From 00291f7e9f0415bf9fb53955eb83e5567a13bf77 Mon Sep 17 00:00:00 2001 From: halcyon <55317573+hxlcyxn@users.noreply.github.com> Date: Fri, 2 Dec 2022 14:25:55 +0100 Subject: [PATCH 01/15] basic ldap/portunus config - config im moment nur auf meiner infra funktionstauglich, login auf website funktioniert - keine integrations getestet --- modules/ldap.nix | 53 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 modules/ldap.nix diff --git a/modules/ldap.nix b/modules/ldap.nix new file mode 100644 index 0000000..fe4c3b0 --- /dev/null +++ b/modules/ldap.nix @@ -0,0 +1,53 @@ +{config, ...}: let + # temporary url, zum testen auf laptop zuhause + tld = "moe"; + hostname = "eisvogel"; + domain = "portunus.${hostname}.${tld}"; +in { + # TODO: acme/letsencrypt oder andere lösung? + # + services.nginx = { + enable = true; + virtualHosts."${domain}" = { + forceSSL = true; + enableACME = true; + locations = { + "/".proxyPass = "http://localhost:${toString config.services.portunus.port}"; + "/dex".proxyPass = "http://localhost:${toString config.services.portunus.dex.port}"; + }; + }; + }; + + services.portunus = { + enable = true; + domain = "${domain}"; + ldap = { + suffix = "dc=${hostname},dc=${tld}"; + tls = true; + }; + + # TODO: siehe unten sops, statische config + # seedPath = ""; + + # falls wir das brauchen + # dex = { + # enable = true; + # ... + # }; + # searchUserName = "xxx"; + }; + + users.ldap = { + enable = true; + server = "ldaps://${domain}"; + base = "dc=${hostname},dc=${tld}"; + # useTLS = true; # nicht noetig weil ldaps domain festgelegt. wuerde sonst starttls auf port 389 versuchen + }; + + networking.firewall.allowedTCPPorts = [ + 80 # http + 443 # https + 636 # ldaps + ]; + # TODO: sops zeug, keine ahnung wie das (ordentlich) gemacht wird/gemacht werden soll +} From 29e69b67edbd4e635d2489b57c7c7647c3ffb560 Mon Sep 17 00:00:00 2001 From: halcyon <55317573+hxlcyxn@users.noreply.github.com> Date: Sat, 17 Dec 2022 13:58:06 +0100 Subject: [PATCH 02/15] expanded portunus config - daclaritve portunus and openldap users/groups - basic sops stuff still needs discussion --- modules/ldap.nix | 66 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 50 insertions(+), 16 deletions(-) diff --git a/modules/ldap.nix b/modules/ldap.nix index fe4c3b0..bced946 100644 --- a/modules/ldap.nix +++ b/modules/ldap.nix @@ -3,31 +3,53 @@ tld = "moe"; hostname = "eisvogel"; domain = "portunus.${hostname}.${tld}"; + + portunusUser = "portunus"; + portunusGroup = "portunus"; + + ldapUser = "openldap"; + ldapGroup = "openldap"; in { - # TODO: acme/letsencrypt oder andere lösung? - # - services.nginx = { - enable = true; - virtualHosts."${domain}" = { - forceSSL = true; - enableACME = true; - locations = { - "/".proxyPass = "http://localhost:${toString config.services.portunus.port}"; - "/dex".proxyPass = "http://localhost:${toString config.services.portunus.dex.port}"; - }; - }; + users.users."${portunusUser}" = { + isSystemUser = true; + group = "${portunusGroup}"; + }; + + users.groups."${portunusGroup}" = { + name = "${portunusGroup}"; + members = ["${portunusUser}"]; + }; + + users.users."${ldapUser}" = { + isSystemUser = true; + group = "${ldapGroup}"; + }; + + users.groups."${ldapGroup}" = { + name = "${ldapGroup}"; + members = ["${ldapUser}"]; + }; + + # TODO: eigenes secrets.yaml für seedfile? + sops.secrets.portunus_seedfile = { + owner = "${portunusUser}"; + group = "${portunusGroup}"; }; services.portunus = { enable = true; + user = "${portunusUser}"; + group = "${portunusGroup}"; domain = "${domain}"; ldap = { + user = "${ldapUser}"; + group = "${ldapGroup}"; suffix = "dc=${hostname},dc=${tld}"; tls = true; }; - # TODO: siehe unten sops, statische config - # seedPath = ""; + # TODO: wohin seed file? + seedPath = ""; # falls wir das brauchen # dex = { @@ -41,7 +63,20 @@ in { enable = true; server = "ldaps://${domain}"; base = "dc=${hostname},dc=${tld}"; - # useTLS = true; # nicht noetig weil ldaps domain festgelegt. wuerde sonst starttls auf port 389 versuchen + # useTLS = true; # nicht nötig weil ldaps domain festgelegt. würde sonst starttls auf port 389 versuchen + }; + + # TODO: acme/letsencrypt oder andere lösung? + services.nginx = { + enable = true; + virtualHosts."${config.services.portunus.domain}" = { + forceSSL = true; + enableACME = true; + locations = { + "/".proxyPass = "http://localhost:${toString config.services.portunus.port}"; + "/dex".proxyPass = "http://localhost:${toString config.services.portunus.dex.port}"; + }; + }; }; networking.firewall.allowedTCPPorts = [ @@ -49,5 +84,4 @@ in { 443 # https 636 # ldaps ]; - # TODO: sops zeug, keine ahnung wie das (ordentlich) gemacht wird/gemacht werden soll } From db63f4eb8d3f43f7ea624b267ddd4330d31e0b38 Mon Sep 17 00:00:00 2001 From: halcyon <55317573+hxlcyxn@users.noreply.github.com> Date: Sat, 17 Dec 2022 17:42:10 +0100 Subject: [PATCH 03/15] format ldap.nix --- modules/ldap.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/modules/ldap.nix b/modules/ldap.nix index bced946..697bca1 100644 --- a/modules/ldap.nix +++ b/modules/ldap.nix @@ -1,4 +1,5 @@ -{config, ...}: let +{ config, ... }: +let # temporary url, zum testen auf laptop zuhause tld = "moe"; hostname = "eisvogel"; @@ -9,7 +10,8 @@ ldapUser = "openldap"; ldapGroup = "openldap"; -in { +in +{ users.users."${portunusUser}" = { isSystemUser = true; group = "${portunusGroup}"; @@ -17,7 +19,7 @@ in { users.groups."${portunusGroup}" = { name = "${portunusGroup}"; - members = ["${portunusUser}"]; + members = [ "${portunusUser}" ]; }; users.users."${ldapUser}" = { @@ -27,7 +29,7 @@ in { users.groups."${ldapGroup}" = { name = "${ldapGroup}"; - members = ["${ldapUser}"]; + members = [ "${ldapUser}" ]; }; # TODO: eigenes secrets.yaml für seedfile? From 9776469317bff5604ae602d1e4a26a1078f93183 Mon Sep 17 00:00:00 2001 From: halcyon <55317573+hxlcyxn@users.noreply.github.com> Date: Sat, 17 Dec 2022 17:50:33 +0100 Subject: [PATCH 04/15] include ldap.nix in flake --- flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/flake.nix b/flake.nix index bd91d47..99a38a7 100755 --- a/flake.nix +++ b/flake.nix @@ -59,6 +59,7 @@ ./modules/base.nix ./modules/sops.nix ./modules/keycloak.nix + ./modules/ldap.nix ./modules/nginx.nix ./modules/hedgedoc.nix ./modules/wiki.nix From f3ac390cf9eff37a15964bb38960046dd0c0ebf6 Mon Sep 17 00:00:00 2001 From: halcyon <55317573+hxlcyxn@users.noreply.github.com> Date: Sat, 17 Dec 2022 18:27:16 +0100 Subject: [PATCH 05/15] add portunus seeds file with basic groups, no users --- config/portunus_seeds.json | 34 ++++++++++++++++++++++++++++++++++ modules/ldap.nix | 11 +---------- 2 files changed, 35 insertions(+), 10 deletions(-) create mode 100644 config/portunus_seeds.json diff --git a/config/portunus_seeds.json b/config/portunus_seeds.json new file mode 100644 index 0000000..58900aa --- /dev/null +++ b/config/portunus_seeds.json @@ -0,0 +1,34 @@ +{ + "groups": [ + { + "name": "admins", + "long-name": "Portunus Admins", + "members": [], + "permissions": { + "portunus": { "is-admin": true }, + "ldap": { "can-read": true } + } + }, + { + "name": "ifsr", + "long-name": "Mitglieder des ifsr", + "members": [], + "permissions": { + "portunus": { "is-admin": false }, + "ldap": { "can-read": false } + } + }, + { + "name": "strukturer", + "long-name": "Strukturer des ifsr", + "members": [], + "permissions": { + "portunus": { "is-admin": false }, + "ldap": { "can-read": false } + } + } + ], + "users": [ + {} + ] +} diff --git a/modules/ldap.nix b/modules/ldap.nix index 697bca1..edbdc14 100644 --- a/modules/ldap.nix +++ b/modules/ldap.nix @@ -50,15 +50,7 @@ in tls = true; }; - # TODO: wohin seed file? - seedPath = ""; - - # falls wir das brauchen - # dex = { - # enable = true; - # ... - # }; - # searchUserName = "xxx"; + seedPath = "../config/portunus_seeds.json"; }; users.ldap = { @@ -68,7 +60,6 @@ in # useTLS = true; # nicht nötig weil ldaps domain festgelegt. würde sonst starttls auf port 389 versuchen }; - # TODO: acme/letsencrypt oder andere lösung? services.nginx = { enable = true; virtualHosts."${config.services.portunus.domain}" = { From eece008de6dd559aa5de451eaebc1d1d702052d8 Mon Sep 17 00:00:00 2001 From: halcyon <55317573+hxlcyxn@users.noreply.github.com> Date: Sat, 17 Dec 2022 18:48:30 +0100 Subject: [PATCH 06/15] add admin user with sops secured password --- config/portunus_seeds.json | 7 ++++++- modules/ldap.nix | 2 +- secrets/quitte.yaml | 5 +++-- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/config/portunus_seeds.json b/config/portunus_seeds.json index 58900aa..63a399b 100644 --- a/config/portunus_seeds.json +++ b/config/portunus_seeds.json @@ -29,6 +29,11 @@ } ], "users": [ - {} + { + "login_name": "admin", + "given_name": "admin", + "family_name": "admin", + "password": { "from_command": ["/usr/bin/env", "cat", "/run/secrets/portunus_admin"] } + } ] } diff --git a/modules/ldap.nix b/modules/ldap.nix index edbdc14..80aef7d 100644 --- a/modules/ldap.nix +++ b/modules/ldap.nix @@ -33,7 +33,7 @@ in }; # TODO: eigenes secrets.yaml für seedfile? - sops.secrets.portunus_seedfile = { + sops.secrets."portunus_admin" = { owner = "${portunusUser}"; group = "${portunusGroup}"; }; diff --git a/secrets/quitte.yaml b/secrets/quitte.yaml index 5feab36..716bca9 100644 --- a/secrets/quitte.yaml +++ b/secrets/quitte.yaml @@ -4,6 +4,7 @@ postgres_nextcloud: ENC[AES256_GCM,data:Lv0Ld3sf+hoUE2qrsf9qGSYf5aVLqm5GIbK2hEoR nextcloud_adminpass: ENC[AES256_GCM,data:EMvcFOGJz45P4nvJ5Yy4SziWa2pUWBqt4ZZdde6wegk=,iv:tG9bhB7HPprZMnfV/uC/v7fqmjQd5d4Oj5avOtK2/0A=,tag:8jBDpnahwQsXsD2Ivf6jDw==,type:str] hedgedoc_session_secret: ENC[AES256_GCM,data:uz7KggZqeZ2eqiCnOcnYh2I1p5BBXTQbC8PUhB2kM2U=,iv:aJDHKCPkccCT/OF6AGZMfRESNmoV9muGHbuCUfLQhH8=,tag:uEVXylpE8MSebqRr+4mQOw==,type:str] wg-seckey: ENC[AES256_GCM,data:NHk6E5uu3CshC/0//LoGk6iCGKWbx49wVVkjoMqF19gc7MhdHAn9aJD+0Zc=,iv:N3PuU7+QSW9aD0ZhTI7CmMI3drLIzO7XaW3mgEDp/sk=,tag:fxH4eRIboy9O15oul7JOTw==,type:str] +portunus_admin: ENC[AES256_GCM,data:bPuYdfpWJtYib9lUcXHVZeGerskd5vs5IOe+DE9Q7OOPkAwp,iv:6ZjjfQ3E1xxYjmEg7o849RZzUt8dyXjI84DSfPYGUWQ=,tag:JJpOLjPs8YdEBl3xGGAzbg==,type:str] mediawiki: postgres: ENC[AES256_GCM,data:XRfUc2PRMJcoILAnm5MWr2Cg5u4e/IhGMUnz/oIQSzY=,iv:8U+qlD1SQzxUyD/6QK4SdwRCDyMODK/lP0IDrLlcQ4U=,tag:2spNMj9dY2wWilOusq24yQ==,type:str] initial_admin: ENC[AES256_GCM,data:iET5rz9rygx49NDBjKwqAlRgpeS+jq5iM5zmjnoKcyk=,iv:11iDbCrpzjCdyAB22R8NknJ6vzcpVZXCXB3iWsGWXw0=,tag:1RCyg1ysOWaXKdqqdHqRrw==,type:str] @@ -23,8 +24,8 @@ sops: Z212K3JDWmRsZmVpdjBaUE1kL3phMm8K/x3Ssn0LEO7BfTUoOJQ6h88vlwA/AvQj KsosHSWO7vsgqKPPO+OPbHV1y8OTAKubcrk5szTUWBNOvggIw3nWDA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-11-18T15:28:28Z" - mac: ENC[AES256_GCM,data:+o08gLLG3tz9uheJOMeKWtdvcRjgdcpOFUjSW3sHdFWC/FM5dcwDgBAtTO3/pPB6+e//SfpZgIWq1EASpgChPmE61K0U1lnYK/5gBY1QMDZ9tLgl8VjQ1ShVSeTL/dLWopBEVeDT0cR8jhJ+MIaVTEzMLK8I2qn/LaZqEktMPSg=,iv:N5TPSuijpULToU4EoZ7P6bL0sMZ1Jfu10Jxmnpzh4Ec=,tag:UIHIM+CMNS70ivKtEzbR3w==,type:str] + lastmodified: "2022-12-17T17:42:18Z" + mac: ENC[AES256_GCM,data:qLBASH8XmcHjTFrxdEqyk7KwXHEGx9hT6Jvqw1JMtZDhP95OjKNRySh5fptG1+Jz1ZIaG5zwDWdzV2/GXGru06dDR8bZYoXCboa0YR1NSESZ9f95n9v1HYQf/oSww8KHTP3METZ/1oS7i1nQdL5FxLFTK+nx77uQ1VxX7Ztl85Y=,iv:jEWOsxeTamGGNVw8OXFQT9o5MIyE7EMPAYEdfQesLZw=,tag:vUZK+H93qUursPwfoTpEJg==,type:str] pgp: - created_at: "2022-11-18T16:37:48Z" enc: | From 2f8d5b89498b2523bf636bede6736ac64ac56654 Mon Sep 17 00:00:00 2001 From: halcyon <55317573+hxlcyxn@users.noreply.github.com> Date: Sat, 17 Dec 2022 19:03:02 +0100 Subject: [PATCH 07/15] remove `users.ldap` config --- modules/ldap.nix | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/modules/ldap.nix b/modules/ldap.nix index 80aef7d..b1ed81a 100644 --- a/modules/ldap.nix +++ b/modules/ldap.nix @@ -1,9 +1,9 @@ { config, ... }: let # temporary url, zum testen auf laptop zuhause - tld = "moe"; - hostname = "eisvogel"; - domain = "portunus.${hostname}.${tld}"; + tld = "de"; + hostname = "ifsr"; + domain = "auth.staging.${hostname}.${tld}"; portunusUser = "portunus"; portunusGroup = "portunus"; @@ -53,13 +53,6 @@ in seedPath = "../config/portunus_seeds.json"; }; - users.ldap = { - enable = true; - server = "ldaps://${domain}"; - base = "dc=${hostname},dc=${tld}"; - # useTLS = true; # nicht nötig weil ldaps domain festgelegt. würde sonst starttls auf port 389 versuchen - }; - services.nginx = { enable = true; virtualHosts."${config.services.portunus.domain}" = { From e1c992f50a26f3cf0ac2ce6391779134487110eb Mon Sep 17 00:00:00 2001 From: halcyon <55317573+hxlcyxn@users.noreply.github.com> Date: Sat, 17 Dec 2022 19:04:45 +0100 Subject: [PATCH 08/15] clean up ldap.nix --- modules/ldap.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/ldap.nix b/modules/ldap.nix index b1ed81a..ce9e798 100644 --- a/modules/ldap.nix +++ b/modules/ldap.nix @@ -32,7 +32,6 @@ in members = [ "${ldapUser}" ]; }; - # TODO: eigenes secrets.yaml für seedfile? sops.secrets."portunus_admin" = { owner = "${portunusUser}"; group = "${portunusGroup}"; From 86295b55018468025005ceaca6d1124a71d311d6 Mon Sep 17 00:00:00 2001 From: halcyon <55317573+hxlcyxn@users.noreply.github.com> Date: Sat, 17 Dec 2022 19:21:16 +0100 Subject: [PATCH 09/15] use `config.fsr.domain` --- modules/ldap.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/modules/ldap.nix b/modules/ldap.nix index ce9e798..1de922e 100644 --- a/modules/ldap.nix +++ b/modules/ldap.nix @@ -1,9 +1,6 @@ { config, ... }: let - # temporary url, zum testen auf laptop zuhause - tld = "de"; - hostname = "ifsr"; - domain = "auth.staging.${hostname}.${tld}"; + domain = "auth.${config.fsr.domain}"; portunusUser = "portunus"; portunusGroup = "portunus"; @@ -45,7 +42,7 @@ in ldap = { user = "${ldapUser}"; group = "${ldapGroup}"; - suffix = "dc=${hostname},dc=${tld}"; + suffix = "dc=ifsr,dc=de"; tls = true; }; From f442eba0f8ba72a2f6f423e384f62bbbad72ce9a Mon Sep 17 00:00:00 2001 From: halcyon <55317573+hxlcyxn@users.noreply.github.com> Date: Sat, 17 Dec 2022 19:22:05 +0100 Subject: [PATCH 10/15] update nixpkgs version --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 8d70ec2..fee070a 100755 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,6 @@ { inputs = { - nixpkgs.url = github:nixos/nixpkgs/nixos-22.05; + nixpkgs.url = github:nixos/nixpkgs/nixos-22.11; sops-nix.url = github:Mic92/sops-nix; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; fsr-infoscreen.url = github:fsr/infoscreen; From 8cb57aa7233327ba344ef30990f01f132b507530 Mon Sep 17 00:00:00 2001 From: halcyon <55317573+hxlcyxn@users.noreply.github.com> Date: Sat, 17 Dec 2022 19:31:52 +0100 Subject: [PATCH 11/15] portunus: add admin user to admin group --- config/portunus_seeds.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/portunus_seeds.json b/config/portunus_seeds.json index 63a399b..dc28aba 100644 --- a/config/portunus_seeds.json +++ b/config/portunus_seeds.json @@ -3,7 +3,7 @@ { "name": "admins", "long-name": "Portunus Admins", - "members": [], + "members": ["admin"], "permissions": { "portunus": { "is-admin": true }, "ldap": { "can-read": true } From c91bcb11f81573e5030aa4b1b0b8388cc2bc50f5 Mon Sep 17 00:00:00 2001 From: halcyon <55317573+hxlcyxn@users.noreply.github.com> Date: Sat, 17 Dec 2022 19:44:16 +0100 Subject: [PATCH 12/15] fix: seedPath string -> path --- modules/ldap.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ldap.nix b/modules/ldap.nix index 1de922e..ab46c53 100644 --- a/modules/ldap.nix +++ b/modules/ldap.nix @@ -46,7 +46,7 @@ in tls = true; }; - seedPath = "../config/portunus_seeds.json"; + seedPath = ../config/portunus_seeds.json; }; services.nginx = { From cd1647e5d6866ca32ef1f2cf90eebbcaaae159ef Mon Sep 17 00:00:00 2001 From: halcyon <55317573+hxlcyxn@users.noreply.github.com> Date: Sat, 17 Dec 2022 19:45:06 +0100 Subject: [PATCH 13/15] fix: remove unneeded `/dex` reverse proxy --- modules/ldap.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/ldap.nix b/modules/ldap.nix index ab46c53..e35d909 100644 --- a/modules/ldap.nix +++ b/modules/ldap.nix @@ -56,7 +56,6 @@ in enableACME = true; locations = { "/".proxyPass = "http://localhost:${toString config.services.portunus.port}"; - "/dex".proxyPass = "http://localhost:${toString config.services.portunus.dex.port}"; }; }; }; From fc873af4b37ce0e949534ec7ffb33e835a8bee0a Mon Sep 17 00:00:00 2001 From: halcyon <55317573+hxlcyxn@users.noreply.github.com> Date: Sat, 17 Dec 2022 19:45:53 +0100 Subject: [PATCH 14/15] fix: remove open port 636, potential security risk --- modules/ldap.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/ldap.nix b/modules/ldap.nix index e35d909..7d39bea 100644 --- a/modules/ldap.nix +++ b/modules/ldap.nix @@ -63,6 +63,5 @@ in networking.firewall.allowedTCPPorts = [ 80 # http 443 # https - 636 # ldaps ]; } From 49632576234361ff03fe67997447dbfa6fef95fb Mon Sep 17 00:00:00 2001 From: halcyon <55317573+hxlcyxn@users.noreply.github.com> Date: Sat, 17 Dec 2022 19:49:08 +0100 Subject: [PATCH 15/15] nix flake update --- flake.lock | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/flake.lock b/flake.lock index 7698a4f..714027c 100644 --- a/flake.lock +++ b/flake.lock @@ -69,34 +69,34 @@ "type": "github" } }, - "nixpkgs-22_05": { + "nixpkgs-stable": { "locked": { - "lastModified": 1668307144, - "narHash": "sha256-uY2StvGJvTfgtLaiz3uvX+EQeWZDkiLFiz2vekgJ9ZE=", + "lastModified": 1670146390, + "narHash": "sha256-XrEoDpuloRHHbUkbPnhF2bQ0uwHllXq3NHxtuVe/QK4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "eac99848dfd869e486573d8272b0c10729675ca2", + "rev": "86370507cb20c905800527539fc049a2bf09c667", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-22.05", + "ref": "release-22.11", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_2": { "locked": { - "lastModified": 1668595291, - "narHash": "sha256-j8cyfbtT5sAYPYwbERgTDzfD48ZernL0/V668eGpXAM=", + "lastModified": 1671215800, + "narHash": "sha256-2W54K41A7MefEaWzgL/TsaWlhKRK/RhWUybyOW4i0K8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6474d93e007e4d165bcf48e7f87de2175c93d10b", + "rev": "9d692a724e74d2a49f7c985132972f991d144254", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-22.05", + "ref": "nixos-22.11", "repo": "nixpkgs", "type": "github" } @@ -113,14 +113,14 @@ "nixpkgs": [ "nixpkgs" ], - "nixpkgs-22_05": "nixpkgs-22_05" + "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1668311578, - "narHash": "sha256-nF6mwSbVyvnlIICWFZlADegWdTsgrk1pZnA/0VqByNw=", + "lastModified": 1670149631, + "narHash": "sha256-rwmtlxx45PvOeZNP51wql/cWjY3rqzIR3Oj2Y+V7jM0=", "owner": "Mic92", "repo": "sops-nix", - "rev": "39f0fe57f1ef78764c1abc1de145f091fee1bbbb", + "rev": "da98a111623101c64474a14983d83dad8f09f93d", "type": "github" }, "original": {