sercanto/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge

Browse source 
540: import ssh_host_ed25519_key r=zowoq a=zowoq



542: switch to mkdocs  r=zowoq a=zowoq



Co-authored-by: zowoq <59103226+zowoq@users.noreply.github.com>
This commit is contained in:
bors[bot] 2023-04-29 04:59:31 +00:00 committed by GitHub
commit 84c3485998
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
17 changed files with 254 additions and 179 deletions

83
README.md
View file

@ -2,87 +2,6 @@
Welcome to the Nix Community infrastructure project. This project holds all the NixOS and Terraform configuration for this organization.
## Services
### `Community builder` - build01.nix-community.org
We provide an x86 build machine as a public remote builder for the nix community, this machine also has an aarch64 machine configured as its own remote builder.
See [here](roles/builder/README.md) for more information.
### `Continuous integration`
We provide x86 and aarch64 linux CI via these systems:
- `Hercules` - https://hercules-ci.com/github/nix-community
- To enable hercules builds go to `https://hercules-ci.com/github/nix-community/$REPO` and click "Build this repository".
- `Hydra` - https://hydra.nix-community.org
- To enable hydra builds add a new project in this [file](terraform/hydra-projects.tf).
### `Cache` - https://nix-community.cachix.org/
All of the above CI builds are pushed to the cache.
Thanks to Cachix for sponsoring our binary cache!
### `Search` - https://search.nix-community.org
Hound code search for NixOS and nix-community GitHub organisations.
### `nix-community.org DNS`
DNS is managed by terraform in this [file](terraform/cloudflare_nix-community_org.tf).
### `ryantm-updater bot`
- Docs: https://ryantm.github.io/nixpkgs-update
- Logs: https://r.ryantm.com/log/
### `nur-update`
## Support
For urgent matters, create an issue here: [New Issue](https://github.com/nix-community/infra/issues/new).
For repo additions, service requests and general conversation about governance and direction of the project, use the [Discussion forum](https://github.com/orgs/nix-community/discussions).
For casual chat, come join us in the [nix-community](https://matrix.to/#/#nix-community:nixos.org) room.
The admins can also be contacted via [admin@nix-community.org](mailto:admin@nix-community.org), email sent to this address will be forwarded to all of the admins.
### nix-community administrators
- [@Mic92](https://github.com/Mic92)
- [@adisbladis](https://github.com/adisbladis)
- [@ryantm](https://github.com/ryantm)
- [@zimbatm](https://github.com/zimbatm)
- [@zowoq](https://github.com/zowoq)
#### Role
The role of the administrators is to support the members of the org, and the Nix project in general.
#### Responsibilities
The administrators are responsible for serving the community to the best of their ability and availability.
They provide services such as:
- keep the systems updated and patched
- reply to user requests
- host new services that could help the project
- on-board new projects
- resolve conflict
The administrators are the only "owners" of the github organization.
#### Quorum of 5 rule
To reduce the attack surface on the project, the administrative team size is limited to 5 people.
## Hosts
You're probably looking for our website [https://nix-community.org](https://nix-community.org).
See [HOSTS.md](HOSTS.md), this file also contains deployment details.

5
build01/secrets.yaml
View file

@ -1,3 +1,4 @@
ssh_host_ed25519_key: ENC[AES256_GCM,data:dDy8vWXdGwJTE8Y/DoOymD9mUXFWi/OkA5fydJ+PxOR1fZAszxVWGtb61mmiVD47guAP1Dt3H5+0V+uAU07SB8T0pCXy7u0/3WhCYRnciEgeq3LmXlH4DuEZGmgn2gyHGPos+bwvn2NCzYwbu0xnG0VtogN0geg1kOSDhnMKcbAKs7cy3KGJoEROAtkVV60ehgLmbL/Zpy8Qi9fW8PTVbZC/5RauFabvc6XpE0D8iKo/jESBrj891+pg2K3sIjXsXhweW+AvAPgcBq591DnaLllbcZ1U5PVMtiCR0oopdcohoreylzWL5F77mHQBRv82RMQ5MJ/kdcJldHSauS4yAKrI3QqwlIBb2KKPJW3sY/eEoeqvMkW1cc6gRp+Gha/FDQmNc9kgOuoru0vfwp82CEFY4TqlhqOd7pqNtFFP6NCbsJNt2ixlbHK/HVm2JC1JKNuAU4sRK4sq/esrzmZsxxZoNY/epplH+CvaoVt+zD7yWPN8rYWXjb33OePsp2u3OQEA1dl9Fl8WIxi1gRy/BCnw2VlSDWd/tqykpJd6cZTcAds=,iv:SAP3WMpYW2U/IRJmUeTlntlkHYrd7d3JD1zB0hJkHnU=,tag:LwVUTelkr8HAyYSY/mGQrA==,type:str]
aarch64_nixos_community: ENC[AES256_GCM,data:NKxnuw29KQqBMNzFV2VjdW9u4w6LVmGZ7bVDdpm+LFtt09kQ+wBGbcA03JVzIJljz7D5TyqCZKD3RUqV20Her2S4eFPp874PgTjhfrbgsqPUWw6gai5Vkuvc8c9SQXtgjqiC/YH0tE5mhb3XbmMBaQ7fKgm2USTxhG1x2aROEf6csqvc7AV5MLHjhiKdR346XzrUusjxgDAz3iTIZ/B2ZHPx0uWkC/25hi2KPWvIL9cWH5CxzLBs1ONhVsv/zMjjk93ElwGrAXSO6SsIiHkPX4n8m95I023AhN06gsjJdQr+ZByht5TINSgXcRIDX6P5/YiRKyx3dJU66gPXxWD3gxz37LZYUlwu3zZOe0paqyuhX2vbKF7SrN8SCtlOCjo9QGXfSeLarriJfUEt4KoklopzNzGIg1+g1hc7IgMeXmueQoXwE6OSeqiTas83LufWiIxWF3phcL7wRhza915Y1nTUvoZ08feBJAXbZSDUBZ0k5sXt9A3Fe0Wqwu9TtezBI5NK,iv:QtukYyk5fX59Wfhua9A++rFXnAS8DEL06xZ5LUlKaLo=,tag:iEfPNa/YMF3J3/fXD4gXxA==,type:str]
sops:
kms: []
@ -50,8 +51,8 @@ sops:
dFZvQmRaaGllN0dlVlJHN0hJcFlCeUkKysyibAXdnxdiFzEmO6vkmGcvF0/caclg
5uu+oe6Hpyy5tt9f+U0Kln7W+6xq66JTV1YxuFcMkFCO+/kFefyzvQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-10-25T12:14:01Z"
mac: ENC[AES256_GCM,data:DEd228eLQ64rkSR+s/KSSK9prArBKlnGK7+b+waOPVr2bwtwFFl8kHDC/hT6euGHpdj1mRF4EkkCV1nWUmMWwFzcoaPLLniX53qELaGY3MmJgkJOnsMfHFotlweiJi9LVztmJjS0wka3Ua/xVB+qETVE2QF8bS7xJ4T02zadenc=,iv:OB0+RoNdBCf5i6/BqyV5gOmgpptwHxmocvX/wojRW1E=,tag:2I8l7ZITTrh1xHx9DctMrw==,type:str]
lastmodified: "2023-04-24T21:58:51Z"
mac: ENC[AES256_GCM,data:F0T6QcjxbH16vH2w1Nq+jAFtCPNYiFkoVsaEBQyl0mP9RDMwo1QzxzXGrmMKydptGecE7mJQ2DHaxOhlMWKsqCGY7LEDmkzm/DCXOs1QoCUuUg0KOc3oRqTXcveyEa8CQQ6DAq+3K2F3Er7pDehh+NjeeQ3lRcsrVN5cZ571ku8=,iv:gO7BzitWqEZ0aRBwFuOl30utGBLdNwU6qoTmgaX+oiM=,tag:cl8O6p6a731dKtzrX1It8Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

5
build02/secrets.yaml
View file

@ -1,3 +1,4 @@
ssh_host_ed25519_key: ENC[AES256_GCM,data:k4bq0nSGQgSUuNctN3Z/FeIFx5iLnj8CKw57C+XJJLpJN9HS8lW9X9COZv11VyWBzgk0zI/sLxNp7vZJhQf6c3ovQtLudt5Zbv0NcbvSWqfYvJ56h+s0u+cwmpMG1RRxFNO8sAVIxhupk0sfFqzp3LuMuNxbEA4PcH/dcFE9NTJjgGFr6RcptTkyUfFc5+UpU/rNfg6Wr49PEve8c5IrY67Dh8VhsUF6jdPg80M4apYOViIyEvaiCeKQBRVqgV2iRyj6CYd026fBLtQtTVKK4lIvGvvnbKRAT2PqHBCjQdiv5c5jWcO0Pn05+kvsf2Gu9QD3fM9rlQCTji5Vv5pFM+PyHonB+feO+uWVe345CuuWZdZ259H1CLv6Xl2ukAzqy8C+2sn5Jf7tGl6kbg9D/O/gBtaYxLsa7HC00+Syt7243zWEakXvMeM83g8LmaU7LRYc95a7ETtIUQsDT1B0porg1Xq85U/OXkkpAsdRwB/Xz5BLzKAzr5ToLBoAfUIQ3Au/c9ZJbihZQZ+yzRNT,iv:wiGEXOQ7W5AVyKxYOwAMOZQVMHJMp59ITuIwjamPZOU=,tag:jvB3SCPdhblgXUVFy5OBWw==,type:str]
github-r-ryantm-key: ENC[AES256_GCM,data:Z6kGGGGLClFWxBu4RpPw3F/QrkLVIgkvLzi5ALUAjD/xUvrKvgylRoJVTBWEK6bVoZePxzXbdzNo7JzDvheRnDx4x/qQNiLjCixObzIqsIAEIqj2orJmNVRks2gLmFOCR3MS++tOV/tb3iRmjRSnzzSCdZE4Fzo/iUXVRZpTcO5ONxwTXd0i9Hlk9D6An0mbJD7cR93eBtWpyZM0LwYN5aEukUW/HYfsHKtqj43OlaaaBylIX3cMQzOT9Gup0uYb3yWVsvfqKC0WekAgakn6V1JM0wUJiO/dPQe6Su7nP5gEAxLXd6J8Y6lRT6KnWsQDf5GaIs5FoCJb3QXu1Pkv61fx5X8rdmKCbggp9cbtIcpGFhKM9vyLZnILdpCGGYLJGhNh/7XQvQLeaLuyi456m/fCm2j1vQ9uhON5caQMeFwNuvnaDErrZtNyTKUDcxgY6gtXIqmd7s2c+o1AQqC+dJf0jy/z2tYFwJrXety80CA4yc/yyvlfRLO+tPfhfsQPTbSMIof8oZhcHZNjPj6IjPpn5NbhWbFvtYbER5fSRhyvvwG5jPNtUnAK+k9OIOHo68tjbm7t8B55nm7Kd7gv3eajNl8V2M7jEidIhaIAW7SWhL0/FiRJWosHAq4p/G+URB1Ll9Ay/hKZ/78+hh4M2UQKT8HnoFleevxWFeMmmZDmk3YTGW5WWogrAQ3bA361/ggQwhs+07Bbl2e0VIMdY/gMvY1ppOuGHvoXhvfIQHLdOlgOMQW5MYBMwleMffrPJpsxGBMgwmXP0CmEwTE3Zg7G7cuNFxhR0z6W27ck06tLbn68P9z9GKh9TLnrbRsQHZVYr1eFt9ewr71vAs5t4iqGr5yzVT7fJRO1BZaifwybEDKRFScCJXEeEEu6l3/eqaq/tTHvJ/0TSl2udMuxzgtpUxx26RPvSJFWB7ACyFpMMJncUVKTxyr2vzP3WNLbqvAjEL1AmGVucHxi7zUfvDPw1gCeAgit8u0xuDH2T6Ws4kF6AuXqo5qC1MmIA8d8T3aw9q9iWj58/PMWC85uYwf3Od8WAD9BK3nb74v4TsthgxaY5JVOspnG1vKDZQKfjzHQk3kvT08sGgs438KFj+58Fe+9vqKNLH2DBizEKF4aJ8drbTBOItn/RFpoDtAdGKByeWjd3+0UDCJ1bI+6JB2PZo1CvpEz7GkjcK7y3vaEOnMyqGOzjnfVmfLQhVX3Vnx6mC1Z54slNlKTKTaeqoWrpqCT78NnC44c/Jqt7r6wuH/jqZt/uBXvENNyEn8kf8qbMcCjEtHZkzMoDuaoPbdlDCzOJbCiTEmyI/zvPC1qMxI2GfjNUSRNZIbKU5d47sgMqHJ40KN9paJZRt6hxLduk0BouzSF3DK1eV1x96Mi+lydOyLt34k/TlZzpVG3P3K/BIjlGQipNw7iRKxxF7QRvJJl6GjiHNIw3krHTvR5PPxBWL2BtQY6kemlenwVvpOfXSKVwTcMzq6V5gDrf2ks9DrzG8TD0zoPu3xw5SMoEq8DjE4MSvriw3jlgkAp9uxfqlksUXCayEqbuJpwa9O43LwwVVJbUFKlA/iWPU0zc4ejIBSyufnePcEZv7yYoPQEZIphPHKumqySND5p0WbmToNqYZgF7sdrxaIc2zh/jucE0TTI3jwn5i1D2RUpxvGOCjtPw29n7j8clRlrRQHK22628eKV1WpO4BI+jDZbNrkjDr43hhOKmJ0HTTkDkRP8CGjBV2qdnBWDKL98ksqfs2aXprtB9B4TrS0unUzHz1WH1R9BrAEOF/WoTKo/TXNc7AiwPxCm+FdGLgWsoMLuzwdq66QmdGAMIbtrzRHq/J1lHubt9ht9xYYJP/JwNuFjFoFOUubw/1ZkdFUrLaN7pN0Ll0ImoU/CudU8ehcwIyXx1dSYT8pcKNXp55Kw7MlydpcZvRVO7PJ0/HWMD+sLfm6OPTIPX/lFLo9NQwe/3xgfM0EJopQi7KFn2xoU0BGqsaSoO1UyOJr6NCDsXih58bPSbv2ho8ffIQxU289h1SjSQbxmVbH3R6sCN0YIJM7YmJ5oaZMJOCFX/Qg2RrtzN0dOp47GZQA+AXRwiccPaiJf+AlBODl0TUJHhqsCNbfp9mSz40wrrtxlXzbpelyzRNqyed8x5vFzEnLXUWGiQX6kh43anHpPO7rJOliWIudUo5R2Mi5sajZv04Og1V4BBcchjoW7ApnpsHOoIYeMtb7TsKxvAakAXrXwG0f1jr2/Wvi3k1/nLb9jv77IIlMqSejmPnkAjDmmDiFXwhu6WWw0tXCa4jQRu6PanpgTCOgt/UhdUpRC+CDM0EnLpkS2+TCspE/X75emx3VRaDo/aFKuF05FVS0U1nnH495ityljx141ztYnRlrzJyGS/Ps9v9NWR6CdTJBw1gOLCb2EwhBgJL6KZutkHir3uQfzRcBdw4O5QZ0VUPeUhMlUwtay6O/33RqAMpQIiLe0f/cRil/Ib3Xa05Gfdm2hLUgBsIl8ceScduMvl7bFnk18SFcWVWYU5CFaDuhsgD9vZE3BYjcCmAyKTqHhFyMZMZEnWE3vu/8u+0VgoUe0B2n4F8/vWSW7AEQ27hTpePNiUpTpI9ZtWUae/ZrBnbRV09SIfceZCrgCce7EtrHiILC5k6/HGsaoYFWT0B/cpBDJ5XnNNkbH8oOFd/yaNDHxcDhERje6Y5H9bRgPaZPt/H0xKBXxIYb6V9JZ4rc4qWaXWlZwyuNpjvwcm4GRTDyIp2Hdof6nBdn7AQrP5O0AXH3P1qqqIxEhx7uy4CNesFkbvt9zCtJQ9Od7kAWXWNp3YTRqKmmHQ00Tq5MYPwO3yybNRl2DiiBaA0a+l0CFNfGIgUwUvioZZ5p9yk+/CkqWuymkgbb+ChvXEZMskkkTJveZNhgNR4iFEHdMjaZhdMNPnfaFKf2rvu8pfAh7BFoWJOYNwkRXqI2eJNkXCVLbOuyez6Rcs0rDeCz5tgEGO5zPTTZg/VFD3p8dV5PyDSz+mIpe9M54I/FX0He4ws++u5AyDnN0CL//1rdZjyaEL2ZAD7l1yhH1WPttjikb9XS+SQ0kyxEnx/HMD0aNcIpVLbubRY/ll4JvkPG1KBKZfrm+cs8iaVTmyHcsfIPwnDOVTiVoHPoBH4Z35ULxVfNGzdw1S/qLuNLHCph+UNIrk/Ck8L27eobVetjzxqtBcdewVAZT7pOm34BKpukUvhe/zzUStUDZoMWdV005eLC76FH0JJyz8TCVrW1y1eHQzX8rMeBZEdoBseQqbU5LlptamZ7rUOJhkC/QLnZW0lSDOj17awQDxAFS5R7cewFo55Pe8XVu0fGZVdXO59biBuFOgtYiMrKoxGondhuiOTggjSQt1HLA7eAgRRrPG6npubPUAgpdwMsqRT6BS47WVL75vRu4TliPVKjElqWN3iQSze4ZwF71zNS775PqjaDXLRPKYMszpNgX7OMPbSb6EAiCQyT6R7gvPOgIVOrERCEF/0Vm7HjNHqTLOfW1M8um7e8gntYokVZtdGew/x2Dmb2PTj58gnYowH00ZrWbOw7DwW3nq0vpcAwB4Yo+H618dThdk3HDd+zOKHBJmoDP70QvNDyD5wDX+GkMTAL8/kfvZs98yvn3T7kw+qIm/pPfNJaigqutEmRFE7CRCewoohzQ0z/Glt0D1kh+OOnULIPrT2Pfq3nDhivJXC3HQZ1PFn9cKNwR/hl0Cslphm2sOwK3gpbba0vNvqXjh3w7TkJ3gTYQa81qiJbRwKvCOlAi3pt+KZalQ/DdG6/DBqVyYKqsJmAj/Y6NVQGpDBBn9uqlZ3G/nRZWaVEDKTdTXh4lPFMKU+o6b3fKsco4Bln4LfqB8BJU8xawTXx1sb6lHAcVZjEoWDU+u9VaGNNtI47jjxev0oeT+oID63xqz19ZY8pkJGSXtTbo/6jEkvSTx/l9v1mfSCytxMV6gney0Cx+QHAta7VHzKymgXcq0N1pt6XVoExLQTOIkPjIg2KUF9JPUg99WCsXZfLtqoinEYUZ/Alq7HOYKOdpjH+huID7Y2vda5Ivk8UuZpIeseQ4yhSoqA45QO+RQxX09xSUBjzLa8f6CJTfci5M0gY5P4QhmEdkYdMq14XG1dE3gK3Qw7FcpOB11GEamki5VT6+f512QH0h2V4dIf8sJFTHCYxHt16mXWv5HkmZAgv2QxchXq40aheKXwtMGmo/Ofi9iyX0qae6/t0XpRaXZiz0EJALZ8LXXfV0B8KUKe2o6RthDrhNXYzB2BZydWjf7yF1GWEc9a4TSTl1AUPAx5ExhayNATF0NMKRvanJVjJXRSZaN8QZnP0EKQycDwTmbHTXNg44oPx1cxGnBTfdSoB4n3XbDjOn8sSfMyllPe3k6dSGtJx3vHnVIjafdWcsRdUnSxu8rGg0HEIEwBkp6MsLbT9OTVYpqO4XoYe6KMaGJeWfAiaPSQTyZZkisblAGzAx5NnM51Rudo8hysu9BXlJtSvxHqXKdIGuF3/3gyZmxqezeHskbi0=,iv:Qg8SdZVOeOA1rHt/CCo1Fj9sqUvq5zhaetboYUIe2co=,tag:UNGFeWqBY46lK6/cEr4/Kg==,type:str]
github-r-ryantm-token: ENC[AES256_GCM,data:X77cQQQDFcUe9VcHZwbhZdyg6wFsAEwRMDaDojWYyHJf4RxWwRm8Vg==,iv:/PxtdHM1eTbRZb0KrjuSSutxBVwmFaSejp62qb+/D10=,tag:K/EH8Rl6CeZcigftKO3hNw==,type:str]
github-token-with-username: ENC[AES256_GCM,data:9k+TaxVIQ6BUASckGTAAdDsSS1OQ7WfF6oUdY8t/24VU5bK3M2Uozbfh6qUtmZFLcA==,iv:4AE/eoXHm1/gd3SdRYY+LyI56YFod8YD7ZKZ6uG840k=,tag:fboN3lX6vKVZHEtaZ+C8Gw==,type:str]
@ -53,8 +54,8 @@ sops:
bnVKS2EyaFZBMUkrMTNVY3E3ckZuancKmVMCfroqIMsOcfLYCnWpMU8kP03zLawz
jb3VKAx8d19yDm9ZIcGMoLmjQlkcB3UGdJc+ZuN9iDi28amaIFmuCw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-08-13T16:01:35Z"
mac: ENC[AES256_GCM,data:0wv2yGprOR7vS0cN6n4/ZjbFaWu89nQsodJD0CnqpVIZ2XpvJX5KkgIhQ3RObDTW1h+zJlfBMApOsBaaUcd8rLhkSIiuZwXV5h317cI5kiE8wEdEAdAmErBUPHnpkR1XYOmvfgojOu8grWJLG9CBtd+QRnYudrNxlCwakHo6zek=,iv:EOLclMgS0L1Y8ZEvanAJ/9w0yDHrnnCd4xn0/RzPUOE=,tag:cK0zBeYE7BggamLI3bE3dw==,type:str]
lastmodified: "2023-04-24T21:59:21Z"
mac: ENC[AES256_GCM,data:EhLarLKw1mwwvrjMaxRS+BkNaACQ/MOexWFvtKFqyvLnRPtnKM6mUTtRwS+/62g3DNmOi9hRzJyeYd3Qg1q5W/ev/c6A6+p2eyBxuqPjmeEiaQEjvT8iWzNhwHXinkte8jD3hvVUXKK7nh9kdTV8DWkI/XTuNPlt7SeX19BVbkk=,iv:X/iDTLTM8vfyLkxPdNPlNds7KCURYlGG9n6i62VhODk=,tag:K1K2WqOsaTUcC1Qk41WyUg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

5
build03/secrets.yaml
View file

@ -1,3 +1,4 @@
ssh_host_ed25519_key: ENC[AES256_GCM,data:FFHBBUVBMU/nqglYgKpzS+H1O/bIc7zBUfOf20TmLxOjz4qCtwfPsKI3h5pUVZtlmZYh8oBHGDENYdGeoJDOrXmDHKuSv96gVeQ+78F0C0JTPHHYuZeWTCXxgIJHuwLTLkuf3Q6ziClnKPaLnHXnKZ+nMgJ9U2ZhJ1TuQuLpCmkybG6jTH7Km3mqDAuBPU1gmIm5VQ3ooDhFTUmC0PmHDvrpKNY4tbtmYrs/8hchVg2jZh7P/ZBmyu0Pzehuijfzal64OEj5WqqgWal/icgMSq785r5FhtbzW44ZtLFDcFBAhoqtCHG9je2+HX7A8W5xCADxNac1FWKFDdJf7nIZmbhRZ6qemoZC4QpaByM1+ZXMZotjnQDlCJ3swWYN7St4zOirm/Hs/k6L3g6SuVwUMSnGaZMGMMd1lcVY9Gfll5CfSqkvGPyYrGpINSzX4UdXZVfM7wLSPvpDl95Y3GeRYVzNp1NCjyeYLIDtshNRYC6mkakBc1Eu89yULU04TAYjdKf+DX4h5buIQu4SWME6OSzPlvfw5CeDNOQVXdmXMs9rong=,iv:+bSiR0HSQzSu5ZWIW7VeLERr+sWcnfx5j6O4ImQdhF8=,tag:KFQwC3giekzexvJfoU22YQ==,type:str]
id_buildfarm: ENC[AES256_GCM,data:18qi8jBCsntp/6mM8iFkpUS+4yQAsaL6JtLBR9fT51XSWLOVgShRpqe6mTZTxvp7WeUA0QxIN5ZwIihk1KmUapTF8O7NIX3ulaustzu30A4Rm//oaS7xwV5GNji7TTTK0dtag6eLYiXqgguZ2aGuabDcn06f7wNzru7BWgJWJRVWi+yAnuTrZzOrhCvQ6uw34WXOa7BYxvXpHrLlIkm1mH54x86kqWpSkIhGoifW5kgx3WLyI6N0OnVISh4Uh6p7qH/UIAtDPrSAjpMsTcS0r9s4gaIClDbWNnq72JOGUmwH11dx1jhujMtaI6lY+i6+JIwSGJFI9+c6Rfl7dIAwY5f61Fv6r7f9O2eN1g4xvzVgTnkU47/yK79ePT4We/OSyxH66eKBmfXb1ds3kq+EF5hnNiWFNETIQIYXvcM9dBTrNwU8CVIrZkDRmvG5/dK3xAibTGYwNZ9fbCuYirE4XspurwFczsH2nchVMBbEYl/LlZYcUh/UgRvEhqjeTVqz9XkcWX5UJfSViaRbNYFZ07B74oPOK9hcdAPs,iv:RKMh8cCfoiU6AmafVtqVizfeamAkuqEU8HxTOppAitA=,tag:gJvEUhGLw+03YxpSCxaAag==,type:str]
hydra-admin-password: ENC[AES256_GCM,data:t0vmchbXXIAzvM2nxm4j16N9W67yWRb439M=,iv:qr/OfyMvTzi6Znw446KtxE2erh3XWi2VTJvVL2Ot2UI=,tag:mS6HlE6nojkemjp4F59+wQ==,type:str]
nur-update-github-token: ENC[AES256_GCM,data:KIZCx9IeuBHZei2V13iiyHzCedhkkGEd08mVJEc6F0DWQn1wtzC7+w==,iv:pNVRj/RR7wj64g640F7Vo4H10ijsxnrfFQnt6YHBug4=,tag:UlvOMNB5JZbuJaD9TcJ2UQ==,type:str]
@ -53,8 +54,8 @@ sops:
eVZGYTA5SElDd2lLS2RUTk9wQlAwekUKfLBi6UPZGB0pY0G/2VMefO8KU6qhpCXc
COpm12JE6h/+dMsFQw75l+x3FPCrGD83qJdYWyM7/v0cQg4SfA+cPg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-02-05T03:30:53Z"
mac: ENC[AES256_GCM,data:7slqHIruEJ6de6Al8Tmnm/Zk0iuxuYyuTbUBvk7L5y1KOoeDwO2gAlCViSlhBPC1h+63tj5nzP+C/SEe5QMzUdNg4GOF89Tsu1Q0M8Llq1Xnt6JDFNG32PNEujZ/3cxpixVTs0VmpacOfWwN4K+qusmW1nQX8tUFtygezSXEqRY=,iv:4Ifgj4ENkVCVsaSL5V9Suhx8f2JvptUByn5sgvzp/50=,tag:qoXUMovToWcjIVoiGe0jgQ==,type:str]
lastmodified: "2023-04-24T21:59:57Z"
mac: ENC[AES256_GCM,data:OlS4htYXpBjYSFR5zsyr7H/cjT0DEsy4OQT3Bj7NkpZVpgS6zZ5s5BlND0wzgvvqwbACUjkiwZsEjIPD4xLfPsMlUm14NjZarBeePGN+/5hGpTjMHxJsboByZtsnOzkOk0eGhSc51tYhWBd1cPRfMJ0hR63eM0BU/8gzyF1onPc=,iv:sI8Nln8lLbpjJAIIRn3eEZjT/cb99VB02pyAzEz/wrI=,tag:6/9zhsaxDdS27m5y9d2z+Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

57
build04/secrets.yaml
View file

@ -0,0 +1,57 @@
ssh_host_ed25519_key: ENC[AES256_GCM,data:C/cTIJ8KipLWdcushEzeb9MoeBwEXQgV6Nichj1xXcc3X0iFaGf5btiWvkGppH7GS35GPk1EHa19SYzjogtaLTb6skiIc2U4j/ssIu57X4kfz1s0LNCYivJsC3Uz0CeR0Idh+EyuVQD5K/IPCsmOBp5RBJOaSO6t+3bfoekfLieRN+biFiB6YB/PiINZm7XktRIaog80Q1mhlt9Ci9uOcGgjbMgDvM38kB9otSd9hi141l+CeZoiimi5WYlBCKxniwmgoNaNJj35Bk0MU/RPp9GyHGilGY+niLRE4/SwGmSv/bray+wmUO8qad32ypzip/ocO49c7MParmkSI0ARGEKic+kZEqZyloPZHX/bSBgb7i2Dq3bKIz1n3RJrJ9Xx+tcvsKZ1G4mybTYhlor3Xx8vRtTBMKf4xC5W8QDBa7hYVDoBD6M/xOpSRxC5Nn7TcbqKn4XLEWNNkXHnaYOhE6bQCvP6Gn2SV1Y8XRP5MapsJoOPR8NDb5/sj1s8i5tKBp9nLXUZSBbVa9CF1DR9xkTCcnDnwV4jRPNjgCICdXRW0IjISjMNgj4xKNyrjiF6,iv:/2g3bTlzgs+SU41czsMkn/WxSjRgmK2j3ION2eh4778=,tag:NUYzuyey2QZu69T9Lo5HuA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1r464z5e2shvnh9ekzapgghevr9wy7spd4d7pt5a89ucdk6kr6yhqzv5gkj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMSVhHQ01sM0pnSHlGZzJH
aDhuSjVXWk5iZEhqYVRJMzdZR3ZGWnV1K21rCk1kYklsSWtKbExIcXN3ODVoSDd0
bitrQTJZN3Y3NWIrS2dZVDBWajdWbXcKLS0tIEppWXMzaEY1cEtwQnhVMUhJeVR0
SDZYdGUyMzB6anpEUVRvNXdhNDkzTk0KBvmQ3s6WkwRgL/Dkhj1jTbHa/uvid1WN
EK3Iyl+dzw/7sJXRk+vfl1FJ9+YonO2PECgmXEMSjT5UPu2UPtbrYA==
-----END AGE ENCRYPTED FILE-----
- recipient: age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBERXgzOU05aERmeXJYd2hy
QmNXSmFoNDM4Mnd5RFVsL0VnVWV0Ly9QeWtvCmR5R0oxQWRydmdNMUdSR1F1NmtW
bVM0K1d4R0VDd1haYm54SnN6SmJyTEkKLS0tIHNmK253Y3REK1kyYytZaHdkSnB3
eWFXblhIUU9FRi9FWDdoYWpYVXl6ZGcKcf8u9AdFmrcTS/agm6KvqnRm1Xxq0NJq
J7qewFywCArrpb/9h4AWVXCxyk2cxu49x3qVeuT9rYvRn0PSRtSYPA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3QXNBeDA3cjc2ZGFWRks3
MkVNV0tMNHp0K2hKYUhiZnBmbjFtTmpTOFh3CjBUREkweWYzb280eUtoOE9MV3ZG
NTlhSDRYRm1nS3NZcVJ6aWkwditoVzQKLS0tIGJRWHBGUmJWVm5veGVUSmhTMVFr
RFczc0hpRXRVVFRhdjhZdkhvVDU5aWcKphaklookZQWZN2f/WwcbMbHJ/pYVaHdK
G1nnIUhY+4yVY5Rfato9UlCTu+ch6VQaor9q8wmqMM5VIoKR3loT4g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5NEpITnJsdTFyRWJHTDh2
RWsyck5MaUdOdW5sY1hoMHRLUkRPZks1YndNCnZiVjlia0R1UUVaampKZTM1K2hV
cWFQclA5YVZscjNPZUJ0YnIyblJIcm8KLS0tIFpDZThlZzA4YU5vYXdQVjBZcE52
MmVmUTU5S0plSkV5QTVIaWl5dlVVMUUKg1hiDYFPF6rr8F+IIjO0E0QoDuJUrkFi
F8S2GVtxgiSqjTIkDHW3I22SFsRNJsEBINLSV+Z8xSPPQn9rP/TcNA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNNzN1MEJwYzNkaTRDMExR
Wk8vVzNkenp4dnp4QWlrMTdEMzArZUpFR1ZjCjFmR0JZYUp3a1RwWlhNRXgwY0hT
aW1RY2YrOGFvMTYwYk10REsxUGF1NEEKLS0tIFMzVTZjN1lGVjM4VmVVQ0hRNU9V
Tm56UGVrRDE5YVM1WG91TGcrdDh5UzgKsGrlTPWXjRvz5KxHTOASX4TMftMGKckP
mnfhHhjjwtKTbbZowmhUm+hFROjPt6GQVxWs4aWWJeEFA19833QQnA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-04-24T22:00:21Z"
mac: ENC[AES256_GCM,data:wYHcsuy8NNABlkPoHalvV8sbbeC0R5Vztp0sCAbPF3rRzoaJp3HN7Ax27xupC1M0wVXgp3VGghxm3RTZG5K8wFoiaziemFeEgDZ0uavW1rqYUMH7gDYoCH6isLOKiqYqIgd3CI1EWqp1OwatHmab2GRDqOeWJEpjJUMGFbo/giI=,iv:7TZEAjTqXMbnLh4nonpJM+DsJ71IkMcoUUjDhZHz5DU=,tag:1un9KAPXupORhfrgoiw8Fw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

62
docs/README.md
View file

@ -1,62 +0,0 @@
<img src="nix-community-logo.svg" width="100" height="100" alt="Nix community">
@nix-community is a GitHub organization that works alongside the @NixOS organization.
The @NixOS organization holds all the mission-critical projects such as Nix, Nixpkgs, NixOps, Hydra, etc.
The @nix-community organization is the community playground. We don't need to be as strict with permissions. The org can host any projects that benefit from a shared ownership. We provide infrastructure and support for those projects as well as visibility.
## Infrastructure
To support our activities we have a little bit of infrastructure in place.
See https://github.com/nix-community/infra for the list of services and configuration.
## FAQ
### How do I get my project included?
Ideally the type of projects that are accepted have some level of maturity and can benefit from a shared ownership. The goal is to have as much projects maintained and not for the org to become a graveyard.
We don't have a strict procedure. For now, ping one of the [nix-community administrators](#nix-community-administrators).
### What are the rules of engagement?
The Nix community is nice. Be nice! Typically this means:
1. Argument on technical details, not the people.
2. Give the benefit of the doubt as much as possible. We all have different lives with different backgrounds.
3. Keep in mind that all the work here is done by volunteers.
4. :)
Nothing is set in stone. Think of these as the guidelines for our interactions.
The maintainer of a project gets admin access to the project they maintain. The maintainer can request that more people be invited into the org so they can join their projects team.
If you see a project that is under-maintained, submit PRs to fix it as if it was your own project. If the PRs don't get merged, ping the [nix-community administrators](#nix-community-administrators).
## Support
For urgent matters, create an issue here: [New Issue](https://github.com/nix-community/infra/issues/new).
For repo additions, service requests and general conversation about governance and direction of the project, use the [Discussion forum](https://github.com/orgs/nix-community/discussions).
For casual chat, come join us in the [nix-community](https://matrix.to/#/#nix-community:nixos.org) room.
## nix-community administrators
If you need to contact the nix-community admins, they are listed [here](https://github.com/nix-community/infra#nix-community-administrators).
## Sponsors
Thanks to all our sponsors.
<!-- prettier-ignore-start -->
|[<img src="https://raw.githubusercontent.com/cachix/docs.cachix.org/master/source/logo.png" width="200" alt="Cachix">](https://cachix.org)|
|:-:|
|Cachix provides us with 1TB of free cache.|
|[<img src="https://raw.githubusercontent.com/Gandi/.github/b1f21a402d9223c672476b41148429f538be5303/logos/black.svg" width="200" alt="Gandi">](https://www.gandi.net/)|
|:-:|
|Gandi provides us with a free domain and a virtual private server.|
<!-- prettier-ignore-end -->

26
docs/_config.yml
View file

@ -1,26 +0,0 @@
theme: jekyll-theme-primer
url: "https://nix-community.org"
title: nix-community
description: ""
# see https://github.com/github/pages-gem/blob/754a725e4766d4329bb1dd0e07c638a045ad2c04/lib/github-pages/plugins.rb#L6-L42
plugins:
- jemoji
- jekyll-avatar
- jekyll-default-layout
- jekyll-feed
- jekyll-mentions
- jekyll-readme-index
- jekyll-sitemap
markdown: CommonMarkGhPages
# see https://github.com/gjtorikian/commonmarker#parse-options
commonmark:
options:
- FOOTNOTES
- SMART
- UNSAFE
extensions:
- autolink
- strikethrough
- table

27
docs/administrators.md Normal file
View file

@ -0,0 +1,27 @@
- [@Mic92](https://github.com/Mic92)
- [@adisbladis](https://github.com/adisbladis)
- [@ryantm](https://github.com/ryantm)
- [@zimbatm](https://github.com/zimbatm)
- [@zowoq](https://github.com/zowoq)
#### Role
The role of the administrators is to support the members of the org, and the Nix project in general.
#### Responsibilities
The administrators are responsible for serving the community to the best of their ability and availability.
They provide services such as:
- keep the systems updated and patched
- reply to user requests
- host new services that could help the project
- on-board new projects
- resolve conflict
The administrators are the only "owners" of the github organization.
#### Quorum of 5 rule
To reduce the attack surface on the project, the administrative team size is limited to 5 people.

4
roles/builder/README.md → docs/community-builder.md
View file

@ -1,6 +1,6 @@
## Community builder
### Access
If you want access read the security guide lines on [aarch64-build-box](https://github.com/nix-community/aarch64-build-box). Than add your username to [`roles/builder/users.nix`](users.nix). Don't keep any important data in your home! We will regularly delete `/home` without further notice.
If you want access read the security guide lines on [aarch64-build-box](https://github.com/nix-community/aarch64-build-box). Than add your username to [`roles/builder/users.nix`](https://github.com/nix-community/infra/blob/master/roles/builder/users.nix). Don't keep any important data in your home! We will regularly delete `/home` without further notice.
### Using your NixOS home-manager configuration on the hosts

7
docs/contact.md Normal file
View file

@ -0,0 +1,7 @@
For urgent matters, create an issue here: [New Issue](https://github.com/nix-community/infra/issues/new).
For repo additions, service requests and general conversation about governance and direction of the project, use the [Discussion forum](https://github.com/orgs/nix-community/discussions).
For casual chat, come join us in the [nix-community](https://matrix.to/#/#nix-community:nixos.org) room.
The admins can also be contacted via [admin@nix-community.org](mailto:admin@nix-community.org), email sent to this address will be forwarded to all of the admins.

20
docs/faq.md Normal file
View file

@ -0,0 +1,20 @@
### How do I get my project included?
Ideally the type of projects that are accepted have some level of maturity and can benefit from a shared ownership. The goal is to have as much projects maintained and not for the org to become a graveyard.
We don't have a strict procedure. For now, ping one of the [nix-community administrators](./administrators.md).
### What are the rules of engagement?
The Nix community is nice. Be nice! Typically this means:
1. Argument on technical details, not the people.
2. Give the benefit of the doubt as much as possible. We all have different lives with different backgrounds.
3. Keep in mind that all the work here is done by volunteers.
4. :)
Nothing is set in stone. Think of these as the guidelines for our interactions.
The maintainer of a project gets admin access to the project they maintain. The maintainer can request that more people be invited into the org so they can join their projects team.
If you see a project that is under-maintained, submit PRs to fix it as if it was your own project. If the PRs don't get merged, ping the [nix-community administrators](./administrators.md).

28
docs/index.md Normal file
View file

@ -0,0 +1,28 @@
[nix-community]: https://github.com/nix-community
[NixOS]: https://github.com/NixOS
<img src="nix-community-logo.svg" width="100" height="100" alt="Nix community">
[@nix-community][nix-community] is a GitHub organization that works alongside the [@NixOS][NixOS] organization.
The [@NixOS][NixOS] organization holds all the mission-critical projects such as Nix, Nixpkgs, NixOps, Hydra, etc.
The [@nix-community][nix-community] organization is the community playground. We don't need to be as strict with permissions. The org can host any projects that benefit from a shared ownership. We provide infrastructure and support for those projects as well as visibility.
## Infrastructure and services
To support our activities we have a little bit of infrastructure in place, see [services](./services.md). The configuration is kept in [nix-community/infra](https://github.com/nix-community/infra).
## Sponsors
Thanks to all our sponsors.
<!-- prettier-ignore-start -->
|[<img src="https://raw.githubusercontent.com/cachix/docs.cachix.org/master/source/logo.png" width="200" alt="Cachix">](https://cachix.org)|
|:-:|
|Cachix provides us with 1TB of free cache.|
|[<img src="https://raw.githubusercontent.com/Gandi/.github/b1f21a402d9223c672476b41148429f538be5303/logos/black.svg" width="200" alt="Gandi">](https://www.gandi.net/)|
|:-:|
|Gandi provides us with a free domain and a virtual private server.|
<!-- prettier-ignore-end -->

46
docs/services.md Normal file
View file

@ -0,0 +1,46 @@
## Community builder
We provide an x86 build machine (`build01.nix-community.org`) as a public remote builder for the nix community, this machine also has an aarch64 machine configured as its own remote builder.
See [here](./community-builder.md) for more information.
## Continuous integration
We provide x86_64 and aarch64 linux CI via these systems:
#### Hercules
[https://hercules-ci.com/github/nix-community](https://hercules-ci.com/github/nix-community)
To enable hercules builds go to `https://hercules-ci.com/github/nix-community/$REPO` and click "Build this repository".
#### Hydra
[https://hydra.nix-community.org](https://hydra.nix-community.org)
To enable hydra builds add a new project in this [file](https://github.com/nix-community/infra/blob/master/terraform/hydra-projects.tf).
## Cache
[https://nix-community.cachix.org/](https://nix-community.cachix.org/)
All of the above CI builds are pushed to the cache.
## Search
[https://search.nix-community.org](https://search.nix-community.org)
Hound code search for NixOS and nix-community GitHub organisations.
## nix-community.org DNS
DNS is managed by terraform in this [file](https://github.com/nix-community/infra/blob/master/terraform/cloudflare_nix-community_org.tf).
## ryantm-updater bot
- Docs: [https://ryantm.github.io/nixpkgs-update](https://ryantm.github.io/nixpkgs-update)
- Logs: [https://r.ryantm.com/log/](https://r.ryantm.com/log/)
## nur-update
[https://github.com/nix-community/nur-update](https://github.com/nix-community/nur-update)

16
flake.nix
View file

@ -62,7 +62,21 @@
./shell.nix
];
perSystem.treefmt.imports = [ ./treefmt.nix ];
hercules-ci.github-pages.branch = "master";
perSystem = { config, pkgs, ... }: {
treefmt.imports = [ ./treefmt.nix ];
packages.pages = pkgs.runCommand "pages"
{
buildInputs = [ pkgs.python3.pkgs.mkdocs-material ];
} ''
cp -r ${pkgs.lib.cleanSource ./.}/* .
mkdocs build --strict --site-dir $out
'';
hercules-ci.github-pages.settings.contents = config.packages.pages;
};
flake.nixosConfigurations =
let

35
mkdocs.yml Normal file
View file

@ -0,0 +1,35 @@
nav:
- Nix Community: index.md
- Services:
- services.md
- community-builder.md
- About:
- FAQ: faq.md
- administrators.md
- contact.md
theme:
name: material
features:
- content.action.edit
- content.code.annotate
- content.tabs.link
- navigation.expand
- navigation.instant
- navigation.tabs
- navigation.tracking
favicon: nix-community-logo.png
logo: nix-community-logo.png
icon:
repo: fontawesome/brands/github
extra:
social:
- icon: fontawesome/brands/github
link: https://github.com/nix-community
site_name: Nix Community
site_url: https://nix-community.org
copyright: Copyright &copy; 2023 Nix community projects
repo_name: "nix-community/infra"
repo_url: https://github.com/nix-community/infra

6
roles/security.nix
View file

@ -25,6 +25,12 @@
};
};
services.openssh = {
hostKeys = [
{ path = "/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; }
];
};
# Ban brute force SSH
services.fail2ban.enable = true;
}

1
shell.nix
View file

@ -14,6 +14,7 @@
]
))
rsync
config.packages.pages.buildInputs
config.treefmt.build.wrapper
];
};