sercanto/mio-ops
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Activity

Compare commits

base: sercanto:194467a0a82ebad451a8e8e6759f8a54a6e3f016
Branches Tags
sercanto:consensus
sercanto:colmena
sercanto:flakify
sercanto:nixos-24.05
sercanto:nixos-23.11
sercanto:v2024.10.2
sercanto:v2024.10.1
sercanto:v2024.09.5
sercanto:v2024.09.4
sercanto:v2024.09.3
sercanto:v2024.09.2
sercanto:v2024.09.1
sercanto:v2024.08.3
sercanto:v2024.08.2
sercanto:v2024.08.1
sercanto:v2024.07.5
sercanto:v2024.07.4
sercanto:v2024.07.3
sercanto:v2024.07.2
sercanto:CVE-2024-6387
sercanto:v2024.07.1
sercanto:v2024.06.4
sercanto:v2024.06.3
sercanto:v2024.05.4
sercanto:v2024.05.3
sercanto:v2024.05.2
sercanto:v2024.04.2
sercanto:v2024.04.1
sercanto:v2024.03.4
sercanto:v2024.03.3
sercanto:v2024.03.1
sercanto:v2024.02.4
sercanto:v2024.01.3
sercanto:v2023.12.2
sercanto:v2023.11.4
sercanto:v2023.11.3
sercanto:v2023.11.2
sercanto:v2023.11.1
sercanto:v2023.10.4
sercanto:v2023.10.3
sercanto:v2023.10.2
sercanto:v2023.10.1
sercanto:v2023.09.4
sercanto:v2023.09.3
sercanto:v2023.09.2
sercanto:v2023.09.1
sercanto:v2023.08.4
sercanto:v2023.08.3
sercanto:v2023.08.2
sercanto:v2023.08.1
sercanto:v2023.07.4
sercanto:v2023.05.5
sercanto:v2023.05.4
sercanto:v2023.05.3
sercanto:v2023.05.1
sercanto:v2023.04.4
sercanto:v2023.04.3
sercanto:v2023.04.1
sercanto:v2023.03.4
sercanto:v2023.03.3
sercanto:v2023.03.2
sercanto:v2023.03.1
sercanto:v2023.02.3
sercanto:v2023.01.5
sercanto:v2023.01.4
sercanto:v2023.01.3
sercanto:v2023.01.2
sercanto:v2023.01.1
sercanto:v2022.12.1
sercanto:v2022.11.4
sercanto:v2022.11.3
sercanto:v2022.11.2
sercanto:v2022.11.1
sercanto:v2022.10.5
sercanto:v2022.10.4
sercanto:v2022.10.3
sercanto:v2022.10.2
sercanto:v2022.10.1
sercanto:v2022.09.4
sercanto:v2022.09.3
sercanto:v2022.09.2
sercanto:v2022.09.1
sercanto:v2022.08.4
sercanto:v2022.08.3
...
compare: sercanto:8ff5d308d27900d93fcc3fdcde2c12259f67518e
Branches Tags
sercanto:consensus
sercanto:colmena
sercanto:flakify
sercanto:nixos-24.05
sercanto:nixos-23.11
sercanto:v2024.10.2
sercanto:v2024.10.1
sercanto:v2024.09.5
sercanto:v2024.09.4
sercanto:v2024.09.3
sercanto:v2024.09.2
sercanto:v2024.09.1
sercanto:v2024.08.3
sercanto:v2024.08.2
sercanto:v2024.08.1
sercanto:v2024.07.5
sercanto:v2024.07.4
sercanto:v2024.07.3
sercanto:v2024.07.2
sercanto:CVE-2024-6387
sercanto:v2024.07.1
sercanto:v2024.06.4
sercanto:v2024.06.3
sercanto:v2024.05.4
sercanto:v2024.05.3
sercanto:v2024.05.2
sercanto:v2024.04.2
sercanto:v2024.04.1
sercanto:v2024.03.4
sercanto:v2024.03.3
sercanto:v2024.03.1
sercanto:v2024.02.4
sercanto:v2024.01.3
sercanto:v2023.12.2
sercanto:v2023.11.4
sercanto:v2023.11.3
sercanto:v2023.11.2
sercanto:v2023.11.1
sercanto:v2023.10.4
sercanto:v2023.10.3
sercanto:v2023.10.2
sercanto:v2023.10.1
sercanto:v2023.09.4
sercanto:v2023.09.3
sercanto:v2023.09.2
sercanto:v2023.09.1
sercanto:v2023.08.4
sercanto:v2023.08.3
sercanto:v2023.08.2
sercanto:v2023.08.1
sercanto:v2023.07.4
sercanto:v2023.05.5
sercanto:v2023.05.4
sercanto:v2023.05.3
sercanto:v2023.05.1
sercanto:v2023.04.4
sercanto:v2023.04.3
sercanto:v2023.04.1
sercanto:v2023.03.4
sercanto:v2023.03.3
sercanto:v2023.03.2
sercanto:v2023.03.1
sercanto:v2023.02.3
sercanto:v2023.01.5
sercanto:v2023.01.4
sercanto:v2023.01.3
sercanto:v2023.01.2
sercanto:v2023.01.1
sercanto:v2022.12.1
sercanto:v2022.11.4
sercanto:v2022.11.3
sercanto:v2022.11.2
sercanto:v2022.11.1
sercanto:v2022.10.5
sercanto:v2022.10.4
sercanto:v2022.10.3
sercanto:v2022.10.2
sercanto:v2022.10.1
sercanto:v2022.09.4
sercanto:v2022.09.3
sercanto:v2022.09.2
sercanto:v2022.09.1
sercanto:v2022.08.4
sercanto:v2022.08.3

49 commits
194467a0a8 ... 8ff5d308d2

Author SHA1 Message Date
Serĉanto de Scio 8ff5d308d2
bug(nix): bump to v2.24.6 
Fixes unsafe NAR unpacking
 2024-09-10 22:17:49 +10:00
Serĉanto de Scio 56622900d3
Merge branch 'colmena' into consensus 2024-09-09 18:38:58 +10:00
Serĉanto de Scio f4680c204e
chore(teintidh): add inactive tag 2024-09-09 16:35:08 +10:00
Serĉanto de Scio f74f1e63bf
chore(sithlainnir): add inactive tag 2024-09-09 16:29:08 +10:00
Serĉanto de Scio 3c4e886095
chore(iolear-beag): add active tag 2024-09-09 16:22:26 +10:00
Serĉanto de Scio f221d1c55d
chore(eamhair): add active tag 2024-09-09 16:18:53 +10:00
Serĉanto de Scio ca0c82fc49
chore(doilidh): add active tag 2024-09-09 16:15:51 +10:00
Serĉanto de Scio 86fc97845a
chore(dionach): add active tag 2024-09-09 16:11:27 +10:00
Serĉanto de Scio c05590435e
chore(cuallaidh): add active tag 2024-09-09 16:09:26 +10:00
Serĉanto de Scio 7ecb06ba14
chore(brighde): add active tag 2024-09-09 16:04:52 +10:00
Serĉanto de Scio e23d0389f0
chore(brighde): add active tag 2024-09-09 16:03:15 +10:00
Serĉanto de Scio d669f8be0c
chore(paidh-uachdar): disable temporarily 2024-09-09 15:59:56 +10:00
Serĉanto de Scio d9d4e76455
chore(cuallaidh): disable broken services 2024-09-09 08:16:39 +10:00
Serĉanto de Scio 8b553e632a
chore(ceitidh): move deployment to outputs 
Also add to active tag
 2024-09-09 00:30:13 +10:00
Serĉanto de Scio 982d47bf94
chore(dhu): disable until buld issues are resolved 2024-09-08 23:35:21 +10:00
Serĉanto de Scio bfa192faff
chore(nixos): bumped to HEAD of 24.05 2024-09-08 23:11:01 +10:00
Serĉanto de Scio c3d252eeef
chore(cardano-node): convert to using flake 2024-09-04 15:53:18 +10:00
Serĉanto de Scio 0fa045e932
chore(tt-rss): corrected secrets path 2024-09-04 15:53:18 +10:00
Serĉanto de Scio ab06414f29
chore(nextcloud): corrected secrets path 2024-09-04 15:53:18 +10:00
Serĉanto de Scio 0f04e3b1df
chore(cuallaidh): updated acme email 2024-09-04 15:53:18 +10:00
Serĉanto de Scio 4a87506ee9
chore(matrix): corrected secret path 2024-09-04 15:53:17 +10:00
Serĉanto de Scio 396867141c
chore(iog): use flake input 2024-09-04 15:53:17 +10:00
Serĉanto de Scio 7b6d4cf302
chore(daedalus): use flake binaries 2024-09-04 15:53:17 +10:00
Serĉanto de Scio d6757e875b
chore(daedalus): bumped to v6.0.0 2024-09-04 15:52:43 +10:00
Serĉanto de Scio d83ec40514
chore(nix): corrected ncmpcpp overlay path 2024-09-04 15:52:43 +10:00
Serĉanto de Scio 19dcfd8084
chore(nix): add coturn secrets 2024-09-04 15:52:43 +10:00
Serĉanto de Scio 8570c7ee33
chore(nix): add tt-rss secrets 2024-09-04 15:52:43 +10:00
Serĉanto de Scio 7f89513b6c
chore(nix): add nextcloud age permissions 2024-09-04 15:52:43 +10:00
Serĉanto de Scio b68225b9dd
chore(nix): enable ragenix modules 2024-09-04 15:52:43 +10:00
Serĉanto de Scio c7b8d97603
chore(nix): correct profile paths 2024-09-04 15:52:43 +10:00
Serĉanto de Scio dbf7a334bb
chore(nix): add nextcloud secrets 2024-09-04 15:52:43 +10:00
Serĉanto de Scio df59944d24
chore(nix): add user secrets 2024-09-04 15:52:43 +10:00
Serĉanto de Scio 0eaabffc55
chore(nix): add ragenix 2024-09-04 15:52:43 +10:00
Serĉanto de Scio 6ff9cea34b
chore(nix): updated import paths 2024-09-04 15:52:43 +10:00
Serĉanto de Scio 1b000bd9b7
chore(nix): add colmena 2024-09-04 15:52:43 +10:00
Serĉanto de Scio 88e4b1cb70
nix: remove niv 2024-09-04 15:51:30 +10:00
Serĉanto de Scio ae3b0ddf0f
chore(nix): remove legacy non-flake configuration 2024-09-04 15:45:02 +10:00
Serĉanto de Scio e47519137b
chore(nix): remove nixops.nix 2024-09-04 15:45:02 +10:00
Serĉanto de Scio 4637b58ce8
chore(nix): add nixops 2024-09-04 15:45:02 +10:00
Serĉanto de Scio a51b1efd80
chore(nix): upgrade to v2.24.3 2024-09-04 15:45:01 +10:00
Serĉanto de Scio 59fc07e66f
chore(nixos): bumped to HEAD of 24.05 2024-09-04 15:45:01 +10:00
Serĉanto de Scio 5a97ed348e
iog: converted to flake 2024-09-04 15:45:01 +10:00
Serĉanto de Scio f74670874d
games-kids: converted to flake 2024-09-04 15:44:59 +10:00
Serĉanto de Scio cc6e04210b
server_common: convert to flake 2024-09-04 15:44:18 +10:00
Serĉanto de Scio a782c104bf
cardano-node: converted to flake 2024-09-04 15:44:18 +10:00
Serĉanto de Scio 623bbcca57
daedalus: converted to flake 2024-09-04 15:44:18 +10:00
Serĉanto de Scio 7d2188e298
shell: fixed alejandra 2024-09-04 15:44:18 +10:00
Serĉanto de Scio cda712cdf3
nix: remove niv 2024-09-04 15:44:15 +10:00
Serĉanto de Scio 8b89517325
nix: basic working flake 2024-09-04 15:43:23 +10:00
56 changed files with 8242 additions and 491 deletions
Show stats Expand all files Collapse all files

5
.envrc Normal file
View file

@ -0,0 +1,5 @@
use flake
watch_file flake.nix
# Allow ragenix to find it's configuration
export RULES=$(realpath ./secrets/secrets.nix)

3
.gitignore vendored
View file

@ -1,7 +1,4 @@
*.swp *.swp
.direnv .direnv
.envrc
Deployments/syncserver.nix
examples examples
result result
secrets

23
default.nix
View file

@ -1,23 +0,0 @@
{
sources ? import ./nix/sources.nix,
system ? builtins.currentSystem,
crossSystem ? null,
config ? {},
alejandraUnstable ? (import sources.nixpkgsUnstable {}).alejandra,
cardanoNodeProject ? import sources.cardano-node {},
} @ args:
with import ./nix args; {
shell = mkShell {
inherit (import sources.niv {}) niv;
buildInputs = [
alejandraUnstable # The Uncompromising Nix Code Formatter
cardanoNodeProject.cardano-cli # required for KES key rotation
niv
nixops_unstable_minimal # work around for issue #127423
tea # Gitea official CLI client
treefmt # one CLI to format the code tree
];
NIX_PATH = "nixpkgs=${sources.nixpkgs}";
NIXOPS_DEPLOYMENT = "${globals.deploymentName}";
};
}

7085
flake.lock Normal file
View file

File diff suppressed because it is too large Load diff

20
flake.nix Normal file
View file

@ -0,0 +1,20 @@
{
description = "mio-ops deployment";
inputs = {
cardano-node.url = "github:input-output-hk/cardano-node/?ref=1.35.7";
colmena.url = github:zhaofengli/colmena/?ref=v0.4.0;
daedalus.url = github:input-output-hk/daedalus/?ref=6.0.0;
iohkNix.url = github:input-output-hk/iohk-nix/?ref=df1da282f996ec46b33379407df99613a1fbafdd;
nix.url = github:NixOS/nix/?ref=2.24.6;
nixpkgs.url = github:NixOS/nixpkgs/?ref=nixos-24.05;
nixpkgsUnstable.url = github:NixOS/nixpkgs/?ref=nixos-unstable;
ragenix = {
url = github:yaxitech/ragenix;
inputs.nixpkgs.follows = "nixpkgs";
};
utils.url = "github:numtide/flake-utils";
};
outputs = {...} @ args: import ./outputs.nix args;
}

1
globals-defaults.nix
View file

@ -1 +0,0 @@
{}

11
globals.nix
View file

@ -1,11 +0,0 @@
self: super: {
globals =
import ./globals-defaults.nix
// rec {
deploymentName = "mio-ops";
domain = "mcwhirter.io";
environment = "${deploymentName}";
};
}

8
hosts/airgead.nix → hosts/airgead/default.nix
View file

@ -1,18 +1,16 @@
# NixOps configuration for airgead # NixOps configuration for airgead
{ {
config, config,
inputs,
pkgs, pkgs,
lib, lib,
... ...
}: { }: {
imports = [ imports = [
../networks/linode.nix ../../networks/linode.nix
../profiles/cardano-node.nix ../../profiles/cardano-node.nix
../secrets/airgead.nix
]; ];
deployment.targetHost = "172.105.187.96";
networking.hostName = "airgead"; # Define your hostname. networking.hostName = "airgead"; # Define your hostname.
system.stateVersion = "20.03"; # The version of NixOS originally installed system.stateVersion = "20.03"; # The version of NixOS originally installed

7
hosts/brighde.nix → hosts/brighde/default.nix
View file

@ -5,9 +5,9 @@
... ...
}: { }: {
imports = [ imports = [
../hardware/lenovo_yoga7i.nix ../../hardware/lenovo_yoga7i.nix
../profiles/desktopFiona.nix ../../profiles/desktopFiona.nix
../profiles/desktop_common.nix ../../profiles/desktop_common.nix
]; ];
# Use the UEFI boot loader. # Use the UEFI boot loader.
@ -16,7 +16,6 @@
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
}; };
deployment.targetHost = "10.42.0.124";
networking.hostName = "brighde"; # A poetess, sage, woman of wisdom, healing networking.hostName = "brighde"; # A poetess, sage, woman of wisdom, healing
system.stateVersion = "22.05"; # The version of NixOS originally installed system.stateVersion = "22.05"; # The version of NixOS originally installed

2
hosts/ceilidh.nix → hosts/ceilidh/default.nix
View file

@ -5,7 +5,7 @@
lib, lib,
... ...
}: { }: {
imports = [../hardware/raspberry_pi_4_model_B.nix]; imports = [../../hardware/raspberry_pi_4_model_B.nix];
# Comment out deployment when building the SD Image. # Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.108"; deployment.targetHost = "10.42.0.108";

6
hosts/ceitidh.nix → hosts/ceitidh/default.nix
View file

@ -6,12 +6,10 @@
... ...
}: { }: {
imports = [ imports = [
../networks/pi3B_rack.nix ../../networks/pi3B_rack.nix
../profiles/cyclone-ibis.nix #../../profiles/cyclone-ibis.nix
]; ];
# Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.203";
networking.hostName = "ceitidh"; # Define your hostname. networking.hostName = "ceitidh"; # Define your hostname.
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

36
hosts/cuallaidh.nix → hosts/cuallaidh/default.nix
View file

@ -6,26 +6,21 @@
... ...
}: { }: {
imports = [ imports = [
../modules/tmate-ssh-server.nix ../../modules/tmate-ssh-server.nix
../networks/linode.nix ../../networks/linode.nix
../profiles/coturn.nix ../../profiles/coturn.nix
#../profiles/cryptpad.nix ../../profiles/iog.nix
#../profiles/hydra.nix ../../profiles/ipv6.nix
../profiles/iog.nix ../../profiles/mastodon.nix
../profiles/ipv6.nix ../../profiles/matrix.nix
../profiles/mastodon.nix #../../profiles/mcwhirter.io.nix
../profiles/matrix.nix #../../profiles/minecraftServer.nix
../profiles/mcwhirter.io.nix ../../profiles/nextcloud.nix
../profiles/minecraftServer.nix ../../profiles/nixpkgs-dev.nix
../profiles/nextcloud.nix ../../profiles/taskserver.nix
../profiles/nixpkgs-dev.nix ../../profiles/tt-rss.nix
../profiles/taskserver.nix
../profiles/tt-rss.nix
../secrets/tt-rss.nix
]; ];
deployment.targetHost = "172.105.171.16";
networking.hostName = "cuallaidh"; # Define your hostname. networking.hostName = "cuallaidh"; # Define your hostname.
networking.interfaces.eth0.ipv6.addresses = [ networking.interfaces.eth0.ipv6.addresses = [
{ {
@ -56,8 +51,9 @@
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
certs = {"git.mcwhirter.io" = {email = "craige@mcwhirter.io";};}; defaults.email = "acme@mcwhirter.io";
certs = {"source.mcwhirter.io" = {email = "craige@mcwhirter.io";};}; certs = {"git.mcwhirter.io" = {};};
certs = {"source.mcwhirter.io" = {};};
}; };
system.stateVersion = "19.03"; # The version of NixOS originally installed system.stateVersion = "19.03"; # The version of NixOS originally installed

6
hosts/dhu.nix → hosts/dhu/default.nix
View file

@ -5,9 +5,9 @@
... ...
}: { }: {
imports = [ imports = [
../hardware/eeepc701.nix # Include common configuration options ../../hardware/eeepc701.nix # Include common configuration options
../secrets/wireless.nix ../../secrets/wireless.nix
../profiles/sway.nix ../../profiles/sway.nix
]; ];
deployment.targetHost = "10.42.0.119"; deployment.targetHost = "10.42.0.119";

8
hosts/dionach.nix → hosts/dionach/default.nix
View file

@ -5,13 +5,11 @@
... ...
}: { }: {
imports = [ imports = [
../hardware/purism_librem_15.nix # Include results of the hardware scan. ../../hardware/purism_librem_15.nix # Include results of the hardware scan.
../profiles/desktop_common.nix ../../profiles/desktop_common.nix
../profiles/steam.nix ../../profiles/steam.nix
]; ];
deployment.targetHost = "10.42.0.190";
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
boot = { boot = {
loader.grub = { loader.grub = {

4
hosts/doilidh.nix → hosts/doilidh/default.nix
View file

@ -5,10 +5,8 @@
lib, lib,
... ...
}: { }: {
imports = [../networks/pi3B_rack.nix]; imports = [../../networks/pi3B_rack.nix];
# Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.204";
networking.hostName = "doilidh"; # Define your hostname. networking.hostName = "doilidh"; # Define your hostname.
environment.systemPackages = with pkgs; []; environment.systemPackages = with pkgs; [];

4
hosts/eamhair.nix → hosts/eamhair/default.nix
View file

@ -5,10 +5,8 @@
lib, lib,
... ...
}: { }: {
imports = [../networks/pi3B_rack.nix]; imports = [../../networks/pi3B_rack.nix];
# Comment out deployment when building the SD Image.
deployment.targetHost = "10.42.0.205";
networking.hostName = "eamhair"; # Define your hostname. networking.hostName = "eamhair"; # Define your hostname.
environment.systemPackages = with pkgs; []; environment.systemPackages = with pkgs; [];

7
hosts/iolear-beag.nix → hosts/iolear-beag/default.nix
View file

@ -5,16 +5,15 @@
... ...
}: { }: {
imports = [ imports = [
../hardware/lenovo_x201.nix ../../hardware/lenovo_x201.nix
../profiles/desktop_common.nix ../../profiles/desktop_common.nix
../profiles/wine.nix ../../profiles/wine.nix
]; ];
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda"; boot.loader.grub.device = "/dev/sda";
deployment.targetHost = "10.42.0.127";
networking.hostName = "iolear-beag"; # Define your hostname. networking.hostName = "iolear-beag"; # Define your hostname.
system.stateVersion = "18.09"; # The version of NixOS originally installed system.stateVersion = "18.09"; # The version of NixOS originally installed

14
hosts/paidh-uachdar.nix → hosts/paidh-uachdar/default.nix
View file

@ -6,14 +6,12 @@
... ...
}: { }: {
imports = [ imports = [
../hardware/raspberry_pi_3_model_B.nix ../../hardware/raspberry_pi_3_model_B.nix
../profiles/host_common.nix ../../profiles/host_common.nix
../profiles/openssh.nix ../../profiles/openssh.nix
../profiles/pi_common.nix ../../profiles/pi_common.nix
#../profiles/xmonad.nix ../../profiles/users-ops.nix # MIO Ops users
../secrets/craige.nix # Ssshhhhh! #../../secrets/wireless.nix # Hey look! A squirrel!
../secrets/root.nix # Ssshhhhh!
../secrets/wireless.nix # Hey look! A squirrel!
]; ];
# Comment out deployment when building the SD Image. # Comment out deployment when building the SD Image.

35
hosts/sanganto.nix → hosts/sanganto/default.nix
View file

@ -5,23 +5,22 @@
... ...
}: { }: {
imports = [ imports = [
../hardware/system76_thelioMira.nix # Include results of the hardware scan. ../../hardware/system76_thelioMira.nix # Include results of the hardware scan.
../profiles/cron-craige.nix # Provide Craige's cron jobs ../../profiles/cron-craige.nix # Provide Craige's cron jobs
../profiles/desktopCraige.nix # Craige's desktop tools and apps ../../profiles/desktopCraige.nix # Craige's desktop tools and apps
../profiles/haskell-dev.nix # Haskell dev environment ../../profiles/haskell-dev.nix # Haskell dev environment
../profiles/host_common.nix # Common host configuration options ../../profiles/host_common.nix # Common host configuration options
../profiles/iog.nix # IOHK environment ../../profiles/iog.nix # IOHK environment
../profiles/keyboard.nix ../../profiles/keyboard.nix
../profiles/neomutt.nix # Neomutt email ../../profiles/neomutt.nix # Neomutt email
../profiles/nix-community.nix # Nix community aarch64 tooling ../../profiles/nix-community.nix # Nix community aarch64 tooling
../profiles/nixpkgs-dev.nix # Nix pkgs dev tools ../../profiles/nixpkgs-dev.nix # Nix pkgs dev tools
../profiles/openssh.nix # Enable and configure openssh ../../profiles/openssh.nix # Enable and configure openssh
../profiles/pantheon.nix # Enable and configure the pantheon desktop ../../profiles/pantheon.nix # Enable and configure the pantheon desktop
../profiles/pipewire.nix # Enable and pipewire audio system ../../profiles/pipewire.nix # Enable and pipewire audio system
../profiles/xmonad.nix # Xmonad desktop environment ../../profiles/xmonad.nix # Xmonad desktop environment
../profiles/yubikey.nix # Yubikey tooling ../../profiles/yubikey.nix # Yubikey tooling
../secrets/craige.nix # Ssshhhhh! ../../profiles/users-ops.nix # MIO Ops users
../secrets/root.nix # Ssshhhhh!
]; ];
deployment.targetHost = "10.42.0.11"; deployment.targetHost = "10.42.0.11";
@ -33,7 +32,7 @@
"openssl-1.0.2u" "openssl-1.0.2u"
]; ];
}; };
overlays = [(import ../overlays/ncmpcpp.nix)]; overlays = [(import ../../overlays/ncmpcpp.nix)];
}; };
boot = { boot = {

40
hosts/sercanto.nix → hosts/sercanto/default.nix
View file

@ -5,26 +5,24 @@
... ...
}: { }: {
imports = [ imports = [
../hardware/system76_lemurPro.nix # Include results of the hardware scan. ../../hardware/system76_lemurPro.nix # Include results of the hardware scan.
../profiles/cron-craige.nix # Provide Craige's cron jobs ../../profiles/cron-craige.nix # Provide Craige's cron jobs
../profiles/desktopCraige.nix # Craige's desktop tools and apps ../../profiles/desktopCraige.nix # Craige's desktop tools and apps
../profiles/haskell-dev.nix # Haskell dev environment ../../profiles/haskell-dev.nix # Haskell dev environment
../profiles/host_common.nix # Common host configuration options ../../profiles/host_common.nix # Common host configuration options
../profiles/iog.nix # IOHK environment ../../profiles/iog.nix # IOHK environment
../profiles/keyboard.nix ../../profiles/keyboard.nix
../profiles/neomutt.nix # Neomutt email ../../profiles/neomutt.nix # Neomutt email
../profiles/nix-community.nix # Nix community aarch64 tooling ../../profiles/nix-community.nix # Nix community aarch64 tooling
../profiles/nix-mio-ops.nix # mio-ops Nix tooling ../../profiles/nix-mio-ops.nix # mio-ops Nix tooling
../profiles/nixpkgs-dev.nix # Nix pkgs dev tools ../../profiles/nixpkgs-dev.nix # Nix pkgs dev tools
../profiles/openssh.nix # Enable and configure openssh ../../profiles/openssh.nix # Enable and configure openssh
../profiles/pantheon.nix # Enable and configure the pantheon desktop ../../profiles/pantheon.nix # Enable and configure the pantheon desktop
../profiles/pipewire.nix # Enable and pipewire audio system ../../profiles/pipewire.nix # Enable and pipewire audio system
../profiles/powerManagement.nix # Power management for laptops ../../profiles/powerManagement.nix # Power management for laptops
../profiles/xmonad.nix # Xmonad desktop environment ../../profiles/xmonad.nix # Xmonad desktop environment
../profiles/yubikey.nix # Yubikey tooling ../../profiles/yubikey.nix # Yubikey tooling
../secrets/craige.nix # Ssshhhhh! ../../profiles/users-ops.nix # MIO Ops users
../secrets/root.nix # Ssshhhhh!
#../secrets/wireless.nix # Hey look! A squirrel!
]; ];
deployment.targetHost = "10.42.0.180"; deployment.targetHost = "10.42.0.180";
@ -36,7 +34,7 @@
"openssl-1.0.2u" "openssl-1.0.2u"
]; ];
}; };
overlays = [(import ../overlays/ncmpcpp.nix)]; overlays = [(import ../../overlays/ncmpcpp.nix)];
}; };
boot = { boot = {

7
hosts/sithlainnir.nix → hosts/sithlainnir/default.nix
View file

@ -5,16 +5,15 @@
... ...
}: { }: {
imports = [ imports = [
../hardware/lenovo_x201.nix ../../hardware/lenovo_x201.nix
../profiles/desktopFiona.nix ../../profiles/desktopFiona.nix
../profiles/desktop_common.nix ../../profiles/desktop_common.nix
]; ];
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda"; boot.loader.grub.device = "/dev/sda";
deployment.targetHost = "10.42.0.114";
networking.hostName = "sithlainnir"; # Define your hostname. networking.hostName = "sithlainnir"; # Define your hostname.
system.stateVersion = "18.09"; # The version of NixOS originally installed system.stateVersion = "18.09"; # The version of NixOS originally installed

9
hosts/teintidh.nix → hosts/teintidh/default.nix
View file

@ -5,17 +5,16 @@
... ...
}: { }: {
imports = [ imports = [
../hardware/lenovo_x201.nix ../../hardware/lenovo_x201.nix
../profiles/desktop_common.nix ../../profiles/desktop_common.nix
../profiles/haskell-dev.nix ../../profiles/haskell-dev.nix
../profiles/kids-dev.nix ../../profiles/kids-dev.nix
]; ];
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda"; boot.loader.grub.device = "/dev/sda";
deployment.targetHost = "10.42.0.127";
networking.hostName = "teintidh"; # Define your hostname. networking.hostName = "teintidh"; # Define your hostname.
system.stateVersion = "18.09"; # The version of NixOS originally installed system.stateVersion = "18.09"; # The version of NixOS originally installed

107
nix/sources.json
View file

@ -1,107 +0,0 @@
{
"cardano-node": {
"branch": "refs/tags/1.35.7",
"description": "The core component that is used to participate in a Cardano decentralised blockchain.",
"homepage": "https://cardano.org",
"owner": "input-output-hk",
"repo": "cardano-node",
"rev": "f0b4ac897dcbefba9fa0d247b204a24543cf55f6",
"sha256": "0s2jkj4mwl03hxg4ff9kyw41s32xbf31rnhag2m1qrglgsh8wzw9",
"type": "tarball",
"url": "https://github.com/input-output-hk/cardano-node/archive/f0b4ac897dcbefba9fa0d247b204a24543cf55f6.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"daedalus": {
"branch": "release/5.2.0",
"description": "The open source cryptocurrency wallet for ada, built to grow with the community",
"homepage": "https://daedaluswallet.io/",
"owner": "input-output-hk",
"repo": "daedalus",
"rev": "2990f5a44189097b3de2e7e7a19caa8062a8ae7b",
"sha256": "1w2w7qfashbqimcywzvhh0z5jrlfaja04sgi6p5hp08adwad6r92",
"type": "tarball",
"url": "https://github.com/input-output-hk/daedalus/archive/2990f5a44189097b3de2e7e7a19caa8062a8ae7b.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"iohk-nix": {
"branch": "master",
"description": "nix scripts shared across projects",
"homepage": null,
"owner": "input-output-hk",
"repo": "iohk-nix",
"rev": "df1da282f996ec46b33379407df99613a1fbafdd",
"sha256": "0vpcyrswxkynn2q37qsrhvf62whk2ijpcwqnamxcchcq6lwfpn0l",
"type": "tarball",
"url": "https://github.com/input-output-hk/iohk-nix/archive/df1da282f996ec46b33379407df99613a1fbafdd.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"mcwhirter-io": {
"branch": "nixos-23.11",
"rev": "2ca0244e2ff130ca851bb2487b03b606b701286a",
"sha256": "1alh4z2qpnh1wv3mclnmh8f3cqnks4h6hcrq1kwl5xz4xs2pc1ss",
"type": "tarball",
"url": "https://reciproka.dev/sercanto/mcwhirter.io/archive/2ca0244e2ff130ca851bb2487b03b606b701286a.tar.gz",
"url_template": "https://reciproka.dev/sercanto/mcwhirter.io/archive/<rev>.tar.gz"
},
"niv": {
"branch": "master",
"description": "Easy dependency management for Nix projects",
"homepage": "https://github.com/nmattia/niv",
"owner": "nmattia",
"repo": "niv",
"rev": "82e5cd1ad3c387863f0545d7591512e76ab0fc41",
"sha256": "090l219mzc0gi33i3psgph6s2pwsc8qy4lyrqjdj4qzkvmaj65a7",
"type": "tarball",
"url": "https://github.com/nmattia/niv/archive/82e5cd1ad3c387863f0545d7591512e76ab0fc41.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"nixos-23.05": {
"branch": "nixos-23.05",
"description": "Nix Packages collection & NixOS",
"homepage": "",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
"sha256": "05cbl1k193c9la9xhlz4y6y8ijpb2mkaqrab30zij6z4kqgclsrd",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/70bdadeb94ffc8806c0570eb5c2695ad29f0e421.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"nixos2111": {
"branch": "nixos-21.11",
"description": "Nix Packages collection",
"homepage": "",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "63198c9ccefdbd337cef0d85db0ea2689f4ce418",
"sha256": "05gc6xyv8a2dppngm1q44j85j769lr90lg20s6jv62gfg344i50r",
"type": "tarball",
"url": "https://github.com/nixos/nixpkgs/archive/63198c9ccefdbd337cef0d85db0ea2689f4ce418.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"nixpkgs": {
"branch": "nixos-24.05",
"builtin": false,
"description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
"homepage": "https://github.com/NixOS/nixpkgs",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6e99f2a27d600612004fbd2c3282d614bfee6421",
"sha256": "1qwbrn2cb1x9clkhqmdnx5r8v11168p3nx14h3r9wcml0bgblpvr",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/6e99f2a27d600612004fbd2c3282d614bfee6421.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"nixpkgsUnstable": {
"branch": "nixos-unstable",
"description": "Nix Packages collection",
"homepage": "",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b",
"sha256": "1dmng7f5rv4hgd0b61chqx589ra7jajsrzw21n8gp8makw5khvb2",
"type": "tarball",
"url": "https://github.com/nixos/nixpkgs/archive/12228ff1752d7b7624a54e9c1af4b222b3c1073b.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}
}

141
nix/sources.nix
View file

@ -1,141 +0,0 @@
# This file has been generated by Niv.
let
#
# The fetchers. fetch_<type> fetches specs of type <type>.
#
fetch_file = pkgs: spec:
if spec.builtin or true
then builtins_fetchurl {inherit (spec) url sha256;}
else pkgs.fetchurl {inherit (spec) url sha256;};
fetch_tarball = pkgs: spec:
if spec.builtin or true
then builtins_fetchTarball {inherit (spec) url sha256;}
else pkgs.fetchzip {inherit (spec) url sha256;};
fetch_git = spec:
builtins.fetchGit {
url = spec.repo;
inherit (spec) rev ref;
};
fetch_builtin-tarball = spec:
builtins.trace ''
WARNING:
The niv type "builtin-tarball" will soon be deprecated. You should
instead use `builtin = true`.
$ niv modify <package> -a type=tarball -a builtin=true
''
builtins_fetchTarball {inherit (spec) url sha256;};
fetch_builtin-url = spec:
builtins.trace ''
WARNING:
The niv type "builtin-url" will soon be deprecated. You should
instead use `builtin = true`.
$ niv modify <package> -a type=file -a builtin=true
'' (builtins_fetchurl {inherit (spec) url sha256;});
#
# Various helpers
#
# The set of packages used when specs are fetched using non-builtins.
mkPkgs = sources: let
sourcesNixpkgs =
import (builtins_fetchTarball {inherit (sources.nixpkgs) url sha256;})
{};
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
hasThisAsNixpkgsPath = <nixpkgs> == ./.;
in
if builtins.hasAttr "nixpkgs" sources
then sourcesNixpkgs
else if hasNixpkgsPath && !hasThisAsNixpkgsPath
then import <nixpkgs> {}
else
abort ''
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
add a package called "nixpkgs" to your sources.json.
'';
# The actual fetching function.
fetch = pkgs: name: spec:
if !builtins.hasAttr "type" spec
then abort "ERROR: niv spec ${name} does not have a 'type' attribute"
else if spec.type == "file"
then fetch_file pkgs spec
else if spec.type == "tarball"
then fetch_tarball pkgs spec
else if spec.type == "git"
then fetch_git spec
else if spec.type == "builtin-tarball"
then fetch_builtin-tarball spec
else if spec.type == "builtin-url"
then fetch_builtin-url spec
else
abort
"ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
# Ports of functions for older nix versions
# a Nix version of mapAttrs if the built-in doesn't exist
mapAttrs =
builtins.mapAttrs
or (f: set:
with builtins;
listToAttrs (map (attr: {
name = attr;
value = f attr set.${attr};
}) (attrNames set)));
# fetchTarball version that is compatible between all the versions of Nix
builtins_fetchTarball = {
url,
sha256,
} @ attrs: let
inherit (builtins) lessThan nixVersion fetchTarball;
in
if lessThan nixVersion "1.12"
then fetchTarball {inherit url;}
else fetchTarball attrs;
# fetchurl version that is compatible between all the versions of Nix
builtins_fetchurl = {
url,
sha256,
} @ attrs: let
inherit (builtins) lessThan nixVersion fetchurl;
in
if lessThan nixVersion "1.12"
then fetchurl {inherit url;}
else fetchurl attrs;
# Create the final "sources" from the config
mkSources = config:
mapAttrs (name: spec:
if builtins.hasAttr "outPath" spec
then
abort
"The values in sources.json should not have an 'outPath' attribute"
else spec // {outPath = fetch config.pkgs name spec;})
config.sources;
# The "config" used by the fetchers
mkConfig = {
sourcesFile ? ./sources.json,
sources ? builtins.fromJSON (builtins.readFile sourcesFile),
pkgs ? mkPkgs sources,
}: rec {
# The sources, i.e. the attribute set of spec name to spec
inherit sources;
# The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers
inherit pkgs;
};
in
mkSources (mkConfig {})
// {
__functor = _: settings: mkSources (mkConfig settings);
}

34
nixops.nix
View file

@ -1,34 +0,0 @@
# NixOps configuration for the mio-ops nodes
{
network = {
description = "mio-ops nodes";
enableRollback = true;
};
network.storage.legacy = {databasefile = "~/.nixops/deployments.nixops";};
defaults = {
config,
pkgs,
lib,
...
}: {
system.autoUpgrade.enable = false; # Disabled as it conflicts with NixOps
};
airgead = import hosts/airgead.nix;
brighde = import hosts/brighde.nix;
ceilidh = import hosts/ceilidh.nix;
cuallaidh = import hosts/cuallaidh.nix;
dhu = import hosts/dhu.nix;
dionach = import hosts/dionach.nix;
iolear-beag = import hosts/iolear-beag.nix;
doilidh = import hosts/doilidh.nix;
eamhair = import hosts/eamhair.nix;
ceitidh = import hosts/ceitidh.nix;
paidh-uachdar = import hosts/paidh-uachdar.nix;
sanganto = import hosts/sanganto.nix;
sercanto = import hosts/sercanto.nix;
sithlainnir = import hosts/sithlainnir.nix;
teintidh = import hosts/teintidh.nix;
}

174
outputs.nix Normal file
View file

@ -0,0 +1,174 @@
{
self,
cardano-node,
colmena,
daedalus,
nix,
nixpkgs,
nixpkgsUnstable,
ragenix,
utils,
...
} @ inputs:
(utils.lib.eachDefaultSystem (system: let
deploymentName = "mio-ops";
pkgs = nixpkgs.legacyPackages."${system}";
nix_path = "nixpkgs=${nixpkgs}";
in {
devShell =
pkgs.callPackage
./shell.nix {
inherit (colmena.packages."${pkgs.system}") colmena;
inherit (nix.packages."${pkgs.system}") nix;
inherit (ragenix.packages."${pkgs.system}") ragenix;
inherit deploymentName;
inherit nix_path;
};
}))
// {
colmena = {
meta = {
description = "mio-ops deployment";
name = "deploymentName";
nixpkgs = import nixpkgs {
system = "x86_64-linux";
overlays = [];
};
};
defaults = {
_module.args.inputs = inputs;
};
# Comment out deployment line when building the SD Image.
airgead = {
imports = [
hosts/airgead
cardano-node.nixosModules.cardano-node
ragenix.nixosModules.default
];
deployment = {
tags = ["active"];
targetHost = "172.105.187.96";
};
};
brighde = {
imports = [
hosts/brighde
ragenix.nixosModules.default
];
deployment = {
tags = ["active"];
targetHost = "10.42.0.124";
};
};
ceilidh = {
imports = [
hosts/ceilidh
ragenix.nixosModules.default
];
};
ceitidh = {
imports = [
hosts/ceitidh
ragenix.nixosModules.default
];
deployment = {
tags = ["active"];
targetHost = "10.42.0.203";
};
};
cuallaidh = {
imports = [
hosts/cuallaidh
ragenix.nixosModules.default
];
deployment = {
tags = ["active"];
targetHost = "172.105.171.16";
};
};
#dhu = {
# imports = [
# hosts/dhu
# ragenix.nixosModules.default
# ];
#};
dionach = {
imports = [
hosts/dionach
ragenix.nixosModules.default
];
deployment = {
tags = ["active"];
targetHost = "10.42.0.190";
};
};
doilidh = {
imports = [
hosts/doilidh
ragenix.nixosModules.default
];
deployment = {
tags = ["active"];
targetHost = "10.42.0.204";
};
};
eamhair = {
imports = [
hosts/eamhair
ragenix.nixosModules.default
];
deployment = {
tags = ["active"];
targetHost = "10.42.0.205";
};
};
iolear-beag = {
imports = [
hosts/iolear-beag
ragenix.nixosModules.default
];
deployment = {
tags = ["inactive"];
targetHost = "10.42.0.127";
};
};
#paidh-uachdar = {
# imports = [
# hosts/paidh-uachdar
# ragenix.nixosModules.default
# ];
#};
sanganto = {
imports = [
hosts/sanganto
ragenix.nixosModules.default
];
};
sercanto = {
imports = [
hosts/sercanto
ragenix.nixosModules.default
];
};
sithlainnir = {
imports = [
hosts/sithlainnir
ragenix.nixosModules.default
];
deployment = {
tags = ["inactive"];
targetHost = "10.42.0.114";
};
};
teintidh = {
imports = [
hosts/teintidh
ragenix.nixosModules.default
];
deployment = {
tags = ["inactive"];
targetHost = "10.42.0.127";
};
};
};
}

44
profiles/cardano-node.nix
View file

@ -1,19 +1,42 @@
# NixOps configuration for the hosts running a Cardano node # NixOps configuration for the hosts running a Cardano node
{ {
config, config,
inputs,
pkgs, pkgs,
lib, lib,
... ...
}: let }: let
sources = import ../nix/sources.nix; cardanoNodeProject = import (inputs.cardano-node + "/nix") {
cardanoNodeProject = import (sources.cardano-node + "/nix") { gitrev = inputs.cardano-node.rev;
gitrev = sources.cardano-node.rev;
}; };
iohkNix = import (sources.iohk-nix) {};
in { in {
imports = [../secrets/cardano/producers.nix "${sources.cardano-node}/nix/nixos"]; age.secrets = {
cardano-kes = {
file = ../secrets/cardano/cardano-kes.age;
path = "/run/keys/cardano-kes";
owner = "cardano-node";
group = "cardano-node";
mode = "0600";
};
cardano-opcert = {
file = ../secrets/cardano/cardano-opcert.age;
path = "/run/keys/cardano-opcert";
owner = "cardano-node";
group = "cardano-node";
mode = "0600";
};
cardano-vrf = {
file = ../secrets/cardano/cardano-vrf.age;
path = "/run/keys/cardano-vrf";
owner = "cardano-node";
group = "cardano-node";
mode = "0600";
};
};
environment.systemPackages = [cardanoNodeProject.cardano-cli]; #imports = [../secrets/cardano/producers.nix];
environment.systemPackages = [inputs.cardano-node.packages.${pkgs.system}.cardano-cli];
services = { services = {
cardano-node = { cardano-node = {
@ -21,8 +44,9 @@ in {
environment = "mainnet"; environment = "mainnet";
hostAddr = "0.0.0.0"; hostAddr = "0.0.0.0";
nodeConfig = nodeConfig =
iohkNix.cardanoLib.environments.mainnet.nodeConfig inputs.cardano-node.environments.x86_64-linux.mainnet
// { // {
Protocol = "Cardano";
hasPrometheus = ["127.0.0.1" 12798]; hasPrometheus = ["127.0.0.1" 12798];
setupScribes = [ setupScribes = [
{ {
@ -33,9 +57,9 @@ in {
]; ];
defaultScribes = [["JournalSK" "cardano"]]; defaultScribes = [["JournalSK" "cardano"]];
}; };
kesKey = "/run/keys/cardano-kes"; kesKey = "${config.age.secrets.cardano-kes.path}";
vrfKey = "/run/keys/cardano-vrf"; vrfKey = "${config.age.secrets.cardano-vrf.path}";
operationalCertificate = "/run/keys/cardano-opcert"; operationalCertificate = "${config.age.secrets.cardano-opcert.path}";
}; };
}; };

10
profiles/coturn.nix
View file

@ -5,7 +5,14 @@
lib, lib,
... ...
}: { }: {
imports = [../secrets/coturn.nix]; age.secrets = {
coturn = {
file = ../secrets/coturn.age;
owner = "turnserver";
group = "turnserver";
mode = "0640";
};
};
services = { services = {
coturn = { coturn = {
@ -20,6 +27,7 @@
no-tcp-relay = true; # Disable TCP relay endpoints no-tcp-relay = true; # Disable TCP relay endpoints
extraConfig = "\n cipher-list=\"HIGH\"\n no-loopback-peers\n no-multicast-peers\n "; extraConfig = "\n cipher-list=\"HIGH\"\n no-loopback-peers\n no-multicast-peers\n ";
secure-stun = true; # Require authentication of the STUN Binding request secure-stun = true; # Require authentication of the STUN Binding request
static-auth-secret-file = config.age.secrets.coturn.path;
cert = "/var/lib/acme/turn.mcwhirter.io/fullchain.pem"; cert = "/var/lib/acme/turn.mcwhirter.io/fullchain.pem";
pkey = "/var/lib/acme/turn.mcwhirter.io/key.pem"; pkey = "/var/lib/acme/turn.mcwhirter.io/key.pem";
min-port = 49152; # Lower bound of UDP relay endpoints min-port = 49152; # Lower bound of UDP relay endpoints

15
profiles/daedalus.nix
View file

@ -1,17 +1,14 @@
# NixOps configuration for the hosts running Daedalus # NixOps configuration for the hosts running Daedalus
{ {
config, config,
pkgs, inputs,
lib, lib,
pkgs,
... ...
}: let }: {
sources = import ../nix/sources.nix;
daedalusProject = import sources.daedalus {};
daedalusMainnet = daedalusProject.daedalus;
#daedalusFlight = daedalusProject.daedalus {--argstr cluster mainnet_flight -o daedalusFlight};
in {
environment.systemPackages = [ environment.systemPackages = [
daedalusMainnet inputs.daedalus.packages."${pkgs.system}".daedalus-mainnet
#daedalusFlight #inputs.daedalus.packages."${pkgs.system}".daedalus-preprod
#inputs.daedalus.packages."${pkgs.system}".daedalus-preview
]; ];
} }

9
profiles/desktop_common.nix
View file

@ -1,5 +1,6 @@
# Common configuration for MIO desktops # Common configuration for MIO desktops
{ {
inputs,
config, config,
pkgs, pkgs,
... ...
@ -11,12 +12,8 @@
../profiles/daedalus.nix ../profiles/daedalus.nix
../profiles/openssh.nix ../profiles/openssh.nix
../profiles/powerManagement.nix ../profiles/powerManagement.nix
../secrets/user-craige.nix ../profiles/users-core.nix
../secrets/user-fiona.nix ../profiles/users.nix
../secrets/user-hamish.nix
../secrets/user-logan.nix
../secrets/user-root.nix
../secrets/user-xander.nix
]; ];
# Common Desktop Packages # Common Desktop Packages

6
profiles/games-kids.nix
View file

@ -2,11 +2,9 @@
{ {
config, config,
pkgs, pkgs,
nixpkgsUnstable,
... ...
}: let }: {
sources = import ../nix/sources.nix;
unstable = import sources.nixpkgsUnstable {};
in {
imports = [ imports = [
../profiles/minecraftClient.nix # Play Minecraft :-) ../profiles/minecraftClient.nix # Play Minecraft :-)
]; ];

10
profiles/iog.nix
View file

@ -1,30 +1,26 @@
# NixOps configuration for the hosts utilising IOHK resources # NixOps configuration for the hosts utilising IOHK resources
{ {
config, config,
inputs,
pkgs, pkgs,
lib, lib,
... ...
}: let }: let
sources = import ../nix/sources.nix; nix = inputs.nix.packages."${pkgs.system}".nix;
nixVersion = (import sources.nixpkgs {}).nixVersions.latest;
in { in {
imports = [../profiles/terminal-recording.nix ../profiles/nix-direnv.nix]; imports = [../profiles/terminal-recording.nix ../profiles/nix-direnv.nix];
nix = { nix = {
package = nixVersion; package = nix;
settings = { settings = {
substituters = [ substituters = [
"https://cache.nixos.org" "https://cache.nixos.org"
"https://erc20.cachix.org"
"https://cache.iog.io" "https://cache.iog.io"
"s3://iohk-vit-bitte/infra/binary-cache/?region=eu-central-1"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"erc20.cachix.org-1:SSf1RXfccF4/rwiwgBrbV7n8EBn0xciuU/TMdtor8LE="
"hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ="
"iohk.cachix.org-1:DpRUyj7h7V830dp/i6Nti+NEO2/nhblbov/8MW7Rqoo=" "iohk.cachix.org-1:DpRUyj7h7V830dp/i6Nti+NEO2/nhblbov/8MW7Rqoo="
"vit-testnet-0:0lvkEoYh+XrBh7pr4bXjsUisUkUxsyLvvWBIJwym/RM="
]; ];
}; };
extraOptions = '' extraOptions = ''

4
profiles/matrix.nix
View file

@ -5,8 +5,6 @@
lib, lib,
... ...
}: { }: {
imports = [../secrets/matrix.nix];
i18n = { i18n = {
extraLocaleSettings = { extraLocaleSettings = {
LC_COLLATE = "C.UTF-8"; # Ensure correct locale for postgres LC_COLLATE = "C.UTF-8"; # Ensure correct locale for postgres
@ -66,7 +64,7 @@
server_name = "mcwhirter.io"; # Server's public domain name server_name = "mcwhirter.io"; # Server's public domain name
tls_certificate_path = "/var/lib/acme/mcwhirter.io/fullchain.pem"; tls_certificate_path = "/var/lib/acme/mcwhirter.io/fullchain.pem";
tls_private_key_path = "/var/lib/acme/mcwhirter.io/key.pem"; tls_private_key_path = "/var/lib/acme/mcwhirter.io/key.pem";
turn_shared_secret = "IZI43ylg6aJdMwy5MyhUPqT8SJD4C3P1vDcIFMzqGvTXJiCjAEvnPcDCBZfig5Q6"; turn_shared_secret = "${config.services.coturn.static-auth-secret-file}";
turn_uris = [ turn_uris = [
"turn:turn.mcwhirter.io:5349?transport=udp" "turn:turn.mcwhirter.io:5349?transport=udp"
"turn:turn.mcwhirter.io:5350?transport=udp" "turn:turn.mcwhirter.io:5350?transport=udp"

22
profiles/nextcloud.nix
View file

@ -5,8 +5,22 @@
lib, lib,
... ...
}: { }: {
imports = [../secrets/nextcloud.nix]; age.secrets = {
nextcloud-dbpass = {
file = ../secrets/nextcloud-dbpass.age;
path = "/run/keys/nextcloud-dbpass";
mode = "0640";
owner = "nextcloud";
group = "nextcloud";
};
nextcloud-adminpass = {
file = ../secrets/nextcloud-adminpass.age;
path = "/run/keys/nextcloud-adminpass";
mode = "0640";
owner = "nextcloud";
group = "nextcloud";
};
};
services.nextcloud = { services.nextcloud = {
enable = true; # Enable Nextcloud enable = true; # Enable Nextcloud
hostName = "cloud.mcwhirter.io"; # FQDN for the Nextcloud instance hostName = "cloud.mcwhirter.io"; # FQDN for the Nextcloud instance
@ -17,8 +31,8 @@
dbname = "nextcloud"; # Set the database name dbname = "nextcloud"; # Set the database name
dbhost = "/run/postgresql"; # Set the database connection dbhost = "/run/postgresql"; # Set the database connection
dbuser = "nextcloud"; # Set the database user dbuser = "nextcloud"; # Set the database user
dbpassFile = "/run/keys/nextcloud-dbpass"; # Where to find the database password dbpassFile = config.age.secrets.nextcloud-dbpass.path;
adminpassFile = "/run/keys/nextcloud-admin"; # Where to find the admin password adminpassFile = config.age.secrets.nextcloud-adminpass.path;
adminuser = "root"; # Set the admin user name adminuser = "root"; # Set the admin user name
}; };
autoUpdateApps = { autoUpdateApps = {

8
profiles/server_common.nix
View file

@ -4,14 +4,10 @@
pkgs, pkgs,
lib, lib,
... ...
}: let }: {
sources = import ../nix/sources.nix;
nixpkgs2305 = (import sources."nixos-23.05" {}).pkgs;
in {
imports = [ imports = [
../profiles/openssh.nix ../profiles/openssh.nix
../secrets/user-craige.nix ../profiles/users-core.nix
../secrets/user-root.nix
]; ];
programs.mosh = { programs.mosh = {

22
profiles/tt-rss.nix
View file

@ -5,12 +5,20 @@
lib, lib,
... ...
}: { }: {
age.secrets = {
tt-rss-dbpass = {
file = ../secrets/tt-rss-dbpass.age;
owner = "tt_rss";
group = "tt_rss";
mode = "0640";
};
};
services.tt-rss = { services.tt-rss = {
enable = true; # Enable TT-RSS enable = true; # Enable TT-RSS
database = { database = {
# Configure the database # Configure the database
type = "pgsql"; # Database type type = "pgsql"; # Database type
passwordFile = "/run/keys/tt-rss-dbpass"; # Where to find the password passwordFile = "${config.age.secrets.tt-rss-dbpass.path}"; # Where to find the password
}; };
email = { email = {
fromAddress = "news@mcwhirter.io"; # Address for outgoing email fromAddress = "news@mcwhirter.io"; # Address for outgoing email
@ -39,16 +47,6 @@
]; ];
}; };
systemd = {
services = {
tt-rss = {
# Ensure tt-rss starts after nixops keys are loaded
after = ["tt-rss-dbpass-key.service"];
wants = ["tt-rss-dbpass-key.service"];
};
};
};
services.postgresqlBackup.databases = ["tt_rss"]; services.postgresqlBackup.databases = ["tt_rss"];
services.nginx = { services.nginx = {
@ -65,6 +63,4 @@
}; };
security.acme.certs = {"news.mcwhirter.io".email = "craige@mcwhirter.io";}; security.acme.certs = {"news.mcwhirter.io".email = "craige@mcwhirter.io";};
users.groups.keys.members = ["tt_rss"]; # Required due to NixOps issue #1204
} }

39
profiles/users-core.nix Normal file
View file

@ -0,0 +1,39 @@
# User configuration common to all MIO hosts
{
config,
pkgs,
...
}: {
age.secrets = {
root.file = ../secrets/root.age;
craige.file = ../secrets/craige.age;
};
# MIO Groups:
users.groups = {
craige.gid = 1000;
};
# MIO Users
users.users = {
root = {
hashedPasswordFile = config.age.secrets.root.path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDtjE0YstRzlh+Zhlj03th9DYOkMqJ5xHUcderBq151K"
];
};
craige = {
isNormalUser = true;
description = "Craige McWhirter";
uid = 1000;
group = "craige";
extraGroups = [
"wheel"
];
hashedPasswordFile = config.age.secrets.craige.path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDtjE0YstRzlh+Zhlj03th9DYOkMqJ5xHUcderBq151K"
];
};
};
}

41
profiles/users-ops.nix Normal file
View file

@ -0,0 +1,41 @@
# User configuration common to all MIO Opshosts
{
config,
pkgs,
...
}: {
age.secrets = {
root.file = ../secrets/root-ops.age;
craige.file = ../secrets/craige-ops.age;
};
# MIO Groups:
users.groups.craige.gid = 1000;
# MIO Users
users.users.root = {
hashedPasswordFile = config.age.secrets.root.path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDtjE0YstRzlh+Zhlj03th9DYOkMqJ5xHUcderBq151K"
];
};
users.users.craige = {
isNormalUser = true;
home = "/home/craige";
description = "Craige McWhirter";
uid = 1000;
group = "craige";
extraGroups = [
"audio"
"libvirtd"
"networkmanager"
"qemu-libvirtd"
"video"
"wheel"
];
hashedPasswordFile = config.age.secrets.craige.path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDtjE0YstRzlh+Zhlj03th9DYOkMqJ5xHUcderBq151K"
];
};
}

57
profiles/users.nix Normal file
View file

@ -0,0 +1,57 @@
# User configuration common to all MIO hosts
{
config,
pkgs,
...
}: {
age.secrets = {
fiona.file = ../secrets/fiona.age;
hamish.file = ../secrets/hamish.age;
logan.file = ../secrets/logan.age;
xander.file = ../secrets/xander.age;
};
# MIO Groups:
users.groups = {
fiona.gid = 1004;
hamish.gid = 1001;
logan.gid = 1002;
xander.gid = 1003;
};
# MIO Users
users.users = {
fiona = {
isNormalUser = true;
description = "Fiona McWhirter";
uid = 1004;
group = "fiona";
extraGroups = ["networkmanager"];
hashedPassword = config.age.secrets.fiona.path;
};
hamish = {
isNormalUser = true;
description = "Hamish McWhirter";
uid = 1001;
group = "hamish";
extraGroups = ["networkmanager"];
hashedPassword = config.age.secrets.hamish.path;
};
logan = {
isNormalUser = true;
description = "Logan Stoddart";
uid = 1002;
group = "logan";
extraGroups = ["networkmanager"];
hashedPassword = config.age.secrets.logan.path;
};
xander = {
isNormalUser = true;
description = "Xander Stoddart";
uid = 1003;
group = "xander";
extraGroups = ["networkmanager"];
hashedPassword = config.age.secrets.logan.path;
};
};
}

61
secrets/cardano/cardano-kes.age Normal file
View file

@ -0,0 +1,61 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBpMC84
S09IcHB5aFVVb3pIRkhUbWNuRGRkbHlUUlZDTG5WakZFSENaVEJvCk1RUVhaNGpQ
SURDQ0YydStCcDg5OGl1NEYzYjJ2TWNHZTlHdUZRYURNb0UKLT4gc3NoLWVkMjU1
MTkgSk00dDZBIEd4dEtMdXY1TnFNaWwwbDdURGlXNWJDb3V0SXYybURpdVZqM21n
STJmMU0KV1JaYmRXbjhoK1QvWXBEZzc5a09EMGhZZWhzb0tReGkxSW80aWFqb0ZN
MAotPiBzc2gtZWQyNTUxOSA5aEV5RFEgbVg5c1RqVHBOQUxreDg5c2pnNEJ2dzFD
ZkFiRnEvQUZ0dmFDdEhQOTN3WQp5cE0zOWE1cVhFR0czUitxa1ovOWtrayt5WG1z
Yk4vZGkzZTJoaUpNMEdnCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyBmYmQ1YTZQRmtu
bmtoalNXSFRrdUFRRVEzTHZ6YVh1Nlh2YWY2WE5Vam5VCkdtWGZWdnNRNDByL3Zh
QkpVMFNya1IwY1BkMWRlY0ovT21QN21yMVpTSWMKLT4gc3NoLWVkMjU1MTkgV2c5
M3J3IHRKaWVuTUM1b0hoQ1ZkS29RWFVyQ3FDcXhUWWlEd0FBOGhwWnQ5a2Rqd2MK
WXF4ZmQvUU81Z0RnWTNIZFRUVTVJSkNHcDFOclUzSGxMMWpBMlpvLzZEWQotPiBz
c2gtZWQyNTUxOSBQeEt3alEgZVNudVB1UDBTd0FTVjB4andQWEJ0SXpsWUszR3dI
OFlmakh0NTZIemJrNAo4OE1lNlJpZ3NWVHdvSG8rK0laN3J3cGxKd2t5K1Jnb1lV
NmZCOGhFNE5jCi0+IHNzaC1lZDI1NTE5IEIzZFhTQSA5TjdkL21wcmhTdE9Td2Z5
c1FrdU1pVFRCNzMyKzIwYTNvNjBzZStoUTFnCkx5UjUwUzYyWm53dWg1ZDUrazNy
NUFLMlJwUWNhSVIwc2haenBmL0lQcU0KLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIEZG
cDZLTlA4cUxqR08xbCtDRldRZkNzK2c1Z1lBZGNvNTh3NjJwM2tpM2cKYlBTRDYz
aGlMMWxUV2MyOTVwMndBWTM0SDhKaTlTS0hsYm1kZUJNYnd3QQotPiBzc2gtZWQy
NTUxOSAwZHBkZ1EgWk9uTTM1TjdzWDZXODU3UUVZdGJ1d1c2eWNnOGRaaEowUDQ1
clRGWkN5ZwpGd2RDYWtHYW1YTURmN1dNZEtCdFF4YWZjV1NhS0ZqdE01czYwcXkr
czRBCi0+IHNzaC1lZDI1NTE5IHVsMGt4USBTd2pKTFptK01WZVhEQ0g2by81SlUz
MTc1eFE0T3g5TnhGKzIxbU5YRDFJCnJHWVNWV0dNUXFXaFdIRUZMVVdnbUI5TzV2
WURGWXhMQmFYQUphMDluaGsKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IHhXUk9qTktH
NHJySXp3ZS9XVEFGUFU5VFM3OUN0NDZUOC9lY2NZbkV6d1EKVUhXQ1VEQVUralls
b1Job3BtK2JmSFZQTWZRb1hrMFc5aUNEczdZY3dRVQotPiBzc2gtZWQyNTUxOSB6
RzMrMXcgUjlOcmg5cXVSdTlHVVJDZUE3THdjb1YybmZmSExCM2IvZ29lNVpNYi9R
MApjOEVmditLQXM0Zzd2WFRSeThBaEo4aEtnME5BQWJsYUxUUTZWSXlQREEwCi0+
IFA1Y0w8LWdyZWFzZSAmQWogcixOK34Kc1cvRVpiandaUHAvMXJvSUZoVzZPaWpx
L1ozeTdKZkcKLS0tIGcxTi9hZVVuWDZxblg2TEFNSk5zTk00SmtmWUhKb2FHc3JV
aFMrdUFPTGsK0DCthsP/cg/SkY56up9zt7WqxzMtLvo4Bv3O+EMK2WknyR/g+QJx
QKKBkILmt07R+MpDBlHA1X8AOH5iT7tNNNplp2dztzFC6pRL/v2hBIVL+abqmAMj
pG9TEt+FISgd1PxTS55cHugUaC8LJNi7wa/4sBwTTI+Rnl4KHZBo5BiGUq61dX6j
fd6pZXSmptT4dBVV2ZETyBYoOqe74cPe5gVQfVMzXI4xnKRhe9va4qnmoEZV2YQD
MUl8JtRGVbeIPvQdM8fQjcaZNNw5rhYMMadJtuo5beqG1z+i+tAxJISBv+NU3rNv
FTaDPKXlP1UvsK+SgPFZYI6VMZiFo9ZoMYSYiirO6jHXOQutzo11qy0wzToQTpU8
zRe9QbMzuhgGewQEfZYayQzTQa5yQDvCH1fTVqtcDeQVB1/xw9DpwLFDfV/kGN8o
T2KBv3d2hOqP74vNOoSMsBE9PxcB9hdKQ347mBueN9c245FuRH188+VV1wYG0CTD
ogd4zyt3NRT2HM06YiR5fNGo7kHLjoREPQFabiyKmpWIQ/Mpa3/fC7LaBZqQe1hS
fnhh3/STGv4kpAJN7iADrsqN/JDNAiAkTSWVHabu5zxPwOgRyQ4/HS3SpvhatNxG
TuNNiMKbn28rjaoRK2pepkw5RHbGLjtapiTqDF0uqoyQfPCL02NDToKprbuJYM7v
/4xhmREPA/FJWxMMDEGY+vvIlyYYHfaogipZpodT02+mjSLTeLIv7bTBFh+sD1M+
el7T6bKhfZo8dXqoaFyhAj8b0yCwVMeGmDIfnJmPWTnHAHPvM7iX2Xd1Q0fshgN+
BtU1GKIQs0g7W8JTcvtpZbxtB0phFQT0SJXdDoFbE1lQl13wcecy2QL7KHywG8/R
tSMKgSrhcb23BffId5a2xtLoYvr4EmxWHT8+4boWF0UwPArOLCH1kz2OiQb0/avC
Lm78KVqlIC0ck8dk6wDRUzGAFB4kQpsFEhfk+OHTQuhSzqFlo/AWsldNhosZF2SA
roOMZlfmabJPPPcidpnV+xbyzL7NWF5uPgJvVN4pDCcfow79g+QH2sztIjcFOLHt
5hZimXHm/0aVpxRbTKFOrEiDIthDK0QWZCxJCvl0BmeFrRzTtSNPUHlEEcVdcCFo
15kKS5BS4r4Ma7xD4Hdwn0DxjeWN69TGSrHJTNgCTiy9SG2roAp/gaB9aXHBTvRh
53kKFLNRe5yKuOeMIjH1Kbvh4G4nUoSKK0bFRbG6KUsDFh66g/OD84zQi53k2l/X
liGARABrqmmmuzUJEdfrV2EZuxj7xFAey8MBFGqdTn0ERugIPueJEM2znSkp6w+m
7fxx8JxL2B0oXLEZaV+N6jc9unBA/IhrczF3Mal1zVFx8GlrZyO+ZQmr9J1FkICc
BM6oxuMLb74J3O7gURSaSBBQJd3/bWukyGDZzSkhphiRwHQ+KAfbtEM18XknFiwZ
XG0bXNjMSGXMCDoo9z1YcD8DJRa07H4JoH2rElniTUVmussgi/k+thHojW2BURk1
iNrtBqIbP0YWnqBsxE/UWX630qY15+OfkWW0fd+wUUtV5CYFOaLDp273VOhSYLPB
3YBFdZH0VE8YH/ZJy6Dn8xigX4EWHB1ZdslHWwyPPRMX0CWIJN0flXdnQhAtBhHe
J2an1vTb7K+H0149FP5R9pJLMZDZu+TEY972c3Td/v4A2hQkEPqLnKy5sXqajFDk
u9y25CR1i4oSVeZqI5M6cFeiVchmzeP3TPKV9duLpL8iw63uUi+hKzkxC/CCA000
5RRvoN4+QaZnmkl3y2OuVbYVGdW1fK54
-----END AGE ENCRYPTED FILE-----

41
secrets/cardano/cardano-opcert.age Normal file
View file

@ -0,0 +1,41 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBxQWlJ
ejRsWG1HY2hHUDFoK1IrV1B6UUxSa2o2c3NiTTI1V2w5QmROR2hrCmI3OEV4cm4y
NlFVRm9BWjl6dTJkazY5bXIyRU56T3pLVnNkeDA5dXp5L0UKLT4gc3NoLWVkMjU1
MTkgSk00dDZBIEJ5b1EwQ3RuUEZXNCt6LzJ0YW0zc040czBDbVhwdDhCSGZkVUZV
UnVjbjAKYXNnUzFUS1BCTVJvaEg1dDNRNFk3Z3IrL0pBM3BKZitpNUFzVUFnWk5K
MAotPiBzc2gtZWQyNTUxOSA5aEV5RFEgcmJKOTN6L3NaR1NzSnhFTlNGQTc1MFhn
VVI2WWdhekdvS3RNOVdmd1hDQQpLSFNwMWhZZzkrZVRqdU55QlZkd0pmSUl1WjVw
QlhhTHRvNDIyZzN4UDQwCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyB2c20yY3lWS1Zu
eDliNi9CWHZSaWxiUkFtR0tGaEZhaDcreWlnRG0zRTE4CnFtQ0tkUGxLKzhKNWhR
VFVhcHMvK2ZUVFpBV2FMdUx1NEpzcmRIMUIvU0UKLT4gc3NoLWVkMjU1MTkgV2c5
M3J3IG42eUxQTW4va3BRbW1JbnhxWTA5NE8vazNUVzhzcEJ2SDhJYk85VGhqUjAK
Sk1LMXhSUXg0WmhnUVNKWDJyNTlCUFAxL3VpRWdkV3lqeXRwallKeU1hawotPiBz
c2gtZWQyNTUxOSBQeEt3alEgVzBFa3hjNjFYQjAvaHRZNk5qNE81OFRZLzdsUWRz
dDFNdjNXOVlXeStHUQp1Q3ZYMU45Vk84VENnYzlrWU81Uk5wTXlRaGZ2d1lwdGNN
NWQyNzdhQ0JrCi0+IHNzaC1lZDI1NTE5IEIzZFhTQSBCc1lDWEU1ajVENHpncURG
c3hERzBERStDN3BTZ1I2dEZNM3ExMDNSVjB3CkdGaGkrb1ozRjRpRmxBYmJleUN5
ODlscXdzY09VM3pBNjluSHJ5Mk5WaFkKLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIHZW
MFYvY1hXa1YvcEU4OVlaRkdPU2dWMFJCMjdvekluV01RTDB2ZjdOVkEKYTNhaFJB
cHVpRGJXNCszTmxTVGw2c0lhM3BnNWREVDFJUTZKL2oxWnQ0WQotPiBzc2gtZWQy
NTUxOSAwZHBkZ1EgTHFuS0VvRjNrRVo4UHRLVzQ0QSswN1dUeDEvQUhTTVBNeC9C
em5kaEpSVQpQMGNxZ2xrRnpQTFZXMGVUeXhYZWEvTUdRSVZMSDhrOWpiZ0MvbVZk
VUF3Ci0+IHNzaC1lZDI1NTE5IHVsMGt4USBsZWsyNmhRRGdZVDVya0VtUFUzSU11
bmdTU29CTmJrazl4REFMMGx4Q0JzClVtWUtJcUZ6V0lDODc5dFJDTHU0WklkT1Mr
ajMzaGtwNGRHM3FsQm1yaUEKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IHVJYnZrWnoz
WlJvWEkrVHFDSGhORC8rMWlsaUV0eTdoempCOG9yRDJ0RWMKMk5GY3FRWElYdXd0
bVBCajA5YjNaREtLNTZLZ00yaWFPMDVwR2djWU1DZwotPiBzc2gtZWQyNTUxOSB6
RzMrMXcgQW5iaHZJS3I5OVRHa3B4OXptQjdSbkUyRDRsNlVLVFd2WXBxVmpYeVlV
RQpONThJRU9vTHBUdWRpZTJ2UXRNL1RzNzU1cjVlMXN2RjNCeTVtcncyZ1BBCi0+
IDxHLWdyZWFzZSBPX24yIHhCPF9WRzkgRjEkYSBOWDM4ClhTd1RGVUx4NVNCSFAr
a0RHL3lnYnNsUEp2MFFJeVJha0EKLS0tIHNVVlBNeTZESUppNW93ZmlvcmNTWFV3
aFRhcFc4RCtzL2hOWCtabnU1K00K09y1sG6p0grkLk3YzDMSayhsnIyHVgTX7R7H
BxpIPqQXH9kvw6Bm5XkG10hmgSraLKfKN+tGceWGSZRj1AC/kicY6NmixppUpBRb
5ZrffqerYsgqPa7j2b/Cy/2ifmbT1/YfGhFHb3SImc7XeDZpvVxy4GJWDcUTkfu5
3434k3ZHGTDAULEx47Vd0o+QLCCGBIXIAzOXpJifzPuc1jjxTv4+VI2COQdD3cw/
2eSTQrxuJo+2iTgNkssE39xTyHxssKCZTBJ7ig1dRmI7B+xkCEGKgT33if03KvqZ
nPNJ8ul4Y6n+hrBa0LuI3suLW95wk/D5WjWouX3A8JAp+B3BN/Zl1Ov9LowccvF5
y6yTLTqbVZsCpccVr+lasJYl6/K5PEqReoMVpoWrEO+AZA3VEPu7GA/J8NBF8/fS
I6pPVI7SDTmpnA4/05izvNJtGgfc5q2BL83xkL5yy6wsDm+YhaoxJpb1zVPPmAVX
MdqFods3EfzXTlaKihLp9GghfQsZbq15HwAF3Q3szf11YQwR98w=
-----END AGE ENCRYPTED FILE-----

38
secrets/cardano/cardano-vrf.age Normal file
View file

@ -0,0 +1,38 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBGQ0hB
K012ZWtYKzFYL3dGcG4zK2RCYjk3R0wyWnBNTFNQajNINDVVNFNVCkpsalhDTEtj
blJQY0MyV3lwc2p1M1dkdVAxSWpWY29IOUdoeGxFeFFrRDgKLT4gc3NoLWVkMjU1
MTkgSk00dDZBIDNpbUQvd3ZBdlZDQzY1UU9FWk5rK2loYkNDaTlmcG5VWm00WCto
RXlUR1UKbnVGNnZ3dTA5Q3hTc3YzYlV1SkxqMFNEQmJBVU5Yd215ZmtEQTFhN2dK
SQotPiBzc2gtZWQyNTUxOSA5aEV5RFEgbGYvYkhyWlJNQzQ4NUFUbENHQlZxZlVM
UjE4d0FEN2pJUDVFVGRjTy9XZwpyRE1hWHpNZ0pMems3TnhJMCt0RTFObnFSYWpC
dFpUTEFIOEVpU3BTWXBJCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyA0QmF1ZkVRR05w
cDV3TjVNWVgwTE1YSS8xbGJkaGFvZmVWZm4yWm5xRG5rCjRKQnJKbGozeUFqTmt6
NVVqV3hoZms5Z240TU4wY1lCL1l3UHFJdnpGbzAKLT4gc3NoLWVkMjU1MTkgV2c5
M3J3IDBSS3R2dXk3NFBaZElYWDI3d3Btai9sMjBHV2xvSnJyMXJIbDZheFZiMWsK
MW9rMkZ1UEJ1VkJJSGNCcDdVWXdZeFgraTBhbFphT21ITmVSWUpDYUJqYwotPiBz
c2gtZWQyNTUxOSBQeEt3alEgY3VKSmNaWG9uYnZaRG9oZHVCek5vQUQ1dmwzSGZC
UHhSZ21NQ292RXpqcwp6WVU1MFV4NjYxaUhkVHIvWHpQb3AwaU5zRFVRRjBSZEtj
UXN0amtncUg0Ci0+IHNzaC1lZDI1NTE5IEIzZFhTQSBxU0dWSnVPaUJEYmdpSXdQ
NW4zcjAyN2NwTUpRY0Z4OVNLTEFhczJDazBVCnNNYm9wNXpBWmJjSzVUQWw1amE4
ZGFwdFNoUHFvVXpZTWk2YzdWakNTOG8KLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIGxm
eTgvWjBIRTNUVzdlSitoZ3RrY2JpR0UxTWNBdVNmRk1VbGd6S0FBV1UKaWRnZ3hG
M3grNDN1Q2FIbmVLTGp6Vkp4YTVwSWpnT1E5WjA5M3VDRFJPQQotPiBzc2gtZWQy
NTUxOSAwZHBkZ1EgdXBucnhOVThEVFJKNXJTUXNpOVVHV0FzR0ZBbjF3V01oeG5i
NTZieTgyawpPak45UmRXOUpVREJ2MWhZZ1orWnFaVTJ0Rmc1TzlVb3BhUS9jVU1T
NXpvCi0+IHNzaC1lZDI1NTE5IHVsMGt4USBrS3AxaGFHd3JKcWtHUWt2V2xUNGZs
ZjFqR29yNWdxQzM5MU5PQytGaVdvCjdpVEZaZnZjQnU3bmIyTVp3UlRuTnJxYzZp
NWxIN0FIZ0ZENzhLNUk5SHMKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IGZrZ0U3N0M5
Lzc1ZlovK29OV1h5QU5ZNkhaRFdjNWRQcHF2OWl1M1Jzd1EKYzVHdktjZFZ5S2Ev
TWsvd2hMV1ljS1EybHVjNHdYNUt2b0wxTzA2TGtGVQotPiBzc2gtZWQyNTUxOSB6
RzMrMXcgV0RrU1lnTTZ0L0o5RlIwbUZUNVlQaEgzbGZadmtIeVpmQWhxV1NyY1J4
VQpVQWNKTGlTUElBczNuTlVmbnUzQXNIbVhYYW1jK1RyRlZWN0F1WXVHamVvCi0+
IGNycy1ncmVhc2UgLzdHXk1HQCBCCjQ2a05YbFp6Ni9DRmJoQ1lVVEFpNXEydFpI
cHB3TVphSXcKLS0tIDdOajBjU1NqaXM1dFo2Rk5mWWMvMnpMdWJVcEZZY2g0MWlx
NWhkaTJPKzgKOTYgpJXvf47nS1vCC2kA3G7+oplnot1p73dyTg7kW/mJUeBhXqjf
OX24j8Ovx9paVbyCMIvyRjEJzL58m8S0hFo1wDTL2HGIopyAFIXNTu6ScUJKqWMw
HsB8wZcMxlQghYv0ABmqZJwNqFCRf+CbXeGBqGLNC1WtYndHXj68i7diqTF3IxYs
wpxk3rjLaeJdgSh6+frIb9rh7mck7brKJrPU04/RZBx9EJ3nGPFVBPYK8zTezqCD
cN4rv7deV2dwS7nj7laPtzhignXP0tJVvuSgHYwqh39U//1Lv9y1xoMyEbDNJqcP
AIkapF5A0uv5sL8OoQbfUYqO1xbf8/IRsxJP4ybTiA==
-----END AGE ENCRYPTED FILE-----

35
secrets/coturn.age Normal file
View file

@ -0,0 +1,35 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSB4c1pK
YkY3THNkS1BXN3F0bVlkYjB0S0syQzNEbDJNVit2M2Rab2RCSjJ3CnpTM3k0QnVE
UWU2QU8yV01rY2FuaGJsZTZjd2dWY2ViT3BxWExhUTRNU1UKLT4gc3NoLWVkMjU1
MTkgSk00dDZBIFlJQjJGOHpkQXJtdkM3QkxSdEtTeDVzU3Y1MzNtVWZOU0tDRDd2
blJJZzQKdWlTVi9sN0wvd1NIQUVhV0RXUktIQW12aUdaWDRUUUlkeXB3QVRENndS
bwotPiBzc2gtZWQyNTUxOSA5aEV5RFEgVHBrRk5LbHpPSkFNTVVFTXRJQW03RkJQ
QWkzdDQ2RCt1aHpTdHdZTnlrRQpVYkRDTzhtQ0lYMnlZV3pFZlgxdzBVVkdMeVQz
WlJkQjIvUlNaNmgwbkZjCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyBndVpMWnNOVzZO
VTRHRlc2NHU0UkEzMEpOWHByUXluVFpSOCtRWVhEcHpNCnhIaUhUUHVjTlhPY0lW
TFd2MmIvNForbjZPZFJKVDh3QWZSejh1V1hSVmMKLT4gc3NoLWVkMjU1MTkgV2c5
M3J3IGErUzhFd0tUUndMbmVqakt3SE0yd2Y0TGRSRjBoMVFPR2RPMzV3V0RHbTgK
eHo5dE1oM0RNL0RuZEVMWThlUUJiZGI2VmZvVDlpY21WMisrR01oK3VmSQotPiBz
c2gtZWQyNTUxOSBQeEt3alEgVUwyL3VFUVlSYjQ0OFhweUxOWTNablQxU01KZjBD
eUNrd2wwMVlwZFJFRQpPWjUra3k2TE81R3V6WXRFY2pXWXVvVS9qRjZOMjdPZHVu
Ri9lV3poKzRFCi0+IHNzaC1lZDI1NTE5IEIzZFhTQSBpa0NxNTJnNXZNZ0JtUmly
cldrTVZ0MFU1d0R1ZnNzUUNOR0RmdWlTUmljCnhuWmdZNndwVW8vYWlxclZQK0FM
RVVnN0dWZ212U1pvdUd0dnB6SmtUNnMKLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIDFs
ZEtBZlc4MDNmcWtXUU9mKytZN2NxUmJ6SFZvcFBkditiNE1CN0piaWsKajJWMHVQ
bHh6ekV1d3M2T1RzaVdDZFhaNlJyOFRlUGV1YnloZFo0OHl3MAotPiBzc2gtZWQy
NTUxOSAwZHBkZ1Egd3doZGorWWpPem1kak42dWRicGV3ZVlKYjkwaUxEQXZQcDdU
SkN3a29Scwo1UVVoWGpucEtxRUZXd3czeDkva1YyejQ5YzN4SGx5eDFhTHNidFNj
SXVVCi0+IHNzaC1lZDI1NTE5IHVsMGt4USBCd2srQVF3RkJWbE8wRkJNWnNCU3Mw
cWNDbzN4YmhBL1ZlYURuZjVVT1M0ClBUQm9FVG9mcENSZkNCK1ptcVRVQWUrL2Zq
ZERWSFNPWGpXSll1d3BkOTAKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IERKQzZZd2FK
VGJvdGlEL2ZvOGRlcXNXOUpybjhCZmJ2NFdmQ1gxWERKRVEKTXpwWmUvZG9UWUNR
enRNUXBoa1RKUmpCTzVRWFJtL29MNHl3WWl5b2R1awotPiBzc2gtZWQyNTUxOSB6
RzMrMXcgeE1nMm1HdmhQU1ZYZkRBYml1NGdDaHZ4TDB5cXd5WHgxTldxckZaTEJ3
MAp4NUlKYWZmZU9GZjVtVWNOQkJmRk1lWXpXY2dZdXFQT2g1VWp0QU56WU5RCi0+
IHhRTC1ncmVhc2UKR01SMi8wNnRmNFloUDM4WksyREYyVGJ2ekVrdW9rZkg3MGk4
bXJtRgotLS0gaDhiRHR0TVRObUppaDFjZFljYjVTN3lzTzVKVWdyZFRXNkFteEFs
UG43NArxMjjfXgYBXhon0SSpyPNqUQXp7jU5s7WKzj1OnjNgFYT4/9FxuUWVmf0A
wJjib8jXUERlIahSbcBUyTo3kLLLBegQRIbwjZdYhAFekYUE/Lr6pvQAaDwDf1R0
1LaHz9Zy
-----END AGE ENCRYPTED FILE-----

35
secrets/craige-ops.age Normal file
View file

@ -0,0 +1,35 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSAxQXRV
TE5GcXp0ckxqbml4Z0tmdERnT1QxcVpOSUxPUER6bFBSbEhZbTJ3ClJGWnlTN1Rr
ZStKcmRIOTRyWDhkMVRpYW50cnJUSzRYcm9LampkRWYreHcKLT4gc3NoLWVkMjU1
MTkgSk00dDZBIERxU2V5VDlJd1RsQWQyQ213NzVTcFR4UkpKWXFKUzZUTmxmUjlw
M2NRaXMKWjI1OEdDaFQrK1R4TVdwRVhGSlo3dzVoSTBTR3RwYWprSG82cTU4Z0xo
QQotPiBzc2gtZWQyNTUxOSA5aEV5RFEgYXU2Z0ZvNTd1U010TUcwVUtUeUVqUitC
dHpRQWdUYnNzQStVSTAxMGUzSQp4K2hPSkRINTRlOWNic1lIU1kwQk1YT0RGYU5y
OStONjFSMlF1OHlIT2JjCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyBDOW9Zd0NXazJM
ODVDYkRoSWdoK2JDZzI2UkVpb25NTTVpNFNDN2VXcUFFCmFpTVNZN29TNzlYa3I2
V0VWMU5aWDZqV1E5cUpwcCtHL0RuUkVuSlpRbDQKLT4gc3NoLWVkMjU1MTkgV2c5
M3J3IGgzZGM3d3J0Wk01RVM1U2FkL09vRUFHMkliSnBiN0dMbUJ5TjYxdDJEMlUK
QzdqVjgveUhlbkRZdTk2cUNmenpjM0o2MnkrL1g3c0VGUDJQZHgzWncxawotPiBz
c2gtZWQyNTUxOSBQeEt3alEgWnhIQlgrYUI5UzdqOU5ENHZteFd5bFd3UEVVeUE5
NkFubFpzQ24xVXZndwpkc1NtSStzYU5hWnZXNXRiYjBqMWtSSmcyMkFUeUR1cDJq
eWNnNkZoK0RnCi0+IHNzaC1lZDI1NTE5IEIzZFhTQSBmRUViME5ZYUZ6TExwVW5H
ZUZaTzhmWktzSjZ2TDdLY2IySzRSL1AvUzBvCllVaTF6NFJuUi9CcHBFT3huWS84
Z21Xak1RbmI1Ykh5ckR2V3BiK3VLYmcKLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIE9z
L3ZDUkhDbDFxZGQ0bHppVWtMTlc1M1Fpd2pGZEFaV0lad00rZXVRRU0KaUNPT3JT
aEJ5U3l4RzVkSnV3MmM4OFZXQ0RKQWs3NmtnYXB1RTMxc3FXTQotPiBzc2gtZWQy
NTUxOSAwZHBkZ1EgMi96OFRxcjNveUdoeVNtbnV6YnlOOS9TRGxGWWJRYjJDWXlB
R0Ixc1ZnbwpDOGVrQktzSWRETWErTDBOSHBsamlIeng2akJ0Ri8wcWZidTY0eUJV
cnlzCi0+IHNzaC1lZDI1NTE5IHVsMGt4USBaYjRFZXdjcUdsZVBjYjY3bTMvRU1a
c05WY09kMUNCYjRtRGtYZG1iNjJzClRWUnVnQU56QWZOTkF6ODFvOTlnZkNUeWNC
OVB5bHBwVzRVK3BRdjRpa2MKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IHJGa1poNzR5
cTRpNStvd0N4N0lFS0tJYVB0UDZzSHVFM1FHOWtMVFNMaFUKK2pKNUFNNE55ZGJj
TWNBbzZNSnQ4eERHOWs3YnpQSDlwS2lzREVsQzhuSQotPiBzc2gtZWQyNTUxOSB6
RzMrMXcgUEdobnlFUkNZRkliaVRJR0dHMDBDN1dLK3FaMFdwQ2gxUTIzWlZ4SkJ6
MApLbjk0QVVPbytHazNqL2o5RWM2clZzRzA4TkFDVHlPM3U1aE9EZUJ1VTJZCi0+
IEdFWn5dJCUtZ3JlYXNlCkpwUzlWd0VPNFp5QmFKWG5PUGF2NnpLQm1kODFJNXpN
NjBvCi0tLSB6cmJDT0lVZEFiZlBoQUd6NlZubU83QkNIRVlqSjhUZXRrUUFPVXMx
QVF3CqjMyxbHnczjBeKEemv2tEz9t9yDBYttGCcKCNfVKOpaKHMLcHU0ycC6dZbf
1d3fXDeAh/87g8RUSMpJfchDB6VpM8xXJgb/214VHDNyPBbNuzSrZvlA1ibwPWKh
U+XInONTk29sg7jHiJlgS6+9Y1aL1vXVOkdNMq718/lJBwSSu1+v
-----END AGE ENCRYPTED FILE-----

36
secrets/craige.age Normal file
View file

@ -0,0 +1,36 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBhSE56
N3RlOElYWkJYbWE1MXBFV1lVcW9Cdk1Uc1huUmp5NU1ZNVJjOVJBCkNqai9UcDIx
RWxpaEZJQmlKamZTWVVyd3pBRUNCajhSR2M1Z05ja2QwMkUKLT4gc3NoLWVkMjU1
MTkgSk00dDZBIE1DY1hwNmdzZDhqYzZ6Z1NpY0tBZmUyQ3ErdXBSa1ZUV29hci9i
VE5jbFUKbW1pSWc4d3p6S2F3dUFwb25wMHJsZzZYMzZUQjFrM2gwYTNSRlhKUHl3
WQotPiBzc2gtZWQyNTUxOSA5aEV5RFEgeXlzbmllaUpzbWFoUnpkU1RwVDNkd3Fm
Y1p2VVIrRmdISFdsUllOaHYwWQo1ZTY0N0UzUjdVTWpKK0VIbXJJdC9QbCtaa2Fn
Qm54S1lxSVliYzdPWXNJCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyB0MncxeVdkdWZ0
MXhvVnhtTVFLVkw2d0gvb01yakx5ZGQ3c2ZKSU1mZ0RrCmZiYnQ1bFJMeUQweFpz
YzBtNUpSYWI0TW9oNzFRWWxVekFmcEEwRXk3bjQKLT4gc3NoLWVkMjU1MTkgV2c5
M3J3IHJZUXdMWktKNGdMb0t2ZWxkcE5CeWI2Y2xpaFBVNEFRQ2hlb0FxRzhla1kK
clg3cmpVSTJZQlU4aDhoWG1zNzRiR0tLTjI1VS94VkM3eVhUU3JRbmg3cwotPiBz
c2gtZWQyNTUxOSBQeEt3alEgSzd6TUp5ajA3enFxdnpuenl2TlJzSW02LzdJS3J3
a014NW9wWVNiZVB5ZwpacXNXQ3JHeHUxMVorN0xISFZRUm5RSXl4RlgyYWJLNlJN
TllKME0rZ2Z3Ci0+IHNzaC1lZDI1NTE5IEIzZFhTQSBTRXYrYk9FVGV5UkZUcmZ3
T1AvT2l1d0NmeUhJM25POVFFQVdXdk5NaGlZCi9xbkt5VHQ1V0gvMzVXZ25CNlYv
dDBpMURza3MxZzNyVm9VbWZYdnc2NkkKLT4gc3NoLWVkMjU1MTkgUWZwS1ZnICtT
cG5uYWFtZUNYUkNpMlNyb1JkOVFkUDA4WERQaWQ0Z2JEOFBnOFdweHMKdGtxV3hV
ZUNTS2hpOU41NkVxMk5yUFdka0x1WlhSZ1RMMFNHd2lrTG5xYwotPiBzc2gtZWQy
NTUxOSAwZHBkZ1EgUm1uc2FJOUdKbHpkSXRvcHBINEU5QzQ5aWliYm42OFNZMWx4
OTRURGVSYwpJZVpoL09QcW9JZGJZc21BNUliVWVKQlMraXV3U05seTVQUUNJZ1lF
TjVNCi0+IHNzaC1lZDI1NTE5IHVsMGt4USAxWWhMK1lGUFhBanFMbEQwVTgreEcw
a2JJcVFla3ZmOHZJK1VPTFZuRkNBClB2ZDVBYTc4QWZnUDdEdFdOZkx6dnpRZTkx
MDlOZitJd0NZM2V2amNUcmsKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IHpiTGZmMFUy
MlZyZlJMa01GVmRsQ0hFRUxBWituMkE3S3RPRUJLdU1LbE0KN1M4RUJoVjVhZTRs
K1g2dGEzMjIyaWFEaHhIQ0tkSDFGMVd1WTh0Um1kZwotPiBzc2gtZWQyNTUxOSB6
RzMrMXcgSkNsTUlxZ05jcmp5bDJhclhEVldjWXR2TWFreTdSSXl5MFNXMUNxWDJX
QQpHQ01ZLzRXUTNJTVJvK0dHNDZoTEtFaUpRRFoxUGFUampSRzREUzBtbU1BCi0+
IF5bSEdnXH0tZ3JlYXNlCjBmSlA2SHREd2cycEdsZGhIMVJhUDZ1dXVjYnI1eURL
dUVDcGlZb2ZwaFZPTUNZeFNXSC94OEtYc3pFN3RtZUsKUU1qS056SmVidHZ2c28w
Ci0tLSB4SEdpRXd0RUxmVm5lVXJaWWQwbFFNVlo0SGxBK25jaHg1Umt2K1dsL3VR
CrLdgAdAyLUrzRwPhN0rl5DD6Z97AYiH44VcKrqZzkZYbhTfhHEHE/LwJIePAOiO
WHEYkWQtMOfaz1t6Nwe/bjG1VLRkttWRQNKWEewxG5c5NppWcgDIrd05DDX6oiRi
/oGAp7PVaZwkvgOwAxtD5OS/jTT+BzV2yGCBoLNSuqxF9VCL1yYtYzllBQ==
-----END AGE ENCRYPTED FILE-----

37
secrets/fiona.age Normal file
View file

@ -0,0 +1,37 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBqb2N3
cWFZNUpscUpmRm9oRTgwOWU4Mkhpcm1CdUQ2alB5RW1Ib2p5S21zCjJqQjhobFI0
MW9SeWJldWdiMjMvQWxDYkpBQ3VMUkFnT1N6M2ZkNEdGTFUKLT4gc3NoLWVkMjU1
MTkgSk00dDZBIFlIZEFwSVFydytDNXIwdlFuNC9iWnFXOERhV3BNY3lxdzJmelU5
OGpRMDgKc3VGa3NBWFQ0UVR3WSs1TVBIQ3BQK0t1eU5FOTVpVnAvWjJpT2hoSGtN
TQotPiBzc2gtZWQyNTUxOSA5aEV5RFEgbS8xemZwQVhnSXB4amdNQWsybUdTblI0
anYrWWltYnFTaEd0SGpxamlYMApTTXNwZ0E0RnV6NHVNalFGc3p0VDRFRXJEWW4r
ai94aHdyeGIwdzdHT293Ci0+IHNzaC1lZDI1NTE5IHU3WjNqdyBxSHZyTkdodWtl
dGdKemxTd3JEdzE1MFVVM1lsM2d3UE5JYkxsM1F3ZzBBCmNpN3FHaDlGOG1kSVFl
Y2NuN2NYajV4K2pWdDhMa2E3eTFWRmJacXo3UGcKLT4gc3NoLWVkMjU1MTkgV2c5
M3J3IHV3TzYzZnlvNFpBQVE5MzRpYlc5QmZUOHlYbGs1QXJZZE1VdkdLcloyVWMK
RTdDakloVzBnYkNNQU1FOGtCWnlkRUdjZVFtcEczNkRwN1VUcHhveVQvMAotPiBz
c2gtZWQyNTUxOSBQeEt3alEga0xYNjlOR2JmLzd3amcxQ1AwQ3VONXIySDNHNG51
cWlYMWNUd25mRVFtawpzdjRpR0pwN0QzOWdEeHFTYTJQdmc4YzlkMkhNUnBaL3l1
T0JoeFVMUHkwCi0+IHNzaC1lZDI1NTE5IEIzZFhTQSBvaE50ZjMvTTdDMUo5ODFn
M2tMcWtvb3VqbWNBNFh1NlhIaVVnUk42d2dzClVOSWw4YnB4eXI3cysvQ2ZTeFdK
dFR2d0EzR25DSDByaFRyZkJzblpwUDQKLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIEla
QWcxUW90eHFkbUx5b2VpOTA3WXQ1Undud1ZBV3BOdWp4Yk1jV1UxU00KRzZpQWpF
Y0NOZDZYWE1uanFYMGU3YitVcUVhMG5rdkcySHU1NTB3bk5CMAotPiBzc2gtZWQy
NTUxOSAwZHBkZ1EgbkdKWlJDYXpVbmE0aGZrR0pQYnFFVFpsbzFaZm1rSU8rY2hP
aFBaU0FGSQp3V3gwQTdhZG5UVDhvc3hwZlZEaGtMc2U1ZGJsY2dvcE5GMi9MUnIx
c1MwCi0+IHNzaC1lZDI1NTE5IHVsMGt4USB5dTBSa3hVbmpBWEFyNDFvU3gxQlpE
c3krU1c1ZWVlY3FkbjREMzN0czFNClJKalV5VDdxbnErcENOWnFzSXkwajhKcmt6
QW5sdGtlTzZiR01sdkZEcUUKLT4gc3NoLWVkMjU1MTkgWnc1SGt3ICtsSHdFaGlP
Vyt6TWJ1Q2kyZDhmNUFQbnltcHdhaXh2NXM0dS9Bb2dwamcKcjg2VWZudGFvZDVK
M2pQSUtFdU03c1hWWWNqcXQzTDF5RHJVZ3lPVFNqVQotPiBzc2gtZWQyNTUxOSB6
RzMrMXcgMEk0RGFQa2YvcHhRTklLSjBCaFEvb09seU9pMHVwMXhzL05HY2xhWTFt
QQpXdGNUeE5vbDNXb3FDVGxMdWt6MHpDVXQ2UWc2R1lzdnJvSEhLalRxMFRBCi0+
IENKKjlNTU5dLWdyZWFzZQpHT3BtNFJPdEdFdzhSbk9Ud1JjdmZmbEJIaFlYbkxz
N3VCMTYxbEhrN1VFckQ2ZDc3aUt5MEE0SU0vYTE3Nlg0CnI2UTljOGdiK0h0SEps
WmN1K0hqa2VUVnJxMk94Tm9ORVZ4ZTdqLzBidk5FNmh1OEFjblpTdwotLS0gYVQ2
dC85STBXYi9IRnFWVFdvTmRkUG15RjkwTkFnQlE4Ly9hVGk3TWp3NAo4cVH9Y1Kg
1Z1zTvAW9/e6QpBBUQo/9eoyXpwmCE1hLaowxGUf8gvsWAMbVQTdI8NsejCyM44A
l1+EhywFfBNQXGwnsBjPUdnenDcqNhdO2LHybqvvdhWOYC+J5JQjczxdZ7myLtP7
VKyEh2ac3E9d6OQqul5zaWfbiM2vcwf+0O1r04Gfvc7j
-----END AGE ENCRYPTED FILE-----

37
secrets/hamish.age Normal file
View file

@ -0,0 +1,37 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBNZHA0
TisvQWwyUXJJU3JBd1pFeWZSVWNPYnBQNW5MMHN2ZUVCbWY1S3lrClBobFVsbFJj
QjNrQ3B4eUJBVTNrSUxYd0R5eXd1NUpkQ0R0Ymd2ajlPdFUKLT4gc3NoLWVkMjU1
MTkgSk00dDZBIDFMY0tKRU1jazFscFRSdTlXMDBPdWpldVZIRjdiNGhBM2kzcGxx
UXNjbGcKZ2N1V0dWN21zZ0V2SUxMQUNJK0R1VlZCa0RKMVBLL0lhQjN1RXBEbXVN
QQotPiBzc2gtZWQyNTUxOSA5aEV5RFEgb1RhSWtKTUJMVGpxSysvbExxRUY3bGg5
U3VvdHNOaWE0b2piYkcvdjBDawpiOC9LV2FldXQ4YkNRbjJqT25sdEpabG9TRHZV
cVVvZm1MVFR1QmZmVkdRCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyBZUE9uYVg2WDg1
S0dtV3BFYmppbnZ3MklFRFFXdVlGZkpmUjg2d211RW1jClNad2VZU0REOTVrREJE
U0lGc1pUejBzRkFHL05HZ0k4czgvUTNWR3NaMXcKLT4gc3NoLWVkMjU1MTkgV2c5
M3J3IGR0ekF4L0FSaEVBR3BJVXFaQXZjNktHVmN6TWVXbWdkY0JBOWtGVzczd0EK
RjUyQTJrWVdsSXZUcTFFM0dzTW5HTHJxeUR3VDVnaXpHMWdTeHVXclhybwotPiBz
c2gtZWQyNTUxOSBQeEt3alEgWndrODAxRlE3cmxNL0ZtTW0zTlI3a0MvZncxZFE3
NS9xWWdMck9pbkF5UQoxRUZNUUZaMlI2bG1JNk5kTUd1WXhoZXNrcitlNThVeU90
K0ZvNEN2Y2RNCi0+IHNzaC1lZDI1NTE5IEIzZFhTQSBqNlF1akNrQ1o0UXdJeEc0
dkgrUXNuMHp5VUU1eXNJUytRY1VXdW9aTjBFCkl2dHFyNkF5ckdTU0IzVzF3bU91
eWhReElJaysxMXdsd0hFVHYwMk1qajQKLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIGd5
eXlUMEpSZGRWb0Z4OVFFelN3YlB3dklqT0ZrMVcxMlE1Ulc4ZHkxbHcKOFZvd2I4
NUNHOTRrc1NWOGxzeTZhOFMxbUdpNklPNE43bFBMLzdxcVZHcwotPiBzc2gtZWQy
NTUxOSAwZHBkZ1EgUXR6dzlqaFhCS2FJSERndFJSaEkwRFIrMFpybnd5UTdaQUZM
cmQ1Q3ZSawp0T1ZnZGxIZ0V4QnFsTTB1V1NWNDdMajR6dEc5MmpVMThKSHNrMHVV
STFnCi0+IHNzaC1lZDI1NTE5IHVsMGt4USBqV3hXSGlrRDBNdWhmTEZRN2NLQkNu
aWFOeERHNm5UWllqRVdFMnMwN2tVCkVQL2lCMXhCYTVpTWJydEJHZmd1UlJ0T3J4
Y3RLcGFqOVhuQTVncEc4QmMKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IGJrYlljWndR
aysyNVExcnZKY1V4OHVnSzhpNFYyWUJTZy8yb2NpVE1FMHMKbGFhQlBOanhUaVRT
L21UWjNTNUwvMnh5dnpsTWRGNWJnbERoZ0cxMXVKdwotPiBzc2gtZWQyNTUxOSB6
RzMrMXcgb0RSWXhSYk1USjRLdk0xVndRWFNrVVZpVE1ldG5qQUNGWFd2ZFRkM3lR
WQphYkdyMjBlRkkxRUR5eEdxOE1SMHh5N1VQUHJmRFdKNHdrQUxWUWIzZ0ZFCi0+
IGA+TXxpRiFgLWdyZWFzZSAsIDZxfSVBeCA4fjZyCkFuYlBPWnQ1SDkwVFdiUFpr
ZC9MblJJSE0yRWRXQ1RuZFduMVoyU0cxRjh6UE5qWHpQeDNKY1FHKzJHUkcxcDAK
bVBXZmV6YWp3RFRaalkrT2JPcldaZ1NhNFljCi0tLSAxUUM4b0N4YTdMOW5rWWZ3
RUtNV3VBYWV4bENhbFJZS2ZMUzkveGtabUZ3Cs10FGWYdOYr63rRA2P7jM9HI/9a
t2gFVJyA+AC0hPl/pDVabyrF48d8lWzk1IwVe3jfP5QHZxhHwc9vuu0crw3EJAmK
Q+QgythEzjF0ftCosDXLg5J8A3lkPlAe+km6T294oFxTW8pG/h8tu4rKukJWnYSU
E09AHZ795YX07jKvrN/U11HRd8g=
-----END AGE ENCRYPTED FILE-----

37
secrets/logan.age Normal file
View file

@ -0,0 +1,37 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBsSURv
VzMrb2x4ZHBEdjB2N01nZTBtTzlOOW9JYnpLZ0hhRHFJRmd2cFZRClFVaUtVTWFD
MWdtMTczcEhZSEVRK25aM1djN3p3MVlzSkp4UEFnOStxUkkKLT4gc3NoLWVkMjU1
MTkgSk00dDZBIGRFeXkxMDhBYVFqNjdyLzRyQ0xHQWtib0JHbkZnK0R0ZTdVeHRm
T0l6azgKUWZobTdUYkphUmZBQWRocjhIcEF5eEk2amt4RDRxWjBFOFBjcWZ2dXQ1
bwotPiBzc2gtZWQyNTUxOSA5aEV5RFEgK21WdkxyQmNFeXhMUXF4SGhWczFqczRG
ZHR2ZlIzaDNvc2Yrd2FPOG5RWQp5YzNBTGlZcXZlZ2M0VmEvdkxRNzNVMXh5K3FV
Ny9pZmt4S0dIakd4S2c0Ci0+IHNzaC1lZDI1NTE5IHU3WjNqdyBDbHFFRTFDaGRi
MWxpbzFYa0tUTUsxWFJya3hGUjVVVTIwcEpxNFhyNWpNClUwV2pCRlhXNWhwM2pk
TWlTeTVrbS9lN2wyU2JTVnhUb094Tm9OQ1VCMDgKLT4gc3NoLWVkMjU1MTkgV2c5
M3J3IE1nL1ZaMzVZc1RHNXJycW0xaFBuVCtDS2YzRTVPYWZ2SUVpVmN3NVBBUU0K
TWc0Um4zNTcyaW5NUHRxS2dsZWNZa3FwWVVnSU9EVk9LNEVoUVN0SGg4ZwotPiBz
c2gtZWQyNTUxOSBQeEt3alEgemRWUm9LVEwvYkRtcHRjUzExeGZENHRUMWxGSkU0
TWE1NnkraStwa0REUQo3Q0ZtWk9UTmsxMG9aNE9uaVptd3htZ1FCQzFZM0d0Q1Bw
TVFoWGlaamVNCi0+IHNzaC1lZDI1NTE5IEIzZFhTQSBuSUVqVHlJTGVKSTlydGxN
eUZjS2tybjJ0Tkw1ajBoRkJSN3E4SnV4RnlBCldES1ZvT1VObDhnL0FHUUVreW9F
bTRCMCtES3NJbDRhRjE4ZFU2VDdHTDAKLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIGh5
M3NBcFhpWXdjWklqNk1vMVZXRFMybDgzVTVXZE9uUDhMY3BQOXZIMVkKak5reisr
NkVqSFV1UFZVVWFxVmNBN2xGZ0F5RW10QmU1U05lNllHR21XdwotPiBzc2gtZWQy
NTUxOSAwZHBkZ1EgVzRWSFRCSitURWxEcW1Oa0ZXdkQ4SyswODM5cDVzWFpwT0hO
aGE3OXVVcwo4SFJsRGlGdWhEK0JUTlR0am0xVG1JcjR3Y2lJblVsTUJtWFFlZnVn
ajlNCi0+IHNzaC1lZDI1NTE5IHVsMGt4USB1L2d5SDJVTUp1Q01kYmE3M2wxc0JT
QzdtS0hOTlY2NUhHaFJHUU5HVGxNCkkxV0J0OC92TUNIMXh6aUJIMkxYc2x0bzF4
OGRNcDlneUdTWUR4TWdvbTQKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IC9XeWdBR1lB
RThIbytIK2pJUjl0Q1NyV1FETUtad1BPTzczVTVwK0pSQmMKUjJpRW12Z3hOQ1Js
V0h0bjg2UVhFbllTK3ZNOEZJVjlnS0d6bS96bUpMTQotPiBzc2gtZWQyNTUxOSB6
RzMrMXcgVFFnMXBuVkMxOWxMaUJKMmRRQ2J1TXlhOHFITzF2ZlMwWUwwYjFzcFFo
dwpGdUJsdHhCSUplMTZnWkhPM1RBZWs3cmFiSlhhTnBBZlRTTGtiZWFjTEZJCi0+
IE93OCk9Ly1ncmVhc2UgalVrLFEmMSAwb09BMFEKZUV4YWZabnU4S2V6T3FyUUk5
bEZYU21WN2s5czA4WGg2T3V2dmM2bmE0QUMxbVNYNjlOcUVvTkJvZmY0V0libgp2
M1pOUnRVCi0tLSBXTEhsQmhlZCtwMVNyY0dadlcyKzV2U25sRWoxMzhEY1l5KzNS
cVVaVnJBCsyrUAefxlWiCVPCOzXHaPlmcXrvChiS7udyIfSXKaiN4N/dxW2Y1h/F
unCbKUkW/qGO8cqyHzbudwl72iwRK6aqqmRVkTk8wd6+0XeWdPmxJCR07AMe1DEx
afv5xFidKkuaiglMPxI6TCy+YVH+2BQPhkEquvSkhJjnWJXqj7S/KQ9+Fjlz/ZcQ
zR8=
-----END AGE ENCRYPTED FILE-----

35
secrets/nextcloud-adminpass.age Normal file
View file

@ -0,0 +1,35 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBlK2lF
RHorTEwvNGIrQjA4YmlMM3U3UTV4WGZzZ1RvZHRKT0xhN0s1TVJRCmZaaithSTZZ
QmM0RHBkZHhYelZ5dHc4OXRNMkVGM1REcGVwbi9kaVJaUHcKLT4gc3NoLWVkMjU1
MTkgSk00dDZBIGhmaGNtNDJKa2F2UWszOWZRNnpLVHpqNzZJdTkwMmZVeGtTVmpJ
YzdiUWMKT0ZtNWtidGE1UGJTTDd1R0RCNjh4aStDY09zMFZ4OGxiM1Z6RXozZDdD
SQotPiBzc2gtZWQyNTUxOSA5aEV5RFEgL2hCQnFVU0VXd3NMVHpab0dWK1ZFWGFx
TTZ1UGVmSU9ZVlU4TCtWOWRYbwo2UmtKellzYnBuYUVYZnpxdUN6bHhRSkU1UW5Q
eFBhZVFZS2oxa0N1c29ZCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyBTT0REVTFEdjVS
d0dyR0N6R3J4aU9CdkhzR043UHdidUFaNlh3aFNKSW1zCjFpM0FLS292eWJidy9N
UzBtQ3Z3cUpZYWtiZzhxbU1wS2ZNeE9hTWloUE0KLT4gc3NoLWVkMjU1MTkgV2c5
M3J3IHB2RFNQYVNkdGRMUEJrZGI3bTUwTW1Wb28vV2xDamdtUGI0cnliWHUzajgK
L3RDeFBNcXk5Y2Jua1N4dGxmRktsSkFoOVowYUlVTndnbEdiNlgzRmtCdwotPiBz
c2gtZWQyNTUxOSBQeEt3alEgT3YxblhjMWphNFQzWmdhZjFhK0NZWUxsbC9PbWNt
Q1VFeTRVZU95eUJnUQpkQmRrQndoZWdBcWEvYURPR1FNWmdGcDJlc042QjF6VUNM
blR3Mm5BOGRFCi0+IHNzaC1lZDI1NTE5IEIzZFhTQSA1Vk9ObVpqZFhwOXd6azJ2
UXd3STRkZzNlNXJ4VVhGNmM4a0x2ZkR1Q1FrCndaVmNqMWRYd21OVVkxMEhhSTdo
b21TYWFKL1dSczg2eU8wTi9FUE9kUkEKLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIDNL
N1J5M2tYN3cwT1piMitpRnR3dU1RbDczSldObmZLbkRlTXRMcEd0MUEKSjlselpF
WnQzbXd3aXJDbUs0QzZ5d3UzSlp0cHlGRlpTYUhsdXhXSHVFNAotPiBzc2gtZWQy
NTUxOSAwZHBkZ1EgOXJGWDk2STBqaTFFbVRqMDFvVlh3NTJDemR3N1U0c0IrT2tx
aStraGJ3NApCSHFQZVlzbWtTdkFWbytnS1dyd2Y5LzJIakMrRDZQK2pwZWpEKzlk
bDdnCi0+IHNzaC1lZDI1NTE5IHVsMGt4USAwcmFsc0xIQzVObWNDeTU3YXVuVjd4
Yy9jRnZmT09DOHhnYlJIQUtOYnpnCkYrVzcrZkFsTURkUzlYbDhNR1hCZFFZaklH
blo0TytUcFBINTRqTE5JM28KLT4gc3NoLWVkMjU1MTkgWnc1SGt3IE9pN29ic0FI
TUJlT3o0cUs1YlNOUEdWcllWZmlrVGVFRG9TTzF3OHJwaE0KTzFhVEtxb0hmVXNG
R25lZVNKbkQ3TVhoRjlWR2JlQ016ZWVNVTZKSWlnSQotPiBzc2gtZWQyNTUxOSB6
RzMrMXcgRC84ZDIyc3BId1NROVNodDNLNXJjaUN1ZDI3bTk4Q0lmelMzbUZHc1ds
awpzTjdqeXJwWTBRd2xlK3FrODVRZm9oZkdRMnJWUVgvL3luMXZEaExGYWxRCi0+
IEApTS1ncmVhc2UgQ1xxMyBeT1tDTnxPID0KWmVJdTR2all6K2t1TnZlLzhYYUtS
R1Y4YTFQb2RaZnlFQzEzT0JNMjU1VWhYYkxCVWg2K1M4RmJNUVNjUk0xMQpkckND
MzJrTXlPUjJhQUY1WFQ0UE1OaUdtRk52SmdrK0NNdU5adHkxCi0tLSA0TUU2L1J2
QkdRWmppaTI5L2twaGttUUlURE1MY3ZXVnVxZEVHNTJSK3BBCucjRXVgU2KZE8S3
P695DXvhJHlpWrKEvjZAooTzzW26s1Z2Yk4sclXQEOFQaXx+aBHkeovdxi/gUA==
-----END AGE ENCRYPTED FILE-----

35
secrets/nextcloud-dbpass.age Normal file
View file

@ -0,0 +1,35 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBBZ2dt
WkdZWDlDNkRRZkZZL2J0aFRUZm1ZUnBDbUNqUVhEK1I2UVBPaWg4CmoxSDVVR3RP
WmoySkcrMHBkd0dnLzZNbTgvUDlLSnZTUzRmK0FqelJtOVEKLT4gc3NoLWVkMjU1
MTkgSk00dDZBIFpzc0gvTHJUVmxLbGh5RnNWZGdtdGg2aWp3U2hncllPZm05Yi8x
YWpXeEUKM1lBMXluSDh3YXJYajlQUVJ6R3FqRWZ0UzYrNXJHd0VhUXRNVHJJK1Q0
NAotPiBzc2gtZWQyNTUxOSA5aEV5RFEgc2E0dHhWVXZUSVJSdGFrTXpxeFpHcU1u
Q2RRVXBnTHByZ2c1WlpIMTYxdwpWUkJUTWxEcGNGUGhnKzNVTk94OXN0YWRKTnJM
b3U4VFp6WEVsaXZ5d21vCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyBOUFlRb3BXQ1Nu
dEhieTRwMW44NGRyVFhKVm9UNUtROWFDbWVsNWcwV2xvCnN6SzcvbWFoUWE5Mk01
ejRIU25QUTNXZWtERXJxSEpXMnV6MjJHVlVJTHcKLT4gc3NoLWVkMjU1MTkgV2c5
M3J3IEp3dEgwQkloS2c4dTBDZHdENGZvd3JwSG44aHUzdVkzMjg2SWo4SEFrRUEK
Tm1OakVtbDRLMDh6cCt4YmdxK25uaGV4UmhsWGI3MG9DOFo3bGdJNmx4WQotPiBz
c2gtZWQyNTUxOSBQeEt3alEgdWtKQVN6R2o3OXVXQTB3WWYxSWg1bmgxbnk3M1Ux
U001RGZqb2tYNjR4Zwp0MFFwVDBta2NXRmNpWlJKZSt2SXA1YVhiR1dHSWlaWFpn
TVIxck5pMjNnCi0+IHNzaC1lZDI1NTE5IEIzZFhTQSBWZGgyY0F1NjhQME5XNzdS
N0hwSmxZRnFkZmh4S0syMUdXaXhpYURMVGg0CkZpb3RvSExUNWJmVWtzL3krdzhB
U1RGVFM3SzlFengrTGFJUnBqYllTUlUKLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIEtL
ZlAvM2xUTkQvTFExdmpIRWp0dDBrNjNnSitQaGFtSlVhQ0daVVJ0azgKamdJSzR0
WWxHOVVZYytkS29IbG1YY0hvdkZmTnhodXEyN3VPK0djcE1CSQotPiBzc2gtZWQy
NTUxOSAwZHBkZ1EgYmJwcHFpWmo5aXhBRjNlQnpCWUxlbStOMVA4WklqOVFpdW5X
QnNmOWl6SQpUS3l4WEsxaVo3ZjgzZmpQR0RuZ0ZoMVRzTmErZDB3L3ZESUdXS2s0
QWwwCi0+IHNzaC1lZDI1NTE5IHVsMGt4USA1ZmZiWnNTRUtwV2p5NGU2V1UwR1hG
OVdZTXAxc0dya0hXYVhjbVBzT1MwCmRzOGxzUGs4UkNSY3l5cTVZajdQV0liRjFF
UTZZaGtsdStqQ0RDdkhjOWMKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IGN4OGtraWJG
ZmVsdlJOdGJEY1JQWm1BeUtyMzJFeUxtTG1HN1JFZVRoaEkKclBYNms5ZDZFMzFw
ekxVdlVzd29JOERwY1NyV3RnN0xyZVFJTXdPZU5uRQotPiBzc2gtZWQyNTUxOSB6
RzMrMXcgWXVLNE1UZGFXS2lsSXMxN2o4aXdaR2ZMY0kvTDUxN0NDSHRyandvUWFG
YwpwdnNwL01QR0VxTE9aOHkxV1VqTG56MFdxMDNEYkZFRW1VaVdnWGlRSjRBCi0+
IHc1dVV8Mn0tZ3JlYXNlIEpuNmsgclU5TQpRNVRsbmIxaU5CeVlWaDhiYnlkRzQ1
Y2lIR0l4eUFTNFFQdk5JekVFQ2N3Q0JJK2grK2IwN0M2Sy9LbUJKNHEzCmxyTHlU
VGZVbU1Edmx3QXFuR2s4VXBWcDdnazFVMVM3b0lKUmR6WQotLS0gR1k3QUFEN3JU
Z3M5RFNoeW5tRVU5U1Q3ODNKRzR0OUVHc3Z4OEN5OHNRawrkiowgC6QAagO6PpAG
1ZTfpxGEOWCMhBTN1v2TIiIGdGrTARto03jq1MocduDJQCcpZx8uGY9o0EA=
-----END AGE ENCRYPTED FILE-----

37
secrets/root-ops.age Normal file
View file

@ -0,0 +1,37 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBKWHcv
a2NDQjdtZnE0TFpHSWR3dFdWeUpCd1A0LzlsZ1NudHN4dENTbmhvCmpvVjhCdXlH
citVTmlyZUh2UFl1OWQ2Y2d0L3dnTVNzNnFLekhqbnVUUkkKLT4gc3NoLWVkMjU1
MTkgSk00dDZBIGR5ejRQYVRvSTB2TzA0cktYMU5sSlY5UXh5YkRpOTVDSWFoVmo5
c2hLRk0KaUFlbFd0V1FzaGNWbUhiT1R5MG0vUEJtaVN4MjJ6RWM5MndWRGlqaTI3
bwotPiBzc2gtZWQyNTUxOSA5aEV5RFEgbmQ5RjFNK2lPRHFaZjQrNTRrWGE1R2tM
aGIwazVRMHJWblZWMGQvbVBGYwpDU25rV2ZmZEQvUWFkSjlvTkNCK1hlYXUwRDE1
SUI4TzV5WmtJZXBpTFlJCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyBvZDFncmtaOWFH
SW1veDY3Z1NOV3VGVDQ5dW1TeUdZMHE5cmp0S1JSUkQwCkpiWU91K0xGd0RYMXha
MVp2ZTcxOWszWDJ6Ui8xSG1mSnFmd3U5WWZEVmMKLT4gc3NoLWVkMjU1MTkgV2c5
M3J3IFZ2d1BhdFdjT0hFYWhjNDZnRXdHY1V6VStqWWxQQjlhNG95bVRPWGRqUXMK
bC9OWlExN0lDcHpkdXRHbVk1ZGlaQk9UNGpwdTVBVTNzbkJKN0d4ZlJVTQotPiBz
c2gtZWQyNTUxOSBQeEt3alEgSTkrQXFXdlJvcVlEOVlYZDBvZUF2bmgrR1FSUGJR
dTJSMWcrQ1ZXWG1nUQpFSldCdVFObXloTFMrUDQybjZzK3Jqck4yMUt6NGdLUEpp
VmZtR1VnaWRzCi0+IHNzaC1lZDI1NTE5IEIzZFhTQSBYdEY1YlV4djEvWmlCblpa
amdnRjk2VDdoN3BkemJVbldrMU9OeXk0Mnd3CnNsZ1BpWURyRHBSc2twblVmNE5v
QnM3UTJ4cDdwbjNHbi9pZ3FMdDFrMGcKLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIFVs
S1Z0cFVZa1RaNEdrWWN1M1lhZUw4YXJoNWswNjNuWDc3Q0hRSFpTekkKUzkrSXRZ
LzNYS3pnMlBNcFprQjhxZjZqRUZYUE9NREJsdHdnczkyMEJSWQotPiBzc2gtZWQy
NTUxOSAwZHBkZ1EgSnhNNStteEpvZ0tFM3dLWDQxYk1xM1NMQnQvMTk2dWpzMFFs
dlMzcWVDSQpXcFZVRDArUUxWMHJoczJSNGFCOU9LZXlNQzFBQ3IxOFo1YmhVbHAy
cS9FCi0+IHNzaC1lZDI1NTE5IHVsMGt4USBIVGpPSGFzb2dvZjVkL3JPSVVnVzdj
NTFTSmFaS25lNHJYY3BkeTBLY1JrClh1VGZtdHNwaHQ3UzJIbmhYdDhadWU0MU1N
VGtmQmFYMGZHTUpiQlYxSkEKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IDNlWmtZVjhk
VmVEUGxOY3ZaMHNhVVp3aUJzbE84alc3aTdYTSt3ZldjMU0KanZjMTVYNjNwazFr
N2xwampmaUJLSDVuTVBvNnBXektNU0JSbVZrN1RtNAotPiBzc2gtZWQyNTUxOSB6
RzMrMXcgczdIZE9hSEt4eFJxTnV1d05qa0VVeUJRUE1PUWNMbnBPNW1Cb2RVQlFT
awo5UEFrdDg2cUZsMTI0b2FmYkd3TFQ1NjNYMHNkd3A5LzBxcjlNSERCUDJFCi0+
ID8tZ3JlYXNlIDs+XSkgPVp8TSMtIHQtVSBFal4vcFR9CnZCOWdjaEMwcURwaWJP
U0YvRUd5SGdBMDE4SnpXUEN3VU9aWWtFQTB1eCtmOEM3Q2p5YkVaQ3QvSXVXUSt1
YmsKUlV6Vy9VTVNqYkcxcXJSWkgzbnpidmx2clY2enRhLzF2MFZIdDhNbGtZZlU5
cWk0Ci0tLSBEdmRaQm9FVEhkQWFGZWtyYllOM3YvNGZJQnRvZWI3YjZkdlh6a3Ay
VUJ3Ckgtz/OSIjtMrLDB75AIG+NnhV4476zzaLynMBPtCbQD5/Are2hwwfv3War9
UKv7+MIb/VMLicfSQdooIN/ZutUo4QmaS/mrf72bGJqqplJaqLR8zc5rJZEyuDBj
5o8uY6IpJ7LEPm2FOAFcrMPHdSAS9y2+BpiPJfeF9vFgJ0IPZy26
-----END AGE ENCRYPTED FILE-----

37
secrets/root.age Normal file
View file

@ -0,0 +1,37 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBscDBF
dmp4Ry9nV1Y2dWYvdjJtYnZNcmZhS2ZmQnB6ZWhvTUhrMGJPb0NVCitUUVJiRDlP
dzNjM01KK2w5blRHbExpU3k1Wm9mVDJ3N0dudVdQR3AxQkkKLT4gc3NoLWVkMjU1
MTkgSk00dDZBIDhYRlpJZWREbDNSeldwbEM1ZXA2dUpMcDBJK3owdGpIWWlvT1Fa
TnJrbFUKQWMyY2dvUDJwUW50Wk1oSzNCTysvL2JPSDJ1V1dmSXRDRmRRK0R4OTVS
TQotPiBzc2gtZWQyNTUxOSA5aEV5RFEgbXVHNEg4c282dmRodEdheVdYVjAwb3Y5
VUU3R095aDBJaTlzdlhkYkpSOApFcDFhZmlwdjg2VFdiVGI1Y3ljOC8wWFVqbE5o
VWgxUmVReUZ0NHl2TGpNCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyBpQ1pYNXJwZVpy
QXhBQ3dySXg3Y3IxYW1FWEl1eW5ISGtva2pEdEQzUUFRCi9DMWg3R2pwR3dXaWta
UHRhNFZHT2w1MXF5VFNJU3EzSU1nSHdjVG5YeFUKLT4gc3NoLWVkMjU1MTkgV2c5
M3J3IE9iS2cxQUZucHorOVJTeGEwaFZxTDU2ZE0wdXd2Rk8yUmZ2amxEaGxMem8K
Qlg3T3Bqbkc5S21Nc20wMTBRZUlUeUJucHY5RWhWbFg1S2VEWGtnK09VMAotPiBz
c2gtZWQyNTUxOSBQeEt3alEgOUxZWCthUkxlaG5MYmRQbTRSSjFZNnI5TndBSmZs
VDFjOGxXZlZxZmltYwp6TnBFMFdNbXArdHBuZThxeWwweGtFZmR6eEx2YXZ4U3U0
bHpFODM2QmV3Ci0+IHNzaC1lZDI1NTE5IEIzZFhTQSBKVFVsbW5BV0lnM0ZkU2tC
U1VPbjRBY0M5ZW9TdEg1U2JtTHlGVjZ3TkFNCnNjRjFYMDBwSnBOMzZnSWhpSFF6
d3M1SHFVdzJGUGxEYU9zOU0zOElRc3cKLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIGRa
T01iT3FKUzNBcU92MUJEOXBzN1RuWGdhLzlrWGZxUDUvQnM0eUFXdzAKV3Jlb1Zn
MndtZ3BXNUVpUHNnSXB5RFd3MXEwYnFIZ1c0NFVRdmJBUGpwMAotPiBzc2gtZWQy
NTUxOSAwZHBkZ1EgT0RnMi8zUkUyaGNFWjFFazd6OVJKbWN3bXJwZDYwUUc1a3B5
Q3krNEVqUQpRcEpCQWV2NWRVSURjR0szMmZzdEZoS0FXUC9uTmxuMmhJWnFZbDhZ
M1NVCi0+IHNzaC1lZDI1NTE5IHVsMGt4USBaYURCWWl0czdtQ0VlbWlBellIQ0dy
amlSMEpjUXlMWHkvMm1YVGNHVUhvCmwxa2JOMktncTVNRTUvNVVkZksvOVp5TE8w
MnJKWUhwNm9wSGZxeklIbU0KLT4gc3NoLWVkMjU1MTkgWnc1SGt3IGowTGFsNUZN
ekY0Qmp0MDNHTG9xS2M5c3h1L2VtZnNkd0c2aXc2ejhtVjAKd2huNHRldE5BTkNV
dGVFMEFzMERlOHNFZXFKUWQzRXIrUXZYUm9YM2ZDawotPiBzc2gtZWQyNTUxOSB6
RzMrMXcgTkQ5TGxvOGUveUwxb2Jua0xoMUFTSU9TMWMyUzFCRDJEWitBTERCOEpD
cwovRkNBYy9JQU1UclBUUjd2YkkrQTlDak1OSTRpM0ozWE5VbmE5Y3pNb0JFCi0+
IDtfZXAtZ3JlYXNlIGBpc21oYQpLcmd4OUVOMlJ1QXA2ZTJob0pUajFqWWphM1p5
TkFtN3QxUTB5K2g0QWFNNGlyblFUa2hmdVFsNHMxZG9GbllQCmIvcTlyd05tMmZj
c3lKeEVjZklCYUliM05CeDIKLS0tIDUyaUwxQytCTnN2c2lTNEdibUxVcFdqblN5
V1paV1Fyc1VQZDR0N0hZSTAK1B/SO9aHuG9iLuOJ6dar+tdeNznBZkRTZ9GoU1eT
TOEnE8+Iw+jy2egZsZM/g/dtwXdVQXQx3OhtgQnP2hnye84sTUqEGQvuZru1tJar
z7nXQcpShe+v5BclP9cQJSN9BgrXaamJP1IBdrZtNERBaMU7KQuBVSBZ789NUBbM
GaTRqoTaProG7Ex2XQ==
-----END AGE ENCRYPTED FILE-----

53
secrets/secrets.nix Normal file
View file

@ -0,0 +1,53 @@
# Used by ragenix nix only.
# Ensure that $RULES has been set via direnv
# Edit a key: `ragenix -i ~/.ssh/id_ed25519 -e secrets/someKey.age`
# run `ragenix -r -i /path/to/your/key` after modifying any keys below
#
# Re-keying is required after adding new hosts or keys:
# run `ragenix -r -i /path/to/your/key`
let
craige = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDtjE0YstRzlh+Zhlj03th9DYOkMqJ5xHUcderBq151K";
ops = [craige];
users = [craige];
airgead = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBanX/MOfoTT8Y/2x24yusGQzfxBqlaKxVbpNiqnAmKp";
brighde = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOxma18HaXAQlD33jR5iIolSI9p2hTDAMkw6rlQXHnl7";
ceitidh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGB8EUbqoarM4GmPgE2DBF4z/L6wVNc+lF27Z83XDUz";
cuallaidh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKfELhpKAIDCTFYrO4wXP9BrXsUlafcD5vELQwtF4LCl";
dionach = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPcLVq/vaqNz+SzTKHd2mlw+jEYG+JYdYP/1mwK6lF0J";
doilidh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIVqs/F41PYoOPtThVRhLFjl+g/sH4aKRxki0CkZxj/7";
eamhair = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMgjh98yNFdvLygrVdPaS8h6+1FoLRVCzzLbKr255zO0";
iolear-beag = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/57dNKaPjljQz+xc299xmT+njVL6AqEGuKr3SrFrxT";
sanganto = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2c9oj7yQLuIjQQR5fGV4FHPfhb4VpLnXeQJv15Hti+";
sercanto = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIMxMEwo3nv7yHQOQEUt2HZdgTBfe5Y7xa1kmvC9qjbi";
teintidh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFhe0W7iAe9E00IUDo83nOY4BKfyoLVQPKlT8EZPvdwx";
systems = [
airgead
brighde
ceitidh
cuallaidh
dionach
doilidh
eamhair
iolear-beag
sanganto
sercanto
teintidh
];
in {
"root-ops.age".publicKeys = ops ++ systems;
"craige-ops.age".publicKeys = [craige] ++ systems;
"root.age".publicKeys = ops ++ systems;
"craige.age".publicKeys = [craige] ++ systems;
"fiona.age".publicKeys = ops ++ systems;
"hamish.age".publicKeys = ops ++ systems;
"logan.age".publicKeys = ops ++ systems;
"xander.age".publicKeys = ops ++ systems;
"cardano/cardano-kes.age".publicKeys = ops ++ systems;
"cardano/cardano-vrf.age".publicKeys = ops ++ systems;
"cardano/cardano-opcert.age".publicKeys = ops ++ systems;
"coturn.age".publicKeys = ops ++ systems;
"nextcloud-dbpass.age".publicKeys = ops ++ systems;
"nextcloud-adminpass.age".publicKeys = ops ++ systems;
"tt-rss-dbpass.age".publicKeys = ops ++ systems;
}

35
secrets/tt-rss-dbpass.age Normal file
View file

@ -0,0 +1,35 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBsTzdO
clFOUVMzRGlUTkF6eGo2djFOWHhpWkpacG5GbEFXZHNKSHBBREZvCnRvSEVqSUpF
Yk5zNDNkY21jejM1OFNxUTNGMEVtRnliNzZvZndyZnliWFkKLT4gc3NoLWVkMjU1
MTkgSk00dDZBIFBVV1doL1JrVEY5L1JXRExSQ1o3ZHYvaFF5eFcxcHVERjNHWExW
VGc2Z0kKaitHRHZ0U0hOeUpJTHJaUStKTk9qbHo4aU9nOEJBMytrVUhDM1FNSTZz
dwotPiBzc2gtZWQyNTUxOSA5aEV5RFEgeDB1TmpjTmtzU1F6VjFBNUMxQWcxcFFV
MTA3d0huYlJ0Nk44Ym5Kd2JWMApDcE1GM1pKaW9TWW1Nd1QzclVlNHVDeGowVjhZ
T2F1NXZaUnQ4WWVHbVhZCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyBNVXhYMW1DTXl1
QmJ0dGN6UDRzb0cxeXdMN21VdzJuekZmOGZwQmIxb1dBCi81ZC9TM3ZOcEdrMVpG
NzFKWlFOeVFkVHk0MVBBNS9ZMlVkK1RML3poZG8KLT4gc3NoLWVkMjU1MTkgV2c5
M3J3IFRvS0FUUStKdmRXbkRhemdwM2NKSUw3dmtKZkZ3Vk1VbllEZGpVOVVKUjAK
b1dnLzBEZGdSY0V4a05xVzJSYXdCTUdvVm9TL2ZjdGJwQ3lmc01hdEVQcwotPiBz
c2gtZWQyNTUxOSBQeEt3alEgb1ptc1J5ZWFsTEFETFdDbVVvZGhoRzZDaW9JYlE0
MnFoWHh1bG5aVGxrUQpvWVcwWDBvenZJYjMzUFNBV2kxWjAwa0xjT1gzYWx2K0pq
SlpzYnVqYytjCi0+IHNzaC1lZDI1NTE5IEIzZFhTQSA0K09ISzNlVVY1RzlyMWJU
ZHVRZWV5QmV6WmNmeVMrUnA1MlNjWU83OUhnClI2Z1U0cG1udC9JUGQ2Tk9YZ3Z4
azB3Mk02U0tPVUZaajJya1F4Q2twdjgKLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIHJF
dDU4RUxiYlNJMUtLdFJDbU1JUzE5R1U0dkIwRE9TdFNwRDh6TWRiMWcKY1pqdFlK
WC9EMFZJUkJxdit0cUJvMU5kNldmQlk2N3BmMnJWbGpGYThsWQotPiBzc2gtZWQy
NTUxOSAwZHBkZ1Ega0ppUFQvLytEQnZ6VEJ0QWZFc1J3R1RUNS9jQ3FSODhhazhn
N3NHUThuQQptYWtKdk9pd00zMkk0VWRXbUZGN0ZnNjBWMUorZkdOaWRjeVFGa3NX
RXdJCi0+IHNzaC1lZDI1NTE5IHVsMGt4USBkWkFXN25SeU1sMWJTVS9Bc0JJdzkw
MVRkekIwaVFCOTB0cVREc2dWSFVFCkNxMmF4Vk01L2N5R0haQ2Z6cjdQdHRzTHEx
VHZKbGpGQ2pZUmRhdVpGTmsKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IEZZV0plaWpJ
bnFqVStFK2dNV25ZYUtRa0Q5RDQwckZQQXlYbEFEaUQ1RWMKekFjNDZRaC9TTHpQ
OEJ6bU5tYXhXTktmMUJsMXRlZ0dUSEthcWVteDU5bwotPiBzc2gtZWQyNTUxOSB6
RzMrMXcgZ3liVlF5M0pKMVExTzVjWVBjWUFIQjZaUE9ISmJXQUo0ay9HSjEydXdS
Zwo1cFEyMFBCWGd3NnR1Q1ZORnhnMmJWQXkzcDlRQVRnRjJWZUFjd2x4WFVZCi0+
IDFfTGpoM20tZ3JlYXNlIHFDUzF4Un4KZ0RKV29ZY2UxQ0dFTERGdU1TQk9pWEF2
aHVtUUwzd2p6c1dKRzFKekNyTno4Z202Z2RkS2JhdnF2N0tHUWZJWgowalNzN3pE
NzdtQ09zWDRwYzU5b0VaemFUUGljUncKLS0tIHdXNWhtWi83QnQ5bXFNZXp0MFR3
UkI2TTlMd1lSS0toRnFwYWg1UHUyVmcK4yZHPD4ymOHd8MKfXFnyndhFbZrMdIIl
+nmCeTJWL6oVaf2fXnE39io5AuRD8TkQGpg5VvkJwvPZ
-----END AGE ENCRYPTED FILE-----

35
secrets/xander.age Normal file
View file

@ -0,0 +1,35 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBSUU9Y
YVJBbDlYR1hDNDdJUVFRYUpYTlBjaVZlazV6bUlPa1UvLzV3TjBJClpneEZsVEc1
K0lFd21HUjJUSnBmdy9OSmNMUzBtcHRlTTRwZUtNZVV2ZVEKLT4gc3NoLWVkMjU1
MTkgSk00dDZBIDhYaTd3dFNDUTJvWmcxSks0aWZIeThhdU9XT3ovelBqQnZNcXF4
MWR1bjAKVHBVdEdZeU5uNy9yQndUeHp5RUxDTkhPSHBoby9LaDBVRjVFNnhzWUlO
dwotPiBzc2gtZWQyNTUxOSA5aEV5RFEgdTJvQW1LUGY4NU1kNmVYZ1hXN3pIRXRE
cytyMWdoTHZqdEJDcnZCN1B5Ywo4UnNKdCtXQStSSWxmRnl6eldmZEd3cm9DNUNF
S1VJenNFUVRCZ3RzUE1RCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyBQQ1BmMnlVK3pt
c1F5MTJQRGs3cHBkWUtwTUtRWDB4MVBJVlZuRkhSMTFnCnBPaXpJMk1zSFpIVGMx
NUdFT2VyUUEzeXpxR2pnSXk2bDZjb2ZZV3pqbk0KLT4gc3NoLWVkMjU1MTkgV2c5
M3J3IEhvalpnQk52M3ROd0FhWEErRVVtYTNaM0YySU42WTdzTGFtK1RkalRzdzgK
WEpaVzNKSVpKdVIyZy9vL2YvTXlMcXhXaVZ4VGZrZEpaejJnK0RidG5McwotPiBz
c2gtZWQyNTUxOSBQeEt3alEgU3ptQXdZdlVzdUJST3hXTGpEMG1vSzR5S3Uzd2Jw
R0VpdVlnR3N6WHlTTQpMcE8wZ0EvVFZ2TTF0N01PVkl2WEFJY3lIN1NuUGtDOTZi
a0xlMFhvb0FJCi0+IHNzaC1lZDI1NTE5IEIzZFhTQSBSdTdHWkJCb2ZkY0tyYzEy
aU13UWk5RGV5MDRIWGwyOXBQcmlKV0R1U1JjCm1ueVV5WmVKMVU2cklaa0IxUCtI
NmRYeTVkTklNanJtbFpVWGE3ZVFIeVkKLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIE80
aGVQZUs0VzVTaHBqNnRwa3NhU3FjNkxqMHczbEdQcXlXWkhuTDVrUlUKSlRDTXM3
QXY3V3FLUmlSOUYwdHdyc0sveDMzVUpQbTVueER5U21iU04xYwotPiBzc2gtZWQy
NTUxOSAwZHBkZ1EgWUxWZ0cyV0daK1lPUE93VzFEVFFnbGw4aUpXS1hOQUtQcXJT
cDBaVVFYMApwUCtpRTdpTzlta1hmQmZYdDlheEczeWU4WFcwWDdkZ1lvUkU2NFQ5
a2tBCi0+IHNzaC1lZDI1NTE5IHVsMGt4USBlSzlYSS9XeHAvOVZ5a0FBV3ZkZGlK
QVREVExRR2NWWjFZVUk0cnF1UERBCmRNN3Y4TTVwRDNVQWFRMGNJcmN1QjZmOGZZ
QVJRQTZmT0RrYzhYUVJ2TWcKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IEkrazBzeUdt
bVh4N3BuWGlzSWgzRm9yeVF1QkJTQWV5RVFhbTgydUVQU2MKR3V6VVRWbGtmdC9q
cE4waHgzeERNSzBaeVlpdS94eEdzSzhvazExWjlVOAotPiBzc2gtZWQyNTUxOSB6
RzMrMXcgZ0IzcnVDQmlPM1VuRU1IQmVINUdSM3lnWFMxbmJNaXpsVndVMlRyT1RS
SQpZN2RURklHUnE4dm8rdUNFbndWRkdvSFRhSDFJTHAxY1NTUXZxS01xSERzCi0+
IEMtZ3JlYXNlIFhRISJPIGIrNUEgVlg0L0kKZWZ4UjNaYnQxcnNZZldqQm1BCi0t
LSArUFpsNkdqLzVHVjRTcVRBR0NxTS8xTGVxVis4cGdRdFJYUW5aeitIeG9zCpKQ
++U8BCnn//2Q4nIzSEVU1E+jjVXGWXGX4LoU7KFEnjEifotQ126GxH1SQqzhYGZW
96Frfo7HFFmM1i9dkiq0Yw2mNZkL9rTjbdIKA+oseKQKJN+HDb08HY1oKfJoCAmT
YotZp05aO2hJYEFkNCVl8mOIyXSExNGJdSvqFS/kRcphX36T2Q==
-----END AGE ENCRYPTED FILE-----

25
shell.nix Normal file
View file

@ -0,0 +1,25 @@
{
pkgs ? import <nixpkgs> {},
colmena,
deploymentName,
mkShell,
nix,
nix_path,
ragenix,
}:
with pkgs;
mkShell {
buildInputs = [
alejandra # The Uncompromising Nix Code Formatter
colmena # Simple, stateless NixOS deployment tool
nix # Powerful package manager, makes packaging reliable & reproducible
nixops_unstable_minimal # work around for issue #127423
ragenix # CLI management of secrets encrypted via existing SSH keys
tea # Gitea official CLI client
treefmt # one CLI to format the code tree
];
shellHook = ''
export NIX_PATH=${nix_path}
export NIXOPS_DEPLOYMENT=${deploymentName}
'';
}