier",
"pricebot": "pricebot",
+ "snooper": "snooper",
+ "suanni": "suanni",
+ "tattler": "tattler",
"wallfly": "wallfly"
}
},
@@ -1193,24 +3591,11 @@
"type": "github"
}
},
- "service-keytabs": {
- "flake": false,
- "locked": {
- "lastModified": 1639361926,
- "narHash": "sha256-0gpaf5j/Uxy6HUXDLt0T7vg4Z2aic1IHhuNUO5IcOhY=",
- "path": "/state/secrets/kerberos/service-keytabs",
- "type": "path"
- },
- "original": {
- "path": "/state/secrets/kerberos/service-keytabs",
- "type": "path"
- }
- },
"service-passwords": {
"flake": false,
"locked": {
- "lastModified": 1656532749,
- "narHash": "sha256-J3oy9wGPzRUQDTxTKK2nNKPXdZ8G8xXdZatMzarg4HI=",
+ "lastModified": 1683356935,
+ "narHash": "sha256-91ZjXr3/6KAwglWY9yy14LD5tat0gWkQmDscBILrocs=",
"path": "/state/secrets/service-passwords",
"type": "path"
},
@@ -1248,11 +3633,31 @@
"type": "github"
}
},
+ "snooper": {
+ "inputs": {
+ "helpers": "helpers_10",
+ "nixpkgs": "nixpkgs_31",
+ "utils": "utils_37"
+ },
+ "locked": {
+ "lastModified": 1683670608,
+ "narHash": "sha256-LhHwMbrVdLo80DrV2aRvEJFXTy+MeIiiABlFgGjgFRg=",
+ "ref": "refs/heads/master",
+ "rev": "38ea8bce7048ade7ac8509e090a0f1c988b78835",
+ "revCount": 9,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/snooper.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/snooper.git"
+ }
+ },
"ssh-keypairs": {
"flake": false,
"locked": {
- "lastModified": 1647537635,
- "narHash": "sha256-pla2J8HmPHBVDp/2m/22lctwd6VvmJ2cik5n68jf3VY=",
+ "lastModified": 1683437114,
+ "narHash": "sha256-WhI0zHJxpMvG/tWF4nQKKHh9kQzujmcacqX6RmemdBI=",
"path": "/state/secrets/ssh-keypairs",
"type": "path"
},
@@ -1261,14 +3666,130 @@
"type": "path"
}
},
+ "suanni": {
+ "inputs": {
+ "helpers": "helpers_11",
+ "nixpkgs": "nixpkgs_33",
+ "utils": "utils_40"
+ },
+ "locked": {
+ "lastModified": 1682462225,
+ "narHash": "sha256-6+iGhqY3Xi6/4k0eBxf+56LyAuyVFFyptd9+Pq+dcao=",
+ "ref": "refs/heads/master",
+ "rev": "f0d8f59cc176243f8238d81f88b8550cfedf47e7",
+ "revCount": 23,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/suanni.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/suanni.git"
+ }
+ },
+ "systems": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
+ },
+ "systems_2": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
+ },
+ "systems_3": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
+ },
+ "systems_4": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
+ },
+ "systems_5": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
+ },
+ "tattler": {
+ "inputs": {
+ "helpers": "helpers_12",
+ "nixpkgs": "nixpkgs_35",
+ "notifierClj": "notifierClj",
+ "utils": "utils_46"
+ },
+ "locked": {
+ "lastModified": 1684277210,
+ "narHash": "sha256-4Wg42zU6ASKN925ESnI1+UUb0iJ0SSd1eTzcVcnx3OE=",
+ "ref": "refs/heads/master",
+ "rev": "20a1c1ccb532986cec5952fd505d1fd4738d32ce",
+ "revCount": 10,
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/tattler.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.fudo.org/fudo-public/tattler.git"
+ }
+ },
"ts-fold": {
"flake": false,
"locked": {
- "lastModified": 1671426601,
- "narHash": "sha256-NrvSK+olbi4P+9q5KOomNHGgmrRtI9cW9ZqkdU4n0Sc=",
+ "lastModified": 1681029086,
+ "narHash": "sha256-z3eVkAPFI6JYZZ+2XM496zBxwnujTp4Y4KNNfqgUC/E=",
"owner": "jcs-elpa",
"repo": "ts-fold",
- "rev": "a64f5252a66253852bef1c627cea9e39928e6392",
+ "rev": "5fd2a5afe2112ac23b58ee1b12730fcf16068df3",
"type": "github"
},
"original": {
@@ -1277,6 +3798,51 @@
"type": "github"
}
},
+ "unstableNixpkgs": {
+ "locked": {
+ "lastModified": 1683014792,
+ "narHash": "sha256-6Va9iVtmmsw4raBc3QKvQT2KT/NGRWlvUlJj46zN8B8=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "1a411f23ba299db155a5b45d5e145b85a7aafc42",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-unstable",
+ "type": "indirect"
+ }
+ },
+ "unstableNixpkgs_2": {
+ "locked": {
+ "lastModified": 1684215771,
+ "narHash": "sha256-fsum28z+g18yreNa1Y7MPo9dtps5h1VkHfZbYQ+YPbk=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "963006aab35e3e8ebbf6052b6bf4ea712fdd3c28",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-unstable",
+ "type": "indirect"
+ }
+ },
+ "unstableNixpkgs_3": {
+ "locked": {
+ "lastModified": 1683408522,
+ "narHash": "sha256-9kcPh6Uxo17a3kK3XCHhcWiV1Yu1kYj22RHiymUhMkU=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "897876e4c484f1e8f92009fd11b7d988a121a4e7",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-unstable",
+ "type": "indirect"
+ }
+ },
"utils": {
"locked": {
"lastModified": 1637014545,
@@ -1292,6 +3858,156 @@
"type": "github"
}
},
+ "utils_10": {
+ "locked": {
+ "lastModified": 1637014545,
+ "narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_11": {
+ "locked": {
+ "lastModified": 1667395993,
+ "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_12": {
+ "locked": {
+ "lastModified": 1667395993,
+ "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_13": {
+ "locked": {
+ "lastModified": 1676283394,
+ "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_14": {
+ "locked": {
+ "lastModified": 1678901627,
+ "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_15": {
+ "locked": {
+ "lastModified": 1667395993,
+ "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_16": {
+ "locked": {
+ "lastModified": 1676283394,
+ "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_17": {
+ "locked": {
+ "lastModified": 1676283394,
+ "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_18": {
+ "locked": {
+ "lastModified": 1667395993,
+ "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_19": {
+ "locked": {
+ "lastModified": 1676283394,
+ "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
"utils_2": {
"locked": {
"lastModified": 1638122382,
@@ -1307,6 +4023,159 @@
"type": "github"
}
},
+ "utils_20": {
+ "locked": {
+ "lastModified": 1676283394,
+ "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_21": {
+ "locked": {
+ "lastModified": 1678901627,
+ "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_22": {
+ "inputs": {
+ "systems": "systems_2"
+ },
+ "locked": {
+ "lastModified": 1681202837,
+ "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_23": {
+ "locked": {
+ "lastModified": 1667395993,
+ "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_24": {
+ "locked": {
+ "lastModified": 1676283394,
+ "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_25": {
+ "locked": {
+ "lastModified": 1678901627,
+ "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_26": {
+ "locked": {
+ "lastModified": 1667395993,
+ "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_27": {
+ "locked": {
+ "lastModified": 1676283394,
+ "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_28": {
+ "locked": {
+ "lastModified": 1676283394,
+ "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_29": {
+ "locked": {
+ "lastModified": 1667395993,
+ "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
"utils_3": {
"locked": {
"lastModified": 1637014545,
@@ -1322,6 +4191,159 @@
"type": "github"
}
},
+ "utils_30": {
+ "locked": {
+ "lastModified": 1676283394,
+ "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_31": {
+ "locked": {
+ "lastModified": 1676283394,
+ "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_32": {
+ "locked": {
+ "lastModified": 1678901627,
+ "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_33": {
+ "locked": {
+ "lastModified": 1667395993,
+ "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_34": {
+ "locked": {
+ "lastModified": 1653893745,
+ "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_35": {
+ "locked": {
+ "lastModified": 1667395993,
+ "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_36": {
+ "locked": {
+ "lastModified": 1676283394,
+ "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_37": {
+ "inputs": {
+ "systems": "systems_3"
+ },
+ "locked": {
+ "lastModified": 1681202837,
+ "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_38": {
+ "locked": {
+ "lastModified": 1667395993,
+ "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_39": {
+ "locked": {
+ "lastModified": 1676283394,
+ "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
"utils_4": {
"locked": {
"lastModified": 1638122382,
@@ -1337,7 +4359,22 @@
"type": "github"
}
},
- "utils_5": {
+ "utils_40": {
+ "locked": {
+ "lastModified": 1678901627,
+ "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_41": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@@ -1352,6 +4389,117 @@
"type": "github"
}
},
+ "utils_42": {
+ "locked": {
+ "lastModified": 1676283394,
+ "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_43": {
+ "locked": {
+ "lastModified": 1667395993,
+ "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_44": {
+ "locked": {
+ "lastModified": 1676283394,
+ "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_45": {
+ "inputs": {
+ "systems": "systems_4"
+ },
+ "locked": {
+ "lastModified": 1681202837,
+ "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_46": {
+ "inputs": {
+ "systems": "systems_5"
+ },
+ "locked": {
+ "lastModified": 1681202837,
+ "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_47": {
+ "locked": {
+ "lastModified": 1667395993,
+ "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_5": {
+ "locked": {
+ "lastModified": 1637014545,
+ "narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
"utils_6": {
"locked": {
"lastModified": 1667395993,
@@ -1384,11 +4532,11 @@
},
"utils_8": {
"locked": {
- "lastModified": 1653893745,
- "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",
+ "lastModified": 1637014545,
+ "narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1",
+ "rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4",
"type": "github"
},
"original": {
@@ -1399,11 +4547,11 @@
},
"utils_9": {
"locked": {
- "lastModified": 1656065134,
- "narHash": "sha256-oc6E6ByIw3oJaIyc67maaFcnjYOz1mMcOtHxbEf9NwQ=",
+ "lastModified": 1667395993,
+ "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "bee6a7250dd1b01844a2de7e02e4df7d8a0a206c",
+ "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
@@ -1414,16 +4562,16 @@
},
"wallfly": {
"inputs": {
- "clj-nix": "clj-nix_2",
- "nixpkgs": "nixpkgs_9",
- "utils": "utils_9"
+ "clj-nix": "clj-nix_15",
+ "nixpkgs": "nixpkgs_37",
+ "utils": "utils_47"
},
"locked": {
- "lastModified": 1664215454,
- "narHash": "sha256-pKzJQ4mmUThFY7po+c6bYXbz2RZT9QkxazW94bYF/II=",
+ "lastModified": 1683150365,
+ "narHash": "sha256-KSD+UtvsaomEkAJqaiiH0W0zsnVvSfj2ocsFad2Hg74=",
"ref": "refs/heads/master",
- "rev": "90ba657a24c7ab3032ce4e54faea2a8163ce1091",
- "revCount": 14,
+ "rev": "40c136217dc6cabd592e2df2a8faed78bbee4c12",
+ "revCount": 20,
"type": "git",
"url": "https://git.fudo.org/fudo-public/wallfly.git"
},
diff --git a/flake.nix b/flake.nix
index 1b90b26..a99d4e4 100644
--- a/flake.nix
+++ b/flake.nix
@@ -6,6 +6,7 @@
fudo-home = {
url = "git+https://git.fudo.org/fudo-nix/home.git";
+ # url = "path:/state/fudo-home";
inputs.nixpkgs.follows = "nixpkgs";
};
@@ -20,7 +21,10 @@
url = "path:/state/fudo-lib";
};
- fudo-pkgs.url = "git+https://git.fudo.org/fudo-nix/pkgs.git";
+ fudo-pkgs = {
+ url = "git+https://git.fudo.org/fudo-nix/pkgs.git";
+ #url = "path:/state/fudo-pkgs";
+ };
fudo-secrets.url = "path:/state/secrets";
@@ -35,11 +39,21 @@
nixpkgs2111.url = "nixpkgs/nixos-21.11";
wallfly.url = "git+https://git.fudo.org/fudo-public/wallfly.git";
+
+ objectifier.url = "git+https://git.fudo.org/fudo-public/objectifier.git";
+
+ nexus.url = "git+https://git.fudo.org/fudo-public/nexus.git";
+
+ suanni.url = "git+https://git.fudo.org/fudo-public/suanni.git";
+
+ snooper.url = "git+https://git.fudo.org/fudo-public/snooper.git";
+
+ tattler.url = "git+https://git.fudo.org/fudo-public/tattler.git";
};
outputs = { self, nixpkgs, fudo-home, fudo-lib, fudo-entities, fudo-pkgs
, fudo-secrets, chute, chuteUnstable, nixpkgsUnstable, nixpkgs2111, pricebot
- , wallfly, ... }@inputs:
+ , wallfly, objectifier, nexus, suanni, snooper, tattler, ... }@inputs:
with nixpkgs.lib;
let
fudo-nixos-hosts = filterAttrs (hostname: hostOpts: hostOpts.nixos-system)
@@ -59,11 +73,14 @@
system = arch;
config = {
allowUnfree = true;
- permittedInsecurePackages = [ "openssh-with-gssapi-8.4p1" ];
+ permittedInsecurePackages =
+ [ "openssh-with-gssapi-8.4p1" "python3.10-certifi-2022.9.24" ];
};
overlays = [
fudo-lib.overlay
- fudo-pkgs.overlay
+ fudo-pkgs.overlays.default
+ fudo-secrets.overlays.default
+ fudo-entities.overlays.default
(final: prev: {
chute = chute.packages.${arch}.chute;
chuteUnstable = chuteUnstable.packages.${arch}.chute;
@@ -98,11 +115,19 @@
in { config, ... }: {
imports = [
fudo-home.nixosModules.default
- fudo-secrets.nixosModule
+ fudo-secrets.nixosModules.default
fudo-lib.nixosModule
fudo-entities.nixosModule
pricebot.nixosModules.default
wallfly.nixosModule
+ objectifier.nixosModules.default
+ suanni.nixosModules.default
+ snooper.nixosModules.default
+ tattler.nixosModules.default
+
+ nexus.nixosModules.nexus-client
+ nexus.nixosModules.nexus-server
+ nexus.nixosModules.nexus-powerdns
./config
(config-dir + "/hardware/${hostname}.nix")