resoved conflicts
This commit is contained in:
commit
e595429a02
27
.github/workflows/fmt.yaml
vendored
Normal file
27
.github/workflows/fmt.yaml
vendored
Normal file
|
@ -0,0 +1,27 @@
|
|||
name: main
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
pull_request:
|
||||
branches:
|
||||
- main
|
||||
|
||||
jobs:
|
||||
check-flake:
|
||||
name: Nixpkgs Formatting
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
- name: Install Nix
|
||||
uses: cachix/install-nix-action@v18
|
||||
with:
|
||||
extra_nix_config: |
|
||||
experimental-features = nix-command flakes
|
||||
|
||||
- run: nix-channel --add https://nixos.org/channels/nixos-22.11 nixos
|
||||
- run: nix-channel --update
|
||||
- run: nix shell nixpkgs#nixpkgs-fmt -c nixpkgs-fmt . --check
|
33
.github/workflows/main.yml
vendored
Normal file
33
.github/workflows/main.yml
vendored
Normal file
|
@ -0,0 +1,33 @@
|
|||
name: main
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
pull_request:
|
||||
branches:
|
||||
- main
|
||||
|
||||
jobs:
|
||||
check-flake:
|
||||
name: Check Flake
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
- name: Install Nix
|
||||
uses: cachix/install-nix-action@v18
|
||||
with:
|
||||
extra_nix_config: |
|
||||
experimental-features = nix-command flakes
|
||||
|
||||
- uses: cachix/cachix-action@v12
|
||||
with:
|
||||
name: fruitbasket
|
||||
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
|
||||
extraPullNames: nix-community
|
||||
|
||||
- run: nix build
|
||||
|
||||
- run: nix flake check
|
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -1,2 +1,2 @@
|
|||
.qcow2
|
||||
*.qcow2
|
||||
result
|
||||
|
|
13
.sops.yaml
13
.sops.yaml
|
@ -44,3 +44,16 @@ creation_rules:
|
|||
- *jonas
|
||||
age:
|
||||
- *test
|
||||
- path_regex: secrets/admin\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *bennofs
|
||||
- *revol-xut
|
||||
- *felix
|
||||
- *simon
|
||||
- *rouven
|
||||
- *helene
|
||||
- *fugi
|
||||
- *emmanuel
|
||||
- *joachim
|
||||
- *jonas
|
||||
|
|
54
config/portunus_seeds.json
Normal file
54
config/portunus_seeds.json
Normal file
|
@ -0,0 +1,54 @@
|
|||
{
|
||||
"groups": [
|
||||
{
|
||||
"name": "admins",
|
||||
"long_name": "Portunus Admins",
|
||||
"members": ["admin"],
|
||||
"permissions": {
|
||||
"portunus": { "is_admin": true },
|
||||
"ldap": { "can_read": true }
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "ifsr",
|
||||
"long_name": "Mitglieder des ifsr",
|
||||
"members": [],
|
||||
"permissions": {
|
||||
"portunus": { "is_admin": false },
|
||||
"ldap": { "can_read": false }
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "strukturer",
|
||||
"long_name": "Strukturer des ifsr",
|
||||
"members": [],
|
||||
"permissions": {
|
||||
"portunus": { "is_admin": false },
|
||||
"ldap": { "can_read": false }
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "search",
|
||||
"long_name": "LDAP search group",
|
||||
"members": ["search"],
|
||||
"permissions": {
|
||||
"portunus": { "is_admin": false },
|
||||
"ldap": { "can_read": true }
|
||||
}
|
||||
}
|
||||
],
|
||||
"users": [
|
||||
{
|
||||
"login_name": "admin",
|
||||
"given_name": "admin",
|
||||
"family_name": "admin",
|
||||
"password": { "from_command": ["/usr/bin/env", "cat", "/run/secrets/portunus_admin"] }
|
||||
},
|
||||
{
|
||||
"login_name": "search",
|
||||
"given_name": "search",
|
||||
"family_name": "search",
|
||||
"password": { "from_command": ["/usr/bin/env", "cat", "/run/secrets/portunus_search"] }
|
||||
}
|
||||
]
|
||||
}
|
20
flake.lock
20
flake.lock
|
@ -71,11 +71,11 @@
|
|||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1673740915,
|
||||
"narHash": "sha256-MMH8zONfqahgHly3K8/A++X34800rajA/XgZ2DzNL/M=",
|
||||
"lastModified": 1676162277,
|
||||
"narHash": "sha256-GK3cnvKNo1l0skGYXXiLJ/TLqdKyIYXd7jOlo0gN+Qw=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "7c65528c3f8462b902e09d1ccca23bb9034665c2",
|
||||
"rev": "d863ca850a06d91365c01620dcac342574ecf46f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -87,16 +87,16 @@
|
|||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1672580127,
|
||||
"narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=",
|
||||
"lastModified": 1676375384,
|
||||
"narHash": "sha256-6HI3jZiuJX+KLz05cocYy2mBAWlISEKHU84ftYfxHZ8=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "0874168639713f547c05947c76124f78441ea46c",
|
||||
"rev": "c43f676c938662072772339be6269226c77b51b8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-22.05",
|
||||
"ref": "nixos-22.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
|
@ -116,11 +116,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1673752321,
|
||||
"narHash": "sha256-EFfXY1ZHJq4FNaNQA9x0djtu/jiOhBbT0Xi+BT06cJw=",
|
||||
"lastModified": 1676171095,
|
||||
"narHash": "sha256-2laeSjBAAJ9e/C3uTIPb287iX8qeVLtWiilw1uxqG+A=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "e18eefd2b133a58309475298052c341c08470717",
|
||||
"rev": "c5dab21d8706afc7ceb05c23d4244dcb48d6aade",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
17
flake.nix
17
flake.nix
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
inputs = {
|
||||
nixpkgs.url = github:nixos/nixpkgs/nixos-22.05;
|
||||
nixpkgs.url = github:nixos/nixpkgs/nixos-22.11;
|
||||
sops-nix.url = github:Mic92/sops-nix;
|
||||
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
||||
fsr-infoscreen.url = github:fsr/infoscreen;
|
||||
|
@ -56,15 +56,21 @@
|
|||
modules = [
|
||||
inputs.sops-nix.nixosModules.sops
|
||||
./hosts/quitte/configuration.nix
|
||||
./modules/options.nix
|
||||
./modules/base.nix
|
||||
./modules/sops.nix
|
||||
./modules/keycloak.nix
|
||||
./modules/ldap.nix
|
||||
# ./modules/keycloak.nix replaced by portunus
|
||||
./modules/mail.nix
|
||||
./modules/nginx.nix
|
||||
#./modules/hedgedoc.nix
|
||||
./modules/hedgedoc.nix
|
||||
./modules/wiki.nix
|
||||
./modules/stream.nix
|
||||
./modules/nextcloud.nix
|
||||
./modules/matrix.nix
|
||||
{
|
||||
fsr.enable_office_bloat = false;
|
||||
fsr.domain = "staging.ifsr.de";
|
||||
sops.defaultSopsFile = ./secrets/quitte.yaml;
|
||||
}
|
||||
];
|
||||
|
@ -74,10 +80,11 @@
|
|||
modules = [
|
||||
inputs.sops-nix.nixosModules.sops
|
||||
./hosts/quitte/configuration.nix
|
||||
./modules/options.nix
|
||||
./modules/base.nix
|
||||
./modules/keycloak.nix
|
||||
# ./modules/keycloak.nix replaced by portunus
|
||||
./modules/nginx.nix
|
||||
#./modules/hedgedoc.nix
|
||||
./modules/hedgedoc.nix
|
||||
./modules/wiki.nix
|
||||
./modules/stream.nix
|
||||
./modules/vm.nix
|
||||
|
|
|
@ -1 +1 @@
|
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9akyIw74vwJ+8NM7um8NhTcMO7okD46jYkodHTLYe6Oj7QR/kHZD3VEu5Wy7mN33av0Pr6gqeqzPBmn1kxa+J0FnD83rjm989Z9mKbpjt1EtAd9WSlx1MmixHCSgTvHezaiUHmikWdUK3XLITZeGOM3fyDDV5Nqm1rvg5PMV2mAMP9j8T2RsWweGUgcoE8RIfH4WA6t1ZhP4Px01UWozFadeQ6qRG8hMfq3gWKC9lGLAlgUHqpUuNVJ8I45znR/UhrR+h4VF0mkCYFM3JP0z+o/KwDTfcLlRCMxcY3rpRvbrhmgkqHuPTqwQfiBxTyZvWb2IeCkKVFAk0WmFb1M4Elnk+tJrF2G7yzpyRNilin8/P7pQk7M3BAY2m1iZA6u7cBUxWFbzRqRluRR8R+HAk9hqjtr0XmMifq0K7ZX31u48Ss/lgNXa2KHHYeI79++mfELhIhNXAznkhIAT1PhRKeL12RtDVjzfEd1JbHR8hE1L/n0K3Hyfzw/bJXBAwJJ8= joach@DESKTOP-FOASM6G
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0FSJ1IFmAMaeuO/OcY56koVTO68DZOJkUpZvHKkGttCtSmio2w3lXoJG+X+950DdwZcgF9vf4/h8VjsmQdNg/ACQQM6gNwVk8p2arIbYy9M3s0FfHKoMkfMDlZ91Md0/9BtogFRQWCP9Og3vV7q63cPJldqk+gljp10OruxawjAc+myz2xUppjk3BWzoHX86lAtF2ggqY1HW9rloMqj0j1zdqyMkHzy4akJbE2NAekNsdz0dWKC3tTGuEXlisZiC1Q51S5JrZIsr8hZXdL2u/nThsveSPC/jW3tfQxthu7TFyLr5n5ms9S3s47TGdtUTKmkTXWvspAHD4EP2nHTniqnesVO3TE9lHiI++TBQAtrTp+Ivb6Fwv55fUH1V36tkaFfAuTJq0zHv7tYedqMdzfH99jsHb4hej6LWMJPaH1R/UyNOzJr+ac50C7vFO+j4UKiu0vFRebnID7nLBY7vl3n5bmX1FjfD9axHncIranI4Lyt5RMxueR11IHIDqEEE= joachim@nixos
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
domain = "pad.quitte.tassilo-tanneberger.de";
|
||||
domain = "pad.${config.fsr.domain}";
|
||||
in
|
||||
{
|
||||
services = {
|
||||
|
@ -19,7 +19,7 @@ in
|
|||
|
||||
hedgedoc = {
|
||||
enable = true;
|
||||
settings = {
|
||||
configuration = {
|
||||
port = 3002;
|
||||
domain = "${domain}";
|
||||
protocolUseSSL = true;
|
||||
|
@ -44,7 +44,7 @@ in
|
|||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.hedgedoc.settings.port}";
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.hedgedoc.configuration.port}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
|
103
modules/ldap.nix
Normal file
103
modules/ldap.nix
Normal file
|
@ -0,0 +1,103 @@
|
|||
{ config, ... }:
|
||||
let
|
||||
domain = "auth.${config.fsr.domain}";
|
||||
|
||||
portunusUser = "portunus";
|
||||
portunusGroup = "portunus";
|
||||
|
||||
ldapUser = "openldap";
|
||||
ldapGroup = "openldap";
|
||||
in
|
||||
{
|
||||
sops.secrets.unix_ldap_search = {
|
||||
key = "portunus_search";
|
||||
owner = config.systemd.services.nslcd.serviceConfig.User;
|
||||
};
|
||||
|
||||
|
||||
users.users."${portunusUser}" = {
|
||||
isSystemUser = true;
|
||||
group = "${portunusGroup}";
|
||||
};
|
||||
|
||||
users.groups."${portunusGroup}" = {
|
||||
name = "${portunusGroup}";
|
||||
members = [ "${portunusUser}" ];
|
||||
};
|
||||
|
||||
users.users."${ldapUser}" = {
|
||||
isSystemUser = true;
|
||||
group = "${ldapGroup}";
|
||||
};
|
||||
|
||||
users.groups."${ldapGroup}" = {
|
||||
name = "${ldapGroup}";
|
||||
members = [ "${ldapUser}" ];
|
||||
};
|
||||
|
||||
sops.secrets = {
|
||||
"portunus_admin" = {
|
||||
owner = "${portunusUser}";
|
||||
group = "${portunusGroup}";
|
||||
};
|
||||
"portunus_search" = {
|
||||
owner = "${portunusUser}";
|
||||
group = "${portunusGroup}";
|
||||
};
|
||||
};
|
||||
|
||||
services.portunus = {
|
||||
enable = true;
|
||||
user = "${portunusUser}";
|
||||
group = "${portunusGroup}";
|
||||
domain = "${domain}";
|
||||
port = 8081;
|
||||
|
||||
ldap = {
|
||||
user = "${ldapUser}";
|
||||
group = "${ldapGroup}";
|
||||
|
||||
suffix = "dc=ifsr,dc=de";
|
||||
searchUserName = "search";
|
||||
|
||||
# disables port 389, use 636 with tls
|
||||
# `portunus.domain` resolves to localhost
|
||||
#tls = true;
|
||||
};
|
||||
|
||||
seedPath = ../config/portunus_seeds.json;
|
||||
};
|
||||
|
||||
#users.ldap = {
|
||||
#enable = true;
|
||||
#server = "ldap://localhost";
|
||||
#base = "${config.services.portunus.ldap.suffix}";
|
||||
#};
|
||||
users.ldap =
|
||||
let
|
||||
portunus = config.services.portunus;
|
||||
base = "ou=users,${portunus.ldap.suffix}";
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
server = "ldap://localhost";
|
||||
base = base;
|
||||
bind = {
|
||||
distinguishedName = "uid=${portunus.ldap.searchUserName},${base}";
|
||||
passwordFile = config.sops.secrets.unix_ldap_search.path;
|
||||
};
|
||||
daemon.enable = true;
|
||||
};
|
||||
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."${config.services.portunus.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations = {
|
||||
"/".proxyPass = "http://localhost:${toString config.services.portunus.port}";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
165
modules/mail.nix
Normal file
165
modules/mail.nix
Normal file
|
@ -0,0 +1,165 @@
|
|||
{ config, pkgs, ... }:
|
||||
let
|
||||
hostname = "mail.${config.fsr.domain}";
|
||||
domain = config.fsr.domain;
|
||||
rspamd-domain = "rspamd.${config.fsr.domain}";
|
||||
# brauchen wir das überhaupt?
|
||||
#ldap-aliases = pkgs.writeText "ldap-aliases.cf" ''
|
||||
#server_host = ldap://localhost
|
||||
#search_base = ou=mail, dc=ifsr, dc=de
|
||||
#'';
|
||||
dovecot-ldap-args = pkgs.writeText "ldap-args" ''
|
||||
uris = ldap://localhost
|
||||
dn = uid=search, ou=users, dc=ifsr, dc=de
|
||||
auth_bind = yes
|
||||
dnpass = $(${pkgs.coreutils}/bin/cat ${config.sops.secrets."portunus_search".path})
|
||||
|
||||
ldap_version = 3
|
||||
scope = subtree
|
||||
base = dc=ifsr, dc=de
|
||||
user_filter = (&(ou=mail)(uid=%n))
|
||||
pass_filter = (&(ou=mail)(uid=%n))
|
||||
'';
|
||||
in
|
||||
{
|
||||
sops.secrets."rspamd-password".owner = config.users.users.rspamd.name;
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 25 465 993 ];
|
||||
|
||||
services = {
|
||||
postfix = {
|
||||
enable = true;
|
||||
hostname = "${hostname}";
|
||||
domain = "${domain}";
|
||||
relayHost = "";
|
||||
origin = "${domain}";
|
||||
destination = [ "${hostname}" "${domain}" "localhost" ];
|
||||
sslCert = "/var/lib/acme/${hostname}/fullchain.pem";
|
||||
sslKey = "/var/lib/acme/${hostname}/key.pem";
|
||||
config = {
|
||||
smtpd_recipient_restrictions = [
|
||||
"reject_unauth_destination"
|
||||
"permit_sasl_authenticated"
|
||||
"permit_mynetworks"
|
||||
];
|
||||
#alias_maps = [ "ldap:${ldap-aliases}" ];
|
||||
smtpd_sasl_auth_enable = true;
|
||||
smtpd_sasl_path = "/var/lib/postfix/auth";
|
||||
virtual_mailbox_base = "/var/lib/mail";
|
||||
};
|
||||
};
|
||||
dovecot2 = {
|
||||
enable = true;
|
||||
enableImap = true;
|
||||
enableQuota = false;
|
||||
sslServerCert = "/var/lib/acme/${hostname}/fullchain.pem";
|
||||
sslServerKey = "/var/lib/acme/${hostname}/key.pem";
|
||||
mailboxes = {
|
||||
Spam = {
|
||||
auto = "create";
|
||||
specialUse = "Junk";
|
||||
};
|
||||
Sent = {
|
||||
auto = "create";
|
||||
specialUse = "Sent";
|
||||
};
|
||||
Drafts = {
|
||||
auto = "create";
|
||||
specialUse = "Drafts";
|
||||
};
|
||||
Trash = {
|
||||
auto = "create";
|
||||
specialUse = "Trash";
|
||||
};
|
||||
};
|
||||
extraConfig = ''
|
||||
mail_location = maildir:/var/lib/mail/%u
|
||||
passdb {
|
||||
driver = ldap
|
||||
args = ${dovecot-ldap-args}
|
||||
}
|
||||
userdb {
|
||||
driver = ldap
|
||||
args = ${dovecot-ldap-args}
|
||||
}
|
||||
service auth {
|
||||
unix_listener /var/lib/postfix/auth {
|
||||
group = postfix
|
||||
mode = 0660
|
||||
user = postfix
|
||||
}
|
||||
}
|
||||
'';
|
||||
};
|
||||
rspamd = {
|
||||
enable = true;
|
||||
postfix.enable = true;
|
||||
locals = {
|
||||
"worker-controller.inc".source = config.sops.secrets."rspamd-password".path;
|
||||
"redis.conf".text = ''
|
||||
read_servers = "127.0.0.1";
|
||||
write_servers = "127.0.0.1";
|
||||
'';
|
||||
"dkim_signing.conf".text = ''
|
||||
path = "/var/lib/rspamd/dkim/$domain.$selector.key";
|
||||
selector = "quitte";
|
||||
sign_authenticated = true;
|
||||
use_domain = "header";
|
||||
'';
|
||||
};
|
||||
};
|
||||
redis = {
|
||||
vmOverCommit = true;
|
||||
servers.rspamd = {
|
||||
enable = true;
|
||||
port = 6379;
|
||||
};
|
||||
};
|
||||
nginx = {
|
||||
enable = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
|
||||
virtualHosts."${hostname}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
};
|
||||
virtualHosts."${rspamd-domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations = {
|
||||
"/" = {
|
||||
proxyPass = "http://127.0.0.1:11334";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
141
modules/matrix.nix
Normal file
141
modules/matrix.nix
Normal file
|
@ -0,0 +1,141 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
domainServer = "matrix.${config.fsr.domain}";
|
||||
domainClient = "chat.${config.fsr.domain}";
|
||||
|
||||
clientConfig = {
|
||||
"m.homeserver" = {
|
||||
base_url = "https://${domainServer}:443";
|
||||
server_name = domainServer;
|
||||
};
|
||||
};
|
||||
serverConfig = {
|
||||
"m.server" = "${domainServer}:443";
|
||||
};
|
||||
|
||||
mkWellKnown = data: ''
|
||||
add_header Content-Type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
return 200 '${builtins.toJSON data}';
|
||||
'';
|
||||
|
||||
# build ldap3 plugin from git because it's very outdated in nixpkgs
|
||||
matrix-synapse-ldap3 = pkgs.python3.pkgs.callPackage ../pkgs/matrix-synapse-ldap3.nix { };
|
||||
# matrix-synapse-ldap3 = config.services.matrix-synapse.package.plugins.matrix-synapse-ldap3;
|
||||
in
|
||||
{
|
||||
sops.secrets.matrix_ldap_search = {
|
||||
key = "portunus_search";
|
||||
owner = config.systemd.services.matrix-synapse.serviceConfig.User;
|
||||
};
|
||||
|
||||
services = {
|
||||
postgresql = {
|
||||
enable = true;
|
||||
ensureUsers = [{
|
||||
name = "matrix-synapse";
|
||||
}];
|
||||
};
|
||||
|
||||
nginx = {
|
||||
recommendedProxySettings = true;
|
||||
virtualHosts = {
|
||||
# synapse
|
||||
"${domainServer}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
# homeserver discovery
|
||||
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
|
||||
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
|
||||
|
||||
# 404 on /
|
||||
locations."/".extraConfig = "return 404;";
|
||||
|
||||
# proxy to synapse
|
||||
locations."/_matrix".proxyPass = "http://[::1]:8008";
|
||||
locations."/_synapse/client".proxyPass = "http://[::1]:8008";
|
||||
};
|
||||
|
||||
# element
|
||||
"${domainClient}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
root = pkgs.element-web.override {
|
||||
conf = {
|
||||
default_server_config = clientConfig;
|
||||
disable_3pid_login = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
matrix-synapse = {
|
||||
enable = true;
|
||||
|
||||
plugins = [ matrix-synapse-ldap3 ];
|
||||
|
||||
settings = {
|
||||
server_name = domainServer;
|
||||
|
||||
listeners = [{
|
||||
port = 8008;
|
||||
bind_addresses = [ "::1" ];
|
||||
type = "http";
|
||||
tls = false;
|
||||
x_forwarded = true;
|
||||
resources = [{
|
||||
names = [ "client" "federation" ];
|
||||
compress = false;
|
||||
}];
|
||||
}];
|
||||
};
|
||||
|
||||
extraConfigFiles = [
|
||||
(pkgs.writeTextFile {
|
||||
name = "matrix-synapse-extra-config.yml";
|
||||
text = let portunus = config.services.portunus; in ''
|
||||
modules:
|
||||
- module: ldap_auth_provider.LdapAuthProviderModule
|
||||
config:
|
||||
enabled: true
|
||||
# have to use fqdn here for tls (still connects to localhost)
|
||||
uri: ldaps://${portunus.domain}:636
|
||||
base: ou=users,${portunus.ldap.suffix}
|
||||
# taken from kaki config
|
||||
attributes:
|
||||
uid: uid
|
||||
mail: uid
|
||||
name: cn
|
||||
bind_dn: uid=search,ou=users,${portunus.ldap.suffix}
|
||||
bind_password_file: ${config.sops.secrets.matrix_ldap_search.path}
|
||||
'';
|
||||
})
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.matrix-synapse.after = [ "matrix-synapse-pgsetup.service" ];
|
||||
|
||||
systemd.services.matrix-synapse-pgsetup = {
|
||||
description = "Prepare Synapse postgres database";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "networking.target" "postgresql.service" ];
|
||||
serviceConfig.Type = "oneshot";
|
||||
|
||||
path = [ pkgs.sudo config.services.postgresql.package ];
|
||||
|
||||
# create database for synapse. will silently fail if it already exists
|
||||
script = ''
|
||||
sudo -u ${config.services.postgresql.superUser} psql <<SQL
|
||||
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
|
||||
ENCODING 'UTF8'
|
||||
TEMPLATE template0
|
||||
LC_COLLATE = "C"
|
||||
LC_CTYPE = "C";
|
||||
SQL
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -1,6 +1,6 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
domain = "nc.quitte.fugi.dev";
|
||||
domain = "nc.${config.fsr.domain}";
|
||||
in
|
||||
{
|
||||
sops.secrets = {
|
||||
|
|
|
@ -1,7 +1,14 @@
|
|||
{ config, lib, ... }: with lib; {
|
||||
options.fsr.enable_office_bloat = mkOption {
|
||||
options.fsr = {
|
||||
enable_office_bloat = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "install heavy office bloat like texlive, okular, ...";
|
||||
};
|
||||
domain = mkOption {
|
||||
type = types.str;
|
||||
default = "ifsr.de";
|
||||
description = "under which top level domain the services should run";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -10,7 +10,7 @@ in
|
|||
services = {
|
||||
nginx = {
|
||||
virtualHosts = {
|
||||
"stream.ifsr.de" = {
|
||||
"stream.${config.fsr.domain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" =
|
||||
|
|
|
@ -116,10 +116,6 @@
|
|||
$wgPluggableAuth_EnableLocalLogin = true;
|
||||
'';
|
||||
extensions = {
|
||||
#Cite = pkgs.fetchzip {
|
||||
# url = "https://web.archive.org/web/20220627203658/https://extdist.wmflabs.org/dist/extensions/Cite-REL1_38-d40993e.tar.gz";
|
||||
# sha256 = "sha256-dziMo6sH4yMPjnDtt0TXiGBxE5uGRJM+scwdeuer5sM=";
|
||||
#};
|
||||
CiteThisPage = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20220627203556/https://extdist.wmflabs.org/dist/extensions/CiteThisPage-REL1_38-bb4881c.tar.gz";
|
||||
sha256 = "sha256-sTZMCLlOkQBEmLiFz2BQJpWRxSDbpS40EZQ+f/jFjxI=";
|
||||
|
@ -128,10 +124,6 @@
|
|||
url = "https://web.archive.org/web/20220627203619/https://extdist.wmflabs.org/dist/extensions/ConfirmEdit-REL1_38-50f4dfd.tar.gz";
|
||||
sha256 = "sha256-babZDzcQDE446TBuGW/olbt2xRbPjk+5o3o9DUFlCxk=";
|
||||
};
|
||||
#DynamicPageList = pkgs.fetchzip {
|
||||
# url = "https://web.archive.org/web/20220627203129/https://extdist.wmflabs.org/dist/extensions/DynamicPageList-REL1_38-3b7a26d.tar.gz";
|
||||
# sha256 = "sha256-WjVLks0Q9hSN2poqbKzTJhvOXog7UHJqjY2WJ4Uc64o=";
|
||||
#};
|
||||
Lockdown = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20220627203048/https://extdist.wmflabs.org/dist/extensions/Lockdown-REL1_38-1915db4.tar.gz";
|
||||
sha256 = "sha256-YCYsjh/3g2P8oT6IomP3UWjOoggH7jYjiiix7poOYnA=";
|
||||
|
@ -188,7 +180,7 @@
|
|||
nginx = {
|
||||
recommendedProxySettings = true;
|
||||
virtualHosts = {
|
||||
"wiki.quitte.tassilo-tanneberger.de" = {
|
||||
"wiki.${config.fsr.domain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
|
|
21
pkgs/matrix-synapse-ldap3.nix
Normal file
21
pkgs/matrix-synapse-ldap3.nix
Normal file
|
@ -0,0 +1,21 @@
|
|||
{ isPy3k, buildPythonPackage, pkgs, service-identity, ldap3, twisted, ldaptor, mock }:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "matrix-synapse-ldap3";
|
||||
version = "0.2.2";
|
||||
|
||||
format = "pyproject";
|
||||
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "matrix-org";
|
||||
repo = "matrix-synapse-ldap3";
|
||||
rev = "2584736204165f16c176567183f9c350ee253f74";
|
||||
sha256 = "gMsC5FpC2zt5hypPdGgPbWT/Rwz38EoQz3tj5dQ9BQ8=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [ service-identity ldap3 twisted ];
|
||||
|
||||
# ldaptor is not ready for py3 yet
|
||||
doCheck = !isPy3k;
|
||||
checkInputs = [ ldaptor mock ];
|
||||
}
|
188
secrets/admin.yaml
Normal file
188
secrets/admin.yaml
Normal file
|
@ -0,0 +1,188 @@
|
|||
cachix_password: ENC[AES256_GCM,data:Cx8d4Sd3yTDMfxVEPHcI2d1EQXuXRwf7TRO3WmwotYc=,iv:mAr67t4jvLc7cUn7WQaY/oU3AN1w28tCBJBI1ZfeS3U=,tag:kC2VoEugIHxib5zK/em24w==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2022-11-25T15:54:51Z"
|
||||
mac: ENC[AES256_GCM,data:3r5MEGkl7heMrVP7adypwys1qUj0B8/rhWgoSp0g2U+qMnGfQqAbvuBOTkdmWpNhM1a+aKRD9ASmpoJ2S0QL5tMOFbNpE3exugzSCOlwO7+o/m8wU6uujOw7nxAAFlbDXNbv9s3tFod0gVe6Y14oxFTWI8F1PqS9eGy/y09a8U4=,iv:7IaM37M1hbfdJ1eDr5o3iekz3GQq8nb/59CDRPcSkE0=,tag:raNPUg7abddKyOvhYeL+nQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2022-11-25T15:54:04Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4DntlvaG5T7wcSAQdAM/BVbImmA9J2ns6PCIHhfb+LPQbKqotoD4Jb9XJNp1Qw
|
||||
5qJuTv4gzgQ7sREvihZLtAyydAivVM8z39MjEutazzdUwzK/VO1Gm9zOI6BMbi2O
|
||||
0l4BxxANLvRM2Ap0MHH5o5Rhlm8Y6RGc3mQA730ipfHaNYfUPx/BdhEkUtkWBVw0
|
||||
8330JlhDjgzHldxg+8M+ZRTB5BQ7v8HmNTiDRRxgKxKoW720MYLLGyFKG0biw0oj
|
||||
=/WEe
|
||||
-----END PGP MESSAGE-----
|
||||
fp: B8E1727497FC48AA14158BDF947F769D7B95EC2B
|
||||
- created_at: "2022-11-25T15:54:04Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA/YLzOYaRIJJAQ/7BTAoJD+khMXNIWJizL1BoXDXFXOwA3RCxdpQH0Fp1FSY
|
||||
b4GKYK4YNf3mFxLvGf2Gz4hn0FPRLw2H2p8bTtRcnKmxpiDnIC9D7WEs4TlznFOz
|
||||
/7DU/GG1T1qjgScyLQNP5xH+t9LnNIllR+BQKCuTLW/CoPTgfF/GjVR+3U5WqUB2
|
||||
+oDrBWMtMkWqjAFFSv7Nx7JWNHUhJm2Deydmg1VCFheVMe6YogoqarsALRLNNvp9
|
||||
6anrIpaneAlWvU15q/ax46qXSIiqbLdMEy/iLfZT6YIopowDb2SrAYCHR6VwXWiZ
|
||||
qr8OFwhsK9gdBFsN42QlXsySvRlZOy5lWOdq1/fbUZwBbeEJAMUsa5wQjVp3cuYQ
|
||||
XHHQk5s08eSakGc6U+ypizbrBe8d+RH8H0kWAQVrQ0E8xzB4hnWdps7XNIW/+eAe
|
||||
dVVcmg4pRnqmvk/O+V+m8UK1TYe49hg8aGRgtX1bojSB09CQkZl3MdCpwGcw53b1
|
||||
Udf16K9ggXScAeQYvrsXLJ39kxXNrTfFPTloAaq25kGriRzcPaaOBL8x+Q/sb44P
|
||||
eibiRTC3jcOdo+9icSLPunaAw9oJGX7LhVv3gvK19EAJyaZFWBI72RKr/57UyYxZ
|
||||
DQTxz8jGwdQeWuu4z9/M02EM3aWOEswkZBDFO72cfNAn8kOmuGq5ApNY6fOviAjS
|
||||
XgF68qMCUUOpzuRxmz/g3fsg0oS4OhOCVUn/ntmB5kAtAKtxaKEXHtPqjsdf3iY3
|
||||
qH08FulmrYsP0cU4cXM2u+RdqcBj4IeYE/zhmmIlw233XvB07Wjrc4pj9uUWWr4=
|
||||
=zQ7p
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||
- created_at: "2022-11-25T15:54:04Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA8uqUsBLHj6XARAAny5iqElv07bTRcGx9/ExcBHtcrFh7WE+r3xDGCuJFbhg
|
||||
ULcE5IW4Lr4htW8gWcsU8uJSvk8epoB8XnRh3CqKzfa6hjGKaGFdvrqwQl4H5r/v
|
||||
OOx68am7N6mUzzpbNp10Q8urCCLkCkUUZvh7/t9G5K+uosp1J4/FyqvbX3rDHcQY
|
||||
hFFpJMISTUkpFVp7LWzzB3GmW2ivqgCKq7FWb8j4GWo5c0TMkEHoSP5KI5A8pLpy
|
||||
cmlTIk8/wYRAkNaZkN7+H+NFPDvnJirnHab7272TD2CZV9WsaGpv+7R9B0RDGyI/
|
||||
LSRHiz0HvTK9d4y/G9WCotqcYQ7qhRy7zT80oarmJ3lYJXWwZHSJDtuXUKUvjaIP
|
||||
s8fW+8dLKR4yekSrC7SS2d5t+F7o8emAWUWWXnQnjfDGmL8Koj4kDRJscNfsyYsA
|
||||
DMB5jSmlWzeLLuZBtvbEnrFBg+rvRBSAEo4NleMk52HCi4PAf7dn//P4jlAkpfzN
|
||||
clCs4XHXY4O1ab5nE/LLHkB5y1m1PYkilP43hMkqXmhA/jrVFd5u+vQ05kNCzCuW
|
||||
vHSuvQvhoPFvid/ikGEa+qEWIUXFhL7z9/As9/GeGNzlSL5FgmhFd3CwMdEj8bjR
|
||||
cKGMR76n1I7ER4RMe1pq4nI5vFQ7teCuD1QHKLtLFVAIkQgIBibECdlOXOLIe93U
|
||||
aAEJAhBrXKPr+8mhR/xRHVdagUUBqxQWicjMZ13d3vuPWb6QBKyKgoGlDixK4VkO
|
||||
KDDjQY1evyHtmGXeiLXajY3fUwTggPtuKxab2YztmeiliKiG2sLay8PGke4dD8yk
|
||||
3WRs2IRu0v4+
|
||||
=rwIY
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F8634A1CFF7D61608503A70B24363525EA0E8A99
|
||||
- created_at: "2022-11-25T15:54:04Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMAwDgSONkM+d4ARAAsPpfKaJ+/24rwoPWcjK7VN6vfK78XyOzWvpLFiDlpK2g
|
||||
6NscC80PQ2820UFKjXMSG1ZfxPUxnYGqcrP3I75LVMN5ODYi+Tn/snoI3HFwiUhc
|
||||
R42gvSx/MXcvz65Zf8h8nLOuinSngiMcH9J3fQkEFEmen0laEr0V9D536Zgq87S8
|
||||
I13DHosLia/o7l7wL6xig6EjYg2fCK41wm0ZfFBY6m+82eqijOvOwPOdm+bWHwqa
|
||||
EVOzsxJHAg8iYNQ/FEPRfz0W7K335Kzvcltq5/cp8AiKJQaVB25k1+kfJwyMUIrV
|
||||
02UgETvZLqoMTXiwbbYgER8RfFo+pEAiG2Zs8VJcI8Lo4bc6q0jWHqcMIlHVNZyA
|
||||
vM04p3/ezD4cM7IW/MuvhGuZEnuK3jUrmMOqQRlNYgfama2piqqMlX8W3ypBLOeL
|
||||
RzuGrwZ9FaSra8XE3yLDmfvx9oazLfr++/Kg14Zm/gVd65dzS9NUvCqdvK7Ie4Cc
|
||||
fPrRIHLN7gkynt1WrFyF2PcgJa8oepHid7hr8eEYA21d6RtnyvP+dLBnybE1q9Ks
|
||||
ojKyL5WQtTWtMIOaJwAWI4PA1azFXxwlKjpnnKSNhoG8/71AvG8hugUCkyUwjOCu
|
||||
ZlGiyUdc3WKD7UYmi2F76TLMnLlSmXBN8iiPGchSNJfdxT61VTz2sNsoVm3jJ9nS
|
||||
UQHKKWNz9Z5oUTOXqREGVO+5je4c1dQBkRBIa0gVMkhXtvxsR38nc22gWEynO06H
|
||||
oLefe5EI0xXsCY6pu76hYT4oYcR/xK2pcskPZdkn3/pxzA==
|
||||
=FD5R
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 47E7559E037A35652DBBF8AA8D3C82F9F309F8EC
|
||||
- created_at: "2022-11-25T15:54:04Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMAzUXo8ZPJwGLARAAjeYrnUgB3trB84njBwD5onsJDnhxGRwzB3Gxosf3ocfB
|
||||
ruW4cJ97XnXcOXtfIyayUJz/tnsaL8LZwTOGxzS7s43RBYC0fhNEkRGcLl2aHCzu
|
||||
rTNoFqnYNk/C4xrfQPpk8lKlvgW9HYnky1Khv08YrvDlgajYEtkWFI/pbQKzASa2
|
||||
arZiDo37NXIQUMWoF6tBgzKu7d7U9mK3DQQ17IX4LjDxmESKIGGJ9JiFc9q7B/sS
|
||||
1k9Am13nojNpeCqwOTMSlZ/RrrglPEI5IxuXsfUD+NgDtVWgiBHHNa/SgtPEkmQB
|
||||
d7PvFneaWcCDOCUhshydlX0dso28IIN5TYJpiG1iCfIy6/0h/fgPpEJb1MAqcAfo
|
||||
VQCKW5Y5V9X/U/YrofXkueLq+CvdOVilVUWOqNdNqBEHYQg0PlDswSlEYeLqKkaV
|
||||
EBV0WABZRHoYEkDGdW4R06gN8qdISoRytMV5jyus/kEJnnfRxGYDbsmexRHBZtIl
|
||||
37cDbHRMQK0l18LPRFv/4RGVer+lt7/fLWUcJud2bC15Wl6dfabqzqU9GwXPAQdj
|
||||
x+aP/GSEf7PgPnhOvxzKM6gjrMgb1TuKb5j197Plambh0IA34//34Gea5v+PUKAD
|
||||
rum+KXvkFec/X+dQMboFfv07e2to1ci+Z0BqC6HUOTHCsmJpAZq3ezEimY610G7S
|
||||
UQEOtZ/NH5Yjvkc5osaw/TegmJm7ZbSaCR6XaPhCiU95IpwpTxUYYI2QOiBBlRgf
|
||||
UlunIR/sfNm0Pd5T/eB+RUJapHL3rkRpQquhxkln2kYy0w==
|
||||
=rDY/
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09
|
||||
- created_at: "2022-11-25T15:54:04Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4D9r3oXQWw/BASAQdAR6qHAUn8s50JRyEbkIL9Buy/tx5/N1SEeFty3wOCpnEw
|
||||
+QLAbvme/NMB1uO2jwwY9nlfl7IpwaB7VflXkhN1hPGzU9fCMK5ndaNePOEDcQPe
|
||||
1GgBCQIQ7ozw5I51cQOs+kg/9VOkh9zbOpNLUiyoxEqp7u4rswnsA1XrhSnlpX1Y
|
||||
QtJoyY+0cif1Bz9T+0LM4t9OxCCF0UhVNcf8oYrP+GCHEjkcc7y5WAJuBkUhpeIt
|
||||
lQPhlrni2TH1+w==
|
||||
=M5Cq
|
||||
-----END PGP MESSAGE-----
|
||||
fp: B43C3A8A92CA28486AC6C4E2F115100C787C1C19
|
||||
- created_at: "2022-11-25T15:54:04Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA30JDs8MiK29AQ//Ym8SiT1oqRvwEyIPPILK7DY3MnAIxw4ycJJ1nlC2ry2z
|
||||
e/zzJj3GynYzXogfH6lqaFVtMMWsjAahsgw2CQjk15hPU6rnJKGj7O+vccgNGwfS
|
||||
4fpXxgbhHj12wGd2nn+4zGZHNq+HGR1VclSnb1ZcqP0O06VWyhi/G9uDVoyuHcl7
|
||||
XxmMJBPPws2DY8Il+DmCOU2DUBq/2p9Y5DOOJPdY16WWUGk49R0h9koTLpn2EQbD
|
||||
WkQJnn4fUSAOLB8ozWTo0Yg6R1iWpGEgz2jbLC/b8ENuC70crDge0v6mA3r8m153
|
||||
63awupZv0Rwqnq6+JaMmqq86IMOMiFWF8t5ZZ8i9u/d2F+3ok90EVwn/ea1kINn0
|
||||
WAOTe1tj4SkX5x/lglucbaeB4hfdHJFrU28UYDC2e5gx+9mGpPjqDVcfvLkdVE/s
|
||||
+Oa/3zm9IJDa03yxOSPTGOu6KYtXv9huTPKZO+rYCpUbvU8YSHf4EmbnfAMfhT9L
|
||||
KhItQSLX8uAY2r9o4ycQ0CvYhbktxc0QYO45Cc37dewi+BrF8SUNFGuaLdBZSG7e
|
||||
y8D5z+4KC76Ygw1K/apds7pnvH8Z/JXog7QAf5mi7Z+crCizFOz5Vrbxw5/1Qxq3
|
||||
bhfd2KjUHyZHqOT7dImX0SLuJH0FkCfUnxFgQI4zo13/nwvJfH4dlutkvxT7SfrS
|
||||
XgH5TJTMXG37k4NSQzW7O8atgT1C6jVyMvhN0HGbHAGPpcHQoE6U76p9v/Xq9nm5
|
||||
qfYC4Wo8bvGtEJLYH2YwfzPNILdQj+7cArOTwNLy7Sq4gJlnIRbGGOE8lYrQ8jI=
|
||||
=lKbJ
|
||||
-----END PGP MESSAGE-----
|
||||
fp: BF37903AE6FD294C4C674EE24472A20091BFA792
|
||||
- created_at: "2022-11-25T15:54:04Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA0nQCLGHQlNzAQ/+PNzpv4IOkYpQHkE+5/o15Ob3miIH0d+iPoj74CbhJZpm
|
||||
jcszEFZ7fMRkMU4O6PpG/+f0QNqhOivwTQOwfxVVhQR/Zyvpr48cuTrfHDgHUePU
|
||||
U0BZFoQRCx+hWt05ziYjJkTd0x1iBrotlvNAlPwtjbxrjTsBFq1hXUjQsE+9n+Nv
|
||||
7d9oBFG1r/3pp6ZCdncnERKWglvRnIjz0DWj6l2rXGeInzP8sbaPdblxKmm0LQBY
|
||||
K1UQeMJiGmurOOlhIKBDOVsioVrT0nmdQGkJEmGqtJYQ+6cY9piEU4wREj3XKBQc
|
||||
/JWD96TKZeCZvnEyz/abuXU7P4u9sUrvULCB7us3UreK4n8EPIJKjg9ofMDg89pn
|
||||
eTTgK2E3Wg6FIfJd3RWLjvs34eCUT3giftoggBzmiKYMJ/ALC3FLuDHywAeDLUQf
|
||||
FGVvciO7vqM4W31cMsTserxWnCEp+T1wCXwZWS0+Wh58U2X0RtRa+DYeEasU9W7v
|
||||
3RJmbGgjCTnTrNNnS7NcgG3Cidg92bbzonXn6VB5eU/vbS0BcoTu/cfoHnyUQfMe
|
||||
+n/XCwW00fds/jkLOll52x478C4NkeYkwoL1FzDZBgCNkidpPleDLivC7wj62E+w
|
||||
rhwxNBGf4Qs2LHRWHgimd8l6z9+WG9g+5UgxUTp4WhJkuRSp8TmhbqfIWI0zCGfS
|
||||
XgFoAIyQtXOKLnFFCEcwFUTh7mKw6bbk8u0pQUPLyQSBlVHZdhqtpkT+hq1+Y4Nm
|
||||
tU8pb9G8BOryUvgOnEy8dPx9G64iwxYrYOu+cms6AigK8ZGHjSzOfqbJsgn7zgE=
|
||||
=RDPX
|
||||
-----END PGP MESSAGE-----
|
||||
fp: E83F398E6423179FE4F63D4FF085CAD394DE329D
|
||||
- created_at: "2022-11-25T15:54:04Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4DNffZWjBmO5ASAQdAsqGwMruz+NHQGNXhBlkFxzz49h/s+0rL8glEfh9avyww
|
||||
WgBSk5HdE7O2/NNSBKSoNEjO8mHa0Z0yyQEi36ohY3KlwNPsP4ThiPOLl6z8xsK3
|
||||
1GgBCQIQrNrzmh92ThNLfkhjNvfdFnPOK1LScYAVQQt+wYjWZJ7Cj6v3rxmiPWqj
|
||||
DuJSJrbWRFVXEQWRT7hfTa8lhAymec9G65MYN+GUQy68Yb1dJckPmuj4ja6d0JMA
|
||||
Mo5Sz7alehfJfw==
|
||||
=kmse
|
||||
-----END PGP MESSAGE-----
|
||||
fp: B1A16011B86BACB56ADB713DB712039D23133661
|
||||
- created_at: "2022-11-25T15:54:04Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA6MARpDCLIz2ARAAgWhMSYIrgIs5WEpkpKbMQ0Gs89BJVAk+e/aF6F5JFKFD
|
||||
lXdhin+XOK+foCdba68d8iCj+G94vO2TjnC1clv6BSMtpCjFspLISK3993JahBCt
|
||||
lVPDl6OPjjgETLa7v9JrkYadafzQasXSDtC0Nqfg3AAb/EfYAe2k/K79kAElHWIl
|
||||
ALLm8i8kbiOfySnjwhl8cJdDS7ua8nfC+pTac6e2GML0bKGjA0WR+ccOTGpNsFAu
|
||||
UPtw5onoSDmywqv88tlUdmdWAz1NsnQUhzvZ4j+YCLCltlU7bzDI9/ExhgQHxC4v
|
||||
Fghfs9jLINQZ7aWdqdib7S3FmFRdN06lsGh4bQFG+NPtLcoFxLcWkiArRVPW2lZ5
|
||||
YUZ1Brs+gvHNMvSVPXbe+1V9nwjvm1S76vUYwTm5mf8jm7wA1NqyoB3etPEaQzPA
|
||||
FYAZqErNVgG7pfa0zpnNYHHBB8y/Z/pyJKqRvRMJFpRj91FFULRrVPFr2B4JARAu
|
||||
6/Sonr20Q5UTIPpT2yhzDltL25Yfj6alCrsOTJ+XufGgw5m62UjKmarqCQJUwEk+
|
||||
/Qx3z+j1NlMgeuYpr+bWnjLgtwXuR0Q0pFgBkpJdP3VrvmfM/79fOBvEAFRgkevL
|
||||
tKPNfFrJv56ODfFmjMwmux2tHxROMAXWLUb5gFeAIoRRIk0ru0sEQVGwaj5Yo6bS
|
||||
XgEaqKfvaVzc1TuY5YIuXuXP+YLOJKJvDLmSaowFnM+GS1HtW1yGrdtCajEls2tE
|
||||
MJAnCZurAfwK48GfQx1qnzyd9QOi1KYRafXFXEu1AyU7BCgwZiMPp3Qdv09sAMg=
|
||||
=Rs7Q
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A4F92BC7B792108A463995827C1F2DA2BC929412
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
|
@ -4,6 +4,10 @@ postgres_nextcloud: ENC[AES256_GCM,data:Lv0Ld3sf+hoUE2qrsf9qGSYf5aVLqm5GIbK2hEoR
|
|||
nextcloud_adminpass: ENC[AES256_GCM,data:EMvcFOGJz45P4nvJ5Yy4SziWa2pUWBqt4ZZdde6wegk=,iv:tG9bhB7HPprZMnfV/uC/v7fqmjQd5d4Oj5avOtK2/0A=,tag:8jBDpnahwQsXsD2Ivf6jDw==,type:str]
|
||||
hedgedoc_session_secret: ENC[AES256_GCM,data:uz7KggZqeZ2eqiCnOcnYh2I1p5BBXTQbC8PUhB2kM2U=,iv:aJDHKCPkccCT/OF6AGZMfRESNmoV9muGHbuCUfLQhH8=,tag:uEVXylpE8MSebqRr+4mQOw==,type:str]
|
||||
wg-fsr: ENC[AES256_GCM,data:0WViJp9fNKVxq8LsK5R0Ihn3r+S7CLBk5voKn55dABidlFSLpsA0q+KTxoY=,iv:rc4B8N2otqolSRLfpeRkIn7iNlED7XUjY//OCI2oQ5c=,tag:eWO6LniGnTd8KZ4pSyrR5A==,type:str]
|
||||
wg-seckey: ENC[AES256_GCM,data:NHk6E5uu3CshC/0//LoGk6iCGKWbx49wVVkjoMqF19gc7MhdHAn9aJD+0Zc=,iv:N3PuU7+QSW9aD0ZhTI7CmMI3drLIzO7XaW3mgEDp/sk=,tag:fxH4eRIboy9O15oul7JOTw==,type:str]
|
||||
portunus_admin: ENC[AES256_GCM,data:bPuYdfpWJtYib9lUcXHVZeGerskd5vs5IOe+DE9Q7OOPkAwp,iv:6ZjjfQ3E1xxYjmEg7o849RZzUt8dyXjI84DSfPYGUWQ=,tag:JJpOLjPs8YdEBl3xGGAzbg==,type:str]
|
||||
portunus_search: ENC[AES256_GCM,data:J1GRvVOCcOcAz4qZypa/XbcMCGQSFS6yyg1eGfNIBA4=,iv:zFf90vpMW3aqpstZVEno5TDCVwV2vi3SyA7BrX2R3/A=,tag:HJauUh36/5qmr8sGmgH1dw==,type:str]
|
||||
rspamd-password: ENC[AES256_GCM,data:bOW6eAwr18Guq+BQt68It6O6i3aAthDv1ANZ02Q8zAZgV+UlfsJk9IELIA==,iv:7O48+wB7zJUIp3lQDTC7tkP1UFvmDfjs50x1Zo3hOhw=,tag:MNdiDF22a3n1ZrE6qTDVLA==,type:str]
|
||||
mediawiki:
|
||||
postgres: ENC[AES256_GCM,data:XRfUc2PRMJcoILAnm5MWr2Cg5u4e/IhGMUnz/oIQSzY=,iv:8U+qlD1SQzxUyD/6QK4SdwRCDyMODK/lP0IDrLlcQ4U=,tag:2spNMj9dY2wWilOusq24yQ==,type:str]
|
||||
initial_admin: ENC[AES256_GCM,data:iET5rz9rygx49NDBjKwqAlRgpeS+jq5iM5zmjnoKcyk=,iv:11iDbCrpzjCdyAB22R8NknJ6vzcpVZXCXB3iWsGWXw0=,tag:1RCyg1ysOWaXKdqqdHqRrw==,type:str]
|
||||
|
@ -23,8 +27,8 @@ sops:
|
|||
Z212K3JDWmRsZmVpdjBaUE1kL3phMm8K/x3Ssn0LEO7BfTUoOJQ6h88vlwA/AvQj
|
||||
KsosHSWO7vsgqKPPO+OPbHV1y8OTAKubcrk5szTUWBNOvggIw3nWDA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-12-09T15:15:33Z"
|
||||
mac: ENC[AES256_GCM,data:8G4Kohgr0lF8G135/MNzcSRIrtfX+QRCfMtLRK+fNbc/NHHozlLaI8XDpiURfvgaWR5fVim7DgT5r59aU+G+F8O45C83hJ5LLLmeisWL78Ktm9vOUhWgoClCZ8l/603uPpIG3WlenLF1D5DTO11U60wcGdWv1RMQ9ovxJCXtRfs=,iv:0L4KQR1LYUW52Upv5sZWKquuLNhdaRQ2yoV4y0rs+R0=,tag:uBEfNmk5hmRqSUGhF+V3SQ==,type:str]
|
||||
lastmodified: "2023-02-03T14:46:12Z"
|
||||
mac: ENC[AES256_GCM,data:Bg5S8lSYnCUhlYFObVpmPXsp2IVxm1vfDdyzEmGGoKNU9lit/0nxrmgv3ZvOfzrcilQQHLzAfPIM5HXTCVtoPPWmkicQ72SdNWLJbY9p1+MFQgiqFZcVAYb+FMm9s1IOxBgXx/OQWmQxDmTA6jZHqgYBZnrBMgjeo0ol1Zp60uY=,iv:FlCsVbOBQC43yrmAKv8j7b0DTuhZXmeURxWWkbIcRQQ=,tag:e9vubxFQOK6h1fHQ8GHLvQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2022-11-18T16:37:48Z"
|
||||
enc: |
|
||||
|
|
|
@ -5,6 +5,9 @@ postgres_nextcloud: ENC[AES256_GCM,data:ySjpkMh1/6JuU2JwjlJcXh0D,iv:7CWZPjX7NZt4
|
|||
nextcloud_adminpass: ENC[AES256_GCM,data:G3FcJIAl0HmpCu4JAXQOZPmWCg==,iv:Bgk7j3EfD9a73hDe93hpzH2uZUcssgVPMxr3nEWvUvQ=,tag:ngBZEBSQHBlWr62dcQdvHA==,type:str]
|
||||
hedgedoc_session_secret: ENC[AES256_GCM,data:wi2hWcIAU2u2t0hJkSUBI5pp2T29V/M=,iv:Iph099lne6cH6V1gnobcGZl/mfJZiw1bFJMdSTiVsxE=,tag:xGI+S3Uygzmdnmd0l1kCaQ==,type:str]
|
||||
wg-seckey: ENC[AES256_GCM,data:wuDmkZgUzzK5,iv:sa2I3qVkXWddcZlItfmKj3K5vT10WE/knoVOaA/HrIQ=,tag:SzGnDifhyol63eQKeJevcA==,type:str]
|
||||
portunus_admin: ENC[AES256_GCM,data:2X7cz7nRN2lvubR0e+8=,iv:NRXWAbK6DouyGzW6yiJ8tNYKcXNWbt7uy3eTMmybrRk=,tag:7itZnw28EQCmGBBF9Ctb3A==,type:str]
|
||||
portunus_search: ENC[AES256_GCM,data:nqCvit2p8YE8XJ3Z+PEP,iv:k2dC6TTI70M8raOTNnp1TsPiDmF3ssPPhIe6cjMevBA=,tag:CG1uvLQSxSQzVsGYxG7YUw==,type:str]
|
||||
rspamd-password: ENC[AES256_GCM,data:PG3qO7lDXjd/kw3Bp65k5KPWKU16yBmRXQeYeuo=,iv:pmDqdeyziD1ZUif0LABiN2BTqGw0VkvlrtwSSjo3lk8=,tag:QwnycEj+Nab0bCDeemUX0Q==,type:str]
|
||||
mediawiki:
|
||||
postgres: ENC[AES256_GCM,data:bna6ksGVOHWor7OqVL/jgeDIxA==,iv:bgkQh+NgPE/hr4N4YOCzSCfs7vaOx4pSWlc8WxI8qMc=,tag:WIjyu1i0M7flGFFovH5jWQ==,type:str]
|
||||
initial_admin: ENC[AES256_GCM,data:YRd3O5774NTmshxbQPbFjg==,iv:/Ra3WbZKcnUMf99ujN9qd/+DkOkFKv4cIEfUdmxpqMw=,tag:gj7ZbwIB1HLuPpGTgiz7Vg==,type:str]
|
||||
|
@ -24,8 +27,8 @@ sops:
|
|||
MERVUkh2ck9YWnJ5TXJDVmxpem1kTXMKCeOyjV/se1nRXsi15m/3i48hP7As6SEk
|
||||
ygtLt+UueHStX/b/OzrXk8IC5dj/mARGIJI5S61IKln6SZFbJGT6cQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-01-20T15:34:41Z"
|
||||
mac: ENC[AES256_GCM,data:YjrmGxH7DCf4HP2GKMb+2XThSTnvcNgIaM4uvuEK/Nb4ZuVKvF4usKvsHXuy0lJEtghfw1wd9ao9pEKbcCMTkkhjXmXe8LuprT72CQl5+qVLfchfgmYdwkx2H3pN9rWXR0jQnF/d6djAwvm7c2bepioUa2IamJx+++CWjttB0Ds=,iv:Ds6KZzSppATyo/jsWxeiuVP2jXDGiTHEk3XaSy2xgLA=,tag:zaPwS8jfKrom3JAncg6UXQ==,type:str]
|
||||
lastmodified: "2023-02-03T14:47:01Z"
|
||||
mac: ENC[AES256_GCM,data:qSuGdUOgVDhZ25zYGfZ6+GC7XxsoGV9dUSKM0YstpSQgR7u9S8fQVkcbz5gNTVhG8bdGQVxmMPTW3QyMI6s76yngs6kBxwnBSycAFowJlO6P/cRPqRlAuVhJy82hq0lOJem93vOnRPBQsb6Da0OS/7+SKoRd/I66BtPNKMmxEdo=,iv:IXy3cuZfUK2k8TIA7LpIbPSzcxXtiW4pmdILO6441Is=,tag:PuACj+FwaTxoTCFLytXoiw==,type:str]
|
||||
pgp:
|
||||
- created_at: "2022-11-18T16:37:58Z"
|
||||
enc: |
|
||||
|
|
Loading…
Reference in a new issue