Compare commits

...

43 commits

Author SHA1 Message Date
Fiscal Velvet Poet
7e88a39c6e
trajto(reciproka-web): konverti al floko 2024-10-29 23:41:03 +10:00
Fiscal Velvet Poet
a900b37202
trajto(hollows): komenca transigi 2024-10-29 23:07:33 +10:00
Fiscal Velvet Poet
c963d41c67
feature(hakyll-skeleton): switch to flake 2024-10-29 00:44:14 +10:00
Fiscal Velvet Poet
b52f777884
chore(nixos): bumped to HEAD of 24.05 2024-10-27 23:27:37 +10:00
Fiscal Velvet Poet
3a294f84ff
chore(forgejo): move rego to correct stanza 2024-10-24 23:31:12 +10:00
Fiscal Velvet Poet
d5d3fd21ca
chore(nixos): bumped to HEAD of 24.05 2024-10-21 18:43:21 +10:00
Fiscal Velvet Poet
02be2527e3
chore(nixos): bumped to HEAD of 24.05 2024-10-14 14:42:34 +10:00
Fiscal Velvet Poet
92a664df68
chore(nix): move ragenix module to defaults 2024-10-09 18:16:21 +10:00
Fiscal Velvet Poet
d21da35c5f
chore(nixos): bumped to HEAD of 24.05 2024-10-08 16:14:47 +10:00
Fiscal Velvet Poet
afd8e99472
chore(nixpkgsUnstable): bumped to HEAD of master 2024-10-08 16:13:34 +10:00
Fiscal Velvet Poet
5eec3924c6
chore(nix): bumped to v2.24.6 2024-10-08 16:11:49 +10:00
Fiscal Velvet Poet
503ed02aa2
chore(nixos): bumped to HEAD of 24.05 2024-09-30 17:30:48 +10:00
Fiscal Velvet Poet
d3a90a962c
chore(nixos): bumped to HEAD of 24.05 2024-09-23 09:49:32 +10:00
Fiscal Velvet Poet
af2f1754e5
feature(pi3): set boot configuration limit 2024-09-11 23:57:46 +10:00
Fiscal Velvet Poet
4c96950ca4
chore(nixos): bumped to HEAD of 24.05 2024-09-10 23:32:37 +10:00
Fiscal Velvet Poet
f2c768a6d1
chore(nixos): bumped to HEAD of nixpkgsUnstable 2024-09-03 12:05:53 +10:00
Fiscal Velvet Poet
4a456a108c
chore(nixos): bumped to HEAD of 24.05 2024-09-03 12:03:44 +10:00
Fiscal Velvet Poet
c44133152c
chore(nixos): bumped to HEAD of 24.05 2024-09-03 11:49:09 +10:00
Fiscal Velvet Poet
c0f9d26343
chore(nixos): bumped to HEAD of 24.05 2024-08-12 11:07:16 +10:00
Fiscal Velvet Poet
89f74905cd
chore(nixos): bumped to HEAD of nixpkgsUnstable 2024-08-06 13:14:13 +10:00
Fiscal Velvet Poet
13cf063ca9
nixos: bumped to HEAD of 24.05 2024-08-06 13:06:15 +10:00
Fiscal Velvet Poet
c15ba2bce7
nixos: bumped to HEAD of 24.05 2024-07-29 16:22:01 +10:00
Fiscal Velvet Poet
94b0caeacf
nixos: bumped to HEAD of 24.05 2024-07-22 17:07:26 +10:00
Fiscal Velvet Poet
1310965b48
nixos: bumped to HEAD of 24.05 2024-07-09 20:40:35 +10:00
Fiscal Velvet Poet
8759b9c9f6
feat(nix): adds pred to secrets 2024-07-03 15:07:10 +10:00
Fiscal Velvet Poet
960816cee5
fix(bug): patches CVE-2024-6387
resolves 
2024-07-03 14:53:05 +10:00
Fiscal Velvet Poet
311481deb6
nixpkgsUnstable: bumped to HEAD of nixos-unstable 2024-07-01 09:51:19 +10:00
Fiscal Velvet Poet
de9516cc86
nixos: bumped to HEAD of 24.05 2024-07-01 09:49:26 +10:00
Fiscal Velvet Poet
66746d3257
nixos: bumped to HEAD of 24.05 2024-06-25 12:02:54 +10:00
Fiscal Velvet Poet
eadae376a7
Merge branch 'nixos-24.05' into consensus 2024-06-05 23:08:27 +10:00
Fiscal Velvet Poet
fcabd95e7e
forgejo: updated deprecated psql setting to DEFAULT.APP_NAME 2024-06-05 23:07:10 +10:00
Fiscal Velvet Poet
3662f9f588
forgejo: updated deprecated setting to ensureDBOwnership 2024-06-05 22:14:54 +10:00
Fiscal Velvet Poet
1fb99ab958
pi3: remove deprecated uboot setting 2024-06-05 22:00:46 +10:00
Fiscal Velvet Poet
5fd853e234
nixpkgsUnstable: bumped to HEAD of nixos-unstable 2024-06-05 21:53:37 +10:00
Fiscal Velvet Poet
f20358789f
nixos: bumped to HEAD of 24.05 2024-06-05 21:51:48 +10:00
Fiscal Velvet Poet
6e924f3ba4
nixos: bumped to HEAD of 23.11 2024-05-29 00:29:55 +10:00
Fiscal Velvet Poet
fb5c10f3e1
nixpkgsUnstable: bumped to HEAD of nixos-unstable 2024-05-22 15:14:52 +10:00
Fiscal Velvet Poet
7fbb4f3080
nixos: bumped to HEAD of 23.11 2024-05-22 15:13:24 +10:00
Fiscal Velvet Poet
af8990ec90
nixos: bumped to HEAD of 23.11 2024-04-09 14:24:13 +10:00
Fiscal Velvet Poet
ac83dfc605
nixos: bumped to HEAD of 23.11 2024-04-02 12:41:09 +10:00
Fiscal Velvet Poet
1aa6641b01
nixos: bumped to HEAD of 23.11 2024-03-26 15:31:43 +10:00
Fiscal Velvet Poet
3c306ccda6
nixos: bumped to HEAD of 23.11 2024-03-21 20:49:11 +10:00
Fiscal Velvet Poet
9d6523abf5
pred: initial commit of new host 2024-03-05 23:05:20 +10:00
17 changed files with 1785 additions and 85 deletions

1603
flake.lock generated

File diff suppressed because it is too large Load diff

View file

@ -8,18 +8,16 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
hakyll-skeleton = { hakyll-skeleton = {
flake = false; url = "git+https://reciproka.dev/reciproka/hakyll-skeleton/?ref=consensus";
url = git+https://reciproka.dev/reciproka/hakyll-skeleton/?ref=consensus; inputs.nixpkgs.follows = "nixpkgs";
};
reciproka-web = {
flake = false;
url = git+https://reciproka.dev/reciproka/reciproka-web/?ref=consensus;
}; };
reciproka-web.url = "git+https://reciproka.dev/reciproka/reciproka-web/?ref=consensus";
resrok-web = { resrok-web = {
flake = false; flake = false;
url = git+https://reciproka.dev/resrok/resrok-web/?ref=consensus; url = git+https://reciproka.dev/resrok/resrok-web/?ref=consensus;
}; };
nixpkgs.url = github:NixOS/nixpkgs/?ref=nixos-23.11; nix.url = github:NixOS/nix/?ref=2.24.6;
nixpkgs.url = github:NixOS/nixpkgs/?ref=nixos-24.05;
nixpkgsUnstable.url = github:NixOS/nixpkgs/?ref=nixos-unstable; nixpkgsUnstable.url = github:NixOS/nixpkgs/?ref=nixos-unstable;
utils.url = "github:numtide/flake-utils"; utils.url = "github:numtide/flake-utils";
voc-web = { voc-web = {

View file

@ -0,0 +1,51 @@
# Configuration common to all Reciproka Kolektivo Binary Lane VMs
{
config,
pkgs,
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix") # Import the NixOS Qemu guest settings
../profiles/host_common.nix
../profiles/server_common.nix
];
boot = {
initrd = {
availableKernelModules = ["ata_piix" "sr_mod" "uhci_hcd" "virtio_blk" "virtio_pci"];
};
loader = {
grub = {
enable = true;
device = "/dev/vda";
};
};
};
# File systems configuration for the Linode VMs
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
swapDevices = [
{
device = "/dev/disk/by-label/swap";
}
];
nix.settings.max-jobs = lib.mkDefault 4;
networking = {
domain = "reciproka.co";
useDHCP = lib.mkDefault true;
firewall = {
enable = true;
trustedInterfaces = ["lo"];
};
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

View file

@ -24,6 +24,7 @@
loader = { loader = {
generic-extlinux-compatible = { generic-extlinux-compatible = {
enable = true; # Enables the generation of /boot/extlinux/extlinux.conf enable = true; # Enables the generation of /boot/extlinux/extlinux.conf
configurationLimit = 5;
}; };
grub = { grub = {
enable = false; # NixOS wants to enable GRUB by default. enable = false; # NixOS wants to enable GRUB by default.
@ -31,7 +32,6 @@
raspberryPi = { raspberryPi = {
enable = false; enable = false;
version = 3; version = 3;
uboot.enable = true;
firmwareConfig = '' firmwareConfig = ''
arm_64bit=1 # Force kernel loading system to assume a 64-bit kernel arm_64bit=1 # Force kernel loading system to assume a 64-bit kernel
display_auto_detect=1 # Enable auto detection of screen resolution display_auto_detect=1 # Enable auto detection of screen resolution

View file

@ -15,6 +15,7 @@
}: { }: {
imports = [ imports = [
../../../networks/pi3B_rack.nix ../../../networks/pi3B_rack.nix
../../../profiles/hakyll-skeleton.nix
]; ];
# Comment out deployment when building the SD Image. # Comment out deployment when building the SD Image.

View file

@ -0,0 +1,25 @@
# NixOS configuration for flemming
#
# Andy Flemming, AKA Slackbastard is the psuedonym of an Australian anarchist
# who hosts Yeah Nah Pasaran on radio 3CR and documents fascism and its
# grave diggers in Australia
#
# https://en.wikipedia.org/wiki/Andy_Fleming_(activist)
# https://slackbastard.anarchobase.com/
# https://www.3cr.org.au/yeahnahpasaran
{
config,
pkgs,
lib,
...
}: {
imports = [
../../../networks/pi3B_rack.nix
];
# Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.203";
networking.hostName = "hollows"; # Define your hostname.
system.stateVersion = "22.05"; # The version of NixOS originally installed
}

View file

@ -0,0 +1,33 @@
# NixOS configuration for pred
#
# <predator>, AKA Michael Carlton or just "pred", was an Australian
# anarcho-sydnicalist who helped set up Catalyst, a radical community activist
# tech collective in Sydney, Australia. They went on to provide information
# technology services for a wide range of activist and commmunity based
# organisations around both Sydney and Australia. In the process, knowledge was
# shared, skills were learned and taught - from building and maintaining
# hardware to writing computer code. It was from this original initiative that
# an open-posting model of web publishing was developed for the J18 protest
# that occured worldwide in 1999. The codebase was named 'Active' and went on
# to power the first Indymedia site. As they say, "the rest is history."
#
# Rest in Power, Pred, we miss ya.
#
# https://archive.org/stream/PredTxt/Pred-txt_djvu.txt
# https://indymedia.org.au/2012/04/25/interview-with-pred-predaor-mike-carlton.html
# https://www.youtube.com/watch?v=Cfe3ExZivdQ
{
config,
pkgs,
...
}: {
imports = [
../../../hardware/binaryLane_vm.nix
];
# Comment out deployment when building the SD Image.
deployment.targetHost = "203.57.51.158";
networking.hostName = "pred"; # Define your hostname.
system.stateVersion = "23.11"; # The version of NixOS originally installed
}

View file

@ -13,7 +13,6 @@
}: { }: {
imports = [ imports = [
../../../networks/linode.nix ../../../networks/linode.nix
../../../profiles/hakyll-skeleton.nix
../../../profiles/reciproka-web.nix ../../../profiles/reciproka-web.nix
../../../profiles/reciproka-forgejo.nix ../../../profiles/reciproka-forgejo.nix
../../../profiles/resrok-web.nix ../../../profiles/resrok-web.nix

View file

@ -4,6 +4,7 @@
reciproka-web, reciproka-web,
ragenix, ragenix,
colmena, colmena,
nix,
nixpkgs, nixpkgs,
nixpkgsUnstable, nixpkgsUnstable,
resrok-web, resrok-web,
@ -17,6 +18,7 @@ in {
devShell = devShell =
pkgs.callPackage pkgs.callPackage
./shell.nix { ./shell.nix {
inherit (nix.packages."${pkgs.system}") nix;
inherit (ragenix.packages."${pkgs.system}") ragenix; inherit (ragenix.packages."${pkgs.system}") ragenix;
inherit (colmena.packages."${pkgs.system}") colmena; inherit (colmena.packages."${pkgs.system}") colmena;
inherit (nixpkgsUnstable.legacyPackages."${pkgs.system}") alejandra; inherit (nixpkgsUnstable.legacyPackages."${pkgs.system}") alejandra;
@ -32,16 +34,29 @@ in {
overlays = []; overlays = [];
}; };
}; };
defaults = {pkgs, ...}: {
imports = [
ragenix.nixosModules.default
];
};
flemming = { flemming = {
imports = [ imports = [
./nixos/hosts/flemming ./nixos/hosts/flemming
ragenix.nixosModules.default ];
};
hollows = {
imports = [
./nixos/hosts/hollows
];
};
pred = {
imports = [
./nixos/hosts/pred
]; ];
}; };
toscano = { toscano = {
imports = [ imports = [
./nixos/hosts/toscano/configuration.nix ./nixos/hosts/toscano/configuration.nix
ragenix.nixosModules.default
]; ];
}; };
}; };

View file

@ -6,8 +6,8 @@
... ...
}: let }: let
flake = builtins.getFlake (toString ../.); flake = builtins.getFlake (toString ../.);
hakyll-skeleton = import flake.inputs.hakyll-skeleton {}; hakyll-skeleton = flake.inputs.hakyll-skeleton.packages."${pkgs.system}".default;
webdomain = "skeleton.reciproka.co"; webdomain = "skeleton.reciproka.dev";
in { in {
environment.sessionVariables = { environment.sessionVariables = {
LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";

View file

@ -19,12 +19,12 @@ in {
httpPort = 3002; # Provided unique port httpPort = 3002; # Provided unique port
rootUrl = "https://reciproka.dev/"; # Root web URL rootUrl = "https://reciproka.dev/"; # Root web URL
settings = let settings = let
DEFAULT.APP_NAME = "Reciproka Kolektivo: Forgejo Service"; # Give the site a name
server = { server = {
DOMAIN = "reciproka.dev"; # Domain name DOMAIN = "reciproka.dev"; # Domain name
HTTP_PORT = 3002; # Provided unique port HTTP_PORT = 3002; # Provided unique port
ROOT_URL = "https://reciproka.dev/"; # Root web URL ROOT_URL = "https://reciproka.dev/"; # Root web URL
}; };
service.DISABLE_REGISTRATION = true;
in { in {
mailer = { mailer = {
ENABLED = true; ENABLED = true;
@ -34,6 +34,7 @@ in {
DEFAULT_BRANCH = "consensus"; DEFAULT_BRANCH = "consensus";
}; };
service = { service = {
DISABLE_REGISTRATION = true;
REGISTER_EMAIL_CONFIRM = true; REGISTER_EMAIL_CONFIRM = true;
}; };
"markup.restructuredtext" = { "markup.restructuredtext" = {
@ -73,11 +74,7 @@ in {
ensureUsers = [ ensureUsers = [
{ {
name = "forgejo"; # Ensure the database user persists name = "forgejo"; # Ensure the database user persists
ensurePermissions = { ensureDBOwnership = true;
# Ensure the database permissions persist
"DATABASE forgejo" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
} }
]; ];
package = pkgs.postgresql_16; package = pkgs.postgresql_16;

View file

@ -6,8 +6,8 @@
... ...
}: let }: let
flake = builtins.getFlake (toString ../.); flake = builtins.getFlake (toString ../.);
reciproka-web = import flake.inputs.reciproka-web {}; reciproka-web = flake.inputs.reciproka-web.packages."${pkgs.system}".default;
webdomain = "reciproka.co"; webdomain = "reciproka.net";
in { in {
environment.sessionVariables = { environment.sessionVariables = {
LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
@ -29,6 +29,13 @@ in {
"www.${webdomain}" = { "www.${webdomain}" = {
# Respect our elders :-) # Respect our elders :-)
locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;"; locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;";
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
};
"reciproka.co" = {
locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;";
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
}; };
}; };
}; };
@ -36,10 +43,9 @@ in {
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
certs = { certs = {
"${webdomain}" = { "${webdomain}" = {email = "admin@${webdomain}";};
email = "admin@${webdomain}"; "www.${webdomain}" = {email = "admin@${webdomain}";};
#group = "matrix-synapse"; "reciproka.co" = {email = "admin@${webdomain}";};
};
}; };
}; };

View file

@ -1,16 +1,21 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyBXZGxN YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyBSMUhj
eVRsL3QyT1BPc1dOWmt4Z213czlHV1gwV0JldkRQREZ1YkZtRjNnCm9yMlpSV1dK Zk9XdkxaZkpXYkF3K2lpbkR5dmZYYzJhUi9UanpBVEI1S2IvZXhNCnpyT09mZHNv
R2szbEtnQ2tUOXJzWGMyUk9BQldkbjVCa1RwejJ6U01JdGsKLT4gc3NoLWVkMjU1 YktCcUd5Y2w1bnNNajFjaWl6Um9yWFpUTkFGdjRINnZFRW8KLT4gc3NoLWVkMjU1
MTkgUWQwZXBRIFJ0TmhHZHVqam1wWkFRbUFHSWFEYk9CbzVmWnYwUWtjZ3hsQ3Z5 MTkgUWQwZXBRIHE3RXdLUC82TVNJdHIvU2xnWGF1QktCZGkxbFhsT0dxVDRZZWgy
Y1JYRDgKajR1a3Nnay9SeFlId2ZDTDd6VVNlZXRpY0h3cTh0R3ExUWRRcGovbVl3 aVBUbDQKUkxqdTc5ZlhQaG5OOXhtSVBlR2FCR2c3ZGR2cnFUWnN0WkQxRDRlWlg1
cwotPiBzc2gtZWQyNTUxOSBmNVRoQWcgN3BhVlk2Q0Z4RksvL1dLUmhCZFd1VUNs YwotPiBzc2gtZWQyNTUxOSB1N1ozancgR2pTOVZ5cGpmdzMzT1ZYelAwTTI1TVpG
ZmtqREtpMDAzWkRyMGZML016cwpKKzloVUxLWWcxcjZOQ2czaSt1b1hqTkFrSUc2 QUdlZ0xBZEo4NkpoZlZEVGlFTQpFelJDQ0RKaFFsVlRESERmMWJIQjZJcmh1QzBI
bUJUV2crYUl3TVhQUzBzCi0+IDxSI243aidNLWdyZWFzZSBPIVk1J2QKa3RGampV VFU3QmZGZ2JKcFMyNmJrCi0+IHNzaC1lZDI1NTE5IFpEOGxNdyBYSHdCdXJRTUVI
dlBKMitIV0ltUGhDNFcwK0c5dGFOSHJaRjlRZUppNXJPbmFFZnkwZkZKOHBmMk9P eDFJZHRHY2JhUTRha1JNRFg5c3ppbVo0OGdQSXdPOUdJCjBFSTVpd2JWd2xkTjZx
ZmV2L1NZbzF5Kwo3Vlk5Ci0tLSA3MkZtc2V5QXRBLzg3eTNGZkRTZVo4K1hQbkR5 VDVuMlVHb1Z1aEhYU2kxWkpwV2hJUDZQRzNkckUKLT4gc3NoLWVkMjU1MTkgZjVU
cDUwakRsMjBXWms1U0YwCuls+HqLpYE1XR6thkvMuUi/HALGGLyrzLhgDQp/2fDd aEFnIG1zay9zeUFtd3dkOTJQUFR6S0ZnUm9jbmQ0TkJQU2pJTTYrMmNEaE5KeTAK
qf27fBHxGH+LUVE/AtkcEuYvqRGOV92MFHP42wARbzTHPoT+JEtbJH9pghCRHE8l WXN2OFM2anNYYXF6Wk9rUnFjQzNGSjdhTGFyVDhhd1dORWxRaUpuRG9XUQotPiBe
Zi52BJ+9Erk+AGvDyS02ziP5bstBs2uWt9y143tjuZAPLEcKAeWaPmUzxpj+zd4w d3pXUTxFLWdyZWFzZSBvVT16IFw3Oz02IGQ/ZFVjQS4KVnBKTVc0YzR3SEhaOS80
3/5keHREdbw9xhJiXYYz55K26V/vyqHm9fz5tP32GhN0 bzE1NXMxaHh1QStNaXZ4eGZrbDdrV0k5YW5rQTdKbGJsbzZsRzFLMi9veTAKLS0t
IGdEblEzcTdkcWVFVURycTJsTUl5MHEySUdTRTJub1hMVnJNekMxQTAxTGcKot0G
3I1FgBm5Hw3MkQXfRdX6FgzAAEmH0t+v8R087u7vDbzVFVwVWGm4qQuHTwYNa1Yu
5gcM8LAg9N/ZV6Mc7+OlqKoKTs6S+VhphfbuDPrwJZUJT/OO30MgEdgemZ+JtQoA
O5str1O/0MBTQRyqJglcIjD2rPQcl9cZQupvJeaTOkdoLQ3Pv8aUrZBg3yHg6JX4
N5siGxgv/NfGcpCvkUM=
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

View file

@ -1,12 +1,13 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyB1VGRL YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyBuMjdR
OHRURUVFSjhzMmRmQWI1MnNrMUJDNlVEeHYrTTNQN0syV0xNSHlFCnBLSFNIMUpw ZzN1QTRIend1TWhLSDZzQ0JQUG9tZFdGZUo4QUljV3pnaEdDR1VzCi9PRXFnTDlD
akZZenB4WWNwRWZ1WHh3ZmZURkZDUmR3WVFHMC9QZXZSZTQKLT4gc3NoLWVkMjU1 NFhtYW4reHphUFFqUVBDd2pxY2liOXgwRUlIZzcvZTdWWTAKLT4gc3NoLWVkMjU1
MTkgZjVUaEFnIDIvUmk5NTZ2N29zRTE4MG9NRjk2VEtZbHdMZ3U4bHpVMnFCbHgr MTkgZjVUaEFnIGRvQUFSMzFzVmZLT0Z4SlczNmdicThCYklBbisvcmlzejI4b3Jm
NXlXMUkKcmtkVE4rRnRyWGRDd1RVK2djVlkxRnArQWJSOTJRTEIySjRKZUtvYWtB ZVRTVmsKWDlKTkV6STJaSEVDL0tMVmMvcUt0L3pOS0xXU281bjRXSkJDSXloLzZE
dwotPiBhdi1ncmVhc2UgeFlgICp7MXZ4ClBBVUUzQTVKMDFZMVFUdlRvUE9GaXFv OAotPiBVLWdyZWFzZSBCZTMgM01ZIEd0OWcKdnMvd0FJOEhmQTdTcElld0JsNXdD
clBVUlcvTDhmMVpCWHdjenJpTlIrNlJ6MDJZZTFEWE5QN3Y1dUFFZDMKYWdRaWor bS9hWUtHam1PR0tyTmowck1rVEEzZXc0QjhWNjVNZVU0anRCS1lrMkRtVApQcVdV
Nk1lSzZoZFlGSG1WVTVxTVRJdjlmNFdGK3k2RnMKLS0tIE5Dcmh2THcvWmNCbXVS djJORHppTEFib1VLOC9LbG5OdWhNdEZKWGJyQ3Z6dUFTOEw5WjZsT2E4SDRSSUlK
V3lIbHB6UVlnUm10TjhRMURvbEFVdVhURVM0UGcKQ9Mo+lNHm5eeutxfecchV7Yb aEpWRUNYRlZTdwotLS0geFBJK21QRGZxd3lZRjZRanhDeFRDTTd6T1p2UGhiNXBm
593Y2GZGoxQTzIWXoWZkzPkeDxLOpUk+OTkgnNclDJ9xPXyanTSS NnhaWkptcDFsYwqWryUWy5DtJHpelFVJu9DnS2rUS9JVnjIHCj2MNYrs6f5cxzZP
4+CUjz1Agu+ODFUvsl/ccIvcaS0=
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

View file

@ -1,15 +1,22 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyBaeFBB YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyBsWm9s
cWc4V2pHNU40Q0xMRXgxRVdFZWRRZTh5NDhPNlhDZEd3Tk4zc0c4CmJrSTFoanBw UzB6bzM2VU9IR3Y2MUcrdmtJTk1nM3h0VFV4WFNaaU9pZ0pHMWxBClpiRDZ3VVU1
dG9pYmJIVCs2TzkxazJjV1ptRzlSZkRmU2NGT0dtWkZHR0kKLT4gc3NoLWVkMjU1 VkE5SHhJZXc4RGJOenY3Qzc1eXN6Y1M2d1ZnU1dIbHFvQUUKLT4gc3NoLWVkMjU1
MTkgUWQwZXBRIFdBWmljU0F0U3UrWXEyZnl2MGY5VThxVmE1QkwyMmswRVRFRGFl MTkgUWQwZXBRIGVCZURhelZkTFpoRldaVlZoZzVBenBjbEROUlIrTERnN2VpNmhP
YnpYMDQKekZQOTFQeStBUTNTSW1ibUdHM05YSDBxUFY4dGVhTkpHejUwTklCTUpM dVFNSDQKNXNWNU5iOGRBV3ZMVzdSVXRPSTkvQzJpblVsbERJekM0VHdnbEwyd0tG
YwotPiBzc2gtZWQyNTUxOSBmNVRoQWcgSzAzMGFvVERReU1nRVhvdHdVK0FzajJj VQotPiBzc2gtZWQyNTUxOSB1N1ozancgY2pvTllQbytTbDBZaHlSbVFxa2ZYbmFt
VFZ3aXY1aWl1UW5ReDl4VHBrMApJYm9iRlVQUGNPWlpxcy9MTExhcnZrT0J6UDE0 OTlvYTQrMUcybVdJd2gxb2Jsbwo4RXBLMkdYSFY3aHYxSGZnS0h4S21ablBueFBz
WUtTTUduOFlPNVFZTUs0Ci0+IHhxKC1ncmVhc2UgWl9vNyA7NilCVVshWSBEcEgv L2JFaEhaYWR5VFFNQzhVCi0+IHNzaC1lZDI1NTE5IFpEOGxNdyBDZGNmblJIWGtx
RGBpIGgmWAoxVjVrRHVndzI4MmJhN3EwQVEKLS0tIFJabHFPdmtseWhyaTBjV1o0 QWhEeldzVGZmUWJ6anM4Y2hTT0tpUVNpNDVyRDJRQ240Clk2bmpCVlI4RWduRS80
Zm1LVEJZY0F0NFJuZUk0anhGdTRkVlFOMmcKRtPfpCjUf05Jnow5FU3OvZc3FLGm cVRVWWwycDdtdVpFS25BSDAzOEh5YUcxdW9GclkKLT4gc3NoLWVkMjU1MTkgZjVU
R462mLJoaBg4qhPr7+kxYRrGy2T0yoZLdglOJV4rHwvYWpNglY1o2Jo+I/mG1yAd aEFnIDZBbXVIQVdoaVl6TlZXR1FmeEtwL0hBNWc4c0lvSFlQTzZVc1VJZ09PMXcK
F+afAb9mQVYreWyQuj7t71Vm1VUdQrsG85lFxdbLbS7ZzITCOrjejgoj6wMPwAgl VnhFVVg4eTZiRU1YbUhxUzJrYXRUeWpVVFdOSWpUNHNvUWZCRXd1U3Y3VQotPiBB
iPHgOccOAPoiDQTSOdGEm3H4k8we/HSfpW7cPowwExtQCK7PSs30XeJsg4o= IW9WfGMlLWdyZWFzZQo2WmhadWt6cFZ3S2FONDFIWUFPWWpMOXFRT1d2alNPajVI
aUJrdmVVT1J1OHA3Uy9LMjdadSs4RnhldGNxWGNtCitJSHhKSlhnMzI0UDdtSFBX
T0tuY0NvRkI5Q0F6YkJmSHI3aFlReHJORVNLL1RJMkI5QUt5NllmcGcKLS0tIGFQ
YXpDdDhnR05PaGQ0WEdVd2hMUURnRmtnbDVvWkt0ZDNtaVhxT0ZIbFUKcYbxjmgx
v7X82tsU3fuTUo9l2q3HmHECwKlvyqsXyyJst+/jJgANfE7/tHm0t6Dm4fPgBvdN
0AqTDx1p7PLvfQhMuhD2G9mHGLwcom3xUOI8h6JkMCv+bojWD9RCEB+wsAwfCzVV
pStMrMl6copsy1/E4yXkkm+kBgIMFeGzQvRyZ+UCri0rjzsGFQWEgUgD3fFcNJIq
HCYi0uW970YK2qI=
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

View file

@ -11,8 +11,10 @@ let
users = [fiscalvelvetpoet]; users = [fiscalvelvetpoet];
flemming = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK16f3Fjj0BY9vjtXahezMAP3I329hHEQXCceRTkr+Yu"; flemming = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK16f3Fjj0BY9vjtXahezMAP3I329hHEQXCceRTkr+Yu";
hollows = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGB8EUbqoarM4GmPgE2DBF4z/L6wVNc+lF27Z83XDUz";
pred = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMK5BOK1ldtZ+SV4QxfNm/PfOLOWv3/VHf/JbdMMoMzw";
toscano = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGWcukRkNUQUbgXQle8q9xszDZOnDf3BVpPSFgycJVVE"; toscano = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGWcukRkNUQUbgXQle8q9xszDZOnDf3BVpPSFgycJVVE";
systems = [flemming toscano]; systems = [flemming hollows pred toscano];
in { in {
"root.age".publicKeys = ops ++ systems; "root.age".publicKeys = ops ++ systems;
"fiscalvelvetpoet.age".publicKeys = [fiscalvelvetpoet] ++ systems; "fiscalvelvetpoet.age".publicKeys = [fiscalvelvetpoet] ++ systems;

View file

@ -4,6 +4,7 @@
alejandra, alejandra,
mkShell, mkShell,
colmena, colmena,
nix,
}: }:
with pkgs; with pkgs;
mkShell { mkShell {