diff --git a/config/domain-config/fudo.org.nix b/config/domain-config/fudo.org.nix index a8a721d..4020e1c 100644 --- a/config/domain-config/fudo.org.nix +++ b/config/domain-config/fudo.org.nix @@ -1,4 +1,101 @@ { config, lib, pkgs, ... }: -{ +with lib; +let + hostname = config.instance.hostname; + localDomain = "fudo.org"; + serviceSecrets = config.fudo.secrets.files.service-secrets."${hostname}"; + + domain = config.fudo.domains."${localDomain}"; + + authentikHost = "legatus"; + + primaryNameserver = "germany"; + +in { + imports = [ + (import ./fudo.org/authentik.nix { inherit authentikHost; }) + (import ./fudo.org/mastodon.nix { + mastodonHost = "legatus"; + mastodonHostname = "mastodon.fudo.org"; + mastodonOidcClientId = serviceSecrets."mastodon-oidc.clientid"; + mastodonOidcClientSecret = serviceSecrets."mastodon-oidc.secret"; + }) + (import ./fudo.org/nextcloud.nix { + nextcloudHost = "legatus"; + nextcloudHostname = "cloud.fudo.org"; + nextcloudPackage = pkgs.nextcloud27; + }) + (import ./fudo.org/matrix.nix { + matrixHost = "legatus"; + matrixServerName = "fudo.org"; + openIdClientId = readFile serviceSecrets."matrix-oidc.clientid"; + openIdClientSecret = readFile serviceSecrets."matrix-oidc.secret"; + }) + (import ./fudo.org/mail-server.nix (rec { + primaryMailserver = "germany"; + primaryDomain = "test.fudo.org"; + authentikServer = "authentik.fudo.org"; + ldapBase = "dc=fudo,dc=org"; + ldapBindDn = "cn=userdb,ou=users,${ldapBase}"; + ldapBindPwFile = + config.fudo.secrets.files.domain-secrets."${primaryDomain}"."ldap-bind.passwd"; + saslDomain = "FUDO.ORG"; + authentikOutpostToken = + config.fudo.secrets.files.domain-secrets."${primaryDomain}"."authentik-ldap.token"; + servedDomains = + [ "fudo.org" "fudo.ca" "fudo.im" "selby.ca" "selbyhomecentre.com" ]; + # TODO: FIXME! + dkimRecord = ""; + })) + ]; + config = { + # All Fudo hosts should redirect selby.ca to the selbyhomecentre website. + services.nginx.virtualHosts = { + "selby.ca" = { + enableACME = true; + locations."/".return = "301 https://selbyhomecentre.com$request_uri"; + }; + "www.selby.ca" = { + enableACME = true; + locations."/".return = "301 https://selbyhomecentre.com$request_uri"; + }; + "selbyhomecentre.com" = { + enableACME = true; + locations."/".return = "301 https://selbyhomecentre.com$request_uri"; + }; + "www.selbyhomecentre.com" = { + enableACME = true; + locations."/".return = "301 https://selbyhomecentre.com$request_uri"; + }; + }; + + fudo.services = { + jabber = { + domain = "jabber.fudo.org"; + ldap.servers = map (host: "${host}.${localDomain}") domain.ldap-servers; + }; + + authoritative-dns = { + enable = hostname == primaryNameserver; + + nameservers = { primary = primaryNameserver; }; + + zones = { + "fudo.org" = { + default-host = "germany"; + ksk = config.fudo.secrets.files.dns.key-signing-keys."fudo.org"; + }; + "selby.ca" = { + default-host = "germany"; + ksk = config.fudo.secrets.files.dns.key-signing-keys."selby.ca"; + }; + "selbyhomecentre.com" = { + default-host = "germany"; + ksk = null; + }; + }; + }; + }; + }; } diff --git a/config/domain-config/fudo.org/authentik.nix b/config/domain-config/fudo.org/authentik.nix new file mode 100644 index 0000000..410d0d8 --- /dev/null +++ b/config/domain-config/fudo.org/authentik.nix @@ -0,0 +1,75 @@ +{ authentikHost, ... }: + +{ config, lib, pkgs, ... }: + +with lib; +let + hostname = config.instance.hostname; + host = config.fudo.hosts."${hostname}"; + domainName = host.domain; + zoneName = config.fudo.domains."${domainName}".zone; + isAuthentik = hostname == authentikHost; + authentikHostname = "authentik.${domainName}"; +in { + config = { + fudo.zones."${zoneName}".aliases.authentik = authentikHost; + + services = { + authentikContainer = mkIf isAuthentik { + enable = true; + images = { + authentik = "ghcr.io/goauthentik/server:2023.8.3"; + postgres = "docker.io/library/postgres:12-alpine"; + redis = "docker.io/library/redis:alpine"; + }; + smtp = { + host = "mail.fudo.org"; + password-file = + config.fudo.secrets.files.service-passwords."${authentikHost}".authentik-smtp; + }; + }; + + nginx = mkIf isAuthentik { + enable = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + virtualHosts = { + "${authentikHostname}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${ + toString config.services.authentikContainer.ports.http + }"; + proxyWebsockets = true; + }; + }; + "fudo.ldap.fudo.org" = { + enableACME = true; + forceSSL = true; + locations."/".return = "403 Forbidden"; + }; + "selby.ldap.fudo.org" = { + enableACME = true; + forceSSL = true; + locations."/".return = "403 Forbidden"; + }; + }; + }; + }; + + security.acme.certs = mkIf isAuthentik + (genAttrs [ authentikHostname "fudo.ldap.fudo.org" "selby.ldap.fudo.org" ] + (domain: { + postRun = let + dst = + "${config.services.authentikContainer.state-directory}/certs/${domain}"; + in '' + mkdir -p ${dst} + cp -v {cert,chain,fullchain,full,key}.pem ${dst}/ + cp -v key.pem ${dst}/privkey.pem + chown -R authentik ${dst} + ''; + })); + }; +} diff --git a/config/domain-config/fudo.org/mail-server.nix b/config/domain-config/fudo.org/mail-server.nix new file mode 100644 index 0000000..7f91bd5 --- /dev/null +++ b/config/domain-config/fudo.org/mail-server.nix @@ -0,0 +1,103 @@ +{ primaryMailserver, primaryDomain, authentikServer, servedDomains, ldapBase +, ldapBindDn, ldapBindPwFile, dkimRecord, saslDomain, authentikOutpostToken, ... +}: + +{ config, lib, pkgs, ... }: + +with lib; +let hostname = config.instance.hostname; + +in { + config = { + fudo = { + acme.host-domains = { + "imap.${primaryDomain}".extra-domain = [ "mail.${primaryDomain}" ]; + "smtp.${primaryDomain}".extra-domain = [ "mail.${primaryDomain}" ]; + }; + + zones."${primaryDomain}" = let + mailserverDomain = config.fudo.hosts."${primaryMailserver}".domain; + mailserverZone = config.fudo.domains."${mailserverDomain}".zone; + mailserverIps = + config.fudo.zones."${mailserverZone}".hosts."${mailserver}"; + in { + hosts = { + imap = { + ipv4-address = mailserverIps.ipv4-address; + ipv6-address = mailserverIps.ipv6-address; + }; + smtp = { + ipv4-address = mailserverIps.ipv4-address; + ipv6-address = mailserverIps.ipv6-address; + }; + mail = { + ipv4-address = mailserverIps.ipv4-address; + ipv6-address = mailserverIps.ipv6-address; + }; + }; + # FIXME: DKIM key!!! + verbatim-dns-records = [ dkimRecord ]; + }; + + mail = { + enable = hostname == primaryMailserver; + debug = true; + primary-domain = primaryDomain; + sasl-domain = saslDomain; + trusted-networks = config.instance.local-networks; + smtp = { + hostname = "smtp.${primaryDomain}"; + ssl-directory = + config.security.acme.certs."smtp.${primaryDomain}".directory; + }; + imap = { + hostname = "imap.${primaryDomain}"; + ssl-directory = + config.security.acme.certs."imap.${primaryDomain}".directory; + }; + ldap = { + authentik-host = "https://${authentikServer}"; + outpost-token = readFile authentikOutpostToken; + base = ldapBase; + bind-dn = ldapBindDn; + bind-password-file = ldapBindPwFile; + }; + aliases = let admins = config.instance.local-admins; + in { + alias-users = { + admin = admins; + dmarc-reports = admins; + ftp = admins; + hostmaster = admins; + irc = admins; + postmaster = admins; + root = admins; + system = admins; + webmaster = admins; + www-data = admins; + }; + user-aliases = + let hasAliases = _: userOpts: userOpts.email-aliases != [ ]; + in mapAttrs (_: userOpts: userOpts.email-aliases) + (filterAttrs hasAliases config.fudo.users); + }; + }; + }; + + services.nginx = mkIf (hostname == primaryMailserver) { + enable = true; + virtualHosts = { + "smtp.${primaryDomain}" = { + enableACME = true; + forceSSL = true; + locations."/".return = "301 https://webmail.${primaryDomain}"; + }; + "imap.${primaryDomain}" = { + enableACME = true; + forceSSL = true; + locations."/".return = "301 https://webmail.${primaryDomain}"; + }; + }; + }; + }; +} diff --git a/config/domain-config/fudo.org/mastodon.nix b/config/domain-config/fudo.org/mastodon.nix new file mode 100644 index 0000000..877daad --- /dev/null +++ b/config/domain-config/fudo.org/mastodon.nix @@ -0,0 +1,57 @@ +{ mastodonHost, mastodonHostname, mastodonOidcClientId, mastodonOidcClientSecret +, ... }: + +{ config, lib, pkgs, ... }: + +with lib; +let + hostname = config.instance.hostname; + isMastodon = hostname == mastodonHost; + +in { + config = { + services = { + mastodonContainer = mkIf isMastodon { + enable = true; + hostname = mastodonHostname; + web-domain = "fudo.org"; + version = "v4.1.6"; + state-directory = "/state/services/mastodon"; + smtp.server = "mail.fudo.org"; + environment = { + OIDC_ENABLED = "true"; + OIDC_DISPLAY_NAME = "fudo auth"; + OIDC_DISCOVERY = "true"; + OIDC_ISSUER = "https://authentik.fudo.org/application/o/mastodon/"; + OIDC_AUTH_ENDPOINT = + "https://authentik.fudo.org/application/o/authorize/"; + OIDC_SCOPE = "openid,profile,email"; + OIDC_UID_FIELD = "sub"; + OIDC_CLIENT_ID = readFile mastodonOidcClientId; + OIDC_CLIENT_SECRET = readFile mastodonOidcClientSecret; + OIDC_REDIRECT_URI = + "https://mastodon.fudo.org/auth/auth/openid_connect/callback"; + OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED = "true"; + }; + }; + nginx = mkIf isMastodon { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + virtualHosts = { + "${mastodonHostname}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${ + toString config.services.mastodonContainer.port + }"; + proxyWebsockets = true; + }; + }; + }; + }; + }; + }; +} diff --git a/config/domain-config/fudo.org/matrix.nix b/config/domain-config/fudo.org/matrix.nix new file mode 100644 index 0000000..0874d19 --- /dev/null +++ b/config/domain-config/fudo.org/matrix.nix @@ -0,0 +1,93 @@ +{ matrixHost, matrixServerName, openIdClientId, openIdClientSecret, ... }: + +{ config, lib, pkgs, ... }: + +with lib; +let + hostname = config.instance.hostname; + domainName = "fudo.org"; + zoneName = config.fudo.domains."${domainName}".zone; + isMatrix = hostname == matrixHost; + matrixFqdn = "matrix.${domainName}"; +in { + config = { + fudo = { + zones."${zoneName}".aliases = { + element = matrixHost; + matrix = matrixHost; + }; + + services.matrix = mkIf isMatrix { + enable = true; + server-name = matrixServerName; + hostname = matrixFqdn; + openid = { + client-id = openIdClientId; + client-secret = openIdClientSecret; + provider = "fudo-auth"; + provider-name = "Fudo Auth"; + issuer = "https://authentik.fudo.org/application/o/matrix/"; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 8008 8448 ]; + + services.nginx.virtualHosts = mkIf isMatrix { + "${domainName}" = let + mkWellKnown = data: '' + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON data}'; + ''; + in { + enableACME = true; + listen = [ + { + addr = "0.0.0.0"; + port = 8008; + ssl = false; + } + { + addr = "0.0.0.0"; + port = 8448; + ssl = true; + } + { + addr = "0.0.0.0"; + port = 80; + ssl = false; + } + { + addr = "0.0.0.0"; + port = 443; + ssl = true; + } + ]; + locations."/.well-known/matrix/server".extraConfig = + mkWellKnown { "m.server" = "${matrixFqdn}:443"; }; + locations."/.well-known/matrix/client".extraConfig = + mkWellKnown { "m.homeserver".base_url = "https://${matrixFqdn}"; }; + }; + # "${matrixFqdn}" = { + # locations."^/$".return = "301 https://element.${domainName}"; + # }; + "element.${domainName}" = { + enableACME = true; + forceSSL = true; + root = pkgs.element-web.override { + conf = { + default_server_name = domainName; + default_server_config."m.homeserver".base_url = + "https://${matrixFqdn}"; + brand = "Fudo"; + room_directory.servers = + [ "fudo.org" "matrix.org" "libera.chat" "gitter.im" ]; + map_style_url = + "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx"; + }; + }; + }; + }; + }; +} diff --git a/config/domain-config/fudo.org/nextcloud.nix b/config/domain-config/fudo.org/nextcloud.nix new file mode 100644 index 0000000..9ca2f00 --- /dev/null +++ b/config/domain-config/fudo.org/nextcloud.nix @@ -0,0 +1,45 @@ +{ nextcloudPackage, nextcloudHost, nextcloudHostname, ... }: + +{ config, lib, pkgs, ... }: + +with lib; +let + hostname = config.instance.hostname; + host = config.fudo.hosts."${hostname}"; + + isNextcloud = hostname == nextcloudHost; + + port = config.services.nextcloudContainer.port; + +in { + config = mkIf isNextcloud { + services = { + nextcloudContainer = { + enable = true; + hostname = nextcloudHostname; + package = nextcloudPackage; + extra-apps = + with config.services.nextcloudContainer.package.packages.apps; { + inherit news contacts calendar tasks maps memories mail bookmarks + files_markdown notes unsplash user_saml; + }; + timezone = "America/Winnipeg"; + }; + + nginx = { + enable = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + virtualHosts."${nextcloudHostname}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${toString port}"; + proxyWebsockets = true; + }; + }; + }; + }; + }; +} diff --git a/config/domain-config/informis.land.nix b/config/domain-config/informis.land.nix index cace10e..d62b98d 100644 --- a/config/domain-config/informis.land.nix +++ b/config/domain-config/informis.land.nix @@ -1,4 +1,135 @@ { config, lib, pkgs, ... }: -{ -} \ No newline at end of file +with lib; +let + hostname = config.instance.hostname; + mailserver = "locum"; + authentikHost = "locum"; + userdbPasswd = pkgs.lib.passwd.stablerandom-passwd-file "userdb-passwd" + config.instance.build-seed; + +in { + imports = + [ (import ./informis.land/authentik.nix { inherit authentikHost; }) ]; + + config = { + fudo = { + acme.host-domains = { + "imap.informis.land".extra-domains = [ "mail.informis.land" ]; + "smtp.informis.land".extra-domains = [ "mail.informis.land" ]; + }; + + zones."informis.land" = let + mailserverIps = config.fudo.zones."informis.land".hosts."${mailserver}"; + in { + hosts = { + imap = { + ipv4-address = mailserverIps.ipv4-address; + ipv6-address = mailserverIps.ipv6-address; + }; + smtp = { + ipv4-address = mailserverIps.ipv4-address; + ipv6-address = mailserverIps.ipv6-address; + }; + mail = { + ipv4-address = mailserverIps.ipv4-address; + ipv6-address = mailserverIps.ipv6-address; + }; + }; + verbatim-dns-records = [ + '' + mail._domainkey IN TXT ( "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKiTSUDxDPwMxLMT7wzR0ZaGuGzU1xnhti0zqi6xGJVxe9O8wfpX1vTSAasGYGzg5r24Hc8tSTogUgy0uJXsIbPBiqXj3WsoL/vf7+tAmrmZA4DQn1hN+C0R/7knhTNPWKnIAMqReAH/yf3XvFGmBMpU3UGRNGc2MoCQ4iXBcbsQIDAQAB" ) ; ----- DKIM key mail for all-domains-generic-key'' + ]; + # srv-records = let srv-record = host: port: [{ inherit host port; }]; + # in { + # tcp = { + # imap = srv-record "imap.informis.land" 143; + # imaps = srv-record "imap.informis.land" 993; + + # smtp = srv-record "smtp.informis.land" 25; + # submission = srv-record "smtp.informis.land" 587; + # }; + # }; + }; + + services.dns.zones."informis.land" = { + default-host = pkgs.lib.getHostIpv4 "locum"; + }; + + postgresql.package = pkgs.postgresql_15_gssapi; + + system-users.userdb = { + description = "User Database Lookup."; + ldap-hashed-password = + pkgs.lib.passwd.hash-ldap-passwd "userdb-passwd.hashed" userdbPasswd; + }; + + secrets.host-secrets."${hostname}".userdbPasswd = { + source-file = userdbPasswd; + target-file = "/run/ldap/userdbPasswd"; + }; + + mail = { + enable = hostname == mailserver; + debug = false; + primary-domain = "informis.land"; + sasl-domain = "INFORMIS.LAND"; + trusted-networks = config.instance.local-networks; + smtp = { + hostname = "smtp.informis.land"; + ssl-directory = + config.security.acme.certs."smtp.informis.land".directory; + }; + imap = { + hostname = "imap.informis.land"; + ssl-directory = + config.security.acme.certs."imap.informis.land".directory; + }; + ldap = { + authentik-host = "https://authentik.informis.land"; + outpost-token = readFile + config.fudo.secrets.files.service-secrets."${hostname}"."authentik-ldap.token"; + base = "dc=informis,dc=land"; + bind-dn = "cn=userdb,ou=users,dc=informis,dc=land"; + bind-password-file = + config.fudo.secrets.files.service-passwords.locum.userdb; + }; + aliases = { + alias-users = let admins = config.instance.local-admins; + in { + admin = admins; + dmarc-reports = admins; + ftp = admins; + hostmaster = admins; + irc = admins; + postmaster = admins; + root = admins; + system = admins; + webmaster = admins; + www-data = admins; + }; + user-aliases = + let hasAliases = _: userOpts: userOpts.email-aliases != [ ]; + in mapAttrs (user: userOpts: userOpts.email-aliases) + (filterAttrs hasAliases config.fudo.users); + }; + }; + }; + + services.nginx = mkIf (hostname == mailserver) { + enable = true; + virtualHosts = { + "smtp.informis.land" = { + enableACME = true; + forceSSL = true; + locations."/".return = "404"; + }; + "imap.informis.land" = { + enableACME = true; + forceSSL = true; + locations."/".return = "404"; + }; + }; + }; + }; +} diff --git a/config/domain-config/informis.land/authentik.nix b/config/domain-config/informis.land/authentik.nix new file mode 100644 index 0000000..c5965f4 --- /dev/null +++ b/config/domain-config/informis.land/authentik.nix @@ -0,0 +1,79 @@ +{ authentikHost, ... }: + +{ config, lib, pkgs, ... }: + +with lib; +let + hostname = config.instance.hostname; + host = config.fudo.hosts."${hostname}"; + domainName = host.domain; + zoneName = config.fudo.domains."${domainName}".zone; + isAuthentik = hostname == authentikHost; + authentikHostname = "authentik.${domainName}"; + smtpPasswd = pkgs.lib.passwd.stablerandom-passwd-file "authentik-smtp-passwd" + config.instance.build-seed; + +in { + config = { + fudo = { + system-users.authentik = { + description = "Aunthentik system user."; + ldap-hashed-password = + pkgs.lib.passwd.hash-ldap-passwd "authentik-smtp-passwd.hashed" + smtpPasswd; + }; + zones."${zoneName}".aliases.authentik = authentikHost; + }; + + systemd.services.arion-authentik = { + requires = [ config.fudo.secrets.secret-target ]; + after = [ config.fudo.secrets.secret-target ]; + }; + + services = { + authentikContainer = mkIf isAuthentik { + enable = true; + images = { + authentik = "ghcr.io/goauthentik/server:2023.8.3"; + postgres = "docker.io/library/postgres:12-alpine"; + redis = "docker.io/library/redis:alpine"; + }; + smtp = { + host = "mail.fudo.org"; + password-file = smtpPasswd; + }; + }; + + nginx = mkIf isAuthentik { + enable = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + virtualHosts = { + "${authentikHostname}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${ + toString config.services.authentikContainer.ports.http + }"; + proxyWebsockets = true; + }; + }; + }; + }; + }; + + security.acme.certs = mkIf isAuthentik (genAttrs [ authentikHostname ] + (domain: { + postRun = let + dst = + "${config.services.authentikContainer.state-directory}/certs/${domain}"; + in '' + mkdir -p ${dst} + cp -v {cert,chain,fullchain,full,key}.pem ${dst}/ + cp -v key.pem ${dst}/privkey.pem + chown -R authentik ${dst} + ''; + })); + }; +} diff --git a/config/domains/informis.land.nix b/config/domains/informis.land.nix new file mode 100644 index 0000000..865d469 --- /dev/null +++ b/config/domains/informis.land.nix @@ -0,0 +1,5 @@ +{ config, lib, pkgs, ... }: + +{ + +} diff --git a/config/domains/sea.fudo.org.nix b/config/domains/sea.fudo.org.nix index 180dcb4..2d1e0b4 100644 --- a/config/domains/sea.fudo.org.nix +++ b/config/domains/sea.fudo.org.nix @@ -1,18 +1,23 @@ { config, lib, pkgs, ... }: let fudo = config.fudo.domains."fudo.org"; + in { - config.fudo.domains."sea.fudo.org" = { - local-networks = fudo.local-networks; + config = { + fudo = { + domains."sea.fudo.org" = { + local-networks = fudo.local-networks; - # gssapi-realm = fudo.gssapi-realm; - # kerberos-master = fudo.kerberos-master; - # kerberos-slaves = fudo.kerberos-slaves; + # gssapi-realm = fudo.gssapi-realm; + # kerberos-master = fudo.kerberos-master; + # kerberos-slaves = fudo.kerberos-slaves; - primary-mailserver = fudo.primary-mailserver; + primary-mailserver = fudo.primary-mailserver; - ldap-servers = fudo.ldap-servers; + ldap-servers = fudo.ldap-servers; - xmpp-servers = fudo.xmpp-servers; + xmpp-servers = fudo.xmpp-servers; + }; + }; }; } diff --git a/config/hardware/germany.nix b/config/hardware/germany.nix new file mode 100644 index 0000000..96dc35f --- /dev/null +++ b/config/hardware/germany.nix @@ -0,0 +1,111 @@ +{ config, lib, pkgs, ... }: + +let generateMac = pkgs.lib.network.generate-mac-address; + +in { + boot = { + initrd = { + availableKernelModules = [ + "uhci_hcd" + "ehci_pci" + "ata_piix" + "ahci" + "usb_storage" + "floppy" + "sd_mod" + "sr_mod" + ]; + kernelModules = [ "dm-snapshot" ]; + }; + + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + kernelPackages = pkgs.linuxPackages_latest; + + loader.grub = { + enable = true; + devices = [ + "/dev/disk/by-id/ata-Samsung_SSD_870_QVO_2TB_S6R4NJ0W702893V" + "/dev/disk/by-id/ata-Crucial_CT525MX300SSD1_171516B3CB40" + ]; + }; + }; + + fileSystems = { + "/boot" = { + device = "/dev/disk/by-label/germany-boot"; + fsType = "ext4"; + options = [ "noatime" "noexec" ]; + }; + + "/" = { + device = "root-tmpfs"; + fsType = "tmpfs"; + options = [ "mode=755" "noexec" ]; + }; + + "/nix" = { + device = "/dev/disk/by-label/germany-data"; + fsType = "btrfs"; + options = [ "subvol=@nix" "compress=zstd" "noatime" ]; + }; + + "/state" = { + device = "/dev/disk/by-label/germany-data"; + fsType = "btrfs"; + options = [ "subvol=@state" "compress=zstd" "noatime" "noexec" ]; + }; + + "/var/log" = { + device = "/dev/disk/by-label/germany-data"; + fsType = "btrfs"; + options = [ "subvol=@logs" "compress=zstd" "noatime" "noexec" ]; + }; + + "/home" = { + device = "/dev/disk/by-label/germany-data"; + fsType = "btrfs"; + options = [ "subvol=@home" "compress=zstd" "noatime" "noexec" ]; + }; + + "/var/lib/acme" = { + device = "/dev/disk/by-label/germany-data"; + fsType = "btrfs"; + options = [ "subvol=@acme" "compress=zstd" "noatime" "noexec" ]; + }; + }; + + swapDevices = [{ device = "/dev/disk/by-label/germany-swap"; }]; + + nix.settings.max-jobs = lib.mkDefault 24; + + hardware.bluetooth.enable = false; + + nixpkgs.hostPlatform = "x86_64-linux"; + + hardware = { + cpu.intel.updateMicrocode = true; + enableAllFirmware = true; + }; + + networking = { + useDHCP = false; + + macvlans = { + extif0 = { + interface = "enp5s0f0"; + mode = "bridge"; + }; + + extif1 = { + interface = "enp5s0f1"; + mode = "bridge"; + }; + }; + + interfaces = { + extif0.macAddress = generateMac config.instance.hostname "extif0"; + extif1.macAddress = generateMac config.instance.hostname "extif1"; + }; + }; +} diff --git a/config/hardware/legatus.nix b/config/hardware/legatus.nix index bbd7c5f..c94c11a 100644 --- a/config/hardware/legatus.nix +++ b/config/hardware/legatus.nix @@ -10,7 +10,6 @@ with lib; { extraModulePackages = [ ]; loader.grub = { enable = true; - version = 2; device = "/dev/sda"; }; @@ -23,7 +22,7 @@ with lib; { "/" = { device = "root-tmpfs"; fsType = "tmpfs"; - options = [ "mode=755" "noexec" ]; + options = [ "mode=755" "noexec" "size=20G" ]; }; "/boot" = { @@ -53,6 +52,12 @@ with lib; { [ "subvol=@state" "compress=zstd" "noatime" "nodiratime" "noexec" ]; }; + "/var/lib/containers/storage" = { + device = "/dev/disk/by-label/legatus-data"; + fsType = "btrfs"; + options = [ "subvol=@container-data" "noatime" "compress=zstd" "noexec" ]; + }; + # "/var/lib/acme" = { # device = "/dev/disk/by-label/system"; # fsType = "btrfs"; diff --git a/config/hardware/locum.nix b/config/hardware/locum.nix new file mode 100644 index 0000000..1acc9e2 --- /dev/null +++ b/config/hardware/locum.nix @@ -0,0 +1,73 @@ +{ config, lib, pkgs, modulesPath, ... }: + +let generateMac = pkgs.lib.network.generate-mac-address; + +in { + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + config = { + boot = { + initrd.availableKernelModules = [ "ahci" "xhci_pci" ]; + kernelModules = [ "kvm-intel" ]; + loader.grub = { + enable = true; + device = + "/dev/disk/by-id/ata-Samsung_SSD_870_EVO_250GB_S6PENX0T445931Y"; + }; + kernelPackages = pkgs.linuxPackages_latest; + }; + + system.stateVersion = "23.05"; + + fileSystems = { + "/" = { + device = "locum-root"; + fsType = "tmpfs"; + options = [ "mode=755" "size=16G" "noexec" ]; + }; + "/boot" = { + device = "/dev/disk/by-label/locum-boot"; + fsType = "ext4"; + options = [ "noatime" "noexec" ]; + }; + "/state" = { + device = "/dev/disk/by-label/locum-data"; + fsType = "btrfs"; + options = [ "noatime" "compress=zstd" "noexec" "subvol=@state" ]; + }; + "/nix" = { + device = "/dev/disk/by-label/locum-data"; + fsType = "btrfs"; + options = [ "noatime" "compress=zstd" "subvol=@nix" ]; + }; + "/home" = { + device = "/dev/disk/by-label/locum-data"; + fsType = "btrfs"; + options = [ "noatime" "compress=zstd" "subvol=@home" ]; + }; + "/var/log" = { + device = "/dev/disk/by-label/locum-data"; + fsType = "btrfs"; + options = [ "noatime" "compress=zstd" "noexec" "subvol=@logs" ]; + }; + }; + + swapDevices = [{ device = "/dev/disk/by-label/locum-swap"; }]; + + nix.settings.max-jobs = lib.mkDefault 16; + + networking = { + useDHCP = false; + macvlans = { + extif0 = { + interface = "eno1"; + mode = "bridge"; + }; + }; + + interfaces.extif0 = { + macAddress = generateMac config.instance.hostname "extif0"; + }; + }; + }; +} diff --git a/config/hardware/nutboy3.nix b/config/hardware/nutboy3.nix index e7a6daf..e075ac0 100644 --- a/config/hardware/nutboy3.nix +++ b/config/hardware/nutboy3.nix @@ -11,7 +11,6 @@ with lib; { extraModulePackages = [ ]; loader.grub = { enable = true; - version = 2; device = "/dev/sda"; }; diff --git a/config/host-config/germany.nix b/config/host-config/germany.nix new file mode 100644 index 0000000..216bb4a --- /dev/null +++ b/config/host-config/germany.nix @@ -0,0 +1,72 @@ +{ config, lib, pkgs, ... }: + +let + primary-ip = "208.81.3.116"; + hostname = config.instance.hostname; + host = config.fudo.hosts."${hostname}"; + domainName = host.domain; + site = config.fudo.sites."${host.site}"; + hostFqdn = "${hostname}.${domainName}"; + hostSecrets = config.fudo.secrets.host-secrets."${hostname}"; +in { + config = { + networking = { + enableIPv6 = true; + nameservers = [ "1.1.1.1" ]; + defaultGateway = { + interface = "extif0"; + address = site.gateway-v4; + }; + interfaces.extif0 = { + ipv4.addresses = [{ + address = primary-ip; + prefixLength = 28; + }]; + }; + firewall.enable = { + enable = false; + interface.podman0.allowedUDPPorts = [ 53 ]; + }; + }; + + systemd.tmpfiles.rules = [ + "L /etc/adjtime - - - - /state/etc/adjtime" + "d /state/services 0555 - - - -" + ]; + + security.acme.defaults.email = "admin@fudo.org"; + + virtualisation = { + podman = { + enable = true; + autoPrune.enable = true; + dockerSocket.enable = true; + defaultNetwork.settings.dns_enabled = true; + }; + oci-containers.backend = "podman"; + arion.backend = "podman-socket"; + }; + + fudo = { + client.dns = { + ipv4 = true; + ipv6 = true; + user = "fudo-client"; + external-interface = "extif0"; + }; + + mail.state-directory = "/state/services/mail"; + + nsd.zones."fudo.org".outgoingInterface = "extif0"; + + services = { + auth = { + kerberos.state-directory = "/state/services/kerberos"; + ldap.state-directory = "/state/services/ldap"; + }; + authoritative-dns.state-directory = "/state/services/dns"; + jabber.state-directory = "/state/services/jabber"; + }; + }; + }; +} diff --git a/config/host-config/legatus.nix b/config/host-config/legatus.nix index 03329ef..002abfc 100644 --- a/config/host-config/legatus.nix +++ b/config/host-config/legatus.nix @@ -29,9 +29,23 @@ in { }]; }; + # Getting errors due to running VMs + boot.kernel.sysctl."fs.inotify.max_user_instances" = 512; + security.acme.defaults.email = "admin@legatus.fudo.org"; - systemd.tmpfiles.rules = [ "L /etc/adjtime - - - - /state/etc/adjtime" ]; + systemd.tmpfiles.rules = [ + "L /etc/adjtime - - - - /state/etc/adjtime" + "d /state/services/podman/volumes 0700 root root - -" + "d /state/services/acme 0755 acme acme - -" + ]; + + fileSystems = { + "/var/lib/acme" = { + device = "/state/services/acme"; + options = [ "bind" ]; + }; + }; environment.systemPackages = local-packages; @@ -47,6 +61,37 @@ in { # slynk-port = 4005; # }; + services = { + mastodonContainer.state-directory = "/state/services/mastodon"; + lemmyDocker = { + enable = true; + hostname = "lemmy.fudo.org"; + site-name = "Fudo Lemmy"; + version = "0.18"; + state-directory = "/state/services/lemmy"; + smtp-server = "mail.fudo.org:587"; + docker-images = { + pictrs = "asonix/pictrs:0.4"; + postgres = "postgres:15-alpine"; + }; + }; + authentikContainer.state-directory = "/state/services/authentik"; + nextcloudContainer.state-directory = "/state/services/nextcloud"; + nginx.virtualHosts."fudo.org" = { + enableACME = true; + forceSSL = true; + }; + }; + + virtualisation = { + arion.backend = "podman-socket"; + podman = { + enable = true; + dockerSocket.enable = true; + autoPrune.enable = true; + }; + }; + fudo = { hosts.legatus.external-interfaces = [ "extif0" ]; @@ -66,6 +111,13 @@ in { }; nexus.dns-server.listen-addresses = [ host-ipv4 ]; + + # lemmy = { + # enable = true; + # hostname = "lemmy.fudo.org"; + # }; + + matrix.state-directory = "/state/services/matrix"; }; secrets.host-secrets.legatus = let files = config.fudo.secrets.files; diff --git a/config/host-config/limina.nix b/config/host-config/limina.nix index bcabd3b..df621e6 100644 --- a/config/host-config/limina.nix +++ b/config/host-config/limina.nix @@ -50,27 +50,39 @@ in { # internalInterfaces = [ "intif0" "intif1" "intif2" ]; # }; + firewall = { + allowedTCPPorts = [ 80 443 25565 config.services.murmur.port ]; + allowedUDPPorts = [ 25565 34197 ]; + }; + nat.forwardPorts = [ # Minecraft { - destination = "10.0.0.10:25565"; + destination = "10.0.0.12:25555"; proto = "tcp"; sourcePort = 25565; } { - destination = "10.0.0.10:25565"; + destination = "10.0.0.12:25555"; proto = "udp"; sourcePort = 25565; } # Factorio { - destination = "10.0.0.10:34197"; + destination = "10.0.0.12:34197"; proto = "udp"; sourcePort = 34197; } ]; }; + fileSystems = { + "/var/lib/acme" = { + device = "/state/services/acme"; + options = [ "bind" ]; + }; + }; + fudo = { hosts.limina.external-interfaces = [ "enp1s0" ]; @@ -120,12 +132,11 @@ in { "L /root/.ssh/id_rsa - - - - /state/root/ssh/id_rsa" "L /root/.ssh/id_rsa.pub - - - - /state/root/ssh/id_rsa.pub" "L /root/.ssh/known_hosts - - - - /state/root/ssh/known_hosts" + "d /state/services/acme 0755 acme acme - -" ]; security.acme.defaults.email = "niten@fudo.org"; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - systemd.services.nginx.requires = [ "bind.service" ]; services = { @@ -151,6 +162,13 @@ in { }; }; + murmur = { + enable = true; + port = 64738; + bonjour = true; + password = "thelittleschool"; + }; + openssh = { hostKeys = [ { diff --git a/config/host-config/locum.nix b/config/host-config/locum.nix new file mode 100644 index 0000000..8f0b71f --- /dev/null +++ b/config/host-config/locum.nix @@ -0,0 +1,112 @@ +{ config, lib, pkgs, ... }: + +with pkgs.lib; +let + hostname = "locum"; + + host-ipv4 = "190.2.134.48"; + hostData = config.fudo.hosts."${hostname}"; + site = config.fudo.sites."${hostData.site}"; + + hostSecrets = config.fudo.secrets.host-secrets."${hostname}"; + +in { + config = { + networking = { + enableIPv6 = true; + nameservers = [ "127.0.0.1" ]; + defaultGateway = { + interface = "extif0"; + address = site.gateway-v4; + }; + + interfaces.extif0 = { + ipv4.addresses = [{ + address = host-ipv4; + prefixLength = 24; + }]; + }; + firewall = { + enable = false; + interfaces.podman0.allowedUDPPorts = [ 53 ]; + }; + }; + + virtualisation = { + podman = { + enable = true; + autoPrune.enable = true; + dockerSocket.enable = true; + defaultNetwork.settings.dns_enabled = true; + }; + oci-containers.backend = "podman"; + arion.backend = "podman-socket"; + }; + + security.acme.defaults.email = "root@informis.land"; + + fudo = { + client.dns = { + ipv4 = true; + ipv6 = true; + user = "fudo-client"; + external-interface = "extif0"; + }; + + secure-dns-proxy = { + enable = true; + upstream-dns = + [ "https://1.1.1.1/dns-query" "https://1.0.0.1/dns-query" ]; + bootstrap-dns = "1.1.1.1"; + listen-ips = [ "127.0.0.1" ]; + listen-port = 53; + allowed-networks = + [ "1.1.1.1/32" "1.0.0.1/32" "localhost" "link-local" ]; + }; + + # mail-server = { + # clamav.state-directory = "/state/services/mail/clamav"; + # dkim = { key-directory = "/state/services/mail/dkim"; }; + # }; + + mail.state-directory = "/state/services/mail"; + + services = { + auth = { + kerberos.state-directory = "/state/services/kerberos"; + ldap.state-directory = "/state/services/ldap"; + }; + logging.loki.state-directory = "/state/services/loki"; + metrics = { + prometheus.state-directory = "/state/services/prometheus"; + grafana.state-directory = "/state/services/grafana"; + }; + mail-server.state-directory = "/state/services/msailserver"; + dns.zones."informis.land".enable = true; + }; + }; + + services = { + authentikContainer.state-directory = "/state/services/authentik"; + lemmyDocker = { + enable = true; + hostname = "informis.land"; + site-name = "Informis Lemmy"; + version = "0.18.2"; + state-directory = "/state/services/lemmy"; + smtp-server = "smtp.informis.land:587"; + docker-images = { + pictrs = "asonix/pictrs:0.4.0-rc.14"; + postgres = "postgres:15-alpine"; + }; + }; + + nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + }; + }; + }; +} diff --git a/config/host-config/nostromo.nix b/config/host-config/nostromo.nix index fe2a6b4..9cebf91 100644 --- a/config/host-config/nostromo.nix +++ b/config/host-config/nostromo.nix @@ -1,7 +1,15 @@ { config, lib, pkgs, ... }: -with lib; -let hostname = "nostromo"; +with pkgs.lib; +let + hostname = "nostromo"; + + domainName = config.fudo.hosts."${hostname}".domain; + + domain = config.fudo.domains."${domainName}"; + + host-fqdn = pkgs.lib.getHostFqdn hostname; + in { networking = { @@ -27,12 +35,11 @@ in { boot.kernelModules = [ "rpcsec_gss_krb5" ]; services = { - murmur.enable = true; - - # objectifier = { - # enable = true; - # listen-addresses = [ "0.0.0.0" ]; - # }; + murmur = { + enable = true; + port = 64738; + bonjour = true; + }; nfs = { # See ../user-config.nix for the user@REALM -> user mapping @@ -50,6 +57,8 @@ in { ''; }; }; + + authentikContainer.state-directory = "/state/services/authentik"; }; systemd = { @@ -82,16 +91,16 @@ in { host-secrets = config.fudo.secrets.host-secrets.${hostname}; in { secrets.host-secrets.${hostname} = { - grafana-database-password = { - source-file = grafana-database-passwd-file; - target-file = "/run/services/grafana/db.passwd"; - user = config.systemd.services.grafana.serviceConfig.User; - }; - postgres-grafana-password = { - source-file = grafana-database-passwd-file; - target-file = "/run/services/postgres/db.passwd"; - user = config.services.postgresql.superUser; - }; + # grafana-database-password = { + # source-file = grafana-database-passwd-file; + # target-file = "/run/services/grafana/db.passwd"; + # user = config.systemd.services.grafana.serviceConfig.User; + # }; + # postgres-grafana-password = { + # source-file = grafana-database-passwd-file; + # target-file = "/run/services/postgres/db.passwd"; + # user = config.services.postgresql.superUser; + # }; pricebot-auth-token = { source-file = config.fudo.secrets.files.service-secrets.nostromo."pricebot-auth.token"; @@ -118,13 +127,21 @@ in { metrics.grafana = { state-directory = "/state/services/grafana"; smtp.hostname = "mail.fudo.org"; - database = { - user = "grafana"; - password-file = host-secrets.grafana-database-password.target-file; - }; + # database = { + # user = "grafana"; + # password-file = host-secrets.grafana-database-password.target-file; + # }; ldap.base-dn = "dc=fudo,dc=org"; }; + postgresql = { + state-directory = "/state/services/postgresql"; + keytab = extractFudoKeytab { + realm = domain.gssapi-realm; + principals = [ "postgres/${host-fqdn}" ]; + }; + }; + auth.kerberos.state-directory = "/state/services/heimdal-kdc"; }; @@ -135,18 +152,28 @@ in { databases.grafana.users = config.instance.local-admins; - users.grafana = { - password-file = host-secrets.postgres-grafana-password.target-file; - databases.grafana = { - entity-access = { - "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; - "ALL SEQUENCES IN SCHEMA public" = "ALL PRIVILEGES"; - }; - }; - }; + # users.grafana = { + # password-file = host-secrets.postgres-grafana-password.target-file; + # databases.grafana = { + # entity-access = { + # "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; + # "ALL SEQUENCES IN SCHEMA public" = "ALL PRIVILEGES"; + # }; + # }; + # }; }; }; + virtualisation = { + docker.enable = false; + podman = { + enable = true; + dockerSocket.enable = true; + autoPrune.enable = true; + }; + arion.backend = "podman-socket"; + }; + imports = [ ./nostromo/factorio.nix ./nostromo/minecraft.nix ]; ## Until I can figure out how to use one common host API, forget this diff --git a/config/host-config/nostromo/factorio.nix b/config/host-config/nostromo/factorio.nix index 424bc05..08d3d51 100644 --- a/config/host-config/nostromo/factorio.nix +++ b/config/host-config/nostromo/factorio.nix @@ -168,7 +168,7 @@ in { }" (optionalString cfg.loadLatestSave "--start-server-load-latest") (optionalString (cfg.mods != [ ]) - "--mod-directory=${pkgs.factorio-utils.mkModDirDrv cfg.mods}") + "--mod-directory=${pkgs.factorio-utils.mkModDirDrv cfg.mods null}") (optionalString (cfg.admins != [ ]) "--server-adminlist=${ pkgs.writeText "factorio-server-adminlist.json" (builtins.toJSON cfg.admins) diff --git a/config/host-config/nutboy3.nix b/config/host-config/nutboy3.nix index 99717af..8eabda2 100644 --- a/config/host-config/nutboy3.nix +++ b/config/host-config/nutboy3.nix @@ -20,10 +20,6 @@ let acme-copies = config.fudo.acme.host-domains.${hostname}; - grafana-database-passwd-file = - pkgs.lib.passwd.stablerandom-passwd-file "grafana-database-password" - "grafana-database-password-${config.instance.build-seed}"; - in { imports = [ @@ -82,18 +78,6 @@ in { target-file = "/run/openldap/ldap.keytab"; user = config.services.openldap.user; }; - - grafana-database-password = { - source-file = grafana-database-passwd-file; - target-file = "/run/metrics/grafana/db.passwd"; - user = config.systemd.services.grafana.serviceConfig.User; - }; - - postgres-grafana-password = { - source-file = grafana-database-passwd-file; - target-file = "/run/postgres-users/grafana.passwd"; - user = config.services.postgresql.superUser; - }; }; acme.host-domains.${hostname} = { @@ -144,25 +128,10 @@ in { metrics = { prometheus.state-directory = "/state/services/prometheus"; - grafana = { - state-directory = "/state/services/grafana"; - database = { - user = "grafana"; - password-file = - host-secrets.grafana-database-password.target-file; - }; - }; + grafana.state-directory = "/state/services/grafana"; }; logging.loki.state-directory = "/state/services/loki"; - - # selby-forum = { - # enable = true; - # state-directory = "/state/services/selby-forum"; - # legacy-forum-data = files.blobs."selby-forum-2021-12-14.clean"; - # external-interface = "extif0"; - # mail.host = "mail.fudo.org"; - # }; }; # dns.state-directory = "/state/nsd"; @@ -209,23 +178,6 @@ in { # }; # }; - postgresql = { - databases.grafana.users = config.instance.local-admins; - - users.grafana = { - password-file = host-secrets.postgres-grafana-password.target-file; - databases.grafana = { - access = "CONNECT"; - entity-access = { - "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; - # "SELECT,INSERT,UPDATE,DELETE"; - "ALL SEQUENCES IN SCHEMA public" = "ALL PRIVILEGES"; - # "SELECT, UPDATE"; - }; - }; - }; - }; - # git = { # enable = true; # hostname = "git.informis.land"; diff --git a/config/host-config/procul.nix b/config/host-config/procul.nix index 0204bd6..5e753f4 100644 --- a/config/host-config/procul.nix +++ b/config/host-config/procul.nix @@ -22,9 +22,9 @@ let host-certs = config.fudo.acme.host-domains.${hostname}; - grafana-database-password = pkgs.lib.passwd.stablerandom-passwd-file - "grafana-database-password-${hostname}" - "grafana-database-password-${hostname}-${config.instance.build-seed}"; + # grafana-database-password = pkgs.lib.passwd.stablerandom-passwd-file + # "grafana-database-password-${hostname}" + # "grafana-database-password-${hostname}-${config.instance.build-seed}"; in { networking = { @@ -54,11 +54,81 @@ in { }; }; + virtualisation = { + docker.enable = false; + podman = { + enable = true; + autoPrune.enable = true; + dockerSocket.enable = true; + }; + oci-containers.backend = "podman"; + arion.backend = "podman-socket"; + }; + + services = { + # lemmy = { + # server.package = pkgs.unstable.lemmy-server; + # ui.package = pkgs.unstable.lemmy-ui; + # }; + + # lemmyDocker = { + # enable = true; + # hostname = "informis.land"; + # site-name = "Informis Lemmy"; + # version = "0.18.2"; + # state-directory = "/state/services/lem"; + # smtp-server = "smtp.informis.land:587"; + # docker-images = { + # pictrs = "asonix/pictrs:0.4.0-rc.14"; + # postgres = "postgres:15-alpine"; + # }; + # }; + + nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + + # virtualHosts."lemmy.informis.land" = { + # enableACME = true; + # forceSSL = true; + # locations = { + # "/" = { + # proxyPass = + # "http://localhost:${toString config.services.lemmy.ui.port}"; + # proxyWebsockets = true; + # extraConfig = '' + # proxy_set_header Host $host; + # proxy_set_header Upgrade $http_upgrade; + # proxy_set_header Connection "Upgrade"; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # ''; + # }; + # "/api" = { + # proxyPass = "http://localhost:${ + # toString config.services.lemmy.settings.port + # }"; + # proxyWebsockets = true; + # extraConfig = '' + # proxy_set_header Host $host; + # proxy_set_header Upgrade $http_upgrade; + # proxy_set_header Connection "Upgrade"; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # ''; + # }; + # }; + # }; + }; + }; + environment.systemPackages = local-packages; networking.firewall.allowedTCPPorts = [ 80 443 ]; - security.acme.defaults.email = "viator@informis.land"; + security.acme.defaults.email = "root@informis.land"; users = { users.gituser = { @@ -103,6 +173,8 @@ in { fudo = { hosts.procul.external-interfaces = [ "extif0" ]; + # zones."informis.land".aliases.lemmy = "procul"; + acme.host-domains.${hostname} = { ${host-fqdn} = { admin-email = "admin@${domain-name}"; @@ -164,17 +236,17 @@ in { user = "root"; }; - grafana-postgres-password = { - source-file = grafana-database-password; - target-file = "/run/metrics/grafana/db.passwd"; - user = config.systemd.services.grafana.serviceConfig.User; - }; + # grafana-postgres-password = { + # source-file = grafana-database-password; + # target-file = "/run/metrics/grafana/db.passwd"; + # user = config.systemd.services.grafana.serviceConfig.User; + # }; - postgres-grafana-password = { - source-file = grafana-database-password; - target-file = "/run/postgres-users/grafana.passwd"; - user = config.services.postgresql.superUser; - }; + # postgres-grafana-password = { + # source-file = grafana-database-password; + # target-file = "/run/postgres-users/grafana.passwd"; + # user = config.services.postgresql.superUser; + # }; }; client.dns = { @@ -194,8 +266,6 @@ in { allowed-networks = [ "1.1.1.1/32" "1.0.0.1/32" "localhost" "link-local" ]; }; - services.mail-server = { state-directory = "/srv/mailserver"; }; - # mail-server = { # enable = true; # debug = true; @@ -252,27 +322,29 @@ in { }; ldap.state-directory = "/state/services/ldap"; }; - dns.zones."informis.land" = { - enable = true; - default-host = host-ipv4; - }; + dns.zones."informis.land".enable = true; postgresql = { - state-directory = "/state/services/postgresql"; + state-directory = "/state/services/postgresql-15"; keytab = extractFudoHostKeytab { inherit hostname; realm = domain.gssapi-realm; services = [ "postgres" ]; }; }; + # lemmy = { + # enable = true; + # hostname = "lemmy.informis.land"; + # }; logging.loki.state-directory = "/state/services/loki"; + mail-server = { state-directory = "/srv/mailserver"; }; metrics = { prometheus.state-directory = "/state/services/prometheus"; grafana = { state-directory = "/state/services/grafana"; - database = { - user = "grafana"; - password-file = host-secrets.grafana-postgres-password.target-file; - }; + # database = { + # user = "grafana"; + # password-file = host-secrets.grafana-postgres-password.target-file; + # }; }; }; }; @@ -287,18 +359,18 @@ in { # local-networks = local-networks; users = { - grafana = { - password-file = host-secrets.postgres-grafana-password.target-file; - databases.grafana = { - access = "CONNECT"; - entity-access = { - "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; - # "SELECT,INSERT,UPDATE,DELETE"; - "ALL SEQUENCES IN SCHEMA public" = "ALL PRIVILEGES"; - # "SELECT, UPDATE"; - }; - }; - }; + # grafana = { + # password-file = host-secrets.postgres-grafana-password.target-file; + # databases.grafana = { + # access = "CONNECT"; + # entity-access = { + # "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; + # # "SELECT,INSERT,UPDATE,DELETE"; + # "ALL SEQUENCES IN SCHEMA public" = "ALL PRIVILEGES"; + # # "SELECT, UPDATE"; + # }; + # }; + # }; gituser = { password-file = host-secrets.postgres-gitea-password.target-file; @@ -315,7 +387,7 @@ in { }; databases = { - grafana.users = config.instance.local-admins; + # grafana.users = config.instance.local-admins; git.users = config.instance.local-admins; }; }; diff --git a/config/host-config/spark.nix b/config/host-config/spark.nix index 408ee22..5d71f19 100644 --- a/config/host-config/spark.nix +++ b/config/host-config/spark.nix @@ -14,24 +14,32 @@ in { }; i18n.inputMethod = { - enabled = "fcitx5"; - fcitx5.addons = with pkgs; [ fcitx5-chinese-addons fcitx5-rime ]; + #enabled = "fcitx5"; + #fcitx5.addons = with pkgs; [ fcitx5-chinese-addons fcitx5-rime ]; }; - systemd.tmpfiles.rules = [ "d ${state-dir}/lib/cups 755 root root - -" ]; + systemd.tmpfiles.rules = [ + "d ${state-dir}/lib/cups 755 root root - -" + "d ${state-dir}/services/yggdrasil 700 root root - -" + ]; fileSystems = { "/var/lib/cups" = { device = "${state-dir}/lib/cups"; options = [ "bind" ]; }; + + # "/var/lib/private/yggdrasil" = { + # device = "${state-dir}/services/yggdrasil"; + # options = [ "bind" ]; + # }; }; - # fudo.adguard-dns-proxy = { - # enable = true; - # http.listen-ip = "10.0.0.108"; - # dns.listen-port = 1053; - # local-domain-name = "sea.fudo.org"; - # verbose = true; - # }; + services = { + yggdrasil = { + enable = true; + persistentKeys = true; + group = "wheel"; + }; + }; } diff --git a/config/host-config/toothless.nix b/config/host-config/toothless.nix index ac4552e..44d12af 100644 --- a/config/host-config/toothless.nix +++ b/config/host-config/toothless.nix @@ -28,23 +28,59 @@ in { ''; fudo = { + # minecraft-server = { + # enable = true; + # data-dir = "/state/services/minecraft"; + # world-name = "TLS"; + # motd = "Welcome to Jasper's TLS minecraft server."; + # game-mode = "survival"; + # difficulty = 1; + # allow-cheats = true; + # allocated-memory = 16; + # port = 25555; + # query-port = 25556; + # rcon-port = 25557; + # world-seed = 2090763904884813452; + # }; minecraft-clj = { enable = true; state-directory = "/state/services/minecraft-clj"; admins = [ "fudoniten" ]; worlds = { - REPLand = { allocated-memory = 8; }; - wof = { - world-name = "WorldOfFun"; - world-seed = 2059666523504992; - port = 25567; - difficulty = "medium"; - game-mode = "survival"; - motd = "Welcome to the World of Fun!"; - allow-cheats = true; - allocated-memory = 16; - pvp = false; + REPLand = { + allocated-memory = 8; + port = 25565; + query-port = 25566; + rcon-port = 25567; }; + tls = { + world-name = "TLS"; + motd = "Welcome to Jasper's TLS minecraft world"; + world-seed = 1613434103; + port = 25555; + query-port = 25556; + rcon-port = 25557; + game-mode = "survival"; + difficulty = "easy"; + allow-cheats = true; + pvp = false; + allocated-memory = 16; + package = pkgs.papermc-current; + }; + # wof = { + # world-name = "WorldOfFun"; + # # world-seed = 2059666523504992; + # world-seed = 2090763904884813452; + # port = 25568; + # query-port = 25569; + # rcon-port = 25570; + # difficulty = "medium"; + # game-mode = "survival"; + # motd = "Welcome to the World of Fun!"; + # allow-cheats = true; + # allocated-memory = 16; + # pvp = false; + # }; }; }; }; diff --git a/config/host-config/toothless/factorio.nix b/config/host-config/toothless/factorio.nix index 37649d6..908420f 100644 --- a/config/host-config/toothless/factorio.nix +++ b/config/host-config/toothless/factorio.nix @@ -177,7 +177,7 @@ in { }" (optionalString cfg.loadLatestSave "--start-server-load-latest") (optionalString (cfg.mods != [ ]) - "--mod-directory=${pkgs.factorio-utils.mkModDirDrv cfg.mods}") + "--mod-directory=${pkgs.factorio-utils.mkModDirDrv cfg.mods null}") (optionalString (cfg.admins != [ ]) "--server-adminlist=${ pkgs.writeText "factorio-server-adminlist.json" (builtins.toJSON cfg.admins) diff --git a/config/host-config/wormhole0.nix b/config/host-config/wormhole0.nix index 2519bc3..c36d08e 100644 --- a/config/host-config/wormhole0.nix +++ b/config/host-config/wormhole0.nix @@ -14,206 +14,291 @@ let pkgs.lib.passwd.stablerandom-passwd-file "zigbee2mqtt-passwd" config.instance.build-seed; + teslaMateMqttPasswdFile = + pkgs.lib.passwd.stablerandom-passwd-file "tesla-mate-mqtt-passwd" + config.instance.build-seed; + + nitenMqttPasswdFile = + pkgs.lib.passwd.stablerandom-passwd-file "niten-mqtt-passwd" + config.instance.build-seed; + + nodeRedPasswdFile = + pkgs.lib.passwd.stablerandom-passwd-file "node-red-mqtt-passwd" + config.instance.build-seed; + + teslaMatePort = 4400; + teslaGraphPort = 4401; + + nodeRedPort = 1880; + host-secrets = config.fudo.secrets.host-secrets.${hostname}; host-passwds = config.fudo.secrets.files.service-passwords.${hostname}; in { - boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; }; + imports = [ + (import ./wormhole0/home-assistant.nix { + homeAssistantImage = "ghcr.io/home-assistant/home-assistant:2023.9"; + nodeRedImage = "nodered/node-red:3.1.0-14"; + inherit nodeRedPort; + stateDirectory = "/state/services/arion-home-assistant"; + }) + ]; - networking = { - hostName = hostname; + config = { + boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; }; - firewall = { enable = false; }; + networking = { + hostName = hostname; - defaultGateway = { - address = "10.0.0.1"; - interface = "intif0"; - }; + firewall = { enable = false; }; - nameservers = [ "10.0.0.1" ]; - - interfaces = { - intif0 = { - useDHCP = false; - ipv4 = { - addresses = [{ - address = primary-ip; - prefixLength = 16; - }]; - }; + defaultGateway = { + address = "10.0.0.1"; + interface = "intif0"; }; - wormif0.useDHCP = true; + nameservers = [ "10.0.0.1" ]; - wlp2s0.useDHCP = false; + interfaces = { + intif0 = { + useDHCP = false; + ipv4 = { + addresses = [{ + address = primary-ip; + prefixLength = 16; + }]; + }; + }; + + wormif0.useDHCP = true; + + wlp2s0.useDHCP = false; + }; + + dhcpcd.extraConfig = concatStringsSep "\n" [ "nogateway" ]; }; - dhcpcd.extraConfig = concatStringsSep "\n" [ "nogateway" ]; - }; - - fudo.services.mqtt = { - enable = true; - state-directory = "${state-dir}/services/mosquitto"; - private = { + fudo.services.mqtt = { enable = true; - users = { - zigbee2mqtt = { - password-file = zigbee2mqtt-passwd-file; - acl = [ "readwrite #" ]; - }; - home-assistant = { - password-file = host-passwds.mosquitto-home-assistant; - acl = [ "readwrite #" ]; + state-directory = "${state-dir}/services/mosquitto"; + private = { + enable = true; + users = { + zigbee2mqtt = { + password-file = zigbee2mqtt-passwd-file; + acl = [ "readwrite #" ]; + }; + home-assistant = { + password-file = host-passwds.mosquitto-home-assistant; + acl = [ "readwrite #" ]; + }; + tesla-mate = { + password-file = teslaMateMqttPasswdFile; + acl = [ "readwrite teslamate/cars/#" ]; + }; + niten = { + password-file = nitenMqttPasswdFile; + acl = [ "readwrite #" ]; + }; + node-red = { + password-file = nodeRedPasswdFile; + acl = [ "readwrite #" ]; + }; }; }; }; - }; - systemd = { + systemd = { + services = { + wormhole-route = { + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + serviceConfig = { + ExecStart = + "${pkgs.iproute2}/bin/ip route add 192.168.86.0/24 dev wormif0"; + ExecStop = + "${pkgs.iproute2}/bin/ip route del 192.168.86.0/24 dev wormif0"; + RemainAfterExit = true; + }; + }; + }; + + tmpfiles.rules = [ + "L /root/.gnupg - - - - ${state-dir}/user/root/gnupg" + "L /root/.ssh/id_rsa - - - - ${state-dir}/user/root/ssh/id_rsa" + "L /root/.ssh/id_rsa.pub - - - - ${state-dir}/user/root/ssh/id_rsa.pub" + "L /root/.ssh/known_hosts - - - - ${state-dir}/user/root/ssh/known_hosts" + "L /etc/adjtime - - - - ${state-dir}/etc/adjtime" + "d /state/services 0711 root root - -" + "d ${zigbee2mqtt-statedir} 0700 ${zigbee2mqtt-user} - - -" + ]; + }; + + users.groups = let + zigbee2mqtt-user = config.systemd.services.zigbee2mqtt.serviceConfig.User; + in { dialout.members = [ zigbee2mqtt-user ]; }; + services = { - wormhole-route = { - wantedBy = [ "multi-user.target" ]; - after = [ "network-online.target" ]; - serviceConfig = { - ExecStart = - "${pkgs.iproute2}/bin/ip route add 192.168.86.0/24 dev wormif0"; - ExecStop = - "${pkgs.iproute2}/bin/ip route del 192.168.86.0/24 dev wormif0"; - RemainAfterExit = true; + openssh.hostKeys = [ + { + path = "${state-dir}/ssh/ssh_host_rsa_key"; + type = "rsa"; + bits = 4096; + } + { + path = "${state-dir}/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + ]; + + nginx = { + enable = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedGzipSettings = true; + + virtualHosts = { + + "home-assist.sea.fudo.org" = { + locations."/" = { + proxyPass = "http://localhost:${toString home-assistant-port}"; + proxyWebsockets = true; + }; + }; + + "node-red.sea.fudo.org" = { + locations."/" = { + proxyPass = "http://localhost:${toString nodeRedPort}"; + proxyWebsockets = true; + }; + }; + + "tesla-mate.sea.fudo.org" = { + locations."/" = { + proxyPass = "http://localhost:${toString teslaMatePort}"; + proxyWebsockets = true; + }; + }; + + "tesla-graph.sea.fudo.org" = { + locations."/" = { + proxyPass = "http://localhost:${toString teslaGraphPort}"; + proxyWebsockets = true; + }; + }; }; }; + + # mosquitto = { + # enable = true; + # dataDir = mosquitto-statedir; + # listeners = [{ + # settings.allow_anonymous = false; + # port = 1883; + # address = "0.0.0.0"; + # users = { + # zigbee2mqtt = { + # passwordFile = + # host-secrets.mosquitto-zigbee2mqtt-passwd.target-file; + # acl = [ "readwrite #" ]; + # }; + # home-assistant = { + # passwordFile = + # host-secrets.mosquitto-home-assistant-passwd.target-file; + # acl = [ "readwrite #" ]; + # }; + # niten = { + # passwordFile = host-secrets.mosquitto-niten-passwd.target-file; + # acl = [ "readwrite #" ]; + # }; + # # xiaoxuan = { + # # passwordFile = host-secrets.mosquitto-xiaoxuan-passwd.target-file; + # # acl = [ "readwrite #" ]; + # # }; + # # wallfly = { + # # passwordFile = host-secrets.mosquitto-wallfly-passwd.target-file; + # # acl = [ "readwrite homeassistant/binary_sensor/#" ]; + # # }; + # }; + # }]; + # }; + + zigbee2mqtt = { + enable = true; + dataDir = zigbee2mqtt-statedir; + package = pkgs.pkgsUnstable.zigbee2mqtt; + settings = { + homeassistant = true; + permit_join = true; + serial.port = "/dev/ttyUSB0"; + mqtt = let + mqttHost = config.fudo.services.mqtt.mqtt-hostname; + mqttPort = config.fudo.services.mqtt.private.port; + in { + server = "mqtt://${mqttHost}:${toString mqttPort}"; + user = "zigbee2mqtt"; + password = readFile zigbee2mqtt-passwd-file; + # TODO: could make a yaml file containing password + # described https://www.zigbee2mqtt.io/guide/configuration/mqtt.html#server-connection + # Weird, though. + }; + advanced.log_level = "debug"; + }; + }; + + avahi = { + enable = true; + reflector = true; + interfaces = [ "intif0" "worm0" ]; + }; + + teslaMateContainer = { + enable = true; + mqtt = { + host = config.fudo.services.mqtt.mqtt-hostname; + port = config.fudo.services.mqtt.private.port; + user = "tesla-mate"; + password = readFile teslaMateMqttPasswdFile; + }; + port = teslaMatePort; + grafana-port = teslaGraphPort; + state-directory = "/state/services/tesla-mate"; + }; }; - tmpfiles.rules = [ - "L /root/.gnupg - - - - ${state-dir}/user/root/gnupg" - "L /root/.ssh/id_rsa - - - - ${state-dir}/user/root/ssh/id_rsa" - "L /root/.ssh/id_rsa.pub - - - - ${state-dir}/user/root/ssh/id_rsa.pub" - "L /root/.ssh/known_hosts - - - - ${state-dir}/user/root/ssh/known_hosts" - "L /etc/adjtime - - - - ${state-dir}/etc/adjtime" - "d /state/services 0711 root root - -" - "d ${zigbee2mqtt-statedir} 0700 ${zigbee2mqtt-user} - - -" - ]; + virtualisation = { + docker = { + enable = false; + #enableOnBoot = true; + #autoPrune.enable = true; + }; + + podman = { + enable = true; + dockerSocket.enable = true; + autoPrune.enable = true; + }; + + arion.backend = "podman-socket"; + + # oci-containers = { + # backend = "podman"; + # containers = { + # home-assistant = { + # image = "homeassistant/home-assistant:stable"; + # autoStart = true; + # environment.TZ = config.time.timeZone; + # #ports = [ "${toString home-assistant-port}:8123" ]; + # volumes = [ "/state/services/home-assistant:/config" ]; + # extraOptions = [ "--network=host" ]; + # }; + # }; + # }; + }; + + security.sudo.extraConfig = '' + # Due to rollback, sudo will lecture after every reboot + Defaults lecture = never + ''; }; - - users.groups = let - zigbee2mqtt-user = config.systemd.services.zigbee2mqtt.serviceConfig.User; - in { dialout.members = [ zigbee2mqtt-user ]; }; - - services = { - openssh.hostKeys = [ - { - path = "${state-dir}/ssh/ssh_host_rsa_key"; - type = "rsa"; - bits = 4096; - } - { - path = "${state-dir}/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - } - ]; - - nginx = { - enable = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedGzipSettings = true; - - virtualHosts."home-assist.sea.fudo.org" = { - locations."/" = { - proxyPass = "http://localhost:${toString home-assistant-port}"; - proxyWebsockets = true; - }; - }; - }; - - # mosquitto = { - # enable = true; - # dataDir = mosquitto-statedir; - # listeners = [{ - # settings.allow_anonymous = false; - # port = 1883; - # address = "0.0.0.0"; - # users = { - # zigbee2mqtt = { - # passwordFile = - # host-secrets.mosquitto-zigbee2mqtt-passwd.target-file; - # acl = [ "readwrite #" ]; - # }; - # home-assistant = { - # passwordFile = - # host-secrets.mosquitto-home-assistant-passwd.target-file; - # acl = [ "readwrite #" ]; - # }; - # niten = { - # passwordFile = host-secrets.mosquitto-niten-passwd.target-file; - # acl = [ "readwrite #" ]; - # }; - # # xiaoxuan = { - # # passwordFile = host-secrets.mosquitto-xiaoxuan-passwd.target-file; - # # acl = [ "readwrite #" ]; - # # }; - # # wallfly = { - # # passwordFile = host-secrets.mosquitto-wallfly-passwd.target-file; - # # acl = [ "readwrite homeassistant/binary_sensor/#" ]; - # # }; - # }; - # }]; - # }; - - zigbee2mqtt = { - enable = true; - dataDir = zigbee2mqtt-statedir; - package = pkgs.pkgsUnstable.zigbee2mqtt; - settings = { - homeassistant = true; - permit_join = true; - serial.port = "/dev/ttyUSB0"; - mqtt = let - mqttHost = config.fudo.services.mqtt.mqtt-hostname; - mqttPort = config.fudo.services.mqtt.private.port; - in { - server = "mqtt://${mqttHost}:${toString mqttPort}"; - user = "zigbee2mqtt"; - password = readFile zigbee2mqtt-passwd-file; - # TODO: could make a yaml file containing password - # described https://www.zigbee2mqtt.io/guide/configuration/mqtt.html#server-connection - # Weird, though. - }; - advanced.log_level = "debug"; - }; - }; - - avahi = { - enable = true; - reflector = true; - interfaces = [ "intif0" "worm0" ]; - }; - }; - - virtualisation = { - docker = { - enable = true; - enableOnBoot = true; - autoPrune.enable = true; - }; - - oci-containers = { - backend = "docker"; - containers = { - home-assistant = { - image = "homeassistant/home-assistant:stable"; - autoStart = true; - environment.TZ = config.time.timeZone; - #ports = [ "${toString home-assistant-port}:8123" ]; - volumes = [ "/state/services/home-assistant:/config" ]; - extraOptions = [ "--network=host" ]; - }; - }; - }; - }; - - security.sudo.extraConfig = '' - # Due to rollback, sudo will lecture after every reboot - Defaults lecture = never - ''; } diff --git a/config/host-config/wormhole0/home-assistant.nix b/config/host-config/wormhole0/home-assistant.nix new file mode 100644 index 0000000..f47642e --- /dev/null +++ b/config/host-config/wormhole0/home-assistant.nix @@ -0,0 +1,75 @@ +{ homeAssistantImage, nodeRedImage, nodeRedPort ? 1880, stateDirectory, ... }: + +{ config, lib, pkgs, ... }: + +with lib; +let + homeAssistantUid = 730; + nodeRedUid = 731; +in { + config = { + users = { + users = { + home-assistant = { + isSystemUser = true; + group = "home-assistant"; + uid = homeAssistantUid; + }; + home-assistant-node-red = { + isSystemUser = true; + group = "home-assistant"; + uid = nodeRedUid; + }; + }; + + groups.home-assistant = { + members = [ "home-assistant" ] ++ config.instance.local-admins; + }; + }; + + systemd = { + services.arion-home-assistant = { + requires = [ "podman.service" "mosquitto.service" ]; + after = [ + "podman.service" + "network-online.target" + "fudo-secrets.target" + "mosquitto.service" + ]; + }; + tmpfiles.rules = [ + "d ${stateDirectory}/config 0770 ${ + toString homeAssistantUid + } home-assistant - -" + "d ${stateDirectory}/node-red 0700 ${toString nodeRedUid} root - -" + ]; + }; + + virtualisation.arion.projects.home-assistant.settings = let + image = { pkgs, ... }: { + project.name = "home-assistant"; + services = { + home-assistant.service = { + image = homeAssistantImage; + restart = "always"; + volumes = [ + "${stateDirectory}/config:/config" + "/etc/localtime:/etc/localtime:ro" + ]; + user = "${toString homeAssistantUid}:${toString homeAssistantUid}"; + network_mode = "host"; + }; + node-red.service = { + image = nodeRedImage; + restart = "always"; + volumes = [ "${stateDirectory}/node-red:/data" ]; + ports = [ "${toString nodeRedPort}:1880" ]; + depends_on = [ "home-assistant" ]; + environment.TZ = config.time.timeZone; + user = "${toString nodeRedUid}:${toString nodeRedUid}"; + }; + }; + }; + in { imports = [ image ]; }; + }; +} diff --git a/config/host-config/zbox.nix b/config/host-config/zbox.nix index c351e9c..5a4e370 100644 --- a/config/host-config/zbox.nix +++ b/config/host-config/zbox.nix @@ -15,8 +15,8 @@ in { }; i18n.inputMethod = { - enabled = "fcitx5"; - fcitx5.addons = with pkgs; [ fcitx5-chinese-addons fcitx5-rime ]; + #enabled = "fcitx5"; + # fcitx5.addons = with pkgs; [ fcitx5-chinese-addons fcitx5-rime ]; }; systemd.tmpfiles.rules = [ diff --git a/config/instance.nix b/config/instance.nix index 987a2bf..fd5cf40 100644 --- a/config/instance.nix +++ b/config/instance.nix @@ -1,7 +1,6 @@ { config, lib, pkgs, ... }: -with lib; -{ +with lib; { config = let local-host = config.instance.hostname; local-domain = config.fudo.hosts.${local-host}.domain; @@ -13,8 +12,8 @@ with lib; host-user-list = host.local-users; domain-user-list = config.fudo.domains."${local-domain}".local-users; site-user-list = config.fudo.sites."${local-site}".local-users; - all-users = - getAttrs (host-user-list ++ domain-user-list ++ site-user-list) config.fudo.users; + all-users = getAttrs (host-user-list ++ domain-user-list ++ site-user-list) + config.fudo.users; host-admin-list = host.local-admins; domain-admin-list = config.fudo.domains."${local-domain}".local-admins; @@ -26,38 +25,26 @@ with lib; site-group-list = config.fudo.sites."${local-site}".local-groups; local-groups = getAttrs (host-group-list ++ domain-group-list ++ site-group-list) - config.fudo.groups; + config.fudo.groups; - local-hosts = - filterAttrs (host: hostOpts: hostOpts.site == local-site) config.fudo.hosts; + local-hosts = filterAttrs (host: hostOpts: hostOpts.site == local-site) + config.fudo.hosts; - local-networks = - host.local-networks ++ - config.fudo.domains.${local-domain}.local-networks ++ - config.fudo.sites.${local-site}.local-networks; + local-networks = host.local-networks + ++ config.fudo.domains."${local-domain}".local-networks + ++ config.fudo.sites."${local-site}".local-networks; local-profile = host.profile; host-fqdn = "${config.instance.hostname}.${local-domain}"; local-users = - if (host.hardened) then - getAttrs local-admins all-users - else all-users; + if (host.hardened) then getAttrs local-admins all-users else all-users; in { instance = { - inherit - host-fqdn - local-domain - local-site - local-users - local-admins - local-groups - local-hosts - local-profile - local-networks - local-zone; + inherit host-fqdn local-domain local-site local-users local-admins + local-groups local-hosts local-profile local-networks local-zone; }; }; } diff --git a/config/profile-config/common.nix b/config/profile-config/common.nix index 64db72a..4f49e92 100644 --- a/config/profile-config/common.nix +++ b/config/profile-config/common.nix @@ -31,7 +31,7 @@ in { in concatMap nix-files import-paths; config = { - fudo = { hosts.${hostname}.local-networks = [ "::1/128" ]; }; + fudo = { hosts."${hostname}".local-networks = [ "::1/128" ]; }; system.autoUpgrade.enable = false; @@ -55,20 +55,22 @@ in { openssh = { enable = true; startWhenNeeded = true; - useDns = true; - permitRootLogin = "prohibit-password"; - # extraConfig = '' - # GSSAPIAuthentication yes - # GSSAPICleanupCredentials yes - # GSSAPIKeyExchange yes - # GSSAPIStoreCredentialsOnRekey yes - # ''; - # FIXME: This is temporary! Getting error: Unsupported KEX algorithm "sntrup761x25519-sha512@openssh.com" - kexAlgorithms = [ - "curve25519-sha256" - "curve25519-sha256@libssh.org" - "diffie-hellman-group-exchange-sha256" - ]; + settings = { + UseDns = true; + PermitRootLogin = "prohibit-password"; + # extraConfig = '' + # GSSAPIAuthentication yes + # GSSAPICleanupCredentials yes + # GSSAPIKeyExchange yes + # GSSAPIStoreCredentialsOnRekey yes + # ''; + # FIXME: This is temporary! Getting error: Unsupported KEX algorithm "sntrup761x25519-sha512@openssh.com" + # kexAlgorithms = [ + # "curve25519-sha256" + # "curve25519-sha256@libssh.org" + # "diffie-hellman-group-exchange-sha256" + # ]; + }; }; fail2ban = diff --git a/config/profile-config/host/kerberos.nix b/config/profile-config/host/kerberos.nix index 8acdb25..6e9c2c3 100644 --- a/config/profile-config/host/kerberos.nix +++ b/config/profile-config/host/kerberos.nix @@ -43,6 +43,7 @@ in { paths."${hostname}-keytab-watcher" = { wantedBy = [ "default.target" ]; description = "Watch host keytab for changes."; + after = [ "fudo-secrets.target" ]; pathConfig = { PathChanged = host-keytab; Unit = "${hostname}-keytab-watcher.service"; @@ -55,14 +56,17 @@ in { "When host keytab is available or changed, activate copy job."; path = with pkgs; [ systemd ]; serviceConfig = { Type = "oneshot"; }; + after = [ "fudo-secrets.target" ]; script = "systemctl restart ${hostname}-copy-keytab.service"; }; "${hostname}-copy-keytab" = { description = "Copy the host krb5.keytab into place once it's available."; + after = [ "fudo-secrets.target" "fudo-secret-host-keytab.service" ]; + wantedBy = [ "default.target" ]; serviceConfig = { - Type = "simple"; + Type = "oneshot"; RemainAfterExit = true; ExecStart = pkgs.writeShellScript "${hostname}-copy-keytab.sh" '' [ -f ${host-keytab} ] || exit 1 @@ -79,7 +83,7 @@ in { }; }; - fudo.secrets.host-secrets.${hostname}.host-keytab = + fudo.secrets.host-secrets."${hostname}".host-keytab = mkIf (keytab-file != null) { source-file = keytab-file; target-file = "/run/kerberos/krb5.keytab"; diff --git a/config/service/authoritative-dns.nix b/config/service/authoritative-dns.nix new file mode 100644 index 0000000..3418b46 --- /dev/null +++ b/config/service/authoritative-dns.nix @@ -0,0 +1,338 @@ +{ config, lib, pkgs, ... }@toplevel: + +with lib; +let + hostname = config.instance.hostname; + + cfg = config.fudo.services.authoritative-dns; + + hostSecrets = config.fudo.secrets.host-secrets."${hostname}"; + + domainName = config.instance.local-domain; + # domain = config.fudo.domains."${domainName}"; + # primaryNameserver = domain.primaryNameserver; + # isPrimaryNameserver = primary-nameserver == hostname; + + zoneKeySecret = zone: "${zone}-ksk"; + + nameserverOpts = { name, ... }: { + options = with types; { + hostname = mkOption { + type = str; + description = "Hostname of the external nameserver."; + default = name; + }; + + ipv4-address = mkOption { + type = nullOr str; + description = "Host ipv4 address of the external nameserver."; + default = null; + }; + + ipv6-address = mkOption { + type = nullOr str; + description = "Host ipv6 address of the external nameserver."; + default = null; + }; + + authoritative-hostname = mkOption { + type = nullOr str; + description = "Authoritative hostname of this nameserver."; + default = null; + }; + + description = mkOption { + type = str; + description = "Description of the external nameserver."; + }; + }; + }; + + networkHostOpts = { + options = with types; { + hostname = mkOption { + type = str; + description = "Hostname."; + }; + ipv4-address = mkOption { + type = nullOr str; + description = "The V4 IP of a given host, if any."; + default = null; + }; + + ipv6-address = mkOption { + type = nullOr str; + description = "The V6 IP of a given host, if any."; + default = null; + }; + + mac-address = mkOption { + type = nullOr str; + description = + "The MAC address of a given host, if desired for IP reservation."; + default = null; + }; + + description = mkOption { + type = nullOr str; + description = "Description of the host."; + default = null; + }; + + sshfp-records = mkOption { + type = listOf str; + description = "List of SSHFP records for this host."; + default = [ ]; + }; + }; + }; + + zoneOpts = { name, ... }: + let zoneName = name; + in { + options = with types; { + enable = mkOption { + type = bool; + description = "Enable ${zone-name} zone on the local nameserver."; + default = true; + }; + + default-host = mkOption { + type = nullOr (submodule networkHostOpts); + description = + "Host which will respond to requests for the base domain."; + default = null; + }; + + external-nameservers = mkOption { + type = listOf (submodule nameserverOpts); + description = "List of external nameserver clauses."; + default = [ ]; + }; + + domain = mkOption { + type = str; + description = "Domain which this zone serves."; + default = zoneName; + }; + + ksk = mkOption { + type = nullOr (submodule { + options = { + private-key = mkOption { + type = path; + description = "KSK private key."; + }; + public-key = mkOption { + type = path; + description = "KSK public key."; + }; + ds = mkOption { + type = path; + description = "KSK ds record."; + }; + }; + }); + description = + "Location of the zone-signing private & public keys and DS record."; + default = + toplevel.config.fudo.secrets.files.dns.key-signing-keys."${zoneName}"; + }; + }; + }; + +in { + options.fudo.services.authoritative-dns = with types; { + enable = mkEnableOption "Enable Authoritative DNS server."; + + zones = mkOption { + type = attrsOf (submodule zoneOpts); + description = "Map of served zone to extra zone details."; + default = { }; + }; + + nameservers = { + primary = mkOption { + type = str; + description = "Hostname of the primary nameserver."; + }; + + secondary = mkOption { + type = listOf str; + description = "List of internal secondary nameservers."; + default = [ ]; + }; + }; + + state-directory = mkOption { + type = str; + description = + "Directory at which to store DNS state data, including keys."; + }; + }; + + config = { + fudo = { + secrets.host-secrets."${hostname}" = mkIf cfg.enable (mapAttrs' + (zone: zoneCfg: + nameValuePair (zoneKeySecret zone) { + source-file = zoneCfg.ksk.private-key; + target-file = "/run/nsd/${baseNameOf zoneCfg.ksk.private-key}"; + user = config.fudo.nsd.user; + }) (filterAttrs (_: zoneCfg: zoneCfg.ksk != null) cfg.zones)); + + zones = mapAttrs (zone-name: zoneCfg: + let + domainName = zoneCfg.domain; + domain = config.fudo.domains."${domainName}"; + + makeSrvRecord = port: host: { inherit port host; }; + + # servedDomain = domain.primary-nameserver != null; + + # primaryNameserver = domain.primary-nameserver; + + isPrimaryNameserver = hostname == cfg.nameservers.primary; + + internalNameserverHostnames = [ cfg.nameservers.primary ] + ++ cfg.nameservers.secondary; + + getNsDeets = hostname: + let hostDomain = config.fudo.hosts."${hostname}".domain; + in { + ipv4-address = pkgs.lib.network.host-ipv4 config hostname; + ipv6-address = pkgs.lib.network.host-ipv6 config hostname; + description = + "${domainName} nameserver ${hostname}.${hostDomain}."; + }; + + nameserverDeets = let + internalNameservers = map getNsDeets internalNameserverHostnames; + in internalNameservers ++ zoneCfg.external-nameservers; + + hasAuthHostname = nsHost: nsOpts: + (hasAttr "authoritative-hostname" nsOpts) + && (nsOpts.authoritative-hostname != null); + + allNameservers = listToAttrs + (imap1 (i: nsOpts: nameValuePair "ns${toString i}" nsOpts) + nameserverDeets); + + nameserverAliases = + mapAttrs (hostname: opts: "${opts.authoritative-hostname}.") + (filterAttrs hasAuthHostname allNameservers); + + nameserverHosts = mapAttrs (hostname: opts: { + inherit (opts) ipv4-address ipv6-address description; + }) (filterAttrs (hostname: opts: !hasAuthHostname hostname opts) + allNameservers); + + dnsSrvRecords = let + nameserverSrvRecords = mapAttrsToList (hostname: hostOpts: + let + targetHost = if (hasAuthHostname hostname hostOpts) then + "${hostOpts.authoritative-hostname}" + else + "${hostname}.${domainName}"; + in makeSrvRecord 53 targetHost) allNameservers; + in { + tcp.domain = nameserverSrvRecords; + udp.domain = nameserverSrvRecords; + }; + + mailSrvRecords = mkIf (!isNull domain.primary-mailserver) (let + mailDomainName = + config.fudo.hosts."${domain.primary-mailserver}".domain; + in { + tcp = { + smtp = [{ + host = "smtp.${mailDomainName}"; + port = 25; + }]; + imap = [{ + host = "imap.${mailDomainName}"; + port = 143; + }]; + imaps = [{ + host = "imap.${mailDomainName}"; + port = 993; + }]; + submission = [{ + host = "smtp.${mailDomainName}"; + port = 587; + }]; + submissions = [{ + host = "smtp.${mailDomainName}"; + port = 465; + }]; + }; + udp = { + smtp = [{ + host = "smtp.${mailDomainName}"; + port = 25; + }]; + submission = [{ + host = "smtp.${mailDomainName}"; + port = 587; + }]; + }; + }); + + in { + gssapi-realm = mkIf (!isNull domain.gssapi-realm) domain.gssapi-realm; + + hosts = nameserverHosts; + # Don't add mailservers: remember SSL! + + aliases = nameserverAliases; + + mx = optional (!isNull domain.primary-mailserver) (let + mailserverDomain = + config.fudo.hosts."${domain.primary-mailserver}".domain; + in "smtp.${mailserverDomain}"); + + dmarc-report-address = mkIf (!isNull domain.primary-mailserver) + "dmarc-report@${domainName}"; + + nameservers = let + directExternal = attrValues nameserverAliases; + internal = map (hostname: "${hostname}.${domainName}.") + (attrNames nameserverHosts); + in internal ++ directExternal; + + srv-records = dnsSrvRecords // mailSrvRecords; + + verbatim-dns-records = mkIf (zoneCfg.ksk != null) [ + (readFile zoneCfg.ksk.public-key) + (readFile zoneCfg.ksk.ds) + ]; + }) cfg.zones; + }; + + services = { + authoritative-dns = { + enable = cfg.enable; + + identity = "${hostname}.${domainName}"; + + listen-ips = + optionals cfg.enable (pkgs.lib.network.host-ips config hostname); + + state-directory = cfg.state-directory; + + timestamp = toString config.instance.build-timestamp; + + domains = mapAttrs' (zoneName: zoneCfg: + nameValuePair zoneCfg.domain { + ksk.key-file = mkIf (hasAttr (zoneKeySecret zoneName) hostSecrets) + hostSecrets."${zoneKeySecret zoneName}".target-file; + zone = let baseZone = config.fudo.zones."${zoneName}"; + in baseZone // { + # FIXME: what's up? + # default-host = baseZone.hosts."${zoneCfg.default-host}"; + }; + }) cfg.zones; + }; + }; + }; +} diff --git a/config/service/backplane.nix b/config/service/backplane.nix index d12a2bc..d936084 100644 --- a/config/service/backplane.nix +++ b/config/service/backplane.nix @@ -110,9 +110,9 @@ in { required-services = [ "fudo-passwords.target" ]; users = { - ${database-powerdns-user} = { + "${database-powerdns-user}" = { password-file = host-secrets.database-powerdns-passwd.target-file; - databases.${database-name} = { + databases."${database-name}" = { access = "CONNECT"; entity-access = { "ALL TABLES IN SCHEMA public" = "SELECT,INSERT,UPDATE,DELETE"; @@ -120,9 +120,9 @@ in { }; }; }; - ${database-backplane-user} = { + "${database-backplane-user}" = { password-file = host-secrets.database-backplane-passwd.target-file; - databases.${database-name} = { + databases."${database-name}" = { access = "CONNECT"; entity-access = { "ALL TABLES IN SCHEMA public" = "SELECT,INSERT,UPDATE,DELETE"; @@ -132,7 +132,7 @@ in { }; }; - databases.${database-name}.users = config.instance.local-admins; + databases."${database-name}".users = config.instance.local-admins; }; backplane = { diff --git a/config/service/dns.nix b/config/service/dns.nix index 275caf9..5582c03 100644 --- a/config/service/dns.nix +++ b/config/service/dns.nix @@ -185,39 +185,16 @@ in { udp.domain = nameserver-srv-records; }; - # # TODO: move this to a mail service - # mail-srv-records = optionalAttrs (domain.primary-mailserver != null) { - # tcp = let - # mailserver-domain = - # config.fudo.hosts.${domain.primary-mailserver}.domain; - # fqdn = "mail.${mailserver-domain}"; - # in { - # smtp = [ (make-srv-record 25 fqdn) ]; - # submission = [ (make-srv-record 587 fqdn) ]; - # imap = [ (make-srv-record 143 fqdn) ]; - # imaps = [ (make-srv-record 993 fqdn) ]; - # pop3 = [ (make-srv-record 110 fqdn) ]; - # pop3s = [ (make-srv-record 995 fqdn) ]; - # }; - # }; - in { gssapi-realm = domain.gssapi-realm; - hosts = nameserver-hosts // { - mail = mkIf (domain.primary-nameserver != null) (let - mailserver-deets = host: - let host-domain = config.fudo.hosts.${host}.domain; - in get-host-deets - "Primary ${domain-name} mailserver ${host}.${host-domain}." host; - in mailserver-deets domain.primary-nameserver); - }; + hosts = nameserver-hosts; aliases = nameserver-aliases; mx = optional (domain.primary-mailserver != null) (let mail-domain-name = - config.fudo.hosts.${domain.primary-mailserver}.domain; + config.fudo.hosts."${domain.primary-mailserver}".domain; in "mail.${mail-domain-name}"); dmarc-report-address = "dmarc-report@${domain-name}"; @@ -230,9 +207,10 @@ in { srv-records = dns-srv-records; # // mail-srv-records; - verbatim-dns-records = mkIf (zone-cfg.ksk != null) [ - (readFile zone-cfg.ksk.public-key) - (readFile zone-cfg.ksk.ds) + verbatim-dns-records = let pthru = o: trace o o; + in mkIf (zone-cfg.ksk != null) [ + (pthru (readFile zone-cfg.ksk.public-key)) + (pthru (readFile zone-cfg.ksk.ds)) ]; }) cfg.zones; @@ -248,7 +226,9 @@ in { nameValuePair zone-cfg.domain { dnssec = zone-cfg.ksk != null; ksk.key-file = host-secrets."${zoneKeySecret zone-name}".target-file; - zone-definition = config.fudo.zones.${zone-name}; + zone-definition = config.fudo.zones."${zone-name}" // { + inherit (zone-cfg) default-host; + }; }) cfg.zones; }; }; diff --git a/config/service/fudo-auth.nix b/config/service/fudo-auth.nix index 1d2ca75..1759468 100644 --- a/config/service/fudo-auth.nix +++ b/config/service/fudo-auth.nix @@ -106,11 +106,12 @@ in { "--realm=${realm}" "--verbose" ]; - in pkgs.writeShellScript "heimdal-kdc-initialize.sh" '' - ${init-db-cmd} - chown ${krb-user}:${krb-group} ${db} - chmod 0700 ${db} - ''; + script = pkgs.writeShellScript "heimdal-kdc-initialize.sh" '' + chown ${krb-user}:${krb-group} ${db} + chmod 0700 ${db} + ${init-db-cmd} + ''; + in "+${script}"; }; }; heimdal-kdc = mkIf kerberos-master { @@ -240,7 +241,7 @@ in { }; }; - zones.${zone-name} = let + zones."${zone-name}" = let make-srv-record = port: hostname: { port = port; host = hostname; diff --git a/config/service/lemmy.nix b/config/service/lemmy.nix new file mode 100644 index 0000000..c923e36 --- /dev/null +++ b/config/service/lemmy.nix @@ -0,0 +1,108 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + lemmyDbPasswd = pkgs.lib.passwd.stablerandom-passwd-file "lemmy-server-passwd" + "lemmy-server-${config.instance.build-seed}"; + + cfg = config.fudo.services.lemmy; + + hostname = config.instance.hostname; + + domainName = config.fudo.hosts."${hostname}".domain; + + postgresqlServer = config.fudo.domains."${domainName}".postgresql-server; + postgresqlFqdn = pkgs.lib.getHostFqdn postgresqlServer; + + isPostgresServer = hostname == postgresqlServer; + + hostSecrets = config.fudo.secrets.host-secrets."${hostname}"; + +in { + options.fudo.services.lemmy = with types; { + enable = mkEnableOption "Enable lemmy server."; + + hostname = mkOption { + type = str; + description = "Hostname at which this server will be reachable."; + }; + + port = mkOption { + type = port; + description = "Port on which to listen for requests"; + default = 8536; + }; + + listen-ip = mkOption { + type = str; + description = "IP on which to listen for incoming requests."; + default = "0.0.0.0"; + }; + }; + + config = mkIf cfg.enable { + fudo = { + secrets.host-secrets."${hostname}" = { + dbLemmyPasswd = mkIf isPostgresServer { + source-file = lemmyDbPasswd; + target-file = "/run/postgres/lemmy.passwd"; + user = config.systemd.services.postgresql.serviceConfig.User; + }; + lemmyEnv = mkIf cfg.enable { + source-file = pkgs.writeText "lemmy.env" '' + LEMMY_DATABASE_URL=postgres:///lemmy:${ + readFile lemmyDbPasswd + }@${postgresqlFqdn}:5432/lemmy + ''; + target-file = "/run/lemmy/env"; + }; + }; + + postgresql = mkIf isPostgresServer { + databases.lemmy.users = config.instance.local-admins; + users.lemmy = { + password-file = hostSecrets.dbLemmyPasswd.target-file; + databases.lemmy = { + access = "CONNECT"; + entity-access = { + "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; + "ALL SEQUENCES IN SCHEMA public" = "ALL PRIVILEGES"; + }; + }; + }; + }; + }; + + systemd.services.lemmy = { + requires = [ "fudo-secret-lemmyEnv.service" ]; + after = [ "fudo-secret-lemmyEnv.service" ]; + environment.LEMMY_DATABASE_URL = mkForce null; + serviceConfig = mkIf cfg.enable { + LoadCredential = [ "env:${hostSecrets.lemmyEnv.target-file}" ]; + EnvironmentFile = "$$CREDENTIALS_DIRECTORY/env"; + }; + }; + + services.lemmy = mkIf cfg.enable { + enable = true; + settings = { + hostname = cfg.hostname; + federation.enabled = true; + captcha.enabled = true; + database = { + user = "lemmy"; + host = pkgs.lib.getHostFqdn postgresqlServer; + database = "lemmy"; + password = readFile lemmyDbPasswd; + }; + bind = cfg.listen-ip; + port = cfg.port; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ cfg.port ]; + allowedUDPPorts = [ cfg.port ]; + }; + }; +} diff --git a/config/service/logging.nix b/config/service/logging.nix index 7dcddae..5d74ac9 100644 --- a/config/service/logging.nix +++ b/config/service/logging.nix @@ -6,15 +6,14 @@ let domain-name = config.fudo.hosts.${hostname}.domain; domain = config.fudo.domains.${domain-name}; - host-fqdn = hostname: let - host-domain = config.fudo.hosts.${hostname}.domain; - in "${hostname}.${host-domain}"; + host-fqdn = hostname: + let host-domain = config.fudo.hosts.${hostname}.domain; + in "${hostname}.${host-domain}"; logAggregationEnabled = domain.log-aggregator != null; isLogAggregator = hostname == domain.log-aggregator; - is-private-network = let - site-name = config.fudo.hosts.${hostname}.site; + is-private-network = let site-name = config.fudo.hosts.${hostname}.site; in config.fudo.sites.${site-name}.local-gateway != null; cfg = config.fudo.services.logging; @@ -60,9 +59,7 @@ in { }; groups = { ${cfg.promtail.user}.members = [ cfg.promtail.user ]; - systemd-journal = { - members = [ cfg.promtail.user ]; - }; + systemd-journal = { members = [ cfg.promtail.user ]; }; }; }; @@ -74,14 +71,14 @@ in { aliases.log-aggregator = "${log-aggregator-fqdn}."; }; - metrics.grafana.datasources = let - scheme = if is-private-network then "http" else "https"; - in { - "loki-${domain.log-aggregator}" = { - url = "${scheme}://log-aggregator.${aggregator-domain}"; - type = "loki"; + metrics.grafana.datasources = + let scheme = if is-private-network then "http" else "https"; + in { + "loki-${domain.log-aggregator}" = { + url = "${scheme}://log-aggregator.${aggregator-domain}"; + type = "loki"; + }; }; - }; }; services = { @@ -89,15 +86,16 @@ in { enable = true; virtualHosts."log-aggregator.${domain-name}" = { - enableACME = ! is-private-network; - forceSSL = ! is-private-network; + enableACME = !is-private-network; + forceSSL = !is-private-network; locations."/" = { proxyPass = "http://127.0.0.1:${toString cfg.loki.port}"; - extraConfig = let - local-networks = config.instance.local-networks; + extraConfig = let local-networks = config.instance.local-networks; in "${optionalString ((length local-networks) > 0) - (concatStringsSep "\n" - (map (network: "allow ${network};") local-networks)) + "\ndeny all;"}"; + (concatStringsSep "\n" + (map (network: "allow ${network};") local-networks)) + '' + + deny all;''}"; }; }; }; @@ -131,23 +129,23 @@ in { working_directory = "${cfg.loki.state-directory}/compactor"; }; - schema_config.configs = [ - { - from = "2022-01-01"; - store = "boltdb-shipper"; - object_store = "filesystem"; - schema = "v11"; - index = { - prefix = "index_"; - period = "24h"; - }; - } - ]; + schema_config.configs = [{ + from = "2022-01-01"; + store = "boltdb-shipper"; + object_store = "filesystem"; + schema = "v11"; + index = { + prefix = "index_"; + period = "24h"; + }; + }]; storage_config = { boltdb_shipper = { - active_index_directory = "${cfg.loki.state-directory}/boltdb-shipper/active"; - cache_location = "${cfg.loki.state-directory}/boltdb-shipper/cache"; + active_index_directory = + "${cfg.loki.state-directory}/boltdb-shipper/active"; + cache_location = + "${cfg.loki.state-directory}/boltdb-shipper/cache"; cache_ttl = "24h"; shared_store = "filesystem"; }; @@ -169,35 +167,41 @@ in { }; }; - systemd = { - tmpfiles.rules = mkIf isLogAggregator (let - user = config.services.loki.user; - statedir = cfg.loki.state-directory; - in [ - "d ${statedir} 0700 ${user} - - -" - "d ${statedir}/boltdb-shipper 0700 ${user} - - -" - "d ${statedir}/boltdb-shipper/active 0700 ${user} - - -" - "d ${statedir}/boltdb-shipper/cache 0700 ${user} - - -" - "d ${statedir}/chunks 0700 ${user} - - -" - "d ${statedir}/compactor 0700 ${user} - - -" - ]); + systemd = let + lokiUser = config.services.loki.user; + statedir = cfg.loki.state-directory; + in { + tmpfiles.rules = optionals isLogAggregator [ + "d ${statedir} 0700 ${lokiUser} - - -" + "d ${statedir}/boltdb-shipper 0700 ${lokiUser} - - -" + "d ${statedir}/boltdb-shipper/active 0700 ${lokiUser} - - -" + "d ${statedir}/boltdb-shipper/cache 0700 ${lokiUser} - - -" + "d ${statedir}/chunks 0700 ${lokiUser} - - -" + "d ${statedir}/compactor 0700 ${lokiUser} - - -" + ]; - services.promtail = let - scheme = if is-private-network then "http" else "https"; + services = { + loki.serviceConfig = mkIf isLogAggregator { + ExecStartPre = + "+${pkgs.coreutils}/bin/chown -R ${lokiUser}:root ${statedir}"; + }; - loki-host = host-fqdn domain.log-aggregator; + promtail = let + scheme = if is-private-network then "http" else "https"; - config = builtins.toJSON { - server = { - http_listen_port = cfg.promtail.http-listen-port; - grpc_listen_port = cfg.promtail.grpc-listen-port; - }; - positions.filename = "/tmp/positions.yml"; - clients = [ - { url = "${scheme}://log-aggregator.${domain-name}/loki/api/v1/push"; } - ]; - scrape_configs = [ - { + loki-host = host-fqdn domain.log-aggregator; + + config = builtins.toJSON { + server = { + http_listen_port = cfg.promtail.http-listen-port; + grpc_listen_port = cfg.promtail.grpc-listen-port; + }; + positions.filename = "/tmp/positions.yml"; + clients = [{ + url = + "${scheme}://log-aggregator.${domain-name}/loki/api/v1/push"; + }]; + scrape_configs = [{ job_name = "journal"; journal = { max_age = "12h"; @@ -210,20 +214,20 @@ in { source_labels = [ "__journal__systemd_unit" ]; target_label = "unit"; }]; - } - ]; - }; + }]; + }; - config-file = pkgs.writeText "promtail-config.json" config; - in { - description = "PromTail log aggregator client for Loki."; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = '' - ${pkgs.grafana-loki}/bin/promtail --config.file ${config-file} - ''; - User = cfg.promtail.user; - PrivateTmp = true; + config-file = pkgs.writeText "promtail-config.json" config; + in { + description = "PromTail log aggregator client for Loki."; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = '' + ${pkgs.grafana-loki}/bin/promtail --config.file ${config-file} + ''; + User = cfg.promtail.user; + PrivateTmp = true; + }; }; }; }; diff --git a/config/service/mail-server.nix b/config/service/mail-server.nix index e010a8d..246e73e 100644 --- a/config/service/mail-server.nix +++ b/config/service/mail-server.nix @@ -14,6 +14,8 @@ let mailserver-fqdn = "${mailserver-host}.${mailserver-domain-name}"; + hasMailServer = mailserver-host != null; + isMailServer = hostname == mailserver-host; isLocalMailserver = domain-name == mailserver-domain-name; @@ -32,7 +34,7 @@ in { }; }; - config = { + config = mkIf hasMailServer { services.nginx = mkIf (isMailServer && metricsEnabled) { enable = true; recommendedOptimisation = true; @@ -102,27 +104,18 @@ in { srv-record = host: port: [{ inherit host port; }]; in { - hosts = genAttrs [ "imap" "smtp" ] (alias: { - ipv4-address = server-ipv4; - ipv6-address = server-ipv6; - description = - "Primary ${toUpper alias} server for ${mailserver-domain-name}."; - }); - - mx = [ "smtp.${mailserver-domain-name}" ]; - aliases = mkIf metricsEnabled { mail-stats = "${mailserver-fqdn}."; }; - srv-records.tcp = { - pop3 = srv-record mailserver-fqdn 110; - pop3s = srv-record mailserver-fqdn 995; + # srv-records.tcp = { + # pop3 = srv-record mailserver-fqdn 110; + # pop3s = srv-record mailserver-fqdn 995; - imap = srv-record mailserver-fqdn 143; - imaps = srv-record mailserver-fqdn 993; + # imap = srv-record mailserver-fqdn 143; + # imaps = srv-record mailserver-fqdn 993; - smtp = srv-record mailserver-fqdn 25; - submission = srv-record mailserver-fqdn 587; - }; + # smtp = srv-record mailserver-fqdn 25; + # submission = srv-record mailserver-fqdn 587; + # }; metric-records = mkIf metricsEnabled (genAttrs [ "dovecot" "postfix" "rspamd" ] @@ -168,7 +161,19 @@ in { mail-directory = "${cfg.state-directory}/mail"; state-directory = "${cfg.state-directory}/state"; - trusted-networks = config.instance.local-networks; + trusted-networks = let + wrapIpv6 = net: + let elems = builtins.split "/" net; + in "[${elemAt elems 0}]/${elemAt elems 2}"; + + in map (network: + if (builtins.match ".*::.*" network) != null then + wrapIpv6 network + else + network) config.instance.local-networks; + + user-aliases = genAttrs (attrNames config.fudo.users) + (username: config.fudo.users."${username}".email-aliases); alias-users = genAttrs [ "root" diff --git a/config/service/metrics.nix b/config/service/metrics.nix index b049b2a..7d69998 100644 --- a/config/service/metrics.nix +++ b/config/service/metrics.nix @@ -3,10 +3,10 @@ with lib; let hostname = config.instance.hostname; - domain-name = config.fudo.hosts.${hostname}.domain; - domain = config.fudo.domains.${domain-name}; + domain-name = config.fudo.hosts."${hostname}".domain; + domain = config.fudo.domains."${domain-name}"; - host-secrets = config.fudo.secrets.host-secrets.${hostname}; + host-secrets = config.fudo.secrets.host-secrets."${hostname}"; notEmpty = lst: (length lst) > 0; @@ -45,28 +45,37 @@ let grafana-smtp-password-file = pkgs.lib.passwd.stablerandom-passwd-file "grafana-smtp-passwd" - "grafana-smtp-passwd-${config.instance.build-seed}"; + config.instance.build-seed; grafana-auth-password-file = pkgs.lib.passwd.stablerandom-passwd-file "grafana-auth-passwd" - "grafana-auth-passwd-${config.instance.build-seed}"; + config.instance.build-seed; grafana-admin-password-file = pkgs.lib.passwd.stablerandom-passwd-file "grafana-admin-passwd" - "grafana-admin-passwd-${config.instance.build-seed}"; + config.instance.build-seed; grafana-secret-key-file = pkgs.lib.passwd.stablerandom-passwd-file "grafana-secret-key" - "grafana-secret-key-${config.instance.build-seed}"; + config.instance.build-seed; - is-private-network = let site-name = config.fudo.hosts.${hostname}.site; - in config.fudo.sites.${site-name}.local-gateway != null; + grafana-database-password-file = + pkgs.lib.passwd.stablerandom-passwd-file "grafana-database-postgres" + config.instance.build-seed; + + site = let site-name = config.fudo.hosts."${hostname}".site; + in config.fudo.sites."${site-name}"; + + is-private-network = site.local-gateway != null; domainToBaseDn = domain: concatStringsSep "," (map (el: "dc=${el}") (splitString "." domain)); ldapEnabled = domain.ldap-servers != [ ]; + isPostgresServer = config.instance.hostname == domain.postgresql-server; + postgresServer = pkgs.lib.getHostFqdn domain.postgresql-server; + in { options.fudo.services.metrics = with types; { prometheus = { @@ -118,28 +127,28 @@ in { }; }; - database = { - hostname = mkOption { - type = str; - description = "Hostname of the postgresql database."; - default = "localhost"; - }; - user = mkOption { - type = str; - description = - "Username as which to authenticate to the postgresql database."; - }; - password-file = mkOption { - type = str; - description = - "Password file (on the target host) which to authenticate to the postgresql database."; - }; - name = mkOption { - type = str; - description = "Database name."; - default = "grafana"; - }; - }; + # database = { + # hostname = mkOption { + # type = str; + # description = "Hostname of the postgresql database."; + # default = "localhost"; + # }; + # user = mkOption { + # type = str; + # description = + # "Username as which to authenticate to the postgresql database."; + # }; + # password-file = mkOption { + # type = str; + # description = + # "Password file (on the target host) which to authenticate to the postgresql database."; + # }; + # name = mkOption { + # type = str; + # description = "Database name."; + # default = "grafana"; + # }; + # }; state-directory = mkOption { type = str; @@ -152,14 +161,14 @@ in { config = mkIf metricsEnabled { fudo = { system-users = { - ${grafana-cfg.smtp.username} = { + "${grafana-cfg.smtp.username}" = { description = "Grafana Alerts"; ldap-hashed-password = pkgs.lib.passwd.hash-ldap-passwd "grafana-smtp-passwd" grafana-smtp-password-file; }; - ${grafana-cfg.ldap.bind-user} = mkIf ((domain.ldap-servers != [ ]) + "${grafana-cfg.ldap.bind-user}" = mkIf ((domain.ldap-servers != [ ]) && (grafana-cfg.ldap.bind-passwd == null)) { description = "Grafana Authentication Reader"; ldap-hashed-password = @@ -168,31 +177,43 @@ in { }; }; - secrets.host-secrets = mkIf metricsMonitor - (let grafana-user = config.systemd.services.grafana.serviceConfig.User; + secrets.host-secrets = + let grafana-user = config.systemd.services.grafana.serviceConfig.User; in { - ${hostname} = { - grafana-smtp-password = { + "${hostname}" = { + grafana-smtp-password = mkIf metricsMonitor { source-file = grafana-smtp-password-file; target-file = "/run/metrics/grafana/smtp.passwd"; user = grafana-user; }; - grafana-admin-password = { + grafana-admin-password = mkIf metricsMonitor { source-file = grafana-admin-password-file; target-file = "/run/metrics/grafana/admin.passwd"; user = grafana-user; }; - grafana-secret-key = { + grafana-secret-key = mkIf metricsMonitor { source-file = grafana-secret-key-file; target-file = "/run/metrics/grafana/secret.key"; user = grafana-user; }; - }; - }); - zones.${domain.zone} = { + grafana-postgresql-password = mkIf metricsMonitor { + source-file = grafana-database-password-file; + target-file = "/run/metrics/grafana/postgres.passwd"; + user = grafana-user; + }; + + postgresql-grafana-password = mkIf isPostgresServer { + source-file = grafana-database-password-file; + target-file = "/run/postgres-users/grafana.passwd"; + user = config.systemd.services.postgresql.serviceConfig.User; + }; + }; + }; + + zones."${domain.zone}" = { aliases = let metrics-aliases = alias-map-to-cnames metrics-alias-map; monitor-aliases = alias-map-to-cnames monitor-alias-map; @@ -217,6 +238,22 @@ in { }; }; + postgresql = mkIf isPostgresServer { + users.grafana = { + password-file = host-secrets.postgresql-grafana-password.target-file; + databases.grafana = { + access = "CONNECT"; + entity-access = { + "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; + # "SELECT,INSERT,UPDATE,DELETE"; + "ALL SEQUENCES IN SCHEMA public" = "ALL PRIVILEGES"; + # "SELECT, UPDATE"; + }; + }; + }; + databases.grafana.users = config.instance.local-admins; + }; + metrics = { node-exporter = { enable = true; @@ -234,9 +271,6 @@ in { in "${alias}.${domain-name}"; state-directory = prometheus-cfg.state-directory; private-network = is-private-network; - # TODO: prometheus 22.05 breaks dns_sd_configs - # Revert when fixed. - package = pkgs.pkgs2111.prometheus; }; grafana = mkIf metricsMonitor { @@ -252,10 +286,11 @@ in { }; database = let cfg = grafana-cfg.database; in { - name = cfg.name; - user = cfg.user; - password-file = cfg.password-file; - hostname = cfg.hostname; + name = "grafana"; + user = "grafana"; + password-file = + host-secrets.grafana-postgresql-password.target-file; + hostname = postgresServer; }; ldap = mkIf (domain.ldap-servers != [ ]) { hosts = map host-fqdn domain.ldap-servers; diff --git a/config/services.nix b/config/services.nix index c1e52ee..14035f1 100644 --- a/config/services.nix +++ b/config/services.nix @@ -2,12 +2,14 @@ { imports = [ + ./service/authoritative-dns.nix # ./service/backplane.nix ./service/chat.nix ./service/chute.nix ./service/dns.nix ./service/fudo-auth.nix ./service/jabber.nix + ./service/lemmy.nix ./service/local-network.nix ./service/logging.nix ./service/mail-server.nix diff --git a/config/site-config/seattle.nix b/config/site-config/seattle.nix index 1150f6f..ae75e06 100644 --- a/config/site-config/seattle.nix +++ b/config/site-config/seattle.nix @@ -3,209 +3,242 @@ with lib; let local-domain = "sea.fudo.org"; in { - fudo.services = { - mqtt = { + # imports = [ ./seattle/authelia.nix ./seattle/keycloak.nix ]; + imports = [ + # (import ./seattle/authentik.nix { + # authentikHost = "nostromo"; + # proxyHost = "limina"; + # externalHostname = "authentik.fudo.link"; + # }) + ]; + + config = { + fudo = { + services = { + mqtt = { + enable = true; + host = "wormhole0"; + }; + + wallfly-presence.enable = true; + + tattler = let snooper-host = "wormhole0"; + in { + enable = true; + verbose = true; + event-topics = [ "suanni/events/motion" ]; + inherit snooper-host; + }; + + suanni = let + listener = "nostromo"; + objectifier = "nostromo"; + in { + enable = true; + event-listener.host = listener; + objectifier.host = objectifier; + synology = { + host = "cargo.sea.fudo.org"; + port = 5001; + username = "suanni"; + password-file = + config.fudo.secrets.files.service-passwords."${listener}".suanni-synology; + }; + }; + }; + + zones."sea.fudo.org" = { + aliases = { + lemmy = "nostromo"; + world-of-fun = "toothless"; + repland = "toothless"; + }; + srv-records.tcp = { + minecraft = [{ + host = "toothless"; + port = 25568; + }]; + }; + }; + }; + + fileSystems = { + # "/mnt/documents" = { + # device = "whitedwarf.${local-domain}:/volume1/Documents"; + # fsType = "nfs4"; + # options = [ "comment=systemd.automount" ]; + # }; + # "/mnt/downloads" = { + # device = "whitedwarf.${local-domain}:/volume1/Downloads"; + # fsType = "nfs4"; + # options = [ "comment=systemd.automount" ]; + # }; + "/mnt/music" = { + device = "doraemon.${local-domain}:/volume1/Music"; + fsType = "nfs"; + options = [ "comment=systemd.automount" ]; + }; + "/mnt/video" = { + device = "doraemon.${local-domain}:/volume1/Video"; + fsType = "nfs"; + options = [ "comment=systemd.automount" ]; + }; + # fileSystems."/mnt/security" = { + # device = "panopticon.${local-domain}:/srv/kerberos/data"; + # fsType = "nfs4"; + # }; + "/mnt/cargo_video" = { + device = "cargo.${local-domain}:/volume1/video"; + fsType = "nfs4"; + options = [ "sec=krb5i" "x-systemd.automount" ]; + }; + "/mnt/photo" = { + device = "cargo.${local-domain}:/volume1/pictures"; + fsType = "nfs4"; + options = [ "sec=krb5i" "x-systemd.automount" ]; + }; + + # "proto=tcp" + + # # NOTE: these are pointing directly to nostromo so the krb lookup works + "/net/documents" = { + device = "nostromo.${local-domain}:/export/documents"; + fsType = "nfs4"; + options = [ + "sec=krb5p" + "x-systemd.automount" + # "vers=4" + # "minorversion=2" + # "proto=tcp" + ]; + }; + "/net/downloads" = { + device = "nostromo.${local-domain}:/export/downloads"; + fsType = "nfs4"; + options = [ + "sec=krb5i" + "x-systemd.automount" + # "vers=4" + # "minorversion=2" + # "proto=tcp" + ]; + }; + "/net/projects" = { + device = "nostromo.${local-domain}:/export/projects"; + fsType = "nfs4"; + options = [ + "sec=krb5p" + "x-systemd.automount" + # "vers=4" + # "minorversion=2" + # "proto=tcp" + ]; + }; + }; + + systemd.services = { + host-keytab-watcher = { + wantedBy = [ + "rpc-gssd-override.service" + "rpc-svcgssd-override.service" + "auth-rpcgss-module.service" + ]; + before = [ + "rpc-gssd-override.service" + "rpc-svcgssd-override.service" + "auth-rpcgss-module.service" + ]; + after = [ config.fudo.secrets.secret-target ]; + serviceConfig = { + ExecStartPre = "${pkgs.coreutils}/bin/test -f /etc/krb5.keytab"; + ExecStart = "${pkgs.coreutils}/bin/true"; + TimeoutStartSec = "360"; + RemainAfterExit = true; + Restart = "on-failure"; + RestartSec = "2"; + }; + }; + + auth-rpcgss-module.enable = false; + rpc-gssd.enable = false; + rpc-svcgssd.enable = false; + + auth-rpcgss-module-override = { + description = "Kernel Module supporting RPCSEC_GSS"; + before = [ + "gssproxy.service" + "rpc-svcgssd-override.service" + "rpc-gssd-override.service" + ]; + wantedBy = [ "nfs-client.target" "nfs-server.target" ]; + wants = [ + "gssproxy.service" + "rpc-svcgssd-override.service" + "rpc-gssd-override.service" + "host-keytab-watcher.service" + ]; + after = [ "host-keytab-watcher.service" ]; + partOf = [ "nfs-utils.service" "nfs-server.service" ]; + unitConfig = { + DefaultDependencies = false; + ConditionPathExists = + [ "|!/run/gssproxy.pid" "|!/proc/net/rpc/use-gss-proxy" ]; + }; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.kmod}/bin/modprobe -q auth_rpcgss"; + RemainAfterExit = true; + }; + }; + + rpc-gssd-override = { + description = "RPC security service for NFS client and server"; + wantedBy = [ "auth-rpcgss-module.service" ]; + conflicts = [ "umount.target" ]; + after = [ + "host-keytab-watcher.service" + "rpc_pipefs.target" + "local-fs.target" + ]; + wants = [ "host-keytab-watcher.service" ]; + requires = [ "rpc_pipefs.target" ]; + partOf = [ "nfs-utils.service" ]; + unitConfig.DefaultDependencies = false; + serviceConfig = { + Type = "forking"; + ExecStart = "${pkgs.nfs-utils}/bin/rpc.gssd"; + Restart = "always"; + }; + }; + + rpc-svcgssd-override = { + description = "RPC security service for NFS server"; + wantedBy = [ "auth-rpcgss-module.service" ]; + after = [ + "host-keytab-watcher.service" + "local-fs.target" + "gssproxy.service" + ]; + wants = [ "host-keytab-watcher.service" ]; + partOf = [ "nfs-utils.service" "nfs-server.service" ]; + unitConfig = { + DefaultDependencies = false; + ConditionPathExists = + [ "|!/run/gssproxy.pid" "|!/proc/net/rpc/use-gss-proxy" ]; + }; + serviceConfig = { + Type = "forking"; + ExecStart = "${pkgs.nfs-utils}/bin/rpc.svcgssd"; + Restart = "always"; + }; + }; + + rpcbind.after = [ "local-fs.target" ]; + }; + + services.printing = { enable = true; - host = "wormhole0"; + drivers = [ pkgs.brgenml1cupswrapper ]; }; - - wallfly-presence.enable = true; - - tattler = let snooper-host = "wormhole0"; - in { - enable = true; - verbose = true; - event-topics = [ "suanni/events/motion" ]; - inherit snooper-host; - }; - - suanni = let - listener = "nostromo"; - objectifier = "lambda"; - in { - enable = true; - event-listener.host = listener; - objectifier.host = objectifier; - synology = { - host = "cargo.sea.fudo.org"; - port = 5001; - username = "suanni"; - password-file = - config.fudo.secrets.files.service-passwords."${listener}".suanni-synology; - }; - }; - }; - - fileSystems = { - # "/mnt/documents" = { - # device = "whitedwarf.${local-domain}:/volume1/Documents"; - # fsType = "nfs4"; - # options = [ "comment=systemd.automount" ]; - # }; - # "/mnt/downloads" = { - # device = "whitedwarf.${local-domain}:/volume1/Downloads"; - # fsType = "nfs4"; - # options = [ "comment=systemd.automount" ]; - # }; - "/mnt/music" = { - device = "doraemon.${local-domain}:/volume1/Music"; - fsType = "nfs"; - options = [ "comment=systemd.automount" ]; - }; - "/mnt/video" = { - device = "doraemon.${local-domain}:/volume1/Video"; - fsType = "nfs"; - options = [ "comment=systemd.automount" ]; - }; - # fileSystems."/mnt/security" = { - # device = "panopticon.${local-domain}:/srv/kerberos/data"; - # fsType = "nfs4"; - # }; - "/mnt/cargo_video" = { - device = "cargo.${local-domain}:/volume1/video"; - fsType = "nfs4"; - options = [ "sec=krb5i" "x-systemd.automount" ]; - }; - "/mnt/photo" = { - device = "cargo.${local-domain}:/volume1/pictures"; - fsType = "nfs4"; - options = [ "sec=krb5i" "x-systemd.automount" ]; - }; - - # "proto=tcp" - - # # NOTE: these are pointing directly to nostromo so the krb lookup works - "/net/documents" = { - device = "nostromo.${local-domain}:/export/documents"; - fsType = "nfs4"; - options = [ - "sec=krb5p" - "x-systemd.automount" - # "vers=4" - # "minorversion=2" - # "proto=tcp" - ]; - }; - "/net/downloads" = { - device = "nostromo.${local-domain}:/export/downloads"; - fsType = "nfs4"; - options = [ - "sec=krb5i" - "x-systemd.automount" - # "vers=4" - # "minorversion=2" - # "proto=tcp" - ]; - }; - "/net/projects" = { - device = "nostromo.${local-domain}:/export/projects"; - fsType = "nfs4"; - options = [ - "sec=krb5p" - "x-systemd.automount" - # "vers=4" - # "minorversion=2" - # "proto=tcp" - ]; - }; - }; - - systemd.services = { - host-keytab-watcher = { - wantedBy = [ - "rpc-gssd-override.service" - "rpc-svcgssd-override.service" - "auth-rpcgss-module.service" - ]; - before = [ - "rpc-gssd-override.service" - "rpc-svcgssd-override.service" - "auth-rpcgss-module.service" - ]; - after = [ config.fudo.secrets.secret-target ]; - serviceConfig = { - ExecStartPre = "${pkgs.coreutils}/bin/test -f /etc/krb5.keytab"; - ExecStart = "${pkgs.coreutils}/bin/true"; - TimeoutStartSec = "360"; - RemainAfterExit = true; - Restart = "on-failure"; - RestartSec = "2"; - }; - }; - - auth-rpcgss-module.enable = false; - rpc-gssd.enable = false; - rpc-svcgssd.enable = false; - - auth-rpcgss-module-override = { - description = "Kernel Module supporting RPCSEC_GSS"; - before = [ - "gssproxy.service" - "rpc-svcgssd-override.service" - "rpc-gssd-override.service" - ]; - wantedBy = [ "nfs-client.target" "nfs-server.target" ]; - wants = [ - "gssproxy.service" - "rpc-svcgssd-override.service" - "rpc-gssd-override.service" - "host-keytab-watcher.service" - ]; - after = [ "host-keytab-watcher.service" ]; - partOf = [ "nfs-utils.service" "nfs-server.service" ]; - unitConfig = { - DefaultDependencies = false; - ConditionPathExists = - [ "|!/run/gssproxy.pid" "|!/proc/net/rpc/use-gss-proxy" ]; - }; - serviceConfig = { - Type = "oneshot"; - ExecStart = "${pkgs.kmod}/bin/modprobe -q auth_rpcgss"; - RemainAfterExit = true; - }; - }; - - rpc-gssd-override = { - description = "RPC security service for NFS client and server"; - wantedBy = [ "auth-rpcgss-module.service" ]; - conflicts = [ "umount.target" ]; - after = - [ "host-keytab-watcher.service" "rpc_pipefs.target" "local-fs.target" ]; - wants = [ "host-keytab-watcher.service" ]; - requires = [ "rpc_pipefs.target" ]; - partOf = [ "nfs-utils.service" ]; - unitConfig.DefaultDependencies = false; - serviceConfig = { - Type = "forking"; - ExecStart = "${pkgs.nfs-utils}/bin/rpc.gssd"; - Restart = "always"; - }; - }; - - rpc-svcgssd-override = { - description = "RPC security service for NFS server"; - wantedBy = [ "auth-rpcgss-module.service" ]; - after = - [ "host-keytab-watcher.service" "local-fs.target" "gssproxy.service" ]; - wants = [ "host-keytab-watcher.service" ]; - partOf = [ "nfs-utils.service" "nfs-server.service" ]; - unitConfig = { - DefaultDependencies = false; - ConditionPathExists = - [ "|!/run/gssproxy.pid" "|!/proc/net/rpc/use-gss-proxy" ]; - }; - serviceConfig = { - Type = "forking"; - ExecStart = "${pkgs.nfs-utils}/bin/rpc.svcgssd"; - Restart = "always"; - }; - }; - - rpcbind.after = [ "local-fs.target" ]; - }; - - services.printing = { - enable = true; - drivers = [ pkgs.brgenml1cupswrapper ]; }; } diff --git a/config/site-config/seattle/authelia.nix b/config/site-config/seattle/authelia.nix new file mode 100644 index 0000000..ace3d68 --- /dev/null +++ b/config/site-config/seattle/authelia.nix @@ -0,0 +1,71 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + hostname = config.instance.hostname; + host = config.fudo.hosts."${hostname}"; + domainName = host.domain; + domain = config.fudo.domains."${domainName}"; + + zone = domain.zone; + + autheliaHostname = "authelia.fudo.link"; + + autheliaHost = "nostromo"; + gatewayHost = "limina"; + + autheliaFqdn = pkgs.lib.getHostFqdn autheliaHost; + + autheliaPort = 7065; + + isAuthelia = hostname == autheliaHost; + isProxy = hostname == gatewayHost; + + hostSecrets = config.fudo.secrets.host-secrets."${hostname}"; + +in { + config = { + fudo.zones."${zone}".aliases.authelia = autheliaHost; + + services = { + authelia.instances.seattle = mkIf isAuthelia { + enable = true; + settings = { + server.port = autheliaPort; + default_2fa_method = "webauthn"; + }; + secrets = { + jwtSecretFile = + config.fudo.secrets.files.service-secrets."${hostname}"."authelia.jwt"; + storageEncryptionKeyFile = + config.fudo.secrets.files.service-secrets."${hostname}"."authelia.storage"; + }; + }; + + nginx = mkIf (isProxy || isAuthelia) { + enable = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + + virtualHosts = { + # "${keycloakHostname}" = mkIf isProxy { + # enableACME = true; + # forceSSL = true; + # locations."/" = { + # proxyPass = "http://keycloak.${domainName}:80"; + # proxyWebsockets = true; + # }; + # }; + "authelia.${domainName}" = mkIf isAuthelia { + enableACME = false; + forceSSL = false; + locations."/" = { + proxyPass = "http://localhost:${toString autheliaPort}"; + proxyWebsockets = true; + }; + }; + }; + }; + }; + }; +} diff --git a/config/site-config/seattle/authentik.nix b/config/site-config/seattle/authentik.nix new file mode 100644 index 0000000..0a2d802 --- /dev/null +++ b/config/site-config/seattle/authentik.nix @@ -0,0 +1,56 @@ +{ authentikHost, proxyHost, externalHostname, ... }: + +{ config, lib, pkgs, ... }: + +with lib; +let + hostname = config.instance.hostname; + authentikFqdn = pkgs.lib.getHostFqdn authentikHost; + + isAuthentik = hostname == authentikHost; + isProxy = hostname == proxyHost; + + host = config.fudo.hosts."${hostname}"; + domainName = host.domain; + zoneName = config.fudo.domains."${domainName}".zone; + +in { + config = { + fudo.zones."${zoneName}".aliases.authentik = authentikHost; + services = { + authentikContainer = mkIf (authentikHost == hostname) { + enable = isAuthentik; + images = { + authentik = "ghcr.io/goauthentik/server:2023.6.1"; + postgres = "docker.io/library/postgres:12-alpine"; + redis = "docker.io/library/redis:alpine"; + }; + }; + nginx = mkIf (isProxy || isAuthentik) { + enable = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + virtualHosts = { + "authentik.${domainName}" = mkIf isAuthentik { + enableACME = false; + forceSSL = false; + locations."/" = { + proxyPass = "http://localhost:${ + toString config.services.authentikContainer.ports.http + }"; + proxyWebsockets = true; + }; + }; + "${externalHostname}" = mkIf isProxy { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://authentik.${domainName}:80"; + proxyWebsockets = true; + }; + }; + }; + }; + }; + }; +} diff --git a/config/site-config/seattle/home-assistant.nix b/config/site-config/seattle/home-assistant.nix new file mode 100644 index 0000000..165db80 --- /dev/null +++ b/config/site-config/seattle/home-assistant.nix @@ -0,0 +1,8 @@ +{ homeAsssistantImage, nodeRedImage, ... }: + +{ config, lib, pkgs, ... }: + +with lib; +{ + +} diff --git a/config/site-config/seattle/keycloak.nix b/config/site-config/seattle/keycloak.nix new file mode 100644 index 0000000..9ce191e --- /dev/null +++ b/config/site-config/seattle/keycloak.nix @@ -0,0 +1,112 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + hostname = config.instance.hostname; + host = config.fudo.hosts."${hostname}"; + domainName = host.domain; + domain = config.fudo.domains."${domainName}"; + + zone = domain.zone; + + keycloakHostname = "keycloak.fudo.link"; + + keycloakHost = "nostromo"; + gatewayHost = "limina"; + postgresHost = domain.postgresql-server; + + keycloakFqdn = pkgs.lib.getHostFqdn keycloakHost; + postgresFqdn = pkgs.lib.getHostFqdn postgresHost; + + keycloakPort = 9085; + + isKeycloak = hostname == keycloakHost; + isProxy = hostname == gatewayHost; + isPostgres = hostname == postgresHost; + + hostSecrets = config.fudo.secrets.host-secrets."${hostname}"; + + postgresPasswd = + pkgs.lib.passwd.stablerandom-passwd-file "keycloak-postgres-passwd" + config.instance.build-seed; + +in { + config = { + fudo = { + secrets.host-secrets."${hostname}" = { + keycloak-postgres-passwd = mkIf isKeycloak { + source-file = postgresPasswd; + target-file = "/run/keycloak/postgres.passwd"; + }; + postgres-keycloak-passwd = mkIf isPostgres { + source-file = postgresPasswd; + target-file = "/run/postgres/keycloak.passwd"; + user = config.systemd.services.postgresql.serviceConfig.User; + }; + }; + + zones."${zone}".aliases.keycloak = keycloakHost; + + postgresql = mkIf isPostgres { + required-services = [ "fudo-passwords.target" ]; + + databases.keycloak.users = config.instance.local-admins; + + users.keycloak = { + password-file = hostSecrets.postgres-keycloak-passwd.target-file; + databases.keycloak = { + access = "ALL PRIVILEGES"; + entity-access = { + "ALL TABLES IN SCHEMA public" = "SELECT,INSERT,UPDATE,DELETE"; + "ALL SEQUENCES IN SCHEMA public" = "SELECT,UPDATE"; + }; + }; + }; + }; + }; + + services = { + keycloak = mkIf isKeycloak { + enable = true; + settings = { + http-port = keycloakPort; + hostname = keycloakHostname; + proxy = "edge"; + }; + database = { + host = postgresFqdn; + type = "postgresql"; + name = "keycloak"; + username = "keycloak"; + passwordFile = hostSecrets.keycloak-postgres-passwd.target-file; + useSSL = false; + }; + }; + + nginx = mkIf (isProxy || isKeycloak) { + enable = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + + virtualHosts = { + # "${keycloakHostname}" = mkIf isProxy { + # enableACME = true; + # forceSSL = true; + # locations."/" = { + # proxyPass = "http://keycloak.${domainName}:80"; + # proxyWebsockets = true; + # }; + # }; + "keycloak.${domainName}" = mkIf isKeycloak { + enableACME = false; + forceSSL = false; + locations."/" = { + proxyPass = "http://localhost:${toString keycloakPort}"; + proxyWebsockets = true; + }; + }; + }; + }; + }; + }; +} diff --git a/config/site-config/worldstream-1.nix b/config/site-config/worldstream-1.nix new file mode 100644 index 0000000..865d469 --- /dev/null +++ b/config/site-config/worldstream-1.nix @@ -0,0 +1,5 @@ +{ config, lib, pkgs, ... }: + +{ + +} diff --git a/config/users.nix b/config/users.nix index 00f931b..ea62f0d 100644 --- a/config/users.nix +++ b/config/users.nix @@ -1,523 +1,652 @@ { config, lib, pkgs, ... }: -{ - config.fudo.users = { - niten = { - uid = 10000; - primary-group = "admin"; - common-name = "Peter Selby"; - ldap-hashed-passwd = "{SSHA}dF/5NGkafL8M1kpa3LYZKdh0Pc7a02gA"; - login-hashed-passwd = - "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/"; - ssh-authorized-keys = [ - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFPoobMZkyOmotVUMTFMYGOoDjZ++yMnf/S6JWCDj+9DAAAABHNzaDo= niten@system3" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0= niten@socrates" - ]; - home-directory = "/home/niten"; - k5login = [ - "niten/root@FUDO.ORG" - "niten/admin@FUDO.ORG" - "niten@INFORMIS.LAND" - "niten/root@INFORMIS.LAND" - "niten/admin@INFORMIS.LAND" - "niten@RUS.SELBY.CA" - "niten/root@RUS.SELBY.CA" - ]; - email = "niten@fudo.org"; - email-aliases = [ - "ertian@fudo.org" - "peter@fudo.org" - "peter@fudo.link" - "pselby@fudo.org" - "yiliu@fudo.org" - "forum@selby.ca" +with lib; { + config.fudo.users = let + users = { + niten = { + uid = 10000; + primary-group = "admin"; + common-name = "Peter Selby"; + given-name = "Peter"; + surname = "Selby"; + ldap-hashed-passwd = "{SSHA}dF/5NGkafL8M1kpa3LYZKdh0Pc7a02gA"; + login-hashed-passwd = + "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/"; + ssh-authorized-keys = [ + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFPoobMZkyOmotVUMTFMYGOoDjZ++yMnf/S6JWCDj+9DAAAABHNzaDo= niten@system3" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0= niten@socrates" + ]; + home-directory = "/home/niten"; + k5login = [ + "niten/root@FUDO.ORG" + "niten/admin@FUDO.ORG" + "niten@INFORMIS.LAND" + "niten/root@INFORMIS.LAND" + "niten/admin@INFORMIS.LAND" + "niten@RUS.SELBY.CA" + "niten/root@RUS.SELBY.CA" + ]; + email = "niten@fudo.org"; + email-aliases = [ + "ertian@fudo.org" + "peter@fudo.org" + "peter@fudo.link" + "pselby@fudo.org" + "yiliu@fudo.org" - "peter@selby.ca" + "yiliu@informis.land" + "advena@informis.land" - # Used to create spotify accounts for Google Home & Tesla - "tesla@fudo.org" - "seattle-home@fudo.org" - ]; + "forum@selby.ca" + "peter@selby.ca" + + # Used to create spotify accounts for Google Home & Tesla + "tesla@fudo.org" + "seattle-home@fudo.org" + ]; + }; + + andrew = { + uid = 10001; + primary-group = "selby"; + common-name = "Andrew Selby"; + given-name = "Andrew"; + surname = "Selby"; + ldap-hashed-passwd = ""; + }; + + animus = { + uid = 10002; + primary-group = "fudo"; + common-name = "James Frazer"; + given-name = "James"; + surname = "Frazer"; + ldap-hashed-passwd = ""; + }; + + ark = { + uid = 10005; + primary-group = "fudo"; + common-name = "Roger Wong"; + given-name = "Roger"; + surname = "Wong"; + ldap-hashed-passwd = ""; + }; + + ben = { + uid = 10007; + primary-group = "fudo"; + common-name = "Ben"; + ldap-hashed-passwd = "{MD5}v0jY5bADu30cAR1Uu/eWYQ=="; + }; + + chad = { + uid = 10011; + primary-group = "fudo"; + common-name = "Chad Isbister"; + given-name = "Chad"; + surname = "Isbister"; + ldap-hashed-passwd = "{MD5}fQ309GUF2DvHlJ3R+5wNuA=="; + }; + + ckoo = { + uid = 10014; + primary-group = "fudo"; + common-name = "Jason Bush"; + given-name = "Jason"; + surname = "Bush"; + ldap-hashed-passwd = "{MD5}KMFeaBc7e/gVzL/QUT0mYw=="; + }; + + dana = { + uid = 10015; + primary-group = "fudo"; + common-name = "Dana Eftodie"; + given-name = "Dana"; + surname = "Eftodie"; + ldap-hashed-passwd = "{MD5}+ijTylKau4uot2kGMqKSTA=="; + }; + + jill = { + uid = 10030; + primary-group = "fudo"; + common-name = "Jill Isbister"; + given-name = "Jill"; + surname = "Isbister"; + ldap-hashed-passwd = "{MD5}fQ309GUF2DvHlJ3R+5wNuA=="; + }; + + joker4ever = { + uid = 10033; + primary-group = "fudo"; + common-name = "Jack Clarke"; + given-name = "Jack"; + surname = "Clarke"; + ldap-hashed-passwd = "{SSHA}w78XwSax9WywIDujMxEoO7o87d2LDJRo"; + }; + + ken = { + uid = 10035; + primary-group = "selby"; + common-name = "Ken Selby"; + given-name = "Ken"; + surname = "Selby"; + ldap-hashed-passwd = "{SSHA}ohRfhWED/qq5NIH8pqgHMQlbpPWVkH/m"; + login-hashed-passwd = + "$6$f/0esIm0sxh36VCa$XJ1xFAquJTRW02W1GKqNDT0H.ufjx0yK2tiywhkW.QBi7P0AvShCDPVCFN59pQvYH7C5Q4ixX9VWLnufIU/9B1"; + email-aliases = [ "kselby@selby.ca" ]; + }; + + reaper = { + uid = 10049; + primary-group = "admin"; + common-name = "Jonathan Stewart"; + given-name = "Jonathan"; + surname = "Stewart"; + ldap-hashed-passwd = "{MD5}EBvifhJ6z9dIDx0KWkAPoQ=="; + login-hashed-passwd = + "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/"; + home-directory = "/home/reaper"; + k5login = + [ "reaper@FUDO.ORG" "reaper/root@FUDO.ORG" "reaper/admin@FUDO.ORG" ]; + email = "reaper@fudo.org"; + email-aliases = [ + "cricket@fudo.org" + "jstewart@fudo.org" + "jonathan@fudo.org" + "reaper@fudo.link" + ]; + }; + + slickoil = { + uid = 10052; + primary-group = "fudo"; + common-name = "Connor Cooley"; + given-name = "Connor"; + surname = "Cooley"; + ldap-hashed-passwd = "{MD5}8Qrpagi8TYnZQdFoYe02rA=="; + }; + + splat1 = { + uid = 10053; + primary-group = "fudo"; + common-name = "Matt Evans"; + given-name = "Matt"; + surname = "Evans"; + ldap-hashed-passwd = "{MD5}JeHNutGTBMHOqFgVlYjfpw=="; + }; + + swaff = { + uid = 10055; + primary-group = "fudo"; + common-name = "Mark Swaffer"; + given-name = "Mark"; + surname = "Swaffer"; + ldap-hashed-passwd = "{MD5}C5gIsLsaKSvIPydu4uzhNg=="; + email-aliases = [ "mark@fudo.org" ]; + }; + + brian = { + uid = 10056; + primary-group = "selby"; + common-name = "Brian Selby"; + given-name = "Brian"; + surname = "Selby"; + ldap-hashed-passwd = "{crypt}$1$npZLTPEO$p2bTx8TTlCg7XNiivTJsC1"; + }; + + rob = { + uid = 10057; + primary-group = "selby"; + common-name = "Robert Selby"; + given-name = "Robert"; + surname = "Selby"; + ldap-hashed-passwd = "{crypt}HD1ESf1hAGdks"; + }; + + tarbash = { + uid = 10059; + primary-group = "fudo"; + common-name = "Neville"; + ldap-hashed-passwd = "{crypt}$1$cE6lVNbC$PLjlE9vK77SKNKwJBKiT//"; + }; + + darryl = { + uid = 10060; + primary-group = "selby"; + common-name = "Darryl Kissick"; + given-name = "Darryl"; + surname = "Kissick"; + ldap-hashed-passwd = "{crypt}$1$oUNTMyKU$oUs6JqBRTPKE9A/sEzlSY0"; + }; + + ayumi = { + uid = 10061; + primary-group = "fudo"; + common-name = "Ayumi Kira"; + given-name = "Ayumi"; + surname = "Kira"; + ldap-hashed-passwd = "{MD5}5OkpooOLxw94nF1lOfn/ZQ=="; + }; + + saphira = { + uid = 10063; + primary-group = "fudo"; + common-name = "Elizabeth Stewart"; + given-name = "Elizabeth"; + surname = "Stewart"; + ldap-hashed-passwd = "{crypt}$1$cQ/Zq25x$fUQfUtpMB.f3rBWzttPns."; + }; + + banen = { + uid = 10064; + primary-group = "fudo"; + common-name = "Travis Neis"; + given-name = "Travis"; + surname = "Neis"; + ldap-hashed-passwd = "{crypt}$1$cyfM/Vni$vIuirRln.MnWActOR6t8S."; + }; + + xiaoxuan = { + uid = 10065; + primary-group = "fudo"; + common-name = "Xiaoxuan Jin"; + given-name = "Xiaoxuan"; + surname = "Jin"; + ldap-hashed-passwd = "{SSHA}04fLLUmqNUpOUJi3IBEja8bFNm0S6W60"; + login-hashed-passwd = + "$6$C8lYHrK7KvdKm/RE$cHZ2hg5gEOEjTV8Zoayik8sz5h.Vh0.ClCgOlQn8l/2Qx/qdxqZ7xCsAZ1GZ.IEyESfhJeJbjLpykXDwPpfVF0"; + email = "xiaoxuan@fudo.org"; + email-aliases = [ + "xixi@fudo.org" + "claire@fudo.org" + + "xixi@selby.ca" + "claire@selby.ca" + ]; + }; + + thibor = { + uid = 10066; + primary-group = "fudo"; + common-name = "Thibor"; + ldap-hashed-passwd = "{crypt}$1$HzQOn3zV$ogkeS5ByWrFstYo0FhXB/."; + }; + + flowchart = { + uid = 10067; + primary-group = "fudo"; + common-name = "BH Bieterse"; + given-name = "BH"; + surname = "Bieterse"; + ldap-hashed-passwd = "{crypt}$1$lQMZ42RZ$aAOsLHP0i.yfvD1a1EVsA/"; + }; + + gubbs = { + uid = 10068; + primary-group = "fudo"; + common-name = "Lorcan Gavin"; + given-name = "Lorcan"; + surname = "Gavin"; + ldap-hashed-passwd = "{MD5}AIf4bJZyHCnvJVL3YHRnIg=="; + }; + + debo = { + uid = 10069; + primary-group = "fudo"; + common-name = "Deborah Osti"; + given-name = "Deborah"; + surname = "Osti"; + ldap-hashed-passwd = "{crypt}$1$5wEBGh/8$Ggp2JAI/rQiBXxJ89G0iq1"; + }; + + leefolio = { + uid = 10070; + primary-group = "fudo"; + common-name = "Ze Artiste"; + given-name = "Ze"; + surname = "Artiste"; + ldap-hashed-passwd = "{crypt}$1$LRlAYBst$sS1bPu8yEPrdYkQhoZhAq1"; + }; + + zimm = { + uid = 10071; + primary-group = "fudo"; + common-name = "Ross Drinkwater"; + given-name = "Ross"; + surname = "Drinkwater"; + ldap-hashed-passwd = "{SSHA}er1cgYDNPJsfLwtqYLopKMGMxiZZRGdY"; + }; + + gaijin = { + uid = 10072; + primary-group = "fudo"; + common-name = "Tetsuo Torigai"; + given-name = "Tetsuo"; + surname = "Torigai"; + ldap-hashed-passwd = "{crypt}$1$bw8hyDXm$pMLLUtlDlVLwBTZiC0Lzf0"; + }; + + anorthe = { + uid = 10073; + primary-group = "fudo"; + common-name = "Bonnie Wong"; + given-name = "Bonnie"; + surname = "Wong"; + ldap-hashed-passwd = "{crypt}$1$DORfHzbp$nJkk0OXd7WzYDxx8LbdMK."; + }; + + stewartd = { + uid = 10076; + primary-group = "fudo"; + common-name = "Dwight Stewart"; + given-name = "Dwight"; + surname = "Stewart"; + ldap-hashed-passwd = "{MD5}e2GSmH+l4ZZ808snWsFNYw=="; + }; + + jess = { + uid = 10078; + primary-group = "selby"; + common-name = "Jessica Selby"; + given-name = "Jessica"; + surname = "Selby"; + ldap-hashed-passwd = "{MD5}2tbtZre16apUTNtRIK98nQ=="; + }; + + kevin = { + uid = 10079; + primary-group = "selby"; + common-name = "Kevin Selby"; + given-name = "Kevin"; + surname = "Selby"; + ldap-hashed-passwd = "{crypt}$1$UYKrkMEe$SAABgc1pCBYgPFIMepNrM."; + }; + + theblacksun = { + uid = 10080; + primary-group = "fudo"; + common-name = "Brendan Goodfellow"; + given-name = "Brendan"; + surname = "Goodfellow"; + ldap-hashed-passwd = "{MD5}Hmw6pFYYT87nmpLp0QxcQw=="; + }; + + kris = { + uid = 10082; + primary-group = "selby"; + common-name = "Kris Huberdeau"; + given-name = "Kris"; + surname = "Huberdeau"; + ldap-hashed-passwd = "{SSHA}RUYeAEUyblnCWa9uBzY9nwsmoksy8P3Y"; + }; + + jun = { + uid = 10083; + primary-group = "fudo"; + common-name = "Junichi Suzuki"; + given-name = "Junichi"; + surname = "Suzuki"; + ldap-hashed-passwd = "{crypt}$1$ExfgQXb8$b1ihvMRbG2dWbnlmzzI/h."; + }; + + jinny = { + uid = 10084; + primary-group = "fudo"; + common-name = "Hye-jin Kim"; + given-name = "Hye-jin"; + surname = "Kim"; + ldap-hashed-passwd = "{crypt}$1$6cld82N8$5a9ovCPXSacDmK3TWDaF30"; + }; + + helen = { + uid = 10086; + primary-group = "selby"; + common-name = "Helen Selby"; + given-name = "Helen"; + surname = "Selby"; + ldap-hashed-passwd = "{SSHA}G/qhBqHiCRSi+LdwyUesMH7StM5J6wZI"; + # ldap-hashed-passwd = "{SSHA}uckUXX09MjYq9++sF3f9b2IY8a9UBIxm"; + }; + + vee = { + uid = 10087; + primary-group = "selby"; + common-name = "Vee Selby"; + given-name = "Vee"; + surname = "Selby"; + ldap-hashed-passwd = "snoinuer"; + email-aliases = [ "virginia@selby.ca" ]; + }; + + dabar = { + uid = 10088; + primary-group = "fudo"; + common-name = "Dan Bernardic"; + given-name = "Dan"; + surname = "Bernardic"; + ldap-hashed-passwd = "{MD5}ULrk46YUeUZQrl0+wAQiWA=="; + }; + + r3d3 = { + uid = 10089; + primary-group = "fudo"; + common-name = "Derek Veroni"; + given-name = "Derek"; + surname = "Veroni"; + ldap-hashed-passwd = "{SHA}2XyijGDovUhA1/Z/XR+9h9Ia4fY="; + }; + + laura = { + uid = 10090; + primary-group = "selby"; + common-name = "Laura Selby"; + given-name = "Laura"; + surname = "Selby"; + ldap-hashed-passwd = "{MD5}MI65czN0duIudMhYH+BU9Q=="; + }; + + tuk = { + uid = 10091; + primary-group = "fudo"; + common-name = "Taku Koba"; + given-name = "Taku"; + surname = "Koba"; + ldap-hashed-passwd = "{MD5}DQuoQluy50128r8MxAmFkQ=="; + }; + + aki = { + uid = 10092; + primary-group = "fudo"; + common-name = "Akihito Mori"; + given-name = "Akihito"; + surname = "Mori"; + ldap-hashed-passwd = "{MD5}oGAt2kJGKMqX+CmfV1w/GA=="; + }; + + ansyg = { + uid = 10095; + primary-group = "fudo"; + common-name = "Anseok Joo"; + given-name = "Anseok"; + surname = "Joo"; + ldap-hashed-passwd = "{MD5}AHhHl02D3uDmWhPJZ6QPOw=="; + }; + + jackie = { + uid = 10097; + primary-group = "selby"; + common-name = "Jackie Selby"; + given-name = "Jackie"; + surname = "Selby"; + ldap-hashed-passwd = "{MD5}fa6JfWySlH63sITsxrTt0Q=="; + }; + + mtopf = { + uid = 10100; + primary-group = "fudo"; + common-name = "Michael Topf"; + given-name = "Michael"; + surname = "Topf"; + ldap-hashed-passwd = "{MD5}/pleD8SiLhmnRr1RVspNcA=="; + }; + + tat = { + uid = 10101; + primary-group = "fudo"; + common-name = "Tatsuro Akano"; + given-name = "Tatsuro"; + surname = "Akano"; + ldap-hashed-passwd = "{MD5}fAV5GX8UdjsXIFjU0Ex4SA=="; + }; + + blatzkrieg = { + uid = 10102; + primary-group = "fudo"; + common-name = "Brendan Blatz"; + given-name = "Brendan"; + surname = "Blatz"; + ldap-hashed-passwd = "{MD5}1nE/ndFwGbfH/wLagxvt8w=="; + }; + + ellie = { + uid = 10103; + primary-group = "fudo"; + common-name = "Ellie Lee"; + given-name = "Ellie"; + surname = "Lee"; + ldap-hashed-passwd = "{MD5}gzjwt+kw2nmvJ1FKFTpSZA=="; + }; + + alan = { + uid = 10104; + primary-group = "fudo"; + common-name = "Alan Wong"; + given-name = "Alan"; + surname = "Wong"; + ldap-hashed-passwd = "{MD5}WhohVE4xfo9RIOw1kG3s1Q=="; + }; + + omefire = { + uid = 10105; + primary-group = "fudo"; + common-name = "Omar Mefire"; + given-name = "Omar"; + surname = "Mefire"; + ldap-hashed-passwd = "{SSHA}W6KWo26wl/nawpV++wMqsKdwrIwrait5"; + }; + + gordon = { + uid = 10106; + primary-group = "fudo"; + common-name = "Gordon Stewart"; + given-name = "Gordon"; + surname = "Stewart"; + ldap-hashed-passwd = "{SSHA}jaCOc1ZjCI9klVR+v676lIBOidEg7/u0"; + }; + + jeramy = { + uid = 10107; + primary-group = "selby"; + common-name = "Jeramy Ewbank"; + given-name = "Jeramy"; + surname = "Ewbank"; + ldap-hashed-passwd = "{MD5}8j8vTniyRzylmeTNUoRwWA=="; + }; + + lauren = { + uid = 10108; + primary-group = "selby"; + common-name = "Lauren Hotel"; + given-name = "Lauren"; + surname = "Hotel"; + ldap-hashed-passwd = "{SSHA}1q/MC5LKROlIT1nDrKrMvcFAXFtcQXIR"; + # ldap-hashed-passwd = "{SSHA}DKnhrycmXSu4HKWFPeBXA9xvZ0ytgXIpZA10tg=="; + }; + + # Used to send alerts from grafana + metrics = { + uid = 10109; + primary-group = "fudo"; + common-name = "Fudo Metrics"; + ldap-hashed-passwd = "{SSHA}FveEVy6kljQZey0xp0nF62SMlO5nATJ1"; + }; + + testuser = { + uid = 10110; + primary-group = "fudo"; + common-name = "Test User"; + ldap-hashed-passwd = "{SSHA}LSz1WjWfjRwAM3xm+QZ71vFj997dnZC6"; + }; + + # Used to send messages from the chat server + # chat = { + # uid = 10111; + # primary-group = "fudo"; + # common-name = "Fudo Chat"; + # ldap-hashed-passwd = "{SSHA}XDYAM2JE4PXssywRzO4tVSbn5lUZOgg7"; + # }; + + kevinyinjunjie = { + uid = 10112; + primary-group = "fudo"; + common-name = "Kevin"; + given-name = "Kevin"; + surname = "Yin"; + ldap-hashed-passwd = "{SSHA}1onx6HPMKCJvmLnRf1tiWFJ1D92DEtnl"; + }; + + netinfo = { + uid = 10113; + primary-group = "fudo"; + common-name = "Network Info Mailer"; + ldap-hashed-passwd = "{SSHA}UQHfW0IzjIbRU6VV+DraxvZFWt0to3oc"; + }; + + selby-forum = { + uid = 10114; + primary-group = "selby"; + common-name = "Selby Forum"; + ldap-hashed-passwd = "{SSHA}f7eDNuwFXRhvants5cJJ/FGtkCKheY2Q"; + }; + + viator = { + uid = 10115; + primary-group = "informis"; + common-name = "Viator"; + ldap-hashed-passwd = "{SSHA}dF/5NGkafL8M1kpa3LYZKdh0Pc7a02gA"; + login-hashed-passwd = + "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/"; + email = "viator@informis.land"; + }; + + jasper = { + uid = 10116; + primary-group = "selby"; + common-name = "Jasper Selby"; + given-name = "Jasper"; + surname = "Selby"; + # login-hashed-passwd = "$6$ggREeoA2HUmXDDbh$zPEyroAAiSPKseTb.qt4ByLaYBhV08x0hqOz4dnt4wEqcaWtOpBt3UoTpHxyDc2/inMzkRggBwfr.Zm0vI7mp1"; + # ldap-hashed-passwd = "{SSHA}5OCmPaKrkEG3Q4DOWibsPweuBShsMAz2"; + login-hashed-passwd = + "$6$odSNyA1T5bQRIXUd$LsCeR8rjC5pyNxesSR9eGVoa9wy1jwaPDyjOlB9ZQl3fzpRP6biNieXbjRWAfew8FgAImtB5beVCmXIc1085g."; + ldap-hashed-passwd = "{SSHA}mok5LrQtJ4pny2QTaN3sMmOZx6X0eg5R"; + email = "jasper@selby.ca"; + }; }; - andrew = { - uid = 10001; - primary-group = "selby"; - common-name = "Andrew Selby"; - ldap-hashed-passwd = ""; + groupDomainMap = { + fudo = "fudo.org"; + selby = "selby.ca"; + informis = "informis.land"; }; - animus = { - uid = 10002; - primary-group = "fudo"; - common-name = "James Frazer"; - ldap-hashed-passwd = ""; - }; - - ark = { - uid = 10005; - primary-group = "fudo"; - common-name = "Roger Wong"; - ldap-hashed-passwd = ""; - }; - - ben = { - uid = 10007; - primary-group = "fudo"; - common-name = "Ben"; - ldap-hashed-passwd = "{MD5}v0jY5bADu30cAR1Uu/eWYQ=="; - }; - - chad = { - uid = 10011; - primary-group = "fudo"; - common-name = "Chad Isbister"; - ldap-hashed-passwd = "{MD5}fQ309GUF2DvHlJ3R+5wNuA=="; - }; - - ckoo = { - uid = 10014; - primary-group = "fudo"; - common-name = "Jason Bush"; - ldap-hashed-passwd = "{MD5}KMFeaBc7e/gVzL/QUT0mYw=="; - }; - - dana = { - uid = 10015; - primary-group = "fudo"; - common-name = "Dana Eftodie"; - ldap-hashed-passwd = "{MD5}+ijTylKau4uot2kGMqKSTA=="; - }; - - jill = { - uid = 10030; - primary-group = "fudo"; - common-name = "Jill Isbister"; - ldap-hashed-passwd = "{MD5}fQ309GUF2DvHlJ3R+5wNuA=="; - }; - - joker4ever = { - uid = 10033; - primary-group = "fudo"; - common-name = "Jack Clarke"; - ldap-hashed-passwd = "{SSHA}w78XwSax9WywIDujMxEoO7o87d2LDJRo"; - }; - - ken = { - uid = 10035; - primary-group = "selby"; - common-name = "Ken Selby"; - ldap-hashed-passwd = "{SSHA}ohRfhWED/qq5NIH8pqgHMQlbpPWVkH/m"; - login-hashed-passwd = - "$6$f/0esIm0sxh36VCa$XJ1xFAquJTRW02W1GKqNDT0H.ufjx0yK2tiywhkW.QBi7P0AvShCDPVCFN59pQvYH7C5Q4ixX9VWLnufIU/9B1"; - email-aliases = [ "kselby@selby.ca" ]; - }; - - reaper = { - uid = 10049; - primary-group = "admin"; - common-name = "Jonathan Stewart"; - ldap-hashed-passwd = "{MD5}EBvifhJ6z9dIDx0KWkAPoQ=="; - login-hashed-passwd = - "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/"; - home-directory = "/home/reaper"; - k5login = - [ "reaper@FUDO.ORG" "reaper/root@FUDO.ORG" "reaper/admin@FUDO.ORG" ]; - email = "reaper@fudo.org"; - email-aliases = [ - "cricket@fudo.org" - "jstewart@fudo.org" - "jonathan@fudo.org" - "reaper@fudo.link" - ]; - }; - - slickoil = { - uid = 10052; - primary-group = "fudo"; - common-name = "Connor Cooley"; - ldap-hashed-passwd = "{MD5}8Qrpagi8TYnZQdFoYe02rA=="; - }; - - splat1 = { - uid = 10053; - primary-group = "fudo"; - common-name = "Matt Evans"; - ldap-hashed-passwd = "{MD5}JeHNutGTBMHOqFgVlYjfpw=="; - }; - - swaff = { - uid = 10055; - primary-group = "fudo"; - common-name = "Mark Swaffer"; - ldap-hashed-passwd = "{MD5}C5gIsLsaKSvIPydu4uzhNg=="; - email-aliases = [ "mark@fudo.org" ]; - }; - - brian = { - uid = 10056; - primary-group = "selby"; - common-name = "Brian Selby"; - ldap-hashed-passwd = "{crypt}$1$npZLTPEO$p2bTx8TTlCg7XNiivTJsC1"; - }; - - rob = { - uid = 10057; - primary-group = "selby"; - common-name = "Robert Selby"; - ldap-hashed-passwd = "{crypt}HD1ESf1hAGdks"; - }; - - tarbash = { - uid = 10059; - primary-group = "fudo"; - common-name = "Neville"; - ldap-hashed-passwd = "{crypt}$1$cE6lVNbC$PLjlE9vK77SKNKwJBKiT//"; - }; - - darryl = { - uid = 10060; - primary-group = "selby"; - common-name = "Darryl Kissick"; - ldap-hashed-passwd = "{crypt}$1$oUNTMyKU$oUs6JqBRTPKE9A/sEzlSY0"; - }; - - ayumi = { - uid = 10061; - primary-group = "fudo"; - common-name = "Ayumi Kira"; - ldap-hashed-passwd = "{MD5}5OkpooOLxw94nF1lOfn/ZQ=="; - }; - - saphira = { - uid = 10063; - primary-group = "fudo"; - common-name = "Elizabeth Stewart"; - ldap-hashed-passwd = "{crypt}$1$cQ/Zq25x$fUQfUtpMB.f3rBWzttPns."; - }; - - banen = { - uid = 10064; - primary-group = "fudo"; - common-name = "Travis Neis"; - ldap-hashed-passwd = "{crypt}$1$cyfM/Vni$vIuirRln.MnWActOR6t8S."; - }; - - xiaoxuan = { - uid = 10065; - primary-group = "fudo"; - common-name = "Xiaoxuan Jin"; - ldap-hashed-passwd = "{SSHA}04fLLUmqNUpOUJi3IBEja8bFNm0S6W60"; - login-hashed-passwd = - "$6$C8lYHrK7KvdKm/RE$cHZ2hg5gEOEjTV8Zoayik8sz5h.Vh0.ClCgOlQn8l/2Qx/qdxqZ7xCsAZ1GZ.IEyESfhJeJbjLpykXDwPpfVF0"; - email = "xiaoxuan@fudo.org"; - email-aliases = [ - "xixi@fudo.org" - "claire@fudo.org" - - "xixi@selby.ca" - "claire@selby.ca" - ]; - }; - - thibor = { - uid = 10066; - primary-group = "fudo"; - common-name = ""; - ldap-hashed-passwd = "{crypt}$1$HzQOn3zV$ogkeS5ByWrFstYo0FhXB/."; - }; - - flowchart = { - uid = 10067; - primary-group = "fudo"; - common-name = "BH Bieterse"; - ldap-hashed-passwd = "{crypt}$1$lQMZ42RZ$aAOsLHP0i.yfvD1a1EVsA/"; - }; - - gubbs = { - uid = 10068; - primary-group = "fudo"; - common-name = "Lorcan Gavin"; - ldap-hashed-passwd = "{MD5}AIf4bJZyHCnvJVL3YHRnIg=="; - }; - - debo = { - uid = 10069; - primary-group = "fudo"; - common-name = "Deborah Osti"; - ldap-hashed-passwd = "{crypt}$1$5wEBGh/8$Ggp2JAI/rQiBXxJ89G0iq1"; - }; - - leefolio = { - uid = 10070; - primary-group = "fudo"; - common-name = "Ze Artiste"; - ldap-hashed-passwd = "{crypt}$1$LRlAYBst$sS1bPu8yEPrdYkQhoZhAq1"; - }; - - zimm = { - uid = 10071; - primary-group = "fudo"; - common-name = "Ross Drinkwater"; - ldap-hashed-passwd = "{SSHA}er1cgYDNPJsfLwtqYLopKMGMxiZZRGdY"; - }; - - gaijin = { - uid = 10072; - primary-group = "fudo"; - common-name = "Tetsuo Torigai"; - ldap-hashed-passwd = "{crypt}$1$bw8hyDXm$pMLLUtlDlVLwBTZiC0Lzf0"; - }; - - anorthe = { - uid = 10073; - primary-group = "fudo"; - common-name = "Bonnie Wong"; - ldap-hashed-passwd = "{crypt}$1$DORfHzbp$nJkk0OXd7WzYDxx8LbdMK."; - }; - - stewartd = { - uid = 10076; - primary-group = "fudo"; - common-name = "Dwight Stewart"; - ldap-hashed-passwd = "{MD5}e2GSmH+l4ZZ808snWsFNYw=="; - }; - - jess = { - uid = 10078; - primary-group = "selby"; - common-name = "Jessica Selby"; - ldap-hashed-passwd = "{MD5}2tbtZre16apUTNtRIK98nQ=="; - }; - - kevin = { - uid = 10079; - primary-group = "selby"; - common-name = "Kevin Selby"; - ldap-hashed-passwd = "{crypt}$1$UYKrkMEe$SAABgc1pCBYgPFIMepNrM."; - }; - - theblacksun = { - uid = 10080; - primary-group = "fudo"; - common-name = "Brendan Goodfellow"; - ldap-hashed-passwd = "{MD5}Hmw6pFYYT87nmpLp0QxcQw=="; - }; - - kris = { - uid = 10082; - primary-group = "selby"; - common-name = "Kris Huberdeau"; - ldap-hashed-passwd = "{SSHA}RUYeAEUyblnCWa9uBzY9nwsmoksy8P3Y"; - }; - - jun = { - uid = 10083; - primary-group = "fudo"; - common-name = "Junichi Suzuki"; - ldap-hashed-passwd = "{crypt}$1$ExfgQXb8$b1ihvMRbG2dWbnlmzzI/h."; - }; - - jinny = { - uid = 10084; - primary-group = "fudo"; - common-name = "Hye-jin Kim"; - ldap-hashed-passwd = "{crypt}$1$6cld82N8$5a9ovCPXSacDmK3TWDaF30"; - }; - - helen = { - uid = 10086; - primary-group = "selby"; - common-name = "Helen Selby"; - ldap-hashed-passwd = "{SSHA}G/qhBqHiCRSi+LdwyUesMH7StM5J6wZI"; - # ldap-hashed-passwd = "{SSHA}uckUXX09MjYq9++sF3f9b2IY8a9UBIxm"; - }; - - vee = { - uid = 10087; - primary-group = "selby"; - common-name = "Vee Selby"; - ldap-hashed-passwd = "snoinuer"; - email-aliases = [ "virginia@selby.ca" ]; - }; - - dabar = { - uid = 10088; - primary-group = "fudo"; - common-name = "Dan Bernardic"; - ldap-hashed-passwd = "{MD5}ULrk46YUeUZQrl0+wAQiWA=="; - }; - - r3d3 = { - uid = 10089; - primary-group = "fudo"; - common-name = "Derek Veroni"; - ldap-hashed-passwd = "{SHA}2XyijGDovUhA1/Z/XR+9h9Ia4fY="; - }; - - laura = { - uid = 10090; - primary-group = "selby"; - common-name = "Laura Selby"; - ldap-hashed-passwd = "{MD5}MI65czN0duIudMhYH+BU9Q=="; - }; - - tuk = { - uid = 10091; - primary-group = "fudo"; - common-name = "Taku Koba"; - ldap-hashed-passwd = "{MD5}DQuoQluy50128r8MxAmFkQ=="; - }; - - aki = { - uid = 10092; - primary-group = "fudo"; - common-name = "Akihito Mori"; - ldap-hashed-passwd = "{MD5}oGAt2kJGKMqX+CmfV1w/GA=="; - }; - - ansyg = { - uid = 10095; - primary-group = "fudo"; - common-name = "Anseok Joo"; - ldap-hashed-passwd = "{MD5}AHhHl02D3uDmWhPJZ6QPOw=="; - }; - - jackie = { - uid = 10097; - primary-group = "selby"; - common-name = "Jackie Selby"; - ldap-hashed-passwd = "{MD5}fa6JfWySlH63sITsxrTt0Q=="; - }; - - mtopf = { - uid = 10100; - primary-group = "fudo"; - common-name = "Michael Topf"; - ldap-hashed-passwd = "{MD5}/pleD8SiLhmnRr1RVspNcA=="; - }; - - tat = { - uid = 10101; - primary-group = "fudo"; - common-name = "Tatsuro Akano"; - ldap-hashed-passwd = "{MD5}fAV5GX8UdjsXIFjU0Ex4SA=="; - }; - - blatzkrieg = { - uid = 10102; - primary-group = "fudo"; - common-name = "Brendan Blatz"; - ldap-hashed-passwd = "{MD5}1nE/ndFwGbfH/wLagxvt8w=="; - }; - - ellie = { - uid = 10103; - primary-group = "fudo"; - common-name = "Ellie Lee"; - ldap-hashed-passwd = "{MD5}gzjwt+kw2nmvJ1FKFTpSZA=="; - }; - - alan = { - uid = 10104; - primary-group = "fudo"; - common-name = "Alan Wong"; - ldap-hashed-passwd = "{MD5}WhohVE4xfo9RIOw1kG3s1Q=="; - }; - - omefire = { - uid = 10105; - primary-group = "fudo"; - common-name = "Omar Mefire"; - ldap-hashed-passwd = "{SSHA}W6KWo26wl/nawpV++wMqsKdwrIwrait5"; - }; - - gordon = { - uid = 10106; - primary-group = "fudo"; - common-name = "Gordon Stewart"; - ldap-hashed-passwd = "{SSHA}jaCOc1ZjCI9klVR+v676lIBOidEg7/u0"; - }; - - jeramy = { - uid = 10107; - primary-group = "selby"; - common-name = "Jeramy Ewbank"; - ldap-hashed-passwd = "{MD5}8j8vTniyRzylmeTNUoRwWA=="; - }; - - lauren = { - uid = 10108; - primary-group = "selby"; - common-name = "Lauren Hotel"; - ldap-hashed-passwd = "{SSHA}1q/MC5LKROlIT1nDrKrMvcFAXFtcQXIR"; - # ldap-hashed-passwd = "{SSHA}DKnhrycmXSu4HKWFPeBXA9xvZ0ytgXIpZA10tg=="; - }; - - # Used to send alerts from grafana - metrics = { - uid = 10109; - primary-group = "fudo"; - common-name = "Fudo Metrics"; - ldap-hashed-passwd = "{SSHA}FveEVy6kljQZey0xp0nF62SMlO5nATJ1"; - }; - - testuser = { - uid = 10110; - primary-group = "fudo"; - common-name = "Test User"; - ldap-hashed-passwd = "{SSHA}LSz1WjWfjRwAM3xm+QZ71vFj997dnZC6"; - }; - - # Used to send messages from the chat server - # chat = { - # uid = 10111; - # primary-group = "fudo"; - # common-name = "Fudo Chat"; - # ldap-hashed-passwd = "{SSHA}XDYAM2JE4PXssywRzO4tVSbn5lUZOgg7"; - # }; - - kevinyinjunjie = { - uid = 10112; - primary-group = "fudo"; - common-name = "Kevin"; - ldap-hashed-passwd = "{SSHA}1onx6HPMKCJvmLnRf1tiWFJ1D92DEtnl"; - }; - - netinfo = { - uid = 10113; - primary-group = "fudo"; - common-name = "Network Info Mailer"; - ldap-hashed-passwd = "{SSHA}UQHfW0IzjIbRU6VV+DraxvZFWt0to3oc"; - }; - - selby-forum = { - uid = 10114; - primary-group = "selby"; - common-name = "Selby Forum"; - ldap-hashed-passwd = "{SSHA}f7eDNuwFXRhvants5cJJ/FGtkCKheY2Q"; - }; - - viator = { - uid = 10115; - primary-group = "informis"; - common-name = "Viator"; - ldap-hashed-passwd = "{SSHA}dF/5NGkafL8M1kpa3LYZKdh0Pc7a02gA"; - login-hashed-passwd = - "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/"; - email = "viator@informis.land"; - }; - - jasper = { - uid = 10116; - primary-group = "selby"; - common-name = "Jasper"; - # login-hashed-passwd = "$6$ggREeoA2HUmXDDbh$zPEyroAAiSPKseTb.qt4ByLaYBhV08x0hqOz4dnt4wEqcaWtOpBt3UoTpHxyDc2/inMzkRggBwfr.Zm0vI7mp1"; - # ldap-hashed-passwd = "{SSHA}5OCmPaKrkEG3Q4DOWibsPweuBShsMAz2"; - login-hashed-passwd = - "$6$odSNyA1T5bQRIXUd$LsCeR8rjC5pyNxesSR9eGVoa9wy1jwaPDyjOlB9ZQl3fzpRP6biNieXbjRWAfew8FgAImtB5beVCmXIc1085g."; - ldap-hashed-passwd = "{SSHA}mok5LrQtJ4pny2QTaN3sMmOZx6X0eg5R"; - email = "jasper@selby.ca"; - }; - }; + in mapAttrs (username: userOpts: + if (hasAttr "email" userOpts) then + userOpts + else + (userOpts // { + email = let domain = getAttr userOpts.primary-group groupDomainMap; + in "${username}.${domain}"; + })) users; } diff --git a/config/zones.nix b/config/zones.nix index e76974b..c270be6 100644 --- a/config/zones.nix +++ b/config/zones.nix @@ -1,7 +1,5 @@ { config, lib, pkgs, ... }: { - imports = [ - ./zones/selby.ca.nix - ]; + imports = [ ./zones/sea.fudo.org.nix ./zones/selby.ca.nix ]; } diff --git a/config/zones/sea.fudo.org.nix b/config/zones/sea.fudo.org.nix new file mode 100644 index 0000000..88d8a3b --- /dev/null +++ b/config/zones/sea.fudo.org.nix @@ -0,0 +1,3 @@ +{ config, lib, pkgs, ... }: + +{ } diff --git a/flake.lock b/flake.lock index d9bdb8a..4e23860 100644 --- a/flake.lock +++ b/flake.lock @@ -1,9 +1,96 @@ { "nodes": { + "arion": { + "inputs": { + "flake-parts": "flake-parts", + "haskell-flake": "haskell-flake", + "hercules-ci-effects": "hercules-ci-effects", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1692787336, + "narHash": "sha256-WabgeYsUiMRbpb1bCT3oY6GJEciZQIf3tYD8RQAUf2c=", + "owner": "hercules-ci", + "repo": "arion", + "rev": "28902d348807c494115177595f812a3e54cc913b", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "arion", + "type": "github" + } + }, + "arion_2": { + "inputs": { + "flake-parts": "flake-parts_4", + "haskell-flake": "haskell-flake_3", + "hercules-ci-effects": "hercules-ci-effects_2", + "nixpkgs": "nixpkgs_17" + }, + "locked": { + "lastModified": 1692787336, + "narHash": "sha256-WabgeYsUiMRbpb1bCT3oY6GJEciZQIf3tYD8RQAUf2c=", + "owner": "hercules-ci", + "repo": "arion", + "rev": "28902d348807c494115177595f812a3e54cc913b", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "arion", + "type": "github" + } + }, + "authentik-container": { + "inputs": { + "arion": [ + "arion" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1697266532, + "narHash": "sha256-eMEo7+gfw/6ECwepRVH3yj2E6Uu1nL38HtCI7XhxZIY=", + "ref": "refs/heads/master", + "rev": "abbcb42878cde0733bee50cf1553ef292ad9bc53", + "revCount": 14, + "type": "git", + "url": "https://git.fudo.org/fudo-nix/authentik-container.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-nix/authentik-container.git" + } + }, + "authoritative-dns": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1696782511, + "narHash": "sha256-3UQTDuTbbkoaohJF5MeN3w9k3tw11yGfK69aGRTOv5E=", + "ref": "refs/heads/master", + "rev": "007ccef4e35f68868bf17f3df2a075b57d422a4d", + "revCount": 51, + "type": "git", + "url": "https://git.fudo.org/fudo-public/authoritative-dns.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/authoritative-dns.git" + } + }, "blobs": { "flake": false, "locked": { - "lastModified": 1684298638, + "lastModified": 0, "narHash": "sha256-Ri2mFXWPNLpuOJDer0FSVmDyswjZ6xUHoFq7eqlt1Ao=", "path": "/secrets/blobs", "type": "path" @@ -30,7 +117,9 @@ "inputs": { "clj2nix": "clj2nix", "gitignore": "gitignore", - "nixpkgs": "nixpkgs_2", + "nixpkgs": [ + "nixpkgs" + ], "utils": "utils_2" }, "locked": { @@ -52,7 +141,9 @@ "inputs": { "clj2nix": "clj2nix_2", "gitignore": "gitignore_2", - "nixpkgs": "nixpkgs_4", + "nixpkgs": [ + "nixpkgs" + ], "utils": "utils_4" }, "locked": { @@ -73,7 +164,7 @@ "clj-nix": { "inputs": { "devshell": "devshell", - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "nixpkgs": [ "fudo-home", "fudo-pkgs", @@ -82,11 +173,11 @@ ] }, "locked": { - "lastModified": 1663870497, - "narHash": "sha256-gnoyYWvZl64WBqR3tf9bKHAznEtBCHmwx7taHghH9Lw=", + "lastModified": 1677342613, + "narHash": "sha256-BqhKj7jQahSVThEwLHt164kJHGx9LXzBARFZaFNLPW8=", "owner": "jlesquembre", "repo": "clj-nix", - "rev": "23d9daacc80e634df078c4c6e34d592e1593d84c", + "rev": "7d9e244ea96988524ba3bd6c2bbafdf0a5340b96", "type": "github" }, "original": { @@ -98,7 +189,7 @@ "clj-nix_10": { "inputs": { "devshell": "devshell_10", - "flake-utils": "flake-utils_15", + "flake-utils": "flake-utils_12", "nixpkgs": [ "pricebot", "nixpkgs" @@ -121,7 +212,7 @@ "clj-nix_11": { "inputs": { "devshell": "devshell_11", - "flake-utils": "flake-utils_16", + "flake-utils": "flake-utils_13", "nixpkgs": [ "snooper", "helpers", @@ -145,7 +236,7 @@ "clj-nix_12": { "inputs": { "devshell": "devshell_12", - "flake-utils": "flake-utils_17", + "flake-utils": "flake-utils_14", "nixpkgs": [ "suanni", "helpers", @@ -169,7 +260,7 @@ "clj-nix_13": { "inputs": { "devshell": "devshell_13", - "flake-utils": "flake-utils_18", + "flake-utils": "flake-utils_15", "nixpkgs": [ "tattler", "helpers", @@ -193,7 +284,7 @@ "clj-nix_14": { "inputs": { "devshell": "devshell_14", - "flake-utils": "flake-utils_19", + "flake-utils": "flake-utils_16", "nixpkgs": [ "tattler", "notifierClj", @@ -218,7 +309,7 @@ "clj-nix_15": { "inputs": { "devshell": "devshell_15", - "flake-utils": "flake-utils_21", + "flake-utils": "flake-utils_18", "nixpkgs": [ "wallfly", "nixpkgs" @@ -241,7 +332,7 @@ "clj-nix_2": { "inputs": { "devshell": "devshell_2", - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_3", "nixpkgs": [ "fudo-pkgs", "helpers", @@ -249,11 +340,11 @@ ] }, "locked": { - "lastModified": 1663870497, - "narHash": "sha256-gnoyYWvZl64WBqR3tf9bKHAznEtBCHmwx7taHghH9Lw=", + "lastModified": 1677342613, + "narHash": "sha256-BqhKj7jQahSVThEwLHt164kJHGx9LXzBARFZaFNLPW8=", "owner": "jlesquembre", "repo": "clj-nix", - "rev": "23d9daacc80e634df078c4c6e34d592e1593d84c", + "rev": "7d9e244ea96988524ba3bd6c2bbafdf0a5340b96", "type": "github" }, "original": { @@ -265,7 +356,7 @@ "clj-nix_3": { "inputs": { "devshell": "devshell_3", - "flake-utils": "flake-utils_7", + "flake-utils": "flake-utils_4", "nixpkgs": [ "fudo-secrets", "fudo-pkgs", @@ -274,11 +365,11 @@ ] }, "locked": { - "lastModified": 1663870497, - "narHash": "sha256-gnoyYWvZl64WBqR3tf9bKHAznEtBCHmwx7taHghH9Lw=", + "lastModified": 1677342613, + "narHash": "sha256-BqhKj7jQahSVThEwLHt164kJHGx9LXzBARFZaFNLPW8=", "owner": "jlesquembre", "repo": "clj-nix", - "rev": "23d9daacc80e634df078c4c6e34d592e1593d84c", + "rev": "7d9e244ea96988524ba3bd6c2bbafdf0a5340b96", "type": "github" }, "original": { @@ -290,7 +381,7 @@ "clj-nix_4": { "inputs": { "devshell": "devshell_4", - "flake-utils": "flake-utils_8", + "flake-utils": "flake-utils_5", "nixpkgs": [ "fudo-secrets", "nexus", @@ -316,7 +407,7 @@ "clj-nix_5": { "inputs": { "devshell": "devshell_5", - "flake-utils": "flake-utils_9", + "flake-utils": "flake-utils_6", "nixpkgs": [ "fudo-secrets", "nexus", @@ -342,7 +433,7 @@ "clj-nix_6": { "inputs": { "devshell": "devshell_6", - "flake-utils": "flake-utils_10", + "flake-utils": "flake-utils_7", "nixpkgs": [ "fudo-secrets", "nexus", @@ -368,7 +459,7 @@ "clj-nix_7": { "inputs": { "devshell": "devshell_7", - "flake-utils": "flake-utils_11", + "flake-utils": "flake-utils_8", "nixpkgs": [ "nexus", "nexus-client", @@ -393,7 +484,7 @@ "clj-nix_8": { "inputs": { "devshell": "devshell_8", - "flake-utils": "flake-utils_12", + "flake-utils": "flake-utils_9", "nixpkgs": [ "nexus", "nexus-crypto", @@ -418,7 +509,7 @@ "clj-nix_9": { "inputs": { "devshell": "devshell_9", - "flake-utils": "flake-utils_13", + "flake-utils": "flake-utils_10", "nixpkgs": [ "nexus", "nexus-server", @@ -443,7 +534,7 @@ "clj2nix": { "inputs": { "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "utils": "utils" }, "locked": { @@ -463,8 +554,8 @@ "clj2nix_10": { "inputs": { "flake-compat": "flake-compat_11", - "nixpkgs": "nixpkgs_22", - "utils": "utils_26" + "nixpkgs": "nixpkgs_19", + "utils": "utils_25" }, "locked": { "lastModified": 1673786922, @@ -483,8 +574,8 @@ "clj2nix_11": { "inputs": { "flake-compat": "flake-compat_12", - "nixpkgs": "nixpkgs_24", - "utils": "utils_29" + "nixpkgs": "nixpkgs_20", + "utils": "utils_28" }, "locked": { "lastModified": 1673786922, @@ -503,8 +594,8 @@ "clj2nix_12": { "inputs": { "flake-compat": "flake-compat_13", - "nixpkgs": "nixpkgs_30", - "utils": "utils_35" + "nixpkgs": "nixpkgs_22", + "utils": "utils_34" }, "locked": { "lastModified": 1673786922, @@ -523,8 +614,8 @@ "clj2nix_13": { "inputs": { "flake-compat": "flake-compat_14", - "nixpkgs": "nixpkgs_32", - "utils": "utils_38" + "nixpkgs": "nixpkgs_23", + "utils": "utils_37" }, "locked": { "lastModified": 1673786922, @@ -543,8 +634,8 @@ "clj2nix_14": { "inputs": { "flake-compat": "flake-compat_15", - "nixpkgs": "nixpkgs_34", - "utils": "utils_41" + "nixpkgs": "nixpkgs_24", + "utils": "utils_40" }, "locked": { "lastModified": 1673786922, @@ -563,8 +654,8 @@ "clj2nix_15": { "inputs": { "flake-compat": "flake-compat_16", - "nixpkgs": "nixpkgs_36", - "utils": "utils_43" + "nixpkgs": "nixpkgs_25", + "utils": "utils_42" }, "locked": { "lastModified": 1673786922, @@ -603,15 +694,15 @@ "clj2nix_3": { "inputs": { "flake-compat": "flake-compat_4", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "utils": "utils_5" }, "locked": { - "lastModified": 1654804151, - "narHash": "sha256-D/fRFmem9MoSWAmeK8VE6EMtfBRF3xPpEXp9AotW+K0=", + "lastModified": 1673786922, + "narHash": "sha256-MrwSNEXpq20/AvMxW49MRbuqf8C2M4Vei3jtZeXYjJk=", "owner": "hlolli", "repo": "clj2nix", - "rev": "a321028a6670fc6329272a4d1ac0054f0b25d920", + "rev": "04b0dfbfc69c6316b8613d061e3fe4619d79cd9f", "type": "github" }, "original": { @@ -623,15 +714,15 @@ "clj2nix_4": { "inputs": { "flake-compat": "flake-compat_5", - "nixpkgs": "nixpkgs_7", - "utils": "utils_8" + "nixpkgs": "nixpkgs_6", + "utils": "utils_7" }, "locked": { - "lastModified": 1654804151, - "narHash": "sha256-D/fRFmem9MoSWAmeK8VE6EMtfBRF3xPpEXp9AotW+K0=", + "lastModified": 1673786922, + "narHash": "sha256-MrwSNEXpq20/AvMxW49MRbuqf8C2M4Vei3jtZeXYjJk=", "owner": "hlolli", "repo": "clj2nix", - "rev": "a321028a6670fc6329272a4d1ac0054f0b25d920", + "rev": "04b0dfbfc69c6316b8613d061e3fe4619d79cd9f", "type": "github" }, "original": { @@ -643,15 +734,15 @@ "clj2nix_5": { "inputs": { "flake-compat": "flake-compat_6", - "nixpkgs": "nixpkgs_10", - "utils": "utils_10" + "nixpkgs": "nixpkgs_9", + "utils": "utils_9" }, "locked": { - "lastModified": 1654804151, - "narHash": "sha256-D/fRFmem9MoSWAmeK8VE6EMtfBRF3xPpEXp9AotW+K0=", + "lastModified": 1673786922, + "narHash": "sha256-MrwSNEXpq20/AvMxW49MRbuqf8C2M4Vei3jtZeXYjJk=", "owner": "hlolli", "repo": "clj2nix", - "rev": "a321028a6670fc6329272a4d1ac0054f0b25d920", + "rev": "04b0dfbfc69c6316b8613d061e3fe4619d79cd9f", "type": "github" }, "original": { @@ -663,8 +754,8 @@ "clj2nix_6": { "inputs": { "flake-compat": "flake-compat_7", - "nixpkgs": "nixpkgs_12", - "utils": "utils_12" + "nixpkgs": "nixpkgs_11", + "utils": "utils_11" }, "locked": { "lastModified": 1673786922, @@ -683,8 +774,8 @@ "clj2nix_7": { "inputs": { "flake-compat": "flake-compat_8", - "nixpkgs": "nixpkgs_14", - "utils": "utils_15" + "nixpkgs": "nixpkgs_12", + "utils": "utils_14" }, "locked": { "lastModified": 1673786922, @@ -703,8 +794,8 @@ "clj2nix_8": { "inputs": { "flake-compat": "flake-compat_9", - "nixpkgs": "nixpkgs_16", - "utils": "utils_18" + "nixpkgs": "nixpkgs_13", + "utils": "utils_17" }, "locked": { "lastModified": 1673786922, @@ -723,8 +814,8 @@ "clj2nix_9": { "inputs": { "flake-compat": "flake-compat_10", - "nixpkgs": "nixpkgs_20", - "utils": "utils_23" + "nixpkgs": "nixpkgs_18", + "utils": "utils_22" }, "locked": { "lastModified": 1673786922, @@ -758,7 +849,13 @@ }, "devshell": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": [ + "fudo-home", + "fudo-pkgs", + "helpers", + "clj-nix", + "flake-utils" + ], "nixpkgs": [ "fudo-home", "fudo-pkgs", @@ -783,7 +880,7 @@ }, "devshell_10": { "inputs": { - "flake-utils": "flake-utils_14", + "flake-utils": "flake-utils_11", "nixpkgs": [ "pricebot", "clj-nix", @@ -924,7 +1021,7 @@ }, "devshell_15": { "inputs": { - "flake-utils": "flake-utils_20", + "flake-utils": "flake-utils_17", "nixpkgs": [ "wallfly", "clj-nix", @@ -947,7 +1044,12 @@ }, "devshell_2": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": [ + "fudo-pkgs", + "helpers", + "clj-nix", + "flake-utils" + ], "nixpkgs": [ "fudo-pkgs", "helpers", @@ -971,7 +1073,13 @@ }, "devshell_3": { "inputs": { - "flake-utils": "flake-utils_6", + "flake-utils": [ + "fudo-secrets", + "fudo-pkgs", + "helpers", + "clj-nix", + "flake-utils" + ], "nixpkgs": [ "fudo-secrets", "fudo-pkgs", @@ -1212,6 +1320,19 @@ "type": "path" } }, + "domain-secrets": { + "flake": false, + "locked": { + "lastModified": 1697313293, + "narHash": "sha256-RugXjMCmbbJh+ekSnFMLJO2yrWMiwmoSrqs6agYJsGo=", + "path": "/secrets/domain-secrets", + "type": "path" + }, + "original": { + "path": "/secrets/domain-secrets", + "type": "path" + } + }, "doom-emacs": { "inputs": { "doom-emacs": "doom-emacs_2", @@ -1244,11 +1365,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1683249650, - "narHash": "sha256-NwBzz2CHNtT0oDqAGewByQ5OFnAWf+ewHUrK0F44xZk=", + "lastModified": 1695346081, + "narHash": "sha256-ELuMibAhsgOEIzoPb9ZodYLcde0qSEP6ZuVIvFDIb6A=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "588ccf37fa9eb9d2ec787b91c989dcd6892983e9", + "rev": "5bbefaee92c4277ff1961b333f9937f5180d15f3", "type": "github" }, "original": { @@ -1277,11 +1398,11 @@ "doom-snippets": { "flake": false, "locked": { - "lastModified": 1676839496, - "narHash": "sha256-1Ay9zi0u1lycmEeFqIxr0RWH+JvH9BnzgRzkPeWEAYY=", + "lastModified": 1694887483, + "narHash": "sha256-KlKhruPSLPSKqUnr5/U65arm16VrY9ORzm+XKNZhpTQ=", "owner": "doomemacs", "repo": "snippets", - "rev": "fe4003014ae00b866f117cb193f711fd9d72fd11", + "rev": "f022984ee1318a4015d5d081b3c3dab5a60dc6ff", "type": "github" }, "original": { @@ -1326,14 +1447,14 @@ "entities": { "inputs": { "fudo-lib": "fudo-lib_3", - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_8" }, "locked": { - "lastModified": 1683473493, - "narHash": "sha256-DhXGPS2w8ucsCRy254f2B+L2kza/WjncD/bK2t95mH0=", + "lastModified": 1696807621, + "narHash": "sha256-VrcRmQxeoJQiCOwTVsr9FJJKz0v3cPgR+tHY1c0LmrM=", "ref": "refs/heads/master", - "rev": "038a50f8da3c7737f444710ad896a0bd2875fd9b", - "revCount": 134, + "rev": "fec671e18b1434720ee02d1795acbb75ddfc9a12", + "revCount": 172, "type": "git", "url": "https://git.fudo.org/fudo-nix/entities.git" }, @@ -1598,11 +1719,11 @@ "flake-compat_4": { "flake": false, "locked": { - "lastModified": 1627913399, - "narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=", + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", "type": "github" }, "original": { @@ -1614,11 +1735,11 @@ "flake-compat_5": { "flake": false, "locked": { - "lastModified": 1627913399, - "narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=", + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", "type": "github" }, "original": { @@ -1630,11 +1751,11 @@ "flake-compat_6": { "flake": false, "locked": { - "lastModified": 1627913399, - "narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=", + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", "type": "github" }, "original": { @@ -1691,16 +1812,140 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "arion", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1675933616, + "narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "47478a4a003e745402acf63be7f9a092d51b83d7", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1688466019, + "narHash": "sha256-VeM2akYrBYMsb4W/MmBo1zmaMfgbL4cH3Pu8PGyIwJ0=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "8e8d955c22df93dbe24f19ea04f47a74adbdc5ec", + "type": "github" + }, + "original": { + "id": "flake-parts", + "type": "indirect" + } + }, + "flake-parts_3": { + "inputs": { + "nixpkgs-lib": [ + "arion", + "hercules-ci-effects", + "hercules-ci-agent", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1688466019, + "narHash": "sha256-VeM2akYrBYMsb4W/MmBo1zmaMfgbL4cH3Pu8PGyIwJ0=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "8e8d955c22df93dbe24f19ea04f47a74adbdc5ec", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_4": { + "inputs": { + "nixpkgs-lib": [ + "mail-server", + "arion", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1675933616, + "narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "47478a4a003e745402acf63be7f9a092d51b83d7", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_5": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_2" + }, + "locked": { + "lastModified": 1688466019, + "narHash": "sha256-VeM2akYrBYMsb4W/MmBo1zmaMfgbL4cH3Pu8PGyIwJ0=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "8e8d955c22df93dbe24f19ea04f47a74adbdc5ec", + "type": "github" + }, + "original": { + "id": "flake-parts", + "type": "indirect" + } + }, + "flake-parts_6": { + "inputs": { + "nixpkgs-lib": [ + "mail-server", + "arion", + "hercules-ci-effects", + "hercules-ci-agent", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1688466019, + "narHash": "sha256-VeM2akYrBYMsb4W/MmBo1zmaMfgbL4cH3Pu8PGyIwJ0=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "8e8d955c22df93dbe24f19ea04f47a74adbdc5ec", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" }, "locked": { - "lastModified": 1681202837, - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "owner": "numtide", "repo": "flake-utils", - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "type": "github" }, "original": { @@ -1726,11 +1971,11 @@ }, "flake-utils_11": { "locked": { - "lastModified": 1656928814, - "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "lastModified": 1642700792, + "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", "owner": "numtide", "repo": "flake-utils", - "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", "type": "github" }, "original": { @@ -1741,11 +1986,11 @@ }, "flake-utils_12": { "locked": { - "lastModified": 1656928814, - "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "lastModified": 1644229661, + "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", "owner": "numtide", "repo": "flake-utils", - "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", "type": "github" }, "original": { @@ -1771,11 +2016,11 @@ }, "flake-utils_14": { "locked": { - "lastModified": 1642700792, - "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", "owner": "numtide", "repo": "flake-utils", - "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", "type": "github" }, "original": { @@ -1786,11 +2031,11 @@ }, "flake-utils_15": { "locked": { - "lastModified": 1644229661, - "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", "owner": "numtide", "repo": "flake-utils", - "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", "type": "github" }, "original": { @@ -1816,11 +2061,11 @@ }, "flake-utils_17": { "locked": { - "lastModified": 1656928814, - "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "lastModified": 1642700792, + "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", "owner": "numtide", "repo": "flake-utils", - "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", "type": "github" }, "original": { @@ -1844,52 +2089,7 @@ "type": "github" } }, - "flake-utils_19": { - "locked": { - "lastModified": 1656928814, - "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "flake-utils_2": { - "locked": { - "lastModified": 1642700792, - "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_20": { - "locked": { - "lastModified": 1642700792, - "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_21": { "locked": { "lastModified": 1656928814, "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", @@ -1921,11 +2121,11 @@ }, "flake-utils_4": { "locked": { - "lastModified": 1642700792, - "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", "owner": "numtide", "repo": "flake-utils", - "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", "type": "github" }, "original": { @@ -1951,11 +2151,11 @@ }, "flake-utils_6": { "locked": { - "lastModified": 1642700792, - "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", "owner": "numtide", "repo": "flake-utils", - "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", "type": "github" }, "original": { @@ -2034,11 +2234,11 @@ ] }, "locked": { - "lastModified": 1684342863, - "narHash": "sha256-bx6TtJUv1x9PL7Ptecs0pA7LXAWzu7rxyiMlqZSKOrU=", + "lastModified": 1696807621, + "narHash": "sha256-VrcRmQxeoJQiCOwTVsr9FJJKz0v3cPgR+tHY1c0LmrM=", "ref": "refs/heads/master", - "rev": "45f0457328e0bdf5dbc6c103af0d703d46d9a2b2", - "revCount": 138, + "rev": "fec671e18b1434720ee02d1795acbb75ddfc9a12", + "revCount": 172, "type": "git", "url": "https://git.fudo.org/fudo-nix/entities.git" }, @@ -2059,11 +2259,11 @@ ] }, "locked": { - "lastModified": 1684879375, - "narHash": "sha256-Zr5Ko0Z0DBuTlkt18JKUost5llWBWeYiHyZLm8T5jC8=", + "lastModified": 1695588032, + "narHash": "sha256-GrxfUjnqnFTo4p+dLOf85eL0TK64Z7va5Pryp1GBGSI=", "ref": "refs/heads/master", - "rev": "be74e07d94622d3bf9c3ebd6b9a840ed7e5b78bd", - "revCount": 333, + "rev": "77b3312641bc046d0dfeb2559acbeceb8c93465a", + "revCount": 354, "type": "git", "url": "https://git.fudo.org/fudo-nix/home.git" }, @@ -2074,11 +2274,11 @@ }, "fudo-lib": { "locked": { - "lastModified": 1654117056, - "narHash": "sha256-Ray3c3Zv41Ax4MvTFY7pagfROUoXzS4x11l0EHFj9DE=", - "ref": "master", - "rev": "df53c13bb7f15336a2b0f110cef0a57af7089737", - "revCount": 68, + "lastModified": 1695450044, + "narHash": "sha256-o73ia/vQjo51yVcnyA9xdSif45HxXPgU3Gq8OCDlcbY=", + "ref": "refs/heads/master", + "rev": "49009f67e7ac58c1ed088629837d42469104c5c8", + "revCount": 149, "type": "git", "url": "https://git.fudo.org/fudo-nix/lib.git" }, @@ -2089,11 +2289,11 @@ }, "fudo-lib_2": { "locked": { - "lastModified": 1684365012, - "narHash": "sha256-nxqOGxDnQLIqUM1taoaGcCc6SfEWmniegsNwCqp8Dbs=", + "lastModified": 1697264099, + "narHash": "sha256-sKhUS5yr4Xnhfj3LSEjeNYC2rEWd1APYf5mJUcYOmcA=", "ref": "refs/heads/master", - "rev": "179dda3ec621d1d7d02136f61c586d9d6a45acc8", - "revCount": 101, + "rev": "c629223e8592bcd72a30e034541ccca547e1dfad", + "revCount": 161, "type": "git", "url": "https://git.fudo.org/fudo-nix/lib.git" }, @@ -2104,11 +2304,11 @@ }, "fudo-lib_3": { "locked": { - "lastModified": 1654117056, - "narHash": "sha256-Ray3c3Zv41Ax4MvTFY7pagfROUoXzS4x11l0EHFj9DE=", - "ref": "master", - "rev": "df53c13bb7f15336a2b0f110cef0a57af7089737", - "revCount": 68, + "lastModified": 1695450044, + "narHash": "sha256-o73ia/vQjo51yVcnyA9xdSif45HxXPgU3Gq8OCDlcbY=", + "ref": "refs/heads/master", + "rev": "49009f67e7ac58c1ed088629837d42469104c5c8", + "revCount": 149, "type": "git", "url": "https://git.fudo.org/fudo-nix/lib.git" }, @@ -2123,11 +2323,11 @@ "unstableNixpkgs": "unstableNixpkgs" }, "locked": { - "lastModified": 1683322537, - "narHash": "sha256-2x/W/dvUqVPpE91mxIcrcOJL4ufE+9LNdJRgVeUour8=", + "lastModified": 1695580196, + "narHash": "sha256-EfA9zherzQ9YioayOldhr9TssjonmVGjwj5iceCQIWA=", "ref": "refs/heads/master", - "rev": "8013891628c1d709f28705e3f9b7c3f91481892b", - "revCount": 215, + "rev": "87ada9aac42a45e3aaca8c4b47873003690449fb", + "revCount": 246, "type": "git", "url": "https://git.fudo.org/fudo-nix/pkgs.git" }, @@ -2142,11 +2342,11 @@ "unstableNixpkgs": "unstableNixpkgs_2" }, "locked": { - "lastModified": 1683322537, - "narHash": "sha256-2x/W/dvUqVPpE91mxIcrcOJL4ufE+9LNdJRgVeUour8=", + "lastModified": 1697077575, + "narHash": "sha256-UUkJhYv9L+Tj2EGupz54RMhdY5V7i6ai4spwjMC3y3M=", "ref": "refs/heads/master", - "rev": "8013891628c1d709f28705e3f9b7c3f91481892b", - "revCount": 215, + "rev": "2cf977ff51b51771240afe930dbe65e3985f7504", + "revCount": 249, "type": "git", "url": "https://git.fudo.org/fudo-nix/pkgs.git" }, @@ -2161,11 +2361,11 @@ "unstableNixpkgs": "unstableNixpkgs_3" }, "locked": { - "lastModified": 1683322537, - "narHash": "sha256-2x/W/dvUqVPpE91mxIcrcOJL4ufE+9LNdJRgVeUour8=", + "lastModified": 1697077575, + "narHash": "sha256-UUkJhYv9L+Tj2EGupz54RMhdY5V7i6ai4spwjMC3y3M=", "ref": "refs/heads/master", - "rev": "8013891628c1d709f28705e3f9b7c3f91481892b", - "revCount": 215, + "rev": "2cf977ff51b51771240afe930dbe65e3985f7504", + "revCount": 249, "type": "git", "url": "https://git.fudo.org/fudo-nix/pkgs.git" }, @@ -2180,19 +2380,21 @@ "build-seed": "build-seed", "dnssec-keys": "dnssec-keys", "dnssec-ksks": "dnssec-ksks", + "domain-secrets": "domain-secrets", "entities": "entities", "filesystem-keys": "filesystem-keys", "fudo-pkgs": "fudo-pkgs_3", "nexus": "nexus", - "nixpkgs": "nixpkgs_19", + "nixpkgs": "nixpkgs_15", "service-passwords": "service-passwords", "service-secrets": "service-secrets", + "site-secrets": "site-secrets", "ssh-keypairs": "ssh-keypairs", - "utils": "utils_22" + "utils": "utils_21" }, "locked": { - "lastModified": 1684364838, - "narHash": "sha256-Ul81nyHZHxubxoo4cj9v7GG+Psu/5/DUwyXfXqaxbPo=", + "lastModified": 1697313757, + "narHash": "sha256-WCJ/RuIiMgNjoh5nQ6ah4rS1pmEVs7U15upm5IFCF0g=", "path": "/secrets", "type": "path" }, @@ -2265,19 +2467,83 @@ "type": "github" } }, + "haskell-flake": { + "locked": { + "lastModified": 1675296942, + "narHash": "sha256-u1X1sblozi5qYEcLp1hxcyo8FfDHnRUVX3dJ/tW19jY=", + "owner": "srid", + "repo": "haskell-flake", + "rev": "c2cafce9d57bfca41794dc3b99c593155006c71e", + "type": "github" + }, + "original": { + "owner": "srid", + "ref": "0.1.0", + "repo": "haskell-flake", + "type": "github" + } + }, + "haskell-flake_2": { + "locked": { + "lastModified": 1684780604, + "narHash": "sha256-2uMZsewmRn7rRtAnnQNw1lj0uZBMh4m6Cs/7dV5YF08=", + "owner": "srid", + "repo": "haskell-flake", + "rev": "74210fa80a49f1b6f67223debdbf1494596ff9f2", + "type": "github" + }, + "original": { + "owner": "srid", + "ref": "0.3.0", + "repo": "haskell-flake", + "type": "github" + } + }, + "haskell-flake_3": { + "locked": { + "lastModified": 1675296942, + "narHash": "sha256-u1X1sblozi5qYEcLp1hxcyo8FfDHnRUVX3dJ/tW19jY=", + "owner": "srid", + "repo": "haskell-flake", + "rev": "c2cafce9d57bfca41794dc3b99c593155006c71e", + "type": "github" + }, + "original": { + "owner": "srid", + "ref": "0.1.0", + "repo": "haskell-flake", + "type": "github" + } + }, + "haskell-flake_4": { + "locked": { + "lastModified": 1684780604, + "narHash": "sha256-2uMZsewmRn7rRtAnnQNw1lj0uZBMh4m6Cs/7dV5YF08=", + "owner": "srid", + "repo": "haskell-flake", + "rev": "74210fa80a49f1b6f67223debdbf1494596ff9f2", + "type": "github" + }, + "original": { + "owner": "srid", + "ref": "0.3.0", + "repo": "haskell-flake", + "type": "github" + } + }, "helpers": { "inputs": { "clj-nix": "clj-nix", "clj2nix": "clj2nix_3", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_5", "utils": "utils_6" }, "locked": { - "lastModified": 1675466351, - "narHash": "sha256-JPDyPw0JdRds8iZ5N6v+OJ8+aTlWHfUxMKslIX2itu4=", + "lastModified": 1683740681, + "narHash": "sha256-KmOssuvCVsOiSspVzpqW/OdPWMCbRieUUACDQcPs7cI=", "ref": "refs/heads/master", - "rev": "9d7434f1ac1351f499ea08eceadb44647d6c8c9b", - "revCount": 21, + "rev": "7930d2d726a4e434d27022ca84ae25cdc833cd72", + "revCount": 33, "type": "git", "url": "https://git.fudo.org/fudo-public/nix-helpers.git" }, @@ -2294,7 +2560,7 @@ "snooper", "nixpkgs" ], - "utils": "utils_36" + "utils": "utils_35" }, "locked": { "lastModified": 1677792046, @@ -2318,7 +2584,7 @@ "suanni", "nixpkgs" ], - "utils": "utils_39" + "utils": "utils_38" }, "locked": { "lastModified": 1677792046, @@ -2342,7 +2608,7 @@ "tattler", "nixpkgs" ], - "utils": "utils_42" + "utils": "utils_41" }, "locked": { "lastModified": 1684439334, @@ -2368,7 +2634,7 @@ "notifierClj", "nixpkgs" ], - "utils": "utils_44" + "utils": "utils_43" }, "locked": { "lastModified": 1684439334, @@ -2389,15 +2655,15 @@ "inputs": { "clj-nix": "clj-nix_2", "clj2nix": "clj2nix_4", - "nixpkgs": "nixpkgs_8", - "utils": "utils_9" + "nixpkgs": "nixpkgs_7", + "utils": "utils_8" }, "locked": { - "lastModified": 1675466351, - "narHash": "sha256-JPDyPw0JdRds8iZ5N6v+OJ8+aTlWHfUxMKslIX2itu4=", + "lastModified": 1683740681, + "narHash": "sha256-KmOssuvCVsOiSspVzpqW/OdPWMCbRieUUACDQcPs7cI=", "ref": "refs/heads/master", - "rev": "9d7434f1ac1351f499ea08eceadb44647d6c8c9b", - "revCount": 21, + "rev": "7930d2d726a4e434d27022ca84ae25cdc833cd72", + "revCount": 33, "type": "git", "url": "https://git.fudo.org/fudo-public/nix-helpers.git" }, @@ -2410,15 +2676,15 @@ "inputs": { "clj-nix": "clj-nix_3", "clj2nix": "clj2nix_5", - "nixpkgs": "nixpkgs_11", - "utils": "utils_11" + "nixpkgs": "nixpkgs_10", + "utils": "utils_10" }, "locked": { - "lastModified": 1675466351, - "narHash": "sha256-JPDyPw0JdRds8iZ5N6v+OJ8+aTlWHfUxMKslIX2itu4=", + "lastModified": 1683740681, + "narHash": "sha256-KmOssuvCVsOiSspVzpqW/OdPWMCbRieUUACDQcPs7cI=", "ref": "refs/heads/master", - "rev": "9d7434f1ac1351f499ea08eceadb44647d6c8c9b", - "revCount": 21, + "rev": "7930d2d726a4e434d27022ca84ae25cdc833cd72", + "revCount": 33, "type": "git", "url": "https://git.fudo.org/fudo-public/nix-helpers.git" }, @@ -2437,14 +2703,14 @@ "nexus-client", "nixpkgs" ], - "utils": "utils_13" + "utils": "utils_12" }, "locked": { - "lastModified": 1677792046, - "narHash": "sha256-GU7czTodGN+6ijrz5MuREJMyfPo9aDsXRjaZA+nl+ys=", + "lastModified": 1683740681, + "narHash": "sha256-KmOssuvCVsOiSspVzpqW/OdPWMCbRieUUACDQcPs7cI=", "ref": "refs/heads/master", - "rev": "d54fa928c37e7f260c2b99bc733634347e83d9fd", - "revCount": 32, + "rev": "7930d2d726a4e434d27022ca84ae25cdc833cd72", + "revCount": 33, "type": "git", "url": "https://git.fudo.org/fudo-public/nix-helpers.git" }, @@ -2463,7 +2729,7 @@ "nexus-crypto", "nixpkgs" ], - "utils": "utils_16" + "utils": "utils_15" }, "locked": { "lastModified": 1677792046, @@ -2489,14 +2755,14 @@ "nexus-server", "nixpkgs" ], - "utils": "utils_19" + "utils": "utils_18" }, "locked": { - "lastModified": 1677792046, - "narHash": "sha256-GU7czTodGN+6ijrz5MuREJMyfPo9aDsXRjaZA+nl+ys=", + "lastModified": 1683740681, + "narHash": "sha256-KmOssuvCVsOiSspVzpqW/OdPWMCbRieUUACDQcPs7cI=", "ref": "refs/heads/master", - "rev": "d54fa928c37e7f260c2b99bc733634347e83d9fd", - "revCount": 32, + "rev": "7930d2d726a4e434d27022ca84ae25cdc833cd72", + "revCount": 33, "type": "git", "url": "https://git.fudo.org/fudo-public/nix-helpers.git" }, @@ -2514,14 +2780,14 @@ "nexus-client", "nixpkgs" ], - "utils": "utils_24" + "utils": "utils_23" }, "locked": { - "lastModified": 1677792046, - "narHash": "sha256-GU7czTodGN+6ijrz5MuREJMyfPo9aDsXRjaZA+nl+ys=", + "lastModified": 1683740681, + "narHash": "sha256-KmOssuvCVsOiSspVzpqW/OdPWMCbRieUUACDQcPs7cI=", "ref": "refs/heads/master", - "rev": "d54fa928c37e7f260c2b99bc733634347e83d9fd", - "revCount": 32, + "rev": "7930d2d726a4e434d27022ca84ae25cdc833cd72", + "revCount": 33, "type": "git", "url": "https://git.fudo.org/fudo-public/nix-helpers.git" }, @@ -2539,7 +2805,7 @@ "nexus-crypto", "nixpkgs" ], - "utils": "utils_27" + "utils": "utils_26" }, "locked": { "lastModified": 1677792046, @@ -2564,14 +2830,14 @@ "nexus-server", "nixpkgs" ], - "utils": "utils_30" + "utils": "utils_29" }, "locked": { - "lastModified": 1677792046, - "narHash": "sha256-GU7czTodGN+6ijrz5MuREJMyfPo9aDsXRjaZA+nl+ys=", + "lastModified": 1683740681, + "narHash": "sha256-KmOssuvCVsOiSspVzpqW/OdPWMCbRieUUACDQcPs7cI=", "ref": "refs/heads/master", - "rev": "d54fa928c37e7f260c2b99bc733634347e83d9fd", - "revCount": 32, + "rev": "7930d2d726a4e434d27022ca84ae25cdc833cd72", + "revCount": 33, "type": "git", "url": "https://git.fudo.org/fudo-public/nix-helpers.git" }, @@ -2580,43 +2846,237 @@ "url": "https://git.fudo.org/fudo-public/nix-helpers.git" } }, + "hercules-ci-agent": { + "inputs": { + "flake-parts": "flake-parts_3", + "haskell-flake": "haskell-flake_2", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1688568579, + "narHash": "sha256-ON0M56wtY/TIIGPkXDlJboAmuYwc73Hi8X9iJGtxOhM=", + "owner": "hercules-ci", + "repo": "hercules-ci-agent", + "rev": "367dd8cd649b57009a6502e878005a1e54ad78c5", + "type": "github" + }, + "original": { + "id": "hercules-ci-agent", + "type": "indirect" + } + }, + "hercules-ci-agent_2": { + "inputs": { + "flake-parts": "flake-parts_6", + "haskell-flake": "haskell-flake_4", + "nixpkgs": "nixpkgs_16" + }, + "locked": { + "lastModified": 1688568579, + "narHash": "sha256-ON0M56wtY/TIIGPkXDlJboAmuYwc73Hi8X9iJGtxOhM=", + "owner": "hercules-ci", + "repo": "hercules-ci-agent", + "rev": "367dd8cd649b57009a6502e878005a1e54ad78c5", + "type": "github" + }, + "original": { + "id": "hercules-ci-agent", + "type": "indirect" + } + }, + "hercules-ci-effects": { + "inputs": { + "flake-parts": "flake-parts_2", + "hercules-ci-agent": "hercules-ci-agent", + "nixpkgs": [ + "arion", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1689397210, + "narHash": "sha256-fVxZnqxMbsDkB4GzGAs/B41K0wt/e+B/fLxmTFF/S20=", + "owner": "hercules-ci", + "repo": "hercules-ci-effects", + "rev": "0a63bfa3f00a3775ea3a6722b247880f1ffe91ce", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "hercules-ci-effects", + "type": "github" + } + }, + "hercules-ci-effects_2": { + "inputs": { + "flake-parts": "flake-parts_5", + "hercules-ci-agent": "hercules-ci-agent_2", + "nixpkgs": [ + "mail-server", + "arion", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1689397210, + "narHash": "sha256-fVxZnqxMbsDkB4GzGAs/B41K0wt/e+B/fLxmTFF/S20=", + "owner": "hercules-ci", + "repo": "hercules-ci-effects", + "rev": "0a63bfa3f00a3775ea3a6722b247880f1ffe91ce", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "hercules-ci-effects", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ "fudo-home", "nixpkgs" - ], - "utils": "utils_7" + ] }, "locked": { - "lastModified": 1681092193, - "narHash": "sha256-JerCqqOqbT2tBnXQW4EqwFl0hHnuZp21rIQ6lu/N4rI=", + "lastModified": 1695108154, + "narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=", "owner": "nix-community", "repo": "home-manager", - "rev": "f9edbedaf015013eb35f8caacbe0c9666bbc16af", + "rev": "07682fff75d41f18327a871088d20af2710d4744", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-22.11", + "ref": "release-23.05", "repo": "home-manager", "type": "github" } }, + "lemmy-docker": { + "inputs": { + "arion": [ + "arion" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1697145645, + "narHash": "sha256-9C8XTQCGqtU743ucveCp+i9fJcwlS1Cbq1zHowWBWCw=", + "ref": "refs/heads/master", + "rev": "cfbb9007a79210147cc714876d6353ca2fc16ab4", + "revCount": 85, + "type": "git", + "url": "https://git.fudo.org/fudo-public/lemmy-docker.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/lemmy-docker.git" + } + }, + "mail-server": { + "inputs": { + "arion": "arion_2", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1697257997, + "narHash": "sha256-oVRwU9XkWzhfRFrvNzNLSS6YUIyFiFX/uVt/WrFRxZw=", + "ref": "refs/heads/master", + "rev": "34b51d34b9f339f12e4111d4d6e5b00b8752f6bc", + "revCount": 241, + "type": "git", + "url": "https://git.fudo.org/fudo-public/mail-server.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/mail-server.git" + } + }, + "mastodon-container": { + "inputs": { + "arion": [ + "arion" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1694066286, + "narHash": "sha256-SvONfQPwi3KbaVN+4/DW9VMYkqc1M6JkcxN7nPqdDDE=", + "ref": "refs/heads/master", + "rev": "03a2e29832553385013006eaa9cc2c11ca129112", + "revCount": 39, + "type": "git", + "url": "https://git.fudo.org/fudo-public/mastodon-container.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/mastodon-container.git" + } + }, + "matrix-module": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1695019560, + "narHash": "sha256-rS+Qs3FjEWOIdUDwG1SYbeS3o1GcQuUa9a21HCkYZHo=", + "ref": "refs/heads/master", + "rev": "a086511d5dc0a5f780fbcd64879e6b3d9f939ccf", + "revCount": 18, + "type": "git", + "url": "https://git.fudo.org/fudo-public/matrix-module.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/matrix-module.git" + } + }, + "nextcloud-container": { + "inputs": { + "arion": [ + "arion" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1694028461, + "narHash": "sha256-wrxydLcHwHUi9nFirw/d/tzStuVrNoxnELZuR07zLrc=", + "ref": "refs/heads/master", + "rev": "ae7bccb0c4d85f4c7877e4f0139236c152729211", + "revCount": 33, + "type": "git", + "url": "https://git.fudo.org/fudo-public/nextcloud-container.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/nextcloud-container.git" + } + }, "nexus": { "inputs": { "nexus-client": "nexus-client", "nexus-crypto": "nexus-crypto", "nexus-server": "nexus-server", - "nixpkgs": "nixpkgs_18", - "utils": "utils_21" + "nixpkgs": "nixpkgs_14", + "utils": "utils_20" }, "locked": { - "lastModified": 1680541464, - "narHash": "sha256-aKDleW+y6boXt2xuz3oJpVz2A4dybPRjcRh0c+lpb3o=", + "lastModified": 1694023994, + "narHash": "sha256-EglOSW6M2JJnfMjoRtS2w1DcZzoU6USf+Vuv0MwOQ0w=", "ref": "refs/heads/master", - "rev": "b2cb23479d977e3c1cb65c47ac625174113a0dd4", - "revCount": 246, + "rev": "9b1ee964d8f47f8c2ad97269e4322312af1412eb", + "revCount": 253, "type": "git", "url": "https://git.fudo.org/fudo-public/nexus.git" }, @@ -2628,15 +3088,19 @@ "nexus-client": { "inputs": { "helpers": "helpers_4", - "nixpkgs": "nixpkgs_13", - "utils": "utils_14" + "nixpkgs": [ + "fudo-secrets", + "nexus", + "nixpkgs" + ], + "utils": "utils_13" }, "locked": { - "lastModified": 1680313539, - "narHash": "sha256-yNkEz5wnlP4BrJpnI9YY+OBk3pUdl0lPAVdcoob9oBk=", + "lastModified": 1693890453, + "narHash": "sha256-KRQqUG6yq3uvP8uQCPRM1x60iV2l1t/qGyv101LjKAo=", "ref": "refs/heads/master", - "rev": "8346a158be6f3189ddd69fcf8f442f0114de9498", - "revCount": 47, + "rev": "850bf5d3cdd307f289e1794f2181ee05216c78c1", + "revCount": 50, "type": "git", "url": "https://git.fudo.org/fudo-public/nexus-client.git" }, @@ -2648,15 +3112,18 @@ "nexus-client_2": { "inputs": { "helpers": "helpers_7", - "nixpkgs": "nixpkgs_21", - "utils": "utils_25" + "nixpkgs": [ + "nexus", + "nixpkgs" + ], + "utils": "utils_24" }, "locked": { - "lastModified": 1680313539, - "narHash": "sha256-yNkEz5wnlP4BrJpnI9YY+OBk3pUdl0lPAVdcoob9oBk=", + "lastModified": 1693890453, + "narHash": "sha256-KRQqUG6yq3uvP8uQCPRM1x60iV2l1t/qGyv101LjKAo=", "ref": "refs/heads/master", - "rev": "8346a158be6f3189ddd69fcf8f442f0114de9498", - "revCount": 47, + "rev": "850bf5d3cdd307f289e1794f2181ee05216c78c1", + "revCount": 50, "type": "git", "url": "https://git.fudo.org/fudo-public/nexus-client.git" }, @@ -2668,8 +3135,12 @@ "nexus-crypto": { "inputs": { "helpers": "helpers_5", - "nixpkgs": "nixpkgs_15", - "utils": "utils_17" + "nixpkgs": [ + "fudo-secrets", + "nexus", + "nixpkgs" + ], + "utils": "utils_16" }, "locked": { "lastModified": 1677792070, @@ -2688,8 +3159,11 @@ "nexus-crypto_2": { "inputs": { "helpers": "helpers_8", - "nixpkgs": "nixpkgs_23", - "utils": "utils_28" + "nixpkgs": [ + "nexus", + "nixpkgs" + ], + "utils": "utils_27" }, "locked": { "lastModified": 1677792070, @@ -2708,15 +3182,19 @@ "nexus-server": { "inputs": { "helpers": "helpers_6", - "nixpkgs": "nixpkgs_17", - "utils": "utils_20" + "nixpkgs": [ + "fudo-secrets", + "nexus", + "nixpkgs" + ], + "utils": "utils_19" }, "locked": { - "lastModified": 1680473429, - "narHash": "sha256-dbzA2yc/j2CoxvBKR2rMbdiA6FPJ7nSAefiby/dsawU=", + "lastModified": 1693890469, + "narHash": "sha256-YMlAhaM3X7jwqCZJ3g9xSZuu0vwJlzVilFWiUQiJxqM=", "ref": "refs/heads/master", - "rev": "b0a2aae0ffb972ea4b922ad1d8068869c02f6e31", - "revCount": 60, + "rev": "efcde6094822bc43a13b9a15fe85f470a5c2ef0b", + "revCount": 61, "type": "git", "url": "https://git.fudo.org/fudo-public/nexus-server.git" }, @@ -2728,15 +3206,18 @@ "nexus-server_2": { "inputs": { "helpers": "helpers_9", - "nixpkgs": "nixpkgs_25", - "utils": "utils_31" + "nixpkgs": [ + "nexus", + "nixpkgs" + ], + "utils": "utils_30" }, "locked": { - "lastModified": 1680473429, - "narHash": "sha256-dbzA2yc/j2CoxvBKR2rMbdiA6FPJ7nSAefiby/dsawU=", + "lastModified": 1693890469, + "narHash": "sha256-YMlAhaM3X7jwqCZJ3g9xSZuu0vwJlzVilFWiUQiJxqM=", "ref": "refs/heads/master", - "rev": "b0a2aae0ffb972ea4b922ad1d8068869c02f6e31", - "revCount": 60, + "rev": "efcde6094822bc43a13b9a15fe85f470a5c2ef0b", + "revCount": 61, "type": "git", "url": "https://git.fudo.org/fudo-public/nexus-server.git" }, @@ -2750,15 +3231,17 @@ "nexus-client": "nexus-client_2", "nexus-crypto": "nexus-crypto_2", "nexus-server": "nexus-server_2", - "nixpkgs": "nixpkgs_26", - "utils": "utils_32" + "nixpkgs": [ + "nixpkgs" + ], + "utils": "utils_31" }, "locked": { - "lastModified": 1680541464, - "narHash": "sha256-aKDleW+y6boXt2xuz3oJpVz2A4dybPRjcRh0c+lpb3o=", + "lastModified": 1694023994, + "narHash": "sha256-EglOSW6M2JJnfMjoRtS2w1DcZzoU6USf+Vuv0MwOQ0w=", "ref": "refs/heads/master", - "rev": "b2cb23479d977e3c1cb65c47ac625174113a0dd4", - "revCount": 246, + "rev": "9b1ee964d8f47f8c2ad97269e4322312af1412eb", + "revCount": 253, "type": "git", "url": "https://git.fudo.org/fudo-public/nexus.git" }, @@ -2786,11 +3269,11 @@ "nix-straight": { "flake": false, "locked": { - "lastModified": 1666982610, - "narHash": "sha256-xjgIrmUsekVTE+MpZb5DMU8DQf9DJ/ZiR0o30L9/XCc=", + "lastModified": 1694361489, + "narHash": "sha256-kjDp+j6OtrmqbtjQB5uuOtjS08+kgJQuxFqhWE1Y9Rw=", "owner": "nix-community", "repo": "nix-straight.el", - "rev": "ad10364d64f472c904115fd38d194efe1c3f1226", + "rev": "748be99b84be0b130e946288099806a0f16d6e57", "type": "github" }, "original": { @@ -2801,15 +3284,52 @@ }, "nixpkgs": { "locked": { - "lastModified": 1637881340, - "narHash": "sha256-/meU5CTm8GnaETZrJa0UqBQvk9T/jKp1+MLIQQ7FTTo=", + "lastModified": 1688322751, + "narHash": "sha256-eW62dC5f33oKZL7VWlomttbUnOTHrAbte9yNUNW8rbk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d460f48ddb884f7270b7f7bfcbf8a7b91140caa5", + "rev": "0fbe93c5a7cac99f90b60bdf5f149383daaa615f", "type": "github" }, "original": { "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "dir": "lib", + "lastModified": 1688049487, + "narHash": "sha256-100g4iaKC9MalDjUW9iN6Jl/OocTDtXdeAj7pEGIRh4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4bc72cae107788bf3f24f30db2e2f685c9298dc9", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib_2": { + "locked": { + "dir": "lib", + "lastModified": 1688049487, + "narHash": "sha256-100g4iaKC9MalDjUW9iN6Jl/OocTDtXdeAj7pEGIRh4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4bc72cae107788bf3f24f30db2e2f685c9298dc9", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -2831,11 +3351,11 @@ }, "nixpkgsUnstable": { "locked": { - "lastModified": 1684754342, - "narHash": "sha256-plGnjnbnPLoZCTdQX21oT7xliQhFtgcWlkuDHgtEb1o=", + "lastModified": 1697059129, + "narHash": "sha256-9NJcFF9CEYPvHJ5ckE8kvINvI84SZZ87PvqMbH6pro0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7084250df3d7f9735087d3234407f3c1fc2400e3", + "rev": "5e4c2ada4fcd54b99d56d7bd62f384511a7e2593", "type": "github" }, "original": { @@ -2846,26 +3366,11 @@ }, "nixpkgs_10": { "locked": { - "lastModified": 1637881340, - "narHash": "sha256-/meU5CTm8GnaETZrJa0UqBQvk9T/jKp1+MLIQQ7FTTo=", + "lastModified": 1677624842, + "narHash": "sha256-4DF9DbDuK4/+KYx0L6XcPBeDHUFVCtzok2fWtwXtb5w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d460f48ddb884f7270b7f7bfcbf8a7b91140caa5", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { - "locked": { - "lastModified": 1672353432, - "narHash": "sha256-oZfgp/44/o2tWiylV30cR+DLyWTJ+5dhsdWZVpzs3e4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "913a47cd064cc06440ea84e5e0452039a85781f0", + "rev": "d70f5cd5c3bef45f7f52698f39e7cc7a89daa7f0", "type": "github" }, "original": { @@ -2874,6 +3379,21 @@ "type": "indirect" } }, + "nixpkgs_11": { + "locked": { + "lastModified": 1673785507, + "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_12": { "locked": { "lastModified": 1673785507, @@ -2891,11 +3411,41 @@ }, "nixpkgs_13": { "locked": { - "lastModified": 1672580127, - "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=", + "lastModified": 1673785507, + "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0874168639713f547c05947c76124f78441ea46c", + "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_14": { + "locked": { + "lastModified": 1693771906, + "narHash": "sha256-32EnPCaVjOiEERZ+o/2Ir7JH9pkfwJZJ27SKHNvt4yk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "da5adce0ffaff10f6d0fee72a02a5ed9d01b52fc", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.05", + "type": "indirect" + } + }, + "nixpkgs_15": { + "locked": { + "lastModified": 1685573264, + "narHash": "sha256-Zffu01pONhs/pqH07cjlF10NnMDLok8ix5Uk4rhOnZQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "380be19fbd2d9079f677978361792cb25e8a3635", "type": "github" }, "original": { @@ -2904,109 +3454,81 @@ "type": "indirect" } }, - "nixpkgs_14": { - "locked": { - "lastModified": 1673785507, - "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_15": { - "locked": { - "lastModified": 1677624842, - "narHash": "sha256-4DF9DbDuK4/+KYx0L6XcPBeDHUFVCtzok2fWtwXtb5w=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d70f5cd5c3bef45f7f52698f39e7cc7a89daa7f0", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-22.11", - "type": "indirect" - } - }, "nixpkgs_16": { "locked": { - "lastModified": 1673785507, - "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", + "lastModified": 1688322751, + "narHash": "sha256-eW62dC5f33oKZL7VWlomttbUnOTHrAbte9yNUNW8rbk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", + "rev": "0fbe93c5a7cac99f90b60bdf5f149383daaa615f", "type": "github" }, "original": { "owner": "NixOS", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_17": { "locked": { - "lastModified": 1678230755, - "narHash": "sha256-SFAXgNjNTXzcAideXcP0takfUGVft/VR5CACmYHg+Fc=", + "lastModified": 1676300157, + "narHash": "sha256-1HjRzfp6LOLfcj/HJHdVKWAkX9QRAouoh6AjzJiIerU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a7cc81913bb3cd1ef05ed0ece048b773e1839e51", + "rev": "545c7a31e5dedea4a6d372712a18e00ce097d462", "type": "github" }, "original": { - "id": "nixpkgs", - "ref": "nixos-22.11", - "type": "indirect" + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs_18": { "locked": { - "lastModified": 1672580127, - "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=", + "lastModified": 1673785507, + "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0874168639713f547c05947c76124f78441ea46c", + "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", "type": "github" }, "original": { - "id": "nixpkgs", - "ref": "nixos-22.05", - "type": "indirect" + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs_19": { "locked": { - "lastModified": 1682600000, - "narHash": "sha256-ha4BehR1dh8EnXSoE1m/wyyYVvHI9txjW4w5/oxsW5Y=", + "lastModified": 1673785507, + "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "50fc86b75d2744e1ab3837ef74b53f103a9b55a0", + "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", "type": "github" }, "original": { - "id": "nixpkgs", - "ref": "nixos-22.05", - "type": "indirect" + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs_2": { "locked": { - "lastModified": 1638196344, - "narHash": "sha256-fkOqSkfOkl8tqxDd+zJU4kAgyLXp/ouaP+U9gpjEZZs=", + "lastModified": 1637881340, + "narHash": "sha256-/meU5CTm8GnaETZrJa0UqBQvk9T/jKp1+MLIQQ7FTTo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2553aee74fed8c2205a4aeb3ffd206ca14ede60f", + "rev": "d460f48ddb884f7270b7f7bfcbf8a7b91140caa5", "type": "github" }, "original": { - "id": "nixpkgs", - "ref": "nixos-21.05", - "type": "indirect" + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs_20": { @@ -3026,16 +3548,16 @@ }, "nixpkgs_21": { "locked": { - "lastModified": 1672580127, - "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=", + "lastModified": 1696983906, + "narHash": "sha256-L7GyeErguS7Pg4h8nK0wGlcUTbfUMDu+HMf1UcyP72k=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0874168639713f547c05947c76124f78441ea46c", + "rev": "bd1cde45c77891214131cbbea5b1203e485a9d51", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-22.05", + "ref": "nixos-23.05", "type": "indirect" } }, @@ -3056,17 +3578,17 @@ }, "nixpkgs_23": { "locked": { - "lastModified": 1677624842, - "narHash": "sha256-4DF9DbDuK4/+KYx0L6XcPBeDHUFVCtzok2fWtwXtb5w=", + "lastModified": 1673785507, + "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d70f5cd5c3bef45f7f52698f39e7cc7a89daa7f0", + "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", "type": "github" }, "original": { - "id": "nixpkgs", - "ref": "nixos-22.11", - "type": "indirect" + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs_24": { @@ -3086,77 +3608,17 @@ }, "nixpkgs_25": { "locked": { - "lastModified": 1678230755, - "narHash": "sha256-SFAXgNjNTXzcAideXcP0takfUGVft/VR5CACmYHg+Fc=", + "lastModified": 1673785507, + "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a7cc81913bb3cd1ef05ed0ece048b773e1839e51", + "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", "type": "github" }, "original": { - "id": "nixpkgs", - "ref": "nixos-22.11", - "type": "indirect" - } - }, - "nixpkgs_26": { - "locked": { - "lastModified": 1672580127, - "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0874168639713f547c05947c76124f78441ea46c", "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-22.05", - "type": "indirect" - } - }, - "nixpkgs_27": { - "locked": { - "lastModified": 1684661732, - "narHash": "sha256-2/Xo/UmUUoMXc0T5tzoUsYjMLLMjEfzRWDAQB0WwtW0=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b0671cbf1e5c443f7fbfd4941ee0f8a151435114", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-22.11", - "type": "indirect" - } - }, - "nixpkgs_28": { - "locked": { - "lastModified": 1672781980, - "narHash": "sha256-L+yqt2szcp+BFiWoMJCisDsNA5OrpYVW1QSbbS5U8RU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "a9eedea7232f5d00f0aca7267efb69a54da1b8a1", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-22.11", - "type": "indirect" - } - }, - "nixpkgs_29": { - "locked": { - "lastModified": 1659446231, - "narHash": "sha256-hekabNdTdgR/iLsgce5TGWmfIDZ86qjPhxDg/8TlzhE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "eabc38219184cc3e04a974fe31857d8e0eac098d", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-21.11", - "type": "indirect" } }, "nixpkgs_3": { @@ -3174,193 +3636,58 @@ "type": "github" } }, - "nixpkgs_30": { - "locked": { - "lastModified": 1673785507, - "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_31": { - "locked": { - "lastModified": 1672580127, - "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "0874168639713f547c05947c76124f78441ea46c", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-22.05", - "type": "indirect" - } - }, - "nixpkgs_32": { - "locked": { - "lastModified": 1673785507, - "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_33": { - "locked": { - "lastModified": 1672580127, - "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "0874168639713f547c05947c76124f78441ea46c", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-22.05", - "type": "indirect" - } - }, - "nixpkgs_34": { - "locked": { - "lastModified": 1673785507, - "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_35": { - "locked": { - "lastModified": 1684580438, - "narHash": "sha256-LUPswmDn6fXP3lEBJFA2Id8PkcYDgzUilevWackYVvQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "7dc71aef32e8faf065cb171700792cf8a65c152d", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-22.11", - "type": "indirect" - } - }, - "nixpkgs_36": { - "locked": { - "lastModified": 1673785507, - "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_37": { - "locked": { - "lastModified": 1672580127, - "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "0874168639713f547c05947c76124f78441ea46c", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-22.05", - "type": "indirect" - } - }, "nixpkgs_4": { "locked": { - "lastModified": 1640653651, - "narHash": "sha256-fByFYXYoE/6TqwKGbT7XBCOAlSsFzOXm4ZsRLoO70m8=", + "lastModified": 1673785507, + "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7bca80140fc7732c7357b26002db3d87b3ba4c61", + "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", "type": "github" }, "original": { - "id": "nixpkgs", - "ref": "nixos-21.05", - "type": "indirect" + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs_5": { "locked": { - "lastModified": 1637881340, - "narHash": "sha256-/meU5CTm8GnaETZrJa0UqBQvk9T/jKp1+MLIQQ7FTTo=", + "lastModified": 1677624842, + "narHash": "sha256-4DF9DbDuK4/+KYx0L6XcPBeDHUFVCtzok2fWtwXtb5w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d460f48ddb884f7270b7f7bfcbf8a7b91140caa5", + "rev": "d70f5cd5c3bef45f7f52698f39e7cc7a89daa7f0", "type": "github" }, "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "type": "github" + "id": "nixpkgs", + "ref": "nixos-22.11", + "type": "indirect" } }, "nixpkgs_6": { "locked": { - "lastModified": 1672353432, - "narHash": "sha256-oZfgp/44/o2tWiylV30cR+DLyWTJ+5dhsdWZVpzs3e4=", + "lastModified": 1673785507, + "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "913a47cd064cc06440ea84e5e0452039a85781f0", + "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", "type": "github" }, "original": { - "id": "nixpkgs", - "ref": "nixos-22.11", - "type": "indirect" + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs_7": { "locked": { - "lastModified": 1637881340, - "narHash": "sha256-/meU5CTm8GnaETZrJa0UqBQvk9T/jKp1+MLIQQ7FTTo=", + "lastModified": 1677624842, + "narHash": "sha256-4DF9DbDuK4/+KYx0L6XcPBeDHUFVCtzok2fWtwXtb5w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d460f48ddb884f7270b7f7bfcbf8a7b91140caa5", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_8": { - "locked": { - "lastModified": 1672353432, - "narHash": "sha256-oZfgp/44/o2tWiylV30cR+DLyWTJ+5dhsdWZVpzs3e4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "913a47cd064cc06440ea84e5e0452039a85781f0", + "rev": "d70f5cd5c3bef45f7f52698f39e7cc7a89daa7f0", "type": "github" }, "original": { @@ -3369,12 +3696,12 @@ "type": "indirect" } }, - "nixpkgs_9": { + "nixpkgs_8": { "locked": { - "lastModified": 1653918726, - "narHash": "sha256-C+BpRKWjuwR4a9R0w5V5AFaQiyDtRPSRec7VJCX1NI4=", - "path": "/nix/store/zdc50x6ibr27smd581yxc8snjdlf1487-source", - "rev": "39945562539b572eb43915992ef82f46a7176364", + "lastModified": 1695559356, + "narHash": "sha256-kXZ1pUoImD9OEbPCwpTz4tHsNTr4CIyIfXb3ocuR8sI=", + "path": "/nix/store/dn5wzc9a8hrpml66i6kz5f3q6dr3jjmk-source", + "rev": "261abe8a44a7e8392598d038d2e01f7b33cf26d0", "type": "path" }, "original": { @@ -3382,6 +3709,21 @@ "type": "indirect" } }, + "nixpkgs_9": { + "locked": { + "lastModified": 1673785507, + "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, "nose": { "flake": false, "locked": { @@ -3405,7 +3747,7 @@ "tattler", "nixpkgs" ], - "utils": "utils_45" + "utils": "utils_44" }, "locked": { "lastModified": 1684784801, @@ -3440,15 +3782,17 @@ "objectifier": { "inputs": { "darknet": "darknet", - "nixpkgs": "nixpkgs_28", - "utils": "utils_33" + "nixpkgs": [ + "nixpkgs" + ], + "utils": "utils_32" }, "locked": { - "lastModified": 1679246727, - "narHash": "sha256-5+fmOgoTABJ6jwoKQrYP898jMdH76yAlbJnAVTu0QIU=", + "lastModified": 1686166350, + "narHash": "sha256-NseJllTLhQLLaifVgPiO5aWJH446/YILGux+I5FOIdU=", "ref": "refs/heads/master", - "rev": "21f897b5c39e4d3d32f5b2595ba7fd9f58923624", - "revCount": 71, + "rev": "671ed746568a1f03e71c13f2498bfb69b8a2aedd", + "revCount": 75, "type": "git", "url": "https://git.fudo.org/fudo-public/objectifier.git" }, @@ -3460,11 +3804,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1683136293, - "narHash": "sha256-PMHNr3Qo62uqO5IUDAfxUoqa4Zvb9y2J76pRYDB/6Y4=", + "lastModified": 1695208951, + "narHash": "sha256-GdkBhWg/bIwnQk4/a/Ief+cFtDcUJEMNqiFYO3A5sus=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "080710797ad25e76c4556d2b03cc0aa5313cd187", + "rev": "266aac1186256aaf3fb1bb1181ee83d548092d12", "type": "github" }, "original": { @@ -3476,11 +3820,11 @@ "org-contrib": { "flake": false, "locked": { - "lastModified": 1675694242, - "narHash": "sha256-4Fn33CTVTCqh5TyVAggSr8Fm8/hB8Xgl+hkxh3WCrI8=", + "lastModified": 1694946041, + "narHash": "sha256-X/HFG6NZe5BY00KvGbcsIuf9R6Lg8x7Uhd0Y5+Q3qZU=", "owner": "emacsmirror", "repo": "org-contrib", - "rev": "fff6c888065588527b1c1d7dd7e41c29ef767e17", + "rev": "5eabbf22bdd4523c922a30787e98ee66c24221aa", "type": "github" }, "original": { @@ -3524,8 +3868,10 @@ "pricebot": { "inputs": { "clj-nix": "clj-nix_10", - "nixpkgs": "nixpkgs_29", - "utils": "utils_34" + "nixpkgs": [ + "nixpkgs" + ], + "utils": "utils_33" }, "locked": { "lastModified": 1661201877, @@ -3544,11 +3890,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1681386605, - "narHash": "sha256-9Q7aWgjAV37iJp6oYDz45e8J+RKwKY1Uvgg/BXwf5nQ=", + "lastModified": 1695108593, + "narHash": "sha256-1Rb3w4Mpzv81pw7FaZHdQULK6+9oZIzeQ6uCD4PvjJM=", "owner": "hakimel", "repo": "reveal.js", - "rev": "0301ce58ab185f7191696e16b1b6389f58df2892", + "rev": "db2523db277bea632c218a7d836f27079a1be7f9", "type": "github" }, "original": { @@ -3559,6 +3905,9 @@ }, "root": { "inputs": { + "arion": "arion", + "authentik-container": "authentik-container", + "authoritative-dns": "authoritative-dns", "chute": "chute", "chuteUnstable": "chuteUnstable", "fudo-entities": "fudo-entities", @@ -3566,8 +3915,13 @@ "fudo-lib": "fudo-lib_2", "fudo-pkgs": "fudo-pkgs_2", "fudo-secrets": "fudo-secrets", + "lemmy-docker": "lemmy-docker", + "mail-server": "mail-server", + "mastodon-container": "mastodon-container", + "matrix-module": "matrix-module", + "nextcloud-container": "nextcloud-container", "nexus": "nexus_2", - "nixpkgs": "nixpkgs_27", + "nixpkgs": "nixpkgs_21", "nixpkgs2111": "nixpkgs2111", "nixpkgsUnstable": "nixpkgsUnstable", "objectifier": "objectifier", @@ -3575,6 +3929,8 @@ "snooper": "snooper", "suanni": "suanni", "tattler": "tattler", + "tesla-mate-container": "tesla-mate-container", + "textfiles": "textfiles", "wallfly": "wallfly" } }, @@ -3597,8 +3953,8 @@ "service-passwords": { "flake": false, "locked": { - "lastModified": 1684298635, - "narHash": "sha256-91ZjXr3/6KAwglWY9yy14LD5tat0gWkQmDscBILrocs=", + "lastModified": 1696023956, + "narHash": "sha256-iDq6nTM69C826hxQPghqN2ZEshqNKDraXYysdy1Rg5s=", "path": "/secrets/service-passwords", "type": "path" }, @@ -3610,8 +3966,8 @@ "service-secrets": { "flake": false, "locked": { - "lastModified": 1684298638, - "narHash": "sha256-+vSD+aI2BUEGFAD5yBcSBZ/Vv9KSQ/KF5WFdId3Qc80=", + "lastModified": 1695507841, + "narHash": "sha256-qrvwisQhc5S89OlJK99QHvwAIo7dNBINHwernAMVURQ=", "path": "/secrets/service-secrets", "type": "path" }, @@ -3620,6 +3976,19 @@ "type": "path" } }, + "site-secrets": { + "flake": false, + "locked": { + "lastModified": 1696448830, + "narHash": "sha256-pQpattmS9VmO3ZIQUFn66az8GSmB4IvYhTTCFn6SUmo=", + "path": "/secrets/site-secrets", + "type": "path" + }, + "original": { + "path": "/secrets/site-secrets", + "type": "path" + } + }, "sln-mode": { "flake": false, "locked": { @@ -3639,8 +4008,10 @@ "snooper": { "inputs": { "helpers": "helpers_10", - "nixpkgs": "nixpkgs_31", - "utils": "utils_37" + "nixpkgs": [ + "nixpkgs" + ], + "utils": "utils_36" }, "locked": { "lastModified": 1684442384, @@ -3659,8 +4030,8 @@ "ssh-keypairs": { "flake": false, "locked": { - "lastModified": 1684298635, - "narHash": "sha256-WhI0zHJxpMvG/tWF4nQKKHh9kQzujmcacqX6RmemdBI=", + "lastModified": 1696031940, + "narHash": "sha256-doC5gBLNiIH0EMwJ+wBfgTHGE+I1ausWhkMX3pqJxNQ=", "path": "/secrets/ssh-keypairs", "type": "path" }, @@ -3672,15 +4043,17 @@ "suanni": { "inputs": { "helpers": "helpers_11", - "nixpkgs": "nixpkgs_33", - "utils": "utils_40" + "nixpkgs": [ + "nixpkgs" + ], + "utils": "utils_39" }, "locked": { - "lastModified": 1682462225, - "narHash": "sha256-6+iGhqY3Xi6/4k0eBxf+56LyAuyVFFyptd9+Pq+dcao=", + "lastModified": 1686169813, + "narHash": "sha256-AewLCha21CASd8tQi8152jlYVSO7jIY/8IXUH6QAb+I=", "ref": "refs/heads/master", - "rev": "f0d8f59cc176243f8238d81f88b8550cfedf47e7", - "revCount": 23, + "rev": "14267d15db000f282932b2efd7adc205bcabda28", + "revCount": 25, "type": "git", "url": "https://git.fudo.org/fudo-public/suanni.git" }, @@ -3704,6 +4077,36 @@ "type": "github" } }, + "systems_10": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_11": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -3764,19 +4167,81 @@ "type": "github" } }, + "systems_6": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_7": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_8": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_9": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tattler": { "inputs": { "helpers": "helpers_12", - "nixpkgs": "nixpkgs_35", + "nixpkgs": [ + "nixpkgs" + ], "notifierClj": "notifierClj", - "utils": "utils_46" + "utils": "utils_45" }, "locked": { - "lastModified": 1684784923, - "narHash": "sha256-0d5r2FG/KuIUFfigMFAqDA615MJU526Kkn1tW7MfVP8=", + "lastModified": 1692829006, + "narHash": "sha256-FZYEkAgOC7D1XBiWpFmX3yP/21GWWBb9vfuxBxL4hTk=", "ref": "refs/heads/master", - "rev": "3787a37197ebbcc95cdb7a8175090000bb56e881", - "revCount": 31, + "rev": "4bef39c96bba3eb47d1a22481d9f6706e76fef18", + "revCount": 32, "type": "git", "url": "https://git.fudo.org/fudo-public/tattler.git" }, @@ -3785,14 +4250,53 @@ "url": "https://git.fudo.org/fudo-public/tattler.git" } }, + "tesla-mate-container": { + "inputs": { + "arion": [ + "arion" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1697147143, + "narHash": "sha256-PkmcfgfGgwDu5MCiwLpUQnRAeNx+e1GmVET34pXuSTo=", + "ref": "refs/heads/master", + "rev": "8ebaa4cae47f1d8beb9aa58690c75b706b215b3e", + "revCount": 17, + "type": "git", + "url": "https://git.fudo.org/fudo-public/tesla-mate-container.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/tesla-mate-container.git" + } + }, + "textfiles": { + "flake": false, + "locked": { + "lastModified": 1687232633, + "narHash": "sha256-PCY0v+j112CGqH2HOpPnwPSdRTFcAvtaVZUg5tXQFhs=", + "ref": "refs/heads/master", + "rev": "00904ac442f43402cbff914ed7499ea5472675c1", + "revCount": 1, + "type": "git", + "url": "https://git.informis.land/informis/textfiles.git" + }, + "original": { + "type": "git", + "url": "https://git.informis.land/informis/textfiles.git" + } + }, "ts-fold": { "flake": false, "locked": { - "lastModified": 1681029086, - "narHash": "sha256-z3eVkAPFI6JYZZ+2XM496zBxwnujTp4Y4KNNfqgUC/E=", + "lastModified": 1695278494, + "narHash": "sha256-O4NcUC1u08W8ZslqoA/i+iTaLotKwheURXQWBxLLMFc=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "5fd2a5afe2112ac23b58ee1b12730fcf16068df3", + "rev": "70b2c79ff4daa7351d4e2917b0343b9a18d4d4f2", "type": "github" }, "original": { @@ -3803,11 +4307,11 @@ }, "unstableNixpkgs": { "locked": { - "lastModified": 1684385584, - "narHash": "sha256-O7y0gK8OLIDqz+LaHJJyeu09IGiXlZIS3+JgEzGmmJA=", + "lastModified": 1693985761, + "narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "48a0fb7aab511df92a17cf239c37f2bd2ec9ae3a", + "rev": "0bffda19b8af722f8069d09d8b6a24594c80b352", "type": "github" }, "original": { @@ -3818,11 +4322,11 @@ }, "unstableNixpkgs_2": { "locked": { - "lastModified": 1684754342, - "narHash": "sha256-plGnjnbnPLoZCTdQX21oT7xliQhFtgcWlkuDHgtEb1o=", + "lastModified": 1693985761, + "narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7084250df3d7f9735087d3234407f3c1fc2400e3", + "rev": "0bffda19b8af722f8069d09d8b6a24594c80b352", "type": "github" }, "original": { @@ -3833,11 +4337,11 @@ }, "unstableNixpkgs_3": { "locked": { - "lastModified": 1683408522, - "narHash": "sha256-9kcPh6Uxo17a3kK3XCHhcWiV1Yu1kYj22RHiymUhMkU=", + "lastModified": 1693985761, + "narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "897876e4c484f1e8f92009fd11b7d988a121a4e7", + "rev": "0bffda19b8af722f8069d09d8b6a24594c80b352", "type": "github" }, "original": { @@ -3863,11 +4367,11 @@ }, "utils_10": { "locked": { - "lastModified": 1637014545, - "narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=", + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", "owner": "numtide", "repo": "flake-utils", - "rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", "type": "github" }, "original": { @@ -3892,21 +4396,6 @@ } }, "utils_12": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_13": { "locked": { "lastModified": 1676283394, "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", @@ -3921,13 +4410,31 @@ "type": "github" } }, - "utils_14": { + "utils_13": { + "inputs": { + "systems": "systems_2" + }, "locked": { - "lastModified": 1678901627, - "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", + "lastModified": 1692799911, + "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", "owner": "numtide", "repo": "flake-utils", - "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", + "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_14": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "type": "github" }, "original": { @@ -3938,11 +4445,11 @@ }, "utils_15": { "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", "type": "github" }, "original": { @@ -3967,21 +4474,6 @@ } }, "utils_17": { - "locked": { - "lastModified": 1676283394, - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_18": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -3996,7 +4488,7 @@ "type": "github" } }, - "utils_19": { + "utils_18": { "locked": { "lastModified": 1676283394, "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", @@ -4011,6 +4503,24 @@ "type": "github" } }, + "utils_19": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1692799911, + "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "utils_2": { "locked": { "lastModified": 1638122382, @@ -4027,12 +4537,15 @@ } }, "utils_20": { + "inputs": { + "systems": "systems_4" + }, "locked": { - "lastModified": 1676283394, - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", + "lastModified": 1692799911, + "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", "owner": "numtide", "repo": "flake-utils", - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", + "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", "type": "github" }, "original": { @@ -4042,12 +4555,15 @@ } }, "utils_21": { + "inputs": { + "systems": "systems_5" + }, "locked": { - "lastModified": 1678901627, - "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "owner": "numtide", "repo": "flake-utils", - "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "type": "github" }, "original": { @@ -4057,15 +4573,12 @@ } }, "utils_22": { - "inputs": { - "systems": "systems_2" - }, "locked": { - "lastModified": 1681202837, - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "owner": "numtide", "repo": "flake-utils", - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "type": "github" }, "original": { @@ -4075,21 +4588,6 @@ } }, "utils_23": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_24": { "locked": { "lastModified": 1676283394, "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", @@ -4104,13 +4602,31 @@ "type": "github" } }, - "utils_25": { + "utils_24": { + "inputs": { + "systems": "systems_6" + }, "locked": { - "lastModified": 1678901627, - "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", + "lastModified": 1692799911, + "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", "owner": "numtide", "repo": "flake-utils", - "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", + "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_25": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "type": "github" }, "original": { @@ -4121,11 +4637,11 @@ }, "utils_26": { "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", "type": "github" }, "original": { @@ -4151,11 +4667,11 @@ }, "utils_28": { "locked": { - "lastModified": 1676283394, - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "owner": "numtide", "repo": "flake-utils", - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "type": "github" }, "original": { @@ -4166,11 +4682,11 @@ }, "utils_29": { "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", "type": "github" }, "original": { @@ -4195,12 +4711,15 @@ } }, "utils_30": { + "inputs": { + "systems": "systems_7" + }, "locked": { - "lastModified": 1676283394, - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", + "lastModified": 1692799911, + "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", "owner": "numtide", "repo": "flake-utils", - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", + "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", "type": "github" }, "original": { @@ -4210,12 +4729,15 @@ } }, "utils_31": { + "inputs": { + "systems": "systems_8" + }, "locked": { - "lastModified": 1676283394, - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", + "lastModified": 1692799911, + "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", "owner": "numtide", "repo": "flake-utils", - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", + "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", "type": "github" }, "original": { @@ -4225,21 +4747,6 @@ } }, "utils_32": { - "locked": { - "lastModified": 1678901627, - "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_33": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -4254,7 +4761,7 @@ "type": "github" } }, - "utils_34": { + "utils_33": { "locked": { "lastModified": 1653893745, "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", @@ -4269,7 +4776,7 @@ "type": "github" } }, - "utils_35": { + "utils_34": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -4284,7 +4791,7 @@ "type": "github" } }, - "utils_36": { + "utils_35": { "locked": { "lastModified": 1676283394, "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", @@ -4299,9 +4806,9 @@ "type": "github" } }, - "utils_37": { + "utils_36": { "inputs": { - "systems": "systems_3" + "systems": "systems_9" }, "locked": { "lastModified": 1681202837, @@ -4317,7 +4824,7 @@ "type": "github" } }, - "utils_38": { + "utils_37": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -4332,7 +4839,7 @@ "type": "github" } }, - "utils_39": { + "utils_38": { "locked": { "lastModified": 1676283394, "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", @@ -4347,6 +4854,21 @@ "type": "github" } }, + "utils_39": { + "locked": { + "lastModified": 1678901627, + "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "utils_4": { "locked": { "lastModified": 1638122382, @@ -4364,11 +4886,11 @@ }, "utils_40": { "locked": { - "lastModified": 1678901627, - "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "owner": "numtide", "repo": "flake-utils", - "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "type": "github" }, "original": { @@ -4379,11 +4901,11 @@ }, "utils_41": { "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", "type": "github" }, "original": { @@ -4393,21 +4915,6 @@ } }, "utils_42": { - "locked": { - "lastModified": 1676283394, - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_43": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -4422,7 +4929,7 @@ "type": "github" } }, - "utils_44": { + "utils_43": { "locked": { "lastModified": 1676283394, "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", @@ -4437,9 +4944,27 @@ "type": "github" } }, + "utils_44": { + "inputs": { + "systems": "systems_10" + }, + "locked": { + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "utils_45": { "inputs": { - "systems": "systems_4" + "systems": "systems_11" }, "locked": { "lastModified": 1681202837, @@ -4456,24 +4981,6 @@ } }, "utils_46": { - "inputs": { - "systems": "systems_5" - }, - "locked": { - "lastModified": 1681202837, - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_47": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -4490,11 +4997,11 @@ }, "utils_5": { "locked": { - "lastModified": 1637014545, - "narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=", + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "owner": "numtide", "repo": "flake-utils", - "rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "type": "github" }, "original": { @@ -4505,11 +5012,11 @@ }, "utils_6": { "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", "type": "github" }, "original": { @@ -4535,11 +5042,11 @@ }, "utils_8": { "locked": { - "lastModified": 1637014545, - "narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=", + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", "owner": "numtide", "repo": "flake-utils", - "rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", "type": "github" }, "original": { @@ -4566,15 +5073,17 @@ "wallfly": { "inputs": { "clj-nix": "clj-nix_15", - "nixpkgs": "nixpkgs_37", - "utils": "utils_47" + "nixpkgs": [ + "nixpkgs" + ], + "utils": "utils_46" }, "locked": { - "lastModified": 1684619964, - "narHash": "sha256-kHgUbBWdvYLgrGF7H4phuR7g6GiWianKgJRsECl60+w=", + "lastModified": 1695759202, + "narHash": "sha256-TQNLGRh4MdwLWixMTkETFa8hejd5HysWmKOw9ucYEiw=", "ref": "refs/heads/master", - "rev": "0a7967727ee86c3590c01d08cd7559bfbfd1c036", - "revCount": 21, + "rev": "a52626e237528a14a926b57ce71810be1efe8f42", + "revCount": 25, "type": "git", "url": "https://git.fudo.org/fudo-public/wallfly.git" }, diff --git a/flake.nix b/flake.nix index ec88c6a..7176b67 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "Fudo Host Configuration"; inputs = { - nixpkgs.url = "nixpkgs/nixos-22.11"; + nixpkgs.url = "nixpkgs/nixos-23.05"; fudo-home = { url = "git+https://git.fudo.org/fudo-nix/home.git"; @@ -22,32 +22,127 @@ fudo-secrets.url = "path:/secrets"; - chute.url = "git+https://git.fudo.org/chute/chute.git?ref=stable"; + chute = { + url = "git+https://git.fudo.org/chute/chute.git?ref=stable"; + inputs.nixpkgs.follows = "nixpkgs"; + }; - chuteUnstable.url = "git+https://git.fudo.org/chute/chute.git?ref=master"; + chuteUnstable = { + url = "git+https://git.fudo.org/chute/chute.git?ref=master"; + inputs.nixpkgs.follows = "nixpkgs"; + }; - pricebot.url = "git+https://git.fudo.org/fudo-public/pricebot.git"; + pricebot = { + url = "git+https://git.fudo.org/fudo-public/pricebot.git"; + inputs.nixpkgs.follows = "nixpkgs"; + }; nixpkgsUnstable.url = "nixpkgs/nixos-unstable"; nixpkgs2111.url = "nixpkgs/nixos-21.11"; - wallfly.url = "git+https://git.fudo.org/fudo-public/wallfly.git"; + wallfly = { + url = "git+https://git.fudo.org/fudo-public/wallfly.git"; + inputs.nixpkgs.follows = "nixpkgs"; + }; - objectifier.url = "git+https://git.fudo.org/fudo-public/objectifier.git"; + objectifier = { + url = "git+https://git.fudo.org/fudo-public/objectifier.git"; + inputs.nixpkgs.follows = "nixpkgs"; + }; - nexus.url = "git+https://git.fudo.org/fudo-public/nexus.git"; + nexus = { + url = "git+https://git.fudo.org/fudo-public/nexus.git"; + inputs.nixpkgs.follows = "nixpkgs"; + }; - suanni.url = "git+https://git.fudo.org/fudo-public/suanni.git"; + suanni = { + url = "git+https://git.fudo.org/fudo-public/suanni.git"; + inputs.nixpkgs.follows = "nixpkgs"; + }; - snooper.url = "git+https://git.fudo.org/fudo-public/snooper.git"; + snooper = { + url = "git+https://git.fudo.org/fudo-public/snooper.git"; + inputs.nixpkgs.follows = "nixpkgs"; + }; - tattler.url = "git+https://git.fudo.org/fudo-public/tattler.git"; + tattler = { + url = "git+https://git.fudo.org/fudo-public/tattler.git"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + arion = { + url = "github:hercules-ci/arion"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + lemmy-docker = { + url = "git+https://git.fudo.org/fudo-public/lemmy-docker.git"; + inputs = { + nixpkgs.follows = "nixpkgs"; + arion.follows = "arion"; + }; + }; + + tesla-mate-container = { + url = "git+https://git.fudo.org/fudo-public/tesla-mate-container.git"; + inputs = { + nixpkgs.follows = "nixpkgs"; + arion.follows = "arion"; + }; + }; + + mastodon-container = { + url = "git+https://git.fudo.org/fudo-public/mastodon-container.git"; + inputs = { + nixpkgs.follows = "nixpkgs"; + arion.follows = "arion"; + }; + }; + + authentik-container = { + url = "git+https://git.fudo.org/fudo-nix/authentik-container.git"; + inputs = { + nixpkgs.follows = "nixpkgs"; + arion.follows = "arion"; + }; + }; + + nextcloud-container = { + url = "git+https://git.fudo.org/fudo-public/nextcloud-container.git"; + inputs = { + nixpkgs.follows = "nixpkgs"; + arion.follows = "arion"; + }; + }; + + matrix-module = { + url = "git+https://git.fudo.org/fudo-public/matrix-module.git"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + mail-server = { + url = "git+https://git.fudo.org/fudo-public/mail-server.git"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + authoritative-dns = { + url = "git+https://git.fudo.org/fudo-public/authoritative-dns.git"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + textfiles = { + url = "git+https://git.informis.land/informis/textfiles.git"; + flake = false; + }; }; outputs = { self, nixpkgs, fudo-home, fudo-lib, fudo-entities, fudo-pkgs , fudo-secrets, chute, chuteUnstable, nixpkgsUnstable, nixpkgs2111, pricebot - , wallfly, objectifier, nexus, suanni, snooper, tattler, ... }@inputs: + , wallfly, objectifier, nexus, suanni, snooper, tattler, lemmy-docker + , tesla-mate-container, mastodon-container, authentik-container + , nextcloud-container, textfiles, matrix-module, mail-server + , authoritative-dns, ... }@inputs: with nixpkgs.lib; let fudo-nixos-hosts = filterAttrs (hostname: hostOpts: hostOpts.nixos-system) @@ -67,8 +162,12 @@ system = arch; config = { allowUnfree = true; - permittedInsecurePackages = - [ "openssh-with-gssapi-8.4p1" "python3.10-certifi-2022.9.24" ]; + permittedInsecurePackages = [ + # Necessary for Kerberos + "openssl-1.1.1w" + "python3.10-requests-2.28.2" + "python3.10-cryptography-40.0.1" + ]; }; overlays = [ fudo-lib.overlay @@ -92,6 +191,7 @@ factorio-headless-experimental = unstable.factorio-headless-experimental; }) + (final: prev: { inherit textfiles; }) ]; }; @@ -118,6 +218,14 @@ suanni.nixosModules.default snooper.nixosModules.default tattler.nixosModules.default + lemmy-docker.nixosModules.default + tesla-mate-container.nixosModules.default + mastodon-container.nixosModules.default + authentik-container.nixosModules.default + nextcloud-container.nixosModules.default + matrix-module.nixosModules.default + mail-server.nixosModules.default + authoritative-dns.nixosModules.default nexus.nixosModules.nexus-client nexus.nixosModules.nexus-server diff --git a/live-disk.nix b/live-disk.nix index 67e04e0..bde8177 100644 --- a/live-disk.nix +++ b/live-disk.nix @@ -2,7 +2,7 @@ with lib; let - nixos-version = "22.05"; + nixos-version = "23.05"; pkgs = import { config = { @@ -10,7 +10,7 @@ let permittedInsecurePackages = [ "openssh-with-gssapi-8.4p1" ]; }; - overlays = [ (import /state/fudo-pkgs/overlay.nix) ]; + overlays = [ (import /net/projects/niten/fudo-pkgs/overlay.nix) ]; }; in { @@ -24,6 +24,7 @@ in { nixpkgs.config.allowUnfree = true; environment.systemPackages = with pkgs; [ + bcachefs btrfs-progs emacs git @@ -38,8 +39,6 @@ in { permitRootLogin = mkDefault "prohibit-password"; }; - nixpkgs.config.permittedInsecurePackages = [ "openssh-with-gssapi-8.4p1" ]; - users = { users = { niten = { diff --git a/live-disk/flake.lock b/live-disk/flake.lock index 4f575ca..82691de 100644 --- a/live-disk/flake.lock +++ b/live-disk/flake.lock @@ -1,18 +1,166 @@ { "nodes": { + "clj-nix": { + "inputs": { + "devshell": "devshell", + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "fudo-home", + "fudo-pkgs", + "helpers", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1677342613, + "narHash": "sha256-BqhKj7jQahSVThEwLHt164kJHGx9LXzBARFZaFNLPW8=", + "owner": "jlesquembre", + "repo": "clj-nix", + "rev": "7d9e244ea96988524ba3bd6c2bbafdf0a5340b96", + "type": "github" + }, + "original": { + "owner": "jlesquembre", + "repo": "clj-nix", + "type": "github" + } + }, + "clj-nix_2": { + "inputs": { + "devshell": "devshell_2", + "flake-utils": "flake-utils_3", + "nixpkgs": [ + "fudo-pkgs", + "helpers", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1677342613, + "narHash": "sha256-BqhKj7jQahSVThEwLHt164kJHGx9LXzBARFZaFNLPW8=", + "owner": "jlesquembre", + "repo": "clj-nix", + "rev": "7d9e244ea96988524ba3bd6c2bbafdf0a5340b96", + "type": "github" + }, + "original": { + "owner": "jlesquembre", + "repo": "clj-nix", + "type": "github" + } + }, + "clj2nix": { + "inputs": { + "flake-compat": "flake-compat_2", + "nixpkgs": "nixpkgs", + "utils": "utils" + }, + "locked": { + "lastModified": 1673786922, + "narHash": "sha256-MrwSNEXpq20/AvMxW49MRbuqf8C2M4Vei3jtZeXYjJk=", + "owner": "hlolli", + "repo": "clj2nix", + "rev": "04b0dfbfc69c6316b8613d061e3fe4619d79cd9f", + "type": "github" + }, + "original": { + "owner": "hlolli", + "repo": "clj2nix", + "type": "github" + } + }, + "clj2nix_2": { + "inputs": { + "flake-compat": "flake-compat_3", + "nixpkgs": "nixpkgs_3", + "utils": "utils_3" + }, + "locked": { + "lastModified": 1673786922, + "narHash": "sha256-MrwSNEXpq20/AvMxW49MRbuqf8C2M4Vei3jtZeXYjJk=", + "owner": "hlolli", + "repo": "clj2nix", + "rev": "04b0dfbfc69c6316b8613d061e3fe4619d79cd9f", + "type": "github" + }, + "original": { + "owner": "hlolli", + "repo": "clj2nix", + "type": "github" + } + }, + "devshell": { + "inputs": { + "flake-utils": [ + "fudo-home", + "fudo-pkgs", + "helpers", + "clj-nix", + "flake-utils" + ], + "nixpkgs": [ + "fudo-home", + "fudo-pkgs", + "helpers", + "clj-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1658746384, + "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=", + "owner": "numtide", + "repo": "devshell", + "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_2": { + "inputs": { + "flake-utils": [ + "fudo-pkgs", + "helpers", + "clj-nix", + "flake-utils" + ], + "nixpkgs": [ + "fudo-pkgs", + "helpers", + "clj-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1658746384, + "narHash": "sha256-CCJcoMOcXyZFrV1ag4XMTpAPjLWb4Anbv+ktXFI1ry0=", + "owner": "numtide", + "repo": "devshell", + "rev": "0ffc7937bb5e8141af03d462b468bd071eb18e1b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "doom-emacs": { "inputs": { "doom-emacs": "doom-emacs_2", "doom-snippets": "doom-snippets", - "emacs-overlay": [ - "fudo-home", - "emacs-overlay" - ], + "emacs-overlay": "emacs-overlay", "emacs-so-long": "emacs-so-long", + "evil-escape": "evil-escape", "evil-markdown": "evil-markdown", "evil-org-mode": "evil-org-mode", "evil-quick-diff": "evil-quick-diff", "explain-pause-mode": "explain-pause-mode", + "flake-compat": "flake-compat", "flake-utils": "flake-utils", "format-all": "format-all", "nix-straight": "nix-straight", @@ -27,14 +175,17 @@ "org-yt": "org-yt", "php-extras": "php-extras", "revealjs": "revealjs", - "rotate-text": "rotate-text" + "rotate-text": "rotate-text", + "sln-mode": "sln-mode", + "ts-fold": "ts-fold", + "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1645751511, - "narHash": "sha256-i3cMaHdaxwfeJEKVgk3Sxx/IRfjwNcThaCMcq4uv9jg=", + "lastModified": 1689075996, + "narHash": "sha256-NwBzz2CHNtT0oDqAGewByQ5OFnAWf+ewHUrK0F44xZk=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "ef434602f6f2a8b469d1b01f9edff4f5b6d7f555", + "rev": "9a5b34d9ba30842eb8f0d7deb08bf03a75930471", "type": "github" }, "original": { @@ -46,49 +197,50 @@ "doom-emacs_2": { "flake": false, "locked": { - "lastModified": 1645634993, - "narHash": "sha256-QeE6aUJxoaqHM28Cpt2rKC817VQvXGuuFUyLzehaC50=", - "owner": "hlissner", - "repo": "doom-emacs", - "rev": "42e5763782fdc1aabb9f2624d468248d6978abe2", + "lastModified": 1662497747, + "narHash": "sha256-4n7E1fqda7cn5/F2jTkOnKw1juG6XMS/FI9gqODL3aU=", + "owner": "doomemacs", + "repo": "doomemacs", + "rev": "3853dff5e11655e858d0bfae64b70cb12ef685ac", "type": "github" }, "original": { - "owner": "hlissner", - "ref": "master", - "repo": "doom-emacs", + "owner": "doomemacs", + "repo": "doomemacs", + "rev": "3853dff5e11655e858d0bfae64b70cb12ef685ac", "type": "github" } }, "doom-snippets": { "flake": false, "locked": { - "lastModified": 1645652740, - "narHash": "sha256-ci5QsTkzmfSd7Pfoe+RActuSOmMY2TvJL7f2giCwNEI=", - "owner": "hlissner", - "repo": "doom-snippets", - "rev": "02aca23fef94fc7a58836fd1812d62e731249fa3", + "lastModified": 1676839496, + "narHash": "sha256-1Ay9zi0u1lycmEeFqIxr0RWH+JvH9BnzgRzkPeWEAYY=", + "owner": "doomemacs", + "repo": "snippets", + "rev": "fe4003014ae00b866f117cb193f711fd9d72fd11", "type": "github" }, "original": { - "owner": "hlissner", - "repo": "doom-snippets", + "owner": "doomemacs", + "repo": "snippets", "type": "github" } }, "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1645953123, - "narHash": "sha256-Be06ikbfQTuRwsU6nxNbMSvSUOzmGzDOLBKXFMekrcA=", + "lastModified": 1676366521, + "narHash": "sha256-i4UAY8t9Au9SJtsgYppa3NHSVf1YkV6yqnNIQd+Km4g=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "058e38892484c1ab517c890b0aaee5d53565a494", + "rev": "c16be6de78ea878aedd0292aa5d4a1ee0a5da501", "type": "github" }, "original": { "owner": "nix-community", "repo": "emacs-overlay", + "rev": "c16be6de78ea878aedd0292aa5d4a1ee0a5da501", "type": "github" } }, @@ -108,6 +260,22 @@ "type": "github" } }, + "evil-escape": { + "flake": false, + "locked": { + "lastModified": 1588439096, + "narHash": "sha256-aB2Ge5o/93B18tPf4fN1c+O46CNh/nOqwLJbox4c8Gw=", + "owner": "hlissner", + "repo": "evil-escape", + "rev": "819f1ee1cf3f69a1ae920e6004f2c0baeebbe077", + "type": "github" + }, + "original": { + "owner": "hlissner", + "repo": "evil-escape", + "type": "github" + } + }, "evil-markdown": { "flake": false, "locked": { @@ -172,13 +340,94 @@ "type": "github" } }, - "flake-utils": { + "flake-compat": { + "flake": false, "locked": { - "lastModified": 1644229661, - "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", "owner": "numtide", "repo": "flake-utils", - "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "locked": { + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "locked": { + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", "type": "github" }, "original": { @@ -212,11 +461,11 @@ ] }, "locked": { - "lastModified": 1646155824, - "narHash": "sha256-cVQ4mQNNblY2MjK4kaoW71wUccUOdczVt2Y3umGEkTw=", - "ref": "master", - "rev": "4799d7704ae703693065c47e1e454e58f5e767f4", - "revCount": 76, + "lastModified": 1693272708, + "narHash": "sha256-qPiQpN5+sq1FgMyyls13DGy1iswMgiWWeCMqYubz8Hk=", + "ref": "refs/heads/master", + "rev": "0e50a76dd616711a3faed0f2a6d6c2945d867846", + "revCount": 158, "type": "git", "url": "https://git.fudo.org/fudo-nix/entities.git" }, @@ -228,8 +477,8 @@ "fudo-home": { "inputs": { "doom-emacs": "doom-emacs", - "emacs-overlay": "emacs-overlay", "fudo-pkgs": "fudo-pkgs", + "gnome-manager": "gnome-manager", "home-manager": "home-manager", "niten-doom-config": "niten-doom-config", "nixpkgs": [ @@ -237,11 +486,11 @@ ] }, "locked": { - "lastModified": 1646777521, - "narHash": "sha256-0WtNjhJ+66l+3l/s4bhqgIfsuROBtD4GJ0B3yJRipxM=", - "ref": "master", - "rev": "e860b7aee67d8f0dabcf95fdfde138722fca1f32", - "revCount": 124, + "lastModified": 1692834519, + "narHash": "sha256-zABQNNH02x6S7mb6upTV9f0yV3bowtp+0tObz6y81VE=", + "ref": "refs/heads/master", + "rev": "9ca54c98417a2cf4ab2428dc12f8f0250215a243", + "revCount": 351, "type": "git", "url": "https://git.fudo.org/fudo-nix/home.git" }, @@ -252,11 +501,11 @@ }, "fudo-lib": { "locked": { - "lastModified": 1641848738, - "narHash": "sha256-9+xyFqyUIzIkNo2HyXxp6Lm9/f0EZqRqkRz52AQoW6Q=", - "ref": "master", - "rev": "63b80fb5dc1e6ad69252a233b7c6a20f649884c6", - "revCount": 59, + "lastModified": 1689529931, + "narHash": "sha256-6oMEsCnh60lp7mEkR6rsSMz6DdJnwtYRY5TK8wWKxWI=", + "ref": "refs/heads/master", + "rev": "4549d51c7bfe02f943f5a3fdf5bb1a021c94ac00", + "revCount": 116, "type": "git", "url": "https://git.fudo.org/fudo-nix/lib.git" }, @@ -267,11 +516,11 @@ }, "fudo-lib_2": { "locked": { - "lastModified": 1646004430, - "narHash": "sha256-LqCS4S+glSf9S+1ym+Ac5Ek4foYLxKL/LKRzFYwREI8=", - "ref": "master", - "rev": "c40aba61335451219bc480f7b4ffccbc61d48d2b", - "revCount": 66, + "lastModified": 1694047703, + "narHash": "sha256-jxVuvnc/VVlOr5qmfRg7DYJ8OslN+oiRofzEwBv4afw=", + "ref": "refs/heads/master", + "rev": "f3312f8fced0146f869b90e8074552ebf756e7d2", + "revCount": 145, "type": "git", "url": "https://git.fudo.org/fudo-nix/lib.git" }, @@ -281,12 +530,16 @@ } }, "fudo-pkgs": { + "inputs": { + "helpers": "helpers", + "unstableNixpkgs": "unstableNixpkgs" + }, "locked": { - "lastModified": 1643841844, - "narHash": "sha256-rmTIL94RQQaFhMHCopmeFUVAoP71nSA6sB46riDq2Ik=", - "ref": "master", - "rev": "7e02ad0e7d9ac42605ed318e9d76364ec1d339ec", - "revCount": 41, + "lastModified": 1692313330, + "narHash": "sha256-Ci4P8bc5xcDx3wu/TcluxAKvkWjCerp/nCcSvsFJL2c=", + "ref": "refs/heads/master", + "rev": "a92f047342be37e5faf074abd53e711c31955cf0", + "revCount": 244, "type": "git", "url": "https://git.fudo.org/fudo-nix/pkgs.git" }, @@ -296,12 +549,16 @@ } }, "fudo-pkgs_2": { + "inputs": { + "helpers": "helpers_2", + "unstableNixpkgs": "unstableNixpkgs_2" + }, "locked": { - "lastModified": 1646862825, - "narHash": "sha256-Zqtx4cJXuMG0dNKgmcJgfy3twLfRSMRqI/UMfl2hbsA=", - "ref": "master", - "rev": "4ee3fb603b5b9d55c51213acbf90a52ce4c08cf1", - "revCount": 49, + "lastModified": 1694205899, + "narHash": "sha256-1ElYd08R3bG/el3KinUOnISSZeV4da5kEYJbLMJbAK0=", + "ref": "refs/heads/master", + "rev": "5d2bd9f5f552db1727c913df82927eac2b0d91cb", + "revCount": 245, "type": "git", "url": "https://git.fudo.org/fudo-nix/pkgs.git" }, @@ -310,6 +567,70 @@ "url": "https://git.fudo.org/fudo-nix/pkgs.git" } }, + "gnome-manager": { + "inputs": { + "home-manager": [ + "fudo-home", + "home-manager" + ] + }, + "locked": { + "lastModified": 1673465156, + "narHash": "sha256-pr6ytEViK59zHUNt4CZWi1zB0MarBbGP1oNNdU7lOSQ=", + "owner": "fudoniten", + "repo": "gnome-manager", + "rev": "0da66d80d12d051846f3a7a29013c29b705e04a6", + "type": "github" + }, + "original": { + "owner": "fudoniten", + "ref": "hm-module", + "repo": "gnome-manager", + "type": "github" + } + }, + "helpers": { + "inputs": { + "clj-nix": "clj-nix", + "clj2nix": "clj2nix", + "nixpkgs": "nixpkgs_2", + "utils": "utils_2" + }, + "locked": { + "lastModified": 1683740681, + "narHash": "sha256-KmOssuvCVsOiSspVzpqW/OdPWMCbRieUUACDQcPs7cI=", + "ref": "refs/heads/master", + "rev": "7930d2d726a4e434d27022ca84ae25cdc833cd72", + "revCount": 33, + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + } + }, + "helpers_2": { + "inputs": { + "clj-nix": "clj-nix_2", + "clj2nix": "clj2nix_2", + "nixpkgs": "nixpkgs_4", + "utils": "utils_4" + }, + "locked": { + "lastModified": 1683740681, + "narHash": "sha256-KmOssuvCVsOiSspVzpqW/OdPWMCbRieUUACDQcPs7cI=", + "ref": "refs/heads/master", + "rev": "7930d2d726a4e434d27022ca84ae25cdc833cd72", + "revCount": 33, + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-public/nix-helpers.git" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -318,16 +639,16 @@ ] }, "locked": { - "lastModified": 1643933536, - "narHash": "sha256-yRmsWAG4DnLxLIUtlaZsl0kH7rN5xSoyNRlf0YZrcH4=", + "lastModified": 1692099905, + "narHash": "sha256-/pSusGhmIdSdAaywQRFA5dVbfdIzlWQTecM+E46+cJ0=", "owner": "nix-community", "repo": "home-manager", - "rev": "2860d7e3bb350f18f7477858f3513f9798896831", + "rev": "2a6679aa9cc3872c29ba2a57fe1b71b3e3c5649f", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-21.11", + "ref": "release-23.05", "repo": "home-manager", "type": "github" } @@ -335,11 +656,11 @@ "niten-doom-config": { "flake": false, "locked": { - "lastModified": 1640017877, - "narHash": "sha256-9twZfDxSjX87NHzuEQXkm1Q037YS98jPQv3Hw4Uktiw=", - "ref": "master", - "rev": "3d990cdf82fc7d5a6c8fd033e8bcf460fb27df1b", - "revCount": 37, + "lastModified": 1684432992, + "narHash": "sha256-ex/H6we7BLjidBxo0n5EZ9YUflLr03sLWdf5YGsF6jU=", + "ref": "refs/heads/master", + "rev": "47773717b06d21004db3dea96f2329f912ef8dd3", + "revCount": 64, "type": "git", "url": "https://git.fudo.org/niten/doom-emacs.git" }, @@ -351,11 +672,11 @@ "nix-straight": { "flake": false, "locked": { - "lastModified": 1643475817, - "narHash": "sha256-NpExq5nbPbj/ppkBX3SnETEJuOne1MKJxen8vVHsDFg=", + "lastModified": 1666982610, + "narHash": "sha256-xjgIrmUsekVTE+MpZb5DMU8DQf9DJ/ZiR0o30L9/XCc=", "owner": "nix-community", "repo": "nix-straight.el", - "rev": "08d75e5651cb52f8a07e03408ed19e04bee07505", + "rev": "ad10364d64f472c904115fd38d194efe1c3f1226", "type": "github" }, "original": { @@ -366,16 +687,76 @@ }, "nixpkgs": { "locked": { - "lastModified": 1645296114, - "narHash": "sha256-y53N7TyIkXsjMpOG7RhvqJFGDacLs9HlyHeSTBioqYU=", + "lastModified": 1673785507, + "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "530a53dcbc9437363471167a5e4762c5fcfa34a1", + "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1677624842, + "narHash": "sha256-4DF9DbDuK4/+KYx0L6XcPBeDHUFVCtzok2fWtwXtb5w=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d70f5cd5c3bef45f7f52698f39e7cc7a89daa7f0", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-21.05", + "ref": "nixos-22.11", + "type": "indirect" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1673785507, + "narHash": "sha256-EPUT8yVdvJhhjhbgnFWXXd4IUPKSOmww2+z4AmOdyPI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d06d765eeac716d8f1ca80f0935fd6fc951816ad", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1677624842, + "narHash": "sha256-4DF9DbDuK4/+KYx0L6XcPBeDHUFVCtzok2fWtwXtb5w=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d70f5cd5c3bef45f7f52698f39e7cc7a89daa7f0", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.11", + "type": "indirect" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1694048570, + "narHash": "sha256-PEQptwFCVaJ+jLFJgrZll2shQ9VI/7xVhrCYkJo8iIw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4f77ea639305f1de0a14d9d41eef83313360638c", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.05", "type": "indirect" } }, @@ -414,11 +795,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1645557265, - "narHash": "sha256-vBOWOOfdUbvpTkqs2Lx+OCPfUdZdzAOdGxzHBSAslmo=", + "lastModified": 1683136293, + "narHash": "sha256-PMHNr3Qo62uqO5IUDAfxUoqa4Zvb9y2J76pRYDB/6Y4=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "282a01f22159b4855071ffd54a9ae6ce681c3690", + "rev": "080710797ad25e76c4556d2b03cc0aa5313cd187", "type": "github" }, "original": { @@ -430,17 +811,17 @@ "org-contrib": { "flake": false, "locked": { - "lastModified": 1639727892, - "narHash": "sha256-+T6Y87aSAx7kMpigm8d1ODDQIyPBM6a+4qGolXjCEXs=", - "ref": "master", - "rev": "5766ff1088191e4df5fecd55007ba4271e609bcc", - "revCount": 2611, - "type": "git", - "url": "https://git.sr.ht/~bzg/org-contrib" + "lastModified": 1675694242, + "narHash": "sha256-4Fn33CTVTCqh5TyVAggSr8Fm8/hB8Xgl+hkxh3WCrI8=", + "owner": "emacsmirror", + "repo": "org-contrib", + "rev": "fff6c888065588527b1c1d7dd7e41c29ef767e17", + "type": "github" }, "original": { - "type": "git", - "url": "https://git.sr.ht/~bzg/org-contrib" + "owner": "emacsmirror", + "repo": "org-contrib", + "type": "github" } }, "org-yt": { @@ -478,11 +859,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1645450091, - "narHash": "sha256-3fM1hKCbuIy8HzBv9JjjZW/RwE1CKeq++delBhbSvys=", + "lastModified": 1681386605, + "narHash": "sha256-9Q7aWgjAV37iJp6oYDz45e8J+RKwKY1Uvgg/BXwf5nQ=", "owner": "hakimel", "repo": "reveal.js", - "rev": "5e12c6aeb7a37acca7ca22c0bd29548f9ff282ea", + "rev": "0301ce58ab185f7191696e16b1b6389f58df2892", "type": "github" }, "original": { @@ -497,7 +878,7 @@ "fudo-home": "fudo-home", "fudo-lib": "fudo-lib_2", "fudo-pkgs": "fudo-pkgs_2", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_5" } }, "rotate-text": { @@ -515,6 +896,159 @@ "repo": "rotate-text.el", "type": "github" } + }, + "sln-mode": { + "flake": false, + "locked": { + "lastModified": 1423727528, + "narHash": "sha256-XqkqPyEJuTtFslOz1fpTf/Klbd/zA7IGpzpmum/MGao=", + "owner": "sensorflo", + "repo": "sln-mode", + "rev": "0f91d1b957c7d2a7bab9278ec57b54d57f1dbd9c", + "type": "github" + }, + "original": { + "owner": "sensorflo", + "repo": "sln-mode", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "ts-fold": { + "flake": false, + "locked": { + "lastModified": 1681029086, + "narHash": "sha256-z3eVkAPFI6JYZZ+2XM496zBxwnujTp4Y4KNNfqgUC/E=", + "owner": "jcs-elpa", + "repo": "ts-fold", + "rev": "5fd2a5afe2112ac23b58ee1b12730fcf16068df3", + "type": "github" + }, + "original": { + "owner": "jcs-elpa", + "repo": "ts-fold", + "type": "github" + } + }, + "unstableNixpkgs": { + "locked": { + "lastModified": 1688500189, + "narHash": "sha256-djYYiY4lzJOlXOnTHytH6BUugrxHDZjuGxTSrU4gt4M=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "78419edadf0fabbe5618643bd850b2f2198ed060", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, + "unstableNixpkgs_2": { + "locked": { + "lastModified": 1693985761, + "narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0bffda19b8af722f8069d09d8b6a24594c80b352", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, + "utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_2": { + "locked": { + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_3": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_4": { + "locked": { + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "ws-butler": { + "flake": false, + "locked": { + "lastModified": 1634511126, + "narHash": "sha256-c0y0ZPtxxICPk+eaNbbQf6t+FRCliNY54CCz9QHQ8ZI=", + "owner": "hlissner", + "repo": "ws-butler", + "rev": "572a10c11b6cb88293de48acbb59a059d36f9ba5", + "type": "github" + }, + "original": { + "owner": "hlissner", + "repo": "ws-butler", + "type": "github" + } } }, "root": "root", diff --git a/live-disk/flake.nix b/live-disk/flake.nix index 1515a67..96e0d9d 100644 --- a/live-disk/flake.nix +++ b/live-disk/flake.nix @@ -2,7 +2,7 @@ description = "Live Disk Flake"; inputs = { - nixpkgs.url = "nixpkgs/nixos-21.05"; + nixpkgs.url = "nixpkgs/nixos-23.05"; fudo-home = { url = "git+https://git.fudo.org/fudo-nix/home.git"; @@ -15,10 +15,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - fudo-lib = { - url = "git+https://git.fudo.org/fudo-nix/lib.git"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + fudo-lib.url = "git+https://git.fudo.org/fudo-nix/lib.git"; fudo-pkgs.url = "git+https://git.fudo.org/fudo-nix/pkgs.git"; }; @@ -30,14 +27,14 @@ pkgs = import nixpkgs { inherit system; config.allowUnfree = true; - overlays = [ fudo-pkgs.overlay ]; + overlays = [ fudo-pkgs.overlays.default ]; }; - in { + in nixpkgs.lib.nixosSystem { inherit system; modules = [ ({ config, ... }: { imports = [ - fudo-home.nixosModule + fudo-home.nixosModules.nonfudo "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" "${nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix" ]; @@ -45,6 +42,8 @@ environment.etc.nixos-live.source = ./.; hardware.enableAllFirmware = true; environment.systemPackages = with pkgs; [ + bcache-tools + bcachefs-tools btrfs-progs emacs git @@ -54,6 +53,14 @@ wget ]; + fudo.home-manager = { + enable-gui = false; + local-domain = "fudo.org"; + users.niten.user-email = "niten@fudo.org"; + }; + + nixpkgs.config.allowUnfree = true; + services.openssh = { enable = true; startWhenNeeded = true; @@ -78,8 +85,6 @@ ssh = { startAgent = true; - package = pkgs.openssh_gssapi; - extraConfig = '' GSSAPIAuthentication yes GSSAPIDelegateCredentials yes @@ -96,10 +101,12 @@ hashedPassword = "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/"; extraGroups = [ "wheel" ]; + uid = 10000; }; root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0=" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILkbTj6x4GmbqcAhs01wBBz+uP7BHbLgFpeUx18zLy7t" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyFFV286npHAsnA1OCprLSZgdx/auUaldnNxB2MFE0iJX7R8ps1M9VkaxXdxIKB8x4PkKRTEkroouu+UmRBfKh3/QebRrKlvrElkc/d7CfIOJmssz4jRGa4t8rQEeB02ccl8Zb5ree2b3d6lbQl1QjyIwsrwpkqqw5znhD7N7fcfxg3PWnqyR2p0sy5CS5g76br6cwpD5Lk8nO0RhKR9mD5vW3kWSORCM+lNshfIilYqDwQtvsj9WcbhDKzgcY25t4tfgsjzOoPq/1+9LRluk2aoqe98QuVov0RANnzrsQhIgs8Ye9C39G8Lvcjusidy3ZSBcBiiq2R0Rvk8eA/gjMkXZ79ASPO8JwoNWum2DVn3ogz6rt+EaoI/yFqqs7d8gSRIjHklQDLXL1/6jH0jnyNxHH0hWJ8Vx41DKAaASObYRCb6eN4gYrrR3c+ZtQe7wQTxouEnZrAjHJG9pZxi39PXvB0TPXzmXxjBwzuFGQdczfLTn5fQtVVYPhv0yAzJk=" ]; }; };