[Draft] Fixes for the mail configuration #22
13
README.md
13
README.md
|
|
@ -27,16 +27,3 @@ nixos-rebuild switch --flake .#<hostname>
|
|||
3. Change one letter in one of the yml entries to let sops know it has to regenerate the MAC
|
||||
4. Close the file. Open it again and revert the change you just did in step 3.
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>DKIM Key generation</summary>
|
||||
|
||||
Commands to create the dkim key:
|
||||
```bash
|
||||
cd /var/lib/rspamd/dkim
|
||||
```
|
||||
```bash
|
||||
DOMAIN=ifsr.de;rspamadm dkim_keygen -d "$DOMAIN" -s quitte -k "$DOMAIN".quitte.key >> "$DOMAIN".quitte.pub
|
||||
```
|
||||
|
||||
</details>
|
||||
|
|
|
|||
20
flake.nix
20
flake.nix
|
|
@ -14,23 +14,6 @@
|
|||
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
|
||||
|
||||
nixosConfigurations = {
|
||||
birne = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
./hosts/birne/configuration.nix
|
||||
|
||||
./modules/base.nix
|
||||
./modules/autoupdate.nix
|
||||
./modules/desktop.nix
|
||||
./modules/printing.nix
|
||||
./modules/wifi.nix
|
||||
./modules/options.nix
|
||||
{
|
||||
fsr.enable_office_bloat = true;
|
||||
}
|
||||
|
||||
];
|
||||
};
|
||||
sanddorn = nixpkgs.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
modules = [
|
||||
|
|
@ -42,8 +25,6 @@
|
|||
./hosts/sanddorn/configuration.nix
|
||||
./modules/infoscreen.nix
|
||||
./modules/base.nix
|
||||
./modules/autoupdate.nix
|
||||
./modules/wifi.nix
|
||||
./modules/desktop.nix
|
||||
./modules/options.nix
|
||||
"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
|
||||
|
|
@ -83,6 +64,7 @@
|
|||
./hosts/quitte/configuration.nix
|
||||
./modules/options.nix
|
||||
./modules/base.nix
|
||||
./modules/ldap.nix
|
||||
# ./modules/keycloak.nix replaced by portunus
|
||||
./modules/nginx.nix
|
||||
./modules/hedgedoc.nix
|
||||
|
|
|
|||
|
|
@ -1,41 +0,0 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
networking = {
|
||||
hostName = "birne";
|
||||
interfaces.wlp4s0.useDHCP = true;
|
||||
interfaces.enp1s0.useDHCP = true;
|
||||
wireless = {
|
||||
enable = true;
|
||||
interfaces = [ "wlp4s0" ];
|
||||
};
|
||||
};
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
users.users.printer = {
|
||||
isNormalUser = true;
|
||||
password = "printer";
|
||||
extraGroups = [ ];
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
firefox
|
||||
];
|
||||
|
||||
system.stateVersion = "21.05";
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -1,33 +0,0 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ohci_pci" "ehci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-amd" "wl" ];
|
||||
boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
|
||||
|
||||
fileSystems."/" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/9799b183-a191-484e-b9a4-05e29412af25";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/CF58-EB12";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[{ device = "/dev/disk/by-uuid/94622e8e-8b58-4b3b-9494-d144ccaeb486"; }];
|
||||
|
||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
||||
|
|
@ -1,24 +0,0 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
|
||||
networking.wg-quick.interfaces = {
|
||||
wg-dvb = {
|
||||
# pubkey: 8iQQSCI14dObcrMw0/rZJxfvpOAhy3CU+haJq2nyIzc=
|
||||
address = [ "10.13.37.1/32" ];
|
||||
privateKeyFile = config.sops.secrets.wg-seckey.path;
|
||||
listenPort = 51820;
|
||||
peers = [
|
||||
{
|
||||
# Tassilo
|
||||
publicKey = "vgo3le9xrFsIbbDZsAhQZpIlX+TuWjfEyUcwkoqUl2Y=";
|
||||
allowedIPs = [ "10.13.37.2/32" ];
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -11,59 +11,32 @@ Cp+QKOAMgAuzGA2l3k2Us75TbmbdjGQIXAHxfnLTc7yDaTWaVZtGMVMph4ood7RR
|
|||
8s+7lZi/Demr5Y4D/VC2vH60n5oGw3osoTAWCgcrA6/eOL0yCDPq0dDhpEea25j6
|
||||
9ttrlWbwR0WvsjWQf4DgEFqcvPdjRfPk/pLtkPlLIvMZE3L4wD1RAni0adhyBP0i
|
||||
oLEND7uAViobqWgQfP8qYvfolSO+NEwwGSZCAH+hHXyV/YNtTlrnPUYuPQARAQAB
|
||||
tB5MdWNhcyBGdWdtYW5uIDxsdWNhc0BmdWdpLmRldj6JAk4EEwEIADgWIQS/N5A6
|
||||
5v0pTExnTuJEcqIAkb+nkgUCYO2/mwIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIX
|
||||
gAAKCRBEcqIAkb+nkpa3D/0V46q3j00NiRW1wG8u1LM1sXt3vPCovXw+snALD/NP
|
||||
ddTzuDVZP9yKNOZI1Z1cA9VxBupxhmvJ4Nj+9WtxNSoTLvqwwDxiD9OmWudVM2fT
|
||||
+PEqtqfxAPK4OD63ahZWehkXUWDeNqNWYEJryztoum68WV6h5dWNO+hPcow6p+x4
|
||||
PCT/JKZFepR1/KQ3hs6JfzkVIZEwlRxvmebKR677lKVovtDp/Hs6MsQPijdXtiu5
|
||||
vQi5YIR++1qOHBf11qdK4bCzzacUoVTwrf5nenk6uoTGNatbHyLY36Mot2c4UvV+
|
||||
+0hOCZY/471D8pc/wd9XgirE+kHlVXhPc5mp83e42wKyOAay92p1fgm/2PhQUYLX
|
||||
QR1PThHA9pVnhOy5/5XhhdZ98Cqw254gQHe1At+nAlf6t64QnUcOnh/0oDBufxhE
|
||||
5VLd7fF5Sqn3yMc9JfbDlCCIhBwxVj8e3hMGwp58LstskmfebD+PyD6fgZHjVAmy
|
||||
j72SS6Le6eCW5tiHZ5Ii2cRc0EnmtpdqhLpeCOym9AWmEFc9ZvmUmGxyLLmFzC3f
|
||||
l1yLMHKNJygJ4q/t4mG/vmkXi6T/t2MCgpz05AaMSSLILWN7KylBc4QtslgBUlVO
|
||||
fIsoxVYPrHBQj49BKbNoYjM0lmE4QcVPcHtSW166cusAQEkJSDGn4oxg/U/4x9Rv
|
||||
UIkCMwQRAQoAHRYhBMYbspcSh6aHhOhEJCpYFQA7RhNEBQJhCmUeAAoJECpYFQA7
|
||||
RhNEwsMQAI4zoMf3LY6UkyPPD6l2hA3opzxBajBQto4/B6gdQYV9h9GCs9SXzuQj
|
||||
TIRykJX+10dgTRNpa6qTzUoYvDpG/22Z36/i63bRdVfCxBRphB6Ue/PIszomQZNY
|
||||
/qBiWxrl4RRZ5tX7ny5IVF3eDHNwMp597NVuQvWbr8aqGjrFM9dz8TvDwbQulQbP
|
||||
2UmZN301rqfIaCk3kCSWoDGAEOShWz4G/u7ExpXLbDZwercsQs2w9moUgVdB47H3
|
||||
HjT9tGEsFutcaOYXvKFIqh6wRg0iprP/g23WBzGZO5bf6fG3EzFaOoPWwBnJsxtx
|
||||
HbOGeeSgNmb6vYZv+XkjONINGJORkiNrC75bV0Y+GURGTZYqLmXsA1Cz1G14AHWc
|
||||
+astcLigOXJAzwKavYMaITWst9yVeZzYc91TMRDWXYK/93mgnc36xLs6SVJcsjGM
|
||||
FQRdWXotJYJsGfKgf/7WEVjhWuJtAjugd28kjDfnl0PiJLC/tNJMmS2sVPX/f993
|
||||
v+unm43UwWKJ1eu146Xpl73sqa9DBR4W0KDkz3zvzjRiIu90NlLCzLLhd6zxQZxh
|
||||
w+f1VZs7g1EiVxNUfOTp4yKbKFpvLxjRDOTbuMyHVHNtAfHgWsTnph+RhDqqI/Jg
|
||||
WrqIT6/CPJ0gA0zTZthhFiaADOlLVUoTC3+qI8Ne45yKv6U/VtSOiQLMBBEBCgC2
|
||||
FiEEtCpbjpGyU4HWTEfFxF0eaL0IbKEFAmERWCcFgwHhM4BkFIAAAAAAFQBGbW9y
|
||||
ZS1pbmZvQHNlbWlzb2wuZGV2aHR0cHM6Ly9zZW1pc29sLmRldi9zaWduLW1ldGEv
|
||||
QkYzNzkwM0FFNkZEMjk0QzRDNjc0RUUyNDQ3MkEyMDA5MUJGQTc5Mi0aaHR0cHM6
|
||||
Ly9zZW1pc29sLmRldi9jZXJ0aWZpY2F0aW9uLXBvbGljeS50eHQACgkQxF0eaL0I
|
||||
bKGnqA//dIwfktys+FRQ7sS+rvWYTwp6C5fkSSOddHhYNrDIuIh7dgmg9yY17zqH
|
||||
DSBSCsXZQVxQRu2iD+rCiqK3A1Lc1K3p8RxF/Ey/1J62XQ74TTqsMOVyvmDiO756
|
||||
ijrOEPCE4M0A+0YHic4/wCJ6jsxan2iNKLsggbSSOvzmTtp2uPUnPocNE+m6ndrQ
|
||||
ec6dtJ+QzPmYRuTAjEfWgSzQTLiOpZy6RkMuNsaFGJ0Xk+gVWEwTcejkKamS6f8n
|
||||
A/AhESJ2YeGUasAEggQbcug+AmVAtwyqJ6cXE96jeBHbaHJPzWoXqLcWAV4D2Rg6
|
||||
lYJqOQHpMtsG5hu/AzUwscrlOkKu6XM4wFWH3x3W37tbZeFouGyt+zioNqlsCr2+
|
||||
mOmWxG2OioPrMY6Ud43EY8HsO9SdFDY7MIAfN+XOeq9WjmGe6t4W2cTTfu1EaYVe
|
||||
16Qj8/0kdbY5mL0eZElo5tvRcNEmM50bwi1kKtjWXDW91chBluMZp7jc6pPaHyVM
|
||||
ldRyVi0Zp2blgHw5LGrjCYYMz8xeElbKXcE7/1L/xMTopj3JtwdPpM63610jrbPW
|
||||
uUr6qUm6ZQ9jnY/vJAoMepjRD6cuhRs77QUt8dVYWjRQzALQwXvsW/1ySDCIaJu7
|
||||
JH4GXfFjVGvzVRelhsK4FB/JjUEGCyL3XOixiniQFTrK68KbugO0IEx1Y2FzIEZ1
|
||||
Z21hbm4gPGx1Y2FzQGRlcmZ1Z2kuZGU+iQJOBBMBCAA4FiEEvzeQOub9KUxMZ07i
|
||||
RHKiAJG/p5IFAmElKLkCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQRHKi
|
||||
AJG/p5LuGA//Up4hOatiNvd/zkYJvHwnKPZy1zd3W7i5ytp8OgcitqbZyS4FKXAf
|
||||
XcDnSwxHKrgtf6mNiQgB9/VMR1T/lVjawXvkLnrCKIiqnBbWmL5MItX6rVI+Cxij
|
||||
MI2EyoFC5gRo97RRPX97i7I5Yi/S3WqfeQ1+7FyRwTA4rU6/pedxlWoYfwsQOGPG
|
||||
UwWK11v/Avl2mftnN1zpUpyhdQ+uwLRT2wwg7IdSEUBMHxywhoWuKNny+p2vSu0A
|
||||
C1qUwGgQaw2jtUoHZox64r+TEYBtOmfrt5dpyf442Lz0yNkOVvVZEf72DiODlyg3
|
||||
kkHvLlp7kKIkOKvt6td8Kry5HvotXtllwAqtL4bl8fKaI0CrBc2Duko8gXZMIF+S
|
||||
rhYChZ4sFNGQDAlFGDhUEsgnGCkuY/Z8SZH1wR5obwOewJe+zp3YoPACqj2IDTZl
|
||||
bHcxfa6+8FYVJob3ZoLleN6fWjSP6dLdL4BUkhPdGw/TNTQzlT0S3Rt3yajqOXDU
|
||||
cd3bqCCduRuaYtNwh9FPgj87A/eCmf/zidLnX4s0GIMg6PegzIrYAVJWidpMJkv+
|
||||
3FR2UhK8iIR9YxOpjIFDWhTzA4cLk+FvmLyjlbQ2n+mgdv3E3bqqHvEQQaO18NOL
|
||||
ZUa17ZB/W/CGCwrfWyUpYZrCaDNGTGiP8EiDSTAgq2eL6iRArb0J3065Ag0EYO2/
|
||||
tBJGdWdpIDxtZUBmdWdpLmRldj6JAlEEEwEIADsCGwMFCwkIBwIGFQoJCAsCBBYC
|
||||
AwECHgECF4AWIQS/N5A65v0pTExnTuJEcqIAkb+nkgUCY7sNHwIZAQAKCRBEcqIA
|
||||
kb+nkskdEACoQD1K+0THmBEsTwYMXap5zyjgrFM8wYhvEmny6OX+QWeXyd1s1Gnu
|
||||
nPImp6Pk/7GtfJoJvUS5Iw/6I7VTb5QrI2Pxs8ZQpEcv6jI7GK9jCqNAgrRbgWPC
|
||||
M/Pxucg8MNwNtMqn7am58tssi+Mlft1mBvNsAXUFLJp1cG7660m3A8qEzmzVbrT0
|
||||
EQgzdY+RlKjm+SaXdpq7l+oTN8q8e3KZtAIXL/nE8JbZbg/+cxlqkkbdmbQyO4d/
|
||||
HN94b/0Bf1dgAXAZU4AVY1q9OZWXW19CiRsdwqEL9QnFhqYQknS/yU4kccSxmWBC
|
||||
i3fAnWWV2a0xnCrtJV3Hkgzaqjzs1+zySM15lbN42QWCb/FaoOaHHRVlULRrKIdu
|
||||
AtzqMgx0uhQvnoB4WP6LKscU+dQybRcmWvXGpJ1H67Q9sshbAJ8/M6PIkv+ixTge
|
||||
9qDppPNgRQWfk4IkU070Ed2n6utwlH9T1UFtj2HfXbbs/EENlMMMGHKV5bfjLYO1
|
||||
wBMOmxneME65387gCC0VyC1mODHybrncbC/0wHeW4zKsEMP7xLC2YHnQMeo+nwW/
|
||||
ZbIyOAT1vSGcVGONy6Dm+o8dgmCkzxDtG+2h3VJ+oxSZXO4rhZD718HLEFLFJy31
|
||||
dra9QAZS6Id4TWBX/ssGHqfLROW9w915O5vUlMPMgWdadl+Gu/b6BLQeTHVjYXMg
|
||||
RnVnbWFubiA8bHVjYXNAZnVnaS5kZXY+iQJOBBMBCAA4AhsDBQsJCAcCBhUKCQgL
|
||||
AgQWAgMBAh4BAheAFiEEvzeQOub9KUxMZ07iRHKiAJG/p5IFAmO7DR8ACgkQRHKi
|
||||
AJG/p5KGYRAAoAGdF9xjBXt3XNRTQapCelA/GeNtUTTqd7AsEeTe2vpl2Wro+mqw
|
||||
d77997LzugxrqEOxmMTp8aqeu5eg7QZbYxIWRDESzIfLu3/mFK7RWtwUMnq9E+Nw
|
||||
1+6TM3r/wIg6vY6fLFZpUmnL3M7BXEBynCWXy0N39BtzcTD8SxYCco8Ud0ZD2Ike
|
||||
Pt/5xN5WHs+FyII4mUo8TDwW8hQbyMOQGu06prkG8NHn5PVQk3Fc4aqAwfYl9PaS
|
||||
GTfvz3POEL2+7e9cbc7wUaG6W0wVtS97j4BRLmDn2HmfcD611TX0Axfoji3wevYi
|
||||
2wvxidnVbvVUYpEq7cJ2XYBcE4gGTSADr6SnQtw5E6JyNkSZHCoNFv96VrROisIg
|
||||
Phhjtu21i8Ad6uBnNJa1bM0rrSL4YVSPT1UrhDsLdWVfB3TH5uAa+Ioss55dt22P
|
||||
2rG9MGKYMiOc0UpZEf8E7MndDP3hutQEVPHt94ccPPn6I33ZnvnNaORZAfPufrhl
|
||||
Y/Hf7gTgvlDoctev7sZ62VWeWvgn5BMIKVrmV4MJW/UWUguQim8F/hrst8KE62JP
|
||||
XEyvFoklx/f7osf0rbPcqQhKXUe8O+6n90Pt63Z3LptSx/PCxXsDwweuwoz1cTea
|
||||
ZuKmXywY1khbNMbKKTXn2vQ3jl/ZDZXGWBK0LF2O8Hn91J1VxybLczy5Ag0EYO2/
|
||||
mwEQANOkIongJ5zRz8NJLm94roMWnyi6QVASwR6MeBCXsudn6CZnQiSZX5XfOdEQ
|
||||
IynYSMRGuRQbSw29qXfzy2U2PVv6J7OuKcpYK66VHyLBfuKIt20W+lGJH9Vubj5u
|
||||
2dgEC9Tk/jjPtHgOwusWN3qmXt1C0iBB2iLXjlTfWn8o+iUhfcspc2t8/z6DM8mw
|
||||
|
|
@ -87,5 +60,5 @@ TEHp3JGG1j+bJxEpa0iKsaCWz2DNNv40lIrlFtzGarVBSF4fgAJoevhL+ZyY0RfR
|
|||
G42CTa2EDMpPZnvSkyOUIQIPVduqv5D0NQg2X97T3yBLlu0k3FORiXiutJF2y2Fr
|
||||
LpLVjBvNfedMx5pInZ1UcfugH3ptCMqBP6F8qkMZm6WXPiP4/+8ObN1JzHwUi0+A
|
||||
lESg8VM66bBC0U4xCXxIUhTNRtACJt3e7jkjNLAKPG7LQg==
|
||||
=6HqB
|
||||
=XbNH
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
|
|
|
|||
|
|
@ -1,10 +0,0 @@
|
|||
{ pkgs, config, ... }:
|
||||
|
||||
{
|
||||
system.autoUpgrade = {
|
||||
enable = true;
|
||||
dates = "12:00";
|
||||
# might need to move this into the configuration of `birne`?
|
||||
allowReboot = true;
|
||||
};
|
||||
}
|
||||
|
|
@ -25,7 +25,6 @@ in
|
|||
protocolUseSSL = true;
|
||||
dbURL = "postgres://hedgedoc:\${DB_PASSWORD}@localhost:5432/hedgedoc";
|
||||
sessionSecret = "\${SESSION_SECRET}";
|
||||
allowAnonymousEdits = true;
|
||||
csp = {
|
||||
enable = true;
|
||||
directives = {
|
||||
|
|
@ -34,6 +33,26 @@ in
|
|||
upgradeInsecureRequest = "auto";
|
||||
addDefaults = true;
|
||||
};
|
||||
allowGravatar = false;
|
||||
|
||||
## authentication
|
||||
# disable email
|
||||
email = false;
|
||||
allowEmailRegister = false;
|
||||
# allow anonymous editing, but not creation of pads
|
||||
allowAnonymous = false;
|
||||
allowAnonymousEdits = true;
|
||||
These extra changes are unintended as said above. Something went wrong while rebasing this branch. Most of the commits in this pr are already on main. These extra changes are unintended as said above. Something went wrong while rebasing this branch. Most of the commits in this pr are already on main.
|
||||
defaultPermission = "limited";
|
||||
# ldap auth
|
||||
ldap = rec {
|
||||
url = "ldap://localhost";
|
||||
searchBase = "ou=users,${config.services.portunus.ldap.suffix}";
|
||||
searchFilter = "(uid={{username}})";
|
||||
bindDn = "uid=${config.services.portunus.ldap.searchUserName},${searchBase}";
|
||||
bindCredentials = "\${LDAP_CREDENTIALS}";
|
||||
useridField = "uid";
|
||||
providerName = "iFSR";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -52,12 +71,23 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
sops.secrets.postgres_hedgedoc.owner = config.systemd.services.hedgedoc.serviceConfig.User;
|
||||
sops.secrets.hedgedoc_session_secret.owner = config.systemd.services.hedgedoc.serviceConfig.User;
|
||||
sops.secrets =
|
||||
let
|
||||
user = config.systemd.services.hedgedoc.serviceConfig.User;
|
||||
in
|
||||
{
|
||||
postgres_hedgedoc.owner = user;
|
||||
hedgedoc_session_secret.owner = user;
|
||||
hedgedoc_ldap_search = {
|
||||
key = "portunus_search";
|
||||
owner = user;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.hedgedoc.preStart = lib.mkBefore ''
|
||||
export DB_PASSWORD="$(cat ${config.sops.secrets.postgres_hedgedoc.path})"
|
||||
export SESSION_SECRET="$(cat ${config.sops.secrets.hedgedoc_session_secret.path})"
|
||||
export LDAP_CREDENTIALS="$(cat ${config.sops.secrets.hedgedoc_ldap_search.path})"
|
||||
'';
|
||||
systemd.services.hedgedoc.after = [ "hedgedoc-pgsetup.service" ];
|
||||
|
||||
|
|
|
|||
|
|
@ -1,64 +0,0 @@
|
|||
{ pkgs, config, lib, ... }: {
|
||||
|
||||
sops.secrets.postgres_keycloak = {
|
||||
owner = config.systemd.services.keycloak.serviceConfig.User;
|
||||
group = "keycloak";
|
||||
};
|
||||
|
||||
users.users.keycloak = {
|
||||
name = "keycloak";
|
||||
isSystemUser = true;
|
||||
group = "keycloak";
|
||||
};
|
||||
|
||||
users.groups.keycloak = {
|
||||
name = "keycloak";
|
||||
members = [ "keycloak" ];
|
||||
};
|
||||
|
||||
services = {
|
||||
keycloak = {
|
||||
enable = true;
|
||||
|
||||
settings = {
|
||||
hostname = "keycloak.quitte.tassilo-tanneberger.de";
|
||||
http-host = "127.0.0.1";
|
||||
http-port = 8000;
|
||||
https-port = 8001;
|
||||
proxy = "edge";
|
||||
};
|
||||
|
||||
database = {
|
||||
username = "keycloak";
|
||||
type = "postgresql";
|
||||
passwordFile = config.sops.secrets.postgres_keycloak.path;
|
||||
name = "keycloak";
|
||||
host = "localhost";
|
||||
createLocally = true;
|
||||
};
|
||||
};
|
||||
postgresql = {
|
||||
enable = true;
|
||||
};
|
||||
nginx = {
|
||||
enable = true;
|
||||
recommendedProxySettings = true;
|
||||
virtualHosts = {
|
||||
"${config.services.keycloak.settings.hostname}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
http2 = true;
|
||||
locations = {
|
||||
"/" =
|
||||
let
|
||||
cfg = config.services.keycloak.settings;
|
||||
in
|
||||
{
|
||||
proxyPass = "http://${cfg.http-host}:${toString cfg.http-port}";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
{ config, ... }:
|
||||
{ config, pkgs, ... }:
|
||||
let
|
||||
domain = "auth.${config.fsr.domain}";
|
||||
|
||||
|
|
@ -89,6 +89,29 @@ in
|
|||
daemon.enable = true;
|
||||
};
|
||||
|
||||
security.pam.services.sshd.text = ''
|
||||
# Account management.
|
||||
account sufficient ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so
|
||||
account required pam_unix.so
|
||||
|
||||
# Authentication management.
|
||||
auth sufficient pam_unix.so likeauth try_first_pass
|
||||
auth sufficient ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so use_first_pass
|
||||
auth required pam_deny.so
|
||||
|
||||
# Password management.
|
||||
password sufficient pam_unix.so nullok sha512
|
||||
password sufficient ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so
|
||||
|
||||
# Session management.
|
||||
session required pam_env.so conffile=/etc/pam/environment readenv=0
|
||||
session required pam_unix.so
|
||||
session required pam_loginuid.so
|
||||
session optional pam_mkhomedir.so
|
||||
session optional ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so
|
||||
session optional ${pkgs.systemd}/lib/security/pam_systemd.so
|
||||
|
||||
'';
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
|
|
|||
107
modules/mail.nix
107
modules/mail.nix
|
|
@ -1,4 +1,4 @@
|
|||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
hostname = "mail.${config.fsr.domain}";
|
||||
domain = config.fsr.domain;
|
||||
|
|
@ -6,7 +6,9 @@ let
|
|||
# brauchen wir das überhaupt?
|
||||
#ldap-aliases = pkgs.writeText "ldap-aliases.cf" ''
|
||||
#server_host = ldap://localhost
|
||||
#search_base = ou=mail, dc=ifsr, dc=de
|
||||
#search_base = dc=ifsr, dc=de
|
||||
#query_filter = (&(objectClass=posixAccount)(uid=%n))
|
||||
#result_attribute=mail
|
||||
#'';
|
||||
dovecot-ldap-args = pkgs.writeText "ldap-args" ''
|
||||
uris = ldap://localhost
|
||||
|
|
@ -17,8 +19,8 @@ let
|
|||
ldap_version = 3
|
||||
scope = subtree
|
||||
base = dc=ifsr, dc=de
|
||||
user_filter = (&(objectClass=posixAccount)(uid=%n))
|
||||
pass_filter = (&(objectClass=posixAccount)(uid=%n))
|
||||
user_filter = (&(objectClass=posixAccount)(mail=%u))
|
||||
pass_filter = (&(objectClass=posixAccount)(mail=%u))
|
||||
'';
|
||||
in
|
||||
{
|
||||
|
|
@ -26,33 +28,85 @@ in
|
|||
sops.secrets."dovecot_ldap_search".owner = config.services.dovecot2.user;
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 25 465 993 ];
|
||||
users.users.postfix.extraGroups = [ "opendkim" ];
|
||||
|
||||
services = {
|
||||
postfix = {
|
||||
enable = true;
|
||||
enableSubmissions = true;
|
||||
hostname = "${hostname}";
|
||||
domain = "${domain}";
|
||||
relayHost = "";
|
||||
origin = "${domain}";
|
||||
destination = [ "${hostname}" "${domain}" "localhost" ];
|
||||
networks = [ "127.0.0.1" "141.30.30.169" ];
|
||||
sslCert = "/var/lib/acme/${hostname}/fullchain.pem";
|
||||
sslKey = "/var/lib/acme/${hostname}/key.pem";
|
||||
extraAliases = ''
|
||||
# Taken from kaki, maybe we can throw out some at some point
|
||||
# General redirections for pseudo accounts
|
||||
bin: root
|
||||
daemon: root
|
||||
named: root
|
||||
nobody: root
|
||||
uucp: root
|
||||
www: root
|
||||
ftp-bugs: root
|
||||
postfix: root
|
||||
|
||||
# Well-known aliases
|
||||
manager: root
|
||||
dumper: root
|
||||
operator: root
|
||||
abuse: postmaster
|
||||
|
||||
# trap decode to catch security attacks
|
||||
decode: root
|
||||
'';
|
||||
config = {
|
||||
home_mailbox = "Maildir/";
|
||||
smtp_use_tls = true;
|
||||
smtp_tls_security_level = "encrypt";
|
||||
smtpd_use_tls = true;
|
||||
smtpd_tls_security_level = lib.mkForce "encrypt";
|
||||
smtpd_tls_auth_only = true;
|
||||
smtpd_tls_protocols = [
|
||||
"!SSLv2"
|
||||
"!SSLv3"
|
||||
"!TLSv1"
|
||||
"!TLSv1.1"
|
||||
];
|
||||
smtpd_recipient_restrictions = [
|
||||
"reject_unauth_destination"
|
||||
"permit_sasl_authenticated"
|
||||
"permit_mynetworks"
|
||||
"reject_unauth_destination"
|
||||
"reject_non_fqdn_hostname"
|
||||
"reject_non_fqdn_sender"
|
||||
"reject_non_fqdn_recipient"
|
||||
"reject_unknown_sender_domain"
|
||||
"reject_unknown_recipient_domain"
|
||||
"reject_unauth_destination"
|
||||
"reject_unauth_pipelining"
|
||||
"reject_invalid_hostname"
|
||||
];
|
||||
smtpd_relay_restrictions = [
|
||||
"permit_sasl_authenticated"
|
||||
"permit_mynetworks"
|
||||
"reject_unauth_destination"
|
||||
];
|
||||
#alias_maps = [ "ldap:${ldap-aliases}" ];
|
||||
smtpd_milters = [ "local:/run/opendkim/opendkim.sock" ];
|
||||
non_smtpd_milters = [ "local:/var/run/opendkim/opendkim.sock" ];
|
||||
smtpd_sasl_auth_enable = true;
|
||||
smtpd_sasl_path = "/var/lib/postfix/auth";
|
||||
virtual_mailbox_base = "/var/mail";
|
||||
smtpd_sasl_type = "dovecot";
|
||||
# virtual_mailbox_base = "/var/mail";
|
||||
};
|
||||
};
|
||||
dovecot2 = {
|
||||
enable = true;
|
||||
enableImap = true;
|
||||
enableQuota = false;
|
||||
mailLocation = "maildir:~/Maildir";
|
||||
sslServerCert = "/var/lib/acme/${hostname}/fullchain.pem";
|
||||
sslServerKey = "/var/lib/acme/${hostname}/key.pem";
|
||||
mailboxes = {
|
||||
|
|
@ -74,7 +128,6 @@ in
|
|||
};
|
||||
};
|
||||
extraConfig = ''
|
||||
mail_location = maildir:/var/mail/%u
|
||||
passdb {
|
||||
driver = ldap
|
||||
args = ${dovecot-ldap-args}
|
||||
|
|
@ -92,6 +145,14 @@ in
|
|||
}
|
||||
'';
|
||||
};
|
||||
opendkim = {
|
||||
enable = true;
|
||||
domains = "csl:${config.fsr.domain}";
|
||||
selector = config.networking.hostName;
|
||||
configFile = pkgs.writeText "opendkim-config" ''
|
||||
UMask 0117
|
||||
'';
|
||||
};
|
||||
rspamd = {
|
||||
enable = true;
|
||||
postfix.enable = true;
|
||||
|
|
@ -101,12 +162,6 @@ in
|
|||
read_servers = "127.0.0.1";
|
||||
write_servers = "127.0.0.1";
|
||||
'';
|
||||
"dkim_signing.conf".text = ''
|
||||
path = "/var/lib/rspamd/dkim/$domain.$selector.key";
|
||||
selector = "quitte";
|
||||
sign_authenticated = true;
|
||||
use_domain = "header";
|
||||
'';
|
||||
};
|
||||
};
|
||||
redis = {
|
||||
|
|
@ -140,27 +195,3 @@ in
|
|||
};
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,23 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
services.nginx.enable = true;
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
appendHttpConfig = ''
|
||||
map $remote_addr $remote_addr_anon {
|
||||
~(?P<ip>\d+\.\d+\.\d+)\. $ip.0;
|
||||
~(?P<ip>[^:]+:[^:]+): $ip::;
|
||||
# IP addresses to not anonymize
|
||||
127.0.0.1 $remote_addr;
|
||||
::1 $remote_addr;
|
||||
default 0.0.0.0;
|
||||
}
|
||||
log_format anon_ip '$remote_addr_anon - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log /var/log/nginx/access.log anon_ip;
|
||||
'';
|
||||
};
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults = {
|
||||
|
|
|
|||
|
|
@ -1,36 +0,0 @@
|
|||
{ pkgs, config, ... }:
|
||||
|
||||
{
|
||||
# Enable CUPS to print documents.
|
||||
services = {
|
||||
printing.enable = true;
|
||||
printing.drivers = with pkgs; [
|
||||
gutenprint
|
||||
gutenprintBin
|
||||
hplip
|
||||
hplipWithPlugin
|
||||
];
|
||||
avahi.enable = true;
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
gnome.gnome-control-center
|
||||
];
|
||||
# set up Heiko
|
||||
hardware.printers.ensurePrinters = [
|
||||
{
|
||||
description = "Drucker im FSR Buero";
|
||||
deviceUri = "dnssd://Kyocera%20ECOSYS%20M6630cidn._ipp._tcp.local/?uuid=4509a320-007e-002c-00dd-002507504ad0";
|
||||
location = "FSR Buero";
|
||||
model = "Kyocera ECOSYS M6630cidn KPDL";
|
||||
name = "Heiko";
|
||||
}
|
||||
{
|
||||
description = "Drucker im FSR Buero";
|
||||
deviceUri = "dnssd://Kyocera%20ECOSYS%20M6630cidn._pdl-datastream._tcp.local/?uuid=4509a320-007e-002c-00dd-002507504ad0";
|
||||
location = "FSR Buero";
|
||||
model = "Kyocera ECOSYS M6630cidn KPDL";
|
||||
name = "Heiko";
|
||||
}
|
||||
];
|
||||
}
|
||||
|
|
@ -1,24 +0,0 @@
|
|||
#
|
||||
# Useful config
|
||||
# https://tu-dresden.de/zih/dienste/service-katalog/arbeitsumgebung/zugang_datennetz/wlan-eduroam
|
||||
# https://www.stura.htw-dresden.de/stura/ref/hopo/dk/nachrichten/eduroam-meets-nixos
|
||||
#
|
||||
{ pkgs, config, ... }:
|
||||
let
|
||||
password = "$(${pkgs.coreutils}/bin/cat /run/secrets/fsr_wifi_psk)";
|
||||
in
|
||||
{
|
||||
networking = {
|
||||
wireless = {
|
||||
enable = true;
|
||||
networks = {
|
||||
"FSR" = {
|
||||
priority = 10;
|
||||
pskRaw = "9dbdf08e1205b1167a812a35cfac4b49a86e155eec707bd47f4d06d829e7d168";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -1,43 +0,0 @@
|
|||
fsr_wifi: ENC[AES256_GCM,data:CD0ge6d5+gc=,iv:yuWfwwGm2HOKvMQQ9lF4TFOqvCU2z06sqS+pzhCFhfY=,tag:1+8MwcPUGgtcdXvTNAuR5g==,type:str]
|
||||
fsr_wifi_psk: ENC[AES256_GCM,data:uwq/nkKm9eDdMxUJMQ==,iv:q9mzhfkPBM1oTQN69tSEiQmf3hYZ4pGJEqjVEjU//FI=,tag:g0p+S2jlkAT0jY5hBRKuXw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1925katzy5gws3f9hnvnlwspu6trxf488arwt6ayw3urg2mgumqhszxnmqh
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBySHgvQThoSmpXOUc1a3lN
|
||||
dXR6ZElYYlppOXNISXM0bURxQjdIU3pDL2wwCmNoT0pYTEdubWh3eFc3VzVwdnR3
|
||||
TU5CbFlBTWxYaHRjamUzamIzQ1VnbFEKLS0tIDVUSEVtKzh1aVp1ekxVd2xRWHVo
|
||||
dEExQkJySmo5eGtEdXVvd1FFVVhpdFUKNx1FXti0qWKDRYM6wsIUceXbjzra5ezc
|
||||
0fNI2r7qnVQ1QghtKnibwMUR1q4/DphKEm4eX4e6q+jfHleHCSk6+g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-03-05T13:53:02Z"
|
||||
mac: ENC[AES256_GCM,data:ZpEk+wpGQz2ul+Me6i45wXkzvuxzwkibLcljBs2KjTAgjH6F4q1JyXuY271JD95A5HgEvv4Atm3sbHaG+hghXy/36WSFw5jJRBwOjDrOSSAq12+UFeYjgSA2EwbvgbBdIO6VgaRLnXtobtLFG5qaVzUAvSevo6n8vBhEjSHEEJk=,iv:iZ9bJ+it3s6lB8piPeKjVy4QYzwYGUb4EUwvnCR753Q=,tag:Nveq//4C1tiwGOkeXV7a0A==,type:str]
|
||||
pgp:
|
||||
- created_at: "2022-03-05T13:42:43Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA/YLzOYaRIJJARAAvxLI7hxutYG0KDovCjpGKIZA1JyNjp1/QYLKz3QDUFsZ
|
||||
Ykwmixkt2wjTQjn9aE66ujLiEzMDfV2VZ6ao7Ehg04fysU1WurqEB5D+hiS6SCc2
|
||||
3DgvlPeicY+87oZin1iaqL505MzQCEVbmcar++VCdQIGUZSQvbn1Nxn3RxKjHCjm
|
||||
RW0juiSH1FUIZdBPL9NgUEixv7KpdEBxO5JR30GxDgYMG1Xji9Y2KsBy9XP5Lhn2
|
||||
ziuzs6vTfFTuVUdylJNkT6yVgK4V7oEkIMiVPGFYXSUWT3TNZ0qRwuk6UJYLfvnY
|
||||
Mt0jyKyi+hRIWPQEjBmpK/siBsQGSCXsRe84g+LUtdfPbvqwdZb59qy5B65z/ku/
|
||||
6EQIaPRkgCa5AED3gJQCbBYhvymdgl8ZZcXkVV1Ap2VgKS5o0s+CNjdiNkXdGTL/
|
||||
NdE7kehGJCtsHUVGs2I8TfLg/uVgJTKEodTq8eLu8WhVkNKzk9aFBCfHKYtkXBIi
|
||||
ZIXUHNbPtXDL4aHgOTuTYjWM8bhW0pdnkGX7daqPsfNqgR9hzOo3TzoR3DRDK91w
|
||||
cvUZ9hApYJ0OVxuPa38JGiYn3826iSSRK8qPjAndE4HhYgT/lZvu8/vZAW6EF/yH
|
||||
8exruofMHNBNNdotkYDnyaFO6C+00SMcTUkG49vRqQKwrBygAoPLEKQhDBgczcnU
|
||||
aAEJAhBWRVtwhCZtQV1MCl5u0IbSlxQiIH93FrdTfbJQdKM+LFlwkXOngO4blGOi
|
||||
1tQbkiyLzIio+yoyfvbXZOIeMkLA3GynsKtxjnYYipXkuv3LP5BvZiH+bzG9jPW4
|
||||
jXrR59MZPJLY
|
||||
=hWOx
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.1
|
||||
|
|
@ -1,43 +0,0 @@
|
|||
fsr_wifi: ENC[AES256_GCM,data:nzfwY2UygQSdboRvfDxVSrUE+WLBJLYBLw==,iv:yR3lCbyUSg97+MnuwUkXEsHtSGuYOPYRgvW/YZYDhv0=,tag:eN/lqD1BetqnFDAFJE6D2g==,type:str]
|
||||
fsr_wifi_psk: ENC[AES256_GCM,data:A1Z809FJ0fUd93QcX5NNnfVxyzUZMuPGC6Hu4M9LpRoMOTrMcRPMDaR0N+cgmV7rnjYvzm4gTSTEcnqsnLGyNA==,iv:WMs3/I3SEDJwcpyqclCfxKcx61m/6BcwbGaGS4I4a5s=,tag:oYG8M3NQ2lkcUGr2K5YUEg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1jyxk2z69pm8hpz5zlf5lh05vrws2sprum3ucx2xjpq8efctcfdaq0jhs3w
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRQXByc2lJWnQ0Rm1Wb1V5
|
||||
aVFaY0cwcnVlUFRKNGNYYjJjMnB5NVlkendRCkxJZ0JILzVvbDZRNzlYaWtEREJr
|
||||
VmYzaUNiU0VmTkZzckhJeS84OU5TUkUKLS0tIG5qTnVtbHV3TWh0cW4xYlJiV0Ji
|
||||
MFQrNkJxUUVFSStPenM4Tmx6dlVsSm8KQMPsuc/E89aDek3csMarrKm5qcfQKf3u
|
||||
2ApD8dEN+L1L9bbJGAY6uNM6sXu5eTAGD7+Rc0duZIdDCg0LGFV8jw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-03-05T13:52:43Z"
|
||||
mac: ENC[AES256_GCM,data:/uszrMeVsVlpjFyI29/Sasr8jY3/elnnbbUDmZ1+3YHzoujQRZe47VOpfOgs/XZym+jj7MZInu5Y361YalFb0ArS7GmexZA88rFvOqHPIIUuk2h1iCHLpZRafg96x737snna7L7zHNJFJLBhqcpdt0U4U6SZjXlJ9UgR96c6Agk=,iv:4kCCIhUEfc0GCzoh+3cNxB3cnn71/0jmKI1r62dYFmk=,tag:REOoImReJds8LBKZpeu78w==,type:str]
|
||||
pgp:
|
||||
- created_at: "2022-03-05T13:41:12Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA/YLzOYaRIJJAQ/+Jis1dE0ZmxKIaqJKc1itSqd09ieVJDMmei410O2VycU3
|
||||
98YHvdrkRcG+3tLkvzebATANyHcJeefjt4uvQnMjlswX5DHm3JxNYnfOhCQNpexl
|
||||
80Lp/0qmnCy1rd2C8/Mr9ub2frupEGeBgU4TwA1LW5X1f89NP9R7b6tBcVMyF/OW
|
||||
+WWu2g+0yLC9rle0a5QeIkrKsmyB5+dEYOakCMunKCYXE+MS4ULkZqFxhJ8ckTo7
|
||||
rKiR8UwzDL+iMl4zLgeNF5Uw7WH8tdHiD3thHQvzjL9++Tg4jZWdgtjdICs1ye2y
|
||||
sUGzk0RhjXT/Q3rBwQbiivZq7s3ngBpom0co74+X6DORMN0P8WUdox7j4KUS3/oA
|
||||
KwtyUF92dK9uJwckyN7LXho7zVTnZXV7jjupBacjr0TeHgYzP1eDhbsC6mFlWv2x
|
||||
mHeK7hQF6VBNi1tAVlcMktbuxZRtc8P0ljFeSXRDoLJKdduIb3TKbGSsAHs1lX+n
|
||||
CEK2kfS+V6g4CXaSsAsDqIZ75k6bJYRd8M81a1XvSAMB1fzQYDU1zrPGquggOBku
|
||||
S0R0y0po7OwnqQ0HBgVHC8uU8hbG/EIvA1Wpw9FQnjGugi0pOoIiynqJWzttFwvq
|
||||
XBV27Z7wumWzwij9uFt+TEy7Olulu/Vi/56tiyUNnbklwQqe1mj1m4nnu6z6v4TU
|
||||
aAEJAhDM3iZRqVMChcCd6A/btYAwNnZrJNzxj+BIV5/+sAk3wjqc6UM7+qdBuzsH
|
||||
uYq+HBTcdQgpoyqtFryrjQvCsksB6O4eS62FIAKfD65HaxNYQLUYNJ4Xs3NIqroH
|
||||
MogSWSOw4clo
|
||||
=8/Ez
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.1
|
||||
Loading…
Reference in a new issue
do we want to quickly move that into a different pr ? because looks pretty unrelated