From 7f550aabb0f22cb5327a16141fbaca95072c0884 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 16 May 2025 17:14:34 +0200 Subject: [PATCH 001/376] Update vars via generator pinchflat for machine genepi --- .../genepi/pinchflat/env/machines/genepi | 1 + vars/per-machine/genepi/pinchflat/env/secret | 19 +++++++++++++++++++ .../genepi/pinchflat/env/users/rpqt | 1 + 3 files changed, 21 insertions(+) create mode 120000 vars/per-machine/genepi/pinchflat/env/machines/genepi create mode 100644 vars/per-machine/genepi/pinchflat/env/secret create mode 120000 vars/per-machine/genepi/pinchflat/env/users/rpqt diff --git a/vars/per-machine/genepi/pinchflat/env/machines/genepi b/vars/per-machine/genepi/pinchflat/env/machines/genepi new file mode 120000 index 0000000..342fa08 --- /dev/null +++ b/vars/per-machine/genepi/pinchflat/env/machines/genepi @@ -0,0 +1 @@ +../../../../../../sops/machines/genepi \ No newline at end of file diff --git a/vars/per-machine/genepi/pinchflat/env/secret b/vars/per-machine/genepi/pinchflat/env/secret new file mode 100644 index 0000000..85f5190 --- /dev/null +++ b/vars/per-machine/genepi/pinchflat/env/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:Sfpe4CSU6+923CWT4BGzizP3fNIkCfYJGDvIEFRVDAgnVCAtGl27+q4936CNeIlmzrOjatpIUgTFK/XKB4euNK9C9/baS/C7rB2oDyaebFSiYEGpIpEMjI2V4kK+TwTfrtwrgOl0gjAVKlRJ9+1fmTrPADHn0Oqn7cPMDg2tNh7Lrb3ivyYxxq/RnPGf201/pQ==,iv:Jh11D+YQv3QnnWuc1jcpmifSY8kujxOKK6e79oQdm4c=,tag:AcyVHWHLtIPQwCChbG4ukg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4NG1RMEhBS1duS3BRVnlI\neGYyOGcwazRPUFR0VEsyVDEzOWtHUC9ZdnlJCnNsQVI3SldvaytISEJIVWlYVWZp\nY09rQjZPZlhSd2JqanVmdEU4VElOWWsKLS0tIDkxUTVsMGZZUGR3bnNnd2ZZRnVI\naDNSQUhxZC9GdWFGcDNVVzVTSTNkalEKN4HIixpko+0uqd9BMH8tDIe2rbNkJ9jv\nNKv/zM2ONFtPGZDoEcPQlfPzSRTHKdYCnToeaQFjU3f2KCjN516oWg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3ZGFZSGNkSHZQaFRqMERO\nVHZnaGhsUlVHekpxMzhrd3NSRUJMMW81QzNzCjdQanZuS2FXbk9CaUl2WU1KVmFt\nSVpKRFB1OTU0TlJ4SFIvTENqR3JLbVUKLS0tIFY2OFZXeGlxZUNmR1Zrc1ZaWERr\nS3pNc0ZCNTB2U1lBZ0cvRUc4ZXN2NWMKUrpP69SdEdMYy/aOyoLgCAnnfBFY1le+\nnT7tTxfjH1vc183A13nMPU2sbk/sOFm/nneIVaKtenHsjJvJMSbY8A==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-05-16T15:14:34Z", + "mac": "ENC[AES256_GCM,data:HneZmFLyVWdGmQGgMY5NObs1AxBGTyfsKPfStNhglWjxAXxXzccfxL1vRHnAs49WGUhUupGp+Xw9u59LuDmCgcWEynlHRHz/Z2cVcNS+0CChDp/U63+ave9R1U6DAxMTtDof/DEcdE8LbsvjHWvSxSV9IhYMg3N1e1bUaLKFsFs=,iv:MViUd7Y5sPzjf74gXFSegvcxetnVFp1eNujFbNdwB5w=,tag:jt2T4y0+PlT85EvWc9kN5g==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/genepi/pinchflat/env/users/rpqt b/vars/per-machine/genepi/pinchflat/env/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/genepi/pinchflat/env/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From 8a807d4dd5b5017f15dd76a06feebcb032a0a974 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 21 May 2025 17:51:42 +0200 Subject: [PATCH 002/376] Update vars via generator disk-id for machine genepi --- vars/per-machine/genepi/disk-id/diskId/value | 1 + 1 file changed, 1 insertion(+) create mode 100644 vars/per-machine/genepi/disk-id/diskId/value diff --git a/vars/per-machine/genepi/disk-id/diskId/value b/vars/per-machine/genepi/disk-id/diskId/value new file mode 100644 index 0000000..3007ad8 --- /dev/null +++ b/vars/per-machine/genepi/disk-id/diskId/value @@ -0,0 +1 @@ +72b27bb5253045f38a07b6bc368ab85c \ No newline at end of file From 1361049225bdd56d443e6b14e944bc91bf626af8 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 22 May 2025 22:25:45 +0200 Subject: [PATCH 003/376] add clan trusted caches on haze --- machines/haze/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index f66d604..093772f 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -22,6 +22,7 @@ ../../system inputs.clan-core.clanModules.state-version + inputs.clan-core.clanModules.trusted-nix-caches inputs.home-manager.nixosModules.home-manager { From 8af8425eeff39a9bd38cf38de9725405de0c3260 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 22 May 2025 22:26:21 +0200 Subject: [PATCH 004/376] add kde connect --- machines/haze/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index 093772f..d0b43f8 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -51,6 +51,8 @@ }; }; + programs.kdeconnect.enable = true; + # Remote builds nix = { distributedBuilds = true; From 4f3afd3a2c576247660ff163b9f13190db84c529 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 22 May 2025 22:28:34 +0200 Subject: [PATCH 005/376] remove default user hashed password --- system/core/users.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/system/core/users.nix b/system/core/users.nix index 1db5cfc..bf55e6b 100644 --- a/system/core/users.nix +++ b/system/core/users.nix @@ -19,8 +19,6 @@ openssh.authorizedKeys.keys = [ keys.rpqt.haze ]; - initialHashedPassword = "$y$j9T$.y7GZIaYYgEHt1spMsOqi/$k4O3AAKBhJF0gI.G9/Ja8ssGsVTv3VPD5WC.7ErAUD1"; - extraGroups = [ "wheel" ]; From 2ee9461c9e824803bfce02c9b795189642c7508c Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 24 May 2025 18:35:16 +0200 Subject: [PATCH 006/376] make devshell work on aarch64-linux --- flake.nix | 51 ++++++++++++++++++++++++++++----------------------- 1 file changed, 28 insertions(+), 23 deletions(-) diff --git a/flake.nix b/flake.nix index 5103abf..d1af54a 100644 --- a/flake.nix +++ b/flake.nix @@ -64,29 +64,34 @@ inherit (clan) clanInternals nixosConfigurations; devShells = - let - system = "x86_64-linux"; - pkgs = import nixpkgs { - inherit system; - }; - in - { - "${system}".default = pkgs.mkShell { - packages = [ - inputs.agenix.packages.${system}.default - clan-core.packages.${system}.clan-cli - pkgs.nil # Nix language server - pkgs.nixfmt-rfc-style - pkgs.opentofu - pkgs.terraform-ls - pkgs.deploy-rs - pkgs.zsh - ]; - shellhook = '' - exec zsh - ''; - }; - }; + nixpkgs.lib.genAttrs + [ + "x86_64-linux" + "aarch64-linux" + ] + ( + system: + let + pkgs = nixpkgs.legacyPackages.${system}; + in + { + default = pkgs.mkShell { + packages = [ + inputs.agenix.packages.${system}.default + clan-core.packages.${system}.clan-cli + pkgs.nil # Nix language server + pkgs.nixfmt-rfc-style + pkgs.opentofu + pkgs.terraform-ls + pkgs.deploy-rs + pkgs.zsh + ]; + shellhook = '' + exec zsh + ''; + }; + } + ); }; inputs = { From 03abf0c7afe5e94e6bfd9a50cc656f2ddf6f797c Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sun, 25 May 2025 23:04:11 +0200 Subject: [PATCH 007/376] update renamed pinentry option --- home/desktop/pass.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/desktop/pass.nix b/home/desktop/pass.nix index 84cc37f..3b60fee 100644 --- a/home/desktop/pass.nix +++ b/home/desktop/pass.nix @@ -9,6 +9,6 @@ programs.gpg.enable = true; services.gpg-agent = { enable = true; - pinentryPackage = pkgs.pinentry-gnome3; + pinentry.package = pkgs.pinentry-gnome3; }; } From cdc4c4e38bf9e0abbe6a53e459f7dc247035cb69 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sun, 25 May 2025 23:10:16 +0200 Subject: [PATCH 008/376] remove impermanence on genepi --- machines/genepi/configuration.nix | 2 - machines/genepi/disko.nix | 11 ------ machines/genepi/persistence.nix | 64 ------------------------------- machines/genepi/taskchampion.nix | 6 +-- 4 files changed, 1 insertion(+), 82 deletions(-) delete mode 100644 machines/genepi/persistence.nix diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index e86c027..1c684c3 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -5,7 +5,6 @@ { imports = [ inputs.agenix.nixosModules.default - inputs.impermanence.nixosModules.impermanence ./acme.nix ./boot.nix ./builder.nix @@ -18,7 +17,6 @@ ./mpd.nix ./network.nix ./nginx.nix - ./persistence.nix ./syncthing.nix ./taskchampion.nix diff --git a/machines/genepi/disko.nix b/machines/genepi/disko.nix index 3fd4480..0c1659c 100644 --- a/machines/genepi/disko.nix +++ b/machines/genepi/disko.nix @@ -52,14 +52,6 @@ "noatime" ]; }; - "/persist" = { - mountpoint = "/persist"; - mountOptions = [ - "subvol=persist" - "compress=zstd" - "noatime" - ]; - }; "/log" = { mountpoint = "/var/log"; mountOptions = [ @@ -80,7 +72,4 @@ }; }; }; - - fileSystems."/persist".neededForBoot = true; - fileSystems."/var/log".neededForBoot = true; } diff --git a/machines/genepi/persistence.nix b/machines/genepi/persistence.nix deleted file mode 100644 index bca3d3e..0000000 --- a/machines/genepi/persistence.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ lib, ... }: -{ - environment.persistence."/persist" = { - enable = true; - directories = [ - "/var/lib/nixos" - "/var/lib/acme" - "/var/lib/prometheus2" - "/var/lib/immich" - "/var/lib/redis-immich" - "/var/lib/postgresql" - "/var/lib/grafana" - "/var/lib/freshrss" - "/var/lib/tailscale" - ]; - files = [ - # so that systemd doesn't think each boot is the first - "/etc/machine-id" - # ssh host keys - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_rsa_key.pub" - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - ]; - users.rpqt = { - directories = [ ]; - files = [ ]; - home = "/home/rpqt"; - }; - }; - - # Empty root and remove snapshots older than 30 days - # boot.initrd.postDeviceCommands = lib.mkAfter '' - # mkdir /btrfs_tmp - # mount /dev/disk/by-label/nixos /btrfs_tmp - # if [[ -e /btrfs_tmp/root ]]; then - # mkdir -p /btrfs_tmp/old_roots - # timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") - # mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" - # fi - - # delete_subvolume_recursively() { - # IFS=$'\n' - # for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do - # delete_subvolume_recursively "/btrfs_tmp/$i" - # done - # btrfs subvolume delete "$1" - # } - - # for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do - # delete_subvolume_recursively "$i" - # done - - # btrfs subvolume create /btrfs_tmp/root - # umount /btrfs_tmp - # rmdir /btrfs_tmp - # ''; - - # Give agenix persistent paths so it can load secrets before the mount - age.identityPaths = [ - "/persist/etc/ssh/ssh_host_ed25519_key" - "/persist/etc/ssh/ssh_host_rsa_key" - ]; -} diff --git a/machines/genepi/taskchampion.nix b/machines/genepi/taskchampion.nix index b06dbc5..5108dcd 100644 --- a/machines/genepi/taskchampion.nix +++ b/machines/genepi/taskchampion.nix @@ -1,15 +1,11 @@ -{ config, lib, ... }: +{ config, ... }: let domain = "home.rpqt.fr"; subdomain = "tw.${domain}"; - hasImpermanence = config.environment.persistence."/persist".enable; in { services.taskchampion-sync-server.enable = true; - services.taskchampion-sync-server.dataDir = - (lib.optionalString hasImpermanence "/persist") + "/var/lib/taskchampion-sync-server"; - services.nginx.virtualHosts.${subdomain} = { forceSSL = true; useACMEHost = "${domain}"; From 8095738a8f62fa50350c471e021995b6d1d02f7c Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sun, 25 May 2025 23:23:38 +0200 Subject: [PATCH 009/376] move genepi disk to ext4 using clan --- machines/genepi/configuration.nix | 2 + machines/genepi/disko.nix | 66 ++++++++++--------------------- 2 files changed, 22 insertions(+), 46 deletions(-) diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index 1c684c3..d373c90 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -37,6 +37,8 @@ networking.hostName = "genepi"; clan.core.networking.targetHost = "root@genepi.local"; + disko.devices.disk.main.device = "/dev/disk/by-id/ata-WD_Green_M.2_2280_480GB_2251E6411147"; + nix.gc = { automatic = true; dates = "weekly"; diff --git a/machines/genepi/disko.nix b/machines/genepi/disko.nix index 0c1659c..a1249bb 100644 --- a/machines/genepi/disko.nix +++ b/machines/genepi/disko.nix @@ -1,66 +1,40 @@ { + clan-core, + config, + ... +}: +let + suffix = config.clan.core.vars.generators.disk-id.files.diskId.value; +in +{ + imports = [ clan-core.clanModules.disk-id ]; + disko.devices.disk.main = { + name = "main-" + suffix; type = "disk"; - device = "/dev/disk/by-id/ata-WD_Green_M.2_2280_480GB_2251E6411147"; content = { type = "gpt"; partitions = { - ESP = { + boot = { + type = "EF02"; + size = "1M"; priority = 1; - name = "ESP"; - start = "1M"; - end = "512M"; + }; + ESP = { type = "EF00"; + size = "512M"; content = { type = "filesystem"; format = "vfat"; mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; }; }; root = { end = "-4G"; content = { - type = "btrfs"; - extraArgs = [ - "-L" - "nixos" - "-f" # Override existing partition - ]; - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ - "subvol=root" - "compress=zstd" - "noatime" - ]; - }; - "/home" = { - mountpoint = "/home"; - mountOptions = [ - "subvol=home" - "compress=zstd" - "noatime" - ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "subvol=nix" - "compress=zstd" - "noatime" - ]; - }; - "/log" = { - mountpoint = "/var/log"; - mountOptions = [ - "subvol=log" - "compress=zstd" - "noatime" - ]; - }; - }; + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; }; }; swap = { From 85d010dde0488580343cff72d25976f052d5d187 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 29 May 2025 23:00:29 +0200 Subject: [PATCH 010/376] setup ignis --- flake.lock | 152 ++++++++++++++++++++++++++++++----------- flake.nix | 4 ++ home/desktop/niri.nix | 1 - home/desktop/sway.nix | 1 - machines/haze/niri.nix | 5 +- 5 files changed, 120 insertions(+), 43 deletions(-) diff --git a/flake.lock b/flake.lock index 547ca88..f74a156 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1745630506, - "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=", + "lastModified": 1747575206, + "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", "owner": "ryantm", "repo": "agenix", - "rev": "96e078c646b711aee04b82ba01aefbff87004ded", + "rev": "4835b1dc898959d8547a871ef484930675cb47f1", "type": "github" }, "original": { @@ -39,11 +39,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1747400548, - "narHash": "sha256-zvBGXYkd8pZKkBXlLdcw0/nxSoGJOkwGbc6dz9NS4G8=", + "lastModified": 1748055643, + "narHash": "sha256-xBYbcGW5VcH7TLFO1X5wR/BBCOOrPAX9Ty+lIhXUuc8=", "ref": "refs/heads/main", - "rev": "56f3fd0a454635d0449330e6848a98bab6da020e", - "revCount": 6979, + "rev": "5f10f5712ea5de857e5846efcde7c5730ac721eb", + "revCount": 7169, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -94,11 +94,11 @@ ] }, "locked": { - "lastModified": 1747329636, - "narHash": "sha256-mmyx5trq5ZQp6uShbHNfqgSxdg9OeArcZGdZKtHjhqw=", - "rev": "7afcd6f322b9839699f6f31d5bed884c6dd412c4", + "lastModified": 1747612895, + "narHash": "sha256-6niXZ5gTe456bq6udlP6QWe7MJgNybqCHqMzhkFf2gA=", + "rev": "54989ab33b3b5ff5e21e89ce11f0b72b3979ffd6", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/7afcd6f322b9839699f6f31d5bed884c6dd412c4.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/54989ab33b3b5ff5e21e89ce11f0b72b3979ffd6.tar.gz" }, "original": { "type": "tarball", @@ -113,11 +113,11 @@ ] }, "locked": { - "lastModified": 1747274630, - "narHash": "sha256-87RJwXbfOHyzTB9LYagAQ6vOZhszCvd8Gvudu+gf3qo=", + "lastModified": 1747742835, + "narHash": "sha256-kYL4GCwwznsypvsnA20oyvW8zB/Dvn6K5G/tgMjVMT4=", "owner": "nix-community", "repo": "disko", - "rev": "ec7c109a4f794fce09aad87239eab7f66540b888", + "rev": "df522e787fdffc4f32ed3e1fca9ed0968a384d62", "type": "github" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1747274630, - "narHash": "sha256-87RJwXbfOHyzTB9LYagAQ6vOZhszCvd8Gvudu+gf3qo=", + "lastModified": 1747742835, + "narHash": "sha256-kYL4GCwwznsypvsnA20oyvW8zB/Dvn6K5G/tgMjVMT4=", "owner": "nix-community", "repo": "disko", - "rev": "ec7c109a4f794fce09aad87239eab7f66540b888", + "rev": "df522e787fdffc4f32ed3e1fca9ed0968a384d62", "type": "github" }, "original": { @@ -167,6 +167,43 @@ "type": "github" } }, + "flake-utils": { + "inputs": { + "systems": [ + "ignis", + "systems" + ] + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "gvc": { + "flake": false, + "locked": { + "lastModified": 1735384240, + "narHash": "sha256-ikF9EzFlsRH8i4+SVUHETF4Jk1ob2JX1RLsuMdzrQOQ=", + "owner": "linkfrg", + "repo": "libgnome-volume-control-wheel", + "rev": "2d1cb33dacdae43127bb843a48b159ea7b8925d0", + "type": "github" + }, + "original": { + "owner": "linkfrg", + "repo": "libgnome-volume-control-wheel", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -195,11 +232,11 @@ ] }, "locked": { - "lastModified": 1747374689, - "narHash": "sha256-JT/aBZqmK1LbExzwT9cPkvxKc0IC4i6tZKOPjsSWFbI=", + "lastModified": 1747978958, + "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "d2263ce5f4c251c0f7608330e8fdb7d1f01f0667", + "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", "type": "github" }, "original": { @@ -208,6 +245,29 @@ "type": "github" } }, + "ignis": { + "inputs": { + "flake-utils": "flake-utils", + "gvc": "gvc", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems_3" + }, + "locked": { + "lastModified": 1748238399, + "narHash": "sha256-U81PS8omY1FrR2qHkiCPblFABCaqwkcvq/1TQHVHWN8=", + "owner": "linkfrg", + "repo": "ignis", + "rev": "9be1c66f41a02d9ff6ab7197929e41f713186a22", + "type": "github" + }, + "original": { + "owner": "linkfrg", + "repo": "ignis", + "type": "github" + } + }, "impermanence": { "locked": { "lastModified": 1737831083, @@ -231,11 +291,11 @@ ] }, "locked": { - "lastModified": 1747365160, - "narHash": "sha256-4ZVr0x+ry6ybym/VhVYACj0HlJo44YxAaPGOxiS88Hg=", + "lastModified": 1747752313, + "narHash": "sha256-Z5OnPIZ3/ijo5xLCOpWoVbUE5JNnGxSHGhnJ3u9f2GE=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "8817b00b0011750381d0d44bb94d61087349b6ba", + "rev": "9ed53ae9abb5b125e453f37e475da5b8c368e676", "type": "github" }, "original": { @@ -293,11 +353,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1742568034, - "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=", + "lastModified": 1747663185, + "narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11", + "rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc", "type": "github" }, "original": { @@ -308,11 +368,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1747129300, - "narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=", + "lastModified": 1747900541, + "narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e81fd167b33121269149c57806599045fd33eeed", + "rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06", "type": "github" }, "original": { @@ -340,11 +400,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1747179050, - "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=", + "lastModified": 1747744144, + "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", "owner": "nixos", "repo": "nixpkgs", - "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e", + "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", "type": "github" }, "original": { @@ -360,6 +420,7 @@ "clan-core": "clan-core", "disko": "disko_2", "home-manager": "home-manager_2", + "ignis": "ignis", "impermanence": "impermanence", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", @@ -374,11 +435,11 @@ ] }, "locked": { - "lastModified": 1746485181, - "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=", + "lastModified": 1747603214, + "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e93ee1d900ad264d65e9701a5c6f895683433386", + "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", "type": "github" }, "original": { @@ -417,6 +478,21 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -425,11 +501,11 @@ ] }, "locked": { - "lastModified": 1747299117, - "narHash": "sha256-JGjCVbxS+9t3tZ2IlPQ7sdqSM4c+KmIJOXVJPfWmVOU=", + "lastModified": 1747469671, + "narHash": "sha256-bo1ptiFoNqm6m1B2iAhJmWCBmqveLVvxom6xKmtuzjg=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "e758f27436367c23bcd63cd973fa5e39254b530e", + "rev": "ab0378b61b0d85e73a8ab05d5c6029b5bd58c9fb", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index d1af54a..9b4ff19 100644 --- a/flake.nix +++ b/flake.nix @@ -123,6 +123,10 @@ url = "git+https://git.clan.lol/clan/clan-core"; inputs.nixpkgs.follows = "nixpkgs"; }; + ignis = { + url = "github:linkfrg/ignis"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; nixConfig = { diff --git a/home/desktop/niri.nix b/home/desktop/niri.nix index 73c1ac5..678569f 100644 --- a/home/desktop/niri.nix +++ b/home/desktop/niri.nix @@ -1,5 +1,4 @@ { config, ... }: { - xdg.configFile."i3bar-river".source = "${config.dotfiles.path}/.config/i3bar-river"; xdg.configFile."niri".source = "${config.dotfiles.path}/.config/niri"; } diff --git a/home/desktop/sway.nix b/home/desktop/sway.nix index d0dbc91..7fb12ef 100644 --- a/home/desktop/sway.nix +++ b/home/desktop/sway.nix @@ -5,7 +5,6 @@ ghostty tofi i3status-rust - mako wlsunset kanshi grim diff --git a/machines/haze/niri.nix b/machines/haze/niri.nix index 61e2cdb..b760f5b 100644 --- a/machines/haze/niri.nix +++ b/machines/haze/niri.nix @@ -1,11 +1,9 @@ -{ pkgs, ... }: +{ inputs, pkgs, ... }: { programs.niri.enable = true; environment.systemPackages = with pkgs; [ brightnessctl - i3bar-river - mako pavucontrol playerctl swaybg @@ -13,6 +11,7 @@ tofi wl-gammarelay-rs xwayland-satellite + inputs.ignis.packages.${pkgs.system}.ignis ]; environment.sessionVariables.NIXOS_OZONE_WL = "1"; From a0c2c41d17ce0252ab818f15aa4df53b50411abe Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 29 May 2025 23:02:32 +0200 Subject: [PATCH 011/376] add tailscale tray --- machines/haze/niri.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/machines/haze/niri.nix b/machines/haze/niri.nix index b760f5b..985d60a 100644 --- a/machines/haze/niri.nix +++ b/machines/haze/niri.nix @@ -8,6 +8,7 @@ playerctl swaybg swaylock + tail-tray tofi wl-gammarelay-rs xwayland-satellite From aab09abc5270037325eb3da157aa9542b52509ee Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 30 May 2025 01:25:08 +0200 Subject: [PATCH 012/376] setup nix-topology --- flake.lock | 143 ++++++++++++++++++++++++++++++ flake.nix | 27 ++++++ machines/crocus/configuration.nix | 1 + machines/crocus/topology.nix | 11 +++ machines/genepi/configuration.nix | 1 + machines/genepi/topology.nix | 24 +++++ machines/haze/configuration.nix | 1 + machines/haze/topology.nix | 12 +++ system/network/default.nix | 2 + topology.nix | 40 +++++++++ 10 files changed, 262 insertions(+) create mode 100644 machines/crocus/topology.nix create mode 100644 machines/genepi/topology.nix create mode 100644 machines/haze/topology.nix create mode 100644 topology.nix diff --git a/flake.lock b/flake.lock index f74a156..e7021b0 100644 --- a/flake.lock +++ b/flake.lock @@ -105,6 +105,27 @@ "url": "https://git.clan.lol/clan/data-mesher/archive/main.tar.gz" } }, + "devshell": { + "inputs": { + "nixpkgs": [ + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1728330715, + "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", + "owner": "numtide", + "repo": "devshell", + "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -146,6 +167,22 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -188,6 +225,46 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_4" + }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "nix-topology", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "gvc": { "flake": false, "locked": { @@ -317,6 +394,29 @@ "url": "https://git.clan.lol/clan/nix-select/archive/main.tar.gz" } }, + "nix-topology": { + "inputs": { + "devshell": "devshell", + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit-hooks": "pre-commit-hooks" + }, + "locked": { + "lastModified": 1744142264, + "narHash": "sha256-h5KyodobZm8dx/HSNN+basgdmjxrQxudjrss4gAQpZk=", + "owner": "oddlama", + "repo": "nix-topology", + "rev": "f49121cbbf4a86c560638ade406d99ee58deb7aa", + "type": "github" + }, + "original": { + "owner": "oddlama", + "repo": "nix-topology", + "type": "github" + } + }, "nixlib": { "locked": { "lastModified": 1736643958, @@ -414,6 +514,33 @@ "type": "github" } }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "nix-topology", + "nixpkgs" + ], + "nixpkgs-stable": [ + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730797577, + "narHash": "sha256-SrID5yVpyUfknUTGWgYkTyvdr9J1LxUym4om3SVGPkg=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "1864030ed24a2b8b4e4d386a5eeaf0c5369e50a9", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -422,6 +549,7 @@ "home-manager": "home-manager_2", "ignis": "ignis", "impermanence": "impermanence", + "nix-topology": "nix-topology", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2" @@ -493,6 +621,21 @@ "type": "github" } }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 9b4ff19..aec3202 100644 --- a/flake.nix +++ b/flake.nix @@ -92,6 +92,29 @@ }; } ); + + topology = + nixpkgs.lib.genAttrs + [ + "x86_64-linux" + "aarch64-linux" + ] + ( + system: + let + pkgs = import nixpkgs { + inherit system; + overlays = [ inputs.nix-topology.overlays.default ]; + }; + in + import inputs.nix-topology { + inherit pkgs; + modules = [ + { inherit (self) nixosConfigurations; } + ./topology.nix + ]; + } + ); }; inputs = { @@ -127,6 +150,10 @@ url = "github:linkfrg/ignis"; inputs.nixpkgs.follows = "nixpkgs"; }; + nix-topology = { + url = "github:oddlama/nix-topology"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; nixConfig = { diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix index 39e52d0..49f1674 100644 --- a/machines/crocus/configuration.nix +++ b/machines/crocus/configuration.nix @@ -12,6 +12,7 @@ inputs.clan-core.clanModules.state-version ../../modules/remote-builder.nix ../../modules/borgbackup.nix + ./topology.nix ]; nixpkgs.hostPlatform = "x86_64-linux"; diff --git a/machines/crocus/topology.nix b/machines/crocus/topology.nix new file mode 100644 index 0000000..d658870 --- /dev/null +++ b/machines/crocus/topology.nix @@ -0,0 +1,11 @@ +{ + topology.self = { + hardware.info = "x86_64 VPS"; + interfaces = { + tailscale0 = { + type = "wireguard"; + network = "tailscale"; + }; + }; + }; +} diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index d373c90..5831449 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -19,6 +19,7 @@ ./nginx.nix ./syncthing.nix ./taskchampion.nix + ./topology.nix ../../system ../../modules/borgbackup.nix diff --git a/machines/genepi/topology.nix b/machines/genepi/topology.nix new file mode 100644 index 0000000..184608a --- /dev/null +++ b/machines/genepi/topology.nix @@ -0,0 +1,24 @@ +{ config, ... }: +let + inherit (config.lib.topology) + mkConnection + ; +in +{ + topology.self = { + hardware.info = "Raspberry Pi 4B"; + interfaces = { + tailscale0 = { + type = "wireguard"; + network = "tailscale"; + }; + enp1s0 = { + type = "ethernet"; + network = "home"; + physicalConnections = [ + (mkConnection "cassoulet" "eth1") + ]; + }; + }; + }; +} diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index d0b43f8..64ed0a1 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -18,6 +18,7 @@ ./thunderbird.nix ./network.nix ./syncthing.nix + ./topology.nix ./video.nix ../../system diff --git a/machines/haze/topology.nix b/machines/haze/topology.nix new file mode 100644 index 0000000..8a2990a --- /dev/null +++ b/machines/haze/topology.nix @@ -0,0 +1,12 @@ +{ + topology.self = { + hardware.info = "VivoBook Laptop"; + interfaces = { + tailscale0 = { + type = "wireguard"; + network = "tailscale"; + virtual = true; + }; + }; + }; +} diff --git a/system/network/default.nix b/system/network/default.nix index 1f59251..3f791d2 100644 --- a/system/network/default.nix +++ b/system/network/default.nix @@ -1,5 +1,7 @@ +{ inputs, ... }: { imports = [ + inputs.nix-topology.nixosModules.default ./tailscale.nix ]; } diff --git a/topology.nix b/topology.nix new file mode 100644 index 0000000..bd2d18b --- /dev/null +++ b/topology.nix @@ -0,0 +1,40 @@ +{ config, ... }: +let + inherit (config.lib.topology) + mkConnection + mkInternet + mkRouter + ; +in +{ + nodes.internet = mkInternet { + connections = [ + (mkConnection "cassoulet" "wan1") + (mkConnection "crocus" "enp1s0") + ]; + }; + + nodes.cassoulet = mkRouter "Cassoulet" { + info = "BBox Fibre"; + interfaceGroups = [ + [ "wan1" ] + [ + "eth1" + "eth2" + "eth3" + "eth4" + ] + ]; + }; + + networks.home = { + name = "Home Network"; + cidrv4 = "192.168.1.1/24"; + }; + + networks.tailscale = { + name = "Tailscale"; + cidrv4 = "100.100.181.10/32"; + cidrv6 = "fd7a:115c:a1e0::2401:b50a/128"; + }; +} From fd2261a7e572822a060b4303c56685d71a0d1f75 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 30 May 2025 01:26:36 +0200 Subject: [PATCH 013/376] git ignore ./result --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 7ad6275..b91777e 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ /.direnv +/result From e8e9bfcb01dc569b7933987168317d42db48374e Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 30 May 2025 01:27:56 +0200 Subject: [PATCH 014/376] add nix-output-monitor in dev hm --- home/dev.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/dev.nix b/home/dev.nix index 2862d2d..75c2e03 100644 --- a/home/dev.nix +++ b/home/dev.nix @@ -4,6 +4,7 @@ devenv direnv hut + nix-output-monitor radicle-node typescript-language-server nil # Nix language server From 8b7e6e789730cf571ab4a517df525a15507c482e Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 30 May 2025 22:12:55 +0200 Subject: [PATCH 015/376] add matugen --- flake.lock | 39 ++++++++++++++++++++++++++++++++++++++- flake.nix | 4 ++++ machines/haze/niri.nix | 1 + 3 files changed, 43 insertions(+), 1 deletion(-) diff --git a/flake.lock b/flake.lock index e7021b0..eed447a 100644 --- a/flake.lock +++ b/flake.lock @@ -227,7 +227,7 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_4" + "systems": "systems_5" }, "locked": { "lastModified": 1726560853, @@ -360,6 +360,27 @@ "type": "github" } }, + "matugen": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems_4" + }, + "locked": { + "lastModified": 1745334376, + "narHash": "sha256-GZAesQW51EwCEB9w5caxgi87LiAMhVfP6GqZmet9VZc=", + "owner": "InioX", + "repo": "Matugen", + "rev": "4619cca93513470dc2a1833d9a138297cbccaf2e", + "type": "github" + }, + "original": { + "owner": "InioX", + "repo": "Matugen", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -549,6 +570,7 @@ "home-manager": "home-manager_2", "ignis": "ignis", "impermanence": "impermanence", + "matugen": "matugen", "nix-topology": "nix-topology", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", @@ -622,6 +644,21 @@ } }, "systems_4": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "systems_5": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", diff --git a/flake.nix b/flake.nix index aec3202..8ad87cc 100644 --- a/flake.nix +++ b/flake.nix @@ -154,6 +154,10 @@ url = "github:oddlama/nix-topology"; inputs.nixpkgs.follows = "nixpkgs"; }; + matugen = { + url = "github:InioX/Matugen"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; nixConfig = { diff --git a/machines/haze/niri.nix b/machines/haze/niri.nix index 985d60a..98ffa3e 100644 --- a/machines/haze/niri.nix +++ b/machines/haze/niri.nix @@ -13,6 +13,7 @@ wl-gammarelay-rs xwayland-satellite inputs.ignis.packages.${pkgs.system}.ignis + inputs.matugen.packages.${pkgs.system}.default ]; environment.sessionVariables.NIXOS_OZONE_WL = "1"; From 03c97d8431ef5502018221f160b0a4dd327d7c9f Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 4 Jun 2025 22:53:10 +0200 Subject: [PATCH 016/376] change ignis flake source (moved to ignis-sh) --- flake.lock | 14 +++++++------- flake.nix | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index eed447a..43cd2e7 100644 --- a/flake.lock +++ b/flake.lock @@ -270,13 +270,13 @@ "locked": { "lastModified": 1735384240, "narHash": "sha256-ikF9EzFlsRH8i4+SVUHETF4Jk1ob2JX1RLsuMdzrQOQ=", - "owner": "linkfrg", + "owner": "ignis-sh", "repo": "libgnome-volume-control-wheel", "rev": "2d1cb33dacdae43127bb843a48b159ea7b8925d0", "type": "github" }, "original": { - "owner": "linkfrg", + "owner": "ignis-sh", "repo": "libgnome-volume-control-wheel", "type": "github" } @@ -332,15 +332,15 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1748238399, - "narHash": "sha256-U81PS8omY1FrR2qHkiCPblFABCaqwkcvq/1TQHVHWN8=", - "owner": "linkfrg", + "lastModified": 1748898786, + "narHash": "sha256-xesaq/lWC5NCQgIbY0CjIzt0lUPryzfdcf2my1X/zdU=", + "owner": "ignis-sh", "repo": "ignis", - "rev": "9be1c66f41a02d9ff6ab7197929e41f713186a22", + "rev": "8a94285fd9234fe457796440f806b7556b59e31f", "type": "github" }, "original": { - "owner": "linkfrg", + "owner": "ignis-sh", "repo": "ignis", "type": "github" } diff --git a/flake.nix b/flake.nix index 8ad87cc..5bf4d14 100644 --- a/flake.nix +++ b/flake.nix @@ -147,7 +147,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; ignis = { - url = "github:linkfrg/ignis"; + url = "github:ignis-sh/ignis"; inputs.nixpkgs.follows = "nixpkgs"; }; nix-topology = { From 628b996be40c1074609b7b22f70e7608d9c7fbd3 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 5 Jun 2025 20:42:15 +0200 Subject: [PATCH 017/376] make genepi boot again --- flake.nix | 24 ++++++++++++++++++++++ machines/genepi/boot.nix | 12 ++++++++--- machines/genepi/disko.nix | 6 +----- machines/genepi/hardware-configuration.nix | 16 +++++++-------- 4 files changed, 42 insertions(+), 16 deletions(-) diff --git a/flake.nix b/flake.nix index 5bf4d14..3a9c468 100644 --- a/flake.nix +++ b/flake.nix @@ -115,6 +115,30 @@ ]; } ); + + packages.aarch64-linux.genepi-installer-sd-image = nixos-generators.nixosGenerate { + specialArgs = { + inherit inputs; + inherit (import ./parts) keys; + }; + system = "aarch64-linux"; + format = "sd-aarch64-installer"; + modules = [ + nixos-hardware.nixosModules.raspberry-pi-4 + ./system/core + ./machines/genepi/network.nix + ./machines/genepi/hardware-configuration.nix + { networking.hostName = "genepi"; } + { sdImage.compressImage = false; } + { + nixpkgs.overlays = [ + (final: super: { + makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; }); + }) + ]; + } + ]; + }; }; inputs = { diff --git a/machines/genepi/boot.nix b/machines/genepi/boot.nix index a93d860..c6c7b80 100644 --- a/machines/genepi/boot.nix +++ b/machines/genepi/boot.nix @@ -8,12 +8,18 @@ ]; boot.loader = { - grub.enable = false; - generic-extlinux-compatible.enable = true; + generic-extlinux-compatible.enable = false; + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; }; + nixpkgs.overlays = [ + (final: super: { + makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; }); + }) + ]; + boot.supportedFilesystems = [ - "btrfs" "vfat" ]; } diff --git a/machines/genepi/disko.nix b/machines/genepi/disko.nix index a1249bb..cdcf453 100644 --- a/machines/genepi/disko.nix +++ b/machines/genepi/disko.nix @@ -15,14 +15,10 @@ in content = { type = "gpt"; partitions = { - boot = { - type = "EF02"; - size = "1M"; - priority = 1; - }; ESP = { type = "EF00"; size = "512M"; + priority = 1; content = { type = "filesystem"; format = "vfat"; diff --git a/machines/genepi/hardware-configuration.nix b/machines/genepi/hardware-configuration.nix index efcb8ff..182d149 100644 --- a/machines/genepi/hardware-configuration.nix +++ b/machines/genepi/hardware-configuration.nix @@ -1,20 +1,20 @@ { inputs, pkgs, ... }: { imports = [ - # inputs.nixos-hardware.nixosModules.raspberry-pi-4 + inputs.nixos-hardware.nixosModules.raspberry-pi-4 ]; nixpkgs.hostPlatform = "aarch64-linux"; hardware.enableRedistributableFirmware = true; - # hardware = { - # raspberry-pi."4".apply-overlays-dtmerge.enable = true; - # deviceTree = { - # enable = true; - # filter = "*rpi-4-*.dtb"; - # }; - # }; + hardware = { + raspberry-pi."4".apply-overlays-dtmerge.enable = true; + deviceTree = { + enable = true; + filter = "*rpi-4-*.dtb"; + }; + }; environment.systemPackages = with pkgs; [ libraspberrypi From ee2b9fa9e09f019ce19edd83be7169de431571c1 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 5 Jun 2025 21:09:41 +0200 Subject: [PATCH 018/376] update flake inputs --- flake.lock | 70 +++++++++++++++++++++++++++--------------------------- 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/flake.lock b/flake.lock index 43cd2e7..cb98a1d 100644 --- a/flake.lock +++ b/flake.lock @@ -39,11 +39,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1748055643, - "narHash": "sha256-xBYbcGW5VcH7TLFO1X5wR/BBCOOrPAX9Ty+lIhXUuc8=", + "lastModified": 1749147104, + "narHash": "sha256-SI/aEc1U/mQPRyzHevMmZLh1jXVrRCuSd5cdaQAL4Qc=", "ref": "refs/heads/main", - "rev": "5f10f5712ea5de857e5846efcde7c5730ac721eb", - "revCount": 7169, + "rev": "4592eeb0b8847e63253731e9a9b7ed537e79f1a2", + "revCount": 7428, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -94,11 +94,11 @@ ] }, "locked": { - "lastModified": 1747612895, - "narHash": "sha256-6niXZ5gTe456bq6udlP6QWe7MJgNybqCHqMzhkFf2gA=", - "rev": "54989ab33b3b5ff5e21e89ce11f0b72b3979ffd6", + "lastModified": 1748824882, + "narHash": "sha256-DnBR3hpUtaEtidCTIyiPzTfXsrY5huYo6ny6XIxaZFs=", + "rev": "bca54baa18fcbfb73dada430cfdac8e55c0532a4", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/54989ab33b3b5ff5e21e89ce11f0b72b3979ffd6.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/bca54baa18fcbfb73dada430cfdac8e55c0532a4.tar.gz" }, "original": { "type": "tarball", @@ -134,11 +134,11 @@ ] }, "locked": { - "lastModified": 1747742835, - "narHash": "sha256-kYL4GCwwznsypvsnA20oyvW8zB/Dvn6K5G/tgMjVMT4=", + "lastModified": 1749089136, + "narHash": "sha256-A1UgwtAEQYd38Z6VoRAiGs4jZQczAGyP5DF3hhYUdpg=", "owner": "nix-community", "repo": "disko", - "rev": "df522e787fdffc4f32ed3e1fca9ed0968a384d62", + "rev": "a4f7deb49f7336feb6c5abaf213b374936421dbe", "type": "github" }, "original": { @@ -154,11 +154,11 @@ ] }, "locked": { - "lastModified": 1747742835, - "narHash": "sha256-kYL4GCwwznsypvsnA20oyvW8zB/Dvn6K5G/tgMjVMT4=", + "lastModified": 1749147380, + "narHash": "sha256-UvCI5f1qD9l1fCQkoG/kJI0yNjDQIiJaN7gkve8fmII=", "owner": "nix-community", "repo": "disko", - "rev": "df522e787fdffc4f32ed3e1fca9ed0968a384d62", + "rev": "d74db625a5cf3f46cf8fa545d6ef10bd3463ea07", "type": "github" }, "original": { @@ -191,11 +191,11 @@ ] }, "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "lastModified": 1748821116, + "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1", "type": "github" }, "original": { @@ -309,11 +309,11 @@ ] }, "locked": { - "lastModified": 1747978958, - "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", + "lastModified": 1749131129, + "narHash": "sha256-tJ+93i7N4QttM75bE8T09LlSU3Mv6Dfi9WaVBvlWilo=", "owner": "nix-community", "repo": "home-manager", - "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", + "rev": "13a45ede6c17b5e923dfc18a40a3f646436f4809", "type": "github" }, "original": { @@ -332,11 +332,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1748898786, - "narHash": "sha256-xesaq/lWC5NCQgIbY0CjIzt0lUPryzfdcf2my1X/zdU=", + "lastModified": 1749150088, + "narHash": "sha256-jBeMPXnAdtmJIp9q2obU3nIDprBKLS7uNHOGJXrf08c=", "owner": "ignis-sh", "repo": "ignis", - "rev": "8a94285fd9234fe457796440f806b7556b59e31f", + "rev": "d4c97e63423d54bf956a249bf408b14fecadd64e", "type": "github" }, "original": { @@ -389,11 +389,11 @@ ] }, "locked": { - "lastModified": 1747752313, - "narHash": "sha256-Z5OnPIZ3/ijo5xLCOpWoVbUE5JNnGxSHGhnJ3u9f2GE=", + "lastModified": 1749012745, + "narHash": "sha256-Cax/k9ZRPKqTz18vZtmqGR45pHRXM+sDvEVd4V/3NrU=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "9ed53ae9abb5b125e453f37e475da5b8c368e676", + "rev": "fa6120c32f10bd2aac9e8c9a6e71528a9d9d823b", "type": "github" }, "original": { @@ -489,11 +489,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1747900541, - "narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=", + "lastModified": 1749056381, + "narHash": "sha256-QITcurR19KZlrCngBoCjsFF2BdYsiCG4UqmlrVcLb8Q=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06", + "rev": "029bd66faa180e11262dd1bc2732254c33415f52", "type": "github" }, "original": { @@ -521,11 +521,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1747744144, - "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", + "lastModified": 1748929857, + "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", + "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", "type": "github" }, "original": { @@ -681,11 +681,11 @@ ] }, "locked": { - "lastModified": 1747469671, - "narHash": "sha256-bo1ptiFoNqm6m1B2iAhJmWCBmqveLVvxom6xKmtuzjg=", + "lastModified": 1748243702, + "narHash": "sha256-9YzfeN8CB6SzNPyPm2XjRRqSixDopTapaRsnTpXUEY8=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "ab0378b61b0d85e73a8ab05d5c6029b5bd58c9fb", + "rev": "1f3f7b784643d488ba4bf315638b2b0a4c5fb007", "type": "github" }, "original": { From 3144febfad510ff9b43317ef1f5e71a3cbbd776a Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 10 Jun 2025 21:32:23 +0200 Subject: [PATCH 019/376] rename "home" directory to "home-manager" My dotfiles will be moved to the "home" directory later --- {home => home-manager}/chat.nix | 0 {home => home-manager}/cli.nix | 0 {home => home-manager}/common.nix | 0 {home => home-manager}/desktop/default.nix | 0 {home => home-manager}/desktop/fonts.nix | 0 {home => home-manager}/desktop/gnome.nix | 0 {home => home-manager}/desktop/niri.nix | 0 {home => home-manager}/desktop/pass.nix | 0 {home => home-manager}/desktop/sway.nix | 0 {home => home-manager}/desktop/wayland.nix | 0 {home => home-manager}/dev.nix | 0 {home => home-manager}/dotfiles.nix | 0 {home => home-manager}/helix.nix | 0 {home => home-manager}/mail/default.nix | 0 {home => home-manager}/minecraft.nix | 0 machines/haze/home.nix | 26 +++++++++++----------- 16 files changed, 13 insertions(+), 13 deletions(-) rename {home => home-manager}/chat.nix (100%) rename {home => home-manager}/cli.nix (100%) rename {home => home-manager}/common.nix (100%) rename {home => home-manager}/desktop/default.nix (100%) rename {home => home-manager}/desktop/fonts.nix (100%) rename {home => home-manager}/desktop/gnome.nix (100%) rename {home => home-manager}/desktop/niri.nix (100%) rename {home => home-manager}/desktop/pass.nix (100%) rename {home => home-manager}/desktop/sway.nix (100%) rename {home => home-manager}/desktop/wayland.nix (100%) rename {home => home-manager}/dev.nix (100%) rename {home => home-manager}/dotfiles.nix (100%) rename {home => home-manager}/helix.nix (100%) rename {home => home-manager}/mail/default.nix (100%) rename {home => home-manager}/minecraft.nix (100%) diff --git a/home/chat.nix b/home-manager/chat.nix similarity index 100% rename from home/chat.nix rename to home-manager/chat.nix diff --git a/home/cli.nix b/home-manager/cli.nix similarity index 100% rename from home/cli.nix rename to home-manager/cli.nix diff --git a/home/common.nix b/home-manager/common.nix similarity index 100% rename from home/common.nix rename to home-manager/common.nix diff --git a/home/desktop/default.nix b/home-manager/desktop/default.nix similarity index 100% rename from home/desktop/default.nix rename to home-manager/desktop/default.nix diff --git a/home/desktop/fonts.nix b/home-manager/desktop/fonts.nix similarity index 100% rename from home/desktop/fonts.nix rename to home-manager/desktop/fonts.nix diff --git a/home/desktop/gnome.nix b/home-manager/desktop/gnome.nix similarity index 100% rename from home/desktop/gnome.nix rename to home-manager/desktop/gnome.nix diff --git a/home/desktop/niri.nix b/home-manager/desktop/niri.nix similarity index 100% rename from home/desktop/niri.nix rename to home-manager/desktop/niri.nix diff --git a/home/desktop/pass.nix b/home-manager/desktop/pass.nix similarity index 100% rename from home/desktop/pass.nix rename to home-manager/desktop/pass.nix diff --git a/home/desktop/sway.nix b/home-manager/desktop/sway.nix similarity index 100% rename from home/desktop/sway.nix rename to home-manager/desktop/sway.nix diff --git a/home/desktop/wayland.nix b/home-manager/desktop/wayland.nix similarity index 100% rename from home/desktop/wayland.nix rename to home-manager/desktop/wayland.nix diff --git a/home/dev.nix b/home-manager/dev.nix similarity index 100% rename from home/dev.nix rename to home-manager/dev.nix diff --git a/home/dotfiles.nix b/home-manager/dotfiles.nix similarity index 100% rename from home/dotfiles.nix rename to home-manager/dotfiles.nix diff --git a/home/helix.nix b/home-manager/helix.nix similarity index 100% rename from home/helix.nix rename to home-manager/helix.nix diff --git a/home/mail/default.nix b/home-manager/mail/default.nix similarity index 100% rename from home/mail/default.nix rename to home-manager/mail/default.nix diff --git a/home/minecraft.nix b/home-manager/minecraft.nix similarity index 100% rename from home/minecraft.nix rename to home-manager/minecraft.nix diff --git a/machines/haze/home.nix b/machines/haze/home.nix index 0814049..1d2698d 100644 --- a/machines/haze/home.nix +++ b/machines/haze/home.nix @@ -1,17 +1,17 @@ { imports = [ - ../../home/chat.nix - ../../home/cli.nix - ../../home/common.nix - ../../home/desktop - ../../home/dev.nix - ../../home/dotfiles.nix - ../../home/helix.nix - ../../home/mail - ../../home/minecraft.nix - ../../home/desktop - ../../home/desktop/gnome.nix - ../../home/desktop/niri.nix - ../../home/desktop/sway.nix + ../../home-manager/chat.nix + ../../home-manager/cli.nix + ../../home-manager/common.nix + ../../home-manager/desktop + ../../home-manager/dev.nix + ../../home-manager/dotfiles.nix + ../../home-manager/helix.nix + ../../home-manager/mail + ../../home-manager/minecraft.nix + ../../home-manager/desktop + ../../home-manager/desktop/gnome.nix + ../../home-manager/desktop/niri.nix + ../../home-manager/desktop/sway.nix ]; } From 5c4d1ce33287bc171eb439f0380ab309bdec7ab2 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 10 Jun 2025 21:35:57 +0200 Subject: [PATCH 020/376] update renamed display manager option --- machines/haze/gnome.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/machines/haze/gnome.nix b/machines/haze/gnome.nix index d8f1b7b..c11cd24 100644 --- a/machines/haze/gnome.nix +++ b/machines/haze/gnome.nix @@ -2,11 +2,12 @@ { services.xserver = { enable = true; - displayManager.gdm.enable = true; - desktopManager.gnome.enable = true; xkb.layout = "fr"; }; + services.displayManager.gdm.enable = true; + services.desktopManager.gnome.enable = true; + environment.gnome.excludePackages = ( with pkgs; [ From b5cb78b4459b9f1d071950b054d45c9dffb51c6f Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 12 Jun 2025 21:51:27 +0200 Subject: [PATCH 021/376] use the new genepi ssh key for agenix --- parts/keys.nix | 2 +- secrets/freshrss.age | 13 ++++++------- secrets/gandi.age | Bin 393 -> 393 bytes secrets/radicle-private-key.age | Bin 733 -> 733 bytes secrets/restic-genepi-storagebox-key.age | Bin 385 -> 385 bytes secrets/restic-genepi-storagebox-password.age | Bin 339 -> 339 bytes 6 files changed, 7 insertions(+), 8 deletions(-) diff --git a/parts/keys.nix b/parts/keys.nix index f6fce87..95e187d 100644 --- a/parts/keys.nix +++ b/parts/keys.nix @@ -3,7 +3,7 @@ hosts = { haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKga5V0H602RsBESBXf5kwRCnI1yfBPOHmjGsM4Rxf5r root@haze"; - genepi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQUzjid5mfMYginIUCVWTF7rWvWz0mUZBZsl5EhDIDl root@genepi"; + genepi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFwq0inZe4DX4DuJx/vbfjG5XLZ46MnBXjipdHgD9LBg root@genepi"; crocus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAiz3nzuJGO5tRka2Y/kzqKa68wF7wwHr4hAympLNb9F root@crocus"; storagebox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs"; storagebox-rsa = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw=="; diff --git a/secrets/freshrss.age b/secrets/freshrss.age index bec4a3d..b4a3d8a 100644 --- a/secrets/freshrss.age +++ b/secrets/freshrss.age @@ -1,8 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 ELMcHw e1XlBpnFTEjcVaiz2ogDRQlrkvEK98pJb2iDaP3fAF8 -W9li/7spMyPzwaCSFkOdPOL9ZNuaGCnJxm0uB/vLyS8 --> ssh-ed25519 8TpKTA 3HeKYAD1Y9UGfCmTWdgfVRMXy/q+R2fH/rrDdCnmBgc -S2pjlFKodLcx06HqrkghUUQB8QgyxkhPean6EV7GsXM ---- g6mHVMs7rkgyIus4NGuw8h+Hai3ME0FbuIpvA2KOOYQ -=2#޸<+ -vŒL3@Z,܅M9,C$ar zuO> \ No newline at end of file +-> ssh-ed25519 JzHbnw jpMQTBWxbVVfpRmNC4lyDKCcrpz01Qx7LbkmSnieyHA +RWh0M0kj8BGn3u7e1A2Tki1soeMUQCHk5xTXyBF5dRA +-> ssh-ed25519 8TpKTA qAvhyZSeKUYdZMhwPxd/eh4FNg1DAM1F2Stc6zvmV2A +pEP1XxQZaC/acpjMpX0NN/Hnq3vZzfeHYlNUt2bwNzY +--- F/XBgHsBJAJIlfuT0DA4DcAS+3Ci8PI6XIkKbndI898 +n s…$}IĘgᐺK,\c)4$0dyi o/^g{dɼ̅B \ No newline at end of file diff --git a/secrets/gandi.age b/secrets/gandi.age index 4a193b08c2dbe747e0686be65f6c1de8ead40969..9c8f2b8cd45e738e25bdc6b02e866b441d1eae6a 100644 GIT binary patch delta 365 zcmeBV?qr^zTJKfmk(5`ikQy44Sza9Fo|{f@D|VG&{)>Fwngl&;Yv`YmY91bF9FZ1g zkrVD5;Nh5OkesFOVi3sXmZI-!9vJFYm{}C;RqR_}nPFiVq;DB!nH`klZjo2!rtg{` z}jWCwETT;85Wyg+}gW6%yM_Dt+$7hix88Km ONrMA+4=Yy`bOHdXIEnfI delta 365 zcmeBV?qr^zTJP%Po9t1p;FjiWkx^7pssO+RAm&EnC9&2 zY3No|U>0GN;pCZY9A?6m?`WE3;9+VO=9^}cTtE;OJRGAoQVN_;rY#1I`=$hkZS!Aqj5$+sX;2c?K7G+?TlpT~Enq{e- z?Oe{aGmUv;bkbvuD+zzp9rdiv{q?$h^>@@x>pJq&-LE# zmAYKJYmPnlltQT3yqeijv}+(3*2Iy NUjOSqM?|LG9st&}gx~-G diff --git a/secrets/radicle-private-key.age b/secrets/radicle-private-key.age index 7ed9647ed7a66ac75f388aaa86ddcb0bb6c715b9..864ab4435f4ccb8a7929fcefb9aa9a4febb2209a 100644 GIT binary patch delta 701 zcmcc1dY5&APJO;*s#8H(UUpJwR<4&*nsK+mq<&b5fxC~Rwux6%ns;bUn7&t1ib1(iIhU@TLUD11 zZfc5=si~o*f<;JycZj2cUs6$;QHFt6M3#PVWS&=YPQ7!sdt`u{MOs;wqkecylM}(PAXqvfmS%|S?M3i~4lSNs1s&7?=OS-pdl$UXpfvZ8DcTP?| zm#(g^LPe&3XsDxeXnA>*pTDoEce1IAWoAUSNkB??Qh-;9iF=fHo@Zc*SE*Y%SK|vi z?)|welJ$0z*q#1xYHHS1lqVihow1PL`Ffm&>XDGtUyp6XA8ns_XT_(_&G&eZJ>ZV} zCfXizeSNr;O4!NYPdW@s?@fI3_vW?6Pg@%fE;JKu`Q{m78S&|O-@QBB?Q_4r);yPd zz>K}~bvaXLve&_Df>H0*tyyyIb;8=`A67QCDnDAtevfrmalK<(?V~$ULd=HFQJbG< ztXZAd-~ClCTRNwBB5Q!rs@UH=T<)?FhNZ{e-N=$qosn^&zt`!vtpC=q-m3zOOO7`# zERt)8DfUY3+4@X-li;2n!D$9*N|_!jul`cwx%$dv&aNBGn$w%dCFDz@?%J$>tm*pl!vxOct z1-;31YDtu=nfuItpQwC)lP4#()+&N_Pai>Y>k;;_uen= zPiHv3YSK)W^9elk_0|D@KaC|a?q>-L+*_9^_P_j3-<91RiW|4TzO+gh E05AVB3IG5A delta 701 zcmcc1dY5&APJLurQe|dxNs?o5u}6hpxmmf7bDpuKXHm9aNm4rm)3D_DG!H zX;`$Ymi2wZYuU&9q9(38ej_b+&&f*;)0&=KnDXLjGS775BlR`Dcix=4DiQYG`)T6d z+fVIXKR6!Neo;K3P^a}f(@gmrhg-vrsIb@gE%4+FIl{@bM7M(f&V=mm4O>;1*DP|Z zn;L$CPu(VaM$NYA*I9!zv@@FTNi9FF`u3!I8`r?5ZHc|x(t53Py zc*^s+Nces#huqI)zvZ9G2mO{2liXx35>P1~$oBJ%)yf?^tt}(2Ddd%!2?S?8?VKl7 zA+8|xZid?x)2Xayr9@eLFD*#wWuDXJ5&1v*+5hx^m*?e{Tz|1RIqP<0i@ceQi>E-~ zjGF&4zHSedXJ}8j_CooYwq;V%#?@w5T9>;RGtKSLn;6TS+Lx=*#qmBr{O1xbiy2=4 DUr{kP diff --git a/secrets/restic-genepi-storagebox-key.age b/secrets/restic-genepi-storagebox-key.age index ac4e43fc70b34a4719d49ffef9a081d65ce70894..65dad4e011ac370ad2640717101e86fde6fdbcfa 100644 GIT binary patch delta 357 zcmZo7P{?YMSik>JjQx9GO&}>gpd>7HC{(US<|y z9+i}xo>5`JRg&wi?VKJKn(X6M5MUl$;ggb>U6>YVR%oIf|*?-d zkZ6*Ylk1!6=wqIlK7DdR1g&9UsYw97Ljh~lNAvXl$f8D zW8uoh8z)z^qh$iy;g4pkmMNzv&hK7$Y+JiQ$+8J)|DKo!JU9F&-ZUrjcZTB52Ntpy zvPFcq-t}BC*=O5K|Db<2qxqOhH1e5)CtVE8dKdAg%j|9c*M0XSrH=o;zTG_SaKMhU Fj{uECgfjpD delta 357 zcmZoE&2Z9GP8UVC0z{m>HH|Smfv)Sy3ER>}O%2U*hOq z>{L({=n~?~WtNuiSsGbUY+;#inQT!ImgEv1>Q$j#8j)cZP?l3_X<6(NW?&L!ZdByS zrE8~9T%4hsnqp*XYG|oo5mMkC;;7*75}st9Qe;#VQSXuConP+ilv!%*8)zO<;Syez zZ0wyFS&$i+7~+gPX_^t3lwVY0;Z~(>5Mi2^niFc6mtR~Qq95rT znCWEUV^YqgtE;O}tR3th;uYx<>KLUTnw}jRSs9oXSmbD);#C|L;b@tm?U8O^=BaN{ z;p@xQ7dMmHF6>h=@2Y~-uCF`P3rx5co8CGmbJ6VL(P?UbWObz2t~?E3yH@q#VJ0i9 zd2&^$VMR%Wk$$3=c8OPESec=Tm#IZTdYOB2p-F}( zm#&>cadC!jYKoDmsiCEUMM!~nh@*mIvQwFMPJTdnZhc~&b9qu&eqc$KQIv~uRFIdE zd9YVuxtDkqCNpO{8l6PT1 delta 311 zcmcc2beU;_YQ3wEZ?Z?ZLU@#maZX}ZUS^_&UsPGBd8tKUgX?ajFSFwMEfoVain}3Q&PO?Y2zkhyqUV*u`NvUscYM`ffdSHgJX}V8UL0&{4 zm#&>cadC!jYKoDmsiCEUMM!~nh@*n5hf831h*?=-RDFbTS(T%ydvRf@c~-8av2T@o zq`OI!VX#qRc1})2W|#q&NqKpqey*oaMMYv+xtD8cR%%Fkgr8S=MTog!PNbW5S%_a* zRzR^&Zl*7nuCA^^kV}+BK~!R3SbAntQdOX=$v4mUQfZ$2@F JtG`Mt6#)O`a8&>R From 06ec517e209e19972afdc88c667ac34f47c485c2 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 16 Jun 2025 21:16:49 +0200 Subject: [PATCH 022/376] migrate dotfiles to this repository --- home-manager/dotfiles.nix | 2 +- home/.clang-format | 16 + home/.config/alacritty/alacritty.toml | 37 ++ .../alacritty/themes/kanagawa_lotus.toml | 35 ++ .../alacritty/themes/kanagawa_wave.toml | 35 ++ home/.config/bat/config | 1 + home/.config/dotfiles/clone.sh | 29 ++ home/.config/ghostty/config | 2 + home/.config/git/common.gitconfig | 54 +++ home/.config/git/config | 5 + home/.config/git/ensimag.gitconfig | 3 + home/.config/git/ignore | 4 + home/.config/helix/config.toml | 21 ++ home/.config/helix/languages.toml | 59 ++++ home/.config/hut/config | 3 + home/.config/i3bar-river/bottom-config.toml | 6 + home/.config/i3bar-river/config.toml | 10 + home/.config/i3status-rust/bottom-config.toml | 53 +++ home/.config/i3status-rust/config.toml | 78 +++++ .../i3status-rust/themes/kanagawa.toml | 14 + home/.config/jj/config.toml | 9 + home/.config/kanshi/config | 5 + home/.config/kmonad/config.kbd | 46 +++ home/.config/mpd/mpd.conf | 10 + home/.config/niri/config.kdl | 320 ++++++++++++++++++ home/.config/senpai/senpai.scfg | 4 + home/.config/sh/aliases.sh | 24 ++ home/.config/sh/path.sh | 4 + home/.config/sway/config | 2 + home/.config/sway/config.d/bar | 37 ++ home/.config/sway/config.d/bindings | 169 +++++++++ home/.config/sway/config.d/input | 17 + home/.config/sway/config.d/programs | 16 + home/.config/sway/config.d/theme | 22 ++ home/.config/sway/kanagawa.sway | 110 ++++++ home/.config/swayidle/config | 10 + home/.config/swaylock/config | 29 ++ home/.config/task/taskrc | 4 + home/.config/tofi/config | 176 ++++++++++ home/.config/zsh/haze.zsh | 2 + home/.config/zsh/hooks.sh | 30 ++ home/.zshrc | 27 ++ 42 files changed, 1539 insertions(+), 1 deletion(-) create mode 100644 home/.clang-format create mode 100644 home/.config/alacritty/alacritty.toml create mode 100644 home/.config/alacritty/themes/kanagawa_lotus.toml create mode 100644 home/.config/alacritty/themes/kanagawa_wave.toml create mode 100644 home/.config/bat/config create mode 100644 home/.config/dotfiles/clone.sh create mode 100644 home/.config/ghostty/config create mode 100644 home/.config/git/common.gitconfig create mode 100644 home/.config/git/config create mode 100644 home/.config/git/ensimag.gitconfig create mode 100644 home/.config/git/ignore create mode 100644 home/.config/helix/config.toml create mode 100644 home/.config/helix/languages.toml create mode 100644 home/.config/hut/config create mode 100644 home/.config/i3bar-river/bottom-config.toml create mode 100644 home/.config/i3bar-river/config.toml create mode 100644 home/.config/i3status-rust/bottom-config.toml create mode 100644 home/.config/i3status-rust/config.toml create mode 100644 home/.config/i3status-rust/themes/kanagawa.toml create mode 100644 home/.config/jj/config.toml create mode 100644 home/.config/kanshi/config create mode 100644 home/.config/kmonad/config.kbd create mode 100644 home/.config/mpd/mpd.conf create mode 100644 home/.config/niri/config.kdl create mode 100644 home/.config/senpai/senpai.scfg create mode 100644 home/.config/sh/aliases.sh create mode 100644 home/.config/sh/path.sh create mode 100644 home/.config/sway/config create mode 100644 home/.config/sway/config.d/bar create mode 100644 home/.config/sway/config.d/bindings create mode 100644 home/.config/sway/config.d/input create mode 100644 home/.config/sway/config.d/programs create mode 100644 home/.config/sway/config.d/theme create mode 100644 home/.config/sway/kanagawa.sway create mode 100644 home/.config/swayidle/config create mode 100644 home/.config/swaylock/config create mode 100644 home/.config/task/taskrc create mode 100644 home/.config/tofi/config create mode 100644 home/.config/zsh/haze.zsh create mode 100644 home/.config/zsh/hooks.sh create mode 100644 home/.zshrc diff --git a/home-manager/dotfiles.nix b/home-manager/dotfiles.nix index 818bec3..ff9c6d8 100644 --- a/home-manager/dotfiles.nix +++ b/home-manager/dotfiles.nix @@ -5,7 +5,7 @@ path = lib.mkOption { type = lib.types.path; apply = toString; - default = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/rep/dotfiles"; + default = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/rep/flocon/home"; example = "${config.home.homeDirectory}/.dotfiles"; description = "Location of the dotfiles working copy"; }; diff --git a/home/.clang-format b/home/.clang-format new file mode 100644 index 0000000..340e78a --- /dev/null +++ b/home/.clang-format @@ -0,0 +1,16 @@ +BasedOnStyle: LLVM + +IndentWidth: 8 +TabWidth: 8 +UseTab: Always + +ColumnLimit: 80 + +IndentCaseLabels: false +IndentGotoLabels: false + +BreakBeforeBraces: Custom +BraceWrapping: + AfterFunction: false + +AlwaysBreakAfterDefinitionReturnType: false diff --git a/home/.config/alacritty/alacritty.toml b/home/.config/alacritty/alacritty.toml new file mode 100644 index 0000000..62b95bd --- /dev/null +++ b/home/.config/alacritty/alacritty.toml @@ -0,0 +1,37 @@ +[general] +live_config_reload = false +import = ["~/.config/alacritty/themes/kanagawa_wave.toml"] + +[font] +size = 14 + +[font.bold] +family = "Jetbrains Mono NF" +style = "Bold" + +[font.bold_italic] +family = "Jetbrains Mono NF" +style = "Bold Italic" + +[font.italic] +family = "Jetbrains Mono NF" +style = "Italic" + +[font.normal] +family = "Jetbrains Mono NF" +style = "Regular" + +[[keyboard.bindings]] +action = "CreateNewWindow" +key = "Return" +mods = "Control|Shift" + +[mouse] +hide_when_typing = true + +[window] +opacity = 1.0 + +[window.padding] +x = 4 +y = 4 diff --git a/home/.config/alacritty/themes/kanagawa_lotus.toml b/home/.config/alacritty/themes/kanagawa_lotus.toml new file mode 100644 index 0000000..7621688 --- /dev/null +++ b/home/.config/alacritty/themes/kanagawa_lotus.toml @@ -0,0 +1,35 @@ +[colors.primary] +background = '#f2ecbc' +foreground = '#545464' + +[colors.normal] +black = "#1f1f28" +red = "#c84053" +green = "#6f894e" +yellow = "#77713f" +blue = "#4d699b" +magenta = "#b35b79" +cyan = "#597b75" +white = "#545464" + +[colors.bright] +black = "#8a8980" +red = "#d7474b" +green = "#6e915f" +yellow = "#836f4a" +blue = "#6693bf" +magenta = "#624c83" +cyan = "#5e857a" +white = "#43436c" + +[colors.selection] +background = '#c9cbd1' +foreground = '#dcd7ba' + +[[colors.indexed_colors]] +index = 16 +color = '#e98a00' + +[[colors.indexed_colors]] +index = 17 +color = '#e82424' diff --git a/home/.config/alacritty/themes/kanagawa_wave.toml b/home/.config/alacritty/themes/kanagawa_wave.toml new file mode 100644 index 0000000..8585305 --- /dev/null +++ b/home/.config/alacritty/themes/kanagawa_wave.toml @@ -0,0 +1,35 @@ +[[colors.indexed_colors]] +color = "0xffa066" +index = 16 + +[[colors.indexed_colors]] +color = "0xff5d62" +index = 17 + +[colors.bright] +black = "0x727169" +blue = "0x7fb4ca" +cyan = "0x7aa89f" +green = "0x98bb6c" +magenta = "0x938aa9" +red = "0xe82424" +white = "0xdcd7ba" +yellow = "0xe6c384" + +[colors.normal] +black = "0x090618" +blue = "0x7e9cd8" +cyan = "0x6a9589" +green = "0x76946a" +magenta = "0x957fb8" +red = "0xc34043" +white = "0xc8c093" +yellow = "0xc0a36e" + +[colors.primary] +background = "0x1f1f28" +foreground = "0xdcd7ba" + +[colors.selection] +background = "0x2d4f67" +foreground = "0xc8c093" diff --git a/home/.config/bat/config b/home/.config/bat/config new file mode 100644 index 0000000..b83e6e2 --- /dev/null +++ b/home/.config/bat/config @@ -0,0 +1 @@ +--theme gruvbox-dark diff --git a/home/.config/dotfiles/clone.sh b/home/.config/dotfiles/clone.sh new file mode 100644 index 0000000..bca0a85 --- /dev/null +++ b/home/.config/dotfiles/clone.sh @@ -0,0 +1,29 @@ +#!/bin/sh + +DOTFILES_GIT_URL='git@git.sr.ht:~rpqt/dotfiles' + +# The first argument can be the destination folder +if [ $# -eq 1 ]; then + DOTFILES_DIR="$1" +else + DOTFILES_DIR="$HOME/.dotfiles" +fi + +echo "$DOTFILES_DIR" >> "$HOME/.gitignore" + +git clone --bare "$DOTFILES_GIT_URL" "$DOTFILES_DIR" + +alias dotfiles='/usr/bin/git --git-dir=$DOTFILES_DIR --work-tree=$HOME' + +dotfiles config --local status.showUntrackedFiles no + +dotfiles checkout + +tee "$HOME/.config/git/config" >/dev/null </dev/null; then + alias h='helix' +else + alias h='hx' +fi +if command -v eza >/dev/null; then + alias ls='eza' +else + alias ls='ls --color -h' +fi +alias lsa='ls -A' +alias ll='ls -l' +alias lla='ls -lA' +alias ..='cd ..' +alias ...='cd ../..' +alias bt='bluetoothctl' +alias go='GOPROXY=direct go' +alias ts='tree-sitter' +alias g='git' +alias c='cargo' +alias MAKE='make clean && make' +alias n='myrtle --notebook-dir=$HOME/notes' diff --git a/home/.config/sh/path.sh b/home/.config/sh/path.sh new file mode 100644 index 0000000..c41beec --- /dev/null +++ b/home/.config/sh/path.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +# Personnal scripts +export PATH="$PATH:$HOME/bin" diff --git a/home/.config/sway/config b/home/.config/sway/config new file mode 100644 index 0000000..c2ced1d --- /dev/null +++ b/home/.config/sway/config @@ -0,0 +1,2 @@ +include ~/.config/sway/config.d/* +include /etc/sway/config.d/* diff --git a/home/.config/sway/config.d/bar b/home/.config/sway/config.d/bar new file mode 100644 index 0000000..3999f33 --- /dev/null +++ b/home/.config/sway/config.d/bar @@ -0,0 +1,37 @@ +include ~/.config/sway/kanagawa.sway + +set $font "JetBrains Mono NF Bold 12" +set $background #000000 + +bar { + id top_bar + status_command i3status-rs + position top + height 24 + font $font + workspace_min_width 20 + status_padding 0 + status_edge_padding 0 + colors { + background $background + focused_workspace #000000 #000000 $fujiWhite + active_workspace #000000 #000000 $fujiGray + inactive_workspace #000000 #000000 $fujiGray + } +} + +bar { + id bottom_bar + status_command i3status-rs ~/.config/i3status-rust/bottom-config.toml + position bottom + height 24 + font $font + workspace_buttons no + binding_mode_indicator no + tray_output none + colors { + background $background + } +} + +# vim:ft=swayconfig diff --git a/home/.config/sway/config.d/bindings b/home/.config/sway/config.d/bindings new file mode 100644 index 0000000..4cdcfab --- /dev/null +++ b/home/.config/sway/config.d/bindings @@ -0,0 +1,169 @@ +set $mod Mod4 +set $left h +set $down j +set $up k +set $right l + +set $term alacritty msg create-window || alacritty +set $launcher tofi-drun | xargs swaymsg exec -- +set $lock swaylock + +set $screenshots $HOME/Pictures/Screenshots + +floating_modifier $mod normal + +bindsym { + # Start a terminal + $mod+Return exec $term + + # Kill focused window + $mod+Shift+q kill + $mod+w kill + + # Application launcher + $mod+d exec $launcher + + # Reload the configuration file + $mod+Shift+c reload + + # Exit sway / log out + $mod+Shift+e exec swaynag \ + -t warning \ + -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' \ + -B 'Yes, exit sway' 'swaymsg exit' \ + --dismiss-button 'Cancel' + + # Move focus + $mod+$left focus left + $mod+$down focus down + $mod+$up focus up + $mod+$right focus right + + $mod+Left focus left + $mod+Down focus down + $mod+Up focus up + $mod+Right focus right + + # Move the focused window + $mod+Shift+$left move left + $mod+Shift+$down move down + $mod+Shift+$up move up + $mod+Shift+$right move right + + $mod+Shift+Left move left + $mod+Shift+Down move down + $mod+Shift+Up move up + $mod+Shift+Right move right + + --to-code { + # Switch to workspace + $mod+ampersand workspace number 1 + $mod+eacute workspace number 2 + $mod+quotedbl workspace number 3 + $mod+apostrophe workspace number 4 + $mod+parenleft workspace number 5 + $mod+minus workspace number 6 + $mod+egrave workspace number 7 + $mod+underscore workspace number 8 + $mod+ccedilla workspace number 9 + $mod+agrave workspace number 10 + } + + # Move focused container to workspace + $mod+1 move container to workspace number 1 + $mod+2 move container to workspace number 2 + $mod+3 move container to workspace number 3 + $mod+4 move container to workspace number 4 + $mod+5 move container to workspace number 5 + $mod+6 move container to workspace number 6 + $mod+7 move container to workspace number 7 + $mod+8 move container to workspace number 8 + $mod+9 move container to workspace number 9 + $mod+0 move container to workspace number 10 + + + $mod+Shift+1 move container to workspace number 1 + $mod+Shift+2 move container to workspace number 2 + $mod+Shift+3 move container to workspace number 3 + $mod+Shift+4 move container to workspace number 4 + $mod+Shift+5 move container to workspace number 5 + $mod+Shift+6 move container to workspace number 6 + $mod+Shift+7 move container to workspace number 7 + $mod+Shift+8 move container to workspace number 8 + $mod+Shift+9 move container to workspace number 9 + $mod+Shift+0 move container to workspace number 10 + + # Split + $mod+b splith + $mod+v splitv + + # Switch the current container between different layout styles + $mod+s layout stacking + $mod+t layout tabbed + $mod+m layout toggle split + + # Toggle fullscreen on the current focus + $mod+f fullscreen + + # Toggle floating mode for current container + $mod+Shift+f floating toggle + + # Move focus to the parent container + $mod+a focus parent + + # Move the focused window to the scratchpad + $mod+Shift+equal move scratchpad + + # Cycle through scratchpad windows + $mod+equal scratchpad show + + # Volume + XF86AudioRaiseVolume exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+ -l 1.0 + XF86AudioLowerVolume exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%- -l 1.0 + XF86AudioMute exec wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle + XF86AudioMicMute exec wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle + + # Media + XF86AudioPlay exec playerctl play-pause + XF86AudioNext exec playerctl next + XF86AudioPrev exec playerctl previous + XF86Search exec $launcher + + # Brightness + --locked { + XF86MonBrightnessDown exec brightnessctl set 5%- + XF86MonBrightnessUp exec brightnessctl set +5% + } + + # Lock + Ctrl+Mod4+L exec $lock + + # Screenshot + ## Full screen capture + Print exec grim "$screenshots/$(date +\"Screenshot from %Y-%m-%d %H-%M-%S.png\")" + + ## Select a zone and save + $mod+Shift+s exec grim -g "$(slurp -d)" "$screenshots/$(date +\"Screenshot from %Y-%m-%d %H-%M-%S.png\")" + + ## Select a zone and copy to clipboard + $mod+Shift+Ctrl+s exec grim -g "$(slurp -d)" - | wl-copy +} + +mode "resize" bindsym { + # Shrink or grow the container + $left resize shrink width 10px + $down resize grow height 10px + $up resize shrink height 10px + $right resize grow width 10px + + # Same with arrow keys + Left resize shrink width 10px + Down resize grow height 10px + Up resize shrink height 10px + Right resize grow width 10px + + # Return to default mode + Return mode "default" + Escape mode "default" +} +bindsym $mod+r mode "resize" diff --git a/home/.config/sway/config.d/input b/home/.config/sway/config.d/input new file mode 100644 index 0000000..0afda8f --- /dev/null +++ b/home/.config/sway/config.d/input @@ -0,0 +1,17 @@ +input "1267:12613:ASUE140C:00_04F3:3145_Keyboard" { + xkb_layout "fr,us(colemak_dh),us" + xkb_options grp:win_space_toggle +} + +input "1:1:AT_Translated_Set_2_keyboard" { + xkb_layout "fr,us(colemak_dh),us" + xkb_options grp:win_space_toggle +} + +input type:touchpad { + tap enabled + natural_scroll enabled +} + +bindgesture swipe:right workspace prev +bindgesture swipe:left workspace next diff --git a/home/.config/sway/config.d/programs b/home/.config/sway/config.d/programs new file mode 100644 index 0000000..2d92c3b --- /dev/null +++ b/home/.config/sway/config.d/programs @@ -0,0 +1,16 @@ +# Directory for received taildrop files +set $taildrop_inbox $HOME/Downloads + +# Screen temperature +exec wlsunset -l 45 -L 6 + +# Notifications +exec mako + +# Output management +exec kanshi + +# Auto receive taildrop files +exec tailscale file get --loop --conflict=rename $taildrop_inbox + +exec swayidle -w diff --git a/home/.config/sway/config.d/theme b/home/.config/sway/config.d/theme new file mode 100644 index 0000000..da1d540 --- /dev/null +++ b/home/.config/sway/config.d/theme @@ -0,0 +1,22 @@ +include ~/.config/sway/kanagawa.sway + +default_border pixel 3 +smart_borders on +titlebar_border_thickness 2 +font "JetBrains Mono NF 11" + +gaps outer 0 +gaps inner 0 + +set $waveBlue3 #3D5F77 +set $waveBlue4 #6D8FA7 + +# class border background text indicator child_border +client.focused_inactive $sumiInk2 $sumiInk1 $fujiWhite $sumiInk2 $sumiInk2 +client.unfocused $sumiInk2 $sumiInk1 $fujiWhite $sumiInk2 $sumiInk2 +client.focused $waveBlue3 $waveBlue2 $fujiWhite $waveBlue4 $waveBlue2 +client.focused_tab_title $waveBlue2 $waveBlue2 $fujiWhite + +for_window [app_id="firefox"] border none + +output * bg ~/.local/state/wallpaper fill diff --git a/home/.config/sway/kanagawa.sway b/home/.config/sway/kanagawa.sway new file mode 100644 index 0000000..4cb43d8 --- /dev/null +++ b/home/.config/sway/kanagawa.sway @@ -0,0 +1,110 @@ +# Default foreground +set $fujiWhite #DCD7BA + +# Dark foreground (statuslines) +set $oldWhite #C8C093 + +# Dark background (statuslines and floating windows) +set $sumiInk0 #16161D + +# Default background +set $sumiInk1 #1F1F28 + +# Lighter background (colorcolumn, folds) +set $sumiInk2 #2A2A37 + +# Lighter background (cursorline) +set $sumiInk3 #363646 + +# Darker foreground (line numbers, fold column, non-text characters), float borders +set $sumiInk4 #54546D + +# Popup background, visual selection background +set $waveBlue1 #223249 + +# Popup selection background, search background +set $waveBlue2 #2D4F67 + +# Diff Add (background) +set $winterGreen #2B3328 + +# Diff Change (background) +set $winterYellow #49443C + +# Diff Deleted (background) +set $winterRed #43242B + +# Diff Line (background) +set $winterBlue #252535 + +# Git Add +set $autumnGreen #76946A + +# Git Delete +set $autumnRed #C34043 + +# Git Change +set $autumnYellow #DCA561 + +# Diagnostic Error +set $samuraiRed #E82424 + +# Diagnostic Warning +set $roninYellow #FF9E3B + +# Diagnostic Info +set $waveAqua1 #6A9589 + +# Diagnostic Hint +set $dragonBlue #658594 + +# Comments +set $fujiGray #727169 + +# Light foreground +set $springViolet1 #938AA9 + +# Statements and Keywords +set $oniViolet #957FB8 + +# Functions and Titles +set $crystalBlue #7E9CD8 + +# Brackets and punctuation +set $springViolet2 #9CABCA + +# Specials and builtin functions +set $springBlue #7FB4CA + +# Not used +set $lightBlue #A3D4D5 + +# Types +set $waveAqua2 #7AA89F + +# Strings +set $springGreen #98BB6C + +# Not used +set $boatYellow1 #938056 + +# Operators, RegEx +set $boatYellow2 #C0A36E + +# Identifiers +set $carpYellow #E6C384 + +# Numbers +set $sakuraPink #D27E99 + +# Standout specials 1 (builtin variables) +set $waveRed #E46876 + +# Standout specials 2 (exception handling, return) +set $peachRed #FF5D62 + +# Constants, imports, booleans +set $surimiOrange #FFA066 + +# Deprecated +set $katanaGray #717C7C diff --git a/home/.config/swayidle/config b/home/.config/swayidle/config new file mode 100644 index 0000000..5e04ce4 --- /dev/null +++ b/home/.config/swayidle/config @@ -0,0 +1,10 @@ +# This will lock the screen after 300 seconds of inactivity. +timeout 300 "swaylock -f" + +# Turn off all displays after another 300 seconds. +# and turn them back on when resumed. +timeout 600 "swaymsg 'output * dpms off'" resume "swaymsg 'output * dpms on'" + +# Lock the screen before the computer goes to sleep. +before-sleep "playerctl pause" +before-sleep "swaylock -f" diff --git a/home/.config/swaylock/config b/home/.config/swaylock/config new file mode 100644 index 0000000..e922e9d --- /dev/null +++ b/home/.config/swaylock/config @@ -0,0 +1,29 @@ +daemonize +font=JetBrains Mono NF +font-size=22 +image=~/.local/state/wallpaper + +ring-color=FFFFFF55 +ring-clear-color=FFFFFF55 +ring-ver-color=1885d4 +ring-wrong-color=FF0000 + +key-hl-color=FFFFFF + +inside-color=00000000 +inside-clear-color=00000000 +inside-ver-color=00000000 +inside-wrong-color=00000000 + +line-uses-inside +separator-color=00000000 + +layout-bg-color=00000000 +layout-text-color=FFFFFF + +text-color=FFFFFF +text-clear-color=FFFFFF +text-ver-color=FFFFFF +text-wrong-color=FFFFFF + +indicator-radius=100 diff --git a/home/.config/task/taskrc b/home/.config/task/taskrc new file mode 100644 index 0000000..9185b14 --- /dev/null +++ b/home/.config/task/taskrc @@ -0,0 +1,4 @@ +data.location=~/.local/share/task +hooks.location=~/.config/task/hooks + +include ~/.config/task/sync diff --git a/home/.config/tofi/config b/home/.config/tofi/config new file mode 100644 index 0000000..565bb45 --- /dev/null +++ b/home/.config/tofi/config @@ -0,0 +1,176 @@ +# +### Fonts +# + # Font to use, either a path to a font file or a name. + # + # If a path is given, tofi will startup much quicker, but any + # characters not in the chosen font will fail to render. + # + # Otherwise, fonts are interpreted in Pango format. + font = "JetBrainsMono NF" + + # Point size of text. + font-size = 15 + + # Perform font hinting. Only applies when a path to a font has been + # specified via `font`. Disabling font hinting speeds up text + # rendering appreciably, but will likely look poor at small font pixel + # sizes. + hint-font = true + +# +### Colors +# + # Window background + background-color = #111111DD + + # Border outlines + outline-color = #080800 + + # Border + border-color = #0981E3 + + # Default text + text-color = #C5C9C7 + + # Selection text + selection-color = #0981E3 + + # Matching portion of selection text + selection-match-color = #44BBFF + + # Selection background + selection-background = #00000000 + +# +### Text layout +# + # Prompt to display. + prompt-text = "run: " + + # Extra horizontal padding between prompt and input. + prompt-padding = 0 + + # Maximum number of results to display. + # If 0, tofi will draw as many results as it can fit in the window. + num-results = 0 + + # Spacing between results in pixels. Can be negative. + result-spacing = 8 + + # List results horizontally. + horizontal = false + + # Minimum width of input in horizontal mode. + min-input-width = 0 + + # Extra horizontal padding of the selection background in pixels. + selection-background-padding = 0 + +# +### Window layout +# + # Width and height of the window. Can be pixels or a percentage. + width = 100% + height = 100% + + # Width of the border outlines in pixels. + outline-width = 0 + + # Width of the border in pixels. + border-width = 0 + + # Radius of window corners in pixels. + corner-radius = 0 + + # Padding between borders and text. Can be pixels or a percentage. + padding-top = 200 + padding-bottom = 0 + padding-left = 35% + padding-right = 0 + + # Whether to scale the window by the output's scale factor. + scale = true + +# +### Window positioning +# + # The name of the output to appear on. An empty string will use the + # default output chosen by the compositor. + output = "" + + # Location on screen to anchor the window to. + # + # Supported values: top-left, top, top-right, right, bottom-right, + # bottom, bottom-left, left, center. + anchor = center + + # Set the size of the exclusive zone. + # + # A value of -1 means ignore exclusive zones completely. + # A value of 0 will move tofi out of the way of other windows' zones. + # A value greater than 0 will set that much space as an exclusive zone. + # + # Values greater than 0 are only meaningful when tofi is anchored to a + # single edge. + exclusive-zone = -1 + + # Window offset from edge of screen. Only has an effect when anchored + # to the relevant edge. Can be pixels or a percentage. + margin-top = 0 + margin-bottom = 0 + margin-left = 0 + margin-right = 0 + +# +### Behaviour +# + # Hide the cursor. + hide-cursor = false + + # Sort results by number of usages in run and drun modes. + history = true + + # Use fuzzy matching for searches. + fuzzy-match = false + + # If true, require a match to allow a selection to be made. If false, + # making a selection with no matches will print input to stdout. + # In drun mode, this is always true. + require-match = true + + # If true, typed input will be hidden, and what is displayed (if + # anything) is determined by the hidden-character option. + hide-input = false + + # Replace displayed input characters with a character. If the empty + # string is given, input will be completely hidden. + # This option only has an effect when hide-input is set to true. + hidden-character = "*" + + # If true, directly launch applications on selection when in drun mode. + # Otherwise, just print the command line to stdout. + drun-launch = false + + # The terminal to run terminal programs in when in drun mode. + # This option has no effect if drun-launch is set to true. + # Defaults to the value of the TERMINAL environment variable. + # terminal = foot + + # Delay keyboard initialisation until after the first draw to screen. + # This option is experimental, and will cause tofi to miss keypresses + # for a short time after launch. The only reason to use this option is + # performance on slow systems. + late-keyboard-init = false + + # If true, allow multiple simultaneous processes. + # If false, create a lock file on startup to prevent multiple instances + # from running simultaneously. + multi-instance = false + +# +### Inclusion +# + # Configs can be split between multiple files, and then included + # within each other. + # include = /path/to/config diff --git a/home/.config/zsh/haze.zsh b/home/.config/zsh/haze.zsh new file mode 100644 index 0000000..e7e39ec --- /dev/null +++ b/home/.config/zsh/haze.zsh @@ -0,0 +1,2 @@ +# Highlight the executable in green if it is found +source /usr/share/zsh/plugins/zsh-syntax-highlighting/zsh-syntax-highlighting.plugin.zsh diff --git a/home/.config/zsh/hooks.sh b/home/.config/zsh/hooks.sh new file mode 100644 index 0000000..269dee6 --- /dev/null +++ b/home/.config/zsh/hooks.sh @@ -0,0 +1,30 @@ +# Hook direnv if present +if command -v direnv >/dev/null; then + eval "$(direnv hook zsh)" +fi + +# Prompt +if command -v starship >/dev/null; then + source <(starship init zsh) +fi + +# Load opam config if present +if [ -r ~/.opam/opam-init/init.zsh ]; then + source ~/.opam/opam-init/init.zsh > /dev/null 2> /dev/null +fi + +# Launch atuin if it is installed +if command -v atuin >/dev/null; then + eval "$(atuin init zsh)" +fi + +# Set ls/tree/fd theme using vivid if it is installed +if command -v vivid >/dev/null; then + export LS_COLORS="$(vivid generate gruvbox-dark-hard)" +fi + +# Init zoxide if present and alias cd to it +if command -v zoxide >/dev/null; then + eval "$(zoxide init zsh)" + alias cd=z +fi diff --git a/home/.zshrc b/home/.zshrc new file mode 100644 index 0000000..3e47f5e --- /dev/null +++ b/home/.zshrc @@ -0,0 +1,27 @@ +# Path +source ~/.config/sh/path.sh + +# Aliases +source ~/.config/sh/aliases.sh + +# Completion +autoload -Uz compinit +compinit +# sudo completion +zstyle ':completion::complete:*' gain-privileges 1 + +# Line movement with special keys +bindkey "^[[H" beginning-of-line +bindkey "^[[F" end-of-line +bindkey "^[[3~" delete-char + +source ~/.config/zsh/hooks.sh + +if [ -r ~/.profile ]; then + source ~/.profile +fi + +# Load machine-specific config +if [ -r ~/.config/zsh/$HOST.zsh ]; then + source ~/.config/zsh/$HOST.zsh +fi From 8ef8f7277c5a4dc48bc34e1552a01d0a195a7d21 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 16 Jun 2025 22:00:23 +0200 Subject: [PATCH 023/376] add comma package --- home-manager/cli.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home-manager/cli.nix b/home-manager/cli.nix index 4a4e746..870bb8a 100644 --- a/home-manager/cli.nix +++ b/home-manager/cli.nix @@ -3,6 +3,7 @@ home.packages = with pkgs; [ bottom btop + comma difftastic doggo duf From f301672312501e7ef387b460aa64d8ae8cf22328 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 16 Jun 2025 22:01:11 +0200 Subject: [PATCH 024/376] remove tail-tray (buggy) --- home/.config/niri/config.kdl | 1 - machines/haze/niri.nix | 1 - 2 files changed, 2 deletions(-) diff --git a/home/.config/niri/config.kdl b/home/.config/niri/config.kdl index 1108b4a..85f67e2 100644 --- a/home/.config/niri/config.kdl +++ b/home/.config/niri/config.kdl @@ -307,7 +307,6 @@ screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" spawn-at-startup "wl-gammarelay-rs" spawn-at-startup "swaybg" "-m" "fill" "-i" "/home/rpqt/.local/state/wallpaper" spawn-at-startup "ignis" "init" "--config" "/home/rpqt/rep/heath/config.py" -spawn-at-startup "tail-tray" spawn-at-startup "kdeconnect-indicator" spawn-at-startup "xwayland-satellite" diff --git a/machines/haze/niri.nix b/machines/haze/niri.nix index 98ffa3e..b5de695 100644 --- a/machines/haze/niri.nix +++ b/machines/haze/niri.nix @@ -8,7 +8,6 @@ playerctl swaybg swaylock - tail-tray tofi wl-gammarelay-rs xwayland-satellite From d79b65169ea91987bc779caba1ec9cd40a85aff8 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 17 Jun 2025 20:02:37 +0200 Subject: [PATCH 025/376] disable prometheus (will rewrite as clan service) --- machines/genepi/monitoring/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/machines/genepi/monitoring/default.nix b/machines/genepi/monitoring/default.nix index aea5039..3cd9c37 100644 --- a/machines/genepi/monitoring/default.nix +++ b/machines/genepi/monitoring/default.nix @@ -1,6 +1,5 @@ { imports = [ ./grafana.nix - ./prometheus.nix ]; } From 51f44277df697301f61c4d95a1aeef51d9626adf Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 17 Jun 2025 19:58:30 +0200 Subject: [PATCH 026/376] migrate to flake-parts --- devShells/flake-module.nix | 25 +++ flake.lock | 12 +- flake.nix | 203 ++++++++------------- machines/crocus/configuration.nix | 4 +- machines/genepi/builder.nix | 4 +- machines/genepi/configuration.nix | 10 +- machines/genepi/hardware-configuration.nix | 4 +- machines/haze/configuration.nix | 12 +- machines/haze/niri.nix | 6 +- modules/borgbackup.nix | 4 +- system/core/users.nix | 4 +- system/network/default.nix | 4 +- 12 files changed, 137 insertions(+), 155 deletions(-) create mode 100644 devShells/flake-module.nix diff --git a/devShells/flake-module.nix b/devShells/flake-module.nix new file mode 100644 index 0000000..10ee6cb --- /dev/null +++ b/devShells/flake-module.nix @@ -0,0 +1,25 @@ +{ + perSystem = + { + inputs', + pkgs, + ... + }: + { + devShells.default = pkgs.mkShellNoCC { + packages = [ + inputs'.agenix.packages.default + inputs'.clan-core.packages.clan-cli + pkgs.nil # Nix language server + pkgs.nixfmt-rfc-style + pkgs.opentofu + pkgs.terraform-ls + pkgs.deploy-rs + pkgs.zsh + ]; + shellhook = '' + exec zsh + ''; + }; + }; +} diff --git a/flake.lock b/flake.lock index cb98a1d..6d022ed 100644 --- a/flake.lock +++ b/flake.lock @@ -27,7 +27,9 @@ "inputs": { "data-mesher": "data-mesher", "disko": "disko", - "flake-parts": "flake-parts", + "flake-parts": [ + "flake-parts" + ], "nix-darwin": "nix-darwin", "nix-select": "nix-select", "nixos-facter-modules": "nixos-facter-modules", @@ -186,16 +188,15 @@ "flake-parts": { "inputs": { "nixpkgs-lib": [ - "clan-core", "nixpkgs" ] }, "locked": { - "lastModified": 1748821116, - "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=", + "lastModified": 1749398372, + "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1", + "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", "type": "github" }, "original": { @@ -567,6 +568,7 @@ "agenix": "agenix", "clan-core": "clan-core", "disko": "disko_2", + "flake-parts": "flake-parts", "home-manager": "home-manager_2", "ignis": "ignis", "impermanence": "impermanence", diff --git a/flake.nix b/flake.nix index 3a9c468..cd6a11f 100644 --- a/flake.nix +++ b/flake.nix @@ -5,6 +5,7 @@ inputs@{ nixpkgs, clan-core, + flake-parts, home-manager, impermanence, nixos-generators, @@ -12,14 +13,22 @@ self, ... }: - let - clan = clan-core.lib.buildClan { - self = self; + flake-parts.lib.mkFlake { inherit inputs; } ({ + imports = [ + inputs.clan-core.flakeModules.default + inputs.nix-topology.flakeModule + + ./devShells/flake-module.nix + ]; + + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; + + clan = { meta.name = "blossom"; - specialArgs = { - inherit inputs self; - inherit (import ./parts) keys; - }; + inventory = { instances = { "rpqt-admin" = { @@ -59,129 +68,73 @@ }; }; }; - in - { - inherit (clan) clanInternals nixosConfigurations; - devShells = - nixpkgs.lib.genAttrs - [ - "x86_64-linux" - "aarch64-linux" - ] - ( - system: - let - pkgs = nixpkgs.legacyPackages.${system}; - in - { - default = pkgs.mkShell { - packages = [ - inputs.agenix.packages.${system}.default - clan-core.packages.${system}.clan-cli - pkgs.nil # Nix language server - pkgs.nixfmt-rfc-style - pkgs.opentofu - pkgs.terraform-ls - pkgs.deploy-rs - pkgs.zsh - ]; - shellhook = '' - exec zsh - ''; - }; - } - ); - - topology = - nixpkgs.lib.genAttrs - [ - "x86_64-linux" - "aarch64-linux" - ] - ( - system: - let - pkgs = import nixpkgs { - inherit system; - overlays = [ inputs.nix-topology.overlays.default ]; - }; - in - import inputs.nix-topology { - inherit pkgs; - modules = [ - { inherit (self) nixosConfigurations; } - ./topology.nix - ]; - } - ); - - packages.aarch64-linux.genepi-installer-sd-image = nixos-generators.nixosGenerate { - specialArgs = { - inherit inputs; - inherit (import ./parts) keys; - }; - system = "aarch64-linux"; - format = "sd-aarch64-installer"; - modules = [ - nixos-hardware.nixosModules.raspberry-pi-4 - ./system/core - ./machines/genepi/network.nix - ./machines/genepi/hardware-configuration.nix - { networking.hostName = "genepi"; } - { sdImage.compressImage = false; } - { - nixpkgs.overlays = [ - (final: super: { - makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; }); - }) - ]; - } + perSystem = _: { + topology.modules = [ + ./topology.nix ]; }; - }; + + flake = { + packages.aarch64-linux.genepi-installer-sd-image = nixos-generators.nixosGenerate { + specialArgs = { + inherit inputs; + }; + system = "aarch64-linux"; + format = "sd-aarch64-installer"; + modules = [ + nixos-hardware.nixosModules.raspberry-pi-4 + ./system/core + ./machines/genepi/network.nix + ./machines/genepi/hardware-configuration.nix + { networking.hostName = "genepi"; } + { sdImage.compressImage = false; } + { + nixpkgs.overlays = [ + (final: super: { + makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; }); + }) + ]; + } + ]; + }; + }; + }); inputs = { - nixpkgs = { - url = "github:nixos/nixpkgs?ref=nixos-unstable"; - }; - disko = { - url = "github:nix-community/disko"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - home-manager = { - url = "github:nix-community/home-manager"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - impermanence = { - url = "github:nix-community/impermanence"; - }; - nixos-hardware = { - url = "github:NixOS/nixos-hardware/master"; - }; - nixos-generators = { - url = "github:nix-community/nixos-generators"; - }; - agenix = { - url = "github:ryantm/agenix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - clan-core = { - url = "git+https://git.clan.lol/clan/clan-core"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - ignis = { - url = "github:ignis-sh/ignis"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - nix-topology = { - url = "github:oddlama/nix-topology"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - matugen = { - url = "github:InioX/Matugen"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; + + disko.url = "github:nix-community/disko"; + disko.inputs.nixpkgs.follows = "nixpkgs"; + + home-manager.url = "github:nix-community/home-manager"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + + impermanence.url = "github:nix-community/impermanence"; + + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + + nixos-generators.url = "github:nix-community/nixos-generators"; + + agenix.url = "github:ryantm/agenix"; + agenix.inputs.nixpkgs.follows = "nixpkgs"; + + clan-core.url = "git+https://git.clan.lol/clan/clan-core"; + clan-core.inputs.nixpkgs.follows = "nixpkgs"; + clan-core.inputs.flake-parts.follows = "flake-parts"; + + ignis.url = "github:ignis-sh/ignis"; + ignis.inputs.nixpkgs.follows = "nixpkgs"; + + nix-topology.url = "github:oddlama/nix-topology"; + nix-topology.inputs.nixpkgs.follows = "nixpkgs"; + + matugen.url = "github:InioX/Matugen"; + matugen.inputs.nixpkgs.follows = "nixpkgs"; + + flake-parts.url = "github:hercules-ci/flake-parts"; + flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; + }; nixConfig = { diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix index 49f1674..49fcce0 100644 --- a/machines/crocus/configuration.nix +++ b/machines/crocus/configuration.nix @@ -1,5 +1,5 @@ { - inputs, + self, modulesPath, config, ... @@ -9,7 +9,7 @@ (modulesPath + "/profiles/qemu-guest.nix") # ./radicle.nix ../../system - inputs.clan-core.clanModules.state-version + self.inputs.clan-core.clanModules.state-version ../../modules/remote-builder.nix ../../modules/borgbackup.nix ./topology.nix diff --git a/machines/genepi/builder.nix b/machines/genepi/builder.nix index eeab549..510a932 100644 --- a/machines/genepi/builder.nix +++ b/machines/genepi/builder.nix @@ -1,4 +1,6 @@ -{ keys, ... }: +let + keys = import ../../parts/keys.nix; +in { imports = [ ../../modules/remote-builder.nix diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index 5831449..576dc27 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -1,10 +1,10 @@ { - inputs, + self, ... }: { imports = [ - inputs.agenix.nixosModules.default + self.inputs.agenix.nixosModules.default ./acme.nix ./boot.nix ./builder.nix @@ -24,10 +24,10 @@ ../../system ../../modules/borgbackup.nix - inputs.clan-core.clanModules.state-version - inputs.clan-core.clanModules.trusted-nix-caches + self.inputs.clan-core.clanModules.state-version + self.inputs.clan-core.clanModules.trusted-nix-caches - inputs.home-manager.nixosModules.home-manager + self.inputs.home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; diff --git a/machines/genepi/hardware-configuration.nix b/machines/genepi/hardware-configuration.nix index 182d149..3cc97f1 100644 --- a/machines/genepi/hardware-configuration.nix +++ b/machines/genepi/hardware-configuration.nix @@ -1,7 +1,7 @@ -{ inputs, pkgs, ... }: +{ self, pkgs, ... }: { imports = [ - inputs.nixos-hardware.nixosModules.raspberry-pi-4 + self.inputs.nixos-hardware.nixosModules.raspberry-pi-4 ]; nixpkgs.hostPlatform = "aarch64-linux"; diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index 64ed0a1..e2a0b34 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -1,11 +1,11 @@ { - inputs, + self, ... }: { imports = [ # inputs.disko.nixosModules.disko - inputs.agenix.nixosModules.default + self.inputs.agenix.nixosModules.default ./boot.nix ./chat.nix ./firefox.nix @@ -22,15 +22,15 @@ ./video.nix ../../system - inputs.clan-core.clanModules.state-version - inputs.clan-core.clanModules.trusted-nix-caches + self.inputs.clan-core.clanModules.state-version + self.inputs.clan-core.clanModules.trusted-nix-caches - inputs.home-manager.nixosModules.home-manager + self.inputs.home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.users.rpqt = ./home.nix; - home-manager.extraSpecialArgs = { inherit inputs; }; + home-manager.extraSpecialArgs = { inherit (self) inputs; }; } ]; diff --git a/machines/haze/niri.nix b/machines/haze/niri.nix index b5de695..4952297 100644 --- a/machines/haze/niri.nix +++ b/machines/haze/niri.nix @@ -1,4 +1,4 @@ -{ inputs, pkgs, ... }: +{ self, pkgs, ... }: { programs.niri.enable = true; @@ -11,8 +11,8 @@ tofi wl-gammarelay-rs xwayland-satellite - inputs.ignis.packages.${pkgs.system}.ignis - inputs.matugen.packages.${pkgs.system}.default + self.inputs.ignis.packages.${pkgs.system}.ignis + self.inputs.matugen.packages.${pkgs.system}.default ]; environment.sessionVariables.NIXOS_OZONE_WL = "1"; diff --git a/modules/borgbackup.nix b/modules/borgbackup.nix index 63b59a7..172e76e 100644 --- a/modules/borgbackup.nix +++ b/modules/borgbackup.nix @@ -1,4 +1,4 @@ -{ config, inputs, ... }: +{ config, self, ... }: let user = "u422292"; sub-user = "${user}"; @@ -7,7 +7,7 @@ in { imports = [ ./storagebox.nix - inputs.clan-core.clanModules.borgbackup + self.inputs.clan-core.clanModules.borgbackup ]; clan.borgbackup.destinations."storagebox-${config.networking.hostName}" = { diff --git a/system/core/users.nix b/system/core/users.nix index bf55e6b..e126c6c 100644 --- a/system/core/users.nix +++ b/system/core/users.nix @@ -1,5 +1,5 @@ { - keys, + config, lib, pkgs, ... @@ -17,7 +17,7 @@ shell = pkgs.zsh; - openssh.authorizedKeys.keys = [ keys.rpqt.haze ]; + openssh.authorizedKeys.keys = [ (import ../../parts/keys.nix).rpqt.haze ]; extraGroups = [ "wheel" diff --git a/system/network/default.nix b/system/network/default.nix index 3f791d2..5b74a30 100644 --- a/system/network/default.nix +++ b/system/network/default.nix @@ -1,7 +1,7 @@ -{ inputs, ... }: +{ self, ... }: { imports = [ - inputs.nix-topology.nixosModules.default + self.inputs.nix-topology.nixosModules.default ./tailscale.nix ]; } From d7fe20c71ca97bca503c2b40cba737c8d67b067b Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 17 Jun 2025 21:07:35 +0200 Subject: [PATCH 027/376] Update vars via generator openssh for machine crocus --- .../crocus/openssh/ssh.id_ed25519.pub/value | 2 +- vars/per-machine/crocus/openssh/ssh.id_ed25519/secret | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/vars/per-machine/crocus/openssh/ssh.id_ed25519.pub/value b/vars/per-machine/crocus/openssh/ssh.id_ed25519.pub/value index 3b7b89f..a9f39b7 100644 --- a/vars/per-machine/crocus/openssh/ssh.id_ed25519.pub/value +++ b/vars/per-machine/crocus/openssh/ssh.id_ed25519.pub/value @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQxsrjjueq/+CdyNgzpy7PKiJS3OREWjdA/BqjpUBVX nixbld@haze +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtUFcEICj2NcZZPcfl+JCCaDfmCxQtLytGH0eoFNL4U nixbld@haze diff --git a/vars/per-machine/crocus/openssh/ssh.id_ed25519/secret b/vars/per-machine/crocus/openssh/ssh.id_ed25519/secret index 1bd1ef2..d1dc5eb 100644 --- a/vars/per-machine/crocus/openssh/ssh.id_ed25519/secret +++ b/vars/per-machine/crocus/openssh/ssh.id_ed25519/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:NuuwsBJ5E33VfWQwHnCujrU44VN9YUi4QD3ZJBaBMgfmjMA=,iv:f/8P5xs/0DWvaashUP9pYbigU4EyQsHoTh/hj8tP/sc=,tag:afZMpL4jyLWiNIUnDo5nzQ==,type:str]", + "data": "ENC[AES256_GCM,data:NiLXfIfhT+FUGFfrUGc2SBYFrmDIIx60IzuEIm+8AjxrJjgXmjp6PR4EJcvT19kk54mCrDx2devMYsbTCVE7hALqC6GD1DZCEEh7uSFobbgHv/nPrEG49FzQjw/4q4YXjiMc2J3jyVmbZf1lM39sajfpdlozxoS/YLGopYHKCPvPcYALWuTS3+GocBTmWCUu6/newtc2niPDmrBItXzKa54b+0xjD8pRhgfhgDL919lxH+fugh7QWPSx0c+LqdAgroUr9GkX0ofoUPeBdb9mMGcgYjX/EM81ZZzalnAkgsx4v7IEGEpeYxqw3gOm4T//8bkVXnrroqb7KY6c6os7M4NddMxLGJYJoTgAYMr71MX78NOIQiI2HLRaNudeMQ8PP9h+f8PyvyeJXMm4WiljGk+ojwZrh4+CnV+o5W+K7nsL4+gO6Zje3iEhEDW7Pr0VI4KtIho0UcMtbV++PHLIUowwD+YMftd/3wHmcUfGg9DwhDTCy4nSJOcaIUUZGkEGWkrsVxmu2/Gr6Zm19Iz9,iv:7GePCFLRrFOkD/QjDP+XrveU80YsT8O6CyuS770YbSs=,tag:HhN1SssO+dZ1vyBdjUrUYg==,type:str]", "sops": { "age": [ { "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoQkF0MEo2UlN6bFhualpV\nL1NteXpYdUhpZmlqWWY4eGNpTFdKeVRkTUQwCnVVWnpkbUNxTjlhRTU0eXJZRytt\ncDJJN2JmWkJrbnhPU09SSzBaM2VGWVkKLS0tIGVMZHpSNFY4WFBoczc2N3VnMHVB\nZWEvRHBSZUN2dk9nYmVPbjViV1hUbFEKjJ3fWv7LdCwuS4VpdZR7wbvtdUYkCZQK\neQuZ0SG9zF87kL4BpdpXlX2f6yuN4ZdgSPZ5IXc1SFwPJZz3v3Vg5Q==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoMVgyd3E3Yzg2bCtGaGx5\nTWxvMEluaXFVaGxmNmU0dFYvUkdUSHFMNGpvCnlFYXY1R3d0aHNha1kzMis2NVJV\nU1F2Ly8yUUV0SWpzSGVndG9pLzV2LzAKLS0tIDFrUUJqQzN4NGRlTTJRYUFjNHRW\nLzE0K3ovT0JqVUZEeTdaaUVNS2tWRFEKBmzU2fzC0KHb5ybXIwq+z3cdA8WrjHD1\nuFzNv1DotAxlA7e4BxmGm2Vuci7/EccNG7K2T5KQuD8nbtzXYJkkBw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQaStpMDR4ejlwZzJzWnlS\ndkZDam1qZWpQbzVWc25aem1QcldZMHZmeGdJCnE1andLY2JWKzF1Wlh2Q09rWkw5\nc2psZEdFbWFtRi9ic0VDTi9hQVREYTAKLS0tIDB0ajhRNW9wZ055dkFRZGgxcDFk\nYWsreVBwOUxiejNoMVhGMVNET1JydXMK7wH41osgGbCHOWTYpRnw58RvT+vEJTeO\nspdyEnP4hqYl/+CGzYkZ0crJuVvo8oULAAfbXbWtOkVglqHJ2LxGCw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzaU9VRE5MVUcyWFBuc293\ncHVLYm1iSEx2MzVYSFoyZnh4WW10ZUpmd1NjCjRRbzIvSEwyZVArRHo5dFdUc1hN\nS2pHWGwyMG42UlJteTR5K1ZRRHJ6Q1EKLS0tIHdWeXd1RmxCd3VLbS9kcGt2TzQv\neEVZZ3ZUaUpyQVV3MUpWcmVVRzdZYWcK3NZpvf6uCsNz3Im+yDafBcPQT+QxddkV\nStX8svuvbtwU8ZPlj7FiF/HoeVC6im33hrrrpRx9l+udPrqUAeuESQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-05-14T20:56:58Z", - "mac": "ENC[AES256_GCM,data:EyS804VI4ogWs0SELwfV6de1Yt8PU2qckwBBKuWws7W9EfHdDNWqYA15tUwn4hLjPrW8mgm7FF2/uf0KN9vi43tXUPH9eGnp9NW+BVQL6NObabaYRO/5jwPpxz05qy+HVDw0XF/trGeOwGImmbeSGtKzrLzBmh+vr7/ElzthCyQ=,iv:NRAiTCxS/zBNhGF5l4mGPuEJzWZk/V5BJoOeLtGyqK0=,tag:bCJYDt6xFzoTDG6AUsM0tw==,type:str]", + "lastmodified": "2025-06-17T19:07:35Z", + "mac": "ENC[AES256_GCM,data:Lr2/cMKdHIr+7orHw8XS1hvBngbRCybzIC29EBoREIEsb8PbTyHVJaN1Zf2Tov36h3XImarwG7tWEGqK/9KU35N20qJPlxfHzEzJjWo12oSxnLvMzN7sd7QygJwkwfOygeex4heZGUL8EDmqfp2DfINPVUShTNBmPtbb9q55ZzI=,iv:u3qEtkY2kGAVPm2D+DUwqIm5A/6hRqpgbu550m1G7jI=,tag:HBXdFlO5L2NHM/DfBpz0XQ==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } From 02c48167eb4fd30bbf95d747a7be27520aa95027 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 19 Jun 2025 21:36:14 +0200 Subject: [PATCH 028/376] move clan definition to its own module --- flake.nix | 44 +--------------------------------- machines/flake-module.nix | 50 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+), 43 deletions(-) create mode 100644 machines/flake-module.nix diff --git a/flake.nix b/flake.nix index cd6a11f..6acd2d1 100644 --- a/flake.nix +++ b/flake.nix @@ -19,6 +19,7 @@ inputs.nix-topology.flakeModule ./devShells/flake-module.nix + ./machines/flake-module.nix ]; systems = [ @@ -26,49 +27,6 @@ "aarch64-linux" ]; - clan = { - meta.name = "blossom"; - - inventory = { - instances = { - "rpqt-admin" = { - module.input = "clan-core"; - module.name = "admin"; - roles.default.machines = { - "crocus" = { }; - "genepi" = { }; - "haze" = { }; - }; - roles.default.settings.allowedKeys = { - rpqt_haze = (import ./parts).keys.rpqt.haze; - }; - }; - }; - services = { - zerotier.default = { - roles.controller.machines = [ - "crocus" - ]; - roles.peer.machines = [ - "haze" - "genepi" - ]; - }; - sshd.default = { - roles.server.machines = [ "crocus" ]; - }; - user-password.rpqt = { - roles.default.machines = [ - "crocus" - "genepi" - "haze" - ]; - config.user = "rpqt"; - }; - }; - }; - }; - perSystem = _: { topology.modules = [ ./topology.nix diff --git a/machines/flake-module.nix b/machines/flake-module.nix new file mode 100644 index 0000000..324f9ed --- /dev/null +++ b/machines/flake-module.nix @@ -0,0 +1,50 @@ +{ + + clan = { + meta.name = "blossom"; + + inventory.instances = { + "rpqt-admin" = { + module.input = "clan-core"; + module.name = "admin"; + roles.default.machines = { + "crocus" = { }; + "genepi" = { }; + "haze" = { }; + }; + roles.default.settings.allowedKeys = { + rpqt_haze = (import ../parts).keys.rpqt.haze; + }; + }; + + "rpqt-zerotier" = { + module.input = "clan-core"; + module.name = "zerotier"; + roles.controller.machines.crocus = { }; + roles.moon.machines.crocus = { + settings = { + stableEndpoints = [ + "167.235.28.141" + "2a01:4f8:1c1e:e415::/64" + ]; + }; + }; + roles.peer.tags."all" = { }; + }; + }; + + inventory.services = { + sshd.default = { + roles.server.tags = [ "all" ]; + }; + user-password.rpqt = { + roles.default.machines = [ + "crocus" + "genepi" + "haze" + ]; + config.user = "rpqt"; + }; + }; + }; +} From 2a2721ab33c78236bf1775d3d4ab53210c2505f5 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 19 Jun 2025 23:51:47 +0200 Subject: [PATCH 029/376] Update vars via generator garage for machine crocus --- .../crocus/garage/admin_token/machines/crocus | 1 + .../crocus/garage/admin_token/secret | 19 +++++++++++++++++++ .../crocus/garage/admin_token/users/rpqt | 1 + .../garage/metrics_token/machines/crocus | 1 + .../crocus/garage/metrics_token/secret | 19 +++++++++++++++++++ .../crocus/garage/metrics_token/users/rpqt | 1 + 6 files changed, 42 insertions(+) create mode 120000 vars/per-machine/crocus/garage/admin_token/machines/crocus create mode 100644 vars/per-machine/crocus/garage/admin_token/secret create mode 120000 vars/per-machine/crocus/garage/admin_token/users/rpqt create mode 120000 vars/per-machine/crocus/garage/metrics_token/machines/crocus create mode 100644 vars/per-machine/crocus/garage/metrics_token/secret create mode 120000 vars/per-machine/crocus/garage/metrics_token/users/rpqt diff --git a/vars/per-machine/crocus/garage/admin_token/machines/crocus b/vars/per-machine/crocus/garage/admin_token/machines/crocus new file mode 120000 index 0000000..efe6fd0 --- /dev/null +++ b/vars/per-machine/crocus/garage/admin_token/machines/crocus @@ -0,0 +1 @@ +../../../../../../sops/machines/crocus \ No newline at end of file diff --git a/vars/per-machine/crocus/garage/admin_token/secret b/vars/per-machine/crocus/garage/admin_token/secret new file mode 100644 index 0000000..31e6aa4 --- /dev/null +++ b/vars/per-machine/crocus/garage/admin_token/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:pjAzrkB59+DkMEnFaFvClFvRI0ayxCOHdMK8datVmtWRJdDtWZquvFYYB7kq,iv:sSICWQ0rBUwfbS1bk1CEcHOfwA1CmXE93rD1lT1EAU8=,tag:9CjwsKSfjU10xAAzAKo9ww==,type:str]", + "sops": { + "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsKzFrRTU0c0xIeG9yblRi\nUk9TbVRZMUxUNjdTdnViNEpDRGN3Z2E5czJrCkd2akJST3ZZbUNwcTdZeFZzVDJG\nTDE5WGlSdEQ0RUtkNEx2Wng5YkVrYWcKLS0tIEdPTkRrV3QyYzFraWhzRjI1c0N4\nY0xjc1N4eEo1YnNEK3ZoeENzOHFOZ00Kg19YjeYzSVuxrlOueX39SCzo9CX7063n\nBAVzFlgimDEKR3qfoDpdr7XssbWF942sYbIDBqDdqS/0nqL4vFkFxg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2NUdvaVRvYmpUYlc1MHR4\nTkpIdndTMW1XSGRxcXVjY2o3VnI3VDVkOUZNCmFaZm5vbTF1aXptMDRiZERZV3FS\nZG8yaWdEZmpobFUwU2FaeFdFTFcwN3MKLS0tIFZDUGRMa0ppanFtTnVvMHBacVJs\nNHpVUHRKL3MzMVJqQjBPeHdBanIyN0EK3KmePRXEK9o3uNX28sZvssiZorommPbS\ne1+mkTyK1ovuQcn/jVb2sA8EqiT/5DRar8a4gpdT+Wvw/io/mXXrHg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-06-19T21:51:47Z", + "mac": "ENC[AES256_GCM,data:A22tkDaTGpgo8yfqnNWkCVRV80JmJKiJoMQVFRNhezUhWLb5jV75QtBirXTBFLO3Uyd48Z2X/+s63FMta3tqYIf4LiHjimv5U4hWs8eVAtpdIi5Qxf0K5UPivlsHs/X3p1+9UWx9z1hnxp7cChpt02t4EEgWh+PNwerks6/gjZ8=,iv:mCAnLVRiXeAujn/7sVXf3ak5KOmvIYmtolOj3CdGlos=,tag:hDMjHWpk9W5ShBkLxYaH5w==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/crocus/garage/admin_token/users/rpqt b/vars/per-machine/crocus/garage/admin_token/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/crocus/garage/admin_token/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file diff --git a/vars/per-machine/crocus/garage/metrics_token/machines/crocus b/vars/per-machine/crocus/garage/metrics_token/machines/crocus new file mode 120000 index 0000000..efe6fd0 --- /dev/null +++ b/vars/per-machine/crocus/garage/metrics_token/machines/crocus @@ -0,0 +1 @@ +../../../../../../sops/machines/crocus \ No newline at end of file diff --git a/vars/per-machine/crocus/garage/metrics_token/secret b/vars/per-machine/crocus/garage/metrics_token/secret new file mode 100644 index 0000000..6f0bd9a --- /dev/null +++ b/vars/per-machine/crocus/garage/metrics_token/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:TkrqHdNw4y0yXniFE+GVWeZFDTcE8mSl018Yee+jmLHamREJJTVm3YuLnvUl,iv:ujf6LKoFZbPcDDJHEjKtu1K5vsHA5mtd/rCbXHsYcw4=,tag:MpL5TemDWr0i2/eB19RYeQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWY0RNS2MxYjFjQzJ3MjAy\nZlhveEdVQ2ExSFF2OTRQeDZOZnFjdHlmVGlzCnNGaDJ2ejBQZWJYT2dhT1JRYm93\nRi9IOFRlN1RkMmN2bVk3QlNGMGhsdnMKLS0tIFV6NWFVeVhNZ2pWUEl0Y0hwNlVJ\nUTU0ZnYyd254d2ZWMERMcXp2a0FCS2MKUvXDMS37SlN+EOwotmrNzeRRJK9b2zke\nIviLMQ9ir+QElm9IEiDK6UXE5x5nyKfOgvOO6AIsezyGpwDoeMsdVQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1L1hSZXN6Tm5FNkczbTFa\nYkdEK0ZPSkJYbmJuZXJFK3Z2Q21UMEFHUVhFCkVSakZEWkhlRm9XemlPNjN2YTVD\nQ3VGL2txdkxKMTBZa2xFeUg2cXY1V0kKLS0tIDN1TG02MUtlZUNoc3dPcnRKT0Fn\ncFhyY2ltbElrZTZXbGlWNTdzNHJYMkUKxEPeYMc9ciG9wppaTald/rqR/tPGVKS3\n4vzSbg4mdG1qewONltSROYYflB/fZeVEuEOdOfdODL1WCuRpvwbpTg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-06-19T21:51:47Z", + "mac": "ENC[AES256_GCM,data:OlbMel6Qf+SJyVHCp9v5U4EoBoolcxxtWiP6/29eXqIBHAQ7M1CAnQcoihDNaNrqINGpWxsBdWXGub69FkjRW9adyOc/BFidLuwDRY9C3F4G6e+99JppoGdmnaoZS3laOu1K09YE0BuUUOtGCvgRvtgfyalsnIEm4ASGhVz/6Cw=,iv:MKhebshlWzghyi4lTErOsUcfsoCJqj72IGxYlTcbn7I=,tag:Bov+mBo818U9fInwoUYGpw==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/crocus/garage/metrics_token/users/rpqt b/vars/per-machine/crocus/garage/metrics_token/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/crocus/garage/metrics_token/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From 3c5a941b219779b8cad49c7e1c597e8dc482f802 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 19 Jun 2025 23:51:49 +0200 Subject: [PATCH 030/376] Update vars via generator garage for machine genepi --- .../genepi/garage/admin_token/machines/genepi | 1 + .../genepi/garage/admin_token/secret | 19 +++++++++++++++++++ .../genepi/garage/admin_token/users/rpqt | 1 + .../garage/metrics_token/machines/genepi | 1 + .../genepi/garage/metrics_token/secret | 19 +++++++++++++++++++ .../genepi/garage/metrics_token/users/rpqt | 1 + 6 files changed, 42 insertions(+) create mode 120000 vars/per-machine/genepi/garage/admin_token/machines/genepi create mode 100644 vars/per-machine/genepi/garage/admin_token/secret create mode 120000 vars/per-machine/genepi/garage/admin_token/users/rpqt create mode 120000 vars/per-machine/genepi/garage/metrics_token/machines/genepi create mode 100644 vars/per-machine/genepi/garage/metrics_token/secret create mode 120000 vars/per-machine/genepi/garage/metrics_token/users/rpqt diff --git a/vars/per-machine/genepi/garage/admin_token/machines/genepi b/vars/per-machine/genepi/garage/admin_token/machines/genepi new file mode 120000 index 0000000..342fa08 --- /dev/null +++ b/vars/per-machine/genepi/garage/admin_token/machines/genepi @@ -0,0 +1 @@ +../../../../../../sops/machines/genepi \ No newline at end of file diff --git a/vars/per-machine/genepi/garage/admin_token/secret b/vars/per-machine/genepi/garage/admin_token/secret new file mode 100644 index 0000000..efc953b --- /dev/null +++ b/vars/per-machine/genepi/garage/admin_token/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:QOgo0cEpMfRuOfXs0LKvCsn4nQiCu1QsFPCZ3q2DT8mHka9i/h2UPwEMRero,iv:kJvgRalM/j0NCKlETcc+1u26WNctK7dsKp9caw+LJBY=,tag:s0yYUV3U9agn76ZbuGbQFA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEd3hZQjRaVVFkbFhTaEpD\nMk9yTWQzWVJpL0hybEFaV2ZMTk1IZ0hXb1N3CjI1UjVqRjN1VEJFaDRHSmFhbDZD\nTTkvUjNicXBEMFRlVVFxNzdzbXFQSFkKLS0tICtUditPL2krYnQ4dFJsb3hYMkFC\nSDZ6c1MrZm5sUW0ydTFjYXhlSTgramcK0lSdczaRmQODCpu9vtagqvz5HG0vW2Bi\nvQwwxALZYaaftZb5sJi3CfCWPEmzMJE3DXuZ4fvFJSWEaltzpBY1WA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2YUdYcW5hem1ONFoyM0p1\namU4N3dsN3NGK1Vybmh5T2lMUW1mTm51Tno4ClZsOCtZMm5OcjdkOVRZUTJCc0Nq\naVk3Ty9rRGxoVWxhOUdtZ2l3cjVIa2MKLS0tIHpXR2VKVlpEejhScUlzNjRqcWtz\nSWhoc2FBU3hqZlJUa1dBYUR1cU9aZFUKtfZp+keH670a4osfsZck6pkVOPzgLzZE\n5DgnPYw0t6/xcDlDsqejitnPvtC4Oq9xebejGHKYSQNhrk0uFfI4pg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-06-19T21:51:49Z", + "mac": "ENC[AES256_GCM,data:zaXINmQBZVN4dvvm9+O3T5nSm6q41J9fNUZ3Ye7/RcnQYS2XwiItL2PJ+Y75SS+2w40JGGrmkqaeUcEr49KGF0fU8ZxwuNelUoL7PuALA6lRsdTLE6plTyXABDFbl7yNWOvZH4P4xMJcYiJrNK2TW+7Kmd7mKtytpAKMUI/dNKw=,iv:MM/M9DwFkDaiqARfdWnEsROnFpT/diw5pQXLOHMFgZ0=,tag:ZzA54TFLYziKo4A/TL6CNg==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/genepi/garage/admin_token/users/rpqt b/vars/per-machine/genepi/garage/admin_token/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/genepi/garage/admin_token/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file diff --git a/vars/per-machine/genepi/garage/metrics_token/machines/genepi b/vars/per-machine/genepi/garage/metrics_token/machines/genepi new file mode 120000 index 0000000..342fa08 --- /dev/null +++ b/vars/per-machine/genepi/garage/metrics_token/machines/genepi @@ -0,0 +1 @@ +../../../../../../sops/machines/genepi \ No newline at end of file diff --git a/vars/per-machine/genepi/garage/metrics_token/secret b/vars/per-machine/genepi/garage/metrics_token/secret new file mode 100644 index 0000000..45bb3f8 --- /dev/null +++ b/vars/per-machine/genepi/garage/metrics_token/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:XhYWRFmXLvbfmWiMnq6x09MCjMhYRbQaaklu01y7A60gRQj6NzrdYVvU2qyd,iv:XKFiHWHwzZSNNS5hbwwyKnDqfYS7D9kTXXCnc2jRmoI=,tag:je58k2uQ44jaC1byxu3Xag==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2NnJoZVc2L09RMThWaWFM\nWjZCWmJpUDJMd2tJSTNLaWFjV2Ewc1YvMWxjClVtZ1p0V3BlalBaQW9ldFAvdk1M\nUnF0L2o5R3FSbXFMdlJ4MXM3Y1hQam8KLS0tIExKZ05BaUxkRXZaQ3lpSmE0NitY\nY083ZXQ0bktJUEVibXBWQzN3RVEvbWsKDyzXAVmc24+K2nBBtbCs0aioVVbavHfj\n7dlwAzBIgGtrCoKG4ifbB3X/at038Xwsk00u63flVtr9um6DFoxtlg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOZ1BOZ3dJa0V4ckNtNHFt\nTzQyUVRlcDJyTHNYb2RXR0RIZE13ck43OUdjCjB0WEJHbEtrVU5OcEE1eTRVai9z\nQWM0MzBuZWt1VHFUcUlqd3JRcXVISU0KLS0tIGdqSGtaaU8zVml6UTd5K1l6OFk4\nS2dpeVlva1BnNUZMc2hKb2hxSkdseDQKVay7CbTfid2V/ztXjNpBfG46lrM+fpbu\nlTuBOeyzftTWqKicjhzIh3eKF0NJMLDflC6QBNywtt26bRehNngFmw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-06-19T21:51:49Z", + "mac": "ENC[AES256_GCM,data:3jN4Jq+rFtDY0o7TfmGyJ3YhIaTEejJTqUyepUvh2NDfSXvLUswvPAEznKYaPLG1kHw4UX00elaNr/Yg9Bo4lQdLYjhSo/IeOjoxdp/bAcH6zmTWZpv3u8tEy4hQTva3RseCFCuNieJazVPnucjvHOkiVn+P4Bkr0UMXizyS+mE=,iv:hotkunc/ytaIMxt+2K1kXZuKyVHKGmdC2nSjgkb82xk=,tag:k2L7TVWgbtV9A4BNmWCVOg==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/genepi/garage/metrics_token/users/rpqt b/vars/per-machine/genepi/garage/metrics_token/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/genepi/garage/metrics_token/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From b7f489b8e72c7fbc26a23f79b95c1bcebeb8cb1e Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 19 Jun 2025 23:51:51 +0200 Subject: [PATCH 031/376] Update vars via generator garage-shared for machine crocus --- .../garage-shared/rpc_secret/machines/crocus | 1 + vars/shared/garage-shared/rpc_secret/secret | 19 +++++++++++++++++++ .../garage-shared/rpc_secret/users/rpqt | 1 + 3 files changed, 21 insertions(+) create mode 120000 vars/shared/garage-shared/rpc_secret/machines/crocus create mode 100644 vars/shared/garage-shared/rpc_secret/secret create mode 120000 vars/shared/garage-shared/rpc_secret/users/rpqt diff --git a/vars/shared/garage-shared/rpc_secret/machines/crocus b/vars/shared/garage-shared/rpc_secret/machines/crocus new file mode 120000 index 0000000..1ca5db3 --- /dev/null +++ b/vars/shared/garage-shared/rpc_secret/machines/crocus @@ -0,0 +1 @@ +../../../../../sops/machines/crocus \ No newline at end of file diff --git a/vars/shared/garage-shared/rpc_secret/secret b/vars/shared/garage-shared/rpc_secret/secret new file mode 100644 index 0000000..8549958 --- /dev/null +++ b/vars/shared/garage-shared/rpc_secret/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:JCC+7DyRQOI8cZ01ay5WnmH8pdupRnEF9scESS59LtDDzrqSqi/aMV4FqxqRHAB8jveonFqwz+0QJuEZhpuy6yg=,iv:/BwhOKtXqkINchMLHdgfryc9iO8weGCiGrzGVZudPlU=,tag:rTMkGi3LL5qTsGapWDFTfw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Z2tTSU5DOXBSZEMrQnIy\ndGNpWGFYM0x4Tm0vMFh6NzV6S3hSQS8wT1hJCmtsN3VLWmsxZngyLzBIVmhXK3RV\nQ3V6Q1BRSU5mTXh3RTgreml6K3J3ckUKLS0tIFpuMmNGaWdMOTdmRVJCUnptb0g1\nSUJUcGE3eHlzY1RNZmJjcU9IQWRZY2MKMvDGbpuAsNy2pu4Vzhwv3+0qTq4r9V8y\nvZnj+GIlh9mEg4tNwGE3b7sLChhVRtBbAykGnvB4liq5AgfQGfdf+g==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUTRxQlhaZFNQWjdEWG0x\ncThjRzJMcXF4emx6L3lETG1DeENMTjdRN1RFCkU1L054YXZQZnB0cU1yREprZU0x\nQWY5WmkzalV2cWExNUE2a1NweGJmWncKLS0tIFQyS3o3eGs1Z2NSc254Vkc1R2ZE\nZFJTcEhBZXRRdFVIVWNrd1daMTZlRncKAgC+1pMVJBuNsE8aPYhxfmFqBSDkCMXF\nN9OZuIDkEe0kgBDo75pN+2frVXdvb9FIG0+LB9sKrS2NyODHQ900xw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-06-19T21:51:51Z", + "mac": "ENC[AES256_GCM,data:YHB6oH51GkTgXtFj3tTecaao/OgGgKYeluaGUi0mhyzBQZg4Z+ZMeQLXXE2ktKxmFuDbU316pYwC/dO2kyn/TFQSZs/9lPNfhAacG7VrjSo4AIyTNF41eDCWYBc1RjPWk2dD1+pj3750AInk/jXUFBpHSmvVQy7DdbZR5Rmb/sk=,iv:ZW9zYSXw2veW6VDcTOZwERrumFgYY9tQUL5XIDMDl5o=,tag:gYiPgX0uM2ET3227BEzz0A==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/shared/garage-shared/rpc_secret/users/rpqt b/vars/shared/garage-shared/rpc_secret/users/rpqt new file mode 120000 index 0000000..825a187 --- /dev/null +++ b/vars/shared/garage-shared/rpc_secret/users/rpqt @@ -0,0 +1 @@ +../../../../../sops/users/rpqt \ No newline at end of file From 85c17fe3ea116e93b1aa18b35870a0b36a13dc3d Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 19 Jun 2025 23:51:53 +0200 Subject: [PATCH 032/376] Update vars via generator garage-shared for machine genepi --- .../garage-shared/rpc_secret/machines/genepi | 1 + vars/shared/garage-shared/rpc_secret/secret | 14 +++++++++----- 2 files changed, 10 insertions(+), 5 deletions(-) create mode 120000 vars/shared/garage-shared/rpc_secret/machines/genepi diff --git a/vars/shared/garage-shared/rpc_secret/machines/genepi b/vars/shared/garage-shared/rpc_secret/machines/genepi new file mode 120000 index 0000000..be44d39 --- /dev/null +++ b/vars/shared/garage-shared/rpc_secret/machines/genepi @@ -0,0 +1 @@ +../../../../../sops/machines/genepi \ No newline at end of file diff --git a/vars/shared/garage-shared/rpc_secret/secret b/vars/shared/garage-shared/rpc_secret/secret index 8549958..dfd7072 100644 --- a/vars/shared/garage-shared/rpc_secret/secret +++ b/vars/shared/garage-shared/rpc_secret/secret @@ -1,18 +1,22 @@ { - "data": "ENC[AES256_GCM,data:JCC+7DyRQOI8cZ01ay5WnmH8pdupRnEF9scESS59LtDDzrqSqi/aMV4FqxqRHAB8jveonFqwz+0QJuEZhpuy6yg=,iv:/BwhOKtXqkINchMLHdgfryc9iO8weGCiGrzGVZudPlU=,tag:rTMkGi3LL5qTsGapWDFTfw==,type:str]", + "data": "ENC[AES256_GCM,data:/lXB/mx52rLK4TzJgkyHYleiKQLX/FYVRdgSPrg1+cLzpMxHFRUfedoovKC4ibFHNhnLO3p54TAd353xiINvrX8=,iv:kbcqCEC6/i58u78HQRTXaozOrrdNS3PEMrGfHJqxuKY=,tag:2s/7ZGLok5BRbn25h2wetg==,type:str]", "sops": { "age": [ { "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Z2tTSU5DOXBSZEMrQnIy\ndGNpWGFYM0x4Tm0vMFh6NzV6S3hSQS8wT1hJCmtsN3VLWmsxZngyLzBIVmhXK3RV\nQ3V6Q1BRSU5mTXh3RTgreml6K3J3ckUKLS0tIFpuMmNGaWdMOTdmRVJCUnptb0g1\nSUJUcGE3eHlzY1RNZmJjcU9IQWRZY2MKMvDGbpuAsNy2pu4Vzhwv3+0qTq4r9V8y\nvZnj+GIlh9mEg4tNwGE3b7sLChhVRtBbAykGnvB4liq5AgfQGfdf+g==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvaWVtWG5hbk4yVHhyMWFE\nL2JHcGgvempPNXhnWEZDWFVHMFZ1MkdWL2g0Ck5RRVJlQ3JrSkxNL3BOYlNHeXY0\nQ0FVdzVQQVZnaFdoc2tIMUJzU3FyVTgKLS0tIDRhMWcvaDlGZWhiTjlJd3dvbnpZ\nWEVsdjB6WEZ4ZjM0UXVyTkZoTkUvdXcK38L3PAkQW7mnRaS/ScCriU0hZ/NsQq73\nTUReIxJTAy9/4HAex4rmcVeCHnCWvbLKKUothPRPrLP1h7sDmN9q+A==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3eUJWVlZTVGxLKzNLSlJM\nbE1VZ05oSVBvWDRVOW5Cek42ekg2SEtINjJ3Ci94a0lLTDBBTkgwNTRkZmhvVDVa\nOHpwOEViOEM3R1IwZHV0QllhcXRGODQKLS0tIDRGN0NsNWlaTzNKUk9WYVpIVCtL\nK0N5Z3NtcUYwV2pyUXVld296VU5JazQKJYWq1KPT/Oie+DT9Uj30CaFJCYkVX+zS\nF8zHodbPAOakUjwLgp1flLK6DP66lq9D+1U6y9+qaZdWnBwPGgL5Hg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUTRxQlhaZFNQWjdEWG0x\ncThjRzJMcXF4emx6L3lETG1DeENMTjdRN1RFCkU1L054YXZQZnB0cU1yREprZU0x\nQWY5WmkzalV2cWExNUE2a1NweGJmWncKLS0tIFQyS3o3eGs1Z2NSc254Vkc1R2ZE\nZFJTcEhBZXRRdFVIVWNrd1daMTZlRncKAgC+1pMVJBuNsE8aPYhxfmFqBSDkCMXF\nN9OZuIDkEe0kgBDo75pN+2frVXdvb9FIG0+LB9sKrS2NyODHQ900xw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2b01nWnU2SGFSbWJZTTB6\nMXZrZTVTWlF3cW9rVmYzajVabzhmenZ2VzJVClB3ME1rQzk4ZkxSMHBBKzdqL2Rs\nNDJ5WUlRdGo4cmJzdGhERWhDQVhqWnMKLS0tIHRLNDlSVWVNbllmTDU3WHdWblBD\nd0Zoanc4YktFMEkyY3BiSVZ3N0o3encKEL+98El05Shf+GWJruRRGeXWfZGixFQs\nKx+LnKBibCafi28uV6HXXmXGEUvdrNBoAfakRS7IHIjdTYEVdIWesg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-06-19T21:51:51Z", - "mac": "ENC[AES256_GCM,data:YHB6oH51GkTgXtFj3tTecaao/OgGgKYeluaGUi0mhyzBQZg4Z+ZMeQLXXE2ktKxmFuDbU316pYwC/dO2kyn/TFQSZs/9lPNfhAacG7VrjSo4AIyTNF41eDCWYBc1RjPWk2dD1+pj3750AInk/jXUFBpHSmvVQy7DdbZR5Rmb/sk=,iv:ZW9zYSXw2veW6VDcTOZwERrumFgYY9tQUL5XIDMDl5o=,tag:gYiPgX0uM2ET3227BEzz0A==,type:str]", + "lastmodified": "2025-06-19T21:51:53Z", + "mac": "ENC[AES256_GCM,data:wJObpbZ91sGruEO043TWY1UdqMjBxEKMHUQOkw8xfMCmqgsRp12fqJKqK/jFZD4FZyJSw8WKrVKEklx7+9v4GGH4udS1KSrypm0UVmhIMV1/X1FANL0ZZ80Yqt9mnSOcRcLPaAHjqeD6NfB/rss5wCRwqeqdwjlfGyMr1bUHPOc=,iv:fFYsziILeWLVSyOZ48AcmGZEtdEOOi3FBTGpATbsP7U=,tag:uT4nj2WuELKRLitZeuRElQ==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } From 75c6ddf1460484643978fee35d99b0773c9a96b1 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 20 Jun 2025 19:00:32 +0200 Subject: [PATCH 033/376] update flake inputs --- flake.lock | 76 +++++++++++++++++++++++++++--------------------------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/flake.lock b/flake.lock index 6d022ed..96fbf1a 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1747575206, - "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", + "lastModified": 1750173260, + "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", "owner": "ryantm", "repo": "agenix", - "rev": "4835b1dc898959d8547a871ef484930675cb47f1", + "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", "type": "github" }, "original": { @@ -41,11 +41,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1749147104, - "narHash": "sha256-SI/aEc1U/mQPRyzHevMmZLh1jXVrRCuSd5cdaQAL4Qc=", + "lastModified": 1750349689, + "narHash": "sha256-8cB/oDC6fb2pErnESzpwLSLGC8JQZLpBe2x6xIPZIIg=", "ref": "refs/heads/main", - "rev": "4592eeb0b8847e63253731e9a9b7ed537e79f1a2", - "revCount": 7428, + "rev": "4c0ad55e35bc2b1c07f69e2642d9b3bf1c0b4de6", + "revCount": 7721, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -96,11 +96,11 @@ ] }, "locked": { - "lastModified": 1748824882, - "narHash": "sha256-DnBR3hpUtaEtidCTIyiPzTfXsrY5huYo6ny6XIxaZFs=", - "rev": "bca54baa18fcbfb73dada430cfdac8e55c0532a4", + "lastModified": 1750183842, + "narHash": "sha256-znYkJ+9GUNQCmFtEhGvMRZPRP3fdGmbiuTyyrJRKUGA=", + "rev": "cb75111e4c99c7a960cfdd0d743f75663e36cbfa", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/bca54baa18fcbfb73dada430cfdac8e55c0532a4.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/cb75111e4c99c7a960cfdd0d743f75663e36cbfa.tar.gz" }, "original": { "type": "tarball", @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1749089136, - "narHash": "sha256-A1UgwtAEQYd38Z6VoRAiGs4jZQczAGyP5DF3hhYUdpg=", + "lastModified": 1750040002, + "narHash": "sha256-KrC9iOVYIn6ukpVlHbqSA4hYCZ6oDyJKrcLqv4c5v84=", "owner": "nix-community", "repo": "disko", - "rev": "a4f7deb49f7336feb6c5abaf213b374936421dbe", + "rev": "7f1857b31522062a6a00f88cbccf86b43acceed1", "type": "github" }, "original": { @@ -156,11 +156,11 @@ ] }, "locked": { - "lastModified": 1749147380, - "narHash": "sha256-UvCI5f1qD9l1fCQkoG/kJI0yNjDQIiJaN7gkve8fmII=", + "lastModified": 1750040002, + "narHash": "sha256-KrC9iOVYIn6ukpVlHbqSA4hYCZ6oDyJKrcLqv4c5v84=", "owner": "nix-community", "repo": "disko", - "rev": "d74db625a5cf3f46cf8fa545d6ef10bd3463ea07", + "rev": "7f1857b31522062a6a00f88cbccf86b43acceed1", "type": "github" }, "original": { @@ -310,11 +310,11 @@ ] }, "locked": { - "lastModified": 1749131129, - "narHash": "sha256-tJ+93i7N4QttM75bE8T09LlSU3Mv6Dfi9WaVBvlWilo=", + "lastModified": 1750304462, + "narHash": "sha256-Mj5t4yX05/rXnRqJkpoLZTWqgStB88Mr/fegTRqyiWc=", "owner": "nix-community", "repo": "home-manager", - "rev": "13a45ede6c17b5e923dfc18a40a3f646436f4809", + "rev": "863842639722dd12ae9e37ca83bcb61a63b36f6c", "type": "github" }, "original": { @@ -333,11 +333,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1749150088, - "narHash": "sha256-jBeMPXnAdtmJIp9q2obU3nIDprBKLS7uNHOGJXrf08c=", + "lastModified": 1750337387, + "narHash": "sha256-noZ4EiBQRmR2Bfw0VnN838r//1Mtuw3tgOeCzEUqh8I=", "owner": "ignis-sh", "repo": "ignis", - "rev": "d4c97e63423d54bf956a249bf408b14fecadd64e", + "rev": "0b68b350e5167143861a030e3bd9065facd6264b", "type": "github" }, "original": { @@ -390,11 +390,11 @@ ] }, "locked": { - "lastModified": 1749012745, - "narHash": "sha256-Cax/k9ZRPKqTz18vZtmqGR45pHRXM+sDvEVd4V/3NrU=", + "lastModified": 1750325256, + "narHash": "sha256-vvlxGz/waqJ3TGqM/iqXbnEc7/R1qnEXmaBiPaQ1RE0=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "fa6120c32f10bd2aac9e8c9a6e71528a9d9d823b", + "rev": "0d71cbf88d63e938b37b85b3bf8b238bcf7b39b9", "type": "github" }, "original": { @@ -490,11 +490,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1749056381, - "narHash": "sha256-QITcurR19KZlrCngBoCjsFF2BdYsiCG4UqmlrVcLb8Q=", + "lastModified": 1750083401, + "narHash": "sha256-ynqbgIYrg7P1fAKYqe8I/PMiLABBcNDYG9YaAP/d/C4=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "029bd66faa180e11262dd1bc2732254c33415f52", + "rev": "61837d2a33ccc1582c5fabb7bf9130d39fee59ad", "type": "github" }, "original": { @@ -522,11 +522,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1748929857, - "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", + "lastModified": 1750134718, + "narHash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "rev": "9e83b64f727c88a7711a2c463a7b16eedb69a84c", "type": "github" }, "original": { @@ -587,11 +587,11 @@ ] }, "locked": { - "lastModified": 1747603214, - "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", + "lastModified": 1750119275, + "narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=", "owner": "Mic92", "repo": "sops-nix", - "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", + "rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2", "type": "github" }, "original": { @@ -683,11 +683,11 @@ ] }, "locked": { - "lastModified": 1748243702, - "narHash": "sha256-9YzfeN8CB6SzNPyPm2XjRRqSixDopTapaRsnTpXUEY8=", + "lastModified": 1749194973, + "narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "1f3f7b784643d488ba4bf315638b2b0a4c5fb007", + "rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5", "type": "github" }, "original": { From ce6a46b5a8f45b8e51c1d8e81e8bb54fb416a108 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 20 Jun 2025 19:04:39 +0200 Subject: [PATCH 034/376] migrate to clan instances --- machines/flake-module.nix | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/machines/flake-module.nix b/machines/flake-module.nix index 324f9ed..87eb989 100644 --- a/machines/flake-module.nix +++ b/machines/flake-module.nix @@ -31,19 +31,23 @@ }; roles.peer.tags."all" = { }; }; - }; - inventory.services = { - sshd.default = { - roles.server.tags = [ "all" ]; + "sshd" = { + module.input = "clan-core"; + module.name = "sshd"; + roles.server.tags.all = { }; + }; + + "rpqt-password-haze" = { + module.input = "clan-core"; + module.name = "users"; + roles.default.machines.haze = { + settings = { + prompt = false; + user = "rpqt"; + }; + }; }; - user-password.rpqt = { - roles.default.machines = [ - "crocus" - "genepi" - "haze" - ]; - config.user = "rpqt"; }; }; }; From a364bddd7e72070bd8b774e57be2155c9eeefe0b Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 20 Jun 2025 19:05:51 +0200 Subject: [PATCH 035/376] add jj --- home-manager/dev.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home-manager/dev.nix b/home-manager/dev.nix index 75c2e03..637c423 100644 --- a/home-manager/dev.nix +++ b/home-manager/dev.nix @@ -4,6 +4,7 @@ devenv direnv hut + jujutsu nix-output-monitor radicle-node typescript-language-server From 242210c2e0d651fc9c3755599419e7cbbb88cb85 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 20 Jun 2025 19:10:09 +0200 Subject: [PATCH 036/376] remove broken dns --- machines/genepi/configuration.nix | 1 - machines/genepi/dns.nix | 35 ------------------------------- 2 files changed, 36 deletions(-) delete mode 100644 machines/genepi/dns.nix diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index 576dc27..58c57c7 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -8,7 +8,6 @@ ./acme.nix ./boot.nix ./builder.nix - ./dns.nix ./freshrss.nix ./glance.nix ./homeassistant.nix diff --git a/machines/genepi/dns.nix b/machines/genepi/dns.nix deleted file mode 100644 index 086bcc0..0000000 --- a/machines/genepi/dns.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, lib, ... }: -let - domain = "home.rpqt.fr"; - genepi = { - ip = "100.83.123.79"; - subdomains = [ - "glance" - "grafana" - "images" - "rss" - "tw" - ]; - }; -in -{ - networking.firewall.interfaces."${config.services.tailscale.interfaceName}" = { - allowedTCPPorts = [ 53 ]; - allowedUDPPorts = [ 53 ]; - }; - - services.unbound = { - enable = true; - resolveLocalQueries = false; - - settings = { - server = { - interface = [ "${config.services.tailscale.interfaceName}" ]; - access-control = [ "100.0.0.0/8 allow" ]; - - local-zone = lib.map (subdomain: ''"${subdomain}.${domain}." redirect'') genepi.subdomains; - local-data = lib.map (subdomain: ''"${subdomain}.${domain}. IN A ${genepi.ip}"'') genepi.subdomains; - }; - }; - }; -} From a8ae2ba79712224e0d2bc217d121967310c499c1 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 24 Jun 2025 19:11:23 +0200 Subject: [PATCH 037/376] Update vars via generator user-password-rpqt for machine haze --- .../user-password-hash/machines/haze | 1 + .../user-password-hash/secret | 19 +++++++++++++++++++ .../user-password-hash/users/rpqt | 1 + .../user-password-rpqt/user-password/secret | 15 +++++++++++++++ .../user-password/users/rpqt | 1 + 5 files changed, 37 insertions(+) create mode 120000 vars/per-machine/haze/user-password-rpqt/user-password-hash/machines/haze create mode 100644 vars/per-machine/haze/user-password-rpqt/user-password-hash/secret create mode 120000 vars/per-machine/haze/user-password-rpqt/user-password-hash/users/rpqt create mode 100644 vars/per-machine/haze/user-password-rpqt/user-password/secret create mode 120000 vars/per-machine/haze/user-password-rpqt/user-password/users/rpqt diff --git a/vars/per-machine/haze/user-password-rpqt/user-password-hash/machines/haze b/vars/per-machine/haze/user-password-rpqt/user-password-hash/machines/haze new file mode 120000 index 0000000..db9551a --- /dev/null +++ b/vars/per-machine/haze/user-password-rpqt/user-password-hash/machines/haze @@ -0,0 +1 @@ +../../../../../../sops/machines/haze \ No newline at end of file diff --git a/vars/per-machine/haze/user-password-rpqt/user-password-hash/secret b/vars/per-machine/haze/user-password-rpqt/user-password-hash/secret new file mode 100644 index 0000000..9d2819d --- /dev/null +++ b/vars/per-machine/haze/user-password-rpqt/user-password-hash/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:FPfiUzjYns9F9qYuJCuKQ2gQOtiRM5p9wUM4vTB+itXKiQHNRWaT0Row/wyMLkjMd8roBYgpUpUOpOnI2MZQfUAB3dlvVKoXW+lE4LrC2G8qTleQ3FYfM9FelpWuw+yCq4IJaZu8PVRY0g==,iv:K9B46wJW17JoOU4fKl6o5kYMnXJG8l+0C0UNSq6W5fU=,tag:pfG9rSTlv8HVKs8orUosTg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZ2l4YkZadGJ3QkRhVW5j\nUkUwdmpEMWN2M1BXdzJkTVVDa2liekN6UENRCnJBQ0p2cXZscWtRRnJRbzZzM3hu\nRUUwRmhJSHhua2lBNTRXN0pyZmZlMVUKLS0tIGg2MldqZTRkL25rYkY1WmtGSHR4\nV2tOQUdRcVRBSHlsWGZaU1JMM3o2cjQKdrIbQqkM23CS4PTvsLLH2B4bWn4G+e20\nUZkcIyYCJhiU8S/k6myCRnPp/HvjfLhLuW9vc9UX47rfrjOOKv45YA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjRVYwU1B3ZVh0UXA5aHcw\nWkQ2eWxxNlVjZ2hFTGtCYUtPMGlmTG51LzBVCjR1OEpvdFNDRXVBd1dSTVhFNUts\nUzBPai96dkYxaXJNN01GRWZySFJ0a1UKLS0tIGVZdnpnK2NPQ3lsZkN0c2FCZWlK\nRlpsSmhDbWlYM2R3ZFBNUXI5bHlXZjAKMQzFe6AnWo9MOy+GDpahVfYumwZ5727u\naC4MiIVeTrIptXAqkxCjXrgsr5IzCV5uhvMMmAvPJ/xhmUeb1XraaA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-06-24T17:11:23Z", + "mac": "ENC[AES256_GCM,data:BS/+1cyvgY3nCjmbDNHDtPbA/1bvnWWl2Je2XpjfsytRTMAZ0QEwkwQ4cJJnpZDwkscOtJOTR/0FY9+sRrSEMQbC5r1TFL3gFYF8PzskFBL21kovKgQD4y07tARlyLzL1Y8EuA9jVGQjIuqi36mXIxrAcCaP+ESDArWSh5IoQfw=,iv:4BZNHlHKgGe08f8tVZXUtaCZhLZZ8Bwl1oQ/S7S1qdM=,tag:Lusfyr8U2G0UpBLkEitLGw==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/haze/user-password-rpqt/user-password-hash/users/rpqt b/vars/per-machine/haze/user-password-rpqt/user-password-hash/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/haze/user-password-rpqt/user-password-hash/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file diff --git a/vars/per-machine/haze/user-password-rpqt/user-password/secret b/vars/per-machine/haze/user-password-rpqt/user-password/secret new file mode 100644 index 0000000..b025c75 --- /dev/null +++ b/vars/per-machine/haze/user-password-rpqt/user-password/secret @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:bYZDSHz0u+O0UJ3P,iv:7L/ziYffgAM+bYgmlonPyRlA/Sa/x5bXMeJsIjMRORA=,tag:FPk0ggKa6cRTDMiVNWSj3A==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJb3dSUjhkUG1DWEo4SElJ\nSGJVdjM0cnNrRFFScUJBb1JLSVpvV21RWEJnCmtFUjlpYkM3VHFDSXRCY0Q0RmJh\nNkZ2Skw2VkJ4eWg2MlFyRk9jWE9SZUkKLS0tIGdWMlRIRkFvY09pcDJybkw2aDZi\nc1IvclB4YVNWSXJEZ1ZoaHhmaXowTkEKODbAEHwQOrOqSL5VNOBVBQAZ+278Rmmj\nykj3SfjVEms/+3R6sHGmPXq/b8p7KR1M2GlRxhH9xjHzmQj2SqlGLg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-06-24T17:11:23Z", + "mac": "ENC[AES256_GCM,data:WW+UXihwEX5Z29my0bRXEcTFzH6YaUBo2nbkLeXcvkj1bePbZeVB5AJFh6OXQHe1mr4k8/iXNUTmwh2ZxrvAkTuhYn9V83GYVC1aTEHesmoQ+cVlTGpqu6tqpSl6HDJcWUIiC0eAktQbQEK03rIaE8bjJzoQp6Qzj1OZ6DR9nwE=,iv:cnqDZIIxpg1qFRbpZjrXUi4abjydJ6aYfLX3RxGFpMs=,tag:XNmbxi7ZnBdZb0ekU+e6jw==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/haze/user-password-rpqt/user-password/users/rpqt b/vars/per-machine/haze/user-password-rpqt/user-password/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/haze/user-password-rpqt/user-password/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From c5c990662c3be8023a55c348ddb4475bb1025409 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 26 Jun 2025 23:22:22 +0200 Subject: [PATCH 038/376] Update vars via generator gandi for machine genepi --- .../genepi/gandi/gandi-env/machines/genepi | 1 + .../per-machine/genepi/gandi/gandi-env/secret | 19 +++++++++++++++++++ .../genepi/gandi/gandi-env/users/rpqt | 1 + .../genepi/gandi/gandi-token/machines/genepi | 1 + .../genepi/gandi/gandi-token/secret | 19 +++++++++++++++++++ .../genepi/gandi/gandi-token/users/rpqt | 1 + 6 files changed, 42 insertions(+) create mode 120000 vars/per-machine/genepi/gandi/gandi-env/machines/genepi create mode 100644 vars/per-machine/genepi/gandi/gandi-env/secret create mode 120000 vars/per-machine/genepi/gandi/gandi-env/users/rpqt create mode 120000 vars/per-machine/genepi/gandi/gandi-token/machines/genepi create mode 100644 vars/per-machine/genepi/gandi/gandi-token/secret create mode 120000 vars/per-machine/genepi/gandi/gandi-token/users/rpqt diff --git a/vars/per-machine/genepi/gandi/gandi-env/machines/genepi b/vars/per-machine/genepi/gandi/gandi-env/machines/genepi new file mode 120000 index 0000000..342fa08 --- /dev/null +++ b/vars/per-machine/genepi/gandi/gandi-env/machines/genepi @@ -0,0 +1 @@ +../../../../../../sops/machines/genepi \ No newline at end of file diff --git a/vars/per-machine/genepi/gandi/gandi-env/secret b/vars/per-machine/genepi/gandi/gandi-env/secret new file mode 100644 index 0000000..8ea62b1 --- /dev/null +++ b/vars/per-machine/genepi/gandi/gandi-env/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:Y/+ORMf1iv7E2ZZIpBf+YNpMMQ3qTo0fsYLDwch+anhXNwNgIqWnRdXD/FDH48TCX3HG2uonhmO6Y6Wl7eZOhfHSYi118w==,iv:U039/a9TUfsyqtNAoex7eZvQ0nq8hatNxUn3NzIRkwE=,tag:XOYjnjVy9+h+5IavKDYkRg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMRVU4N3l5dVJmb2lwNTRi\nQ1ljazlXQjFJc0tESXBVd005c2VSMERPa0RVClBCb3gwWjNZWTQ3R0xwOTBkYU5P\naHZWOEZaUDY0SnJaajBRbjFkam4xcU0KLS0tIE5vRm9MMnJ2MFgyNktEaDM0TVJP\nZXlWeXNEVXBMb0E0TzFNUUtOS3ZjMUkKC4M16hIz51bAUHMseWh0ybBupnzTb3Vy\nOEumkcqSA9Dv0ACgscpuaFIysICDYGC1URGImWe/nElo+vnB8BWZAg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyMGpxNm9Jbm14UEpZUlVH\nMW1McXhLOXQ1NzIxdG5LZDFqRk82bUlhMkZNCjhTZnB2U3I0cE1MQjk0ZCs3eWNF\nUlpzbk5TUDJZUFF6RStKbTlNZnVEZTgKLS0tIDZSYkZkT0p6dFVFank3eTFjbFgw\nY1A0WE9SUE85OER3QzJaWkVKc2RtOE0KaPgVki5AgGlXYHxExV+uEc3nsh3SM81A\nLDlNrSysr0tw8XpvBFGT21hNVljBRVeLJBzKhsfrhSdtJbNau0L1wQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-06-26T21:22:22Z", + "mac": "ENC[AES256_GCM,data:vu/F9ce9aYT1gwiS1EGBJ5N3lo+NAOiCEt+jbJRVLo5gCHPtnoTxxraBCq0CjHTFw32xVIrAsDbkJS0NJPDgODRwceMk/0xXlgQ3QOI/CO0NFarFTQDdT6RmW6o9ylHk94YsXSiQDJ0K+DrIOlyCOA5HIzKJML5HXqkLSF97TCo=,iv:OJk0Vbn+zWahl1/ZAIytBwJlfdDIFjLecZ0M1QC5fUM=,tag:IGXJmKdktn/CK+jtw3Y5yw==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/genepi/gandi/gandi-env/users/rpqt b/vars/per-machine/genepi/gandi/gandi-env/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/genepi/gandi/gandi-env/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file diff --git a/vars/per-machine/genepi/gandi/gandi-token/machines/genepi b/vars/per-machine/genepi/gandi/gandi-token/machines/genepi new file mode 120000 index 0000000..342fa08 --- /dev/null +++ b/vars/per-machine/genepi/gandi/gandi-token/machines/genepi @@ -0,0 +1 @@ +../../../../../../sops/machines/genepi \ No newline at end of file diff --git a/vars/per-machine/genepi/gandi/gandi-token/secret b/vars/per-machine/genepi/gandi/gandi-token/secret new file mode 100644 index 0000000..fb7890b --- /dev/null +++ b/vars/per-machine/genepi/gandi/gandi-token/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:PW0hHJALRXaoXPSeqnxPzwepz/u+J4QJKd388CdrLJ3TUzm7IKqstA==,iv:VF/0ZudBmzdZX/VWd/L5ic86LQlOfSUgBmwckvw9G/g=,tag:FXFU3FlewhRbZei28vP4Jg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhSzVUWDlsT0lrTHcvaEg2\nMERNUEJGRVM0aDlZdUszcXdtMjNrU1FraVNZCjR1K0h0U0lqdzU2NG5yblRqQlow\nY1FoalJiVEhFOU1vSzkxWU9EUUtYQnMKLS0tIEdJb2J0QWxucUF4c0tuL3ZISks5\nb2tYS0dvcTJpS1VrVUxOWDFZUmdIQkkKTy6B6tuVkcx/IWYIfp7GdxayL1MeWqcy\nT6dV8epjeTGqhMHvgpzL8YN2UO1HQurC33QyQ2LtGaPwuOOwrxsDXg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyV00wYXQzdVh1Mnh5RzZ4\nbnNCSFM5QVNhcG5vQUdSd1VSUTFlZjFNV0FrCkEvbS9OYVZucEZmREVNTlo2VDVL\nZVRrRkJkZnIrQ2RhRXpBRXZjd0daVDQKLS0tIHVwcFJralBtT3J5TFd6bTR5Uk5S\nb2lEcVpmRWNoemhjUndBNXZsT2wxazQKSIRFTGhrtjd95Yq1ls9PvCr+mahlmFD4\nm9xeC8oX1JoV2SqocPfRKxFUjJjA09+bmikyjJx2nrza0o2wucvd8g==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-06-26T21:22:22Z", + "mac": "ENC[AES256_GCM,data:vZchrJpNviCfUYarQG6rZXB6pFAwZga5yGIZZEYCoqWBjTQqnUj5egOmRcjrIDH8YpW51Jo2iXLUg1qkGWfl7rEm7rZIOe6mueh/OSceftgUKtp20oC0YwWclo3Fm/XZAhk7TuzelCFT96gInmii2A9of5J1913g2h1lizs0nKU=,iv:nTVefHS/NZ+sQoPl6YI8YDQyZ7f+tv/B0VBzBt+4VaM=,tag:AdGB1xQa47DbwRu8WbauPg==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/genepi/gandi/gandi-token/users/rpqt b/vars/per-machine/genepi/gandi/gandi-token/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/genepi/gandi/gandi-token/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From a1b36e1bf3abce0cc6281658e2fa7af7c2377f41 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 26 Jun 2025 23:37:15 +0200 Subject: [PATCH 039/376] Update vars via generator freshrss for machine genepi --- .../freshrss-password/machines/genepi | 1 + .../genepi/freshrss/freshrss-password/secret | 19 +++++++++++++++++++ .../freshrss/freshrss-password/users/rpqt | 1 + 3 files changed, 21 insertions(+) create mode 120000 vars/per-machine/genepi/freshrss/freshrss-password/machines/genepi create mode 100644 vars/per-machine/genepi/freshrss/freshrss-password/secret create mode 120000 vars/per-machine/genepi/freshrss/freshrss-password/users/rpqt diff --git a/vars/per-machine/genepi/freshrss/freshrss-password/machines/genepi b/vars/per-machine/genepi/freshrss/freshrss-password/machines/genepi new file mode 120000 index 0000000..342fa08 --- /dev/null +++ b/vars/per-machine/genepi/freshrss/freshrss-password/machines/genepi @@ -0,0 +1 @@ +../../../../../../sops/machines/genepi \ No newline at end of file diff --git a/vars/per-machine/genepi/freshrss/freshrss-password/secret b/vars/per-machine/genepi/freshrss/freshrss-password/secret new file mode 100644 index 0000000..6025b79 --- /dev/null +++ b/vars/per-machine/genepi/freshrss/freshrss-password/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:onsK2gKcLjQq9o6af4+MOHSLrsbtAnRfOA==,iv:d8Ux7K8x9axBL5a7EljVyDuAXgmRRSKpzD/cPU4si9g=,tag:W9YgQ4843uhfS+h+qKry6g==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVcTZ6ckFyaFFiMDZ3bzVF\nNW9LRHp5NDVOWmVBL25JcDU0TDNDZWt2ZTNNCjVrM2MwWWJZdFpMTnE1ZXF0R1J1\nZFlSeFBxTWdhaGhrZVNBcjRSdThrTEUKLS0tIFN6ZHRaeDlnRnBzQm1zMzlOR3hR\nWEV2UUpHQkFCVHpKNjdSVEFzZThlbkUKfThsdJt7YNxQtpiU6h+iGuEHQwkyg9vd\nIlzTF/kJMij/a6z3fWFcYGJ7pqhYdHoAu/4S5jnWoQ8MSPbfmmdQLA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUnZiSUNlWWwzZHZzb2ZB\nWWZYc2JCUkdlNVNKY1hLZEQxSXU4aWJISFFjClQ4ejhwZi9MRjVHbFYzMS8xMmlM\nM2lTajIvcnFVSmJzWWI1eFRNTzNGTjAKLS0tIEhVYWlwMThIRGxtR2lSaVExc2xt\nMWdxV2Q1QmFlMDlNZ0wwUUlBT1BZb2MK6YRudnDLWq4L/XafPtRAwInZYEzkw3L0\n+6gvssgEtUnYgooMQmBeqMKdOgST+Y6CiBeM7CxzQuvBIVeAVQnx5g==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-06-26T21:37:15Z", + "mac": "ENC[AES256_GCM,data:eSt9+O86EVGQtvU2sSB0GBs+shBxYcyYI2QeEViuXsqRUSCz0KvnzODFySp1Qn+oaJPEGgvjhACrYHba6UekErFFRQ4C7Ji6zEkM+PhwJYLTgZU7uVQuqgcMrqPWMCJbZy2VFcQEr65FeCz1IYy8rvLpepWhURuGErz/fSJAl6M=,iv:FaWxJBJrDA2pp54R2G2TDRAC9hiSROw0WnxEUCFZI/Y=,tag:vQu01Rk4EV68MWm2tudVyw==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/genepi/freshrss/freshrss-password/users/rpqt b/vars/per-machine/genepi/freshrss/freshrss-password/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/genepi/freshrss/freshrss-password/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From 00926a5373cb9e8c97903e069c355979d9eb4182 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 27 Jun 2025 17:10:35 +0200 Subject: [PATCH 040/376] add python3 --- home-manager/dev.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home-manager/dev.nix b/home-manager/dev.nix index 637c423..589f49f 100644 --- a/home-manager/dev.nix +++ b/home-manager/dev.nix @@ -6,6 +6,7 @@ hut jujutsu nix-output-monitor + python3 radicle-node typescript-language-server nil # Nix language server From 61b13557fb6ed9cc493b20464871a53ba06a21ac Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 27 Jun 2025 17:11:42 +0200 Subject: [PATCH 041/376] enable userborn to fix password issues --- system/core/users.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/system/core/users.nix b/system/core/users.nix index e126c6c..effffbf 100644 --- a/system/core/users.nix +++ b/system/core/users.nix @@ -7,6 +7,8 @@ { users.mutableUsers = lib.mkDefault false; + services.userborn.enable = true; + users.users.rpqt = { isNormalUser = true; From 2b4eb2c966a2bdf14bcbc4eccda8963b667e1316 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 2 Jul 2025 20:18:27 +0200 Subject: [PATCH 042/376] Update vars via generator syncthing for machine haze --- .../haze/syncthing/cert/machines/haze | 1 + .../haze/syncthing/cert/users/rpqt | 1 + .../haze/syncthing/key/machines/haze | 1 + vars/per-machine/haze/syncthing/key/secret | 19 +++++++++++++++++++ .../per-machine/haze/syncthing/key/users/rpqt | 1 + 5 files changed, 23 insertions(+) create mode 120000 vars/per-machine/haze/syncthing/cert/machines/haze create mode 120000 vars/per-machine/haze/syncthing/cert/users/rpqt create mode 120000 vars/per-machine/haze/syncthing/key/machines/haze create mode 100644 vars/per-machine/haze/syncthing/key/secret create mode 120000 vars/per-machine/haze/syncthing/key/users/rpqt diff --git a/vars/per-machine/haze/syncthing/cert/machines/haze b/vars/per-machine/haze/syncthing/cert/machines/haze new file mode 120000 index 0000000..db9551a --- /dev/null +++ b/vars/per-machine/haze/syncthing/cert/machines/haze @@ -0,0 +1 @@ +../../../../../../sops/machines/haze \ No newline at end of file diff --git a/vars/per-machine/haze/syncthing/cert/users/rpqt b/vars/per-machine/haze/syncthing/cert/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/haze/syncthing/cert/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file diff --git a/vars/per-machine/haze/syncthing/key/machines/haze b/vars/per-machine/haze/syncthing/key/machines/haze new file mode 120000 index 0000000..db9551a --- /dev/null +++ b/vars/per-machine/haze/syncthing/key/machines/haze @@ -0,0 +1 @@ +../../../../../../sops/machines/haze \ No newline at end of file diff --git a/vars/per-machine/haze/syncthing/key/secret b/vars/per-machine/haze/syncthing/key/secret new file mode 100644 index 0000000..b26082d --- /dev/null +++ b/vars/per-machine/haze/syncthing/key/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:90/tAGBIuC+Lj2wrVYZ3o84marKKV232s/XGFrRl,iv:iA4X8eAxM5tggJQ1IF8VOr+zfG4W+86LBZ5v29JH2LM=,tag:/trUxtKeFA6kxX5BKz3u9Q==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcHNFZFZGSVF4UFRibVdF\nck1rMDRiclBwTzRETmNjQlYvZ01XWmtYMWkwCmdaaktjWS9idmZrWWNmMmc1VjZk\nNTJFVkUyanlyU0JmdExpNWRCOFFWS1kKLS0tIHhyV2haYzlRVExTNTJkMUtiUGlw\na3FlZ1BRTVQ1OWdHNnlwU0g4T3pobFUKp8xgjVMlHLTzym+MwFLZiHq/hHtBm9HY\n8o7UOpAnu/eVU4kvrr1dwGm2EbUu5WNj706CS+z7mmUdrck3NcRlhg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjeGtlZWdVV1c5N2p3Rnha\nTW1yeThXbVZscFU4RzlmMXIrUWlkN2tibjB3CmhkbGgyNzRndTc3SU9zYXloQXB0\nVkJFUUpGSU5samNZcFV1SjllNkdaYXcKLS0tIG9CU3krYmpqdUh0OUZVMjk4NkUw\ncjB6M0prQ3MrQXVNaVFKMGJ4OEh2V3MKmS2t86W/poio1LKABF/8nsea0y9Wyk09\n/StrwogKLX1jowxQaNl+KtzokGBsg2XouJUNIuedtXN60wUjTWjZXw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-07-02T18:18:27Z", + "mac": "ENC[AES256_GCM,data:EPeiD2r5x9wgvzKmA9UPS7USqy8DFU3Z1/xetWioxQISVZycW5QSuED1a4PxSVsJF85aydau8HwePNWoVBXAJK875yn+QOBZiykmQVSs/IZ3C9FtCeHdJR5Nb8ovyOMSC9d2gIrQrTl63u3864elk0tCwmnNeTNp0wozQL9KU3M=,iv:vPb2W6BCNj03YqQDFlq2nx8rjGHQtb1gYsQYNu8opCg=,tag:owFDAWwR0DYNUoO3Ls2XBQ==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/haze/syncthing/key/users/rpqt b/vars/per-machine/haze/syncthing/key/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/haze/syncthing/key/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From 1036ec9e2cebfe8a8cdb66a100a5100a498dcd35 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 17 Jul 2025 14:36:19 +0200 Subject: [PATCH 043/376] add nushell config --- home/.config/nushell/config.nu | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 home/.config/nushell/config.nu diff --git a/home/.config/nushell/config.nu b/home/.config/nushell/config.nu new file mode 100644 index 0000000..6ff67b6 --- /dev/null +++ b/home/.config/nushell/config.nu @@ -0,0 +1,9 @@ +alias ls = eza +alias ll = eza -l +alias lla = eza -la +alias h = hx +alias g = git + +# Load starship prompt +mkdir ($nu.data-dir | path join "vendor/autoload") +starship init nu | save -f ($nu.data-dir | path join "vendor/autoload/starship.nu") From be672dd092cc05e3cd8b21885ce94cc2c4c4b7cd Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 17 Jul 2025 14:36:59 +0200 Subject: [PATCH 044/376] add dotbot to link windows dots --- README.md | 8 ++++++++ dotbot/windows.yaml | 8 ++++++++ 2 files changed, 16 insertions(+) create mode 100644 dotbot/windows.yaml diff --git a/README.md b/README.md index e0a673f..769ab35 100644 --- a/README.md +++ b/README.md @@ -8,3 +8,11 @@ - **secrets**: Age-encrypted secrets shared between multiple hosts. Host-specific secrets are stored in their own directories. - **system**: Base NixOS modules shared among all hosts + +## Dotfiles + +### Linking with dotbotc (for windows) + +```sh +dotbot -c ./dotbot/windows.yaml -d home +``` diff --git a/dotbot/windows.yaml b/dotbot/windows.yaml new file mode 100644 index 0000000..1750fde --- /dev/null +++ b/dotbot/windows.yaml @@ -0,0 +1,8 @@ +- defaults: + link: + relink: true + +- link: + ~/AppData/Roaming/helix/config.toml: .config/helix/config.toml + ~/AppData/Roaming/jj/config.toml: .config/jj/config.toml + ~/AppData/Roaming/nushell/config.nu: .config/nushell/config.nu From 5c86ba4d612a04222272802174022fadc4d8d334 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 17 Jul 2025 19:54:37 +0200 Subject: [PATCH 045/376] Update vars via generator gitea-s3-storage for machine crocus --- .../gitea-env/machines/crocus | 1 + .../crocus/gitea-s3-storage/gitea-env/secret | 19 +++++++++++++++++++ .../gitea-s3-storage/gitea-env/users/rpqt | 1 + 3 files changed, 21 insertions(+) create mode 120000 vars/per-machine/crocus/gitea-s3-storage/gitea-env/machines/crocus create mode 100644 vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret create mode 120000 vars/per-machine/crocus/gitea-s3-storage/gitea-env/users/rpqt diff --git a/vars/per-machine/crocus/gitea-s3-storage/gitea-env/machines/crocus b/vars/per-machine/crocus/gitea-s3-storage/gitea-env/machines/crocus new file mode 120000 index 0000000..efe6fd0 --- /dev/null +++ b/vars/per-machine/crocus/gitea-s3-storage/gitea-env/machines/crocus @@ -0,0 +1 @@ +../../../../../../sops/machines/crocus \ No newline at end of file diff --git a/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret b/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret new file mode 100644 index 0000000..677a30e --- /dev/null +++ b/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:kxkKt0Hn2YXh5kZJb5lxBetvmQ0AFHXAV6wOhx0rVYA+gn5OestOkVZxkx7e3EmF8yAk1kUBqcv6xvOsbM0kh1Ckqs5BgFJAMP1gbwrPuQHvWRZHLdszSbwoy7W39QWbEXztv9M7XWZ7Y8tY,iv:izTt6Al4OHnAcAChKgu4EFYfa8I7abJ7YooYp2FPSeo=,tag:o8NOHZfR6Gabttl0o3qj6A==,type:str]", + "sops": { + "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOYUpZYlR4b0RpR2hUY04w\neHJhK1N6aE1NVE90ODRCSWhWRFdMNmxHV3k0CmV1UWJsTjR6NUs2NlhNVDMwcTFE\naU1DU3NkaHhVdUxqZFREdzZscTVqd1kKLS0tIGVod1dVd1hGYXBQYVRXNnliRTBM\nZTlOMHZ5Z1hJb1NycTNGZ0VTVmhHM1kK5qPiZ5nBW7kApV/4jqWTd6qb9ssJMKFL\nBR3j6ZLv3Lsxg3YUlVj4onf/gx5CRXTo3Y6l7UhvIXlyLDnabbs+Qw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzNmprdlAwWnNxUTlBVENN\nTVpXbFcxQUlBeHU2Ryt0RnRqM2tlditSZ2owCjdHQnpnamVxemF6MUF1MGFDa001\nR05QeGVtWWZDY1BITTFKeHpvM0liL1kKLS0tIHR1Y0xVVEpveEMzdmIzWWY5Z2JE\nSHdJVGhuMk5DektTc0ZMN3E0OVZNeEUK1dYygoWREai1jTDhtkbRpqEUrQltdpLN\nxa42uZILNT1cRj6zxT1eMkL+QgIreU7ME1JtOceKzOgaD+/OnPzqcw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-07-17T17:54:37Z", + "mac": "ENC[AES256_GCM,data:YmnOkbuWEt1oW3+fbt+fd6vEGB9auyUYYHjXbPLZVA0HeVEwUdN8CPhZfETes85//PrPgjNOsczaW70lGjBioNdxzsjKFijXu47c5jzxb/K4EP8qcJxSberAxVS45TWsGw8tj8ggGt3S8BYryZmWwfuASJi8UuyRK1XFNAm2sO8=,iv:4NK88DrWqUevtR50UZgPjzPB0J1GU4jTm8PAZZa5ATM=,tag:OVuPHs5bOWRpJ0mWXDSR6A==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/crocus/gitea-s3-storage/gitea-env/users/rpqt b/vars/per-machine/crocus/gitea-s3-storage/gitea-env/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/crocus/gitea-s3-storage/gitea-env/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From 9ba9797fc3f9214b5cde28baa40f06878cf618bc Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 17 Jul 2025 20:21:03 +0200 Subject: [PATCH 046/376] Update vars via generator gitea-s3-storage for machine crocus --- .../crocus/gitea-s3-storage/gitea-env/secret | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret b/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret index 677a30e..fbbc897 100644 --- a/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret +++ b/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:kxkKt0Hn2YXh5kZJb5lxBetvmQ0AFHXAV6wOhx0rVYA+gn5OestOkVZxkx7e3EmF8yAk1kUBqcv6xvOsbM0kh1Ckqs5BgFJAMP1gbwrPuQHvWRZHLdszSbwoy7W39QWbEXztv9M7XWZ7Y8tY,iv:izTt6Al4OHnAcAChKgu4EFYfa8I7abJ7YooYp2FPSeo=,tag:o8NOHZfR6Gabttl0o3qj6A==,type:str]", + "data": "ENC[AES256_GCM,data:yK6sTNh9h9bviiaRIPxNiOi+92eXtWgoO42KNH+8rUPngkbjA4rPsM74P0XucwTak0z5q5TebaKId+gcVh3Q0UMd5XlgvcGqciVsBQ3V/Etgf+UXFqD5Mm7uIglEVicKCuQzKd4we01lrWRzcbXSKAPTTDvbA8KB9NzlhjrHJRuUyOhkV6E=,iv:x9CS5YQXgH6Yat4iCvzUzMQC+HkrcusBMH958xLCN3c=,tag:GfqOisyav9IDnnp63yboMQ==,type:str]", "sops": { "age": [ { "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOYUpZYlR4b0RpR2hUY04w\neHJhK1N6aE1NVE90ODRCSWhWRFdMNmxHV3k0CmV1UWJsTjR6NUs2NlhNVDMwcTFE\naU1DU3NkaHhVdUxqZFREdzZscTVqd1kKLS0tIGVod1dVd1hGYXBQYVRXNnliRTBM\nZTlOMHZ5Z1hJb1NycTNGZ0VTVmhHM1kK5qPiZ5nBW7kApV/4jqWTd6qb9ssJMKFL\nBR3j6ZLv3Lsxg3YUlVj4onf/gx5CRXTo3Y6l7UhvIXlyLDnabbs+Qw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtQk1CaUZ1VzI5QzVUbWMr\nY2psS3YwUkEvbk1TZVVXaGZkWWUwZitBQjEwCkRKMkxCNU52ZGhYUnNTT0lBTVZs\nVmk3dk84N1NaTzRQWW9TVHN4QWFydlEKLS0tIFQ2eU9hdVpSZ2YxSmU4S0FvN2Zn\nV1RUejBDYWk5RlJEZDFVUUV2YTZmQU0KXgsFxWsBV/4J+Z47Uif5cXVE+0FU7swz\nUiygaT98iI6SZiSl2KbDJOxSYLG+3Z3oo5kXG9ieUFVOkn+TzSVrBw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzNmprdlAwWnNxUTlBVENN\nTVpXbFcxQUlBeHU2Ryt0RnRqM2tlditSZ2owCjdHQnpnamVxemF6MUF1MGFDa001\nR05QeGVtWWZDY1BITTFKeHpvM0liL1kKLS0tIHR1Y0xVVEpveEMzdmIzWWY5Z2JE\nSHdJVGhuMk5DektTc0ZMN3E0OVZNeEUK1dYygoWREai1jTDhtkbRpqEUrQltdpLN\nxa42uZILNT1cRj6zxT1eMkL+QgIreU7ME1JtOceKzOgaD+/OnPzqcw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcHkyL3NYYnRvTXJvczBS\nZ0FHRG1EY0RJSlJvcnE5bitwUSszWDEyWmpVCnV3MWlPcTE5TWhwNVZBL3RVbU9r\ndUhYcWY1L3NWNkx2WmF5T0FKbkFSWHMKLS0tIHpYOFhoenpvdDQ5ZUFSb24vVzVC\nd1ZwbzB0bTU5RnFqQnpsUDRaR09HY1kKmO4Wi8bw/+BBliKrybFUx/8R8VZF3Ppb\n3ThpPXclZVxnbV3LVAxEfALVfuiVGflC/kHePRg1I0qqZWA2i5ehaA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-07-17T17:54:37Z", - "mac": "ENC[AES256_GCM,data:YmnOkbuWEt1oW3+fbt+fd6vEGB9auyUYYHjXbPLZVA0HeVEwUdN8CPhZfETes85//PrPgjNOsczaW70lGjBioNdxzsjKFijXu47c5jzxb/K4EP8qcJxSberAxVS45TWsGw8tj8ggGt3S8BYryZmWwfuASJi8UuyRK1XFNAm2sO8=,iv:4NK88DrWqUevtR50UZgPjzPB0J1GU4jTm8PAZZa5ATM=,tag:OVuPHs5bOWRpJ0mWXDSR6A==,type:str]", + "lastmodified": "2025-07-17T18:21:03Z", + "mac": "ENC[AES256_GCM,data:tGacwZu639EkUW1uMNe4pxh9T/l3w9MNNOUTMDQbDRQ/q4yoOnt2YyV4j7XhyP+5tEV4oQPerkwXhZAKOZUwTFGJcn8QDNe938plSp9ZgM2pmMQQV3XHKmtIGCsyWS8HwXKwYRYnKkddZrO52kDVr0guESsS6Xe8UMTAHtSouBc=,iv:f2S+fxt0k4tp/pz1QENzps+5YT8LDphh/GHzpolFeRM=,tag:bOFL+bg8ahLsxJeNr132qQ==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } From 42c90d717ef0774e6df7c6f65ff999198e3a0354 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 17 Jul 2025 20:22:24 +0200 Subject: [PATCH 047/376] Update vars via generator gitea-s3-storage for machine crocus --- .../crocus/gitea-s3-storage/gitea-env/secret | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret b/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret index fbbc897..a97bfc1 100644 --- a/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret +++ b/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:yK6sTNh9h9bviiaRIPxNiOi+92eXtWgoO42KNH+8rUPngkbjA4rPsM74P0XucwTak0z5q5TebaKId+gcVh3Q0UMd5XlgvcGqciVsBQ3V/Etgf+UXFqD5Mm7uIglEVicKCuQzKd4we01lrWRzcbXSKAPTTDvbA8KB9NzlhjrHJRuUyOhkV6E=,iv:x9CS5YQXgH6Yat4iCvzUzMQC+HkrcusBMH958xLCN3c=,tag:GfqOisyav9IDnnp63yboMQ==,type:str]", + "data": "ENC[AES256_GCM,data:qQxra1Sj01ARmBtWYstbfZtIyWQ7wKblX5irTPkyPnX3HnLdZbUKgFdtQBeA+SHB1CQZt3Z1NOvyDbnKXIZqWcMLDOJct2T76L/b3HBMghUt4Le4TyULsbcmqFGnTSwOaAHwuKN1hgLCYAPlnU+4t7t9UuOyfS0cUwi26FnUQDZTSWjnSTOMwQ==,iv:Tn1Tmefw6IyZI+agUBqiinSfLEHD9ubRO/lGtRQTGgg=,tag:Uw9hxiMjRfyFdh9++g735A==,type:str]", "sops": { "age": [ { "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtQk1CaUZ1VzI5QzVUbWMr\nY2psS3YwUkEvbk1TZVVXaGZkWWUwZitBQjEwCkRKMkxCNU52ZGhYUnNTT0lBTVZs\nVmk3dk84N1NaTzRQWW9TVHN4QWFydlEKLS0tIFQ2eU9hdVpSZ2YxSmU4S0FvN2Zn\nV1RUejBDYWk5RlJEZDFVUUV2YTZmQU0KXgsFxWsBV/4J+Z47Uif5cXVE+0FU7swz\nUiygaT98iI6SZiSl2KbDJOxSYLG+3Z3oo5kXG9ieUFVOkn+TzSVrBw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtbmM1MHJKV3liU0VIU2Jk\nTzJIM2pVVHpiQ2dxamQ3ZWcrcm1mcjFxM2hvCkMrdEQwOEdOV3BvUFF1S0NHYTRX\nTWt2NUE2U3VFckR1R0E3eWFES0JRVVEKLS0tIHY4TG1ZSWpVSDI0ZW5OenRxeDl3\nK01wUk1jQ2RtVFc1Z29rWXovY0hNUUUK8so+NbFGxp5xeJu/sMObxdKQ0DvsxJ/S\nQt870UTnNolsNfwnpVhjEfgpAKj4Xt19ldoqv/de13EV5lbGrmhYLQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcHkyL3NYYnRvTXJvczBS\nZ0FHRG1EY0RJSlJvcnE5bitwUSszWDEyWmpVCnV3MWlPcTE5TWhwNVZBL3RVbU9r\ndUhYcWY1L3NWNkx2WmF5T0FKbkFSWHMKLS0tIHpYOFhoenpvdDQ5ZUFSb24vVzVC\nd1ZwbzB0bTU5RnFqQnpsUDRaR09HY1kKmO4Wi8bw/+BBliKrybFUx/8R8VZF3Ppb\n3ThpPXclZVxnbV3LVAxEfALVfuiVGflC/kHePRg1I0qqZWA2i5ehaA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhRjA1Skt4eUJPcC9DUk9O\nQVY4dzFlemdWSk9pdGplWjlNcnFtcGxRNUZRCnZHWjRKS2RTWTBXM2g0bThybUVG\nbVNCdUxabzRVaTJtNzgvZi92OHRQdXcKLS0tIFVKWVNWbjMraHBtWCs2dUhFdjRm\nL09PbmN2Uk5jT3BYWm1nd2MycDVxS1kKbotsQoswTN3cSvJJaHRnleVoFBQ/vNPD\nefRqd+fuwTOHDsYg+PrOFlWYHCm04Eh9d1oe1LZR7OJKlJPUhLfuZw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-07-17T18:21:03Z", - "mac": "ENC[AES256_GCM,data:tGacwZu639EkUW1uMNe4pxh9T/l3w9MNNOUTMDQbDRQ/q4yoOnt2YyV4j7XhyP+5tEV4oQPerkwXhZAKOZUwTFGJcn8QDNe938plSp9ZgM2pmMQQV3XHKmtIGCsyWS8HwXKwYRYnKkddZrO52kDVr0guESsS6Xe8UMTAHtSouBc=,iv:f2S+fxt0k4tp/pz1QENzps+5YT8LDphh/GHzpolFeRM=,tag:bOFL+bg8ahLsxJeNr132qQ==,type:str]", + "lastmodified": "2025-07-17T18:22:24Z", + "mac": "ENC[AES256_GCM,data:RzLGtZv4C1Aj7+pAZ2y4SzpnoDYW91t89v7liJuLD2VyzadTc73O01Ks/AYJ6UfxdpK9KkXaHvfI/fiOGOw0512elIwbMa1I3Da3aqJpoUslXL64O+W5L40AH9pOpvCwO1bVfRLRgGxuMhKlt8bsrC0FwoM2jYcfZ8slwaRuclo=,iv:zoVWkcytWhamnqZI707EGIkQEOCliKoRTGdb0WfUK5M=,tag:tOeOpiCqLRcLVWCHwO/7hA==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } From 43e7880f6d091824f601119570cb09bab481fd4b Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 17 Jul 2025 20:25:53 +0200 Subject: [PATCH 048/376] Update vars via generator gitea-s3-storage for machine crocus --- .../crocus/gitea-s3-storage/gitea-env/secret | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret b/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret index a97bfc1..36ab217 100644 --- a/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret +++ b/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:qQxra1Sj01ARmBtWYstbfZtIyWQ7wKblX5irTPkyPnX3HnLdZbUKgFdtQBeA+SHB1CQZt3Z1NOvyDbnKXIZqWcMLDOJct2T76L/b3HBMghUt4Le4TyULsbcmqFGnTSwOaAHwuKN1hgLCYAPlnU+4t7t9UuOyfS0cUwi26FnUQDZTSWjnSTOMwQ==,iv:Tn1Tmefw6IyZI+agUBqiinSfLEHD9ubRO/lGtRQTGgg=,tag:Uw9hxiMjRfyFdh9++g735A==,type:str]", + "data": "ENC[AES256_GCM,data:wBy2Wnl6B1LlR3AUeHIqFMggO5vTAEooWyLCG3VYvkeT3gul6HXF9ZlOPRIPZ3AjpiTOGbj52veSGqnQET+WFTZLyXLfsJOti0GufgtFhRZuJmEiHX0oiui/Z3GndCVr+I/VFS6aaNT32V4HAPbVz0Q64jsO2rDaIzL5pFm054De4F9CeCYh,iv:3ytJJQOoUHYISiM+hmKCUTTkeCAPjep0zux3ghNhI3E=,tag:Mh7eNev0URN0zdLtNDKayw==,type:str]", "sops": { "age": [ { "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtbmM1MHJKV3liU0VIU2Jk\nTzJIM2pVVHpiQ2dxamQ3ZWcrcm1mcjFxM2hvCkMrdEQwOEdOV3BvUFF1S0NHYTRX\nTWt2NUE2U3VFckR1R0E3eWFES0JRVVEKLS0tIHY4TG1ZSWpVSDI0ZW5OenRxeDl3\nK01wUk1jQ2RtVFc1Z29rWXovY0hNUUUK8so+NbFGxp5xeJu/sMObxdKQ0DvsxJ/S\nQt870UTnNolsNfwnpVhjEfgpAKj4Xt19ldoqv/de13EV5lbGrmhYLQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIN2FNUzF6VVJNa01vNFFk\nQUhiT2E1emlZQ2J2ZlV6RktTalpEMW0wQUZRCmUyRGgwbXZiUjZVRW1janMxZGJ5\nRjlucTllKzZSbkJiZW54UUVCZkpuSG8KLS0tIFhxdkkrQXRmaEM1bzJKQmJJUVg4\nU1NIaXhBSVBwZkttR29GR0J3RVhGT1UKQfYnt0G+zCPZUy+xy8vTVBmpKLvx0LTx\ngBIYJ2YQE0se1Ba9onxvjiY4EqvBBI7dB9+DGqxwJdkvMih19tP3Pw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhRjA1Skt4eUJPcC9DUk9O\nQVY4dzFlemdWSk9pdGplWjlNcnFtcGxRNUZRCnZHWjRKS2RTWTBXM2g0bThybUVG\nbVNCdUxabzRVaTJtNzgvZi92OHRQdXcKLS0tIFVKWVNWbjMraHBtWCs2dUhFdjRm\nL09PbmN2Uk5jT3BYWm1nd2MycDVxS1kKbotsQoswTN3cSvJJaHRnleVoFBQ/vNPD\nefRqd+fuwTOHDsYg+PrOFlWYHCm04Eh9d1oe1LZR7OJKlJPUhLfuZw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTWDRyMC94Q0N4b3pPVzZw\nMWpvb1ZXbzFITERvbTBWenRJRnVkRExOSUVzCkk0TkdFWWdXZEJGMlE1M2FXR29T\nWEN3dDdZSm1ERDV2eTdCTlpBNDlsZmMKLS0tIGhBNEFURXM1ZW1MNDJtYkpneEZV\nM3FXbU5yMTRWNUUwQnFiTUFZNW4zOEUK7Pf1PNhQv+1oTf4rMmp3f5oNeUUOO9bi\nQef8uelddmG02nf9anuKnUezz17MpoXmpHgxfpnqYsTscZoRssBn7Q==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-07-17T18:22:24Z", - "mac": "ENC[AES256_GCM,data:RzLGtZv4C1Aj7+pAZ2y4SzpnoDYW91t89v7liJuLD2VyzadTc73O01Ks/AYJ6UfxdpK9KkXaHvfI/fiOGOw0512elIwbMa1I3Da3aqJpoUslXL64O+W5L40AH9pOpvCwO1bVfRLRgGxuMhKlt8bsrC0FwoM2jYcfZ8slwaRuclo=,iv:zoVWkcytWhamnqZI707EGIkQEOCliKoRTGdb0WfUK5M=,tag:tOeOpiCqLRcLVWCHwO/7hA==,type:str]", + "lastmodified": "2025-07-17T18:25:53Z", + "mac": "ENC[AES256_GCM,data:MVLrKe0kjy/29u1ijCCT+phJqRXhuc8u4DDL/6itOLt2L4Xixy1BKZ0vy4rtTEUs69JhovokOMdxtZXZ7W4A84tm7e5Yvn7rIqqoAWanVAlFVAZ1YQAGgdhudb+Cz/wUXdma1p73aa8yrQT46TbisGij61C5iNjkctf3AO+0oMU=,iv:9W2e5OLkkXK3N2vzsRORGT+Fp5htXHpSFw829UW9P5g=,tag:zlqoWhToQdUesnS8mY6yzg==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } From 95e1765944d248a5ec272f9a3d279c5a7d93c63d Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 17 Jul 2025 21:36:54 +0200 Subject: [PATCH 049/376] Update vars via generator gitea-s3-storage for machine crocus --- .../crocus/gitea-s3-storage/gitea-env/secret | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret b/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret index 36ab217..d80bcc5 100644 --- a/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret +++ b/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:wBy2Wnl6B1LlR3AUeHIqFMggO5vTAEooWyLCG3VYvkeT3gul6HXF9ZlOPRIPZ3AjpiTOGbj52veSGqnQET+WFTZLyXLfsJOti0GufgtFhRZuJmEiHX0oiui/Z3GndCVr+I/VFS6aaNT32V4HAPbVz0Q64jsO2rDaIzL5pFm054De4F9CeCYh,iv:3ytJJQOoUHYISiM+hmKCUTTkeCAPjep0zux3ghNhI3E=,tag:Mh7eNev0URN0zdLtNDKayw==,type:str]", + "data": "ENC[AES256_GCM,data:yvUPehA2IlYG/G8GIvLDElv8r4awe4kPbRtJRLonjrEl6kV6Qzps9Nw3Um3yVw38azTT9vgD0abLz7inM5Gp0QwiRxk4+06o/+aoDw7FScB+e/pZJkxpigy/061K7g60rJ26QTl36eURtFRM2nHM5F0i7rgsivF+UmYSjLGobwGABNN5rEaqLvG85YSlBHoOBNjuUFb9E1kyQe7TALW9voBb8ZDK3t4=,iv:TNio+GD8YE2hiS+oGD/pE5klOdkEuvmG4VnoiqBlZ8M=,tag:MWyjYsMvY45Qdu8opPe+7g==,type:str]", "sops": { "age": [ { "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIN2FNUzF6VVJNa01vNFFk\nQUhiT2E1emlZQ2J2ZlV6RktTalpEMW0wQUZRCmUyRGgwbXZiUjZVRW1janMxZGJ5\nRjlucTllKzZSbkJiZW54UUVCZkpuSG8KLS0tIFhxdkkrQXRmaEM1bzJKQmJJUVg4\nU1NIaXhBSVBwZkttR29GR0J3RVhGT1UKQfYnt0G+zCPZUy+xy8vTVBmpKLvx0LTx\ngBIYJ2YQE0se1Ba9onxvjiY4EqvBBI7dB9+DGqxwJdkvMih19tP3Pw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvanZmUDZnRkVWOHQrcEly\nY0E2eUpheDhmZGFJU3NkaC8vOVRRb3dZT1JBCkZ4Q1NpTUVPdHREUWkyeU1weC95\nVTV6SVFyT1BiSXkvNng5ZHZRc1p0aDgKLS0tIHJkNWxnQVJIMkxqR2FWZjRQcllz\nb3loRE9oWmRrOHNPdlE0KzQ3NzNxVVkKO6KkWQnRQejpUv5zG0xeDZjkAnlIMRU0\n+2/Hu3gzyC4cpDsZgqQeYPQ7y1N/n21bEmB63+mEKbwdZ/mSKtLerw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTWDRyMC94Q0N4b3pPVzZw\nMWpvb1ZXbzFITERvbTBWenRJRnVkRExOSUVzCkk0TkdFWWdXZEJGMlE1M2FXR29T\nWEN3dDdZSm1ERDV2eTdCTlpBNDlsZmMKLS0tIGhBNEFURXM1ZW1MNDJtYkpneEZV\nM3FXbU5yMTRWNUUwQnFiTUFZNW4zOEUK7Pf1PNhQv+1oTf4rMmp3f5oNeUUOO9bi\nQef8uelddmG02nf9anuKnUezz17MpoXmpHgxfpnqYsTscZoRssBn7Q==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKR1orQjhtUll3NTFaR2Va\nZnk0V2FMaTE3MHlIUnMyd1VzL3lDQStEcDNnCmNaODN5cDRuRG8vZ3k4WlYySmpZ\nWUlPc0Z2dzBlVGt1TnliVWFkRnZEYTgKLS0tIEJKWVVPMkpTYzVhWU51dWNLM1I0\nVXNLQ2hEU2tVNGVub29zS2VsYzAxT28KiNpcaQC8sQ1bN4WCWDIP2acs+DpGZSD4\nVNb0fxNPE33sbuQ4u6NfuGt5TxZjPkcFns14kEs2nZdA+jSHDcwaDQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-07-17T18:25:53Z", - "mac": "ENC[AES256_GCM,data:MVLrKe0kjy/29u1ijCCT+phJqRXhuc8u4DDL/6itOLt2L4Xixy1BKZ0vy4rtTEUs69JhovokOMdxtZXZ7W4A84tm7e5Yvn7rIqqoAWanVAlFVAZ1YQAGgdhudb+Cz/wUXdma1p73aa8yrQT46TbisGij61C5iNjkctf3AO+0oMU=,iv:9W2e5OLkkXK3N2vzsRORGT+Fp5htXHpSFw829UW9P5g=,tag:zlqoWhToQdUesnS8mY6yzg==,type:str]", + "lastmodified": "2025-07-17T19:36:54Z", + "mac": "ENC[AES256_GCM,data:MkpTvxi2uVvRurWYZvDhsMm7fOJjO7mAqKQLwd3uxexg/4n41RiiknB9M8vDp4/oVIiXuQAvd870vFamf8hFvGW3ynSqJ6JntqDjsmyoZ9nFmo57YgqmEjFXjmsAcwcDpcndwahkdZJNluXCAWIk811R3ahMc8KWQxqkc0f7a6c=,iv:jjyBxliNvAQj5wWBAKuCK0zNjN6vpe4t10vdlrEdqo0=,tag:y/Xm861aTReLBG/Bz7YJCA==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } From 79304f83c60ee8ce18389375c6e0fb75be2290f1 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 17 Jul 2025 23:40:26 +0200 Subject: [PATCH 050/376] add garage to devshell --- devShells/flake-module.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/devShells/flake-module.nix b/devShells/flake-module.nix index 10ee6cb..69acae0 100644 --- a/devShells/flake-module.nix +++ b/devShells/flake-module.nix @@ -10,6 +10,7 @@ packages = [ inputs'.agenix.packages.default inputs'.clan-core.packages.clan-cli + pkgs.garage pkgs.nil # Nix language server pkgs.nixfmt-rfc-style pkgs.opentofu @@ -17,8 +18,9 @@ pkgs.deploy-rs pkgs.zsh ]; - shellhook = '' - exec zsh + shellHook = '' + export GARAGE_RPC_SECRET=$(clan vars get crocus garage-shared/rpc_secret) + export GARAGE_RPC_HOST=5d8249fe49264d36bc3532bd88400498bf9497b5cd4872245eb820d5d7797ed6@crocus.home.rpqt.fr:3901 ''; }; }; From 93fe2bbf5a850e61d18878bc1906c7589924c300 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 17 Jul 2025 23:46:40 +0200 Subject: [PATCH 051/376] add gitea --- flake.nix | 1 + machines/crocus/configuration.nix | 1 + modules/flake-module.nix | 7 ++++ modules/gitea.nix | 69 +++++++++++++++++++++++++++++++ 4 files changed, 78 insertions(+) create mode 100644 modules/flake-module.nix create mode 100644 modules/gitea.nix diff --git a/flake.nix b/flake.nix index 6acd2d1..7c34515 100644 --- a/flake.nix +++ b/flake.nix @@ -20,6 +20,7 @@ ./devShells/flake-module.nix ./machines/flake-module.nix + ./modules/flake-module.nix ]; systems = [ diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix index 49fcce0..6adc61e 100644 --- a/machines/crocus/configuration.nix +++ b/machines/crocus/configuration.nix @@ -13,6 +13,7 @@ ../../modules/remote-builder.nix ../../modules/borgbackup.nix ./topology.nix + self.nixosModules.gitea ]; nixpkgs.hostPlatform = "x86_64-linux"; diff --git a/modules/flake-module.nix b/modules/flake-module.nix new file mode 100644 index 0000000..56fad3f --- /dev/null +++ b/modules/flake-module.nix @@ -0,0 +1,7 @@ +{ + flake.nixosModules = { + gitea.imports = [ + ./gitea.nix + ]; + }; +} diff --git a/modules/gitea.nix b/modules/gitea.nix new file mode 100644 index 0000000..41a0749 --- /dev/null +++ b/modules/gitea.nix @@ -0,0 +1,69 @@ +{ config, ... }: +{ + services.gitea = { + enable = true; + lfs.enable = true; + + settings = { + # storage = { + # }; + + server = { + ROOT_URL = "https://git.turifer.dev"; + DOMAIN = "git.turifer.dev"; + }; + + session.PROVIDER = "db"; + session.COOKIE_SECURE = true; + + service.DISABLE_REGISTRATION = true; + + # Create a repository by pushing to it + repository.ENABLE_PUSH_CREATE_USER = true; + }; + }; + + systemd.services.gitea.serviceConfig = { + EnvironmentFile = config.clan.core.vars.generators.gitea-s3-storage.files.gitea-env.path; + }; + + systemd.services.gitea.environment = { + GITEA__storage__STORAGE_TYPE = "minio"; + GITEA__storage__MINIO_ENDPOINT = "localhost:3900"; + GITEA__storage__MINIO_BUCKET = "gitea"; + GITEA__storage__MINIO_LOCATION = "garage"; + GITEA__storage__MINIO_USE_SSL = "false"; + }; + + clan.core.vars.generators.gitea-s3-storage = { + prompts.access-key-id = { + description = "s3 access key id"; + type = "line"; + }; + prompts.access-key-secret = { + description = "s3 access key secret"; + type = "hidden"; + }; + files.gitea-env = { + secret = true; + }; + script = '' + printf %s "GITEA__storage__MINIO_ACCESS_KEY_ID=" >> $out/gitea-env + cat $prompts/access-key-id >> $out/gitea-env + printf "\n%s" "GITEA__storage__MINIO_SECRET_ACCESS_KEY=" >> $out/gitea-env + cat $prompts/access-key-secret >> $out/gitea-env + ''; + }; + + services.nginx.virtualHosts."git.turifer.dev" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${builtins.toString (config.services.gitea.settings.server.HTTP_PORT)}"; + }; + }; + + security.acme.certs."git.turifer.dev" = { + email = "admin@turifer.dev"; + }; +} From 1493d2ec0b8ead69e560322cc9e7472cfcca4392 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 17 Jul 2025 23:49:28 +0200 Subject: [PATCH 052/376] update terraform hcloud provider --- infra/.terraform.lock.hcl | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/infra/.terraform.lock.hcl b/infra/.terraform.lock.hcl index 03dfad9..3f60a81 100644 --- a/infra/.terraform.lock.hcl +++ b/infra/.terraform.lock.hcl @@ -22,23 +22,23 @@ provider "registry.opentofu.org/go-gandi/gandi" { } provider "registry.opentofu.org/hetznercloud/hcloud" { - version = "1.49.1" + version = "1.51.0" constraints = "~> 1.45" hashes = [ - "h1:FKGRNHVbcfQJd8EWrb8Ze5QHkaGr8zI+ZKxBMjvOwPk=", - "zh:3d5f9773da4f8203cf625d04a5a0e4ff7e202684c010a801a945756140c61cde", - "zh:446305d492017cda91e5c15122ec16ff15bfe3ef4d3fd6bcea0cdf7742ab1b86", - "zh:44d4f9156ed8b4f0444bd4dc456825940be49048828565964a192286d28c9f20", - "zh:492ad893d2f89bb17c9beb877c8ceb4a16caf39db1a79030fefeada6c7aa217f", - "zh:68dc552c19ad9d209ec6018445df6e06fb77a637513a53cc66ddce1b024082be", - "zh:7492495ffda6f6c49ab38b539bd2eb965b1150a63fb6b191a27dec07d17601cb", - "zh:850fe92005981ea00db86c3e49ba5b49732fdf1f7bd5530a68f6e272847059fc", - "zh:8cb67f744c233acfb1d68a6c27686315439d944edf733b95f113b4aa63d86713", - "zh:8e13dac46e8c2497772ed1baee701b1d1c26bcc95a63b5c4566c83468f504868", - "zh:c44249c6a8ba931e208a334792686b5355ab2da465cadea03c1ea8e73c02db12", - "zh:d103125a28a85c89aea0cb0c534fe3f504416c4d4fc75c37364b9ec5f66dd77d", - "zh:ed8f64e826aa9bfca95b72892271678cb78411b40d7b404a52404141e05a4ab1", - "zh:f40efad816de00b279bd1e2cbf62c76b0e5b2da150a0764f259984b318e30945", - "zh:f5e912d0873bf4ecc43feba4ceccdf158048080c76d557e47f34749139fdd452", + "h1:yER+O3OKYfxBAO7KVYZzH+4EYrmorCO0J0hlnRUfH00=", + "zh:0e8e78084c12866e8e3873011bcac125780b62afeaa518d4749b9a063ae6e32b", + "zh:145738cee21bcdeea1cf82f0d44f7f239c27c2214249e5e5079668c479522a8a", + "zh:164406be8ee83952f58a449d514837cc6d9763b6d29e72262d5582d5d5b89315", + "zh:1a0e6ffab3196b35ca65eb445622615bb8dddd68d0bf350ed60d25e1e74f67dc", + "zh:3b7729d1bb5cc7a5af60b42a607f7b3fec690192b1efb55e2341cee88405ecb0", + "zh:3bcfc5c40d1b7702f39dac5d2dd9eef58c9c934effb4676e26fbe85fe2057e8f", + "zh:3ce193892dca025b804de6d99316c50a33462eb36336006a9db7ea44be439eba", + "zh:4f92437e1eba8eafe4417f8b61d557ed47f121622305ee2b3c13c31e45c69ca4", + "zh:554c308bf64b603a075a8f13a151a136b68ba382c2d83977a0df26de7dea2d3d", + "zh:8c57aa6032fed5da43a0102a4f26262c0496803b99f2f92e5ceb02c80161e291", + "zh:99cd4d246d0ad3a3529176df22a47f254700f8c4fc33f62c14464259284945b7", + "zh:af38a4d1e93f2392a296970ba4ecea341204e888d579cd74642e9f23a94b3b06", + "zh:f0766d42dd97b3eac6fa614fa5809ff2511c9104f3834d0d4b6e84674f13f092", + "zh:f20f7379876ede225f3b6f0719826706a171ea4c1dd438a8a3103dee8fe43ccc", ] } From ee84c83582b12b9aaa007e231e677d5d7ba97096 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 17 Jul 2025 23:52:12 +0200 Subject: [PATCH 053/376] setup dns for turifer.dev mail --- infra/.terraform.lock.hcl | 22 ++++++++++++++++++++++ infra/dns.tf | 9 +++++++++ infra/main.tf | 4 ++++ infra/providers.tf | 6 ++++++ infra/turifer.dev.zone | 18 ++++++++++++++++++ infra/variables.tf | 8 ++++++++ 6 files changed, 67 insertions(+) create mode 100644 infra/turifer.dev.zone diff --git a/infra/.terraform.lock.hcl b/infra/.terraform.lock.hcl index 3f60a81..2ef5f5a 100644 --- a/infra/.terraform.lock.hcl +++ b/infra/.terraform.lock.hcl @@ -42,3 +42,25 @@ provider "registry.opentofu.org/hetznercloud/hcloud" { "zh:f20f7379876ede225f3b6f0719826706a171ea4c1dd438a8a3103dee8fe43ccc", ] } + +provider "registry.opentofu.org/ovh/ovh" { + version = "2.5.0" + constraints = "2.5.0" + hashes = [ + "h1:CrmFEWjczVhLWc2qzOktKSu8Q0U78uV8fnSHo54lMQg=", + "zh:1a11c3bc191c3417b41af5c56a66ac7071980f7babb390096b43aab3ac60fe7c", + "zh:1d46fa7c37468becb01d117463838f694a093e58a9b7d28347db2c377933db76", + "zh:22b83b15e878a9627477fe49e03dada3f4cd4357cb91cdb621394da690238542", + "zh:316541fc8bbf2fe14f4a484d878c63e4b949bd21a352e0ebf60d4848c96a338e", + "zh:50e72847a4b1d532e7abd5669408832ac1b49dcfda266378b8e2419d97f0f49a", + "zh:7582c8630edb3e83642e7a4b06fababeaf4833ce622c71220c38724d0e0231af", + "zh:a26714d6bd8e04acbbc94c708b151405c4b6fc20dc7060e0daef8395f1bb9ce0", + "zh:aa8be95462c5ca909c923cc3d44636eccc71cb25b51572fe7e2f68bc93c57612", + "zh:b520c0661c514586b2aa3105c4345eda4d34ef08b62fda2cc20a2bcb8cb88ab2", + "zh:be8125f1b6bc8aa93441ec9dd96db5f49d21b4dcc100c13028404b461da545c9", + "zh:c6aab9b6b04fa8483aa10c194eaab8e4a1fbffc64ad495f5027d496e5b2da214", + "zh:d537d85afc71c51d86b1031586c619c503df9462e0240d94984bc32273a03df2", + "zh:eaa9f41d33fa7731c4a937e80554a1b6b2042d273705e4c8fc983ba251193206", + "zh:f0d085065a0ada787ad080ddd6e7c646b8ca3a351712961de735d18c9d59af7c", + ] +} diff --git a/infra/dns.tf b/infra/dns.tf index b28e757..3dc6b1a 100644 --- a/infra/dns.tf +++ b/infra/dns.tf @@ -21,3 +21,12 @@ resource "gandi_livedns_record" "rpqt_fr_radicle_aaaa" { hcloud_server.crocus_server.ipv6_address, ] } + +data "ovh_domain_zone" "turifer_dev" { + name = "turifer.dev" +} + +resource "ovh_domain_zone_import" "turifer_dev_import" { + zone_name = "turifer.dev" + zone_file = file("./turifer.dev.zone") +} diff --git a/infra/main.tf b/infra/main.tf index 15453d9..d8a499c 100644 --- a/infra/main.tf +++ b/infra/main.tf @@ -8,5 +8,9 @@ terraform { source = "hetznercloud/hcloud" version = "~> 1.45" } + ovh = { + source = "ovh/ovh" + version = "2.5.0" + } } } diff --git a/infra/providers.tf b/infra/providers.tf index d8d6d9b..440f8e8 100644 --- a/infra/providers.tf +++ b/infra/providers.tf @@ -5,3 +5,9 @@ provider "gandi" { provider "hcloud" { token = var.hcloud_token } + +provider "ovh" { + endpoint = "ovh-eu" + client_id = var.ovh_client_id + client_secret = var.ovh_client_secret +} diff --git a/infra/turifer.dev.zone b/infra/turifer.dev.zone new file mode 100644 index 0000000..08e15b1 --- /dev/null +++ b/infra/turifer.dev.zone @@ -0,0 +1,18 @@ +$TTL 3600 +@ IN SOA dns100.ovh.net. tech.ovh.net. (2025071505 86400 3600 3600000 60) + IN NS dns100.ovh.net. + IN NS ns100.ovh.net. + +turifer.dev. 3000 IN TXT "hosted-email-verify=k5z4lcfc" +turifer.dev. 3000 IN MX 10 aspmx1.migadu.com. +turifer.dev. 3000 IN MX 20 aspmx2.migadu.com. +turifer.dev. 3000 IN TXT "v=spf1 include:spf.migadu.com -all" +key1._domainkey.turifer.dev. 3000 IN CNAME key1.turifer.dev._domainkey.migadu.com. +key2._domainkey.turifer.dev. 3000 IN CNAME key2.turifer.dev._domainkey.migadu.com. +key3._domainkey.turifer.dev. 3000 IN CNAME key3.turifer.dev._domainkey.migadu.com. +_dmarc.turifer.dev. 3000 IN TXT "v=DMARC1; p=quarantine;" +autoconfig.turifer.dev. 3000 IN CNAME autoconfig.migadu.com. +_autodiscover._tcp.turifer.dev. 3000 IN SRV 0 1 443 autodiscover.migadu.com. +_submissions._tcp.turifer.dev. 3000 IN SRV 0 1 465 smtp.migadu.com. +_imaps._tcp.turifer.dev. 3000 IN SRV 0 1 993 imap.migadu.com. +_pop3s._tcp.turifer.dev. 3000 IN SRV 0 1 995 pop.migadu.com. diff --git a/infra/variables.tf b/infra/variables.tf index 3bc7123..ff53bd1 100644 --- a/infra/variables.tf +++ b/infra/variables.tf @@ -5,3 +5,11 @@ variable "gandi_token" { variable "hcloud_token" { sensitive = true } + +variable "ovh_client_id" { + sensitive = true +} + +variable "ovh_client_secret" { + sensitive = true +} From fc79110d91d0af4e5e912b99a9115355ea3b16e7 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 17 Jul 2025 23:52:57 +0200 Subject: [PATCH 054/376] add git.turifer.dev dns records --- infra/turifer.dev.zone | 3 +++ 1 file changed, 3 insertions(+) diff --git a/infra/turifer.dev.zone b/infra/turifer.dev.zone index 08e15b1..61b4d64 100644 --- a/infra/turifer.dev.zone +++ b/infra/turifer.dev.zone @@ -16,3 +16,6 @@ _autodiscover._tcp.turifer.dev. 3000 IN SRV 0 1 443 autodiscover.migadu.com. _submissions._tcp.turifer.dev. 3000 IN SRV 0 1 465 smtp.migadu.com. _imaps._tcp.turifer.dev. 3000 IN SRV 0 1 993 imap.migadu.com. _pop3s._tcp.turifer.dev. 3000 IN SRV 0 1 995 pop.migadu.com. + +git.turifer.dev. 10800 IN A 167.235.28.141 +git.turifer.dev. 10800 IN AAAA 2a01:4f8:1c1e:e415::1 From 88f095143c38297e579554f6aee8fd54987c3fb2 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 17 Jul 2025 23:53:45 +0200 Subject: [PATCH 055/376] update flake inputs --- flake.lock | 88 +++++++++++++++++++++++++++--------------------------- 1 file changed, 44 insertions(+), 44 deletions(-) diff --git a/flake.lock b/flake.lock index 96fbf1a..7d80166 100644 --- a/flake.lock +++ b/flake.lock @@ -41,11 +41,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1750349689, - "narHash": "sha256-8cB/oDC6fb2pErnESzpwLSLGC8JQZLpBe2x6xIPZIIg=", + "lastModified": 1752082801, + "narHash": "sha256-iQ3X5yWGvEYIJRfajgpjhC0aqjPmlC1kf6wOQOWZP+8=", "ref": "refs/heads/main", - "rev": "4c0ad55e35bc2b1c07f69e2642d9b3bf1c0b4de6", - "revCount": 7721, + "rev": "1cb1c53dfd131f1250640ee6e2a41d4ab1cf09ce", + "revCount": 8294, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -96,11 +96,11 @@ ] }, "locked": { - "lastModified": 1750183842, - "narHash": "sha256-znYkJ+9GUNQCmFtEhGvMRZPRP3fdGmbiuTyyrJRKUGA=", - "rev": "cb75111e4c99c7a960cfdd0d743f75663e36cbfa", + "lastModified": 1751846468, + "narHash": "sha256-h0mpWZIOIAKj4fmLNyI2HDG+c0YOkbYmyJXSj/bQ9s0=", + "rev": "a2166c13b0cb3febdaf36391cd2019aa2ccf4366", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/cb75111e4c99c7a960cfdd0d743f75663e36cbfa.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/a2166c13b0cb3febdaf36391cd2019aa2ccf4366.tar.gz" }, "original": { "type": "tarball", @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1750040002, - "narHash": "sha256-KrC9iOVYIn6ukpVlHbqSA4hYCZ6oDyJKrcLqv4c5v84=", + "lastModified": 1751854533, + "narHash": "sha256-U/OQFplExOR1jazZY4KkaQkJqOl59xlh21HP9mI79Vc=", "owner": "nix-community", "repo": "disko", - "rev": "7f1857b31522062a6a00f88cbccf86b43acceed1", + "rev": "16b74a1e304197248a1bc663280f2548dbfcae3c", "type": "github" }, "original": { @@ -156,11 +156,11 @@ ] }, "locked": { - "lastModified": 1750040002, - "narHash": "sha256-KrC9iOVYIn6ukpVlHbqSA4hYCZ6oDyJKrcLqv4c5v84=", + "lastModified": 1751854533, + "narHash": "sha256-U/OQFplExOR1jazZY4KkaQkJqOl59xlh21HP9mI79Vc=", "owner": "nix-community", "repo": "disko", - "rev": "7f1857b31522062a6a00f88cbccf86b43acceed1", + "rev": "16b74a1e304197248a1bc663280f2548dbfcae3c", "type": "github" }, "original": { @@ -192,11 +192,11 @@ ] }, "locked": { - "lastModified": 1749398372, - "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", "type": "github" }, "original": { @@ -310,11 +310,11 @@ ] }, "locked": { - "lastModified": 1750304462, - "narHash": "sha256-Mj5t4yX05/rXnRqJkpoLZTWqgStB88Mr/fegTRqyiWc=", + "lastModified": 1752062782, + "narHash": "sha256-Dod77HcIByOyfGLEJOgRxg2Fmk2Y5lVgMEcN/xVEt/8=", "owner": "nix-community", "repo": "home-manager", - "rev": "863842639722dd12ae9e37ca83bcb61a63b36f6c", + "rev": "bec8ff39811568eb7c8c8d1e2a1a476326748f51", "type": "github" }, "original": { @@ -333,11 +333,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1750337387, - "narHash": "sha256-noZ4EiBQRmR2Bfw0VnN838r//1Mtuw3tgOeCzEUqh8I=", + "lastModified": 1751905641, + "narHash": "sha256-jUrEaYP49bll7kvWAdOXqwYTc3yBEscQoA3vksOB3bY=", "owner": "ignis-sh", "repo": "ignis", - "rev": "0b68b350e5167143861a030e3bd9065facd6264b", + "rev": "7042b95a6e97799d4da4f4d6cd826a921453b546", "type": "github" }, "original": { @@ -390,11 +390,11 @@ ] }, "locked": { - "lastModified": 1750325256, - "narHash": "sha256-vvlxGz/waqJ3TGqM/iqXbnEc7/R1qnEXmaBiPaQ1RE0=", + "lastModified": 1751313918, + "narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "0d71cbf88d63e938b37b85b3bf8b238bcf7b39b9", + "rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf", "type": "github" }, "original": { @@ -456,11 +456,11 @@ }, "nixos-facter-modules": { "locked": { - "lastModified": 1743671943, - "narHash": "sha256-7sYig0+RcrR3sOL5M+2spbpFUHyEP7cnUvCaqFOBjyU=", + "lastModified": 1750412875, + "narHash": "sha256-uP9Xxw5XcFwjX9lNoYRpybOnIIe1BHfZu5vJnnPg3Jc=", "owner": "nix-community", "repo": "nixos-facter-modules", - "rev": "58ad9691670d293a15221d4a78818e0088d2e086", + "rev": "14df13c84552a7d1f33c1cd18336128fbc43f920", "type": "github" }, "original": { @@ -475,11 +475,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1747663185, - "narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=", + "lastModified": 1751903740, + "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc", + "rev": "032decf9db65efed428afd2fa39d80f7089085eb", "type": "github" }, "original": { @@ -490,11 +490,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1750083401, - "narHash": "sha256-ynqbgIYrg7P1fAKYqe8I/PMiLABBcNDYG9YaAP/d/C4=", + "lastModified": 1752048960, + "narHash": "sha256-gATnkOe37eeVwKKYCsL+OnS2gU4MmLuZFzzWCtaKLI8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "61837d2a33ccc1582c5fabb7bf9130d39fee59ad", + "rev": "7ced9122cff2163c6a0212b8d1ec8c33a1660806", "type": "github" }, "original": { @@ -522,11 +522,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1750134718, - "narHash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=", + "lastModified": 1751984180, + "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9e83b64f727c88a7711a2c463a7b16eedb69a84c", + "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0", "type": "github" }, "original": { @@ -587,11 +587,11 @@ ] }, "locked": { - "lastModified": 1750119275, - "narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=", + "lastModified": 1751606940, + "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=", "owner": "Mic92", "repo": "sops-nix", - "rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2", + "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d", "type": "github" }, "original": { @@ -683,11 +683,11 @@ ] }, "locked": { - "lastModified": 1749194973, - "narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=", + "lastModified": 1752055615, + "narHash": "sha256-19m7P4O/Aw/6+CzncWMAJu89JaKeMh3aMle1CNQSIwM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5", + "rev": "c9d477b5d5bd7f26adddd3f96cfd6a904768d4f9", "type": "github" }, "original": { From 24379e16fd3dd6e813fab82d3eec6222f02eb74f Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 17 Jul 2025 23:54:49 +0200 Subject: [PATCH 056/376] import helix config as files (not dir) --- home-manager/helix.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/home-manager/helix.nix b/home-manager/helix.nix index 0c6f61c..af7f411 100644 --- a/home-manager/helix.nix +++ b/home-manager/helix.nix @@ -8,5 +8,7 @@ defaultEditor = true; }; - xdg.configFile."helix".source = "${config.dotfiles.path}/.config/helix"; + xdg.configFile."helix/config.toml".source = "${config.dotfiles.path}/.config/helix/config.toml"; + xdg.configFile."helix/languages.toml".source = + "${config.dotfiles.path}/.config/helix/languages.toml"; } From 69ce708f8ff21c1a38e3ce3737cf4440ff60cf0c Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 17 Jul 2025 23:55:49 +0200 Subject: [PATCH 057/376] fix unnecessary thunderbird account integration --- home-manager/mail/default.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/home-manager/mail/default.nix b/home-manager/mail/default.nix index e03b31f..4de2dd0 100644 --- a/home-manager/mail/default.nix +++ b/home-manager/mail/default.nix @@ -15,7 +15,7 @@ realName = "Romain Paquet"; primary = true; flavor = "migadu.com"; - thunderbird.enable = true; + thunderbird.enable = config.programs.thunderbird.enable; }; "admin@rpqt.fr" = { @@ -40,5 +40,13 @@ }; thunderbird.enable = config.programs.thunderbird.enable; }; + + "admin@turifer.dev" = { + address = "admin@turifer.dev"; + aliases = [ "postmaster@turifer.dev" ]; + realName = "Postmaster"; + flavor = "migadu.com"; + thunderbird.enable = config.programs.thunderbird.enable; + }; }; } From a01e4c26f5dce773f265cd291e352e26220fe3ec Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 17 Jul 2025 23:57:40 +0200 Subject: [PATCH 058/376] remove devenv --- home-manager/dev.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home-manager/dev.nix b/home-manager/dev.nix index 589f49f..79c3eba 100644 --- a/home-manager/dev.nix +++ b/home-manager/dev.nix @@ -1,7 +1,6 @@ { config, pkgs, ... }: { home.packages = with pkgs; [ - devenv direnv hut jujutsu From 255f2ccfa679d6c247f0ef5e187a5526039c6a2b Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 17 Jul 2025 23:57:59 +0200 Subject: [PATCH 059/376] link jj config --- home-manager/cli.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home-manager/cli.nix b/home-manager/cli.nix index 870bb8a..4c69be3 100644 --- a/home-manager/cli.nix +++ b/home-manager/cli.nix @@ -43,6 +43,7 @@ }; xdg.configFile."git".source = "${config.dotfiles.path}/.config/git"; + xdg.configFile."jj/config.toml".source = "${config.dotfiles.path}/.config/jj/config.toml"; xdg.configFile."task/taskrc".source = "${config.dotfiles.path}/.config/task/taskrc"; home.sessionPath = [ "${config.dotfiles.path}/bin" ]; From caa3080f5f7b67b744abdaf6ca625f71dc484c79 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 17 Jul 2025 23:59:01 +0200 Subject: [PATCH 060/376] update outdated jj config and include schema --- home/.config/jj/config.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/home/.config/jj/config.toml b/home/.config/jj/config.toml index 7685d54..1143906 100644 --- a/home/.config/jj/config.toml +++ b/home/.config/jj/config.toml @@ -1,9 +1,9 @@ +"$schema" = "https://jj-vcs.github.io/jj/latest/config-schema.json" + [ui] default-command = "log" +diff-formatter = ["difft", "--color=always", "$left", "$right"] [user] name = "Romain Paquet" email = "rpqt@rpqt.fr" - -[diff] -diff.tool = ["difft", "--color=always", "$left", "$right"] From 135e56c28838c4ba70e3204dfeb73a9cc471d0f1 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 18 Jul 2025 00:00:53 +0200 Subject: [PATCH 061/376] revert niri window movement bindings to default --- home/.config/niri/config.kdl | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/home/.config/niri/config.kdl b/home/.config/niri/config.kdl index 85f67e2..cfde58e 100644 --- a/home/.config/niri/config.kdl +++ b/home/.config/niri/config.kdl @@ -143,14 +143,14 @@ binds { Mod+K { focus-window-up; } Mod+L { focus-column-right; } - Mod+Shift+Left { move-column-left; } - Mod+Shift+Down { move-window-down; } - Mod+Shift+Up { move-window-up; } - Mod+Shift+Right { move-column-right; } - Mod+Shift+H { move-column-left; } - Mod+Shift+J { move-window-down; } - Mod+Shift+K { move-window-up; } - Mod+Shift+L { move-column-right; } + Mod+Ctrl+Left { move-column-left; } + Mod+Ctrl+Down { move-window-down; } + Mod+Ctrl+Up { move-window-up; } + Mod+Ctrl+Right { move-column-right; } + Mod+Ctrl+H { move-column-left; } + Mod+Ctrl+J { move-window-down; } + Mod+Ctrl+K { move-window-up; } + Mod+Ctrl+L { move-column-right; } // Alternative commands that move across workspaces when reaching // the first or last window in a column. @@ -164,14 +164,14 @@ binds { Mod+Ctrl+Home { move-column-to-first; } Mod+Ctrl+End { move-column-to-last; } - Mod+Ctrl+Left { focus-monitor-left; } - Mod+Ctrl+Down { focus-monitor-down; } - Mod+Ctrl+Up { focus-monitor-up; } - Mod+Ctrl+Right { focus-monitor-right; } - Mod+Ctrl+H { focus-monitor-left; } - Mod+Ctrl+J { focus-monitor-down; } - Mod+Ctrl+K { focus-monitor-up; } - Mod+Ctrl+L { focus-monitor-right; } + Mod+Shift+Left { focus-monitor-left; } + Mod+Shift+Down { focus-monitor-down; } + Mod+Shift+Up { focus-monitor-up; } + Mod+Shift+Right { focus-monitor-right; } + Mod+Shift+H { focus-monitor-left; } + Mod+Shift+J { focus-monitor-down; } + Mod+Shift+K { focus-monitor-up; } + Mod+Shift+L { focus-monitor-right; } Mod+Shift+Ctrl+Left { move-column-to-monitor-left; } Mod+Shift+Ctrl+Down { move-column-to-monitor-down; } From b91a52da5edd910cd970d1e519fc0193eda3911e Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 18 Jul 2025 00:03:13 +0200 Subject: [PATCH 062/376] enable running tailscale exit node on crocus --- machines/crocus/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix index 6adc61e..d299bcc 100644 --- a/machines/crocus/configuration.nix +++ b/machines/crocus/configuration.nix @@ -81,4 +81,6 @@ acceptTerms = true; defaults.email = "admin@rpqt.fr"; }; + + services.tailscale.useRoutingFeatures = "server"; } From 8b3841a87f9033ff1c2f5825a179acf95ec2d5e1 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 18 Jul 2025 00:10:29 +0200 Subject: [PATCH 063/376] remove agenix and migrate secrets to clan vars squash this --- devShells/flake-module.nix | 1 - flake.lock | 102 ++---------------- flake.nix | 3 - machines/crocus/radicle.nix | 10 +- machines/genepi/acme.nix | 12 ++- machines/genepi/configuration.nix | 1 - machines/genepi/freshrss.nix | 17 +-- machines/haze/configuration.nix | 2 - machines/haze/secrets/secrets.nix | 13 --- machines/haze/secrets/syncthing-cert.pem.age | Bin 1006 -> 0 bytes machines/haze/secrets/syncthing-key.pem.age | 8 -- machines/haze/syncthing.nix | 27 +++-- modules/gandi.nix | 15 +++ secrets/freshrss.age | 12 +-- secrets/gandi.age | 13 ++- secrets/radicle-private-key.age | Bin 733 -> 733 bytes secrets/restic-genepi-storagebox-key.age | 13 +-- secrets/restic-genepi-storagebox-password.age | 12 +-- 18 files changed, 96 insertions(+), 165 deletions(-) delete mode 100644 machines/haze/secrets/secrets.nix delete mode 100644 machines/haze/secrets/syncthing-cert.pem.age delete mode 100644 machines/haze/secrets/syncthing-key.pem.age create mode 100644 modules/gandi.nix diff --git a/devShells/flake-module.nix b/devShells/flake-module.nix index 69acae0..d3bc2e5 100644 --- a/devShells/flake-module.nix +++ b/devShells/flake-module.nix @@ -8,7 +8,6 @@ { devShells.default = pkgs.mkShellNoCC { packages = [ - inputs'.agenix.packages.default inputs'.clan-core.packages.clan-cli pkgs.garage pkgs.nil # Nix language server diff --git a/flake.lock b/flake.lock index 7d80166..51b2780 100644 --- a/flake.lock +++ b/flake.lock @@ -1,28 +1,5 @@ { "nodes": { - "agenix": { - "inputs": { - "darwin": "darwin", - "home-manager": "home-manager", - "nixpkgs": [ - "nixpkgs" - ], - "systems": "systems" - }, - "locked": { - "lastModified": 1750173260, - "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", - "owner": "ryantm", - "repo": "agenix", - "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", - "type": "github" - }, - "original": { - "owner": "ryantm", - "repo": "agenix", - "type": "github" - } - }, "clan-core": { "inputs": { "data-mesher": "data-mesher", @@ -37,7 +14,7 @@ "nixpkgs" ], "sops-nix": "sops-nix", - "systems": "systems_2", + "systems": "systems", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -54,28 +31,6 @@ "url": "https://git.clan.lol/clan/clan-core" } }, - "darwin": { - "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1744478979, - "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", - "owner": "lnl7", - "repo": "nix-darwin", - "rev": "43975d782b418ebf4969e9ccba82466728c2851b", - "type": "github" - }, - "original": { - "owner": "lnl7", - "ref": "master", - "repo": "nix-darwin", - "type": "github" - } - }, "data-mesher": { "inputs": { "flake-parts": [ @@ -228,7 +183,7 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_5" + "systems": "systems_4" }, "locked": { "lastModified": 1726560853, @@ -283,27 +238,6 @@ } }, "home-manager": { - "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1745494811, - "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -330,7 +264,7 @@ "nixpkgs": [ "nixpkgs" ], - "systems": "systems_3" + "systems": "systems_2" }, "locked": { "lastModified": 1751905641, @@ -366,7 +300,7 @@ "nixpkgs": [ "nixpkgs" ], - "systems": "systems_4" + "systems": "systems_3" }, "locked": { "lastModified": 1745334376, @@ -565,11 +499,10 @@ }, "root": { "inputs": { - "agenix": "agenix", "clan-core": "clan-core", "disko": "disko_2", "flake-parts": "flake-parts", - "home-manager": "home-manager_2", + "home-manager": "home-manager", "ignis": "ignis", "impermanence": "impermanence", "matugen": "matugen", @@ -617,16 +550,16 @@ }, "systems_2": { "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", "type": "github" }, "original": { "owner": "nix-systems", - "repo": "default", + "repo": "default-linux", "type": "github" } }, @@ -646,21 +579,6 @@ } }, "systems_4": { - "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", - "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default-linux", - "type": "github" - } - }, - "systems_5": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", diff --git a/flake.nix b/flake.nix index 7c34515..5e46000 100644 --- a/flake.nix +++ b/flake.nix @@ -75,9 +75,6 @@ nixos-generators.url = "github:nix-community/nixos-generators"; - agenix.url = "github:ryantm/agenix"; - agenix.inputs.nixpkgs.follows = "nixpkgs"; - clan-core.url = "git+https://git.clan.lol/clan/clan-core"; clan-core.inputs.nixpkgs.follows = "nixpkgs"; clan-core.inputs.flake-parts.follows = "flake-parts"; diff --git a/machines/crocus/radicle.nix b/machines/crocus/radicle.nix index d7f60b5..d6e3816 100644 --- a/machines/crocus/radicle.nix +++ b/machines/crocus/radicle.nix @@ -2,7 +2,7 @@ { services.radicle = { enable = true; - privateKeyFile = config.age.secrets.radicle-private-key.path; + privateKeyFile = config.clan.core.vars.generators.radicle.files.radicle-private-key.path; publicKey = keys.services.radicle; node = { openFirewall = true; @@ -17,5 +17,11 @@ }; }; - age.secrets.radicle-private-key.file = ../../secrets/radicle-private-key.age; + clan.core.vars.generators.radicle = { + prompts.radicle-private-key = { + description = "radicle node private key"; + type = "hidden"; + persist = true; + }; + }; } diff --git a/machines/genepi/acme.nix b/machines/genepi/acme.nix index d9c784d..4e319a2 100644 --- a/machines/genepi/acme.nix +++ b/machines/genepi/acme.nix @@ -1,21 +1,25 @@ { config, ... }: { + imports = [ + ../../modules/gandi.nix + ]; + security.acme = { acceptTerms = true; defaults.email = "admin@rpqt.fr"; }; - age.secrets.gandi.file = ../../secrets/gandi.age; - security.acme = { certs."home.rpqt.fr" = { group = config.services.nginx.group; - domain = "home.rpqt.fr"; extraDomainNames = [ "*.home.rpqt.fr" ]; dnsProvider = "gandiv5"; dnsPropagationCheck = true; - environmentFile = config.age.secrets.gandi.path; + environmentFile = config.clan.core.vars.generators.gandi.files.gandi-env.path; + email = "admin@rpqt.fr"; }; }; + + clan.core.vars.generators.gandi.files.gandi-env.owner = "acme"; } diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index 58c57c7..34c5a05 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -4,7 +4,6 @@ }: { imports = [ - self.inputs.agenix.nixosModules.default ./acme.nix ./boot.nix ./builder.nix diff --git a/machines/genepi/freshrss.nix b/machines/genepi/freshrss.nix index 9797ece..8222566 100644 --- a/machines/genepi/freshrss.nix +++ b/machines/genepi/freshrss.nix @@ -4,23 +4,26 @@ let subdomain = "rss.${domain}"; in { - age.secrets.freshrss = { - file = ../../secrets/freshrss.age; - mode = "700"; - owner = config.services.freshrss.user; - }; - services.freshrss = { enable = true; baseUrl = "https://${subdomain}"; virtualHost = "${subdomain}"; defaultUser = "rpqt"; - passwordFile = config.age.secrets.freshrss.path; + passwordFile = config.clan.core.vars.generators.freshrss.files.freshrss-password.path; }; services.nginx.virtualHosts.${config.services.freshrss.virtualHost} = { forceSSL = true; useACMEHost = "${domain}"; }; + + clan.core.vars.generators.freshrss = { + prompts.freshrss-password = { + description = "freshrss default user password"; + type = "hidden"; + persist = true; + }; + files.freshrss-password.owner = config.services.freshrss.user; + }; } diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index e2a0b34..90d2d0a 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -4,8 +4,6 @@ }: { imports = [ - # inputs.disko.nixosModules.disko - self.inputs.agenix.nixosModules.default ./boot.nix ./chat.nix ./firefox.nix diff --git a/machines/haze/secrets/secrets.nix b/machines/haze/secrets/secrets.nix deleted file mode 100644 index 1f012b4..0000000 --- a/machines/haze/secrets/secrets.nix +++ /dev/null @@ -1,13 +0,0 @@ -let - keys = import ../../../parts/keys.nix; -in -{ - "syncthing-key.pem.age".publicKeys = [ - keys.hosts.haze - keys.rpqt.haze - ]; - "syncthing-cert.pem.age".publicKeys = [ - keys.hosts.haze - keys.rpqt.haze - ]; -} diff --git a/machines/haze/secrets/syncthing-cert.pem.age b/machines/haze/secrets/syncthing-cert.pem.age deleted file mode 100644 index b5dabca52ec2fc3c9ecf5b423f8b35a042d2992a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1006 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+FitB@OjjuK@%2ur zGI7o~$}_i23HH#AGIVl}@GDQw$TBVU%uX??DDls#a7~L0Pv**TOZSY-_w@2HiS+X@ zjY{!1E;5MB@-Yp|OLTX43b!yc4$}5ZG&U>t2<6h%)m6wbO>;{2&d@J$E%P@o&&e@$ zv&hRc$tVgd)elcDG0ic{iwZN&&MR>&apf{}uZf!moX^gX8YQ5ubK#4GmkL*>lu(O18yt&e!e}1_-bE>fz|F22S7j;-0 z4n54d=@s z_OlvP7Y55TsB22hl=(lUPpR#MZp^C-EH{te*?-YK`198d)L2lV#RN798Ua zY1DsyuA5D(TuE)Ei@L%sZoQ+s?lBup>JQ?Rc>TR5;Q#m4`EO27ab6i>l2dWO)MaD! zKeMmhTUZjmYOYv$^a88VQrk||Nx8c$Nnp1)6Gq1y{zE^S%D#?8P zK8Gzqfn(y$;QHc=-#4?Gwq3p3;#fQD(_A(NO}oew72iuA+bjN&ztDESX3F27r$I@} zMJ#rIsI_vJRIW3>`$2yuR=yQKr^|TLi1Xc>BXiF`BrWOm-M}heee97v?S=&=I=VIA5;YR?0y;a|3llu SU0fTF@D&GVFTektcL@M4g4lHc diff --git a/machines/haze/secrets/syncthing-key.pem.age b/machines/haze/secrets/syncthing-key.pem.age deleted file mode 100644 index c3349ea..0000000 --- a/machines/haze/secrets/syncthing-key.pem.age +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 P3fsag cm2nekzBIMCAb/yXzY4L6jIH/Sa+rSMznT88WJNkP30 -DMnRf0An69vywpHLD3RGHwE0dkaa6JIEahhQo14EEDc ---- f/kI+HBhWTQlXoWvCJaLJM70EsOkH4G8/5g9Eeu8uNc - -T!\Β6 -TrϵKr9w̞8E,R.i _'2;iń8d&Dݫqxd -3exng~/)݇aWG~BNVia{uەR=MO)$HSff<c?~*T)Wtʁ&8iz:5[sc"& U9'_{xkEؼY@fU+Bu=Y4e3UQLSl5 Uqښ!hW@}OW \ No newline at end of file diff --git a/machines/haze/syncthing.nix b/machines/haze/syncthing.nix index 00806c4..c463b15 100644 --- a/machines/haze/syncthing.nix +++ b/machines/haze/syncthing.nix @@ -7,24 +7,21 @@ let home = config.users.users.${user}.home; in { - # age.secrets.syncthing-key.file = ./secrets/syncthing-key.pem.age; - # age.secrets.syncthing-cert.file = ./secrets/syncthing-cert.pem.age; - services.syncthing = { - enable = false; + enable = true; user = user; group = "users"; dataDir = home; configDir = "${home}/.config/syncthing"; - key = config.age.secrets.syncthing-key.path; - cert = config.age.secrets.syncthing-cert.path; + key = config.clan.core.vars.generators.syncthing.files."key".path; + cert = config.clan.core.vars.generators.syncthing.files."cert".path; openDefaultPorts = true; overrideDevices = true; overrideFolders = true; settings = { devices = { "genepi" = { - id = "EA7DC7O-IHB47EQ-AWT2QBJ-AWPDF5S-W4EM66A-KQPCTHI-UX53WKM-QTSAHQ4"; + id = "TNP3M2Z-2AJ3CJE-4LLYHME-3KWCLN4-XQWBIDJ-PTDRANE-RRBYQWQ-KXJFTQU"; }; "pixel-7a" = { id = "IZE7B4Z-LKTJY6Q-77NN4JG-ADYRC77-TYPZTXE-Q35BWV2-AEO7Q3R-ZE63IAU"; @@ -60,4 +57,20 @@ in }; }; }; + + clan.core.vars.generators.syncthing = { + prompts.key = { + description = "syncthing private key"; + type = "hidden"; + persist = true; + }; + files.key.owner = config.services.syncthing.user; + + prompts.cert = { + description = "syncthing cert"; + type = "hidden"; + persist = true; + }; + files.cert.owner = config.services.syncthing.user; + }; } diff --git a/modules/gandi.nix b/modules/gandi.nix new file mode 100644 index 0000000..9a97757 --- /dev/null +++ b/modules/gandi.nix @@ -0,0 +1,15 @@ +{ + clan.core.vars.generators.gandi = { + prompts.gandi-token = { + description = "gandi access token"; + type = "hidden"; + }; + files.gandi-env = { + secret = true; + }; + script = '' + printf %s "GANDIV5_PERSONAL_ACCESS_TOKEN=" >> $out/gandi-env + cat $prompts/gandi-token >> $out/gandi-env + ''; + }; +} diff --git a/secrets/freshrss.age b/secrets/freshrss.age index b4a3d8a..9d9a4e2 100644 --- a/secrets/freshrss.age +++ b/secrets/freshrss.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 JzHbnw jpMQTBWxbVVfpRmNC4lyDKCcrpz01Qx7LbkmSnieyHA -RWh0M0kj8BGn3u7e1A2Tki1soeMUQCHk5xTXyBF5dRA --> ssh-ed25519 8TpKTA qAvhyZSeKUYdZMhwPxd/eh4FNg1DAM1F2Stc6zvmV2A -pEP1XxQZaC/acpjMpX0NN/Hnq3vZzfeHYlNUt2bwNzY ---- F/XBgHsBJAJIlfuT0DA4DcAS+3Ci8PI6XIkKbndI898 -n s…$}IĘgᐺK,\c)4$0dyi o/^g{dɼ̅B \ No newline at end of file +-> ssh-ed25519 JzHbnw JQOFdZFRMy3CUajSKR2pbUXw06LEGJoUCilV3QrlhAg +nc9+a/wm+oTESW/f91UIBHyodXYpAwkp7iiBARsQqs8 +-> ssh-ed25519 8TpKTA bSzgxGzN9/cdSlb1PH3fYDa2bRSJC0vE6z1i5Me6wR4 +OqQXlelajxJNZ5RC7ooBvoUc03g5RELGQSX8BwEm428 +--- 68+PLIpazLNfF1NVo9dMFBiUrEIinXhYUufOiF+5Ic0 +oBi=&oe.N`"r=:+nI}c9y \ No newline at end of file diff --git a/secrets/gandi.age b/secrets/gandi.age index 9c8f2b8..b66b8d9 100644 --- a/secrets/gandi.age +++ b/secrets/gandi.age @@ -1,8 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 JzHbnw eURiwsZGmazGksGekjCeLJah8T5YKJNZHy1LMTh+fDw -7LBu9JjwrZ+ad0rOrRARRLj2ydho3y5PFUJFvaaXOao --> ssh-ed25519 8TpKTA SVqAdtOxogTlJJEHm1Ohe7WQ3XfV8lWCPHAn0cj/D0Q -Fd/E7QUFqirSJsMp9h81R/9V9kRlG8nvF/EoZMynLGE ---- 4dMwgCHnuTMpxeKktAlx4aYwcRwWqBFIFEqUFlY+Avg -W+Bn\N?|^ -A+)UD $|Ȕ.k\*OL1s7ѵV9=K>Efߝ}$x0Ć150>yp \ No newline at end of file +-> ssh-ed25519 JzHbnw T31pRlZxX8+uEmZzer9n0L6zuNX0wk4dhqzJGUnJ5BY +wLPjZofbVL6ujdMz0DCnEa/6aPiQxxO6Lfwfdy4SS+k +-> ssh-ed25519 8TpKTA IBv4smbKRnRjZ1dnOBTkX/rLO+viU8Bk4ztx4KFkw3I +Mcl0iIXi6C6tmTXeccnQfSv1QRWVaA4alGcus35b4TQ +--- hzcS/phyG9Q8F66INJJS4D4ODIpwH+jjPko7PmWBEcA +8B>@^Hdxbhkt3Yٗ6'9b] xUo>&K٧5!zm֙xQjz3oYIǟ[Vtv| \ No newline at end of file diff --git a/secrets/radicle-private-key.age b/secrets/radicle-private-key.age index 864ab4435f4ccb8a7929fcefb9aa9a4febb2209a..67e0469e66a3199c38acdb33351794035e253bd6 100644 GIT binary patch delta 701 zcmcc1dY5&APQ8g)MWM5+VR*TIiHmu%Uubb~VsJoCh=;4YzeQP~enyBvv35wVXGXG% z0as~aZn3swqKTn?l76|bkB4uzt9HIclC!0;S!qOhh>^c(ibbkhAXrg=PxRH}vmyvA$bexyLKa>Q;dLvKblcCyTFGw`r2@ z2etE^Z&;>_>ZIF;`pjH$TtiOuR^%%U%hHB33%MtF8dr2Ly(>Ghit$l=scqWEg^g!A zdURr=ti)S5CFbhRQT^TaXm#ah8Los4Vc!h@oLQlAqK-MR{&nh{@4c39Ln_N$6KUM!WFw3*jnvFobO0*AV{-ZS^J)?1Zlp|;}AK_SDg z*|HZ{B-!5H*ndc?@7qGQ4c)I49~|16>t6Kc=|nHqqK6{irwVU+?)Tl!DfQzQuPW`G z3+JWrxC<-|WBfHkRV<)>H@jW&&ky%`pDuRV+2-_eJKJIw&%a0Z>55J{7;Aq)F!AB8 zOSisVNvqo2qbwNH+w@JvAvV%M4~mZ4{k+IAt!wo*`E?e5Gv!4Ci_BL2e$xG@ zHpr#a``;p^={uyZ?)Bn)@Z9eFjoEGYH|?4|%XiP40@DKDO%=bA-m`lB+4+mq<&b5fxC~Rwux6%ns;bUn7&t1ib1(iIhU@TLUD11 zZfc5=si~o*f<;JycZj2cUs6$;QHFt6M3#PVWS&=YPQ7!sdt`u{MOs;wqkecylM}(PAXqvfmS%|S?M3i~4lSNs1s&7?=OS-pdl$UXpfvZ8DcTP?| zm#(g^LPe&3XsDxeXnA>*pTDoEce1IAWoAUSNkB??Qh-;9iF=fHo@Zc*SE*Y%SK|vi z?)|welJ$0z*q#1xYHHS1lqVihow1PL`Ffm&>XDGtUyp6XA8ns_XT_(_&G&eZJ>ZV} zCfXizeSNr;O4!NYPdW@s?@fI3_vW?6Pg@%fE;JKu`Q{m78S&|O-@QBB?Q_4r);yPd zz>K}~bvaXLve&_Df>H0*tyyyIb;8=`A67QCDnDAtevfrmalK<(?V~$ULd=HFQJbG< ztXZAd-~ClCTRNwBB5Q!rs@UH=T<)?FhNZ{e-N=$qosn^&zt`!vtpC=q-m3zOOO7`# zERt)8DfUY3+4@X-li;2n!D$9*N|_!jul`cwx%$dv&aNBGn$w%dCFDz@?%J$>tm*pl!vxOct z1-;31YDtu=nfuItpQwC)lP4#()+&N_Pai>Y>k;;_uen= zPiHv3YSK)W^9elk_0|D@KaC|a?q>-L+*_9^_P_j3-<91RiW|4TzO+gh E05AVB3IG5A diff --git a/secrets/restic-genepi-storagebox-key.age b/secrets/restic-genepi-storagebox-key.age index 65dad4e..01dd9a4 100644 --- a/secrets/restic-genepi-storagebox-key.age +++ b/secrets/restic-genepi-storagebox-key.age @@ -1,7 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 JzHbnw FL+4gD29OjqU5cFEHUBsYbweEOVvQ3q7v6X7Zbkghx8 -tmK+CgVUcLJpP7SxLdakqfQ6q4+ZIW+bOKmsQ7h5z7I --> ssh-ed25519 8TpKTA it+shCL614xDviBsDOidOHQ/mIGD0a4flmMeAL7ilAA -mRSTRcqloI+ojmEK4gQ3KO+nMlobdain8hmWkH/kX+w ---- /RZZE995XzGRj793ENRV2pRZOzz9fXg1LjXTRaojl8E - r6#gaƶ0tf7P1Yh!8kILOR[t(oSQjX6׷7fP \ No newline at end of file +-> ssh-ed25519 JzHbnw jcLmvaUel10bjSo1m+vL5929Ev6Qtq36d9avIxZ2uDg +MZ+R18igyow8lCI5qCH2Jl5tNy19KYdJEZkSimMsd24 +-> ssh-ed25519 8TpKTA /RgGofvCDFINYdk6hHkfv48SZCocMWFvO3cznQVB3Bs +jJy65KCMIUEyb63cpdBD/MjCEq6Du7KoWBsMHCKZpok +--- yxtOdFqzs1OQIko6OIlZPofBckezYd5fJkbyM1wb6AU +:" !h"|Cy) sag?t؂Ja ԥ_!kTX.ˮ6cPC,Kгo)|Zl:I +ɄL5v \ No newline at end of file diff --git a/secrets/restic-genepi-storagebox-password.age b/secrets/restic-genepi-storagebox-password.age index 42e028f..bdd5443 100644 --- a/secrets/restic-genepi-storagebox-password.age +++ b/secrets/restic-genepi-storagebox-password.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 JzHbnw 03K1eF97VQ1Gt3LoIVYk6RTJ2wuOoOFpx5Msh1qzb10 -o5qJMOa+AzF7czu1xtx2/aJ+tJqVv14J58pgvGcq4hI --> ssh-ed25519 8TpKTA AcBv+loPwmanCwbVoQtj2ZD3ZRJ27SJqg0oklQMy7Ec -uT2oIf9AENKn4SzAbKqT8igUJ6TsoE26iLgs/Ds/Bag ---- JuOE19Ap5gs+hw5sJnrfYFi8G9cesSj626cgxaWV6QY -Y;WFHmՙ@"bc;g oj> \ No newline at end of file +-> ssh-ed25519 JzHbnw aEdPsShqoC1O4YVmeRnuky+elRay3fAipvIDhgSP02Q +Gvh/ER7d6VaCXQ/cA2puOrhwz0PQDO7sNfi06X6yw5M +-> ssh-ed25519 8TpKTA YKagwotojOY57tuvf+lkHh5+1M8NoV3slITN8X/1yD8 +fNf1DBeW5KJMjq1dzi6KR7SR+fw7aFA2CRemRwdE6/M +--- 5Gfha3Txw0O0a7v0AmJov3shlxihBp4EONcBFPU0NT8 +6Vkѕkp|U~\+f <(}qQߧ9 \ No newline at end of file From ed5a50d99654fcb3a208e731f852369816a4de76 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 18 Jul 2025 00:14:23 +0200 Subject: [PATCH 064/376] add genepi's syncthing to glance --- machines/genepi/glance-config.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/machines/genepi/glance-config.nix b/machines/genepi/glance-config.nix index 4b913e6..5608f38 100644 --- a/machines/genepi/glance-config.nix +++ b/machines/genepi/glance-config.nix @@ -54,6 +54,11 @@ url = "https://rss.home.rpqt.fr"; icon = "si:rss"; } + { + title = "Syncthing"; + url = "https://genepi.home.rpqt.fr/syncthing"; + icon = "si:syncthing"; + } ]; } ]; From c4cefeea54c8a13a2519fb38eba7a65e536eb86d Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 18 Jul 2025 00:24:11 +0200 Subject: [PATCH 065/376] setup avahi --- machines/crocus/configuration.nix | 4 +++- machines/flake-module.nix | 21 +++++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix index d299bcc..eee7dda 100644 --- a/machines/crocus/configuration.nix +++ b/machines/crocus/configuration.nix @@ -34,7 +34,9 @@ ]; }; - services.avahi.enable = true; + services.avahi.allowInterfaces = [ + "zts7mq7onf" + ]; disko.devices.disk.main.device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_48353082"; diff --git a/machines/flake-module.nix b/machines/flake-module.nix index 87eb989..eabee63 100644 --- a/machines/flake-module.nix +++ b/machines/flake-module.nix @@ -32,6 +32,27 @@ roles.peer.tags."all" = { }; }; + "avahi" = { + module.input = "clan-core"; + module.name = "garage"; + roles.default.tags.all = { }; + roles.default.extraModules = [ + { + services.avahi = { + enable = true; + nssmdns4 = true; + nssmdns6 = true; + publish = { + enable = true; + domain = true; + userServices = true; + addresses = true; + }; + }; + } + ]; + }; + "sshd" = { module.input = "clan-core"; module.name = "sshd"; From bacaf6d5b63596d1bdaf2a2bd1fccbfa6a077554 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 19 Jul 2025 17:45:17 +0200 Subject: [PATCH 066/376] setup unbound dns --- machines/crocus/configuration.nix | 2 + machines/genepi/configuration.nix | 6 +- machines/genepi/network.nix | 2 +- modules/unbound-auth.nix | 30 +++++++++ modules/unbound.nix | 100 ++++++++++++++++++++++++++++++ 5 files changed, 135 insertions(+), 5 deletions(-) create mode 100644 modules/unbound-auth.nix create mode 100644 modules/unbound.nix diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix index eee7dda..c5ac230 100644 --- a/machines/crocus/configuration.nix +++ b/machines/crocus/configuration.nix @@ -13,6 +13,8 @@ ../../modules/remote-builder.nix ../../modules/borgbackup.nix ./topology.nix + ../../modules/unbound.nix + ../../modules/unbound-auth.nix self.nixosModules.gitea ]; diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index 34c5a05..813397a 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -20,10 +20,8 @@ ./topology.nix ../../system - ../../modules/borgbackup.nix - - self.inputs.clan-core.clanModules.state-version - self.inputs.clan-core.clanModules.trusted-nix-caches + ../../modules/unbound.nix + ../../modules/unbound-auth.nix self.inputs.home-manager.nixosModules.home-manager { diff --git a/machines/genepi/network.nix b/machines/genepi/network.nix index 49b5992..e6225ef 100644 --- a/machines/genepi/network.nix +++ b/machines/genepi/network.nix @@ -1,6 +1,6 @@ { # Tailscale seems to break when not using resolved - services.resolved.enable = true; + # services.resolved.enable = true; networking.useDHCP = true; networking.interfaces.tailscale0.useDHCP = false; } diff --git a/modules/unbound-auth.nix b/modules/unbound-auth.nix new file mode 100644 index 0000000..2c5eab9 --- /dev/null +++ b/modules/unbound-auth.nix @@ -0,0 +1,30 @@ +{ + services.unbound = { + settings = { + auth-zone = [ + { + name = "home.rpqt.fr."; + zonefile = builtins.toFile "home.rpqt.fr.zone" '' + $TTL 3600 ; 1 Hour + $ORIGIN home.rpqt.fr. + home.rpqt.fr. IN SOA ns1 admin.rpqt.fr. ( + 2025063000 ; serial + 10800 ; refresh + 3600 ; retry + 604800 ; expire + 300 ; minimum + ) + + @ 1D IN NS ns1.home.rpqt.fr. + + ns1 10800 IN CNAME crocus.home.rpqt.fr. + ns2 10800 IN CNAME genepi.home.rpqt.fr. + + crocus 10800 IN AAAA fd80:150d:17cc:2ae:6999:9380:150d:17cc + genepi 10800 IN AAAA fd80:150d:17cc:2ae:6999:9358:3e0e:d738 + ''; + } + ]; + }; + }; +} diff --git a/modules/unbound.nix b/modules/unbound.nix new file mode 100644 index 0000000..8c4e5df --- /dev/null +++ b/modules/unbound.nix @@ -0,0 +1,100 @@ +{ + self, + config, + lib, + ... +}: +let + domain = "home.rpqt.fr"; + machines = { + genepi = { + subdomains = [ + "glance" + "grafana" + "images" + "rss" + "tw" + ]; + }; + }; + zerotierInterface = "zts7mq7onf"; + machinesZerotierIpRecords = + lib.map + ( + host: + ''"${host}.infra.rpqt.fr. 10800 IN AAAA ${ + self.nixosConfigurations.${host}.config.clan.core.vars.generators.zerotier.files.zerotier-ip.value + }"'' + ) + [ + "crocus" + "genepi" + ]; +in +{ + services.resolved.enable = false; + + networking.firewall.interfaces.${zerotierInterface} = { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; + + services.unbound = { + enable = true; + resolveLocalQueries = true; + checkconf = true; + + settings = { + server = { + interface = [ + "127.0.0.1" + "::1" + "::0" + ]; + access-control = [ + "127.0.0.1 allow" + "${config.clan.core.networking.zerotier.subnet} allow" + ]; + local-zone = [ + ''"*.home.rpqt.fr." redirect'' + ]; + local-data = + # machinesZerotierIpRecords ++ + lib.concatMap ( + host: + lib.map ( + subdomain: + ''"${subdomain}.${domain}. 10800 IN AAAA ${ + self.nixosConfigurations.${host}.config.clan.core.vars.generators.zerotier.files.zerotier-ip.value + }"'' + ) machines.${host}.subdomains + ) (lib.attrNames machines); + private-address = [ + "127.0.0.1/8" + "${config.clan.core.networking.zerotier.subnet}" + ]; + private-domain = [ + "home.rpqt.fr" + ]; + }; + forward-zone = [ + { + name = "."; + forward-tls-upstream = true; + forward-addr = [ + "9.9.9.9#dns.quad9.net" + "149.112.112.112#dns.quad9.net" + "1.1.1.1@853#cloudflare-dns.com" + "1.0.0.1@853#cloudflare-dns.com" + "2606:4700:4700::1111@853#cloudflare-dns.com" + "2606:4700:4700::1001@853#cloudflare-dns.com" + "8.8.8.8#dns.google" + "8.8.4.4#dns.google" + "2001:4860:4860::8888#dns.google" + "2001:4860:4860::8844#dns.google" + ]; + } + ]; + }; + }; +} From bc2a43262a80ab5ae80ccf8dc252777f1f173163 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 18 Jul 2025 00:27:36 +0200 Subject: [PATCH 067/376] update syntax for setting clan targetHost --- machines/crocus/configuration.nix | 1 - machines/flake-module.nix | 10 +++++++++- machines/genepi/configuration.nix | 1 - 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix index c5ac230..ae75d55 100644 --- a/machines/crocus/configuration.nix +++ b/machines/crocus/configuration.nix @@ -21,7 +21,6 @@ nixpkgs.hostPlatform = "x86_64-linux"; networking.hostName = "crocus"; - clan.core.networking.targetHost = "root@crocus.local"; networking.useDHCP = false; systemd.network.enable = true; diff --git a/machines/flake-module.nix b/machines/flake-module.nix index eabee63..70d1f89 100644 --- a/machines/flake-module.nix +++ b/machines/flake-module.nix @@ -1,8 +1,16 @@ { - clan = { meta.name = "blossom"; + inventory.machines = { + crocus = { + deploy.targetHost = "root@crocus"; + }; + genepi = { + deploy.targetHost = "root@genepi"; + }; + }; + inventory.instances = { "rpqt-admin" = { module.input = "clan-core"; diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index 813397a..9460d23 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -32,7 +32,6 @@ ]; networking.hostName = "genepi"; - clan.core.networking.targetHost = "root@genepi.local"; disko.devices.disk.main.device = "/dev/disk/by-id/ata-WD_Green_M.2_2280_480GB_2251E6411147"; From c6cf81dba5f34c985fdf265aa74684d6eaccc581 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 18 Jul 2025 00:32:07 +0200 Subject: [PATCH 068/376] migrate clan trusted-nix-caches to clan.services --- machines/flake-module.nix | 5 +++++ machines/genepi/configuration.nix | 5 +++-- machines/haze/configuration.nix | 1 - 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/machines/flake-module.nix b/machines/flake-module.nix index 70d1f89..c4d1260 100644 --- a/machines/flake-module.nix +++ b/machines/flake-module.nix @@ -77,6 +77,11 @@ }; }; }; + + "trusted-nix-caches" = { + module.input = "clan-core"; + module.name = "trusted-nix-caches"; + roles.default.tags.all = { }; }; }; }; diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index 9460d23..028cb1a 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -20,8 +20,9 @@ ./topology.nix ../../system - ../../modules/unbound.nix - ../../modules/unbound-auth.nix + ../../modules/borgbackup.nix + + self.inputs.clan-core.clanModules.state-version self.inputs.home-manager.nixosModules.home-manager { diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index 90d2d0a..62d4901 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -21,7 +21,6 @@ ../../system self.inputs.clan-core.clanModules.state-version - self.inputs.clan-core.clanModules.trusted-nix-caches self.inputs.home-manager.nixosModules.home-manager { From 65949117055373793331ad03be64b89243cdb891 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 18 Jul 2025 00:37:57 +0200 Subject: [PATCH 069/376] migrate state-version to clan.services --- machines/crocus/configuration.nix | 3 ++- machines/genepi/configuration.nix | 3 ++- machines/haze/configuration.nix | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix index ae75d55..a1df2d3 100644 --- a/machines/crocus/configuration.nix +++ b/machines/crocus/configuration.nix @@ -9,7 +9,6 @@ (modulesPath + "/profiles/qemu-guest.nix") # ./radicle.nix ../../system - self.inputs.clan-core.clanModules.state-version ../../modules/remote-builder.nix ../../modules/borgbackup.nix ./topology.nix @@ -35,6 +34,8 @@ ]; }; + clan.core.settings.state-version.enable = true; + services.avahi.allowInterfaces = [ "zts7mq7onf" ]; diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index 028cb1a..cdb81b9 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -22,7 +22,6 @@ ../../system ../../modules/borgbackup.nix - self.inputs.clan-core.clanModules.state-version self.inputs.home-manager.nixosModules.home-manager { @@ -34,6 +33,8 @@ networking.hostName = "genepi"; + clan.core.settings.state-version.enable = true; + disko.devices.disk.main.device = "/dev/disk/by-id/ata-WD_Green_M.2_2280_480GB_2251E6411147"; nix.gc = { diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index 62d4901..6a4089c 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -20,8 +20,6 @@ ./video.nix ../../system - self.inputs.clan-core.clanModules.state-version - self.inputs.home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; @@ -49,6 +47,8 @@ }; }; + clan.core.settings.state-version.enable = true; + programs.kdeconnect.enable = true; # Remote builds From bf070bae608bbac00218bef0241152ff2dec691b Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 18 Jul 2025 00:38:39 +0200 Subject: [PATCH 070/376] enable using tailscale exit nodes from haze --- machines/haze/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index 6a4089c..cf0af77 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -66,4 +66,6 @@ builders-use-substitutes = true ''; }; + + services.tailscale.useRoutingFeatures = "client"; } From 97e8b1f963552e924e0976a6de6f962e55b7e24a Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 18 Jul 2025 00:39:59 +0200 Subject: [PATCH 071/376] use gnome-keyring and remove other ssh-agent --- machines/haze/niri.nix | 2 ++ machines/haze/ssh.nix | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/machines/haze/niri.nix b/machines/haze/niri.nix index 4952297..05c834a 100644 --- a/machines/haze/niri.nix +++ b/machines/haze/niri.nix @@ -15,5 +15,7 @@ self.inputs.matugen.packages.${pkgs.system}.default ]; + services.gnome.gnome-keyring.enable = true; + environment.sessionVariables.NIXOS_OZONE_WL = "1"; } diff --git a/machines/haze/ssh.nix b/machines/haze/ssh.nix index 054b746..2c63c08 100644 --- a/machines/haze/ssh.nix +++ b/machines/haze/ssh.nix @@ -1,3 +1,2 @@ { - programs.ssh.startAgent = true; } From 1c76f46e5c98d530c7a27ff9f34cb5a00a09639e Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 18 Jul 2025 00:41:52 +0200 Subject: [PATCH 072/376] add garage instance --- machines/flake-module.nix | 19 +++++++++++++++++ modules/garage.nix | 44 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) create mode 100644 modules/garage.nix diff --git a/machines/flake-module.nix b/machines/flake-module.nix index c4d1260..406ddfe 100644 --- a/machines/flake-module.nix +++ b/machines/flake-module.nix @@ -5,9 +5,15 @@ inventory.machines = { crocus = { deploy.targetHost = "root@crocus"; + tags = [ + "garage" + ]; }; genepi = { deploy.targetHost = "root@genepi"; + tags = [ + "garage" + ]; }; }; @@ -78,6 +84,19 @@ }; }; + "garage" = { + module.input = "clan-core"; + module.name = "garage"; + roles.default.tags.garage = { }; + }; + + "garage-config" = { + module.input = "clan-core"; + module.name = "importer"; + roles.default.tags.garage = { }; + roles.default.extraModules = [ ../modules/garage.nix ]; + }; + "trusted-nix-caches" = { module.input = "clan-core"; module.name = "trusted-nix-caches"; diff --git a/modules/garage.nix b/modules/garage.nix new file mode 100644 index 0000000..965ffaa --- /dev/null +++ b/modules/garage.nix @@ -0,0 +1,44 @@ +{ + config, + pkgs, + self, + ... +}: +let + zerotier_interface = "zts7mq7onf"; + zerotier_ip = + self.nixosConfigurations.${config.networking.hostName}.config.clan.core.vars.generators.zerotier.files.zerotier-ip.value; +in +{ + services.garage = { + package = pkgs.garage; + settings = { + metadata_dir = "/var/lib/garage/meta"; + data_dir = "/var/lib/garage/data"; + db_engine = "sqlite"; + + replication_factor = 2; + + rpc_bind_addr = "[${zerotier_ip}]:3901"; + + s3_api = { + api_bind_addr = "127.0.0.1:3900"; + s3_region = "garage"; + root_domain = ".s3.garage.home.rpqt.fr"; + }; + + s3_web = { + bind_addr = "127.0.0.1:3902"; + root_domain = ".web.garage.home.rpqt.fr"; + }; + + admin = { + api_bind_addr = "127.0.0.1:3903"; + }; + }; + }; + + networking.firewall.interfaces.${zerotier_interface} = { + allowedTCPPorts = [ 3901 ]; + }; +} From 16116fe681793cb1f9f80779d0d6e061a5f753ef Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 18 Jul 2025 00:43:01 +0200 Subject: [PATCH 073/376] fix user password not being generated --- machines/flake-module.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/machines/flake-module.nix b/machines/flake-module.nix index 406ddfe..7de9751 100644 --- a/machines/flake-module.nix +++ b/machines/flake-module.nix @@ -78,7 +78,6 @@ module.name = "users"; roles.default.machines.haze = { settings = { - prompt = false; user = "rpqt"; }; }; From fecdae8032dd357b0272c438aa1ea58facf2ebc4 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 18 Jul 2025 00:45:35 +0200 Subject: [PATCH 074/376] move borgbackup to clan.services --- machines/crocus/configuration.nix | 1 - machines/flake-module.nix | 25 +++++++++++++++++++++++++ machines/genepi/configuration.nix | 2 -- 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix index a1df2d3..ff96a69 100644 --- a/machines/crocus/configuration.nix +++ b/machines/crocus/configuration.nix @@ -10,7 +10,6 @@ # ./radicle.nix ../../system ../../modules/remote-builder.nix - ../../modules/borgbackup.nix ./topology.nix ../../modules/unbound.nix ../../modules/unbound-auth.nix diff --git a/machines/flake-module.nix b/machines/flake-module.nix index 7de9751..6e8dfff 100644 --- a/machines/flake-module.nix +++ b/machines/flake-module.nix @@ -1,3 +1,4 @@ +{ self, lib, ... }: { clan = { meta.name = "blossom"; @@ -101,6 +102,30 @@ module.name = "trusted-nix-caches"; roles.default.tags.all = { }; }; + + "borgbackup-storagebox" = { + module.input = "clan-core"; + module.name = "borgbackup"; + + roles.client.machines = lib.genAttrs [ "crocus" "genepi" ] ( + machine: + let + config = self.nixosConfigurations.${machine}.config; + user = "u422292"; + host = "${user}.your-storagebox.de"; + in + { + settings.destinations."storagebox-${config.networking.hostName}" = { + repo = "${user}@${host}:./borgbackup/${config.networking.hostName}"; + rsh = "ssh -oPort=23 -i ${config.clan.core.vars.generators.borgbackup.files."borgbackup.ssh".path}"; + }; + } + ); + roles.client.extraModules = [ + ../modules/storagebox.nix + ]; + roles.server.machines = { }; + }; }; }; } diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index cdb81b9..4abf704 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -20,8 +20,6 @@ ./topology.nix ../../system - ../../modules/borgbackup.nix - self.inputs.home-manager.nixosModules.home-manager { From 2d89107f1527172b21bf4e2ed30573164c30bc46 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 18 Jul 2025 00:49:44 +0200 Subject: [PATCH 075/376] add quickshell --- machines/haze/niri.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/machines/haze/niri.nix b/machines/haze/niri.nix index 05c834a..1260a33 100644 --- a/machines/haze/niri.nix +++ b/machines/haze/niri.nix @@ -6,6 +6,7 @@ brightnessctl pavucontrol playerctl + quickshell swaybg swaylock tofi From 898a75df1c37467f9fcd2eadeaaf0423036dacdb Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 18 Jul 2025 00:53:13 +0200 Subject: [PATCH 076/376] remove sway and hyprland specialisations --- machines/haze/configuration.nix | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index cf0af77..be997b5 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -32,20 +32,6 @@ networking.hostName = "haze"; clan.core.networking.targetHost = "rpqt@haze.local"; - specialisation = { - hyprland.configuration = - { ... }: - { - imports = [ ./hyprland.nix ]; - disabledModules = [ ./niri.nix ]; - }; - sway.configuration = - { ... }: - { - imports = [ ./sway.nix ]; - disabledModules = [ ./niri.nix ]; - }; - }; clan.core.settings.state-version.enable = true; From 4332ef2fa68dd65ba9ab9521fa6770e39bde09c6 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 18 Jul 2025 00:53:57 +0200 Subject: [PATCH 077/376] add home nameservers and search domains on haze --- machines/haze/configuration.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index be997b5..903f3b5 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -32,9 +32,17 @@ networking.hostName = "haze"; clan.core.networking.targetHost = "rpqt@haze.local"; + networking.search = [ + "home.rpqt.fr" + ]; clan.core.settings.state-version.enable = true; + networking.nameservers = [ + self.nixosConfigurations.genepi.config.clan.core.vars.generators.zerotier.files.zerotier-ip.value + self.nixosConfigurations.crocus.config.clan.core.vars.generators.zerotier.files.zerotier-ip.value + ]; + programs.kdeconnect.enable = true; # Remote builds From db352afea08dbeebbdfd34815c18323a158dbbdf Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 18 Jul 2025 00:54:51 +0200 Subject: [PATCH 078/376] exclude haze from clan machine update --- machines/haze/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index 903f3b5..99224dc 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -36,6 +36,8 @@ "home.rpqt.fr" ]; + clan.deployment.requireExplicitUpdate = true; + clan.core.settings.state-version.enable = true; networking.nameservers = [ From 0337f379b42c5c2b667ca7503bb662fb0d7d2633 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 18 Jul 2025 00:58:53 +0200 Subject: [PATCH 079/376] add reverse-proxy for genepi's syncthing --- machines/genepi/syncthing.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/machines/genepi/syncthing.nix b/machines/genepi/syncthing.nix index 3a0240f..70e7aec 100644 --- a/machines/genepi/syncthing.nix +++ b/machines/genepi/syncthing.nix @@ -5,8 +5,17 @@ let user = "rpqt"; home = config.users.users.${user}.home; + domain = "home.rpqt.fr"; + subdomain = "genepi.${domain}"; in { + + services.nginx.virtualHosts.${subdomain} = { + forceSSL = true; + useACMEHost = "${domain}"; + locations."/syncthing".proxyPass = "http://${config.services.syncthing.guiAddress}"; + }; + services.syncthing = { enable = true; user = user; From 5c4664b88569d04a5f4fe9247b9589451c84f752 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 19 Jul 2025 18:48:09 +0200 Subject: [PATCH 080/376] fix genepi zerotier vars that were not commited --- .../genepi/zerotier/zerotier-identity-secret/secret | 10 +++++----- vars/per-machine/genepi/zerotier/zerotier-ip/value | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/vars/per-machine/genepi/zerotier/zerotier-identity-secret/secret b/vars/per-machine/genepi/zerotier/zerotier-identity-secret/secret index 515e514..2d6cb01 100644 --- a/vars/per-machine/genepi/zerotier/zerotier-identity-secret/secret +++ b/vars/per-machine/genepi/zerotier/zerotier-identity-secret/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:qiV0iFWH0Bo9hX0k8cusHIShcvuIJ2QqXDF0ea0WZrOLgXTlUzqkRk5PB1sKA1JElGN/2sEmFZJXZMEPlUCNVTQSQxkInHF8UTMjChLRPmq0rRAWSjMzPRhS9slscQAudRhxe6baPxztVlhjqCDFH8JnM9zeWRqZfmgTjLjcKF987ZK7fPuBptY/k/QYlCF4ydnjM1wqgNgnhLxal63ItRwBiwHRkxTgBWu+iW5Ewu4p2/n+VgOI96auy9vzb4q2zmegf8FBfH5ltHppc0bwLCS/VwkYYxyN2pK6y0xOQMTfrDaqNcIPaTNPR/PwxHR0xbf+mHpFUu307LF5iew3K0A4JrDRWo7fF3FYCigK,iv:Ab23CcA2KZAsdKcTPGd8b4VSdL8YO8vJzZ8BqA8m/EQ=,tag:opYwCSueDzok0KDjAS2ZVQ==,type:str]", + "data": "ENC[AES256_GCM,data:3lcGW28SKHbpHq/g0xpmNqlemZ1W5DTfjbsIwufl34tYZIlAEITBVRAf2M66k0hUAvl/e5My82zVhxKGW2FcLUghxRBWXM0HIUDssKtPJhSjuDeQ5kBqTLDCGDDuyW+nFi16C8tzp4arszeaS3yENn65iWax9hlssQQiAYodRZoLvFoO3fPVkeDlII8qL5sjCqTdVBX318c4XKt1hi3PcgVCsevV7gD8kQKKPBePMD/hzwhoVcjDBcTigLRTVio+JmYMOQOV3sl65q7j4yB1j09C0IX7glq6s80+YWTvNkAwyeC/N2UvDntgGIC7/+1VvawViOC/2W6rZpkF5orsIJhW95xM6uIaOhAPQHot,iv:a+PeVag/u0K9NP8bg7Cz9sqhTqAf5SmucFbIHlYcWmE=,tag:GyF2gl+zVSQ7MkatjHSbrA==,type:str]", "sops": { "age": [ { "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUaUZ4V0J4WDVycjNvNlRt\nRzVSN2p5RFRkU1NYbEZ4K0xyLzdzQ0U2dGpnCkJUdW9icWd0K2RpQTQvWC9vaXNm\nMERpbVYvVW1VTXkvNUxyTnlqUjgycm8KLS0tIFp1TTIzaVZuSU5QUUZrd0VacVJt\nemE0R2FidnlISlQrWUllZ1oyRmd1SncKeFLYq44Bx9h4PNo44OOLSk83dwJNYuii\ncguM+LjkwHhgMXBDAEf5w0REbkC397yMZ8w9WNaznWhua18kdTIc0w==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTNTEycXliN3JUSkQ4czdZ\nNDFHNk5EYXhHWFc5SzZSYUJ3SU1NRlhKTFMwClJadW5aZlluL2NOdTRwbWhpWjhF\nYUE4Y240SS9HNWZJZ0FITjdrbVR5ZVEKLS0tIG91WTAwZUttRnFCQ3NwejJlTXpj\nZE9maDVsWWIwNE9PZ2gvSGtKYUxTVjQKJl/RXsOGqQk6nAfLG6L9nUMMparvfQxs\nkB5O+LuZsFgtzJrCmm3pwfn8h9E2YHBcBwwziv50JHeiyhQ7/tOb1w==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSMW40RUVtQjByVm93aGJ3\naG5XWG15MkhFUTY5WTFTQkJtTHZmMk9JQWpNCnVvcE85SFRlbGZxUWRud2Y5TFVE\nTkk4TVdoYlJ0VlpaRXByekxFK2xHVkUKLS0tIE9OM2N3dUpnZHROeEwzc3lmNERU\neHFYcFloRm8yV0R1TFAra29qYWhpaVkKrIdKo8C3upVLvFtXRUxc8RNwGOuUdeGV\nZMO/ClmtXvi8WHRa0CMUOSLYBlemC4yrHjK4FKru3BqYqLVtqjydaA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzRERQQnBjaGpwVUlCQzVD\naDlDNTZaRzlLVUpScS93MXFRb0dRM1ZrMGpRCnVLRnBkVHlBY1VrQTFtNkhGZThk\nWG04cyswaVF1dW5VaDFBN1ZVWkQxYkEKLS0tIHRNUm1vTWhBUkcwdEZpZExEak9W\ncHhZdXRnZjBaeXJiN2hRbEZqYkVtMjgK8qnPrf/uEKQ8XZ/CD9SNW1+Ym7JWGWjl\nF9NraIpLn1pPs/MMd39RLtbODS5Lrjg912xbNCuSiOClP9yWc2EMuQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-05-15T16:16:51Z", - "mac": "ENC[AES256_GCM,data:mU+46/g2nd8mUPtg64LriMHS5c04QdG+vbGFD2iLxkwpNurp+bEb//Bfuj5txStp9RA+2Y3sjvzz4YALwZkAtgiX9JPH7j5kBoweI7NYeD/CqfnRPGqhA8M9THe/qpeluaNpTKqLOjkDu9eqn9LzFre9DfsmV7MP4NU5dxjRigk=,iv:LMSxSDww17SmmA06L652/kws87IUBthqrBwhGbMe3c0=,tag:bSKDEdURgwt/30x9Qs8JrA==,type:str]", + "lastmodified": "2025-07-01T18:02:24Z", + "mac": "ENC[AES256_GCM,data:JsFXULP0hM39nNW4xNQjbsTnOJSNS8n0kNiknCEhRHjE3aIfxrnTdP27DOGTotMWrIvk9lWBknHPW2HZQg5IBVQpglYJwCpNzXyP4ipUYAnATpplPFe36Oa/EciExS0Z2l17UKpGIEcxnrWijAsPAuCyQOD7Z44KtXSR6VeCtTU=,iv:LY3umqELBIMSjBb69EW4+LeJ5lXmREZxJlHYIPcrtOo=,tag:nWfh3bBvxtwgTeGH76NpOw==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } diff --git a/vars/per-machine/genepi/zerotier/zerotier-ip/value b/vars/per-machine/genepi/zerotier/zerotier-ip/value index 69e3a90..ad42803 100644 --- a/vars/per-machine/genepi/zerotier/zerotier-ip/value +++ b/vars/per-machine/genepi/zerotier/zerotier-ip/value @@ -1 +1 @@ -fde5:947a:3cec:e1c5:1999:93e5:947a:3cec \ No newline at end of file +fd80:150d:17cc:2ae:6999:9358:3e0e:d738 \ No newline at end of file From b0cf958d396b14e490cafe8d1bdf695a8a1ccfc4 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 19 Jul 2025 18:48:09 +0200 Subject: [PATCH 081/376] fix haze syncthing --- machines/genepi/syncthing.nix | 2 +- vars/per-machine/haze/syncthing/key/secret | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/machines/genepi/syncthing.nix b/machines/genepi/syncthing.nix index 70e7aec..904941a 100644 --- a/machines/genepi/syncthing.nix +++ b/machines/genepi/syncthing.nix @@ -28,7 +28,7 @@ in settings = { devices = { "haze" = { - id = "QUX6KGF-7KNFTGD-RAX5OWC-NFQGRNK-S2TC2DQ-DQRWDTK-KMBTQXT-EVNRDQG"; + id = "INMEQOC-5WT5JMJ-EYCBQVQ-LK2CIFQ-A5IRXPR-724CPE6-Z5A4UTH-5QGO4QD"; }; "pixel-7a" = { id = "IZE7B4Z-LKTJY6Q-77NN4JG-ADYRC77-TYPZTXE-Q35BWV2-AEO7Q3R-ZE63IAU"; diff --git a/vars/per-machine/haze/syncthing/key/secret b/vars/per-machine/haze/syncthing/key/secret index b26082d..ad66134 100644 --- a/vars/per-machine/haze/syncthing/key/secret +++ b/vars/per-machine/haze/syncthing/key/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:90/tAGBIuC+Lj2wrVYZ3o84marKKV232s/XGFrRl,iv:iA4X8eAxM5tggJQ1IF8VOr+zfG4W+86LBZ5v29JH2LM=,tag:/trUxtKeFA6kxX5BKz3u9Q==,type:str]", + "data": "ENC[AES256_GCM,data:UEJQmXVs5ccGOeRK89vMcIFSuYn8Lcl724YSQeWm,iv:WTrzA6m3DRRjEoT0t516GyYCAGIHG+hMWSoiDPeFKgk=,tag:LsgAUp4oLorJfTosdoO0fw==,type:str]", "sops": { "age": [ { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcHNFZFZGSVF4UFRibVdF\nck1rMDRiclBwTzRETmNjQlYvZ01XWmtYMWkwCmdaaktjWS9idmZrWWNmMmc1VjZk\nNTJFVkUyanlyU0JmdExpNWRCOFFWS1kKLS0tIHhyV2haYzlRVExTNTJkMUtiUGlw\na3FlZ1BRTVQ1OWdHNnlwU0g4T3pobFUKp8xgjVMlHLTzym+MwFLZiHq/hHtBm9HY\n8o7UOpAnu/eVU4kvrr1dwGm2EbUu5WNj706CS+z7mmUdrck3NcRlhg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqTGdqWkFoSC90NUFqVyt5\namJUeVZFT0dkUjAwVldFdTB3ZStkQzMrS0FrCitqRGQ1Y3drUWtNZ0pRWE9MWDJP\nTXpHV21DOEdtQXp4bFNYZXRwZWo4KzAKLS0tIGUyQi9JYk9vQUFMZTlpKzVROGRo\nSmhxeDFnclhKdk5KMjRqU0R2Y1dJTjAKeD9CLVIfBwD8rFOar6Fl87k+ErCs3isG\nN021jEBL02YOSUtYCdyGfv53qiu7RFxdQisdo/H0FZq3HsU/YXjeMw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjeGtlZWdVV1c5N2p3Rnha\nTW1yeThXbVZscFU4RzlmMXIrUWlkN2tibjB3CmhkbGgyNzRndTc3SU9zYXloQXB0\nVkJFUUpGSU5samNZcFV1SjllNkdaYXcKLS0tIG9CU3krYmpqdUh0OUZVMjk4NkUw\ncjB6M0prQ3MrQXVNaVFKMGJ4OEh2V3MKmS2t86W/poio1LKABF/8nsea0y9Wyk09\n/StrwogKLX1jowxQaNl+KtzokGBsg2XouJUNIuedtXN60wUjTWjZXw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxS2grbDZZZHNPRGZqOXY4\nMjhEQ1g1R1hEQUlLZjJOMVlnWk56QzZjTVd3ClIycktuRU54TVYyWWZYRWxxeFNa\na3psa0NpcjA2MW1JdGY2UWNLSWFjNUUKLS0tIFJCSnFDWmROT05iaHdWSjV4ZWM4\ndW9Kb3FsUGVDMTQ1cTNZREpweVlZK0kKLvjxc5t4HIfigGWp3Q9Wt9uWGTdkETSF\npFk/6LdEnlSeELaBbT+MV1ciEmhl3yN1NLaXVH+zR+DQvP7RVZD/sw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-07-02T18:18:27Z", - "mac": "ENC[AES256_GCM,data:EPeiD2r5x9wgvzKmA9UPS7USqy8DFU3Z1/xetWioxQISVZycW5QSuED1a4PxSVsJF85aydau8HwePNWoVBXAJK875yn+QOBZiykmQVSs/IZ3C9FtCeHdJR5Nb8ovyOMSC9d2gIrQrTl63u3864elk0tCwmnNeTNp0wozQL9KU3M=,iv:vPb2W6BCNj03YqQDFlq2nx8rjGHQtb1gYsQYNu8opCg=,tag:owFDAWwR0DYNUoO3Ls2XBQ==,type:str]", + "lastmodified": "2025-07-02T18:19:14Z", + "mac": "ENC[AES256_GCM,data:tsbrWEXX9Ziiwo8cjLqmGMro7ulV/4XaL6ZDSZ6ZsEV7iXKCzIGd5V2qkn2TCi0M5S1A6gpa/Bp+CdTaB6zXjZ/TN9+8wL2yPnbVZ11qLheP4/Eh/zw76RLEfv0PMLnEQqyzPBPDXCiAER3gaT+yzyJRcctQ4I/2GX3VMXj6SOE=,iv:uRIj+03aNfUrKtkZVgqVNssIRLvHeJ196YhIV/kyt0E=,tag:utpMbG3hdDXQBR+PTlIZsA==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } From f1436f0041ba99b45a1df6f8bdd848e55560c3f3 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 19 Jul 2025 18:48:09 +0200 Subject: [PATCH 082/376] update flake inputs --- flake.lock | 74 ++++++++++++++++++++++++++---------------------------- 1 file changed, 35 insertions(+), 39 deletions(-) diff --git a/flake.lock b/flake.lock index 51b2780..9b3bf6d 100644 --- a/flake.lock +++ b/flake.lock @@ -18,11 +18,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1752082801, - "narHash": "sha256-iQ3X5yWGvEYIJRfajgpjhC0aqjPmlC1kf6wOQOWZP+8=", + "lastModified": 1752942236, + "narHash": "sha256-p9rxwJrI5jHd6CVlfYwqIhCZe+uUqyIPTXyMf6c5TvI=", "ref": "refs/heads/main", - "rev": "1cb1c53dfd131f1250640ee6e2a41d4ab1cf09ce", - "revCount": 8294, + "rev": "4b36b3e07c340e53c4ab281be64770df3cafa219", + "revCount": 8539, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -41,21 +41,17 @@ "clan-core", "nixpkgs" ], - "systems": [ - "clan-core", - "systems" - ], "treefmt-nix": [ "clan-core", "treefmt-nix" ] }, "locked": { - "lastModified": 1751846468, - "narHash": "sha256-h0mpWZIOIAKj4fmLNyI2HDG+c0YOkbYmyJXSj/bQ9s0=", - "rev": "a2166c13b0cb3febdaf36391cd2019aa2ccf4366", + "lastModified": 1752589312, + "narHash": "sha256-BafZOenlzMYdumG12AzgVLhEVu+GcEa8nYNDSIYe1U0=", + "rev": "496bbf05a2aa7b061ef464254db5804d1c6f45b4", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/a2166c13b0cb3febdaf36391cd2019aa2ccf4366.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/496bbf05a2aa7b061ef464254db5804d1c6f45b4.tar.gz" }, "original": { "type": "tarball", @@ -91,11 +87,11 @@ ] }, "locked": { - "lastModified": 1751854533, - "narHash": "sha256-U/OQFplExOR1jazZY4KkaQkJqOl59xlh21HP9mI79Vc=", + "lastModified": 1752718651, + "narHash": "sha256-PkaR0qmyP9q/MDN3uYa+RLeBA0PjvEQiM0rTDDBXkL8=", "owner": "nix-community", "repo": "disko", - "rev": "16b74a1e304197248a1bc663280f2548dbfcae3c", + "rev": "d5ad4485e6f2edcc06751df65c5e16572877db88", "type": "github" }, "original": { @@ -111,11 +107,11 @@ ] }, "locked": { - "lastModified": 1751854533, - "narHash": "sha256-U/OQFplExOR1jazZY4KkaQkJqOl59xlh21HP9mI79Vc=", + "lastModified": 1752718651, + "narHash": "sha256-PkaR0qmyP9q/MDN3uYa+RLeBA0PjvEQiM0rTDDBXkL8=", "owner": "nix-community", "repo": "disko", - "rev": "16b74a1e304197248a1bc663280f2548dbfcae3c", + "rev": "d5ad4485e6f2edcc06751df65c5e16572877db88", "type": "github" }, "original": { @@ -244,11 +240,11 @@ ] }, "locked": { - "lastModified": 1752062782, - "narHash": "sha256-Dod77HcIByOyfGLEJOgRxg2Fmk2Y5lVgMEcN/xVEt/8=", + "lastModified": 1752814804, + "narHash": "sha256-irfg7lnfEpJY+3Cffkluzp2MTVw1Uq9QGxFp6qadcXI=", "owner": "nix-community", "repo": "home-manager", - "rev": "bec8ff39811568eb7c8c8d1e2a1a476326748f51", + "rev": "d0300c8808e41da81d6edfc202f3d3833c157daf", "type": "github" }, "original": { @@ -267,11 +263,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1751905641, - "narHash": "sha256-jUrEaYP49bll7kvWAdOXqwYTc3yBEscQoA3vksOB3bY=", + "lastModified": 1752772855, + "narHash": "sha256-x0TCsegzoRgRB/wUG016Emkwa3lEMBVC2N9W72Y1I6o=", "owner": "ignis-sh", "repo": "ignis", - "rev": "7042b95a6e97799d4da4f4d6cd826a921453b546", + "rev": "dfb3b986a5774fef3e18a389bcb422193a99ea6e", "type": "github" }, "original": { @@ -360,11 +356,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1744142264, - "narHash": "sha256-h5KyodobZm8dx/HSNN+basgdmjxrQxudjrss4gAQpZk=", + "lastModified": 1752093877, + "narHash": "sha256-P0TySh6sQl1EhfxjW9ZqGxEyUBSsEpdnchOe1QB0pLA=", "owner": "oddlama", "repo": "nix-topology", - "rev": "f49121cbbf4a86c560638ade406d99ee58deb7aa", + "rev": "6a536c4b686ee4bcf07a7b0f8b823584560e2633", "type": "github" }, "original": { @@ -424,11 +420,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1752048960, - "narHash": "sha256-gATnkOe37eeVwKKYCsL+OnS2gU4MmLuZFzzWCtaKLI8=", + "lastModified": 1752666637, + "narHash": "sha256-P8J72psdc/rWliIvp8jUpoQ6qRDlVzgSDDlgkaXQ0Fw=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "7ced9122cff2163c6a0212b8d1ec8c33a1660806", + "rev": "d1bfa8f6ccfb5c383e1eba609c1eb67ca24ed153", "type": "github" }, "original": { @@ -456,11 +452,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1751984180, - "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=", + "lastModified": 1752687322, + "narHash": "sha256-RKwfXA4OZROjBTQAl9WOZQFm7L8Bo93FQwSJpAiSRvo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0", + "rev": "6e987485eb2c77e5dcc5af4e3c70843711ef9251", "type": "github" }, "original": { @@ -520,11 +516,11 @@ ] }, "locked": { - "lastModified": 1751606940, - "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=", + "lastModified": 1752544651, + "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d", + "rev": "2c8def626f54708a9c38a5861866660395bb3461", "type": "github" }, "original": { @@ -601,11 +597,11 @@ ] }, "locked": { - "lastModified": 1752055615, - "narHash": "sha256-19m7P4O/Aw/6+CzncWMAJu89JaKeMh3aMle1CNQSIwM=", + "lastModified": 1752909129, + "narHash": "sha256-Eh8FkMvGRaY71BU/oyZTTzt9RsBIq2E6j0r3eLZ/2kY=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "c9d477b5d5bd7f26adddd3f96cfd6a904768d4f9", + "rev": "0043b95d80b5bf6d61e84d237e2007727f4dd38d", "type": "github" }, "original": { From b8a0c96cc95d9d4259a9022fc2c0358f425b87b1 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 19 Jul 2025 18:48:09 +0200 Subject: [PATCH 083/376] add hyprland (to properly try caelestia-shell) --- machines/haze/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index 99224dc..baaf4f6 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -10,6 +10,7 @@ ./gimp.nix ./gnome.nix ./hibernate.nix + ./hyprland.nix ./niri.nix ./ssh.nix ./steam.nix From c72f0a9c51084e745038dc56d61644244ecc09bf Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 19 Jul 2025 18:48:09 +0200 Subject: [PATCH 084/376] add jj "s" alias --- home/.config/jj/config.toml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/home/.config/jj/config.toml b/home/.config/jj/config.toml index 1143906..bbe941d 100644 --- a/home/.config/jj/config.toml +++ b/home/.config/jj/config.toml @@ -7,3 +7,6 @@ diff-formatter = ["difft", "--color=always", "$left", "$right"] [user] name = "Romain Paquet" email = "rpqt@rpqt.fr" + +[aliases] +s = ["status", "--no-pager"] From 862cdcda9bc1ab74f76023b06733fd2a007b88c0 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 19 Jul 2025 18:48:09 +0200 Subject: [PATCH 085/376] migrate from clan disk-id to standalone disko --- machines/crocus/configuration.nix | 2 -- machines/crocus/disko.nix | 13 ++----------- machines/genepi/configuration.nix | 2 -- machines/genepi/disko.nix | 13 ++----------- 4 files changed, 4 insertions(+), 26 deletions(-) diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix index ff96a69..fa73c77 100644 --- a/machines/crocus/configuration.nix +++ b/machines/crocus/configuration.nix @@ -39,8 +39,6 @@ "zts7mq7onf" ]; - disko.devices.disk.main.device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_48353082"; - boot.loader.grub = { efiSupport = true; efiInstallAsRemovable = true; diff --git a/machines/crocus/disko.nix b/machines/crocus/disko.nix index af03c18..b529126 100644 --- a/machines/crocus/disko.nix +++ b/machines/crocus/disko.nix @@ -1,17 +1,8 @@ { - clan-core, - config, - ... -}: -let - suffix = config.clan.core.vars.generators.disk-id.files.diskId.value; -in -{ - imports = [ clan-core.clanModules.disk-id ]; - disko.devices.disk.main = { - name = "main-" + suffix; + name = "main-dbca87cd30a5498488026c65b37eba60"; type = "disk"; + device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_48353082"; content = { type = "gpt"; partitions = { diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index 4abf704..ef792ea 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -33,8 +33,6 @@ clan.core.settings.state-version.enable = true; - disko.devices.disk.main.device = "/dev/disk/by-id/ata-WD_Green_M.2_2280_480GB_2251E6411147"; - nix.gc = { automatic = true; dates = "weekly"; diff --git a/machines/genepi/disko.nix b/machines/genepi/disko.nix index cdcf453..908efe6 100644 --- a/machines/genepi/disko.nix +++ b/machines/genepi/disko.nix @@ -1,17 +1,8 @@ { - clan-core, - config, - ... -}: -let - suffix = config.clan.core.vars.generators.disk-id.files.diskId.value; -in -{ - imports = [ clan-core.clanModules.disk-id ]; - disko.devices.disk.main = { - name = "main-" + suffix; + name = "main-72b27bb5253045f38a07b6bc368ab85c"; type = "disk"; + device = "/dev/disk/by-id/ata-WD_Green_M.2_2280_480GB_2251E6411147"; content = { type = "gpt"; partitions = { From afb50e53ffd8c0b4e05c43a45e64b5df27934456 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 19 Jul 2025 18:48:09 +0200 Subject: [PATCH 086/376] update flake inputs --- flake.lock | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index 9b3bf6d..08d7686 100644 --- a/flake.lock +++ b/flake.lock @@ -18,11 +18,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1752942236, - "narHash": "sha256-p9rxwJrI5jHd6CVlfYwqIhCZe+uUqyIPTXyMf6c5TvI=", + "lastModified": 1753024554, + "narHash": "sha256-oVriwkUkY3xs7HONbusnaXxyGecMAdi/QLZ2Z7jZKAM=", "ref": "refs/heads/main", - "rev": "4b36b3e07c340e53c4ab281be64770df3cafa219", - "revCount": 8539, + "rev": "f6284a7ac228789feba4f6b33be49960ee8afe4a", + "revCount": 8541, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -452,11 +452,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1752687322, - "narHash": "sha256-RKwfXA4OZROjBTQAl9WOZQFm7L8Bo93FQwSJpAiSRvo=", + "lastModified": 1752950548, + "narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6e987485eb2c77e5dcc5af4e3c70843711ef9251", + "rev": "c87b95e25065c028d31a94f06a62927d18763fdf", "type": "github" }, "original": { @@ -597,11 +597,11 @@ ] }, "locked": { - "lastModified": 1752909129, - "narHash": "sha256-Eh8FkMvGRaY71BU/oyZTTzt9RsBIq2E6j0r3eLZ/2kY=", + "lastModified": 1753006367, + "narHash": "sha256-tzbhc4XttkyEhswByk5R38l+ztN9UDbnj0cTcP6Hp9A=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "0043b95d80b5bf6d61e84d237e2007727f4dd38d", + "rev": "421b56313c65a0815a52b424777f55acf0b56ddf", "type": "github" }, "original": { From ea57526a5a179ba4135427a4f575a7d448fb57a0 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 19 Jul 2025 18:48:09 +0200 Subject: [PATCH 087/376] add srvos --- flake.lock | 23 ++++++++++++++++++++++- flake.nix | 2 ++ machines/crocus/configuration.nix | 8 ++++++-- 3 files changed, 30 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 08d7686..986f4ec 100644 --- a/flake.lock +++ b/flake.lock @@ -505,7 +505,8 @@ "nix-topology": "nix-topology", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_2", + "srvos": "srvos" } }, "sops-nix": { @@ -529,6 +530,26 @@ "type": "github" } }, + "srvos": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1753061983, + "narHash": "sha256-D6+1c1L1fFJBk7ngRrPC0gHgI2DXgw2y7wNHlKvGXvk=", + "owner": "nix-community", + "repo": "srvos", + "rev": "8290c5a78a4a73baf17acdc4da7aa8e92f85b249", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "srvos", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 5e46000..742d435 100644 --- a/flake.nix +++ b/flake.nix @@ -91,6 +91,8 @@ flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; + srvos.url = "github:nix-community/srvos"; + srvos.inputs.nixpkgs.follows = "nixpkgs"; }; nixConfig = { diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix index fa73c77..a0cbb4f 100644 --- a/machines/crocus/configuration.nix +++ b/machines/crocus/configuration.nix @@ -1,12 +1,10 @@ { self, - modulesPath, config, ... }: { imports = [ - (modulesPath + "/profiles/qemu-guest.nix") # ./radicle.nix ../../system ../../modules/remote-builder.nix @@ -14,6 +12,12 @@ ../../modules/unbound.nix ../../modules/unbound-auth.nix self.nixosModules.gitea + self.inputs.srvos.nixosModules.server + self.inputs.srvos.nixosModules.hardware-hetzner-cloud + ]; + + disabledModules = [ + self.inputs.srvos.nixosModules.mixins-cloud-init ]; nixpkgs.hostPlatform = "x86_64-linux"; From a3244a4e9b3dd23af7b211d4b811e89f49c9070a Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 19 Jul 2025 18:48:09 +0200 Subject: [PATCH 088/376] set timezone on a per-machine basis --- machines/haze/configuration.nix | 1 + system/core/default.nix | 6 ------ 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index baaf4f6..5aa9bec 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -37,6 +37,7 @@ "home.rpqt.fr" ]; + time.timeZone = "Europe/Paris"; clan.deployment.requireExplicitUpdate = true; clan.core.settings.state-version.enable = true; diff --git a/system/core/default.nix b/system/core/default.nix index 53ecc66..1d3f1d5 100644 --- a/system/core/default.nix +++ b/system/core/default.nix @@ -1,5 +1,3 @@ -{ lib, ... }: - { imports = [ ./users.nix @@ -18,8 +16,4 @@ enable = true; wheelNeedsPassword = false; }; - - # system.stateVersion = lib.mkDefault "24.11"; - - time.timeZone = lib.mkDefault "Europe/Paris"; } From 3cf1f977f393c56c76cda497fd36f27e154c469e Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 19 Jul 2025 18:48:09 +0200 Subject: [PATCH 089/376] add actual (budget app) --- machines/genepi/actual.nix | 19 +++++++++++++++++++ machines/genepi/configuration.nix | 1 + modules/unbound.nix | 1 + 3 files changed, 21 insertions(+) create mode 100644 machines/genepi/actual.nix diff --git a/machines/genepi/actual.nix b/machines/genepi/actual.nix new file mode 100644 index 0000000..6983461 --- /dev/null +++ b/machines/genepi/actual.nix @@ -0,0 +1,19 @@ +{ config, ... }: +{ + services.actual = { + enable = true; + settings = { + hostname = "127.0.0.1"; + port = 5555; + }; + }; + + services.nginx.virtualHosts."actual.home.rpqt.fr" = { + forceSSL = true; + useACMEHost = "home.rpqt.fr"; + locations."/".proxyPass = + "http://127.0.0.1:${builtins.toString config.services.actual.settings.port}"; + }; + + clan.core.state.userdata.folders = [ "/var/lib/actual" ]; +} diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index ef792ea..4d0cf75 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -5,6 +5,7 @@ { imports = [ ./acme.nix + ./actual.nix ./boot.nix ./builder.nix ./freshrss.nix diff --git a/modules/unbound.nix b/modules/unbound.nix index 8c4e5df..a35dcdf 100644 --- a/modules/unbound.nix +++ b/modules/unbound.nix @@ -9,6 +9,7 @@ let machines = { genepi = { subdomains = [ + "actual" "glance" "grafana" "images" From 6f3b639ee8112d09a4116ca379c17b4ef8c34d72 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 19 Jul 2025 18:48:09 +0200 Subject: [PATCH 090/376] git unignore .config (to browse it in helix) --- home/.gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 home/.gitignore diff --git a/home/.gitignore b/home/.gitignore new file mode 100644 index 0000000..1871e64 --- /dev/null +++ b/home/.gitignore @@ -0,0 +1 @@ +!/.config From 512c61a39fbb99f86c3a08fc76a49be993d0f81c Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 19 Jul 2025 18:48:09 +0200 Subject: [PATCH 091/376] use selft.ht icons for glance --- machines/genepi/glance-config.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/machines/genepi/glance-config.nix b/machines/genepi/glance-config.nix index 5608f38..4b1fcc4 100644 --- a/machines/genepi/glance-config.nix +++ b/machines/genepi/glance-config.nix @@ -42,22 +42,22 @@ { title = "Immich"; url = "https://images.home.rpqt.fr"; - icon = "si:immich"; + icon = "sh:immich"; } { title = "Grafana"; url = "https://grafana.home.rpqt.fr"; - icon = "si:grafana"; + icon = "sh:grafana"; } { title = "FreshRSS"; url = "https://rss.home.rpqt.fr"; - icon = "si:rss"; + icon = "sh:freshrss"; } { title = "Syncthing"; url = "https://genepi.home.rpqt.fr/syncthing"; - icon = "si:syncthing"; + icon = "sh:syncthing"; } ]; } From 1353aa7286f73bdc1e64cf57ad25ccefbc4c2330 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 19 Jul 2025 18:48:09 +0200 Subject: [PATCH 092/376] add actual and gitea to glance --- machines/genepi/glance-config.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/machines/genepi/glance-config.nix b/machines/genepi/glance-config.nix index 4b1fcc4..d3627fb 100644 --- a/machines/genepi/glance-config.nix +++ b/machines/genepi/glance-config.nix @@ -59,6 +59,16 @@ url = "https://genepi.home.rpqt.fr/syncthing"; icon = "sh:syncthing"; } + { + title = "Actual Budget"; + url = "https://actual.home.rpqt.fr"; + icon = "sh:actual-budget"; + } + { + title = "Gitea"; + url = "https://git.turifer.dev"; + icon = "sh:gitea"; + } ]; } ]; From f8c584669237a94b96c64a62b145d4e71bbff1ad Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 19 Jul 2025 18:48:09 +0200 Subject: [PATCH 093/376] use a template for turifer.dev zone file --- infra/.terraform.lock.hcl | 17 +++++++++++++++++ infra/crocus.tf | 12 ++++++++++++ infra/dns.tf | 10 +++++++++- infra/{ => templates}/turifer.dev.zone | 4 ++-- machines/flake-module.nix | 2 +- 5 files changed, 41 insertions(+), 4 deletions(-) rename infra/{ => templates}/turifer.dev.zone (90%) diff --git a/infra/.terraform.lock.hcl b/infra/.terraform.lock.hcl index 2ef5f5a..43613ee 100644 --- a/infra/.terraform.lock.hcl +++ b/infra/.terraform.lock.hcl @@ -21,6 +21,23 @@ provider "registry.opentofu.org/go-gandi/gandi" { ] } +provider "registry.opentofu.org/hashicorp/local" { + version = "2.5.3" + hashes = [ + "h1:mC9+u1eaUILTjxey6Ivyf/3djm//RNNze9kBVX/trng=", + "zh:32e1d4b0595cea6cda4ca256195c162772ddff25594ab4008731a2ec7be230bf", + "zh:48c390af0c87df994ec9796f04ec2582bcac581fb81ed6bb58e0671da1c17991", + "zh:4be7289c969218a57b40902e2f359914f8d35a7f97b439140cb711aa21e494bd", + "zh:4cf958e631e99ed6c8b522c9b22e1f1b568c0bdadb01dd002ca7dffb1c927764", + "zh:7a0132c0faca4c4c96aa70808effd6817e28712bf5a39881666ac377b4250acf", + "zh:7d60de08fac427fb045e4590d1b921b6778498eee9eb16f78c64d4c577bde096", + "zh:91003bee5981e99ec3925ce2f452a5f743827f9d0e131a86613549c1464796f0", + "zh:9fe2fe75977c8149e2515fb30c6cc6cfd57b225d4ce592c570d81a3831d7ffa3", + "zh:e210e6be54933ce93e03d0994e520ba289aa01b2c1f70e77afb8f2ee796b0fe3", + "zh:e8793e5f9422f2b31a804e51806595f335b827c9a38db18766960464566f21d5", + ] +} + provider "registry.opentofu.org/hetznercloud/hcloud" { version = "1.51.0" constraints = "~> 1.45" diff --git a/infra/crocus.tf b/infra/crocus.tf index abd9bf8..ccda070 100644 --- a/infra/crocus.tf +++ b/infra/crocus.tf @@ -1,8 +1,20 @@ resource "hcloud_server" "crocus_server" { name = "crocus" server_type = "cx22" + datacenter = "nbg1-dc3" image = "ubuntu-20.04" firewall_ids = [hcloud_firewall.crocus_firewall.id] + public_net { + ipv4 = hcloud_primary_ip.crocus_ipv4.id + } +} + +resource "hcloud_primary_ip" "crocus_ipv4" { + name = "crocus_ipv4" + type = "ipv4" + datacenter = "nbg1-dc3" + assignee_type = "server" + auto_delete = true } resource "hcloud_firewall" "crocus_firewall" { diff --git a/infra/dns.tf b/infra/dns.tf index 3dc6b1a..d028a5e 100644 --- a/infra/dns.tf +++ b/infra/dns.tf @@ -28,5 +28,13 @@ data "ovh_domain_zone" "turifer_dev" { resource "ovh_domain_zone_import" "turifer_dev_import" { zone_name = "turifer.dev" - zone_file = file("./turifer.dev.zone") + zone_file = local.turifer_dev_zone_file } + +locals { + turifer_dev_zone_file = templatefile("./templates/turifer.dev.zone", { + crocus_ipv4_address = hcloud_server.crocus_server.ipv4_address + crocus_ipv6_address = hcloud_server.crocus_server.ipv6_address + }) +} + diff --git a/infra/turifer.dev.zone b/infra/templates/turifer.dev.zone similarity index 90% rename from infra/turifer.dev.zone rename to infra/templates/turifer.dev.zone index 61b4d64..a94a640 100644 --- a/infra/turifer.dev.zone +++ b/infra/templates/turifer.dev.zone @@ -17,5 +17,5 @@ _submissions._tcp.turifer.dev. 3000 IN SRV 0 1 465 smtp.migadu.com. _imaps._tcp.turifer.dev. 3000 IN SRV 0 1 993 imap.migadu.com. _pop3s._tcp.turifer.dev. 3000 IN SRV 0 1 995 pop.migadu.com. -git.turifer.dev. 10800 IN A 167.235.28.141 -git.turifer.dev. 10800 IN AAAA 2a01:4f8:1c1e:e415::1 +git.turifer.dev. 10800 IN A ${crocus_ipv4_address} +git.turifer.dev. 10800 IN AAAA ${crocus_ipv6_address} diff --git a/machines/flake-module.nix b/machines/flake-module.nix index 6e8dfff..7d46d50 100644 --- a/machines/flake-module.nix +++ b/machines/flake-module.nix @@ -39,7 +39,7 @@ roles.moon.machines.crocus = { settings = { stableEndpoints = [ - "167.235.28.141" + "116.203.18.122" "2a01:4f8:1c1e:e415::/64" ]; }; From d5110c0f1b653cafb957673f37bba666c05784ad Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 19 Jul 2025 18:48:09 +0200 Subject: [PATCH 094/376] run unbound on genepi --- machines/genepi/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index 4d0cf75..43a1977 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -20,6 +20,8 @@ ./taskchampion.nix ./topology.nix + ../../modules/unbound.nix + ../../modules/unbound-auth.nix ../../system self.inputs.home-manager.nixosModules.home-manager From 1bbd0c2c6266a85a0c139fa54af8f5482112b186 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 26 Jul 2025 19:18:51 +0200 Subject: [PATCH 095/376] Update vars via generator gitea-s3-storage for machine crocus --- .../access-key-id/machines/crocus | 1 + .../gitea-s3-storage/access-key-id/secret | 19 +++++++++++++++++++ .../gitea-s3-storage/access-key-id/users/rpqt | 1 + .../access-key-secret/machines/crocus | 1 + .../gitea-s3-storage/access-key-secret/secret | 19 +++++++++++++++++++ .../access-key-secret/users/rpqt | 1 + 6 files changed, 42 insertions(+) create mode 120000 vars/per-machine/crocus/gitea-s3-storage/access-key-id/machines/crocus create mode 100644 vars/per-machine/crocus/gitea-s3-storage/access-key-id/secret create mode 120000 vars/per-machine/crocus/gitea-s3-storage/access-key-id/users/rpqt create mode 120000 vars/per-machine/crocus/gitea-s3-storage/access-key-secret/machines/crocus create mode 100644 vars/per-machine/crocus/gitea-s3-storage/access-key-secret/secret create mode 120000 vars/per-machine/crocus/gitea-s3-storage/access-key-secret/users/rpqt diff --git a/vars/per-machine/crocus/gitea-s3-storage/access-key-id/machines/crocus b/vars/per-machine/crocus/gitea-s3-storage/access-key-id/machines/crocus new file mode 120000 index 0000000..efe6fd0 --- /dev/null +++ b/vars/per-machine/crocus/gitea-s3-storage/access-key-id/machines/crocus @@ -0,0 +1 @@ +../../../../../../sops/machines/crocus \ No newline at end of file diff --git a/vars/per-machine/crocus/gitea-s3-storage/access-key-id/secret b/vars/per-machine/crocus/gitea-s3-storage/access-key-id/secret new file mode 100644 index 0000000..8759b9c --- /dev/null +++ b/vars/per-machine/crocus/gitea-s3-storage/access-key-id/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:NB7f+8tGLTJACgHqRzCmvfq84A1wY3gdsgA=,iv:2tNgNcKOpqvvd2ULSSOQwpGbU51uovLbXpIRElTVM/w=,tag:3WBlU9rN5mP2o5/N5ijCZA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwRERmU3Bxbm42TlE4R0RX\na2ozeFVqNFlZYmVqeXFQb2JVVVlWbjVhTVdBCkJmWGdSK2VVcUZmRWkxL3U0S28v\nRTdpSGhsR0czUnBmUHNMdVdmRGJweVUKLS0tIHFVckZ5RE04TVcxbE9nbUZRWC9M\nTnAzM0k5cnFFREZ2SWFVbHhpdVlLaEkKigwXIzJ3WtyXOeZZ9INrfOdCJKADIjBC\ntSqzb2dY1I7akYd87nxR14fXIx0h379XZMBDgwLQhDI4iJOzmwON+Q==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSZkM0YUM5OFMxM0czek9H\nZU9sbzFFVTNYWktCeVYvYTh5TUtWNGhiZFNjClJDM2MvZlFCTGVwakZRRWVscDN0\nd2podlM4bXVwUW8zMEYydU0wNEhhV00KLS0tIDhGb2ZBQlNHMGo4bjd2ZCtUMzQ2\nZzQ3U3BybGhCbSt4bGwvSDltRmpIZTgKnpusl9Z/x2f/h+kamRwUR8yt+ZmwuvUk\nrfnG+qO1iEHGoGbM5ltWEiIy20Igf4SC7CluMJsm0qqTdUc0mPP5iw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-07-26T17:18:51Z", + "mac": "ENC[AES256_GCM,data:Wm0RiWij2BZRyT9JkP265sUfn4mnGYVV5xJLxjzPnKyhVEu8Pnr6kSVQVAYP3C2SVicPghPSZONPNW0Co8zSEv/YYD91sLg43mxCPLABR4fda5ZRWaHhxZ2lQ7duCmvGxJP9wdKq/OGQ/C2ubO5W7FIJYmfi04rV7aKKwsGHaJg=,iv:oxVeIkBlWf/GHl81V84F1okGiFfXKTqJGHFHbz+Xkao=,tag:QGEJih/j9RqNr8IgtxAZOQ==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/crocus/gitea-s3-storage/access-key-id/users/rpqt b/vars/per-machine/crocus/gitea-s3-storage/access-key-id/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/crocus/gitea-s3-storage/access-key-id/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file diff --git a/vars/per-machine/crocus/gitea-s3-storage/access-key-secret/machines/crocus b/vars/per-machine/crocus/gitea-s3-storage/access-key-secret/machines/crocus new file mode 120000 index 0000000..efe6fd0 --- /dev/null +++ b/vars/per-machine/crocus/gitea-s3-storage/access-key-secret/machines/crocus @@ -0,0 +1 @@ +../../../../../../sops/machines/crocus \ No newline at end of file diff --git a/vars/per-machine/crocus/gitea-s3-storage/access-key-secret/secret b/vars/per-machine/crocus/gitea-s3-storage/access-key-secret/secret new file mode 100644 index 0000000..66f68ae --- /dev/null +++ b/vars/per-machine/crocus/gitea-s3-storage/access-key-secret/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:88a57QIAqnO23iv/l3a4Gkl/7ddX3vPFZV37VAgpCsobXntzg3PAAXCXUb36rDHwMZa50Io1jQNErJqed9J6Wg==,iv:1HJ1o7pKZU9XohgKL1j+DZzBMfEUoOwpHyYlwoRapD0=,tag:8Y8+VvXpJJibRyKOBy8vWw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkbVpCalVOdHQ2Y0MxQ2RD\nUGNQZy8veFVwUTltSmk4TEh1RkNsc3d0S240CmxIMHNqRVNPVEVKWW45d1plQUNq\nN0ZjRUVwdi90UlhQdlk5R1lkK0U3c2sKLS0tIGR2aE1VKzYxcmtHOXFxQ1dIdFpR\nbFYxZGdLUjQvSnRBc3BmeXF0Y2JScTAKPcg+bHmnvYu6yXCV8k5Mh+XmIIGDxT2y\nNJKHrAk1gRpI3L46dKPvoqIEAwT5lpv9qC9S//qnG6ZPexoHF5R39A==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvT1VSeGhTNXIzSWdKcGRT\nd0g0a1gzdi85VVJiWUk5a0dqRTlsMjhjWTNBCmwyakIyUlhyaHQ1Wld0K0ZieUNC\nZE9xeGgrTlFNd25BOTZ4ZnFwd1F5aWMKLS0tIDU3VlJEdFFQc2RXY0E3ODNaUWN2\nR2lIYU1aaDZabFJRZ1l5blk3MFBteEUKrhAutd7ppq/KjAnAtdvKcNFAfPfmFQe0\nnx1Zng1N2CINAxYkgEuMETqP29bsX4HibxdkPgMDqhKm1O43BY+PHA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-07-26T17:18:51Z", + "mac": "ENC[AES256_GCM,data:30DcAIuIzINrCgOZ/bRnU2ZbGzgPM3qKEV0ktIa+UOYr9BbaBFJmCxkQjAX2ZMwciQEcWJkOWjfV1jHv6HFXl+p/6D/9IN4S04RjpTUhODYUL5rAai2GzZ3gh0X+KPdrG0jyrqGyjl8fluzkrA40b3H3Bvar6Kh1+U//ACN1Iv8=,iv:cplJSehn3y0B+bi14pm5hrRWV1NQh5w4AikiUrye4I4=,tag:ReK1Mpm3ejNmSC/OuzSApw==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/crocus/gitea-s3-storage/access-key-secret/users/rpqt b/vars/per-machine/crocus/gitea-s3-storage/access-key-secret/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/crocus/gitea-s3-storage/access-key-secret/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From dcf1e6d4f65d7f69bd8f379c9ec1cd7193f9fffb Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 20 Aug 2025 21:03:15 +0200 Subject: [PATCH 096/376] Add haze to secret --- vars/shared/garage-shared/rpc_secret/machines/haze | 1 + vars/shared/garage-shared/rpc_secret/secret | 14 +++++++++----- 2 files changed, 10 insertions(+), 5 deletions(-) create mode 120000 vars/shared/garage-shared/rpc_secret/machines/haze diff --git a/vars/shared/garage-shared/rpc_secret/machines/haze b/vars/shared/garage-shared/rpc_secret/machines/haze new file mode 120000 index 0000000..0bcd94e --- /dev/null +++ b/vars/shared/garage-shared/rpc_secret/machines/haze @@ -0,0 +1 @@ +../../../../../sops/machines/haze \ No newline at end of file diff --git a/vars/shared/garage-shared/rpc_secret/secret b/vars/shared/garage-shared/rpc_secret/secret index dfd7072..e0816ca 100644 --- a/vars/shared/garage-shared/rpc_secret/secret +++ b/vars/shared/garage-shared/rpc_secret/secret @@ -3,16 +3,20 @@ "sops": { "age": [ { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvaWVtWG5hbk4yVHhyMWFE\nL2JHcGgvempPNXhnWEZDWFVHMFZ1MkdWL2g0Ck5RRVJlQ3JrSkxNL3BOYlNHeXY0\nQ0FVdzVQQVZnaFdoc2tIMUJzU3FyVTgKLS0tIDRhMWcvaDlGZWhiTjlJd3dvbnpZ\nWEVsdjB6WEZ4ZjM0UXVyTkZoTkUvdXcK38L3PAkQW7mnRaS/ScCriU0hZ/NsQq73\nTUReIxJTAy9/4HAex4rmcVeCHnCWvbLKKUothPRPrLP1h7sDmN9q+A==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5MEFMUzlHeHB6a1ozejJw\nKy9BL2dYMTV0aUpVUWN5QWtYVWRGc3NTSXljCkVXSzZpMWQ0MWZnSEY4d3dwbmJz\nNzdvWFFObE5ibC95UHVic1Byc1Y4bzAKLS0tIFB3VFhhNUdYcUR0MlpaYU9mOXVI\najArb3VMcGlQYnNmUlhOKzF1clZXUDQKMfFCdkps9eSH6nuvDfeeUxsktP/5EinA\n2b6VjQ1qW7l7RjrOmXGtBjHx2aBDjrKYNMoRsGOfeoMO66cYx+PA6g==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3eUJWVlZTVGxLKzNLSlJM\nbE1VZ05oSVBvWDRVOW5Cek42ekg2SEtINjJ3Ci94a0lLTDBBTkgwNTRkZmhvVDVa\nOHpwOEViOEM3R1IwZHV0QllhcXRGODQKLS0tIDRGN0NsNWlaTzNKUk9WYVpIVCtL\nK0N5Z3NtcUYwV2pyUXVld296VU5JazQKJYWq1KPT/Oie+DT9Uj30CaFJCYkVX+zS\nF8zHodbPAOakUjwLgp1flLK6DP66lq9D+1U6y9+qaZdWnBwPGgL5Hg==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKVTF3WVZsSi85SS9UVjdy\nMnQxK1N3ZERJSlQ4cS9vUWRtMGxJMlZKT0hjClZ0b1FrS2NaRTlMTExRWTdheVlG\nR3NxL2tTUnZpc1JyMm4wL0FVQ3E4SGMKLS0tIFpGMXBuOGtENXhOM1dvZ3gyUmc2\nSWw5V0V0NnpGNVpOZFF3b0lVV1oxVDQK2VafDyf5FSllO/bgmeWJ+iERpU2NtxuD\n3GKAWfAVkFsJM8dlFKrgl46pnofxV/F+jeSyfVi5n+90ZW9itxHArw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2b01nWnU2SGFSbWJZTTB6\nMXZrZTVTWlF3cW9rVmYzajVabzhmenZ2VzJVClB3ME1rQzk4ZkxSMHBBKzdqL2Rs\nNDJ5WUlRdGo4cmJzdGhERWhDQVhqWnMKLS0tIHRLNDlSVWVNbllmTDU3WHdWblBD\nd0Zoanc4YktFMEkyY3BiSVZ3N0o3encKEL+98El05Shf+GWJruRRGeXWfZGixFQs\nKx+LnKBibCafi28uV6HXXmXGEUvdrNBoAfakRS7IHIjdTYEVdIWesg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRaE1UNkFCZHNCbFlsN1JU\ncVRDQkVQOXQ5OUJRRUhjcUVVUUJRcy9wZDBFCjFzeTRBQk9kcWVGc2xKcU9EdDZI\neFEzOFNOUG1LeDdGOGN3VUxJMFh6dUUKLS0tIGdsSERIZ0Ivd0tqT0k5VFltZFRV\nYUwrYnFsUEFhVmVmc25GN0dsaS9PY2sKuJH6+hQ+/J1z/5UfWEPTCS+5AFAsOY/P\nE+yAScPaPvJZzDMY9NKOJi8JoKDk4Q+9jeTozi5RWs3uAKioITR39A==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiNFI2bG03a1FjTWtRZHpL\nSUVQU1RaTVQ2TXc2RTZQZVZwTzIvdXc0cTIwCmZqc1gwTlc1QTQ1RjN0b0Z3aFNN\nVUVEY3llTFB1T3luOW1NMEx6b3lqaW8KLS0tIHp0UWVwLzBMc0p2SE1OYnRHNTkv\nWk1HY0JCOGdVWU9iU3gzK0IyMnF5WG8Kao7fg8TuInnjp31BRixPX+xoNmvXhKei\nuptJED/LgnzP3GTIzPNxEo1AgBY1yu/3tRr2WFvakUtoft0TGu3ORw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-06-19T21:51:53Z", From dce2fec55d77c185d3dfa6c93565fb00187ec757 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 20 Aug 2025 21:06:32 +0200 Subject: [PATCH 097/376] Update vars via generator garage for machine haze --- .../haze/garage/admin_token/machines/haze | 1 + .../haze/garage/admin_token/secret | 19 +++++++++++++++++++ .../haze/garage/admin_token/users/rpqt | 1 + .../haze/garage/metrics_token/machines/haze | 1 + .../haze/garage/metrics_token/secret | 19 +++++++++++++++++++ .../haze/garage/metrics_token/users/rpqt | 1 + 6 files changed, 42 insertions(+) create mode 120000 vars/per-machine/haze/garage/admin_token/machines/haze create mode 100644 vars/per-machine/haze/garage/admin_token/secret create mode 120000 vars/per-machine/haze/garage/admin_token/users/rpqt create mode 120000 vars/per-machine/haze/garage/metrics_token/machines/haze create mode 100644 vars/per-machine/haze/garage/metrics_token/secret create mode 120000 vars/per-machine/haze/garage/metrics_token/users/rpqt diff --git a/vars/per-machine/haze/garage/admin_token/machines/haze b/vars/per-machine/haze/garage/admin_token/machines/haze new file mode 120000 index 0000000..db9551a --- /dev/null +++ b/vars/per-machine/haze/garage/admin_token/machines/haze @@ -0,0 +1 @@ +../../../../../../sops/machines/haze \ No newline at end of file diff --git a/vars/per-machine/haze/garage/admin_token/secret b/vars/per-machine/haze/garage/admin_token/secret new file mode 100644 index 0000000..bf529a0 --- /dev/null +++ b/vars/per-machine/haze/garage/admin_token/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:5jy8TnyZC5pnZjVHfu2UG5WP0EqiYIAzkxNsfXi49SQM0Jj0YcDGnJK5rhQI,iv:QdixTsOqXAdK28eggOekBsAiecwoW5IIOQLaGJ8TQ6I=,tag:whNmkf7n3HwtfXo4mqsODg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMWkx3QUpnb2hNME85Z2Qx\ndmNuVTl2cS9vQy9WTy9GQ1gzQk02ekF6ZVI4CmNqbEVMbzF0ZFBCU3hhNEtjL25G\namZRdlpZdGN4djJ5RVFkYVpST0pGWUUKLS0tIE1XRm16TlMvZWM1S1UzcVBqRGZL\nbmppdjJuekZ5SDlRT2JyWk8wSStPQ28K7WNzJfzLeQE1A/6ehcqEXVo9wK8BXZXx\nrn54Q66NJ8D13EB6ckAAtYs47Q20QLMZYOjLhXplMtzbNzsA9AbW7Q==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxeTUyUWZlT1lVQWF2VnlG\nQW4wZEJHSXVnckpWQjBsZ1gvQW5FRS9ycVJjCmk5QU42MHc5NDhXM1JtdDNjTG93\naGJxVk85QjRuY3B3MnlrOTdLNFNxaUEKLS0tIDJicVQyS1JoZnFRdHI0MGJscVdQ\ndGhTK3h1L0w1czRvOVZEa0pOeFZQMEUKdPDn2sgmIn5k7xWhyevmeoUYJeINsJou\nNmMjBmcd0yPY6VXbAP17zaA53mNfYVCjRhlqWwXKFtA/6NeLQnbNvw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-08-20T19:06:32Z", + "mac": "ENC[AES256_GCM,data:uSwnPaV5+fi2czQoOhb7aVlYHejjXDeXkUZ1JZbH9m2//OxczfOvue66kVQiiq+m9QdgDnAHKy4LK3JpjuxI5QG/6wPx1aC0CisrjQx+tY4Cw2+mTfgiWWzCrM9q5URVFuxZ+TfFapeHMCL2CQZnLPvesbDwv4wNjLYsvJghVjA=,iv:AnVTpfgULC0bdw802optkPQjk7tDCBpzv3EiQEEfWeI=,tag:eGUZWCmjMl9m1PC1QTVWsw==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/haze/garage/admin_token/users/rpqt b/vars/per-machine/haze/garage/admin_token/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/haze/garage/admin_token/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file diff --git a/vars/per-machine/haze/garage/metrics_token/machines/haze b/vars/per-machine/haze/garage/metrics_token/machines/haze new file mode 120000 index 0000000..db9551a --- /dev/null +++ b/vars/per-machine/haze/garage/metrics_token/machines/haze @@ -0,0 +1 @@ +../../../../../../sops/machines/haze \ No newline at end of file diff --git a/vars/per-machine/haze/garage/metrics_token/secret b/vars/per-machine/haze/garage/metrics_token/secret new file mode 100644 index 0000000..06d02b7 --- /dev/null +++ b/vars/per-machine/haze/garage/metrics_token/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:2sVVTEcBqn7eIZFpKfEWJ4kU1tS4o78cv8VosjG8s3JmXcTxqHczEdbs+gVA,iv:T1eDOxyWNiwDl7+kZKDb78J+A3t/E+0okj1s3OjyyxI=,tag:wDmMUJp1I/vTm4XsK5gHPw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLTFFNNnRpRXZoSkJNcjdy\nRCtJWm5NY1dUUm1jbC9mOFM0SEdVRlQ1UWtnClFRenhVaGpnZVRENmcybzlhS3J4\naGhObWUzRFNtZk1EbXZPYXZXeEM2dEEKLS0tIGRmeWdLS1BUOFpLNncweWtYYmJu\nSVRsZHAvck41UThyNlFYOGdaN0swY2cKHCXE0iKuy1obNYA2U9YbkdcGemJ817sw\nmoDJOFBat/YRUuURvvxzH3OBvpoymXJ5Ov8j5psZfoXyTdaEsv05Xw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWMGRaYzNLek8wS0c4eGEx\nVWxQcWtadHYzR05CZGNiMDBpenBZZUlDaEZvClB1dXQ4K0krRzdhL243enhvTmJ2\nc2gyVDlpZFpMeVQzQXpCTHk1Q1BjaEUKLS0tIGlzWUlrenhUU1o3N0pCaGRxWUZK\nQzZnVjJqU3pLVHVWM2FVZkxkdkgwRUkKHEq7gRTOzKC0UZMNtPVjn3LS25ihqh/Q\n+h80aEXuYRtr9CKWXu9fWV9mRTs9xvSlRJ2PMKA/N0M/eQu6kpBPZQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-08-20T19:06:32Z", + "mac": "ENC[AES256_GCM,data:UmVIfwKSX+qHb0nkTA6Bm0pK+j2p2zw1iZLxM1469bICjdyWJCa908kjEzDb/aozx+KGi6LyoIUFHVyBoJKhTfgyiHg8iaEhhWCXNwmNswdainswtN5pXE94dgx7ycGs1jLd1R0bOI6RdziIv1vfm3DGMhw0dszVp44HF4UM4iU=,iv:71/Plcqcemhnn7y7DvffsVXmF2pNmpt5UwHsY0eVEls=,tag:zAn8d1IXZ/5GL4g+F8whlA==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/haze/garage/metrics_token/users/rpqt b/vars/per-machine/haze/garage/metrics_token/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/haze/garage/metrics_token/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From 5f5b2b73804f588d62fa769b56de259a6450e715 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 20 Aug 2025 21:06:33 +0200 Subject: [PATCH 098/376] Update vars via generator syncthing for machine haze --- vars/per-machine/haze/syncthing/cert/secret | 19 +++++++++++++++++++ vars/per-machine/haze/syncthing/key/secret | 10 +++++----- 2 files changed, 24 insertions(+), 5 deletions(-) create mode 100644 vars/per-machine/haze/syncthing/cert/secret diff --git a/vars/per-machine/haze/syncthing/cert/secret b/vars/per-machine/haze/syncthing/cert/secret new file mode 100644 index 0000000..1b3e194 --- /dev/null +++ b/vars/per-machine/haze/syncthing/cert/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:6KxN+qR0zUiNsB7IIDmAJklnF71LFSpgoS0UCXTSrUOZQug=,iv:fgxExYTHlBQ5xTycGTqbrz5wBQbW2xTc/5yfeuznSts=,tag:cq83nmKmjCMe9UknSyOMxQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1TU94SlI1YnpOWXVHTFds\ndGJzaytyZmEvb0piSkFCaEp3amV6cHZlNm1nCnJUakVWMkJ2NjhwdmtBTkFLem9P\nSGxiTXRLelJCZWllTFg1aXlOM2F5aU0KLS0tIE1KZFBibUpsSlN6QU5KV1dLWVVq\nSXhGMlpnTEdVNUpEdkorQVgrc3lvWWsKH/xoffqTYjUxz6q+3DR9pqx7JUDLwcWB\nGupwKMH8vGjcOxv3fuxK7d1IpxhFqNHQb1fIQX0t6bII6k8K8OUH4Q==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOY0lsT25ZakNjNk9HTjla\nVWdQS0J0YkVrbE9QUkNCLzJnTEdCNlUvZXlrCmZ3WGtwc0J5WDd0WGtuSzhEVzlT\nd3lBVEY3WDVUSUw3OE92SG9xN3VaYVkKLS0tIDgyb040OGluamZxZE10S3l3L2d6\nUFZ0c3hObWJ4UmV2YnlHNHg4V0poT28Ke35QWZrnycpwpaSjW9FkGF8yhAJggY+6\n0yvAvSKCLcYz7md4z0CFfDc5SJe2h9pJTFdww1ga5+p8Qth1PI/MAQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-08-20T19:06:33Z", + "mac": "ENC[AES256_GCM,data:7eL3qw33GBBlw74B4njDOzCZInLPLWqbzyErs0tRFK7pDp0EUkIUpqdM/MxZcbXyKm8+OdPlKaoLGMbOFbyHBwHlwk+9nIjJ5gNG3SM2S0Tn/DnrIO6ckui3rDFnBtu1pT1j+sYIfOTBb1CgQqfACF1t4omhDGJqn07YOkz0zuo=,iv:8Gh+9/m+zqlakh/aucDqzRBJSn/M+0PifJXM+/P66eA=,tag:A5k9kjcPGlNBmdMV7uroyw==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/haze/syncthing/key/secret b/vars/per-machine/haze/syncthing/key/secret index ad66134..966e3f3 100644 --- a/vars/per-machine/haze/syncthing/key/secret +++ b/vars/per-machine/haze/syncthing/key/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:UEJQmXVs5ccGOeRK89vMcIFSuYn8Lcl724YSQeWm,iv:WTrzA6m3DRRjEoT0t516GyYCAGIHG+hMWSoiDPeFKgk=,tag:LsgAUp4oLorJfTosdoO0fw==,type:str]", + "data": "ENC[AES256_GCM,data:e0gCvLy7m25wSjCnikjhAX38Iks1+7gvdDsenkLV,iv:KM4WVmj2MrE7odCo7uUtgPGzaeYyyIJqmygLDGkYg6Y=,tag:BWEsp0vX1r34gS1eKeRzYQ==,type:str]", "sops": { "age": [ { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqTGdqWkFoSC90NUFqVyt5\namJUeVZFT0dkUjAwVldFdTB3ZStkQzMrS0FrCitqRGQ1Y3drUWtNZ0pRWE9MWDJP\nTXpHV21DOEdtQXp4bFNYZXRwZWo4KzAKLS0tIGUyQi9JYk9vQUFMZTlpKzVROGRo\nSmhxeDFnclhKdk5KMjRqU0R2Y1dJTjAKeD9CLVIfBwD8rFOar6Fl87k+ErCs3isG\nN021jEBL02YOSUtYCdyGfv53qiu7RFxdQisdo/H0FZq3HsU/YXjeMw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMlRVcFJuWVFOWkowYUJj\nTmtFSFh2UmpNdTU1Yk9TNGQ1RTNpYWNpc1RrCnBrME9VRG1yQWtBci80bHIxalpw\nSXJvZnYyL0sxanVBQy80NXJtUGtNMFEKLS0tIDV5VjVrS2hrb0ptekIyZmxKWDA2\nRlBNVUVoOGpHRWxlRmloSTNEOWFlNTQK796MdwmRgsXTUR6n9cJjPfopH+rHiZ51\nr/U8Zy4dAG/Rn7fBRSgXiL50pRu9UlehiOZfHWyXkerrzQJY17kTGg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxS2grbDZZZHNPRGZqOXY4\nMjhEQ1g1R1hEQUlLZjJOMVlnWk56QzZjTVd3ClIycktuRU54TVYyWWZYRWxxeFNa\na3psa0NpcjA2MW1JdGY2UWNLSWFjNUUKLS0tIFJCSnFDWmROT05iaHdWSjV4ZWM4\ndW9Kb3FsUGVDMTQ1cTNZREpweVlZK0kKLvjxc5t4HIfigGWp3Q9Wt9uWGTdkETSF\npFk/6LdEnlSeELaBbT+MV1ciEmhl3yN1NLaXVH+zR+DQvP7RVZD/sw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArcmcvR1hGTW1kamJRaFcx\nUTlxVzFRSG1EUWpVUEFnbkZWakIwMDJZeVRvCldQY1c2NnNxakQ4VEQ4aEt5VWRL\nUDZwZjh3d0Y2ZTJiVTQzTnd2N2xtcUkKLS0tIGJsdkJzakQrVFNrTXJGSWU1dURr\nd1g2VGh1SUNEMEQ1SmNIbVFhN2lHQXcKzBe3RZkrc4slSP6P5vpIHQoDderwtPzK\nwOl5rAC/Q+Lwg9r4xR9fUkHBUgzf+qWVX0OlTV4ir8mdqfjR9F/wLg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-07-02T18:19:14Z", - "mac": "ENC[AES256_GCM,data:tsbrWEXX9Ziiwo8cjLqmGMro7ulV/4XaL6ZDSZ6ZsEV7iXKCzIGd5V2qkn2TCi0M5S1A6gpa/Bp+CdTaB6zXjZ/TN9+8wL2yPnbVZ11qLheP4/Eh/zw76RLEfv0PMLnEQqyzPBPDXCiAER3gaT+yzyJRcctQ4I/2GX3VMXj6SOE=,iv:uRIj+03aNfUrKtkZVgqVNssIRLvHeJ196YhIV/kyt0E=,tag:utpMbG3hdDXQBR+PTlIZsA==,type:str]", + "lastmodified": "2025-08-20T19:06:33Z", + "mac": "ENC[AES256_GCM,data:cXxTRuiEo5UJmRR0PlytgcHWKRqwlEgoVMaGfYHWDHsE7NZU3YiPyTH8sFp7qxIOiTm+i9ldEpOIJuKl4BA5WS42cPjGPKuPgyq1+dpm7r43vm3W0OVRy0lFRMtWbhhGwePHldhWm4U6cpWHgWOeJ0zRwoPKMjeBwIM6Jmz/siM=,iv:pucJbH1mWrhq6pOpx7RFdLZZBHOPL6HRxNZGt46lZJs=,tag:H0d366G+oNTGkR+bimPd4w==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } From d1c88bc832c76d1615f698821019c080466fc510 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 20 Aug 2025 21:25:43 +0200 Subject: [PATCH 099/376] update flake inputs --- flake.lock | 179 ++++++++++++++++++++++------------------------------- 1 file changed, 73 insertions(+), 106 deletions(-) diff --git a/flake.lock b/flake.lock index 986f4ec..773656f 100644 --- a/flake.lock +++ b/flake.lock @@ -18,11 +18,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1753024554, - "narHash": "sha256-oVriwkUkY3xs7HONbusnaXxyGecMAdi/QLZ2Z7jZKAM=", + "lastModified": 1755705350, + "narHash": "sha256-yT9gS+egNoO4/RNwuOLEXlMNVe4rl60Y/4ztYskWtuU=", "ref": "refs/heads/main", - "rev": "f6284a7ac228789feba4f6b33be49960ee8afe4a", - "revCount": 8541, + "rev": "56d9256c023861ae46eae536fffa7d0ccf527add", + "revCount": 9325, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -47,11 +47,11 @@ ] }, "locked": { - "lastModified": 1752589312, - "narHash": "sha256-BafZOenlzMYdumG12AzgVLhEVu+GcEa8nYNDSIYe1U0=", - "rev": "496bbf05a2aa7b061ef464254db5804d1c6f45b4", + "lastModified": 1753067306, + "narHash": "sha256-jyoEbaXa8/MwVQ+PajUdT63y3gYhgD9o7snO/SLaikw=", + "rev": "18dfd42bdb2cfff510b8c74206005f733e38d8b9", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/496bbf05a2aa7b061ef464254db5804d1c6f45b4.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/18dfd42bdb2cfff510b8c74206005f733e38d8b9.tar.gz" }, "original": { "type": "tarball", @@ -87,11 +87,11 @@ ] }, "locked": { - "lastModified": 1752718651, - "narHash": "sha256-PkaR0qmyP9q/MDN3uYa+RLeBA0PjvEQiM0rTDDBXkL8=", + "lastModified": 1755519972, + "narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=", "owner": "nix-community", "repo": "disko", - "rev": "d5ad4485e6f2edcc06751df65c5e16572877db88", + "rev": "4073ff2f481f9ef3501678ff479ed81402caae6d", "type": "github" }, "original": { @@ -107,11 +107,11 @@ ] }, "locked": { - "lastModified": 1752718651, - "narHash": "sha256-PkaR0qmyP9q/MDN3uYa+RLeBA0PjvEQiM0rTDDBXkL8=", + "lastModified": 1755519972, + "narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=", "owner": "nix-community", "repo": "disko", - "rev": "d5ad4485e6f2edcc06751df65c5e16572877db88", + "rev": "4073ff2f481f9ef3501678ff479ed81402caae6d", "type": "github" }, "original": { @@ -143,11 +143,11 @@ ] }, "locked": { - "lastModified": 1751413152, - "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "lastModified": 1754487366, + "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", "type": "github" }, "original": { @@ -158,28 +158,7 @@ }, "flake-utils": { "inputs": { - "systems": [ - "ignis", - "systems" - ] - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { - "inputs": { - "systems": "systems_4" + "systems": "systems_3" }, "locked": { "lastModified": 1726560853, @@ -217,22 +196,6 @@ "type": "github" } }, - "gvc": { - "flake": false, - "locked": { - "lastModified": 1735384240, - "narHash": "sha256-ikF9EzFlsRH8i4+SVUHETF4Jk1ob2JX1RLsuMdzrQOQ=", - "owner": "ignis-sh", - "repo": "libgnome-volume-control-wheel", - "rev": "2d1cb33dacdae43127bb843a48b159ea7b8925d0", - "type": "github" - }, - "original": { - "owner": "ignis-sh", - "repo": "libgnome-volume-control-wheel", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -240,11 +203,11 @@ ] }, "locked": { - "lastModified": 1752814804, - "narHash": "sha256-irfg7lnfEpJY+3Cffkluzp2MTVw1Uq9QGxFp6qadcXI=", + "lastModified": 1755625756, + "narHash": "sha256-t57ayMEdV9g1aCfHzoQjHj1Fh3LDeyblceADm2hsLHM=", "owner": "nix-community", "repo": "home-manager", - "rev": "d0300c8808e41da81d6edfc202f3d3833c157daf", + "rev": "dd026d86420781e84d0732f2fa28e1c051117b59", "type": "github" }, "original": { @@ -255,19 +218,17 @@ }, "ignis": { "inputs": { - "flake-utils": "flake-utils", - "gvc": "gvc", + "ignis-gvc": "ignis-gvc", "nixpkgs": [ "nixpkgs" - ], - "systems": "systems_2" + ] }, "locked": { - "lastModified": 1752772855, - "narHash": "sha256-x0TCsegzoRgRB/wUG016Emkwa3lEMBVC2N9W72Y1I6o=", + "lastModified": 1755103721, + "narHash": "sha256-rJFLwPf6YHS9rszMeuFxbzYywQ5sUEblc0gwracGgXE=", "owner": "ignis-sh", "repo": "ignis", - "rev": "dfb3b986a5774fef3e18a389bcb422193a99ea6e", + "rev": "f5ee2f101364b3131e7d3236d3a903ea9593a342", "type": "github" }, "original": { @@ -276,6 +237,27 @@ "type": "github" } }, + "ignis-gvc": { + "inputs": { + "nixpkgs": [ + "ignis", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754064086, + "narHash": "sha256-ft5KvY2OYrWF+jEsfBL/Zx8Iuo2C10C6COk8wHwZw34=", + "owner": "ignis-sh", + "repo": "ignis-gvc", + "rev": "f2c9f10d8b49cc38106a2f07a51ea959c6aa4e63", + "type": "github" + }, + "original": { + "owner": "ignis-sh", + "repo": "ignis-gvc", + "type": "github" + } + }, "impermanence": { "locked": { "lastModified": 1737831083, @@ -296,14 +278,14 @@ "nixpkgs": [ "nixpkgs" ], - "systems": "systems_3" + "systems": "systems_2" }, "locked": { - "lastModified": 1745334376, - "narHash": "sha256-GZAesQW51EwCEB9w5caxgi87LiAMhVfP6GqZmet9VZc=", + "lastModified": 1755694307, + "narHash": "sha256-3tq+9jKtwjaqvb6fGx0ApZP1v3mCrn+RE1wbqCANVnQ=", "owner": "InioX", "repo": "Matugen", - "rev": "4619cca93513470dc2a1833d9a138297cbccaf2e", + "rev": "8ce17f0d76ba36dc5a7bb371234ef1973a7e3267", "type": "github" }, "original": { @@ -320,11 +302,11 @@ ] }, "locked": { - "lastModified": 1751313918, - "narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=", + "lastModified": 1755275010, + "narHash": "sha256-lEApCoWUEWh0Ifc3k1JdVjpMtFFXeL2gG1qvBnoRc2I=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf", + "rev": "7220b01d679e93ede8d7b25d6f392855b81dd475", "type": "github" }, "original": { @@ -349,7 +331,7 @@ "nix-topology": { "inputs": { "devshell": "devshell", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ], @@ -386,11 +368,11 @@ }, "nixos-facter-modules": { "locked": { - "lastModified": 1750412875, - "narHash": "sha256-uP9Xxw5XcFwjX9lNoYRpybOnIIe1BHfZu5vJnnPg3Jc=", + "lastModified": 1755504238, + "narHash": "sha256-mw7q5DPdmz/1au8mY0u1DztRgVyJToGJfJszxjKSNes=", "owner": "nix-community", "repo": "nixos-facter-modules", - "rev": "14df13c84552a7d1f33c1cd18336128fbc43f920", + "rev": "354ed498c9628f32383c3bf5b6668a17cdd72a28", "type": "github" }, "original": { @@ -420,11 +402,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1752666637, - "narHash": "sha256-P8J72psdc/rWliIvp8jUpoQ6qRDlVzgSDDlgkaXQ0Fw=", + "lastModified": 1755330281, + "narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d1bfa8f6ccfb5c383e1eba609c1eb67ca24ed153", + "rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0", "type": "github" }, "original": { @@ -452,11 +434,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1752950548, - "narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=", + "lastModified": 1755615617, + "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c87b95e25065c028d31a94f06a62927d18763fdf", + "rev": "20075955deac2583bb12f07151c2df830ef346b4", "type": "github" }, "original": { @@ -517,11 +499,11 @@ ] }, "locked": { - "lastModified": 1752544651, - "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=", + "lastModified": 1754988908, + "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", "owner": "Mic92", "repo": "sops-nix", - "rev": "2c8def626f54708a9c38a5861866660395bb3461", + "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", "type": "github" }, "original": { @@ -537,11 +519,11 @@ ] }, "locked": { - "lastModified": 1753061983, - "narHash": "sha256-D6+1c1L1fFJBk7ngRrPC0gHgI2DXgw2y7wNHlKvGXvk=", + "lastModified": 1755479226, + "narHash": "sha256-G7AVmVJhqMraf1iqMoyQ/aWuYvcFFFrMMkrMjWwVyHY=", "owner": "nix-community", "repo": "srvos", - "rev": "8290c5a78a4a73baf17acdc4da7aa8e92f85b249", + "rev": "b2eeb75153c3e2c7c82991a5c335de3b6c151f51", "type": "github" }, "original": { @@ -581,21 +563,6 @@ } }, "systems_3": { - "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", - "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default-linux", - "type": "github" - } - }, - "systems_4": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -618,11 +585,11 @@ ] }, "locked": { - "lastModified": 1753006367, - "narHash": "sha256-tzbhc4XttkyEhswByk5R38l+ztN9UDbnj0cTcP6Hp9A=", + "lastModified": 1754847726, + "narHash": "sha256-2vX8QjO5lRsDbNYvN9hVHXLU6oMl+V/PsmIiJREG4rE=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "421b56313c65a0815a52b424777f55acf0b56ddf", + "rev": "7d81f6fb2e19bf84f1c65135d1060d829fae2408", "type": "github" }, "original": { From 0a3596310df64911749378b8b9dc564fd361d127 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 21 Aug 2025 20:39:02 +0200 Subject: [PATCH 100/376] Update vars via generator syncthing for machine genepi --- .../genepi/syncthing/api/machines/genepi | 1 + vars/per-machine/genepi/syncthing/api/secret | 19 +++++++++++++++++++ .../genepi/syncthing/api/users/rpqt | 1 + .../genepi/syncthing/cert/machines/genepi | 1 + vars/per-machine/genepi/syncthing/cert/secret | 19 +++++++++++++++++++ .../genepi/syncthing/cert/users/rpqt | 1 + vars/per-machine/genepi/syncthing/id/value | 1 + .../genepi/syncthing/key/machines/genepi | 1 + vars/per-machine/genepi/syncthing/key/secret | 19 +++++++++++++++++++ .../genepi/syncthing/key/users/rpqt | 1 + 10 files changed, 64 insertions(+) create mode 120000 vars/per-machine/genepi/syncthing/api/machines/genepi create mode 100644 vars/per-machine/genepi/syncthing/api/secret create mode 120000 vars/per-machine/genepi/syncthing/api/users/rpqt create mode 120000 vars/per-machine/genepi/syncthing/cert/machines/genepi create mode 100644 vars/per-machine/genepi/syncthing/cert/secret create mode 120000 vars/per-machine/genepi/syncthing/cert/users/rpqt create mode 100644 vars/per-machine/genepi/syncthing/id/value create mode 120000 vars/per-machine/genepi/syncthing/key/machines/genepi create mode 100644 vars/per-machine/genepi/syncthing/key/secret create mode 120000 vars/per-machine/genepi/syncthing/key/users/rpqt diff --git a/vars/per-machine/genepi/syncthing/api/machines/genepi b/vars/per-machine/genepi/syncthing/api/machines/genepi new file mode 120000 index 0000000..342fa08 --- /dev/null +++ b/vars/per-machine/genepi/syncthing/api/machines/genepi @@ -0,0 +1 @@ +../../../../../../sops/machines/genepi \ No newline at end of file diff --git a/vars/per-machine/genepi/syncthing/api/secret b/vars/per-machine/genepi/syncthing/api/secret new file mode 100644 index 0000000..c811461 --- /dev/null +++ b/vars/per-machine/genepi/syncthing/api/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:u8kuySQoFLShwjIXFfy48R3QCQv1cHlNgBoPirbnq6q1,iv:xpy4QLhZEd5ra7kYJciXk0GRkRd7Z0bPL3jcrKnQdEI=,tag:whUDDBmeuZqnhkLJB9yGDg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHb1R0RXJMa3NrQWh1cHNk\nQTYvb2NGYURVSWdhTy9PZWUxSGJGQ3kvZWdnCmF5NDFmdlNKU2pML1RhWWtMUy9S\nd05Qbm5uRWx3TVRQVmJrY0IzWERhT0kKLS0tIE5LN1F1OG5BTWJkTnhiZ09OeXZi\nRDdTYk5FOGJDQmZKM2FsYWVHNnBiUEUKhM8adpoe8jHV9JPUoOWvlwVCy3ibWHO2\nkzSpGu3RZWXiZNuXAHtLbko/7LoVtoDgK6F1Sav5pDj4L8j5Pj7b7Q==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2ZzFaeHRJaEtCcXB4eVZv\nbHJLOG55NzJiS1pCZmFRaG8wUEV3OVpPREJJCkF1WUgzNG1yNUhPSFJkdmRIL3F5\nWFFOcGE1bDBhZUFBUkN2OGJpVVdaWmMKLS0tIEZLSS9oUU1RZEgrSkM1ZW9VaUdZ\nRndEVnF3MElHZmRmTC9McGJqcVdxNncKW1S2R76l0QrJ8Au6kQXJ/uBFi5axNcSg\n5aTht6GtvNFqGKjsM4VqpbhaRS0oKy3SiGgfSBAhupGnJjKiu9vr2A==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-08-21T18:39:02Z", + "mac": "ENC[AES256_GCM,data:zOFGghGKXE25I72GYPapzpJTBjh7Xv6m9sFMVtskWWqjiX3/Dnfs649E4FUIVoRbHElwc/vmNN7B5ZWaf6JJSlSpM+VzI9i5qkWgbWBqSZfh0QrtevtJ4keRxEyE4iFwoXXV0jk4p2EmL6gHdHxAKxIwarXDB0HVCuO5AwdbYLU=,iv:F7rfPEBUfTLNK00WVZyJNIa8HdvRoSK2p5IvRIOzoCY=,tag:joxrVGKTD5eGFhj32fXnvw==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/genepi/syncthing/api/users/rpqt b/vars/per-machine/genepi/syncthing/api/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/genepi/syncthing/api/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file diff --git a/vars/per-machine/genepi/syncthing/cert/machines/genepi b/vars/per-machine/genepi/syncthing/cert/machines/genepi new file mode 120000 index 0000000..342fa08 --- /dev/null +++ b/vars/per-machine/genepi/syncthing/cert/machines/genepi @@ -0,0 +1 @@ +../../../../../../sops/machines/genepi \ No newline at end of file diff --git a/vars/per-machine/genepi/syncthing/cert/secret b/vars/per-machine/genepi/syncthing/cert/secret new file mode 100644 index 0000000..8908746 --- /dev/null +++ b/vars/per-machine/genepi/syncthing/cert/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:cfoGK/Ap+Iq5TVEjRcExmrgxx6sFN9oyQssiAK1Zn6FlNt1+W2mYTtNikrlaDl4neX2N5T6oIVwKqY9XjQKRcBDAXnwoXE0Jkvmlf3hD15lgMCLzi9TXh6YMAWXOz9VkxWokihpw0CyXqZ5j8pLRPbR7OuMryzLiGBwHKBB/5P8BmvDYAGU7fDRX4pHVbsXH9lXaYvrqz/+VFAvkUm+X48RtonLJLNIrN0XaGYRHya9CaqNDmOM9VbHEuJWSzHe8NB5wNhI1PkL8mrXWfwA9oN+ojnyrHDBTAHs8gOJKELqUix/6dNfVbNgop+8Pd8qsjPRo4TEmXZxizj04Jc9klQo61qWiXUg/6eP2EhLIOgAjBE9q11uFLax4rb9FsvJmXYpM7m7hlQC27js4ZiUzy+yqtev8HlRmXIQkN33YS1qkA/F832GAnXX5rAqZn+IgVn5s7pMAu4p/TEFgH0uFy+D2Wm80vJoXgCs59N33p+b+qZgr7t1nqJDyiy8znpJAUtpsucyW47jLXhhmj1ByHmofNOllJfruOXmLfVpTFxfDtDz/H4nHIU8MNNbNL56hijjJrMf7Iyv8ojsqWemt45d2PDHO7mae3riwpt/OS/Mt+tXoEIKlLLEtNiKRYIqG0GFl+CFVvCRUNWliK52TaFUTxGT9EptvW0Th3iKqcVUtlK40Z4QvAGNQ2Dsw4L5GUfCJ/M0LETRxhsn24nlRZq3llMBBrfxmOxtC/o93+psgh77Blt3Su30NsH0HYVUZXjOym1xvpr0DgGQ8wdjekh7sjM0XTtdr/N4WF8+Eigur63t3zg3TiV07k8sHT9l3ZEN4mtUizI8RTRUG9tN9QioU0VjEFIMzTewAhRNQ7HqyOx6LtfFzZs3KqNBiaGCxjg2d3yldlZJ8nEzMmFgZQXmwH8eVVbPm0L3Puy//FRax+rBhSDUCTNc6rzS29mBeMH0wTn1bzztBAOYSWCkspVFxVzjSlZ13jnP0aFbG+HE1dXv26UvkPlinQNPZvpS42Gm913cYg35SpphstZA7+eKZOi8IUkLMITw=,iv:BkAURRGq5AzRG5e+krVpu2DhXbTj5187N6LhHmEKUjQ=,tag:izmZtEQPOgotlDMoV0CGDg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLOXNuVXhZMloveG9TZlhX\nUkFBVDlreTFKYVRwVXpQUnl5cnVXa0ZESmwwClZmSldCeEZ0blJYMS9aTjNxL2th\nWW1TaEJZM2toY3NjUWR0U0tBNXNPemsKLS0tIE9BcDlZUktwRC9rbUdXSGJtb1F6\nTkFrZ3lrK3h0bWhQYnRDeFlRK0JLM2cKniFXUI+VTfvc1gVZqpGeGh9as0HYreT5\nioI+8WXdT+ZK8WWmtR46p2nRKjZHObivo9slCpex5lgynWL6Ng/e6A==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NmhnNFNqb2s2SmhiT2RP\nUHdDc3JUdE11WkFzdkx3MW9oTGcrWU92UG5ZCnFIaHVpa2d0cUNHQS9naGNuRGhM\na2piRUhPeFdMaTNmYjc5Vy90Z2NuOEkKLS0tIGMvSFBZOXEvNlhvTGVqSHVWVmFh\ndi9EU3l3bFVsYVpOaFlrMHh4MzVVR28K1hAGYn22vus7mFP4d9zNgquqXY7MKYnq\nfMFiFa4xw/Yu6WmfKNDWFe3R2CnUN3yV86jKm0F+aX6IkL5IFvn3Bg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-08-21T18:39:02Z", + "mac": "ENC[AES256_GCM,data:5G7dqmzDZRk0g2wrmU+i16krW8YqZIozeaqaVoOxiCfRpM4JPT2wT8lXT0gsjRfGXOmuET5o+6r3KtOcn/3L02+yeTeaOxMwWkYg/kF+HJ+uP9DuuELVh4U0NN3EnVYo0JoTtDSYno5ihtx5xdfEkIASQqDAU3Zn0iatIuR9byY=,iv:ljx/17RfbR6J3EdEkdH4S8hQcSl4+JFS3ETK1291pz0=,tag:Q7myt4Y/RA8vhG4H1Y+PEQ==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/genepi/syncthing/cert/users/rpqt b/vars/per-machine/genepi/syncthing/cert/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/genepi/syncthing/cert/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file diff --git a/vars/per-machine/genepi/syncthing/id/value b/vars/per-machine/genepi/syncthing/id/value new file mode 100644 index 0000000..dfe1fe5 --- /dev/null +++ b/vars/per-machine/genepi/syncthing/id/value @@ -0,0 +1 @@ +E6JDGDV-3V3MYCN-TGBDHSO-TJEXRCM-3IJBVOB-F4Q6FFE-FAYIH4S-HNVBYAJ diff --git a/vars/per-machine/genepi/syncthing/key/machines/genepi b/vars/per-machine/genepi/syncthing/key/machines/genepi new file mode 120000 index 0000000..342fa08 --- /dev/null +++ b/vars/per-machine/genepi/syncthing/key/machines/genepi @@ -0,0 +1 @@ +../../../../../../sops/machines/genepi \ No newline at end of file diff --git a/vars/per-machine/genepi/syncthing/key/secret b/vars/per-machine/genepi/syncthing/key/secret new file mode 100644 index 0000000..ac554bf --- /dev/null +++ b/vars/per-machine/genepi/syncthing/key/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:xlS4AxF6bGWkn//F90xFoqScovc5UCPisx38EGQSUk4uPUxA0LGlBYpajPkWN/05cfpqirNzGnKd2fxOE/97vNusFf71aEn7QcqBW3dxIbNeN1b9DgOd3kCsbn1KHnTUDpE+ucx0im87KvWrLop6GiaGkREElP/hpxJnaZCZB6ae78HN1L31yANo39Ts+YJIfJ18lVFT+AKbvicUfleLKOgyHzv7eO0eohTfJ4UZAvkiW3bODL9QxiLP64pQvVkHFp9HllsWkbjd/28j3dN6ZAiZ5Fg+j2Uhjk/8m+7VkXIbPoTPu2KxXIputM/iN9fQIOaBJs3GfZ9Gj9C+oZeR3Rk5MYz/WS44bExlKd7fHB9xmKnrvTe7JTyHgPjDEvgD,iv:vAxFuqWVe3PSnqZXbFAwqVsajHrhj8ZA/3yJKVKCIrI=,tag:7ERgXif9/mb/Xbk6nsZz5Q==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLNERDK1lDVjVKS1FoWklp\nT3I5Tlo0R25VRmlLcERzcnBUTjI4dU04N3hnCkxsR1c2TjdjdWtjdmU0NmRaRDJV\nSU0zVUtNZm9KYmZnZnl1Wkd0ZlcwMDQKLS0tIGlIZVdHWnFmMHVYaVpoOVpTdDlQ\nd0x4YVo1VzJtcVgyajI5L0tIYm9DZ00KrxBbin3cw71No+rp/hNO2BdQfLsoOFRt\nJz8dTUrc7y4MRqj+3A3GTng9nu1DoBRhdg5LCXdflskQq/sbAO9bSw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzZWs2RDF3cEZMLzR5eUsy\nQXhuWWthd1J1R1RFMjF2bkxVMU1vUEk0VURRClZEZ0prOW9yTUxlaHNQeGZ6TkJ0\nNnJFM3FWcWRsT3QrRUFuM3FPTGthT0EKLS0tIFVpMVMzdWd2QjVnVmNiTkEwVC94\nYnhkK3pSdmZpd0ZBZFpIemplUG5MUlkKZIIQsnUdXNzfGt/47R+Iw45dh/iRnfWe\nRiek1Dc/VaTHOKTYHMRrauPLl6Zi/NqvRXBhh3lCa78CNbdm750jqw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-08-21T18:39:02Z", + "mac": "ENC[AES256_GCM,data:7f/wdkK2/haEHCpvVk4QeClmMG76rUBrCFqD86HoKgbnkK4u4FaRreySdt+yZvUq+AZKSQkxkoWTLk7ndyGlEF8bFZzsi0eZtgz8wkJCTwGs4l2zF6giLqs6iPvbSEiWMPJvlKKhhvyh3NfjRP+qVrZuyjL2H73plYZ/7ltSYiw=,iv:eBTEocLzBEna4iL/ynjYpp9Iq9EyTeSmafBHhP+JVUY=,tag:JHteT/rVf0LcFUsUJiOeoA==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/genepi/syncthing/key/users/rpqt b/vars/per-machine/genepi/syncthing/key/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/genepi/syncthing/key/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From d78c8a13ea8f744c2daa52540c0f66456d2edc4d Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 21 Aug 2025 21:57:40 +0200 Subject: [PATCH 101/376] Update vars via generator syncthing for machine haze --- .../haze/syncthing/api/machines/haze | 1 + vars/per-machine/haze/syncthing/api/secret | 19 +++++++++++++++++++ .../per-machine/haze/syncthing/api/users/rpqt | 1 + vars/per-machine/haze/syncthing/cert/secret | 10 +++++----- vars/per-machine/haze/syncthing/id/value | 1 + vars/per-machine/haze/syncthing/key/secret | 10 +++++----- 6 files changed, 32 insertions(+), 10 deletions(-) create mode 120000 vars/per-machine/haze/syncthing/api/machines/haze create mode 100644 vars/per-machine/haze/syncthing/api/secret create mode 120000 vars/per-machine/haze/syncthing/api/users/rpqt create mode 100644 vars/per-machine/haze/syncthing/id/value diff --git a/vars/per-machine/haze/syncthing/api/machines/haze b/vars/per-machine/haze/syncthing/api/machines/haze new file mode 120000 index 0000000..db9551a --- /dev/null +++ b/vars/per-machine/haze/syncthing/api/machines/haze @@ -0,0 +1 @@ +../../../../../../sops/machines/haze \ No newline at end of file diff --git a/vars/per-machine/haze/syncthing/api/secret b/vars/per-machine/haze/syncthing/api/secret new file mode 100644 index 0000000..3249789 --- /dev/null +++ b/vars/per-machine/haze/syncthing/api/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:wdyPBmRCVrcFH66X01F1VzFfGkKA5hhIEa10WUMfnoM0,iv:QJBi16RI0VvHtEiwrtk76oad/LNqG+xOTPWHS8R7Kys=,tag:AnaCwhmtbCZ6MaJvrRNesw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhUER5Nlk1Y2J4cyt4aUxZ\ncjY3S3VIakI0aWFQNGhEK05qUzdRaGNhSG5BCjJhSmpZVHlEOUZXRWJLY0g0NTY4\nUlJYcTU5ZzV4UzBTeFJOT1VSMHhGWVUKLS0tIHpPYUZYWVVOemRDK1dMZ00xQnNK\neGlaNUJ4UTQvblBYWVBJd3FSK0xOcjQK4e/6QiQ84joHrEfhXZvJD6IcMbM+SRrt\nAr7L3iaBVxXmSL+VXvfY9BHeONaEFE3+Bspc5qAurxkYhcrlUqJr8g==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKQTJxL0xqYXQwN2RBMkJL\nSG5wTXB0U2NKK3JYNlF0TmkvRXBCOCtZMXdFCmNKVUFBdXBwYklWZ1VrazhCMURj\nMnJ0R1ZaWGpxOEZLN2NUZjd5ZkNvcFUKLS0tIGppVE45bHdma0NzT1RSTmN4NUZ5\nNzYvblZXQWRnOWU1ekF5Vy9rTmtna00KnwKojGvvx/5JbfcReLkX0oT5Qs89UJhw\nROoW5tC4dUf7MhBf/+EUD8vG660XFlCMMoIeVX5FGSlpBHD6FSFLWw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-08-21T19:57:39Z", + "mac": "ENC[AES256_GCM,data:6B5CrRGH5vjVJ40DUoBo3y7g3Dc+YrsQ1QCwJjUeob85HYY69EF4QEh60TyAW02jcX0AF6m/qprG+66huqqnKcjlI3nlda+WFSQlL3wa2KoT6DcEwgi0p6GjQMT83WYOJBmKfAkd7vCbAnR+IJDiPW4fNpfe0eMsUBUs+EX2+9o=,iv:zrJWdjKABkpGy+F45zCfJtTNcfpGtF9RNsmH0ylsatM=,tag:QTi2ln4Uhq9gppxtA6/IYQ==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/haze/syncthing/api/users/rpqt b/vars/per-machine/haze/syncthing/api/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/haze/syncthing/api/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file diff --git a/vars/per-machine/haze/syncthing/cert/secret b/vars/per-machine/haze/syncthing/cert/secret index 1b3e194..a83f54c 100644 --- a/vars/per-machine/haze/syncthing/cert/secret +++ b/vars/per-machine/haze/syncthing/cert/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:6KxN+qR0zUiNsB7IIDmAJklnF71LFSpgoS0UCXTSrUOZQug=,iv:fgxExYTHlBQ5xTycGTqbrz5wBQbW2xTc/5yfeuznSts=,tag:cq83nmKmjCMe9UknSyOMxQ==,type:str]", + "data": "ENC[AES256_GCM,data:SKGdJPqhv+RHwVkLjxdeWKfWwR4Oiyi+ftWJ3SmGsqLEQvuXzXjsivIRwYPw7EWwMDpgh8GD28iV5TaUmthcptLucKuWk6no+AXhc6diEeRm6YEh2BAN/L2leNN0l8Dte6wG1O/1FwBQ89qHlfuJZpxCsPZHz/+Xr734F1+mbkrgat+ItET2wvqT56UkSkct0CGMqttY0IlxEVCfxZF3R/I2aQI0TOyTciikBy5yJxvffVReJhfwwJvE9PedZwjiauIxvKbvuev3+WKzLYXEr4jPqFaTI+t/xYVlWXSlXQNot/FlOFy3cfw9kKb5R/l9Xst05xA/5wMDDVEBdx1lbRxTWlS7ZYJDyZbNRtTkB6jYe1H95IupVKrnt9nqLzEaXnxzjonHrJNwopW0sF84XL9HZ8g1u+ZTgCz7CuRzB8WGacBd/nt8NIefgpeS3Coj0XZQx9cMIQM38P5eJuiM22ardknZ8PxCBCFeqXxwrddyTfrZY+FPRrIP6QK+aVMRn7998qqaKlPA0itgvyTYIMHIy3KT4Rv9U8VEfItauDsUCzhJ2TDOIuDpzCTq2pu628WRJA3jbJns0l+XSo5WUEdjK1IXTUOLsaDm+Mph2vty0IRAqoc/JV16WOqn+SeCFxdvy2eOJuosj/6hknKrSP01ptaEhrbZWFsfAVrhc2iv/9u/KpEqzn4f4XAlFkwSevBePnUnYYMrOAuI8OmmLUsWHv1flOTJmbsWLNT4/VYf4z6C9knIiz8Usqpg3BgYIt7XcntU1VWBhpwnzaIA0V4aGtoT9VyCuLP8eafkncaUkFXvYJDge9GJs+JXbrIa6WL2lRXltq7iIcu3F2FCu+sQa5pBuLTZa+dsTFKYoU55zXWRS+kXMe+M4soZ3HwxWUxN//n7KmJWN5Lw+qyNMQwBuraYCuFQR+LL2gus/Plaq8pEmi3u/sl+deU5nKW0pvyjJsCRmLW0Bj1XgJhuNGxqRhdQzHhVfs4TB5U/Na4FLsQRB+kXShz8hb4N99YklGbQ8+aNGJkgg8PnfJTy6kGCTcZnig==,iv:pOJFhXC2+945P31AI3XaGogeDJiLreZXDcBu8OCziEA=,tag:q0/fTUGO06uwq+c7CRf6EQ==,type:str]", "sops": { "age": [ { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1TU94SlI1YnpOWXVHTFds\ndGJzaytyZmEvb0piSkFCaEp3amV6cHZlNm1nCnJUakVWMkJ2NjhwdmtBTkFLem9P\nSGxiTXRLelJCZWllTFg1aXlOM2F5aU0KLS0tIE1KZFBibUpsSlN6QU5KV1dLWVVq\nSXhGMlpnTEdVNUpEdkorQVgrc3lvWWsKH/xoffqTYjUxz6q+3DR9pqx7JUDLwcWB\nGupwKMH8vGjcOxv3fuxK7d1IpxhFqNHQb1fIQX0t6bII6k8K8OUH4Q==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6RGxjMFBVR0VHaURUckRp\ndGtndko0UTJheWUzS2hGYmpVM1JMNU9sOGtzCnRsK3BVWE82YXlTaFFvMjR1R2tq\nYXdtVU95dDVZV0tIek8rNVpmZjF6WVkKLS0tIFZYVFFrZ1hvYzY4UmMrdm5RaE9h\nTlZyRktERzRFV1Jrd2laWEJ1RGpOeGMKS2u4xjbZhjgVxZShQhhUN7LjJYvf8LqW\nDfcZDHK5cBT/13E1vgtdEdh4pM1O89DCVFft2VMG1GGO/ciYxOCRiQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOY0lsT25ZakNjNk9HTjla\nVWdQS0J0YkVrbE9QUkNCLzJnTEdCNlUvZXlrCmZ3WGtwc0J5WDd0WGtuSzhEVzlT\nd3lBVEY3WDVUSUw3OE92SG9xN3VaYVkKLS0tIDgyb040OGluamZxZE10S3l3L2d6\nUFZ0c3hObWJ4UmV2YnlHNHg4V0poT28Ke35QWZrnycpwpaSjW9FkGF8yhAJggY+6\n0yvAvSKCLcYz7md4z0CFfDc5SJe2h9pJTFdww1ga5+p8Qth1PI/MAQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2ZENHN0Zqd0tsblU1TFBL\ndThtOUY5Rm5TQ1hzczJyU0VGczJLQ0dIV2k4CnFKY3pmbG5IdXhVZ2ZnSUhweHpi\nZzdkNEVVSDl6NFNaY1A3QUV1MW85Z3MKLS0tIEkyWkZ2NlRTckg1TVhFTDF1eVdF\nVnh4YWlPQTg1SEw1UGdoNzArQ0dzd0EKVAxkdZVWtIopQ6MgUDtcQY/jLcxIctUq\nGBVG08xnxGZSrU/O7pbdlRzW9P78HalzPh+U9dDm27Q2ybp6pL3K5Q==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-08-20T19:06:33Z", - "mac": "ENC[AES256_GCM,data:7eL3qw33GBBlw74B4njDOzCZInLPLWqbzyErs0tRFK7pDp0EUkIUpqdM/MxZcbXyKm8+OdPlKaoLGMbOFbyHBwHlwk+9nIjJ5gNG3SM2S0Tn/DnrIO6ckui3rDFnBtu1pT1j+sYIfOTBb1CgQqfACF1t4omhDGJqn07YOkz0zuo=,iv:8Gh+9/m+zqlakh/aucDqzRBJSn/M+0PifJXM+/P66eA=,tag:A5k9kjcPGlNBmdMV7uroyw==,type:str]", + "lastmodified": "2025-08-21T19:57:39Z", + "mac": "ENC[AES256_GCM,data:QfsTZ8clnaM49i9v/vOGNXC5MQWVeTlSQRe01+TaTSoQCbe9weCgpS0RuIFMMDYfrgjPo+uywsQqtU9h2TIcaciZECm2IlQlBV3E0KXu8YhIZfKdEVw8WubBDaoJ12EoxYLzWH6NO2T4fe1W9oWiPkvXtH2F87JshFQHxU5bjSc=,iv:xs7pXaDTRTfzQH50/ofCox+Nf04q7HaYOhG9YEI9p14=,tag:iu2ZQRZG/YX/4RhJtDq4mQ==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } diff --git a/vars/per-machine/haze/syncthing/id/value b/vars/per-machine/haze/syncthing/id/value new file mode 100644 index 0000000..c533a73 --- /dev/null +++ b/vars/per-machine/haze/syncthing/id/value @@ -0,0 +1 @@ +OAHRNIM-ZGCKX6L-TT6H7CU-PN37K5R-NSYD73B-MXNMCC6-X7V4ZVX-PXDWHAC diff --git a/vars/per-machine/haze/syncthing/key/secret b/vars/per-machine/haze/syncthing/key/secret index 966e3f3..447837d 100644 --- a/vars/per-machine/haze/syncthing/key/secret +++ b/vars/per-machine/haze/syncthing/key/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:e0gCvLy7m25wSjCnikjhAX38Iks1+7gvdDsenkLV,iv:KM4WVmj2MrE7odCo7uUtgPGzaeYyyIJqmygLDGkYg6Y=,tag:BWEsp0vX1r34gS1eKeRzYQ==,type:str]", + "data": "ENC[AES256_GCM,data:VTGonbJui6BXQSPh6IgxYqh4bJuNNplBzYr9XmddQuVgUheuXOWiIZdWIKQh+/6xGX7J3XRv7hsrmE5XJjUwR79mSgVGwa2K4ZASv8aRZ1JVuephtd9OvJaazCjeA5Y466XJtw6NEmbRiu3SCxItj8Rqk8NeLnX/QzfqTA2ICRBWDq8tBY5gYgDxZNLksDchVF5VziHjENQ0EqW5inRczWoTRf/TnnwHeGj/FY4MNgDbV3brhlHb1ksVLxxZAIJkRvPVUn8O3Q1lAQZsUNBqMcHeFGDXVP6GYyarq0oi6yirajKU+e9240SSpFfF8kkN0Bu60cKaY9ITfp349vi86hgi4t69jF7sUqvJ7q8VXtKQkWyRaiA3iMnWZBBhmVQM,iv:XYXEsPw53CSM6qGVOUx9Wo4uirtGGVqcXAs5F9oNHjQ=,tag:e2lmKXl+Zj5Kz5wv1LTk/w==,type:str]", "sops": { "age": [ { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMlRVcFJuWVFOWkowYUJj\nTmtFSFh2UmpNdTU1Yk9TNGQ1RTNpYWNpc1RrCnBrME9VRG1yQWtBci80bHIxalpw\nSXJvZnYyL0sxanVBQy80NXJtUGtNMFEKLS0tIDV5VjVrS2hrb0ptekIyZmxKWDA2\nRlBNVUVoOGpHRWxlRmloSTNEOWFlNTQK796MdwmRgsXTUR6n9cJjPfopH+rHiZ51\nr/U8Zy4dAG/Rn7fBRSgXiL50pRu9UlehiOZfHWyXkerrzQJY17kTGg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmMTVKSjVNaUorUnJnOTlZ\nc3JhSDlqZlpDQ2p1VFdqVVN3NDcvTVR6cGhnCmZ4UFV3cEkyT0RKaUI1UGRnUkNh\ndDY1c21Ja0xvdzlXWi9WTGErR0FDQk0KLS0tIG04bitsMWxMc0FwL1Q3RlEzOTRI\nUkhYenFzTEVVdExvQzVkVTU0cXZ3Mm8KHb+CXIHlz8uWHNt7a12qQ2P9vFwhklPd\nnhuZS3ZZ0POWkFp2EEeUL1JFYNrPyUpB5Td2ty/dhN6FGVFw7RoUVQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArcmcvR1hGTW1kamJRaFcx\nUTlxVzFRSG1EUWpVUEFnbkZWakIwMDJZeVRvCldQY1c2NnNxakQ4VEQ4aEt5VWRL\nUDZwZjh3d0Y2ZTJiVTQzTnd2N2xtcUkKLS0tIGJsdkJzakQrVFNrTXJGSWU1dURr\nd1g2VGh1SUNEMEQ1SmNIbVFhN2lHQXcKzBe3RZkrc4slSP6P5vpIHQoDderwtPzK\nwOl5rAC/Q+Lwg9r4xR9fUkHBUgzf+qWVX0OlTV4ir8mdqfjR9F/wLg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHbktRWnorSW1zeVR3RWdt\nMHl2alh4cnNYWWVOWmFuYzA5TktwclUwb3lVCnNUNnFLUVNTUU5veVpFLzBOU2hZ\ncmRqay9EOTBxazZ5aDlZNnZid0IxbzQKLS0tIGdOYkRKeVFyWkRHMkhaeVJmU3pK\nbkpvOG1XcWtMT0k0NmdZUkhUZ3ZNVWsKOClJTcBoB+oO41jQNC43ssNTrQXPmRBO\nGZgLa9p9eS4LCl8vVDVIthf+Z2fT2hYXzPqQZMK+gKVDWopPf8fpCA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-08-20T19:06:33Z", - "mac": "ENC[AES256_GCM,data:cXxTRuiEo5UJmRR0PlytgcHWKRqwlEgoVMaGfYHWDHsE7NZU3YiPyTH8sFp7qxIOiTm+i9ldEpOIJuKl4BA5WS42cPjGPKuPgyq1+dpm7r43vm3W0OVRy0lFRMtWbhhGwePHldhWm4U6cpWHgWOeJ0zRwoPKMjeBwIM6Jmz/siM=,iv:pucJbH1mWrhq6pOpx7RFdLZZBHOPL6HRxNZGt46lZJs=,tag:H0d366G+oNTGkR+bimPd4w==,type:str]", + "lastmodified": "2025-08-21T19:57:40Z", + "mac": "ENC[AES256_GCM,data:sDAMQsdy5og2e7Ch0npphfgMzeLcI2Lh40ZNgXG8JgDzoGLCeuNjcWwPTJDmdXzIpngAs+FuIAAMyjk1u27SY9RyVhIg+/OnAjK03UGr7sYdNNhnP5lQqKJy8PuPUaVclAuR3uavGxNGdXYX3GCFri0qCI6tB+Oqa6feZNxvEn8=,iv:EAAZc3BfqJsv/ax9Rf7uCG/D+NKLLZI6uzFzo5qb4p4=,tag:ZDb8PwLsMIDpMu5zGLNKlg==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } From c51c1c9dbc7859ebf6da72e0f25b7e9cd280c691 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 102/376] setup ignis with home-manager (fixes dependencies) --- home-manager/desktop/ignis.nix | 22 ++++++++++++++++++++++ home-manager/desktop/niri.nix | 4 ++++ machines/haze/niri.nix | 1 - 3 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 home-manager/desktop/ignis.nix diff --git a/home-manager/desktop/ignis.nix b/home-manager/desktop/ignis.nix new file mode 100644 index 0000000..bd5bbd6 --- /dev/null +++ b/home-manager/desktop/ignis.nix @@ -0,0 +1,22 @@ +{ config, inputs, ... }: +{ + imports = [ + inputs.ignis.homeManagerModules.default + ]; + + programs.ignis = { + enable = true; + + addToPythonEnv = false; + + sass.enable = true; + sass.useDartSass = true; + + services.bluetooth.enable = true; + services.audio.enable = true; + services.network.enable = true; + }; + + xdg.configFile."ignis".source = + config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/rep/heath"; +} diff --git a/home-manager/desktop/niri.nix b/home-manager/desktop/niri.nix index 678569f..f841b0d 100644 --- a/home-manager/desktop/niri.nix +++ b/home-manager/desktop/niri.nix @@ -1,4 +1,8 @@ { config, ... }: { + imports = [ + ./ignis.nix + ]; + xdg.configFile."niri".source = "${config.dotfiles.path}/.config/niri"; } diff --git a/machines/haze/niri.nix b/machines/haze/niri.nix index 1260a33..c9a11ad 100644 --- a/machines/haze/niri.nix +++ b/machines/haze/niri.nix @@ -12,7 +12,6 @@ tofi wl-gammarelay-rs xwayland-satellite - self.inputs.ignis.packages.${pkgs.system}.ignis self.inputs.matugen.packages.${pkgs.system}.default ]; From dc5ffa3c66623a7145d44f9690cc6cf75d19b4ad Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 103/376] update flake inputs --- flake.lock | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/flake.lock b/flake.lock index 773656f..9c59f66 100644 --- a/flake.lock +++ b/flake.lock @@ -18,11 +18,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1755705350, - "narHash": "sha256-yT9gS+egNoO4/RNwuOLEXlMNVe4rl60Y/4ztYskWtuU=", + "lastModified": 1755796474, + "narHash": "sha256-LO+WlKwz4fUPchI31TJ1kc/p7/1Z7txOUhKbzlqm5Eo=", "ref": "refs/heads/main", - "rev": "56d9256c023861ae46eae536fffa7d0ccf527add", - "revCount": 9325, + "rev": "7f227b232cbf8b4eba72bab86ab49b10df884d05", + "revCount": 9372, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -203,11 +203,11 @@ ] }, "locked": { - "lastModified": 1755625756, - "narHash": "sha256-t57ayMEdV9g1aCfHzoQjHj1Fh3LDeyblceADm2hsLHM=", + "lastModified": 1755755322, + "narHash": "sha256-spCxkNihCk3uT3LUrUwzdEAjLA/E0EtEgF3KVI05nlM=", "owner": "nix-community", "repo": "home-manager", - "rev": "dd026d86420781e84d0732f2fa28e1c051117b59", + "rev": "282b4c98de97da6667cb03de4f427371734bc39c", "type": "github" }, "original": { @@ -302,11 +302,11 @@ ] }, "locked": { - "lastModified": 1755275010, - "narHash": "sha256-lEApCoWUEWh0Ifc3k1JdVjpMtFFXeL2gG1qvBnoRc2I=", + "lastModified": 1755751773, + "narHash": "sha256-d1H34kko9J5fWrxCVgfa1TkIwdkGt/eDSVopAWenw24=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "7220b01d679e93ede8d7b25d6f392855b81dd475", + "rev": "3a0a38a1e7ac2c4b4150ea37a491fdffdc9c92e1", "type": "github" }, "original": { @@ -519,11 +519,11 @@ ] }, "locked": { - "lastModified": 1755479226, - "narHash": "sha256-G7AVmVJhqMraf1iqMoyQ/aWuYvcFFFrMMkrMjWwVyHY=", + "lastModified": 1755770475, + "narHash": "sha256-piB4s87GvBJkzWLbzOMyX4adjMBmTMxzMu0SNT/b8hU=", "owner": "nix-community", "repo": "srvos", - "rev": "b2eeb75153c3e2c7c82991a5c335de3b6c151f51", + "rev": "bebcf12b45df0b7d6f422ebd5da06f92b52169a8", "type": "github" }, "original": { From f463644f1b3d2488a6ddecb0b5cb2936777f7ef8 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 104/376] create prometheus clan service --- clanServices/flake-module.nix | 5 ++ clanServices/prometheus/default.nix | 110 +++++++++++++++++++++++ clanServices/prometheus/flake-module.nix | 4 + flake.nix | 1 + 4 files changed, 120 insertions(+) create mode 100644 clanServices/flake-module.nix create mode 100644 clanServices/prometheus/default.nix create mode 100644 clanServices/prometheus/flake-module.nix diff --git a/clanServices/flake-module.nix b/clanServices/flake-module.nix new file mode 100644 index 0000000..64844d9 --- /dev/null +++ b/clanServices/flake-module.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./prometheus/flake-module.nix + ]; +} diff --git a/clanServices/prometheus/default.nix b/clanServices/prometheus/default.nix new file mode 100644 index 0000000..cdb929e --- /dev/null +++ b/clanServices/prometheus/default.nix @@ -0,0 +1,110 @@ +{ self, ... }: +{ lib, ... }: +{ + _class = "clan.service"; + manifest.name = "prometheus"; + + # Only works with zerotier (until a unified network module is ready) + + roles.scraper = { + interface = { + options.extraScrapeConfigs = lib.mkOption { + type = lib.types.listOf lib.types.attrs; + description = "A list of additional scrape configurations."; + }; + }; + + perInstance = + { + settings, + roles, + ... + }: + { + nixosModule = + { config, lib, ... }: + { + services.prometheus.enable = true; + services.prometheus.scrapeConfigs = + let + allExporters = lib.unique ( + lib.concatLists ( + lib.map (machine: lib.attrNames machine.settings.exporters) (lib.attrValues roles.target.machines) + ) + ); + hasExporter = + exporter: machine: lib.hasAttr exporter roles.target.machines.${machine}.settings.exporters; + mkScrapeConfig = ( + exporter: + let + machinesWithExporter = lib.filter (hasExporter exporter) (lib.attrNames roles.target.machines); + in + { + job_name = exporter; + static_configs = lib.map (machineName: { + targets = + let + targetConfig = self.nixosConfigurations.${machineName}.config; + targetHost = targetConfig.clan.core.vars.generators.zerotier.files.zerotier-ip.value; + in + [ + "${targetHost}:${toString targetConfig.services.prometheus.exporters.${exporter}.port}" + ]; + labels.instance = machineName; + }) machinesWithExporter; + } + ); + in + (lib.map mkScrapeConfig allExporters) ++ settings.extraScrapeConfigs; + + clan.core.state.prometheus.folders = [ config.services.prometheus.stateDir ]; + }; + }; + }; + + roles.target = { + interface = + { lib, ... }: + { + options = { + exporters = lib.mkOption { + type = lib.types.attrs; + default = { }; + example = { + node = { + enabledCollectors = [ "systemd" ]; + port = 9002; + }; + }; + description = "Attribute set of exporters to enable"; + }; + }; + }; + + perInstance = + { + instanceName, + settings, + machine, + roles, + ... + }: + { + nixosModule = + { config, lib, ... }: + { + services.prometheus.exporters = builtins.mapAttrs ( + name: exporterSettings: + exporterSettings + // { + enable = true; + } + ) settings.exporters; + + networking.firewall.interfaces."zts7mq7onf".allowedTCPPorts = lib.map ( + exporterName: config.services.prometheus.exporters.${exporterName}.port + ) (lib.attrNames settings.exporters); + }; + }; + }; +} diff --git a/clanServices/prometheus/flake-module.nix b/clanServices/prometheus/flake-module.nix new file mode 100644 index 0000000..0c56386 --- /dev/null +++ b/clanServices/prometheus/flake-module.nix @@ -0,0 +1,4 @@ +{ self, lib, ... }: +{ + clan.modules."@rpqt/prometheus" = lib.modules.importApply ./default.nix { inherit self; }; +} diff --git a/flake.nix b/flake.nix index 742d435..40a62d2 100644 --- a/flake.nix +++ b/flake.nix @@ -18,6 +18,7 @@ inputs.clan-core.flakeModules.default inputs.nix-topology.flakeModule + ./clanServices/flake-module.nix ./devShells/flake-module.nix ./machines/flake-module.nix ./modules/flake-module.nix From a7d835cdee31994af092d9813e5194bbf62382c8 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 105/376] add AGH email --- home-manager/mail/default.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/home-manager/mail/default.nix b/home-manager/mail/default.nix index 4de2dd0..f654644 100644 --- a/home-manager/mail/default.nix +++ b/home-manager/mail/default.nix @@ -48,5 +48,21 @@ flavor = "migadu.com"; thunderbird.enable = config.programs.thunderbird.enable; }; + + "romain@student.agh.edu.pl" = { + address = "romain@student.agh.edu.pl"; + aliases = [ "382799@student.agh.edu.pl" ]; + realName = "Romain Paquet"; + userName = "romain@student.agh.edu.pl"; + imap = { + host = "poczta.agh.edu.pl"; + port = 993; + }; + smtp = { + host = "poczta.agh.edu.pl"; + port = 465; + }; + thunderbird.enable = config.programs.thunderbird.enable; + }; }; } From 713c2c5b58593c0396fb92a4e350ecc723c5831e Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 106/376] deploy prometheus clan service --- machines/crocus/configuration.nix | 24 --------------- machines/flake-module.nix | 37 +++++++++++++++++++++++ machines/genepi/monitoring/prometheus.nix | 2 -- machines/genepi/nginx.nix | 2 ++ 4 files changed, 39 insertions(+), 26 deletions(-) diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix index a0cbb4f..4e3df56 100644 --- a/machines/crocus/configuration.nix +++ b/machines/crocus/configuration.nix @@ -1,6 +1,5 @@ { self, - config, ... }: { @@ -48,29 +47,6 @@ efiInstallAsRemovable = true; }; - services.prometheus = { - enable = true; - port = 9001; - exporters = { - node = { - enable = true; - enabledCollectors = [ "systemd" ]; - port = 9002; - }; - }; - - scrapeConfigs = [ - { - job_name = "crocus"; - static_configs = [ - { - targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ]; - } - ]; - } - ]; - }; - services.nginx = { enable = true; recommendedProxySettings = true; diff --git a/machines/flake-module.nix b/machines/flake-module.nix index 7d46d50..007964b 100644 --- a/machines/flake-module.nix +++ b/machines/flake-module.nix @@ -8,12 +8,14 @@ deploy.targetHost = "root@crocus"; tags = [ "garage" + "server" ]; }; genepi = { deploy.targetHost = "root@genepi"; tags = [ "garage" + "server" ]; }; }; @@ -126,6 +128,41 @@ ]; roles.server.machines = { }; }; + + prometheus = { + module.input = "self"; + module.name = "@rpqt/prometheus"; + + roles.scraper.machines.genepi = { }; + roles.scraper.settings = { + extraScrapeConfigs = [ + { + job_name = "garage"; + static_configs = [ + { + labels.instance = "crocus"; + targets = [ "crocus.home.rpqt.fr:3903" ]; + } + { + labels.instance = "genepi"; + targets = [ "genepi.home.rpqt.fr:3903" ]; + } + ]; + } + ]; + }; + + roles.target.tags.server = { }; + roles.target.settings = { + exporters = { + node = { + enabledCollectors = [ + "systemd" + ]; + }; + }; + }; + }; }; }; } diff --git a/machines/genepi/monitoring/prometheus.nix b/machines/genepi/monitoring/prometheus.nix index 401a422..fcf4d20 100644 --- a/machines/genepi/monitoring/prometheus.nix +++ b/machines/genepi/monitoring/prometheus.nix @@ -58,6 +58,4 @@ in }; }; }; - - clan.core.state.userdata.folders = [ "/var/lib/prometheus2" ]; } diff --git a/machines/genepi/nginx.nix b/machines/genepi/nginx.nix index 410d7db..f05e3a2 100644 --- a/machines/genepi/nginx.nix +++ b/machines/genepi/nginx.nix @@ -4,4 +4,6 @@ recommendedProxySettings = true; recommendedTlsSettings = true; }; + + networking.firewall.interfaces."zts7mq7onf".allowedTCPPorts = [ 443 ]; } From f5c12b84574b376171c851f9463b348a1878c6f7 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 107/376] use systemd credentials for gitea --- modules/gitea.nix | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/modules/gitea.nix b/modules/gitea.nix index 41a0749..49e124d 100644 --- a/modules/gitea.nix +++ b/modules/gitea.nix @@ -23,10 +23,6 @@ }; }; - systemd.services.gitea.serviceConfig = { - EnvironmentFile = config.clan.core.vars.generators.gitea-s3-storage.files.gitea-env.path; - }; - systemd.services.gitea.environment = { GITEA__storage__STORAGE_TYPE = "minio"; GITEA__storage__MINIO_ENDPOINT = "localhost:3900"; @@ -35,24 +31,28 @@ GITEA__storage__MINIO_USE_SSL = "false"; }; + systemd.services.gitea.serviceConfig = { + LoadCredential = [ + "minio_access_key_id:${config.clan.core.vars.generators.gitea-s3-storage.files.access-key-id.path}" + "minio_secret_access_key:${config.clan.core.vars.generators.gitea-s3-storage.files.access-key-secret.path}" + ]; + Environment = [ + "GITEA__storage__MINIO_ACCESS_KEY_ID=%d/minio_access_key_id" + "GITEA__storage__MINIO_SECRET_ACCESS_KEY=%d/minio_secret_access_key" + ]; + }; + clan.core.vars.generators.gitea-s3-storage = { prompts.access-key-id = { description = "s3 access key id"; type = "line"; + persist = true; }; prompts.access-key-secret = { description = "s3 access key secret"; type = "hidden"; + persist = true; }; - files.gitea-env = { - secret = true; - }; - script = '' - printf %s "GITEA__storage__MINIO_ACCESS_KEY_ID=" >> $out/gitea-env - cat $prompts/access-key-id >> $out/gitea-env - printf "\n%s" "GITEA__storage__MINIO_SECRET_ACCESS_KEY=" >> $out/gitea-env - cat $prompts/access-key-secret >> $out/gitea-env - ''; }; services.nginx.virtualHosts."git.turifer.dev" = { From dce89a70fb7f487114ff8088a570af010970238f Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 108/376] fix genepi timezone --- machines/genepi/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index 43a1977..f6db410 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -34,6 +34,7 @@ networking.hostName = "genepi"; + time.timeZone = "Europe/Paris"; clan.core.settings.state-version.enable = true; nix.gc = { From f3aa929cf561f917a48e0ad9d256b2ac75b0f36a Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 109/376] migrate syncthing config to clan --- machines/flake-module.nix | 31 +++++++++++++++++ machines/genepi/syncthing.nix | 44 ++---------------------- machines/haze/syncthing.nix | 64 ++--------------------------------- 3 files changed, 36 insertions(+), 103 deletions(-) diff --git a/machines/flake-module.nix b/machines/flake-module.nix index 007964b..c3256b3 100644 --- a/machines/flake-module.nix +++ b/machines/flake-module.nix @@ -16,6 +16,12 @@ tags = [ "garage" "server" + "syncthing" + ]; + }; + haze = { + tags = [ + "syncthing" ]; }; }; @@ -163,6 +169,31 @@ }; }; }; + + syncthing = { + roles.peer.tags.syncthing = { }; + roles.peer.settings.folders = { + Documents = { + path = "~/Documents"; + }; + Music = { + path = "~/Music"; + }; + Pictures = { + path = "~/Pictures"; + }; + Videos = { + path = "~/Videos"; + }; + }; + roles.peer.settings.extraDevices = { + pixel-7a = { + id = "IZE7B4Z-LKTJY6Q-77NN4JG-ADYRC77-TYPZTXE-Q35BWV2-AEO7Q3R-ZE63IAU"; + name = "Pixel 7a"; + addresses = [ "dynamic" ]; + }; + }; + }; }; }; } diff --git a/machines/genepi/syncthing.nix b/machines/genepi/syncthing.nix index 904941a..e8eae38 100644 --- a/machines/genepi/syncthing.nix +++ b/machines/genepi/syncthing.nix @@ -19,48 +19,8 @@ in services.syncthing = { enable = true; user = user; - group = "users"; + group = lib.mkForce "users"; dataDir = home; - configDir = "${home}/.config/syncthing"; - openDefaultPorts = true; - overrideDevices = true; - overrideFolders = true; - settings = { - devices = { - "haze" = { - id = "INMEQOC-5WT5JMJ-EYCBQVQ-LK2CIFQ-A5IRXPR-724CPE6-Z5A4UTH-5QGO4QD"; - }; - "pixel-7a" = { - id = "IZE7B4Z-LKTJY6Q-77NN4JG-ADYRC77-TYPZTXE-Q35BWV2-AEO7Q3R-ZE63IAU"; - }; - }; - folders = { - "Documents" = { - path = "${home}/Documents"; - devices = [ - "haze" - ]; - }; - "Music" = { - path = "${home}/Media/Music"; - devices = [ - "haze" - "pixel-7a" - ]; - }; - "Pictures" = { - path = "${home}/Media/Pictures"; - devices = [ - "haze" - ]; - }; - "Videos" = { - path = "${home}/Media/Videos"; - devices = [ - "haze" - ]; - }; - }; - }; + configDir = lib.mkForce "${home}/.config/syncthing"; }; } diff --git a/machines/haze/syncthing.nix b/machines/haze/syncthing.nix index c463b15..0a6cfde 100644 --- a/machines/haze/syncthing.nix +++ b/machines/haze/syncthing.nix @@ -1,5 +1,6 @@ { config, + lib, ... }: let @@ -10,67 +11,8 @@ in services.syncthing = { enable = true; user = user; - group = "users"; + group = lib.mkForce "users"; dataDir = home; - configDir = "${home}/.config/syncthing"; - key = config.clan.core.vars.generators.syncthing.files."key".path; - cert = config.clan.core.vars.generators.syncthing.files."cert".path; - openDefaultPorts = true; - overrideDevices = true; - overrideFolders = true; - settings = { - devices = { - "genepi" = { - id = "TNP3M2Z-2AJ3CJE-4LLYHME-3KWCLN4-XQWBIDJ-PTDRANE-RRBYQWQ-KXJFTQU"; - }; - "pixel-7a" = { - id = "IZE7B4Z-LKTJY6Q-77NN4JG-ADYRC77-TYPZTXE-Q35BWV2-AEO7Q3R-ZE63IAU"; - }; - }; - folders = { - "Documents" = { - path = "${home}/Documents"; - devices = [ - "genepi" - "pixel-7a" - ]; - }; - "Music" = { - path = "${home}/Music"; - devices = [ - "genepi" - "pixel-7a" - ]; - }; - "Pictures" = { - path = "${home}/Pictures"; - devices = [ - "genepi" - ]; - }; - "Videos" = { - path = "${home}/Videos"; - devices = [ - "genepi" - ]; - }; - }; - }; - }; - - clan.core.vars.generators.syncthing = { - prompts.key = { - description = "syncthing private key"; - type = "hidden"; - persist = true; - }; - files.key.owner = config.services.syncthing.user; - - prompts.cert = { - description = "syncthing cert"; - type = "hidden"; - persist = true; - }; - files.cert.owner = config.services.syncthing.user; + configDir = lib.mkForce "${home}/.config/syncthing"; }; } From 78556d6159bcf6243281b18a54ec76150490837b Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 110/376] add weather for Saint-Michel --- machines/genepi/glance-config.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/machines/genepi/glance-config.nix b/machines/genepi/glance-config.nix index d3627fb..ec2432e 100644 --- a/machines/genepi/glance-config.nix +++ b/machines/genepi/glance-config.nix @@ -82,6 +82,12 @@ units = "metric"; hour-format = "24h"; } + { + type = "weather"; + location = "Saint-Michel-de-Maurienne, France"; + units = "metric"; + hour-format = "24h"; + } ]; } ]; From 1b0963680c0dde020ccdcc18602064c3fb9c3264 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 111/376] add pinchflat --- machines/genepi/configuration.nix | 1 + machines/genepi/glance-config.nix | 5 +++++ machines/genepi/pinchflat.nix | 31 +++++++++++++++++++++++++++++++ modules/unbound.nix | 1 + 4 files changed, 38 insertions(+) create mode 100644 machines/genepi/pinchflat.nix diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index f6db410..a6c2074 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -16,6 +16,7 @@ ./mpd.nix ./network.nix ./nginx.nix + ./pinchflat.nix ./syncthing.nix ./taskchampion.nix ./topology.nix diff --git a/machines/genepi/glance-config.nix b/machines/genepi/glance-config.nix index ec2432e..cfb09fa 100644 --- a/machines/genepi/glance-config.nix +++ b/machines/genepi/glance-config.nix @@ -69,6 +69,11 @@ url = "https://git.turifer.dev"; icon = "sh:gitea"; } + { + title = "Pinchflat"; + url = "https://pinchflat.home.rpqt.fr"; + icon = "sh:pinchflat"; + } ]; } ]; diff --git a/machines/genepi/pinchflat.nix b/machines/genepi/pinchflat.nix new file mode 100644 index 0000000..9d29657 --- /dev/null +++ b/machines/genepi/pinchflat.nix @@ -0,0 +1,31 @@ +{ + config, + pkgs, + ... +}: +{ + services.pinchflat = { + enable = true; + secretsFile = config.clan.core.vars.generators.pinchflat.files.env.path; + mediaDir = "/home/rpqt/Music"; + }; + + clan.core.vars.generators.pinchflat = { + files.env = { }; + runtimeInputs = [ + pkgs.coreutils + pkgs.openssl + ]; + script = '' + echo "$SECRET_KEY_BASE=$(openssl rand -hex 64)" > "$out"/env + ''; + }; + + clan.core.state.pinchflat.folders = [ "/var/lib/pinchflat" ]; + + services.nginx.virtualHosts."pinchflat.home.rpqt.fr" = { + forceSSL = true; + useACMEHost = "home.rpqt.fr"; + locations."/".proxyPass = "http://127.0.0.1:${builtins.toString config.services.pinchflat.port}"; + }; +} diff --git a/modules/unbound.nix b/modules/unbound.nix index a35dcdf..f1a26c8 100644 --- a/modules/unbound.nix +++ b/modules/unbound.nix @@ -13,6 +13,7 @@ let "glance" "grafana" "images" + "pinchflat" "rss" "tw" ]; From 9923396809e7b7789d9f25ede21004c9c28143c7 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 112/376] renamed clan option --- machines/haze/configuration.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index 5aa9bec..272a1a7 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -38,7 +38,8 @@ ]; time.timeZone = "Europe/Paris"; - clan.deployment.requireExplicitUpdate = true; + + clan.core.deployment.requireExplicitUpdate = true; clan.core.settings.state-version.enable = true; From 1b8db35058af761916db9720258528737e38adef Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 113/376] mark jj default diff editor as ok --- home/.config/jj/config.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/home/.config/jj/config.toml b/home/.config/jj/config.toml index bbe941d..69f9901 100644 --- a/home/.config/jj/config.toml +++ b/home/.config/jj/config.toml @@ -3,6 +3,7 @@ [ui] default-command = "log" diff-formatter = ["difft", "--color=always", "$left", "$right"] +diff-editor = ":builtin" [user] name = "Romain Paquet" From 56551297702fe3e496b76af9550d235664aa6f16 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 114/376] fix(prometheus): missing full path in stateDir --- clanServices/prometheus/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clanServices/prometheus/default.nix b/clanServices/prometheus/default.nix index cdb929e..a5a5e68 100644 --- a/clanServices/prometheus/default.nix +++ b/clanServices/prometheus/default.nix @@ -57,7 +57,7 @@ in (lib.map mkScrapeConfig allExporters) ++ settings.extraScrapeConfigs; - clan.core.state.prometheus.folders = [ config.services.prometheus.stateDir ]; + clan.core.state.prometheus.folders = [ "/var/lib/${config.services.prometheus.stateDir}" ]; }; }; }; From e672fe13f9b1622a18b3d2461523706eedfc8998 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 115/376] add gmail account --- home-manager/mail/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/home-manager/mail/default.nix b/home-manager/mail/default.nix index f654644..aefae53 100644 --- a/home-manager/mail/default.nix +++ b/home-manager/mail/default.nix @@ -64,5 +64,12 @@ }; thunderbird.enable = config.programs.thunderbird.enable; }; + + "romain.pqt@gmail.com" = { + address = "romain.pqt@gmail.com"; + realName = "Romain Paquet"; + flavor = "gmail.com"; + thunderbird.enable = config.programs.thunderbird.enable; + }; }; } From fcc5d5a614a83594e80be3f467839a98c990ca9d Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 116/376] add lounge (internal website) --- machines/genepi/configuration.nix | 1 + modules/lounge.nix | 7 +++++++ modules/unbound.nix | 1 + 3 files changed, 9 insertions(+) create mode 100644 modules/lounge.nix diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index a6c2074..b5d2a7e 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -21,6 +21,7 @@ ./taskchampion.nix ./topology.nix + ../../modules/lounge.nix ../../modules/unbound.nix ../../modules/unbound-auth.nix ../../system diff --git a/modules/lounge.nix b/modules/lounge.nix new file mode 100644 index 0000000..a51de5a --- /dev/null +++ b/modules/lounge.nix @@ -0,0 +1,7 @@ +{ + services.nginx.virtualHosts."lounge.home.rpqt.fr" = { + useACMEHost = "home.rpqt.fr"; + forceSSL = true; + root = "/var/www/lounge"; + }; +} diff --git a/modules/unbound.nix b/modules/unbound.nix index f1a26c8..7ddccf9 100644 --- a/modules/unbound.nix +++ b/modules/unbound.nix @@ -13,6 +13,7 @@ let "glance" "grafana" "images" + "lounge" "pinchflat" "rss" "tw" From 5238012ee5545cc54a827f1ff1ab4fbf04f2a833 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 117/376] add website links in glance --- machines/genepi/glance-config.nix | 35 +++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/machines/genepi/glance-config.nix b/machines/genepi/glance-config.nix index cfb09fa..6ae8f80 100644 --- a/machines/genepi/glance-config.nix +++ b/machines/genepi/glance-config.nix @@ -76,6 +76,41 @@ } ]; } + { + type = "monitor"; + cache = "1m"; + title = "Sites"; + sites = [ + { + title = "Lounge"; + url = "https://lounge.home.rpqt.fr"; + icon = "si:html5"; + } + { + title = "Web corner"; + url = "https://rpqt.fr"; + icon = "si:html5"; + } + ]; + } + { + type = "bookmarks"; + groups = [ + { + title = "Music"; + links = [ + { + title = "YouTube Music"; + url = "https://music.youtube.com"; + } + { + title = "Music for programming"; + url = "https://musicforprogramming.net/latest/"; + } + ]; + } + ]; + } ]; } { From 1f9d0663b3c8020fc1c8f3d5b7633a8f6f66947a Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 118/376] update flake inputs --- flake.lock | 72 +++++++++++++++++++++++++++--------------------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/flake.lock b/flake.lock index 9c59f66..51f9469 100644 --- a/flake.lock +++ b/flake.lock @@ -18,11 +18,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1755796474, - "narHash": "sha256-LO+WlKwz4fUPchI31TJ1kc/p7/1Z7txOUhKbzlqm5Eo=", + "lastModified": 1756227173, + "narHash": "sha256-lkbIhwynwvJHXahzSSxzDKp+pcghbtyZOLuKOqSIGGw=", "ref": "refs/heads/main", - "rev": "7f227b232cbf8b4eba72bab86ab49b10df884d05", - "revCount": 9372, + "rev": "0517d87caa043e699a45b3de65179c3982036ae9", + "revCount": 9670, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -47,11 +47,11 @@ ] }, "locked": { - "lastModified": 1753067306, - "narHash": "sha256-jyoEbaXa8/MwVQ+PajUdT63y3gYhgD9o7snO/SLaikw=", - "rev": "18dfd42bdb2cfff510b8c74206005f733e38d8b9", + "lastModified": 1756091210, + "narHash": "sha256-oEUEAZnLbNHi8ti4jY8x10yWcIkYoFc5XD+2hjmOS04=", + "rev": "eb831bca21476fa8f6df26cb39e076842634700d", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/18dfd42bdb2cfff510b8c74206005f733e38d8b9.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/eb831bca21476fa8f6df26cb39e076842634700d.tar.gz" }, "original": { "type": "tarball", @@ -87,11 +87,11 @@ ] }, "locked": { - "lastModified": 1755519972, - "narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=", + "lastModified": 1756115622, + "narHash": "sha256-iv8xVtmLMNLWFcDM/HcAPLRGONyTRpzL9NS09RnryRM=", "owner": "nix-community", "repo": "disko", - "rev": "4073ff2f481f9ef3501678ff479ed81402caae6d", + "rev": "bafad29f89e83b2d861b493aa23034ea16595560", "type": "github" }, "original": { @@ -107,11 +107,11 @@ ] }, "locked": { - "lastModified": 1755519972, - "narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=", + "lastModified": 1756115622, + "narHash": "sha256-iv8xVtmLMNLWFcDM/HcAPLRGONyTRpzL9NS09RnryRM=", "owner": "nix-community", "repo": "disko", - "rev": "4073ff2f481f9ef3501678ff479ed81402caae6d", + "rev": "bafad29f89e83b2d861b493aa23034ea16595560", "type": "github" }, "original": { @@ -203,11 +203,11 @@ ] }, "locked": { - "lastModified": 1755755322, - "narHash": "sha256-spCxkNihCk3uT3LUrUwzdEAjLA/E0EtEgF3KVI05nlM=", + "lastModified": 1756022458, + "narHash": "sha256-J1i35r4HfNDdPpwL0vOBaZopQudAUVtartEerc1Jryc=", "owner": "nix-community", "repo": "home-manager", - "rev": "282b4c98de97da6667cb03de4f427371734bc39c", + "rev": "9e3a33c0bcbc25619e540b9dfea372282f8a9740", "type": "github" }, "original": { @@ -224,11 +224,11 @@ ] }, "locked": { - "lastModified": 1755103721, - "narHash": "sha256-rJFLwPf6YHS9rszMeuFxbzYywQ5sUEblc0gwracGgXE=", + "lastModified": 1756202507, + "narHash": "sha256-znQkYnIzL0NoKma2ltiaOrRpZDQYAJuQA4nPpSV5A+A=", "owner": "ignis-sh", "repo": "ignis", - "rev": "f5ee2f101364b3131e7d3236d3a903ea9593a342", + "rev": "3b7be57c28f5325a38207fd6bb73f4469be30734", "type": "github" }, "original": { @@ -302,11 +302,11 @@ ] }, "locked": { - "lastModified": 1755751773, - "narHash": "sha256-d1H34kko9J5fWrxCVgfa1TkIwdkGt/eDSVopAWenw24=", + "lastModified": 1755825449, + "narHash": "sha256-XkiN4NM9Xdy59h69Pc+Vg4PxkSm9EWl6u7k6D5FZ5cM=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "3a0a38a1e7ac2c4b4150ea37a491fdffdc9c92e1", + "rev": "8df64f819698c1fee0c2969696f54a843b2231e8", "type": "github" }, "original": { @@ -317,11 +317,11 @@ }, "nix-select": { "locked": { - "lastModified": 1745005516, - "narHash": "sha256-IVaoOGDIvAa/8I0sdiiZuKptDldrkDWUNf/+ezIRhyc=", - "rev": "69d8bf596194c5c35a4e90dd02c52aa530caddf8", + "lastModified": 1755887746, + "narHash": "sha256-lzWbpHKX0WAn/jJDoCijIDss3rqYIPawe46GDaE6U3g=", + "rev": "92c2574c5e113281591be01e89bb9ddb31d19156", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/nix-select/archive/69d8bf596194c5c35a4e90dd02c52aa530caddf8.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/nix-select/archive/92c2574c5e113281591be01e89bb9ddb31d19156.tar.gz" }, "original": { "type": "tarball", @@ -368,11 +368,11 @@ }, "nixos-facter-modules": { "locked": { - "lastModified": 1755504238, - "narHash": "sha256-mw7q5DPdmz/1au8mY0u1DztRgVyJToGJfJszxjKSNes=", + "lastModified": 1756109073, + "narHash": "sha256-5pjFEziluVwJ0Z50h9laKfWbDluXuA5ada05xb/QiV4=", "owner": "nix-community", "repo": "nixos-facter-modules", - "rev": "354ed498c9628f32383c3bf5b6668a17cdd72a28", + "rev": "a1042c81126d9c9314c1eb1a7b89ab4d81b5dea7", "type": "github" }, "original": { @@ -434,11 +434,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1755615617, - "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", + "lastModified": 1756125398, + "narHash": "sha256-XexyKZpf46cMiO5Vbj+dWSAXOnr285GHsMch8FBoHbc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "20075955deac2583bb12f07151c2df830ef346b4", + "rev": "3b9f00d7a7bf68acd4c4abb9d43695afb04e03a5", "type": "github" }, "original": { @@ -585,11 +585,11 @@ ] }, "locked": { - "lastModified": 1754847726, - "narHash": "sha256-2vX8QjO5lRsDbNYvN9hVHXLU6oMl+V/PsmIiJREG4rE=", + "lastModified": 1755934250, + "narHash": "sha256-CsDojnMgYsfshQw3t4zjRUkmMmUdZGthl16bXVWgRYU=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "7d81f6fb2e19bf84f1c65135d1060d829fae2408", + "rev": "74e1a52d5bd9430312f8d1b8b0354c92c17453e5", "type": "github" }, "original": { From 0ca67e1303141afc26f59326167cf96d353543b3 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 119/376] let clan find the deploy targets by itself --- machines/flake-module.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/machines/flake-module.nix b/machines/flake-module.nix index c3256b3..502c377 100644 --- a/machines/flake-module.nix +++ b/machines/flake-module.nix @@ -5,14 +5,12 @@ inventory.machines = { crocus = { - deploy.targetHost = "root@crocus"; tags = [ "garage" "server" ]; }; genepi = { - deploy.targetHost = "root@genepi"; tags = [ "garage" "server" From 90f2c8ab2e89c23dc44d2b309f4630b42a791cb1 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 120/376] remove broken avahi (it was actually garage...) --- machines/flake-module.nix | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/machines/flake-module.nix b/machines/flake-module.nix index 502c377..222d6d5 100644 --- a/machines/flake-module.nix +++ b/machines/flake-module.nix @@ -53,27 +53,6 @@ roles.peer.tags."all" = { }; }; - "avahi" = { - module.input = "clan-core"; - module.name = "garage"; - roles.default.tags.all = { }; - roles.default.extraModules = [ - { - services.avahi = { - enable = true; - nssmdns4 = true; - nssmdns6 = true; - publish = { - enable = true; - domain = true; - userServices = true; - addresses = true; - }; - }; - } - ]; - }; - "sshd" = { module.input = "clan-core"; module.name = "sshd"; From 628abe646f4250934ed071fd8f483ad2dc937a15 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 121/376] add internet deploy target for crocus --- machines/flake-module.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/machines/flake-module.nix b/machines/flake-module.nix index 222d6d5..db168ee 100644 --- a/machines/flake-module.nix +++ b/machines/flake-module.nix @@ -53,6 +53,12 @@ roles.peer.tags."all" = { }; }; + internet = { + roles.default.machines.crocus = { + settings.host = "git.turifer.dev"; + }; + }; + "sshd" = { module.input = "clan-core"; module.name = "sshd"; From dc92c0561612200aaa80ec90d41ad3ba56c35da3 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 122/376] rename zerotier instance to just "zerotier" --- machines/flake-module.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/machines/flake-module.nix b/machines/flake-module.nix index db168ee..7bbcd94 100644 --- a/machines/flake-module.nix +++ b/machines/flake-module.nix @@ -38,9 +38,7 @@ }; }; - "rpqt-zerotier" = { - module.input = "clan-core"; - module.name = "zerotier"; + zerotier = { roles.controller.machines.crocus = { }; roles.moon.machines.crocus = { settings = { From d3257336fc9a01b110fec342f9ef52c36e359ee4 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 123/376] re-enable immich --- machines/genepi/configuration.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index b5d2a7e..4a7471b 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -11,7 +11,7 @@ ./freshrss.nix ./glance.nix ./homeassistant.nix - # ./immich.nix + ./immich.nix ./monitoring ./mpd.nix ./network.nix @@ -37,6 +37,7 @@ networking.hostName = "genepi"; time.timeZone = "Europe/Paris"; + clan.core.settings.state-version.enable = true; nix.gc = { From 4648d28ac06decbb7106693b7ba7eacf33df30f3 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 124/376] add gitea state dir to clan backups --- modules/gitea.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/gitea.nix b/modules/gitea.nix index 49e124d..034801e 100644 --- a/modules/gitea.nix +++ b/modules/gitea.nix @@ -55,6 +55,8 @@ }; }; + clan.core.state.gitea.folders = [ config.services.gitea.stateDir ]; + services.nginx.virtualHosts."git.turifer.dev" = { enableACME = true; forceSSL = true; From ac51739c569a76f27833667fc37835403e393379 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 125/376] move actual and immich state to their namespaces --- machines/genepi/actual.nix | 2 +- machines/genepi/immich.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/machines/genepi/actual.nix b/machines/genepi/actual.nix index 6983461..6bf59f3 100644 --- a/machines/genepi/actual.nix +++ b/machines/genepi/actual.nix @@ -15,5 +15,5 @@ "http://127.0.0.1:${builtins.toString config.services.actual.settings.port}"; }; - clan.core.state.userdata.folders = [ "/var/lib/actual" ]; + clan.core.state.acutal.folders = [ "/var/lib/actual" ]; } diff --git a/machines/genepi/immich.nix b/machines/genepi/immich.nix index 7161f3c..3b67b45 100644 --- a/machines/genepi/immich.nix +++ b/machines/genepi/immich.nix @@ -26,5 +26,5 @@ in }; }; - clan.core.state.userdata.folders = [ "/var/lib/immich" ]; + clan.core.state.immich.folders = [ "/var/lib/immich" ]; } From 2ea7fa983c6acacac8c17519349c419e6ae1b113 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 126/376] use nix version of home assistant --- machines/genepi/homeassistant.nix | 41 ++++++++++++++++++++++++++----- modules/unbound.nix | 1 + 2 files changed, 36 insertions(+), 6 deletions(-) diff --git a/machines/genepi/homeassistant.nix b/machines/genepi/homeassistant.nix index 8506960..313a63e 100644 --- a/machines/genepi/homeassistant.nix +++ b/machines/genepi/homeassistant.nix @@ -1,10 +1,39 @@ +{ config, ... }: +let + domain = "home.rpqt.fr"; + subdomain = "assistant.${domain}"; +in { - virtualisation.oci-containers.containers.homeassistant = { - volumes = [ "home-assistant:/config" ]; - environment.TZ = "Europe/Paris"; - image = "ghcr.io/home-assistant/home-assistant:stable"; - extraOptions = [ - "--network=host" + services.home-assistant = { + enable = true; + extraComponents = [ + # Components required to complete the onboarding + "analytics" + "google_translate" + "met" + "radio_browser" + "shopping_list" + # For fast zlib compression + "isal" ]; + config = { + default_config = { }; + http = { + use_x_forwarded_for = true; + trusted_proxies = [ "127.0.0.1" ]; + }; + }; + }; + + services.nginx.virtualHosts.${subdomain} = { + forceSSL = true; + useACMEHost = "${domain}"; + extraConfig = '' + proxy_buffering off; + ''; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.home-assistant.config.http.server_port}"; + proxyWebsockets = true; + }; }; } diff --git a/modules/unbound.nix b/modules/unbound.nix index 7ddccf9..cf4796b 100644 --- a/modules/unbound.nix +++ b/modules/unbound.nix @@ -10,6 +10,7 @@ let genepi = { subdomains = [ "actual" + "assistant" "glance" "grafana" "images" From ebdbb3fb35c076786bf5359c3145fa54e04ca83c Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 127/376] fix cert renewal failure Somehow the local unbound instance seems to fail to resolve some queries during the renewal process. --- machines/genepi/acme.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/machines/genepi/acme.nix b/machines/genepi/acme.nix index 4e319a2..e0e1a3d 100644 --- a/machines/genepi/acme.nix +++ b/machines/genepi/acme.nix @@ -18,6 +18,7 @@ dnsPropagationCheck = true; environmentFile = config.clan.core.vars.generators.gandi.files.gandi-env.path; email = "admin@rpqt.fr"; + dnsResolver = "1.1.1.1:53"; }; }; From efe09bebe4b629c7f212b1cd70616bb45e31222a Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 128/376] update flake inputs --- flake.lock | 88 +++++++++++++++++++++++++++--------------------------- 1 file changed, 44 insertions(+), 44 deletions(-) diff --git a/flake.lock b/flake.lock index 51f9469..4e8d13a 100644 --- a/flake.lock +++ b/flake.lock @@ -18,11 +18,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1756227173, - "narHash": "sha256-lkbIhwynwvJHXahzSSxzDKp+pcghbtyZOLuKOqSIGGw=", + "lastModified": 1757439969, + "narHash": "sha256-n2LXotKVjlgAfAm5F6i0ryX54QokuPIf+P9DmQdjGts=", "ref": "refs/heads/main", - "rev": "0517d87caa043e699a45b3de65179c3982036ae9", - "revCount": 9670, + "rev": "af4e9e784ba77915a9e334de81ac0f347ed1e261", + "revCount": 9912, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -47,11 +47,11 @@ ] }, "locked": { - "lastModified": 1756091210, - "narHash": "sha256-oEUEAZnLbNHi8ti4jY8x10yWcIkYoFc5XD+2hjmOS04=", - "rev": "eb831bca21476fa8f6df26cb39e076842634700d", + "lastModified": 1757300813, + "narHash": "sha256-JYQl+8nJYImg/inqotu9nEPcTXrRJixFN6sOfn6Tics=", + "rev": "b5f2157bcd26c73551374cd6e5b027b0119b2f3d", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/eb831bca21476fa8f6df26cb39e076842634700d.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/b5f2157bcd26c73551374cd6e5b027b0119b2f3d.tar.gz" }, "original": { "type": "tarball", @@ -87,11 +87,11 @@ ] }, "locked": { - "lastModified": 1756115622, - "narHash": "sha256-iv8xVtmLMNLWFcDM/HcAPLRGONyTRpzL9NS09RnryRM=", + "lastModified": 1757255839, + "narHash": "sha256-XH33B1X888Xc/xEXhF1RPq/kzKElM0D5C9N6YdvOvIc=", "owner": "nix-community", "repo": "disko", - "rev": "bafad29f89e83b2d861b493aa23034ea16595560", + "rev": "c8a0e78d86b12ea67be6ed0f7cae7f9bfabae75a", "type": "github" }, "original": { @@ -107,11 +107,11 @@ ] }, "locked": { - "lastModified": 1756115622, - "narHash": "sha256-iv8xVtmLMNLWFcDM/HcAPLRGONyTRpzL9NS09RnryRM=", + "lastModified": 1757255839, + "narHash": "sha256-XH33B1X888Xc/xEXhF1RPq/kzKElM0D5C9N6YdvOvIc=", "owner": "nix-community", "repo": "disko", - "rev": "bafad29f89e83b2d861b493aa23034ea16595560", + "rev": "c8a0e78d86b12ea67be6ed0f7cae7f9bfabae75a", "type": "github" }, "original": { @@ -143,11 +143,11 @@ ] }, "locked": { - "lastModified": 1754487366, - "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", + "rev": "4524271976b625a4a605beefd893f270620fd751", "type": "github" }, "original": { @@ -203,11 +203,11 @@ ] }, "locked": { - "lastModified": 1756022458, - "narHash": "sha256-J1i35r4HfNDdPpwL0vOBaZopQudAUVtartEerc1Jryc=", + "lastModified": 1757385184, + "narHash": "sha256-LCxtQn9ajvOgGRbQIRUJgfP7clMGGvV1SDW1HcSb0zk=", "owner": "nix-community", "repo": "home-manager", - "rev": "9e3a33c0bcbc25619e540b9dfea372282f8a9740", + "rev": "26993d87fd0d3b14f7667b74ad82235f120d986e", "type": "github" }, "original": { @@ -224,11 +224,11 @@ ] }, "locked": { - "lastModified": 1756202507, - "narHash": "sha256-znQkYnIzL0NoKma2ltiaOrRpZDQYAJuQA4nPpSV5A+A=", + "lastModified": 1757183812, + "narHash": "sha256-VRrwsrpj4htZvwu1TYoLbsahcPOkombZZSqs2NnYMnM=", "owner": "ignis-sh", "repo": "ignis", - "rev": "3b7be57c28f5325a38207fd6bb73f4469be30734", + "rev": "f09be7e34aadf83f019bfc9059507caea049d30b", "type": "github" }, "original": { @@ -281,11 +281,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1755694307, - "narHash": "sha256-3tq+9jKtwjaqvb6fGx0ApZP1v3mCrn+RE1wbqCANVnQ=", + "lastModified": 1757356768, + "narHash": "sha256-9D9e+1BVrMgaY3PkNrYWrIrqlv/eJoH1pKN1ErWpbV0=", "owner": "InioX", "repo": "Matugen", - "rev": "8ce17f0d76ba36dc5a7bb371234ef1973a7e3267", + "rev": "8ea119098899af312a7daf5d4040f47122376eb3", "type": "github" }, "original": { @@ -302,11 +302,11 @@ ] }, "locked": { - "lastModified": 1755825449, - "narHash": "sha256-XkiN4NM9Xdy59h69Pc+Vg4PxkSm9EWl6u7k6D5FZ5cM=", + "lastModified": 1757130842, + "narHash": "sha256-4i7KKuXesSZGUv0cLPLfxbmF1S72Gf/3aSypgvVkwuA=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "8df64f819698c1fee0c2969696f54a843b2231e8", + "rev": "15f067638e2887c58c4b6ba1bdb65a0b61dc58c5", "type": "github" }, "original": { @@ -368,11 +368,11 @@ }, "nixos-facter-modules": { "locked": { - "lastModified": 1756109073, - "narHash": "sha256-5pjFEziluVwJ0Z50h9laKfWbDluXuA5ada05xb/QiV4=", + "lastModified": 1756491981, + "narHash": "sha256-lXyDAWPw/UngVtQfgQ8/nrubs2r+waGEYIba5UX62+k=", "owner": "nix-community", "repo": "nixos-facter-modules", - "rev": "a1042c81126d9c9314c1eb1a7b89ab4d81b5dea7", + "rev": "c1b29520945d3e148cd96618c8a0d1f850965d8c", "type": "github" }, "original": { @@ -402,11 +402,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1755330281, - "narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=", + "lastModified": 1757103352, + "narHash": "sha256-PtT7ix43ss8PONJ1VJw3f6t2yAoGH+q462Sn8lrmWmk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0", + "rev": "11b2a10c7be726321bb854403fdeec391e798bf0", "type": "github" }, "original": { @@ -434,11 +434,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1756125398, - "narHash": "sha256-XexyKZpf46cMiO5Vbj+dWSAXOnr285GHsMch8FBoHbc=", + "lastModified": 1757347588, + "narHash": "sha256-tLdkkC6XnsY9EOZW9TlpesTclELy8W7lL2ClL+nma8o=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3b9f00d7a7bf68acd4c4abb9d43695afb04e03a5", + "rev": "b599843bad24621dcaa5ab60dac98f9b0eb1cabe", "type": "github" }, "original": { @@ -519,11 +519,11 @@ ] }, "locked": { - "lastModified": 1755770475, - "narHash": "sha256-piB4s87GvBJkzWLbzOMyX4adjMBmTMxzMu0SNT/b8hU=", + "lastModified": 1757298062, + "narHash": "sha256-bSaQxOCzj0ky6HYSCJxoT8XEeqwzzJFP6R80bgGJVjM=", "owner": "nix-community", "repo": "srvos", - "rev": "bebcf12b45df0b7d6f422ebd5da06f92b52169a8", + "rev": "0070590bf5bd5dc97b8e644720c3c7c90e16f8bc", "type": "github" }, "original": { @@ -585,11 +585,11 @@ ] }, "locked": { - "lastModified": 1755934250, - "narHash": "sha256-CsDojnMgYsfshQw3t4zjRUkmMmUdZGthl16bXVWgRYU=", + "lastModified": 1756662192, + "narHash": "sha256-F1oFfV51AE259I85av+MAia221XwMHCOtZCMcZLK2Jk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "74e1a52d5bd9430312f8d1b8b0354c92c17453e5", + "rev": "1aabc6c05ccbcbf4a635fb7a90400e44282f61c4", "type": "github" }, "original": { From 53a444298aa54980f337cdd6649762b6602d4812 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 25 Aug 2025 07:21:21 +0200 Subject: [PATCH 129/376] add home assistant to glance --- machines/genepi/glance-config.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/machines/genepi/glance-config.nix b/machines/genepi/glance-config.nix index 6ae8f80..4a03a1f 100644 --- a/machines/genepi/glance-config.nix +++ b/machines/genepi/glance-config.nix @@ -74,6 +74,11 @@ url = "https://pinchflat.home.rpqt.fr"; icon = "sh:pinchflat"; } + { + title = "Home Assistant"; + url = "https://assistant.home.rpqt.fr"; + icon = "sh:home-assistant"; + } ]; } { From 0c585d1b68cb97365ec971ae53f777fd2da0428a Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 11 Sep 2025 22:22:27 +0200 Subject: [PATCH 130/376] Update vars via generator nextcloud for machine crocus --- .../nextcloud/admin-password/machines/crocus | 1 + .../crocus/nextcloud/admin-password/secret | 19 +++++++++++++++++++ .../nextcloud/admin-password/users/rpqt | 1 + 3 files changed, 21 insertions(+) create mode 120000 vars/per-machine/crocus/nextcloud/admin-password/machines/crocus create mode 100644 vars/per-machine/crocus/nextcloud/admin-password/secret create mode 120000 vars/per-machine/crocus/nextcloud/admin-password/users/rpqt diff --git a/vars/per-machine/crocus/nextcloud/admin-password/machines/crocus b/vars/per-machine/crocus/nextcloud/admin-password/machines/crocus new file mode 120000 index 0000000..efe6fd0 --- /dev/null +++ b/vars/per-machine/crocus/nextcloud/admin-password/machines/crocus @@ -0,0 +1 @@ +../../../../../../sops/machines/crocus \ No newline at end of file diff --git a/vars/per-machine/crocus/nextcloud/admin-password/secret b/vars/per-machine/crocus/nextcloud/admin-password/secret new file mode 100644 index 0000000..0619fef --- /dev/null +++ b/vars/per-machine/crocus/nextcloud/admin-password/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:VPf7HCaqRatP7bK7podFQsSxAXH+jSblyg==,iv:GhOmIssF3fmTTgX95tihr0KfSZozK/ZuJxMIACl8C1E=,tag:Hb0BaSS/dGe4WiPR7WftlA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Z1FGZHk2QmFlLzFQRUo2\nZk5EWTJOMG5JYXgrSXBVU25EWVBDYjVZZldrCmk5d0JMVEVWNTUyV2ZQOTlSVXR4\nTjNIdnVqZmRER3hrWktKdVhSdTQ1ZHMKLS0tIGU4NEVoZDR2QjNZeEdIODZrNkZJ\nZ1hlRUc3Q3Y0MU1iVm51VUJGQjNxUDQKamXqt6+nMqw6WEYdmgFzZa467hYAtpDx\nLtaTBmwk/hM/IExr6w4ycTcAVuBXyZYeFyNAz6EfGCyrGFL99zbGWA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxN0x4WWdMQzRSWEJuK0JT\nMlBBUzhMRldtOWJvWkVjWVJ1ZzJmNVFyYWprCnVjVitwV0lSV0ZWRlRRRitWZGVi\nS1U1ak5nQVBJMXE2V29QclRRd2NnQVUKLS0tIHBMaWFQTVNDRUxiVC9KV0ZNUVFy\nTkJoRjJFZkkxUDM3MFZzdXRTZzZmSE0KLA+kgNMf3Lpp9YwHqXQ5NgpYGMnRDJEu\ndxD93SX5hmMh83h8bM11yH2spMIof77SWM+LIUn273YEOM/gNUFEzg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-11T20:22:27Z", + "mac": "ENC[AES256_GCM,data:w7gpQ0q38O6h8/VO5bc6v0pS78Jq8zY3jIlUC1kSF8I6q2U7J75+2TJlT4CFmwspJdNnyszHvermE5K/2uMCEi+f4Zx9FFpB9IcZ0zNEa2vl+3ksqiaRQjgcGXYBQY4eowHHsqBPFZ8w896e3seAM1o3Ah8RAEsVLPH1BB0quWE=,iv:CZ4ypoZhG/MgKJP2tk4tE/CC65ULB6VR+QYmMltFGJ4=,tag:XDL8mWdPpEqiZ6OLKclPJA==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/crocus/nextcloud/admin-password/users/rpqt b/vars/per-machine/crocus/nextcloud/admin-password/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/crocus/nextcloud/admin-password/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From 55a087d946369800edcb2008b4b18a4747ec3ca9 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 11 Sep 2025 22:22:28 +0200 Subject: [PATCH 131/376] Update vars via generator nextcloud-s3-storage for machine crocus --- .../access-key-id/machines/crocus | 1 + .../nextcloud-s3-storage/access-key-id/secret | 19 +++++++++++++++++++ .../access-key-id/users/rpqt | 1 + .../access-key-secret/machines/crocus | 1 + .../access-key-secret/secret | 19 +++++++++++++++++++ .../access-key-secret/users/rpqt | 1 + 6 files changed, 42 insertions(+) create mode 120000 vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/machines/crocus create mode 100644 vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/secret create mode 120000 vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/users/rpqt create mode 120000 vars/per-machine/crocus/nextcloud-s3-storage/access-key-secret/machines/crocus create mode 100644 vars/per-machine/crocus/nextcloud-s3-storage/access-key-secret/secret create mode 120000 vars/per-machine/crocus/nextcloud-s3-storage/access-key-secret/users/rpqt diff --git a/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/machines/crocus b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/machines/crocus new file mode 120000 index 0000000..efe6fd0 --- /dev/null +++ b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/machines/crocus @@ -0,0 +1 @@ +../../../../../../sops/machines/crocus \ No newline at end of file diff --git a/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/secret b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/secret new file mode 100644 index 0000000..10fdf3a --- /dev/null +++ b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:bLr5DUZyVayvhMCW+LJYJ3ATQOqoAQmHZFM=,iv:YPkoGSMkXA5BYp1gYkIZtZP6KpdWFP2rpUjyGMthpsg=,tag:JjJEYkO3YFsSQIneahDBgw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhaitPUU5hTzZSaUcxeFJG\nY1R2YkwwaForMUJ5RmNKakptYk9nSlc2TlVZCkRNRS82bjFpejg0SFdnZGNNR1ZO\nbmNKQVR2WTltTk5tTTdmRnNCaE1OVE0KLS0tIDJhMkNBRzRpdzk5MTJHaldjTC82\nTXRkZVpsMm14ZEtiUEpqRlkxdXUvNWMKyxPSoynYrb9Aq9j+HTTUPSImNJrGUBRT\nQ94GWrSro/2kYpxcR6cx5/F+dxYuPommKsSQJRl3srQnQHx6AA1QcQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArUkU2TmVwdmwrRVBlbW9q\nZzkyVHBxb1RGTE9vN0dhWk9XUEtmNW9RWDNJCjhsYlNyazJmd0lrQTRMWHhxLzY3\nYnBhMnE5cVA1SzZqU2ZLeEVTRTVET2cKLS0tIE45WFUzVjdrK3ZUelJnMHNmZFBY\nbUNmRktyUDJJTS9sRms2dVo0STJhMmcKW7TSJT03IL9UW3zPqIXXVXRo2qOKDfuL\n+cUnYpmTi0PS901+96Esuv//3cpxJVESWni+V1QjvFVfQso8NApknw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-11T20:22:28Z", + "mac": "ENC[AES256_GCM,data:++XfCtcETmuGLrt+fj+hf/U08wbedRcvNxv6IE6EymB0MwWTI7Tnd31+Z/v5eux0bXk6E0CI1FDmFIEJkJ2+aViBArA8Va5mawYxXS76moFqIaPcgsCfJhOM5elbVq6fqxWghnKFvjr/UT+tZj9sBMY0f5IBr2z62SLfeczk56U=,iv:uZomt0qhWs7fRUlhhtXcT3bIIhOYKr9vW6Evhg2ionw=,tag:JaZxP4HDisuTyE0dXiIMhQ==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/users/rpqt b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file diff --git a/vars/per-machine/crocus/nextcloud-s3-storage/access-key-secret/machines/crocus b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-secret/machines/crocus new file mode 120000 index 0000000..efe6fd0 --- /dev/null +++ b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-secret/machines/crocus @@ -0,0 +1 @@ +../../../../../../sops/machines/crocus \ No newline at end of file diff --git a/vars/per-machine/crocus/nextcloud-s3-storage/access-key-secret/secret b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-secret/secret new file mode 100644 index 0000000..875f427 --- /dev/null +++ b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-secret/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:elfNx54gnQ7voapDyKnLQ5+J1AB4WLvCtjkEhjvsoA2DcWQ7sKCE5q5/1SfFVK6tbMmnVz/JmSb9IMU1nSv8+Q==,iv:g17Nsvx7ltazByZJLLmIwdLKQd+NSpE4b8q1Jf1F89Y=,tag:meRP8cdY7XDNjntbuwaReQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOSXUzL0VHSUlUdytUSHpj\nTWVDR3JGOFc2Qld4NlNhMG1WNnZyb202KzJBCm9VbWVjSlZieGhBT0JjUTdBbHFH\nQVJsVW1KVXR1MGxKdko5amlLVlpHVk0KLS0tIFVRY292NVQ2SzNKbzhyU1NGdEUw\nZjg5OUZ0TGtISmEzZEVqR1F4WTFoYVEKZifxJfE8tx1MKiay3LY90OoQcQvffGWG\nGMuR1+/PrSW2WoLp+2Da8FOIeHGuVuh6aj2f0mTMqbzYAEy8uI1gJQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSekNaZnh4Z0FtaXFocFZr\nS0VwNzBxWkdsM1pYTkV4VGJqdFpGeWVFQVRFCmdkTjJYUzZxaURMUlhaVlNGSTZC\nalJQSnltV0htYis3eXdhY0tJUFRwNVUKLS0tIDBscjZUMWkvTjF6TFhlbVhBcUxW\nSVBPMkQ5Wm52dWI1K2I0YXhhelBTYVkK4bWaJI5+mm4DPA7xxD9ryIDjCegey21R\nn1Atloc1Hh5U3QVf2KOlvzBKzF+pw3+/CqxX+OyFtxAB44wuWn63Ag==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-11T20:22:28Z", + "mac": "ENC[AES256_GCM,data:a7JLvEhC250NLjhIqyLUmmDZ4OFxcFziTHW5NT3MEf2RutzPo5OCABUEkd4fiajqKojGv3h+YHfC85QfxZ7fJKNh/tn65WAOGr52uVMUXwzKlKSmtBLAim5gdVSL1dqUn+/WQyUD+Qis8gcG2HKr/I/S6f0OBZ/CU6iJkGQdBCI=,iv:L+eTPRd63fQ+b/TRj6rMixsaEZHEeWckCBgSnU24NAc=,tag:3FTTCBHv129oSE89xXBfIw==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/crocus/nextcloud-s3-storage/access-key-secret/users/rpqt b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-secret/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-secret/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From c685a980d06a282dc6d7910672537fca84b5a988 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 11 Sep 2025 22:41:34 +0200 Subject: [PATCH 132/376] Update vars via generator gandi for machine crocus --- .../crocus/gandi/gandi-env/machines/crocus | 1 + .../per-machine/crocus/gandi/gandi-env/secret | 19 +++++++++++++++++++ .../crocus/gandi/gandi-env/users/rpqt | 1 + 3 files changed, 21 insertions(+) create mode 120000 vars/per-machine/crocus/gandi/gandi-env/machines/crocus create mode 100644 vars/per-machine/crocus/gandi/gandi-env/secret create mode 120000 vars/per-machine/crocus/gandi/gandi-env/users/rpqt diff --git a/vars/per-machine/crocus/gandi/gandi-env/machines/crocus b/vars/per-machine/crocus/gandi/gandi-env/machines/crocus new file mode 120000 index 0000000..efe6fd0 --- /dev/null +++ b/vars/per-machine/crocus/gandi/gandi-env/machines/crocus @@ -0,0 +1 @@ +../../../../../../sops/machines/crocus \ No newline at end of file diff --git a/vars/per-machine/crocus/gandi/gandi-env/secret b/vars/per-machine/crocus/gandi/gandi-env/secret new file mode 100644 index 0000000..4ab64f7 --- /dev/null +++ b/vars/per-machine/crocus/gandi/gandi-env/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:diQ/PXOEug+tCpSPJaOqW+RY+jS7/UTHtehMJY9uu0pAr8JPTptPbc9GvHHjfIKfq2+me1Ttb2lUTDPnQuujFXIcD/Oj6Q==,iv:5Sq4geHzXrs6HKCk1Z1axEIEe1BVaH3zJXbFHirCYBg=,tag:BoZQd5hRbo6bXtl6X59lrw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtMHIyNGJuQ2pDcGN2RW1k\nK1hvUlQvd3R3RGxLclpYN1puTkV3YXVLOTE4Ckx2N0FscGRPYXBsanlNempIQ1Qw\nMlBoOVg0bUFGNktITjhYWE9qWDE2UmMKLS0tIGpDRzVOVEF0QXhyangrVkN5dzZP\nc0g3RFMxaEUxb0lVc3ZRN3dac21Dc0EKmwoWl+Fb0AFzkh36gU9YIy74Vzb7ooLz\nbCOkLXCGpV/3gvlEer6mWaFR1UYGGcAGIr9Tg3K28uFpJo2WcbTzng==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmc3YxV3c3elZpK3I5OXVu\nbDNyNCtLVlRFK1pPN21UVngxTE5xVWlNRmpRCks5ZzZOemVSTEZSMlJ6UE5yVXQx\nUm5jYUNid1NtdUZBSUkraEhrbUFCeVUKLS0tIFc5RVhCTlpVd21vRjFCSTNWdDNG\nSEJ5b1ROUDV1Z0FzbmhyYkY5NGVsb2cKmnbLoK915F1SVHXdBHCx/8cBy6SiGznZ\nKHNr4HcdKLSF9EPI/0fJIzGoCTTCRTG4ocvDRBDQiB57kQqhu5y2Sg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-11T20:41:34Z", + "mac": "ENC[AES256_GCM,data:JF1vnWfkno7JM4RrrJ9mSvFH6Qpm6XOnoTSpVpUjKw7b8HYRM20u8KXtoB8FI+mwJU59OWiresBuy+JMrViOO+mKO8mkIdn58VgXITk9/ISM0e+rlZklQJRvpeREDO4hWZfMNnRq74vW0JL8toQiBNAxwErOTu4Yfz2wmW8moBg=,iv:rxDxUhhE8Mn971MVT7UmxIO5Gg1lfXT9nb85HZraXZQ=,tag:3Xcd2tYOttaiCuvscY7kEw==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/crocus/gandi/gandi-env/users/rpqt b/vars/per-machine/crocus/gandi/gandi-env/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/crocus/gandi/gandi-env/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From 038f731d04847de3fc7c214f912540680b88f141 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 11 Sep 2025 22:52:22 +0200 Subject: [PATCH 133/376] Update vars via generator nextcloud-s3-storage for machine crocus --- .../crocus/nextcloud-s3-storage/access-key-id/value | 1 + .../nextcloud-s3-storage/access-key-secret/secret | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) create mode 100644 vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/value diff --git a/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/value b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/value new file mode 100644 index 0000000..33bebdc --- /dev/null +++ b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/value @@ -0,0 +1 @@ +GK0380f708a7baab9385e45ae9 \ No newline at end of file diff --git a/vars/per-machine/crocus/nextcloud-s3-storage/access-key-secret/secret b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-secret/secret index 875f427..7932921 100644 --- a/vars/per-machine/crocus/nextcloud-s3-storage/access-key-secret/secret +++ b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-secret/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:elfNx54gnQ7voapDyKnLQ5+J1AB4WLvCtjkEhjvsoA2DcWQ7sKCE5q5/1SfFVK6tbMmnVz/JmSb9IMU1nSv8+Q==,iv:g17Nsvx7ltazByZJLLmIwdLKQd+NSpE4b8q1Jf1F89Y=,tag:meRP8cdY7XDNjntbuwaReQ==,type:str]", + "data": "ENC[AES256_GCM,data:5kOuRuLqQuUJPBWtrCzdDzdGWBdYN+GFGLn5LAbezcQcYuDyOZvpI4zJiBCUfEACXGEhlr0Vxid8M18A2g6j9A==,iv:QzOzJTnuG6Bo5zeDQMfDUdh+Qr27rxPq+G/kWj98fwY=,tag:m0KGHs/BqKE2sSj2s8p4DA==,type:str]", "sops": { "age": [ { "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOSXUzL0VHSUlUdytUSHpj\nTWVDR3JGOFc2Qld4NlNhMG1WNnZyb202KzJBCm9VbWVjSlZieGhBT0JjUTdBbHFH\nQVJsVW1KVXR1MGxKdko5amlLVlpHVk0KLS0tIFVRY292NVQ2SzNKbzhyU1NGdEUw\nZjg5OUZ0TGtISmEzZEVqR1F4WTFoYVEKZifxJfE8tx1MKiay3LY90OoQcQvffGWG\nGMuR1+/PrSW2WoLp+2Da8FOIeHGuVuh6aj2f0mTMqbzYAEy8uI1gJQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnbVZUVy9BYkFXN3loMzdp\nejBibHBUcEdRUmE0WGZEZ1dHTnEwdG92N1NVClJTVXJjVW1pS1prMzBrVDFDTXYw\nRk5DNWx2Y2FiRHA3eHNtTkh2eGJjM3MKLS0tIGdJWnhvV0tHdEVqaFBDODlVeC9J\nTU95cE1NcVM1TWExbUpwOWp0K1lVRDAKli1PM66AqGfaMwV6hNxsVcIXvYIfeEEI\np76ZHtGJ+z0tUgAzVd+h4XspbGa2GCnm7WzBjlzI0tT73WFJgZgAkw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSekNaZnh4Z0FtaXFocFZr\nS0VwNzBxWkdsM1pYTkV4VGJqdFpGeWVFQVRFCmdkTjJYUzZxaURMUlhaVlNGSTZC\nalJQSnltV0htYis3eXdhY0tJUFRwNVUKLS0tIDBscjZUMWkvTjF6TFhlbVhBcUxW\nSVBPMkQ5Wm52dWI1K2I0YXhhelBTYVkK4bWaJI5+mm4DPA7xxD9ryIDjCegey21R\nn1Atloc1Hh5U3QVf2KOlvzBKzF+pw3+/CqxX+OyFtxAB44wuWn63Ag==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5WUsvditpNGE1a1RkOXZU\nQU8wWnlOczdvSm9Gd21ab1orQ2Z4c1dMeXdJCmZBRktPSFV6N2p5enZjZGMxeFNt\nS28vaTcxN1E4T1BkVXQ0TS8zaE4xMEkKLS0tIFNqMHk1ZWtmR0lyR25Jc3VPS1hz\nM1RFb1BZclZyNzdUTmJzSmZqdk15R2sKqGzKDNduTLaSIj//NzhqdNK3CEcKFyq0\n8QLjgvOSdhkWS2yZwijMx2ikRBA31Uo9Ei9wO+UqeOoxLOVNI00Pig==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-09-11T20:22:28Z", - "mac": "ENC[AES256_GCM,data:a7JLvEhC250NLjhIqyLUmmDZ4OFxcFziTHW5NT3MEf2RutzPo5OCABUEkd4fiajqKojGv3h+YHfC85QfxZ7fJKNh/tn65WAOGr52uVMUXwzKlKSmtBLAim5gdVSL1dqUn+/WQyUD+Qis8gcG2HKr/I/S6f0OBZ/CU6iJkGQdBCI=,iv:L+eTPRd63fQ+b/TRj6rMixsaEZHEeWckCBgSnU24NAc=,tag:3FTTCBHv129oSE89xXBfIw==,type:str]", + "lastmodified": "2025-09-11T20:52:22Z", + "mac": "ENC[AES256_GCM,data:FM1/AiycM5mDnluBJv2MBHVdS/S0w7+xbAp64jEAiBeSnpY3sKefdYAIB33YXUs5LViGO8lloUxlBQ5LGnHjTQVd4b7N7Mh7FWkFtgzrnisOBmv21JLP3wa//Y0N3eZhgm+ZMJE1SZyeWGlCwDSsjLk+k8Tn2MmMqy7MfZE9bhM=,iv:WZVumq0jhPzZ5/w1xFHn9YO04ycI/IdgiTvVQsb0qcw=,tag:IsXow7BjeZMgxVhpBsMmrA==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } From a5cfa0b51d7acf0762b34034effc54c89ee3905d Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 12 Sep 2025 00:26:58 +0200 Subject: [PATCH 134/376] Update secret verbena-age.key --- sops/secrets/verbena-age.key/secret | 15 +++++++++++++++ sops/secrets/verbena-age.key/users/rpqt | 1 + 2 files changed, 16 insertions(+) create mode 100644 sops/secrets/verbena-age.key/secret create mode 120000 sops/secrets/verbena-age.key/users/rpqt diff --git a/sops/secrets/verbena-age.key/secret b/sops/secrets/verbena-age.key/secret new file mode 100644 index 0000000..99dfd6b --- /dev/null +++ b/sops/secrets/verbena-age.key/secret @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:wxFfM1b8w0EB/o1awHD9FMaHCSTp2NSyTfBCqJ5DjjQxDiBO4VkKVIK1Re28M1pKR4e/vThlvBpdEVnZksO6853RNbtBq8a5QSE=,iv:ZiJUjZ9TsIjse3sdxK40sYBbcBPwNkD7Pdq+O5DTcUQ=,tag:6GuL5cUgLKf3UEhioxk0AQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0Njl4T1NKaDV4VEgzK1pK\nRjZLekt2ZXVvWDFLdVVEbjBVaUJKdEs2TmlBClBwT2Q0dGpIcjR2WXQwVDJnTk5G\nTEtyVlpQTXpJdFZjeWREbWRNTzl3Z2MKLS0tIDlEWGRYbHNITFNYZWVENllTVEZl\ncTdWWlhRa2FVRDNFK0VwNnJldzhaVG8Koh116z18HdLSEWA/pevynZUh6eVR1p6V\ntif9NMKzwJzRm/5RKBBqaN+72zOHXSJBY4Te2TIqFkAaAfVjHmBujA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-11T22:26:58Z", + "mac": "ENC[AES256_GCM,data:amP1SmiUjxfsKvfom4suR+o6SIJPOa4qFOd82MY7bOs7DG/yjbN1olAUWTbER0UDxoLb+HcGYOR/zPsOwJeUnic1bJp9Mt0HXYvmXsWZlqX3Or/hp+HLBgKe1rIoAmfJ3kdEmrZpcm7UViajxLsZIPaKtX8J07k2Wn8EEm/BZnc=,iv:/3dtXEQmItPwY6Q0EE50vtEj7fiMxnyha9j3u4KwuUw=,tag:Pn6u1o7R6iwJ50HlzB7+RA==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/sops/secrets/verbena-age.key/users/rpqt b/sops/secrets/verbena-age.key/users/rpqt new file mode 120000 index 0000000..b1a8792 --- /dev/null +++ b/sops/secrets/verbena-age.key/users/rpqt @@ -0,0 +1 @@ +../../../users/rpqt \ No newline at end of file From d9f563ff3be44710a183ce52b72bfa4516488293 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 12 Sep 2025 00:26:58 +0200 Subject: [PATCH 135/376] Add machine verbena to secrets --- sops/machines/verbena/key.json | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100755 sops/machines/verbena/key.json diff --git a/sops/machines/verbena/key.json b/sops/machines/verbena/key.json new file mode 100755 index 0000000..4c9d333 --- /dev/null +++ b/sops/machines/verbena/key.json @@ -0,0 +1,6 @@ +[ + { + "publickey": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "type": "age" + } +] \ No newline at end of file From 76b9982f771e21c0bad0731be6ae236cf83f5165 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 12 Sep 2025 00:26:58 +0200 Subject: [PATCH 136/376] Add verbena to secret --- .../garage-shared/rpc_secret/machines/verbena | 1 + vars/shared/garage-shared/rpc_secret/secret | 18 +++++++++++------- 2 files changed, 12 insertions(+), 7 deletions(-) create mode 120000 vars/shared/garage-shared/rpc_secret/machines/verbena diff --git a/vars/shared/garage-shared/rpc_secret/machines/verbena b/vars/shared/garage-shared/rpc_secret/machines/verbena new file mode 120000 index 0000000..de62703 --- /dev/null +++ b/vars/shared/garage-shared/rpc_secret/machines/verbena @@ -0,0 +1 @@ +../../../../../sops/machines/verbena \ No newline at end of file diff --git a/vars/shared/garage-shared/rpc_secret/secret b/vars/shared/garage-shared/rpc_secret/secret index e0816ca..fe49d73 100644 --- a/vars/shared/garage-shared/rpc_secret/secret +++ b/vars/shared/garage-shared/rpc_secret/secret @@ -2,21 +2,25 @@ "data": "ENC[AES256_GCM,data:/lXB/mx52rLK4TzJgkyHYleiKQLX/FYVRdgSPrg1+cLzpMxHFRUfedoovKC4ibFHNhnLO3p54TAd353xiINvrX8=,iv:kbcqCEC6/i58u78HQRTXaozOrrdNS3PEMrGfHJqxuKY=,tag:2s/7ZGLok5BRbn25h2wetg==,type:str]", "sops": { "age": [ - { - "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5MEFMUzlHeHB6a1ozejJw\nKy9BL2dYMTV0aUpVUWN5QWtYVWRGc3NTSXljCkVXSzZpMWQ0MWZnSEY4d3dwbmJz\nNzdvWFFObE5ibC95UHVic1Byc1Y4bzAKLS0tIFB3VFhhNUdYcUR0MlpaYU9mOXVI\najArb3VMcGlQYnNmUlhOKzF1clZXUDQKMfFCdkps9eSH6nuvDfeeUxsktP/5EinA\n2b6VjQ1qW7l7RjrOmXGtBjHx2aBDjrKYNMoRsGOfeoMO66cYx+PA6g==\n-----END AGE ENCRYPTED FILE-----\n" - }, { "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKVTF3WVZsSi85SS9UVjdy\nMnQxK1N3ZERJSlQ4cS9vUWRtMGxJMlZKT0hjClZ0b1FrS2NaRTlMTExRWTdheVlG\nR3NxL2tTUnZpc1JyMm4wL0FVQ3E4SGMKLS0tIFpGMXBuOGtENXhOM1dvZ3gyUmc2\nSWw5V0V0NnpGNVpOZFF3b0lVV1oxVDQK2VafDyf5FSllO/bgmeWJ+iERpU2NtxuD\n3GKAWfAVkFsJM8dlFKrgl46pnofxV/F+jeSyfVi5n+90ZW9itxHArw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCK2lsTXRaUWtyK2M5cnZy\nWk02d3Q0LzNoZFVmQ2hoaSt0TkdKQ0k1UFNZCnlSNUtmUUQvdkZLL1lWNFlJMUMr\nck84aWQvQzRsVCtuVjBOKzBIejZRTDgKLS0tICtxZ294TFljMVQrOTRrcGRMeUZi\ndGxDejNrYmJ2dnIyWjduWC9ZKzdXencKYjK9px4Am0ZjYe2lcqplyc9AJ54Rstz9\nlM63nASAdDGxAfS5enR6G/CaV8Dc1fI6Qmuk/GIV4CtzfWYMuNyhAg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRaE1UNkFCZHNCbFlsN1JU\ncVRDQkVQOXQ5OUJRRUhjcUVVUUJRcy9wZDBFCjFzeTRBQk9kcWVGc2xKcU9EdDZI\neFEzOFNOUG1LeDdGOGN3VUxJMFh6dUUKLS0tIGdsSERIZ0Ivd0tqT0k5VFltZFRV\nYUwrYnFsUEFhVmVmc25GN0dsaS9PY2sKuJH6+hQ+/J1z/5UfWEPTCS+5AFAsOY/P\nE+yAScPaPvJZzDMY9NKOJi8JoKDk4Q+9jeTozi5RWs3uAKioITR39A==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2My9EWUVCeWhSbVhQUXlt\nWExERjZMSTVYVTk3aFA0YXR2NHVKbnFxdlNBCndVc3BFdnZKUFlROTVrSWNPMWgv\nR293aW44MllKQkxpR0tUZ09sTFBUTE0KLS0tIHQ4Q2ZoK1p1amE2MUZheFh0RVhk\nbS9qaFBPUnJWeFZGRzJqK2xXVmx3dWMKQR359LAW0hz28m7FUuLBPcyrXVMVTRBV\nl54u9MaXHgriFHoiTWYkDitou8ZsNrn42PiyvS6ThJrJZKO3EP8tzw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmUGRyWG9kLzE1MG03VDVL\nRG9PTHhVa1p4QUVJbTVpb2VDQjZ6MXRXU0VBCnJzYnMzUGxBZUhCTUdhNUVxNkNn\nR0orZEZKNG9VZ1lLMWphaTBBTWloMDgKLS0tIG9ES1p3TUpSTC90QkpHdXI2eCs4\nSFdCOTBYUldqeE1MWXd5cnlVKysxTE0KlecpIZYa0WoGXheUmSuVVDOGVrehJ8Z1\n/41YSZgXI0bY5sKOetz7hls5ibADXk1CyOqJ4or6FiiELN/rmU4QUw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0bExnei9abVMySHJUek4v\ncEtVZDhITnJCa21Wd3l0S1U3MUJobGlQV3owCkRMZW5YT25XSUNZVjBDWlgzZEZF\nNFJkMk9JTERUS1JuKzZrVGlZcnorZU0KLS0tIGxUZTU1eWJaNFIrUjhOQ3F1T24y\ndmxieGNlb0h5azRqVTlSOWRlbm1sZDAKB8+cRg1KIse4oKUHuO0uqucOAowPPJYv\n0KVithQLEmHRmrIl8XrXjdRwQsA2i6QL+/yxtQbm+y3me+j3kmveSg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiNFI2bG03a1FjTWtRZHpL\nSUVQU1RaTVQ2TXc2RTZQZVZwTzIvdXc0cTIwCmZqc1gwTlc1QTQ1RjN0b0Z3aFNN\nVUVEY3llTFB1T3luOW1NMEx6b3lqaW8KLS0tIHp0UWVwLzBMc0p2SE1OYnRHNTkv\nWk1HY0JCOGdVWU9iU3gzK0IyMnF5WG8Kao7fg8TuInnjp31BRixPX+xoNmvXhKei\nuptJED/LgnzP3GTIzPNxEo1AgBY1yu/3tRr2WFvakUtoft0TGu3ORw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBESDdUUUh1Z0lvZ2ZTTU9D\nMkhsa25xQkpLSk1NSU83UE9Zb1hTUkNEc2dZCkJCWlRiamF1eVQ3RmRsRnN3R0di\ndWFOcDdMak9ucHRBKzZhVFhDZk1SblkKLS0tIExlL1VEd2t5c1JWTloySFBRRUpv\nbDlLdi9tMW93cVByZ0hjZjlqSThqK2sK9QDOF/1actI1L6j734HDXlTvSdBoVUAA\nMDtaTG96gTR2qOBR37Ie+87evLbU/+v5WDWF8Mew9znEdWQ7SeRTGQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-06-19T21:51:53Z", From 2f6f4eb760103cc0589b39a58c0ecd8178bb1e62 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 12 Sep 2025 00:27:00 +0200 Subject: [PATCH 137/376] Update vars via generator garage for machine verbena --- .../garage/admin_token/machines/verbena | 1 + .../verbena/garage/admin_token/secret | 19 +++++++++++++++++++ .../verbena/garage/admin_token/users/rpqt | 1 + .../garage/metrics_token/machines/verbena | 1 + .../verbena/garage/metrics_token/secret | 19 +++++++++++++++++++ .../verbena/garage/metrics_token/users/rpqt | 1 + 6 files changed, 42 insertions(+) create mode 120000 vars/per-machine/verbena/garage/admin_token/machines/verbena create mode 100644 vars/per-machine/verbena/garage/admin_token/secret create mode 120000 vars/per-machine/verbena/garage/admin_token/users/rpqt create mode 120000 vars/per-machine/verbena/garage/metrics_token/machines/verbena create mode 100644 vars/per-machine/verbena/garage/metrics_token/secret create mode 120000 vars/per-machine/verbena/garage/metrics_token/users/rpqt diff --git a/vars/per-machine/verbena/garage/admin_token/machines/verbena b/vars/per-machine/verbena/garage/admin_token/machines/verbena new file mode 120000 index 0000000..e061a4c --- /dev/null +++ b/vars/per-machine/verbena/garage/admin_token/machines/verbena @@ -0,0 +1 @@ +../../../../../../sops/machines/verbena \ No newline at end of file diff --git a/vars/per-machine/verbena/garage/admin_token/secret b/vars/per-machine/verbena/garage/admin_token/secret new file mode 100644 index 0000000..1c1a66d --- /dev/null +++ b/vars/per-machine/verbena/garage/admin_token/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:d7ch6OypkqLBvYkVCDpFVxH0EPJ3m50L4hWQoDPJiXRbKBGyT9P+4iI4voOe,iv:IBU3q9gxwKulFMJa0vbfQnkEc2SnLfSnDaoz4yO2zkE=,tag:RL7+GfFl9oOONRZ599RKUg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5SE8zVm1iWkp6S0VTamZ4\neDJLMWlhdWg5amkrSlF3YkUxVFVpWmVuS3dFCjQ5TThTeEQ5TncrMlFPWlBod1Bo\nZ29zVHNIWGVnUDEwcTRVa0xEWXV5RTQKLS0tIFhzQnBaK3M1aGVHbzFYQkVaSC9P\nOGtDWVdRT0prU0V4TjhmY0RCelRkTUEK8QrXMNenbkqPkDg8yatTGBoz25NxQdwx\nlJYbMy1THKipx4KbHCbdIJWvKc79RpPpH7uNy8QJLZXder+yyQDMfA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTThRRzFaV3h0RXRiSnhK\na1dwYW1HdUJlU3dma3ZUeVpxRGtFUld0eWh3Cmg3NHFFdjhvcWdsOGtzWWJCMXJp\nVXdzZWxXazJvL09sR0FYdzRsRktwMncKLS0tIC9ieVR0N3kwVGtZL3hBcG1yZ2RF\nWUtjZG9DUmxnSldIbUF1bSt6eC94MlEK32TVPo+YGG7R2L4aIt/gDtdwcFmd1g2Q\nbcahXJ1TI8EPxmVUmFKYSz7qEBUjxlYwDVDJOy9xzgWnP7TYwmTZKA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-11T22:27:00Z", + "mac": "ENC[AES256_GCM,data:tzrsM/GRxEOeZwksc0MjNzG6hNqrVbg0gwctd5LQLRtMLCOokYQO6pS5gjEQ/zS6+SUbauKyifO8xMfkrc5SQ2Iqqgj2tIZIf2xXntQ/152X1IpQKEQN9zO1LQhI6g/w4jtgnNOT4bw6XW5yKW6CN4NfKNCbEzisWjyiQFRxmR4=,iv:LIclgDzRbSYuTbYzONaqaso8TZUBg8r6pG6ZtRLQyXY=,tag:JpnzzVGmNdpRx2jiR4V7oA==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/verbena/garage/admin_token/users/rpqt b/vars/per-machine/verbena/garage/admin_token/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/verbena/garage/admin_token/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file diff --git a/vars/per-machine/verbena/garage/metrics_token/machines/verbena b/vars/per-machine/verbena/garage/metrics_token/machines/verbena new file mode 120000 index 0000000..e061a4c --- /dev/null +++ b/vars/per-machine/verbena/garage/metrics_token/machines/verbena @@ -0,0 +1 @@ +../../../../../../sops/machines/verbena \ No newline at end of file diff --git a/vars/per-machine/verbena/garage/metrics_token/secret b/vars/per-machine/verbena/garage/metrics_token/secret new file mode 100644 index 0000000..25e0941 --- /dev/null +++ b/vars/per-machine/verbena/garage/metrics_token/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:ExSv+ji6femtNG+/+JgGpjBNbcMQJeHIOjsrL7arFbWPPJlhV5Bqs6QuVeIT,iv:l43EjooL912qou3fJ5iFObQdHWtSCI+13xQZvnhS+v4=,tag:kqAOc2YYNDks1upXd3aSDQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZZkV5dnh0MWtJYThZaTlQ\nZUdyRjYrSDRHSG4wSktGUFZ4L1RJSTBzWGdVCjYrQjVaZ0NYdUhiek5mZWFJTnd5\nZ1lSWWhpTWk2S0tUSW9CUXlzd2UzZVEKLS0tIGxiVHVROG9RdUZlOWJnWTRzTGd4\nTGJETlppVHV0QjlvUWNtNkp2MldjOUEKzxXh/q/DwmU3HfxkCQLUy052LCMQOEUR\nqgDB+41/fsXMVUaLEoIqu7QtdOI7U81bv+xwmAP0KPaifLj4spWygg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnNmd5dGVzdDdkY1A3RXlL\ncnIwaTJQVU1vMGwvVitIZHExWHhEVUlJbHpBClYxUWkvdGluelRwVVhRUG1hTUQr\naWNCemd2SlhrUHgvSEpoSVlLbEVWQ28KLS0tIFhkSUt6VkdFRWpiMDFIVWJEZkpG\nZXFOQlpuNnY5Rmg5ODhVb0ZuOE9adjAKFW0LBHcJK7iWYzsJDr4FK1uc9fUskdi6\nAxBPMnDghGP6osw79wFYJz87n5fPsgrjOohJN7DDFysp261l+LWOrA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-11T22:27:00Z", + "mac": "ENC[AES256_GCM,data:o4ehewq1VRocELO4C2wcXAjlJTGCqEgenYXRCS3Yws0G2QQOw767ZSev8EFs7z5H9p/5iS3YWMRBzwcNsAbpcJyc4kDZFkRqOs9GOlkzZLuHlkBLWkkuZSK8N9vvTyon2Lw4veuxVVn0S/2RFXPvkyAHSMxlb1PsRRiu6k7Vn5s=,iv:h+AsVY/+BTTYzRCGT8KcETrZOMuUKQWv5aO1oND85JI=,tag:aOWfgcXEzSgeiUBBP+x5ew==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/verbena/garage/metrics_token/users/rpqt b/vars/per-machine/verbena/garage/metrics_token/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/verbena/garage/metrics_token/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From 2b59c01fb06808cfa3484c58612f7772d365ced0 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 12 Sep 2025 00:27:04 +0200 Subject: [PATCH 138/376] Update vars via generator openssh for machine verbena --- .../verbena/openssh/ssh.id_ed25519.pub/value | 1 + .../openssh/ssh.id_ed25519/machines/verbena | 1 + .../verbena/openssh/ssh.id_ed25519/secret | 19 +++++++++++++++++++ .../verbena/openssh/ssh.id_ed25519/users/rpqt | 1 + 4 files changed, 22 insertions(+) create mode 100644 vars/per-machine/verbena/openssh/ssh.id_ed25519.pub/value create mode 120000 vars/per-machine/verbena/openssh/ssh.id_ed25519/machines/verbena create mode 100644 vars/per-machine/verbena/openssh/ssh.id_ed25519/secret create mode 120000 vars/per-machine/verbena/openssh/ssh.id_ed25519/users/rpqt diff --git a/vars/per-machine/verbena/openssh/ssh.id_ed25519.pub/value b/vars/per-machine/verbena/openssh/ssh.id_ed25519.pub/value new file mode 100644 index 0000000..a9778c7 --- /dev/null +++ b/vars/per-machine/verbena/openssh/ssh.id_ed25519.pub/value @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFmER+Rjwzfr/GLrD3kItVEEdhPTIjUFgSbhNOJtNJV diff --git a/vars/per-machine/verbena/openssh/ssh.id_ed25519/machines/verbena b/vars/per-machine/verbena/openssh/ssh.id_ed25519/machines/verbena new file mode 120000 index 0000000..e061a4c --- /dev/null +++ b/vars/per-machine/verbena/openssh/ssh.id_ed25519/machines/verbena @@ -0,0 +1 @@ +../../../../../../sops/machines/verbena \ No newline at end of file diff --git a/vars/per-machine/verbena/openssh/ssh.id_ed25519/secret b/vars/per-machine/verbena/openssh/ssh.id_ed25519/secret new file mode 100644 index 0000000..770a470 --- /dev/null +++ b/vars/per-machine/verbena/openssh/ssh.id_ed25519/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:rhT/tKlqv0mjlvVCExyYssF9gO2R145z+R4XT6vFYnmVwl8gparg2CGZjnFf7ukS/7Uh/yhG7lMIstd5kaLnmeop9EEclzXoIa4XP1s4FAsb6oD/7PJtxuWF8cvDq+whwYtau8ci8HhkxazVu445rQYzmVOtttxDCwpol+3r+OP6Ey+dSITQ4n03X61bffQoBjnh4gT5wpaMaOEh6B6D1Tzp4NuitdUIBqKgBUi/LSeejePIamkGdhxRJ8ZNua4y9NcrDDxYhwzPkNirQB/Bc6urbaNRKVqdMKhNG4gT0tXkuestfiHwHpjrq0Ymuy7d/RF1M5cLXIY4Hjix8qXh8GfpyxPYBSXilRy9nmgc1k9MkPQvmxdGNis71XxI1oF3rA+wa3VRjJS+Kc+Hu+9aBUr2YY9FrUO3kQg977ttUOyJO9ihrNvlsgDmm/y7cOpQ5Fx7TkSd32ugOG2TtHJTk8+L0j56Xb1kPuoQ3P92gB5I+X0bflYDf1IftgFD/M2lHIRd,iv:9UymekNxnAfYblC3/9sYvenWS2370oD/fG4LHHsXz0k=,tag:Ywl9wF7w/QvYVIIjQ3mrdQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4UVVLd2FJRFdiajdsc3BV\nUUhYMkRQK3d1K3BZVVFkRjlUSVdrL0FSNFdjCjJwK1A5dzZTK1V1VkxiOGJZb2Zu\nY0EzL0xpcXlnNXpMRWQ1UGgwRTgyUGsKLS0tIDJoRHdJc0ZBSmN2dmI0b3VEcGk1\nM014SmpiRnlFZ2ZyVDNGZklJSUJBYk0KsPhYF2PjL4SK+d6KmFKfsM0dBDDG50pT\nsYNf31GpttwQQ3AW6RnR4wzmJa1BG3rc26dXvCx/RaR3YRnp2vCqDQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkbzltR3lNYW5VVzg1WlVG\nS0xGdUZ6Z3M0NEc4TFFNTENPK2g3TUhuOUFjCkxacE4zQkRsdE5QK0paVStZenB4\nVTVFK3Nic2YzcVRxZ1dFSG1FbkpUU1kKLS0tIGNJc0Q4Q0ZOcEtmMG1iQlpOekxQ\nQzhLeUIyZWdyYnNkSHF1NUduZ0plSVkKP0UU62uYiRiNEFJv+Rt9gnUZeZlqrA2I\n4WfpVURHanQpUg7MRXGv1VigP+JYNETTBlNLrVW9M+927LGGAWZ5PA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-11T22:27:04Z", + "mac": "ENC[AES256_GCM,data:G1jAZtxL8+nZRrB9E2dU/huAH92eHl2ir7tuabZK9f3RnlqPXZRKvahESp4VuFSAEWhO0dCbgmvoG6qwDjmvb4oZsA5quouWs0JVJA9a/Z09KyqslLgKZA3zO8t/wMRYUX6uu+2NmvGZDCPt4WiWtMIJ+sFsIza0DyrsdmVJGYw=,iv:KveqtGOpq4vlqQYA9/rMJWLXJ74j3VZuu3MRc8s54Gs=,tag:E4ZUcAdv0ZRJ+Y0/xg80VQ==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/verbena/openssh/ssh.id_ed25519/users/rpqt b/vars/per-machine/verbena/openssh/ssh.id_ed25519/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/verbena/openssh/ssh.id_ed25519/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From 6533061a3d4f76c75e0bfbcfe2ef1051ac671f8b Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 12 Sep 2025 00:27:07 +0200 Subject: [PATCH 139/376] Update vars via generator root-password for machine verbena --- .../password-hash/machines/verbena | 1 + .../root-password/password-hash/secret | 19 +++++++++++++++++++ .../root-password/password-hash/users/rpqt | 1 + .../verbena/root-password/password/secret | 15 +++++++++++++++ .../verbena/root-password/password/users/rpqt | 1 + 5 files changed, 37 insertions(+) create mode 120000 vars/per-machine/verbena/root-password/password-hash/machines/verbena create mode 100644 vars/per-machine/verbena/root-password/password-hash/secret create mode 120000 vars/per-machine/verbena/root-password/password-hash/users/rpqt create mode 100644 vars/per-machine/verbena/root-password/password/secret create mode 120000 vars/per-machine/verbena/root-password/password/users/rpqt diff --git a/vars/per-machine/verbena/root-password/password-hash/machines/verbena b/vars/per-machine/verbena/root-password/password-hash/machines/verbena new file mode 120000 index 0000000..e061a4c --- /dev/null +++ b/vars/per-machine/verbena/root-password/password-hash/machines/verbena @@ -0,0 +1 @@ +../../../../../../sops/machines/verbena \ No newline at end of file diff --git a/vars/per-machine/verbena/root-password/password-hash/secret b/vars/per-machine/verbena/root-password/password-hash/secret new file mode 100644 index 0000000..e595031 --- /dev/null +++ b/vars/per-machine/verbena/root-password/password-hash/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:trmjf2lKYlYKajTS2t2pSDVQB3X4NYFNdnapx+xAyGJGgQtGV/TCJDDP+9JsWgbv89+SARrQ1qNhl/tw/HZpaOE66kYhZSEtVpVzsGWAoSdKxQVvvNbySBo2Y1TOfg2JS+f+/O5MLiRoQw==,iv:a/4JT2zmH/uyMYEq7YNR7CoONowtQjRCEUGYTgKj2rU=,tag:2nqHveDnULuXnUWmaW7Rng==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhb3JCOHB0NzRlbU16akox\nK2hOMFVXOTZuN0hwTFhRZ1UrWGEyL0M4NkVJCmI1MUI2WmpvSWhWcW56UWNTUGs5\nSmMyQzBMZWdZSkZXQVZMcmxZejBGYjgKLS0tIEt3Q0lUbHZnaTFWUElpZTN6L3p6\nSkZvekVKVGR4aUU1RWRReHJ0aXU2ak0KcvtkTBWi3UmXr7cF4AfKTD3+LulwTaEg\ntgO5ljBVb0vFg5sWcXOXJZWC2vO1v2P1Ry3iTaYdCiWTMJi3O5jYJA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDMTNpMlVVbnd0QTd0NVdP\nVXdCa09CWFZIeGVLcVgrTU5mcjZ6eDlKdGlNCnNOb09vVEYwY0hhVUFTVEwwRWJK\na1MvUnpIMEh0NjdNQ2pmMmZiVnJucmcKLS0tIDdOY0daK0xWd1BqWWpLVGxZVThK\nQzl4ZFAzU0daY2tLZlJ0RE9HZmVpSDAKjDiGLlxXhJ1gbKm2Ni6ZzNOZoYXzC1yi\nsuVAispJbPI5z0Up6APVwjb0Bx0CENqwaK1qUcQdpAPDsIlTAa49JQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-11T22:27:07Z", + "mac": "ENC[AES256_GCM,data:tsDk5m3xnjQgLJcJ/Z8GRu0es1Y13vWUwmxQoZm7CkW8B1SWj4tb0JxBEpmulq5cBAsgIxa1U68N3ooWgV10tjmvy+789RCINi6SPwTzXNPFVuzGwWmfSxIIZqMEvoqAOAQ3CT95lHd5+Gti5XtoRDDniGi5gq/fTQjAXn5mCIc=,iv:JtrQjj3MxoY/GU7DKG7vOCZuIKOsM/ITdjfDuH0/UrQ=,tag:FZl+mjv1krHTqWeBR7pA1Q==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/verbena/root-password/password-hash/users/rpqt b/vars/per-machine/verbena/root-password/password-hash/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/verbena/root-password/password-hash/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file diff --git a/vars/per-machine/verbena/root-password/password/secret b/vars/per-machine/verbena/root-password/password/secret new file mode 100644 index 0000000..68c6667 --- /dev/null +++ b/vars/per-machine/verbena/root-password/password/secret @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:8KysUmawUtddgXWrH52syDDHO89TngtD3vVX6BWUJUuMfD2YaNCfQQ==,iv:d37zoPVJlRCsaQRJOqc08OoiwjclHu6yIwqHCGg0Nsg=,tag:YxwhlS32hvP0h2yo2BhCSg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3QjR0R0MwUmM5bjdNc1ds\nUVRXM3h6cU1WZitKamR5RWVUTkpkWlNjaEVZCis5emhRT29NZ3REbzc4Q3QramxD\neGV5MGk3OGViV0JqVE5Qanp6SFIwdjQKLS0tIHhtSWNaZ28yakdPZmRvMHFvaU1u\nRlVENlZtR05BN2IvLzlPWDJ6TW1yODQKf1mPIanTCfvsICJz3Sl3WJKGxjKW3IjP\n4lj9TjvxaWRodubUWo+H65j4ldu4sz9Jkt5S25eFwKCXziMH2CeDlA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-11T22:27:07Z", + "mac": "ENC[AES256_GCM,data:4rOTlVEL3hIzF52chd57/9lYPLpZCZDPzl73j9V0wtkT6/heVZgq0HjoHEMj2WY7kqRluPeUFpfwgD/t1ITKMPCwobDUH0qkkfStBGErKBxmFMQVM+iexqtwEEyDX61tERbB4tnwaLodMXs9QqiT0IZSfboIaXi2W8kcgzsk0J8=,iv:eaZCpx4td8tPk1dHO6GUe3UvKh8AXFKv+ABP+Jpzx+c=,tag:CAccNNNfOv6NfMtfBNWmMQ==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/verbena/root-password/password/users/rpqt b/vars/per-machine/verbena/root-password/password/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/verbena/root-password/password/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From 10f2a46b8df134aee2e48545cc3ed4e85298c8c5 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 12 Sep 2025 00:27:09 +0200 Subject: [PATCH 140/376] Update vars via generator state-version for machine verbena --- vars/per-machine/verbena/state-version/version/value | 1 + 1 file changed, 1 insertion(+) create mode 100644 vars/per-machine/verbena/state-version/version/value diff --git a/vars/per-machine/verbena/state-version/version/value b/vars/per-machine/verbena/state-version/version/value new file mode 100644 index 0000000..115ab7a --- /dev/null +++ b/vars/per-machine/verbena/state-version/version/value @@ -0,0 +1 @@ +25.11 \ No newline at end of file From 21598ada20661f3b0e7e319aaaa650c5bbda2174 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 12 Sep 2025 00:30:18 +0200 Subject: [PATCH 141/376] Update vars via generator zerotier for machine verbena --- .../zerotier-identity-secret/machines/verbena | 1 + .../zerotier/zerotier-identity-secret/secret | 19 +++++++++++++++++++ .../zerotier-identity-secret/users/rpqt | 1 + .../verbena/zerotier/zerotier-ip/value | 1 + 4 files changed, 22 insertions(+) create mode 120000 vars/per-machine/verbena/zerotier/zerotier-identity-secret/machines/verbena create mode 100644 vars/per-machine/verbena/zerotier/zerotier-identity-secret/secret create mode 120000 vars/per-machine/verbena/zerotier/zerotier-identity-secret/users/rpqt create mode 100644 vars/per-machine/verbena/zerotier/zerotier-ip/value diff --git a/vars/per-machine/verbena/zerotier/zerotier-identity-secret/machines/verbena b/vars/per-machine/verbena/zerotier/zerotier-identity-secret/machines/verbena new file mode 120000 index 0000000..e061a4c --- /dev/null +++ b/vars/per-machine/verbena/zerotier/zerotier-identity-secret/machines/verbena @@ -0,0 +1 @@ +../../../../../../sops/machines/verbena \ No newline at end of file diff --git a/vars/per-machine/verbena/zerotier/zerotier-identity-secret/secret b/vars/per-machine/verbena/zerotier/zerotier-identity-secret/secret new file mode 100644 index 0000000..a158472 --- /dev/null +++ b/vars/per-machine/verbena/zerotier/zerotier-identity-secret/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:msrulcai/A5C7SmFzRsIgpAWFft6fHURoVQCPLYjEIQcWOm9K8mPpeX8Wy6tLp5Sz1Ts9WC5RCq4G4baXWYi4YZ/sP0shJVHQnSjJbqNTw40NN07snlpSiwyGK8zU/RGyS9jxA6SHAiw5kCFZwdLbkVVHwgGIzxq1a6fztMr1gEjfPHILZ7hkEoNGIA/Z9/ry5b7gFdFLdjW3EfjBGdDJX8+Vk+QPqHJEYM9vR5kb86XkH1ZSaKtKaG/vIvYm932iZUP+J/MGee7RC5epvYKUgdKj3Py3w4YQNO0IY7gyzgio3Qr/qQaclN9kPY9rwG6WPbPT46SxJAzzqzzhkx9wJJyLSiFwm8nW+Nfy1km,iv:8F/sYFTc0fiIgTFmssM1nVeG1OZnqS0nXU5ap7QyK88=,tag:BvWwqQPX1QSTyzavUvIhVQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5NEFNRnc0d0ZEUVJmdVk1\nK1RSVWt2QVBONWJFYzNwa2tDTjJ1N3QveGlnCk1CNVphQUJmd1hUNGp4aXdWV3F3\nYVBOTkZ3dWwwYkNMdnhqVkN1dkJRL00KLS0tIDdjc2ovV2xES0pVS25mRUdWOFN3\nN2lQbEd1RVliMFFzS2pVWTk0aWlZb2sKu6hRIchibcxfJH8Vmm0DJ0YyiRf1qGMc\nQr032pO6WIH9mzs/z+3c5wbpm9StTk4WWL+oytiZl0om2X4Bx3BlWw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRMzY0T2tIYXhFdFdaQUYy\nbnp0cHlZaktpcFVSZEUxdUF3WEN5anNEZ1IwClZaOTJ1MUozQTE1S0J4UlNTOXpG\nRFg1ZlZIQ1ljOVczNklLSGtEVHJKdTgKLS0tIHgxa0RBRUJ3a0JRaFFreE85aXYx\nNW1rZm0zSG5nbnl6eHN1eGxQM1JRajAKN+TuleJyh37OdavqJaIAV1wFq3APM8Gp\nVDL+/5B7U6BY/VogWAkTQeCyVURdzdFVp7RAE4jPJYmqAZ1twa3dyg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-11T22:30:18Z", + "mac": "ENC[AES256_GCM,data:cTWCHpWFF7uWtJd6xlCeKdbkr3yv2yD635NGxKzkMgCJRy5SGsyMD6KtaPE3IH62JPZ7ssWzJmHfC+aqlFUaqLQeEoExkz+SCpxDHHQtRjsB7zvSB2Hemkp4E3Tg9KpC9Y2Hhmhn+yYjoDPEJiol9XI0n+Yf5B5ojKyVA8mqC/o=,iv:4D+P3In6v4TzEsZ+xXMzUGDA0smK7BnDsvu09jNLmok=,tag:X3UumaiLPCTl+xmIcXUFcg==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/verbena/zerotier/zerotier-identity-secret/users/rpqt b/vars/per-machine/verbena/zerotier/zerotier-identity-secret/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/verbena/zerotier/zerotier-identity-secret/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file diff --git a/vars/per-machine/verbena/zerotier/zerotier-ip/value b/vars/per-machine/verbena/zerotier/zerotier-ip/value new file mode 100644 index 0000000..ecb2750 --- /dev/null +++ b/vars/per-machine/verbena/zerotier/zerotier-ip/value @@ -0,0 +1 @@ +fd80:150d:17cc:2ae:6999:9306:9a0e:c197 \ No newline at end of file From b2c0898dc953b5eee4eea8a666adca19330e6f1d Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 12 Sep 2025 00:33:59 +0200 Subject: [PATCH 142/376] update(inventory.json): Installed verbena at ubuntu@covoiturage.turifer.dev --- inventory.json | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 inventory.json diff --git a/inventory.json b/inventory.json new file mode 100644 index 0000000..b956cef --- /dev/null +++ b/inventory.json @@ -0,0 +1,7 @@ +{ + "machines": { + "verbena": { + "installedAt": 1757630038 + } + } +} \ No newline at end of file From b0a539fea43032f90ba0e1081009009caf9463f3 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 12 Sep 2025 00:43:45 +0200 Subject: [PATCH 143/376] Set disk schema of machine: verbena to single-disk --- machines/verbena/disko.nix | 50 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 machines/verbena/disko.nix diff --git a/machines/verbena/disko.nix b/machines/verbena/disko.nix new file mode 100644 index 0000000..0f74ef5 --- /dev/null +++ b/machines/verbena/disko.nix @@ -0,0 +1,50 @@ +# --- +# schema = "single-disk" +# [placeholders] +# mainDisk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0" +# --- +# This file was automatically generated! +# CHANGING this configuration requires wiping and reinstalling the machine +{ + + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.grub.enable = true; + disko.devices = { + disk = { + main = { + name = "main-75e31aae5e864fb39a0414ea1230ca81"; + device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + "boot" = { + size = "1M"; + type = "EF02"; # for grub MBR + priority = 1; + }; + ESP = { + type = "EF00"; + size = "500M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} From 731c784b70ccc72b5cedfa3a8fb0552faca41bb7 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 12 Sep 2025 00:51:16 +0200 Subject: [PATCH 144/376] add nextcloud --- machines/crocus/configuration.nix | 1 + machines/crocus/nextcloud.nix | 86 +++++++++++++++++++ machines/genepi/configuration.nix | 2 +- machines/genepi/glance-config.nix | 5 ++ .../genepi/acme.nix => modules/acme-home.nix | 2 +- modules/unbound.nix | 5 ++ .../access-key-id/machines/crocus | 0 .../access-key-id/users/rpqt | 0 8 files changed, 99 insertions(+), 2 deletions(-) create mode 100644 machines/crocus/nextcloud.nix rename machines/genepi/acme.nix => modules/acme-home.nix (95%) mode change 120000 => 100644 vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/machines/crocus mode change 120000 => 100644 vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/users/rpqt diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix index 4e3df56..153d99e 100644 --- a/machines/crocus/configuration.nix +++ b/machines/crocus/configuration.nix @@ -7,6 +7,7 @@ # ./radicle.nix ../../system ../../modules/remote-builder.nix + ./nextcloud.nix ./topology.nix ../../modules/unbound.nix ../../modules/unbound-auth.nix diff --git a/machines/crocus/nextcloud.nix b/machines/crocus/nextcloud.nix new file mode 100644 index 0000000..4a2e5d0 --- /dev/null +++ b/machines/crocus/nextcloud.nix @@ -0,0 +1,86 @@ +{ config, ... }: +let + domain = "home.rpqt.fr"; + fqdn = "cloud.${domain}"; +in +{ + imports = [ + ../../modules/acme-home.nix + ]; + + services.nextcloud = { + enable = true; + hostName = fqdn; + https = true; + config = { + dbtype = "pgsql"; + dbuser = "nextcloud"; + dbhost = "/run/postgresql"; + dbname = "nextcloud"; + # admin user is only for the initial setup + adminuser = "root"; + adminpassFile = config.clan.core.vars.generators.nextcloud.files.admin-password.path; + objectstore.s3 = { + enable = true; + bucket = "garage"; + key = config.clan.core.vars.generators.nextcloud-s3-storage.files.access-key-id.value; + secretFile = config.clan.core.vars.generators.nextcloud-s3-storage.files.access-key-secret.path; + hostname = "127.0.0.1"; + port = 3900; + useSsl = false; + region = "garage"; + usePathStyle = true; + }; + }; + }; + + services.postgresql = { + enable = true; + ensureDatabases = [ "nextcloud" ]; + ensureUsers = [ + { + name = "nextcloud"; + ensureDBOwnership = true; + } + ]; + }; + + systemd.services."nextcloud-setup" = { + requires = [ "postgresql.service" ]; + after = [ "postgresql.service" ]; + }; + + services.nginx.virtualHosts.${config.services.nextcloud.hostName} = { + forceSSL = true; + useACMEHost = domain; + locations."/" = { + proxyPass = "http://127.0.0.1:8080"; + proxyWebsockets = true; + }; + }; + + clan.core.vars.generators.nextcloud = { + prompts.admin-password = { + description = "nextcloud admin password"; + type = "hidden"; + persist = true; + }; + files.admin-password.owner = "nextcloud"; + }; + + clan.core.vars.generators.nextcloud-s3-storage = { + prompts.access-key-id = { + description = "s3 access key id"; + type = "line"; + persist = true; + }; + prompts.access-key-secret = { + description = "s3 access key secret"; + type = "hidden"; + persist = true; + }; + files.access-key-id.owner = "nextcloud"; + files.access-key-id.secret = false; + files.access-key-secret.owner = "nextcloud"; + }; +} diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index 4a7471b..23fdcf6 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -4,7 +4,6 @@ }: { imports = [ - ./acme.nix ./actual.nix ./boot.nix ./builder.nix @@ -21,6 +20,7 @@ ./taskchampion.nix ./topology.nix + ../../modules/acme-home.nix ../../modules/lounge.nix ../../modules/unbound.nix ../../modules/unbound-auth.nix diff --git a/machines/genepi/glance-config.nix b/machines/genepi/glance-config.nix index 4a03a1f..20fc1fe 100644 --- a/machines/genepi/glance-config.nix +++ b/machines/genepi/glance-config.nix @@ -79,6 +79,11 @@ url = "https://assistant.home.rpqt.fr"; icon = "sh:home-assistant"; } + { + title = "Nextcloud"; + url = "https://cloud.home.rpqt.fr"; + icon = "sh:nextcloud"; + } ]; } { diff --git a/machines/genepi/acme.nix b/modules/acme-home.nix similarity index 95% rename from machines/genepi/acme.nix rename to modules/acme-home.nix index e0e1a3d..b348b47 100644 --- a/machines/genepi/acme.nix +++ b/modules/acme-home.nix @@ -1,7 +1,7 @@ { config, ... }: { imports = [ - ../../modules/gandi.nix + ./gandi.nix ]; security.acme = { diff --git a/modules/unbound.nix b/modules/unbound.nix index cf4796b..0fea601 100644 --- a/modules/unbound.nix +++ b/modules/unbound.nix @@ -20,6 +20,11 @@ let "tw" ]; }; + crocus = { + subdomains = [ + "cloud" + ]; + }; }; zerotierInterface = "zts7mq7onf"; machinesZerotierIpRecords = diff --git a/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/machines/crocus b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/machines/crocus deleted file mode 120000 index efe6fd0..0000000 --- a/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/machines/crocus +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/crocus \ No newline at end of file diff --git a/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/machines/crocus b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/machines/crocus new file mode 100644 index 0000000..efe6fd0 --- /dev/null +++ b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/machines/crocus @@ -0,0 +1 @@ +../../../../../../sops/machines/crocus \ No newline at end of file diff --git a/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/users/rpqt b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/users/rpqt deleted file mode 120000 index c6af5c7..0000000 --- a/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/users/rpqt +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/rpqt \ No newline at end of file diff --git a/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/users/rpqt b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/users/rpqt new file mode 100644 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From 00078bf28360f591db8adfc07e4600ea17f24f6f Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 12 Sep 2025 00:51:16 +0200 Subject: [PATCH 145/376] cleanup unused vars (s3 access key id is public) --- .../access-key-id/machines/crocus | 1 - .../nextcloud-s3-storage/access-key-id/secret | 19 ------------------- .../access-key-id/users/rpqt | 1 - 3 files changed, 21 deletions(-) delete mode 100644 vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/machines/crocus delete mode 100644 vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/secret delete mode 100644 vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/users/rpqt diff --git a/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/machines/crocus b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/machines/crocus deleted file mode 100644 index efe6fd0..0000000 --- a/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/machines/crocus +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/crocus \ No newline at end of file diff --git a/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/secret b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/secret deleted file mode 100644 index 10fdf3a..0000000 --- a/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/secret +++ /dev/null @@ -1,19 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:bLr5DUZyVayvhMCW+LJYJ3ATQOqoAQmHZFM=,iv:YPkoGSMkXA5BYp1gYkIZtZP6KpdWFP2rpUjyGMthpsg=,tag:JjJEYkO3YFsSQIneahDBgw==,type:str]", - "sops": { - "age": [ - { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhaitPUU5hTzZSaUcxeFJG\nY1R2YkwwaForMUJ5RmNKakptYk9nSlc2TlVZCkRNRS82bjFpejg0SFdnZGNNR1ZO\nbmNKQVR2WTltTk5tTTdmRnNCaE1OVE0KLS0tIDJhMkNBRzRpdzk5MTJHaldjTC82\nTXRkZVpsMm14ZEtiUEpqRlkxdXUvNWMKyxPSoynYrb9Aq9j+HTTUPSImNJrGUBRT\nQ94GWrSro/2kYpxcR6cx5/F+dxYuPommKsSQJRl3srQnQHx6AA1QcQ==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArUkU2TmVwdmwrRVBlbW9q\nZzkyVHBxb1RGTE9vN0dhWk9XUEtmNW9RWDNJCjhsYlNyazJmd0lrQTRMWHhxLzY3\nYnBhMnE5cVA1SzZqU2ZLeEVTRTVET2cKLS0tIE45WFUzVjdrK3ZUelJnMHNmZFBY\nbUNmRktyUDJJTS9sRms2dVo0STJhMmcKW7TSJT03IL9UW3zPqIXXVXRo2qOKDfuL\n+cUnYpmTi0PS901+96Esuv//3cpxJVESWni+V1QjvFVfQso8NApknw==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2025-09-11T20:22:28Z", - "mac": "ENC[AES256_GCM,data:++XfCtcETmuGLrt+fj+hf/U08wbedRcvNxv6IE6EymB0MwWTI7Tnd31+Z/v5eux0bXk6E0CI1FDmFIEJkJ2+aViBArA8Va5mawYxXS76moFqIaPcgsCfJhOM5elbVq6fqxWghnKFvjr/UT+tZj9sBMY0f5IBr2z62SLfeczk56U=,iv:uZomt0qhWs7fRUlhhtXcT3bIIhOYKr9vW6Evhg2ionw=,tag:JaZxP4HDisuTyE0dXiIMhQ==,type:str]", - "unencrypted_suffix": "_unencrypted", - "version": "3.10.2" - } -} diff --git a/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/users/rpqt b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/users/rpqt deleted file mode 100644 index c6af5c7..0000000 --- a/vars/per-machine/crocus/nextcloud-s3-storage/access-key-id/users/rpqt +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/rpqt \ No newline at end of file From f62d7a4cde47fa9a7cbc97b1b1c71ca57c97bebd Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 12 Sep 2025 00:57:50 +0200 Subject: [PATCH 146/376] update(inventory.json): Installed verbena at root@covoiturage.turifer.dev --- inventory.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory.json b/inventory.json index b956cef..4ebb2fa 100644 --- a/inventory.json +++ b/inventory.json @@ -1,7 +1,7 @@ { "machines": { "verbena": { - "installedAt": 1757630038 + "installedAt": 1757631470 } } } \ No newline at end of file From c44f08d6be1e52b84790b16c5728cf39d40cbccc Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 12 Sep 2025 01:25:20 +0200 Subject: [PATCH 147/376] update(inventory.json): Installed verbena at root@covoiturage.turifer.dev --- inventory.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory.json b/inventory.json index 4ebb2fa..9465cf3 100644 --- a/inventory.json +++ b/inventory.json @@ -1,7 +1,7 @@ { "machines": { "verbena": { - "installedAt": 1757631470 + "installedAt": 1757633120 } } } \ No newline at end of file From f2a76156c910c9789ee554543359c541542769ae Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 15 Sep 2025 21:37:21 +0200 Subject: [PATCH 148/376] remove nix-topology --- flake.nix | 10 -------- machines/crocus/configuration.nix | 4 ++-- machines/crocus/topology.nix | 11 --------- machines/genepi/configuration.nix | 1 - machines/genepi/topology.nix | 24 ------------------- machines/haze/configuration.nix | 1 - machines/haze/topology.nix | 12 ---------- system/network/default.nix | 1 - topology.nix | 40 ------------------------------- 9 files changed, 2 insertions(+), 102 deletions(-) delete mode 100644 machines/crocus/topology.nix delete mode 100644 machines/genepi/topology.nix delete mode 100644 machines/haze/topology.nix delete mode 100644 topology.nix diff --git a/flake.nix b/flake.nix index 40a62d2..4ec8141 100644 --- a/flake.nix +++ b/flake.nix @@ -16,7 +16,6 @@ flake-parts.lib.mkFlake { inherit inputs; } ({ imports = [ inputs.clan-core.flakeModules.default - inputs.nix-topology.flakeModule ./clanServices/flake-module.nix ./devShells/flake-module.nix @@ -29,12 +28,6 @@ "aarch64-linux" ]; - perSystem = _: { - topology.modules = [ - ./topology.nix - ]; - }; - flake = { packages.aarch64-linux.genepi-installer-sd-image = nixos-generators.nixosGenerate { specialArgs = { @@ -83,9 +76,6 @@ ignis.url = "github:ignis-sh/ignis"; ignis.inputs.nixpkgs.follows = "nixpkgs"; - nix-topology.url = "github:oddlama/nix-topology"; - nix-topology.inputs.nixpkgs.follows = "nixpkgs"; - matugen.url = "github:InioX/Matugen"; matugen.inputs.nixpkgs.follows = "nixpkgs"; diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix index 153d99e..67f1a73 100644 --- a/machines/crocus/configuration.nix +++ b/machines/crocus/configuration.nix @@ -5,10 +5,10 @@ { imports = [ # ./radicle.nix - ../../system + ../../system/core + ../../system/nix ../../modules/remote-builder.nix ./nextcloud.nix - ./topology.nix ../../modules/unbound.nix ../../modules/unbound-auth.nix self.nixosModules.gitea diff --git a/machines/crocus/topology.nix b/machines/crocus/topology.nix deleted file mode 100644 index d658870..0000000 --- a/machines/crocus/topology.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - topology.self = { - hardware.info = "x86_64 VPS"; - interfaces = { - tailscale0 = { - type = "wireguard"; - network = "tailscale"; - }; - }; - }; -} diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index 23fdcf6..8ceb500 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -18,7 +18,6 @@ ./pinchflat.nix ./syncthing.nix ./taskchampion.nix - ./topology.nix ../../modules/acme-home.nix ../../modules/lounge.nix diff --git a/machines/genepi/topology.nix b/machines/genepi/topology.nix deleted file mode 100644 index 184608a..0000000 --- a/machines/genepi/topology.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ config, ... }: -let - inherit (config.lib.topology) - mkConnection - ; -in -{ - topology.self = { - hardware.info = "Raspberry Pi 4B"; - interfaces = { - tailscale0 = { - type = "wireguard"; - network = "tailscale"; - }; - enp1s0 = { - type = "ethernet"; - network = "home"; - physicalConnections = [ - (mkConnection "cassoulet" "eth1") - ]; - }; - }; - }; -} diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index 272a1a7..1aecf89 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -17,7 +17,6 @@ ./thunderbird.nix ./network.nix ./syncthing.nix - ./topology.nix ./video.nix ../../system diff --git a/machines/haze/topology.nix b/machines/haze/topology.nix deleted file mode 100644 index 8a2990a..0000000 --- a/machines/haze/topology.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - topology.self = { - hardware.info = "VivoBook Laptop"; - interfaces = { - tailscale0 = { - type = "wireguard"; - network = "tailscale"; - virtual = true; - }; - }; - }; -} diff --git a/system/network/default.nix b/system/network/default.nix index 5b74a30..2abc273 100644 --- a/system/network/default.nix +++ b/system/network/default.nix @@ -1,7 +1,6 @@ { self, ... }: { imports = [ - self.inputs.nix-topology.nixosModules.default ./tailscale.nix ]; } diff --git a/topology.nix b/topology.nix deleted file mode 100644 index bd2d18b..0000000 --- a/topology.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, ... }: -let - inherit (config.lib.topology) - mkConnection - mkInternet - mkRouter - ; -in -{ - nodes.internet = mkInternet { - connections = [ - (mkConnection "cassoulet" "wan1") - (mkConnection "crocus" "enp1s0") - ]; - }; - - nodes.cassoulet = mkRouter "Cassoulet" { - info = "BBox Fibre"; - interfaceGroups = [ - [ "wan1" ] - [ - "eth1" - "eth2" - "eth3" - "eth4" - ] - ]; - }; - - networks.home = { - name = "Home Network"; - cidrv4 = "192.168.1.1/24"; - }; - - networks.tailscale = { - name = "Tailscale"; - cidrv4 = "100.100.181.10/32"; - cidrv6 = "fd7a:115c:a1e0::2401:b50a/128"; - }; -} From 4f2d448d6f7adaa126c61207c4089ae4532c4689 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 15 Sep 2025 21:37:21 +0200 Subject: [PATCH 149/376] update flake inputs --- flake.lock | 199 ++++++++--------------------------------------------- 1 file changed, 28 insertions(+), 171 deletions(-) diff --git a/flake.lock b/flake.lock index 4e8d13a..866677d 100644 --- a/flake.lock +++ b/flake.lock @@ -18,11 +18,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1757439969, - "narHash": "sha256-n2LXotKVjlgAfAm5F6i0ryX54QokuPIf+P9DmQdjGts=", + "lastModified": 1757595727, + "narHash": "sha256-1OTbl/Nafpek+5J/KLOfMCn8HVaTj/Z7DOm8O89sTmQ=", "ref": "refs/heads/main", - "rev": "af4e9e784ba77915a9e334de81ac0f347ed1e261", - "revCount": 9912, + "rev": "7d265a6156bf3679332436a982b8574c45f80a0d", + "revCount": 9936, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -58,27 +58,6 @@ "url": "https://git.clan.lol/clan/data-mesher/archive/main.tar.gz" } }, - "devshell": { - "inputs": { - "nixpkgs": [ - "nix-topology", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1728330715, - "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", - "owner": "numtide", - "repo": "devshell", - "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "devshell", - "type": "github" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -87,11 +66,11 @@ ] }, "locked": { - "lastModified": 1757255839, - "narHash": "sha256-XH33B1X888Xc/xEXhF1RPq/kzKElM0D5C9N6YdvOvIc=", + "lastModified": 1757508292, + "narHash": "sha256-7lVWL5bC6xBIMWWDal41LlGAG+9u2zUorqo3QCUL4p4=", "owner": "nix-community", "repo": "disko", - "rev": "c8a0e78d86b12ea67be6ed0f7cae7f9bfabae75a", + "rev": "146f45bee02b8bd88812cfce6ffc0f933788875a", "type": "github" }, "original": { @@ -107,11 +86,11 @@ ] }, "locked": { - "lastModified": 1757255839, - "narHash": "sha256-XH33B1X888Xc/xEXhF1RPq/kzKElM0D5C9N6YdvOvIc=", + "lastModified": 1757508292, + "narHash": "sha256-7lVWL5bC6xBIMWWDal41LlGAG+9u2zUorqo3QCUL4p4=", "owner": "nix-community", "repo": "disko", - "rev": "c8a0e78d86b12ea67be6ed0f7cae7f9bfabae75a", + "rev": "146f45bee02b8bd88812cfce6ffc0f933788875a", "type": "github" }, "original": { @@ -120,22 +99,6 @@ "type": "github" } }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -156,46 +119,6 @@ "type": "github" } }, - "flake-utils": { - "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "nix-topology", - "pre-commit-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -203,11 +126,11 @@ ] }, "locked": { - "lastModified": 1757385184, - "narHash": "sha256-LCxtQn9ajvOgGRbQIRUJgfP7clMGGvV1SDW1HcSb0zk=", + "lastModified": 1757598712, + "narHash": "sha256-5PWVrdMp8u31Q247jqnJcwxKg3MJrs1TadTyTBRVBDY=", "owner": "nix-community", "repo": "home-manager", - "rev": "26993d87fd0d3b14f7667b74ad82235f120d986e", + "rev": "6d7c11a0adee0db21e3a8ef90ae07bb89bc20b8f", "type": "github" }, "original": { @@ -224,11 +147,11 @@ ] }, "locked": { - "lastModified": 1757183812, - "narHash": "sha256-VRrwsrpj4htZvwu1TYoLbsahcPOkombZZSqs2NnYMnM=", + "lastModified": 1757521698, + "narHash": "sha256-W3D0h3Xk/eKHF7E2iMecStIQjYPCskiQWKWskjx6vfo=", "owner": "ignis-sh", "repo": "ignis", - "rev": "f09be7e34aadf83f019bfc9059507caea049d30b", + "rev": "7ee293b22253ba2b075c1fc95afcde2a1cc76c03", "type": "github" }, "original": { @@ -302,11 +225,11 @@ ] }, "locked": { - "lastModified": 1757130842, - "narHash": "sha256-4i7KKuXesSZGUv0cLPLfxbmF1S72Gf/3aSypgvVkwuA=", + "lastModified": 1757430124, + "narHash": "sha256-MhDltfXesGH8VkGv3hmJ1QEKl1ChTIj9wmGAFfWj/Wk=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "15f067638e2887c58c4b6ba1bdb65a0b61dc58c5", + "rev": "830b3f0b50045cf0bcfd4dab65fad05bf882e196", "type": "github" }, "original": { @@ -328,29 +251,6 @@ "url": "https://git.clan.lol/clan/nix-select/archive/main.tar.gz" } }, - "nix-topology": { - "inputs": { - "devshell": "devshell", - "flake-utils": "flake-utils", - "nixpkgs": [ - "nixpkgs" - ], - "pre-commit-hooks": "pre-commit-hooks" - }, - "locked": { - "lastModified": 1752093877, - "narHash": "sha256-P0TySh6sQl1EhfxjW9ZqGxEyUBSsEpdnchOe1QB0pLA=", - "owner": "oddlama", - "repo": "nix-topology", - "rev": "6a536c4b686ee4bcf07a7b0f8b823584560e2633", - "type": "github" - }, - "original": { - "owner": "oddlama", - "repo": "nix-topology", - "type": "github" - } - }, "nixlib": { "locked": { "lastModified": 1736643958, @@ -434,11 +334,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1757347588, - "narHash": "sha256-tLdkkC6XnsY9EOZW9TlpesTclELy8W7lL2ClL+nma8o=", + "lastModified": 1757487488, + "narHash": "sha256-zwE/e7CuPJUWKdvvTCB7iunV4E/+G0lKfv4kk/5Izdg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b599843bad24621dcaa5ab60dac98f9b0eb1cabe", + "rev": "ab0f3607a6c7486ea22229b92ed2d355f1482ee0", "type": "github" }, "original": { @@ -448,33 +348,6 @@ "type": "github" } }, - "pre-commit-hooks": { - "inputs": { - "flake-compat": "flake-compat", - "gitignore": "gitignore", - "nixpkgs": [ - "nix-topology", - "nixpkgs" - ], - "nixpkgs-stable": [ - "nix-topology", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1730797577, - "narHash": "sha256-SrID5yVpyUfknUTGWgYkTyvdr9J1LxUym4om3SVGPkg=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "1864030ed24a2b8b4e4d386a5eeaf0c5369e50a9", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, "root": { "inputs": { "clan-core": "clan-core", @@ -484,7 +357,6 @@ "ignis": "ignis", "impermanence": "impermanence", "matugen": "matugen", - "nix-topology": "nix-topology", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", @@ -499,11 +371,11 @@ ] }, "locked": { - "lastModified": 1754988908, - "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", + "lastModified": 1757449901, + "narHash": "sha256-qwN8nYdSRnmmyyi+uR6m4gXnVktmy5smG1MOrSFD8PI=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", + "rev": "3b4a369df9dd6ee171a7ea4448b50e2528faf850", "type": "github" }, "original": { @@ -519,11 +391,11 @@ ] }, "locked": { - "lastModified": 1757298062, - "narHash": "sha256-bSaQxOCzj0ky6HYSCJxoT8XEeqwzzJFP6R80bgGJVjM=", + "lastModified": 1757552363, + "narHash": "sha256-4dtGagSfwMabRi59g7E8T6FcdghNizLbR4PwU1g8lDI=", "owner": "nix-community", "repo": "srvos", - "rev": "0070590bf5bd5dc97b8e644720c3c7c90e16f8bc", + "rev": "ec58f16bdb57cf3a17bba79f687945dca1703c64", "type": "github" }, "original": { @@ -562,21 +434,6 @@ "type": "github" } }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ From 3616993be8cd333ed52e5b3210e5a420958d1edc Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 15 Sep 2025 21:37:21 +0200 Subject: [PATCH 150/376] add machine verbena --- machines/flake-module.nix | 7 + machines/verbena/configuration.nix | 35 + machines/verbena/facter.json | 2227 ++++++++++++++++++++++++++++ modules/unbound-auth.nix | 4 + 4 files changed, 2273 insertions(+) create mode 100644 machines/verbena/configuration.nix create mode 100644 machines/verbena/facter.json diff --git a/machines/flake-module.nix b/machines/flake-module.nix index 7bbcd94..b629ff8 100644 --- a/machines/flake-module.nix +++ b/machines/flake-module.nix @@ -22,6 +22,12 @@ "syncthing" ]; }; + verbena = { + tags = [ + "garage" + "server" + ]; + }; }; inventory.instances = { @@ -32,6 +38,7 @@ "crocus" = { }; "genepi" = { }; "haze" = { }; + "verbena" = { }; }; roles.default.settings.allowedKeys = { rpqt_haze = (import ../parts).keys.rpqt.haze; diff --git a/machines/verbena/configuration.nix b/machines/verbena/configuration.nix new file mode 100644 index 0000000..6e5056b --- /dev/null +++ b/machines/verbena/configuration.nix @@ -0,0 +1,35 @@ +{ self, lib, ... }: +{ + imports = [ + ../../system/core + ../../system/nix + ../../modules/unbound.nix + ../../modules/unbound-auth.nix + + self.inputs.srvos.nixosModules.server + ]; + + nixpkgs.hostPlatform = "x86_64-linux"; + + networking.hostName = "verbena"; + + networking.useDHCP = lib.mkDefault true; + + clan.core.settings.state-version.enable = true; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + }; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + + security.acme = { + acceptTerms = true; + defaults.email = "admin@turifer.dev"; + }; +} diff --git a/machines/verbena/facter.json b/machines/verbena/facter.json new file mode 100644 index 0000000..164afc3 --- /dev/null +++ b/machines/verbena/facter.json @@ -0,0 +1,2227 @@ +{ + "version": 1, + "system": "x86_64-linux", + "virtualisation": "kvm", + "hardware": { + "bios": { + "apm_info": { + "supported": false, + "enabled": false, + "version": 0, + "sub_version": 0, + "bios_flags": 0 + }, + "vbe_info": { + "version": 0, + "video_memory": 0 + }, + "pnp": true, + "pnp_id": 0, + "lba_support": false, + "low_memory_size": 654336, + "smbios_version": 520 + }, + "bridge": [ + { + "index": 9, + "attached_to": 0, + "class_list": [ + "pci", + "bridge" + ], + "bus_type": { + "hex": "0004", + "name": "PCI", + "value": 4 + }, + "slot": { + "bus": 0, + "number": 1 + }, + "base_class": { + "hex": "0006", + "name": "Bridge", + "value": 6 + }, + "sub_class": { + "hex": "0001", + "name": "ISA bridge", + "value": 1 + }, + "vendor": { + "hex": "8086", + "name": "Intel Corporation", + "value": 32902 + }, + "sub_vendor": { + "hex": "1af4", + "value": 6900 + }, + "device": { + "hex": "7000", + "value": 28672 + }, + "sub_device": { + "hex": "1100", + "value": 4352 + }, + "model": "Intel ISA bridge", + "sysfs_id": "/devices/pci0000:00/0000:00:01.0", + "sysfs_bus_id": "0000:00:01.0", + "detail": { + "function": 0, + "command": 259, + "header_type": 0, + "secondary_bus": 0, + "irq": 0, + "prog_if": 0 + }, + "module_alias": "pci:v00008086d00007000sv00001AF4sd00001100bc06sc01i00" + }, + { + "index": 11, + "attached_to": 0, + "class_list": [ + "pci", + "bridge" + ], + "bus_type": { + "hex": "0004", + "name": "PCI", + "value": 4 + }, + "slot": { + "bus": 0, + "number": 0 + }, + "base_class": { + "hex": "0006", + "name": "Bridge", + "value": 6 + }, + "sub_class": { + "hex": "0000", + "name": "Host bridge", + "value": 0 + }, + "vendor": { + "hex": "8086", + "name": "Intel Corporation", + "value": 32902 + }, + "sub_vendor": { + "hex": "1af4", + "value": 6900 + }, + "device": { + "hex": "1237", + "value": 4663 + }, + "sub_device": { + "hex": "1100", + "value": 4352 + }, + "revision": { + "hex": "0002", + "value": 2 + }, + "model": "Intel Host bridge", + "sysfs_id": "/devices/pci0000:00/0000:00:00.0", + "sysfs_bus_id": "0000:00:00.0", + "detail": { + "function": 0, + "command": 259, + "header_type": 0, + "secondary_bus": 0, + "irq": 0, + "prog_if": 0 + }, + "module_alias": "pci:v00008086d00001237sv00001AF4sd00001100bc06sc00i00" + }, + { + "index": 12, + "attached_to": 0, + "class_list": [ + "pci", + "bridge" + ], + "bus_type": { + "hex": "0004", + "name": "PCI", + "value": 4 + }, + "slot": { + "bus": 0, + "number": 1 + }, + "base_class": { + "hex": "0006", + "name": "Bridge", + "value": 6 + }, + "sub_class": { + "hex": "0080", + "name": "Bridge", + "value": 128 + }, + "vendor": { + "hex": "8086", + "name": "Intel Corporation", + "value": 32902 + }, + "sub_vendor": { + "hex": "1af4", + "value": 6900 + }, + "device": { + "hex": "7113", + "value": 28947 + }, + "sub_device": { + "hex": "1100", + "value": 4352 + }, + "revision": { + "hex": "0003", + "value": 3 + }, + "model": "Intel Bridge", + "sysfs_id": "/devices/pci0000:00/0000:00:01.3", + "sysfs_bus_id": "0000:00:01.3", + "resources": [ + { + "type": "irq", + "base": 9, + "triggered": 0, + "enabled": true + } + ], + "detail": { + "function": 3, + "command": 259, + "header_type": 0, + "secondary_bus": 0, + "irq": 9, + "prog_if": 0 + }, + "driver": "piix4_smbus", + "driver_module": "i2c_piix4", + "drivers": [ + "piix4_smbus" + ], + "driver_modules": [ + "i2c_piix4" + ], + "module_alias": "pci:v00008086d00007113sv00001AF4sd00001100bc06sc80i00" + } + ], + "cpu": [ + { + "architecture": "x86_64", + "vendor_name": "GenuineIntel", + "family": 6, + "model": 60, + "stepping": 1, + "features": [ + "fpu", + "vme", + "de", + "pse", + "tsc", + "msr", + "pae", + "mce", + "cx8", + "apic", + "sep", + "mtrr", + "pge", + "mca", + "cmov", + "pat", + "pse36", + "clflush", + "mmx", + "fxsr", + "sse", + "sse2", + "syscall", + "nx", + "rdtscp", + "lm", + "constant_tsc", + "rep_good", + "nopl", + "xtopology", + "cpuid", + "tsc_known_freq", + "pni", + "pclmulqdq", + "vmx", + "ssse3", + "fma", + "cx16", + "pcid", + "sse4_1", + "sse4_2", + "x2apic", + "movbe", + "popcnt", + "tsc_deadline_timer", + "aes", + "xsave", + "avx", + "f16c", + "rdrand", + "hypervisor", + "lahf_lm", + "abm", + "cpuid_fault", + "pti", + "tpr_shadow", + "flexpriority", + "ept", + "vpid", + "ept_ad", + "fsgsbase", + "bmi1", + "avx2", + "smep", + "bmi2", + "erms", + "invpcid", + "xsaveopt", + "arat", + "vnmi", + "md_clear" + ], + "bugs": [ + "cpu_meltdown", + "spectre_v1", + "spectre_v2", + "spec_store_bypass", + "l1tf", + "mds", + "swapgs", + "itlb_multihit", + "srbds", + "mmio_unknown", + "bhi", + "its" + ], + "bogo": 5986.13, + "cache": 16384, + "physical_id": 0, + "siblings": 1, + "cores": 1, + "fpu": true, + "fpu_exception": true, + "cpuid_level": 13, + "write_protect": false, + "clflush_size": 64, + "cache_alignment": 64, + "address_sizes": { + "physical": "0x28", + "virtual": "0x30" + } + }, + { + "architecture": "x86_64", + "vendor_name": "GenuineIntel", + "family": 6, + "model": 60, + "stepping": 1, + "features": [ + "fpu", + "vme", + "de", + "pse", + "tsc", + "msr", + "pae", + "mce", + "cx8", + "apic", + "sep", + "mtrr", + "pge", + "mca", + "cmov", + "pat", + "pse36", + "clflush", + "mmx", + "fxsr", + "sse", + "sse2", + "syscall", + "nx", + "rdtscp", + "lm", + "constant_tsc", + "rep_good", + "nopl", + "xtopology", + "cpuid", + "tsc_known_freq", + "pni", + "pclmulqdq", + "vmx", + "ssse3", + "fma", + "cx16", + "pcid", + "sse4_1", + "sse4_2", + "x2apic", + "movbe", + "popcnt", + "tsc_deadline_timer", + "aes", + "xsave", + "avx", + "f16c", + "rdrand", + "hypervisor", + "lahf_lm", + "abm", + "cpuid_fault", + "pti", + "tpr_shadow", + "flexpriority", + "ept", + "vpid", + "ept_ad", + "fsgsbase", + "bmi1", + "avx2", + "smep", + "bmi2", + "erms", + "invpcid", + "xsaveopt", + "arat", + "vnmi", + "md_clear" + ], + "bugs": [ + "cpu_meltdown", + "spectre_v1", + "spectre_v2", + "spec_store_bypass", + "l1tf", + "mds", + "swapgs", + "itlb_multihit", + "srbds", + "mmio_unknown", + "bhi", + "its" + ], + "bogo": 5986.13, + "cache": 16384, + "physical_id": 1, + "siblings": 1, + "cores": 1, + "fpu": true, + "fpu_exception": true, + "cpuid_level": 13, + "write_protect": false, + "clflush_size": 64, + "cache_alignment": 64, + "address_sizes": { + "physical": "0x28", + "virtual": "0x30" + } + }, + { + "architecture": "x86_64", + "vendor_name": "GenuineIntel", + "family": 6, + "model": 60, + "stepping": 1, + "features": [ + "fpu", + "vme", + "de", + "pse", + "tsc", + "msr", + "pae", + "mce", + "cx8", + "apic", + "sep", + "mtrr", + "pge", + "mca", + "cmov", + "pat", + "pse36", + "clflush", + "mmx", + "fxsr", + "sse", + "sse2", + "syscall", + "nx", + "rdtscp", + "lm", + "constant_tsc", + "rep_good", + "nopl", + "xtopology", + "cpuid", + "tsc_known_freq", + "pni", + "pclmulqdq", + "vmx", + "ssse3", + "fma", + "cx16", + "pcid", + "sse4_1", + "sse4_2", + "x2apic", + "movbe", + "popcnt", + "tsc_deadline_timer", + "aes", + "xsave", + "avx", + "f16c", + "rdrand", + "hypervisor", + "lahf_lm", + "abm", + "cpuid_fault", + "pti", + "tpr_shadow", + "flexpriority", + "ept", + "vpid", + "ept_ad", + "fsgsbase", + "bmi1", + "avx2", + "smep", + "bmi2", + "erms", + "invpcid", + "xsaveopt", + "arat", + "vnmi", + "md_clear" + ], + "bugs": [ + "cpu_meltdown", + "spectre_v1", + "spectre_v2", + "spec_store_bypass", + "l1tf", + "mds", + "swapgs", + "itlb_multihit", + "srbds", + "mmio_unknown", + "bhi", + "its" + ], + "bogo": 5986.13, + "cache": 16384, + "physical_id": 2, + "siblings": 1, + "cores": 1, + "fpu": true, + "fpu_exception": true, + "cpuid_level": 13, + "write_protect": false, + "clflush_size": 64, + "cache_alignment": 64, + "address_sizes": { + "physical": "0x28", + "virtual": "0x30" + } + }, + { + "architecture": "x86_64", + "vendor_name": "GenuineIntel", + "family": 6, + "model": 60, + "stepping": 1, + "features": [ + "fpu", + "vme", + "de", + "pse", + "tsc", + "msr", + "pae", + "mce", + "cx8", + "apic", + "sep", + "mtrr", + "pge", + "mca", + "cmov", + "pat", + "pse36", + "clflush", + "mmx", + "fxsr", + "sse", + "sse2", + "syscall", + "nx", + "rdtscp", + "lm", + "constant_tsc", + "rep_good", + "nopl", + "xtopology", + "cpuid", + "tsc_known_freq", + "pni", + "pclmulqdq", + "vmx", + "ssse3", + "fma", + "cx16", + "pcid", + "sse4_1", + "sse4_2", + "x2apic", + "movbe", + "popcnt", + "tsc_deadline_timer", + "aes", + "xsave", + "avx", + "f16c", + "rdrand", + "hypervisor", + "lahf_lm", + "abm", + "cpuid_fault", + "pti", + "tpr_shadow", + "flexpriority", + "ept", + "vpid", + "ept_ad", + "fsgsbase", + "bmi1", + "avx2", + "smep", + "bmi2", + "erms", + "invpcid", + "xsaveopt", + "arat", + "vnmi", + "md_clear" + ], + "bugs": [ + "cpu_meltdown", + "spectre_v1", + "spectre_v2", + "spec_store_bypass", + "l1tf", + "mds", + "swapgs", + "itlb_multihit", + "srbds", + "mmio_unknown", + "bhi", + "its" + ], + "bogo": 5986.13, + "cache": 16384, + "physical_id": 3, + "siblings": 1, + "cores": 1, + "fpu": true, + "fpu_exception": true, + "cpuid_level": 13, + "write_protect": false, + "clflush_size": 64, + "cache_alignment": 64, + "address_sizes": { + "physical": "0x28", + "virtual": "0x30" + } + } + ], + "disk": [ + { + "index": 23, + "attached_to": 18, + "class_list": [ + "disk", + "scsi", + "block_device" + ], + "bus_type": { + "hex": "0084", + "name": "SCSI", + "value": 132 + }, + "slot": { + "bus": 0, + "number": 0 + }, + "base_class": { + "hex": "0106", + "name": "Mass Storage Device", + "value": 262 + }, + "sub_class": { + "hex": "0000", + "name": "Disk", + "value": 0 + }, + "vendor": { + "hex": "0000", + "name": "QEMU", + "value": 0 + }, + "device": { + "hex": "0000", + "name": "QEMU HARDDISK", + "value": 0 + }, + "revision": { + "hex": "0000", + "name": "2.5+", + "value": 0 + }, + "model": "QEMU HARDDISK", + "sysfs_id": "/class/block/sda", + "sysfs_bus_id": "0:0:0:0", + "sysfs_device_link": "/devices/pci0000:00/0000:00:04.0/virtio1/host0/target0:0:0/0:0:0:0", + "unix_device_name": "/dev/sda", + "unix_device_number": { + "type": 98, + "major": 8, + "minor": 0, + "range": 16 + }, + "unix_device_names": [ + "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0", + "/dev/disk/by-path/pci-0000:00:04.0-scsi-0:0:0:0", + "/dev/sda" + ], + "unix_device_name2": "/dev/sg0", + "unix_device_number2": { + "type": 99, + "major": 21, + "minor": 0, + "range": 1 + }, + "rom_id": "0x80", + "resources": [ + { + "type": "disk_geo", + "cylinders": 9790, + "heads": 255, + "sectors": 63, + "size": "0x0", + "geo_type": "logical" + }, + { + "type": "size", + "unit": "sectors", + "value_1": 157286400, + "value_2": 512 + } + ], + "driver": "virtio_scsi", + "driver_module": "virtio_scsi", + "drivers": [ + "sd", + "virtio_scsi" + ], + "driver_modules": [ + "sd_mod", + "virtio_scsi" + ] + } + ], + "graphics_card": [ + { + "index": 16, + "attached_to": 0, + "class_list": [ + "graphics_card", + "pci" + ], + "bus_type": { + "hex": "0004", + "name": "PCI", + "value": 4 + }, + "slot": { + "bus": 0, + "number": 2 + }, + "base_class": { + "hex": "0003", + "name": "Display controller", + "value": 3 + }, + "sub_class": { + "hex": "0000", + "name": "VGA compatible controller", + "value": 0 + }, + "pci_interface": { + "hex": "0000", + "name": "VGA", + "value": 0 + }, + "vendor": { + "hex": "1013", + "name": "Cirrus Logic", + "value": 4115 + }, + "sub_vendor": { + "hex": "1af4", + "value": 6900 + }, + "device": { + "hex": "00b8", + "name": "GD 5446", + "value": 184 + }, + "sub_device": { + "hex": "1100", + "value": 4352 + }, + "model": "Cirrus Logic GD 5446", + "sysfs_id": "/devices/pci0000:00/0000:00:02.0", + "sysfs_bus_id": "0000:00:02.0", + "resources": [ + { + "type": "mem", + "base": 4227858432, + "range": 33554432, + "enabled": true, + "access": "read_only", + "prefetch": "no" + }, + { + "type": "mem", + "base": 4273537024, + "range": 4096, + "enabled": true, + "access": "read_write", + "prefetch": "no" + }, + { + "type": "mem", + "base": 786432, + "range": 131072, + "enabled": false, + "access": "read_write", + "prefetch": "no" + } + ], + "detail": { + "function": 0, + "command": 259, + "header_type": 0, + "secondary_bus": 0, + "irq": 0, + "prog_if": 0 + }, + "driver": "cirrus-qemu", + "driver_module": "cirrus_qemu", + "drivers": [ + "cirrus-qemu" + ], + "driver_modules": [ + "cirrus_qemu" + ], + "driver_info": { + "type": "x11", + "db_entry_0": [ + "4", + "cirrus" + ], + "server": "cirrus", + "xf86_version": "4", + "supports_3d": false, + "Colors": { + "all": 0, + "c8": 0, + "c15": 0, + "c16": 0, + "c24": 0, + "c32": 0 + }, + "dac_speed": 0, + "script": "" + }, + "module_alias": "pci:v00001013d000000B8sv00001AF4sd00001100bc03sc00i00" + } + ], + "hub": [ + { + "index": 24, + "attached_to": 8, + "class_list": [ + "usb", + "hub" + ], + "bus_type": { + "hex": "0086", + "name": "USB", + "value": 134 + }, + "slot": { + "bus": 0, + "number": 0 + }, + "base_class": { + "hex": "010a", + "name": "Hub", + "value": 266 + }, + "vendor": { + "hex": "1d6b", + "name": "Linux 6.14.10 uhci_hcd", + "value": 7531 + }, + "device": { + "hex": "0001", + "name": "UHCI Host Controller", + "value": 1 + }, + "revision": { + "hex": "0000", + "name": "6.14", + "value": 0 + }, + "serial": "0000:00:01.2", + "model": "Linux 6.14.10 uhci_hcd UHCI Host Controller", + "sysfs_id": "/devices/pci0000:00/0000:00:01.2/usb1/1-0:1.0", + "sysfs_bus_id": "1-0:1.0", + "resources": [ + { + "type": "baud", + "speed": 12000000, + "bits": 0, + "stop_bits": 0, + "parity": 0, + "handshake": 0 + } + ], + "detail": { + "device_class": { + "hex": "0009", + "name": "hub", + "value": 9 + }, + "device_subclass": { + "hex": "0000", + "name": "per_interface", + "value": 0 + }, + "device_protocol": 0, + "interface_class": { + "hex": "0009", + "name": "hub", + "value": 9 + }, + "interface_subclass": { + "hex": "0000", + "name": "per_interface", + "value": 0 + }, + "interface_protocol": 0, + "interface_number": 0, + "interface_alternate_setting": 0 + }, + "hotplug": "usb", + "driver": "hub", + "driver_module": "usbcore", + "drivers": [ + "hub" + ], + "driver_modules": [ + "usbcore" + ], + "module_alias": "usb:v1D6Bp0001d0614dc09dsc00dp00ic09isc00ip00in00" + } + ], + "memory": [ + { + "index": 7, + "attached_to": 0, + "class_list": [ + "memory" + ], + "base_class": { + "hex": "0101", + "name": "Internally Used Class", + "value": 257 + }, + "sub_class": { + "hex": "0002", + "name": "Main Memory", + "value": 2 + }, + "model": "Main Memory", + "resources": [ + { + "type": "mem", + "base": 0, + "range": 8130945024, + "enabled": true, + "access": "read_write", + "prefetch": "unknown" + }, + { + "type": "phys_mem", + "range": 8053063680 + } + ] + } + ], + "mouse": [ + { + "index": 25, + "attached_to": 24, + "class_list": [ + "mouse", + "usb" + ], + "bus_type": { + "hex": "0086", + "name": "USB", + "value": 134 + }, + "slot": { + "bus": 0, + "number": 0 + }, + "base_class": { + "hex": "0105", + "name": "Mouse", + "value": 261 + }, + "sub_class": { + "hex": "0003", + "name": "USB Mouse", + "value": 3 + }, + "vendor": { + "hex": "0627", + "name": "QEMU", + "value": 1575 + }, + "device": { + "hex": "0001", + "name": "QEMU USB Tablet", + "value": 1 + }, + "serial": "28754-0000:00:01.2-1", + "compat_vendor": "Unknown", + "compat_device": "Generic USB Mouse", + "model": "QEMU USB Tablet", + "sysfs_id": "/devices/pci0000:00/0000:00:01.2/usb1/1-1/1-1:1.0", + "sysfs_bus_id": "1-1:1.0", + "unix_device_name": "/dev/input/mice", + "unix_device_number": { + "type": 99, + "major": 13, + "minor": 63, + "range": 1 + }, + "unix_device_names": [ + "/dev/input/mice" + ], + "unix_device_name2": "/dev/input/mouse0", + "unix_device_number2": { + "type": 99, + "major": 13, + "minor": 32, + "range": 1 + }, + "resources": [ + { + "type": "baud", + "speed": 12000000, + "bits": 0, + "stop_bits": 0, + "parity": 0, + "handshake": 0 + } + ], + "detail": { + "device_class": { + "hex": "0000", + "name": "per_interface", + "value": 0 + }, + "device_subclass": { + "hex": "0000", + "name": "per_interface", + "value": 0 + }, + "device_protocol": 0, + "interface_class": { + "hex": "0003", + "name": "hid", + "value": 3 + }, + "interface_subclass": { + "hex": "0000", + "name": "per_interface", + "value": 0 + }, + "interface_protocol": 0, + "interface_number": 0, + "interface_alternate_setting": 0 + }, + "hotplug": "usb", + "driver": "usbhid", + "driver_module": "usbhid", + "drivers": [ + "usbhid" + ], + "driver_modules": [ + "usbhid" + ], + "driver_info": { + "type": "mouse", + "db_entry_0": [ + "explorerps/2", + "exps2" + ], + "xf86": "explorerps/2", + "gpm": "exps2", + "buttons": -1, + "wheels": -1 + }, + "module_alias": "usb:v0627p0001d0000dc00dsc00dp00ic03isc00ip00in00" + } + ], + "network_controller": [ + { + "index": 20, + "attached_to": 13, + "class_list": [ + "network_controller" + ], + "bus_type": { + "hex": "008f", + "name": "Virtio", + "value": 143 + }, + "slot": { + "bus": 0, + "number": 0 + }, + "base_class": { + "hex": "0002", + "name": "Network controller", + "value": 2 + }, + "sub_class": { + "hex": "0000", + "name": "Ethernet controller", + "value": 0 + }, + "vendor": "Virtio", + "device": "Ethernet Card 0", + "model": "Virtio Ethernet Card 0", + "sysfs_id": "/devices/pci0000:00/0000:00:03.0/virtio0", + "sysfs_bus_id": "virtio0", + "unix_device_name": "ens3", + "unix_device_names": [ + "ens3" + ], + "resources": [ + { + "type": "hwaddr", + "address": 102 + }, + { + "type": "phwaddr", + "address": 102 + } + ], + "driver": "virtio_net", + "driver_module": "virtio_net", + "drivers": [ + "virtio_net" + ], + "driver_modules": [ + "virtio_net" + ], + "module_alias": "virtio:d00000001v00001AF4" + } + ], + "network_interface": [ + { + "index": 26, + "attached_to": 20, + "class_list": [ + "network_interface" + ], + "base_class": { + "hex": "0107", + "name": "Network Interface", + "value": 263 + }, + "sub_class": { + "hex": "0001", + "name": "Ethernet", + "value": 1 + }, + "model": "Ethernet network interface", + "sysfs_id": "/class/net/ens3", + "sysfs_device_link": "/devices/pci0000:00/0000:00:03.0/virtio0", + "unix_device_name": "ens3", + "unix_device_names": [ + "ens3" + ], + "resources": [ + { + "type": "hwaddr", + "address": 102 + }, + { + "type": "phwaddr", + "address": 102 + } + ], + "driver": "virtio_net", + "driver_module": "virtio_net", + "drivers": [ + "virtio_net" + ], + "driver_modules": [ + "virtio_net" + ] + }, + { + "index": 27, + "attached_to": 0, + "class_list": [ + "network_interface" + ], + "base_class": { + "hex": "0107", + "name": "Network Interface", + "value": 263 + }, + "sub_class": { + "hex": "0000", + "name": "Loopback", + "value": 0 + }, + "model": "Loopback network interface", + "sysfs_id": "/class/net/lo", + "unix_device_name": "lo", + "unix_device_names": [ + "lo" + ] + } + ], + "pci": [ + { + "index": 13, + "attached_to": 0, + "class_list": [ + "pci", + "unknown" + ], + "bus_type": { + "hex": "0004", + "name": "PCI", + "value": 4 + }, + "slot": { + "bus": 0, + "number": 3 + }, + "base_class": { + "hex": "0002", + "name": "Network controller", + "value": 2 + }, + "sub_class": { + "hex": "0000", + "name": "Ethernet controller", + "value": 0 + }, + "vendor": { + "hex": "1af4", + "value": 6900 + }, + "sub_vendor": { + "hex": "1af4", + "value": 6900 + }, + "device": { + "hex": "1000", + "value": 4096 + }, + "sub_device": { + "hex": "0001", + "value": 1 + }, + "model": "Ethernet controller", + "sysfs_id": "/devices/pci0000:00/0000:00:03.0", + "sysfs_bus_id": "0000:00:03.0", + "resources": [ + { + "type": "io", + "base": 49152, + "range": 64, + "enabled": true, + "access": "read_write" + }, + { + "type": "irq", + "base": 10, + "triggered": 0, + "enabled": true + }, + { + "type": "mem", + "base": 4261412864, + "range": 16384, + "enabled": true, + "access": "read_only", + "prefetch": "no" + }, + { + "type": "mem", + "base": 4272947200, + "range": 524288, + "enabled": false, + "access": "read_only", + "prefetch": "no" + }, + { + "type": "mem", + "base": 4273541120, + "range": 4096, + "enabled": true, + "access": "read_write", + "prefetch": "no" + } + ], + "detail": { + "function": 0, + "command": 1287, + "header_type": 0, + "secondary_bus": 0, + "irq": 10, + "prog_if": 0 + }, + "driver": "virtio-pci", + "driver_module": "virtio_pci", + "drivers": [ + "virtio-pci" + ], + "driver_modules": [ + "virtio_pci" + ], + "module_alias": "pci:v00001AF4d00001000sv00001AF4sd00000001bc02sc00i00" + }, + { + "index": 15, + "attached_to": 0, + "class_list": [ + "pci", + "unknown" + ], + "bus_type": { + "hex": "0004", + "name": "PCI", + "value": 4 + }, + "slot": { + "bus": 0, + "number": 6 + }, + "base_class": { + "hex": "0000", + "name": "Unclassified device", + "value": 0 + }, + "sub_class": { + "hex": "00ff", + "value": 255 + }, + "vendor": { + "hex": "1af4", + "value": 6900 + }, + "sub_vendor": { + "hex": "1af4", + "value": 6900 + }, + "device": { + "hex": "1002", + "value": 4098 + }, + "sub_device": { + "hex": "0005", + "value": 5 + }, + "model": "Unclassified device", + "sysfs_id": "/devices/pci0000:00/0000:00:06.0", + "sysfs_bus_id": "0000:00:06.0", + "resources": [ + { + "type": "io", + "base": 49344, + "range": 64, + "enabled": true, + "access": "read_write" + }, + { + "type": "irq", + "base": 11, + "triggered": 0, + "enabled": true + }, + { + "type": "mem", + "base": 4261462016, + "range": 16384, + "enabled": true, + "access": "read_only", + "prefetch": "no" + } + ], + "detail": { + "function": 0, + "command": 263, + "header_type": 0, + "secondary_bus": 0, + "irq": 11, + "prog_if": 0 + }, + "driver": "virtio-pci", + "driver_module": "virtio_pci", + "drivers": [ + "virtio-pci" + ], + "driver_modules": [ + "virtio_pci" + ], + "module_alias": "pci:v00001AF4d00001002sv00001AF4sd00000005bc00scFFi00" + }, + { + "index": 17, + "attached_to": 0, + "class_list": [ + "pci", + "unknown" + ], + "bus_type": { + "hex": "0004", + "name": "PCI", + "value": 4 + }, + "slot": { + "bus": 0, + "number": 5 + }, + "base_class": { + "hex": "0007", + "name": "Communication controller", + "value": 7 + }, + "sub_class": { + "hex": "0080", + "name": "Communication controller", + "value": 128 + }, + "vendor": { + "hex": "1af4", + "value": 6900 + }, + "sub_vendor": { + "hex": "1af4", + "value": 6900 + }, + "device": { + "hex": "1003", + "value": 4099 + }, + "sub_device": { + "hex": "0003", + "value": 3 + }, + "model": "Communication controller", + "sysfs_id": "/devices/pci0000:00/0000:00:05.0", + "sysfs_bus_id": "0000:00:05.0", + "resources": [ + { + "type": "io", + "base": 49280, + "range": 64, + "enabled": true, + "access": "read_write" + }, + { + "type": "irq", + "base": 10, + "triggered": 0, + "enabled": true + }, + { + "type": "mem", + "base": 4261445632, + "range": 16384, + "enabled": true, + "access": "read_only", + "prefetch": "no" + }, + { + "type": "mem", + "base": 4273549312, + "range": 4096, + "enabled": true, + "access": "read_write", + "prefetch": "no" + } + ], + "detail": { + "function": 0, + "command": 1287, + "header_type": 0, + "secondary_bus": 0, + "irq": 10, + "prog_if": 0 + }, + "driver": "virtio-pci", + "driver_module": "virtio_pci", + "drivers": [ + "virtio-pci" + ], + "driver_modules": [ + "virtio_pci" + ], + "module_alias": "pci:v00001AF4d00001003sv00001AF4sd00000003bc07sc80i00" + } + ], + "storage_controller": [ + { + "index": 10, + "attached_to": 0, + "class_list": [ + "storage_controller", + "pci" + ], + "bus_type": { + "hex": "0004", + "name": "PCI", + "value": 4 + }, + "slot": { + "bus": 0, + "number": 4 + }, + "base_class": { + "hex": "0001", + "name": "Mass storage controller", + "value": 1 + }, + "sub_class": { + "hex": "0000", + "name": "SCSI storage controller", + "value": 0 + }, + "vendor": { + "hex": "1af4", + "value": 6900 + }, + "sub_vendor": { + "hex": "1af4", + "value": 6900 + }, + "device": { + "hex": "1004", + "value": 4100 + }, + "sub_device": { + "hex": "0008", + "value": 8 + }, + "model": "SCSI storage controller", + "sysfs_id": "/devices/pci0000:00/0000:00:04.0", + "sysfs_bus_id": "0000:00:04.0", + "resources": [ + { + "type": "io", + "base": 49216, + "range": 64, + "enabled": true, + "access": "read_write" + }, + { + "type": "irq", + "base": 11, + "triggered": 0, + "enabled": true + }, + { + "type": "mem", + "base": 4261429248, + "range": 16384, + "enabled": true, + "access": "read_only", + "prefetch": "no" + }, + { + "type": "mem", + "base": 4273545216, + "range": 4096, + "enabled": true, + "access": "read_write", + "prefetch": "no" + } + ], + "detail": { + "function": 0, + "command": 1287, + "header_type": 0, + "secondary_bus": 0, + "irq": 11, + "prog_if": 0 + }, + "driver": "virtio-pci", + "driver_module": "virtio_pci", + "drivers": [ + "virtio-pci" + ], + "driver_modules": [ + "virtio_pci" + ], + "module_alias": "pci:v00001AF4d00001004sv00001AF4sd00000008bc01sc00i00" + }, + { + "index": 14, + "attached_to": 0, + "class_list": [ + "storage_controller", + "pci" + ], + "bus_type": { + "hex": "0004", + "name": "PCI", + "value": 4 + }, + "slot": { + "bus": 0, + "number": 1 + }, + "base_class": { + "hex": "0001", + "name": "Mass storage controller", + "value": 1 + }, + "sub_class": { + "hex": "0001", + "name": "IDE interface", + "value": 1 + }, + "pci_interface": { + "hex": "0080", + "value": 128 + }, + "vendor": { + "hex": "8086", + "name": "Intel Corporation", + "value": 32902 + }, + "sub_vendor": { + "hex": "1af4", + "value": 6900 + }, + "device": { + "hex": "7010", + "value": 28688 + }, + "sub_device": { + "hex": "1100", + "value": 4352 + }, + "model": "Intel IDE interface", + "sysfs_id": "/devices/pci0000:00/0000:00:01.1", + "sysfs_bus_id": "0000:00:01.1", + "resources": [ + { + "type": "io", + "base": 1014, + "range": 1, + "enabled": true, + "access": "read_write" + }, + { + "type": "io", + "base": 368, + "range": 8, + "enabled": true, + "access": "read_write" + }, + { + "type": "io", + "base": 49440, + "range": 16, + "enabled": true, + "access": "read_write" + }, + { + "type": "io", + "base": 496, + "range": 8, + "enabled": true, + "access": "read_write" + }, + { + "type": "io", + "base": 886, + "range": 1, + "enabled": true, + "access": "read_write" + } + ], + "detail": { + "function": 1, + "command": 263, + "header_type": 0, + "secondary_bus": 0, + "irq": 0, + "prog_if": 128 + }, + "driver": "ata_piix", + "driver_module": "ata_piix", + "drivers": [ + "ata_piix" + ], + "driver_modules": [ + "ata_piix" + ], + "module_alias": "pci:v00008086d00007010sv00001AF4sd00001100bc01sc01i80" + } + ], + "system": { + "form_factor": "desktop" + }, + "unknown": [ + { + "index": 18, + "attached_to": 10, + "class_list": [ + "unknown" + ], + "base_class": { + "hex": "0000", + "name": "Unclassified device", + "value": 0 + }, + "sub_class": { + "hex": "0000", + "name": "Unclassified device", + "value": 0 + }, + "vendor": "Virtio", + "device": "", + "model": "Virtio Unclassified device", + "sysfs_id": "/devices/pci0000:00/0000:00:04.0/virtio1", + "sysfs_bus_id": "virtio1", + "driver": "virtio_scsi", + "driver_module": "virtio_scsi", + "drivers": [ + "virtio_scsi" + ], + "driver_modules": [ + "virtio_scsi" + ], + "module_alias": "virtio:d00000008v00001AF4" + }, + { + "index": 19, + "attached_to": 17, + "class_list": [ + "unknown" + ], + "base_class": { + "hex": "0000", + "name": "Unclassified device", + "value": 0 + }, + "sub_class": { + "hex": "0000", + "name": "Unclassified device", + "value": 0 + }, + "vendor": "Virtio", + "device": "", + "model": "Virtio Unclassified device", + "sysfs_id": "/devices/pci0000:00/0000:00:05.0/virtio2", + "sysfs_bus_id": "virtio2", + "driver": "virtio_console", + "driver_module": "virtio_console", + "drivers": [ + "virtio_console" + ], + "driver_modules": [ + "virtio_console" + ], + "module_alias": "virtio:d00000003v00001AF4" + }, + { + "index": 21, + "attached_to": 15, + "class_list": [ + "unknown" + ], + "base_class": { + "hex": "0000", + "name": "Unclassified device", + "value": 0 + }, + "sub_class": { + "hex": "0000", + "name": "Unclassified device", + "value": 0 + }, + "vendor": "Virtio", + "device": "", + "model": "Virtio Unclassified device", + "sysfs_id": "/devices/pci0000:00/0000:00:06.0/virtio3", + "sysfs_bus_id": "virtio3", + "driver": "virtio_balloon", + "driver_module": "virtio_balloon", + "drivers": [ + "virtio_balloon" + ], + "driver_modules": [ + "virtio_balloon" + ], + "module_alias": "virtio:d00000005v00001AF4" + }, + { + "index": 22, + "attached_to": 0, + "class_list": [ + "unknown" + ], + "base_class": { + "hex": "0007", + "name": "Communication controller", + "value": 7 + }, + "sub_class": { + "hex": "0000", + "name": "Serial controller", + "value": 0 + }, + "pci_interface": { + "hex": "0002", + "name": "16550", + "value": 2 + }, + "device": { + "hex": "0000", + "name": "16550A", + "value": 0 + }, + "model": "16550A", + "unix_device_name": "/dev/ttyS0", + "unix_device_names": [ + "/dev/ttyS0" + ], + "resources": [ + { + "type": "io", + "base": 1016, + "range": 0, + "enabled": true, + "access": "read_write" + }, + { + "type": "irq", + "base": 4, + "triggered": 0, + "enabled": true + } + ] + } + ], + "usb_controller": [ + { + "index": 8, + "attached_to": 0, + "class_list": [ + "usb_controller", + "pci" + ], + "bus_type": { + "hex": "0004", + "name": "PCI", + "value": 4 + }, + "slot": { + "bus": 0, + "number": 1 + }, + "base_class": { + "hex": "000c", + "name": "Serial bus controller", + "value": 12 + }, + "sub_class": { + "hex": "0003", + "name": "USB Controller", + "value": 3 + }, + "pci_interface": { + "hex": "0000", + "name": "UHCI", + "value": 0 + }, + "vendor": { + "hex": "8086", + "name": "Intel Corporation", + "value": 32902 + }, + "sub_vendor": { + "hex": "1af4", + "value": 6900 + }, + "device": { + "hex": "7020", + "value": 28704 + }, + "sub_device": { + "hex": "1100", + "value": 4352 + }, + "revision": { + "hex": "0001", + "value": 1 + }, + "model": "Intel USB Controller", + "sysfs_id": "/devices/pci0000:00/0000:00:01.2", + "sysfs_bus_id": "0000:00:01.2", + "resources": [ + { + "type": "io", + "base": 49408, + "range": 32, + "enabled": true, + "access": "read_write" + }, + { + "type": "irq", + "base": 11, + "triggered": 0, + "enabled": true + } + ], + "detail": { + "function": 2, + "command": 263, + "header_type": 0, + "secondary_bus": 0, + "irq": 11, + "prog_if": 0 + }, + "driver": "uhci_hcd", + "driver_module": "uhci_hcd", + "drivers": [ + "uhci_hcd" + ], + "driver_modules": [ + "uhci_hcd" + ], + "driver_info": { + "type": "module", + "db_entry_0": [ + "uhci-hcd" + ], + "active": true, + "modprobe": true, + "names": [ + "uhci-hcd" + ], + "module_args": [ + "" + ], + "conf": "" + }, + "module_alias": "pci:v00008086d00007020sv00001AF4sd00001100bc0Csc03i00" + } + ] + }, + "smbios": { + "bios": { + "handle": 0, + "vendor": "SeaBIOS", + "version": "1.16.3-debian-1.16.3-2~bpo12+1", + "date": "04/01/2014", + "features": null, + "start_address": "0xe8000", + "rom_size": 65536 + }, + "chassis": [ + { + "handle": 768, + "manufacturer": "QEMU", + "version": "pc-i440fx-9.2", + "chassis_type": { + "hex": "0001", + "name": "Other", + "value": 1 + }, + "lock_present": false, + "bootup_state": { + "hex": "0003", + "name": "Safe", + "value": 3 + }, + "power_state": { + "hex": "0003", + "name": "Safe", + "value": 3 + }, + "thermal_state": { + "hex": "0003", + "name": "Safe", + "value": 3 + }, + "security_state": { + "hex": "0002", + "name": "Unknown", + "value": 2 + }, + "oem": "0x0" + } + ], + "memory_array": [ + { + "handle": 4096, + "location": { + "hex": "0001", + "name": "Other", + "value": 1 + }, + "usage": { + "hex": "0003", + "name": "System memory", + "value": 3 + }, + "ecc": { + "hex": "0006", + "name": "Multi-bit", + "value": 6 + }, + "max_size": "0x7d0000", + "error_handle": 65534, + "slots": 1 + } + ], + "memory_array_mapped_address": [ + { + "handle": 4864, + "array_handle": 4096, + "start_address": "0x0", + "end_address": "0xc0000000", + "part_width": 1 + }, + { + "handle": 4865, + "array_handle": 4096, + "start_address": "0x100000000", + "end_address": "0x234000000", + "part_width": 1 + } + ], + "memory_device": [ + { + "handle": 4352, + "location": "DIMM 0", + "bank_location": "", + "manufacturer": "QEMU", + "part_number": "", + "array_handle": 4096, + "error_handle": 65534, + "width": 0, + "ecc_bits": 0, + "size": 8192000, + "form_factor": { + "hex": "0009", + "name": "DIMM", + "value": 9 + }, + "set": 0, + "memory_type": { + "hex": "0007", + "name": "RAM", + "value": 7 + }, + "memory_type_details": [ + "Other" + ], + "speed": 0 + } + ], + "processor": [ + { + "handle": 1024, + "socket": "CPU 0", + "socket_type": { + "hex": "0001", + "name": "Other", + "value": 1 + }, + "socket_populated": true, + "manufacturer": "QEMU", + "version": "pc-i440fx-9.2", + "part": "", + "processor_type": { + "hex": "0003", + "name": "CPU", + "value": 3 + }, + "processor_family": { + "hex": "00fe", + "name": "Other", + "value": 254 + }, + "processor_status": { + "hex": "0001", + "name": "Enabled", + "value": 1 + }, + "clock_ext": 0, + "clock_max": 2000, + "cache_handle_l1": 0, + "cache_handle_l2": 0, + "cache_handle_l3": 0 + }, + { + "handle": 1025, + "socket": "CPU 1", + "socket_type": { + "hex": "0001", + "name": "Other", + "value": 1 + }, + "socket_populated": true, + "manufacturer": "QEMU", + "version": "pc-i440fx-9.2", + "part": "", + "processor_type": { + "hex": "0003", + "name": "CPU", + "value": 3 + }, + "processor_family": { + "hex": "00fe", + "name": "Other", + "value": 254 + }, + "processor_status": { + "hex": "0001", + "name": "Enabled", + "value": 1 + }, + "clock_ext": 0, + "clock_max": 2000, + "cache_handle_l1": 0, + "cache_handle_l2": 0, + "cache_handle_l3": 0 + }, + { + "handle": 1026, + "socket": "CPU 2", + "socket_type": { + "hex": "0001", + "name": "Other", + "value": 1 + }, + "socket_populated": true, + "manufacturer": "QEMU", + "version": "pc-i440fx-9.2", + "part": "", + "processor_type": { + "hex": "0003", + "name": "CPU", + "value": 3 + }, + "processor_family": { + "hex": "00fe", + "name": "Other", + "value": 254 + }, + "processor_status": { + "hex": "0001", + "name": "Enabled", + "value": 1 + }, + "clock_ext": 0, + "clock_max": 2000, + "cache_handle_l1": 0, + "cache_handle_l2": 0, + "cache_handle_l3": 0 + }, + { + "handle": 1027, + "socket": "CPU 3", + "socket_type": { + "hex": "0001", + "name": "Other", + "value": 1 + }, + "socket_populated": true, + "manufacturer": "QEMU", + "version": "pc-i440fx-9.2", + "part": "", + "processor_type": { + "hex": "0003", + "name": "CPU", + "value": 3 + }, + "processor_family": { + "hex": "00fe", + "name": "Other", + "value": 254 + }, + "processor_status": { + "hex": "0001", + "name": "Enabled", + "value": 1 + }, + "clock_ext": 0, + "clock_max": 2000, + "cache_handle_l1": 0, + "cache_handle_l2": 0, + "cache_handle_l3": 0 + } + ], + "system": { + "handle": 256, + "manufacturer": "OpenStack Foundation", + "product": "OpenStack Nova", + "version": "19.3.2", + "wake_up": { + "hex": "0006", + "name": "Power Switch", + "value": 6 + } + } + } +} diff --git a/modules/unbound-auth.nix b/modules/unbound-auth.nix index 2c5eab9..af121fd 100644 --- a/modules/unbound-auth.nix +++ b/modules/unbound-auth.nix @@ -16,12 +16,16 @@ ) @ 1D IN NS ns1.home.rpqt.fr. + @ 1D IN NS ns2.home.rpqt.fr. + @ 1D IN NS ns3.home.rpqt.fr. ns1 10800 IN CNAME crocus.home.rpqt.fr. ns2 10800 IN CNAME genepi.home.rpqt.fr. + ns3 10800 IN CNAME verbena.home.rpqt.fr. crocus 10800 IN AAAA fd80:150d:17cc:2ae:6999:9380:150d:17cc genepi 10800 IN AAAA fd80:150d:17cc:2ae:6999:9358:3e0e:d738 + verbena 10800 IN AAAA fd80:150d:17cc:2ae:6999:9306:9a0e:c197 ''; } ]; From 8ed426cca9adaee29f55d4738551e9d7609682f3 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 15 Sep 2025 21:37:21 +0200 Subject: [PATCH 151/376] fix nextcloud --- machines/crocus/nextcloud.nix | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/machines/crocus/nextcloud.nix b/machines/crocus/nextcloud.nix index 4a2e5d0..522745b 100644 --- a/machines/crocus/nextcloud.nix +++ b/machines/crocus/nextcloud.nix @@ -22,7 +22,7 @@ in adminpassFile = config.clan.core.vars.generators.nextcloud.files.admin-password.path; objectstore.s3 = { enable = true; - bucket = "garage"; + bucket = "nextcloud"; key = config.clan.core.vars.generators.nextcloud-s3-storage.files.access-key-id.value; secretFile = config.clan.core.vars.generators.nextcloud-s3-storage.files.access-key-secret.path; hostname = "127.0.0.1"; @@ -53,10 +53,6 @@ in services.nginx.virtualHosts.${config.services.nextcloud.hostName} = { forceSSL = true; useACMEHost = domain; - locations."/" = { - proxyPass = "http://127.0.0.1:8080"; - proxyWebsockets = true; - }; }; clan.core.vars.generators.nextcloud = { @@ -79,7 +75,6 @@ in type = "hidden"; persist = true; }; - files.access-key-id.owner = "nextcloud"; files.access-key-id.secret = false; files.access-key-secret.owner = "nextcloud"; }; From f0c12de11c1241f6aa6f3faa0424215b706d9208 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 15 Sep 2025 21:37:21 +0200 Subject: [PATCH 152/376] don't import tailscale on genepi (broken build) --- machines/genepi/configuration.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index 8ceb500..ef41021 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -23,7 +23,8 @@ ../../modules/lounge.nix ../../modules/unbound.nix ../../modules/unbound-auth.nix - ../../system + ../../system/core + ../../system/nix self.inputs.home-manager.nixosModules.home-manager { From e83ae422cefaa740e92a7d766aaef0abbad42486 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 15 Sep 2025 21:37:21 +0200 Subject: [PATCH 153/376] fix garage own node address detection --- modules/garage.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/garage.nix b/modules/garage.nix index 965ffaa..313b1a0 100644 --- a/modules/garage.nix +++ b/modules/garage.nix @@ -19,7 +19,8 @@ in replication_factor = 2; - rpc_bind_addr = "[${zerotier_ip}]:3901"; + rpc_bind_addr = "[::]:3901"; + rpc_public_addr = "[${zerotier_ip}]:3901"; s3_api = { api_bind_addr = "127.0.0.1:3900"; From e1bd742247344c3808310d9bef899307b18d2574 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 16 Sep 2025 20:03:35 +0200 Subject: [PATCH 154/376] Update vars via generator gandi for machine verbena --- .../verbena/gandi/gandi-env/machines/verbena | 1 + .../verbena/gandi/gandi-env/secret | 19 +++++++++++++++++++ .../verbena/gandi/gandi-env/users/rpqt | 1 + 3 files changed, 21 insertions(+) create mode 120000 vars/per-machine/verbena/gandi/gandi-env/machines/verbena create mode 100644 vars/per-machine/verbena/gandi/gandi-env/secret create mode 120000 vars/per-machine/verbena/gandi/gandi-env/users/rpqt diff --git a/vars/per-machine/verbena/gandi/gandi-env/machines/verbena b/vars/per-machine/verbena/gandi/gandi-env/machines/verbena new file mode 120000 index 0000000..e061a4c --- /dev/null +++ b/vars/per-machine/verbena/gandi/gandi-env/machines/verbena @@ -0,0 +1 @@ +../../../../../../sops/machines/verbena \ No newline at end of file diff --git a/vars/per-machine/verbena/gandi/gandi-env/secret b/vars/per-machine/verbena/gandi/gandi-env/secret new file mode 100644 index 0000000..8ec425a --- /dev/null +++ b/vars/per-machine/verbena/gandi/gandi-env/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:nx4V6alIzmJXx1es+P+7Hvza8SRz1P3TMegIiwmeQiBqwXn1L1sTZIGJlSz5/Kndiq/pI5/I40RvysLki3a96ml6cKA7Ew==,iv:u9rlxalwGUBOIz6SB9S6Xzww5y1QMq5Ns5uLiE6CWBg=,tag:WbaJqN5w9i7dyunTQVk7EQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdnBaOEZlSXdvVklwdUZK\nTnE3VXRwbmp0UUk0cEZ3QS9JREFTMW4rM2lVCjBrYlZiYnlEZ2JWaTA5UDZRRWF3\nM3pHOHhXb3U2UGo3SUN1OXJJTTk3VVUKLS0tIDhLSjRrMGlnT2l4TVFQTzlwTWc5\nYTMzOWNJQVdlUWNLbmVxRGIxYVJmc2MKUKyg0WoUCGy6JMiTJZlibg+GdIgUCUig\n9tfqtawpM3qeokcwOa/wyfBeAkNVsnIKFgsBZl+SL3YF9+Sv/hulzg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2aVJDbm14NFJRYThoNHhY\ndDJDNDh5RXRjNW12T1o0L042MEZXM3RvQlZNCkl2YjlHVXljT29TOWFVWnV4MUdC\nY3R2QXlLVmRic3U3WWpNYjFua3g0MW8KLS0tIGR3RDNOUTFsWkFvb1ZLUW40MTVV\nZk1HUTZQSUxFSU8vMEdKZWhPZjBrRGMKB7EA+kymd0v/J/KdK+rUpxXqq1ivf3yh\nGqNev78M5ZdQPCPP5NL4MEvaoGRWDcLHxywUfAJgwUbn69wJGbzH8w==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-16T18:03:35Z", + "mac": "ENC[AES256_GCM,data:qwf2f/vEnuUh48PRZXN53vL1B6rFA+VcQPrQxByAuFIx77wX5JMonX2mx3mruic2S6UWf55FjT8YU1C03rb3By/Tpc2FoK172HoRbi1HfZgwVqkBE5zI69eVJZdEuRXM6JFeHeR/hKjnJFcS/OzqpvxiZeonZyidSNMCChyYP18=,iv:k+EzDZ3IWYxYlBv07k1Cl5bu0kI0fvyCe/aDNEBbhRg=,tag:xf4lyZ1xmmjOy71vnmixKw==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/verbena/gandi/gandi-env/users/rpqt b/vars/per-machine/verbena/gandi/gandi-env/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/verbena/gandi/gandi-env/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From 233c898530b6d8754d847971ddb3903064fb08d9 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 16 Sep 2025 20:38:42 +0200 Subject: [PATCH 155/376] add dns config for verbena --- infra/.terraform.lock.hcl | 58 ++++++++++++++++---------------- infra/dns.tf | 30 +++++++++++++++++ infra/main.tf | 3 ++ infra/templates/turifer.dev.zone | 5 +++ 4 files changed, 67 insertions(+), 29 deletions(-) diff --git a/infra/.terraform.lock.hcl b/infra/.terraform.lock.hcl index 43613ee..770c91a 100644 --- a/infra/.terraform.lock.hcl +++ b/infra/.terraform.lock.hcl @@ -21,42 +21,42 @@ provider "registry.opentofu.org/go-gandi/gandi" { ] } -provider "registry.opentofu.org/hashicorp/local" { - version = "2.5.3" +provider "registry.opentofu.org/hashicorp/assert" { + version = "0.16.0" hashes = [ - "h1:mC9+u1eaUILTjxey6Ivyf/3djm//RNNze9kBVX/trng=", - "zh:32e1d4b0595cea6cda4ca256195c162772ddff25594ab4008731a2ec7be230bf", - "zh:48c390af0c87df994ec9796f04ec2582bcac581fb81ed6bb58e0671da1c17991", - "zh:4be7289c969218a57b40902e2f359914f8d35a7f97b439140cb711aa21e494bd", - "zh:4cf958e631e99ed6c8b522c9b22e1f1b568c0bdadb01dd002ca7dffb1c927764", - "zh:7a0132c0faca4c4c96aa70808effd6817e28712bf5a39881666ac377b4250acf", - "zh:7d60de08fac427fb045e4590d1b921b6778498eee9eb16f78c64d4c577bde096", - "zh:91003bee5981e99ec3925ce2f452a5f743827f9d0e131a86613549c1464796f0", - "zh:9fe2fe75977c8149e2515fb30c6cc6cfd57b225d4ce592c570d81a3831d7ffa3", - "zh:e210e6be54933ce93e03d0994e520ba289aa01b2c1f70e77afb8f2ee796b0fe3", - "zh:e8793e5f9422f2b31a804e51806595f335b827c9a38db18766960464566f21d5", + "h1:2jeV46S9jN2rk0GXOa+HGNlVvyWzaB3wz0T65elbjOc=", + "zh:3c04d08d1bb4ae810b7972a219c8dd42a8ab901a9bc25197b250c38f3fa57033", + "zh:46119bcc47b545809c0ee873a72d44f4f875cca4d7228605f5c7a8956a5e7d55", + "zh:511949ee8a6ac8ff7296b4c9778deb2aec2783f5b85c4f27382a3b623fc50a4a", + "zh:b4ebb8b832bae26443880d2e17493f754495db2d6c3f02c6d0070cbf5ae21598", + "zh:bebed6c1873871eb824103f08e72055c077f01b10a40944760d19ffdd721d9ab", + "zh:e412855fd2fd81e0a847e45308bdbac99995315c503fdddf262ee59e1b7c5263", + "zh:ed47c4fe28c6f148f11fa4098516abea008c49fa670c3cedd2ff94596cac0831", + "zh:edee914b1d12ac6db241a1fecaa5186c47f361f4ceb2deb23ad45d67bf95c7b1", + "zh:eff5b2e1c2128217bdbc600eda4fe011831e5c655bf4acd84b6495fc20d128d3", + "zh:ff64424784171a3361b1ea95d8cef334ec1c4a395812edd0a77a1ed6b4119b0f", ] } provider "registry.opentofu.org/hetznercloud/hcloud" { - version = "1.51.0" + version = "1.52.0" constraints = "~> 1.45" hashes = [ - "h1:yER+O3OKYfxBAO7KVYZzH+4EYrmorCO0J0hlnRUfH00=", - "zh:0e8e78084c12866e8e3873011bcac125780b62afeaa518d4749b9a063ae6e32b", - "zh:145738cee21bcdeea1cf82f0d44f7f239c27c2214249e5e5079668c479522a8a", - "zh:164406be8ee83952f58a449d514837cc6d9763b6d29e72262d5582d5d5b89315", - "zh:1a0e6ffab3196b35ca65eb445622615bb8dddd68d0bf350ed60d25e1e74f67dc", - "zh:3b7729d1bb5cc7a5af60b42a607f7b3fec690192b1efb55e2341cee88405ecb0", - "zh:3bcfc5c40d1b7702f39dac5d2dd9eef58c9c934effb4676e26fbe85fe2057e8f", - "zh:3ce193892dca025b804de6d99316c50a33462eb36336006a9db7ea44be439eba", - "zh:4f92437e1eba8eafe4417f8b61d557ed47f121622305ee2b3c13c31e45c69ca4", - "zh:554c308bf64b603a075a8f13a151a136b68ba382c2d83977a0df26de7dea2d3d", - "zh:8c57aa6032fed5da43a0102a4f26262c0496803b99f2f92e5ceb02c80161e291", - "zh:99cd4d246d0ad3a3529176df22a47f254700f8c4fc33f62c14464259284945b7", - "zh:af38a4d1e93f2392a296970ba4ecea341204e888d579cd74642e9f23a94b3b06", - "zh:f0766d42dd97b3eac6fa614fa5809ff2511c9104f3834d0d4b6e84674f13f092", - "zh:f20f7379876ede225f3b6f0719826706a171ea4c1dd438a8a3103dee8fe43ccc", + "h1:LTjrLuC+4F1Kv4TxS9e7LVVkG8/S4QQ7X4ORblvKTbc=", + "zh:1e9bb6b6a2ea5f441638dbae2d60fbe04ff455f58a18c740b8b7913e2197d875", + "zh:29c122e404ba331cfbadacc7f1294de5a31c9dfd60bdfe3e1b402271fc8e419c", + "zh:2bd0ae2f0bb9f16b7753f59a08e57ac7230f9c471278d7882f81406b9426c8c7", + "zh:4383206971873f6b5d81580a9a36e0158924f5816ebb6206b0cf2430e4e6a609", + "zh:47e2ca1cfa18500e4952ab51dc357a0450d00a92da9ea03e452f1f3efe6bbf75", + "zh:8e9fe90e3cea29bb7892b64da737642fc22b0106402df76c228a3cbe99663278", + "zh:a2d69350a69c471ddb63bcc74e105e585319a0fc0f4d1b7f70569f6d2ece5824", + "zh:a97abcc254e21c294e2d6b0fc9068acfd63614b097dda365f1c56ea8b0fd5f6b", + "zh:aba8d72d4fe2e89c922d5446d329e5c23d00b28227b4666e6486ba18ea2ec278", + "zh:ad36c333978c2d9e4bc43dcadcbff42fe771a8c5ef53d028bcacec8287bf78a7", + "zh:cdb1e6903b9d2f0ad8845d4eb390fbe724ee2435fb045baeab38d4319e637682", + "zh:df77b08757f3f36b8aadb33d73362320174047044414325c56a87983f48b5186", + "zh:e07513d5ad387247092b5ae1c87e21a387fc51873b3f38eee616187e38b090a7", + "zh:e2be02bdc59343ff4b9e26c3b93db7680aaf3e6ed13c8c4c4b144c74c2689915", ] } diff --git a/infra/dns.tf b/infra/dns.tf index d028a5e..543a35f 100644 --- a/infra/dns.tf +++ b/infra/dns.tf @@ -22,6 +22,30 @@ resource "gandi_livedns_record" "rpqt_fr_radicle_aaaa" { ] } +resource "gandi_livedns_record" "rpqt_fr_cloud_a" { + zone = data.gandi_livedns_domain.rpqt_fr.id + name = "cloud" + type = "A" + ttl = 10800 + values = [ + hcloud_server.crocus_server.ipv4_address, + ] +} + +resource "gandi_livedns_record" "rpqt_fr_cloud_aaaa" { + zone = data.gandi_livedns_domain.rpqt_fr.id + name = "cloud" + type = "AAAA" + ttl = 10800 + values = [ + hcloud_server.crocus_server.ipv6_address, + ] +} + +data "ovh_vps" "verbena_vps" { + service_name = "vps-7e78bac2.vps.ovh.net" +} + data "ovh_domain_zone" "turifer_dev" { name = "turifer.dev" } @@ -32,9 +56,15 @@ resource "ovh_domain_zone_import" "turifer_dev_import" { } locals { + verbena_ipv4_addresses = [for ip in data.ovh_vps.verbena_vps.ips : ip if provider::assert::ipv4(ip)] + verbena_ipv6_addresses = [for ip in data.ovh_vps.verbena_vps.ips : ip if provider::assert::ipv6(ip)] + turifer_dev_zone_file = templatefile("./templates/turifer.dev.zone", { crocus_ipv4_address = hcloud_server.crocus_server.ipv4_address crocus_ipv6_address = hcloud_server.crocus_server.ipv6_address + + verbena_ipv4_addresses = local.verbena_ipv4_addresses + verbena_ipv6_addresses = local.verbena_ipv6_addresses }) } diff --git a/infra/main.tf b/infra/main.tf index d8a499c..30d54e4 100644 --- a/infra/main.tf +++ b/infra/main.tf @@ -12,5 +12,8 @@ terraform { source = "ovh/ovh" version = "2.5.0" } + assert = { + source = "hashicorp/assert" + } } } diff --git a/infra/templates/turifer.dev.zone b/infra/templates/turifer.dev.zone index a94a640..4a087d6 100644 --- a/infra/templates/turifer.dev.zone +++ b/infra/templates/turifer.dev.zone @@ -19,3 +19,8 @@ _pop3s._tcp.turifer.dev. 3000 IN SRV 0 1 995 pop.migadu.com. git.turifer.dev. 10800 IN A ${crocus_ipv4_address} git.turifer.dev. 10800 IN AAAA ${crocus_ipv6_address} + +%{ for addr in verbena_ipv4_addresses ~} +%{ endfor ~} +%{ for addr in verbena_ipv6_addresses ~} +%{ endfor ~} From 262ad997d8928607f5d1cc2a0f81b01e4339d0d6 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 16 Sep 2025 20:38:42 +0200 Subject: [PATCH 156/376] fix for acme-home module --- modules/acme-home.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/acme-home.nix b/modules/acme-home.nix index b348b47..e0e15bd 100644 --- a/modules/acme-home.nix +++ b/modules/acme-home.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, lib, ... }: { imports = [ ./gandi.nix @@ -6,7 +6,7 @@ security.acme = { acceptTerms = true; - defaults.email = "admin@rpqt.fr"; + defaults.email = lib.mkDefault "admin@rpqt.fr"; }; security.acme = { From bc5c2bd428194942bd23b415deabfea429a9cc14 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 16 Sep 2025 20:38:42 +0200 Subject: [PATCH 157/376] update niri config for double monitors --- home/.config/niri/config.kdl | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/home/.config/niri/config.kdl b/home/.config/niri/config.kdl index cfde58e..cb53585 100644 --- a/home/.config/niri/config.kdl +++ b/home/.config/niri/config.kdl @@ -22,11 +22,13 @@ input { output "eDP-1" { mode "1920x1080@60.049" scale 1 - position x=0 y=1080 + position x=360 y=1440 } output "HDMI-A-1" { - position x=1920 y=0 + mode "3840x2160@60.000" + scale 1.5 + position x=0 y=0 } layout { @@ -67,7 +69,23 @@ layout { } border { - off + width 2 + + // Color of the ring on the active monitor. + // active-color "#3d5f77" + active-color "#101010" + + // Color of the ring on inactive monitors. + inactive-color "#101010" + } + + shadow { + // on + softness 10 + spread 5 + offset x=0 y=0 + draw-behind-window true + color "#00000070" } } @@ -96,7 +114,7 @@ window-rule { // Enable rounded corners for all windows. window-rule { - geometry-corner-radius 4 + geometry-corner-radius 10 clip-to-geometry true } @@ -306,7 +324,7 @@ screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" spawn-at-startup "wl-gammarelay-rs" spawn-at-startup "swaybg" "-m" "fill" "-i" "/home/rpqt/.local/state/wallpaper" -spawn-at-startup "ignis" "init" "--config" "/home/rpqt/rep/heath/config.py" +spawn-at-startup "ignis" "init" spawn-at-startup "kdeconnect-indicator" spawn-at-startup "xwayland-satellite" From cc04ad425de18cd3f6c822aa85b261fadd9c0e9a Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 16 Sep 2025 20:38:42 +0200 Subject: [PATCH 158/376] add shelly home assistant integration --- machines/genepi/homeassistant.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/machines/genepi/homeassistant.nix b/machines/genepi/homeassistant.nix index 313a63e..3f73dd5 100644 --- a/machines/genepi/homeassistant.nix +++ b/machines/genepi/homeassistant.nix @@ -15,6 +15,7 @@ in "shopping_list" # For fast zlib compression "isal" + "shelly" ]; config = { default_config = { }; From aad49126e56aa9bb1a05f3e2908f625e24582d1a Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 16 Sep 2025 20:38:42 +0200 Subject: [PATCH 159/376] move nextcloud to cloud.rpqt.fr --- machines/crocus/nextcloud.nix | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/machines/crocus/nextcloud.nix b/machines/crocus/nextcloud.nix index 522745b..dd0111e 100644 --- a/machines/crocus/nextcloud.nix +++ b/machines/crocus/nextcloud.nix @@ -1,7 +1,6 @@ { config, ... }: let - domain = "home.rpqt.fr"; - fqdn = "cloud.${domain}"; + fqdn = "cloud.rpqt.fr"; in { imports = [ @@ -52,7 +51,14 @@ in services.nginx.virtualHosts.${config.services.nextcloud.hostName} = { forceSSL = true; - useACMEHost = domain; + enableACME = true; + }; + + # Redirect internal domain to the public one + services.nginx.virtualHosts."cloud.home.rpqt.fr" = { + forceSSL = true; + useACMEHost = "home.rpqt.fr"; + locations."/".return = "301 http://${fqdn}$request_uri"; }; clan.core.vars.generators.nextcloud = { From d09d53690f75e99957386434fe365ac7a25137a6 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 16 Sep 2025 20:38:42 +0200 Subject: [PATCH 160/376] add clan gui --- machines/haze/configuration.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index 1aecf89..0d4c679 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -47,6 +47,10 @@ self.nixosConfigurations.crocus.config.clan.core.vars.generators.zerotier.files.zerotier-ip.value ]; + environment.systemPackages = [ + self.inputs.clan-core.packages.x86_64-linux.clan-app + ]; + programs.kdeconnect.enable = true; # Remote builds From e772e68c1643b87e72fca09e871ce4ef87b12ee3 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 16 Sep 2025 20:38:42 +0200 Subject: [PATCH 161/376] add krakow weather to glance --- machines/genepi/glance-config.nix | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/machines/genepi/glance-config.nix b/machines/genepi/glance-config.nix index 20fc1fe..f333fd7 100644 --- a/machines/genepi/glance-config.nix +++ b/machines/genepi/glance-config.nix @@ -125,20 +125,20 @@ } { size = "small"; - widgets = [ - { + widgets = + let + locations = [ + "Krakow, Poland" + "Grenoble, France" + "Saint-Michel-de-Maurienne, France" + ]; + in + builtins.map (location: { type = "weather"; - location = "Grenoble, France"; + inherit location; units = "metric"; hour-format = "24h"; - } - { - type = "weather"; - location = "Saint-Michel-de-Maurienne, France"; - units = "metric"; - hour-format = "24h"; - } - ]; + }) locations; } ]; } From d91aabd3c043265813f0b33cce731b392319b50b Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 16 Sep 2025 20:38:42 +0200 Subject: [PATCH 162/376] unset ghostty font JetBrains Mono is the default font and now ghostty works even without a patched font (it includes the additionnal symbols) --- home/.config/ghostty/config | 1 - 1 file changed, 1 deletion(-) diff --git a/home/.config/ghostty/config b/home/.config/ghostty/config index 94bf9fc..4e26c72 100644 --- a/home/.config/ghostty/config +++ b/home/.config/ghostty/config @@ -1,2 +1 @@ -font-family = JetBrains Mono NF theme = Kanagawa Wave From 7b0b3ac084ed0fb1adb120505f2ca7cab62a4fba Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 16 Sep 2025 20:38:42 +0200 Subject: [PATCH 163/376] add vicinae launcher --- flake.lock | 71 +++++++++++++++++++++++++++++++- flake.nix | 11 ++--- home-manager/desktop/vicinae.nix | 11 +++++ home/.config/niri/config.kdl | 2 +- machines/haze/home.nix | 1 + 5 files changed, 87 insertions(+), 9 deletions(-) create mode 100644 home-manager/desktop/vicinae.nix diff --git a/flake.lock b/flake.lock index 866677d..99c23bb 100644 --- a/flake.lock +++ b/flake.lock @@ -119,6 +119,24 @@ "type": "github" } }, + "flake-utils": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -348,6 +366,22 @@ "type": "github" } }, + "nixpkgs_3": { + "locked": { + "lastModified": 1758277210, + "narHash": "sha256-iCGWf/LTy+aY0zFu8q12lK8KuZp7yvdhStehhyX1v8w=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "8eaee110344796db060382e15d3af0a9fc396e0e", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "clan-core": "clan-core", @@ -360,7 +394,8 @@ "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", - "srvos": "srvos" + "srvos": "srvos", + "vicinae": "vicinae" } }, "sops-nix": { @@ -434,6 +469,21 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -454,6 +504,25 @@ "repo": "treefmt-nix", "type": "github" } + }, + "vicinae": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1758455522, + "narHash": "sha256-PyrIsyrzbJ00VDdJDpvooWODaPYwDIq9FAY5JedfMmk=", + "owner": "vicinaehq", + "repo": "vicinae", + "rev": "8feb424701967065545f3936748807edf406fdd5", + "type": "github" + }, + "original": { + "owner": "vicinaehq", + "repo": "vicinae", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 4ec8141..7a63b86 100644 --- a/flake.nix +++ b/flake.nix @@ -84,15 +84,12 @@ srvos.url = "github:nix-community/srvos"; srvos.inputs.nixpkgs.follows = "nixpkgs"; + + vicinae.url = "github:vicinaehq/vicinae"; }; nixConfig = { - extra-substituters = [ - "https://cache.nixos.org" - "https://nix-community.cachix.org" - ]; - extra-trusted-public-keys = [ - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; + extra-substituters = [ "https://vicinae.cachix.org" ]; + extra-trusted-public-keys = [ "vicinae.cachix.org-1:1kDrfienkGHPYbkpNj1mWTr7Fm1+zcenzgTizIcI3oc=" ]; }; } diff --git a/home-manager/desktop/vicinae.nix b/home-manager/desktop/vicinae.nix new file mode 100644 index 0000000..1ba4f4a --- /dev/null +++ b/home-manager/desktop/vicinae.nix @@ -0,0 +1,11 @@ +{ inputs, ... }: +{ + imports = [ + inputs.vicinae.homeManagerModules.default + ]; + + services.vicinae = { + enable = true; + autoStart = true; + }; +} diff --git a/home/.config/niri/config.kdl b/home/.config/niri/config.kdl index cb53585..10058db 100644 --- a/home/.config/niri/config.kdl +++ b/home/.config/niri/config.kdl @@ -134,7 +134,7 @@ binds { // Suggested binds for running programs: terminal, app launcher, screen locker. Mod+Return { spawn "sh" "-c" "alacritty msg create-window || alacritty"; } - Mod+D { spawn "tofi-drun" "--drun-launch=true"; } + Mod+D { spawn "vicinae"; } Super+Alt+L { spawn "swaylock"; } XF86AudioRaiseVolume allow-when-locked=true { spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.05+"; } diff --git a/machines/haze/home.nix b/machines/haze/home.nix index 1d2698d..ac870ad 100644 --- a/machines/haze/home.nix +++ b/machines/haze/home.nix @@ -13,5 +13,6 @@ ../../home-manager/desktop/gnome.nix ../../home-manager/desktop/niri.nix ../../home-manager/desktop/sway.nix + ../../home-manager/desktop/vicinae.nix ]; } From ac511f752ade65c8f0a6395a23dc73573b354ee2 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 16 Sep 2025 20:38:42 +0200 Subject: [PATCH 164/376] add dns entry for haze --- modules/unbound-auth.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/unbound-auth.nix b/modules/unbound-auth.nix index af121fd..5c0fbec 100644 --- a/modules/unbound-auth.nix +++ b/modules/unbound-auth.nix @@ -26,6 +26,7 @@ crocus 10800 IN AAAA fd80:150d:17cc:2ae:6999:9380:150d:17cc genepi 10800 IN AAAA fd80:150d:17cc:2ae:6999:9358:3e0e:d738 verbena 10800 IN AAAA fd80:150d:17cc:2ae:6999:9306:9a0e:c197 + haze 10800 IN AAAA fd80:150d:17cc:2ae:6999:935a:e8:b04d ''; } ]; From 3cf7b2bfaf2a55917897a93ec54fe919cc0ad41c Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 25 Sep 2025 01:04:29 +0200 Subject: [PATCH 165/376] Update vars via generator borgbackup for machine verbena --- .../borgbackup.repokey/machines/verbena | 1 + .../borgbackup/borgbackup.repokey/secret | 19 +++++++++++++++++++ .../borgbackup/borgbackup.repokey/users/rpqt | 1 + .../borgbackup/borgbackup.ssh.pub/value | 1 + .../borgbackup.ssh/machines/verbena | 1 + .../verbena/borgbackup/borgbackup.ssh/secret | 19 +++++++++++++++++++ .../borgbackup/borgbackup.ssh/users/rpqt | 1 + 7 files changed, 43 insertions(+) create mode 120000 vars/per-machine/verbena/borgbackup/borgbackup.repokey/machines/verbena create mode 100644 vars/per-machine/verbena/borgbackup/borgbackup.repokey/secret create mode 120000 vars/per-machine/verbena/borgbackup/borgbackup.repokey/users/rpqt create mode 100644 vars/per-machine/verbena/borgbackup/borgbackup.ssh.pub/value create mode 120000 vars/per-machine/verbena/borgbackup/borgbackup.ssh/machines/verbena create mode 100644 vars/per-machine/verbena/borgbackup/borgbackup.ssh/secret create mode 120000 vars/per-machine/verbena/borgbackup/borgbackup.ssh/users/rpqt diff --git a/vars/per-machine/verbena/borgbackup/borgbackup.repokey/machines/verbena b/vars/per-machine/verbena/borgbackup/borgbackup.repokey/machines/verbena new file mode 120000 index 0000000..e061a4c --- /dev/null +++ b/vars/per-machine/verbena/borgbackup/borgbackup.repokey/machines/verbena @@ -0,0 +1 @@ +../../../../../../sops/machines/verbena \ No newline at end of file diff --git a/vars/per-machine/verbena/borgbackup/borgbackup.repokey/secret b/vars/per-machine/verbena/borgbackup/borgbackup.repokey/secret new file mode 100644 index 0000000..9ee1ed6 --- /dev/null +++ b/vars/per-machine/verbena/borgbackup/borgbackup.repokey/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:OA19EoSW2Qlea6yBU721FABKZ4Ay3gzR1Q1XbI0K35K8GCo=,iv:Iwm6YD4bEiPK4MDORZz36O8DzSJD2Z0vsqhB+TOePZc=,tag:9fEB0Vai6oQrETo8GlO+Kw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvcEFlcmI3YjVRSjlvQUF5\nME94cE8xVEtTam9EWW5JaVFoRGpaOXE4dFRnCkdUZkQrbDJoMG9oQ0xrMll1M1FJ\nd1RaV2VMN3Y2QjJIWk5LaFpHbUNzN00KLS0tIFFsS0w4RlJJSUZzc1kyM3ZzSHRS\ncDdIQmdlYlBtVmJJZ0FEbmpxVjYwWjAKLG/fq4WzQonY9kGdwxtKSYfbHr0gnIXl\n8D2CUp8hMTh1wLFAUqngBJL5MxN/dgg582EZ27SO7+AjDnLbNi7PYg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmb2p3Skhud2VubXhBMzNi\ndFgzMDB4Y0hqcm9jQWtkZWJUY0VJTU81a2hjClF1WEg1WThUeTFJeVBwWDlCbXNJ\neWZmeE9Bc1NmdytueUV4VVNUME15SGcKLS0tIHNzb1cwZE5TOWlMVG85Z2p1Nmk0\nRSsvbm5SZzRPWVl0VFBZOTFRT0lRY28K/WEaiGNAv0d1euhK0rDQujAIk3XCd2HK\nTo7PjfkTJpFOIKFfyGtLSsCfj6KAL99qhY3oR8sKo/qwq16McOVLJw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-24T23:04:28Z", + "mac": "ENC[AES256_GCM,data:Ly28RVEWr6EQv8W+YzrnUki26SEhDe/MIqJ2t7pCSmqvwScMZJ4hWIs6Kq/zMlRabFK0bAM2wWDCZdxOV2yt8mBm/+2BCTGpGL4m216EadBO4Oox00VZsqlkCegrHQufTuNkfTxvym4uMcSTHdUG3QtN5iFzm1R7UV7rMtlLAq0=,iv:wCj7nQmSvx7Bhph6cNempqChvCjfjexg/m+Zr2+1XTQ=,tag:ZTm7knn5pOdXOC0mQOnXtQ==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/verbena/borgbackup/borgbackup.repokey/users/rpqt b/vars/per-machine/verbena/borgbackup/borgbackup.repokey/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/verbena/borgbackup/borgbackup.repokey/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file diff --git a/vars/per-machine/verbena/borgbackup/borgbackup.ssh.pub/value b/vars/per-machine/verbena/borgbackup/borgbackup.ssh.pub/value new file mode 100644 index 0000000..5907ffd --- /dev/null +++ b/vars/per-machine/verbena/borgbackup/borgbackup.ssh.pub/value @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGziB5tTi71e1pQddR3R+GgON3PK+IwJXeuvi7xtAAtp diff --git a/vars/per-machine/verbena/borgbackup/borgbackup.ssh/machines/verbena b/vars/per-machine/verbena/borgbackup/borgbackup.ssh/machines/verbena new file mode 120000 index 0000000..e061a4c --- /dev/null +++ b/vars/per-machine/verbena/borgbackup/borgbackup.ssh/machines/verbena @@ -0,0 +1 @@ +../../../../../../sops/machines/verbena \ No newline at end of file diff --git a/vars/per-machine/verbena/borgbackup/borgbackup.ssh/secret b/vars/per-machine/verbena/borgbackup/borgbackup.ssh/secret new file mode 100644 index 0000000..0266c5e --- /dev/null +++ b/vars/per-machine/verbena/borgbackup/borgbackup.ssh/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:vUrRWsUzWhWf+vdoU2PL8TIIdAf2aa3Zlp8jLoZcriw6yWE5cmVW7vHYBiDIYfiusple97nptPm+h5mS70jGpRkRpHq3d/Gq6LLEhYnoekihSjxCYEnpZo9ItdUYCN/RzvQ2vPtOQn0sbiore/uc/0GmrVA5nX6AL3u7F4AY/yUWDKV3HshHBjzQB7uSAm169s/UfroevrMD6q5ghYjtOT7cNEhykhD6kiNFOY/YsCISuYSGR+YBmwH6UfdoPX331IrizraNDhVXdnb3bWWK4sYt5NzUq4yKwzX3EcsY+Te8irGsB1FLoENkRN9ITlaf64O2ZXan76AF0z8GNYsv0k2t+W3sGGR/crV0L2e0Oi3hcLq8+st07/0DmrtzRstsMZDFkYyj+qb496kMSWvyciSeOC7stVGM+5vpZQQYJic7ofeT5rL47rv6heQqTssRO8VAaVhte3Wlf41WOXXCx65Ypl87KXfLh7JdAb1jveZhG4rNOgihrWWFT5A8sJCPgnU1,iv:hD7qjliIBiHZ79YGchL+njgKdaY+O4ek7MJ5eRF5Ivg=,tag:QOxjOqdiN5BFe4Nr4W0MyQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGMXE0elc2K3A0RGIzSFQ1\nWnlKTEdYRUIvNU5VYzBuVUp4L205ektxd21ZCjhCWmltOXA0VVNvU2NLWW9MWWZ5\nYzhPMTJOcDBKeE5iR242TS9WV1RWNUUKLS0tIHpQRWxSOUU3TWVFMTV4UWxwQVBr\nRG9aNEpQNzlTajJIQVVyRG9SU0JCUE0KT5oYrIop9WerSB2ReOmFUVJD88o91d/B\nvPFQFDKxSlerqCx3eS2b1CXTbp9NkHhWn+pMLei9lAkmnw8M2Vyw9g==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1RGNWUVJRTEtUZGhjYW00\nTkFsaHZ5VWJNdjI1VWpuTXR6YzEyc1hpNFVNCmtpQW1JcmhzTFBMOUkvbzJqSXdw\nSmxILzc4Z0VOL3NWY2FzYlptZ1pNVncKLS0tIHlmS2NheWRXdWVMUmZFditnTXo0\nQTU0QTdIVWdXS1h1RnltTFpOVGN3L3MK2bgG9aMA5CeHCbdzKwT2KRMcILhVxdS8\ncTOn5LaDHYIlNz1sGHJmZ0A4KihY1dRq+uK+FGezKzBREquaruy+cQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-24T23:04:29Z", + "mac": "ENC[AES256_GCM,data:9O9q6P/dorPcVCKJz5Yc3OYLaalbD5fXEwyrMfFtvF/AruIE6FEUghpyynTGCNJxY6JC1JI0Q0iQG+uo6ceq05Fa+Yv0yUAOsN/YUP4Yuwi3gSm39VIBglcoDkUi87zU6vFsJDylWb3asTUX5MshZWoXFtH4lzuwTCd3fGBd9ps=,iv:U9Plt0cgLMyi54xI8Nq0G7/1ASR/BE6qnZBsyTdbEDA=,tag:EVKjccREZDvhetsLYnRrdA==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/verbena/borgbackup/borgbackup.ssh/users/rpqt b/vars/per-machine/verbena/borgbackup/borgbackup.ssh/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/verbena/borgbackup/borgbackup.ssh/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From 2e68ab90da674adb4ba649a79140e5357b7d554f Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sun, 28 Sep 2025 21:56:54 +0200 Subject: [PATCH 166/376] shorten admin module machine list --- machines/flake-module.nix | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/machines/flake-module.nix b/machines/flake-module.nix index b629ff8..1103e83 100644 --- a/machines/flake-module.nix +++ b/machines/flake-module.nix @@ -34,12 +34,8 @@ "rpqt-admin" = { module.input = "clan-core"; module.name = "admin"; - roles.default.machines = { - "crocus" = { }; - "genepi" = { }; - "haze" = { }; - "verbena" = { }; - }; + roles.default.tags.server = { }; + roles.default.machines.haze = { }; roles.default.settings.allowedKeys = { rpqt_haze = (import ../parts).keys.rpqt.haze; }; From 1f7ac9b044143ed4a9a29241cd7dd149d41185f6 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sun, 28 Sep 2025 21:56:54 +0200 Subject: [PATCH 167/376] setup backups of verbena --- machines/flake-module.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/machines/flake-module.nix b/machines/flake-module.nix index 1103e83..f7fa3ba 100644 --- a/machines/flake-module.nix +++ b/machines/flake-module.nix @@ -99,7 +99,7 @@ module.input = "clan-core"; module.name = "borgbackup"; - roles.client.machines = lib.genAttrs [ "crocus" "genepi" ] ( + roles.client.machines = lib.genAttrs [ "crocus" "genepi" "verbena" ] ( machine: let config = self.nixosConfigurations.${machine}.config; @@ -109,7 +109,9 @@ { settings.destinations."storagebox-${config.networking.hostName}" = { repo = "${user}@${host}:./borgbackup/${config.networking.hostName}"; - rsh = "ssh -oPort=23 -i ${config.clan.core.vars.generators.borgbackup.files."borgbackup.ssh".path}"; + rsh = "ssh -oPort=23 -i ${ + config.clan.core.vars.generators.borgbackup.files."borgbackup.ssh".path + } -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"; }; } ); From d9e15e92d6b70b740c33065f08bd51b7dce76fd7 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sun, 28 Sep 2025 21:56:54 +0200 Subject: [PATCH 168/376] add nextcloud tasks --- machines/crocus/nextcloud.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/machines/crocus/nextcloud.nix b/machines/crocus/nextcloud.nix index dd0111e..a07c945 100644 --- a/machines/crocus/nextcloud.nix +++ b/machines/crocus/nextcloud.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, pkgs, ... }: let fqdn = "cloud.rpqt.fr"; in @@ -31,6 +31,10 @@ in usePathStyle = true; }; }; + extraAppsEnable = true; + extraApps = { + inherit (pkgs.nextcloud31Packages.apps) tasks; + }; }; services.postgresql = { From 750af04af262e6f69817f2bc1023bbc0dbac7b04 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 30 Sep 2025 20:24:07 +0200 Subject: [PATCH 169/376] Update vars via generator buildbot for machine verbena --- .../buildbot/api-token/machines/verbena | 1 + .../verbena/buildbot/api-token/secret | 19 +++++++++++++++++++ .../verbena/buildbot/api-token/users/rpqt | 1 + .../verbena/buildbot/oauth-id/value | 1 + .../buildbot/oauth-secret/machines/verbena | 1 + .../verbena/buildbot/oauth-secret/secret | 19 +++++++++++++++++++ .../verbena/buildbot/oauth-secret/users/rpqt | 1 + .../buildbot/webhook-secret/machines/verbena | 1 + .../verbena/buildbot/webhook-secret/secret | 19 +++++++++++++++++++ .../buildbot/webhook-secret/users/rpqt | 1 + .../buildbot/worker-password/machines/verbena | 1 + .../verbena/buildbot/worker-password/secret | 19 +++++++++++++++++++ .../buildbot/worker-password/users/rpqt | 1 + 13 files changed, 85 insertions(+) create mode 120000 vars/per-machine/verbena/buildbot/api-token/machines/verbena create mode 100644 vars/per-machine/verbena/buildbot/api-token/secret create mode 120000 vars/per-machine/verbena/buildbot/api-token/users/rpqt create mode 100644 vars/per-machine/verbena/buildbot/oauth-id/value create mode 120000 vars/per-machine/verbena/buildbot/oauth-secret/machines/verbena create mode 100644 vars/per-machine/verbena/buildbot/oauth-secret/secret create mode 120000 vars/per-machine/verbena/buildbot/oauth-secret/users/rpqt create mode 120000 vars/per-machine/verbena/buildbot/webhook-secret/machines/verbena create mode 100644 vars/per-machine/verbena/buildbot/webhook-secret/secret create mode 120000 vars/per-machine/verbena/buildbot/webhook-secret/users/rpqt create mode 120000 vars/per-machine/verbena/buildbot/worker-password/machines/verbena create mode 100644 vars/per-machine/verbena/buildbot/worker-password/secret create mode 120000 vars/per-machine/verbena/buildbot/worker-password/users/rpqt diff --git a/vars/per-machine/verbena/buildbot/api-token/machines/verbena b/vars/per-machine/verbena/buildbot/api-token/machines/verbena new file mode 120000 index 0000000..e061a4c --- /dev/null +++ b/vars/per-machine/verbena/buildbot/api-token/machines/verbena @@ -0,0 +1 @@ +../../../../../../sops/machines/verbena \ No newline at end of file diff --git a/vars/per-machine/verbena/buildbot/api-token/secret b/vars/per-machine/verbena/buildbot/api-token/secret new file mode 100644 index 0000000..b13afab --- /dev/null +++ b/vars/per-machine/verbena/buildbot/api-token/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:ieqRFglOHi9R4+o/pVhxP9WJ/eHgxB3BP8BMVUKSPkqrLZmjhL2wZg==,iv:VhMxk+6SDGy06ay3ZVtuqB8xbydB90QMiyJ06eaHs7U=,tag:hkFyWg7nK41qvrxvasrK4w==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPblVqYmg1N1hBUVBRaCsx\nU1NScVdBdGFTYjl4aWZZME9rZkVOZTU1MEFzClVsTXMxV0FDcUo1dEwxTStFTE1s\nWVBkUzcyN2MwN2dJcHA5RXBSRUJtMncKLS0tIFpUejUxdkMzTFZJcVBoOEptL0U4\nVXZqWEtYbzlJb0NjcUlkbGNGT1hSbjAKH4pFn+D08fM+wjqMMPf5DdQv5kHM/puQ\nFTyRfQdUMtBLw2TaaF8ASP/McBpO36UbvAoXHJ1Oah0xPG4s82Bv7A==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBVjc2VDQ0U1lCaWNGWlVH\nS1V1SEhiSzV3ZGVLaGUzNzMyZWRWTkpjV1ZBClYzQWl0WndpVWYwS2ZzeStXVlBq\nMllHUXZtQnBvQWkvYTFMczVSaUdicTQKLS0tIFBKNjZqdW43RCtoTDQvcWhqODZv\nanpQQ1ZYQkE3MUNudjRrRjc2K0l4b2sKetdtcQj7LLgLDbf2Ja+/w7pWCu8kMhK+\nbaDKW0ornLk7t2JU3POwaSjS+K54Ki8MIjWNqN4KrB75TF4zJMdjHA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-30T18:24:06Z", + "mac": "ENC[AES256_GCM,data:CvYQFkSwPfQC8oKXzTy/kAm+ww4NKaw4K8EZ8wotJf2Hd78rB/tZAdKV0QzBc9i6VYR2eQvuKrj+Cui2eX2qEtscuwgrG+AH1NN9ww8HlXPeoqoDekjxiUY2UO0xVwpLmVQsWR1bPyfIbcXpyzXUAvklBfajK61UbZbWi6FRUks=,iv:kF0SPX9Z53ksGjsiIH3wgDbTlwxrCGE6FVWe9ICKMQU=,tag:3aBBQ3Ux0RlXfkAvH8JKQw==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/verbena/buildbot/api-token/users/rpqt b/vars/per-machine/verbena/buildbot/api-token/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/verbena/buildbot/api-token/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file diff --git a/vars/per-machine/verbena/buildbot/oauth-id/value b/vars/per-machine/verbena/buildbot/oauth-id/value new file mode 100644 index 0000000..cc499f4 --- /dev/null +++ b/vars/per-machine/verbena/buildbot/oauth-id/value @@ -0,0 +1 @@ +23299be5-92d4-4635-b023-099d39b2d056 \ No newline at end of file diff --git a/vars/per-machine/verbena/buildbot/oauth-secret/machines/verbena b/vars/per-machine/verbena/buildbot/oauth-secret/machines/verbena new file mode 120000 index 0000000..e061a4c --- /dev/null +++ b/vars/per-machine/verbena/buildbot/oauth-secret/machines/verbena @@ -0,0 +1 @@ +../../../../../../sops/machines/verbena \ No newline at end of file diff --git a/vars/per-machine/verbena/buildbot/oauth-secret/secret b/vars/per-machine/verbena/buildbot/oauth-secret/secret new file mode 100644 index 0000000..9564f5f --- /dev/null +++ b/vars/per-machine/verbena/buildbot/oauth-secret/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:umhclAvia7ePqxzD7rau06EJs0G1uylmw5Jp4S3ywzaERoqCa22NNjXQfqdLghU9Ckw8Dxleiy8=,iv:eHy/u0nHDT4934Zwe3yHbHBpxNXO+H4xqJ9Pgo146qQ=,tag:c7O5Jqxt40/rA8YXBsDWhA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpOU9iVXBWRmQ0cUdTZ0xh\ncVNaaVhRcC9RcUhvUTY4VFFXWGdHQlhONEJzClcxaEtnZkh4TGdXWHo4Tm54b21o\nRTFDWHg0RGdvM1dlVWFuUEU4YXhRZGsKLS0tIDdvVDJqMUR6T3V3YkNKaERjQ2FB\nKzQwdFNlK3dVUldzR1luallpb3Z4elEKzPZXRbNgO7V/yQVO1eobDK+uza2UA+gN\nfjr2iQ4eg7MpFvGUWXWPtoA0137g4gsxhEiUjtPqSP+B/qOPXIhYkA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmT3ZYa0pGL2duR0xwTmpU\na0pzRUI0STA5aG1ZMWdXZDVjVnp2UFJoRnd3Ck91NlQrQ1k4d2lNWGw5K2ZxSmp1\nQnlFQ3AyTEl4cWZUSGtTVTFPVkcvcU0KLS0tIDlleHRZWUpXcnovUlgxMUNwVzlH\nSkpRY1N0MzJ4NUlObVR6Q1BXVlJBSFEK/docMsaQrjDtjE2+tZ+C2+jmLqjH4mo3\nc3xbf0ufgtNFb3lHcKS13VPjEbmsb1u1YP/yHTUO911youQLqQohFg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-30T18:24:06Z", + "mac": "ENC[AES256_GCM,data:FutR14hBi6kHKSGixhtA60XUckCa2fAaSHcwKxxucZBfGucWTtdlM5wM9nchVcQtGGsCrXdxvonwQy5+aOUPdCN0G6RKXkHhVJMLitQrfNOHVNuDPAYyj/zERgRiLJ81HSpVrDwCQeKE8P0xs8Im9qfUREvO9QjHT8nF+5Govp0=,iv:pZvNbDUhdi8UG549OT3C5ZQPLP2KoRYSjaqkvL5gb5M=,tag:tYXQs/3hL0qD5CcM0lE0JA==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/verbena/buildbot/oauth-secret/users/rpqt b/vars/per-machine/verbena/buildbot/oauth-secret/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/verbena/buildbot/oauth-secret/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file diff --git a/vars/per-machine/verbena/buildbot/webhook-secret/machines/verbena b/vars/per-machine/verbena/buildbot/webhook-secret/machines/verbena new file mode 120000 index 0000000..e061a4c --- /dev/null +++ b/vars/per-machine/verbena/buildbot/webhook-secret/machines/verbena @@ -0,0 +1 @@ +../../../../../../sops/machines/verbena \ No newline at end of file diff --git a/vars/per-machine/verbena/buildbot/webhook-secret/secret b/vars/per-machine/verbena/buildbot/webhook-secret/secret new file mode 100644 index 0000000..b0225dc --- /dev/null +++ b/vars/per-machine/verbena/buildbot/webhook-secret/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:WQzQ,iv:Plvkqh/yH9JfWx4Wuh76a7U415ZGtAeLJo1eIt27l1g=,tag:f/Ca7j1WdWxY5dkv7+dwYQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrQXp3dTlZaTNwaXVLVmdZ\nVStxNXNJMXdIbEhGbHhtZGptZHl0RXpzeHhnCmlqWHB1bThiZ1c2aFFiMzJQY21X\nRVJXclNUQmJDMVh0dFVlYUlpNlNubTQKLS0tIGIvVVkreGtNS0tIQ0tkaEdyeEMx\naDFUWmE2K1VWOWU5OEZBOHJrUXhCUVUKzspIcHIedVSn04sIS4/et1PWfx8U9DBd\nXqR+qxRMkhwL4ggLTdwbLjbV8VaDtKglmt6Fe9T0kGQV1Rd1qq4reg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhK0o0ZlpJTmJ1VlhRMDNm\nK0ZPcC9KVWZwTUxXYjI1U3h5dWtSZEdRR3g0CmVkem8rd3ZQSDNHQnNQSkxlMVlJ\nUU0yeUVNWERPalNJV1lMbTNScG4zYnMKLS0tIG11ZWpiYVFRSFVmdm9qVHpVemc1\nVEZnS0g4SHlqQ1c0NFRzT3pLdXF5S00K7XuyE7LftC5Sa6DDEndTvUb78p12oKR7\n/awo+6i8/LWYl6GHAx6xrAe2iXsk31nS4a3MwL1MwUyreT8TBO56MA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-30T18:24:06Z", + "mac": "ENC[AES256_GCM,data:FgvLYa1jskrzQR9hx4TAzGpPGJMOlrlNHt1U7EsKPhGsdRMs+/ZeHPHO1nqR8iPnv8H7oSPGFGA8u6Qw/S0UZoNNGMnaOQyWQCf648I4c2B+tbofZlsdrFju0YZ9A7YsjY4gtUA8ZulmCVFCsNZgY1HAYN00Um98nZ2pjC4IUS0=,iv:+8zt9I51X6+rYiBPzOL5nmtcKNAlENNwAtMnSK+KXuM=,tag:9fF7jtPFCPRHym6HDul/+A==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/verbena/buildbot/webhook-secret/users/rpqt b/vars/per-machine/verbena/buildbot/webhook-secret/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/verbena/buildbot/webhook-secret/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file diff --git a/vars/per-machine/verbena/buildbot/worker-password/machines/verbena b/vars/per-machine/verbena/buildbot/worker-password/machines/verbena new file mode 120000 index 0000000..e061a4c --- /dev/null +++ b/vars/per-machine/verbena/buildbot/worker-password/machines/verbena @@ -0,0 +1 @@ +../../../../../../sops/machines/verbena \ No newline at end of file diff --git a/vars/per-machine/verbena/buildbot/worker-password/secret b/vars/per-machine/verbena/buildbot/worker-password/secret new file mode 100644 index 0000000..b7b1357 --- /dev/null +++ b/vars/per-machine/verbena/buildbot/worker-password/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:nzU7Iem9NU21DOrbFiaT5LL+msF1zxdECowiqeV0A5nYok2PrjT4VVryqjoz4jjwawtXJigflMO0lUjKbQSLdfg=,iv:Al1ZQzAG6gbyvoCBakHQt3hKAV4tjNS38Ij2XSMKkQI=,tag:BS3BZWYCn0Osqvb4ZidGLA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZYnRVQzQ0K0dLVzVJSERq\neUVrWmtzQ01JVkJGTXl4aElSTW0rNnBUS25jClJJcTlvaHJDMmhTdGRZWG9HNms1\nMTVzKzhVN3R3QWZNK0tVMFR1OVQwenMKLS0tIGJaQUdIMWZVWS9vRUg3cFg2S3VK\nTUgxNEltZVpQdDFsOU9Pb1hRWXQyNVEKXYmWx0ML4dsVpCsFhF2zZ5gXFB3bGez6\nD+4d+GcySPombxXe2k5USryPuxFz8z1Dcc4je49W1k6MowT/OC1XAg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPTThCK1lCRFM4V2VQKzIv\nUTF4dlJUUncrUXZ5K0hGankvM1dnMTdoM0VVCm5kRHNSdk14akYwTmVBSDdKMG5G\nck5YN21GQm5nQmppRjFxU3Evd1I1Y2cKLS0tIGoxUXZrN3ZhaGtqek40djJjS2VF\nS0FBenF1UE9BUUZQOTJIQ3JZT0RqWFkK0KTzQsQgdqfkRXSjtTRKdDu/jThUyLXn\n/aJHHimvrKLlzPn90p/Za0k8WlKICu/Exg2B/8JOzuFx9FOtY2aibg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-30T18:24:07Z", + "mac": "ENC[AES256_GCM,data:3u3GKO4v3hckZDRU6qzGdbfboEZ2oRpvkJGukUL3PtphiHKcxSUSofHzJQUP4Du+eLJ1nyTmZst8rrfQt38u3CGnaXu/cgQMD9Xgj2UPzvamY0Yc0/gAH/NAHLOx3u2TVOeqYcm7MSIoMmd3ieN4GPUDO/tkMhjh/Rn577T7978=,iv:oWuZNe+i0nLQpr5fYgI9yvRf67GuPXVE+OmiGqXIvkk=,tag:Cbhn91/j0IihNF3SynhocQ==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/verbena/buildbot/worker-password/users/rpqt b/vars/per-machine/verbena/buildbot/worker-password/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/verbena/buildbot/worker-password/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From ec52a4b1657ac287f09ddd6596844c290457a673 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 30 Sep 2025 21:23:50 +0200 Subject: [PATCH 170/376] Update vars via generator buildbot-worker for machine verbena --- .../worker-password/machines/verbena | 1 + .../buildbot-worker/worker-password/secret | 19 +++++++++++++++++++ .../worker-password/users/rpqt | 1 + 3 files changed, 21 insertions(+) create mode 120000 vars/per-machine/verbena/buildbot-worker/worker-password/machines/verbena create mode 100644 vars/per-machine/verbena/buildbot-worker/worker-password/secret create mode 120000 vars/per-machine/verbena/buildbot-worker/worker-password/users/rpqt diff --git a/vars/per-machine/verbena/buildbot-worker/worker-password/machines/verbena b/vars/per-machine/verbena/buildbot-worker/worker-password/machines/verbena new file mode 120000 index 0000000..e061a4c --- /dev/null +++ b/vars/per-machine/verbena/buildbot-worker/worker-password/machines/verbena @@ -0,0 +1 @@ +../../../../../../sops/machines/verbena \ No newline at end of file diff --git a/vars/per-machine/verbena/buildbot-worker/worker-password/secret b/vars/per-machine/verbena/buildbot-worker/worker-password/secret new file mode 100644 index 0000000..c856aed --- /dev/null +++ b/vars/per-machine/verbena/buildbot-worker/worker-password/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:96CnBRKaFXT6y+uLnltdrQEktrpNkRzFhXTD0TszN0KDOYYsRSVStsOPicHoDj1I0lcSqJQwic2/IW885ZDZdII=,iv:qO5NhgplS79EKDFT+1cbRfL3fhm0ZVQbIU67w3lf2+Q=,tag:YDYcajCgWT40tS4uYLyoLQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuUGhubC9Sa25icHVMT2tY\nNHB3MlZhTTMvV2hWK1Vwc3psYXZSSFg5U3lNCjdlMXVjdGlUS1FqT1l4WEF1V0hm\nSHlJM04vMXB4SGs1Sm5lbE80ZU92U1EKLS0tIHhnT0h2UFFCekNtd2ZneVZMc2lF\nQzBrdXF2OEIzMHRjR2xSOFBzUnVaZnMKFFN954wBFeoa/N4tDN5++sjg0wUUKX53\nnLBlGhfDjQEtmoMnQjEdbUcSBWtocq481uJV1DgsZ6WVoR3s7YeD7Q==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3S0h4U1p0ZWR1bzIwdXY3\ndzd5VVZUYzFMY3N5SnBiUkhmeGRxbG1hakNZCnhBY3k0bjgyejluelpLbjVxYitU\nbHJIRWM0L0ZZbGhZS3J1WDFaQS8wYTgKLS0tIGdZM3dKcE05VVdPVnhORlNvaDN1\nUDdEaXJuSFJYRmZxcVplKzk2UnI4U0EKWWx+tz2DveSZn/kf35TQWc2O1YI9D0yJ\nuKgwE4ARoxtQ2dyL6nGY3rQs49SeCczvXw8CyCflud8Ph1uISEQMdg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-30T19:23:50Z", + "mac": "ENC[AES256_GCM,data:iUkKW49fo6GDb9gQhzeOgs61tWuoMR1LNQ1hQIze5lAqQOMEqZTHI7oq4SDM4wSaoFgTsEdWl+d7rAUC7Iomm4NsYYs5BCIuQq8omUVNxU9qABA+HYIuUI/RSu8W9/Fko7j85E/dOAqmuQz+RKsQjzIyKSORNenwXezkj0p+ADw=,iv:30VfZbHOU6RMN72LqEApDtXXd78pdQKGGmWDQQa7oig=,tag:rFjmDzi86DOmpv/F8CLL7A==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/verbena/buildbot-worker/worker-password/users/rpqt b/vars/per-machine/verbena/buildbot-worker/worker-password/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/verbena/buildbot-worker/worker-password/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From da09c989485662171ca3272e76989ac2792cd5c8 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 30 Sep 2025 21:48:05 +0200 Subject: [PATCH 171/376] Update vars via generator buildbot for machine verbena --- .../verbena/buildbot/api-token/secret | 10 +++++----- .../verbena/buildbot/oauth-secret/secret | 10 +++++----- .../verbena/buildbot/webhook-secret/secret | 10 +++++----- .../buildbot/workers-file/machines/verbena | 1 + .../verbena/buildbot/workers-file/secret | 19 +++++++++++++++++++ .../verbena/buildbot/workers-file/users/rpqt | 1 + 6 files changed, 36 insertions(+), 15 deletions(-) create mode 120000 vars/per-machine/verbena/buildbot/workers-file/machines/verbena create mode 100644 vars/per-machine/verbena/buildbot/workers-file/secret create mode 120000 vars/per-machine/verbena/buildbot/workers-file/users/rpqt diff --git a/vars/per-machine/verbena/buildbot/api-token/secret b/vars/per-machine/verbena/buildbot/api-token/secret index b13afab..e35610a 100644 --- a/vars/per-machine/verbena/buildbot/api-token/secret +++ b/vars/per-machine/verbena/buildbot/api-token/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:ieqRFglOHi9R4+o/pVhxP9WJ/eHgxB3BP8BMVUKSPkqrLZmjhL2wZg==,iv:VhMxk+6SDGy06ay3ZVtuqB8xbydB90QMiyJ06eaHs7U=,tag:hkFyWg7nK41qvrxvasrK4w==,type:str]", + "data": "ENC[AES256_GCM,data:IGlceGAAyveds7pvIuC1WazMkK94yN582Z0Jf8rLiyaCFtJHGD0+Hg==,iv:81/+F9CKvSE/wzdaNheOym6hN04PEutVvnqnQSR/Amc=,tag:8t5SO+Sv3n8Iq4gaq+4AzA==,type:str]", "sops": { "age": [ { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPblVqYmg1N1hBUVBRaCsx\nU1NScVdBdGFTYjl4aWZZME9rZkVOZTU1MEFzClVsTXMxV0FDcUo1dEwxTStFTE1s\nWVBkUzcyN2MwN2dJcHA5RXBSRUJtMncKLS0tIFpUejUxdkMzTFZJcVBoOEptL0U4\nVXZqWEtYbzlJb0NjcUlkbGNGT1hSbjAKH4pFn+D08fM+wjqMMPf5DdQv5kHM/puQ\nFTyRfQdUMtBLw2TaaF8ASP/McBpO36UbvAoXHJ1Oah0xPG4s82Bv7A==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUVlSNzJKY3YzZHZhaitI\neEkwR0hQTDBDTzNVVXIrMjlpZWt1Z01JUDFBCmZ5NlQ5ZUpyMFhKWHY0dEpEajZx\nOHluNGc0OG1SUXpPMnoyWFQ2YkJzMW8KLS0tIEFubk13c1RyYm5KWmxqQitNMWhF\nOEpIMUwzMmE0RHNZWjZTZEcxYU1HWHcKDOE81K69vsESELhRLtpYqxW7OCSXnTKe\nEkg2E8y7kD/T13s0IpE43nrOw+R8fNqgEdHvTy6ql1PwrS5lb/fLAg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBVjc2VDQ0U1lCaWNGWlVH\nS1V1SEhiSzV3ZGVLaGUzNzMyZWRWTkpjV1ZBClYzQWl0WndpVWYwS2ZzeStXVlBq\nMllHUXZtQnBvQWkvYTFMczVSaUdicTQKLS0tIFBKNjZqdW43RCtoTDQvcWhqODZv\nanpQQ1ZYQkE3MUNudjRrRjc2K0l4b2sKetdtcQj7LLgLDbf2Ja+/w7pWCu8kMhK+\nbaDKW0ornLk7t2JU3POwaSjS+K54Ki8MIjWNqN4KrB75TF4zJMdjHA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzaGI2V0xjcGYyZzNvNDY1\nTE5VVWw2cGRnSW4rWnAxeEI2ZW1wbVFGaUZRClZSSThqdUl3QzZnbHhKU1NHMFpL\nSDh4TGhjSzIvT1M3NExYSEVkbEc5NjgKLS0tIFlrZ2NYN0sxeEcrTVFWalVJRDhR\nOEpRcTZuWWZxeHU0UFh1T3JzakEvZTgKuqmCSke0nCuXx/QxD6tVFtoABqI4It0Y\nDeJiPjua36ZkKo86DMkebMQWXJnLxqYiLm79n/nv2wHaZvq5Hy3nLg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-09-30T18:24:06Z", - "mac": "ENC[AES256_GCM,data:CvYQFkSwPfQC8oKXzTy/kAm+ww4NKaw4K8EZ8wotJf2Hd78rB/tZAdKV0QzBc9i6VYR2eQvuKrj+Cui2eX2qEtscuwgrG+AH1NN9ww8HlXPeoqoDekjxiUY2UO0xVwpLmVQsWR1bPyfIbcXpyzXUAvklBfajK61UbZbWi6FRUks=,iv:kF0SPX9Z53ksGjsiIH3wgDbTlwxrCGE6FVWe9ICKMQU=,tag:3aBBQ3Ux0RlXfkAvH8JKQw==,type:str]", + "lastmodified": "2025-09-30T19:48:04Z", + "mac": "ENC[AES256_GCM,data:yRIIB3qMjfarCxds83m4Am9h9JpsAsy2WnwQPabTLa+lkbXx+jFMwa1TWbLpPkxjgZaMIktsef0OzNMIbgEDK11hNItsUzb6e7/29WywCuQvISy6NlWUdA71yvGxHhnpVkbpQ/Q2SGg8gdNIGVU8BsK1/2PQoDKmYOrVihs7ws0=,iv:UJowwxtUm+9nu51U061g7KbnDpxSiB9c/pOD+GgAdGI=,tag:0UbhR4cldFI7We3z4Vae3A==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } diff --git a/vars/per-machine/verbena/buildbot/oauth-secret/secret b/vars/per-machine/verbena/buildbot/oauth-secret/secret index 9564f5f..d12e694 100644 --- a/vars/per-machine/verbena/buildbot/oauth-secret/secret +++ b/vars/per-machine/verbena/buildbot/oauth-secret/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:umhclAvia7ePqxzD7rau06EJs0G1uylmw5Jp4S3ywzaERoqCa22NNjXQfqdLghU9Ckw8Dxleiy8=,iv:eHy/u0nHDT4934Zwe3yHbHBpxNXO+H4xqJ9Pgo146qQ=,tag:c7O5Jqxt40/rA8YXBsDWhA==,type:str]", + "data": "ENC[AES256_GCM,data:HkEa0t0H7DOsoKn0luPTgv/ExIp4suYngtjLBJTXEhgCQvEflUi0/iyxnOgGEchTdK9xRYyXyrQ=,iv:CgnhjxTllnrlgcH+33MvPZZY3boqkhEVZdW5LEyuXMY=,tag:RIOSvT0fMurb1a48xa7ApQ==,type:str]", "sops": { "age": [ { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpOU9iVXBWRmQ0cUdTZ0xh\ncVNaaVhRcC9RcUhvUTY4VFFXWGdHQlhONEJzClcxaEtnZkh4TGdXWHo4Tm54b21o\nRTFDWHg0RGdvM1dlVWFuUEU4YXhRZGsKLS0tIDdvVDJqMUR6T3V3YkNKaERjQ2FB\nKzQwdFNlK3dVUldzR1luallpb3Z4elEKzPZXRbNgO7V/yQVO1eobDK+uza2UA+gN\nfjr2iQ4eg7MpFvGUWXWPtoA0137g4gsxhEiUjtPqSP+B/qOPXIhYkA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBYkF0V25hVGtuT2NjTjJh\nbHhoSldnMTE4cHVQNWtrSVBJYmpkbUJwaXdjCk9Td2ZzR1RMN1l6ZitBL3Z3QUVm\nY2FnVnJnYitESDRMQ3BFNTRGNE9jTlEKLS0tIEJkSXBNRUVrc3U1Y1poT2dFRjdJ\naUVLbEs0ZjlQemQ3TmcwZmkyUTVRSVUKJ9QfIdh7US28wDJtNhbugs4Un4hnNobG\nbjzI/HNbCRtwRUXamKZI9JvXVH7/cSpsNvN7AkgEy/6033xuxgjHww==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmT3ZYa0pGL2duR0xwTmpU\na0pzRUI0STA5aG1ZMWdXZDVjVnp2UFJoRnd3Ck91NlQrQ1k4d2lNWGw5K2ZxSmp1\nQnlFQ3AyTEl4cWZUSGtTVTFPVkcvcU0KLS0tIDlleHRZWUpXcnovUlgxMUNwVzlH\nSkpRY1N0MzJ4NUlObVR6Q1BXVlJBSFEK/docMsaQrjDtjE2+tZ+C2+jmLqjH4mo3\nc3xbf0ufgtNFb3lHcKS13VPjEbmsb1u1YP/yHTUO911youQLqQohFg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhWU5oRW5aOFJSVmtGcGxM\nd2VNSmpISHZ1UDdmNThVQWIwWTBIL1ovM2tRCk9mL0oyZzJwZGE4WDRNV0xpMWl3\nMWt6NFRFSGRQRDNlaDhsdDBJWkZQaGMKLS0tIGJMdVZ0WlNiVllFWm42OGdGOUcz\nUGhXcjRHckVKMDdCRzg3cTc2ZUFYaWsKX2idkx3spVL/Sz09ky5+LZWu4ywxz4cb\nbqQBra26KEv9yBDRwXFwq5oks/HDLRK0zaKRrwNjuoAAQkvzAypniA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-09-30T18:24:06Z", - "mac": "ENC[AES256_GCM,data:FutR14hBi6kHKSGixhtA60XUckCa2fAaSHcwKxxucZBfGucWTtdlM5wM9nchVcQtGGsCrXdxvonwQy5+aOUPdCN0G6RKXkHhVJMLitQrfNOHVNuDPAYyj/zERgRiLJ81HSpVrDwCQeKE8P0xs8Im9qfUREvO9QjHT8nF+5Govp0=,iv:pZvNbDUhdi8UG549OT3C5ZQPLP2KoRYSjaqkvL5gb5M=,tag:tYXQs/3hL0qD5CcM0lE0JA==,type:str]", + "lastmodified": "2025-09-30T19:48:05Z", + "mac": "ENC[AES256_GCM,data:h7z2W2u2bDmy2zMvsg9vhtVvrej+YghbSSg8KNnl/Mke/gDvKn20lmU0imlZBfxc2b9ElwCEfGMy0ndKjw9K9s5MD0ypzCfs1X3ztDNr95oGOLcdM1IHbVR2v8SP4y8K4RUdsMC5FUPHruEzqCYMnV7lwdgvo/ljn78DsJDAbRg=,iv:2kZRL13Q+5vrn1cAn41QUZGd0fBo23RQSYH3OM/VzBE=,tag:h3wBHIESbsZ6FvrMBQPMhw==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } diff --git a/vars/per-machine/verbena/buildbot/webhook-secret/secret b/vars/per-machine/verbena/buildbot/webhook-secret/secret index b0225dc..c82e335 100644 --- a/vars/per-machine/verbena/buildbot/webhook-secret/secret +++ b/vars/per-machine/verbena/buildbot/webhook-secret/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:WQzQ,iv:Plvkqh/yH9JfWx4Wuh76a7U415ZGtAeLJo1eIt27l1g=,tag:f/Ca7j1WdWxY5dkv7+dwYQ==,type:str]", + "data": "ENC[AES256_GCM,data:NrVd,iv:vogGVxZ1Nc57wg6hdXR9KbZPvqfALEx68qUbrE2RFYU=,tag:xiU+h0Icw4IzL3z2oqjiWg==,type:str]", "sops": { "age": [ { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrQXp3dTlZaTNwaXVLVmdZ\nVStxNXNJMXdIbEhGbHhtZGptZHl0RXpzeHhnCmlqWHB1bThiZ1c2aFFiMzJQY21X\nRVJXclNUQmJDMVh0dFVlYUlpNlNubTQKLS0tIGIvVVkreGtNS0tIQ0tkaEdyeEMx\naDFUWmE2K1VWOWU5OEZBOHJrUXhCUVUKzspIcHIedVSn04sIS4/et1PWfx8U9DBd\nXqR+qxRMkhwL4ggLTdwbLjbV8VaDtKglmt6Fe9T0kGQV1Rd1qq4reg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRV1lOa3ZTaEpxZDJ1cVZp\ndmFzYk1NREVDUGtQbXJhazJjL3gzWmpFZlc4Ckt6YlFWQVpUT1QrRVVoTXBlN3Z4\ndVVjd25tdTN1bmlYV2UzNEltYW1pdDQKLS0tIGcxS1JncXM1WE9USmljd3k0K1lG\nbTJWWlhrU1IrWFZob3grUU43bUZyN1kKkn5mzN6KqxtGCI9JlHUPmylg3A4GYDr6\nL2BJV1CTQT85bF09kCsgAu0dbDChJVYhdWiA4ZFJ/qqcPwAnI1qjfg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhK0o0ZlpJTmJ1VlhRMDNm\nK0ZPcC9KVWZwTUxXYjI1U3h5dWtSZEdRR3g0CmVkem8rd3ZQSDNHQnNQSkxlMVlJ\nUU0yeUVNWERPalNJV1lMbTNScG4zYnMKLS0tIG11ZWpiYVFRSFVmdm9qVHpVemc1\nVEZnS0g4SHlqQ1c0NFRzT3pLdXF5S00K7XuyE7LftC5Sa6DDEndTvUb78p12oKR7\n/awo+6i8/LWYl6GHAx6xrAe2iXsk31nS4a3MwL1MwUyreT8TBO56MA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5QjMxbkwvK0R1c0ZLSGFv\ndE9pbU1UcGgwWmVUU0NpQ2RiM2dReTcwOVZRCk4zVlF1VE5qS3ZxOWZBQ0MzL2NC\nMnI0TmtXblRyMHFEbVl5aTRHS0ZKMncKLS0tIHk2STFoa1pOek9hcXF0cENCOEkw\nWWxqU3JQcDlTSGJJeUVqbFlqZXlrVG8K+863BGkKA+e843msFNbEEIowhNdKFKuU\nKt8xDehW3KhfRmRlpmzfEmEfk9cQ4eXSqmkL0in/E8wYKCTgEsPysQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-09-30T18:24:06Z", - "mac": "ENC[AES256_GCM,data:FgvLYa1jskrzQR9hx4TAzGpPGJMOlrlNHt1U7EsKPhGsdRMs+/ZeHPHO1nqR8iPnv8H7oSPGFGA8u6Qw/S0UZoNNGMnaOQyWQCf648I4c2B+tbofZlsdrFju0YZ9A7YsjY4gtUA8ZulmCVFCsNZgY1HAYN00Um98nZ2pjC4IUS0=,iv:+8zt9I51X6+rYiBPzOL5nmtcKNAlENNwAtMnSK+KXuM=,tag:9fF7jtPFCPRHym6HDul/+A==,type:str]", + "lastmodified": "2025-09-30T19:48:05Z", + "mac": "ENC[AES256_GCM,data:UjuikA/WrnLTF00FOsOOjNPd5dA2EsG9hXUM+016e3cQe+9FtAhSjUSAkeW5qRO5/OHWFm/EyE0fJtfAlOFf7uBA7Dj0uqZnPIZBjV9abn0rQTBv9PjDMsaRMouDojaibOqNsb8KPtbuZehqHm0ETqoZ6TdU3X32Ep+7NJMjET4=,iv:SCc3NIbtAp8rBsWESiMqYAXKi3iQ8y3CShw1H30WgC0=,tag:6oSkVYoJRjcVfdYHd4bnZQ==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } diff --git a/vars/per-machine/verbena/buildbot/workers-file/machines/verbena b/vars/per-machine/verbena/buildbot/workers-file/machines/verbena new file mode 120000 index 0000000..e061a4c --- /dev/null +++ b/vars/per-machine/verbena/buildbot/workers-file/machines/verbena @@ -0,0 +1 @@ +../../../../../../sops/machines/verbena \ No newline at end of file diff --git a/vars/per-machine/verbena/buildbot/workers-file/secret b/vars/per-machine/verbena/buildbot/workers-file/secret new file mode 100644 index 0000000..d96390a --- /dev/null +++ b/vars/per-machine/verbena/buildbot/workers-file/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:AFlyIsfX5ROADStXz+k6vJsadQlmh2k9sjOBVwbk1zej0/N17GgOuCibxlbr1XkQfj+CO5HFm/rI2/mocDm5UZLI/vNQCQO31w/roqGCqCYYm8vkUqfHbu/FzJDO0H3BdrRp,iv:HbmncP/TGxnCeCzsUURrPMG+MSPWBRRfo78SK9reCsM=,tag:i6VGbfm2zENtUO4IdvQ3YA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNSWczaTF1bEJUaHJNdCtv\nRUt6d2cxLzc1a0xjMjQ1QWpYMUY4bXdwc2lJCmtva0pKYWF4U2d3OElxL09iQ2l6\naXZMOHlvQ3NUZUh2dS82bVF6NUhLakkKLS0tIHM2cHM2aTJXK2VnYnBOekNFWEtS\nTlZRYWFadWhXalJpWHEvamR6NXpUa3MK4N6pNJ6lcVFeF0NLA10lGaPrA7xAZeok\ntL9Kf49GJm3So/JQZK0RrdJm3jCG/rDDbFwCq+jLIvbRR/8o9cIhbw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpSVZsd0puWXNMUHd4VktE\nM0xEQkJ6WkQ4NGM5ell3b3BEUUxyY0tLQlVrCmdwUnlVTVZSdTB5Si81RVlqdXFZ\nUUw1bUV0T0Q0VHp3QzZjakUrOFpOK2MKLS0tIFp6QVdwQXZWVXlrUW41YzVSOVBW\nYjQxOFJ1NkhrQjdCa1NRRUExRnZZWEUKSUgPjFMZUjzYh7TOqW/lZR1hys4BEgK/\nFfsB0gOoEC7rfrEzO4Tw2EdOAlKHHy+KihIV5tfZoZ8zdcrsfLsPKw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-30T19:48:05Z", + "mac": "ENC[AES256_GCM,data:EuFM9l9tjDKaH0V3cFXHDR3IJ+41R9gtTrSpmdh4dqwQjvPqhKVvFztKm0+AUzRkoq8b4CXpFO2AdDY/QBPgfbIWk4ztDcbrgZ8RyR22zITnYchGi1iIOduS84hbOf6nt+XIApXJa5aWE1MBy7xaIDKxbeDxfIzolwQwvlBe2r8=,iv:swLM9NsbfKVG7rgFF0HTP0OVENH/ssqlf2+L/A3nvA8=,tag:049D8wz04WDD+2phrvfT+Q==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/verbena/buildbot/workers-file/users/rpqt b/vars/per-machine/verbena/buildbot/workers-file/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/verbena/buildbot/workers-file/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From 35a7d874f2364d31659e73725b168ad73929a96d Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 30 Sep 2025 22:09:23 +0200 Subject: [PATCH 172/376] Update vars via generator buildbot for machine verbena --- vars/per-machine/verbena/buildbot/api-token/secret | 10 +++++----- vars/per-machine/verbena/buildbot/oauth-secret/secret | 10 +++++----- .../per-machine/verbena/buildbot/webhook-secret/secret | 10 +++++----- vars/per-machine/verbena/buildbot/workers-file/secret | 10 +++++----- 4 files changed, 20 insertions(+), 20 deletions(-) diff --git a/vars/per-machine/verbena/buildbot/api-token/secret b/vars/per-machine/verbena/buildbot/api-token/secret index e35610a..1bca091 100644 --- a/vars/per-machine/verbena/buildbot/api-token/secret +++ b/vars/per-machine/verbena/buildbot/api-token/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:IGlceGAAyveds7pvIuC1WazMkK94yN582Z0Jf8rLiyaCFtJHGD0+Hg==,iv:81/+F9CKvSE/wzdaNheOym6hN04PEutVvnqnQSR/Amc=,tag:8t5SO+Sv3n8Iq4gaq+4AzA==,type:str]", + "data": "ENC[AES256_GCM,data:4q1BoV3evrDvJMixoRvNxeTWfvRwePAYNP0m1nA1Ra2Va/yVPzgdcQ==,iv:33jDglBB1ozx+y/ih3y6sgbmUyFfWpYm7koXtnf4sx0=,tag:jkPKstbD7vhzO/O1tHEeFg==,type:str]", "sops": { "age": [ { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUVlSNzJKY3YzZHZhaitI\neEkwR0hQTDBDTzNVVXIrMjlpZWt1Z01JUDFBCmZ5NlQ5ZUpyMFhKWHY0dEpEajZx\nOHluNGc0OG1SUXpPMnoyWFQ2YkJzMW8KLS0tIEFubk13c1RyYm5KWmxqQitNMWhF\nOEpIMUwzMmE0RHNZWjZTZEcxYU1HWHcKDOE81K69vsESELhRLtpYqxW7OCSXnTKe\nEkg2E8y7kD/T13s0IpE43nrOw+R8fNqgEdHvTy6ql1PwrS5lb/fLAg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKTHFNYStabmdlWjhRMlZ0\nTE41MnlBYWFXdGV2aGtVSitmSlZBWUVOcFhzCmtoN0hJdlJtNEswUEtwbFNXU3pR\nb3JVTTVCYnNuNk41b0R4QWpKRjZJVEkKLS0tIC9rTDJnWWtpQXM5MGx0aXd1MEN1\nbW1vVWVKMlVmcUFrTW5KZzU5TnUrNG8KQRzeseB5TD1TdoZG0KP6xq4NucJqUFPQ\nfs7SMNQSzB3BmixM2otjCMB9kTN86wWF/l0J1k5tzNl6cKrqFiUVJg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzaGI2V0xjcGYyZzNvNDY1\nTE5VVWw2cGRnSW4rWnAxeEI2ZW1wbVFGaUZRClZSSThqdUl3QzZnbHhKU1NHMFpL\nSDh4TGhjSzIvT1M3NExYSEVkbEc5NjgKLS0tIFlrZ2NYN0sxeEcrTVFWalVJRDhR\nOEpRcTZuWWZxeHU0UFh1T3JzakEvZTgKuqmCSke0nCuXx/QxD6tVFtoABqI4It0Y\nDeJiPjua36ZkKo86DMkebMQWXJnLxqYiLm79n/nv2wHaZvq5Hy3nLg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXRzdvdjRCMGpETW12UFRX\nUEM0Y0RtazBYZ3o4NFJ6SkZDWC9sRDNzb1hvClF6Z2tBZTBsR09ZdCtEcDJvQ3VR\nZmMxak93TjRuZVJoT2VDaEkvNUNESkkKLS0tIHdRRGFyeWZmUTl2cXllVHNCU2tZ\nWWFzVUpIN2ZyYVlMdzlwaEY5ZzI4NXcKdgwGpY345N0cDAJShu02rt7xPa1vSvoV\n1WQYt8G4W1C2h6iiW3cN+tYKUUsahTw55wcrwuZ6sCVe/yZs80SOeg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-09-30T19:48:04Z", - "mac": "ENC[AES256_GCM,data:yRIIB3qMjfarCxds83m4Am9h9JpsAsy2WnwQPabTLa+lkbXx+jFMwa1TWbLpPkxjgZaMIktsef0OzNMIbgEDK11hNItsUzb6e7/29WywCuQvISy6NlWUdA71yvGxHhnpVkbpQ/Q2SGg8gdNIGVU8BsK1/2PQoDKmYOrVihs7ws0=,iv:UJowwxtUm+9nu51U061g7KbnDpxSiB9c/pOD+GgAdGI=,tag:0UbhR4cldFI7We3z4Vae3A==,type:str]", + "lastmodified": "2025-09-30T20:09:23Z", + "mac": "ENC[AES256_GCM,data:f08OjuOS4DI2ilGQb4eNycmOIEuI/bQROxJIp6SszVnq+RTwVn8EDUBoNXRYJFygLKVbIQ74bkXVR6EogrpJBCD2atVohMnLE03ujHT8ncHuKMhOH9pwAyvMnlquqH3HeuvbPSUqdcpYen106dq+8zWhr+cBQ5XOEuFQolx+EpA=,iv:Y1/1UvnBNNzIulSEkwY9swsE6FKEt576ekmpcv9dC14=,tag:ZZTMv7OhLAKDKMnFfk7Vng==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } diff --git a/vars/per-machine/verbena/buildbot/oauth-secret/secret b/vars/per-machine/verbena/buildbot/oauth-secret/secret index d12e694..bd72326 100644 --- a/vars/per-machine/verbena/buildbot/oauth-secret/secret +++ b/vars/per-machine/verbena/buildbot/oauth-secret/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:HkEa0t0H7DOsoKn0luPTgv/ExIp4suYngtjLBJTXEhgCQvEflUi0/iyxnOgGEchTdK9xRYyXyrQ=,iv:CgnhjxTllnrlgcH+33MvPZZY3boqkhEVZdW5LEyuXMY=,tag:RIOSvT0fMurb1a48xa7ApQ==,type:str]", + "data": "ENC[AES256_GCM,data:nPeaLjZ0gIndUeRTKWw8l7rK2pLOLccR6X57e+WXhQbGCQS8HMJDYy5M/kNdfrxdst7mifN/Vbw=,iv:JZf62bUrrwRj4LIdfa/j5Qxj4AoJ7fE6Qez0bAYit44=,tag:iVL/xDZqtkxX7/d+xFFCUQ==,type:str]", "sops": { "age": [ { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBYkF0V25hVGtuT2NjTjJh\nbHhoSldnMTE4cHVQNWtrSVBJYmpkbUJwaXdjCk9Td2ZzR1RMN1l6ZitBL3Z3QUVm\nY2FnVnJnYitESDRMQ3BFNTRGNE9jTlEKLS0tIEJkSXBNRUVrc3U1Y1poT2dFRjdJ\naUVLbEs0ZjlQemQ3TmcwZmkyUTVRSVUKJ9QfIdh7US28wDJtNhbugs4Un4hnNobG\nbjzI/HNbCRtwRUXamKZI9JvXVH7/cSpsNvN7AkgEy/6033xuxgjHww==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSUi83djNpUnM5VjRXbXdy\na3pLR1B2YTFzMEhvb3pFekhNc1lOODlNdm04CkVjSmN2UUp0WmxUWXkrSnRobnJE\nQUZrRFhHMmN4Tjd3WkRQZCt4aFo2aUEKLS0tIExWMGl0d3lOekZhcWJrVlFvUmJp\nL1FwK2Q4WHh5YXNKQkpzeDlsTVBQOE0KqGapzIyAwIvleXfMLCK2cvJp0MNAG/l8\nwD42WSeZAy9EavqNpORJWchmRxoZu8NJupldqy0bUyye6895yhMDEQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhWU5oRW5aOFJSVmtGcGxM\nd2VNSmpISHZ1UDdmNThVQWIwWTBIL1ovM2tRCk9mL0oyZzJwZGE4WDRNV0xpMWl3\nMWt6NFRFSGRQRDNlaDhsdDBJWkZQaGMKLS0tIGJMdVZ0WlNiVllFWm42OGdGOUcz\nUGhXcjRHckVKMDdCRzg3cTc2ZUFYaWsKX2idkx3spVL/Sz09ky5+LZWu4ywxz4cb\nbqQBra26KEv9yBDRwXFwq5oks/HDLRK0zaKRrwNjuoAAQkvzAypniA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwUGk3WUlOUmFmS2Q2SFAw\nL051Si9UTEhRZGRlZTR2c3h4QWJGY3ZTeDJNCjU1TFRwWTNzYUsyNFluSW5xY0xl\nZ1hkd212Q2JSSlM1RkkwNW5OS0hBSVEKLS0tIFlOLzcvZ21xc3luaWJQOGJGc2dD\nVmljTVVXejlERHNQTXdEOWdiZEZhRUEKq3TORXcw7Qp6fS/sIWxIvyRlOsk9MEpr\n6HwFqKecx9eYtqZXi8fThizPALvWW3RzaTBlH695SoTbSJGoK+ki1w==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-09-30T19:48:05Z", - "mac": "ENC[AES256_GCM,data:h7z2W2u2bDmy2zMvsg9vhtVvrej+YghbSSg8KNnl/Mke/gDvKn20lmU0imlZBfxc2b9ElwCEfGMy0ndKjw9K9s5MD0ypzCfs1X3ztDNr95oGOLcdM1IHbVR2v8SP4y8K4RUdsMC5FUPHruEzqCYMnV7lwdgvo/ljn78DsJDAbRg=,iv:2kZRL13Q+5vrn1cAn41QUZGd0fBo23RQSYH3OM/VzBE=,tag:h3wBHIESbsZ6FvrMBQPMhw==,type:str]", + "lastmodified": "2025-09-30T20:09:23Z", + "mac": "ENC[AES256_GCM,data:aylvnEqXl5GTTzklF+JKRM5B6/zk34mcHWyxucsoQ59iy93BYobz2RdD+7BT58fJ+ILGUg3AQvsurQp4xQRr2gI5AVyD6VQSv6y/EvrO7O0lf4JCAYRGPUUjT7/Qt7VF6vvAY2dGx23/tB1GpS3zlgy+AdEZu3z1rLqGnJhIQ+Y=,iv:w0lCZIMDZxUKT92e1qmyevnYgXYDbpt0xamgq9H18RE=,tag:Cikd3siQ2sdN3fOCYbxGWg==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } diff --git a/vars/per-machine/verbena/buildbot/webhook-secret/secret b/vars/per-machine/verbena/buildbot/webhook-secret/secret index c82e335..c9706fa 100644 --- a/vars/per-machine/verbena/buildbot/webhook-secret/secret +++ b/vars/per-machine/verbena/buildbot/webhook-secret/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:NrVd,iv:vogGVxZ1Nc57wg6hdXR9KbZPvqfALEx68qUbrE2RFYU=,tag:xiU+h0Icw4IzL3z2oqjiWg==,type:str]", + "data": "ENC[AES256_GCM,data:S+QS,iv:Z9n92s7d0jJBpcfnymTJWyqfXqIRsRS4ztxmlIg+C/U=,tag:XekatImMzNgtS7XztnI/hA==,type:str]", "sops": { "age": [ { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRV1lOa3ZTaEpxZDJ1cVZp\ndmFzYk1NREVDUGtQbXJhazJjL3gzWmpFZlc4Ckt6YlFWQVpUT1QrRVVoTXBlN3Z4\ndVVjd25tdTN1bmlYV2UzNEltYW1pdDQKLS0tIGcxS1JncXM1WE9USmljd3k0K1lG\nbTJWWlhrU1IrWFZob3grUU43bUZyN1kKkn5mzN6KqxtGCI9JlHUPmylg3A4GYDr6\nL2BJV1CTQT85bF09kCsgAu0dbDChJVYhdWiA4ZFJ/qqcPwAnI1qjfg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxWmZtd3Z2UVFuSWlndmgw\nRUNYeC9iR3l3aTlVeGZaMWxXbUFlUTlNelJjClE2bml6MGY4SG5XdVZjRi96RTl0\nb3hQYzhNcXEzZ29tTkhYcnhnbVd5ZlkKLS0tIEs4TW5taWFNWXVwaE8zajFlM0Fk\nZGxFVWZrdjQxWXNSWXZveDFsekhhWkUK1PEahAsP/Uec22UzGomMlrH3i/hJFxCS\n9P3CXls4hOdoEmn7aTDTeSIU3gAe2ngBy8yqmTWBzI2dTHiRjARAXg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5QjMxbkwvK0R1c0ZLSGFv\ndE9pbU1UcGgwWmVUU0NpQ2RiM2dReTcwOVZRCk4zVlF1VE5qS3ZxOWZBQ0MzL2NC\nMnI0TmtXblRyMHFEbVl5aTRHS0ZKMncKLS0tIHk2STFoa1pOek9hcXF0cENCOEkw\nWWxqU3JQcDlTSGJJeUVqbFlqZXlrVG8K+863BGkKA+e843msFNbEEIowhNdKFKuU\nKt8xDehW3KhfRmRlpmzfEmEfk9cQ4eXSqmkL0in/E8wYKCTgEsPysQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzMmJoaW1kSXhicVQ5MFZQ\nVFZDVzFvRWQ4Smw4VkZIQmlQemQxNUxSSjBBCmhhVURCV0FFeFhjbFpHRGM0eVBP\nSkNvdmV0L0hKT1dHTnJyOWFkelcrM2sKLS0tIE83N1QxcnJKTG1lMEhDYUl3dzVG\nTGhLeHQ2RjdKSy9vSlFWNmw5U3RPS0UKkmLo/AHQjD2IQzpPm2Cza8ME8Bdxzixo\n3+j+sOPIl6K13JxgSrB0Ym3NSWPwEgDwOrz3+MxE77xKHaFvhj4Lxg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-09-30T19:48:05Z", - "mac": "ENC[AES256_GCM,data:UjuikA/WrnLTF00FOsOOjNPd5dA2EsG9hXUM+016e3cQe+9FtAhSjUSAkeW5qRO5/OHWFm/EyE0fJtfAlOFf7uBA7Dj0uqZnPIZBjV9abn0rQTBv9PjDMsaRMouDojaibOqNsb8KPtbuZehqHm0ETqoZ6TdU3X32Ep+7NJMjET4=,iv:SCc3NIbtAp8rBsWESiMqYAXKi3iQ8y3CShw1H30WgC0=,tag:6oSkVYoJRjcVfdYHd4bnZQ==,type:str]", + "lastmodified": "2025-09-30T20:09:23Z", + "mac": "ENC[AES256_GCM,data:U5Pv/wDpi1Qh/kttemH0C4PCjT0JYQRhdOdcL05yYGaP6S+2sL2PhTLtfyjDyeTAftQN0+RKyyVHbi60O1IwkmGLYGSXtGmwnotmv/0Ljix39Q1uxYbq9Mgr1Vcfkx4cyUM/yPrF39Y1vqqXWFKG8ba2T2GtJjuDLnyFDUmWxAg=,iv:aHjmSrqEg9f2CLAdt9UW20wPK3LTmCK1Yo5IrqcWmr8=,tag:n81nYVoaihcNK5kQvGnfYQ==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } diff --git a/vars/per-machine/verbena/buildbot/workers-file/secret b/vars/per-machine/verbena/buildbot/workers-file/secret index d96390a..1bb09a3 100644 --- a/vars/per-machine/verbena/buildbot/workers-file/secret +++ b/vars/per-machine/verbena/buildbot/workers-file/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:AFlyIsfX5ROADStXz+k6vJsadQlmh2k9sjOBVwbk1zej0/N17GgOuCibxlbr1XkQfj+CO5HFm/rI2/mocDm5UZLI/vNQCQO31w/roqGCqCYYm8vkUqfHbu/FzJDO0H3BdrRp,iv:HbmncP/TGxnCeCzsUURrPMG+MSPWBRRfo78SK9reCsM=,tag:i6VGbfm2zENtUO4IdvQ3YA==,type:str]", + "data": "ENC[AES256_GCM,data:I7uyBcLjtVlx2SfC8lNfrAc4OkDeKa8rm6P8zNf8Qp8qM4MVIkaK6snbAvQm3qlW0KiGOdpdXBJi+Zji8L3fhYOLbinpdld0ds1Ml1C+Z+zstIim/9tIA28NSoStKGgZYQ==,iv:sTN2kA+cTAeflu5QRCemp4nHaJMRioET6CjsdXGx/dA=,tag:vZQGXIqcCE5RkN4qek6hHg==,type:str]", "sops": { "age": [ { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNSWczaTF1bEJUaHJNdCtv\nRUt6d2cxLzc1a0xjMjQ1QWpYMUY4bXdwc2lJCmtva0pKYWF4U2d3OElxL09iQ2l6\naXZMOHlvQ3NUZUh2dS82bVF6NUhLakkKLS0tIHM2cHM2aTJXK2VnYnBOekNFWEtS\nTlZRYWFadWhXalJpWHEvamR6NXpUa3MK4N6pNJ6lcVFeF0NLA10lGaPrA7xAZeok\ntL9Kf49GJm3So/JQZK0RrdJm3jCG/rDDbFwCq+jLIvbRR/8o9cIhbw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRUlVOMERpbVR2cVhPZUxC\nSlR6ZEwzcUxmNndqdXFxSDRJdEhHRkpRaERFCldtTVhsUG1lTi8xb1Z4eE1GVDNY\naVM4WEZpb2R0cXRMOXYvR0RKRHRQRmsKLS0tIEQyNmwxam1DV0R1eWpITGJKbnpw\nWjRKUGhCRUE0WWdVYjNndnJ0VWxhTGcKmi2RaK3MLyeRbaB4NFVYH7eC9seDcbvW\nOemjy5zKSd9tFzw+eFwuP7q8+bNvEuJGRkGW015bhvQlmYH5L+Wq9w==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpSVZsd0puWXNMUHd4VktE\nM0xEQkJ6WkQ4NGM5ell3b3BEUUxyY0tLQlVrCmdwUnlVTVZSdTB5Si81RVlqdXFZ\nUUw1bUV0T0Q0VHp3QzZjakUrOFpOK2MKLS0tIFp6QVdwQXZWVXlrUW41YzVSOVBW\nYjQxOFJ1NkhrQjdCa1NRRUExRnZZWEUKSUgPjFMZUjzYh7TOqW/lZR1hys4BEgK/\nFfsB0gOoEC7rfrEzO4Tw2EdOAlKHHy+KihIV5tfZoZ8zdcrsfLsPKw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwQTR5NHdvSzMrbGNxWU5v\nMEJBYkxXcWZmRGxPMXBraEJKSzR1UnVUN1JzCnlxZ21rclZoMjhaSGFBNjZzTDJS\nbHdwVmR3YUQyZTFIZ0V3Q0pTL1lQcTgKLS0tIGgxM1I4L1UyaGpLVUNuUk00R0I4\nSFRYbmFONnV0U1J6RDEvVjI5U3hDaHMKC7JmIGjbtSukREOuhX7aYWsLwQTA4Nbs\nwLiMLpQ7XGn96MgKVmXjPAOjqDUqwFrc2n2lJr5gZpgqxLG2VTVBkw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-09-30T19:48:05Z", - "mac": "ENC[AES256_GCM,data:EuFM9l9tjDKaH0V3cFXHDR3IJ+41R9gtTrSpmdh4dqwQjvPqhKVvFztKm0+AUzRkoq8b4CXpFO2AdDY/QBPgfbIWk4ztDcbrgZ8RyR22zITnYchGi1iIOduS84hbOf6nt+XIApXJa5aWE1MBy7xaIDKxbeDxfIzolwQwvlBe2r8=,iv:swLM9NsbfKVG7rgFF0HTP0OVENH/ssqlf2+L/A3nvA8=,tag:049D8wz04WDD+2phrvfT+Q==,type:str]", + "lastmodified": "2025-09-30T20:09:23Z", + "mac": "ENC[AES256_GCM,data:sH9vTfWbTXeurnZrJWXVlC0Pe/gs3bVITY1TyiTRwEtNE0VL3vDHFtwnApn5xdj4sB7RdRPT+6hVWFrfYko47uxLZOnzAEwz41XEXfNUvBaKVovSeJIkDjJZKs7YI+uCzE+YqH4J7GQxr15B3u3iDPy+mL4MepXCWwlvBqdj+Ec=,iv:3gA/dybTZiLBWfn5FgxsC6fJqfpRNHN32eeaU5qlIW0=,tag:4idC+h+gnViBFGwW1c9BLA==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } From b720ebe07ec4627555c6d9541df026341637968d Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Tue, 30 Sep 2025 22:24:05 +0200 Subject: [PATCH 173/376] Update vars via generator buildbot for machine verbena --- vars/per-machine/verbena/buildbot/api-token/secret | 10 +++++----- vars/per-machine/verbena/buildbot/oauth-secret/secret | 10 +++++----- .../per-machine/verbena/buildbot/webhook-secret/secret | 10 +++++----- vars/per-machine/verbena/buildbot/workers-file/secret | 10 +++++----- 4 files changed, 20 insertions(+), 20 deletions(-) diff --git a/vars/per-machine/verbena/buildbot/api-token/secret b/vars/per-machine/verbena/buildbot/api-token/secret index 1bca091..4a4e7ce 100644 --- a/vars/per-machine/verbena/buildbot/api-token/secret +++ b/vars/per-machine/verbena/buildbot/api-token/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:4q1BoV3evrDvJMixoRvNxeTWfvRwePAYNP0m1nA1Ra2Va/yVPzgdcQ==,iv:33jDglBB1ozx+y/ih3y6sgbmUyFfWpYm7koXtnf4sx0=,tag:jkPKstbD7vhzO/O1tHEeFg==,type:str]", + "data": "ENC[AES256_GCM,data:TBkW6fgVu4nOFNI9mQjrnkW++jc7fchjJBDwTjaNkEh9E19MMTlQnw==,iv:jvX3gKJ1I7bRcsihqVOYBv6p0KJhQXT1oAG+wlThRU0=,tag:uYGupsYDsJFFTY/eAC73pg==,type:str]", "sops": { "age": [ { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKTHFNYStabmdlWjhRMlZ0\nTE41MnlBYWFXdGV2aGtVSitmSlZBWUVOcFhzCmtoN0hJdlJtNEswUEtwbFNXU3pR\nb3JVTTVCYnNuNk41b0R4QWpKRjZJVEkKLS0tIC9rTDJnWWtpQXM5MGx0aXd1MEN1\nbW1vVWVKMlVmcUFrTW5KZzU5TnUrNG8KQRzeseB5TD1TdoZG0KP6xq4NucJqUFPQ\nfs7SMNQSzB3BmixM2otjCMB9kTN86wWF/l0J1k5tzNl6cKrqFiUVJg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNRHNlMzJWbnNGbVhtRGFn\nZGdDM0RxSW11c1lETWtkY3pOaCtvL01nVDM4CkdGbDA4THl4SU9OcFE3RVpxelNI\nSUZnVk41WmhkRHhPN3BXVXZoVW9Nd2sKLS0tIE5kUWFCWk9KRTM5blVHaks2ekwz\ndGJRN25YbDFtZkNEVXowNWFxOWI1TjgKWXRDpYBJinX3adywjVY+i52s64L8LySE\n0t0O2jW2KrZCaYD2ULrxpEnG/FYznseA0G983WNLh0kdFk4Emh2YeA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXRzdvdjRCMGpETW12UFRX\nUEM0Y0RtazBYZ3o4NFJ6SkZDWC9sRDNzb1hvClF6Z2tBZTBsR09ZdCtEcDJvQ3VR\nZmMxak93TjRuZVJoT2VDaEkvNUNESkkKLS0tIHdRRGFyeWZmUTl2cXllVHNCU2tZ\nWWFzVUpIN2ZyYVlMdzlwaEY5ZzI4NXcKdgwGpY345N0cDAJShu02rt7xPa1vSvoV\n1WQYt8G4W1C2h6iiW3cN+tYKUUsahTw55wcrwuZ6sCVe/yZs80SOeg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaZzc5dlZpWHI4emQycWVC\nVkp4SDZaME9XeWlaS0JwWnVQZ1VCQ1hRZXljCnQvbXFYZ1dMSkEyYk9aNDhxWVFO\nVlZiampQYnoyYStyTkp5cTBJNjgvQVUKLS0tIFBkS0IvWXNnWjZ4cCs5Si9ONU45\nSHZxcXhwTkdmTlZkTEs4TGYybWtHcEEKQ2Un9ofhwTUeeFh8cRYvqjdZxuPHe8EG\nPi1UzBSlbWv9L5st2eOr8yHDX6Nd10sRZIyo4SLA/YbPBGWcD/VA5g==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-09-30T20:09:23Z", - "mac": "ENC[AES256_GCM,data:f08OjuOS4DI2ilGQb4eNycmOIEuI/bQROxJIp6SszVnq+RTwVn8EDUBoNXRYJFygLKVbIQ74bkXVR6EogrpJBCD2atVohMnLE03ujHT8ncHuKMhOH9pwAyvMnlquqH3HeuvbPSUqdcpYen106dq+8zWhr+cBQ5XOEuFQolx+EpA=,iv:Y1/1UvnBNNzIulSEkwY9swsE6FKEt576ekmpcv9dC14=,tag:ZZTMv7OhLAKDKMnFfk7Vng==,type:str]", + "lastmodified": "2025-09-30T20:24:05Z", + "mac": "ENC[AES256_GCM,data:/1u+xf4gfv+/8m45UwGeutMrOKfxDOC/vlF+JY/GS+B4xW+bBIVHtBFg6cqKZ6jvAqMjx5w1j2x+St7xI/S9rVhf7mG8p4sdO5/EnM2Ib+I94dNKLx90h67jAJir7N4sQ6qsT8K5B4CDwBC4ugOBtBVBW3eoRxMFjGNNGoG+mUw=,iv:RUatCLMYYUT9fUluykcaJH+uKOPQGizzGjPnsmROtLw=,tag:K/6z9CHx7kBJtOTgfiXyQA==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } diff --git a/vars/per-machine/verbena/buildbot/oauth-secret/secret b/vars/per-machine/verbena/buildbot/oauth-secret/secret index bd72326..2db359a 100644 --- a/vars/per-machine/verbena/buildbot/oauth-secret/secret +++ b/vars/per-machine/verbena/buildbot/oauth-secret/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:nPeaLjZ0gIndUeRTKWw8l7rK2pLOLccR6X57e+WXhQbGCQS8HMJDYy5M/kNdfrxdst7mifN/Vbw=,iv:JZf62bUrrwRj4LIdfa/j5Qxj4AoJ7fE6Qez0bAYit44=,tag:iVL/xDZqtkxX7/d+xFFCUQ==,type:str]", + "data": "ENC[AES256_GCM,data:BNaSFieGNC+TbU5S8NFYitdQiO51vdAh1q7UMfS5UPHqnASBYAumgrrNotm2Rma2s2QijJJFsyw=,iv:ns6hkNgOVaAJMq4AkZeX2DOXLNqzv/2iD83wWwNeocA=,tag:vmh9crLrJ+2V9FOfVr3Fog==,type:str]", "sops": { "age": [ { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSUi83djNpUnM5VjRXbXdy\na3pLR1B2YTFzMEhvb3pFekhNc1lOODlNdm04CkVjSmN2UUp0WmxUWXkrSnRobnJE\nQUZrRFhHMmN4Tjd3WkRQZCt4aFo2aUEKLS0tIExWMGl0d3lOekZhcWJrVlFvUmJp\nL1FwK2Q4WHh5YXNKQkpzeDlsTVBQOE0KqGapzIyAwIvleXfMLCK2cvJp0MNAG/l8\nwD42WSeZAy9EavqNpORJWchmRxoZu8NJupldqy0bUyye6895yhMDEQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjTXVaZHNaWVBMck0wK0ZQ\ndDZ0RDhNQlM2ek5sWnoyT09uQ29hbXJQM25NCjFVMkRCeU1wdlRVTWdzZVhFMnhP\nVWxUSHozVjB1S3BIWUNrVlBIK29KaU0KLS0tIGduTzQ4bDdvZ0RoZERRc0xycGFl\nREx5RU1mZVlsL3hXdjNVTGtWSEtwaFUKzAZGT0lgM0TbM9YNaHt0DLzCtS15M+hb\nVD9ZjkjDrCoAqdeq555c+cG0QgB2AiWmwRdcSQd2hBX333iISk5hqA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwUGk3WUlOUmFmS2Q2SFAw\nL051Si9UTEhRZGRlZTR2c3h4QWJGY3ZTeDJNCjU1TFRwWTNzYUsyNFluSW5xY0xl\nZ1hkd212Q2JSSlM1RkkwNW5OS0hBSVEKLS0tIFlOLzcvZ21xc3luaWJQOGJGc2dD\nVmljTVVXejlERHNQTXdEOWdiZEZhRUEKq3TORXcw7Qp6fS/sIWxIvyRlOsk9MEpr\n6HwFqKecx9eYtqZXi8fThizPALvWW3RzaTBlH695SoTbSJGoK+ki1w==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLY2hKTm5GY0Rld3dnUzg4\nb3ppS2M1YUFpakFrWEw5Q3ZhdkdCOVA0TEVrCmozRnpKc2ZiSzJyZmRuaXpEaHhO\naXk5UTNUTHE0elJWb1BpczRJb0N6S3cKLS0tIFo5Q2dIZzMyL0g0bFJZMlFEZ2k4\nWEJBZGJ0WHQ0YkFTT2h6cHVtVmtGbmsK6j6xqV8D/he6H2K3g/2eLmbM0722gWM+\nrAWovdLLT8OrBiUgQq8as4Jy84HYuBLZPo6w5CXmjuGoGw0hPxPhww==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-09-30T20:09:23Z", - "mac": "ENC[AES256_GCM,data:aylvnEqXl5GTTzklF+JKRM5B6/zk34mcHWyxucsoQ59iy93BYobz2RdD+7BT58fJ+ILGUg3AQvsurQp4xQRr2gI5AVyD6VQSv6y/EvrO7O0lf4JCAYRGPUUjT7/Qt7VF6vvAY2dGx23/tB1GpS3zlgy+AdEZu3z1rLqGnJhIQ+Y=,iv:w0lCZIMDZxUKT92e1qmyevnYgXYDbpt0xamgq9H18RE=,tag:Cikd3siQ2sdN3fOCYbxGWg==,type:str]", + "lastmodified": "2025-09-30T20:24:05Z", + "mac": "ENC[AES256_GCM,data:5uaRAQ4li9OwcIyGqa6r94rHp0HnoS7kh23N/hBNxRmj8kAdDL3YY3JaHdat3na8Le934MtKQ6doAMAZ+HBYn5Kjn8nhJZpE1gNK/BK8zn+mdqRZ6CEIeADbEDVp4B1OO0kWsRBl5h/ndyBzoFcZb5O9mFT2OPg24zOK5D/+h+I=,iv:+C+l/U/mDyGEiZSXP9szlj39BYq/0zEM7UhzIeHbnZk=,tag:6GvdwYKE5N2l1vqq5FllSw==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } diff --git a/vars/per-machine/verbena/buildbot/webhook-secret/secret b/vars/per-machine/verbena/buildbot/webhook-secret/secret index c9706fa..ae36d75 100644 --- a/vars/per-machine/verbena/buildbot/webhook-secret/secret +++ b/vars/per-machine/verbena/buildbot/webhook-secret/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:S+QS,iv:Z9n92s7d0jJBpcfnymTJWyqfXqIRsRS4ztxmlIg+C/U=,tag:XekatImMzNgtS7XztnI/hA==,type:str]", + "data": "ENC[AES256_GCM,data:kP+W,iv:YAQuZatcgV+QeUZ4s9lfl57u/GdMi03lRjPUe+goxQs=,tag:5OL2fdSRYjuPVpEW/5TLxw==,type:str]", "sops": { "age": [ { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxWmZtd3Z2UVFuSWlndmgw\nRUNYeC9iR3l3aTlVeGZaMWxXbUFlUTlNelJjClE2bml6MGY4SG5XdVZjRi96RTl0\nb3hQYzhNcXEzZ29tTkhYcnhnbVd5ZlkKLS0tIEs4TW5taWFNWXVwaE8zajFlM0Fk\nZGxFVWZrdjQxWXNSWXZveDFsekhhWkUK1PEahAsP/Uec22UzGomMlrH3i/hJFxCS\n9P3CXls4hOdoEmn7aTDTeSIU3gAe2ngBy8yqmTWBzI2dTHiRjARAXg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3aFM1T3VQT1plZnZUOWlX\naHJ5MnFJRU9qNW1hbjFVRzZrcTJ5SXdkekJ3CjFPYWpLZWd4R1V6eEJWVjNnMFFu\nVjVWM2pqOVlKWmpscFpoeUhrdVJIRUEKLS0tIExscldyY0JYWXVEN0VQOWpZZ3hY\nbHF3Y0RmZ0dseHJ5cU9yaFFSOUh5K0kKToZTdnUtkBa06Bz1EvYTrvSjTlQpL6DM\nRD+eY6fVjk0pYiaflTEsqShPi4G8uZSKzcXNH4Qz967S8WrCmAELvg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzMmJoaW1kSXhicVQ5MFZQ\nVFZDVzFvRWQ4Smw4VkZIQmlQemQxNUxSSjBBCmhhVURCV0FFeFhjbFpHRGM0eVBP\nSkNvdmV0L0hKT1dHTnJyOWFkelcrM2sKLS0tIE83N1QxcnJKTG1lMEhDYUl3dzVG\nTGhLeHQ2RjdKSy9vSlFWNmw5U3RPS0UKkmLo/AHQjD2IQzpPm2Cza8ME8Bdxzixo\n3+j+sOPIl6K13JxgSrB0Ym3NSWPwEgDwOrz3+MxE77xKHaFvhj4Lxg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmQkpRYXRFSFNGS0hQc3Ez\nMU9TOWI2ZHh3QkxzbWU1ekwwL3VnWjZoV1c0CkJqU3Nlam5JNFdsSHVtMDhxMTZj\nOGRpTkdKODlEeGJsZS9tNGwwSEpvd2sKLS0tIG1Ib1R2WWR2MFdabjBhNTRIWEN2\nNG1XOG9EZXVrdzlHd29JSC91Z0hIUEEK01EMDn2J18S/Huz7nqVGSk09bUIwr8BF\n1t0KVlXQFtW16GfntMzi8QZcWpVfxNAG6QtA1AVBoc7h4728ozf3Tw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-09-30T20:09:23Z", - "mac": "ENC[AES256_GCM,data:U5Pv/wDpi1Qh/kttemH0C4PCjT0JYQRhdOdcL05yYGaP6S+2sL2PhTLtfyjDyeTAftQN0+RKyyVHbi60O1IwkmGLYGSXtGmwnotmv/0Ljix39Q1uxYbq9Mgr1Vcfkx4cyUM/yPrF39Y1vqqXWFKG8ba2T2GtJjuDLnyFDUmWxAg=,iv:aHjmSrqEg9f2CLAdt9UW20wPK3LTmCK1Yo5IrqcWmr8=,tag:n81nYVoaihcNK5kQvGnfYQ==,type:str]", + "lastmodified": "2025-09-30T20:24:05Z", + "mac": "ENC[AES256_GCM,data:Szytp8G3CfWCtuu5MfXkfDBRQFsHWqT/Ep/JM7mISOzqvnjlJH1nZ0LqnnodNCN4v4Vm2pXbFPhX0gmnPlEStvwZ74lNfjevZ9UFIqJi3S0Hk7Z6wzmOFsJ3b68ZLLrGXntM6VAL8dlhlnnb+ZeuzgVvVogr1bJD2oOmqEQd6/c=,iv:7LyDUSmt1IEAGqez7alBRVCoBnQ3tDEsZAKVXgqUesc=,tag:qsWv69qzFsEkphOGHufbWw==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } diff --git a/vars/per-machine/verbena/buildbot/workers-file/secret b/vars/per-machine/verbena/buildbot/workers-file/secret index 1bb09a3..01a8bd5 100644 --- a/vars/per-machine/verbena/buildbot/workers-file/secret +++ b/vars/per-machine/verbena/buildbot/workers-file/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:I7uyBcLjtVlx2SfC8lNfrAc4OkDeKa8rm6P8zNf8Qp8qM4MVIkaK6snbAvQm3qlW0KiGOdpdXBJi+Zji8L3fhYOLbinpdld0ds1Ml1C+Z+zstIim/9tIA28NSoStKGgZYQ==,iv:sTN2kA+cTAeflu5QRCemp4nHaJMRioET6CjsdXGx/dA=,tag:vZQGXIqcCE5RkN4qek6hHg==,type:str]", + "data": "ENC[AES256_GCM,data:nAasbZt+rynccMfq4+eUELpdFsO0SQhTTOXDCz9Y2jK0+6KdIdimoH72HU+6YTWrdWjURv7ql7TlakXAYCgCwoIGdLdl6cZLs0hZXAzthxI13OrPUJRyBbYmmUCu5qQ9mCcy1cLkHhe0KQGxBA==,iv:0/kTk36AQTw/mFKvYhUcyfzdkODEq5ZyeXWERpf08vs=,tag:v4uXqzJlzv+kdVaUjzwEEg==,type:str]", "sops": { "age": [ { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRUlVOMERpbVR2cVhPZUxC\nSlR6ZEwzcUxmNndqdXFxSDRJdEhHRkpRaERFCldtTVhsUG1lTi8xb1Z4eE1GVDNY\naVM4WEZpb2R0cXRMOXYvR0RKRHRQRmsKLS0tIEQyNmwxam1DV0R1eWpITGJKbnpw\nWjRKUGhCRUE0WWdVYjNndnJ0VWxhTGcKmi2RaK3MLyeRbaB4NFVYH7eC9seDcbvW\nOemjy5zKSd9tFzw+eFwuP7q8+bNvEuJGRkGW015bhvQlmYH5L+Wq9w==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXQUJvSEhTQTlqTG5tNVd4\nbzZKZmc2UUNneUFiVUNtcDVRK3I3bWJjRWlNClQ1d1FEOTNSaEVIemswelMycFdL\nbzl0aDJPRGlrc29RRGdqdFJQUjVYbTAKLS0tIDZrRE5iZXpFYmpBcmMrRzRpZ3JM\ndng1a3NURjN6Qm5EbXM2UmV1dkRCYWsKK/jAVn2W2GMz+9KNwxu0WZ1KeVK9Gt2i\nCUi+llZqW5rOXyM7fBOpBfcdUZ1EqmnVYXz5289xb7MU0CBzzI5Wjw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwQTR5NHdvSzMrbGNxWU5v\nMEJBYkxXcWZmRGxPMXBraEJKSzR1UnVUN1JzCnlxZ21rclZoMjhaSGFBNjZzTDJS\nbHdwVmR3YUQyZTFIZ0V3Q0pTL1lQcTgKLS0tIGgxM1I4L1UyaGpLVUNuUk00R0I4\nSFRYbmFONnV0U1J6RDEvVjI5U3hDaHMKC7JmIGjbtSukREOuhX7aYWsLwQTA4Nbs\nwLiMLpQ7XGn96MgKVmXjPAOjqDUqwFrc2n2lJr5gZpgqxLG2VTVBkw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLRnJHand5MTZLdjdZbHY5\nMW5rY25ha0RjdFBPa09rTWQ4cmJsZ2NGUkVrClY4NEU1eVVRRGVsVzcweko5cmE1\nNHZad1l4QVBzZEVzR05lSm1sbVBDTjgKLS0tIHdyeXV3ZXU3eDMxazFTdHpuait3\nK2xva3JKb2lPSzBFQm1henZxNlEzZUkK6MCB/kC8icEKqShOdJX+yP+pYzdJd9B8\n0jFFINVZ+/a3wEvUuSgC/Y5JllXIPwDAJ1abJRjnysZww0H9kwO0aw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-09-30T20:09:23Z", - "mac": "ENC[AES256_GCM,data:sH9vTfWbTXeurnZrJWXVlC0Pe/gs3bVITY1TyiTRwEtNE0VL3vDHFtwnApn5xdj4sB7RdRPT+6hVWFrfYko47uxLZOnzAEwz41XEXfNUvBaKVovSeJIkDjJZKs7YI+uCzE+YqH4J7GQxr15B3u3iDPy+mL4MepXCWwlvBqdj+Ec=,iv:3gA/dybTZiLBWfn5FgxsC6fJqfpRNHN32eeaU5qlIW0=,tag:4idC+h+gnViBFGwW1c9BLA==,type:str]", + "lastmodified": "2025-09-30T20:24:05Z", + "mac": "ENC[AES256_GCM,data:COlUjsuwrIQz0TX2yUHLfsR+Yv3kcX9PwqfTEfGNJ28xtxLPcuSXQ3k+BGxiM9XDZTUCBOmYcHeozlupdoLU8AryQbGvX6se5rae735DfLIrQ10xbpF0lxIoAf1V3CEj0prdp8wb4xLVtjqJ35BmGQsW89h8f9Pe/SgQCazpl60=,iv:ei8y9IlI9f0HMFuCQr95OuVXQv1ck4t8Sy9OBeO+SeA=,tag:3qSsuhnZPo8PpUTeu2uAXw==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } From a03ae3e321381ff56c10fd7d45436eef6c2d7308 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 13:35:08 +0200 Subject: [PATCH 174/376] Update vars via generator radicle for machine crocus --- .../radicle/id_ed25519.pub/machines/crocus | 1 + .../crocus/radicle/id_ed25519.pub/secret | 19 +++++++++++++++++++ .../crocus/radicle/id_ed25519.pub/users/rpqt | 1 + .../crocus/radicle/id_ed25519/machines/crocus | 1 + .../crocus/radicle/id_ed25519/secret | 19 +++++++++++++++++++ .../crocus/radicle/id_ed25519/users/rpqt | 1 + 6 files changed, 42 insertions(+) create mode 120000 vars/per-machine/crocus/radicle/id_ed25519.pub/machines/crocus create mode 100644 vars/per-machine/crocus/radicle/id_ed25519.pub/secret create mode 120000 vars/per-machine/crocus/radicle/id_ed25519.pub/users/rpqt create mode 120000 vars/per-machine/crocus/radicle/id_ed25519/machines/crocus create mode 100644 vars/per-machine/crocus/radicle/id_ed25519/secret create mode 120000 vars/per-machine/crocus/radicle/id_ed25519/users/rpqt diff --git a/vars/per-machine/crocus/radicle/id_ed25519.pub/machines/crocus b/vars/per-machine/crocus/radicle/id_ed25519.pub/machines/crocus new file mode 120000 index 0000000..efe6fd0 --- /dev/null +++ b/vars/per-machine/crocus/radicle/id_ed25519.pub/machines/crocus @@ -0,0 +1 @@ +../../../../../../sops/machines/crocus \ No newline at end of file diff --git a/vars/per-machine/crocus/radicle/id_ed25519.pub/secret b/vars/per-machine/crocus/radicle/id_ed25519.pub/secret new file mode 100644 index 0000000..47fc525 --- /dev/null +++ b/vars/per-machine/crocus/radicle/id_ed25519.pub/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:vuMn3T+3/BdO3pgArEzzul28SyX29I9K8nwpLXsaH3qijdB/vJDPRQQb46fKhXwnIiacTnPBMwF+65PTaOxc+J7MpadZxYVD4SOQIKfXf9nyii1O2yiEcBEXBCOl,iv:JsLd4hBmkKViCBMcoaR9KJB4U9EemhU7frydMciJIIY=,tag:aEKpuLyZYP1R+NtjKVsHeQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSFo5bEk3NUtaOXpEVDNa\nOXUwZXhNYjYxZE15L3V6NTlyNDdsMnp6TURVCmxid2VuaWQ5ZTNZYUVkc2krR0lU\nRXRGU2JsNXNsd0xEeWRtZEtOR1RsUkkKLS0tIG9ZaGZRVWlXN2w3ZCsycGdoaWVs\nU1FGSldZa2tZOTlFWlFlNkxVQ2xqK3cKnA6CnGuil7WR3+e6k1/JblzPE8lxKR55\nDev4Ina9YAEAdP1C5g7at3CvhrARzfjHXfY193MWmm2NOG8NUfkcwQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxUGd2dHVXOHVPNXlGK1Na\nem40RUs2N1Q5clJIOHpsQ2dIYThKZ2hXb1NRCk51bjZTSWkvdWQyYzl4MDNNOE9N\nVUhqbzdvUUVBRTRrYXVBVDF6SEJRMW8KLS0tIFpxWCt6bTJQSlUzRWFjUXFWNFpk\nWjJaVlhuYllJZlZQRWVObXJnVjNPbmcKQD5NG7MaKlumfKOLgc6vzBWr9lFVGNLo\nWbvtwL7Y3LPRzQoFfed+VE0NGFI/EexBT5EN5vJwPNsGD3RQFjwjcQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-10-01T11:35:08Z", + "mac": "ENC[AES256_GCM,data:iYlQAmtfRn9dT9gN5QksoAXyg5k7aWc4KO3nsgRpogF/63n+0RAzqGz4O+Hr9RgiIzVo1ThUMIaVaPCTKYvUJ0BH2RZI3MmWV8BNG8FedFaO/fK7zGjuxoFaUC0LOUPX03QcZDYanbDulZ1NL+w1NxZZuCEZ1g6uVH3YewaxBuc=,iv:vvTQ/Wm4xtfaH7Oy6qGANp9YWVHgvRAuVZPfzcxU/dY=,tag:/HBo14UIp9YtyLv1vGu8vw==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/crocus/radicle/id_ed25519.pub/users/rpqt b/vars/per-machine/crocus/radicle/id_ed25519.pub/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/crocus/radicle/id_ed25519.pub/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file diff --git a/vars/per-machine/crocus/radicle/id_ed25519/machines/crocus b/vars/per-machine/crocus/radicle/id_ed25519/machines/crocus new file mode 120000 index 0000000..efe6fd0 --- /dev/null +++ b/vars/per-machine/crocus/radicle/id_ed25519/machines/crocus @@ -0,0 +1 @@ +../../../../../../sops/machines/crocus \ No newline at end of file diff --git a/vars/per-machine/crocus/radicle/id_ed25519/secret b/vars/per-machine/crocus/radicle/id_ed25519/secret new file mode 100644 index 0000000..8588015 --- /dev/null +++ b/vars/per-machine/crocus/radicle/id_ed25519/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:lC3cHHt5TA5cttF5m63RkCAdX+En6keWVjA/SbXp8kB1h4Uq+5Qp7jkyrjZSHt+mqYf2qUB0u+hfI4LkjItpaMnay6B4GTN0HdrPLsAlAlDzgTYweDHZTY6y3d20Z5rENzx28AeBvDj9Xpe98veb3cjoCfsizl0jdtaS/Rb8Srfj7AgkXrSRLj4dkU8WOvFhj1eR3dsJ98lgV9sL0ouBbOixeuPHDK6I9LQ7iJ6F6237J1RMuZxzqzT5UBmuytZtiJ30uZN74f6kUqvqipF3zhsHaanrDSTBeia9abQYgjHz+jztPhS3xRAPJ/08UgrGvTk4yoY0Fc5UoEs03MI8n/osAZmAcsW/lxmpBHa4AMsWadBosPNGSM1itupWyHXSg3F6nS+xbdaF4qajlHcc3tkDk4IKPWc+ZqjpGC63CU5XnQUJNzUy45XTjL+XLRpGvErkpPxG8eqH7EhuYXiol5HlhFIqpd//m2/QJhZhzQ3Y0n6fWt2dTiC58r63IJ+PvvbS8i2XeCO6nVxe9GcM,iv:O5g3/vpnc4pu3is30c2ZUmI7qsTuP72iJdTEXuGSP5I=,tag:5QyEygyy5SIjPx+EDL/GlQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBidFhQd3lLY0loYWRCTHlE\nVFIrTWo1ZTI2OW9yNkUrcE5BanVUMDVOQ1dNCnRjNDNIMW1xc2VBL1EzUS9SemFE\nR25CYnZBRGVzNjlubEFYK1V2QkZ0TkkKLS0tIGV3cnRHbFNkck1MYTdVbUQ1N3Fh\nRkdoL1Vmb2JYNnh4Y04ySFBaSmFyZmsKsUc/QsTU9vjVW4Mp/At/YRMYoevr/u9G\nYskL8TuNb3t805s/hK3Bkyvqdp9/yxWQVd3P+F9yrxMjrdsHk/UQvQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnb2Ntb0xITEo1aEE4M0kv\nTGlham5IZy9EbG1lUnFHeU9xSjBhSDkrckhJCm10T0dKdjlvQVJBMHd0WGFTSEF2\nb0ljQU9lN3Jva1R1aVhlRkRiNVRSK2sKLS0tIGpFV0Eyb1BlcVh4ZkJTV3ViTy9t\nZGtuYTA2M3BLRmUwTnkrWEYrT3dJeW8Kd2dEkc1e8gNeQLO594R4Am3G7i5SDJWI\nSly1BybN5+t9ngrb4TNpUc4zVYCff5Dw5HyBieNQmkXyMgC3HGhiEw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-10-01T11:35:08Z", + "mac": "ENC[AES256_GCM,data:a9FM0xoQMhqPiPoDy0D9sKbXGt9JLYDL27GCZj9fBRkiDaQAK5k6HoL+RM2BRcmCkoMqZfZ43XPEbBkpnyw+ta6LJcrBAJEammq57WpnmOH9Y8b4s9sBL8gHPwmJWnI4Su2pn7x3Ut1Zx2V/V9ZjI/wfkgT+TAgUWZCz7D48KZ0=,iv:emJRpHTiITig/QHX+tE8KRBj+gTOBd9eP1+PswD3Ff8=,tag:QRIt09w5EvtMNyMjfh8rEw==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/crocus/radicle/id_ed25519/users/rpqt b/vars/per-machine/crocus/radicle/id_ed25519/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/crocus/radicle/id_ed25519/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From 00967e3852021150dee332ff56bac3da33e8a0b1 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 13:37:19 +0200 Subject: [PATCH 175/376] Update vars via generator radicle for machine crocus --- vars/per-machine/crocus/radicle/id_ed25519.pub/value | 1 + vars/per-machine/crocus/radicle/id_ed25519/secret | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) create mode 100644 vars/per-machine/crocus/radicle/id_ed25519.pub/value diff --git a/vars/per-machine/crocus/radicle/id_ed25519.pub/value b/vars/per-machine/crocus/radicle/id_ed25519.pub/value new file mode 100644 index 0000000..bdb78c4 --- /dev/null +++ b/vars/per-machine/crocus/radicle/id_ed25519.pub/value @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOLiNezoLFhE7umeN7Epcv4ZWymiztb6Go9FX/kyHEUm nixbld@haze diff --git a/vars/per-machine/crocus/radicle/id_ed25519/secret b/vars/per-machine/crocus/radicle/id_ed25519/secret index 8588015..665be2e 100644 --- a/vars/per-machine/crocus/radicle/id_ed25519/secret +++ b/vars/per-machine/crocus/radicle/id_ed25519/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:lC3cHHt5TA5cttF5m63RkCAdX+En6keWVjA/SbXp8kB1h4Uq+5Qp7jkyrjZSHt+mqYf2qUB0u+hfI4LkjItpaMnay6B4GTN0HdrPLsAlAlDzgTYweDHZTY6y3d20Z5rENzx28AeBvDj9Xpe98veb3cjoCfsizl0jdtaS/Rb8Srfj7AgkXrSRLj4dkU8WOvFhj1eR3dsJ98lgV9sL0ouBbOixeuPHDK6I9LQ7iJ6F6237J1RMuZxzqzT5UBmuytZtiJ30uZN74f6kUqvqipF3zhsHaanrDSTBeia9abQYgjHz+jztPhS3xRAPJ/08UgrGvTk4yoY0Fc5UoEs03MI8n/osAZmAcsW/lxmpBHa4AMsWadBosPNGSM1itupWyHXSg3F6nS+xbdaF4qajlHcc3tkDk4IKPWc+ZqjpGC63CU5XnQUJNzUy45XTjL+XLRpGvErkpPxG8eqH7EhuYXiol5HlhFIqpd//m2/QJhZhzQ3Y0n6fWt2dTiC58r63IJ+PvvbS8i2XeCO6nVxe9GcM,iv:O5g3/vpnc4pu3is30c2ZUmI7qsTuP72iJdTEXuGSP5I=,tag:5QyEygyy5SIjPx+EDL/GlQ==,type:str]", + "data": "ENC[AES256_GCM,data:hhgdJTDAFrEaFcYZbD9OPj4HVYRJBPDYWUfNsNj65hoowlrsRYHF9FAJSQUNmznhQ3kmrZjElGxZxS0rP0LhTvbwrRAS8luP7gwuDRPsloaAli8rVbWoZNvutILmC547WEUU3gnHuwCpSfzbNRz73BqF3oGF5tUcsHQYor5Vzs5U7LuP0Psg8q17YAggnaFxWlHIQYT5H9aVWcass8z+FIixnE0Ss62m9lior5GEXAYuoIccEJsisfDjBCdk5sMKnhgJKyUxXLuBA56VSte748/JNx9p8ugbY6jbJxXEQcBVlCNklAzMlIrwcMpJs7GgO4aUm3A2eDM6P5ZM7LMhNxsLfOYLZkWAdVfaRY3TSym6oED5GvKoCXjmzGvqBaR/z825/wAfxw2L1E7CmzOFpTHE8BWC6cwZolZGFQmjUmw8hQ3qesRmI++gM73P5Sopjyq+qfl26VB5ncJ6nTictQVQeepOOOLiby67m0JjTErvEbWm5gTx3t4b0IkOTLl9Ci878+3JKfuUkUBWEgPO,iv:B/TsygWiYqC4wePXJqlw9GS0blzwuGMNBkh/W8FTUTE=,tag:vZh/8vCwWKnzHbdQqmdwJg==,type:str]", "sops": { "age": [ { "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBidFhQd3lLY0loYWRCTHlE\nVFIrTWo1ZTI2OW9yNkUrcE5BanVUMDVOQ1dNCnRjNDNIMW1xc2VBL1EzUS9SemFE\nR25CYnZBRGVzNjlubEFYK1V2QkZ0TkkKLS0tIGV3cnRHbFNkck1MYTdVbUQ1N3Fh\nRkdoL1Vmb2JYNnh4Y04ySFBaSmFyZmsKsUc/QsTU9vjVW4Mp/At/YRMYoevr/u9G\nYskL8TuNb3t805s/hK3Bkyvqdp9/yxWQVd3P+F9yrxMjrdsHk/UQvQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Z1dkeWhORUpJQXFrMncx\nVmwzbjJuMzV1N2ZkRktHTGgyS1hxbzFKM3pjCm9ueWlaZGJGUUM0S2dSdkRtbFRy\nMCtOWUVoVENUMkNQVVVnQ3VadGhnSkUKLS0tIFJXWDIzOVJiOHkzQStiUmhrYUtH\neFIyd09tTEp3ZHZMWmpRcnZha3UyRjQKtVeTIccQrYxFzpHFSW2Fz9m02VcOT8Wo\ny9A233d155LjRpcv8T1KxbcPBL0nyRKEBCljCq41w3bB2JfX7zdzRw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnb2Ntb0xITEo1aEE4M0kv\nTGlham5IZy9EbG1lUnFHeU9xSjBhSDkrckhJCm10T0dKdjlvQVJBMHd0WGFTSEF2\nb0ljQU9lN3Jva1R1aVhlRkRiNVRSK2sKLS0tIGpFV0Eyb1BlcVh4ZkJTV3ViTy9t\nZGtuYTA2M3BLRmUwTnkrWEYrT3dJeW8Kd2dEkc1e8gNeQLO594R4Am3G7i5SDJWI\nSly1BybN5+t9ngrb4TNpUc4zVYCff5Dw5HyBieNQmkXyMgC3HGhiEw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFZm1mOFhETFNPYXRiNGNB\nbTdLMDNLUG9nS2xZdTNUUmJWWW5FbHcrRW5rCm9SMUU4MDlaYjlRS2daQU1idDA2\neXZHNnF5cTFvUXR3a2dIVGh2a3JZZW8KLS0tIGl0Q2tZVmg0NnJhdWhSc2xUT3VO\nV1dyMzhHZ3NHUmliZ0xPY0hRUzJhaXMKKzu26ao/Mc4A8QQfMgsWfFe3fLzWdO2L\n5n0GAChocmVR4GHllrwDwXZ9YjKPZbGny+B/V3BdNL0MdAZVwdz5Hw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-10-01T11:35:08Z", - "mac": "ENC[AES256_GCM,data:a9FM0xoQMhqPiPoDy0D9sKbXGt9JLYDL27GCZj9fBRkiDaQAK5k6HoL+RM2BRcmCkoMqZfZ43XPEbBkpnyw+ta6LJcrBAJEammq57WpnmOH9Y8b4s9sBL8gHPwmJWnI4Su2pn7x3Ut1Zx2V/V9ZjI/wfkgT+TAgUWZCz7D48KZ0=,iv:emJRpHTiITig/QHX+tE8KRBj+gTOBd9eP1+PswD3Ff8=,tag:QRIt09w5EvtMNyMjfh8rEw==,type:str]", + "lastmodified": "2025-10-01T11:37:19Z", + "mac": "ENC[AES256_GCM,data:lw2Hc0N63uIcUImTLmVYV8iTXwbqL5NDf86edBwb71XjuXKYeGzKWQu/PgU9YSByw026egzT3oT7HBk90Z5aiVBzCy2ih6QoZsXkeWCpx2PrLUP1BeTMR/3P9GZnm+d/D24Hc4fJ4mpvy8vTNkjQEYjfLHbrSsqBabeugz5Gvi0=,iv:cUVPNTD46mRgWaU7ukUvj6wuZHOVvd2VjYo/eqJqBPc=,tag:zjlEN6q5j8895tkBTB4JvA==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } From 1a42b79c8132f4e352d9e80a7d4ab31791d057a6 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 14:21:25 +0200 Subject: [PATCH 176/376] setup radicle node again --- machines/crocus/configuration.nix | 2 +- machines/crocus/radicle.nix | 27 +++++++++++++------ .../radicle/id_ed25519.pub/machines/crocus | 1 - .../crocus/radicle/id_ed25519.pub/secret | 19 ------------- .../crocus/radicle/id_ed25519.pub/users/rpqt | 1 - 5 files changed, 20 insertions(+), 30 deletions(-) delete mode 120000 vars/per-machine/crocus/radicle/id_ed25519.pub/machines/crocus delete mode 100644 vars/per-machine/crocus/radicle/id_ed25519.pub/secret delete mode 120000 vars/per-machine/crocus/radicle/id_ed25519.pub/users/rpqt diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix index 67f1a73..f0bed86 100644 --- a/machines/crocus/configuration.nix +++ b/machines/crocus/configuration.nix @@ -4,7 +4,7 @@ }: { imports = [ - # ./radicle.nix + ./radicle.nix ../../system/core ../../system/nix ../../modules/remote-builder.nix diff --git a/machines/crocus/radicle.nix b/machines/crocus/radicle.nix index d6e3816..d7692c4 100644 --- a/machines/crocus/radicle.nix +++ b/machines/crocus/radicle.nix @@ -1,9 +1,13 @@ -{ config, keys, ... }: +{ + config, + pkgs, + ... +}: { services.radicle = { enable = true; - privateKeyFile = config.clan.core.vars.generators.radicle.files.radicle-private-key.path; - publicKey = keys.services.radicle; + privateKeyFile = config.clan.core.vars.generators.radicle.files."id_ed25519".path; + publicKey = config.clan.core.vars.generators.radicle.files."id_ed25519.pub".value; node = { openFirewall = true; }; @@ -15,13 +19,20 @@ forceSSL = true; }; }; + settings = { + web.avatarUrl = "https://rpqt.fr/favicon.svg"; + description = "rpqt's radicle node"; + }; }; clan.core.vars.generators.radicle = { - prompts.radicle-private-key = { - description = "radicle node private key"; - type = "hidden"; - persist = true; - }; + files."id_ed25519".secret = true; + files."id_ed25519.pub".secret = false; + runtimeInputs = [ pkgs.openssh ]; + script = '' + ssh-keygen -t ed25519 -f "$out"/id_ed25519 -N "" -C "radicle" + ''; }; + + clan.core.state.radicle.folders = [ "/var/lib/radicle" ]; } diff --git a/vars/per-machine/crocus/radicle/id_ed25519.pub/machines/crocus b/vars/per-machine/crocus/radicle/id_ed25519.pub/machines/crocus deleted file mode 120000 index efe6fd0..0000000 --- a/vars/per-machine/crocus/radicle/id_ed25519.pub/machines/crocus +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/crocus \ No newline at end of file diff --git a/vars/per-machine/crocus/radicle/id_ed25519.pub/secret b/vars/per-machine/crocus/radicle/id_ed25519.pub/secret deleted file mode 100644 index 47fc525..0000000 --- a/vars/per-machine/crocus/radicle/id_ed25519.pub/secret +++ /dev/null @@ -1,19 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:vuMn3T+3/BdO3pgArEzzul28SyX29I9K8nwpLXsaH3qijdB/vJDPRQQb46fKhXwnIiacTnPBMwF+65PTaOxc+J7MpadZxYVD4SOQIKfXf9nyii1O2yiEcBEXBCOl,iv:JsLd4hBmkKViCBMcoaR9KJB4U9EemhU7frydMciJIIY=,tag:aEKpuLyZYP1R+NtjKVsHeQ==,type:str]", - "sops": { - "age": [ - { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSFo5bEk3NUtaOXpEVDNa\nOXUwZXhNYjYxZE15L3V6NTlyNDdsMnp6TURVCmxid2VuaWQ5ZTNZYUVkc2krR0lU\nRXRGU2JsNXNsd0xEeWRtZEtOR1RsUkkKLS0tIG9ZaGZRVWlXN2w3ZCsycGdoaWVs\nU1FGSldZa2tZOTlFWlFlNkxVQ2xqK3cKnA6CnGuil7WR3+e6k1/JblzPE8lxKR55\nDev4Ina9YAEAdP1C5g7at3CvhrARzfjHXfY193MWmm2NOG8NUfkcwQ==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxUGd2dHVXOHVPNXlGK1Na\nem40RUs2N1Q5clJIOHpsQ2dIYThKZ2hXb1NRCk51bjZTSWkvdWQyYzl4MDNNOE9N\nVUhqbzdvUUVBRTRrYXVBVDF6SEJRMW8KLS0tIFpxWCt6bTJQSlUzRWFjUXFWNFpk\nWjJaVlhuYllJZlZQRWVObXJnVjNPbmcKQD5NG7MaKlumfKOLgc6vzBWr9lFVGNLo\nWbvtwL7Y3LPRzQoFfed+VE0NGFI/EexBT5EN5vJwPNsGD3RQFjwjcQ==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2025-10-01T11:35:08Z", - "mac": "ENC[AES256_GCM,data:iYlQAmtfRn9dT9gN5QksoAXyg5k7aWc4KO3nsgRpogF/63n+0RAzqGz4O+Hr9RgiIzVo1ThUMIaVaPCTKYvUJ0BH2RZI3MmWV8BNG8FedFaO/fK7zGjuxoFaUC0LOUPX03QcZDYanbDulZ1NL+w1NxZZuCEZ1g6uVH3YewaxBuc=,iv:vvTQ/Wm4xtfaH7Oy6qGANp9YWVHgvRAuVZPfzcxU/dY=,tag:/HBo14UIp9YtyLv1vGu8vw==,type:str]", - "unencrypted_suffix": "_unencrypted", - "version": "3.10.2" - } -} diff --git a/vars/per-machine/crocus/radicle/id_ed25519.pub/users/rpqt b/vars/per-machine/crocus/radicle/id_ed25519.pub/users/rpqt deleted file mode 120000 index c6af5c7..0000000 --- a/vars/per-machine/crocus/radicle/id_ed25519.pub/users/rpqt +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/rpqt \ No newline at end of file From 6d3c8a92c41af154b8645b4a85958986ff0b0303 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 14:21:25 +0200 Subject: [PATCH 177/376] add buildbot --- clanServices/buildbot/default.nix | 158 +++++++++++++++++++++++++ clanServices/buildbot/flake-module.nix | 4 + clanServices/flake-module.nix | 1 + flake.lock | 95 ++++++++++++++- flake.nix | 3 + infra/templates/turifer.dev.zone | 2 + machines/flake-module.nix | 29 +++++ machines/genepi/glance-config.nix | 5 + 8 files changed, 295 insertions(+), 2 deletions(-) create mode 100644 clanServices/buildbot/default.nix create mode 100644 clanServices/buildbot/flake-module.nix diff --git a/clanServices/buildbot/default.nix b/clanServices/buildbot/default.nix new file mode 100644 index 0000000..9ccab43 --- /dev/null +++ b/clanServices/buildbot/default.nix @@ -0,0 +1,158 @@ +{ self, ... }: +{ lib, ... }: +{ + _class = "clan.service"; + manifest.name = "buildbot"; + + roles.master = { + interface.options = { + domain = lib.mkOption { + type = lib.types.str; + description = "Domain name under which the buildbot frontend is reachable"; + example = "https://buildbot.example.com"; + }; + admins = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "List of usernames allowed to authenticate to the buildbot frontend"; + example = [ "Mic92" ]; + }; + topic = lib.mkOption { + type = lib.types.str; + description = "Name of the topic attached to repositories that should be built"; + example = "buildbot-nix"; + }; + gitea.instanceUrl = lib.mkOption { + type = lib.types.str; + description = "URL of the Gitea instance"; + example = "https://git.example.com"; + }; + }; + + perInstance = + { + settings, + roles, + ... + }: + { + nixosModule = + { + config, + lib, + pkgs, + ... + }: + { + imports = [ + self.inputs.buildbot-nix.nixosModules.buildbot-master + ]; + + services.buildbot-nix.master = { + enable = true; + workersFile = config.clan.core.vars.generators.buildbot.files.workers-file.path; + inherit (settings) domain admins; + + authBackend = "gitea"; + gitea = { + enable = true; + inherit (settings.gitea) instanceUrl; + inherit (settings) topic; + + tokenFile = config.clan.core.vars.generators.buildbot.files.api-token.path; + webhookSecretFile = config.clan.core.vars.generators.buildbot.files.webhook-secret.path; + + oauthId = config.clan.core.vars.generators.buildbot.files.oauth-id.value; + oauthSecretFile = config.clan.core.vars.generators.buildbot.files.oauth-secret.path; + }; + }; + + clan.core.vars.generators.buildbot = { + prompts.api-token = { + description = "gitea API token"; + type = "hidden"; + persist = true; + }; + prompts.webhook-secret = { + description = "gitea webhook secret"; + type = "hidden"; + persist = true; + }; + prompts.oauth-id = { + description = "oauth client id"; + persist = true; + }; + files.oauth-id.secret = false; + prompts.oauth-secret = { + description = "oauth secret"; + type = "hidden"; + persist = true; + }; + + dependencies = [ "buildbot-worker" ]; + files.workers-file.secret = true; + runtimeInputs = [ pkgs.python3 ]; + script = '' + python3 - << EOF + import os + import json + + password_path = os.path.join(os.environ.get("in"), "buildbot-worker/worker-password") + password = open(password_path).read().strip() + + workers = [ + { + "name": "${config.networking.hostName}", + "pass": password, + "cores": 4, + }, + ]; + + workers_file_path = os.path.join(os.environ.get("out"), "workers-file") + with open(workers_file_path, "w") as workers_file: + workers_file.write(json.dumps(workers)) + + EOF + ''; + }; + }; + }; + }; + + roles.worker = { + perInstance = + { + settings, + roles, + ... + }: + { + nixosModule = + { + config, + lib, + pkgs, + ... + }: + { + imports = [ + self.inputs.buildbot-nix.nixosModules.buildbot-worker + ]; + + services.buildbot-nix.worker = { + enable = true; + workerPasswordFile = config.clan.core.vars.generators.buildbot-worker.files.worker-password.path; + }; + + clan.core.vars.generators.buildbot-worker = { + files.worker-password = { }; + runtimeInputs = [ + pkgs.openssl + ]; + script = '' + openssl rand -hex 32 > "$out"/worker-password + ''; + }; + }; + }; + }; +} diff --git a/clanServices/buildbot/flake-module.nix b/clanServices/buildbot/flake-module.nix new file mode 100644 index 0000000..867a703 --- /dev/null +++ b/clanServices/buildbot/flake-module.nix @@ -0,0 +1,4 @@ +{ self, lib, ... }: +{ + clan.modules."@rpqt/buildbot" = lib.modules.importApply ./default.nix { inherit self; }; +} diff --git a/clanServices/flake-module.nix b/clanServices/flake-module.nix index 64844d9..34805a6 100644 --- a/clanServices/flake-module.nix +++ b/clanServices/flake-module.nix @@ -1,5 +1,6 @@ { imports = [ + ./buildbot/flake-module.nix ./prometheus/flake-module.nix ]; } diff --git a/flake.lock b/flake.lock index 99c23bb..793678a 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,28 @@ { "nodes": { + "buildbot-nix": { + "inputs": { + "flake-parts": "flake-parts", + "hercules-ci-effects": "hercules-ci-effects", + "nixpkgs": [ + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1758897213, + "narHash": "sha256-pLZgNsmCMhTWd8aRuGkK23ik5nclpIn1flnURKH6QjI=", + "owner": "nix-community", + "repo": "buildbot-nix", + "rev": "985d069a2a45cf4a571a4346107671adc2bd2a16", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "buildbot-nix", + "type": "github" + } + }, "clan-core": { "inputs": { "data-mesher": "data-mesher", @@ -15,7 +38,7 @@ ], "sops-nix": "sops-nix", "systems": "systems", - "treefmt-nix": "treefmt-nix" + "treefmt-nix": "treefmt-nix_2" }, "locked": { "lastModified": 1757595727, @@ -100,6 +123,27 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "buildbot-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "4524271976b625a4a605beefd893f270620fd751", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "nixpkgs" @@ -137,6 +181,31 @@ "type": "github" } }, + "hercules-ci-effects": { + "inputs": { + "flake-parts": [ + "buildbot-nix", + "flake-parts" + ], + "nixpkgs": [ + "buildbot-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758022363, + "narHash": "sha256-ENUhCRWgSX4ni751HieNuQoq06dJvApV/Nm89kh+/A0=", + "owner": "hercules-ci", + "repo": "hercules-ci-effects", + "rev": "1a3667d33e247ad35ca250698d63f49a5453d824", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "hercules-ci-effects", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -384,9 +453,10 @@ }, "root": { "inputs": { + "buildbot-nix": "buildbot-nix", "clan-core": "clan-core", "disko": "disko_2", - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "home-manager": "home-manager", "ignis": "ignis", "impermanence": "impermanence", @@ -485,6 +555,27 @@ } }, "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "buildbot-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758728421, + "narHash": "sha256-ySNJ008muQAds2JemiyrWYbwbG+V7S5wg3ZVKGHSFu8=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "5eda4ee8121f97b218f7cc73f5172098d458f1d1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_2": { "inputs": { "nixpkgs": [ "clan-core", diff --git a/flake.nix b/flake.nix index 7a63b86..34ad27d 100644 --- a/flake.nix +++ b/flake.nix @@ -86,6 +86,9 @@ srvos.inputs.nixpkgs.follows = "nixpkgs"; vicinae.url = "github:vicinaehq/vicinae"; + + buildbot-nix.url = "github:nix-community/buildbot-nix"; + buildbot-nix.inputs.nixpkgs.follows = "nixpkgs"; }; nixConfig = { diff --git a/infra/templates/turifer.dev.zone b/infra/templates/turifer.dev.zone index 4a087d6..1dd4622 100644 --- a/infra/templates/turifer.dev.zone +++ b/infra/templates/turifer.dev.zone @@ -21,6 +21,8 @@ git.turifer.dev. 10800 IN A ${crocus_ipv4_address} git.turifer.dev. 10800 IN AAAA ${crocus_ipv6_address} %{ for addr in verbena_ipv4_addresses ~} +buildbot.turifer.dev. 10800 IN A ${addr} %{ endfor ~} %{ for addr in verbena_ipv6_addresses ~} +buildbot.turifer.dev. 10800 IN AAAA ${addr} %{ endfor ~} diff --git a/machines/flake-module.nix b/machines/flake-module.nix index f7fa3ba..5882452 100644 --- a/machines/flake-module.nix +++ b/machines/flake-module.nix @@ -180,6 +180,35 @@ }; }; }; + + buildbot = { + module.input = "self"; + module.name = "@rpqt/buildbot"; + + roles.master.machines.verbena = { + settings = { + domain = "buildbot.turifer.dev"; + admins = [ "rpqt" ]; + topic = "buildbot-nix"; + gitea.instanceUrl = "https://git.turifer.dev"; + }; + }; + + roles.master.extraModules = [ + { + services.nginx.virtualHosts."buildbot.turifer.dev" = { + enableACME = true; + forceSSL = true; + }; + + security.acme.certs."buildbot.turifer.dev" = { + email = "admin@turifer.dev"; + }; + } + ]; + + roles.worker.machines.verbena = { }; + }; }; }; } diff --git a/machines/genepi/glance-config.nix b/machines/genepi/glance-config.nix index f333fd7..3016681 100644 --- a/machines/genepi/glance-config.nix +++ b/machines/genepi/glance-config.nix @@ -84,6 +84,11 @@ url = "https://cloud.home.rpqt.fr"; icon = "sh:nextcloud"; } + { + title = "Buildbot"; + url = "https://buildbot.turifer.dev"; + icon = "https://www.buildbot.net/img/full_logo.svg"; + } ]; } { From 570049a0493cee114ceec85a47e109664344ebd8 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 14:21:25 +0200 Subject: [PATCH 178/376] add radicle to glance --- machines/genepi/glance-config.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/machines/genepi/glance-config.nix b/machines/genepi/glance-config.nix index 3016681..bc8f76c 100644 --- a/machines/genepi/glance-config.nix +++ b/machines/genepi/glance-config.nix @@ -89,6 +89,11 @@ url = "https://buildbot.turifer.dev"; icon = "https://www.buildbot.net/img/full_logo.svg"; } + { + title = "Radicle"; + url = "https://app.radicle.xyz/nodes/radicle.rpqt.fr"; + icon = "sh:radicle"; + } ]; } { From f65febc49ec53c79db06a2f2daa27e6fdb7a10c2 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 14:21:25 +0200 Subject: [PATCH 179/376] fix buildbot icon in glance --- machines/genepi/glance-config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/genepi/glance-config.nix b/machines/genepi/glance-config.nix index bc8f76c..728c3c3 100644 --- a/machines/genepi/glance-config.nix +++ b/machines/genepi/glance-config.nix @@ -87,7 +87,7 @@ { title = "Buildbot"; url = "https://buildbot.turifer.dev"; - icon = "https://www.buildbot.net/img/full_logo.svg"; + icon = "https://buildbot.turifer.dev/icon.svg"; } { title = "Radicle"; From 4fefe6f2895d40b1363cc2db6d90fe19537728dd Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:32:27 +0200 Subject: [PATCH 180/376] Update var buildbot/webhook-secret for machine verbena --- .../per-machine/verbena/buildbot/webhook-secret/secret | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/vars/per-machine/verbena/buildbot/webhook-secret/secret b/vars/per-machine/verbena/buildbot/webhook-secret/secret index ae36d75..ee966de 100644 --- a/vars/per-machine/verbena/buildbot/webhook-secret/secret +++ b/vars/per-machine/verbena/buildbot/webhook-secret/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:kP+W,iv:YAQuZatcgV+QeUZ4s9lfl57u/GdMi03lRjPUe+goxQs=,tag:5OL2fdSRYjuPVpEW/5TLxw==,type:str]", + "data": "ENC[AES256_GCM,data:zT9TZJquGohxc7Q7PpV/H6Bq0BSW/QHTZAUivjP/pk9Pwva563GvDeZavMPk8j5bZEzfMnwaiUl3b9Drcd2fkQ==,iv:8kyv4A1VhS64uiar5I8AJg8ufrMNXvvQVd27UYywgHE=,tag:jNPOp6JT/AMkvueDKmpWrA==,type:str]", "sops": { "age": [ { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3aFM1T3VQT1plZnZUOWlX\naHJ5MnFJRU9qNW1hbjFVRzZrcTJ5SXdkekJ3CjFPYWpLZWd4R1V6eEJWVjNnMFFu\nVjVWM2pqOVlKWmpscFpoeUhrdVJIRUEKLS0tIExscldyY0JYWXVEN0VQOWpZZ3hY\nbHF3Y0RmZ0dseHJ5cU9yaFFSOUh5K0kKToZTdnUtkBa06Bz1EvYTrvSjTlQpL6DM\nRD+eY6fVjk0pYiaflTEsqShPi4G8uZSKzcXNH4Qz967S8WrCmAELvg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5VGZKNXExVVhQMlk3a3pn\nSS9xY3JIaUVIWG80QkhJTTBEdHF3WnJIMndVClhhR0RqcUJQK0tRU3dzWVJ3L3Zk\nckVwdGRrNGpwQVY2VDMrUEswZDNQSW8KLS0tIHhWYXlsVlpBbDY2WS9XNy82eWlX\nenFvUjE2KzkrdnNqM05ZS0UzVi9VRTgKjfzZcRJ3hX96Oo0kl0p8JD72xV5XJyuA\nqop6DWJ+/bA8yNrwckRZV/BXh/vQ9wkAkDDIIfqQDeb2e6CK89wDgA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmQkpRYXRFSFNGS0hQc3Ez\nMU9TOWI2ZHh3QkxzbWU1ekwwL3VnWjZoV1c0CkJqU3Nlam5JNFdsSHVtMDhxMTZj\nOGRpTkdKODlEeGJsZS9tNGwwSEpvd2sKLS0tIG1Ib1R2WWR2MFdabjBhNTRIWEN2\nNG1XOG9EZXVrdzlHd29JSC91Z0hIUEEK01EMDn2J18S/Huz7nqVGSk09bUIwr8BF\n1t0KVlXQFtW16GfntMzi8QZcWpVfxNAG6QtA1AVBoc7h4728ozf3Tw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGY1YrRmpPYW5aSzhib3Iv\nc0xoV3d2eHVaWkg1ODNTcm9xNCs2TWFwMUdVCitjakRlZUpLNDg0Z29LTkIxS2R4\nN1J3a0tmUi9wd1Nib1lSYVlETVF2RDAKLS0tIElhR2VYNVRDY2NZWGlFalE5eGcy\nRmNHZHIvOVVMbHNEbTg5Q2FhWEV0ZkUKtryV89esKCZNmCHe2pKkeIQOlJVqUWqa\nmAYXR/t9dVXQz3d5Owa3IQXDyebqGdMt9yJebvgbXbf33QnYtcn9UA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-09-30T20:24:05Z", - "mac": "ENC[AES256_GCM,data:Szytp8G3CfWCtuu5MfXkfDBRQFsHWqT/Ep/JM7mISOzqvnjlJH1nZ0LqnnodNCN4v4Vm2pXbFPhX0gmnPlEStvwZ74lNfjevZ9UFIqJi3S0Hk7Z6wzmOFsJ3b68ZLLrGXntM6VAL8dlhlnnb+ZeuzgVvVogr1bJD2oOmqEQd6/c=,iv:7LyDUSmt1IEAGqez7alBRVCoBnQ3tDEsZAKVXgqUesc=,tag:qsWv69qzFsEkphOGHufbWw==,type:str]", + "lastmodified": "2025-10-01T17:32:26Z", + "mac": "ENC[AES256_GCM,data:+pSRI6tBtON+7RQHS597E6c9Ov9gbv9X8xTNJf2/wqVvn1iUiUtNgfVAsRhz+TDYrSDukxbJUVBQGAFgzCXJRVibLehI/UqJdtHvN+T69foXfLp46nO5F6zkjh7ZldDzSS5rPlOz/dW/u5l/4Xq+ED9U2beWN94V7flygHxtxz8=,iv:MVFTsbDwe7vwzz39QIPjEJkRFaaNXmyEciF2wAz92sI=,tag:4a0Ef7yO6++44+vTI3nHWg==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } From eec721d549503ac2de8d10fa0f53a79b3dcc4e13 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 181/376] update flake inputs --- flake.lock | 94 +++++++++++++++++++++++++++--------------------------- 1 file changed, 47 insertions(+), 47 deletions(-) diff --git a/flake.lock b/flake.lock index 793678a..2f4cf46 100644 --- a/flake.lock +++ b/flake.lock @@ -41,11 +41,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1757595727, - "narHash": "sha256-1OTbl/Nafpek+5J/KLOfMCn8HVaTj/Z7DOm8O89sTmQ=", + "lastModified": 1759314525, + "narHash": "sha256-tzogFh0Y9uLco0ZdlKOcWi3MeYT4NuNrS2FJjaIlHIE=", "ref": "refs/heads/main", - "rev": "7d265a6156bf3679332436a982b8574c45f80a0d", - "revCount": 9936, + "rev": "8dc7256a4a896c87fb1e7b72381182e2314699f8", + "revCount": 10313, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -70,11 +70,11 @@ ] }, "locked": { - "lastModified": 1757300813, - "narHash": "sha256-JYQl+8nJYImg/inqotu9nEPcTXrRJixFN6sOfn6Tics=", - "rev": "b5f2157bcd26c73551374cd6e5b027b0119b2f3d", + "lastModified": 1759140052, + "narHash": "sha256-CpGdQRvgmBhEAlXNyrSfrDWcKoYYSGd+5Lw7mvlbt/A=", + "rev": "8332273e734aa906e7a1b2fda80e631f2dc9d4c9", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/b5f2157bcd26c73551374cd6e5b027b0119b2f3d.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/8332273e734aa906e7a1b2fda80e631f2dc9d4c9.tar.gz" }, "original": { "type": "tarball", @@ -89,11 +89,11 @@ ] }, "locked": { - "lastModified": 1757508292, - "narHash": "sha256-7lVWL5bC6xBIMWWDal41LlGAG+9u2zUorqo3QCUL4p4=", + "lastModified": 1758287904, + "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=", "owner": "nix-community", "repo": "disko", - "rev": "146f45bee02b8bd88812cfce6ffc0f933788875a", + "rev": "67ff9807dd148e704baadbd4fd783b54282ca627", "type": "github" }, "original": { @@ -109,11 +109,11 @@ ] }, "locked": { - "lastModified": 1757508292, - "narHash": "sha256-7lVWL5bC6xBIMWWDal41LlGAG+9u2zUorqo3QCUL4p4=", + "lastModified": 1758287904, + "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=", "owner": "nix-community", "repo": "disko", - "rev": "146f45bee02b8bd88812cfce6ffc0f933788875a", + "rev": "67ff9807dd148e704baadbd4fd783b54282ca627", "type": "github" }, "original": { @@ -213,11 +213,11 @@ ] }, "locked": { - "lastModified": 1757598712, - "narHash": "sha256-5PWVrdMp8u31Q247jqnJcwxKg3MJrs1TadTyTBRVBDY=", + "lastModified": 1759261733, + "narHash": "sha256-G104PUPKBgJmcu4NWs0LUaPpSOTD4jiq4mamLWu3Oc0=", "owner": "nix-community", "repo": "home-manager", - "rev": "6d7c11a0adee0db21e3a8ef90ae07bb89bc20b8f", + "rev": "5a21f4819ee1be645f46d6b255d49f4271ef6723", "type": "github" }, "original": { @@ -234,11 +234,11 @@ ] }, "locked": { - "lastModified": 1757521698, - "narHash": "sha256-W3D0h3Xk/eKHF7E2iMecStIQjYPCskiQWKWskjx6vfo=", + "lastModified": 1758101718, + "narHash": "sha256-qxY1q6ppBK5zWueAWVibiQLXUKbmot3/Zlb+J6q7RS0=", "owner": "ignis-sh", "repo": "ignis", - "rev": "7ee293b22253ba2b075c1fc95afcde2a1cc76c03", + "rev": "57017f8fbde4c4c67bdd4fa69c72589358882928", "type": "github" }, "original": { @@ -291,11 +291,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1757356768, - "narHash": "sha256-9D9e+1BVrMgaY3PkNrYWrIrqlv/eJoH1pKN1ErWpbV0=", + "lastModified": 1758832531, + "narHash": "sha256-VRF03GOVi8xjY31OiLj9A5If9fRQ4V52jd3a1pM+RtM=", "owner": "InioX", "repo": "Matugen", - "rev": "8ea119098899af312a7daf5d4040f47122376eb3", + "rev": "1e72330c4a457d7939c894f4934d334b5b9c4380", "type": "github" }, "original": { @@ -312,11 +312,11 @@ ] }, "locked": { - "lastModified": 1757430124, - "narHash": "sha256-MhDltfXesGH8VkGv3hmJ1QEKl1ChTIj9wmGAFfWj/Wk=", + "lastModified": 1758805352, + "narHash": "sha256-BHdc43Lkayd+72W/NXRKHzX5AZ+28F3xaUs3a88/Uew=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "830b3f0b50045cf0bcfd4dab65fad05bf882e196", + "rev": "c48e963a5558eb1c3827d59d21c5193622a1477c", "type": "github" }, "original": { @@ -389,11 +389,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1757103352, - "narHash": "sha256-PtT7ix43ss8PONJ1VJw3f6t2yAoGH+q462Sn8lrmWmk=", + "lastModified": 1759261527, + "narHash": "sha256-wPd5oGvBBpUEzMF0kWnXge0WITNsITx/aGI9qLHgJ4g=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "11b2a10c7be726321bb854403fdeec391e798bf0", + "rev": "e087756cf4abbe1a34f3544c480fc1034d68742f", "type": "github" }, "original": { @@ -421,11 +421,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1757487488, - "narHash": "sha256-zwE/e7CuPJUWKdvvTCB7iunV4E/+G0lKfv4kk/5Izdg=", + "lastModified": 1759036355, + "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ab0f3607a6c7486ea22229b92ed2d355f1482ee0", + "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127", "type": "github" }, "original": { @@ -437,11 +437,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1758277210, - "narHash": "sha256-iCGWf/LTy+aY0zFu8q12lK8KuZp7yvdhStehhyX1v8w=", + "lastModified": 1759036355, + "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8eaee110344796db060382e15d3af0a9fc396e0e", + "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127", "type": "github" }, "original": { @@ -476,11 +476,11 @@ ] }, "locked": { - "lastModified": 1757449901, - "narHash": "sha256-qwN8nYdSRnmmyyi+uR6m4gXnVktmy5smG1MOrSFD8PI=", + "lastModified": 1759188042, + "narHash": "sha256-f9QC2KKiNReZDG2yyKAtDZh0rSK2Xp1wkPzKbHeQVRU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3b4a369df9dd6ee171a7ea4448b50e2528faf850", + "rev": "9fcfabe085281dd793589bdc770a2e577a3caa5d", "type": "github" }, "original": { @@ -496,11 +496,11 @@ ] }, "locked": { - "lastModified": 1757552363, - "narHash": "sha256-4dtGagSfwMabRi59g7E8T6FcdghNizLbR4PwU1g8lDI=", + "lastModified": 1759107752, + "narHash": "sha256-VEdL1J4rk+Z/5wHhLSsvj5QmXWKHHDeN1P8YLGLa1RM=", "owner": "nix-community", "repo": "srvos", - "rev": "ec58f16bdb57cf3a17bba79f687945dca1703c64", + "rev": "97708379b1f3b64224632eb49a56e45fe6995e6f", "type": "github" }, "original": { @@ -583,11 +583,11 @@ ] }, "locked": { - "lastModified": 1756662192, - "narHash": "sha256-F1oFfV51AE259I85av+MAia221XwMHCOtZCMcZLK2Jk=", + "lastModified": 1758728421, + "narHash": "sha256-ySNJ008muQAds2JemiyrWYbwbG+V7S5wg3ZVKGHSFu8=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "1aabc6c05ccbcbf4a635fb7a90400e44282f61c4", + "rev": "5eda4ee8121f97b218f7cc73f5172098d458f1d1", "type": "github" }, "original": { @@ -602,11 +602,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1758455522, - "narHash": "sha256-PyrIsyrzbJ00VDdJDpvooWODaPYwDIq9FAY5JedfMmk=", + "lastModified": 1759316433, + "narHash": "sha256-C9cC9nJdvoaPhvNkhRxmv/hti+AehHJh1XYjSElZtlk=", "owner": "vicinaehq", "repo": "vicinae", - "rev": "8feb424701967065545f3936748807edf406fdd5", + "rev": "273b49bf6b74b993a001227419f40b91b6a9909e", "type": "github" }, "original": { From 86c53bea372d49bc25b3ece9c5d33e74d8f18987 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 182/376] add desktop module --- machines/haze/configuration.nix | 6 ++---- machines/haze/firefox.nix | 7 ------- machines/haze/hyprland.nix | 3 --- machines/haze/thunderbird.nix | 3 --- machines/haze/video.nix | 4 ---- modules/desktop.nix | 14 ++++++++++++++ modules/flake-module.nix | 4 ++++ 7 files changed, 20 insertions(+), 21 deletions(-) delete mode 100644 machines/haze/firefox.nix delete mode 100644 machines/haze/hyprland.nix delete mode 100644 machines/haze/thunderbird.nix delete mode 100644 machines/haze/video.nix create mode 100644 modules/desktop.nix diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index 0d4c679..f722e53 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -6,20 +6,18 @@ imports = [ ./boot.nix ./chat.nix - ./firefox.nix ./gimp.nix ./gnome.nix ./hibernate.nix - ./hyprland.nix ./niri.nix ./ssh.nix ./steam.nix - ./thunderbird.nix ./network.nix ./syncthing.nix - ./video.nix ../../system + self.nixosModules.desktop + self.inputs.home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; diff --git a/machines/haze/firefox.nix b/machines/haze/firefox.nix deleted file mode 100644 index 32391e8..0000000 --- a/machines/haze/firefox.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ pkgs, ... }: -{ - programs.firefox = { - enable = true; - nativeMessagingHosts.packages = [ pkgs.passff-host ]; - }; -} diff --git a/machines/haze/hyprland.nix b/machines/haze/hyprland.nix deleted file mode 100644 index 98dfe35..0000000 --- a/machines/haze/hyprland.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - programs.hyprland.enable = true; -} diff --git a/machines/haze/thunderbird.nix b/machines/haze/thunderbird.nix deleted file mode 100644 index c856732..0000000 --- a/machines/haze/thunderbird.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - programs.thunderbird.enable = true; -} diff --git a/machines/haze/video.nix b/machines/haze/video.nix deleted file mode 100644 index fd045fb..0000000 --- a/machines/haze/video.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ pkgs, ... }: -{ - environment.systemPackages = with pkgs; [ mpv ]; -} diff --git a/modules/desktop.nix b/modules/desktop.nix new file mode 100644 index 0000000..04d56c1 --- /dev/null +++ b/modules/desktop.nix @@ -0,0 +1,14 @@ +{ self, pkgs, ... }: +{ + environment.systemPackages = [ + pkgs.mpv # video player + pkgs.amberol # music player + ]; + + programs.firefox = { + enable = true; + nativeMessagingHosts.packages = [ pkgs.passff-host ]; + }; + + programs.thunderbird.enable = true; +} diff --git a/modules/flake-module.nix b/modules/flake-module.nix index 56fad3f..781a291 100644 --- a/modules/flake-module.nix +++ b/modules/flake-module.nix @@ -3,5 +3,9 @@ gitea.imports = [ ./gitea.nix ]; + + desktop.imports = [ + ./desktop.nix + ]; }; } From a1f4e9009868d44057ebef0f374fcbdafb03a9d0 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 183/376] add jj per-directory identity --- home/.config/jj/config.toml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/home/.config/jj/config.toml b/home/.config/jj/config.toml index 69f9901..d5b9300 100644 --- a/home/.config/jj/config.toml +++ b/home/.config/jj/config.toml @@ -11,3 +11,13 @@ email = "rpqt@rpqt.fr" [aliases] s = ["status", "--no-pager"] + +[[--scope]] +--when.repositories = ["~/agh"] +[--scope.user] +email = "romain@student.agh.edu.pl" + +[[--scope]] +--when.repositories = ["~/imag"] +[--scope.user] +email = "romain.paquet@grenoble-inp.org" From ccea34e7e7ce9fb2d5e65b59db04a8472faf44b6 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 184/376] add jj stupid tricks --- home/.config/jj/config.toml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/home/.config/jj/config.toml b/home/.config/jj/config.toml index d5b9300..7502fe8 100644 --- a/home/.config/jj/config.toml +++ b/home/.config/jj/config.toml @@ -9,8 +9,12 @@ diff-editor = ":builtin" name = "Romain Paquet" email = "rpqt@rpqt.fr" +[revset-aliases] +'closest_pushable(to)' = 'heads(::to & mutable() & ~description(exact:"") & (~empty() | merges()))' + [aliases] s = ["status", "--no-pager"] +tug = ["bookmark", "move", "--from", "heads(::@ & bookmarks())", "--to", "closest_pushable(@)"] [[--scope]] --when.repositories = ["~/agh"] @@ -21,3 +25,27 @@ email = "romain@student.agh.edu.pl" --when.repositories = ["~/imag"] [--scope.user] email = "romain.paquet@grenoble-inp.org" + +# After this line everything is taken from https://andre.arko.net/2025/09/28/stupid-jj-tricks + +[templates] +draft_commit_description = ''' + concat( + coalesce(description, default_commit_description, "\n"), + surround( + "\nJJ: This commit contains the following changes:\n", "", + indent("JJ: ", diff.stat(72)), + ), + "\nJJ: ignore-rest\n", + diff.git(), + ) +''' +log_node = ''' +if(self && !current_working_copy && !immutable && !conflict && in_branch(self), + "◇", + builtin_log_node +) +''' + +[template-aliases] +"in_branch(commit)" = 'commit.contained_in("immutable_heads()..bookmarks()")' From b9cf7688023af6c1bb4be44556420a89ce6e9028 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 185/376] disable pager in default jj command --- home/.config/jj/config.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/.config/jj/config.toml b/home/.config/jj/config.toml index 7502fe8..87ccbbc 100644 --- a/home/.config/jj/config.toml +++ b/home/.config/jj/config.toml @@ -1,7 +1,7 @@ "$schema" = "https://jj-vcs.github.io/jj/latest/config-schema.json" [ui] -default-command = "log" +default-command = ["log", "--no-pager"] diff-formatter = ["difft", "--color=always", "$left", "$right"] diff-editor = ":builtin" From 69f948a677777941c6e596f5934909ef1c0389fc Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 186/376] remove home-manager from genepi --- machines/genepi/configuration.nix | 6 ------ machines/genepi/home.nix | 32 ------------------------------- 2 files changed, 38 deletions(-) delete mode 100644 machines/genepi/home.nix diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index ef41021..d991012 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -26,12 +26,6 @@ ../../system/core ../../system/nix - self.inputs.home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.rpqt = ./home.nix; - } ]; networking.hostName = "genepi"; diff --git a/machines/genepi/home.nix b/machines/genepi/home.nix deleted file mode 100644 index 9662907..0000000 --- a/machines/genepi/home.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -{ - home.username = "rpqt"; - home.homeDirectory = lib.mkForce "/home/rpqt"; - - home.packages = [ - pkgs.helix - pkgs.ripgrep - pkgs.eza - ]; - - programs.zsh.enable = true; - programs.starship.enable = true; - programs.atuin.enable = true; - - # This value determines the Home Manager release that your configuration is - # compatible with. This helps avoid breakage when a new Home Manager release - # introduces backwards incompatible changes. - # - # You should not change this value, even if you update Home Manager. If you do - # want to update the value, then make sure to first check the Home Manager - # release notes. - home.stateVersion = "24.11"; - - # Let Home Manager install and manage itself - programs.home-manager.enable = true; -} From 48c5929dfd5ce028a729e11bcca2f7f6f1626e00 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 187/376] restructure home-manager modules --- home-manager/chat.nix | 11 ++++++++++- home-manager/cli.nix | 11 ++++++++++- home-manager/desktop/ignis.nix | 8 +++++++- home-manager/desktop/niri.nix | 3 ++- home-manager/desktop/sway.nix | 11 ++++++++++- home-manager/dev.nix | 13 ++++++++++++- home-manager/flake-module.nix | 5 +++++ home-manager/helix.nix | 12 ++++++++++-- machines/haze/configuration.nix | 6 +++++- machines/haze/home.nix | 2 -- 10 files changed, 71 insertions(+), 11 deletions(-) create mode 100644 home-manager/flake-module.nix diff --git a/home-manager/chat.nix b/home-manager/chat.nix index 25fcf22..0b9cd4a 100644 --- a/home-manager/chat.nix +++ b/home-manager/chat.nix @@ -1,5 +1,14 @@ -{ config, pkgs, ... }: { + self, + config, + pkgs, + ... +}: +{ + imports = [ + self.homeManagerModules.dotfiles + ]; + home.packages = with pkgs; [ senpai ]; xdg.configFile."senpai".source = "${config.dotfiles.path}/.config/senpai"; diff --git a/home-manager/cli.nix b/home-manager/cli.nix index 4c69be3..a6501be 100644 --- a/home-manager/cli.nix +++ b/home-manager/cli.nix @@ -1,5 +1,14 @@ -{ config, pkgs, ... }: { + self, + config, + pkgs, + ... +}: +{ + imports = [ + self.homeManagerModules.dotfiles + ]; + home.packages = with pkgs; [ bottom btop diff --git a/home-manager/desktop/ignis.nix b/home-manager/desktop/ignis.nix index bd5bbd6..f81ebb6 100644 --- a/home-manager/desktop/ignis.nix +++ b/home-manager/desktop/ignis.nix @@ -1,6 +1,12 @@ -{ config, inputs, ... }: +{ + self, + config, + inputs, + ... +}: { imports = [ + self.homeManagerModules.dotfiles inputs.ignis.homeManagerModules.default ]; diff --git a/home-manager/desktop/niri.nix b/home-manager/desktop/niri.nix index f841b0d..5f0001d 100644 --- a/home-manager/desktop/niri.nix +++ b/home-manager/desktop/niri.nix @@ -1,6 +1,7 @@ -{ config, ... }: +{ self, config, ... }: { imports = [ + self.homeManagerModules.dotfiles ./ignis.nix ]; diff --git a/home-manager/desktop/sway.nix b/home-manager/desktop/sway.nix index 7fb12ef..36ba075 100644 --- a/home-manager/desktop/sway.nix +++ b/home-manager/desktop/sway.nix @@ -1,5 +1,14 @@ -{ config, pkgs, ... }: { + self, + config, + pkgs, + ... +}: +{ + imports = [ + self.homeManagerModules.dotfiles + ]; + home.packages = with pkgs; [ alacritty ghostty diff --git a/home-manager/dev.nix b/home-manager/dev.nix index 79c3eba..3822de1 100644 --- a/home-manager/dev.nix +++ b/home-manager/dev.nix @@ -1,5 +1,16 @@ -{ config, pkgs, ... }: { + self, + config, + pkgs, + ... +}: +{ + imports = [ + ./cli.nix + ./helix.nix + self.homeManagerModules.dotfiles + ]; + home.packages = with pkgs; [ direnv hut diff --git a/home-manager/flake-module.nix b/home-manager/flake-module.nix new file mode 100644 index 0000000..4909227 --- /dev/null +++ b/home-manager/flake-module.nix @@ -0,0 +1,5 @@ +{ + flake.homeManagerModules = { + dotfiles.imports = [ ./dotfiles.nix ]; + }; +} diff --git a/home-manager/helix.nix b/home-manager/helix.nix index af7f411..03241f1 100644 --- a/home-manager/helix.nix +++ b/home-manager/helix.nix @@ -1,6 +1,14 @@ -{ config, pkgs, ... }: - { + self, + config, + pkgs, + ... +}: +{ + imports = [ + self.homeManagerModules.dotfiles + ]; + home.packages = [ pkgs.helix ]; programs.helix = { diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index f722e53..f68a00b 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -17,13 +17,17 @@ ../../system self.nixosModules.desktop + self.nixosModules.nix-defaults self.inputs.home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.users.rpqt = ./home.nix; - home-manager.extraSpecialArgs = { inherit (self) inputs; }; + home-manager.extraSpecialArgs = { + inherit (self) inputs; + inherit self; + }; } ]; diff --git a/machines/haze/home.nix b/machines/haze/home.nix index ac870ad..ebd05fb 100644 --- a/machines/haze/home.nix +++ b/machines/haze/home.nix @@ -1,11 +1,9 @@ { imports = [ ../../home-manager/chat.nix - ../../home-manager/cli.nix ../../home-manager/common.nix ../../home-manager/desktop ../../home-manager/dev.nix - ../../home-manager/dotfiles.nix ../../home-manager/helix.nix ../../home-manager/mail ../../home-manager/minecraft.nix From d1f810ee2d05f2670f608ad9ae769e25d75eb6ff Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 188/376] update READMEs --- README.md | 14 +++++++++----- machines/README.md | 1 + 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 769ab35..aa927d4 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,15 @@ # NixOS & Home Manager config +This repository contains all my system configurations, mostly deployed using Nix and [Clan]. + ## Structure -- **home**: Home Manager modules -- **hosts**: Host-specific configs +- **home**: Dotfiles +- **machines**: Host-specific configs - **infra**: Terraform/OpenTofu files -- **secrets**: Age-encrypted secrets shared between multiple hosts. - Host-specific secrets are stored in their own directories. -- **system**: Base NixOS modules shared among all hosts +- **vars**: Encrypted secrets managed by clan +- **modules**: NixOS modules +- **clanServices**: Custom [Clan Services](https://docs.clan.lol/reference/clanServices) ## Dotfiles @@ -16,3 +18,5 @@ ```sh dotbot -c ./dotbot/windows.yaml -d home ``` + +[Clan]: https//clan.lol diff --git a/machines/README.md b/machines/README.md index 996fa70..7290d44 100644 --- a/machines/README.md +++ b/machines/README.md @@ -3,3 +3,4 @@ - **crocus**: Hetzner Cloud x86_64 VPS - **genepi**: Raspberry Pi 4B - **haze**: ASUS VivoBook Laptop +- **verbena**: OVH Cloud x86_64 VPS From 4b26b8da52c552abb98daaf97a46b414e2c742f7 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 189/376] remove old agenix secrets --- secrets/freshrss.age | 7 ----- secrets/gandi.age | 7 ----- secrets/radicle-private-key.age | 8 ------ secrets/restic-genepi-storagebox-key.age | 8 ------ secrets/restic-genepi-storagebox-password.age | 7 ----- secrets/secrets.nix | 27 ------------------- 6 files changed, 64 deletions(-) delete mode 100644 secrets/freshrss.age delete mode 100644 secrets/gandi.age delete mode 100644 secrets/radicle-private-key.age delete mode 100644 secrets/restic-genepi-storagebox-key.age delete mode 100644 secrets/restic-genepi-storagebox-password.age delete mode 100644 secrets/secrets.nix diff --git a/secrets/freshrss.age b/secrets/freshrss.age deleted file mode 100644 index 9d9a4e2..0000000 --- a/secrets/freshrss.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 JzHbnw JQOFdZFRMy3CUajSKR2pbUXw06LEGJoUCilV3QrlhAg -nc9+a/wm+oTESW/f91UIBHyodXYpAwkp7iiBARsQqs8 --> ssh-ed25519 8TpKTA bSzgxGzN9/cdSlb1PH3fYDa2bRSJC0vE6z1i5Me6wR4 -OqQXlelajxJNZ5RC7ooBvoUc03g5RELGQSX8BwEm428 ---- 68+PLIpazLNfF1NVo9dMFBiUrEIinXhYUufOiF+5Ic0 -oBi=&oe.N`"r=:+nI}c9y \ No newline at end of file diff --git a/secrets/gandi.age b/secrets/gandi.age deleted file mode 100644 index b66b8d9..0000000 --- a/secrets/gandi.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 JzHbnw T31pRlZxX8+uEmZzer9n0L6zuNX0wk4dhqzJGUnJ5BY -wLPjZofbVL6ujdMz0DCnEa/6aPiQxxO6Lfwfdy4SS+k --> ssh-ed25519 8TpKTA IBv4smbKRnRjZ1dnOBTkX/rLO+viU8Bk4ztx4KFkw3I -Mcl0iIXi6C6tmTXeccnQfSv1QRWVaA4alGcus35b4TQ ---- hzcS/phyG9Q8F66INJJS4D4ODIpwH+jjPko7PmWBEcA -8B>@^Hdxbhkt3Yٗ6'9b] xUo>&K٧5!zm֙xQjz3oYIǟ[Vtv| \ No newline at end of file diff --git a/secrets/radicle-private-key.age b/secrets/radicle-private-key.age deleted file mode 100644 index 67e0469..0000000 --- a/secrets/radicle-private-key.age +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 M/D1Cg 46xqCE1Ww/tD7cNUsSaSPlTHEGO8vQ/hT0s+TmIhcD0 -uams+Aa41/b/wMLHMkE+o8bC936uXwT2O5d8e7rh+4g --> ssh-ed25519 8TpKTA 7f7eGTY9RyXLwNm2dul7m/yVrn+m1qrEFBRTmgDnwkc -D+iPN+UpI0bGWMyk7I+xR5BD3XwUBEGNXlxvVYqSWTU ---- uFUNzl1RgWLiO3/+LmAKVH3mwkRFNaXDouUR1ieETuc -v[3ӕ ջ@q6 簏D;syJV:P?h-&ω,g?UL(Y(9u̡ I3xz_u=f̈,]Z: -%y -`V1̨$~Qe9,mMiP$T])o[?rH 0E‹7N;.n8&1ؿ*!µmGrJrN>BeJz+f GV%P>s BBIľ-]?afz#\<%W1l/h;dl-҈XfcYa >};p,T<Rr>8iQr}RDuK"սJ >؛߲Mp5pMxbJʾI \ No newline at end of file diff --git a/secrets/restic-genepi-storagebox-key.age b/secrets/restic-genepi-storagebox-key.age deleted file mode 100644 index 01dd9a4..0000000 --- a/secrets/restic-genepi-storagebox-key.age +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 JzHbnw jcLmvaUel10bjSo1m+vL5929Ev6Qtq36d9avIxZ2uDg -MZ+R18igyow8lCI5qCH2Jl5tNy19KYdJEZkSimMsd24 --> ssh-ed25519 8TpKTA /RgGofvCDFINYdk6hHkfv48SZCocMWFvO3cznQVB3Bs -jJy65KCMIUEyb63cpdBD/MjCEq6Du7KoWBsMHCKZpok ---- yxtOdFqzs1OQIko6OIlZPofBckezYd5fJkbyM1wb6AU -:" !h"|Cy) sag?t؂Ja ԥ_!kTX.ˮ6cPC,Kгo)|Zl:I -ɄL5v \ No newline at end of file diff --git a/secrets/restic-genepi-storagebox-password.age b/secrets/restic-genepi-storagebox-password.age deleted file mode 100644 index bdd5443..0000000 --- a/secrets/restic-genepi-storagebox-password.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 JzHbnw aEdPsShqoC1O4YVmeRnuky+elRay3fAipvIDhgSP02Q -Gvh/ER7d6VaCXQ/cA2puOrhwz0PQDO7sNfi06X6yw5M --> ssh-ed25519 8TpKTA YKagwotojOY57tuvf+lkHh5+1M8NoV3slITN8X/1yD8 -fNf1DBeW5KJMjq1dzi6KR7SR+fw7aFA2CRemRwdE6/M ---- 5Gfha3Txw0O0a7v0AmJov3shlxihBp4EONcBFPU0NT8 -6Vkѕkp|U~\+f <(}qQߧ9 \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix deleted file mode 100644 index a97580a..0000000 --- a/secrets/secrets.nix +++ /dev/null @@ -1,27 +0,0 @@ -let - keys = import ../parts/keys.nix; - - keysForGenepi = [ - keys.hosts.genepi - keys.rpqt.haze - ]; - - keysForCrocus = [ - keys.hosts.crocus - keys.rpqt.haze - ]; -in -{ - "gandi.age".publicKeys = keysForGenepi; - - # Storagebox sub-account password - "restic-genepi-storagebox-password.age".publicKeys = keysForGenepi; - - # Restic repository key - "restic-genepi-storagebox-key.age".publicKeys = keysForGenepi; - - # Password of the default user - "freshrss.age".publicKeys = keysForGenepi; - - "radicle-private-key.age".publicKeys = keysForCrocus; -} From f2cf7d36de26a23d1db2a5ae369050e0977e95f5 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 190/376] remove "parts" directory and restructure modules --- machines/crocus/configuration.nix | 3 +- machines/flake-module.nix | 20 +++++++++++-- machines/genepi/builder.nix | 7 ++--- machines/genepi/configuration.nix | 4 +-- machines/haze/configuration.nix | 13 +++++++- machines/verbena/configuration.nix | 3 +- modules/flake-module.nix | 12 ++++++++ .../hardened-ssh-server.nix | 0 .../default.nix => modules/nix-defaults.nix | 15 +++++----- {system/network => modules}/tailscale.nix | 0 modules/user-rpqt.nix | 21 +++++++++++++ parts/default.nix | 3 -- parts/keys.nix | 15 ---------- system/core/default.nix | 19 ------------ system/core/users.nix | 30 ------------------- system/default.nix | 7 ----- system/network/default.nix | 6 ---- system/nix/nixpkgs.nix | 5 ---- system/nix/substituters.nix | 11 ------- 19 files changed, 77 insertions(+), 117 deletions(-) rename system/core/ssh-server.nix => modules/hardened-ssh-server.nix (100%) rename system/nix/default.nix => modules/nix-defaults.nix (53%) rename {system/network => modules}/tailscale.nix (100%) create mode 100644 modules/user-rpqt.nix delete mode 100644 parts/default.nix delete mode 100644 parts/keys.nix delete mode 100644 system/core/default.nix delete mode 100644 system/core/users.nix delete mode 100644 system/default.nix delete mode 100644 system/network/default.nix delete mode 100644 system/nix/nixpkgs.nix delete mode 100644 system/nix/substituters.nix diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix index f0bed86..1747b9f 100644 --- a/machines/crocus/configuration.nix +++ b/machines/crocus/configuration.nix @@ -5,8 +5,7 @@ { imports = [ ./radicle.nix - ../../system/core - ../../system/nix + self.nixosModules.nix-defaults ../../modules/remote-builder.nix ./nextcloud.nix ../../modules/unbound.nix diff --git a/machines/flake-module.nix b/machines/flake-module.nix index 5882452..60050b6 100644 --- a/machines/flake-module.nix +++ b/machines/flake-module.nix @@ -2,7 +2,6 @@ { clan = { meta.name = "blossom"; - inventory.machines = { crocus = { tags = [ @@ -37,7 +36,7 @@ roles.default.tags.server = { }; roles.default.machines.haze = { }; roles.default.settings.allowedKeys = { - rpqt_haze = (import ../parts).keys.rpqt.haze; + rpqt_haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze"; }; }; @@ -64,9 +63,12 @@ module.input = "clan-core"; module.name = "sshd"; roles.server.tags.all = { }; + roles.server.extraModules = [ + self.nixosModules.hardened-ssh-server + ]; }; - "rpqt-password-haze" = { + user-rpqt = { module.input = "clan-core"; module.name = "users"; roles.default.machines.haze = { @@ -74,6 +76,18 @@ user = "rpqt"; }; }; + roles.default.extraModules = [ + self.nixosModules.user-rpqt + ]; + }; + + common-config = { + module = { + input = "clan-core"; + name = "importer"; + }; + roles.default.tags.all = { }; + roles.default.extraModules = [ self.nixosModules.common ]; }; "garage" = { diff --git a/machines/genepi/builder.nix b/machines/genepi/builder.nix index 510a932..5e4a7e3 100644 --- a/machines/genepi/builder.nix +++ b/machines/genepi/builder.nix @@ -1,6 +1,3 @@ -let - keys = import ../../parts/keys.nix; -in { imports = [ ../../modules/remote-builder.nix @@ -8,6 +5,8 @@ in roles.remote-builder = { enable = true; - authorizedKeys = [ keys.hosts.haze ]; + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze" + ]; }; } diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index d991012..34b327d 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -23,9 +23,9 @@ ../../modules/lounge.nix ../../modules/unbound.nix ../../modules/unbound-auth.nix - ../../system/core - ../../system/nix + self.nixosModules.nix-defaults + self.nixosModules.user-rpqt ]; networking.hostName = "genepi"; diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index f68a00b..1a836a1 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -14,7 +14,6 @@ ./steam.nix ./network.nix ./syncthing.nix - ../../system self.nixosModules.desktop self.nixosModules.nix-defaults @@ -71,5 +70,17 @@ ''; }; + nixpkgs.config.allowUnfree = true; + + i18n.supportedLocales = [ + "en_US.UTF-8/UTF-8" + "fr_FR.UTF-8/UTF-8" + ]; + + security.sudo = { + enable = true; + wheelNeedsPassword = false; + }; + services.tailscale.useRoutingFeatures = "client"; } diff --git a/machines/verbena/configuration.nix b/machines/verbena/configuration.nix index 6e5056b..7b01303 100644 --- a/machines/verbena/configuration.nix +++ b/machines/verbena/configuration.nix @@ -1,8 +1,7 @@ { self, lib, ... }: { imports = [ - ../../system/core - ../../system/nix + self.nixosModules.nix-defaults ../../modules/unbound.nix ../../modules/unbound-auth.nix diff --git a/modules/flake-module.nix b/modules/flake-module.nix index 781a291..200dca4 100644 --- a/modules/flake-module.nix +++ b/modules/flake-module.nix @@ -1,3 +1,4 @@ +{ lib, ... }: { flake.nixosModules = { gitea.imports = [ @@ -7,5 +8,16 @@ desktop.imports = [ ./desktop.nix ]; + + nix-defaults.imports = [ ./nix-defaults.nix ]; + tailscale.imports = [ ./tailscale.nix ]; + user-rpqt.imports = [ ./user-rpqt.nix ]; + hardened-ssh-server.imports = [ ./hardened-ssh-server.nix ]; + + common.imports = [ + { + users.mutableUsers = lib.mkDefault false; + } + ]; }; } diff --git a/system/core/ssh-server.nix b/modules/hardened-ssh-server.nix similarity index 100% rename from system/core/ssh-server.nix rename to modules/hardened-ssh-server.nix diff --git a/system/nix/default.nix b/modules/nix-defaults.nix similarity index 53% rename from system/nix/default.nix rename to modules/nix-defaults.nix index 10d84fc..fd3ef6d 100644 --- a/system/nix/default.nix +++ b/modules/nix-defaults.nix @@ -1,18 +1,19 @@ { pkgs, ... }: { - imports = [ - ./nixpkgs.nix - ./substituters.nix - ]; - # for flakes environment.systemPackages = [ pkgs.git ]; nix.settings = { auto-optimise-store = true; builders-use-substitutes = true; - experimental-features = ["nix-command" "flakes"]; + experimental-features = [ + "nix-command" + "flakes" + ]; - trusted-users = ["root" "@wheel"]; + trusted-users = [ + "root" + "@wheel" + ]; }; } diff --git a/system/network/tailscale.nix b/modules/tailscale.nix similarity index 100% rename from system/network/tailscale.nix rename to modules/tailscale.nix diff --git a/modules/user-rpqt.nix b/modules/user-rpqt.nix new file mode 100644 index 0000000..86b2cf4 --- /dev/null +++ b/modules/user-rpqt.nix @@ -0,0 +1,21 @@ +{ lib, pkgs, ... }: +{ + users.users.rpqt = { + isNormalUser = true; + + createHome = lib.mkDefault true; + home = lib.mkDefault "/home/rpqt"; + + description = "Romain Paquet"; + + shell = pkgs.zsh; + + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze" + ]; + + extraGroups = [ "wheel" ]; + }; + + programs.zsh.enable = true; +} diff --git a/parts/default.nix b/parts/default.nix deleted file mode 100644 index 2948de5..0000000 --- a/parts/default.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - keys = import ./keys.nix; -} diff --git a/parts/keys.nix b/parts/keys.nix deleted file mode 100644 index 95e187d..0000000 --- a/parts/keys.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - rpqt.haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze"; - - hosts = { - haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKga5V0H602RsBESBXf5kwRCnI1yfBPOHmjGsM4Rxf5r root@haze"; - genepi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFwq0inZe4DX4DuJx/vbfjG5XLZ46MnBXjipdHgD9LBg root@genepi"; - crocus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAiz3nzuJGO5tRka2Y/kzqKa68wF7wwHr4hAympLNb9F root@crocus"; - storagebox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs"; - storagebox-rsa = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw=="; - }; - - services = { - radicle = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBuoHC4P0h88OAL5PJmiqkbkvQR1cwfkjaevWbwdKOU7 radicle@rpqt.fr"; - }; -} diff --git a/system/core/default.nix b/system/core/default.nix deleted file mode 100644 index 1d3f1d5..0000000 --- a/system/core/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - imports = [ - ./users.nix - ./ssh-server.nix - ]; - - i18n = { - defaultLocale = "en_US.UTF-8"; - supportedLocales = [ - "en_US.UTF-8/UTF-8" - "fr_FR.UTF-8/UTF-8" - ]; - }; - - security.sudo = { - enable = true; - wheelNeedsPassword = false; - }; -} diff --git a/system/core/users.nix b/system/core/users.nix deleted file mode 100644 index effffbf..0000000 --- a/system/core/users.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -{ - users.mutableUsers = lib.mkDefault false; - - services.userborn.enable = true; - - users.users.rpqt = { - isNormalUser = true; - - createHome = true; - home = "/home/rpqt"; - - description = "Romain Paquet"; - - shell = pkgs.zsh; - - openssh.authorizedKeys.keys = [ (import ../../parts/keys.nix).rpqt.haze ]; - - extraGroups = [ - "wheel" - ]; - }; - - programs.zsh.enable = true; -} diff --git a/system/default.nix b/system/default.nix deleted file mode 100644 index 763d619..0000000 --- a/system/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - imports = [ - ./core - ./network - ./nix - ]; -} diff --git a/system/network/default.nix b/system/network/default.nix deleted file mode 100644 index 2abc273..0000000 --- a/system/network/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ self, ... }: -{ - imports = [ - ./tailscale.nix - ]; -} diff --git a/system/nix/nixpkgs.nix b/system/nix/nixpkgs.nix deleted file mode 100644 index d793f95..0000000 --- a/system/nix/nixpkgs.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - nixpkgs = { - config.allowUnfree = true; - }; -} diff --git a/system/nix/substituters.nix b/system/nix/substituters.nix deleted file mode 100644 index 04660af..0000000 --- a/system/nix/substituters.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - nix.settings = { - substituters = [ - "https://cache.nixos.org?priority=10" - ]; - - trusted-public-keys = [ - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - ]; - }; -} From 1cc8b6b70ae13c0916c4df06d732589f6cd179ec Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 191/376] restrict nix remote builder ssh to nix daemon Snippet taken from SrvOS --- modules/remote-builder.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/remote-builder.nix b/modules/remote-builder.nix index 04b32a6..6c74f92 100644 --- a/modules/remote-builder.nix +++ b/modules/remote-builder.nix @@ -39,7 +39,9 @@ in isSystemUser = true; group = cfg.group; useDefaultShell = true; - openssh.authorizedKeys.keys = cfg.authorizedKeys; + openssh.authorizedKeys.keys = map ( + key: ''restrict,command="nix-daemon --stdio" ${key}'' + ) cfg.authorizedKeys; }; users.groups.${cfg.user} = { }; From 285bcc01e2924faf963a1e587c2e0e5eb68b1a88 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 192/376] disable radicle node web description (bug) --- machines/crocus/radicle.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/machines/crocus/radicle.nix b/machines/crocus/radicle.nix index d7692c4..4e80736 100644 --- a/machines/crocus/radicle.nix +++ b/machines/crocus/radicle.nix @@ -20,8 +20,9 @@ }; }; settings = { - web.avatarUrl = "https://rpqt.fr/favicon.svg"; - description = "rpqt's radicle node"; + # FIXME: activation fails with rad saying the config is invalid + # web.avatarUrl = "https://rpqt.fr/favicon.svg"; + # web.description = "rpqt's radicle node"; }; }; From 1e6756cac9ee0077a58f8d4adca1771ad31a85e4 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 193/376] fixup: re-enable userborn --- modules/flake-module.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/flake-module.nix b/modules/flake-module.nix index 200dca4..74f27fe 100644 --- a/modules/flake-module.nix +++ b/modules/flake-module.nix @@ -17,6 +17,7 @@ common.imports = [ { users.mutableUsers = lib.mkDefault false; + services.userborn.enable = lib.mkDefault true; } ]; }; From 9e9fcc053f911a43b4c12f653ce5e8ded6838f28 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 194/376] fixup: include home-manager flake module --- flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/flake.nix b/flake.nix index 34ad27d..5d2a5bd 100644 --- a/flake.nix +++ b/flake.nix @@ -19,6 +19,7 @@ ./clanServices/flake-module.nix ./devShells/flake-module.nix + ./home-manager/flake-module.nix ./machines/flake-module.nix ./modules/flake-module.nix ]; From ee1d81ede2352fd4481e3240919758f6a679a814 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 195/376] update flake inputs --- flake.lock | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index 2f4cf46..a1c827d 100644 --- a/flake.lock +++ b/flake.lock @@ -41,11 +41,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1759314525, - "narHash": "sha256-tzogFh0Y9uLco0ZdlKOcWi3MeYT4NuNrS2FJjaIlHIE=", + "lastModified": 1759521995, + "narHash": "sha256-F2L4PlonpvyLIRT305hFvoxFlo619/RA6DIeMIo4GGI=", "ref": "refs/heads/main", - "rev": "8dc7256a4a896c87fb1e7b72381182e2314699f8", - "revCount": 10313, + "rev": "dc1dd9aa3f33501002af9323fd9a6cb2083fbe7d", + "revCount": 10391, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -150,11 +150,11 @@ ] }, "locked": { - "lastModified": 1756770412, - "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "lastModified": 1759362264, + "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "4524271976b625a4a605beefd893f270620fd751", + "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", "type": "github" }, "original": { @@ -213,11 +213,11 @@ ] }, "locked": { - "lastModified": 1759261733, - "narHash": "sha256-G104PUPKBgJmcu4NWs0LUaPpSOTD4jiq4mamLWu3Oc0=", + "lastModified": 1759519282, + "narHash": "sha256-Wj76KLk49eRS086h6Fh0si95P6qqpzO7Gno9/nI336E=", "owner": "nix-community", "repo": "home-manager", - "rev": "5a21f4819ee1be645f46d6b255d49f4271ef6723", + "rev": "bd92e8ee4a6031ca3dd836c91dc41c13fca1e533", "type": "github" }, "original": { @@ -421,11 +421,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1759036355, - "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=", + "lastModified": 1759381078, + "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127", + "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", "type": "github" }, "original": { @@ -496,11 +496,11 @@ ] }, "locked": { - "lastModified": 1759107752, - "narHash": "sha256-VEdL1J4rk+Z/5wHhLSsvj5QmXWKHHDeN1P8YLGLa1RM=", + "lastModified": 1759366584, + "narHash": "sha256-GoeShBq/+xv9g9POP69vbOrObpLtS/mDfF1/pfPIQrU=", "owner": "nix-community", "repo": "srvos", - "rev": "97708379b1f3b64224632eb49a56e45fe6995e6f", + "rev": "1dbb22b9b15f449a7c8c92a94aec9fe5aea8ef7c", "type": "github" }, "original": { @@ -602,11 +602,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1759316433, - "narHash": "sha256-C9cC9nJdvoaPhvNkhRxmv/hti+AehHJh1XYjSElZtlk=", + "lastModified": 1759516059, + "narHash": "sha256-yCzrjtxrBXUQXKp/7XnGWvVzv3ZpsYAQ30NS7KIdBJA=", "owner": "vicinaehq", "repo": "vicinae", - "rev": "273b49bf6b74b993a001227419f40b91b6a9909e", + "rev": "5b18514e3145caafcc9f54cbd6f07994a91f0786", "type": "github" }, "original": { From 395deb40935def3404fbda60ce4a445f9ce09bfa Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 196/376] add dank material shell --- flake.lock | 117 +++++++++++++++++++++++++++------- flake.nix | 3 + home-manager/desktop/dank.nix | 8 +++ 3 files changed, 106 insertions(+), 22 deletions(-) create mode 100644 home-manager/desktop/dank.nix diff --git a/flake.lock b/flake.lock index a1c827d..c2f6ccd 100644 --- a/flake.lock +++ b/flake.lock @@ -41,11 +41,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1759521995, - "narHash": "sha256-F2L4PlonpvyLIRT305hFvoxFlo619/RA6DIeMIo4GGI=", + "lastModified": 1759572375, + "narHash": "sha256-Sa9DLvlZEZ86/tGt/9vxWoctOHrBIhUdfQ6vGMzi5pk=", "ref": "refs/heads/main", - "rev": "dc1dd9aa3f33501002af9323fd9a6cb2083fbe7d", - "revCount": 10391, + "rev": "9847d4558b9e654a01b885d800925e4bfa0afcfc", + "revCount": 10401, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -54,6 +54,29 @@ "url": "https://git.clan.lol/clan/clan-core" } }, + "dankMaterialShell": { + "inputs": { + "dgop": "dgop", + "dms-cli": "dms-cli", + "nixpkgs": [ + "nixpkgs" + ], + "quickshell": "quickshell" + }, + "locked": { + "lastModified": 1759884507, + "narHash": "sha256-YhsD1d0Xk2LXp4Hgx7xI5nRS9REMKb+QGpejFM3fcdU=", + "owner": "AvengeMedia", + "repo": "DankMaterialShell", + "rev": "8cd0d5faa5f546472d3be5e843d58402ae3215a6", + "type": "github" + }, + "original": { + "owner": "AvengeMedia", + "repo": "DankMaterialShell", + "type": "github" + } + }, "data-mesher": { "inputs": { "flake-parts": [ @@ -81,6 +104,27 @@ "url": "https://git.clan.lol/clan/data-mesher/archive/main.tar.gz" } }, + "dgop": { + "inputs": { + "nixpkgs": [ + "dankMaterialShell", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1757252286, + "narHash": "sha256-QwWQzlxAGvIi6VAc8DQ6ONCKKwtPyaHQW1cQyGbP7Og=", + "owner": "AvengeMedia", + "repo": "dgop", + "rev": "a65a02ddf8bade9c109d055e644e4bd851183bd5", + "type": "github" + }, + "original": { + "owner": "AvengeMedia", + "repo": "dgop", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -122,6 +166,27 @@ "type": "github" } }, + "dms-cli": { + "inputs": { + "nixpkgs": [ + "dankMaterialShell", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1757296630, + "narHash": "sha256-3H236F5oIKkqpfnwrvZQs4Y5imKb6JCMFGDkHs8VDjQ=", + "owner": "AvengeMedia", + "repo": "danklinux", + "rev": "dac591711ab30d6b071a5cec674a3d2e04665ee1", + "type": "github" + }, + "original": { + "owner": "AvengeMedia", + "repo": "danklinux", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -213,11 +278,11 @@ ] }, "locked": { - "lastModified": 1759519282, - "narHash": "sha256-Wj76KLk49eRS086h6Fh0si95P6qqpzO7Gno9/nI336E=", + "lastModified": 1759573136, + "narHash": "sha256-ILSPD0Dm8p0w0fCVzOx98ZH8yFDrR75GmwmH3fS2VnE=", "owner": "nix-community", "repo": "home-manager", - "rev": "bd92e8ee4a6031ca3dd836c91dc41c13fca1e533", + "rev": "5f06ceafc6c9b773a776b9195c3f47bbe1defa43", "type": "github" }, "original": { @@ -435,26 +500,32 @@ "type": "github" } }, - "nixpkgs_3": { + "quickshell": { + "inputs": { + "nixpkgs": [ + "dankMaterialShell", + "nixpkgs" + ] + }, "locked": { - "lastModified": 1759036355, - "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127", - "type": "github" + "lastModified": 1756981260, + "narHash": "sha256-GhuD9QVimjynHI0OOyZsqJsnlXr2orowh9H+HYz4YMs=", + "ref": "refs/heads/master", + "rev": "6eb12551baf924f8fdecdd04113863a754259c34", + "revCount": 672, + "type": "git", + "url": "https://git.outfoxxed.me/quickshell/quickshell" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" + "type": "git", + "url": "https://git.outfoxxed.me/quickshell/quickshell" } }, "root": { "inputs": { "buildbot-nix": "buildbot-nix", "clan-core": "clan-core", + "dankMaterialShell": "dankMaterialShell", "disko": "disko_2", "flake-parts": "flake-parts_2", "home-manager": "home-manager", @@ -599,14 +670,16 @@ "vicinae": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_3" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { - "lastModified": 1759516059, - "narHash": "sha256-yCzrjtxrBXUQXKp/7XnGWvVzv3ZpsYAQ30NS7KIdBJA=", + "lastModified": 1759528325, + "narHash": "sha256-51jQbWs7CDtY7/TIhhUhiPV/AXau3Gd+XJX+88lznmk=", "owner": "vicinaehq", "repo": "vicinae", - "rev": "5b18514e3145caafcc9f54cbd6f07994a91f0786", + "rev": "365cded21ad82d178cb35a076f9f6ac9cb8e1707", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 5d2a5bd..fa92e92 100644 --- a/flake.nix +++ b/flake.nix @@ -90,6 +90,9 @@ buildbot-nix.url = "github:nix-community/buildbot-nix"; buildbot-nix.inputs.nixpkgs.follows = "nixpkgs"; + + dankMaterialShell.url = "github:AvengeMedia/DankMaterialShell"; + dankMaterialShell.inputs.nixpkgs.follows = "nixpkgs"; }; nixConfig = { diff --git a/home-manager/desktop/dank.nix b/home-manager/desktop/dank.nix new file mode 100644 index 0000000..ab7781c --- /dev/null +++ b/home-manager/desktop/dank.nix @@ -0,0 +1,8 @@ +{ inputs, ... }: +{ + imports = [ + inputs.dankMaterialShell.homeModules.dankMaterialShell.default + ]; + + programs.dankMaterialShell.enable = true; +} From 73c149ea325675b184f7837075bd86d211854fc8 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 197/376] stop using vicinae cache --- flake.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/flake.nix b/flake.nix index fa92e92..f3594d3 100644 --- a/flake.nix +++ b/flake.nix @@ -87,6 +87,7 @@ srvos.inputs.nixpkgs.follows = "nixpkgs"; vicinae.url = "github:vicinaehq/vicinae"; + vicinae.inputs.nixpkgs.follows = "nixpkgs"; buildbot-nix.url = "github:nix-community/buildbot-nix"; buildbot-nix.inputs.nixpkgs.follows = "nixpkgs"; @@ -94,9 +95,4 @@ dankMaterialShell.url = "github:AvengeMedia/DankMaterialShell"; dankMaterialShell.inputs.nixpkgs.follows = "nixpkgs"; }; - - nixConfig = { - extra-substituters = [ "https://vicinae.cachix.org" ]; - extra-trusted-public-keys = [ "vicinae.cachix.org-1:1kDrfienkGHPYbkpNj1mWTr7Fm1+zcenzgTizIcI3oc=" ]; - }; } From e667e36c4bd60619bc65eb0f50bcadeb75b17e78 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 198/376] fix vicinae toggle --- home/.config/niri/config.kdl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/.config/niri/config.kdl b/home/.config/niri/config.kdl index 10058db..72ee600 100644 --- a/home/.config/niri/config.kdl +++ b/home/.config/niri/config.kdl @@ -134,7 +134,7 @@ binds { // Suggested binds for running programs: terminal, app launcher, screen locker. Mod+Return { spawn "sh" "-c" "alacritty msg create-window || alacritty"; } - Mod+D { spawn "vicinae"; } + Mod+D { spawn "vicinae" "toggle"; } Super+Alt+L { spawn "swaylock"; } XF86AudioRaiseVolume allow-when-locked=true { spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.05+"; } From 4ea5ab05502ab8603e58f31153e65c74f745fa75 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 199/376] refactor desktop modules --- home-manager/desktop/ignis.nix | 10 ++++++++++ home-manager/desktop/niri.nix | 2 +- home-manager/desktop/sway.nix | 1 + machines/haze/niri.nix | 9 +-------- modules/desktop.nix | 2 ++ 5 files changed, 15 insertions(+), 9 deletions(-) diff --git a/home-manager/desktop/ignis.nix b/home-manager/desktop/ignis.nix index f81ebb6..4bc86ae 100644 --- a/home-manager/desktop/ignis.nix +++ b/home-manager/desktop/ignis.nix @@ -2,6 +2,7 @@ self, config, inputs, + pkgs, ... }: { @@ -10,6 +11,15 @@ inputs.ignis.homeManagerModules.default ]; + home.packages = [ + pkgs.brightnessctl + pkgs.swaybg + pkgs.swaylock + pkgs.tofi + pkgs.wl-gammarelay-rs + inputs.matugen.packages.${pkgs.system}.default + ]; + programs.ignis = { enable = true; diff --git a/home-manager/desktop/niri.nix b/home-manager/desktop/niri.nix index 5f0001d..9422dda 100644 --- a/home-manager/desktop/niri.nix +++ b/home-manager/desktop/niri.nix @@ -2,7 +2,7 @@ { imports = [ self.homeManagerModules.dotfiles - ./ignis.nix + ./wayland.nix ]; xdg.configFile."niri".source = "${config.dotfiles.path}/.config/niri"; diff --git a/home-manager/desktop/sway.nix b/home-manager/desktop/sway.nix index 36ba075..53aa3fd 100644 --- a/home-manager/desktop/sway.nix +++ b/home-manager/desktop/sway.nix @@ -7,6 +7,7 @@ { imports = [ self.homeManagerModules.dotfiles + ./wayland.nix ]; home.packages = with pkgs; [ diff --git a/machines/haze/niri.nix b/machines/haze/niri.nix index c9a11ad..896243c 100644 --- a/machines/haze/niri.nix +++ b/machines/haze/niri.nix @@ -1,18 +1,11 @@ -{ self, pkgs, ... }: +{ pkgs, ... }: { programs.niri.enable = true; environment.systemPackages = with pkgs; [ - brightnessctl pavucontrol playerctl - quickshell - swaybg - swaylock - tofi - wl-gammarelay-rs xwayland-satellite - self.inputs.matugen.packages.${pkgs.system}.default ]; services.gnome.gnome-keyring.enable = true; diff --git a/modules/desktop.nix b/modules/desktop.nix index 04d56c1..df37755 100644 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -3,6 +3,8 @@ environment.systemPackages = [ pkgs.mpv # video player pkgs.amberol # music player + pkgs.alacritty + pkgs.ghostty ]; programs.firefox = { From 72b6683b7b4a9c77d9358a5d3b34089a81762d0c Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 200/376] remove waypaper --- home-manager/desktop/wayland.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home-manager/desktop/wayland.nix b/home-manager/desktop/wayland.nix index cdcefb0..2402cce 100644 --- a/home-manager/desktop/wayland.nix +++ b/home-manager/desktop/wayland.nix @@ -1,7 +1,6 @@ { pkgs, ... }: { home.packages = with pkgs; [ - waypaper wl-clipboard ]; } From 6c1905fa5cb3179ceec328b46ea6656905a2b24a Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 201/376] fix networkmanager vpn extensions --- machines/haze/network.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/machines/haze/network.nix b/machines/haze/network.nix index d6d4675..81bb1a0 100644 --- a/machines/haze/network.nix +++ b/machines/haze/network.nix @@ -3,9 +3,11 @@ networking.networkmanager = { enable = true; wifi.powersave = true; + plugins = [ + pkgs.networkmanager-openconnect + pkgs.networkmanager-openvpn + ]; }; users.users."rpqt".extraGroups = [ "networkmanager" ]; - - environment.systemPackages = [ pkgs.networkmanager-openconnect ]; } From 23768f3a0caabc70fb1f930b451a4d401866c94e Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 202/376] git ignore niri dms config (dynamic) --- home/.config/niri/.gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 home/.config/niri/.gitignore diff --git a/home/.config/niri/.gitignore b/home/.config/niri/.gitignore new file mode 100644 index 0000000..6d4140c --- /dev/null +++ b/home/.config/niri/.gitignore @@ -0,0 +1 @@ +dms From 6dc1e11a54ff4bc06be9aa615b1c4ba24e7df487 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 203/376] add libreoffice --- modules/desktop.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/desktop.nix b/modules/desktop.nix index df37755..2a588eb 100644 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -5,6 +5,7 @@ pkgs.amberol # music player pkgs.alacritty pkgs.ghostty + pkgs.libreoffice ]; programs.firefox = { From c559b28c93f66233f0c0983a0516ff4e9a246a9d Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 204/376] fix missing module arg --- machines/genepi/syncthing.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/machines/genepi/syncthing.nix b/machines/genepi/syncthing.nix index e8eae38..d554fe0 100644 --- a/machines/genepi/syncthing.nix +++ b/machines/genepi/syncthing.nix @@ -1,5 +1,6 @@ { config, + lib, ... }: let From ce5b609747265009c8444f8cad7e45c93bfca40f Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 205/376] garage: bind to zerotier ip --- modules/garage.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/garage.nix b/modules/garage.nix index 313b1a0..654e5fa 100644 --- a/modules/garage.nix +++ b/modules/garage.nix @@ -34,7 +34,8 @@ in }; admin = { - api_bind_addr = "127.0.0.1:3903"; + api_bind_addr = "[${zerotier_ip}]:3903"; + # TODO: use metrics_token }; }; }; From 405c629a3be8550eddb74bb3d7267d22684c4a85 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 206/376] move terminal configs to its own module --- home-manager/desktop/sway.nix | 7 ------- home-manager/desktop/terminal.nix | 21 +++++++++++++++++++++ 2 files changed, 21 insertions(+), 7 deletions(-) create mode 100644 home-manager/desktop/terminal.nix diff --git a/home-manager/desktop/sway.nix b/home-manager/desktop/sway.nix index 53aa3fd..9d049b1 100644 --- a/home-manager/desktop/sway.nix +++ b/home-manager/desktop/sway.nix @@ -11,8 +11,6 @@ ]; home.packages = with pkgs; [ - alacritty - ghostty tofi i3status-rust wlsunset @@ -31,9 +29,4 @@ "i3status-rust".source = "${config.dotfiles.path}/.config/i3status-rust"; "tofi/config".source = "${config.dotfiles.path}/.config/tofi/config"; }; - - programs.alacritty.enable = true; - xdg.configFile."alacritty".source = "${config.dotfiles.path}/.config/alacritty"; - - xdg.configFile."ghostty/config".source = "${config.dotfiles.path}/.config/ghostty/config"; } diff --git a/home-manager/desktop/terminal.nix b/home-manager/desktop/terminal.nix new file mode 100644 index 0000000..5f35837 --- /dev/null +++ b/home-manager/desktop/terminal.nix @@ -0,0 +1,21 @@ +{ + config, + pkgs, + self, + ... +}: +{ + imports = [ + self.homeManagerModules.dotfiles + ]; + + home.packages = [ + pkgs.alacritty + pkgs.ghostty + ]; + + programs.alacritty.enable = true; + xdg.configFile."alacritty".source = "${config.dotfiles.path}/.config/alacritty"; + + xdg.configFile."ghostty/config".source = "${config.dotfiles.path}/.config/ghostty/config"; +} From 5c709f9a5d24c9eb2330c0c782cbadb2d1990ba3 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 207/376] add radicle desktop and tui --- home-manager/desktop/default.nix | 1 + home-manager/dev.nix | 2 ++ 2 files changed, 3 insertions(+) diff --git a/home-manager/desktop/default.nix b/home-manager/desktop/default.nix index 2c51df5..05cd265 100644 --- a/home-manager/desktop/default.nix +++ b/home-manager/desktop/default.nix @@ -3,6 +3,7 @@ imports = [ ./fonts.nix ./pass.nix + ./terminal.nix ./wayland.nix ]; diff --git a/home-manager/dev.nix b/home-manager/dev.nix index 3822de1..9db2c4f 100644 --- a/home-manager/dev.nix +++ b/home-manager/dev.nix @@ -17,7 +17,9 @@ jujutsu nix-output-monitor python3 + radicle-desktop radicle-node + radicle-tui typescript-language-server nil # Nix language server nixfmt-rfc-style From 70babab8ecea3cd9b3f158618e7c759a3f00b896 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 208/376] add auto nix gc on servers --- machines/flake-module.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/machines/flake-module.nix b/machines/flake-module.nix index 60050b6..29f71bd 100644 --- a/machines/flake-module.nix +++ b/machines/flake-module.nix @@ -90,6 +90,22 @@ roles.default.extraModules = [ self.nixosModules.common ]; }; + server-config = { + module = { + input = "clan-core"; + name = "importer"; + }; + roles.default.tags.server = { }; + roles.default.extraModules = [ + { + nix.gc.automatic = true; + nix.gc.dates = "Mon 3:15"; + nix.gc.randomizedDelaySec = "30min"; + nix.gc.options = "--delete-older-than 30d"; + } + ]; + }; + "garage" = { module.input = "clan-core"; module.name = "garage"; From db27b0ac0fb70184f6bccbfa0b0cd4165c900ad6 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 209/376] niri: maximize thunderbird --- home/.config/niri/config.kdl | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/home/.config/niri/config.kdl b/home/.config/niri/config.kdl index 72ee600..2687ad7 100644 --- a/home/.config/niri/config.kdl +++ b/home/.config/niri/config.kdl @@ -103,6 +103,14 @@ window-rule { } } +window-rule { + match app-id=r#"^thunderbird$"# + open-maximized true + focus-ring { + off + } +} + // Open the Firefox picture-in-picture player as floating by default. window-rule { // This app-id regular expression will work for both: From d8ca6d235fee64eeb29940d183df0bfd87604cef Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 210/376] enable dank shell --- home/.config/niri/config.kdl | 4 +--- machines/haze/home.nix | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/home/.config/niri/config.kdl b/home/.config/niri/config.kdl index 2687ad7..f6c0ba0 100644 --- a/home/.config/niri/config.kdl +++ b/home/.config/niri/config.kdl @@ -330,9 +330,7 @@ binds { screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" -spawn-at-startup "wl-gammarelay-rs" -spawn-at-startup "swaybg" "-m" "fill" "-i" "/home/rpqt/.local/state/wallpaper" -spawn-at-startup "ignis" "init" +spawn-at-startup "dms" "run" spawn-at-startup "kdeconnect-indicator" spawn-at-startup "xwayland-satellite" diff --git a/machines/haze/home.nix b/machines/haze/home.nix index ebd05fb..fb775d1 100644 --- a/machines/haze/home.nix +++ b/machines/haze/home.nix @@ -9,8 +9,8 @@ ../../home-manager/minecraft.nix ../../home-manager/desktop ../../home-manager/desktop/gnome.nix + ../../home-manager/desktop/dank.nix ../../home-manager/desktop/niri.nix - ../../home-manager/desktop/sway.nix ../../home-manager/desktop/vicinae.nix ]; } From cc0a910c0e83d1de0e9ce9620676f7336c1ae22a Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 1 Oct 2025 19:36:53 +0200 Subject: [PATCH 211/376] add whitesur icon theme --- home-manager/desktop/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/home-manager/desktop/default.nix b/home-manager/desktop/default.nix index 05cd265..4a4a002 100644 --- a/home-manager/desktop/default.nix +++ b/home-manager/desktop/default.nix @@ -21,4 +21,14 @@ }; gtk.enable = true; + gtk.iconTheme = { + name = "WhiteSur"; + package = pkgs.whitesur-icon-theme.override { + alternativeIcons = true; + boldPanelIcons = true; + }; + }; + + qt.enable = true; + qt.platformTheme.name = "gtk"; } From c80321c8788449b56437df577bba7035be3171d3 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 15 Oct 2025 16:18:28 +0200 Subject: [PATCH 212/376] Update vars via generator openssh-ca for machine verbena --- vars/shared/openssh-ca/id_ed25519.pub/value | 1 + vars/shared/openssh-ca/id_ed25519/secret | 14 ++++++++++++++ vars/shared/openssh-ca/id_ed25519/users/rpqt | 1 + 3 files changed, 16 insertions(+) create mode 100644 vars/shared/openssh-ca/id_ed25519.pub/value create mode 100644 vars/shared/openssh-ca/id_ed25519/secret create mode 120000 vars/shared/openssh-ca/id_ed25519/users/rpqt diff --git a/vars/shared/openssh-ca/id_ed25519.pub/value b/vars/shared/openssh-ca/id_ed25519.pub/value new file mode 100644 index 0000000..2613f81 --- /dev/null +++ b/vars/shared/openssh-ca/id_ed25519.pub/value @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGE7R12pfvRSXsS8MwMkp57fuc+N2wc4VcXAYwo/eJJ7 diff --git a/vars/shared/openssh-ca/id_ed25519/secret b/vars/shared/openssh-ca/id_ed25519/secret new file mode 100644 index 0000000..819d177 --- /dev/null +++ b/vars/shared/openssh-ca/id_ed25519/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:sPSi5gWzieSktKNwVzD+c0WhCFt2u/FtsiKfwkpFceKbzyLLqBWQwyF9/CrAfExMky230YxA9atQxilpZLTZ0zmuk0D7Mi4xLsF+G9sFdyKz2DFuBHZ1hQZNiVAsQlHLvqcDtdixgo0gHfjHJ9t0eH+q4tgVJe0QhhzmcDSj0EjrE3SUnxzTszS0ZHL4X+Wfx+lrJtL8Do5eSXKXcoQHS8d6bOW/psLA8AHNJypOMlplXd4vASXPJmj9RQ1GFdzSFz5TZoyxShBuImukcLO6EoTc2TXtAclbN5JLHEbvx9I5K4S74WR7amtYV/8g1tquZ5nHVxVHr4sFY3pHDUuMvGdiVgVbrBwK4iJ5GtAUU81jCQzZ1MwtT74cldFXfwJIUAHbV0s4cSNQpH+f2bYO2uyVhykpIuLmI23Vb1ezRJqW1cGcg0VRoBRoduxQzOAeI1LE4EuniH/w1xtdKmn2XTMwwl6YetT1KbPBRMVScqcEF2ZadJV3X7hJFh0awn1cSWsG,iv:Kjm+58JsE/FCEYEpYIEVwjRuWYWaLP8VrysgsZGDs6g=,tag:xdlA9tvtw9cm8YFW64a+pw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJWGVudE9CTHRrK3dzUW5X\nNEc1MW5zSGEveGs1T0tOcmUrK0pOQW45YzFBClVPM0l2SlhwbmpJeWFyUXF6N3Q0\nbktweW03MGNNdklNOENQVHpPZGt0a2MKLS0tIFNkZng3YnRmQkhyVkpxUU9VeFdM\nUlRZMnM2TXM2M1lmbW8vQnhveG1hY3MKREXHP3+XlwkrstFPbpUHkNGtlX6qpOxV\nBptaRca56JW2fkgoHsL733DeuznnOqNTXRdQGQbxdATzyrdHxz1tDQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-10-15T14:18:28Z", + "mac": "ENC[AES256_GCM,data:mOSflPXxdKtJH6dfmR41msVSp1Bcc7M4eBpFQFsTe5edUa8qWKjOeBnIN0U7Sqm7fQngOmfxIzqViaPCqSFg4TX01F4Trv6gcMUErF9OqIl+HbkZKHQxPIktXnb0OX95V85GsRvwUrLKX5l6PwQrPK+ovCHr9NjcUos2T4vlJkc=,iv:HSWHk5J+lPuiNBppKuJHRLwjcvm+H4DqBTlvR+mHUTk=,tag:PkKNbxHu61iuidj0MhkiaQ==,type:str]", + "version": "3.11.0" + } +} diff --git a/vars/shared/openssh-ca/id_ed25519/users/rpqt b/vars/shared/openssh-ca/id_ed25519/users/rpqt new file mode 120000 index 0000000..825a187 --- /dev/null +++ b/vars/shared/openssh-ca/id_ed25519/users/rpqt @@ -0,0 +1 @@ +../../../../../sops/users/rpqt \ No newline at end of file From 25aa87e0384592e1e1eab301cc474bb04307976d Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 15 Oct 2025 16:18:28 +0200 Subject: [PATCH 213/376] Update vars via generator openssh-cert for machine crocus --- vars/per-machine/crocus/openssh-cert/.validation-hash | 1 + .../crocus/openssh-cert/ssh.id_ed25519-cert.pub/value | 1 + 2 files changed, 2 insertions(+) create mode 100644 vars/per-machine/crocus/openssh-cert/.validation-hash create mode 100644 vars/per-machine/crocus/openssh-cert/ssh.id_ed25519-cert.pub/value diff --git a/vars/per-machine/crocus/openssh-cert/.validation-hash b/vars/per-machine/crocus/openssh-cert/.validation-hash new file mode 100644 index 0000000..e971f15 --- /dev/null +++ b/vars/per-machine/crocus/openssh-cert/.validation-hash @@ -0,0 +1 @@ +243132bdc5136706ee224d98a96529e443dfb8fd086cc6202f30d95f6911060f \ No newline at end of file diff --git a/vars/per-machine/crocus/openssh-cert/ssh.id_ed25519-cert.pub/value b/vars/per-machine/crocus/openssh-cert/ssh.id_ed25519-cert.pub/value new file mode 100644 index 0000000..4e8e3b5 --- /dev/null +++ b/vars/per-machine/crocus/openssh-cert/ssh.id_ed25519-cert.pub/value @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIBKcszb0YlcYG5GLTntOGpMyse+FxISKTdn3pVoJAzC5AAAAIOtUFcEICj2NcZZPcfl+JCCaDfmCxQtLytGH0eoFNL4UAAAAAAAAAAAAAAACAAAABmNyb2N1cwAAABcAAAATY3JvY3VzLmhvbWUucnBxdC5mcgAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIGE7R12pfvRSXsS8MwMkp57fuc+N2wc4VcXAYwo/eJJ7AAAAUwAAAAtzc2gtZWQyNTUxOQAAAECy8llQ6XQHRjjOTz/Le+Af6bW/lCq8ruJHPW8vh6tc2e9HFM7pWePxVeF0bCwWZ5IRNkvwjgfdbKMZG599racJ nixbld@haze From 54ad3237d03e34c3cee53aa3d6305aca24f8c93f Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 15 Oct 2025 16:18:28 +0200 Subject: [PATCH 214/376] Update vars via generator openssh-cert for machine genepi --- vars/per-machine/genepi/openssh-cert/.validation-hash | 1 + .../genepi/openssh-cert/ssh.id_ed25519-cert.pub/value | 1 + 2 files changed, 2 insertions(+) create mode 100644 vars/per-machine/genepi/openssh-cert/.validation-hash create mode 100644 vars/per-machine/genepi/openssh-cert/ssh.id_ed25519-cert.pub/value diff --git a/vars/per-machine/genepi/openssh-cert/.validation-hash b/vars/per-machine/genepi/openssh-cert/.validation-hash new file mode 100644 index 0000000..02779a2 --- /dev/null +++ b/vars/per-machine/genepi/openssh-cert/.validation-hash @@ -0,0 +1 @@ +03d96c6ed6a59594bf0faa06dfcb7d7959628eba37fb4c35f6c95803edc23b90 \ No newline at end of file diff --git a/vars/per-machine/genepi/openssh-cert/ssh.id_ed25519-cert.pub/value b/vars/per-machine/genepi/openssh-cert/ssh.id_ed25519-cert.pub/value new file mode 100644 index 0000000..9219ad7 --- /dev/null +++ b/vars/per-machine/genepi/openssh-cert/ssh.id_ed25519-cert.pub/value @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIHcv5O9kZ5PjMVSVvmRNK1FQIQ3fsx5I/bq/nVHEbdg7AAAAIFwq0inZe4DX4DuJx/vbfjG5XLZ46MnBXjipdHgD9LBgAAAAAAAAAAAAAAACAAAABmdlbmVwaQAAABcAAAATZ2VuZXBpLmhvbWUucnBxdC5mcgAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIGE7R12pfvRSXsS8MwMkp57fuc+N2wc4VcXAYwo/eJJ7AAAAUwAAAAtzc2gtZWQyNTUxOQAAAEBUtVWziAfc5PzYezSlbAXfFXLP1KoPYHPUtFaon0Fu14j3+RhKC7nylUgvGCOm46dTq+S9YoDZ3SqlwxwyD4cL nixbld@haze From aaf78035c3f89e2e4f789c4fe307c0a4d0f230d8 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 15 Oct 2025 16:18:28 +0200 Subject: [PATCH 215/376] Update vars via generator openssh-cert for machine haze --- vars/per-machine/haze/openssh-cert/.validation-hash | 1 + vars/per-machine/haze/openssh-cert/ssh.id_ed25519-cert.pub/value | 1 + 2 files changed, 2 insertions(+) create mode 100644 vars/per-machine/haze/openssh-cert/.validation-hash create mode 100644 vars/per-machine/haze/openssh-cert/ssh.id_ed25519-cert.pub/value diff --git a/vars/per-machine/haze/openssh-cert/.validation-hash b/vars/per-machine/haze/openssh-cert/.validation-hash new file mode 100644 index 0000000..15f8ff2 --- /dev/null +++ b/vars/per-machine/haze/openssh-cert/.validation-hash @@ -0,0 +1 @@ +5c9d0944c4f6abc9765b12a4c4eebca296ec914fd8ee4e4691b9c40fbdef57b7 \ No newline at end of file diff --git a/vars/per-machine/haze/openssh-cert/ssh.id_ed25519-cert.pub/value b/vars/per-machine/haze/openssh-cert/ssh.id_ed25519-cert.pub/value new file mode 100644 index 0000000..ddf64bf --- /dev/null +++ b/vars/per-machine/haze/openssh-cert/ssh.id_ed25519-cert.pub/value @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAICBUNOo7T8sn7F094li17lssJOCdixjDhLO6eGlO72ZwAAAAIIyNC2sn5m7m52r4kVZqg0T7abqdz5xh/blU3cYtHKAEAAAAAAAAAAAAAAACAAAABGhhemUAAAAVAAAAEWhhemUuaG9tZS5ycHF0LmZyAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgYTtHXal+9FJexLwzAySnnt+5z43bBzhVxcBjCj94knsAAABTAAAAC3NzaC1lZDI1NTE5AAAAQHVWtdcrv4w8xc/YSAJmGkulkMfr3QOdEEGBZLeARu15To31xtScc4U5WhMstZRu9rWBoVENaUIuo0poRvHT/Ak= nixbld@haze From fd0d316b0029e3fda0b19092898109b0a07be471 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 15 Oct 2025 16:18:29 +0200 Subject: [PATCH 216/376] Update vars via generator openssh-cert for machine verbena --- vars/per-machine/verbena/openssh-cert/.validation-hash | 1 + .../verbena/openssh-cert/ssh.id_ed25519-cert.pub/value | 1 + 2 files changed, 2 insertions(+) create mode 100644 vars/per-machine/verbena/openssh-cert/.validation-hash create mode 100644 vars/per-machine/verbena/openssh-cert/ssh.id_ed25519-cert.pub/value diff --git a/vars/per-machine/verbena/openssh-cert/.validation-hash b/vars/per-machine/verbena/openssh-cert/.validation-hash new file mode 100644 index 0000000..e0bfa42 --- /dev/null +++ b/vars/per-machine/verbena/openssh-cert/.validation-hash @@ -0,0 +1 @@ +ac6a5c1a1f92820a01374e2f28f5e230bc28104313a3c01c5bfa91ee112805e5 \ No newline at end of file diff --git a/vars/per-machine/verbena/openssh-cert/ssh.id_ed25519-cert.pub/value b/vars/per-machine/verbena/openssh-cert/ssh.id_ed25519-cert.pub/value new file mode 100644 index 0000000..8b9264c --- /dev/null +++ b/vars/per-machine/verbena/openssh-cert/ssh.id_ed25519-cert.pub/value @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIERlRW05oWOKBoc6WXhIbkMsu/GGjZ7GtsDWGbilP6FQAAAAIOFmER+Rjwzfr/GLrD3kItVEEdhPTIjUFgSbhNOJtNJVAAAAAAAAAAAAAAACAAAAB3ZlcmJlbmEAAAAYAAAAFHZlcmJlbmEuaG9tZS5ycHF0LmZyAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgYTtHXal+9FJexLwzAySnnt+5z43bBzhVxcBjCj94knsAAABTAAAAC3NzaC1lZDI1NTE5AAAAQN93JKKLUpCkdj2D2wHbhn8MK3JH0PMUuQqBLUqK29+YlRlPZI9ZesKK0JsAnraDLyn7UEg7cyt0cXRkCPfcqwc= /tmp/vars-ifid6s0y/in/openssh/ssh.id_ed25519.pub From da2f40a7504e05066a2d5730c60c614ec0696e98 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 15 Oct 2025 18:45:12 +0200 Subject: [PATCH 217/376] Add genepi to secret --- vars/shared/openssh-ca/id_ed25519/machines/genepi | 1 + vars/shared/openssh-ca/id_ed25519/secret | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) create mode 120000 vars/shared/openssh-ca/id_ed25519/machines/genepi diff --git a/vars/shared/openssh-ca/id_ed25519/machines/genepi b/vars/shared/openssh-ca/id_ed25519/machines/genepi new file mode 120000 index 0000000..be44d39 --- /dev/null +++ b/vars/shared/openssh-ca/id_ed25519/machines/genepi @@ -0,0 +1 @@ +../../../../../sops/machines/genepi \ No newline at end of file diff --git a/vars/shared/openssh-ca/id_ed25519/secret b/vars/shared/openssh-ca/id_ed25519/secret index 819d177..cebf129 100644 --- a/vars/shared/openssh-ca/id_ed25519/secret +++ b/vars/shared/openssh-ca/id_ed25519/secret @@ -2,13 +2,18 @@ "data": "ENC[AES256_GCM,data:sPSi5gWzieSktKNwVzD+c0WhCFt2u/FtsiKfwkpFceKbzyLLqBWQwyF9/CrAfExMky230YxA9atQxilpZLTZ0zmuk0D7Mi4xLsF+G9sFdyKz2DFuBHZ1hQZNiVAsQlHLvqcDtdixgo0gHfjHJ9t0eH+q4tgVJe0QhhzmcDSj0EjrE3SUnxzTszS0ZHL4X+Wfx+lrJtL8Do5eSXKXcoQHS8d6bOW/psLA8AHNJypOMlplXd4vASXPJmj9RQ1GFdzSFz5TZoyxShBuImukcLO6EoTc2TXtAclbN5JLHEbvx9I5K4S74WR7amtYV/8g1tquZ5nHVxVHr4sFY3pHDUuMvGdiVgVbrBwK4iJ5GtAUU81jCQzZ1MwtT74cldFXfwJIUAHbV0s4cSNQpH+f2bYO2uyVhykpIuLmI23Vb1ezRJqW1cGcg0VRoBRoduxQzOAeI1LE4EuniH/w1xtdKmn2XTMwwl6YetT1KbPBRMVScqcEF2ZadJV3X7hJFh0awn1cSWsG,iv:Kjm+58JsE/FCEYEpYIEVwjRuWYWaLP8VrysgsZGDs6g=,tag:xdlA9tvtw9cm8YFW64a+pw==,type:str]", "sops": { "age": [ + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6VTVScHBtYVFLbGdmWnFx\nVGtGYlJvSEMySU5uTGo1akRCSDVsYlF5UVFnCnNucktTNjFNMzJRM3BRQkhSL3RW\nV3czUHI1MFFDREg3QnhVSDVObjExNW8KLS0tIGhveWxLVmpZYmlZaFlRZWZOc3NO\nRkhLa1I0SkhuV3lDTlR0cnpzRUdJTlEKDlU45nUKf6jl7ZBJX1wvju+Kx8Sa2/sz\nRkcJ6pOo6d5TihlP3LtMv18FQ8vr08B6nTJBrgpV5pljygBeR7cUPQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJWGVudE9CTHRrK3dzUW5X\nNEc1MW5zSGEveGs1T0tOcmUrK0pOQW45YzFBClVPM0l2SlhwbmpJeWFyUXF6N3Q0\nbktweW03MGNNdklNOENQVHpPZGt0a2MKLS0tIFNkZng3YnRmQkhyVkpxUU9VeFdM\nUlRZMnM2TXM2M1lmbW8vQnhveG1hY3MKREXHP3+XlwkrstFPbpUHkNGtlX6qpOxV\nBptaRca56JW2fkgoHsL733DeuznnOqNTXRdQGQbxdATzyrdHxz1tDQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpbUIxQUpkMmJxWklSVVJ2\nZURiT2I4STE0RjJYUUtYSTN3Zy9tdkVzZUNRCkhzZXV1eHJaYy9pZ3NscHJlcEV1\ndFVwQmp1MDJaVWpaTERhdWpwVitiUk0KLS0tIGl4aWZjNkFFTE9wSkdGQjQ3K21q\nS1pvU2Y4L2xwc1NhTFVRYU83R3dEWTQKyn76XKKUrbsZL0TT/WaGxxZfRj58VQzQ\nT3TYf1eimqJUZv4SE2oo1pj7n5Tu3JYizPTK4u9RMeNz0uftZHuHUQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-15T14:18:28Z", "mac": "ENC[AES256_GCM,data:mOSflPXxdKtJH6dfmR41msVSp1Bcc7M4eBpFQFsTe5edUa8qWKjOeBnIN0U7Sqm7fQngOmfxIzqViaPCqSFg4TX01F4Trv6gcMUErF9OqIl+HbkZKHQxPIktXnb0OX95V85GsRvwUrLKX5l6PwQrPK+ovCHr9NjcUos2T4vlJkc=,iv:HSWHk5J+lPuiNBppKuJHRLwjcvm+H4DqBTlvR+mHUTk=,tag:PkKNbxHu61iuidj0MhkiaQ==,type:str]", + "unencrypted_suffix": "_unencrypted", "version": "3.11.0" } } From ebf864ffb9ac3fb8c04f785dd409b15f1225e12b Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 15 Oct 2025 21:26:00 +0200 Subject: [PATCH 218/376] format file --- machines/haze/hardware-configuration.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/machines/haze/hardware-configuration.nix b/machines/haze/hardware-configuration.nix index efeeffb..639e54b 100644 --- a/machines/haze/hardware-configuration.nix +++ b/machines/haze/hardware-configuration.nix @@ -4,7 +4,15 @@ hardware.enableRedistributableFirmware = true; - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "thunderbolt" + "vmd" + "nvme" + "usb_storage" + "sd_mod" + "rtsx_usb_sdmmc" + ]; boot.kernelModules = [ "kvm-intel" ]; hardware.cpu.intel.updateMicrocode = config.hardware.enableRedistributableFirmware; From 2adad42fe73d92771244cd58e8a63393d82dbda3 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 17 Oct 2025 12:30:24 +0200 Subject: [PATCH 219/376] Add verbena to secret --- vars/shared/openssh-ca/id_ed25519/machines/verbena | 1 + vars/shared/openssh-ca/id_ed25519/secret | 8 ++++++-- 2 files changed, 7 insertions(+), 2 deletions(-) create mode 120000 vars/shared/openssh-ca/id_ed25519/machines/verbena diff --git a/vars/shared/openssh-ca/id_ed25519/machines/verbena b/vars/shared/openssh-ca/id_ed25519/machines/verbena new file mode 120000 index 0000000..de62703 --- /dev/null +++ b/vars/shared/openssh-ca/id_ed25519/machines/verbena @@ -0,0 +1 @@ +../../../../../sops/machines/verbena \ No newline at end of file diff --git a/vars/shared/openssh-ca/id_ed25519/secret b/vars/shared/openssh-ca/id_ed25519/secret index cebf129..df00cd7 100644 --- a/vars/shared/openssh-ca/id_ed25519/secret +++ b/vars/shared/openssh-ca/id_ed25519/secret @@ -4,11 +4,15 @@ "age": [ { "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6VTVScHBtYVFLbGdmWnFx\nVGtGYlJvSEMySU5uTGo1akRCSDVsYlF5UVFnCnNucktTNjFNMzJRM3BRQkhSL3RW\nV3czUHI1MFFDREg3QnhVSDVObjExNW8KLS0tIGhveWxLVmpZYmlZaFlRZWZOc3NO\nRkhLa1I0SkhuV3lDTlR0cnpzRUdJTlEKDlU45nUKf6jl7ZBJX1wvju+Kx8Sa2/sz\nRkcJ6pOo6d5TihlP3LtMv18FQ8vr08B6nTJBrgpV5pljygBeR7cUPQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjUTJMZW9oR251N0NrTE1V\nRlMyZnptZmswWTFjOG04djhzaGx0Y1pFdHhnCjlRYzNRcUE1UHBCMzJwTlJVQjQy\nbmRFeFpwdTRoanZaYjhTNnR2cytsWjgKLS0tIEp4MkN6WEt3TUR2L2RkZGNNbzdG\nSC9ta1J0dFBQRTJpZ2RxeXpWZlowZW8KO9W6b58BcgA7RW9ytF/08UYm/YOe6Nhl\n9rDiMa3Hs3YMKtD4d4T8vO8QbJ4ncQAulqEhF0NKGiud/Py5HXyxqw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUWFoNWJBZTlSWW1Vendp\nVEhyZE96WlE3cmlhRDJXUEJjcUhIZzdYaW1zCmdCdHpaZkYzUlhaY2doZFVrazhF\nM2xDZUs3Q2ZPbjhIdGJJUXM2cVJxNUEKLS0tIEoxRFBUeUtLRzFuVFd6VFI2ejJC\nZWRqcXJ0SjhFTG0yc3hjWk11MllFVUUKXcBSc/hOIOJv/i8EmxiAhvgZTviDPZTV\n361VQq3RIveAnFO9kW5kvGsBqn1Pn8vOcqhQ7x/bBJn/MEwe0/vpDA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpbUIxQUpkMmJxWklSVVJ2\nZURiT2I4STE0RjJYUUtYSTN3Zy9tdkVzZUNRCkhzZXV1eHJaYy9pZ3NscHJlcEV1\ndFVwQmp1MDJaVWpaTERhdWpwVitiUk0KLS0tIGl4aWZjNkFFTE9wSkdGQjQ3K21q\nS1pvU2Y4L2xwc1NhTFVRYU83R3dEWTQKyn76XKKUrbsZL0TT/WaGxxZfRj58VQzQ\nT3TYf1eimqJUZv4SE2oo1pj7n5Tu3JYizPTK4u9RMeNz0uftZHuHUQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4QzRSUU15ay8xbmVvYVhU\nR3RQcUpPSDRKb3NrVHdxc1paWTdRWjJXRkZzClFyUmtSRGtWczg2ZDEwYkhmUXN6\nT2ZqQ2tDaGFuTGlMMXd1R3BXMDRBbGMKLS0tIFdQSXViYnJjVGxRdkRzR016MDda\nSDBCRG5BQ1NBb0V6VXJ6b2lRdkVlQlUKjZhTwcDmvvNDNRoCM60JbjK62oDwwZwC\n/Xj+vmVTKz5UFqTU3cFI4yoFa4D2JP+XPHAz6cj722hmdq0kY9ipPg==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-15T14:18:28Z", From 73d4a54ea1cf2621bc6e9fc52ce5e3ec2cbfa245 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 17 Oct 2025 12:30:25 +0200 Subject: [PATCH 220/376] Add crocus to secret --- vars/shared/openssh-ca/id_ed25519/machines/crocus | 1 + vars/shared/openssh-ca/id_ed25519/secret | 10 +++++++--- 2 files changed, 8 insertions(+), 3 deletions(-) create mode 120000 vars/shared/openssh-ca/id_ed25519/machines/crocus diff --git a/vars/shared/openssh-ca/id_ed25519/machines/crocus b/vars/shared/openssh-ca/id_ed25519/machines/crocus new file mode 120000 index 0000000..1ca5db3 --- /dev/null +++ b/vars/shared/openssh-ca/id_ed25519/machines/crocus @@ -0,0 +1 @@ +../../../../../sops/machines/crocus \ No newline at end of file diff --git a/vars/shared/openssh-ca/id_ed25519/secret b/vars/shared/openssh-ca/id_ed25519/secret index df00cd7..1656201 100644 --- a/vars/shared/openssh-ca/id_ed25519/secret +++ b/vars/shared/openssh-ca/id_ed25519/secret @@ -4,15 +4,19 @@ "age": [ { "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjUTJMZW9oR251N0NrTE1V\nRlMyZnptZmswWTFjOG04djhzaGx0Y1pFdHhnCjlRYzNRcUE1UHBCMzJwTlJVQjQy\nbmRFeFpwdTRoanZaYjhTNnR2cytsWjgKLS0tIEp4MkN6WEt3TUR2L2RkZGNNbzdG\nSC9ta1J0dFBQRTJpZ2RxeXpWZlowZW8KO9W6b58BcgA7RW9ytF/08UYm/YOe6Nhl\n9rDiMa3Hs3YMKtD4d4T8vO8QbJ4ncQAulqEhF0NKGiud/Py5HXyxqw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZT2tidTE5djA4T3NBdnRX\naTA0bzk0UDMyU0Z6RjRkekRaTGNXeVQ0anl3CmNGdHdrVUFoYVBBWE9vZXptNG53\ndGFwNDJHS05CZTg2QkZVaS9oM0hlUW8KLS0tIERDMHcwZ25YQ1U0eldrN3NJQjYv\nY3VORmpYNXhId3lBRGNDQ0U2SmhsOFkKrYaU1ecNmn4xRmN5ix9P6jIr2U66GGoB\n1TI/bBUIM87UWH2UzAJh27vEcUHWOnGPaxkK0DLbVQlvYaHhFLgKWA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUWFoNWJBZTlSWW1Vendp\nVEhyZE96WlE3cmlhRDJXUEJjcUhIZzdYaW1zCmdCdHpaZkYzUlhaY2doZFVrazhF\nM2xDZUs3Q2ZPbjhIdGJJUXM2cVJxNUEKLS0tIEoxRFBUeUtLRzFuVFd6VFI2ejJC\nZWRqcXJ0SjhFTG0yc3hjWk11MllFVUUKXcBSc/hOIOJv/i8EmxiAhvgZTviDPZTV\n361VQq3RIveAnFO9kW5kvGsBqn1Pn8vOcqhQ7x/bBJn/MEwe0/vpDA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUZE1TWStneVdxQXFOZmJL\nS0FyMUJNOVl6YmVPd201Tkg1WVhXQUlKZlFzCmJKNkMzTFFFSWtwSmRwU3BKWHll\nMDZoTDc4ZWhJWVBoTjZyYTlkVWhQVzgKLS0tIFA4U2RsV1dRUUVrRHFONmNIbVd4\nVWdLczNmRHJha08xVW52eDFjZGc2VnMKmuFKHMIjfReYtAOuxzJRenE9+Tc9FRPG\nc1SiecHn61rbnrbjmupdP407B3bC1WjzTQeAXCkOj8RVbneUGHgwyA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUWkVLdFpTejN2dTlRVk5J\nM2wrbEJoNkFKNDU0cTR4SnMrS2ozU3RVZlZvCllUbkl1MzFtYWFNWDd5WUthdDl2\ndisybUhNNG8wbHhuWDhHSzZJWS9uREUKLS0tIDBIYStMT2ljWThyeHRPTDVWZXov\nSUJXMWFwSWsvOXl4M29IRlR5c0lSZEkK0KQiBXvu/iMPdH3sWsL3VyQKq84V3Qll\nCpnS+ydpiugOy2HZxPXSeFZe/jtXD1FpL2jHN1wu52T1CNPj2nmwOw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4QzRSUU15ay8xbmVvYVhU\nR3RQcUpPSDRKb3NrVHdxc1paWTdRWjJXRkZzClFyUmtSRGtWczg2ZDEwYkhmUXN6\nT2ZqQ2tDaGFuTGlMMXd1R3BXMDRBbGMKLS0tIFdQSXViYnJjVGxRdkRzR016MDda\nSDBCRG5BQ1NBb0V6VXJ6b2lRdkVlQlUKjZhTwcDmvvNDNRoCM60JbjK62oDwwZwC\n/Xj+vmVTKz5UFqTU3cFI4yoFa4D2JP+XPHAz6cj722hmdq0kY9ipPg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDYm9CN2tBaXhIRGJVK3lm\naDNqc0pHT3dsbzJHSzhNY0VzaHp6d0xvZmpvCjZaZEZQNm1tYjdWd0U1dWN0cERm\nN2xldHBvQ0hCdjRjRE1ObVlEN09HSE0KLS0tIG5kcDB3c3hlUFcyNEJBVXd6VUdP\nM3l1WVc3V0dtMFdGYWFlNkVqUHZ6T2MKEbbAqJUuw7B57CMCuicZgTz0WAwTB52r\nh7BGTqifDdBgPkuCf7FdCHC9TdmgCM3WhOI9f8EKO7EsO7aVLFdhhg==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-15T14:18:28Z", From 4ac5adaba6b8626858955357123f13daa7aeb908 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 17 Oct 2025 17:13:14 +0200 Subject: [PATCH 221/376] Update vars via generator gitea-s3-storage for machine verbena --- .../access-key-id/machines/verbena | 1 + .../gitea-s3-storage/access-key-id/secret | 18 ++++++++++++++++++ .../gitea-s3-storage/access-key-id/users/rpqt | 1 + .../access-key-secret/machines/verbena | 1 + .../gitea-s3-storage/access-key-secret/secret | 18 ++++++++++++++++++ .../access-key-secret/users/rpqt | 1 + 6 files changed, 40 insertions(+) create mode 120000 vars/per-machine/verbena/gitea-s3-storage/access-key-id/machines/verbena create mode 100644 vars/per-machine/verbena/gitea-s3-storage/access-key-id/secret create mode 120000 vars/per-machine/verbena/gitea-s3-storage/access-key-id/users/rpqt create mode 120000 vars/per-machine/verbena/gitea-s3-storage/access-key-secret/machines/verbena create mode 100644 vars/per-machine/verbena/gitea-s3-storage/access-key-secret/secret create mode 120000 vars/per-machine/verbena/gitea-s3-storage/access-key-secret/users/rpqt diff --git a/vars/per-machine/verbena/gitea-s3-storage/access-key-id/machines/verbena b/vars/per-machine/verbena/gitea-s3-storage/access-key-id/machines/verbena new file mode 120000 index 0000000..e061a4c --- /dev/null +++ b/vars/per-machine/verbena/gitea-s3-storage/access-key-id/machines/verbena @@ -0,0 +1 @@ +../../../../../../sops/machines/verbena \ No newline at end of file diff --git a/vars/per-machine/verbena/gitea-s3-storage/access-key-id/secret b/vars/per-machine/verbena/gitea-s3-storage/access-key-id/secret new file mode 100644 index 0000000..921f839 --- /dev/null +++ b/vars/per-machine/verbena/gitea-s3-storage/access-key-id/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:VQjMQfKH1lw3nLnccac1p0rwVKQWYpSs7TU=,iv:UQbB/5v9G2wiX5WWMEAOn6KcWywBAoEi1aX6Zjtv33w=,tag:1lOSmj7UbCB9g73jgbRunQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVWR2VktWM3RoRFdPK0hD\nVWR4b0tyamhzSGw0cGpaZGJldFlHaXBGYkRJClB6b0svZVZrK3NJMjl4U2pxajlQ\nMTc2SnJFcHhLc0sxS0hyUzNRTVJGQzAKLS0tIGtUTmVCeUJuQ1FnU0JYc2xWMG9p\nTUpjSFhzOVRoQ3krMmZzWEp1YlMvRlUK2iynGryvk5RF8IgZJJqAOi39YJdLJLuO\n3ZBKuP0cvHNQp/Zd55GOcRrORcU1fVOO8ILwOcKp9pj20ZxEo22vhQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPZituWnN2eE9KZzBiWmpn\naVZFU2piSHlIdXZXTjFucEUxblg1djcrWndrCjhEZGdBdTVqWFFCak1BU3N0L2tP\nMXRFWjdsVEdhTC8rL0VJVEVWVHVUN2cKLS0tIHNPNzM4aENTYStzSGR4SDJpcjR1\nbWRXOTdPa1EvN3h6SkVCbmcxbVdLMTQKwhRggJfY+jmcMN6Zr7M/YaviUWLvBQYU\nxSDyXaQf0nYkFx3ARU0UNq3v5zjW53gAOoTmWraShX534WydqCNrlw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-10-17T15:13:14Z", + "mac": "ENC[AES256_GCM,data:W2GFjGzFNbA7rcJDDqN4xWModtAe1IOlpsqR4VSg0TJNtLcQOSpzKHM/jd/wGu7yEA+5qRIPw5b8zBhTIqjTHEZv/OgGW1VU9xACNnYIbZj2E6dR5XkMo7Kk4pcClfUrn+mcoFb3qDRUmot4hIoOGwxYlzZCd1AWIoA0LsMwl7E=,iv:N03rEnwGDnnhfQTSr+ustojxUvuAzBRm62W+FPURuKM=,tag:bwYrwKAwi56KAy2iL/QVMQ==,type:str]", + "version": "3.11.0" + } +} diff --git a/vars/per-machine/verbena/gitea-s3-storage/access-key-id/users/rpqt b/vars/per-machine/verbena/gitea-s3-storage/access-key-id/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/verbena/gitea-s3-storage/access-key-id/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file diff --git a/vars/per-machine/verbena/gitea-s3-storage/access-key-secret/machines/verbena b/vars/per-machine/verbena/gitea-s3-storage/access-key-secret/machines/verbena new file mode 120000 index 0000000..e061a4c --- /dev/null +++ b/vars/per-machine/verbena/gitea-s3-storage/access-key-secret/machines/verbena @@ -0,0 +1 @@ +../../../../../../sops/machines/verbena \ No newline at end of file diff --git a/vars/per-machine/verbena/gitea-s3-storage/access-key-secret/secret b/vars/per-machine/verbena/gitea-s3-storage/access-key-secret/secret new file mode 100644 index 0000000..b7c4569 --- /dev/null +++ b/vars/per-machine/verbena/gitea-s3-storage/access-key-secret/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:Qw4KdJ8oqtZisPqpgrh7n069YPGjO7t3GE2XLEfFnnvU5UcbIoV77lx8A5d6K0F9OGtR3b2Oo4ka5bPPNI9pCA==,iv:hXORx3mNALVMk2i9MxVebWE/+PY9OZ3Sbu3+enBY3To=,tag:0MPUB3JWDnetR54MSfZt8Q==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHRmlyMGNRMDRTRUsxcjZw\naGtFY1BpVU9GMHVhU1k1WEIrT2d1Vkw0VDNzCmZzNmFVajlqcTBOZ2NTTUFVZWhR\nVWNadCtHZEFPMVpYaitaaHg2Z1p4VTQKLS0tIDRVSnRSaEZuaUVEL2c5dFQ1aEpD\ndDYyaUtlZzhPUGllZkZZbldKVEJtODQK1M11ZKwP+MAh1zJYwdhwJoYrNbm5xWFs\n85PMb9CQ0SDkFAVGtKgcdPpN5na7h8PK+X7x/j3Ik7qbo6EYUkak/w==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnRWxBRU43cUJLU0kvUE50\nZ0VnWS9SclRRZVNXVGlYNXF5LzI4SjYrb1U4CitiK0xIdGdyb201bzRjbS9EOTVH\nd28yUmVFMGZQVWw0TTB0U0UrR3hrZEkKLS0tIHYrY2FlaDBsTjhtcUhhZXBXSnhP\nQ3lKK0ZEUU5nbVF3WU9RS0t2YzlMVmsKBS6rdR0TwX4P6c0E0LfZn54yolLMgGvA\n+VV0a0aZUS2j5cywXjfhLPjUNaPPsh0LUjHoXEoNYzfuRmhOmMQwcw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-10-17T15:13:14Z", + "mac": "ENC[AES256_GCM,data:WH9GzcZM9ii4CHvtqCoqoKHCFK0S3OQM9x1cO/gkgRftFsO85jSnBUCtiPhRahvTffZT42sN4ZqDBq/LSKYEXB2iJWcN9StpTLs196wPzLyJhSrhY9jEy0JuxoTAhvcAC1MKPW+TsfC4SO9xazvEqShnP2z/BTYhzrgE5lsDDEE=,iv:eD7iBUopEKc5X/l8DowrBthYNPB805+AhuCCZq+fYeY=,tag:fTRAPEH0WXIW8SNso5FmdQ==,type:str]", + "version": "3.11.0" + } +} diff --git a/vars/per-machine/verbena/gitea-s3-storage/access-key-secret/users/rpqt b/vars/per-machine/verbena/gitea-s3-storage/access-key-secret/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/verbena/gitea-s3-storage/access-key-secret/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From 57634120b2de51a7f4558ded3890272bb55aca53 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 17 Oct 2025 17:13:14 +0200 Subject: [PATCH 222/376] Update vars via generator nextcloud for machine verbena --- .../nextcloud/admin-password/machines/verbena | 1 + .../verbena/nextcloud/admin-password/secret | 18 ++++++++++++++++++ .../nextcloud/admin-password/users/rpqt | 1 + 3 files changed, 20 insertions(+) create mode 120000 vars/per-machine/verbena/nextcloud/admin-password/machines/verbena create mode 100644 vars/per-machine/verbena/nextcloud/admin-password/secret create mode 120000 vars/per-machine/verbena/nextcloud/admin-password/users/rpqt diff --git a/vars/per-machine/verbena/nextcloud/admin-password/machines/verbena b/vars/per-machine/verbena/nextcloud/admin-password/machines/verbena new file mode 120000 index 0000000..e061a4c --- /dev/null +++ b/vars/per-machine/verbena/nextcloud/admin-password/machines/verbena @@ -0,0 +1 @@ +../../../../../../sops/machines/verbena \ No newline at end of file diff --git a/vars/per-machine/verbena/nextcloud/admin-password/secret b/vars/per-machine/verbena/nextcloud/admin-password/secret new file mode 100644 index 0000000..a067803 --- /dev/null +++ b/vars/per-machine/verbena/nextcloud/admin-password/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:1MidunOjhcm7MZSfQSor8xrGR3KSM6CAPw==,iv:/QIxqzJ+115R0C8eH1T6gHeJ5HdDAWcLZzEvhpu9SnU=,tag:PvoxKpIz3nTPlHgMD/MQ2w==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6Rm1vckdXamt3b2FORFp6\neGZLM3U5NHJKYzZwOWViVktUU0JqNktxc0FVCkdmZWZ5dHV4TUM5RWJkVjFQNElY\nd2VMZDlYTTZkSkxqemdWa3RtZEFjSzgKLS0tIG8wTFRmaVlKMmFTWWl1eE1kY2Q3\nODVyUXRSOGIzVmsxN01STzQ5OVZnQVUKWOxQIt6O0QUXHieU/4GSU5X3F77cREvZ\nxf8gip4jcbR916otZv9gY6kyn8Lrv/l6sVtSwApog0qlLAahRUB8wg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Q2gzZGJxWG5oeERxN1Fu\nQ1pIV3JSR1Z4RUI3T1lQbWMxZnJJemhESTEwCk1rYlpCbEJWcVh0ekRZOG5kV1o5\nRXY0QVVTNk1UNkU4RTJWaFhPQ1lldVkKLS0tIE5CNmpoc1pRYUw5Q0NJVWJNSElk\nblo2UTJuVTRvNnFWNGxqbTZpdC9OK3MKCQZqI5OLGQh9p1aL8rXwJP8chBv0DHQv\nkZ/vHrIWzU0UKkDdXb9dzo8+YDqpSkcLs/RFFT2VlC+fvUHt+hJeng==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-10-17T15:13:14Z", + "mac": "ENC[AES256_GCM,data:3ljtqcuR64WFghGRQT5sSQtnHE8XhaaYZTZljGVmb9LHpY2p0GVCzyEBTFj4t3RoOfaRh4NGxR5FGGn03WTghN604zXAZZokdq3jDZANXtu5F46dmtaN3JZPPpQof6tq+lNfuYQZBGFxSHd1Aq3iuIOTXLFyox7Pw5ECDHsw690=,iv:b/uFAqMc4KCMscztPxUQ7VTBq0IT9+iIb6U2+xCKlg4=,tag:1Zu11VuTry0fcsXq/Fx6jw==,type:str]", + "version": "3.11.0" + } +} diff --git a/vars/per-machine/verbena/nextcloud/admin-password/users/rpqt b/vars/per-machine/verbena/nextcloud/admin-password/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/verbena/nextcloud/admin-password/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From a47f3fa8862f702e8d32fc76e3c7b11bb29f6d98 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 17 Oct 2025 17:13:15 +0200 Subject: [PATCH 223/376] Update vars via generator nextcloud-s3-storage for machine verbena --- .../nextcloud-s3-storage/access-key-id/value | 1 + .../access-key-secret/machines/verbena | 1 + .../access-key-secret/secret | 18 ++++++++++++++++++ .../access-key-secret/users/rpqt | 1 + 4 files changed, 21 insertions(+) create mode 100644 vars/per-machine/verbena/nextcloud-s3-storage/access-key-id/value create mode 120000 vars/per-machine/verbena/nextcloud-s3-storage/access-key-secret/machines/verbena create mode 100644 vars/per-machine/verbena/nextcloud-s3-storage/access-key-secret/secret create mode 120000 vars/per-machine/verbena/nextcloud-s3-storage/access-key-secret/users/rpqt diff --git a/vars/per-machine/verbena/nextcloud-s3-storage/access-key-id/value b/vars/per-machine/verbena/nextcloud-s3-storage/access-key-id/value new file mode 100644 index 0000000..33bebdc --- /dev/null +++ b/vars/per-machine/verbena/nextcloud-s3-storage/access-key-id/value @@ -0,0 +1 @@ +GK0380f708a7baab9385e45ae9 \ No newline at end of file diff --git a/vars/per-machine/verbena/nextcloud-s3-storage/access-key-secret/machines/verbena b/vars/per-machine/verbena/nextcloud-s3-storage/access-key-secret/machines/verbena new file mode 120000 index 0000000..e061a4c --- /dev/null +++ b/vars/per-machine/verbena/nextcloud-s3-storage/access-key-secret/machines/verbena @@ -0,0 +1 @@ +../../../../../../sops/machines/verbena \ No newline at end of file diff --git a/vars/per-machine/verbena/nextcloud-s3-storage/access-key-secret/secret b/vars/per-machine/verbena/nextcloud-s3-storage/access-key-secret/secret new file mode 100644 index 0000000..c668762 --- /dev/null +++ b/vars/per-machine/verbena/nextcloud-s3-storage/access-key-secret/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:ekQgkyM4yo8LHVmN2ixGaIaz4quZiMFVhpD7d4K+s4fXKrL/Tc+so+bIxHQj3UlGgYAOvIqWHRZ/aqDZzFGGjw==,iv:bnYpVa1Ug6mhUsGSHPonVBT6g6Bhu+f8O+i8ieRtDik=,tag:jGScke0h1OHKj1DL31JhjA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoN2xRaTNocldMengrNDdM\nM0p3V2krandUVldIQVp1T1h2eGgzR2hFRG1RCm81cG5RNmYyTjhtTTFWTjUrdkIr\ncEExR1JreHFSQm83U2h3emoxOHlSaWsKLS0tIC9YUFdaNHpNcTF6VzZCSUpzVHVi\nZWFTbDZBOUtYSTVwNEhBSHBDVjJHd00Kcp2oOKKSV0n3s215mbJJSG+SUor8qC66\nAEn2xlOw9xkGP9ZSWRMgGwFMNGoKpkhWQu9FVlwmypW2Ci5ZoG5lBQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5QitSMnM3eFJ1VmlWTlNh\nNktieGZzWHdzSkRzTDhZaFE1UHhicC9tVmpZCkRpc1QvVzhMakhzbCtzdE4xaGph\nR01FL0ZRbEhKbXFBRWcwZmd4Z3l3WmsKLS0tIFBaQkpHU0E2WkxPbWNCTUZCSjRo\nb2pNUlJFT1Roem81U0NFbWN0bVA0WlkKIOs9Ej6hyj+tZjFbAvbxCC5NX1PTKhv7\nkVRlekGhBAO+a0ZlMGsy7G/bf9jYG1rLh5dIuFy07qFttqQ6AUjfLA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-10-17T15:13:14Z", + "mac": "ENC[AES256_GCM,data:cRSryYYPPVbdkodd63xa7h8DWHH5x5S8IforRB0pYLvbYEcCU88XHOZzJlnw6C42WB/wfYNeE09pG4uEcq8dTxRxseE3vzz+h46EBXQvjhPM/YKvNY5NMPkpda7NVmkABGCydB/MCWpRZBqR2DEyrc0V20/RNIYd7uHfYNi5dWg=,iv:3kLDivvmwa/4C4Nlq5dmaueDSaqxJT+7W21j93yUdKk=,tag:9TZkivjH9C2UtiCDDFohkQ==,type:str]", + "version": "3.11.0" + } +} diff --git a/vars/per-machine/verbena/nextcloud-s3-storage/access-key-secret/users/rpqt b/vars/per-machine/verbena/nextcloud-s3-storage/access-key-secret/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/verbena/nextcloud-s3-storage/access-key-secret/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From 53c5cd6705125a2e1e77b565fa6481f26013b511 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 18 Oct 2025 18:50:42 +0200 Subject: [PATCH 224/376] add ghostty light theme --- home/.config/ghostty/config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/.config/ghostty/config b/home/.config/ghostty/config index 4e26c72..060e2c3 100644 --- a/home/.config/ghostty/config +++ b/home/.config/ghostty/config @@ -1 +1 @@ -theme = Kanagawa Wave +theme = dark:Kanagawa Wave,light:Builtin Light From 838ff7ed6b8ab881bb3aa09cb1557a752975a22d Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 18 Oct 2025 18:50:42 +0200 Subject: [PATCH 225/376] migrate nextcloud from crocus to verbena --- infra/dns.tf | 25 ++++++++++------------ machines/crocus/configuration.nix | 1 - machines/verbena/configuration.nix | 1 + modules/flake-module.nix | 1 + {machines/crocus => modules}/nextcloud.nix | 5 +++-- 5 files changed, 16 insertions(+), 17 deletions(-) rename {machines/crocus => modules}/nextcloud.nix (95%) diff --git a/infra/dns.tf b/infra/dns.tf index 543a35f..c56ce73 100644 --- a/infra/dns.tf +++ b/infra/dns.tf @@ -23,23 +23,20 @@ resource "gandi_livedns_record" "rpqt_fr_radicle_aaaa" { } resource "gandi_livedns_record" "rpqt_fr_cloud_a" { - zone = data.gandi_livedns_domain.rpqt_fr.id - name = "cloud" - type = "A" - ttl = 10800 - values = [ - hcloud_server.crocus_server.ipv4_address, - ] + zone = data.gandi_livedns_domain.rpqt_fr.id + name = "cloud" + type = "A" + ttl = 10800 + values = local.verbena_ipv4_addresses } resource "gandi_livedns_record" "rpqt_fr_cloud_aaaa" { - zone = data.gandi_livedns_domain.rpqt_fr.id - name = "cloud" - type = "AAAA" - ttl = 10800 - values = [ - hcloud_server.crocus_server.ipv6_address, - ] + zone = data.gandi_livedns_domain.rpqt_fr.id + name = "cloud" + type = "AAAA" + ttl = 10800 + values = local.verbena_ipv6_addresses +} } data "ovh_vps" "verbena_vps" { diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix index 1747b9f..1fdcd00 100644 --- a/machines/crocus/configuration.nix +++ b/machines/crocus/configuration.nix @@ -7,7 +7,6 @@ ./radicle.nix self.nixosModules.nix-defaults ../../modules/remote-builder.nix - ./nextcloud.nix ../../modules/unbound.nix ../../modules/unbound-auth.nix self.nixosModules.gitea diff --git a/machines/verbena/configuration.nix b/machines/verbena/configuration.nix index 7b01303..5f2f366 100644 --- a/machines/verbena/configuration.nix +++ b/machines/verbena/configuration.nix @@ -4,6 +4,7 @@ self.nixosModules.nix-defaults ../../modules/unbound.nix ../../modules/unbound-auth.nix + self.nixosModules.nextcloud self.inputs.srvos.nixosModules.server ]; diff --git a/modules/flake-module.nix b/modules/flake-module.nix index 74f27fe..78a3d3b 100644 --- a/modules/flake-module.nix +++ b/modules/flake-module.nix @@ -13,6 +13,7 @@ tailscale.imports = [ ./tailscale.nix ]; user-rpqt.imports = [ ./user-rpqt.nix ]; hardened-ssh-server.imports = [ ./hardened-ssh-server.nix ]; + nextcloud.imports = [ ./nextcloud.nix ]; common.imports = [ { diff --git a/machines/crocus/nextcloud.nix b/modules/nextcloud.nix similarity index 95% rename from machines/crocus/nextcloud.nix rename to modules/nextcloud.nix index a07c945..2404806 100644 --- a/machines/crocus/nextcloud.nix +++ b/modules/nextcloud.nix @@ -4,13 +4,14 @@ let in { imports = [ - ../../modules/acme-home.nix + ./acme-home.nix ]; services.nextcloud = { enable = true; hostName = fqdn; https = true; + package = pkgs.nextcloud32; config = { dbtype = "pgsql"; dbuser = "nextcloud"; @@ -33,7 +34,7 @@ in }; extraAppsEnable = true; extraApps = { - inherit (pkgs.nextcloud31Packages.apps) tasks; + # inherit (pkgs.nextcloud32Packages.apps) tasks; }; }; From 81c3724ff73db39c8b3c5c7f04e576b8d9445ce3 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 18 Oct 2025 18:50:42 +0200 Subject: [PATCH 226/376] migrate gitea from crocus to verbena --- infra/templates/turifer.dev.zone | 8 ++++++-- machines/crocus/configuration.nix | 1 - machines/flake-module.nix | 2 +- machines/verbena/configuration.nix | 1 + 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/infra/templates/turifer.dev.zone b/infra/templates/turifer.dev.zone index 1dd4622..bee1da4 100644 --- a/infra/templates/turifer.dev.zone +++ b/infra/templates/turifer.dev.zone @@ -17,8 +17,12 @@ _submissions._tcp.turifer.dev. 3000 IN SRV 0 1 465 smtp.migadu.com. _imaps._tcp.turifer.dev. 3000 IN SRV 0 1 993 imap.migadu.com. _pop3s._tcp.turifer.dev. 3000 IN SRV 0 1 995 pop.migadu.com. -git.turifer.dev. 10800 IN A ${crocus_ipv4_address} -git.turifer.dev. 10800 IN AAAA ${crocus_ipv6_address} +%{ for addr in verbena_ipv4_addresses ~} +git.turifer.dev. 10800 IN A ${addr} +%{ endfor ~} +%{ for addr in verbena_ipv6_addresses ~} +git.turifer.dev. 10800 IN AAAA ${addr} +%{ endfor ~} %{ for addr in verbena_ipv4_addresses ~} buildbot.turifer.dev. 10800 IN A ${addr} diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix index 1fdcd00..c457608 100644 --- a/machines/crocus/configuration.nix +++ b/machines/crocus/configuration.nix @@ -9,7 +9,6 @@ ../../modules/remote-builder.nix ../../modules/unbound.nix ../../modules/unbound-auth.nix - self.nixosModules.gitea self.inputs.srvos.nixosModules.server self.inputs.srvos.nixosModules.hardware-hetzner-cloud ]; diff --git a/machines/flake-module.nix b/machines/flake-module.nix index 29f71bd..e4280e5 100644 --- a/machines/flake-module.nix +++ b/machines/flake-module.nix @@ -54,7 +54,7 @@ }; internet = { - roles.default.machines.crocus = { + roles.default.machines.verbena = { settings.host = "git.turifer.dev"; }; }; diff --git a/machines/verbena/configuration.nix b/machines/verbena/configuration.nix index 5f2f366..0760a87 100644 --- a/machines/verbena/configuration.nix +++ b/machines/verbena/configuration.nix @@ -5,6 +5,7 @@ ../../modules/unbound.nix ../../modules/unbound-auth.nix self.nixosModules.nextcloud + self.nixosModules.gitea self.inputs.srvos.nixosModules.server ]; From f2dc0e6b2fb0c06dcb08b410a035f4296ea94b23 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 18 Oct 2025 18:50:42 +0200 Subject: [PATCH 227/376] move genepi installer to another file --- flake.nix | 27 +-------------------------- packages/flake-module.nix | 26 ++++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 26 deletions(-) create mode 100644 packages/flake-module.nix diff --git a/flake.nix b/flake.nix index f3594d3..10d9033 100644 --- a/flake.nix +++ b/flake.nix @@ -8,7 +8,6 @@ flake-parts, home-manager, impermanence, - nixos-generators, nixos-hardware, self, ... @@ -22,37 +21,13 @@ ./home-manager/flake-module.nix ./machines/flake-module.nix ./modules/flake-module.nix + ./packages/flake-module.nix ]; systems = [ "x86_64-linux" "aarch64-linux" ]; - - flake = { - packages.aarch64-linux.genepi-installer-sd-image = nixos-generators.nixosGenerate { - specialArgs = { - inherit inputs; - }; - system = "aarch64-linux"; - format = "sd-aarch64-installer"; - modules = [ - nixos-hardware.nixosModules.raspberry-pi-4 - ./system/core - ./machines/genepi/network.nix - ./machines/genepi/hardware-configuration.nix - { networking.hostName = "genepi"; } - { sdImage.compressImage = false; } - { - nixpkgs.overlays = [ - (final: super: { - makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; }); - }) - ]; - } - ]; - }; - }; }); inputs = { diff --git a/packages/flake-module.nix b/packages/flake-module.nix new file mode 100644 index 0000000..13305ce --- /dev/null +++ b/packages/flake-module.nix @@ -0,0 +1,26 @@ +{ inputs, self, ... }: +{ + flake.packages.aarch64-linux.genepi-installer-sd-image = inputs.nixos-generators.nixosGenerate { + specialArgs = { + inherit inputs; + }; + system = "aarch64-linux"; + format = "sd-aarch64-installer"; + modules = [ + inputs.nixos-hardware.nixosModules.raspberry-pi-4 + self.nixosModules.common + self.nixosModules.hardened-ssh-server + ./machines/genepi/network.nix + ./machines/genepi/hardware-configuration.nix + { networking.hostName = "genepi"; } + { sdImage.compressImage = false; } + { + nixpkgs.overlays = [ + (final: super: { + makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; }); + }) + ]; + } + ]; + }; +} From c5a631b990c894615551f35cf5299041dd4715c4 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 18 Oct 2025 18:50:42 +0200 Subject: [PATCH 228/376] remove genepi nix-gc config (already set globally) --- machines/genepi/configuration.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index 34b327d..7bc8935 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -33,10 +33,4 @@ time.timeZone = "Europe/Paris"; clan.core.settings.state-version.enable = true; - - nix.gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - }; } From 88ebb508bf8d97b0f07714dc39f2456b7cf10040 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 18 Oct 2025 18:50:42 +0200 Subject: [PATCH 229/376] allow s3 api access on zerotier network --- modules/garage.nix | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/modules/garage.nix b/modules/garage.nix index 654e5fa..b27a6b4 100644 --- a/modules/garage.nix +++ b/modules/garage.nix @@ -1,5 +1,6 @@ { config, + lib, pkgs, self, ... @@ -8,39 +9,46 @@ let zerotier_interface = "zts7mq7onf"; zerotier_ip = self.nixosConfigurations.${config.networking.hostName}.config.clan.core.vars.generators.zerotier.files.zerotier-ip.value; + s3_port = 3900; + rpc_port = 3901; + web_port = 3902; + admin_port = 3903; in { services.garage = { package = pkgs.garage; settings = { metadata_dir = "/var/lib/garage/meta"; - data_dir = "/var/lib/garage/data"; + data_dir = lib.mkDefault "/var/lib/garage/data"; db_engine = "sqlite"; - replication_factor = 2; + replication_factor = 3; - rpc_bind_addr = "[::]:3901"; - rpc_public_addr = "[${zerotier_ip}]:3901"; + rpc_bind_addr = "[::]:${toString rpc_port}"; + rpc_public_addr = "[${zerotier_ip}]:${toString rpc_port}"; s3_api = { - api_bind_addr = "127.0.0.1:3900"; + api_bind_addr = "[${zerotier_ip}]:${toString s3_port}"; s3_region = "garage"; root_domain = ".s3.garage.home.rpqt.fr"; }; s3_web = { - bind_addr = "127.0.0.1:3902"; + bind_addr = "127.0.0.1:${toString web_port}"; root_domain = ".web.garage.home.rpqt.fr"; }; admin = { - api_bind_addr = "[${zerotier_ip}]:3903"; + api_bind_addr = "[${zerotier_ip}]:${toString admin_port}"; # TODO: use metrics_token }; }; }; networking.firewall.interfaces.${zerotier_interface} = { - allowedTCPPorts = [ 3901 ]; + allowedTCPPorts = [ + s3_port + rpc_port + ]; }; } From ccb9becde5e7a28cb24dc22f36ee52ce8d63dc8c Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 18 Oct 2025 18:50:42 +0200 Subject: [PATCH 230/376] update flake inputs --- flake.lock | 114 ++++++++++++++++++++++++++--------------------------- 1 file changed, 57 insertions(+), 57 deletions(-) diff --git a/flake.lock b/flake.lock index c2f6ccd..fb88d82 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1758897213, - "narHash": "sha256-pLZgNsmCMhTWd8aRuGkK23ik5nclpIn1flnURKH6QjI=", + "lastModified": 1760516981, + "narHash": "sha256-4AYTAH7WDL6C6WKktc9UEQRiav6oPzVpKuFWRyYeuTQ=", "owner": "nix-community", "repo": "buildbot-nix", - "rev": "985d069a2a45cf4a571a4346107671adc2bd2a16", + "rev": "01dfc9a07c070092e3187be8edbd2243a9e301a5", "type": "github" }, "original": { @@ -41,11 +41,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1759572375, - "narHash": "sha256-Sa9DLvlZEZ86/tGt/9vxWoctOHrBIhUdfQ6vGMzi5pk=", + "lastModified": 1760799913, + "narHash": "sha256-8Udaneh2eu0I6UqOrclKN+13gT4ZOyHTVa3vQmN8gnM=", "ref": "refs/heads/main", - "rev": "9847d4558b9e654a01b885d800925e4bfa0afcfc", - "revCount": 10401, + "rev": "5ab3c86b68649c3f3b3ace18ad44f6a717956ac5", + "revCount": 10699, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -64,11 +64,11 @@ "quickshell": "quickshell" }, "locked": { - "lastModified": 1759884507, - "narHash": "sha256-YhsD1d0Xk2LXp4Hgx7xI5nRS9REMKb+QGpejFM3fcdU=", + "lastModified": 1760754287, + "narHash": "sha256-g5tWzWheTOGHxtWECmVh7m5Lgk1w9wtfKBZKlQUEkaI=", "owner": "AvengeMedia", "repo": "DankMaterialShell", - "rev": "8cd0d5faa5f546472d3be5e843d58402ae3215a6", + "rev": "7c1e247ef820139445d03131254838401e2d76d0", "type": "github" }, "original": { @@ -93,11 +93,11 @@ ] }, "locked": { - "lastModified": 1759140052, - "narHash": "sha256-CpGdQRvgmBhEAlXNyrSfrDWcKoYYSGd+5Lw7mvlbt/A=", - "rev": "8332273e734aa906e7a1b2fda80e631f2dc9d4c9", + "lastModified": 1760612273, + "narHash": "sha256-pP/bSqUHubxAOTI7IHD5ZBQ2Qm11Nb4pXXTPv334UEM=", + "rev": "0099739c78be750b215cbdefafc9ba1533609393", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/8332273e734aa906e7a1b2fda80e631f2dc9d4c9.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/0099739c78be750b215cbdefafc9ba1533609393.tar.gz" }, "original": { "type": "tarball", @@ -112,11 +112,11 @@ ] }, "locked": { - "lastModified": 1757252286, - "narHash": "sha256-QwWQzlxAGvIi6VAc8DQ6ONCKKwtPyaHQW1cQyGbP7Og=", + "lastModified": 1760238269, + "narHash": "sha256-7CeGZM/Z/5Qt3AYByCRohGYGR1MRuXYzTTbkV/JxyAs=", "owner": "AvengeMedia", "repo": "dgop", - "rev": "a65a02ddf8bade9c109d055e644e4bd851183bd5", + "rev": "95acdfce2d323e28fa8f5a4f345160962034f2b5", "type": "github" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1758287904, - "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=", + "lastModified": 1760701190, + "narHash": "sha256-y7UhnWlER8r776JsySqsbTUh2Txf7K30smfHlqdaIQw=", "owner": "nix-community", "repo": "disko", - "rev": "67ff9807dd148e704baadbd4fd783b54282ca627", + "rev": "3a9450b26e69dcb6f8de6e2b07b3fc1c288d85f5", "type": "github" }, "original": { @@ -153,11 +153,11 @@ ] }, "locked": { - "lastModified": 1758287904, - "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=", + "lastModified": 1760701190, + "narHash": "sha256-y7UhnWlER8r776JsySqsbTUh2Txf7K30smfHlqdaIQw=", "owner": "nix-community", "repo": "disko", - "rev": "67ff9807dd148e704baadbd4fd783b54282ca627", + "rev": "3a9450b26e69dcb6f8de6e2b07b3fc1c288d85f5", "type": "github" }, "original": { @@ -174,11 +174,11 @@ ] }, "locked": { - "lastModified": 1757296630, - "narHash": "sha256-3H236F5oIKkqpfnwrvZQs4Y5imKb6JCMFGDkHs8VDjQ=", + "lastModified": 1760241259, + "narHash": "sha256-DlLGn+4M6tIafoDsHr2WhHG2hrHrC24S2IL3+KAvjEU=", "owner": "AvengeMedia", "repo": "danklinux", - "rev": "dac591711ab30d6b071a5cec674a3d2e04665ee1", + "rev": "dae4c3ff4ce0feb930361c399747edb29d081775", "type": "github" }, "original": { @@ -278,11 +278,11 @@ ] }, "locked": { - "lastModified": 1759573136, - "narHash": "sha256-ILSPD0Dm8p0w0fCVzOx98ZH8yFDrR75GmwmH3fS2VnE=", + "lastModified": 1760797298, + "narHash": "sha256-p+g2IbDAVdcN068VNxgvvdM/su0DatNohg28x0gqPRg=", "owner": "nix-community", "repo": "home-manager", - "rev": "5f06ceafc6c9b773a776b9195c3f47bbe1defa43", + "rev": "fc837be107e33f5debe7fecc5c597a8dab69d83b", "type": "github" }, "original": { @@ -356,11 +356,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1758832531, - "narHash": "sha256-VRF03GOVi8xjY31OiLj9A5If9fRQ4V52jd3a1pM+RtM=", + "lastModified": 1759773931, + "narHash": "sha256-/8A10DQgqBq31tqbZFWb/5eZp/BC3ACoSMi9ChCw+ho=", "owner": "InioX", "repo": "Matugen", - "rev": "1e72330c4a457d7939c894f4934d334b5b9c4380", + "rev": "e85a6c9ac4efe2362afb6358f8d2f05556a1d1f1", "type": "github" }, "original": { @@ -377,11 +377,11 @@ ] }, "locked": { - "lastModified": 1758805352, - "narHash": "sha256-BHdc43Lkayd+72W/NXRKHzX5AZ+28F3xaUs3a88/Uew=", + "lastModified": 1760721282, + "narHash": "sha256-aAHphQbU9t/b2RRy2Eb8oMv+I08isXv2KUGFAFn7nCo=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "c48e963a5558eb1c3827d59d21c5193622a1477c", + "rev": "c3211fcd0c56c11ff110d346d4487b18f7365168", "type": "github" }, "original": { @@ -454,11 +454,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1759261527, - "narHash": "sha256-wPd5oGvBBpUEzMF0kWnXge0WITNsITx/aGI9qLHgJ4g=", + "lastModified": 1760106635, + "narHash": "sha256-2GoxVaKWTHBxRoeUYSjv0AfSOx4qw5CWSFz2b+VolKU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e087756cf4abbe1a34f3544c480fc1034d68742f", + "rev": "9ed85f8afebf2b7478f25db0a98d0e782c0ed903", "type": "github" }, "original": { @@ -486,11 +486,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1759381078, - "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", + "lastModified": 1760524057, + "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", + "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", "type": "github" }, "original": { @@ -508,11 +508,11 @@ ] }, "locked": { - "lastModified": 1756981260, - "narHash": "sha256-GhuD9QVimjynHI0OOyZsqJsnlXr2orowh9H+HYz4YMs=", + "lastModified": 1760228179, + "narHash": "sha256-4Z6k7lv3Zcgk3K+4h60LpqB9wCkR+utkYERU735U068=", "ref": "refs/heads/master", - "rev": "6eb12551baf924f8fdecdd04113863a754259c34", - "revCount": 672, + "rev": "c9d3ffb6043c5bf3f3009202bad7e0e5132c4a25", + "revCount": 693, "type": "git", "url": "https://git.outfoxxed.me/quickshell/quickshell" }, @@ -547,11 +547,11 @@ ] }, "locked": { - "lastModified": 1759188042, - "narHash": "sha256-f9QC2KKiNReZDG2yyKAtDZh0rSK2Xp1wkPzKbHeQVRU=", + "lastModified": 1760393368, + "narHash": "sha256-8mN3kqyqa2PKY0wwZ2UmMEYMcxvNTwLaOrrDsw6Qi4E=", "owner": "Mic92", "repo": "sops-nix", - "rev": "9fcfabe085281dd793589bdc770a2e577a3caa5d", + "rev": "ab8d56e85b8be14cff9d93735951e30c3e86a437", "type": "github" }, "original": { @@ -567,11 +567,11 @@ ] }, "locked": { - "lastModified": 1759366584, - "narHash": "sha256-GoeShBq/+xv9g9POP69vbOrObpLtS/mDfF1/pfPIQrU=", + "lastModified": 1760576393, + "narHash": "sha256-QdkymRnXsZamQlT59VuTL7/UW8Kw4Aj8sobMnvygASQ=", "owner": "nix-community", "repo": "srvos", - "rev": "1dbb22b9b15f449a7c8c92a94aec9fe5aea8ef7c", + "rev": "819d29cd71b1b1804e17f2a9de71905235f91f41", "type": "github" }, "original": { @@ -654,11 +654,11 @@ ] }, "locked": { - "lastModified": 1758728421, - "narHash": "sha256-ySNJ008muQAds2JemiyrWYbwbG+V7S5wg3ZVKGHSFu8=", + "lastModified": 1760120816, + "narHash": "sha256-gq9rdocpmRZCwLS5vsHozwB6b5nrOBDNc2kkEaTXHfg=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "5eda4ee8121f97b218f7cc73f5172098d458f1d1", + "rev": "761ae7aff00907b607125b2f57338b74177697ed", "type": "github" }, "original": { @@ -675,11 +675,11 @@ ] }, "locked": { - "lastModified": 1759528325, - "narHash": "sha256-51jQbWs7CDtY7/TIhhUhiPV/AXau3Gd+XJX+88lznmk=", + "lastModified": 1760627979, + "narHash": "sha256-PwBlZK87hnEjcWoDq7NXAdRWhLkT6981NU/DnMRljqs=", "owner": "vicinaehq", "repo": "vicinae", - "rev": "365cded21ad82d178cb35a076f9f6ac9cb8e1707", + "rev": "b7c4d28e0d2b696e803ea35a1496aeba006dfdf1", "type": "github" }, "original": { From 0183d9397a90c0fc92367d9946f28e7d38312ee7 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 18 Oct 2025 18:50:42 +0200 Subject: [PATCH 231/376] add fake install dates for clan-app --- inventory.json | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/inventory.json b/inventory.json index 9465cf3..78d4f06 100644 --- a/inventory.json +++ b/inventory.json @@ -2,6 +2,15 @@ "machines": { "verbena": { "installedAt": 1757633120 + }, + "crocus": { + "installedAt": 1757633120 + }, + "haze": { + "installedAt": 1757633120 + }, + "genepi": { + "installedAt": 1757633120 } } -} \ No newline at end of file +} From cd8370ae4daef38b3f822197238ab231aef8850b Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 18 Oct 2025 18:50:42 +0200 Subject: [PATCH 232/376] add motd --- modules/flake-module.nix | 1 + modules/motd.nix | 6 ++++++ 2 files changed, 7 insertions(+) create mode 100644 modules/motd.nix diff --git a/modules/flake-module.nix b/modules/flake-module.nix index 78a3d3b..565a96c 100644 --- a/modules/flake-module.nix +++ b/modules/flake-module.nix @@ -15,6 +15,7 @@ hardened-ssh-server.imports = [ ./hardened-ssh-server.nix ]; nextcloud.imports = [ ./nextcloud.nix ]; + server.imports = [ common.imports = [ { users.mutableUsers = lib.mkDefault false; diff --git a/modules/motd.nix b/modules/motd.nix new file mode 100644 index 0000000..1547318 --- /dev/null +++ b/modules/motd.nix @@ -0,0 +1,6 @@ +{ config, ... }: +{ + users.motd = '' + Welcome to ${config.networking.hostName}! + ''; +} From ce357923c0e6eae691026cf8fe98758d9bbab8a5 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 18 Oct 2025 18:50:42 +0200 Subject: [PATCH 233/376] fix nextcloud s3 endpoint --- modules/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 2404806..8ab0ab9 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -25,7 +25,7 @@ in bucket = "nextcloud"; key = config.clan.core.vars.generators.nextcloud-s3-storage.files.access-key-id.value; secretFile = config.clan.core.vars.generators.nextcloud-s3-storage.files.access-key-secret.path; - hostname = "127.0.0.1"; + hostname = config.clan.core.vars.generators.zerotier.files.zerotier-ip.value; port = 3900; useSsl = false; region = "garage"; From fd6eef2e9521a2b6abafeaf1bbe36848e05e5819 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 22 Oct 2025 15:45:42 +0200 Subject: [PATCH 234/376] Update var garage/metrics_token for machine crocus --- vars/per-machine/crocus/garage/metrics_token/secret | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/vars/per-machine/crocus/garage/metrics_token/secret b/vars/per-machine/crocus/garage/metrics_token/secret index 6f0bd9a..4528b14 100644 --- a/vars/per-machine/crocus/garage/metrics_token/secret +++ b/vars/per-machine/crocus/garage/metrics_token/secret @@ -1,19 +1,18 @@ { - "data": "ENC[AES256_GCM,data:TkrqHdNw4y0yXniFE+GVWeZFDTcE8mSl018Yee+jmLHamREJJTVm3YuLnvUl,iv:ujf6LKoFZbPcDDJHEjKtu1K5vsHA5mtd/rCbXHsYcw4=,tag:MpL5TemDWr0i2/eB19RYeQ==,type:str]", + "data": "ENC[AES256_GCM,data:lUc+UFC0LI1ZCE14HSMuqQQZmvdX0Ke/69ydntpRWkMA0tpp7gDJEGF8cUQ=,iv:aQu6ukdgKQZuIpjUHEgix8LcrouFQb2NJrENtMoqH14=,tag:02zswZK/cOcEOhzWwNDJQw==,type:str]", "sops": { "age": [ { "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWY0RNS2MxYjFjQzJ3MjAy\nZlhveEdVQ2ExSFF2OTRQeDZOZnFjdHlmVGlzCnNGaDJ2ejBQZWJYT2dhT1JRYm93\nRi9IOFRlN1RkMmN2bVk3QlNGMGhsdnMKLS0tIFV6NWFVeVhNZ2pWUEl0Y0hwNlVJ\nUTU0ZnYyd254d2ZWMERMcXp2a0FCS2MKUvXDMS37SlN+EOwotmrNzeRRJK9b2zke\nIviLMQ9ir+QElm9IEiDK6UXE5x5nyKfOgvOO6AIsezyGpwDoeMsdVQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqWGpJKzVvcm9ESnBjSTdi\nUm1OTHJRNVovZjJqUDFwUTlhTXNjY1lYWW5NCjBUVThwMUhhSWRidkw5eGVoS3li\nUy84L3JQQmJ0K3VRelIwWkt5ejV4RzAKLS0tIGxsdEVOK25MNm1QMyt3YzdSQTRj\nMEhBemNlS1Y3aW5LTllqbmQ0SDltaFkKjsuntQ2e+RsKi7vBqoJt/NJQeEzPlcg7\nWFQ6zE+DMwcFXc0kPTiH83v84fmObM5vrhFq6zS8XpnpMWGHFfBo5w==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1L1hSZXN6Tm5FNkczbTFa\nYkdEK0ZPSkJYbmJuZXJFK3Z2Q21UMEFHUVhFCkVSakZEWkhlRm9XemlPNjN2YTVD\nQ3VGL2txdkxKMTBZa2xFeUg2cXY1V0kKLS0tIDN1TG02MUtlZUNoc3dPcnRKT0Fn\ncFhyY2ltbElrZTZXbGlWNTdzNHJYMkUKxEPeYMc9ciG9wppaTald/rqR/tPGVKS3\n4vzSbg4mdG1qewONltSROYYflB/fZeVEuEOdOfdODL1WCuRpvwbpTg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzL2lEa0xyeXlBTjd4eGt6\nNGovNENNdEx2TWFnV3RUU3JXTzRGeVM5VW5jCmFqYUVEbWNwVUtyQlE4ZWpIaHBC\neXBoN1pPeHRWWU15Y3N0NzRuZ1FOeGMKLS0tIHRCNzcxQkJTQlNWWmFvVlZNd3I5\naHE5K1RqdU9iamFkR2dLVmwya2JQV1kKGW/2RDgUAhDMTwuQ91Ql/ZiG7m/693ZH\nrsPYpglFtvsITGb7UYBgBqfWMdzBwK4a0PmbqHA7mYPCNCjnZ8PS4A==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-06-19T21:51:47Z", - "mac": "ENC[AES256_GCM,data:OlbMel6Qf+SJyVHCp9v5U4EoBoolcxxtWiP6/29eXqIBHAQ7M1CAnQcoihDNaNrqINGpWxsBdWXGub69FkjRW9adyOc/BFidLuwDRY9C3F4G6e+99JppoGdmnaoZS3laOu1K09YE0BuUUOtGCvgRvtgfyalsnIEm4ASGhVz/6Cw=,iv:MKhebshlWzghyi4lTErOsUcfsoCJqj72IGxYlTcbn7I=,tag:Bov+mBo818U9fInwoUYGpw==,type:str]", - "unencrypted_suffix": "_unencrypted", - "version": "3.10.2" + "lastmodified": "2025-10-22T13:45:41Z", + "mac": "ENC[AES256_GCM,data:+xkAasuSJwEC3a7CFZauixtm0/93GsVpRNfd9ZA3lGjNV6HKSLjQFLj0GcUXCgUOjhI/9ICWsBIEf2PI6UzqXqrWefJdyLxIGujzQ9lRBFBOFEwZYIUBKpwodSUAmZRpIOT0qUR4g2GTlTU2YOK4LMQ0l8RWYiFHC0U1/tlL1yU=,iv:AlcVm3nBP6R8/+IcbTKJfijvqwpbn8kWs6vGUZJTXu0=,tag:+fuhL7Xomf1Cy0zcFR746g==,type:str]", + "version": "3.11.0" } } From b66e5d13017a55cd1a525585f5b46a6765e3d84c Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 22 Oct 2025 15:46:08 +0200 Subject: [PATCH 235/376] Update var garage/metrics_token for machine genepi --- vars/per-machine/genepi/garage/metrics_token/secret | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/vars/per-machine/genepi/garage/metrics_token/secret b/vars/per-machine/genepi/garage/metrics_token/secret index 45bb3f8..89f2dba 100644 --- a/vars/per-machine/genepi/garage/metrics_token/secret +++ b/vars/per-machine/genepi/garage/metrics_token/secret @@ -1,19 +1,18 @@ { - "data": "ENC[AES256_GCM,data:XhYWRFmXLvbfmWiMnq6x09MCjMhYRbQaaklu01y7A60gRQj6NzrdYVvU2qyd,iv:XKFiHWHwzZSNNS5hbwwyKnDqfYS7D9kTXXCnc2jRmoI=,tag:je58k2uQ44jaC1byxu3Xag==,type:str]", + "data": "ENC[AES256_GCM,data:/EaSiOsI6CZgh/+yALtwFDIXkLmtpdrNrkgqdWVhR8VAkkrqt7vsZOZdKZ8=,iv:p2c3bqQCztH0HljIkItfvd8F7vgCoSyftaHhRP7IpeA=,tag:mBFJls9klEjFLwiV7lbalw==,type:str]", "sops": { "age": [ { "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2NnJoZVc2L09RMThWaWFM\nWjZCWmJpUDJMd2tJSTNLaWFjV2Ewc1YvMWxjClVtZ1p0V3BlalBaQW9ldFAvdk1M\nUnF0L2o5R3FSbXFMdlJ4MXM3Y1hQam8KLS0tIExKZ05BaUxkRXZaQ3lpSmE0NitY\nY083ZXQ0bktJUEVibXBWQzN3RVEvbWsKDyzXAVmc24+K2nBBtbCs0aioVVbavHfj\n7dlwAzBIgGtrCoKG4ifbB3X/at038Xwsk00u63flVtr9um6DFoxtlg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsOEEwa2tsL3hTSHdVT0d0\nUGh1RHNnVm5nM0pVYVQzSDNjWlQrQkZuNXkwCmg0SWJVWjV2QWRjOStmWUJZNHMz\nTEVsZDJJVFdIcjliOG9EQzd3RWx2aEkKLS0tIEZ4N0RyY3hnWlRwdFZSUmxTVnY5\nVW5DWUlGVTFmTVBaYVQvN0NaU3hWQkUKrv2IROdtReKsp6e1phQNJgMnwd31rapU\n8CC7it7hudcP1dx8cmJjbH/MSp6Uao61tOEFgJ8OzhLvySig367qGQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOZ1BOZ3dJa0V4ckNtNHFt\nTzQyUVRlcDJyTHNYb2RXR0RIZE13ck43OUdjCjB0WEJHbEtrVU5OcEE1eTRVai9z\nQWM0MzBuZWt1VHFUcUlqd3JRcXVISU0KLS0tIGdqSGtaaU8zVml6UTd5K1l6OFk4\nS2dpeVlva1BnNUZMc2hKb2hxSkdseDQKVay7CbTfid2V/ztXjNpBfG46lrM+fpbu\nlTuBOeyzftTWqKicjhzIh3eKF0NJMLDflC6QBNywtt26bRehNngFmw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZGE1bzZmV2pmWVZyUWJT\nNnpxdTJuTzRtM3luRTFBK0ZkVFpLNDRTN1FzClBudnQ4ZFp0NnRSbldGaVNMS1pB\nTTVpakhSRGw4Q2lMOXZSTUFrUmZWRlEKLS0tIGVUM200eG9La2R5SGEyR3J5WWF2\nYlNBTjR4VUJpanhzckhUa1g3U2RWdDQKueVBzFZSDiWo3I3G0uc12RZbk6Lkj2Ht\ne9ucEBF9AB5tKcIkebBQcWeW+lox3q+UuPxUgqMFTETdp7Eks0k0fQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-06-19T21:51:49Z", - "mac": "ENC[AES256_GCM,data:3jN4Jq+rFtDY0o7TfmGyJ3YhIaTEejJTqUyepUvh2NDfSXvLUswvPAEznKYaPLG1kHw4UX00elaNr/Yg9Bo4lQdLYjhSo/IeOjoxdp/bAcH6zmTWZpv3u8tEy4hQTva3RseCFCuNieJazVPnucjvHOkiVn+P4Bkr0UMXizyS+mE=,iv:hotkunc/ytaIMxt+2K1kXZuKyVHKGmdC2nSjgkb82xk=,tag:k2L7TVWgbtV9A4BNmWCVOg==,type:str]", - "unencrypted_suffix": "_unencrypted", - "version": "3.10.2" + "lastmodified": "2025-10-22T13:46:08Z", + "mac": "ENC[AES256_GCM,data:WlI5PNYQa/KN4UMz7YcpWMD6fotL2BEPSrTr1GwJp2wjdNov0sWv6t5oGj5Uo1PAYnHyLOGrkXZKHHMROdbjxTqn4DwlcFbXnpxmM8R0qzaT4IcuJZI39/xurET7rXecqcRGc5daMVlc/EltIZEZZmRwIUHPFwctV5v0SIu6Nwg=,iv:T2sC658LJvOx0lellW0wqN59pQr3bIqwPT3s6vgEdXE=,tag:m6bJ431D11cr4f92eQkbCA==,type:str]", + "version": "3.11.0" } } From 018b5970044f965babd07a583f72301302062cdf Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 22 Oct 2025 15:49:11 +0200 Subject: [PATCH 236/376] Update var garage/metrics_token for machine crocus --- vars/per-machine/crocus/garage/metrics_token/secret | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/vars/per-machine/crocus/garage/metrics_token/secret b/vars/per-machine/crocus/garage/metrics_token/secret index 4528b14..82a1287 100644 --- a/vars/per-machine/crocus/garage/metrics_token/secret +++ b/vars/per-machine/crocus/garage/metrics_token/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:lUc+UFC0LI1ZCE14HSMuqQQZmvdX0Ke/69ydntpRWkMA0tpp7gDJEGF8cUQ=,iv:aQu6ukdgKQZuIpjUHEgix8LcrouFQb2NJrENtMoqH14=,tag:02zswZK/cOcEOhzWwNDJQw==,type:str]", + "data": "ENC[AES256_GCM,data:etszLvU4wt/58Z5WoYnOF66QIbOd1Gkja9NKG/DFN5D/msczoMJlCEHpBPk=,iv:1VnkoAlIiCesqEJuG3BqmD4wXaeN1EnU+0PoedhAftU=,tag:TB9PkJbxVjRlPy2MHiVsJQ==,type:str]", "sops": { "age": [ { "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqWGpJKzVvcm9ESnBjSTdi\nUm1OTHJRNVovZjJqUDFwUTlhTXNjY1lYWW5NCjBUVThwMUhhSWRidkw5eGVoS3li\nUy84L3JQQmJ0K3VRelIwWkt5ejV4RzAKLS0tIGxsdEVOK25MNm1QMyt3YzdSQTRj\nMEhBemNlS1Y3aW5LTllqbmQ0SDltaFkKjsuntQ2e+RsKi7vBqoJt/NJQeEzPlcg7\nWFQ6zE+DMwcFXc0kPTiH83v84fmObM5vrhFq6zS8XpnpMWGHFfBo5w==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2VHE1UlpPMjRTNGorbWg5\nREU5RUgvN3JWY0QrZ284UThtV0VUNmZUTGdvCno5UXNLNkJWR3JKZCtxeDVQN0c4\nVHR2Nkt2WlVvOGZZdVFla3lTMCs5SzQKLS0tIEQxbXQ3R2ttcGs2d0xtNXlYQTNR\ncjRLZ01tZmNXSzJOL3dxUXNGeFI1RWMKMf3mD7ff6l1QtfmACSPb6jiWpPQpYWG5\ndzWE3xLEqrMLNWuxuNG27lDsspLchXV0BUiAyQOxrZ2BcsFNKbb1Ww==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzL2lEa0xyeXlBTjd4eGt6\nNGovNENNdEx2TWFnV3RUU3JXTzRGeVM5VW5jCmFqYUVEbWNwVUtyQlE4ZWpIaHBC\neXBoN1pPeHRWWU15Y3N0NzRuZ1FOeGMKLS0tIHRCNzcxQkJTQlNWWmFvVlZNd3I5\naHE5K1RqdU9iamFkR2dLVmwya2JQV1kKGW/2RDgUAhDMTwuQ91Ql/ZiG7m/693ZH\nrsPYpglFtvsITGb7UYBgBqfWMdzBwK4a0PmbqHA7mYPCNCjnZ8PS4A==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYZ1VXRkZqUG5heGFHbjlh\nSURPOEJidTdYQS96SzQvWTB3bE1laVllQndVCmNqT2paNGcyelJER09YanBPcmpw\nYWVRWUQ3VHk0TXFhTlJneFlxZDRnMlEKLS0tIFZjazFFQVBDRUNFVG9Ha213M0Nr\na0pBQ3pyaFpDNnNNSi9kLzVTZ1FXZmMKMZr2tJV6HAq/NUCV623IGRdrNNrHzNcy\nWUwm/xay95MMG6xo4YfreWjw7tcYJDoZ3FI/9WzkZoTYC7KkBVbfeA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-10-22T13:45:41Z", - "mac": "ENC[AES256_GCM,data:+xkAasuSJwEC3a7CFZauixtm0/93GsVpRNfd9ZA3lGjNV6HKSLjQFLj0GcUXCgUOjhI/9ICWsBIEf2PI6UzqXqrWefJdyLxIGujzQ9lRBFBOFEwZYIUBKpwodSUAmZRpIOT0qUR4g2GTlTU2YOK4LMQ0l8RWYiFHC0U1/tlL1yU=,iv:AlcVm3nBP6R8/+IcbTKJfijvqwpbn8kWs6vGUZJTXu0=,tag:+fuhL7Xomf1Cy0zcFR746g==,type:str]", + "lastmodified": "2025-10-22T13:49:10Z", + "mac": "ENC[AES256_GCM,data:zlHoqQCG5Jyvd+7LPbfQJ/5jObp/A/qcE1dYRe6Z6h1ORt6r6aqd0aTB3ghLb2c3E0IRI5+GXVtn0P0Zu71yPwKa2gUbTME9fFPqG+wpvF9UUjNjEuRqdGt2aSpu6tQlRFsKP7wbx+5yDi2p8trq8lR3TiPjW8+7fAS70mBPe2E=,iv:Nm3lpkXbE6EXnY5JVRgsaqs3wCs3Nu9gk1HLCBTlxNY=,tag:CZthdXhKBlrARJBMeb2s2w==,type:str]", "version": "3.11.0" } } From edd397390c651c5f69310513198ae0594ea45516 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 22 Oct 2025 15:49:20 +0200 Subject: [PATCH 237/376] Update var garage/metrics_token for machine genepi --- vars/per-machine/genepi/garage/metrics_token/secret | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/vars/per-machine/genepi/garage/metrics_token/secret b/vars/per-machine/genepi/garage/metrics_token/secret index 89f2dba..849104e 100644 --- a/vars/per-machine/genepi/garage/metrics_token/secret +++ b/vars/per-machine/genepi/garage/metrics_token/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:/EaSiOsI6CZgh/+yALtwFDIXkLmtpdrNrkgqdWVhR8VAkkrqt7vsZOZdKZ8=,iv:p2c3bqQCztH0HljIkItfvd8F7vgCoSyftaHhRP7IpeA=,tag:mBFJls9klEjFLwiV7lbalw==,type:str]", + "data": "ENC[AES256_GCM,data:iNxayHZXxtx7ylDIwqNAEizE1Txx4MaW1I9vXns8a6ZgwAL+ZKlcl4E6Phg=,iv:1rEWb/xcz5iqJaWY7pF+qnkMd1GOs1ag5dJi60ERh7U=,tag:jAJpeMF9ef70zYVmFyDguQ==,type:str]", "sops": { "age": [ { "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsOEEwa2tsL3hTSHdVT0d0\nUGh1RHNnVm5nM0pVYVQzSDNjWlQrQkZuNXkwCmg0SWJVWjV2QWRjOStmWUJZNHMz\nTEVsZDJJVFdIcjliOG9EQzd3RWx2aEkKLS0tIEZ4N0RyY3hnWlRwdFZSUmxTVnY5\nVW5DWUlGVTFmTVBaYVQvN0NaU3hWQkUKrv2IROdtReKsp6e1phQNJgMnwd31rapU\n8CC7it7hudcP1dx8cmJjbH/MSp6Uao61tOEFgJ8OzhLvySig367qGQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaR2s2NlJPaXBDYVBKcVlt\nODVOQWYvYjJtQ05yZnltY2ZzOStlLzhBOVJ3CnY0a2ZUTUxkSnRrYjI5bGZnbVhK\neTcyZE9vQTNvQ0JLTGgyeG1KUy9TUnMKLS0tIC8wOWtHU3pXSGlTRHpQa3Mwd1M4\nZ1RmNDVxa05jYVJxQVpiZWhqZG5iVWcKItL1ca4xQmdrUgQht20VHqxHSZRJV+aK\nWSoRV2ZMqK+cCTZ+ayZP8dXihBAKqVpurJkY4yoXsWAVOMWwzdcpgA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZGE1bzZmV2pmWVZyUWJT\nNnpxdTJuTzRtM3luRTFBK0ZkVFpLNDRTN1FzClBudnQ4ZFp0NnRSbldGaVNMS1pB\nTTVpakhSRGw4Q2lMOXZSTUFrUmZWRlEKLS0tIGVUM200eG9La2R5SGEyR3J5WWF2\nYlNBTjR4VUJpanhzckhUa1g3U2RWdDQKueVBzFZSDiWo3I3G0uc12RZbk6Lkj2Ht\ne9ucEBF9AB5tKcIkebBQcWeW+lox3q+UuPxUgqMFTETdp7Eks0k0fQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZWTVxTjhyT0g2eDdtWUdz\nT3J3Zm5STlQvbDF2VG5MbW9RVUV0UU9panhrClJZQWpOd1RPbk1PYVpjd3J5TDFl\nZlIxeW1ubnE2L25CZVhNcExnZmFSTU0KLS0tIEdjeW9JdmtWL1F6ZGtmQTRMVU9a\naXdMNzUwZEpwSW9qSFBmNHo4a09OOVEKr7E/7AVKo1h+M2gXAxCtwgkoB65Zvltr\nDEaSyxdPxZ60y7FLwv8heP8UeBkvzM0L7gY64jKpuKEAWXulkCMMzQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-10-22T13:46:08Z", - "mac": "ENC[AES256_GCM,data:WlI5PNYQa/KN4UMz7YcpWMD6fotL2BEPSrTr1GwJp2wjdNov0sWv6t5oGj5Uo1PAYnHyLOGrkXZKHHMROdbjxTqn4DwlcFbXnpxmM8R0qzaT4IcuJZI39/xurET7rXecqcRGc5daMVlc/EltIZEZZmRwIUHPFwctV5v0SIu6Nwg=,iv:T2sC658LJvOx0lellW0wqN59pQr3bIqwPT3s6vgEdXE=,tag:m6bJ431D11cr4f92eQkbCA==,type:str]", + "lastmodified": "2025-10-22T13:49:20Z", + "mac": "ENC[AES256_GCM,data:T8hR/xD6aasG8n4R1vG+ipjovKDIFebDBJuberX2gM4TfE63XebWOQgAnLaEOvN4BABM1KQ9+Fppj9e3qBKuKvoG505r22PBZazZHSo8H0RZm+oqDyYowcVouOEnRcktmNQObc2MhuEWCL6bSv2946WaZ59xfTn32CxRaciPWvY=,iv:ytLuE+yfCSmufrUGJ+cX4DawaCNNdHSL3nQc41mjgRE=,tag:mbBGft6s/7Dwn4W3Y/9SaA==,type:str]", "version": "3.11.0" } } From dd69cfcdb0ebe854601f7d6097048a25ec8c3e4c Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 22 Oct 2025 15:51:53 +0200 Subject: [PATCH 238/376] Update var garage/metrics_token for machine crocus --- vars/per-machine/crocus/garage/metrics_token/secret | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/vars/per-machine/crocus/garage/metrics_token/secret b/vars/per-machine/crocus/garage/metrics_token/secret index 82a1287..7f7cb77 100644 --- a/vars/per-machine/crocus/garage/metrics_token/secret +++ b/vars/per-machine/crocus/garage/metrics_token/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:etszLvU4wt/58Z5WoYnOF66QIbOd1Gkja9NKG/DFN5D/msczoMJlCEHpBPk=,iv:1VnkoAlIiCesqEJuG3BqmD4wXaeN1EnU+0PoedhAftU=,tag:TB9PkJbxVjRlPy2MHiVsJQ==,type:str]", + "data": "ENC[AES256_GCM,data:FaNG0ZX6z1Q7FfauyRwYCDLYl2KaupPtT6KcKGrxQ22yPIxW7htzkZzovwaV,iv:HLxunFnpgmvpVpyet4Og86R22LQ6os1lqzSyV9/E9J8=,tag:QjKKuJcG7SzxzjDmlSCHBg==,type:str]", "sops": { "age": [ { "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2VHE1UlpPMjRTNGorbWg5\nREU5RUgvN3JWY0QrZ284UThtV0VUNmZUTGdvCno5UXNLNkJWR3JKZCtxeDVQN0c4\nVHR2Nkt2WlVvOGZZdVFla3lTMCs5SzQKLS0tIEQxbXQ3R2ttcGs2d0xtNXlYQTNR\ncjRLZ01tZmNXSzJOL3dxUXNGeFI1RWMKMf3mD7ff6l1QtfmACSPb6jiWpPQpYWG5\ndzWE3xLEqrMLNWuxuNG27lDsspLchXV0BUiAyQOxrZ2BcsFNKbb1Ww==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyREJCdnZqTzVMVkZnZEd2\nTEdnZmpQZHVwYUM0K1BZMjViL3FkTmtXclJJCjVzMGd5RkFMM0tJOTZNOHowTFdw\nRWJpSWVLTjZ0OXJHcjFVbFpIMlpNVGsKLS0tIDIwRngwSUpyRkRpSXFlTExNc3hE\neVJBNTAzWTRtRCswT3B1T2dpcStrY2MK0peLN7aitVghBLfnp019fl80M/Wk1aL0\n0B7DNZDVKhC2vxWoq2ESwYDR5IwmJdg7xfJkUrvX3zTPde6I4fMlBg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYZ1VXRkZqUG5heGFHbjlh\nSURPOEJidTdYQS96SzQvWTB3bE1laVllQndVCmNqT2paNGcyelJER09YanBPcmpw\nYWVRWUQ3VHk0TXFhTlJneFlxZDRnMlEKLS0tIFZjazFFQVBDRUNFVG9Ha213M0Nr\na0pBQ3pyaFpDNnNNSi9kLzVTZ1FXZmMKMZr2tJV6HAq/NUCV623IGRdrNNrHzNcy\nWUwm/xay95MMG6xo4YfreWjw7tcYJDoZ3FI/9WzkZoTYC7KkBVbfeA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzY2kvbGpjVWpsbTloUlJG\nMHUyYWt4VU5mSW83emNaRU1VSEtUdWl4WXlBClZQMStpeWpQSkZ2Q3JUUVZYR3JC\nQnZ3MlBXZFNFSFlxRkFzREhjcmltd1UKLS0tIElqZ1VIUSthSHJwV0o5SGp5V0NE\nMjVBcHVJU0wrWmx2Ujc2RnFxZWtyZ2MKwk/wHMqFSS2DUsA63j6xzI4Z0M5QBS5u\nmYo4lv6DbmBC71s2QxG6lUO1EeY5wIGkUpGTAnt6e39/Jpns53GY+w==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-10-22T13:49:10Z", - "mac": "ENC[AES256_GCM,data:zlHoqQCG5Jyvd+7LPbfQJ/5jObp/A/qcE1dYRe6Z6h1ORt6r6aqd0aTB3ghLb2c3E0IRI5+GXVtn0P0Zu71yPwKa2gUbTME9fFPqG+wpvF9UUjNjEuRqdGt2aSpu6tQlRFsKP7wbx+5yDi2p8trq8lR3TiPjW8+7fAS70mBPe2E=,iv:Nm3lpkXbE6EXnY5JVRgsaqs3wCs3Nu9gk1HLCBTlxNY=,tag:CZthdXhKBlrARJBMeb2s2w==,type:str]", + "lastmodified": "2025-10-22T13:51:53Z", + "mac": "ENC[AES256_GCM,data:H89aFtec/OOq7r4MS28N/5ygv5GCWU0kcZszIr4yacfvoxPDFhFy95WCk1O0mzeubJ0Kw0nnmRlDS++Xfa8O99gXOtJc3FupBtLH0s2067jH4SW4DF4B/8BDPN9erVPXC4cwjSQnLerP4+TA14JtTbkoMLSLIsfU3gVlN6S0F0k=,iv:q/DKwAs7wOJQ8oZfjPCDN6pm2yREiWk+CQd6B7TixOc=,tag:xRgjYRsv9pOoWpkofkw5dw==,type:str]", "version": "3.11.0" } } From 743bb935348553fee720c865bcda493a4121df0a Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 22 Oct 2025 15:52:11 +0200 Subject: [PATCH 239/376] Update var garage/metrics_token for machine genepi --- vars/per-machine/genepi/garage/metrics_token/secret | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/vars/per-machine/genepi/garage/metrics_token/secret b/vars/per-machine/genepi/garage/metrics_token/secret index 849104e..109e627 100644 --- a/vars/per-machine/genepi/garage/metrics_token/secret +++ b/vars/per-machine/genepi/garage/metrics_token/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:iNxayHZXxtx7ylDIwqNAEizE1Txx4MaW1I9vXns8a6ZgwAL+ZKlcl4E6Phg=,iv:1rEWb/xcz5iqJaWY7pF+qnkMd1GOs1ag5dJi60ERh7U=,tag:jAJpeMF9ef70zYVmFyDguQ==,type:str]", + "data": "ENC[AES256_GCM,data:dqsm3odV1kIx3sbHrpGoxMmaBp7oscTfb42mKSQXkSZA3r0SUyiox/faKRid,iv:TiU/MHNOOs18afosr9te3UI487Of6NR/5bZEU1X/Rz0=,tag:tulweBmCracNztaP0YYFvg==,type:str]", "sops": { "age": [ { "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaR2s2NlJPaXBDYVBKcVlt\nODVOQWYvYjJtQ05yZnltY2ZzOStlLzhBOVJ3CnY0a2ZUTUxkSnRrYjI5bGZnbVhK\neTcyZE9vQTNvQ0JLTGgyeG1KUy9TUnMKLS0tIC8wOWtHU3pXSGlTRHpQa3Mwd1M4\nZ1RmNDVxa05jYVJxQVpiZWhqZG5iVWcKItL1ca4xQmdrUgQht20VHqxHSZRJV+aK\nWSoRV2ZMqK+cCTZ+ayZP8dXihBAKqVpurJkY4yoXsWAVOMWwzdcpgA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrREdNQnBCZ3MvbThYMG5I\nTElOcWpaVk5DZzdjWmYzUHk4b21qOHVqZmpBCmJwZnplbUNEeE52RTJhNFlQMlUv\nelVGeXJNajZHbit2bzNQQS9VVFFrdnMKLS0tIEdDdjY4ZWErNlhRN3BMMUxxaFhv\nMWJKbTR5dlArYXUrRE1hNlFtRGNKZmMKR0Jmkuog7a5tON60DqcAeVOhNQQHkMCr\ns3PNGNx3xse1D46mfouhdJqzawmXg6Oj7YDNS/PRea9MaakXM1ZYGw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZWTVxTjhyT0g2eDdtWUdz\nT3J3Zm5STlQvbDF2VG5MbW9RVUV0UU9panhrClJZQWpOd1RPbk1PYVpjd3J5TDFl\nZlIxeW1ubnE2L25CZVhNcExnZmFSTU0KLS0tIEdjeW9JdmtWL1F6ZGtmQTRMVU9a\naXdMNzUwZEpwSW9qSFBmNHo4a09OOVEKr7E/7AVKo1h+M2gXAxCtwgkoB65Zvltr\nDEaSyxdPxZ60y7FLwv8heP8UeBkvzM0L7gY64jKpuKEAWXulkCMMzQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRnhLaGxiZFkwMXpPRVhY\nUlVGaXhsZzcxVkNMQkhjQmVENjY0dStPcEdFCldEVUdPT05Wc3lPNC9CY2RtMjZo\nQkJWVmhKdFRtYzdSMDVhbGtKY3VsWTAKLS0tIGFuRjZCaml6bWR3UG9WMmtDSFNp\nckM5UDZYc3hiTWpQU1cycFZPQ1JFb1UKanhAPHpqbf01n0+Cli7inbmAQSrVNRHq\nRf90kbfd1VCf4hSWY3u0hbZiP33xo4hPMudI4O2J0MpPmzGicxXmMw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-10-22T13:49:20Z", - "mac": "ENC[AES256_GCM,data:T8hR/xD6aasG8n4R1vG+ipjovKDIFebDBJuberX2gM4TfE63XebWOQgAnLaEOvN4BABM1KQ9+Fppj9e3qBKuKvoG505r22PBZazZHSo8H0RZm+oqDyYowcVouOEnRcktmNQObc2MhuEWCL6bSv2946WaZ59xfTn32CxRaciPWvY=,iv:ytLuE+yfCSmufrUGJ+cX4DawaCNNdHSL3nQc41mjgRE=,tag:mbBGft6s/7Dwn4W3Y/9SaA==,type:str]", + "lastmodified": "2025-10-22T13:52:11Z", + "mac": "ENC[AES256_GCM,data:JCmuUh0D+vWL8D9ogsWX70JBSSoUNxGN+R7kHFprK4ZCcAs1+zCzW/dg7qGcCrQXD6QkNx+nfM05kYiQKNeHXVavqKuOGhqgamPKrHnu6To1y2fNKPk9GbioZTSVpRiICUDGTUhsdQW0f77ekCMNcU7ElzyE0t9BhiwEmwexpbs=,iv:uUyppaoNVCmXkFY+ZrI5enRlEOAZ4+w30awlh86KpaA=,tag:R3fviJdYM+4SQfo3hLOhwg==,type:str]", "version": "3.11.0" } } From f82874d308e761bec1fd7a13e5160e37bbed43c6 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 24 Oct 2025 17:15:10 +0200 Subject: [PATCH 240/376] fix nextcloud s3 host address --- modules/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 8ab0ab9..3b960b2 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -25,7 +25,7 @@ in bucket = "nextcloud"; key = config.clan.core.vars.generators.nextcloud-s3-storage.files.access-key-id.value; secretFile = config.clan.core.vars.generators.nextcloud-s3-storage.files.access-key-secret.path; - hostname = config.clan.core.vars.generators.zerotier.files.zerotier-ip.value; + hostname = "[${config.clan.core.vars.generators.zerotier.files.zerotier-ip.value}]"; port = 3900; useSsl = false; region = "garage"; From d1d392e372d62d0e44d877a83d27f25079a9af13 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 24 Oct 2025 17:15:10 +0200 Subject: [PATCH 241/376] remove nextcloud internal domain redirection --- machines/genepi/glance-config.nix | 2 +- modules/nextcloud.nix | 7 ------- 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/machines/genepi/glance-config.nix b/machines/genepi/glance-config.nix index 728c3c3..53b991d 100644 --- a/machines/genepi/glance-config.nix +++ b/machines/genepi/glance-config.nix @@ -81,7 +81,7 @@ } { title = "Nextcloud"; - url = "https://cloud.home.rpqt.fr"; + url = "https://cloud.rpqt.fr"; icon = "sh:nextcloud"; } { diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 3b960b2..c4be039 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -59,13 +59,6 @@ in enableACME = true; }; - # Redirect internal domain to the public one - services.nginx.virtualHosts."cloud.home.rpqt.fr" = { - forceSSL = true; - useACMEHost = "home.rpqt.fr"; - locations."/".return = "301 http://${fqdn}$request_uri"; - }; - clan.core.vars.generators.nextcloud = { prompts.admin-password = { description = "nextcloud admin password"; From f0f57dc994aae696433ab0a07cee1444ba4c8aaf Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 29 Oct 2025 12:44:19 +0100 Subject: [PATCH 242/376] Update vars via generator gandi for machine verbena --- vars/per-machine/verbena/gandi/gandi-env/secret | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/vars/per-machine/verbena/gandi/gandi-env/secret b/vars/per-machine/verbena/gandi/gandi-env/secret index 8ec425a..1027478 100644 --- a/vars/per-machine/verbena/gandi/gandi-env/secret +++ b/vars/per-machine/verbena/gandi/gandi-env/secret @@ -1,19 +1,18 @@ { - "data": "ENC[AES256_GCM,data:nx4V6alIzmJXx1es+P+7Hvza8SRz1P3TMegIiwmeQiBqwXn1L1sTZIGJlSz5/Kndiq/pI5/I40RvysLki3a96ml6cKA7Ew==,iv:u9rlxalwGUBOIz6SB9S6Xzww5y1QMq5Ns5uLiE6CWBg=,tag:WbaJqN5w9i7dyunTQVk7EQ==,type:str]", + "data": "ENC[AES256_GCM,data:xLZ3utyBPOOwQ9UZVIjZee5hRUfR1WrzZqXTdPN02vb396Z6L7Ti7B2bXbBxxkxWBJi7uipyD7eC7Uo8iZtp2amncDWeBA==,iv:QtN+VN/fexTQjBtZjoiLgM0DZxEvFbPNUa/sAtgDJ6g=,tag:QCOerJQkXRRzRVez7XKung==,type:str]", "sops": { "age": [ { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdnBaOEZlSXdvVklwdUZK\nTnE3VXRwbmp0UUk0cEZ3QS9JREFTMW4rM2lVCjBrYlZiYnlEZ2JWaTA5UDZRRWF3\nM3pHOHhXb3U2UGo3SUN1OXJJTTk3VVUKLS0tIDhLSjRrMGlnT2l4TVFQTzlwTWc5\nYTMzOWNJQVdlUWNLbmVxRGIxYVJmc2MKUKyg0WoUCGy6JMiTJZlibg+GdIgUCUig\n9tfqtawpM3qeokcwOa/wyfBeAkNVsnIKFgsBZl+SL3YF9+Sv/hulzg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjbVFXeXdXbXJQZHVBM3BP\neEVYdXN3czQ1OUtYaXdXd1ppT0FsdE5BWnlFCm83eWlWNGIrN1ZZQW5JMld0NE4w\nQzZTN0ZJQTE1ZnU1cmZOU1l3SEZTYTAKLS0tIHQ5QlB2eXZlUlU3RGpYRFgxZFlR\nYk1HRTUzRVk3c3dMVEZscGhFdlRzWjgK7E1GkEK6/b7uwkIhzfMsmYkQwtTCoXmL\nK1PTssGJ5Qy0UZxS3v9mDi5ArRj+IzcY1cYyj82vBXnSk4TKEIV0DQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2aVJDbm14NFJRYThoNHhY\ndDJDNDh5RXRjNW12T1o0L042MEZXM3RvQlZNCkl2YjlHVXljT29TOWFVWnV4MUdC\nY3R2QXlLVmRic3U3WWpNYjFua3g0MW8KLS0tIGR3RDNOUTFsWkFvb1ZLUW40MTVV\nZk1HUTZQSUxFSU8vMEdKZWhPZjBrRGMKB7EA+kymd0v/J/KdK+rUpxXqq1ivf3yh\nGqNev78M5ZdQPCPP5NL4MEvaoGRWDcLHxywUfAJgwUbn69wJGbzH8w==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMjVkWnY3MEFkZ2xLclQr\nU0g2ZlRoTEFNdXN3TGh3eWZLSm5vRFhiWVNRCjFhd3k0Y2N3L00xZzd4eHJ5RFdL\nZzVqSVh2Yys5L3Z3Z280SVhyUzdNSm8KLS0tIEtna0tMZ1Y0VEk3cVRQcFJUR011\ncWh2RzJhWTZQSE1RbXJtZnM4UkR0UmMKaicBH0pvZXYjJWQqHXyN2ha4n2PYQy0V\nuJp0wX/XTDebzctvdpiqsVz6Rp6ChNJ42kGl6xXJK/Nmc5sB9FDWTQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-09-16T18:03:35Z", - "mac": "ENC[AES256_GCM,data:qwf2f/vEnuUh48PRZXN53vL1B6rFA+VcQPrQxByAuFIx77wX5JMonX2mx3mruic2S6UWf55FjT8YU1C03rb3By/Tpc2FoK172HoRbi1HfZgwVqkBE5zI69eVJZdEuRXM6JFeHeR/hKjnJFcS/OzqpvxiZeonZyidSNMCChyYP18=,iv:k+EzDZ3IWYxYlBv07k1Cl5bu0kI0fvyCe/aDNEBbhRg=,tag:xf4lyZ1xmmjOy71vnmixKw==,type:str]", - "unencrypted_suffix": "_unencrypted", - "version": "3.10.2" + "lastmodified": "2025-10-29T11:44:19Z", + "mac": "ENC[AES256_GCM,data:2pGn0COv50V6zL/P2TnWawiRxCoMf4jaNE4MPcOQW88edw8NUGC/KIKq4numi4NoNfxM6CyGbpyBpC3NhQujQo25bxqXrlHqZhhmAxTgyVgQrmbQZ2QbYKHsG8NGOi4nhTXezI9u/eDXyVyC5DX6sitynvH/tizordn5AN6hpog=,iv:N14abfZJxqroJo2l2D5KJSXT1wJtY2DTf7pkJu8XKnY=,tag:Xn5UMlVW7v6GkQqgUVY4qA==,type:str]", + "version": "3.11.0" } } From 1548378ef75d65cf39a971911f7dfb1b35e0b169 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 29 Oct 2025 12:45:15 +0100 Subject: [PATCH 243/376] Update vars via generator gandi for machine genepi --- vars/per-machine/genepi/gandi/gandi-env/secret | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/vars/per-machine/genepi/gandi/gandi-env/secret b/vars/per-machine/genepi/gandi/gandi-env/secret index 8ea62b1..4d993e4 100644 --- a/vars/per-machine/genepi/gandi/gandi-env/secret +++ b/vars/per-machine/genepi/gandi/gandi-env/secret @@ -1,19 +1,18 @@ { - "data": "ENC[AES256_GCM,data:Y/+ORMf1iv7E2ZZIpBf+YNpMMQ3qTo0fsYLDwch+anhXNwNgIqWnRdXD/FDH48TCX3HG2uonhmO6Y6Wl7eZOhfHSYi118w==,iv:U039/a9TUfsyqtNAoex7eZvQ0nq8hatNxUn3NzIRkwE=,tag:XOYjnjVy9+h+5IavKDYkRg==,type:str]", + "data": "ENC[AES256_GCM,data:/rRF/mvM/FGW7evaY0C+HpGnb7yho2UobKzVIAkGu7PFQjzu4iw4oYniSIgSTB+Yf6V+rNKsRSANJer8gVhmh7CVfUw5JQ==,iv:B2Rrde1/rBnFowFk7KY1bppnOl/q1ZMgDNNXLJ6xjlU=,tag:yN3dL3RXy7z15KaWVqlepQ==,type:str]", "sops": { "age": [ { "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMRVU4N3l5dVJmb2lwNTRi\nQ1ljazlXQjFJc0tESXBVd005c2VSMERPa0RVClBCb3gwWjNZWTQ3R0xwOTBkYU5P\naHZWOEZaUDY0SnJaajBRbjFkam4xcU0KLS0tIE5vRm9MMnJ2MFgyNktEaDM0TVJP\nZXlWeXNEVXBMb0E0TzFNUUtOS3ZjMUkKC4M16hIz51bAUHMseWh0ybBupnzTb3Vy\nOEumkcqSA9Dv0ACgscpuaFIysICDYGC1URGImWe/nElo+vnB8BWZAg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJYUF3MHc1MC9IaFc2cnla\nZERLaFVKcVg3YWE3eXZRYUp4c2ZFQXVjNkFnCklhMDZwaUNMVFMxcE43M1FtQ3Yr\nMkFkNzFOczd0ZFRlbEM1NEFNdVVScG8KLS0tIGViT0c0Nms0VGhkRUhkY1Z1Tlp6\nQXpFdnZZVnlkbUdRYm1acTNncnhxVEUKeBabd73VhaCBIXTc/5X3yijmn67f/gxI\nYc4W1FcqA3fiJH8Vx2LtVEwFonizZyHDi5bJe8ILo86iB6bE/kN9PQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyMGpxNm9Jbm14UEpZUlVH\nMW1McXhLOXQ1NzIxdG5LZDFqRk82bUlhMkZNCjhTZnB2U3I0cE1MQjk0ZCs3eWNF\nUlpzbk5TUDJZUFF6RStKbTlNZnVEZTgKLS0tIDZSYkZkT0p6dFVFank3eTFjbFgw\nY1A0WE9SUE85OER3QzJaWkVKc2RtOE0KaPgVki5AgGlXYHxExV+uEc3nsh3SM81A\nLDlNrSysr0tw8XpvBFGT21hNVljBRVeLJBzKhsfrhSdtJbNau0L1wQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNR3Vsa1YvTTRKYWd4M1RN\neDBpSFQvS0tsVC9WdjVFVlFkZUlSSmpSZ2lVCjA0dExyMER0R0lxUHFnMlVmQmdR\ncGZJR2tpMHp6OUxkUkx2YlNxSUVDT2cKLS0tIERBRTd0RkdjMVM0UTloRjNOTU92\nR3VqVldVazV3dGdpWmtmRWJsMVd4RGsK6jgdhtLqbYcbinDM5P84j5qMIHyxp5R1\n0bKkllxvIIgmySRgaUSElW2bH+IsI6iOh65mF8k/P68j5Z3PjFLWBA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-06-26T21:22:22Z", - "mac": "ENC[AES256_GCM,data:vu/F9ce9aYT1gwiS1EGBJ5N3lo+NAOiCEt+jbJRVLo5gCHPtnoTxxraBCq0CjHTFw32xVIrAsDbkJS0NJPDgODRwceMk/0xXlgQ3QOI/CO0NFarFTQDdT6RmW6o9ylHk94YsXSiQDJ0K+DrIOlyCOA5HIzKJML5HXqkLSF97TCo=,iv:OJk0Vbn+zWahl1/ZAIytBwJlfdDIFjLecZ0M1QC5fUM=,tag:IGXJmKdktn/CK+jtw3Y5yw==,type:str]", - "unencrypted_suffix": "_unencrypted", - "version": "3.10.2" + "lastmodified": "2025-10-29T11:45:14Z", + "mac": "ENC[AES256_GCM,data:zb2U7OhXBWJmhZPf2/9G/BTAcaqNXS7zaGd4WppKf2fsHtbZZCswd9DfaI/0NzfknQgKlhmqr/qN/nG1UPFhosQGQTcl7Z4od57EyN6WDaXu4fjJYQHZ1VB6HvKD0c0bvb+yBX8WPxF/EW655YQvdV/x8VU1b+rxhGPCX4U1iPY=,iv:wt5RTsnv2hkF5PUo5ah2NM8HwEEBXrE44krI4Pgbbtw=,tag:7nS69I7ZG+kkIU/cmthq6w==,type:str]", + "version": "3.11.0" } } From a879221ced69f944a1ee4246aa218a97d089de99 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 29 Oct 2025 12:50:12 +0100 Subject: [PATCH 244/376] fix tf typo --- infra/dns.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/infra/dns.tf b/infra/dns.tf index c56ce73..ae472b9 100644 --- a/infra/dns.tf +++ b/infra/dns.tf @@ -37,7 +37,6 @@ resource "gandi_livedns_record" "rpqt_fr_cloud_aaaa" { ttl = 10800 values = local.verbena_ipv6_addresses } -} data "ovh_vps" "verbena_vps" { service_name = "vps-7e78bac2.vps.ovh.net" From 193aff6ee2d27ee423818c88cab474b4500afe16 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 29 Oct 2025 12:50:12 +0100 Subject: [PATCH 245/376] jj: write change id header --- home/.config/jj/config.toml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/home/.config/jj/config.toml b/home/.config/jj/config.toml index 87ccbbc..fa80ef3 100644 --- a/home/.config/jj/config.toml +++ b/home/.config/jj/config.toml @@ -9,6 +9,9 @@ diff-editor = ":builtin" name = "Romain Paquet" email = "rpqt@rpqt.fr" +[git] +write-change-id-header = true + [revset-aliases] 'closest_pushable(to)' = 'heads(::to & mutable() & ~description(exact:"") & (~empty() | merges()))' From fac6d2f86126573254a04acd4b4a32c5c674ef6e Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 29 Oct 2025 12:50:12 +0100 Subject: [PATCH 246/376] link ssh config --- home-manager/dev.nix | 1 + home/.ssh/config | 8 ++++++++ 2 files changed, 9 insertions(+) create mode 100644 home/.ssh/config diff --git a/home-manager/dev.nix b/home-manager/dev.nix index 9db2c4f..fb3b1e7 100644 --- a/home-manager/dev.nix +++ b/home-manager/dev.nix @@ -32,4 +32,5 @@ }; xdg.configFile."hut/config".source = "${config.dotfiles.path}/.config/hut/config"; + home.file.".ssh/config".source = "${config.dotfiles.path}/.ssh/config"; } diff --git a/home/.ssh/config b/home/.ssh/config new file mode 100644 index 0000000..f51ee36 --- /dev/null +++ b/home/.ssh/config @@ -0,0 +1,8 @@ +Host crocus + User root + +Host verbena + User root + +Host genepi + User root From 454d349bb376ea4d0592298b19a6556b02b12dce Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 29 Oct 2025 12:50:12 +0100 Subject: [PATCH 247/376] allow garage admin endpoint access on zerotier --- modules/garage.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/garage.nix b/modules/garage.nix index b27a6b4..6143994 100644 --- a/modules/garage.nix +++ b/modules/garage.nix @@ -49,6 +49,7 @@ in allowedTCPPorts = [ s3_port rpc_port + admin_port ]; }; } From d4cdd13de2677a967162275ab53a1e598b3a17bb Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 29 Oct 2025 12:50:12 +0100 Subject: [PATCH 248/376] add additionnal disk to crocus for garage --- machines/crocus/configuration.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix index c457608..c8c8d60 100644 --- a/machines/crocus/configuration.nix +++ b/machines/crocus/configuration.nix @@ -34,6 +34,21 @@ ]; }; + fileSystems."/data1" = { + device = "/dev/disk/by-id/scsi-0HC_Volume_103766469"; + }; + + services.garage.settings.data_dir = [ + { + path = "/var/lib/garage/data"; + capacity = "20G"; + } + { + path = "/data1/garage"; + capacity = "20G"; + } + ]; + clan.core.settings.state-version.enable = true; services.avahi.allowInterfaces = [ From c0bcbe4f2807f422304be3ae7b664b2fec8ce0b2 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 29 Oct 2025 12:50:12 +0100 Subject: [PATCH 249/376] add aseprite --- machines/haze/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index 1a836a1..e80987b 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -1,5 +1,6 @@ { self, + pkgs, ... }: { @@ -50,6 +51,7 @@ environment.systemPackages = [ self.inputs.clan-core.packages.x86_64-linux.clan-app + pkgs.aseprite ]; programs.kdeconnect.enable = true; From 0a4de86576b76e02115579121755b10781a6a008 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 29 Oct 2025 12:50:12 +0100 Subject: [PATCH 250/376] auto format rust --- home/.config/helix/languages.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/home/.config/helix/languages.toml b/home/.config/helix/languages.toml index a5dea9d..eb1eb24 100644 --- a/home/.config/helix/languages.toml +++ b/home/.config/helix/languages.toml @@ -13,6 +13,7 @@ args = ["--header-insertion=never"] [[language]] name = "rust" language-servers = [ "rust-analyzer" ] +auto-format = true [language-server.rust-analyzer.config] check.command = "clippy" From 282a02d55c560e72dd25344af9190f2be1c0bce7 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 29 Oct 2025 12:50:12 +0100 Subject: [PATCH 251/376] fix missing lines in server module --- modules/flake-module.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/flake-module.nix b/modules/flake-module.nix index 565a96c..ae1638d 100644 --- a/modules/flake-module.nix +++ b/modules/flake-module.nix @@ -16,6 +16,9 @@ nextcloud.imports = [ ./nextcloud.nix ]; server.imports = [ + ./motd.nix + ]; + common.imports = [ { users.mutableUsers = lib.mkDefault false; From cbac9fb3ef9f4a95e4d3d19e5db3104019d0ceb1 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 29 Oct 2025 12:50:12 +0100 Subject: [PATCH 252/376] add mkDefault to gc config --- machines/flake-module.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/machines/flake-module.nix b/machines/flake-module.nix index e4280e5..88f7857 100644 --- a/machines/flake-module.nix +++ b/machines/flake-module.nix @@ -98,10 +98,10 @@ roles.default.tags.server = { }; roles.default.extraModules = [ { - nix.gc.automatic = true; - nix.gc.dates = "Mon 3:15"; - nix.gc.randomizedDelaySec = "30min"; - nix.gc.options = "--delete-older-than 30d"; + nix.gc.automatic = lib.mkDefault true; + nix.gc.dates = lib.mkDefault "Mon 3:15"; + nix.gc.randomizedDelaySec = lib.mkDefault "30min"; + nix.gc.options = lib.mkDefault "--delete-older-than 30d"; } ]; }; From d358695cb27837ca46513655c45aded4fb3b067e Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 29 Oct 2025 12:50:12 +0100 Subject: [PATCH 253/376] fix runtime prometheus metrics token access --- machines/genepi/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index 7bc8935..b488da1 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -32,5 +32,8 @@ time.timeZone = "Europe/Paris"; + services.prometheus.checkConfig = "syntax-only"; + clan.core.vars.generators.garage.files.metrics_token.owner = "prometheus"; + clan.core.settings.state-version.enable = true; } From 76568198f0fc285c24f4bcd57de5182a5f93d2da Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 29 Oct 2025 12:50:12 +0100 Subject: [PATCH 254/376] prometheus: monitor verbena's garage instance --- machines/flake-module.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/machines/flake-module.nix b/machines/flake-module.nix index 88f7857..328e376 100644 --- a/machines/flake-module.nix +++ b/machines/flake-module.nix @@ -169,6 +169,10 @@ labels.instance = "genepi"; targets = [ "genepi.home.rpqt.fr:3903" ]; } + { + labels.instance = "verbena"; + targets = [ "verbena.home.rpqt.fr:3903" ]; + } ]; } ]; From aa4e7c7b4535d22a2f6a1502b0d2e8ad312d31be Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 29 Oct 2025 12:50:12 +0100 Subject: [PATCH 255/376] use token for garage metrics access --- machines/flake-module.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/machines/flake-module.nix b/machines/flake-module.nix index 328e376..78a8862 100644 --- a/machines/flake-module.nix +++ b/machines/flake-module.nix @@ -174,6 +174,11 @@ targets = [ "verbena.home.rpqt.fr:3903" ]; } ]; + authorization = { + type = "Bearer"; + credentials_file = + self.nixosConfigurations.verbena.config.clan.core.vars.generators.garage.files.metrics_token.path; + }; } ]; }; From 29845aa117ded97113646acd253ffd1b6fa12606 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 29 Oct 2025 12:50:12 +0100 Subject: [PATCH 256/376] add description of prometheus service --- clanServices/prometheus/README.md | 38 +++++++++++++++++++++++++++++ clanServices/prometheus/default.nix | 4 +++ 2 files changed, 42 insertions(+) create mode 100644 clanServices/prometheus/README.md diff --git a/clanServices/prometheus/README.md b/clanServices/prometheus/README.md new file mode 100644 index 0000000..01c8a77 --- /dev/null +++ b/clanServices/prometheus/README.md @@ -0,0 +1,38 @@ +This module enables collecting metrics from machines in clan, using Prometheus. + +There are two roles: + +- A `target` role for machines on which to collect and export metrics. +- A `scraper` roles for machines that fetch metrics from `target` machines and + store them in the long term. + + +```nix +inventory = { + + machines = { + server01.tags.server = {}; + server02.tags.server = {}; + metrics.tags.server = {}; # metrics collector + }; + + instances = { + prometheus = { + module.name = "@rpqt/prometheus"; + module.input = "self"; + + roles.scraper.machines."metrics" = {}; + + # Collect metrics on all servers + roles.target.tags.server = { + settings = { + exporters = { + # Enable the node-exporter metrics source + node.enabledCollectors = [ "systemd" ]; + }; + }; + }; + }; + }; +}; +``` diff --git a/clanServices/prometheus/default.nix b/clanServices/prometheus/default.nix index a5a5e68..d034f42 100644 --- a/clanServices/prometheus/default.nix +++ b/clanServices/prometheus/default.nix @@ -3,10 +3,13 @@ { _class = "clan.service"; manifest.name = "prometheus"; + manifest.description = "Prometheus metrics collection across the clan network."; + manifest.readme = builtins.readFile ./README.md; # Only works with zerotier (until a unified network module is ready) roles.scraper = { + description = "A server that scrapes metrics from exporters of machines that have the 'target' role."; interface = { options.extraScrapeConfigs = lib.mkOption { type = lib.types.listOf lib.types.attrs; @@ -63,6 +66,7 @@ }; roles.target = { + description = "A machine on which to collect and export metrics."; interface = { lib, ... }: { From be9651d3ec3f8480738997d70a81f35aa383e6e4 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 29 Oct 2025 12:50:12 +0100 Subject: [PATCH 257/376] update flake inputs --- flake.lock | 194 +++++++++++++++++++++++++++++++---------------------- 1 file changed, 115 insertions(+), 79 deletions(-) diff --git a/flake.lock b/flake.lock index fb88d82..3f309eb 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1760516981, - "narHash": "sha256-4AYTAH7WDL6C6WKktc9UEQRiav6oPzVpKuFWRyYeuTQ=", + "lastModified": 1761641036, + "narHash": "sha256-WyoAA5qBHimmWj0tuJMnkIq4o8dB01st6smx3ZzI/L0=", "owner": "nix-community", "repo": "buildbot-nix", - "rev": "01dfc9a07c070092e3187be8edbd2243a9e301a5", + "rev": "3cd0114c633815095fde7a3126e1dbd6ad2e673f", "type": "github" }, "original": { @@ -41,11 +41,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1760799913, - "narHash": "sha256-8Udaneh2eu0I6UqOrclKN+13gT4ZOyHTVa3vQmN8gnM=", + "lastModified": 1762182473, + "narHash": "sha256-KaFiS6Mdxq+FNnYaZZICjPBvvtCKHyyM+gi6pCUL3zA=", "ref": "refs/heads/main", - "rev": "5ab3c86b68649c3f3b3ace18ad44f6a717956ac5", - "revCount": 10699, + "rev": "62b64c3b3eb1e8fca386ba5f7db86b1226ca7b8b", + "revCount": 10977, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -60,15 +60,14 @@ "dms-cli": "dms-cli", "nixpkgs": [ "nixpkgs" - ], - "quickshell": "quickshell" + ] }, "locked": { - "lastModified": 1760754287, - "narHash": "sha256-g5tWzWheTOGHxtWECmVh7m5Lgk1w9wtfKBZKlQUEkaI=", + "lastModified": 1762197468, + "narHash": "sha256-qYmTekiWsnv9UzlRqVJWokLcuP11x2+zhRb/5rc6zFo=", "owner": "AvengeMedia", "repo": "DankMaterialShell", - "rev": "7c1e247ef820139445d03131254838401e2d76d0", + "rev": "21e7ae3dfd7c4c5e9f41f6cf5630fca12c5e61b8", "type": "github" }, "original": { @@ -133,11 +132,11 @@ ] }, "locked": { - "lastModified": 1760701190, - "narHash": "sha256-y7UhnWlER8r776JsySqsbTUh2Txf7K30smfHlqdaIQw=", + "lastModified": 1761899396, + "narHash": "sha256-XOpKBp6HLzzMCbzW50TEuXN35zN5WGQREC7n34DcNMM=", "owner": "nix-community", "repo": "disko", - "rev": "3a9450b26e69dcb6f8de6e2b07b3fc1c288d85f5", + "rev": "6f4cf5abbe318e4cd1e879506f6eeafd83f7b998", "type": "github" }, "original": { @@ -153,11 +152,11 @@ ] }, "locked": { - "lastModified": 1760701190, - "narHash": "sha256-y7UhnWlER8r776JsySqsbTUh2Txf7K30smfHlqdaIQw=", + "lastModified": 1761899396, + "narHash": "sha256-XOpKBp6HLzzMCbzW50TEuXN35zN5WGQREC7n34DcNMM=", "owner": "nix-community", "repo": "disko", - "rev": "3a9450b26e69dcb6f8de6e2b07b3fc1c288d85f5", + "rev": "6f4cf5abbe318e4cd1e879506f6eeafd83f7b998", "type": "github" }, "original": { @@ -168,17 +167,18 @@ }, "dms-cli": { "inputs": { + "gomod2nix": "gomod2nix", "nixpkgs": [ "dankMaterialShell", "nixpkgs" ] }, "locked": { - "lastModified": 1760241259, - "narHash": "sha256-DlLGn+4M6tIafoDsHr2WhHG2hrHrC24S2IL3+KAvjEU=", + "lastModified": 1761135910, + "narHash": "sha256-51m0k2BN6EjUKZI/tRs563HqGPhsM639kwuXcqxuniM=", "owner": "AvengeMedia", "repo": "danklinux", - "rev": "dae4c3ff4ce0feb930361c399747edb29d081775", + "rev": "d42b58f35c129e893819742746f11ef7e82be56f", "type": "github" }, "original": { @@ -215,11 +215,11 @@ ] }, "locked": { - "lastModified": 1759362264, - "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "lastModified": 1762040540, + "narHash": "sha256-z5PlZ47j50VNF3R+IMS9LmzI5fYRGY/Z5O5tol1c9I4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "rev": "0010412d62a25d959151790968765a70c436598b", "type": "github" }, "original": { @@ -230,7 +230,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_3" + "systems": "systems_2" }, "locked": { "lastModified": 1731533236, @@ -246,6 +246,48 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_4" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "gomod2nix": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "dankMaterialShell", + "dms-cli", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756047880, + "narHash": "sha256-JeuGh9kA1SPL70fnvpLxkIkCWpTjtoPaus3jzvdna0k=", + "owner": "nix-community", + "repo": "gomod2nix", + "rev": "47d628dc3b506bd28632e47280c6b89d3496909d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "v1.7.0", + "repo": "gomod2nix", + "type": "github" + } + }, "hercules-ci-effects": { "inputs": { "flake-parts": [ @@ -278,11 +320,11 @@ ] }, "locked": { - "lastModified": 1760797298, - "narHash": "sha256-p+g2IbDAVdcN068VNxgvvdM/su0DatNohg28x0gqPRg=", + "lastModified": 1762183399, + "narHash": "sha256-vr2aL1QLfERYTfYBgK8cW3T9eSdSEThH462wKaGlmEU=", "owner": "nix-community", "repo": "home-manager", - "rev": "fc837be107e33f5debe7fecc5c597a8dab69d83b", + "rev": "a5fee077929ae2f2800c3087dce5e1abb4edfbc6", "type": "github" }, "original": { @@ -353,14 +395,14 @@ "nixpkgs": [ "nixpkgs" ], - "systems": "systems_2" + "systems": "systems_3" }, "locked": { - "lastModified": 1759773931, - "narHash": "sha256-/8A10DQgqBq31tqbZFWb/5eZp/BC3ACoSMi9ChCw+ho=", + "lastModified": 1761508322, + "narHash": "sha256-2VcdnUjIOEMQ87K5wv+Pbgko94PLygp1nrEYcVHk1v4=", "owner": "InioX", "repo": "Matugen", - "rev": "e85a6c9ac4efe2362afb6358f8d2f05556a1d1f1", + "rev": "c3c33ce96c39997e88d3f3bb4080bbc3ca93a8e8", "type": "github" }, "original": { @@ -377,11 +419,11 @@ ] }, "locked": { - "lastModified": 1760721282, - "narHash": "sha256-aAHphQbU9t/b2RRy2Eb8oMv+I08isXv2KUGFAFn7nCo=", + "lastModified": 1762039661, + "narHash": "sha256-oM5BwAGE78IBLZn+AqxwH/saqwq3e926rNq5HmOulkc=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "c3211fcd0c56c11ff110d346d4487b18f7365168", + "rev": "c3c8c9f2a5ed43175ac4dc030308756620e6e4e4", "type": "github" }, "original": { @@ -420,11 +462,11 @@ }, "nixos-facter-modules": { "locked": { - "lastModified": 1756491981, - "narHash": "sha256-lXyDAWPw/UngVtQfgQ8/nrubs2r+waGEYIba5UX62+k=", + "lastModified": 1761137276, + "narHash": "sha256-4lDjGnWRBLwqKQ4UWSUq6Mvxu9r8DSqCCydodW/Jsi8=", "owner": "nix-community", "repo": "nixos-facter-modules", - "rev": "c1b29520945d3e148cd96618c8a0d1f850965d8c", + "rev": "70bcd64225d167c7af9b475c4df7b5abba5c7de8", "type": "github" }, "original": { @@ -454,11 +496,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1760106635, - "narHash": "sha256-2GoxVaKWTHBxRoeUYSjv0AfSOx4qw5CWSFz2b+VolKU=", + "lastModified": 1762179181, + "narHash": "sha256-T4+TNfXlF/gHbcNCC2HY7sMGBKgqNzyYeMBWmcbH7/o=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "9ed85f8afebf2b7478f25db0a98d0e782c0ed903", + "rev": "256770618502d2eda892af3ae91da5e386ce9586", "type": "github" }, "original": { @@ -486,11 +528,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1760524057, - "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "lastModified": 1762111121, + "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", + "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", "type": "github" }, "original": { @@ -500,27 +542,6 @@ "type": "github" } }, - "quickshell": { - "inputs": { - "nixpkgs": [ - "dankMaterialShell", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1760228179, - "narHash": "sha256-4Z6k7lv3Zcgk3K+4h60LpqB9wCkR+utkYERU735U068=", - "ref": "refs/heads/master", - "rev": "c9d3ffb6043c5bf3f3009202bad7e0e5132c4a25", - "revCount": 693, - "type": "git", - "url": "https://git.outfoxxed.me/quickshell/quickshell" - }, - "original": { - "type": "git", - "url": "https://git.outfoxxed.me/quickshell/quickshell" - } - }, "root": { "inputs": { "buildbot-nix": "buildbot-nix", @@ -547,11 +568,11 @@ ] }, "locked": { - "lastModified": 1760393368, - "narHash": "sha256-8mN3kqyqa2PKY0wwZ2UmMEYMcxvNTwLaOrrDsw6Qi4E=", + "lastModified": 1760998189, + "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=", "owner": "Mic92", "repo": "sops-nix", - "rev": "ab8d56e85b8be14cff9d93735951e30c3e86a437", + "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3", "type": "github" }, "original": { @@ -567,11 +588,11 @@ ] }, "locked": { - "lastModified": 1760576393, - "narHash": "sha256-QdkymRnXsZamQlT59VuTL7/UW8Kw4Aj8sobMnvygASQ=", + "lastModified": 1762132580, + "narHash": "sha256-wyz5URCnImTGCvKFi1lL7hLUsAnkhOCT8hbEwTya0Lk=", "owner": "nix-community", "repo": "srvos", - "rev": "819d29cd71b1b1804e17f2a9de71905235f91f41", + "rev": "38df2ab11fa831d0715e3d58f934e385a871ca49", "type": "github" }, "original": { @@ -596,6 +617,21 @@ } }, "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { "locked": { "lastModified": 1689347949, "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", @@ -610,7 +646,7 @@ "type": "github" } }, - "systems_3": { + "systems_4": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -654,11 +690,11 @@ ] }, "locked": { - "lastModified": 1760120816, - "narHash": "sha256-gq9rdocpmRZCwLS5vsHozwB6b5nrOBDNc2kkEaTXHfg=", + "lastModified": 1761311587, + "narHash": "sha256-Msq86cR5SjozQGCnC6H8C+0cD4rnx91BPltZ9KK613Y=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "761ae7aff00907b607125b2f57338b74177697ed", + "rev": "2eddae033e4e74bf581c2d1dfa101f9033dbd2dc", "type": "github" }, "original": { @@ -669,17 +705,17 @@ }, "vicinae": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1760627979, - "narHash": "sha256-PwBlZK87hnEjcWoDq7NXAdRWhLkT6981NU/DnMRljqs=", + "lastModified": 1762153854, + "narHash": "sha256-atFJwetnAf68duKurwdSRWK9iE1Lls2GqbLB+cxjlvo=", "owner": "vicinaehq", "repo": "vicinae", - "rev": "b7c4d28e0d2b696e803ea35a1496aeba006dfdf1", + "rev": "f44603ee228ebd63e10457c1dfd9702f79d0eb65", "type": "github" }, "original": { From d8ef2127ca9367e7239aa2f740d0aa9c63b4b68d Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 29 Oct 2025 12:50:12 +0100 Subject: [PATCH 258/376] ghostty: disable ligatures --- home/.config/ghostty/config | 1 + 1 file changed, 1 insertion(+) diff --git a/home/.config/ghostty/config b/home/.config/ghostty/config index 060e2c3..c70faa2 100644 --- a/home/.config/ghostty/config +++ b/home/.config/ghostty/config @@ -1 +1,2 @@ theme = dark:Kanagawa Wave,light:Builtin Light +font-feature = -liga From f5ebc063e38a39c7d07d853de3bc9ef5b24c4e19 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 29 Oct 2025 12:50:12 +0100 Subject: [PATCH 259/376] build crocus on haze --- machines/crocus/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix index c8c8d60..73b83d4 100644 --- a/machines/crocus/configuration.nix +++ b/machines/crocus/configuration.nix @@ -51,6 +51,8 @@ clan.core.settings.state-version.enable = true; + clan.core.networking.buildHost = "root@haze"; + services.avahi.allowInterfaces = [ "zts7mq7onf" ]; From 3ffe2ffb31a234730f16be42ef10b7ad96abba5c Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 29 Oct 2025 12:50:12 +0100 Subject: [PATCH 260/376] prometheus: open web interface firewall on vpn --- machines/genepi/monitoring/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/machines/genepi/monitoring/default.nix b/machines/genepi/monitoring/default.nix index 3cd9c37..e5a3e88 100644 --- a/machines/genepi/monitoring/default.nix +++ b/machines/genepi/monitoring/default.nix @@ -2,4 +2,8 @@ imports = [ ./grafana.nix ]; + + networking.firewall.interfaces."zts7mq7onf".allowedTCPPorts = [ + 9090 # prometheus web interface + ]; } From 38ae40ee0bfe8f9a9dcd4dfb32fdf083e1655430 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 29 Oct 2025 12:50:12 +0100 Subject: [PATCH 261/376] add wifi hotspot tool --- machines/haze/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index e80987b..3c6e955 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -52,6 +52,7 @@ environment.systemPackages = [ self.inputs.clan-core.packages.x86_64-linux.clan-app pkgs.aseprite + pkgs.linux-wifi-hotspot ]; programs.kdeconnect.enable = true; From 7ea8896b4a1493c0ebb637e0beb4ee7d2853b6bf Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 3 Nov 2025 23:49:21 +0100 Subject: [PATCH 262/376] update(inventory.json): Update information about machine genepi --- inventory.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/inventory.json b/inventory.json index 78d4f06..0bf40dd 100644 --- a/inventory.json +++ b/inventory.json @@ -10,7 +10,8 @@ "installedAt": 1757633120 }, "genepi": { - "installedAt": 1757633120 + "installedAt": 1757633120, + "description": "Raspberry Pi 4B" } } -} +} \ No newline at end of file From 7cccb809455d6d280fe54898e857858144f3b5c0 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 3 Nov 2025 23:51:16 +0100 Subject: [PATCH 263/376] update(inventory.json): Update information about machine haze --- inventory.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/inventory.json b/inventory.json index 0bf40dd..d5755f2 100644 --- a/inventory.json +++ b/inventory.json @@ -7,7 +7,8 @@ "installedAt": 1757633120 }, "haze": { - "installedAt": 1757633120 + "installedAt": 1757633120, + "description": "Romain's laptop" }, "genepi": { "installedAt": 1757633120, From 504ed6223faf65522b56d4a87a7f0b5a2178fa0f Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 3 Nov 2025 23:51:20 +0100 Subject: [PATCH 264/376] ghostty: actually disable all ligatures --- home/.config/ghostty/config | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/.config/ghostty/config b/home/.config/ghostty/config index c70faa2..3925050 100644 --- a/home/.config/ghostty/config +++ b/home/.config/ghostty/config @@ -1,2 +1,4 @@ theme = dark:Kanagawa Wave,light:Builtin Light font-feature = -liga +font-feature = -calt +font-feature = -dlig From 31e42cc1783b1facd1bbfd5fe4d76dfb5b9e8ca2 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 3 Nov 2025 23:51:20 +0100 Subject: [PATCH 265/376] niri: update for switch to dms and ghostty --- home/.config/niri/config.kdl | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/home/.config/niri/config.kdl b/home/.config/niri/config.kdl index f6c0ba0..d1bb2b8 100644 --- a/home/.config/niri/config.kdl +++ b/home/.config/niri/config.kdl @@ -32,7 +32,7 @@ output "HDMI-A-1" { } layout { - gaps 12 + gaps 8 center-focused-column "never" @@ -58,11 +58,12 @@ layout { // You can change how the focus ring looks. focus-ring { + off // How many logical pixels the ring extends out from the windows. width 3 // Color of the ring on the active monitor. - active-color "#3d5f77" + active-color "#101010" // Color of the ring on inactive monitors. inactive-color "#505050" @@ -141,9 +142,9 @@ binds { Mod+Shift+Comma { show-hotkey-overlay; } // Suggested binds for running programs: terminal, app launcher, screen locker. - Mod+Return { spawn "sh" "-c" "alacritty msg create-window || alacritty"; } - Mod+D { spawn "vicinae" "toggle"; } - Super+Alt+L { spawn "swaylock"; } + Mod+Return { spawn "ghostty" "+new-window"; } + Mod+D { spawn "dms" "ipc" "call" "spotlight" "toggle"; } + Super+Alt+L hotkey-overlay-title="Lock session" { spawn "loginctl" "lock-session"; } XF86AudioRaiseVolume allow-when-locked=true { spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.05+"; } XF86AudioLowerVolume allow-when-locked=true { spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.05-"; } @@ -326,6 +327,10 @@ binds { // Powers off the monitors. To turn them back on, do any input like // moving the mouse or pressing any other key. Mod+Shift+P { power-off-monitors; } + + Mod+N hotkey-overlay-title="Open notes" { + spawn-sh "ghostty -e hx --working-dir ~/notes ~/notes/notes.dj:9999"; + } } screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" @@ -341,3 +346,8 @@ environment { hotkey-overlay { skip-at-startup } + +layer-rule { + match namespace="dms:blurwallpaper" + place-within-backdrop true +} From c2afe72d3f514842fefed31943b76f24aee28aaf Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 3 Nov 2025 23:51:20 +0100 Subject: [PATCH 266/376] helix: add script to reload on dark mode change --- home/.config/niri/config.kdl | 1 + home/bin/monitor-dark-mode.sh | 4 ++++ home/bin/switch-helix-theme.sh | 15 +++++++++++++++ 3 files changed, 20 insertions(+) create mode 100755 home/bin/monitor-dark-mode.sh create mode 100755 home/bin/switch-helix-theme.sh diff --git a/home/.config/niri/config.kdl b/home/.config/niri/config.kdl index d1bb2b8..21a48db 100644 --- a/home/.config/niri/config.kdl +++ b/home/.config/niri/config.kdl @@ -337,6 +337,7 @@ screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" spawn-at-startup "dms" "run" spawn-at-startup "kdeconnect-indicator" +spawn-at-startup "~/rep/flocon/home/bin/monitor-dark-mode.sh" spawn-at-startup "xwayland-satellite" environment { diff --git a/home/bin/monitor-dark-mode.sh b/home/bin/monitor-dark-mode.sh new file mode 100755 index 0000000..e8cdaf4 --- /dev/null +++ b/home/bin/monitor-dark-mode.sh @@ -0,0 +1,4 @@ +#!/usr/bin/env sh + +gsettings monitor org.gnome.desktop.interface color-scheme \ + | xargs -L1 "${HOME}/rep/flocon/home/bin/switch-helix-theme.sh" diff --git a/home/bin/switch-helix-theme.sh b/home/bin/switch-helix-theme.sh new file mode 100755 index 0000000..f11f803 --- /dev/null +++ b/home/bin/switch-helix-theme.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash + +set -euox pipefail + +HELIX_CONFIG_PATH=$(readlink -f "${HOME}/.config/helix/config.toml") +HELIX_THEME_LIGHT="zed_onelight" +HELIX_THEME_DARK="kanagawa" + +if [[ "$2" == "prefer-dark" ]]; then + sed -i "s/^theme .*/theme = \"$HELIX_THEME_DARK\"/" "$HELIX_CONFIG_PATH" +else + sed -i "s/^theme .*/theme = \"$HELIX_THEME_LIGHT\"/" "$HELIX_CONFIG_PATH" +fi + +pkill -USR1 hx || true From 722ba001fbb777f2dc14b4f5116bff899d809cca Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 3 Nov 2025 23:51:20 +0100 Subject: [PATCH 267/376] ghostty: don't inherit cwd from other windows --- home/.config/ghostty/config | 1 + 1 file changed, 1 insertion(+) diff --git a/home/.config/ghostty/config b/home/.config/ghostty/config index 3925050..c1d975f 100644 --- a/home/.config/ghostty/config +++ b/home/.config/ghostty/config @@ -2,3 +2,4 @@ theme = dark:Kanagawa Wave,light:Builtin Light font-feature = -liga font-feature = -calt font-feature = -dlig +window-inherit-working-directory = false From b86866f121342c8916e58050d612471eceab3bed Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 3 Nov 2025 23:51:20 +0100 Subject: [PATCH 268/376] update flake inputs --- flake.lock | 164 +++++++++++++++++------------------------------------ 1 file changed, 53 insertions(+), 111 deletions(-) diff --git a/flake.lock b/flake.lock index 3f309eb..93f1f20 100644 --- a/flake.lock +++ b/flake.lock @@ -41,11 +41,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1762182473, - "narHash": "sha256-KaFiS6Mdxq+FNnYaZZICjPBvvtCKHyyM+gi6pCUL3zA=", + "lastModified": 1762423941, + "narHash": "sha256-2mahDC4N9CiR/VQR8EqHg0TZhf+ix8u4y2gbPr6qJ6w=", "ref": "refs/heads/main", - "rev": "62b64c3b3eb1e8fca386ba5f7db86b1226ca7b8b", - "revCount": 10977, + "rev": "9ddcda8f10c96c790fb83cf4004899d95fae891d", + "revCount": 11011, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -63,11 +63,11 @@ ] }, "locked": { - "lastModified": 1762197468, - "narHash": "sha256-qYmTekiWsnv9UzlRqVJWokLcuP11x2+zhRb/5rc6zFo=", + "lastModified": 1762704668, + "narHash": "sha256-wrLa8ZoEpAhQjIt9uHcPb47LvVcceA8ok6S7BeUeaC4=", "owner": "AvengeMedia", "repo": "DankMaterialShell", - "rev": "21e7ae3dfd7c4c5e9f41f6cf5630fca12c5e61b8", + "rev": "392a1c03c53ce916ec8d2ba61e852d34d2e1b9cb", "type": "github" }, "original": { @@ -111,11 +111,11 @@ ] }, "locked": { - "lastModified": 1760238269, - "narHash": "sha256-7CeGZM/Z/5Qt3AYByCRohGYGR1MRuXYzTTbkV/JxyAs=", + "lastModified": 1762435535, + "narHash": "sha256-QhzRn7pYN35IFpKjjxJAj3GPJECuC+VLhoGem3ezycc=", "owner": "AvengeMedia", "repo": "dgop", - "rev": "95acdfce2d323e28fa8f5a4f345160962034f2b5", + "rev": "6cf638dde818f9f8a2e26d0243179c43cb3458d7", "type": "github" }, "original": { @@ -132,11 +132,11 @@ ] }, "locked": { - "lastModified": 1761899396, - "narHash": "sha256-XOpKBp6HLzzMCbzW50TEuXN35zN5WGQREC7n34DcNMM=", + "lastModified": 1762276996, + "narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=", "owner": "nix-community", "repo": "disko", - "rev": "6f4cf5abbe318e4cd1e879506f6eeafd83f7b998", + "rev": "af087d076d3860760b3323f6b583f4d828c1ac17", "type": "github" }, "original": { @@ -152,11 +152,11 @@ ] }, "locked": { - "lastModified": 1761899396, - "narHash": "sha256-XOpKBp6HLzzMCbzW50TEuXN35zN5WGQREC7n34DcNMM=", + "lastModified": 1762276996, + "narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=", "owner": "nix-community", "repo": "disko", - "rev": "6f4cf5abbe318e4cd1e879506f6eeafd83f7b998", + "rev": "af087d076d3860760b3323f6b583f4d828c1ac17", "type": "github" }, "original": { @@ -167,18 +167,17 @@ }, "dms-cli": { "inputs": { - "gomod2nix": "gomod2nix", "nixpkgs": [ "dankMaterialShell", "nixpkgs" ] }, "locked": { - "lastModified": 1761135910, - "narHash": "sha256-51m0k2BN6EjUKZI/tRs563HqGPhsM639kwuXcqxuniM=", + "lastModified": 1762491516, + "narHash": "sha256-oGLH5Gje/p2Hc1kO3m8P5eAZ7JldBI30EmwzEET4cNU=", "owner": "AvengeMedia", "repo": "danklinux", - "rev": "d42b58f35c129e893819742746f11ef7e82be56f", + "rev": "050cf28a2963a7698ed4759736fe5fe77eee7cc2", "type": "github" }, "original": { @@ -215,11 +214,11 @@ ] }, "locked": { - "lastModified": 1762040540, - "narHash": "sha256-z5PlZ47j50VNF3R+IMS9LmzI5fYRGY/Z5O5tol1c9I4=", + "lastModified": 1762440070, + "narHash": "sha256-xxdepIcb39UJ94+YydGP221rjnpkDZUlykKuF54PsqI=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "0010412d62a25d959151790968765a70c436598b", + "rev": "26d05891e14c88eb4a5d5bee659c0db5afb609d8", "type": "github" }, "original": { @@ -230,7 +229,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1731533236, @@ -246,48 +245,6 @@ "type": "github" } }, - "flake-utils_2": { - "inputs": { - "systems": "systems_4" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "gomod2nix": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": [ - "dankMaterialShell", - "dms-cli", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1756047880, - "narHash": "sha256-JeuGh9kA1SPL70fnvpLxkIkCWpTjtoPaus3jzvdna0k=", - "owner": "nix-community", - "repo": "gomod2nix", - "rev": "47d628dc3b506bd28632e47280c6b89d3496909d", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "v1.7.0", - "repo": "gomod2nix", - "type": "github" - } - }, "hercules-ci-effects": { "inputs": { "flake-parts": [ @@ -320,11 +277,11 @@ ] }, "locked": { - "lastModified": 1762183399, - "narHash": "sha256-vr2aL1QLfERYTfYBgK8cW3T9eSdSEThH462wKaGlmEU=", + "lastModified": 1762704774, + "narHash": "sha256-iodz4xQbULkHqetbPu5BCSWsVEzZiiNSv0/dzfH4XiE=", "owner": "nix-community", "repo": "home-manager", - "rev": "a5fee077929ae2f2800c3087dce5e1abb4edfbc6", + "rev": "be4a9233dd3f6104c9b0fdd3d56f953eb519a4c7", "type": "github" }, "original": { @@ -395,14 +352,14 @@ "nixpkgs": [ "nixpkgs" ], - "systems": "systems_3" + "systems": "systems_2" }, "locked": { - "lastModified": 1761508322, - "narHash": "sha256-2VcdnUjIOEMQ87K5wv+Pbgko94PLygp1nrEYcVHk1v4=", + "lastModified": 1762639445, + "narHash": "sha256-5E9exwTb7Tr4+SCJLJl/giiouHDmNGFb+pobScH1TkY=", "owner": "InioX", "repo": "Matugen", - "rev": "c3c33ce96c39997e88d3f3bb4080bbc3ca93a8e8", + "rev": "4c8c1dc6055853eb62b1f15be2920961194ef4cd", "type": "github" }, "original": { @@ -419,11 +376,11 @@ ] }, "locked": { - "lastModified": 1762039661, - "narHash": "sha256-oM5BwAGE78IBLZn+AqxwH/saqwq3e926rNq5HmOulkc=", + "lastModified": 1762304480, + "narHash": "sha256-ikVIPB/ea/BAODk6aksgkup9k2jQdrwr4+ZRXtBgmSs=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "c3c8c9f2a5ed43175ac4dc030308756620e6e4e4", + "rev": "b8c7ac030211f18bd1f41eae0b815571853db7a2", "type": "github" }, "original": { @@ -462,11 +419,11 @@ }, "nixos-facter-modules": { "locked": { - "lastModified": 1761137276, - "narHash": "sha256-4lDjGnWRBLwqKQ4UWSUq6Mvxu9r8DSqCCydodW/Jsi8=", + "lastModified": 1762264948, + "narHash": "sha256-iaRf6n0KPl9hndnIft3blm1YTAyxSREV1oX0MFZ6Tk4=", "owner": "nix-community", "repo": "nixos-facter-modules", - "rev": "70bcd64225d167c7af9b475c4df7b5abba5c7de8", + "rev": "fa695bff9ec37fd5bbd7ee3181dbeb5f97f53c96", "type": "github" }, "original": { @@ -496,11 +453,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1762179181, - "narHash": "sha256-T4+TNfXlF/gHbcNCC2HY7sMGBKgqNzyYeMBWmcbH7/o=", + "lastModified": 1762463231, + "narHash": "sha256-hv1mG5j5PTbnWbtHHomzTus77pIxsc4x8VrMjc7+/YE=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "256770618502d2eda892af3ae91da5e386ce9586", + "rev": "52113c4f5cfd1e823001310e56d9c8d0699a6226", "type": "github" }, "original": { @@ -528,11 +485,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1762111121, - "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "lastModified": 1762596750, + "narHash": "sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV+3DSADBX7/9YQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "rev": "b6a8526db03f735b89dd5ff348f53f752e7ddc8e", "type": "github" }, "original": { @@ -588,11 +545,11 @@ ] }, "locked": { - "lastModified": 1762132580, - "narHash": "sha256-wyz5URCnImTGCvKFi1lL7hLUsAnkhOCT8hbEwTya0Lk=", + "lastModified": 1762630873, + "narHash": "sha256-3oBDTcYuTFk2e5xINUvXkmGy/NCosajTeFFZIgyrpZE=", "owner": "nix-community", "repo": "srvos", - "rev": "38df2ab11fa831d0715e3d58f934e385a871ca49", + "rev": "84e1e515d32e2d92098ed2a8d102d71ac58676e5", "type": "github" }, "original": { @@ -617,21 +574,6 @@ } }, "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_3": { "locked": { "lastModified": 1689347949, "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", @@ -646,7 +588,7 @@ "type": "github" } }, - "systems_4": { + "systems_3": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -690,11 +632,11 @@ ] }, "locked": { - "lastModified": 1761311587, - "narHash": "sha256-Msq86cR5SjozQGCnC6H8C+0cD4rnx91BPltZ9KK613Y=", + "lastModified": 1762366246, + "narHash": "sha256-3xc/f/ZNb5ma9Fc9knIzEwygXotA+0BZFQ5V5XovSOQ=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "2eddae033e4e74bf581c2d1dfa101f9033dbd2dc", + "rev": "a82c779ca992190109e431d7d680860e6723e048", "type": "github" }, "original": { @@ -705,17 +647,17 @@ }, "vicinae": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1762153854, - "narHash": "sha256-atFJwetnAf68duKurwdSRWK9iE1Lls2GqbLB+cxjlvo=", + "lastModified": 1762684504, + "narHash": "sha256-mpZcCsX2DyRtPiSRdYQBXuZQ+exguXRtXzdUgh+h+Pk=", "owner": "vicinaehq", "repo": "vicinae", - "rev": "f44603ee228ebd63e10457c1dfd9702f79d0eb65", + "rev": "184387ffd4087de7313e7d1dca7477c7cfa61756", "type": "github" }, "original": { From e5b17dad1e46863322cf4a1ddea721f09f12bb5b Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 3 Nov 2025 23:51:20 +0100 Subject: [PATCH 269/376] use vicinae launcher again (themed) --- home-manager/desktop/vicinae.nix | 6 +- home/.config/matugen/config.toml | 6 + home/.config/matugen/templates/vicinae.toml | 127 ++++++++++++++++++++ home/.config/niri/config.kdl | 10 +- 4 files changed, 147 insertions(+), 2 deletions(-) create mode 100644 home/.config/matugen/config.toml create mode 100644 home/.config/matugen/templates/vicinae.toml diff --git a/home-manager/desktop/vicinae.nix b/home-manager/desktop/vicinae.nix index 1ba4f4a..03f86fb 100644 --- a/home-manager/desktop/vicinae.nix +++ b/home-manager/desktop/vicinae.nix @@ -1,4 +1,4 @@ -{ inputs, ... }: +{ config, inputs, ... }: { imports = [ inputs.vicinae.homeManagerModules.default @@ -8,4 +8,8 @@ enable = true; autoStart = true; }; + + xdg.configFile."matugen/config.toml".source = "${config.dotfiles.path}/.config/matugen/config.toml"; + xdg.configFile."matugen/templates/vicinae.toml".source = + "${config.dotfiles.path}/.config/matugen/templates/vicinae.toml"; } diff --git a/home/.config/matugen/config.toml b/home/.config/matugen/config.toml new file mode 100644 index 0000000..e162dc3 --- /dev/null +++ b/home/.config/matugen/config.toml @@ -0,0 +1,6 @@ +[config] + +[templates.vicinae] +input_path = '~/.config/matugen/templates/vicinae.toml' +output_path = '~/.local/share/vicinae/themes/matugen.toml' +post_hook = 'vicinae theme set matugen' diff --git a/home/.config/matugen/templates/vicinae.toml b/home/.config/matugen/templates/vicinae.toml new file mode 100644 index 0000000..b56dbfb --- /dev/null +++ b/home/.config/matugen/templates/vicinae.toml @@ -0,0 +1,127 @@ +# Vicinae Matugen Theme Template +# Used LLM for initial generation, then modified to a satisfactory level + +[meta] +name = "Matugen" +description = "Material You theme generated by Matugen - {{mode}} variant" +variant = "{{mode}}" + +# ============================================================================ +# Core Colors +# ============================================================================ + +[colors.core] +accent = "{{colors.primary.default.hex}}" +accent_foreground = "{{colors.on_primary.default.hex}}" +background = "{{colors.surface.default.hex}}" +foreground = "{{colors.on_surface.default.hex}}" +secondary_background = "{{colors.surface_container.default.hex}}" +border = "{{colors.outline_variant.default.hex}}" + +# ============================================================================ +# Window Borders +# ============================================================================ + +[colors.main_window] +border = "{{colors.outline_variant.default.hex}}" + +[colors.settings_window] +border = "{{colors.outline.default.hex}}" + +# ============================================================================ +# Accent Palette +# ============================================================================ + +[colors.accents] +blue = "{{colors.primary.default.hex}}" +green = "{{colors.tertiary.default.hex}}" +magenta = "{{colors.secondary.default.hex}}" +orange = { name = "{{colors.error.default.hex}}", lighter = 40 } +red = "{{colors.error.default.hex}}" +yellow = { name = "{{colors.tertiary.default.hex}}", lighter = 80 } +cyan = { name = "{{colors.primary.default.hex}}", lighter = 50 } +purple = "{{colors.secondary.default.hex}}" + +# ============================================================================ +# Text System +# ============================================================================ + +[colors.text] +default = "{{colors.on_surface.default.hex}}" +muted = "{{colors.on_surface_variant.default.hex}}" +danger = "{{colors.error.default.hex}}" +success = "{{colors.tertiary.default.hex}}" +placeholder = { name = "{{colors.on_surface_variant.default.hex}}", opacity = 0.6 } + +[colors.text.selection] +background = "{{colors.primary.default.hex}}" +foreground = "{{colors.on_primary.default.hex}}" + +[colors.text.links] +default = "{{colors.primary.default.hex}}" +visited = { name = "{{colors.tertiary.default.hex}}", darker = 20 } + +# ============================================================================ +# Input Fields +# ============================================================================ + +[colors.input] +border = "{{colors.outline.default.hex}}" +border_focus = "{{colors.primary.default.hex}}" +border_error = "{{colors.error.default.hex}}" + +# ============================================================================ +# Buttons +# ============================================================================ + +[colors.button.primary] +background = "{{colors.surface_container_high.default.hex}}" +foreground = "{{colors.on_surface.default.hex}}" + +[colors.button.primary.hover] +background = "{{colors.surface_container_highest.default.hex}}" + +[colors.button.primary.focus] +outline = "{{colors.primary.default.hex}}" + +# ============================================================================ +# Lists +# ============================================================================ + +[colors.list.item.hover] +background = { name = "{{colors.primary_container.default.hex}}", opacity = 0.25 } +foreground = "{{colors.on_surface.default.hex}}" + +[colors.list.item.selection] +background = { name = "{{colors.primary_container.default.hex}}", opacity = 0.50 } +foreground = "{{colors.on_primary_container.default.hex}}" +secondary_background = "{{colors.primary_container.default.hex}}" +secondary_foreground = "{{colors.on_primary_container.default.hex}}" + +# ============================================================================ +# Grid Items +# ============================================================================ + +[colors.grid.item] +background = "{{colors.surface_container.default.hex}}" + +[colors.grid.item.hover] +outline = { name = "{{colors.secondary.default.hex}}", opacity = 0.8 } + +[colors.grid.item.selection] +outline = { name = "{{colors.primary.default.hex}}" } + +# ============================================================================ +# Scrollbars +# ============================================================================ + +[colors.scrollbars] +background = { name = "{{colors.primary.default.hex}}", opacity = 0.2 } + +# ============================================================================ +# Loading States +# ============================================================================ + +[colors.loading] +bar = "{{colors.primary.default.hex}}" +spinner = "{{colors.primary.default.hex}}" diff --git a/home/.config/niri/config.kdl b/home/.config/niri/config.kdl index 21a48db..c147d8d 100644 --- a/home/.config/niri/config.kdl +++ b/home/.config/niri/config.kdl @@ -143,7 +143,8 @@ binds { // Suggested binds for running programs: terminal, app launcher, screen locker. Mod+Return { spawn "ghostty" "+new-window"; } - Mod+D { spawn "dms" "ipc" "call" "spotlight" "toggle"; } + // Mod+D { spawn "dms" "ipc" "call" "spotlight" "toggle"; } + Mod+D { spawn "vicinae" "toggle"; } Super+Alt+L hotkey-overlay-title="Lock session" { spawn "loginctl" "lock-session"; } XF86AudioRaiseVolume allow-when-locked=true { spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.05+"; } @@ -153,6 +154,12 @@ binds { XF86MonBrightnessDown { spawn "brightnessctl" "set" "5%-"; } XF86MonBrightnessUp { spawn "brightnessctl" "set" "+5%"; } + // XF86MonBrightnessUp allow-when-locked=true { + // spawn "dms" "ipc" "call" "brightness" "increment" "5" ""; + // } + // XF86MonBrightnessDown allow-when-locked=true { + // spawn "dms" "ipc" "call" "brightness" "decrement" "5" ""; + // } XF86AudioPlay { spawn "playerctl" "play-pause"; } XF86AudioNext { spawn "playerctl" "next"; } @@ -338,6 +345,7 @@ screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" spawn-at-startup "dms" "run" spawn-at-startup "kdeconnect-indicator" spawn-at-startup "~/rep/flocon/home/bin/monitor-dark-mode.sh" +spawn-at-startup "vicinae" "server" spawn-at-startup "xwayland-satellite" environment { From ca14d549af567d5f2e019e2ab68b3f1a3d733662 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 3 Nov 2025 23:51:20 +0100 Subject: [PATCH 270/376] add gh and nixpkgs-review --- home-manager/dev.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home-manager/dev.nix b/home-manager/dev.nix index fb3b1e7..70c85a3 100644 --- a/home-manager/dev.nix +++ b/home-manager/dev.nix @@ -13,6 +13,7 @@ home.packages = with pkgs; [ direnv + gh hut jujutsu nix-output-monitor @@ -23,6 +24,7 @@ typescript-language-server nil # Nix language server nixfmt-rfc-style + nixpkgs-review ]; programs.direnv = { From 8f2f922d4591740c71766118bf6bd7ceb1d677d7 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 3 Nov 2025 23:51:20 +0100 Subject: [PATCH 271/376] alacritty: only link the config file (not dir) --- home-manager/desktop/terminal.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/home-manager/desktop/terminal.nix b/home-manager/desktop/terminal.nix index 5f35837..46ce790 100644 --- a/home-manager/desktop/terminal.nix +++ b/home-manager/desktop/terminal.nix @@ -15,7 +15,8 @@ ]; programs.alacritty.enable = true; - xdg.configFile."alacritty".source = "${config.dotfiles.path}/.config/alacritty"; + xdg.configFile."alacritty/alacritty.toml".source = + "${config.dotfiles.path}/.config/alacritty/alacritty.toml"; xdg.configFile."ghostty/config".source = "${config.dotfiles.path}/.config/ghostty/config"; } From 00d9b8f4ae4a866f38436daf6da61aec61e1a0d9 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 3 Nov 2025 23:51:20 +0100 Subject: [PATCH 272/376] niri: don't spawn vicinae server (user service) --- home/.config/niri/config.kdl | 1 - 1 file changed, 1 deletion(-) diff --git a/home/.config/niri/config.kdl b/home/.config/niri/config.kdl index c147d8d..b228bc3 100644 --- a/home/.config/niri/config.kdl +++ b/home/.config/niri/config.kdl @@ -345,7 +345,6 @@ screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" spawn-at-startup "dms" "run" spawn-at-startup "kdeconnect-indicator" spawn-at-startup "~/rep/flocon/home/bin/monitor-dark-mode.sh" -spawn-at-startup "vicinae" "server" spawn-at-startup "xwayland-satellite" environment { From a680d58664607b1546c0dbaf2031387ffdf129ba Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 3 Nov 2025 23:51:20 +0100 Subject: [PATCH 273/376] ghostty: use bigger font --- home/.config/ghostty/config | 1 + 1 file changed, 1 insertion(+) diff --git a/home/.config/ghostty/config b/home/.config/ghostty/config index c1d975f..9483b2a 100644 --- a/home/.config/ghostty/config +++ b/home/.config/ghostty/config @@ -2,4 +2,5 @@ theme = dark:Kanagawa Wave,light:Builtin Light font-feature = -liga font-feature = -calt font-feature = -dlig +font-size = 14 window-inherit-working-directory = false From 740ed6725ae9a802db82fa730afbfc19e7c15bc6 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 3 Nov 2025 23:51:20 +0100 Subject: [PATCH 274/376] move clan config to its own directory --- clan/flake-module.nix | 223 +++++++++++++++++++++++++++++++++ clan/machines.nix | 28 +++++ clan/network.nix | 20 +++ flake.nix | 3 +- machines/flake-module.nix | 253 -------------------------------------- 5 files changed, 272 insertions(+), 255 deletions(-) create mode 100644 clan/flake-module.nix create mode 100644 clan/machines.nix create mode 100644 clan/network.nix delete mode 100644 machines/flake-module.nix diff --git a/clan/flake-module.nix b/clan/flake-module.nix new file mode 100644 index 0000000..c1346bb --- /dev/null +++ b/clan/flake-module.nix @@ -0,0 +1,223 @@ +{ self, lib, ... }: +{ + imports = [ + ./machines.nix + ./network.nix + ]; + + clan.meta.name = "blossom"; + + clan.inventory.instances."rpqt-admin" = { + module.input = "clan-core"; + module.name = "admin"; + roles.default.tags.server = { }; + roles.default.machines.haze = { }; + roles.default.settings.allowedKeys = { + rpqt_haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze"; + nixbld_haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIyNC2sn5m7m52r4kVZqg0T7abqdz5xh/blU3cYtHKAE nixbld@haze"; + }; + }; + + clan.inventory.instances."sshd" = { + module.input = "clan-core"; + module.name = "sshd"; + roles.server.tags.all = { }; + roles.server.extraModules = [ + self.nixosModules.hardened-ssh-server + ]; + roles.server.settings = { + certificate.searchDomains = [ + "home.rpqt.fr" + ]; + }; + + roles.client.tags.all = { }; + roles.client.settings = { + certificate.searchDomains = [ + "home.rpqt.fr" + ]; + }; + }; + + clan.inventory.instances.user-rpqt = { + module.input = "clan-core"; + module.name = "users"; + roles.default.machines.haze = { + settings = { + user = "rpqt"; + }; + }; + roles.default.extraModules = [ + self.nixosModules.user-rpqt + ]; + }; + + clan.inventory.instances.common-config = { + module = { + input = "clan-core"; + name = "importer"; + }; + roles.default.tags.all = { }; + roles.default.extraModules = [ self.nixosModules.common ]; + }; + + clan.inventory.instances.server-config = { + module = { + input = "clan-core"; + name = "importer"; + }; + roles.default.tags.server = { }; + roles.default.extraModules = [ + { + nix.gc.automatic = lib.mkDefault true; + nix.gc.dates = lib.mkDefault "Mon 3:15"; + nix.gc.randomizedDelaySec = lib.mkDefault "30min"; + nix.gc.options = lib.mkDefault "--delete-older-than 30d"; + } + ]; + }; + + clan.inventory.instances."garage" = { + module.input = "clan-core"; + module.name = "garage"; + roles.default.tags.garage = { }; + }; + + clan.inventory.instances."garage-config" = { + module.input = "clan-core"; + module.name = "importer"; + roles.default.tags.garage = { }; + roles.default.extraModules = [ ../modules/garage.nix ]; + }; + + clan.inventory.instances."trusted-nix-caches" = { + module.input = "clan-core"; + module.name = "trusted-nix-caches"; + roles.default.tags.all = { }; + }; + + clan.inventory.instances."borgbackup-storagebox" = { + module.input = "clan-core"; + module.name = "borgbackup"; + + roles.client.machines = lib.genAttrs [ "crocus" "genepi" "verbena" ] ( + machine: + let + config = self.nixosConfigurations.${machine}.config; + user = "u422292"; + host = "${user}.your-storagebox.de"; + in + { + settings.destinations."storagebox-${config.networking.hostName}" = { + repo = "${user}@${host}:./borgbackup/${config.networking.hostName}"; + rsh = "ssh -oPort=23 -i ${ + config.clan.core.vars.generators.borgbackup.files."borgbackup.ssh".path + } -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"; + }; + } + ); + roles.client.extraModules = [ + ../modules/storagebox.nix + ]; + roles.server.machines = { }; + }; + + clan.inventory.instances.prometheus = { + module.input = "self"; + module.name = "@rpqt/prometheus"; + + roles.scraper.machines.genepi = { }; + roles.scraper.settings = { + extraScrapeConfigs = [ + { + job_name = "garage"; + static_configs = [ + { + labels.instance = "crocus"; + targets = [ "crocus.home.rpqt.fr:3903" ]; + } + { + labels.instance = "genepi"; + targets = [ "genepi.home.rpqt.fr:3903" ]; + } + { + labels.instance = "verbena"; + targets = [ "verbena.home.rpqt.fr:3903" ]; + } + ]; + authorization = { + type = "Bearer"; + credentials_file = + self.nixosConfigurations.verbena.config.clan.core.vars.generators.garage.files.metrics_token.path; + }; + } + ]; + }; + + roles.target.tags.server = { }; + roles.target.settings = { + exporters = { + node = { + enabledCollectors = [ + "systemd" + ]; + }; + }; + }; + }; + + clan.inventory.instances.syncthing = { + roles.peer.tags.syncthing = { }; + roles.peer.settings.folders = { + Documents = { + path = "~/Documents"; + }; + Music = { + path = "~/Music"; + }; + Pictures = { + path = "~/Pictures"; + }; + Videos = { + path = "~/Videos"; + }; + }; + roles.peer.settings.extraDevices = { + pixel-7a = { + id = "IZE7B4Z-LKTJY6Q-77NN4JG-ADYRC77-TYPZTXE-Q35BWV2-AEO7Q3R-ZE63IAU"; + name = "Pixel 7a"; + addresses = [ "dynamic" ]; + }; + }; + }; + + clan.inventory.instances.buildbot = { + module.input = "self"; + module.name = "@rpqt/buildbot"; + + roles.master.machines.verbena = { + settings = { + domain = "buildbot.turifer.dev"; + admins = [ "rpqt" ]; + topic = "buildbot-nix"; + gitea.instanceUrl = "https://git.turifer.dev"; + }; + }; + + roles.master.extraModules = [ + { + services.nginx.virtualHosts."buildbot.turifer.dev" = { + enableACME = true; + forceSSL = true; + }; + + security.acme.certs."buildbot.turifer.dev" = { + email = "admin@turifer.dev"; + }; + } + ]; + + roles.worker.machines.verbena = { }; + }; + +} diff --git a/clan/machines.nix b/clan/machines.nix new file mode 100644 index 0000000..8910a89 --- /dev/null +++ b/clan/machines.nix @@ -0,0 +1,28 @@ +{ + clan.inventory.machines = { + crocus = { + tags = [ + "garage" + "server" + ]; + }; + genepi = { + tags = [ + "garage" + "server" + "syncthing" + ]; + }; + haze = { + tags = [ + "syncthing" + ]; + }; + verbena = { + tags = [ + "garage" + "server" + ]; + }; + }; +} diff --git a/clan/network.nix b/clan/network.nix new file mode 100644 index 0000000..ee0286e --- /dev/null +++ b/clan/network.nix @@ -0,0 +1,20 @@ +{ + clan.inventory.instances.zerotier = { + roles.controller.machines.crocus = { }; + roles.moon.machines.crocus = { + settings = { + stableEndpoints = [ + "116.203.18.122" + "2a01:4f8:1c1e:e415::/64" + ]; + }; + }; + roles.peer.tags."all" = { }; + }; + + clan.inventory.instances.internet = { + roles.default.machines.verbena = { + settings.host = "git.turifer.dev"; + }; + }; +} diff --git a/flake.nix b/flake.nix index 10d9033..7019ce5 100644 --- a/flake.nix +++ b/flake.nix @@ -15,11 +15,10 @@ flake-parts.lib.mkFlake { inherit inputs; } ({ imports = [ inputs.clan-core.flakeModules.default - + ./clan/flake-module.nix ./clanServices/flake-module.nix ./devShells/flake-module.nix ./home-manager/flake-module.nix - ./machines/flake-module.nix ./modules/flake-module.nix ./packages/flake-module.nix ]; diff --git a/machines/flake-module.nix b/machines/flake-module.nix deleted file mode 100644 index 78a8862..0000000 --- a/machines/flake-module.nix +++ /dev/null @@ -1,253 +0,0 @@ -{ self, lib, ... }: -{ - clan = { - meta.name = "blossom"; - inventory.machines = { - crocus = { - tags = [ - "garage" - "server" - ]; - }; - genepi = { - tags = [ - "garage" - "server" - "syncthing" - ]; - }; - haze = { - tags = [ - "syncthing" - ]; - }; - verbena = { - tags = [ - "garage" - "server" - ]; - }; - }; - - inventory.instances = { - "rpqt-admin" = { - module.input = "clan-core"; - module.name = "admin"; - roles.default.tags.server = { }; - roles.default.machines.haze = { }; - roles.default.settings.allowedKeys = { - rpqt_haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze"; - }; - }; - - zerotier = { - roles.controller.machines.crocus = { }; - roles.moon.machines.crocus = { - settings = { - stableEndpoints = [ - "116.203.18.122" - "2a01:4f8:1c1e:e415::/64" - ]; - }; - }; - roles.peer.tags."all" = { }; - }; - - internet = { - roles.default.machines.verbena = { - settings.host = "git.turifer.dev"; - }; - }; - - "sshd" = { - module.input = "clan-core"; - module.name = "sshd"; - roles.server.tags.all = { }; - roles.server.extraModules = [ - self.nixosModules.hardened-ssh-server - ]; - }; - - user-rpqt = { - module.input = "clan-core"; - module.name = "users"; - roles.default.machines.haze = { - settings = { - user = "rpqt"; - }; - }; - roles.default.extraModules = [ - self.nixosModules.user-rpqt - ]; - }; - - common-config = { - module = { - input = "clan-core"; - name = "importer"; - }; - roles.default.tags.all = { }; - roles.default.extraModules = [ self.nixosModules.common ]; - }; - - server-config = { - module = { - input = "clan-core"; - name = "importer"; - }; - roles.default.tags.server = { }; - roles.default.extraModules = [ - { - nix.gc.automatic = lib.mkDefault true; - nix.gc.dates = lib.mkDefault "Mon 3:15"; - nix.gc.randomizedDelaySec = lib.mkDefault "30min"; - nix.gc.options = lib.mkDefault "--delete-older-than 30d"; - } - ]; - }; - - "garage" = { - module.input = "clan-core"; - module.name = "garage"; - roles.default.tags.garage = { }; - }; - - "garage-config" = { - module.input = "clan-core"; - module.name = "importer"; - roles.default.tags.garage = { }; - roles.default.extraModules = [ ../modules/garage.nix ]; - }; - - "trusted-nix-caches" = { - module.input = "clan-core"; - module.name = "trusted-nix-caches"; - roles.default.tags.all = { }; - }; - - "borgbackup-storagebox" = { - module.input = "clan-core"; - module.name = "borgbackup"; - - roles.client.machines = lib.genAttrs [ "crocus" "genepi" "verbena" ] ( - machine: - let - config = self.nixosConfigurations.${machine}.config; - user = "u422292"; - host = "${user}.your-storagebox.de"; - in - { - settings.destinations."storagebox-${config.networking.hostName}" = { - repo = "${user}@${host}:./borgbackup/${config.networking.hostName}"; - rsh = "ssh -oPort=23 -i ${ - config.clan.core.vars.generators.borgbackup.files."borgbackup.ssh".path - } -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"; - }; - } - ); - roles.client.extraModules = [ - ../modules/storagebox.nix - ]; - roles.server.machines = { }; - }; - - prometheus = { - module.input = "self"; - module.name = "@rpqt/prometheus"; - - roles.scraper.machines.genepi = { }; - roles.scraper.settings = { - extraScrapeConfigs = [ - { - job_name = "garage"; - static_configs = [ - { - labels.instance = "crocus"; - targets = [ "crocus.home.rpqt.fr:3903" ]; - } - { - labels.instance = "genepi"; - targets = [ "genepi.home.rpqt.fr:3903" ]; - } - { - labels.instance = "verbena"; - targets = [ "verbena.home.rpqt.fr:3903" ]; - } - ]; - authorization = { - type = "Bearer"; - credentials_file = - self.nixosConfigurations.verbena.config.clan.core.vars.generators.garage.files.metrics_token.path; - }; - } - ]; - }; - - roles.target.tags.server = { }; - roles.target.settings = { - exporters = { - node = { - enabledCollectors = [ - "systemd" - ]; - }; - }; - }; - }; - - syncthing = { - roles.peer.tags.syncthing = { }; - roles.peer.settings.folders = { - Documents = { - path = "~/Documents"; - }; - Music = { - path = "~/Music"; - }; - Pictures = { - path = "~/Pictures"; - }; - Videos = { - path = "~/Videos"; - }; - }; - roles.peer.settings.extraDevices = { - pixel-7a = { - id = "IZE7B4Z-LKTJY6Q-77NN4JG-ADYRC77-TYPZTXE-Q35BWV2-AEO7Q3R-ZE63IAU"; - name = "Pixel 7a"; - addresses = [ "dynamic" ]; - }; - }; - }; - - buildbot = { - module.input = "self"; - module.name = "@rpqt/buildbot"; - - roles.master.machines.verbena = { - settings = { - domain = "buildbot.turifer.dev"; - admins = [ "rpqt" ]; - topic = "buildbot-nix"; - gitea.instanceUrl = "https://git.turifer.dev"; - }; - }; - - roles.master.extraModules = [ - { - services.nginx.virtualHosts."buildbot.turifer.dev" = { - enableACME = true; - forceSSL = true; - }; - - security.acme.certs."buildbot.turifer.dev" = { - email = "admin@turifer.dev"; - }; - } - ]; - - roles.worker.machines.verbena = { }; - }; - }; - }; -} From 20b4d300ee732b9b5425a1763d20b37b8ad1a5c4 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 3 Nov 2025 23:51:20 +0100 Subject: [PATCH 275/376] clan: move monitoring to its own file --- clan/flake-module.nix | 45 +----------------------------------------- clan/monitoring.nix | 46 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 44 deletions(-) create mode 100644 clan/monitoring.nix diff --git a/clan/flake-module.nix b/clan/flake-module.nix index c1346bb..ee76cd4 100644 --- a/clan/flake-module.nix +++ b/clan/flake-module.nix @@ -2,6 +2,7 @@ { imports = [ ./machines.nix + ./monitoring.nix ./network.nix ]; @@ -122,50 +123,6 @@ roles.server.machines = { }; }; - clan.inventory.instances.prometheus = { - module.input = "self"; - module.name = "@rpqt/prometheus"; - - roles.scraper.machines.genepi = { }; - roles.scraper.settings = { - extraScrapeConfigs = [ - { - job_name = "garage"; - static_configs = [ - { - labels.instance = "crocus"; - targets = [ "crocus.home.rpqt.fr:3903" ]; - } - { - labels.instance = "genepi"; - targets = [ "genepi.home.rpqt.fr:3903" ]; - } - { - labels.instance = "verbena"; - targets = [ "verbena.home.rpqt.fr:3903" ]; - } - ]; - authorization = { - type = "Bearer"; - credentials_file = - self.nixosConfigurations.verbena.config.clan.core.vars.generators.garage.files.metrics_token.path; - }; - } - ]; - }; - - roles.target.tags.server = { }; - roles.target.settings = { - exporters = { - node = { - enabledCollectors = [ - "systemd" - ]; - }; - }; - }; - }; - clan.inventory.instances.syncthing = { roles.peer.tags.syncthing = { }; roles.peer.settings.folders = { diff --git a/clan/monitoring.nix b/clan/monitoring.nix new file mode 100644 index 0000000..668b23e --- /dev/null +++ b/clan/monitoring.nix @@ -0,0 +1,46 @@ +{ self, ... }: +{ + clan.inventory.instances.prometheus = { + module.input = "self"; + module.name = "@rpqt/prometheus"; + + roles.scraper.machines.genepi = { }; + roles.scraper.settings = { + extraScrapeConfigs = [ + { + job_name = "garage"; + static_configs = [ + { + labels.instance = "crocus"; + targets = [ "crocus.home.rpqt.fr:3903" ]; + } + { + labels.instance = "genepi"; + targets = [ "genepi.home.rpqt.fr:3903" ]; + } + { + labels.instance = "verbena"; + targets = [ "verbena.home.rpqt.fr:3903" ]; + } + ]; + authorization = { + type = "Bearer"; + credentials_file = + self.nixosConfigurations.verbena.config.clan.core.vars.generators.garage.files.metrics_token.path; + }; + } + ]; + }; + + roles.target.tags.server = { }; + roles.target.settings = { + exporters = { + node = { + enabledCollectors = [ + "systemd" + ]; + }; + }; + }; + }; +} From 53b1264c447e2da7e9f1ea400b878716387bf354 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 3 Nov 2025 23:51:20 +0100 Subject: [PATCH 276/376] clanServices/prometheus: fix IPv6 address brackets --- clanServices/prometheus/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clanServices/prometheus/default.nix b/clanServices/prometheus/default.nix index d034f42..58762f3 100644 --- a/clanServices/prometheus/default.nix +++ b/clanServices/prometheus/default.nix @@ -51,7 +51,7 @@ targetHost = targetConfig.clan.core.vars.generators.zerotier.files.zerotier-ip.value; in [ - "${targetHost}:${toString targetConfig.services.prometheus.exporters.${exporter}.port}" + "[${targetHost}]:${toString targetConfig.services.prometheus.exporters.${exporter}.port}" ]; labels.instance = machineName; }) machinesWithExporter; From 3f71e191f9f3e9ee7ccedf3e90959147bfda5373 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 3 Nov 2025 23:51:20 +0100 Subject: [PATCH 277/376] nextcloud: move db init to clan --- modules/nextcloud.nix | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index c4be039..745cd30 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -38,15 +38,14 @@ in }; }; - services.postgresql = { + clan.core.postgresql = { enable = true; - ensureDatabases = [ "nextcloud" ]; - ensureUsers = [ - { - name = "nextcloud"; - ensureDBOwnership = true; - } - ]; + databases = { + nextcloud = { + create.enable = true; + restore.stopOnRestore = [ "nextcloud" ]; + }; + }; }; systemd.services."nextcloud-setup" = { From 9577209e6781cbec1eb9ad4d4037f3a939d5c8b0 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 3 Nov 2025 23:51:20 +0100 Subject: [PATCH 278/376] glance: add prometheus --- machines/genepi/glance-config.nix | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/machines/genepi/glance-config.nix b/machines/genepi/glance-config.nix index 53b991d..1a47296 100644 --- a/machines/genepi/glance-config.nix +++ b/machines/genepi/glance-config.nix @@ -44,11 +44,6 @@ url = "https://images.home.rpqt.fr"; icon = "sh:immich"; } - { - title = "Grafana"; - url = "https://grafana.home.rpqt.fr"; - icon = "sh:grafana"; - } { title = "FreshRSS"; url = "https://rss.home.rpqt.fr"; @@ -96,6 +91,23 @@ } ]; } + { + type = "monitor"; + cache = "1m"; + title = "Monitoring"; + sites = [ + { + title = "Grafana"; + url = "https://grafana.home.rpqt.fr"; + icon = "sh:grafana"; + } + { + title = "Prometheus"; + url = "http://genepi.home.rpqt.fr:9090"; + icon = "sh:prometheus"; + } + ]; + } { type = "monitor"; cache = "1m"; From 267807ae66ab770ff82bcd205815f701e8423607 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 3 Nov 2025 23:51:20 +0100 Subject: [PATCH 279/376] vicinae: link config file instead of generating it --- home-manager/desktop/vicinae.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/home-manager/desktop/vicinae.nix b/home-manager/desktop/vicinae.nix index 03f86fb..9af3754 100644 --- a/home-manager/desktop/vicinae.nix +++ b/home-manager/desktop/vicinae.nix @@ -1,4 +1,9 @@ -{ config, inputs, ... }: +{ + config, + inputs, + lib, + ... +}: { imports = [ inputs.vicinae.homeManagerModules.default @@ -9,6 +14,9 @@ autoStart = true; }; + xdg.configFile."vicinae/vicinae.json".source = + lib.mkForce "${config.dotfiles.path}/.config/vicinae/vicinae.json"; + xdg.configFile."matugen/config.toml".source = "${config.dotfiles.path}/.config/matugen/config.toml"; xdg.configFile."matugen/templates/vicinae.toml".source = "${config.dotfiles.path}/.config/matugen/templates/vicinae.toml"; From 24e8d8e8239b053d9899a459256493ce9962734c Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 3 Nov 2025 23:51:20 +0100 Subject: [PATCH 280/376] glance: fix pinchflat icon --- machines/genepi/glance-config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/genepi/glance-config.nix b/machines/genepi/glance-config.nix index 1a47296..569ae62 100644 --- a/machines/genepi/glance-config.nix +++ b/machines/genepi/glance-config.nix @@ -67,7 +67,7 @@ { title = "Pinchflat"; url = "https://pinchflat.home.rpqt.fr"; - icon = "sh:pinchflat"; + icon = "https://cdn.jsdelivr.net/gh/selfhst/icons/png/pinchflat.png"; } { title = "Home Assistant"; From c048448b6aaafb88ca7326e68f4fb9c5e2172b5a Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 3 Nov 2025 23:51:20 +0100 Subject: [PATCH 281/376] update flake inputs --- flake.lock | 130 ++++++++++++++++++++++------------------------------- 1 file changed, 54 insertions(+), 76 deletions(-) diff --git a/flake.lock b/flake.lock index 93f1f20..9409c9d 100644 --- a/flake.lock +++ b/flake.lock @@ -41,11 +41,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1762423941, - "narHash": "sha256-2mahDC4N9CiR/VQR8EqHg0TZhf+ix8u4y2gbPr6qJ6w=", + "lastModified": 1763669555, + "narHash": "sha256-uYXZM7u2P6mAMH4JLWYrE/16tZlur+iiKTeYexobf9g=", "ref": "refs/heads/main", - "rev": "9ddcda8f10c96c790fb83cf4004899d95fae891d", - "revCount": 11011, + "rev": "edc92e561600b4f778ba1b88e357ee2305c5038a", + "revCount": 11117, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -57,17 +57,16 @@ "dankMaterialShell": { "inputs": { "dgop": "dgop", - "dms-cli": "dms-cli", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1762704668, - "narHash": "sha256-wrLa8ZoEpAhQjIt9uHcPb47LvVcceA8ok6S7BeUeaC4=", + "lastModified": 1763701643, + "narHash": "sha256-6lytTY75PO2tIbptdF6xM9QMhoRE4O94/E1teR55LAQ=", "owner": "AvengeMedia", "repo": "DankMaterialShell", - "rev": "392a1c03c53ce916ec8d2ba61e852d34d2e1b9cb", + "rev": "dfe2f3771b10b5d042a2d7eca04361e64df6431a", "type": "github" }, "original": { @@ -92,11 +91,11 @@ ] }, "locked": { - "lastModified": 1760612273, - "narHash": "sha256-pP/bSqUHubxAOTI7IHD5ZBQ2Qm11Nb4pXXTPv334UEM=", - "rev": "0099739c78be750b215cbdefafc9ba1533609393", + "lastModified": 1762942435, + "narHash": "sha256-zIWGs5FIytTtJN+dhDb8Yx+q4TQI/yczuL539yVcyPE=", + "rev": "0ee328404b12c65e8106bde9e9fab8abf4ecada4", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/0099739c78be750b215cbdefafc9ba1533609393.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/0ee328404b12c65e8106bde9e9fab8abf4ecada4.tar.gz" }, "original": { "type": "tarball", @@ -132,11 +131,11 @@ ] }, "locked": { - "lastModified": 1762276996, - "narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=", + "lastModified": 1763651264, + "narHash": "sha256-8vvwZbw0s7YvBMJeyPVpWke6lg6ROgtts5N2/SMCcv4=", "owner": "nix-community", "repo": "disko", - "rev": "af087d076d3860760b3323f6b583f4d828c1ac17", + "rev": "e86a89079587497174ccab6d0d142a65811a4fd9", "type": "github" }, "original": { @@ -152,11 +151,11 @@ ] }, "locked": { - "lastModified": 1762276996, - "narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=", + "lastModified": 1763651264, + "narHash": "sha256-8vvwZbw0s7YvBMJeyPVpWke6lg6ROgtts5N2/SMCcv4=", "owner": "nix-community", "repo": "disko", - "rev": "af087d076d3860760b3323f6b583f4d828c1ac17", + "rev": "e86a89079587497174ccab6d0d142a65811a4fd9", "type": "github" }, "original": { @@ -165,27 +164,6 @@ "type": "github" } }, - "dms-cli": { - "inputs": { - "nixpkgs": [ - "dankMaterialShell", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1762491516, - "narHash": "sha256-oGLH5Gje/p2Hc1kO3m8P5eAZ7JldBI30EmwzEET4cNU=", - "owner": "AvengeMedia", - "repo": "danklinux", - "rev": "050cf28a2963a7698ed4759736fe5fe77eee7cc2", - "type": "github" - }, - "original": { - "owner": "AvengeMedia", - "repo": "danklinux", - "type": "github" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -214,11 +192,11 @@ ] }, "locked": { - "lastModified": 1762440070, - "narHash": "sha256-xxdepIcb39UJ94+YydGP221rjnpkDZUlykKuF54PsqI=", + "lastModified": 1762980239, + "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "26d05891e14c88eb4a5d5bee659c0db5afb609d8", + "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da", "type": "github" }, "original": { @@ -277,11 +255,11 @@ ] }, "locked": { - "lastModified": 1762704774, - "narHash": "sha256-iodz4xQbULkHqetbPu5BCSWsVEzZiiNSv0/dzfH4XiE=", + "lastModified": 1763416652, + "narHash": "sha256-8EBEEvtzQ11LCxpQHMNEBQAGtQiCu/pqP9zSovDSbNM=", "owner": "nix-community", "repo": "home-manager", - "rev": "be4a9233dd3f6104c9b0fdd3d56f953eb519a4c7", + "rev": "ea164b7c9ccdc2321379c2ff78fd4317b4c41312", "type": "github" }, "original": { @@ -298,11 +276,11 @@ ] }, "locked": { - "lastModified": 1758101718, - "narHash": "sha256-qxY1q6ppBK5zWueAWVibiQLXUKbmot3/Zlb+J6q7RS0=", + "lastModified": 1762970543, + "narHash": "sha256-7ipFVC9pvI564c22b1dIEzSQ8dZXK3cxh/tF/4tX38c=", "owner": "ignis-sh", "repo": "ignis", - "rev": "57017f8fbde4c4c67bdd4fa69c72589358882928", + "rev": "ba8b0e11c2462afc9fdc30ce6a72b4e94e8ee7c4", "type": "github" }, "original": { @@ -355,11 +333,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1762639445, - "narHash": "sha256-5E9exwTb7Tr4+SCJLJl/giiouHDmNGFb+pobScH1TkY=", + "lastModified": 1763355108, + "narHash": "sha256-u5gCg+oA1car16NA7UL2dVjZGdD/RXJCt0srVFwCnmA=", "owner": "InioX", "repo": "Matugen", - "rev": "4c8c1dc6055853eb62b1f15be2920961194ef4cd", + "rev": "e216c4bf66899694b19b10369f9fa0275d739cff", "type": "github" }, "original": { @@ -376,11 +354,11 @@ ] }, "locked": { - "lastModified": 1762304480, - "narHash": "sha256-ikVIPB/ea/BAODk6aksgkup9k2jQdrwr4+ZRXtBgmSs=", + "lastModified": 1763505477, + "narHash": "sha256-nJRd4LY2kT3OELfHqdgWjvToNZ4w+zKCMzS2R6z4sXE=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "b8c7ac030211f18bd1f41eae0b815571853db7a2", + "rev": "3bda9f6b14161becbd07b3c56411f1670e19b9b5", "type": "github" }, "original": { @@ -391,11 +369,11 @@ }, "nix-select": { "locked": { - "lastModified": 1755887746, - "narHash": "sha256-lzWbpHKX0WAn/jJDoCijIDss3rqYIPawe46GDaE6U3g=", - "rev": "92c2574c5e113281591be01e89bb9ddb31d19156", + "lastModified": 1763303120, + "narHash": "sha256-yxcNOha7Cfv2nhVpz9ZXSNKk0R7wt4AiBklJ8D24rVg=", + "rev": "3d1e3860bef36857a01a2ddecba7cdb0a14c35a9", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/nix-select/archive/92c2574c5e113281591be01e89bb9ddb31d19156.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/nix-select/archive/3d1e3860bef36857a01a2ddecba7cdb0a14c35a9.tar.gz" }, "original": { "type": "tarball", @@ -453,11 +431,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1762463231, - "narHash": "sha256-hv1mG5j5PTbnWbtHHomzTus77pIxsc4x8VrMjc7+/YE=", + "lastModified": 1762847253, + "narHash": "sha256-BWWnUUT01lPwCWUvS0p6Px5UOBFeXJ8jR+ZdLX8IbrU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "52113c4f5cfd1e823001310e56d9c8d0699a6226", + "rev": "899dc449bc6428b9ee6b3b8f771ca2b0ef945ab9", "type": "github" }, "original": { @@ -485,11 +463,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1762596750, - "narHash": "sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV+3DSADBX7/9YQ=", + "lastModified": 1763421233, + "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b6a8526db03f735b89dd5ff348f53f752e7ddc8e", + "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648", "type": "github" }, "original": { @@ -525,11 +503,11 @@ ] }, "locked": { - "lastModified": 1760998189, - "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=", + "lastModified": 1763607916, + "narHash": "sha256-VefBA1JWRXM929mBAFohFUtQJLUnEwZ2vmYUNkFnSjE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3", + "rev": "877bb495a6f8faf0d89fc10bd142c4b7ed2bcc0b", "type": "github" }, "original": { @@ -545,11 +523,11 @@ ] }, "locked": { - "lastModified": 1762630873, - "narHash": "sha256-3oBDTcYuTFk2e5xINUvXkmGy/NCosajTeFFZIgyrpZE=", + "lastModified": 1763600374, + "narHash": "sha256-CPBFJSZrHD/TguhjBzXKaqwtMGz7ac8bX5KZ9dJfdu0=", "owner": "nix-community", "repo": "srvos", - "rev": "84e1e515d32e2d92098ed2a8d102d71ac58676e5", + "rev": "66d01f019faeacda79b8d81cb37c8094685cb333", "type": "github" }, "original": { @@ -632,11 +610,11 @@ ] }, "locked": { - "lastModified": 1762366246, - "narHash": "sha256-3xc/f/ZNb5ma9Fc9knIzEwygXotA+0BZFQ5V5XovSOQ=", + "lastModified": 1762938485, + "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "a82c779ca992190109e431d7d680860e6723e048", + "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4", "type": "github" }, "original": { @@ -653,11 +631,11 @@ ] }, "locked": { - "lastModified": 1762684504, - "narHash": "sha256-mpZcCsX2DyRtPiSRdYQBXuZQ+exguXRtXzdUgh+h+Pk=", + "lastModified": 1763505293, + "narHash": "sha256-huleUPkt0iZJZy4e/KPhcHK4ueeqaqiMUu7Ft6NVDFU=", "owner": "vicinaehq", "repo": "vicinae", - "rev": "184387ffd4087de7313e7d1dca7477c7cfa61756", + "rev": "e600ffc4ad1e87f3389327adfab8bb8d2f34261e", "type": "github" }, "original": { From 92e49d0c9ca08d2f5815e069e017d949d6478209 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 21 Nov 2025 16:59:22 +0100 Subject: [PATCH 282/376] Update vars via generator wireguard-keys-wireguard for machine verbena --- .../privatekey/machines/verbena | 1 + .../wireguard-keys-wireguard/privatekey/secret | 18 ++++++++++++++++++ .../privatekey/users/rpqt | 1 + .../wireguard-keys-wireguard/publickey/value | 1 + 4 files changed, 21 insertions(+) create mode 120000 vars/per-machine/verbena/wireguard-keys-wireguard/privatekey/machines/verbena create mode 100644 vars/per-machine/verbena/wireguard-keys-wireguard/privatekey/secret create mode 120000 vars/per-machine/verbena/wireguard-keys-wireguard/privatekey/users/rpqt create mode 100644 vars/per-machine/verbena/wireguard-keys-wireguard/publickey/value diff --git a/vars/per-machine/verbena/wireguard-keys-wireguard/privatekey/machines/verbena b/vars/per-machine/verbena/wireguard-keys-wireguard/privatekey/machines/verbena new file mode 120000 index 0000000..e061a4c --- /dev/null +++ b/vars/per-machine/verbena/wireguard-keys-wireguard/privatekey/machines/verbena @@ -0,0 +1 @@ +../../../../../../sops/machines/verbena \ No newline at end of file diff --git a/vars/per-machine/verbena/wireguard-keys-wireguard/privatekey/secret b/vars/per-machine/verbena/wireguard-keys-wireguard/privatekey/secret new file mode 100644 index 0000000..ebbb1f9 --- /dev/null +++ b/vars/per-machine/verbena/wireguard-keys-wireguard/privatekey/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:Le4PZ5jFQXxJYGb8LgjrK4xWbjGvVgRziD1IYove4qmoIYfxNmbb8zZxctZA,iv:PqFFN7WM9oMXk1w8S3Gcqv5nIpaB7KrcqCIsX0L2ONg=,tag:SpVwb//AdQUmMhFf0RzMWQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGSVVjZklZalhseTVNQlpQ\nUG95b3FGeitxNkgyN1dCOFlKNWJMNk9BKzJFCmNyMEk3OUtiZWRhZGNuNGlvblVS\nT0hUZnMxQVJrY1EyUHI0dmNUZjloeUkKLS0tIEZRaWQyNWNjR1p6NW9zY1o5ODhh\ncFBxbmtDTEZ0aFRoelZOakxoUTJlOUUKN2AsY9Tv/5tpZarqpHyk0iBwh233bhVB\nHrFk+991bzxwZ5F0KeObg0yu10C7TfzxKOM9wYmbNeZf29yDSNKsPg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYSWk4ZFB1S3ZPNlo2czJx\nZ0FWR1BLSEhxMFZtbFlVQzNtUHhub2Z0a2pBCk56QUJaejJBY3hNd2tNMDJqbmZW\nRVAvSVByZ2FuV2dVOWtjWEl1d0gxT0UKLS0tIHdLM2xXVlAvZkxvWmFyeVBTVzUr\naTF2cUlzMmpET01FK0NpR3lacFdPUzgKwy9/GGkmP1XKefAxxDEqqcIlhMjMm7Zu\n36jkKo3OqOScyW7F56qQ8dueukJcPMmuWl4zMKku+yyhm8pvmKtg7w==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-11-21T15:59:22Z", + "mac": "ENC[AES256_GCM,data:5b0R/lLXv2WL5WJ1p+lzzvU11VshSrs20eND7sROcvZ+9bIC0sX8wAozyTPMsPvXEMpgDk2HWkULaJH//zZ6jjC8i+b9c4vOvj+qF02uea6+KwhC/ZvAhZzNkHe53zyLcfI+N8/p2tPkZwEZfpNln36GKRtyxHQrzlCmSrRWrpI=,iv:gSN7EpfGZexA1pEIKel3Q6V2SPWXbfUXtHF2LqTm14E=,tag:JWkTFLOxsRP/phNLKBQONA==,type:str]", + "version": "3.11.0" + } +} diff --git a/vars/per-machine/verbena/wireguard-keys-wireguard/privatekey/users/rpqt b/vars/per-machine/verbena/wireguard-keys-wireguard/privatekey/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/verbena/wireguard-keys-wireguard/privatekey/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file diff --git a/vars/per-machine/verbena/wireguard-keys-wireguard/publickey/value b/vars/per-machine/verbena/wireguard-keys-wireguard/publickey/value new file mode 100644 index 0000000..3ecfd22 --- /dev/null +++ b/vars/per-machine/verbena/wireguard-keys-wireguard/publickey/value @@ -0,0 +1 @@ +KiRDNfRjn9Y8HmHuFdK4CgJyY5p9QLjgMAwhYJB+qzY= From 575e78e4735323d524ecb955e27bc02d94550be2 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 21 Nov 2025 16:59:22 +0100 Subject: [PATCH 283/376] Update vars via generator wireguard-network-wireguard for machine verbena --- .../verbena/wireguard-network-wireguard/.validation-hash | 1 + .../per-machine/verbena/wireguard-network-wireguard/prefix/value | 1 + 2 files changed, 2 insertions(+) create mode 100644 vars/per-machine/verbena/wireguard-network-wireguard/.validation-hash create mode 100644 vars/per-machine/verbena/wireguard-network-wireguard/prefix/value diff --git a/vars/per-machine/verbena/wireguard-network-wireguard/.validation-hash b/vars/per-machine/verbena/wireguard-network-wireguard/.validation-hash new file mode 100644 index 0000000..0a8e2fa --- /dev/null +++ b/vars/per-machine/verbena/wireguard-network-wireguard/.validation-hash @@ -0,0 +1 @@ +bb4d45d8f4c57db556ce4fb89236761a1fce2b7815628b103932b895230c3acf \ No newline at end of file diff --git a/vars/per-machine/verbena/wireguard-network-wireguard/prefix/value b/vars/per-machine/verbena/wireguard-network-wireguard/prefix/value new file mode 100644 index 0000000..de23f70 --- /dev/null +++ b/vars/per-machine/verbena/wireguard-network-wireguard/prefix/value @@ -0,0 +1 @@ +fd28:387a:90:c400 \ No newline at end of file From e42cb7edd3ca96aa672a41782f4d7100d5be65c6 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 21 Nov 2025 17:24:47 +0100 Subject: [PATCH 284/376] Update vars via generator wireguard-keys-wireguard for machine haze --- .../privatekey/machines/haze | 1 + .../wireguard-keys-wireguard/privatekey/secret | 18 ++++++++++++++++++ .../privatekey/users/rpqt | 1 + .../wireguard-keys-wireguard/publickey/value | 1 + 4 files changed, 21 insertions(+) create mode 120000 vars/per-machine/haze/wireguard-keys-wireguard/privatekey/machines/haze create mode 100644 vars/per-machine/haze/wireguard-keys-wireguard/privatekey/secret create mode 120000 vars/per-machine/haze/wireguard-keys-wireguard/privatekey/users/rpqt create mode 100644 vars/per-machine/haze/wireguard-keys-wireguard/publickey/value diff --git a/vars/per-machine/haze/wireguard-keys-wireguard/privatekey/machines/haze b/vars/per-machine/haze/wireguard-keys-wireguard/privatekey/machines/haze new file mode 120000 index 0000000..db9551a --- /dev/null +++ b/vars/per-machine/haze/wireguard-keys-wireguard/privatekey/machines/haze @@ -0,0 +1 @@ +../../../../../../sops/machines/haze \ No newline at end of file diff --git a/vars/per-machine/haze/wireguard-keys-wireguard/privatekey/secret b/vars/per-machine/haze/wireguard-keys-wireguard/privatekey/secret new file mode 100644 index 0000000..cc42dc6 --- /dev/null +++ b/vars/per-machine/haze/wireguard-keys-wireguard/privatekey/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:qEKpqsrZN2K5tvq3uUeQm1EGJFwF6Y/Gt/xI4PPRfCtqQujkFOtDcHfjGclX,iv:Qfv6vMwHfFp3Ao3rKsed4WIyj4qY68v18HoATl9GtYU=,tag:AvWpclBxN8cVvUswz57tTQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRytnMit1Y2xmbVdCaDNt\nWFRSeEtON21CNUZvL3Jhb2dCU1pReDBia0hvCmh6QlNJbzdleUxza0hTVU1URXVr\nZkpjWCtWNlZzYkxQbzVhdnd0UmpRL2cKLS0tIEowaGV6Y0NCdDM3ZmFGMW1uK2hQ\nUUpBalNZUkNUTmQxREhjTHhCV2lMaGMKTj2V0TA5cDImdi65RKzhhWSY31ePpIra\nI0OJpHLgix4uO73kknrTsswt4YBzT58d8pWw5ELAA0OyOZbXAJvJ8Q==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzMU4zVUVZWW95RzB3bzB2\ndkhzNXNzV1A1VWlFQUxaYS83cWpQektVdERZCkZsUWtZUFlYVjlsN3VBcmExWnlm\nTEN0MldPMFc3VmFJMTB3ZVUxd0h5WTAKLS0tIFRCK1plN0pHSzVWeU5pa0FRNzRQ\nN1ErSW9qVmx0VDF3Rk5hek9WTFJZYXMK4t2d4oExSAkvzOo9nB/5k2S3asOpRcAc\nggj/Bgwlmli1M/rMQRgi3Bui2UwV6bcrQ/9kT0RDdHcYdfnMhdTPNQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-11-21T16:24:47Z", + "mac": "ENC[AES256_GCM,data:uW7rkOZGqrhOZr16MJZNiYD6niGqFdzbhC4sOmdY4l2K/Q+esAycgSakPrVGLi/h0QFGlo8/xBPu1wvCFWiklPDaoPLwyHpZefAr3szmJ751Zo8gJPUPvYFOkGgBNIDYDxg/gyCxAu63M1v+rY2YD2tsegMw0xEAAyusC9rxocM=,iv:fN1537itb9ohJ2dNuQaPRLxKmV7mWJSs15jkEBNjS6U=,tag:q62fQfBBzJ2GjybhbRCViQ==,type:str]", + "version": "3.11.0" + } +} diff --git a/vars/per-machine/haze/wireguard-keys-wireguard/privatekey/users/rpqt b/vars/per-machine/haze/wireguard-keys-wireguard/privatekey/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/haze/wireguard-keys-wireguard/privatekey/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file diff --git a/vars/per-machine/haze/wireguard-keys-wireguard/publickey/value b/vars/per-machine/haze/wireguard-keys-wireguard/publickey/value new file mode 100644 index 0000000..cf95443 --- /dev/null +++ b/vars/per-machine/haze/wireguard-keys-wireguard/publickey/value @@ -0,0 +1 @@ +DX/Oxm7ESVkJlq8gkwGeLG8gpTP15URo4IBTAWcypi4= From 08f14e8d9f3f4bfec10ad21833cf9d9030fe392d Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 21 Nov 2025 17:24:47 +0100 Subject: [PATCH 285/376] Update vars via generator wireguard-network-wireguard for machine haze --- .../haze/wireguard-network-wireguard/.validation-hash | 1 + vars/per-machine/haze/wireguard-network-wireguard/suffix/value | 1 + 2 files changed, 2 insertions(+) create mode 100644 vars/per-machine/haze/wireguard-network-wireguard/.validation-hash create mode 100644 vars/per-machine/haze/wireguard-network-wireguard/suffix/value diff --git a/vars/per-machine/haze/wireguard-network-wireguard/.validation-hash b/vars/per-machine/haze/wireguard-network-wireguard/.validation-hash new file mode 100644 index 0000000..3a66342 --- /dev/null +++ b/vars/per-machine/haze/wireguard-network-wireguard/.validation-hash @@ -0,0 +1 @@ +8bdf8580329052d98be05520e25f51bc9be58da446951f95962e9924ca336235 \ No newline at end of file diff --git a/vars/per-machine/haze/wireguard-network-wireguard/suffix/value b/vars/per-machine/haze/wireguard-network-wireguard/suffix/value new file mode 100644 index 0000000..c042739 --- /dev/null +++ b/vars/per-machine/haze/wireguard-network-wireguard/suffix/value @@ -0,0 +1 @@ +840e:e9db:4c08:b920 \ No newline at end of file From 11c3e8713209a7ef189914d77c3f5b098ea4e85c Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 21 Nov 2025 17:53:25 +0100 Subject: [PATCH 286/376] Update vars via generator wireguard-keys-wireguard for machine crocus --- .../privatekey/machines/crocus | 1 + .../wireguard-keys-wireguard/privatekey/secret | 18 ++++++++++++++++++ .../privatekey/users/rpqt | 1 + .../wireguard-keys-wireguard/publickey/value | 1 + 4 files changed, 21 insertions(+) create mode 120000 vars/per-machine/crocus/wireguard-keys-wireguard/privatekey/machines/crocus create mode 100644 vars/per-machine/crocus/wireguard-keys-wireguard/privatekey/secret create mode 120000 vars/per-machine/crocus/wireguard-keys-wireguard/privatekey/users/rpqt create mode 100644 vars/per-machine/crocus/wireguard-keys-wireguard/publickey/value diff --git a/vars/per-machine/crocus/wireguard-keys-wireguard/privatekey/machines/crocus b/vars/per-machine/crocus/wireguard-keys-wireguard/privatekey/machines/crocus new file mode 120000 index 0000000..efe6fd0 --- /dev/null +++ b/vars/per-machine/crocus/wireguard-keys-wireguard/privatekey/machines/crocus @@ -0,0 +1 @@ +../../../../../../sops/machines/crocus \ No newline at end of file diff --git a/vars/per-machine/crocus/wireguard-keys-wireguard/privatekey/secret b/vars/per-machine/crocus/wireguard-keys-wireguard/privatekey/secret new file mode 100644 index 0000000..8620778 --- /dev/null +++ b/vars/per-machine/crocus/wireguard-keys-wireguard/privatekey/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:9b2ag6EGvzC6t2cyXizkfrJKObu9JOUUUU9gytBHnxZJ0msP+3smDvWYz6o9,iv:HMNem8T09zQfa7Jyg6eLjCpIIYaRbPjqXtquUH4K9wk=,tag:Mp6cmcPm+/IgeuXmgdFy9A==,type:str]", + "sops": { + "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnWFN2eTRhYkF3eGMxSVBj\nRmV6aEl6TkFrYVNaSkZNeUt4SkJ0eFpnc3pjClluVExKZnlmZXZiZit0cGx1bmt2\nSTVXVDlUTjJvSDhvODFJT3JSRmFxWmcKLS0tIGpzSzh1NHM3U3ZCYWlkUHA1c1A5\nUENpMW5yS0xXSjYwOG42NGF4cWJQVkUK+o27ZfTVlD1tmqOXll3mTNKDPbmdpqLf\nDd51tfokYg7BVAP4bhgL2CbkH2p8qJdHmo6UcT77Pxvan1MCcgg8tw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZY1VKMHIwbkNTRm91c1Vn\nOVZjWVhrTW5lMlFtaUdTcktWY2JrMFVHMGw0CjJrTWZlbkZKYm5XMGpZeW1pK0t2\nZEw3UTRzZGFBQlVRQlo4UFpLdjl3amMKLS0tIGdCNUtPVEd1U25pZVFYakR0MkR0\nSy9yQXBXOHBvbGdVU2wxOW5Kd0tDSU0KX+iIRVmYse0ECpDFXs16Rv6TE+vcX4qR\nqSBnIZJeeTsva/T0tXXnwSnIG8/nKtHzYPu+j75Sb3d7lXO6h0USGw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-11-21T16:53:25Z", + "mac": "ENC[AES256_GCM,data:gks9AYHofKUmYa9i7+8kpM3cEMWEfQmibjY7dLUqi4TDfLyxlUIoKmbptrwJgWTWBs+Tnb3YrU8RRTFGFXPyyiwForX0/mDHf1pK0+1NmxKWd8X/7hZmARaWXQGe3rwOLdlvgXyZ0qpTOYXa8vNCp14m8HHIvq12tY+RY7/l7dY=,iv:fz0Vsw0bmNr8wgVmRltk4xzNEGU9xGb0f/RilEyIBu8=,tag:AfYTEAUBoUw7sLd9NcMPgQ==,type:str]", + "version": "3.11.0" + } +} diff --git a/vars/per-machine/crocus/wireguard-keys-wireguard/privatekey/users/rpqt b/vars/per-machine/crocus/wireguard-keys-wireguard/privatekey/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/crocus/wireguard-keys-wireguard/privatekey/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file diff --git a/vars/per-machine/crocus/wireguard-keys-wireguard/publickey/value b/vars/per-machine/crocus/wireguard-keys-wireguard/publickey/value new file mode 100644 index 0000000..254badb --- /dev/null +++ b/vars/per-machine/crocus/wireguard-keys-wireguard/publickey/value @@ -0,0 +1 @@ +aeI0Lu8Qr1r/qtMmSJzvg5Z5gJAWwSIhSmna3Pk9Rys= From 98653cb2e6db440781b672ab1511405dcff40861 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 21 Nov 2025 17:53:25 +0100 Subject: [PATCH 287/376] Update vars via generator wireguard-network-wireguard for machine crocus --- .../crocus/wireguard-network-wireguard/.validation-hash | 1 + vars/per-machine/crocus/wireguard-network-wireguard/suffix/value | 1 + 2 files changed, 2 insertions(+) create mode 100644 vars/per-machine/crocus/wireguard-network-wireguard/.validation-hash create mode 100644 vars/per-machine/crocus/wireguard-network-wireguard/suffix/value diff --git a/vars/per-machine/crocus/wireguard-network-wireguard/.validation-hash b/vars/per-machine/crocus/wireguard-network-wireguard/.validation-hash new file mode 100644 index 0000000..6357e77 --- /dev/null +++ b/vars/per-machine/crocus/wireguard-network-wireguard/.validation-hash @@ -0,0 +1 @@ +c22fbb033348a79707ce950ed15bf06b539bbd4d374b95dace7a3057f2d06c3e \ No newline at end of file diff --git a/vars/per-machine/crocus/wireguard-network-wireguard/suffix/value b/vars/per-machine/crocus/wireguard-network-wireguard/suffix/value new file mode 100644 index 0000000..115c020 --- /dev/null +++ b/vars/per-machine/crocus/wireguard-network-wireguard/suffix/value @@ -0,0 +1 @@ +6db2:dfc3:c376:9956 \ No newline at end of file From 75b2307f8214f1d67d46e43c15ed53e583d602f6 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 21 Nov 2025 17:53:26 +0100 Subject: [PATCH 288/376] Update vars via generator wireguard-keys-wireguard for machine genepi --- .../privatekey/machines/genepi | 1 + .../wireguard-keys-wireguard/privatekey/secret | 18 ++++++++++++++++++ .../privatekey/users/rpqt | 1 + .../wireguard-keys-wireguard/publickey/value | 1 + 4 files changed, 21 insertions(+) create mode 120000 vars/per-machine/genepi/wireguard-keys-wireguard/privatekey/machines/genepi create mode 100644 vars/per-machine/genepi/wireguard-keys-wireguard/privatekey/secret create mode 120000 vars/per-machine/genepi/wireguard-keys-wireguard/privatekey/users/rpqt create mode 100644 vars/per-machine/genepi/wireguard-keys-wireguard/publickey/value diff --git a/vars/per-machine/genepi/wireguard-keys-wireguard/privatekey/machines/genepi b/vars/per-machine/genepi/wireguard-keys-wireguard/privatekey/machines/genepi new file mode 120000 index 0000000..342fa08 --- /dev/null +++ b/vars/per-machine/genepi/wireguard-keys-wireguard/privatekey/machines/genepi @@ -0,0 +1 @@ +../../../../../../sops/machines/genepi \ No newline at end of file diff --git a/vars/per-machine/genepi/wireguard-keys-wireguard/privatekey/secret b/vars/per-machine/genepi/wireguard-keys-wireguard/privatekey/secret new file mode 100644 index 0000000..688aa0a --- /dev/null +++ b/vars/per-machine/genepi/wireguard-keys-wireguard/privatekey/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:U0tjahIz+X9nKrUH6urXjx8rfWIdPeF+0wMQtB2/JsCZ35E6w74wvz6xWACK,iv:CoD0FgB7gW22UjH44jhaatXrPt2qX0I+ZVDGyCCZ1oU=,tag:HZg5CnIr8ZRKwoXakilCPA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2bUhRSkFEMnovOUdMQ0Qw\neC93QWhaNFpNWlVCU2hQYXJSLzhnYytZWUI0Ck54VDBJcmFxZ0lKVTlPcngxWEJE\nSWkrQ0ZCc3V6YWdqUGl1V3JrODRuYzgKLS0tIENpV2ZBVDREeUlZeTNERTBtMmEv\nOVVldU83VGRSL1RzczdwWmg5TjlXeHcKHKRYgpniwiy5trRK/udkePJ7yO4mO9oK\nhtC+BjcTnPXb5UJT+lP5QrX60Y5/a9DPeNjeVecU/kxlqZmCvhv0SQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3OFNtT1ptcElIcjgxNTJq\nZTVYb29DNTF4YkJOU2VoVnhJQmQ5NUVncmlVCmwwbG9yUVdQcUhSSUkwclROWUpI\nU1EzMVV1aHdNY0tIMlBuaVoyb0xxR00KLS0tIDgwZjlkekVqblE5Mll1TEJMVVJr\nSW92b3kvK3NIN3RPY2RaVFlsR2xPMDAKgzhOV+Ww+BivhDbB4qGafis7zadQaW98\n2Gs4Y8AiA0ep7TLMxbtkLLQsjLNZcOn62jdc7ISF/vMtlLMHeHYy+Q==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-11-21T16:53:26Z", + "mac": "ENC[AES256_GCM,data:UmzngDkTSBiZxhCTWqgzvZIAY2EqsrCcKGeBHRiwErqsC2jFyfUJNC11m9byh6mtYB81vrAFbsQq/kFN0ZAVUfVKqbYSI3ibEFXBbFbKX5oMhFgNs51Rvab61DVFyfn/36u6VXFdkq1FW58j7p8kQXXd/OarC02r7LJzQY0BdNs=,iv:ZJbEM7o1+rsG5/3Hxu+PQ8hARhmoC1QCqH2ElRxfJTo=,tag:HLfgcwexzIoe74Ym5KPE1Q==,type:str]", + "version": "3.11.0" + } +} diff --git a/vars/per-machine/genepi/wireguard-keys-wireguard/privatekey/users/rpqt b/vars/per-machine/genepi/wireguard-keys-wireguard/privatekey/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/genepi/wireguard-keys-wireguard/privatekey/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file diff --git a/vars/per-machine/genepi/wireguard-keys-wireguard/publickey/value b/vars/per-machine/genepi/wireguard-keys-wireguard/publickey/value new file mode 100644 index 0000000..9260852 --- /dev/null +++ b/vars/per-machine/genepi/wireguard-keys-wireguard/publickey/value @@ -0,0 +1 @@ +zBRJ8D6d3IiZ8HzwDq8FM0g/C+fxn2Ef0HGY5QgsiUc= From 3834f215f0f4039c8ef7c4759d77dd2201b700ca Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 21 Nov 2025 17:53:26 +0100 Subject: [PATCH 289/376] Update vars via generator wireguard-network-wireguard for machine genepi --- .../genepi/wireguard-network-wireguard/.validation-hash | 1 + vars/per-machine/genepi/wireguard-network-wireguard/suffix/value | 1 + 2 files changed, 2 insertions(+) create mode 100644 vars/per-machine/genepi/wireguard-network-wireguard/.validation-hash create mode 100644 vars/per-machine/genepi/wireguard-network-wireguard/suffix/value diff --git a/vars/per-machine/genepi/wireguard-network-wireguard/.validation-hash b/vars/per-machine/genepi/wireguard-network-wireguard/.validation-hash new file mode 100644 index 0000000..9557718 --- /dev/null +++ b/vars/per-machine/genepi/wireguard-network-wireguard/.validation-hash @@ -0,0 +1 @@ +59769e148d924871d37bfb9d1d73953f1e7681d568eb584be88ffe6d9323af6a \ No newline at end of file diff --git a/vars/per-machine/genepi/wireguard-network-wireguard/suffix/value b/vars/per-machine/genepi/wireguard-network-wireguard/suffix/value new file mode 100644 index 0000000..98c5cc6 --- /dev/null +++ b/vars/per-machine/genepi/wireguard-network-wireguard/suffix/value @@ -0,0 +1 @@ +ab23:3d38:a148:f539 \ No newline at end of file From abaf429a383733691439f0e4825cc8a005c6a239 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 21 Nov 2025 21:15:35 +0100 Subject: [PATCH 290/376] verbena: configure IPv6 from tofu outputs --- infra/README.md | 5 +++++ infra/outputs.json | 17 +++++++++++++++++ infra/verbena.tf | 20 ++++++++++++++++++++ machines/verbena/configuration.nix | 16 ++++++++++++++++ 4 files changed, 58 insertions(+) create mode 100644 infra/outputs.json create mode 100644 infra/verbena.tf diff --git a/infra/README.md b/infra/README.md index 664306c..3c9e53d 100644 --- a/infra/README.md +++ b/infra/README.md @@ -19,3 +19,8 @@ tofu import hcloud_firewall.hcloud_firewall YYY ``` For Hetzner Cloud, the resource IDs can be found in the URL of the admin console. + +## Outputs + +The nix configuration reads some values from the `outputs.json` file. +When modifying these, the file should be regenerated with `tofu output -json > outputs.json`. diff --git a/infra/outputs.json b/infra/outputs.json new file mode 100644 index 0000000..6c7c237 --- /dev/null +++ b/infra/outputs.json @@ -0,0 +1,17 @@ +{ + "verbena_gateway6": { + "sensitive": false, + "type": "string", + "value": "2001:41d0:305:2100::1" + }, + "verbena_ipv4": { + "sensitive": false, + "type": "string", + "value": "51.68.122.153" + }, + "verbena_ipv6": { + "sensitive": false, + "type": "string", + "value": "2001:41d0:305:2100::271e" + } +} diff --git a/infra/verbena.tf b/infra/verbena.tf new file mode 100644 index 0000000..7ffe9cb --- /dev/null +++ b/infra/verbena.tf @@ -0,0 +1,20 @@ +output "verbena_ipv4" { + value = local.verbena_ipv4_addresses[0] +} + +output "verbena_ipv6" { + value = local.verbena_ipv6_addresses[0] +} + +output "verbena_gateway6" { + value = local.gateway6 +} + +locals { + hextets = 4 + parts = split(":", local.verbena_ipv6_addresses[0]) + prefix_parts = slice(local.parts, 0, local.hextets) + prefix_str = join(":", local.prefix_parts) + gateway6 = "${local.prefix_str}::1" +} + diff --git a/machines/verbena/configuration.nix b/machines/verbena/configuration.nix index 0760a87..934a4b8 100644 --- a/machines/verbena/configuration.nix +++ b/machines/verbena/configuration.nix @@ -1,4 +1,7 @@ { self, lib, ... }: +let + tf_outputs = builtins.fromJSON (builtins.readFile ../../infra/outputs.json); +in { imports = [ self.nixosModules.nix-defaults @@ -16,6 +19,19 @@ networking.useDHCP = lib.mkDefault true; + networking.defaultGateway6 = { + address = tf_outputs.verbena_gateway6.value; + interface = "ens3"; + }; + networking.interfaces."ens3" = { + ipv6.addresses = [ + { + address = tf_outputs.verbena_ipv6.value; + prefixLength = 64; + } + ]; + }; + clan.core.settings.state-version.enable = true; services.nginx = { From 7256b7fbc38cc2d11f25318bf2702472c9b0fb97 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 21 Nov 2025 21:15:35 +0100 Subject: [PATCH 291/376] clan: add wireguard --- clan/network.nix | 15 +++++++++++++++ infra/templates/turifer.dev.zone | 7 +++++++ 2 files changed, 22 insertions(+) diff --git a/clan/network.nix b/clan/network.nix index ee0286e..2cf7400 100644 --- a/clan/network.nix +++ b/clan/network.nix @@ -17,4 +17,19 @@ settings.host = "git.turifer.dev"; }; }; + + clan.inventory.instances.wireguard = { + module.name = "wireguard"; + module.input = "clan-core"; + roles.controller = { + machines.verbena.settings = { + endpoint = "wg1.turifer.dev"; + }; + }; + roles.peer.machines = { + haze = { }; + crocus = { }; + genepi = { }; + }; + }; } diff --git a/infra/templates/turifer.dev.zone b/infra/templates/turifer.dev.zone index bee1da4..f5cd895 100644 --- a/infra/templates/turifer.dev.zone +++ b/infra/templates/turifer.dev.zone @@ -30,3 +30,10 @@ buildbot.turifer.dev. 10800 IN A ${addr} %{ for addr in verbena_ipv6_addresses ~} buildbot.turifer.dev. 10800 IN AAAA ${addr} %{ endfor ~} + +%{ for addr in verbena_ipv4_addresses ~} +wg1.turifer.dev. 10800 IN A ${addr} +%{ endfor ~} +%{ for addr in verbena_ipv6_addresses ~} +wg1.turifer.dev. 10800 IN AAAA ${addr} +%{ endfor ~} From 5ddfda7187a8bdcc6991595f50040c2da9d46447 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 21 Nov 2025 21:15:35 +0100 Subject: [PATCH 292/376] clan: set tld to .val --- clan/flake-module.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/clan/flake-module.nix b/clan/flake-module.nix index ee76cd4..01d5298 100644 --- a/clan/flake-module.nix +++ b/clan/flake-module.nix @@ -7,6 +7,7 @@ ]; clan.meta.name = "blossom"; + clan.meta.tld = "val"; clan.inventory.instances."rpqt-admin" = { module.input = "clan-core"; From f99575598cea4663317ce8b4ca22a3759fbfabf6 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 21 Nov 2025 21:15:35 +0100 Subject: [PATCH 293/376] nautilus: add "open in ghostty" menu --- modules/desktop.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/modules/desktop.nix b/modules/desktop.nix index 2a588eb..3488c21 100644 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -1,4 +1,4 @@ -{ self, pkgs, ... }: +{ pkgs, ... }: { environment.systemPackages = [ pkgs.mpv # video player @@ -6,6 +6,7 @@ pkgs.alacritty pkgs.ghostty pkgs.libreoffice + pkgs.nautilus ]; programs.firefox = { @@ -14,4 +15,9 @@ }; programs.thunderbird.enable = true; + + programs.nautilus-open-any-terminal = { + enable = true; + terminal = "ghostty"; + }; } From 3b9f67c0ff944920c80224dc9be91b1df3d9e36d Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 21 Nov 2025 21:15:35 +0100 Subject: [PATCH 294/376] haze: add anytype --- machines/haze/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index 3c6e955..2fa4876 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -53,6 +53,7 @@ self.inputs.clan-core.packages.x86_64-linux.clan-app pkgs.aseprite pkgs.linux-wifi-hotspot + pkgs.anytype ]; programs.kdeconnect.enable = true; From 080ec616755a9f407c8a7ca060c88b99d9375216 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 21 Nov 2025 21:15:35 +0100 Subject: [PATCH 295/376] genepi: remove taskchampion (unused) --- machines/genepi/configuration.nix | 1 - machines/genepi/taskchampion.nix | 15 --------------- modules/unbound.nix | 1 - 3 files changed, 17 deletions(-) delete mode 100644 machines/genepi/taskchampion.nix diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index b488da1..7b2047e 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -17,7 +17,6 @@ ./nginx.nix ./pinchflat.nix ./syncthing.nix - ./taskchampion.nix ../../modules/acme-home.nix ../../modules/lounge.nix diff --git a/machines/genepi/taskchampion.nix b/machines/genepi/taskchampion.nix deleted file mode 100644 index 5108dcd..0000000 --- a/machines/genepi/taskchampion.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, ... }: -let - domain = "home.rpqt.fr"; - subdomain = "tw.${domain}"; -in -{ - services.taskchampion-sync-server.enable = true; - - services.nginx.virtualHosts.${subdomain} = { - forceSSL = true; - useACMEHost = "${domain}"; - locations."/".proxyPass = - "http://127.0.0.1:${toString config.services.taskchampion-sync-server.port}"; - }; -} diff --git a/modules/unbound.nix b/modules/unbound.nix index 0fea601..a386ae4 100644 --- a/modules/unbound.nix +++ b/modules/unbound.nix @@ -17,7 +17,6 @@ let "lounge" "pinchflat" "rss" - "tw" ]; }; crocus = { From a0bec48175c53986204fb4e91c578b5764ac48cc Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 21 Nov 2025 21:15:35 +0100 Subject: [PATCH 296/376] nautilus: enable thumbnails for remote directories --- home-manager/desktop/gnome.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/home-manager/desktop/gnome.nix b/home-manager/desktop/gnome.nix index ccaa33a..d246e40 100644 --- a/home-manager/desktop/gnome.nix +++ b/home-manager/desktop/gnome.nix @@ -4,4 +4,10 @@ blur-my-shell paperwm ]; + + dconf.settings = { + "org/gnome/nautilus/preferences" = { + show-image-thumbnails = "always"; + }; + }; } From 0a232abe5f855adf8477a25756af3b30c7e29e3c Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 22 Nov 2025 15:02:44 +0100 Subject: [PATCH 297/376] Update vars via generator step-ca for machine crocus --- vars/shared/step-ca/ca.crt/value | 10 ++++++++++ vars/shared/step-ca/ca.key/secret | 14 ++++++++++++++ vars/shared/step-ca/ca.key/users/rpqt | 1 + 3 files changed, 25 insertions(+) create mode 100644 vars/shared/step-ca/ca.crt/value create mode 100644 vars/shared/step-ca/ca.key/secret create mode 120000 vars/shared/step-ca/ca.key/users/rpqt diff --git a/vars/shared/step-ca/ca.crt/value b/vars/shared/step-ca/ca.crt/value new file mode 100644 index 0000000..02fc004 --- /dev/null +++ b/vars/shared/step-ca/ca.crt/value @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBcjCCARegAwIBAgIQBATaX7P9gLOPdEvyU6ulFDAKBggqhkjOPQQDAjAXMRUw +EwYDVQQDEwxDbGFuIFJvb3QgQ0EwHhcNMjUxMTIyMDIwMjQ0WhcNMjYxMTIyMTQw +MjQ0WjAXMRUwEwYDVQQDEwxDbGFuIFJvb3QgQ0EwWTATBgcqhkjOPQIBBggqhkjO +PQMBBwNCAAQ3PdFudbQHMrKLU59IeUqw1kUOwTAWco5d4fLUrz5JpaSDsq0UJT1j +wayaUeFstMGEQqOZ5nqle7UC64G7Wn1Lo0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYD +VR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUWdZmxk+2XBZzgVucaLlY3rD0p3ow +CgYIKoZIzj0EAwIDSQAwRgIhANS0Pn0MmVx3w6+h0686NBrvobqt6Tue9/WlkAW6 +mJTlAiEA5j8DHm66BnmlYlCqQaz9wuAQ4q+g26XqWvvlEFkpYuo= +-----END CERTIFICATE----- diff --git a/vars/shared/step-ca/ca.key/secret b/vars/shared/step-ca/ca.key/secret new file mode 100644 index 0000000..a61500b --- /dev/null +++ b/vars/shared/step-ca/ca.key/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:eJ0fq3tBFpJmKad1zQoY/2EczN1tnER8Mxo8erioOUBi0caiH3BRUdHQzLU9gbfbmr2CX6X0PzX1G5TknROF4d0n7pK4lLzlH+/zXX9niLkZKf4sNibUcAa6xwaUu+bQZPdrbMsxz0hFjztTHfhhcEkqTwImYcJxtmKNQTc0qJSq7C4j82QVJzN+rvAnuEBp3pXMnqbbpmmUG4D6oIvdR8f5e5E8qe/fO13s8EglU583/sTV5Jm/dMPvyQVhL2U18GiRAXCTcJ8abHU1yczMU4aZKqpQwinG1pLg267IRxvrSaM=,iv:+NWxLy+HEtZ2m8eJGk6Y6t0B96QhdLa7zBtLEMz1KRM=,tag:7ccHbUUEW+GX/TsfBHzdXw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5TjB2VGZqQ3IyRStqQzNX\nbXVhT1pXei9xUTZ3MExLNDBIbkJPaWNyOFhZClBqZ2M3d1ZCcVlQTzlUbndoZ1c0\nVUNlTWdvcDI5aEJhQ21SSytVQ0lGVFUKLS0tIFd4VkphTVJxaXBhUEo5ZVM5bDcr\nTHpNSkt3QWtJbi9aVHhvTUZuK0RNeXMK29n+ztstGWzPcMeQ95Hg8m9SjrXlgjq+\nWNnky4dNUInqw5ZQrJW8ZYa7x3N0+dSw9jVxqNdfiyZBs8Cw2lkuJA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-11-22T14:02:44Z", + "mac": "ENC[AES256_GCM,data:Zua39bnqFiyDcf5aWMo/PcbjN8/EAecI/nOuQ7WwSE7KHhQ+wnYMDaeQFROYSjvlJdzn4upCeQCpid+k09ZSYE3upUdCVSiPqo+IFziE9kifs5if5LS1V39QKvHP5h2rXPrwS+bYPk8Z198HyX3SUu0yoU7DVZ+zrt4s9hbzuAA=,iv:NxsrTAhEYPvWGjG64n7mK7ABDXaLKHxYazqYfuP4giY=,tag:AbpEDuNkC3kBOtonVzdBdA==,type:str]", + "version": "3.11.0" + } +} diff --git a/vars/shared/step-ca/ca.key/users/rpqt b/vars/shared/step-ca/ca.key/users/rpqt new file mode 120000 index 0000000..825a187 --- /dev/null +++ b/vars/shared/step-ca/ca.key/users/rpqt @@ -0,0 +1 @@ +../../../../../sops/users/rpqt \ No newline at end of file From bfe95b15ef94c2db1da3b246c955f7b33b3722f6 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 22 Nov 2025 15:02:44 +0100 Subject: [PATCH 298/376] Update vars via generator step-intermediate-key for machine verbena --- .../intermediate.key/machines/verbena | 1 + .../intermediate.key/secret | 18 ++++++++++++++++++ .../intermediate.key/users/rpqt | 1 + 3 files changed, 20 insertions(+) create mode 120000 vars/per-machine/verbena/step-intermediate-key/intermediate.key/machines/verbena create mode 100644 vars/per-machine/verbena/step-intermediate-key/intermediate.key/secret create mode 120000 vars/per-machine/verbena/step-intermediate-key/intermediate.key/users/rpqt diff --git a/vars/per-machine/verbena/step-intermediate-key/intermediate.key/machines/verbena b/vars/per-machine/verbena/step-intermediate-key/intermediate.key/machines/verbena new file mode 120000 index 0000000..e061a4c --- /dev/null +++ b/vars/per-machine/verbena/step-intermediate-key/intermediate.key/machines/verbena @@ -0,0 +1 @@ +../../../../../../sops/machines/verbena \ No newline at end of file diff --git a/vars/per-machine/verbena/step-intermediate-key/intermediate.key/secret b/vars/per-machine/verbena/step-intermediate-key/intermediate.key/secret new file mode 100644 index 0000000..6d9822c --- /dev/null +++ b/vars/per-machine/verbena/step-intermediate-key/intermediate.key/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:QviBFbMDWAFaeuBSOCTA+qnQZlOIK1KZVK/6GzlsmouLxh1rytk6EGeSQycHAhQwuddinTfU3VKGT2PZUmUhOinHrcf3RBlD+QMRUSf4Ikj4Q5dCwW3agSe7fzRutRVTA5cjBQaKnWPllYmy4+l3Am9UfOPwz8nETzvMK2IfttaQf4w6KJOvg/mxT2OM96pzRIcITLBeNpZI6Jxjds9LQVcisEwpQyxbJ7qi5QnICq5wTtlhh6fGaYM38FTLcSi7NIspP3BN8teX8oOdY01JjnXpIuMSKVQSya6RPUWTEQ36hlY=,iv:E/SCmZoEGVu1ou3Co+kEXDm6cJFrLrvSTbfdkeHrkIU=,tag:+4ACjvUtTT22r4uepTfWjg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzNVA1WFN4Zzdra3N5eFgr\nYXlsV1VTREdNUXRabnc2M3BvMUc1dGtUc2hZCmxETndnMHhOZld6SlVqSjdpMmpr\nVHpUcEZNZGoyeTRRb0xuNForWFI5Qk0KLS0tIHk2bThkWnhZMkxzZGVCTnpjK1BB\ndFhqeFhtbU1BZjd6d2ppZFUreGFnMkEKI0p6y7ceUxUjoPyYh5XbsCIVlT7SPib4\nNl2cy/Lwtn9i1U0UmNTpsVYzVZqaPUIQgsnyiNdPXQhQBR+F1EUVUA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzTUhtbExZWS8rd0t3NGZS\nRnFYdEdGdTREVEg1UC92NU5pV01ScnZndm4wCkN0ZmdqdGdqckNXWDlORlJDRjJ5\nTEhJdkhrZDdsSCt0bmRqMEpQbEJVNTgKLS0tIG5vK1kyMnFSUWY4SDlNTHpZYkVI\nK3FqMWpYTS9naVViZGwzK2NZOEpDbU0Km5/uuZUR4c7E1nnna3MkBjIswS5/M9Ct\nLDXGXjjaksqwukGjPEMvcu57f34TbLwMAZuPUc0OKbIOQtldokwugg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-11-22T14:02:44Z", + "mac": "ENC[AES256_GCM,data:9MuR8Na+/sEhfuTBrgHk2ydsUgo3UIQYzS4PMWIwCcqKTzZ4rqB2Xynq0PCsqq+3l/ZadtzDwB8gRP6m0f+wL3ZUY8lMG74lek6mBLLAaIUZSflgg24V2o0naKWCZVXWld2GKWDOxupUM5bWYE6SLwhOuepSZ4JMH59mD925v9Q=,iv:aKzJFPgfVqqpETySdFIM0+MVGr8IFcy0M2lzbWVPjAM=,tag:vZyPNmwcF5l1PgyMBjtp4g==,type:str]", + "version": "3.11.0" + } +} diff --git a/vars/per-machine/verbena/step-intermediate-key/intermediate.key/users/rpqt b/vars/per-machine/verbena/step-intermediate-key/intermediate.key/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/verbena/step-intermediate-key/intermediate.key/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From 925cf3140cbd2dc0832162cc53f262a5c717c56d Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 22 Nov 2025 15:02:45 +0100 Subject: [PATCH 299/376] Update vars via generator step-intermediate-cert for machine verbena --- .../step-intermediate-cert/intermediate.crt/value | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 vars/per-machine/verbena/step-intermediate-cert/intermediate.crt/value diff --git a/vars/per-machine/verbena/step-intermediate-cert/intermediate.crt/value b/vars/per-machine/verbena/step-intermediate-cert/intermediate.crt/value new file mode 100644 index 0000000..3f7ba1c --- /dev/null +++ b/vars/per-machine/verbena/step-intermediate-cert/intermediate.crt/value @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBmzCCAUGgAwIBAgIRALMIUcjKX/BUO1h5k+5GU7MwCgYIKoZIzj0EAwIwFzEV +MBMGA1UEAxMMQ2xhbiBSb290IENBMB4XDTI1MTEyMjAyMDI0NVoXDTI2MTEyMjE0 +MDI0NVowHzEdMBsGA1UEAxMUQ2xhbiBJbnRlcm1lZGlhdGUgQ0EwWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAATzv2ktJtY0x2czkJDKaTucQ9xuFdgKMRXRbcdHRW5e +abKOEJ8BCWdaYQa9SKztMu5V9TTInqYo9+MqDLyyM9/To2YwZDAOBgNVHQ8BAf8E +BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUkB4ETjcnhqUlXSQ1 +TvLMMrFK1hwwHwYDVR0jBBgwFoAUWdZmxk+2XBZzgVucaLlY3rD0p3owCgYIKoZI +zj0EAwIDSAAwRQIhANpFk+c7h1VqH2x/zyyL82uZti6zbbYiteQ9RJ2jtqkbAiAv +vKAz5q2poLKocrMBz4N2ABBr3Y6IO7kPCIvoXBrEMA== +-----END CERTIFICATE----- From 5f6ba8e29db0bb2676821cab74a9a68e43d11b5c Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 24 Nov 2025 17:11:04 +0100 Subject: [PATCH 300/376] infra: add flake module and crocus exports --- flake.nix | 1 + infra/crocus.tf | 4 ++++ infra/flake-module.nix | 18 ++++++++++++++++++ infra/outputs.json | 5 +++++ 4 files changed, 28 insertions(+) create mode 100644 infra/flake-module.nix diff --git a/flake.nix b/flake.nix index 7019ce5..6117968 100644 --- a/flake.nix +++ b/flake.nix @@ -19,6 +19,7 @@ ./clanServices/flake-module.nix ./devShells/flake-module.nix ./home-manager/flake-module.nix + ./infra/flake-module.nix ./modules/flake-module.nix ./packages/flake-module.nix ]; diff --git a/infra/crocus.tf b/infra/crocus.tf index ccda070..2ac53cb 100644 --- a/infra/crocus.tf +++ b/infra/crocus.tf @@ -62,3 +62,7 @@ resource "hcloud_firewall" "crocus_firewall" { source_ips = ["0.0.0.0/0", "::/0"] } } + +output "crocus_ipv4" { + value = hcloud_primary_ip.crocus_ipv4.ip_address +} diff --git a/infra/flake-module.nix b/infra/flake-module.nix new file mode 100644 index 0000000..8652548 --- /dev/null +++ b/infra/flake-module.nix @@ -0,0 +1,18 @@ +{ + flake.infra = + let + tf_outputs = builtins.fromJSON (builtins.readFile ../infra/outputs.json); + in + { + machines = { + verbena = { + ipv4 = tf_outputs.verbena_ipv4.value; + ipv6 = tf_outputs.verbena_ipv6.value; + gateway6 = tf_outputs.verbena_gateway6.value; + }; + crocus = { + ipv4 = tf_outputs.crocus_ipv4.value; + }; + }; + }; +} diff --git a/infra/outputs.json b/infra/outputs.json index 6c7c237..925eb81 100644 --- a/infra/outputs.json +++ b/infra/outputs.json @@ -1,4 +1,9 @@ { + "crocus_ipv4": { + "sensitive": false, + "type": "string", + "value": "116.203.18.122" + }, "verbena_gateway6": { "sensitive": false, "type": "string", From c9e10e40813649061a35fd29d74f4d82bac822aa Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 24 Nov 2025 17:11:04 +0100 Subject: [PATCH 301/376] update flake inputs --- flake.lock | 60 +++++++++++++++++++----------------------------------- 1 file changed, 21 insertions(+), 39 deletions(-) diff --git a/flake.lock b/flake.lock index 9409c9d..3f48baa 100644 --- a/flake.lock +++ b/flake.lock @@ -41,11 +41,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1763669555, - "narHash": "sha256-uYXZM7u2P6mAMH4JLWYrE/16tZlur+iiKTeYexobf9g=", + "lastModified": 1763806343, + "narHash": "sha256-dXCgpw9WgaiyymspX/v2vWOpNaSgl6kR4SBNvE5aCs0=", "ref": "refs/heads/main", - "rev": "edc92e561600b4f778ba1b88e357ee2305c5038a", - "revCount": 11117, + "rev": "7fd1f6cf7e93d344baeec8c15bbf54282551b073", + "revCount": 11125, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -62,11 +62,11 @@ ] }, "locked": { - "lastModified": 1763701643, - "narHash": "sha256-6lytTY75PO2tIbptdF6xM9QMhoRE4O94/E1teR55LAQ=", + "lastModified": 1763788986, + "narHash": "sha256-uYgLhTSxWs9IRpia5Hxd7AMCaE0plr0+QhWBf26h9V0=", "owner": "AvengeMedia", "repo": "DankMaterialShell", - "rev": "dfe2f3771b10b5d042a2d7eca04361e64df6431a", + "rev": "58bf1899410536c4244b9d44c243426dc1b2a2c9", "type": "github" }, "original": { @@ -192,11 +192,11 @@ ] }, "locked": { - "lastModified": 1762980239, - "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=", + "lastModified": 1763759067, + "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da", + "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", "type": "github" }, "original": { @@ -205,24 +205,6 @@ "type": "github" } }, - "flake-utils": { - "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "hercules-ci-effects": { "inputs": { "flake-parts": [ @@ -255,11 +237,11 @@ ] }, "locked": { - "lastModified": 1763416652, - "narHash": "sha256-8EBEEvtzQ11LCxpQHMNEBQAGtQiCu/pqP9zSovDSbNM=", + "lastModified": 1763748372, + "narHash": "sha256-AUc78Qv3sWir0hvbmfXoZ7Jzq9VVL97l+sP9Jgms+JU=", "owner": "nix-community", "repo": "home-manager", - "rev": "ea164b7c9ccdc2321379c2ff78fd4317b4c41312", + "rev": "d10a9b16b2a3ee28433f3d1c603f4e9f1fecb8e1", "type": "github" }, "original": { @@ -463,11 +445,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1763421233, - "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", + "lastModified": 1763678758, + "narHash": "sha256-+hBiJ+kG5IoffUOdlANKFflTT5nO3FrrR2CA3178Y5s=", "owner": "nixos", "repo": "nixpkgs", - "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648", + "rev": "117cc7f94e8072499b0a7aa4c52084fa4e11cc9b", "type": "github" }, "original": { @@ -625,17 +607,17 @@ }, "vicinae": { "inputs": { - "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" - ] + ], + "systems": "systems_3" }, "locked": { - "lastModified": 1763505293, - "narHash": "sha256-huleUPkt0iZJZy4e/KPhcHK4ueeqaqiMUu7Ft6NVDFU=", + "lastModified": 1763768455, + "narHash": "sha256-ZwqW2uH36vPUKrlbzDyz7NoFXKjJOT1Ijvlaz4sIp8E=", "owner": "vicinaehq", "repo": "vicinae", - "rev": "e600ffc4ad1e87f3389327adfab8bb8d2f34261e", + "rev": "5c965e0777dc4bcb01808c7f214dc56f997bd9c7", "type": "github" }, "original": { From 649f58d875abf97291f53a9f778121b0a268b182 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 24 Nov 2025 17:11:04 +0100 Subject: [PATCH 302/376] home-manager: add yazi --- home-manager/cli.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home-manager/cli.nix b/home-manager/cli.nix index a6501be..9fc1c29 100644 --- a/home-manager/cli.nix +++ b/home-manager/cli.nix @@ -26,6 +26,7 @@ taskwarrior3 tealdeer vivid + yazi zoxide ]; From d7243cc7c3bf394d2d9b66798dfe341c487dc8fa Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 24 Nov 2025 17:11:04 +0100 Subject: [PATCH 303/376] verbena: replace IP literals with infra ouputs --- machines/verbena/configuration.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/machines/verbena/configuration.nix b/machines/verbena/configuration.nix index 934a4b8..cbb5181 100644 --- a/machines/verbena/configuration.nix +++ b/machines/verbena/configuration.nix @@ -1,7 +1,4 @@ { self, lib, ... }: -let - tf_outputs = builtins.fromJSON (builtins.readFile ../../infra/outputs.json); -in { imports = [ self.nixosModules.nix-defaults @@ -20,13 +17,13 @@ in networking.useDHCP = lib.mkDefault true; networking.defaultGateway6 = { - address = tf_outputs.verbena_gateway6.value; + address = self.infra.machines.verbena.gateway6; interface = "ens3"; }; networking.interfaces."ens3" = { ipv6.addresses = [ { - address = tf_outputs.verbena_ipv6.value; + address = self.infra.machines.verbena.ipv6; prefixLength = 64; } ]; From 64c00fe618ecc54ae769fe4a4d1bf0a500123765 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 24 Nov 2025 17:11:04 +0100 Subject: [PATCH 304/376] vicinae: use nixpkgs package --- home-manager/desktop/vicinae.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home-manager/desktop/vicinae.nix b/home-manager/desktop/vicinae.nix index 9af3754..f59e0cd 100644 --- a/home-manager/desktop/vicinae.nix +++ b/home-manager/desktop/vicinae.nix @@ -1,6 +1,7 @@ { config, inputs, + pkgs, lib, ... }: @@ -12,6 +13,7 @@ services.vicinae = { enable = true; autoStart = true; + package = pkgs.vicinae; }; xdg.configFile."vicinae/vicinae.json".source = From 7f80af6b0c364ab8a72fe9355fbf8439710184a4 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 24 Nov 2025 17:11:04 +0100 Subject: [PATCH 305/376] set adwaita as default font --- home-manager/desktop/fonts.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/home-manager/desktop/fonts.nix b/home-manager/desktop/fonts.nix index b19e389..b987e69 100644 --- a/home-manager/desktop/fonts.nix +++ b/home-manager/desktop/fonts.nix @@ -6,4 +6,8 @@ ]; fonts.fontconfig.enable = true; + fonts.fontconfig.defaultFonts = { + sansSerif = [ "Adwaita Sans" ]; + monospace = [ "Adwaita Mono" ]; + }; } From 6e14a6004739b60ed665f1585b8fa00ecb9065c1 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 24 Nov 2025 17:11:04 +0100 Subject: [PATCH 306/376] genepi: add terminfo --- machines/genepi/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index 7b2047e..7bf8be3 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -25,6 +25,8 @@ self.nixosModules.nix-defaults self.nixosModules.user-rpqt + + self.inputs.srvos.nixosModules.mixins-terminfo ]; networking.hostName = "genepi"; From a81d006e645b19bbcd8e4ad4cd2b98d0543668b1 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 24 Nov 2025 17:11:04 +0100 Subject: [PATCH 307/376] clan: use infra output IPs for internet connector --- clan/network.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/clan/network.nix b/clan/network.nix index 2cf7400..5ca627a 100644 --- a/clan/network.nix +++ b/clan/network.nix @@ -13,9 +13,8 @@ }; clan.inventory.instances.internet = { - roles.default.machines.verbena = { - settings.host = "git.turifer.dev"; - }; + roles.default.machines.verbena.settings.host = self.infra.machines.verbena.ipv4; + roles.default.machines.crocus.settings.host = self.infra.machines.crocus.ipv4; }; clan.inventory.instances.wireguard = { From 18cb4dfc1c892edbb062a492c2bc2f96d8939ec4 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 24 Nov 2025 17:11:04 +0100 Subject: [PATCH 308/376] sq --- clan/network.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/clan/network.nix b/clan/network.nix index 5ca627a..e9e1cc8 100644 --- a/clan/network.nix +++ b/clan/network.nix @@ -1,3 +1,4 @@ +{ self, ... }: { clan.inventory.instances.zerotier = { roles.controller.machines.crocus = { }; From 680def42780d7d423ec0006a5ae0ae41bfdacbbf Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 24 Nov 2025 17:11:04 +0100 Subject: [PATCH 309/376] genepi: open web ports to wireguard network --- machines/genepi/nginx.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/machines/genepi/nginx.nix b/machines/genepi/nginx.nix index f05e3a2..1262037 100644 --- a/machines/genepi/nginx.nix +++ b/machines/genepi/nginx.nix @@ -6,4 +6,8 @@ }; networking.firewall.interfaces."zts7mq7onf".allowedTCPPorts = [ 443 ]; + networking.firewall.interfaces."wireguard".allowedTCPPorts = [ + 80 + 443 + ]; } From 33721c639cc55f01f19d3a05b33ef404ff8a45cf Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 24 Nov 2025 17:11:04 +0100 Subject: [PATCH 310/376] verbena: remove default acme email --- machines/verbena/configuration.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/machines/verbena/configuration.nix b/machines/verbena/configuration.nix index cbb5181..1318135 100644 --- a/machines/verbena/configuration.nix +++ b/machines/verbena/configuration.nix @@ -42,8 +42,5 @@ 443 ]; - security.acme = { - acceptTerms = true; - defaults.email = "admin@turifer.dev"; - }; + security.acme.acceptTerms = true; } From 26600f06476f527909666c51763ce52bf7494043 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 24 Nov 2025 17:11:04 +0100 Subject: [PATCH 311/376] ssh: add hostnames --- home/.ssh/config | 3 +++ 1 file changed, 3 insertions(+) diff --git a/home/.ssh/config b/home/.ssh/config index f51ee36..041737e 100644 --- a/home/.ssh/config +++ b/home/.ssh/config @@ -1,8 +1,11 @@ Host crocus + HostName crocus.home.rpqt.fr User root Host verbena + HostName verbena.home.rpqt.fr User root Host genepi + HostName genepi.home.rpqt.fr User root From e1219f26c3e5d0a3640e75c685427e33c58ab22a Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 24 Nov 2025 17:11:04 +0100 Subject: [PATCH 312/376] borg: accept new ssh host keys --- clan/flake-module.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clan/flake-module.nix b/clan/flake-module.nix index 01d5298..3e956f6 100644 --- a/clan/flake-module.nix +++ b/clan/flake-module.nix @@ -114,7 +114,7 @@ repo = "${user}@${host}:./borgbackup/${config.networking.hostName}"; rsh = "ssh -oPort=23 -i ${ config.clan.core.vars.generators.borgbackup.files."borgbackup.ssh".path - } -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"; + } -oStrictHostKeyChecking=accept-new"; }; } ); From de99dad887d2875be8f4855bc645ac1e9d6d895f Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 24 Nov 2025 17:11:04 +0100 Subject: [PATCH 313/376] clan: add temporary patched coredns service Needed for IPv6 support, and to set the host names in the auth zone. --- clanServices/coredns/README.md | 73 ++++++++ clanServices/coredns/default.nix | 233 ++++++++++++++++++++++++++ clanServices/coredns/flake-module.nix | 18 ++ clanServices/flake-module.nix | 1 + 4 files changed, 325 insertions(+) create mode 100644 clanServices/coredns/README.md create mode 100644 clanServices/coredns/default.nix create mode 100644 clanServices/coredns/flake-module.nix diff --git a/clanServices/coredns/README.md b/clanServices/coredns/README.md new file mode 100644 index 0000000..6283045 --- /dev/null +++ b/clanServices/coredns/README.md @@ -0,0 +1,73 @@ +!!! Danger "Experimental" + This service is experimental and will change in the future. + +This module enables hosting clan-internal services easily, which can be resolved +inside your VPN. This allows defining a custom top-level domain (e.g. `.clan`) +and exposing endpoints from a machine to others, which will be +accessible under `http://.clan` in your browser. + +The service consists of two roles: + +- A `server` role: This is the DNS-server that will be queried when trying to + resolve clan-internal services. It defines the top-level domain. +- A `default` role: This does two things. First, it sets up the nameservers so + that clan-internal queries are resolved via the `server` machine, while + external queries are resolved as normal via DHCP. Second, it allows exposing + services (see example below). + +## Example Usage + +Here the machine `dnsserver` is designated as internal DNS-server for the TLD +`.foo`. `server01` will host an application that shall be reachable at +`http://one.foo` and `server02` is going to be reachable at `http://two.foo`. +`client` is any other machine that is part of the clan but does not host any +services. + +When `client` tries to resolve `http://one.foo`, the DNS query will be +routed to `dnsserver`, which will answer with `192.168.1.3`. If it tries to +resolve some external domain (e.g. `https://clan.lol`), the query will not be +routed to `dnsserver` but resolved as before, via the nameservers advertised by +DHCP. + +```nix +inventory = { + + machines = { + dnsserver = { }; # 192.168.1.2 + server01 = { }; # 192.168.1.3 + server02 = { }; # 192.168.1.4 + client = { }; # 192.168.1.5 + }; + + instances = { + coredns = { + + module.name = "@clan/coredns"; + module.input = "self"; + + # Add the default role to all machines, including `client` + roles.default.tags.all = { }; + + # DNS server queries to http://.foo are resolved here + roles.server.machines."dnsserver".settings = { + ip = "192.168.1.2"; + tld = "foo"; + }; + + # First service + # Registers http://one.foo will resolve to 192.168.1.3 + # underlying service runs on server01 + roles.default.machines."server01".settings = { + ip = "192.168.1.3"; + services = [ "one" ]; + }; + + # Second service + roles.default.machines."server02".settings = { + ip = "192.168.1.4"; + services = [ "two" ]; + }; + }; + }; +}; +``` diff --git a/clanServices/coredns/default.nix b/clanServices/coredns/default.nix new file mode 100644 index 0000000..520c968 --- /dev/null +++ b/clanServices/coredns/default.nix @@ -0,0 +1,233 @@ +{ ... }: + +{ + _class = "clan.service"; + manifest.name = "coredns"; + manifest.description = "Clan-internal DNS and service exposure"; + manifest.categories = [ "Network" ]; + manifest.readme = builtins.readFile ./README.md; + + roles.server = { + description = "A DNS server that resolves services in the clan network."; + interface = + { lib, ... }: + { + options.tld = lib.mkOption { + type = lib.types.str; + default = "clan"; + description = '' + Top-level domain for this instance. All services below this will be + resolved internally. + ''; + }; + + options.ip = lib.mkOption { + type = lib.types.str; + # TODO: Set a default + description = "IP for the DNS to listen on"; + }; + + options.dnsPort = lib.mkOption { + type = lib.types.int; + default = 1053; + description = "Port of the clan-internal DNS server"; + }; + }; + + perInstance = + { + roles, + settings, + ... + }: + { + nixosModule = + { + lib, + pkgs, + ... + }: + + let + hostServiceEntries = + host: + lib.strings.concatStringsSep "\n" ( + map ( + service: + let + ip = roles.default.machines.${host}.settings.ip; + isIPv4 = addr: (builtins.match "\\." addr) != null; + recordType = if (isIPv4 ip) then "A" else "AAAA"; + in + "${service} IN ${recordType} ${ip} ; ${host}" + ) roles.default.machines.${host}.settings.services + ); + + hostnameEntries = '' + crocus 10800 IN AAAA fd28:387a:90:c400:6db2:dfc3:c376:9956 + genepi 10800 IN AAAA fd28:387a:90:c400:ab23:3d38:a148:f539 + verbena 10800 IN AAAA fd28:387a:90:c400::1 + haze 10800 IN AAAA fd28:387a:90:c400:840e:e9db:4c08:b920 + ''; + + zonefile = builtins.toFile "${settings.tld}.zone" ( + '' + $TTL 3600 ; 1 Hour + $ORIGIN ${settings.tld}. + ${settings.tld}. IN SOA ns1 admin.rpqt.fr. ( + 2025112300 ; serial + 10800 ; refresh + 3600 ; retry + 604800 ; expire + 300 ; minimum + ) + + ${builtins.concatStringsSep "\n" ( + lib.lists.imap1 (i: _m: "@ 1D IN NS ns${toString i}.${settings.tld}.") ( + lib.attrNames roles.server.machines + ) + )} + + ${builtins.concatStringsSep "\n" ( + lib.lists.imap1 (i: m: "ns${toString i} 10800 IN CNAME ${m}.${settings.tld}.") ( + lib.attrNames roles.server.machines + ) + )} + + '' + + hostnameEntries + + "\n" + + (lib.strings.concatStringsSep "\n" ( + map (host: hostServiceEntries host) (lib.attrNames roles.default.machines) + )) + ); + in + { + networking.firewall.interfaces.wireguard = { + allowedTCPPorts = [ settings.dnsPort ]; + allowedUDPPorts = [ settings.dnsPort ]; + }; + + services.coredns = { + enable = true; + config = + + let + dnsPort = builtins.toString settings.dnsPort; + in + + '' + .:${dnsPort} { + forward . 1.1.1.1 + cache 30 + } + + ${settings.tld}:${dnsPort} { + file ${zonefile} + } + ''; + }; + }; + }; + }; + + roles.default = { + description = "A machine that registers the 'server' role as resolver and registers services under the configured TLD in the resolver."; + interface = + { lib, ... }: + { + options.services = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + description = '' + Service endpoints this host exposes (without TLD). Each entry will + be resolved to . using the configured top-level domain. + ''; + }; + + options.ip = lib.mkOption { + type = lib.types.str; + # TODO: Set a default + description = "IP on which the services will listen"; + }; + + options.dnsPort = lib.mkOption { + type = lib.types.int; + default = 1053; + description = "Port of the clan-internal DNS server"; + }; + }; + + perInstance = + { roles, settings, ... }: + { + nixosModule = + { config, lib, ... }: + { + + networking.nameservers = map ( + m: + let + port = config.services.unbound.settings.port or 53; + in + "127.0.0.1:${toString port}#${roles.server.machines.${m}.settings.tld}" + ) (lib.attrNames roles.server.machines); + + services.resolved.domains = map (m: "~${roles.server.machines.${m}.settings.tld}") ( + lib.attrNames roles.server.machines + ); + + services.unbound = { + enable = true; + resolveLocalQueries = true; + checkconf = true; + settings = { + server = { + # port = 5353; + verbosity = 2; + interface = [ "127.0.0.1" ]; + access-control = [ "127.0.0.0/8 allow" ]; + do-not-query-localhost = "no"; + domain-insecure = map (m: "${roles.server.machines.${m}.settings.tld}.") ( + lib.attrNames roles.server.machines + ); + }; + + # Default: forward everything else to DHCP-provided resolvers + # forward-zone = [ + # { + # name = "."; + # forward-addr = "127.0.0.53@53"; # Forward to systemd-resolved + # } + # ]; + forward-zone = [ + { + name = "."; + forward-tls-upstream = true; + forward-addr = [ + "9.9.9.9#dns.quad9.net" + "149.112.112.112#dns.quad9.net" + "1.1.1.1@853#cloudflare-dns.com" + "1.0.0.1@853#cloudflare-dns.com" + "2606:4700:4700::1111@853#cloudflare-dns.com" + "2606:4700:4700::1001@853#cloudflare-dns.com" + "8.8.8.8#dns.google" + "8.8.4.4#dns.google" + "2001:4860:4860::8888#dns.google" + "2001:4860:4860::8844#dns.google" + ]; + } + ]; + + stub-zone = { + name = "${roles.server.machines.${(lib.head (lib.attrNames roles.server.machines))}.settings.tld}."; + stub-addr = map ( + m: "${roles.server.machines.${m}.settings.ip}@${builtins.toString settings.dnsPort}" + ) (lib.attrNames roles.server.machines); + }; + }; + }; + }; + }; + }; +} diff --git a/clanServices/coredns/flake-module.nix b/clanServices/coredns/flake-module.nix new file mode 100644 index 0000000..69c8537 --- /dev/null +++ b/clanServices/coredns/flake-module.nix @@ -0,0 +1,18 @@ +{ ... }: +let + module = ./default.nix; +in +{ + clan.modules = { + "@rpqt/coredns" = module; + }; + # perSystem = + # { ... }: + # { + # clan.nixosTests.coredns = { + # imports = [ ./tests/vm/default.nix ]; + + # clan.modules."@rpqt/coredns" = module; + # }; + # }; +} diff --git a/clanServices/flake-module.nix b/clanServices/flake-module.nix index 34805a6..138d0f4 100644 --- a/clanServices/flake-module.nix +++ b/clanServices/flake-module.nix @@ -1,6 +1,7 @@ { imports = [ ./buildbot/flake-module.nix + ./coredns/flake-module.nix ./prometheus/flake-module.nix ]; } From 09f57a1e6f3f2978b9c95e56e59c050d5c6d2b52 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 24 Nov 2025 17:11:04 +0100 Subject: [PATCH 314/376] clan: migrate internal DNS to coredns service Currently using a patched version of the upstream coredns service, with hard-coded IPs until wireguard exports are supported. Zerotier connections were flaky and wireguard seems more stable (although it seems to have a bit less throughput). --- clan/network.nix | 31 ++++++++++++++++++++++++++++++ machines/crocus/configuration.nix | 2 -- machines/genepi/configuration.nix | 2 -- machines/verbena/configuration.nix | 2 -- 4 files changed, 31 insertions(+), 6 deletions(-) diff --git a/clan/network.nix b/clan/network.nix index e9e1cc8..1891745 100644 --- a/clan/network.nix +++ b/clan/network.nix @@ -32,4 +32,35 @@ genepi = { }; }; }; + + # Temporarily patched version of clan-core/coredns for AAAA records support + clan.inventory.instances.coredns = { + module.name = "@rpqt/coredns"; + module.input = "self"; + + roles.default.tags.all = { }; + roles.server.machines.verbena = { + settings.ip = "fd28:387a:90:c400::1"; + }; + roles.server.machines.crocus = { + settings.ip = "fd28:387a:90:c400:6db2:dfc3:c376:9956"; + }; + roles.server.settings = { + tld = "home.rpqt.fr"; + }; + + roles.default.machines.genepi.settings = { + ip = "fd28:387a:90:c400:ab23:3d38:a148:f539"; # FIXME: IPv4 expected (A record) + services = [ + "actual" + "assistant" + "glance" + "grafana" + "images" + "lounge" + "pinchflat" + "rss" + ]; + }; + }; } diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix index 73b83d4..2e2772d 100644 --- a/machines/crocus/configuration.nix +++ b/machines/crocus/configuration.nix @@ -7,8 +7,6 @@ ./radicle.nix self.nixosModules.nix-defaults ../../modules/remote-builder.nix - ../../modules/unbound.nix - ../../modules/unbound-auth.nix self.inputs.srvos.nixosModules.server self.inputs.srvos.nixosModules.hardware-hetzner-cloud ]; diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index 7bf8be3..5321f9d 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -20,8 +20,6 @@ ../../modules/acme-home.nix ../../modules/lounge.nix - ../../modules/unbound.nix - ../../modules/unbound-auth.nix self.nixosModules.nix-defaults self.nixosModules.user-rpqt diff --git a/machines/verbena/configuration.nix b/machines/verbena/configuration.nix index 1318135..ce0aa9b 100644 --- a/machines/verbena/configuration.nix +++ b/machines/verbena/configuration.nix @@ -2,8 +2,6 @@ { imports = [ self.nixosModules.nix-defaults - ../../modules/unbound.nix - ../../modules/unbound-auth.nix self.nixosModules.nextcloud self.nixosModules.gitea From b84078220cfcba5bb0e848a5698603e71d6ea370 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 24 Nov 2025 17:11:04 +0100 Subject: [PATCH 315/376] remove unbound dns auth-zone This was moved to coredns to avoid confusion between the authoritative server and the local resolver. --- modules/unbound-auth.nix | 35 ------------- modules/unbound.nix | 108 --------------------------------------- 2 files changed, 143 deletions(-) delete mode 100644 modules/unbound-auth.nix delete mode 100644 modules/unbound.nix diff --git a/modules/unbound-auth.nix b/modules/unbound-auth.nix deleted file mode 100644 index 5c0fbec..0000000 --- a/modules/unbound-auth.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - services.unbound = { - settings = { - auth-zone = [ - { - name = "home.rpqt.fr."; - zonefile = builtins.toFile "home.rpqt.fr.zone" '' - $TTL 3600 ; 1 Hour - $ORIGIN home.rpqt.fr. - home.rpqt.fr. IN SOA ns1 admin.rpqt.fr. ( - 2025063000 ; serial - 10800 ; refresh - 3600 ; retry - 604800 ; expire - 300 ; minimum - ) - - @ 1D IN NS ns1.home.rpqt.fr. - @ 1D IN NS ns2.home.rpqt.fr. - @ 1D IN NS ns3.home.rpqt.fr. - - ns1 10800 IN CNAME crocus.home.rpqt.fr. - ns2 10800 IN CNAME genepi.home.rpqt.fr. - ns3 10800 IN CNAME verbena.home.rpqt.fr. - - crocus 10800 IN AAAA fd80:150d:17cc:2ae:6999:9380:150d:17cc - genepi 10800 IN AAAA fd80:150d:17cc:2ae:6999:9358:3e0e:d738 - verbena 10800 IN AAAA fd80:150d:17cc:2ae:6999:9306:9a0e:c197 - haze 10800 IN AAAA fd80:150d:17cc:2ae:6999:935a:e8:b04d - ''; - } - ]; - }; - }; -} diff --git a/modules/unbound.nix b/modules/unbound.nix deleted file mode 100644 index a386ae4..0000000 --- a/modules/unbound.nix +++ /dev/null @@ -1,108 +0,0 @@ -{ - self, - config, - lib, - ... -}: -let - domain = "home.rpqt.fr"; - machines = { - genepi = { - subdomains = [ - "actual" - "assistant" - "glance" - "grafana" - "images" - "lounge" - "pinchflat" - "rss" - ]; - }; - crocus = { - subdomains = [ - "cloud" - ]; - }; - }; - zerotierInterface = "zts7mq7onf"; - machinesZerotierIpRecords = - lib.map - ( - host: - ''"${host}.infra.rpqt.fr. 10800 IN AAAA ${ - self.nixosConfigurations.${host}.config.clan.core.vars.generators.zerotier.files.zerotier-ip.value - }"'' - ) - [ - "crocus" - "genepi" - ]; -in -{ - services.resolved.enable = false; - - networking.firewall.interfaces.${zerotierInterface} = { - allowedTCPPorts = [ 53 ]; - allowedUDPPorts = [ 53 ]; - }; - - services.unbound = { - enable = true; - resolveLocalQueries = true; - checkconf = true; - - settings = { - server = { - interface = [ - "127.0.0.1" - "::1" - "::0" - ]; - access-control = [ - "127.0.0.1 allow" - "${config.clan.core.networking.zerotier.subnet} allow" - ]; - local-zone = [ - ''"*.home.rpqt.fr." redirect'' - ]; - local-data = - # machinesZerotierIpRecords ++ - lib.concatMap ( - host: - lib.map ( - subdomain: - ''"${subdomain}.${domain}. 10800 IN AAAA ${ - self.nixosConfigurations.${host}.config.clan.core.vars.generators.zerotier.files.zerotier-ip.value - }"'' - ) machines.${host}.subdomains - ) (lib.attrNames machines); - private-address = [ - "127.0.0.1/8" - "${config.clan.core.networking.zerotier.subnet}" - ]; - private-domain = [ - "home.rpqt.fr" - ]; - }; - forward-zone = [ - { - name = "."; - forward-tls-upstream = true; - forward-addr = [ - "9.9.9.9#dns.quad9.net" - "149.112.112.112#dns.quad9.net" - "1.1.1.1@853#cloudflare-dns.com" - "1.0.0.1@853#cloudflare-dns.com" - "2606:4700:4700::1111@853#cloudflare-dns.com" - "2606:4700:4700::1001@853#cloudflare-dns.com" - "8.8.8.8#dns.google" - "8.8.4.4#dns.google" - "2001:4860:4860::8888#dns.google" - "2001:4860:4860::8844#dns.google" - ]; - } - ]; - }; - }; -} From f7700cadd5845869b25d4d38e84564faa56052f2 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 24 Nov 2025 17:11:04 +0100 Subject: [PATCH 316/376] add pixel-7a to wireguard network Hard-coded for now until clan-core/wireguard supports external peers. --- machines/verbena/configuration.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/machines/verbena/configuration.nix b/machines/verbena/configuration.nix index ce0aa9b..3cafaa5 100644 --- a/machines/verbena/configuration.nix +++ b/machines/verbena/configuration.nix @@ -6,6 +6,24 @@ self.nixosModules.gitea self.inputs.srvos.nixosModules.server + + { + # Add Pixel-7a as external device for clan wireguard network + networking.wireguard.interfaces.wireguard = { + ips = [ "100.42.42.1/32" ]; + peers = [ + { + publicKey = "BVgDQM18SfNofQsWs7m6fblaTB04Gk74VxR/zK8AKQ4="; + allowedIPs = + let + suffix = "cafe:cafe"; + in + [ "fd28:387a:90:c400:${suffix}::/96" ]; + persistentKeepalive = 25; + } + ]; + }; + } ]; nixpkgs.hostPlatform = "x86_64-linux"; From b917f503daae5e7dd7cf4cdc622ae06af69e5bd2 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 27 Nov 2025 15:56:54 +0100 Subject: [PATCH 317/376] Update vars via generator atuin for machine haze --- vars/per-machine/haze/atuin/key/machines/haze | 1 + vars/per-machine/haze/atuin/key/secret | 18 ++++++++++++++++++ vars/per-machine/haze/atuin/key/users/rpqt | 1 + 3 files changed, 20 insertions(+) create mode 120000 vars/per-machine/haze/atuin/key/machines/haze create mode 100644 vars/per-machine/haze/atuin/key/secret create mode 120000 vars/per-machine/haze/atuin/key/users/rpqt diff --git a/vars/per-machine/haze/atuin/key/machines/haze b/vars/per-machine/haze/atuin/key/machines/haze new file mode 120000 index 0000000..db9551a --- /dev/null +++ b/vars/per-machine/haze/atuin/key/machines/haze @@ -0,0 +1 @@ +../../../../../../sops/machines/haze \ No newline at end of file diff --git a/vars/per-machine/haze/atuin/key/secret b/vars/per-machine/haze/atuin/key/secret new file mode 100644 index 0000000..ec8f2d0 --- /dev/null +++ b/vars/per-machine/haze/atuin/key/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:fF1De3CumRtONLJXCxgV/DDy0DbWdEDcgTEf9PB8nI/czxsoe+iQ1nbbHrNkG9ZqJQl72nXL3+y6g4OssZ44aQ==,iv:0oCUhhAJNj7fQLxqLlSiF+rWpDrk/C/WX9+fwWnNeM8=,tag:FzXudt/aGN93XSfaLRMHwQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsUjB3RG5rcXg1cVpRR3Zw\nUTNQNDRLSDdzbW9NbXpxUXJjT0s0RUxzRGx3CkVrc0kyRm8xVmFYOHpGZEhwV1RJ\ncWpNN050TjRTYzVCSk00QmdBa2ZQTDgKLS0tIGpCa0wyWW84RmpTZEw4aHg0ZWps\nYU9tZWRLUG5RMWF6bzJaNDJlV1BzY2cKoYyLtxVzwpqwaajgVgQvuDKHM+uU38vT\n/dVUjz54J4+/HQPd65TO6CIvMRQXu7ebsWxsuPAvJYIgeHD7mEbpgA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaREM4NFh3Kzh0cTd5eitK\nV0VpbndEMkNQaW91aHRaY29PTGVWWEJOQmhBCkU3eXpYdnNPZ0hBQjk0Z2huRXdj\nYmxsNUZ4cnlyUzhsTnkvaFBaWUZsZVEKLS0tIFNoU0FQWFZjcnp0M0JaREZxc3Zi\neUxxUDc2R0lkckp5V1p2SXlqNlBjTVkK+9utF0LvMNO3bTw2Ky3Eprna0rBIR83y\nGgKN6buuPN6xp5RNUixmvc9lEvmX+RwSQzs8MTnhCOQEmcP1vvg+aw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-11-27T14:56:54Z", + "mac": "ENC[AES256_GCM,data:T9Z5jMebdm0UuRsnrFXYxg0Yylvn5So0ZqaEo+3axRMfjq5MS/sikz/nRGhgD5h9OTRk3tWndBB8aUO9u8QE+s+L4jM+wHSD1cI0+mc4/UuQgcs09tVxtCSFED0ETp8Iay0lhl7+yKpImPys0RpGNd4Wjn1qqExXqQ4M5aYcBWQ=,iv:85NKSnnrOGUtrriky0twzhLstnkjFkL11YxXjsgF+Js=,tag:VXb0q5eZFLxW7yE+SLZlYQ==,type:str]", + "version": "3.11.0" + } +} diff --git a/vars/per-machine/haze/atuin/key/users/rpqt b/vars/per-machine/haze/atuin/key/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/haze/atuin/key/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From eb16cd96fad644ed7bbf55900b322f04046ac30c Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 27 Nov 2025 16:07:02 +0100 Subject: [PATCH 318/376] add atuin key as clan var --- home-manager/cli.nix | 6 +++++- machines/haze/configuration.nix | 1 + modules/dev.nix | 6 ++++++ modules/flake-module.nix | 1 + 4 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 modules/dev.nix diff --git a/home-manager/cli.nix b/home-manager/cli.nix index 9fc1c29..db3b37c 100644 --- a/home-manager/cli.nix +++ b/home-manager/cli.nix @@ -1,6 +1,7 @@ { self, config, + osConfig, pkgs, ... }: @@ -32,9 +33,12 @@ programs.zoxide.enable = true; programs.starship.enable = true; - programs.atuin.enable = true; programs.bat.enable = true; + programs.atuin.enable = true; + xdg.dataFile."atuin/key".source = + config.lib.file.mkOutOfStoreSymlink osConfig.clan.core.vars.generators.atuin.files.key.path; + programs.zsh = { enable = true; syntaxHighlighting.enable = true; diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index 2fa4876..a3dd40a 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -17,6 +17,7 @@ ./syncthing.nix self.nixosModules.desktop + self.nixosModules.dev self.nixosModules.nix-defaults self.inputs.home-manager.nixosModules.home-manager diff --git a/modules/dev.nix b/modules/dev.nix new file mode 100644 index 0000000..294bdfa --- /dev/null +++ b/modules/dev.nix @@ -0,0 +1,6 @@ +{ + clan.core.vars.generators.atuin = { + prompts.key.persist = true; + files.key.owner = "rpqt"; + }; +} diff --git a/modules/flake-module.nix b/modules/flake-module.nix index ae1638d..aab048a 100644 --- a/modules/flake-module.nix +++ b/modules/flake-module.nix @@ -9,6 +9,7 @@ ./desktop.nix ]; + dev.imports = [ ./dev.nix ]; nix-defaults.imports = [ ./nix-defaults.nix ]; tailscale.imports = [ ./tailscale.nix ]; user-rpqt.imports = [ ./user-rpqt.nix ]; From 4474dbad90953150f17b1c367049a7d458b9f532 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Thu, 27 Nov 2025 16:07:02 +0100 Subject: [PATCH 319/376] remove ignis desktop --- flake.lock | 43 ---------------------------------- flake.nix | 3 --- home-manager/desktop/ignis.nix | 38 ------------------------------ 3 files changed, 84 deletions(-) delete mode 100644 home-manager/desktop/ignis.nix diff --git a/flake.lock b/flake.lock index 3f48baa..aa7aa6d 100644 --- a/flake.lock +++ b/flake.lock @@ -250,48 +250,6 @@ "type": "github" } }, - "ignis": { - "inputs": { - "ignis-gvc": "ignis-gvc", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1762970543, - "narHash": "sha256-7ipFVC9pvI564c22b1dIEzSQ8dZXK3cxh/tF/4tX38c=", - "owner": "ignis-sh", - "repo": "ignis", - "rev": "ba8b0e11c2462afc9fdc30ce6a72b4e94e8ee7c4", - "type": "github" - }, - "original": { - "owner": "ignis-sh", - "repo": "ignis", - "type": "github" - } - }, - "ignis-gvc": { - "inputs": { - "nixpkgs": [ - "ignis", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1754064086, - "narHash": "sha256-ft5KvY2OYrWF+jEsfBL/Zx8Iuo2C10C6COk8wHwZw34=", - "owner": "ignis-sh", - "repo": "ignis-gvc", - "rev": "f2c9f10d8b49cc38106a2f07a51ea959c6aa4e63", - "type": "github" - }, - "original": { - "owner": "ignis-sh", - "repo": "ignis-gvc", - "type": "github" - } - }, "impermanence": { "locked": { "lastModified": 1737831083, @@ -467,7 +425,6 @@ "disko": "disko_2", "flake-parts": "flake-parts_2", "home-manager": "home-manager", - "ignis": "ignis", "impermanence": "impermanence", "matugen": "matugen", "nixos-generators": "nixos-generators", diff --git a/flake.nix b/flake.nix index 6117968..39dad27 100644 --- a/flake.nix +++ b/flake.nix @@ -49,9 +49,6 @@ clan-core.inputs.nixpkgs.follows = "nixpkgs"; clan-core.inputs.flake-parts.follows = "flake-parts"; - ignis.url = "github:ignis-sh/ignis"; - ignis.inputs.nixpkgs.follows = "nixpkgs"; - matugen.url = "github:InioX/Matugen"; matugen.inputs.nixpkgs.follows = "nixpkgs"; diff --git a/home-manager/desktop/ignis.nix b/home-manager/desktop/ignis.nix deleted file mode 100644 index 4bc86ae..0000000 --- a/home-manager/desktop/ignis.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ - self, - config, - inputs, - pkgs, - ... -}: -{ - imports = [ - self.homeManagerModules.dotfiles - inputs.ignis.homeManagerModules.default - ]; - - home.packages = [ - pkgs.brightnessctl - pkgs.swaybg - pkgs.swaylock - pkgs.tofi - pkgs.wl-gammarelay-rs - inputs.matugen.packages.${pkgs.system}.default - ]; - - programs.ignis = { - enable = true; - - addToPythonEnv = false; - - sass.enable = true; - sass.useDartSass = true; - - services.bluetooth.enable = true; - services.audio.enable = true; - services.network.enable = true; - }; - - xdg.configFile."ignis".source = - config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/rep/heath"; -} From f970fc0623834792e629333ad1d433ec2176b87a Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 29 Nov 2025 14:06:57 +0100 Subject: [PATCH 320/376] Update vars via generator syncthing-gui for machine genepi --- .../syncthing-gui/password/machines/genepi | 1 + .../genepi/syncthing-gui/password/secret | 18 ++++++++++++++++++ .../genepi/syncthing-gui/password/users/rpqt | 1 + 3 files changed, 20 insertions(+) create mode 120000 vars/per-machine/genepi/syncthing-gui/password/machines/genepi create mode 100644 vars/per-machine/genepi/syncthing-gui/password/secret create mode 120000 vars/per-machine/genepi/syncthing-gui/password/users/rpqt diff --git a/vars/per-machine/genepi/syncthing-gui/password/machines/genepi b/vars/per-machine/genepi/syncthing-gui/password/machines/genepi new file mode 120000 index 0000000..342fa08 --- /dev/null +++ b/vars/per-machine/genepi/syncthing-gui/password/machines/genepi @@ -0,0 +1 @@ +../../../../../../sops/machines/genepi \ No newline at end of file diff --git a/vars/per-machine/genepi/syncthing-gui/password/secret b/vars/per-machine/genepi/syncthing-gui/password/secret new file mode 100644 index 0000000..d43e9c3 --- /dev/null +++ b/vars/per-machine/genepi/syncthing-gui/password/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:HWmd0ZCo4gD0g+dZrbkX7XNvfsWQaPHN1VOpzNGVbwZFQm1QCxGV1AxKkXbjH2pbsO6i6kikyyNH,iv:CX8Q5o/7SGM33rfQG5lFvc7iSBxR3sTf8Q4bPk4iv5k=,tag:gtEmFaZh6I2Q1d1IeSRDKQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdzNoZllKUUlQY0JCZTl2\nUytkeVF5YWpyTTRzWnFnWHl2ekJuUHJPY1YwCnhnMzFWVmd2SkRBTUwwWTdGbEVa\nSndlRVpxbmtCaHNYaTBBbi9ZVWkxTVEKLS0tIC9vRnJFUjhrbjFYWWJ6VTJYN25V\nUTVMTjdaRmJ3cTZDbW1NZzV1YzI1b3cK38Hqjzv9zRKG68aiI57pOX14PG/+qkg2\nOwnZeFUtuy84fW1xs00tRXAHUXFBoqavjQ9UaOaADWVDqdcwWbyfmg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwcmovYnRaS1lETGl0ZHpl\nbnp6a0Q2ZzhPYVU5YXRVN0ZEZ1dLYjFrQzFBCkVyL1ZJMmx3NHJ0RVl1MjBoa25s\naHRzVWdVNmVPM0FNaE5Vc3BvSXJjeEEKLS0tIHl2eGJ3UXlmNGxucEhvTWlUK2Jj\nY0dEVGhPb2ZLYkF1WFJhYlNNSkQ3ZGsKZ0HiunVE+tGx/wSHljp0ZKVPoz1GpXer\noochDu7LYIt3NkrS+4Tn3UBHckUvQXq72GcvaLI8l7h2RMFXRV7FqA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-11-29T13:06:57Z", + "mac": "ENC[AES256_GCM,data:6PybvwdIi19um8zXFJ3N1kEG611JSVor7fa7cwf4nOR/UCYfhgUc7Rp6YaXpnxACOrMoA8aLQznSKUY19Rrux1EnPFUUlUPRonS64CchoC/Ix941UffZA+HjHTIONOz7uFOBr5qIcWmcWR2EucyMQoWYd501u+chetJMWXErJ9k=,iv:HT5YivDqqkZdVQ/ELdmBBP5KY47VD2IKgpeGGB6pAnM=,tag:a/bUdqqh0TqT5MZrREL1gg==,type:str]", + "version": "3.11.0" + } +} diff --git a/vars/per-machine/genepi/syncthing-gui/password/users/rpqt b/vars/per-machine/genepi/syncthing-gui/password/users/rpqt new file mode 120000 index 0000000..c6af5c7 --- /dev/null +++ b/vars/per-machine/genepi/syncthing-gui/password/users/rpqt @@ -0,0 +1 @@ +../../../../../../sops/users/rpqt \ No newline at end of file From 5d329ed8459440fbb22771c5c6f5dcc588e912ad Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 29 Nov 2025 14:11:50 +0100 Subject: [PATCH 321/376] update flake inputs --- clan/flake-module.nix | 2 +- clan/network.nix | 11 ++++++ flake.lock | 92 +++++++++++++++++++++---------------------- 3 files changed, 58 insertions(+), 47 deletions(-) diff --git a/clan/flake-module.nix b/clan/flake-module.nix index 3e956f6..e177c0c 100644 --- a/clan/flake-module.nix +++ b/clan/flake-module.nix @@ -7,7 +7,7 @@ ]; clan.meta.name = "blossom"; - clan.meta.tld = "val"; + clan.meta.domain = "val"; clan.inventory.instances."rpqt-admin" = { module.input = "clan-core"; diff --git a/clan/network.nix b/clan/network.nix index 1891745..37d00bc 100644 --- a/clan/network.nix +++ b/clan/network.nix @@ -33,6 +33,17 @@ }; }; + # clan.inventory.instances.certificates = { + # module.name = "certificates"; + # module.input = "clan-core"; + + # roles.ca.machines.verbena = { + # settings.acmeEmail = "admin@rpqt.fr"; + # }; + # roles.default.tags.all = { }; + # roles.default.settings.acmeEmail = "admin@rpqt.fr"; + # }; + # Temporarily patched version of clan-core/coredns for AAAA records support clan.inventory.instances.coredns = { module.name = "@rpqt/coredns"; diff --git a/flake.lock b/flake.lock index aa7aa6d..687ff65 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1761641036, - "narHash": "sha256-WyoAA5qBHimmWj0tuJMnkIq4o8dB01st6smx3ZzI/L0=", + "lastModified": 1763946641, + "narHash": "sha256-kPP7k2b+Dkd91yJO01y3l1F0t+Mqvv8+FrPfjcCwszg=", "owner": "nix-community", "repo": "buildbot-nix", - "rev": "3cd0114c633815095fde7a3126e1dbd6ad2e673f", + "rev": "cd32d1c420320383bfcc80c1b0b402b6a7eccc23", "type": "github" }, "original": { @@ -41,11 +41,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1763806343, - "narHash": "sha256-dXCgpw9WgaiyymspX/v2vWOpNaSgl6kR4SBNvE5aCs0=", + "lastModified": 1764586080, + "narHash": "sha256-q3BXgao2VfIV8FSzS1bkYl1z/EVQYyzLWb6lPx/EOGs=", "ref": "refs/heads/main", - "rev": "7fd1f6cf7e93d344baeec8c15bbf54282551b073", - "revCount": 11125, + "rev": "773a697fb9c7403d2667e72b98451697e7485e93", + "revCount": 11350, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -62,11 +62,11 @@ ] }, "locked": { - "lastModified": 1763788986, - "narHash": "sha256-uYgLhTSxWs9IRpia5Hxd7AMCaE0plr0+QhWBf26h9V0=", + "lastModified": 1764561720, + "narHash": "sha256-QOeUx+gacbziKlfuLUDDmiv7GwltUBp/S8rcGXqrKMg=", "owner": "AvengeMedia", "repo": "DankMaterialShell", - "rev": "58bf1899410536c4244b9d44c243426dc1b2a2c9", + "rev": "4e66d3532e7324ad0c3ae744fa67d2eb0ccc702e", "type": "github" }, "original": { @@ -131,11 +131,11 @@ ] }, "locked": { - "lastModified": 1763651264, - "narHash": "sha256-8vvwZbw0s7YvBMJeyPVpWke6lg6ROgtts5N2/SMCcv4=", + "lastModified": 1764350888, + "narHash": "sha256-6Rp18zavTlnlZzcoLoBTJMBahL2FycVkw2rAEs3cQvo=", "owner": "nix-community", "repo": "disko", - "rev": "e86a89079587497174ccab6d0d142a65811a4fd9", + "rev": "2055a08fd0e2fd41318279a5355eb8a161accf26", "type": "github" }, "original": { @@ -151,11 +151,11 @@ ] }, "locked": { - "lastModified": 1763651264, - "narHash": "sha256-8vvwZbw0s7YvBMJeyPVpWke6lg6ROgtts5N2/SMCcv4=", + "lastModified": 1764350888, + "narHash": "sha256-6Rp18zavTlnlZzcoLoBTJMBahL2FycVkw2rAEs3cQvo=", "owner": "nix-community", "repo": "disko", - "rev": "e86a89079587497174ccab6d0d142a65811a4fd9", + "rev": "2055a08fd0e2fd41318279a5355eb8a161accf26", "type": "github" }, "original": { @@ -237,11 +237,11 @@ ] }, "locked": { - "lastModified": 1763748372, - "narHash": "sha256-AUc78Qv3sWir0hvbmfXoZ7Jzq9VVL97l+sP9Jgms+JU=", + "lastModified": 1764544324, + "narHash": "sha256-GVBGjO7UsmzLrlOJV8NlKSxukHaHencrJqWkCA6FkqI=", "owner": "nix-community", "repo": "home-manager", - "rev": "d10a9b16b2a3ee28433f3d1c603f4e9f1fecb8e1", + "rev": "e4e25a8c310fa45f2a8339c7972dc43d2845a612", "type": "github" }, "original": { @@ -273,11 +273,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1763355108, - "narHash": "sha256-u5gCg+oA1car16NA7UL2dVjZGdD/RXJCt0srVFwCnmA=", + "lastModified": 1764186156, + "narHash": "sha256-TD9XyqFdLIOLRZM7ozQ8gz4PyEQbLGLxB4MbzjLccg4=", "owner": "InioX", "repo": "Matugen", - "rev": "e216c4bf66899694b19b10369f9fa0275d739cff", + "rev": "cc82736698f9a77a5ec78853e54f25f0fce4ba87", "type": "github" }, "original": { @@ -294,11 +294,11 @@ ] }, "locked": { - "lastModified": 1763505477, - "narHash": "sha256-nJRd4LY2kT3OELfHqdgWjvToNZ4w+zKCMzS2R6z4sXE=", + "lastModified": 1764161084, + "narHash": "sha256-HN84sByg9FhJnojkGGDSrcjcbeioFWoNXfuyYfJ1kBE=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "3bda9f6b14161becbd07b3c56411f1670e19b9b5", + "rev": "e95de00a471d07435e0527ff4db092c84998698e", "type": "github" }, "original": { @@ -337,11 +337,11 @@ }, "nixos-facter-modules": { "locked": { - "lastModified": 1762264948, - "narHash": "sha256-iaRf6n0KPl9hndnIft3blm1YTAyxSREV1oX0MFZ6Tk4=", + "lastModified": 1764252389, + "narHash": "sha256-3bbuneTKZBkYXlm0bE36kUjiDsasoIC1GWBw/UEJ9T4=", "owner": "nix-community", "repo": "nixos-facter-modules", - "rev": "fa695bff9ec37fd5bbd7ee3181dbeb5f97f53c96", + "rev": "5ea68886d95218646d11d3551a476d458df00778", "type": "github" }, "original": { @@ -356,11 +356,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1751903740, - "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=", + "lastModified": 1764234087, + "narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "032decf9db65efed428afd2fa39d80f7089085eb", + "rev": "032a1878682fafe829edfcf5fdfad635a2efe748", "type": "github" }, "original": { @@ -371,11 +371,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1762847253, - "narHash": "sha256-BWWnUUT01lPwCWUvS0p6Px5UOBFeXJ8jR+ZdLX8IbrU=", + "lastModified": 1764440730, + "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "899dc449bc6428b9ee6b3b8f771ca2b0ef945ab9", + "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3", "type": "github" }, "original": { @@ -403,11 +403,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1763678758, - "narHash": "sha256-+hBiJ+kG5IoffUOdlANKFflTT5nO3FrrR2CA3178Y5s=", + "lastModified": 1764517877, + "narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "117cc7f94e8072499b0a7aa4c52084fa4e11cc9b", + "rev": "2d293cbfa5a793b4c50d17c05ef9e385b90edf6c", "type": "github" }, "original": { @@ -442,11 +442,11 @@ ] }, "locked": { - "lastModified": 1763607916, - "narHash": "sha256-VefBA1JWRXM929mBAFohFUtQJLUnEwZ2vmYUNkFnSjE=", + "lastModified": 1764483358, + "narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "877bb495a6f8faf0d89fc10bd142c4b7ed2bcc0b", + "rev": "5aca6ff67264321d47856a2ed183729271107c9c", "type": "github" }, "original": { @@ -462,11 +462,11 @@ ] }, "locked": { - "lastModified": 1763600374, - "narHash": "sha256-CPBFJSZrHD/TguhjBzXKaqwtMGz7ac8bX5KZ9dJfdu0=", + "lastModified": 1764551162, + "narHash": "sha256-DV/iPK0EL1vEvz5Qzl6WHVzeIJB0SCFCVrIpr0Ocfwc=", "owner": "nix-community", "repo": "srvos", - "rev": "66d01f019faeacda79b8d81cb37c8094685cb333", + "rev": "ed9d5a032c701cb1534acbcad348d42df12cbc26", "type": "github" }, "original": { @@ -570,11 +570,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1763768455, - "narHash": "sha256-ZwqW2uH36vPUKrlbzDyz7NoFXKjJOT1Ijvlaz4sIp8E=", + "lastModified": 1764585331, + "narHash": "sha256-dGFxquZ0JaZPlCueMVPvsbotH3GI+vB8/r8cSJhz1KY=", "owner": "vicinaehq", "repo": "vicinae", - "rev": "5c965e0777dc4bcb01808c7f214dc56f997bd9c7", + "rev": "d1fe354cd50f9941acf05c44463315d61f0e7917", "type": "github" }, "original": { From 299bf4ea8529dacae3e8676ecb2607579c7f09ef Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 29 Nov 2025 14:11:50 +0100 Subject: [PATCH 322/376] genepi: add password for synchthing-gui --- machines/genepi/syncthing.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/machines/genepi/syncthing.nix b/machines/genepi/syncthing.nix index d554fe0..dd72177 100644 --- a/machines/genepi/syncthing.nix +++ b/machines/genepi/syncthing.nix @@ -23,5 +23,17 @@ in group = lib.mkForce "users"; dataDir = home; configDir = lib.mkForce "${home}/.config/syncthing"; + guiPasswordFile = config.clan.core.vars.generators.syncthing-gui.files.password.path; + }; + + clan.core.vars.generators.syncthing-gui = { + files.password = { + secret = true; + owner = user; + }; + runtimeInputs = [ pkgs.xkcdpass ]; + script = '' + xkcdpass -n 7 > $out/password + ''; }; } From 0096acaf816c19e61e855867ebafe5cc1309d732 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 29 Nov 2025 14:11:50 +0100 Subject: [PATCH 323/376] radicle: add pinned repositories --- machines/crocus/radicle.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/machines/crocus/radicle.nix b/machines/crocus/radicle.nix index 4e80736..ea2f2db 100644 --- a/machines/crocus/radicle.nix +++ b/machines/crocus/radicle.nix @@ -21,8 +21,13 @@ }; settings = { # FIXME: activation fails with rad saying the config is invalid - # web.avatarUrl = "https://rpqt.fr/favicon.svg"; - # web.description = "rpqt's radicle node"; + web.avatarUrl = "https://rpqt.fr/favicon.svg"; + web.description = "rpqt's radicle node"; + web.pinned.repositories = [ + "rad:z2DH9K384tPCrM5HJcpiKEoZZdftY" # lila + "rad:z29gVX1f6HC1XGx755RL1m1hhMp6x" # corner + "rad:z36HRN3Soay4wMXBSiR4aW7Hg9rT7" # flocon + ]; }; }; From d92ea6d7420b41e7798d30a9dc1ec870a162722a Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 29 Nov 2025 14:11:50 +0100 Subject: [PATCH 324/376] move radicle module --- machines/crocus/configuration.nix | 2 +- modules/flake-module.nix | 1 + {machines/crocus => modules}/radicle.nix | 0 3 files changed, 2 insertions(+), 1 deletion(-) rename {machines/crocus => modules}/radicle.nix (100%) diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix index 2e2772d..50ca761 100644 --- a/machines/crocus/configuration.nix +++ b/machines/crocus/configuration.nix @@ -4,7 +4,7 @@ }: { imports = [ - ./radicle.nix + self.nixosModules.radicle self.nixosModules.nix-defaults ../../modules/remote-builder.nix self.inputs.srvos.nixosModules.server diff --git a/modules/flake-module.nix b/modules/flake-module.nix index aab048a..11aad72 100644 --- a/modules/flake-module.nix +++ b/modules/flake-module.nix @@ -15,6 +15,7 @@ user-rpqt.imports = [ ./user-rpqt.nix ]; hardened-ssh-server.imports = [ ./hardened-ssh-server.nix ]; nextcloud.imports = [ ./nextcloud.nix ]; + radicle.imports = [ ./radicle.nix ]; server.imports = [ ./motd.nix diff --git a/machines/crocus/radicle.nix b/modules/radicle.nix similarity index 100% rename from machines/crocus/radicle.nix rename to modules/radicle.nix From 3cc9ddccb6c7010a03a6cd92e4d7a2978e226e4f Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 29 Nov 2025 14:11:50 +0100 Subject: [PATCH 325/376] update flake inputs --- flake.lock | 119 ++++++++++++++++++++++++++++++++--------------------- 1 file changed, 71 insertions(+), 48 deletions(-) diff --git a/flake.lock b/flake.lock index 687ff65..3a7bbb4 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1763946641, - "narHash": "sha256-kPP7k2b+Dkd91yJO01y3l1F0t+Mqvv8+FrPfjcCwszg=", + "lastModified": 1765229650, + "narHash": "sha256-i+nRqDnqnkytva/3uVjAIMlkv8fh/BOTpYIq5EunBOQ=", "owner": "nix-community", "repo": "buildbot-nix", - "rev": "cd32d1c420320383bfcc80c1b0b402b6a7eccc23", + "rev": "af5a582396fa643e640b77674143cee1ac633f95", "type": "github" }, "original": { @@ -41,11 +41,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1764586080, - "narHash": "sha256-q3BXgao2VfIV8FSzS1bkYl1z/EVQYyzLWb6lPx/EOGs=", + "lastModified": 1765550297, + "narHash": "sha256-UGPK8XKXI7Y+EFWKT2/Xel53RNL/z959WwK4o7nV6vE=", "ref": "refs/heads/main", - "rev": "773a697fb9c7403d2667e72b98451697e7485e93", - "revCount": 11350, + "rev": "c36b07ffb39ced5c47d4d1a150fd324f6725f20d", + "revCount": 11566, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -59,14 +59,15 @@ "dgop": "dgop", "nixpkgs": [ "nixpkgs" - ] + ], + "quickshell": "quickshell" }, "locked": { - "lastModified": 1764561720, - "narHash": "sha256-QOeUx+gacbziKlfuLUDDmiv7GwltUBp/S8rcGXqrKMg=", + "lastModified": 1765560618, + "narHash": "sha256-gZEYrkY/IJHQrackgNwpl0qFnRacBSpmvqa0ljkdieU=", "owner": "AvengeMedia", "repo": "DankMaterialShell", - "rev": "4e66d3532e7324ad0c3ae744fa67d2eb0ccc702e", + "rev": "e95f7ce367470424e7636b40a0ba7af42ddcd94e", "type": "github" }, "original": { @@ -91,11 +92,11 @@ ] }, "locked": { - "lastModified": 1762942435, - "narHash": "sha256-zIWGs5FIytTtJN+dhDb8Yx+q4TQI/yczuL539yVcyPE=", - "rev": "0ee328404b12c65e8106bde9e9fab8abf4ecada4", + "lastModified": 1765163284, + "narHash": "sha256-tCrc6IyhXrMTTeF5lZHlwbfMBvDUr0OM5Uz+kToJ+ow=", + "rev": "986035f01ba7339c6c9d80f37aec9c5f93dfa47f", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/0ee328404b12c65e8106bde9e9fab8abf4ecada4.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/986035f01ba7339c6c9d80f37aec9c5f93dfa47f.tar.gz" }, "original": { "type": "tarball", @@ -110,11 +111,11 @@ ] }, "locked": { - "lastModified": 1762435535, - "narHash": "sha256-QhzRn7pYN35IFpKjjxJAj3GPJECuC+VLhoGem3ezycc=", + "lastModified": 1762835999, + "narHash": "sha256-UykYGrGFOFTmDpKTLNxj1wvd1gbDG4TkqLNSbV0TYwk=", "owner": "AvengeMedia", "repo": "dgop", - "rev": "6cf638dde818f9f8a2e26d0243179c43cb3458d7", + "rev": "799301991cd5dcea9b64245f9d500dcc76615653", "type": "github" }, "original": { @@ -131,11 +132,11 @@ ] }, "locked": { - "lastModified": 1764350888, - "narHash": "sha256-6Rp18zavTlnlZzcoLoBTJMBahL2FycVkw2rAEs3cQvo=", + "lastModified": 1765326679, + "narHash": "sha256-fTLX9kDwLr9Y0rH/nG+h1XG5UU+jBcy0PFYn5eneRX8=", "owner": "nix-community", "repo": "disko", - "rev": "2055a08fd0e2fd41318279a5355eb8a161accf26", + "rev": "d64e5cdca35b5fad7c504f615357a7afe6d9c49e", "type": "github" }, "original": { @@ -151,11 +152,11 @@ ] }, "locked": { - "lastModified": 1764350888, - "narHash": "sha256-6Rp18zavTlnlZzcoLoBTJMBahL2FycVkw2rAEs3cQvo=", + "lastModified": 1765326679, + "narHash": "sha256-fTLX9kDwLr9Y0rH/nG+h1XG5UU+jBcy0PFYn5eneRX8=", "owner": "nix-community", "repo": "disko", - "rev": "2055a08fd0e2fd41318279a5355eb8a161accf26", + "rev": "d64e5cdca35b5fad7c504f615357a7afe6d9c49e", "type": "github" }, "original": { @@ -192,11 +193,11 @@ ] }, "locked": { - "lastModified": 1763759067, - "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", + "lastModified": 1765495779, + "narHash": "sha256-MhA7wmo/7uogLxiewwRRmIax70g6q1U/YemqTGoFHlM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", + "rev": "5635c32d666a59ec9a55cab87e898889869f7b71", "type": "github" }, "original": { @@ -237,11 +238,11 @@ ] }, "locked": { - "lastModified": 1764544324, - "narHash": "sha256-GVBGjO7UsmzLrlOJV8NlKSxukHaHencrJqWkCA6FkqI=", + "lastModified": 1765480374, + "narHash": "sha256-HlbvQAqLx7WqZFFQZ8nu5UUJAVlXiV/kqKbyueA8srw=", "owner": "nix-community", "repo": "home-manager", - "rev": "e4e25a8c310fa45f2a8339c7972dc43d2845a612", + "rev": "39cb677ed9e908e90478aa9fe5f3383dfc1a63f3", "type": "github" }, "original": { @@ -273,11 +274,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1764186156, - "narHash": "sha256-TD9XyqFdLIOLRZM7ozQ8gz4PyEQbLGLxB4MbzjLccg4=", + "lastModified": 1765099519, + "narHash": "sha256-N8XNexsqr/GBJKW1UG7OtE+YGkYhJNQRjIypgHO21dk=", "owner": "InioX", "repo": "Matugen", - "rev": "cc82736698f9a77a5ec78853e54f25f0fce4ba87", + "rev": "de6381b5288c53763ba7c055661dc08ee8f107fa", "type": "github" }, "original": { @@ -337,11 +338,11 @@ }, "nixos-facter-modules": { "locked": { - "lastModified": 1764252389, - "narHash": "sha256-3bbuneTKZBkYXlm0bE36kUjiDsasoIC1GWBw/UEJ9T4=", + "lastModified": 1765442039, + "narHash": "sha256-k3lYQ+A1F7aTz8HnlU++bd9t/x/NP2A4v9+x6opcVg0=", "owner": "nix-community", "repo": "nixos-facter-modules", - "rev": "5ea68886d95218646d11d3551a476d458df00778", + "rev": "9dd775ee92de63f14edd021d59416e18ac2c00f1", "type": "github" }, "original": { @@ -403,11 +404,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1764517877, - "narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=", + "lastModified": 1765186076, + "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2d293cbfa5a793b4c50d17c05ef9e385b90edf6c", + "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8", "type": "github" }, "original": { @@ -417,6 +418,28 @@ "type": "github" } }, + "quickshell": { + "inputs": { + "nixpkgs": [ + "dankMaterialShell", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1764663772, + "narHash": "sha256-sHqLmm0wAt3PC4vczJeBozI1/f4rv9yp3IjkClHDXDs=", + "ref": "refs/heads/master", + "rev": "26531fc46ef17e9365b03770edd3fb9206fcb460", + "revCount": 713, + "type": "git", + "url": "https://git.outfoxxed.me/quickshell/quickshell" + }, + "original": { + "rev": "26531fc46ef17e9365b03770edd3fb9206fcb460", + "type": "git", + "url": "https://git.outfoxxed.me/quickshell/quickshell" + } + }, "root": { "inputs": { "buildbot-nix": "buildbot-nix", @@ -442,11 +465,11 @@ ] }, "locked": { - "lastModified": 1764483358, - "narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=", + "lastModified": 1765231718, + "narHash": "sha256-qdBzo6puTgG4G2RHG0PkADg22ZnQo1JmSVFRxrD4QM4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5aca6ff67264321d47856a2ed183729271107c9c", + "rev": "7fd1416aba1865eddcdec5bb11339b7222c2363e", "type": "github" }, "original": { @@ -462,11 +485,11 @@ ] }, "locked": { - "lastModified": 1764551162, - "narHash": "sha256-DV/iPK0EL1vEvz5Qzl6WHVzeIJB0SCFCVrIpr0Ocfwc=", + "lastModified": 1765415765, + "narHash": "sha256-DNEUksb+s7DbwahAlIZ4v/BUFUacOqGklCbjgAHZb4k=", "owner": "nix-community", "repo": "srvos", - "rev": "ed9d5a032c701cb1534acbcad348d42df12cbc26", + "rev": "a9e46dc439591c67337a0caf0beebb5a73ed9a86", "type": "github" }, "original": { @@ -570,11 +593,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1764585331, - "narHash": "sha256-dGFxquZ0JaZPlCueMVPvsbotH3GI+vB8/r8cSJhz1KY=", + "lastModified": 1765272078, + "narHash": "sha256-etv2HJA9OWvTkjnrjaNSqvebu9gWLIGPYb9PWr4qkfM=", "owner": "vicinaehq", "repo": "vicinae", - "rev": "d1fe354cd50f9941acf05c44463315d61f0e7917", + "rev": "32cf6b1f82e007cddba9c9ae037eff670219cd55", "type": "github" }, "original": { From 4f197b4319dc8643764b3b28139c3e56b6f6bb58 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 29 Nov 2025 14:11:50 +0100 Subject: [PATCH 326/376] vicinae: remove input and use home-manager option --- flake.lock | 39 +------------------------------- flake.nix | 3 --- home-manager/desktop/vicinae.nix | 12 +++------- 3 files changed, 4 insertions(+), 50 deletions(-) diff --git a/flake.lock b/flake.lock index 3a7bbb4..a99cdaf 100644 --- a/flake.lock +++ b/flake.lock @@ -453,8 +453,7 @@ "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", - "srvos": "srvos", - "vicinae": "vicinae" + "srvos": "srvos" } }, "sops-nix": { @@ -528,21 +527,6 @@ "type": "github" } }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -584,27 +568,6 @@ "repo": "treefmt-nix", "type": "github" } - }, - "vicinae": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ], - "systems": "systems_3" - }, - "locked": { - "lastModified": 1765272078, - "narHash": "sha256-etv2HJA9OWvTkjnrjaNSqvebu9gWLIGPYb9PWr4qkfM=", - "owner": "vicinaehq", - "repo": "vicinae", - "rev": "32cf6b1f82e007cddba9c9ae037eff670219cd55", - "type": "github" - }, - "original": { - "owner": "vicinaehq", - "repo": "vicinae", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 39dad27..ef5ce16 100644 --- a/flake.nix +++ b/flake.nix @@ -58,9 +58,6 @@ srvos.url = "github:nix-community/srvos"; srvos.inputs.nixpkgs.follows = "nixpkgs"; - vicinae.url = "github:vicinaehq/vicinae"; - vicinae.inputs.nixpkgs.follows = "nixpkgs"; - buildbot-nix.url = "github:nix-community/buildbot-nix"; buildbot-nix.inputs.nixpkgs.follows = "nixpkgs"; diff --git a/home-manager/desktop/vicinae.nix b/home-manager/desktop/vicinae.nix index f59e0cd..ecb446a 100644 --- a/home-manager/desktop/vicinae.nix +++ b/home-manager/desktop/vicinae.nix @@ -1,19 +1,13 @@ { config, - inputs, - pkgs, lib, ... }: { - imports = [ - inputs.vicinae.homeManagerModules.default - ]; - - services.vicinae = { + programs.vicinae = { enable = true; - autoStart = true; - package = pkgs.vicinae; + systemd.enable = true; + systemd.autoStart = true; }; xdg.configFile."vicinae/vicinae.json".source = From 8d328aecf306a58f4fe09ab626e54eff3454a123 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 29 Nov 2025 14:11:50 +0100 Subject: [PATCH 327/376] garage: also listen on wireguard network --- modules/garage.nix | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/modules/garage.nix b/modules/garage.nix index 6143994..3740110 100644 --- a/modules/garage.nix +++ b/modules/garage.nix @@ -25,10 +25,10 @@ in replication_factor = 3; rpc_bind_addr = "[::]:${toString rpc_port}"; - rpc_public_addr = "[${zerotier_ip}]:${toString rpc_port}"; + rpc_public_addr = "[::]:${toString rpc_port}"; s3_api = { - api_bind_addr = "[${zerotier_ip}]:${toString s3_port}"; + api_bind_addr = "[::]:${toString s3_port}"; s3_region = "garage"; root_domain = ".s3.garage.home.rpqt.fr"; }; @@ -39,17 +39,22 @@ in }; admin = { - api_bind_addr = "[${zerotier_ip}]:${toString admin_port}"; + api_bind_addr = "[::]:${toString admin_port}"; # TODO: use metrics_token }; }; }; - networking.firewall.interfaces.${zerotier_interface} = { - allowedTCPPorts = [ - s3_port - rpc_port - admin_port - ]; - }; + networking.firewall.interfaces = + let + allowedTCPPorts = [ + s3_port + rpc_port + admin_port + ]; + in + { + ${zerotier_interface} = { inherit allowedTCPPorts; }; + wireguard = { inherit allowedTCPPorts; }; + }; } From 13b4a15aeee3332837100461ec1d9f5bb97cbe52 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 29 Nov 2025 14:11:50 +0100 Subject: [PATCH 328/376] vicinae: add config --- home/.config/vicinae/vicinae.json | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 home/.config/vicinae/vicinae.json diff --git a/home/.config/vicinae/vicinae.json b/home/.config/vicinae/vicinae.json new file mode 100644 index 0000000..0d92315 --- /dev/null +++ b/home/.config/vicinae/vicinae.json @@ -0,0 +1,23 @@ +{ + "closeOnFocusLoss": false, + "considerPreedit": false, + "faviconService": "twenty", + "font": { + "size": 12 + }, + "keybinding": "default", + "keybinds": { + }, + "popToRootOnClose": true, + "rootSearch": { + "searchFiles": true + }, + "theme": { + "name": "matugen" + }, + "window": { + "csd": true, + "opacity": 1, + "rounding": 10 + } +} From 25189d72f2fdbe4078f578e7417a5b30ca5e8ce5 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 29 Nov 2025 14:11:50 +0100 Subject: [PATCH 329/376] niri: use dms to change display brightness --- home/.config/niri/config.kdl | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/home/.config/niri/config.kdl b/home/.config/niri/config.kdl index b228bc3..b9bd548 100644 --- a/home/.config/niri/config.kdl +++ b/home/.config/niri/config.kdl @@ -152,14 +152,8 @@ binds { XF86AudioMute allow-when-locked=true { spawn "wpctl" "set-mute" "@DEFAULT_AUDIO_SINK@" "toggle"; } XF86AudioMicMute allow-when-locked=true { spawn "wpctl" "set-mute" "@DEFAULT_AUDIO_SOURCE@" "toggle"; } - XF86MonBrightnessDown { spawn "brightnessctl" "set" "5%-"; } - XF86MonBrightnessUp { spawn "brightnessctl" "set" "+5%"; } - // XF86MonBrightnessUp allow-when-locked=true { - // spawn "dms" "ipc" "call" "brightness" "increment" "5" ""; - // } - // XF86MonBrightnessDown allow-when-locked=true { - // spawn "dms" "ipc" "call" "brightness" "decrement" "5" ""; - // } + XF86MonBrightnessUp allow-when-locked=true { spawn "dms" "ipc" "call" "brightness" "increment" "5" ""; } + XF86MonBrightnessDown allow-when-locked=true { spawn "dms" "ipc" "call" "brightness" "decrement" "5" ""; } XF86AudioPlay { spawn "playerctl" "play-pause"; } XF86AudioNext { spawn "playerctl" "next"; } From ae8d0f69e1ec209d252e1b2075591596629f1b0d Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 29 Nov 2025 14:11:50 +0100 Subject: [PATCH 330/376] haze: add typst and anki --- machines/haze/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index a3dd40a..d994ba7 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -55,6 +55,8 @@ pkgs.aseprite pkgs.linux-wifi-hotspot pkgs.anytype + pkgs.typst + pkgs.anki ]; programs.kdeconnect.enable = true; From 5356d3043f93af014d425a97840ddc8a3fba8aeb Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 29 Nov 2025 14:11:50 +0100 Subject: [PATCH 331/376] haze: remove deprecated nameservers --- machines/haze/configuration.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index d994ba7..1493044 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -45,11 +45,6 @@ clan.core.settings.state-version.enable = true; - networking.nameservers = [ - self.nixosConfigurations.genepi.config.clan.core.vars.generators.zerotier.files.zerotier-ip.value - self.nixosConfigurations.crocus.config.clan.core.vars.generators.zerotier.files.zerotier-ip.value - ]; - environment.systemPackages = [ self.inputs.clan-core.packages.x86_64-linux.clan-app pkgs.aseprite From 421e978aa4b28fa53f1c17acef5731f0f93f5fae Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 29 Nov 2025 14:11:50 +0100 Subject: [PATCH 332/376] home-manager: set EDITOR explicitly --- home-manager/helix.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home-manager/helix.nix b/home-manager/helix.nix index 03241f1..61aa5cb 100644 --- a/home-manager/helix.nix +++ b/home-manager/helix.nix @@ -16,6 +16,8 @@ defaultEditor = true; }; + home.sessionVariables.EDITOR = "hx"; + xdg.configFile."helix/config.toml".source = "${config.dotfiles.path}/.config/helix/config.toml"; xdg.configFile."helix/languages.toml".source = "${config.dotfiles.path}/.config/helix/languages.toml"; From e0ffd779f07e19b679ae4ecd47815c4db8996f56 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 29 Nov 2025 14:11:50 +0100 Subject: [PATCH 333/376] niri: use dms generated config files --- home/.config/niri/.gitignore | 1 - home/.config/niri/config.kdl | 58 ++++---------------------------- home/.config/niri/dms/alttab.kdl | 5 +++ home/.config/niri/dms/binds.kdl | 55 ++++++++++++++++++++++++++++++ home/.config/niri/dms/colors.kdl | 36 ++++++++++++++++++++ home/.config/niri/dms/layout.kdl | 17 ++++++++++ home/.config/niri/dms/wpblur.kdl | 4 +++ 7 files changed, 123 insertions(+), 53 deletions(-) delete mode 100644 home/.config/niri/.gitignore create mode 100644 home/.config/niri/dms/alttab.kdl create mode 100644 home/.config/niri/dms/binds.kdl create mode 100644 home/.config/niri/dms/colors.kdl create mode 100644 home/.config/niri/dms/layout.kdl create mode 100644 home/.config/niri/dms/wpblur.kdl diff --git a/home/.config/niri/.gitignore b/home/.config/niri/.gitignore deleted file mode 100644 index 6d4140c..0000000 --- a/home/.config/niri/.gitignore +++ /dev/null @@ -1 +0,0 @@ -dms diff --git a/home/.config/niri/config.kdl b/home/.config/niri/config.kdl index b9bd548..3283fc2 100644 --- a/home/.config/niri/config.kdl +++ b/home/.config/niri/config.kdl @@ -1,3 +1,9 @@ +include "dms/alttab.kdl" +include "dms/binds.kdl" +include "dms/colors.kdl" +include "dms/layout.kdl" +include "dms/wpblur.kdl" + input { keyboard { xkb { @@ -55,39 +61,6 @@ layout { // You can change the default width of the new windows. default-column-width { proportion 0.5; } // If you leave the brackets empty, the windows themselves will decide their initial width. - - // You can change how the focus ring looks. - focus-ring { - off - // How many logical pixels the ring extends out from the windows. - width 3 - - // Color of the ring on the active monitor. - active-color "#101010" - - // Color of the ring on inactive monitors. - inactive-color "#505050" - } - - border { - width 2 - - // Color of the ring on the active monitor. - // active-color "#3d5f77" - active-color "#101010" - - // Color of the ring on inactive monitors. - inactive-color "#101010" - } - - shadow { - // on - softness 10 - spread 5 - offset x=0 y=0 - draw-behind-window true - color "#00000070" - } } prefer-no-csd @@ -121,12 +94,6 @@ window-rule { open-floating true } -// Enable rounded corners for all windows. -window-rule { - geometry-corner-radius 10 - clip-to-geometry true -} - binds { // Keys consist of modifiers separated by + signs, followed by an XKB key name // in the end. To find an XKB name for a particular key, you may use a program @@ -147,14 +114,6 @@ binds { Mod+D { spawn "vicinae" "toggle"; } Super+Alt+L hotkey-overlay-title="Lock session" { spawn "loginctl" "lock-session"; } - XF86AudioRaiseVolume allow-when-locked=true { spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.05+"; } - XF86AudioLowerVolume allow-when-locked=true { spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.05-"; } - XF86AudioMute allow-when-locked=true { spawn "wpctl" "set-mute" "@DEFAULT_AUDIO_SINK@" "toggle"; } - XF86AudioMicMute allow-when-locked=true { spawn "wpctl" "set-mute" "@DEFAULT_AUDIO_SOURCE@" "toggle"; } - - XF86MonBrightnessUp allow-when-locked=true { spawn "dms" "ipc" "call" "brightness" "increment" "5" ""; } - XF86MonBrightnessDown allow-when-locked=true { spawn "dms" "ipc" "call" "brightness" "decrement" "5" ""; } - XF86AudioPlay { spawn "playerctl" "play-pause"; } XF86AudioNext { spawn "playerctl" "next"; } XF86AudioPrev { spawn "playerctl" "previous"; } @@ -348,8 +307,3 @@ environment { hotkey-overlay { skip-at-startup } - -layer-rule { - match namespace="dms:blurwallpaper" - place-within-backdrop true -} diff --git a/home/.config/niri/dms/alttab.kdl b/home/.config/niri/dms/alttab.kdl new file mode 100644 index 0000000..91d8337 --- /dev/null +++ b/home/.config/niri/dms/alttab.kdl @@ -0,0 +1,5 @@ +recent-windows { + highlight { + corner-radius 12 + } +} diff --git a/home/.config/niri/dms/binds.kdl b/home/.config/niri/dms/binds.kdl new file mode 100644 index 0000000..5f116ed --- /dev/null +++ b/home/.config/niri/dms/binds.kdl @@ -0,0 +1,55 @@ +binds { + Mod+Shift+D hotkey-overlay-title="Application Launcher" { + spawn "dms" "ipc" "call" "spotlight" "toggle"; + } + + Mod+V hotkey-overlay-title="Clipboard Manager" { + spawn "dms" "ipc" "call" "clipboard" "toggle"; + } + + Mod+M hotkey-overlay-title="Task Manager" { + spawn "dms" "ipc" "call" "processlist" "toggle"; + } + + Mod+Comma hotkey-overlay-title="Settings" { + spawn "dms" "ipc" "call" "settings" "toggle"; + } + + Mod+N hotkey-overlay-title="Notification Center" { + spawn "dms" "ipc" "call" "notifications" "toggle"; + } + + Mod+Shift+N hotkey-overlay-title="Notepad" { + spawn "dms" "ipc" "call" "notepad" "toggle"; + } + + Mod+Alt+L hotkey-overlay-title="Lock Screen" { + spawn "dms" "ipc" "call" "lock" "lock"; + } + + Ctrl+Alt+Delete hotkey-overlay-title="Task Manager" { + spawn "dms" "ipc" "call" "processlist" "toggle"; + } + + // Audio + XF86AudioRaiseVolume allow-when-locked=true { + spawn "dms" "ipc" "call" "audio" "increment" "3"; + } + XF86AudioLowerVolume allow-when-locked=true { + spawn "dms" "ipc" "call" "audio" "decrement" "3"; + } + XF86AudioMute allow-when-locked=true { + spawn "dms" "ipc" "call" "audio" "mute"; + } + XF86AudioMicMute allow-when-locked=true { + spawn "dms" "ipc" "call" "audio" "micmute"; + } + + // BL + XF86MonBrightnessUp allow-when-locked=true { + spawn "dms" "ipc" "call" "brightness" "increment" "5" ""; + } + XF86MonBrightnessDown allow-when-locked=true { + spawn "dms" "ipc" "call" "brightness" "decrement" "5" ""; + } +} \ No newline at end of file diff --git a/home/.config/niri/dms/colors.kdl b/home/.config/niri/dms/colors.kdl new file mode 100644 index 0000000..2c7487f --- /dev/null +++ b/home/.config/niri/dms/colors.kdl @@ -0,0 +1,36 @@ +layout { + background-color "transparent" + + focus-ring { + active-color "#5c5891" + inactive-color "#787680" + urgent-color "#ba1a1a" + } + + border { + active-color "#5c5891" + inactive-color "#787680" + urgent-color "#ba1a1a" + } + + shadow { + color "#00000070" + } + + tab-indicator { + active-color "#5c5891" + inactive-color "#787680" + urgent-color "#ba1a1a" + } + + insert-hint { + color "#5c589180" + } +} + +recent-windows { + highlight { + active-color "#444078" + urgent-color "#ba1a1a" + } +} diff --git a/home/.config/niri/dms/layout.kdl b/home/.config/niri/dms/layout.kdl new file mode 100644 index 0000000..36c08f3 --- /dev/null +++ b/home/.config/niri/dms/layout.kdl @@ -0,0 +1,17 @@ +layout { + gaps 4 + + border { + width 2 + } + + focus-ring { + width 2 + } +} +window-rule { + geometry-corner-radius 12 + clip-to-geometry true + tiled-state true + draw-border-with-background false +} diff --git a/home/.config/niri/dms/wpblur.kdl b/home/.config/niri/dms/wpblur.kdl new file mode 100644 index 0000000..667042f --- /dev/null +++ b/home/.config/niri/dms/wpblur.kdl @@ -0,0 +1,4 @@ +layer-rule { + match namespace="dms:blurwallpaper" + place-within-backdrop true +} From 3dbb7e4a7e4b009a9529acb89bb21b1897232009 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 29 Nov 2025 14:11:50 +0100 Subject: [PATCH 334/376] update flake inputs --- flake.lock | 160 ++++++++++++++++------------------------------------- 1 file changed, 47 insertions(+), 113 deletions(-) diff --git a/flake.lock b/flake.lock index a99cdaf..68faa8f 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1765229650, - "narHash": "sha256-i+nRqDnqnkytva/3uVjAIMlkv8fh/BOTpYIq5EunBOQ=", + "lastModified": 1765893949, + "narHash": "sha256-5wn3/cMZ6cQ7BHaoTkeDiMxgjZUV/8FPGplCJ/P6Idc=", "owner": "nix-community", "repo": "buildbot-nix", - "rev": "af5a582396fa643e640b77674143cee1ac633f95", + "rev": "39896cb5a1a6ad52d1feb6634913087e11059454", "type": "github" }, "original": { @@ -41,11 +41,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1765550297, - "narHash": "sha256-UGPK8XKXI7Y+EFWKT2/Xel53RNL/z959WwK4o7nV6vE=", + "lastModified": 1766058975, + "narHash": "sha256-HBnRRq9wLq7UfJxMM55wR10lZFK1F0lNyRgUwwOby6s=", "ref": "refs/heads/main", - "rev": "c36b07ffb39ced5c47d4d1a150fd324f6725f20d", - "revCount": 11566, + "rev": "9032d11a0e31641808ef1427150aac0f40e2e0b9", + "revCount": 11671, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -54,28 +54,6 @@ "url": "https://git.clan.lol/clan/clan-core" } }, - "dankMaterialShell": { - "inputs": { - "dgop": "dgop", - "nixpkgs": [ - "nixpkgs" - ], - "quickshell": "quickshell" - }, - "locked": { - "lastModified": 1765560618, - "narHash": "sha256-gZEYrkY/IJHQrackgNwpl0qFnRacBSpmvqa0ljkdieU=", - "owner": "AvengeMedia", - "repo": "DankMaterialShell", - "rev": "e95f7ce367470424e7636b40a0ba7af42ddcd94e", - "type": "github" - }, - "original": { - "owner": "AvengeMedia", - "repo": "DankMaterialShell", - "type": "github" - } - }, "data-mesher": { "inputs": { "flake-parts": [ @@ -92,38 +70,17 @@ ] }, "locked": { - "lastModified": 1765163284, - "narHash": "sha256-tCrc6IyhXrMTTeF5lZHlwbfMBvDUr0OM5Uz+kToJ+ow=", - "rev": "986035f01ba7339c6c9d80f37aec9c5f93dfa47f", + "lastModified": 1765768061, + "narHash": "sha256-RZ/ocDUJ3WPr2KcDc2MB6Fu+ZPqzwsMKQ16XxqrPi+o=", + "rev": "53351f9953ecf9dbe18795b4784abe53b14e6eee", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/986035f01ba7339c6c9d80f37aec9c5f93dfa47f.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/53351f9953ecf9dbe18795b4784abe53b14e6eee.tar.gz" }, "original": { "type": "tarball", "url": "https://git.clan.lol/clan/data-mesher/archive/main.tar.gz" } }, - "dgop": { - "inputs": { - "nixpkgs": [ - "dankMaterialShell", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1762835999, - "narHash": "sha256-UykYGrGFOFTmDpKTLNxj1wvd1gbDG4TkqLNSbV0TYwk=", - "owner": "AvengeMedia", - "repo": "dgop", - "rev": "799301991cd5dcea9b64245f9d500dcc76615653", - "type": "github" - }, - "original": { - "owner": "AvengeMedia", - "repo": "dgop", - "type": "github" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -132,11 +89,11 @@ ] }, "locked": { - "lastModified": 1765326679, - "narHash": "sha256-fTLX9kDwLr9Y0rH/nG+h1XG5UU+jBcy0PFYn5eneRX8=", + "lastModified": 1765794845, + "narHash": "sha256-YD5QWlGnusNbZCqR3pxG8tRxx9yUXayLZfAJRWspq2s=", "owner": "nix-community", "repo": "disko", - "rev": "d64e5cdca35b5fad7c504f615357a7afe6d9c49e", + "rev": "7194cfe5b7a3660726b0fe7296070eaef601cae9", "type": "github" }, "original": { @@ -152,11 +109,11 @@ ] }, "locked": { - "lastModified": 1765326679, - "narHash": "sha256-fTLX9kDwLr9Y0rH/nG+h1XG5UU+jBcy0PFYn5eneRX8=", + "lastModified": 1765794845, + "narHash": "sha256-YD5QWlGnusNbZCqR3pxG8tRxx9yUXayLZfAJRWspq2s=", "owner": "nix-community", "repo": "disko", - "rev": "d64e5cdca35b5fad7c504f615357a7afe6d9c49e", + "rev": "7194cfe5b7a3660726b0fe7296070eaef601cae9", "type": "github" }, "original": { @@ -173,11 +130,11 @@ ] }, "locked": { - "lastModified": 1756770412, - "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "lastModified": 1765835352, + "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "4524271976b625a4a605beefd893f270620fd751", + "rev": "a34fae9c08a15ad73f295041fec82323541400a9", "type": "github" }, "original": { @@ -193,11 +150,11 @@ ] }, "locked": { - "lastModified": 1765495779, - "narHash": "sha256-MhA7wmo/7uogLxiewwRRmIax70g6q1U/YemqTGoFHlM=", + "lastModified": 1765835352, + "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "5635c32d666a59ec9a55cab87e898889869f7b71", + "rev": "a34fae9c08a15ad73f295041fec82323541400a9", "type": "github" }, "original": { @@ -218,11 +175,11 @@ ] }, "locked": { - "lastModified": 1758022363, - "narHash": "sha256-ENUhCRWgSX4ni751HieNuQoq06dJvApV/Nm89kh+/A0=", + "lastModified": 1765774562, + "narHash": "sha256-UQhfCggNGDc7eam+EittlYmeW89CZVT1KkFIHZWBH7k=", "owner": "hercules-ci", "repo": "hercules-ci-effects", - "rev": "1a3667d33e247ad35ca250698d63f49a5453d824", + "rev": "edcbb19948b6caf1700434e369fde6ff9e6a3c93", "type": "github" }, "original": { @@ -238,11 +195,11 @@ ] }, "locked": { - "lastModified": 1765480374, - "narHash": "sha256-HlbvQAqLx7WqZFFQZ8nu5UUJAVlXiV/kqKbyueA8srw=", + "lastModified": 1765980955, + "narHash": "sha256-rB45jv4uwC90vM9UZ70plfvY/2Kdygs+zlQ07dGQFk4=", "owner": "nix-community", "repo": "home-manager", - "rev": "39cb677ed9e908e90478aa9fe5f3383dfc1a63f3", + "rev": "89c9508bbe9b40d36b3dc206c2483ef176f15173", "type": "github" }, "original": { @@ -274,11 +231,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1765099519, - "narHash": "sha256-N8XNexsqr/GBJKW1UG7OtE+YGkYhJNQRjIypgHO21dk=", + "lastModified": 1765981892, + "narHash": "sha256-c7VKaNiBUkwGsTq398EQSM4K7skPacmOz8NeLj67M7s=", "owner": "InioX", "repo": "Matugen", - "rev": "de6381b5288c53763ba7c055661dc08ee8f107fa", + "rev": "e405cd9de87510dd40c1328bcf06e0daf3d1a5bf", "type": "github" }, "original": { @@ -404,11 +361,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1765186076, - "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", + "lastModified": 1765779637, + "narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8", + "rev": "1306659b587dc277866c7b69eb97e5f07864d8c4", "type": "github" }, "original": { @@ -418,33 +375,10 @@ "type": "github" } }, - "quickshell": { - "inputs": { - "nixpkgs": [ - "dankMaterialShell", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1764663772, - "narHash": "sha256-sHqLmm0wAt3PC4vczJeBozI1/f4rv9yp3IjkClHDXDs=", - "ref": "refs/heads/master", - "rev": "26531fc46ef17e9365b03770edd3fb9206fcb460", - "revCount": 713, - "type": "git", - "url": "https://git.outfoxxed.me/quickshell/quickshell" - }, - "original": { - "rev": "26531fc46ef17e9365b03770edd3fb9206fcb460", - "type": "git", - "url": "https://git.outfoxxed.me/quickshell/quickshell" - } - }, "root": { "inputs": { "buildbot-nix": "buildbot-nix", "clan-core": "clan-core", - "dankMaterialShell": "dankMaterialShell", "disko": "disko_2", "flake-parts": "flake-parts_2", "home-manager": "home-manager", @@ -464,11 +398,11 @@ ] }, "locked": { - "lastModified": 1765231718, - "narHash": "sha256-qdBzo6puTgG4G2RHG0PkADg22ZnQo1JmSVFRxrD4QM4=", + "lastModified": 1765836173, + "narHash": "sha256-hWRYfdH2ONI7HXbqZqW8Q1y9IRbnXWvtvt/ONZovSNY=", "owner": "Mic92", "repo": "sops-nix", - "rev": "7fd1416aba1865eddcdec5bb11339b7222c2363e", + "rev": "443a7f2e7e118c4fc63b7fae05ab3080dd0e5c63", "type": "github" }, "original": { @@ -484,11 +418,11 @@ ] }, "locked": { - "lastModified": 1765415765, - "narHash": "sha256-DNEUksb+s7DbwahAlIZ4v/BUFUacOqGklCbjgAHZb4k=", + "lastModified": 1766020451, + "narHash": "sha256-Jy7rX7sMbSJEX0KKwvNcGUfRVZ0SDWo3Zk2e5LGyqw0=", "owner": "nix-community", "repo": "srvos", - "rev": "a9e46dc439591c67337a0caf0beebb5a73ed9a86", + "rev": "5ecd4a56da963480db305e56ab3a42d13597c0a7", "type": "github" }, "original": { @@ -535,11 +469,11 @@ ] }, "locked": { - "lastModified": 1758728421, - "narHash": "sha256-ySNJ008muQAds2JemiyrWYbwbG+V7S5wg3ZVKGHSFu8=", + "lastModified": 1762938485, + "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "5eda4ee8121f97b218f7cc73f5172098d458f1d1", + "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4", "type": "github" }, "original": { @@ -556,11 +490,11 @@ ] }, "locked": { - "lastModified": 1762938485, - "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=", + "lastModified": 1766000401, + "narHash": "sha256-+cqN4PJz9y0JQXfAK5J1drd0U05D5fcAGhzhfVrDlsI=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4", + "rev": "42d96e75aa56a3f70cab7e7dc4a32868db28e8fd", "type": "github" }, "original": { From 2eb70b7108d838c34541874aedf48ff17d571c2c Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 29 Nov 2025 14:11:50 +0100 Subject: [PATCH 335/376] dms: use nixpkgs version --- flake.nix | 3 --- home-manager/desktop/dank.nix | 8 -------- home/.config/niri/config.kdl | 1 - machines/haze/home.nix | 1 - machines/haze/niri.nix | 2 ++ 5 files changed, 2 insertions(+), 13 deletions(-) delete mode 100644 home-manager/desktop/dank.nix diff --git a/flake.nix b/flake.nix index ef5ce16..79ffcc8 100644 --- a/flake.nix +++ b/flake.nix @@ -60,8 +60,5 @@ buildbot-nix.url = "github:nix-community/buildbot-nix"; buildbot-nix.inputs.nixpkgs.follows = "nixpkgs"; - - dankMaterialShell.url = "github:AvengeMedia/DankMaterialShell"; - dankMaterialShell.inputs.nixpkgs.follows = "nixpkgs"; }; } diff --git a/home-manager/desktop/dank.nix b/home-manager/desktop/dank.nix deleted file mode 100644 index ab7781c..0000000 --- a/home-manager/desktop/dank.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ inputs, ... }: -{ - imports = [ - inputs.dankMaterialShell.homeModules.dankMaterialShell.default - ]; - - programs.dankMaterialShell.enable = true; -} diff --git a/home/.config/niri/config.kdl b/home/.config/niri/config.kdl index 3283fc2..8d0e97d 100644 --- a/home/.config/niri/config.kdl +++ b/home/.config/niri/config.kdl @@ -295,7 +295,6 @@ binds { screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" -spawn-at-startup "dms" "run" spawn-at-startup "kdeconnect-indicator" spawn-at-startup "~/rep/flocon/home/bin/monitor-dark-mode.sh" diff --git a/machines/haze/home.nix b/machines/haze/home.nix index fb775d1..79bea2e 100644 --- a/machines/haze/home.nix +++ b/machines/haze/home.nix @@ -9,7 +9,6 @@ ../../home-manager/minecraft.nix ../../home-manager/desktop ../../home-manager/desktop/gnome.nix - ../../home-manager/desktop/dank.nix ../../home-manager/desktop/niri.nix ../../home-manager/desktop/vicinae.nix ]; diff --git a/machines/haze/niri.nix b/machines/haze/niri.nix index 896243c..e47300d 100644 --- a/machines/haze/niri.nix +++ b/machines/haze/niri.nix @@ -11,4 +11,6 @@ services.gnome.gnome-keyring.enable = true; environment.sessionVariables.NIXOS_OZONE_WL = "1"; + + programs.dms-shell.enable = true; } From 9c266bf1df03b9c494d1c8dec30116603ba8a780 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 29 Nov 2025 14:11:50 +0100 Subject: [PATCH 336/376] remove taskwarrior --- home-manager/cli.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home-manager/cli.nix b/home-manager/cli.nix index db3b37c..e4d8622 100644 --- a/home-manager/cli.nix +++ b/home-manager/cli.nix @@ -24,7 +24,6 @@ nh ripgrep skim - taskwarrior3 tealdeer vivid yazi From 7d34c5c7c006534b8977bf76249314a6b70e055f Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Sat, 29 Nov 2025 14:11:50 +0100 Subject: [PATCH 337/376] add delta diff for nixpkgs-review --- home-manager/dev.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home-manager/dev.nix b/home-manager/dev.nix index 70c85a3..f0fb31e 100644 --- a/home-manager/dev.nix +++ b/home-manager/dev.nix @@ -12,6 +12,7 @@ ]; home.packages = with pkgs; [ + delta direnv gh hut From 3206d3f476bdc0ba2c48f2e2b4ab168f6870ce3c Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 31 Dec 2025 00:21:10 +0100 Subject: [PATCH 338/376] Add key(s) for user rpqt to secrets --- sops/secrets/crocus-age.key/secret | 6 ++++- sops/secrets/genepi-age.key/secret | 6 ++++- sops/secrets/haze-age.key/secret | 6 ++++- sops/secrets/verbena-age.key/secret | 6 ++++- sops/users/rpqt/key.json | 4 +++ .../borgbackup/borgbackup.repokey/secret | 10 ++++--- .../crocus/borgbackup/borgbackup.ssh/secret | 10 ++++--- .../per-machine/crocus/gandi/gandi-env/secret | 10 ++++--- .../crocus/garage/admin_token/secret | 10 ++++--- .../crocus/garage/metrics_token/secret | 11 +++++--- .../gitea-s3-storage/access-key-id/secret | 10 ++++--- .../gitea-s3-storage/access-key-secret/secret | 10 ++++--- .../crocus/gitea-s3-storage/gitea-env/secret | 10 ++++--- .../access-key-secret/secret | 10 ++++--- .../crocus/nextcloud/admin-password/secret | 10 ++++--- .../crocus/openssh/ssh.id_ed25519/secret | 10 ++++--- .../crocus/radicle/id_ed25519/secret | 10 ++++--- .../crocus/root-password/password-hash/secret | 10 ++++--- .../crocus/root-password/password/secret | 6 ++++- .../user-password/user-password-hash/secret | 10 ++++--- .../crocus/user-password/user-password/secret | 6 ++++- .../privatekey/secret | 11 +++++--- .../zerotier/zerotier-identity-secret/secret | 10 ++++--- .../borgbackup/borgbackup.repokey/secret | 10 ++++--- .../genepi/borgbackup/borgbackup.ssh/secret | 10 ++++--- .../genepi/freshrss/freshrss-password/secret | 10 ++++--- .../per-machine/genepi/gandi/gandi-env/secret | 11 +++++--- .../genepi/gandi/gandi-token/secret | 10 ++++--- .../genepi/garage/admin_token/secret | 10 ++++--- .../genepi/garage/metrics_token/secret | 11 +++++--- .../genepi/openssh/ssh.id_ed25519/secret | 10 ++++--- vars/per-machine/genepi/pinchflat/env/secret | 10 ++++--- .../genepi/root-password/password-hash/secret | 10 ++++--- .../genepi/root-password/password/secret | 6 ++++- .../genepi/syncthing-gui/password/secret | 11 +++++--- vars/per-machine/genepi/syncthing/api/secret | 10 ++++--- vars/per-machine/genepi/syncthing/cert/secret | 10 ++++--- vars/per-machine/genepi/syncthing/key/secret | 10 ++++--- .../user-password/user-password-hash/secret | 10 ++++--- .../genepi/user-password/user-password/secret | 6 ++++- .../privatekey/secret | 11 +++++--- .../zerotier/zerotier-identity-secret/secret | 10 ++++--- vars/per-machine/haze/atuin/key/secret | 9 +++++-- .../haze/garage/admin_token/secret | 8 ++++-- .../haze/garage/metrics_token/secret | 8 ++++-- .../haze/openssh/ssh.id_ed25519/secret | 8 ++++-- .../haze/root-password/password-hash/secret | 8 ++++-- .../haze/root-password/password/secret | 6 ++++- vars/per-machine/haze/syncthing/api/secret | 8 ++++-- vars/per-machine/haze/syncthing/cert/secret | 8 ++++-- vars/per-machine/haze/syncthing/key/secret | 8 ++++-- .../user-password-hash/secret | 8 ++++-- .../user-password-rpqt/user-password/secret | 6 ++++- .../user-password/user-password-hash/secret | 8 ++++-- .../haze/user-password/user-password/secret | 6 ++++- .../privatekey/secret | 9 +++++-- .../zerotier/zerotier-identity-secret/secret | 8 ++++-- .../borgbackup/borgbackup.repokey/secret | 8 ++++-- .../verbena/borgbackup/borgbackup.ssh/secret | 8 ++++-- .../buildbot-worker/worker-password/secret | 8 ++++-- .../verbena/buildbot/api-token/secret | 8 ++++-- .../verbena/buildbot/oauth-secret/secret | 8 ++++-- .../verbena/buildbot/webhook-secret/secret | 8 ++++-- .../verbena/buildbot/worker-password/secret | 8 ++++-- .../verbena/buildbot/workers-file/secret | 8 ++++-- .../verbena/gandi/gandi-env/secret | 9 +++++-- .../verbena/garage/admin_token/secret | 8 ++++-- .../verbena/garage/metrics_token/secret | 8 ++++-- .../gitea-s3-storage/access-key-id/secret | 9 +++++-- .../gitea-s3-storage/access-key-secret/secret | 9 +++++-- .../access-key-secret/secret | 9 +++++-- .../verbena/nextcloud/admin-password/secret | 9 +++++-- .../verbena/openssh/ssh.id_ed25519/secret | 8 ++++-- .../root-password/password-hash/secret | 8 ++++-- .../verbena/root-password/password/secret | 6 ++++- .../intermediate.key/secret | 9 +++++-- .../privatekey/secret | 9 +++++-- .../zerotier/zerotier-identity-secret/secret | 8 ++++-- vars/shared/garage-shared/rpc_secret/secret | 26 +++++++++++-------- vars/shared/openssh-ca/id_ed25519/secret | 18 ++++++++----- vars/shared/step-ca/ca.key/secret | 7 ++++- 81 files changed, 534 insertions(+), 194 deletions(-) diff --git a/sops/secrets/crocus-age.key/secret b/sops/secrets/crocus-age.key/secret index ef04195..f985bdb 100644 --- a/sops/secrets/crocus-age.key/secret +++ b/sops/secrets/crocus-age.key/secret @@ -2,9 +2,13 @@ "data": "ENC[AES256_GCM,data:EGb773Q1F0hvpduV6UcOAhSy8ypN/r2ixBkazycuqY6AJmq9wGIMF40z6uWuUuy+19C4dN6pdwnJLGw4S/3qxrFGKHMFtVbKK0E=,iv:6ByZiSBUUtONGzgO8tbKzdeNlBMI0OnPLMigSeIO634=,tag:G1M64/oWQmxZydhMI9Mo/A==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBaDJYWGc1\ncEZBRFh6QTRsWUE2VkE0N21lUVhETVllMWVhVE9yc0U4eWR5eAo4QkZsKzJkblJx\nSjZkRGxZcThmbkpUNW91bWRHdHplQmNXQ2lkTFNRY3NrCi0tLSA5NUNQY3IyOHRL\nc0FMbWRPQnhjejNEWkIvNEpuZzk1NEZzc1NISjF2K1RrCsTwB0aDb2e397kyWKX8\nJSKiGOy2P64eE68wufrSg/WJgkjvcklrzjmSnn8cIsme1hSOE5Bx8NxDAaX3Swfi\n4NQ=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiTU5xN05kWlJuRFViT1lC\nSmxqSlNWTGVtTXhTS2o0Tm4xS05JUUkwK0dBClI5UVhna3Z3Q0NVODZVVW9aN2lG\nb05MbEw1SnVCcWpWNnVBNlRYMVZEQzQKLS0tIExvUFNhVUFxQkl3a1JrQjdOdlBq\nRzM1NDVzY0YvNEp6WWtnYTJYTXBWWGsKJlGXl/TadohSrjH9FEKvr8JMN13GDUl7\nN7OmOuy/2MxXXr2ChTJnmt+1is9Bj/52/oRH3m+yE6lAOb6eDMBgWA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZak9XUkRQMXdyU09tUEpH\nZHpVdnY3VDJFeUlRZlF2WkJzRGlTdXJyZ2dVCkNnUklBR3NFMDhBRCtEUk03dXFI\nU3ZhWEl2cnpGRS9YNGNicG5PdFBkZ3MKLS0tIGtBQldReC9rRkVMLzFOZnRkSE16\nSGZySjhRUHRUdDZyUkFaL3hrSktBQkkKsawv3QsgzG7jkh0km/v1wwKOsj9T7u8D\nFOSmrZ3Vadn2RdO67UqUI22IFrHPmbzb4vXbnqkNza51LwIIzS4IKQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-09T22:28:02Z", diff --git a/sops/secrets/genepi-age.key/secret b/sops/secrets/genepi-age.key/secret index 49e3964..96d5379 100644 --- a/sops/secrets/genepi-age.key/secret +++ b/sops/secrets/genepi-age.key/secret @@ -2,9 +2,13 @@ "data": "ENC[AES256_GCM,data:/fLnn5tEMlasoykvgvfjXJSMVFO1b7LMEDXEzw8mV2m6J8eyW0QMLIwfZFoe52ZOe7JC3RCRpEY7ei9UhZVJzLmewbVT5ziN55c=,iv:XW3LIFunMbEv1eQbLfBx7AgS6y8Pdp0/OF0juhq+boU=,tag:RVMEaWp8ilc6rTDW7N73vQ==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBdlpMWHpm\nK1BIZTlUMWt3VnlZQjk3V0duY292VTFzdDh3SW95cEVZZkxDSQpJbVpqWTh4bGt3\ndkRQVTNTOHZNNUtBWWZFUExKSWdzYjUwVUtQQmpIRmp3Ci0tLSBIL25HbVZqUnAr\nTVl1N1YxUmMxR21KLzh2WnUzRnl6NUhkSDQzWkNHS3Z3CtPP1krW6lhiDLGK+Bzh\nXMddwvKjhaLZNAv/mOVOEj8vIgSxZYeoXFTcQXi4Ung9DLKirksEonC8+dR0ibLW\nxFA=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiMnJNZ1EyeHVYa0pTdUNa\nOFlVRUo4SjY0WXlDUGVLK0V5VEdpMEQyT0ZrCldhOUpWL2x1Sjhrd3NMRUNMVy9B\nTkhFWXVaMWttQm9YWlhmdDl2MzlpODQKLS0tIE1GM0hCQjBwMGI4cVRXWUtVQUtC\nY3ZvZ256YytFbksvRE9GdHA0c0Ewb2cK9D6HssuN4aXDgg7zHdCIdlcOE9wseEkf\nswmuk6YcMbwORDIwVi8deM5MRerxGhSUo64vQup4O6ivBJdPh+jvyg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeXpobUVsQklubkxGcmo4\nOVFZZzcxRkhlbEFOV3lKTC9JMzY1bGxlRlNRClJ3bmNlMWREQmREZ1l6RXl5MURh\nM1FCeWozQzlTbGZTT3NVaHRPYko3VmcKLS0tIEFFeWFHMWh1Y2t3c0FweWZkQTRj\nS1RtU1lFSnhBelFEaVY2V01TSXdoRkUKr9BqCnMRt0Dk3AnAQGr7RyhCTQurnVm6\nCG3u9Gozd/q3jPdQtor5negpb6ZfFY3Snnb/2+4jMS3GkYk9UEC3pg==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-15T13:43:50Z", diff --git a/sops/secrets/haze-age.key/secret b/sops/secrets/haze-age.key/secret index 30fa55e..c0a6866 100644 --- a/sops/secrets/haze-age.key/secret +++ b/sops/secrets/haze-age.key/secret @@ -2,9 +2,13 @@ "data": "ENC[AES256_GCM,data:g7js1FA6umKogdeqrE6VeJeqkIza7gPGX89aB7j4l33nPSGkZ6h8qR2j1fGqggwgolRVbEfszgIJYXrZ2dzzy8HGKQ2kQmQbgaw=,iv:LHGGVVFSRkuMxvCDM4VxxMF2MaNinRJGpIqO5w5mMzA=,tag:YjHpGPPWGhDz6g8+Rm1x0w==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBdDkyWjZC\nR2hXc0N5bFg4NGdNVjZKM3FmR1F0VnVWMVU1TFJRSStOQkpRVApNMDJRMDNQT2JN\nSkJURWpmM1pkUXdERlhWdmJFUktjL0tEY3V5U3FXNEdRCi0tLSBDZXV6T3FqUEtu\nYTFkNWpqaGFzQzZMdUJVWU1hRm9GRnZaRXZyVUJuZ29zCs66ikoy8a9NXwrQ78xt\n+muQmtpYSM6Xztpv8lUueeeMpe0cFuhU4HJeEWoz8LM8KL/zYLIF8YZuQcBWZnNN\nPhU=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxbTZ3K20xWDNIWEd4TkVZ\nN1I5Ry9CWGgzYWt5Q21kWHQvM3VWK0NkalFFCnM3Um5WZVJJSldPK294ZUYvbG52\nNmk0SlRhQWNkWmNWbzB4cGtmdVNjWGsKLS0tIDI3N3V6dStMRVlobzhMbkttb0Zs\nVW56V1loaDAvNCtuT3FXeWVwNHVzb0UKr59CCWRzWWzxkjLci26NJ5SFHazdzqub\nXdD6uXvUVBDradDHzgg+jy1OXQfstHjQMapSd9rRspAotbmQjdqDeQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTVmZYQnlILzJEQk9QQlJv\nRmtRMHBGei83L2xZajlKZHNsWXB5KytoSzFzCnppRTY5TFVONmZkVWVtVDd2QW0r\nTUROMTRVUGNYV0diTThnU3dXRjVCZFkKLS0tIFlUaVY3WUF1cFdPSDNWM1RKb2JD\nL1pvaW5PbmQ4RjBtc3E5WUFBbE84RXcK/PO68a4h5f3I+LNkqPsP+tExUsXqu5Tj\neKrE9WkoIlaX//5qIZPgtJjtL+hrMidmtNemPNsvNEIdxM+cHpDmjw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-10T13:19:30Z", diff --git a/sops/secrets/verbena-age.key/secret b/sops/secrets/verbena-age.key/secret index 99dfd6b..3167d88 100644 --- a/sops/secrets/verbena-age.key/secret +++ b/sops/secrets/verbena-age.key/secret @@ -2,9 +2,13 @@ "data": "ENC[AES256_GCM,data:wxFfM1b8w0EB/o1awHD9FMaHCSTp2NSyTfBCqJ5DjjQxDiBO4VkKVIK1Re28M1pKR4e/vThlvBpdEVnZksO6853RNbtBq8a5QSE=,iv:ZiJUjZ9TsIjse3sdxK40sYBbcBPwNkD7Pdq+O5DTcUQ=,tag:6GuL5cUgLKf3UEhioxk0AQ==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBeENLNXJR\nQ0ZuMWt5enJwa1pBRjIxRW9DbnExL2EvTXE2TjZGVWlNdFRaUgpFR3NhTWd2VHps\ndlJrQW85VTRwbWNpazI0L3VmZTh2Z2VveW9aanR2am1vCi0tLSBXTnVhTHRXSkFo\nMEloMjREZHNnRWhHMXZqYUMxdkNUblJuV3Q4TWhXY3NVCrtNWoNQ/zXaRodUrORq\nHdky8hUgavh89DcIZ9QeBIaNCuaLybrY4AGZaCWoS/y256BUx0m6oFojnWU45kk8\nkbU=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0Njl4T1NKaDV4VEgzK1pK\nRjZLekt2ZXVvWDFLdVVEbjBVaUJKdEs2TmlBClBwT2Q0dGpIcjR2WXQwVDJnTk5G\nTEtyVlpQTXpJdFZjeWREbWRNTzl3Z2MKLS0tIDlEWGRYbHNITFNYZWVENllTVEZl\ncTdWWlhRa2FVRDNFK0VwNnJldzhaVG8Koh116z18HdLSEWA/pevynZUh6eVR1p6V\ntif9NMKzwJzRm/5RKBBqaN+72zOHXSJBY4Te2TIqFkAaAfVjHmBujA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpK2t1TVU4dTNtRFY4V1c3\naW01L1dtUE9NVmg4Y0w2Ni9GU3Jaa3lIVGlvCkdDR1BjZkxXNk9kdFpPNWNxdVAv\nc0t3ckRtM3A0L3VYazd2NnduamdlSFEKLS0tIEthOHNqc2VIRmtIUTVnZlJsa2Vr\nRkZlNElObW9hN1drTVlVdXdzRThqbXMK9hwGAHPGnSoy+C43ZzTyc+9eNF16zNWz\nE7bLm7YxxTyAL6/A5VN0WlN6pPzPHza2YgoBX1yuZxSghG8vN1VHPQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-11T22:26:58Z", diff --git a/sops/users/rpqt/key.json b/sops/users/rpqt/key.json index a86c346..82264d3 100755 --- a/sops/users/rpqt/key.json +++ b/sops/users/rpqt/key.json @@ -2,5 +2,9 @@ { "publickey": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", "type": "age" + }, + { + "publickey": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "type": "age" } ] \ No newline at end of file diff --git a/vars/per-machine/crocus/borgbackup/borgbackup.repokey/secret b/vars/per-machine/crocus/borgbackup/borgbackup.repokey/secret index a358373..30c867b 100644 --- a/vars/per-machine/crocus/borgbackup/borgbackup.repokey/secret +++ b/vars/per-machine/crocus/borgbackup/borgbackup.repokey/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5eCtVYmtlaWlmUEZKRkZP\nazB5N2NGc3JVcEs3NHRpZng3UnhjaGJwUUhnCmJKV3Y1Sm1oUndnWGZTMmxya0d1\nMG5yR0hwNkdoQWU3bE9kMUdxL0crNDAKLS0tIGI1NWhoLzZmNzY0L2xsNThNNzdw\nUmgyeGo2ejd4VU5XeFRJb0JhMy9UencKhDHBhlcAPOMdyUWzD2uMDHFoC7CW2T2D\n09vSaeL75t9uNsCbryM7SWal0HquEyAs8Pdn4YPMydpD2mQOVEAgfg==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBcjRJQlY5\nQXZnNlZDQkIrMExYY0hNbFFJWHZ1ZmdkQkZ4ZVVIUWNGY0cvcwoyYjFrQlh5RVlK\nT1d0N0xCYmtiL2owV0pESS9Ec0dxNk5FSE9yRVhXN09FCi0tLSB0SHF6VERRdmRP\nRHVHbFRWQ2UxV1BneEpvaUlaM1dwR2NtZ1BPTnUvK1RvClrQc/XOBZ+FtVCVM6RK\nLXl7bCkZay0tS+QmaSEUC5wsEyY9UVnFISDAGFzT1h7C85gO97y7G9S4V/cjAy3g\nDyI=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtdmJUampVUEh1cytMUVFn\nVGRMSFZZcXZ0ekRzY0VVa1ZGSFV2c2pjOUdZCmNLUmdRbFhqRUk1REVhT2VWcjRZ\nKzBjQ3phSGhKNjVrd0U1eVlDSWVvVVUKLS0tIG93U1pmRmlZK0xOV0JzTk5FZndy\nZ3JKaVJNamxqYUpMQnF0eitsVFMxdk0KxGfukNQggo93Jc14Z2WAjfZ12e0SyRtD\n+hembYN7huaWCSyQdzS55U2r9C2bW+5qap6HhZOPAJ+1L+mD76wz/w==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwQm1BcUx0WE1WR0hxUHli\nRTBPYjEvVDliaDlmQ3Fwa1htM1ZJa2NCbEZVClphRFd0S25HcUdjNThVLzdVeE5T\nUlY4dHRYSVBYWGllNmFNUGZHMjE0dXMKLS0tIFEyYUc0WXluWS9KOEVhZkVoY2xU\nL0Z5ZjQ3a1MrTkt3bnpyemU5VFNKMFUKRXpcugqSUrbPVH70VTHaBIydawFWfB3W\nlmCjgYwvmwqwJdXYRc10gGQZYuvpqkdlS9ZPuc7+WVdXw5w9KybBOA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGWGF6YkpqMWFOOEhZOEtG\nUE16OFNyN0hGcmgwYVppK3lWbGpvM1J2NWc4CmxqMXFxQkFVOW1zWGd2K05GR1hn\nTU0yTm5CcnVTaXVvWnA3UlJ2VXpKQ0UKLS0tIEhjT0ltbEI5VUVzclQrVXozRWpZ\nN083clA3VjQrQ0d6NmtsV1FiZ0JORDAKHS+VmVFCPr+ze2b5HKBF5xUIBF9P3t+e\ntKftbTBWx0b80vURVbgDkEIQ3fgho8/1E20ZpSuoB327V4ARC1Clhw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-13T21:59:48Z", diff --git a/vars/per-machine/crocus/borgbackup/borgbackup.ssh/secret b/vars/per-machine/crocus/borgbackup/borgbackup.ssh/secret index 90b09c8..94a6e8f 100644 --- a/vars/per-machine/crocus/borgbackup/borgbackup.ssh/secret +++ b/vars/per-machine/crocus/borgbackup/borgbackup.ssh/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1bkVVclhvVGExYmxOODdt\nZS9KRlhLcm1jZGZKT21VYWJ0bkp6WkU1WVdvCkU3UHhpdUpTMVJYWThsMElMN3NR\ncEp3RUhsTmNWVEVPeFVReUIxL3Q0dVkKLS0tIFk5VWR2U2ZwSzhUQ1lldWkxUTVW\nbURvVGswZXdNK2ViS1ZTNUt0M3B4N0UKxHYLja4nPCU7ms2Omo7JcCSU8/JR69pm\n0YMfpObSpDExrm/+ln58Pw6nVd1uA/mjWN1riLeKnetVxIpTAV369Q==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBZ05tZldw\nY0QrMndpRUpwSlkzeHBFLzlmUzVkaWo3UTc0d09xVlJRbHR1MApvakdrSEdsdnFW\nYWEyYlJrZFpPa1JNa1lEb21jVVNvQkQwaDFUQlFTUkdrCi0tLSBZMDh4dFJzK0pV\nckhZOVp6ajR0ZlNjYjk0c295c1NEZU9YRGpVMHVKOGtFCjN6S+Vh7KrBxZu8Ty3K\nEf7Bx9LJvFBGj3Gm0J3rA7XXqTLuP0URfLq7eSSRoC7MAKjITEcRJdmkCYHn9nr0\nUY8=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4SjZPNE9GRC9ud0NZT2RH\ndHR0eU4xUld3YUFIRlBYN1h5Qjg5ZU82U0JzCkZVZTA5M1pnOTBxcmVoNWh3ZGJQ\nbVpsMXowOHE4eENlV0pKdG1YbUNPejQKLS0tIHhIa3dWMkpIMm1OZ3VlM1JaQ2gx\nbXk5OHMwakQzRDFUcWdLRmVXeHFnOEUKOpS+uXVevJ96bPhnKVYiM2Rl5PNvgmNz\nyxuYC+6cX+oPTnz6fSVYKmP9LWKAypHWQCzu5uKBriaAwU3EctRIHw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0RzA0U3lua1dub2FhQmov\nYVVLSEVMc0JIbk5qbXkwODhpZExTWUZ0T3pVCnFmUkY0V0hpaXoyV2hJZmVXUXM2\nUStDWlZucENDSVFpbDVSWEtPclFZb28KLS0tIHRaQWNSTnZOd3NkMzFGT2E3Y2pk\nbjFMQ1hpOHB0dDh4VDhuVFBJbWxGNncKTW2tsIsSqRyCEUrAaDmFsTfb7OJvN2Xj\nmmWOFsJcbN4KOwHeEDgfLLTqH27fSjNzzySWbK1Ly8DTJZugU1DUPQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRMVhZTm5MOUJYTGp5elVM\nTnFWY1VKOUVsdnJNVlhQSWpHRnUzYzFZd3p3ClZGaXhjTmxXK1E5NjBwY1lseUha\nVHkvQ3IvZ3VUVzJhYUxWMndsd3EwNkEKLS0tICs5UGFPU3FHM01nVUNxazdEUWEx\nUk0yZ1RxRC85MG91OUJjdDlIVzJsbmMKFRB3gcwic9AgiDW87nPweI+qZf+iJsvb\nxaZrfOHYM0HF94A7pyZQpB9ipY3cteG8h/CxUOVb61qkFiQbE34h4Q==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-13T21:59:48Z", diff --git a/vars/per-machine/crocus/gandi/gandi-env/secret b/vars/per-machine/crocus/gandi/gandi-env/secret index 4ab64f7..277f817 100644 --- a/vars/per-machine/crocus/gandi/gandi-env/secret +++ b/vars/per-machine/crocus/gandi/gandi-env/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtMHIyNGJuQ2pDcGN2RW1k\nK1hvUlQvd3R3RGxLclpYN1puTkV3YXVLOTE4Ckx2N0FscGRPYXBsanlNempIQ1Qw\nMlBoOVg0bUFGNktITjhYWE9qWDE2UmMKLS0tIGpDRzVOVEF0QXhyangrVkN5dzZP\nc0g3RFMxaEUxb0lVc3ZRN3dac21Dc0EKmwoWl+Fb0AFzkh36gU9YIy74Vzb7ooLz\nbCOkLXCGpV/3gvlEer6mWaFR1UYGGcAGIr9Tg3K28uFpJo2WcbTzng==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBMWZQTFZF\nRXg0N3lxbkR2TUI5dWZieWcxTlpkY3hhMXVvRnkxWncvc3ZqVAoyb2hqYlNMc0hv\nWUJHeVUwMlM5SmlhUW5kQUxLNGFvMXJmSHN5QktrQnZjCi0tLSAxb1dmV2tHTmFE\nblNlbE0yaEsxSDRDSEl5alBDOUlCdlhRSmQ3bk5mWnp3CgrLMdzHKHcOs0Mz6Lq4\nmUxguuAsm5kYAwk9oXoUcxOKLWpLYNYiIKOCEIZKrxE0DO7h7yUsT8PSgwJ2mUIJ\nDa8=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmc3YxV3c3elZpK3I5OXVu\nbDNyNCtLVlRFK1pPN21UVngxTE5xVWlNRmpRCks5ZzZOemVSTEZSMlJ6UE5yVXQx\nUm5jYUNid1NtdUZBSUkraEhrbUFCeVUKLS0tIFc5RVhCTlpVd21vRjFCSTNWdDNG\nSEJ5b1ROUDV1Z0FzbmhyYkY5NGVsb2cKmnbLoK915F1SVHXdBHCx/8cBy6SiGznZ\nKHNr4HcdKLSF9EPI/0fJIzGoCTTCRTG4ocvDRBDQiB57kQqhu5y2Sg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFZStjZjFjRE01R0RiM2sz\nNmI3YS8yODdIVEtsckpsS0JneHZLVTZEUUhzCkpWaXlCNG5WUStPL0g0WWtjcW1t\na05wOUY0dlJ5dkh4RllnMVdILzRUeTQKLS0tIEtJbmhxN2JML1hhM20yRDh6MENV\nd2xJKzJCL2FoZVlzWUx1enR3aEhUcjQKpa9biUFTLFQ1RjLozwjOnJwDLjBIQYKz\nwssgPhRXhlotlhvcMyj/FJPZ/NHu0ws/48oEa0Farq3jKlrOOGvScA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2VE9CSE9uUzYySkVyVnFZ\nSHJMOGFSUTArTHhLR0tyZ0szZ2QrcUhKdFRJCnhHeVZyaFJkUCs4MjU5SFBHako3\nWjlKak5oaFVpRHltNU5rcGhyMGMvTFUKLS0tIGxUTmh5NllBY2NiMklhNTBPeCsr\nbmZLMzh5Y0IrUXFjTFhPZlRrdUxHWG8KLvXg2AvLHJ/AvUcrtZdE7xm5ahRXvRBK\ndvA7MKnmYUoR5IEcQkmUbx3sxxIJv9RtjBcpk9T3jy9nv1mf7gPxMw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-11T20:41:34Z", diff --git a/vars/per-machine/crocus/garage/admin_token/secret b/vars/per-machine/crocus/garage/admin_token/secret index 31e6aa4..302bdce 100644 --- a/vars/per-machine/crocus/garage/admin_token/secret +++ b/vars/per-machine/crocus/garage/admin_token/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsKzFrRTU0c0xIeG9yblRi\nUk9TbVRZMUxUNjdTdnViNEpDRGN3Z2E5czJrCkd2akJST3ZZbUNwcTdZeFZzVDJG\nTDE5WGlSdEQ0RUtkNEx2Wng5YkVrYWcKLS0tIEdPTkRrV3QyYzFraWhzRjI1c0N4\nY0xjc1N4eEo1YnNEK3ZoeENzOHFOZ00Kg19YjeYzSVuxrlOueX39SCzo9CX7063n\nBAVzFlgimDEKR3qfoDpdr7XssbWF942sYbIDBqDdqS/0nqL4vFkFxg==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBZ3pOSlda\nWi9KeVJZM0dOSnZoWlF0OVoyTDNkbnYvTEoyaVlpZXBrTS90VApHbUxxR1JmOGNG\nQWNIUU1ZNk52cTU3V3UzZERiQmZqSmRKbm8vWWhieTF3Ci0tLSA5NTZQMnlOakov\nWTFNWkhXV1UwUDZKQ0xidFhXS2JJM1dUZFk0NytMc2NrCutbDiPQw09FJsD+dJub\nzTYzyyCEeTGtOd+fzRJ0CdqiFwHxZMhhn/r42ve1dVYV8MZKuL1pEIhSJnTP0xFi\nlrg=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2NUdvaVRvYmpUYlc1MHR4\nTkpIdndTMW1XSGRxcXVjY2o3VnI3VDVkOUZNCmFaZm5vbTF1aXptMDRiZERZV3FS\nZG8yaWdEZmpobFUwU2FaeFdFTFcwN3MKLS0tIFZDUGRMa0ppanFtTnVvMHBacVJs\nNHpVUHRKL3MzMVJqQjBPeHdBanIyN0EK3KmePRXEK9o3uNX28sZvssiZorommPbS\ne1+mkTyK1ovuQcn/jVb2sA8EqiT/5DRar8a4gpdT+Wvw/io/mXXrHg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrVDl4U0xObnA0RDd0MUpw\neUhrTmpIREc0Y1k0RlN2Wk9BdU90R3FJbUVjClMrSGpqSEJRM2w5Z3pKUlZ1cTR3\nSG45V3hka2NrdlhPK3JSRml0Yjl1Q28KLS0tIFBlWlFwbnNENk5xMHNQMmZySm9x\ndlAyTi9EY1pRMDZpYm0vMGNob1pObjgKwKKGOp5OvX0e5fT6ToV1NfJIs5Sqd/tU\nm4uiAv6rOnZPYAI9hH7sHwdJIRGkQRLNU1y5a4QqlyOujlnnSB+VrQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5VGM1KzYvQnRKcDdqd25v\nU0ZScVFtaHk3MjFZeU8rWnlQTXVFbnIwbUZZClZiVTZyL2M1RGZYbEpVOVprK2pw\nRWdYOWlRNmJ4ZjVxKzZVRUZ0dGM1RkUKLS0tIDB3K3J6N1MvRURCVEpYRWgrb0Fn\nS3lnVXk5QitxbzJiUnN6YlJvbncwTFUK2jD/+nfrYbeBaNnnkFvURPBe5X1dOawt\nyc75bL99DsP36ZNH5awXakh8Po0FbqGbH0EYKhVGz7162X+JFGwsbA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-06-19T21:51:47Z", diff --git a/vars/per-machine/crocus/garage/metrics_token/secret b/vars/per-machine/crocus/garage/metrics_token/secret index 7f7cb77..589c276 100644 --- a/vars/per-machine/crocus/garage/metrics_token/secret +++ b/vars/per-machine/crocus/garage/metrics_token/secret @@ -3,16 +3,21 @@ "sops": { "age": [ { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyREJCdnZqTzVMVkZnZEd2\nTEdnZmpQZHVwYUM0K1BZMjViL3FkTmtXclJJCjVzMGd5RkFMM0tJOTZNOHowTFdw\nRWJpSWVLTjZ0OXJHcjFVbFpIMlpNVGsKLS0tIDIwRngwSUpyRkRpSXFlTExNc3hE\neVJBNTAzWTRtRCswT3B1T2dpcStrY2MK0peLN7aitVghBLfnp019fl80M/Wk1aL0\n0B7DNZDVKhC2vxWoq2ESwYDR5IwmJdg7xfJkUrvX3zTPde6I4fMlBg==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbmdWcXRL\nWGcwWldvUmZNSnIzN3l3ZVBTU2Jaakk5bytmd3NRQmFvdW1LUgpwN2dOOUcwMFFS\nUnd0ZlViZXBNcEx4UGxtUVg0VVZ6WHVMU01pZU5YNnRzCi0tLSBVaUdaNTdXamh1\nY1YzWkVOWFFwNUg5QzBaRzA5azc2TUszUnZsOFhoUW8wCqotTO1N8TAhfRgQEpEX\nO94LfkaA8JiF6ZzhMLouKRMjiRdLaJMhExrIuRzEEdkq3vQqXWg/VEL0UrdlJhm+\ne1Y=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzY2kvbGpjVWpsbTloUlJG\nMHUyYWt4VU5mSW83emNaRU1VSEtUdWl4WXlBClZQMStpeWpQSkZ2Q3JUUVZYR3JC\nQnZ3MlBXZFNFSFlxRkFzREhjcmltd1UKLS0tIElqZ1VIUSthSHJwV0o5SGp5V0NE\nMjVBcHVJU0wrWmx2Ujc2RnFxZWtyZ2MKwk/wHMqFSS2DUsA63j6xzI4Z0M5QBS5u\nmYo4lv6DbmBC71s2QxG6lUO1EeY5wIGkUpGTAnt6e39/Jpns53GY+w==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJR1JVOUNKUVp6OVhLVW5B\nOTZ5ME8xZzVGT2orQ0ZiRmFrL1FFWVVkU1ZjCi9wcGZvNGIxWnRudmtzTGNNWnFS\nWkNzei9MV3V2Z2VXSHkxVEZjUDE4UW8KLS0tIFJpTE5vaXdJd2IxdHEwa0duNURQ\nekUrQkZtZy8zSmlYaG41TUk5ZDVmSDAKa/TiIJjJHG8GlPoNWJeWJc8YUVpQYnlM\notPV6adoJEi7xC6QPAHerPXE0j6G84GXC6sVY91dZnV9DEB1Hprztw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhM2pkVHk4Yy9uSGpZcnk0\naEdLYzFjTDlHQlNLYjMvWnZPNFlRbGg3amhFCitjYnNvdkE0NWx2RHcrRm56azNM\ncGZiSUd0b2llTXY2VlBVWUwzN3NkQ1EKLS0tIEFzL2I1STFnaS9wcFdqWTZGSzdQ\nZ2lqaENmV3A5aWNvVUtDOWFtcWd1OHMKAvCPQJ/UexvmEaj6GUOdslBteLpNR0mz\nTx3vtzA7KODzDYLguIR2DBxmKydiVYGugNY5mGdQhtl/31lNtGbqWw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-22T13:51:53Z", "mac": "ENC[AES256_GCM,data:H89aFtec/OOq7r4MS28N/5ygv5GCWU0kcZszIr4yacfvoxPDFhFy95WCk1O0mzeubJ0Kw0nnmRlDS++Xfa8O99gXOtJc3FupBtLH0s2067jH4SW4DF4B/8BDPN9erVPXC4cwjSQnLerP4+TA14JtTbkoMLSLIsfU3gVlN6S0F0k=,iv:q/DKwAs7wOJQ8oZfjPCDN6pm2yREiWk+CQd6B7TixOc=,tag:xRgjYRsv9pOoWpkofkw5dw==,type:str]", + "unencrypted_suffix": "_unencrypted", "version": "3.11.0" } } diff --git a/vars/per-machine/crocus/gitea-s3-storage/access-key-id/secret b/vars/per-machine/crocus/gitea-s3-storage/access-key-id/secret index 8759b9c..c7bce2f 100644 --- a/vars/per-machine/crocus/gitea-s3-storage/access-key-id/secret +++ b/vars/per-machine/crocus/gitea-s3-storage/access-key-id/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwRERmU3Bxbm42TlE4R0RX\na2ozeFVqNFlZYmVqeXFQb2JVVVlWbjVhTVdBCkJmWGdSK2VVcUZmRWkxL3U0S28v\nRTdpSGhsR0czUnBmUHNMdVdmRGJweVUKLS0tIHFVckZ5RE04TVcxbE9nbUZRWC9M\nTnAzM0k5cnFFREZ2SWFVbHhpdVlLaEkKigwXIzJ3WtyXOeZZ9INrfOdCJKADIjBC\ntSqzb2dY1I7akYd87nxR14fXIx0h379XZMBDgwLQhDI4iJOzmwON+Q==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBK3dtTW9Q\nY2k2WklwZUdSeVdvWnN3ZG1sdjR6dXBHcmUzUFJJMTJjcEJrNAp6bnplTXNTdnJv\ndG9Cekk3bW9qN3crQ0RocWxvN1BuWll1cHlJUWNHU2NFCi0tLSBJWFArZGdqTlkz\nQUp1cVhJMHVUM1U5QnIvaHF4eU9xQlFUOFZRMHU3L1FBClx02ankEXuuh0gkAsNP\nx9pycCLRiIZfQIv1OADGMBVXjOfmV5BA9ONlgA/TwhPvHtSxQGjiwzlzxD+TWLvb\n8Jw=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSZkM0YUM5OFMxM0czek9H\nZU9sbzFFVTNYWktCeVYvYTh5TUtWNGhiZFNjClJDM2MvZlFCTGVwakZRRWVscDN0\nd2podlM4bXVwUW8zMEYydU0wNEhhV00KLS0tIDhGb2ZBQlNHMGo4bjd2ZCtUMzQ2\nZzQ3U3BybGhCbSt4bGwvSDltRmpIZTgKnpusl9Z/x2f/h+kamRwUR8yt+ZmwuvUk\nrfnG+qO1iEHGoGbM5ltWEiIy20Igf4SC7CluMJsm0qqTdUc0mPP5iw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQWnhucjdCWlczYzUvNjlX\nOXRjZm96OTRSQ0FvV2ZDZC9TQ0VTc0xkRmpvClV5MHBvUVlBYW50L0hTdXM2QmlW\nZ2lIMEdUZXhnRGhJRmhoRG1JcXJaRDQKLS0tIFZrL29zSEgrQ2xhSnFpL2hHcUdG\nQmNTc2hPbm5yTVlDTkdOU3ZIdXRPSXcKKtWox37/e3aBBywo3lDqH47hdjyiIMSy\n6xi0cePv7WBoCLddIRS5QDWDBX+iRadlvGZmkQ+0IGI91JLR9nzCGQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMQXNxWUttNFVNVk1ZcVc1\nZXJGOGhMNUNhcnlZdUxISXdhWW9Ea2pXTVFJCkhwNlZlK0FZUlB3VFg1SCtsczRF\nKzFMeWdmK00rQlBVeVNRTFdQZkRucFEKLS0tIGFqV0U4NXdOVzhLdE9mRFZBcUhj\nbFpRaUJzOFdZYktEY012SGFLUENJYmMK+MBYHpnLN+rwSbfAqZgcboOUotHge9t0\nZflR5otAyDR/gnu7tgAyKPcQjCKPNHlOOJRCP2YPRj05+CKL7kSH9Q==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-07-26T17:18:51Z", diff --git a/vars/per-machine/crocus/gitea-s3-storage/access-key-secret/secret b/vars/per-machine/crocus/gitea-s3-storage/access-key-secret/secret index 66f68ae..515f782 100644 --- a/vars/per-machine/crocus/gitea-s3-storage/access-key-secret/secret +++ b/vars/per-machine/crocus/gitea-s3-storage/access-key-secret/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkbVpCalVOdHQ2Y0MxQ2RD\nUGNQZy8veFVwUTltSmk4TEh1RkNsc3d0S240CmxIMHNqRVNPVEVKWW45d1plQUNq\nN0ZjRUVwdi90UlhQdlk5R1lkK0U3c2sKLS0tIGR2aE1VKzYxcmtHOXFxQ1dIdFpR\nbFYxZGdLUjQvSnRBc3BmeXF0Y2JScTAKPcg+bHmnvYu6yXCV8k5Mh+XmIIGDxT2y\nNJKHrAk1gRpI3L46dKPvoqIEAwT5lpv9qC9S//qnG6ZPexoHF5R39A==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBNG8vSEps\nazlYdDBLY3RmWVc0VmcrbngydXhlZzJrT3owL25MSjk2RzRjdwpGNjZUV0FlZUVH\nalJBcUhvSFhBQmZjMEI3RkFwUmNid1FDUmJONFhTSUQ0Ci0tLSBIS1VPdENEYWRB\na0l5WGsxVXZ1bzB2VUl4cUZxL2xQdFJKRVJGL0tBMTJFCl3ClgbUoWpJs7tChg3/\nwgS7vE26L++nNFyZ/THBpcguIZNUp0++lIsZUcLjUPd2IzdrGJJx4gdLuTj/BT1q\nNOI=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvT1VSeGhTNXIzSWdKcGRT\nd0g0a1gzdi85VVJiWUk5a0dqRTlsMjhjWTNBCmwyakIyUlhyaHQ1Wld0K0ZieUNC\nZE9xeGgrTlFNd25BOTZ4ZnFwd1F5aWMKLS0tIDU3VlJEdFFQc2RXY0E3ODNaUWN2\nR2lIYU1aaDZabFJRZ1l5blk3MFBteEUKrhAutd7ppq/KjAnAtdvKcNFAfPfmFQe0\nnx1Zng1N2CINAxYkgEuMETqP29bsX4HibxdkPgMDqhKm1O43BY+PHA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKOHdNNitoby9pMHFsZ21O\nM0x1amJBQnk4SEJaRHEzL0h2K2dSMVZkTEZRCjZVcFFLeGxrd1JPTGtnbXhIckN1\nQlhCU2x3a21Zdy9PUHpkRHlrZGp0WW8KLS0tIFE2K1FaZ2FTWm8wREIydXJhUitp\nVDdtcFA0YUNRci9tWVFpUFFYMVFxTVEKly3KNceBr1capG5WLgSOITifFj3oHlc4\nZSDE3VPSj/b9objK1ezbXI30qKvr1AeIhdnikd7Pn53UYSVn8Y0Tdw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBySjhpNk1PSTZ3WUdLY2t1\nSlpSMHozT0xkN3hjeUtYaVdXdkJCYnZNekJnCjRyYWpSR2E0UEJpWFZvWWxHUDVL\nbmZUZWIyTGJObGlyeUUwUzB6RzNpZ2cKLS0tIHQvNVRwZFc5bTV1czZqd1J6NEtV\nbmw0RUZ2V0tjdTkxMmN6WStyVVNqUlkKxjMf7ltxnTes6yutRP1qXP29/shCUAro\nGtC5PAIGUyK7XKvf6nagW5PwGS/y7zW/ZRj7p/bHsysPuWkD+LNSFg==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-07-26T17:18:51Z", diff --git a/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret b/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret index d80bcc5..90915d8 100644 --- a/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret +++ b/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvanZmUDZnRkVWOHQrcEly\nY0E2eUpheDhmZGFJU3NkaC8vOVRRb3dZT1JBCkZ4Q1NpTUVPdHREUWkyeU1weC95\nVTV6SVFyT1BiSXkvNng5ZHZRc1p0aDgKLS0tIHJkNWxnQVJIMkxqR2FWZjRQcllz\nb3loRE9oWmRrOHNPdlE0KzQ3NzNxVVkKO6KkWQnRQejpUv5zG0xeDZjkAnlIMRU0\n+2/Hu3gzyC4cpDsZgqQeYPQ7y1N/n21bEmB63+mEKbwdZ/mSKtLerw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBcW5XZ1ky\nWHllUjltZVRxLzMxYnVzeTlIMnNnb2k2UkNzMkh2ZEJTSmhOWAoyc25LaWFlSUZp\nODNjNWJvaUpnazNiSDdnOFBzWHdYcEtsRlJpSEJaeUlNCi0tLSBVenNzTlhRVEd6\ncG9KcXdLb2tvNXdFRkFFTXptdmRTSUFlVVRId1J1NkdFCokjEeAfb0jZiaUhizkk\nBaJcEgpIqR0pwYs09KUWKIOOrgzumZeJjOgPEbGPyLJ7Ew/5WwIyxnfBS73URDIq\nSE0=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKR1orQjhtUll3NTFaR2Va\nZnk0V2FMaTE3MHlIUnMyd1VzL3lDQStEcDNnCmNaODN5cDRuRG8vZ3k4WlYySmpZ\nWUlPc0Z2dzBlVGt1TnliVWFkRnZEYTgKLS0tIEJKWVVPMkpTYzVhWU51dWNLM1I0\nVXNLQ2hEU2tVNGVub29zS2VsYzAxT28KiNpcaQC8sQ1bN4WCWDIP2acs+DpGZSD4\nVNb0fxNPE33sbuQ4u6NfuGt5TxZjPkcFns14kEs2nZdA+jSHDcwaDQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDd2dxR291MUYzZlZLNStz\nWGFncG9YUlJaaDB2R011bFVReTVTYjE0NDFVCnR5UEtTRmRiNWovcnBzUDdRVEhQ\nSHJCWFNIU0d1QnNkb0YwZE42YjFGeTgKLS0tIGFOQm9aRDhqVjZxQ2xOUlVRNUZX\na1U4emhnY0RsR0ZmWmlxUDlIMnFVbGMKSgaZnoVBXMzQ8iXMqXuK+j0sTayNQgcz\noogem3O/UVXdUf05Gem4TUrwnOI0Yr0HpG1UfQPfcmUH42l1dNHQ5g==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvRjRMdnBKcllQZExGemtV\nbENnaDBxY1ZEeGoxSW1kM1IyazRFUEd5c3hjCkk3eUZzWmxOdEVaSlJvcTBrbEZ1\nMUc5Q2FYdC90THdBWkExQ3g3eXRkYnMKLS0tIDMrRGZudTBVcHZkUXdOaWdvRGh4\nTmN3L0RMYUkxU2ZETUhFNjR5VzdxUlUKN5ltMRGkFX3GXyx+Mo7oojae67TjsdtK\n4YP07kxn9u7w9PoF+i57edfG6B9IxUfh+zE/73QHKb7YImm60v7SgQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-07-17T19:36:54Z", diff --git a/vars/per-machine/crocus/nextcloud-s3-storage/access-key-secret/secret b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-secret/secret index 7932921..07049a5 100644 --- a/vars/per-machine/crocus/nextcloud-s3-storage/access-key-secret/secret +++ b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-secret/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnbVZUVy9BYkFXN3loMzdp\nejBibHBUcEdRUmE0WGZEZ1dHTnEwdG92N1NVClJTVXJjVW1pS1prMzBrVDFDTXYw\nRk5DNWx2Y2FiRHA3eHNtTkh2eGJjM3MKLS0tIGdJWnhvV0tHdEVqaFBDODlVeC9J\nTU95cE1NcVM1TWExbUpwOWp0K1lVRDAKli1PM66AqGfaMwV6hNxsVcIXvYIfeEEI\np76ZHtGJ+z0tUgAzVd+h4XspbGa2GCnm7WzBjlzI0tT73WFJgZgAkw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBK3hzK0pl\nTW16QW1UWWdKSmJaLy9yUXdLY21yS2JucnJYS2NISWdCdlVFcQpQUXpRYWtqbDhh\nMmExVVdpRk5BWGVDK1dSOW9sNStCZ3VrbjJPYlk0VG0wCi0tLSBpcjlEbXRDS2tC\ndWFVSFgzRCtYWmNkY1lNNCt2M1BLL3NaQXJ4d1UvVDlvCpIierOo/DdLtfOyQYW9\nn+7DO3U8t+gDOh1l5YbmzM6WywVRe3B1ibEUf5+GQ/gpqkO/EJ/o9SJ4mCdgNWmn\noc0=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5WUsvditpNGE1a1RkOXZU\nQU8wWnlOczdvSm9Gd21ab1orQ2Z4c1dMeXdJCmZBRktPSFV6N2p5enZjZGMxeFNt\nS28vaTcxN1E4T1BkVXQ0TS8zaE4xMEkKLS0tIFNqMHk1ZWtmR0lyR25Jc3VPS1hz\nM1RFb1BZclZyNzdUTmJzSmZqdk15R2sKqGzKDNduTLaSIj//NzhqdNK3CEcKFyq0\n8QLjgvOSdhkWS2yZwijMx2ikRBA31Uo9Ei9wO+UqeOoxLOVNI00Pig==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGRmdYMGJHaE9JaVRjTDZx\nTWtzTWtpcy84cHJmd2Qyd1JSY0FFZUdWWUMwCjlFZEhUeFVnbWQ1eVQvc050YXFR\nT2lCM3ZFWUEvMmg1WU5XSk1lTUgrd28KLS0tIGZFVHlLYXJ5MmpxdTBjd1k5WWhp\nOUtjUXQ3cFB3VWxZV2FiYy9Dd2lQeEkKtXbc/oqXPPW6sS33GeZENrcOnm5UAOi+\n3S3EFzeJ/P4nxOMEFlsKfQSGgtRvbpWGNv6Cv7GngXdzXxO/cviccw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHZTEyMSs0VnJmNUVJanEx\nZHd5U1JPSGhkS0pHN1dQNmpCSEtHVEgwTnhBCnJSSFNOanliaXI1TnMxMy9Ka0Vs\nMUl5dmJXZVFvcDhaN0NGN0ZQNHduTWsKLS0tIHpnZGZrYnZCNjN5VmJJR0FmNUlX\nc3N5T2tKd2MrZWdaQWxqSnRNcGs5TUEK5fM7dR8k0GH++aJSHmhJ3bffeH0qpisd\nXexCO+qDqwRfIPzVmzkpQHUQ2+8PQGe5lL6UEKm4X8WLO7MgpfL8Lw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-11T20:52:22Z", diff --git a/vars/per-machine/crocus/nextcloud/admin-password/secret b/vars/per-machine/crocus/nextcloud/admin-password/secret index 0619fef..3fd51aa 100644 --- a/vars/per-machine/crocus/nextcloud/admin-password/secret +++ b/vars/per-machine/crocus/nextcloud/admin-password/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Z1FGZHk2QmFlLzFQRUo2\nZk5EWTJOMG5JYXgrSXBVU25EWVBDYjVZZldrCmk5d0JMVEVWNTUyV2ZQOTlSVXR4\nTjNIdnVqZmRER3hrWktKdVhSdTQ1ZHMKLS0tIGU4NEVoZDR2QjNZeEdIODZrNkZJ\nZ1hlRUc3Q3Y0MU1iVm51VUJGQjNxUDQKamXqt6+nMqw6WEYdmgFzZa467hYAtpDx\nLtaTBmwk/hM/IExr6w4ycTcAVuBXyZYeFyNAz6EfGCyrGFL99zbGWA==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBb3dudUc1\nTUdrMWt1MGRpR3I2NW50My9jUU4vbWY5Z3lmbk1wUnJRUGR6NgpDQW5HY0lHcXpS\ncUx5SWlSNVppdlRqbUVha0NqbmU1em92YUFML2Y1ZjdzCi0tLSBVZjFna3RxOTNs\nZ1ZaUXg3eC9OTGNSM1VqcUQvdFZteHppMmxzcVlpMGFjCpPtslPmZQcH4gUkOq2Q\nzxs3+AEq0L0PXnVqEpZ8zw3r/47+h2SZMpXLO+aAOXpk9N5XjaImN5uXoV3ajTE+\nxPs=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxN0x4WWdMQzRSWEJuK0JT\nMlBBUzhMRldtOWJvWkVjWVJ1ZzJmNVFyYWprCnVjVitwV0lSV0ZWRlRRRitWZGVi\nS1U1ak5nQVBJMXE2V29QclRRd2NnQVUKLS0tIHBMaWFQTVNDRUxiVC9KV0ZNUVFy\nTkJoRjJFZkkxUDM3MFZzdXRTZzZmSE0KLA+kgNMf3Lpp9YwHqXQ5NgpYGMnRDJEu\ndxD93SX5hmMh83h8bM11yH2spMIof77SWM+LIUn273YEOM/gNUFEzg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByeXBqMm1iajg3dGdxdjlh\nb2RuTGVBL2l5cC83MHFOYitSWm1odkZuRUdJCjNSTDczWHFmeTJ4b2R5ZkQ5ZWwy\nRTNuOTVNMjM5MlNiRjVJUWxvK2RKYTQKLS0tIFZxZjN1ZzFLOE8zSVFKY291YjB2\nRE12U2RnRytnaDB2dEZ4SUNLTElLVzgKfwcNexoKcjhgVc/IZ4G9R3jfHN8HURRU\nIG8N/8asGBfBcoYMk1BWE9CGIsv7p7PFA+N4nt9sS9MPXHeb0oGKRA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3WDlpRXhvdkJrSC9qUlBi\nTmFGQ0VBYUFmb0QyYVozZi9scVhQNEJqOFE0CnBSTFl3eFJZam5JTkg1SStudjNF\nMzJkSkl1K1lObGZjVVA4eGhFNlhwRU0KLS0tIC9kWC9DVjMzUk1PN0hrckFLY21U\nUk00QXB0bzRTcWEvNGcyTVkrRUptZnMKdcOp4GLRd9Fyt3S9oa5k8e82bvKxHSEN\nUyTHgs/XoE2wnyaB6UZ10V7L94pBAGeU0yvIgweeIrvKKbL3Q41y+Q==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-11T20:22:27Z", diff --git a/vars/per-machine/crocus/openssh/ssh.id_ed25519/secret b/vars/per-machine/crocus/openssh/ssh.id_ed25519/secret index d1dc5eb..512bd37 100644 --- a/vars/per-machine/crocus/openssh/ssh.id_ed25519/secret +++ b/vars/per-machine/crocus/openssh/ssh.id_ed25519/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoMVgyd3E3Yzg2bCtGaGx5\nTWxvMEluaXFVaGxmNmU0dFYvUkdUSHFMNGpvCnlFYXY1R3d0aHNha1kzMis2NVJV\nU1F2Ly8yUUV0SWpzSGVndG9pLzV2LzAKLS0tIDFrUUJqQzN4NGRlTTJRYUFjNHRW\nLzE0K3ovT0JqVUZEeTdaaUVNS2tWRFEKBmzU2fzC0KHb5ybXIwq+z3cdA8WrjHD1\nuFzNv1DotAxlA7e4BxmGm2Vuci7/EccNG7K2T5KQuD8nbtzXYJkkBw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBb2NONGg3\nWmpjMGIrTDBTdDAzVVU0RlR1SGxkOGRsMVJnRVBDWm5QQk9CSgo2d2w5bDFFUkJk\nM0twTGhGZ3R6cngzMkpBakgvTm5CbWpEV1U4dVl6aUdZCi0tLSBrRXJjUERBWU5I\ndDlybEJKR2FjYVNNVm1aWldYeWZTL2M3OXArZ1FHNHNRCgyzggaTAGFvNiMzfg6O\n0lBeIlggttQTSJt7fcF0XvbLDJ5/d1IQ6dVFKpHZZDmqs+ZjSA7YYvj2CJlUKsQT\nvK8=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzaU9VRE5MVUcyWFBuc293\ncHVLYm1iSEx2MzVYSFoyZnh4WW10ZUpmd1NjCjRRbzIvSEwyZVArRHo5dFdUc1hN\nS2pHWGwyMG42UlJteTR5K1ZRRHJ6Q1EKLS0tIHdWeXd1RmxCd3VLbS9kcGt2TzQv\neEVZZ3ZUaUpyQVV3MUpWcmVVRzdZYWcK3NZpvf6uCsNz3Im+yDafBcPQT+QxddkV\nStX8svuvbtwU8ZPlj7FiF/HoeVC6im33hrrrpRx9l+udPrqUAeuESQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5bXBqUUFuaEhVSk5qeWdp\nRzBXYlZWTE1wSGlrbE1MbnNnMENGeDVuamlJCjczYmJzdEc2OVI1eGd5TGRZZXNm\nY2NLblY1T0dVbUZhU1gxcmpaZnNMbFEKLS0tIHNBditDbWpVVE41cWs0RGhFZUF1\nUHd0TS9FQnZscDQyRjErbE10NWNMZ1UK6nsQp3bCfJHpYG23dyJxHHgR95ZXsgu4\npqomGzG4ONNBG3HDjxnQI+FztXnCR4n/th6xNJ7To+0DRexvr9BsSA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxQ0xENE9GTzcyQXQySWNK\nV0dYMVUzdGVNOWFubkF5YlhlNktDek9OdDE4CnJrYXlCL0VNWXo4UXBaZWNidlpw\nRUZLbnhiTzdtemhTWXdBVXV5ek41MmcKLS0tIEZ6eW1hZHkxNld4Y0Q4bVNFODRs\nNms4NnJaWWF5ZlR5UHYrTkZCY0NnNncKlBQU1BJRODIVgeoMn82nflunn1uwPFuo\nfxW4Q85LHgLK3tJQBqn8H6QCHk8gtwxulnu6+M0WyEYJ8iPE7GacNQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-06-17T19:07:35Z", diff --git a/vars/per-machine/crocus/radicle/id_ed25519/secret b/vars/per-machine/crocus/radicle/id_ed25519/secret index 665be2e..4c63790 100644 --- a/vars/per-machine/crocus/radicle/id_ed25519/secret +++ b/vars/per-machine/crocus/radicle/id_ed25519/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Z1dkeWhORUpJQXFrMncx\nVmwzbjJuMzV1N2ZkRktHTGgyS1hxbzFKM3pjCm9ueWlaZGJGUUM0S2dSdkRtbFRy\nMCtOWUVoVENUMkNQVVVnQ3VadGhnSkUKLS0tIFJXWDIzOVJiOHkzQStiUmhrYUtH\neFIyd09tTEp3ZHZMWmpRcnZha3UyRjQKtVeTIccQrYxFzpHFSW2Fz9m02VcOT8Wo\ny9A233d155LjRpcv8T1KxbcPBL0nyRKEBCljCq41w3bB2JfX7zdzRw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBamRqTmFv\ndVljVXJGa2FyRDk4RFFlVWJkRWgrbFhaZlBHYU0rRXhQTTJVZgoxQ0pKQjk0cjMw\nUStFQW9UTTNNT0wrT3NlUGZTMDZVQ0wrZTdRT3lDM2NzCi0tLSBDUzd3clZWR0Fh\nUXFFbXhkMkV0THpqa3QwMjNoRzFTYStMREJJT0t4Zm1BCjTow3NjQg3CLp0bodlD\nIrX0OXNbQRv6XAZ9ethWJ+SJbU+6kbLRjCP2TpIgyYaRF/cjKTszB/RfQvfpe8E8\nhCA=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFZm1mOFhETFNPYXRiNGNB\nbTdLMDNLUG9nS2xZdTNUUmJWWW5FbHcrRW5rCm9SMUU4MDlaYjlRS2daQU1idDA2\neXZHNnF5cTFvUXR3a2dIVGh2a3JZZW8KLS0tIGl0Q2tZVmg0NnJhdWhSc2xUT3VO\nV1dyMzhHZ3NHUmliZ0xPY0hRUzJhaXMKKzu26ao/Mc4A8QQfMgsWfFe3fLzWdO2L\n5n0GAChocmVR4GHllrwDwXZ9YjKPZbGny+B/V3BdNL0MdAZVwdz5Hw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYVXNtQmVyVDcrMklUR2pW\nK1NBa0liSlRxVStFSDFvMGJLNjhMTU9yK0JBCmdzOWRJeHQ0dTJxSXBCekZrdEJ6\ncW8yTXNPU1lDem1LeVVTZlpUc1JUWVUKLS0tIGRhRWJZeU5UZXh3b2pITkRBbXVq\nRGZpM1BKajZud2FQWlI1RUhEeXQ4c2sK4OcLD5QL8Wfi25oOXB/ssuUINDptD6wN\n5xrrNzt9/Ie0zET29jxhulnKZYWG3JgIyrydySWVxOjA2+UppJH07g==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMXBqWVdqNnJDUUFEcWRX\nZGxKV0dHK2YzZlg5NjRoaGIxeUs2WG1PeFJrCjR0cC9jenZiZHkzRWhUZmVFSmlw\nU2EvSjc1L1krTTZCak1VL3IxZDdZRDQKLS0tIFhEQ0luYUlHRGFXUFJYYVovQTBn\nLzVMWUhwQTlDNWloeGlPR3NRTXBNTlEKV7aVQl+T+dKoJTNJcTEnsmaRZfmk/dUh\nuYVLtbUW7tSEz3OnIH1iYEmwSOHGGyvE7Iji1nt7J+ADPuWQMhp+wg==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-01T11:37:19Z", diff --git a/vars/per-machine/crocus/root-password/password-hash/secret b/vars/per-machine/crocus/root-password/password-hash/secret index 17598a1..2f0aa01 100644 --- a/vars/per-machine/crocus/root-password/password-hash/secret +++ b/vars/per-machine/crocus/root-password/password-hash/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRR0JaTVdRTEJsOExkOC9D\nZGR6WXpYRTFLdXhDckZFb2w0RFk5cTFHZFRRCkVrM0l4QjN1bnlJaTU0eVY2bTNZ\ndDFGeXBkV2E1TEt4NmlMOHAvem42QUEKLS0tIGtuY29McVYzVUl0d2FPRmRadEdM\nWUwzWktjaHdvOHVvWXFKWVRzSEZKNlkKeeCozhNzrt1gI1QlBVACd0ytDaJ+VCG+\n3Fx420ScVSVq0SxpPNv1LOrYW/JyTEeFNCmuPvCSpMCRKmSOF2eoRw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBOHJ0akhH\ncHE4RmpxSVlMWmRuemhSVFpaS2dpMkZuSWNkeE1WWFhQK0cvegpkNTg1b1FmWE8w\nZ3dLQkZxM25tVzZheEpBN3ZkU2NGbmxjOVRJNkRkczFNCi0tLSBxOGVOb1RBSE1D\nSE9sbmhBRnpWTVZFVUF1TWVyVTdZQ3lGZU95N3NJMmxZCoZFN689SAVwsl05lJbh\n2KTZ0ubaSa0DZJwqZU8+bQK9+aKTHEG1ofkzV+B+qhPa7QT3/pVkf96ecxAv6v/R\n5qo=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXZ240c1hrSmQxUndwSHdy\nMUJDQWJiNExvT0EwRitmcDd6VjFrQUJZNHg0Ckg3TkNOSFVQRUhGcFRZTXFmZDY1\nVnZibHFBVUdDNm9TNm00NTZMVHFWR0kKLS0tIHRxeGkwTnlNejdqeUswSGgwSmNH\nM0RMR2NPOUtFNjlGYityR1BUVnE1dlEK3Y3Qw+2+0XDwOmf323BPuZjhAn1BTYT4\nkEStKcrrVPsua4kQoK7rrdS8euTxmdDixXn7GXOEsfRBzmfaRSf0HA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyR0VSSnY1cUk2WVk1VzlG\ncDhacERNQTJZMFoxNW5XbjFuZ3lVM0dTbUZBCkZidWVwQk55NHNYQ1hWUXBHallC\nVXBQUHJDNVJHeVZJNEhJVjRxR2t1TWMKLS0tIC9GODhBVlhrRVNYelk0UkZlVEVm\nZ0hINlROUFRkOTY5cjZkdHl1aEF1VTgKJldWuUV6BMariSdoCt/0cNprS1HN4Tav\nXuCR0UcmC+q5nChLUrBh5fBCzQ7MQPQ5LqhgdxJ4syeigl8XlOsNtA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0ZVFySURNa0pwQURpVXdK\nMmthdUV6bTFXVkI4RUo1VW1YYnRSSjg5NlhBCktqK1RIYVViSERmUjBmaTVHMUNy\ncEo3K3dxdVBFZWRUYkQxdHpFS3JkeHMKLS0tIDVHZTMvbUhvcU9pbDlKQm9aaVlx\nUzY0dFZuNmhzRnhxTzJYcGNXUXRJSGsKpzuQDFI9Hn2GrAbZ5JLQsEcH2U8wzlQv\njumD1hhslQ6vwuwx7YEtNCtd3dkQ4veRsMFpBKQ+KB7VPN6CoahzbA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-14T17:21:00Z", diff --git a/vars/per-machine/crocus/root-password/password/secret b/vars/per-machine/crocus/root-password/password/secret index 8bd5aef..77497f0 100644 --- a/vars/per-machine/crocus/root-password/password/secret +++ b/vars/per-machine/crocus/root-password/password/secret @@ -2,9 +2,13 @@ "data": "ENC[AES256_GCM,data:R7GQt7/DDTtX6XUSydCuodA1QeW2,iv:VROiFMVtL20iDecEDVyFko5OvgYEA0Wcz8j/IglmH8k=,tag:HCfQ0oWVXrhvcV/QjSrFNw==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBcVYwbklp\nMnFka0E1UkxzUUV2RmRMSDQ0S01seUtHUWMyZ3JEemJHZURHZApPSlRBTEIxdHBm\nZXlvdEhQRFNJY211V2dMejY1dlp6M0pXcVZsVFFYR3ZVCi0tLSBuK2RLLzF6WTlB\nRHpDaWpia0UwWFBEWnJ6Yy94d2dXWUNZZXN3WW1mUUhRCo8mnUkQZvE+3QrQIb+J\nO3A+3PnIpszKeCwhpGugctC8c3mbCzbwSH7e7kJKvENvUvo1Uw6mpAUR0nV5hOTI\nNXc=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwc1F5ajZGVGlqbEdyUG9X\nNk9NakJMNWR4NWN6d2lFUnRNWmxZcTdQYmhRCmZySFFsL2lsZGpYakFuZnJ1czNH\nMGxlQUYxUDZwbU5aTlZaVVBDb05VdDQKLS0tIHZYMlhGejJMWitVOVNRdzcvWEhU\nQVo1eFNGRUdMUHhpeFl3RThNNkZMdFkKW2OpI5QDTFkCVQ5HMYLxPvSN381OS/mr\nRfrulaRXYpcKRS5xE+Kp4OboHIezcYCndLNxsI1If6twP+SqakeVSA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5RFdEeXRxNEtsT3pkVUg4\nY1N1dml6MHRiTm5FeFQ1NnpLd0I2VjQ2eDBJCkpmYWVicTh4dHRGMHNISlZpR01u\neTlUV1J4RHNYSFJuenM1Si9uM1JHUncKLS0tIExSQWJpQUF4UzF3aEY2ZTg3SHZt\nU0VLZ0VxK0N1Q0NTa1lwM0Rib2xTV2MKQZi1exn+8X1FqzhBWql35aMefy2SKcEi\nnfJWq/5OnQOvrZHPxSCvDZLJkLLGRM+Ow6ARpC2TVc7ZYLlWCshwpA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-14T17:21:00Z", diff --git a/vars/per-machine/crocus/user-password/user-password-hash/secret b/vars/per-machine/crocus/user-password/user-password-hash/secret index 9cf5690..f41cc9a 100644 --- a/vars/per-machine/crocus/user-password/user-password-hash/secret +++ b/vars/per-machine/crocus/user-password/user-password-hash/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvR0cwMk1MejFwdXpQR3pF\nRUFuaGRlN01qV2k3U3FjQnJuVVRLdjBoNEY4CmdKcXJTeWpqazJIOFdiMDg2UEhv\nNnl0WEg5b25wbkZsc1lodUUxZkxLd2cKLS0tIHJkbHJtZnhwc1YrNVVCdDgweVVY\nakZYWlBKNlM3YlBiZnB5OWdwYWkrancKTMMFgAdfefUBtuihCuGlDHgBNXK9ppM6\nM6YliifuwsJLiXJrBdJCeOT4E8DjS1tG48VVUOeCAUImWbjL63c67A==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbkdEbFlL\nSkZxLytXbFJsT3VPRDZJeWlMNTF5MU55K29UTnZ0OVZBdDFzawpqYi9IdFVFV01z\nSlJyRVZEOUVaTSsvOUJtSGVEYnBZMkViMEtyNnRXTU1nCi0tLSBBYWwrbENMaHZX\nTFA2bFF5NFBaTmJLby9MdmczQVUwaTIzSnpNdmNZTlVvCgbBp4f2DwHa44IoqV+K\neECZP8dAjiM+aRIMiZC1K5t0Z9WvkElweQdyK2Zx0WRM8/s3Gb4X3N6eCtmwafJs\nMzY=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXcTh3dWE2ZzdkaEJ2Tmls\nYjRuWDVWS254TUY1RWt0bFpyTjFnYTQ5OTFzCkNmT3g5N2wrRTRJWlQ4NnovNzRp\nZ0IwVEgvZDhUUit6dFI0czdnL0JyTkEKLS0tIHlWcFVoS3pzendja1orQXNad0VF\nSmw0ZWpya0NtdlJHa3o0TDlGaGtTZTgKuvbeiKjcT+Km3zMeyey7damZfg/GH2Ft\nJSb4I7QUEW6xPR/Wzl+cmk9OoGk94tQ8SsPr11nYOGrUl6bOqaN72g==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYTENpNjZKdjU2S0tiOFdw\nc3RhWmJycXNVSElJSVFqY1oyT3dFalZxNjI0CjZVSllWS0lHdU1POG41U0cweGxs\nNnErcVRnampHemhDR2Qrc2Q2a3lLUzQKLS0tIGVJaWNOOTBJU3V0Y1k3d1lFV3RD\nbFhnQVVEQWFpNlppQ2ZvYWxUVGIyQzAKQqPu6Q9S2GTRNaoeRq3W4CpPUQE7FB+r\nmxQG73eOANaFuctzECod60wgnQyS7hwZidJRqCARPf9lO2gAORSmhQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzeWJ6b28wL3UyL1I0SHlX\nWWpYa0d0UWFzbnVKYUVXTkxRU3dnUkxKMUMwCnFPT3lNczFrdXA1ajA3TUE5K2RQ\nMDlVRGpnVFVlTnp6WXYzTmJNLzJjVEUKLS0tIHJycHo3TWg5eUI3eHY1eW1tUENZ\nTStrVTBES0JSa1A1Z2JtbjQraHQ5N2cKwXiR53tXqAhz8vHYNEx6vhp/3+U2WWKa\nUy5ZFplHbuZDZ6905IPoOD1PMeec7fdXqsIzLaGkRgTg+B5O1Irf8Q==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-10T20:20:53Z", diff --git a/vars/per-machine/crocus/user-password/user-password/secret b/vars/per-machine/crocus/user-password/user-password/secret index 72d6e59..88c0a6a 100644 --- a/vars/per-machine/crocus/user-password/user-password/secret +++ b/vars/per-machine/crocus/user-password/user-password/secret @@ -2,9 +2,13 @@ "data": "ENC[AES256_GCM,data:Fo/Vp01uPR8nkb6H,iv:GlrAKIHbhGoL21Kxn3aXTJQ0U6hqothX/LO9kczOgpY=,tag:A2MznPnK90+Wx2S/9sIWtQ==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbkh1c0kv\nVDdLaGx3ZXNiQUMrekVDdHpGTzIrMU1vYTI0dnhySUJEUHhUOQpqbDZvdldsd05p\nNTIycDU3STNYRzRjRi83L3E5NTA5VCtVSXhSSWN3OUtnCi0tLSBSMi9ycXhPZVJC\nVG50Vk85a09OT1RjQnh4UnZVS2Y4NUhGMkQ3MTZ2cmN3CppZMq4dsHSM72dLy6Q0\nhYT/FKGQsh6m473J4/rdvZBKMUudm6q0uvNbQ48oJ/xGlGrBXy1aXaqN/vdL1Q+6\nRPw=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsWHFvdWJub0UrTkIvM3Nm\nZHROcCtkZWduMjIxcmdSUjk2ZHFNTkZsWFY4CnlHMUM3L3I3N0tvc0FZall0VU5Y\ncCswR081ejBXaHhpMFZBTWdYZFRUdFkKLS0tIEZneWowOXZsQW1GR3d4c1J1OTdo\nQ1pVM0NTdktNVU1pb05kU1Z3dVZjcWsKwuj49f46Ty+JAHMV6+iN0puMa46Pn90q\n5GTUb4eZ61YFVfeJswJDwIyE5e6uiibUMdNnlLCN/JBRTFJvoMhpkg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxaGlocjJFMFlUaXIyeEIx\nY0NiN1lmNlNwa3YwV0dhYWNlT1oxOWFyeENFCnQ4aGRmckpEUUFtVXFQYUV3WGF3\nRVRRaWFuSHZ5NkRFSE1rUHUyNnNIYVEKLS0tIGYzcHRmNmROeHkvRlNGN1hINEg2\nRG10THJOdDAxVnRmNEI1a1BBa2NlNHMKPfeNrt/zRWrNgwh7T5N4SIzZEfn9XwMq\nIDKS21Y6E8cQCwjlJbYOLNk5wvn+B1053YF+MVu4D0g8DxnpXWk9eQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-10T20:20:53Z", diff --git a/vars/per-machine/crocus/wireguard-keys-wireguard/privatekey/secret b/vars/per-machine/crocus/wireguard-keys-wireguard/privatekey/secret index 8620778..d7b8c57 100644 --- a/vars/per-machine/crocus/wireguard-keys-wireguard/privatekey/secret +++ b/vars/per-machine/crocus/wireguard-keys-wireguard/privatekey/secret @@ -3,16 +3,21 @@ "sops": { "age": [ { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnWFN2eTRhYkF3eGMxSVBj\nRmV6aEl6TkFrYVNaSkZNeUt4SkJ0eFpnc3pjClluVExKZnlmZXZiZit0cGx1bmt2\nSTVXVDlUTjJvSDhvODFJT3JSRmFxWmcKLS0tIGpzSzh1NHM3U3ZCYWlkUHA1c1A5\nUENpMW5yS0xXSjYwOG42NGF4cWJQVkUK+o27ZfTVlD1tmqOXll3mTNKDPbmdpqLf\nDd51tfokYg7BVAP4bhgL2CbkH2p8qJdHmo6UcT77Pxvan1MCcgg8tw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBamVnOTdz\nR1VzUE8zbU5nNmNaNkMxbk1td3UvcFYrQjIwdHhXdElrTjBmNwpBTFN1ajNtWHFy\nLzEweFl6ZEFnVCtJTlZqaW5CbUlJZHNpZS9HVWVpZFUwCi0tLSBOUTZnTWhlWGov\nSjNhUFpUYlREUDhWVFIxa1RFdXh0dFFocFEvS0tEUGpnCh/oAyQ6ciEbB9L6MAfK\nUk2wacon3Aq3IDBy6XjGuNutWCSlp/yKNYwvBl21aNM5llUy9vDJfeNpFzW8b/xG\npTw=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZY1VKMHIwbkNTRm91c1Vn\nOVZjWVhrTW5lMlFtaUdTcktWY2JrMFVHMGw0CjJrTWZlbkZKYm5XMGpZeW1pK0t2\nZEw3UTRzZGFBQlVRQlo4UFpLdjl3amMKLS0tIGdCNUtPVEd1U25pZVFYakR0MkR0\nSy9yQXBXOHBvbGdVU2wxOW5Kd0tDSU0KX+iIRVmYse0ECpDFXs16Rv6TE+vcX4qR\nqSBnIZJeeTsva/T0tXXnwSnIG8/nKtHzYPu+j75Sb3d7lXO6h0USGw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkZ2Zyem5weXdwd3F1UU5P\nM2NxdVlPWW5vUitPeHlOVitIRzgxZ3RYdEFBClIyWHBZblB1azVyMW5wdW42MXpy\nT0FkUTZWOUxwbjFMZE04SVEzVURZTmcKLS0tIElXLzI3U2Q5R3Q4dUVBdFhJbW1M\nTDFFQWdONXF2bmVCV1dCd2NuZmxPYlEKzoxEXCidV34D/bu8UGwAPIjNYAeVD1Xt\nIZAGdSZKzcX953M4htIADzUGjLPPIG3clIENVGc5cWn4HvEhgQgHiA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5NkpYTVhOdGJXbjlodUF5\nZXI1eUZRZWt2dUZ6aTU4alZkKzgwK0VadFZZCndOek5GczM4ZVNzYVBVczl4KzFy\nd1dzU2IybGFOVVpEUCs3YTQ2Qyt4RVEKLS0tIE44bzlob1FTSGVqWmRxbURYM3pm\ndGoxQVNoZ2JyV0dJdGxQL0U3bXljWGMKQgqQI7x2vqgo/Gp7BrLhJtRjudvWO8Aj\nFssSfXk0a3Cft4SRj0Ov6jF62igRkLJ2ij/MNaCihUzecxe977cIYQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-11-21T16:53:25Z", "mac": "ENC[AES256_GCM,data:gks9AYHofKUmYa9i7+8kpM3cEMWEfQmibjY7dLUqi4TDfLyxlUIoKmbptrwJgWTWBs+Tnb3YrU8RRTFGFXPyyiwForX0/mDHf1pK0+1NmxKWd8X/7hZmARaWXQGe3rwOLdlvgXyZ0qpTOYXa8vNCp14m8HHIvq12tY+RY7/l7dY=,iv:fz0Vsw0bmNr8wgVmRltk4xzNEGU9xGb0f/RilEyIBu8=,tag:AfYTEAUBoUw7sLd9NcMPgQ==,type:str]", + "unencrypted_suffix": "_unencrypted", "version": "3.11.0" } } diff --git a/vars/per-machine/crocus/zerotier/zerotier-identity-secret/secret b/vars/per-machine/crocus/zerotier/zerotier-identity-secret/secret index 547a15a..a639094 100644 --- a/vars/per-machine/crocus/zerotier/zerotier-identity-secret/secret +++ b/vars/per-machine/crocus/zerotier/zerotier-identity-secret/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGb1RZUmQrQk1INllDeWhK\nNkZpY2xhc1BuSHYvK2EyNzdkVFlsaGlTRWt3CmFjUmxLOFg3YXViU1FRZFNINE1H\najVXSDNTSHJLY00zcitVQitMU3RkcUEKLS0tICtxSThJbGhQZEpTT2kvSTErb0Ny\nTHlZaStTSjQ3eklzQzNDbHZHQkxITWsK7uxGqGNRU82fZltqYoam76jtcnD6CMay\no4UfTOj5XOSmV+KVGH+e8rEIkUFQItU7GDh51+rmmeM0jzq2iinEcw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBd1MzaVVr\nUUMvM25vYnpmS2lYSlg4QWpyWHEzTGdSRnozY2JPOWJMcjZJWgo0OVdpZDhjdzdV\nQVVuME5rV3dTUm1qd21rbWJHcmlZa0VpTmRhWU1ic1RrCi0tLSAxcDRrRDBIbkpx\nUTY3R0JLOTc2NlFEeUdpdFlKblJyT1VDb241bytPQWZZCmQ04XyTh402v6NNM8lk\niKX2RgFU1lrIkS45qbbCLJG0DG2ljgCCZJPVpheyvuHhxevafcMm2wyp8Bz0yp7z\nyNs=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5ZWF1MHUxOWRPYXE1Mzcw\nekt1UWZ4S3ZEQndDRjdTRHppUnVNVzNRVkJvClBQZGRMenY4bEovR2JUTXIxSXVW\ncHVrWHM3OWFuS2dIOTZGU1ptNEl2aTQKLS0tIC81cEFsR016dzB6QnVZdklRd2dG\nUjEyMnAzcXRtRExXU0R2akZGclk3dDgKLeZeDfzv5BfNmYt5FxZ1num/g/grZ7Xp\naLfufRxsEMrOhKZxTmY/x7ZxfOP6HfKgyH3j2tRAjBNwnPSst9QpPw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOTXQySmQvNmo5b3ZOUk5P\nSGZBangwWndQVWpCRGd1YzNMaURDRUZJWFM4CmFSbVB6WVBtcGJBV1BZZ3gyWklq\nSmhwT0JPTG1tanhVQkRkSytoZWhSUzAKLS0tIHRJaC8vUU56MWZrS2tWTzRoblQr\nYm15c0EvNWJzRVlsQXR2MTI3N3FsZ0kKEjhSOiZw7DHikFnNYQCcoL/IP1SWr77e\nN/y0XWSJ6DWI73ECc8Ua1igfOLts99kbCl/tZhHFRi+Fq1nhkcqBYw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcVFKWlBPbkQwa3JpcllW\nOFhVMTJOc09tY0c1Sm96RWhGSVJ6WHhnd25ZCmt3NUJiZ2xaWFlnbVdKK2pFT3Ni\nK0ZEMmtPeGxxdHFnbVlDVnZoUXRmWWcKLS0tIEhSbXAvd0w2VFJDSXJ0d0NodENK\nZlkzcnFBcVVLYkp6d2E1STBEVG9Lc3cKp0jB6z0dK/RECtwSM5Rv8FRr+ltMu9yg\nyomovUqBFQQHoKIMxCTFN9UjYszpO7yN/DdYz2Jn7uZhXAHMyDVY0g==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-10T12:16:13Z", diff --git a/vars/per-machine/genepi/borgbackup/borgbackup.repokey/secret b/vars/per-machine/genepi/borgbackup/borgbackup.repokey/secret index 69b5354..2c4d03f 100644 --- a/vars/per-machine/genepi/borgbackup/borgbackup.repokey/secret +++ b/vars/per-machine/genepi/borgbackup/borgbackup.repokey/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0SGREV21wekNCeTh2Q2FC\nRUY3NFJNbkFiaGVEaCsyZEt4MnZGdVNMbEE4Ck5OQ1pUN2puSHFBQjdnTTNVZGxK\naDVBV2N4OEJpd1YydDAxRSt3NEo3emMKLS0tIHArRzhTdThBSHNZRDNrbU80WmJh\nenpJUVllRURhZzRzbmtLdEJVMEtLaWMKWIuT+Asla9W7eZcIeBqz6jvnp8JCb2a2\nHaMn8TucGJrSuGbCTACTBDv6/CZUGpD/pVolwROVXalighoAN5ryIA==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBK2ZJeE1u\ncVBobTM3Um5NMmRSbTNad011SjFDeWNENkpMbjJDaFI1QTQreQpCN3dXSEE2QTZK\nOXFCd3FoSkRtM0NVUWozNmxXVjNiRXRSeitFelVsWXpjCi0tLSBTVTlROXZUQlQw\nZTVSbFgzRzJjMjQxbkkzZTFpY283Rjd2Vkc2RHRXN2RnCpQUDrGZWTHyblRrVL80\neOGoJ9tPzDgkslVs4C+3d2l3EYsFy3s6RZAP2PvrDOmBNY8LZ8HS1PSET9Cwyzpw\nhUs=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoQ0xnWjdGYzZIcnhreStp\nU2dJeXo4YkphWmhzaEFGcmtqTXk5N2xZY1ZFCjlVdWpycmNNYVNta0VSbjlrcnRo\nYkppdFRWME4zdkdnZFA0MCs0elBoSUEKLS0tIHdkUlJVeS9WQmF4ckVJa1BkTjJJ\naXVRLzVLQmM5d2xKSDRJZEtabWpCOGsKr2Q7ME0iGCeo1+uvMdAkbGWujQtzT0rP\nvYTSUdIllvB4zCkj4vK1h2/tl7dp3dwg6QI/qA1NZf6vrHQhakIRfw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwSVZHZ0Z5SU8ydVE0QmZi\naGQ4MktuTFNYSEd6UlE0Q2RSWnBKMVg5ZEVrCnQ4V3pDNnByWHEzTjJXaEVHSnRL\nWGNWY2ZpUXlMMzZDaVUwMjZZWjRGNFEKLS0tIGxjL1RoakpuanpkV1FNRHdZVjZt\nNVNVOXFKeHhiM2JLMktwYmlFN0xaWEUKtKJRmsCzt5nry0xBXSnf0uvKMbme+pj1\nbUrEK7t7pdapqQ5feezbrffOJf8xnVQPsb1PrEd6ukxrvJdj5UYQ7g==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZFliL2grN2xPNG8wRVk2\nU2NwaEhHaWpDL0ZTdmdHc0Zmb2ZacFZ0QWpnCmdkaFlTSDRheW1TTmFpVmJRTzI2\nTEZxbGowRkxhK1FSZFovTThQWVZMK28KLS0tIElrak5FZnd5cUxub1VJdUZIVW5N\nemlsT3ZobmlYRlF1SmVSd0VHUlYyUnMKq4DX4gdA850cEYHywtgK4RNCCCfy1247\nGlPTJvFPndQPUUUkqez2G+73QL82DPS6AF+oudJvys5NLgcOIbJDIw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-15T13:43:54Z", diff --git a/vars/per-machine/genepi/borgbackup/borgbackup.ssh/secret b/vars/per-machine/genepi/borgbackup/borgbackup.ssh/secret index 2053662..70ef60f 100644 --- a/vars/per-machine/genepi/borgbackup/borgbackup.ssh/secret +++ b/vars/per-machine/genepi/borgbackup/borgbackup.ssh/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkdG5qZzNZMTQ3NEtFVVFE\nNDdySUVOeFFLM0RncHFlbVlZcTFva0lpdWs0ClczL0JjRG5JeWp5MjZYWm1tTWxD\nQVdXdGtBbXorQ0JvbTRkUkh2OEFoQzgKLS0tIGpia2ZCYVhUbW52cnNjOERIWE5L\nVjM4R2xUZVhuNjIxc0xGdmV3WmpacVEKIjRzZa6fyQris6kbq9vXgCQrpr81Ol75\n8ELRx3Na/IyJnhNYZKv4nDjkKCMCL713i3gh1VZDM26b2N2/mWGZHg==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBZ21qeDE5\nSXRjd0FaY3NjcHkvNm5wa2dGVGlxWTR4b3lQVVZtTU9DUXJNSwpaZ1dOUUFNb1Y3\nRlBsNlRZcUZ6cUl6Wk5wWGFpeTdxYi94eG5ZUTlQS2pFCi0tLSBabDMxeFdjMVpH\neXMxTk5vT2RjSGFTY1Y3TFVaTzk2NUVXd3NGeGcyQVVvCrgb/0l7/6rgzSQ1vINg\nHB+8Su2du2JOvU+aRZSnPwBxCeGzckIkCz2gzFQrdWB37/Klwbz3cBmr/Pq0WcqT\nuIE=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxWlJMdzNpQnpLbmQ1T2dl\nbk9tdXlSZ0wyZDBDVmU3ZS9YWUdMMS8xZXhJCmFlN05GUXUzRTRpSFgxdUhLTHdp\nR1V0U04zd2NvMG5VVitVVEJkYmsrdnMKLS0tIGR4RnNaRkVocVJEb3dYeDIvbUhj\nZ0JCelpwek5QYUNWS1ZBb2pXRnJ3eG8Kd7PmxIG70scR09REGZgsHlDcxsbjjG3D\nHBmj7MfSK2Liqh9iuoWXmrfbHBrmpIpETRfnJTnyuy4w44vSn39baw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvYWJGSW8xS0picDd1aHpQ\nWm9udUJXS0I3dEI2UEdvb2I5RnROR283UUQ0CjR1bHJFQVdpQ3h4SElFZ25YQzIx\nMktNWlgzRW4wRXVYakkzczNVWUJ5c2MKLS0tIEFEUms0WURxRHY3YlhKS3UzbmE3\nUlFoUlVObG9ySEpodXRVQ05HMTBUeTQKvFP3Hau99+NXdus+vOZzYXYzluy3B5IK\n2CdnGe1BkB7OyLplPE7QeLm7n6nfI2G8Z5Rdnk11sgFhI5rBYJUzhA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsOXdVeXBDY0hPR01aZ2pD\nNzBKbVgzVGpNcHBYYiszTjFYQVkxTEY3RTN3Ci83ZDVnbFh0UWNjWXBoWnhUR3Fz\nNXkzbmpBaUlHTml4UFZoOTdtNjMxTFEKLS0tIHJ6TEtqZEQrc1B2T1VHODhiSVJT\nRjVqV3plWHhzbzNDbWRDVXZXVEQ2S28KHRXr02BkaffiiIQQhtDwsaC4sFqOlPLc\ndeL8tcGjAHWdrKjOB9SzeXf1L2+dHWvEoPuOGNIawMr9l+Dq7YdJlQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-15T13:43:55Z", diff --git a/vars/per-machine/genepi/freshrss/freshrss-password/secret b/vars/per-machine/genepi/freshrss/freshrss-password/secret index 6025b79..9f2f2b3 100644 --- a/vars/per-machine/genepi/freshrss/freshrss-password/secret +++ b/vars/per-machine/genepi/freshrss/freshrss-password/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVcTZ6ckFyaFFiMDZ3bzVF\nNW9LRHp5NDVOWmVBL25JcDU0TDNDZWt2ZTNNCjVrM2MwWWJZdFpMTnE1ZXF0R1J1\nZFlSeFBxTWdhaGhrZVNBcjRSdThrTEUKLS0tIFN6ZHRaeDlnRnBzQm1zMzlOR3hR\nWEV2UUpHQkFCVHpKNjdSVEFzZThlbkUKfThsdJt7YNxQtpiU6h+iGuEHQwkyg9vd\nIlzTF/kJMij/a6z3fWFcYGJ7pqhYdHoAu/4S5jnWoQ8MSPbfmmdQLA==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbkR4R3hq\neXZzaUdSK0lLR1c5SzAvVG5NTWJyMzk3WGgyM1haUWdoU0RCNQpyclVDKzhzV2Nm\nMit1R2FLaCtUbi9TNFl2S2pEOTc2RlNBUEpDOVF0NEZZCi0tLSBDUitGYlpHdEZ4\nb0VnM0ZUMFltUkdTMEJna0VKME9PdElnWkIzVnNxT1VBChknMLUosGiMwWHr86dz\nVx1NdhHvcO7z5oEJlNjasoLg7pt/ZbIL5fCFB4N8L8S/73PJ39BBzbG5w6tsFcGu\nq1U=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUnZiSUNlWWwzZHZzb2ZB\nWWZYc2JCUkdlNVNKY1hLZEQxSXU4aWJISFFjClQ4ejhwZi9MRjVHbFYzMS8xMmlM\nM2lTajIvcnFVSmJzWWI1eFRNTzNGTjAKLS0tIEhVYWlwMThIRGxtR2lSaVExc2xt\nMWdxV2Q1QmFlMDlNZ0wwUUlBT1BZb2MK6YRudnDLWq4L/XafPtRAwInZYEzkw3L0\n+6gvssgEtUnYgooMQmBeqMKdOgST+Y6CiBeM7CxzQuvBIVeAVQnx5g==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDTm9idGpBL1c5Tlo2a1VM\nM0Y4RGpoTUJyVmFMMUsxN2ZQeVJBMDVPazFjCnUyckQ4YU9wWlFUTFdjYkhnMGZk\nTEhSVjZMT1BtdjY5RDMvWVN6Q3ZrWWsKLS0tIHByRGJiRitzeEEvZjhGZFBLSmdp\nVzY2RGxnT1FZclROQnJzSjVwVVZBa0UKrXTwpOOAyX3PYgHU736H6p+NFR+PdS2J\nVnT0oTQMhlqolDORBZ7sq5EGQIus/X2lD5mWAWXcEDeOPEk9C54tDA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEOGxRa3F4aENZR2F2clYy\nVmdQQlN3UFZ3Y1hZOWhrRnppWG9id0ovdGh3CmEyRzQ5R1VRRmRGcmRPS1FQcjJB\nemwzQUlKQXBKRU00MU9ybVd5ZzlkN1UKLS0tIGkwSE5veURyT3hDOG9GMjlSQUNx\nTlA4dDdlNHZtR2pqQS8vQ1hqM2pNNjQKBobb33lWK/imFmsaswcI2+I4xvy0Ul1x\nc4JY1Pkb8XoVeGWe3HYT8kaYv7kO5UvagYVH/ZWlIfZvDX7PhvrtgQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-06-26T21:37:15Z", diff --git a/vars/per-machine/genepi/gandi/gandi-env/secret b/vars/per-machine/genepi/gandi/gandi-env/secret index 4d993e4..ff06969 100644 --- a/vars/per-machine/genepi/gandi/gandi-env/secret +++ b/vars/per-machine/genepi/gandi/gandi-env/secret @@ -3,16 +3,21 @@ "sops": { "age": [ { - "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJYUF3MHc1MC9IaFc2cnla\nZERLaFVKcVg3YWE3eXZRYUp4c2ZFQXVjNkFnCklhMDZwaUNMVFMxcE43M1FtQ3Yr\nMkFkNzFOczd0ZFRlbEM1NEFNdVVScG8KLS0tIGViT0c0Nms0VGhkRUhkY1Z1Tlp6\nQXpFdnZZVnlkbUdRYm1acTNncnhxVEUKeBabd73VhaCBIXTc/5X3yijmn67f/gxI\nYc4W1FcqA3fiJH8Vx2LtVEwFonizZyHDi5bJe8ILo86iB6bE/kN9PQ==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBMWt1Mmx1\nSm1YVkpTN2M3QkltZ2FhbUc0MDNKaFNNZFVtWFRad3RoMVVpQwo4ZTE2RGFYWWFN\nR0VsejJjbldveXNSeEM4ZVpGRHJoMFh6bS81T0czdUFBCi0tLSBlWHFUcThLVFFG\nTkZYelZpRGQyWmRINGVQOHdwRUIzOUlWMHdFbWFDZXM0CjqEpSgklyR0FomAJQbW\ngOph3iEAuVWE6RWuyd2Tz3+PuFqn3PxaAxp6MWrNXNNwY5SubjGfziA0t3elV8zL\n0/A=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNR3Vsa1YvTTRKYWd4M1RN\neDBpSFQvS0tsVC9WdjVFVlFkZUlSSmpSZ2lVCjA0dExyMER0R0lxUHFnMlVmQmdR\ncGZJR2tpMHp6OUxkUkx2YlNxSUVDT2cKLS0tIERBRTd0RkdjMVM0UTloRjNOTU92\nR3VqVldVazV3dGdpWmtmRWJsMVd4RGsK6jgdhtLqbYcbinDM5P84j5qMIHyxp5R1\n0bKkllxvIIgmySRgaUSElW2bH+IsI6iOh65mF8k/P68j5Z3PjFLWBA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQeE55UTE3MTI0Tm9zVjZj\nblZDVUcwTzI5NEF5YUJoWWtJeVlGNFN5YjAwCkZKNUEyNERESHhhT1ZWQzVZdFhR\nQm5nWGlsRzgxdktDS0swbGVOUCtHV0UKLS0tIHI1NEJmRFltUjVHb2lRWTFISmdj\nZG04d1hEeE8rOUxLNyttaFp0NitpYUkKCp/x18igzU+XllW3M9lG6E7fWrbaoITS\nBoA869o1WGCXPJxBZp3HGY0IBSxDwxJ7Euekyx0JW2ODuiEjDLO3ew==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1NjBldTJmR2s0RGxYYUFJ\ndXFJZ3hWeXB6Z2V0UHNOcHl0NGtFaUVZRXljCm02eldZdXdWcjhINWlrVWFSUERr\nMUFacDFZRm5lbGVmc2tiZVdqdkVobTgKLS0tIGxwSk9EdVp1V0YvSFVGUGNTL3FY\nZTVLZXd2Uk13aEhJQUd3MVMyTTB2MHMKr241FqHj2I48QOfOx38kxjI4qcWGvHaz\nT2X2GZ3A5J96PZH9CaWkO/ezZSXWd77Svl39t11kSruGm1tFQozQcw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-29T11:45:14Z", "mac": "ENC[AES256_GCM,data:zb2U7OhXBWJmhZPf2/9G/BTAcaqNXS7zaGd4WppKf2fsHtbZZCswd9DfaI/0NzfknQgKlhmqr/qN/nG1UPFhosQGQTcl7Z4od57EyN6WDaXu4fjJYQHZ1VB6HvKD0c0bvb+yBX8WPxF/EW655YQvdV/x8VU1b+rxhGPCX4U1iPY=,iv:wt5RTsnv2hkF5PUo5ah2NM8HwEEBXrE44krI4Pgbbtw=,tag:7nS69I7ZG+kkIU/cmthq6w==,type:str]", + "unencrypted_suffix": "_unencrypted", "version": "3.11.0" } } diff --git a/vars/per-machine/genepi/gandi/gandi-token/secret b/vars/per-machine/genepi/gandi/gandi-token/secret index fb7890b..84b2e35 100644 --- a/vars/per-machine/genepi/gandi/gandi-token/secret +++ b/vars/per-machine/genepi/gandi/gandi-token/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhSzVUWDlsT0lrTHcvaEg2\nMERNUEJGRVM0aDlZdUszcXdtMjNrU1FraVNZCjR1K0h0U0lqdzU2NG5yblRqQlow\nY1FoalJiVEhFOU1vSzkxWU9EUUtYQnMKLS0tIEdJb2J0QWxucUF4c0tuL3ZISks5\nb2tYS0dvcTJpS1VrVUxOWDFZUmdIQkkKTy6B6tuVkcx/IWYIfp7GdxayL1MeWqcy\nT6dV8epjeTGqhMHvgpzL8YN2UO1HQurC33QyQ2LtGaPwuOOwrxsDXg==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBeWg0aC9H\nSllhbFRDdUxCTmNVcHk4VnFtWGNlQi9WemJldUFneFovOWFhWgpOeFFzU2lOemo5\nYVpMVFVhWmVXbjMzSEI4TXNpVmR3bkVwLzdZSFZaT3hnCi0tLSA2Rnh3aW1qVGNt\nR3FqcGp0RFF2ODVkSFFnTllSNTI0MXVIRDVJUk9TZExvCkxI8Uxhr7HGUcYMYNzJ\n9/pDPwJGnTenBtCstdfkl8LvcQ3I1Mt4YqEohsgGJbHaTiTMkrFyh3XC/ctCgxvp\nExQ=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyV00wYXQzdVh1Mnh5RzZ4\nbnNCSFM5QVNhcG5vQUdSd1VSUTFlZjFNV0FrCkEvbS9OYVZucEZmREVNTlo2VDVL\nZVRrRkJkZnIrQ2RhRXpBRXZjd0daVDQKLS0tIHVwcFJralBtT3J5TFd6bTR5Uk5S\nb2lEcVpmRWNoemhjUndBNXZsT2wxazQKSIRFTGhrtjd95Yq1ls9PvCr+mahlmFD4\nm9xeC8oX1JoV2SqocPfRKxFUjJjA09+bmikyjJx2nrza0o2wucvd8g==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzcmx6a0J0dnlEZjYvTnVU\nY2NzSGVLVk0vSXFpSHlyUEFFU1RoUEFxK1RVCkhZZGE3WCt1Z011MGh0T3I3aGMw\nZ01ac2EzMnlvNldFdFN6S1hkVThPa28KLS0tIGFmczIzRDlMaEtDd1FhaUhmVDNu\nb29KRjFQdGE5cGRTOEZIZVhnQ3lKVVkKmbarcTpjeSASBF8dI4OoFmM0cHeHUeb6\nqr1/zLbTSkU81bt/g9jWGNhpsMX9OG8RpZOeddEael9jlhVmGgmXZw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNjRQeXE2T053OVJhQ1hU\na0h0VTUxYndoWjk0QzdKVHBvTVdvWTR4am0wClpTZFpWTnNDVHBQVUttVldoUjRQ\nSDBGdzg4ck04UjFZOEJkOXlWVjN2YWcKLS0tIHVqM3VsQTYzZGxMakZlMGFVK01C\nL3FYQ0hjSDZZU0ptc1Awa0llWFBCRDQKRmCOScxhNdJDCE0VOiqLs+KOPpd2kwAj\n76HiESWdtSUiM4ikYz+DGWMWb2KERLPcuW1vkIp+akG1dt4hSC+jfQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-06-26T21:22:22Z", diff --git a/vars/per-machine/genepi/garage/admin_token/secret b/vars/per-machine/genepi/garage/admin_token/secret index efc953b..6a570fc 100644 --- a/vars/per-machine/genepi/garage/admin_token/secret +++ b/vars/per-machine/genepi/garage/admin_token/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEd3hZQjRaVVFkbFhTaEpD\nMk9yTWQzWVJpL0hybEFaV2ZMTk1IZ0hXb1N3CjI1UjVqRjN1VEJFaDRHSmFhbDZD\nTTkvUjNicXBEMFRlVVFxNzdzbXFQSFkKLS0tICtUditPL2krYnQ4dFJsb3hYMkFC\nSDZ6c1MrZm5sUW0ydTFjYXhlSTgramcK0lSdczaRmQODCpu9vtagqvz5HG0vW2Bi\nvQwwxALZYaaftZb5sJi3CfCWPEmzMJE3DXuZ4fvFJSWEaltzpBY1WA==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbEd1VGI5\nOEJtdzFRTG5mZExJVjlySzhPeFVNVEJmeEtNQnUxbHJpTmVtagpMYXYzSUJnK2ty\naWVWZUJwMEdRaUJxdjZrbW9ROHd1K004R2hyVnJ0bnNFCi0tLSBydjd5akVpTG5C\naWpsUk1TRWJnY2VTQ1NkYkluMExkVUZGOElnQ1ptMTlrCiy2EdfqTzj9fLXEuDQo\noefzkn7PfnLEjff17MZar2MzKhf6oNFMZ4jXFCFDSDgy3XI7vXT8/dvc1Ixtyss0\ntqY=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2YUdYcW5hem1ONFoyM0p1\namU4N3dsN3NGK1Vybmh5T2lMUW1mTm51Tno4ClZsOCtZMm5OcjdkOVRZUTJCc0Nq\naVk3Ty9rRGxoVWxhOUdtZ2l3cjVIa2MKLS0tIHpXR2VKVlpEejhScUlzNjRqcWtz\nSWhoc2FBU3hqZlJUa1dBYUR1cU9aZFUKtfZp+keH670a4osfsZck6pkVOPzgLzZE\n5DgnPYw0t6/xcDlDsqejitnPvtC4Oq9xebejGHKYSQNhrk0uFfI4pg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwKzdPZ2hVRUFaMHZVWmF0\nVHJnNzRDb25McnhXTWtkVTIzKzY5QzQ2dm13Cjk2Z3VMSDNVNXdxZEQxS1pvQ0x2\nNGs3WkZLVC96RU8wMmFEWTEvbHRKNWsKLS0tIGJmT2xDOVQwbllnS08zTEZodlli\nM1lLaEVMOHRKNG9TdjlQYTF0TkhuK3MK8QNf63xwoF82ra9w3/UzBT+v8MmId7PU\nP8g77HYiLFcXIlaGgR+ZG4Z5cpxsttCyxcMHbkfCLE4skSIN0SceFQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTNm9IdlExZ0hpOHRtOVpP\nNzBkRFlVV0RiU2tBVERjbEFpZW02bXVkc3dnCkRaamVwOE9hL2JxQ2ZBY2hRSThw\nZ0gzOURyYTdWdnptMFB4WHNUZEs3Um8KLS0tIHMvRjZQR0N5eUJlblMwVTZ0UG5q\nYjlCaldFbW1DNmRxSmFOZzdGajhwVWcKF0YzZ/Y1p8QA7Dljc3DD/FTC5WhZSWEA\nTbxCcQksg2FJbGeU/sgs8JvgXgn57pc7+cejYsW8c0QWyHmvnupN6Q==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-06-19T21:51:49Z", diff --git a/vars/per-machine/genepi/garage/metrics_token/secret b/vars/per-machine/genepi/garage/metrics_token/secret index 109e627..e727da0 100644 --- a/vars/per-machine/genepi/garage/metrics_token/secret +++ b/vars/per-machine/genepi/garage/metrics_token/secret @@ -3,16 +3,21 @@ "sops": { "age": [ { - "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrREdNQnBCZ3MvbThYMG5I\nTElOcWpaVk5DZzdjWmYzUHk4b21qOHVqZmpBCmJwZnplbUNEeE52RTJhNFlQMlUv\nelVGeXJNajZHbit2bzNQQS9VVFFrdnMKLS0tIEdDdjY4ZWErNlhRN3BMMUxxaFhv\nMWJKbTR5dlArYXUrRE1hNlFtRGNKZmMKR0Jmkuog7a5tON60DqcAeVOhNQQHkMCr\ns3PNGNx3xse1D46mfouhdJqzawmXg6Oj7YDNS/PRea9MaakXM1ZYGw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbm1wYUlP\nb0VwNnZBZTc3RzZ4VlZER01YeVJHeGNQOURlYU15T3dtTUprawpxekZ1WVRJeDh2\nWS9uL240RFFqaGlHWG1vSHJFWGgrZVNOdlR3MGkxNmc4Ci0tLSBENTJJb1dKbG9U\nZDJTOFZwN2NpdzNRMThnbWRRdnZQVzZsOFlpVThKRTI4CnaRZEisD/UCoIz79CmP\nwMD6uCol046UXXdJ/jnpms+Ct1a/sjAcVz1cuXue7bQS92vnbmUEJN06OJO3CJRM\nD2E=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRnhLaGxiZFkwMXpPRVhY\nUlVGaXhsZzcxVkNMQkhjQmVENjY0dStPcEdFCldEVUdPT05Wc3lPNC9CY2RtMjZo\nQkJWVmhKdFRtYzdSMDVhbGtKY3VsWTAKLS0tIGFuRjZCaml6bWR3UG9WMmtDSFNp\nckM5UDZYc3hiTWpQU1cycFZPQ1JFb1UKanhAPHpqbf01n0+Cli7inbmAQSrVNRHq\nRf90kbfd1VCf4hSWY3u0hbZiP33xo4hPMudI4O2J0MpPmzGicxXmMw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSURkVDcvaFVPb0Q2OVUw\ncFUyTXVTR0FHUlpiZFREMXYzOTNOOXF3Z2hNCitiRnRkUE5ReTE1Uk9hZUMvcW9u\nUHZHdjluQVFEMFpxVkZrL3RUYTZoaVkKLS0tIHQvbmRlSzdGeG9ZSkdzNjJFZjFu\nb3Y4NWlEYi9jQXpmUXhyL2lKMXM0NWcKqx4p0irRmsbVMocBNmodUL9eNkFjL1+V\nyi9ECp+0pdGKDCp20ygT+DiImJh1AQpE2ual6DvpH4ox6kO5MjsLPg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRMXJnQzRtRzAxZ0w0T3BH\nbE0za0ZjZXhEb0RTV094M2NpSzhZSzdhdGhBCjRqVmliek9KckYrQ05LellRcWpo\ndEI1QjVSK1hTbDBCd2pTdFZNbmNwZGMKLS0tIE9CQ3FTaElpUmNOTGs4U1dQOXdZ\nQzluL1RGeHVVWGNhaEdoMitDaGI3OG8K+XiaQeOarPa/mpqBeQtfojacZOhytI9B\nvzfO/SrLQTC0xzuiLab+VPmHrNBwQTBBw2QjRmaAxJOymG2Lq6pH4w==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-22T13:52:11Z", "mac": "ENC[AES256_GCM,data:JCmuUh0D+vWL8D9ogsWX70JBSSoUNxGN+R7kHFprK4ZCcAs1+zCzW/dg7qGcCrQXD6QkNx+nfM05kYiQKNeHXVavqKuOGhqgamPKrHnu6To1y2fNKPk9GbioZTSVpRiICUDGTUhsdQW0f77ekCMNcU7ElzyE0t9BhiwEmwexpbs=,iv:uUyppaoNVCmXkFY+ZrI5enRlEOAZ4+w30awlh86KpaA=,tag:R3fviJdYM+4SQfo3hLOhwg==,type:str]", + "unencrypted_suffix": "_unencrypted", "version": "3.11.0" } } diff --git a/vars/per-machine/genepi/openssh/ssh.id_ed25519/secret b/vars/per-machine/genepi/openssh/ssh.id_ed25519/secret index 859b019..f45ce99 100644 --- a/vars/per-machine/genepi/openssh/ssh.id_ed25519/secret +++ b/vars/per-machine/genepi/openssh/ssh.id_ed25519/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPZXRNYmdsUW5KdUNqWTZa\nOE1jWFhpdDBvakFBRE1KUUVVY2p2Q2xsdzFRCjlINWpKSTQ5aU54b3E2WGNPdEY2\nUkJhTy9YZUlGeW5ianV6dEhuN09nUUUKLS0tIHJKK2NNdGNkZ1o2N1dIK0VyYkcw\nazdycjlpTnlKU29ncGg4bVA3UEIxM00K9rtN48IvvY250zbM7WkQMGQ0rZmznrHH\nlaOS+l4WcX3VouIvKHIwNSNhh//psnOblMWjv5fBtGw3Sst0rzyL8A==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbkY2TzNW\nUnFvOU9xRUdia0xjUUloU0d1dzRyQXdWaXNiOTd3cGlpV0c0aQpLUkM4UTdQQlhQ\nNnRPUFRpWnBCaERUQ3NJRHB3NDBPN09qT25zRXA1WEpZCi0tLSBlSENwdTdTTjQ4\nRUNtTG00dnBneC95UlhVUTdpRVFUOGtPNWU3RndyaDR3CvJZET+yGuaor65bY9aS\nBOTKsnIX+824+Bvx6AqkHg/+D1BfKvvpliEjbz5HG7X3vgofG7jrtC9FYHpDemxu\n6iE=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIWEpFbzQvY0FSQ2hRaE5R\nL3VvNDE2SklhK1N4ZEZrRmpqcElBV01oWkJBCjVTVnVDSmc3aFJmd0dzNmc3ZFI5\nOW16Rm5NSXJ6N0hYdENQV2tTdXZuem8KLS0tIGlUVTVhQm5qend0REJMMmVnUGY1\nTGlVNWJ3UUN3MmhGS043cHg0Y1FBWW8KL3No5ItaAFdbcEF0v/q5yZdYATKxO2UX\nyDwLVPS8hdLYTk8XzzEEMQVBtzrDqahHp/uZ5LNXePJrlNQEtj0/Nw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVL2tJcXg2SzBUYUNGSDhV\nVDllL3lnVjFVT3dBaFlPUG1FQks1OFlmV1JZCldBeE1DVng1U3RjN2tuN3ptczJm\nMjhqZ2VNU1JRVzBUYUI2eG5tY3hKQm8KLS0tIEdlUFY1RUhWeXV4N2NGTXBGQzBK\nUDI5b3N2TGZxTEorYzJSNERMc2cvMDAKCfmy260E+6+IQodx6T1mIw1kf9jyNU2U\nzX0EHKptT8apgrSlxpELAj4m7cvJsuUCC2HS6Ydw6X4PYuauM73wzQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmTGUxSWpWL2ZRWVhzU3Jo\nZy9vS2FmTktmS0prckNVQTdrNkcrUmxpcEJZClJvNmwwRnhjUW4yQ2xSbUtEdGFY\neUg3akFYbXJPeDhGbEQrYzdRd2hRbjAKLS0tIFJzN2NBcExvU1p4QkJKbFpEcUc0\nM3M3Y3U5TEVPU3QzVy92KzIwTEs5NVUKr+ltG2HZEjqdi+OFrjT7XWsSAtlssSpg\nc9lh4VX2Px6DCB3I0TfUx4zW/5x+xYk9CxuSSsBCKCoPczSwhhElGA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-15T13:53:03Z", diff --git a/vars/per-machine/genepi/pinchflat/env/secret b/vars/per-machine/genepi/pinchflat/env/secret index 85f5190..421e785 100644 --- a/vars/per-machine/genepi/pinchflat/env/secret +++ b/vars/per-machine/genepi/pinchflat/env/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4NG1RMEhBS1duS3BRVnlI\neGYyOGcwazRPUFR0VEsyVDEzOWtHUC9ZdnlJCnNsQVI3SldvaytISEJIVWlYVWZp\nY09rQjZPZlhSd2JqanVmdEU4VElOWWsKLS0tIDkxUTVsMGZZUGR3bnNnd2ZZRnVI\naDNSQUhxZC9GdWFGcDNVVzVTSTNkalEKN4HIixpko+0uqd9BMH8tDIe2rbNkJ9jv\nNKv/zM2ONFtPGZDoEcPQlfPzSRTHKdYCnToeaQFjU3f2KCjN516oWg==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBcDU2WG1l\nYno4TzZEVTFBN3BBSFVyUklTeFNRU3ZxMWloMTZuclJhRGVYTgpoN1lwcjVFdFhw\nMUVUaDNQaWpYU3lDUWtPbG1ZU29LSll6cXJJQ01FRnRrCi0tLSBFc1lZamtQcmJ1\nY0NzcUV3T3NBY3VXMmdOZ0xFY2h6NjVMT3hvcHFPalBFCrfCRwovsf7pqtC2tqRO\nhgKCFFLRBNrG52RXDxnwnyoIRLDT4DFw3ALZhWYtmGvELE+wGC0yZ3Iq57WmJhaP\nWRk=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3ZGFZSGNkSHZQaFRqMERO\nVHZnaGhsUlVHekpxMzhrd3NSRUJMMW81QzNzCjdQanZuS2FXbk9CaUl2WU1KVmFt\nSVpKRFB1OTU0TlJ4SFIvTENqR3JLbVUKLS0tIFY2OFZXeGlxZUNmR1Zrc1ZaWERr\nS3pNc0ZCNTB2U1lBZ0cvRUc4ZXN2NWMKUrpP69SdEdMYy/aOyoLgCAnnfBFY1le+\nnT7tTxfjH1vc183A13nMPU2sbk/sOFm/nneIVaKtenHsjJvJMSbY8A==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSWUJxTlk2RFBjR0pHSWN2\nZ2pSV21mWnRFLzRBQkJRTHdlVkFBSForYjJFCmVRQkM1NHNjeStJVzMyR2JwVngx\nbFM2UU5hYWNjbk1rQTVxZW1IUWZXRncKLS0tIHg4SVJHRktBbER1cFo2bDZYQUFI\nbk9IQitiYy9MdGRZd2YzQXUwemhab2MK03lbCd40xcJlzJSUdVLqhl1VAjENQm3H\nHxGGalDFnom++8Ygc9QnfjlbXNtjhSpVHKR8lTazvaqWknuqms6M9A==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnUXpVR0RQdklLMXpQSTNI\nblhxVDBGd3gvUHRWRlY4QnI5THA0MjNRYXhZCkFDa01FT2NZcUdCN1pMeFZDemx3\nYjcvNGZNWVY0V2Voa3FLcG9tTU53WGcKLS0tIDBiQWxTVS9RSkl5czdWOGp6R3ox\nQkhoZDJCNm1namFldXQwTDFTS2Y3UjgK/yJr/s+6CUCEOWJznvjNXljEsRNocS7/\nXKX9dDhA2RII9jx/1X/JJhV1bXBASPqUUzjZCZYuJLqT5lNUckDBDg==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-16T15:14:34Z", diff --git a/vars/per-machine/genepi/root-password/password-hash/secret b/vars/per-machine/genepi/root-password/password-hash/secret index 743f5d5..30073fd 100644 --- a/vars/per-machine/genepi/root-password/password-hash/secret +++ b/vars/per-machine/genepi/root-password/password-hash/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYWEtuWDRxdFFSQS9ORitC\nRTY2dURyM3l4SVk5MmdhVld0U2RaRTRuUmo0Ck8rOFVBQS84RGFkWW9kUVdwdFAy\nRE5CS3hmZlExeVF2YmM0a2VOM25qTEkKLS0tIEFxeG1saGt2MjB2dnpRMVpJV0Fw\nb3RKMGsybjUrU3hUamxCSElOeDQxNVkKJ3dh85JmWa8yL6lsxKvR2oyQoBxQXatj\nGB005lbwBf+6pxtARiBmx9a4raiI055/y5YWjyxbNOiT/UnxAQHwgw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBMzl0Ti9K\nVkdBOTh6bVByMVd3Zk05blc0OFNoeldoOWd6L0FjVmIwUDc4MwpGbmZqWit3aUVT\nVnc5WEVWaTNOWGlqQUhIT1lmRHVEVXJlTXdMZFY0bE9ZCi0tLSBkd0dlZEZ0czlE\nRThMaHcremlDUjRHeDFZcklvdmwwM2dZM0RPOHRXYnZBCpd2S3bIPZXfcrKZioeu\ncf0bRhxtjBogCBdpwWXxgsjN5RmfamiuPz9qI1OKTtM95AVhG1sbp4qOeS3ilnak\ncrw=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMNnhTUGZFMFoyQm9PNHg3\nY3dIWlp3QTR3blZGbHViaDNkZlB4OUY5bDMwClN2YXZ1TzEzcnVCM0k4Z3ZQMkhY\nbDA4dWgzaE92cU5uNUFJUnFVMmQ5cDgKLS0tIGYrcEJkaHBEa3pjYjlnbml4ZWRU\ndE50bFA0YUsveFg1QmJ1N25tWnB0ejAKd8JVc6AlQ6V9YcTldHv0iHv76O7Skfjq\nImI+mA8cAglbDQl/aY3kVqupdHEGVy69Wfj2cZxdFiH1q+ehL/zwbg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPRU5aQU43TGtGSlAyN2hk\nQ2l2dWs4b3ZHUmd0NURjWkFXOS8xRjVSQld3CmNHM2s4QnpkblhlY21wbzY0cDFU\nYTBXNUNNSmdVamNSSk9BNnp4NGU1MFkKLS0tIEhDOFN2L3hxREM4eGp3dU1LTTh3\nYmw5T0hrMWFxYjRGaW1icUhEaG1rWm8KPJ+y30ntjpCnPAJC799m4ONt29QnBegP\nKOS8i1C4iWJ6HkchDgCMAg1TIiamxn24jXstRKaoa5jXauQki08owA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpQTV3S2UrZW1ZZytnaWVE\nYW9mWmE5d1BueHBUYlFGOUZUTTNTc3ZyVldJCnBJUTNvd0RENS8vY0RkK2dzZWNJ\neXZnT29aYjRmVHRLZ0FJVEp2clFCTXMKLS0tIDdRUGRKa3hkZzRxdnpDQkxvamlN\nWXZ5K2lEM29ESWc4SWZxTVFoVi9qT2sKQqPGcHrKi+PQqUJaYhgfNWPEe+n+qi8U\n1lNi1UNgfMnKLOPHw33CiQadKyhaqJeFdFg6WCrMKQQNt/fcZ6NS2w==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-15T13:53:06Z", diff --git a/vars/per-machine/genepi/root-password/password/secret b/vars/per-machine/genepi/root-password/password/secret index d78dc7b..76ba956 100644 --- a/vars/per-machine/genepi/root-password/password/secret +++ b/vars/per-machine/genepi/root-password/password/secret @@ -2,9 +2,13 @@ "data": "ENC[AES256_GCM,data:wnGJxis0TIEqPVWTl7KIwd5Zt5CQRC0lzA==,iv:vXKN/TAha6LMpMAMWMZlG1IBp9hJqOim7ZQiVzgDPuc=,tag:rPi5YlFiiFZoGD/5T9SYbA==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBc3R5RFR0\nY0p3b1FxbkVXeThJZEJjOW1GbzBZazVZTHVRdWNjTFR5UC85RQpMb3VvSm5hbDYw\nUU9KT1ArRG1EcEJXNzg4dkJZN05FQllxaXN3RHFEdmdnCi0tLSBMVnAyakF2Ynpi\nb2I0QStFMXNEQ0tQbk1KeW1lTTBrVGxielF5US9ESHVZCiA4fRhjVuLWl3LiRQcr\n8mDo9nYvmbXQpGwYbXNyiudYSBwU//rItWMGnS2F2ABpz3GqgSnnc1/3gImRdZP7\new8=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0d2lGNkFjYTg0NmhaY0hy\nZEhwdkpzbUFHT0dmVHZBSUNXczkvVlJKN1RZCjlhWUNmcmhvQkFKamp5RGJ5NVlm\nZWxZekhlYXg5TytseU5NVGU0VkIrOWMKLS0tIFFlWk1qcmVSYUVjYSthMys4aVF0\nQ0ZWRXVYMTMxSEJ0OEVjbDRvaUJYZXcKPQML2AfmGnXW1COjgIil2yabXflE/wGA\nOlSKADjlhc9cXfCI658n2WuXFQ1ysrS9Rtsy7Ezw5B7sY+m1DQkDYw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4M0VZOWM0RzhUelg3WS85\nSkwxMDB4QXpFSmN3aUJaMy9YdTBZYTMwVDJBCnVpZzBNeW9tcElsbGttQS9EMitQ\ndXZsMEFHbm9kRS9INktmajdFVDFZSzAKLS0tIFBaTWJmUGxOWUZFQy9UU3l0b2M1\neDllaHZYaTQ3bHNsTjRrV1BsdHdTeWcKEq9YJP1nAJqBRzT71RxIMkLb7DmZu36g\nDPiLODB7PBaonDWJlQ7dUPdAobGfT5Zk53khGwSEIhqhHL9hOxwQKQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-15T13:53:06Z", diff --git a/vars/per-machine/genepi/syncthing-gui/password/secret b/vars/per-machine/genepi/syncthing-gui/password/secret index d43e9c3..ca8db9f 100644 --- a/vars/per-machine/genepi/syncthing-gui/password/secret +++ b/vars/per-machine/genepi/syncthing-gui/password/secret @@ -3,16 +3,21 @@ "sops": { "age": [ { - "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdzNoZllKUUlQY0JCZTl2\nUytkeVF5YWpyTTRzWnFnWHl2ekJuUHJPY1YwCnhnMzFWVmd2SkRBTUwwWTdGbEVa\nSndlRVpxbmtCaHNYaTBBbi9ZVWkxTVEKLS0tIC9vRnJFUjhrbjFYWWJ6VTJYN25V\nUTVMTjdaRmJ3cTZDbW1NZzV1YzI1b3cK38Hqjzv9zRKG68aiI57pOX14PG/+qkg2\nOwnZeFUtuy84fW1xs00tRXAHUXFBoqavjQ9UaOaADWVDqdcwWbyfmg==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBdkt1WEJK\nZW1zSWNuOWprRE8vTkJYVThLZE5yRFMyM1lwaWN1RjZabXQxNwpraVFSYm9hcndS\ndXoyVysrNzFGUm1xeE9Tc2Z0UFlRZEhwRFV0eURtaGF3Ci0tLSBuUi9XNFhkb2o2\nUVp2aEpYUGxPOHExZzlqNjhDdEhlUUhOZHRNSHR5dU5VCtiNVDtVOv9CkJhwl7iM\nDTEyMFNobrvDLtjHC/K0s6zMBCWOdi6wUzCkTBVciRbFhPnZ5vMC1CQZy2OfvorC\nxdE=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwcmovYnRaS1lETGl0ZHpl\nbnp6a0Q2ZzhPYVU5YXRVN0ZEZ1dLYjFrQzFBCkVyL1ZJMmx3NHJ0RVl1MjBoa25s\naHRzVWdVNmVPM0FNaE5Vc3BvSXJjeEEKLS0tIHl2eGJ3UXlmNGxucEhvTWlUK2Jj\nY0dEVGhPb2ZLYkF1WFJhYlNNSkQ3ZGsKZ0HiunVE+tGx/wSHljp0ZKVPoz1GpXer\noochDu7LYIt3NkrS+4Tn3UBHckUvQXq72GcvaLI8l7h2RMFXRV7FqA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEWnRwZStVTjkvakxyWEY1\nODVQd01ubTc5TmNqaHAzSGhOUnlacVkybVh3CjgwOUxWditsdGljalFXRG1YaG1k\naVhpV0E2NS9jUkdCcnBzNmFUM1pHZzgKLS0tIHhpYURUd2FrUHJJRUlxOGpuUXJ1\nUVpQaTdCb3VPc1YzUDMwMkFUQWZzcVUK9ZppMlTQvQQOAeDFA+OUzbADEawIvTpE\nWDNL57ayqRP3aC7HBQZ+vLli/DJ1KYx9m2jITtDeIZWfLiUOTCdZZw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3TDd6U291bThUZzFLR1Fp\nUGhlN2wxTStsRlNCRGFzdmljdHpjSHR5OEVzCjhoLy9uWXltcFF1QTlvZ2hKbTkr\nUFI5SWNBZGV5RHNxc21vUTZNL1IyUTQKLS0tIDNUaVQ1ZWlZL0R4K0I4RlNaLy9W\nRUhxRHJ3SDk4cEJkYW13UjA1enhkVzgKfDPiSwfZvAE04pytEb40NG5ipmNxajMM\nxgNPkiIyrz3PDQmpZJqLnAUMb1rSBrk6UXSqaoPxIwAnmmka0wFSag==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-11-29T13:06:57Z", "mac": "ENC[AES256_GCM,data:6PybvwdIi19um8zXFJ3N1kEG611JSVor7fa7cwf4nOR/UCYfhgUc7Rp6YaXpnxACOrMoA8aLQznSKUY19Rrux1EnPFUUlUPRonS64CchoC/Ix941UffZA+HjHTIONOz7uFOBr5qIcWmcWR2EucyMQoWYd501u+chetJMWXErJ9k=,iv:HT5YivDqqkZdVQ/ELdmBBP5KY47VD2IKgpeGGB6pAnM=,tag:a/bUdqqh0TqT5MZrREL1gg==,type:str]", + "unencrypted_suffix": "_unencrypted", "version": "3.11.0" } } diff --git a/vars/per-machine/genepi/syncthing/api/secret b/vars/per-machine/genepi/syncthing/api/secret index c811461..42cf1cb 100644 --- a/vars/per-machine/genepi/syncthing/api/secret +++ b/vars/per-machine/genepi/syncthing/api/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHb1R0RXJMa3NrQWh1cHNk\nQTYvb2NGYURVSWdhTy9PZWUxSGJGQ3kvZWdnCmF5NDFmdlNKU2pML1RhWWtMUy9S\nd05Qbm5uRWx3TVRQVmJrY0IzWERhT0kKLS0tIE5LN1F1OG5BTWJkTnhiZ09OeXZi\nRDdTYk5FOGJDQmZKM2FsYWVHNnBiUEUKhM8adpoe8jHV9JPUoOWvlwVCy3ibWHO2\nkzSpGu3RZWXiZNuXAHtLbko/7LoVtoDgK6F1Sav5pDj4L8j5Pj7b7Q==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBM2llOTVS\nb25sL0h2WHlkNTVDT01hRWhwMHltT3BtU3pKYndMVFQ2T3FqaQpkMHdES0Fkd3Vm\nSngrbFJVYm4wRFAzNXRWRUhlY1NqZ3RQNDM5K3Q3VGRVCi0tLSBRSVVyVDNkMkRt\naytjVDNoZTFsK0tIUlJZWmQ2RXhxYjlDMHFPZjFsalhBCoL76MKcn0cYqqx5pPzV\nQVZxCsXjALYkIb74YSpNHFCEeWg+U+kX9xbYkqzYJEai2smPhjXNvB5EcTGSRWDo\naas=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2ZzFaeHRJaEtCcXB4eVZv\nbHJLOG55NzJiS1pCZmFRaG8wUEV3OVpPREJJCkF1WUgzNG1yNUhPSFJkdmRIL3F5\nWFFOcGE1bDBhZUFBUkN2OGJpVVdaWmMKLS0tIEZLSS9oUU1RZEgrSkM1ZW9VaUdZ\nRndEVnF3MElHZmRmTC9McGJqcVdxNncKW1S2R76l0QrJ8Au6kQXJ/uBFi5axNcSg\n5aTht6GtvNFqGKjsM4VqpbhaRS0oKy3SiGgfSBAhupGnJjKiu9vr2A==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbWxESVJSVFdQUmIzb3RK\nUHdDK1I5by83UUVQTFAzSUFzQTJVTDdQUTFJCkQ0WW1yT3lUbzZzL01hR1VacTVj\nUWgxeE1hYVArNi9XanhCN0VsaWFBR2sKLS0tIFRGOEJ1UE5LOTJ2MFRISUNlcnlx\nQTV0NG0rOW9ERTRTMDVRaHl2U2FIY2sKaN0nn5QZvAfhe/QOk7U2j5r0sC99DO3c\n4KN9vrH+j+z19kqMiJsbHQoj1cHkrvre78THqA2jaALjRWPTKLyA6Q==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0a0tWZ1Q0aGlUL0JDeGdB\ncHVTQ3hRN1NZWEdGSlhobDlyeG9uQ24rZVZzCmZuZk5oT3h3S3k0KzlzRmJzQXEv\ncmtZU0ZHOFVld2JQQjV1dVpvbzlscDgKLS0tIFB1K0s2TFlORnBFTS8xQ0N6UEJv\nMy91ZUZrRGxYY0dTMzVncE1yUHFpZGMKZqo56NsP4jZpygw6FBVBjJk+wrI/v9Hj\n3G8oxdtT6Uef9zolsDyXN1hAq8ip9O+pIUxxTOyEHXbDBQa1mYXjug==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-08-21T18:39:02Z", diff --git a/vars/per-machine/genepi/syncthing/cert/secret b/vars/per-machine/genepi/syncthing/cert/secret index 8908746..982c0e7 100644 --- a/vars/per-machine/genepi/syncthing/cert/secret +++ b/vars/per-machine/genepi/syncthing/cert/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLOXNuVXhZMloveG9TZlhX\nUkFBVDlreTFKYVRwVXpQUnl5cnVXa0ZESmwwClZmSldCeEZ0blJYMS9aTjNxL2th\nWW1TaEJZM2toY3NjUWR0U0tBNXNPemsKLS0tIE9BcDlZUktwRC9rbUdXSGJtb1F6\nTkFrZ3lrK3h0bWhQYnRDeFlRK0JLM2cKniFXUI+VTfvc1gVZqpGeGh9as0HYreT5\nioI+8WXdT+ZK8WWmtR46p2nRKjZHObivo9slCpex5lgynWL6Ng/e6A==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBZ2NVTDI1\nUC9xSldxc3Nka1JEUDVnbkFibmJ2RjB5YU5aQ1FJQk1Mc1BmWAphNS9DbWNTWDBQ\nVzRSYWlrOGJ3bG8vOGhQdmtSMHJlbGx1ejJGRmVpNml3Ci0tLSB3YjNVbDAxN1BK\nZUVpQmJsWmhYWGp4elJsV216NUFZcEwyOHNpU1VPWDBjCmDMmV/9xsHm1yClbAeY\nyfBp94e+cL441Fomp1akIfH8E6SjmA5EVKEaNH30yh62mjOHfruFhiJDdYY5S0nq\nBCw=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NmhnNFNqb2s2SmhiT2RP\nUHdDc3JUdE11WkFzdkx3MW9oTGcrWU92UG5ZCnFIaHVpa2d0cUNHQS9naGNuRGhM\na2piRUhPeFdMaTNmYjc5Vy90Z2NuOEkKLS0tIGMvSFBZOXEvNlhvTGVqSHVWVmFh\ndi9EU3l3bFVsYVpOaFlrMHh4MzVVR28K1hAGYn22vus7mFP4d9zNgquqXY7MKYnq\nfMFiFa4xw/Yu6WmfKNDWFe3R2CnUN3yV86jKm0F+aX6IkL5IFvn3Bg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArdkU4M21YR082TUFUU2xH\nQ0N0OEc2TmxaclhQZnVMSi9YRDI5cVRGWkVnCllMUTZsR1RBSkVST2twdVpmYS92\nUmpMZzl0SHp3YWdvZStNcXhCRlJCcWsKLS0tICs2OEdNWTIxN2hkWnR2b1krUHNl\nMElydlZGMkVrRG54OXNqWFFoQ3NrdDgK0laArHAXBIt5wZWmvYUHFph9QIPERW6u\nzKD9Q9/OrnmDOXPxA8z8C2maxEnrYIijmIgE0arH/JHneBiRk/sD3g==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzOXBYa0hGNUlUM3NVdTdB\nc3FEKys0Y1JjZjlMdWlxTTRteGorbHRqdFZnCjdMbzQxUEx4eXZVbGc4Y2JuZEdq\nQVVyY0JzVno3RjNWcGJSdjNBL2pZOFkKLS0tIEM2bzBYZTZBL0VIM3pqUXNzcCtZ\nNHNKL0JQWTUvaGY1K0FiMThjNzF1cFUKfuZRwASciwCyg5+Pv3U358yto7aoWEDY\nnZEhwK+lHCIII2Q5GepP2BpB4xIyjXs/Rh0zaReW5KZLRxUaBcDqYg==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-08-21T18:39:02Z", diff --git a/vars/per-machine/genepi/syncthing/key/secret b/vars/per-machine/genepi/syncthing/key/secret index ac554bf..d1e4b66 100644 --- a/vars/per-machine/genepi/syncthing/key/secret +++ b/vars/per-machine/genepi/syncthing/key/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLNERDK1lDVjVKS1FoWklp\nT3I5Tlo0R25VRmlLcERzcnBUTjI4dU04N3hnCkxsR1c2TjdjdWtjdmU0NmRaRDJV\nSU0zVUtNZm9KYmZnZnl1Wkd0ZlcwMDQKLS0tIGlIZVdHWnFmMHVYaVpoOVpTdDlQ\nd0x4YVo1VzJtcVgyajI5L0tIYm9DZ00KrxBbin3cw71No+rp/hNO2BdQfLsoOFRt\nJz8dTUrc7y4MRqj+3A3GTng9nu1DoBRhdg5LCXdflskQq/sbAO9bSw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBcm1LeWl3\ndTk5WVk1Wmd3cWhJd2svQzJrbjZiWHNiTFRteDA0M3ZYM0lDeApkUFg1cm5WS1Rl\nRjBlRUlnWld4d0JvTkFNZjQzOGFvNTBCU1BRMzhqZkk4Ci0tLSA2Y0MvOWxicXVY\nNEh1WDdwakxRZ1ZWQzFQM05IUnl2LytVMjk1S3F4dm9JCuIGVW2qGKjXN5YdRrS6\nE8rOvM4QX75UU1AH/+PysybRR/6fXC/B5aO8DyWev9KOwWeLDP//CuxWxGEmjROG\nxC0=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzZWs2RDF3cEZMLzR5eUsy\nQXhuWWthd1J1R1RFMjF2bkxVMU1vUEk0VURRClZEZ0prOW9yTUxlaHNQeGZ6TkJ0\nNnJFM3FWcWRsT3QrRUFuM3FPTGthT0EKLS0tIFVpMVMzdWd2QjVnVmNiTkEwVC94\nYnhkK3pSdmZpd0ZBZFpIemplUG5MUlkKZIIQsnUdXNzfGt/47R+Iw45dh/iRnfWe\nRiek1Dc/VaTHOKTYHMRrauPLl6Zi/NqvRXBhh3lCa78CNbdm750jqw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5dUk5SU9VTHpaaXVhOUQv\nK2dRNHovck9WSVFzRWNHb3o5TlFkdlRGMENnCmxLbUtNN2haNVR6RGp6S1RFcG5E\nU1BRU3k1U054OU9qMnhFVDhZdTMzZDAKLS0tIElGelU0SWZKV0dFMWFIUWNIK1RZ\nSU9hMk8wMnpTMHhPUGJiLzY2bVhLa0kKLDzxnSssAqdho50FeKJC1hFusL7A/lCn\nem4JF1avAwvKr2n4j2DbKB9280i7j4gtmxgY+OQk0FHbJTaHSSdmsQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlL3FlWllGQmVtWlFUQVVR\nUytNZDU4ZHdUZlU0K3pkSDVHdExZb0EvdmhJCkZyNzZmSjdFQkVJN1ZFdmpuUXdF\neUN6N3lDdE1sUHpjMTc4NmlRZmpIb3MKLS0tIHFYZWdTQlIxTG1mdTdlUU9waHgz\nTFUwWHZQUlhNL0ZmUkpkSkJtY0V4OUUK9YwGmPisdZqoKZuZdmuMRlXCdrJsrG7I\nExleBaQ4kHNMGhqcfVXf9OzpgScEd1dmbrTH9NZM64k8yd5Aob5vwQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-08-21T18:39:02Z", diff --git a/vars/per-machine/genepi/user-password/user-password-hash/secret b/vars/per-machine/genepi/user-password/user-password-hash/secret index 3c38fe7..96325aa 100644 --- a/vars/per-machine/genepi/user-password/user-password-hash/secret +++ b/vars/per-machine/genepi/user-password/user-password-hash/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyM09FMUZvLzV1cWpBNnBs\naXgzNXlRcW1FWkdJWjZzS3B5YjdQRWhuYzFFCmRDRTdRUjlaREIwTUNCTFMrbGJG\neFArVS9VUFlCek1Edjc4RGIzeVJOQzAKLS0tIHF0RnRocWhLelJOV3haWVErSXdz\nb2VBZ2ZVTzN5SUNzNENwWFNiT2R2WmcKipvqGOBuh53wU+91w9QFUGQpdVSuQjCR\nUfojMypTMbNWlo2+0jmUJUWbzEP8jzM8LRGNnHyTFjx6qQwDK9fJjw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBNVZ5MFhK\nbkN5Sk5sLy9JRHRqYVVPdTVxaGR2WGR6SjR2ZWwyc0owODlpMgpwZ3dZVURLTWJk\nMjAreGUvWXY0cDFjaUFzREpvR0E3eEoyT1BHMFQ4L0UwCi0tLSA4NHJNd0xxNksy\nVlJkN25jT0NCeHgzTE5VNk1DWTdUeUxoNXlsclF0N0VRChkY3o6/3WBmtH74mYoc\n1FDbSAtsM+4qX/bLm2EorcK4223tL3SqA0tBFRFONiU135O21knnROaBf+7byjGT\nDbw=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlRjR3OXNpeTV2MWxGQVFx\nWXM1dmdPcEF4Mys1NkNWTkY2ZGhIS1lZTDBjClJVZXQ3bHh1ZXlJRkNNV3dsSzI5\na0ZtTW1DTFdBV3J6T2ZLaWs0dUY3T2sKLS0tIG13ZktUVnpuV0kvU09rNmk5amdr\nU3hzSnZWUjE4SXNOeXlHdzFYaXhUS2sKbXpU58n1qmUGpzPz9keex7mQEKYc/PnB\np3gM+nIFuWOqg2EwHd2pNjNT3Jf76Jt/uBzsTPPJzwKJD0xW9CEKWg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTWEJIc0p3aEFXVCtaOUtw\nTUpNY0FtMTltS05rTnZPeW8weWFWQjk0L0RrCm9FTXBPeUNLUEo0WWpiemh4dGFu\nZnBCWUE5Z3lqQ3dRZzlibGhBRitRZXcKLS0tIGNMN3l4STJMTWRWUTNZR29VamY2\nVHRKWWQ1NHN0RE45cGd5RUoxb2RpVTgK0ajQzTcEzIagaa8O6ScJpn3vFOT1C7hX\nxwVJmcdKI+phUZnVC+V0Jc4WhYh2MIDwqjPFHk0+mtuZe1dTIouUpg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvbjVkYXBReXRlVGlubWFl\ncTRhbnh3S3BYcHowTFQ5QXJ3Tkw2ZUxmTlJNCkRweEJtK2ZVM3EzZnRxZkw5YjRJ\nNjA1RGFpSnF2WnpMbTUrSTdTcjh1d00KLS0tIDBySGFTTEtTSktydnVOWWpEUnMr\naUdQMUYydzRlY05EMnY4WEUzK0t2TlUK+1TR/MCYtsHebD9habH0uaYVaKinwtRY\nc77vxHARc4XGejQP1QBJTG2EDb7x1ywdZHzeU0H0kI4xuVfrqO+u1A==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-15T16:16:45Z", diff --git a/vars/per-machine/genepi/user-password/user-password/secret b/vars/per-machine/genepi/user-password/user-password/secret index 71bf9ce..fc102a6 100644 --- a/vars/per-machine/genepi/user-password/user-password/secret +++ b/vars/per-machine/genepi/user-password/user-password/secret @@ -2,9 +2,13 @@ "data": "ENC[AES256_GCM,data:s4vxCXqkVpimQHeT0f6tn5bdUM8N,iv:8keq2DwfeoaOqtZkxSw5SAQ9OwSUnbUWcVDYRdP7s2I=,tag:0tBgLvWkYqkH1RwX1VJSpg==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBZ1YzT1Fk\nY090Q1pURTQ4NUdxRm1LazNTSzFOendLQ2FOa0VyZngreXMzTgo4OHc2MGZTbElT\nclloVUNEWWR4Szh5dWZweG5yUWNyTnMrU1I0TjNCMXE4Ci0tLSBFdytZZWlEVUNE\nLzNxcmNjN3JZMmtzK0FEQkU1SlQ5WTVHOU1rRUFrcUJZCta6PPdD9hElLu9qmOcO\n5IHhzc0PXaf5Ttq9wsK+hX9XzVzYmlenT1aol6kAYmYNwvVU2y8tKuqmeS5PmUt6\nvIc=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnTXRMNnpocFZVSXJxWDJB\nNG5NcmU1N05CMU95Q2FuelRDZmNxVjZ6T1FBCkhpZVJUMElPaW9TTnRGTDdza1Z1\naWdSTzRuSU1Zc3c3Mk9PQiszZmZBKzgKLS0tIC9zMVBkRXFnZUI3NWxRMWRGSG9I\nZ2dhdUJ1eTJoTkxtV0VhaW5DK2I5SEUKiulI8V8jMPrD0x1HUrZSo93wGMz+e8BB\nX6r2NVqjihxoHyfyeP1gTg9jpsh44UbeD8a8i50YXn0oc7+kADH4MQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjN0xneW5NNitBTlhvSmRN\nNVE5bEtCMXVPRHZhamhpQTVNeWdPQkppem0wCmpkZ3p5WVU5a05ISnBwb25FYkMx\nTDJGVmtlSHRtdEJMdlp2NEVyR1B1Y00KLS0tIE1LOVVuOCtjaDlDbnBIenlwaHA4\naHlmbGk5VDZQaUZoKzg2SGZ4Y2lDTXMKNGV6QfcAei98XhPEuxu436ASzb3QA0PM\nyaUsaEH8+X7yqgVgJ4UPOmFgBJjVsqwk3GPzQ7ZHn87bmY9BR6sfmw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-15T16:16:45Z", diff --git a/vars/per-machine/genepi/wireguard-keys-wireguard/privatekey/secret b/vars/per-machine/genepi/wireguard-keys-wireguard/privatekey/secret index 688aa0a..05ee135 100644 --- a/vars/per-machine/genepi/wireguard-keys-wireguard/privatekey/secret +++ b/vars/per-machine/genepi/wireguard-keys-wireguard/privatekey/secret @@ -3,16 +3,21 @@ "sops": { "age": [ { - "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2bUhRSkFEMnovOUdMQ0Qw\neC93QWhaNFpNWlVCU2hQYXJSLzhnYytZWUI0Ck54VDBJcmFxZ0lKVTlPcngxWEJE\nSWkrQ0ZCc3V6YWdqUGl1V3JrODRuYzgKLS0tIENpV2ZBVDREeUlZeTNERTBtMmEv\nOVVldU83VGRSL1RzczdwWmg5TjlXeHcKHKRYgpniwiy5trRK/udkePJ7yO4mO9oK\nhtC+BjcTnPXb5UJT+lP5QrX60Y5/a9DPeNjeVecU/kxlqZmCvhv0SQ==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBN3pCWEgy\nMzgwK3JFa1NWcm1RT1ZGa0pBYVE1MndJd20yQ1R0N09IZXR6RQpHQUR5bHk3L2xZ\nUXRmWWw4WFBIM0tlL3lZRHVrNCtWNzY3L2Z4Umo3cTFBCi0tLSBURVdhVXpvdGlt\nVU1paE9HREw4R2tZeVJmVjJjczlOUGE3V1NNN3F1bFhnCk5z/xpB9oQgZrNnLIqc\nHSlFo9RPToUqYA3rcsUZTcUmPK2JgGimh0azzO12mvg67hNNiHjztnk3EP/OORM6\nMlI=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3OFNtT1ptcElIcjgxNTJq\nZTVYb29DNTF4YkJOU2VoVnhJQmQ5NUVncmlVCmwwbG9yUVdQcUhSSUkwclROWUpI\nU1EzMVV1aHdNY0tIMlBuaVoyb0xxR00KLS0tIDgwZjlkekVqblE5Mll1TEJMVVJr\nSW92b3kvK3NIN3RPY2RaVFlsR2xPMDAKgzhOV+Ww+BivhDbB4qGafis7zadQaW98\n2Gs4Y8AiA0ep7TLMxbtkLLQsjLNZcOn62jdc7ISF/vMtlLMHeHYy+Q==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2dGpSay9NM1I1RXgrMTgr\nSkpEVWUraThBeEFxRVZUSytIMFd6QmRlM3djCmdqZms5b0hmT3VCREovSGNIRkFN\nM1dVK0NWYmNuNFZiRnVRRlBXbm05MFEKLS0tIGlsclBwMyszK1pOb2lZOURUN2ZX\nSnJKcFpzOEtqdDd4OE9sTE9lM3ZFSWcKqwMjJKu5sRYcw3wGB/8VX4/UtE800rLf\n0hBZwjGaXFUBs1VdqaZselu7pW1PQNriZLIepjhjB2iEqP81Bk5RFg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwUkFzbmpkNEgrMiszdmJI\nanRNQUQvbW5SYXlqN3JHTXNNVXhJQWkxaVI0ClJHL1VncWd6bEZlb2ljSU5LMlM3\nSmU0SHc3ZzdIZWY4VERPWW1nY1VsRzQKLS0tIFNzaURUNm5xeGdMVnZzdW9OTDJr\nNFg2UGZJWGpNeWZpb0hDMzdSckgrRkUKeYH/ZcuArEw0NqMtDMMXVosjISgsaT1g\nJidq+8U5wpyMaBEUIAkxr3Xf3BKP8D5PQ9Hl+F4BPsSuNfyph/FGzw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-11-21T16:53:26Z", "mac": "ENC[AES256_GCM,data:UmzngDkTSBiZxhCTWqgzvZIAY2EqsrCcKGeBHRiwErqsC2jFyfUJNC11m9byh6mtYB81vrAFbsQq/kFN0ZAVUfVKqbYSI3ibEFXBbFbKX5oMhFgNs51Rvab61DVFyfn/36u6VXFdkq1FW58j7p8kQXXd/OarC02r7LJzQY0BdNs=,iv:ZJbEM7o1+rsG5/3Hxu+PQ8hARhmoC1QCqH2ElRxfJTo=,tag:HLfgcwexzIoe74Ym5KPE1Q==,type:str]", + "unencrypted_suffix": "_unencrypted", "version": "3.11.0" } } diff --git a/vars/per-machine/genepi/zerotier/zerotier-identity-secret/secret b/vars/per-machine/genepi/zerotier/zerotier-identity-secret/secret index 2d6cb01..3c80514 100644 --- a/vars/per-machine/genepi/zerotier/zerotier-identity-secret/secret +++ b/vars/per-machine/genepi/zerotier/zerotier-identity-secret/secret @@ -3,12 +3,16 @@ "sops": { "age": [ { - "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTNTEycXliN3JUSkQ4czdZ\nNDFHNk5EYXhHWFc5SzZSYUJ3SU1NRlhKTFMwClJadW5aZlluL2NOdTRwbWhpWjhF\nYUE4Y240SS9HNWZJZ0FITjdrbVR5ZVEKLS0tIG91WTAwZUttRnFCQ3NwejJlTXpj\nZE9maDVsWWIwNE9PZ2gvSGtKYUxTVjQKJl/RXsOGqQk6nAfLG6L9nUMMparvfQxs\nkB5O+LuZsFgtzJrCmm3pwfn8h9E2YHBcBwwziv50JHeiyhQ7/tOb1w==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBaXBlNER5\nR2duQ0FQQ0xheDZsSW1zUE91bk44RUs3Y2MvcEcrcFJaMTE0QwptOExGUEtsbFF1\ncWNRMVM3WlBNTEpyZDVscCtDU1hDRWlEdUNqNG5uVEdVCi0tLSAwZzEwYU4rMnNl\nRXJIMFQ4ek5SeXlTRXc0VGE1L2xFRkZtT1d5elYrd0NFCpB/c+IWwxKGNW6mBqP1\ndD6jXJPIKrjNXnrbNTSFqLrG36QFQdeJkeLnWa5kCnAVm0WzEEMUXDL2mOtd94R9\nVUI=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzRERQQnBjaGpwVUlCQzVD\naDlDNTZaRzlLVUpScS93MXFRb0dRM1ZrMGpRCnVLRnBkVHlBY1VrQTFtNkhGZThk\nWG04cyswaVF1dW5VaDFBN1ZVWkQxYkEKLS0tIHRNUm1vTWhBUkcwdEZpZExEak9W\ncHhZdXRnZjBaeXJiN2hRbEZqYkVtMjgK8qnPrf/uEKQ8XZ/CD9SNW1+Ym7JWGWjl\nF9NraIpLn1pPs/MMd39RLtbODS5Lrjg912xbNCuSiOClP9yWc2EMuQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaWjB5SGw0YUo3THFwMXVt\nRnNpM1ZnRUpLQ0c4R2NwcHZpN1Nka2UyRUdjCkxyVitYdHFkN3MxSEJBSGlBTUM0\neFZ5azVDRDFYalpGWU9ldm8zb0pQSzQKLS0tIEtNUS9Oc3VWTDVKY0t3YkJxMUlx\nUUQ1SFRwYmRsYWxTT2pmVThZT1BjM3MKNkb6VVgq3SkzUJW0pCbS/9z+zJbGSw9d\n0HMFSh/fgqgtlORdcFY40GayyVdN9tvlIa9sCvKWye6dNqkn9SFh1g==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpQlA3L25HOVIreUNPNnN5\nOUU3MUNRUVBIZmN6dDZwNE1GR0MreGxPZzE0CmZWeW9yMnNqVkpWOTJIb09HS3ow\najVRZ2N6Y1hpcnB2SllCcEdjSzFlVEkKLS0tIGpkeVp3R3BDMmZCZ2RyNXlleW5B\nU0JDdmRrdUgzck5lMmZIT1dGNkFReFkKysy9bB5LHIQPdyv2bLGdMJQJbEFXpjZP\n8oEH7aOlYeNihz42fxCqV8MEqMQhu1KO72okAZf4kIqQ7arTl4xWgw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-07-01T18:02:24Z", diff --git a/vars/per-machine/haze/atuin/key/secret b/vars/per-machine/haze/atuin/key/secret index ec8f2d0..e2e9608 100644 --- a/vars/per-machine/haze/atuin/key/secret +++ b/vars/per-machine/haze/atuin/key/secret @@ -2,17 +2,22 @@ "data": "ENC[AES256_GCM,data:fF1De3CumRtONLJXCxgV/DDy0DbWdEDcgTEf9PB8nI/czxsoe+iQ1nbbHrNkG9ZqJQl72nXL3+y6g4OssZ44aQ==,iv:0oCUhhAJNj7fQLxqLlSiF+rWpDrk/C/WX9+fwWnNeM8=,tag:FzXudt/aGN93XSfaLRMHwQ==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBeTR6THRh\nc3ZLS1ZiY1BZTUxJaGZmUGRhSmIvU0NRTnQ2SEVBY1VaSXdtQQpuS245WGV6RFRF\nV1l5b3VvdXIxbmdmSVM0Syttd2ZGWjNCZG1MVXo4ZjM4Ci0tLSB3VGQyQXhSam9w\nTGNYWkM5V2FMZWUrOVphazdHMUN5S051b3I0ZVBCWjJzCpg+qJ0m/keQto0L85cy\nWaYc8nCkBFUAPv56IOVMk8Yku9A+nObMCBJbgIhkGpSgyQ4natRYSy8bqEy5w+Bn\nzFs=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsUjB3RG5rcXg1cVpRR3Zw\nUTNQNDRLSDdzbW9NbXpxUXJjT0s0RUxzRGx3CkVrc0kyRm8xVmFYOHpGZEhwV1RJ\ncWpNN050TjRTYzVCSk00QmdBa2ZQTDgKLS0tIGpCa0wyWW84RmpTZEw4aHg0ZWps\nYU9tZWRLUG5RMWF6bzJaNDJlV1BzY2cKoYyLtxVzwpqwaajgVgQvuDKHM+uU38vT\n/dVUjz54J4+/HQPd65TO6CIvMRQXu7ebsWxsuPAvJYIgeHD7mEbpgA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGSjk4NzJOQ21DYXJrZ1ly\nblR1UUhwSHpCM2hnaGVneWhlalVaRy90VVNzCk0zMTMweEltVXdZcDEzQjd2QUU5\nL0RIcWp4TG9RSUQzc0EzbkNNcTN2UncKLS0tIFluZ2VPS1hieG5WMEVLNDhteUY2\nWWRMckJSU0pUSFZiNi9xZnlVV3V0VzQKzfkIP15LeHs7PRNO/bsyD3AGNl8CRnbi\ndNsIbGyeCy/ObVyoC2y5Ksvhx5G5stEaI6YGcmQw38u6L8/sbHhyVQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaREM4NFh3Kzh0cTd5eitK\nV0VpbndEMkNQaW91aHRaY29PTGVWWEJOQmhBCkU3eXpYdnNPZ0hBQjk0Z2huRXdj\nYmxsNUZ4cnlyUzhsTnkvaFBaWUZsZVEKLS0tIFNoU0FQWFZjcnp0M0JaREZxc3Zi\neUxxUDc2R0lkckp5V1p2SXlqNlBjTVkK+9utF0LvMNO3bTw2Ky3Eprna0rBIR83y\nGgKN6buuPN6xp5RNUixmvc9lEvmX+RwSQzs8MTnhCOQEmcP1vvg+aw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmTUdBMVNRU2xJd1pJZ2FM\nK1BCc0NOY0pkR3hjNFFsSnFINWxlR29IM1VrCkJ2ZVJyakJNWXZ1c21kYTdDUkVr\nWGlPNXVMTENXMGhNVmJsdVUvTlQwem8KLS0tIC9yeTZMV0djY0dyOGtha0JYbTE0\neDFRankxTWI1eE1LYksrR2hOekhOR2sK6xaYwDpqZzeyvhxUexeWoxcPdZmSrYX0\nLy6o1LllJqZUoagy4mMu1EY75wAWlvOOGxcp3O5YesiKhGhD1Yz2Dw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-11-27T14:56:54Z", "mac": "ENC[AES256_GCM,data:T9Z5jMebdm0UuRsnrFXYxg0Yylvn5So0ZqaEo+3axRMfjq5MS/sikz/nRGhgD5h9OTRk3tWndBB8aUO9u8QE+s+L4jM+wHSD1cI0+mc4/UuQgcs09tVxtCSFED0ETp8Iay0lhl7+yKpImPys0RpGNd4Wjn1qqExXqQ4M5aYcBWQ=,iv:85NKSnnrOGUtrriky0twzhLstnkjFkL11YxXjsgF+Js=,tag:VXb0q5eZFLxW7yE+SLZlYQ==,type:str]", + "unencrypted_suffix": "_unencrypted", "version": "3.11.0" } } diff --git a/vars/per-machine/haze/garage/admin_token/secret b/vars/per-machine/haze/garage/admin_token/secret index bf529a0..028740f 100644 --- a/vars/per-machine/haze/garage/admin_token/secret +++ b/vars/per-machine/haze/garage/admin_token/secret @@ -2,13 +2,17 @@ "data": "ENC[AES256_GCM,data:5jy8TnyZC5pnZjVHfu2UG5WP0EqiYIAzkxNsfXi49SQM0Jj0YcDGnJK5rhQI,iv:QdixTsOqXAdK28eggOekBsAiecwoW5IIOQLaGJ8TQ6I=,tag:whNmkf7n3HwtfXo4mqsODg==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBK3ovdVdh\nTTBnNy9tbm94VFFHQ0dKVzg1UHZ3d2lNU1RPMkN3Tnl0QnYvcwpSeHlvMXpTOXBI\nMnRYdmRVRUJ4WHJrNSsrMFlMalFhRkJTd2JJU3BZQm04Ci0tLSBGNmJ3aXZDQ2VC\nQm8wb3lHQ1U5aGtCeFpsWDBqLzI3WHBheGpIWnRrbmxBCgDMrm+AGd7xQCEw+2BY\noXKYhxFkwqA7OhVycmsbPH19coPsL+zvPwlw0EucsbFCxsJHJjSrnSMiX5969K2q\n0Rg=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMWkx3QUpnb2hNME85Z2Qx\ndmNuVTl2cS9vQy9WTy9GQ1gzQk02ekF6ZVI4CmNqbEVMbzF0ZFBCU3hhNEtjL25G\namZRdlpZdGN4djJ5RVFkYVpST0pGWUUKLS0tIE1XRm16TlMvZWM1S1UzcVBqRGZL\nbmppdjJuekZ5SDlRT2JyWk8wSStPQ28K7WNzJfzLeQE1A/6ehcqEXVo9wK8BXZXx\nrn54Q66NJ8D13EB6ckAAtYs47Q20QLMZYOjLhXplMtzbNzsA9AbW7Q==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiS0svTEJSekRuZkpiQVZ2\nMlZUUGpRMHVodUtZcU5FeSsvb3VaOU1QcUNrCmNEdVJja0RydGhXRE14eUhwOTFw\nb2VQVUdsdC9NR2ZnZ3BRK1dZbnZ6UWsKLS0tIFhXekhTNmFVdTdVKzE2REYxbzk0\ncFZlM0JJazJpUXJUdk02VUlyL0d4a2MKJvnMAmea+F+GbP61HtIkMnfhciJ/SZNx\nToCtRtLTcjLNERKefBB7nG5KMSNiuFV77TG3kP1fLJbYiZRVnvWtNw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxeTUyUWZlT1lVQWF2VnlG\nQW4wZEJHSXVnckpWQjBsZ1gvQW5FRS9ycVJjCmk5QU42MHc5NDhXM1JtdDNjTG93\naGJxVk85QjRuY3B3MnlrOTdLNFNxaUEKLS0tIDJicVQyS1JoZnFRdHI0MGJscVdQ\ndGhTK3h1L0w1czRvOVZEa0pOeFZQMEUKdPDn2sgmIn5k7xWhyevmeoUYJeINsJou\nNmMjBmcd0yPY6VXbAP17zaA53mNfYVCjRhlqWwXKFtA/6NeLQnbNvw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUWhtT0szeEtva3dVOXFL\nNGZ6ZVpNN010MlNyOUhHM2NiRGM5T2hGQzF3ClJoTlFycTBKU2lPVnNwZURXbE9l\nbUlJZ3paQmRISnZBVUhlVnRNUzdOZ1UKLS0tIEYyTkRwQkVIdEthdkhCZktKZDRv\ncDVIZGhXZEMrN21DK0NEVUg3YVVVZmsKJedFmljwSZM/1IXq9nXCDV5c5w8lRqIT\nPH9k4VCF5coG4W/3ZIxHTleqAjP4wg8rXKju3UxgCTIAkyQei/2/Ew==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-08-20T19:06:32Z", diff --git a/vars/per-machine/haze/garage/metrics_token/secret b/vars/per-machine/haze/garage/metrics_token/secret index 06d02b7..1a3ebfa 100644 --- a/vars/per-machine/haze/garage/metrics_token/secret +++ b/vars/per-machine/haze/garage/metrics_token/secret @@ -2,13 +2,17 @@ "data": "ENC[AES256_GCM,data:2sVVTEcBqn7eIZFpKfEWJ4kU1tS4o78cv8VosjG8s3JmXcTxqHczEdbs+gVA,iv:T1eDOxyWNiwDl7+kZKDb78J+A3t/E+0okj1s3OjyyxI=,tag:wDmMUJp1I/vTm4XsK5gHPw==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBOENac1hN\nTGk2aU5tOVJYVzJRMDBSQzBubWlNdXlDdXg3L0lUZ01QakpRUwpJUmlxSTQ2WkdU\ndHRxNUhEWFk0MHFNNU9hQ0N1SjdzZjJrL1Exd2oweGtnCi0tLSBJNmtBUTZZajhC\neElHUVZiT3FOWU9ZajlZMEJzd0dTOW1GY203ekQxSklrClEOoWIkuwn63CZUSMR2\nkfBFJD4eYR5hMLYhB3jl6wmo4s7c/QdHFft46lqNCuNBP+C6xvBy6HFb5zSVfyau\nxmQ=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLTFFNNnRpRXZoSkJNcjdy\nRCtJWm5NY1dUUm1jbC9mOFM0SEdVRlQ1UWtnClFRenhVaGpnZVRENmcybzlhS3J4\naGhObWUzRFNtZk1EbXZPYXZXeEM2dEEKLS0tIGRmeWdLS1BUOFpLNncweWtYYmJu\nSVRsZHAvck41UThyNlFYOGdaN0swY2cKHCXE0iKuy1obNYA2U9YbkdcGemJ817sw\nmoDJOFBat/YRUuURvvxzH3OBvpoymXJ5Ov8j5psZfoXyTdaEsv05Xw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3enV2NjRNSWRuckg0Vzk5\nTkdOTi9ZeW9iZG1wbk5LOU92aExLc1pPY0RnCmFwYXhNcGs0QjhiQUt3OEpSc21O\nY2VXMGxxQThIbjhYNFduSGRFUm5MZGMKLS0tIDFUYU1POFpEMnVHWmM2R2p3VEdl\nTDZUQlZmSGY5SjhQSnNqdlJwRzBWL1EKClpZH8Z8A1yYkKerKNUGre/lvhizpeUo\nMYslXzeEhemnx/1Gj9SisZoRCXP120p8ZZS/nEzFyjE0G5J5rdo4Yw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWMGRaYzNLek8wS0c4eGEx\nVWxQcWtadHYzR05CZGNiMDBpenBZZUlDaEZvClB1dXQ4K0krRzdhL243enhvTmJ2\nc2gyVDlpZFpMeVQzQXpCTHk1Q1BjaEUKLS0tIGlzWUlrenhUU1o3N0pCaGRxWUZK\nQzZnVjJqU3pLVHVWM2FVZkxkdkgwRUkKHEq7gRTOzKC0UZMNtPVjn3LS25ihqh/Q\n+h80aEXuYRtr9CKWXu9fWV9mRTs9xvSlRJ2PMKA/N0M/eQu6kpBPZQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWd0tHVUlxemxtYUVHRERl\nMEVCV2FqRTZiaWZ5VjdkSWF4ODZMOGJkSURrCjNUYmxPUjFLcnBmRHZQWjFVaEJ4\nWlg3Y1FkN2R3ZWxnekVxY3duMWNscFEKLS0tICtNT3g0WGRYRVZwZE5sRWx0dndW\nTmhzRVhJQWdqL1BnR2l6WlRZVGtyZTgKEcbI/v1JIrGP7IezkkZ5zxlcGR/gCB2+\nXv6j2IlWRec0giftjfPBssHxH3KPN/7fg6CzH8l5G7eJTE9zVWfFIA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-08-20T19:06:32Z", diff --git a/vars/per-machine/haze/openssh/ssh.id_ed25519/secret b/vars/per-machine/haze/openssh/ssh.id_ed25519/secret index 8f048ef..5380f9f 100644 --- a/vars/per-machine/haze/openssh/ssh.id_ed25519/secret +++ b/vars/per-machine/haze/openssh/ssh.id_ed25519/secret @@ -2,13 +2,17 @@ "data": "ENC[AES256_GCM,data:5PcNd7Bwd3JaX0nOHt1VDuSywsa1B6nyvFoy7NjGQMHyDF+uO/rZmepYB1eqC0kZnbXdK2JYbjg53UUDOLo4RRKPJYlv5Y+7MA0mH3K3z3/psUCjwGGQrsQHOSd5FZREcX+JBZFh0pcidbXiSjMAl2GJ2+OlpS6MdzYGzmV7/BDdHPEjZfvDIIfBzCkgLeJ9gc9w9BrAF3l6i2LFjRvmct/I9Vfz+dCLItVYwqHUXA2YXjAWUg9tjX0l1D/FSzkSpk6XcASItuoBto1KGpNf2foCoS0YODpDyujOQeGAGYIXPzRzQbwGSax9aDMEIDgO6rEPTd7pzcwu8DPppldzb+BKGbdG4EYeMC6AY5KhcmV/uNUy2Hz+qNnRsKu9WaUNZ8KoIjpeQiPNmp4qYGxwaaKqoE3QBXjw8VqI1XYa98qsVcDYep41lqR2Tv/00/kXdkyKyWuDRjfVrj7WgrwqXatMWNlc5rqOuLtB8xF9r23kbQbp0TS0Sv+bIgfCK0bdzlu2NZuztJIfKq0l0lwt,iv:twwK0WovfG4CCXpX/nshpNbWufioHWsgbCe4PRyWzOw=,tag:JY9nrER36pkLj9xTUCV7Pg==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBczVnekR0\nZElvanh2bEpFYlNTdHp4YlppcnRWQU5DZjRLcUFqTVJEUUNiQwpWS3hweG85OXNo\nQ2syZmlhWHJQV3UvUkxpQ1NDZ1pzVG51WDFwL1NZQmVRCi0tLSB3SjV6SzFSVWx5\nTmxhRkdjVTRWZnBZTFNwTG5KVTZITEJ3OStTeWZxSlFBCmND/qvE8qX7RzO63r92\nOxRqmpFEs3xayytu0JH6P2F9+BrvmJ0uXkmojNRqCVYiMs7hgV9UqETsYx3+E5DJ\nHlE=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3dVVLWVdobjJEL1JQNlFW\nbnFlWXNuK3Q2d01kU1hoQXBWaXBFNXVkVEU4CkFlbzZTMnpwUE1ORU9zM2l4TE5O\nc3lsUjRaVGdtdndldEQ1UTBONEZvejAKLS0tIGU3RmEvYnN0UmYyL0tPUld4cStD\nUVNaSitqZU90TzF1enlBZ3E2bXdXUkkK3WjZzeEbbI/IzC2iyMUtIahzuojJafVY\nhPYUfahwfdt8GDPp7dIsed2IoeS3xnPaHZ9+EhihH/xPZtz2oAIKvA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNTkVORmNRRFFmRnd3Q0Fo\nNWMxcnpDK3pyck1xRXJ3a0l4RkhZb1FHelZNClhXbEU2VE9XU1k4d1c2Nk1yOVhl\ndlVQVGcwenRQdmhsbWJGV1NhVGMvN0EKLS0tIDFsV1JsMnlDR3V6Q205ZHVnV2c0\ndm5VUm9JNnZUTHVmMEJuaGRxaEYzaEkKqWKmZAfhNZMkGfvZbJKEIk6olzwUpjkF\n7F+Gt1it9cfi8Vm/JqVJS/s0MwL0krpTOrI4KHw4rldI+iesCmojHw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBUFJqaDNIY1UweElXV2J1\nQ3JWY0pOTW00WG9pT0tJWHNFb0hoc0cxNUE0Ck91ZnJLc2lIWlY4bFArazZwSy92\nQW0wRURrdFNwUHc2ZU1QQVJIeVp3NVEKLS0tIEY2bGJMblRMUjExWm11M3puUE9x\nUlRwY2RSN01taDdXbko0M0s5OTlVWVEKPv1/4E0G0tpwXPpRQrodugA+v9vIhRD+\ntGwTvCJ8z63CQo24Tcb7WNEZ/bDKfS2p8VH6QV8CAJvWWFyF+x/6NQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1RmxiRUIxQ1VwQVprRktk\nbFhJa2dZaldZeUZFMEhZWTA0alRIZXI5c3hFCjBIaU5NOFhyc3hWUi9zUXNTN2pu\nNWZHTWR1aFRsLzBQZmVkR01pVm1HZ00KLS0tIHlHSkhabU14Z0tNdjZaamlQeWhZ\nOVcycnppKzZMd0VoNDlhOFNHUXFZQWsKIQ3wVqakZWuxsFctYf6+1XAmIMlbMUwK\nOHGSOH9xxHgXDileuF4ougojbx46CUCv5nsCc7zaM9HriZM+ZZ/LZQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-14T21:17:44Z", diff --git a/vars/per-machine/haze/root-password/password-hash/secret b/vars/per-machine/haze/root-password/password-hash/secret index 4a4d249..ab991f3 100644 --- a/vars/per-machine/haze/root-password/password-hash/secret +++ b/vars/per-machine/haze/root-password/password-hash/secret @@ -2,13 +2,17 @@ "data": "ENC[AES256_GCM,data:iVTjlSzAcJP5ULpJjfkRPnGGYTBWJMAYVrGdqeCBkXroAdDqi7CzAPRdtRuq8/jnruWH3PAhgeo/iT9w14sTGqHoxIovgum140zHj/2J+GdysxdOJPdqifdPpO9YRVgEdTEnPE8/7h8mnA==,iv:RkieucOw0hiz6ix/XgRepbmg34afgf7D/sFGYF1uzrc=,tag:X1p7o+/mwOW40e1Swvtbkg==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBa1paRXdl\nZ2xXZHZYMjJOQTNlcU9RTzhtOFBUVVlsWDkydzdDbm5CSDU4RQpPNmlzbkVYZFRs\nUGhpSWE1eUtPYlZpdXJ3bHl3UTFUTkVKbmFHcTF1ck9rCi0tLSBlZEw0Z0RMT0V3\nL1NydDZQeDFDUjlFM0lQWkNrZHl1WWFhYlVuMkhRZndjCqU48TBdnRtOK3ORJdGR\nXguzoCR2yKXsM716LrykGQLvH7B9FtRyewNuxJnZgMc0VZwJjcH74Zwqc0IROqsK\nKRw=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3MzFlb0tWcVAvdExzSWk4\ndjdycmNsbG5xOVFXYkZzN1ZpT1huQ05jSlJFCm9qMDFybjV1Mk9qbHFvU0VCNHlM\nOUpqeVoybTV0c3NjZjlzcTNFSlpQelkKLS0tIHcyY3BGWXNIa0I4NFFHWDFqMFBa\nZG9sZkxMMjRSRUF1ejU5eFZVZWRHbTgK/ZExg03rN+OA/PX/qomcB2nJqQk55haA\n6Ok/1mzgtd4qeDp3tQDn2GqxHj0+Glua4wA55uLeBN7uRgT82IfNLg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjNG5JN3N6U0pjTktBUDNC\nZ3JJN0Qwb0Mvb2YwOVBDZnFUcnNXeG9oQUJJCkVHWGxneHdSMnhhZzBBa0VGTWhr\nRUp3UmdaTEdXRkNWc0haMkNia0d0UkUKLS0tIDZiWXBCM1FhSC9lV0pMSEFEM0Q0\nSHdqMmJsWFlETjE1MXBydW9tTEtZSDAKsZ3Rk2gl/56v3JnWpG/GB5PfTQfgIAP7\njl9wcWWm9Fw+VMtt7FAEnkXwpy6Jj7Uc7oLBtvm8f82urHppmRYG0A==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5SS9iVncrQVRkYkM0L2hH\nWW1oRWlKT0FmNDk0QndYNTllOTZyS2Jsc2hJCjVKRkR4QW1UcmU4bWpFVm9VVU11\nU3VQbG41UndSWG5wV09DeWVIczE1blkKLS0tIDdwN0FpQ3A4bWtLa0k4YmsyRzVR\nMGpVNUxyM2VZaVpjNm5wbkF0SHludnMK5RxjTcybp5XObn31DC27rU9TDy4ca6oy\n6rn6hX/9AHCq7qAqhjvb4fF+7cwW1WYWZcAdWuWKa8EO/Xtc2MeMXQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpQzdId1FKMWpBVlhLOElZ\nazF2OXhLUHUwT0pGRjd6d1V3MXZiaFFuVURjClZHc2dyY0RsMTdTWGJNTjNiUy90\naHRyQks2NEJsZjBFVkRSK2JUemhzUFkKLS0tIEhWM0NVaWptaUZHaVFxNlVjQXdC\nOGtGVjQxVVU5M2FFVE5uZnJTc1B2STAKgPYPb/svRRiZnhpsRiYDKrFGkhhdvBGP\nLOxj/u25nFbHHu47bmykFvWAGRHSLI9yLxyZ5dLE8TvG5pKYwKJJNA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-14T20:58:38Z", diff --git a/vars/per-machine/haze/root-password/password/secret b/vars/per-machine/haze/root-password/password/secret index 7b8b6a8..c6181eb 100644 --- a/vars/per-machine/haze/root-password/password/secret +++ b/vars/per-machine/haze/root-password/password/secret @@ -2,9 +2,13 @@ "data": "ENC[AES256_GCM,data:ZubfHil6U+zDmAFhVuNKPwpxv02As6JZNVRm,iv:7/UnzVA0yJ5nWC0m9eW6ZQ8N/gZIvxldT6jONbEbcUI=,tag:OZxm7fkGRkxJahq5/79Ctg==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBaGtOcm53\nZis5NlM5amNqTktLV2lrZG04c3JwMFFKWFVMM0JNajgveFhpRAo4bkhlQmhVaDA5\nVVdRbDU0eVFCWW1HUFBNcFFWVHZ1MVRrRWFLUU5DQnhnCi0tLSBjNXNtdEZ0dGN4\nWUZTQWR2WWxpQjVBTUhCcUo3U0xSakFhR2hoWk1yc3ZvCseXGY0+gkWbbXlUe3PM\ncP91bDPgdNA2bnMIXQ77HhUhGNRFZzAR6vywO/h6tRK5mfCZizEFjzac4Qstktoo\n8rk=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0ZGdja09nbFdOSEpRd2po\neHNCdm1NTmh5bEpjZURDZmFKT3NsWitzaWowCkgrSGpTKyt5MzFPZTJoODZBb0tl\nYUxueTgzLy9RWjhXdWEySzlIS2hEMkEKLS0tIEQvMjZTcldjdVRBekxySUc0Q1h4\nbTR6Tkp1Q2JnVU9nRUdHbURHUFRtaWsK3Zq/MNzRV+oViZIn36RMmG7St49I++QQ\n2s+DNrzT2CkGdpXwSegwrxDZdnk6LJ5bJbl8K2POQnDFtvQqipxTaw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuR0J2cHNORmNSUGUvV21Q\nWVhUWnJpWWxIVkk5M21JSjIvR1JJbmFZVjNZCndaZkVmbGtLc0s4ODRBeFlKZHU3\nZWdXQzV1VmZpYkVuOHMzWkJaeUZnSGcKLS0tIForcVM2a1VCY3dIZStBcDNHVXdm\nRHpESW5mZTZDa1lNYU4yamlFNVdpSVEKTAgPAtIIGBXCHawpefCtt8rwhd35aS14\nPMYV142N3zjld+8Jl7ijlvOHrOkgSO+fcApr/iLIYtgQOM5exvQABQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-14T20:58:38Z", diff --git a/vars/per-machine/haze/syncthing/api/secret b/vars/per-machine/haze/syncthing/api/secret index 3249789..56f4f4b 100644 --- a/vars/per-machine/haze/syncthing/api/secret +++ b/vars/per-machine/haze/syncthing/api/secret @@ -2,13 +2,17 @@ "data": "ENC[AES256_GCM,data:wdyPBmRCVrcFH66X01F1VzFfGkKA5hhIEa10WUMfnoM0,iv:QJBi16RI0VvHtEiwrtk76oad/LNqG+xOTPWHS8R7Kys=,tag:AnaCwhmtbCZ6MaJvrRNesw==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBNkx3ZURV\nTTB1NzI3WjY4L245UFYxdjlCM3J6eWJWREpGUW1zUW9NbzJmMAo2SWxmZmIrQUtv\ncEp3RnZrYUt3T0RnVlJYQzUyVGtoZWpLOTA3Z2gxUVV3Ci0tLSByanNZTzZLV2hs\nNUllOWpuVEs2R01zNit0TnNZVDNNVFpCbEE2SnlzUmJjCitYoW1QgWHsQXZiYFqe\n84FSP5/o0NxnS7M7R4rp/FZWtB/mcKRtYJdEeTGgPBpN7WPNFEPouLQs2b3IXuOs\n9Qw=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhUER5Nlk1Y2J4cyt4aUxZ\ncjY3S3VIakI0aWFQNGhEK05qUzdRaGNhSG5BCjJhSmpZVHlEOUZXRWJLY0g0NTY4\nUlJYcTU5ZzV4UzBTeFJOT1VSMHhGWVUKLS0tIHpPYUZYWVVOemRDK1dMZ00xQnNK\neGlaNUJ4UTQvblBYWVBJd3FSK0xOcjQK4e/6QiQ84joHrEfhXZvJD6IcMbM+SRrt\nAr7L3iaBVxXmSL+VXvfY9BHeONaEFE3+Bspc5qAurxkYhcrlUqJr8g==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBeEp6N1p3NlVnT3VwRjQy\nWmdLendRYTF2YjE5VUI4aFh4aFlraUtPUG1rCno1ekVQSlUrcWxyb01vdUc4OWY4\nYjlKc2IxSjVUT2xTNytPckhyM0QxeEEKLS0tIFJkMVI4bTIrWlFXNTcwdmV3L0hP\nRkJyZnJNZWszZUxOcmx5NE92WStMZE0K4L7anlOR9Tow+PV/2bOD48IxFi5T+vYT\nUpWkadK/7i244fdnapPTDN/4C2ZM+NQIRdzFelITRmhtdQJ9HHcEzg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKQTJxL0xqYXQwN2RBMkJL\nSG5wTXB0U2NKK3JYNlF0TmkvRXBCOCtZMXdFCmNKVUFBdXBwYklWZ1VrazhCMURj\nMnJ0R1ZaWGpxOEZLN2NUZjd5ZkNvcFUKLS0tIGppVE45bHdma0NzT1RSTmN4NUZ5\nNzYvblZXQWRnOWU1ekF5Vy9rTmtna00KnwKojGvvx/5JbfcReLkX0oT5Qs89UJhw\nROoW5tC4dUf7MhBf/+EUD8vG660XFlCMMoIeVX5FGSlpBHD6FSFLWw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBabndFQWdmdmZDelkwWWZS\nYURJZzk3Q2JEcGtqMkpWWXQ1d2ZQRmJDN3dJCkpzQTFwTzV6TFA1eTYwckZRUGpy\ndVdpaFhQbDdXZnFmblZXeUhLaGFzTVUKLS0tIGU1SnhzaFo4Rkt0Z3UrYlluOXFH\nTUxzMGd4RTVtZUp4UElCWUJrTEhIdGMKn3Nl0LPMQjG0yAIS6ZscXaGwONRuAN8q\naA3a244WsVYhWedPkGXvx49o+UueVmSihz9UK7Fv2Qq/Wxh4/t79vQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-08-21T19:57:39Z", diff --git a/vars/per-machine/haze/syncthing/cert/secret b/vars/per-machine/haze/syncthing/cert/secret index a83f54c..80f27da 100644 --- a/vars/per-machine/haze/syncthing/cert/secret +++ b/vars/per-machine/haze/syncthing/cert/secret @@ -2,13 +2,17 @@ "data": "ENC[AES256_GCM,data:SKGdJPqhv+RHwVkLjxdeWKfWwR4Oiyi+ftWJ3SmGsqLEQvuXzXjsivIRwYPw7EWwMDpgh8GD28iV5TaUmthcptLucKuWk6no+AXhc6diEeRm6YEh2BAN/L2leNN0l8Dte6wG1O/1FwBQ89qHlfuJZpxCsPZHz/+Xr734F1+mbkrgat+ItET2wvqT56UkSkct0CGMqttY0IlxEVCfxZF3R/I2aQI0TOyTciikBy5yJxvffVReJhfwwJvE9PedZwjiauIxvKbvuev3+WKzLYXEr4jPqFaTI+t/xYVlWXSlXQNot/FlOFy3cfw9kKb5R/l9Xst05xA/5wMDDVEBdx1lbRxTWlS7ZYJDyZbNRtTkB6jYe1H95IupVKrnt9nqLzEaXnxzjonHrJNwopW0sF84XL9HZ8g1u+ZTgCz7CuRzB8WGacBd/nt8NIefgpeS3Coj0XZQx9cMIQM38P5eJuiM22ardknZ8PxCBCFeqXxwrddyTfrZY+FPRrIP6QK+aVMRn7998qqaKlPA0itgvyTYIMHIy3KT4Rv9U8VEfItauDsUCzhJ2TDOIuDpzCTq2pu628WRJA3jbJns0l+XSo5WUEdjK1IXTUOLsaDm+Mph2vty0IRAqoc/JV16WOqn+SeCFxdvy2eOJuosj/6hknKrSP01ptaEhrbZWFsfAVrhc2iv/9u/KpEqzn4f4XAlFkwSevBePnUnYYMrOAuI8OmmLUsWHv1flOTJmbsWLNT4/VYf4z6C9knIiz8Usqpg3BgYIt7XcntU1VWBhpwnzaIA0V4aGtoT9VyCuLP8eafkncaUkFXvYJDge9GJs+JXbrIa6WL2lRXltq7iIcu3F2FCu+sQa5pBuLTZa+dsTFKYoU55zXWRS+kXMe+M4soZ3HwxWUxN//n7KmJWN5Lw+qyNMQwBuraYCuFQR+LL2gus/Plaq8pEmi3u/sl+deU5nKW0pvyjJsCRmLW0Bj1XgJhuNGxqRhdQzHhVfs4TB5U/Na4FLsQRB+kXShz8hb4N99YklGbQ8+aNGJkgg8PnfJTy6kGCTcZnig==,iv:pOJFhXC2+945P31AI3XaGogeDJiLreZXDcBu8OCziEA=,tag:q0/fTUGO06uwq+c7CRf6EQ==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBNmdIL0cx\nQjFNZ2Fhb2tMQWlzSWs3MW9JSUk1WGhSRXNiWDRYMkdYWGh2NgpSL0haTkJONkVB\nSXkxY0VldG13dThKR1R6azVUcmdULzhuTVJhRU5zL1FnCi0tLSA3S29acmpwUmNB\nVUJOT1Z2M0UrcWRoYStqSHBQZ0dRMTVDZXl2dndCSGRVCsXEZHp+UwDCNN8hB9Hb\n2uLKtn2RVzDWZZSsYY1DjC+Ib3LIn9V1Sm9NJZSb9dxEJ76gDpXfpGu3hpDaS1Kb\n6hE=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6RGxjMFBVR0VHaURUckRp\ndGtndko0UTJheWUzS2hGYmpVM1JMNU9sOGtzCnRsK3BVWE82YXlTaFFvMjR1R2tq\nYXdtVU95dDVZV0tIek8rNVpmZjF6WVkKLS0tIFZYVFFrZ1hvYzY4UmMrdm5RaE9h\nTlZyRktERzRFV1Jrd2laWEJ1RGpOeGMKS2u4xjbZhjgVxZShQhhUN7LjJYvf8LqW\nDfcZDHK5cBT/13E1vgtdEdh4pM1O89DCVFft2VMG1GGO/ciYxOCRiQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3MVduYWdrenl0KzlwZVlo\nNkxScWRuWXp2MkFCYzFrN3UvbWZNbzlsRGlnCkVmdWhnVHh1UnNzWjdjWDJZcjh5\nVVF3NlZNRkpLK0svTERSQVN6SjFpRWMKLS0tIDNQcHFOSzlheHBKclNrWVV5Zm5W\nUzZHUVE3YmRZY0p1Vmx3N0c5OW00dEUKaUa71FUR6uqYXCYvZKItvTQJ9LTs86zU\nATRVoHjadqckOav1Drnp273HDKyp5M5l3eM5QTBh9K2TvltPpQNRqQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2ZENHN0Zqd0tsblU1TFBL\ndThtOUY5Rm5TQ1hzczJyU0VGczJLQ0dIV2k4CnFKY3pmbG5IdXhVZ2ZnSUhweHpi\nZzdkNEVVSDl6NFNaY1A3QUV1MW85Z3MKLS0tIEkyWkZ2NlRTckg1TVhFTDF1eVdF\nVnh4YWlPQTg1SEw1UGdoNzArQ0dzd0EKVAxkdZVWtIopQ6MgUDtcQY/jLcxIctUq\nGBVG08xnxGZSrU/O7pbdlRzW9P78HalzPh+U9dDm27Q2ybp6pL3K5Q==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWSmdhTlQ2VmJwMndNY29v\neEZBNUhFSWhsb1ZDQlYyLzJidU13WTRLRWd3CndtVWhDd2xLTUVib0wzNUZCQ1pE\nM0JVR2dLMGZnVHBZZkxGb3NhU05hUXMKLS0tIDhsR1F6R3g0U3BqUEg2ZENKa01p\nbjNXQkNzbE04bngyV2NSSUd0Z21rVFkKBBE3AchGJde0W2BeE+3yTpPHkG7Q57ZC\n7c2Gi01jSTzuY35ShfI7SwcdiB5bXvFDlp8veRYaVbRb97a3yzk3mg==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-08-21T19:57:39Z", diff --git a/vars/per-machine/haze/syncthing/key/secret b/vars/per-machine/haze/syncthing/key/secret index 447837d..9120032 100644 --- a/vars/per-machine/haze/syncthing/key/secret +++ b/vars/per-machine/haze/syncthing/key/secret @@ -2,13 +2,17 @@ "data": "ENC[AES256_GCM,data:VTGonbJui6BXQSPh6IgxYqh4bJuNNplBzYr9XmddQuVgUheuXOWiIZdWIKQh+/6xGX7J3XRv7hsrmE5XJjUwR79mSgVGwa2K4ZASv8aRZ1JVuephtd9OvJaazCjeA5Y466XJtw6NEmbRiu3SCxItj8Rqk8NeLnX/QzfqTA2ICRBWDq8tBY5gYgDxZNLksDchVF5VziHjENQ0EqW5inRczWoTRf/TnnwHeGj/FY4MNgDbV3brhlHb1ksVLxxZAIJkRvPVUn8O3Q1lAQZsUNBqMcHeFGDXVP6GYyarq0oi6yirajKU+e9240SSpFfF8kkN0Bu60cKaY9ITfp349vi86hgi4t69jF7sUqvJ7q8VXtKQkWyRaiA3iMnWZBBhmVQM,iv:XYXEsPw53CSM6qGVOUx9Wo4uirtGGVqcXAs5F9oNHjQ=,tag:e2lmKXl+Zj5Kz5wv1LTk/w==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBMmRyZkdo\nVlRGZ1BCalpIeHNiNll6V3dnQ1VDVC9EbDN2c1NXTFJMVGEwKwpNUFFnOEYvM04z\nRmdCUitzMjR3Ris3Y2k4elJXWUR6b0xPVjhuQUpJSHh3Ci0tLSBBd2Z1cG02YUc4\nTG5iZzdBeS85ZHNFdkR2UW1TL1E4YUxLRlBoK2VwcU13CkZpid/zyU8orJFnIURz\nAjbPrjAEbV7FCTdjo40uT0t5L02EL+DdGu6SxdO9uOAIGldT/n4AG6xfaFXKchwL\n3EU=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmMTVKSjVNaUorUnJnOTlZ\nc3JhSDlqZlpDQ2p1VFdqVVN3NDcvTVR6cGhnCmZ4UFV3cEkyT0RKaUI1UGRnUkNh\ndDY1c21Ja0xvdzlXWi9WTGErR0FDQk0KLS0tIG04bitsMWxMc0FwL1Q3RlEzOTRI\nUkhYenFzTEVVdExvQzVkVTU0cXZ3Mm8KHb+CXIHlz8uWHNt7a12qQ2P9vFwhklPd\nnhuZS3ZZ0POWkFp2EEeUL1JFYNrPyUpB5Td2ty/dhN6FGVFw7RoUVQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1bTV3b0didG14dzltNzJj\nN3NoTE81ZXhPanNmRTdObEQyVDFqU0ZGMWhJCm83TTJtek9CV1h1T3duQWl4Vnps\nVW5UeWNCQ2s4enM5SDFCYUNyREg4S3cKLS0tICtpaHpaNEE0SGZHWlNIam1nSXJa\nZUhrdm9GOEx1a2tmM2IyS1ZNaXB0MUkK0ACO9DnzYq8amR/b5cU7ZmWMTg8/zF4E\nPdPJ2qnydnkOK04ZwXeb5W/KtxgSiT8RAG7+Z0rlE3MCLSDyEiGQUQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHbktRWnorSW1zeVR3RWdt\nMHl2alh4cnNYWWVOWmFuYzA5TktwclUwb3lVCnNUNnFLUVNTUU5veVpFLzBOU2hZ\ncmRqay9EOTBxazZ5aDlZNnZid0IxbzQKLS0tIGdOYkRKeVFyWkRHMkhaeVJmU3pK\nbkpvOG1XcWtMT0k0NmdZUkhUZ3ZNVWsKOClJTcBoB+oO41jQNC43ssNTrQXPmRBO\nGZgLa9p9eS4LCl8vVDVIthf+Z2fT2hYXzPqQZMK+gKVDWopPf8fpCA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2ejlzZEJUZjNwNmZpdzQx\nTUJ5UGJUcmdxUFNidUdPSENXSU54TW1ENlNjCld2MktBVEhMM0Z5SXVkeHNDa3Jo\nS3FjNFNRNG9ZamZmMENRL2hya2VkdDgKLS0tIERWMmVNSzJETDN1YW5HN2VMdTZt\nUk1jZzNwQXJ0am1TaHZ5YUs5MFI3NzgKoQ/HwCxa8tkISkRK7t+9rpMMyy7Wtq+T\n2FU0+fJzceOxU5Aa6N+KADTnY05udhmkbIDKCY8amaPS2Xvcxh4i2A==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-08-21T19:57:40Z", diff --git a/vars/per-machine/haze/user-password-rpqt/user-password-hash/secret b/vars/per-machine/haze/user-password-rpqt/user-password-hash/secret index 9d2819d..21e50d1 100644 --- a/vars/per-machine/haze/user-password-rpqt/user-password-hash/secret +++ b/vars/per-machine/haze/user-password-rpqt/user-password-hash/secret @@ -2,13 +2,17 @@ "data": "ENC[AES256_GCM,data:FPfiUzjYns9F9qYuJCuKQ2gQOtiRM5p9wUM4vTB+itXKiQHNRWaT0Row/wyMLkjMd8roBYgpUpUOpOnI2MZQfUAB3dlvVKoXW+lE4LrC2G8qTleQ3FYfM9FelpWuw+yCq4IJaZu8PVRY0g==,iv:K9B46wJW17JoOU4fKl6o5kYMnXJG8l+0C0UNSq6W5fU=,tag:pfG9rSTlv8HVKs8orUosTg==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbXZBdTFh\nQUkvRjhZekkrbGVTb1l3SDNNUmxVT09qT0x4SE1zOFlGcUpzUgpOU1k5aU02U1ZL\nc2VXYWhNQnRGa01FRUZtSGZJR3MvWU91UlVFdGdGanZjCi0tLSBqd2R4bzg0Qm9C\nZXZXbi91S1FLak9QK3FLMm5GV3AyNEI2b2pjcE0rKzU0CqAxB3GStWPJ6sNjv7MA\n4IcsaFjifj7jXG6ubJraGdM0+C5kOw0WiLZYKGa1EjU8FdWm+rh7eGkSum7qf30P\nPDE=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZ2l4YkZadGJ3QkRhVW5j\nUkUwdmpEMWN2M1BXdzJkTVVDa2liekN6UENRCnJBQ0p2cXZscWtRRnJRbzZzM3hu\nRUUwRmhJSHhua2lBNTRXN0pyZmZlMVUKLS0tIGg2MldqZTRkL25rYkY1WmtGSHR4\nV2tOQUdRcVRBSHlsWGZaU1JMM3o2cjQKdrIbQqkM23CS4PTvsLLH2B4bWn4G+e20\nUZkcIyYCJhiU8S/k6myCRnPp/HvjfLhLuW9vc9UX47rfrjOOKv45YA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBudE1xdVAycHNxR1cxYUxy\nYngzZGlSMVF2RzdSdjBXTFFiTmM0UDc2a3k0CnFHWUExTXltYyt0VVl2bVBiSEpS\nb3JCN2lBWHVyMUhpNjdlMFYyM2IrVDgKLS0tIGVPK2tTRStNMEhQeE5LZy90OUJr\nNGdtVXp6R2hRVEFWRXdXYnNBWmcxTGcK1czvkk9uubFGD7n4eSjpyzFMM6hPPzae\n5Q8zDYEuAZaUM9tNTUZtMvz/Q3MIgEBZYNGmLnF6SF1CP563XG5r/g==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjRVYwU1B3ZVh0UXA5aHcw\nWkQ2eWxxNlVjZ2hFTGtCYUtPMGlmTG51LzBVCjR1OEpvdFNDRXVBd1dSTVhFNUts\nUzBPai96dkYxaXJNN01GRWZySFJ0a1UKLS0tIGVZdnpnK2NPQ3lsZkN0c2FCZWlK\nRlpsSmhDbWlYM2R3ZFBNUXI5bHlXZjAKMQzFe6AnWo9MOy+GDpahVfYumwZ5727u\naC4MiIVeTrIptXAqkxCjXrgsr5IzCV5uhvMMmAvPJ/xhmUeb1XraaA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4WnFtNmtrbVNNc2MwQ1Bt\nNUVUb2xEcEVQM0ZMTzlvekZidVFCMDd2cHd3CjBhR1ZvYmtsNm9CL2N4ME5uREwy\ndWtoL3JoWVl5TmxJSlVhSE9LaDIvdUUKLS0tIFdqL01ZdllYTUVyZmJuam4vOUhG\nQS92TDVURjY4b3ZGNGpxOTA5NDZmc1UKKRCn+ZOLDYsUdfaj+pNjSKwinLK2dkAi\nrxooosdwXboTLe7hkhyccFANAJGSXtN9amqVyN1/PJIPWuVtgJd8YQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-06-24T17:11:23Z", diff --git a/vars/per-machine/haze/user-password-rpqt/user-password/secret b/vars/per-machine/haze/user-password-rpqt/user-password/secret index b025c75..edda4fc 100644 --- a/vars/per-machine/haze/user-password-rpqt/user-password/secret +++ b/vars/per-machine/haze/user-password-rpqt/user-password/secret @@ -2,9 +2,13 @@ "data": "ENC[AES256_GCM,data:bYZDSHz0u+O0UJ3P,iv:7L/ziYffgAM+bYgmlonPyRlA/Sa/x5bXMeJsIjMRORA=,tag:FPk0ggKa6cRTDMiVNWSj3A==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBcktwVHps\nN3pxVTJ5MnZDVDQwMyttQTlXLzB1aWNTdkVTUHZpa0lKRWlscgphNDZONTNqSW1u\nUEZZL2I5Smo3OVpNQVdob0pORXd6Qm8zeTM5dGhUWi9vCi0tLSBJcWhySzR0ZTlw\ndkJHUFVJclB3S040amd4clJ4L3phV3ZzRDhxUGVTYm1jChE+SJmu+NHUJPDMj7A1\ni4TvSzWF09nRZw9GB2HxTY7afgC1fr+UtxrheUH+ZRLLqjhsu/AJRPLoNob+yK1y\nP4c=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJb3dSUjhkUG1DWEo4SElJ\nSGJVdjM0cnNrRFFScUJBb1JLSVpvV21RWEJnCmtFUjlpYkM3VHFDSXRCY0Q0RmJh\nNkZ2Skw2VkJ4eWg2MlFyRk9jWE9SZUkKLS0tIGdWMlRIRkFvY09pcDJybkw2aDZi\nc1IvclB4YVNWSXJEZ1ZoaHhmaXowTkEKODbAEHwQOrOqSL5VNOBVBQAZ+278Rmmj\nykj3SfjVEms/+3R6sHGmPXq/b8p7KR1M2GlRxhH9xjHzmQj2SqlGLg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHMHZtZVdPWEd0SXJraUlR\nT1lQa09NV0VyenUzVDY1eitCRERlVThGZlNzCnRrc2xVMTNtSnR2cE83LytIcTVD\nR21oZ2hmb0pyOEdnUHM0Uk9hMlA2OEUKLS0tIDlFaEFhWW1KcHlUaklGbkIwK1Zw\nOGlObTFrNmxTRXBOTTBDb0dVYXBpLzQK8lUlsZGVOFzUuCQ9LacJXJpnGQwSn30+\nXilqsbDRI91z6EeDIfUC3awIBNBb+AB5uYM9iYVJ9cYh9fCCWr1W7Q==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-06-24T17:11:23Z", diff --git a/vars/per-machine/haze/user-password/user-password-hash/secret b/vars/per-machine/haze/user-password/user-password-hash/secret index a007c47..608150c 100644 --- a/vars/per-machine/haze/user-password/user-password-hash/secret +++ b/vars/per-machine/haze/user-password/user-password-hash/secret @@ -2,13 +2,17 @@ "data": "ENC[AES256_GCM,data:7NOxwj7cnkTbfzRz6UFbznFSG+FXWhhrXeXkF8+GG9AaEFkm48Julm+7VLRNdCIFCyIy9IQEtIQAl2zpAhUFDDfEWki18hhmgPpVa6uf943Ov+HzMiVFfP5lNp4qpCP71a2KKfIHsP69yg==,iv:G9mufG+koBc2KAuf1anwiGMClnD3qbVIfKoh/0TK/n8=,tag:RZrNKAHG3bUYNrw2wQRXHg==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBalBFenVC\nMld5VG1hZXpsMXRJUTZuWlJ6Vk5sQUxRTy93eGtoVFF0cGdiaApjL1k1eHR0UGs1\nR3NUbGdrRlkvNEcwYkladFZlMGFROU1JUmwwN3JFVW8wCi0tLSBRS2pGbDZMeEFG\nVndCY2pLVXNPU2lrN3NUeFk4Si9mNTlSc1JIdXRWUkwwCqTr6fBbu4AsWHPTvL0a\nyUzMfX6Vdf3NULi4FhgExXWXJgVe39PTBpJbMsJb7M5nJCt6J1vNwqjjvJUZI/8y\nw1Y=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSd3NhRHdETTUyZGJ1Wkg4\nZ0swODcwTTdCVXhkQllWUkdaTjlpTzMzQWtjClJ1TWJCbmx6d21xb2FlSVRiVlhy\nS3NwWFB4NWQ2SGFrNTNlWklqeVBCbHcKLS0tIGFpV3l3dUFjMSt1MXdwcUpiL2tF\nczNtQXpGK21OUGJacy9ML0dQM1RIQmcK2cbCWsIJfCbKIx28sAioak3ykzp/vG2y\n/k34N1bMLNo8Z5v7OteHdcYXp1jMwV2/gRnbHWoxHwBGtuJWa1JZNg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2UE1YZXEzMHZDcTlSMEQ5\nN2xIUjhuTkErRzF1bjBMSldpMXBQTTI3TUIwCis3VEFMR05YbTZlalk5WGhhYW8w\nS0pyK1E2cXp6bWtsaDQ3RmRKK2JoaVEKLS0tIFJiSGNTWGlad053cGlQK3IxRmhT\nNk9IK1ROcGRZOFprSHlWbEN1bmFRRGMK2RsJ08yaD03DeJRvrym7HK7x/7kL6wm0\nNOmsDEhDR7BAmvHs9UmrYbIimTegFQTJWNCZIGRQEqur+TD+WhA7ig==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBRGFIeTUwK2RkNzhZUzJH\nUjhLRWl4anlqK3NIbURiYU8rN01laUtLVUJJCkF5NFZiOTByQlBIb0k5R2ZWWm5S\nUkZmc1g3Z05ycXhoYWozSy9zN1JHZG8KLS0tIGswcVRZbHI3L2tUTDZEMjVOMzdI\nL2xkU0JhTzVVSlRmbnZpamd1VW1IZzgKO6nOLxHYT7ebNh2sJou0k+PRuoGewdXA\nGDZd4AF5F/6Xhswa3d1ETIDynQp2EmmvetDVd97u/ezj9h+MDFESag==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiVHZicHRDUk9iZXIrUzN3\nVDRJSDBPQklVNnpVVnExS1U4WEk5MHJJTndVCmw5cjk5NTZ5Q2Z5T2lYMGxSckxF\nQzJVSG1peWJiYnc4LzliMEJQbGJkSk0KLS0tIG1TbnM2cjQ2MnZHQml0UGZNRWlZ\nSGdPVHVoSTVobThiY1g3UklMR0lreU0KMJGuBcB+/fuqI8s8EBfqPz86GUILJVsB\nIgF+bMvEXH64xoB7nuzGZGSyTeIDfHWZEJ4hMiQFwaSC7podaW3R/g==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-14T20:58:41Z", diff --git a/vars/per-machine/haze/user-password/user-password/secret b/vars/per-machine/haze/user-password/user-password/secret index df25ae5..0644d4c 100644 --- a/vars/per-machine/haze/user-password/user-password/secret +++ b/vars/per-machine/haze/user-password/user-password/secret @@ -2,9 +2,13 @@ "data": "ENC[AES256_GCM,data:Lkjm0xRgzB84sHTW,iv:JP+9dWfDR4VbU5QXq7lVvxDYZc16R4lRcRZDBJ+ybKw=,tag:brqhJSuZuLLoxFlyGWPIBw==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBM1pvdnM2\nbk05cUpMbURJamVJb1hrcjFiRE1UTGF4MDZlMExsUnNJWXJzNQp6bGs0Y3hQNXNu\neFBWakMyaFJXclkvMncvMTNmbzdPd000N1VLTkIxT2VVCi0tLSBnVjEvVEZHREJr\nMlptck9wVEtjNlF1VDE2UUdHQ2Njb3l1bEpFZnFQdXcwCjJUWX4B5IffHCCRHK6V\n772YvDB8/gswXNSlAhCd6LIbufKFvlJgNHYzN/WedzdP7JhSWI+HiVBJ4eiTKjRK\nyaw=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzbFdyU0w5Y1FoQUd6bEls\nRGtkTjNVaGZIUDdHZFhRUGQxQ3FMOC92c200CkM0bUJiemRqd1NpMVNPNEo5a2ts\ncldTNWdVbHVzS3Z5N0VueWZwajJRajgKLS0tIFBDOVltbjdmSEF0bWhkeCt0OFpy\naGJ1REp2eFRKaDJ2VVFPUVhnb0o0TWMKYTiKcLQefKDhDRq9XFNM9rtOHcQHk5CW\n/6lwOKhpTTE26L8O7VyeYSf5xhECZcjImJIbTmfBY+OxOAndwGZ3Xg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZStUSzBic3R2OTZnTDFO\nTWZadHVDb2ZNKzJNeWlmRlAxUHZNSkNDY3hBCmE5OE9WeUlBNGwxbjFpUEZsalA3\nT0xoSmtzK2FVZTdOZ3lML25BeXBtMmMKLS0tIFI4SU1iZFNmWkpuZE9OMktqWE1M\nYXZoSzlENkdjek5kdUYxUE4wQWZJNFEKKOs7miXa8P/v7TVl5udA/p0x3rxQup8w\n2X22pf0llgxcoz5t1MX6c4rWsq/1rSS3NGCIdFlhs0nEY75PORb5qw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-14T20:58:41Z", diff --git a/vars/per-machine/haze/wireguard-keys-wireguard/privatekey/secret b/vars/per-machine/haze/wireguard-keys-wireguard/privatekey/secret index cc42dc6..bd79b3b 100644 --- a/vars/per-machine/haze/wireguard-keys-wireguard/privatekey/secret +++ b/vars/per-machine/haze/wireguard-keys-wireguard/privatekey/secret @@ -2,17 +2,22 @@ "data": "ENC[AES256_GCM,data:qEKpqsrZN2K5tvq3uUeQm1EGJFwF6Y/Gt/xI4PPRfCtqQujkFOtDcHfjGclX,iv:Qfv6vMwHfFp3Ao3rKsed4WIyj4qY68v18HoATl9GtYU=,tag:AvWpclBxN8cVvUswz57tTQ==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBdHQ3S3J3\ndGNxb2RVWkVQM3JpMjBOUVhRbDNFTURQVHBvYk14bUJyN2JFaQo3dExBLzdmaGJ1\nTmFQeXkvTlpsWW1JQXJTNCtodkNXeFBiaVR3RHIveTlJCi0tLSBJWVZWTUdrdDhC\nNWlRQnJUY045ckIxWUc1aDNleFpUQ0FVZWVRTzFnbzhrCqLv8gjXDXK/3d1JOh6w\nBD8wiOycLtB8ASm7TT0y0zAdFFxdOq3qbO90F/shCdaHKtBKzeRu0MP/3vARmbkw\nRKY=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRytnMit1Y2xmbVdCaDNt\nWFRSeEtON21CNUZvL3Jhb2dCU1pReDBia0hvCmh6QlNJbzdleUxza0hTVU1URXVr\nZkpjWCtWNlZzYkxQbzVhdnd0UmpRL2cKLS0tIEowaGV6Y0NCdDM3ZmFGMW1uK2hQ\nUUpBalNZUkNUTmQxREhjTHhCV2lMaGMKTj2V0TA5cDImdi65RKzhhWSY31ePpIra\nI0OJpHLgix4uO73kknrTsswt4YBzT58d8pWw5ELAA0OyOZbXAJvJ8Q==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwcXg3ejFJMUtIWDV0aERO\nN0VKbjh2TjhVZ1JYRnl0c3FYajNXTXdPbXlFCnVyaWExakFHdnU5MzJFRVhKaGg0\nYkNEM1ZrQ0VSZ1NaaG1pc3A4VDAxV00KLS0tIHlBMkdLMDcyMHlHTHZTNkNudTZo\nM0phZ0tTV2V5VlB1TU5IRXlaT1lVYm8KfT6xvjieQzSzbbXyGaP8G2Nq9j0SE4+Z\n2av4tFhAnzR7ufuih7YQp852LBpd0m9DLsfYwNdxiGPIdNiYzUUMpA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzMU4zVUVZWW95RzB3bzB2\ndkhzNXNzV1A1VWlFQUxaYS83cWpQektVdERZCkZsUWtZUFlYVjlsN3VBcmExWnlm\nTEN0MldPMFc3VmFJMTB3ZVUxd0h5WTAKLS0tIFRCK1plN0pHSzVWeU5pa0FRNzRQ\nN1ErSW9qVmx0VDF3Rk5hek9WTFJZYXMK4t2d4oExSAkvzOo9nB/5k2S3asOpRcAc\nggj/Bgwlmli1M/rMQRgi3Bui2UwV6bcrQ/9kT0RDdHcYdfnMhdTPNQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyVGhTMm9Id1MvazRxR3o3\nYnBHZyswcHExSTdsMisvYWhPczBHU2RLZjJjCktTbzY3SkJCeU1jeUdOUGhlTTlU\na1Aybzk5VnpXZzRmWUlEajc5RUgxQ28KLS0tIDRwaGhWdzJBMm9GZGozS3Y2NUlj\nVDJVTWJ2SmVaemorNTY1UGtTTEh6dm8KMirngnGd4cwLCKqlaF1n75c7SADKkIOO\nd4PqI4eUwhalC/NBZ2OCDNi4PJYhTY9pl2/64iZ20j+Vz8Ut91r5nA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-11-21T16:24:47Z", "mac": "ENC[AES256_GCM,data:uW7rkOZGqrhOZr16MJZNiYD6niGqFdzbhC4sOmdY4l2K/Q+esAycgSakPrVGLi/h0QFGlo8/xBPu1wvCFWiklPDaoPLwyHpZefAr3szmJ751Zo8gJPUPvYFOkGgBNIDYDxg/gyCxAu63M1v+rY2YD2tsegMw0xEAAyusC9rxocM=,iv:fN1537itb9ohJ2dNuQaPRLxKmV7mWJSs15jkEBNjS6U=,tag:q62fQfBBzJ2GjybhbRCViQ==,type:str]", + "unencrypted_suffix": "_unencrypted", "version": "3.11.0" } } diff --git a/vars/per-machine/haze/zerotier/zerotier-identity-secret/secret b/vars/per-machine/haze/zerotier/zerotier-identity-secret/secret index d893f17..cb4985a 100644 --- a/vars/per-machine/haze/zerotier/zerotier-identity-secret/secret +++ b/vars/per-machine/haze/zerotier/zerotier-identity-secret/secret @@ -2,13 +2,17 @@ "data": "ENC[AES256_GCM,data:xwJf9+LIKxI6WiSlhdx/0HOgiLKrciWG/HzDaxiT+GYViLzjArNQug5xzHHRmKbjdaGGjvrcPvnjag10sM9/3nOExftw7NWElMhKV9NomT6vfRlLUPg+said9/cRlDBuM8sc47O/6tDLE8uiL7c/oPAd4p6BxrfbzsFmE4Qk5BG6sVrqWdxCJZ3hRgJgXAqZ1xHSdVyErXENaBIlbTgNUWIIox/KiMQkgMSYcsZNK8IU2KJjnm8tK2EOWLvPjCrhSCtm/x3l9yhRs3BurQyvV1a+bhJ7RSy+Av5TUYyeWnqXXqy2BWSJOzNMkuTs6+JZq8xlkwRsX9ONQYRJYbGyQS+N7aKhqHGbF3gKU5YR,iv:Ovpqii8ycTAJ2E6M9fGrCMlkIekLToFA0csODmXza58=,tag:tzVQesNrD8Sw8UM5TLI4jw==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBdEFIZTlF\nZ2xUd1kyb0Q3YWVUckxnb0lMSkY5akxleHVSbGhrL09ONzdsSgppTjBpcUh2Unls\nSGlmN2pkRmNiU0lDVTYzdXhKTzdJN1NBb0F3c1huMG5JCi0tLSBVcGJ5c1JKT1Nr\nb1pOQVZHWlJyQXI4eVlyeVg0Z3cxOVZ3NmZEdDhjQ0FjCnO5fA30r7LtS0TUXyeC\nSZQneGp4gYuTSnZs0iQFiektfpTrrhi0Fe5ruJ2Rw+tsHXvoXhIuw2lRqTNh+BIe\n4TY=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPMG55a2YzOGlXRXVXa1pK\nRFNsWXMxTUcrMDhJVXhVNXRnNmhpbGFXL1FVClZmSjFQUkh2SjJlTTQ0V2hPNUNn\neDR6bFB6SFJ6NktGUU5ZMmxteDM2UkEKLS0tIEhsQm8xa3hvM1d3TENxK0ROdG9p\nYm1Ya1I5L1QxTU9wb2pwUWFzL2d4dTQK1oDJeC1PqrSYsmKneedZWpjdz0Q+HC4a\nLiM/0O3no2rDO0Ze9ATSY2+NbwhRNr4i98K0h9uoZoh4SVGwusCPPw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDQXlJeGdjTjVMYTMzNlpu\nSHh6M2cvMmhkRldxZnIzaGs0TjJUT3Q0TTNJClZnb2pqYVdQWlQxMmdLREZlaWlS\ndmhCU3ZIRGVSbitxTG1GZEZKck1ENEUKLS0tIHlaclVCakZQcUZXbThTYTBHWWp6\nLyswdVVDK0gwSGJVeXVtMEJJdHZ6T0EKKVCKLuZ/Vt8XMigP/oEe0Q+UTg6dJ0ce\n0trvBLfUABf9nUwEdAw9NR+BeLYBTbXga/5YlWWNyE/MDa2Gl/UWNw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFcnVRR04yY2h4NzI1ZEoz\nL291SENNdEh1YUdqM1NMaDJNakJBaWc1bXljCmhsdy9EekxGMlc4aEppYTIwR2VX\nQk8zaDRIU3FnUFNYaUl1clBuenlRQzgKLS0tIG1xWGJmTk5pL2sxTUt4M1hEakhE\nUHhWSGYrRHQvcUIvL25qdXI4eUxyc2MK6uGYMbAzXhX4W3ejPOJAmIwHAR47888b\nTrfiPXBivPjel8Nja9mH/NmI2KQjshJl+7kxa3eH5LRlPJm4JfuYeA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4NVZSV1JNWXpGTDliUnB6\nbnhBYTZLNStXNmh3cHBsR2tEK0syem0rNEFJCmZ5cmQvcHpUbTFiNXQwMThkWWxu\nTUZ5cmNGbEppZEhvMFdUN3lXeGk0Sk0KLS0tIEFVSXN0T1NzK3dyZ21IemdHUzlM\nU0JaYmFaUkhxTHNYYi9YWmliVGNPWFkK2gMS5H7DMFmfAJgJv3XUTASpxc50Ny13\nNCynIyBRthe5v9buKAV3ioJHuPC5Q+rXoC8sGgLxi6T/t8V5T3FOoA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-10T13:20:42Z", diff --git a/vars/per-machine/verbena/borgbackup/borgbackup.repokey/secret b/vars/per-machine/verbena/borgbackup/borgbackup.repokey/secret index 9ee1ed6..e2de3af 100644 --- a/vars/per-machine/verbena/borgbackup/borgbackup.repokey/secret +++ b/vars/per-machine/verbena/borgbackup/borgbackup.repokey/secret @@ -2,13 +2,17 @@ "data": "ENC[AES256_GCM,data:OA19EoSW2Qlea6yBU721FABKZ4Ay3gzR1Q1XbI0K35K8GCo=,iv:Iwm6YD4bEiPK4MDORZz36O8DzSJD2Z0vsqhB+TOePZc=,tag:9fEB0Vai6oQrETo8GlO+Kw==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbTMyb1lj\nSlp1dVZwWnBhakxleXFvazlCZUhsUzQrTkRYMks0bVViVm5GUwpuZnBKMzd1T3Vw\nKzUxWUxTQnFKMm5VdUtVaVZWV3Y2NWtBSERpaStONXk4Ci0tLSBNNkEzQkFSeUJD\nWG45KzJzNTNBbFE2T2ViN2ZIdkc5SU9kWS90L29iWXZrClO5H758dE7qRFsi/EiK\nzvIHE7fSCT9kiTanVqD1i9XnPAwSfAD5UvMRbq0m+0v1eruuhDoe2fP9wjJWMaRr\nCHE=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvcEFlcmI3YjVRSjlvQUF5\nME94cE8xVEtTam9EWW5JaVFoRGpaOXE4dFRnCkdUZkQrbDJoMG9oQ0xrMll1M1FJ\nd1RaV2VMN3Y2QjJIWk5LaFpHbUNzN00KLS0tIFFsS0w4RlJJSUZzc1kyM3ZzSHRS\ncDdIQmdlYlBtVmJJZ0FEbmpxVjYwWjAKLG/fq4WzQonY9kGdwxtKSYfbHr0gnIXl\n8D2CUp8hMTh1wLFAUqngBJL5MxN/dgg582EZ27SO7+AjDnLbNi7PYg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmdHRCdXJHbWZPd01RelNF\naTgyUkdJQUkyc3NyWXRqOC9MbXZlWVZLVEdRCkFDeTBibmFsWUFxQnByVlVWTzE1\nc0pQWnlKdVllTjBNbE9OaFhMSm43ZlUKLS0tIHNXTStCWWxYNEhqVVptRWh0ajVH\nanJ3ck5UdXdNa0lySS9lUys3bTlYMlkKXjQFzg5yrYZM6k7eFWc2i4e7UufF8zXq\nLvP6BOV4JjGtmLeWbSZhG+el1WRifydOyJA9/STVxEOqTckiKIFwhQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmb2p3Skhud2VubXhBMzNi\ndFgzMDB4Y0hqcm9jQWtkZWJUY0VJTU81a2hjClF1WEg1WThUeTFJeVBwWDlCbXNJ\neWZmeE9Bc1NmdytueUV4VVNUME15SGcKLS0tIHNzb1cwZE5TOWlMVG85Z2p1Nmk0\nRSsvbm5SZzRPWVl0VFBZOTFRT0lRY28K/WEaiGNAv0d1euhK0rDQujAIk3XCd2HK\nTo7PjfkTJpFOIKFfyGtLSsCfj6KAL99qhY3oR8sKo/qwq16McOVLJw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURFlMWTgyejhMSXpYNnRJ\nNG1KdExCZFdrSVVSaC9PV292c1hKWEtkbkJvCnJsMHRuT0pvZTZqZEh0L2Z5TVFV\nNjcxaDRMWmNyNS9FaUZtL2EvREkrbHcKLS0tIHgyUVM1cHFRQXVMT3FpdGZ4K0NG\nTi9qOWlPT216bFNwUjhnM3dIdVZTYTgKBR291dhGHvNhMs/2A2aJsnfeo0dQc4Bc\n/fZJo8M1vYCv8M66uzdXuXCdmMXCN0lgX6/b9M5eA4eDBcWbNh5vnw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-24T23:04:28Z", diff --git a/vars/per-machine/verbena/borgbackup/borgbackup.ssh/secret b/vars/per-machine/verbena/borgbackup/borgbackup.ssh/secret index 0266c5e..c575e93 100644 --- a/vars/per-machine/verbena/borgbackup/borgbackup.ssh/secret +++ b/vars/per-machine/verbena/borgbackup/borgbackup.ssh/secret @@ -2,13 +2,17 @@ "data": "ENC[AES256_GCM,data:vUrRWsUzWhWf+vdoU2PL8TIIdAf2aa3Zlp8jLoZcriw6yWE5cmVW7vHYBiDIYfiusple97nptPm+h5mS70jGpRkRpHq3d/Gq6LLEhYnoekihSjxCYEnpZo9ItdUYCN/RzvQ2vPtOQn0sbiore/uc/0GmrVA5nX6AL3u7F4AY/yUWDKV3HshHBjzQB7uSAm169s/UfroevrMD6q5ghYjtOT7cNEhykhD6kiNFOY/YsCISuYSGR+YBmwH6UfdoPX331IrizraNDhVXdnb3bWWK4sYt5NzUq4yKwzX3EcsY+Te8irGsB1FLoENkRN9ITlaf64O2ZXan76AF0z8GNYsv0k2t+W3sGGR/crV0L2e0Oi3hcLq8+st07/0DmrtzRstsMZDFkYyj+qb496kMSWvyciSeOC7stVGM+5vpZQQYJic7ofeT5rL47rv6heQqTssRO8VAaVhte3Wlf41WOXXCx65Ypl87KXfLh7JdAb1jveZhG4rNOgihrWWFT5A8sJCPgnU1,iv:hD7qjliIBiHZ79YGchL+njgKdaY+O4ek7MJ5eRF5Ivg=,tag:QOxjOqdiN5BFe4Nr4W0MyQ==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBamlMVHpX\nblhCNEcyWWxJVXkySVRUYTJmVGtGM041QVY4NnZzU1oydG8vTQoxeTU0MTRyWW1t\nUmsrQTl2alVVUjFzb2NNbW1iVWFtTVR6NGgxZXVUTHdNCi0tLSBRSnlYeDV4Njlx\nY0hMTUZCTWlYMWZYQ3VRODhOV0QxOTR4c0NHWG5CeWY4Cr/D7GVrOikMs/WnrXTo\nILE0LxsghbeCr2YuT+rDKkY8AomNFpwjGz9nnw3AcYEZ967wUP/sE9PdTZmFFIxy\n6w8=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGMXE0elc2K3A0RGIzSFQ1\nWnlKTEdYRUIvNU5VYzBuVUp4L205ektxd21ZCjhCWmltOXA0VVNvU2NLWW9MWWZ5\nYzhPMTJOcDBKeE5iR242TS9WV1RWNUUKLS0tIHpQRWxSOUU3TWVFMTV4UWxwQVBr\nRG9aNEpQNzlTajJIQVVyRG9SU0JCUE0KT5oYrIop9WerSB2ReOmFUVJD88o91d/B\nvPFQFDKxSlerqCx3eS2b1CXTbp9NkHhWn+pMLei9lAkmnw8M2Vyw9g==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTR3duWUpaSFEzOUxQQW4w\nYzV1bE1OZ3c0aWpSZVpsOS83dk9GaWdJcEJFCjJTOTdsa1g1dWlpTXhpVWRZekw4\naFFMUHJ2VEQyVmc0eWloSWFUNmpFZ0UKLS0tIG1MN25oTnluSHltUEYyNUxoelRB\nTG4vUnRnWDZlbHlhUE9vTStZYnFFZUEK2DtdmfzKsCdcmjN/RQH/IPbqKq7QRfYJ\nJV5nsiYiFHOOv1fx2//pW5vR6zQvACx0zBq/E614o587tY6qIn68PA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1RGNWUVJRTEtUZGhjYW00\nTkFsaHZ5VWJNdjI1VWpuTXR6YzEyc1hpNFVNCmtpQW1JcmhzTFBMOUkvbzJqSXdw\nSmxILzc4Z0VOL3NWY2FzYlptZ1pNVncKLS0tIHlmS2NheWRXdWVMUmZFditnTXo0\nQTU0QTdIVWdXS1h1RnltTFpOVGN3L3MK2bgG9aMA5CeHCbdzKwT2KRMcILhVxdS8\ncTOn5LaDHYIlNz1sGHJmZ0A4KihY1dRq+uK+FGezKzBREquaruy+cQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCV1RYTlZHYmJWOGkrRmlF\nQlZRMHZ6V2dVbFhWY1NSZ25TbCtIVklwaURvCitDcTRrbFIrbjJjUVcrb2NtMDdL\nWnJwaUVxL2lPb2o3ZXdlbTJQSHlXcTAKLS0tIE5VZnJsL0liTHVpUG5DOTV4YURY\nRnVqQmM2QnYxbFVuL2hzVThpeC9kc1kKxs7FWwDHHnWZia/v18HgU2OXdWusY5S2\nc/1hu4pFzIJZeYwFccGHhNsS2nrVZpTdwMvaAtB5SiYpT3vHmWSFYw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-24T23:04:29Z", diff --git a/vars/per-machine/verbena/buildbot-worker/worker-password/secret b/vars/per-machine/verbena/buildbot-worker/worker-password/secret index c856aed..7ecd1d1 100644 --- a/vars/per-machine/verbena/buildbot-worker/worker-password/secret +++ b/vars/per-machine/verbena/buildbot-worker/worker-password/secret @@ -2,13 +2,17 @@ "data": "ENC[AES256_GCM,data:96CnBRKaFXT6y+uLnltdrQEktrpNkRzFhXTD0TszN0KDOYYsRSVStsOPicHoDj1I0lcSqJQwic2/IW885ZDZdII=,iv:qO5NhgplS79EKDFT+1cbRfL3fhm0ZVQbIU67w3lf2+Q=,tag:YDYcajCgWT40tS4uYLyoLQ==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBL2pMaE44\nQTNoMkhBOE5VQTN0cHYrU0U1M0RLdXE2MXp2RDhob3hrb2VWVwo1NnNCYWZlVDl1\na3FPN2RaTnVMdDIxVys5eUsrd0FBcVQzLy9TSCtDbFB3Ci0tLSBJYTVOc0dnYUFv\na0dWb2Z2U2JXZnVvM25Nc2VBdVhKTys5RnNkV3dORVFzCoyFq3NTQ+pXr/A9d9lQ\nHE0jotOZ8d68xgFsobWeRedx5KZtb632wEeIHG/bFNGqP7D5/5JVM0KAGQXLCtuD\niu0=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuUGhubC9Sa25icHVMT2tY\nNHB3MlZhTTMvV2hWK1Vwc3psYXZSSFg5U3lNCjdlMXVjdGlUS1FqT1l4WEF1V0hm\nSHlJM04vMXB4SGs1Sm5lbE80ZU92U1EKLS0tIHhnT0h2UFFCekNtd2ZneVZMc2lF\nQzBrdXF2OEIzMHRjR2xSOFBzUnVaZnMKFFN954wBFeoa/N4tDN5++sjg0wUUKX53\nnLBlGhfDjQEtmoMnQjEdbUcSBWtocq481uJV1DgsZ6WVoR3s7YeD7Q==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnN2VZVkFVbHhGT01ETjdU\nMDRrdkdTVGVDVUtQaDVOd1BDeXVYbjZpRG5BCnhaRUhIanp3WlVIN0l1WXhqRklv\nS29hZ3dKUmJabFE2d09PeFRNYnA1c1EKLS0tIEF3WERqbXY5ZFQ0QjVIaU9raFlm\nZHFRMHd3RkVwbkVSL2dmbkxNYlIxUU0KtwST1NBfp2pPAj2AarIiKD4OIXszvvlt\nIoqlNQKHDEKWW00pWGthcZubq4QdGUpjYr4SDzYIaKDgtIkp2wsz6w==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3S0h4U1p0ZWR1bzIwdXY3\ndzd5VVZUYzFMY3N5SnBiUkhmeGRxbG1hakNZCnhBY3k0bjgyejluelpLbjVxYitU\nbHJIRWM0L0ZZbGhZS3J1WDFaQS8wYTgKLS0tIGdZM3dKcE05VVdPVnhORlNvaDN1\nUDdEaXJuSFJYRmZxcVplKzk2UnI4U0EKWWx+tz2DveSZn/kf35TQWc2O1YI9D0yJ\nuKgwE4ARoxtQ2dyL6nGY3rQs49SeCczvXw8CyCflud8Ph1uISEQMdg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3cWlKN2tGMUhRNG83WUNO\nN29ONCs4bTVTUTdZMVM0ZkFQenJQNWZEMURjCkF3Y3VkQngxZlBzTloyZTJLZS9W\ndWdZQjh4ZEFVTWxVZ2kzWm1kU0FtTU0KLS0tIG0yYzNBY2tvSXZlSEJld3JCNHln\nTS9MNDJFK0dZV2QwQzNwNXZxM0FEc1UKgoOrWS2zSxq2n44TPKTr2HrD8b0ZhLOi\nn1vFTdapXhfU35gGeeWU5eDeQAc+cOXss66FVTQA0GXnGbEZVk/5qw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-30T19:23:50Z", diff --git a/vars/per-machine/verbena/buildbot/api-token/secret b/vars/per-machine/verbena/buildbot/api-token/secret index 4a4e7ce..05edb5f 100644 --- a/vars/per-machine/verbena/buildbot/api-token/secret +++ b/vars/per-machine/verbena/buildbot/api-token/secret @@ -2,13 +2,17 @@ "data": "ENC[AES256_GCM,data:TBkW6fgVu4nOFNI9mQjrnkW++jc7fchjJBDwTjaNkEh9E19MMTlQnw==,iv:jvX3gKJ1I7bRcsihqVOYBv6p0KJhQXT1oAG+wlThRU0=,tag:uYGupsYDsJFFTY/eAC73pg==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBb2xGc3p6\nQ3ZkNUhkc3BEK0FyTWcvbndXZi9VQUJkQ0Z0dC8rYnZOejFydwpGNXNhMnRRRElZ\nMXRRdFRQYStaT1hTS3Z5eWQ2Ui9iZVcvUGl1b09VQXhJCi0tLSBjWm9CLzF4WW9X\nRStqV1BITGd5OURUMG9GSGQ2TFVURmQrNWc0VnFEK0tRCjt7jyhTfeWk9mPuFUB4\nGoPJrRYDUn+g6A8A17y42DNJ88MD22N6t93uJRvulF9mbVMHiUYjT0dYFMXAT+D+\n+18=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNRHNlMzJWbnNGbVhtRGFn\nZGdDM0RxSW11c1lETWtkY3pOaCtvL01nVDM4CkdGbDA4THl4SU9OcFE3RVpxelNI\nSUZnVk41WmhkRHhPN3BXVXZoVW9Nd2sKLS0tIE5kUWFCWk9KRTM5blVHaks2ekwz\ndGJRN25YbDFtZkNEVXowNWFxOWI1TjgKWXRDpYBJinX3adywjVY+i52s64L8LySE\n0t0O2jW2KrZCaYD2ULrxpEnG/FYznseA0G983WNLh0kdFk4Emh2YeA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1QXRKYXBMNjlZcnJNZTBz\nNkVhTmdFc3c1VkNDQ1V1Yy9qTUZHTXhKUmhrCi9QR2Zvcjc0YU1uNmZaVzN6cHpF\nVFNCMmF2UUVxM2szcmhvcHRWaE1TQ3MKLS0tIEFOYVVZdHRJcSs1QlJiazRkUjQ0\nbVZXMkhQOS93TzlWYXlqbkN6Qy93eUUKwUL8MhRE4knoipL/TOt8rzo+pgAeW17z\n+QBSsJO6CsoKH0uOc5xKT0dDyCMNrALLPZ4nAzO6+sZDaVySZNefEg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaZzc5dlZpWHI4emQycWVC\nVkp4SDZaME9XeWlaS0JwWnVQZ1VCQ1hRZXljCnQvbXFYZ1dMSkEyYk9aNDhxWVFO\nVlZiampQYnoyYStyTkp5cTBJNjgvQVUKLS0tIFBkS0IvWXNnWjZ4cCs5Si9ONU45\nSHZxcXhwTkdmTlZkTEs4TGYybWtHcEEKQ2Un9ofhwTUeeFh8cRYvqjdZxuPHe8EG\nPi1UzBSlbWv9L5st2eOr8yHDX6Nd10sRZIyo4SLA/YbPBGWcD/VA5g==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnK2EyTGZuaGlZeHYrNm5N\nUHRJbkNIdDdhbWowaUx6b0dpREU5OXhkZ1VZCllGN2JBNGJZNE5rMGpIUDNxOHJw\nZjdyZFRRbnZXNk1XZVRVVnFxY1Z0c2MKLS0tIHkxclc4VS95WkdNOEt3Q202M3Vt\ncDFOTGpTeVptMEVET0drRUhUMm0wUVEKGZcADHNrRdR8pn5kCB8ueFEVA44TbMCB\nncW23IK+mmvKv6L9MNIYdyDaFy6/GnjyJU8U/K/YH9T7eZtfJ19l3g==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-30T20:24:05Z", diff --git a/vars/per-machine/verbena/buildbot/oauth-secret/secret b/vars/per-machine/verbena/buildbot/oauth-secret/secret index 2db359a..c4b9b38 100644 --- a/vars/per-machine/verbena/buildbot/oauth-secret/secret +++ b/vars/per-machine/verbena/buildbot/oauth-secret/secret @@ -2,13 +2,17 @@ "data": "ENC[AES256_GCM,data:BNaSFieGNC+TbU5S8NFYitdQiO51vdAh1q7UMfS5UPHqnASBYAumgrrNotm2Rma2s2QijJJFsyw=,iv:ns6hkNgOVaAJMq4AkZeX2DOXLNqzv/2iD83wWwNeocA=,tag:vmh9crLrJ+2V9FOfVr3Fog==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBOGx5Mzll\nQ1R4ZlczZ2xEaXRzRW5sdGkxYk9JdWlYWDYrNU1iVjhzUU8wbwpvdW1uVlIxbUdz\nNDN2RE9aUWY3N3d3bWk1Mk5YT2x3OWhFSWJ5TUlKYk5ZCi0tLSBIMjdFUWx0dkRF\nWFpEK0FOT3dsdkUzR1kwOWFKaHdxeDdweDIrcldtN1FNCgfSgrswsQaKr5xSRD6R\nxx67v5HHk/9wpUlNyq2aE3UzeE0GilL6ABksp72ZdRL3jLLtDTq2KbXTVQfkcgF3\nv9o=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjTXVaZHNaWVBMck0wK0ZQ\ndDZ0RDhNQlM2ek5sWnoyT09uQ29hbXJQM25NCjFVMkRCeU1wdlRVTWdzZVhFMnhP\nVWxUSHozVjB1S3BIWUNrVlBIK29KaU0KLS0tIGduTzQ4bDdvZ0RoZERRc0xycGFl\nREx5RU1mZVlsL3hXdjNVTGtWSEtwaFUKzAZGT0lgM0TbM9YNaHt0DLzCtS15M+hb\nVD9ZjkjDrCoAqdeq555c+cG0QgB2AiWmwRdcSQd2hBX333iISk5hqA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFN20rRGYrOHNwckI2dThw\nbHdNeUYyVEFvMWZySU9QSC9BTWt5YXJQakNJCk13VFQwemxHc0hkK29SSG1VK0Y3\naVI4TjJsaHd1MHdXdDNGeEZZS0Ntc00KLS0tIDFBUmdCL3lsTXcveVppSkZIdFhw\nTVhtRU83dHRLdWlqdGEraXdqcVl6UmsKeW5IOzsj3XtfErY5v/eM2K+dffjk8bp8\n3jrm6sqOfUxaN0lxBlJDk4uKsJJPF7NEDhrORLiYkHs4fPWKUMQiJQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLY2hKTm5GY0Rld3dnUzg4\nb3ppS2M1YUFpakFrWEw5Q3ZhdkdCOVA0TEVrCmozRnpKc2ZiSzJyZmRuaXpEaHhO\naXk5UTNUTHE0elJWb1BpczRJb0N6S3cKLS0tIFo5Q2dIZzMyL0g0bFJZMlFEZ2k4\nWEJBZGJ0WHQ0YkFTT2h6cHVtVmtGbmsK6j6xqV8D/he6H2K3g/2eLmbM0722gWM+\nrAWovdLLT8OrBiUgQq8as4Jy84HYuBLZPo6w5CXmjuGoGw0hPxPhww==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwbXA3NVNTNWQ1RW1ldVF1\nTW5PeHN0T01LTmhnYVA1MGZzeXB4MGVWOUY4Ci9IVFU3SUVDbUpQcWlkb3cxMEtj\nWFBlVEhxZlRyc2Exd2gwM2tOaFpuQ2MKLS0tIHZkd1R0UmYxTzNUOERNNDgzQjlh\nYldYY282T3c3eWEwSUx0WDY1aDV6MU0Ktu22b5gqYRognB/jQ97igpsHPGIBpHFx\n8ZEREK+Mcf35ri6bx3dHPHJP+KOsO3KWZgQX3b66T5BI3S9YzI7Ryg==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-30T20:24:05Z", diff --git a/vars/per-machine/verbena/buildbot/webhook-secret/secret b/vars/per-machine/verbena/buildbot/webhook-secret/secret index ee966de..5aaf9eb 100644 --- a/vars/per-machine/verbena/buildbot/webhook-secret/secret +++ b/vars/per-machine/verbena/buildbot/webhook-secret/secret @@ -2,13 +2,17 @@ "data": "ENC[AES256_GCM,data:zT9TZJquGohxc7Q7PpV/H6Bq0BSW/QHTZAUivjP/pk9Pwva563GvDeZavMPk8j5bZEzfMnwaiUl3b9Drcd2fkQ==,iv:8kyv4A1VhS64uiar5I8AJg8ufrMNXvvQVd27UYywgHE=,tag:jNPOp6JT/AMkvueDKmpWrA==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBM09vU3V0\neGJxRHBGMjhUZ1ZKc0xWblVEL3VRZmZubGtLa0E5VWV3d1EyLwpXcGkwNG1LODVv\nMHVzZU03bjJRSjRDSklyM0xENXRjdXYxd2VGSzZmQXM0Ci0tLSBIaGhqRkdkME5U\nUEdWcVYzN2JLNU81aXlkaEtIMVhWbFFPYVFETkJSUzBVCl3hi/6pVPsPBBTWU9u9\naYgCQY6Ok5FTYfJbleCletJ1l57sIzQEBo/y+vevob1dTSpIIArHc9EfkJR6oRt0\ni6k=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5VGZKNXExVVhQMlk3a3pn\nSS9xY3JIaUVIWG80QkhJTTBEdHF3WnJIMndVClhhR0RqcUJQK0tRU3dzWVJ3L3Zk\nckVwdGRrNGpwQVY2VDMrUEswZDNQSW8KLS0tIHhWYXlsVlpBbDY2WS9XNy82eWlX\nenFvUjE2KzkrdnNqM05ZS0UzVi9VRTgKjfzZcRJ3hX96Oo0kl0p8JD72xV5XJyuA\nqop6DWJ+/bA8yNrwckRZV/BXh/vQ9wkAkDDIIfqQDeb2e6CK89wDgA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTdExKNDVtU1ZXT2ZYNmNn\nVEhuNmRtSGk5YWZaSHljcXppSXdHVzVuMnprCmFPWkZkUVQ4WjhvLzFab2x2Tzd3\nd3RPYXZTWjRLeVp2QUppMVdZZGxPZUEKLS0tIDdWMGd6NWlmV3hvVHZxbFdwc3Fk\nV3hRSXFBVUc2N1I1Y3RSUndJS1lkY00KS6QaHkwuQZApiLcb5l/ehX/W86kBX8XS\n2H2evNFqv4sunji0Xm0iU8Bd8AeZcdA1zsvkfDuph2OqXQwU2zDbWQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGY1YrRmpPYW5aSzhib3Iv\nc0xoV3d2eHVaWkg1ODNTcm9xNCs2TWFwMUdVCitjakRlZUpLNDg0Z29LTkIxS2R4\nN1J3a0tmUi9wd1Nib1lSYVlETVF2RDAKLS0tIElhR2VYNVRDY2NZWGlFalE5eGcy\nRmNHZHIvOVVMbHNEbTg5Q2FhWEV0ZkUKtryV89esKCZNmCHe2pKkeIQOlJVqUWqa\nmAYXR/t9dVXQz3d5Owa3IQXDyebqGdMt9yJebvgbXbf33QnYtcn9UA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSNDc2SDIwcmZpZ0NIN2RM\nSytKM0dxbldyd2VsaWhLNUFuM3ZXSnpFdXcwCjhmVExpMGl3ZHBVTXZyV0Q1TWFG\nVnd5TEREak56d0sveHRpOEtrQ0EvK2sKLS0tIHdENE9TZ1MzaUdnL01QeFkwVE8v\ndDZNbGFVTzhMNDhhSkgyUExOWFdueWcK552BF+xYBqbV/zTt01QFp33OhN6JsQ4a\n7WQ4/+FCcq2uAEWgmcApFqDw4bQcqqzy3jwba6MwPDi26jwRSw2ESw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-01T17:32:26Z", diff --git a/vars/per-machine/verbena/buildbot/worker-password/secret b/vars/per-machine/verbena/buildbot/worker-password/secret index b7b1357..ac6351f 100644 --- a/vars/per-machine/verbena/buildbot/worker-password/secret +++ b/vars/per-machine/verbena/buildbot/worker-password/secret @@ -2,13 +2,17 @@ "data": "ENC[AES256_GCM,data:nzU7Iem9NU21DOrbFiaT5LL+msF1zxdECowiqeV0A5nYok2PrjT4VVryqjoz4jjwawtXJigflMO0lUjKbQSLdfg=,iv:Al1ZQzAG6gbyvoCBakHQt3hKAV4tjNS38Ij2XSMKkQI=,tag:BS3BZWYCn0Osqvb4ZidGLA==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBK05BYnE2\nQkc1cTlxazhvQUhJNUI5bk92YWk0bVBGbHRyMnlXNE9veTZMVwpLMmVvMGFLbkJt\najhuSWY1K0JyK0FlUVZ2RUkvLzRiTWVkTi9vMTR2K0lVCi0tLSBRb3ZleC9lRkNw\nVzFkMkpUQVFvUXkwSGJRS25MZEJWUUNGTEVTNUZiTnE0Cpbs+7CVckAcngKRphoq\nhMq2xEr1dg43A42pGgu9u0vAs8uUkphVah7G2R40WAZdWah4AKdeIX5hpY6NGfSA\nr5Q=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZYnRVQzQ0K0dLVzVJSERq\neUVrWmtzQ01JVkJGTXl4aElSTW0rNnBUS25jClJJcTlvaHJDMmhTdGRZWG9HNms1\nMTVzKzhVN3R3QWZNK0tVMFR1OVQwenMKLS0tIGJaQUdIMWZVWS9vRUg3cFg2S3VK\nTUgxNEltZVpQdDFsOU9Pb1hRWXQyNVEKXYmWx0ML4dsVpCsFhF2zZ5gXFB3bGez6\nD+4d+GcySPombxXe2k5USryPuxFz8z1Dcc4je49W1k6MowT/OC1XAg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwbE9LOXlqYnZ4dFpPbnpS\ncHlxdWJxSUhIQWM3K3llc3R3SDNGcGpoRHdZCk9TVnZaWXRCN2VLQVZtbThlb054\nZFNCNEU3OHBtVVdUZWJyZ1Y1U2pNL0UKLS0tICtzekFkYUtuOU1jei9vZ2RHZWhT\nWHlSaG8zQ2oreXA3amFMZ3BzL0p2RWcKetsLaStrC3Q9n8IT5N5uFZHxL82/c0vs\nTVrVtQQprIC3ND5kq1EXIR9fZvY8ckISVqdhdcxluTJxic/NfABLwA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPTThCK1lCRFM4V2VQKzIv\nUTF4dlJUUncrUXZ5K0hGankvM1dnMTdoM0VVCm5kRHNSdk14akYwTmVBSDdKMG5G\nck5YN21GQm5nQmppRjFxU3Evd1I1Y2cKLS0tIGoxUXZrN3ZhaGtqek40djJjS2VF\nS0FBenF1UE9BUUZQOTJIQ3JZT0RqWFkK0KTzQsQgdqfkRXSjtTRKdDu/jThUyLXn\n/aJHHimvrKLlzPn90p/Za0k8WlKICu/Exg2B/8JOzuFx9FOtY2aibg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqWEJOcVNPY2xIelc3bTlE\nY25adW1pUHJBbjVlN3hvSlpjeElhRzBuZWtBCjI5WG5HcVlLdVF4Z3B3dURFN3NT\nUFFYQnRTemFMNmhubk5OUW1aVWNaYjgKLS0tIEFsb2dNYTZCRndDclkrS2lIa2dI\nTHd6TzVaMzlUSkhmV3ZRV1J5cG1NaGcKQ/+1cFdnHVnURzrb+O8q1pae3Ka9tsyF\nmZ3qEyjUVCvNxf+RVS8LjVdJaNaBnSrdIlTEKs0CIxeQUCfGFKFYew==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-30T18:24:07Z", diff --git a/vars/per-machine/verbena/buildbot/workers-file/secret b/vars/per-machine/verbena/buildbot/workers-file/secret index 01a8bd5..36de055 100644 --- a/vars/per-machine/verbena/buildbot/workers-file/secret +++ b/vars/per-machine/verbena/buildbot/workers-file/secret @@ -2,13 +2,17 @@ "data": "ENC[AES256_GCM,data:nAasbZt+rynccMfq4+eUELpdFsO0SQhTTOXDCz9Y2jK0+6KdIdimoH72HU+6YTWrdWjURv7ql7TlakXAYCgCwoIGdLdl6cZLs0hZXAzthxI13OrPUJRyBbYmmUCu5qQ9mCcy1cLkHhe0KQGxBA==,iv:0/kTk36AQTw/mFKvYhUcyfzdkODEq5ZyeXWERpf08vs=,tag:v4uXqzJlzv+kdVaUjzwEEg==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBKzVnMGE0\nZlh5RlA1bnl0a3VySUNRcG02enAxRjVSbkxNVHVQNmYrTHQ4SApzRGMvRjkrK3lN\nVnExazJaMU53NDZHT0dDQmEyaWlkZE5LYnJGSkJtRGdNCi0tLSBlaXNlMHVIdStG\nM2o1STFXZ09IdG5kSzBLeUwzT3U0SnFqSEZrbzd1MW53CtetpDv6Qfh1zpboasrv\nSgxiV/467HZuv07foAK9UpkDM+bFe68ijausrJKDMZfEsaT0mhd0uRwcxRU4AT3l\nboc=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXQUJvSEhTQTlqTG5tNVd4\nbzZKZmc2UUNneUFiVUNtcDVRK3I3bWJjRWlNClQ1d1FEOTNSaEVIemswelMycFdL\nbzl0aDJPRGlrc29RRGdqdFJQUjVYbTAKLS0tIDZrRE5iZXpFYmpBcmMrRzRpZ3JM\ndng1a3NURjN6Qm5EbXM2UmV1dkRCYWsKK/jAVn2W2GMz+9KNwxu0WZ1KeVK9Gt2i\nCUi+llZqW5rOXyM7fBOpBfcdUZ1EqmnVYXz5289xb7MU0CBzzI5Wjw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwSU9KQkJKTkRYTmdOaTZj\nWjcyZE1ZTHJPalZWTmdydkF5V2JxSlFkaGo4CnFIdGRmdzM5Tkh6RFBxOTlEMG9E\na1ZhaVNOK3ZhNFlXVCtpM0xkaGMyd28KLS0tIEd1dWl1NUI1Q0xPNXJhcUgxMWMz\nOUJyNjdMN09aRDI0NXBPSnp5Tk9GNHcKzXzul71FLZ3c5dxqCt/5TxWXdnOoZDGQ\nTjn/uqeNOIASRLK7rGoh4m6f6rHvRKQloBHdITrKb23ovOHV/ih7/g==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLRnJHand5MTZLdjdZbHY5\nMW5rY25ha0RjdFBPa09rTWQ4cmJsZ2NGUkVrClY4NEU1eVVRRGVsVzcweko5cmE1\nNHZad1l4QVBzZEVzR05lSm1sbVBDTjgKLS0tIHdyeXV3ZXU3eDMxazFTdHpuait3\nK2xva3JKb2lPSzBFQm1henZxNlEzZUkK6MCB/kC8icEKqShOdJX+yP+pYzdJd9B8\n0jFFINVZ+/a3wEvUuSgC/Y5JllXIPwDAJ1abJRjnysZww0H9kwO0aw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYeGxFZjErYy85ZXMyRWtp\nQnV2aDJraHI3cktjVHhrNDBUQ1pLZWFVKzFVClc4aHBCMGhBWjlKNHRnM092M3c1\nYWMvRk0zS0ZqVEhQc0lVbytEQXM0LzQKLS0tIEIzczlMWUgyL2NHN1pjbHNwVFZw\nbm9FeUdUeUt5LzRkZ1pBOUxBZC9rNlkKW8d1xZ2zBQ5UlFgT1qwqgG/6LNfw4ph9\nKOR+TQ1QXhBi+P78rYUCj/mbl9RHnLGPzMwFDtJLlpcHblCJ1kWrWw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-30T20:24:05Z", diff --git a/vars/per-machine/verbena/gandi/gandi-env/secret b/vars/per-machine/verbena/gandi/gandi-env/secret index 1027478..3e6efe1 100644 --- a/vars/per-machine/verbena/gandi/gandi-env/secret +++ b/vars/per-machine/verbena/gandi/gandi-env/secret @@ -2,17 +2,22 @@ "data": "ENC[AES256_GCM,data:xLZ3utyBPOOwQ9UZVIjZee5hRUfR1WrzZqXTdPN02vb396Z6L7Ti7B2bXbBxxkxWBJi7uipyD7eC7Uo8iZtp2amncDWeBA==,iv:QtN+VN/fexTQjBtZjoiLgM0DZxEvFbPNUa/sAtgDJ6g=,tag:QCOerJQkXRRzRVez7XKung==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBOFU0akRC\nbzQwOXpNY3N1emVsclNlb2FvTE5RQ01jWEg5WmdtdGNSbGJuQQpvOElYcXExSVQy\nVVlHVUQ0cHlYUmxLUHIxYkY4R3RtdUZ4T21oTk5hQWR3Ci0tLSBhM0JOeHVDbnZR\naFpsU3M3V1ZDYVkxUDNEdEhNbU1VZCtDeGZLYTl4ZGNrCjbgT1BQJ/W26xvdRIH0\ndNYkSAt92yxlAJfgGQObdKHjTIGK9RkwxL9+A+6UKuPJTQL5pXNY/GeO5MHVuwW5\nknw=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjbVFXeXdXbXJQZHVBM3BP\neEVYdXN3czQ1OUtYaXdXd1ppT0FsdE5BWnlFCm83eWlWNGIrN1ZZQW5JMld0NE4w\nQzZTN0ZJQTE1ZnU1cmZOU1l3SEZTYTAKLS0tIHQ5QlB2eXZlUlU3RGpYRFgxZFlR\nYk1HRTUzRVk3c3dMVEZscGhFdlRzWjgK7E1GkEK6/b7uwkIhzfMsmYkQwtTCoXmL\nK1PTssGJ5Qy0UZxS3v9mDi5ArRj+IzcY1cYyj82vBXnSk4TKEIV0DQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBadmI4RXNvaVNlUkY3bStE\nZXNMSEFlRTVsOXlJZTMzeTljYzhrTnE2WlZRCjZ2ZGlINVltTC9CanRnZ1ZFakJz\nM1FKMEI1a1A2bStLaDZlVEpiOURLTFEKLS0tIE1KVVNDbFdncFk2L29NczNpUmtk\nVXpid25NQTlEY2VsMENGbWZYSEJCRU0KR6GtmQU3z+3/N9z8Ui9HK/JQhsk1Sbd4\ndg9Z9YwzsHNQc0qBhdpPluiTIeSrWxjglqc4eaN6qtvBhVttqNAOrQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMjVkWnY3MEFkZ2xLclQr\nU0g2ZlRoTEFNdXN3TGh3eWZLSm5vRFhiWVNRCjFhd3k0Y2N3L00xZzd4eHJ5RFdL\nZzVqSVh2Yys5L3Z3Z280SVhyUzdNSm8KLS0tIEtna0tMZ1Y0VEk3cVRQcFJUR011\ncWh2RzJhWTZQSE1RbXJtZnM4UkR0UmMKaicBH0pvZXYjJWQqHXyN2ha4n2PYQy0V\nuJp0wX/XTDebzctvdpiqsVz6Rp6ChNJ42kGl6xXJK/Nmc5sB9FDWTQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRbU03djluRWJYcTdlcnhR\nWDdOSXZicE9ncHhrRFhIU3hjc3VQODkxR1FjCmhraHl6eGd5Qkp0Wk1udFNzMDlZ\naTFJTDR4NGZCSWlLcGZKVzhHK090bjQKLS0tIGVvdHM1a2JaQkpVRU01bjR4dWcz\nQVd1ZElJMnl5L1BpNUJBcCt5Qmg1VTgKEjrAlVDG4G+YVOfrRapLotne52pLme/+\nVML+yTNSvGkvDJbFo3+ybA/xnrhHOAJbtCUl9lqLGGBP4HZfwqCQEQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-29T11:44:19Z", "mac": "ENC[AES256_GCM,data:2pGn0COv50V6zL/P2TnWawiRxCoMf4jaNE4MPcOQW88edw8NUGC/KIKq4numi4NoNfxM6CyGbpyBpC3NhQujQo25bxqXrlHqZhhmAxTgyVgQrmbQZ2QbYKHsG8NGOi4nhTXezI9u/eDXyVyC5DX6sitynvH/tizordn5AN6hpog=,iv:N14abfZJxqroJo2l2D5KJSXT1wJtY2DTf7pkJu8XKnY=,tag:Xn5UMlVW7v6GkQqgUVY4qA==,type:str]", + "unencrypted_suffix": "_unencrypted", "version": "3.11.0" } } diff --git a/vars/per-machine/verbena/garage/admin_token/secret b/vars/per-machine/verbena/garage/admin_token/secret index 1c1a66d..6eb1c1f 100644 --- a/vars/per-machine/verbena/garage/admin_token/secret +++ b/vars/per-machine/verbena/garage/admin_token/secret @@ -2,13 +2,17 @@ "data": "ENC[AES256_GCM,data:d7ch6OypkqLBvYkVCDpFVxH0EPJ3m50L4hWQoDPJiXRbKBGyT9P+4iI4voOe,iv:IBU3q9gxwKulFMJa0vbfQnkEc2SnLfSnDaoz4yO2zkE=,tag:RL7+GfFl9oOONRZ599RKUg==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBa2I0Umpt\nQmpOVHM0OXdZV0ZBcVNScWRuTFJueTdCQjlDN1c0dFBOQUZnYwphV1ZVWjJBVVJl\nOVdYQ3EyeURnSi9iSThyYkdYRUViWHZzT0tJcHlkZHprCi0tLSBhNU9VUzdFMzUr\nTlRjWnp6WGZEWFh6QWJublBaY1dPMnBpUndZaENqNE5NCpg+eRmaZRL0WmgKGo0P\nuhh58/WjgdfbvcHKk+18a8Hj5jG1Y/8hiZjPGtSJxegUsZDVv+a+0g306mqvhL3s\neYc=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5SE8zVm1iWkp6S0VTamZ4\neDJLMWlhdWg5amkrSlF3YkUxVFVpWmVuS3dFCjQ5TThTeEQ5TncrMlFPWlBod1Bo\nZ29zVHNIWGVnUDEwcTRVa0xEWXV5RTQKLS0tIFhzQnBaK3M1aGVHbzFYQkVaSC9P\nOGtDWVdRT0prU0V4TjhmY0RCelRkTUEK8QrXMNenbkqPkDg8yatTGBoz25NxQdwx\nlJYbMy1THKipx4KbHCbdIJWvKc79RpPpH7uNy8QJLZXder+yyQDMfA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMcnlXVkc1MXcyTjZZYVpB\nYXhuSnBIWUZHaHNOZ3VaZ2haeFFPY2QvU2dzCmdFVzNaSURGeGJ1V1lhQlB5MnVL\nRWRMMW56NGRrSG5tS0x0dG1KRzVHRVUKLS0tIG5RejFTaTQ5MkZodmFlUC9lenl2\nclA3TXZwVGxpNzBVTXNEWmJaQWtkNWMKbJ0I/HcKui/k3qPu09veVFom8hTa+ra7\nHiFfCbeHYKHAsnFoJSXhPY76d+MZ9FX62sQ9OzXQXpKRKVcXHfUg/w==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTThRRzFaV3h0RXRiSnhK\na1dwYW1HdUJlU3dma3ZUeVpxRGtFUld0eWh3Cmg3NHFFdjhvcWdsOGtzWWJCMXJp\nVXdzZWxXazJvL09sR0FYdzRsRktwMncKLS0tIC9ieVR0N3kwVGtZL3hBcG1yZ2RF\nWUtjZG9DUmxnSldIbUF1bSt6eC94MlEK32TVPo+YGG7R2L4aIt/gDtdwcFmd1g2Q\nbcahXJ1TI8EPxmVUmFKYSz7qEBUjxlYwDVDJOy9xzgWnP7TYwmTZKA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZQ1VKUmxZdmFvbWtpQ0Jo\naDNMdlAvUXlXN3B5amN3TDdjR3NRc3VuSkZFClVsZGpCQnRuL0hRNXFFNE5uTHBS\nMmlnUHRSR1I4WkhSNFVrUmswaDVxTEkKLS0tIEtrTXhGdUFaMjFYNy83WTZEVHI3\nTkdjbTlsQWZobmlBcXVZRWlmUUdFNzQKeQ4qtWhZJt9ThlBiD8tRO0GZ7iER40l6\nY5XQtDxPDiao6NrU9Wn7uCDoIaqc6pRGWlZxYUsJKmgsJ1/mPAKu2A==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-11T22:27:00Z", diff --git a/vars/per-machine/verbena/garage/metrics_token/secret b/vars/per-machine/verbena/garage/metrics_token/secret index 25e0941..6fb4d9c 100644 --- a/vars/per-machine/verbena/garage/metrics_token/secret +++ b/vars/per-machine/verbena/garage/metrics_token/secret @@ -2,13 +2,17 @@ "data": "ENC[AES256_GCM,data:ExSv+ji6femtNG+/+JgGpjBNbcMQJeHIOjsrL7arFbWPPJlhV5Bqs6QuVeIT,iv:l43EjooL912qou3fJ5iFObQdHWtSCI+13xQZvnhS+v4=,tag:kqAOc2YYNDks1upXd3aSDQ==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBdkVtRzNy\nZFpjZEo5bGNwZWxCY2pEcWpyRlFoa2I3RjZ5Y0puMFo1NGVIRwphS3lrTGcvc1RU\nMmNtZlRBS1FWOFNPT0NvYVZvcUlNYUVOWWwxSDBxU09jCi0tLSBBSlVPdzY5RWRn\nRHhoTndSS0hBTW9IWTFxdWlOOXN1WXpZN29mN2lSdWJBCuv0PrWlKFxXdJ1Fyhy3\nSHlcm41KNuA3aNZXnw/PqrE/t5yDCxO+0Fu1w0og6f1jlrXy2yTuJhJQB/zOuFDs\n8r8=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZZkV5dnh0MWtJYThZaTlQ\nZUdyRjYrSDRHSG4wSktGUFZ4L1RJSTBzWGdVCjYrQjVaZ0NYdUhiek5mZWFJTnd5\nZ1lSWWhpTWk2S0tUSW9CUXlzd2UzZVEKLS0tIGxiVHVROG9RdUZlOWJnWTRzTGd4\nTGJETlppVHV0QjlvUWNtNkp2MldjOUEKzxXh/q/DwmU3HfxkCQLUy052LCMQOEUR\nqgDB+41/fsXMVUaLEoIqu7QtdOI7U81bv+xwmAP0KPaifLj4spWygg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxQXJvalo0WE5CLzRVSE1O\nL3d0NGd4UkRkZ2orZ20xM2RkeXRUV3NOOVF3CmYyTGp4S2lLUFRidnY4dE16d3Bx\nanZuTzNEVGRERkZ0b3hobXdUdnVtR0EKLS0tIG9XWjN6VzRFQzBxOGZ2NHJ6UWUx\nN2pyYm1WYjh3aFNFbHBHaUYvQ0ZGb28KeywXW8vhElm3KMDey4pnSeNQXlJtq1rO\nw8+rMpwLQBiovP7a3xh2/Xy2uPJH+zxnNUDuDoEc9ZoJT/SSKL2lKw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnNmd5dGVzdDdkY1A3RXlL\ncnIwaTJQVU1vMGwvVitIZHExWHhEVUlJbHpBClYxUWkvdGluelRwVVhRUG1hTUQr\naWNCemd2SlhrUHgvSEpoSVlLbEVWQ28KLS0tIFhkSUt6VkdFRWpiMDFIVWJEZkpG\nZXFOQlpuNnY5Rmg5ODhVb0ZuOE9adjAKFW0LBHcJK7iWYzsJDr4FK1uc9fUskdi6\nAxBPMnDghGP6osw79wFYJz87n5fPsgrjOohJN7DDFysp261l+LWOrA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByWEdmUWV2eDJYZ3RlZFUw\nUEpPbTdTMDJEeEVwcnpHeUhDY2JQdkVCNWtZClpFTlhaSUpCQ0hyeitzckdBZys1\nUG12Y3lHZUVqandSSHBZcFNQdTYvOVUKLS0tIDFpazgvNzJEUWtIcjNVYjBVa3Qv\nS2NBZkZQK2d2WnVEV1F6VkxzbGgzWmsKvFjH61c2tjK6u/FFIhqQasoVKdrDzSVq\nU567FNtxEZaZNfWDxcUWkukYDbYYJhj7WsiXJJZ47H4OmW6EsunrEA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-11T22:27:00Z", diff --git a/vars/per-machine/verbena/gitea-s3-storage/access-key-id/secret b/vars/per-machine/verbena/gitea-s3-storage/access-key-id/secret index 921f839..8e43570 100644 --- a/vars/per-machine/verbena/gitea-s3-storage/access-key-id/secret +++ b/vars/per-machine/verbena/gitea-s3-storage/access-key-id/secret @@ -2,17 +2,22 @@ "data": "ENC[AES256_GCM,data:VQjMQfKH1lw3nLnccac1p0rwVKQWYpSs7TU=,iv:UQbB/5v9G2wiX5WWMEAOn6KcWywBAoEi1aX6Zjtv33w=,tag:1lOSmj7UbCB9g73jgbRunQ==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBaWZxMjEx\nQUJBYVBPN1F5TG9McG9VV2ZtK21Pd24zMDdjd2ZVbFJLUU5WZgpCeFY0SmJlTHA0\nMHFsSGlOalJod0JhN0tPYjdNbXNndUxDVENNVG9zSHVVCi0tLSBHYnZlbUtjOE1m\ncU1wc2UvRFVQUEtKT1ZlYytlTWdDcGFtQ2FPcnBnREowCkT0cZDHdtvODVK3uJ3C\nGtnv9D3mydwTioXrLBjQFKV+5pRB0Q7yh27T7x4dYw7bkKhfM7ToRTT9J79tEZGm\nJKM=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVWR2VktWM3RoRFdPK0hD\nVWR4b0tyamhzSGw0cGpaZGJldFlHaXBGYkRJClB6b0svZVZrK3NJMjl4U2pxajlQ\nMTc2SnJFcHhLc0sxS0hyUzNRTVJGQzAKLS0tIGtUTmVCeUJuQ1FnU0JYc2xWMG9p\nTUpjSFhzOVRoQ3krMmZzWEp1YlMvRlUK2iynGryvk5RF8IgZJJqAOi39YJdLJLuO\n3ZBKuP0cvHNQp/Zd55GOcRrORcU1fVOO8ILwOcKp9pj20ZxEo22vhQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6ZC9JWHlpUlo1Y1RtQUVL\nL25TUDV1MFdTSGV1MWZ4U0tjdnFIU3NVendNCnhGSjNVa0EwMzlnUWRIOTc4bU9R\nRXBZejAzS0hrdElTQ2NwamJZbSsySTAKLS0tIEszdkNSTEdsUC9GMlM3MmlmdGxV\nWkwzTkdKa2lPZXFHclN0VGNxVXl5ZmsKktxTvxPj2HdF5rEVVs/lGI/sP22czdcd\nGcCsAWMWwkiOml51968JnnyXwLJ/hk8xznL0GMJMVlWN7FmHKP9FJA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPZituWnN2eE9KZzBiWmpn\naVZFU2piSHlIdXZXTjFucEUxblg1djcrWndrCjhEZGdBdTVqWFFCak1BU3N0L2tP\nMXRFWjdsVEdhTC8rL0VJVEVWVHVUN2cKLS0tIHNPNzM4aENTYStzSGR4SDJpcjR1\nbWRXOTdPa1EvN3h6SkVCbmcxbVdLMTQKwhRggJfY+jmcMN6Zr7M/YaviUWLvBQYU\nxSDyXaQf0nYkFx3ARU0UNq3v5zjW53gAOoTmWraShX534WydqCNrlw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJeE5WZ3RpemJ5SWFVeVJ1\nWGFPSmN1clRXV3Z1ZUxNSWNweURKd2xQMDNrCnQyZFk0SmlQaWE1UmJQUTViMkxJ\nTlhoUnd2eVdPRy9kbVlaYnZDVHRvM0EKLS0tIGxZZHJIL0Y1Y0tDNFg4QXZ0ckVI\neHQ5TWtvNWNaVG5remNoSXZzMDVPR0kKVPG2eZLhgXqMlZ8g30/dcOYBhWKg36qh\n5iV8PhqegnnLWSvzcbZxWwx18vEqb+Jc5RTGJUfrhInh0wpUIB6bQA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-17T15:13:14Z", "mac": "ENC[AES256_GCM,data:W2GFjGzFNbA7rcJDDqN4xWModtAe1IOlpsqR4VSg0TJNtLcQOSpzKHM/jd/wGu7yEA+5qRIPw5b8zBhTIqjTHEZv/OgGW1VU9xACNnYIbZj2E6dR5XkMo7Kk4pcClfUrn+mcoFb3qDRUmot4hIoOGwxYlzZCd1AWIoA0LsMwl7E=,iv:N03rEnwGDnnhfQTSr+ustojxUvuAzBRm62W+FPURuKM=,tag:bwYrwKAwi56KAy2iL/QVMQ==,type:str]", + "unencrypted_suffix": "_unencrypted", "version": "3.11.0" } } diff --git a/vars/per-machine/verbena/gitea-s3-storage/access-key-secret/secret b/vars/per-machine/verbena/gitea-s3-storage/access-key-secret/secret index b7c4569..364e437 100644 --- a/vars/per-machine/verbena/gitea-s3-storage/access-key-secret/secret +++ b/vars/per-machine/verbena/gitea-s3-storage/access-key-secret/secret @@ -2,17 +2,22 @@ "data": "ENC[AES256_GCM,data:Qw4KdJ8oqtZisPqpgrh7n069YPGjO7t3GE2XLEfFnnvU5UcbIoV77lx8A5d6K0F9OGtR3b2Oo4ka5bPPNI9pCA==,iv:hXORx3mNALVMk2i9MxVebWE/+PY9OZ3Sbu3+enBY3To=,tag:0MPUB3JWDnetR54MSfZt8Q==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbytJZEpu\nMjNsdXJGRHExZi9haSsyK2I0QURSVkZ3bENJRG44YlFIZ0ZWSAp4ZmppSklGV3FG\nblM4MTdHQXV6WDlJbHhmZ0xvVVhBVytCSVJ5Q3VMZkNRCi0tLSBLb242Y05FNTBD\nMnN2OTNsVGtRSkRMUEp5eGV2eCtUdE1IVjJrZTZ1TzhZCr+sTSP6iKHVclTxHuQM\nN2T79JgNNASvSZeRSbiLwrcVSIjAH9uVPQeUXdgf3zbVkky6CB45HyqTFpiPk2Ai\n8f0=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHRmlyMGNRMDRTRUsxcjZw\naGtFY1BpVU9GMHVhU1k1WEIrT2d1Vkw0VDNzCmZzNmFVajlqcTBOZ2NTTUFVZWhR\nVWNadCtHZEFPMVpYaitaaHg2Z1p4VTQKLS0tIDRVSnRSaEZuaUVEL2c5dFQ1aEpD\ndDYyaUtlZzhPUGllZkZZbldKVEJtODQK1M11ZKwP+MAh1zJYwdhwJoYrNbm5xWFs\n85PMb9CQ0SDkFAVGtKgcdPpN5na7h8PK+X7x/j3Ik7qbo6EYUkak/w==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvUy9VTmM1UDdSanZFRXd0\nQTBZRFBMcXNaaDVmakxkVGsxUXN3U1Vzb1RjClZESVNqZUhhS3lrRi81UC8vdHE1\nRm9ZRFdsOEM2T1lHSHNRVEdSbTFVdU0KLS0tIFFBb05UUWNJZUVqbGpZd29Rc3lr\nMEtscGV3V1FlZVg1M3MwR3o2aUtrNFUKMJwlsRlfqwWLpadHdV+THgwqhmizjCHH\nv4RxjDIeA//tpLC1y+m/fmVXC4bhu1e2f7nV36rnizNh4FG6TrgvNA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnRWxBRU43cUJLU0kvUE50\nZ0VnWS9SclRRZVNXVGlYNXF5LzI4SjYrb1U4CitiK0xIdGdyb201bzRjbS9EOTVH\nd28yUmVFMGZQVWw0TTB0U0UrR3hrZEkKLS0tIHYrY2FlaDBsTjhtcUhhZXBXSnhP\nQ3lKK0ZEUU5nbVF3WU9RS0t2YzlMVmsKBS6rdR0TwX4P6c0E0LfZn54yolLMgGvA\n+VV0a0aZUS2j5cywXjfhLPjUNaPPsh0LUjHoXEoNYzfuRmhOmMQwcw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxOWdMcXJIblNQSVhUeTl5\naCsrOVM4WDhkdTQyU2JEYW0zdXcwdWMzWFJvCmhyZzRsTEE3dm90UjJJWnBib3NK\nY3dZODRkQmtHTGxzRVBUWEtGUnFGcGsKLS0tIDZ1N3Jvb0FmcHhDY2wvMlpNbXpG\ncTlEc1V2cnZQMXR4VnliZ0xxVEhmMjQKDG0TDcTA+rIs/o6b8b0q851v0wB2Hypr\n827rhQSM6vDcoTi/9f4Pdj0juNzj+TnvQjNI0vqkoRHoZdn6CZKeRw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-17T15:13:14Z", "mac": "ENC[AES256_GCM,data:WH9GzcZM9ii4CHvtqCoqoKHCFK0S3OQM9x1cO/gkgRftFsO85jSnBUCtiPhRahvTffZT42sN4ZqDBq/LSKYEXB2iJWcN9StpTLs196wPzLyJhSrhY9jEy0JuxoTAhvcAC1MKPW+TsfC4SO9xazvEqShnP2z/BTYhzrgE5lsDDEE=,iv:eD7iBUopEKc5X/l8DowrBthYNPB805+AhuCCZq+fYeY=,tag:fTRAPEH0WXIW8SNso5FmdQ==,type:str]", + "unencrypted_suffix": "_unencrypted", "version": "3.11.0" } } diff --git a/vars/per-machine/verbena/nextcloud-s3-storage/access-key-secret/secret b/vars/per-machine/verbena/nextcloud-s3-storage/access-key-secret/secret index c668762..32ccd0b 100644 --- a/vars/per-machine/verbena/nextcloud-s3-storage/access-key-secret/secret +++ b/vars/per-machine/verbena/nextcloud-s3-storage/access-key-secret/secret @@ -2,17 +2,22 @@ "data": "ENC[AES256_GCM,data:ekQgkyM4yo8LHVmN2ixGaIaz4quZiMFVhpD7d4K+s4fXKrL/Tc+so+bIxHQj3UlGgYAOvIqWHRZ/aqDZzFGGjw==,iv:bnYpVa1Ug6mhUsGSHPonVBT6g6Bhu+f8O+i8ieRtDik=,tag:jGScke0h1OHKj1DL31JhjA==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBNEdBeEov\nNEtHTXpIT3dxdEdYajN5TmlLOHVEbERTUTRjZ2k1RWZ1akpIWQovOVN4Q0t4OW1H\nam9ldUxXK1h1UzJDMkJ4cHpwanAwWHo3L2xidG16WmNzCi0tLSBLcHpVMWZyaFJa\nb3dvczZ2NDlOcEc4RWFLWWdwdGNaRFVZR3IydFVKMENVCvFL9H0+LpUTDM9cjfZT\ndPQXhHZ52UjtH1cmGMYxRlzD0wkowr2ar1TCAn60tiWuaM5xxm5lVRN9CV+nDEvJ\n958=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoN2xRaTNocldMengrNDdM\nM0p3V2krandUVldIQVp1T1h2eGgzR2hFRG1RCm81cG5RNmYyTjhtTTFWTjUrdkIr\ncEExR1JreHFSQm83U2h3emoxOHlSaWsKLS0tIC9YUFdaNHpNcTF6VzZCSUpzVHVi\nZWFTbDZBOUtYSTVwNEhBSHBDVjJHd00Kcp2oOKKSV0n3s215mbJJSG+SUor8qC66\nAEn2xlOw9xkGP9ZSWRMgGwFMNGoKpkhWQu9FVlwmypW2Ci5ZoG5lBQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoYmsvM1lHYXlNWEtTdlZs\nWE80MzRNdEs2KzNZNmk2RlZJQnJMVTFUQndrClBGNDRGa1pDMjVPV2VpL1BudUdT\nNFNOajhTZXJyZHF6bWRWS1ZGQTdkWGMKLS0tIDIvUU50RktndUhqbjM2MkJ0VnM2\nNVFrbUI2SThTSTJ2ZnNxZk9LaUhBamMKIb2RY2REJZsHuz0IwvBYoARpFfC4Vmu5\nkaDfR3RUm1Rt7Urm+zTC0Lb4qi4QAiQTfNp+vpZpg/zNgFmoRE47rQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5QitSMnM3eFJ1VmlWTlNh\nNktieGZzWHdzSkRzTDhZaFE1UHhicC9tVmpZCkRpc1QvVzhMakhzbCtzdE4xaGph\nR01FL0ZRbEhKbXFBRWcwZmd4Z3l3WmsKLS0tIFBaQkpHU0E2WkxPbWNCTUZCSjRo\nb2pNUlJFT1Roem81U0NFbWN0bVA0WlkKIOs9Ej6hyj+tZjFbAvbxCC5NX1PTKhv7\nkVRlekGhBAO+a0ZlMGsy7G/bf9jYG1rLh5dIuFy07qFttqQ6AUjfLA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQNU04UVJTSDdRekZpWVd6\nc2RwM21CcFZYQlE1dENubzJpKzU2S1c0aHhRCnlDTTNMOTgyZUkzTHdnY2I0a3l1\nM2tLUnlDRXRHYWUxTllzcFJiVksxWE0KLS0tIGtQcEVvUzd2bHM0MStsL3R0bzlY\nQkVsZ3ZRZ0lETlcyRWZWNWJZZmdkZHcKcHasORvG0XGQ8SRKiOZGlsSHVkFDivOu\n1LBMwShKpBXqY1vb9VUbC6x77RwR1ABNgwk0ybSxIRq/g8SXGv+FgA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-17T15:13:14Z", "mac": "ENC[AES256_GCM,data:cRSryYYPPVbdkodd63xa7h8DWHH5x5S8IforRB0pYLvbYEcCU88XHOZzJlnw6C42WB/wfYNeE09pG4uEcq8dTxRxseE3vzz+h46EBXQvjhPM/YKvNY5NMPkpda7NVmkABGCydB/MCWpRZBqR2DEyrc0V20/RNIYd7uHfYNi5dWg=,iv:3kLDivvmwa/4C4Nlq5dmaueDSaqxJT+7W21j93yUdKk=,tag:9TZkivjH9C2UtiCDDFohkQ==,type:str]", + "unencrypted_suffix": "_unencrypted", "version": "3.11.0" } } diff --git a/vars/per-machine/verbena/nextcloud/admin-password/secret b/vars/per-machine/verbena/nextcloud/admin-password/secret index a067803..b44a615 100644 --- a/vars/per-machine/verbena/nextcloud/admin-password/secret +++ b/vars/per-machine/verbena/nextcloud/admin-password/secret @@ -2,17 +2,22 @@ "data": "ENC[AES256_GCM,data:1MidunOjhcm7MZSfQSor8xrGR3KSM6CAPw==,iv:/QIxqzJ+115R0C8eH1T6gHeJ5HdDAWcLZzEvhpu9SnU=,tag:PvoxKpIz3nTPlHgMD/MQ2w==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBNUM3LzU0\nTjFSLzNnZEJtbjB1SDd3RXNma29DWWljNTBKZVI3V09Ma0F3egpnZ1FWY080OFZT\nSnBTSEZCRVVPWWhDY3RUNHFuVzI4ekV0NGozR3NVL3FNCi0tLSBOcjZGWWUxSjNB\nMlczM3B0aXQxWDFRMHZHWlkwdHJHYzJHSUl5Mlpndkg4ChTUufpBny2OrXbu9amh\n92JL/Ys1pJMFSTnaDTq5jBe3UTsZhwHUHqwT6AkOQneJXNE29PXpA/6qF7b+mgPR\nlFs=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6Rm1vckdXamt3b2FORFp6\neGZLM3U5NHJKYzZwOWViVktUU0JqNktxc0FVCkdmZWZ5dHV4TUM5RWJkVjFQNElY\nd2VMZDlYTTZkSkxqemdWa3RtZEFjSzgKLS0tIG8wTFRmaVlKMmFTWWl1eE1kY2Q3\nODVyUXRSOGIzVmsxN01STzQ5OVZnQVUKWOxQIt6O0QUXHieU/4GSU5X3F77cREvZ\nxf8gip4jcbR916otZv9gY6kyn8Lrv/l6sVtSwApog0qlLAahRUB8wg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMTG1GbWJjZVovT2RDWjA0\nb1RoWWhmYmdPN05sdnVzNmcwdHJSQTFQTFRNCjdCcWlrOVNjUVVFU0ZNNGw2N1R0\nWUVPMjhRVy9kbGtrczAwTVlYVlVmUEUKLS0tIE5uMHhIZldCVGFXYXRWRjVXOVBr\nUytNaUdMVS9yVyttQVNSOG0rNHF2UlUKvozOnL+B8qkOyvDm1CN6w+NF6eBmBYJh\n49LbZ45Yr3eRFAdqGu4MXf9PrEI5fvHV75I+8UW0jpupECyiLT5Alg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Q2gzZGJxWG5oeERxN1Fu\nQ1pIV3JSR1Z4RUI3T1lQbWMxZnJJemhESTEwCk1rYlpCbEJWcVh0ekRZOG5kV1o5\nRXY0QVVTNk1UNkU4RTJWaFhPQ1lldVkKLS0tIE5CNmpoc1pRYUw5Q0NJVWJNSElk\nblo2UTJuVTRvNnFWNGxqbTZpdC9OK3MKCQZqI5OLGQh9p1aL8rXwJP8chBv0DHQv\nkZ/vHrIWzU0UKkDdXb9dzo8+YDqpSkcLs/RFFT2VlC+fvUHt+hJeng==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFQjFkdnFrSmpWNzJuVmpB\naFQ5bHJ4c2RBSzA3cU5ocjAzTmVSa05nY1VzClRvQkcwZGJmVlUwcEVLZHZ2Z2s5\nQ2pveDJlQXhKa2FycVdFclcrUmRZa0EKLS0tIGkwaFFOcUh5cXhXUG1DYjVDakpo\nYVltdTVMbjJmdWdUSlpOcjA0SG0zVUUKiDrdKte18Zy+CDWfl7BW/+7xtcZ3azHO\n8xh+tDpUQPnVFlKlsy1Qw/JLHHmVwckeNkDa6XauZcBW5ftOgDc3zw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-17T15:13:14Z", "mac": "ENC[AES256_GCM,data:3ljtqcuR64WFghGRQT5sSQtnHE8XhaaYZTZljGVmb9LHpY2p0GVCzyEBTFj4t3RoOfaRh4NGxR5FGGn03WTghN604zXAZZokdq3jDZANXtu5F46dmtaN3JZPPpQof6tq+lNfuYQZBGFxSHd1Aq3iuIOTXLFyox7Pw5ECDHsw690=,iv:b/uFAqMc4KCMscztPxUQ7VTBq0IT9+iIb6U2+xCKlg4=,tag:1Zu11VuTry0fcsXq/Fx6jw==,type:str]", + "unencrypted_suffix": "_unencrypted", "version": "3.11.0" } } diff --git a/vars/per-machine/verbena/openssh/ssh.id_ed25519/secret b/vars/per-machine/verbena/openssh/ssh.id_ed25519/secret index 770a470..e9ea14e 100644 --- a/vars/per-machine/verbena/openssh/ssh.id_ed25519/secret +++ b/vars/per-machine/verbena/openssh/ssh.id_ed25519/secret @@ -2,13 +2,17 @@ "data": "ENC[AES256_GCM,data:rhT/tKlqv0mjlvVCExyYssF9gO2R145z+R4XT6vFYnmVwl8gparg2CGZjnFf7ukS/7Uh/yhG7lMIstd5kaLnmeop9EEclzXoIa4XP1s4FAsb6oD/7PJtxuWF8cvDq+whwYtau8ci8HhkxazVu445rQYzmVOtttxDCwpol+3r+OP6Ey+dSITQ4n03X61bffQoBjnh4gT5wpaMaOEh6B6D1Tzp4NuitdUIBqKgBUi/LSeejePIamkGdhxRJ8ZNua4y9NcrDDxYhwzPkNirQB/Bc6urbaNRKVqdMKhNG4gT0tXkuestfiHwHpjrq0Ymuy7d/RF1M5cLXIY4Hjix8qXh8GfpyxPYBSXilRy9nmgc1k9MkPQvmxdGNis71XxI1oF3rA+wa3VRjJS+Kc+Hu+9aBUr2YY9FrUO3kQg977ttUOyJO9ihrNvlsgDmm/y7cOpQ5Fx7TkSd32ugOG2TtHJTk8+L0j56Xb1kPuoQ3P92gB5I+X0bflYDf1IftgFD/M2lHIRd,iv:9UymekNxnAfYblC3/9sYvenWS2370oD/fG4LHHsXz0k=,tag:Ywl9wF7w/QvYVIIjQ3mrdQ==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBZ0p4TDJa\naFVjYTV6bUFQVXpGUnNRcG9ZNCtMd0RyRnBUdWlWYlhkc3R3Sgo3Wk1ybFI0VEdT\nTkJCT0UyenVQRnVIOXAzaUNPdnpiTFA4K2N0bzVVWW9ZCi0tLSArSjhhZkI3OEMr\nYkdCR05JdENOamNGb01BbHZUeWNrYlBtVTVhSCtmT05FClr7VkQGjxX6VKdkTn81\n5bOcHeNF8wwJsTNc/oNPw0Xu6ZgYW35N2q+QcEPykYZiHvuB3z03SdlS4gwgqd+j\nuhw=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4UVVLd2FJRFdiajdsc3BV\nUUhYMkRQK3d1K3BZVVFkRjlUSVdrL0FSNFdjCjJwK1A5dzZTK1V1VkxiOGJZb2Zu\nY0EzL0xpcXlnNXpMRWQ1UGgwRTgyUGsKLS0tIDJoRHdJc0ZBSmN2dmI0b3VEcGk1\nM014SmpiRnlFZ2ZyVDNGZklJSUJBYk0KsPhYF2PjL4SK+d6KmFKfsM0dBDDG50pT\nsYNf31GpttwQQ3AW6RnR4wzmJa1BG3rc26dXvCx/RaR3YRnp2vCqDQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvUCs5Y2cxaDZVUUdoQXUr\nbFhXSFBEeitPTlNHNXA3TldoUURhOENsV1RVClhJSDZGYjFLUVhySGhLWkdNZ25Q\nNmN6QXFCTmNEQ3l0d0gwTGpSbmVhMzgKLS0tIFkxc3VPNkptaTV6ZFhZdzY5WUVx\nYzJXUThLdVF2RjNSWEl2Y1ZDdUM3QWcKXiLbCTbp5EL+aBjXGeZ6W4HB2yfvRe0/\njXcmu+VMf3BzDiGq5RUADbGCvP2/wR9/FyRDw4yJDPQ9Mzz/eo6oZg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkbzltR3lNYW5VVzg1WlVG\nS0xGdUZ6Z3M0NEc4TFFNTENPK2g3TUhuOUFjCkxacE4zQkRsdE5QK0paVStZenB4\nVTVFK3Nic2YzcVRxZ1dFSG1FbkpUU1kKLS0tIGNJc0Q4Q0ZOcEtmMG1iQlpOekxQ\nQzhLeUIyZWdyYnNkSHF1NUduZ0plSVkKP0UU62uYiRiNEFJv+Rt9gnUZeZlqrA2I\n4WfpVURHanQpUg7MRXGv1VigP+JYNETTBlNLrVW9M+927LGGAWZ5PA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTTkxQUUlpdGYwSVB1RENL\nR09zcEkram84VEFLVnlQOWs4amRSU0Z5U0FRCnVzZHJiUXZ1WWVtNWR3NCsrTVBr\neWw2c2paMXg3c2gyT0sreXZ6MnA0bDQKLS0tIDl6R2IzWnlMQ1EvZ0ljckYwYkpW\nT0pHSkpPM3V2M0llRXgzalRrZEU3L28KqDK0lMkBjiTDD0DNR+yVW+4G5QhJPoaj\nei6UQjUraoMPnuSTrzAxGOcf4Ui8A6kXTDlpFn59Z1+4lU5QrRFdtQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-11T22:27:04Z", diff --git a/vars/per-machine/verbena/root-password/password-hash/secret b/vars/per-machine/verbena/root-password/password-hash/secret index e595031..ff5a439 100644 --- a/vars/per-machine/verbena/root-password/password-hash/secret +++ b/vars/per-machine/verbena/root-password/password-hash/secret @@ -2,13 +2,17 @@ "data": "ENC[AES256_GCM,data:trmjf2lKYlYKajTS2t2pSDVQB3X4NYFNdnapx+xAyGJGgQtGV/TCJDDP+9JsWgbv89+SARrQ1qNhl/tw/HZpaOE66kYhZSEtVpVzsGWAoSdKxQVvvNbySBo2Y1TOfg2JS+f+/O5MLiRoQw==,iv:a/4JT2zmH/uyMYEq7YNR7CoONowtQjRCEUGYTgKj2rU=,tag:2nqHveDnULuXnUWmaW7Rng==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBMEFJUEND\nZHpCSk15SU9kY05ZbmpHLzFzRDZRV0FMdlZmc2dYWThIQjEwVQpkbUlPMnM0dGlK\nZmtLNGhjZE1iVVlLOEZEbzZCUGtMOWhnczZSQVMya2FnCi0tLSBBNGNiaWk2bmxJ\nN1hEaHRuNG1kYzFqWHM4Y3NmUW5Hc2NWNzJPZjlaWlhVCvx8UWw9jQsUsiuGx3rE\n/BaLSczPUgr5FrJAWeNUoPg16ABO6HpaqzOLWSGgPf2ZVTNqnyxbJYOl0/xtFyZ3\nwBw=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhb3JCOHB0NzRlbU16akox\nK2hOMFVXOTZuN0hwTFhRZ1UrWGEyL0M4NkVJCmI1MUI2WmpvSWhWcW56UWNTUGs5\nSmMyQzBMZWdZSkZXQVZMcmxZejBGYjgKLS0tIEt3Q0lUbHZnaTFWUElpZTN6L3p6\nSkZvekVKVGR4aUU1RWRReHJ0aXU2ak0KcvtkTBWi3UmXr7cF4AfKTD3+LulwTaEg\ntgO5ljBVb0vFg5sWcXOXJZWC2vO1v2P1Ry3iTaYdCiWTMJi3O5jYJA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmVlN5UlZKUlJYRVBNc0I2\nMXArM0RXdUdRTC9wZXZOcW1rTW9ORHJCM1NvClFyTmdwWlo2L0c3d2huU2gyb2lW\nZ3RsYUZMMnUxc09VSzdFaEpLczJEOUUKLS0tIFp3bC9lUDV5N25nMmp3RTc2SHp1\nSDA5NW1xc1dIZmlrZlpPYkMxVWdrcEEKR0t71FX4+cgJp7sl7Ra8itIX432lujao\nZeeiAyqje4Q5BZv3XL1NgVYRfbintu8GQpYdUVX0UEzKaFWFN4rWvA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDMTNpMlVVbnd0QTd0NVdP\nVXdCa09CWFZIeGVLcVgrTU5mcjZ6eDlKdGlNCnNOb09vVEYwY0hhVUFTVEwwRWJK\na1MvUnpIMEh0NjdNQ2pmMmZiVnJucmcKLS0tIDdOY0daK0xWd1BqWWpLVGxZVThK\nQzl4ZFAzU0daY2tLZlJ0RE9HZmVpSDAKjDiGLlxXhJ1gbKm2Ni6ZzNOZoYXzC1yi\nsuVAispJbPI5z0Up6APVwjb0Bx0CENqwaK1qUcQdpAPDsIlTAa49JQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyY2J1T29YWWJJWTFZdVBz\nUW1QenZpSk9heFZzT1l4MDdPZ3hZZDJsaVdJCmxEZVY3dE1KTUxRbzNJSXlzYWlG\nNkxEKzVwNFZuYnZPL3RkUHpNUU9sWjAKLS0tIEtaYWJwR0pCdVZLbzdoZEJvclhY\nSkI5aXlXRHF4bHJFbk1ITWZReENjNVEKZsO7MbytZkFUbbNgPxm9iqN9U3ZVDkjG\nrB8tZHWMh5no33/IfC8WUC+54JbEl4YpI8kx9X7lsV6aro2Lv+Iuzw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-11T22:27:07Z", diff --git a/vars/per-machine/verbena/root-password/password/secret b/vars/per-machine/verbena/root-password/password/secret index 68c6667..4eb0cce 100644 --- a/vars/per-machine/verbena/root-password/password/secret +++ b/vars/per-machine/verbena/root-password/password/secret @@ -2,9 +2,13 @@ "data": "ENC[AES256_GCM,data:8KysUmawUtddgXWrH52syDDHO89TngtD3vVX6BWUJUuMfD2YaNCfQQ==,iv:d37zoPVJlRCsaQRJOqc08OoiwjclHu6yIwqHCGg0Nsg=,tag:YxwhlS32hvP0h2yo2BhCSg==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbTFyY2xw\nZHNaQzQ5YlRpejZ6OGwrUzZsUm04L2NQd3pMekZYVzNjalNmYgphVDlTMStwZlJH\nSVJTRGJDN0NKeFF0QVNxdUhLQUMzWE5OVnRXL2Q5Z3hJCi0tLSBNYVl1MEZmdGdM\nUmdiZHJPQ2MrdEd1MDY0VlRQVXVqeFBvWmluemJod0VVCpmPCv4gusEkJu35guKH\nvUcG/NqkMLC7Ez3bEOxo+x8sb+WEsQD7BwrAh5el8OVGBw/hoiQfGZk32DJYdkwn\niUo=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3QjR0R0MwUmM5bjdNc1ds\nUVRXM3h6cU1WZitKamR5RWVUTkpkWlNjaEVZCis5emhRT29NZ3REbzc4Q3QramxD\neGV5MGk3OGViV0JqVE5Qanp6SFIwdjQKLS0tIHhtSWNaZ28yakdPZmRvMHFvaU1u\nRlVENlZtR05BN2IvLzlPWDJ6TW1yODQKf1mPIanTCfvsICJz3Sl3WJKGxjKW3IjP\n4lj9TjvxaWRodubUWo+H65j4ldu4sz9Jkt5S25eFwKCXziMH2CeDlA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKeFBwYWhSOFBQdHEvR2Q1\nVHVGdlVCZnNvM0l3ejd5U1JaSDF2UVQ3dzA4CnRpVzYvZ3ZRQ0lvWnBvY2VZcDZM\nclJyWkRjMXBONVRhOE1hUkgwRFFXWFEKLS0tIFJHZHRXTjQvRWFSeFhxRllieFIy\neEd6aE05enoxNUs3VzZaWTJXemVrMUEKo7uiDkQ6quMRPKhtlBy/e8SuT03/ins4\n8W3seLVX1HNm7rzmBTJ8Qkbyc64TLmuyAR/3LwgHZ0L4s/YjiSyUpQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-11T22:27:07Z", diff --git a/vars/per-machine/verbena/step-intermediate-key/intermediate.key/secret b/vars/per-machine/verbena/step-intermediate-key/intermediate.key/secret index 6d9822c..7d39ca4 100644 --- a/vars/per-machine/verbena/step-intermediate-key/intermediate.key/secret +++ b/vars/per-machine/verbena/step-intermediate-key/intermediate.key/secret @@ -2,17 +2,22 @@ "data": "ENC[AES256_GCM,data:QviBFbMDWAFaeuBSOCTA+qnQZlOIK1KZVK/6GzlsmouLxh1rytk6EGeSQycHAhQwuddinTfU3VKGT2PZUmUhOinHrcf3RBlD+QMRUSf4Ikj4Q5dCwW3agSe7fzRutRVTA5cjBQaKnWPllYmy4+l3Am9UfOPwz8nETzvMK2IfttaQf4w6KJOvg/mxT2OM96pzRIcITLBeNpZI6Jxjds9LQVcisEwpQyxbJ7qi5QnICq5wTtlhh6fGaYM38FTLcSi7NIspP3BN8teX8oOdY01JjnXpIuMSKVQSya6RPUWTEQ36hlY=,iv:E/SCmZoEGVu1ou3Co+kEXDm6cJFrLrvSTbfdkeHrkIU=,tag:+4ACjvUtTT22r4uepTfWjg==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBdGZrNUlX\nVEJaK292ZXJGNURzR1pBYjlFTWpiWTFLRWF5bU5Wa3R6dFJENQpRRjAzSVU3bUlU\nTGp6cklUQzFLSWxuNDhzSXZXVXRxNXI1YlNqUlFybW84Ci0tLSBTQ0xEeWlaUDNn\nUWVpZFNMR1RBN1lEZzFpckFaK3JzVkFKUm9FQXlobDR3CiypS861jd/CcpnK4j+s\nsRS5ni79uNk7dMd6f5uRWjJlHcXPXuOYYlu35/Sih+2K6NcVA21+CF1TVcHpT2o7\nxXM=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzNVA1WFN4Zzdra3N5eFgr\nYXlsV1VTREdNUXRabnc2M3BvMUc1dGtUc2hZCmxETndnMHhOZld6SlVqSjdpMmpr\nVHpUcEZNZGoyeTRRb0xuNForWFI5Qk0KLS0tIHk2bThkWnhZMkxzZGVCTnpjK1BB\ndFhqeFhtbU1BZjd6d2ppZFUreGFnMkEKI0p6y7ceUxUjoPyYh5XbsCIVlT7SPib4\nNl2cy/Lwtn9i1U0UmNTpsVYzVZqaPUIQgsnyiNdPXQhQBR+F1EUVUA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5WFl2Wi9vd3FweDlBNnQr\namJhSDNNVnhXTFVRdkpzMHZWZllRMWwyenlzCmI0dHQzZ1lUSEFQckYzTDdFcTF5\ncEx0SGtKUno3TDlxbnFWdWtYM2xwbW8KLS0tIDQ1TDIzVVFZdmg4aGJYSGZaeTR3\nOGsvZS9nd25pUCtOWkViVHZqczk3S3MKednlp+IiGjQfOEEq/Zklgmb3rK110KqM\n0EI2c2Ccx+I4ss9ukV9xxhCQymW/siqifgc5gg+CORB0E3RIc1p5qQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzTUhtbExZWS8rd0t3NGZS\nRnFYdEdGdTREVEg1UC92NU5pV01ScnZndm4wCkN0ZmdqdGdqckNXWDlORlJDRjJ5\nTEhJdkhrZDdsSCt0bmRqMEpQbEJVNTgKLS0tIG5vK1kyMnFSUWY4SDlNTHpZYkVI\nK3FqMWpYTS9naVViZGwzK2NZOEpDbU0Km5/uuZUR4c7E1nnna3MkBjIswS5/M9Ct\nLDXGXjjaksqwukGjPEMvcu57f34TbLwMAZuPUc0OKbIOQtldokwugg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDbElMdkpQVUJMVE5NUFEr\nUy9pUjUyUnRVckh0RzZPVGgvM2Q5TTB4RUZnCmpOZ3BEaHMrWGpqd3duc2ZqdGlR\nNG9WZERPZ21KU0RSekI3eTFIYklOemMKLS0tIFI5c1pEWklodjlvOTYwR3A0SmdB\naVRqT01MZVNXNmN6NCtlay9JZkhZSjQKtm8GlfVaPdN8lfOZksRBmZu1ty/dBjVi\nzyPGRfUgIiQtUxFPCBDu6eKGUJ2BLFxI5qIyiXYv4Oh0t4X6heNIag==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-11-22T14:02:44Z", "mac": "ENC[AES256_GCM,data:9MuR8Na+/sEhfuTBrgHk2ydsUgo3UIQYzS4PMWIwCcqKTzZ4rqB2Xynq0PCsqq+3l/ZadtzDwB8gRP6m0f+wL3ZUY8lMG74lek6mBLLAaIUZSflgg24V2o0naKWCZVXWld2GKWDOxupUM5bWYE6SLwhOuepSZ4JMH59mD925v9Q=,iv:aKzJFPgfVqqpETySdFIM0+MVGr8IFcy0M2lzbWVPjAM=,tag:vZyPNmwcF5l1PgyMBjtp4g==,type:str]", + "unencrypted_suffix": "_unencrypted", "version": "3.11.0" } } diff --git a/vars/per-machine/verbena/wireguard-keys-wireguard/privatekey/secret b/vars/per-machine/verbena/wireguard-keys-wireguard/privatekey/secret index ebbb1f9..23803e3 100644 --- a/vars/per-machine/verbena/wireguard-keys-wireguard/privatekey/secret +++ b/vars/per-machine/verbena/wireguard-keys-wireguard/privatekey/secret @@ -2,17 +2,22 @@ "data": "ENC[AES256_GCM,data:Le4PZ5jFQXxJYGb8LgjrK4xWbjGvVgRziD1IYove4qmoIYfxNmbb8zZxctZA,iv:PqFFN7WM9oMXk1w8S3Gcqv5nIpaB7KrcqCIsX0L2ONg=,tag:SpVwb//AdQUmMhFf0RzMWQ==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBNUhnd2M0\nREJLNWlJaXFjRnRLVisxc1pVQnJ5bnluQUNqcW4wM1hscU1GTwora05SNGJnTVFS\naVZ6TGc5cnZoVHRQMEJXS3plTUVOQUl5TjFCenNwNXZFCi0tLSA5M1NWQWtWS2xy\ndFJIdHJmT3J2aXRmZ0FieVhTcUtLY1Q3TVVva1pNRkVBCsObaUakVpSiAHvWbXPR\nqHbzq52YKP+k5piBmJrKLCLtnXA+2jry7SIgJk8kEKmxRfLbPD9AnyL+bmT15x9h\n3Ms=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGSVVjZklZalhseTVNQlpQ\nUG95b3FGeitxNkgyN1dCOFlKNWJMNk9BKzJFCmNyMEk3OUtiZWRhZGNuNGlvblVS\nT0hUZnMxQVJrY1EyUHI0dmNUZjloeUkKLS0tIEZRaWQyNWNjR1p6NW9zY1o5ODhh\ncFBxbmtDTEZ0aFRoelZOakxoUTJlOUUKN2AsY9Tv/5tpZarqpHyk0iBwh233bhVB\nHrFk+991bzxwZ5F0KeObg0yu10C7TfzxKOM9wYmbNeZf29yDSNKsPg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4TnpzbkJMRUFPLzA5NUdV\nNXAycGFCNmxwQy9RK1NKVk1kTkpJZDR5TlJFCkdQc3VZL2RaUGlOU3cvTnNSeVdP\nVkk1b0ZOQVdiMTFxb3k3ejA0aGE3aHcKLS0tIC9XNHp0T2NoeGtxU29oeWkxb3dm\nSjdiZG1TZk9jNEVZeHdVWkFPL0hYQ00Ku361q5FT+1EnJAOUdn19givCtoKVOBrp\nRylyba7uM5sEtDkrcHvlOobLuNWpMp8RnXeMzrt1c56u6tSMqzUPZg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYSWk4ZFB1S3ZPNlo2czJx\nZ0FWR1BLSEhxMFZtbFlVQzNtUHhub2Z0a2pBCk56QUJaejJBY3hNd2tNMDJqbmZW\nRVAvSVByZ2FuV2dVOWtjWEl1d0gxT0UKLS0tIHdLM2xXVlAvZkxvWmFyeVBTVzUr\naTF2cUlzMmpET01FK0NpR3lacFdPUzgKwy9/GGkmP1XKefAxxDEqqcIlhMjMm7Zu\n36jkKo3OqOScyW7F56qQ8dueukJcPMmuWl4zMKku+yyhm8pvmKtg7w==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXeWN5bU5La0t6dUIrM29k\nS3krdVJOSkIwbXFQSnVjaWtXRldibzQ1ZlRJCkh3VnBoZ0lTOUxFRnBDekUzLzZJ\na0ZEUVlhaFBTdit1MmJPQ3RKNk9PMUUKLS0tIGVpemRSVjU0VnhvMkk2MHJrb0Jn\nVytTbGFLdXBDU3RaVzVDazNsWGxiZEEKgBKjnZR7D/LfuCtKFxfxJ/9k/QdnZ6MH\nnzU9Mzv7DvqHX6eAFGt/sYyO6xkir/YFCV81sSJNp60cP53pB4mkPQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-11-21T15:59:22Z", "mac": "ENC[AES256_GCM,data:5b0R/lLXv2WL5WJ1p+lzzvU11VshSrs20eND7sROcvZ+9bIC0sX8wAozyTPMsPvXEMpgDk2HWkULaJH//zZ6jjC8i+b9c4vOvj+qF02uea6+KwhC/ZvAhZzNkHe53zyLcfI+N8/p2tPkZwEZfpNln36GKRtyxHQrzlCmSrRWrpI=,iv:gSN7EpfGZexA1pEIKel3Q6V2SPWXbfUXtHF2LqTm14E=,tag:JWkTFLOxsRP/phNLKBQONA==,type:str]", + "unencrypted_suffix": "_unencrypted", "version": "3.11.0" } } diff --git a/vars/per-machine/verbena/zerotier/zerotier-identity-secret/secret b/vars/per-machine/verbena/zerotier/zerotier-identity-secret/secret index a158472..5893ccc 100644 --- a/vars/per-machine/verbena/zerotier/zerotier-identity-secret/secret +++ b/vars/per-machine/verbena/zerotier/zerotier-identity-secret/secret @@ -2,13 +2,17 @@ "data": "ENC[AES256_GCM,data:msrulcai/A5C7SmFzRsIgpAWFft6fHURoVQCPLYjEIQcWOm9K8mPpeX8Wy6tLp5Sz1Ts9WC5RCq4G4baXWYi4YZ/sP0shJVHQnSjJbqNTw40NN07snlpSiwyGK8zU/RGyS9jxA6SHAiw5kCFZwdLbkVVHwgGIzxq1a6fztMr1gEjfPHILZ7hkEoNGIA/Z9/ry5b7gFdFLdjW3EfjBGdDJX8+Vk+QPqHJEYM9vR5kb86XkH1ZSaKtKaG/vIvYm932iZUP+J/MGee7RC5epvYKUgdKj3Py3w4YQNO0IY7gyzgio3Qr/qQaclN9kPY9rwG6WPbPT46SxJAzzqzzhkx9wJJyLSiFwm8nW+Nfy1km,iv:8F/sYFTc0fiIgTFmssM1nVeG1OZnqS0nXU5ap7QyK88=,tag:BvWwqQPX1QSTyzavUvIhVQ==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBekFzbnM4\nYnJDS1V4ZFRIcjl5UjlQZ05MRytRb29XWEREWWJvcXVvcnFVbgpRR0U3UkJJSTVN\nTEdTVjltVGQ1VzJWMm9UelFyUWRnaGE0dlV5bzdPSGRJCi0tLSAwdnNkQW1nL0E0\nZzhGU2JwR0lEMlpCaDlkRHRXbzBkY0VrT0V1VFBRNmJFCvJh3s0zv5JaSU2xS4oQ\nIXKdnQVgVYjLok8daJhvJfmbUslb3XQq5wsF8HCnAot2SrvLi4WG9vvE52/VRqfJ\nwH0=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5NEFNRnc0d0ZEUVJmdVk1\nK1RSVWt2QVBONWJFYzNwa2tDTjJ1N3QveGlnCk1CNVphQUJmd1hUNGp4aXdWV3F3\nYVBOTkZ3dWwwYkNMdnhqVkN1dkJRL00KLS0tIDdjc2ovV2xES0pVS25mRUdWOFN3\nN2lQbEd1RVliMFFzS2pVWTk0aWlZb2sKu6hRIchibcxfJH8Vmm0DJ0YyiRf1qGMc\nQr032pO6WIH9mzs/z+3c5wbpm9StTk4WWL+oytiZl0om2X4Bx3BlWw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBubkJlQUJpZ1FmQVRLYlh3\nVDdDN0JiN2RKam5oU2hlZ2Q1VnRrcytZRWdrCjNENHY1Q1JNRm5MUEVOc2o2ZG9t\ncXVhdU16MTIxTXlKMUt2d0dSVHd1OGcKLS0tIDFFdDhxb0dFOTFpS014a3FoUm5w\naTJMT0o3bEdTZ3JnbFROUlk4cVNNZTAKIlpOI82TjmiMeKSa/s0ZZnFKFwIV8Z7I\n8iYTrq8/3iVMes5kVgfhSk0koo42O74cVHF1xex5QI5PEZ7BELNfyg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRMzY0T2tIYXhFdFdaQUYy\nbnp0cHlZaktpcFVSZEUxdUF3WEN5anNEZ1IwClZaOTJ1MUozQTE1S0J4UlNTOXpG\nRFg1ZlZIQ1ljOVczNklLSGtEVHJKdTgKLS0tIHgxa0RBRUJ3a0JRaFFreE85aXYx\nNW1rZm0zSG5nbnl6eHN1eGxQM1JRajAKN+TuleJyh37OdavqJaIAV1wFq3APM8Gp\nVDL+/5B7U6BY/VogWAkTQeCyVURdzdFVp7RAE4jPJYmqAZ1twa3dyg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2UDR4UjdacEhOc2w5bmRM\nc2ZxRGRCVG5Ic3B0WXVlbm9TNTFjQlV0OUdJCmtySGxwdHpIS2NUNUpkcmhyM2VY\nM3BqSXNOejIwRm5jUUNSanpnaW04VlUKLS0tIGlEY2JaUzlINldWV1UyLzBpdjda\nS2p3WWRCUmJsWFBub0d5dkovOWNBV0UK64PEjSjWCE78GcNo4sZwvQ1VnJ8FtqjB\nW+uNuvF15/C7WjBAHyoExGKZQf1PflHS5AkrzzQCqMafJe/c+fBI9Q==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-11T22:30:18Z", diff --git a/vars/shared/garage-shared/rpc_secret/secret b/vars/shared/garage-shared/rpc_secret/secret index fe49d73..e39344e 100644 --- a/vars/shared/garage-shared/rpc_secret/secret +++ b/vars/shared/garage-shared/rpc_secret/secret @@ -2,25 +2,29 @@ "data": "ENC[AES256_GCM,data:/lXB/mx52rLK4TzJgkyHYleiKQLX/FYVRdgSPrg1+cLzpMxHFRUfedoovKC4ibFHNhnLO3p54TAd353xiINvrX8=,iv:kbcqCEC6/i58u78HQRTXaozOrrdNS3PEMrGfHJqxuKY=,tag:2s/7ZGLok5BRbn25h2wetg==,type:str]", "sops": { "age": [ - { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCK2lsTXRaUWtyK2M5cnZy\nWk02d3Q0LzNoZFVmQ2hoaSt0TkdKQ0k1UFNZCnlSNUtmUUQvdkZLL1lWNFlJMUMr\nck84aWQvQzRsVCtuVjBOKzBIejZRTDgKLS0tICtxZ294TFljMVQrOTRrcGRMeUZi\ndGxDejNrYmJ2dnIyWjduWC9ZKzdXencKYjK9px4Am0ZjYe2lcqplyc9AJ54Rstz9\nlM63nASAdDGxAfS5enR6G/CaV8Dc1fI6Qmuk/GIV4CtzfWYMuNyhAg==\n-----END AGE ENCRYPTED FILE-----\n" - }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2My9EWUVCeWhSbVhQUXlt\nWExERjZMSTVYVTk3aFA0YXR2NHVKbnFxdlNBCndVc3BFdnZKUFlROTVrSWNPMWgv\nR293aW44MllKQkxpR0tUZ09sTFBUTE0KLS0tIHQ4Q2ZoK1p1amE2MUZheFh0RVhk\nbS9qaFBPUnJWeFZGRzJqK2xXVmx3dWMKQR359LAW0hz28m7FUuLBPcyrXVMVTRBV\nl54u9MaXHgriFHoiTWYkDitou8ZsNrn42PiyvS6ThJrJZKO3EP8tzw==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmUGRyWG9kLzE1MG03VDVL\nRG9PTHhVa1p4QUVJbTVpb2VDQjZ6MXRXU0VBCnJzYnMzUGxBZUhCTUdhNUVxNkNn\nR0orZEZKNG9VZ1lLMWphaTBBTWloMDgKLS0tIG9ES1p3TUpSTC90QkpHdXI2eCs4\nSFdCOTBYUldqeE1MWXd5cnlVKysxTE0KlecpIZYa0WoGXheUmSuVVDOGVrehJ8Z1\n/41YSZgXI0bY5sKOetz7hls5ibADXk1CyOqJ4or6FiiELN/rmU4QUw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlQTIzWXlENExiWDNSQzNY\nOXRBTlhJM2tGdm9HaGMwaHRjckdZTWRHcnpnCi9lTDBKUndKb25QWEYzOEVrYXdr\nb1pYcFJpWEkxVmpvTGF5akcvalV1QXcKLS0tIFRNajRRU0FVN2pZM1BMSUNSdXgz\nUGhOVS9NdmhGTWNIWU5IUk4yck1IOHMKTXvuujobfCE6DoCntapLbdvnyd3RFH4y\nkPJRTL7sxJcY29KRolRALN2//OSs+NnecYX6ZnuOzw3P0PtM2lTq6Q==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0bExnei9abVMySHJUek4v\ncEtVZDhITnJCa21Wd3l0S1U3MUJobGlQV3owCkRMZW5YT25XSUNZVjBDWlgzZEZF\nNFJkMk9JTERUS1JuKzZrVGlZcnorZU0KLS0tIGxUZTU1eWJaNFIrUjhOQ3F1T24y\ndmxieGNlb0h5azRqVTlSOWRlbm1sZDAKB8+cRg1KIse4oKUHuO0uqucOAowPPJYv\n0KVithQLEmHRmrIl8XrXjdRwQsA2i6QL+/yxtQbm+y3me+j3kmveSg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNdVM4WnB4N01NVWtmc2FP\neC9DdGFvM2c5a3hPY2czeURXMlRHaVBDRmtJClpGVmhnTy9HZmFOUTRmVVhSek5v\nT2UxclkvYU1iWXRldStrTlBNVzc2NWcKLS0tIERjd29iRmVkamFoL1E2NzFVL1p0\nTEV4aDcrV05Camlhc1ZOUlRHUlV4QkEKlNtRRO49rKOSFnXDK3z/p376jnCiV8Ma\njvmSCyHKpU4be7H4ZtyrvEk3Aj8kV4Ll84ut9tCvN3mqhoLpDuaI6A==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2ZDAyUk5ycU1Sc3FJU3ky\nekxZb1VVTUFvQnpoNVZLNC9ib0kwOEcwM0dvClNEN09iY2pMVndBRU5KZmlYTktl\nQXRzQWRJMTQ2R1VFZUFmSGJKdE1GSFUKLS0tIGZ5Q0FpQ3RWSXZ3WHJiYTczc1N1\nWm5TdW8zNEVnc2FDc0oxaFpaQXJHUFEK6G53gCAkbvtkVCBWt9yRaKIeU+zhTMEs\nkokct74bxp7sX9bysXYlSMeTrnsVV8f7Am9XhY2eixESVVcw6K5oVQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBelJCYVhx\nTnJ2Ri9YQWhmUi9VMW4zUGRjWVpVMDdkdUc4T0JMSm1BZXA5YQptNWkzT1hja04v\nUDZCK0lYWlY4UmYxa0c4Q0U4MFlJc255c21oK0ptbXNvCi0tLSBVNXBlMkg4aUtj\nSlJGTDVLMGQ0VS8wdlJ1VkN2VjRtY3k0eE1BQVk0OE4wCmqOPtjhzLx3I5r92g92\n6qcIpcryoNvdph+DSmxarVPCtZgttb1AwwvPfESGz17RZnj9Hy5WW56wb9kSR947\naBg=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBESDdUUUh1Z0lvZ2ZTTU9D\nMkhsa25xQkpLSk1NSU83UE9Zb1hTUkNEc2dZCkJCWlRiamF1eVQ3RmRsRnN3R0di\ndWFOcDdMak9ucHRBKzZhVFhDZk1SblkKLS0tIExlL1VEd2t5c1JWTloySFBRRUpv\nbDlLdi9tMW93cVByZ0hjZjlqSThqK2sK9QDOF/1actI1L6j734HDXlTvSdBoVUAA\nMDtaTG96gTR2qOBR37Ie+87evLbU/+v5WDWF8Mew9znEdWQ7SeRTGQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSSU1kN284aW44dUpuZ1Ir\neklBZGhDY08vdXBHdlB5QWYyOW5ZRE5BbFVZClNNV3AyeEs2RzhuWlVaZEg1NEw5\nbWl3ZkxhNmRaNXgzR2hXSlZoNlE4Z2cKLS0tIFh6QzBYcWNwa2JLWkJMMlk3Nmtx\nZnZNcUc4NHcxbUk5c1BMSDN4SmpsMWcKigXqOvDhGlGfwE/KEJRbm/ErRpXM5zZd\nLrCWFYguj2r3QdrY0TWmcm0Kelympg03zKAG25KQqAoY++VgVqZemg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEc1BqcFdDb0Q3ejB0dGZl\neFBFa1hhRWtaVm16bWV3RlhxMFdIaWM1ZDNNClg4MnF6MmJFRE9NVVlxQ2Z4WlJw\nQ3NzNTRaYWtVbHc5NWJkS3lPdkh3YUEKLS0tIGxPRmFZSnNJam43Z0U2L1RNcG9n\nc05DY3VCeDErM29uQUVlZ21JZDNjNjQKv7QdfJkROWQqutcU+t2ulv9k9r7GEIkt\nG5tI9ZvOl5b0jUysoNqRWr0n+/+5FKLFXFUx+Gi6uJDByVvPmJ02ZA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-06-19T21:51:53Z", diff --git a/vars/shared/openssh-ca/id_ed25519/secret b/vars/shared/openssh-ca/id_ed25519/secret index 1656201..9d8db16 100644 --- a/vars/shared/openssh-ca/id_ed25519/secret +++ b/vars/shared/openssh-ca/id_ed25519/secret @@ -4,19 +4,23 @@ "age": [ { "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZT2tidTE5djA4T3NBdnRX\naTA0bzk0UDMyU0Z6RjRkekRaTGNXeVQ0anl3CmNGdHdrVUFoYVBBWE9vZXptNG53\ndGFwNDJHS05CZTg2QkZVaS9oM0hlUW8KLS0tIERDMHcwZ25YQ1U0eldrN3NJQjYv\nY3VORmpYNXhId3lBRGNDQ0U2SmhsOFkKrYaU1ecNmn4xRmN5ix9P6jIr2U66GGoB\n1TI/bBUIM87UWH2UzAJh27vEcUHWOnGPaxkK0DLbVQlvYaHhFLgKWA==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUZE1TWStneVdxQXFOZmJL\nS0FyMUJNOVl6YmVPd201Tkg1WVhXQUlKZlFzCmJKNkMzTFFFSWtwSmRwU3BKWHll\nMDZoTDc4ZWhJWVBoTjZyYTlkVWhQVzgKLS0tIFA4U2RsV1dRUUVrRHFONmNIbVd4\nVWdLczNmRHJha08xVW52eDFjZGc2VnMKmuFKHMIjfReYtAOuxzJRenE9+Tc9FRPG\nc1SiecHn61rbnrbjmupdP407B3bC1WjzTQeAXCkOj8RVbneUGHgwyA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxOVQ0cnNsRkVwWTRlbnEr\nVVpTdk5qeEd4N2pKRG5RdWFEUEZNSWVHVzJjCkhpbTBQQ0FMN0ZxM0lUQVp1OGRR\nRTg2UlNIWSsrOTVyZkFpUHRVejZEUWsKLS0tIHh5K3FhbUYzbGhMd3NQaEtYaXJ0\nWWNGcStqNlRWcjlIK0todzloVSt6UnMKUJrzlviBrViU+2twOYUDyM854QT5Ym1x\nZbixBy7iKNL2DWAMNruTzPSa83/ZC4suxfcxWVgepMbI+oPgph+vZA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUWkVLdFpTejN2dTlRVk5J\nM2wrbEJoNkFKNDU0cTR4SnMrS2ozU3RVZlZvCllUbkl1MzFtYWFNWDd5WUthdDl2\ndisybUhNNG8wbHhuWDhHSzZJWS9uREUKLS0tIDBIYStMT2ljWThyeHRPTDVWZXov\nSUJXMWFwSWsvOXl4M29IRlR5c0lSZEkK0KQiBXvu/iMPdH3sWsL3VyQKq84V3Qll\nCpnS+ydpiugOy2HZxPXSeFZe/jtXD1FpL2jHN1wu52T1CNPj2nmwOw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlZTlMV21qVW1Ga25LNlJY\nVytXamxqT0NxZ0VPaWo0MGk0am5IQkpSdnlZCklXUkgwWXA5bm85SnZ5L1pIcEc0\ncGRybGZqZzUxOVFocm5ZbWYxS2wvLzQKLS0tIGo1djJRdm1wTnhhTUM1VW00VFMr\nV21hU1BOajdIOFhZZGtLNENHRVhGejgKGv4Ra7iOeez5fZax494FLDU/sstk/Gm8\n7ZWETJI2KfdSDlO3BHKr/V/mYMt5v7TsPkOIT7wNS2sGd/+YF1RKjg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBL2xPWEo5\nVk1OcEZFd1RPMXpaci80U0h3RXJUTGs4cE51TWhBUVZmWXhReApma3ZwNmY5RTN3\nMUg5azB2a0JEOFdKVW55OVlaYlhpOGxlQnptOXNnRTA0Ci0tLSB3TGplcGpsYlRv\nazdFbmZmT3ExZ0JzWVBPdTZGN0tXVWpPK2x2Sm5qc0U4CiGsscDAKIt2L6Zy1Psq\ndHU94gL+SAVxYgPwacSOoF9RVM2OrCVAVCHVouqs8JRM1Hb89HK6dUSnUFT6aN3v\n3x8=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDYm9CN2tBaXhIRGJVK3lm\naDNqc0pHT3dsbzJHSzhNY0VzaHp6d0xvZmpvCjZaZEZQNm1tYjdWd0U1dWN0cERm\nN2xldHBvQ0hCdjRjRE1ObVlEN09HSE0KLS0tIG5kcDB3c3hlUFcyNEJBVXd6VUdP\nM3l1WVc3V0dtMFdGYWFlNkVqUHZ6T2MKEbbAqJUuw7B57CMCuicZgTz0WAwTB52r\nh7BGTqifDdBgPkuCf7FdCHC9TdmgCM3WhOI9f8EKO7EsO7aVLFdhhg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNdUcxWnBQVE81eC93RW9l\nU3hjakJOYkI4d2ZHWGQzbFhra3dXSW5uT1JBCjgzOUMyQ3pwSnYvWU1pbTVKQlI1\nZnp4dEFESHljT1NTSUhLRWY5aEtrMW8KLS0tIHEzcUFSdnlXTmcxV0JMaUdKTEZx\nQXVxck93R3VmVncxL1JWc3hraVl4KzAKT+6unbqXkdIqMP1ZLtjnI12IVVRbPmxY\n8JAxWm6GwqReBHFT7IMIbMs6p54U2avEIPZ7KRA1dpOyQbO84eQQYw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWR3hUYWxTY2tDUngyNVVK\nOWVldjk2MSs3di9TaXNXeUJtR0hOUXNFUldjCit0SXZ3akpjMm1tT1RINE9Ib3RF\naFFUK3haNkgwMnQ5U3k4VEllb09RelEKLS0tIHBpRzJ4V0NwWDFyR01PTUc3UmpB\nZTFMbGY2L01rMVVXY29nVldhK0pNb3MKViPo1dUQ+lZvL7lKazuVcaXN6Grvrn0W\nx5S9eqg32Rra+1F79ozxv3j4Jzu/3fKTdt9jkAFy09hPv5/Zkcqlcw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-15T14:18:28Z", diff --git a/vars/shared/step-ca/ca.key/secret b/vars/shared/step-ca/ca.key/secret index a61500b..0d30b6d 100644 --- a/vars/shared/step-ca/ca.key/secret +++ b/vars/shared/step-ca/ca.key/secret @@ -2,13 +2,18 @@ "data": "ENC[AES256_GCM,data:eJ0fq3tBFpJmKad1zQoY/2EczN1tnER8Mxo8erioOUBi0caiH3BRUdHQzLU9gbfbmr2CX6X0PzX1G5TknROF4d0n7pK4lLzlH+/zXX9niLkZKf4sNibUcAa6xwaUu+bQZPdrbMsxz0hFjztTHfhhcEkqTwImYcJxtmKNQTc0qJSq7C4j82QVJzN+rvAnuEBp3pXMnqbbpmmUG4D6oIvdR8f5e5E8qe/fO13s8EglU583/sTV5Jm/dMPvyQVhL2U18GiRAXCTcJ8abHU1yczMU4aZKqpQwinG1pLg267IRxvrSaM=,iv:+NWxLy+HEtZ2m8eJGk6Y6t0B96QhdLa7zBtLEMz1KRM=,tag:7ccHbUUEW+GX/TsfBHzdXw==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBNGVsREZJ\nZDhqMEthbzVqOWVjTVVubUV6Z3dRdEd3aGFZYTRIVlloVnM0bApHQW5CTGdMZXkr\nY1FDbzBZeDRaVG5KNy9QeCs3Zm1EOFUxQURnNS8ycXJZCi0tLSBhUU1VVlhyR2RX\nL2NWL1ltWUwrNUh3bkZCTzRSVk9YOXNsZ1ZnNkFPc3pzCrkw4Kvv1buOpoAgRhJ+\nJ6U+ahV6ntjIo62NbrOxJZC6229/BdjE6V6bIPYRo3I5VM1KhRaHIwnvWK+qHaDW\nhc0=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5TjB2VGZqQ3IyRStqQzNX\nbXVhT1pXei9xUTZ3MExLNDBIbkJPaWNyOFhZClBqZ2M3d1ZCcVlQTzlUbndoZ1c0\nVUNlTWdvcDI5aEJhQ21SSytVQ0lGVFUKLS0tIFd4VkphTVJxaXBhUEo5ZVM5bDcr\nTHpNSkt3QWtJbi9aVHhvTUZuK0RNeXMK29n+ztstGWzPcMeQ95Hg8m9SjrXlgjq+\nWNnky4dNUInqw5ZQrJW8ZYa7x3N0+dSw9jVxqNdfiyZBs8Cw2lkuJA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6L0JPTDljTmtaRkI0QjZ5\nVXQ0SGV1bmlDUGtFZ2hQUytoNWNIL010Z1hjCnJMenhWK1czVnc0ZjA2K3NydFQz\nMnd4UmxGb1EwSjVaYVdVOHVxVCt3c3cKLS0tIG1TRUV5bEJTaUVZR2JEanp4Tzcx\neXpBeVpxQ24rSUlNTGxyVzJiTGZiRmMK9mFyYmlj10uLN26u9mfy9shj5jxHJuyF\nhrw/zStA8tVLt1Hh3vNCdzpp2YgAzcs1t+8nEaEeuSvHEB8RZhrvjA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-11-22T14:02:44Z", "mac": "ENC[AES256_GCM,data:Zua39bnqFiyDcf5aWMo/PcbjN8/EAecI/nOuQ7WwSE7KHhQ+wnYMDaeQFROYSjvlJdzn4upCeQCpid+k09ZSYE3upUdCVSiPqo+IFziE9kifs5if5LS1V39QKvHP5h2rXPrwS+bYPk8Z198HyX3SUu0yoU7DVZ+zrt4s9hbzuAA=,iv:NxsrTAhEYPvWGjG64n7mK7ABDXaLKHxYazqYfuP4giY=,tag:AbpEDuNkC3kBOtonVzdBdA==,type:str]", + "unencrypted_suffix": "_unencrypted", "version": "3.11.0" } } From 2d8bf05283553db5fb159ebc8e2a2eed26d61a21 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 31 Dec 2025 00:22:18 +0100 Subject: [PATCH 339/376] Add key(s) for user rpqt to secrets --- sops/secrets/crocus-age.key/secret | 8 +++-- sops/secrets/genepi-age.key/secret | 8 +++-- sops/secrets/haze-age.key/secret | 8 +++-- sops/secrets/verbena-age.key/secret | 8 +++-- sops/users/rpqt/key.json | 4 +++ .../borgbackup/borgbackup.repokey/secret | 12 +++++--- .../crocus/borgbackup/borgbackup.ssh/secret | 12 +++++--- .../per-machine/crocus/gandi/gandi-env/secret | 12 +++++--- .../crocus/garage/admin_token/secret | 12 +++++--- .../crocus/garage/metrics_token/secret | 12 +++++--- .../gitea-s3-storage/access-key-id/secret | 12 +++++--- .../gitea-s3-storage/access-key-secret/secret | 12 +++++--- .../crocus/gitea-s3-storage/gitea-env/secret | 12 +++++--- .../access-key-secret/secret | 12 +++++--- .../crocus/nextcloud/admin-password/secret | 12 +++++--- .../crocus/openssh/ssh.id_ed25519/secret | 12 +++++--- .../crocus/radicle/id_ed25519/secret | 12 +++++--- .../crocus/root-password/password-hash/secret | 12 +++++--- .../crocus/root-password/password/secret | 8 +++-- .../user-password/user-password-hash/secret | 12 +++++--- .../crocus/user-password/user-password/secret | 8 +++-- .../privatekey/secret | 12 +++++--- .../zerotier/zerotier-identity-secret/secret | 12 +++++--- .../borgbackup/borgbackup.repokey/secret | 10 +++++-- .../genepi/borgbackup/borgbackup.ssh/secret | 10 +++++-- .../genepi/freshrss/freshrss-password/secret | 10 +++++-- .../per-machine/genepi/gandi/gandi-env/secret | 10 +++++-- .../genepi/gandi/gandi-token/secret | 10 +++++-- .../genepi/garage/admin_token/secret | 10 +++++-- .../genepi/garage/metrics_token/secret | 10 +++++-- .../genepi/openssh/ssh.id_ed25519/secret | 10 +++++-- vars/per-machine/genepi/pinchflat/env/secret | 10 +++++-- .../genepi/root-password/password-hash/secret | 10 +++++-- .../genepi/root-password/password/secret | 8 +++-- .../genepi/syncthing-gui/password/secret | 10 +++++-- vars/per-machine/genepi/syncthing/api/secret | 10 +++++-- vars/per-machine/genepi/syncthing/cert/secret | 10 +++++-- vars/per-machine/genepi/syncthing/key/secret | 10 +++++-- .../user-password/user-password-hash/secret | 10 +++++-- .../genepi/user-password/user-password/secret | 8 +++-- .../privatekey/secret | 10 +++++-- .../zerotier/zerotier-identity-secret/secret | 10 +++++-- vars/per-machine/haze/atuin/key/secret | 16 ++++++---- .../haze/garage/admin_token/secret | 16 ++++++---- .../haze/garage/metrics_token/secret | 16 ++++++---- .../haze/openssh/ssh.id_ed25519/secret | 16 ++++++---- .../haze/root-password/password-hash/secret | 16 ++++++---- .../haze/root-password/password/secret | 8 +++-- vars/per-machine/haze/syncthing/api/secret | 16 ++++++---- vars/per-machine/haze/syncthing/cert/secret | 16 ++++++---- vars/per-machine/haze/syncthing/key/secret | 16 ++++++---- .../user-password-hash/secret | 16 ++++++---- .../user-password-rpqt/user-password/secret | 8 +++-- .../user-password/user-password-hash/secret | 16 ++++++---- .../haze/user-password/user-password/secret | 8 +++-- .../privatekey/secret | 16 ++++++---- .../zerotier/zerotier-identity-secret/secret | 16 ++++++---- .../borgbackup/borgbackup.repokey/secret | 10 +++++-- .../verbena/borgbackup/borgbackup.ssh/secret | 10 +++++-- .../buildbot-worker/worker-password/secret | 10 +++++-- .../verbena/buildbot/api-token/secret | 10 +++++-- .../verbena/buildbot/oauth-secret/secret | 10 +++++-- .../verbena/buildbot/webhook-secret/secret | 10 +++++-- .../verbena/buildbot/worker-password/secret | 10 +++++-- .../verbena/buildbot/workers-file/secret | 10 +++++-- .../verbena/gandi/gandi-env/secret | 10 +++++-- .../verbena/garage/admin_token/secret | 10 +++++-- .../verbena/garage/metrics_token/secret | 10 +++++-- .../gitea-s3-storage/access-key-id/secret | 10 +++++-- .../gitea-s3-storage/access-key-secret/secret | 10 +++++-- .../access-key-secret/secret | 10 +++++-- .../verbena/nextcloud/admin-password/secret | 10 +++++-- .../verbena/openssh/ssh.id_ed25519/secret | 10 +++++-- .../root-password/password-hash/secret | 10 +++++-- .../verbena/root-password/password/secret | 8 +++-- .../intermediate.key/secret | 10 +++++-- .../privatekey/secret | 10 +++++-- .../zerotier/zerotier-identity-secret/secret | 10 +++++-- vars/shared/garage-shared/rpc_secret/secret | 30 +++++++++++-------- vars/shared/openssh-ca/id_ed25519/secret | 22 ++++++++------ vars/shared/step-ca/ca.key/secret | 8 +++-- 81 files changed, 619 insertions(+), 295 deletions(-) diff --git a/sops/secrets/crocus-age.key/secret b/sops/secrets/crocus-age.key/secret index f985bdb..0fbcdd6 100644 --- a/sops/secrets/crocus-age.key/secret +++ b/sops/secrets/crocus-age.key/secret @@ -4,11 +4,15 @@ "age": [ { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBaDJYWGc1\ncEZBRFh6QTRsWUE2VkE0N21lUVhETVllMWVhVE9yc0U4eWR5eAo4QkZsKzJkblJx\nSjZkRGxZcThmbkpUNW91bWRHdHplQmNXQ2lkTFNRY3NrCi0tLSA5NUNQY3IyOHRL\nc0FMbWRPQnhjejNEWkIvNEpuZzk1NEZzc1NISjF2K1RrCsTwB0aDb2e397kyWKX8\nJSKiGOy2P64eE68wufrSg/WJgkjvcklrzjmSnn8cIsme1hSOE5Bx8NxDAaX3Swfi\n4NQ=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBNGFLK0d4\nZ2JCdGdkYWd5TFpKNHpCODNCNGdYdzlwb1hzY1lQMzltV1cvZQpML1BJOXU0UUxo\nUnBGb0hSUG45OFovWmQwbzhjK2Y2MlpCanE1WDdiVkhvCi0tLSBGWEFRa05FM1RH\nNXdpT0hBK2JFU040UGdhWTVkcGxYV2p0SitHencrMkRVCsneAeYc6WjBDpM14O6x\n/Ru/3fh8zl908fjqcrr+UPaIXLD/2r7rgzfUGIROrWJwh8yos22atAWG4O0UGQQa\n8Pw=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZak9XUkRQMXdyU09tUEpH\nZHpVdnY3VDJFeUlRZlF2WkJzRGlTdXJyZ2dVCkNnUklBR3NFMDhBRCtEUk03dXFI\nU3ZhWEl2cnpGRS9YNGNicG5PdFBkZ3MKLS0tIGtBQldReC9rRkVMLzFOZnRkSE16\nSGZySjhRUHRUdDZyUkFaL3hrSktBQkkKsawv3QsgzG7jkh0km/v1wwKOsj9T7u8D\nFOSmrZ3Vadn2RdO67UqUI22IFrHPmbzb4vXbnqkNza51LwIIzS4IKQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUQ1FwSDFQZS93UUNUVFIz\nVUNjMjVQTUpQRXRaRVNJZzVCYjV3OFBFY1Z3CnpabE1CRm8xV0VuWm9EaU5qZ2RT\nb1FBUEgvcVN4RE51di95b1hiT1A3QTAKLS0tICtOWDRqbElaajJ0NDkzS1YyanpC\nOHdnMHB3Z0pRWEtYWUpDUjJFaTdzRHMKUg9bfInt/5mSBhVOhE99yYTsCXZ6CHjd\nKeu/K56gDMa93m4nPVubZjD7p3KareDRSjMW0/aY5Mf2QnY8nlk8wg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBbVFINDFx\nM3kvSEpqYkJHT2FFN2xORFYyNncrQnBZcWRIWkd3YVJwUTRuTwpQYlhtWDVCTllq\nK1NLeC9TWWtYd1VMNzZFLytiZjVNV1pIRk9VcjdhNXV3Ci0tLSBya1h5cDRncUJS\nU2NyOFpzWW1ZS3EvdkthRkxyOVBTdG44K1g3QUY3UzF3Ch8tbkMxoiee+PKYxAQu\ncdybSzHGDDhY9uEsFAycFDx5GLybVQoCxo6JxC9J59koFQz58WaXT2pKqo0mMw8r\ntCA=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-09T22:28:02Z", diff --git a/sops/secrets/genepi-age.key/secret b/sops/secrets/genepi-age.key/secret index 96d5379..7ee1a24 100644 --- a/sops/secrets/genepi-age.key/secret +++ b/sops/secrets/genepi-age.key/secret @@ -4,11 +4,15 @@ "age": [ { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBdlpMWHpm\nK1BIZTlUMWt3VnlZQjk3V0duY292VTFzdDh3SW95cEVZZkxDSQpJbVpqWTh4bGt3\ndkRQVTNTOHZNNUtBWWZFUExKSWdzYjUwVUtQQmpIRmp3Ci0tLSBIL25HbVZqUnAr\nTVl1N1YxUmMxR21KLzh2WnUzRnl6NUhkSDQzWkNHS3Z3CtPP1krW6lhiDLGK+Bzh\nXMddwvKjhaLZNAv/mOVOEj8vIgSxZYeoXFTcQXi4Ung9DLKirksEonC8+dR0ibLW\nxFA=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBcit3SDVV\nbUhnT2doYW5SK1ZrMkk4eHk1U3pKMnRQUGZnZ3NBck9LWGxzeAp3ZjRtczV2Nml5\nMDdYZGc3VUNMOU8vbXg5WTJDZUVYRVFiNDd1d1M5c2p3Ci0tLSBOeVora1R2Vms0\nSmhpTU1kM29MYlZ1Mi8zYlZxSmF5dkNLc3N1RjBselNvCvfEkfg+xXIR+M+xlK7r\nmmDG7DLm5v6v31Jthcn36ORKHBS6256j/mteMO8ftHwMwtvw55lmDWkQrtFuaX/J\nz5E=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeXpobUVsQklubkxGcmo4\nOVFZZzcxRkhlbEFOV3lKTC9JMzY1bGxlRlNRClJ3bmNlMWREQmREZ1l6RXl5MURh\nM1FCeWozQzlTbGZTT3NVaHRPYko3VmcKLS0tIEFFeWFHMWh1Y2t3c0FweWZkQTRj\nS1RtU1lFSnhBelFEaVY2V01TSXdoRkUKr9BqCnMRt0Dk3AnAQGr7RyhCTQurnVm6\nCG3u9Gozd/q3jPdQtor5negpb6ZfFY3Snnb/2+4jMS3GkYk9UEC3pg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHejRPeXJoazIzd2xHZDBM\neEplanpuOFAxQ0Z2djRQRXIxcDJkZ3IxcHc0CmtlMGk2YVdUM0ZpZjdCQS9JcVFa\nTnFQV3RjbUptc2p5NnJEOGx0SVYwNmsKLS0tIFZlcXE1amliUEdBQVV3WDhobnpx\nNUIxc3ZjR3QxdlBQeXFZcDNmQlI1WmcKBKsLCbVVeyEy+9vNKOPjAruf8AlDzvat\nWjUjRy3YyjTRiRINaZz/7YOzcr0w14Jo9+GMBF/gX4exXtm4p0KPDQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBdXRFSlVU\nSlZIcyswckQzMXN0Qk55K1oyZ0pnREloYUZmM2VkSFhscUdFSgp3c3FWbDV3RWhB\nUU5oQTZOWFVVaU5wSHZiVUVEd25vekNSMDdVeEp6K0NzCi0tLSBMOFVSMGF3eEF3\nNXJrQUlIeG56Vkp5a3FjeFV5WkZ1eUtvQUV5bW83VnpjChSpqwUxZqox60+TkzUk\nTuaGGABkRDyyy+rL0jkVHZvh8gfF8WAe5M+TXHsXMHBN0XDhCulLKgXDkjiPDAtO\n2uA=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-15T13:43:50Z", diff --git a/sops/secrets/haze-age.key/secret b/sops/secrets/haze-age.key/secret index c0a6866..e559dd8 100644 --- a/sops/secrets/haze-age.key/secret +++ b/sops/secrets/haze-age.key/secret @@ -4,11 +4,15 @@ "age": [ { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBdDkyWjZC\nR2hXc0N5bFg4NGdNVjZKM3FmR1F0VnVWMVU1TFJRSStOQkpRVApNMDJRMDNQT2JN\nSkJURWpmM1pkUXdERlhWdmJFUktjL0tEY3V5U3FXNEdRCi0tLSBDZXV6T3FqUEtu\nYTFkNWpqaGFzQzZMdUJVWU1hRm9GRnZaRXZyVUJuZ29zCs66ikoy8a9NXwrQ78xt\n+muQmtpYSM6Xztpv8lUueeeMpe0cFuhU4HJeEWoz8LM8KL/zYLIF8YZuQcBWZnNN\nPhU=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBK1VnY1pu\nY0tJODhZSkg5aEdKangyT3VFb2pYZnpMNklNTmJYZzdVOGdzRgpzMUU4Rld2eWJp\nekNobGhES0VVb0tjbEVQb3k5elptR2QvMW1WdzZTVGdvCi0tLSA3ZC8zazF6cngr\nS3dzSmtGSks4WVlTRVB0NzdtcmcyTTd1UlFTcTJrdlpjChpFftWShZE5WfA4s2IJ\nYB/0ybfkJZ/PZwIaTc2LjLv93b+/XwHYqqfelbm5Xbzk2NP2zAkgHez/gAo20LCL\nQVk=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTVmZYQnlILzJEQk9QQlJv\nRmtRMHBGei83L2xZajlKZHNsWXB5KytoSzFzCnppRTY5TFVONmZkVWVtVDd2QW0r\nTUROMTRVUGNYV0diTThnU3dXRjVCZFkKLS0tIFlUaVY3WUF1cFdPSDNWM1RKb2JD\nL1pvaW5PbmQ4RjBtc3E5WUFBbE84RXcK/PO68a4h5f3I+LNkqPsP+tExUsXqu5Tj\neKrE9WkoIlaX//5qIZPgtJjtL+hrMidmtNemPNsvNEIdxM+cHpDmjw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5QWxTdkRnZXViTTAycExQ\nUUx4Y3lRN0p4YllXLytnVjJYKzBEWjF6WjBNCkFBNVh0UEpScjJOejd2ZlNqbnhD\neUpMcW96cENuQmdRZmxFcER4WkFQSFkKLS0tIDZWaUFGYVdsbU1JSnhVTUlXK1Nz\nQy8vTU5MUU9tT0pwMEFBTlF6ZFdEdmMKCxfeNF6659103amzoWkAQrrZ23zOJtc2\nBGa6jBLsjfNIBRK0m/IJ4ixmwPXbAU/KsYkRkvM1WlUjWh6x+yyKnQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBbkp1UUpO\nTTZZZG83dndrZU5UZXRUTVpFNW9mY0p1N2hzdjVSUUdaL1JVUgpmMzBKUzh2WnlX\nTHQ2RHBKS2JGcEhCcHdnL2F6YndpNDNIWmgyMzVhaEZNCi0tLSAyK05TTEZ0eXE5\nWjUrb1hiMWZZcVRCZWFDT2g5VngyMFp1bkxXT1hUQlUwCle74xvsWsyhgyvlO7GR\n9HMOZ6tOvlfptOXaJXFxxtlHsfC1oA51pNPAdbq8bR6d+cf/rO2nLEHYhgNjls4p\nyVE=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-10T13:19:30Z", diff --git a/sops/secrets/verbena-age.key/secret b/sops/secrets/verbena-age.key/secret index 3167d88..7c1e07b 100644 --- a/sops/secrets/verbena-age.key/secret +++ b/sops/secrets/verbena-age.key/secret @@ -4,11 +4,15 @@ "age": [ { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBeENLNXJR\nQ0ZuMWt5enJwa1pBRjIxRW9DbnExL2EvTXE2TjZGVWlNdFRaUgpFR3NhTWd2VHps\ndlJrQW85VTRwbWNpazI0L3VmZTh2Z2VveW9aanR2am1vCi0tLSBXTnVhTHRXSkFo\nMEloMjREZHNnRWhHMXZqYUMxdkNUblJuV3Q4TWhXY3NVCrtNWoNQ/zXaRodUrORq\nHdky8hUgavh89DcIZ9QeBIaNCuaLybrY4AGZaCWoS/y256BUx0m6oFojnWU45kk8\nkbU=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBZ1dNS1hn\ndUNMMm9PMEEvNW1WbnBiNitJNld2ZmlBQkphYzBFa1Z0bzJwZQpIeU9nSzY4bWpk\nL210cElrQy9PVTk0ZWtSZzAveUI4dlFGSjNBazd5NU5FCi0tLSB1alFvVEgxUDh6\ncGxmOGtqejFNMUVwNzZMeG5od0lPcitaWVF6TlF2QlhvClMRj078WFepyIPQi82b\n7GZ8+Wgel3y5ZfoUKZXFmpWqfYiODCdgBCduoovYY4vbrAsbfVun6VptW+Je3j0J\nC+M=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpK2t1TVU4dTNtRFY4V1c3\naW01L1dtUE9NVmg4Y0w2Ni9GU3Jaa3lIVGlvCkdDR1BjZkxXNk9kdFpPNWNxdVAv\nc0t3ckRtM3A0L3VYazd2NnduamdlSFEKLS0tIEthOHNqc2VIRmtIUTVnZlJsa2Vr\nRkZlNElObW9hN1drTVlVdXdzRThqbXMK9hwGAHPGnSoy+C43ZzTyc+9eNF16zNWz\nE7bLm7YxxTyAL6/A5VN0WlN6pPzPHza2YgoBX1yuZxSghG8vN1VHPQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXZGhSV1pTQmx4QktYRENB\nbVZXQytaZFNlU2d3RWlraEVwSnpXNnAvVTA4CjJCdHZNN0lTZkFVOVR4SjdOUEVx\nMXRqc1o5TldOdE1pWkkwR0VzemZMTWMKLS0tIGdxNXZyaGUrMzZaQWwyMHRKZGZz\nbFRMam5ITjN4cVhXcEVQS3Q4bGlYU28K5hopN2oifM6d/9/o3aQ0jS8K2TzXokVj\ngRP0c4NB6cI9TPqOaCAs90z1jIeOVB26OR6JvFH+m7WaaxAuu8rgig==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBM3JHMEN4\nTzJJeHRaUXI3elRuRFBOZDN4MmttRHcrclZxV0owWXlUUHU0bgpXZ3pIQmhRS0Rx\nVXFyOVo3YXl0RVRVM1NWNWFuU0VKTjZDZW52SXhtSFNjCi0tLSAzSXhVQVNCNDlJ\nZjNtRlJkS0VLUUhhOEtLaE5jWmY1a2t1M1Q5RHZCOWE4CoTQMd7TKqdwzo7h8s8E\nqc28aqzCDNzPodvGidySkBpm6hvp6fQfSCgIJ4kWO5G4yZMOSqZmbudymMuUau+L\n6Ns=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-11T22:26:58Z", diff --git a/sops/users/rpqt/key.json b/sops/users/rpqt/key.json index 82264d3..dd61c76 100755 --- a/sops/users/rpqt/key.json +++ b/sops/users/rpqt/key.json @@ -6,5 +6,9 @@ { "publickey": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", "type": "age" + }, + { + "publickey": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "type": "age" } ] \ No newline at end of file diff --git a/vars/per-machine/crocus/borgbackup/borgbackup.repokey/secret b/vars/per-machine/crocus/borgbackup/borgbackup.repokey/secret index 30c867b..d554869 100644 --- a/vars/per-machine/crocus/borgbackup/borgbackup.repokey/secret +++ b/vars/per-machine/crocus/borgbackup/borgbackup.repokey/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:MAHsxuyGYvrW3TwjlT2vDOgPk9yGB+anSgh8CvMcGxiKqLY=,iv:ZnDMkunnprIa0wE6sBwIJ/2Pe+xvp5nlRYb9Z30ya9Q=,tag:PzzgVju59Gacy+oB9yCPEg==,type:str]", "sops": { "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPV3RaOWZkczN5MHhvRTdk\nZjJWRUNGNzFLSUVxUGpCZjJ4cUZ3aDU2OEJrCjNYYm9yUkJPL1hGZEpSdnFIS0R0\nWlBmbVVuRS9OSitNMmtiM3JLcVZtU28KLS0tIDBDWkRpSWxVK2pvdm5xeGtRRDli\nUnRiQ2tCRGs2UndsWW9KYWdocGpYakUK1WFkf16tMEE7JJcrU67TdFfHxOo7eyr0\nBpNye/Gob3+zPuWUz9ugFiqPOMXfhMVoxRFgzXD5jd7xM7NnP4fmlQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBcjRJQlY5\nQXZnNlZDQkIrMExYY0hNbFFJWHZ1ZmdkQkZ4ZVVIUWNGY0cvcwoyYjFrQlh5RVlK\nT1d0N0xCYmtiL2owV0pESS9Ec0dxNk5FSE9yRVhXN09FCi0tLSB0SHF6VERRdmRP\nRHVHbFRWQ2UxV1BneEpvaUlaM1dwR2NtZ1BPTnUvK1RvClrQc/XOBZ+FtVCVM6RK\nLXl7bCkZay0tS+QmaSEUC5wsEyY9UVnFISDAGFzT1h7C85gO97y7G9S4V/cjAy3g\nDyI=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBcGxGQTE2\ncmJWcjR4V2w5Zis2WGo0aytFbU9JZ1NkZzZVWkorRVg2SHlTRQpWMEdRRlBTNUM4\nZWY1TEEzMnRrVEhWcU5NNkdWWWFkZGxPay9BakJ4ZWdjCi0tLSAxb1Jhbzd2eUw1\nR2w3MnNMSDJTc1lhbzAvY0FsL2hXaXRZMWxTQmJaL0hBCltKw9Ex0B4BGVd1E7/a\nMKHXT7wEvlLfrfv2sBo0MAucnL3uCUgiQ1f+DQ9cGXwPuTBHCimCBRwkSh9VpVGy\nVF0=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwQm1BcUx0WE1WR0hxUHli\nRTBPYjEvVDliaDlmQ3Fwa1htM1ZJa2NCbEZVClphRFd0S25HcUdjNThVLzdVeE5T\nUlY4dHRYSVBYWGllNmFNUGZHMjE0dXMKLS0tIFEyYUc0WXluWS9KOEVhZkVoY2xU\nL0Z5ZjQ3a1MrTkt3bnpyemU5VFNKMFUKRXpcugqSUrbPVH70VTHaBIydawFWfB3W\nlmCjgYwvmwqwJdXYRc10gGQZYuvpqkdlS9ZPuc7+WVdXw5w9KybBOA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrTm1YYjdtQkQ3aERKU3hx\ndjg0b1dacVo0N055VWM2MmFGSmlBR2tDazFrCjdKb0VwQ2ZrbmExUDJFRTdCNCtu\nQ0pGbWtDeW1lbFZ1NjJaMXNMRmhpVVkKLS0tIHJCUGFYM1ZzeGVVWmFFOEYwR2Uz\nVDZlcFB1UnZYNnhLUEdFZjFXMGpBUWMK/giok2vHTK+YvkGj858pitrHKqJbrq/g\nmsof3z0utDBH8owfHMV9hB9pcE8qtP1lqkK9r6BfMMxrx+kilnC7KQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGWGF6YkpqMWFOOEhZOEtG\nUE16OFNyN0hGcmgwYVppK3lWbGpvM1J2NWc4CmxqMXFxQkFVOW1zWGd2K05GR1hn\nTU0yTm5CcnVTaXVvWnA3UlJ2VXpKQ0UKLS0tIEhjT0ltbEI5VUVzclQrVXozRWpZ\nN083clA3VjQrQ0d6NmtsV1FiZ0JORDAKHS+VmVFCPr+ze2b5HKBF5xUIBF9P3t+e\ntKftbTBWx0b80vURVbgDkEIQ3fgho8/1E20ZpSuoB327V4ARC1Clhw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBME1yQlF0\nS1FrZllxcWJJbEkwV2VrcU42czVsNGowSWc0MnRyVCt2Y29DYgpmaEVIbGVOMHlZ\nbG1YS01tM1Q5VktNQkYzTVhZbTRPYStyNVBiSFJwbkwwCi0tLSBzVkJ2aGdUZE10\nUlVPL2NxNzhmbUU4MVRFZ2JPd094MXA3dEpndFg5bHd3CkrExz9N7/RGV2wMfTLa\nqFuOKYJyv+/9cUEIrzutKk+fRuuptdXzlAHApFqeZ1OxM7vynJV5UbrRca67auGY\n7Gk=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-13T21:59:48Z", diff --git a/vars/per-machine/crocus/borgbackup/borgbackup.ssh/secret b/vars/per-machine/crocus/borgbackup/borgbackup.ssh/secret index 94a6e8f..eaf7faa 100644 --- a/vars/per-machine/crocus/borgbackup/borgbackup.ssh/secret +++ b/vars/per-machine/crocus/borgbackup/borgbackup.ssh/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:aSXmIj2w8UY+e2JT7S9cDQT/Ga4LSDHHo/lMUk2ICs4I6GlAW9p8DcF5pDmGfu8UYB9gQ95PDn7PJ28nFDovGVWb8N7jq5NZIerOh+qi5/7Ajzv7ohOj32tbIoLzhRdMVvvISs3IBeY5jrL3eSaAHBddGcLOAOBw8v1h5xhQjn5Jg4pwyMLvUMrd6mfIyYQNpw2ifgnKj6eOZ5+FAZCpiv5uECip0X7MOdXsRIf3QTV1r3KDB7xydjew5UoYezEktTVJOxWyZtcxcOnY8LEQV8JMD/4KDQY8SC++bdKfOPbNrKuW/7/o2ngRl0noCHHZ+QAhqcg66/4YGE2M5wj2iQcRABAlyK16u+MDn4gVKPnn8vcvTc6UpjkFXeDtEKtHgzwjZIIMVZTJYIFbqVMAOJ8AvoxW0P7CC3/no2txPwO5JZLroGJW9ZjV2pMVKJAWOfbuUrfS8Kt1TkkYexdQF+YQYl05EGq544lCPX1vhcLoe58dpiERwHWmFw+m9KlnbDbJq8qWTAQP6goVI0tQ,iv:zmRdhVyp7QClbVF0pJYo8aDn9CY+XHDIzmgwU9tVr10=,tag:BKlyQ2/kzOIjBNwujJA+CA==,type:str]", "sops": { "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSUw2MlRBRjBsNTI4KzQv\naE85c1ZQU1NXWnZ4d2taaklhNmJOM3BJSVM0CkFPMWt3UTUxcmFlNWpPVlgxVG1Y\nL0hxTlY0Tmg0S01pYkFaR3dwc0Jtb0kKLS0tIHltL1FNekJFUjJPbVJRdzNheVNv\nOG5SSFhUM2lzelV2aWVSMXRaSjJTUUEKCQNA7zTqd3NqeDxfaKPoBCbgOda+qnIF\nuOdNFADV7LCCpUolBUEofhEb+azGpnR87pou93QRaiXCrj9QGQqCTg==\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBZ05tZldw\nY0QrMndpRUpwSlkzeHBFLzlmUzVkaWo3UTc0d09xVlJRbHR1MApvakdrSEdsdnFW\nYWEyYlJrZFpPa1JNa1lEb21jVVNvQkQwaDFUQlFTUkdrCi0tLSBZMDh4dFJzK0pV\nckhZOVp6ajR0ZlNjYjk0c295c1NEZU9YRGpVMHVKOGtFCjN6S+Vh7KrBxZu8Ty3K\nEf7Bx9LJvFBGj3Gm0J3rA7XXqTLuP0URfLq7eSSRoC7MAKjITEcRJdmkCYHn9nr0\nUY8=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBb3B5OXUr\nMjE5K1VGM1Z0eEZxa1lUc3JpeTlXaHFhbDFzeEo3NEs0MmkwbQo3cE5TVkVmRGZz\neHFqNWFXcHdESVNPTTA2eW5RbzdyS1NaRSs1YmM2U2NFCi0tLSBkL3c0S0Y0OHB0\nT1piNGlYV0NvVjI0NkQzQTZoS0VzemJ2UmRXOGZCZTB3CgvVFBgMv+1FhBiYVPJZ\n29zfoYYIoHpjUU4pahjtgwBivSZy1Md/JV7AlWSz0zjyzWWquWyPyCbc4CRcc2U8\nTps=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0RzA0U3lua1dub2FhQmov\nYVVLSEVMc0JIbk5qbXkwODhpZExTWUZ0T3pVCnFmUkY0V0hpaXoyV2hJZmVXUXM2\nUStDWlZucENDSVFpbDVSWEtPclFZb28KLS0tIHRaQWNSTnZOd3NkMzFGT2E3Y2pk\nbjFMQ1hpOHB0dDh4VDhuVFBJbWxGNncKTW2tsIsSqRyCEUrAaDmFsTfb7OJvN2Xj\nmmWOFsJcbN4KOwHeEDgfLLTqH27fSjNzzySWbK1Ly8DTJZugU1DUPQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlOCtOSUwxbllMNkFvNVl2\nNGYwZ2x4TUVlTTBldjdJMG03VSs4TGY5L2pnCi91aWNnZ1kyUUZtK3hxd0ExdUFy\nQzZIcm1MMytzSzFyWlFnNnRKSkYvbW8KLS0tIDJBUkNRQ1duYlgyKzAxcExSZWJY\nUzcycC9Nb2pqWHZIL0NGSXFxUVBGTU0Kf4z8CV6hph0fl/te7Vvq5IGRTrraFufn\nvdt3bo/g2ph1O7TV6Yf7wUGmstPsB7ssH/byANTI5zrab0tgBqcm1w==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRMVhZTm5MOUJYTGp5elVM\nTnFWY1VKOUVsdnJNVlhQSWpHRnUzYzFZd3p3ClZGaXhjTmxXK1E5NjBwY1lseUha\nVHkvQ3IvZ3VUVzJhYUxWMndsd3EwNkEKLS0tICs5UGFPU3FHM01nVUNxazdEUWEx\nUk0yZ1RxRC85MG91OUJjdDlIVzJsbmMKFRB3gcwic9AgiDW87nPweI+qZf+iJsvb\nxaZrfOHYM0HF94A7pyZQpB9ipY3cteG8h/CxUOVb61qkFiQbE34h4Q==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBMEdBV2tY\nQ2p0M2gwVVAvaHpneDVUVXh4dm90YXNJdWlITFlWSUdNK2ZQQQpjTVI5dDVnYndY\nTnlyNGtSZVlWaGNmOExvY2g0cnNLWTVHYUJoN2tWQkN3Ci0tLSBYVHJmODNZRlpC\nVlI2Z1pjWVpSQUZOclU0VmxZKzM4MFVwRnNkR1drdVlFCraqEY2PYM59CpfILN7d\nCXxvYvAxXSlu4Giz6crAzHvAxq5BdiITRIw3m7st0zlEsCVOjjsGKtsQ1VDhipGE\nYbo=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-13T21:59:48Z", diff --git a/vars/per-machine/crocus/gandi/gandi-env/secret b/vars/per-machine/crocus/gandi/gandi-env/secret index 277f817..8ed6085 100644 --- a/vars/per-machine/crocus/gandi/gandi-env/secret +++ b/vars/per-machine/crocus/gandi/gandi-env/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:diQ/PXOEug+tCpSPJaOqW+RY+jS7/UTHtehMJY9uu0pAr8JPTptPbc9GvHHjfIKfq2+me1Ttb2lUTDPnQuujFXIcD/Oj6Q==,iv:5Sq4geHzXrs6HKCk1Z1axEIEe1BVaH3zJXbFHirCYBg=,tag:BoZQd5hRbo6bXtl6X59lrw==,type:str]", "sops": { "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrQ3Y5UjJVcVhaWUUwaklS\nK241U0x1M0xyd29lRGJRcWFtOW1GN0pKeVRjClhhempRRlJwajVEZDg2YXJFcDN3\nNEVSdng3bnpFRjZWQVQzRzNkUDlSMGMKLS0tIERPeVN2Q2VnelFzSHZUdGo3Y1RM\nSTJIZjBjVGFZMlByZkxFMTZyZmwzZ2cKRXU2LooeDPC4PSJFpYsLRIuzxKl5I6DM\nXY+Wmo8ffNNXzYfc7VeVk4NVwVPZQcqVmebRypYtnvG3cTejxG2H7A==\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBMWZQTFZF\nRXg0N3lxbkR2TUI5dWZieWcxTlpkY3hhMXVvRnkxWncvc3ZqVAoyb2hqYlNMc0hv\nWUJHeVUwMlM5SmlhUW5kQUxLNGFvMXJmSHN5QktrQnZjCi0tLSAxb1dmV2tHTmFE\nblNlbE0yaEsxSDRDSEl5alBDOUlCdlhRSmQ3bk5mWnp3CgrLMdzHKHcOs0Mz6Lq4\nmUxguuAsm5kYAwk9oXoUcxOKLWpLYNYiIKOCEIZKrxE0DO7h7yUsT8PSgwJ2mUIJ\nDa8=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBMnFKSFYz\nM1Bjc0pHd0NaSm91aTVSZmZFQTQ0MnJkVXZsUWdCQzEzd21BYQpxSW9wZlRmb3Bz\nSXRHSjRtZ0VuMWU0cFhGeDlwNUlqUVljeXJoU0lkSFdjCi0tLSB1V3Ryb0hGZ2dL\nOEN0ZTlhUTFHVzFkYXlGS3NFbkdKbXQ1MC9CWWNOZEhBCv0q2eUDHsUO50MhFTtX\nc/jv2delDYJpW7XClMWnvVZQjR0O64dETJdwX15c9hxcCCS/5zUt7xktVre3P64x\nnfo=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFZStjZjFjRE01R0RiM2sz\nNmI3YS8yODdIVEtsckpsS0JneHZLVTZEUUhzCkpWaXlCNG5WUStPL0g0WWtjcW1t\na05wOUY0dlJ5dkh4RllnMVdILzRUeTQKLS0tIEtJbmhxN2JML1hhM20yRDh6MENV\nd2xJKzJCL2FoZVlzWUx1enR3aEhUcjQKpa9biUFTLFQ1RjLozwjOnJwDLjBIQYKz\nwssgPhRXhlotlhvcMyj/FJPZ/NHu0ws/48oEa0Farq3jKlrOOGvScA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAybGRQTHlDMHB0NnRZbVIz\nekczKzBRZk5iUDhlQlZBMkJ1S0FxMjdqVlc0CmY3Q3NQRTV6Rkl3TWx5T0RMYkhs\nYzFjVzVNMDBuc3NuZWNzK3cvdm16NkkKLS0tIDEvaWNwQVRwV0NxbEJlcWc3NjEz\nV3RyMVYwdHRnQVNXeWxBZkNYQWttSEUKAMzWjimkgPgxA9Ctp4UMMhdeWi58iAJN\nKQwwN12GeQoII5ZQ0GcfPR/5j3ehQl2mMmoqcxc5UqoeS0U1tPjczA==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2VE9CSE9uUzYySkVyVnFZ\nSHJMOGFSUTArTHhLR0tyZ0szZ2QrcUhKdFRJCnhHeVZyaFJkUCs4MjU5SFBHako3\nWjlKak5oaFVpRHltNU5rcGhyMGMvTFUKLS0tIGxUTmh5NllBY2NiMklhNTBPeCsr\nbmZLMzh5Y0IrUXFjTFhPZlRrdUxHWG8KLvXg2AvLHJ/AvUcrtZdE7xm5ahRXvRBK\ndvA7MKnmYUoR5IEcQkmUbx3sxxIJv9RtjBcpk9T3jy9nv1mf7gPxMw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBaU1zOXFU\nV0hqVXE1K00yUkFzUjdVN1RYNWgxYkxTNTk4Ry8vTlpMRnhyQwo4N1YxbXZHbklL\nMnFZRHBhNW9PUFlEN3dRRmxyeVlVaXBpdGZVYWg2cElrCi0tLSA1WFp0b3Y5cDVv\nZ1F2U0Y4OVNhcFlrOFRGOEpiRWlOTVV3bnFvbGNLMUJzCgUkSUQIlfXLdyFp9+YT\nvJo+BM3T0Lk9ZhcNy05PinmYorfzZdd0Eb2zZHp5amyuV3JXxjKuJhspB6wP1GYc\nfcw=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-11T20:41:34Z", diff --git a/vars/per-machine/crocus/garage/admin_token/secret b/vars/per-machine/crocus/garage/admin_token/secret index 302bdce..25f1ea9 100644 --- a/vars/per-machine/crocus/garage/admin_token/secret +++ b/vars/per-machine/crocus/garage/admin_token/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:pjAzrkB59+DkMEnFaFvClFvRI0ayxCOHdMK8datVmtWRJdDtWZquvFYYB7kq,iv:sSICWQ0rBUwfbS1bk1CEcHOfwA1CmXE93rD1lT1EAU8=,tag:9CjwsKSfjU10xAAzAKo9ww==,type:str]", "sops": { "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0eDhid0pjblhSYkcyb1p0\nUUx6QzY2SWRQVDhvNFZKNXpFYitUeHNzeWdZCjdsY09jQlpWMXV2emZOTjhQNk5v\nMmRmTVlGVDZqQ21EcUFQWGJtK1NqSTgKLS0tIFlmNTFJTHFETmpRTmE2UjJHaTVK\nbXlwODNDZ3BHK3EyNGE0UUpoOHBYcFUKNHrDq5tLe8fPIJ1C+ReWURECGqWDSU4x\nyf3m8SILjS8AEayTkgqcTxIpB/670zUWpxDGO+eYGwvTgkH4mCzS1Q==\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBZ3pOSlda\nWi9KeVJZM0dOSnZoWlF0OVoyTDNkbnYvTEoyaVlpZXBrTS90VApHbUxxR1JmOGNG\nQWNIUU1ZNk52cTU3V3UzZERiQmZqSmRKbm8vWWhieTF3Ci0tLSA5NTZQMnlOakov\nWTFNWkhXV1UwUDZKQ0xidFhXS2JJM1dUZFk0NytMc2NrCutbDiPQw09FJsD+dJub\nzTYzyyCEeTGtOd+fzRJ0CdqiFwHxZMhhn/r42ve1dVYV8MZKuL1pEIhSJnTP0xFi\nlrg=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBN0pwNWo4\nZjB3ZldtTVN2ZnVSME1iYm9XKzZSbVVnWEpjTmhZemVBWVBpOQpNT2FoUVEzTFFz\naWJqWHpaSk4rYzI0dGdxUm9aS0VxMnZrSzVPVHcrc3J3Ci0tLSBHdkpPN1VTSllh\nZEp2NjRRVWxFTGJNNjl3aE93Nm9wSndKNUtVR0RuTzhJClJVTVUqfClk4krjSSRu\n1Yu0x0Es3UdtDXUjcNkFSuskvM98YJWtt0A4ptt5TSgaLDvsY+RnUE+XLA8aX6ku\nkbk=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrVDl4U0xObnA0RDd0MUpw\neUhrTmpIREc0Y1k0RlN2Wk9BdU90R3FJbUVjClMrSGpqSEJRM2w5Z3pKUlZ1cTR3\nSG45V3hka2NrdlhPK3JSRml0Yjl1Q28KLS0tIFBlWlFwbnNENk5xMHNQMmZySm9x\ndlAyTi9EY1pRMDZpYm0vMGNob1pObjgKwKKGOp5OvX0e5fT6ToV1NfJIs5Sqd/tU\nm4uiAv6rOnZPYAI9hH7sHwdJIRGkQRLNU1y5a4QqlyOujlnnSB+VrQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBleGdhSWVuMnZTRy9NSVh0\nUjlNVEVsY1NYZHo0TnFqUzZYS2FEbUNhMnhZCk5HR2RmeHRtekcza0RLN2VYUDNa\nZ3prMnRVRmJ4QzlTdC9SbVhHWHlMcGcKLS0tIGZqd2FDMUZEWWZ5eUtNRkgweThP\nVXZDNW9XWFBjNTEyemkzZ2xDZFR2R2MKCwr7sqFliDt3MGoI1LkFjo9QmlMOR3hV\n/LTrJ/4jt5BAsM2wJLgZUdBjkzFCNW4kCi5PqfV86+Nb34xTXJW9FQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5VGM1KzYvQnRKcDdqd25v\nU0ZScVFtaHk3MjFZeU8rWnlQTXVFbnIwbUZZClZiVTZyL2M1RGZYbEpVOVprK2pw\nRWdYOWlRNmJ4ZjVxKzZVRUZ0dGM1RkUKLS0tIDB3K3J6N1MvRURCVEpYRWgrb0Fn\nS3lnVXk5QitxbzJiUnN6YlJvbncwTFUK2jD/+nfrYbeBaNnnkFvURPBe5X1dOawt\nyc75bL99DsP36ZNH5awXakh8Po0FbqGbH0EYKhVGz7162X+JFGwsbA==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBc3ozNVlD\nLzVIclF5Q2pzVVFQVHdybFFvOTNDaXJLWmltZmtEbFVsaU51Wgo5dDJsRFROa0Mw\nb1VzZ0MwSG9Bcjk5NlRUclYyanpRd3dNeXZ4QmZmbDNvCi0tLSBpRVA1Qm5sVUdh\nM0d6UHZlM21lREZUblZkRk1iQ0djZXJQaUNnT3hwN084CjJka1HD+xbkt76fw4Pd\nmk96YZwYOJmNGJGTX1ZS5oa2FXffhXuYtQj/c3uojylaP7G57XJuoJ1Nk6pSd2u9\n/Jw=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-06-19T21:51:47Z", diff --git a/vars/per-machine/crocus/garage/metrics_token/secret b/vars/per-machine/crocus/garage/metrics_token/secret index 589c276..cbfdf60 100644 --- a/vars/per-machine/crocus/garage/metrics_token/secret +++ b/vars/per-machine/crocus/garage/metrics_token/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:FaNG0ZX6z1Q7FfauyRwYCDLYl2KaupPtT6KcKGrxQ22yPIxW7htzkZzovwaV,iv:HLxunFnpgmvpVpyet4Og86R22LQ6os1lqzSyV9/E9J8=,tag:QjKKuJcG7SzxzjDmlSCHBg==,type:str]", "sops": { "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqZGtqMDFHM0VLVnhjUWdn\nK0ZqYnJINUF1TmNLN0N2QkQ2S1FucWVTenhrCnh0OTg3eWRCYkVEeTcxQzNCTnBw\nbVphQm9wTk92emRlTU5waTkrY1RsR2sKLS0tIEJuNEJUNjhGMzlrYXdVcjFudDhp\nRFpVNmdFRnBteGNMQVNQaVpmWVhRZTAKj8VdXywqeN+VEc6aBEYUSwGqPNhzCdyp\nl+ZnX/1Zq5EpalnpBjeqBFVqtXsXvYeBsDg/2RfZok4jaFy+vil63A==\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbmdWcXRL\nWGcwWldvUmZNSnIzN3l3ZVBTU2Jaakk5bytmd3NRQmFvdW1LUgpwN2dOOUcwMFFS\nUnd0ZlViZXBNcEx4UGxtUVg0VVZ6WHVMU01pZU5YNnRzCi0tLSBVaUdaNTdXamh1\nY1YzWkVOWFFwNUg5QzBaRzA5azc2TUszUnZsOFhoUW8wCqotTO1N8TAhfRgQEpEX\nO94LfkaA8JiF6ZzhMLouKRMjiRdLaJMhExrIuRzEEdkq3vQqXWg/VEL0UrdlJhm+\ne1Y=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBNjRWdXlH\nT2c3ZDVkcDlySHFhWlZkeEY5ZU9xYnZpUERITGJrQ0FuaHZMcgpobVAvUHJwUTNu\nQVhrbHdvVWQwek94TlNTZlpSWGhOQUV6QmRVc21mbFEwCi0tLSBjeHNFZk5JVW1N\nRHp4ZjlkM1RGM0NFU0Z6cUtSMy95azg4TnVpaG1KSGtVCqrX1dJRA7e66Py+ifW/\nUhzHZoPD4KB9EJrmQAgn7vMnFOIRwpam/Vkewe5ILv9uFl2SC49KI95iHA1AV1XL\nUYs=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJR1JVOUNKUVp6OVhLVW5B\nOTZ5ME8xZzVGT2orQ0ZiRmFrL1FFWVVkU1ZjCi9wcGZvNGIxWnRudmtzTGNNWnFS\nWkNzei9MV3V2Z2VXSHkxVEZjUDE4UW8KLS0tIFJpTE5vaXdJd2IxdHEwa0duNURQ\nekUrQkZtZy8zSmlYaG41TUk5ZDVmSDAKa/TiIJjJHG8GlPoNWJeWJc8YUVpQYnlM\notPV6adoJEi7xC6QPAHerPXE0j6G84GXC6sVY91dZnV9DEB1Hprztw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0cGw1ci9NZEFxZFlVc1Qy\nM3VybDkrNFVLZjlLczlaUzFncG9lZmR1SUcwCjh3NFh1bTU3dG5HdmtKZGh0QjFn\nV3IzVVpHYjhpSDNpc1RyRUJ4cDR3TFUKLS0tIEpCTVBiWUxFS0MyRG5CM2FhRjFE\naEJBb1RlVHFySDZ3NmxWblh2MGFZQVkK7zxgSkhBrQZUTnGB13XfLSwgdwcjyyMh\nDKpMe1w4j9m45B7k2lAhbweTuDEiU4RoHvXaXeTsZ26XFIMlwpwT5g==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhM2pkVHk4Yy9uSGpZcnk0\naEdLYzFjTDlHQlNLYjMvWnZPNFlRbGg3amhFCitjYnNvdkE0NWx2RHcrRm56azNM\ncGZiSUd0b2llTXY2VlBVWUwzN3NkQ1EKLS0tIEFzL2I1STFnaS9wcFdqWTZGSzdQ\nZ2lqaENmV3A5aWNvVUtDOWFtcWd1OHMKAvCPQJ/UexvmEaj6GUOdslBteLpNR0mz\nTx3vtzA7KODzDYLguIR2DBxmKydiVYGugNY5mGdQhtl/31lNtGbqWw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBOExKSmtY\nYjNCcmJTZlljM1J0UUk4U3BnWDFONmc3bThxV05GUWx5alhncAorZ1J0czQxTXNl\nemhxZXpoYzJMdnNaM1BKczJXZW9RaXRVMnRKd2lHbGhRCi0tLSBjcWFhS2cwUGZO\nRTM4UnMwRjhrMXRmZnNzVkh0emdwazZvN1Q1QTlYY3UwCihSgclskDvQxfoA9Wnx\nagmLiceD3owl98ug3ZxN2x/wrjv9+44SYaNrI2kkim9Zp+4o0kE0qBYK9zeSsEHD\nMTc=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-22T13:51:53Z", diff --git a/vars/per-machine/crocus/gitea-s3-storage/access-key-id/secret b/vars/per-machine/crocus/gitea-s3-storage/access-key-id/secret index c7bce2f..a90e341 100644 --- a/vars/per-machine/crocus/gitea-s3-storage/access-key-id/secret +++ b/vars/per-machine/crocus/gitea-s3-storage/access-key-id/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:NB7f+8tGLTJACgHqRzCmvfq84A1wY3gdsgA=,iv:2tNgNcKOpqvvd2ULSSOQwpGbU51uovLbXpIRElTVM/w=,tag:3WBlU9rN5mP2o5/N5ijCZA==,type:str]", "sops": { "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJSEw5L2RxNTVpK2FEU2g4\nSno2S3F1NXdRTkNVWWcvY2NkSEhGVFlBVFJFCmRObDRkelZVbzFPRElxNHJBcXkz\nSE9BaFZwOWtrZWIreXJNZU9SL2YxMXcKLS0tIFJrbFhIVHo0azdGa2NxWHFoMW1J\nUG1qSzNOc3pDbTkvNWZRM0FzMG9pMnMKhDvWGGa8TjLSuGxyuWV40gvuXbhx2iph\ntSitGvEh3UExpK4s61vblne4tv+xBsjX0h6KSX0Ip2hGIodThe8nsQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBK3dtTW9Q\nY2k2WklwZUdSeVdvWnN3ZG1sdjR6dXBHcmUzUFJJMTJjcEJrNAp6bnplTXNTdnJv\ndG9Cekk3bW9qN3crQ0RocWxvN1BuWll1cHlJUWNHU2NFCi0tLSBJWFArZGdqTlkz\nQUp1cVhJMHVUM1U5QnIvaHF4eU9xQlFUOFZRMHU3L1FBClx02ankEXuuh0gkAsNP\nx9pycCLRiIZfQIv1OADGMBVXjOfmV5BA9ONlgA/TwhPvHtSxQGjiwzlzxD+TWLvb\n8Jw=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBc0RIQ0x0\nbjgwU2tRSUNveGZMbUdqNTNmN05KVEpqazVNSWZKdWo5M1IzbgpNZE9QY1hUUE1N\nc056NEY1SEdTZmNhNUp3M0xPaENzWjk2eEJPcFRhbW00Ci0tLSBxeXNRUzVIM2RM\naVVDQWt3TldJbFdBdVEvM0c5MEFDbDdyamlEOGd0cXJrChGtzCSSTwjWIwZC9/6w\nBYYpHyVrU/i5cqLvWAv9ZT40cNhNUmFWk9tg3BFoFPFJUxDcCg8FOIQaNn2Z4PR/\ncBQ=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQWnhucjdCWlczYzUvNjlX\nOXRjZm96OTRSQ0FvV2ZDZC9TQ0VTc0xkRmpvClV5MHBvUVlBYW50L0hTdXM2QmlW\nZ2lIMEdUZXhnRGhJRmhoRG1JcXJaRDQKLS0tIFZrL29zSEgrQ2xhSnFpL2hHcUdG\nQmNTc2hPbm5yTVlDTkdOU3ZIdXRPSXcKKtWox37/e3aBBywo3lDqH47hdjyiIMSy\n6xi0cePv7WBoCLddIRS5QDWDBX+iRadlvGZmkQ+0IGI91JLR9nzCGQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDRWRSWi9TemhlWnlWaC9n\nMUc4MWVBV0F2bkdaSWFsaVl1alYrUlhxczJ3CmRWcjE4R0hSS0R3SW1oVlFCUGFa\nczA0UzdPVHZPenVwalpwd0k5eFl4Y2sKLS0tIDRJOVNpM0ptTVIzU3p3TGxuS3Qw\nQTVWMDE5QkhCR3RiWFdFSmZITG5WTm8KUjL6xuP/yMPQTfvyhrBxEI+xE51ks1Qy\nZgXokrXGSmCIQtZoA+OVT4R5ogop5OBP3rXEZWfGxVFyFE7SqCexyw==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMQXNxWUttNFVNVk1ZcVc1\nZXJGOGhMNUNhcnlZdUxISXdhWW9Ea2pXTVFJCkhwNlZlK0FZUlB3VFg1SCtsczRF\nKzFMeWdmK00rQlBVeVNRTFdQZkRucFEKLS0tIGFqV0U4NXdOVzhLdE9mRFZBcUhj\nbFpRaUJzOFdZYktEY012SGFLUENJYmMK+MBYHpnLN+rwSbfAqZgcboOUotHge9t0\nZflR5otAyDR/gnu7tgAyKPcQjCKPNHlOOJRCP2YPRj05+CKL7kSH9Q==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBM0FtbjBK\na2RBbmFUS0ZXTDJtZGY3TUZDc1VJK0QxOXVzVHhuZmc2UFpEVgpJU0swS2JIRk4w\nMThsYlViSm1SUnFnWFFVQ2lybGRmNlpsRHp1Qng3WFFFCi0tLSBlYXNoemZlaFgr\nNHFDVm1uSzJyT1dXSXo3eG9mYzdDd0FVdjNtZm1DZVBvCjKiC+OC5uCTJJkFbER+\n7mkox8LdCsobk24tTDTVbsuyzjxKZS/F2L1NXA4FBc1Y428ceoNiv7JcT1OWweUH\nDnw=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-07-26T17:18:51Z", diff --git a/vars/per-machine/crocus/gitea-s3-storage/access-key-secret/secret b/vars/per-machine/crocus/gitea-s3-storage/access-key-secret/secret index 515f782..6199918 100644 --- a/vars/per-machine/crocus/gitea-s3-storage/access-key-secret/secret +++ b/vars/per-machine/crocus/gitea-s3-storage/access-key-secret/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:88a57QIAqnO23iv/l3a4Gkl/7ddX3vPFZV37VAgpCsobXntzg3PAAXCXUb36rDHwMZa50Io1jQNErJqed9J6Wg==,iv:1HJ1o7pKZU9XohgKL1j+DZzBMfEUoOwpHyYlwoRapD0=,tag:8Y8+VvXpJJibRyKOBy8vWw==,type:str]", "sops": { "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzdUtYN3k2VUtBVkcwOUdP\nQmlodUN3dWVYKzJLUlFxMnhyRUhTWFpHbzJNCmVDK0dzditSNW5TZy9JdlZYMUdl\nQjJvSkRVVEpLY1FiSC9BTlZUMkxabWMKLS0tIEJrUmRzNVpVVHNabVpzSDkwSnZH\nRENnSUh6Y0lqMkdzOWJRQmwrc29PbW8Kli9N5DeyDuf9Ueuiw2XrvW4OD1NRSJwr\nGxWPKzft92MjF/wrr63DmMWB2PxxBynlSqCXZnL/zbU9Wy6GesAdcQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBNG8vSEps\nazlYdDBLY3RmWVc0VmcrbngydXhlZzJrT3owL25MSjk2RzRjdwpGNjZUV0FlZUVH\nalJBcUhvSFhBQmZjMEI3RkFwUmNid1FDUmJONFhTSUQ0Ci0tLSBIS1VPdENEYWRB\na0l5WGsxVXZ1bzB2VUl4cUZxL2xQdFJKRVJGL0tBMTJFCl3ClgbUoWpJs7tChg3/\nwgS7vE26L++nNFyZ/THBpcguIZNUp0++lIsZUcLjUPd2IzdrGJJx4gdLuTj/BT1q\nNOI=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBNTltS25X\naVlSS1FxRmtRcFRHaWJIVVUvK2RrSHpYZzNuRVd6OWVqRUFIRwpiZGhUWU5UNSt5\nVVd0SmJBWlo4MzBuTGN0OFU1bWQxT09sZG5xUE93MVE4Ci0tLSBMTmFlanNyOCsy\nWFoyZWo1eU9JS3RRUlU5a0xGbU9SNEVSYndueTZtZnZVCq+i8FnDLkLV1t9QeMkN\nlhaB3cN1Q0CwWSAi/iCgIqDbA4q6PBrdQryrOnWyV3h0vFwMotuEEfjct9y3/chZ\n/G8=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKOHdNNitoby9pMHFsZ21O\nM0x1amJBQnk4SEJaRHEzL0h2K2dSMVZkTEZRCjZVcFFLeGxrd1JPTGtnbXhIckN1\nQlhCU2x3a21Zdy9PUHpkRHlrZGp0WW8KLS0tIFE2K1FaZ2FTWm8wREIydXJhUitp\nVDdtcFA0YUNRci9tWVFpUFFYMVFxTVEKly3KNceBr1capG5WLgSOITifFj3oHlc4\nZSDE3VPSj/b9objK1ezbXI30qKvr1AeIhdnikd7Pn53UYSVn8Y0Tdw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkWFQ4dlR3aEF1RUU3bWZx\nakxHc1ZqQjc1Zm1pSm55UlFTMzhyT1hUU0VRCldSaDJINk82bEgxWVptd050emVk\nK29iVEhoclo0K0k3NjcwZ0trWjgvaTQKLS0tIHkzWWtaR3NBUTQ5cng1cll0YXdh\nQ2VsUVlWbGxhN2Y2TmpscFFoMGtoRm8KgGimtdpCLdmPxLVCVRutCKRsZIcIUisx\n0RG8J51MryaQ0aO3LgWbOwQ/rjWvgORR/M0z8L30VhT0XhJLckKRjw==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBySjhpNk1PSTZ3WUdLY2t1\nSlpSMHozT0xkN3hjeUtYaVdXdkJCYnZNekJnCjRyYWpSR2E0UEJpWFZvWWxHUDVL\nbmZUZWIyTGJObGlyeUUwUzB6RzNpZ2cKLS0tIHQvNVRwZFc5bTV1czZqd1J6NEtV\nbmw0RUZ2V0tjdTkxMmN6WStyVVNqUlkKxjMf7ltxnTes6yutRP1qXP29/shCUAro\nGtC5PAIGUyK7XKvf6nagW5PwGS/y7zW/ZRj7p/bHsysPuWkD+LNSFg==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBa2xqNjhr\nQzNkUzEyWFRtald0TytEVysxSE9meWFTNTY0ckZaSi9Gd3Q5RQpGL1grTXB3NkF5\nNmxCalJJU2RYR3V2b3pkMG5wUHFOaTRMQ0YyVE5pZkd3Ci0tLSB5WU9rUExsNUVL\na1BMWTJ1NGloL2taUEt1RU5qZHRrL3c0ek1CNXVKWC9BCjvh4pC8LikO8JmG+w0X\nb/DYoaeZfirlZKWm32vWMkJARiwyqB68X3FKXkN+s4hiKXl5DpsD4DuebkOgjy0n\nQuM=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-07-26T17:18:51Z", diff --git a/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret b/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret index 90915d8..c84b7e5 100644 --- a/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret +++ b/vars/per-machine/crocus/gitea-s3-storage/gitea-env/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:yvUPehA2IlYG/G8GIvLDElv8r4awe4kPbRtJRLonjrEl6kV6Qzps9Nw3Um3yVw38azTT9vgD0abLz7inM5Gp0QwiRxk4+06o/+aoDw7FScB+e/pZJkxpigy/061K7g60rJ26QTl36eURtFRM2nHM5F0i7rgsivF+UmYSjLGobwGABNN5rEaqLvG85YSlBHoOBNjuUFb9E1kyQe7TALW9voBb8ZDK3t4=,iv:TNio+GD8YE2hiS+oGD/pE5klOdkEuvmG4VnoiqBlZ8M=,tag:MWyjYsMvY45Qdu8opPe+7g==,type:str]", "sops": { "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRVzkwcHptQzZESjdoc01S\ndG54V3FBT0pDN1JzSXh5N1pwTGRiTVFyYlNNCmVTV3VWTnB2QkhacW01VFlhSW9Q\ncHA1ODZ5V0hBYWJQVDdOWlIxdmFKMUEKLS0tIGk0VGd1cmU0Mmw0SDhaM2FGb3hP\nQ1ljdmZ0MWl0ckV1TVk3REJkUm1pV1kK0D2XBrQqZS9yGtGYzJedeZLXccbzDgcV\nb8/yvr3eJkOkshzFKYJzowbbBA5dmnTAA4jFIoF3dba09dV11098BQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBcW5XZ1ky\nWHllUjltZVRxLzMxYnVzeTlIMnNnb2k2UkNzMkh2ZEJTSmhOWAoyc25LaWFlSUZp\nODNjNWJvaUpnazNiSDdnOFBzWHdYcEtsRlJpSEJaeUlNCi0tLSBVenNzTlhRVEd6\ncG9KcXdLb2tvNXdFRkFFTXptdmRTSUFlVVRId1J1NkdFCokjEeAfb0jZiaUhizkk\nBaJcEgpIqR0pwYs09KUWKIOOrgzumZeJjOgPEbGPyLJ7Ew/5WwIyxnfBS73URDIq\nSE0=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBME11R3Fn\nUVhWcHVxTTlLTDVUODNXQlJIb2h3MGEwbTNaT3I5RStQeFBrQQpIT2UyYmhDSW1C\nWjlJdlc4MGtEb1BRVFoxRmpQeHUrbUhSVTJwSXZNQkxVCi0tLSBla0R6VkxrVE93\nSlZZZ0lJZUdCa0hiK1R3UThTekRwbE5MeWxuTUlvc0k4Ch4uqr9lUQiy4vkrmAUw\nA/I8x/t4BOc1mnqv67DPd0w9pyBBAHIRXNf0Ymzj5F22s30yuwXstbtecnPNKFgK\nE6Q=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDd2dxR291MUYzZlZLNStz\nWGFncG9YUlJaaDB2R011bFVReTVTYjE0NDFVCnR5UEtTRmRiNWovcnBzUDdRVEhQ\nSHJCWFNIU0d1QnNkb0YwZE42YjFGeTgKLS0tIGFOQm9aRDhqVjZxQ2xOUlVRNUZX\na1U4emhnY0RsR0ZmWmlxUDlIMnFVbGMKSgaZnoVBXMzQ8iXMqXuK+j0sTayNQgcz\noogem3O/UVXdUf05Gem4TUrwnOI0Yr0HpG1UfQPfcmUH42l1dNHQ5g==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzZDJhWFZmSVRnV3RKWGw2\ncURsTDVKa2V2QThwM0JPWHE1NS9DajY2L3hvCkJZTlBpOUNURHJndXpVSVBNZHdu\nZDFJa0YzMzdKQ0JCaWZyTktpTFB4b1UKLS0tIEZRc1NaSjlRenlhTHNsclVlNGht\nYkYxQlIrY0xnakhQSnNJdW9RVnJZZVEKLaLWFtMJE70HSZ4h4HpjqDIbRPfTu2iZ\nAW4rInouGTOoCimNO3eqxM+5fo5zMGilhY+sSYoZfj/8XtqN/N3r4A==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvRjRMdnBKcllQZExGemtV\nbENnaDBxY1ZEeGoxSW1kM1IyazRFUEd5c3hjCkk3eUZzWmxOdEVaSlJvcTBrbEZ1\nMUc5Q2FYdC90THdBWkExQ3g3eXRkYnMKLS0tIDMrRGZudTBVcHZkUXdOaWdvRGh4\nTmN3L0RMYUkxU2ZETUhFNjR5VzdxUlUKN5ltMRGkFX3GXyx+Mo7oojae67TjsdtK\n4YP07kxn9u7w9PoF+i57edfG6B9IxUfh+zE/73QHKb7YImm60v7SgQ==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBaHRPY3lD\nNVU5VzllWXBZaEZoaDJpdktJNmZtR0NWL0IrWm93ZWtidzhvOQp1c3V2K3l6K3VY\nbXBaSm9USlVSWnZUVm90aEVCSmlSYkljb2loWkxNb1FnCi0tLSBTQ2tHSXFMZlVG\nV1ZyQk1pS01ET1l3RjQ1YUVOT20xanhuT2orOEsxK25RChCM3eviktju87V/R9HX\nohaSmh3H+OJ/HzKgFcJV9QxxqksP/nOZ4XHKsjQEk4g4YVH6oFr+shs0Vpu/zAhf\nTq0=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-07-17T19:36:54Z", diff --git a/vars/per-machine/crocus/nextcloud-s3-storage/access-key-secret/secret b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-secret/secret index 07049a5..c546b50 100644 --- a/vars/per-machine/crocus/nextcloud-s3-storage/access-key-secret/secret +++ b/vars/per-machine/crocus/nextcloud-s3-storage/access-key-secret/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:5kOuRuLqQuUJPBWtrCzdDzdGWBdYN+GFGLn5LAbezcQcYuDyOZvpI4zJiBCUfEACXGEhlr0Vxid8M18A2g6j9A==,iv:QzOzJTnuG6Bo5zeDQMfDUdh+Qr27rxPq+G/kWj98fwY=,tag:m0KGHs/BqKE2sSj2s8p4DA==,type:str]", "sops": { "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJV2gwandKcXg2N1l0a0N3\nRkx6ZDJ6UEFQbkxKa1ZOUStsaFlGSXk1SmtBCks0cnN4WWZCRFBNYlZuQlI3aTJR\nOEdxQ3lGVE9wSnFOblowbWFlTmhDV00KLS0tIGtNRDloOXB1dzJsVVVIYXlkb1V2\nZzNhL3kxbFFwNzBNdGp1OHhTYUo0elUK90tA5xN7SASZ6Xes/6Z5DMKGkSrxu6xK\nhzzId2/C8U0+lbeTQQkprGpTDrG6XlTFRSvaIwq2vwM3ohGVXOyP9A==\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBK3hzK0pl\nTW16QW1UWWdKSmJaLy9yUXdLY21yS2JucnJYS2NISWdCdlVFcQpQUXpRYWtqbDhh\nMmExVVdpRk5BWGVDK1dSOW9sNStCZ3VrbjJPYlk0VG0wCi0tLSBpcjlEbXRDS2tC\ndWFVSFgzRCtYWmNkY1lNNCt2M1BLL3NaQXJ4d1UvVDlvCpIierOo/DdLtfOyQYW9\nn+7DO3U8t+gDOh1l5YbmzM6WywVRe3B1ibEUf5+GQ/gpqkO/EJ/o9SJ4mCdgNWmn\noc0=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbzY1MCtM\nZzV2MkFEMXVPdjFObU9jS3UwS0I5aFdnMUhvSFJLTEM4dHhQbApEbUVlMHVOQlgr\neEErQy9laTdKcis3bDRpSkNtWjFweVBnR3pIeVlTVjE0Ci0tLSBXNDVtQkpaOTJM\ndkcvdHY1TE1pR1dmRnFoWVhpYUxtbzAvV1dMNURmZDBzCv2yCsrI9e9GsPk31lRT\nVSsgpycRE74jTPCV9ALDQzW1tZ7CV+UH4zapgTguuCmqJF9QlNYEFZFSbsAb+ex5\nEtc=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGRmdYMGJHaE9JaVRjTDZx\nTWtzTWtpcy84cHJmd2Qyd1JSY0FFZUdWWUMwCjlFZEhUeFVnbWQ1eVQvc050YXFR\nT2lCM3ZFWUEvMmg1WU5XSk1lTUgrd28KLS0tIGZFVHlLYXJ5MmpxdTBjd1k5WWhp\nOUtjUXQ3cFB3VWxZV2FiYy9Dd2lQeEkKtXbc/oqXPPW6sS33GeZENrcOnm5UAOi+\n3S3EFzeJ/P4nxOMEFlsKfQSGgtRvbpWGNv6Cv7GngXdzXxO/cviccw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqc3kwUHlhRUtUakkwRWY3\nNTM2aFF1ejhPY1lRSDZmeUJTQjBmaUNtYTBjCk1HY0ZkSkthTVpLTkMwb2o4djNO\ndWhDSjhJRmlia010Y3lEZE9SMzZqWE0KLS0tIHRrSTZNMzRCZnRUeGtYdzJhTGk1\nYUd6MFZKU0ZFL3pjTm1ITnJMcGxWT28KgtKtewS+9nt9X0nBNSxOnGtS1WWViKwi\neKmKorFPykcpe0iloq3Pa6Z0cdreafHHQcAewOjY4nrsHcQOlD6T+g==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHZTEyMSs0VnJmNUVJanEx\nZHd5U1JPSGhkS0pHN1dQNmpCSEtHVEgwTnhBCnJSSFNOanliaXI1TnMxMy9Ka0Vs\nMUl5dmJXZVFvcDhaN0NGN0ZQNHduTWsKLS0tIHpnZGZrYnZCNjN5VmJJR0FmNUlX\nc3N5T2tKd2MrZWdaQWxqSnRNcGs5TUEK5fM7dR8k0GH++aJSHmhJ3bffeH0qpisd\nXexCO+qDqwRfIPzVmzkpQHUQ2+8PQGe5lL6UEKm4X8WLO7MgpfL8Lw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBNzdaRmMr\naWxSczdYMWc0TEZzZ0Rya2ZUcjVXalBRUURLeEF5QU80VDBmdAo1OHBQT0JmRmRl\ncUFqMkpVMWRHcVpaMlRMdWtYL3lYcHo0aXJYQVo0Y1hnCi0tLSA3SmNOeWpGWldk\nVDYxTk5EN1M1bHlKYkloZ3ZRT3N5ZlNzRHAwVElqNFdRCsJkvpTfuqsI3L38JImj\nsEq4VT8t47dcIQJApMv0yIphCeX2bBPrPN0/6VMc/Th7kOWb9qhRzG/bR5bx6Oaa\n3Og=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-11T20:52:22Z", diff --git a/vars/per-machine/crocus/nextcloud/admin-password/secret b/vars/per-machine/crocus/nextcloud/admin-password/secret index 3fd51aa..49aa6be 100644 --- a/vars/per-machine/crocus/nextcloud/admin-password/secret +++ b/vars/per-machine/crocus/nextcloud/admin-password/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:VPf7HCaqRatP7bK7podFQsSxAXH+jSblyg==,iv:GhOmIssF3fmTTgX95tihr0KfSZozK/ZuJxMIACl8C1E=,tag:Hb0BaSS/dGe4WiPR7WftlA==,type:str]", "sops": { "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzakVXTzVvVFVXdWxNS1VB\nUURrMktBTzdXcGIyY05aczV0akhLTUt4T1U0ClJER1JSalpna2RmaUlCMnJnV05p\nUlp6STVDeUQrYWRQWDVTWWxYL3BmRDAKLS0tIHB4K2RqTlFTdG8xaG9SZXVpdEFm\nT1pDaWlWSDVtcWpZTFZBSnZHVlFhOWsKok+32pQrxSx0TlffrXZ2YVDuZ7WgAfH0\njdsTtSMmuE4MXruiSpws9Qv6wCtWaXcK8anjHG/yup6snZnKaCpgyA==\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBb3dudUc1\nTUdrMWt1MGRpR3I2NW50My9jUU4vbWY5Z3lmbk1wUnJRUGR6NgpDQW5HY0lHcXpS\ncUx5SWlSNVppdlRqbUVha0NqbmU1em92YUFML2Y1ZjdzCi0tLSBVZjFna3RxOTNs\nZ1ZaUXg3eC9OTGNSM1VqcUQvdFZteHppMmxzcVlpMGFjCpPtslPmZQcH4gUkOq2Q\nzxs3+AEq0L0PXnVqEpZ8zw3r/47+h2SZMpXLO+aAOXpk9N5XjaImN5uXoV3ajTE+\nxPs=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBcWNsOWVY\nRDMxZTZIRlpONVpvaFpOeWNzSmFLanliUWk4ampGUkdrcEt1dwpsVzdCWnREazZt\nR09VV3k3Qll5MjIxMThmdEJDSDJia25UTnBTVFloWFlnCi0tLSBzcXNySVNWOUts\naTRlYjZodFBBSmd4TEJKNzJJOTJJV3dHd2kvMXJHZmxRCnYIepxXIkKjp2erEpgo\nDOAg5JEmbvd69QDcPWq9+xR9pSPe5QIE1PWH87fPTN7mRE7S0fkbJlThMuuHmqHK\nqso=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByeXBqMm1iajg3dGdxdjlh\nb2RuTGVBL2l5cC83MHFOYitSWm1odkZuRUdJCjNSTDczWHFmeTJ4b2R5ZkQ5ZWwy\nRTNuOTVNMjM5MlNiRjVJUWxvK2RKYTQKLS0tIFZxZjN1ZzFLOE8zSVFKY291YjB2\nRE12U2RnRytnaDB2dEZ4SUNLTElLVzgKfwcNexoKcjhgVc/IZ4G9R3jfHN8HURRU\nIG8N/8asGBfBcoYMk1BWE9CGIsv7p7PFA+N4nt9sS9MPXHeb0oGKRA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVeVV0UDFPaE85RU91aEJq\nT04vM1N5ckt2dXpCVGNKZTV5WUtwWElKcEhVCldLTVlkU2Zodnd2THFWWFB4L3k1\nSFg3ekRQZUlyR3ppdzRvRUhJNVlmK2MKLS0tIFJwOFROQ0hJek5NSlBPcUM3aHlW\nNEhnejEvQUhyMmdrTTRBN1c3YmY3U1kKEp3VtKkfxhKBEfYO0fjcyUOjILg3jpDb\n0a/LEFMzGUa6oMxQQYkmi2XFZnvmTey/1mR5sOOvGz4fDlouwfxrBA==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3WDlpRXhvdkJrSC9qUlBi\nTmFGQ0VBYUFmb0QyYVozZi9scVhQNEJqOFE0CnBSTFl3eFJZam5JTkg1SStudjNF\nMzJkSkl1K1lObGZjVVA4eGhFNlhwRU0KLS0tIC9kWC9DVjMzUk1PN0hrckFLY21U\nUk00QXB0bzRTcWEvNGcyTVkrRUptZnMKdcOp4GLRd9Fyt3S9oa5k8e82bvKxHSEN\nUyTHgs/XoE2wnyaB6UZ10V7L94pBAGeU0yvIgweeIrvKKbL3Q41y+Q==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBc25NdE1S\nVjUzWDlvKzArRUN6SXJYcldmVW50NjhFSGxYYmVsY3BSN1ZtVwptRGN2dXphcm15\nUXdOM3BKdHp2ekVjSHA3eUZNKzdEMktRa2Yxcys4VmxNCi0tLSAydXJmVGlJQkRl\nb0h3UTBWK1VQWmlSWVFpT2x4T0hDMVREeUtzd0hqZWVRCoZz2my0mTi3dcAINk4p\nZhXoo/eCCSUGIhLVSLFyxFSd7slsb0EioZzecBt7kC1peba3OF9ZL455WKE0KCDj\n2VE=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-11T20:22:27Z", diff --git a/vars/per-machine/crocus/openssh/ssh.id_ed25519/secret b/vars/per-machine/crocus/openssh/ssh.id_ed25519/secret index 512bd37..bf72d4b 100644 --- a/vars/per-machine/crocus/openssh/ssh.id_ed25519/secret +++ b/vars/per-machine/crocus/openssh/ssh.id_ed25519/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:NiLXfIfhT+FUGFfrUGc2SBYFrmDIIx60IzuEIm+8AjxrJjgXmjp6PR4EJcvT19kk54mCrDx2devMYsbTCVE7hALqC6GD1DZCEEh7uSFobbgHv/nPrEG49FzQjw/4q4YXjiMc2J3jyVmbZf1lM39sajfpdlozxoS/YLGopYHKCPvPcYALWuTS3+GocBTmWCUu6/newtc2niPDmrBItXzKa54b+0xjD8pRhgfhgDL919lxH+fugh7QWPSx0c+LqdAgroUr9GkX0ofoUPeBdb9mMGcgYjX/EM81ZZzalnAkgsx4v7IEGEpeYxqw3gOm4T//8bkVXnrroqb7KY6c6os7M4NddMxLGJYJoTgAYMr71MX78NOIQiI2HLRaNudeMQ8PP9h+f8PyvyeJXMm4WiljGk+ojwZrh4+CnV+o5W+K7nsL4+gO6Zje3iEhEDW7Pr0VI4KtIho0UcMtbV++PHLIUowwD+YMftd/3wHmcUfGg9DwhDTCy4nSJOcaIUUZGkEGWkrsVxmu2/Gr6Zm19Iz9,iv:7GePCFLRrFOkD/QjDP+XrveU80YsT8O6CyuS770YbSs=,tag:HhN1SssO+dZ1vyBdjUrUYg==,type:str]", "sops": { "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1Smk0ZnlQZlljV25weWhC\nUkUrdElqSmVEMlowRWp4MzRyK0tuNi8zeHhVCk9pbEJBV1dLL29LQ2l4a3RvVVJl\nYW9LR3ZqQndiU1FqeklKcUx5YlRaVFEKLS0tIC9LWjdBTUdGRWc2YUQ2YVVzclVO\ndnF4TU5TNHdKMWpBVERDNGZkYUxuSFkKElI/4w5sPPwkPgb2lr2ck7HdiKXaYHQf\nJFbdfN9uZ+ORwDEfJPriEV3FeXbUI6+dD42n1tdB1rPs8GrcoAlwFA==\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBb2NONGg3\nWmpjMGIrTDBTdDAzVVU0RlR1SGxkOGRsMVJnRVBDWm5QQk9CSgo2d2w5bDFFUkJk\nM0twTGhGZ3R6cngzMkpBakgvTm5CbWpEV1U4dVl6aUdZCi0tLSBrRXJjUERBWU5I\ndDlybEJKR2FjYVNNVm1aWldYeWZTL2M3OXArZ1FHNHNRCgyzggaTAGFvNiMzfg6O\n0lBeIlggttQTSJt7fcF0XvbLDJ5/d1IQ6dVFKpHZZDmqs+ZjSA7YYvj2CJlUKsQT\nvK8=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBOXBIQ2FR\nVTh2bG9JWWFra0VZaXE1MVBIdERWdFQxekIxU3VYUHN3YWswRgpvWVAyWDJwblgx\nM05jWFhqUFA0eERXZVZRTUxiUHRPRVhyZXZJMFMxRzZNCi0tLSBRbEM4clpHbmMx\neUJlUDlVaDZuOVZqMkI2YmxkOXEreWNSRytESlBjbXd3Cuz6FSIgtQJpmPjmIeL+\nsgG3eWaClcRgr0YXKaokHoBn+8NEiFw5RSTrpgDcsZySBe2RPZqMbDsNJlGmJ1Ij\nfaU=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5bXBqUUFuaEhVSk5qeWdp\nRzBXYlZWTE1wSGlrbE1MbnNnMENGeDVuamlJCjczYmJzdEc2OVI1eGd5TGRZZXNm\nY2NLblY1T0dVbUZhU1gxcmpaZnNMbFEKLS0tIHNBditDbWpVVE41cWs0RGhFZUF1\nUHd0TS9FQnZscDQyRjErbE10NWNMZ1UK6nsQp3bCfJHpYG23dyJxHHgR95ZXsgu4\npqomGzG4ONNBG3HDjxnQI+FztXnCR4n/th6xNJ7To+0DRexvr9BsSA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2R3d6WU5mK1p1dEdHVzNG\nSmZWRU5qdTJaRGFZTVZqRGtFcXY5aldaWlQ4CmJmWlJ1WlZlbDgrUDcrVWd6V0Ur\nUEphY0xHc04vdm1VMnJwajN3WHQ2UHcKLS0tIDNod0ZvZlZQalNKQmRhUFlOSUEy\nN1dmWnJLemVOQnhlMFAxWWl1bzk1RTAKu9wb50yH5MH25lb7Bztfr174nQMp9QLc\nUPXKQ3lgCOSltyQNtMOFvGYcFRVRfsSwp9unD0BEw9byhcGyTzchlw==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxQ0xENE9GTzcyQXQySWNK\nV0dYMVUzdGVNOWFubkF5YlhlNktDek9OdDE4CnJrYXlCL0VNWXo4UXBaZWNidlpw\nRUZLbnhiTzdtemhTWXdBVXV5ek41MmcKLS0tIEZ6eW1hZHkxNld4Y0Q4bVNFODRs\nNms4NnJaWWF5ZlR5UHYrTkZCY0NnNncKlBQU1BJRODIVgeoMn82nflunn1uwPFuo\nfxW4Q85LHgLK3tJQBqn8H6QCHk8gtwxulnu6+M0WyEYJ8iPE7GacNQ==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBL1hUNnhl\nRnFVUVl5WUpwRjZGQUtXcmNVZzVDNUk2dXRjMmpNVmhKdHliNQpmYmZ1VXJoZjVB\ncUlIQTlvZ0ViTzJVbm04Zzh4b05FSDNzSDhWcjZVdmhzCi0tLSBZM01meGxyYnRu\nV2p3cDhFdFZUalRnOWZqOUZZSmgzTUxEZDRTNndpRHZFCnEuUAsLmtVIUuPEDqg+\nWvVb8mkHx47sgyK6HbJwV5obItuVzlbIZrrEVL30CDa7WzPUC/FxP1H7YPqCWYWl\nWU0=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-06-17T19:07:35Z", diff --git a/vars/per-machine/crocus/radicle/id_ed25519/secret b/vars/per-machine/crocus/radicle/id_ed25519/secret index 4c63790..7de939d 100644 --- a/vars/per-machine/crocus/radicle/id_ed25519/secret +++ b/vars/per-machine/crocus/radicle/id_ed25519/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:hhgdJTDAFrEaFcYZbD9OPj4HVYRJBPDYWUfNsNj65hoowlrsRYHF9FAJSQUNmznhQ3kmrZjElGxZxS0rP0LhTvbwrRAS8luP7gwuDRPsloaAli8rVbWoZNvutILmC547WEUU3gnHuwCpSfzbNRz73BqF3oGF5tUcsHQYor5Vzs5U7LuP0Psg8q17YAggnaFxWlHIQYT5H9aVWcass8z+FIixnE0Ss62m9lior5GEXAYuoIccEJsisfDjBCdk5sMKnhgJKyUxXLuBA56VSte748/JNx9p8ugbY6jbJxXEQcBVlCNklAzMlIrwcMpJs7GgO4aUm3A2eDM6P5ZM7LMhNxsLfOYLZkWAdVfaRY3TSym6oED5GvKoCXjmzGvqBaR/z825/wAfxw2L1E7CmzOFpTHE8BWC6cwZolZGFQmjUmw8hQ3qesRmI++gM73P5Sopjyq+qfl26VB5ncJ6nTictQVQeepOOOLiby67m0JjTErvEbWm5gTx3t4b0IkOTLl9Ci878+3JKfuUkUBWEgPO,iv:B/TsygWiYqC4wePXJqlw9GS0blzwuGMNBkh/W8FTUTE=,tag:vZh/8vCwWKnzHbdQqmdwJg==,type:str]", "sops": { "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4dVdIMVBQanlvRWprZ0Er\nd2RPSnRyUXhmNDFtb0FKUEF5MGJpTm94TkVrCjMvTWpicmhSTkNzU3Ria2dzTHNq\nZVhwRkl3MUdDNXJiSlhqa0hYRHNsY3cKLS0tIE0rQUE0cGdkbVFVc3JHWDdIS24v\nUlQ4LzdveUxzYThvMzFHditQcncvOFkKYAOMDXdTR0HLwOv5OsXQvGUY5QK4LQYA\ncUTyHL5HqnUn1+tnrUPWFkAGcxxv/gwLtta+u3qkK0HppXAU+4tiig==\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBamRqTmFv\ndVljVXJGa2FyRDk4RFFlVWJkRWgrbFhaZlBHYU0rRXhQTTJVZgoxQ0pKQjk0cjMw\nUStFQW9UTTNNT0wrT3NlUGZTMDZVQ0wrZTdRT3lDM2NzCi0tLSBDUzd3clZWR0Fh\nUXFFbXhkMkV0THpqa3QwMjNoRzFTYStMREJJT0t4Zm1BCjTow3NjQg3CLp0bodlD\nIrX0OXNbQRv6XAZ9ethWJ+SJbU+6kbLRjCP2TpIgyYaRF/cjKTszB/RfQvfpe8E8\nhCA=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBaGp1VEt1\nU0NJdnlqYm12T3UwZ3JmbFNrYzJlUUY3ZXZSdHNudDFOaHRZTwpqVXE2VXNnQTZW\nTWFTMDMrU2E5Q0lKOGVPZVZoSW90akhycitzcjlwUzdrCi0tLSBKMzFiK0hqSXdY\nN01lQWE0NFppcFo5QVhzTEozU2lZazVQWHhwVXFhWVd3CsfFbHYhIiwJj4uzGFN2\nmSWXahNJYj3vawrWEr7RppS7zw3EHNLmBbxXXSpXQzPspGqZbwApokdj3kcCaRfi\nIWE=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYVXNtQmVyVDcrMklUR2pW\nK1NBa0liSlRxVStFSDFvMGJLNjhMTU9yK0JBCmdzOWRJeHQ0dTJxSXBCekZrdEJ6\ncW8yTXNPU1lDem1LeVVTZlpUc1JUWVUKLS0tIGRhRWJZeU5UZXh3b2pITkRBbXVq\nRGZpM1BKajZud2FQWlI1RUhEeXQ4c2sK4OcLD5QL8Wfi25oOXB/ssuUINDptD6wN\n5xrrNzt9/Ie0zET29jxhulnKZYWG3JgIyrydySWVxOjA2+UppJH07g==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyQlVGQitkYmd3VWd5cjlO\nMWNVL0F1TmJ6VjZPQ3RmTXJOU2JMejRCcDNVCmtHdGF6V0RDTnAycUNwRGU2TlBR\nUHNpNSs5UWx6OTA0bUltWElENkhIZkUKLS0tIDc0Q0tsTG01c0E3SjB6TDVaV2tH\nN1FsK3E1NVRIT0dBL1ZDQVlzaVJsOXcKWsL4BAzrfy7fQfTlJVRlDm1VgxcHRXhT\nJk2bgyJhgyZv8dejfZbgJDJDohEN6PpRp1qdVUxhMrUDuL6joiB6FA==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMXBqWVdqNnJDUUFEcWRX\nZGxKV0dHK2YzZlg5NjRoaGIxeUs2WG1PeFJrCjR0cC9jenZiZHkzRWhUZmVFSmlw\nU2EvSjc1L1krTTZCak1VL3IxZDdZRDQKLS0tIFhEQ0luYUlHRGFXUFJYYVovQTBn\nLzVMWUhwQTlDNWloeGlPR3NRTXBNTlEKV7aVQl+T+dKoJTNJcTEnsmaRZfmk/dUh\nuYVLtbUW7tSEz3OnIH1iYEmwSOHGGyvE7Iji1nt7J+ADPuWQMhp+wg==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBdXZsUFdI\nWGtmY2pUYnlJenVXRDNCN2tQbVpDb1o3UG1hRzhVTE05TTZRUgpmVlRMYXJnOGFS\naHp5R0pxaXgxY3c3czJYemFtUlhETTA1TnM4VS9uU0RnCi0tLSArMVhlbWg4Q3cw\nSEdmWGxoTjJaVTVtZDArYU1xRmJiUGZNbVlpSDNuSGgwCsWB83ZKUTcN20C0ZuF8\n97ds5e5BOBfYzRFe4mjfIkqRqn+/bD51XZJAuX2/NNfn0QZP3CCw7NsOEG7IYPbG\nXoo=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-01T11:37:19Z", diff --git a/vars/per-machine/crocus/root-password/password-hash/secret b/vars/per-machine/crocus/root-password/password-hash/secret index 2f0aa01..9156edd 100644 --- a/vars/per-machine/crocus/root-password/password-hash/secret +++ b/vars/per-machine/crocus/root-password/password-hash/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:IVFV3Blx1sh/ltMNMeA6cLy65Vs5LqF/g5aYxKRDLT0ZANRU6wPHddPQNs4ozzbEPpLHi/Isw78dxu3Z5+CkipO0vLkF4ZvQzwvP+RMGt+FO+FFFOXXxARTeJKfaEDUfi+/QBoNMXEp2Pw==,iv:YrYX2M10MWB/dPh8SxO/CtBpKxGuxGmE8VH7+gWI90U=,tag:JVojVg5FKPzJDUBI9ofQiA==,type:str]", "sops": { "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPRW1xa2w4UWUrVzV1ZDdS\nc1B5MUh4RHlkdGVjQVZ2cDJQRGovcjZYbmtrCjV2SUV2WFExVXcxNW5JNEVBc0hr\nYVkyL2xwVmVwVFhmWW4zSWgzbHRjQ00KLS0tIFd3azZRamhmOFlVWWM2dFo4YjFC\nU2RtRURmZEt0Q1dHeUhBZ3hoc1dVQTgKVGesd5Y2FoLaiuojOMevkXXV2K5wXFs6\n9G2JTx8lPBBt0J6tvnr0zKBXxnMJq7TcRgZ9fsnBC6/36IpJ+dZ2Tg==\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBOHJ0akhH\ncHE4RmpxSVlMWmRuemhSVFpaS2dpMkZuSWNkeE1WWFhQK0cvegpkNTg1b1FmWE8w\nZ3dLQkZxM25tVzZheEpBN3ZkU2NGbmxjOVRJNkRkczFNCi0tLSBxOGVOb1RBSE1D\nSE9sbmhBRnpWTVZFVUF1TWVyVTdZQ3lGZU95N3NJMmxZCoZFN689SAVwsl05lJbh\n2KTZ0ubaSa0DZJwqZU8+bQK9+aKTHEG1ofkzV+B+qhPa7QT3/pVkf96ecxAv6v/R\n5qo=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBeU5jL2Ry\nNDZDOGVtYUVLRlJkczYrblRzTHFMZDNLdGRmT1VkWGxSbEcrbwplVC8rMmI2aWJp\nRVA4bWc2cjVZc2FyWE91WEJZQkNUeFR6MmdoaXdEbDdJCi0tLSAyV0kwL3JxZG11\neGNLNDRXUmlLUkp1SjRDTlJEZ09OWUNEVEtBZURCWm1JCv/h0VPNHV03gJiE5HO+\nXEScLRDtZ8g4eRoY58hoz7lHIG08BRYRYUEUEvcSTUnnXOVGbLEKq8vu71kiiubk\nTLA=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyR0VSSnY1cUk2WVk1VzlG\ncDhacERNQTJZMFoxNW5XbjFuZ3lVM0dTbUZBCkZidWVwQk55NHNYQ1hWUXBHallC\nVXBQUHJDNVJHeVZJNEhJVjRxR2t1TWMKLS0tIC9GODhBVlhrRVNYelk0UkZlVEVm\nZ0hINlROUFRkOTY5cjZkdHl1aEF1VTgKJldWuUV6BMariSdoCt/0cNprS1HN4Tav\nXuCR0UcmC+q5nChLUrBh5fBCzQ7MQPQ5LqhgdxJ4syeigl8XlOsNtA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUlZ6ZmhZWGVJTkNXTE1H\nR1M2RmlXNnZLYnhIWk9KRDFieEF5eDVvNkNvCnhsT3piakkrby9sQUZMSzlXU1p0\nQ0tsWGdsRGQ5VzVmVkM5UE1sU2xzYkUKLS0tIG1ab3EvclIwOFlPdEVaM2taaFdp\nVWV0RC9JQlFVUk9uemR0T0oxVUFmdjQKWwaqMcu47K59PBam7+5IDFzZYzLEdXNp\nNKqzOY7yNyMFv/QoFcpccgGIeVz5PBXYqKKJQdnSPQIHoCybVUvK5w==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0ZVFySURNa0pwQURpVXdK\nMmthdUV6bTFXVkI4RUo1VW1YYnRSSjg5NlhBCktqK1RIYVViSERmUjBmaTVHMUNy\ncEo3K3dxdVBFZWRUYkQxdHpFS3JkeHMKLS0tIDVHZTMvbUhvcU9pbDlKQm9aaVlx\nUzY0dFZuNmhzRnhxTzJYcGNXUXRJSGsKpzuQDFI9Hn2GrAbZ5JLQsEcH2U8wzlQv\njumD1hhslQ6vwuwx7YEtNCtd3dkQ4veRsMFpBKQ+KB7VPN6CoahzbA==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBbStkMVRy\nNjJYYllSdGFwRzBtemNTN2FMZ2pWVkVjTDl1R2ZVZUhtSldiWApRaU9MNk1MaDMz\nVTNZRVI0Tnc3Sm16NTJZTEJ5SmVEcGEydmR5RC9PM3ZRCi0tLSAwNmlnd0ovTFoz\nUjR1a0ZqMllXSlZ3NjZGUmY4L01JMElzVkFKUFBPTzhnCg19RCFy9FkH51Z1jxu3\nrtZF0A3u3P50CVIChMtS2cwE+YiDj1C6Dl5urkzA+nmg9h4/XfblT2RcTEXCbeDB\nR0Q=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-14T17:21:00Z", diff --git a/vars/per-machine/crocus/root-password/password/secret b/vars/per-machine/crocus/root-password/password/secret index 77497f0..9265ddf 100644 --- a/vars/per-machine/crocus/root-password/password/secret +++ b/vars/per-machine/crocus/root-password/password/secret @@ -4,11 +4,15 @@ "age": [ { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBcVYwbklp\nMnFka0E1UkxzUUV2RmRMSDQ0S01seUtHUWMyZ3JEemJHZURHZApPSlRBTEIxdHBm\nZXlvdEhQRFNJY211V2dMejY1dlp6M0pXcVZsVFFYR3ZVCi0tLSBuK2RLLzF6WTlB\nRHpDaWpia0UwWFBEWnJ6Yy94d2dXWUNZZXN3WW1mUUhRCo8mnUkQZvE+3QrQIb+J\nO3A+3PnIpszKeCwhpGugctC8c3mbCzbwSH7e7kJKvENvUvo1Uw6mpAUR0nV5hOTI\nNXc=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBMmUrZ2tZ\nNjN5dC9IQkRVSG9UdUVWSHJCV3FDeDFHM1RVVm94cW9EMTU5RwpOQnM3RGdLZ1Na\nK0UvekNqVDB3SlE5R01JRWs2VUcrMWpzYm9HbmJzbkN3Ci0tLSBYb0MrSzJON1ZM\nSFMwZGo2MnVtenVFQ2NEbzg1ZlpHMUFwYWtiZ3R5N1hNCnkqV9O2Ecb1fHGRjnCx\nXtAWFvN7IYB1ZV0SagRq7jdQ2g5FCRzcFV796rtND7E4YGrKH+Urf6ENxaCRqsrw\nEcI=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5RFdEeXRxNEtsT3pkVUg4\nY1N1dml6MHRiTm5FeFQ1NnpLd0I2VjQ2eDBJCkpmYWVicTh4dHRGMHNISlZpR01u\neTlUV1J4RHNYSFJuenM1Si9uM1JHUncKLS0tIExSQWJpQUF4UzF3aEY2ZTg3SHZt\nU0VLZ0VxK0N1Q0NTa1lwM0Rib2xTV2MKQZi1exn+8X1FqzhBWql35aMefy2SKcEi\nnfJWq/5OnQOvrZHPxSCvDZLJkLLGRM+Ow6ARpC2TVc7ZYLlWCshwpA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoUXFiWWhyZ3BJR2s4bWd6\nbVQ3UjByWG9VRlVXSzgzSm5MSlpOYi9nQnhBCmxyLzlKc2ZLMnpqeHRtM2prNnJG\nZjZ2d294YThXcTVNaUt0U21pOFVhY1kKLS0tIDVDL1ZMdG1tUmhLRDdiSi9ZQ2Nl\nWjZCR3pSV1ViTndVWndobFlHQ0RFbTgKp24nhr+x1t4vbZECFTHVdctNZ28DePfo\nJcEvncKyzCI7DYQ02/xddgCrnwzquSZclwKcg6DT1zHeume55eGlCg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBbWJiakVo\nRElSUUNCV1J6NElyQjRINlFJa2xzV2k1VWdUTHd1Z1Q5K0dmWgo4MmlpeElSd21Q\nd3RWVityMXRKZ2lxUDFGVWcwMmE1MmhwWFVaSFFHN0pFCi0tLSBXekQvNnJjbmNX\nTnA5dzM2QkdrWEZYYnhGUWZHZnhXM09tdTRhU0Z1ZjNnCtVoFcT/GdtN3Qursajh\n1zydqRjhglBB9thPLEwCjytTUhveOY23QWTl+2MJXJzU1TapnE2IPpHlXykAcf9g\n9Eg=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-14T17:21:00Z", diff --git a/vars/per-machine/crocus/user-password/user-password-hash/secret b/vars/per-machine/crocus/user-password/user-password-hash/secret index f41cc9a..43ced92 100644 --- a/vars/per-machine/crocus/user-password/user-password-hash/secret +++ b/vars/per-machine/crocus/user-password/user-password-hash/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:pi7IaxXraS1mLXsZPwX6N1HBrGewyQfiM0WDW+fjV2xTefUXs2LGva8JxpKfoRWLRXHtuxTFIU2Evk2PPFyLV/rF0onUr/qV8YHcWtqio7SZAV37FeBw5iAu34MYDMIwVeqIEa+Fah4wmg==,iv:9JN8h3tjLmOTzX3DPdSRmAEgubwO1qKQ+Ct7eRqh0D8=,tag:djCmyd93qo1iwDuXhyph+A==,type:str]", "sops": { "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMNFB6cHVvQUVCaGs5enlK\nQkpYd2o4WlFOL0FjRkpsSUxydG1tMmxVL0dvCmsvVDY3cnBWWXRnd2cxandHZlEr\nS3JKbHp5dUx6SHpyUnNIN0tGZkpKSlEKLS0tICtaMElCY0UrQTFRMTlqRysrcnFB\nVmg0ZndpN08wa09ldGRoWXBSTEZWOFUK57r+xqIX4uPMhco8I6B+q9OhYfNGInlG\nFB3LTCBGGItStWYqgNmbKDWpMJk/Mrm/c6mUrkhgCppaw4ssOCZ4YA==\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbkdEbFlL\nSkZxLytXbFJsT3VPRDZJeWlMNTF5MU55K29UTnZ0OVZBdDFzawpqYi9IdFVFV01z\nSlJyRVZEOUVaTSsvOUJtSGVEYnBZMkViMEtyNnRXTU1nCi0tLSBBYWwrbENMaHZX\nTFA2bFF5NFBaTmJLby9MdmczQVUwaTIzSnpNdmNZTlVvCgbBp4f2DwHa44IoqV+K\neECZP8dAjiM+aRIMiZC1K5t0Z9WvkElweQdyK2Zx0WRM8/s3Gb4X3N6eCtmwafJs\nMzY=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbTJ0cVJU\ncjlQaDNLc2twQmptY0RMbHhsYWhCa0MvR3lWcEl4L2hOSEIyNApaWkdTbkk2RytQ\nSDB3MERja1BDS2dDeU43N0E3S1RtS0R4Mk15NitXZmZZCi0tLSB0RjJEbHl1R3VL\nYkhRV2YyWUlXbWJpS29tVnhLVnFHNXpjRmJmNWdYVTJVCgTtdW8ko9undu70Aipy\nwYS8Vjl5lYXdCjYMpuaBDW7VngO8wHgGaZvcFZBWZW4qjoaLTYHPX2lKYEYJtQ6J\nhYo=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYTENpNjZKdjU2S0tiOFdw\nc3RhWmJycXNVSElJSVFqY1oyT3dFalZxNjI0CjZVSllWS0lHdU1POG41U0cweGxs\nNnErcVRnampHemhDR2Qrc2Q2a3lLUzQKLS0tIGVJaWNOOTBJU3V0Y1k3d1lFV3RD\nbFhnQVVEQWFpNlppQ2ZvYWxUVGIyQzAKQqPu6Q9S2GTRNaoeRq3W4CpPUQE7FB+r\nmxQG73eOANaFuctzECod60wgnQyS7hwZidJRqCARPf9lO2gAORSmhQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvbUh3ZGNTNHdZSHNiM1Rl\nK0ZzSkcwSUhGWEQ1dndRTXZaQWl6QW5qMEVRCm9XaS85S0dtUDR1REtpaG1RbmNF\nVXpwOGgvdGE5bFhIekpUTEk0ZHdKUUUKLS0tIEpnN1J6SldyNytGSFlzOVQzZ3RT\nZ2ZBbGpZcEhCTEtpVldnVXZkNVZUblEKrToM96r+LkKiWg+1Kf7PEAqdTjUapp1d\nBCrWUuNBL/0mFs0C0RMGupnuXsHPKN+LdvgwzeUUf54sezOSM73H4w==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzeWJ6b28wL3UyL1I0SHlX\nWWpYa0d0UWFzbnVKYUVXTkxRU3dnUkxKMUMwCnFPT3lNczFrdXA1ajA3TUE5K2RQ\nMDlVRGpnVFVlTnp6WXYzTmJNLzJjVEUKLS0tIHJycHo3TWg5eUI3eHY1eW1tUENZ\nTStrVTBES0JSa1A1Z2JtbjQraHQ5N2cKwXiR53tXqAhz8vHYNEx6vhp/3+U2WWKa\nUy5ZFplHbuZDZ6905IPoOD1PMeec7fdXqsIzLaGkRgTg+B5O1Irf8Q==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBcHpNRmF4\nQTdrM0xCRnFWQ2FJSUZUSkp6VWIxb29sMSs5eEh6amdVVTVlbApzcXFjUndXelUy\nSU1VTFlYcW9lbTZBNm5uVXRKMmFKZzIzZTdzTlg5V1E0Ci0tLSBCSkpBd0FpNkly\nQXpFMm5RbHE1eXZ6STNEQitFbkVSUUVoUGlVdFc1M09BCr641phqc1xBkM7mmSoA\n6PNXs7DDNmM4zgceGf0uB6WgBc/leJysYf8Af5DexxgJMLZpS97dVeyukR4uVoE1\nmhA=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-10T20:20:53Z", diff --git a/vars/per-machine/crocus/user-password/user-password/secret b/vars/per-machine/crocus/user-password/user-password/secret index 88c0a6a..dba3584 100644 --- a/vars/per-machine/crocus/user-password/user-password/secret +++ b/vars/per-machine/crocus/user-password/user-password/secret @@ -4,11 +4,15 @@ "age": [ { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbkh1c0kv\nVDdLaGx3ZXNiQUMrekVDdHpGTzIrMU1vYTI0dnhySUJEUHhUOQpqbDZvdldsd05p\nNTIycDU3STNYRzRjRi83L3E5NTA5VCtVSXhSSWN3OUtnCi0tLSBSMi9ycXhPZVJC\nVG50Vk85a09OT1RjQnh4UnZVS2Y4NUhGMkQ3MTZ2cmN3CppZMq4dsHSM72dLy6Q0\nhYT/FKGQsh6m473J4/rdvZBKMUudm6q0uvNbQ48oJ/xGlGrBXy1aXaqN/vdL1Q+6\nRPw=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBb3Z4RlhM\nU0hVSmhqU3dSbnRMSlFORG5ZYXZlU05SQW9WbmtXVHpoL3ZTSgpjOGtHem5QbitV\nWDdmTFE1M2RaQkJ1TEFSWUVaV3ZXVVordkRhMG5KRjJFCi0tLSBVekpETXp4TDc4\nLy96a0VyWTlCWUpsQnp4MjU0MGx0RUk4NFVwTzNsa3F3CqcuAGQ1oYySnC6BBV6Z\nUh5o+u2vB7VskUcTFGwfFC0eckYvSmj6EfQsTpVrHPfr8w3yD+Qh09mWCi3EdUjp\nlno=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxaGlocjJFMFlUaXIyeEIx\nY0NiN1lmNlNwa3YwV0dhYWNlT1oxOWFyeENFCnQ4aGRmckpEUUFtVXFQYUV3WGF3\nRVRRaWFuSHZ5NkRFSE1rUHUyNnNIYVEKLS0tIGYzcHRmNmROeHkvRlNGN1hINEg2\nRG10THJOdDAxVnRmNEI1a1BBa2NlNHMKPfeNrt/zRWrNgwh7T5N4SIzZEfn9XwMq\nIDKS21Y6E8cQCwjlJbYOLNk5wvn+B1053YF+MVu4D0g8DxnpXWk9eQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHNUNlRS9Gdy9nb0lkOXlp\nZnNFMXdEQlZTNUhZN2VIMU5ER0xmVERtTEc4ClNkdGF5Z2dmUjJtU0MzaUloREp3\nangwRVg1U3dPRDVtZ05jMXBxNDVHb0kKLS0tIHZnRFNrb29pT3hyc2NrWmZ0bVIy\nclU4WG9hNWVaVlVHUTFOajlrNzRrUUEKxWJkz0U7D4TE/cfKjEmh60mWlIGllfPN\nNmtXc0JsTSztqS6NFtAdqhBi9ATeb6qpdu3wNP4OEbHe9uVFP7nUFg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBK1BHWXh0\nQXdIVWV2djRua0dNQmJjNVdkNlgzRWVoMVZBV2I5RGZJakZBYwpLV0Y5Wkp1R1BP\nKzBsTisvc0ZRWHg5TTJPazhnUkVzTDBxSG5FOHo0ZTlzCi0tLSBUbUdkeVNQN2Fw\nb3Nwc2xoa0pGYzEyMEFJRWtDZ09jRmpCSnQ3VVltb3RvCu39Z3AzMxM4Eq3kSm7x\nH7tbm6Qbx22vzguLIOhltjqkRqChknMhwMlwzV5IHVWghtIp55xloW1HvuAzCEq/\nVBU=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-10T20:20:53Z", diff --git a/vars/per-machine/crocus/wireguard-keys-wireguard/privatekey/secret b/vars/per-machine/crocus/wireguard-keys-wireguard/privatekey/secret index d7b8c57..3f4fae0 100644 --- a/vars/per-machine/crocus/wireguard-keys-wireguard/privatekey/secret +++ b/vars/per-machine/crocus/wireguard-keys-wireguard/privatekey/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:9b2ag6EGvzC6t2cyXizkfrJKObu9JOUUUU9gytBHnxZJ0msP+3smDvWYz6o9,iv:HMNem8T09zQfa7Jyg6eLjCpIIYaRbPjqXtquUH4K9wk=,tag:Mp6cmcPm+/IgeuXmgdFy9A==,type:str]", "sops": { "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvY1BkUm16UkE2eDhuSzdF\neXIrOXhhdWUxaE01Zk5LclpnazBuTEJQMlJ3CmZSM3ZWUVdOUWFCQTdyc3p5L0hn\nS3g4ZUlFdTFVTzUrZTJhaVF6bmdQdUkKLS0tIHRHaE5vUDJrQ0RPaC94STB4ZDl5\nb0NzYTNGZXFyZGI3V09vQi9SNXFNdzQKxWe1zDaRVvpcejQEB1tEFsc3zwfzCIXx\n+EQm9t9fjlU7rwpB2X1dpWyx6OZKRzK4ErvUhXgDWWBGp5Jz8DoXeQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBamVnOTdz\nR1VzUE8zbU5nNmNaNkMxbk1td3UvcFYrQjIwdHhXdElrTjBmNwpBTFN1ajNtWHFy\nLzEweFl6ZEFnVCtJTlZqaW5CbUlJZHNpZS9HVWVpZFUwCi0tLSBOUTZnTWhlWGov\nSjNhUFpUYlREUDhWVFIxa1RFdXh0dFFocFEvS0tEUGpnCh/oAyQ6ciEbB9L6MAfK\nUk2wacon3Aq3IDBy6XjGuNutWCSlp/yKNYwvBl21aNM5llUy9vDJfeNpFzW8b/xG\npTw=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBemY3K2c0\nM3ZYZHBQd2xPMXQ2Syt6RWxUaWloSmxna2FFVzFzZENtL2hhNwpkdkF1aHBWblVa\ndE1TOHJ3Ulk2TEJwZHNWSEcxRTV3bjlqMjVXVVo3TFE4Ci0tLSB4UXZnK0x2VlY2\nL0ZrVnFaMlVVa21lY1g2UVFiRkVFOTVJbHA3QzFVS2VvCpvONFyHigqWBYgx0YPs\nLCYroDHxwcbnRMVhO2LEj+eLwknJBvBLlZviN19pGjIpvuFFXt8Pu26OsWtAbCLZ\nvnw=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkZ2Zyem5weXdwd3F1UU5P\nM2NxdVlPWW5vUitPeHlOVitIRzgxZ3RYdEFBClIyWHBZblB1azVyMW5wdW42MXpy\nT0FkUTZWOUxwbjFMZE04SVEzVURZTmcKLS0tIElXLzI3U2Q5R3Q4dUVBdFhJbW1M\nTDFFQWdONXF2bmVCV1dCd2NuZmxPYlEKzoxEXCidV34D/bu8UGwAPIjNYAeVD1Xt\nIZAGdSZKzcX953M4htIADzUGjLPPIG3clIENVGc5cWn4HvEhgQgHiA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxSVh3bTRLaXl4bmFobWQ0\ndmgvT0Y1UzdkUmlCaVF5aWlPUnYyRXRTdmxnCldhNVlpTGZJSHBRVk9sU2l0VjRT\nWjFicWRmUXQ0TDA1dEF5b2hxdnJmU2cKLS0tIEY0OGh5Mk5jdzlpcFdkQVF5bDN4\nakFEUXpXQmVCT09wR1didGJMaGwrUWsKqOCiookFanh8GRtWjR42orvkk7HEVlwX\npdiVVb4KOvZXUmZxUTNnOlPkYE4k/kfZsM+B/Rl1QHG6kBtCwIknjw==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5NkpYTVhOdGJXbjlodUF5\nZXI1eUZRZWt2dUZ6aTU4alZkKzgwK0VadFZZCndOek5GczM4ZVNzYVBVczl4KzFy\nd1dzU2IybGFOVVpEUCs3YTQ2Qyt4RVEKLS0tIE44bzlob1FTSGVqWmRxbURYM3pm\ndGoxQVNoZ2JyV0dJdGxQL0U3bXljWGMKQgqQI7x2vqgo/Gp7BrLhJtRjudvWO8Aj\nFssSfXk0a3Cft4SRj0Ov6jF62igRkLJ2ij/MNaCihUzecxe977cIYQ==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBZ3M4dkQw\naThMbGVveHVaV0lNT3dPUjN2SWtXaVZ1NGEvR2ZKN0dncTJMNQpxMkpXM1lJNzVw\nRytxTEJwYVhjSTFYZ2NDTUZtQmJNeDFCQXN0QkRKa2t3Ci0tLSBJNnM0WDRyWjFv\nZDU3clZPcWJERHNuR1NlNU9wVktnNHUvbmF0UDhoMjljCmZR0QtAvt98ZZHZnrOO\nvwQQXpuItsMGoWWT3URwjENfQkU6VVgWJ1GfaNXXr8tst45PGqy4jmdrNoFREhfy\nA8c=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-11-21T16:53:25Z", diff --git a/vars/per-machine/crocus/zerotier/zerotier-identity-secret/secret b/vars/per-machine/crocus/zerotier/zerotier-identity-secret/secret index a639094..0f982cd 100644 --- a/vars/per-machine/crocus/zerotier/zerotier-identity-secret/secret +++ b/vars/per-machine/crocus/zerotier/zerotier-identity-secret/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:0r5hcLv6UPv6wQYR3cVut7b+k8LyAg/ZxoluNBiRsNgQRzYD9yv5yHLGsB8i67aQ7tcATidERmwgp1J3j3rUULlo3AvV+IS1NR7feGbGZ21hXgSC/5r/6PF2TXgKxL/RbXOLcQ8NG9PUJ/sfDH/OViVXE6hnt/acIwqBPHfTMrP/8vbztB+/twjJcLCCCNkjkq0K6ZJwmhR06Jqyz/C8OcnWqf8xsTbiOnKSfYn2PCKPDY9rOxV9FVFgE4IF4nzH+6zn6VYswaC9v56t4L3odtxQN3zM0BwdKX81efp/mlXBuH1ZLBcSeuw2k2dCd4hotqa7SIHTAQbuscnuhZQsjMHCgvHfaqYFJaWp1g8/,iv:m9cQViCPGqhofWE33to9VPRkb3GxJdL0x90GLp0BQw0=,tag:CV+frPx0KAzIRyDBjs/Gcw==,type:str]", "sops": { "age": [ + { + "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1NXlNbFB4bWdrdDZsS0lB\nTUc2MFRnWStvRW93UXRkcWxZZ3dPMXRleW1rCmdRUXhtazQ5b014dFJhK3NhSDJq\nTk1LVzNyOGo1RlZFMjhvVFJ6UnRadDgKLS0tIHZzOW42T1dmR3Z0R09CZFRQcXgw\nWG80MXJweDUrTHdDY085RW1TQXNSSkUK6LkvPYRfBiFJLrq+UXOkIxxRBinyIVA4\nOv+9F6+qTAsVF36zNLaSC+y1lSGH1QfLGrIqKWdHwPqeRzJ0fmnWEw==\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBd1MzaVVr\nUUMvM25vYnpmS2lYSlg4QWpyWHEzTGdSRnozY2JPOWJMcjZJWgo0OVdpZDhjdzdV\nQVVuME5rV3dTUm1qd21rbWJHcmlZa0VpTmRhWU1ic1RrCi0tLSAxcDRrRDBIbkpx\nUTY3R0JLOTc2NlFEeUdpdFlKblJyT1VDb241bytPQWZZCmQ04XyTh402v6NNM8lk\niKX2RgFU1lrIkS45qbbCLJG0DG2ljgCCZJPVpheyvuHhxevafcMm2wyp8Bz0yp7z\nyNs=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbXhUV2xs\nL3VNaUNlZmUwNmhZYjNhWGZYbGZ3RkJjdTJpVnFHNjZrd2pzcQppVTBwZ0hOa0l5\nTSs0ajIyTUxZblRWV1FTd0orcFJ3VG1VM0tDaVlIN1pvCi0tLSBqZys2b25VS3pS\nVDZXd2UrcDZDZDBBbTRSUjlQS0RCaXk3WEt4UVlqanZrCtiDuhJzNM8PEvEbknz8\n6BynCKPUVu5U/8b47w+kpMPLX90hzhLesvcMjsHRc8k9lTOdDPeP9v6nI/M1jtm7\n0Gk=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOTXQySmQvNmo5b3ZOUk5P\nSGZBangwWndQVWpCRGd1YzNMaURDRUZJWFM4CmFSbVB6WVBtcGJBV1BZZ3gyWklq\nSmhwT0JPTG1tanhVQkRkSytoZWhSUzAKLS0tIHRJaC8vUU56MWZrS2tWTzRoblQr\nYm15c0EvNWJzRVlsQXR2MTI3N3FsZ0kKEjhSOiZw7DHikFnNYQCcoL/IP1SWr77e\nN/y0XWSJ6DWI73ECc8Ua1igfOLts99kbCl/tZhHFRi+Fq1nhkcqBYw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnMjJBUktGZkxqSytKMFBw\nbTFpTkZ2aGVhNG5PT2t4SkhMQ0tzUUlqQlU4Cmlla0lQNkpJWFJIb3JYWFVxQVE0\nNVNjQlllb0Vra2lKQXBxaU5BR055eTgKLS0tIFNqR1pSa3oyVDdvMzlJUnE3QS9O\ndFozQUtZeXI2blpmUEJRRlJkNjNlQTgKuXcMlm5EuJCjsoeUPTBZRPdKzvBLba0q\nJoaBjrX6qKjmMs9WgbEnoL7nz7i7DXOJTPTUULbhfKHM17MIkK4ZOg==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcVFKWlBPbkQwa3JpcllW\nOFhVMTJOc09tY0c1Sm96RWhGSVJ6WHhnd25ZCmt3NUJiZ2xaWFlnbVdKK2pFT3Ni\nK0ZEMmtPeGxxdHFnbVlDVnZoUXRmWWcKLS0tIEhSbXAvd0w2VFJDSXJ0d0NodENK\nZlkzcnFBcVVLYkp6d2E1STBEVG9Lc3cKp0jB6z0dK/RECtwSM5Rv8FRr+ltMu9yg\nyomovUqBFQQHoKIMxCTFN9UjYszpO7yN/DdYz2Jn7uZhXAHMyDVY0g==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBcnlRLzJo\nVkhaT1AvUWYyc2IyRTFyakdJZVMwWjlGbllQL3A0ZVhvQVBWQQp0eGhiZy9ZbktS\nSHlvVVFJVVg2NnFYZEFDcjc5VWlYckhxRmdLSmVyMWVzCi0tLSBpSkZLNjh1RWcw\nai9LOGRyc2JjQjEybVIwT0RmdW1zNGFLZXBHZVNWMk5VCgfiwtplC9rd1LhEBjEy\nzeyzxShIuKIQ2IdgDMnfmFEmyMSJh9LsqE62nbzxCXC6QIaIYLIczKggz4aiCVK9\nihs=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-10T12:16:13Z", diff --git a/vars/per-machine/genepi/borgbackup/borgbackup.repokey/secret b/vars/per-machine/genepi/borgbackup/borgbackup.repokey/secret index 2c4d03f..eb7e72b 100644 --- a/vars/per-machine/genepi/borgbackup/borgbackup.repokey/secret +++ b/vars/per-machine/genepi/borgbackup/borgbackup.repokey/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:+kmdXeUAl564epS51h+WOBdLH400QQaZT0W6xbPmgP+Uhg==,iv:6/Ed7crpgGQn/GWJ8YQRVYr6O34OnQKM5+Aj9Dh2nk4=,tag:oSRdC8Vidnb1zz9PQwANtQ==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBNkVsV2hP\nVDNiWFloMWVLMTNLR2hURTl5cGF4Tk8zMzhuSmx1NHdMSDFQbwo2SnFBQStTU0pK\ndkVtUGk5RGRvaEFTSWVLQXA1UXNxUzVSbDZ0OEZOZVpvCi0tLSB1b292aUZlaDBx\nYVYvZCs3WS9oWmt0N0tZSWNnd1EwTXlNeDRQTGlnQW40Chia0ihnLnSTMyIfijLt\nqbEsQ4nhoB37vAZN1goV5YSmp0RubZoLJLcGTQVWqdmhJ7FE3KjRcf1wDq3irDqa\ndZw=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBK2ZJeE1u\ncVBobTM3Um5NMmRSbTNad011SjFDeWNENkpMbjJDaFI1QTQreQpCN3dXSEE2QTZK\nOXFCd3FoSkRtM0NVUWozNmxXVjNiRXRSeitFelVsWXpjCi0tLSBTVTlROXZUQlQw\nZTVSbFgzRzJjMjQxbkkzZTFpY283Rjd2Vkc2RHRXN2RnCpQUDrGZWTHyblRrVL80\neOGoJ9tPzDgkslVs4C+3d2l3EYsFy3s6RZAP2PvrDOmBNY8LZ8HS1PSET9Cwyzpw\nhUs=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBMjBxeGt5\nOFFnMzlsaEh3WFlyMnFrQk16MjRJNk9RWkNWemdDSWdXSjVXSwp1aHkrSDBUZHE3\ncDIrd2JjVEV3cy90RUFXMXJNQWpwMXh0aG1lNUZnSWI4Ci0tLSB1Y2krK0VmNkFS\nZEdiOG5PNHF4UzFTZ1ZuT3krQUoyMS9XMFNJTE1MeW1JCgR4TqauuGY6LRimxyTb\nNN6ifGjJftAE44bAhHMg9fvO3dMt9Ql0SPZaetkaPeuVCjJ59yJQW7AFS4IPYD0W\nTug=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwSVZHZ0Z5SU8ydVE0QmZi\naGQ4MktuTFNYSEd6UlE0Q2RSWnBKMVg5ZEVrCnQ4V3pDNnByWHEzTjJXaEVHSnRL\nWGNWY2ZpUXlMMzZDaVUwMjZZWjRGNFEKLS0tIGxjL1RoakpuanpkV1FNRHdZVjZt\nNVNVOXFKeHhiM2JLMktwYmlFN0xaWEUKtKJRmsCzt5nry0xBXSnf0uvKMbme+pj1\nbUrEK7t7pdapqQ5feezbrffOJf8xnVQPsb1PrEd6ukxrvJdj5UYQ7g==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArZlJ2dHJveWdmYUJpS1JK\nNEx4b2UycTV1VGNoRXR3ZkZMZWQ1aU81OUYwCm9UcG4xMVdabThCbHNPT2xyWm5x\naXEvV3dZWkoxbExvL25VUzdTUGlpQ2sKLS0tIE5ZcG5MSFNVemtIZk9ZUVNPNUM5\nOGlJaGNnQ2RVeUZmcVdySGRvRmhaY1EKRl29NkOdifFk5ZHNGL2WS/TjsQ7x4dKa\ncwyWwWb+2n5gyAwKPeV6oxQBVuebqvUAWeNLh7NBgqN8spXSqVr1rg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZFliL2grN2xPNG8wRVk2\nU2NwaEhHaWpDL0ZTdmdHc0Zmb2ZacFZ0QWpnCmdkaFlTSDRheW1TTmFpVmJRTzI2\nTEZxbGowRkxhK1FSZFovTThQWVZMK28KLS0tIElrak5FZnd5cUxub1VJdUZIVW5N\nemlsT3ZobmlYRlF1SmVSd0VHUlYyUnMKq4DX4gdA850cEYHywtgK4RNCCCfy1247\nGlPTJvFPndQPUUUkqez2G+73QL82DPS6AF+oudJvys5NLgcOIbJDIw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQWHRVN0JSY3lobnQrUFFq\nOE9KamVXWkhhZ0s3S3pnK1RkZ1dWa2hhTmljCkxJZVVnQjhGV1pNS3l1Vzd2TmNH\ndHpNKzN5NStUN0lSY3hJcFBSa0VUekEKLS0tIGFHbDFnQTN1L2JOd3YwZmw1QXEw\ncEw4NlBsRHFkS2hpSEF3VitCU0VHK0kKBl8wvRWi/pEcnF7UomWkrxOc92iPcdm8\nfg35vdLclvbMf5vDJUfmoarxTruFY6+Gnns3B7Ai8ulFZGjFoYBjhg==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-15T13:43:54Z", diff --git a/vars/per-machine/genepi/borgbackup/borgbackup.ssh/secret b/vars/per-machine/genepi/borgbackup/borgbackup.ssh/secret index 70ef60f..654bcdb 100644 --- a/vars/per-machine/genepi/borgbackup/borgbackup.ssh/secret +++ b/vars/per-machine/genepi/borgbackup/borgbackup.ssh/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:QaAMlbqLAQW3kmR77OPjr9jhKBpyHXhz/gFSmVckOyxPYX/I3SQYtyrv85GhvXn9VJFszZmL6JeK766dq+kEQLl/ItLUTA0sYCDweDpAYS3Et1jrjs6+IlHJUmK+2RhPRkDJzTyWDm2oVpAUQz5ND/rn5NfZCjT4fQXOk79/AWIQlNFm/PfGill1nLwP4iyU4YDLHPS0fuZMNvIjWUMLmO3VJYWDfa3ReGYIgTrjDW5/KGS4AEtET0zMfwrpJMo2J+gtqjCl4gfqoqZAb0J24fcGgu9vVuOUi+6nHKe5UG8AJcS91sEV2Qfk4nmF7FwC78xsNN/xIWzNgS61tIJ3Jf/qx+mscoViyJmYuT12G5MEYVUFqY4Enc4HKi9lvxoILS3+dopjLLhVNbtizZc2VuXY25KLZwIVwrUufCtTZRGuvCwlDJ83bRahFrsUwAhUgf9gEPG3mXUL/pJneew6n/obMZGeojxRVG9z4HLfyUPdB9Lh9a2WF8WoGkifyQZ3Tf/nX1SUeQT5n26oJ7U9,iv:eFrj/LbqJUxE5BhXj/KKYxPKLyV5dVwaW5JbYua6Ywg=,tag:+tScAnixpIxbtrRBUvuPTw==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBK2ZnejVp\nY0l1dHFuZHU0ay9uaFBXSTVlaHkzWVN3eGx1Nkd3OU1RVHE0OQpKek5pc0JhMUt6\nVjBRaXNZZ3NVQkZ0czhOQ1JhdlpoUFlFKzBZS3NseDhBCi0tLSB2OTg2MUdKRXFZ\nS202TlREdVhRWEM3NTF4UEdCeXpjbGhZZlM1V0lsbWg4CoqUV2oAUfSNBMl7SaGu\nPQxxTCal5cgi0Iig7WfqC6862yW59TU6SY6AmiuayaeDd7FkxjUuOEz5btXFNJea\naeM=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBZ21qeDE5\nSXRjd0FaY3NjcHkvNm5wa2dGVGlxWTR4b3lQVVZtTU9DUXJNSwpaZ1dOUUFNb1Y3\nRlBsNlRZcUZ6cUl6Wk5wWGFpeTdxYi94eG5ZUTlQS2pFCi0tLSBabDMxeFdjMVpH\neXMxTk5vT2RjSGFTY1Y3TFVaTzk2NUVXd3NGeGcyQVVvCrgb/0l7/6rgzSQ1vINg\nHB+8Su2du2JOvU+aRZSnPwBxCeGzckIkCz2gzFQrdWB37/Klwbz3cBmr/Pq0WcqT\nuIE=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbitSWklP\nTFdRc0daNmdzUE9iRjloRTBaL1REakFtclpRS3VBWFBNZXJnNwpkTHd3d0JmRWhP\nZkhNWVdVaVRtVC9ibU9MdTRTc210RkM2NlhuWjVLMkFFCi0tLSBFY25OanZhVTFo\ndkttVEhCWDRFNFZXSlEvYWJFUUxWemQzbytiWGRldkJVCg8fbhQb0BWSbii7tVtp\nXBoLGXdEJc/e31xaEm1DKLJq4Y79U930NaZjNR7ho/TZSYNbL4MgKiHC0+fRiUlC\nlq4=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvYWJGSW8xS0picDd1aHpQ\nWm9udUJXS0I3dEI2UEdvb2I5RnROR283UUQ0CjR1bHJFQVdpQ3h4SElFZ25YQzIx\nMktNWlgzRW4wRXVYakkzczNVWUJ5c2MKLS0tIEFEUms0WURxRHY3YlhKS3UzbmE3\nUlFoUlVObG9ySEpodXRVQ05HMTBUeTQKvFP3Hau99+NXdus+vOZzYXYzluy3B5IK\n2CdnGe1BkB7OyLplPE7QeLm7n6nfI2G8Z5Rdnk11sgFhI5rBYJUzhA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0eDBEaEE3WXBqeTVSVi8v\nYW02Uy8rRjJaWGxORWtEWkJOUy9NaUlkc3k0CjMrVlcwWjNDMjFoWXgramZZcnRu\nM25ZektQaU5ZQzdXeVQvek0rR0VFNEUKLS0tIHBEM0lQYXNQZ01mZkszNkl0amhM\nYjc0SXR4TG9uZ1Nzek5zUXlYZTZNNk0Kob3L1tVy8EW8urt6h2Ah0dOtfqs8f1vV\nBuOg1+V/NWX14YRrJFXuI3MAP3CNkgBc0NNNZRsB30u3c12DM8aZpQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsOXdVeXBDY0hPR01aZ2pD\nNzBKbVgzVGpNcHBYYiszTjFYQVkxTEY3RTN3Ci83ZDVnbFh0UWNjWXBoWnhUR3Fz\nNXkzbmpBaUlHTml4UFZoOTdtNjMxTFEKLS0tIHJ6TEtqZEQrc1B2T1VHODhiSVJT\nRjVqV3plWHhzbzNDbWRDVXZXVEQ2S28KHRXr02BkaffiiIQQhtDwsaC4sFqOlPLc\ndeL8tcGjAHWdrKjOB9SzeXf1L2+dHWvEoPuOGNIawMr9l+Dq7YdJlQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEVG9TSjlQZnFrNFFJSlRB\nVnFZbDlPSkRkU2tkYmN0dnhtYjFQYlcvUmxvCmtLNTJZbEliTU9Kb2RzQnZ2OGs4\neUxlZlNLb1dwV2tZL3dYRDlvZXlhSnMKLS0tIEI4L2NsU1FXS2t2Y0ZQaHF5L2da\naXVxSnd4Rm13Kzg1UFBRQ25Lb2J6TFUKKX4VKjIPL4v5AopIDbIFVFWGgEo7xiH1\nYKFioWEXetcSD41mUQ8xKyokBAhqmbvrVN1B2HzcH7T+sQJzeaP49Q==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-15T13:43:55Z", diff --git a/vars/per-machine/genepi/freshrss/freshrss-password/secret b/vars/per-machine/genepi/freshrss/freshrss-password/secret index 9f2f2b3..717fd48 100644 --- a/vars/per-machine/genepi/freshrss/freshrss-password/secret +++ b/vars/per-machine/genepi/freshrss/freshrss-password/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:onsK2gKcLjQq9o6af4+MOHSLrsbtAnRfOA==,iv:d8Ux7K8x9axBL5a7EljVyDuAXgmRRSKpzD/cPU4si9g=,tag:W9YgQ4843uhfS+h+qKry6g==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBcEo1djg3\nVE11ZDZ4T1RzaWhKTGsvaXBJSEE0ZVB1MmlkY2FDaXdjNUlzSApsTjNKOW1nQWRn\neTNvTEZoRUpvZlc5NjVLTXVPSDdnZmxPTFh3QW4rOG5BCi0tLSBxUmpkN3NGTEZC\ndStTTU9DVmxKWmVCazNIUHIxUlZvYlZXbzJwOVFoa2ZVCl9cxR6AlmRRFtFDtNwu\naNLTAqZjFUEVQaSCPQgfUHbMhHFJ5QGM2ySWoxGkwThGHUrFzin6hNDEHF3CuzvX\n6GY=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbkR4R3hq\neXZzaUdSK0lLR1c5SzAvVG5NTWJyMzk3WGgyM1haUWdoU0RCNQpyclVDKzhzV2Nm\nMit1R2FLaCtUbi9TNFl2S2pEOTc2RlNBUEpDOVF0NEZZCi0tLSBDUitGYlpHdEZ4\nb0VnM0ZUMFltUkdTMEJna0VKME9PdElnWkIzVnNxT1VBChknMLUosGiMwWHr86dz\nVx1NdhHvcO7z5oEJlNjasoLg7pt/ZbIL5fCFB4N8L8S/73PJ39BBzbG5w6tsFcGu\nq1U=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBNWFuY3FI\nTE9FM1p6Zyt1b3ZaR29Uc3dQdVJlWHlFbldkNytlUUMxREdQKwphY0JVVDVxTzly\nUDRFY3hzeXRBNlE5NW1pWjkyRDN0SkwvazBuVDZ0eWc4Ci0tLSB1K3RIVzgwUzkr\nczVpTGZheHN3UXk0c1hvcTVFZTd3cS9nU2Z3QllxSWhFCr5HcEf35VN8NTRp5b7L\n+674JlDthUMKT/7gaQ98f9aV1CBAiqjym4DfFMZtRpWrzU7NHc4sPwn/EjsC9bAn\nmzQ=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDTm9idGpBL1c5Tlo2a1VM\nM0Y4RGpoTUJyVmFMMUsxN2ZQeVJBMDVPazFjCnUyckQ4YU9wWlFUTFdjYkhnMGZk\nTEhSVjZMT1BtdjY5RDMvWVN6Q3ZrWWsKLS0tIHByRGJiRitzeEEvZjhGZFBLSmdp\nVzY2RGxnT1FZclROQnJzSjVwVVZBa0UKrXTwpOOAyX3PYgHU736H6p+NFR+PdS2J\nVnT0oTQMhlqolDORBZ7sq5EGQIus/X2lD5mWAWXcEDeOPEk9C54tDA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBd2pIVmtHVFBJek4rOVhR\nVkpTVjJ2TjM0RmJHS0xCWUxUL3pRNy9jVWxvClUvZ0JzcjF6aUxQSEVWSmwyaVNk\nenBpblEyS2xSc0pic0Q1OGpINmRDcncKLS0tIDVaSk5LOVhZYXZRd0U1bTFOL3BT\nS0VWZjh6MlZBejNFcGp5ekVTRm5BUjgKCPFWPtgLCg4jYo6lMnfyfnVwzzaSW8ur\n6+4gKUcXCUNXjUO5He1SJ5iKGZ/QW8RwQnQr3oC16gqRanMR6U+lkw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEOGxRa3F4aENZR2F2clYy\nVmdQQlN3UFZ3Y1hZOWhrRnppWG9id0ovdGh3CmEyRzQ5R1VRRmRGcmRPS1FQcjJB\nemwzQUlKQXBKRU00MU9ybVd5ZzlkN1UKLS0tIGkwSE5veURyT3hDOG9GMjlSQUNx\nTlA4dDdlNHZtR2pqQS8vQ1hqM2pNNjQKBobb33lWK/imFmsaswcI2+I4xvy0Ul1x\nc4JY1Pkb8XoVeGWe3HYT8kaYv7kO5UvagYVH/ZWlIfZvDX7PhvrtgQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFT1ROa24rdno5OExiWW9E\nbzAxUm15S2dsQS83TE5FdWdkVU43d0trTEFrCmluOFpObWFScEVuUXJYSlUrL09m\naDFGQ2hLSFZidHRkd3lJSFdOWWwzVFkKLS0tIHREaTl1UXFYR0NSempMSUFGYzh0\nRzJ0b1lrWkhsdjZnVnBJZmdCcTFNSjQKOnhp0DvgcoKBu2y9dRfk40JNqFX+D8hg\nJZQ64wwiNZ3fvfRSKOY/TKdlqsHxxYnW343xkLy9aRJRyr9bGNrepw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-06-26T21:37:15Z", diff --git a/vars/per-machine/genepi/gandi/gandi-env/secret b/vars/per-machine/genepi/gandi/gandi-env/secret index ff06969..edae2ac 100644 --- a/vars/per-machine/genepi/gandi/gandi-env/secret +++ b/vars/per-machine/genepi/gandi/gandi-env/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:/rRF/mvM/FGW7evaY0C+HpGnb7yho2UobKzVIAkGu7PFQjzu4iw4oYniSIgSTB+Yf6V+rNKsRSANJer8gVhmh7CVfUw5JQ==,iv:B2Rrde1/rBnFowFk7KY1bppnOl/q1ZMgDNNXLJ6xjlU=,tag:yN3dL3RXy7z15KaWVqlepQ==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBbVJaNzNl\nU2d3aU51YjlpczA0Vm9ncCtYQXRlekhrWEFsSFJMRXZhQkZVYgowdC9USTFibStp\nTGhsOU0zdnlTTk9rNUxnaWdHb3FWQkhydVhnYmZEUE9ZCi0tLSA1LzFUbTV5Tk5X\nSU8vWVpaWWVFVk5hc1R1Vzd5eUtsc29tRkRCa2lyMXI0Co6z3VepScVVjuf83DgQ\nvi334xaSGpFjoqdNk1wtIbinX5DV9XRPTzD823vzcwE8ruPmeVpRXkgDhMwLnZXe\nveE=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBMWt1Mmx1\nSm1YVkpTN2M3QkltZ2FhbUc0MDNKaFNNZFVtWFRad3RoMVVpQwo4ZTE2RGFYWWFN\nR0VsejJjbldveXNSeEM4ZVpGRHJoMFh6bS81T0czdUFBCi0tLSBlWHFUcThLVFFG\nTkZYelZpRGQyWmRINGVQOHdwRUIzOUlWMHdFbWFDZXM0CjqEpSgklyR0FomAJQbW\ngOph3iEAuVWE6RWuyd2Tz3+PuFqn3PxaAxp6MWrNXNNwY5SubjGfziA0t3elV8zL\n0/A=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBdGJNUmtv\nR004VUNGb1hRZkxFVzVXQ2JIUlJ6TjFzOXRLalh0M3lYalErdwpoN3VKU0N2NllT\nczVjSEhsVkVoNHEwcGQ5VlJHSW8ra25lYlJxVi9mSWVVCi0tLSBmUE55Y2RSNm12\ncml3a24xTlVQa0Y5SnhreWFjd3pSSEJYR01TWEFLWUNvCrGCYNpo88gpVnA+4pAl\nlVe5xlvm9jahtO4KGkSJBMO8cwRwzzJvTSIc4g1Fup5TsBNzDK1TpbvK/f1oahc7\nfZM=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQeE55UTE3MTI0Tm9zVjZj\nblZDVUcwTzI5NEF5YUJoWWtJeVlGNFN5YjAwCkZKNUEyNERESHhhT1ZWQzVZdFhR\nQm5nWGlsRzgxdktDS0swbGVOUCtHV0UKLS0tIHI1NEJmRFltUjVHb2lRWTFISmdj\nZG04d1hEeE8rOUxLNyttaFp0NitpYUkKCp/x18igzU+XllW3M9lG6E7fWrbaoITS\nBoA869o1WGCXPJxBZp3HGY0IBSxDwxJ7Euekyx0JW2ODuiEjDLO3ew==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3VHhXeGpnbUc2ZjlLWjhl\neFNTTUZUZ0cxcys5dHh6TjgrUDZycUh3akZzCmFkQ3pMeldrYWorTDQ3UVkxbFFT\nRGwzM1hiWjFMUDh0bFFKN3MvVkg5SGsKLS0tIDVZQkNTVTFqRkNoV1dBMitLWE9r\nQjBmMGlrV1lxTzl1dkJ3YVJGVmE0V00KEaTRu6ocD4Vqnet6+UkvMUIM1wMF0oGh\nhspAFCPExJJclFFxYgcWv4eRTsDO6PdAHnYaz+/l/O9epLA/epHnvQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1NjBldTJmR2s0RGxYYUFJ\ndXFJZ3hWeXB6Z2V0UHNOcHl0NGtFaUVZRXljCm02eldZdXdWcjhINWlrVWFSUERr\nMUFacDFZRm5lbGVmc2tiZVdqdkVobTgKLS0tIGxwSk9EdVp1V0YvSFVGUGNTL3FY\nZTVLZXd2Uk13aEhJQUd3MVMyTTB2MHMKr241FqHj2I48QOfOx38kxjI4qcWGvHaz\nT2X2GZ3A5J96PZH9CaWkO/ezZSXWd77Svl39t11kSruGm1tFQozQcw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5dWg1MGl3Z1ArL1RNTDZs\nS09mZEJjdWR1WU8rSS9YdmpCT2ZLQU1hcFFNClZRelkyWFVrMmZuRzc3MjF6TkJP\nellaMzgzTXJCcXJxS3Y0OHdwNEhadEEKLS0tIFBuRzV0WHR2WGt1c0hDTzhRd1dl\nd1lUMnZYaHYzN2t5cHN2S3ZQS1VQbm8KKITvkz74RYiwE1LtD/R8l6DIxsBl37Al\nCsfOALY727kG7RgcE62shU43GYo6zsvnVJaZ52gvRT8oK11D8/EoKw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-29T11:45:14Z", diff --git a/vars/per-machine/genepi/gandi/gandi-token/secret b/vars/per-machine/genepi/gandi/gandi-token/secret index 84b2e35..637b09e 100644 --- a/vars/per-machine/genepi/gandi/gandi-token/secret +++ b/vars/per-machine/genepi/gandi/gandi-token/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:PW0hHJALRXaoXPSeqnxPzwepz/u+J4QJKd388CdrLJ3TUzm7IKqstA==,iv:VF/0ZudBmzdZX/VWd/L5ic86LQlOfSUgBmwckvw9G/g=,tag:FXFU3FlewhRbZei28vP4Jg==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBdytKNDFU\nWkxTZ1VIQWs5L3FPVEx5WUJyWFZDaWN3RFIzUGN6Q1A4cmdROAo3TWZ3RU1WVXlS\nK1RoSHhsdU5STjhVWUovZktQOFFtUlJjdGR1WXdFd1MwCi0tLSBhVGhoY0kybWhu\nYW95dHFUOWtjelg5c2Q1cWpXM3I3dkxsMmFwQXdPZy84CgmAR4Ifa8IuUsEflLu8\nZKgFMWDo4akFoPHeWJ7m7TGl1br3SikeL36GBMYNymyCmEQJSZBsXbDrGItj+Uve\nM8Q=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBeWg0aC9H\nSllhbFRDdUxCTmNVcHk4VnFtWGNlQi9WemJldUFneFovOWFhWgpOeFFzU2lOemo5\nYVpMVFVhWmVXbjMzSEI4TXNpVmR3bkVwLzdZSFZaT3hnCi0tLSA2Rnh3aW1qVGNt\nR3FqcGp0RFF2ODVkSFFnTllSNTI0MXVIRDVJUk9TZExvCkxI8Uxhr7HGUcYMYNzJ\n9/pDPwJGnTenBtCstdfkl8LvcQ3I1Mt4YqEohsgGJbHaTiTMkrFyh3XC/ctCgxvp\nExQ=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBeHZsbmNV\nbDRBdENUcXAwZjd1Vi9KN0lTNzIvMTBkSzgwazdYMHZMTnhyagpXRDJmWHhRY3VQ\nd2JBY2xGRm0xM1NneUNnMHhkdzFxeHkzd2cvQS9sUFdzCi0tLSBZcEZuT2QzNHBQ\nK29LZVN2UHdNRzUrRU51Y1c0cnhaS3dkeDk0bERrdDVZCqm9AhmUZJytrcIl+6rP\nsXwqFfgEQRwy/WUtWAFxqjnF38YjGomqbyMC1E/vwGDyug82uYdu0VCYK0uOBg4r\nOkw=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzcmx6a0J0dnlEZjYvTnVU\nY2NzSGVLVk0vSXFpSHlyUEFFU1RoUEFxK1RVCkhZZGE3WCt1Z011MGh0T3I3aGMw\nZ01ac2EzMnlvNldFdFN6S1hkVThPa28KLS0tIGFmczIzRDlMaEtDd1FhaUhmVDNu\nb29KRjFQdGE5cGRTOEZIZVhnQ3lKVVkKmbarcTpjeSASBF8dI4OoFmM0cHeHUeb6\nqr1/zLbTSkU81bt/g9jWGNhpsMX9OG8RpZOeddEael9jlhVmGgmXZw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3WnFUSTVVZjhvRk1NaUJI\nZWhwRTgzZWFGR2JXdDNNS2pPTEF4WkdkYUM4Cm1lWUFCdm9CcGxyQTRuaSs5eWZB\nNXNBRlNqZ2l5UWNuNS9ISnZ2MmJvWmMKLS0tIDdwdzk3R0FkSm9jSEcxbWlsdEow\nN0p1a0xIbWowemlvb3dTUmZmWEowM3MKNPkXMqvgCnWPIUhyPBhqq21EcNnQJDHo\nCUghB99hnhlJPcH3Kjhmq3d3Gj0HDgNrEiPbDVsfnaF/44uNbbCPUg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNjRQeXE2T053OVJhQ1hU\na0h0VTUxYndoWjk0QzdKVHBvTVdvWTR4am0wClpTZFpWTnNDVHBQVUttVldoUjRQ\nSDBGdzg4ck04UjFZOEJkOXlWVjN2YWcKLS0tIHVqM3VsQTYzZGxMakZlMGFVK01C\nL3FYQ0hjSDZZU0ptc1Awa0llWFBCRDQKRmCOScxhNdJDCE0VOiqLs+KOPpd2kwAj\n76HiESWdtSUiM4ikYz+DGWMWb2KERLPcuW1vkIp+akG1dt4hSC+jfQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFZkF3c1Rsb2J2ZHZZQi84\nRjlUU09kN1hNVUE0ODVLVE53bUJGK2FaTENNCkd0aUR4YXQ0ank0S24raXZMdDdN\nNmxobE5MRXdISFZTR3dFM2Uzd1p6enMKLS0tIDRFV3hhR3pBSzAwb0JUSWVMNGdj\nRkJPekxLcW5DanpmRmkrVnc2NmVIRncKB7OrdWNq72I//Tgxtw+6fQ/6nheg2t/k\ngYlEJiZUBl/RTCfSMD2N6NGF0jpd19iQbJh+kwZqM5W3JfNcfV0fpA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-06-26T21:22:22Z", diff --git a/vars/per-machine/genepi/garage/admin_token/secret b/vars/per-machine/genepi/garage/admin_token/secret index 6a570fc..1336ae9 100644 --- a/vars/per-machine/genepi/garage/admin_token/secret +++ b/vars/per-machine/genepi/garage/admin_token/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:QOgo0cEpMfRuOfXs0LKvCsn4nQiCu1QsFPCZ3q2DT8mHka9i/h2UPwEMRero,iv:kJvgRalM/j0NCKlETcc+1u26WNctK7dsKp9caw+LJBY=,tag:s0yYUV3U9agn76ZbuGbQFA==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBMmoxYk5X\nL2RON0tpUU5xTkU1cmFxQ1krOGRCeGhhZWd2amRSWlNMVTdYTwpWU3VibE1XUVZ5\nQUtDUXF0SWE1djhvMlpHanZITXNIYkhCUkdkWnBpenU0Ci0tLSBWNndlZ0NmNTdR\nQ25sTSt2L1FQL2Nkc0pqRlRuSmFIQlRMYlhZdmFDWkM0CorSl9wuw6Z/c4k5bNaA\n3n/JA49y2J3TAWwzt2qCPZrE0cIA5JuEqXQmbq/nXk9Aom0YU1dlkrrgEZLO1bQj\nvY4=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbEd1VGI5\nOEJtdzFRTG5mZExJVjlySzhPeFVNVEJmeEtNQnUxbHJpTmVtagpMYXYzSUJnK2ty\naWVWZUJwMEdRaUJxdjZrbW9ROHd1K004R2hyVnJ0bnNFCi0tLSBydjd5akVpTG5C\naWpsUk1TRWJnY2VTQ1NkYkluMExkVUZGOElnQ1ptMTlrCiy2EdfqTzj9fLXEuDQo\noefzkn7PfnLEjff17MZar2MzKhf6oNFMZ4jXFCFDSDgy3XI7vXT8/dvc1Ixtyss0\ntqY=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbUJmeXVK\nOVNQdWl2ZWxNMGNsTUJHN1JwelV3SWhJSDVaNms4b09yOGhCaQpPUGFNMHhPS1Nq\nODFUb05xTTZhbWs2anE4VFF2SmU5U0VjeW8zUU5QYWZNCi0tLSBUOWtJcWZpT0NI\nOVd5bTBQVFEwYzlVTXpSVFJYcmdTTWVtY1ZvOUNGUVR3Cp1tW8f1Pv6x0YlDALZF\nT+rG1THjnZIT/y4FgSBnkHB2AuDnZsSI9RFCz7HJ0JeylDozCUOIMHGqIWSEawVL\nhyc=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwKzdPZ2hVRUFaMHZVWmF0\nVHJnNzRDb25McnhXTWtkVTIzKzY5QzQ2dm13Cjk2Z3VMSDNVNXdxZEQxS1pvQ0x2\nNGs3WkZLVC96RU8wMmFEWTEvbHRKNWsKLS0tIGJmT2xDOVQwbllnS08zTEZodlli\nM1lLaEVMOHRKNG9TdjlQYTF0TkhuK3MK8QNf63xwoF82ra9w3/UzBT+v8MmId7PU\nP8g77HYiLFcXIlaGgR+ZG4Z5cpxsttCyxcMHbkfCLE4skSIN0SceFQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnRUw3UGpUdUNFOENlakRp\ndzFTMlVmRFlwSUpoMis3VzZ0K01rODMwQTI4CmxMdHNSL2NNaFNnRkVlMy9UeCtT\ncGEyWUpROGlsQlRoK01wREROK21WSjQKLS0tIDQwanBPWUNpNWhkNStrSWxncjdS\nYVVxcDFpS2plWGJjSnRydjJYM2hDSmMK4V7yFek3HIE4wYQxp2GpefoivID6vnVp\n+/2cuferwusjdBgHrbL3XPUn8bbHwg/VOBHXTXeauj43d0ogr+zoUg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTNm9IdlExZ0hpOHRtOVpP\nNzBkRFlVV0RiU2tBVERjbEFpZW02bXVkc3dnCkRaamVwOE9hL2JxQ2ZBY2hRSThw\nZ0gzOURyYTdWdnptMFB4WHNUZEs3Um8KLS0tIHMvRjZQR0N5eUJlblMwVTZ0UG5q\nYjlCaldFbW1DNmRxSmFOZzdGajhwVWcKF0YzZ/Y1p8QA7Dljc3DD/FTC5WhZSWEA\nTbxCcQksg2FJbGeU/sgs8JvgXgn57pc7+cejYsW8c0QWyHmvnupN6Q==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwcHI5Ty9Tc3JhYzJCMUVK\nREp3WVFQY0ZoRkRkako4bzIxUEM5STVVZEIwCkdoWWhKd1lSSXl3WkRMTWJoMWdF\nSUM4MnhoMXl3bzRDRFFXYW1Wd2dlNU0KLS0tIEdKN3hHRVRmRFNGdXZsc01QVE54\nc1BuRngxZWpsRXEvNnp2dllGeGFXV1UK1KQsYV5i1h4e/dWdYvQ+OYp2KaAZ+8vA\n9/IsuPmoeuaAU9DyTpG6d88sst6tE0gYsJXLUR++p2B+UPYD4rDJPA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-06-19T21:51:49Z", diff --git a/vars/per-machine/genepi/garage/metrics_token/secret b/vars/per-machine/genepi/garage/metrics_token/secret index e727da0..094e5f4 100644 --- a/vars/per-machine/genepi/garage/metrics_token/secret +++ b/vars/per-machine/genepi/garage/metrics_token/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:dqsm3odV1kIx3sbHrpGoxMmaBp7oscTfb42mKSQXkSZA3r0SUyiox/faKRid,iv:TiU/MHNOOs18afosr9te3UI487Of6NR/5bZEU1X/Rz0=,tag:tulweBmCracNztaP0YYFvg==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBeStGL2My\nM3E3S0ZzUlBPWTVSaVJPUElVQm1TT3h5ZDVzbWJ5Vkl4cFFOQQorUGxSZWtQRG8z\nN2U3OXhyTE1xUmk1Y0JrL0pwUlg0U0tCQzRjSEl0L3pZCi0tLSA3VWJrMkRNVmxw\nQyt1c2ZJY0RqYVNycTVOb0lpSlVPOTV2UmVUMUZNUHRBChw8V3zf+qA+EnjjvuPC\nCbv2veIZDSWlGvq9BcF450CMSUk9F/9hAUjJHQFyA2HPW2uLxXdvnOjpcuHeKtzD\nRMM=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbm1wYUlP\nb0VwNnZBZTc3RzZ4VlZER01YeVJHeGNQOURlYU15T3dtTUprawpxekZ1WVRJeDh2\nWS9uL240RFFqaGlHWG1vSHJFWGgrZVNOdlR3MGkxNmc4Ci0tLSBENTJJb1dKbG9U\nZDJTOFZwN2NpdzNRMThnbWRRdnZQVzZsOFlpVThKRTI4CnaRZEisD/UCoIz79CmP\nwMD6uCol046UXXdJ/jnpms+Ct1a/sjAcVz1cuXue7bQS92vnbmUEJN06OJO3CJRM\nD2E=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBcDV2dCtV\nVmU2cEhoSnJEbTVwbEJGRG1reEtEVkNjeE5LRXJFd2JaQkpTVwprdkVSakF5T1pz\nbEhUQUZ3VVF4SzVGZGk0MlhZbmE3cmNFdFRvYmRGOGdjCi0tLSBkOXpuZjdxZjRP\nL2hxRWNqZDM0aVRzODhidFUra0hFaDYxNTJwUVl3RkpzCqpFWeGwBFd/tFm2T61d\nLyxjqpAyvfmRC72DF5633PyNRcx/ZG5QqUC9YaYBI5owfJBwjPI6UqZ2Ym8r76qs\n4tk=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSURkVDcvaFVPb0Q2OVUw\ncFUyTXVTR0FHUlpiZFREMXYzOTNOOXF3Z2hNCitiRnRkUE5ReTE1Uk9hZUMvcW9u\nUHZHdjluQVFEMFpxVkZrL3RUYTZoaVkKLS0tIHQvbmRlSzdGeG9ZSkdzNjJFZjFu\nb3Y4NWlEYi9jQXpmUXhyL2lKMXM0NWcKqx4p0irRmsbVMocBNmodUL9eNkFjL1+V\nyi9ECp+0pdGKDCp20ygT+DiImJh1AQpE2ual6DvpH4ox6kO5MjsLPg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4d3pBcDZBS040L1p4YkxO\nVzZnd1NPTVdsREhKQi96bm9hTnRIT0hIZFQ0Ci9OWWRCQjNIUzF1MTI3L3Vla3Jh\nR3hEUldQMk9PNjdQeVprYW0vcXAwYTAKLS0tIEZwN1d1V3g1WGQ4WGxiUzI3VVdV\nUlRubUMrcUo0SGtxTkM1N2YzK1FnM2sKuy/7GpLG8uUa3b7ddbTh8vw9fhemyTgk\n91u+c9u4DGkoKbxlXGwYGL9Bl9ZaciDxgX95XK9oYDmkvzDhSN/rEg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRMXJnQzRtRzAxZ0w0T3BH\nbE0za0ZjZXhEb0RTV094M2NpSzhZSzdhdGhBCjRqVmliek9KckYrQ05LellRcWpo\ndEI1QjVSK1hTbDBCd2pTdFZNbmNwZGMKLS0tIE9CQ3FTaElpUmNOTGs4U1dQOXdZ\nQzluL1RGeHVVWGNhaEdoMitDaGI3OG8K+XiaQeOarPa/mpqBeQtfojacZOhytI9B\nvzfO/SrLQTC0xzuiLab+VPmHrNBwQTBBw2QjRmaAxJOymG2Lq6pH4w==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4MjdxTDJPa1dHdHdyN1o2\neE1kTU5QK2kxVklielhKRXowQnNrMFh4aVRRCmVHWDFISkhsOGFLMUdVSzh0K2xR\nT2srVlZYUXlQc1psWmMzNkg2bHpEZ2MKLS0tIHRTVHJndjdqYTMwQ0ttWEcvWUNw\nRUEyUGFZOThGWFE3V1pQU0x4Z0F4cHcKYR5FU0kwoZHe32skIWuuyXDPAmsZhRVP\nW+VAuwCLQ/AtaKEyzUS0d5oxQLplfJZoaAF8vQhuWSx9m/dHOqc88w==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-22T13:52:11Z", diff --git a/vars/per-machine/genepi/openssh/ssh.id_ed25519/secret b/vars/per-machine/genepi/openssh/ssh.id_ed25519/secret index f45ce99..b608edd 100644 --- a/vars/per-machine/genepi/openssh/ssh.id_ed25519/secret +++ b/vars/per-machine/genepi/openssh/ssh.id_ed25519/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:9UNvyk2Mq3QOejIjcXBvrQrv44zL7gU8MV8UZhV2TWSRbS8CegrBhxiw35BLXrRqbQ6pY5TV45AhNklTFFjszGOtcegk6CKgBaBflFF3Veko7fLPH9WgBzdF5cCcerpqNltmA/Y95kMhID1VqXbfWxmwW+P52OTj90+Yf4pwDDHQ5OCC5HsS5AYKntpcUfGv9hETQKa2u2ru038k7eg1D1go/MOS2+6dkr4dp4n3LfQqg0qmiautEuiNxG9AGcCvjrIiAbYOKlfDZOq1Jq/dX6lXT2nr2GnItel4J2STlG5UBbyNDZJ+/os8fr7TiJRLaUAFt8SYDbicau/nv5sXHntKQXkAQe31gZesbMp+zbTr6sOkyAWz2T90gWNnpD6r2WFZeSlhSTm1dfndNr20Z2luawsfjSki66VgFJH3mXYmk3rlD9AVxj8qNNbp+HAFbEyZZPgBYQwcniPzSd8HM8uolzgJz5LMrL7zcpguRRPHgOeftU141+ctQCbWKIg11R4GfL+W0qdrtAR8FYw0,iv:UgxXXa7lF3UdNkrReQcmxcHdn4Y/TSmEbRgyOW9KWwQ=,tag:Jhuu6AUD7IKXC/IUZow8UA==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBdmlvV0hI\nYWt4MDhnTGQyUHdxUGJPVWdieDBYNmF4YlNpc3hWNUxHZUhmTApINFRVMzA4SWlm\ncnA4WFBwUmhXRkxubThWZXQ2YWZzR05YbVlYMTNIV00wCi0tLSBwRnVXeGdhS3NH\ndVNtbGxJWFNhVWFHaTR3bU1KUi85OUpublNERzNSTUxRCjL7jh33v1evcpv8eGiD\nPGffAHKUGd6NoszFIffaLH4AAp7jvVtRXGEOosyxZjkl8T14BRVvBygNtCzPuXA7\nYWw=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbkY2TzNW\nUnFvOU9xRUdia0xjUUloU0d1dzRyQXdWaXNiOTd3cGlpV0c0aQpLUkM4UTdQQlhQ\nNnRPUFRpWnBCaERUQ3NJRHB3NDBPN09qT25zRXA1WEpZCi0tLSBlSENwdTdTTjQ4\nRUNtTG00dnBneC95UlhVUTdpRVFUOGtPNWU3RndyaDR3CvJZET+yGuaor65bY9aS\nBOTKsnIX+824+Bvx6AqkHg/+D1BfKvvpliEjbz5HG7X3vgofG7jrtC9FYHpDemxu\n6iE=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBa2graE1J\nTXpVMGxYOU52UHBsYW1SVDdsYTFuNXVUK3RUZTN6Q0lNcGM0KwpLL3pGTHkvL2xz\nM2o2d290QjVhc2NmemhEcEVmY2FWTHJyK3JIOVRxbHVzCi0tLSBIdkgyZjdzK1kw\nbGR5bUtVRDJnUExML2V3cFVMa3JzV3U3cU1TbmlsZFBnCvpCfNadbvEWZgOYX+wP\nx+jHCQkiP38aHL6rKmGQkO4yocMvv/eANNhHJe46tT6Vy678Ho1CdPiPS70q9Uh9\nDfo=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVL2tJcXg2SzBUYUNGSDhV\nVDllL3lnVjFVT3dBaFlPUG1FQks1OFlmV1JZCldBeE1DVng1U3RjN2tuN3ptczJm\nMjhqZ2VNU1JRVzBUYUI2eG5tY3hKQm8KLS0tIEdlUFY1RUhWeXV4N2NGTXBGQzBK\nUDI5b3N2TGZxTEorYzJSNERMc2cvMDAKCfmy260E+6+IQodx6T1mIw1kf9jyNU2U\nzX0EHKptT8apgrSlxpELAj4m7cvJsuUCC2HS6Ydw6X4PYuauM73wzQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTdUZtbDJScXRXQ0kxQzFy\nT29jTWhPbks0NzhNdnBvbFN2azRKbHdJTmprCnU4clVqZnA1QUxCTS9jZGIyR0xm\nZU9qVkdVUG80QXN5blBiemtXekJ2ZlUKLS0tIHZaS0JMeGJNckJ3RmdhbEdvQnNs\nYXkvUmwxNHZDOEhWWHJ1YnJhazB4a28KtMVaNZB/AKP3ZatPzsSCq4TUfkPxg+Ir\n5Vmxg1Kv/zA4aeIA1En2EL+oHsnPMBcVWBpn7uBfMX6Xo8xZ2RzmfA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmTGUxSWpWL2ZRWVhzU3Jo\nZy9vS2FmTktmS0prckNVQTdrNkcrUmxpcEJZClJvNmwwRnhjUW4yQ2xSbUtEdGFY\neUg3akFYbXJPeDhGbEQrYzdRd2hRbjAKLS0tIFJzN2NBcExvU1p4QkJKbFpEcUc0\nM3M3Y3U5TEVPU3QzVy92KzIwTEs5NVUKr+ltG2HZEjqdi+OFrjT7XWsSAtlssSpg\nc9lh4VX2Px6DCB3I0TfUx4zW/5x+xYk9CxuSSsBCKCoPczSwhhElGA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4RUhUaCtwaGZzeWNnLzU5\nSVpUMS80cGN6MEZ0Zy9oQkdmU2IyUHU4RVhBCjhvb2lqT0c3aWJYWkRQWWJpa2kx\naDFtN1ZxRXZEOVlUTFQxUHlHNjJBSUEKLS0tIGhzWW1JR1JYb3NCc3FNTUFoRnda\nQ0VUb1VEOHJBcHlQeHo3V1hxeG9Wb3cKW6l6aWLF2FQlgQspORpdn1u1Cmr2zF7w\nMGmywIz7VMnWhcMDHXelqXAWXXqkKcEW3TFKor0SnUmqPOj4fFSCPQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-15T13:53:03Z", diff --git a/vars/per-machine/genepi/pinchflat/env/secret b/vars/per-machine/genepi/pinchflat/env/secret index 421e785..5150265 100644 --- a/vars/per-machine/genepi/pinchflat/env/secret +++ b/vars/per-machine/genepi/pinchflat/env/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:Sfpe4CSU6+923CWT4BGzizP3fNIkCfYJGDvIEFRVDAgnVCAtGl27+q4936CNeIlmzrOjatpIUgTFK/XKB4euNK9C9/baS/C7rB2oDyaebFSiYEGpIpEMjI2V4kK+TwTfrtwrgOl0gjAVKlRJ9+1fmTrPADHn0Oqn7cPMDg2tNh7Lrb3ivyYxxq/RnPGf201/pQ==,iv:Jh11D+YQv3QnnWuc1jcpmifSY8kujxOKK6e79oQdm4c=,tag:AcyVHWHLtIPQwCChbG4ukg==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBdjVaUE5H\nZ3Y3cHVBSUdqdnQyYVluOWVXcGJIMUZ5SWZ2RHU3dFI5VndmRgo0WE43K1BNazdj\nV3dRRWVldk9UaW1ySDBWd1RHSXdvcDJxZ1A0UlhINm9BCi0tLSB1bFJ4ZkVSaEYx\nNTl3UDA3ZXZaMTNVY2dlU1BEM1pXVEZ2MDh4YmVnci9JCn15VWtzWcvDBdKbPmpp\naTz7xeSwub6IBj7m7hrlS04tsDAbAsPjoyn0L1/xn5q2vic/Yx6f2pytJdUniMie\n/ls=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBcDU2WG1l\nYno4TzZEVTFBN3BBSFVyUklTeFNRU3ZxMWloMTZuclJhRGVYTgpoN1lwcjVFdFhw\nMUVUaDNQaWpYU3lDUWtPbG1ZU29LSll6cXJJQ01FRnRrCi0tLSBFc1lZamtQcmJ1\nY0NzcUV3T3NBY3VXMmdOZ0xFY2h6NjVMT3hvcHFPalBFCrfCRwovsf7pqtC2tqRO\nhgKCFFLRBNrG52RXDxnwnyoIRLDT4DFw3ALZhWYtmGvELE+wGC0yZ3Iq57WmJhaP\nWRk=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBN3NNbWNM\nMEdWbThneFhtcHFsczJNcUFRbzBFL3MrWm4yTU4vM1hSbFJjbQp4RDJqMTUrSUpa\nSHJDU1lVc21DN0wzdlVVRm9JZm5oRTRoTDIrSWx0Z2xFCi0tLSBpUWlhZFhpU3Fz\ndWdDQVVXVWNGTXVwN0NyckhpdGJNUjJwUys5K1dtRm9NCtSFfaT9Ej+kIJzRY5Rh\nLbHzCAgv2snFNXg7/TtifW7sptUt8TMhLpBqaA6LH1v/H4WDDv/8j3pTSF7Fi5nd\njzo=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSWUJxTlk2RFBjR0pHSWN2\nZ2pSV21mWnRFLzRBQkJRTHdlVkFBSForYjJFCmVRQkM1NHNjeStJVzMyR2JwVngx\nbFM2UU5hYWNjbk1rQTVxZW1IUWZXRncKLS0tIHg4SVJHRktBbER1cFo2bDZYQUFI\nbk9IQitiYy9MdGRZd2YzQXUwemhab2MK03lbCd40xcJlzJSUdVLqhl1VAjENQm3H\nHxGGalDFnom++8Ygc9QnfjlbXNtjhSpVHKR8lTazvaqWknuqms6M9A==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVN2YwN1ZDV095dTdlK3Vy\nWmd0cVozTjNQdFRISDMydUNCQ3RXRlE4c24wCnRpa0NJNFBDNGdPYmRFNTN5N0FL\nUW1ndmZZTmlRNENVTGFFbFpKbENaNlkKLS0tIEpmR2lhVDRDbGhRZ2JWamgzN3k5\nU0xkMklOaVZrY0dVeXN6VXc2VEpLakUKhMtArYZWo2946QdB/eB6WdVEBWSw5ge7\nBokzx8q3eafxHKn+1/npjU3VN7HhqVqQRZ4Pojj3U0DZ6PKsdSDglA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnUXpVR0RQdklLMXpQSTNI\nblhxVDBGd3gvUHRWRlY4QnI5THA0MjNRYXhZCkFDa01FT2NZcUdCN1pMeFZDemx3\nYjcvNGZNWVY0V2Voa3FLcG9tTU53WGcKLS0tIDBiQWxTVS9RSkl5czdWOGp6R3ox\nQkhoZDJCNm1namFldXQwTDFTS2Y3UjgK/yJr/s+6CUCEOWJznvjNXljEsRNocS7/\nXKX9dDhA2RII9jx/1X/JJhV1bXBASPqUUzjZCZYuJLqT5lNUckDBDg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2eWIwZ3V1VkdkQ1QxYU95\ncU5pRVZoT003Zk5oOXlnNElYMDFSMitIR1MwCkhFR3ZiRkszT051ZkdyM2ZkRnhL\nV1ZiczFMTzkza2xQaEl2aGJnT296VlEKLS0tIEZyRklVZE5oODVDVVhBRW5Bb01I\nZi9nQXVOM1BZNGpTaDg2NzdVWDV5SkEKB7dHbGNLW0LspjbI2VW0fGUppRpZr40J\nj5H9D0g3Oct70yJtH2/k/mPxxvS7tKAT/H11gdH/1dD+kyYGMzaq0g==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-16T15:14:34Z", diff --git a/vars/per-machine/genepi/root-password/password-hash/secret b/vars/per-machine/genepi/root-password/password-hash/secret index 30073fd..5fa17d4 100644 --- a/vars/per-machine/genepi/root-password/password-hash/secret +++ b/vars/per-machine/genepi/root-password/password-hash/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:9XMFoWiel0cEgiIxI4vhinDah7jrNt/2C33AADDderkf2aIvA41cG3Ow0q307gghGwDZnGs0d++rWscDPmKYA5dZFY90zwMwdT7TlFhigpArvnE8aQbiBUE3qgMwWHtJqrwo54sTLfEBQQ==,iv:vuFk8aU3Tgi/pCVhJLll+ypvDl3hZsIYpv3TZu0i+XA=,tag:T5Y44zuf6IZhYuWXeE4X5g==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBbzMwT3Iz\nNk5MTU5mMHhzZ25NdXMvV09McmxNckJFRWllTm9mZ0Y1eXNlMwp2cFphSjMrYWUw\nRHAvMFlzcFUrTVlYeS9haE15bWZKKzR0ZnM0bWpmUmI4Ci0tLSA4cnBkb21zWmRY\ndmUvZlNXNTgvaXJRbEJXUWF0Rzl4SGdnN3IwY24ydXkwCgBIVg3907+mmnG6AX2+\nBTpZg9HEbq5XdSYHJvLEDl+Xi9WCS9+O6Pwo8HAlhKIMtRyEpr11ZphUKfbZ2Rm/\nJnk=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBMzl0Ti9K\nVkdBOTh6bVByMVd3Zk05blc0OFNoeldoOWd6L0FjVmIwUDc4MwpGbmZqWit3aUVT\nVnc5WEVWaTNOWGlqQUhIT1lmRHVEVXJlTXdMZFY0bE9ZCi0tLSBkd0dlZEZ0czlE\nRThMaHcremlDUjRHeDFZcklvdmwwM2dZM0RPOHRXYnZBCpd2S3bIPZXfcrKZioeu\ncf0bRhxtjBogCBdpwWXxgsjN5RmfamiuPz9qI1OKTtM95AVhG1sbp4qOeS3ilnak\ncrw=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBc1ZEMzUr\nSkpUSTNOTm5SUEhmUmFQUXFNUldPUWhmVk9VUk85M0RMa2tJUQpNZFhXRGJINzZH\nZHRSTjdHbURyV3Vmb0djS2FnczgrZkI3ekNqdkVZZjlVCi0tLSBsUmViU2xYSCtn\nTHY2YkZrelF0WGpwR0dQajJhS2l5MFBJOXB5cm1JQlFZCpk+HhAXVQ8WhmvXx6bP\npIBixAePhS52QdA3u3pAJI0zJ2OC5OZU5v6etbJg2LVk6s6de6Dejo4DGUm0Xr43\n3xc=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPRU5aQU43TGtGSlAyN2hk\nQ2l2dWs4b3ZHUmd0NURjWkFXOS8xRjVSQld3CmNHM2s4QnpkblhlY21wbzY0cDFU\nYTBXNUNNSmdVamNSSk9BNnp4NGU1MFkKLS0tIEhDOFN2L3hxREM4eGp3dU1LTTh3\nYmw5T0hrMWFxYjRGaW1icUhEaG1rWm8KPJ+y30ntjpCnPAJC799m4ONt29QnBegP\nKOS8i1C4iWJ6HkchDgCMAg1TIiamxn24jXstRKaoa5jXauQki08owA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiczVHQktNMXc1R2JmV1dI\nT3Rab1pydWtoWFRQbGxqeDlvYlo2Z0ltMXhjCkRJQ0hpV1BnZml6OHVDcVhZckpV\nVGNqV1NZOHgzUy9Ha3AwTFJ0cjU1M1kKLS0tIGp0TGN2WHhBZzhWY01ZcmtneFNT\namlySDdDeXArWGFqZWlCVTMzS2YyVk0KqlHRbqCe3E26eWGZVHzOBdZ9RnSASCpb\nQjokNJ3DsnJ41zr4cHjMfJYUrKbQR3P+Qvw7MiAYuZaE/hra97dn8g==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpQTV3S2UrZW1ZZytnaWVE\nYW9mWmE5d1BueHBUYlFGOUZUTTNTc3ZyVldJCnBJUTNvd0RENS8vY0RkK2dzZWNJ\neXZnT29aYjRmVHRLZ0FJVEp2clFCTXMKLS0tIDdRUGRKa3hkZzRxdnpDQkxvamlN\nWXZ5K2lEM29ESWc4SWZxTVFoVi9qT2sKQqPGcHrKi+PQqUJaYhgfNWPEe+n+qi8U\n1lNi1UNgfMnKLOPHw33CiQadKyhaqJeFdFg6WCrMKQQNt/fcZ6NS2w==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTHUxYmFMcWF6czJpZFpT\nOE81cnF6OTRjc3NUSkJ2T3lNRGY0b3lqQTB3CmcyZklPYzU2WGRPdnY3R3JHTFNx\nVVhPU1p3M3dORFlEeFNDOWpvcWJmeFkKLS0tIE1zWldBWllzRHRKL2NUQ09GUWRj\nUGY4TzUwS0hhTEFmQ0dWdEt0ZGVTTmMKGs61n42+HioKNh/z1kDUcAuUjrswVCyt\nOp8tSuM21fZYxm7mDttMmcvE/cN+hNbnrp+r0f0m2/2ihYbE+BAuyA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-15T13:53:06Z", diff --git a/vars/per-machine/genepi/root-password/password/secret b/vars/per-machine/genepi/root-password/password/secret index 76ba956..2d6c857 100644 --- a/vars/per-machine/genepi/root-password/password/secret +++ b/vars/per-machine/genepi/root-password/password/secret @@ -4,11 +4,15 @@ "age": [ { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBc3R5RFR0\nY0p3b1FxbkVXeThJZEJjOW1GbzBZazVZTHVRdWNjTFR5UC85RQpMb3VvSm5hbDYw\nUU9KT1ArRG1EcEJXNzg4dkJZN05FQllxaXN3RHFEdmdnCi0tLSBMVnAyakF2Ynpi\nb2I0QStFMXNEQ0tQbk1KeW1lTTBrVGxielF5US9ESHVZCiA4fRhjVuLWl3LiRQcr\n8mDo9nYvmbXQpGwYbXNyiudYSBwU//rItWMGnS2F2ABpz3GqgSnnc1/3gImRdZP7\new8=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbFRsN0Ev\nS3Y1eVoxRlFrMW8yTEJPcUdzYjNUTUh0SUFjU0NYcDR5YkxMSQp4NEdrUDBtRDU5\ndC9yTDJZamcrWlgva1RhMStsYVhRT1MwZERuakU5Q0RvCi0tLSA3b0prRmVrcVli\ncWUra2pPL1JGaVRNZ3BhMC9UeURrY2duSVNVdkJkTlpRCunbM75dHg80w5sV3/JH\n17FumAcBA6mjj/3SxtfZnTAwdIHnO2sij7ltFH3gDXbGDG6V89ZXA7IvuoY/KHsy\nRtw=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4M0VZOWM0RzhUelg3WS85\nSkwxMDB4QXpFSmN3aUJaMy9YdTBZYTMwVDJBCnVpZzBNeW9tcElsbGttQS9EMitQ\ndXZsMEFHbm9kRS9INktmajdFVDFZSzAKLS0tIFBaTWJmUGxOWUZFQy9UU3l0b2M1\neDllaHZYaTQ3bHNsTjRrV1BsdHdTeWcKEq9YJP1nAJqBRzT71RxIMkLb7DmZu36g\nDPiLODB7PBaonDWJlQ7dUPdAobGfT5Zk53khGwSEIhqhHL9hOxwQKQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLY0hKcmlUUXlBYlQya29P\ndG00N3JreWJ3ajFUZUlWTDJyRHRxTzRsQW1zClFIM01VMDhoenJ0UWw1MEF2Y0RT\nVXlCVU5QbC9yeXg4bU1wRWtEWENFREUKLS0tIE4vOVNpazFqbVVJMjg5S3FJa1ht\nckZBSFdRWEtHZXQwang0TXBTZWhsVXcKygn8wYzAZKa4geRWNNl9gmEybWmlvRzn\ncL1CDUVWKg2mY/KCYfxGrgVyqFGBFk52xYlNn69PppBy1XgBD9DINw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBeXVZdGZr\nUUVkUi9oSnluQ2EyVWlSVWlkeHh6VzZXRlZaUVRRTHNIL2xFSApGV05sQ2ZKcXIr\nWEJwUHhtcVdBYTc3Wk9TcTlaNThFZG8yL3BaaGJqTTdNCi0tLSB3ZzVtSlRPQk5K\nYTJFTTc0bi9VRVhBT0dRY2x0cm8zajZxRXZyYWx6MGVBCtMuXTdg/q0mMSMl89lK\nBqKAuLU/5SqDyySy+Vl+/B1OIv+79a2QN2S2nd5fXjP8C3Cp1QJ1vkblvsZWJ2rU\ne0I=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-15T13:53:06Z", diff --git a/vars/per-machine/genepi/syncthing-gui/password/secret b/vars/per-machine/genepi/syncthing-gui/password/secret index ca8db9f..a0cf518 100644 --- a/vars/per-machine/genepi/syncthing-gui/password/secret +++ b/vars/per-machine/genepi/syncthing-gui/password/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:HWmd0ZCo4gD0g+dZrbkX7XNvfsWQaPHN1VOpzNGVbwZFQm1QCxGV1AxKkXbjH2pbsO6i6kikyyNH,iv:CX8Q5o/7SGM33rfQG5lFvc7iSBxR3sTf8Q4bPk4iv5k=,tag:gtEmFaZh6I2Q1d1IeSRDKQ==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBNThCVkVR\nWG1sSDNsTnpqdVEvTGw3UVU4VnlLdDVBY3dvZ2tMT3ZEZjZQMwp0MXBDTWlPQWxD\nVXpobHd3UHRMV2RiV0J1NlR5UXlLRjZTTFVUYkR2R1FRCi0tLSBoN2xqUnZzb1lC\nNVRCbVFtT1lEc01Jc243bS9TRndhMnZ2bTZ2K1d0d3pFCgCoZDFGYDnwFw7A+Dyj\nFBY4N1oPSvJFFycDc/yB/6OWg13mxmEGAjsITTnzCfz/3p4OZwOxq419owTlxa4w\n/U8=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBdkt1WEJK\nZW1zSWNuOWprRE8vTkJYVThLZE5yRFMyM1lwaWN1RjZabXQxNwpraVFSYm9hcndS\ndXoyVysrNzFGUm1xeE9Tc2Z0UFlRZEhwRFV0eURtaGF3Ci0tLSBuUi9XNFhkb2o2\nUVp2aEpYUGxPOHExZzlqNjhDdEhlUUhOZHRNSHR5dU5VCtiNVDtVOv9CkJhwl7iM\nDTEyMFNobrvDLtjHC/K0s6zMBCWOdi6wUzCkTBVciRbFhPnZ5vMC1CQZy2OfvorC\nxdE=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBemRMMWNE\nZk1SdDNCeU1NdDNDaisreVVBSVJSWEt2eis1bG5sd3VRME5FOQpGaDRRdUZsQ2hG\neWdYNzN5c1NkVUpTaVpwUE1nN1NSYUhoRXRkc0gzOURNCi0tLSBhYTNiQXFCNDAx\nc05STTlwdm10MDhzeTRCWDR4NFNrVktGcHRnZlFGR1M4CruhBBaooAQHER5by04i\nYViPPL8oRcEijqh+K1eoAI7b/e/OZdC53LTdzU+MGT/kpXka0TUfCcQvkxJQJ/vb\nEBM=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEWnRwZStVTjkvakxyWEY1\nODVQd01ubTc5TmNqaHAzSGhOUnlacVkybVh3CjgwOUxWditsdGljalFXRG1YaG1k\naVhpV0E2NS9jUkdCcnBzNmFUM1pHZzgKLS0tIHhpYURUd2FrUHJJRUlxOGpuUXJ1\nUVpQaTdCb3VPc1YzUDMwMkFUQWZzcVUK9ZppMlTQvQQOAeDFA+OUzbADEawIvTpE\nWDNL57ayqRP3aC7HBQZ+vLli/DJ1KYx9m2jITtDeIZWfLiUOTCdZZw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuNlNYNjA4THFFL3poc1R4\nVjdNdXpUMVFtSWVGT1ZXeEtLOEZuQjVlLzJRCk0xZ3VMU3MxTEt4L2V4K25lTW9i\ndVU3TTZvYkQ4STJPVUlsRHc2dnNYUFkKLS0tIElDaCtmUll4YWZUMW1UWm5PQUlM\ndW9mVG0zZGJQUEVsRHRGWklwTzJBN3cKQ6mNYTjYypTuEqvycrLnhGgmfYp639Wg\nbOO7KJK7ek1dU+O4OvI6qxMwpfVPQr3q88LAmnXcpkxhST6gUeIDfg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3TDd6U291bThUZzFLR1Fp\nUGhlN2wxTStsRlNCRGFzdmljdHpjSHR5OEVzCjhoLy9uWXltcFF1QTlvZ2hKbTkr\nUFI5SWNBZGV5RHNxc21vUTZNL1IyUTQKLS0tIDNUaVQ1ZWlZL0R4K0I4RlNaLy9W\nRUhxRHJ3SDk4cEJkYW13UjA1enhkVzgKfDPiSwfZvAE04pytEb40NG5ipmNxajMM\nxgNPkiIyrz3PDQmpZJqLnAUMb1rSBrk6UXSqaoPxIwAnmmka0wFSag==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2L2d4RDFETWtlM0dwTkE3\nWEgxUlQ2UUtJWlFFeWVIQ0VLMHJBQWZKSGhNCmszbGkxdi8ycWFEU2xZaGJ0MzVu\naVczUDEyaVh6N1V6V3cxZ1BqTnlJbTgKLS0tIFpGeFhXQkVqVVZPQXZ4RUZLekVM\nWDZrRkF4TmpBOWxKRlBxRmU4cjFzMVUKcnY23qO+bFRT5aYFSmmuuTwBK7pPQwVm\nm7KW6bfWarLj56Rkgs9xvaPCtA5BMEVcMIgc6ovbun/J5tQUC5U/Cg==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-11-29T13:06:57Z", diff --git a/vars/per-machine/genepi/syncthing/api/secret b/vars/per-machine/genepi/syncthing/api/secret index 42cf1cb..b6451db 100644 --- a/vars/per-machine/genepi/syncthing/api/secret +++ b/vars/per-machine/genepi/syncthing/api/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:u8kuySQoFLShwjIXFfy48R3QCQv1cHlNgBoPirbnq6q1,iv:xpy4QLhZEd5ra7kYJciXk0GRkRd7Z0bPL3jcrKnQdEI=,tag:whUDDBmeuZqnhkLJB9yGDg==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBeDNSakFl\nNmV1Z0dvWWE0SGVZekRMVnpxeENkcG5hd2toNExwZkxabDFQRAorbUl3K01NMmpD\nbm1hNi8zWXQwMmVIZXk4SEFrSVlhbExVenVqaW4zemc0Ci0tLSBMNXpjcE51K0JE\nY1Vrd0xDUzJ0dlhXMTFVR1hyUjI4Ymx5Wnh0YzVBY0djCjH2/CjBreDFojlV3Uq3\ngX04zSv938Dk7LJ2dg2KXzRJpXVZPq4DtOQO7zsgph6TsuGtG3STrYa8xjiZCtYh\n8fs=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBM2llOTVS\nb25sL0h2WHlkNTVDT01hRWhwMHltT3BtU3pKYndMVFQ2T3FqaQpkMHdES0Fkd3Vm\nSngrbFJVYm4wRFAzNXRWRUhlY1NqZ3RQNDM5K3Q3VGRVCi0tLSBRSVVyVDNkMkRt\naytjVDNoZTFsK0tIUlJZWmQ2RXhxYjlDMHFPZjFsalhBCoL76MKcn0cYqqx5pPzV\nQVZxCsXjALYkIb74YSpNHFCEeWg+U+kX9xbYkqzYJEai2smPhjXNvB5EcTGSRWDo\naas=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBN3hEUnNL\nWlF0cEIyZnYvdU84anRZSHlRWkdadHZnWFhmd3A0YWYrZnM3RApXYndSYlk3RlpR\nZGhNK1pqVVlld25QQ3JHQ1ZFYkdlZ0ZFcTVYeWQ3aDA4Ci0tLSBsV1B5Mmh5dFZZ\nTHBVMS9LZzdYdzU3MEEyWDZvcEpxWG4wbklndWxjS3RZCvEVpJ1/0fMslm+KeRm0\nY9bWP2VkRJZRzNKzyoBab3NHy0L5mEK5oAhY05LHrZDVdHXrEFAmqsc/TAXw8bad\nSAs=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbWxESVJSVFdQUmIzb3RK\nUHdDK1I5by83UUVQTFAzSUFzQTJVTDdQUTFJCkQ0WW1yT3lUbzZzL01hR1VacTVj\nUWgxeE1hYVArNi9XanhCN0VsaWFBR2sKLS0tIFRGOEJ1UE5LOTJ2MFRISUNlcnlx\nQTV0NG0rOW9ERTRTMDVRaHl2U2FIY2sKaN0nn5QZvAfhe/QOk7U2j5r0sC99DO3c\n4KN9vrH+j+z19kqMiJsbHQoj1cHkrvre78THqA2jaALjRWPTKLyA6Q==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwZlc2UEMwazFsd2daUld4\nZDAxeEpwZkRIc3JaaFNIcnBLYnd4Y2MyOGcwCkJaRUVnaFExNk5FT015SWtiQ2xZ\neFViTHNBZm1xUFQzNzRNTUt2WjhXRWMKLS0tIENxM1NFV2FCanErNXNZbWdtREZV\nZHU0K3ZvSWZJTnNnT092MHYwWnl4V1UKgoEQy7lTiOelJN+VAQUuNMmG5C3F9O2t\nYChspH7ejw+hysBG/F841hpQPQodWIU26/rMD7gSTzYBtF7cQ2SXXA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0a0tWZ1Q0aGlUL0JDeGdB\ncHVTQ3hRN1NZWEdGSlhobDlyeG9uQ24rZVZzCmZuZk5oT3h3S3k0KzlzRmJzQXEv\ncmtZU0ZHOFVld2JQQjV1dVpvbzlscDgKLS0tIFB1K0s2TFlORnBFTS8xQ0N6UEJv\nMy91ZUZrRGxYY0dTMzVncE1yUHFpZGMKZqo56NsP4jZpygw6FBVBjJk+wrI/v9Hj\n3G8oxdtT6Uef9zolsDyXN1hAq8ip9O+pIUxxTOyEHXbDBQa1mYXjug==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDWXg3ZDBkWDJ3UzZ1dHYw\neS85ZCtVTmI2bU1sMGEwYzNaZWxrQnBjQTBvCkFqdDZRRkdzUWRXVHJEc0Jud1hr\nR3NuV2tOaDdOQnF0NTNQcXo3SWgyYWsKLS0tIGNLc2Z5cVVlTmRJUVFiRUxqbjZO\nN0FmNGFzUG1KVW5wSHpaOEszSkVoQk0KxOGCSaQSN08ZrEAwpK2gvoOPY79xYSmJ\niJ0S67g6Ltx+ktJb7oR9AbMhiMg0vpXD+i7y/XzKmvHMOJOOGtVFEw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-08-21T18:39:02Z", diff --git a/vars/per-machine/genepi/syncthing/cert/secret b/vars/per-machine/genepi/syncthing/cert/secret index 982c0e7..1fa2ae0 100644 --- a/vars/per-machine/genepi/syncthing/cert/secret +++ b/vars/per-machine/genepi/syncthing/cert/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:cfoGK/Ap+Iq5TVEjRcExmrgxx6sFN9oyQssiAK1Zn6FlNt1+W2mYTtNikrlaDl4neX2N5T6oIVwKqY9XjQKRcBDAXnwoXE0Jkvmlf3hD15lgMCLzi9TXh6YMAWXOz9VkxWokihpw0CyXqZ5j8pLRPbR7OuMryzLiGBwHKBB/5P8BmvDYAGU7fDRX4pHVbsXH9lXaYvrqz/+VFAvkUm+X48RtonLJLNIrN0XaGYRHya9CaqNDmOM9VbHEuJWSzHe8NB5wNhI1PkL8mrXWfwA9oN+ojnyrHDBTAHs8gOJKELqUix/6dNfVbNgop+8Pd8qsjPRo4TEmXZxizj04Jc9klQo61qWiXUg/6eP2EhLIOgAjBE9q11uFLax4rb9FsvJmXYpM7m7hlQC27js4ZiUzy+yqtev8HlRmXIQkN33YS1qkA/F832GAnXX5rAqZn+IgVn5s7pMAu4p/TEFgH0uFy+D2Wm80vJoXgCs59N33p+b+qZgr7t1nqJDyiy8znpJAUtpsucyW47jLXhhmj1ByHmofNOllJfruOXmLfVpTFxfDtDz/H4nHIU8MNNbNL56hijjJrMf7Iyv8ojsqWemt45d2PDHO7mae3riwpt/OS/Mt+tXoEIKlLLEtNiKRYIqG0GFl+CFVvCRUNWliK52TaFUTxGT9EptvW0Th3iKqcVUtlK40Z4QvAGNQ2Dsw4L5GUfCJ/M0LETRxhsn24nlRZq3llMBBrfxmOxtC/o93+psgh77Blt3Su30NsH0HYVUZXjOym1xvpr0DgGQ8wdjekh7sjM0XTtdr/N4WF8+Eigur63t3zg3TiV07k8sHT9l3ZEN4mtUizI8RTRUG9tN9QioU0VjEFIMzTewAhRNQ7HqyOx6LtfFzZs3KqNBiaGCxjg2d3yldlZJ8nEzMmFgZQXmwH8eVVbPm0L3Puy//FRax+rBhSDUCTNc6rzS29mBeMH0wTn1bzztBAOYSWCkspVFxVzjSlZ13jnP0aFbG+HE1dXv26UvkPlinQNPZvpS42Gm913cYg35SpphstZA7+eKZOi8IUkLMITw=,iv:BkAURRGq5AzRG5e+krVpu2DhXbTj5187N6LhHmEKUjQ=,tag:izmZtEQPOgotlDMoV0CGDg==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBMGxZZnlG\nWlZVNkFkcWZTczVKb1FvY29rSmJhVlR4d2I5Q1VveTFRRmxWLwpjV3ptclc1TFll\nbkJjaWI2S1dQdEY4YkVlNitpRjBmL0hQSnowOHFZdnVRCi0tLSBpejY2UHVzVDlz\nRXcyRWhlYUR1T3gwZlU1WUR1NHJ5aDZ3V3ZVV0F4V3JrChgY/fvjTe9l6CyJuJrb\nSlLt/SRDAZxIoxmWalMMbg5mrHPdvyWsmDvh6mf3qhtNM+i/SB27CvHTyQSCStQ7\ndGo=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBZ2NVTDI1\nUC9xSldxc3Nka1JEUDVnbkFibmJ2RjB5YU5aQ1FJQk1Mc1BmWAphNS9DbWNTWDBQ\nVzRSYWlrOGJ3bG8vOGhQdmtSMHJlbGx1ejJGRmVpNml3Ci0tLSB3YjNVbDAxN1BK\nZUVpQmJsWmhYWGp4elJsV216NUFZcEwyOHNpU1VPWDBjCmDMmV/9xsHm1yClbAeY\nyfBp94e+cL441Fomp1akIfH8E6SjmA5EVKEaNH30yh62mjOHfruFhiJDdYY5S0nq\nBCw=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBMS9lNGxG\ncFdzQlhJK2ZjaHNReXBydDdYb3pMWFFQU0QyckJPaGd0aFZCeApvWXBNSVQ1N2w3\nK0NsekJ5aGpKODQ0OWdVdzRUN0xvM3pSNnBwZmpNZEdFCi0tLSBsNVBFQUlmSlZZ\nclNEVjA5YUxBQ3hHWGY0Z21Bd2k2MHpMWHA0SUFTajg4CjN+uBaYGnshQEf7fMtH\n+zzisEGgreT17r7nuG796CZg4yItPBgEw1FORGaqgwsQ4ckymyRME1N7nHjh8v16\noPM=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArdkU4M21YR082TUFUU2xH\nQ0N0OEc2TmxaclhQZnVMSi9YRDI5cVRGWkVnCllMUTZsR1RBSkVST2twdVpmYS92\nUmpMZzl0SHp3YWdvZStNcXhCRlJCcWsKLS0tICs2OEdNWTIxN2hkWnR2b1krUHNl\nMElydlZGMkVrRG54OXNqWFFoQ3NrdDgK0laArHAXBIt5wZWmvYUHFph9QIPERW6u\nzKD9Q9/OrnmDOXPxA8z8C2maxEnrYIijmIgE0arH/JHneBiRk/sD3g==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxTXZycEpnZkU4YzZyMHll\nc3FHc1RtUlZwQnRyYVgzY045STJvSnhzWUdvCmQ4QkpyMWxpQWNoc3RTYVBPVjhh\nQnIzN1ZaMmFDc3FaYk1PaDkyVmhJNkEKLS0tIGRoYnVJL1FVZnJ2VFR2ZGlINGZl\nR0cyZEx1a045ZUNpb0Q3dWYzU3VTSDAKIjE/zGEeymPvj5rHuEauY65iwbdcf4ZR\nsFitmyWuHaeUHOWE8SL80D1sbpAnJvwULselkaUwyaW5NtwLzGgu3Q==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzOXBYa0hGNUlUM3NVdTdB\nc3FEKys0Y1JjZjlMdWlxTTRteGorbHRqdFZnCjdMbzQxUEx4eXZVbGc4Y2JuZEdq\nQVVyY0JzVno3RjNWcGJSdjNBL2pZOFkKLS0tIEM2bzBYZTZBL0VIM3pqUXNzcCtZ\nNHNKL0JQWTUvaGY1K0FiMThjNzF1cFUKfuZRwASciwCyg5+Pv3U358yto7aoWEDY\nnZEhwK+lHCIII2Q5GepP2BpB4xIyjXs/Rh0zaReW5KZLRxUaBcDqYg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWMWFZUXIzOFo5NEF3c3E5\nQ0MvQ2RtTUdvSVhPT3FZelZsdk5nMXFIRHdJClFDQURpTXhrTkdaZThValBLRHZj\nVGJVN083ZXlzVTZtZUtRdldXTXl1bHMKLS0tIHpqbmkrcHdJamdRM0QwTmFUMHJG\nTWFoV0dqRGRKUUNwY2xlWkFVUnV2SUUK/T5z/k8nxc2qj9HaBeJdLaRLXTh+2ywk\nQVcBVOFNWuGdUZPFEDGzRL6sMCbxUH4as3D1WI13En6aWX5eiUKULQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-08-21T18:39:02Z", diff --git a/vars/per-machine/genepi/syncthing/key/secret b/vars/per-machine/genepi/syncthing/key/secret index d1e4b66..b98b614 100644 --- a/vars/per-machine/genepi/syncthing/key/secret +++ b/vars/per-machine/genepi/syncthing/key/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:xlS4AxF6bGWkn//F90xFoqScovc5UCPisx38EGQSUk4uPUxA0LGlBYpajPkWN/05cfpqirNzGnKd2fxOE/97vNusFf71aEn7QcqBW3dxIbNeN1b9DgOd3kCsbn1KHnTUDpE+ucx0im87KvWrLop6GiaGkREElP/hpxJnaZCZB6ae78HN1L31yANo39Ts+YJIfJ18lVFT+AKbvicUfleLKOgyHzv7eO0eohTfJ4UZAvkiW3bODL9QxiLP64pQvVkHFp9HllsWkbjd/28j3dN6ZAiZ5Fg+j2Uhjk/8m+7VkXIbPoTPu2KxXIputM/iN9fQIOaBJs3GfZ9Gj9C+oZeR3Rk5MYz/WS44bExlKd7fHB9xmKnrvTe7JTyHgPjDEvgD,iv:vAxFuqWVe3PSnqZXbFAwqVsajHrhj8ZA/3yJKVKCIrI=,tag:7ERgXif9/mb/Xbk6nsZz5Q==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBdXhTb0xa\nRGxkRVdYaDhVaTIxdWxiYk9zQ1c5S2JmaGRTQUQ0RVd0UG56NgpHdmhOcmlJc0RF\nSGNaZUt6UmxxYnh4SUVjR2kyRWVPOWt0YUFhV2Y1c3J3Ci0tLSB2bm1WangvVitD\nRHRVMk9Eb21IdkNLNlhNdDNIb2Q4V0xkQnhycFhRZGhvCtHtxgYg2NTTQZ7ijwh1\neG5eFDUR790uHpXO0IDVm9n4ewxALylMmnbTtoKLXzbhqEtwKFteiWzEo17LNIWp\n5yE=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBcm1LeWl3\ndTk5WVk1Wmd3cWhJd2svQzJrbjZiWHNiTFRteDA0M3ZYM0lDeApkUFg1cm5WS1Rl\nRjBlRUlnWld4d0JvTkFNZjQzOGFvNTBCU1BRMzhqZkk4Ci0tLSA2Y0MvOWxicXVY\nNEh1WDdwakxRZ1ZWQzFQM05IUnl2LytVMjk1S3F4dm9JCuIGVW2qGKjXN5YdRrS6\nE8rOvM4QX75UU1AH/+PysybRR/6fXC/B5aO8DyWev9KOwWeLDP//CuxWxGEmjROG\nxC0=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBcTZ3WjVN\nbHlNUGRDTFN3c09reTlrUEF5TzBQL3hNU1FJSTVDUGxQQXBnMApNc2w2TGk0dzI1\nUjBDeURVVDZMUElsWlVkWjFRNnU3WVYyUHhEN1lLRXJZCi0tLSB5ZjBNKzVqSE8x\nMlE4cytVbzB6RldkNkpzNmVoR2MvdHEvUHpCNGdEUGZjCg+YUTaAJI9GstcAR/83\nxx1OqmexxHPxmd3FPP883P/sLerL8vZLOSLQ2R91b4fBCMDYZ2FnZhykk8Ys8kau\nq78=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5dUk5SU9VTHpaaXVhOUQv\nK2dRNHovck9WSVFzRWNHb3o5TlFkdlRGMENnCmxLbUtNN2haNVR6RGp6S1RFcG5E\nU1BRU3k1U054OU9qMnhFVDhZdTMzZDAKLS0tIElGelU0SWZKV0dFMWFIUWNIK1RZ\nSU9hMk8wMnpTMHhPUGJiLzY2bVhLa0kKLDzxnSssAqdho50FeKJC1hFusL7A/lCn\nem4JF1avAwvKr2n4j2DbKB9280i7j4gtmxgY+OQk0FHbJTaHSSdmsQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGeUp5NU9OcWYyUmlXQWJm\nNXNIQ1ZDcFpidjlIdjl0WTUxTjlNUlJSK0JjClRyMHpmRkk5SXpwOWVHd3d1TmxV\nS3RZVGhBeW5yT2poNC9KczNyN2pZbTgKLS0tIEpHOXhPc2RYWURGaW5SeGhKMStE\nU09OZm9jdTU0K0o4U3B1bXA0Zyt4S28KND1NurbdKkzNu4WIUHbmjKczKmgzJ2Re\n8o8wCqR/yGBxgz8kMz4QCqS0BbfuVlfgdBORlTDopSDLXVzLEuiotQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlL3FlWllGQmVtWlFUQVVR\nUytNZDU4ZHdUZlU0K3pkSDVHdExZb0EvdmhJCkZyNzZmSjdFQkVJN1ZFdmpuUXdF\neUN6N3lDdE1sUHpjMTc4NmlRZmpIb3MKLS0tIHFYZWdTQlIxTG1mdTdlUU9waHgz\nTFUwWHZQUlhNL0ZmUkpkSkJtY0V4OUUK9YwGmPisdZqoKZuZdmuMRlXCdrJsrG7I\nExleBaQ4kHNMGhqcfVXf9OzpgScEd1dmbrTH9NZM64k8yd5Aob5vwQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5VGxLM2V2dmJyR0haQnd2\nR2FBci9Xd2FHVnlJRnN5NmQrTEhHMXNLZ2h3CnVXUFY4MUs2WkltczY5cGVRUHI4\nMnVNdzlTUWZ6aE81U21YRmVsZ0VQeGsKLS0tIEF2Mm5pemRvZ0U1YkRYaVhuZnNY\nOUwzb3lHQlMxd0RHWXA2TmE4S3JuWkEKLXcbml9PhFcxoOyo4YbQVKkezSha4mEA\nCkPqB5APjxo03//KaZ48qQIzewGclmKaWaXSOeoxuZ0li7oPF67uzQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-08-21T18:39:02Z", diff --git a/vars/per-machine/genepi/user-password/user-password-hash/secret b/vars/per-machine/genepi/user-password/user-password-hash/secret index 96325aa..be96ed9 100644 --- a/vars/per-machine/genepi/user-password/user-password-hash/secret +++ b/vars/per-machine/genepi/user-password/user-password-hash/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:hZt/WZhXgTTzl+e6sghxmHe3/JGHbI7RzYzG+vpL6/gdWghr62/ils9FVKfOtnQ0Wg+QZdJbO0UQJecxvMxR8lEWbUkYBtUoWYJ34DcCleIdWZ4tiF/iP3q8n7ovlrgm0MTLEJy/1NQSzw==,iv:8Fi1R9FeuYsh9Bt10c7NOZ/TklzrRu3QF0yZSc/CG5o=,tag:62RR/zLs5F/VCPtkMp56NA==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBNnRxRjBI\nUlF2WFkvc3ZpY01jMzJNK002a2JERUM0d2ZHT3ViY1lEQjVjZApyb0grdU9lbU5G\ndDR1SnE4Q0pEUUwvcDJUNzZlTHFObnZXeVJicGJKS0F3Ci0tLSAwMHJHVEpmd3p4\nVHdzNE14Q3hiY0NIUFRFVHN4QUIxNUdjNDZkYnkrN0ZjCpmiS2iTiN0XSc14csEv\nO46lEMxXVymhtT2vtNMydaw0qZ8R/ufHx4WB4nTyLCQO6DW0UaA8+GligVRRk5FI\n+Kk=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBNVZ5MFhK\nbkN5Sk5sLy9JRHRqYVVPdTVxaGR2WGR6SjR2ZWwyc0owODlpMgpwZ3dZVURLTWJk\nMjAreGUvWXY0cDFjaUFzREpvR0E3eEoyT1BHMFQ4L0UwCi0tLSA4NHJNd0xxNksy\nVlJkN25jT0NCeHgzTE5VNk1DWTdUeUxoNXlsclF0N0VRChkY3o6/3WBmtH74mYoc\n1FDbSAtsM+4qX/bLm2EorcK4223tL3SqA0tBFRFONiU135O21knnROaBf+7byjGT\nDbw=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbkxqajRX\nckUwRGxEdmN6RFhBUGlLWmp4QkxGQkFKQlp6WU1sd0JwbUgzdgpISXRNVFdjME9p\neTFhSmlOZjlYU1VUalkvNldzZlkyaFQyODczZkYyNFdZCi0tLSAvUjB6TDBjTVFH\nK2tobncvR0RTTU9BY0tUREVCSnZNUFB2SjEwemRqMjg4CuTRXD8jqwrTQyPMr5Q6\nuuJ634To5MbWxXhNFcPGj99wM5xkyIhBbGso7ozhpcvCP/npt19omiwpmYPDtVGy\niHY=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTWEJIc0p3aEFXVCtaOUtw\nTUpNY0FtMTltS05rTnZPeW8weWFWQjk0L0RrCm9FTXBPeUNLUEo0WWpiemh4dGFu\nZnBCWUE5Z3lqQ3dRZzlibGhBRitRZXcKLS0tIGNMN3l4STJMTWRWUTNZR29VamY2\nVHRKWWQ1NHN0RE45cGd5RUoxb2RpVTgK0ajQzTcEzIagaa8O6ScJpn3vFOT1C7hX\nxwVJmcdKI+phUZnVC+V0Jc4WhYh2MIDwqjPFHk0+mtuZe1dTIouUpg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5VytkcWVTM3NUY0hSMTAx\nUGM5ZDVJTVJCRnNpd0RIVjY1TGVKREtQV0ZVCnNxOUFJalBDTFVUdUpGLzZzd0Jz\nMjJ4YldNRzNGMjNjYks5bml5TWhVeG8KLS0tIHdodDdsYWhuTWdmNXlpS1QxOERk\nYzcwMkZ6OWVvRVgrWFloZ0tGU1lPYXcKUPGMbQLCZ4M++zerdhfQqzlcO4YHNIMt\nSOTdzgqFiIFa4VpQA/W6pOfOK6Xc9ZZasNcqc6NbutaAxfVSYDTCrA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvbjVkYXBReXRlVGlubWFl\ncTRhbnh3S3BYcHowTFQ5QXJ3Tkw2ZUxmTlJNCkRweEJtK2ZVM3EzZnRxZkw5YjRJ\nNjA1RGFpSnF2WnpMbTUrSTdTcjh1d00KLS0tIDBySGFTTEtTSktydnVOWWpEUnMr\naUdQMUYydzRlY05EMnY4WEUzK0t2TlUK+1TR/MCYtsHebD9habH0uaYVaKinwtRY\nc77vxHARc4XGejQP1QBJTG2EDb7x1ywdZHzeU0H0kI4xuVfrqO+u1A==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmK3BzSzlwTVM3bXFuY0Qy\nVjUvaUZJV2VQSUhYUmU3TDRrbkZPWEE4UGlRCkcwVHFCc0JvNjdDSHFCTXkwclVE\nVGZ5OXpTNzBuQVptNjAzMFk2Y3NvNWcKLS0tIEdpZ0t4ZFhTdTVwaEh0YzUzbC96\nQk5VcGg5bjY2UG43UU5sNHUydFFXMEUKC1K1XDvwKG+OWZ01swnc8pJqQZ8jdcYI\nvyVyX0i++6bKEEwiG8FXxpgr6jnjzsq6UIWq8SNPM1GeLJir5hDPtw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-15T16:16:45Z", diff --git a/vars/per-machine/genepi/user-password/user-password/secret b/vars/per-machine/genepi/user-password/user-password/secret index fc102a6..e6505f3 100644 --- a/vars/per-machine/genepi/user-password/user-password/secret +++ b/vars/per-machine/genepi/user-password/user-password/secret @@ -4,11 +4,15 @@ "age": [ { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBZ1YzT1Fk\nY090Q1pURTQ4NUdxRm1LazNTSzFOendLQ2FOa0VyZngreXMzTgo4OHc2MGZTbElT\nclloVUNEWWR4Szh5dWZweG5yUWNyTnMrU1I0TjNCMXE4Ci0tLSBFdytZZWlEVUNE\nLzNxcmNjN3JZMmtzK0FEQkU1SlQ5WTVHOU1rRUFrcUJZCta6PPdD9hElLu9qmOcO\n5IHhzc0PXaf5Ttq9wsK+hX9XzVzYmlenT1aol6kAYmYNwvVU2y8tKuqmeS5PmUt6\nvIc=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBN0dOWCtK\nMEtYRElOTTVvV2QzbmtCbFRidmluTDFNNldFVFNLdFpVN3B2ZQpZS1k1MERzNnhC\nSllHZmlybHpCb2M0aUthV2l6RjVFUjcyb0NIV085R2tvCi0tLSBWOUU3VFI5ZDRZ\nckdsR2lRTDdpeExPczR2L0FyanYyRis1RTFSMW5tMW00CmDWQSteogGg3bdqZhP7\nIvuPgvFOZ9Z0BiYjhVaZ6ufudErOQA2sxVug0xt/7lbnUKD4a4X/vTKTKF2swnf7\nIiQ=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjN0xneW5NNitBTlhvSmRN\nNVE5bEtCMXVPRHZhamhpQTVNeWdPQkppem0wCmpkZ3p5WVU5a05ISnBwb25FYkMx\nTDJGVmtlSHRtdEJMdlp2NEVyR1B1Y00KLS0tIE1LOVVuOCtjaDlDbnBIenlwaHA4\naHlmbGk5VDZQaUZoKzg2SGZ4Y2lDTXMKNGV6QfcAei98XhPEuxu436ASzb3QA0PM\nyaUsaEH8+X7yqgVgJ4UPOmFgBJjVsqwk3GPzQ7ZHn87bmY9BR6sfmw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmUVlhL1hWK1ZZRCsvN3Vw\nbE0ydFNzOU4vck96UTJ4TEV5L29hVVprWlFNCnNSenNDMjlCeDRCT2NkOHg2VWZn\ndnV0NFVOSUpDZHE4c2tYQ3pnOWFYczgKLS0tIFZQQktOTzgrb2VLbUlENkdoZmRT\nbXB6bFZlOUNZbi9oTGhoL3pyTXpTMjAK48AqcEGIViyaQrdjeEmtwPTFL7cfysFl\neX/KGigWG2ZpdUkyxqHvOqIkMI7/61epEpxCOY4ryIX5mZzax3geSw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBdVZxMElt\nMUdud1UwTjgrVVZ2cVRuUmhLSGJHOGltWElucUcrQnA4cXd1RwpuYW85YTc2eG5T\nNUVIRUwzVGNocHg0ZElmQ2Z2bXkxQXAveHp4Q1pOU1E4Ci0tLSBsTTlxbHlFbnJa\nS2l3NjZlOFRGU3pJN2g1M2cxMGhNTmVmWEI0Q2hEdE5rCgnKaKy4tZzSu7RBTxT1\ngneaq3mtXjdqLbDdKiA2HJbIs2pbGTGOi+BxqV8jFMXx/z1XzImcdsu3CPYqV+OC\nPpI=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-15T16:16:45Z", diff --git a/vars/per-machine/genepi/wireguard-keys-wireguard/privatekey/secret b/vars/per-machine/genepi/wireguard-keys-wireguard/privatekey/secret index 05ee135..fc1de2e 100644 --- a/vars/per-machine/genepi/wireguard-keys-wireguard/privatekey/secret +++ b/vars/per-machine/genepi/wireguard-keys-wireguard/privatekey/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:U0tjahIz+X9nKrUH6urXjx8rfWIdPeF+0wMQtB2/JsCZ35E6w74wvz6xWACK,iv:CoD0FgB7gW22UjH44jhaatXrPt2qX0I+ZVDGyCCZ1oU=,tag:HZg5CnIr8ZRKwoXakilCPA==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBNkVTUyta\neWp5YVNWOW5iNUc3ZytoY2h2Y01NeUdpbDlvRzRMV2x5WmlrZQplYkJEaUhzWlBO\nRzFYZ2h4QUVjLzZmRlM3TnYzYm5Ua0ordWhYRDVmVVpZCi0tLSA5ZGdRQ012UmRh\nN1dGcllqb3N0SmlsTWdzem56bHJzb09rajQzYzNLTXFrCsE42Jp4HGtYspJ4bSKp\nN4LyDSsV297OeCNsQ+ztRiPCGE8SPdgrce4mivnpI/jpmZONU1uY+7TthBCzfpyL\nMgE=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBN3pCWEgy\nMzgwK3JFa1NWcm1RT1ZGa0pBYVE1MndJd20yQ1R0N09IZXR6RQpHQUR5bHk3L2xZ\nUXRmWWw4WFBIM0tlL3lZRHVrNCtWNzY3L2Z4Umo3cTFBCi0tLSBURVdhVXpvdGlt\nVU1paE9HREw4R2tZeVJmVjJjczlOUGE3V1NNN3F1bFhnCk5z/xpB9oQgZrNnLIqc\nHSlFo9RPToUqYA3rcsUZTcUmPK2JgGimh0azzO12mvg67hNNiHjztnk3EP/OORM6\nMlI=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBdmxMdzJH\nSjdTaGJFZEJyQVFmejNCV1FIRGlVOUxnbjE1dGNQQ1FnTkdqMgprRzYzU2t4QjVT\nUXlhUitDVEJnOWZyR1JWelVQRHlIdnFrSTFnbWVVZTljCi0tLSBkN2t3VldyYldJ\nVDNId2RjVmZhZTJUeHEvNzE3ZUppN0Z5ZGRLSUh3cHNVCmbusPriHhV+VgZXN5dr\nntHg4mU8X0vIvcY/V1goQLburmxrgLB/HYr2mL5s2gdldiTh1n2xM/7phD0uKWbD\nN5Q=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2dGpSay9NM1I1RXgrMTgr\nSkpEVWUraThBeEFxRVZUSytIMFd6QmRlM3djCmdqZms5b0hmT3VCREovSGNIRkFN\nM1dVK0NWYmNuNFZiRnVRRlBXbm05MFEKLS0tIGlsclBwMyszK1pOb2lZOURUN2ZX\nSnJKcFpzOEtqdDd4OE9sTE9lM3ZFSWcKqwMjJKu5sRYcw3wGB/8VX4/UtE800rLf\n0hBZwjGaXFUBs1VdqaZselu7pW1PQNriZLIepjhjB2iEqP81Bk5RFg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZU9UUFdwRlk0NENUQXZi\nQUttQ3FrakdpT3hZcmJJaHNNaFU0WVU0QXpRCm5GdDNMSFZZT2RQT0FlNG4xemhs\naTE5K0dVa2I4Z25MUmVkcnp3ZEpUWVUKLS0tIG0wUEhwblcydTc0c1lzVGw4bkM3\nZW5vWFFsVi9tNklmMWYwSU5ZSllRYkkKg3fCVYwi7v8PpdHkGu6EOaVWubkHBV4b\nXYjb/zAeVfae33qZYQWdxXX8O4ufkFC3+lECERwfL9M6cK29Dc7WzA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwUkFzbmpkNEgrMiszdmJI\nanRNQUQvbW5SYXlqN3JHTXNNVXhJQWkxaVI0ClJHL1VncWd6bEZlb2ljSU5LMlM3\nSmU0SHc3ZzdIZWY4VERPWW1nY1VsRzQKLS0tIFNzaURUNm5xeGdMVnZzdW9OTDJr\nNFg2UGZJWGpNeWZpb0hDMzdSckgrRkUKeYH/ZcuArEw0NqMtDMMXVosjISgsaT1g\nJidq+8U5wpyMaBEUIAkxr3Xf3BKP8D5PQ9Hl+F4BPsSuNfyph/FGzw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUZWU1SE13T3Z4b29NOEl5\nRTIxelRnTUxUL2gvMHJPQ2hjT3RuMm5oYUJBCldVa0V3U0J2M1NRWi9odERFWUVS\nRkVRcnlJUnp6b2J4NXY3dFJhVzhUZ0kKLS0tIDFNQ29yVG9Dc1IySEVuN1o5SHhY\nWHFyY1lJaHZwbE1zbW9jbW5VTjVVdGcKjP2huy/43iHqt87pG6Yvg52DEe8eOMcY\nqHxP9IvuTL/bwWibYTW3tusnH95Yny1P9whoayVPA8yzCUpWOuGuiA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-11-21T16:53:26Z", diff --git a/vars/per-machine/genepi/zerotier/zerotier-identity-secret/secret b/vars/per-machine/genepi/zerotier/zerotier-identity-secret/secret index 3c80514..85d6030 100644 --- a/vars/per-machine/genepi/zerotier/zerotier-identity-secret/secret +++ b/vars/per-machine/genepi/zerotier/zerotier-identity-secret/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:3lcGW28SKHbpHq/g0xpmNqlemZ1W5DTfjbsIwufl34tYZIlAEITBVRAf2M66k0hUAvl/e5My82zVhxKGW2FcLUghxRBWXM0HIUDssKtPJhSjuDeQ5kBqTLDCGDDuyW+nFi16C8tzp4arszeaS3yENn65iWax9hlssQQiAYodRZoLvFoO3fPVkeDlII8qL5sjCqTdVBX318c4XKt1hi3PcgVCsevV7gD8kQKKPBePMD/hzwhoVcjDBcTigLRTVio+JmYMOQOV3sl65q7j4yB1j09C0IX7glq6s80+YWTvNkAwyeC/N2UvDntgGIC7/+1VvawViOC/2W6rZpkF5orsIJhW95xM6uIaOhAPQHot,iv:a+PeVag/u0K9NP8bg7Cz9sqhTqAf5SmucFbIHlYcWmE=,tag:GyF2gl+zVSQ7MkatjHSbrA==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBcVVyb3Nm\nZXlSQlFxUEdOd2Y3ZWpERm03M2Z0c0RMTFM5djIzTDVldkM1Ygo4RkNPZkZ4OTMr\nVldBL1hYSkZZME44dXZKcHdoUk5nc1JuYytuN29KL01jCi0tLSBzZUw4dlBranh5\nZG51V1hqbTZYSER1NHdNbHpUNmNuTHZ5Q3NUaFV5R3Q0CnwBTtadLTcqhQ2Fi8IC\nYeKNG7DxU2NaAjJ/rwRbVqElFwD8DZJB63U8T5ovXzS0u350EVJ+E5ulSZGUNNdf\nT38=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBaXBlNER5\nR2duQ0FQQ0xheDZsSW1zUE91bk44RUs3Y2MvcEcrcFJaMTE0QwptOExGUEtsbFF1\ncWNRMVM3WlBNTEpyZDVscCtDU1hDRWlEdUNqNG5uVEdVCi0tLSAwZzEwYU4rMnNl\nRXJIMFQ4ek5SeXlTRXc0VGE1L2xFRkZtT1d5elYrd0NFCpB/c+IWwxKGNW6mBqP1\ndD6jXJPIKrjNXnrbNTSFqLrG36QFQdeJkeLnWa5kCnAVm0WzEEMUXDL2mOtd94R9\nVUI=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBeU1LM2ho\nNjFuOXZmbWpsQ2VjZGhsTlVvVDYzNEhOUzFIVk1nb0EwR1hBTAp1bEpGQ1FwVjRh\nZi9QTmd5cjFlMVU5ZFluNk5yS2hBZUJHT3pmWlFYdTVrCi0tLSBxdkRIMDVYbDBZ\ncVU1MjlNUUlHcy83dlNkYWkwcEFxRXY5RWtSY2xLM0U0Cj8fxaBr0oJ+nEx6/kNe\nnz4PNXi3veyt1F+VrCBgu2jH+rcb67qreK/8y4Ev8tAOwXshoAKg4V0KoX7z+i5H\nPRE=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaWjB5SGw0YUo3THFwMXVt\nRnNpM1ZnRUpLQ0c4R2NwcHZpN1Nka2UyRUdjCkxyVitYdHFkN3MxSEJBSGlBTUM0\neFZ5azVDRDFYalpGWU9ldm8zb0pQSzQKLS0tIEtNUS9Oc3VWTDVKY0t3YkJxMUlx\nUUQ1SFRwYmRsYWxTT2pmVThZT1BjM3MKNkb6VVgq3SkzUJW0pCbS/9z+zJbGSw9d\n0HMFSh/fgqgtlORdcFY40GayyVdN9tvlIa9sCvKWye6dNqkn9SFh1g==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaY3BuWGFNL3B3WkxZZlJP\na05IMDVLNDR3THpDNmExQ0MxVUpKVjNyc0FRCm1JRUw4eHMram1KY0Y3ZE1HK2Ew\nL1RsOE1Ma2FrWE9SL29YbkdLTDcvMW8KLS0tIGFqZW1nbUZSUkVMWnBNVVZlM05Z\nalEzUitBZmMwelRQOTBGVEN2V2h4Um8KlREiGF8kzhA7CGujppwzACGsK+5atVfz\nS6BTPGw8ZJnDHZsux01ePQ1Pyrz99qwfDTubzk4tywayTA8/LZirQw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpQlA3L25HOVIreUNPNnN5\nOUU3MUNRUVBIZmN6dDZwNE1GR0MreGxPZzE0CmZWeW9yMnNqVkpWOTJIb09HS3ow\najVRZ2N6Y1hpcnB2SllCcEdjSzFlVEkKLS0tIGpkeVp3R3BDMmZCZ2RyNXlleW5B\nU0JDdmRrdUgzck5lMmZIT1dGNkFReFkKysy9bB5LHIQPdyv2bLGdMJQJbEFXpjZP\n8oEH7aOlYeNihz42fxCqV8MEqMQhu1KO72okAZf4kIqQ7arTl4xWgw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVWFWMWRkOGh3QXpiaHkx\nbDM5d1FraVJ1eTMzclFxOGNHREpWL0xYQkcwClNRNFYyUzQ0aHdjZ2M3ZTk1QzBr\nWURGcVRocncwTnlZUUFVZVVyeFhRUTgKLS0tIExVZ3Y5TE5pY2hzWVBJNWRhTmQw\ndVJ4VFlVSWE0dGI5YWExeXpCSEdHZncK5METCsDcyAef/spwZ6MXRSqaXWW/RaoK\nZrbKxBn5ibGwOfwCVvtKz1sPy9SyLNUyBw/S0CzTm3wTD/3KwXvuyA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-07-01T18:02:24Z", diff --git a/vars/per-machine/haze/atuin/key/secret b/vars/per-machine/haze/atuin/key/secret index e2e9608..66cd82d 100644 --- a/vars/per-machine/haze/atuin/key/secret +++ b/vars/per-machine/haze/atuin/key/secret @@ -4,15 +4,19 @@ "age": [ { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBeTR6THRh\nc3ZLS1ZiY1BZTUxJaGZmUGRhSmIvU0NRTnQ2SEVBY1VaSXdtQQpuS245WGV6RFRF\nV1l5b3VvdXIxbmdmSVM0Syttd2ZGWjNCZG1MVXo4ZjM4Ci0tLSB3VGQyQXhSam9w\nTGNYWkM5V2FMZWUrOVphazdHMUN5S051b3I0ZVBCWjJzCpg+qJ0m/keQto0L85cy\nWaYc8nCkBFUAPv56IOVMk8Yku9A+nObMCBJbgIhkGpSgyQ4natRYSy8bqEy5w+Bn\nzFs=\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGSjk4NzJOQ21DYXJrZ1ly\nblR1UUhwSHpCM2hnaGVneWhlalVaRy90VVNzCk0zMTMweEltVXdZcDEzQjd2QUU5\nL0RIcWp4TG9RSUQzc0EzbkNNcTN2UncKLS0tIFluZ2VPS1hieG5WMEVLNDhteUY2\nWWRMckJSU0pUSFZiNi9xZnlVV3V0VzQKzfkIP15LeHs7PRNO/bsyD3AGNl8CRnbi\ndNsIbGyeCy/ObVyoC2y5Ksvhx5G5stEaI6YGcmQw38u6L8/sbHhyVQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBdEVKWW1Q\nbUNBdVA4cjdPUWNIeDdnRnFaVUJOWjA2WTYwb1Z2ckFvdEw3aQpvMy9Ic3k2WUxk\na043azJNaXFXbThwTmdmRStnNndFdmdkMHpUbHlVa0NrCi0tLSAwNmp0NitzeWx0\nTmtaa3NKOUJVZFI3R1Rid2tLUnYvTk1ZRXRJVUx6Vzh3Cj7g2RXgUtHC8qL2UkbC\n8DXqgbbJUVlqzhnoNbiIZyt4oHYNayV9j8TsBcMwL0ZipHdqvcfIp6ppW5qw3kn4\ntNE=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmTUdBMVNRU2xJd1pJZ2FM\nK1BCc0NOY0pkR3hjNFFsSnFINWxlR29IM1VrCkJ2ZVJyakJNWXZ1c21kYTdDUkVr\nWGlPNXVMTENXMGhNVmJsdVUvTlQwem8KLS0tIC9yeTZMV0djY0dyOGtha0JYbTE0\neDFRankxTWI1eE1LYksrR2hOekhOR2sK6xaYwDpqZzeyvhxUexeWoxcPdZmSrYX0\nLy6o1LllJqZUoagy4mMu1EY75wAWlvOOGxcp3O5YesiKhGhD1Yz2Dw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Y0QzZTRsME9LUFR3Rmcw\nbXUvUDdkQzQxVmtBaTVWNnNadDJTYUR6bGpZCjV1QjZDOEFjRUVycUV4bDBBMUor\nMVphN1FOZ0phNFRIa2dIKzRVc1RmYTQKLS0tIGNYclc1SHovS1dka3VRU2N1VFp1\na1VreE04UTRwUGRTUE85Rnd3dmVuVW8Kdp0IZDe+Vfa9U0i6t1GBJNndldrXF5Eh\nVPn8TEtAC73hVRDtMKxhqOKlIAoYBGoVxdeCJ/rQV6zI+Paci2+4SA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTVDBVWFUwQXd3Z0NjUXB2\nRmlEOEtLSForYjl4dHp1cFd3SHp2dlYrWjFrCnVPVDA5ekxCMU9lb0d1c2VEWXF2\nN3JVME55cVVCbktYek1MSXoyR0tydnMKLS0tIC9uZmhhaTFjMEJTczIxQUt4SzBH\nbFpnNE1TUXN1L3BQL0w5UzFhTGR2dWcKykTdCd9RsebnSCgUSAguWLKVdd3XkQ0G\nhL+yAQD9hff235UVlmJ4eFt0pIGyHrGwvNCCErh4Ng0lY3pHxDsNFw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBNnVETlB5\nejlHd0lKMlFFVENkdnhzUDh0Vmxqc2xDQTNKQStncFZZUmpoNQoxbEZSbnQ1ZzB4\nczRVS1JncVdNTm5XQWRESVdtQmF5bE1MT1lGcVVGU0VzCi0tLSBhR1ZHaCsvQjBQ\ncmtjdDVYaVc2NzBNenZMOVhMdFNSR21wbHdYVHlURFRvCpaDO4P9LKhxVpCJW5qp\ndbEA+voDUPM1EAlFWVOesJOf9VHrDgwjq18pMhZg/yUawYIoFtDqj3WlPmShHrPJ\ngu0=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-11-27T14:56:54Z", diff --git a/vars/per-machine/haze/garage/admin_token/secret b/vars/per-machine/haze/garage/admin_token/secret index 028740f..8ae40b3 100644 --- a/vars/per-machine/haze/garage/admin_token/secret +++ b/vars/per-machine/haze/garage/admin_token/secret @@ -4,15 +4,19 @@ "age": [ { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBK3ovdVdh\nTTBnNy9tbm94VFFHQ0dKVzg1UHZ3d2lNU1RPMkN3Tnl0QnYvcwpSeHlvMXpTOXBI\nMnRYdmRVRUJ4WHJrNSsrMFlMalFhRkJTd2JJU3BZQm04Ci0tLSBGNmJ3aXZDQ2VC\nQm8wb3lHQ1U5aGtCeFpsWDBqLzI3WHBheGpIWnRrbmxBCgDMrm+AGd7xQCEw+2BY\noXKYhxFkwqA7OhVycmsbPH19coPsL+zvPwlw0EucsbFCxsJHJjSrnSMiX5969K2q\n0Rg=\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiS0svTEJSekRuZkpiQVZ2\nMlZUUGpRMHVodUtZcU5FeSsvb3VaOU1QcUNrCmNEdVJja0RydGhXRE14eUhwOTFw\nb2VQVUdsdC9NR2ZnZ3BRK1dZbnZ6UWsKLS0tIFhXekhTNmFVdTdVKzE2REYxbzk0\ncFZlM0JJazJpUXJUdk02VUlyL0d4a2MKJvnMAmea+F+GbP61HtIkMnfhciJ/SZNx\nToCtRtLTcjLNERKefBB7nG5KMSNiuFV77TG3kP1fLJbYiZRVnvWtNw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBcDFEeXRW\nNFRKQ0FZZnZrTlNuZ1BlSCtoRGZGMU95SDB3T2trL3kyWmtobgpTb096SWJyY0c2\nL290WS9nWi93WTgxd2dnZGNab3JGc3VlbVBqa3dXN2VrCi0tLSAydWJiS1E0R1RY\nRTBsNXJEZVZXbnJVYWwwTEJMdXE2cXF6NVljYW1QTFljCtG5o/LUk1Hmu13aOvf0\nikkI4f4ipg+WpPpWENn2MS2jZ2ZQgP+tauNFwvlJjNxDXB+fSK5RtnAUn6CAzjfR\ngyI=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUWhtT0szeEtva3dVOXFL\nNGZ6ZVpNN010MlNyOUhHM2NiRGM5T2hGQzF3ClJoTlFycTBKU2lPVnNwZURXbE9l\nbUlJZ3paQmRISnZBVUhlVnRNUzdOZ1UKLS0tIEYyTkRwQkVIdEthdkhCZktKZDRv\ncDVIZGhXZEMrN21DK0NEVUg3YVVVZmsKJedFmljwSZM/1IXq9nXCDV5c5w8lRqIT\nPH9k4VCF5coG4W/3ZIxHTleqAjP4wg8rXKju3UxgCTIAkyQei/2/Ew==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNem5wNFEwVjRRU0NzREQr\nSmFZTHU5Y1ZTaktGSXZ5alh1UFIzd05LcFZZCjFUMDJqUkwxYis2V1pheEV4Mnlv\nTE5UWE9qYnUxRkpQSjhKa1FsUnQyeUEKLS0tIHJ0TXczY1Rqa0V0RVJtNm9RdW9v\ndTVaSVV0dFc1c092SHNoUDZUSzcrZnMKLDoWd+qdFT/9/83jIxWIcQ8BBed2rn3r\nRugPtd3BWsUK6DF/7Oxofcw2ocz8DY/SjieYARiuAjK57IlZQxYEvA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTUFB1a3ZNalJ4L1NYd3hj\nZzFCWFN1M2JDeWlDQ0U3aTA5S2FMRmhGcGl3CjN2ZzJMWDlqN2lhRzcxcjcyTVYv\nckdJRU5BMzhCNVdKRzJDalhKdDZieWsKLS0tIHpOTDdleU45c3hwSmp2dlNLVkhS\nQ0lweGkwWlF4ZWRsZXlja29xK1ZXeTAKddB/O8Ed35cNcjXN2zC+/khnOP6Qim81\n9jS6slVfX/5B9QJ3FZ46TWj2vhmHEDo5vSvdgjOmNRbppTlu9XAiFg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBL2pycUNG\nNkh6bXRTSGxDNDhVZ0pTc3V6VHp6cHFmMkdCUzVITnZvdkNLVwoxeDFMT09iai83\nTmoydTQ5TWsydUZrdVVzLzBvWWNmWENjYzNvQ0R0aHVFCi0tLSAxUDEwWk56dlF0\ndzN6STR4NEdYa0NkYW50WEtCcWhXN1dWVlA4bjRkSDhBCnUZ2Je2hXHMRJuGyRDQ\nJTMRUi013wD3DTgmLE0a40HuLIQud1+fw0AqjCcJpRvz6kQMBMImiwDhm57+LVqo\nn1I=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-08-20T19:06:32Z", diff --git a/vars/per-machine/haze/garage/metrics_token/secret b/vars/per-machine/haze/garage/metrics_token/secret index 1a3ebfa..538e535 100644 --- a/vars/per-machine/haze/garage/metrics_token/secret +++ b/vars/per-machine/haze/garage/metrics_token/secret @@ -4,15 +4,19 @@ "age": [ { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBOENac1hN\nTGk2aU5tOVJYVzJRMDBSQzBubWlNdXlDdXg3L0lUZ01QakpRUwpJUmlxSTQ2WkdU\ndHRxNUhEWFk0MHFNNU9hQ0N1SjdzZjJrL1Exd2oweGtnCi0tLSBJNmtBUTZZajhC\neElHUVZiT3FOWU9ZajlZMEJzd0dTOW1GY203ekQxSklrClEOoWIkuwn63CZUSMR2\nkfBFJD4eYR5hMLYhB3jl6wmo4s7c/QdHFft46lqNCuNBP+C6xvBy6HFb5zSVfyau\nxmQ=\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3enV2NjRNSWRuckg0Vzk5\nTkdOTi9ZeW9iZG1wbk5LOU92aExLc1pPY0RnCmFwYXhNcGs0QjhiQUt3OEpSc21O\nY2VXMGxxQThIbjhYNFduSGRFUm5MZGMKLS0tIDFUYU1POFpEMnVHWmM2R2p3VEdl\nTDZUQlZmSGY5SjhQSnNqdlJwRzBWL1EKClpZH8Z8A1yYkKerKNUGre/lvhizpeUo\nMYslXzeEhemnx/1Gj9SisZoRCXP120p8ZZS/nEzFyjE0G5J5rdo4Yw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBcW8xZDBl\nMkp6Ym9vM3BZWDVGa2JaR0ZEL3VjRER4Tk5Yc0RQc2VWNlUrTwpXckluTHFPOXBk\nNlRiUzNOWHlCeWNLdnV5b3hmUkVSSHVCS2psdkdVUWpNCi0tLSBFZ1RIdExZUkNl\nZTZ5alc3eDR2QTNRNjhNdEFWeE5MNVVHT3FjSkdWR0FrCpWlbh80ZcDR2Pbh43L8\nGtTLxW3muuAqMUy9wtykc77FTPkzT86rz9BUb+EOvWJlH1HQ2mr6qCDsRPH+OhQb\nGOI=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWd0tHVUlxemxtYUVHRERl\nMEVCV2FqRTZiaWZ5VjdkSWF4ODZMOGJkSURrCjNUYmxPUjFLcnBmRHZQWjFVaEJ4\nWlg3Y1FkN2R3ZWxnekVxY3duMWNscFEKLS0tICtNT3g0WGRYRVZwZE5sRWx0dndW\nTmhzRVhJQWdqL1BnR2l6WlRZVGtyZTgKEcbI/v1JIrGP7IezkkZ5zxlcGR/gCB2+\nXv6j2IlWRec0giftjfPBssHxH3KPN/7fg6CzH8l5G7eJTE9zVWfFIA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4dmNhOWZhZ05FRDZ2cW01\nZkZKZkUzZ3pIZjA4SzRzb0FYQUE1SE0rR1NVCmdiK1ZsMTRJc1ZRelNkNFhQeGlz\nYVI0S2RjS0pOTis2dldHUzQxUVJXb00KLS0tIEMwSXZvM1NySzZ5TzlRSklCSEVj\nUWUwekRkcWFHNkczU0loaTdtVVRFYTgKGVgbrHrBl/wNMR7/zeENghs1jv+Cghh9\nuDBCh6RwYV+vWP7bf/hqZUw/e0bXnbIVgcraunQkUwYpgSS5+B0GXg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoS3ZGWG1sQVo5MnlVYXNI\nbHQvVU1reXpzcngxZ3dPbEZFdFlhemdHOHo4CnRFMlUzd2hqdDU4SW1kNW9wUnRn\nbWpuTnhDYmVnVHRrN1dpaWJBMldHRTQKLS0tICt0M1JwcFlDQVJkem80Rmx6TTg3\nS3JrQmFTZGVqdGVlYTI0ZktWaDJvTW8Kq9yjcHnAeGA8qduq/d11awVM8uE82jHo\n0bzID7kjWXiDNKrCb0LXkUthkTt+21kr/qkdG0zmn93eomIbaTm+Wg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBNENKaERF\nS2owNUhGdVpWVGcyZVZWcG9BZFRKZnRMc1JtbUIvMGYxNHQ1bgpZM0tBTmJDc2w1\nVEFlMkpDd0E0SDhDSjcwOHV4WHRZc1NGRERuQmZQNG5nCi0tLSB4RUUzcFp2WlJB\nejFTeTNCMlBDMjY1cEx2YkdtUXBJL25ZZFlEL1ExUDFZCptl1mCTAVpTY4lB2Aqm\nYUVVNezPrM15OA6GglDxm+u/gxxtC6yBUFHtsThLypyBMJ+r+4BHF/UOp4OqLxGH\nzt4=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-08-20T19:06:32Z", diff --git a/vars/per-machine/haze/openssh/ssh.id_ed25519/secret b/vars/per-machine/haze/openssh/ssh.id_ed25519/secret index 5380f9f..adb8199 100644 --- a/vars/per-machine/haze/openssh/ssh.id_ed25519/secret +++ b/vars/per-machine/haze/openssh/ssh.id_ed25519/secret @@ -4,15 +4,19 @@ "age": [ { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBczVnekR0\nZElvanh2bEpFYlNTdHp4YlppcnRWQU5DZjRLcUFqTVJEUUNiQwpWS3hweG85OXNo\nQ2syZmlhWHJQV3UvUkxpQ1NDZ1pzVG51WDFwL1NZQmVRCi0tLSB3SjV6SzFSVWx5\nTmxhRkdjVTRWZnBZTFNwTG5KVTZITEJ3OStTeWZxSlFBCmND/qvE8qX7RzO63r92\nOxRqmpFEs3xayytu0JH6P2F9+BrvmJ0uXkmojNRqCVYiMs7hgV9UqETsYx3+E5DJ\nHlE=\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNTkVORmNRRFFmRnd3Q0Fo\nNWMxcnpDK3pyck1xRXJ3a0l4RkhZb1FHelZNClhXbEU2VE9XU1k4d1c2Nk1yOVhl\ndlVQVGcwenRQdmhsbWJGV1NhVGMvN0EKLS0tIDFsV1JsMnlDR3V6Q205ZHVnV2c0\ndm5VUm9JNnZUTHVmMEJuaGRxaEYzaEkKqWKmZAfhNZMkGfvZbJKEIk6olzwUpjkF\n7F+Gt1it9cfi8Vm/JqVJS/s0MwL0krpTOrI4KHw4rldI+iesCmojHw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBNng5Ly9J\nczRTSEFMOHlmbEVkV09sVE45SjdLLzFDd3g5d3ZYb2M2N0kxSApkUUM5QXB1Mm1F\nYXJ2eGhCU2s1eHRqVnBMRm44RWl1YTdBdUFYZXJSMjFjCi0tLSBuTEM4RkY3K29m\nbWp2SDJ1S0poWFRrSVZhQ2UxQ1dtODNCazlydEt4MiswCt85xFy0xUKnjxTdea4w\nxSaCvi4ABykBbSZx9nAnZ+PVxlM7CYSkmpYkQUlrwQN7URlfXVuMjhyQF5qr3lzx\nIfY=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1RmxiRUIxQ1VwQVprRktk\nbFhJa2dZaldZeUZFMEhZWTA0alRIZXI5c3hFCjBIaU5NOFhyc3hWUi9zUXNTN2pu\nNWZHTWR1aFRsLzBQZmVkR01pVm1HZ00KLS0tIHlHSkhabU14Z0tNdjZaamlQeWhZ\nOVcycnppKzZMd0VoNDlhOFNHUXFZQWsKIQ3wVqakZWuxsFctYf6+1XAmIMlbMUwK\nOHGSOH9xxHgXDileuF4ougojbx46CUCv5nsCc7zaM9HriZM+ZZ/LZQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUVUYzOCtQTkJNdWJjYkdi\nQjM4VFhDQnRoeXVUZXBjNFRhemhsSS9haHh3CnR3OHNLV05PTFVMNTE0dUxnbVVR\nWlJlNFJ4QzVvVTk1bnMrd2hzWHRsWFEKLS0tIE9ORnNzT0I3UzhVbExndHBUU0ll\nNjF2VkJKWFh3WDdzdGZ2enRrMlZWQk0K/33zWJ0B0i5Y2W1zqNRKik2iC3GoJXFU\n9jmPH0BmIU/C32bYgZkDAGPkZbqON6OdhYQ4LwY2GTNpQYcQwd0+Lw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvdjBsVTZwUkdNRmN5ay9h\na2hoUUYyZkVieW1Ia2oybEFZa3pBZUpJMlNRClBFenB2NXFNVUJIWERibEgxZGlz\ncDFMaHRMMEM5M052YnJmcnhkeEtvajgKLS0tIG9Hc1BUUVdVYTdESVRrK2VUcHpD\nOG4xT05MbWF5aExjNmRWQW1VYVVldlUKr6FPttKwPIeH+lrbcxVq4yNymRj2Oa7Q\nfWs599WWjw3aSdlHVafgABcqKrxqSo7/gEGy0rtaskzWCQ0pGVe7mA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBL093UVk5\nR2F6NDFBSzBLWkxEdXM4NUNYMmdWQmRBQTNyQ2F4QWxjNlhNZgplOTlMMTVDNEkv\ncytvaHZNU0kyL1dwVlhmWlY0SURQQUpPemNMc1lERDVjCi0tLSBKZ1lOekMwM2Zk\nZEN4cm9TRFJENjUrZmwzQXovMmhPeUV4S0tCRnFlS2dNCrBsWrp9sW0DBMKrEUHI\njWn3DwDsa0E8A72Mbtm1urdE4zyIU7VBONOe7LUzHBNe6Lq07CyJ7mWXHzORQ8Mg\n9Ik=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-14T21:17:44Z", diff --git a/vars/per-machine/haze/root-password/password-hash/secret b/vars/per-machine/haze/root-password/password-hash/secret index ab991f3..4c9c96c 100644 --- a/vars/per-machine/haze/root-password/password-hash/secret +++ b/vars/per-machine/haze/root-password/password-hash/secret @@ -4,15 +4,19 @@ "age": [ { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBa1paRXdl\nZ2xXZHZYMjJOQTNlcU9RTzhtOFBUVVlsWDkydzdDbm5CSDU4RQpPNmlzbkVYZFRs\nUGhpSWE1eUtPYlZpdXJ3bHl3UTFUTkVKbmFHcTF1ck9rCi0tLSBlZEw0Z0RMT0V3\nL1NydDZQeDFDUjlFM0lQWkNrZHl1WWFhYlVuMkhRZndjCqU48TBdnRtOK3ORJdGR\nXguzoCR2yKXsM716LrykGQLvH7B9FtRyewNuxJnZgMc0VZwJjcH74Zwqc0IROqsK\nKRw=\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjNG5JN3N6U0pjTktBUDNC\nZ3JJN0Qwb0Mvb2YwOVBDZnFUcnNXeG9oQUJJCkVHWGxneHdSMnhhZzBBa0VGTWhr\nRUp3UmdaTEdXRkNWc0haMkNia0d0UkUKLS0tIDZiWXBCM1FhSC9lV0pMSEFEM0Q0\nSHdqMmJsWFlETjE1MXBydW9tTEtZSDAKsZ3Rk2gl/56v3JnWpG/GB5PfTQfgIAP7\njl9wcWWm9Fw+VMtt7FAEnkXwpy6Jj7Uc7oLBtvm8f82urHppmRYG0A==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBNUtxV0lO\nR2M1N3BJd2FRdE1xSFJhbUpJU2ZVL05mNG9NSGtkL0ovRlV1RwpVRFdSQUNyQ2Y3\nL3A3YUpCMTJBb0N4ckczQ01BbTFCOVozUnpFVTNEallZCi0tLSBHdG8yL2tPOHZT\nb3MxdG5QQTRieUtUck1OdkFadStmc1U1UkI4Q04zRiswCuQu31tdmdxlaKHRE+cP\nd3TPJgOMhcbjQqr60JNw4i9pCktiAvGd52gcIYCCKUGYM5QvSAt8JqYJ9F/ZcRVV\nTZk=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpQzdId1FKMWpBVlhLOElZ\nazF2OXhLUHUwT0pGRjd6d1V3MXZiaFFuVURjClZHc2dyY0RsMTdTWGJNTjNiUy90\naHRyQks2NEJsZjBFVkRSK2JUemhzUFkKLS0tIEhWM0NVaWptaUZHaVFxNlVjQXdC\nOGtGVjQxVVU5M2FFVE5uZnJTc1B2STAKgPYPb/svRRiZnhpsRiYDKrFGkhhdvBGP\nLOxj/u25nFbHHu47bmykFvWAGRHSLI9yLxyZ5dLE8TvG5pKYwKJJNA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHbGN4UHJCRkFOclRlL1d6\nVmFzV0FabWkvcTAyUkhYVnFNTHcra3gwZkVFCjF2V01uZ0lyUzZIcEFqVEsxc1Br\nZVZIcGhOOHF2SWlVRU1aK2oxQjNISDgKLS0tIFlQdHhacDFpUGkxaE5lb0JjZlRR\nNDRkWWthZC82SEs2ZU5pWFlRYjhuU00Kv6ht3pXNcgaG4zNbMuhu7B+7lZcZdk3s\nxLLW9W5/M/s6NpwxcxGSkpK7tk6D0etUnuDvZNmmZptEKmrmsnwj9w==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyQzVKdXpNaklXOWlEdWNa\naW9ZdVRncTRxcE9KZXlZZU1OdFd0QlpvV1JzCjJTQ2p4MEtQUDVqU3lYN1RZcUh2\nSVNQTzlsVlR5dXlVc2xuU3YyVlh5bTQKLS0tIFd1UWpTemxjTCt1MytoSkhHNVZM\nbGc0L0NPTUNPODd6K2JMMmNQRnprbW8KyNnslioY4vi4w0mzyIstqsIlKT8EJ0r2\nBIaduiQkhdVlMbNRtAIN/TlcL1jUZUilx0VjaFaIiQaq8DlJxZ21/g==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBeGx0aVR1\nUERLVDdFeUVIMHFSYkhITTBmM05BcStTeis2WkdQa1J0NnZ1dApUZUkzUWFLWkRt\nZ09ONk9LNFI5Z3RYeVRNQmQ1eEtDMDNIZG5DdDd4VjBRCi0tLSA2UGJ2UE1CN25n\nYkZzUUk4ZVBoT2Fkc2JWYUFaYjR6WS9xZlRsT2ZhYjdBCnV1S7LqTPRu4RFTtgiJ\nlGnNMOeyQat3FDFzt3ziheFHC7KQsvSHmLL3bdaV9GghS/L/Gtrk+ZJbDXVKhNJ/\nML0=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-14T20:58:38Z", diff --git a/vars/per-machine/haze/root-password/password/secret b/vars/per-machine/haze/root-password/password/secret index c6181eb..c9fe3cd 100644 --- a/vars/per-machine/haze/root-password/password/secret +++ b/vars/per-machine/haze/root-password/password/secret @@ -4,11 +4,15 @@ "age": [ { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBaGtOcm53\nZis5NlM5amNqTktLV2lrZG04c3JwMFFKWFVMM0JNajgveFhpRAo4bkhlQmhVaDA5\nVVdRbDU0eVFCWW1HUFBNcFFWVHZ1MVRrRWFLUU5DQnhnCi0tLSBjNXNtdEZ0dGN4\nWUZTQWR2WWxpQjVBTUhCcUo3U0xSakFhR2hoWk1yc3ZvCseXGY0+gkWbbXlUe3PM\ncP91bDPgdNA2bnMIXQ77HhUhGNRFZzAR6vywO/h6tRK5mfCZizEFjzac4Qstktoo\n8rk=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBb2g3SkVF\ncUREL3NZZmVNSEpySkpGRU5kNmdxQ3pJZnpvT3JpaDJ4QStzTwo3QU9ueC9ObjNv\naUYxd3lIbTk4L3JHZHZGeU0vb3FQc3dqYjBmNEczbmNJCi0tLSBoalFlMXNLSTVU\naGhWRDZORWY1ZVJEY0JCNUtGMmhuTDR1WFZoYi9NY0w4Cpf7AdOaDFR+Mt4VGota\nA60hpYJzEFitYD5Ky66j+R+z3j9o2mLCE+1UH/Lw0k6cBPECAPBGUR1l27Dl07OR\nLcw=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuR0J2cHNORmNSUGUvV21Q\nWVhUWnJpWWxIVkk5M21JSjIvR1JJbmFZVjNZCndaZkVmbGtLc0s4ODRBeFlKZHU3\nZWdXQzV1VmZpYkVuOHMzWkJaeUZnSGcKLS0tIForcVM2a1VCY3dIZStBcDNHVXdm\nRHpESW5mZTZDa1lNYU4yamlFNVdpSVEKTAgPAtIIGBXCHawpefCtt8rwhd35aS14\nPMYV142N3zjld+8Jl7ijlvOHrOkgSO+fcApr/iLIYtgQOM5exvQABQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCSHE0ZlBud2Rjd0taSkhx\nUlczSGIzK0hmMEVzeDFrQVlqdWtBSFlQTHdjClBUK3B4cUV2SEZIb09DWjBNR2o2\nbXZPS3dXNllrUzRmczhiODAyQS9nRmMKLS0tIFhZS2JpTTNNYW5xSTA2TVN0Q2lK\nZ1BSOHVsdy9RS1BONzlzK0Y0emtQUGsK56puPRo0YfMDYtWtK0JvxPOH9HyoNeeK\ndeGwe/S1AjtrgnmJ/1h9UxPPHF5c2h7v1XgstiFfSIAvLCRMvk1sIA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBNGlTZ2o0\ncFFvSDdHVmxzVVRFUGt5Y1FqTGlGbmZ0SFpsR0FIM1cxRTFVcwowUWNFLzh0Rk94\nOEN2Z2pxRE5WUW5lMkZKTjE0VTZuQ3ZFdzh0YUg4ZE1ZCi0tLSBHdXpvcjJkeDA3\nbHJDOHIyTkViQ1JlNWVOeER2YWJHb3g3YkZ2Q1ZnVEVnCpcxFzHlO0q2vCsym6gF\ngV0P0sJOorI56UcRUR1aJhhpTuqskQcf08CVOcmOVBQm/l9NQX9mdpp1obyQl94B\n4+g=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-14T20:58:38Z", diff --git a/vars/per-machine/haze/syncthing/api/secret b/vars/per-machine/haze/syncthing/api/secret index 56f4f4b..6b2ae4d 100644 --- a/vars/per-machine/haze/syncthing/api/secret +++ b/vars/per-machine/haze/syncthing/api/secret @@ -4,15 +4,19 @@ "age": [ { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBNkx3ZURV\nTTB1NzI3WjY4L245UFYxdjlCM3J6eWJWREpGUW1zUW9NbzJmMAo2SWxmZmIrQUtv\ncEp3RnZrYUt3T0RnVlJYQzUyVGtoZWpLOTA3Z2gxUVV3Ci0tLSByanNZTzZLV2hs\nNUllOWpuVEs2R01zNit0TnNZVDNNVFpCbEE2SnlzUmJjCitYoW1QgWHsQXZiYFqe\n84FSP5/o0NxnS7M7R4rp/FZWtB/mcKRtYJdEeTGgPBpN7WPNFEPouLQs2b3IXuOs\n9Qw=\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBeEp6N1p3NlVnT3VwRjQy\nWmdLendRYTF2YjE5VUI4aFh4aFlraUtPUG1rCno1ekVQSlUrcWxyb01vdUc4OWY4\nYjlKc2IxSjVUT2xTNytPckhyM0QxeEEKLS0tIFJkMVI4bTIrWlFXNTcwdmV3L0hP\nRkJyZnJNZWszZUxOcmx5NE92WStMZE0K4L7anlOR9Tow+PV/2bOD48IxFi5T+vYT\nUpWkadK/7i244fdnapPTDN/4C2ZM+NQIRdzFelITRmhtdQJ9HHcEzg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBd3pvVzFV\neGpzOUhjZ0NTQXBQZG1yZUVsWHRGZW51OENVOGI2MS9ZWlFXcgp6c05jR3hkam9n\nWjZpT05vc3h2cjQvczlkWTVQTVh5MjhXak4xMGNhdzZJCi0tLSB3SkNUOUE5TWVZ\neUxQc25FQVI3UGhSMU1hQ09RaFZVNlg4SllyMEprbWlRCgYJ3cLXwmIw0jcgeiCT\nWE5xJAyX5ckFsaz4m/Wy3agRyuEZBn5xU6CXVFxhnLKPZZFvKoHxm98MIC2MqTXx\ne7E=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBabndFQWdmdmZDelkwWWZS\nYURJZzk3Q2JEcGtqMkpWWXQ1d2ZQRmJDN3dJCkpzQTFwTzV6TFA1eTYwckZRUGpy\ndVdpaFhQbDdXZnFmblZXeUhLaGFzTVUKLS0tIGU1SnhzaFo4Rkt0Z3UrYlluOXFH\nTUxzMGd4RTVtZUp4UElCWUJrTEhIdGMKn3Nl0LPMQjG0yAIS6ZscXaGwONRuAN8q\naA3a244WsVYhWedPkGXvx49o+UueVmSihz9UK7Fv2Qq/Wxh4/t79vQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOeDdYOE56Qy9yNFJWQllu\nenFPRkdiNmxPUW9yMFh0eUc5UEhiUERqSkJNCnRGSkI3MjRlTHRVRWVRTUhxY3RE\nZGx4NUQ3TWxxT0h4RDR3elBON1E5M1EKLS0tIDhBUkFwMVEvWkRPWUlBdVdITGEr\nYzIraktjbFl6bThoQzFxbnVJaG5UT2sKVXn37flCFIRANh+wWVB4LSXcO8W14G0I\nqsPYPqB6bCHZGkCJiCPoxfPwJkmED659xsQ3FXAOA4+/Deu4IjlaGA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBycktKNDhnd2l0cGNCYWRp\nVXhzNlFRcDRNWmRyRDZVV3RyUFBTa2lOd1g4CkxwOFhzYllGZTRKaXpBRU1zTStG\najNXU3lJRnBhei84dWNHTXhhaFJPT2cKLS0tIGhtOGlYVjZoRHpaQ1RhTG1SRlM1\nOUZYMkdPTXN2UkFOYVhabUFLVDNuRFkKvRy0nRWKvMSAh+oOO7w+d8DdTbWOKp+g\nMnhTJxDIDtZ0BuEoF+ekPLmBO9OCnZhOOTamVx9Ip6KEdI6IzwOPcw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBM3RTaUR4\nRHVvSE50cDNSNStCU1FmV2ZJK3NzeGsrd0VGeW5zK0tXWjJlNAovRGZCZldBUXhD\nU1BnT2RxdG1qZWd0UEtLMUt5UTRabkVBaHRqQThKMi8wCi0tLSBTYVlQemRVeEF4\nSVlBa0tnd2MraGlJd1pmTlNvR00vS3RWbGtBV1JCcDY0CmPlEEkFY+7Zvq8pPeWN\nWernuH3s1x8f/35HLpvHlFqLKfgeFtafgH6DlvuhRPdwP7ElxQzvK1iQx+LWu8QA\nUgg=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-08-21T19:57:39Z", diff --git a/vars/per-machine/haze/syncthing/cert/secret b/vars/per-machine/haze/syncthing/cert/secret index 80f27da..c99828c 100644 --- a/vars/per-machine/haze/syncthing/cert/secret +++ b/vars/per-machine/haze/syncthing/cert/secret @@ -4,15 +4,19 @@ "age": [ { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBNmdIL0cx\nQjFNZ2Fhb2tMQWlzSWs3MW9JSUk1WGhSRXNiWDRYMkdYWGh2NgpSL0haTkJONkVB\nSXkxY0VldG13dThKR1R6azVUcmdULzhuTVJhRU5zL1FnCi0tLSA3S29acmpwUmNB\nVUJOT1Z2M0UrcWRoYStqSHBQZ0dRMTVDZXl2dndCSGRVCsXEZHp+UwDCNN8hB9Hb\n2uLKtn2RVzDWZZSsYY1DjC+Ib3LIn9V1Sm9NJZSb9dxEJ76gDpXfpGu3hpDaS1Kb\n6hE=\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3MVduYWdrenl0KzlwZVlo\nNkxScWRuWXp2MkFCYzFrN3UvbWZNbzlsRGlnCkVmdWhnVHh1UnNzWjdjWDJZcjh5\nVVF3NlZNRkpLK0svTERSQVN6SjFpRWMKLS0tIDNQcHFOSzlheHBKclNrWVV5Zm5W\nUzZHUVE3YmRZY0p1Vmx3N0c5OW00dEUKaUa71FUR6uqYXCYvZKItvTQJ9LTs86zU\nATRVoHjadqckOav1Drnp273HDKyp5M5l3eM5QTBh9K2TvltPpQNRqQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBcmZDT2V3\nK2FudForOWpGU0FuMEg4N3NhbklSRHJVZXNUR21jaHFoOHlkZwpzSVkyQks1MmUr\nRlFUbThvRVR2ZTEySnM0bDNWcE13UHloalNQbnI5cEZJCi0tLSA1WDhmZnY2NGpY\nWThpVkpPUVFZOEMxQ0JlY2ZycjhYNUk2SFgxTEI4OElFCu3r0ynvoeGJ+5y02o1Z\nyStTO2PpxgqNAqB/DVjH75xpQIPb1gqNFaR91xeww7lK8F5hngiKrut1I5Uu/aK9\nscs=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWSmdhTlQ2VmJwMndNY29v\neEZBNUhFSWhsb1ZDQlYyLzJidU13WTRLRWd3CndtVWhDd2xLTUVib0wzNUZCQ1pE\nM0JVR2dLMGZnVHBZZkxGb3NhU05hUXMKLS0tIDhsR1F6R3g0U3BqUEg2ZENKa01p\nbjNXQkNzbE04bngyV2NSSUd0Z21rVFkKBBE3AchGJde0W2BeE+3yTpPHkG7Q57ZC\n7c2Gi01jSTzuY35ShfI7SwcdiB5bXvFDlp8veRYaVbRb97a3yzk3mg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpbW1EUUVuR3dObVc5YVlI\na2dRUGNrTnBrSzU3NmRWVGdreEdDVTRuSlFVCnJyRHVJK0tmVDUxdHFSRlpxUWY2\ncCtZeTZPOFpnWG9WMWoxcUd3Z1I4S2cKLS0tIFJ0Y1dBT3NqdWM4aUVvZk9GM0Qr\nOGFqV1pZcXJnNWpSY3VER29jSzhpbmcKlgd/ahLtBvAGRzu2w4ddn0wXz6LwoDzw\neD6HO/TSjdN+tJe1fKcdnywi1XMjLC4qkJiYz64TcE/7vEmVt1YPnw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKeXlpVzgzRC9SNGQ3QjlD\nMjk1SXMvSjNtcFRJMTZhK3JHb3pjMGR2b1NZCmpTVTZCUWJXRmtDY0o5TkV4cUVZ\nWHRseVloUHhWN3kvcTV5TjFNMUdWWjgKLS0tIGYyUHpjWjhwZTAzWTU4dFZabXBG\nMkNMbyt4NlJOM0FxLys5dnh1THZ4bTgKynU4/ygzPLu9u/ye9qLRh8tq6Ajohxjy\nskz0FgGkX7EPRWYuh+v6/vuyKuqke1peZERCLb7WwLlKfYJLeKl9Kw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBdGVPVVFV\nSmIrSE0yTmxYT2FpakhBaDkxelVGRzk1dTdWcXZqMHoweTFnbwpNbHFyUnBwUXph\ndWw4N0xONysxRFd3U28wb0d5aG1mZFZmZ0RoY244WTQwCi0tLSB4R3cyV1ZIbzd0\ndEZmUDNRb3FYMFdKcmlkcU1PWFRJMld4SDNBRDRkMExFCna+auo98pjbmBEm212P\nM9HFzbUmW/nQNzFmCmtBPZ12TLYghJIMWciiCz8piN4745Ff5HwKHZHq8AC5l078\nGAk=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-08-21T19:57:39Z", diff --git a/vars/per-machine/haze/syncthing/key/secret b/vars/per-machine/haze/syncthing/key/secret index 9120032..f14471c 100644 --- a/vars/per-machine/haze/syncthing/key/secret +++ b/vars/per-machine/haze/syncthing/key/secret @@ -4,15 +4,19 @@ "age": [ { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBMmRyZkdo\nVlRGZ1BCalpIeHNiNll6V3dnQ1VDVC9EbDN2c1NXTFJMVGEwKwpNUFFnOEYvM04z\nRmdCUitzMjR3Ris3Y2k4elJXWUR6b0xPVjhuQUpJSHh3Ci0tLSBBd2Z1cG02YUc4\nTG5iZzdBeS85ZHNFdkR2UW1TL1E4YUxLRlBoK2VwcU13CkZpid/zyU8orJFnIURz\nAjbPrjAEbV7FCTdjo40uT0t5L02EL+DdGu6SxdO9uOAIGldT/n4AG6xfaFXKchwL\n3EU=\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1bTV3b0didG14dzltNzJj\nN3NoTE81ZXhPanNmRTdObEQyVDFqU0ZGMWhJCm83TTJtek9CV1h1T3duQWl4Vnps\nVW5UeWNCQ2s4enM5SDFCYUNyREg4S3cKLS0tICtpaHpaNEE0SGZHWlNIam1nSXJa\nZUhrdm9GOEx1a2tmM2IyS1ZNaXB0MUkK0ACO9DnzYq8amR/b5cU7ZmWMTg8/zF4E\nPdPJ2qnydnkOK04ZwXeb5W/KtxgSiT8RAG7+Z0rlE3MCLSDyEiGQUQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBNzZyWEpN\ndkVmNFlZNjh3TW1LSk93OVZud0hpa0IyQ3p6eW9Tb3RzdlI4TwpmRnhlT1R5eExI\nTkFMYzhJTWlrMW8yME1aQW9ZWkx2NWZ3WitoamlFcnNRCi0tLSAvUEZ1VTlkRno0\nOXRia1l2NGd3VkMwK0tCcStSeGFUVGtQOHp2U1Z6L3hFCtB/ZCZKsq8AQBW3Y9fY\n5DqikjzAoGIV4/0aduLIFag0B3NpWKgMFTkxbwBdsQPSVc68RtGD9HYHJ2uSZj7J\n9N8=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2ejlzZEJUZjNwNmZpdzQx\nTUJ5UGJUcmdxUFNidUdPSENXSU54TW1ENlNjCld2MktBVEhMM0Z5SXVkeHNDa3Jo\nS3FjNFNRNG9ZamZmMENRL2hya2VkdDgKLS0tIERWMmVNSzJETDN1YW5HN2VMdTZt\nUk1jZzNwQXJ0am1TaHZ5YUs5MFI3NzgKoQ/HwCxa8tkISkRK7t+9rpMMyy7Wtq+T\n2FU0+fJzceOxU5Aa6N+KADTnY05udhmkbIDKCY8amaPS2Xvcxh4i2A==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArVFd6MzlYbXVEZTh3M3M1\nMzRYY05UWkkrYWdaN2tra0lNUTJRdVhzUUdnCnhWT1RPbUowSlo4dDBUcC9Ud1BR\nN1REYnY0OFJTejB5dzVSOHpwc0dLSkkKLS0tIG9GVDJTRDVIWER3TE9INnIvd0Fp\nd1NNZUhOMCtDb3FJRzRSZlV4eGVMcmcKdx7nYm4lTQgYIsumiB6dI2Gv42Y2+yV+\n90GYWy+B1XIMMAgiaGbWfmigV0dqS/XugnDwmXpu9QcLpAkUjfwdBg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwa0hKNTNQZFJmYk9FQTRs\nVVliNUhuYng2UFpJTS9zSHVwYmJOZ1VjTEFjCnFoVWU4eEttb0cxMmI4cmVKbm9T\nak9jVHUvV04rRktVQUE4RmRzdnBxemMKLS0tIGNQbWw0YzRYMzMxdUlMRTNHV0R3\nTmhTWThOVlpuRFRvNnVSaUs1UFRaVnMKjeWq4LTCM2uGfpg5ULat+jKMXmo/wfSV\nELSqAyuLOuxlCeAakXDcv1rcRo/wBgIQZEqv6YkbXtZn5M3Qi8nSww==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBa0dsTnVJ\nemZQWTNJTTcyWmtEVzVDYnVWeEdKUmpMbG1NSVNZeDh2OWdDeQpsV1hTeE1HVW9I\nNnc4MFJkUC9HVDljQjZIb2RWVXQ1dmFpR1FnSXBrbXVvCi0tLSBqaFZyZVNIeEEy\neHkrZld2L1drK0xPVkhUWkdsajNRVzZiVXlXNE0wR2VnCsIb3oF4WVCjIlH1KRdI\nYuzIVbZUkv56xRQfC/2JRgSVCSJobOm9h8JRn9eZuewqzD+4kiLOx27LAXcMvX+Y\nqUI=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-08-21T19:57:40Z", diff --git a/vars/per-machine/haze/user-password-rpqt/user-password-hash/secret b/vars/per-machine/haze/user-password-rpqt/user-password-hash/secret index 21e50d1..2b0ee92 100644 --- a/vars/per-machine/haze/user-password-rpqt/user-password-hash/secret +++ b/vars/per-machine/haze/user-password-rpqt/user-password-hash/secret @@ -4,15 +4,19 @@ "age": [ { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbXZBdTFh\nQUkvRjhZekkrbGVTb1l3SDNNUmxVT09qT0x4SE1zOFlGcUpzUgpOU1k5aU02U1ZL\nc2VXYWhNQnRGa01FRUZtSGZJR3MvWU91UlVFdGdGanZjCi0tLSBqd2R4bzg0Qm9C\nZXZXbi91S1FLak9QK3FLMm5GV3AyNEI2b2pjcE0rKzU0CqAxB3GStWPJ6sNjv7MA\n4IcsaFjifj7jXG6ubJraGdM0+C5kOw0WiLZYKGa1EjU8FdWm+rh7eGkSum7qf30P\nPDE=\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBudE1xdVAycHNxR1cxYUxy\nYngzZGlSMVF2RzdSdjBXTFFiTmM0UDc2a3k0CnFHWUExTXltYyt0VVl2bVBiSEpS\nb3JCN2lBWHVyMUhpNjdlMFYyM2IrVDgKLS0tIGVPK2tTRStNMEhQeE5LZy90OUJr\nNGdtVXp6R2hRVEFWRXdXYnNBWmcxTGcK1czvkk9uubFGD7n4eSjpyzFMM6hPPzae\n5Q8zDYEuAZaUM9tNTUZtMvz/Q3MIgEBZYNGmLnF6SF1CP563XG5r/g==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBeEdjcEVh\nR1F4MzZad083RFRZQUh4WUhMUC95bUZaa1dFSXFkRCtaelpQVApRWHJ3a3ZaOW5U\nMUxDVGJOTWV5dHNlWlgvQnBoWHhGNURWOU4vUlBnd293Ci0tLSBUTytzdDhBMzF6\naC84bm5pRm1QNUptZUwwcmFxWXp3TUtpSEF1ejNlSDFFCtjcNkkFY1qMEpy1moJT\n5XpOU++83gy/MXRzBYFcL8WowMte2IwczfdZcc+RN96plAqejRVBZE4Fx6OZIHJr\nLPc=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4WnFtNmtrbVNNc2MwQ1Bt\nNUVUb2xEcEVQM0ZMTzlvekZidVFCMDd2cHd3CjBhR1ZvYmtsNm9CL2N4ME5uREwy\ndWtoL3JoWVl5TmxJSlVhSE9LaDIvdUUKLS0tIFdqL01ZdllYTUVyZmJuam4vOUhG\nQS92TDVURjY4b3ZGNGpxOTA5NDZmc1UKKRCn+ZOLDYsUdfaj+pNjSKwinLK2dkAi\nrxooosdwXboTLe7hkhyccFANAJGSXtN9amqVyN1/PJIPWuVtgJd8YQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3eGp6c0Evc3RpY01JajZH\nTjcrNm9xN1N1MkYzZ3dldUFZeDFtU1BQOVRNCk1MWmpsN25wUEdtamN5b0dFYmpL\ndEdJaHpUcWR0NVdOWTAyVjBBTGZHRUkKLS0tIGx3U0srVmJMVU13UXZRRTlhWVp3\nTm52TERSbm5odVB1aU0zYTVDVnQ4ZFkK5nDBFPv/S4j/8FShOaMsWXZMQPJO9vCx\nEi9OU2vZ66tlbgHwTq6QdPcEA5/ptAJnYLrzihs9vMFhKpLbn6ElpA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsdzEvTnV2cDVSZWM2eEJn\nVlBUbUUxQzV3RGJhN3RtWHZNcXFNaEVSQkhrClQ1dEl3YmcvMTlnWHMzN1JwZFJu\nc090TC9wdjlRSHd2QStvZ3plNmY3UEUKLS0tIFgxZzVPRURUUUhwYVg5UEZrREVq\nNk9VcituMktZb25ub25RTTllTnhVeTAKFHF0ZFU0/nxI8OTvvsiJv/vUJjU7nkH3\nRyn7Sl6yQL0aYwPBRyazS5eo3TesPKU0uO868bUui8LZM9z0687zDA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBd2E0Z1hv\ndENyQnA3UThZZTRQNmwxZFZMREVUWDR0SHFPVTJlbmw1UG5abwpMME9DS0w4WWFn\nUGJ5QVR2cnZndU5Bc3g1Y0J2eWRqbWlnWEpZS3pqNUR3Ci0tLSBSTG5zQUhjaWh4\nRDBzSGhZM2I1ajZ4VjJHbVVhRmlsUWRCZEdnVkVVaXRJCpt1R1StL8pXG62WTts1\nL36IuP3cflSegYmz3bLdcnbMmejldl2EYflNmLlhQMOoa70vSJyFjqEZ7i7+ly20\n6M0=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-06-24T17:11:23Z", diff --git a/vars/per-machine/haze/user-password-rpqt/user-password/secret b/vars/per-machine/haze/user-password-rpqt/user-password/secret index edda4fc..7ce933a 100644 --- a/vars/per-machine/haze/user-password-rpqt/user-password/secret +++ b/vars/per-machine/haze/user-password-rpqt/user-password/secret @@ -4,11 +4,15 @@ "age": [ { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBcktwVHps\nN3pxVTJ5MnZDVDQwMyttQTlXLzB1aWNTdkVTUHZpa0lKRWlscgphNDZONTNqSW1u\nUEZZL2I5Smo3OVpNQVdob0pORXd6Qm8zeTM5dGhUWi9vCi0tLSBJcWhySzR0ZTlw\ndkJHUFVJclB3S040amd4clJ4L3phV3ZzRDhxUGVTYm1jChE+SJmu+NHUJPDMj7A1\ni4TvSzWF09nRZw9GB2HxTY7afgC1fr+UtxrheUH+ZRLLqjhsu/AJRPLoNob+yK1y\nP4c=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBNXMzeVV6\nZG5Xd3Ztbms5YzY5dlAzSHhJWm0xRkdMMjhFUzAyZ3A3V1o4VgpRdWtJMDYvMTlh\nei9oQzRsemloVUE0ai9LRTF0VFZuM2VoR1Z4bXluMVhrCi0tLSBWUW5MODE0THpo\nVWxIMHBON2EwejJneVpPTVlEaTFKSkN4ZHVqSXppRTNNCjqu9qygzCclKZaAZLhc\nnNjXZxhbSTqSXr3KlY6O+1FD26UXUDfEsX9pRibZg7Djx8/mUPxJIrOb96CunFmJ\nADc=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHMHZtZVdPWEd0SXJraUlR\nT1lQa09NV0VyenUzVDY1eitCRERlVThGZlNzCnRrc2xVMTNtSnR2cE83LytIcTVD\nR21oZ2hmb0pyOEdnUHM0Uk9hMlA2OEUKLS0tIDlFaEFhWW1KcHlUaklGbkIwK1Zw\nOGlObTFrNmxTRXBOTTBDb0dVYXBpLzQK8lUlsZGVOFzUuCQ9LacJXJpnGQwSn30+\nXilqsbDRI91z6EeDIfUC3awIBNBb+AB5uYM9iYVJ9cYh9fCCWr1W7Q==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnWGNYM3hSMkdsRmRVR1h6\nNjhKNTltRXVvNkhXK0RrbUllN1RVclE2UlNJCk11RUFkbm4zOWxKcFZyK2h5N3BP\nUXE5TkVuc0RuQ283YVIzVGtkNHUwTG8KLS0tIC9lbkNJWk9KMUFwcU9zS0VrVklq\nTjByOWZkaXhTdmUxSW5sODBPSXFPTWsK68XVfgber32/0uwmE7ozcVJQkx59hqGj\n4sV/9pbdJltzMjsZtlRYLRlR8ajdxvf5dv11tIPaZvl9tJMc1tH61g==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBMW1CZzR6\nRm1DcW1uU3BYMzlRNTNMTTV5Z0h1VlFqbHBFdUZCWlVxTUMreQpjV3ZlYVdOcnJT\nQXRpZkYyRjNnT2dFZ2J6Mmt3bEkvbm5TM0VudlVIUTVVCi0tLSBpYURCbEY1MzJt\nQnVXWm16TGl4Y0QyUGM4L3dGeTBvNXQ2MTNBRThMRWxFCgeixfvazqFYMj6hZEKn\npsW/I62Uqx3TuRvqseqvyTRC4lSYV+KzOMGJAFnUTVU8fH+tk5tyCpgeUvIEBWJj\nvoI=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-06-24T17:11:23Z", diff --git a/vars/per-machine/haze/user-password/user-password-hash/secret b/vars/per-machine/haze/user-password/user-password-hash/secret index 608150c..067ed24 100644 --- a/vars/per-machine/haze/user-password/user-password-hash/secret +++ b/vars/per-machine/haze/user-password/user-password-hash/secret @@ -4,15 +4,19 @@ "age": [ { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBalBFenVC\nMld5VG1hZXpsMXRJUTZuWlJ6Vk5sQUxRTy93eGtoVFF0cGdiaApjL1k1eHR0UGs1\nR3NUbGdrRlkvNEcwYkladFZlMGFROU1JUmwwN3JFVW8wCi0tLSBRS2pGbDZMeEFG\nVndCY2pLVXNPU2lrN3NUeFk4Si9mNTlSc1JIdXRWUkwwCqTr6fBbu4AsWHPTvL0a\nyUzMfX6Vdf3NULi4FhgExXWXJgVe39PTBpJbMsJb7M5nJCt6J1vNwqjjvJUZI/8y\nw1Y=\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2UE1YZXEzMHZDcTlSMEQ5\nN2xIUjhuTkErRzF1bjBMSldpMXBQTTI3TUIwCis3VEFMR05YbTZlalk5WGhhYW8w\nS0pyK1E2cXp6bWtsaDQ3RmRKK2JoaVEKLS0tIFJiSGNTWGlad053cGlQK3IxRmhT\nNk9IK1ROcGRZOFprSHlWbEN1bmFRRGMK2RsJ08yaD03DeJRvrym7HK7x/7kL6wm0\nNOmsDEhDR7BAmvHs9UmrYbIimTegFQTJWNCZIGRQEqur+TD+WhA7ig==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBNlBuWjlQ\nVkhib2FaTDdJYVIwbTE5QUFwY3BlSTA3S291TkVhVHhXVEZHaQpGaFVVM3NIZmhP\nS1hzanRoVzUxWW5YNy80SFYwZklTYStrN09jaDc3U1BJCi0tLSBvZXhCWFJCZXE1\namZONmVQbWNaYWZkQ3FsTVV2M252aHhTdWhmTm9kUFlzChB7LeXc/qhdydGuN7u7\n3RC5X2Wz+0vOrsF48qJ9/689p76HYW6exINfCqahLcIQN5A+HyODLBItr53XmHWE\n0ow=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiVHZicHRDUk9iZXIrUzN3\nVDRJSDBPQklVNnpVVnExS1U4WEk5MHJJTndVCmw5cjk5NTZ5Q2Z5T2lYMGxSckxF\nQzJVSG1peWJiYnc4LzliMEJQbGJkSk0KLS0tIG1TbnM2cjQ2MnZHQml0UGZNRWlZ\nSGdPVHVoSTVobThiY1g3UklMR0lreU0KMJGuBcB+/fuqI8s8EBfqPz86GUILJVsB\nIgF+bMvEXH64xoB7nuzGZGSyTeIDfHWZEJ4hMiQFwaSC7podaW3R/g==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNNkV5WWN2MzQ0OVpoOFZU\nU0pEVTVQM3BocGtDY0Q1bHFCVko5RjJWNFJjCnljQ0phUloyWEJ5bVl6Sy9HYUkz\nN0l4a3l0d1hCcis2VVlDY3hYVFpJMGsKLS0tIFc3UjhwRU9GY2lpS3VvQUhWeVBl\nT0hLZktwV0ZvZmxnbUZIZEVqbGxVUG8Kt3wAZM7zlNvx2lAW49TvJvVnh0F2E9CF\nWhy4alo1SpbPLGENdoVJNghRGF4MkhUnC1Yhy8u6rZ1DPkW35Rq82g==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBubjBaTEdkZmxjQUFycTNo\neFRZRFNxelVUSmR4OEUwZzV6TCtpTEc0T21ZCmRnZG5JV0Z1QitDQWUycTJ2SjRS\nSmF3YTFtY2dsZ2dWQjJ6Z3FXZnBHcjgKLS0tIHQ2QldhSXo5dXA0RlI0NGpxSGJz\nR1hXc0VlRFNyNEtKSU5NSHhEbEZzeHcKSk7Tf9wbo8OwJMxv89nh5Me9dAvAxEGc\nvDKywtaOXuC3eD/RaSTKN1FsF/tDEST0cpUJcWn9zAgE8lbaw6NGhA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBMEMvUW5Q\nM29ocE1oajR0am9FUFdldkVEdlZKakJFbW0xOVI4bUF3R3VsZwpCc1NCdHdWZXJN\nOHV5ZHFKNWVKUHFlaWROTm1vcU9aYU52MVFKWldLM2lFCi0tLSA4aVBLR0FzUldC\naWdUZlNxRTF2VXZHUTZRRjg5U0lxbm5vWCtWNEc2dUlJCrCjadfT+XQv8D7ySGpr\nDWd6qtkVMrUjZEBzon+UD7E+LEsB+4iwhvsHHT0y4mP2BYbFgJySgTYrMa3MoyNz\nPsA=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-14T20:58:41Z", diff --git a/vars/per-machine/haze/user-password/user-password/secret b/vars/per-machine/haze/user-password/user-password/secret index 0644d4c..fe12598 100644 --- a/vars/per-machine/haze/user-password/user-password/secret +++ b/vars/per-machine/haze/user-password/user-password/secret @@ -4,11 +4,15 @@ "age": [ { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBM1pvdnM2\nbk05cUpMbURJamVJb1hrcjFiRE1UTGF4MDZlMExsUnNJWXJzNQp6bGs0Y3hQNXNu\neFBWakMyaFJXclkvMncvMTNmbzdPd000N1VLTkIxT2VVCi0tLSBnVjEvVEZHREJr\nMlptck9wVEtjNlF1VDE2UUdHQ2Njb3l1bEpFZnFQdXcwCjJUWX4B5IffHCCRHK6V\n772YvDB8/gswXNSlAhCd6LIbufKFvlJgNHYzN/WedzdP7JhSWI+HiVBJ4eiTKjRK\nyaw=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBenNLV1hV\nb0srQkRSZElxSmEvZEFNZHVJOXZsMVU3d2pJNlNtWFFtZmM4bgpjTGpBanJySmJ0\nMXNYTURWUkNVQ0ZJYzRaUWJrN0cyTmYyZkVCNGQrTUg4Ci0tLSBVOEFIbXdwMVpv\neGM4RTBpM0tQRXBUOStRMEhzRmpTNGt3dWVNaDFNaHNRCnxB+7dTBcKoA9fMy/tF\n/weiA3Dh8j5VCxMDyWOvCVKPMA70rLCh5Rc7/pZU/vCmktQFLGgnXVamHncU5w8r\nlNI=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZStUSzBic3R2OTZnTDFO\nTWZadHVDb2ZNKzJNeWlmRlAxUHZNSkNDY3hBCmE5OE9WeUlBNGwxbjFpUEZsalA3\nT0xoSmtzK2FVZTdOZ3lML25BeXBtMmMKLS0tIFI4SU1iZFNmWkpuZE9OMktqWE1M\nYXZoSzlENkdjek5kdUYxUE4wQWZJNFEKKOs7miXa8P/v7TVl5udA/p0x3rxQup8w\n2X22pf0llgxcoz5t1MX6c4rWsq/1rSS3NGCIdFlhs0nEY75PORb5qw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFQUJOditCdTM5dkF3RXE1\ncGs3cTJQNnpvRzl2Y1pHcmhTY2VMTEtTbERZCnRzT3Q5Sks5VlhQMWNsZG9FR21y\nbDhMRHRLUlUzNi9oM1dBaUM4QjdMaEkKLS0tIFBVVGxBTm1OVG9xWERBbU1sYTVO\nb0NkMVdJR1d4UGtXOWdNTE5xRE9ONDQKP1iVgCXH6HCELkNXsrQCnCkCuubnxFtB\n2fKNNzio1qBr+tYgxAXF2W41z3hWhsSSKKC7LyRDT8ozvfIpPWL1iQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBdE10eDk3\nLzFMaE05bDNsTHFvRGE4dC95dDZKd2JYZTNpSzNnWlQxQnhFRApRZm9TNEhIQ2VE\nck1XTkJ6Y2xwNU93M2ZNcFR0UFNiQWl4T1F1WW8xMWlrCi0tLSBvY1dBeGllTGxB\nVDRsalFSTVBXOC9wbGplRmlTdWJYOE5PQTlhVGZySW1nCqNn/hWXd00ypG4DjsSh\nZrs8ZstW4n6d6leph/WHBT5p64rN/U+CD2aHqulW0vTUGZLHrP0RNmOQ0nlnENjh\nl6E=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-14T20:58:41Z", diff --git a/vars/per-machine/haze/wireguard-keys-wireguard/privatekey/secret b/vars/per-machine/haze/wireguard-keys-wireguard/privatekey/secret index bd79b3b..5dfe94f 100644 --- a/vars/per-machine/haze/wireguard-keys-wireguard/privatekey/secret +++ b/vars/per-machine/haze/wireguard-keys-wireguard/privatekey/secret @@ -4,15 +4,19 @@ "age": [ { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBdHQ3S3J3\ndGNxb2RVWkVQM3JpMjBOUVhRbDNFTURQVHBvYk14bUJyN2JFaQo3dExBLzdmaGJ1\nTmFQeXkvTlpsWW1JQXJTNCtodkNXeFBiaVR3RHIveTlJCi0tLSBJWVZWTUdrdDhC\nNWlRQnJUY045ckIxWUc1aDNleFpUQ0FVZWVRTzFnbzhrCqLv8gjXDXK/3d1JOh6w\nBD8wiOycLtB8ASm7TT0y0zAdFFxdOq3qbO90F/shCdaHKtBKzeRu0MP/3vARmbkw\nRKY=\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwcXg3ejFJMUtIWDV0aERO\nN0VKbjh2TjhVZ1JYRnl0c3FYajNXTXdPbXlFCnVyaWExakFHdnU5MzJFRVhKaGg0\nYkNEM1ZrQ0VSZ1NaaG1pc3A4VDAxV00KLS0tIHlBMkdLMDcyMHlHTHZTNkNudTZo\nM0phZ0tTV2V5VlB1TU5IRXlaT1lVYm8KfT6xvjieQzSzbbXyGaP8G2Nq9j0SE4+Z\n2av4tFhAnzR7ufuih7YQp852LBpd0m9DLsfYwNdxiGPIdNiYzUUMpA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBOU0zNlBk\nbHV0OUIzY3NkQktTNUl5cGtPcWFyWHdNM0NicEd6aGlobXJ1VgpUOW5SUUtEUGV2\ncUtlVFI5eE5GZklaYjIyWk02TE8rdHZ5cHVPdXd5OWw4Ci0tLSBROWZ2WXliN3pi\nUzZzYVZxenpZc0U2QjNiN1lmYStSb0lLQzhGZzg3OEVNCpGnC0PHvxMFKSjjeb3O\n6r22kqZr/jflNAkIRMfK9r0yycIJtir1iO/R6FADk1W0GGgHHLa+dS/TfHThJy/F\n0yw=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyVGhTMm9Id1MvazRxR3o3\nYnBHZyswcHExSTdsMisvYWhPczBHU2RLZjJjCktTbzY3SkJCeU1jeUdOUGhlTTlU\na1Aybzk5VnpXZzRmWUlEajc5RUgxQ28KLS0tIDRwaGhWdzJBMm9GZGozS3Y2NUlj\nVDJVTWJ2SmVaemorNTY1UGtTTEh6dm8KMirngnGd4cwLCKqlaF1n75c7SADKkIOO\nd4PqI4eUwhalC/NBZ2OCDNi4PJYhTY9pl2/64iZ20j+Vz8Ut91r5nA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYaGNJR1MyZUFnL3d0bHRy\nVFBta2xHdGxoeTZodGlGQkhLdDBSNUlRSDJZCjk2ZjFnWTlDT2tIOFNiNGRvbG01\nYytOcnJGM0N3dUlaME1PMmhyUnNkVEUKLS0tIHVBUU03Q0c2WmZmUjN5WXJzQk9W\nQ2owaDBXa3htWDBmbk8rUEN5a3ZaWWsKmavt7FoM3IvvnXt3jUeSXmuA8h4nhaf8\nRk8dOIZxoWVjWi5cIImV2Bu+zDl9TtWjiRRDxzSux6mtDDUkhyk+dQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkcEMzWFVQN1YxZjBKQkd2\nSGFjYjlTWHppMVhpZlpHSVFqWHRjYUlIVlgwCi83YmZKYytsVXVJZEVibTdEMkc3\nelh3aU94K1BsU2lYakMrbXVXQ015NDQKLS0tIFlIMTJQMFp5THhGUS9RTmIyaXox\ndjBqR3hkdmh0cldVeE9kWWVESldlSU0KcCTg1vasovQBFBXJQJ/CDqBgjPMz7Kdd\njHW2TRJ3Z2a+/Cdqa4Asdi2eYc89Rw44FbMDRwSWAPg7azoneA3NLQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBNkdBcjQy\nRXFiOVZLS0g1bnVXYStkOTlZaDB1MzQrQWMxM0ovNXhOa1ZuQgorOG5GQkRKTTh0\nY3ZKYVJ0ZktlQVN3MTFvV1lQSzhVMUlESER0Z2xkYkZ3Ci0tLSBPYndLcnpwZEts\neFBKQzdudXdoaDYvRStGZ0ZORmphMnZoR0VQMUhaZHdnCgi15NaACFCcLpGLGoKk\n/wmhvFIdNm9/6crVhdrnb/qzQUWUF2HYJdMeI22iEaPCughhJfXX7L4uBDlBOcni\n8JI=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-11-21T16:24:47Z", diff --git a/vars/per-machine/haze/zerotier/zerotier-identity-secret/secret b/vars/per-machine/haze/zerotier/zerotier-identity-secret/secret index cb4985a..80357a0 100644 --- a/vars/per-machine/haze/zerotier/zerotier-identity-secret/secret +++ b/vars/per-machine/haze/zerotier/zerotier-identity-secret/secret @@ -4,15 +4,19 @@ "age": [ { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBdEFIZTlF\nZ2xUd1kyb0Q3YWVUckxnb0lMSkY5akxleHVSbGhrL09ONzdsSgppTjBpcUh2Unls\nSGlmN2pkRmNiU0lDVTYzdXhKTzdJN1NBb0F3c1huMG5JCi0tLSBVcGJ5c1JKT1Nr\nb1pOQVZHWlJyQXI4eVlyeVg0Z3cxOVZ3NmZEdDhjQ0FjCnO5fA30r7LtS0TUXyeC\nSZQneGp4gYuTSnZs0iQFiektfpTrrhi0Fe5ruJ2Rw+tsHXvoXhIuw2lRqTNh+BIe\n4TY=\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDQXlJeGdjTjVMYTMzNlpu\nSHh6M2cvMmhkRldxZnIzaGs0TjJUT3Q0TTNJClZnb2pqYVdQWlQxMmdLREZlaWlS\ndmhCU3ZIRGVSbitxTG1GZEZKck1ENEUKLS0tIHlaclVCakZQcUZXbThTYTBHWWp6\nLyswdVVDK0gwSGJVeXVtMEJJdHZ6T0EKKVCKLuZ/Vt8XMigP/oEe0Q+UTg6dJ0ce\n0trvBLfUABf9nUwEdAw9NR+BeLYBTbXga/5YlWWNyE/MDa2Gl/UWNw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBazJPeGFk\nTEl3QzB1SE9xUDIyT0tKaHcxdk1RZXdXbHU4SFp1WkpmWVhsaAo4U2JSbXZLU0tt\nU0lrWFRhajJjN2ltSTk5VnJXS21uRmNMd0c0b3lkN2lvCi0tLSBkb1l0UVFSWWdJ\nb3JaOVo5aTl2dU9yalNtRTk0R0x4UUQ1MXkxUXk4UjNJCvMpWIDWmCj0t6H9GF7y\nVWns9YzQ1P5tEEeZArACMxG5z3Is+hNOOrDZyaLlo23RfrnoKHT2ZIy3kYSbNQzl\nYfI=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4NVZSV1JNWXpGTDliUnB6\nbnhBYTZLNStXNmh3cHBsR2tEK0syem0rNEFJCmZ5cmQvcHpUbTFiNXQwMThkWWxu\nTUZ5cmNGbEppZEhvMFdUN3lXeGk0Sk0KLS0tIEFVSXN0T1NzK3dyZ21IemdHUzlM\nU0JaYmFaUkhxTHNYYi9YWmliVGNPWFkK2gMS5H7DMFmfAJgJv3XUTASpxc50Ny13\nNCynIyBRthe5v9buKAV3ioJHuPC5Q+rXoC8sGgLxi6T/t8V5T3FOoA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwbEsvc1MyMDRDUWp3di85\nZmc0eTVQUFZCRFo5N3RsSm91L2VTWGdWRVJzClBwUzJjNjNMVW4yT2M0eFJDb0xw\nQ0NXUGtiUkllbGhOTVVheVlwbUNpYzgKLS0tIGw4OHF3c3Z3K0NKNCt0akhGbWVL\nR2RWRjlDYW9QOHVYRUJxMmVHL1cxb1EKTcDfODorOcvn8D8Z5hNCv4HuzOxHoVcV\n+J+2lwZt1leSlKw4q5HpOGPJclGguXW4P3yZhomqOp5nnAfNXGHuCA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZbGF2Tm1YaElZZXVYM0NH\nZXNiS05seEF2NXI0akpYOW9EU1VOZ1lLa1VnClJZQWlMczVKcE1iVmNHaHlpL21s\nQU1Bd3U3NnMrQjV5SjBqUW44ZjFzcnMKLS0tIC9jenFDemNrNWdxRWltUmYwS3Zz\nMFUvVmVsSW5RcCt2UEE5SFRVWTZScjAKT5pk/uhf3deBCO3dA/XMFQEltotkvxtI\ngqt9Db21ZE+d7svhpLWP20YzhNbKBNyC/qzd3Q2ERbmmHb6X5/gakQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBK2xpM3VT\nbUphdFpITXhDTmkxYkM1ZVNjYTlOdTZYa082L1FEK0xNeGRIYgovUWdqeEZqcjdG\nQXhvWUlmMVVHTGppVS94T2kzdWt2dWFNL3JOckl0M3NvCi0tLSBabkx4ZE1iOGZF\naE9RZVZ4Yy9ZL0dneGdLU3NnMGNaVk5HcEhlNXcyRW1vCtgwH7vs9aLr0rP30h5D\npV9hBiMtQOfZxjsMP0RDF0XC08/v9bLxRnjKWESZr7CZioZ8mUI7kXH14jR7yml1\nSIg=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-05-10T13:20:42Z", diff --git a/vars/per-machine/verbena/borgbackup/borgbackup.repokey/secret b/vars/per-machine/verbena/borgbackup/borgbackup.repokey/secret index e2de3af..9e18a83 100644 --- a/vars/per-machine/verbena/borgbackup/borgbackup.repokey/secret +++ b/vars/per-machine/verbena/borgbackup/borgbackup.repokey/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:OA19EoSW2Qlea6yBU721FABKZ4Ay3gzR1Q1XbI0K35K8GCo=,iv:Iwm6YD4bEiPK4MDORZz36O8DzSJD2Z0vsqhB+TOePZc=,tag:9fEB0Vai6oQrETo8GlO+Kw==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBbGJrcWFm\nWEV4WTFUcVhLcXVwVmZWMDJGK0xvQzIyNmJ4cFJsS0pMMlBtcQphdDNlRmtlLzVW\nTEdLdkNpV3ErdEpxWHJjcDRmZkU4VnFpU2hKbW8xMVRFCi0tLSBHTjNCWExuaFB0\ncXcvSWhFVHh2Wjc3LytsSlQrdThmcFJVZDJ1dVl5Q0tRCi+gnK2wd583n+w9rNH6\nYIl8KwduCI9WkNx5Vw2/e99ruhkXi90b9CEawbi5HjgPzisLh0atTYqL1U8NhBNO\nvrA=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbTMyb1lj\nSlp1dVZwWnBhakxleXFvazlCZUhsUzQrTkRYMks0bVViVm5GUwpuZnBKMzd1T3Vw\nKzUxWUxTQnFKMm5VdUtVaVZWV3Y2NWtBSERpaStONXk4Ci0tLSBNNkEzQkFSeUJD\nWG45KzJzNTNBbFE2T2ViN2ZIdkc5SU9kWS90L29iWXZrClO5H758dE7qRFsi/EiK\nzvIHE7fSCT9kiTanVqD1i9XnPAwSfAD5UvMRbq0m+0v1eruuhDoe2fP9wjJWMaRr\nCHE=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBcVRBOWtD\nTGF4elBabkRyTU9rYVk4aldmbVdNalFEZU82cVVuN1g4WEIxdQpkMDBVQkI2RGto\nSUhZWGxyYjZ6eHNpY1piTGFzZUpWMzhxQ1lheHI0MFZZCi0tLSBMd1J2clo4NnRW\nNkU4eW1oVVpsQzFBaFIvMEZuK21OSkcxVFFtQjVYZkt3CtP7JU+W6GtniH2f265N\nzyNJhsTiVPZ+Cm1ao/OpuRyQe9VgaCbBOoEECAFhTlB+GQx8fWQmV5tczjO3j5q3\nCHs=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmdHRCdXJHbWZPd01RelNF\naTgyUkdJQUkyc3NyWXRqOC9MbXZlWVZLVEdRCkFDeTBibmFsWUFxQnByVlVWTzE1\nc0pQWnlKdVllTjBNbE9OaFhMSm43ZlUKLS0tIHNXTStCWWxYNEhqVVptRWh0ajVH\nanJ3ck5UdXdNa0lySS9lUys3bTlYMlkKXjQFzg5yrYZM6k7eFWc2i4e7UufF8zXq\nLvP6BOV4JjGtmLeWbSZhG+el1WRifydOyJA9/STVxEOqTckiKIFwhQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJUHJZRFloZnZoUjdpS3or\nYkxRcjFNNm1qWFJJTzVDZmRVWU84eFdWeWpNCnhxUFZMZkdSY2FoaWlJSmoxemVp\nSDhoTnJISTRwUm5VMXo3TkYrTUhpZUUKLS0tIEVOcWhCU014QmRCNUtHVFFMYTNt\nbWhYWjdZd2F3enp0MEprL2dTcUQxUjQKdvEU7183HcB7ejQX0STb1WiOzt5VTwAM\n2KZSmB8T7l7zK5QCebVv78bWbseQ0ls3tRqFizxT/dgH3fXwyHbsvA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURFlMWTgyejhMSXpYNnRJ\nNG1KdExCZFdrSVVSaC9PV292c1hKWEtkbkJvCnJsMHRuT0pvZTZqZEh0L2Z5TVFV\nNjcxaDRMWmNyNS9FaUZtL2EvREkrbHcKLS0tIHgyUVM1cHFRQXVMT3FpdGZ4K0NG\nTi9qOWlPT216bFNwUjhnM3dIdVZTYTgKBR291dhGHvNhMs/2A2aJsnfeo0dQc4Bc\n/fZJo8M1vYCv8M66uzdXuXCdmMXCN0lgX6/b9M5eA4eDBcWbNh5vnw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0cEVSNEhyQUd5RmxZZFA5\nQ1hDcEtFZWdLZnYxRjdKWDhQSmFXK2tIS21BCmFoS3gzQUlpTlhTaWQ1OEJRTUpJ\nZ3dTengvdFBhOVZzOWxlRloxN3RvSTQKLS0tIDJCSjZJcGgrNnBmWnBEQVE4RGJX\nMWdoSDJ2Tm5FZE9Va0VJSjE5N0E2L2sK9oW8SqMwnvuTYr24PwjLsi/u1sTJcRZq\nG9gcbsngY3f5tmvoweNseVNEMqLvIfMDJ5nCLf+37IVsMjlsIJsSoQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-24T23:04:28Z", diff --git a/vars/per-machine/verbena/borgbackup/borgbackup.ssh/secret b/vars/per-machine/verbena/borgbackup/borgbackup.ssh/secret index c575e93..228c81a 100644 --- a/vars/per-machine/verbena/borgbackup/borgbackup.ssh/secret +++ b/vars/per-machine/verbena/borgbackup/borgbackup.ssh/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:vUrRWsUzWhWf+vdoU2PL8TIIdAf2aa3Zlp8jLoZcriw6yWE5cmVW7vHYBiDIYfiusple97nptPm+h5mS70jGpRkRpHq3d/Gq6LLEhYnoekihSjxCYEnpZo9ItdUYCN/RzvQ2vPtOQn0sbiore/uc/0GmrVA5nX6AL3u7F4AY/yUWDKV3HshHBjzQB7uSAm169s/UfroevrMD6q5ghYjtOT7cNEhykhD6kiNFOY/YsCISuYSGR+YBmwH6UfdoPX331IrizraNDhVXdnb3bWWK4sYt5NzUq4yKwzX3EcsY+Te8irGsB1FLoENkRN9ITlaf64O2ZXan76AF0z8GNYsv0k2t+W3sGGR/crV0L2e0Oi3hcLq8+st07/0DmrtzRstsMZDFkYyj+qb496kMSWvyciSeOC7stVGM+5vpZQQYJic7ofeT5rL47rv6heQqTssRO8VAaVhte3Wlf41WOXXCx65Ypl87KXfLh7JdAb1jveZhG4rNOgihrWWFT5A8sJCPgnU1,iv:hD7qjliIBiHZ79YGchL+njgKdaY+O4ek7MJ5eRF5Ivg=,tag:QOxjOqdiN5BFe4Nr4W0MyQ==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBOGhGQkJ6\nYjM3QW1HeGpIajdTaHV2T084YWdLVlNCekVtbFRwYmFDSXVPagpsTXJyelFVNXdY\nZ2IzcVZJMVFsQkJKbHB3eWV5SGFDK2JJbkVUbTAvUEJNCi0tLSBlVkVNditWdjRh\nRWhyQUUwa29ZU1VnOGF3UFpGS2hvQTk0TE9rM1Z6U0JjCpgokN57F7ElrHAEiRy6\n6DwDTq9A7pCDkqRSQ5rB/VM7eMNMJGrti1oVmp1xQEYl95cuPfI0ZniQjGJRcqBo\nYRk=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBamlMVHpX\nblhCNEcyWWxJVXkySVRUYTJmVGtGM041QVY4NnZzU1oydG8vTQoxeTU0MTRyWW1t\nUmsrQTl2alVVUjFzb2NNbW1iVWFtTVR6NGgxZXVUTHdNCi0tLSBRSnlYeDV4Njlx\nY0hMTUZCTWlYMWZYQ3VRODhOV0QxOTR4c0NHWG5CeWY4Cr/D7GVrOikMs/WnrXTo\nILE0LxsghbeCr2YuT+rDKkY8AomNFpwjGz9nnw3AcYEZ967wUP/sE9PdTZmFFIxy\n6w8=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBOWhIWWpo\nOEpoK0ZVQWJ4Ti9BKzd1cU5IUFk1TW9GL2o2eXBtRytPU1lxOApCNEcrUHBtTkh1\nME05aVNkOEFmdE9IOXVDM2NUTVBiMGFmeDRpQ2RIY0ZRCi0tLSBqaXhic0hpU0hV\nZmY4RXJGUXBpMlhmdUhQUXVrT2xVQUdPWm9mb29MY0NVCtNOvwH7Hzlrr7U+xT2W\na8clXsg8FiGugnb9b2Cci3PuSPr2ULiH7SIJN3/TB38G5xS871EatgVXfdFEn/OI\nbtc=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTR3duWUpaSFEzOUxQQW4w\nYzV1bE1OZ3c0aWpSZVpsOS83dk9GaWdJcEJFCjJTOTdsa1g1dWlpTXhpVWRZekw4\naFFMUHJ2VEQyVmc0eWloSWFUNmpFZ0UKLS0tIG1MN25oTnluSHltUEYyNUxoelRB\nTG4vUnRnWDZlbHlhUE9vTStZYnFFZUEK2DtdmfzKsCdcmjN/RQH/IPbqKq7QRfYJ\nJV5nsiYiFHOOv1fx2//pW5vR6zQvACx0zBq/E614o587tY6qIn68PA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmRng2VGhPcnBGQWNmWVBw\nUE9LbVd5eTQzQTZqa09PcUtvRlU4bWdLY3k4Cjl1NFhMQURHcUt5M24zUnVha0tj\nSlRHSW5vbklXTjVLWTR5MXRXenc5SnMKLS0tIDlRUC9KTTdKZ3FXSEFUSVR0NUsx\nd3NqaFl5N0JWdGxOcjZFVUJyRkJmSjQK2phuifCZvZU+JjqUeGc9u/tj+E+ksa4f\nbNFVZamjtB5jhxbVPQ1iyQ1Hoi1kkqT9R+43NTzUnJHv921bIeI6cA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCV1RYTlZHYmJWOGkrRmlF\nQlZRMHZ6V2dVbFhWY1NSZ25TbCtIVklwaURvCitDcTRrbFIrbjJjUVcrb2NtMDdL\nWnJwaUVxL2lPb2o3ZXdlbTJQSHlXcTAKLS0tIE5VZnJsL0liTHVpUG5DOTV4YURY\nRnVqQmM2QnYxbFVuL2hzVThpeC9kc1kKxs7FWwDHHnWZia/v18HgU2OXdWusY5S2\nc/1hu4pFzIJZeYwFccGHhNsS2nrVZpTdwMvaAtB5SiYpT3vHmWSFYw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaGNVS1JTaVozcklucXJ5\nbERzbllrOUNqSHJTUG44QTNwMkVpQXQyOUcwCmx2MjNZaXpBaHNjSnV1cE5aYnAw\nQUNQWDVJZHZmTS9mRkNyd3ZRM1doVWMKLS0tIGNERXdnL05vRGU1R290MFlQOWlu\nSE5PQnhEOE5hdTRjU3NYcFgwVUxwQzgK5RAMppjBJDe+Z1WUS+y8p3NfAD86vBQH\nRCHlWmry7sLLuKG+80ntFObKr8JmC3/ykg0+8pjmXGl17I2U/fBqIQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-24T23:04:29Z", diff --git a/vars/per-machine/verbena/buildbot-worker/worker-password/secret b/vars/per-machine/verbena/buildbot-worker/worker-password/secret index 7ecd1d1..e964c93 100644 --- a/vars/per-machine/verbena/buildbot-worker/worker-password/secret +++ b/vars/per-machine/verbena/buildbot-worker/worker-password/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:96CnBRKaFXT6y+uLnltdrQEktrpNkRzFhXTD0TszN0KDOYYsRSVStsOPicHoDj1I0lcSqJQwic2/IW885ZDZdII=,iv:qO5NhgplS79EKDFT+1cbRfL3fhm0ZVQbIU67w3lf2+Q=,tag:YDYcajCgWT40tS4uYLyoLQ==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBM2psQmdL\nZ0ZmTzg3U2hnNS9HcWRoWmdkWG95UlV4b3BKN2ROTHpLZjZHKwoxSUQxcEh2Q0o2\nKzg1dThQaWJOMERoajA2VUtpTjZKMHFYaDRLWlJMWXJ3Ci0tLSBiS3pCZVc4b3Y4\nTEdXNDJYQ1hjZXBDV0xGdVI3d2NnQmROdVpQclZoRzZrCnNCjThvWRxwiVlqI8ID\n/628uDwjoOuI6M06eOCxxe65avnoMd9ViuJyRwJBVtdSphsYKrLWrInvE/bQKkm9\nYW8=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBL2pMaE44\nQTNoMkhBOE5VQTN0cHYrU0U1M0RLdXE2MXp2RDhob3hrb2VWVwo1NnNCYWZlVDl1\na3FPN2RaTnVMdDIxVys5eUsrd0FBcVQzLy9TSCtDbFB3Ci0tLSBJYTVOc0dnYUFv\na0dWb2Z2U2JXZnVvM25Nc2VBdVhKTys5RnNkV3dORVFzCoyFq3NTQ+pXr/A9d9lQ\nHE0jotOZ8d68xgFsobWeRedx5KZtb632wEeIHG/bFNGqP7D5/5JVM0KAGQXLCtuD\niu0=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBeTJVZ2Jn\nUDByM29GQnd2Z3AyQ1lxZ1NZSG9RMmsrM0Y3eEpRV2wzSFNwOApmU3M5QWFPSEcv\neW1TVm1xS25XVnh2UUg0ZUFpTVd6N1dCVUh1Q2FJdkhZCi0tLSBSdDNJUE9vWEp2\nRU8vMSt0Nm9EdE5XdVF6UXVud1N6REd2Nk93Q21XdnRFCl1Tk0SMTqvop15O6+Lv\neAxdd/p5w4QTLCl4a1Q/wPyxIAbymYs3EX37TnrpyrW7Nf1VmBucJlpjMV/doz6K\nh7M=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnN2VZVkFVbHhGT01ETjdU\nMDRrdkdTVGVDVUtQaDVOd1BDeXVYbjZpRG5BCnhaRUhIanp3WlVIN0l1WXhqRklv\nS29hZ3dKUmJabFE2d09PeFRNYnA1c1EKLS0tIEF3WERqbXY5ZFQ0QjVIaU9raFlm\nZHFRMHd3RkVwbkVSL2dmbkxNYlIxUU0KtwST1NBfp2pPAj2AarIiKD4OIXszvvlt\nIoqlNQKHDEKWW00pWGthcZubq4QdGUpjYr4SDzYIaKDgtIkp2wsz6w==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFajUwTEpjUUpXVFdNYzZ4\nMXlxZkxsaXJqL28reHBCL3FwWGJ5NXIxNUJzCjNvRmRSR3hiRFBmVkJ1ZlVsQ3ky\nNXIzNmxLNTNMaGlZWVNQdElQcms3dmsKLS0tIHFnUzV1WXlCUkFZQ2pFM3ltV1ps\nV0xULzlDOUY2T3BYNzUvaHlldnBJY0UKh08SR4vFOYyu0qquO5bxtqXoUd7mG9JK\nITMwEvzQtcv+oVIWz6pZjTNsm5A+eER2FLJtJlOzunZgwySPj5Q6XA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3cWlKN2tGMUhRNG83WUNO\nN29ONCs4bTVTUTdZMVM0ZkFQenJQNWZEMURjCkF3Y3VkQngxZlBzTloyZTJLZS9W\ndWdZQjh4ZEFVTWxVZ2kzWm1kU0FtTU0KLS0tIG0yYzNBY2tvSXZlSEJld3JCNHln\nTS9MNDJFK0dZV2QwQzNwNXZxM0FEc1UKgoOrWS2zSxq2n44TPKTr2HrD8b0ZhLOi\nn1vFTdapXhfU35gGeeWU5eDeQAc+cOXss66FVTQA0GXnGbEZVk/5qw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0UU4vVS9BV3NCaEpQU3Z1\ncDd6bVJoY0xUM3MyVXF0bzJzRExTeEtTWlQ0Cko4MmxYcG91UkFGYlR5eFJQd1da\nRGpLYTc2U1BWVDNQZDVCdnRvTkRKSk0KLS0tIHQ1dWxyUHcxUmJkSU1QaWIvd1Bq\nQnArbVorK0w0VlRMQUR0U3d4d2IvZjQK+8u7NehL+GAUJe74oArXRa7dietE8rlC\nobo6oTN3YYFPAchbsqPpk9g2XF7lQ0CbXq+XPUBXvcVWepXlHZ7/zw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-30T19:23:50Z", diff --git a/vars/per-machine/verbena/buildbot/api-token/secret b/vars/per-machine/verbena/buildbot/api-token/secret index 05edb5f..85e2b69 100644 --- a/vars/per-machine/verbena/buildbot/api-token/secret +++ b/vars/per-machine/verbena/buildbot/api-token/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:TBkW6fgVu4nOFNI9mQjrnkW++jc7fchjJBDwTjaNkEh9E19MMTlQnw==,iv:jvX3gKJ1I7bRcsihqVOYBv6p0KJhQXT1oAG+wlThRU0=,tag:uYGupsYDsJFFTY/eAC73pg==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBOTJEK3Ax\nRVlXaG44NHpzT3NTTXJYTXhlRHpnbXZ2QnR6VXFRWnlHSk91WQprb2FFa0x3SSt0\nRlVBMlJkdE1jMkVxT0cwMm41V2JMUDhsclRhanY3cVBjCi0tLSB3TFp6aTg0anZL\nZERNUEtwK0F3NEVMMzUxMjJieDVQQ1FSWCtnWncxTG9RCnX4zS4JBzof8zEKGfxc\nEvz2y+MCTe1CV31rVXKX8ToRg3ZO6vTp+ChxVD2Euo2q8GGGA/8CG7ejfBPOJJQw\n14E=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBb2xGc3p6\nQ3ZkNUhkc3BEK0FyTWcvbndXZi9VQUJkQ0Z0dC8rYnZOejFydwpGNXNhMnRRRElZ\nMXRRdFRQYStaT1hTS3Z5eWQ2Ui9iZVcvUGl1b09VQXhJCi0tLSBjWm9CLzF4WW9X\nRStqV1BITGd5OURUMG9GSGQ2TFVURmQrNWc0VnFEK0tRCjt7jyhTfeWk9mPuFUB4\nGoPJrRYDUn+g6A8A17y42DNJ88MD22N6t93uJRvulF9mbVMHiUYjT0dYFMXAT+D+\n+18=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBOHpOU053\nalpCQ3ErYzg1ekFIclZqOGdtUFFkQ1JzY1hzSW5rY3JIZ1g3YwozaWNjYTAzVXZJ\naVhwd2dIK2Rpc1U1ZDg1U2UxanlpSzE0LzB1MExYMWtBCi0tLSA3Rnl4YVpNVlVQ\nRWxYSkl6ZWNQbkJZZXlwdkkxOEo2YW95bTJ1QlgvWDJZCq2pDBZJP+8ZHlvR+OaN\nuA9VrVqGoG852JhTDYuy11wJsK/v/f+irLhKB1tBubqCTW0nPT6MqElA6geksp9g\nbbk=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1QXRKYXBMNjlZcnJNZTBz\nNkVhTmdFc3c1VkNDQ1V1Yy9qTUZHTXhKUmhrCi9QR2Zvcjc0YU1uNmZaVzN6cHpF\nVFNCMmF2UUVxM2szcmhvcHRWaE1TQ3MKLS0tIEFOYVVZdHRJcSs1QlJiazRkUjQ0\nbVZXMkhQOS93TzlWYXlqbkN6Qy93eUUKwUL8MhRE4knoipL/TOt8rzo+pgAeW17z\n+QBSsJO6CsoKH0uOc5xKT0dDyCMNrALLPZ4nAzO6+sZDaVySZNefEg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxTVVnTEdoSmxqazN3S3FT\ncCsxZ2NKNnhEdHR6enI0dCt4eStoSjY5ZFI0CmdBbkRFWEJncmpsQ2RNM3pZMnpk\nd2w4c1VrQzdhQWJVSjcvblJhd0x4ZlkKLS0tIDVXZFVkdUQ2V3g3c3hOV01oTDFM\nb3MxRjYzSEd3d242WHA4Rlo5QzEyc0EKzAyUGH0whYrqKL6RD887V7OknyrSoCVX\nP8kc6uOopXCsNM3RoOoNZVuq//c1KPB2ilfKddm9CtnQtO14SLzoog==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnK2EyTGZuaGlZeHYrNm5N\nUHRJbkNIdDdhbWowaUx6b0dpREU5OXhkZ1VZCllGN2JBNGJZNE5rMGpIUDNxOHJw\nZjdyZFRRbnZXNk1XZVRVVnFxY1Z0c2MKLS0tIHkxclc4VS95WkdNOEt3Q202M3Vt\ncDFOTGpTeVptMEVET0drRUhUMm0wUVEKGZcADHNrRdR8pn5kCB8ueFEVA44TbMCB\nncW23IK+mmvKv6L9MNIYdyDaFy6/GnjyJU8U/K/YH9T7eZtfJ19l3g==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPZUhVRVlqU2xERTJGVjFD\nZU1icVdYUHlSakZxbTJiajBMSlI0MTdDMEhFClcvWk80YTNKRE9Pbmg3aC9mQ1R1\nb0lTOGNUdm9yanVMcld2di9kZ214TFUKLS0tIGxiek1rRVBFVHlpaTVQQzErRmhi\nM3NEWlFUemlNSDVZNTlIMTA3WnhpOE0K8nuTWNETbyeqA8Rr0XTGnGmTG3Lhsyzr\nF+wIspVSEAPPI+qGZ9v76x5FcJ/kp+AV2oKwYrbdmRY4s7fKRvUR7w==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-30T20:24:05Z", diff --git a/vars/per-machine/verbena/buildbot/oauth-secret/secret b/vars/per-machine/verbena/buildbot/oauth-secret/secret index c4b9b38..ef6818e 100644 --- a/vars/per-machine/verbena/buildbot/oauth-secret/secret +++ b/vars/per-machine/verbena/buildbot/oauth-secret/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:BNaSFieGNC+TbU5S8NFYitdQiO51vdAh1q7UMfS5UPHqnASBYAumgrrNotm2Rma2s2QijJJFsyw=,iv:ns6hkNgOVaAJMq4AkZeX2DOXLNqzv/2iD83wWwNeocA=,tag:vmh9crLrJ+2V9FOfVr3Fog==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBZ3YxTFFT\nY0ZRQkRXOVFrVzhiWjM0NmpIVWZFNUF0ck9mYkZEWFVkT1dobgpzSXNBY2dzY2V0\nMmxDOTJrTG1RR2NYTFVhVnhNbng4OVVNeENudm9Ld2FnCi0tLSB2L1pLaWNWZDlx\nZzRhRzRKNG10bnQrLzBpTWV4MWo0RzMxQmxRckU5bjQwChJz3wx9gIcBgq07bRYJ\nXwRznuLU03evUDr9M7TiMrTo88a2IJuSBzLKEseoQfUj0t3eOEvQRgTcgEJL9gwR\nVOs=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBOGx5Mzll\nQ1R4ZlczZ2xEaXRzRW5sdGkxYk9JdWlYWDYrNU1iVjhzUU8wbwpvdW1uVlIxbUdz\nNDN2RE9aUWY3N3d3bWk1Mk5YT2x3OWhFSWJ5TUlKYk5ZCi0tLSBIMjdFUWx0dkRF\nWFpEK0FOT3dsdkUzR1kwOWFKaHdxeDdweDIrcldtN1FNCgfSgrswsQaKr5xSRD6R\nxx67v5HHk/9wpUlNyq2aE3UzeE0GilL6ABksp72ZdRL3jLLtDTq2KbXTVQfkcgF3\nv9o=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBN2orZUpR\nVUlMajdUN3BqamU5bmlxMkdHc3VIR3NkaTh6eit4dFJtWG0wYwpwSnFrZW15Y0Nx\nZzFzbUMzdTA4SWZvb1A3Z1BCWUtIVXdSV1pFem55dU44Ci0tLSBmaW1aeExGa25Y\nR01PbEI5SlEwMWxWdVh5aDlXam0vK3VvbmhkNVg5QzlzCiKUvFiNfNlHZB6g0tB4\nmXKH52wB4d43OLXAPFKFaq4i68CXN1lYOlWiFYUMNjbNFNs/zeBg/+i/mvcMoVMl\nUs4=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFN20rRGYrOHNwckI2dThw\nbHdNeUYyVEFvMWZySU9QSC9BTWt5YXJQakNJCk13VFQwemxHc0hkK29SSG1VK0Y3\naVI4TjJsaHd1MHdXdDNGeEZZS0Ntc00KLS0tIDFBUmdCL3lsTXcveVppSkZIdFhw\nTVhtRU83dHRLdWlqdGEraXdqcVl6UmsKeW5IOzsj3XtfErY5v/eM2K+dffjk8bp8\n3jrm6sqOfUxaN0lxBlJDk4uKsJJPF7NEDhrORLiYkHs4fPWKUMQiJQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuUTJpWUFxdkR0V3htN000\naWZacExiYjhHV3FKWFNYQ0R0M0pWczZHUFRNClIva1FJandISzdIMlNFemR1eVpl\neUZpbTVsMkVDYmh0MUNveHhzQWhIY0kKLS0tIFVZcDNXOHQxMUtMb1NqMGxkZmpV\naHZGN1J1bjVzMGVPVEVhczB2Vys5TTQKW2QzPrOGKTXBwqxCgyfaNv78kyhW8IDD\nFEgo4K+3zs+YN2480OCvUf6xfIsk/ynDSJIimOeZ4eZkBGzzmFiESA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwbXA3NVNTNWQ1RW1ldVF1\nTW5PeHN0T01LTmhnYVA1MGZzeXB4MGVWOUY4Ci9IVFU3SUVDbUpQcWlkb3cxMEtj\nWFBlVEhxZlRyc2Exd2gwM2tOaFpuQ2MKLS0tIHZkd1R0UmYxTzNUOERNNDgzQjlh\nYldYY282T3c3eWEwSUx0WDY1aDV6MU0Ktu22b5gqYRognB/jQ97igpsHPGIBpHFx\n8ZEREK+Mcf35ri6bx3dHPHJP+KOsO3KWZgQX3b66T5BI3S9YzI7Ryg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyNU9jQ0NoalpZOHhPMG1S\nRnZrK2IwWmpEQ0kxMnB3ckdscnpORkVFZHdFCkdZclNmb0dmVEJzS0RMc1R6SWRw\ndHVmRW9acTZUYVFoZnNFQnU3ckdwZmsKLS0tIFpleWVFUlRERkJqNlFySmkxZjIr\nSU53ZFJCSi9mRVZpYTN1Nk9SRHNBQmsKQcFH9A0Giob4sf/T0GvdLr8dwZVE38xC\nC1BfkCzx+m75trIgfVwDk5/Xdysil/XDlUtx3t5xGjs/6BQpmqPWcA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-30T20:24:05Z", diff --git a/vars/per-machine/verbena/buildbot/webhook-secret/secret b/vars/per-machine/verbena/buildbot/webhook-secret/secret index 5aaf9eb..f9cb3b1 100644 --- a/vars/per-machine/verbena/buildbot/webhook-secret/secret +++ b/vars/per-machine/verbena/buildbot/webhook-secret/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:zT9TZJquGohxc7Q7PpV/H6Bq0BSW/QHTZAUivjP/pk9Pwva563GvDeZavMPk8j5bZEzfMnwaiUl3b9Drcd2fkQ==,iv:8kyv4A1VhS64uiar5I8AJg8ufrMNXvvQVd27UYywgHE=,tag:jNPOp6JT/AMkvueDKmpWrA==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBL0syK0pB\neTUvd0dlaStaTkIzeXgvSGpybTY3VVgrYWdiUGpUT3ZkRGtDRwpVdXQ4ZW9xc0xr\nOE9OTWlVTlc2QlErOG5ta1RFTnFoSUMvUFpWZStLUG00Ci0tLSA0NkZZMGhieTFJ\nVS9nSWtwY0Z4MzE2UFhDTjJvMGtIenlBcGFpYm9OaXpVCnfbiEdrm0RcqdbwiRQW\nhasK4g5w4/6qN7AUEX9xFlukEy1PEeeWA3vOISeSI6aPujT+ThRm8oEI7WeZdvL2\nIVk=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBM09vU3V0\neGJxRHBGMjhUZ1ZKc0xWblVEL3VRZmZubGtLa0E5VWV3d1EyLwpXcGkwNG1LODVv\nMHVzZU03bjJRSjRDSklyM0xENXRjdXYxd2VGSzZmQXM0Ci0tLSBIaGhqRkdkME5U\nUEdWcVYzN2JLNU81aXlkaEtIMVhWbFFPYVFETkJSUzBVCl3hi/6pVPsPBBTWU9u9\naYgCQY6Ok5FTYfJbleCletJ1l57sIzQEBo/y+vevob1dTSpIIArHc9EfkJR6oRt0\ni6k=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBLzVwVEEw\nQnBsMk82ZmtIT1hvWnlRSkhPVVZpVFl5bjlaUysxNStuRWpGKwoxTnFKVURJaGRs\nSGRPRDFQUlJncytucVlNalhxVTRHb0t6cjFmNWNSSFNJCi0tLSBBcDV5QndCTnJy\naVZ4WU4rM29aYTUxWHEzdHQ0NWd1ZmtiWUsyaWllV1V3Cuv876IfeYAoQM8s7eaz\nYuDLeOEBGUoutWHuBQlPrLATp/qhtdJXBoTkXQoPdxjijQGZCfCgGxfLmzT25xNG\nrZQ=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTdExKNDVtU1ZXT2ZYNmNn\nVEhuNmRtSGk5YWZaSHljcXppSXdHVzVuMnprCmFPWkZkUVQ4WjhvLzFab2x2Tzd3\nd3RPYXZTWjRLeVp2QUppMVdZZGxPZUEKLS0tIDdWMGd6NWlmV3hvVHZxbFdwc3Fk\nV3hRSXFBVUc2N1I1Y3RSUndJS1lkY00KS6QaHkwuQZApiLcb5l/ehX/W86kBX8XS\n2H2evNFqv4sunji0Xm0iU8Bd8AeZcdA1zsvkfDuph2OqXQwU2zDbWQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqb1VLOU5Qejd3NCtTSFZ3\nTmppWXRSYnhIeHpoZnJrcURMWnlvQ091Skg0CllwVFJMcndoc1NLN3RoYXlyS2Uw\nOGFGK1BNVUtUVVBBaVFjUU1vU1hscmcKLS0tIDVWL3dBVFJkcG5XNUI3N3hmMSt4\nUTB4cVBZWmk5VkNEaWlTNnFyc3gzTDAKNZDf4n1EZmaLfv6DEQToxMk4C3bX+5kE\nHMeZkkqLL4Buyz/725lAuXUelKWG9Evk0y3T51YXbMaUQGgRb8JXPw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSNDc2SDIwcmZpZ0NIN2RM\nSytKM0dxbldyd2VsaWhLNUFuM3ZXSnpFdXcwCjhmVExpMGl3ZHBVTXZyV0Q1TWFG\nVnd5TEREak56d0sveHRpOEtrQ0EvK2sKLS0tIHdENE9TZ1MzaUdnL01QeFkwVE8v\ndDZNbGFVTzhMNDhhSkgyUExOWFdueWcK552BF+xYBqbV/zTt01QFp33OhN6JsQ4a\n7WQ4/+FCcq2uAEWgmcApFqDw4bQcqqzy3jwba6MwPDi26jwRSw2ESw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKa1V5NnZtWjV6UHg3K0Y4\ndkRsOXJJaHJDVTBETXA3dUNuR1hSL2ZJYXh3CittNDl3bW1odG1pQkhFZFFMVS90\nRVQ4U0w2ZDB3dFFiM1NhNUVFUG9OQ2sKLS0tIEsyU2tIbTVIanN6VWtLdnZQazdS\nTVN6a09rZllRS292Y3ZJckd5RHJGV1kK3eIIJOCsEsrK7gUvAX1n3acXGKjkQ8b7\n6BZ9nglbtNby9BRnl7Ow+RDTskK5VAnKGUlBWM6UHIBCM0vSKO5NkA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-01T17:32:26Z", diff --git a/vars/per-machine/verbena/buildbot/worker-password/secret b/vars/per-machine/verbena/buildbot/worker-password/secret index ac6351f..cda6331 100644 --- a/vars/per-machine/verbena/buildbot/worker-password/secret +++ b/vars/per-machine/verbena/buildbot/worker-password/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:nzU7Iem9NU21DOrbFiaT5LL+msF1zxdECowiqeV0A5nYok2PrjT4VVryqjoz4jjwawtXJigflMO0lUjKbQSLdfg=,iv:Al1ZQzAG6gbyvoCBakHQt3hKAV4tjNS38Ij2XSMKkQI=,tag:BS3BZWYCn0Osqvb4ZidGLA==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBaEhiUnA2\nTDlYRzVic2dhaEJHT1hDZEdKTGFOL214L0Q1WjdoaXpvV0VuQwp0SVZXbG41clBp\nMDJ4SmV1M3hyRWhLNkhKbTR0ZEoxSDF5U2dNb25rM2hZCi0tLSBEZ28rTjJJeWJK\nMktmR2tKQWVEa2V4YjF2bmttY1JHZXQydWNDQjBYNEprCiHwtMZ/oh5e5GsUD44A\nYg7F/nBl1vVJKbyioZHI47rFjSke6DAL7R8qmTjGclJposH9zoomPZ/DAi9qosg/\nWrU=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBK05BYnE2\nQkc1cTlxazhvQUhJNUI5bk92YWk0bVBGbHRyMnlXNE9veTZMVwpLMmVvMGFLbkJt\najhuSWY1K0JyK0FlUVZ2RUkvLzRiTWVkTi9vMTR2K0lVCi0tLSBRb3ZleC9lRkNw\nVzFkMkpUQVFvUXkwSGJRS25MZEJWUUNGTEVTNUZiTnE0Cpbs+7CVckAcngKRphoq\nhMq2xEr1dg43A42pGgu9u0vAs8uUkphVah7G2R40WAZdWah4AKdeIX5hpY6NGfSA\nr5Q=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBN29xZENH\neUFZcUs2OGl6eitpc0VKWFBobXg4TVplTHV1dGpvdHI3WUhWMgppQ0p2bEFtWTh6\nOEVGcDl6YkRVVWl1L3hOVzRmclgrQ09UUTI3aWZ5cktVCi0tLSB5TlRrQUFEV2Nz\nTzhhNTN1REMvREJ6eFZ1dmRCWTNITGZ1V0hDU1lyeTNFCuHGzKwJd8Fd+lpu06HT\np+6E1W3Rbb8BgRiKqGVNgYF3uSOTkoKbLgMVn14MteqeCfs/MpdtI1U2ffKQ0Cz1\nUhc=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwbE9LOXlqYnZ4dFpPbnpS\ncHlxdWJxSUhIQWM3K3llc3R3SDNGcGpoRHdZCk9TVnZaWXRCN2VLQVZtbThlb054\nZFNCNEU3OHBtVVdUZWJyZ1Y1U2pNL0UKLS0tICtzekFkYUtuOU1jei9vZ2RHZWhT\nWHlSaG8zQ2oreXA3amFMZ3BzL0p2RWcKetsLaStrC3Q9n8IT5N5uFZHxL82/c0vs\nTVrVtQQprIC3ND5kq1EXIR9fZvY8ckISVqdhdcxluTJxic/NfABLwA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5UUIwa0hWOFlKVU13eEt2\nRmtHS3R1SVUwUHRtNmhUV05Vc3dZTG03WEZNClJvS3VVSXA3UGVrS3F6MHpyZVp0\nVlUyd2dOcDFyc0VTaUxhd0E1a1htVjgKLS0tIHdRUGhJRWJzVXlUMVptbSt1RjZZ\na3NLbVQ4R2VXUnk4MWVENTZDa0YvTWcKVXXEhbUaojv8+u8IPwpeIjSBhPDLOqXy\n1yZz5BpoEf4z5WXzlfm8FfGAaLXCMzHA5DwkG43360puyd9rK+D/Tw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqWEJOcVNPY2xIelc3bTlE\nY25adW1pUHJBbjVlN3hvSlpjeElhRzBuZWtBCjI5WG5HcVlLdVF4Z3B3dURFN3NT\nUFFYQnRTemFMNmhubk5OUW1aVWNaYjgKLS0tIEFsb2dNYTZCRndDclkrS2lIa2dI\nTHd6TzVaMzlUSkhmV3ZRV1J5cG1NaGcKQ/+1cFdnHVnURzrb+O8q1pae3Ka9tsyF\nmZ3qEyjUVCvNxf+RVS8LjVdJaNaBnSrdIlTEKs0CIxeQUCfGFKFYew==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvUU9ScHJEVytkdllYS0RR\nclFlaEphYWFhejNnU3NtSVFIUVloaE83QUVzCmI0NUlwT0JMTVlFcnlCYVNPZGhm\nRzlJcU4zZ2o5cnBpcHgzRklVcW5CTlUKLS0tIE5pYU9uTkdwejE3ZjVFSEFTdHJP\nVVdZd1I2R0tiOWttaU0xalAxWGY2TkUKPbwWTstdkM2fUYW3/lt5OMeF1KsEtiZx\nppxTSphkVFDYfZt28GUUTGCnM0zHdHs0mINTg4UEYZWJXhgEA+49lA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-30T18:24:07Z", diff --git a/vars/per-machine/verbena/buildbot/workers-file/secret b/vars/per-machine/verbena/buildbot/workers-file/secret index 36de055..e3e79c0 100644 --- a/vars/per-machine/verbena/buildbot/workers-file/secret +++ b/vars/per-machine/verbena/buildbot/workers-file/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:nAasbZt+rynccMfq4+eUELpdFsO0SQhTTOXDCz9Y2jK0+6KdIdimoH72HU+6YTWrdWjURv7ql7TlakXAYCgCwoIGdLdl6cZLs0hZXAzthxI13OrPUJRyBbYmmUCu5qQ9mCcy1cLkHhe0KQGxBA==,iv:0/kTk36AQTw/mFKvYhUcyfzdkODEq5ZyeXWERpf08vs=,tag:v4uXqzJlzv+kdVaUjzwEEg==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBakZKU2xE\nbnl6cE9mQ28rekhQMS9HRENveVJEbXVzODNnb3FoRkNrZGFnRQpsa2dHd2d5NmFP\nZEd2YTB6TkNQUTU3a2xsQjQ0Z0huTk00Mk96ZFloUHpjCi0tLSBNbTFzWmxJWDFY\neUxBQXUxVkVVZ25rL0puL2p1OVh4bTlGT2JiREJtT0lZCuLy/3/BphFvEY2K8zSO\nuJ6f1MWWP/JDw2WNQXmbh2YPj9gXb6QZdAAKf7zLs9pnEUtZWlCCjZBKFdMDDadd\nAic=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBKzVnMGE0\nZlh5RlA1bnl0a3VySUNRcG02enAxRjVSbkxNVHVQNmYrTHQ4SApzRGMvRjkrK3lN\nVnExazJaMU53NDZHT0dDQmEyaWlkZE5LYnJGSkJtRGdNCi0tLSBlaXNlMHVIdStG\nM2o1STFXZ09IdG5kSzBLeUwzT3U0SnFqSEZrbzd1MW53CtetpDv6Qfh1zpboasrv\nSgxiV/467HZuv07foAK9UpkDM+bFe68ijausrJKDMZfEsaT0mhd0uRwcxRU4AT3l\nboc=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBZzRBSE5B\neUVoZ29VQ0VUYVNjVU4zZ1gxZERHaHYyN3dGTWlaWXFoWVRNZwp5cmJsUTQ3Y3Ew\nWGV2YnlHbXgydmlydjdNR2Zmcy91WXh2d1B6N3ZYYWdZCi0tLSBRVi9vbGdES3Ex\nTVI3cHFJaFhkV3FDNkRxd013aGkxYUJSM1F5WVVqaDFJClQait3PGeiKSDkKZhuj\nm2UuEV1GGwAKl+pluNF8hh+XpHMsLtBm/hORnyriqDoH201eGfksXCEO6F0i+Byt\n+eM=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwSU9KQkJKTkRYTmdOaTZj\nWjcyZE1ZTHJPalZWTmdydkF5V2JxSlFkaGo4CnFIdGRmdzM5Tkh6RFBxOTlEMG9E\na1ZhaVNOK3ZhNFlXVCtpM0xkaGMyd28KLS0tIEd1dWl1NUI1Q0xPNXJhcUgxMWMz\nOUJyNjdMN09aRDI0NXBPSnp5Tk9GNHcKzXzul71FLZ3c5dxqCt/5TxWXdnOoZDGQ\nTjn/uqeNOIASRLK7rGoh4m6f6rHvRKQloBHdITrKb23ovOHV/ih7/g==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHWGlFejVGTGtyQmg1aDly\nNVB6ODBOcXI0NVFybHNCZFFHd1diZlVPS0U4CnZXR09NV3ZaNGVMOUFaRll5OVhp\nN05SaFFPUVhEYVpRbDFQNUlxV09wbzAKLS0tIGwyT1orLzVHeFhmWjdNbU5rVUpk\neDNxaEZ3SkF2OG1LQWUyTlcrQ3orSDgKy0acbjlImm/rT65X054BAEMhJhSLRzvU\nUrIvfV/Z//frzDMp2NNt7YZSPNswJJr0EXJr1z3Fc5xRHhkWKD8kjA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYeGxFZjErYy85ZXMyRWtp\nQnV2aDJraHI3cktjVHhrNDBUQ1pLZWFVKzFVClc4aHBCMGhBWjlKNHRnM092M3c1\nYWMvRk0zS0ZqVEhQc0lVbytEQXM0LzQKLS0tIEIzczlMWUgyL2NHN1pjbHNwVFZw\nbm9FeUdUeUt5LzRkZ1pBOUxBZC9rNlkKW8d1xZ2zBQ5UlFgT1qwqgG/6LNfw4ph9\nKOR+TQ1QXhBi+P78rYUCj/mbl9RHnLGPzMwFDtJLlpcHblCJ1kWrWw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVSHA0T1JTdElFMHVvTU1F\ndGFoa2JaWDdQTEZFRXZHUHlYZ1BjNjlHQURBCnZMbWNIMUFtR28za1ZGclYxU1Bp\naThwUFdRd1BLNWd5SGFTTGgxSG90aEkKLS0tIENOcndRL0hRMklTazJMTkNiTE5V\nMTZaaU1kV2JWTTVxNFpTQVVETzJKaVEK6DLpP2HJk+1LIeicHU+NcqjIMkTk8e96\nONnf1BZANmkLEEDw8Z7q4HFGSgDJQOOTDYoyl6bYMLuF7yJfkYU5yw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-30T20:24:05Z", diff --git a/vars/per-machine/verbena/gandi/gandi-env/secret b/vars/per-machine/verbena/gandi/gandi-env/secret index 3e6efe1..b6014b7 100644 --- a/vars/per-machine/verbena/gandi/gandi-env/secret +++ b/vars/per-machine/verbena/gandi/gandi-env/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:xLZ3utyBPOOwQ9UZVIjZee5hRUfR1WrzZqXTdPN02vb396Z6L7Ti7B2bXbBxxkxWBJi7uipyD7eC7Uo8iZtp2amncDWeBA==,iv:QtN+VN/fexTQjBtZjoiLgM0DZxEvFbPNUa/sAtgDJ6g=,tag:QCOerJQkXRRzRVez7XKung==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBM01XWmRB\nZEhFRG1YT3BoNlpoSnlqSi9mMTZydXJUMU8rTDcwTWFFekx1YQorc0svbHBCYnFv\naVZlY0Q4OXczN09qb3RNVVNOYnBXeDNXR29YWjJFV1NFCi0tLSBBTkpZbnZZRXB3\ncEZvL20ra0NtM1NtL2paNnRieERQOW9WMS9vTlIrRUxvCnrvGNJEgRsEuxE+mC9P\nKODfgT9bOEmOiRifmHr9e61AsKnBy58hjrcr+h78pYA9jAuX+XbtzXjcVl39CCku\nev0=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBOFU0akRC\nbzQwOXpNY3N1emVsclNlb2FvTE5RQ01jWEg5WmdtdGNSbGJuQQpvOElYcXExSVQy\nVVlHVUQ0cHlYUmxLUHIxYkY4R3RtdUZ4T21oTk5hQWR3Ci0tLSBhM0JOeHVDbnZR\naFpsU3M3V1ZDYVkxUDNEdEhNbU1VZCtDeGZLYTl4ZGNrCjbgT1BQJ/W26xvdRIH0\ndNYkSAt92yxlAJfgGQObdKHjTIGK9RkwxL9+A+6UKuPJTQL5pXNY/GeO5MHVuwW5\nknw=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBK2R0TjJU\nQ0pLVjNwZlVRSkRPOWRMbTNEanhDRGxrRUE4Q2RJdHpQOFZIMQphWU9SZ29kWE5C\nbjd2VHVWaVdvMWl4Q1FnMTA2YVQyb0I1NEFyNDdranI0Ci0tLSBZcUFUQkJNZkRO\nM21YRHRqMUNaNVdiUWR1S1VmR2pCcXNoQmg3MUJQd3VFCqOqw6zdkK9Jez4p2zVj\ndrqBjKid3DC5/mUwzVhtRjaAk6I1hTmVBgmbnjsZGCdhdPSiUcw6RyFuaevGjvJ9\n8w8=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBadmI4RXNvaVNlUkY3bStE\nZXNMSEFlRTVsOXlJZTMzeTljYzhrTnE2WlZRCjZ2ZGlINVltTC9CanRnZ1ZFakJz\nM1FKMEI1a1A2bStLaDZlVEpiOURLTFEKLS0tIE1KVVNDbFdncFk2L29NczNpUmtk\nVXpid25NQTlEY2VsMENGbWZYSEJCRU0KR6GtmQU3z+3/N9z8Ui9HK/JQhsk1Sbd4\ndg9Z9YwzsHNQc0qBhdpPluiTIeSrWxjglqc4eaN6qtvBhVttqNAOrQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNCtDd29zdDAzRDN6ZExO\nSC9CZng0dlNNOHpsblRRSDUydUN5Q042ckY0Ck4zdC9URDQ0STBlbmo3SHQ4Ykpw\naVlmOEZEUXFMd3d1TjRwbCtZRGdJaU0KLS0tIE90RHVWNEdrWVEwdWlxQkZoTUJk\nb2ZwZXVBWHFyUk1xRG9Nb2Via0VBVDAKoEpZvao+F3s+b3JHIRbzrp28PHvzG8Mh\nZyBx+Ro8NxfP8nLIGi5Xl1plxsVOOuSLn7q1KTQF17nmeOERR2mWng==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRbU03djluRWJYcTdlcnhR\nWDdOSXZicE9ncHhrRFhIU3hjc3VQODkxR1FjCmhraHl6eGd5Qkp0Wk1udFNzMDlZ\naTFJTDR4NGZCSWlLcGZKVzhHK090bjQKLS0tIGVvdHM1a2JaQkpVRU01bjR4dWcz\nQVd1ZElJMnl5L1BpNUJBcCt5Qmg1VTgKEjrAlVDG4G+YVOfrRapLotne52pLme/+\nVML+yTNSvGkvDJbFo3+ybA/xnrhHOAJbtCUl9lqLGGBP4HZfwqCQEQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrWjRGeThidDRUczNoNWJG\neGNkMDBhZ0x1VFFZcGdTdnFodFVMUWl6cVV3CkN3TS9YbEluZFdyWG93M0xzQmNB\nc0tXYy9ULytjUzFDclpTT0ZXRjJzcGMKLS0tIE5Ib3VzOVB2TTZDR0tPNlhzc3Zs\nTzRSdVg3amk0SHBDMlFQKzFKNlVtaVUKT6RiWdXqQdHN9PsthvHXeiXZZBl5nBMD\ndcKhGoSnQPGKkSx2wzPVPf041TywLf0nsYkOXhaqFgPevLqmJSsmmQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-29T11:44:19Z", diff --git a/vars/per-machine/verbena/garage/admin_token/secret b/vars/per-machine/verbena/garage/admin_token/secret index 6eb1c1f..d09b997 100644 --- a/vars/per-machine/verbena/garage/admin_token/secret +++ b/vars/per-machine/verbena/garage/admin_token/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:d7ch6OypkqLBvYkVCDpFVxH0EPJ3m50L4hWQoDPJiXRbKBGyT9P+4iI4voOe,iv:IBU3q9gxwKulFMJa0vbfQnkEc2SnLfSnDaoz4yO2zkE=,tag:RL7+GfFl9oOONRZ599RKUg==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBeE5XTmpD\nOW80L2hmU3hsQnFyWEZvUnhiSVUydGNVMTZkaEltbGJwREZlWQpyRjQ4d2UzT1U4\nb0gvSE91SVEzVm9HS0hKNHlLNzNUckQvVnVXWFJLMER3Ci0tLSA2NGtiWmdSQ1JP\nRTBFZGpJbEhUSmlZRW13eGNFOXU3N25uVXRwTUVrMVRJCjq7QsG7ewi/rzVfDEdR\neyX6D6U7mcEvSDXpOmu90oWU8+y7WdXbuSGYsbNEdR3d6Y7/AcM62gNqzjFJ4ufr\ns0s=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBa2I0Umpt\nQmpOVHM0OXdZV0ZBcVNScWRuTFJueTdCQjlDN1c0dFBOQUZnYwphV1ZVWjJBVVJl\nOVdYQ3EyeURnSi9iSThyYkdYRUViWHZzT0tJcHlkZHprCi0tLSBhNU9VUzdFMzUr\nTlRjWnp6WGZEWFh6QWJublBaY1dPMnBpUndZaENqNE5NCpg+eRmaZRL0WmgKGo0P\nuhh58/WjgdfbvcHKk+18a8Hj5jG1Y/8hiZjPGtSJxegUsZDVv+a+0g306mqvhL3s\neYc=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBK1VLczZo\nTlR5YWd0OE9raDNYRXllTTZna0dGUkpqWUR5Q1ZabWtDODBlbgoxQ25KWGF4RnBC\nTUxwUkUvRU9KLzk5UHg2QkpONWEyZmNVcHhBOVhiZjJZCi0tLSB6TnI2UTV4Y2ZN\nSFpmeDV1ZUNoUUxBWmdxUlpLSm5WUnFKSDhiZ3NqUnRnCt/EvZGXnIFMvHR5xOrD\nZTHHwsFTTYuaA4ghShDtK/+iR53Y92rq6BDJ15bB+EuU3xNqCx8+q1vV89DIi2yx\nK5E=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMcnlXVkc1MXcyTjZZYVpB\nYXhuSnBIWUZHaHNOZ3VaZ2haeFFPY2QvU2dzCmdFVzNaSURGeGJ1V1lhQlB5MnVL\nRWRMMW56NGRrSG5tS0x0dG1KRzVHRVUKLS0tIG5RejFTaTQ5MkZodmFlUC9lenl2\nclA3TXZwVGxpNzBVTXNEWmJaQWtkNWMKbJ0I/HcKui/k3qPu09veVFom8hTa+ra7\nHiFfCbeHYKHAsnFoJSXhPY76d+MZ9FX62sQ9OzXQXpKRKVcXHfUg/w==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBva1pYeHlKemFXc2ZCSW1n\nZXhDYVlseU5jamhMVXJaK2x6aFNpblI5c1hVCi91UG5rL3ZsTTNQbjR0S3VnbWdM\nWE1QZTk2L3BZNGlKeEljMlU0NmlNT0kKLS0tIFpBNDV4RlJYZ1lMand2N3o5QkR0\nRDdPWC85c1NkeWlUNVc1QVJEZlpiV3MKnZynnSUdrLAL5ygYse1+DqU8okQ5xToX\nmG9/UmUMhEspeDrXZnjlsq+JkbaCxGouRwQECVsb0ImDlLP63xhDJg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZQ1VKUmxZdmFvbWtpQ0Jo\naDNMdlAvUXlXN3B5amN3TDdjR3NRc3VuSkZFClVsZGpCQnRuL0hRNXFFNE5uTHBS\nMmlnUHRSR1I4WkhSNFVrUmswaDVxTEkKLS0tIEtrTXhGdUFaMjFYNy83WTZEVHI3\nTkdjbTlsQWZobmlBcXVZRWlmUUdFNzQKeQ4qtWhZJt9ThlBiD8tRO0GZ7iER40l6\nY5XQtDxPDiao6NrU9Wn7uCDoIaqc6pRGWlZxYUsJKmgsJ1/mPAKu2A==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWVUZPU2VFdnhKc003SklF\naitpa25SKzU2cDBRRklUQ09JT0ZQVmpnZXlVCnVMRWRVUm5XRWxrTWxNM3Yzd0dJ\nS1VNdFVpSUk2TUlmVVVvNGNCSldnMjgKLS0tIHhpakoxTHMreXdTYndRaWRxbVc2\nQUFpM1RSN1k4UnY0Zk5NbXVrMEtXQWsK1XOUALji+vmTHFo4t2smOOfdnkBC3BK4\npC4PrDrUO0nThNu8ASBtVqJELly32dJYLKRIpOTTqWxNFCQZ9Vz0RQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-11T22:27:00Z", diff --git a/vars/per-machine/verbena/garage/metrics_token/secret b/vars/per-machine/verbena/garage/metrics_token/secret index 6fb4d9c..5da7fd5 100644 --- a/vars/per-machine/verbena/garage/metrics_token/secret +++ b/vars/per-machine/verbena/garage/metrics_token/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:ExSv+ji6femtNG+/+JgGpjBNbcMQJeHIOjsrL7arFbWPPJlhV5Bqs6QuVeIT,iv:l43EjooL912qou3fJ5iFObQdHWtSCI+13xQZvnhS+v4=,tag:kqAOc2YYNDks1upXd3aSDQ==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBcFFSalpW\ndEhCd2pWaWdrT2I4R2tJeDdFczBNSy9xSGlNNUFWa0toSGlRRwo5bkd4ZU1XRm95\nejBEZ2U3eVpUL1k3UW81TGZuTGFhckhkZHJwdkQ1SWdVCi0tLSBkYU5SK3dOdFBw\naXJvQU02N0VZRzhXN3FIUWw1Vjh2a2NDekIyVGVNVUswCvqnFEq+1llQE153aJ6O\nED4X/JS6fGoze0onqdQ/HQUM3UXGRRkmqdGVww71Z1UTMSYt3SRjhiIeFMe0lwXT\nyq4=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBdkVtRzNy\nZFpjZEo5bGNwZWxCY2pEcWpyRlFoa2I3RjZ5Y0puMFo1NGVIRwphS3lrTGcvc1RU\nMmNtZlRBS1FWOFNPT0NvYVZvcUlNYUVOWWwxSDBxU09jCi0tLSBBSlVPdzY5RWRn\nRHhoTndSS0hBTW9IWTFxdWlOOXN1WXpZN29mN2lSdWJBCuv0PrWlKFxXdJ1Fyhy3\nSHlcm41KNuA3aNZXnw/PqrE/t5yDCxO+0Fu1w0og6f1jlrXy2yTuJhJQB/zOuFDs\n8r8=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBM2FkK01x\nZi9JMHdUZncyNGxoM2dXZDFEd1lOVHVJdXNhVXIybC91V0hOWQo2UGJnSHVjYTZB\nR3F6cVJUKzdJRjAwemlqVDk2RUxLVjJvd0hhemxrc3M0Ci0tLSBjdmx4b1gvblVp\nWTdFVGF6STVCcmEwUC9iSFZTZkpMMkV0Q200a3JwdlVjCpGamkfpSZv9wT1TKBqh\nI57/rmmu66gCC7NMB0Iq/HHbUINo42Vl2TXrj8i26q/oxCVzmCVVpcsRj4tYJ4NK\nqS4=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxQXJvalo0WE5CLzRVSE1O\nL3d0NGd4UkRkZ2orZ20xM2RkeXRUV3NOOVF3CmYyTGp4S2lLUFRidnY4dE16d3Bx\nanZuTzNEVGRERkZ0b3hobXdUdnVtR0EKLS0tIG9XWjN6VzRFQzBxOGZ2NHJ6UWUx\nN2pyYm1WYjh3aFNFbHBHaUYvQ0ZGb28KeywXW8vhElm3KMDey4pnSeNQXlJtq1rO\nw8+rMpwLQBiovP7a3xh2/Xy2uPJH+zxnNUDuDoEc9ZoJT/SSKL2lKw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0OWNYVUZWTUltM1ZzUUpZ\nNi9tV1ZSbUdRVThzeEZSMFd4SVk3VVpVMW1VCnRYYnhrWUc4azRrdFF5MDFraDJ2\naXdUUEJKYlJLSEsrTmhFaStsQ2RRK2MKLS0tIFNlWHp0VDh1OWU0TkNiUGgwWjI4\nMTRkQ3BkVHZ5b0Z1bXlZekV1VFdDWEEK3+5bHw30Uf9pNtzVKTwIGlSOJaPzztuD\nKvz5dUJrXX6qF4iGVoZgoEQJsdAvTJ8bCTeEYcEzwIM+fhbuKu9Pxg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByWEdmUWV2eDJYZ3RlZFUw\nUEpPbTdTMDJEeEVwcnpHeUhDY2JQdkVCNWtZClpFTlhaSUpCQ0hyeitzckdBZys1\nUG12Y3lHZUVqandSSHBZcFNQdTYvOVUKLS0tIDFpazgvNzJEUWtIcjNVYjBVa3Qv\nS2NBZkZQK2d2WnVEV1F6VkxzbGgzWmsKvFjH61c2tjK6u/FFIhqQasoVKdrDzSVq\nU567FNtxEZaZNfWDxcUWkukYDbYYJhj7WsiXJJZ47H4OmW6EsunrEA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUYjJaK2xJY2p2QVNTVEJn\ncHhsZ2tXVGsrUHlFRzVheDR5SXNnaTFWbjMwCnkvUzA2ek9taUhUT1J3TDJWQjNy\nTW1BVDVMWjRCeUJkRFZjT3lRbTNXcU0KLS0tIEE3YzBCcWlVVUNFallmdkczYUxt\nSkN0TjRrT1NLTTJ5MmpVanpyckI0RzAK2T/13fItOBvh43/7Xa2gSmnJcfE7TB8q\nuYCfu80wXTVOPJwvU75A/ao7Wpv95sV80HNY2KaiDM+3QimUe9t8Ng==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-11T22:27:00Z", diff --git a/vars/per-machine/verbena/gitea-s3-storage/access-key-id/secret b/vars/per-machine/verbena/gitea-s3-storage/access-key-id/secret index 8e43570..eefec14 100644 --- a/vars/per-machine/verbena/gitea-s3-storage/access-key-id/secret +++ b/vars/per-machine/verbena/gitea-s3-storage/access-key-id/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:VQjMQfKH1lw3nLnccac1p0rwVKQWYpSs7TU=,iv:UQbB/5v9G2wiX5WWMEAOn6KcWywBAoEi1aX6Zjtv33w=,tag:1lOSmj7UbCB9g73jgbRunQ==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBNnRXSFFZ\nUTA4NE5mTXFZWTA3eERuV2M1M1FZWjV4ck91ZFRZOUN5bDlyTgozOVhBV0NlL0di\naUlKNlQ4M1VSMHJtenlaM0t3MVVNa0tDUEc3dXhPeFJRCi0tLSBjNHBZZDZxbWNR\nY0VnNTVxYWhFVThGS28zMFBBQmppQkxzeEoxNGN5Y2FrCqSDhieve+7eqz3voiNb\nZZizAuH+w5Y96s/U8tpGoRztQoYDFFsco6e4GAFo9mYQF45xXB8WBKR2IAMWhw6q\nRM0=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBaWZxMjEx\nQUJBYVBPN1F5TG9McG9VV2ZtK21Pd24zMDdjd2ZVbFJLUU5WZgpCeFY0SmJlTHA0\nMHFsSGlOalJod0JhN0tPYjdNbXNndUxDVENNVG9zSHVVCi0tLSBHYnZlbUtjOE1m\ncU1wc2UvRFVQUEtKT1ZlYytlTWdDcGFtQ2FPcnBnREowCkT0cZDHdtvODVK3uJ3C\nGtnv9D3mydwTioXrLBjQFKV+5pRB0Q7yh27T7x4dYw7bkKhfM7ToRTT9J79tEZGm\nJKM=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBeGlOZFVE\nZkdtNWw2MFBHS3pGWWZlMkUxVEV0VkkyN2ljZGMyQitwYzZEVQo0R3VnN2c5cDRh\nNmZDR25ZcFJCZmV6QW9tcG5qYWx6ZUxLMTJDM3JETWswCi0tLSBzeHJqbEIyZ2VR\nQTdGMUl5MDBFN3NNSndqdExXWjRGc3RRbTlEUk8xaU1FCniYYcxriIA5b2sPaUqS\nDo6QLVIV9XagG1sf1A/rTiarIN+vW7Cz4fU0ghbreDuvzT8PocB/PHPeCUg/ppZK\nwdg=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6ZC9JWHlpUlo1Y1RtQUVL\nL25TUDV1MFdTSGV1MWZ4U0tjdnFIU3NVendNCnhGSjNVa0EwMzlnUWRIOTc4bU9R\nRXBZejAzS0hrdElTQ2NwamJZbSsySTAKLS0tIEszdkNSTEdsUC9GMlM3MmlmdGxV\nWkwzTkdKa2lPZXFHclN0VGNxVXl5ZmsKktxTvxPj2HdF5rEVVs/lGI/sP22czdcd\nGcCsAWMWwkiOml51968JnnyXwLJ/hk8xznL0GMJMVlWN7FmHKP9FJA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSYUpxNXlJUDNTKzAvNmZq\ndEdvQWFBYXltQmZ5MHp6ZVJJU3ppd2ZSOUN3CnFsTEo3UHAwWDlmKytSZVErT203\nNkcvMFB3SXMyME8rQ0dOaFJlOGFrajgKLS0tIE1XYkQ4dE51UTRNZXNBUktpbE9M\nN0tjandSUG1PL1Qwb01uVVdvY055cmMKteqB3tp59hK3P1C6SUwusQOdDFZx+0ZS\n2kAYb1kOMbQvd5UvHrUnircB2dZAOs1Ccy6WoFpCjoeONODw0O3hSA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJeE5WZ3RpemJ5SWFVeVJ1\nWGFPSmN1clRXV3Z1ZUxNSWNweURKd2xQMDNrCnQyZFk0SmlQaWE1UmJQUTViMkxJ\nTlhoUnd2eVdPRy9kbVlaYnZDVHRvM0EKLS0tIGxZZHJIL0Y1Y0tDNFg4QXZ0ckVI\neHQ5TWtvNWNaVG5remNoSXZzMDVPR0kKVPG2eZLhgXqMlZ8g30/dcOYBhWKg36qh\n5iV8PhqegnnLWSvzcbZxWwx18vEqb+Jc5RTGJUfrhInh0wpUIB6bQA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUaGtsa3hHM3E5YVM5SDZC\ncUw5aTVHMlVJRGJPYUR4eE5pRzBXeTczSGtRCi9PaEY4TVJCalBhTUcyRVBGc2lT\nREJrZ25FMG5rVlN4cVg2L3E0OVZ3bFEKLS0tIGswWktrZnIvb2tiNm1WZE52M2NO\nV2htcG9MSnVhSzIveTdpNmR5MHFIMlkK3QC6C7UGvVZbO89DONJWuFLF7bNnr4gm\n8hDvpTwurL8GpdbXRBwjp7ZhzlTkXR3QmOetgPPvDdyYhb/YcnQocA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-17T15:13:14Z", diff --git a/vars/per-machine/verbena/gitea-s3-storage/access-key-secret/secret b/vars/per-machine/verbena/gitea-s3-storage/access-key-secret/secret index 364e437..ece12ff 100644 --- a/vars/per-machine/verbena/gitea-s3-storage/access-key-secret/secret +++ b/vars/per-machine/verbena/gitea-s3-storage/access-key-secret/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:Qw4KdJ8oqtZisPqpgrh7n069YPGjO7t3GE2XLEfFnnvU5UcbIoV77lx8A5d6K0F9OGtR3b2Oo4ka5bPPNI9pCA==,iv:hXORx3mNALVMk2i9MxVebWE/+PY9OZ3Sbu3+enBY3To=,tag:0MPUB3JWDnetR54MSfZt8Q==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBNWZjdFp6\nREY1ZlkyRHBLQWptQ3NhazRqaWNWWlhtM002emRzdW0za3FUQgovV1FsRnZkaGcv\ncjNQVXdrV3pBYitsKzBvQU1oL0RmQ1Z2VXFwc1JoNHlrCi0tLSA2L29oK24rbXU3\nWnZ0cE9WYnAxL3UrTzh2L2JZYnZqRGVTL2cyVkszRG9JChpjCgxxGP32VP0yLPmt\n/ocT8e7KkZwAXj2+AJIL74Pb1cUyNZXIOs52bLAnx0scLH0ytx/Jyvf4ePLVDX3v\nu6Q=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbytJZEpu\nMjNsdXJGRHExZi9haSsyK2I0QURSVkZ3bENJRG44YlFIZ0ZWSAp4ZmppSklGV3FG\nblM4MTdHQXV6WDlJbHhmZ0xvVVhBVytCSVJ5Q3VMZkNRCi0tLSBLb242Y05FNTBD\nMnN2OTNsVGtRSkRMUEp5eGV2eCtUdE1IVjJrZTZ1TzhZCr+sTSP6iKHVclTxHuQM\nN2T79JgNNASvSZeRSbiLwrcVSIjAH9uVPQeUXdgf3zbVkky6CB45HyqTFpiPk2Ai\n8f0=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBMktuQXY5\nS3dMOFNJb3lzRWlSSVB0bDBvQ1JLL3doQlF2YVE5bGErVHlpSApqQnBVS2JoTGR5\nVUFuTnd3VTlhRWJldGQ0cndIdEpwMnN6VkRIWEovSjdBCi0tLSBOczljN3JyeDdS\nd3hyaHBPS3gwSjNzVlZRSTVSNlRhTUUvVEhIMkMyRXIwCje0iEVypMLnwLbTBYM5\nJmHJ1ChPp95TfxviEcKUiNXXx9uY3uIQ38G33FwI3qN+Bd3dGSkHHqZjyelqcJaO\ngPs=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvUy9VTmM1UDdSanZFRXd0\nQTBZRFBMcXNaaDVmakxkVGsxUXN3U1Vzb1RjClZESVNqZUhhS3lrRi81UC8vdHE1\nRm9ZRFdsOEM2T1lHSHNRVEdSbTFVdU0KLS0tIFFBb05UUWNJZUVqbGpZd29Rc3lr\nMEtscGV3V1FlZVg1M3MwR3o2aUtrNFUKMJwlsRlfqwWLpadHdV+THgwqhmizjCHH\nv4RxjDIeA//tpLC1y+m/fmVXC4bhu1e2f7nV36rnizNh4FG6TrgvNA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpTk91SlRGZWlRa0Q5OURZ\nNDAvREExZkQzeExXL1pJTzA1dWxEQU1LZ3p3CkxQWUxxWk5aQTBkdFBrU0daZlI4\nWW1tdGVQODFWU2JZYldabWVYNVJwdkUKLS0tIGRmSzl2eVdPUXBEWW80QnlzdTgx\ncFdqZzMya0Y0K1lFcnYwd0lnWUhpcGsKSpu0myQpuVRO9eOyO543sKf/Z+YZeo75\nDqdsI6deQZnW+0NPy9zI0CXTFkjv7KNG//2G8LbscjV9PziO5ArvXQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxOWdMcXJIblNQSVhUeTl5\naCsrOVM4WDhkdTQyU2JEYW0zdXcwdWMzWFJvCmhyZzRsTEE3dm90UjJJWnBib3NK\nY3dZODRkQmtHTGxzRVBUWEtGUnFGcGsKLS0tIDZ1N3Jvb0FmcHhDY2wvMlpNbXpG\ncTlEc1V2cnZQMXR4VnliZ0xxVEhmMjQKDG0TDcTA+rIs/o6b8b0q851v0wB2Hypr\n827rhQSM6vDcoTi/9f4Pdj0juNzj+TnvQjNI0vqkoRHoZdn6CZKeRw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoL3pmWUJwYTFqSjRJaGZ6\nMmJwQ21EU240NlJLa3JpUW9QSy9FNno1VERzClhjaWxOVXVPT2piM3pSL3d6QlFm\nMmp1VWExQnV5c2tNMnlNNDlWWTU2U2cKLS0tIC84S2JEUzJXNWVzemRLR2Y5OEhk\nNFFUQTk0b1Mzc3dWSXFra0tJb0gyQXcK7Iw2Oy2dNzazO7Ok8cEwT0lhfL9l9JdS\n9vrk71zRCCNe6UdDQoOYqAukTbT4YKAS2W7AmHH/g0Y9xIJGHpYB/Q==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-17T15:13:14Z", diff --git a/vars/per-machine/verbena/nextcloud-s3-storage/access-key-secret/secret b/vars/per-machine/verbena/nextcloud-s3-storage/access-key-secret/secret index 32ccd0b..493a6c2 100644 --- a/vars/per-machine/verbena/nextcloud-s3-storage/access-key-secret/secret +++ b/vars/per-machine/verbena/nextcloud-s3-storage/access-key-secret/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:ekQgkyM4yo8LHVmN2ixGaIaz4quZiMFVhpD7d4K+s4fXKrL/Tc+so+bIxHQj3UlGgYAOvIqWHRZ/aqDZzFGGjw==,iv:bnYpVa1Ug6mhUsGSHPonVBT6g6Bhu+f8O+i8ieRtDik=,tag:jGScke0h1OHKj1DL31JhjA==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBaTg0OStI\ndDZzSGtucnplSmpnUndxZnNZMGF1NTRiZkluNy9tTFk2U0xTYQo2elhYbHlkZTlX\nVlZ6SjJtQTJXUzQ3Q25QaGFVdnZYS1Flc1dycG1RREdNCi0tLSBPTFBydDlpMW5l\nR1FKNlNLdE91eFBJcDZrcERiTGEzRjBkUXRIYTVTTTFBCrehdm6kPGFqTr2AbQ0f\nLBNGf3/lPIca/KW7NQS3IKMFh1xsx1EFEbxkUm37/LvQzlpzDCyyfEaKEBjBei1b\nczk=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBNEdBeEov\nNEtHTXpIT3dxdEdYajN5TmlLOHVEbERTUTRjZ2k1RWZ1akpIWQovOVN4Q0t4OW1H\nam9ldUxXK1h1UzJDMkJ4cHpwanAwWHo3L2xidG16WmNzCi0tLSBLcHpVMWZyaFJa\nb3dvczZ2NDlOcEc4RWFLWWdwdGNaRFVZR3IydFVKMENVCvFL9H0+LpUTDM9cjfZT\ndPQXhHZ52UjtH1cmGMYxRlzD0wkowr2ar1TCAn60tiWuaM5xxm5lVRN9CV+nDEvJ\n958=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBdmF4QkVw\naEpWaGlsUVVJZjBKd3BpaFZMbVZtNVFTWFBlVXFxdnhBNlJ1cQpUY0pPV0pmWWln\najdYajArNythcm94d0x6L29PSHlFT204dW96RjBpNlNZCi0tLSB6TXVPRGhkdVRH\nb0lNMllpazZlbFNsNVFGdEt5Sk9aNmZ3ZFhWajkxZTFFCpdwi6IV1i5UnYSgg830\n4L8vS9E/KyKCKzJzgrYVYxJ2Jn4nQsHotBxJgHpy+EhGyX9U61oPUCpCttodfi6a\nlMU=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoYmsvM1lHYXlNWEtTdlZs\nWE80MzRNdEs2KzNZNmk2RlZJQnJMVTFUQndrClBGNDRGa1pDMjVPV2VpL1BudUdT\nNFNOajhTZXJyZHF6bWRWS1ZGQTdkWGMKLS0tIDIvUU50RktndUhqbjM2MkJ0VnM2\nNVFrbUI2SThTSTJ2ZnNxZk9LaUhBamMKIb2RY2REJZsHuz0IwvBYoARpFfC4Vmu5\nkaDfR3RUm1Rt7Urm+zTC0Lb4qi4QAiQTfNp+vpZpg/zNgFmoRE47rQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwSUQxNDlTTVhIZ0l4SlRu\nb05JSzJVQTkxeEhDQ2lwbUk4SFdaV2I5UGc4CmtkM2J4bWRlZ0JqT2Z6VGlqQjcv\ndmNQbVF6STBTWGdjWXVWZ1gvME1UWmMKLS0tIHlGbWI0T1lQbnA0Z0NyN3lhUU82\ndUJTdjdwTTZ2N2lhMk1VL1l6bzFtWUEK3QaPsEpTMuemfvLvmOisEBN6JATMEJOA\nq3UCMhsYu37XLitAyrE6QydiYo4JhvZYoMX+Vrsq+qWCtm7+7KiVTA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQNU04UVJTSDdRekZpWVd6\nc2RwM21CcFZYQlE1dENubzJpKzU2S1c0aHhRCnlDTTNMOTgyZUkzTHdnY2I0a3l1\nM2tLUnlDRXRHYWUxTllzcFJiVksxWE0KLS0tIGtQcEVvUzd2bHM0MStsL3R0bzlY\nQkVsZ3ZRZ0lETlcyRWZWNWJZZmdkZHcKcHasORvG0XGQ8SRKiOZGlsSHVkFDivOu\n1LBMwShKpBXqY1vb9VUbC6x77RwR1ABNgwk0ybSxIRq/g8SXGv+FgA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5V1hpa3NldGNJU09XaFI4\nTEVWSWNuQ2wzd0FWdUdtQWhsY0hUNkttUDEwCkpBMVJLcHV0NUFBeEVyTUhCbXhu\nOVFvT3A0NUNiRmsraExPWmoxOTVXbWsKLS0tIEJ4WjBXZlkzRU11M3RkYzZld0tL\nS0FXcXhrOEZNZVBxbUhTODhtN2IrK00Kx22WHcIkC/IQmBBVtT41g/KHpnqyCSL0\n1XN0O6glllp4VQG/QqFljjGSqGp7x9DoC1/7RKRRJFh9PLAPK5W0FA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-17T15:13:14Z", diff --git a/vars/per-machine/verbena/nextcloud/admin-password/secret b/vars/per-machine/verbena/nextcloud/admin-password/secret index b44a615..7157997 100644 --- a/vars/per-machine/verbena/nextcloud/admin-password/secret +++ b/vars/per-machine/verbena/nextcloud/admin-password/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:1MidunOjhcm7MZSfQSor8xrGR3KSM6CAPw==,iv:/QIxqzJ+115R0C8eH1T6gHeJ5HdDAWcLZzEvhpu9SnU=,tag:PvoxKpIz3nTPlHgMD/MQ2w==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBb3BKOGZw\ndC9oQTJKMDZqZUxZdzJMRjV6MFF3eEV3TEtHZnZQcjVSN2dJVwp2MlFseGdMUWgz\nenpONktML1B0aVFxNFNWVWZoc2I1NUI3cDBIUk0xY0ZnCi0tLSBrM0hzV3h5Ylh6\naHhxcWZLaVNqZWtueUFTdGpOUnRNNm5GSmd0YXoxanBvCtuxwSc3CToGHVflPDm5\nS33vbLLfD7+y9ZtYCyAmfZ9fSu6Go0vZxbGoIe3vdg9vvIOQoO7IWRdr805VQjc8\n+1w=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBNUM3LzU0\nTjFSLzNnZEJtbjB1SDd3RXNma29DWWljNTBKZVI3V09Ma0F3egpnZ1FWY080OFZT\nSnBTSEZCRVVPWWhDY3RUNHFuVzI4ekV0NGozR3NVL3FNCi0tLSBOcjZGWWUxSjNB\nMlczM3B0aXQxWDFRMHZHWlkwdHJHYzJHSUl5Mlpndkg4ChTUufpBny2OrXbu9amh\n92JL/Ys1pJMFSTnaDTq5jBe3UTsZhwHUHqwT6AkOQneJXNE29PXpA/6qF7b+mgPR\nlFs=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBNXBpcjNN\nY3BSSC9lakJUR1BOV0RqNEdEL3lPL3V4bHdaUHhBVlhleFVDMQo0ZWxyb2ZUTHV1\nQnYxUWw5cnAyTEQ0K2R5dGlXMUJwaGpRZmMxVGJ5SUpJCi0tLSAxZUxMcTlKL1dZ\nVzBMZm1XY2pVbEljQnlFR0VmbDNGVUE3U2N0dEVscmY0ConyoftT5dCvCP5iHF7S\n10DI9LZsyafIrCjhKjUxvwZ35sk52tZFxBs30WMZpDipctPXO5grmXtydYxDjjOI\n08Y=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMTG1GbWJjZVovT2RDWjA0\nb1RoWWhmYmdPN05sdnVzNmcwdHJSQTFQTFRNCjdCcWlrOVNjUVVFU0ZNNGw2N1R0\nWUVPMjhRVy9kbGtrczAwTVlYVlVmUEUKLS0tIE5uMHhIZldCVGFXYXRWRjVXOVBr\nUytNaUdMVS9yVyttQVNSOG0rNHF2UlUKvozOnL+B8qkOyvDm1CN6w+NF6eBmBYJh\n49LbZ45Yr3eRFAdqGu4MXf9PrEI5fvHV75I+8UW0jpupECyiLT5Alg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3RlRMb01rOHJqTVRZY1Bq\ncGNTVlJXZGI4bU5tbHdKTXN0bUttTlZaQ3lJCnJjTitiZjNPQXIxdWJzeGtteWN4\nNFRrUVdsT0RDTVIydTN0OWRtS2pmZkEKLS0tIDVyN01CenVVSE55OE1xZ2dNUnE4\nWEhLeEhEbnlyaUVYS01XcU1rV3FmT00KLGcgKGhhWgf12XbPy8VEqeoObyfEoPXF\ngofpkwyQ8havZnGsbwqJDaD9KSxtLb16vyam82Nr2wlNAxoQdMnDSg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFQjFkdnFrSmpWNzJuVmpB\naFQ5bHJ4c2RBSzA3cU5ocjAzTmVSa05nY1VzClRvQkcwZGJmVlUwcEVLZHZ2Z2s5\nQ2pveDJlQXhKa2FycVdFclcrUmRZa0EKLS0tIGkwaFFOcUh5cXhXUG1DYjVDakpo\nYVltdTVMbjJmdWdUSlpOcjA0SG0zVUUKiDrdKte18Zy+CDWfl7BW/+7xtcZ3azHO\n8xh+tDpUQPnVFlKlsy1Qw/JLHHmVwckeNkDa6XauZcBW5ftOgDc3zw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIZlJYa0wybHdRUVBaK2ph\nTWJ4L3pCa2gyRTdMQjNQMTNDY3JPZ01UbVVjCk1RSkdlNGxib05BV014Qm1FdHFG\nNEdiWkM1dlhINXdWT09jK1Nub3dVYmsKLS0tIENacE4ydFNUSHdseDFnKy9qVk9a\nUlE4VkQxUUVGYUZNQWtXVjFQMmhVTjAKeXpKLW/n5f24iudXBG9tAptzKfDD0QMR\nWf2PazgiqOpBpBBRAoxV1nXseUMI6Q9ORsddyfa0BTGlX8BJknizFw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-17T15:13:14Z", diff --git a/vars/per-machine/verbena/openssh/ssh.id_ed25519/secret b/vars/per-machine/verbena/openssh/ssh.id_ed25519/secret index e9ea14e..96f6b6f 100644 --- a/vars/per-machine/verbena/openssh/ssh.id_ed25519/secret +++ b/vars/per-machine/verbena/openssh/ssh.id_ed25519/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:rhT/tKlqv0mjlvVCExyYssF9gO2R145z+R4XT6vFYnmVwl8gparg2CGZjnFf7ukS/7Uh/yhG7lMIstd5kaLnmeop9EEclzXoIa4XP1s4FAsb6oD/7PJtxuWF8cvDq+whwYtau8ci8HhkxazVu445rQYzmVOtttxDCwpol+3r+OP6Ey+dSITQ4n03X61bffQoBjnh4gT5wpaMaOEh6B6D1Tzp4NuitdUIBqKgBUi/LSeejePIamkGdhxRJ8ZNua4y9NcrDDxYhwzPkNirQB/Bc6urbaNRKVqdMKhNG4gT0tXkuestfiHwHpjrq0Ymuy7d/RF1M5cLXIY4Hjix8qXh8GfpyxPYBSXilRy9nmgc1k9MkPQvmxdGNis71XxI1oF3rA+wa3VRjJS+Kc+Hu+9aBUr2YY9FrUO3kQg977ttUOyJO9ihrNvlsgDmm/y7cOpQ5Fx7TkSd32ugOG2TtHJTk8+L0j56Xb1kPuoQ3P92gB5I+X0bflYDf1IftgFD/M2lHIRd,iv:9UymekNxnAfYblC3/9sYvenWS2370oD/fG4LHHsXz0k=,tag:Ywl9wF7w/QvYVIIjQ3mrdQ==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBdi9ZNmVL\nYXhySkgyOE42U1Z2TStlUkcrRGQzRmg5eTRYOUN3bmYzeVVxaQpQckNvT200WVdr\nZ2FnM3ZXbmpFdGlMUU9hYlhQeUJJL3FkMG5rZFVnSCtvCi0tLSB6RTZOSFRtdm50\nazRTOVlxdzd1alNoRDhwYlVmTnI2SmlOUjExdVBHTGJVCtznop8akfkY5A/XO8OY\n+eB6YgNQaF8Tijoq3tM3ynifvLQGbQYMh/92N9wsFZs7K4ObsbdHbtNks6nMAWXd\neic=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBZ0p4TDJa\naFVjYTV6bUFQVXpGUnNRcG9ZNCtMd0RyRnBUdWlWYlhkc3R3Sgo3Wk1ybFI0VEdT\nTkJCT0UyenVQRnVIOXAzaUNPdnpiTFA4K2N0bzVVWW9ZCi0tLSArSjhhZkI3OEMr\nYkdCR05JdENOamNGb01BbHZUeWNrYlBtVTVhSCtmT05FClr7VkQGjxX6VKdkTn81\n5bOcHeNF8wwJsTNc/oNPw0Xu6ZgYW35N2q+QcEPykYZiHvuB3z03SdlS4gwgqd+j\nuhw=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBam1HMSt3\nTElLOGNsQmZwVmNMcm9CSWc5QUc4RkxjUEl0RURkeUZKZk1ZNQpzNDhVV0dlbnN4\naWZZY24xbDBiMVFRbmpOcDlhbGtGTjVqSnh3VjFIZUpNCi0tLSBCaFg3RWZWU2ZM\nclVBeUI2ZXJZMFpNd2NvOEJwTlFESVlqaG03UC8vZDJBCpqzxKfjr8oLfhXpEH/k\nP+m4pUdpFxWbSN79OjauXMsaCLiyNcRRh/stzgUVZSY06p8BjY54dXLxnFIwXGje\n5b4=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvUCs5Y2cxaDZVUUdoQXUr\nbFhXSFBEeitPTlNHNXA3TldoUURhOENsV1RVClhJSDZGYjFLUVhySGhLWkdNZ25Q\nNmN6QXFCTmNEQ3l0d0gwTGpSbmVhMzgKLS0tIFkxc3VPNkptaTV6ZFhZdzY5WUVx\nYzJXUThLdVF2RjNSWEl2Y1ZDdUM3QWcKXiLbCTbp5EL+aBjXGeZ6W4HB2yfvRe0/\njXcmu+VMf3BzDiGq5RUADbGCvP2/wR9/FyRDw4yJDPQ9Mzz/eo6oZg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0VWhMK2hwcUxhUURqc0ZN\nZkxHazFpL2VXbzYyN1AzeTBETVZRKzc5ckZnCmNvcXJOdGo5Uk10OHhYVVczd3BU\nNStPdlVHeks5c0xMUm5ITWJ6QkNROUkKLS0tIE1OT0ZXd0trL0VITzNvakhGNkxY\nVUtZZ3EweEZaNy9YMDdWS21xamp3SmsKdRWrBH3Urx8Ws8ND6kB7ZvKCNM4R9NQd\nMDfPhLWxm3QPAYUX+VOsqz7A+0/ppIF72WTEPDxcu9HF5X7a+dW7qg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTTkxQUUlpdGYwSVB1RENL\nR09zcEkram84VEFLVnlQOWs4amRSU0Z5U0FRCnVzZHJiUXZ1WWVtNWR3NCsrTVBr\neWw2c2paMXg3c2gyT0sreXZ6MnA0bDQKLS0tIDl6R2IzWnlMQ1EvZ0ljckYwYkpW\nT0pHSkpPM3V2M0llRXgzalRrZEU3L28KqDK0lMkBjiTDD0DNR+yVW+4G5QhJPoaj\nei6UQjUraoMPnuSTrzAxGOcf4Ui8A6kXTDlpFn59Z1+4lU5QrRFdtQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuN1hPek1xQWIvazRXenZ0\nRk1OVFFtMUswalhxVU5tY0ZHUGFKbWV5bEcwCjJ1T1dXbng1VHVnWmdoUGNCZGtx\naGU0bnZnTWpETVIvTzM2T0g3SXE4MEkKLS0tIG9ZL3A4MTRsM2hqZU9IaE1tbkkv\nOGQwekJMWnFZWms4ekl0T3RjUCtiZ00KvEufhdEDX7wJKFY4qKgOEN0qNGEWrzeC\n7buI+inOG+40IGPQKDNEobhTthdvC/QOlcBrYb6YyMonXd5mzvs4Rg==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-11T22:27:04Z", diff --git a/vars/per-machine/verbena/root-password/password-hash/secret b/vars/per-machine/verbena/root-password/password-hash/secret index ff5a439..60b11a1 100644 --- a/vars/per-machine/verbena/root-password/password-hash/secret +++ b/vars/per-machine/verbena/root-password/password-hash/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:trmjf2lKYlYKajTS2t2pSDVQB3X4NYFNdnapx+xAyGJGgQtGV/TCJDDP+9JsWgbv89+SARrQ1qNhl/tw/HZpaOE66kYhZSEtVpVzsGWAoSdKxQVvvNbySBo2Y1TOfg2JS+f+/O5MLiRoQw==,iv:a/4JT2zmH/uyMYEq7YNR7CoONowtQjRCEUGYTgKj2rU=,tag:2nqHveDnULuXnUWmaW7Rng==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBNmgwNzVQ\nTWg2dHo5ek5McVNPcWV3ZXRlc0VSaCtxSlduYUtNejlEME1EdgpBalZXN1FBN2k2\nY3EwOGZkVFVFTjJ5RUZSUHIwNm1UN1ZJOGViSmZsRWU0Ci0tLSB5RnA4cmZPb3hC\nK0RlRWJvZ1RaTC9sQ05yQysxbUZvaVY5cHNLQlhqN1V3CtyWHyYRJFWh2HKUvYSe\nMezFaFiuAy+raN3I/okVQzP8oDHkOYL8EjFSH0YsYZOjeEH4nWuVFRWSD9s1OsAt\nZS0=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBMEFJUEND\nZHpCSk15SU9kY05ZbmpHLzFzRDZRV0FMdlZmc2dYWThIQjEwVQpkbUlPMnM0dGlK\nZmtLNGhjZE1iVVlLOEZEbzZCUGtMOWhnczZSQVMya2FnCi0tLSBBNGNiaWk2bmxJ\nN1hEaHRuNG1kYzFqWHM4Y3NmUW5Hc2NWNzJPZjlaWlhVCvx8UWw9jQsUsiuGx3rE\n/BaLSczPUgr5FrJAWeNUoPg16ABO6HpaqzOLWSGgPf2ZVTNqnyxbJYOl0/xtFyZ3\nwBw=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBKzRTWWt4\nVk9OQ3Qya2FzUEhjSUJDZXRMemdoWXp3WDVQaXRqN01CWE0zRQpQeVh5TXYxS0JO\neGo2ekRDZmtIaDRFUEt3bHpNcDNEYVpOQk5WNytBdU00Ci0tLSBUM1RnNmJ5Mjdi\nSUlxUVltVXFGMTNWa1Z5c3pGWkVhTGhFTG8vZzkwQUQwCnqSvJ32XEp0CAAcyzq7\nLSQJlNV90YiS1nQVcrJmK/vAtKYnWksrwEF/q2HryBl9t6UEWKrWccPdE0t9sKJV\n8Hw=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmVlN5UlZKUlJYRVBNc0I2\nMXArM0RXdUdRTC9wZXZOcW1rTW9ORHJCM1NvClFyTmdwWlo2L0c3d2huU2gyb2lW\nZ3RsYUZMMnUxc09VSzdFaEpLczJEOUUKLS0tIFp3bC9lUDV5N25nMmp3RTc2SHp1\nSDA5NW1xc1dIZmlrZlpPYkMxVWdrcEEKR0t71FX4+cgJp7sl7Ra8itIX432lujao\nZeeiAyqje4Q5BZv3XL1NgVYRfbintu8GQpYdUVX0UEzKaFWFN4rWvA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBISGlPNzlZVWY0WDQ3WGNa\nVmpWcXI0TEMzcEd1SElNZVBKancxdUh4U1FFClJOSFVoQmVLSDVXZldEbHJ5SWdS\nbjFDZUEvQnh0ZG1Vc1FmWGdONHlXNEUKLS0tIDFlMlAvblRlSkxIQUdDY0o0ZzU2\nWC8xdlE3RThTa0tjQWl3SWoraG01dXMKg3N3lY9Nq2MEwDPI68/x5SmQItOrrFw0\neq3ejjoarreaQY0gC4Q32fbTjvumhmEYbMObMUgs7tfET26TWSQ15Q==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyY2J1T29YWWJJWTFZdVBz\nUW1QenZpSk9heFZzT1l4MDdPZ3hZZDJsaVdJCmxEZVY3dE1KTUxRbzNJSXlzYWlG\nNkxEKzVwNFZuYnZPL3RkUHpNUU9sWjAKLS0tIEtaYWJwR0pCdVZLbzdoZEJvclhY\nSkI5aXlXRHF4bHJFbk1ITWZReENjNVEKZsO7MbytZkFUbbNgPxm9iqN9U3ZVDkjG\nrB8tZHWMh5no33/IfC8WUC+54JbEl4YpI8kx9X7lsV6aro2Lv+Iuzw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVSndOZ1Zka0FvdkY2YTlB\nT255WFFQUzR1bXNuakRYRjQzWTMwQWVDZUZnCjZhRldDYVgxcDVCS2NpZnY2bWQ2\nZWlXMFh5NG1HeG1ENEJRYnRZb0hobFEKLS0tIFdQLzQ0b2Q2bTFZbmxIYy9nTUwv\nN1ZUcUpHM0VFdVhSZkFEWlZrVnlGVEEKxDF/S1N8H+y5z5Ef9PeL3TNG17HnDMtM\nZXdf279bpDCP7NZXMXdSPS7CYsxEs6/O4oezTA0RfiCIVsRGPrJYfA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-11T22:27:07Z", diff --git a/vars/per-machine/verbena/root-password/password/secret b/vars/per-machine/verbena/root-password/password/secret index 4eb0cce..4aa7bf2 100644 --- a/vars/per-machine/verbena/root-password/password/secret +++ b/vars/per-machine/verbena/root-password/password/secret @@ -4,11 +4,15 @@ "age": [ { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBbTFyY2xw\nZHNaQzQ5YlRpejZ6OGwrUzZsUm04L2NQd3pMekZYVzNjalNmYgphVDlTMStwZlJH\nSVJTRGJDN0NKeFF0QVNxdUhLQUMzWE5OVnRXL2Q5Z3hJCi0tLSBNYVl1MEZmdGdM\nUmdiZHJPQ2MrdEd1MDY0VlRQVXVqeFBvWmluemJod0VVCpmPCv4gusEkJu35guKH\nvUcG/NqkMLC7Ez3bEOxo+x8sb+WEsQD7BwrAh5el8OVGBw/hoiQfGZk32DJYdkwn\niUo=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBeWV2YTNa\nTFhYYkxUcmtjV2Y2RC9xN21mM1BrbGZ0cjVlUWJGNmt1em5rbwpGR2IrbEI4OUF2\ndVIrSmVVNXF3dk1INmtIY2NpYnNpYjZYWmt0cmwzMEtNCi0tLSBVVkxpOTZESjAy\nd1dVVjBlbDRwZ2dlbm56ZTZMOC9EcDhDVTNqVE9YdzZFCrBb7pbTKjMh/MQBqmNe\nGhoktFc9quC6WpEJngRJ7lqRjXgIHxGlMUvhhebaQ1vwfMN5zQRa6DhwV+tb0R4V\npCE=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKeFBwYWhSOFBQdHEvR2Q1\nVHVGdlVCZnNvM0l3ejd5U1JaSDF2UVQ3dzA4CnRpVzYvZ3ZRQ0lvWnBvY2VZcDZM\nclJyWkRjMXBONVRhOE1hUkgwRFFXWFEKLS0tIFJHZHRXTjQvRWFSeFhxRllieFIy\neEd6aE05enoxNUs3VzZaWTJXemVrMUEKo7uiDkQ6quMRPKhtlBy/e8SuT03/ins4\n8W3seLVX1HNm7rzmBTJ8Qkbyc64TLmuyAR/3LwgHZ0L4s/YjiSyUpQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPMFhKcGdkNkU5OUR1bENR\nRHkyOXZINCtNSmpMR1NUaU5YM3dlVGdLSGowCkRwWEtISHk1QW53WW53djNINmlu\neWxLOTk3QmRkYkhDb1BEMjAybmlmUkkKLS0tIGxZakVlaDZtOFJ5eWR2aFBFMTBY\nUDltU0IwMnZpL1VubENTeHhBbklDQVUKkma8t35fQqvZ7/RpCwfyPpndvzngehK9\npLcJXr64/eYlOrHBNWbnCodiRrBAVmc2nLgBZlG/rK2tjRvMWOEMuw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBbjNaRWt6\nd01IeXBHM0huQk4rRlJ4c00zd1h0WktLYzdHOWJoWGhQWnRrTQpyblZCYm02cDMz\nRjdwVkZscldieENsWmw1WXREQ2xPY2N3RzVyYUpnTDVRCi0tLSBSSEo1aXdXcTdy\nT1JLcFJaQWptNmhpZGx4QUNUZVl3V01ZU2ZjQkhVK1k0CrQtWlYxBIoB2+8BRf6M\nbQEStAJfuIOIOmP97xbMCpfo0O2kJttsWu0p9BmSMtyuOJQtqMu0edVqCEA0qf9v\nwkE=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-11T22:27:07Z", diff --git a/vars/per-machine/verbena/step-intermediate-key/intermediate.key/secret b/vars/per-machine/verbena/step-intermediate-key/intermediate.key/secret index 7d39ca4..5823b0b 100644 --- a/vars/per-machine/verbena/step-intermediate-key/intermediate.key/secret +++ b/vars/per-machine/verbena/step-intermediate-key/intermediate.key/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:QviBFbMDWAFaeuBSOCTA+qnQZlOIK1KZVK/6GzlsmouLxh1rytk6EGeSQycHAhQwuddinTfU3VKGT2PZUmUhOinHrcf3RBlD+QMRUSf4Ikj4Q5dCwW3agSe7fzRutRVTA5cjBQaKnWPllYmy4+l3Am9UfOPwz8nETzvMK2IfttaQf4w6KJOvg/mxT2OM96pzRIcITLBeNpZI6Jxjds9LQVcisEwpQyxbJ7qi5QnICq5wTtlhh6fGaYM38FTLcSi7NIspP3BN8teX8oOdY01JjnXpIuMSKVQSya6RPUWTEQ36hlY=,iv:E/SCmZoEGVu1ou3Co+kEXDm6cJFrLrvSTbfdkeHrkIU=,tag:+4ACjvUtTT22r4uepTfWjg==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBOFA4L3Zr\nZUdYZDBSUCs0RitKajdveGlJbUE2ZFhiV3lsNGFrOUdHenZoOQpxQVZKVTdrYzRp\nVGVPSGpjQTBGYkFYWFplL3dON2dCNDgycFpmYW9QZU93Ci0tLSBnZjVOc1RON0x1\nWGxRS3I0UTJqVXEvTlpINS84OFRJcmZVdnNUTmNkSlZjCmOjq4Dj8c2iGswQvHU6\nyT5DIFwIWhsKb26z2zpcVajp2kdYpdunoCJfYt8FeIRg1cl/zL/HeH5NcO6XxGhM\niS8=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBdGZrNUlX\nVEJaK292ZXJGNURzR1pBYjlFTWpiWTFLRWF5bU5Wa3R6dFJENQpRRjAzSVU3bUlU\nTGp6cklUQzFLSWxuNDhzSXZXVXRxNXI1YlNqUlFybW84Ci0tLSBTQ0xEeWlaUDNn\nUWVpZFNMR1RBN1lEZzFpckFaK3JzVkFKUm9FQXlobDR3CiypS861jd/CcpnK4j+s\nsRS5ni79uNk7dMd6f5uRWjJlHcXPXuOYYlu35/Sih+2K6NcVA21+CF1TVcHpT2o7\nxXM=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBb0ZHNUx4\nT0NOcTJxR1BLRFQvdFc0U3l2eTlrNFZQTU9Ua1RrNXJrY1ZlawplTk1sNE1Yd2dt\nQzJOZGYwdVRVV0JkR0pPaGFzdzI4TEtxWEFYdmoxcmtnCi0tLSBIckk3ZXp2Z1RN\nN3g1VFV1UjRxYmUya1IrOXRZK09HZmZqdFl4VWUxc0MwCn530MbLBtgL3bkNwVP2\n3udSFE3EnObtaOnqrlEbggrpLPWMR23plqGV2t9mC4a+xyDXESgnrRlSYbwwVw1T\nE84=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5WFl2Wi9vd3FweDlBNnQr\namJhSDNNVnhXTFVRdkpzMHZWZllRMWwyenlzCmI0dHQzZ1lUSEFQckYzTDdFcTF5\ncEx0SGtKUno3TDlxbnFWdWtYM2xwbW8KLS0tIDQ1TDIzVVFZdmg4aGJYSGZaeTR3\nOGsvZS9nd25pUCtOWkViVHZqczk3S3MKednlp+IiGjQfOEEq/Zklgmb3rK110KqM\n0EI2c2Ccx+I4ss9ukV9xxhCQymW/siqifgc5gg+CORB0E3RIc1p5qQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxNW1WSXZISk13Z3JRTUFC\nT291cnpsb29WMG4yYTh3eWlrK0k5ZmpTV0JvClZpMk01aUREWHgzbGZhZjJHM1BQ\nSDkrMkdQOW83UWRQbFZvUUlHWHU3YkkKLS0tIDZTaFhqeVpYODNReUU0ay9GMWd2\neDZ5bUlXZXRiVlY1Nm1UQktxK0FmWTgKwUw3iHRnF1rAEFCyWTCCbtVWoWIPSVR9\nuCY+sPNHqZZlJ8AotgXl6ogcolx7ztbcgU4L0wuqfPeLZkE5t5sB5Q==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDbElMdkpQVUJMVE5NUFEr\nUy9pUjUyUnRVckh0RzZPVGgvM2Q5TTB4RUZnCmpOZ3BEaHMrWGpqd3duc2ZqdGlR\nNG9WZERPZ21KU0RSekI3eTFIYklOemMKLS0tIFI5c1pEWklodjlvOTYwR3A0SmdB\naVRqT01MZVNXNmN6NCtlay9JZkhZSjQKtm8GlfVaPdN8lfOZksRBmZu1ty/dBjVi\nzyPGRfUgIiQtUxFPCBDu6eKGUJ2BLFxI5qIyiXYv4Oh0t4X6heNIag==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFQmlFaUxWS3BZTjRqMFVm\nZVVRcXA3NzNQNGpzVGZVNzB5QUVvTFZnNG1vCmtUUk9jdy9GQ2YydjErUENYU0cv\nb0RXTEROSXREQ3hFM0k3TFpXUDV3TDAKLS0tIDZCbitTNTRaL2I5SlZ1SUhvQWQ3\nTXJSazBOSFh6cHg4UlpwaXo4ZFliamcK6E//G58skkbC50OTFgxNIShCdMY7BoMz\nK2NJidEtpExXA1fo+/D6xA9kuh5poCOxinfTS25ONP+xhWIpchs0cg==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-11-22T14:02:44Z", diff --git a/vars/per-machine/verbena/wireguard-keys-wireguard/privatekey/secret b/vars/per-machine/verbena/wireguard-keys-wireguard/privatekey/secret index 23803e3..bd161fb 100644 --- a/vars/per-machine/verbena/wireguard-keys-wireguard/privatekey/secret +++ b/vars/per-machine/verbena/wireguard-keys-wireguard/privatekey/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:Le4PZ5jFQXxJYGb8LgjrK4xWbjGvVgRziD1IYove4qmoIYfxNmbb8zZxctZA,iv:PqFFN7WM9oMXk1w8S3Gcqv5nIpaB7KrcqCIsX0L2ONg=,tag:SpVwb//AdQUmMhFf0RzMWQ==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBdzdLbjBX\nTEw5eWhaK2h0MTE2bDBGczQwZXpQZUx3bGZ5THdqNVRpaCtQNApnMEdybTNFMmJY\nanZ6M1J5bTltT2N2dGRDRldvVjJNc1dva2RNSDF2azVrCi0tLSBEWTBvUERwdVlz\nRE55UkdLSHNGREN3TTFZdVFkbW1pOFJuU2cxRTJpQXhRCiPuchb1k8uEctJJH7+/\nMRpRSYQoX1SVcSXGLhbVimVelCPddjIBmdqmnayJl91dBU6UKP2nTGJWOOunFFQj\nGLc=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBNUhnd2M0\nREJLNWlJaXFjRnRLVisxc1pVQnJ5bnluQUNqcW4wM1hscU1GTwora05SNGJnTVFS\naVZ6TGc5cnZoVHRQMEJXS3plTUVOQUl5TjFCenNwNXZFCi0tLSA5M1NWQWtWS2xy\ndFJIdHJmT3J2aXRmZ0FieVhTcUtLY1Q3TVVva1pNRkVBCsObaUakVpSiAHvWbXPR\nqHbzq52YKP+k5piBmJrKLCLtnXA+2jry7SIgJk8kEKmxRfLbPD9AnyL+bmT15x9h\n3Ms=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBMW1jMHY1\nNnhUU3R2bkRmbCtzQ1ErWEVLdmY4amhob1MxNG1CTWhhREFoMgpMSDV2LzdlZXQ1\ndzdDS0tjQmFNRHVxb1dDS2psS1lFdklqMlM1dTIrbWh3Ci0tLSBOVlZXLytmUGs4\nRytFNllOVzBmUlNGV0NZUXBDUTYyU2UxWXFuUmw4d1ZJCkaqdnvc0xNwNDvMjVyO\nx+Y5MOXIrjOnOu1IgGo1NKsrfOW315sP2fuVxgVBF2UW+3pGYu+3FE/z8Yqbk3BE\nJWw=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4TnpzbkJMRUFPLzA5NUdV\nNXAycGFCNmxwQy9RK1NKVk1kTkpJZDR5TlJFCkdQc3VZL2RaUGlOU3cvTnNSeVdP\nVkk1b0ZOQVdiMTFxb3k3ejA0aGE3aHcKLS0tIC9XNHp0T2NoeGtxU29oeWkxb3dm\nSjdiZG1TZk9jNEVZeHdVWkFPL0hYQ00Ku361q5FT+1EnJAOUdn19givCtoKVOBrp\nRylyba7uM5sEtDkrcHvlOobLuNWpMp8RnXeMzrt1c56u6tSMqzUPZg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvV1NHaFRLTUNtWXhkNjgz\nd0dyaThweVIzc2M5VjZrUHFmcER6cWJna25nCm5iL1JTdDFwRlhJSTRWYlBmaTh4\nOGpULzZGZFZiMlpvNHU3enhTd3hUdWcKLS0tIEJjbjBET0RISXBFZjRGTC9OMWJY\nekloMmVhRzhSQzhhcHZhNzh6NEhnUEkKeFExfpKJ7VbHjKVDB/HAptqg/flCkeOy\nSZ0IlXrQtCiYXVq2uebrLxxkcNKp3exd60YOUZLBHTUjuUspqwV4cA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXeWN5bU5La0t6dUIrM29k\nS3krdVJOSkIwbXFQSnVjaWtXRldibzQ1ZlRJCkh3VnBoZ0lTOUxFRnBDekUzLzZJ\na0ZEUVlhaFBTdit1MmJPQ3RKNk9PMUUKLS0tIGVpemRSVjU0VnhvMkk2MHJrb0Jn\nVytTbGFLdXBDU3RaVzVDazNsWGxiZEEKgBKjnZR7D/LfuCtKFxfxJ/9k/QdnZ6MH\nnzU9Mzv7DvqHX6eAFGt/sYyO6xkir/YFCV81sSJNp60cP53pB4mkPQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3OVY2MmRZWVJqeHJiclho\nbTFXSzExM1kvTi9CdEMxakZ1aWtxMGJXMGxrCnlSUSs2RmROTG1WaXprbVpnYzZr\naytWSXFOdDFhSHBTQm9xVXh4Y1hiTGsKLS0tIFcydlZ6NWJ2VVBFbm5meEMwalRT\ndDBXb1UzN3dCMUkyK2Exa1lsTDNpKzAKQLQKn4NwQwSnPauRTWytIX6FxzUzF17S\nTw8HQV0BZ6z6Dv0wbzGMwTRudGRM6f26RWXvgYHny1nBahSOvnzUxg==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-11-21T15:59:22Z", diff --git a/vars/per-machine/verbena/zerotier/zerotier-identity-secret/secret b/vars/per-machine/verbena/zerotier/zerotier-identity-secret/secret index 5893ccc..61b5991 100644 --- a/vars/per-machine/verbena/zerotier/zerotier-identity-secret/secret +++ b/vars/per-machine/verbena/zerotier/zerotier-identity-secret/secret @@ -2,17 +2,21 @@ "data": "ENC[AES256_GCM,data:msrulcai/A5C7SmFzRsIgpAWFft6fHURoVQCPLYjEIQcWOm9K8mPpeX8Wy6tLp5Sz1Ts9WC5RCq4G4baXWYi4YZ/sP0shJVHQnSjJbqNTw40NN07snlpSiwyGK8zU/RGyS9jxA6SHAiw5kCFZwdLbkVVHwgGIzxq1a6fztMr1gEjfPHILZ7hkEoNGIA/Z9/ry5b7gFdFLdjW3EfjBGdDJX8+Vk+QPqHJEYM9vR5kb86XkH1ZSaKtKaG/vIvYm932iZUP+J/MGee7RC5epvYKUgdKj3Py3w4YQNO0IY7gyzgio3Qr/qQaclN9kPY9rwG6WPbPT46SxJAzzqzzhkx9wJJyLSiFwm8nW+Nfy1km,iv:8F/sYFTc0fiIgTFmssM1nVeG1OZnqS0nXU5ap7QyK88=,tag:BvWwqQPX1QSTyzavUvIhVQ==,type:str]", "sops": { "age": [ + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBaVZUeFlj\na0JnRTN0K0JwUGszck1xMS96ckdjUEtpRjJkUjFyT2Vqd2lJYgpuR0JsVStGLzBu\nYWhUVmxDM05teXdnTytJU2ZsMmJuRmlMTWRmUDJBL0Z3Ci0tLSBFYjVLeGVuMUFV\ndDkycmVpSWZIRnMvWVFoKzJXVHBqZ1ZsU1BLMEhTS0NzCuhvoZEAlqVtFfdy9j1i\nz+ZAkIBvFd35D/lXxr2oTcYbEjYziPNUA5Iy+sSQ7/La+yZ4CVAEIRCgp8tWSi/A\ncOo=\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBekFzbnM4\nYnJDS1V4ZFRIcjl5UjlQZ05MRytRb29XWEREWWJvcXVvcnFVbgpRR0U3UkJJSTVN\nTEdTVjltVGQ1VzJWMm9UelFyUWRnaGE0dlV5bzdPSGRJCi0tLSAwdnNkQW1nL0E0\nZzhGU2JwR0lEMlpCaDlkRHRXbzBkY0VrT0V1VFBRNmJFCvJh3s0zv5JaSU2xS4oQ\nIXKdnQVgVYjLok8daJhvJfmbUslb3XQq5wsF8HCnAot2SrvLi4WG9vvE52/VRqfJ\nwH0=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBMnAzdkUz\nY3lmRS9BVkdrbkxFb3FPblJHRGhzdWptMlRkWVVrQU9wd1pvUApTaTNWSTdnQVRV\nblFzeFNCRDRxbzI3SyttVk10bFFvWVpDZzUveHlScXpjCi0tLSBPbzNsZzFBZVkx\nQnduMmM4alFRTXNvMllmM284Wi8xdm8wbnZ1RDN3UTRNCmeiu77z9pFT9jjcdSkS\n99Wc8y+JdrhfBlpso9zfFD7IbI+pTC2DDmy5hKTLMet7MKebB5LtmT5Cll/Xqhbz\nun0=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBubkJlQUJpZ1FmQVRLYlh3\nVDdDN0JiN2RKam5oU2hlZ2Q1VnRrcytZRWdrCjNENHY1Q1JNRm5MUEVOc2o2ZG9t\ncXVhdU16MTIxTXlKMUt2d0dSVHd1OGcKLS0tIDFFdDhxb0dFOTFpS014a3FoUm5w\naTJMT0o3bEdTZ3JnbFROUlk4cVNNZTAKIlpOI82TjmiMeKSa/s0ZZnFKFwIV8Z7I\n8iYTrq8/3iVMes5kVgfhSk0koo42O74cVHF1xex5QI5PEZ7BELNfyg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzbFIyTVJxdEpnQzNDeGZ2\nOUt0WG04THZNbDBORDNGTWljZ25kVGpMY1NvCmhnUmp4UFJZWHl0b1ErZWJpTkpa\nenVWcnRyeS9hQjlrRkxNQ2VLc3dpMzQKLS0tIElFNkpPZHZ5ekhhMitJdWQ1Ti83\nVHVyQnAxblFLK1hrbG9qNXdyQm1GR0UKEVtE1Rpt5Yn0b4S/YGksLslk4O1E+F6i\nSEzI8QD6JOpFBBoGxjWiihzGyyalqcnaLP9E6fW6yAkI5GC1GogkUg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2UDR4UjdacEhOc2w5bmRM\nc2ZxRGRCVG5Ic3B0WXVlbm9TNTFjQlV0OUdJCmtySGxwdHpIS2NUNUpkcmhyM2VY\nM3BqSXNOejIwRm5jUUNSanpnaW04VlUKLS0tIGlEY2JaUzlINldWV1UyLzBpdjda\nS2p3WWRCUmJsWFBub0d5dkovOWNBV0UK64PEjSjWCE78GcNo4sZwvQ1VnJ8FtqjB\nW+uNuvF15/C7WjBAHyoExGKZQf1PflHS5AkrzzQCqMafJe/c+fBI9Q==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwa0hKZlZyb1QrQmlSZkFM\nZzNTeVNraTVWWDJFeWEyM2RaUVZET0swUVh3CnpGNDA1cGFhYnIzWS95Y0M5U1BK\nckdrM240MWtyZDJjL1FlRHdweFFWWEEKLS0tIGpLbkZwcGJtRmdHNEpCaXZNU0FR\nTHdpOUh6c1dVNUtpbWE2SHV5MTVSblUKClOTFz/FzLlK1U2WsfUdQ3m9t49vzDtf\n6c7vIHOlBr6C/N3CufIozyohjfFP3DabtzaA4cVI85kU9Alx86y+QQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-11T22:30:18Z", diff --git a/vars/shared/garage-shared/rpc_secret/secret b/vars/shared/garage-shared/rpc_secret/secret index e39344e..c92b38a 100644 --- a/vars/shared/garage-shared/rpc_secret/secret +++ b/vars/shared/garage-shared/rpc_secret/secret @@ -2,29 +2,33 @@ "data": "ENC[AES256_GCM,data:/lXB/mx52rLK4TzJgkyHYleiKQLX/FYVRdgSPrg1+cLzpMxHFRUfedoovKC4ibFHNhnLO3p54TAd353xiINvrX8=,iv:kbcqCEC6/i58u78HQRTXaozOrrdNS3PEMrGfHJqxuKY=,tag:2s/7ZGLok5BRbn25h2wetg==,type:str]", "sops": { "age": [ - { - "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlQTIzWXlENExiWDNSQzNY\nOXRBTlhJM2tGdm9HaGMwaHRjckdZTWRHcnpnCi9lTDBKUndKb25QWEYzOEVrYXdr\nb1pYcFJpWEkxVmpvTGF5akcvalV1QXcKLS0tIFRNajRRU0FVN2pZM1BMSUNSdXgz\nUGhOVS9NdmhGTWNIWU5IUk4yck1IOHMKTXvuujobfCE6DoCntapLbdvnyd3RFH4y\nkPJRTL7sxJcY29KRolRALN2//OSs+NnecYX6ZnuOzw3P0PtM2lTq6Q==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNdVM4WnB4N01NVWtmc2FP\neC9DdGFvM2c5a3hPY2czeURXMlRHaVBDRmtJClpGVmhnTy9HZmFOUTRmVVhSek5v\nT2UxclkvYU1iWXRldStrTlBNVzc2NWcKLS0tIERjd29iRmVkamFoL1E2NzFVL1p0\nTEV4aDcrV05Camlhc1ZOUlRHUlV4QkEKlNtRRO49rKOSFnXDK3z/p376jnCiV8Ma\njvmSCyHKpU4be7H4ZtyrvEk3Aj8kV4Ll84ut9tCvN3mqhoLpDuaI6A==\n-----END AGE ENCRYPTED FILE-----\n" - }, { "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2ZDAyUk5ycU1Sc3FJU3ky\nekxZb1VVTUFvQnpoNVZLNC9ib0kwOEcwM0dvClNEN09iY2pMVndBRU5KZmlYTktl\nQXRzQWRJMTQ2R1VFZUFmSGJKdE1GSFUKLS0tIGZ5Q0FpQ3RWSXZ3WHJiYTczc1N1\nWm5TdW8zNEVnc2FDc0oxaFpaQXJHUFEK6G53gCAkbvtkVCBWt9yRaKIeU+zhTMEs\nkokct74bxp7sX9bysXYlSMeTrnsVV8f7Am9XhY2eixESVVcw6K5oVQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBeTZmMjE0ME9mZU1UTXNu\nNFdtbFFZT2YwODJtTkwrUlRzNDNZTWdQVFNNCkZ3YWpLWmxJMXRnNmkyYnIzU1Jv\nc2dyRUZSblM5b1hFazlUMVZmU1BpVUEKLS0tIDRKTTJPeFJiOGtjQjRuQ0xqd2lE\nNkFBblRKT1dPR3FmbmVlWVlVWkFyUGcKloraZGC3O2nMPx/4Zoy8yqGZiSP4ocyM\nsxWW6IYOrvKL6P6cP5OXV3fnHTQ2jjbeurrWNDJ+V4YMIVI1ZkEqig==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBelJCYVhx\nTnJ2Ri9YQWhmUi9VMW4zUGRjWVpVMDdkdUc4T0JMSm1BZXA5YQptNWkzT1hja04v\nUDZCK0lYWlY4UmYxa0c4Q0U4MFlJc255c21oK0ptbXNvCi0tLSBVNXBlMkg4aUtj\nSlJGTDVLMGQ0VS8wdlJ1VkN2VjRtY3k0eE1BQVk0OE4wCmqOPtjhzLx3I5r92g92\n6qcIpcryoNvdph+DSmxarVPCtZgttb1AwwvPfESGz17RZnj9Hy5WW56wb9kSR947\naBg=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBL2p0cTVj\nOUxvb2ttREpka0ExQmxYRHczVi9RWElJemFOMWJFQ2tVQkR3cQpmdjdXM3o1NFZa\nVkZ4Ukgra3FQNjV3Yk16d0ZXb0lMdXdrRTV2OXo3T0pjCi0tLSByK2ZiTS9SV2JM\neTM5VE1jRVhPTUpwTnhBMU4xU1k2MWVHdE5iTVA2N0JNCi9wVqdMPBoo/RTrgWAt\nfBnxtMedy5+uSWjX6KV0OiydeOERCawIkaZPx9KWFoPQc74SCw1PQv4IeG5gk0ge\na6k=\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSSU1kN284aW44dUpuZ1Ir\neklBZGhDY08vdXBHdlB5QWYyOW5ZRE5BbFVZClNNV3AyeEs2RzhuWlVaZEg1NEw5\nbWl3ZkxhNmRaNXgzR2hXSlZoNlE4Z2cKLS0tIFh6QzBYcWNwa2JLWkJMMlk3Nmtx\nZnZNcUc4NHcxbUk5c1BMSDN4SmpsMWcKigXqOvDhGlGfwE/KEJRbm/ErRpXM5zZd\nLrCWFYguj2r3QdrY0TWmcm0Kelympg03zKAG25KQqAoY++VgVqZemg==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBZ24vZXZl\nSDM0Sk1HeUh5V2VoZjhyekZ5alg0MlFsNXAvT1FlbUhya3JFNQpjZHZXSTVSZXlH\nUlF1RGdNSWFNSlV4V2phcnBrWENEQWxnSk5kTEVocERRCi0tLSBTZGhVZVA4bW5M\nZlpzYzZPMzQyQytpM0RRcldJcTJrUmwzVWZzSkxjTTFNCmTG9lZ5yzS0k11DV672\nbBb+wMpqsSgq05ObCs7EVcnYDLMOQ6L2yMJ8UH7V/tUiT0+kAq36Wfc2O0CafXYW\n+yY=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEc1BqcFdDb0Q3ejB0dGZl\neFBFa1hhRWtaVm16bWV3RlhxMFdIaWM1ZDNNClg4MnF6MmJFRE9NVVlxQ2Z4WlJw\nQ3NzNTRaYWtVbHc5NWJkS3lPdkh3YUEKLS0tIGxPRmFZSnNJam43Z0U2L1RNcG9n\nc05DY3VCeDErM29uQUVlZ21JZDNjNjQKv7QdfJkROWQqutcU+t2ulv9k9r7GEIkt\nG5tI9ZvOl5b0jUysoNqRWr0n+/+5FKLFXFUx+Gi6uJDByVvPmJ02ZA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwbmJZSGllbUNiellkWGlO\nQ2VINUZYQnoycnRYZDVnMmxxaW5EdHJqTlc0Ck84ZjVKRnp2cG9HSkRnWnpWZmRX\nUXhtVmF0bWp0WmVVdXBEU0s5ZmtIbk0KLS0tIE5sOW1ES3V5T2JCUmhKcnBQNFB2\nL3g5L015NFk1T0p3U0xTZWRNRVNlNzAKo1V3RVUwP9wCRCbFeOYEE5gAoWglUmAW\nLSUWSJSLU6L/BwHfp1iakKof9Y9sKdYsVWjelftLGEJp6QbkohjQbA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtOE90L3BUZFBsQ1hoemdx\nYTFTdTVmRUJFSVU1R0pZTmNQOGxGTmtsTFFzClhHYi9iN1BvSmc0aGpnNHczYUdS\nKzRYbGMrRWQvaWpyR001YTV1MEErOW8KLS0tIFR4M21SZGNucDN4N1Y0K3RERzJZ\nQ3E2MENzUWxwOVpDUnlzMko0bWRvVVEKoaMGCVivMJHUZriTgCkSDEaeCh45BcHG\nb5jgClScpwqqq/P5Smr+SL+OgaX28ibG+kPRSp0yIfOdfsd/ox6kPA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1xkp0rmm5xwxurdxq3a0lxc77pjh5z4dylddvnf6ktrghyfhcxq4sdk3ysn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6OTVuUlphY2FiVHlpbGp6\nQlFiRWczTEkxUVcvb2V2R1E1TUFZM0pYSnhjCitaL2VSa04veU5vN0o0RWNneDdu\nNmIwMk4ycDJkSXIzV0xwaElPbEZhb1EKLS0tIDltVWErU2t1U0FoVHlhSW9DRFg1\nYmFRM0NWQlpNeGxjTzJHYXN3dzNZeUEKs/Jsj6iDHGIDHYN57MUYaYG5oKHFU6ZY\nug4YR9rOh889PF4xq3w51wJJiSEnQKfVrtNTaj67gxBXXC/EHI7fOQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsZUN4ekNyMjdRNW10ZUVU\nSDZOcVVraStneVl3eEJCVzdhWWIrQ0phRXlVCk5Ob2NwRHhqWnJtQ3RFUXlvRjgx\nanpuL25ST2Zva0JQVlJ5Z1FEbHo5QzgKLS0tIGJSV3pYcVU1WXcwUmdqa3dYam1M\nalpmbUVqSkZabXpCM25JZGp3cnRxWHcKNCXjj8zvR+cqXq2XkEsYkMSI+b1NLwh6\n1pkRibsoyhQwzC0vkMdYQV4Kt9SzheFqKTuNhthW9J5I0Jf4R9lR6A==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-06-19T21:51:53Z", diff --git a/vars/shared/openssh-ca/id_ed25519/secret b/vars/shared/openssh-ca/id_ed25519/secret index 9d8db16..6bf23f7 100644 --- a/vars/shared/openssh-ca/id_ed25519/secret +++ b/vars/shared/openssh-ca/id_ed25519/secret @@ -2,25 +2,29 @@ "data": "ENC[AES256_GCM,data:sPSi5gWzieSktKNwVzD+c0WhCFt2u/FtsiKfwkpFceKbzyLLqBWQwyF9/CrAfExMky230YxA9atQxilpZLTZ0zmuk0D7Mi4xLsF+G9sFdyKz2DFuBHZ1hQZNiVAsQlHLvqcDtdixgo0gHfjHJ9t0eH+q4tgVJe0QhhzmcDSj0EjrE3SUnxzTszS0ZHL4X+Wfx+lrJtL8Do5eSXKXcoQHS8d6bOW/psLA8AHNJypOMlplXd4vASXPJmj9RQ1GFdzSFz5TZoyxShBuImukcLO6EoTc2TXtAclbN5JLHEbvx9I5K4S74WR7amtYV/8g1tquZ5nHVxVHr4sFY3pHDUuMvGdiVgVbrBwK4iJ5GtAUU81jCQzZ1MwtT74cldFXfwJIUAHbV0s4cSNQpH+f2bYO2uyVhykpIuLmI23Vb1ezRJqW1cGcg0VRoBRoduxQzOAeI1LE4EuniH/w1xtdKmn2XTMwwl6YetT1KbPBRMVScqcEF2ZadJV3X7hJFh0awn1cSWsG,iv:Kjm+58JsE/FCEYEpYIEVwjRuWYWaLP8VrysgsZGDs6g=,tag:xdlA9tvtw9cm8YFW64a+pw==,type:str]", "sops": { "age": [ - { - "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxOVQ0cnNsRkVwWTRlbnEr\nVVpTdk5qeEd4N2pKRG5RdWFEUEZNSWVHVzJjCkhpbTBQQ0FMN0ZxM0lUQVp1OGRR\nRTg2UlNIWSsrOTVyZkFpUHRVejZEUWsKLS0tIHh5K3FhbUYzbGhMd3NQaEtYaXJ0\nWWNGcStqNlRWcjlIK0todzloVSt6UnMKUJrzlviBrViU+2twOYUDyM854QT5Ym1x\nZbixBy7iKNL2DWAMNruTzPSa83/ZC4suxfcxWVgepMbI+oPgph+vZA==\n-----END AGE ENCRYPTED FILE-----\n" - }, { "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlZTlMV21qVW1Ga25LNlJY\nVytXamxqT0NxZ0VPaWo0MGk0am5IQkpSdnlZCklXUkgwWXA5bm85SnZ5L1pIcEc0\ncGRybGZqZzUxOVFocm5ZbWYxS2wvLzQKLS0tIGo1djJRdm1wTnhhTUM1VW00VFMr\nV21hU1BOajdIOFhZZGtLNENHRVhGejgKGv4Ra7iOeez5fZax494FLDU/sstk/Gm8\n7ZWETJI2KfdSDlO3BHKr/V/mYMt5v7TsPkOIT7wNS2sGd/+YF1RKjg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0VG4xcmdBQVJHUXY0enRY\nNmFaZ2RPUWRNYXllMWFucllicDVUTkNuQkh3Ck5uK3prYlRxL2s5MzFqZXRuR3Jv\nLys5RnlVZFBUdTcvRHdYYnlDVlhCSWcKLS0tIFdQY29WZVFYNTRwWXVucUU2RWFL\nOTkyWlc5L3NwUnNXUHRKTzBwZnhhRzAK9f+zmgmEA6ZoD+6ACPmaJuEXCC99fOqb\nKorQurVtUZEGPCYI8hPE26qpITJdwB5g61jXHcobuU8Cy9wemnrWjg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBL2xPWEo5\nVk1OcEZFd1RPMXpaci80U0h3RXJUTGs4cE51TWhBUVZmWXhReApma3ZwNmY5RTN3\nMUg5azB2a0JEOFdKVW55OVlaYlhpOGxlQnptOXNnRTA0Ci0tLSB3TGplcGpsYlRv\nazdFbmZmT3ExZ0JzWVBPdTZGN0tXVWpPK2x2Sm5qc0U4CiGsscDAKIt2L6Zy1Psq\ndHU94gL+SAVxYgPwacSOoF9RVM2OrCVAVCHVouqs8JRM1Hb89HK6dUSnUFT6aN3v\n3x8=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBdjA4Tllj\nVVh4Y1lOeU8wUHFZa3k2VEZpdWRMaHdXQmRUazFqbUJQWHpRZQp3SjJaSzNOaVVQ\nZVpqdVd6U3J1ODNKRTBoRnRJZzNJMVRDU1JGeitIM2MwCi0tLSBZZEVsUzRiOWdT\nRzVoSlQ2RkVLV1JSamRlUDdjeVFCQlFVMGpxM3pKVjE0CvpAOL+lnUcv/BrlKqiE\nIdnv3DqHUgQv0lxuqtgM9ykyqOYX1GoHLH2pX0Zce55V7u4Dh+IWnjta/i7HT2aH\ndDI=\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNdUcxWnBQVE81eC93RW9l\nU3hjakJOYkI4d2ZHWGQzbFhra3dXSW5uT1JBCjgzOUMyQ3pwSnYvWU1pbTVKQlI1\nZnp4dEFESHljT1NTSUhLRWY5aEtrMW8KLS0tIHEzcUFSdnlXTmcxV0JMaUdKTEZx\nQXVxck93R3VmVncxL1JWc3hraVl4KzAKT+6unbqXkdIqMP1ZLtjnI12IVVRbPmxY\n8JAxWm6GwqReBHFT7IMIbMs6p54U2avEIPZ7KRA1dpOyQbO84eQQYw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBNEdaY1pT\nYVQxckJjS3NIU2RZTlhuV25Pc01FeGNnbUZvWDJWZktPOTJ6dgpzcUlIWkh5WENH\ndWh3VXNuWlUxMGw4TU1tQnA3VFc4ZHQyQlBvVzFoSHZVCi0tLSBqUWFJM2JOYXds\nc0x0RS9EZ2pYSkdhSWs1djFjVXprTHRndExWTlBYTmJ3CijN/D3rZJMGeKOvosvQ\n2SEDmYfeSlCcOyTGO1zAw54R2sEpNWnKphrC9NI77v45UsCwXO69AfiIqWIhoyc8\nwXU=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWR3hUYWxTY2tDUngyNVVK\nOWVldjk2MSs3di9TaXNXeUJtR0hOUXNFUldjCit0SXZ3akpjMm1tT1RINE9Ib3RF\naFFUK3haNkgwMnQ5U3k4VEllb09RelEKLS0tIHBpRzJ4V0NwWDFyR01PTUc3UmpB\nZTFMbGY2L01rMVVXY29nVldhK0pNb3MKViPo1dUQ+lZvL7lKazuVcaXN6Grvrn0W\nx5S9eqg32Rra+1F79ozxv3j4Jzu/3fKTdt9jkAFy09hPv5/Zkcqlcw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQUlFUL2Y2SnZqRVFyajF6\na3hYMi84Qml4MUlERkRJT000VUZZNWZmaERJClZ6N203OFYxZkwxYzVOeVNSc0Zi\nR2xkZEpFTklBRG9xK3UyR2ZYWXVxUjQKLS0tICtYcnZrTWJ0Y2lYVzdEMSs4clM4\nTU5PbjNKRllLckNEOFJkSGF1bS96VmMKIa0co34KtiHG7403j2UsS/rRLs4di0Ek\ngbjv1lvPmEQOl9CrYrMRt24NdPm1JQc00mwgVDvWGwTXbdp9LV8XwQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVa0FRTDVlS2xMc1llUUtn\nRFhocWc5R3FKaHJCUUZHclVlMXNvcytEeEZZCnB6WU5MSzB1SU5Lb2xKTjBTb25R\naGVpOTluRk5Hc0FCakh2QWdNSEF4YjQKLS0tIDYyaVVQUExhM1QyZE03b2NLYWZt\nKy9IVyt6VlJYSWRZK3BRUE9VSXNnMmcK0TL1tXGqyrOawPzEisws2MtFxE/3RJeP\nZBAZ/8ryUUddgmZ4vosgKZ1B1Dc8adc9HsI+vR/PpNvJkU3hH+QHHQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYODNZWGRSYUF6NWJDWjRW\neGJNYi9uSzhORW1BaDNaY2JwWHB6TTdLT2dBCjhwVTBVVmlaeEtnVE9nU3pSa2h0\ndjJtUERadmVXenpkSG5CT3ZmbktTNm8KLS0tIE5MMmtwc2Z5SFB1cWVXNlZhbVBY\ndTNmZGhXVXJZeW1rb0tMT3BIaFA4WEkK2sWALInkeLsTsA4szuRgeSdQAOfFgCl/\n4v8zdn2TfuIHa0iGEJL3Fn1pUPS7E6OJV8M9ua/LgZfuczkbxJr4yA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-15T14:18:28Z", diff --git a/vars/shared/step-ca/ca.key/secret b/vars/shared/step-ca/ca.key/secret index 0d30b6d..318a2ba 100644 --- a/vars/shared/step-ca/ca.key/secret +++ b/vars/shared/step-ca/ca.key/secret @@ -4,11 +4,15 @@ "age": [ { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBNGVsREZJ\nZDhqMEthbzVqOWVjTVVubUV6Z3dRdEd3aGFZYTRIVlloVnM0bApHQW5CTGdMZXkr\nY1FDbzBZeDRaVG5KNy9QeCs3Zm1EOFUxQURnNS8ycXJZCi0tLSBhUU1VVlhyR2RX\nL2NWL1ltWUwrNUh3bkZCTzRSVk9YOXNsZ1ZnNkFPc3pzCrkw4Kvv1buOpoAgRhJ+\nJ6U+ahV6ntjIo62NbrOxJZC6229/BdjE6V6bIPYRo3I5VM1KhRaHIwnvWK+qHaDW\nhc0=\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBeFJhbU82\nY1d0TUlsdW5paksvZG5ZNXBIUERCQ0F6dnhFdmFyK2krK09vMQozcmxVTEJEdWYr\nRjkyWFJucmJpSVg0YWRWdHczdnE4c0V3cHVmcVpzTHowCi0tLSB5ajZvb2xsbUQw\nM1RKdElsaEZzREFLUjBSYndwbTNtNzJWNXpMQ29QeGtzCrUf6JJLxT4HMiMoyKEw\nJfY8r6arxomgg3cexPcjJhU/efRMKwkDwr8ophyui/1aNAo6sBrcww+XLWNhBG91\nkws=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6L0JPTDljTmtaRkI0QjZ5\nVXQ0SGV1bmlDUGtFZ2hQUytoNWNIL010Z1hjCnJMenhWK1czVnc0ZjA2K3NydFQz\nMnd4UmxGb1EwSjVaYVdVOHVxVCt3c3cKLS0tIG1TRUV5bEJTaUVZR2JEanp4Tzcx\neXpBeVpxQ24rSUlNTGxyVzJiTGZiRmMK9mFyYmlj10uLN26u9mfy9shj5jxHJuyF\nhrw/zStA8tVLt1Hh3vNCdzpp2YgAzcs1t+8nEaEeuSvHEB8RZhrvjA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUUGFTWTdrdlVuS0pnV1dL\nVXg4c2hOYVlaVko0ZkdRbnVYYlovZ3FlZ0JFCjA5Y2F5am96eno0KzYvWkgwKytB\nYWhPTGRrSzZNaFIzek9JSlpQdmd5TVEKLS0tIFAwRWpOOGcrVER3YVBaekxXenZV\nd2dBU1VaT0szWWtOenpHWFJ0WmdwV0UKaDmXZwd4ZNrFcGGadq/M6Vf409UgPtO+\nyJ4KSMLJtTMhKN2PfP8BdprIDyS6zVDQoHAv+rmGdyOlIjrXzTT6xQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBN2plcTcx\nekErR2hFOTdZeGxEQ254NnNOZGpYZ0dVOVZlbTE1R1QvRmtJLwpEOVJnZlBKTjB1\nWmNTckU4NFpPL2FlTVJrMk5CYURoeG90cTlxbkU2VFJRCi0tLSBjcnZmK25EUGYz\ncWwvbFBzZmNIcEJGUmZ5T080aUQ5cUFiZi9UMy9oTldvChJ4z5z6qo9wbQyGzW3s\nTwLC/spurP0EetY9UWOFDeyCcIdkl2xYC7SvM+hrl/LmPxfyDpQwPBNBvgUsfQHe\nopU=\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-11-22T14:02:44Z", From e7ce8dba6d4a102ab90893840a36e3ac25d55667 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 31 Dec 2025 00:32:37 +0100 Subject: [PATCH 340/376] cleanup flake inputs --- flake.lock | 135 ++++++------------ flake.nix | 11 +- .../openssh-ca/id_ed25519/machines/crocus | 0 .../openssh-ca/id_ed25519/machines/genepi | 0 .../openssh-ca/id_ed25519/machines/verbena | 0 5 files changed, 42 insertions(+), 104 deletions(-) mode change 120000 => 100644 vars/shared/openssh-ca/id_ed25519/machines/crocus mode change 120000 => 100644 vars/shared/openssh-ca/id_ed25519/machines/genepi mode change 120000 => 100644 vars/shared/openssh-ca/id_ed25519/machines/verbena diff --git a/flake.lock b/flake.lock index 68faa8f..215c716 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1765893949, - "narHash": "sha256-5wn3/cMZ6cQ7BHaoTkeDiMxgjZUV/8FPGplCJ/P6Idc=", + "lastModified": 1766893577, + "narHash": "sha256-8SFRZJt9HlNN1ic3asTCOc6Vr/QJQDdZjJ4C5XzxFi0=", "owner": "nix-community", "repo": "buildbot-nix", - "rev": "39896cb5a1a6ad52d1feb6634913087e11059454", + "rev": "4f590eb97462eef698f2c96c67a080876c1f8051", "type": "github" }, "original": { @@ -41,11 +41,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1766058975, - "narHash": "sha256-HBnRRq9wLq7UfJxMM55wR10lZFK1F0lNyRgUwwOby6s=", + "lastModified": 1766934363, + "narHash": "sha256-aZV2cirZSoQq1vW3vEcY7MvzKQ2gwCGbLbMpuwkC2Ic=", "ref": "refs/heads/main", - "rev": "9032d11a0e31641808ef1427150aac0f40e2e0b9", - "revCount": 11671, + "rev": "808fd6cb7fc0c831840a5580cf4fb41d9c0626a4", + "revCount": 11768, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -70,11 +70,11 @@ ] }, "locked": { - "lastModified": 1765768061, - "narHash": "sha256-RZ/ocDUJ3WPr2KcDc2MB6Fu+ZPqzwsMKQ16XxqrPi+o=", - "rev": "53351f9953ecf9dbe18795b4784abe53b14e6eee", + "lastModified": 1766372687, + "narHash": "sha256-cGOe30ePOX+7OMLFXJha3y/Q8umHftaG+5tB6DXu110=", + "rev": "7d819044ed7f39801277b39ea34f4aa133d86889", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/53351f9953ecf9dbe18795b4784abe53b14e6eee.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/7d819044ed7f39801277b39ea34f4aa133d86889.tar.gz" }, "original": { "type": "tarball", @@ -89,11 +89,11 @@ ] }, "locked": { - "lastModified": 1765794845, - "narHash": "sha256-YD5QWlGnusNbZCqR3pxG8tRxx9yUXayLZfAJRWspq2s=", + "lastModified": 1766150702, + "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", "owner": "nix-community", "repo": "disko", - "rev": "7194cfe5b7a3660726b0fe7296070eaef601cae9", + "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", "type": "github" }, "original": { @@ -109,11 +109,11 @@ ] }, "locked": { - "lastModified": 1765794845, - "narHash": "sha256-YD5QWlGnusNbZCqR3pxG8tRxx9yUXayLZfAJRWspq2s=", + "lastModified": 1766150702, + "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", "owner": "nix-community", "repo": "disko", - "rev": "7194cfe5b7a3660726b0fe7296070eaef601cae9", + "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", "type": "github" }, "original": { @@ -195,11 +195,11 @@ ] }, "locked": { - "lastModified": 1765980955, - "narHash": "sha256-rB45jv4uwC90vM9UZ70plfvY/2Kdygs+zlQ07dGQFk4=", + "lastModified": 1766936966, + "narHash": "sha256-LfixPDPlysn7sAUVyHEL8sjzgoYv2abDLoCxAlzY440=", "owner": "nix-community", "repo": "home-manager", - "rev": "89c9508bbe9b40d36b3dc206c2483ef176f15173", + "rev": "80cca72314c3b18896f2a412f2f070d17810b45f", "type": "github" }, "original": { @@ -208,42 +208,6 @@ "type": "github" } }, - "impermanence": { - "locked": { - "lastModified": 1737831083, - "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", - "owner": "nix-community", - "repo": "impermanence", - "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "impermanence", - "type": "github" - } - }, - "matugen": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ], - "systems": "systems_2" - }, - "locked": { - "lastModified": 1765981892, - "narHash": "sha256-c7VKaNiBUkwGsTq398EQSM4K7skPacmOz8NeLj67M7s=", - "owner": "InioX", - "repo": "Matugen", - "rev": "e405cd9de87510dd40c1328bcf06e0daf3d1a5bf", - "type": "github" - }, - "original": { - "owner": "InioX", - "repo": "Matugen", - "type": "github" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -252,11 +216,11 @@ ] }, "locked": { - "lastModified": 1764161084, - "narHash": "sha256-HN84sByg9FhJnojkGGDSrcjcbeioFWoNXfuyYfJ1kBE=", + "lastModified": 1766784396, + "narHash": "sha256-rIlgatT0JtwxsEpzq+UrrIJCRfVAXgbYPzose1DmAcM=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "e95de00a471d07435e0527ff4db092c84998698e", + "rev": "f0c8e1f6feb562b5db09cee9fb566a2f989e6b55", "type": "github" }, "original": { @@ -295,11 +259,11 @@ }, "nixos-facter-modules": { "locked": { - "lastModified": 1765442039, - "narHash": "sha256-k3lYQ+A1F7aTz8HnlU++bd9t/x/NP2A4v9+x6opcVg0=", + "lastModified": 1766558141, + "narHash": "sha256-Ud9v49ZPsoDBFuyJSQ2Mpw1ZgAH/aMwUwwzrVoetNus=", "owner": "nix-community", "repo": "nixos-facter-modules", - "rev": "9dd775ee92de63f14edd021d59416e18ac2c00f1", + "rev": "e796d536e3d83de74267069e179dc620a608ed7d", "type": "github" }, "original": { @@ -329,11 +293,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1764440730, - "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=", + "lastModified": 1766568855, + "narHash": "sha256-UXVtN77D7pzKmzOotFTStgZBqpOcf8cO95FcupWp4Zo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3", + "rev": "c5db9569ac9cc70929c268ac461f4003e3e5ca80", "type": "github" }, "original": { @@ -361,11 +325,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1765779637, - "narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=", + "lastModified": 1766651565, + "narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1306659b587dc277866c7b69eb97e5f07864d8c4", + "rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539", "type": "github" }, "original": { @@ -382,8 +346,6 @@ "disko": "disko_2", "flake-parts": "flake-parts_2", "home-manager": "home-manager", - "impermanence": "impermanence", - "matugen": "matugen", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", @@ -398,11 +360,11 @@ ] }, "locked": { - "lastModified": 1765836173, - "narHash": "sha256-hWRYfdH2ONI7HXbqZqW8Q1y9IRbnXWvtvt/ONZovSNY=", + "lastModified": 1766894905, + "narHash": "sha256-pn8AxxfajqyR/Dmr1wnZYdUXHgM3u6z9x0Z1Ijmz2UQ=", "owner": "Mic92", "repo": "sops-nix", - "rev": "443a7f2e7e118c4fc63b7fae05ab3080dd0e5c63", + "rev": "61b39c7b657081c2adc91b75dd3ad8a91d6f07a7", "type": "github" }, "original": { @@ -418,11 +380,11 @@ ] }, "locked": { - "lastModified": 1766020451, - "narHash": "sha256-Jy7rX7sMbSJEX0KKwvNcGUfRVZ0SDWo3Zk2e5LGyqw0=", + "lastModified": 1766626001, + "narHash": "sha256-YQk9UVG4PsrTp4LVbWCDwuc594S9H05pxNgjK8R30/U=", "owner": "nix-community", "repo": "srvos", - "rev": "5ecd4a56da963480db305e56ab3a42d13597c0a7", + "rev": "cf609acbe9aa6f53120df7b1adad16957e481b93", "type": "github" }, "original": { @@ -446,21 +408,6 @@ "type": "github" } }, - "systems_2": { - "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", - "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default-linux", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -469,11 +416,11 @@ ] }, "locked": { - "lastModified": 1762938485, - "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=", + "lastModified": 1766000401, + "narHash": "sha256-+cqN4PJz9y0JQXfAK5J1drd0U05D5fcAGhzhfVrDlsI=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4", + "rev": "42d96e75aa56a3f70cab7e7dc4a32868db28e8fd", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 79ffcc8..c7e7b0e 100644 --- a/flake.nix +++ b/flake.nix @@ -6,15 +6,11 @@ nixpkgs, clan-core, flake-parts, - home-manager, - impermanence, - nixos-hardware, - self, ... }: flake-parts.lib.mkFlake { inherit inputs; } ({ imports = [ - inputs.clan-core.flakeModules.default + clan-core.flakeModules.default ./clan/flake-module.nix ./clanServices/flake-module.nix ./devShells/flake-module.nix @@ -39,8 +35,6 @@ home-manager.url = "github:nix-community/home-manager"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; - impermanence.url = "github:nix-community/impermanence"; - nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-generators.url = "github:nix-community/nixos-generators"; @@ -49,9 +43,6 @@ clan-core.inputs.nixpkgs.follows = "nixpkgs"; clan-core.inputs.flake-parts.follows = "flake-parts"; - matugen.url = "github:InioX/Matugen"; - matugen.inputs.nixpkgs.follows = "nixpkgs"; - flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; diff --git a/vars/shared/openssh-ca/id_ed25519/machines/crocus b/vars/shared/openssh-ca/id_ed25519/machines/crocus deleted file mode 120000 index 1ca5db3..0000000 --- a/vars/shared/openssh-ca/id_ed25519/machines/crocus +++ /dev/null @@ -1 +0,0 @@ -../../../../../sops/machines/crocus \ No newline at end of file diff --git a/vars/shared/openssh-ca/id_ed25519/machines/crocus b/vars/shared/openssh-ca/id_ed25519/machines/crocus new file mode 100644 index 0000000..1ca5db3 --- /dev/null +++ b/vars/shared/openssh-ca/id_ed25519/machines/crocus @@ -0,0 +1 @@ +../../../../../sops/machines/crocus \ No newline at end of file diff --git a/vars/shared/openssh-ca/id_ed25519/machines/genepi b/vars/shared/openssh-ca/id_ed25519/machines/genepi deleted file mode 120000 index be44d39..0000000 --- a/vars/shared/openssh-ca/id_ed25519/machines/genepi +++ /dev/null @@ -1 +0,0 @@ -../../../../../sops/machines/genepi \ No newline at end of file diff --git a/vars/shared/openssh-ca/id_ed25519/machines/genepi b/vars/shared/openssh-ca/id_ed25519/machines/genepi new file mode 100644 index 0000000..be44d39 --- /dev/null +++ b/vars/shared/openssh-ca/id_ed25519/machines/genepi @@ -0,0 +1 @@ +../../../../../sops/machines/genepi \ No newline at end of file diff --git a/vars/shared/openssh-ca/id_ed25519/machines/verbena b/vars/shared/openssh-ca/id_ed25519/machines/verbena deleted file mode 120000 index de62703..0000000 --- a/vars/shared/openssh-ca/id_ed25519/machines/verbena +++ /dev/null @@ -1 +0,0 @@ -../../../../../sops/machines/verbena \ No newline at end of file diff --git a/vars/shared/openssh-ca/id_ed25519/machines/verbena b/vars/shared/openssh-ca/id_ed25519/machines/verbena new file mode 100644 index 0000000..de62703 --- /dev/null +++ b/vars/shared/openssh-ca/id_ed25519/machines/verbena @@ -0,0 +1 @@ +../../../../../sops/machines/verbena \ No newline at end of file From 010c53b6ad3a4d7ab51bd88dd1332150c6004757 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 31 Dec 2025 00:32:37 +0100 Subject: [PATCH 341/376] remove sway config and outdated dotfiles --- home-manager/desktop/sway.nix | 32 ---- home/.config/dotfiles/clone.sh | 29 ---- home/.config/i3bar-river/bottom-config.toml | 6 - home/.config/i3bar-river/config.toml | 10 -- home/.config/kanshi/config | 5 - home/.config/sway/config | 2 - home/.config/sway/config.d/bar | 37 ---- home/.config/sway/config.d/bindings | 169 ------------------- home/.config/sway/config.d/input | 17 -- home/.config/sway/config.d/programs | 16 -- home/.config/sway/config.d/theme | 22 --- home/.config/sway/kanagawa.sway | 110 ------------ home/.config/swayidle/config | 10 -- home/.config/swaylock/config | 29 ---- home/.config/task/taskrc | 4 - home/.config/tofi/config | 176 -------------------- machines/haze/sway.nix | 11 -- 17 files changed, 685 deletions(-) delete mode 100644 home-manager/desktop/sway.nix delete mode 100644 home/.config/dotfiles/clone.sh delete mode 100644 home/.config/i3bar-river/bottom-config.toml delete mode 100644 home/.config/i3bar-river/config.toml delete mode 100644 home/.config/kanshi/config delete mode 100644 home/.config/sway/config delete mode 100644 home/.config/sway/config.d/bar delete mode 100644 home/.config/sway/config.d/bindings delete mode 100644 home/.config/sway/config.d/input delete mode 100644 home/.config/sway/config.d/programs delete mode 100644 home/.config/sway/config.d/theme delete mode 100644 home/.config/sway/kanagawa.sway delete mode 100644 home/.config/swayidle/config delete mode 100644 home/.config/swaylock/config delete mode 100644 home/.config/task/taskrc delete mode 100644 home/.config/tofi/config delete mode 100644 machines/haze/sway.nix diff --git a/home-manager/desktop/sway.nix b/home-manager/desktop/sway.nix deleted file mode 100644 index 9d049b1..0000000 --- a/home-manager/desktop/sway.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - self, - config, - pkgs, - ... -}: -{ - imports = [ - self.homeManagerModules.dotfiles - ./wayland.nix - ]; - - home.packages = with pkgs; [ - tofi - i3status-rust - wlsunset - kanshi - grim - slurp - playerctl - swaybg - ]; - - xdg.configFile = { - "sway".source = "${config.dotfiles.path}/.config/sway"; - "swaylock".source = "${config.dotfiles.path}/.config/swaylock"; - "swayidle".source = "${config.dotfiles.path}/.config/swayidle"; - "kanshi".source = "${config.dotfiles.path}/.config/kanshi"; - "i3status-rust".source = "${config.dotfiles.path}/.config/i3status-rust"; - "tofi/config".source = "${config.dotfiles.path}/.config/tofi/config"; - }; -} diff --git a/home/.config/dotfiles/clone.sh b/home/.config/dotfiles/clone.sh deleted file mode 100644 index bca0a85..0000000 --- a/home/.config/dotfiles/clone.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh - -DOTFILES_GIT_URL='git@git.sr.ht:~rpqt/dotfiles' - -# The first argument can be the destination folder -if [ $# -eq 1 ]; then - DOTFILES_DIR="$1" -else - DOTFILES_DIR="$HOME/.dotfiles" -fi - -echo "$DOTFILES_DIR" >> "$HOME/.gitignore" - -git clone --bare "$DOTFILES_GIT_URL" "$DOTFILES_DIR" - -alias dotfiles='/usr/bin/git --git-dir=$DOTFILES_DIR --work-tree=$HOME' - -dotfiles config --local status.showUntrackedFiles no - -dotfiles checkout - -tee "$HOME/.config/git/config" >/dev/null < Date: Wed, 31 Dec 2025 00:32:37 +0100 Subject: [PATCH 342/376] add age-plugin-yubikey for clan vars --- clan/flake-module.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/clan/flake-module.nix b/clan/flake-module.nix index e177c0c..c15a957 100644 --- a/clan/flake-module.nix +++ b/clan/flake-module.nix @@ -9,6 +9,10 @@ clan.meta.name = "blossom"; clan.meta.domain = "val"; + clan.secrets.age.plugins = [ + "age-plugin-yubikey" + ]; + clan.inventory.instances."rpqt-admin" = { module.input = "clan-core"; module.name = "admin"; From 2b2b5d30c746aa55532f0ca84d26b5a07529e8e4 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 31 Dec 2025 00:32:37 +0100 Subject: [PATCH 343/376] migrate rpqt.fr domain to OVH --- infra/dns.tf | 58 +++++++++++------------------------- infra/templates/rpqt.fr.zone | 31 +++++++++++++++++++ 2 files changed, 49 insertions(+), 40 deletions(-) create mode 100644 infra/templates/rpqt.fr.zone diff --git a/infra/dns.tf b/infra/dns.tf index ae472b9..a2f3ca7 100644 --- a/infra/dns.tf +++ b/infra/dns.tf @@ -1,47 +1,17 @@ -data "gandi_livedns_domain" "rpqt_fr" { - name = "rpqt.fr" -} - -resource "gandi_livedns_record" "rpqt_fr_radicle_a" { - zone = data.gandi_livedns_domain.rpqt_fr.id - name = "radicle" - type = "A" - ttl = 10800 - values = [ - hcloud_server.crocus_server.ipv4_address, - ] -} - -resource "gandi_livedns_record" "rpqt_fr_radicle_aaaa" { - zone = data.gandi_livedns_domain.rpqt_fr.id - name = "radicle" - type = "AAAA" - ttl = 10800 - values = [ - hcloud_server.crocus_server.ipv6_address, - ] -} - -resource "gandi_livedns_record" "rpqt_fr_cloud_a" { - zone = data.gandi_livedns_domain.rpqt_fr.id - name = "cloud" - type = "A" - ttl = 10800 - values = local.verbena_ipv4_addresses -} - -resource "gandi_livedns_record" "rpqt_fr_cloud_aaaa" { - zone = data.gandi_livedns_domain.rpqt_fr.id - name = "cloud" - type = "AAAA" - ttl = 10800 - values = local.verbena_ipv6_addresses -} - data "ovh_vps" "verbena_vps" { service_name = "vps-7e78bac2.vps.ovh.net" } +data "ovh_domain_zone" "rpqt_fr" { + name = "rpqt.fr" +} + +resource "ovh_domain_zone_import" "rpqt_fr_import" { + zone_name = "rpqt.fr" + zone_file = local.rpqt_fr_zone_file +} + + data "ovh_domain_zone" "turifer_dev" { name = "turifer.dev" } @@ -62,5 +32,13 @@ locals { verbena_ipv4_addresses = local.verbena_ipv4_addresses verbena_ipv6_addresses = local.verbena_ipv6_addresses }) + + rpqt_fr_zone_file = templatefile("./templates/turifer.dev.zone", { + crocus_ipv4_address = hcloud_server.crocus_server.ipv4_address + crocus_ipv6_address = hcloud_server.crocus_server.ipv6_address + + verbena_ipv4_addresses = local.verbena_ipv4_addresses + verbena_ipv6_addresses = local.verbena_ipv6_addresses + }) } diff --git a/infra/templates/rpqt.fr.zone b/infra/templates/rpqt.fr.zone new file mode 100644 index 0000000..99a7834 --- /dev/null +++ b/infra/templates/rpqt.fr.zone @@ -0,0 +1,31 @@ +$TTL 3600 +@ IN SOA dns100.ovh.net. tech.ovh.net. (2026010123 86400 3600 3600000 60) + IN NS dns100.ovh.net. + IN NS ns100.ovh.net. + +rpqt.fr. 3000 IN TXT "hosted-email-verify=pgeaq3bp" +rpqt.fr. 3000 IN MX 10 aspmx1.migadu.com. +rpqt.fr. 3000 IN MX 20 aspmx2.migadu.com. +rpqt.fr. 3000 IN TXT "v=spf1 include:spf.migadu.com -all" +key1._domainkey.rpqt.fr. 3000 IN CNAME key1.rpqt.fr._domainkey.migadu.com. +key2._domainkey.rpqt.fr. 3000 IN CNAME key2.rpqt.fr._domainkey.migadu.com. +key3._domainkey.rpqt.fr. 3000 IN CNAME key3.rpqt.fr._domainkey.migadu.com. +_dmarc.rpqt.fr. 3000 IN TXT "v=DMARC1; p=quarantine;" +autoconfig.rpqt.fr. 3000 IN CNAME autoconfig.migadu.com. +_autodiscover._tcp.rpqt.fr. 3000 IN SRV 0 1 443 autodiscover.migadu.com. +_submissions._tcp.rpqt.fr. 3000 IN SRV 0 1 465 smtp.migadu.com. +_imaps._tcp.rpqt.fr. 3000 IN SRV 0 1 993 imap.migadu.com. +_pop3s._tcp.rpqt.fr. 3000 IN SRV 0 1 995 pop.migadu.com. + +@ 10800 IN A 46.23.81.157 +@ 10800 IN AAAA 2a03:6000:1813:1337::157 + +%{ for addr in verbena_ipv4_addresses ~} +cloud 10800 IN A ${addr} +%{ endfor ~} +%{ for addr in verbena_ipv6_addresses ~} +cloud 10800 IN AAAA ${addr} +%{ endfor ~} + +radicle 10800 IN A ${crocus_ipv4_address} +radicle 10800 IN AAAA ${crocus_ipv6_address} From 410f63eb31805269e2c5e2e033fe36d2c6b1ea5c Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 31 Dec 2025 00:32:37 +0100 Subject: [PATCH 344/376] add jjui --- home-manager/cli.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home-manager/cli.nix b/home-manager/cli.nix index e4d8622..9b70c23 100644 --- a/home-manager/cli.nix +++ b/home-manager/cli.nix @@ -20,6 +20,7 @@ eza fd glow + jjui lazygit nh ripgrep From f8fb7a2480a1691fd346ef7490be6bdaf8d5e334 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 31 Dec 2025 00:32:37 +0100 Subject: [PATCH 345/376] add passage --- home-manager/cli.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/home-manager/cli.nix b/home-manager/cli.nix index 9b70c23..eb6e912 100644 --- a/home-manager/cli.nix +++ b/home-manager/cli.nix @@ -11,6 +11,8 @@ ]; home.packages = with pkgs; [ + age + age-plugin-yubikey bottom btop comma @@ -23,6 +25,7 @@ jjui lazygit nh + passage ripgrep skim tealdeer From 82a559e81a0215ef7d22a0f8e4a72a2e51d4e4e6 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 31 Dec 2025 00:32:37 +0100 Subject: [PATCH 346/376] remove deleted vars --- .../openssh-ca/id_ed25519/machines/crocus | 1 - .../openssh-ca/id_ed25519/machines/genepi | 1 - .../openssh-ca/id_ed25519/machines/verbena | 1 - vars/shared/openssh-ca/id_ed25519/secret | 20 ++++--------------- 4 files changed, 4 insertions(+), 19 deletions(-) delete mode 100644 vars/shared/openssh-ca/id_ed25519/machines/crocus delete mode 100644 vars/shared/openssh-ca/id_ed25519/machines/genepi delete mode 100644 vars/shared/openssh-ca/id_ed25519/machines/verbena diff --git a/vars/shared/openssh-ca/id_ed25519/machines/crocus b/vars/shared/openssh-ca/id_ed25519/machines/crocus deleted file mode 100644 index 1ca5db3..0000000 --- a/vars/shared/openssh-ca/id_ed25519/machines/crocus +++ /dev/null @@ -1 +0,0 @@ -../../../../../sops/machines/crocus \ No newline at end of file diff --git a/vars/shared/openssh-ca/id_ed25519/machines/genepi b/vars/shared/openssh-ca/id_ed25519/machines/genepi deleted file mode 100644 index be44d39..0000000 --- a/vars/shared/openssh-ca/id_ed25519/machines/genepi +++ /dev/null @@ -1 +0,0 @@ -../../../../../sops/machines/genepi \ No newline at end of file diff --git a/vars/shared/openssh-ca/id_ed25519/machines/verbena b/vars/shared/openssh-ca/id_ed25519/machines/verbena deleted file mode 100644 index de62703..0000000 --- a/vars/shared/openssh-ca/id_ed25519/machines/verbena +++ /dev/null @@ -1 +0,0 @@ -../../../../../sops/machines/verbena \ No newline at end of file diff --git a/vars/shared/openssh-ca/id_ed25519/secret b/vars/shared/openssh-ca/id_ed25519/secret index 6bf23f7..b8904d2 100644 --- a/vars/shared/openssh-ca/id_ed25519/secret +++ b/vars/shared/openssh-ca/id_ed25519/secret @@ -3,28 +3,16 @@ "sops": { "age": [ { - "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0VG4xcmdBQVJHUXY0enRY\nNmFaZ2RPUWRNYXllMWFucllicDVUTkNuQkh3Ck5uK3prYlRxL2s5MzFqZXRuR3Jv\nLys5RnlVZFBUdTcvRHdYYnlDVlhCSWcKLS0tIFdQY29WZVFYNTRwWXVucUU2RWFL\nOTkyWlc5L3NwUnNXUHRKTzBwZnhhRzAK9f+zmgmEA6ZoD+6ACPmaJuEXCC99fOqb\nKorQurVtUZEGPCYI8hPE26qpITJdwB5g61jXHcobuU8Cy9wemnrWjg==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBeDczWEw4\ndGQydE1DN3RRRFpDQm1RWUcrOExaY0w3dEtLN2wzL0RDU0NkRQoydVBFOFY2eHpD\nUWk0T2V6cUNxZFZBZ1U4NS9adzc2ZXlUcWVRZGNscURzCi0tLSBpZ3VoYXhGdldS\nMVFralNzaTRQMEhVT0xRdEJDcUxPNHFOY29NUnh2K2ZvCjflIFoO8/97HXz0893D\nnNc5EVMRMNhJbDb/Nj4MCafNrf3JeN3jWmCX1IA5AZqMt2Nq2SB1Itx8iaIcRq0t\nlTY=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBdjA4Tllj\nVVh4Y1lOeU8wUHFZa3k2VEZpdWRMaHdXQmRUazFqbUJQWHpRZQp3SjJaSzNOaVVQ\nZVpqdVd6U3J1ODNKRTBoRnRJZzNJMVRDU1JGeitIM2MwCi0tLSBZZEVsUzRiOWdT\nRzVoSlQ2RkVLV1JSamRlUDdjeVFCQlFVMGpxM3pKVjE0CvpAOL+lnUcv/BrlKqiE\nIdnv3DqHUgQv0lxuqtgM9ykyqOYX1GoHLH2pX0Zce55V7u4Dh+IWnjta/i7HT2aH\ndDI=\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBNEdaY1pT\nYVQxckJjS3NIU2RZTlhuV25Pc01FeGNnbUZvWDJWZktPOTJ6dgpzcUlIWkh5WENH\ndWh3VXNuWlUxMGw4TU1tQnA3VFc4ZHQyQlBvVzFoSHZVCi0tLSBqUWFJM2JOYXds\nc0x0RS9EZ2pYSkdhSWs1djFjVXprTHRndExWTlBYTmJ3CijN/D3rZJMGeKOvosvQ\n2SEDmYfeSlCcOyTGO1zAw54R2sEpNWnKphrC9NI77v45UsCwXO69AfiIqWIhoyc8\nwXU=\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQUlFUL2Y2SnZqRVFyajF6\na3hYMi84Qml4MUlERkRJT000VUZZNWZmaERJClZ6N203OFYxZkwxYzVOeVNSc0Zi\nR2xkZEpFTklBRG9xK3UyR2ZYWXVxUjQKLS0tICtYcnZrTWJ0Y2lYVzdEMSs4clM4\nTU5PbjNKRllLckNEOFJkSGF1bS96VmMKIa0co34KtiHG7403j2UsS/rRLs4di0Ek\ngbjv1lvPmEQOl9CrYrMRt24NdPm1JQc00mwgVDvWGwTXbdp9LV8XwQ==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1h0vx6w4d89amt90j3u0vm96gvjt9lwczsjamaakyew524x9u8a8qu5qvg5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVa0FRTDVlS2xMc1llUUtn\nRFhocWc5R3FKaHJCUUZHclVlMXNvcytEeEZZCnB6WU5MSzB1SU5Lb2xKTjBTb25R\naGVpOTluRk5Hc0FCakh2QWdNSEF4YjQKLS0tIDYyaVVQUExhM1QyZE03b2NLYWZt\nKy9IVyt6VlJYSWRZK3BRUE9VSXNnMmcK0TL1tXGqyrOawPzEisws2MtFxE/3RJeP\nZBAZ/8ryUUddgmZ4vosgKZ1B1Dc8adc9HsI+vR/PpNvJkU3hH+QHHQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBaURsSGZ3\neFRLVCtjYW90bytBcG1MUHpXdVpYZHVZK01tcVpJOWRBYitsUgp3RTE1UUFOUjVV\nRGcvbFJ0MUpFdnVUYmVuN2pUVkdEdDdjSFlwRGZPWVhJCi0tLSB4WWNRMEM3ZDVX\nMUVXUklPbkFVcjBGcU14WjZpTTY0RlFvYXB2STRtSEpZCmTYPzBXojpndrIeuMi+\nj4oGZRPWKkx0EMORJFBIR1YQJhjjVrnrv7BbWYRGPkcS1mJZH2x4IgmUz7ZTfN5F\njuw=\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYODNZWGRSYUF6NWJDWjRW\neGJNYi9uSzhORW1BaDNaY2JwWHB6TTdLT2dBCjhwVTBVVmlaeEtnVE9nU3pSa2h0\ndjJtUERadmVXenpkSG5CT3ZmbktTNm8KLS0tIE5MMmtwc2Z5SFB1cWVXNlZhbVBY\ndTNmZGhXVXJZeW1rb0tMT3BIaFA4WEkK2sWALInkeLsTsA4szuRgeSdQAOfFgCl/\n4v8zdn2TfuIHa0iGEJL3Fn1pUPS7E6OJV8M9ua/LgZfuczkbxJr4yA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByY1pvaWhUSnZqeFl4blo1\nNGtRN2g2Tit1OFFxTnVvV1VSVFFjVlpjUVNvClRBTldvb2NEaHA3Vi80L3pnTzly\nOFBYMUUyLzhtdmNraXJCQmJ5bGxIWlEKLS0tIGVRcFJ6MmdjL2VuVUdVbCtnM1Bi\nbW9Bdm5OdWJRSUwwYWdaSXFEbzhsOW8K5dda6d6wkUvMYU3PpTLG65RWxdH/3ewB\n+yakGuatvZP1nJo7THhHXyZ9dQ2CMOnnOFi0W8W4hVcgBNWc8HR2xg==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-15T14:18:28Z", From afb8dd50f4e124035120e979acd2fb1f574673e5 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 31 Dec 2025 00:32:37 +0100 Subject: [PATCH 347/376] niri: reserve first workspace for web --- home/.config/niri/config.kdl | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/home/.config/niri/config.kdl b/home/.config/niri/config.kdl index 8d0e97d..41320b9 100644 --- a/home/.config/niri/config.kdl +++ b/home/.config/niri/config.kdl @@ -25,6 +25,9 @@ input { focus-follows-mouse max-scroll-amount="0%" } +workspace "browser" { +} + output "eDP-1" { mode "1920x1080@60.049" scale 1 @@ -72,6 +75,7 @@ cursor { window-rule { match app-id=r#"^firefox$"# open-maximized true + open-on-workspace "browser" focus-ring { off } From 3a2dd0cc0b6a47521eb6679ffbc60d9d75e0be9c Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 31 Dec 2025 00:32:37 +0100 Subject: [PATCH 348/376] configure email for aerc --- home-manager/mail/default.nix | 43 +++++++++++++++++++++++++++++++---- 1 file changed, 39 insertions(+), 4 deletions(-) diff --git a/home-manager/mail/default.nix b/home-manager/mail/default.nix index aefae53..fba8674 100644 --- a/home-manager/mail/default.nix +++ b/home-manager/mail/default.nix @@ -1,4 +1,7 @@ { config, ... }: +let + pass = "passage"; +in { programs.thunderbird = { enable = true; @@ -9,24 +12,44 @@ }; }; + programs.aerc = { + enable = true; + # safe since the accounts file just contains commands for retrieving passwords and is readonly in the nix store + extraConfig.general.unsafe-accounts-conf = true; + }; + accounts.email.accounts = { - "rpqt@rpqt.fr" = { + "rpqt@rpqt.fr" = rec { address = "rpqt@rpqt.fr"; realName = "Romain Paquet"; primary = true; flavor = "migadu.com"; thunderbird.enable = config.programs.thunderbird.enable; + aerc.enable = config.programs.aerc.enable; + passwordCommand = [ + pass + "show" + "mail/${address}" + ]; + folders.inbox = "INBOX"; }; - "admin@rpqt.fr" = { + "admin@rpqt.fr" = rec { address = "admin@rpqt.fr"; aliases = [ "postmaster@rpqt.fr" ]; realName = "Postmaster"; flavor = "migadu.com"; thunderbird.enable = config.programs.thunderbird.enable; + aerc.enable = config.programs.aerc.enable; + passwordCommand = [ + pass + "show" + "mail/${address}" + ]; + folders.inbox = "INBOX"; }; - "romain.paquet@grenoble-inp.org" = { + "romain.paquet@grenoble-inp.org" = rec { address = "romain.paquet@grenoble-inp.org"; realName = "Romain Paquet"; userName = "romain.paquet@grenoble-inp.org"; @@ -39,14 +62,26 @@ port = 465; }; thunderbird.enable = config.programs.thunderbird.enable; + aerc.enable = config.programs.aerc.enable; + passwordCommand = [ + pass + "show" + "mail/${address}" + ]; + folders.inbox = "INBOX"; }; - "admin@turifer.dev" = { + "admin@turifer.dev" = rec { address = "admin@turifer.dev"; aliases = [ "postmaster@turifer.dev" ]; realName = "Postmaster"; flavor = "migadu.com"; thunderbird.enable = config.programs.thunderbird.enable; + aerc.enable = config.programs.aerc.enable; + passwordCommand = [ + pass + "mail/${address}" + ]; }; "romain@student.agh.edu.pl" = { From d2c624fe9cf1015f1be92f65430ef108cdaff696 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 31 Dec 2025 00:32:37 +0100 Subject: [PATCH 349/376] genepi: remove mpd --- machines/genepi/configuration.nix | 1 - machines/genepi/mpd.nix | 27 --------------------------- 2 files changed, 28 deletions(-) delete mode 100644 machines/genepi/mpd.nix diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix index 5321f9d..1e48016 100644 --- a/machines/genepi/configuration.nix +++ b/machines/genepi/configuration.nix @@ -12,7 +12,6 @@ ./homeassistant.nix ./immich.nix ./monitoring - ./mpd.nix ./network.nix ./nginx.nix ./pinchflat.nix diff --git a/machines/genepi/mpd.nix b/machines/genepi/mpd.nix deleted file mode 100644 index 3f869b5..0000000 --- a/machines/genepi/mpd.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, ... }: -{ - services.mpd = { - enable = true; - musicDirectory = "/home/rpqt/Media/Music"; - extraConfig = '' - audio_output { - type "pulse" - name "Pulse Audio" - } - ''; - - network.listenAddress = "any"; - }; - - services.pulseaudio.enable = true; - - # Workaround: run PulseAudio system-wide so that the mpd user can access it - services.pulseaudio.systemWide = true; - - # Fixes the stutter when changing volume (found this randomly) - services.pulseaudio.daemon.config.flat-volumes = "no"; - - users.users.${config.services.mpd.user}.extraGroups = [ "pulse-access" ]; - - users.users.rpqt.homeMode = "755"; -} From caa0179f1d5927d989f800e8be06585c43e5e081 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 31 Dec 2025 00:32:37 +0100 Subject: [PATCH 350/376] refactor nix module list --- modules/flake-module.nix | 51 +++++++++++++++++++--------------------- 1 file changed, 24 insertions(+), 27 deletions(-) diff --git a/modules/flake-module.nix b/modules/flake-module.nix index 11aad72..fba0311 100644 --- a/modules/flake-module.nix +++ b/modules/flake-module.nix @@ -1,31 +1,28 @@ { lib, ... }: { - flake.nixosModules = { - gitea.imports = [ - ./gitea.nix - ]; + flake.nixosModules = + ( + (builtins.readDir ./.) + |> lib.filterAttrs (path: type: type == "regular" && (lib.hasSuffix ".nix" path)) + |> lib.mapAttrs' ( + path: _: { + name = lib.removeSuffix ".nix" path; + value = { + imports = [ ./${path} ]; + }; + } + ) + ) + // { + server.imports = [ + ./motd.nix + ]; - desktop.imports = [ - ./desktop.nix - ]; - - dev.imports = [ ./dev.nix ]; - nix-defaults.imports = [ ./nix-defaults.nix ]; - tailscale.imports = [ ./tailscale.nix ]; - user-rpqt.imports = [ ./user-rpqt.nix ]; - hardened-ssh-server.imports = [ ./hardened-ssh-server.nix ]; - nextcloud.imports = [ ./nextcloud.nix ]; - radicle.imports = [ ./radicle.nix ]; - - server.imports = [ - ./motd.nix - ]; - - common.imports = [ - { - users.mutableUsers = lib.mkDefault false; - services.userborn.enable = lib.mkDefault true; - } - ]; - }; + common.imports = [ + { + users.mutableUsers = lib.mkDefault false; + services.userborn.enable = lib.mkDefault true; + } + ]; + }; } From 7a8b12bba4c0424703159a8eba0f0c4b65c9fb2f Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 31 Dec 2025 00:32:37 +0100 Subject: [PATCH 351/376] infra: remove gandi --- infra/.terraform.lock.hcl | 84 +++++++++++++++------------------------ infra/main.tf | 4 -- infra/providers.tf | 4 -- infra/variables.tf | 4 -- 4 files changed, 31 insertions(+), 65 deletions(-) diff --git a/infra/.terraform.lock.hcl b/infra/.terraform.lock.hcl index 770c91a..d0ad88d 100644 --- a/infra/.terraform.lock.hcl +++ b/infra/.terraform.lock.hcl @@ -1,26 +1,6 @@ # This file is maintained automatically by "tofu init". # Manual edits may be lost in future updates. -provider "registry.opentofu.org/go-gandi/gandi" { - version = "2.3.0" - constraints = "2.3.0" - hashes = [ - "h1:9kqWL+eFk/ogrQSltL9zVqjMcOqbvs3EgIJEeyNPb8U=", - "zh:0936d011cf75bb5162c6027d00575a586807adc9008f4152def157b6ad22bae9", - "zh:2170e671f04d3346ea416fcc404be6d05f637eab7df77e289a6898a928885f0b", - "zh:250329baae3cb09cfb88dd004d45f003ba76fbe7b8daf9d18fd640b93a2b7252", - "zh:2ccd9f253424738ca5fbbcb2127bf3713c20e87bfb3829f8c4565569424fd0bd", - "zh:3607b48bc4691cd209528f9ffe16a6cc666bd284b0d0bdfe8c4e1d538559a408", - "zh:3bc1d2b770fe0f50027da59c405b2468d1322243235367014f75f765124f458d", - "zh:6c8a9092847ee2e2890825432b54424c456638d494e49b7d1845f055214714f5", - "zh:8e0b62a330876005d52bcd65d7b1d9a679a7ac79c626e0f86661519e8f9b5698", - "zh:8f44f4d52583ff249e2001ea2a8b8841010489dd43e1a01a9ec3a6813d121c28", - "zh:9a617927d4a3a2897ff10999a19a6d1f0ef634b8c6b8fc3be12cf53948cfd9cf", - "zh:cab3c82c54e38e6001eed5b80a2d16b7824921f8f8b3909049e174c48e6e8804", - "zh:f78cc685aa4ba5056ea53a7f8ce585f87a911f0a8a387a44a33d7dfb69db7663", - ] -} - provider "registry.opentofu.org/hashicorp/assert" { version = "0.16.0" hashes = [ @@ -39,45 +19,43 @@ provider "registry.opentofu.org/hashicorp/assert" { } provider "registry.opentofu.org/hetznercloud/hcloud" { - version = "1.52.0" + version = "1.57.0" constraints = "~> 1.45" hashes = [ - "h1:LTjrLuC+4F1Kv4TxS9e7LVVkG8/S4QQ7X4ORblvKTbc=", - "zh:1e9bb6b6a2ea5f441638dbae2d60fbe04ff455f58a18c740b8b7913e2197d875", - "zh:29c122e404ba331cfbadacc7f1294de5a31c9dfd60bdfe3e1b402271fc8e419c", - "zh:2bd0ae2f0bb9f16b7753f59a08e57ac7230f9c471278d7882f81406b9426c8c7", - "zh:4383206971873f6b5d81580a9a36e0158924f5816ebb6206b0cf2430e4e6a609", - "zh:47e2ca1cfa18500e4952ab51dc357a0450d00a92da9ea03e452f1f3efe6bbf75", - "zh:8e9fe90e3cea29bb7892b64da737642fc22b0106402df76c228a3cbe99663278", - "zh:a2d69350a69c471ddb63bcc74e105e585319a0fc0f4d1b7f70569f6d2ece5824", - "zh:a97abcc254e21c294e2d6b0fc9068acfd63614b097dda365f1c56ea8b0fd5f6b", - "zh:aba8d72d4fe2e89c922d5446d329e5c23d00b28227b4666e6486ba18ea2ec278", - "zh:ad36c333978c2d9e4bc43dcadcbff42fe771a8c5ef53d028bcacec8287bf78a7", - "zh:cdb1e6903b9d2f0ad8845d4eb390fbe724ee2435fb045baeab38d4319e637682", - "zh:df77b08757f3f36b8aadb33d73362320174047044414325c56a87983f48b5186", - "zh:e07513d5ad387247092b5ae1c87e21a387fc51873b3f38eee616187e38b090a7", - "zh:e2be02bdc59343ff4b9e26c3b93db7680aaf3e6ed13c8c4c4b144c74c2689915", + "h1:Xk+Whn6wnhEJEeiO/mPII/mOL+buHLj05AKy4TbDz3U=", + "zh:016ecc39328f34f6c0ffa413598f354824f7878c89cd031f123edb4bc8a687a2", + "zh:10b362dc0847200c987214b129b5f85e2f7d8ad417261a1d2dd04ab74de15603", + "zh:194647d9a61dca4f411f44580316b88a11095d7a99679d445f9b0f2c1ba976c4", + "zh:1d8aafe2ce7890696385bb3a0c3286e7ee3020416d337f59935406e4c6f91de6", + "zh:594585616210fb232fad4ebda2387ecd3f483931e00eff988fca83add6ce7cfc", + "zh:65e50be33ffb85580546f119839e1293591cc6d4db729d809931d0408b6ae408", + "zh:7d4ed5bd8c477ec304142e2160203a76a0d09c93d224950bda253172b2571038", + "zh:90a70a70a266b78c8216903e711904e6969b3957d182602b5d788602ec9ef323", + "zh:abb8e28e96fb8de270995873de980896b7cb53cfc550f02c50eaa42884624ba9", + "zh:bbf34dca2de6e105ca7204222162a0402d8e9e9a28e1de5ffbaa2c0d6270a059", + "zh:c1a9edb693d632dcb5c3c9ee84c97138e08eadb9354e28592efd581f68ac0385", + "zh:dadbf1368fae314fe8dcb99ebefbc78409f3fc0e3808cd92ea573b8eee1cae98", + "zh:e713e00ca27348abd18da2eeff861905e84050e3e7e008f14a0c63c70ab2ff84", ] } provider "registry.opentofu.org/ovh/ovh" { - version = "2.5.0" - constraints = "2.5.0" + version = "2.10.0" hashes = [ - "h1:CrmFEWjczVhLWc2qzOktKSu8Q0U78uV8fnSHo54lMQg=", - "zh:1a11c3bc191c3417b41af5c56a66ac7071980f7babb390096b43aab3ac60fe7c", - "zh:1d46fa7c37468becb01d117463838f694a093e58a9b7d28347db2c377933db76", - "zh:22b83b15e878a9627477fe49e03dada3f4cd4357cb91cdb621394da690238542", - "zh:316541fc8bbf2fe14f4a484d878c63e4b949bd21a352e0ebf60d4848c96a338e", - "zh:50e72847a4b1d532e7abd5669408832ac1b49dcfda266378b8e2419d97f0f49a", - "zh:7582c8630edb3e83642e7a4b06fababeaf4833ce622c71220c38724d0e0231af", - "zh:a26714d6bd8e04acbbc94c708b151405c4b6fc20dc7060e0daef8395f1bb9ce0", - "zh:aa8be95462c5ca909c923cc3d44636eccc71cb25b51572fe7e2f68bc93c57612", - "zh:b520c0661c514586b2aa3105c4345eda4d34ef08b62fda2cc20a2bcb8cb88ab2", - "zh:be8125f1b6bc8aa93441ec9dd96db5f49d21b4dcc100c13028404b461da545c9", - "zh:c6aab9b6b04fa8483aa10c194eaab8e4a1fbffc64ad495f5027d496e5b2da214", - "zh:d537d85afc71c51d86b1031586c619c503df9462e0240d94984bc32273a03df2", - "zh:eaa9f41d33fa7731c4a937e80554a1b6b2042d273705e4c8fc983ba251193206", - "zh:f0d085065a0ada787ad080ddd6e7c646b8ca3a351712961de735d18c9d59af7c", + "h1:6CHM/tHZ7vAvQKtdqurs6ExO+46gpFooZ0zdaW74DKE=", + "zh:1582485c59b5e25fa407417de3040dfc31bfec3f9b884d51953f6625b930d2f6", + "zh:15b425716d5e05992cb1d68a49d58f0e9e0cbd7dbaa35ea9793404fa1ec45bed", + "zh:1c1547ff469c2f772d478f67d148d08b38468d43c9517b723b622a085625d949", + "zh:2491be291a8876da2dc1e71490428706cdca39002a1e89d10dd060474f59ce19", + "zh:2d9c7589764f838f04d38a87a0e6c9db6b560b6c5b510b69eabf2d67caa38d2b", + "zh:56c5b16a55dc4ac5f3eed69072e5ae74aafac2a4a8a84ba27fa06528320037cc", + "zh:629d2c7f709fc01adabba1c8b98ec7485dfebcc4b9f72f4bd4d36509166eb42c", + "zh:82f4b8b35a31a468d7a2a5aa4630f432ef64d9abfed8066afdaab0502886a72a", + "zh:84c5e65122efaee5e34c266cd750576969bd788c2bdbb804a7ffc08728ac3987", + "zh:85db08f3e1b27fda723b080bc5132069b6b7ba9699567cd44fb0a2207456a76c", + "zh:a84c043c96a01230e570163706f58c33ee59699fcc857d3db0f6e0b2a6b08bc6", + "zh:ad984516009930efc6ec465046287c6b293b6b219e3167aa4c0b900b903c6a50", + "zh:bd0114d45ec72134cf930a7619b70b0068e439759febba5717abb76219b85800", + "zh:f243a50dcf87687881972fcaba9226b4247588b6dc7368b0ef98168f643ee159", ] } diff --git a/infra/main.tf b/infra/main.tf index 30d54e4..0c5915e 100644 --- a/infra/main.tf +++ b/infra/main.tf @@ -1,9 +1,5 @@ terraform { required_providers { - gandi = { - source = "go-gandi/gandi" - version = "2.3.0" - } hcloud = { source = "hetznercloud/hcloud" version = "~> 1.45" diff --git a/infra/providers.tf b/infra/providers.tf index 440f8e8..dca6b80 100644 --- a/infra/providers.tf +++ b/infra/providers.tf @@ -1,7 +1,3 @@ -provider "gandi" { - personal_access_token = var.gandi_token -} - provider "hcloud" { token = var.hcloud_token } diff --git a/infra/variables.tf b/infra/variables.tf index ff53bd1..9a1ac28 100644 --- a/infra/variables.tf +++ b/infra/variables.tf @@ -1,7 +1,3 @@ -variable "gandi_token" { - sensitive = true -} - variable "hcloud_token" { sensitive = true } From c79df328de2da6a18f87b040893987fcf66ed380 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 31 Dec 2025 00:32:37 +0100 Subject: [PATCH 352/376] infra: fix terrible copypasta --- infra/dns.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/dns.tf b/infra/dns.tf index a2f3ca7..b095e58 100644 --- a/infra/dns.tf +++ b/infra/dns.tf @@ -33,7 +33,7 @@ locals { verbena_ipv6_addresses = local.verbena_ipv6_addresses }) - rpqt_fr_zone_file = templatefile("./templates/turifer.dev.zone", { + rpqt_fr_zone_file = templatefile("./templates/rpqt.fr.zone", { crocus_ipv4_address = hcloud_server.crocus_server.ipv4_address crocus_ipv6_address = hcloud_server.crocus_server.ipv6_address From 9e3d99231dd13ab22b7c514822fac4bce8286a81 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Wed, 31 Dec 2025 00:32:37 +0100 Subject: [PATCH 353/376] infra: allow more recent version of ovh provider --- infra/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/main.tf b/infra/main.tf index 0c5915e..0427f29 100644 --- a/infra/main.tf +++ b/infra/main.tf @@ -6,7 +6,7 @@ terraform { } ovh = { source = "ovh/ovh" - version = "2.5.0" + version = "~> 2.5.0" } assert = { source = "hashicorp/assert" From dda8ca5d0ffb6fd77d93fd786e0a32c69d52033d Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 5 Jan 2026 21:42:17 +0100 Subject: [PATCH 354/376] move services to internal clan tld --- machines/genepi/actual.nix | 11 ++++++++--- machines/genepi/freshrss.nix | 12 +++++++----- machines/genepi/glance-config.nix | 21 +++++++++++---------- machines/genepi/glance.nix | 12 +++++++----- machines/genepi/homeassistant.nix | 10 ++++++---- machines/genepi/immich.nix | 12 +++++++----- machines/genepi/monitoring/grafana.nix | 9 ++++++--- machines/genepi/pinchflat.nix | 10 ++++++++-- machines/genepi/syncthing.nix | 20 +++++++++++++++----- modules/lounge.nix | 10 ++++++++-- 10 files changed, 83 insertions(+), 44 deletions(-) diff --git a/machines/genepi/actual.nix b/machines/genepi/actual.nix index 6bf59f3..b455535 100644 --- a/machines/genepi/actual.nix +++ b/machines/genepi/actual.nix @@ -1,4 +1,7 @@ { config, ... }: +let + domain = "actual.val"; +in { services.actual = { enable = true; @@ -8,12 +11,14 @@ }; }; - services.nginx.virtualHosts."actual.home.rpqt.fr" = { + services.nginx.virtualHosts.${domain} = { forceSSL = true; - useACMEHost = "home.rpqt.fr"; + enableACME = true; locations."/".proxyPass = "http://127.0.0.1:${builtins.toString config.services.actual.settings.port}"; }; - clan.core.state.acutal.folders = [ "/var/lib/actual" ]; + security.acme.certs.${domain}.server = "https://ca.val/acme/acme/directory"; + + clan.core.state.actual.folders = [ "/var/lib/actual" ]; } diff --git a/machines/genepi/freshrss.nix b/machines/genepi/freshrss.nix index 8222566..511ee1d 100644 --- a/machines/genepi/freshrss.nix +++ b/machines/genepi/freshrss.nix @@ -1,13 +1,13 @@ { config, ... }: let - domain = "home.rpqt.fr"; - subdomain = "rss.${domain}"; + tld = "val"; + domain = "rss.${tld}"; in { services.freshrss = { enable = true; - baseUrl = "https://${subdomain}"; - virtualHost = "${subdomain}"; + baseUrl = "https://${domain}"; + virtualHost = "${domain}"; defaultUser = "rpqt"; passwordFile = config.clan.core.vars.generators.freshrss.files.freshrss-password.path; @@ -15,9 +15,11 @@ in services.nginx.virtualHosts.${config.services.freshrss.virtualHost} = { forceSSL = true; - useACMEHost = "${domain}"; + enableACME = true; }; + security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory"; + clan.core.vars.generators.freshrss = { prompts.freshrss-password = { description = "freshrss default user password"; diff --git a/machines/genepi/glance-config.nix b/machines/genepi/glance-config.nix index 569ae62..b8d2c17 100644 --- a/machines/genepi/glance-config.nix +++ b/machines/genepi/glance-config.nix @@ -1,3 +1,4 @@ +{ tld }: { theme = { light = true; @@ -41,22 +42,22 @@ sites = [ { title = "Immich"; - url = "https://images.home.rpqt.fr"; + url = "https://images.${tld}"; icon = "sh:immich"; } { title = "FreshRSS"; - url = "https://rss.home.rpqt.fr"; + url = "https://rss.${tld}"; icon = "sh:freshrss"; } { title = "Syncthing"; - url = "https://genepi.home.rpqt.fr/syncthing"; + url = "https://genepi.${tld}/syncthing"; icon = "sh:syncthing"; } { title = "Actual Budget"; - url = "https://actual.home.rpqt.fr"; + url = "https://actual.${tld}"; icon = "sh:actual-budget"; } { @@ -66,12 +67,12 @@ } { title = "Pinchflat"; - url = "https://pinchflat.home.rpqt.fr"; + url = "https://pinchflat.${tld}"; icon = "https://cdn.jsdelivr.net/gh/selfhst/icons/png/pinchflat.png"; } { title = "Home Assistant"; - url = "https://assistant.home.rpqt.fr"; + url = "https://assistant.${tld}"; icon = "sh:home-assistant"; } { @@ -98,12 +99,12 @@ sites = [ { title = "Grafana"; - url = "https://grafana.home.rpqt.fr"; + url = "https://grafana.${tld}"; icon = "sh:grafana"; } { title = "Prometheus"; - url = "http://genepi.home.rpqt.fr:9090"; + url = "http://genepi.${tld}:9090"; icon = "sh:prometheus"; } ]; @@ -115,7 +116,7 @@ sites = [ { title = "Lounge"; - url = "https://lounge.home.rpqt.fr"; + url = "https://lounge.${tld}"; icon = "si:html5"; } { @@ -178,7 +179,7 @@ cache = "12h"; feeds = [ { - url = "https://rss.home.rpqt.fr/api/query.php?user=rpqt&t=74HfeLZ6Wu9h4MmjNR38Rz&f=rss"; + url = "https://rss.${tld}/api/query.php?user=rpqt&t=74HfeLZ6Wu9h4MmjNR38Rz&f=rss"; } ]; } diff --git a/machines/genepi/glance.nix b/machines/genepi/glance.nix index a68385e..6aa1cc2 100644 --- a/machines/genepi/glance.nix +++ b/machines/genepi/glance.nix @@ -1,18 +1,20 @@ { config, ... }: let - domain = "home.rpqt.fr"; - subdomain = "glance.${domain}"; + tld = "val"; + domain = "glance.${tld}"; in { services.glance = { enable = true; - settings = ./glance-config.nix; + settings = (import ./glance-config.nix) { inherit tld; }; }; - services.nginx.virtualHosts.${subdomain} = { + services.nginx.virtualHosts.${domain} = { forceSSL = true; - useACMEHost = "${domain}"; + enableACME = true; locations."/".proxyPass = "http://127.0.0.1:${toString config.services.glance.settings.server.port}"; }; + + security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory"; } diff --git a/machines/genepi/homeassistant.nix b/machines/genepi/homeassistant.nix index 3f73dd5..2c61efb 100644 --- a/machines/genepi/homeassistant.nix +++ b/machines/genepi/homeassistant.nix @@ -1,7 +1,7 @@ { config, ... }: let - domain = "home.rpqt.fr"; - subdomain = "assistant.${domain}"; + tld = "val"; + domain = "assistant.${tld}"; in { services.home-assistant = { @@ -26,9 +26,9 @@ in }; }; - services.nginx.virtualHosts.${subdomain} = { + services.nginx.virtualHosts.${domain} = { forceSSL = true; - useACMEHost = "${domain}"; + enableACME = true; extraConfig = '' proxy_buffering off; ''; @@ -37,4 +37,6 @@ in proxyWebsockets = true; }; }; + + security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory"; } diff --git a/machines/genepi/immich.nix b/machines/genepi/immich.nix index 3b67b45..76e7f65 100644 --- a/machines/genepi/immich.nix +++ b/machines/genepi/immich.nix @@ -1,19 +1,19 @@ { config, ... }: let - domain = "home.rpqt.fr"; - subdomain = "images.${domain}"; + tld = "val"; + domain = "images.${tld}"; in { services.immich = { enable = true; settings = { - server.externalDomain = "https://${subdomain}"; + server.externalDomain = "https://${domain}"; }; }; - services.nginx.virtualHosts.${subdomain} = { + services.nginx.virtualHosts.${domain} = { forceSSL = true; - useACMEHost = "${domain}"; + enableACME = true; locations."/" = { proxyPass = "http://${toString config.services.immich.host}:${toString config.services.immich.port}"; proxyWebsockets = true; @@ -26,5 +26,7 @@ in }; }; + security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory"; + clan.core.state.immich.folders = [ "/var/lib/immich" ]; } diff --git a/machines/genepi/monitoring/grafana.nix b/machines/genepi/monitoring/grafana.nix index 7bea765..ac96660 100644 --- a/machines/genepi/monitoring/grafana.nix +++ b/machines/genepi/monitoring/grafana.nix @@ -1,6 +1,6 @@ { config, ... }: let - domain = "home.rpqt.fr"; + tld = "val"; in { services.grafana = { @@ -8,7 +8,7 @@ in settings = { server = { http_port = 3000; - domain = "grafana.${domain}"; + domain = "grafana.${tld}"; }; }; provision = { @@ -31,10 +31,13 @@ in services.nginx.virtualHosts.${config.services.grafana.settings.server.domain} = { forceSSL = true; - useACMEHost = "${domain}"; + enableACME = true; locations."/" = { proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}"; proxyWebsockets = true; }; }; + + security.acme.certs.${config.services.grafana.settings.server.domain}.server = + "https://ca.${tld}/acme/acme/directory"; } diff --git a/machines/genepi/pinchflat.nix b/machines/genepi/pinchflat.nix index 9d29657..14fbca2 100644 --- a/machines/genepi/pinchflat.nix +++ b/machines/genepi/pinchflat.nix @@ -3,6 +3,10 @@ pkgs, ... }: +let + tld = "val"; + domain = "pinchflat.${tld}"; +in { services.pinchflat = { enable = true; @@ -23,9 +27,11 @@ clan.core.state.pinchflat.folders = [ "/var/lib/pinchflat" ]; - services.nginx.virtualHosts."pinchflat.home.rpqt.fr" = { + services.nginx.virtualHosts.${domain} = { forceSSL = true; - useACMEHost = "home.rpqt.fr"; + enableACME = true; locations."/".proxyPass = "http://127.0.0.1:${builtins.toString config.services.pinchflat.port}"; }; + + security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory"; } diff --git a/machines/genepi/syncthing.nix b/machines/genepi/syncthing.nix index dd72177..fd3400e 100644 --- a/machines/genepi/syncthing.nix +++ b/machines/genepi/syncthing.nix @@ -1,31 +1,41 @@ { config, lib, + pkgs, ... }: let user = "rpqt"; home = config.users.users.${user}.home; - domain = "home.rpqt.fr"; - subdomain = "genepi.${domain}"; + tld = "val"; + domain = "genepi.${tld}"; in { - services.nginx.virtualHosts.${subdomain} = { + services.nginx.virtualHosts.${domain} = { forceSSL = true; - useACMEHost = "${domain}"; - locations."/syncthing".proxyPass = "http://${config.services.syncthing.guiAddress}"; + enableACME = true; + locations."/syncthing" = { + proxyPass = "http://${config.services.syncthing.guiAddress}"; + }; }; + security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory"; + services.syncthing = { enable = true; user = user; group = lib.mkForce "users"; dataDir = home; configDir = lib.mkForce "${home}/.config/syncthing"; + guiAddress = "0.0.0.0:8384"; guiPasswordFile = config.clan.core.vars.generators.syncthing-gui.files.password.path; }; + networking.firewall.interfaces.wireguard = { + allowedTCPPorts = [ 8384 ]; + }; + clan.core.vars.generators.syncthing-gui = { files.password = { secret = true; diff --git a/modules/lounge.nix b/modules/lounge.nix index a51de5a..dd23b1c 100644 --- a/modules/lounge.nix +++ b/modules/lounge.nix @@ -1,7 +1,13 @@ +let + tld = "val"; + domain = "lounge.${tld}"; +in { - services.nginx.virtualHosts."lounge.home.rpqt.fr" = { - useACMEHost = "home.rpqt.fr"; + services.nginx.virtualHosts.${domain} = { + enableACME = true; forceSSL = true; root = "/var/www/lounge"; }; + + security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory"; } From 2063550f93290248470014544ced9040303217eb Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 5 Jan 2026 21:42:17 +0100 Subject: [PATCH 355/376] setup internal CA --- clan/network.nix | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/clan/network.nix b/clan/network.nix index 37d00bc..be7255f 100644 --- a/clan/network.nix +++ b/clan/network.nix @@ -33,16 +33,17 @@ }; }; - # clan.inventory.instances.certificates = { - # module.name = "certificates"; - # module.input = "clan-core"; + clan.inventory.instances.certificates = { + module.name = "certificates"; + module.input = "clan-core"; - # roles.ca.machines.verbena = { - # settings.acmeEmail = "admin@rpqt.fr"; - # }; - # roles.default.tags.all = { }; - # roles.default.settings.acmeEmail = "admin@rpqt.fr"; - # }; + roles.ca.machines.verbena = { + settings.acmeEmail = "admin@rpqt.fr"; + settings.tlds = [ "val" ]; + }; + roles.default.tags.all = { }; + roles.default.settings.acmeEmail = "admin@rpqt.fr"; + }; # Temporarily patched version of clan-core/coredns for AAAA records support clan.inventory.instances.coredns = { @@ -57,7 +58,14 @@ settings.ip = "fd28:387a:90:c400:6db2:dfc3:c376:9956"; }; roles.server.settings = { - tld = "home.rpqt.fr"; + tld = "val"; + }; + + roles.default.machines.verbena.settings = { + ip = "fd28:387a:90:c400::1"; + services = [ + "ca" + ]; }; roles.default.machines.genepi.settings = { From d3201fbca999502c79c1c13e19140ceb4bec1ebb Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 5 Jan 2026 21:42:17 +0100 Subject: [PATCH 356/376] move coredns to port 53 to allow access on android --- clan/network.nix | 1 + clanServices/coredns/default.nix | 8 +++++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/clan/network.nix b/clan/network.nix index be7255f..b89e878 100644 --- a/clan/network.nix +++ b/clan/network.nix @@ -53,6 +53,7 @@ roles.default.tags.all = { }; roles.server.machines.verbena = { settings.ip = "fd28:387a:90:c400::1"; + settings.dnsPort = 53; }; roles.server.machines.crocus = { settings.ip = "fd28:387a:90:c400:6db2:dfc3:c376:9956"; diff --git a/clanServices/coredns/default.nix b/clanServices/coredns/default.nix index 520c968..20d4350 100644 --- a/clanServices/coredns/default.nix +++ b/clanServices/coredns/default.nix @@ -118,11 +118,13 @@ '' .:${dnsPort} { + bind wireguard forward . 1.1.1.1 cache 30 } ${settings.tld}:${dnsPort} { + bind wireguard file ${zonefile} } ''; @@ -168,7 +170,7 @@ networking.nameservers = map ( m: let - port = config.services.unbound.settings.port or 53; + port = config.services.unbound.settings.server.port or 53; in "127.0.0.1:${toString port}#${roles.server.machines.${m}.settings.tld}" ) (lib.attrNames roles.server.machines); @@ -179,11 +181,11 @@ services.unbound = { enable = true; - resolveLocalQueries = true; + # resolveLocalQueries = true; checkconf = true; settings = { server = { - # port = 5353; + port = 5353; verbosity = 2; interface = [ "127.0.0.1" ]; access-control = [ "127.0.0.0/8 allow" ]; From 600e2c26c9d78d270dc0dae7cd33a8c3ceca8cb6 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 5 Jan 2026 21:42:17 +0100 Subject: [PATCH 357/376] add vaultwarden --- clan/network.nix | 1 + machines/verbena/configuration.nix | 1 + modules/vaultwarden.nix | 18 ++++++++++++++++++ 3 files changed, 20 insertions(+) create mode 100644 modules/vaultwarden.nix diff --git a/clan/network.nix b/clan/network.nix index b89e878..8c9e3d0 100644 --- a/clan/network.nix +++ b/clan/network.nix @@ -66,6 +66,7 @@ ip = "fd28:387a:90:c400::1"; services = [ "ca" + "vaultwarden" ]; }; diff --git a/machines/verbena/configuration.nix b/machines/verbena/configuration.nix index 3cafaa5..990a3bd 100644 --- a/machines/verbena/configuration.nix +++ b/machines/verbena/configuration.nix @@ -4,6 +4,7 @@ self.nixosModules.nix-defaults self.nixosModules.nextcloud self.nixosModules.gitea + self.nixosModules.vaultwarden self.inputs.srvos.nixosModules.server diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix new file mode 100644 index 0000000..4ae455f --- /dev/null +++ b/modules/vaultwarden.nix @@ -0,0 +1,18 @@ +{ + config, + ... +}: +{ + services.vaultwarden = { + enable = true; + domain = "vaultwarden.val"; + configureNginx = true; + }; + + services.nginx.virtualHosts.${config.services.vaultwarden.domain} = { + enableACME = true; + }; + + security.acme.certs.${config.services.vaultwarden.domain}.server = + "https://ca.val/acme/acme/directory"; +} From 4ce5811615a91135d3751a7d9dc6ba262685e7a2 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 5 Jan 2026 21:42:17 +0100 Subject: [PATCH 358/376] update flake inputs --- flake.lock | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/flake.lock b/flake.lock index 215c716..36c0341 100644 --- a/flake.lock +++ b/flake.lock @@ -41,11 +41,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1766934363, - "narHash": "sha256-aZV2cirZSoQq1vW3vEcY7MvzKQ2gwCGbLbMpuwkC2Ic=", + "lastModified": 1767634906, + "narHash": "sha256-NoyNzhWX0O7nJA6zMm9aYN8NgpFY/ua+0n3YEw5+rTk=", "ref": "refs/heads/main", - "rev": "808fd6cb7fc0c831840a5580cf4fb41d9c0626a4", - "revCount": 11768, + "rev": "d9efb591e391f474c90fdb07df1672a3da35267b", + "revCount": 11861, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -70,11 +70,11 @@ ] }, "locked": { - "lastModified": 1766372687, - "narHash": "sha256-cGOe30ePOX+7OMLFXJha3y/Q8umHftaG+5tB6DXu110=", - "rev": "7d819044ed7f39801277b39ea34f4aa133d86889", + "lastModified": 1767582502, + "narHash": "sha256-WVcYGWcAlWzVt38OaTC5i5Q3QkIKJKZsJ7LcQZVVxeE=", + "rev": "31f2e3ecf207fd2760e3cebf7c2cf3cb7170ea3d", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/7d819044ed7f39801277b39ea34f4aa133d86889.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/31f2e3ecf207fd2760e3cebf7c2cf3cb7170ea3d.tar.gz" }, "original": { "type": "tarball", @@ -216,11 +216,11 @@ ] }, "locked": { - "lastModified": 1766784396, - "narHash": "sha256-rIlgatT0JtwxsEpzq+UrrIJCRfVAXgbYPzose1DmAcM=", + "lastModified": 1767028240, + "narHash": "sha256-0/fLUqwJ4Z774muguUyn5t8AQ6wyxlNbHexpje+5hRo=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "f0c8e1f6feb562b5db09cee9fb566a2f989e6b55", + "rev": "c31afa6e76da9bbc7c9295e39c7de9fca1071ea1", "type": "github" }, "original": { @@ -360,11 +360,11 @@ ] }, "locked": { - "lastModified": 1766894905, - "narHash": "sha256-pn8AxxfajqyR/Dmr1wnZYdUXHgM3u6z9x0Z1Ijmz2UQ=", + "lastModified": 1767499857, + "narHash": "sha256-0zUU/PW09d6oBaR8x8vMHcAhg1MOvo3CwoXgHijzzNE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "61b39c7b657081c2adc91b75dd3ad8a91d6f07a7", + "rev": "ecc41505948ec2ab0325f14c9862a4329c2b4190", "type": "github" }, "original": { @@ -437,11 +437,11 @@ ] }, "locked": { - "lastModified": 1766000401, - "narHash": "sha256-+cqN4PJz9y0JQXfAK5J1drd0U05D5fcAGhzhfVrDlsI=", + "lastModified": 1767468822, + "narHash": "sha256-MpffQxHxmjVKMiQd0Tg2IM/bSjjdQAM+NDcX6yxj7rE=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "42d96e75aa56a3f70cab7e7dc4a32868db28e8fd", + "rev": "d56486eb9493ad9c4777c65932618e9c2d0468fc", "type": "github" }, "original": { From d1625916962760fd5d12602d8226be4100acd945 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 5 Jan 2026 21:42:17 +0100 Subject: [PATCH 359/376] infra: allow more recent ovh versions --- infra/.terraform.lock.hcl | 3 ++- infra/main.tf | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/infra/.terraform.lock.hcl b/infra/.terraform.lock.hcl index d0ad88d..e201fd0 100644 --- a/infra/.terraform.lock.hcl +++ b/infra/.terraform.lock.hcl @@ -40,7 +40,8 @@ provider "registry.opentofu.org/hetznercloud/hcloud" { } provider "registry.opentofu.org/ovh/ovh" { - version = "2.10.0" + version = "2.10.0" + constraints = "> 2.5.0" hashes = [ "h1:6CHM/tHZ7vAvQKtdqurs6ExO+46gpFooZ0zdaW74DKE=", "zh:1582485c59b5e25fa407417de3040dfc31bfec3f9b884d51953f6625b930d2f6", diff --git a/infra/main.tf b/infra/main.tf index 0427f29..da2f286 100644 --- a/infra/main.tf +++ b/infra/main.tf @@ -6,7 +6,7 @@ terraform { } ovh = { source = "ovh/ovh" - version = "~> 2.5.0" + version = "> 2.5.0" } assert = { source = "hashicorp/assert" From c9953d269b4a7792494e0d5f8f063056c948a238 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 5 Jan 2026 21:42:17 +0100 Subject: [PATCH 360/376] remove gandi acme --- modules/acme-home.nix | 44 +++++++++++++++++++++++++------------------ modules/gandi.nix | 15 --------------- 2 files changed, 26 insertions(+), 33 deletions(-) delete mode 100644 modules/gandi.nix diff --git a/modules/acme-home.nix b/modules/acme-home.nix index e0e15bd..77de9c9 100644 --- a/modules/acme-home.nix +++ b/modules/acme-home.nix @@ -1,26 +1,34 @@ -{ config, lib, ... }: { - imports = [ - ./gandi.nix - ]; - + config, + lib, + pkgs, + ... +}: +{ security.acme = { acceptTerms = true; defaults.email = lib.mkDefault "admin@rpqt.fr"; }; - security.acme = { - certs."home.rpqt.fr" = { - group = config.services.nginx.group; - domain = "home.rpqt.fr"; - extraDomainNames = [ "*.home.rpqt.fr" ]; - dnsProvider = "gandiv5"; - dnsPropagationCheck = true; - environmentFile = config.clan.core.vars.generators.gandi.files.gandi-env.path; - email = "admin@rpqt.fr"; - dnsResolver = "1.1.1.1:53"; - }; - }; + # security.acme = { + # certs."home.rpqt.fr" = { + # group = config.services.nginx.group; + # domain = "home.rpqt.fr"; + # extraDomainNames = [ "*.home.rpqt.fr" ]; + # dnsProvider = "rfc2136"; + # dnsPropagationCheck = true; + # credentialFiles = { + # RFC2136_TSIG_SECRET_FILE = config.clan.core.vars.generators.coredns.files.tsig-key.path; + # }; + # environmentFile = pkgs.writeFile '' + # RFC2136_NAMESERVER=fd28:387a:90:c400::1 + # ''; + # email = "admin@rpqt.fr"; + # dnsResolver = "1.1.1.1:53"; + # server = "https://acme-staging-v02.api.letsencrypt.org/directory"; # TODO: use production api + # }; + # }; - clan.core.vars.generators.gandi.files.gandi-env.owner = "acme"; + # clan.core.vars.generators.coredns.files.tsig-key.group = "acme"; + # clan.core.vars.generators.coredns.files.tsig-key.mode = "0440"; } diff --git a/modules/gandi.nix b/modules/gandi.nix deleted file mode 100644 index 9a97757..0000000 --- a/modules/gandi.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - clan.core.vars.generators.gandi = { - prompts.gandi-token = { - description = "gandi access token"; - type = "hidden"; - }; - files.gandi-env = { - secret = true; - }; - script = '' - printf %s "GANDIV5_PERSONAL_ACCESS_TOKEN=" >> $out/gandi-env - cat $prompts/gandi-token >> $out/gandi-env - ''; - }; -} From 87e589e690d581fcfcfb4a328828a647e89bcedb Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 5 Jan 2026 21:42:17 +0100 Subject: [PATCH 361/376] add .val search domain --- home/.ssh/config | 6 +++--- machines/haze/configuration.nix | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/home/.ssh/config b/home/.ssh/config index 041737e..51534dd 100644 --- a/home/.ssh/config +++ b/home/.ssh/config @@ -1,11 +1,11 @@ Host crocus - HostName crocus.home.rpqt.fr + HostName crocus.val User root Host verbena - HostName verbena.home.rpqt.fr + HostName verbena.val User root Host genepi - HostName genepi.home.rpqt.fr + HostName genepi.val User root diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix index 1493044..c0e7a59 100644 --- a/machines/haze/configuration.nix +++ b/machines/haze/configuration.nix @@ -36,7 +36,8 @@ clan.core.networking.targetHost = "rpqt@haze.local"; networking.search = [ - "home.rpqt.fr" + "val" + "wireguard" ]; time.timeZone = "Europe/Paris"; From 1e8e04bf246a694e2952191274a9adafd239d664 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 5 Jan 2026 21:42:17 +0100 Subject: [PATCH 362/376] enable pcscd for yubikey --- modules/desktop.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/desktop.nix b/modules/desktop.nix index 3488c21..294ef56 100644 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -20,4 +20,6 @@ enable = true; terminal = "ghostty"; }; + + services.pcscd.enable = true; } From a36f64cb93b8acb49d10e54bf9eec60528394eba Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 5 Jan 2026 21:42:17 +0100 Subject: [PATCH 363/376] add direnv-instant --- flake.lock | 46 ++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 4 ++++ home-manager/dev.nix | 3 +++ 3 files changed, 53 insertions(+) diff --git a/flake.lock b/flake.lock index 36c0341..0fca0a4 100644 --- a/flake.lock +++ b/flake.lock @@ -81,6 +81,30 @@ "url": "https://git.clan.lol/clan/data-mesher/archive/main.tar.gz" } }, + "direnv-instant": { + "inputs": { + "flake-parts": [ + "flake-parts" + ], + "nixpkgs": [ + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix_3" + }, + "locked": { + "lastModified": 1767498610, + "narHash": "sha256-DFAfuDZSFl/PwHJaxFVDOY6QJe7SGPR4xL/CoN16WZ8=", + "owner": "Mic92", + "repo": "direnv-instant", + "rev": "cde46db6ca09cfbfed09bb3866c872d857a0eef1", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "direnv-instant", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -343,6 +367,7 @@ "inputs": { "buildbot-nix": "buildbot-nix", "clan-core": "clan-core", + "direnv-instant": "direnv-instant", "disko": "disko_2", "flake-parts": "flake-parts_2", "home-manager": "home-manager", @@ -449,6 +474,27 @@ "repo": "treefmt-nix", "type": "github" } + }, + "treefmt-nix_3": { + "inputs": { + "nixpkgs": [ + "direnv-instant", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1767468822, + "narHash": "sha256-MpffQxHxmjVKMiQd0Tg2IM/bSjjdQAM+NDcX6yxj7rE=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "d56486eb9493ad9c4777c65932618e9c2d0468fc", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index c7e7b0e..76569b2 100644 --- a/flake.nix +++ b/flake.nix @@ -51,5 +51,9 @@ buildbot-nix.url = "github:nix-community/buildbot-nix"; buildbot-nix.inputs.nixpkgs.follows = "nixpkgs"; + + direnv-instant.url = "github:Mic92/direnv-instant"; + direnv-instant.inputs.nixpkgs.follows = "nixpkgs"; + direnv-instant.inputs.flake-parts.follows = "flake-parts"; }; } diff --git a/home-manager/dev.nix b/home-manager/dev.nix index f0fb31e..06c3332 100644 --- a/home-manager/dev.nix +++ b/home-manager/dev.nix @@ -9,6 +9,7 @@ ./cli.nix ./helix.nix self.homeManagerModules.dotfiles + self.inputs.direnv-instant.homeModules.direnv-instant ]; home.packages = with pkgs; [ @@ -34,6 +35,8 @@ nix-direnv.enable = true; }; + programs.direnv-instant.enable = true; + xdg.configFile."hut/config".source = "${config.dotfiles.path}/.config/hut/config"; home.file.".ssh/config".source = "${config.dotfiles.path}/.ssh/config"; } From a8d52b0473cc20ec328fa51d9d19b47085afa4ea Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 5 Jan 2026 21:42:17 +0100 Subject: [PATCH 364/376] update garage crocus hostname --- devShells/flake-module.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devShells/flake-module.nix b/devShells/flake-module.nix index d3bc2e5..b2abde0 100644 --- a/devShells/flake-module.nix +++ b/devShells/flake-module.nix @@ -19,7 +19,7 @@ ]; shellHook = '' export GARAGE_RPC_SECRET=$(clan vars get crocus garage-shared/rpc_secret) - export GARAGE_RPC_HOST=5d8249fe49264d36bc3532bd88400498bf9497b5cd4872245eb820d5d7797ed6@crocus.home.rpqt.fr:3901 + export GARAGE_RPC_HOST=5d8249fe49264d36bc3532bd88400498bf9497b5cd4872245eb820d5d7797ed6@crocus.val:3901 ''; }; }; From f3d5f8e5d7ad10812abacb2799efa13d13dc14d7 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 5 Jan 2026 21:42:17 +0100 Subject: [PATCH 365/376] update flake inputs --- flake.lock | 68 +++++++++++++++++++++++++++--------------------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/flake.lock b/flake.lock index 0fca0a4..e68ea40 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1766893577, - "narHash": "sha256-8SFRZJt9HlNN1ic3asTCOc6Vr/QJQDdZjJ4C5XzxFi0=", + "lastModified": 1767498483, + "narHash": "sha256-LaTuHoRsUUWnvtQyIloIH4IitjKdGJArvTI2du61nGw=", "owner": "nix-community", "repo": "buildbot-nix", - "rev": "4f590eb97462eef698f2c96c67a080876c1f8051", + "rev": "09dbe356dfb796f4274c463f688456404f0d480d", "type": "github" }, "original": { @@ -41,11 +41,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1767634906, - "narHash": "sha256-NoyNzhWX0O7nJA6zMm9aYN8NgpFY/ua+0n3YEw5+rTk=", + "lastModified": 1768046519, + "narHash": "sha256-XGAczDXXzQKldBO4OTJ7c8o4GPaXiqvnnGRDhGjRctA=", "ref": "refs/heads/main", - "rev": "d9efb591e391f474c90fdb07df1672a3da35267b", - "revCount": 11861, + "rev": "d3091703b2b13283f6885287e1a3ca75c5255450", + "revCount": 12055, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -174,11 +174,11 @@ ] }, "locked": { - "lastModified": 1765835352, - "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", + "lastModified": 1767609335, + "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "a34fae9c08a15ad73f295041fec82323541400a9", + "rev": "250481aafeb741edfe23d29195671c19b36b6dca", "type": "github" }, "original": { @@ -219,11 +219,11 @@ ] }, "locked": { - "lastModified": 1766936966, - "narHash": "sha256-LfixPDPlysn7sAUVyHEL8sjzgoYv2abDLoCxAlzY440=", + "lastModified": 1768018810, + "narHash": "sha256-WREj1ZQ2wSGtyPAhQJ3SX/7PJ29PNKv04h/7NgqUS+M=", "owner": "nix-community", "repo": "home-manager", - "rev": "80cca72314c3b18896f2a412f2f070d17810b45f", + "rev": "7c5d9345ad7cc38832cd4007f5cd03daad64d75b", "type": "github" }, "original": { @@ -240,11 +240,11 @@ ] }, "locked": { - "lastModified": 1767028240, - "narHash": "sha256-0/fLUqwJ4Z774muguUyn5t8AQ6wyxlNbHexpje+5hRo=", + "lastModified": 1767718503, + "narHash": "sha256-V+VkFs0aSG0ca8p/N3gib7FAf4cq9jyr5Gm+ZBrHQpo=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "c31afa6e76da9bbc7c9295e39c7de9fca1071ea1", + "rev": "9f48ffaca1f44b3e590976b4da8666a9e86e6eb1", "type": "github" }, "original": { @@ -317,11 +317,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1766568855, - "narHash": "sha256-UXVtN77D7pzKmzOotFTStgZBqpOcf8cO95FcupWp4Zo=", + "lastModified": 1767185284, + "narHash": "sha256-ljDBUDpD1Cg5n3mJI81Hz5qeZAwCGxon4kQW3Ho3+6Q=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "c5db9569ac9cc70929c268ac461f4003e3e5ca80", + "rev": "40b1a28dce561bea34858287fbb23052c3ee63fe", "type": "github" }, "original": { @@ -349,11 +349,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1766651565, - "narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=", + "lastModified": 1767892417, + "narHash": "sha256-dhhvQY67aboBk8b0/u0XB6vwHdgbROZT3fJAjyNh5Ww=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539", + "rev": "3497aa5c9457a9d88d71fa93a4a8368816fbeeba", "type": "github" }, "original": { @@ -385,11 +385,11 @@ ] }, "locked": { - "lastModified": 1767499857, - "narHash": "sha256-0zUU/PW09d6oBaR8x8vMHcAhg1MOvo3CwoXgHijzzNE=", + "lastModified": 1767826491, + "narHash": "sha256-WSBENPotD2MIhZwolL6GC9npqgaS5fkM7j07V2i/Ur8=", "owner": "Mic92", "repo": "sops-nix", - "rev": "ecc41505948ec2ab0325f14c9862a4329c2b4190", + "rev": "ea3adcb6d2a000d9a69d0e23cad1f2cacb3a9fbe", "type": "github" }, "original": { @@ -405,11 +405,11 @@ ] }, "locked": { - "lastModified": 1766626001, - "narHash": "sha256-YQk9UVG4PsrTp4LVbWCDwuc594S9H05pxNgjK8R30/U=", + "lastModified": 1767835990, + "narHash": "sha256-SJVH9fySPFqE8lYEQ5JsggGgSxTJQuhXpg/BrvlaOcc=", "owner": "nix-community", "repo": "srvos", - "rev": "cf609acbe9aa6f53120df7b1adad16957e481b93", + "rev": "23022726b63ebef9d28dba289f1fac4f6d5a527f", "type": "github" }, "original": { @@ -441,11 +441,11 @@ ] }, "locked": { - "lastModified": 1766000401, - "narHash": "sha256-+cqN4PJz9y0JQXfAK5J1drd0U05D5fcAGhzhfVrDlsI=", + "lastModified": 1767468822, + "narHash": "sha256-MpffQxHxmjVKMiQd0Tg2IM/bSjjdQAM+NDcX6yxj7rE=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "42d96e75aa56a3f70cab7e7dc4a32868db28e8fd", + "rev": "d56486eb9493ad9c4777c65932618e9c2d0468fc", "type": "github" }, "original": { @@ -462,11 +462,11 @@ ] }, "locked": { - "lastModified": 1767468822, - "narHash": "sha256-MpffQxHxmjVKMiQd0Tg2IM/bSjjdQAM+NDcX6yxj7rE=", + "lastModified": 1767801790, + "narHash": "sha256-QfX6g3Wj2vQe7oBJEbTf0npvC6sJoDbF9hb2+gM5tf8=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "d56486eb9493ad9c4777c65932618e9c2d0468fc", + "rev": "778a1d691f1ef45dd68c661715c5bf8cbf131c80", "type": "github" }, "original": { From 8b9ab0b215e8f6b5be73380a6437495ff7358f07 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 5 Jan 2026 21:42:17 +0100 Subject: [PATCH 366/376] change default user shell to fish --- home-manager/cli.nix | 32 ++++++++++++++++++++------------ modules/user-rpqt.nix | 4 ++-- 2 files changed, 22 insertions(+), 14 deletions(-) diff --git a/home-manager/cli.nix b/home-manager/cli.nix index eb6e912..74d2d7d 100644 --- a/home-manager/cli.nix +++ b/home-manager/cli.nix @@ -5,6 +5,20 @@ pkgs, ... }: +let + shellAliases = { + ls = "eza"; + lsa = "ls -A"; + ll = "ls -lh"; + lla = "ls -lAh"; + h = "hx"; + g = "git"; + cd = "z"; + tree = "eza --tree"; + ".." = "cd .."; + "..." = "cd ../.."; + }; +in { imports = [ self.homeManagerModules.dotfiles @@ -45,18 +59,12 @@ programs.zsh = { enable = true; syntaxHighlighting.enable = true; - shellAliases = { - ls = "eza"; - lsa = "ls -A"; - ll = "ls -lh"; - lla = "ls -lAh"; - h = "hx"; - g = "git"; - cd = "z"; - tree = "eza --tree"; - ".." = "cd .."; - "..." = "cd ../.."; - }; + inherit shellAliases; + }; + + programs.fish = { + enable = true; + inherit shellAliases; }; xdg.configFile."git".source = "${config.dotfiles.path}/.config/git"; diff --git a/modules/user-rpqt.nix b/modules/user-rpqt.nix index 86b2cf4..4c1d0bb 100644 --- a/modules/user-rpqt.nix +++ b/modules/user-rpqt.nix @@ -8,7 +8,7 @@ description = "Romain Paquet"; - shell = pkgs.zsh; + shell = pkgs.fish; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze" @@ -17,5 +17,5 @@ extraGroups = [ "wheel" ]; }; - programs.zsh.enable = true; + programs.fish.enable = true; } From 65792b7ad4e0f82970af50f86e2fcff21fd77f98 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 5 Jan 2026 21:42:17 +0100 Subject: [PATCH 367/376] add rage --- home-manager/cli.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home-manager/cli.nix b/home-manager/cli.nix index 74d2d7d..89ccda3 100644 --- a/home-manager/cli.nix +++ b/home-manager/cli.nix @@ -40,6 +40,7 @@ in lazygit nh passage + rage ripgrep skim tealdeer From 6bb5625bc76275459fe5288076afb21164ed8825 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 5 Jan 2026 21:42:17 +0100 Subject: [PATCH 368/376] enable nix pipe-operators --- modules/nix-defaults.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nix-defaults.nix b/modules/nix-defaults.nix index fd3ef6d..ac488ef 100644 --- a/modules/nix-defaults.nix +++ b/modules/nix-defaults.nix @@ -9,6 +9,7 @@ experimental-features = [ "nix-command" "flakes" + "pipe-operators" ]; trusted-users = [ From 123c3edb0e52d83953f592ce9cdc8bf4fa831eb6 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 5 Jan 2026 21:42:17 +0100 Subject: [PATCH 369/376] update flake inputs --- flake.lock | 110 +++++++++++++++++++++++------------------------------ 1 file changed, 47 insertions(+), 63 deletions(-) diff --git a/flake.lock b/flake.lock index e68ea40..0c27f98 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1767498483, - "narHash": "sha256-LaTuHoRsUUWnvtQyIloIH4IitjKdGJArvTI2du61nGw=", + "lastModified": 1768230255, + "narHash": "sha256-d98+nRSV2X86LcJUDZDAR9wvmmGG1uMzY5/zJdKH9pU=", "owner": "nix-community", "repo": "buildbot-nix", - "rev": "09dbe356dfb796f4274c463f688456404f0d480d", + "rev": "6c62d4e0e82b607638b00d6f4f4ad06646342826", "type": "github" }, "original": { @@ -32,7 +32,6 @@ ], "nix-darwin": "nix-darwin", "nix-select": "nix-select", - "nixos-facter-modules": "nixos-facter-modules", "nixpkgs": [ "nixpkgs" ], @@ -41,11 +40,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1768046519, - "narHash": "sha256-XGAczDXXzQKldBO4OTJ7c8o4GPaXiqvnnGRDhGjRctA=", + "lastModified": 1768662392, + "narHash": "sha256-tE6k6yaQDF1n4YkTC4aH+BgKNQM36bYdhslP0udgMyY=", "ref": "refs/heads/main", - "rev": "d3091703b2b13283f6885287e1a3ca75c5255450", - "revCount": 12055, + "rev": "1f2f93239ef3638d4b7a2187d021b8d8fe6507b8", + "revCount": 12169, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -70,11 +69,11 @@ ] }, "locked": { - "lastModified": 1767582502, - "narHash": "sha256-WVcYGWcAlWzVt38OaTC5i5Q3QkIKJKZsJ7LcQZVVxeE=", - "rev": "31f2e3ecf207fd2760e3cebf7c2cf3cb7170ea3d", + "lastModified": 1768383623, + "narHash": "sha256-X1jD5UvgYW50wWxdxJn9b8hiOvpSoLcO3ZC1AZx7+gQ=", + "rev": "82c2fbf84ea0162d95b4958f02499e68c9a843a6", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/31f2e3ecf207fd2760e3cebf7c2cf3cb7170ea3d.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/82c2fbf84ea0162d95b4958f02499e68c9a843a6.tar.gz" }, "original": { "type": "tarball", @@ -92,11 +91,11 @@ "treefmt-nix": "treefmt-nix_3" }, "locked": { - "lastModified": 1767498610, - "narHash": "sha256-DFAfuDZSFl/PwHJaxFVDOY6QJe7SGPR4xL/CoN16WZ8=", + "lastModified": 1768657403, + "narHash": "sha256-YkbdCu2ZInQj72rQQLgVP2x1m8il8+DtwzypBiYrrfE=", "owner": "Mic92", "repo": "direnv-instant", - "rev": "cde46db6ca09cfbfed09bb3866c872d857a0eef1", + "rev": "ab8c70c557f610e20008eb407d17cfd78b44ea1c", "type": "github" }, "original": { @@ -154,11 +153,11 @@ ] }, "locked": { - "lastModified": 1765835352, - "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", + "lastModified": 1767609335, + "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "a34fae9c08a15ad73f295041fec82323541400a9", + "rev": "250481aafeb741edfe23d29195671c19b36b6dca", "type": "github" }, "original": { @@ -174,11 +173,11 @@ ] }, "locked": { - "lastModified": 1767609335, - "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "250481aafeb741edfe23d29195671c19b36b6dca", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", "type": "github" }, "original": { @@ -219,11 +218,11 @@ ] }, "locked": { - "lastModified": 1768018810, - "narHash": "sha256-WREj1ZQ2wSGtyPAhQJ3SX/7PJ29PNKv04h/7NgqUS+M=", + "lastModified": 1768598210, + "narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=", "owner": "nix-community", "repo": "home-manager", - "rev": "7c5d9345ad7cc38832cd4007f5cd03daad64d75b", + "rev": "c47b2cc64a629f8e075de52e4742de688f930dc6", "type": "github" }, "original": { @@ -240,11 +239,11 @@ ] }, "locked": { - "lastModified": 1767718503, - "narHash": "sha256-V+VkFs0aSG0ca8p/N3gib7FAf4cq9jyr5Gm+ZBrHQpo=", + "lastModified": 1768561867, + "narHash": "sha256-prGOZ+w3pZfGTRxworKcJliCNsewF0L4HUPjgU/6eaw=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "9f48ffaca1f44b3e590976b4da8666a9e86e6eb1", + "rev": "8b720b9662d4dd19048664b7e4216ce530591adc", "type": "github" }, "original": { @@ -281,21 +280,6 @@ "type": "github" } }, - "nixos-facter-modules": { - "locked": { - "lastModified": 1766558141, - "narHash": "sha256-Ud9v49ZPsoDBFuyJSQ2Mpw1ZgAH/aMwUwwzrVoetNus=", - "owner": "nix-community", - "repo": "nixos-facter-modules", - "rev": "e796d536e3d83de74267069e179dc620a608ed7d", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-facter-modules", - "type": "github" - } - }, "nixos-generators": { "inputs": { "nixlib": "nixlib", @@ -317,11 +301,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1767185284, - "narHash": "sha256-ljDBUDpD1Cg5n3mJI81Hz5qeZAwCGxon4kQW3Ho3+6Q=", + "lastModified": 1768584846, + "narHash": "sha256-IRPmIOV2tPwxbhP/I9M5AmwhTC0lMPtoPStC+8T6xl0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "40b1a28dce561bea34858287fbb23052c3ee63fe", + "rev": "cce68f4a54fa4e3d633358364477f5cc1d782440", "type": "github" }, "original": { @@ -349,11 +333,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1767892417, - "narHash": "sha256-dhhvQY67aboBk8b0/u0XB6vwHdgbROZT3fJAjyNh5Ww=", + "lastModified": 1768564909, + "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3497aa5c9457a9d88d71fa93a4a8368816fbeeba", + "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", "type": "github" }, "original": { @@ -385,11 +369,11 @@ ] }, "locked": { - "lastModified": 1767826491, - "narHash": "sha256-WSBENPotD2MIhZwolL6GC9npqgaS5fkM7j07V2i/Ur8=", + "lastModified": 1768481291, + "narHash": "sha256-NjKtkJraCZEnLHAJxLTI+BfdU//9coAz9p5TqveZwPU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "ea3adcb6d2a000d9a69d0e23cad1f2cacb3a9fbe", + "rev": "e085e303dfcce21adcb5fec535d65aacb066f101", "type": "github" }, "original": { @@ -405,11 +389,11 @@ ] }, "locked": { - "lastModified": 1767835990, - "narHash": "sha256-SJVH9fySPFqE8lYEQ5JsggGgSxTJQuhXpg/BrvlaOcc=", + "lastModified": 1768523683, + "narHash": "sha256-UbkyPXPPAbz0gHIWvHZ+jrPTruZqkpuwTFo5JXPnIgU=", "owner": "nix-community", "repo": "srvos", - "rev": "23022726b63ebef9d28dba289f1fac4f6d5a527f", + "rev": "90e9331fd79d4c3bb5c1e7cd2df2e560565fe543", "type": "github" }, "original": { @@ -441,11 +425,11 @@ ] }, "locked": { - "lastModified": 1767468822, - "narHash": "sha256-MpffQxHxmjVKMiQd0Tg2IM/bSjjdQAM+NDcX6yxj7rE=", + "lastModified": 1768031762, + "narHash": "sha256-b2gJDJfi+TbA7Hu2sKip+1mWqya0GJaWrrXQjpbOVTU=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "d56486eb9493ad9c4777c65932618e9c2d0468fc", + "rev": "0c445aa21b01fd1d4bb58927f7b268568af87b20", "type": "github" }, "original": { @@ -462,11 +446,11 @@ ] }, "locked": { - "lastModified": 1767801790, - "narHash": "sha256-QfX6g3Wj2vQe7oBJEbTf0npvC6sJoDbF9hb2+gM5tf8=", + "lastModified": 1768158989, + "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "778a1d691f1ef45dd68c661715c5bf8cbf131c80", + "rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca", "type": "github" }, "original": { @@ -483,11 +467,11 @@ ] }, "locked": { - "lastModified": 1767468822, - "narHash": "sha256-MpffQxHxmjVKMiQd0Tg2IM/bSjjdQAM+NDcX6yxj7rE=", + "lastModified": 1768031762, + "narHash": "sha256-b2gJDJfi+TbA7Hu2sKip+1mWqya0GJaWrrXQjpbOVTU=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "d56486eb9493ad9c4777c65932618e9c2d0468fc", + "rev": "0c445aa21b01fd1d4bb58927f7b268568af87b20", "type": "github" }, "original": { From 93b923c14650ff160da64f167da0f8b4c792a86a Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 5 Jan 2026 21:42:17 +0100 Subject: [PATCH 370/376] rename nixfmt-rfc-style -> nixfmt --- devShells/flake-module.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devShells/flake-module.nix b/devShells/flake-module.nix index b2abde0..961492c 100644 --- a/devShells/flake-module.nix +++ b/devShells/flake-module.nix @@ -11,7 +11,7 @@ inputs'.clan-core.packages.clan-cli pkgs.garage pkgs.nil # Nix language server - pkgs.nixfmt-rfc-style + pkgs.nixfmt pkgs.opentofu pkgs.terraform-ls pkgs.deploy-rs From f1e06aaead3640f110c16eb307553d7dcb21dcdc Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 19 Jan 2026 15:49:10 +0100 Subject: [PATCH 371/376] Update secret hcloud-token --- sops/secrets/hcloud-token/secret | 22 ++++++++++++++++++++++ sops/secrets/hcloud-token/users/rpqt | 1 + 2 files changed, 23 insertions(+) create mode 100644 sops/secrets/hcloud-token/secret create mode 120000 sops/secrets/hcloud-token/users/rpqt diff --git a/sops/secrets/hcloud-token/secret b/sops/secrets/hcloud-token/secret new file mode 100644 index 0000000..38bdd44 --- /dev/null +++ b/sops/secrets/hcloud-token/secret @@ -0,0 +1,22 @@ +{ + "data": "ENC[AES256_GCM,data:Jw4huyAI4yZT/24rImVh//JaFvUlwuIRrzP3nzLBqts+U2bs3wcv0LVavSEhECoJveUwYyS29++ewlnw+wiSrQ==,iv:O2ISIPnIJ3677VswqMjphwV30W24SNciPwIzd/AWm/w=,tag:ORMMkAtGyvzlINQ4fbtTjQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFTXMyczVuc3ZwUHJIUlUr\nSTFObW0wNjBGQXBhS1FCSDNCVFJpT05DZzM4CmdscVg4dzJJVDZ6aVpiUHNydXhK\nK0tQTy9uZmJyM3d1OHVXT1FlYnhLck0KLS0tIHJGT1IxWTdJL01XWUE5NEhtcGhs\nZWlUZkx1L2cwd3dpakNCOGY0M3BZazQKZrK9JoWAJk9BOCPWfwxthR4sdNvF4bYj\nbnw5HBmXHPuV4pObDE0RwnoMVBXSfTof41HfogvsM16GWR577+CgMg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qd2d7qpxlw9lj9l573f34vdkrazdq6yk4mvnlug46m979dl6p2p5xlzr0wt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IHU2Nm1JdyBBdHhYQkMx\nb2xTUXB3dkZuajB0aHIwbllmcVJwOHY3eXphR21MRUdDdWorMApkcHVxQ1FRQ3ZQ\nSnpOYk9ZanJPZ1EvWUpoZHQ1K2VVUVBVMVphVlYweGg0Ci0tLSBiQmQ5YnJpKzJv\nY2lmOFpZSEVJeHNCb3F1SjFzNzBabHN0andFczRYTlFnCkSFxvQ47FvKcCh06tRd\nCb12wKSm12yMs5BR9Bv40YDB9C0/oqo17gDmVworyZKuK2dDfRaSLjoD4Cg2ww+A\nwS0=\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yubikey1qwnawsag6k3lq7aklc92uq72vqx3r68ylg0x8fphn0qm8d7e00eq5ynu3wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDJlWGZKZyBBaG9kZWdz\nWVloZGxVZW5lVHpkN292MVFjVC9wWkNWS2hJTWZiLzk0SkdmZwpSZTZkOTFadWxo\naHMzZlVGV3hCY3pyQ1BIczA0ekpIWXZRSFZtN1lZMzZFCi0tLSBlSkRCNkNtbjFs\nd2IvSlRISlRydVh4M1I2bVFFZ1ZJUFFNc1dtbGUrZWtvCiiFUjKkBp4eyI7YV1AY\nk3tqfqsoQyHPYhL4mxU5bDBPTwKpIwPZNzfVDxgiTwQq5s4TEoDYnl4rhEc6ONem\nx84=\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-01-19T14:49:10Z", + "mac": "ENC[AES256_GCM,data:fWo9KS5W4A7UNM58G+KtCzAQAiM0qFVJwf42/eSQC+yAMfZJfbq17JDeow37CbnYo4GaXJuPQHbUqnrFHfqxRXAOP8GfQ02MRf3xSpmzwLQeKtZHwGG8+Ez9x+FnYUJcX8QIHpf25NKpe57h8STtC+Uz66lMp1EFXzJzgOvTY9w=,iv:Eya9bRyBUXv7ddSa7PVNYej6shnXTSdd3NvPPyRfezY=,tag:FH6YK+dfoPyQwgMNTqKQmg==,type:str]", + "version": "3.11.0" + } +} diff --git a/sops/secrets/hcloud-token/users/rpqt b/sops/secrets/hcloud-token/users/rpqt new file mode 120000 index 0000000..b1a8792 --- /dev/null +++ b/sops/secrets/hcloud-token/users/rpqt @@ -0,0 +1 @@ +../../../users/rpqt \ No newline at end of file From 32c4eeb2f8419ba343176da6b194378d948949e2 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 19 Jan 2026 18:47:16 +0100 Subject: [PATCH 372/376] add terranix --- flake.lock | 42 +++++++++++++++++++++++++++++++++++++++++- flake.nix | 5 +++++ 2 files changed, 46 insertions(+), 1 deletion(-) diff --git a/flake.lock b/flake.lock index 0c27f98..e7e5916 100644 --- a/flake.lock +++ b/flake.lock @@ -358,7 +358,8 @@ "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", - "srvos": "srvos" + "srvos": "srvos", + "terranix": "terranix" } }, "sops-nix": { @@ -417,6 +418,45 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "terranix": { + "inputs": { + "flake-parts": [ + "flake-parts" + ], + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems_2" + }, + "locked": { + "lastModified": 1762472226, + "narHash": "sha256-iVS4sxVgGn+T74rGJjEJbzx+kjsuaP3wdQVXBNJ79A0=", + "owner": "terranix", + "repo": "terranix", + "rev": "3b5947a48da5694094b301a3b1ef7b22ec8b19fc", + "type": "github" + }, + "original": { + "owner": "terranix", + "repo": "terranix", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 76569b2..a3b99cd 100644 --- a/flake.nix +++ b/flake.nix @@ -11,6 +11,7 @@ flake-parts.lib.mkFlake { inherit inputs; } ({ imports = [ clan-core.flakeModules.default + inputs.terranix.flakeModule ./clan/flake-module.nix ./clanServices/flake-module.nix ./devShells/flake-module.nix @@ -55,5 +56,9 @@ direnv-instant.url = "github:Mic92/direnv-instant"; direnv-instant.inputs.nixpkgs.follows = "nixpkgs"; direnv-instant.inputs.flake-parts.follows = "flake-parts"; + + terranix.url = "github:terranix/terranix"; + terranix.inputs.nixpkgs.follows = "nixpkgs"; + terranix.inputs.flake-parts.follows = "flake-parts"; }; } From de32fe0db019250bcd48e5d5c945fde4fd6f8016 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 19 Jan 2026 18:47:16 +0100 Subject: [PATCH 373/376] migrate infra to terranix --- infra/.terraform.lock.hcl | 56 ++------------------ infra/base.nix | 24 +++++++++ infra/crocus.tf | 68 ------------------------ infra/dns.nix | 20 ++++++++ infra/dns.tf | 44 ---------------- infra/flake-module.nix | 24 ++++++++- infra/lib.nix | 88 ++++++++++++++++++++++++++++++++ infra/mail.nix | 15 ++++++ infra/main.tf | 15 ------ infra/providers.tf | 9 ---- infra/radicle.nix | 52 +++++++++++++++++++ infra/templates/rpqt.fr.zone | 31 ----------- infra/templates/turifer.dev.zone | 39 -------------- infra/variables.tf | 11 ---- infra/verbena.tf | 20 -------- infra/web.nix | 68 ++++++++++++++++++++++++ 16 files changed, 295 insertions(+), 289 deletions(-) create mode 100644 infra/base.nix delete mode 100644 infra/crocus.tf create mode 100644 infra/dns.nix delete mode 100644 infra/dns.tf create mode 100644 infra/lib.nix create mode 100644 infra/mail.nix delete mode 100644 infra/main.tf delete mode 100644 infra/providers.tf create mode 100644 infra/radicle.nix delete mode 100644 infra/templates/rpqt.fr.zone delete mode 100644 infra/templates/turifer.dev.zone delete mode 100644 infra/variables.tf delete mode 100644 infra/verbena.tf create mode 100644 infra/web.nix diff --git a/infra/.terraform.lock.hcl b/infra/.terraform.lock.hcl index e201fd0..89eb186 100644 --- a/infra/.terraform.lock.hcl +++ b/infra/.terraform.lock.hcl @@ -1,62 +1,16 @@ # This file is maintained automatically by "tofu init". # Manual edits may be lost in future updates. -provider "registry.opentofu.org/hashicorp/assert" { - version = "0.16.0" +provider "registry.opentofu.org/hashicorp/external" { + version = "2.3.5" hashes = [ - "h1:2jeV46S9jN2rk0GXOa+HGNlVvyWzaB3wz0T65elbjOc=", - "zh:3c04d08d1bb4ae810b7972a219c8dd42a8ab901a9bc25197b250c38f3fa57033", - "zh:46119bcc47b545809c0ee873a72d44f4f875cca4d7228605f5c7a8956a5e7d55", - "zh:511949ee8a6ac8ff7296b4c9778deb2aec2783f5b85c4f27382a3b623fc50a4a", - "zh:b4ebb8b832bae26443880d2e17493f754495db2d6c3f02c6d0070cbf5ae21598", - "zh:bebed6c1873871eb824103f08e72055c077f01b10a40944760d19ffdd721d9ab", - "zh:e412855fd2fd81e0a847e45308bdbac99995315c503fdddf262ee59e1b7c5263", - "zh:ed47c4fe28c6f148f11fa4098516abea008c49fa670c3cedd2ff94596cac0831", - "zh:edee914b1d12ac6db241a1fecaa5186c47f361f4ceb2deb23ad45d67bf95c7b1", - "zh:eff5b2e1c2128217bdbc600eda4fe011831e5c655bf4acd84b6495fc20d128d3", - "zh:ff64424784171a3361b1ea95d8cef334ec1c4a395812edd0a77a1ed6b4119b0f", + "h1:en/2hMK/W/2hKtsEkbxGiiYwi/pSPS/UoGDILHIHjmw=", ] } provider "registry.opentofu.org/hetznercloud/hcloud" { - version = "1.57.0" - constraints = "~> 1.45" + version = "1.58.0" hashes = [ - "h1:Xk+Whn6wnhEJEeiO/mPII/mOL+buHLj05AKy4TbDz3U=", - "zh:016ecc39328f34f6c0ffa413598f354824f7878c89cd031f123edb4bc8a687a2", - "zh:10b362dc0847200c987214b129b5f85e2f7d8ad417261a1d2dd04ab74de15603", - "zh:194647d9a61dca4f411f44580316b88a11095d7a99679d445f9b0f2c1ba976c4", - "zh:1d8aafe2ce7890696385bb3a0c3286e7ee3020416d337f59935406e4c6f91de6", - "zh:594585616210fb232fad4ebda2387ecd3f483931e00eff988fca83add6ce7cfc", - "zh:65e50be33ffb85580546f119839e1293591cc6d4db729d809931d0408b6ae408", - "zh:7d4ed5bd8c477ec304142e2160203a76a0d09c93d224950bda253172b2571038", - "zh:90a70a70a266b78c8216903e711904e6969b3957d182602b5d788602ec9ef323", - "zh:abb8e28e96fb8de270995873de980896b7cb53cfc550f02c50eaa42884624ba9", - "zh:bbf34dca2de6e105ca7204222162a0402d8e9e9a28e1de5ffbaa2c0d6270a059", - "zh:c1a9edb693d632dcb5c3c9ee84c97138e08eadb9354e28592efd581f68ac0385", - "zh:dadbf1368fae314fe8dcb99ebefbc78409f3fc0e3808cd92ea573b8eee1cae98", - "zh:e713e00ca27348abd18da2eeff861905e84050e3e7e008f14a0c63c70ab2ff84", - ] -} - -provider "registry.opentofu.org/ovh/ovh" { - version = "2.10.0" - constraints = "> 2.5.0" - hashes = [ - "h1:6CHM/tHZ7vAvQKtdqurs6ExO+46gpFooZ0zdaW74DKE=", - "zh:1582485c59b5e25fa407417de3040dfc31bfec3f9b884d51953f6625b930d2f6", - "zh:15b425716d5e05992cb1d68a49d58f0e9e0cbd7dbaa35ea9793404fa1ec45bed", - "zh:1c1547ff469c2f772d478f67d148d08b38468d43c9517b723b622a085625d949", - "zh:2491be291a8876da2dc1e71490428706cdca39002a1e89d10dd060474f59ce19", - "zh:2d9c7589764f838f04d38a87a0e6c9db6b560b6c5b510b69eabf2d67caa38d2b", - "zh:56c5b16a55dc4ac5f3eed69072e5ae74aafac2a4a8a84ba27fa06528320037cc", - "zh:629d2c7f709fc01adabba1c8b98ec7485dfebcc4b9f72f4bd4d36509166eb42c", - "zh:82f4b8b35a31a468d7a2a5aa4630f432ef64d9abfed8066afdaab0502886a72a", - "zh:84c5e65122efaee5e34c266cd750576969bd788c2bdbb804a7ffc08728ac3987", - "zh:85db08f3e1b27fda723b080bc5132069b6b7ba9699567cd44fb0a2207456a76c", - "zh:a84c043c96a01230e570163706f58c33ee59699fcc857d3db0f6e0b2a6b08bc6", - "zh:ad984516009930efc6ec465046287c6b293b6b219e3167aa4c0b900b903c6a50", - "zh:bd0114d45ec72134cf930a7619b70b0068e439759febba5717abb76219b85800", - "zh:f243a50dcf87687881972fcaba9226b4247588b6dc7368b0ef98168f643ee159", + "h1:6C2LNEvCyGPyWgALDAFTNbRp+5Iuikd4Ju1Xejh+aeg=", ] } diff --git a/infra/base.nix b/infra/base.nix new file mode 100644 index 0000000..1e7f0d3 --- /dev/null +++ b/infra/base.nix @@ -0,0 +1,24 @@ +{ + config, + lib, + pkgs, + ... +}: +{ + terraform.required_providers.hcloud.source = "hetznercloud/hcloud"; + + data.external.hcloud-token = { + program = [ + (lib.getExe ( + pkgs.writeShellApplication { + name = "get-clan-secret"; + text = '' + jq -n --arg secret "$(clan secrets get hcloud-token)" '{"secret":$secret}' + ''; + } + )) + ]; + }; + + provider.hcloud.token = config.data.external.hcloud-token "result.secret"; +} diff --git a/infra/crocus.tf b/infra/crocus.tf deleted file mode 100644 index 2ac53cb..0000000 --- a/infra/crocus.tf +++ /dev/null @@ -1,68 +0,0 @@ -resource "hcloud_server" "crocus_server" { - name = "crocus" - server_type = "cx22" - datacenter = "nbg1-dc3" - image = "ubuntu-20.04" - firewall_ids = [hcloud_firewall.crocus_firewall.id] - public_net { - ipv4 = hcloud_primary_ip.crocus_ipv4.id - } -} - -resource "hcloud_primary_ip" "crocus_ipv4" { - name = "crocus_ipv4" - type = "ipv4" - datacenter = "nbg1-dc3" - assignee_type = "server" - auto_delete = true -} - -resource "hcloud_firewall" "crocus_firewall" { - name = "crocus-firewall" - - rule { - direction = "in" - protocol = "icmp" - source_ips = ["0.0.0.0/0", "::/0"] - } - - rule { - direction = "in" - protocol = "tcp" - port = "22" - source_ips = ["0.0.0.0/0", "::/0"] - } - - rule { - direction = "in" - protocol = "tcp" - port = "22" - source_ips = ["0.0.0.0/0", "::/0"] - } - - rule { - direction = "in" - protocol = "tcp" - port = "80" - source_ips = ["0.0.0.0/0", "::/0"] - } - - rule { - direction = "in" - protocol = "tcp" - port = "443" - source_ips = ["0.0.0.0/0", "::/0"] - } - - # radicle-node - rule { - direction = "in" - protocol = "tcp" - port = "8776" - source_ips = ["0.0.0.0/0", "::/0"] - } -} - -output "crocus_ipv4" { - value = hcloud_primary_ip.crocus_ipv4.ip_address -} diff --git a/infra/dns.nix b/infra/dns.nix new file mode 100644 index 0000000..a6f7031 --- /dev/null +++ b/infra/dns.nix @@ -0,0 +1,20 @@ +{ config, ... }: +{ + resource.hcloud_zone.rpqt_fr = { + name = "rpqt.fr"; + mode = "primary"; + }; + + resource.hcloud_zone.turifer_dev = { + name = "turifer.dev"; + mode = "primary"; + }; + + output.rpqt_fr_zone_name = { + value = config.resource.hcloud_zone.rpqt_fr "name"; + }; + + output.turifer_dev_zone_name = { + value = config.resource.hcloud_zone.turifer_dev "name"; + }; +} diff --git a/infra/dns.tf b/infra/dns.tf deleted file mode 100644 index b095e58..0000000 --- a/infra/dns.tf +++ /dev/null @@ -1,44 +0,0 @@ -data "ovh_vps" "verbena_vps" { - service_name = "vps-7e78bac2.vps.ovh.net" -} - -data "ovh_domain_zone" "rpqt_fr" { - name = "rpqt.fr" -} - -resource "ovh_domain_zone_import" "rpqt_fr_import" { - zone_name = "rpqt.fr" - zone_file = local.rpqt_fr_zone_file -} - - -data "ovh_domain_zone" "turifer_dev" { - name = "turifer.dev" -} - -resource "ovh_domain_zone_import" "turifer_dev_import" { - zone_name = "turifer.dev" - zone_file = local.turifer_dev_zone_file -} - -locals { - verbena_ipv4_addresses = [for ip in data.ovh_vps.verbena_vps.ips : ip if provider::assert::ipv4(ip)] - verbena_ipv6_addresses = [for ip in data.ovh_vps.verbena_vps.ips : ip if provider::assert::ipv6(ip)] - - turifer_dev_zone_file = templatefile("./templates/turifer.dev.zone", { - crocus_ipv4_address = hcloud_server.crocus_server.ipv4_address - crocus_ipv6_address = hcloud_server.crocus_server.ipv6_address - - verbena_ipv4_addresses = local.verbena_ipv4_addresses - verbena_ipv6_addresses = local.verbena_ipv6_addresses - }) - - rpqt_fr_zone_file = templatefile("./templates/rpqt.fr.zone", { - crocus_ipv4_address = hcloud_server.crocus_server.ipv4_address - crocus_ipv6_address = hcloud_server.crocus_server.ipv6_address - - verbena_ipv4_addresses = local.verbena_ipv4_addresses - verbena_ipv6_addresses = local.verbena_ipv6_addresses - }) -} - diff --git a/infra/flake-module.nix b/infra/flake-module.nix index 8652548..6b19b9b 100644 --- a/infra/flake-module.nix +++ b/infra/flake-module.nix @@ -1,7 +1,28 @@ +{ self, ... }: { + perSystem = + { pkgs, ... }: + { + terranix.terranixConfigurations.infra = { + terraformWrapper.package = pkgs.opentofu.withPlugins (p: [ + p.hashicorp_external + p.hetznercloud_hcloud + ]); + + extraArgs = { inherit (self) infra; }; + modules = [ + ./base.nix + ./dns.nix + ./mail.nix + ./radicle.nix + ./web.nix + ]; + }; + }; + flake.infra = let - tf_outputs = builtins.fromJSON (builtins.readFile ../infra/outputs.json); + tf_outputs = builtins.fromJSON (builtins.readFile ./outputs.json); in { machines = { @@ -12,6 +33,7 @@ }; crocus = { ipv4 = tf_outputs.crocus_ipv4.value; + ipv6 = "2a01:4f8:1c1e:e415::1"; }; }; }; diff --git a/infra/lib.nix b/infra/lib.nix new file mode 100644 index 0000000..cf93e1e --- /dev/null +++ b/infra/lib.nix @@ -0,0 +1,88 @@ +{ lib, ... }: +let + mkMigaduDkim = zone: name: { + inherit zone; + name = "${name}._domainkey"; + type = "CNAME"; + records = [ + { value = "${name}.${zone}._domainkey.migadu.com."; } + ]; + }; +in +{ + mkMigadu_hcloud_zone_rrset = zone: hostedEmailVerify: { + dkim_1 = mkMigaduDkim zone "key1"; + dkim_2 = mkMigaduDkim zone "key2"; + dkim_3 = mkMigaduDkim zone "key3"; + + spf = { + inherit zone; + name = "@"; + type = "TXT"; + records = [ + { + value = lib.tf.ref ''provider::hcloud::txt_record("v=spf1 include:spf.migadu.com -all")''; + } + { + value = lib.tf.ref ''provider::hcloud::txt_record("hosted-email-verify=pgeaq3bp")''; + } + ]; + }; + + dmarc = { + inherit zone; + name = "_dmarc"; + type = "TXT"; + records = [ + { + value = lib.tf.ref ''provider::hcloud::txt_record("v=DMARC1; p=quarantine;")''; + } + ]; + }; + + mx = { + inherit zone; + name = "@"; + type = "MX"; + records = [ + { value = "10 aspmx1.migadu.com."; } + { value = "20 aspmx2.migadu.com."; } + ]; + }; + + autoconfig = { + inherit zone; + name = "autoconfig"; + type = "CNAME"; + records = [ { value = "autoconfig.migadu.com."; } ]; + }; + + autodiscover = { + inherit zone; + name = "_autodiscover._tcp"; + type = "SRV"; + records = [ { value = "0 1 443 autodiscover.migadu.com."; } ]; + }; + + submissions = { + inherit zone; + name = "_submissions._tcp"; + type = "SRV"; + records = [ { value = "0 1 465 smtp.migadu.com."; } ]; + }; + + imaps = { + inherit zone; + name = "_imaps._tcp"; + type = "SRV"; + records = [ { value = "0 1 993 imap.migadu.com."; } ]; + }; + + pop3s = { + inherit zone; + name = "_pop3s._tcp"; + type = "SRV"; + records = [ { value = "0 1 995 pop.migadu.com."; } ]; + }; + }; +} diff --git a/infra/mail.nix b/infra/mail.nix new file mode 100644 index 0000000..255a3cc --- /dev/null +++ b/infra/mail.nix @@ -0,0 +1,15 @@ +{ config, lib, ... }: +let + inherit (import ./lib.nix { inherit lib; }) + mkMigadu_hcloud_zone_rrset + ; + rpqt_fr = mkMigadu_hcloud_zone_rrset (config.resource.hcloud_zone.rpqt_fr "name") "pgeaq3bp"; + + # Prefix resource names with zone name to avoid collision + turifer_dev = lib.mapAttrs' (name: value: lib.nameValuePair "turifer_dev_${name}" value) ( + mkMigadu_hcloud_zone_rrset (config.resource.hcloud_zone.turifer_dev "name") "k5z4lcfc" + ); +in +{ + resource.hcloud_zone_rrset = rpqt_fr // turifer_dev; +} diff --git a/infra/main.tf b/infra/main.tf deleted file mode 100644 index da2f286..0000000 --- a/infra/main.tf +++ /dev/null @@ -1,15 +0,0 @@ -terraform { - required_providers { - hcloud = { - source = "hetznercloud/hcloud" - version = "~> 1.45" - } - ovh = { - source = "ovh/ovh" - version = "> 2.5.0" - } - assert = { - source = "hashicorp/assert" - } - } -} diff --git a/infra/providers.tf b/infra/providers.tf deleted file mode 100644 index dca6b80..0000000 --- a/infra/providers.tf +++ /dev/null @@ -1,9 +0,0 @@ -provider "hcloud" { - token = var.hcloud_token -} - -provider "ovh" { - endpoint = "ovh-eu" - client_id = var.ovh_client_id - client_secret = var.ovh_client_secret -} diff --git a/infra/radicle.nix b/infra/radicle.nix new file mode 100644 index 0000000..b7f239d --- /dev/null +++ b/infra/radicle.nix @@ -0,0 +1,52 @@ +{ + config, + infra, + lib, + ... +}: +{ + resource.hcloud_zone_rrset = + let + zone = config.resource.hcloud_zone.rpqt_fr "name"; + in + { + radicle_a = { + inherit zone; + name = "radicle"; + type = "A"; + records = [ { value = infra.machines.crocus.ipv4; } ]; + }; + + radicle_aaaa = { + inherit zone; + name = "radicle"; + type = "AAAA"; + records = [ { value = infra.machines.crocus.ipv6; } ]; + }; + + radicles_srv = { + inherit zone; + name = "seed._radicle-node._tcp"; + type = "SRV"; + records = [ { value = "32767 32767 58776 radicle.rpqt.fr."; } ]; + }; + + radicles_nid = { + inherit zone; + name = "seed._radicle-node._tcp"; + type = "TXT"; + records = [ + { + value = lib.tf.ref ''provider::hcloud::txt_record("nid=z6MkuivFHDPg6Bd25v4bEWm7T7qLUYMWk1eVTE7exvum5Rvd")''; + } + ]; + }; + + radicle_ptr = { + inherit zone; + name = "_radicle-node._tcp"; + type = "PTR"; + records = [ { value = "seed._radicle-node._tcp.radicle.rpqt.fr."; } ]; + }; + }; +} diff --git a/infra/templates/rpqt.fr.zone b/infra/templates/rpqt.fr.zone deleted file mode 100644 index 99a7834..0000000 --- a/infra/templates/rpqt.fr.zone +++ /dev/null @@ -1,31 +0,0 @@ -$TTL 3600 -@ IN SOA dns100.ovh.net. tech.ovh.net. (2026010123 86400 3600 3600000 60) - IN NS dns100.ovh.net. - IN NS ns100.ovh.net. - -rpqt.fr. 3000 IN TXT "hosted-email-verify=pgeaq3bp" -rpqt.fr. 3000 IN MX 10 aspmx1.migadu.com. -rpqt.fr. 3000 IN MX 20 aspmx2.migadu.com. -rpqt.fr. 3000 IN TXT "v=spf1 include:spf.migadu.com -all" -key1._domainkey.rpqt.fr. 3000 IN CNAME key1.rpqt.fr._domainkey.migadu.com. -key2._domainkey.rpqt.fr. 3000 IN CNAME key2.rpqt.fr._domainkey.migadu.com. -key3._domainkey.rpqt.fr. 3000 IN CNAME key3.rpqt.fr._domainkey.migadu.com. -_dmarc.rpqt.fr. 3000 IN TXT "v=DMARC1; p=quarantine;" -autoconfig.rpqt.fr. 3000 IN CNAME autoconfig.migadu.com. -_autodiscover._tcp.rpqt.fr. 3000 IN SRV 0 1 443 autodiscover.migadu.com. -_submissions._tcp.rpqt.fr. 3000 IN SRV 0 1 465 smtp.migadu.com. -_imaps._tcp.rpqt.fr. 3000 IN SRV 0 1 993 imap.migadu.com. -_pop3s._tcp.rpqt.fr. 3000 IN SRV 0 1 995 pop.migadu.com. - -@ 10800 IN A 46.23.81.157 -@ 10800 IN AAAA 2a03:6000:1813:1337::157 - -%{ for addr in verbena_ipv4_addresses ~} -cloud 10800 IN A ${addr} -%{ endfor ~} -%{ for addr in verbena_ipv6_addresses ~} -cloud 10800 IN AAAA ${addr} -%{ endfor ~} - -radicle 10800 IN A ${crocus_ipv4_address} -radicle 10800 IN AAAA ${crocus_ipv6_address} diff --git a/infra/templates/turifer.dev.zone b/infra/templates/turifer.dev.zone deleted file mode 100644 index f5cd895..0000000 --- a/infra/templates/turifer.dev.zone +++ /dev/null @@ -1,39 +0,0 @@ -$TTL 3600 -@ IN SOA dns100.ovh.net. tech.ovh.net. (2025071505 86400 3600 3600000 60) - IN NS dns100.ovh.net. - IN NS ns100.ovh.net. - -turifer.dev. 3000 IN TXT "hosted-email-verify=k5z4lcfc" -turifer.dev. 3000 IN MX 10 aspmx1.migadu.com. -turifer.dev. 3000 IN MX 20 aspmx2.migadu.com. -turifer.dev. 3000 IN TXT "v=spf1 include:spf.migadu.com -all" -key1._domainkey.turifer.dev. 3000 IN CNAME key1.turifer.dev._domainkey.migadu.com. -key2._domainkey.turifer.dev. 3000 IN CNAME key2.turifer.dev._domainkey.migadu.com. -key3._domainkey.turifer.dev. 3000 IN CNAME key3.turifer.dev._domainkey.migadu.com. -_dmarc.turifer.dev. 3000 IN TXT "v=DMARC1; p=quarantine;" -autoconfig.turifer.dev. 3000 IN CNAME autoconfig.migadu.com. -_autodiscover._tcp.turifer.dev. 3000 IN SRV 0 1 443 autodiscover.migadu.com. -_submissions._tcp.turifer.dev. 3000 IN SRV 0 1 465 smtp.migadu.com. -_imaps._tcp.turifer.dev. 3000 IN SRV 0 1 993 imap.migadu.com. -_pop3s._tcp.turifer.dev. 3000 IN SRV 0 1 995 pop.migadu.com. - -%{ for addr in verbena_ipv4_addresses ~} -git.turifer.dev. 10800 IN A ${addr} -%{ endfor ~} -%{ for addr in verbena_ipv6_addresses ~} -git.turifer.dev. 10800 IN AAAA ${addr} -%{ endfor ~} - -%{ for addr in verbena_ipv4_addresses ~} -buildbot.turifer.dev. 10800 IN A ${addr} -%{ endfor ~} -%{ for addr in verbena_ipv6_addresses ~} -buildbot.turifer.dev. 10800 IN AAAA ${addr} -%{ endfor ~} - -%{ for addr in verbena_ipv4_addresses ~} -wg1.turifer.dev. 10800 IN A ${addr} -%{ endfor ~} -%{ for addr in verbena_ipv6_addresses ~} -wg1.turifer.dev. 10800 IN AAAA ${addr} -%{ endfor ~} diff --git a/infra/variables.tf b/infra/variables.tf deleted file mode 100644 index 9a1ac28..0000000 --- a/infra/variables.tf +++ /dev/null @@ -1,11 +0,0 @@ -variable "hcloud_token" { - sensitive = true -} - -variable "ovh_client_id" { - sensitive = true -} - -variable "ovh_client_secret" { - sensitive = true -} diff --git a/infra/verbena.tf b/infra/verbena.tf deleted file mode 100644 index 7ffe9cb..0000000 --- a/infra/verbena.tf +++ /dev/null @@ -1,20 +0,0 @@ -output "verbena_ipv4" { - value = local.verbena_ipv4_addresses[0] -} - -output "verbena_ipv6" { - value = local.verbena_ipv6_addresses[0] -} - -output "verbena_gateway6" { - value = local.gateway6 -} - -locals { - hextets = 4 - parts = split(":", local.verbena_ipv6_addresses[0]) - prefix_parts = slice(local.parts, 0, local.hextets) - prefix_str = join(":", local.prefix_parts) - gateway6 = "${local.prefix_str}::1" -} - diff --git a/infra/web.nix b/infra/web.nix new file mode 100644 index 0000000..c9b1615 --- /dev/null +++ b/infra/web.nix @@ -0,0 +1,68 @@ +{ config, infra, ... }: +{ + resource.hcloud_zone_rrset = + let + sourcehut_pages = { + ipv4 = "46.23.81.157"; + ipv6 = "2a03:6000:1813:1337::157"; + }; + zone = config.resource.hcloud_zone.rpqt_fr "name"; + in + { + a = { + inherit zone; + name = "@"; + type = "A"; + records = [ { value = sourcehut_pages.ipv4; } ]; + }; + + aaaa = { + inherit zone; + name = "@"; + type = "AAAA"; + records = [ { value = sourcehut_pages.ipv6; } ]; + }; + + cloud_a = { + inherit zone; + name = "cloud"; + type = "A"; + records = [ { value = infra.machines.verbena.ipv4; } ]; + }; + + cloud_aaaa = { + inherit zone; + name = "cloud"; + type = "AAAA"; + records = [ { value = infra.machines.verbena.ipv6; } ]; + }; + + git_turifer_dev_a = { + zone = config.resource.hcloud_zone.turifer_dev "name"; + name = "git"; + type = "A"; + records = [ { value = infra.machines.verbena.ipv4; } ]; + }; + + git_turifer_dev_aaaa = { + zone = config.resource.hcloud_zone.turifer_dev "name"; + name = "git"; + type = "AAAA"; + records = [ { value = infra.machines.verbena.ipv6; } ]; + }; + + buildbot_turifer_dev_a = { + zone = config.resource.hcloud_zone.turifer_dev "name"; + name = "buildbot"; + type = "A"; + records = [ { value = infra.machines.verbena.ipv4; } ]; + }; + + buildbot_turifer_dev_aaaa = { + zone = config.resource.hcloud_zone.turifer_dev "name"; + name = "buildbot"; + type = "AAAA"; + records = [ { value = infra.machines.verbena.ipv6; } ]; + }; + }; +} From 3d5695c9b31b642cc3a2bfa5c3a0174387916219 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 19 Jan 2026 18:47:16 +0100 Subject: [PATCH 374/376] helix: auto-format ocaml --- home/.config/helix/languages.toml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/home/.config/helix/languages.toml b/home/.config/helix/languages.toml index eb1eb24..3befed1 100644 --- a/home/.config/helix/languages.toml +++ b/home/.config/helix/languages.toml @@ -58,3 +58,7 @@ auto-format = true [[language]] name = "vento" indent = { tab-width = 2, unit = "\t" } + +[[language]] +name = "ocaml" +auto-format = true From 1ef49241b4a62a42e566e786506114d8fc8b20e5 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 19 Jan 2026 18:47:16 +0100 Subject: [PATCH 375/376] remove wofi-emoji --- home-manager/desktop/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home-manager/desktop/default.nix b/home-manager/desktop/default.nix index 4a4a002..b46f155 100644 --- a/home-manager/desktop/default.nix +++ b/home-manager/desktop/default.nix @@ -10,7 +10,6 @@ home.packages = with pkgs; [ discord seahorse - wofi-emoji ]; home.pointerCursor = { From 01f9ce7503ae13ea310c04d571aabb81305085ee Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 19 Jan 2026 18:47:16 +0100 Subject: [PATCH 376/376] infra: add missing wireguard dns records --- infra/web.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/infra/web.nix b/infra/web.nix index c9b1615..2513a6a 100644 --- a/infra/web.nix +++ b/infra/web.nix @@ -64,5 +64,19 @@ type = "AAAA"; records = [ { value = infra.machines.verbena.ipv6; } ]; }; + + wg1_turifer_dev_a = { + zone = config.resource.hcloud_zone.turifer_dev "name"; + name = "wg1"; + type = "A"; + records = [ { value = infra.machines.verbena.ipv4; } ]; + }; + + wg1_turifer_dev_aaaa = { + zone = config.resource.hcloud_zone.turifer_dev "name"; + name = "wg1"; + type = "AAAA"; + records = [ { value = infra.machines.verbena.ipv6; } ]; + }; }; }