diff --git a/flake.lock b/flake.lock index fac1b4e..37b4e24 100644 --- a/flake.lock +++ b/flake.lock @@ -3,7 +3,9 @@ "course-management": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs", + "nixpkgs": [ + "nixpkgs" + ], "poetry2nix": "poetry2nix" }, "locked": { @@ -40,22 +42,6 @@ "url": "https://git.ifsr.de/ese/manual-website" } }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems" @@ -110,24 +96,6 @@ "type": "github" } }, - "flake-utils_4": { - "inputs": { - "systems": "systems_5" - }, - "locked": { - "lastModified": 1681202837, - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "kpp": { "inputs": { "nixpkgs": [ @@ -135,11 +103,11 @@ ] }, "locked": { - "lastModified": 1724255946, - "narHash": "sha256-YVT/QE2PCDzx4eq1i3PqOOpQVXJstN18e0sFB/UbAY0=", + "lastModified": 1708628927, + "narHash": "sha256-1ObvmmEzbW2YjY/jJyfOoxhxIe54zcsOBMzgehnclRg=", "owner": "fsr", "repo": "kpp", - "rev": "ce98b985201a5453aee708a3fc13bbccf2357f8e", + "rev": "05e370097af21ddb776bec907942c60e6aebc394", "type": "github" }, "original": { @@ -177,11 +145,11 @@ ] }, "locked": { - "lastModified": 1724576102, - "narHash": "sha256-uM7n5nNL6fmA0bwMJBNll11f4cMWOFa2Ni6F5KeIldM=", + "lastModified": 1716170277, + "narHash": "sha256-fCAiox/TuzWGVaAz16PxrR4Jtf9lN5dwWL2W74DS0yI=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "e333d62b70b179da1dd78d94315e8a390f2d12e5", + "rev": "e0638db3db43b582512a7de8c0f8363a162842b9", "type": "github" }, "original": { @@ -190,35 +158,45 @@ "type": "github" } }, - "nix-minecraft": { - "inputs": { - "flake-compat": "flake-compat", - "flake-utils": "flake-utils_3", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1724982042, - "narHash": "sha256-IwHIZYo1fyloQxvBy15QVzMALNEa7Jo6tzXVJj7U9Ws=", - "owner": "Infinidoge", - "repo": "nix-minecraft", - "rev": "32b632e29b141cc4c441b6e5504d33a9564dc3e6", - "type": "github" - }, - "original": { - "owner": "Infinidoge", - "repo": "nix-minecraft", - "type": "github" - } - }, "nixpkgs": { "locked": { - "lastModified": 1701253981, - "narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=", + "lastModified": 1716361217, + "narHash": "sha256-mzZDr00WUiUXVm1ujBVv6A0qRd8okaITyUp4ezYRgc4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58", + "rev": "46397778ef1f73414b03ed553a3368f0e7e33c2f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1716061101, + "narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1716509168, + "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "bfb7a882678e518398ce9a31a881538679f6f092", "type": "github" }, "original": { @@ -228,39 +206,7 @@ "type": "github" } }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1721524707, - "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { - "locked": { - "lastModified": 1725001927, - "narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "6e99f2a27d600612004fbd2c3282d614bfee6421", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1682134069, "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=", @@ -325,8 +271,8 @@ "ese-manual": "ese-manual", "kpp": "kpp", "nix-index-database": "nix-index-database", - "nix-minecraft": "nix-minecraft", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", + "nixpkgs-unstable": "nixpkgs-unstable", "print-interface": "print-interface", "sops-nix": "sops-nix", "vscode-server": "vscode-server" @@ -340,11 +286,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1723501126, - "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=", + "lastModified": 1716400300, + "narHash": "sha256-0lMkIk9h3AzOHs1dCL9RXvvN4PM8VBKb+cyGsqOKa4c=", "owner": "Mic92", "repo": "sops-nix", - "rev": "be0eec2d27563590194a9206f551a6f73d52fa34", + "rev": "b549832718b8946e875c016a4785d204fcfc2e53", "type": "github" }, "original": { @@ -412,21 +358,6 @@ "type": "github" } }, - "systems_5": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -451,8 +382,8 @@ }, "vscode-server": { "inputs": { - "flake-utils": "flake-utils_4", - "nixpkgs": "nixpkgs_3" + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1713958148, diff --git a/flake.nix b/flake.nix index 92e57b7..422d82c 100755 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,7 @@ { inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; nix-index-database.url = "github:nix-community/nix-index-database"; @@ -17,10 +18,8 @@ course-management = { url = "github:fsr/course-management"; - # inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs.follows = "nixpkgs"; }; - nix-minecraft.url = "github:Infinidoge/nix-minecraft"; - nix-minecraft.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = { self @@ -32,14 +31,12 @@ , vscode-server , course-management , print-interface - , nix-minecraft , ... }@inputs: let supportedSystems = [ "x86_64-linux" ]; forAllSystems = nixpkgs.lib.genAttrs supportedSystems; pkgs = forAllSystems (system: nixpkgs.legacyPackages.${system}); - in { packages = forAllSystems (system: rec { @@ -71,7 +68,6 @@ ese-manual.nixosModules.default course-management.nixosModules.default vscode-server.nixosModules.default - nix-minecraft.nixosModules.minecraft-servers ./hosts/quitte/configuration.nix ./options @@ -82,26 +78,21 @@ ./modules/courses ./modules/wiki ./modules/matrix - ./modules/minecraft - ./modules/keycloak ./modules/nix-serve.nix ./modules/hedgedoc.nix ./modules/padlist.nix ./modules/nextcloud.nix + ./modules/keycloak.nix ./modules/monitoring.nix ./modules/vaultwarden.nix ./modules/forgejo ./modules/kanboard.nix ./modules/zammad.nix ./modules/decisions.nix - ./modules/stream.nix # ./modules/struktur-bot.nix { - nixpkgs.overlays = [ - self.overlays.default - nix-minecraft.overlay - ]; + nixpkgs.overlays = [ self.overlays.default ]; sops.defaultSopsFile = ./secrets/quitte.yaml; } ]; diff --git a/hosts/quitte/configuration.nix b/hosts/quitte/configuration.nix index 91f3c3e..6f18e21 100644 --- a/hosts/quitte/configuration.nix +++ b/hosts/quitte/configuration.nix @@ -1,4 +1,4 @@ -{ pkgs, config, ... }: +{ pkgs, ... }: { imports = @@ -16,7 +16,18 @@ # boot.kernelParams = [ "video=VGA-1:1024x768@30" ]; boot.loader.efi.canTouchEfiVariables = true; boot.supportedFilesystems = [ "zfs" ]; - boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + # boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + # Pin Kernel Version as 6.6.28 has a broken networking driver + boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.linux_6_6.override { + argsOverride = rec { + src = pkgs.fetchurl { + url = "mirror://kernel/linux/kernel/v6.x/linux-${version}.tar.xz"; + sha256 = "sha256-Y55QBg48jyPtAXyxDP6sxrqI/1WDgSu3aFm0zGoSgpE="; + }; + version = "6.6.27"; + modDirVersion = "6.6.27"; + }; + }); services.zfs = { trim.enable = true; diff --git a/hosts/tomate/configuration.nix b/hosts/tomate/configuration.nix index 8058b04..7ac0b3a 100644 --- a/hosts/tomate/configuration.nix +++ b/hosts/tomate/configuration.nix @@ -50,13 +50,13 @@ services.xserver.enable = true; # Enable the KDE Plasma Desktop Environment. - services.displayManager.sddm.enable = true; + services.xserver.displayManager.sddm.enable = true; services.xserver.desktopManager.plasma5.enable = true; # Configure keymap in X11 services.xserver = { - xkb.layout = "de"; - xkb.variant = ""; + layout = "de"; + xkbVariant = ""; }; # Configure console keymap @@ -90,7 +90,7 @@ services.avahi = { enable = true; - nssmdns4 = true; + nssmdns = true; openFirewall = true; publish = { enable = true; diff --git a/modules/core/bacula.nix b/modules/core/bacula.nix index 15e309c..ea93477 100644 --- a/modules/core/bacula.nix +++ b/modules/core/bacula.nix @@ -26,10 +26,7 @@ mailcommand = "${pkgs.bacula}/bin/bsmtp -f \"Bacula \" -s \"Bacula report" %r" mail = root+backup = all, !skipped ''; - director."abel-dir" = { - password = "@${config.sops.secrets."bacula/password".path}"; - tls.enable = false; - }; + director."abel-dir".password = "@${config.sops.secrets."bacula/password".path}"; }; environment.etc."bacula/bconsole.conf".text = '' Director { diff --git a/modules/core/base.nix b/modules/core/base.nix index 996bae4..5f4e7b7 100755 --- a/modules/core/base.nix +++ b/modules/core/base.nix @@ -1,5 +1,6 @@ { pkgs, config, ... }: { nix = { + package = pkgs.nixUnstable; # or versioned attributes like nix_2_4 extraOptions = '' experimental-features = nix-command flakes ''; @@ -112,7 +113,6 @@ eza zsh unzip - yazi ]; } diff --git a/modules/core/logging.nix b/modules/core/logging.nix index cc966c4..c242396 100644 --- a/modules/core/logging.nix +++ b/modules/core/logging.nix @@ -3,7 +3,6 @@ services.rsyslogd = { enable = true; defaultConfig = '' - $FileCreateMode 0640 :programname, isequal, "postfix" /var/log/postfix.log auth.* -/var/log/auth.log diff --git a/modules/core/nginx.nix b/modules/core/nginx.nix index 874a122..36e596e 100644 --- a/modules/core/nginx.nix +++ b/modules/core/nginx.nix @@ -7,10 +7,14 @@ ({ name, ... }: { enableACME = true; forceSSL = true; + # enable http3 for all hosts + quic = true; + http3 = true; # split up nginx access logs per vhost extraConfig = '' access_log /var/log/nginx/${name}_access.log; error_log /var/log/nginx/${name}_error.log; + add_header Alt-Svc 'h3=":443"; ma=86400'; ''; }) ); diff --git a/modules/core/podman.nix b/modules/core/podman.nix index 625d25b..ad47b5b 100644 --- a/modules/core/podman.nix +++ b/modules/core/podman.nix @@ -23,4 +23,4 @@ #docker-compose # start group of containers for dev #podman-compose # start group of containers for dev ]; -} +} \ No newline at end of file diff --git a/modules/decisions.nix b/modules/decisions.nix index c3e0c2e..a95bd85 100644 --- a/modules/decisions.nix +++ b/modules/decisions.nix @@ -33,14 +33,14 @@ in }; }; - # systemd.services."decisions-to-db" = { - # script = '' - # set -eu - # ${pkgs.podman}/bin/podman exec decisions python tex_to_db.py - # ''; - # serviceConfig = { - # Type = "oneshot"; - # User = "root"; - # }; - # }; + systemd.services."decisions-to-db" = { + script = '' + set -eu + ${pkgs.docker}/bin/docker exec decisions python tex_to_db.py + ''; + serviceConfig = { + Type = "oneshot"; + User = "root"; + }; + }; } diff --git a/modules/forgejo/default.nix b/modules/forgejo/default.nix index 2a69af5..4e55c9b 100644 --- a/modules/forgejo/default.nix +++ b/modules/forgejo/default.nix @@ -22,6 +22,15 @@ in services.forgejo = { enable = true; + package = pkgs.forgejo.overrideAttrs (_old: { + patches = [ + # migration fix + (pkgs.fetchpatch { + url = "https://codeberg.org/forgejo/forgejo/commit/ae463c7c559e02975ce5e758d8780def978eebee.patch"; + hash = "sha256-cOXPvkLS0n+ynSBTrmEtumZ2PYBeCZmxPpFktqkw6Fo="; + }) + ]; + }); user = gitUser; group = gitUser; lfs.enable = true; @@ -70,8 +79,6 @@ in PROVIDER = "db"; }; actions.ENABLED = true; - federation.ENABLED = true; - webhook.ALLOWED_HOST_LIST = "*.ifsr.de"; }; }; diff --git a/modules/kanboard.nix b/modules/kanboard.nix index 5eb155c..9edc86a 100644 --- a/modules/kanboard.nix +++ b/modules/kanboard.nix @@ -1,65 +1,33 @@ -{ pkgs, config, lib, ... }: +{ config, pkgs, ... }: let domain = "kanboard.${config.networking.domain}"; domain_short = "kb.${config.networking.domain}"; - user = "kanboard"; - group = "kanboard"; in { - users.users.${user} = { - group = group; - isSystemUser = true; - }; - users.groups.${group} = { }; - - services.phpfpm.pools.kanboard = { - user = "kanboard"; - group = "kanboard"; - settings = { - "listen.owner" = config.services.nginx.user; - "pm" = "dynamic"; - "pm.max_children" = 32; - "pm.max_requests" = 500; - "pm.start_servers" = 2; - "pm.min_spare_servers" = 2; - "pm.max_spare_servers" = 5; - "php_admin_value[error_log]" = "stderr"; - "php_admin_flag[log_errors]" = true; - "catch_workers_output" = true; + sops.secrets."kanboard_env" = { }; + + virtualisation.oci-containers = { + containers.kanboard = { + image = "ghcr.io/kanboard/kanboard:v1.2.36"; + volumes = [ + "kanboard_data:/var/www/app/data" + "kanboard_plugins:/var/www/app/plugins" + ]; + ports = [ "127.0.0.1:8045:80" ]; + environmentFiles = [ + config.sops.secrets."kanboard_env".path + ]; }; - phpEnv."PATH" = lib.makeBinPath [ pkgs.php ]; }; - - - services.nginx.enable = true; services.nginx = { virtualHosts."${domain_short}" = { locations."/".return = "301 $scheme://${domain}$request_uri"; }; virtualHosts."${domain}" = { - root = "/srv/web/kanboard"; - extraConfig = '' - index index.html index.php; - ''; - - locations = { - "/" = { - tryFiles = "$uri $uri/ =404"; - }; - "~ \.php$" = { - extraConfig = '' - try_files $uri =404; - fastcgi_pass unix:${config.services.phpfpm.pools.kanboard.socket}; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_index index.php; - include ${pkgs.nginx}/conf/fastcgi_params; - include ${pkgs.nginx}/conf/fastcgi.conf; - fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; - ''; - }; - "/data".return = "403"; + locations."/" = { + proxyPass = "http://127.0.0.1:8045"; }; }; }; diff --git a/modules/keycloak/default.nix b/modules/keycloak.nix similarity index 84% rename from modules/keycloak/default.nix rename to modules/keycloak.nix index f3b88ce..08d5d2d 100644 --- a/modules/keycloak/default.nix +++ b/modules/keycloak.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ config, nixpkgs-unstable, ... }: let domain = "sso.${config.networking.domain}"; in @@ -7,7 +7,7 @@ in services.keycloak = { enable = true; # we use unstable as the release in stable is insecure - # package = nixpkgs-unstable.legacyPackages.x86_64-linux.keycloak; + package = nixpkgs-unstable.legacyPackages.x86_64-linux.keycloak; settings = { http-port = 8086; https-port = 19000; @@ -20,9 +20,6 @@ in passwordFile = config.sops.secrets."keycloak/db".path; }; initialAdminPassword = "plschangeme"; - themes = with pkgs ; { - ifsr = keycloak_ifsr_theme; - }; }; services.nginx.virtualHosts."${domain}" = { locations."/" = { diff --git a/modules/keycloak/theme.nix b/modules/keycloak/theme.nix deleted file mode 100644 index 0500e47..0000000 --- a/modules/keycloak/theme.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ stdenv }: -stdenv.mkDerivation rec { - name = "keycloak_ifsr_theme"; - version = "1.1"; - - src = ./theme; - - nativeBuildInputs = [ ]; - buildInputs = [ ]; - - installPhase = '' - mkdir -p $out - cp -a login $out - ''; -} diff --git a/modules/keycloak/theme/login/resources/css/login.css b/modules/keycloak/theme/login/resources/css/login.css deleted file mode 100644 index 6314ff8..0000000 --- a/modules/keycloak/theme/login/resources/css/login.css +++ /dev/null @@ -1,772 +0,0 @@ -.login-pf { - background: none; -} - -.login-pf body { - background: url(../img/background.jpg) no-repeat center center fixed; - background-size: cover; - height: 100%; -} - -/*IE compatibility*/ -.pf-c-form-control { - font-size: 14px; - font-size: var(--pf-global--FontSize--sm); - border-width: 1px; - border-width: var(--pf-global--BorderWidth--sm);; - border-color: #EDEDED #EDEDED #8A8D90 #EDEDED; - border-color: var(--pf-global--BorderColor--300) var(--pf-global--BorderColor--300) var(--pf-global--BorderColor--200) var(--pf-global--BorderColor--300); - background-color: #FFFFFF; - background-color: var(--pf-global--BackgroundColor--100); - height: 36px; - height: calc(var(--pf-c-form-control--FontSize) * var(--pf-c-form-control--LineHeight) + var(--pf-c-form-control--BorderWidth) * 2 + var(--pf-c-form-control--PaddingTop) + var(--pf-c-form-control--PaddingBottom)); - padding: 5px 0.5rem; - padding: var(--pf-c-form-control--PaddingTop) var(--pf-c-form-control--PaddingRight) var(--pf-c-form-control--PaddingBottom) var(--pf-c-form-control--PaddingLeft); -} - -textarea.pf-c-form-control { - height: auto; -} - -.pf-c-form-control:hover, .pf-c-form-control:focus { - border-bottom-color: #0066CC; - border-bottom-color: var(--pf-global--primary-color--100); - border-bottom-width: 2px; - border-bottom-width: var(--pf-global--BorderWidth--md); -} - -.pf-c-form-control[aria-invalid=true] { - border-bottom-color: #C9190B; - border-bottom-color: var(--pf-global--danger-color--100); - border-bottom-width: 2px; - border-bottom-width: var(--pf-global--BorderWidth--md); -} - -.pf-c-check__label, .pf-c-radio__label { - font-size: 14px; - font-size: var(--pf-global--FontSize--sm); -} - -.pf-c-alert.pf-m-inline { - margin-bottom: 0.5rem; /* default - IE compatibility */ - margin-bottom: var(--pf-global--spacer--sm); - padding: 0.25rem; - padding: var(--pf-global--spacer--xs); - border: solid #ededed; - border: solid var(--pf-global--BorderColor--300); - border-width: 1px; - border-width: var(--pf-c-alert--m-inline--BorderTopWidth) var(--pf-c-alert--m-inline--BorderRightWidth) var(--pf-c-alert--m-inline--BorderBottomWidth) var(--pf-c-alert--m-inline--BorderLeftWidth); - display: -ms-flexbox; - display: grid; - -ms-grid-columns: max-content 1fr max-content; - grid-template-columns:max-content 1fr max-content; - grid-template-columns: var(--pf-c-alert--grid-template-columns); - grid-template-rows: 1fr auto; - grid-template-rows: var(--pf-c-alert--grid-template-rows); -} - -.pf-c-alert.pf-m-inline::before { - position: absolute; - top: -1px; - top: var(--pf-c-alert--m-inline--before--Top); - bottom: -1px; - bottom: var(--pf-c-alert--m-inline--before--Bottom); - left: 0; - width: 3px; - width: var(--pf-c-alert--m-inline--before--Width); - content: ; - background-color: #FFFFFF; - background-color: var(--pf-global--BackgroundColor--100); -} - -.pf-c-alert.pf-m-inline.pf-m-success::before { - background-color: #92D400; - background-color: var(--pf-global--success-color--100); -} - -.pf-c-alert.pf-m-inline.pf-m-danger::before { - background-color: #C9190B; - background-color: var(--pf-global--danger-color--100); -} - -.pf-c-alert.pf-m-inline.pf-m-warning::before { - background-color: #F0AB00; - background-color: var(--pf-global--warning-color--100); -} - -.pf-c-alert.pf-m-inline .pf-c-alert__icon { - padding: 1rem 0.5rem 1rem 1rem; - padding: var(--pf-c-alert--m-inline__icon--PaddingTop) var(--pf-c-alert--m-inline__icon--PaddingRight) var(--pf-c-alert--m-inline__icon--PaddingBottom) var(--pf-c-alert--m-inline__icon--PaddingLeft); - font-size: 16px; - font-size: var(--pf-c-alert--m-inline__icon--FontSize); -} - -.pf-c-alert.pf-m-success .pf-c-alert__icon { - color: #92D400; - color: var(--pf-global--success-color--100); -} - -.pf-c-alert.pf-m-success .pf-c-alert__title { - color: #486B00; - color: var(--pf-global--success-color--200); -} - -.pf-c-alert.pf-m-danger .pf-c-alert__icon { - color: #C9190B; - color: var(--pf-global--danger-color--100); -} - -.pf-c-alert.pf-m-danger .pf-c-alert__title { - color: #A30000; - color: var(--pf-global--danger-color--200); -} - -.pf-c-alert.pf-m-warning .pf-c-alert__icon { - color: #F0AB00; - color: var(--pf-global--warning-color--100); -} - -.pf-c-alert.pf-m-warning .pf-c-alert__title { - color: #795600; - color: var(--pf-global--warning-color--200); -} - -.pf-c-alert__title { - font-size: 14px; /* default - IE compatibility */ - font-size: var(--pf-global--FontSize--sm); - padding: 5px 8px; - padding: var(--pf-c-alert__title--PaddingTop) var(--pf-c-alert__title--PaddingRight) var(--pf-c-alert__title--PaddingBottom) var(--pf-c-alert__title--PaddingLeft); -} - -.pf-c-button{ - padding:0.375rem 1rem; - padding: var(--pf-global--spacer--form-element) var(--pf-global--spacer--md); -} - -/* default - IE compatibility */ -.pf-m-primary { - color: #FFFFFF; - background-color: #0066CC; - background-color: var(--pf-global--primary-color--100); -} - -/* default - IE compatibility */ -.pf-m-primary:hover { - background-color: #004080; - background-color: var(--pf-global--primary-color--200); -} - -/* default - IE compatibility */ -.pf-c-button.pf-m-control { - border: solid 1px; - border: solid var(--pf-global--BorderWidth--sm); - border-color: rgba(230, 230, 230, 0.5); -} -/*End of IE compatibility*/ -h1#kc-page-title { - margin-top: 10px; -} - -#kc-locale ul { - background-color: #FFF; - background-color: var(--pf-global--BackgroundColor--100); - display: none; - top: 20px; - min-width: 100px; - padding: 0; -} - -#kc-locale-dropdown{ - display: inline-block; -} - -#kc-locale-dropdown:hover ul { - display:block; -} - -/* IE compatibility */ -#kc-locale-dropdown a { - color: #6A6E73; - color: var(--pf-global--Color--200); - text-align: right; - font-size: 14px; - font-size: var(--pf-global--FontSize--sm); -} - -/* IE compatibility */ -a#kc-current-locale-link::after { - content: 2c5; - margin-left: 4px; - margin-left: var(--pf-global--spacer--xs) -} - -.login-pf .container { - padding-top: 40px; -} - -.login-pf a:hover { - color: #0099d3; -} - -#kc-logo { - width: 100%; -} - -div.kc-logo-text { - background-image: url(../img/agdsn_logo.png); - background-repeat: no-repeat; - background-size: auto; - position: relative; - top: 0%; - left: 25%; - width: 950px; - height: 250px; - - -} - -div.kc-logo-text span { - display: none; -} - -#kc-header { - color: #ededed; - overflow: visible; - white-space: nowrap; -} - -#kc-header-wrapper { - font-size: 29px; - text-transform: uppercase; - letter-spacing: 3px; - line-height: 1.2em; - padding: 62px 10px 20px; - white-space: normal; -} - -#kc-content { - width: 100%; -} - -#kc-attempted-username { - font-size: 20px; - font-family: inherit; - font-weight: normal; - padding-right: 10px; -} - -#kc-username { - text-align: center; - margin-bottom:-10px; -} - -#kc-webauthn-settings-form { - padding-top: 8px; -} - -#kc-form-webauthn .select-auth-box-parent { - pointer-events: none; -} - -#kc-form-webauthn .select-auth-box-desc { - color: var(--pf-global--palette--black-600); -} - -#kc-form-webauthn .select-auth-box-headline { - color: var(--pf-global--Color--300); -} - -#kc-form-webauthn .select-auth-box-icon { - flex: 0 0 3em; -} - -#kc-form-webauthn .select-auth-box-icon-properties { - margin-top: 10px; - font-size: 1.8em; -} - -#kc-form-webauthn .select-auth-box-icon-properties.unknown-transport-class { - margin-top: 3px; -} - -#kc-form-webauthn .pf-l-stack__item { - margin: -1px 0; -} - -#kc-content-wrapper { - margin-top: 20px; -} - -#kc-form-wrapper { - margin-top: 10px; -} - -#kc-info { - margin: 20px -40px -30px; -} - -#kc-info-wrapper { - font-size: 13px; - padding: 15px 35px; - background-color: #F0F0F0; -} - -#kc-form-options span { - display: block; -} - -#kc-form-options .checkbox { - margin-top: 0; - color: #72767b; -} - -#kc-terms-text { - margin-bottom: 20px; -} - -#kc-registration { - margin-bottom: 0; -} - -/* TOTP */ - -.subtitle { - text-align: right; - margin-top: 30px; - color: #909090; -} - -.required { - color: #A30000; /* default - IE compatibility */ - color: var(--pf-global--danger-color--200); -} - -ol#kc-totp-settings { - margin: 0; - padding-left: 20px; -} - -ul#kc-totp-supported-apps { - margin-bottom: 10px; -} - -#kc-totp-secret-qr-code { - max-width:150px; - max-height:150px; -} - -#kc-totp-secret-key { - background-color: #fff; - color: #333333; - font-size: 16px; - padding: 10px 0; -} - -/* OAuth */ - -#kc-oauth h3 { - margin-top: 0; -} - -#kc-oauth ul { - list-style: none; - padding: 0; - margin: 0; -} - -#kc-oauth ul li { - border-top: 1px solid rgba(255, 255, 255, 0.1); - font-size: 12px; - padding: 10px 0; -} - -#kc-oauth ul li:first-of-type { - border-top: 0; -} - -#kc-oauth .kc-role { - display: inline-block; - width: 50%; -} - -/* Code */ -#kc-code textarea { - width: 100%; - height: 8em; -} - -/* Social */ -.kc-social-links { - margin-top: 20px; -} - -.kc-social-provider-logo { - font-size: 23px; - width: 30px; - height: 25px; - float: left; -} - -.kc-social-gray { - color: #737679; /* default - IE compatibility */ - color: var(--pf-global--Color--200); -} - -.kc-social-item { - margin-bottom: 0.5rem; /* default - IE compatibility */ - margin-bottom: var(--pf-global--spacer--sm); - font-size: 15px; - text-align: center; -} - -.kc-social-provider-name { - position: relative; - top: 3px; -} - -.kc-social-icon-text { - left: -15px; -} - -.kc-social-grid { - display:grid; - grid-column-gap: 10px; - grid-row-gap: 5px; - grid-column-end: span 6; - --pf-l-grid__item--GridColumnEnd: span 6; -} - -.kc-social-grid .kc-social-icon-text { - left: -10px; -} - -.kc-login-tooltip { - position: relative; - display: inline-block; -} - -.kc-social-section { - text-align: center; -} - -.kc-social-section hr{ - margin-bottom: 10px -} - -.kc-login-tooltip .kc-tooltip-text{ - top:-3px; - left:160%; - background-color: black; - visibility: hidden; - color: #fff; - - min-width:130px; - text-align: center; - border-radius: 2px; - box-shadow:0 1px 8px rgba(0,0,0,0.6); - padding: 5px; - - position: absolute; - opacity:0; - transition:opacity 0.5s; -} - -/* Show tooltip */ -.kc-login-tooltip:hover .kc-tooltip-text { - visibility: visible; - opacity:0.7; -} - -/* Arrow for tooltip */ -.kc-login-tooltip .kc-tooltip-text::after { - content: ; - position: absolute; - top: 15px; - right: 100%; - margin-top: -5px; - border-width: 5px; - border-style: solid; - border-color: transparent black transparent transparent; -} - -@media (min-width: 768px) { - #kc-container-wrapper { - position: absolute; - width: 100%; - } - - .login-pf .container { - padding-right: 80px; - } - - #kc-locale { - position: relative; - text-align: right; - z-index: 9999; - } -} - -@media (max-width: 767px) { - - .login-pf body { - background: white; - } - - #kc-header { - padding-left: 15px; - padding-right: 15px; - float: none; - text-align: left; - } - - #kc-header-wrapper { - font-size: 16px; - font-weight: bold; - padding: 20px 60px 0 0; - color: #72767b; - letter-spacing: 0; - } - - div.kc-logo-text { - margin: 0; - width: 150px; - height: 32px; - background-size: 100%; - } - - #kc-form { - float: none; - } - - #kc-info-wrapper { - border-top: 1px solid rgba(255, 255, 255, 0.1); - background-color: transparent; - } - - .login-pf .container { - padding-top: 15px; - padding-bottom: 15px; - } - - #kc-locale { - position: absolute; - width: 200px; - top: 20px; - right: 20px; - text-align: right; - z-index: 9999; - } -} - -@media (min-height: 646px) { - #kc-container-wrapper { - bottom: 12%; - } -} - -@media (max-height: 645px) { - #kc-container-wrapper { - padding-top: 50px; - top: 20%; - } -} - -.card-pf form.form-actions .btn { - float: right; - margin-left: 10px; -} - -#kc-form-buttons { - margin-top: 20px; -} - -.login-pf-page .login-pf-brand { - margin-top: 20px; - max-width: 360px; - width: 40%; -} - -/* Internet Explorer 11 compatibility workaround for select-authenticator screen */ -@media all and (-ms-high-contrast: none), -(-ms-high-contrast: active) { - .select-auth-box-parent { - border-top: 1px solid #f0f0f0; - padding-top: 1rem; - padding-bottom: 1rem; - cursor: pointer; - } - - .select-auth-box-headline { - font-size: 16px; - color: #06c; - font-weight: bold; - } - - .select-auth-box-desc { - font-size: 14px; - } - - .pf-l-stack { - flex-basis: 100%; - } -} -/* End of IE11 workaround for select-authenticator screen */ - -.select-auth-box-arrow{ - display: flex; - align-items: center; - margin-right: 2rem; -} - -.select-auth-box-icon{ - display: flex; - flex: 0 0 2em; - justify-content: center; - margin-right: 1rem; - margin-left: 3rem; -} - -.select-auth-box-parent{ - border-top: 1px solid var(--pf-global--palette--black-200); - padding-top: 1rem; - padding-bottom: 1rem; - cursor: pointer; -} - -.select-auth-box-parent:hover{ - background-color: #f7f8f8; -} - -.select-auth-container { -} - -.select-auth-box-headline { - font-size: var(--pf-global--FontSize--md); - color: var(--pf-global--primary-color--100); - font-weight: bold; -} - -.select-auth-box-desc { - font-size: var(--pf-global--FontSize--sm); -} - -.select-auth-box-paragraph { - text-align: center; - font-size: var(--pf-global--FontSize--md); - margin-bottom: 5px; -} - -.card-pf { - margin: 0 auto; - box-shadow: var(--pf-global--BoxShadow--lg); - padding: 0 20px; - max-width: 500px; - border-top: 4px solid; - border-color: #0066CC; /* default - IE compatibility */ - border-color: var(--pf-global--primary-color--100); -} - -/*phone*/ -@media (max-width: 767px) { - .login-pf-page .card-pf { - max-width: none; - margin-left: 0; - margin-right: 0; - padding-top: 0; - border-top: 0; - box-shadow: 0 0; - } - - .kc-social-grid { - grid-column-end: 12; - --pf-l-grid__item--GridColumnEnd: span 12; - } - - .kc-social-grid .kc-social-icon-text { - left: -15px; - } -} - -.login-pf-page .login-pf-signup { - font-size: 15px; - color: #72767b; -} -#kc-content-wrapper .row { - margin-left: 0; - margin-right: 0; -} - -.login-pf-page.login-pf-page-accounts { - margin-left: auto; - margin-right: auto; -} - -.login-pf-page .btn-primary { - margin-top: 0; -} - -.login-pf-page .list-view-pf .list-group-item { - border-bottom: 1px solid #ededed; -} - -.login-pf-page .list-view-pf-description { - width: 100%; -} - -#kc-form-login div.form-group:last-of-type, -#kc-register-form div.form-group:last-of-type, -#kc-update-profile-form div.form-group:last-of-type { - margin-bottom: 0px; -} - -.no-bottom-margin { - margin-bottom: 0; -} - -#kc-back { - margin-top: 5px; -} - -/* Recovery codes */ -.kc-recovery-codes-warning { - margin-bottom: 32px; -} -.kc-recovery-codes-warning .pf-c-alert__description p { - font-size: 0.875rem; -} -.kc-recovery-codes-list { - list-style: none; - columns: 2; - margin: 16px 0; - padding: 16px 16px 8px 16px; - border: 1px solid #D2D2D2; -} -.kc-recovery-codes-list li { - margin-bottom: 8px; - font-size: 11px; -} -.kc-recovery-codes-list li span { - color: #6A6E73; - width: 16px; - text-align: right; - display: inline-block; - margin-right: 1px; -} - -.kc-recovery-codes-actions { - margin-bottom: 24px; -} -.kc-recovery-codes-actions button { - padding-left: 0; -} -.kc-recovery-codes-actions button i { - margin-right: 8px; -} - -.kc-recovery-codes-confirmation { - align-items: baseline; - margin-bottom: 16px; -} -/* End Recovery codes */ - - diff --git a/modules/keycloak/theme/login/resources/img/background.jpg b/modules/keycloak/theme/login/resources/img/background.jpg deleted file mode 100644 index 0a1a60d..0000000 Binary files a/modules/keycloak/theme/login/resources/img/background.jpg and /dev/null differ diff --git a/modules/keycloak/theme/login/theme.properties b/modules/keycloak/theme/login/theme.properties deleted file mode 100644 index c0d3ad2..0000000 --- a/modules/keycloak/theme/login/theme.properties +++ /dev/null @@ -1,4 +0,0 @@ -parent=keycloak -import=common/keycloak - -styles=css/login.css diff --git a/modules/ldap/default.nix b/modules/ldap/default.nix index 85ba359..b5d1cf7 100644 --- a/modules/ldap/default.nix +++ b/modules/ldap/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, system, ... }: +{ config, pkgs, nixpkgs-unstable, system, ... }: let domain = "auth.${config.networking.domain}"; seedSettings = { @@ -43,6 +43,15 @@ let }; in { + # Use portunus from unstable branch until 24.05 is here + disabledModules = [ "services/misc/portunus.nix" ]; + imports = [ "${nixpkgs-unstable}/nixos/modules/services/misc/portunus.nix" ]; + nixpkgs.overlays = [ + (_self: _super: { + inherit (nixpkgs-unstable.legacyPackages.${system}) portunus; + }) + ]; + sops.secrets = { "portunus/admin-password".owner = config.services.portunus.user; "portunus/search-password".owner = config.services.portunus.user; diff --git a/modules/mail/dovecot2.nix b/modules/mail/dovecot2.nix index ef3bbcc..ffc6614 100644 --- a/modules/mail/dovecot2.nix +++ b/modules/mail/dovecot2.nix @@ -1,4 +1,4 @@ -{ lib, config, pkgs, ... }: +{ config, pkgs, ... }: let hostname = "mail.${config.networking.domain}"; dovecot-ldap-args = pkgs.writeText "ldap-args" '' @@ -16,10 +16,40 @@ let in { networking.firewall.allowedTCPPorts = [ + 143 # IMAP 993 # IMAPS 4190 # Managesieve ]; sops.secrets."dovecot_ldap_search".owner = config.services.dovecot2.user; + environment.etc = { + "dovecot/sieve-pipe/sa-learn-spam.sh" = { + text = '' + #!/bin/sh + ${pkgs.rspamd}/bin/rspamc learn_spam + ''; + mode = "0555"; + }; + "dovecot/sieve-pipe/sa-learn-ham.sh" = { + text = '' + #!/bin/sh + ${pkgs.rspamd}/bin/rspamc learn_ham + ''; + mode = "0555"; + }; + "dovecot/sieve/report-spam.sieve" = { + source = ./report-spam.sieve; + user = "dovecot2"; + group = "dovecot2"; + mode = "0544"; + }; + "dovecot/sieve/report-ham.sieve" = { + source = ./report-ham.sieve; + user = "dovecot2"; + group = "dovecot2"; + mode = "0544"; + }; + }; + services.dovecot2 = { enable = true; enableImap = true; @@ -71,45 +101,17 @@ in # set to satisfy the sieveScripts check, will be overridden by userdb lookups anyways mailUser = "vmail"; mailGroup = "vmail"; - sieve = { - # just pot something in here to prevent empty strings - extensions = [ "notify" ]; - pipeBins = map lib.getExe [ - (pkgs.writeShellScriptBin "learn-ham.sh" "exec ${pkgs.rspamd}/bin/rspamc learn_ham") - (pkgs.writeShellScriptBin "learn-spam.sh" "exec ${pkgs.rspamd}/bin/rspamc learn_spam") - ]; - plugins = [ - "sieve_imapsieve" - "sieve_extprograms" - ]; - scripts = { - before = pkgs.writeText "spam.sieve" '' - require "fileinto"; + sieveScripts = { + before = pkgs.writeText "spam.sieve" '' + require "fileinto"; - if anyof( - header :contains "x-spam-flag" "yes", - header :contains "X-Spam-Status" "Yes"){ - fileinto "Spam"; - } - ''; - }; + if anyof( + header :contains "x-spam-flag" "yes", + header :contains "X-Spam-Status" "Yes"){ + fileinto "Spam"; + } + ''; }; - imapsieve.mailbox = [ - { - # Spam: From elsewhere to Spam folder or flag changed in Spam folder - name = "Spam"; - causes = [ "COPY" "APPEND" "FLAG" ]; - before = ./report-spam.sieve; - - } - { - # From Junk folder to elsewhere - name = "*"; - from = "Spam"; - causes = [ "COPY" ]; - before = ./report-ham.sieve; - } - ]; extraConfig = '' auth_username_format = %Ln passdb { @@ -150,6 +152,21 @@ in plugin { + sieve_plugins = sieve_imapsieve sieve_extprograms + sieve_global_extensions = +vnd.dovecot.pipe + sieve_pipe_bin_dir = /etc/dovecot/sieve-pipe + + # Spam: From elsewhere to Spam folder or flag changed in Spam folder + imapsieve_mailbox1_name = Spam + imapsieve_mailbox1_causes = COPY APPEND FLAG + imapsieve_mailbox1_before = file:/etc/dovecot/sieve/report-spam.sieve + + # Ham: From Spam folder to elsewhere + imapsieve_mailbox2_name = * + imapsieve_mailbox2_from = Spam + imapsieve_mailbox2_causes = COPY + imapsieve_mailbox2_before = file:/etc/dovecot/sieve/report-ham.sieve + # https://doc.dovecot.org/configuration_manual/plugins/listescape_plugin/ listescape_char = "\\" } diff --git a/modules/mail/report-ham.sieve b/modules/mail/report-ham.sieve index 6217a90..a9d30cf 100755 --- a/modules/mail/report-ham.sieve +++ b/modules/mail/report-ham.sieve @@ -12,4 +12,4 @@ if environment :matches "imap.user" "*" { set "username" "${1}"; } -pipe :copy "learn-ham.sh" [ "${username}" ]; +pipe :copy "sa-learn-ham.sh" [ "${username}" ]; diff --git a/modules/mail/report-spam.sieve b/modules/mail/report-spam.sieve index 9d4c74b..4024b7a 100755 --- a/modules/mail/report-spam.sieve +++ b/modules/mail/report-spam.sieve @@ -4,4 +4,4 @@ if environment :matches "imap.user" "*" { set "username" "${1}"; } -pipe :copy "learn-spam.sh" [ "${username}" ]; +pipe :copy "sa-learn-spam.sh" [ "${username}" ]; \ No newline at end of file diff --git a/modules/mail/rspamd.nix b/modules/mail/rspamd.nix index 8895a3b..62d59bd 100644 --- a/modules/mail/rspamd.nix +++ b/modules/mail/rspamd.nix @@ -55,74 +55,6 @@ in path = /var/lib/rspamd/dkim/$domain.$selector.key; ''; - "reputation.conf".text = '' - rules { - ip_reputation = { - selector "ip" { - } - backend "redis" { - servers = "/run/redis-rspamd/redis.sock"; - } - - symbol = "IP_REPUTATION"; - } - spf_reputation = { - selector "spf" { - } - backend "redis" { - servers = "/run/redis-rspamd/redis.sock"; - } - - symbol = "SPF_REPUTATION"; - } - dkim_reputation = { - selector "dkim" { - } - backend "redis" { - servers = "/run/redis-rspamd/redis.sock"; - } - - symbol = "DKIM_REPUTATION"; # Also adjusts scores for DKIM_ALLOW, DKIM_REJECT - } - generic_reputation = { - selector "generic" { - selector = "ip"; # see https://rspamd.com/doc/configuration/selectors.html - } - backend "redis" { - servers = "/run/redis-rspamd/redis.sock"; - } - - symbol = "GENERIC_REPUTATION"; - } - } - ''; - "groups.conf".text = '' - group "reputation" { - symbols = { - "IP_REPUTATION_HAM" { - weight = 1.0; - } - "IP_REPUTATION_SPAM" { - weight = 4.0; - } - - "DKIM_REPUTATION" { - weight = 1.0; - } - - "SPF_REPUTATION_HAM" { - weight = 1.0; - } - "SPF_REPUTATION_SPAM" { - weight = 2.0; - } - - "GENERIC_REPUTATION" { - weight = 1.0; - } - } - } - ''; "multimap.conf".text = let @@ -141,26 +73,22 @@ in filter = "email:domain"; map = "/var/lib/rspamd/whitelist.sender.domain.map"; action = "accept"; - regexp = true; } WHITELIST_SENDER_EMAIL { type = "from"; map = "/var/lib/rspamd/whitelist.sender.email.map"; action = "accept"; - regexp = true; } BLACKLIST_SENDER_DOMAIN { type = "from"; filter = "email:domain"; map = "/var/lib/rspamd/blacklist.sender.domain.map"; action = "reject"; - regexp = true; } BLACKLIST_SENDER_EMAIL { type = "from"; map = "/var/lib/rspamd/blacklist.sender.email.map"; action = "reject"; - regexp = true; } BLACKLIST_SUBJECT_KEYWORDS { type = "header"; diff --git a/modules/minecraft/default.nix b/modules/minecraft/default.nix deleted file mode 100644 index 4f7e261..0000000 --- a/modules/minecraft/default.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ pkgs, config, lib, ... }: -{ - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "minecraft-server" - ]; - services.minecraft-servers = { - enable = true; - eula = true; - servers.ifsr = { - enable = true; - package = pkgs.fabricServers.fabric-1_21; - jvmOpts = "-Xmx8192M -Xms8192M"; - }; - }; - services.bluemap = { - enable = true; - host = "map.mc.ifsr.de"; - eula = true; - onCalendar = "hourly"; - defaultWorld = "/srv/minecraft/ifsr/world"; - }; - services.nginx.virtualHosts."map.mc.ifsr.de".extraConfig = '' - allow 141.30.0.0/16; - allow 141.76.0.0/16; - allow 217.160.244.15/32; # jonas uptime kuma - deny all; - ''; - - networking.firewall = { - extraInputRules = '' - ip saddr { 141.30.0.0/16, 141.76.0.0/16, 217.160.244.15/32 } tcp dport 25565 accept comment "Allow minecraft access from TU network and jonas monitoring" - ''; - }; - users.users.minecraft = { - isNormalUser = true; - isSystemUser = lib.mkForce false; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILkxTuzjS3EswMfj+wSKu9ciRyStvjDlDUXzkqEUGDaP rouven@thinkpad" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOhdjiPvtAo/ZV36RjBBPSlixzeP3VN6cqa4YAmM5uXM ff00005@ff00005-laptop" # malte - ]; - }; - security.sudo.extraRules = [ - { - users = [ "minecraft" ]; - commands = [ - { command = "/run/current-system/sw/bin/systemctl restart minecraft-server-ifsr"; options = [ "NOPASSWD" ]; } - { command = "/run/current-system/sw/bin/systemctl start minecraft-server-ifsr"; options = [ "NOPASSWD" ]; } - { command = "/run/current-system/sw/bin/systemctl stop minecraft-server-ifsr"; options = [ "NOPASSWD" ]; } - ]; - } - ]; -} diff --git a/modules/monitoring.nix b/modules/monitoring.nix index 3166ba4..e277876 100644 --- a/modules/monitoring.nix +++ b/modules/monitoring.nix @@ -85,13 +85,6 @@ in }]; # scrape_interval = "60s"; } - { - job_name = "rspamd"; - static_configs = [{ - targets = [ "rspamd.ifsr.de:11334" ]; - }]; - scrape_interval = "15s"; - } ]; }; diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 5688d47..6ab4a25 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -15,7 +15,7 @@ in nextcloud = { enable = true; configureRedis = true; - package = pkgs.nextcloud29; + package = pkgs.nextcloud28; hostName = domain; https = true; # Use https for all urls phpExtraExtensions = all: [ @@ -30,7 +30,7 @@ in database.createLocally = true; # enable HEIC image preview - settings.enabledPreviewProviders = [ + extraOptions.enabledPreviewProviders = [ "OC\\Preview\\BMP" "OC\\Preview\\GIF" "OC\\Preview\\JPEG" diff --git a/modules/web/crimecampus.nix b/modules/web/crimecampus.nix new file mode 100644 index 0000000..9f9e3ba --- /dev/null +++ b/modules/web/crimecampus.nix @@ -0,0 +1,7 @@ +{ config, pkgs, ... }: +let + domain = "cc.${config.networking.domain}"; +in +{ + services.nginx.virtualHosts."${domain}".root = "/srv/web/regex"; +} diff --git a/modules/web/default.nix b/modules/web/default.nix index ca0745a..c50add9 100644 --- a/modules/web/default.nix +++ b/modules/web/default.nix @@ -1,6 +1,7 @@ { ... }: { imports = [ + ./crimecampus.nix ./ifsrde.nix ./ese.nix ./infoscreen.nix @@ -11,6 +12,5 @@ ./sharepic.nix ./userdir.nix ./ftp.nix - ./hyperilo.nix ]; } diff --git a/modules/web/ese.nix b/modules/web/ese.nix index 93fc356..780ad13 100644 --- a/modules/web/ese.nix +++ b/modules/web/ese.nix @@ -5,7 +5,7 @@ let in { sops.secrets."directus_env" = { }; - environment.systemPackages = [ pkgs.nodejs_22 ]; + environment.systemPackages = [ pkgs.nodejs_21 ]; virtualisation.oci-containers = { containers.directus-ese = { image = "directus/directus:latest"; @@ -21,13 +21,13 @@ in "DB_DATABASE" = "directus_ese"; "DB_USER" = "directus_ese"; "PUBLIC_URL" = "https://directus-ese.ifsr.de"; - "AUTH_PROVIDERS" = "keycloak"; + "AUTH_PROVIDERS"="keycloak"; "AUTH_KEYCLOAK_DRIVER" = "openid"; "AUTH_KEYCLOAK_CLIENT_ID" = "directus-ese"; "AUTH_KEYCLOAK_ISSUER_URL" = "https://sso.ifsr.de/realms/internal/.well-known/openid-configuration"; "AUTH_KEYCLOAK_IDENTIFIER_KEY" = "email"; - "AUTH_KEYCLOAK_ALLOW_PUBLIC_REGISTRATION" = "true"; - "AUTH_KEYCLOAK_DEFAULT_ROLE_ID" = "a6b7a1b6-a6fa-442c-87fd-e37c2a16424b"; + "AUTH_KEYCLOAK_ALLOW_PUBLIC_REGISTRATION"="true"; + "AUTH_KEYCLOAK_DEFAULT_ROLE_ID"="a6b7a1b6-a6fa-442c-87fd-e37c2a16424b"; }; environmentFiles = [ config.sops.secrets."directus_env".path @@ -69,7 +69,7 @@ in }; virtualHosts."${domain}" = { locations."= /" = { - return = "301 /2024/"; + return = "301 /2023/"; }; locations."/" = { root = "/srv/web/ese/served"; diff --git a/modules/web/hyperilo.nix b/modules/web/hyperilo.nix deleted file mode 100644 index 83fcb11..0000000 --- a/modules/web/hyperilo.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - # provide access to iLO of colocated server - # in case of questions, contact @bennofs - services.nginx.virtualHosts."hyperilo.deutschland.gmbh" = { - forceSSL = true; - locations."/".proxyPass = "https://192.168.0.120:443"; - locations."/".basicAuthFile = "/run/secrets/hyperilo_htaccess"; - locations."/".extraConfig = '' - proxy_ssl_verify off; - ''; - }; - - systemd.network.networks."20-hyperilo" = { - matchConfig.Name = "eno8303"; - address = [ "192.168.0.1/24" ]; - networkConfig.LLDP = true; - networkConfig.EmitLLDP = "nearest-bridge"; - }; - - sops.secrets."hyperilo_htaccess".owner = "nginx"; -} diff --git a/modules/web/userdir.nix b/modules/web/userdir.nix index 25f5bfa..ad40959 100644 --- a/modules/web/userdir.nix +++ b/modules/web/userdir.nix @@ -56,7 +56,6 @@ in display_errors=0 post_max_size = 40M upload_max_filesize = 40M - extension=sysvsem.so ''; }; }; diff --git a/overlays/default.nix b/overlays/default.nix index 05bbb9d..7240ef2 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -2,7 +2,6 @@ _final: prev: let inherit (prev) fetchurl; inherit (prev) fetchFromGitHub; - inherit (prev) callPackage; in { # AGDSN is running an outdated version that we have to comply to @@ -14,27 +13,16 @@ in }; })); # (hopefully) fix systemd journal reading - # prometheus-postfix-exporter = prev.prometheus-postfix-exporter.overrideAttrs (_old: { - # patches = [ - # ./prometheus-postfix-exporter/0001-cleanup-also-catch-milter-reject.patch - # ]; - # src = fetchFromGitHub { - # owner = "adangel"; - # repo = "postfix_exporter"; - # rev = "414ac12ee63415eede46cb3084d755a6da6fba23"; - # hash = "sha256-m1kVaO3N7XC1vtnxXX9kMiEFPmZuoopRUYgA7gQzP8w="; - # }; - # }); - # Mailman internal server error fix - # https://gitlab.com/mailman/mailman/-/issues/1137 - # https://github.com/NixOS/nixpkgs/pull/321136 - pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [ - (python-final: python-prev: { - readme-renderer = python-prev.readme-renderer.overridePythonAttrs (oldAttrs: { - propagatedBuildInputs = [ python-prev.cmarkgfm ]; - }); - }) - ]; + prometheus-postfix-exporter = prev.prometheus-postfix-exporter.overrideAttrs (_old: { + patches = [ + ./prometheus-postfix-exporter/0001-cleanup-also-catch-milter-reject.patch + ]; + src = fetchFromGitHub { + owner = "adangel"; + repo = "postfix_exporter"; + rev = "414ac12ee63415eede46cb3084d755a6da6fba23"; + hash = "sha256-m1kVaO3N7XC1vtnxXX9kMiEFPmZuoopRUYgA7gQzP8w="; + }; + }); - keycloak_ifsr_theme = callPackage ../modules/keycloak/theme.nix {}; } diff --git a/secrets/quitte.yaml b/secrets/quitte.yaml index e917f2d..fe5cb67 100644 --- a/secrets/quitte.yaml +++ b/secrets/quitte.yaml @@ -34,7 +34,6 @@ bacula: keypair: ENC[AES256_GCM,data:d+ogqLfdUGiUnyL8nhlVO3JQUX065hx0Om8mSX2zE701MLPhM7riCkpW3DiKcKgiPSMWBWrEqYtMJzr3rJmwqOEp52M+Oj/meR9o4lepJ9tfYoXOft8TIz7lslBS/YCnIV/3PO9B6fjBPxoSEU8cWoq0KExU3UM8NdsRK07SdgzO6cOkVdkGGpplDCAzKX31tgDDcryjbvgaxbIKIL89OepdAcep9gOOEeJx4w4ACiwE+BP4e5ZzCfxiObx+D9SdzUl5dmyg5eTER/DstCpociEis/FQK6dlAk2+njnrDJKl1cis3rlH09w2GSCmfej9f2Ecm2zPfgKQLv8Rj6Yo95aCRisqoseJJo8L/hqbfrMOKMGuiynEh6lP4PMHGSrfqTTS4et7OeDit2mw9O+n5qbfFclB9BxVURcbrB/K1PZwFHmbBm4K3rSo7mKLnRssTno3lWLgL2txTcNnWn3s2r1pbaU57g4SubU75rgoUJVALL/EA9OaOqSLyvns8XEXZUPMzxSy9tUladnr7bqB6EDbZ3r7QflCWBQ79ZrDKCxax4v6je8wCvo16xjfHpqjEi5+kH+B0OsuQ/HwvIcKWImN69c9Y6Zjhr12tkhH9wM5W1BVb8qyRaxiR9xIlHSOKWqeojubu7TsF9oSCwMv5xutlYa6mnJ0Da5V7yPeW4L6VXdYLEwAgGucDDqIvkIVnn7CT/cJ9tcQ1EDk8Wbdi1D/iM3X01TQX7aX4516yAwQQWcDXVHENRNm4AAO1uxYzVGWO7HhgqZzCmKcX1kD1pC69o+d2obZhiymNFJfAyvoAuUh+pD11eGGbKqmXtiVXC5PxxKUfq+zwnYpe9FWFXlOoNaY/xq6PxHr+Xq/5PnZYjTKa2jEEFX851LMW+JIomVlctWsHqVYknnHiJVC/huIuyUgDKZwCWOrsQlD9+gMK7uwVV/g5lTG6NRLLGsFq22wKmJbdyXBj/sRKtAepuS6JWBm7OLOqWFHP9ggFIw0EWtL2UcSLTajGKXXx6nu9uuloiVuHGGwkBEwJwXWvFlSHbErBr9KEWMCmPYwthQfX7EhawqaUmtJ14442G/9zF79PV96SV55IlicMHa7Mj0P7q/WMtwSAZuZcAb09XFEwayWHLvc4m8LxV08cKkft8H27EJDbc9cqspunu0rtlKsPpFXXi3Nj2S6ytLWLK8OON4ZTuBxrE1Od78nMLkuqJboxTE40bM5PAJbHWD1cLALf7LOMOkPuhnEl9R5pbJoM+U/+PsArufHb3qHbDdCS49ythxdzRqLU7teX/9DGeIDknmzuqZx4KIt/F5hlfFRflS2GpJnc8a4s/6nGNFKAiOail9uI0LWLxYz1pjXNoL3z9YflBUrp5rkiqbsXhihA3RYfaqiQQbvkFYcsYfVpHFkI8fkhMQ/lCJG2OORZAoafE4GI+w3m6uFN58V0OIqgyaMYna11CZWzsx8zAurHH7TcRvXSV2/sdk5gRk/EyWzrClGbajMluBbedIEPkOyAb+y0jtMSGMV73hFspqvgzNKueikcQ9azZ0pl/D4JuIFXGVlwfXPjJJ9Y/Cdk3N4JIpvEMeLs39YARFW6v+TdrvRL/AzUcUiWQsjhvyUYkE1k02nXLLdv9vkMWh7pIO0t9meMucxVCJBE7OgSf5f224m2Wnwwfp+yxsTktQBobydtzlnphzxo/wcxRJ+nGBfSA1wJj90qc0uSUrmNZ1KG3QNpwiLmYdFElKZZByByc8oD/p1VEZZAxVGKFmORLEWDU6bLz32NNiQr/zJLbTCdp9+oFbbTbQnUnvLY/L6B4UkNfRwI8peNGS6cnzm5lPMph4p6tFjju1yNpVfcrkpDTMBZMW2HvR1TJgaEpj4mR2+wYMIEXE1lj6lh6YmJdVdat8w3TX+ZXbrs4TxFYkJ99stb1b1nyVDAVDmVHWdtlxUDnwplCpv1joxoCkEhZSoNG38JaYvqsr+eESgDXF4g+coZlkrO9Bbur94KE6jS820BzdmgE7AZCoIkPHKMRTid5gYY7tvrE1oq0SZIloijLiMH4XyhoM4nYHsp2QpHl3pvglV3n6cXDN2ewVHcuQee06U3GbvPSC4Jvao2nF5LWG23ILJ0PwB7r0lfszLGy9wnprgldCp/w05Se5kIB66jDnQv+mz5rVDXoEGyDxGs+XPyzTpp7KmhxU4z3mmTRFFQSOSVf1ygzqYNLLU5Apx3UNKSbVNwdiA0TzH5LzlBY5eukoPjjyzMVqhLyrstqTpjSgWEcw3is2Y2OG1V/zDr5X6oRNGmjbvGAt0x+ApWLW7ycGPX6yUYNyjN/J3zO32rmOl3Q/Y3SzM7jnnRaw3qy3HFrVg+FLwsvhnyVWKePlzmOBFeufAPNBvqe2X659cM1N+3xQVbg41+DDK7OqerU2k7jm7AX2w1cZsLp1wLxMrXoGqTNGvwrzX7IjHoyNAggCjLwTzCC7IfkJi9SfYV4YTku3HFQa47hxpQbK7DkZyFE7BAeoIbxUohDgPjf8zGrZIsGZ+2E1dFSK7P8gmv3gxBMDLWFM5ZgIOcpj/3vMgdcKbObAWQQyY8UQqSkMDwbVRBF3nj6gFz1zoC7ZVTITyAxfG/TZeK8mpnNW/dVaCC5Sg3JXsOGj90L53BdSRkz8k8ONZIjRv14zNPI74uadiyo2P56Cc8hAptoQZlETzd41xajHYYn/E3eXBSy1eh2w2bLsqCmsqd1PwEWgaiPKAO+Np7/gWPRh5qaJ67mUeuRs2B+XfEEw/FiYk2/2zt0kMlbA0Nc8iMRzoPsOK7fKVQ+mxV188nOOtkuujPMLFliSiCkMoMhxgzntaEmRZx8f206EG3QgicJf9Pbtk8elCzO038uxki559zZkSx5TLVUHiClSI6+mHHfvjpLxfnGITrorFCOOuSvg+eiM2sxmXrHRAFT/SYzdzskjTmqWSrMMAMUY/N9KPE5fYylwPQETruV6+VuB1I0x0qxLdFE8HZEWj5+JvjrHl1Si2MGLNCbdLtotsWqju6G1djoY4KAWLohxiuwd9776kJk0iv/QzN6mt9eh2WWkvk7KiW7YyUnyfIjhcZi6ZAkmdMynEj7dGlJRy2jZMdafaz10PPJYMNsKnUs6iHTJ9lE+fOnEhEPXj6LxDTrBerXv3pI8XH6A4gSTjuEi1S6gz9Tp2O/jFnAMoZV9audf8CKraYuTcttaM32X2JDsFmZ4+RJAC6n1glsdL4cGMeDWIk1uxb+mRlpuTxDm62ObmA2GzGrrXz+Zd6EuNgy2A3hQpyoUUMZhiUUGQG058XuHh4+YtP201MhvkRK5DsHV1ugbooIazy1ESAGgo37Gu4RbTkJ37XPSXdwx1i4igQLJcM5oRP9TuuBWv/gRIcmU8amJMAINTZ2SbTd4FsOxTFRk1cukv9L6vveh7DGM42tz8yclmlKwkqv4PdVN8pkhUiCCeoyP4Ti8Ao/Ox1fk+4T0/mXWMywDi1tb9fZ+P+Zdv9xRpa6SwwOyVMdxWl5OHmNLZWwnSU9aeafk1LPX+jgQnGZedZB/0Iwiken4jg/sSf2ucT3wp5IKwBPl1qnqbFXWsnMytsS+DtVXkCk/RhyFv02ucbn95oEIudDp4fZH108mFsMHPxBahJWqCmSwWS9yq3dM0Smce8MUxXbgLGM1vM2nIxFG84HU7RJEqnc4zQQMMuMNV0ehm+ffLiBuvxN0RzssNWhDRk9iMIrXX2taFofUdW5vqoLvSbyvovmbFN6sAwYh1q1IW8OKn1yQtLFm00+C6bjbrhTK7xLPQZ50lOs2QbbFtGRAj6Es9H+waHoUXExwA+KtTyOCJuBlox77VfJ6MEalQi/rmOPx0tkP1/zUHsZbF3RzlewuarHnHiXsTrMbl39vl3j7hN1weNsCfqIBD5gDWVwkWZhrphiT3YYU6JgOYF8/vzbN81f/CddYybW+A8vGUm+zTTyDqXMJRlH2T2oZUduaEeowTukduPmz0pvSeiRZbWjEvxAfO93QA9dEssR6kS4ZwxW+q5N3ECr7wbo3ttHDJqSrEg9jOuQTLFxsRvNWzFufR+H1/p324/RJEj6RLvlwWT0UcSZHVdyFRJlXMLp3rIeIVJIr/eAVNwqAMRs5Zw9J2nE2d5hgZvWLEPZnNrIbnAi5XDa2ia3s6Lkqrgdn6PvITyWVFk9ecxou/2SzWjKVQYTe9XZsocI4aME7wVHz3Z1/jnAOaV/xAxFkfs6YBe/GoyDctUNh9FQsrfmnn9vSpv88GKe5pzUgx1rOP8ujbN92E/VTqpUOYPBS+p8ARiO3VogXufZ+lro69g9YDHs9xQDqUtWOdKd3fb6oLdCdArFZa8/ke5aUyYFxORTbxUgCqgSbk7LhtvfCMustqpLLN3dU1nVIv0H6Xp01KqArJKwtOFnAt3xJ0Ir/XT/0XVd8fjZAkXc/Wb1Tj4UeS0Ae0aC5Xq7BKdxWy8PB/7NEHC+tzxuYbgcIATWkARnWDgwtnIaByItH/eJjO/1K1xozd+Hh/+7IfhLoJG5gru556s6O2mlQOYEHixGBmOaAkPCayfYxjI4hQv9xIVPg2RV/zDl1nK0ewohizPgEaaz5N3zUkvbPp7USufj9+xVhdSFqSqjms70qYoUYixaSN+CJRsb95UQjg7/aKLIE6XqPDEGZxAFEU/P1AJaWBF2NGMV9NCdTfZCrWqoNVvM7Vnt+qpiEcmUqtSqZjCdSNSl/C5MUm2Lp+5VNfJMv4tiZmOLh6iJ//ii6+cha5+r8em2RpIte9R0bZZXX0TshUVpHOxnuVcswrb8b37ijIxfn5ssRgU9yJptT1PZD/P/65UEVTVvgi9bv314wBRJtZDJJR1sYEEf+GGOIIprIpiOrwOE5ede/liUMJa/vwAwWEiIsAWvU8S4EEpVIbgoZOGQHKQpA1grcpgGj+p81UZY/GWkFvLK4D256a/5spUmr6fvpEStRDARmi2BGLuPviUiyNvXFYzOMqGfx8VxlpX9vQcvwTWAMwtgk4SS7S9Q711BLcCMpF230SZbiz+OD7eyfKOfa+JlxY6orPY1Xt46zmC8FyVV8Kq5cnlAMNGBmmdC9FS05LSO0ZWkna8eBM+ul4licjWFv10qq8nG3t8ghwsTTiFQ2Bpz9+3k74TKbcOcH1+qSknsN7gCA+XijCq5DraTrIJCCibvQGeNnf+CwGVadtCJKV+qUhB84clWwVKHd72pdrAw4IjdJQafocPd5PwQf27ZmdnmGFIOG7IRQCMNWu2c//wulypupM5e2ZnRrUTxr+Kg5p8Bm9qivVrUuJIFeK8lzN8E/YoCR1OGQ+cKOZRxfe8sEpwxtGJmi4htQINZ8KEtjZ9OkrqtetrWpUnSZ3nrirkvOOY9cDvZL9I4u4v4eYGKlD3ewbHwmoGKK/UPq5F5Mc9Wms71aGdk5Pqtrnunlw6eeeleHC7XScaUdt66fllfNg0uort6qE5Ern1x04v88l76dAHLAGH3ycHQUNuNo/keddkUcGA/mOiuNUlPg+loDezqo2BxIrsGD5lcFBcy7Fvq6KfcvWbMQiHWwOSgNk6W26M2FB55MtyP5HOsP8+2t/s5eHy0LW/eotsCNOSAvin6LVp+bUt4vub5JqGw5/zJ7imSERo8TbnkNBG5VJMN4yqVIMqdZ2xsRbiYNdKgj5QSUJ5rj1fw5JK/OBIecjMr4scSOXxNQKkMyb/7du3kjEa2l/slsqkLssqqXxQEkaaVvcqF9I9cj2Pf+/D7H8BwxrMjpDkbu2cB4Bde/bAgznJSW4IZebPbOd6QBR6TbNrf/iZva3a8zBNZ7nlVchqcexJtSS5M8NEPEvYSNMfhCXBgpqz8MRUvfGtO8BjVqC9zV6L2t1wInUsdr7UbImUfZpudyX3p9Nfe6bUI7m39pljg5mbhEtfhzgfwdkM/X1rd+ofQa15pg3HW38fwicIWpTk0iKuw0HIxlbz2PZfWjn4r/l9xlHoDfsC1kxkyaAKRJTh5R0MLYmpBHKT3ERE+gXmN4h+S74B0M9OeLu1lcAy57541ZOkfCTOWAIofYPhnVmnmYL3hE17mzFPkOr0u4ZVcdo9ZqGowowVVV5X8nQKJfrS+eWfwpq7m+MLszHvDy91DQaGmUfbgKynq8yceRLXfhqAEEtgLR3QUOXpJVXb/AVIf1M6kSMx3pMLMNZPQfgEYwi4/uZ+i9bb1OyrIjMs2cBv6w2K0NyRe6X2erVnRKdlhhYHM4Farj9Xz4dWoVujU1NofUexu5R3mryQBg4IW/ShDJ9DckMaFATI7/cMEy7ZCJyEsNTDVd7urGUG50+eU6NlyHylUNCU0t/B4DDK18ZAazsBHuWgrRCR14OMztaWsku6NankTU0CK1EXeo6zxLwg7OMV2UrRWXHSkDvdehF5Y3TyhtIIKW/49411lVFuxqITy9IlrwtwD0MAE6dr+URd9Tsmw18kHPUBVUaxnG74Bg97pIKLOkEgBez1Yr34wIvntgkxqu+9ZAaVJhLsx5eoZVpQoMIjN0VLnBTI1oFfK7ckFzRaiK//37eFvGIPKUOqgavZ/+SlCJmjrXx3kwZUMo4lzsu1TyLdGYDd2yKjLH1fyFvDAqABdRgDNjLuIqJFEITjfYXi0fMO5DLHvNyHcKBMDNY7j7ODkwRGVrVViC9j65GxC4wPZ/fWqEQ6MsOrsn3mLW602edd0bgrwuv6xOPcwCajRCkKNkXCkX+T/RZ+h7wneDZum7OJzUIWcb+R5kQvXcu+lJKnA7o1QRkPGb3wbfwiuZhIV0SNshtDRndcFVghcX+/CGD8nZzccts8MQ3/ximHecVvP2fs7p0QBuqhCsoUATwsZOlCZs0BhdRxQZQrEYf1BwNoYEuh0Us0EkjnhRmbI9NiPyI64e2qT7UYpCQW5JsUAI6av8+vAa/qlWf/V17epb/UAWh4EhwuFIdns6jCRqoaif8papTjtZrzBZVNNz+0FJsacAW6v03CQ+D3tWF7dH3VW8w2AZU1f5JKyzeHih6ytlv4iHos4fumoPSjE5Of2E9flKg/+ADQGSAS2JNPD11yZGdM+YO1+fW5iszD20NfPUBfpQt/ohwxNzdIgX/PZsfwf27Oam0qP9OBueLT8cKakY2ilSnzTLYzGqxJWhg6MJxA+pzqow4,iv:pxhCdbDA0jZLRFLg/2cXy9j18nvWOgIHMHrgkAfYSbo=,tag:4Z73qrehEkiLca2HO1MhKA==,type:str] masterkey: ENC[AES256_GCM,data:YvkiTf1tXMK3Q7O3v/MNMulc7Z2lgDNVLb3KrFx3oh0gsIdwbEwwPMQB28YolWIIzjhKwX189mvG7hIjl6SsG/FqNDE5B1chrrof06EGiBghdPjsvBW4gvuzsxO3y+HOBcq5FEGzltgYvUSKg/9Kw55ZIGbvGTRreMN/skg+mRC/G0DHaXRkPDbPf++SJ3Xcog8Tltjzg8BKjnQqYu6M7t0ofJ+hqj5HAFO4TxBO2yMfeRdHmKhLY9xwjFPcYy/2AuXIlPS1PWi8BNL/Q2wMTKkK3X5cC+l9vwbx6r80i7z+JA6d+2pNkqz5KU9ZCmsQZAXM6TeiuSP6uIbAcu3V1iUXODZOcsXAY1wJuV9WGkJ1IrPLEhO/xjpMX8Un220rH18U8WHFdvWwEbgPRvXdCWSXFRW5oeIFOfLoP3M3POK6boXnDr32/tadeojMplTU4OSGb5PGFvrQKeiesSgZU+4vlV0nJZo21rlIDMLqYeSYfpsSLZCMqdYVhrULHMUIbAnNpBeTbtZeZCHu/XD9/J2bgPYHGL8ker53qa05/x9Qd/VMXb0qAkgDhItLO7a+VDpc6ikgsQvShAZiZ789yYLgY/JWJh+GKb2NvIGRLfda8P/mkDaTax81yB+L0SM9ZsZ3wjXVyyjeuVimLKX+4lafl0Oui88Jx2kzRaCLwmhv+XPmR2poDVmY9nV+KsgSSBRFwYkhzRh8d5tvU618tnRO6hXFueI+L2Sw3u2O7xcYs1E7+qe2MRUrwZvJeh1k82kTeSAQtGtmugGcaG3dMgPWZ7dH3XWC9jxzaL42zlKPzqCjEk6wsHut9gE45Rbu87TU5eF4c4wcNfxjizdDSYIwoin89Qr3jLcnjtQ0CSLqyUzm1VG7VxWEQ6kOu8hOuPqPC+GG0sB8zROaQFl2itGVK8rQ8Wl27kdC0Y2OQ66oyLO5av4KfHhelqHmrEyc0p6zKmckEsV7A0odXJMhTEp57U4dsjl/GaX/JTJRTtppmt4aEZ4S4RyucXFgenshVVEIeNc206ou74xvLhiXc3XNUq4Nwp1vbbDM+6vvSO2mNNCs9ZOyfo3tv/yGXqflhdOyEdGW763mv5ifD2CpKx+pKxzVpwMhTE9cPQr2S5rkCLtuO066ZSYGR+QUA/B4iqFMHsh8NL1bhG/nPmsQcKHb/BWpvKgoG46XlAD/lArSq0jIkyWg64IvHeXvM+0I00H47/vXulbad9cXq7t9tJA/jkS6YAsUN6AxUr2998DXi6Mu0y03XEk5/tZ5ISvzjlhDkTtFcxVo84+FRKwKq7lmrC9hG6IZ7fFz6r4n4tzYMeCIotshA4xGVljNpB0e6zemrj7rCyWB/MIbtUEna0E/j4pkqIX/bFLnovYFVaiF2DHiTj+LM6GqX0MGbUWF8BJc/i/8xPpGTojaKCLeMBQcRykdwwBIoVSBghQPR+3Q3On2CgFvix/TmgH8nabs02Kmift1effJm8M16+xAH0/KTbp/YuUFstmsdr6zrOoiPDVN2CzMO7GukiqM2D1YjRld79SnbeBJ/m4rFx0rZT9AwWNWn1T8XDvG/iEqQEUWqplvJfF4B1USJE1wdDF18tS/T+N3X1ivFpCmCfcGoHm55MoHofYbM47kWGEOV6RbbiVhtIzervk6kN2LD/DENQ5Qe93c7gefSiO3RubwZXZWPKNqLQSnBRk/cm2XqfAkiK3TUOzdy/sXkDpz/9ak73jjl7mnNbIc2GsVec0P13A73v+6Yk+wMuboLaLpQxrJggT8dQ0yZzmj3S03P/p30zLL9PzH9M9Vz52ACYrdosP9xXyoYVJw0yRauFCTCD6PF9hRiWkdNI7GFPxP8RmMK6d33YdxXZFD0xvdfcB3ZUUll69nGtzU5Q+5S2saWQyXznL+pAKvZ4+IQnFwe9WjYWuPhqBVywsXF7/O2PZeg+Ba4vld+fazHm8R8WHy71sLFpqTgUdUICqKidP5gs7Rs2P5Iq5M+sWPo7UuBAIkvQ8EVPLn15t/Bt+MDQaxp+pE98sNxzQeuAXln+oP8/iwc/9tdBTchCUKq7fAQbSBy2jSS+lASbnBEPphlIH54MeJEA+1Wq/UxjmguvKA51VoA3dR23+yo6wxu4e9JI8qXIcZTvG8eqTJ/QQRF3xNFIgNn2J2+2SAvX4E091QTIDcceiRd62p7IiSG5bXOiEpLuUf410XDTBSh/KDT7lgJneviyCeclsVkvjdo4C373/pomMa+TjeyyICaokyyxxJ8RSc5B7U6vwXdQQ6dZkRrgE0Xcifv/sksn2lO0iqq5czjprb7ubAh9o/KNOnZq/6UpGHqOFfU7wpNWBMoEO9DpFFllpPnHnY7IkTQHsp/ZMgSsgvoOEw5AELf81klcUpkiLbaaDkqt8xx6bWhhzfnZVOYde7bIVvlXRxCCeP+QqpxAzdMLPtF9+lTAdPnD/8jaB5s2mvKxIk96lgNb91ARhGVRCNCsF2DJ3L/n2V8XH88OMjfdQUWDaYD8gtNFKSWizZSeqAdh5YngsGirzgc2JlED1fSET9qR4YCS2e9vWk/l5zfmdmUjayOqhtNx2Ww4JAIvmjDDkL2nLtyy0iIoGn1KUByFJkU+VhPlXzWZQ4qfURfCdZeDgx35rkmpcoFUK+7budj1LoCK+z6gdiocMH4x/V7F2Oh7VKlVrWEMrvDMws6D3MNv+qHGacjPBEXlPJC45FzeSCu5dVNycqmuRJmr9kpceBNF1cFIrHhrn3lHaodLd9sw5MjdlFD2m8zA6jJrYHCjpi/bpCjy3fGBujRA==,iv:TZrIcQKmo2UtO0MdBSWJZmn0nIZ0cjStD0SZLoiHkT0=,tag:D0qeJLtY0cwA2yDdCP3UYA==,type:str] zammad_secret: ENC[AES256_GCM,data:Ok01cE+lgNaN0+wLZuBD6k2gsyTWDFVXEPprEvdwlIAQvwqYu2nou0GiCEcm/NF2cgsxERH2rYxxS/lPXIQxXjvHHLfovLSMH+Kd1F/T+qWZioDz7tzDV3GBom52c92kZ4XO2F3udku8IQLGsR7J6eA/xY7yj1g2CF7Vt37BMkg=,iv:5cdEBtgjXoJCve8PJDUcLQvXwe7sn/mgZIOUhzJtr/c=,tag:4fLmvfG6Ujcb5J3YGjP7Hg==,type:str] -hyperilo_htaccess: ENC[AES256_GCM,data:FuHR9S6FhVyraJ6w9j6RTUryCqgVrhpfQg9y2OdnaqMFNcIR239OBmvqn+WlgFxcMqJtpIKe8ixBZq67pjxbSl2p,iv:zKMyhEJ160MN3+54csuurMXvIAFfWG95bv/cIH3hqJo=,tag:Nr0G7qx8cdpNoW3t5P1CBA==,type:str] sops: kms: [] gcp_kms: [] @@ -50,8 +49,8 @@ sops: c2lzVGV6WnVQT1pOTTVwRUxlMWZobWsK0CrDl2ELoYOTrMt3uN3mgBSyaYqOQY4I vBK12PV9FR9GFpKN4kGB03PZ0gV0N1zlcCHpnPCUuHwbCvvF2+vCag== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-01T19:00:49Z" - mac: ENC[AES256_GCM,data:actvHBjLWBsKyU8U4mHApckLZ0ncbNaJeqRd0DgC/oX8hZ000/mfyWFT1NiZzbohaHh9c3KI6HvdwhJKvU1qIpnILNe89Y6iTQGbMLRNTemKaWuo9266V/vqLT7cy7JLsxoCcCi8a+AWja7H8k7tXixFz7/dwBE+nzWhdz0yju8=,iv:EsQvThgS/fgE4ygAdwQSbg5yH9AbUUvE1YGKtHV+BoM=,tag:hYiOsia05MhtIUh9JfpXMw==,type:str] + lastmodified: "2024-05-19T09:13:57Z" + mac: ENC[AES256_GCM,data:LqmR0jd8pD+l45o7cdxnuoDZUSBfPqL6o7AFtEsWeqEYi/Lbv+LLIBXIlUgG2BnOk2d78kmCFGqAl0F8Hi8qohG8Zki4FsHFDnrfXDlRZX+7J3TCvk/TIQ7NHqA1DjPf37WFuJWxUaW7oeeZVyOQ9KFgaenQMBt/eehiHpgBfW0=,iv:z5nD7ntEF3+Op9Dvg2h4jf2MPtfXsgRoH6B8MMi8Ius=,tag:4BmArd9jw1v/6HU7tat4VA==,type:str] pgp: - created_at: "2024-02-29T15:23:23Z" enc: |- @@ -189,4 +188,4 @@ sops: -----END PGP MESSAGE----- fp: FBBFAC260D9283D1EF2397DD3CA65E9DD6EB319D unencrypted_suffix: _unencrypted - version: 3.9.0 + version: 3.8.1