From cca6385ce86e085b145d4cd9b308a83e116a97aa Mon Sep 17 00:00:00 2001
From: Frieder Hannenheim <friederhannenheim@riseup.net>
Date: Thu, 30 Jan 2025 13:10:44 +0100
Subject: [PATCH 01/46] add notenrechner website
---
flake.lock | 57 +++++++++++++++++++++++++++++++++++-
flake.nix | 3 ++
modules/web/default.nix | 1 +
modules/web/notenrechner.nix | 9 ++++++
4 files changed, 69 insertions(+), 1 deletion(-)
create mode 100644 modules/web/notenrechner.nix
diff --git a/flake.lock b/flake.lock
index aa0bbcc..d00002b 100644
--- a/flake.lock
+++ b/flake.lock
@@ -78,7 +78,7 @@
},
"flake-utils_3": {
"inputs": {
- "systems": "systems_4"
+ "systems": "systems_5"
},
"locked": {
"lastModified": 1681202837,
@@ -202,6 +202,27 @@
"type": "indirect"
}
},
+ "notenrechner": {
+ "inputs": {
+ "nixpkgs": [
+ "nixpkgs"
+ ],
+ "utils": "utils"
+ },
+ "locked": {
+ "lastModified": 1738236630,
+ "narHash": "sha256-CP3Ng4QuU9BMHxQ8DLoqsfpSrUPGls8Dhh226u9ct0Y=",
+ "ref": "refs/heads/main",
+ "rev": "9b30e7f948135363235640e5d2b34f69ab0accef",
+ "revCount": 7,
+ "type": "git",
+ "url": "https://git.ifsr.de/frieder.hannenheim/notenrechner.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://git.ifsr.de/frieder.hannenheim/notenrechner.git"
+ }
+ },
"poetry2nix": {
"inputs": {
"flake-utils": "flake-utils_2",
@@ -254,6 +275,7 @@
"kpp": "kpp",
"nix-index-database": "nix-index-database",
"nixpkgs": "nixpkgs_2",
+ "notenrechner": "notenrechner",
"print-interface": "print-interface",
"sops-nix": "sops-nix",
"vscode-server": "vscode-server"
@@ -338,6 +360,21 @@
"type": "github"
}
},
+ "systems_5": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
+ },
"treefmt-nix": {
"inputs": {
"nixpkgs": [
@@ -360,6 +397,24 @@
"type": "github"
}
},
+ "utils": {
+ "inputs": {
+ "systems": "systems_4"
+ },
+ "locked": {
+ "lastModified": 1731533236,
+ "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
"vscode-server": {
"inputs": {
"flake-utils": "flake-utils_3",
diff --git a/flake.nix b/flake.nix
index 75adf68..97f0588 100755
--- a/flake.nix
+++ b/flake.nix
@@ -14,6 +14,9 @@
ese-manual.url = "git+https://git.ifsr.de/ese/manual-website";
ese-manual.inputs.nixpkgs.follows = "nixpkgs";
vscode-server.url = "github:nix-community/nixos-vscode-server";
+ notenrechner.url = "git+https://git.ifsr.de/frieder.hannenheim/notenrechner.git";
+ notenrechner.inputs.nixpkgs.follows = "nixpkgs";
+
course-management = {
url = "github:fsr/course-management";
diff --git a/modules/web/default.nix b/modules/web/default.nix
index ca0745a..3be7efd 100644
--- a/modules/web/default.nix
+++ b/modules/web/default.nix
@@ -12,5 +12,6 @@
./userdir.nix
./ftp.nix
./hyperilo.nix
+ ./notenrechner.nix
];
}
diff --git a/modules/web/notenrechner.nix b/modules/web/notenrechner.nix
new file mode 100644
index 0000000..0fd89f5
--- /dev/null
+++ b/modules/web/notenrechner.nix
@@ -0,0 +1,9 @@
+{ config, specialArgs, ... }: let
+ domain = "notenrechner.${config.networking.domain}";
+in {
+ services.nginx.virtualHosts."${domain}" = {
+ forceSSL = true;
+ enableACME = true;
+ root = specialArgs.notenrechner.packages."x86_64-linux".default;
+ };
+}
From 4782376b23bb0b18a8bbe0967171b1f303f0a1bd Mon Sep 17 00:00:00 2001
From: Frieder Hannenheim <friederhannenheim@riseup.net>
Date: Thu, 30 Jan 2025 13:22:04 +0100
Subject: [PATCH 02/46] remove redundant forceSSL and enableACME from
notenrechner.nix
---
modules/web/notenrechner.nix | 2 --
1 file changed, 2 deletions(-)
diff --git a/modules/web/notenrechner.nix b/modules/web/notenrechner.nix
index 0fd89f5..a6da3c1 100644
--- a/modules/web/notenrechner.nix
+++ b/modules/web/notenrechner.nix
@@ -2,8 +2,6 @@
domain = "notenrechner.${config.networking.domain}";
in {
services.nginx.virtualHosts."${domain}" = {
- forceSSL = true;
- enableACME = true;
root = specialArgs.notenrechner.packages."x86_64-linux".default;
};
}
From 8b80988768d3c849ab409619cef48ceb4c366934 Mon Sep 17 00:00:00 2001
From: Frieder Hannenheim <friederhannenheim@riseup.net>
Date: Thu, 30 Jan 2025 13:33:51 +0100
Subject: [PATCH 03/46] add sops key for Frieder Hannenheim
---
.sops.yaml | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/.sops.yaml b/.sops.yaml
index 800fd37..57e4ea2 100755
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -10,6 +10,7 @@ keys:
- &joachim B1A16011B86BACB56ADB713DB712039D23133661
- &jonasga FB44F0746DF25F0B24A2EAE586C8A257C3EC82AB
- &hendrik FBBFAC260D9283D1EF2397DD3CA65E9DD6EB319D
+ - &frieder age1x76ajqw8w4l5vlkwt5s3flz5a5jq5qlxv7uppmnf8ckj9egh9ekqjclzt6
- &quitte age1wvdnprpnq2rcc4se3zpx2p267n0apxg2jucvlm93e3pfj439ephqh2506t
- &tomate age18lwgjazaxujqgcc5j0gjllnykhtjn6p0q44jzrsk4au2a5k6nd9s77kd6d
@@ -26,6 +27,7 @@ creation_rules:
- *jonasga
- *hendrik
age:
+ - *frieder
- *quitte
- path_regex: secrets/tomate\.yaml$
key_groups:
@@ -39,6 +41,7 @@ creation_rules:
- *jonasga
- *hendrik
age:
+ - *frieder
- *tomate
- path_regex: secrets/admin\.yaml$
key_groups:
@@ -51,3 +54,4 @@ creation_rules:
- *joachim
- *jonasga
- *hendrik
+ - *frieder
From e9d1e22b4388ebd70d323b24bcf6e8ee135ec184 Mon Sep 17 00:00:00 2001
From: Frieder Hannenheim <friederhannenheim@riseup.net>
Date: Thu, 30 Jan 2025 14:55:06 +0100
Subject: [PATCH 04/46] update notenrechner to fix the package not building
---
flake.lock | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/flake.lock b/flake.lock
index d00002b..605ad80 100644
--- a/flake.lock
+++ b/flake.lock
@@ -210,11 +210,11 @@
"utils": "utils"
},
"locked": {
- "lastModified": 1738236630,
- "narHash": "sha256-CP3Ng4QuU9BMHxQ8DLoqsfpSrUPGls8Dhh226u9ct0Y=",
+ "lastModified": 1738245261,
+ "narHash": "sha256-6UGqnmO/e7hwI73qszBco39UcsZ3b/cCQA6MwQvAYBg=",
"ref": "refs/heads/main",
- "rev": "9b30e7f948135363235640e5d2b34f69ab0accef",
- "revCount": 7,
+ "rev": "74cafbb6f0a0067cbacee31cfa12c387ea1670d2",
+ "revCount": 8,
"type": "git",
"url": "https://git.ifsr.de/frieder.hannenheim/notenrechner.git"
},
From 7377c77952a9017506ab0acd83b980ef7c9a4c26 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Thu, 30 Jan 2025 18:00:02 +0100
Subject: [PATCH 05/46] sops: reencrypt secrets
---
secrets/quitte.yaml | 207 +++++++++++++++++++++++---------------------
1 file changed, 107 insertions(+), 100 deletions(-)
diff --git a/secrets/quitte.yaml b/secrets/quitte.yaml
index 855fef5..bf4c40e 100644
--- a/secrets/quitte.yaml
+++ b/secrets/quitte.yaml
@@ -42,151 +42,158 @@ sops:
azure_kv: []
hc_vault: []
age:
+ - recipient: age1x76ajqw8w4l5vlkwt5s3flz5a5jq5qlxv7uppmnf8ckj9egh9ekqjclzt6
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJME1QdHA5ODcrT2FSdWdy
+ aFJ6cmFURmRhcVRLN0FIYmdOeVJYZ2Z4K0hFCmxVZlpBaVBFMk9CUU44eWk1b3ZS
+ MXo4eWZiLzJoSVJ4SVI3WTBFZFpjbXcKLS0tIGpsTStUS3ZBMTFUdGNzUTZ2MWxh
+ Qlc0a0taMytXbVdJTHRONmNoVDMrbHMKU3K84N5vO6O7ruBjWylgzzvURvTLa3gR
+ ldzSOAnWLeZo4IwXM9ic1j3DcmQDXSC7XFwLx6xzuTCsHJMhDOdS5g==
+ -----END AGE ENCRYPTED FILE-----
- recipient: age1wvdnprpnq2rcc4se3zpx2p267n0apxg2jucvlm93e3pfj439ephqh2506t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2anFsRGRMaHNVaEhvUmsw
- WnMzTU80Qyt2N0ZWaW5jTUVqM2owOXhLaWxJClMzQ0RPQktPRkFPWTYxTGY1T2xi
- Z21McDNzdGxnSTl6RExBNitJTFlncDQKLS0tIEFsZkIwSDVhR0JuTlMycm93cEc3
- c2lzVGV6WnVQT1pOTTVwRUxlMWZobWsK0CrDl2ELoYOTrMt3uN3mgBSyaYqOQY4I
- vBK12PV9FR9GFpKN4kGB03PZ0gV0N1zlcCHpnPCUuHwbCvvF2+vCag==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmKzZveDZTOEtHWERHZlZP
+ cTdORFh2bFpMcmxQUzZ4ZmdNQ3NxWEt6NUgwClY2eXZxK1dkbVg3Z0NrOVZLeUM1
+ TXlGYmFMUjJZNlU2WlFxcklIaHptMnMKLS0tIDFTRmVZaEVZK3hLK1RWa08vcWZ0
+ d25xY3FKK2pJT01GcVo1bG9pYzJReGsKXNg/A0AVkk6YUuvxH4lPQGbSk2IdkeDG
+ OQ7H3HCdMYSyJ/pRIrJwY+Mq9SbbIVF/zmsxbg8pl0RwFalQpCV0JA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-13T20:49:09Z"
mac: ENC[AES256_GCM,data:xU5qqNX9M4ouWfimodb27Xvvi1F7wDJ946fJcP1ADi181/FLQ+kbKPm8QgPw9bDEJfBG4KculfplErNqzGZIqiL+0EDZVeHktRFq+1ojtRBXkpyWDalqV1nOlWGZ0ov/BjW3z0TA23Wb2K5JFjnR7MBRIPPs/CRFB7ke7khD9Og=,iv:fYe82vVtQn/BATRRWDvPmZ9PCKx5f3Xk4uYHP9woY/s=,tag:ktvyedUk0wOJ0tDvmBS64A==,type:str]
pgp:
- - created_at: "2024-02-29T15:23:23Z"
+ - created_at: "2025-01-30T16:59:31Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hF4DntlvaG5T7wcSAQdAq8HJ1VopKhShChQAnq9ETU308YAZqOojMA1Plpb2thMw
- i/fon3Dt/odw8jj9sbIUVqImWy7K6FqEiAkIWN6Sq6F8raA1ohc+AmVHos1pHK5z
- 0lwBHKNB7pt1h8LIv3GYqPUaz+yPhYyCk5PQqVemJSvMlilOjfkaIHHDV7VNEsVx
- kwZSaNij15cytLHY+iJGkChUqlTdwmxWRIW3Fa0FEe9OZzSj0fkS60m9TAug3w==
- =EMPz
+ hF4DntlvaG5T7wcSAQdAc4V+guwi1dl8ELb8QNzotAu+SvIribVJ9I+JhzZvlkEw
+ 7iHJltL6yj4IhVCYKMOmIDYUYVKw/kmZdW8cUnDTsaGjfDgLw1Uu6SZXYZwr7/u2
+ 0lwBlW5gV0st8QPrpmFRVHPmtc7YcngIfQ8i0MPZPLxeD9O381qmD3AMG18SkgIF
+ nAiqxAdt9TmACJ41JRqOVGAfLzTjTLHG2HQLrwNmgby5TBXZgxvZhdqvLCCD4Q==
+ =k4X6
-----END PGP MESSAGE-----
fp: B8E1727497FC48AA14158BDF947F769D7B95EC2B
- - created_at: "2024-02-29T15:23:23Z"
+ - created_at: "2025-01-30T16:59:31Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQIMA/YLzOYaRIJJAQ//RaAlgiR0nVZYWrN+aVgYIJsW8vz2ZMREcvONe++DF7XV
- NOKkI7fua1jag6NWGQ9hzCEXQsoiQjL8CpaOSN9fJmnsmQoNv3vOLoeArLnPI6np
- OBwOLQu2KgIcHCP48qfJ5idIV90UNoABro3MsbKDQAnXES+Eco7YflQVlesgEfau
- oxKnZvGcOhxigQM3DobM1/keNnCuE3wyK5hVKV28VD/TNozZIj1MyoXpfzjzSgne
- A80+/uLj1r5eg1l5nDAdEtOfvxf+eCCEom3oh2uRKK5HsRUySSE7tNRGNnn8QsWy
- fUy+/95fOasyHRtr/cNfhZrly9VcavAhR4WYWU/LJ0pOYT1WtxMG3U4HGswiT2G2
- 4ElM1BvdV/TlTTd3G+XhzyLK182w7Lz0CpNfpI9tgA6iIDHFiWL+KjF9Cy/VbidB
- B4h3bMOSw3YeESQFRG9y91QQreT8OOfkI58taiKM5J1yCNKGu7F3DEQxQm0/wHBP
- xMNZGu3nZGL05QgqFw1lw4YeQlSQJC81bQZMSaBB+7KEcU2oXH8pKVHerKHwieZR
- Kd7uD1ounFp5QD33Xc9Ebqin9dIOMyM8QtMsi6fD4ofwb7riRcBM82EF2slE8Q6o
- u2VuTj0mlsG75EnLyrQ9AFLPAPtR+qS6R+/JaZqgRUxk0xswGet8GApA2oou38XS
- XAE5sEQTEGD6SD34U0BHRNrPLbqKNcZXccwukZ9er90p2NzyE+hoxKfQFhocnpdv
- j86MWn4nAcZYY75Vyg5AxaS60/R48WvzfEp0nVd6Zukd/05AV2kBMVJp9WZw
- =Nzjo
+ hQIMA/YLzOYaRIJJARAAub2pfnT2qB/tPwKCwPhOnsfvOjYze76a/Kvwk7E0jo7T
+ xcq3Vci19gJPyYXO0gKMXQj0gEz3DuQiHoumqJHdg0oCNBeUYLk6XUSOfRiCqe/l
+ RNG06RpSk4r7pmqWuR6EOwt/w6RkH/PAka5C+yIXmjtqJq5VOKm26XKC4NJ6L73m
+ Xk2YJ5R0jajaZLy5pHLHj9HovemVfhHh3vnO9aaGRfGq0OpBsNND4rygg0IqxZpo
+ bh0lHnNnWLYZoJv4L5EhfdmqZzbATkn1+kb2V9/ZaGyRV84K6KxGoLKPjy5Qsz1p
+ +9p2BWKZRCOy6tH3qKsjYHyZa6tWU+dBaOZacSPh2tpum0+vWIVjRMBTaEhYdsNR
+ ChyhImIjoX7jXncMdxiSW9KSXpuKC0qqqBEXhankkPhE8ADcjk7Iya0WZE3OZrAy
+ YAUR3SOOf5aDDfx2T3XT5tc2VQOM5MFOgqkTqG5VXGzO40HJDET9eHqT3/GZxgZg
+ 5GpMl0NXdn00dfsifPxs7g0mv3Z4T4hoIj3N1wde6XI0t+t3Bdx7KizlJpAPoB7c
+ r8orobQz2DUz7gq0ccqEXe9p3mB87Mbv7ln0sYp7jOMpv/0iC7zJvcqGXn19OTaw
+ OLhUuk/PF38DWBC8wshZ/yZmkLmg1MokuDUVwLA/QA32gszuaDDNWW/mTgOUCa3S
+ XAFezl/NfryxsrDi+ftzElun8hSUFvxYGkhihWiWvBfHudA5OHhRuDWvxOY5s9Xv
+ CEqvcgLxwm/7GrDE2LJ5ARMOyAeicKXO0iCJo4qzMb0FnphXVbt02Si4oIFv
+ =kfjO
-----END PGP MESSAGE-----
fp: 91EBE87016391323642A6803B966009D57E69CC6
- - created_at: "2024-02-29T15:23:23Z"
+ - created_at: "2025-01-30T16:59:31Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQIMA8uqUsBLHj6XARAAiGzDHGIs1rA3EMCBHY8ajWMJ5XQeLJBU6iZHlCijLqLf
- nnGUwVj1fWXj0Gh+cQV28YMaQL7KPUbKBswhqRgYu4uCFdyC+ipQ2aC5OwUz1t+y
- cbX3jMifiVpDVanYwukb/gC4O3F6aY99ezEo7RJNkwBO730DsPadUZ3S5i7IlC5+
- 5dd6eIzlt72fBC9QceSi2cAiiP57WmKC1bHLyCR7LXNN3719QzXQsjxVBvwYpD4d
- dF5lgdDMNi4xgjQ03UawHjp3TbsqXIw6F+/Wx6CEXo6XSCcOLIdrOVJNirocw3sO
- lg1tjfvqOnZbVNjh51Txl6IFfdffx37qgQjx9O1dxNod3ORa7aO74gAnd3oZyOUq
- FngRxTqu2yvzonbGGRNT5gMk9QZNqCHOHjp4NudpwPuLFnwrvt+jw8XVrGrMYMkA
- P/gOc3EXrCKr25yKE+dA8l3ikzd8wnPago2Adm/Xt34J4bIL27QKml3+g/gVnW6i
- In59tWMQ5lxnD9nXA1jY8RccwEZHvI74+AkQNa3t9miA4bDER7n/KyF+XbxePI3G
- qta9fCpb2a4EmsBm8JGtFnD7/Dek5UVcOjnrPxG2yMMAxwv7ZjFT/IeqoEb5yL+D
- opB002q0UJP01RVBeqoetLNhMX1R8TN55oetpyWkPECuwCKi0Pbqdqe+qWR0UKHU
- ZgEJAhBHH/fM4ZUeqi5Z9B7WvAFj+95g7Jlgtw8nqm9C7JsvDGQ7LxkQ7OJr691U
- jhO60x3CF8SOR9E0A4Y/iVAVQQleVES5+xC0KpVY3YacRHi4HR39v7Lg5cPYIOCT
- c3NiN6iiTg==
- =Af2X
+ hQIMA8uqUsBLHj6XAQ//ekvxqmiiCP7ZmXEqudwlPrrmEDOTmq0SS1hHPHK0wTiz
+ N3hw4c/nr8WEMby5xpzUhmxxFSp8Uysta1m6DqU3Z67oVZobkdUOwkZO15lics2D
+ NqsU6UvmPdbJsAKJqTtrLjO65pN31UZhBEhnQj5IkGV+dl0Qgrazh3r8hr5t1oTp
+ HYAOGQLkn9GhQEXKh328ks5KK5glQJWC4v1WToxty//lz5JJn5WNWM8aER/fQV+j
+ QizCuDalgNixmg22Q/+c8uFEfsMpbU2MnrbHXAeZAWqKA9SfEBl5YOO8rce7PlA6
+ TS3R/MQ8zFck4BtLh8KjXMAxmgSuyKRlNjoRccjfGeruYrwt+Z4Sl9Ou+A9qdWmq
+ 9Y9OLo6CIbSZ31fBekpyR6gZewta18tmLrn4U1WVaoP+SY9cfMx3DHyThIPah/ek
+ y+qt/ZN+ZIMIVy1M+YKrAgNitk7W27z6WKh0Ewb82K3GZOwHpfsieQfChbKNBBWo
+ u+Kk8gh/NHwcUS0GsPx98XlZe/Cf8k3JajRbuQ1PZ0j0wYz7DwAMGsjIZtHHJGub
+ DEPdowqw2cj9766sx+4orD1jhhlkVhoPWhIMbD3QAD3ckjy7t5L3MrSwxBHb0hWF
+ Nv5cIUIJY77SGQw+gtjWfWHpXASq4UkFJTqmHCLoGK+eHnHKoM27ocgNHhynSV/S
+ XAFvsambQ4r+lNCylsQQYjJBRnuoMRzx4Sb87nrmFq11WdRmqOko2oL++jQfZIes
+ bkcopFv+pQB1Nw5LF2XQFHh3QpbygSyjEt9Gk/8l9SNURIw9905T2DU+9Ois
+ =8So1
-----END PGP MESSAGE-----
fp: F8634A1CFF7D61608503A70B24363525EA0E8A99
- - created_at: "2024-02-29T15:23:23Z"
+ - created_at: "2025-01-30T16:59:31Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQIMAzUXo8ZPJwGLAQ//QLCUOMTptOAa+Ol+lB6ijB/iRzQoDs6LW/GvH2mbeV17
- PBpFge3SYObBAZRZfF6x2PAuBNIAptckJxQ+bw/BoxQWDUI6Bsl0lSxu0eC+e5Z+
- Zx7GOIqUYDuRXZ9NmFA3VeD/3PV4SuveazM6bOwMmlbfxeh+EBiSa7F79cl10pb4
- ZbpOuxqvHb52/jZ0Lsny+MVycgh5YyWyLSl1nO9Uc9zVIWDyygA//UevEgFkr/fp
- kUagX164Rmvaxc37fcvER+TxBKTm1SUFc82MB2sC4VEWb6RylpWWrbyEquJOW0/K
- Jhw6kFnQ42THB6wSCuZw2HuHzZuXOzQLzJqq8l5p43sTUxiyCGQxtNDE47V32YqR
- 2sEZLltwPLpgmzmPSflDE4GgYOP7rhOJ50bpqBk9yArzCziB3g27/QSLhGak9u6y
- b39NdyKA48tXP7TQIWkPFBLWlHWnjWHps2tbNPLaq6CM/tA811Nq+XKBs0/eDeZV
- +DkX4BFmdvV2k3gq2juqWkeHLcHRyIIC8cHDVTVEL9TBP8GyzCIxhU+q3Dnkffnd
- g60olZanFfsVNpg8kFqAN5OeLIHtCxqXzj+qs8QgD5YMUIOuwvkngbyHpWv8vBhi
- GSIYB+bIBRxJPIc9ofmXv3S4R128NGIKq06K/P4Odnt+8iy/Q00CNYW75zobg3TS
- XAHD6cnvUQILTDtFLsTZw8rcmHI9ls8L+yHmTilEo7jrsK7DUUjgQlLULZlBE5Hc
- vGQ3KEop1AdG+K4try/OSaQPY2dYtLH3mqGlmmaID7fJQiTnWJNpTIgIHynO
- =5/0t
+ hQIMAzUXo8ZPJwGLARAAjYSSQojpC9LhJGIm/YbtUotpqqhMvZbmudhuNYFrLR3i
+ eDwAmjcnMP1xDk8iK45Vln0tPTtrS4WZFtpRar3a2jsGcjrTfg9zMDGCDT3cGsCZ
+ 2Dz1lU2tqa4r4LaaAzEU8Kg7K6jTR9tnFcsV3LYYUo/l6/xi1L9MYSq/BFGfPFTH
+ ywhn4oU7c+bFwFwZpUv09Ybot6UeGn42h1AUS4w5yCHPXO3SD+KhXnQ4hgD1kvBH
+ IN6WZq8TF8PC8H8cwgpkLMr9kZVnrE6y0Xq6q0D9U4co1K4dBZ8irCIanDzeS+0T
+ azlNOleCEw+TXmlWIvNULzFVwf/smzh7KmYULeNF3loboy0T8lcxkPJ16un4+ahW
+ YVTviGRyX2Tci8DIs+lZ6Ucwo9GHNtN0gsushsZ48jh14pt2Ct5BSP3ZauswJPU5
+ q3EV0l+ZSLEaFws7jT8A86CX9NoKmwX+v7DBf9TiGZj478mZBAo7RotcZAG4oV87
+ uq0oQUhRmhVq7ELUZK+0a6UoPKwa3RukXl9lOuOAui4IVhqREY9dR07L/NQxu/s/
+ zM53IjKWe4WiGm2TWJAZh5zvfBwB/RfV6glw+XVt/XoySoYFZ91Pb7kvTr9w+nR6
+ xcC9KxaBv91WRm46G+WWePnMQ2O953LmtF0eq3VTdXwK5zlIB3jC2aVpnLexXYXS
+ XAGn4ml/bRr8q9TFUiirpjY9P0sd7nZZtFQVUHCqdr4W+fuumuxRCoekEjh14PeA
+ rFCsW+GmZzH5S+aHiVxJuO8694KWO1QPBwr4EX1qooxTDzO+bUpyTSStg4Mm
+ =zNA+
-----END PGP MESSAGE-----
fp: 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09
- - created_at: "2024-02-29T15:23:23Z"
+ - created_at: "2025-01-30T16:59:31Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQIMA30JDs8MiK29ARAAjlskdt3CZzDk9JflbhgpSgGd+cad6SkaG449uPV+TLfL
- lcAG066sYMbMgzZn2D4AZCXb2mcU/gz9Kdo/MBVL8G3TN+M1yMxqOJm8xLQ02HHz
- VMuSTiwLyj1G+dr161O+PEiNQMqq9YNxGg7Oi8b0T3hylcHFGKQ8Ji37hUmOlvfc
- EuYjd2j6udarLYLDcq5gxYhvlfCJm9WMljrLYC5IatgWF/KgLkFVpy4aa2aYtlxP
- mwbea4PqUCznhvUEsD7ucc8fOOPiYD8aJypEG7NxyJSaytdL6yjMTDQAOWRq5dGP
- 0NcF61r2P8gGDfxk/iCf9vJR/IzM9JgCnlwbiAWx0HKCbkScf/j87Lb7DK2kmY/W
- fJsjwyVpr5X/OHcDEW1Bc8dx2mU5Dc27tpVSuigv/uXLk+H6RQjfMwgE6eViX4ve
- rmMw3J+Pnd/eRO7ELQa1D8ujkwOLjSSl/KEwV+BjtQvo1E5NuVxn39o3dblvBY4Y
- Lkj9wG5G6N8sUZQt2nQkGR9mIP89CxOFFaiXrCH9VNSO7hyuVQXIb7xED5kWA6KT
- eJPvTnx3kzKb7XXW3hOXV3dB7c3Dgjpkp6TyqpWoXxLoMYzeJE1MpnlABxG++oyP
- AydJ7hRSErm6+3PsslObohW3cuNO7fhurkobd6lhUkOtTyN80n2RqYUWYJcG7uXS
- XAGy4OMGwQJSy4g+2bmNiwCHvnZPSuuF616G9g2+TyYtcL9v2BNYZyt7LAe6MabH
- IPthrl605mLgmC1Af6hJAXQkLuAWVxN4XIq8PGm4ss3vTqgVLLGMF2ODsHqP
- =zFMG
+ hQIMA30JDs8MiK29AQ/7B8fkSIuLnoYLnznZwUyyZnWJ4bmLRHpLQxKGzg8xBb+R
+ 4RSA2NJNqJ0nMXfok57jyHhevv19Sst2yKhmMWdT4mRaPs4HfSf/WfQDEbTKR3sa
+ Xd0mytFd9UFgTb0iLwGnb5qW5WhDJZ2b0lHQaZTwmvCzDjv7WpIzxPlmla9dZfqx
+ vPBP6VRlr3Dc7nh/Aqbs7p3Q0kuIoEH/W8ne/hB8lxGTg9JpmTxp69hbSFuAZjTt
+ NFioUfL0dzmTBb0bP47UTTvdZnbZyL9+bEvluiNL0Yfygw3ZRUVRWMtoq5fpkaJ9
+ ygU/uXPiprWUcZDZPClIof5mnJlvQHoXg84RMfdeFjIZj6HultAJbxVYYr/XxyNh
+ 5VGOE8o7+eFK/YYWi0p62CNoojON78ZG3egN98QNf+mZ8+F0JkyG7FB4KQG52Oav
+ 94qvYn6pJVwQsDU9K6ADfd1TStiZGjFk4k+gBIq6w3uzdn/SFlCwge90Vp5528jX
+ fFtmJg4BjPmffDMVigz5s/J1+4NoJJdxfdIHKWt59yt1myBGj8HTYDsDJxkrcSO+
+ TzZZbQSvUZDBqZVdqTQs1R2D4Q/ig8u400v0KluJz2BV5h1mYt97yflaiQeceRRX
+ WJ6lOQmQq1M4GIXOybeKLRX7wJ7V8AU3FmyDfRhtA8sn38qhnqXYHxQnyYuxIyrS
+ XAFcNhhdEXGoTgHy8WmXVI0e2kU+/yjWrNKigZHGMuRBGgpd20CyfhPCH0NsB4dm
+ Mj6JuLN34Vg9oNyzKYSGBk2MBXCwr/dOkZONN+KQJaR4sYLDARt+9TkJTPXN
+ =acPX
-----END PGP MESSAGE-----
fp: BF37903AE6FD294C4C674EE24472A20091BFA792
- - created_at: "2024-02-29T15:23:23Z"
+ - created_at: "2025-01-30T16:59:31Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hF4DNffZWjBmO5ASAQdA6hgR8rEHwDyrs8e89euwZL1J7Ul/1XKJVGSQHSgAAgEw
- 1shc8TrDXMt9NveygpzlbDJc9pYUg2bKn+rgpS853Cx+MqYQBeu5SMpxpiZrr8J6
- 1GYBCQIQeafELm9z2HZo0mwujkbcxPfrPX8vUzzE/EL6EDwfPGDL6HUAyHnQC7hc
- dCK6qK5OZNkpFGYqwUuPeDQwwwmdd1qNSD1Fcg+SuJ64vw4BAlX5iT1JyVqgTRI4
- Tz3Bpkdhphw=
- =f1SN
+ hF4DNffZWjBmO5ASAQdAxsxPOk9ZxisW5ResmyYS/CEL5dbBvqGeqRDCnht403Mw
+ JLPggEsyb4JXQU/IEQKNuUHQkyoX1+1agn9TRtZ23YqqgtrDE5B/X21UVezSK86r
+ 0lwByKvO6GBDcnWZ/z8aF3ELpFcoWjHS5ncev3Vw62FCKQj7TMuRPJPfjthstYC+
+ 3maVwjfp0VaTKMF7lk7+Us/XbAnse7nFAjqqQqkrdFXgFrfEw+8arT8LEHTjpA==
+ =EL+l
-----END PGP MESSAGE-----
fp: B1A16011B86BACB56ADB713DB712039D23133661
- - created_at: "2024-02-29T15:23:23Z"
+ - created_at: "2025-01-30T16:59:31Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQIMA1tId/HHLgxAARAAkHey4n6G1FuZMQpZ6Jo/o27mzuqsRwj5+kS14+WVm8Xm
- BZ+DEMIbV/mCBBsIZKHrkrM1ml+Mul3pUHkTfo92n0dHjKaRKNLplbhyXMAavQnY
- MpcYv0OTR3/ZlbtQXsDT691rBGtAXoI5dwX9lRGUN7W0TzjZ91O+mLLloEYdmHuD
- y2b36TsYmV0tq7e/T1xQn2cy7SAB0OUmAlL+W7/18P7NdJxMtBPoPDoRgcXZneZq
- GxLRiTPgCeXaN6OzfsNxQrWv0kVh0ob95Grp1/J7CPqh+iEf6IROyHpD4/Yc41ih
- FJLU3sameMn+PlelRqL2MhctYPjgqFnLB/2ILaG2yNMOM7MiMZY+WW+LjojYgAjS
- /s0aBgxBVyR/r22fDsDISbwKkmSiubZcYStwP4WmlMCDYY6nLIxJC1Sel6IRqqGD
- QzPiG0lwK4llx9vdDK5IKqFyu+Z89ctVHRntBtDBqWM1z8O/5R+HiDwy3VDkDfH/
- tuF56xvhVsyEJSe85t89RUDpv9aTq0YxjWBKhCOcP1bWOLzwmaP/Lldo5QUZ3GnP
- lDP3FjsRld3upKBQ4UntcChjDjjxWVTIbc07gIDbel4JnNvv/o4r+NpXhiisnXgl
- siOLAtCdFudfRscSDxhmyBzRmmMe3sKbi+ezxOuepThXaXYvyUk2D8GZg0mLF1HS
- XAGycxm5KP86z5gREvArW26HbIxNlfUpTIoIKgmX3nWhj62Og5VmBYLcMARxVzut
- Fu8ukgtgmIQKx8O2OLnmiO3rLvY2xPS5DUOgmYjfPqcxFkI/q32L2OXH3ZJY
- =KFx1
+ hQIMA1tId/HHLgxAAQ//bTyIxfNjxe65w5GM4Czgv07La7xT/ORscd1vhHc309Qc
+ oBPj7Vb0dhfNcc2z44WDlnLPoU3gUTLkE3oj+X21pMmIQuJvwHLxOV07JayTGeVB
+ s/880mFfMqSKnK9xnFkcXnu7aIiYOs4NxwwA+U5l009Mj96qjuX/3X47DRg3gWta
+ YYHUX3eqlEXSTpi+iYGK44izDsynJiFLaCIeGVGm6XGsBmIpLQQc2++QozjYYLI2
+ 714aAyVOghZA0m/Egc83Yp+EsJq2WBolgTaXp954OBz8D6pRDj986p+LrHCDEQy2
+ U1htRnO5yLSk6nOwBtDiji4piCMki3VDlOZgMTyjJhLloQ5uou6q8uB53Zof8esk
+ 42PQspqvvhI3DlmBIQnJCpk/mJEsOmq3bpTDsVKARIs+nnSpwJkb7K2Jq4cB0YkL
+ EjZNDUUCliDPxExrEyNANB5fV18fqSGUuLYAwreaV1mctXBYSPO3RX4cByt+Xvhb
+ cQ5ePevU25ZBTeXhvf8DjdlxONgl9vF14EyJgbcOA6lwYUZKVyP1OnzrcGprIUww
+ lYFsyLbiNo1qLSRy1IJh2OCN10B0+XSLyF7HeUPH+2nsf3LksArJ2C3PvhDGVhpn
+ 08Zyf/90JOXeK8cAilW5HYvhgegVA7JtpUomYBgZE3kWGt6zRIRHH7NeiOIMXQ3S
+ XAFzrgrzDGUFUNd01Kl730ZvbxHvvkZcPf8jc6IL3vHvew3mMAwoZOXnlspwADA9
+ gH90i9J9ud12EZ3H+kGtVsz9wVH3hGoT9J//laoImkeT+Cx4o6Vi4sqFvSmm
+ =F/0J
-----END PGP MESSAGE-----
fp: FB44F0746DF25F0B24A2EAE586C8A257C3EC82AB
- - created_at: "2024-02-29T15:23:23Z"
+ - created_at: "2025-01-30T16:59:31Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hF4Da5T//DC6DJkSAQdAyVvnKDj+KjtF0mEhf/QXb8dwIZPjPr5CAcvZvJhSThgw
- J0bpP5IAu6LRp+D8C5SnMjaN1eNKX2McFcM3PVsGyCiAEihHKRD91J5xQ4Uc4Tea
- 0lwBkk7/c9S0KXiKM8pzqRMuimVOs9DMXqxbEKc2BvM7hmKJJfAYE/dvRxNayW4j
- Qh7px98tsMsSJCeaj5zqa89aBl8UOQmBYdsjby3BRbOoHNE2ulKe4m4HcV3IpQ==
- =Rdl0
+ hF4Da5T//DC6DJkSAQdAVIeAdew4oAcgVSZQppDTostppwh+tjE6IQMzOfDk5FAw
+ v0Tka35Ol3RdQ8cJGjQohtkxpPMFCeq556FusOxzVWV7blwFlIR1UOd8QlRG7rw8
+ 0lwBUg97NdpoVdVDZrJfnZHQ+GAsfyOZrU8DbyEU8rcf83ShNiY9WvyFKfZJPo/N
+ 8ZA/Iqt8JLhRYCIPAtKWuc501ziHjTh3mdWjE++DP4b9/IO1NbM1mtpnjhKIUg==
+ =aCH5
-----END PGP MESSAGE-----
fp: FBBFAC260D9283D1EF2397DD3CA65E9DD6EB319D
unencrypted_suffix: _unencrypted
From a8cb4d45bad3cb0f1a064beae7c99d6039eff19c Mon Sep 17 00:00:00 2001
From: Frieder Hannenheim <friederhannenheim@riseup.net>
Date: Thu, 30 Jan 2025 19:13:53 +0100
Subject: [PATCH 06/46] update notenrechner to add disclaimer about correctness
---
flake.lock | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/flake.lock b/flake.lock
index 605ad80..c48720e 100644
--- a/flake.lock
+++ b/flake.lock
@@ -210,11 +210,11 @@
"utils": "utils"
},
"locked": {
- "lastModified": 1738245261,
- "narHash": "sha256-6UGqnmO/e7hwI73qszBco39UcsZ3b/cCQA6MwQvAYBg=",
+ "lastModified": 1738260727,
+ "narHash": "sha256-dqwlhg3L5SPoHSWbdI10EL0Vs/7BGW76h+q05laKyTA=",
"ref": "refs/heads/main",
- "rev": "74cafbb6f0a0067cbacee31cfa12c387ea1670d2",
- "revCount": 8,
+ "rev": "72c70b74f9216a3cb2913df91c8edf8516de1800",
+ "revCount": 9,
"type": "git",
"url": "https://git.ifsr.de/frieder.hannenheim/notenrechner.git"
},
From 839b00af204fc83619f7f6c9e91ffdd2e35be225 Mon Sep 17 00:00:00 2001
From: Frieder Hannenheim <friederhannenheim@riseup.net>
Date: Fri, 31 Jan 2025 16:35:24 +0100
Subject: [PATCH 07/46] add ssh key for frieder
---
keys/ssh/frieder | 1 +
1 file changed, 1 insertion(+)
create mode 100644 keys/ssh/frieder
diff --git a/keys/ssh/frieder b/keys/ssh/frieder
new file mode 100644
index 0000000..1e1228e
--- /dev/null
+++ b/keys/ssh/frieder
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH70IC7DaiGBYdftUhuOE9CatcdYj2L50eZfztQA+pVs fried@Frieders-Void-Laptop
From 969ff2755527feef08c18cc9738f7c80086d7728 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Sun, 2 Feb 2025 19:57:54 +0100
Subject: [PATCH 08/46] sharepic: limit to university nets
---
modules/web/sharepic.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/modules/web/sharepic.nix b/modules/web/sharepic.nix
index 0c5a51b..febd677 100644
--- a/modules/web/sharepic.nix
+++ b/modules/web/sharepic.nix
@@ -36,6 +36,9 @@ in
root = "/srv/web/sharepic";
extraConfig = ''
index index.php index.html;
+ allow 141.30.0.0/16;
+ allow 141.76.0.0/16;
+ deny all;
'';
locations = {
From f1f330daab6da2b239a11ee97b453935b809f556 Mon Sep 17 00:00:00 2001
From: Frieder Hannenheim <friederhannenheim@riseup.net>
Date: Mon, 3 Feb 2025 19:13:19 +0100
Subject: [PATCH 09/46] Neuer sharepic-generator. Keine Begrenzug auf Uninetz
da keine SPD-Assets mehr
---
modules/web/sharepic.nix | 61 ++++------------------------------------
1 file changed, 6 insertions(+), 55 deletions(-)
diff --git a/modules/web/sharepic.nix b/modules/web/sharepic.nix
index febd677..8b97cc8 100644
--- a/modules/web/sharepic.nix
+++ b/modules/web/sharepic.nix
@@ -1,63 +1,14 @@
{ pkgs, config, lib, ... }:
let
domain = "sharepic.${config.networking.domain}";
- user = "sharepic";
- group = "sharepic";
in
{
- users.users.${user} = {
- group = group;
- isSystemUser = true;
- };
- users.groups.${group} = { };
-
- services.phpfpm.pools.sharepic = {
- user = "sharepic";
- group = "sharepic";
- settings = {
- "listen.owner" = config.services.nginx.user;
- "pm" = "dynamic";
- "pm.max_children" = 32;
- "pm.max_requests" = 500;
- "pm.start_servers" = 2;
- "pm.min_spare_servers" = 2;
- "pm.max_spare_servers" = 5;
- "php_admin_value[error_log]" = "stderr";
- "php_admin_flag[log_errors]" = true;
- "catch_workers_output" = true;
- };
- phpEnv."PATH" = lib.makeBinPath [ pkgs.php ];
- };
-
- services.nginx = {
- enable = true;
-
- virtualHosts."${domain}" = {
- root = "/srv/web/sharepic";
- extraConfig = ''
- index index.php index.html;
- allow 141.30.0.0/16;
- allow 141.76.0.0/16;
- deny all;
- '';
-
- locations = {
- "/" = {
- tryFiles = "$uri $uri/ =404";
- };
- "~ \.php$" = {
- extraConfig = ''
- try_files $uri =404;
- fastcgi_pass unix:${config.services.phpfpm.pools.sharepic.socket};
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_index index.php;
- include ${pkgs.nginx}/conf/fastcgi_params;
- include ${pkgs.nginx}/conf/fastcgi.conf;
- fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
- '';
- };
- "/data".return = "403";
+ services.nginx.virtualHosts."${domain}" = {
+ root = pkgs.fetchFromGitHub {
+ owner = "jannikmenzel";
+ repo = "iFSR-Sharepicgenerator";
+ rev = "ac721d5fff2dba1f046939a6d6532b1a8cfceba8";
+ hash = "sha256-of+N58TDt2BcbDVEriKn6rjQVl0GdV4ZMEblrdUutZk=";
};
- };
};
}
From edcba9dc858cc9751c0fae3e09fbe9af864e40c5 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Tue, 4 Feb 2025 12:20:46 +0100
Subject: [PATCH 10/46] updates 2025-02-04
---
flake.lock | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/flake.lock b/flake.lock
index c48720e..170f17a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -143,11 +143,11 @@
]
},
"locked": {
- "lastModified": 1737861961,
- "narHash": "sha256-LIRtMvAwLGb8pBoamzgEF67oKlNPz4LuXiRPVZf+TpE=",
+ "lastModified": 1738466368,
+ "narHash": "sha256-PZhUjtvQZOH3PO0EYdTpQvcqkgkq1NkP2A6w9SPHYsk=",
"owner": "nix-community",
"repo": "nix-index-database",
- "rev": "79b7b8eae3243fc5aa9aad34ba6b9bbb2266f523",
+ "rev": "46a8f5fc9552b776bfc5c5c96ea3bede33f68f52",
"type": "github"
},
"original": {
@@ -174,11 +174,11 @@
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1738023785,
- "narHash": "sha256-BPHmb3fUwdHkonHyHi1+x89eXB3kA1jffIpwPVJIVys=",
+ "lastModified": 1738574474,
+ "narHash": "sha256-rvyfF49e/k6vkrRTV4ILrWd92W+nmBDfRYZgctOyolQ=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "2b4230bf03deb33103947e2528cac2ed516c5c89",
+ "rev": "fecfeb86328381268e29e998ddd3ebc70bbd7f7c",
"type": "github"
},
"original": {
@@ -288,11 +288,11 @@
]
},
"locked": {
- "lastModified": 1737411508,
- "narHash": "sha256-j9IdflJwRtqo9WpM0OfAZml47eBblUHGNQTe62OUqTw=",
+ "lastModified": 1738291974,
+ "narHash": "sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320=",
"owner": "Mic92",
"repo": "sops-nix",
- "rev": "015d461c16678fc02a2f405eb453abb509d4e1d4",
+ "rev": "4c1251904d8a08c86ac6bc0d72cc09975e89aef7",
"type": "github"
},
"original": {
From 00360fccc239bb7c89213955d7c7508ab7cf8e6a Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Wed, 12 Feb 2025 15:39:05 +0100
Subject: [PATCH 11/46] deploy new kpp version
---
flake.lock | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/flake.lock b/flake.lock
index 170f17a..f3e36fa 100644
--- a/flake.lock
+++ b/flake.lock
@@ -101,11 +101,11 @@
]
},
"locked": {
- "lastModified": 1732530918,
- "narHash": "sha256-O5cmb7xeIq1luKn9FbS3UP4aziP2UuBKARsq/w7CGqs=",
+ "lastModified": 1739371104,
+ "narHash": "sha256-k7RZrUCxPPV2htf5bSEGlailgMSXh0c5DTPY6uvB1QY=",
"owner": "fsr",
"repo": "kpp",
- "rev": "b867b6b3d4c604c177e1866d2babc7ae5c0f6a9d",
+ "rev": "c98d8003aaf7b8b085c674ce6d931cb6014a5c95",
"type": "github"
},
"original": {
From 74c6cec7c65baed1a57397083ef5318b609a1f62 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Sat, 15 Feb 2025 00:30:43 +0100
Subject: [PATCH 12/46] rspamd: remove nixspam blocklist
---
overlays/default.nix | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/overlays/default.nix b/overlays/default.nix
index 5fd91b9..db5f720 100644
--- a/overlays/default.nix
+++ b/overlays/default.nix
@@ -1,6 +1,7 @@
_final: prev:
let
inherit (prev) fetchurl;
+ inherit (prev) fetchpatch;
inherit (prev) callPackage;
in
{
@@ -40,4 +41,14 @@ in
./hedgedoc/0001-anonymous-uploads.patch
];
});
+ # patch to remove the nixspam blocklist. Remove after next rspamd release
+ rspamd = prev.rspamd.overrideAttrs ({ patches ? [ ], ... }: {
+ patches = patches ++ [
+ (fetchpatch {
+ url = "https://patch-diff.githubusercontent.com/raw/rspamd/rspamd/pull/5300.diff";
+ hash = "sha256-7zY+l5ADLWgPTTBNG/GxX23uX2OwQ33hyzSuokTLgqc=";
+ })
+ ];
+ });
+
}
From 966fbde1e9e2dfd06e6bb894ab338d00356d04e0 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Sat, 15 Feb 2025 00:31:05 +0100
Subject: [PATCH 13/46] formatting
---
modules/web/notenrechner.nix | 6 ++++--
modules/web/sharepic.nix | 10 +++++-----
2 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/modules/web/notenrechner.nix b/modules/web/notenrechner.nix
index a6da3c1..06d4d05 100644
--- a/modules/web/notenrechner.nix
+++ b/modules/web/notenrechner.nix
@@ -1,6 +1,8 @@
-{ config, specialArgs, ... }: let
+{ config, specialArgs, ... }:
+let
domain = "notenrechner.${config.networking.domain}";
-in {
+in
+{
services.nginx.virtualHosts."${domain}" = {
root = specialArgs.notenrechner.packages."x86_64-linux".default;
};
diff --git a/modules/web/sharepic.nix b/modules/web/sharepic.nix
index 8b97cc8..521d297 100644
--- a/modules/web/sharepic.nix
+++ b/modules/web/sharepic.nix
@@ -5,10 +5,10 @@ in
{
services.nginx.virtualHosts."${domain}" = {
root = pkgs.fetchFromGitHub {
- owner = "jannikmenzel";
- repo = "iFSR-Sharepicgenerator";
- rev = "ac721d5fff2dba1f046939a6d6532b1a8cfceba8";
- hash = "sha256-of+N58TDt2BcbDVEriKn6rjQVl0GdV4ZMEblrdUutZk=";
- };
+ owner = "jannikmenzel";
+ repo = "iFSR-Sharepicgenerator";
+ rev = "ac721d5fff2dba1f046939a6d6532b1a8cfceba8";
+ hash = "sha256-of+N58TDt2BcbDVEriKn6rjQVl0GdV4ZMEblrdUutZk=";
+ };
};
}
From 708059a7b635d36172b750d6621abf14357f2631 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Sat, 15 Feb 2025 00:31:23 +0100
Subject: [PATCH 14/46] chore: ran deadnix
---
modules/kanboard.nix | 2 +-
modules/web/sharepic.nix | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/modules/kanboard.nix b/modules/kanboard.nix
index 099beb8..2416ed8 100644
--- a/modules/kanboard.nix
+++ b/modules/kanboard.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, ... }:
let
domain = "kanboard.${config.networking.domain}";
domain_short = "kb.${config.networking.domain}";
diff --git a/modules/web/sharepic.nix b/modules/web/sharepic.nix
index 521d297..6c9e597 100644
--- a/modules/web/sharepic.nix
+++ b/modules/web/sharepic.nix
@@ -1,4 +1,4 @@
-{ pkgs, config, lib, ... }:
+{ pkgs, config, ... }:
let
domain = "sharepic.${config.networking.domain}";
in
From 608e5b9209c2d64b5440e40b3237d37241491ef9 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Wed, 26 Feb 2025 14:16:17 +0100
Subject: [PATCH 15/46] update kpp
---
flake.lock | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/flake.lock b/flake.lock
index f3e36fa..6a38e78 100644
--- a/flake.lock
+++ b/flake.lock
@@ -101,11 +101,11 @@
]
},
"locked": {
- "lastModified": 1739371104,
- "narHash": "sha256-k7RZrUCxPPV2htf5bSEGlailgMSXh0c5DTPY6uvB1QY=",
+ "lastModified": 1740575754,
+ "narHash": "sha256-QS1hdpU2gnzLJ+FTVhKrO6xPVtwCr1R5eb/guUKM/Lo=",
"owner": "fsr",
"repo": "kpp",
- "rev": "c98d8003aaf7b8b085c674ce6d931cb6014a5c95",
+ "rev": "b5a6842f181fd6fc71bf9681c8da7e6418837a01",
"type": "github"
},
"original": {
From 4c2c71f643d7f3a66fabfe29ccb61525b2cd6e48 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Wed, 26 Feb 2025 15:01:12 +0100
Subject: [PATCH 16/46] update kpp
---
flake.lock | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/flake.lock b/flake.lock
index 6a38e78..ed2e921 100644
--- a/flake.lock
+++ b/flake.lock
@@ -101,11 +101,11 @@
]
},
"locked": {
- "lastModified": 1740575754,
- "narHash": "sha256-QS1hdpU2gnzLJ+FTVhKrO6xPVtwCr1R5eb/guUKM/Lo=",
+ "lastModified": 1740578352,
+ "narHash": "sha256-2uBsRMh1Iz7gds6E3ygsXbKcNhxk+56VreKpOvnKlD8=",
"owner": "fsr",
"repo": "kpp",
- "rev": "b5a6842f181fd6fc71bf9681c8da7e6418837a01",
+ "rev": "d46e9c7397c8e35bef8ce9bcea10a3106af9143a",
"type": "github"
},
"original": {
From f98ddacd2b2c2afd64cd773b27b403d4c7f92b6c Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Wed, 26 Feb 2025 15:17:15 +0100
Subject: [PATCH 17/46] update kpp
---
flake.lock | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/flake.lock b/flake.lock
index ed2e921..1e9bb2a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -101,11 +101,11 @@
]
},
"locked": {
- "lastModified": 1740578352,
- "narHash": "sha256-2uBsRMh1Iz7gds6E3ygsXbKcNhxk+56VreKpOvnKlD8=",
+ "lastModified": 1740579405,
+ "narHash": "sha256-ehH2pSzasFZL9tyS0JULxn+ZBmAkCkH3RIl8zNE3cNY=",
"owner": "fsr",
"repo": "kpp",
- "rev": "d46e9c7397c8e35bef8ce9bcea10a3106af9143a",
+ "rev": "24ad3618e814113a7260da3ff21a8d5c83a2b111",
"type": "github"
},
"original": {
From 88d603bb632121b8a3487940329df8f1b6a6c58d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Benno=20F=C3=BCnfst=C3=BCck?= <git@benno.five.name>
Date: Sat, 1 Mar 2025 16:35:17 +0100
Subject: [PATCH 18/46] hyperilo: fix ilo console
---
modules/web/hyperilo.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/modules/web/hyperilo.nix b/modules/web/hyperilo.nix
index 7e73f27..fd46958 100644
--- a/modules/web/hyperilo.nix
+++ b/modules/web/hyperilo.nix
@@ -12,6 +12,7 @@
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade_capitalized;
+ proxy_set_header Authorization ""; # drop the basic auth headers, otherwise remote console doesn't work
'';
};
From a2a2a5c0f0eb3c6d921a92c0473a8228c68ba873 Mon Sep 17 00:00:00 2001
From: Jonas Gaffke <jonas@jonasga.io>
Date: Wed, 5 Mar 2025 22:30:18 +0100
Subject: [PATCH 19/46] remove jonasga ssh and pgp keys - abschied aus dem fsr
admin team
---
.sops.yaml | 4 --
keys/pgp/jonasga.asc | 92 -------------------------------------------
keys/ssh/jonasga | 1 -
modules/core/base.nix | 1 -
4 files changed, 98 deletions(-)
delete mode 100644 keys/pgp/jonasga.asc
delete mode 100644 keys/ssh/jonasga
diff --git a/.sops.yaml b/.sops.yaml
index 57e4ea2..7513f79 100755
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -8,7 +8,6 @@ keys:
- &fugi BF37903AE6FD294C4C674EE24472A20091BFA792
- &emmanuel E83F398E6423179FE4F63D4FF085CAD394DE329D
- &joachim B1A16011B86BACB56ADB713DB712039D23133661
- - &jonasga FB44F0746DF25F0B24A2EAE586C8A257C3EC82AB
- &hendrik FBBFAC260D9283D1EF2397DD3CA65E9DD6EB319D
- &frieder age1x76ajqw8w4l5vlkwt5s3flz5a5jq5qlxv7uppmnf8ckj9egh9ekqjclzt6
- &quitte age1wvdnprpnq2rcc4se3zpx2p267n0apxg2jucvlm93e3pfj439ephqh2506t
@@ -24,7 +23,6 @@ creation_rules:
- *rouven
- *fugi
- *joachim
- - *jonasga
- *hendrik
age:
- *frieder
@@ -38,7 +36,6 @@ creation_rules:
- *rouven
- *fugi
- *joachim
- - *jonasga
- *hendrik
age:
- *frieder
@@ -52,6 +49,5 @@ creation_rules:
- *rouven
- *fugi
- *joachim
- - *jonasga
- *hendrik
- *frieder
diff --git a/keys/pgp/jonasga.asc b/keys/pgp/jonasga.asc
deleted file mode 100644
index feb05ec..0000000
--- a/keys/pgp/jonasga.asc
+++ /dev/null
@@ -1,92 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBGNNDUkBEADJu4HorNwlrimCfAmf1Sb2iHMoS4xwYn7AaU+U3RVivIfB/qNi
-+ggKF6osggihttIPEQqXqS591jutnIKP+KKvD9n8/jfCsDi5m6Ddwz61rL2NvEad
-bMJSViUzIEIDgQTJT8CByWJpPPND3MoKOuEK/XUQpKmhACT8l+xWSz9UpxPchAUa
-1vI7Q+jt/ik0EI7sH5WFaBzFj4xAwXXyWYuw6G5nP2oW237NLQnMwMFywLOyI7Qm
-+PfY/l4HKrNFYBiuv4ToGU5tAb1a23Rp+IV9faPZsT0IFYdxdkQUuu9s2JZ2UnvV
-VfJ0NWheToCY/R4TZkMDGhNSpotsRLhgdsVJsoBws61ndV/IgrIQbVnMNZrXvn+z
-tOtdlECVflGIICJkbXtBiGtgMRdJMNHnt4a3/2yPtCTG03Kt+38COh0ox5j3+HIg
-87Xxxln7z8zolalRkKi6NbOY7qoITcnbZIF972/8SI3UjYERJ4/ay9ucKIU1WLGv
-Ei97s+IDHt8KXJizc4Z7XfssZ9BcIZ/ekfOopN2Av0U33LCcTKHw9ZVmuoZCfL+u
-L8TDQLHJT75n+4yOTKXu00pYxWqT5FOFS0RMYb98QLDmcIDQ+B7pw82UGF3/3Fx6
-YBNY4IjFqIovVmU1UKt4KdLrdOSN8cQtcCxORqT+89bjIG68DbIzO7iCpQARAQAB
-tDFKb25hcyBHYWZma2UgPGpvbmFzLmdhZmZrZUBtYWlsYm94LnR1LWRyZXNkZW4u
-ZGU+iQJUBBMBCgA+AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEE+0TwdG3y
-XwskourlhsiiV8PsgqsFAmS3zscFCQcOW/4ACgkQhsiiV8Psgqvirg/9H+XHvntb
-shbst+vM9x8IKwhaOrH6IwZa/b9v8y8MRmbXoculQUuDyoeN0+RZkdeYZ25cjbnj
-qGzFS2gspWgNcpQ6yH3lOiwFMWG18M8RrXnpe0lOuo1JrqN10xgnbE/XahAdzshq
-riTMd8c2u8xaTQpLajdzPjgn13eDsqq1GfdTUi+p6olIwEhVH+PBxNQsav5EaU/0
-BzVnIC0U/TDeNmZk6NNvxJItDwdGbDW9fIlWSoz112WlnBTaP0cwg9lKVGSXfECc
-HSh+FKhJoaCxXxy2lsSJTz0yvjZp/lKCQ1aOd546CMChoncaN7G+rQZjk2reCoE2
-zMey8zm0o3ik4aVEHLRbPhM7en0wywp1H4NmEq94cvQ2epYS58YB8owrZk/cSlqc
-NH3Jw9wqQx3Wd+WLCYVn/Hoyj1QxeQJ1xvLau4KDE7dTVBXfWX9pv+zUi54R1bxB
-82907uId83VrtC0hGtwNz68wIfFduZJapZ50nIe+aXM3h4/BBqA7R2H/MKBy3VoA
-+pVVcIXk1HHEoZCt141ikHLOYAeUo8A98Dh6BESCuh0tCNa7Xh/3EZnvPIAVmiP4
-twrHYz2ARG6NgIVJCwnmSHyV76gPwT98fuX5KRkGh9Ev19DBL75tvLiwLiqSiR4Y
-liwM4YMa71wqet+CsQ7CAdI7LaGOB1wo7Xe0H0pvbmFzIEdhZmZrZSA8am9uYXNA
-am9uYXNnYS5pbz6JAlQEEwEKAD4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AW
-IQT7RPB0bfJfCySi6uWGyKJXw+yCqwUCZLfOxwUJBw5b/gAKCRCGyKJXw+yCq0tN
-D/4/sle7D5dGsl12/2hq09rKOYeN2IedzTYtY6EYaMVMGgh35YVUXYRsj0JmIt3c
-m/L68d3rhxkiIxSdaXxZDvVvoOATgAnn4wXuz2LrtxoPpwVb8yREBIDSTymAHKgT
-5IXWl/x2CB6rQ9rlyg00m4sEOJ3newytVK24QtEiSseuDrR+5RGyP85UFjVSKWtE
-kYuIk1Rst+T0XJUJlIMjpMLtTF9Z15FwTRvPUhHfO8wmdp/xfHWdyB0qZI0QdnlA
-4uGP1TaXw7fm1o1frlla6LxIRCIe/Bk4pIPVg70BjO8HDPr8AQhTLqa2+1rI+AXD
-Wp3ROOe5X0fXV3liT/J/lXLBerWbYibVcHZluvEru7cgS3xBrbKP4OCF0i3xvueU
-dZnat1bfNPua6VXxACfoIGP7XYoRH+mx1Pv0tCiGv++5Lr9QGmDRwFEC1IgMnPu3
-YVu3wrTVZhyhyPKlp1golx9ZCemgyimqNNdfDEea0I75UTkoOfLpjwFGHuB2KiOX
-xyfaIxgOLN3/eefT6GYGmI9/it7E2cZhjEMCRRHsqFEa3MSZABIs/VGFctsJVVQy
-ke5hZavElLUGbDeP3GCdAnYb+DG3lP1KuzCqaGwpfZOh9WqlmxhGHnr+SkPDcAwO
-E6FZ63E6da1BW7aqQK9IQIlz1wT2fwLfyyiNTuH0GksA67QkSm9uYXMgR2FmZmtl
-IDxqb25hcy5nYWZma2VAYWdkc24uZGU+iQJUBBMBCgA+AhsDBQsJCAcCBhUKCQgL
-AgQWAgMBAh4BAheAFiEE+0TwdG3yXwskourlhsiiV8PsgqsFAmS3zscFCQcOW/4A
-CgkQhsiiV8PsgqvrihAAryY5C9niS6gXqKVnXWNlf/cesDCRNEs1akOLmwF4S541
-dsbKt9Ox4EWjaGkVC3ucKa7ejRqkOSoVnj+8iEDFaLJbhd2btYjKqWRXm8leuiHq
-SJ8tdsBDXXYodp8riTaPw8q+BV/OIjalTRq06dCon7kJtQiPolSvUr+pz9BIcWCV
-DxVlx/tI5SUuLEfa0cxFjkxVX/PyjijF3NXelMxDGDv4VjXZcZ8/gbHZUQeba4ku
-utfyeUpz8Jk2QcCROtO9XQNvPw8ae9KC+zSmiWOmK8CEMM9UAnHHV3M4nPi8Toef
-Na/W+48uWX7MNsD2DvQPft8Rv71bPnJpdU2sPfND4I8TsV0cjKRapfuhDkBA7QF7
-RxQtDS2QE1pMI2MbLoAJi2vItnXx1GV61ZL40pNbofVylJLfddjSJ2Mt2Vr9CxOJ
-yNk+lq36DzWELcWTbW8wlinEmzg3EPFMQKfPtMGAqQ/c+5e4WCxGPdwYZMpX5CRc
-SevoIWIS7D0lSzxMFnEmSEbV8UTCiQTqOYKvwXpD8APJ0BlJzxSxh6nWOvW63O4q
-hZWU+iNjifongAZ5bHdj9LTnLcMZtNZCUaGOT3JQOfXo9CFCa9CQY45RNHFCyWpj
-jMONEUxh/kSBiNmCQ7hReiMOo0v0DPziZGlU6xOgbO7FY65w/aBG4KzyO54ObtG0
-I0pvbmFzIEdhZmZrZSA8am9uYXMuZ2FmZmtlQGlmc3IuZGU+iQJUBBMBCgA+AhsD
-BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEE+0TwdG3yXwskourlhsiiV8PsgqsF
-AmS3zscFCQcOW/4ACgkQhsiiV8Psgqu1uRAAxd4g81gphfrBqh7dQdJxYoj6CWqZ
-+yrqkoFLrHtT2nEc2o/gzJ3NRtUOVVkbZavWm3+U0/kYn0l/2pC/rRh7EzMmqVqV
-tib+F56dWTSiJ/4jwkUIxKiQdUYP9M1HHyYUY+aNU+ob3S19IMy4hvE/jSk7o8y6
-vYx4LsOkxr2/VclsUE+1F9rPUUymbwPzcLCuStP2dHrIvyVTyKFEE2SYv8Vt53sb
-6IFfo1Fef3gVzlfPgYVpprnumF1SDufSIT4xy5NIbKngeUxlLzsXFpgjoAEqGJQM
-XdlAc1JwOL0vB5F8fYVXvCn/xqGdm5XByAQZhZsod0yPvfLr56T57wRQl2KZLDFk
-90FSVgn9Z+mfimixgo5sQ6PJaLmBZl4ZLdnX1RGT8sjXyhX8QRdB8VRk1NEoxBWv
-W7ZvuLZXJ5HuVj8zsrS56PFBwcIure4K9OZyYdWIDLLGDyMWBcXhmbrcHxTsBoCH
-vWIY6xQdpKBwnK/eDeMTcvyxnfbRbg1InvPp9WwUHixiJpFfJg/D3ljKp9DfhG1I
-KZs6kc7rxiUdrxsAul2thrd9OdVWHWc8KZgHH3Lu/+0Ff4BqgTCHOtAQF1WRLGMq
-Bz/ZmkaPpF+bCFL8DIWKpZ0RIroGzRrJ/+HpPrNifgTLppXFeORaERmBKjsvGxk9
-kxs4/YrT7NRJFci5Ag0EY00NSQEQAL2QNEcd2EB7Pxgfywr8FKH5j7pa5LcLPAIQ
-zSQYIcjkNJ2RwCFJ2NRmnlHi1K/Ig2rU/CyHn2AQ5xJirMn08Zfe40L8fLjR8nx8
-8123BxURzC9jOy9/P4XQnVsyA82nyjm1b7ZdYxBKtfuw1p3N5ZBn0VIQ8tcdIkVw
-WB1WWK5kvkhHzjrtJBTKsgFXGreKdy7eSXdJ+GnXRAcGMtvDdLI3FuuqFhSiQk5Z
-8iuG8vbIefC/FvK74qADST3rFi+hKDVx+nMrGMtaNs41ogrgcsOL5kg62MLH562x
-g3/a4xk75374t9j1SuJOz74PuSdpyNuj1Np9nrA7qjCpiXgoD2RKv6nUVdtg2ONT
-2D4HU65gq4/EJhgLm0pybImBmaNV0yQ7c1jvTl5UvDe6eo+PiKSheDJUKt1Yf+qM
-8RGquQ08kYvYSIqGEPmZGWTLfKUrmGdRPP8M1GiavOph5zagRRUvx8fMAZ24YmBD
-NdkrFs4TykfwWpKXxxgnAFfpe/U8qh0Nn3EpMbFVddykGgbu/lp0hlD9sBwMRKSN
-WrjP6EcQxU+2F+iXA7ycnqc0gm2NFbF7hxfq01aeHsAEDYjJ7P3MqhS77eizubnF
-uMmFBN7bX8nSzgBW3EPf/U6MXWgVmBu6AoTlLryDN7FVM/lQROyysAzXAZTpVfdj
-JYvK6Ek7ABEBAAGJAjYEGAEKACAWIQT7RPB0bfJfCySi6uWGyKJXw+yCqwUCY00N
-SQIbDAAKCRCGyKJXw+yCq894EADEaqstXPduTKMdKoI3nA4IzODp89HXEyxZ5w7I
-WBX9QVu6bsI6uIXCb6YTNaleLUoz6XKHKctzCexyNOSChbKeFC5pnCejqjTHZfip
-6bUcuaFYGsbzWUEasIlMxISLs3yHSf5sN7FNU2Oms/3EE5nY/pFZKR4V/bvk7FdG
-UIE6/Pv9Z7Xw/y83CH+W72y83Ugk3iqFjcNcFRQ1JIHASqka5T2k6FTSfTvHlrRG
-yTSsGe9r2Gkh8GkGmaMboIW/drd71w81Wn5wUWDZBWqEP0UMQ5mld/sGCnmiM2u7
-yWbYXSTUvluutHsXZuhlAv8TGp6VkpCtmUquoM1UpmEGRb223YDPtBZdyOl+UnQE
-b8pN0pt+yDlYXX7kMi/i9WgR/vKm6YlAKziJwOdnKG4bP/urZDz602BXJWH8TWim
-/1CT5uMEdSEN5xBjyUt0q6Q1eGtB4Rub9J492yGJmp3IhvzeYoOmKjtmyPKFdDki
-21eBTU/TSPHToYtVW3Xm5afdM9313Y+hB3gyC9cQWWJdDi/rUtVi//j8lQErKxoM
-h97b5VOeFMO21EFXGiTLlPaP+qs7Ngqc4/Y7rGAbr50CVVDJUxawMO0+r32j+M2o
-rBWzVWTKM0uFGTRdVzwWSnYTltU1JoZ0xmV9HGJhLuQHRJ+F+8n7YxIke9wVU1yR
-q0Mleg==
-=M2wX
------END PGP PUBLIC KEY BLOCK-----
diff --git a/keys/ssh/jonasga b/keys/ssh/jonasga
deleted file mode 100644
index 5081d1f..0000000
--- a/keys/ssh/jonasga
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDpOQuIl31BL16yXdLlbzSDCle6bjE3WNVXzOV9ibdzEC3PpUufJDTU7FMW3WCO9fnYJ5osPKbV9nou5/10mPuN0g+k1e0NWUZNHbG+5zRqS7QYGFmtDC8EUTx1xnri5zMBMn9jzjNE8BkqvsjGrHcVCtI2T51slwFjE60GFkloQ7izRDrNkge1iM57KhoXz5MeYJtolDqeOh5P7nfAUR4bGT/gGtYVd85oCvbsHcjF9vgDovAfNP+zQhUn51ZOXvGp8+1/MAJVtxLfjC9Ma3LRiiliD6w5zcsksG5cUGcj2Sk9i/7nTm7g5MGo4EKwgPMw/MRzSRzvlZ76oPSPSLKn jonas@T14s
\ No newline at end of file
diff --git a/modules/core/base.nix b/modules/core/base.nix
index f61dd15..efd0868 100755
--- a/modules/core/base.nix
+++ b/modules/core/base.nix
@@ -64,7 +64,6 @@
../../keys/ssh/jannusch
../../keys/ssh/jannusch-arch
../../keys/ssh/tassilo
- ../../keys/ssh/jonasga
../../keys/ssh/rouven
../../keys/ssh/joachim
];
From 8f293cf453229f9f5263a87aea66fb989f703938 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Sat, 8 Mar 2025 00:03:45 +0100
Subject: [PATCH 20/46] sops: reencrypt without jonasga
---
secrets/quitte.yaml | 196 ++++++++++++++++++++------------------------
1 file changed, 88 insertions(+), 108 deletions(-)
diff --git a/secrets/quitte.yaml b/secrets/quitte.yaml
index bf4c40e..2901992 100644
--- a/secrets/quitte.yaml
+++ b/secrets/quitte.yaml
@@ -45,155 +45,135 @@ sops:
- recipient: age1x76ajqw8w4l5vlkwt5s3flz5a5jq5qlxv7uppmnf8ckj9egh9ekqjclzt6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJME1QdHA5ODcrT2FSdWdy
- aFJ6cmFURmRhcVRLN0FIYmdOeVJYZ2Z4K0hFCmxVZlpBaVBFMk9CUU44eWk1b3ZS
- MXo4eWZiLzJoSVJ4SVI3WTBFZFpjbXcKLS0tIGpsTStUS3ZBMTFUdGNzUTZ2MWxh
- Qlc0a0taMytXbVdJTHRONmNoVDMrbHMKU3K84N5vO6O7ruBjWylgzzvURvTLa3gR
- ldzSOAnWLeZo4IwXM9ic1j3DcmQDXSC7XFwLx6xzuTCsHJMhDOdS5g==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwcEFnOE93NGtwWGdlY1dB
+ Ti9ZQjVSc0VyY05DbE9iZkQ3bGVCQ1FlSEN3CjF3NUZHR01Lbm90SC9qWmFUMjBM
+ TTNoWGtlYnZMOHZRMEhEbVQ3d3pINTQKLS0tIHZnN2REdnlmTWI0aGc1K29jaTNW
+ b2NHTjV3b2xjOUxIam55WGFMM1N4WkEKibrW+oTxXWEkdWLcQA71u4zW0I42MV8V
+ IoQTPOJ0sfnKL1d9LflQ5aClC0sdXe97MZKoq5HV7ZPeL3IIYPuW6Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1wvdnprpnq2rcc4se3zpx2p267n0apxg2jucvlm93e3pfj439ephqh2506t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmKzZveDZTOEtHWERHZlZP
- cTdORFh2bFpMcmxQUzZ4ZmdNQ3NxWEt6NUgwClY2eXZxK1dkbVg3Z0NrOVZLeUM1
- TXlGYmFMUjJZNlU2WlFxcklIaHptMnMKLS0tIDFTRmVZaEVZK3hLK1RWa08vcWZ0
- d25xY3FKK2pJT01GcVo1bG9pYzJReGsKXNg/A0AVkk6YUuvxH4lPQGbSk2IdkeDG
- OQ7H3HCdMYSyJ/pRIrJwY+Mq9SbbIVF/zmsxbg8pl0RwFalQpCV0JA==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRdTBXa2wyZWIzQkMxQVg5
+ MjRLVWZwNzVXRGg0cU5lcjlWbllqdWtjdnpNCk1SYnlCcUNKampzYU12ZlE0MHRQ
+ WHYvcForelFWMGVXWXJaOEFmY3I3cUkKLS0tIGlJaHR0STMzRklDbVE2THVlczBr
+ MWM0M3FvbjUzL3p3ZU1zUG94ckV3ZTAKUOAkZ8nlvT36cyPy5USyDzoIG569N818
+ tMM5aQsEQ9vTOaUoK4gtBEXBva7VerMprdcTRYLcSJ/9L1vXdlVT/g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-13T20:49:09Z"
mac: ENC[AES256_GCM,data:xU5qqNX9M4ouWfimodb27Xvvi1F7wDJ946fJcP1ADi181/FLQ+kbKPm8QgPw9bDEJfBG4KculfplErNqzGZIqiL+0EDZVeHktRFq+1ojtRBXkpyWDalqV1nOlWGZ0ov/BjW3z0TA23Wb2K5JFjnR7MBRIPPs/CRFB7ke7khD9Og=,iv:fYe82vVtQn/BATRRWDvPmZ9PCKx5f3Xk4uYHP9woY/s=,tag:ktvyedUk0wOJ0tDvmBS64A==,type:str]
pgp:
- - created_at: "2025-01-30T16:59:31Z"
+ - created_at: "2025-03-07T23:03:16Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hF4DntlvaG5T7wcSAQdAc4V+guwi1dl8ELb8QNzotAu+SvIribVJ9I+JhzZvlkEw
- 7iHJltL6yj4IhVCYKMOmIDYUYVKw/kmZdW8cUnDTsaGjfDgLw1Uu6SZXYZwr7/u2
- 0lwBlW5gV0st8QPrpmFRVHPmtc7YcngIfQ8i0MPZPLxeD9O381qmD3AMG18SkgIF
- nAiqxAdt9TmACJ41JRqOVGAfLzTjTLHG2HQLrwNmgby5TBXZgxvZhdqvLCCD4Q==
- =k4X6
+ hF4DntlvaG5T7wcSAQdAoaGQG1W4yMq0MxUwvYIrxwdzKKBHJgv9hLCPvSyJwBEw
+ f177FgAT9PQW69wM2x3QZm4+HsozWqs3k7SlMRsRy0he0fAtdkGUr0EL0DCFi5ml
+ 0lwBJxkI/R2CI08fRqkS0GuM+6HiV6BRypVy15C1oXEhxlE/MhnCYlP/0MeHbQ7H
+ MkStwmbVqvOm8aizboD0EePZpHC0M+61ULgMt9HnzWzQ/ue/YepI1dPfEWBQ1g==
+ =etd/
-----END PGP MESSAGE-----
fp: B8E1727497FC48AA14158BDF947F769D7B95EC2B
- - created_at: "2025-01-30T16:59:31Z"
+ - created_at: "2025-03-07T23:03:16Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQIMA/YLzOYaRIJJARAAub2pfnT2qB/tPwKCwPhOnsfvOjYze76a/Kvwk7E0jo7T
- xcq3Vci19gJPyYXO0gKMXQj0gEz3DuQiHoumqJHdg0oCNBeUYLk6XUSOfRiCqe/l
- RNG06RpSk4r7pmqWuR6EOwt/w6RkH/PAka5C+yIXmjtqJq5VOKm26XKC4NJ6L73m
- Xk2YJ5R0jajaZLy5pHLHj9HovemVfhHh3vnO9aaGRfGq0OpBsNND4rygg0IqxZpo
- bh0lHnNnWLYZoJv4L5EhfdmqZzbATkn1+kb2V9/ZaGyRV84K6KxGoLKPjy5Qsz1p
- +9p2BWKZRCOy6tH3qKsjYHyZa6tWU+dBaOZacSPh2tpum0+vWIVjRMBTaEhYdsNR
- ChyhImIjoX7jXncMdxiSW9KSXpuKC0qqqBEXhankkPhE8ADcjk7Iya0WZE3OZrAy
- YAUR3SOOf5aDDfx2T3XT5tc2VQOM5MFOgqkTqG5VXGzO40HJDET9eHqT3/GZxgZg
- 5GpMl0NXdn00dfsifPxs7g0mv3Z4T4hoIj3N1wde6XI0t+t3Bdx7KizlJpAPoB7c
- r8orobQz2DUz7gq0ccqEXe9p3mB87Mbv7ln0sYp7jOMpv/0iC7zJvcqGXn19OTaw
- OLhUuk/PF38DWBC8wshZ/yZmkLmg1MokuDUVwLA/QA32gszuaDDNWW/mTgOUCa3S
- XAFezl/NfryxsrDi+ftzElun8hSUFvxYGkhihWiWvBfHudA5OHhRuDWvxOY5s9Xv
- CEqvcgLxwm/7GrDE2LJ5ARMOyAeicKXO0iCJo4qzMb0FnphXVbt02Si4oIFv
- =kfjO
+ hQIMA/YLzOYaRIJJARAA22jsmHM0HtkFMMH2p4jQn9E1n7eYGwnnD51CxdwrYI2a
+ 6xIVwCkSNlIqzGH8RysaPdXth2KCyGUR7Ll9KRO3wIKAnpY7lIDpI8LLz/ad8+ez
+ jnw09oVN0Hiob8Std79pVX2qGZpKwjJ1r8u/+QDhJpY+PkgGU/e8fIYYxb8P4SMJ
+ aWdh9tCL2/z7UDKQk0AjxEKbFrATfVBNYkyI0d+QlXJVsUukaQ99KBtTABboNFW/
+ BYaAqJaJoGkJLvQQ23NnsKZDhZ7eD4S1WTUyJG2C/lBSu7e1t9lftmyv4MekeE5B
+ wo+9G3hGzUayXWQ3W28QnvGJO8hqDkwBzyAzN2532UDymqsUZr4uHsuE9JwEg171
+ x5kxpd4UL5WTcj8LTM12tDLzTyW0exUIiM0mP9U+F8dUkRCH5fqmu5peCb18Con2
+ pDDHhhrqd5cxIHFqFawPufRtw8N88fLSzgGcHYq98bP83/SqIzpRDxWPayBRxL9v
+ 84oPPRbRp4WsWlzqBY/D3lhE/YM/rAc+BleWM5Asmf3yVkhfr4rLW0cD8SL255Rh
+ PTFEsfhaNG4RN0Syt2toM6oiKEvO66akijWXhNbKKhr4UjoezNxr9XRi4DIHrwf7
+ HyEv82mN03C4YhiQTARs+UHC1g3LPjOUMyaQuntZruEpQJN+UE3K+Uxldlt9tGPS
+ XAG10G4sLXfeeOEt/HFVe3jf31pAMbNGozEl253oZ06EZdbjqMvnPcREm4qFYsJ3
+ CtF0ReA5W6/vLFwusIR4T64tV7w9vdH7JH0VFisZgb4fZqohbZSRGABbCkib
+ =USB6
-----END PGP MESSAGE-----
fp: 91EBE87016391323642A6803B966009D57E69CC6
- - created_at: "2025-01-30T16:59:31Z"
+ - created_at: "2025-03-07T23:03:16Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQIMA8uqUsBLHj6XAQ//ekvxqmiiCP7ZmXEqudwlPrrmEDOTmq0SS1hHPHK0wTiz
- N3hw4c/nr8WEMby5xpzUhmxxFSp8Uysta1m6DqU3Z67oVZobkdUOwkZO15lics2D
- NqsU6UvmPdbJsAKJqTtrLjO65pN31UZhBEhnQj5IkGV+dl0Qgrazh3r8hr5t1oTp
- HYAOGQLkn9GhQEXKh328ks5KK5glQJWC4v1WToxty//lz5JJn5WNWM8aER/fQV+j
- QizCuDalgNixmg22Q/+c8uFEfsMpbU2MnrbHXAeZAWqKA9SfEBl5YOO8rce7PlA6
- TS3R/MQ8zFck4BtLh8KjXMAxmgSuyKRlNjoRccjfGeruYrwt+Z4Sl9Ou+A9qdWmq
- 9Y9OLo6CIbSZ31fBekpyR6gZewta18tmLrn4U1WVaoP+SY9cfMx3DHyThIPah/ek
- y+qt/ZN+ZIMIVy1M+YKrAgNitk7W27z6WKh0Ewb82K3GZOwHpfsieQfChbKNBBWo
- u+Kk8gh/NHwcUS0GsPx98XlZe/Cf8k3JajRbuQ1PZ0j0wYz7DwAMGsjIZtHHJGub
- DEPdowqw2cj9766sx+4orD1jhhlkVhoPWhIMbD3QAD3ckjy7t5L3MrSwxBHb0hWF
- Nv5cIUIJY77SGQw+gtjWfWHpXASq4UkFJTqmHCLoGK+eHnHKoM27ocgNHhynSV/S
- XAFvsambQ4r+lNCylsQQYjJBRnuoMRzx4Sb87nrmFq11WdRmqOko2oL++jQfZIes
- bkcopFv+pQB1Nw5LF2XQFHh3QpbygSyjEt9Gk/8l9SNURIw9905T2DU+9Ois
- =8So1
+ hQIMA8uqUsBLHj6XARAAmpdUg8/6iT+S5GHFGUdnI35UyEPOx7h6gjvvSWRDGbY/
+ 05CTwj1JBi02FLiiKO0hPus5HAWgMhL6Vi0K//y6soKFhV0lC26s1nJFG/AWrHa1
+ yQiuvcRTsj4fn1S9GruEaj2nn6579+aYCBRnM2SGEE8Us1oFkkuBXsEgzObHDsZ6
+ 2trnlFJV8m7Uu7QOLN4/ghCB0A//2TqoV9qHneAyPucL3pP+HBaoLtoc1DzgrZBL
+ S+SngFUBIjiM0sRyAngAORpQYJmsW95zKBBE9Q+CB+VRy6Yxnz1yAruwODQCEyY+
+ bq+yXhWDnyrAAvdgi6ju75eQ7nZvoZXh7hPfFKFjYHQVY2zSuMIkU37IPtL/R5z8
+ Y8xnI3hOlmQ48IcjXr6jwgK0hR756aJ//XVUesQ4VTlA/YnaifSquakZ3iwmOpR3
+ PmNceArxMqpN4FRxlBVDomEt2D9MOhzyxKd/Cs6sCO3uV3k3YFDsV5+oHt5phuuA
+ fBApR1Y80M+duGzujM2QCqTWx7Yi+I6LBcfv6P/ya4W3gdDjOZ0fkGqF6H9mcI20
+ rDOIMcu0pA9hA8H3FzG9xABsGQtKEFzhd4ylMSHLeFU3byUo9f19R3+0rL6eHZMW
+ 2kbIhn8dmAeBc2Uygkma1Ru2NiM2ZpHFm3q8YPkolOShE4X8g85pTN6GnhD3FHjS
+ XAGv1hzCc+R+PjGNvtEcb/fcejiQ/fV8ps6RO6GQHrNnRiu8bb22KX1OaiAMjffH
+ hwv/rMTWI0TIBJSxPTolEF4JleD24QvIrQBBhEBXkiSJrcyBaj7evXueV+PQ
+ =cL+E
-----END PGP MESSAGE-----
fp: F8634A1CFF7D61608503A70B24363525EA0E8A99
- - created_at: "2025-01-30T16:59:31Z"
+ - created_at: "2025-03-07T23:03:16Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQIMAzUXo8ZPJwGLARAAjYSSQojpC9LhJGIm/YbtUotpqqhMvZbmudhuNYFrLR3i
- eDwAmjcnMP1xDk8iK45Vln0tPTtrS4WZFtpRar3a2jsGcjrTfg9zMDGCDT3cGsCZ
- 2Dz1lU2tqa4r4LaaAzEU8Kg7K6jTR9tnFcsV3LYYUo/l6/xi1L9MYSq/BFGfPFTH
- ywhn4oU7c+bFwFwZpUv09Ybot6UeGn42h1AUS4w5yCHPXO3SD+KhXnQ4hgD1kvBH
- IN6WZq8TF8PC8H8cwgpkLMr9kZVnrE6y0Xq6q0D9U4co1K4dBZ8irCIanDzeS+0T
- azlNOleCEw+TXmlWIvNULzFVwf/smzh7KmYULeNF3loboy0T8lcxkPJ16un4+ahW
- YVTviGRyX2Tci8DIs+lZ6Ucwo9GHNtN0gsushsZ48jh14pt2Ct5BSP3ZauswJPU5
- q3EV0l+ZSLEaFws7jT8A86CX9NoKmwX+v7DBf9TiGZj478mZBAo7RotcZAG4oV87
- uq0oQUhRmhVq7ELUZK+0a6UoPKwa3RukXl9lOuOAui4IVhqREY9dR07L/NQxu/s/
- zM53IjKWe4WiGm2TWJAZh5zvfBwB/RfV6glw+XVt/XoySoYFZ91Pb7kvTr9w+nR6
- xcC9KxaBv91WRm46G+WWePnMQ2O953LmtF0eq3VTdXwK5zlIB3jC2aVpnLexXYXS
- XAGn4ml/bRr8q9TFUiirpjY9P0sd7nZZtFQVUHCqdr4W+fuumuxRCoekEjh14PeA
- rFCsW+GmZzH5S+aHiVxJuO8694KWO1QPBwr4EX1qooxTDzO+bUpyTSStg4Mm
- =zNA+
+ hQIMAzUXo8ZPJwGLARAAkDuS3LCJqk3fyqqE9orB++QWD1U+chUSQfe7RlBSp9O9
+ 84bV5+RgWjVKmJGnr+8iYnAqr4AJRUsPw8d/4v6VOrQwOO0cPefGRBDI69eEqj3D
+ sJcCGdXrhrNaRj5oVtuqWP6zracmpt9mc8zpvJA0cQL7Ldt0YZnK2ohVYNe+obcd
+ twD5L/aVrLjvBl0J1KOHOoaJZilmv9dpbrjJzT6cFI6SbmD87IXVC7ME+sTfAXdw
+ jPrnKWUQ/6ww738EiKf3/rwgn0rIVnV53djy+FHXD8Ki+69TMYFXz8pZOI43jj4y
+ M4BR3PqaoisE0rXd5IbmuPDBelIXalpl5MwHnvlOErpTCmybJ1FyHEhNDHesoss/
+ Kn41QTDeG07qBlbsgYOdA0K1+ZfGTctDllITjcJ21fBE4d3uMfUDo0EDSu5aZSCQ
+ Fz/YGPQQ2J8agv/HLpiruF8pGboG+d0SRfnka/ITlqRhG+x8xmyiMxybgPOfDV08
+ neRB4Jl83zVfbBAdx+JBdW3p0twRWrLCUpUCh/L2z2RH8wVd5mijFH7aM7c2sayy
+ IPmIJYwg7cztM+bTeuNqywDSiNp8Z9HUxQd8QJOiG+1b3NdDswcaLWEIKhvkCQOp
+ cZGaqPXr3ec10Xxkk1y4PR/xPPvOgDZvONcnYLjS2yhHhNLDSiyDDel5grUqWT7S
+ XAG4pnmOC09sTOTCq+VID6qREFTYLMpN2sLVD2tmlU6pICifeLfWaX84vgDqouew
+ av7HX2HXExY9YdhEDEj8VnJAmSzkOI82YNQGFACCCbfMTK0B4EtW7KvR8Njv
+ =n6ef
-----END PGP MESSAGE-----
fp: 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09
- - created_at: "2025-01-30T16:59:31Z"
+ - created_at: "2025-03-07T23:03:16Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQIMA30JDs8MiK29AQ/7B8fkSIuLnoYLnznZwUyyZnWJ4bmLRHpLQxKGzg8xBb+R
- 4RSA2NJNqJ0nMXfok57jyHhevv19Sst2yKhmMWdT4mRaPs4HfSf/WfQDEbTKR3sa
- Xd0mytFd9UFgTb0iLwGnb5qW5WhDJZ2b0lHQaZTwmvCzDjv7WpIzxPlmla9dZfqx
- vPBP6VRlr3Dc7nh/Aqbs7p3Q0kuIoEH/W8ne/hB8lxGTg9JpmTxp69hbSFuAZjTt
- NFioUfL0dzmTBb0bP47UTTvdZnbZyL9+bEvluiNL0Yfygw3ZRUVRWMtoq5fpkaJ9
- ygU/uXPiprWUcZDZPClIof5mnJlvQHoXg84RMfdeFjIZj6HultAJbxVYYr/XxyNh
- 5VGOE8o7+eFK/YYWi0p62CNoojON78ZG3egN98QNf+mZ8+F0JkyG7FB4KQG52Oav
- 94qvYn6pJVwQsDU9K6ADfd1TStiZGjFk4k+gBIq6w3uzdn/SFlCwge90Vp5528jX
- fFtmJg4BjPmffDMVigz5s/J1+4NoJJdxfdIHKWt59yt1myBGj8HTYDsDJxkrcSO+
- TzZZbQSvUZDBqZVdqTQs1R2D4Q/ig8u400v0KluJz2BV5h1mYt97yflaiQeceRRX
- WJ6lOQmQq1M4GIXOybeKLRX7wJ7V8AU3FmyDfRhtA8sn38qhnqXYHxQnyYuxIyrS
- XAFcNhhdEXGoTgHy8WmXVI0e2kU+/yjWrNKigZHGMuRBGgpd20CyfhPCH0NsB4dm
- Mj6JuLN34Vg9oNyzKYSGBk2MBXCwr/dOkZONN+KQJaR4sYLDARt+9TkJTPXN
- =acPX
+ hQIMA30JDs8MiK29AQ/+IihR4yGJDJnDXqtggP3mfUIFajsUgNSdk1NHJ23MtM2k
+ hdvre0HaHKnJQprHmYPw/cbI5Rwogi+5xGU2sRsiHqBLZk1WEqgWcOeBMV/t8nc9
+ p7M9LoKowaWpQ2S827+An6AemFa058Tj1pa4oXFzWC6jsl3RbB/IC0meyYJjl+Dk
+ gu556cVbpNRS0Z7wMmVJvBkErP6426hZBAHQcxaz3YZG9rqHZTCmd4PkzmuNVbU6
+ iRF5b7Ov+IMmVd4OmCrs4sw7KrHahIu0g2U8V0smQphvV8MDKc6sMIyscT9FFYki
+ 6qmqCPhtTivTG1lTTCm9W+CIr2240VxpuwLiS9/OKke63gpSa3NJX+V9mZ+jMy43
+ V1nUa3J45Sv1S3hvVpIsfqnd5xHCSB4w9X+YXJll0AEcMsI38gDQd4/stTAlYRIp
+ O2hygqMY8bjPdt9tS3AHmOMksNdD6vlO72N68ugALgcRYpq8chUhHiImKXKFI5yC
+ YFFBZhsM7r1N42ti1yDR5cBF1f0ZYIYCwUedJ6fLOZsG3nVWh/isho/b0vbnNK3P
+ JLBMW1w2fYpH8fIEDIYasaOF8Reg+yPh87tKA+M1THam8ek5B0pFs03HeYneXJs/
+ geyYOYD43kHmg4bM7SgjOMlwVALz0tYorNpj/p8ojO3cBfIp1lKuegZss2iHImXS
+ XAFpEl60dqYeehT51t4/bjg7e8L0tkQf8/CwVATvMi6PxrPjwlN419fn22F9ZF+u
+ fRg4nX3ZMBTZAE8xhkQ5MVn6alLTHQu26Yal8bhqpD+VJ3JC5CpdUya3VMNK
+ =oelB
-----END PGP MESSAGE-----
fp: BF37903AE6FD294C4C674EE24472A20091BFA792
- - created_at: "2025-01-30T16:59:31Z"
+ - created_at: "2025-03-07T23:03:16Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hF4DNffZWjBmO5ASAQdAxsxPOk9ZxisW5ResmyYS/CEL5dbBvqGeqRDCnht403Mw
- JLPggEsyb4JXQU/IEQKNuUHQkyoX1+1agn9TRtZ23YqqgtrDE5B/X21UVezSK86r
- 0lwByKvO6GBDcnWZ/z8aF3ELpFcoWjHS5ncev3Vw62FCKQj7TMuRPJPfjthstYC+
- 3maVwjfp0VaTKMF7lk7+Us/XbAnse7nFAjqqQqkrdFXgFrfEw+8arT8LEHTjpA==
- =EL+l
+ hF4DNffZWjBmO5ASAQdA07imap27d/V8R6oVOlXUxEYL8QJcTaSiBICEnBnfJnww
+ i69xnBOhGKwnWAgFipvXwFeyiQcmr+LnLbdXB5YGTblDzG46PCEH8JyeMakHpHAI
+ 0lwBHOOaak4roVNGoxmDedniFhdH0rmd8c9MtG00iT4Bc95fjM3eSFuTrESWPY9i
+ RUApyfYx9WJq5jZ+lFii3uOSQg/rMpVTIpjjXC3HyJTvfy+MnECBAI6+cAWsjQ==
+ =J26p
-----END PGP MESSAGE-----
fp: B1A16011B86BACB56ADB713DB712039D23133661
- - created_at: "2025-01-30T16:59:31Z"
+ - created_at: "2025-03-07T23:03:16Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQIMA1tId/HHLgxAAQ//bTyIxfNjxe65w5GM4Czgv07La7xT/ORscd1vhHc309Qc
- oBPj7Vb0dhfNcc2z44WDlnLPoU3gUTLkE3oj+X21pMmIQuJvwHLxOV07JayTGeVB
- s/880mFfMqSKnK9xnFkcXnu7aIiYOs4NxwwA+U5l009Mj96qjuX/3X47DRg3gWta
- YYHUX3eqlEXSTpi+iYGK44izDsynJiFLaCIeGVGm6XGsBmIpLQQc2++QozjYYLI2
- 714aAyVOghZA0m/Egc83Yp+EsJq2WBolgTaXp954OBz8D6pRDj986p+LrHCDEQy2
- U1htRnO5yLSk6nOwBtDiji4piCMki3VDlOZgMTyjJhLloQ5uou6q8uB53Zof8esk
- 42PQspqvvhI3DlmBIQnJCpk/mJEsOmq3bpTDsVKARIs+nnSpwJkb7K2Jq4cB0YkL
- EjZNDUUCliDPxExrEyNANB5fV18fqSGUuLYAwreaV1mctXBYSPO3RX4cByt+Xvhb
- cQ5ePevU25ZBTeXhvf8DjdlxONgl9vF14EyJgbcOA6lwYUZKVyP1OnzrcGprIUww
- lYFsyLbiNo1qLSRy1IJh2OCN10B0+XSLyF7HeUPH+2nsf3LksArJ2C3PvhDGVhpn
- 08Zyf/90JOXeK8cAilW5HYvhgegVA7JtpUomYBgZE3kWGt6zRIRHH7NeiOIMXQ3S
- XAFzrgrzDGUFUNd01Kl730ZvbxHvvkZcPf8jc6IL3vHvew3mMAwoZOXnlspwADA9
- gH90i9J9ud12EZ3H+kGtVsz9wVH3hGoT9J//laoImkeT+Cx4o6Vi4sqFvSmm
- =F/0J
- -----END PGP MESSAGE-----
- fp: FB44F0746DF25F0B24A2EAE586C8A257C3EC82AB
- - created_at: "2025-01-30T16:59:31Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4Da5T//DC6DJkSAQdAVIeAdew4oAcgVSZQppDTostppwh+tjE6IQMzOfDk5FAw
- v0Tka35Ol3RdQ8cJGjQohtkxpPMFCeq556FusOxzVWV7blwFlIR1UOd8QlRG7rw8
- 0lwBUg97NdpoVdVDZrJfnZHQ+GAsfyOZrU8DbyEU8rcf83ShNiY9WvyFKfZJPo/N
- 8ZA/Iqt8JLhRYCIPAtKWuc501ziHjTh3mdWjE++DP4b9/IO1NbM1mtpnjhKIUg==
- =aCH5
+ hF4Da5T//DC6DJkSAQdAkFwtDJxwbCFZ8EyxkK1R4v5Ntfy0QIzLpKk1CxXklnkw
+ GKQPVXU2qFH4UwH/58fKENIGTVHlDRXZa6gALeW6EBr3uQFoJ3d/APHpD4nprqOy
+ 0lwB45yH3YjdTG2YY4bI3eZKplK6R9mK/lzAVG7zV7nVs+glr6/1XpaeYJxiT1/K
+ p6aV8I+/FTg30d7Rfv2PpPaB31spmUxA3RDIbybzn2uygwOdKB0PQnnGLAOXBA==
+ =vuaK
-----END PGP MESSAGE-----
fp: FBBFAC260D9283D1EF2397DD3CA65E9DD6EB319D
unencrypted_suffix: _unencrypted
From b5d47bc5f729d0e5b173d9b43b998646c1f3298d Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Sat, 8 Mar 2025 00:08:27 +0100
Subject: [PATCH 21/46] secrets: cleanup and rotate
---
secrets/quitte.yaml | 13 ++++---------
1 file changed, 4 insertions(+), 9 deletions(-)
diff --git a/secrets/quitte.yaml b/secrets/quitte.yaml
index 2901992..f975849 100644
--- a/secrets/quitte.yaml
+++ b/secrets/quitte.yaml
@@ -12,7 +12,7 @@ forgejo:
sssd:
env: ENC[AES256_GCM,data:ng189+ulH79xCZKOn9N5kN3KqED9dWqLM8dErukJH3a3ivxhUjyy3Tpa+uSnJDh8tAyOesT1j71mlTgKQKb3phylVEdL,iv:i8NEGR+eQ42q5be4gJdNMf/9DCCcjr3gwkEW/+hrgxs=,tag:16EvtkTu+0M5bIlgxC2j9Q==,type:str]
dovecot_ldap_search: ENC[AES256_GCM,data:xip5KREy8oqH+58DOtw9QLcVdDlO5Nr0IHki8X0i9J1rrI/BreH2tVPC8aRTDHFPRgpBxiL6,iv:98PSXajEis7sSJ4+IkPuBC05y8w7/XRYQVFH1cripEU=,tag:LcId5rlzz3JjjZIHwoh+AA==,type:str]
-rspamd-password: ENC[AES256_GCM,data:UEJEPSQDGa4lewyqQ4fZH//li6KMfE9Jb/BzbLUM9o02qZuuAUDw17gTTTTPdl8WoBS02nN9r0s=,iv:2TFoMv0LAFTQDEf6ekjzS1Q1P+Z47V8kUnluQpTHWug=,tag:QOKDbVDZLmBymplJPHfrfQ==,type:str]
+rspamd-password: ENC[AES256_GCM,data:Dd6lTyDh3FFqOTeipY0o5uJz5/Mh6FsVahbI5M1njn5S690avzQ4+8YISrwkuA==,iv:OAuA+t2KzGDvURng2RWFAoMNfw+RNLtM1hLEniuzz9c=,tag:RBN41BmsrvgXKEOa8gCDfw==,type:str]
grafana:
oidc_secret: ENC[AES256_GCM,data:oH+VCL4e4wve6RyVwlTXPSmirbf+STD5FxUj9OjGDLs=,iv:PhVVCy5JyRa+fOrYAsnjDL+97zYASmKcBzB8t9ZVWIU=,tag:JzGO/FeKem4vd7ApvZ2Zcg==,type:str]
mediawiki:
@@ -21,15 +21,10 @@ mediawiki:
mautrix-telegram_env: ENC[AES256_GCM,data:FyMtJChtir8Ip8S7zlBSvKccjt+7Hl0StHzxmKO7VdwNNA650HHfni9o7akIY52+r86tvP3D/bqHaBZqkq61ZNICnFJuYIkROvt1035uej1cdjlHeCrZBttI2w3ZkkKT/RZq5BOLt52o/fnw5Jlt+3yr6Kzd5mvcz6a2e5V96kFjaib6mMdg/Y6axiXvOSeFOHCjs6Js+ab7MDe90KUM3aLtBezXx9YTeU7RiqEiZl21dxzPIwilj8bhEB0RRIb1,iv:1ojF2NyQfaZbKwlHQND7LEOLWT1SWCpGPQTm2+0Y+xo=,tag:RavBAv49Ldm4rH+2DDGstQ==,type:str]
postfix_ldap_aliases: ENC[AES256_GCM,data:beJTXpJYlAz4vyv2rAyuMtU2gkwf4JNnsFAG0oKLWuKQZnX/EyqyGTFK7hOs12qye26H9Ysl5vP12iDyVXU4cyYmBOMSOiIS4opPVs7yjp/FH0u6DXHExzd8qs5vwa+D+c9j05kLVZ85EGneDma4ITNBjo/JMjyXCHB0e8EZTFyfR8+fq+qvuyOUmLBfJSO5BK96u370DJ7EmIPLDiCUSO2MCD86yfFEq5J++ljeuKLxUtisqFWDPNeNq3YGjz0EHUgcqqDwzLwEEXyvn5FEI00nR0qBgSBTSWRDrndo5O2k3JMfZWW9UhXXS4kPwCYEkQSM240cwLNV/Rb9XceH2wxzL8PcfTNiy2vd,iv:lb9u3ryu1+G95OIizX17ft+fGK2CA2xt9DhYhtKda1c=,tag:CsS2Q32AgAyS5eZ7Z/Kf8g==,type:str]
vaultwarden_env: ENC[AES256_GCM,data:JFySiTHahlUFsM+FcuSJPnGYMijphrnZpFFdoNe7DYxWjIgPRWdfH9WC/a5GsK2xCJXllXAASHNxgkYRrdPw2KaCiUR/QhAjtUmyv2NsIBcMYStafDUEK9emddR+ACedScsgS0FtP8f3cz1enTBi+DkYgL8lMAoCw5p8vMRyE9mVOLpTUDOO7T4=,iv:992REuXzHAxxhy2BbeCGNhTZkn8eSi8N2RyBXqqy7U0=,tag:iP5AFQqzoR66AkTGfYAUZg==,type:str]
-strukturbot_env: ENC[AES256_GCM,data:klTFgdNvdMYA++GsmqEHdhklZ5JUreP2Lh+5E0mj5iH7F8Run6/gAdHBJpCWEe2Q3o6RdZduy+kCXzJWznkLbEASxgJNcAWdFq2CU4ov0Z6rGS6i/X376Yc6I7oYLfQSd58r8Q/rhFl2qXkCiSGJYNvo6vGh6+b/TdTABwAnvj/k81n2SsSpoMOu9/1Pyop7QNVMuAtXaE/sca1KPtU/Yg3DrKczxKzKppReafIs7ICI/760N/H0Wwh6rtw51mfQxxOW9UpPXmnEFI8b+07pVsgNoSbzPCMaAoxf6LFnTnqtFRNS0N7rX3DrP6GSv2A8Bwm5of0sLhIm3gAAQ2iXp2di+BOi7uRqFVtNZ18XGPil8FVEkeIFdmhjCJAOJRyuANl3JsaqRk4lT1qMglyjHtCodP5rvVe+pALzpihNPIQPy0Tes2GOM4Q6ww4UxZrgevNHz7CnEMSEPU8Hjb63UkZTZbj2HxF8,iv:a2NyivM34Z/V/ir+NzsXNm73sp6uASYDiqDOG2ix2JE=,tag:buP1Hcvt3dEW249BWNBKkw==,type:str]
-decisions_env: ENC[AES256_GCM,data:fUoBTkceqbabZcR3Rmf2iSUd45T/oQ+6K4ReznhyJ/P3yzlgW17eG615o5v42PmLerpkABXZuVIkQSpkJsnn/Z2cSnv7vNvkeZcRambDWnEtz39Gu0uZR1um4Nl9hfJrp+otj3tTdzoh06MADQegWSbFLhJm6Qa71Fqh+dbGPZ8rbQAGDs0T6I2BFF1khND0COAQPO+5/gtRigngLaFgAJ/EClaRcUVF2BE7N7Za8ZMMDH7NOYSOSG/TTHZCownFeWbh3d7H89wG5Qw4jgXMz6Wd3y9QzEjjmhSubRi0hbSTZ+t4yiSjeODAVQLYlZ4DCjZECl+yvUndugdr1L1b5EpgjeFJTAsWjZtnu64=,iv:vcToub6JCQ9END3cuqCA7h0KC9drG0VIK52EyV8xQHM=,tag:PhzRofrNi67RFNP444GWBw==,type:str]
kanboard_env: ENC[AES256_GCM,data:AQ3jU78hi8YGzfWXTo2wnS9Q9hucgtKBrB/xiIyrZl/j6QpQmr/HS6gEizgY7Du8ZhkRmRTZ8ks99EOpPUdN0LXhegZB0loCWEozkPCn+N0UZXqKDVAz2UsyQu04Eu4FPRqw9VMIS30qJarqZGjvAJmBWNd8znW9ggtg8bMxqwWuErdyMhCCbXeAsw4O8XasGR27e4SGRJNWR5QH7VX7GqOb0Q2AFr9BQhNyO9MgczmqwldqirqaIACIaSVvOOByh56M+rbWyiaAL2O7BqcHS0dtV+XG2uVpxb02b456iArRyKco41bVC1sSRfi2ewCNLma+yNgR7t1WYZeA8537gMX9LaU5ORnn+L0toM8j2yUnfW9RYA3dqp50Yt2UKH/jjLwW5wKLrOF1G2Pb5TAl12ghPLfTfJiuv1SLgahLK5lP/I/x3dJ/n3gm7/lqu2EPDnaPtPDotV0VWfBLwQoXAjSFvSZVfxwYIon/ErxsACtxgT1Ss4L88Ggc33ae1BFyURX7p7738eizsqUV8WWqa74Jt+uT32nU45B2DyyzFQWfy4mGsgBssuZzgFbzLyYDiXfcq500K16950cWPH9s5Sx1XooCcHeTJYyVHklCJ/0r3Iz2g1TtKktpr5XW7EEcCLKQ86UqpKwg9PwEHVnYgFKe8IuSeAAGzZczeUFvERrRJs8qZqPE1IaufozSr5bGBh4eRdv/kVDFyh7wJ62xStVb7IV+sXogA13m/emfxdy1RBWftHcsgZ03r4pdp7mHzNqRvYYscx4UzB237GNzG82PJ/zLk73XGRCv4iE11KWZs9oyoOI4RFFvGwNS8jV3wWh4I7Is3SWO0cy+41qeuL0oNeRVseVENZ5zqxC1sPIP+z16XiTlGWUefTYinFjKmjojF2+uSS6bGZteB70iynB28FUUEqU4Wa0RwGDOck21cw8PnIMpiP+LWdnaH6sKS+EMl9IXcraH31wNK76dcUy3dPqU257bp1e1OJ0Y/fO/1ZTT4Usm7CrXCon0gcDWFAB+c57c+omfYW3kZ4F99Y2ht5QZEvjK20rEXLQb5e1SqIC0ssjP+7vpc+SfNQ6jQ6B6Vye9cyaNkgzGoWZFwHME7cgehs+2FkCOVgPlJ8hDupSTc1BgFzT3JJtejsflbMeoa13nvTYWZopW5M6Ym81TQGv/awPimMh17sDx9r38bU+kiVs5Y6MVuSQZIRICOtg6cxh5Q+fDzTyirsrctVGdcI96WyW90IwBL2wYI7ntWdNwaAPoTu8OFw0kKW2+JsaNHeXQfGmWZfUtKWIJetnUn22SLAe86J71hFBveVlokehQ7Fcg0MFt2r9mlR0/eP1aWyrN54tyEv5uOekmKE00FN/8PpzgH7qasvRPuuXkotj1gazJYk7Tz0oO9OTM4M/yplrL8fLOwP75Uc5PGGVu3pHmwkfrjhh72V993Su0V3us4p+whv2ItZ/A4O0np9CSvFEJXOS4esCmsXLqr4BbBy2veoxnIiF3MEmEqbkMtgkslnVwM1RVNPCKESxFzu0oU5phyWn0a4JW46g5lx1tm/GWXlHQWa4=,iv:x3+PuXdpZ+SEuqHo7icQVyzGEI3IdEyYjjOFkKbzq2o=,tag:pWoe2PC/tEODmz7o6wcVPQ==,type:str]
course-management:
secret-key: ENC[AES256_GCM,data:zMoIj8gjNmLdSbQmFo8n1pDIKaUUMzPfVoKkPlqNtm4=,iv:AM5wwvAFXKVss4N2/lK6bKYHV/4Bv5EOz2MVTxAPF1w=,tag:ARzQUVVjz+HhUT+JAISHkA==,type:str]
adminpass: ENC[AES256_GCM,data:EariUHHtWirIXuRARj7lEneAOlKcjca9T+J0oH2xPv99w4ac1cRrvEVD,iv:cjC/+AnZdwWXkJOIAE36Hk/if4fqofVFf0H8WkHkRY8=,tag:M+s4hPzSp8eR76M/7TKXPg==,type:str]
-course-management-phil:
- secret-key: ENC[AES256_GCM,data:YxANlc3+BVkrDSRuaO1xtzJLnprK6vXpHD+o9dtTu4Q=,iv:FVnRAa7YEfHC7x4K4fkjIp4n4sCiI+OFwMIHu5KHRXQ=,tag:zneVoFMCK41ph1eRpWhdaQ==,type:str]
- adminpass: ENC[AES256_GCM,data:akLU2/5wBHgbhy83Agfe5SNFUpfgCB19DV3SMSj8wORgTgSEhlZnrWKt,iv:9BInYkjKIsi+nPaSoOEkcKcoK/9bxACYpaKcaEd5Fd0=,tag:UxBUMj1xIL6xlXQpGrjHVA==,type:str]
bacula:
password: ENC[AES256_GCM,data:MrmA++fEUNNJojl9xAHlaWjhMrpAWjqi2X+6x2dWd1NZU7gDpLR16hDwyj3cfTsK,iv:iVN0pOx4/VrlcUxeHtMuavM/Z0/iZSGE+oY3idCKjtU=,tag:QiWT1xT8ntcyAjOU5SQLGA==,type:str]
keypair: ENC[AES256_GCM,data:d+ogqLfdUGiUnyL8nhlVO3JQUX065hx0Om8mSX2zE701MLPhM7riCkpW3DiKcKgiPSMWBWrEqYtMJzr3rJmwqOEp52M+Oj/meR9o4lepJ9tfYoXOft8TIz7lslBS/YCnIV/3PO9B6fjBPxoSEU8cWoq0KExU3UM8NdsRK07SdgzO6cOkVdkGGpplDCAzKX31tgDDcryjbvgaxbIKIL89OepdAcep9gOOEeJx4w4ACiwE+BP4e5ZzCfxiObx+D9SdzUl5dmyg5eTER/DstCpociEis/FQK6dlAk2+njnrDJKl1cis3rlH09w2GSCmfej9f2Ecm2zPfgKQLv8Rj6Yo95aCRisqoseJJo8L/hqbfrMOKMGuiynEh6lP4PMHGSrfqTTS4et7OeDit2mw9O+n5qbfFclB9BxVURcbrB/K1PZwFHmbBm4K3rSo7mKLnRssTno3lWLgL2txTcNnWn3s2r1pbaU57g4SubU75rgoUJVALL/EA9OaOqSLyvns8XEXZUPMzxSy9tUladnr7bqB6EDbZ3r7QflCWBQ79ZrDKCxax4v6je8wCvo16xjfHpqjEi5+kH+B0OsuQ/HwvIcKWImN69c9Y6Zjhr12tkhH9wM5W1BVb8qyRaxiR9xIlHSOKWqeojubu7TsF9oSCwMv5xutlYa6mnJ0Da5V7yPeW4L6VXdYLEwAgGucDDqIvkIVnn7CT/cJ9tcQ1EDk8Wbdi1D/iM3X01TQX7aX4516yAwQQWcDXVHENRNm4AAO1uxYzVGWO7HhgqZzCmKcX1kD1pC69o+d2obZhiymNFJfAyvoAuUh+pD11eGGbKqmXtiVXC5PxxKUfq+zwnYpe9FWFXlOoNaY/xq6PxHr+Xq/5PnZYjTKa2jEEFX851LMW+JIomVlctWsHqVYknnHiJVC/huIuyUgDKZwCWOrsQlD9+gMK7uwVV/g5lTG6NRLLGsFq22wKmJbdyXBj/sRKtAepuS6JWBm7OLOqWFHP9ggFIw0EWtL2UcSLTajGKXXx6nu9uuloiVuHGGwkBEwJwXWvFlSHbErBr9KEWMCmPYwthQfX7EhawqaUmtJ14442G/9zF79PV96SV55IlicMHa7Mj0P7q/WMtwSAZuZcAb09XFEwayWHLvc4m8LxV08cKkft8H27EJDbc9cqspunu0rtlKsPpFXXi3Nj2S6ytLWLK8OON4ZTuBxrE1Od78nMLkuqJboxTE40bM5PAJbHWD1cLALf7LOMOkPuhnEl9R5pbJoM+U/+PsArufHb3qHbDdCS49ythxdzRqLU7teX/9DGeIDknmzuqZx4KIt/F5hlfFRflS2GpJnc8a4s/6nGNFKAiOail9uI0LWLxYz1pjXNoL3z9YflBUrp5rkiqbsXhihA3RYfaqiQQbvkFYcsYfVpHFkI8fkhMQ/lCJG2OORZAoafE4GI+w3m6uFN58V0OIqgyaMYna11CZWzsx8zAurHH7TcRvXSV2/sdk5gRk/EyWzrClGbajMluBbedIEPkOyAb+y0jtMSGMV73hFspqvgzNKueikcQ9azZ0pl/D4JuIFXGVlwfXPjJJ9Y/Cdk3N4JIpvEMeLs39YARFW6v+TdrvRL/AzUcUiWQsjhvyUYkE1k02nXLLdv9vkMWh7pIO0t9meMucxVCJBE7OgSf5f224m2Wnwwfp+yxsTktQBobydtzlnphzxo/wcxRJ+nGBfSA1wJj90qc0uSUrmNZ1KG3QNpwiLmYdFElKZZByByc8oD/p1VEZZAxVGKFmORLEWDU6bLz32NNiQr/zJLbTCdp9+oFbbTbQnUnvLY/L6B4UkNfRwI8peNGS6cnzm5lPMph4p6tFjju1yNpVfcrkpDTMBZMW2HvR1TJgaEpj4mR2+wYMIEXE1lj6lh6YmJdVdat8w3TX+ZXbrs4TxFYkJ99stb1b1nyVDAVDmVHWdtlxUDnwplCpv1joxoCkEhZSoNG38JaYvqsr+eESgDXF4g+coZlkrO9Bbur94KE6jS820BzdmgE7AZCoIkPHKMRTid5gYY7tvrE1oq0SZIloijLiMH4XyhoM4nYHsp2QpHl3pvglV3n6cXDN2ewVHcuQee06U3GbvPSC4Jvao2nF5LWG23ILJ0PwB7r0lfszLGy9wnprgldCp/w05Se5kIB66jDnQv+mz5rVDXoEGyDxGs+XPyzTpp7KmhxU4z3mmTRFFQSOSVf1ygzqYNLLU5Apx3UNKSbVNwdiA0TzH5LzlBY5eukoPjjyzMVqhLyrstqTpjSgWEcw3is2Y2OG1V/zDr5X6oRNGmjbvGAt0x+ApWLW7ycGPX6yUYNyjN/J3zO32rmOl3Q/Y3SzM7jnnRaw3qy3HFrVg+FLwsvhnyVWKePlzmOBFeufAPNBvqe2X659cM1N+3xQVbg41+DDK7OqerU2k7jm7AX2w1cZsLp1wLxMrXoGqTNGvwrzX7IjHoyNAggCjLwTzCC7IfkJi9SfYV4YTku3HFQa47hxpQbK7DkZyFE7BAeoIbxUohDgPjf8zGrZIsGZ+2E1dFSK7P8gmv3gxBMDLWFM5ZgIOcpj/3vMgdcKbObAWQQyY8UQqSkMDwbVRBF3nj6gFz1zoC7ZVTITyAxfG/TZeK8mpnNW/dVaCC5Sg3JXsOGj90L53BdSRkz8k8ONZIjRv14zNPI74uadiyo2P56Cc8hAptoQZlETzd41xajHYYn/E3eXBSy1eh2w2bLsqCmsqd1PwEWgaiPKAO+Np7/gWPRh5qaJ67mUeuRs2B+XfEEw/FiYk2/2zt0kMlbA0Nc8iMRzoPsOK7fKVQ+mxV188nOOtkuujPMLFliSiCkMoMhxgzntaEmRZx8f206EG3QgicJf9Pbtk8elCzO038uxki559zZkSx5TLVUHiClSI6+mHHfvjpLxfnGITrorFCOOuSvg+eiM2sxmXrHRAFT/SYzdzskjTmqWSrMMAMUY/N9KPE5fYylwPQETruV6+VuB1I0x0qxLdFE8HZEWj5+JvjrHl1Si2MGLNCbdLtotsWqju6G1djoY4KAWLohxiuwd9776kJk0iv/QzN6mt9eh2WWkvk7KiW7YyUnyfIjhcZi6ZAkmdMynEj7dGlJRy2jZMdafaz10PPJYMNsKnUs6iHTJ9lE+fOnEhEPXj6LxDTrBerXv3pI8XH6A4gSTjuEi1S6gz9Tp2O/jFnAMoZV9audf8CKraYuTcttaM32X2JDsFmZ4+RJAC6n1glsdL4cGMeDWIk1uxb+mRlpuTxDm62ObmA2GzGrrXz+Zd6EuNgy2A3hQpyoUUMZhiUUGQG058XuHh4+YtP201MhvkRK5DsHV1ugbooIazy1ESAGgo37Gu4RbTkJ37XPSXdwx1i4igQLJcM5oRP9TuuBWv/gRIcmU8amJMAINTZ2SbTd4FsOxTFRk1cukv9L6vveh7DGM42tz8yclmlKwkqv4PdVN8pkhUiCCeoyP4Ti8Ao/Ox1fk+4T0/mXWMywDi1tb9fZ+P+Zdv9xRpa6SwwOyVMdxWl5OHmNLZWwnSU9aeafk1LPX+jgQnGZedZB/0Iwiken4jg/sSf2ucT3wp5IKwBPl1qnqbFXWsnMytsS+DtVXkCk/RhyFv02ucbn95oEIudDp4fZH108mFsMHPxBahJWqCmSwWS9yq3dM0Smce8MUxXbgLGM1vM2nIxFG84HU7RJEqnc4zQQMMuMNV0ehm+ffLiBuvxN0RzssNWhDRk9iMIrXX2taFofUdW5vqoLvSbyvovmbFN6sAwYh1q1IW8OKn1yQtLFm00+C6bjbrhTK7xLPQZ50lOs2QbbFtGRAj6Es9H+waHoUXExwA+KtTyOCJuBlox77VfJ6MEalQi/rmOPx0tkP1/zUHsZbF3RzlewuarHnHiXsTrMbl39vl3j7hN1weNsCfqIBD5gDWVwkWZhrphiT3YYU6JgOYF8/vzbN81f/CddYybW+A8vGUm+zTTyDqXMJRlH2T2oZUduaEeowTukduPmz0pvSeiRZbWjEvxAfO93QA9dEssR6kS4ZwxW+q5N3ECr7wbo3ttHDJqSrEg9jOuQTLFxsRvNWzFufR+H1/p324/RJEj6RLvlwWT0UcSZHVdyFRJlXMLp3rIeIVJIr/eAVNwqAMRs5Zw9J2nE2d5hgZvWLEPZnNrIbnAi5XDa2ia3s6Lkqrgdn6PvITyWVFk9ecxou/2SzWjKVQYTe9XZsocI4aME7wVHz3Z1/jnAOaV/xAxFkfs6YBe/GoyDctUNh9FQsrfmnn9vSpv88GKe5pzUgx1rOP8ujbN92E/VTqpUOYPBS+p8ARiO3VogXufZ+lro69g9YDHs9xQDqUtWOdKd3fb6oLdCdArFZa8/ke5aUyYFxORTbxUgCqgSbk7LhtvfCMustqpLLN3dU1nVIv0H6Xp01KqArJKwtOFnAt3xJ0Ir/XT/0XVd8fjZAkXc/Wb1Tj4UeS0Ae0aC5Xq7BKdxWy8PB/7NEHC+tzxuYbgcIATWkARnWDgwtnIaByItH/eJjO/1K1xozd+Hh/+7IfhLoJG5gru556s6O2mlQOYEHixGBmOaAkPCayfYxjI4hQv9xIVPg2RV/zDl1nK0ewohizPgEaaz5N3zUkvbPp7USufj9+xVhdSFqSqjms70qYoUYixaSN+CJRsb95UQjg7/aKLIE6XqPDEGZxAFEU/P1AJaWBF2NGMV9NCdTfZCrWqoNVvM7Vnt+qpiEcmUqtSqZjCdSNSl/C5MUm2Lp+5VNfJMv4tiZmOLh6iJ//ii6+cha5+r8em2RpIte9R0bZZXX0TshUVpHOxnuVcswrb8b37ijIxfn5ssRgU9yJptT1PZD/P/65UEVTVvgi9bv314wBRJtZDJJR1sYEEf+GGOIIprIpiOrwOE5ede/liUMJa/vwAwWEiIsAWvU8S4EEpVIbgoZOGQHKQpA1grcpgGj+p81UZY/GWkFvLK4D256a/5spUmr6fvpEStRDARmi2BGLuPviUiyNvXFYzOMqGfx8VxlpX9vQcvwTWAMwtgk4SS7S9Q711BLcCMpF230SZbiz+OD7eyfKOfa+JlxY6orPY1Xt46zmC8FyVV8Kq5cnlAMNGBmmdC9FS05LSO0ZWkna8eBM+ul4licjWFv10qq8nG3t8ghwsTTiFQ2Bpz9+3k74TKbcOcH1+qSknsN7gCA+XijCq5DraTrIJCCibvQGeNnf+CwGVadtCJKV+qUhB84clWwVKHd72pdrAw4IjdJQafocPd5PwQf27ZmdnmGFIOG7IRQCMNWu2c//wulypupM5e2ZnRrUTxr+Kg5p8Bm9qivVrUuJIFeK8lzN8E/YoCR1OGQ+cKOZRxfe8sEpwxtGJmi4htQINZ8KEtjZ9OkrqtetrWpUnSZ3nrirkvOOY9cDvZL9I4u4v4eYGKlD3ewbHwmoGKK/UPq5F5Mc9Wms71aGdk5Pqtrnunlw6eeeleHC7XScaUdt66fllfNg0uort6qE5Ern1x04v88l76dAHLAGH3ycHQUNuNo/keddkUcGA/mOiuNUlPg+loDezqo2BxIrsGD5lcFBcy7Fvq6KfcvWbMQiHWwOSgNk6W26M2FB55MtyP5HOsP8+2t/s5eHy0LW/eotsCNOSAvin6LVp+bUt4vub5JqGw5/zJ7imSERo8TbnkNBG5VJMN4yqVIMqdZ2xsRbiYNdKgj5QSUJ5rj1fw5JK/OBIecjMr4scSOXxNQKkMyb/7du3kjEa2l/slsqkLssqqXxQEkaaVvcqF9I9cj2Pf+/D7H8BwxrMjpDkbu2cB4Bde/bAgznJSW4IZebPbOd6QBR6TbNrf/iZva3a8zBNZ7nlVchqcexJtSS5M8NEPEvYSNMfhCXBgpqz8MRUvfGtO8BjVqC9zV6L2t1wInUsdr7UbImUfZpudyX3p9Nfe6bUI7m39pljg5mbhEtfhzgfwdkM/X1rd+ofQa15pg3HW38fwicIWpTk0iKuw0HIxlbz2PZfWjn4r/l9xlHoDfsC1kxkyaAKRJTh5R0MLYmpBHKT3ERE+gXmN4h+S74B0M9OeLu1lcAy57541ZOkfCTOWAIofYPhnVmnmYL3hE17mzFPkOr0u4ZVcdo9ZqGowowVVV5X8nQKJfrS+eWfwpq7m+MLszHvDy91DQaGmUfbgKynq8yceRLXfhqAEEtgLR3QUOXpJVXb/AVIf1M6kSMx3pMLMNZPQfgEYwi4/uZ+i9bb1OyrIjMs2cBv6w2K0NyRe6X2erVnRKdlhhYHM4Farj9Xz4dWoVujU1NofUexu5R3mryQBg4IW/ShDJ9DckMaFATI7/cMEy7ZCJyEsNTDVd7urGUG50+eU6NlyHylUNCU0t/B4DDK18ZAazsBHuWgrRCR14OMztaWsku6NankTU0CK1EXeo6zxLwg7OMV2UrRWXHSkDvdehF5Y3TyhtIIKW/49411lVFuxqITy9IlrwtwD0MAE6dr+URd9Tsmw18kHPUBVUaxnG74Bg97pIKLOkEgBez1Yr34wIvntgkxqu+9ZAaVJhLsx5eoZVpQoMIjN0VLnBTI1oFfK7ckFzRaiK//37eFvGIPKUOqgavZ/+SlCJmjrXx3kwZUMo4lzsu1TyLdGYDd2yKjLH1fyFvDAqABdRgDNjLuIqJFEITjfYXi0fMO5DLHvNyHcKBMDNY7j7ODkwRGVrVViC9j65GxC4wPZ/fWqEQ6MsOrsn3mLW602edd0bgrwuv6xOPcwCajRCkKNkXCkX+T/RZ+h7wneDZum7OJzUIWcb+R5kQvXcu+lJKnA7o1QRkPGb3wbfwiuZhIV0SNshtDRndcFVghcX+/CGD8nZzccts8MQ3/ximHecVvP2fs7p0QBuqhCsoUATwsZOlCZs0BhdRxQZQrEYf1BwNoYEuh0Us0EkjnhRmbI9NiPyI64e2qT7UYpCQW5JsUAI6av8+vAa/qlWf/V17epb/UAWh4EhwuFIdns6jCRqoaif8papTjtZrzBZVNNz+0FJsacAW6v03CQ+D3tWF7dH3VW8w2AZU1f5JKyzeHih6ytlv4iHos4fumoPSjE5Of2E9flKg/+ADQGSAS2JNPD11yZGdM+YO1+fW5iszD20NfPUBfpQt/ohwxNzdIgX/PZsfwf27Oam0qP9OBueLT8cKakY2ilSnzTLYzGqxJWhg6MJxA+pzqow4,iv:pxhCdbDA0jZLRFLg/2cXy9j18nvWOgIHMHrgkAfYSbo=,tag:4Z73qrehEkiLca2HO1MhKA==,type:str]
@@ -60,8 +55,8 @@ sops:
MWM0M3FvbjUzL3p3ZU1zUG94ckV3ZTAKUOAkZ8nlvT36cyPy5USyDzoIG569N818
tMM5aQsEQ9vTOaUoK4gtBEXBva7VerMprdcTRYLcSJ/9L1vXdlVT/g==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2024-10-13T20:49:09Z"
- mac: ENC[AES256_GCM,data:xU5qqNX9M4ouWfimodb27Xvvi1F7wDJ946fJcP1ADi181/FLQ+kbKPm8QgPw9bDEJfBG4KculfplErNqzGZIqiL+0EDZVeHktRFq+1ojtRBXkpyWDalqV1nOlWGZ0ov/BjW3z0TA23Wb2K5JFjnR7MBRIPPs/CRFB7ke7khD9Og=,iv:fYe82vVtQn/BATRRWDvPmZ9PCKx5f3Xk4uYHP9woY/s=,tag:ktvyedUk0wOJ0tDvmBS64A==,type:str]
+ lastmodified: "2025-03-07T23:08:25Z"
+ mac: ENC[AES256_GCM,data:Pe0ACk6wVrMMoB7moMt+A8RPaiy8RZdH0gINpphQr1XGzfYOD6tMoS/YK/6JfTKagWzMpkOVnbpSpKVzdeBu1nzMM5DrOyeP5WBnkuBtBHjXBlis7khCKGEOxATEoM6lev31vjKDGFFP4HpwOrIAj6UaQ2RGSY/3FJ/SHk83eYY=,iv:6/sJcpY4XoEHHBV/W9BZAva/2gZiL4T/+6O55thuX1M=,tag:lpvyC44VIUMk3/KZZO+tmA==,type:str]
pgp:
- created_at: "2025-03-07T23:03:16Z"
enc: |-
@@ -177,4 +172,4 @@ sops:
-----END PGP MESSAGE-----
fp: FBBFAC260D9283D1EF2397DD3CA65E9DD6EB319D
unencrypted_suffix: _unencrypted
- version: 3.9.1
+ version: 3.9.4
From d02337cb130b53d4dffa8d592629e49288e604de Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Sun, 16 Mar 2025 01:20:58 +0100
Subject: [PATCH 22/46] updates 2025-03-16
---
flake.lock | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/flake.lock b/flake.lock
index 1e9bb2a..a538d17 100644
--- a/flake.lock
+++ b/flake.lock
@@ -101,11 +101,11 @@
]
},
"locked": {
- "lastModified": 1740579405,
- "narHash": "sha256-ehH2pSzasFZL9tyS0JULxn+ZBmAkCkH3RIl8zNE3cNY=",
+ "lastModified": 1741421991,
+ "narHash": "sha256-3zjj1ahW+MTXYyonO2xcYeg2p21+KcEHtzCI/Bvj9do=",
"owner": "fsr",
"repo": "kpp",
- "rev": "24ad3618e814113a7260da3ff21a8d5c83a2b111",
+ "rev": "0bd5b34145b398a597b17764d18360e4db8033f1",
"type": "github"
},
"original": {
@@ -143,11 +143,11 @@
]
},
"locked": {
- "lastModified": 1738466368,
- "narHash": "sha256-PZhUjtvQZOH3PO0EYdTpQvcqkgkq1NkP2A6w9SPHYsk=",
+ "lastModified": 1741619381,
+ "narHash": "sha256-koZtlJRqi0/MD/AKd0KrXLA2NuBOVzlIyAJprjzpxZE=",
"owner": "nix-community",
"repo": "nix-index-database",
- "rev": "46a8f5fc9552b776bfc5c5c96ea3bede33f68f52",
+ "rev": "66537fb185462ba9b07f4e6f2d54894a1b2d04ab",
"type": "github"
},
"original": {
@@ -174,11 +174,11 @@
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1738574474,
- "narHash": "sha256-rvyfF49e/k6vkrRTV4ILrWd92W+nmBDfRYZgctOyolQ=",
+ "lastModified": 1741862977,
+ "narHash": "sha256-prZ0M8vE/ghRGGZcflvxCu40ObKaB+ikn74/xQoNrGQ=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "fecfeb86328381268e29e998ddd3ebc70bbd7f7c",
+ "rev": "cdd2ef009676ac92b715ff26630164bb88fec4e0",
"type": "github"
},
"original": {
@@ -288,11 +288,11 @@
]
},
"locked": {
- "lastModified": 1738291974,
- "narHash": "sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320=",
+ "lastModified": 1741861888,
+ "narHash": "sha256-ynOgXAyToeE1UdLNfrUn/hL7MN0OpIS2BtNdLjpjPf0=",
"owner": "Mic92",
"repo": "sops-nix",
- "rev": "4c1251904d8a08c86ac6bc0d72cc09975e89aef7",
+ "rev": "d016ce0365b87d848a57c12ffcfdc71da7a2b55f",
"type": "github"
},
"original": {
From faceec13aecb1a74c1d8f548ac6693a9737605e3 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Sun, 16 Mar 2025 01:28:07 +0100
Subject: [PATCH 23/46] overlays: remove rspamd patch
---
overlays/default.nix | 10 ----------
1 file changed, 10 deletions(-)
diff --git a/overlays/default.nix b/overlays/default.nix
index db5f720..3d7b533 100644
--- a/overlays/default.nix
+++ b/overlays/default.nix
@@ -41,14 +41,4 @@ in
./hedgedoc/0001-anonymous-uploads.patch
];
});
- # patch to remove the nixspam blocklist. Remove after next rspamd release
- rspamd = prev.rspamd.overrideAttrs ({ patches ? [ ], ... }: {
- patches = patches ++ [
- (fetchpatch {
- url = "https://patch-diff.githubusercontent.com/raw/rspamd/rspamd/pull/5300.diff";
- hash = "sha256-7zY+l5ADLWgPTTBNG/GxX23uX2OwQ33hyzSuokTLgqc=";
- })
- ];
- });
-
}
From 3a218b625f346bf7b6a995970ed635fcffd5351e Mon Sep 17 00:00:00 2001
From: Frieder Hannenheim <friederhannenheim@riseup.net>
Date: Mon, 17 Mar 2025 17:27:29 +0100
Subject: [PATCH 24/46] update notenrechner
---
flake.lock | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/flake.lock b/flake.lock
index a538d17..756bf1b 100644
--- a/flake.lock
+++ b/flake.lock
@@ -210,11 +210,11 @@
"utils": "utils"
},
"locked": {
- "lastModified": 1738260727,
- "narHash": "sha256-dqwlhg3L5SPoHSWbdI10EL0Vs/7BGW76h+q05laKyTA=",
+ "lastModified": 1742228793,
+ "narHash": "sha256-USud87Uu/ZI6R+4vM0hxLdkOUr6nsJCnAEeIrtSRkCU=",
"ref": "refs/heads/main",
- "rev": "72c70b74f9216a3cb2913df91c8edf8516de1800",
- "revCount": 9,
+ "rev": "c100e3dba23a089fbdf403d2ba31cf87614ee035",
+ "revCount": 10,
"type": "git",
"url": "https://git.ifsr.de/frieder.hannenheim/notenrechner.git"
},
From 0ef987fd94e8e5a19afa5c01bd65b056025a9a20 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Tue, 18 Mar 2025 16:36:37 +0100
Subject: [PATCH 25/46] wiki: add MobileFrontend und Minerva
---
modules/wiki/fsr.nix | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/modules/wiki/fsr.nix b/modules/wiki/fsr.nix
index 285fc0f..ac16e41 100644
--- a/modules/wiki/fsr.nix
+++ b/modules/wiki/fsr.nix
@@ -38,6 +38,7 @@ in
};
extraConfig = ''
+ wfLoadSkin( 'MinervaNeue' );
$wgSitename = "FSR Wiki";
$wgArticlePath = '/$1';
@@ -57,6 +58,7 @@ in
$wgUseAjax = true;
$wgEnableMWSuggest = true;
$wgDefaultSkin = 'timeless';
+ $wgDefaultMobileSkin = 'minerva';
//TODO what about $wgUpgradeKey ?
@@ -75,13 +77,15 @@ in
],
];
'';
-
extensions = {
# some extensions are included and can enabled by passing null
VisualEditor = null;
# the dir in the mediawiki-1.42.3.tar.gz inside of the extension folder is called "SyntaxHighlight_GeSHi" not "SyntaxHighlight"
SyntaxHighlight_GeSHi = null;
-
+ MobileFrontend = pkgs.fetchzip {
+ url = "https://extdist.wmflabs.org/dist/extensions/MobileFrontend-REL1_43-3b4cac8.tar.gz";
+ hash = "sha256-aJOArZl+oO/ADjxIhlFVGS8hGmpSp6nsgC7XkKEk1Ks=";
+ };
PluggableAuth = pkgs.fetchzip {
url = "https://extdist.wmflabs.org/dist/extensions/PluggableAuth-REL1_42-1da98f4.tar.gz";
hash = "sha256-5uBUy7lrr86ApASYPWgF6Wa09mxxP0o+lXLt1gVswlA=";
From 27a6253d9b10a993ab9188627a19bc1292700874 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Fri, 21 Mar 2025 14:49:52 +0100
Subject: [PATCH 26/46] hack around mediawiki not being able to process
symlinks
---
modules/core/base.nix | 1 +
modules/wiki/ese.nix | 3 +++
2 files changed, 4 insertions(+)
diff --git a/modules/core/base.nix b/modules/core/base.nix
index efd0868..906aa65 100755
--- a/modules/core/base.nix
+++ b/modules/core/base.nix
@@ -114,6 +114,7 @@
zsh
unzip
yazi
+ imagemagick
];
}
diff --git a/modules/wiki/ese.nix b/modules/wiki/ese.nix
index 7546517..4125198 100644
--- a/modules/wiki/ese.nix
+++ b/modules/wiki/ese.nix
@@ -6,6 +6,9 @@ let
in
{
+ system.activationScripts.hacky-mediawiki-convert = ''
+ cp ${pkgs.imagemagick}/bin/convert /srv/web/wiki.ese/convert
+ '';
users.users.${user} = {
group = group;
isSystemUser = true;
From 75648c3249ada911a913a57d0b803b4e3a0c5fa3 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Fri, 21 Mar 2025 14:50:30 +0100
Subject: [PATCH 27/46] mysqlbackup: remove decisions
---
modules/core/mysql.nix | 1 -
1 file changed, 1 deletion(-)
diff --git a/modules/core/mysql.nix b/modules/core/mysql.nix
index 8d6e673..f35b278 100644
--- a/modules/core/mysql.nix
+++ b/modules/core/mysql.nix
@@ -10,7 +10,6 @@
user = "mysql";
location = "/var/lib/backup/mysql";
databases = [
- "decisions"
"fsrewsp"
"nightline"
"wiki_ese"
From f813d2c331cdb3d508fdd850f57a374ee76ce10a Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Fri, 21 Mar 2025 16:27:18 +0100
Subject: [PATCH 28/46] updates 2025-03-21
---
flake.lock | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/flake.lock b/flake.lock
index 756bf1b..05f4173 100644
--- a/flake.lock
+++ b/flake.lock
@@ -143,11 +143,11 @@
]
},
"locked": {
- "lastModified": 1741619381,
- "narHash": "sha256-koZtlJRqi0/MD/AKd0KrXLA2NuBOVzlIyAJprjzpxZE=",
+ "lastModified": 1742174123,
+ "narHash": "sha256-pDNzMoR6m1ZSJToZQ6XDTLVSdzIzmFl1b8Pc3f7iV6Y=",
"owner": "nix-community",
"repo": "nix-index-database",
- "rev": "66537fb185462ba9b07f4e6f2d54894a1b2d04ab",
+ "rev": "2cfb4e1ca32f59dd2811d7a6dd5d4d1225f0955c",
"type": "github"
},
"original": {
@@ -174,11 +174,11 @@
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1741862977,
- "narHash": "sha256-prZ0M8vE/ghRGGZcflvxCu40ObKaB+ikn74/xQoNrGQ=",
+ "lastModified": 1742512142,
+ "narHash": "sha256-8XfURTDxOm6+33swQJu/hx6xw1Tznl8vJJN5HwVqckg=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "cdd2ef009676ac92b715ff26630164bb88fec4e0",
+ "rev": "7105ae3957700a9646cc4b766f5815b23ed0c682",
"type": "github"
},
"original": {
@@ -288,11 +288,11 @@
]
},
"locked": {
- "lastModified": 1741861888,
- "narHash": "sha256-ynOgXAyToeE1UdLNfrUn/hL7MN0OpIS2BtNdLjpjPf0=",
+ "lastModified": 1742406979,
+ "narHash": "sha256-r0aq70/3bmfjTP+JZs4+XV5SgmCtk1BLU4CQPWGtA7o=",
"owner": "Mic92",
"repo": "sops-nix",
- "rev": "d016ce0365b87d848a57c12ffcfdc71da7a2b55f",
+ "rev": "1770be8ad89e41f1ed5a60ce628dd10877cb3609",
"type": "github"
},
"original": {
From d9ec2d1ccfe80edf0895a042440270a16e04b115 Mon Sep 17 00:00:00 2001
From: Frieder Hannenheim <friederhannenheim@riseup.net>
Date: Sun, 23 Mar 2025 10:12:09 +0100
Subject: [PATCH 29/46] add Master ese redirect for ifsr.de
---
modules/web/ifsrde.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/modules/web/ifsrde.nix b/modules/web/ifsrde.nix
index 694abc7..84c4ad1 100644
--- a/modules/web/ifsrde.nix
+++ b/modules/web/ifsrde.nix
@@ -60,6 +60,7 @@ in
"~ ^/cmd(/?[^\\n|\\r]*)$".return = "301 https://pad.ifsr.de$1";
"/bbb".return = "301 https://bbb.tu-dresden.de/b/fsr-58o-tmf-yy6";
"/kpp".return = "301 https://kpp.ifsr.de";
+ "/mese".return = "301 https://ifsr.de/news/mese-and-welcome-back";
"/sso".return = "301 https://sso.ifsr.de/realms/internal/account";
# security
"~* /(\.git|cache|bin|logs|backup|tests)/.*$".return = "403";
From a654d8829cd0d500d06453fe138570494a0befc6 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Wed, 26 Mar 2025 19:30:44 +0100
Subject: [PATCH 30/46] ftp: fix encoding
---
modules/web/ftp.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/modules/web/ftp.nix b/modules/web/ftp.nix
index ea01a4d..7529169 100644
--- a/modules/web/ftp.nix
+++ b/modules/web/ftp.nix
@@ -11,6 +11,7 @@ in
fancyindex_exact_size off;
error_page 403 /403.html;
fancyindex_localtime on;
+ charset utf-8;
'';
locations."~/(klausuren|uebungen|skripte|abschlussarbeiten)".extraConfig = ''
allow 141.30.0.0/16;
From 3534f2a97677a8d6b848e90acf4565216c7a0580 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Thu, 3 Apr 2025 11:08:19 +0200
Subject: [PATCH 31/46] updates 2025-04-03
---
flake.lock | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/flake.lock b/flake.lock
index 05f4173..13ba0be 100644
--- a/flake.lock
+++ b/flake.lock
@@ -143,11 +143,11 @@
]
},
"locked": {
- "lastModified": 1742174123,
- "narHash": "sha256-pDNzMoR6m1ZSJToZQ6XDTLVSdzIzmFl1b8Pc3f7iV6Y=",
+ "lastModified": 1743306489,
+ "narHash": "sha256-LROaIjSLo347cwcHRfSpqzEOa2FoLSeJwU4dOrGm55E=",
"owner": "nix-community",
"repo": "nix-index-database",
- "rev": "2cfb4e1ca32f59dd2811d7a6dd5d4d1225f0955c",
+ "rev": "b3696bfb6c24aa61428839a99e8b40c53ac3a82d",
"type": "github"
},
"original": {
@@ -174,11 +174,11 @@
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1742512142,
- "narHash": "sha256-8XfURTDxOm6+33swQJu/hx6xw1Tznl8vJJN5HwVqckg=",
+ "lastModified": 1743576891,
+ "narHash": "sha256-vXiKURtntURybE6FMNFAVpRPr8+e8KoLPrYs9TGuAKc=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "7105ae3957700a9646cc4b766f5815b23ed0c682",
+ "rev": "44a69ed688786e98a101f02b712c313f1ade37ab",
"type": "github"
},
"original": {
@@ -288,11 +288,11 @@
]
},
"locked": {
- "lastModified": 1742406979,
- "narHash": "sha256-r0aq70/3bmfjTP+JZs4+XV5SgmCtk1BLU4CQPWGtA7o=",
+ "lastModified": 1743604509,
+ "narHash": "sha256-Hf5aYGP3hP+uNbcd4NrEMUAR+1o518uGzoeVyMzzJwo=",
"owner": "Mic92",
"repo": "sops-nix",
- "rev": "1770be8ad89e41f1ed5a60ce628dd10877cb3609",
+ "rev": "4521de68fba1a36fae8caebce3d6e047179661f7",
"type": "github"
},
"original": {
From 98ab04d0c5a8783f3e32513f0319d5ab1afe6e87 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Mon, 7 Apr 2025 13:23:05 +0200
Subject: [PATCH 32/46] update kpp
---
flake.lock | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/flake.lock b/flake.lock
index 13ba0be..59fc422 100644
--- a/flake.lock
+++ b/flake.lock
@@ -101,11 +101,11 @@
]
},
"locked": {
- "lastModified": 1741421991,
- "narHash": "sha256-3zjj1ahW+MTXYyonO2xcYeg2p21+KcEHtzCI/Bvj9do=",
+ "lastModified": 1744024964,
+ "narHash": "sha256-zmYWGZ7/tRSCy/PzghdguMpAdauWiYr6AJnbYCVHBFE=",
"owner": "fsr",
"repo": "kpp",
- "rev": "0bd5b34145b398a597b17764d18360e4db8033f1",
+ "rev": "03e9650edb8d1e9ff424c2c2799736fbae56314b",
"type": "github"
},
"original": {
From 0e373b50f882c5884ebdfc5603ad63ff6da1b064 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Tue, 15 Apr 2025 14:59:20 +0200
Subject: [PATCH 33/46] authentik: init
---
flake.nix | 4 ++++
modules/authentik/default.nix | 20 ++++++++++++++++++++
secrets/quitte.yaml | 12 +++++-------
3 files changed, 29 insertions(+), 7 deletions(-)
create mode 100644 modules/authentik/default.nix
diff --git a/flake.nix b/flake.nix
index 97f0588..12d466d 100755
--- a/flake.nix
+++ b/flake.nix
@@ -16,6 +16,10 @@
vscode-server.url = "github:nix-community/nixos-vscode-server";
notenrechner.url = "git+https://git.ifsr.de/frieder.hannenheim/notenrechner.git";
notenrechner.inputs.nixpkgs.follows = "nixpkgs";
+ authentik = {
+ url = "github:nix-community/authentik-nix";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
course-management = {
diff --git a/modules/authentik/default.nix b/modules/authentik/default.nix
new file mode 100644
index 0000000..4267f28
--- /dev/null
+++ b/modules/authentik/default.nix
@@ -0,0 +1,20 @@
+{ config, ... }:
+let
+ domain = "idm.${config.networking.domain}";
+in
+{
+ age.secrets.authentik-core = {
+ file = ../../../../secrets/nuc/authentik/core.age;
+ };
+ sops.secrets."authentik/env" = { };
+ services.authentik = {
+ enable = true;
+ nginx = {
+ enable = true;
+ host = domain;
+ enableACME = true;
+ };
+ environmentFile = config.sops.secrets."authentik/env".path;
+ };
+
+}
diff --git a/secrets/quitte.yaml b/secrets/quitte.yaml
index f975849..108a8ea 100644
--- a/secrets/quitte.yaml
+++ b/secrets/quitte.yaml
@@ -13,6 +13,8 @@ sssd:
env: ENC[AES256_GCM,data:ng189+ulH79xCZKOn9N5kN3KqED9dWqLM8dErukJH3a3ivxhUjyy3Tpa+uSnJDh8tAyOesT1j71mlTgKQKb3phylVEdL,iv:i8NEGR+eQ42q5be4gJdNMf/9DCCcjr3gwkEW/+hrgxs=,tag:16EvtkTu+0M5bIlgxC2j9Q==,type:str]
dovecot_ldap_search: ENC[AES256_GCM,data:xip5KREy8oqH+58DOtw9QLcVdDlO5Nr0IHki8X0i9J1rrI/BreH2tVPC8aRTDHFPRgpBxiL6,iv:98PSXajEis7sSJ4+IkPuBC05y8w7/XRYQVFH1cripEU=,tag:LcId5rlzz3JjjZIHwoh+AA==,type:str]
rspamd-password: ENC[AES256_GCM,data:Dd6lTyDh3FFqOTeipY0o5uJz5/Mh6FsVahbI5M1njn5S690avzQ4+8YISrwkuA==,iv:OAuA+t2KzGDvURng2RWFAoMNfw+RNLtM1hLEniuzz9c=,tag:RBN41BmsrvgXKEOa8gCDfw==,type:str]
+authentik:
+ env: ENC[AES256_GCM,data:7Mcqe2/ny5oghO8kfV1b5LksxxmNGTn6u0LCDH1Q8kwkidOD6MXyMbyzN9LRU4ovDXwXy+ztwnNHBZPvGSGMKUMczIn5hhiA5ri93kk9G8Wy4rGjjt+0Z+JKsZV33rlrYgIr6eGy6Ps=,iv:gkzjx9yQQj31g5fBdAVKzAslpTUjPp1yWnOWQyotYy4=,tag:uOSU653xBYUai6DOF1ddYA==,type:str]
grafana:
oidc_secret: ENC[AES256_GCM,data:oH+VCL4e4wve6RyVwlTXPSmirbf+STD5FxUj9OjGDLs=,iv:PhVVCy5JyRa+fOrYAsnjDL+97zYASmKcBzB8t9ZVWIU=,tag:JzGO/FeKem4vd7ApvZ2Zcg==,type:str]
mediawiki:
@@ -32,10 +34,6 @@ bacula:
zammad_secret: ENC[AES256_GCM,data:Ok01cE+lgNaN0+wLZuBD6k2gsyTWDFVXEPprEvdwlIAQvwqYu2nou0GiCEcm/NF2cgsxERH2rYxxS/lPXIQxXjvHHLfovLSMH+Kd1F/T+qWZioDz7tzDV3GBom52c92kZ4XO2F3udku8IQLGsR7J6eA/xY7yj1g2CF7Vt37BMkg=,iv:5cdEBtgjXoJCve8PJDUcLQvXwe7sn/mgZIOUhzJtr/c=,tag:4fLmvfG6Ujcb5J3YGjP7Hg==,type:str]
hyperilo_htaccess: ENC[AES256_GCM,data:FuHR9S6FhVyraJ6w9j6RTUryCqgVrhpfQg9y2OdnaqMFNcIR239OBmvqn+WlgFxcMqJtpIKe8ixBZq67pjxbSl2p,iv:zKMyhEJ160MN3+54csuurMXvIAFfWG95bv/cIH3hqJo=,tag:Nr0G7qx8cdpNoW3t5P1CBA==,type:str]
sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
age:
- recipient: age1x76ajqw8w4l5vlkwt5s3flz5a5jq5qlxv7uppmnf8ckj9egh9ekqjclzt6
enc: |
@@ -55,8 +53,8 @@ sops:
MWM0M3FvbjUzL3p3ZU1zUG94ckV3ZTAKUOAkZ8nlvT36cyPy5USyDzoIG569N818
tMM5aQsEQ9vTOaUoK4gtBEXBva7VerMprdcTRYLcSJ/9L1vXdlVT/g==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-03-07T23:08:25Z"
- mac: ENC[AES256_GCM,data:Pe0ACk6wVrMMoB7moMt+A8RPaiy8RZdH0gINpphQr1XGzfYOD6tMoS/YK/6JfTKagWzMpkOVnbpSpKVzdeBu1nzMM5DrOyeP5WBnkuBtBHjXBlis7khCKGEOxATEoM6lev31vjKDGFFP4HpwOrIAj6UaQ2RGSY/3FJ/SHk83eYY=,iv:6/sJcpY4XoEHHBV/W9BZAva/2gZiL4T/+6O55thuX1M=,tag:lpvyC44VIUMk3/KZZO+tmA==,type:str]
+ lastmodified: "2025-04-15T12:57:41Z"
+ mac: ENC[AES256_GCM,data:NKpGBhz9WFt9xbcbIZ+S8fkgbhfOk4g+5vhXSYPz5tVF/uLDjI4+T1nzy1yKVJA+9MGgQ5OHXgQ7kszrXHgn8fm+sG++MUEXJILcX840Poo9wRBhvDxtNL/oLFbSHsQ0FDe9oCcx+/T8Rmg7vYWARlokKDsXZ7wsTYjF9GkBivQ=,iv:SKVBvdyT3cRTfXuenLDEgk0yJJltwIBShZOkrDfnI10=,tag:58eNQ5k5hTUBTr/nwJULug==,type:str]
pgp:
- created_at: "2025-03-07T23:03:16Z"
enc: |-
@@ -172,4 +170,4 @@ sops:
-----END PGP MESSAGE-----
fp: FBBFAC260D9283D1EF2397DD3CA65E9DD6EB319D
unencrypted_suffix: _unencrypted
- version: 3.9.4
+ version: 3.10.1
From 23af7fd7cdfba40cad82afd29dafc37cbff4e1f1 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Thu, 24 Apr 2025 17:05:03 +0200
Subject: [PATCH 34/46] update flake.lock
---
flake.lock | 277 ++++++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 254 insertions(+), 23 deletions(-)
diff --git a/flake.lock b/flake.lock
index 59fc422..f5a6f50 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,10 +1,54 @@
{
"nodes": {
+ "authentik": {
+ "inputs": {
+ "authentik-src": "authentik-src",
+ "flake-compat": "flake-compat",
+ "flake-parts": "flake-parts",
+ "flake-utils": "flake-utils",
+ "napalm": "napalm",
+ "nixpkgs": [
+ "nixpkgs"
+ ],
+ "poetry2nix": "poetry2nix",
+ "systems": "systems"
+ },
+ "locked": {
+ "lastModified": 1744375272,
+ "narHash": "sha256-xvWbdTctLu5YWgcp+lNTh51GAY3vB2XEXUFKRMJUiCM=",
+ "owner": "nix-community",
+ "repo": "authentik-nix",
+ "rev": "105b3b6c004ce00d1d3c7a88669bea4aadfd4580",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "authentik-nix",
+ "type": "github"
+ }
+ },
+ "authentik-src": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1744135136,
+ "narHash": "sha256-7wvoCRhLipX4qzrb/ctsozG565yckx+moxiF6vRo84I=",
+ "owner": "goauthentik",
+ "repo": "authentik",
+ "rev": "74eab55c615b156e4191ee98dc789e2d58c016f9",
+ "type": "github"
+ },
+ "original": {
+ "owner": "goauthentik",
+ "ref": "version/2025.2.4",
+ "repo": "authentik",
+ "type": "github"
+ }
+ },
"course-management": {
"inputs": {
- "flake-utils": "flake-utils",
+ "flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs",
- "poetry2nix": "poetry2nix"
+ "poetry2nix": "poetry2nix_2"
},
"locked": {
"lastModified": 1730751072,
@@ -40,16 +84,53 @@
"url": "https://git.ifsr.de/ese/manual-website"
}
},
- "flake-utils": {
+ "flake-compat": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1733328505,
+ "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "flake-parts": {
"inputs": {
- "systems": "systems"
+ "nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
- "lastModified": 1726560853,
- "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
+ "lastModified": 1743550720,
+ "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "rev": "c621e8422220273271f52058f618c94e405bb0f5",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "type": "github"
+ }
+ },
+ "flake-utils": {
+ "inputs": {
+ "systems": [
+ "authentik",
+ "systems"
+ ]
+ },
+ "locked": {
+ "lastModified": 1731533236,
+ "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
+ "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
@@ -78,7 +159,25 @@
},
"flake-utils_3": {
"inputs": {
- "systems": "systems_5"
+ "systems": "systems_3"
+ },
+ "locked": {
+ "lastModified": 1726560853,
+ "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_4": {
+ "inputs": {
+ "systems": "systems_6"
},
"locked": {
"lastModified": 1681202837,
@@ -114,7 +213,55 @@
"type": "github"
}
},
+ "napalm": {
+ "inputs": {
+ "flake-utils": [
+ "authentik",
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "authentik",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1725806412,
+ "narHash": "sha256-lGZjkjds0p924QEhm/r0BhAxbHBJE1xMOldB/HmQH04=",
+ "owner": "willibutz",
+ "repo": "napalm",
+ "rev": "b492440d9e64ae20736d3bec5c7715ffcbde83f5",
+ "type": "github"
+ },
+ "original": {
+ "owner": "willibutz",
+ "ref": "avoid-foldl-stack-overflow",
+ "repo": "napalm",
+ "type": "github"
+ }
+ },
"nix-github-actions": {
+ "inputs": {
+ "nixpkgs": [
+ "authentik",
+ "poetry2nix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1729742964,
+ "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
+ "owner": "nix-community",
+ "repo": "nix-github-actions",
+ "rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "nix-github-actions",
+ "type": "github"
+ }
+ },
+ "nix-github-actions_2": {
"inputs": {
"nixpkgs": [
"course-management",
@@ -172,6 +319,21 @@
"type": "github"
}
},
+ "nixpkgs-lib": {
+ "locked": {
+ "lastModified": 1743296961,
+ "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
+ "owner": "nix-community",
+ "repo": "nixpkgs.lib",
+ "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "nixpkgs.lib",
+ "type": "github"
+ }
+ },
"nixpkgs_2": {
"locked": {
"lastModified": 1743576891,
@@ -225,14 +387,45 @@
},
"poetry2nix": {
"inputs": {
- "flake-utils": "flake-utils_2",
+ "flake-utils": [
+ "authentik",
+ "flake-utils"
+ ],
"nix-github-actions": "nix-github-actions",
+ "nixpkgs": [
+ "authentik",
+ "nixpkgs"
+ ],
+ "systems": [
+ "authentik",
+ "systems"
+ ],
+ "treefmt-nix": "treefmt-nix"
+ },
+ "locked": {
+ "lastModified": 1743690424,
+ "narHash": "sha256-cX98bUuKuihOaRp8dNV1Mq7u6/CQZWTPth2IJPATBXc=",
+ "owner": "nix-community",
+ "repo": "poetry2nix",
+ "rev": "ce2369db77f45688172384bbeb962bc6c2ea6f94",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "poetry2nix",
+ "type": "github"
+ }
+ },
+ "poetry2nix_2": {
+ "inputs": {
+ "flake-utils": "flake-utils_3",
+ "nix-github-actions": "nix-github-actions_2",
"nixpkgs": [
"course-management",
"nixpkgs"
],
- "systems": "systems_3",
- "treefmt-nix": "treefmt-nix"
+ "systems": "systems_4",
+ "treefmt-nix": "treefmt-nix_2"
},
"locked": {
"lastModified": 1730284601,
@@ -270,6 +463,7 @@
},
"root": {
"inputs": {
+ "authentik": "authentik",
"course-management": "course-management",
"ese-manual": "ese-manual",
"kpp": "kpp",
@@ -303,16 +497,16 @@
},
"systems": {
"locked": {
- "lastModified": 1681028828,
- "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "lastModified": 1689347949,
+ "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
- "repo": "default",
- "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "repo": "default-linux",
+ "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
- "repo": "default",
+ "repo": "default-linux",
"type": "github"
}
},
@@ -341,8 +535,9 @@
"type": "github"
},
"original": {
- "id": "systems",
- "type": "indirect"
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
}
},
"systems_4": {
@@ -355,9 +550,8 @@
"type": "github"
},
"original": {
- "owner": "nix-systems",
- "repo": "default",
- "type": "github"
+ "id": "systems",
+ "type": "indirect"
}
},
"systems_5": {
@@ -375,7 +569,44 @@
"type": "github"
}
},
+ "systems_6": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
+ },
"treefmt-nix": {
+ "inputs": {
+ "nixpkgs": [
+ "authentik",
+ "poetry2nix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1730120726,
+ "narHash": "sha256-LqHYIxMrl/1p3/kvm2ir925tZ8DkI0KA10djk8wecSk=",
+ "owner": "numtide",
+ "repo": "treefmt-nix",
+ "rev": "9ef337e492a5555d8e17a51c911ff1f02635be15",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "treefmt-nix",
+ "type": "github"
+ }
+ },
+ "treefmt-nix_2": {
"inputs": {
"nixpkgs": [
"course-management",
@@ -399,7 +630,7 @@
},
"utils": {
"inputs": {
- "systems": "systems_4"
+ "systems": "systems_5"
},
"locked": {
"lastModified": 1731533236,
@@ -417,7 +648,7 @@
},
"vscode-server": {
"inputs": {
- "flake-utils": "flake-utils_3",
+ "flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_3"
},
"locked": {
From 8eab2484b2ac47f23faec8994dc713c44ed17225 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Thu, 24 Apr 2025 17:05:24 +0200
Subject: [PATCH 35/46] restrict rtmp to campus nets and clean up nft rules
---
hosts/quitte/network.nix | 1 +
modules/ldap/default.nix | 5 -----
modules/stream.nix | 11 +++++++----
3 files changed, 8 insertions(+), 9 deletions(-)
diff --git a/hosts/quitte/network.nix b/hosts/quitte/network.nix
index fb1bcb9..f984edd 100644
--- a/hosts/quitte/network.nix
+++ b/hosts/quitte/network.nix
@@ -15,6 +15,7 @@
firewall = {
logRefusedConnections = false;
+ trustedInterfaces = [ "podman0"];
};
};
diff --git a/modules/ldap/default.nix b/modules/ldap/default.nix
index dc454e4..bdf3d3b 100644
--- a/modules/ldap/default.nix
+++ b/modules/ldap/default.nix
@@ -82,9 +82,4 @@ in
};
};
};
- networking.firewall = {
- extraInputRules = ''
- ip saddr { 141.30.86.192/26, 141.76.100.128/25, 10.88.0.1/16 } tcp dport 636 accept comment "Allow ldaps access from office nets and podman"
- '';
- };
}
diff --git a/modules/stream.nix b/modules/stream.nix
index f76141a..5d36501 100644
--- a/modules/stream.nix
+++ b/modules/stream.nix
@@ -1,13 +1,12 @@
{ config, ... }:
+let cfg = config.services.owncast;
+in
{
services = {
nginx = {
virtualHosts = {
"stream.${config.networking.domain}" = {
locations."/" =
- let
- cfg = config.services.owncast;
- in
{
proxyPass = "http://${toString cfg.listen}:${toString cfg.port}";
proxyWebsockets = true;
@@ -19,8 +18,12 @@
enable = true;
port = 13142;
listen = "[::ffff:127.0.0.1]";
- openFirewall = true;
rtmp-port = 1935;
};
};
+ networking.firewall = {
+ extraInputRules = ''
+ ip saddr {141.30.0.0/16, 141.76.0.0/16} tcp dport ${toString cfg.rtmp-port} accept comment "Allow rtmp access from campus nets"
+ '';
+ };
}
From 7056803ef5cd9bbb6cba7fb1e5b8118728603a4d Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Fri, 25 Apr 2025 10:43:27 +0200
Subject: [PATCH 36/46] updates 2025-04-25
---
flake.lock | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/flake.lock b/flake.lock
index f5a6f50..fcc2cef 100644
--- a/flake.lock
+++ b/flake.lock
@@ -290,11 +290,11 @@
]
},
"locked": {
- "lastModified": 1743306489,
- "narHash": "sha256-LROaIjSLo347cwcHRfSpqzEOa2FoLSeJwU4dOrGm55E=",
+ "lastModified": 1745120797,
+ "narHash": "sha256-owQ0VQ+7cSanTVPxaZMWEzI22Q4bGnuvhVjLAJBNQ3E=",
"owner": "nix-community",
"repo": "nix-index-database",
- "rev": "b3696bfb6c24aa61428839a99e8b40c53ac3a82d",
+ "rev": "69716041f881a2af935021c1182ed5b0cc04d40e",
"type": "github"
},
"original": {
@@ -336,11 +336,11 @@
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1743576891,
- "narHash": "sha256-vXiKURtntURybE6FMNFAVpRPr8+e8KoLPrYs9TGuAKc=",
+ "lastModified": 1745487689,
+ "narHash": "sha256-FQoi3R0NjQeBAsEOo49b5tbDPcJSMWc3QhhaIi9eddw=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "44a69ed688786e98a101f02b712c313f1ade37ab",
+ "rev": "5630cf13cceac06cefe9fc607e8dfa8fb342dde3",
"type": "github"
},
"original": {
@@ -482,11 +482,11 @@
]
},
"locked": {
- "lastModified": 1743604509,
- "narHash": "sha256-Hf5aYGP3hP+uNbcd4NrEMUAR+1o518uGzoeVyMzzJwo=",
+ "lastModified": 1745310711,
+ "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=",
"owner": "Mic92",
"repo": "sops-nix",
- "rev": "4521de68fba1a36fae8caebce3d6e047179661f7",
+ "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c",
"type": "github"
},
"original": {
From 4d18a49ca1dad7d26795ed77259b4f5e21e35da4 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Mon, 28 Apr 2025 15:19:43 +0200
Subject: [PATCH 37/46] move some redis servers around
---
flake.nix | 4 ++++
modules/authentik/default.nix | 6 +-----
modules/mail/rspamd.nix | 1 +
modules/zammad.nix | 9 ++++++++-
4 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/flake.nix b/flake.nix
index 12d466d..0e4f805 100755
--- a/flake.nix
+++ b/flake.nix
@@ -37,6 +37,7 @@
, vscode-server
, course-management
, print-interface
+ , authentik
, ...
}@inputs:
let
@@ -75,10 +76,13 @@
ese-manual.nixosModules.default
course-management.nixosModules.default
vscode-server.nixosModules.default
+ authentik.nixosModules.default
+
./hosts/quitte/configuration.nix
./options
./modules/core
+ ./modules/authentik
./modules/ldap
./modules/mail
./modules/web
diff --git a/modules/authentik/default.nix b/modules/authentik/default.nix
index 4267f28..eb65477 100644
--- a/modules/authentik/default.nix
+++ b/modules/authentik/default.nix
@@ -1,11 +1,8 @@
-{ config, ... }:
+{ config, lib, ... }:
let
domain = "idm.${config.networking.domain}";
in
{
- age.secrets.authentik-core = {
- file = ../../../../secrets/nuc/authentik/core.age;
- };
sops.secrets."authentik/env" = { };
services.authentik = {
enable = true;
@@ -16,5 +13,4 @@ in
};
environmentFile = config.sops.secrets."authentik/env".path;
};
-
}
diff --git a/modules/mail/rspamd.nix b/modules/mail/rspamd.nix
index 3ec5b3a..cab3fd0 100644
--- a/modules/mail/rspamd.nix
+++ b/modules/mail/rspamd.nix
@@ -184,6 +184,7 @@ in
redis = {
vmOverCommit = true;
servers.rspamd = {
+ port = 0;
enable = true;
};
};
diff --git a/modules/zammad.nix b/modules/zammad.nix
index fed019b..cbff484 100644
--- a/modules/zammad.nix
+++ b/modules/zammad.nix
@@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, lib, ... }:
let
domain = "tickets.${config.networking.domain}";
in
@@ -9,11 +9,18 @@ in
createLocally = true;
type = "PostgreSQL";
};
+ redis.port = 6380;
port = 8085;
secretKeyBaseFile = config.sops.secrets."zammad_secret".path;
};
+ services.redis = {
+ servers.zammad = {
+ port = lib.mkForce 6380;
+ enable = true;
+ };
+ };
# disably spammy logs
systemd.services.zammad-web.preStart = ''
sed -i -e "s|debug|warn|" ./config/environments/production.rb
From ec9e315d33e048dddf296a0c88f8433166c40e6d Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Mon, 28 Apr 2025 15:20:47 +0200
Subject: [PATCH 38/46] updates 2025-04-28
---
flake.lock | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/flake.lock b/flake.lock
index fcc2cef..34f1f3a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -14,11 +14,11 @@
"systems": "systems"
},
"locked": {
- "lastModified": 1744375272,
- "narHash": "sha256-xvWbdTctLu5YWgcp+lNTh51GAY3vB2XEXUFKRMJUiCM=",
+ "lastModified": 1745663775,
+ "narHash": "sha256-zRamFjTxegQE0Ysi46sfDU2CIghiMWJIdEYdq7O0jiQ=",
"owner": "nix-community",
"repo": "authentik-nix",
- "rev": "105b3b6c004ce00d1d3c7a88669bea4aadfd4580",
+ "rev": "a8a5de789006bb1dea0ffb5370a8f7e453d06113",
"type": "github"
},
"original": {
@@ -290,11 +290,11 @@
]
},
"locked": {
- "lastModified": 1745120797,
- "narHash": "sha256-owQ0VQ+7cSanTVPxaZMWEzI22Q4bGnuvhVjLAJBNQ3E=",
+ "lastModified": 1745725746,
+ "narHash": "sha256-iR+idGZJ191cY6NBXyVjh9QH8GVWTkvZw/w+1Igy45A=",
"owner": "nix-community",
"repo": "nix-index-database",
- "rev": "69716041f881a2af935021c1182ed5b0cc04d40e",
+ "rev": "187524713d0d9b2d2c6f688b81835114d4c2a7c6",
"type": "github"
},
"original": {
@@ -336,11 +336,11 @@
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1745487689,
- "narHash": "sha256-FQoi3R0NjQeBAsEOo49b5tbDPcJSMWc3QhhaIi9eddw=",
+ "lastModified": 1745742390,
+ "narHash": "sha256-1rqa/XPSJqJg21BKWjzJZC7yU0l/YTVtjRi0RJmipus=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "5630cf13cceac06cefe9fc607e8dfa8fb342dde3",
+ "rev": "26245db0cb552047418cfcef9a25da91b222d6c7",
"type": "github"
},
"original": {
From c9b09f6a2dfa91de26af799b13a069f53b0e3b7b Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Mon, 28 Apr 2025 15:24:42 +0200
Subject: [PATCH 39/46] use upstream nixpkgs for authentik
---
flake.lock | 38 ++++++++++++++++++++++++++------------
flake.nix | 1 -
2 files changed, 26 insertions(+), 13 deletions(-)
diff --git a/flake.lock b/flake.lock
index 34f1f3a..5da240b 100644
--- a/flake.lock
+++ b/flake.lock
@@ -7,9 +7,7 @@
"flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"napalm": "napalm",
- "nixpkgs": [
- "nixpkgs"
- ],
+ "nixpkgs": "nixpkgs",
"poetry2nix": "poetry2nix",
"systems": "systems"
},
@@ -47,7 +45,7 @@
"course-management": {
"inputs": {
"flake-utils": "flake-utils_2",
- "nixpkgs": "nixpkgs",
+ "nixpkgs": "nixpkgs_2",
"poetry2nix": "poetry2nix_2"
},
"locked": {
@@ -305,15 +303,15 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1730531603,
- "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
- "owner": "nixos",
+ "lastModified": 1745391562,
+ "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=",
+ "owner": "NixOS",
"repo": "nixpkgs",
- "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d",
+ "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7",
"type": "github"
},
"original": {
- "owner": "nixos",
+ "owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
@@ -335,6 +333,22 @@
}
},
"nixpkgs_2": {
+ "locked": {
+ "lastModified": 1730531603,
+ "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nixos",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_3": {
"locked": {
"lastModified": 1745742390,
"narHash": "sha256-1rqa/XPSJqJg21BKWjzJZC7yU0l/YTVtjRi0RJmipus=",
@@ -350,7 +364,7 @@
"type": "github"
}
},
- "nixpkgs_3": {
+ "nixpkgs_4": {
"locked": {
"lastModified": 1682134069,
"narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=",
@@ -468,7 +482,7 @@
"ese-manual": "ese-manual",
"kpp": "kpp",
"nix-index-database": "nix-index-database",
- "nixpkgs": "nixpkgs_2",
+ "nixpkgs": "nixpkgs_3",
"notenrechner": "notenrechner",
"print-interface": "print-interface",
"sops-nix": "sops-nix",
@@ -649,7 +663,7 @@
"vscode-server": {
"inputs": {
"flake-utils": "flake-utils_4",
- "nixpkgs": "nixpkgs_3"
+ "nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1729422940,
diff --git a/flake.nix b/flake.nix
index 0e4f805..923b081 100755
--- a/flake.nix
+++ b/flake.nix
@@ -18,7 +18,6 @@
notenrechner.inputs.nixpkgs.follows = "nixpkgs";
authentik = {
url = "github:nix-community/authentik-nix";
- inputs.nixpkgs.follows = "nixpkgs";
};
From 8930b99a7d8cebaecbda0492f58ed2659e4daf2f Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Thu, 1 May 2025 21:56:29 +0200
Subject: [PATCH 40/46] updates 2025-05-01
---
flake.lock | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/flake.lock b/flake.lock
index 5da240b..a20c926 100644
--- a/flake.lock
+++ b/flake.lock
@@ -12,11 +12,11 @@
"systems": "systems"
},
"locked": {
- "lastModified": 1745663775,
- "narHash": "sha256-zRamFjTxegQE0Ysi46sfDU2CIghiMWJIdEYdq7O0jiQ=",
+ "lastModified": 1745851830,
+ "narHash": "sha256-DHVRLCKoJYrysppygOZrmg6UngrlTN+M4t8HaOiQQfU=",
"owner": "nix-community",
"repo": "authentik-nix",
- "rev": "a8a5de789006bb1dea0ffb5370a8f7e453d06113",
+ "rev": "618330bee6b5e284499b5f85b74cbdfe6f873d6e",
"type": "github"
},
"original": {
@@ -288,11 +288,11 @@
]
},
"locked": {
- "lastModified": 1745725746,
+ "lastModified": 1746054057,
"narHash": "sha256-iR+idGZJ191cY6NBXyVjh9QH8GVWTkvZw/w+1Igy45A=",
"owner": "nix-community",
"repo": "nix-index-database",
- "rev": "187524713d0d9b2d2c6f688b81835114d4c2a7c6",
+ "rev": "13ba07d54c6ccc5af30a501df669bf3fe3dd4db8",
"type": "github"
},
"original": {
@@ -350,11 +350,11 @@
},
"nixpkgs_3": {
"locked": {
- "lastModified": 1745742390,
- "narHash": "sha256-1rqa/XPSJqJg21BKWjzJZC7yU0l/YTVtjRi0RJmipus=",
+ "lastModified": 1746055187,
+ "narHash": "sha256-3dqArYSMP9hM7Qpy5YWhnSjiqniSaT2uc5h2Po7tmg0=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "26245db0cb552047418cfcef9a25da91b222d6c7",
+ "rev": "3e362ce63e16b9572d8c2297c04f7c19ab6725a5",
"type": "github"
},
"original": {
From ac5f143a80c7fa7a1b05de2ecb7e0558fa58f648 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Thu, 1 May 2025 22:04:43 +0200
Subject: [PATCH 41/46] Revert "updates 2025-05-01" authentik is broken
This reverts commit 8930b99a7d8cebaecbda0492f58ed2659e4daf2f.
---
flake.lock | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/flake.lock b/flake.lock
index a20c926..5da240b 100644
--- a/flake.lock
+++ b/flake.lock
@@ -12,11 +12,11 @@
"systems": "systems"
},
"locked": {
- "lastModified": 1745851830,
- "narHash": "sha256-DHVRLCKoJYrysppygOZrmg6UngrlTN+M4t8HaOiQQfU=",
+ "lastModified": 1745663775,
+ "narHash": "sha256-zRamFjTxegQE0Ysi46sfDU2CIghiMWJIdEYdq7O0jiQ=",
"owner": "nix-community",
"repo": "authentik-nix",
- "rev": "618330bee6b5e284499b5f85b74cbdfe6f873d6e",
+ "rev": "a8a5de789006bb1dea0ffb5370a8f7e453d06113",
"type": "github"
},
"original": {
@@ -288,11 +288,11 @@
]
},
"locked": {
- "lastModified": 1746054057,
+ "lastModified": 1745725746,
"narHash": "sha256-iR+idGZJ191cY6NBXyVjh9QH8GVWTkvZw/w+1Igy45A=",
"owner": "nix-community",
"repo": "nix-index-database",
- "rev": "13ba07d54c6ccc5af30a501df669bf3fe3dd4db8",
+ "rev": "187524713d0d9b2d2c6f688b81835114d4c2a7c6",
"type": "github"
},
"original": {
@@ -350,11 +350,11 @@
},
"nixpkgs_3": {
"locked": {
- "lastModified": 1746055187,
- "narHash": "sha256-3dqArYSMP9hM7Qpy5YWhnSjiqniSaT2uc5h2Po7tmg0=",
+ "lastModified": 1745742390,
+ "narHash": "sha256-1rqa/XPSJqJg21BKWjzJZC7yU0l/YTVtjRi0RJmipus=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "3e362ce63e16b9572d8c2297c04f7c19ab6725a5",
+ "rev": "26245db0cb552047418cfcef9a25da91b222d6c7",
"type": "github"
},
"original": {
From e966797c1e00d8318ceca6f2f2ab3a495bdf53de Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Thu, 8 May 2025 15:02:05 +0200
Subject: [PATCH 42/46] updates 2025-05-08
---
flake.lock | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/flake.lock b/flake.lock
index 5da240b..30f7fbd 100644
--- a/flake.lock
+++ b/flake.lock
@@ -12,11 +12,11 @@
"systems": "systems"
},
"locked": {
- "lastModified": 1745663775,
- "narHash": "sha256-zRamFjTxegQE0Ysi46sfDU2CIghiMWJIdEYdq7O0jiQ=",
+ "lastModified": 1746210481,
+ "narHash": "sha256-AqppJhlacRGS76JkynL1/PbbMIenWR5pqrCgDThl+ws=",
"owner": "nix-community",
"repo": "authentik-nix",
- "rev": "a8a5de789006bb1dea0ffb5370a8f7e453d06113",
+ "rev": "ce1abb86409ca5e604667f9a91661601bd9c15e3",
"type": "github"
},
"original": {
@@ -288,11 +288,11 @@
]
},
"locked": {
- "lastModified": 1745725746,
- "narHash": "sha256-iR+idGZJ191cY6NBXyVjh9QH8GVWTkvZw/w+1Igy45A=",
+ "lastModified": 1746330942,
+ "narHash": "sha256-ShizFaJCAST23tSrHHtFFGF0fwd72AG+KhPZFFQX/0o=",
"owner": "nix-community",
"repo": "nix-index-database",
- "rev": "187524713d0d9b2d2c6f688b81835114d4c2a7c6",
+ "rev": "137fd2bd726fff343874f85601b51769b48685cc",
"type": "github"
},
"original": {
@@ -350,11 +350,11 @@
},
"nixpkgs_3": {
"locked": {
- "lastModified": 1745742390,
- "narHash": "sha256-1rqa/XPSJqJg21BKWjzJZC7yU0l/YTVtjRi0RJmipus=",
+ "lastModified": 1746557022,
+ "narHash": "sha256-QkNoyEf6TbaTW5UZYX0OkwIJ/ZMeKSSoOMnSDPQuol0=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "26245db0cb552047418cfcef9a25da91b222d6c7",
+ "rev": "1d3aeb5a193b9ff13f63f4d9cc169fb88129f860",
"type": "github"
},
"original": {
@@ -496,11 +496,11 @@
]
},
"locked": {
- "lastModified": 1745310711,
- "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=",
+ "lastModified": 1746485181,
+ "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=",
"owner": "Mic92",
"repo": "sops-nix",
- "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c",
+ "rev": "e93ee1d900ad264d65e9701a5c6f895683433386",
"type": "github"
},
"original": {
From 1833aeb84d9b83b2820981364cd138af3cd48463 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Thu, 8 May 2025 15:17:09 +0200
Subject: [PATCH 43/46] authentik: temporarily use a fork
---
flake.lock | 188 +++++++++++++++++++++++++++--------------------------
flake.nix | 5 +-
2 files changed, 99 insertions(+), 94 deletions(-)
diff --git a/flake.lock b/flake.lock
index 30f7fbd..4da82c5 100644
--- a/flake.lock
+++ b/flake.lock
@@ -8,19 +8,21 @@
"flake-utils": "flake-utils",
"napalm": "napalm",
"nixpkgs": "nixpkgs",
- "poetry2nix": "poetry2nix",
- "systems": "systems"
+ "pyproject-build-systems": "pyproject-build-systems",
+ "pyproject-nix": "pyproject-nix",
+ "systems": "systems",
+ "uv2nix": "uv2nix"
},
"locked": {
- "lastModified": 1746210481,
- "narHash": "sha256-AqppJhlacRGS76JkynL1/PbbMIenWR5pqrCgDThl+ws=",
- "owner": "nix-community",
+ "lastModified": 1746294280,
+ "narHash": "sha256-Y8JGnaYXk71ipBYFw83dvS1zKBftppT1RnRT/XsWKIM=",
+ "owner": "MarcelCoding",
"repo": "authentik-nix",
- "rev": "ce1abb86409ca5e604667f9a91661601bd9c15e3",
+ "rev": "c2a6bb12f90241df93fe2d5553c8bca476dcb52b",
"type": "github"
},
"original": {
- "owner": "nix-community",
+ "owner": "MarcelCoding",
"repo": "authentik-nix",
"type": "github"
}
@@ -28,16 +30,16 @@
"authentik-src": {
"flake": false,
"locked": {
- "lastModified": 1744135136,
- "narHash": "sha256-7wvoCRhLipX4qzrb/ctsozG565yckx+moxiF6vRo84I=",
+ "lastModified": 1745954192,
+ "narHash": "sha256-QuIgeu3CN6S44/zSiaj+iIkDz2494mb1MWvD3eYYkVE=",
"owner": "goauthentik",
"repo": "authentik",
- "rev": "74eab55c615b156e4191ee98dc789e2d58c016f9",
+ "rev": "22412729e2379d645da2ac0c0270a0ac6147945e",
"type": "github"
},
"original": {
"owner": "goauthentik",
- "ref": "version/2025.2.4",
+ "ref": "version/2025.4.0",
"repo": "authentik",
"type": "github"
}
@@ -46,7 +48,7 @@
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_2",
- "poetry2nix": "poetry2nix_2"
+ "poetry2nix": "poetry2nix"
},
"locked": {
"lastModified": 1730751072,
@@ -238,28 +240,6 @@
}
},
"nix-github-actions": {
- "inputs": {
- "nixpkgs": [
- "authentik",
- "poetry2nix",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1729742964,
- "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
- "owner": "nix-community",
- "repo": "nix-github-actions",
- "rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
- "type": "github"
- },
- "original": {
- "owner": "nix-community",
- "repo": "nix-github-actions",
- "type": "github"
- }
- },
- "nix-github-actions_2": {
"inputs": {
"nixpkgs": [
"course-management",
@@ -303,16 +283,16 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1745391562,
- "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=",
+ "lastModified": 1746183838,
+ "narHash": "sha256-kwaaguGkAqTZ1oK0yXeQ3ayYjs8u/W7eEfrFpFfIDFA=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7",
+ "rev": "bf3287dac860542719fe7554e21e686108716879",
"type": "github"
},
"original": {
"owner": "NixOS",
- "ref": "nixos-unstable",
+ "ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
@@ -400,46 +380,15 @@
}
},
"poetry2nix": {
- "inputs": {
- "flake-utils": [
- "authentik",
- "flake-utils"
- ],
- "nix-github-actions": "nix-github-actions",
- "nixpkgs": [
- "authentik",
- "nixpkgs"
- ],
- "systems": [
- "authentik",
- "systems"
- ],
- "treefmt-nix": "treefmt-nix"
- },
- "locked": {
- "lastModified": 1743690424,
- "narHash": "sha256-cX98bUuKuihOaRp8dNV1Mq7u6/CQZWTPth2IJPATBXc=",
- "owner": "nix-community",
- "repo": "poetry2nix",
- "rev": "ce2369db77f45688172384bbeb962bc6c2ea6f94",
- "type": "github"
- },
- "original": {
- "owner": "nix-community",
- "repo": "poetry2nix",
- "type": "github"
- }
- },
- "poetry2nix_2": {
"inputs": {
"flake-utils": "flake-utils_3",
- "nix-github-actions": "nix-github-actions_2",
+ "nix-github-actions": "nix-github-actions",
"nixpkgs": [
"course-management",
"nixpkgs"
],
"systems": "systems_4",
- "treefmt-nix": "treefmt-nix_2"
+ "treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1730284601,
@@ -475,6 +424,56 @@
"type": "github"
}
},
+ "pyproject-build-systems": {
+ "inputs": {
+ "nixpkgs": [
+ "authentik",
+ "nixpkgs"
+ ],
+ "pyproject-nix": [
+ "authentik",
+ "pyproject-nix"
+ ],
+ "uv2nix": [
+ "authentik",
+ "uv2nix"
+ ]
+ },
+ "locked": {
+ "lastModified": 1744599653,
+ "narHash": "sha256-nysSwVVjG4hKoOjhjvE6U5lIKA8sEr1d1QzEfZsannU=",
+ "owner": "pyproject-nix",
+ "repo": "build-system-pkgs",
+ "rev": "7dba6dbc73120e15b558754c26024f6c93015dd7",
+ "type": "github"
+ },
+ "original": {
+ "owner": "pyproject-nix",
+ "repo": "build-system-pkgs",
+ "type": "github"
+ }
+ },
+ "pyproject-nix": {
+ "inputs": {
+ "nixpkgs": [
+ "authentik",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1746146146,
+ "narHash": "sha256-60+mzI2lbgn+G8F5mz+cmkDvHFn4s5oqcOna1SzYy74=",
+ "owner": "pyproject-nix",
+ "repo": "pyproject.nix",
+ "rev": "3e9623bdd86a3c545e82b7f97cfdba5f07232d9a",
+ "type": "github"
+ },
+ "original": {
+ "owner": "pyproject-nix",
+ "repo": "pyproject.nix",
+ "type": "github"
+ }
+ },
"root": {
"inputs": {
"authentik": "authentik",
@@ -599,28 +598,6 @@
}
},
"treefmt-nix": {
- "inputs": {
- "nixpkgs": [
- "authentik",
- "poetry2nix",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1730120726,
- "narHash": "sha256-LqHYIxMrl/1p3/kvm2ir925tZ8DkI0KA10djk8wecSk=",
- "owner": "numtide",
- "repo": "treefmt-nix",
- "rev": "9ef337e492a5555d8e17a51c911ff1f02635be15",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "treefmt-nix",
- "type": "github"
- }
- },
- "treefmt-nix_2": {
"inputs": {
"nixpkgs": [
"course-management",
@@ -660,6 +637,31 @@
"type": "github"
}
},
+ "uv2nix": {
+ "inputs": {
+ "nixpkgs": [
+ "authentik",
+ "nixpkgs"
+ ],
+ "pyproject-nix": [
+ "authentik",
+ "pyproject-nix"
+ ]
+ },
+ "locked": {
+ "lastModified": 1746048139,
+ "narHash": "sha256-LdCLyiihLg6P2/mjzP0+W7RtraDSIaJJPTy6SCtW5Ag=",
+ "owner": "pyproject-nix",
+ "repo": "uv2nix",
+ "rev": "680e2f8e637bc79b84268949d2f2b2f5e5f1d81c",
+ "type": "github"
+ },
+ "original": {
+ "owner": "pyproject-nix",
+ "repo": "uv2nix",
+ "type": "github"
+ }
+ },
"vscode-server": {
"inputs": {
"flake-utils": "flake-utils_4",
diff --git a/flake.nix b/flake.nix
index 923b081..1ec3f36 100755
--- a/flake.nix
+++ b/flake.nix
@@ -17,7 +17,10 @@
notenrechner.url = "git+https://git.ifsr.de/frieder.hannenheim/notenrechner.git";
notenrechner.inputs.nixpkgs.follows = "nixpkgs";
authentik = {
- url = "github:nix-community/authentik-nix";
+ # change to old one when we are at 25.05
+ # see https://github.com/nix-community/authentik-nix/issues/56 for context
+ url = "github:MarcelCoding/authentik-nix";
+ # url = "github:nix-community/authentik-nix";
};
From 36b8f7776445d6bc904ac1b9971e6fcf45b163ff Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Fri, 9 May 2025 22:32:04 +0200
Subject: [PATCH 44/46] quitte: use unbound
---
flake.nix | 1 +
modules/unbound/default.nix | 17 +++++++++++++++++
2 files changed, 18 insertions(+)
create mode 100644 modules/unbound/default.nix
diff --git a/flake.nix b/flake.nix
index 1ec3f36..757d6f4 100755
--- a/flake.nix
+++ b/flake.nix
@@ -93,6 +93,7 @@
./modules/matrix
./modules/keycloak
./modules/monitoring
+ ./modules/unbound
./modules/nix-serve.nix
./modules/hedgedoc.nix
diff --git a/modules/unbound/default.nix b/modules/unbound/default.nix
new file mode 100644
index 0000000..e8819cc
--- /dev/null
+++ b/modules/unbound/default.nix
@@ -0,0 +1,17 @@
+{ ... }:
+{
+ services.unbound = {
+ enable = true;
+ settings = {
+ server = {
+ interface = [ "127.0.0.1" ];
+ access-control = [ "127.0.0.1 allow" ];
+ };
+ stub-zone = [
+ {
+ name = ".";
+ }
+ ];
+ };
+ };
+}
From 4cc5a1fb57fb20f2c33cdd2f1b2997a27af47c7f Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Fri, 9 May 2025 23:17:38 +0200
Subject: [PATCH 45/46] unbound: fix
---
hosts/quitte/network.nix | 8 +++-----
modules/unbound/default.nix | 11 ++++-------
2 files changed, 7 insertions(+), 12 deletions(-)
diff --git a/hosts/quitte/network.nix b/hosts/quitte/network.nix
index f984edd..ec09503 100644
--- a/hosts/quitte/network.nix
+++ b/hosts/quitte/network.nix
@@ -15,7 +15,7 @@
firewall = {
logRefusedConnections = false;
- trustedInterfaces = [ "podman0"];
+ trustedInterfaces = [ "podman0" ];
};
};
@@ -47,10 +47,8 @@
];
networkConfig = {
DNS = [
- "9.9.9.9"
- "149.112.112.112"
- "2620:fe::fe"
- "2620:fe::9"
+ "127.0.0.1"
+ "::1"
];
LLDP = true;
EmitLLDP = "nearest-bridge";
diff --git a/modules/unbound/default.nix b/modules/unbound/default.nix
index e8819cc..01b2e60 100644
--- a/modules/unbound/default.nix
+++ b/modules/unbound/default.nix
@@ -1,17 +1,14 @@
{ ... }:
{
+ services.resolved.extraConfig = ''
+ DNSStubListener=no
+ '';
services.unbound = {
enable = true;
settings = {
server = {
- interface = [ "127.0.0.1" ];
- access-control = [ "127.0.0.1 allow" ];
+ interface = [ "127.0.0.1" "::1" ];
};
- stub-zone = [
- {
- name = ".";
- }
- ];
};
};
}
From 609f2f706d24f732ddccac887eeea535d4be8ac1 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Mon, 12 May 2025 15:59:26 +0200
Subject: [PATCH 46/46] zammad: disable
---
flake.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/flake.nix b/flake.nix
index 757d6f4..9ed2342 100755
--- a/flake.nix
+++ b/flake.nix
@@ -102,7 +102,7 @@
./modules/vaultwarden.nix
./modules/forgejo
./modules/kanboard.nix
- ./modules/zammad.nix
+ # ./modules/zammad.nix
# ./modules/decisions.nix
./modules/stream.nix
# ./modules/struktur-bot.nix