From 1ca1890e33b5fe37c7ceb2f7d27d2a17abde8a9b Mon Sep 17 00:00:00 2001 From: Lucy Hochkamp Date: Thu, 26 Jun 2025 09:38:46 +0200 Subject: [PATCH] changes --- flake.lock | 234 ++++++++++++++++-------- flake.nix | 2 + hosts/ds9/attic.nix | 50 +++++ hosts/ds9/default.nix | 10 + hosts/ds9/woodpecker.nix | 56 ++++++ hosts/picard/xynospace-matrix.nix | 1 + secrets/ds9AtticEnv.age | Bin 0 -> 5238 bytes secrets/ds9WoodpeckerAgentSecretEnv.age | 17 ++ secrets/ds9WoodpeckerEnv.age | 17 ++ secrets/secrets.nix | 3 + 10 files changed, 314 insertions(+), 76 deletions(-) create mode 100644 hosts/ds9/attic.nix create mode 100644 hosts/ds9/woodpecker.nix create mode 100644 secrets/ds9AtticEnv.age create mode 100644 secrets/ds9WoodpeckerAgentSecretEnv.age create mode 100644 secrets/ds9WoodpeckerEnv.age diff --git a/flake.lock b/flake.lock index 528716f0..131b24a9 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1745630506, - "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=", + "lastModified": 1750173260, + "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", "owner": "ryantm", "repo": "agenix", - "rev": "96e078c646b711aee04b82ba01aefbff87004ded", + "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", "type": "github" }, "original": { @@ -24,6 +24,52 @@ "type": "github" } }, + "attic": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1748532342, + "narHash": "sha256-CvaKOUq8G10sghKpZhEB2UYjJoWhEkrDFggDgi7piUI=", + "owner": "zhaofengli", + "repo": "attic", + "rev": "ce9373715fe3fac7a174a65a7e6d6baeba8cb4f9", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "attic", + "type": "github" + } + }, + "crane": { + "inputs": { + "nixpkgs": [ + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1722960479, + "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", + "owner": "ipetkov", + "repo": "crane", + "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -53,11 +99,11 @@ ] }, "locked": { - "lastModified": 1746254942, - "narHash": "sha256-Y062AuRx6l+TJNX8wxZcT59SSLsqD9EedAY0mqgTtQE=", + "lastModified": 1750618568, + "narHash": "sha256-w9EG5FOXrjXGfbqCcQg9x1lMnTwzNDW5BMXp8ddy15E=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "760a11c87009155afa0140d55c40e7c336d62d7a", + "rev": "1dd19f19e4b53a1fd2e8e738a08dd5fe635ec7e5", "type": "github" }, "original": { @@ -67,7 +113,44 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1722555600, + "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, @@ -89,24 +172,6 @@ "inputs": { "systems": "systems_2" }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { - "inputs": { - "systems": "systems_3" - }, "locked": { "lastModified": 1726560853, "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", @@ -138,16 +203,15 @@ }, "helix": { "inputs": { - "flake-utils": "flake-utils", "nixpkgs": "nixpkgs", "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1746085551, - "narHash": "sha256-WSIUg4DFP8wCDYvefjTzbEKQY1qFtk7DS3p9dJBi8ZU=", + "lastModified": 1750572170, + "narHash": "sha256-8sM1/Nn3IGkPGC+1lu903az6JezwJebLbIzSsqyyJHE=", "owner": "SofusA", "repo": "helix-pull-diagnostics", - "rev": "c156c945f6a43489168880a18b6cf3057f35cae9", + "rev": "50982f9f3a9c5ae3fabc65e358272276a4e10f3d", "type": "github" }, "original": { @@ -185,11 +249,11 @@ ] }, "locked": { - "lastModified": 1746171682, - "narHash": "sha256-EyXUNSa+H+YvGVuQJP1nZskXAowxKYp79RNUsNdQTj4=", + "lastModified": 1747688870, + "narHash": "sha256-ypL9WAZfmJr5V70jEVzqGjjQzF0uCkz+AFQF7n9NmNc=", "owner": "nix-community", "repo": "home-manager", - "rev": "50eee705bbdbac942074a8c120e8194185633675", + "rev": "d5f1f641b289553927b3801580598d200a501863", "type": "github" }, "original": { @@ -274,7 +338,7 @@ }, "lix-module": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "flakey-profile": "flakey-profile", "lix": "lix", "nixpkgs": [ @@ -309,13 +373,34 @@ "type": "github" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729742964, + "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nixos-hardware": { "locked": { - "lastModified": 1745955289, - "narHash": "sha256-mmV2oPhQN+YF2wmnJzXX8tqgYmUYXUj3uUUBSTmYN5o=", + "lastModified": 1750837715, + "narHash": "sha256-2m1ceZjbmgrJCZ2PuQZaK4in3gcg3o6rZ7WK6dr5vAA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "72081c9fbbef63765ae82bff9727ea79cc86bd5b", + "rev": "98236410ea0fe204d0447149537a924fb71a6d4f", "type": "github" }, "original": { @@ -371,11 +456,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1746285430, - "narHash": "sha256-2Kxw5SNKpU8X7doQaMYVhBtqmq9oZI1ki9kcY7R+meo=", + "lastModified": 1750919644, + "narHash": "sha256-hg9VD07cm6h3O/0XzsUFE7kxQ/AwQg2RfeXVL0R5FyQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cba47ec8b1b7c7c9b907741d0d4584a3b54a032e", + "rev": "140884500627ccdb4a9a700e9d6bc11ce3f6016b", "type": "github" }, "original": { @@ -385,13 +470,29 @@ "type": "github" } }, - "nixpkgs_2": { + "nixpkgs-stable": { "locked": { - "lastModified": 1746183838, - "narHash": "sha256-kwaaguGkAqTZ1oK0yXeQ3ayYjs8u/W7eEfrFpFfIDFA=", + "lastModified": 1724316499, + "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bf3287dac860542719fe7554e21e686108716879", + "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1750646418, + "narHash": "sha256-4UAN+W0Lp4xnUiHYXUXAPX18t+bn6c4Btry2RqM9JHY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "1f426f65ac4e6bf808923eb6f8b8c2bfba3d18c5", "type": "github" }, "original": { @@ -436,11 +537,11 @@ "pandoc-latex-template": { "flake": false, "locked": { - "lastModified": 1745688227, - "narHash": "sha256-N1F9l8eAdtB1RoPFIrQRkwUvzxgWHwfVnOEP2QMLQTQ=", + "lastModified": 1750533038, + "narHash": "sha256-EBfgEPUmV0yoKZrnbYWi9BvBGxeYxs3KKVDJD63iQgQ=", "owner": "Wandmalfarbe", "repo": "pandoc-latex-template", - "rev": "62377f36a0ce5b48281e5ee51cb4eef364162037", + "rev": "41daecb19b5e7cf2af13174857d3ec8bc4e6586b", "type": "github" }, "original": { @@ -450,17 +551,12 @@ } }, "quadlet-nix": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, "locked": { - "lastModified": 1743361017, - "narHash": "sha256-RELV9YxfhwjuN4edtVmpupVvHUiWu/KuF4mqzU+neYE=", + "lastModified": 1749099346, + "narHash": "sha256-5gi/YaLVsFztGvVH45eB6jsBmZf+HnvDeSA9RXUqbcY=", "owner": "SEIAROTg", "repo": "quadlet-nix", - "rev": "971479231c7dd2433954dd26c240e1bdc5bd9849", + "rev": "d4119a3423f938427252ba8bbdbe8ce040751864", "type": "github" }, "original": { @@ -472,6 +568,7 @@ "root": { "inputs": { "agenix": "agenix", + "attic": "attic", "darwin": "darwin_2", "helix": "helix", "home-manager": "home-manager_2", @@ -535,11 +632,11 @@ "spoons": { "flake": false, "locked": { - "lastModified": 1740689981, - "narHash": "sha256-NCKuBg7opn8BeP1FTpG0cchYdjlea6sbAaVpX6OApxg=", + "lastModified": 1747090751, + "narHash": "sha256-ZRSRb2QW8hrTkdCg5xezF09DntPocE842rc4ZKt7aHY=", "owner": "Hammerspoon", "repo": "Spoons", - "rev": "95958fc6091491e8269ec2dfc6b97d4a91af9205", + "rev": "e5b871250346c3fe93bac0d431fc75f6f0e2f92a", "type": "github" }, "original": { @@ -593,24 +690,9 @@ "type": "github" } }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "utils": { "inputs": { - "systems": "systems_4" + "systems": "systems_3" }, "locked": { "lastModified": 1731533236, @@ -628,7 +710,7 @@ }, "wired": { "inputs": { - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "nixpkgs": [ "nixpkgs" ], @@ -694,11 +776,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1746285501, - "narHash": "sha256-fcluUtvf3OPS3qi0TzC2HH+KXTHvjpRTR9sgx29RDRg=", + "lastModified": 1750907909, + "narHash": "sha256-2WzRZLFUlu13iRGsP+tsaJhCOUESmL8gKtT7zY14TzE=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "de1d2504a615e890a4e9bd3ce35f6293185ba2d9", + "rev": "ac0fcd7e963dce814b69cbedc4d510a95094cc15", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index e4b3fc97..ed91eef1 100644 --- a/flake.nix +++ b/flake.nix @@ -33,6 +33,8 @@ wired.inputs.nixpkgs.follows = "nixpkgs"; wired.url = "github:Toqozz/wired-notify"; zen-browser.url = "github:0xc000022070/zen-browser-flake"; + attic.url = "github:zhaofengli/attic"; + attic.inputs.nixpkgs.follows = "nixpkgs"; kmonad = { diff --git a/hosts/ds9/attic.nix b/hosts/ds9/attic.nix new file mode 100644 index 00000000..ba0e3e6d --- /dev/null +++ b/hosts/ds9/attic.nix @@ -0,0 +1,50 @@ +{ + config, + pkgs, + lib, + inputs, + ... +}: +{ + # imports = [ inputs.attic.nixosModules.atticd ]; + ragon.agenix.secrets.ds9AtticEnv = { }; + ragon.persist.extraDirectories = [ + "/var/lib/atticd" + ]; + + services.atticd = { + enable = true; + + # Replace with absolute path to your environment file + environmentFile = config.age.secrets.ds9AtticEnv.path; + + settings = { + listen = "[::]:8089"; + + jwt = { }; + + # Data chunking + # + # Warning: If you change any of the values here, it will be + # difficult to reuse existing chunks for newly-uploaded NARs + # since the cutpoints will be different. As a result, the + # deduplication ratio will suffer for a while after the change. + chunking = { + # The minimum NAR size to trigger chunking + # + # If 0, chunking is disabled entirely for newly-uploaded NARs. + # If 1, all NARs are chunked. + nar-size-threshold = 64 * 1024; # 64 KiB + + # The preferred minimum size of a chunk, in bytes + min-size = 16 * 1024; # 16 KiB + + # The preferred average size of a chunk, in bytes + avg-size = 64 * 1024; # 64 KiB + + # The preferred maximum size of a chunk, in bytes + max-size = 256 * 1024; # 256 KiB + }; + }; + }; +} diff --git a/hosts/ds9/default.nix b/hosts/ds9/default.nix index 86a53c9e..c35000fc 100644 --- a/hosts/ds9/default.nix +++ b/hosts/ds9/default.nix @@ -19,6 +19,8 @@ in ./samba.nix ./paperless.nix ./maubot.nix + ./woodpecker.nix + ./attic.nix ../../nixos-modules/networking/tailscale.nix ../../nixos-modules/services/docker.nix @@ -236,6 +238,14 @@ in handle @mautrix-signal { import podmanRedir http://mautrix-signal:29328 } + @woodpecker host woodpecker.hailsatan.eu + handle @woodpecker { + import podmanRedir http://woodpecker-server:8000 + } + @attic host attic.hailsatan.eu + handle @attic { + reverse_proxy http://[::1]:8089 + } @auth host auth.hailsatan.eu handle @auth { import podmanRedir http://authentik-server:9000 diff --git a/hosts/ds9/woodpecker.nix b/hosts/ds9/woodpecker.nix new file mode 100644 index 00000000..19c653b7 --- /dev/null +++ b/hosts/ds9/woodpecker.nix @@ -0,0 +1,56 @@ +{ + config, + pkgs, + lib, + ... +}: +{ + virtualisation.podman.dockerSocket.enable = true; + ragon.agenix.secrets.ds9WoodpeckerEnv = { }; + ragon.agenix.secrets.ds9WoodpeckerAgentSecretEnv = { }; + virtualisation.quadlet = { + containers = { + woodpecker-server = { + containerConfig.image = "woodpeckerci/woodpecker-server:v3"; + containerConfig.volumes = [ + "woodpecker-server-data:/var/lib/woodpecker" + ]; + containerConfig.networks = [ + "woodpecker-net" + "podman" + ]; + containerConfig.environments = { + WOODPECKER_HOST = "https://woodpecker.hailsatan.eu"; + WOODPECKER_OPEN = "false"; + }; + containerConfig.environmentFiles = [ + config.age.secrets.ds9WoodpeckerEnv.path + config.age.secrets.ds9WoodpeckerAgentSecretEnv.path + ]; + }; + woodpecker-agent = { + containerConfig.environmentFiles = [ + config.age.secrets.ds9WoodpeckerAgentSecretEnv.path + ]; + containerConfig.image = "woodpeckerci/woodpecker-agent:v3"; + containerConfig.volumes = [ + "woodpecker-agent-config:/etc/woodpecker" + "/var/run/docker.sock:/var/run/docker.sock" + ]; + containerConfig.environments = { + WOODPECKER_SERVER = "woodpecker-server:9000"; + }; + containerConfig.networks = [ + "woodpecker-net" + ]; + }; + }; + networks = { + woodpecker.networkConfig = { + ipv6 = true; + name = "woodpecker-net"; + internal = false; + }; + }; + }; +} diff --git a/hosts/picard/xynospace-matrix.nix b/hosts/picard/xynospace-matrix.nix index 97c94245..c30e08fc 100644 --- a/hosts/picard/xynospace-matrix.nix +++ b/hosts/picard/xynospace-matrix.nix @@ -79,6 +79,7 @@ in settings.database.args.password = "synapse"; settings.app_service_config_files = [ "/var/lib/signalbot.yaml" + "/var/lib/doublepuppet.yaml" ]; settings.listeners = [ { diff --git a/secrets/ds9AtticEnv.age b/secrets/ds9AtticEnv.age new file mode 100644 index 0000000000000000000000000000000000000000..904351db3c1c69bfd548fe3a4dd5156dbaee6f78 GIT binary patch literal 5238 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlOp2&TD_8K(b1!qQ za`iR$aWcv-3`$RmjEKy!%*_uhF7Zi>NUaPHa(4|5HS#nMOy??c@yjg?@XqjeayIoT z%*(IP4$ZF$*AL5bPBNIz<{e*yEw!*+^yU-F`~*jydXa{z&}sB z(ka8VI5Q_8GQ_mNw_Lx-w>Z?;Eg9Xm&``^uU`K`g@Y4MJ$l#L9q6ibqD0i0tOW%Mj zgFG{H-?A$2>?{wbP(PpGsIW9wBVVo%!?0rWfRN_|BOEO<%^ZD;%Kd{< zbKMHE^u7HuGmOF_e7W2UD>HJ^gF<~$y)$yW{VKhST#M5^qKpIm3e6I$@(K(r+zT^; zl8v>^4AA`+kyqyBU9O;?Y*dz2W#N=um>J+-R-By}5R&eer0tp(;gTPa>XG4JS{Uf# zndMvT>d94MWK`%K9988X=%-)lm+GAs7FKF%QQ%gXV^&_^Y*AhimKc=eY;IWP<%({b zxu1`zU%En3KxuYWs98y}MXqaUx=CSFv4=-cS&naBP+oCCV0LkeXOLk;vX6;*W-*ty zg}$keiAAt`P*rG1V3uQrb5^BauunvCeq~C9o4;j1rg>4GOG#>^MJT#$rolNmMu7@W z-T|I2IYv1?`A!jOL8<0ZSy3egzF9dLUgafT8Byj1i6OZeiD|BW?&Vxne(6;?ewM`^ zCOOWj2F^xh1tDf;iB3V8`eklq{uxD8QNiJ1p&_AW+9q7Oy1EMPMn=g7=0zE~+FnsX z7FlJE!CpB@{>5$)rj^>+DM{{L7A{fw`UQqnUZGq%{zN9X4w&qO# zPR;1k61_RWTh4!s_$2i)s`}L?$#&CYvz9Y59y;}|Wztlk)9j(#i!S$>D6$;&J9Siq zZ|U9@kBT_+zO4S;RFLsEkyCUrSK8Zlxpy@mX7DB6-8t{f=gkurygQ$u9QW^{85j4f z<%V}XKgyI%^>9dy}c~DuwT9^R^?L z)=MW{y7uE|&l=IK*$?GnzbQXCcC_vj`}>_z-hFEFGA@x^(mo8omMYBt+iWd$_vutc z%f1s_-sijnqSX$BZCffQ8(6SB(@FN|$K*<-J=N;Z8ooR|U%Pt8`I(h-TuhUDf4Q-w zuAY8t_7SJq93cnVc5$o_ZR@{i<5It|NSJHawerK)Qc6Nru_V2DP`*6r4!cIJ^L9b` z>TdH)wik;uzX;@s=C+6GdQZRm;7;N!JJwfUos^#M3pzDz;pBLxBdj$ymTBuRcUt~& z(a)U%nmKcHjm`9DIxX7JxZ>>dfL}+O9!93sX+IRa{Nb+iV`!5?9)xI$ZF?<(S z{Uf&ObV%v4bphrdd}Ai1pYyAGC#Ul>{f7AZ_597Yd{-+n9^DQO+Ol)&A}^s{URHmL zEss8y{!Ud`aOGxvU+((A@&^l+9GZ21?t}lgR2RGc*(mfpVajv4*jdwZL)=brDo5pP zUT)62OYyA4R{6z-Ef1IuEuAjb-MI1Y;%$$GZce(ouqHzPhZ&2-J>K|M!%1)6S$KG# zF}Zqn#h2eE_dKr_X^7n@D^W0i_Up{PZj0`nf*W=&zo_SX&Es5&I;-H*xL~ujp@%-% znl_6WE%fSmwbN?Or(CNEn_tI77Uy|cbtJo-&R0J7`-bD?V#oFQjoqis3#P|Ah2K8# zl3ncAl3hC-OO0e7>umkm24~9lJYQK;#I*b0o4}uSXLj74 zBIlRwpLI@>_Wt%S=Pz|nJsIYlP+|M}q5sp*tUZF(XTHsokz4%yUH`VrvIdia^Ur2I zW_dZ=2bYFS{(F;6%qBwWn?$PAv1m$%r@d9vfT)-m?wJ~k=!KUXYYEh3_5 ztZ0A!&>=goiT5|&TxjFLeS2ZNSk8yUdeJLO?*Cm;z4Sonbo1GLr;klAKO|Q&G4cOz z&6N#{1RweRNqD)tzri?F;}z%o+Nr*0^D8;44#>||ySiMIN3(qOy19GQ3-?Et-*vso zcF}I`rI)>{FPyq_D1L(OJ-^MK5*-?LKTZ{`;#8O;`@%ub_{YJrJj1CoC%rb&EiIbp zA7IY&oGrXRJX)-Ld->e1pU>+5IEIAW&A00a@4w>ynwR73QfrlH_wT~Sr_T5{if`uk zj9PPNwZg+E_FGLf&zkMr#?^6#i$S(}?Izzc))${voX_rkCjVCIv6({0;xqHjYWVUT zGnj9foq7E9?!F$s1$Q|a_Qu*pK3K?dpVM}=isj`)Tx~}-X@4}g;!fSW$ANR>Q6~TNBm#1*Y+p#MsJdq;ye8D}<@s;r{R%Sc z9G=^Dxz~EXuzOcOzsRq*^Tnpa3=RMMH#O)@JLXt(>tEqv_3IfoBqx>mFwDIB-Fud< zD{uPNM~!Oni=#^RN5{@JiCQyBm%U?aQeQkj!}ehN9off@2P<62dbli4ddsz~e}0{; z_@TKWa!c1AkEQuMg1+e!{?|xr_b(ECqwH)hwq~#7V$*r?>q@pW^OtE{cs(cnuW7Nf zirR%Ap8DJpUU$Qsmc-A>7Bnx8KXB}isIy#ZR!7~D=$(okrz`qi?rC4NKuu6o8+8syXS2UbYstBV-8U)Sm5cz zIdQGK?8SvIwS6ikUJ=NdeQ|QRy;R&->_|r1)osExPgd17 z{^>rsVcoX>wc$Yz^V^QQTFeTbKd)Be=t}!Zn_3UqL={A=tCaUUKH2XFvq6&G<^=)o z9^MF&zF~L&{I52haDnJ2|F#<6y32e>$o);j(@8#Qhn{L2;$9|ib@XqH%yh3B7uItJ zH(xWktdO_Rby>9D)q~r-LLP?v+^2NvWO2}mUM^$#Zqb)At7c4H=#jNrO{l?0WNn#Q zE$6}@V~(>IC%KvaUhY2k^1An@BvV38#t5wpbuO!m=)LzK=E_IsP?o(n<$JXftCIag zI#1g#e(AAb!j!84Pnm^(Tsq%ip>NLdA!gmDpR7#hZpy{~@)U_z_2`|%Yh-oW`o|K} ze_bIj9vpvUT2rsaHRnL&0h?__!GW3iOh#`nd3Ef=*|qw5?oU}^E~X7TLMlJ0>Bc@2{}t5qUZBHF zkCmmuO~3DfL9zbayF1pH-AHz&C`FvNn53|E-u~}Qh6yM$am_wPshht_IbAI2h%eLzBzsjR`{=Gc0PANeq_wys;$TxdBm|hvrwf^`^v%lW) zgW#OD{|C5Ms&l+Lmn_Hl;(dLZ-pT;+_m97SxcGdn_oFnOjjPwa?l%c!4in>_efow? zVyyGB#6}gV6MF=I&b|`bJ9q!b**ZJQcI-N|wr#)2YUy8U8vgsQtczH6O5xNUW%2j= ztX%&ymF#nfJ?h95)HRpvV=dKn{oonOfWn5~veBy^j z0b$3W1l`52*{6OvI`3&@so@Q$?fa_ss$3P(bQ0)uT$<^)pncjjWr#Nyav=qoave0k1#_E##LZ^CG zm%f4Jw*y*?0wpS|zE8TM+af3SXng>q{~oVz3-6!1Ho;OWe75l0Ru9=E!FAzt&d6@# z&$lVNwa4`8{9UgsYQD=!n`C`d=RG0n|8ieP?QbEy(q|i3&IB>7m7d|TchjlVpoH&x z=ERlFj-JYO|BLs%Ypnmd6*Y~SgDlHd_k`Ww)6$ajHe0P&vbkr0yVBJ3JMO)6re!)! zS(N?oa=p;cg6}fR_wg)ZJ9FdSmTRlOl}^!Xxx9Lx=%baA%s(bP>Jkgwr^05jsYvmC z3;S9|`Mbj9D$D9BbHl_heYyCE>qFiXhRX*dP5YL-UhvSZxr5_#!*yT&ZbQ~Er$={+ zS2O(iY#e7=+P&@b?U)Fg&t<;(Gx=q6CWO{*lYV|&zm!}4b!0que9Gg8u4Xs$j?HTI z+BWCWVqUQtF5N(nlpAIzub&l+y|P1pgOzO&GxLGz?;7vgB*&^0Tj+JS{Zh$1|3KAs zUd7vX70c*d#d`M)c;>MO)TTY0Cg`Tq{!1!i^{%(FpUkUyzqlo6N8fwzr*dwK_h0r4 zSD&5>zTWKMFY>Tr=CSyK*->}@EQ~y1khv~n@~ykVM!sDOsvaKTme`T0`PK1u+PA+a zEEQ8s&&)j6vp!&!|7YLL?Bz1~+m_t2xwKC7xe@=~OJ%#fHm{jH?Q})+qz~0`w}lV= z3tsPYp|^BpXuIZ7M)ohW0`LDRuSnv2XtHHV+_4C!S=XoRny7v_Gd%5uoV0TN7n`K$ zw%kn<=81}CecdYK>88HlFwLELM%j_?-*^TeyQ76Xqs~+eGj0O#JutnYB^&=0`bhF}f979;%+) z@~7e6AL0G>DHUr{`BnBDkt%p#(ips~{_?KhBG%IkPezHHnD}6#2QbM_M{9c0039U~#|3 z^xGD)Hf6Fbg{GHZvbKFbwa{?q;puxax@#|13st}TA>y*|?B%FRdndUyn=8&fI%_iR z{I$#BC0#mg5)rROUSI#EZ`-{-Gbzcrk*8qJLb=;C-wK8wI$*Lb#X8xEubZQ(QE&BH z-J+|`-Z$rJ3mh=`8xwmt=D78}7=7Kk;*Qxjy7x2m_SEu47?sT3allk}E* zpBWdQ+W)*+)nmW(q0h^Ccc_&5rTX>V7j@8UkGB_YR4$j^D!9I_X%e-YR8hAugC88Eb*;yUJ`L!W<&7azjm?GY5HRMG z*S2f_iR|*|(fN1W*6S&&>y#(izBAh%JUM#cnCp@xYftYfhguh@Ej*!STCuA8d63&F q&l?X+FNiSqlup)bXe~-zGG8YpY}a+E&Aj`k{dG9{DgD^LdEx+1nT6N@ literal 0 HcmV?d00001 diff --git a/secrets/ds9WoodpeckerAgentSecretEnv.age b/secrets/ds9WoodpeckerAgentSecretEnv.age new file mode 100644 index 00000000..d141eeb7 --- /dev/null +++ b/secrets/ds9WoodpeckerAgentSecretEnv.age @@ -0,0 +1,17 @@ +age-encryption.org/v1 +-> ssh-ed25519 IbXxfw SjzxHVWvKSnbW83QZzp5i2il5n0LLvPDTyJD2SVIU2c +j6sZUs1Eo1sjhUT4ZHmSIeL8QdOK8opjDoiewnZmdyI +-> ssh-ed25519 ugHWWw akRT2dK4KjtgzvG/xLYXVC5U8YWDgYEQuwLYncTKk2s +DGVW7rQgD722uAiryOA+kpTsOVRgdrjXmAoBJuWBGVQ +-> ssh-ed25519 UU9RSA JmAk3ffD6a8zDRmp/FtPVmpHutsQvdL8iVIzK5HdUEY +BWD5ca7hRpkprARNoGrTpWkM1eRiCPBCNabS4gdqhU4 +-> ssh-ed25519 RJI3BA qa4O8TgwhLJdLe5Igf87xmpeO6Rq2Gxd140nkfZCZnQ +FszThW4+tCudV7PV7wONjmrNgWWvdDn5KJ7HXPBDR88 +-> ssh-ed25519 XnvJKw /LX96f7WoqTMsIHKRLBLA5s5+Y8Dko3wtU0n1OAFO0U +e9Y46hS+988H+CHrKlbU6nqsCxz10zJVGtK1qVtKbxY +-> ssh-ed25519 7NL5Ng 43FauFz7tPtAcCdAZHFVEPvhi0UDnwUk2w1QVp147CE +37m19iWIYG7d/ETzWM57I8vDsXLMuuDvDnKhF0WnNH0 +-> ssh-ed25519 5Sll2Q tuTKruUoFDBX2AEyDzQw16c/73GIUC7PttpfyZiEzQ8 +a+TfCkc0/khVSB94xKch38NYMV+JHLlweKxkcP49s14 +--- A4gf6A8kypnziBO/rVhywNnJQO8jdhD8WxVDfn42Wlk +'AF'_.(˰ri㘗B̑޲eъb]6RF"[ﯝT"2`2m9mh5/=iC1(881-pr♡eg$& \ No newline at end of file diff --git a/secrets/ds9WoodpeckerEnv.age b/secrets/ds9WoodpeckerEnv.age new file mode 100644 index 00000000..198ccee4 --- /dev/null +++ b/secrets/ds9WoodpeckerEnv.age @@ -0,0 +1,17 @@ +age-encryption.org/v1 +-> ssh-ed25519 IbXxfw bst8nu5qPfJsRonQbkfvLT6CXfTxTidFzdDOeHTSTEc +y5lD9I45fTwlrm8aKOX0Vxu8cdrQpXH7SF3jw6MRblQ +-> ssh-ed25519 ugHWWw m4B+pX2D7/BxwRg2AHVQW8m7MQa7COhHoD7SHvV8PgA +CtLxr9HLw28EhqT6F8h9TMGGH7pTTY4ZBj1MS2b4EUg +-> ssh-ed25519 UU9RSA 1J8vGSpd5ohxjdLEXMQAC242lKs/tv2h06ma8Y4rJ14 +Sj43KHSI/ZLJuSPx2jMr2hTIMt9WhngH8sxZW3JwYas +-> ssh-ed25519 RJI3BA 3+M0ALiSX9Oyr8FmhisxabGagnjq+11J4mjABgRxljg +J9ElH2kMobFXT71Z5IAAZWvxxzgeex20k4UJMirUp4M +-> ssh-ed25519 XnvJKw PnzDy4O22UR76vjvAEY2edJ/8PPgiMq8YOX4eJH91DU +3EUYb22GYa4+srs2xsoiNum2Q6UBilVJCiIOXbfK3MY +-> ssh-ed25519 7NL5Ng W/khHlFSgF6Gej/JwoeWXfz/3RcVu8ZD6R3Z/W7Y9xc +7vfzgvHq3UcpBjbcJ8MrMgYulsXvnN4M6cesQydrw0A +-> ssh-ed25519 5Sll2Q 8ggz1M9F0+wtPG7tLKXmVWSM86Sd7JbKBS+77eicY0M +SYEfYMxCVOaqOczKxSRWZqufqOoG7WERSRF3M5/pVzA +--- AtKAPGRKe7K9srcRpuG86C55PDQhQhKZJcTnEo9J/og +q36ҍrmyea\ǶE%~X2&u (ki!KYv&]]B?7b=B0Rh~{T/Bsx'ZEws [#/-%&,IkG4紜zಓ dr+2EǷZif\]7_zQ#8Hb/ʰ"̀ ^!J? \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 2fa5ed5a..d2c45738 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -21,6 +21,9 @@ in "ds9PostgresEnv.age".publicKeys = pubkeys.ragon.host "ds9"; "ds9ImmichEnv.age".publicKeys = pubkeys.ragon.host "ds9"; "ds9AuthentikEnv.age".publicKeys = pubkeys.ragon.host "ds9"; + "ds9WoodpeckerEnv.age".publicKeys = pubkeys.ragon.host "ds9"; + "ds9AtticEnv.age".publicKeys = pubkeys.ragon.host "ds9"; + "ds9WoodpeckerAgentSecretEnv.age".publicKeys = pubkeys.ragon.host "ds9"; "ds9PartDbEnv.age".publicKeys = pubkeys.ragon.host "ds9"; "ds9AuthentikLdapEnv.age".publicKeys = pubkeys.ragon.host "ds9"; "gatebridgeHostKeys.age".publicKeys = pubkeys.ragon.server;