diff --git a/flake.lock b/flake.lock index 37b4e24..fac1b4e 100644 --- a/flake.lock +++ b/flake.lock @@ -3,9 +3,7 @@ "course-management": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": [ - "nixpkgs" - ], + "nixpkgs": "nixpkgs", "poetry2nix": "poetry2nix" }, "locked": { @@ -42,6 +40,22 @@ "url": "https://git.ifsr.de/ese/manual-website" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -96,6 +110,24 @@ "type": "github" } }, + "flake-utils_4": { + "inputs": { + "systems": "systems_5" + }, + "locked": { + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "kpp": { "inputs": { "nixpkgs": [ @@ -103,11 +135,11 @@ ] }, "locked": { - "lastModified": 1708628927, - "narHash": "sha256-1ObvmmEzbW2YjY/jJyfOoxhxIe54zcsOBMzgehnclRg=", + "lastModified": 1724255946, + "narHash": "sha256-YVT/QE2PCDzx4eq1i3PqOOpQVXJstN18e0sFB/UbAY0=", "owner": "fsr", "repo": "kpp", - "rev": "05e370097af21ddb776bec907942c60e6aebc394", + "rev": "ce98b985201a5453aee708a3fc13bbccf2357f8e", "type": "github" }, "original": { @@ -145,11 +177,11 @@ ] }, "locked": { - "lastModified": 1716170277, - "narHash": "sha256-fCAiox/TuzWGVaAz16PxrR4Jtf9lN5dwWL2W74DS0yI=", + "lastModified": 1724576102, + "narHash": "sha256-uM7n5nNL6fmA0bwMJBNll11f4cMWOFa2Ni6F5KeIldM=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "e0638db3db43b582512a7de8c0f8363a162842b9", + "rev": "e333d62b70b179da1dd78d94315e8a390f2d12e5", "type": "github" }, "original": { @@ -158,45 +190,35 @@ "type": "github" } }, + "nix-minecraft": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils_3", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1724982042, + "narHash": "sha256-IwHIZYo1fyloQxvBy15QVzMALNEa7Jo6tzXVJj7U9Ws=", + "owner": "Infinidoge", + "repo": "nix-minecraft", + "rev": "32b632e29b141cc4c441b6e5504d33a9564dc3e6", + "type": "github" + }, + "original": { + "owner": "Infinidoge", + "repo": "nix-minecraft", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1716361217, - "narHash": "sha256-mzZDr00WUiUXVm1ujBVv6A0qRd8okaITyUp4ezYRgc4=", + "lastModified": 1701253981, + "narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "46397778ef1f73414b03ed553a3368f0e7e33c2f", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1716061101, - "narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1716509168, - "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "bfb7a882678e518398ce9a31a881538679f6f092", + "rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58", "type": "github" }, "original": { @@ -206,7 +228,39 @@ "type": "github" } }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1721524707, + "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { + "locked": { + "lastModified": 1725001927, + "narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "6e99f2a27d600612004fbd2c3282d614bfee6421", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1682134069, "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=", @@ -271,8 +325,8 @@ "ese-manual": "ese-manual", "kpp": "kpp", "nix-index-database": "nix-index-database", - "nixpkgs": "nixpkgs", - "nixpkgs-unstable": "nixpkgs-unstable", + "nix-minecraft": "nix-minecraft", + "nixpkgs": "nixpkgs_2", "print-interface": "print-interface", "sops-nix": "sops-nix", "vscode-server": "vscode-server" @@ -286,11 +340,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1716400300, - "narHash": "sha256-0lMkIk9h3AzOHs1dCL9RXvvN4PM8VBKb+cyGsqOKa4c=", + "lastModified": 1723501126, + "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "b549832718b8946e875c016a4785d204fcfc2e53", + "rev": "be0eec2d27563590194a9206f551a6f73d52fa34", "type": "github" }, "original": { @@ -358,6 +412,21 @@ "type": "github" } }, + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -382,8 +451,8 @@ }, "vscode-server": { "inputs": { - "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_2" + "flake-utils": "flake-utils_4", + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1713958148, diff --git a/flake.nix b/flake.nix index 422d82c..92e57b7 100755 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,6 @@ { inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; - nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; nix-index-database.url = "github:nix-community/nix-index-database"; @@ -18,8 +17,10 @@ course-management = { url = "github:fsr/course-management"; - inputs.nixpkgs.follows = "nixpkgs"; + # inputs.nixpkgs.follows = "nixpkgs"; }; + nix-minecraft.url = "github:Infinidoge/nix-minecraft"; + nix-minecraft.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = { self @@ -31,12 +32,14 @@ , vscode-server , course-management , print-interface + , nix-minecraft , ... }@inputs: let supportedSystems = [ "x86_64-linux" ]; forAllSystems = nixpkgs.lib.genAttrs supportedSystems; pkgs = forAllSystems (system: nixpkgs.legacyPackages.${system}); + in { packages = forAllSystems (system: rec { @@ -68,6 +71,7 @@ ese-manual.nixosModules.default course-management.nixosModules.default vscode-server.nixosModules.default + nix-minecraft.nixosModules.minecraft-servers ./hosts/quitte/configuration.nix ./options @@ -78,21 +82,26 @@ ./modules/courses ./modules/wiki ./modules/matrix + ./modules/minecraft + ./modules/keycloak ./modules/nix-serve.nix ./modules/hedgedoc.nix ./modules/padlist.nix ./modules/nextcloud.nix - ./modules/keycloak.nix ./modules/monitoring.nix ./modules/vaultwarden.nix ./modules/forgejo ./modules/kanboard.nix ./modules/zammad.nix ./modules/decisions.nix + ./modules/stream.nix # ./modules/struktur-bot.nix { - nixpkgs.overlays = [ self.overlays.default ]; + nixpkgs.overlays = [ + self.overlays.default + nix-minecraft.overlay + ]; sops.defaultSopsFile = ./secrets/quitte.yaml; } ]; diff --git a/hosts/quitte/configuration.nix b/hosts/quitte/configuration.nix index 6f18e21..91f3c3e 100644 --- a/hosts/quitte/configuration.nix +++ b/hosts/quitte/configuration.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, config, ... }: { imports = @@ -16,18 +16,7 @@ # boot.kernelParams = [ "video=VGA-1:1024x768@30" ]; boot.loader.efi.canTouchEfiVariables = true; boot.supportedFilesystems = [ "zfs" ]; - # boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; - # Pin Kernel Version as 6.6.28 has a broken networking driver - boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.linux_6_6.override { - argsOverride = rec { - src = pkgs.fetchurl { - url = "mirror://kernel/linux/kernel/v6.x/linux-${version}.tar.xz"; - sha256 = "sha256-Y55QBg48jyPtAXyxDP6sxrqI/1WDgSu3aFm0zGoSgpE="; - }; - version = "6.6.27"; - modDirVersion = "6.6.27"; - }; - }); + boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; services.zfs = { trim.enable = true; diff --git a/hosts/tomate/configuration.nix b/hosts/tomate/configuration.nix index 7ac0b3a..8058b04 100644 --- a/hosts/tomate/configuration.nix +++ b/hosts/tomate/configuration.nix @@ -50,13 +50,13 @@ services.xserver.enable = true; # Enable the KDE Plasma Desktop Environment. - services.xserver.displayManager.sddm.enable = true; + services.displayManager.sddm.enable = true; services.xserver.desktopManager.plasma5.enable = true; # Configure keymap in X11 services.xserver = { - layout = "de"; - xkbVariant = ""; + xkb.layout = "de"; + xkb.variant = ""; }; # Configure console keymap @@ -90,7 +90,7 @@ services.avahi = { enable = true; - nssmdns = true; + nssmdns4 = true; openFirewall = true; publish = { enable = true; diff --git a/modules/core/bacula.nix b/modules/core/bacula.nix index ea93477..15e309c 100644 --- a/modules/core/bacula.nix +++ b/modules/core/bacula.nix @@ -26,7 +26,10 @@ mailcommand = "${pkgs.bacula}/bin/bsmtp -f \"Bacula \" -s \"Bacula report" %r" mail = root+backup = all, !skipped ''; - director."abel-dir".password = "@${config.sops.secrets."bacula/password".path}"; + director."abel-dir" = { + password = "@${config.sops.secrets."bacula/password".path}"; + tls.enable = false; + }; }; environment.etc."bacula/bconsole.conf".text = '' Director { diff --git a/modules/core/base.nix b/modules/core/base.nix index 5f4e7b7..996bae4 100755 --- a/modules/core/base.nix +++ b/modules/core/base.nix @@ -1,6 +1,5 @@ { pkgs, config, ... }: { nix = { - package = pkgs.nixUnstable; # or versioned attributes like nix_2_4 extraOptions = '' experimental-features = nix-command flakes ''; @@ -113,6 +112,7 @@ eza zsh unzip + yazi ]; } diff --git a/modules/core/logging.nix b/modules/core/logging.nix index c242396..cc966c4 100644 --- a/modules/core/logging.nix +++ b/modules/core/logging.nix @@ -3,6 +3,7 @@ services.rsyslogd = { enable = true; defaultConfig = '' + $FileCreateMode 0640 :programname, isequal, "postfix" /var/log/postfix.log auth.* -/var/log/auth.log diff --git a/modules/core/nginx.nix b/modules/core/nginx.nix index 36e596e..874a122 100644 --- a/modules/core/nginx.nix +++ b/modules/core/nginx.nix @@ -7,14 +7,10 @@ ({ name, ... }: { enableACME = true; forceSSL = true; - # enable http3 for all hosts - quic = true; - http3 = true; # split up nginx access logs per vhost extraConfig = '' access_log /var/log/nginx/${name}_access.log; error_log /var/log/nginx/${name}_error.log; - add_header Alt-Svc 'h3=":443"; ma=86400'; ''; }) ); diff --git a/modules/core/podman.nix b/modules/core/podman.nix index ad47b5b..625d25b 100644 --- a/modules/core/podman.nix +++ b/modules/core/podman.nix @@ -23,4 +23,4 @@ #docker-compose # start group of containers for dev #podman-compose # start group of containers for dev ]; -} \ No newline at end of file +} diff --git a/modules/decisions.nix b/modules/decisions.nix index a95bd85..c3e0c2e 100644 --- a/modules/decisions.nix +++ b/modules/decisions.nix @@ -33,14 +33,14 @@ in }; }; - systemd.services."decisions-to-db" = { - script = '' - set -eu - ${pkgs.docker}/bin/docker exec decisions python tex_to_db.py - ''; - serviceConfig = { - Type = "oneshot"; - User = "root"; - }; - }; + # systemd.services."decisions-to-db" = { + # script = '' + # set -eu + # ${pkgs.podman}/bin/podman exec decisions python tex_to_db.py + # ''; + # serviceConfig = { + # Type = "oneshot"; + # User = "root"; + # }; + # }; } diff --git a/modules/forgejo/default.nix b/modules/forgejo/default.nix index 4e55c9b..2a69af5 100644 --- a/modules/forgejo/default.nix +++ b/modules/forgejo/default.nix @@ -22,15 +22,6 @@ in services.forgejo = { enable = true; - package = pkgs.forgejo.overrideAttrs (_old: { - patches = [ - # migration fix - (pkgs.fetchpatch { - url = "https://codeberg.org/forgejo/forgejo/commit/ae463c7c559e02975ce5e758d8780def978eebee.patch"; - hash = "sha256-cOXPvkLS0n+ynSBTrmEtumZ2PYBeCZmxPpFktqkw6Fo="; - }) - ]; - }); user = gitUser; group = gitUser; lfs.enable = true; @@ -79,6 +70,8 @@ in PROVIDER = "db"; }; actions.ENABLED = true; + federation.ENABLED = true; + webhook.ALLOWED_HOST_LIST = "*.ifsr.de"; }; }; diff --git a/modules/kanboard.nix b/modules/kanboard.nix index 9edc86a..5eb155c 100644 --- a/modules/kanboard.nix +++ b/modules/kanboard.nix @@ -1,33 +1,65 @@ -{ config, pkgs, ... }: +{ pkgs, config, lib, ... }: let domain = "kanboard.${config.networking.domain}"; domain_short = "kb.${config.networking.domain}"; + user = "kanboard"; + group = "kanboard"; in { - sops.secrets."kanboard_env" = { }; - - virtualisation.oci-containers = { - containers.kanboard = { - image = "ghcr.io/kanboard/kanboard:v1.2.36"; - volumes = [ - "kanboard_data:/var/www/app/data" - "kanboard_plugins:/var/www/app/plugins" - ]; - ports = [ "127.0.0.1:8045:80" ]; - environmentFiles = [ - config.sops.secrets."kanboard_env".path - ]; + users.users.${user} = { + group = group; + isSystemUser = true; + }; + users.groups.${group} = { }; + + services.phpfpm.pools.kanboard = { + user = "kanboard"; + group = "kanboard"; + settings = { + "listen.owner" = config.services.nginx.user; + "pm" = "dynamic"; + "pm.max_children" = 32; + "pm.max_requests" = 500; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 2; + "pm.max_spare_servers" = 5; + "php_admin_value[error_log]" = "stderr"; + "php_admin_flag[log_errors]" = true; + "catch_workers_output" = true; }; + phpEnv."PATH" = lib.makeBinPath [ pkgs.php ]; }; + + + services.nginx.enable = true; services.nginx = { virtualHosts."${domain_short}" = { locations."/".return = "301 $scheme://${domain}$request_uri"; }; virtualHosts."${domain}" = { - locations."/" = { - proxyPass = "http://127.0.0.1:8045"; + root = "/srv/web/kanboard"; + extraConfig = '' + index index.html index.php; + ''; + + locations = { + "/" = { + tryFiles = "$uri $uri/ =404"; + }; + "~ \.php$" = { + extraConfig = '' + try_files $uri =404; + fastcgi_pass unix:${config.services.phpfpm.pools.kanboard.socket}; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include ${pkgs.nginx}/conf/fastcgi_params; + include ${pkgs.nginx}/conf/fastcgi.conf; + fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; + ''; + }; + "/data".return = "403"; }; }; }; diff --git a/modules/keycloak.nix b/modules/keycloak/default.nix similarity index 84% rename from modules/keycloak.nix rename to modules/keycloak/default.nix index 08d5d2d..f3b88ce 100644 --- a/modules/keycloak.nix +++ b/modules/keycloak/default.nix @@ -1,4 +1,4 @@ -{ config, nixpkgs-unstable, ... }: +{ config, pkgs, lib, ... }: let domain = "sso.${config.networking.domain}"; in @@ -7,7 +7,7 @@ in services.keycloak = { enable = true; # we use unstable as the release in stable is insecure - package = nixpkgs-unstable.legacyPackages.x86_64-linux.keycloak; + # package = nixpkgs-unstable.legacyPackages.x86_64-linux.keycloak; settings = { http-port = 8086; https-port = 19000; @@ -20,6 +20,9 @@ in passwordFile = config.sops.secrets."keycloak/db".path; }; initialAdminPassword = "plschangeme"; + themes = with pkgs ; { + ifsr = keycloak_ifsr_theme; + }; }; services.nginx.virtualHosts."${domain}" = { locations."/" = { diff --git a/modules/keycloak/theme.nix b/modules/keycloak/theme.nix new file mode 100644 index 0000000..0500e47 --- /dev/null +++ b/modules/keycloak/theme.nix @@ -0,0 +1,15 @@ +{ stdenv }: +stdenv.mkDerivation rec { + name = "keycloak_ifsr_theme"; + version = "1.1"; + + src = ./theme; + + nativeBuildInputs = [ ]; + buildInputs = [ ]; + + installPhase = '' + mkdir -p $out + cp -a login $out + ''; +} diff --git a/modules/keycloak/theme/login/resources/css/login.css b/modules/keycloak/theme/login/resources/css/login.css new file mode 100644 index 0000000..6314ff8 --- /dev/null +++ b/modules/keycloak/theme/login/resources/css/login.css @@ -0,0 +1,772 @@ +.login-pf { + background: none; +} + +.login-pf body { + background: url(../img/background.jpg) no-repeat center center fixed; + background-size: cover; + height: 100%; +} + +/*IE compatibility*/ +.pf-c-form-control { + font-size: 14px; + font-size: var(--pf-global--FontSize--sm); + border-width: 1px; + border-width: var(--pf-global--BorderWidth--sm);; + border-color: #EDEDED #EDEDED #8A8D90 #EDEDED; + border-color: var(--pf-global--BorderColor--300) var(--pf-global--BorderColor--300) var(--pf-global--BorderColor--200) var(--pf-global--BorderColor--300); + background-color: #FFFFFF; + background-color: var(--pf-global--BackgroundColor--100); + height: 36px; + height: calc(var(--pf-c-form-control--FontSize) * var(--pf-c-form-control--LineHeight) + var(--pf-c-form-control--BorderWidth) * 2 + var(--pf-c-form-control--PaddingTop) + var(--pf-c-form-control--PaddingBottom)); + padding: 5px 0.5rem; + padding: var(--pf-c-form-control--PaddingTop) var(--pf-c-form-control--PaddingRight) var(--pf-c-form-control--PaddingBottom) var(--pf-c-form-control--PaddingLeft); +} + +textarea.pf-c-form-control { + height: auto; +} + +.pf-c-form-control:hover, .pf-c-form-control:focus { + border-bottom-color: #0066CC; + border-bottom-color: var(--pf-global--primary-color--100); + border-bottom-width: 2px; + border-bottom-width: var(--pf-global--BorderWidth--md); +} + +.pf-c-form-control[aria-invalid=true] { + border-bottom-color: #C9190B; + border-bottom-color: var(--pf-global--danger-color--100); + border-bottom-width: 2px; + border-bottom-width: var(--pf-global--BorderWidth--md); +} + +.pf-c-check__label, .pf-c-radio__label { + font-size: 14px; + font-size: var(--pf-global--FontSize--sm); +} + +.pf-c-alert.pf-m-inline { + margin-bottom: 0.5rem; /* default - IE compatibility */ + margin-bottom: var(--pf-global--spacer--sm); + padding: 0.25rem; + padding: var(--pf-global--spacer--xs); + border: solid #ededed; + border: solid var(--pf-global--BorderColor--300); + border-width: 1px; + border-width: var(--pf-c-alert--m-inline--BorderTopWidth) var(--pf-c-alert--m-inline--BorderRightWidth) var(--pf-c-alert--m-inline--BorderBottomWidth) var(--pf-c-alert--m-inline--BorderLeftWidth); + display: -ms-flexbox; + display: grid; + -ms-grid-columns: max-content 1fr max-content; + grid-template-columns:max-content 1fr max-content; + grid-template-columns: var(--pf-c-alert--grid-template-columns); + grid-template-rows: 1fr auto; + grid-template-rows: var(--pf-c-alert--grid-template-rows); +} + +.pf-c-alert.pf-m-inline::before { + position: absolute; + top: -1px; + top: var(--pf-c-alert--m-inline--before--Top); + bottom: -1px; + bottom: var(--pf-c-alert--m-inline--before--Bottom); + left: 0; + width: 3px; + width: var(--pf-c-alert--m-inline--before--Width); + content: ; + background-color: #FFFFFF; + background-color: var(--pf-global--BackgroundColor--100); +} + +.pf-c-alert.pf-m-inline.pf-m-success::before { + background-color: #92D400; + background-color: var(--pf-global--success-color--100); +} + +.pf-c-alert.pf-m-inline.pf-m-danger::before { + background-color: #C9190B; + background-color: var(--pf-global--danger-color--100); +} + +.pf-c-alert.pf-m-inline.pf-m-warning::before { + background-color: #F0AB00; + background-color: var(--pf-global--warning-color--100); +} + +.pf-c-alert.pf-m-inline .pf-c-alert__icon { + padding: 1rem 0.5rem 1rem 1rem; + padding: var(--pf-c-alert--m-inline__icon--PaddingTop) var(--pf-c-alert--m-inline__icon--PaddingRight) var(--pf-c-alert--m-inline__icon--PaddingBottom) var(--pf-c-alert--m-inline__icon--PaddingLeft); + font-size: 16px; + font-size: var(--pf-c-alert--m-inline__icon--FontSize); +} + +.pf-c-alert.pf-m-success .pf-c-alert__icon { + color: #92D400; + color: var(--pf-global--success-color--100); +} + +.pf-c-alert.pf-m-success .pf-c-alert__title { + color: #486B00; + color: var(--pf-global--success-color--200); +} + +.pf-c-alert.pf-m-danger .pf-c-alert__icon { + color: #C9190B; + color: var(--pf-global--danger-color--100); +} + +.pf-c-alert.pf-m-danger .pf-c-alert__title { + color: #A30000; + color: var(--pf-global--danger-color--200); +} + +.pf-c-alert.pf-m-warning .pf-c-alert__icon { + color: #F0AB00; + color: var(--pf-global--warning-color--100); +} + +.pf-c-alert.pf-m-warning .pf-c-alert__title { + color: #795600; + color: var(--pf-global--warning-color--200); +} + +.pf-c-alert__title { + font-size: 14px; /* default - IE compatibility */ + font-size: var(--pf-global--FontSize--sm); + padding: 5px 8px; + padding: var(--pf-c-alert__title--PaddingTop) var(--pf-c-alert__title--PaddingRight) var(--pf-c-alert__title--PaddingBottom) var(--pf-c-alert__title--PaddingLeft); +} + +.pf-c-button{ + padding:0.375rem 1rem; + padding: var(--pf-global--spacer--form-element) var(--pf-global--spacer--md); +} + +/* default - IE compatibility */ +.pf-m-primary { + color: #FFFFFF; + background-color: #0066CC; + background-color: var(--pf-global--primary-color--100); +} + +/* default - IE compatibility */ +.pf-m-primary:hover { + background-color: #004080; + background-color: var(--pf-global--primary-color--200); +} + +/* default - IE compatibility */ +.pf-c-button.pf-m-control { + border: solid 1px; + border: solid var(--pf-global--BorderWidth--sm); + border-color: rgba(230, 230, 230, 0.5); +} +/*End of IE compatibility*/ +h1#kc-page-title { + margin-top: 10px; +} + +#kc-locale ul { + background-color: #FFF; + background-color: var(--pf-global--BackgroundColor--100); + display: none; + top: 20px; + min-width: 100px; + padding: 0; +} + +#kc-locale-dropdown{ + display: inline-block; +} + +#kc-locale-dropdown:hover ul { + display:block; +} + +/* IE compatibility */ +#kc-locale-dropdown a { + color: #6A6E73; + color: var(--pf-global--Color--200); + text-align: right; + font-size: 14px; + font-size: var(--pf-global--FontSize--sm); +} + +/* IE compatibility */ +a#kc-current-locale-link::after { + content: 2c5; + margin-left: 4px; + margin-left: var(--pf-global--spacer--xs) +} + +.login-pf .container { + padding-top: 40px; +} + +.login-pf a:hover { + color: #0099d3; +} + +#kc-logo { + width: 100%; +} + +div.kc-logo-text { + background-image: url(../img/agdsn_logo.png); + background-repeat: no-repeat; + background-size: auto; + position: relative; + top: 0%; + left: 25%; + width: 950px; + height: 250px; + + +} + +div.kc-logo-text span { + display: none; +} + +#kc-header { + color: #ededed; + overflow: visible; + white-space: nowrap; +} + +#kc-header-wrapper { + font-size: 29px; + text-transform: uppercase; + letter-spacing: 3px; + line-height: 1.2em; + padding: 62px 10px 20px; + white-space: normal; +} + +#kc-content { + width: 100%; +} + +#kc-attempted-username { + font-size: 20px; + font-family: inherit; + font-weight: normal; + padding-right: 10px; +} + +#kc-username { + text-align: center; + margin-bottom:-10px; +} + +#kc-webauthn-settings-form { + padding-top: 8px; +} + +#kc-form-webauthn .select-auth-box-parent { + pointer-events: none; +} + +#kc-form-webauthn .select-auth-box-desc { + color: var(--pf-global--palette--black-600); +} + +#kc-form-webauthn .select-auth-box-headline { + color: var(--pf-global--Color--300); +} + +#kc-form-webauthn .select-auth-box-icon { + flex: 0 0 3em; +} + +#kc-form-webauthn .select-auth-box-icon-properties { + margin-top: 10px; + font-size: 1.8em; +} + +#kc-form-webauthn .select-auth-box-icon-properties.unknown-transport-class { + margin-top: 3px; +} + +#kc-form-webauthn .pf-l-stack__item { + margin: -1px 0; +} + +#kc-content-wrapper { + margin-top: 20px; +} + +#kc-form-wrapper { + margin-top: 10px; +} + +#kc-info { + margin: 20px -40px -30px; +} + +#kc-info-wrapper { + font-size: 13px; + padding: 15px 35px; + background-color: #F0F0F0; +} + +#kc-form-options span { + display: block; +} + +#kc-form-options .checkbox { + margin-top: 0; + color: #72767b; +} + +#kc-terms-text { + margin-bottom: 20px; +} + +#kc-registration { + margin-bottom: 0; +} + +/* TOTP */ + +.subtitle { + text-align: right; + margin-top: 30px; + color: #909090; +} + +.required { + color: #A30000; /* default - IE compatibility */ + color: var(--pf-global--danger-color--200); +} + +ol#kc-totp-settings { + margin: 0; + padding-left: 20px; +} + +ul#kc-totp-supported-apps { + margin-bottom: 10px; +} + +#kc-totp-secret-qr-code { + max-width:150px; + max-height:150px; +} + +#kc-totp-secret-key { + background-color: #fff; + color: #333333; + font-size: 16px; + padding: 10px 0; +} + +/* OAuth */ + +#kc-oauth h3 { + margin-top: 0; +} + +#kc-oauth ul { + list-style: none; + padding: 0; + margin: 0; +} + +#kc-oauth ul li { + border-top: 1px solid rgba(255, 255, 255, 0.1); + font-size: 12px; + padding: 10px 0; +} + +#kc-oauth ul li:first-of-type { + border-top: 0; +} + +#kc-oauth .kc-role { + display: inline-block; + width: 50%; +} + +/* Code */ +#kc-code textarea { + width: 100%; + height: 8em; +} + +/* Social */ +.kc-social-links { + margin-top: 20px; +} + +.kc-social-provider-logo { + font-size: 23px; + width: 30px; + height: 25px; + float: left; +} + +.kc-social-gray { + color: #737679; /* default - IE compatibility */ + color: var(--pf-global--Color--200); +} + +.kc-social-item { + margin-bottom: 0.5rem; /* default - IE compatibility */ + margin-bottom: var(--pf-global--spacer--sm); + font-size: 15px; + text-align: center; +} + +.kc-social-provider-name { + position: relative; + top: 3px; +} + +.kc-social-icon-text { + left: -15px; +} + +.kc-social-grid { + display:grid; + grid-column-gap: 10px; + grid-row-gap: 5px; + grid-column-end: span 6; + --pf-l-grid__item--GridColumnEnd: span 6; +} + +.kc-social-grid .kc-social-icon-text { + left: -10px; +} + +.kc-login-tooltip { + position: relative; + display: inline-block; +} + +.kc-social-section { + text-align: center; +} + +.kc-social-section hr{ + margin-bottom: 10px +} + +.kc-login-tooltip .kc-tooltip-text{ + top:-3px; + left:160%; + background-color: black; + visibility: hidden; + color: #fff; + + min-width:130px; + text-align: center; + border-radius: 2px; + box-shadow:0 1px 8px rgba(0,0,0,0.6); + padding: 5px; + + position: absolute; + opacity:0; + transition:opacity 0.5s; +} + +/* Show tooltip */ +.kc-login-tooltip:hover .kc-tooltip-text { + visibility: visible; + opacity:0.7; +} + +/* Arrow for tooltip */ +.kc-login-tooltip .kc-tooltip-text::after { + content: ; + position: absolute; + top: 15px; + right: 100%; + margin-top: -5px; + border-width: 5px; + border-style: solid; + border-color: transparent black transparent transparent; +} + +@media (min-width: 768px) { + #kc-container-wrapper { + position: absolute; + width: 100%; + } + + .login-pf .container { + padding-right: 80px; + } + + #kc-locale { + position: relative; + text-align: right; + z-index: 9999; + } +} + +@media (max-width: 767px) { + + .login-pf body { + background: white; + } + + #kc-header { + padding-left: 15px; + padding-right: 15px; + float: none; + text-align: left; + } + + #kc-header-wrapper { + font-size: 16px; + font-weight: bold; + padding: 20px 60px 0 0; + color: #72767b; + letter-spacing: 0; + } + + div.kc-logo-text { + margin: 0; + width: 150px; + height: 32px; + background-size: 100%; + } + + #kc-form { + float: none; + } + + #kc-info-wrapper { + border-top: 1px solid rgba(255, 255, 255, 0.1); + background-color: transparent; + } + + .login-pf .container { + padding-top: 15px; + padding-bottom: 15px; + } + + #kc-locale { + position: absolute; + width: 200px; + top: 20px; + right: 20px; + text-align: right; + z-index: 9999; + } +} + +@media (min-height: 646px) { + #kc-container-wrapper { + bottom: 12%; + } +} + +@media (max-height: 645px) { + #kc-container-wrapper { + padding-top: 50px; + top: 20%; + } +} + +.card-pf form.form-actions .btn { + float: right; + margin-left: 10px; +} + +#kc-form-buttons { + margin-top: 20px; +} + +.login-pf-page .login-pf-brand { + margin-top: 20px; + max-width: 360px; + width: 40%; +} + +/* Internet Explorer 11 compatibility workaround for select-authenticator screen */ +@media all and (-ms-high-contrast: none), +(-ms-high-contrast: active) { + .select-auth-box-parent { + border-top: 1px solid #f0f0f0; + padding-top: 1rem; + padding-bottom: 1rem; + cursor: pointer; + } + + .select-auth-box-headline { + font-size: 16px; + color: #06c; + font-weight: bold; + } + + .select-auth-box-desc { + font-size: 14px; + } + + .pf-l-stack { + flex-basis: 100%; + } +} +/* End of IE11 workaround for select-authenticator screen */ + +.select-auth-box-arrow{ + display: flex; + align-items: center; + margin-right: 2rem; +} + +.select-auth-box-icon{ + display: flex; + flex: 0 0 2em; + justify-content: center; + margin-right: 1rem; + margin-left: 3rem; +} + +.select-auth-box-parent{ + border-top: 1px solid var(--pf-global--palette--black-200); + padding-top: 1rem; + padding-bottom: 1rem; + cursor: pointer; +} + +.select-auth-box-parent:hover{ + background-color: #f7f8f8; +} + +.select-auth-container { +} + +.select-auth-box-headline { + font-size: var(--pf-global--FontSize--md); + color: var(--pf-global--primary-color--100); + font-weight: bold; +} + +.select-auth-box-desc { + font-size: var(--pf-global--FontSize--sm); +} + +.select-auth-box-paragraph { + text-align: center; + font-size: var(--pf-global--FontSize--md); + margin-bottom: 5px; +} + +.card-pf { + margin: 0 auto; + box-shadow: var(--pf-global--BoxShadow--lg); + padding: 0 20px; + max-width: 500px; + border-top: 4px solid; + border-color: #0066CC; /* default - IE compatibility */ + border-color: var(--pf-global--primary-color--100); +} + +/*phone*/ +@media (max-width: 767px) { + .login-pf-page .card-pf { + max-width: none; + margin-left: 0; + margin-right: 0; + padding-top: 0; + border-top: 0; + box-shadow: 0 0; + } + + .kc-social-grid { + grid-column-end: 12; + --pf-l-grid__item--GridColumnEnd: span 12; + } + + .kc-social-grid .kc-social-icon-text { + left: -15px; + } +} + +.login-pf-page .login-pf-signup { + font-size: 15px; + color: #72767b; +} +#kc-content-wrapper .row { + margin-left: 0; + margin-right: 0; +} + +.login-pf-page.login-pf-page-accounts { + margin-left: auto; + margin-right: auto; +} + +.login-pf-page .btn-primary { + margin-top: 0; +} + +.login-pf-page .list-view-pf .list-group-item { + border-bottom: 1px solid #ededed; +} + +.login-pf-page .list-view-pf-description { + width: 100%; +} + +#kc-form-login div.form-group:last-of-type, +#kc-register-form div.form-group:last-of-type, +#kc-update-profile-form div.form-group:last-of-type { + margin-bottom: 0px; +} + +.no-bottom-margin { + margin-bottom: 0; +} + +#kc-back { + margin-top: 5px; +} + +/* Recovery codes */ +.kc-recovery-codes-warning { + margin-bottom: 32px; +} +.kc-recovery-codes-warning .pf-c-alert__description p { + font-size: 0.875rem; +} +.kc-recovery-codes-list { + list-style: none; + columns: 2; + margin: 16px 0; + padding: 16px 16px 8px 16px; + border: 1px solid #D2D2D2; +} +.kc-recovery-codes-list li { + margin-bottom: 8px; + font-size: 11px; +} +.kc-recovery-codes-list li span { + color: #6A6E73; + width: 16px; + text-align: right; + display: inline-block; + margin-right: 1px; +} + +.kc-recovery-codes-actions { + margin-bottom: 24px; +} +.kc-recovery-codes-actions button { + padding-left: 0; +} +.kc-recovery-codes-actions button i { + margin-right: 8px; +} + +.kc-recovery-codes-confirmation { + align-items: baseline; + margin-bottom: 16px; +} +/* End Recovery codes */ + + diff --git a/modules/keycloak/theme/login/resources/img/background.jpg b/modules/keycloak/theme/login/resources/img/background.jpg new file mode 100644 index 0000000..0a1a60d Binary files /dev/null and b/modules/keycloak/theme/login/resources/img/background.jpg differ diff --git a/modules/keycloak/theme/login/theme.properties b/modules/keycloak/theme/login/theme.properties new file mode 100644 index 0000000..c0d3ad2 --- /dev/null +++ b/modules/keycloak/theme/login/theme.properties @@ -0,0 +1,4 @@ +parent=keycloak +import=common/keycloak + +styles=css/login.css diff --git a/modules/ldap/default.nix b/modules/ldap/default.nix index b5d1cf7..85ba359 100644 --- a/modules/ldap/default.nix +++ b/modules/ldap/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, nixpkgs-unstable, system, ... }: +{ config, pkgs, system, ... }: let domain = "auth.${config.networking.domain}"; seedSettings = { @@ -43,15 +43,6 @@ let }; in { - # Use portunus from unstable branch until 24.05 is here - disabledModules = [ "services/misc/portunus.nix" ]; - imports = [ "${nixpkgs-unstable}/nixos/modules/services/misc/portunus.nix" ]; - nixpkgs.overlays = [ - (_self: _super: { - inherit (nixpkgs-unstable.legacyPackages.${system}) portunus; - }) - ]; - sops.secrets = { "portunus/admin-password".owner = config.services.portunus.user; "portunus/search-password".owner = config.services.portunus.user; diff --git a/modules/mail/dovecot2.nix b/modules/mail/dovecot2.nix index ffc6614..ef3bbcc 100644 --- a/modules/mail/dovecot2.nix +++ b/modules/mail/dovecot2.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ lib, config, pkgs, ... }: let hostname = "mail.${config.networking.domain}"; dovecot-ldap-args = pkgs.writeText "ldap-args" '' @@ -16,40 +16,10 @@ let in { networking.firewall.allowedTCPPorts = [ - 143 # IMAP 993 # IMAPS 4190 # Managesieve ]; sops.secrets."dovecot_ldap_search".owner = config.services.dovecot2.user; - environment.etc = { - "dovecot/sieve-pipe/sa-learn-spam.sh" = { - text = '' - #!/bin/sh - ${pkgs.rspamd}/bin/rspamc learn_spam - ''; - mode = "0555"; - }; - "dovecot/sieve-pipe/sa-learn-ham.sh" = { - text = '' - #!/bin/sh - ${pkgs.rspamd}/bin/rspamc learn_ham - ''; - mode = "0555"; - }; - "dovecot/sieve/report-spam.sieve" = { - source = ./report-spam.sieve; - user = "dovecot2"; - group = "dovecot2"; - mode = "0544"; - }; - "dovecot/sieve/report-ham.sieve" = { - source = ./report-ham.sieve; - user = "dovecot2"; - group = "dovecot2"; - mode = "0544"; - }; - }; - services.dovecot2 = { enable = true; enableImap = true; @@ -101,17 +71,45 @@ in # set to satisfy the sieveScripts check, will be overridden by userdb lookups anyways mailUser = "vmail"; mailGroup = "vmail"; - sieveScripts = { - before = pkgs.writeText "spam.sieve" '' - require "fileinto"; + sieve = { + # just pot something in here to prevent empty strings + extensions = [ "notify" ]; + pipeBins = map lib.getExe [ + (pkgs.writeShellScriptBin "learn-ham.sh" "exec ${pkgs.rspamd}/bin/rspamc learn_ham") + (pkgs.writeShellScriptBin "learn-spam.sh" "exec ${pkgs.rspamd}/bin/rspamc learn_spam") + ]; + plugins = [ + "sieve_imapsieve" + "sieve_extprograms" + ]; + scripts = { + before = pkgs.writeText "spam.sieve" '' + require "fileinto"; - if anyof( - header :contains "x-spam-flag" "yes", - header :contains "X-Spam-Status" "Yes"){ - fileinto "Spam"; - } - ''; + if anyof( + header :contains "x-spam-flag" "yes", + header :contains "X-Spam-Status" "Yes"){ + fileinto "Spam"; + } + ''; + }; }; + imapsieve.mailbox = [ + { + # Spam: From elsewhere to Spam folder or flag changed in Spam folder + name = "Spam"; + causes = [ "COPY" "APPEND" "FLAG" ]; + before = ./report-spam.sieve; + + } + { + # From Junk folder to elsewhere + name = "*"; + from = "Spam"; + causes = [ "COPY" ]; + before = ./report-ham.sieve; + } + ]; extraConfig = '' auth_username_format = %Ln passdb { @@ -152,21 +150,6 @@ in plugin { - sieve_plugins = sieve_imapsieve sieve_extprograms - sieve_global_extensions = +vnd.dovecot.pipe - sieve_pipe_bin_dir = /etc/dovecot/sieve-pipe - - # Spam: From elsewhere to Spam folder or flag changed in Spam folder - imapsieve_mailbox1_name = Spam - imapsieve_mailbox1_causes = COPY APPEND FLAG - imapsieve_mailbox1_before = file:/etc/dovecot/sieve/report-spam.sieve - - # Ham: From Spam folder to elsewhere - imapsieve_mailbox2_name = * - imapsieve_mailbox2_from = Spam - imapsieve_mailbox2_causes = COPY - imapsieve_mailbox2_before = file:/etc/dovecot/sieve/report-ham.sieve - # https://doc.dovecot.org/configuration_manual/plugins/listescape_plugin/ listescape_char = "\\" } diff --git a/modules/mail/report-ham.sieve b/modules/mail/report-ham.sieve index a9d30cf..6217a90 100755 --- a/modules/mail/report-ham.sieve +++ b/modules/mail/report-ham.sieve @@ -12,4 +12,4 @@ if environment :matches "imap.user" "*" { set "username" "${1}"; } -pipe :copy "sa-learn-ham.sh" [ "${username}" ]; +pipe :copy "learn-ham.sh" [ "${username}" ]; diff --git a/modules/mail/report-spam.sieve b/modules/mail/report-spam.sieve index 4024b7a..9d4c74b 100755 --- a/modules/mail/report-spam.sieve +++ b/modules/mail/report-spam.sieve @@ -4,4 +4,4 @@ if environment :matches "imap.user" "*" { set "username" "${1}"; } -pipe :copy "sa-learn-spam.sh" [ "${username}" ]; \ No newline at end of file +pipe :copy "learn-spam.sh" [ "${username}" ]; diff --git a/modules/mail/rspamd.nix b/modules/mail/rspamd.nix index 62d59bd..8895a3b 100644 --- a/modules/mail/rspamd.nix +++ b/modules/mail/rspamd.nix @@ -55,6 +55,74 @@ in path = /var/lib/rspamd/dkim/$domain.$selector.key; ''; + "reputation.conf".text = '' + rules { + ip_reputation = { + selector "ip" { + } + backend "redis" { + servers = "/run/redis-rspamd/redis.sock"; + } + + symbol = "IP_REPUTATION"; + } + spf_reputation = { + selector "spf" { + } + backend "redis" { + servers = "/run/redis-rspamd/redis.sock"; + } + + symbol = "SPF_REPUTATION"; + } + dkim_reputation = { + selector "dkim" { + } + backend "redis" { + servers = "/run/redis-rspamd/redis.sock"; + } + + symbol = "DKIM_REPUTATION"; # Also adjusts scores for DKIM_ALLOW, DKIM_REJECT + } + generic_reputation = { + selector "generic" { + selector = "ip"; # see https://rspamd.com/doc/configuration/selectors.html + } + backend "redis" { + servers = "/run/redis-rspamd/redis.sock"; + } + + symbol = "GENERIC_REPUTATION"; + } + } + ''; + "groups.conf".text = '' + group "reputation" { + symbols = { + "IP_REPUTATION_HAM" { + weight = 1.0; + } + "IP_REPUTATION_SPAM" { + weight = 4.0; + } + + "DKIM_REPUTATION" { + weight = 1.0; + } + + "SPF_REPUTATION_HAM" { + weight = 1.0; + } + "SPF_REPUTATION_SPAM" { + weight = 2.0; + } + + "GENERIC_REPUTATION" { + weight = 1.0; + } + } + } + ''; "multimap.conf".text = let @@ -73,22 +141,26 @@ in filter = "email:domain"; map = "/var/lib/rspamd/whitelist.sender.domain.map"; action = "accept"; + regexp = true; } WHITELIST_SENDER_EMAIL { type = "from"; map = "/var/lib/rspamd/whitelist.sender.email.map"; action = "accept"; + regexp = true; } BLACKLIST_SENDER_DOMAIN { type = "from"; filter = "email:domain"; map = "/var/lib/rspamd/blacklist.sender.domain.map"; action = "reject"; + regexp = true; } BLACKLIST_SENDER_EMAIL { type = "from"; map = "/var/lib/rspamd/blacklist.sender.email.map"; action = "reject"; + regexp = true; } BLACKLIST_SUBJECT_KEYWORDS { type = "header"; diff --git a/modules/minecraft/default.nix b/modules/minecraft/default.nix new file mode 100644 index 0000000..4f7e261 --- /dev/null +++ b/modules/minecraft/default.nix @@ -0,0 +1,52 @@ +{ pkgs, config, lib, ... }: +{ + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + "minecraft-server" + ]; + services.minecraft-servers = { + enable = true; + eula = true; + servers.ifsr = { + enable = true; + package = pkgs.fabricServers.fabric-1_21; + jvmOpts = "-Xmx8192M -Xms8192M"; + }; + }; + services.bluemap = { + enable = true; + host = "map.mc.ifsr.de"; + eula = true; + onCalendar = "hourly"; + defaultWorld = "/srv/minecraft/ifsr/world"; + }; + services.nginx.virtualHosts."map.mc.ifsr.de".extraConfig = '' + allow 141.30.0.0/16; + allow 141.76.0.0/16; + allow 217.160.244.15/32; # jonas uptime kuma + deny all; + ''; + + networking.firewall = { + extraInputRules = '' + ip saddr { 141.30.0.0/16, 141.76.0.0/16, 217.160.244.15/32 } tcp dport 25565 accept comment "Allow minecraft access from TU network and jonas monitoring" + ''; + }; + users.users.minecraft = { + isNormalUser = true; + isSystemUser = lib.mkForce false; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILkxTuzjS3EswMfj+wSKu9ciRyStvjDlDUXzkqEUGDaP rouven@thinkpad" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOhdjiPvtAo/ZV36RjBBPSlixzeP3VN6cqa4YAmM5uXM ff00005@ff00005-laptop" # malte + ]; + }; + security.sudo.extraRules = [ + { + users = [ "minecraft" ]; + commands = [ + { command = "/run/current-system/sw/bin/systemctl restart minecraft-server-ifsr"; options = [ "NOPASSWD" ]; } + { command = "/run/current-system/sw/bin/systemctl start minecraft-server-ifsr"; options = [ "NOPASSWD" ]; } + { command = "/run/current-system/sw/bin/systemctl stop minecraft-server-ifsr"; options = [ "NOPASSWD" ]; } + ]; + } + ]; +} diff --git a/modules/monitoring.nix b/modules/monitoring.nix index e277876..3166ba4 100644 --- a/modules/monitoring.nix +++ b/modules/monitoring.nix @@ -85,6 +85,13 @@ in }]; # scrape_interval = "60s"; } + { + job_name = "rspamd"; + static_configs = [{ + targets = [ "rspamd.ifsr.de:11334" ]; + }]; + scrape_interval = "15s"; + } ]; }; diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 6ab4a25..5688d47 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -15,7 +15,7 @@ in nextcloud = { enable = true; configureRedis = true; - package = pkgs.nextcloud28; + package = pkgs.nextcloud29; hostName = domain; https = true; # Use https for all urls phpExtraExtensions = all: [ @@ -30,7 +30,7 @@ in database.createLocally = true; # enable HEIC image preview - extraOptions.enabledPreviewProviders = [ + settings.enabledPreviewProviders = [ "OC\\Preview\\BMP" "OC\\Preview\\GIF" "OC\\Preview\\JPEG" diff --git a/modules/web/crimecampus.nix b/modules/web/crimecampus.nix deleted file mode 100644 index 9f9e3ba..0000000 --- a/modules/web/crimecampus.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ config, pkgs, ... }: -let - domain = "cc.${config.networking.domain}"; -in -{ - services.nginx.virtualHosts."${domain}".root = "/srv/web/regex"; -} diff --git a/modules/web/default.nix b/modules/web/default.nix index c50add9..ca0745a 100644 --- a/modules/web/default.nix +++ b/modules/web/default.nix @@ -1,7 +1,6 @@ { ... }: { imports = [ - ./crimecampus.nix ./ifsrde.nix ./ese.nix ./infoscreen.nix @@ -12,5 +11,6 @@ ./sharepic.nix ./userdir.nix ./ftp.nix + ./hyperilo.nix ]; } diff --git a/modules/web/ese.nix b/modules/web/ese.nix index 780ad13..93fc356 100644 --- a/modules/web/ese.nix +++ b/modules/web/ese.nix @@ -5,7 +5,7 @@ let in { sops.secrets."directus_env" = { }; - environment.systemPackages = [ pkgs.nodejs_21 ]; + environment.systemPackages = [ pkgs.nodejs_22 ]; virtualisation.oci-containers = { containers.directus-ese = { image = "directus/directus:latest"; @@ -21,13 +21,13 @@ in "DB_DATABASE" = "directus_ese"; "DB_USER" = "directus_ese"; "PUBLIC_URL" = "https://directus-ese.ifsr.de"; - "AUTH_PROVIDERS"="keycloak"; + "AUTH_PROVIDERS" = "keycloak"; "AUTH_KEYCLOAK_DRIVER" = "openid"; "AUTH_KEYCLOAK_CLIENT_ID" = "directus-ese"; "AUTH_KEYCLOAK_ISSUER_URL" = "https://sso.ifsr.de/realms/internal/.well-known/openid-configuration"; "AUTH_KEYCLOAK_IDENTIFIER_KEY" = "email"; - "AUTH_KEYCLOAK_ALLOW_PUBLIC_REGISTRATION"="true"; - "AUTH_KEYCLOAK_DEFAULT_ROLE_ID"="a6b7a1b6-a6fa-442c-87fd-e37c2a16424b"; + "AUTH_KEYCLOAK_ALLOW_PUBLIC_REGISTRATION" = "true"; + "AUTH_KEYCLOAK_DEFAULT_ROLE_ID" = "a6b7a1b6-a6fa-442c-87fd-e37c2a16424b"; }; environmentFiles = [ config.sops.secrets."directus_env".path @@ -69,7 +69,7 @@ in }; virtualHosts."${domain}" = { locations."= /" = { - return = "301 /2023/"; + return = "301 /2024/"; }; locations."/" = { root = "/srv/web/ese/served"; diff --git a/modules/web/hyperilo.nix b/modules/web/hyperilo.nix new file mode 100644 index 0000000..83fcb11 --- /dev/null +++ b/modules/web/hyperilo.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +{ + # provide access to iLO of colocated server + # in case of questions, contact @bennofs + services.nginx.virtualHosts."hyperilo.deutschland.gmbh" = { + forceSSL = true; + locations."/".proxyPass = "https://192.168.0.120:443"; + locations."/".basicAuthFile = "/run/secrets/hyperilo_htaccess"; + locations."/".extraConfig = '' + proxy_ssl_verify off; + ''; + }; + + systemd.network.networks."20-hyperilo" = { + matchConfig.Name = "eno8303"; + address = [ "192.168.0.1/24" ]; + networkConfig.LLDP = true; + networkConfig.EmitLLDP = "nearest-bridge"; + }; + + sops.secrets."hyperilo_htaccess".owner = "nginx"; +} diff --git a/modules/web/userdir.nix b/modules/web/userdir.nix index ad40959..25f5bfa 100644 --- a/modules/web/userdir.nix +++ b/modules/web/userdir.nix @@ -56,6 +56,7 @@ in display_errors=0 post_max_size = 40M upload_max_filesize = 40M + extension=sysvsem.so ''; }; }; diff --git a/overlays/default.nix b/overlays/default.nix index 7240ef2..05bbb9d 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -2,6 +2,7 @@ _final: prev: let inherit (prev) fetchurl; inherit (prev) fetchFromGitHub; + inherit (prev) callPackage; in { # AGDSN is running an outdated version that we have to comply to @@ -13,16 +14,27 @@ in }; })); # (hopefully) fix systemd journal reading - prometheus-postfix-exporter = prev.prometheus-postfix-exporter.overrideAttrs (_old: { - patches = [ - ./prometheus-postfix-exporter/0001-cleanup-also-catch-milter-reject.patch - ]; - src = fetchFromGitHub { - owner = "adangel"; - repo = "postfix_exporter"; - rev = "414ac12ee63415eede46cb3084d755a6da6fba23"; - hash = "sha256-m1kVaO3N7XC1vtnxXX9kMiEFPmZuoopRUYgA7gQzP8w="; - }; - }); + # prometheus-postfix-exporter = prev.prometheus-postfix-exporter.overrideAttrs (_old: { + # patches = [ + # ./prometheus-postfix-exporter/0001-cleanup-also-catch-milter-reject.patch + # ]; + # src = fetchFromGitHub { + # owner = "adangel"; + # repo = "postfix_exporter"; + # rev = "414ac12ee63415eede46cb3084d755a6da6fba23"; + # hash = "sha256-m1kVaO3N7XC1vtnxXX9kMiEFPmZuoopRUYgA7gQzP8w="; + # }; + # }); + # Mailman internal server error fix + # https://gitlab.com/mailman/mailman/-/issues/1137 + # https://github.com/NixOS/nixpkgs/pull/321136 + pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [ + (python-final: python-prev: { + readme-renderer = python-prev.readme-renderer.overridePythonAttrs (oldAttrs: { + propagatedBuildInputs = [ python-prev.cmarkgfm ]; + }); + }) + ]; + keycloak_ifsr_theme = callPackage ../modules/keycloak/theme.nix {}; } diff --git a/secrets/quitte.yaml b/secrets/quitte.yaml index fe5cb67..e917f2d 100644 --- a/secrets/quitte.yaml +++ b/secrets/quitte.yaml @@ -34,6 +34,7 @@ bacula: keypair: ENC[AES256_GCM,data:d+ogqLfdUGiUnyL8nhlVO3JQUX065hx0Om8mSX2zE701MLPhM7riCkpW3DiKcKgiPSMWBWrEqYtMJzr3rJmwqOEp52M+Oj/meR9o4lepJ9tfYoXOft8TIz7lslBS/YCnIV/3PO9B6fjBPxoSEU8cWoq0KExU3UM8NdsRK07SdgzO6cOkVdkGGpplDCAzKX31tgDDcryjbvgaxbIKIL89OepdAcep9gOOEeJx4w4ACiwE+BP4e5ZzCfxiObx+D9SdzUl5dmyg5eTER/DstCpociEis/FQK6dlAk2+njnrDJKl1cis3rlH09w2GSCmfej9f2Ecm2zPfgKQLv8Rj6Yo95aCRisqoseJJo8L/hqbfrMOKMGuiynEh6lP4PMHGSrfqTTS4et7OeDit2mw9O+n5qbfFclB9BxVURcbrB/K1PZwFHmbBm4K3rSo7mKLnRssTno3lWLgL2txTcNnWn3s2r1pbaU57g4SubU75rgoUJVALL/EA9OaOqSLyvns8XEXZUPMzxSy9tUladnr7bqB6EDbZ3r7QflCWBQ79ZrDKCxax4v6je8wCvo16xjfHpqjEi5+kH+B0OsuQ/HwvIcKWImN69c9Y6Zjhr12tkhH9wM5W1BVb8qyRaxiR9xIlHSOKWqeojubu7TsF9oSCwMv5xutlYa6mnJ0Da5V7yPeW4L6VXdYLEwAgGucDDqIvkIVnn7CT/cJ9tcQ1EDk8Wbdi1D/iM3X01TQX7aX4516yAwQQWcDXVHENRNm4AAO1uxYzVGWO7HhgqZzCmKcX1kD1pC69o+d2obZhiymNFJfAyvoAuUh+pD11eGGbKqmXtiVXC5PxxKUfq+zwnYpe9FWFXlOoNaY/xq6PxHr+Xq/5PnZYjTKa2jEEFX851LMW+JIomVlctWsHqVYknnHiJVC/huIuyUgDKZwCWOrsQlD9+gMK7uwVV/g5lTG6NRLLGsFq22wKmJbdyXBj/sRKtAepuS6JWBm7OLOqWFHP9ggFIw0EWtL2UcSLTajGKXXx6nu9uuloiVuHGGwkBEwJwXWvFlSHbErBr9KEWMCmPYwthQfX7EhawqaUmtJ14442G/9zF79PV96SV55IlicMHa7Mj0P7q/WMtwSAZuZcAb09XFEwayWHLvc4m8LxV08cKkft8H27EJDbc9cqspunu0rtlKsPpFXXi3Nj2S6ytLWLK8OON4ZTuBxrE1Od78nMLkuqJboxTE40bM5PAJbHWD1cLALf7LOMOkPuhnEl9R5pbJoM+U/+PsArufHb3qHbDdCS49ythxdzRqLU7teX/9DGeIDknmzuqZx4KIt/F5hlfFRflS2GpJnc8a4s/6nGNFKAiOail9uI0LWLxYz1pjXNoL3z9YflBUrp5rkiqbsXhihA3RYfaqiQQbvkFYcsYfVpHFkI8fkhMQ/lCJG2OORZAoafE4GI+w3m6uFN58V0OIqgyaMYna11CZWzsx8zAurHH7TcRvXSV2/sdk5gRk/EyWzrClGbajMluBbedIEPkOyAb+y0jtMSGMV73hFspqvgzNKueikcQ9azZ0pl/D4JuIFXGVlwfXPjJJ9Y/Cdk3N4JIpvEMeLs39YARFW6v+TdrvRL/AzUcUiWQsjhvyUYkE1k02nXLLdv9vkMWh7pIO0t9meMucxVCJBE7OgSf5f224m2Wnwwfp+yxsTktQBobydtzlnphzxo/wcxRJ+nGBfSA1wJj90qc0uSUrmNZ1KG3QNpwiLmYdFElKZZByByc8oD/p1VEZZAxVGKFmORLEWDU6bLz32NNiQr/zJLbTCdp9+oFbbTbQnUnvLY/L6B4UkNfRwI8peNGS6cnzm5lPMph4p6tFjju1yNpVfcrkpDTMBZMW2HvR1TJgaEpj4mR2+wYMIEXE1lj6lh6YmJdVdat8w3TX+ZXbrs4TxFYkJ99stb1b1nyVDAVDmVHWdtlxUDnwplCpv1joxoCkEhZSoNG38JaYvqsr+eESgDXF4g+coZlkrO9Bbur94KE6jS820BzdmgE7AZCoIkPHKMRTid5gYY7tvrE1oq0SZIloijLiMH4XyhoM4nYHsp2QpHl3pvglV3n6cXDN2ewVHcuQee06U3GbvPSC4Jvao2nF5LWG23ILJ0PwB7r0lfszLGy9wnprgldCp/w05Se5kIB66jDnQv+mz5rVDXoEGyDxGs+XPyzTpp7KmhxU4z3mmTRFFQSOSVf1ygzqYNLLU5Apx3UNKSbVNwdiA0TzH5LzlBY5eukoPjjyzMVqhLyrstqTpjSgWEcw3is2Y2OG1V/zDr5X6oRNGmjbvGAt0x+ApWLW7ycGPX6yUYNyjN/J3zO32rmOl3Q/Y3SzM7jnnRaw3qy3HFrVg+FLwsvhnyVWKePlzmOBFeufAPNBvqe2X659cM1N+3xQVbg41+DDK7OqerU2k7jm7AX2w1cZsLp1wLxMrXoGqTNGvwrzX7IjHoyNAggCjLwTzCC7IfkJi9SfYV4YTku3HFQa47hxpQbK7DkZyFE7BAeoIbxUohDgPjf8zGrZIsGZ+2E1dFSK7P8gmv3gxBMDLWFM5ZgIOcpj/3vMgdcKbObAWQQyY8UQqSkMDwbVRBF3nj6gFz1zoC7ZVTITyAxfG/TZeK8mpnNW/dVaCC5Sg3JXsOGj90L53BdSRkz8k8ONZIjRv14zNPI74uadiyo2P56Cc8hAptoQZlETzd41xajHYYn/E3eXBSy1eh2w2bLsqCmsqd1PwEWgaiPKAO+Np7/gWPRh5qaJ67mUeuRs2B+XfEEw/FiYk2/2zt0kMlbA0Nc8iMRzoPsOK7fKVQ+mxV188nOOtkuujPMLFliSiCkMoMhxgzntaEmRZx8f206EG3QgicJf9Pbtk8elCzO038uxki559zZkSx5TLVUHiClSI6+mHHfvjpLxfnGITrorFCOOuSvg+eiM2sxmXrHRAFT/SYzdzskjTmqWSrMMAMUY/N9KPE5fYylwPQETruV6+VuB1I0x0qxLdFE8HZEWj5+JvjrHl1Si2MGLNCbdLtotsWqju6G1djoY4KAWLohxiuwd9776kJk0iv/QzN6mt9eh2WWkvk7KiW7YyUnyfIjhcZi6ZAkmdMynEj7dGlJRy2jZMdafaz10PPJYMNsKnUs6iHTJ9lE+fOnEhEPXj6LxDTrBerXv3pI8XH6A4gSTjuEi1S6gz9Tp2O/jFnAMoZV9audf8CKraYuTcttaM32X2JDsFmZ4+RJAC6n1glsdL4cGMeDWIk1uxb+mRlpuTxDm62ObmA2GzGrrXz+Zd6EuNgy2A3hQpyoUUMZhiUUGQG058XuHh4+YtP201MhvkRK5DsHV1ugbooIazy1ESAGgo37Gu4RbTkJ37XPSXdwx1i4igQLJcM5oRP9TuuBWv/gRIcmU8amJMAINTZ2SbTd4FsOxTFRk1cukv9L6vveh7DGM42tz8yclmlKwkqv4PdVN8pkhUiCCeoyP4Ti8Ao/Ox1fk+4T0/mXWMywDi1tb9fZ+P+Zdv9xRpa6SwwOyVMdxWl5OHmNLZWwnSU9aeafk1LPX+jgQnGZedZB/0Iwiken4jg/sSf2ucT3wp5IKwBPl1qnqbFXWsnMytsS+DtVXkCk/RhyFv02ucbn95oEIudDp4fZH108mFsMHPxBahJWqCmSwWS9yq3dM0Smce8MUxXbgLGM1vM2nIxFG84HU7RJEqnc4zQQMMuMNV0ehm+ffLiBuvxN0RzssNWhDRk9iMIrXX2taFofUdW5vqoLvSbyvovmbFN6sAwYh1q1IW8OKn1yQtLFm00+C6bjbrhTK7xLPQZ50lOs2QbbFtGRAj6Es9H+waHoUXExwA+KtTyOCJuBlox77VfJ6MEalQi/rmOPx0tkP1/zUHsZbF3RzlewuarHnHiXsTrMbl39vl3j7hN1weNsCfqIBD5gDWVwkWZhrphiT3YYU6JgOYF8/vzbN81f/CddYybW+A8vGUm+zTTyDqXMJRlH2T2oZUduaEeowTukduPmz0pvSeiRZbWjEvxAfO93QA9dEssR6kS4ZwxW+q5N3ECr7wbo3ttHDJqSrEg9jOuQTLFxsRvNWzFufR+H1/p324/RJEj6RLvlwWT0UcSZHVdyFRJlXMLp3rIeIVJIr/eAVNwqAMRs5Zw9J2nE2d5hgZvWLEPZnNrIbnAi5XDa2ia3s6Lkqrgdn6PvITyWVFk9ecxou/2SzWjKVQYTe9XZsocI4aME7wVHz3Z1/jnAOaV/xAxFkfs6YBe/GoyDctUNh9FQsrfmnn9vSpv88GKe5pzUgx1rOP8ujbN92E/VTqpUOYPBS+p8ARiO3VogXufZ+lro69g9YDHs9xQDqUtWOdKd3fb6oLdCdArFZa8/ke5aUyYFxORTbxUgCqgSbk7LhtvfCMustqpLLN3dU1nVIv0H6Xp01KqArJKwtOFnAt3xJ0Ir/XT/0XVd8fjZAkXc/Wb1Tj4UeS0Ae0aC5Xq7BKdxWy8PB/7NEHC+tzxuYbgcIATWkARnWDgwtnIaByItH/eJjO/1K1xozd+Hh/+7IfhLoJG5gru556s6O2mlQOYEHixGBmOaAkPCayfYxjI4hQv9xIVPg2RV/zDl1nK0ewohizPgEaaz5N3zUkvbPp7USufj9+xVhdSFqSqjms70qYoUYixaSN+CJRsb95UQjg7/aKLIE6XqPDEGZxAFEU/P1AJaWBF2NGMV9NCdTfZCrWqoNVvM7Vnt+qpiEcmUqtSqZjCdSNSl/C5MUm2Lp+5VNfJMv4tiZmOLh6iJ//ii6+cha5+r8em2RpIte9R0bZZXX0TshUVpHOxnuVcswrb8b37ijIxfn5ssRgU9yJptT1PZD/P/65UEVTVvgi9bv314wBRJtZDJJR1sYEEf+GGOIIprIpiOrwOE5ede/liUMJa/vwAwWEiIsAWvU8S4EEpVIbgoZOGQHKQpA1grcpgGj+p81UZY/GWkFvLK4D256a/5spUmr6fvpEStRDARmi2BGLuPviUiyNvXFYzOMqGfx8VxlpX9vQcvwTWAMwtgk4SS7S9Q711BLcCMpF230SZbiz+OD7eyfKOfa+JlxY6orPY1Xt46zmC8FyVV8Kq5cnlAMNGBmmdC9FS05LSO0ZWkna8eBM+ul4licjWFv10qq8nG3t8ghwsTTiFQ2Bpz9+3k74TKbcOcH1+qSknsN7gCA+XijCq5DraTrIJCCibvQGeNnf+CwGVadtCJKV+qUhB84clWwVKHd72pdrAw4IjdJQafocPd5PwQf27ZmdnmGFIOG7IRQCMNWu2c//wulypupM5e2ZnRrUTxr+Kg5p8Bm9qivVrUuJIFeK8lzN8E/YoCR1OGQ+cKOZRxfe8sEpwxtGJmi4htQINZ8KEtjZ9OkrqtetrWpUnSZ3nrirkvOOY9cDvZL9I4u4v4eYGKlD3ewbHwmoGKK/UPq5F5Mc9Wms71aGdk5Pqtrnunlw6eeeleHC7XScaUdt66fllfNg0uort6qE5Ern1x04v88l76dAHLAGH3ycHQUNuNo/keddkUcGA/mOiuNUlPg+loDezqo2BxIrsGD5lcFBcy7Fvq6KfcvWbMQiHWwOSgNk6W26M2FB55MtyP5HOsP8+2t/s5eHy0LW/eotsCNOSAvin6LVp+bUt4vub5JqGw5/zJ7imSERo8TbnkNBG5VJMN4yqVIMqdZ2xsRbiYNdKgj5QSUJ5rj1fw5JK/OBIecjMr4scSOXxNQKkMyb/7du3kjEa2l/slsqkLssqqXxQEkaaVvcqF9I9cj2Pf+/D7H8BwxrMjpDkbu2cB4Bde/bAgznJSW4IZebPbOd6QBR6TbNrf/iZva3a8zBNZ7nlVchqcexJtSS5M8NEPEvYSNMfhCXBgpqz8MRUvfGtO8BjVqC9zV6L2t1wInUsdr7UbImUfZpudyX3p9Nfe6bUI7m39pljg5mbhEtfhzgfwdkM/X1rd+ofQa15pg3HW38fwicIWpTk0iKuw0HIxlbz2PZfWjn4r/l9xlHoDfsC1kxkyaAKRJTh5R0MLYmpBHKT3ERE+gXmN4h+S74B0M9OeLu1lcAy57541ZOkfCTOWAIofYPhnVmnmYL3hE17mzFPkOr0u4ZVcdo9ZqGowowVVV5X8nQKJfrS+eWfwpq7m+MLszHvDy91DQaGmUfbgKynq8yceRLXfhqAEEtgLR3QUOXpJVXb/AVIf1M6kSMx3pMLMNZPQfgEYwi4/uZ+i9bb1OyrIjMs2cBv6w2K0NyRe6X2erVnRKdlhhYHM4Farj9Xz4dWoVujU1NofUexu5R3mryQBg4IW/ShDJ9DckMaFATI7/cMEy7ZCJyEsNTDVd7urGUG50+eU6NlyHylUNCU0t/B4DDK18ZAazsBHuWgrRCR14OMztaWsku6NankTU0CK1EXeo6zxLwg7OMV2UrRWXHSkDvdehF5Y3TyhtIIKW/49411lVFuxqITy9IlrwtwD0MAE6dr+URd9Tsmw18kHPUBVUaxnG74Bg97pIKLOkEgBez1Yr34wIvntgkxqu+9ZAaVJhLsx5eoZVpQoMIjN0VLnBTI1oFfK7ckFzRaiK//37eFvGIPKUOqgavZ/+SlCJmjrXx3kwZUMo4lzsu1TyLdGYDd2yKjLH1fyFvDAqABdRgDNjLuIqJFEITjfYXi0fMO5DLHvNyHcKBMDNY7j7ODkwRGVrVViC9j65GxC4wPZ/fWqEQ6MsOrsn3mLW602edd0bgrwuv6xOPcwCajRCkKNkXCkX+T/RZ+h7wneDZum7OJzUIWcb+R5kQvXcu+lJKnA7o1QRkPGb3wbfwiuZhIV0SNshtDRndcFVghcX+/CGD8nZzccts8MQ3/ximHecVvP2fs7p0QBuqhCsoUATwsZOlCZs0BhdRxQZQrEYf1BwNoYEuh0Us0EkjnhRmbI9NiPyI64e2qT7UYpCQW5JsUAI6av8+vAa/qlWf/V17epb/UAWh4EhwuFIdns6jCRqoaif8papTjtZrzBZVNNz+0FJsacAW6v03CQ+D3tWF7dH3VW8w2AZU1f5JKyzeHih6ytlv4iHos4fumoPSjE5Of2E9flKg/+ADQGSAS2JNPD11yZGdM+YO1+fW5iszD20NfPUBfpQt/ohwxNzdIgX/PZsfwf27Oam0qP9OBueLT8cKakY2ilSnzTLYzGqxJWhg6MJxA+pzqow4,iv:pxhCdbDA0jZLRFLg/2cXy9j18nvWOgIHMHrgkAfYSbo=,tag:4Z73qrehEkiLca2HO1MhKA==,type:str] masterkey: ENC[AES256_GCM,data:YvkiTf1tXMK3Q7O3v/MNMulc7Z2lgDNVLb3KrFx3oh0gsIdwbEwwPMQB28YolWIIzjhKwX189mvG7hIjl6SsG/FqNDE5B1chrrof06EGiBghdPjsvBW4gvuzsxO3y+HOBcq5FEGzltgYvUSKg/9Kw55ZIGbvGTRreMN/skg+mRC/G0DHaXRkPDbPf++SJ3Xcog8Tltjzg8BKjnQqYu6M7t0ofJ+hqj5HAFO4TxBO2yMfeRdHmKhLY9xwjFPcYy/2AuXIlPS1PWi8BNL/Q2wMTKkK3X5cC+l9vwbx6r80i7z+JA6d+2pNkqz5KU9ZCmsQZAXM6TeiuSP6uIbAcu3V1iUXODZOcsXAY1wJuV9WGkJ1IrPLEhO/xjpMX8Un220rH18U8WHFdvWwEbgPRvXdCWSXFRW5oeIFOfLoP3M3POK6boXnDr32/tadeojMplTU4OSGb5PGFvrQKeiesSgZU+4vlV0nJZo21rlIDMLqYeSYfpsSLZCMqdYVhrULHMUIbAnNpBeTbtZeZCHu/XD9/J2bgPYHGL8ker53qa05/x9Qd/VMXb0qAkgDhItLO7a+VDpc6ikgsQvShAZiZ789yYLgY/JWJh+GKb2NvIGRLfda8P/mkDaTax81yB+L0SM9ZsZ3wjXVyyjeuVimLKX+4lafl0Oui88Jx2kzRaCLwmhv+XPmR2poDVmY9nV+KsgSSBRFwYkhzRh8d5tvU618tnRO6hXFueI+L2Sw3u2O7xcYs1E7+qe2MRUrwZvJeh1k82kTeSAQtGtmugGcaG3dMgPWZ7dH3XWC9jxzaL42zlKPzqCjEk6wsHut9gE45Rbu87TU5eF4c4wcNfxjizdDSYIwoin89Qr3jLcnjtQ0CSLqyUzm1VG7VxWEQ6kOu8hOuPqPC+GG0sB8zROaQFl2itGVK8rQ8Wl27kdC0Y2OQ66oyLO5av4KfHhelqHmrEyc0p6zKmckEsV7A0odXJMhTEp57U4dsjl/GaX/JTJRTtppmt4aEZ4S4RyucXFgenshVVEIeNc206ou74xvLhiXc3XNUq4Nwp1vbbDM+6vvSO2mNNCs9ZOyfo3tv/yGXqflhdOyEdGW763mv5ifD2CpKx+pKxzVpwMhTE9cPQr2S5rkCLtuO066ZSYGR+QUA/B4iqFMHsh8NL1bhG/nPmsQcKHb/BWpvKgoG46XlAD/lArSq0jIkyWg64IvHeXvM+0I00H47/vXulbad9cXq7t9tJA/jkS6YAsUN6AxUr2998DXi6Mu0y03XEk5/tZ5ISvzjlhDkTtFcxVo84+FRKwKq7lmrC9hG6IZ7fFz6r4n4tzYMeCIotshA4xGVljNpB0e6zemrj7rCyWB/MIbtUEna0E/j4pkqIX/bFLnovYFVaiF2DHiTj+LM6GqX0MGbUWF8BJc/i/8xPpGTojaKCLeMBQcRykdwwBIoVSBghQPR+3Q3On2CgFvix/TmgH8nabs02Kmift1effJm8M16+xAH0/KTbp/YuUFstmsdr6zrOoiPDVN2CzMO7GukiqM2D1YjRld79SnbeBJ/m4rFx0rZT9AwWNWn1T8XDvG/iEqQEUWqplvJfF4B1USJE1wdDF18tS/T+N3X1ivFpCmCfcGoHm55MoHofYbM47kWGEOV6RbbiVhtIzervk6kN2LD/DENQ5Qe93c7gefSiO3RubwZXZWPKNqLQSnBRk/cm2XqfAkiK3TUOzdy/sXkDpz/9ak73jjl7mnNbIc2GsVec0P13A73v+6Yk+wMuboLaLpQxrJggT8dQ0yZzmj3S03P/p30zLL9PzH9M9Vz52ACYrdosP9xXyoYVJw0yRauFCTCD6PF9hRiWkdNI7GFPxP8RmMK6d33YdxXZFD0xvdfcB3ZUUll69nGtzU5Q+5S2saWQyXznL+pAKvZ4+IQnFwe9WjYWuPhqBVywsXF7/O2PZeg+Ba4vld+fazHm8R8WHy71sLFpqTgUdUICqKidP5gs7Rs2P5Iq5M+sWPo7UuBAIkvQ8EVPLn15t/Bt+MDQaxp+pE98sNxzQeuAXln+oP8/iwc/9tdBTchCUKq7fAQbSBy2jSS+lASbnBEPphlIH54MeJEA+1Wq/UxjmguvKA51VoA3dR23+yo6wxu4e9JI8qXIcZTvG8eqTJ/QQRF3xNFIgNn2J2+2SAvX4E091QTIDcceiRd62p7IiSG5bXOiEpLuUf410XDTBSh/KDT7lgJneviyCeclsVkvjdo4C373/pomMa+TjeyyICaokyyxxJ8RSc5B7U6vwXdQQ6dZkRrgE0Xcifv/sksn2lO0iqq5czjprb7ubAh9o/KNOnZq/6UpGHqOFfU7wpNWBMoEO9DpFFllpPnHnY7IkTQHsp/ZMgSsgvoOEw5AELf81klcUpkiLbaaDkqt8xx6bWhhzfnZVOYde7bIVvlXRxCCeP+QqpxAzdMLPtF9+lTAdPnD/8jaB5s2mvKxIk96lgNb91ARhGVRCNCsF2DJ3L/n2V8XH88OMjfdQUWDaYD8gtNFKSWizZSeqAdh5YngsGirzgc2JlED1fSET9qR4YCS2e9vWk/l5zfmdmUjayOqhtNx2Ww4JAIvmjDDkL2nLtyy0iIoGn1KUByFJkU+VhPlXzWZQ4qfURfCdZeDgx35rkmpcoFUK+7budj1LoCK+z6gdiocMH4x/V7F2Oh7VKlVrWEMrvDMws6D3MNv+qHGacjPBEXlPJC45FzeSCu5dVNycqmuRJmr9kpceBNF1cFIrHhrn3lHaodLd9sw5MjdlFD2m8zA6jJrYHCjpi/bpCjy3fGBujRA==,iv:TZrIcQKmo2UtO0MdBSWJZmn0nIZ0cjStD0SZLoiHkT0=,tag:D0qeJLtY0cwA2yDdCP3UYA==,type:str] zammad_secret: ENC[AES256_GCM,data:Ok01cE+lgNaN0+wLZuBD6k2gsyTWDFVXEPprEvdwlIAQvwqYu2nou0GiCEcm/NF2cgsxERH2rYxxS/lPXIQxXjvHHLfovLSMH+Kd1F/T+qWZioDz7tzDV3GBom52c92kZ4XO2F3udku8IQLGsR7J6eA/xY7yj1g2CF7Vt37BMkg=,iv:5cdEBtgjXoJCve8PJDUcLQvXwe7sn/mgZIOUhzJtr/c=,tag:4fLmvfG6Ujcb5J3YGjP7Hg==,type:str] +hyperilo_htaccess: ENC[AES256_GCM,data:FuHR9S6FhVyraJ6w9j6RTUryCqgVrhpfQg9y2OdnaqMFNcIR239OBmvqn+WlgFxcMqJtpIKe8ixBZq67pjxbSl2p,iv:zKMyhEJ160MN3+54csuurMXvIAFfWG95bv/cIH3hqJo=,tag:Nr0G7qx8cdpNoW3t5P1CBA==,type:str] sops: kms: [] gcp_kms: [] @@ -49,8 +50,8 @@ sops: c2lzVGV6WnVQT1pOTTVwRUxlMWZobWsK0CrDl2ELoYOTrMt3uN3mgBSyaYqOQY4I vBK12PV9FR9GFpKN4kGB03PZ0gV0N1zlcCHpnPCUuHwbCvvF2+vCag== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-19T09:13:57Z" - mac: ENC[AES256_GCM,data:LqmR0jd8pD+l45o7cdxnuoDZUSBfPqL6o7AFtEsWeqEYi/Lbv+LLIBXIlUgG2BnOk2d78kmCFGqAl0F8Hi8qohG8Zki4FsHFDnrfXDlRZX+7J3TCvk/TIQ7NHqA1DjPf37WFuJWxUaW7oeeZVyOQ9KFgaenQMBt/eehiHpgBfW0=,iv:z5nD7ntEF3+Op9Dvg2h4jf2MPtfXsgRoH6B8MMi8Ius=,tag:4BmArd9jw1v/6HU7tat4VA==,type:str] + lastmodified: "2024-09-01T19:00:49Z" + mac: ENC[AES256_GCM,data:actvHBjLWBsKyU8U4mHApckLZ0ncbNaJeqRd0DgC/oX8hZ000/mfyWFT1NiZzbohaHh9c3KI6HvdwhJKvU1qIpnILNe89Y6iTQGbMLRNTemKaWuo9266V/vqLT7cy7JLsxoCcCi8a+AWja7H8k7tXixFz7/dwBE+nzWhdz0yju8=,iv:EsQvThgS/fgE4ygAdwQSbg5yH9AbUUvE1YGKtHV+BoM=,tag:hYiOsia05MhtIUh9JfpXMw==,type:str] pgp: - created_at: "2024-02-29T15:23:23Z" enc: |- @@ -188,4 +189,4 @@ sops: -----END PGP MESSAGE----- fp: FBBFAC260D9283D1EF2397DD3CA65E9DD6EB319D unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0