DGNum/infrastructure
11
6
Fork 2
Code Issues 21 Pull requests 19 Projects 1 Releases Packages Wiki Activity Actions

Compare commits

base: DGNum:main
Branches Tags
DGNum:main
DGNum:npins-updates/nixos-unstable
DGNum:npins-updates/nixos-24.11
DGNum:npins-updates/proxmox-nixos
DGNum:npins-updates/nixos-generators
DGNum:npins-updates/lix
DGNum:vault01-isp
DGNum:meta-isp
DGNum:npins-updates/git-hooks
DGNum:npins-update
DGNum:openwrt-exporter
DGNum:nix-lib
DGNum:npins-updates/colmena
DGNum:npins-updates/nix-actions
DGNum:mdebray/ap-dev
DGNum:ap-poc-v01
DGNum:ap01-prepare-poc
DGNum:netconf-profiles
DGNum:vault01-mtu
DGNum:meta_rework_bis
DGNum:meta_rework
DGNum:reuse
DGNum:mdebray/overlay
DGNum:django-apps-overlays
DGNum:testing02
DGNum:hypervisor
DGNum:ap01-vlan
DGNum:colmena-liminx-ng
DGNum:declarative-buckets
DGNum:victoria-metrics
DGNum:mattermost
DGNum:init-dgnum-page
DGNum:takumi-can-do-ollama
DGNum:colmena-liminix
DGNum:poc-v1.0
..
compare: DGNum:mdebray/overlay
Branches Tags
DGNum:npins-updates/nixos-unstable
DGNum:npins-updates/nixos-24.11
DGNum:npins-updates/proxmox-nixos
DGNum:npins-updates/nixos-generators
DGNum:npins-updates/lix
DGNum:main
DGNum:vault01-isp
DGNum:meta-isp
DGNum:npins-updates/git-hooks
DGNum:npins-update
DGNum:openwrt-exporter
DGNum:nix-lib
DGNum:npins-updates/colmena
DGNum:npins-updates/nix-actions
DGNum:mdebray/ap-dev
DGNum:ap-poc-v01
DGNum:ap01-prepare-poc
DGNum:netconf-profiles
DGNum:vault01-mtu
DGNum:meta_rework_bis
DGNum:meta_rework
DGNum:reuse
DGNum:mdebray/overlay
DGNum:django-apps-overlays
DGNum:testing02
DGNum:hypervisor
DGNum:ap01-vlan
DGNum:colmena-liminx-ng
DGNum:declarative-buckets
DGNum:victoria-metrics
DGNum:mattermost
DGNum:init-dgnum-page
DGNum:takumi-can-do-ollama
DGNum:colmena-liminix
DGNum:poc-v1.0

5 commits
main ... mdebray/ov

Author SHA1 Message Date
sinavir
f643950f10
feat(nix-pkgs): use overlay
All checks were successful
Check meta / check_dns (push) Successful in 15s
Details
Check meta / check_meta (push) Successful in 15s
Details
Run pre-commit on all files / pre-commit (push) Successful in 23s
Details
2025-01-16 11:37:10 +01:00
sinavir
953c749873
chore: Refactor meta to a module architecture 
Get rid of the weird half nix half module stuff.
 2025-01-16 11:31:43 +01:00
sinavir
d6bf6f6d7f
chore(lib): Clean instanciation
All checks were successful
Check meta / check_dns (pull_request) Successful in 16s
Details
Check meta / check_meta (pull_request) Successful in 16s
Details
Check workflows / check_workflows (pull_request) Successful in 17s
Details
Build all the nodes / netcore02 (pull_request) Successful in 21s
Details
Build all the nodes / ap01 (pull_request) Successful in 31s
Details
Check meta / check_dns (push) Successful in 17s
Details
Build the shell / build-shell (pull_request) Successful in 24s
Details
Run pre-commit on all files / pre-commit (pull_request) Successful in 27s
Details
Check meta / check_meta (push) Successful in 15s
Details
Run pre-commit on all files / pre-commit (push) Successful in 23s
Details
Build all the nodes / hypervisor01 (pull_request) Successful in 1m45s
Details
Build all the nodes / geo01 (pull_request) Successful in 1m48s
Details
Build all the nodes / build01 (pull_request) Successful in 1m55s
Details
Build all the nodes / web02 (pull_request) Successful in 1m54s
Details
Build all the nodes / storage01 (pull_request) Successful in 2m1s
Details
Build all the nodes / tower01 (pull_request) Successful in 4m51s
Details
Build all the nodes / hypervisor02 (pull_request) Successful in 5m26s
Details
Build all the nodes / vault01 (pull_request) Successful in 5m21s
Details
Build all the nodes / web03 (pull_request) Successful in 5m20s
Details
Build all the nodes / geo02 (pull_request) Successful in 5m37s
Details
Build all the nodes / hypervisor03 (pull_request) Successful in 5m45s
Details
Build all the nodes / bridge01 (pull_request) Successful in 5m50s
Details
Build all the nodes / rescue01 (pull_request) Successful in 5m58s
Details
Build all the nodes / web01 (pull_request) Successful in 6m28s
Details
Build all the nodes / compute01 (pull_request) Successful in 6m45s
Details
2025-01-16 11:31:26 +01:00
sinavir
0a43b6295a
chore: Refactor meta to a module architecture 
Get rid of the weird half nix half module stuff.
 2025-01-16 11:31:26 +01:00
sinavir
91db6763d6
feat(keys): Move keys to meta 
chore: revert meta stuff
 2025-01-16 11:20:49 +01:00
141 changed files with 1672 additions and 3356 deletions
Show stats Expand all files Collapse all files

22
.forgejo/workflows/eval-nodes.yaml
View file

@ -100,28 +100,6 @@ jobs:
STORE_USER: admin
name: Build and cache hypervisor03
run: nix-shell -A eval-nodes --run cache-node
netaccess01:
runs-on: nix
steps:
- uses: actions/checkout@v3
- env:
BUILD_NODE: netaccess01
STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
STORE_USER: admin
name: Build and cache netaccess01
run: nix-shell -A eval-nodes --run cache-node
netcore01:
runs-on: nix
steps:
- uses: actions/checkout@v3
- env:
BUILD_NODE: netcore01
STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
STORE_USER: admin
name: Build and cache netcore01
run: nix-shell -A eval-nodes --run cache-node
netcore02:
runs-on: nix
steps:

29
.forgejo/workflows/npins-update.yaml
View file

@ -325,35 +325,6 @@ jobs:
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
kat-pkgs:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/kat-pkgs
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update kat-pkgs'
GIT_UPDATE_BRANCH: npins-updates/kat-pkgs
name: Open a PR if updates are present
run: "npins update kat-pkgs\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n\
\ echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\n\
\ if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
liminix:
runs-on: nix
steps:

8
REUSE.toml
View file

@ -20,13 +20,7 @@ precedence = "closest"
[[annotations]]
SPDX-FileCopyrightText = "2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>"
SPDX-License-Identifier = "EUPL-1.2"
path = ["machines/nixos/compute01/ds-fr/01-smtp-tls.patch", "machines/nixos/compute01/librenms/kanidm.patch", "machines/nixos/compute01/stirling-pdf/*.patch", "machines/nixos/vault01/k-radius/packages/01-python_path.patch", "machines/nixos/web01/crabfit/*.patch", "machines/nixos/web02/cas-eleves/01-pytest-cas.patch", "patches/lix/01-disable-installChecks.patch", "patches/nixpkgs/01-pretalx-environment-file.patch", "patches/nixpkgs/03-crabfit-karla.patch", "patches/nixpkgs/05-netbird-relay.patch"]
precedence = "closest"
[[annotations]]
SPDX-FileCopyrightText = ["2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>", "2024 Maurice Debray <maurice.debray@dgnum.eu>"]
SPDX-License-Identifier = "EUPL-1.2"
path = ["patches/nixpkgs/07-kanidm-groups-module.patch", "patches/nixpkgs/08-kanidm-groups-pkgs.patch"]
path = ["machines/nixos/compute01/ds-fr/01-smtp-tls.patch", "machines/nixos/compute01/librenms/kanidm.patch", "machines/nixos/compute01/stirling-pdf/*.patch", "machines/nixos/vault01/k-radius/packages/01-python_path.patch", "machines/nixos/web01/crabfit/*.patch", "machines/nixos/web02/cas-eleves/01-pytest-cas.patch", "patches/lix/01-disable-installChecks.patch", "patches/nixpkgs/03-crabfit-karla.patch", "patches/nixpkgs/05-netbird-relay.patch"]
precedence = "closest"
[[annotations]]

21
default.nix
View file

@ -3,13 +3,9 @@
#
# SPDX-License-Identifier: EUPL-1.2
let
bootstrap = import ./bootstrap.nix;
in
{
sources ? bootstrap.sources,
pkgs ? bootstrap.pkgs,
sources ? import ./sources.nix,
pkgs ? sources.bootstrapNixpkgs,
}:
let
@ -99,22 +95,11 @@ let
"machines/nixos/web01/crabfit/*.patch"
"machines/nixos/web02/cas-eleves/01-pytest-cas.patch"
"patches/lix/01-disable-installChecks.patch"
"patches/nixpkgs/01-pretalx-environment-file.patch"
"patches/nixpkgs/03-crabfit-karla.patch"
"patches/nixpkgs/05-netbird-relay.patch"
];
copyright = "2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>";
}
{
path = [
"patches/nixpkgs/07-kanidm-groups-module.patch"
"patches/nixpkgs/08-kanidm-groups-pkgs.patch"
];
copyright = [
"2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>"
"2024 Maurice Debray <maurice.debray@dgnum.eu>"
];
}
{
path = [ "patches/nixpkgs/06-netbox-qrcode.patch" ];
copyright = "2024 Maurice Debray <maurice.debray@dgnum.eu>";
@ -184,7 +169,7 @@ in
{
nodes = builtins.mapAttrs (
host: { site, ... }: "${host}.${site}.infra.dgnum.eu"
) (import ./meta/nodes);
) (import ./meta/nodes.nix);
dns = import ./meta/dns.nix;

28
hive.nix
View file

@ -9,17 +9,16 @@
let
### Init some tooling
bootstrap = import ./bootstrap.nix;
sources = import ./sources.nix;
lib = sources.fullLib;
inherit (bootstrap.pkgs) lib;
inherit (lib.extra) mapSingleFuse;
inherit (bootstrap) sources;
### Let's build meta
metadata = (import ./meta) lib;
meta = (import ./meta) lib;
nodes = builtins.attrNames metadata.nodes;
nodes = builtins.attrNames meta.nodes;
### Nixpkgs instanciation
@ -43,7 +42,7 @@ let
mkNixpkgsConfig =
system:
{
nixos = _: { }; # TODO: add nix-pkgs overlay here
nixos = _: { overlays = [ (import "${sources.nix-pkgs}/overlay.nix").default ]; };
zyxel-nwa50ax = mkLiminixConfig system;
netconf = _: { };
}
@ -58,8 +57,8 @@ let
# Get the configured nixos version for the node,
# defaulting to the one defined in meta/nixpkgs
version = node: metadata.nodes.${node}.nixpkgs.version;
system = node: metadata.nodes.${node}.nixpkgs.system;
version = node: meta.nodes.${node}.nixpkgs.version;
system = node: meta.nodes.${node}.nixpkgs.system;
category = node: nixpkgs'.categories.${system node};
nodePkgs = node: nixpkgs.${system node}.${version node};
@ -68,12 +67,12 @@ let
# Function to create arguments based on the node
#
mkArgs = node: rec {
lib = sourcePkgs.lib.extend bootstrap.overlays.lib;
lib = sourcePkgs.lib.extend sources.libOverlay;
sourcePkgs = nodePkgs node;
meta = metadata;
inherit meta;
nodeMeta = metadata.nodes.${node};
nodeMeta = meta.nodes.${node};
nodePath = "machines/${category node}/${node}";
};
@ -94,10 +93,7 @@ in
specialArgs = {
inherit nixpkgs sources;
dgn-keys = import ./lib/keys {
meta = metadata;
inherit lib;
};
dgn-keys = import ./lib/keys { inherit meta lib; };
};
nodeSpecialArgs = mapSingleFuse mkArgs nodes;

8
keys.nix
View file

@ -3,11 +3,11 @@
# SPDX-License-Identifier: EUPL-1.2
let
bootstrap = import ./bootstrap.nix;
sources = import ./sources.nix;
inherit (bootstrap.pkgs) lib;
lib = sources.fullLib;
meta = (import ../meta lib).config;
meta = import ./meta lib;
in
import ./lib/keys { inherit meta lib; }

2
lib/colmena/wrapper.sh.in
View file

@ -28,4 +28,4 @@ if [[ $1 == 'apply' ]]; then
doChecks
fi
exec @colmena@ --nix-option nix-path "" "$@"
exec @colmena@ "$@"

22
lib/keys/default.nix
View file

@ -5,42 +5,36 @@
# SPDX-License-Identifier: EUPL-1.2
{ meta, lib }:
let
inherit (lib.extra) setDefault unique;
getAttr = lib.flip builtins.getAttr;
in
rec {
_memberKeys = builtins.mapAttrs (_: v: v.sshKeys) meta.organization.members;
_builderKeys = builtins.mapAttrs (_: v: v.builderKeys) meta.organization.members;
_nodeKeys = builtins.mapAttrs (_: v: v.sshKeys) meta.nodes;
# Get keys of the users
getMemberKeys = name: builtins.concatLists (builtins.map (getAttr _memberKeys) name);
# Get builder keys of the users
getBuilderKeys = getAttr _builderKeys;
# Get keys of the ssh server
getNodeKeys = name: builtins.concatLists (builtins.map (getAttr _nodeKeys) name);
# List of keys for the root group
rootKeys = getMemberKeys meta.organization.groups.root;
# All admins for a node
getNodeAdmins = node: meta.organization.groups.root ++ meta.nodes.${node}.admins;
# All keys needed for secret encryption
getSecretKeys = node: unique (getMemberKeys (getNodeAdmins node) ++ getNodeKeys [ node ]);
# All keys that can access a node
getNodeKeys' =
node:
let
names = meta.nodes.${node}.admins;
in
unique (getMemberKeys names ++ getNodeKeys [ node ]);
# List of keys for all machines wide secrets
machineKeys = rootKeys ++ (getNodeKeys (builtins.attrNames meta.nodes));
mkSecrets = nodes: setDefault { publicKeys = unique (builtins.concatMap getSecretKeys nodes); };
mkRootSecrets = setDefault { publicKeys = unique rootKeys; };
mkSecrets = nodes: setDefault { publicKeys = unique (builtins.concatMap getNodeKeys' nodes); };
machineKeysBySystem =
system:

18
lib/nix-lib/default.nix
View file

@ -49,24 +49,6 @@ rec {
attrsList:
fuseAttrs (builtins.map f attrsList);
/*
Generate an `attrsList` of given size with the generator before fusing
the resulting list of attribute sets.
Type: (Int -> attrs) -> Int -> attrs
Example:
f = s: { "a${toString s}" = s + s; }
genFuse f 3
=> { a0 = 0; a1 = 2; a2 = 4; }
*/
genFuse =
# Int -> attrs
f:
# Int
size:
fuseAttrs (builtins.genList f size);
/*
Equivalent of lib.singleton but for an attribute set.

468
lib/nix-lib/nixpkgs.nix Normal file
View file

@ -0,0 +1,468 @@
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
###
# Collection of nixpkgs library functions, those are necessary for defining our own lib
#
# They have been simplified and builtins are used in some places, instead of lib shims.
rec {
/**
Does the same as the update operator '//' except that attributes are
merged until the given predicate is verified. The predicate should
accept 3 arguments which are the path to reach the attribute, a part of
the first attribute set and a part of the second attribute set. When
the predicate is satisfied, the value of the first attribute set is
replaced by the value of the second attribute set.
# Inputs
`pred`
: Predicate, taking the path to the current attribute as a list of strings for attribute names, and the two values at that path from the original arguments.
`lhs`
: Left attribute set of the merge.
`rhs`
: Right attribute set of the merge.
# Type
```
recursiveUpdateUntil :: ( [ String ] -> AttrSet -> AttrSet -> Bool ) -> AttrSet -> AttrSet -> AttrSet
```
# Examples
:::{.example}
## `lib.attrsets.recursiveUpdateUntil` usage example
```nix
recursiveUpdateUntil (path: l: r: path == ["foo"]) {
# first attribute set
foo.bar = 1;
foo.baz = 2;
bar = 3;
} {
#second attribute set
foo.bar = 1;
foo.quz = 2;
baz = 4;
}
=> {
foo.bar = 1; # 'foo.*' from the second set
foo.quz = 2; #
bar = 3; # 'bar' from the first set
baz = 4; # 'baz' from the second set
}
```
:::
*/
recursiveUpdateUntil =
pred: lhs: rhs:
let
f =
attrPath:
builtins.zipAttrsWith (
n: values:
let
here = attrPath ++ [ n ];
in
if builtins.length values == 1 || pred here (builtins.elemAt values 1) (builtins.head values) then
builtins.head values
else
f here values
);
in
f
[ ]
[
rhs
lhs
];
/**
A recursive variant of the update operator //. The recursion
stops when one of the attribute values is not an attribute set,
in which case the right hand side value takes precedence over the
left hand side value.
# Inputs
`lhs`
: Left attribute set of the merge.
`rhs`
: Right attribute set of the merge.
# Type
```
recursiveUpdate :: AttrSet -> AttrSet -> AttrSet
```
# Examples
:::{.example}
## `lib.attrsets.recursiveUpdate` usage example
```nix
recursiveUpdate {
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/hda";
} {
boot.loader.grub.device = "";
}
returns: {
boot.loader.grub.enable = true;
boot.loader.grub.device = "";
}
```
:::
*/
recursiveUpdate =
lhs: rhs:
recursiveUpdateUntil (
_: lhs: rhs:
!(builtins.isAttrs lhs && builtins.isAttrs rhs)
) lhs rhs;
/**
Determine whether a string has given prefix.
# Inputs
`pref`
: Prefix to check for
`str`
: Input string
# Type
```
hasPrefix :: string -> string -> bool
```
# Examples
:::{.example}
## `lib.strings.hasPrefix` usage example
```nix
hasPrefix "foo" "foobar"
=> true
hasPrefix "foo" "barfoo"
=> false
```
:::
*/
hasPrefix = pref: str: (builtins.substring 0 (builtins.stringLength pref) str == pref);
/**
Escape occurrence of the elements of `list` in `string` by
prefixing it with a backslash.
# Inputs
`list`
: 1\. Function argument
`string`
: 2\. Function argument
# Type
```
escape :: [string] -> string -> string
```
# Examples
:::{.example}
## `lib.strings.escape` usage example
```nix
escape ["(" ")"] "(foo)"
=> "\\(foo\\)"
```
:::
*/
escape = list: builtins.replaceStrings list (builtins.map (c: "\\${c}") list);
/**
Convert a string `s` to a list of characters (i.e. singleton strings).
This allows you to, e.g., map a function over each character. However,
note that this will likely be horribly inefficient; Nix is not a
general purpose programming language. Complex string manipulations
should, if appropriate, be done in a derivation.
Also note that Nix treats strings as a list of bytes and thus doesn't
handle unicode.
# Inputs
`s`
: 1\. Function argument
# Type
```
stringToCharacters :: string -> [string]
```
# Examples
:::{.example}
## `lib.strings.stringToCharacters` usage example
```nix
stringToCharacters ""
=> [ ]
stringToCharacters "abc"
=> [ "a" "b" "c" ]
stringToCharacters "🦄"
=> [ "<EFBFBD>" "<EFBFBD>" "<EFBFBD>" "<EFBFBD>" ]
```
:::
*/
stringToCharacters = s: builtins.genList (p: builtins.substring p 1 s) (builtins.stringLength s);
/**
Turn a string `s` into an exact regular expression
# Inputs
`s`
: 1\. Function argument
# Type
```
escapeRegex :: string -> string
```
# Examples
:::{.example}
## `lib.strings.escapeRegex` usage example
```nix
escapeRegex "[^a-z]*"
=> "\\[\\^a-z]\\*"
```
:::
*/
escapeRegex = escape (stringToCharacters "\\[{()^$?*+|.");
/**
Appends string context from string like object `src` to `target`.
:::{.warning}
This is an implementation
detail of Nix and should be used carefully.
:::
Strings in Nix carry an invisible `context` which is a list of strings
representing store paths. If the string is later used in a derivation
attribute, the derivation will properly populate the inputDrvs and
inputSrcs.
# Inputs
`src`
: The string to take the context from. If the argument is not a string,
it will be implicitly converted to a string.
`target`
: The string to append the context to. If the argument is not a string,
it will be implicitly converted to a string.
# Type
```
addContextFrom :: string -> string -> string
```
# Examples
:::{.example}
## `lib.strings.addContextFrom` usage example
```nix
pkgs = import <nixpkgs> { };
addContextFrom pkgs.coreutils "bar"
=> "bar"
```
The context can be displayed using the `toString` function:
```nix
nix-repl> builtins.getContext (lib.strings.addContextFrom pkgs.coreutils "bar")
{
"/nix/store/m1s1d2dk2dqqlw3j90jl3cjy2cykbdxz-coreutils-9.5.drv" = { ... };
}
```
:::
*/
addContextFrom = src: target: builtins.substring 0 0 src + target;
/**
Cut a string with a separator and produces a list of strings which
were separated by this separator.
# Inputs
`sep`
: 1\. Function argument
`s`
: 2\. Function argument
# Type
```
splitString :: string -> string -> [string]
```
# Examples
:::{.example}
## `lib.strings.splitString` usage example
```nix
splitString "." "foo.bar.baz"
=> [ "foo" "bar" "baz" ]
splitString "/" "/usr/local/bin"
=> [ "" "usr" "local" "bin" ]
```
:::
*/
splitString =
sep: s:
let
splits = builtins.filter builtins.isString (
builtins.split (escapeRegex (builtins.toString sep)) (builtins.toString s)
);
in
builtins.map (addContextFrom s) splits;
/**
Remove duplicate elements from the `list`. O(n^2) complexity.
# Inputs
`list`
: Input list
# Type
```
unique :: [a] -> [a]
```
# Examples
:::{.example}
## `lib.lists.unique` usage example
```nix
unique [ 3 2 3 4 ]
=> [ 3 2 4 ]
```
:::
*/
unique = builtins.foldl' (acc: e: if builtins.elem e acc then acc else acc ++ [ e ]) [ ];
/**
Flip the order of the arguments of a binary function.
# Inputs
`f`
: 1\. Function argument
`a`
: 2\. Function argument
`b`
: 3\. Function argument
# Type
```
flip :: (a -> b -> c) -> (b -> a -> c)
```
# Examples
:::{.example}
## `lib.trivial.flip` usage example
```nix
flip concat [1] [2]
=> [ 2 1 ]
```
:::
*/
flip =
f: a: b:
f b a;
/**
`warn` *`message`* *`value`*
Print a warning before returning the second argument.
See [`builtins.warn`](https://nix.dev/manual/nix/latest/language/builtins.html#builtins-warn) (Nix >= 2.23).
On older versions, the Nix 2.23 behavior is emulated with [`builtins.trace`](https://nix.dev/manual/nix/latest/language/builtins.html#builtins-warn), including the [`NIX_ABORT_ON_WARN`](https://nix.dev/manual/nix/latest/command-ref/conf-file#conf-abort-on-warn) behavior, but not the `nix.conf` setting or command line option.
# Inputs
*`message`* (String)
: Warning message to print before evaluating *`value`*.
*`value`* (any value)
: Value to return as-is.
# Type
```
String -> a -> a
```
*/
warn =
# Since Nix 2.23, https://github.com/NixOS/nix/pull/10592
builtins.warn or (
let
mustAbort = builtins.elem (builtins.getEnv "NIX_ABORT_ON_WARN") [
"1"
"true"
"yes"
];
in
# Do not eta reduce v, so that we have the same strictness as `builtins.warn`.
msg: v:
# `builtins.warn` requires a string message, so we enforce that in our implementation, so that callers aren't accidentally incompatible with newer Nix versions.
assert builtins.isString msg;
if mustAbort then
builtins.trace "evaluation warning: ${msg}" (
abort "NIX_ABORT_ON_WARN=true; warnings are treated as unrecoverable errors."
)
else
builtins.trace "evaluation warning: ${msg}" v
);
}

9
lib/nix-patches/default.nix
View file

@ -14,15 +14,12 @@ rec {
{ pkgs }:
rec {
mkUrlPatch =
{
hash ? null,
...
}@attrs:
attrs:
pkgs.fetchpatch (
{
hash = if hash == null then pkgs.lib.fakeHash else hash;
hash = pkgs.lib.fakeHash;
}
// (builtins.removeAttrs attrs [ "hash" ])
// attrs
// (pkgs.lib.optionalAttrs (excludeGitHubManual && !(builtins.hasAttr "includes" attrs)) {
excludes = (attrs.excludes or [ ]) ++ [ "nixos/doc/manual/*" ];
})

29
machines/netconf/netaccess01.nix
View file

@ -1,29 +0,0 @@
# SPDX-FileCopyrightText: 2025 Lubin Bailly <lubin.bailly@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{
dgn-hardware.model = "EX2300-48P";
dgn-isp = {
enable = true;
AP = [
"ge-0/0/0"
"ge-0/0/1"
"ge-0/0/2"
"ge-0/0/3"
"ge-0/0/4"
"ge-0/0/5"
];
admin-ip = "fd26:baf9:d250:8000::2001/64";
};
dgn-interfaces = {
# netcore02
"xe-0/1/0".ethernet-switching = {
interface-mode = "trunk";
vlans = [ "all" ];
};
# debug management
"me0".inet.addresses = [ "192.168.42.6/24" ];
};
}

36
machines/netconf/netcore01.nix
View file

@ -1,36 +0,0 @@
# SPDX-FileCopyrightText: 2025 Lubin Bailly <lubin.bailly@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{
dgn-hardware.model = "EX2300-48P";
dgn-isp = {
enable = true;
admin-ip = "fd26:baf9:d250:8000::100f/64";
};
dgn-profiles."hypervisor" = {
interfaces = [
"ge-0/0/0"
"ge-0/0/1"
"ge-0/0/2"
"ge-0/0/3"
"ge-0/0/4"
"ge-0/0/5"
"ge-0/0/6"
"ge-0/0/7"
];
configuration.ethernet-switching = {
interface-mode = "access";
vlans = [ "hypervisor" ];
};
};
dgn-interfaces = {
"xe-0/2/0".ethernet-switching = {
interface-mode = "trunk";
vlans = [ "all" ];
};
# debug management
"me0".inet.addresses = [ "192.168.2.2/24" ];
};
}

96
machines/netconf/netcore02.nix
View file

@ -2,41 +2,76 @@
#
# SPDX-License-Identifier: EUPL-1.2
{
dgn-hardware.model = "EX2300-48P";
dgn-isp = {
enable = true;
AP = [
# H1-00
"ge-0/0/0"
"ge-0/0/1"
"ge-0/0/2"
"ge-0/0/3"
"ge-0/0/4"
"ge-0/0/5"
# H1-01
"ge-0/0/6"
"ge-0/0/7"
"ge-0/0/8"
"ge-0/0/9"
"ge-0/0/10"
"ge-0/0/11"
# H1-02
"ge-0/0/12"
"ge-0/0/13"
"ge-0/0/14"
"ge-0/0/15"
"ge-0/0/16"
"ge-0/0/17"
let
#TODO: meta
vlansPlan = {
"uplink-cri".id = 223;
"admin-core" = {
id = 3000;
l3-interface = "irb.0";
};
"admin-ap".id = 3001;
"users".id-list = [
{
begin = 3045;
end = 4094;
}
];
admin-ip = "fd26:baf9:d250:8000::1001/64";
"ap-staging".id = 2000;
};
#TODO: additionnal module (always the same for APs)
AP-staging = {
poe = true;
ethernet-switching = {
interface-mode = "access";
vlans = [ "ap-staging" ];
};
};
in
{
vlans = vlansPlan;
dgn-hardware.model = "EX2300-48P";
dgn-interfaces = {
# "ge-0/0/0" = AP-staging;
# "ge-0/0/1" = AP-staging;
# "ge-0/0/2" = AP-staging;
# "ge-0/0/3" = AP-staging;
"ge-0/0/4" = AP-staging;
# "ge-0/0/5" = AP-staging;
# "ge-0/0/6" = AP-staging;
# "ge-0/0/7" = AP-staging;
# "ge-0/0/8" = AP-staging;
# "ge-0/0/9" = AP-staging;
# "ge-0/0/10" = AP-staging;
# "ge-0/0/11" = AP-staging;
# "ge-0/0/12" = AP-staging;
# "ge-0/0/13" = AP-staging;
# "ge-0/0/14" = AP-staging;
# "ge-0/0/15" = AP-staging;
# "ge-0/0/16" = AP-staging;
# "ge-0/0/17" = AP-staging;
# oob
"ge-0/0/42".ethernet-switching = {
interface-mode = "trunk";
vlans = [ "all" ];
};
# AP de test
"ge-0/0/43" = {
poe = true;
ethernet-switching = {
interface-mode = "access";
vlans = [ 4000 ];
};
};
# uplink oob
"ge-0/0/46".ethernet-switching = {
interface-mode = "access";
vlans = [ 222 ];
rstp = false;
};
# ilo
"ge-0/0/47".ethernet-switching = {
interface-mode = "access";
@ -60,9 +95,9 @@
};
# netcore01 (Potos)
"xe-0/1/2".ethernet-switching = {
interface-mode = "trunk";
interface-mode = "access";
vlans = [
"all"
"ap-staging"
];
};
# uplink
@ -71,7 +106,8 @@
vlans = [ "uplink-cri" ];
};
# debug management
# management
"me0".inet.addresses = [ "192.168.42.6/24" ];
"irb".inet6.addresses = [ "fd26:baf9:d250:8000::1001/64" ];
};
}

145
machines/nixos/bridge01/network.nix
View file

@ -3,17 +3,8 @@
#
# SPDX-License-Identifier: EUPL-1.2
{
pkgs,
utils,
lib,
...
}:
let
inherit (lib)
getExe'
;
in
_:
{
networking = {
useNetworkd = true;
@ -23,84 +14,70 @@ in
firewall.allowedUDPPorts = [ 67 ];
};
systemd = {
services."arp-resolve-router" = {
wantedBy = [ "systemd-networkd.service" ];
after = [ "systemd-networkd-wait-online.service" ];
bindsTo = [ "systemd-networkd-wait-online.service" ];
serviceConfig.ExecStart = utils.escapeSystemdExecArgs [
(getExe' pkgs.iputils "ping")
"-c"
1
"10.120.33.245"
];
};
network = {
wait-online.anyInterface = true;
networks = {
"10-enp1s0f0" = {
name = "enp1s0f0";
# description = "To the switch";
networkConfig = {
VLAN = [
"vlan-admin"
];
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
};
"10-eno1" = {
name = "eno1";
# description = "Uplink cri";
address = [
"10.120.33.246/30"
"129.199.195.158/32"
];
routes = [
{
PreferredSource = "129.199.195.158";
Gateway = "10.120.33.245";
}
];
};
"10-vlan-admin" = {
name = "vlan-admin";
# DHCP for the BMC
networkConfig.DHCPServer = "yes";
dhcpServerConfig = {
PoolOffset = 128;
EmitDNS = false;
EmitNTP = false;
EmitSIP = false;
EmitPOP3 = false;
EmitSMTP = false;
EmitLPR = false;
UplinkInterface = ":none";
};
address = [
"fd26:baf9:d250:8000::ffff/64"
"192.168.222.1/24"
systemd.network = {
networks = {
"10-eno1" = {
name = "eno1";
networkConfig = {
VLAN = [
"vlan-admin"
"vlan-uplink-oob"
];
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
# address = [ "192.168.222.1/24" ];
};
netdevs = {
"10-vlan-admin" = {
netdevConfig = {
Name = "vlan-admin";
Kind = "vlan";
};
vlanConfig.Id = 3000;
"10-vlan-admin" = {
name = "vlan-admin";
# DHCP for the BMC
networkConfig.DHCPServer = "yes";
dhcpServerConfig = {
PoolOffset = 128;
EmitDNS = false;
EmitNTP = false;
EmitSIP = false;
EmitPOP3 = false;
EmitSMTP = false;
EmitLPR = false;
UplinkInterface = ":none";
};
address = [
"fd26:baf9:d250:8000::ffff/64"
"192.168.222.1/24"
];
};
"10-vlan-uplink-oob" = {
name = "vlan-uplink-oob";
networkConfig.DHCP = "ipv4";
};
};
netdevs = {
"10-vlan-admin" = {
netdevConfig = {
Name = "vlan-admin";
Kind = "vlan";
};
vlanConfig.Id = 3000;
};
"10-vlan-uplink-oob" = {
netdevConfig = {
Name = "vlan-uplink-oob";
Kind = "vlan";
};
vlanConfig.Id = 500;
};
};
};

13
machines/nixos/build01/nix-builder.nix
View file

@ -5,7 +5,6 @@
{
pkgs,
lib,
dgn-keys,
meta,
...
}:
@ -13,14 +12,6 @@
config = {
dgn-access-control.users = lib.genAttrs meta.organization.groups.nix-builder (u: lib.singleton u);
# FIXME(Raito): this should really go into `dgn-access-control` but I don't
# know what is the desired architecture for it. Leaving it for the people with opinions™.
users.groups.nix-builders = { };
users.users = lib.genAttrs meta.organization.groups.nix-builder (u: {
extraGroups = [ "nix-builders" ];
openssh.authorizedKeys.keys = dgn-keys.getBuilderKeys u;
});
security.pam.loginLimits = [
{
domain = "*";
@ -52,10 +43,6 @@
nrBuildUsers = 128;
settings = {
trusted-users = [
"@wheel"
"@nix-builders"
];
keep-outputs = false;
keep-derivations = false;
use-cgroups = true;

3
machines/nixos/compute01/_configuration.nix
View file

@ -25,14 +25,11 @@ lib.extra.mkConfig {
"kanidm"
"librenms"
"mastodon"
# "netbox"
"nextcloud"
"ollama-proxy"
"outline"
"plausible"
"postgresql"
"pretalx"
"pretix"
"rstudio-server"
# "satosa"
"signal-irc-bridge"

40
machines/nixos/compute01/dgsi/default.nix
View file

@ -14,33 +14,13 @@
let
inherit (lib) toLower;
python = pkgs.python312.override {
packageOverrides = (import "${sources.nix-pkgs}/overlay.nix").mkOverlay {
folder = "python-modules";
plist = [
"django-allauth"
"django-allauth-cas"
"django-browser-reload"
"django-bulma-forms"
"django-sass-processor"
"django-sass-processor-dart-sass"
"django-unfold"
"loadcredential"
"pykanidm"
"python-cas"
"xlwt"
];
};
};
pythonEnv = python.withPackages (
pythonEnv = pkgs.python312.withPackages (
ps:
[
ps.django
ps.gunicorn
ps.psycopg
ps.django-compressor
ps.django-htmx
ps.django-import-export
# Local packages
@ -76,7 +56,6 @@ let
export DGSI_KANIDM_AUTH_TOKEN="fake.token"
export DGSI_X509_KEY=""
export DGSI_X509_CERT=""
export DGSI_ARCHIVES_ROOT=""
'';
doBuild = false;
@ -155,10 +134,6 @@ in
DGSI_MEDIA_ROOT = "/var/lib/django-apps/dgsi/media";
DGSI_STATIC_ROOT = "${staticDrv}/static";
DGSI_ARCHIVES_ROOT = "/var/lib/django-apps/dgsi/archives";
DGSI_ARCHIVES_INTERNAL = "_archives";
DGSI_STAFF_GROUP = "grp_bureau@sso.dgnum.eu";
DGSI_DATABASES = builtins.toJSON {
default = {
@ -189,15 +164,6 @@ in
};
mounts = [
{
where = "/run/django-apps/dgsi/archives";
what = "/var/lib/django-apps/dgsi/archives";
options = "bind";
after = [ "dj-dgsi.service" ];
partOf = [ "dj-dgsi.service" ];
upheldBy = [ "dj-dgsi.service" ];
}
{
where = "/run/django-apps/dgsi/media";
what = "/var/lib/django-apps/dgsi/media";
@ -231,10 +197,6 @@ in
"/".proxyPass = "http://unix:/run/django-apps/dgsi.sock";
"/static/".root = staticDrv;
"/media/".root = "/run/django-apps/dgsi";
"/_archives/".extraConfig = ''
internal;
alias /run/django-apps/dgsi/archives/;
'';
};
};
};

4
machines/nixos/compute01/ds-fr/default.nix
View file

@ -13,10 +13,10 @@ let
host = "demarches.dgnum.eu";
port = 3000;
dgn-id = "8dfdc60d1aa66e7206461ed7a49199f624a66b4e";
dgn-id = "7fe658a476e685f3697e9d219c6cd6de8bfaea77";
patch = pkgs.fetchurl {
url = "https://git.dgnum.eu/DGNum/demarches-normaliennes/commit/${dgn-id}.patch";
hash = "sha256-6JdbUf2fc79E5F1wtYFnP1JLGJffhGbjaxysRFr8xN4=";
hash = "sha256-n2lwIwNDyrjuu7yvSleP3KXDHDwE9wsAclqNghCrVe8=";
};
in
{

18
machines/nixos/compute01/extranix/default.nix
View file

@ -4,9 +4,7 @@
{
lib,
meta,
sources,
dgn-keys,
...
}:
let
@ -39,7 +37,7 @@ in
"DGNum Infrastructure" =
let
# prefer a non-patched nixpkgs
infra-nixpkgs = (import "${hive-root}/bootstrap.nix").pkgs;
infra-nixpkgs = (import "${hive-root}/hive.nix").meta.nixpkgs { };
infra-modulesPath = "${infra-nixpkgs.path}/nixos/modules/";
in
{
@ -47,7 +45,7 @@ in
"modules/generic"
"modules/nixos"
];
ignored-modules = (import "${infra-modulesPath}/module-list.nix") ++ [
ignored-modules = import "${infra-modulesPath}/module-list.nix" ++ [
"${sources.agenix}/modules/age.nix"
"${sources.arkheon}/module.nix"
"${sources."microvm.nix"}/nixos-modules/host"
@ -55,18 +53,20 @@ in
{ system.stateVersion = "25.05"; }
];
specialArgs = {
inherit meta sources;
modulesPath = builtins.storePath infra-modulesPath;
inherit sources;
lib = infra-nixpkgs.lib // {
inherit (lib) extra;
};
modulesPath = infra-modulesPath;
pkgs = infra-nixpkgs;
inherit (infra-nixpkgs) lib;
name = "nodeName";
nodeMeta = {
nix-modules = [ ];
admins = [ ];
adminGroups = [ ];
};
dgn-keys = dgn-keys // {
getNodeAdmins = _: [ ];
meta = {
organization.groups.root = [ ];
};
};
path-translations = [

28
machines/nixos/compute01/grafana/default.nix → machines/nixos/compute01/grafana.nix
View file

@ -2,12 +2,7 @@
#
# SPDX-License-Identifier: EUPL-1.2
{
config,
pkgs,
meta,
...
}:
{ config, ... }:
let
host = "grafana.dgnum.eu";
@ -67,27 +62,6 @@ in
auto_assign_org_role = "Admin";
};
};
declarativePlugins = import ./plugins.nix { inherit pkgs; };
provision = {
enable = true;
datasources.settings.datasources = [
{
name = "VictoriaLogs";
type = "victoriametrics-logs-datasource";
access = "proxy";
url = "http://${meta.network.storage01.netbirdIp}:9428";
}
{
name = "VictoriaMetrics";
type = "victoriametrics-metrics-datasource";
access = "proxy";
url = "http://${meta.network.storage01.netbirdIp}:8428";
}
];
};
};
postgresql = {

19
machines/nixos/compute01/grafana/plugins.nix
View file

@ -1,19 +0,0 @@
# SPDX-FileCopyrightText: 2025 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{ pkgs, ... }:
builtins.map pkgs.grafanaPlugins.grafanaPlugin [
{
pname = "victoriametrics-logs-datasource";
version = "0.14.3";
zipHash = "sha256-g/ntmNyWJ9h/eYpZ0gqiESvVfm2fU6/Ci8R7FHIV7AQ=";
}
{
pname = "victoriametrics-metrics-datasource";
version = "0.13.1";
zipHash = "sha256-n1LskeOzp32LZS3PcsRh8FwQVBFVlzczfO2aGbEClSo=";
}
]

20
machines/nixos/compute01/kanidm/default.nix
View file

@ -81,17 +81,12 @@ in
) meta.organization.members;
groups =
(lib.extra.genFuse (id: { "vlan_${builtins.toString (4094 - id)}".memberless = true; }) 850)
// {
{
grp_active.members = catAttrs "username" (attrValues meta.organization.members);
grp-ext_cri.memberless = true;
}
// (mapAttrs' (
name: members: nameValuePair "grp_${name}" { members = builtins.map usernameFor members; }
) meta.organization.groups)
// (mapAttrs' (
name: srv: nameValuePair "grp-admin_${name}" { members = builtins.map usernameFor srv.admins; }
) meta.organization.services);
) meta.organization.groups);
# INFO: The authentication resources declared here can only be for internal services,
# as regular members cannot be statically known.
@ -144,10 +139,7 @@ in
displayName = "Netbox [Inventory]";
enableLegacyCrypto = true;
originLanding = "https://netbox.dgnum.eu";
originUrl = [
"https://netbox.dgnum.eu/oauth/complete/oidc/"
"https://netbox-v2.dgnum.eu/oauth/complete/oidc/"
];
originUrl = "https://netbox.dgnum.eu/oauth/complete/oidc/";
preferShortUsername = true;
scopeMaps.grp_active = [
@ -155,12 +147,6 @@ in
"profile"
"email"
];
scopeMaps.grp-ext_cri = [
"openid"
"profile"
"email"
];
};
dgn_outline = {

74
machines/nixos/compute01/netbox.nix
View file

@ -1,74 +0,0 @@
# SPDX-FileCopyrightText: 2024 Maurice Debray <maurice.debray@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{
config,
lib,
nixpkgs,
...
}:
let
EnvironmentFile = [ config.age.secrets."netbox-environment_file".path ];
in
{
services = {
netbox = {
enable = true;
package = nixpkgs.nixos.unstable.netbox_4_1;
secretKeyFile = "/dev/null";
listenAddress = "127.0.0.1";
plugins = p: [ p.netbox-qrcode ];
settings = {
ALLOWED_HOSTS = [ "netbox-v2.dgnum.eu" ];
REMOTE_AUTH_BACKEND = "social_core.backends.open_id_connect.OpenIdConnectAuth";
PLUGINS = [ "netbox_qrcode" ];
PLUGINS_CONFIG = {
netbox_qrcode = {
custom_text = "DGNum. contact@dgnum.eu";
font = "Tahoma";
};
};
};
extraConfig = lib.mkForce ''
from os import environ as env
SECRET_KEY = env["SECRET_KEY"]
SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = env["NETBOX_OIDC_URL"]
SOCIAL_AUTH_OIDC_KEY = env["NETBOX_OIDC_KEY"]
SOCIAL_AUTH_OIDC_SECRET = env["NETBOX_OIDC_SECRET"]
'';
};
};
systemd.services = {
netbox.serviceConfig = {
inherit EnvironmentFile;
TimeoutStartSec = 600;
};
netbox-housekeeping.serviceConfig = {
inherit EnvironmentFile;
};
netbox-rq.serviceConfig = {
inherit EnvironmentFile;
};
};
users.users.nginx.extraGroups = [ "netbox" ];
dgn-web.simpleProxies.netbox = {
inherit (config.services.netbox) port;
host = "netbox-v2.dgnum.eu";
vhostConfig.locations."/static/".alias = "${config.services.netbox.dataDir}/static/";
};
# dgn-backups.jobs.netbox.settings.paths = [ "/var/lib/netbox" ];
# dgn-backups.postgresDatabases = [ "netbox" ];
}

2
machines/nixos/compute01/nextcloud.nix
View file

@ -76,7 +76,7 @@ in
database.createLocally = true;
configureRedis = true;
autoUpdateApps.enable = false;
autoUpdateApps.enable = true;
settings = {
overwriteprotocol = "https";

1
machines/nixos/compute01/outline.nix
View file

@ -47,7 +47,6 @@ in
inherit host port;
vhostConfig.locations."/robots.txt".return =
''200 "User-agent: *\nDisallow: /s/demarches-normaliennes/\n"'';
proxyWebsockets = true;
};
age-secrets.autoMatch = [ "outline" ];

59
machines/nixos/compute01/pretalx.nix
View file

@ -1,59 +0,0 @@
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{ config, pkgs, ... }:
{
services.nginx.virtualHosts.${config.services.pretalx.nginx.domain} = {
enableACME = true;
forceSSL = true;
};
services.pretalx = {
enable = true;
package = pkgs.pretalx.overrideAttrs (old: {
disabledTests = old.disabledTests ++ [
# Does not work in CI !?
"test_documentation_includes_config_options"
];
});
plugins = with config.services.pretalx.package.plugins; [
pages
venueless
];
nginx = {
enable = true;
domain = "pretalx.dgnum.eu";
};
environmentFile = config.age.secrets."pretalx-environment_file".path;
settings = {
files.upload_limit = 50;
mail = {
from = "pretalx@infra.dgnum.eu";
host = "kurisu.lahfa.xyz";
port = 465;
ssl = true;
user = "web-services@infra.dgnum.eu";
};
logging.email = "admins+pretalx@dgnum.eu";
locale = {
language_code = "fr";
time_zone = "Europe/Paris";
};
};
};
dgn-backups = {
postgresDatabases = [ "pretalx" ];
jobs.pretix.settings.paths = [ "/var/lib/pretalx" ];
};
}

55
machines/nixos/compute01/pretix.nix
View file

@ -1,55 +0,0 @@
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{ config, ... }:
{
services.nginx.virtualHosts.${config.services.pretix.nginx.domain} = {
enableACME = true;
forceSSL = true;
};
services.pretix = {
enable = true;
plugins = with config.services.pretix.package.plugins; [
pages
passbook
];
nginx = {
enable = true;
domain = "pretix.dgnum.eu";
};
environmentFile = config.age.secrets."pretix-environment_file".path;
settings = {
pretix = {
instance_name = "pretix.dgnum.eu";
url = "https://${config.services.pretix.nginx.domain}";
};
mail = {
admins = "admins+pretix@dgnum.eu";
from = "pretix@infra.dgnum.eu";
host = "kurisu.lahfa.xyz";
port = 465;
ssl = "on";
user = "web-services@infra.dgnum.eu";
};
locale = {
default = "fr";
timezone = "Europe/Paris";
};
};
};
dgn-backups = {
postgresDatabases = [ "pretix" ];
jobs.pretix.settings.paths = [ "/var/lib/pretix" ];
};
}

BIN
machines/nixos/compute01/secrets/netbox-environment_file
View file

Binary file not shown.

30
machines/nixos/compute01/secrets/pretalx-environment_file
View file

@ -1,30 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA nxmUrwL0YLjmyml8KcWZ6dWwV5O6w2Dlg7uqb+eSYBY
BgVWB3Z3wJ9E68kmDbf4/NrmsZGR/goS2Kfx/nc49Vs
-> ssh-ed25519 QlRB9Q VB75tVIpYDO9Ta0MRsfuP24TAjbyT6OWEN0SjVkGVnA
oDn5Yal9NY2ce0p4jf0+ceBM14aF9+62J3Ich00bn60
-> ssh-ed25519 r+nK/Q ejM5Jc8o01aaFO55KL8O2IBf6XSb84zvirAUWyWI0Ck
UXPxGsxI+vZHPsSWirv9GTa/Etwh3GXlOxAHrBMiRZQ
-> ssh-rsa krWCLQ
noF/XAAr5oXO3yxHgoKlPuFSiexCG508JCHrvUK0Pkw71KASEcEAfEHb+rZTi6yA
vtRIoU6MnAG4RaDkilp2Cz4LDfx8JvT3ucmy///0UhwUwC8keeR7r/EIGPdB3Fyc
FyyhC0KflA0kmWsOR9EZi2YYAHRTPUMzXYdSdIGc/82WMVGEizTck8CH10GV2Bxl
SyiaJFk//q4fZZwyYUyaSVFjMwrjU1bbAipmB24SLLCLp1J+Xxq/OX83Mctjqutl
LlNC10GdvM1JoPFFxy9Chk63WHZXp745D5JppWKJ8FuUs89WpCspzYNgqRgyBoQA
wNlUgSD1p815tuCDs1+wlg
-> ssh-ed25519 /vwQcQ StDx98vbjAGhJu1o74uVBC6DhuqaZZjxIEPyyCS44Wo
CxNrC8Pdi9HMF0atPNQutowQG60DSyWhXA3n/vOS+HA
-> ssh-ed25519 0R97PA BfmW5ljTVp+tUs32lAMnSBz2q5jMSgwgza3pfS3L404
GibEScHuYz0b7kt+EQRXhiY01IfZzBhmMMJ7JxstWNo
-> ssh-ed25519 JGx7Ng hCbmKD+QH6SlFmFMM61Xv2Y8TjNZJyCYhhtFmjYQUEM
J8CLfOvhJeSdN2W8NQsIbfA1li6V4IzZc43Rq+yNuHc
-> ssh-ed25519 bUjjig jFfhHzfqTzuuN4IszblOGe7WFMxfFa5GvUbQ5TgWNmI
FU6hJSW0AT5FG49oQzN7c0dDsmgbhOYLAEz4YeAus6o
-> ssh-ed25519 tDqJRg 8DMYhpgIDvTQ+IshJCKvgFiY8J4qdVVA7nGRRc+clSA
EfRYOKCE6zv6BqbDyN4p6QdfN5Y+2GPie2tLqISbsSQ
-> {7;qZH-grease b'%
/q1kVYwytu14uIpZOi643OuIU7M3xNYoe2IPCVeH7A7lsAfhEuCbUOSwVGb1yvvP
Zuz3ZUD4ubs7a4By3LmbfYgTak2iHUMd7YCMOcWgwRJb
--- GrGJW7DhRg2lMfi+2fs81QGOIwUVuJkLuCzynlGtvUc
Ì©Û¼šÙô].r·@…ªÚ+ÔÅutb)ßÍÈõ^¿²É½*ñ‡;/†ˆÎçSôóš->dÚÆ™ôšY§û¯‡ukÿ{œôñªsž<>±<EFBFBD> VÊŠ
H¹o.

30
machines/nixos/compute01/secrets/pretix-environment_file
View file

@ -1,30 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA Rns+GrvYIYGr2bkT5PGqRYgVjiDYx5bZePFwX5n84z8
+vmlrK5mS00BLpJukWoHHDvJVOuHS/dfWSfPRqiiK2A
-> ssh-ed25519 QlRB9Q RKtrm6jKvSbOSBU8Lnd6Saui6yXHMuSgNcoYgGpwPEE
cU1kLd9jZ2qaeKcQEVaxxra2le1MwGMZNuDQBui76CU
-> ssh-ed25519 r+nK/Q J3IwXYXujMKTIDTW+zoP3kTlxd+WRWwrHo/uvH7y6Tg
YimrLo0a6W2baGbCx6WIw7PBnI/cBioMtiZhU4dcT8k
-> ssh-rsa krWCLQ
sX+yb3LCSr+PpOx/VHB6RCnlT2iARoPdoTlNhtz8DYGKY/UTNtqGtgHd0rV9cefh
MHdBlpjUnxpPkCuP2EwIEMTqyjGbPoq/AdpxklXNquMxWyeYD7Pe5ABbEx4vpAgH
+d3A+X3sJXV+lGqPtwIbRBBMCSYxffrS68V5DYfUWNG0rAF7xknfTE4IFNgg1yzR
4LJRpI/j77wlOn/8cH8jGtBrKtRPTq1z6a8MLU36bmBEpmS3EGMvOrfGrMnenhFr
vt6WEsEcHON5C57WyvfEV/qeLhkzaRBOcq3LnYGN4qc0EqVvWCLRqTHeMMJEWhK3
n6qGjzhE5n1FMPoxox83ig
-> ssh-ed25519 /vwQcQ brE7F9GWBMVcmBJskPLZYp2tD80LAWvQFWGxw5asvC0
aOsMTgH17u16P2oUzrIgvv3d70uYkMjAqBJDmmUYPq8
-> ssh-ed25519 0R97PA Ni0DxmzYhSN/mwgKs8AFNwcEMLGDBH2R7mxwyGqyRxg
EmtSYAQ7wwYWqNLu8CmOhEhZq09UvPE8mTL9xRlXq0A
-> ssh-ed25519 JGx7Ng 0iDIiH3slqmumi41n1xKDlxH4UG3TvN+apOZCBCC2B0
4uejPMfD2Qg9P9DPXr6kk06SdYIREc9/w5tId9ZkmjI
-> ssh-ed25519 bUjjig v0d0b2QdvJhiIlrYMRtfjvCWERTXyGIYmmocNTzFFBg
B+o4ZPftYBmc5CxdTqHSjIzyx5X6lCJ88M+XRj5ddrA
-> ssh-ed25519 tDqJRg I67xye4YEG7fRzMeSqmyY7g99YwBFG4TyIiABHnEd3k
Cj95yZeQZwGLFNnw4gK5pzS7Rvr/v0sIfNHoj/FWerU
-> 84t6-grease X|
ylGgBiG/KYc0vDvMho+lPMBe+2kZZ3DvlF5JHgtMRUAMy9ugXbwDYu5qq7GyPL38
aBw8Jx13iIRkJA9CisyygX7l2P5sOdaa/IE5fTABjL6EGkLbP1uI0OFTH9Dd1tYy
ww
--- qbaLv0BDEw2uSR1ccqH5HOinQSQeynDl0IFU9VwD3Ag
º?Ž’¸l¬BÛ†øï—iI ]å4x5¯¶ÎhMÜÍsÒ×Dz¹{ÍpTÅ}G‡U ¡ Cù]ÛQh~¯ªŒãf¯¾ˆËoQí<51>Gƒ¡“jÛ(j®

3
machines/nixos/compute01/secrets/secrets.nix
View file

@ -22,7 +22,6 @@
"librenms-environment_file"
"mastodon-extra_env_file"
"mastodon-smtp-password"
"netbox-environment_file"
"nextcloud-adminpass_file"
"nextcloud-s3_secret_file"
"outline-oidc_client_secret_file"
@ -31,8 +30,6 @@
"plausible-admin_user_password_file"
"plausible-secret_key_base_file"
"plausible-smtp_password_file"
"pretalx-environment_file"
"pretix-environment_file"
"satosa-env_file"
"signal-irc-bridge-config"
"telegraf-environment_file"

1
machines/nixos/rescue01/_configuration.nix
View file

@ -12,7 +12,6 @@ lib.extra.mkConfig {
enabledServices = [
# List of services to enable
"netbird-relay"
"uptime-kuma"
];

34
machines/nixos/rescue01/netbird-relay.nix
View file

@ -1,34 +0,0 @@
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{
config,
nixpkgs,
...
}:
let
domain = "nb-relay01.dgnum.eu";
in
{
services = {
netbird.server.relay = {
enable = true;
package = nixpkgs.nixos.unstable.netbird;
inherit domain;
enableNginx = true;
environmentFile = config.age.secrets."netbird-relay_environment_file".path;
metricsPort = 9094;
};
nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
};
};
}

BIN
machines/nixos/rescue01/secrets/netbird-relay_environment_file
View file

Binary file not shown.

1
machines/nixos/rescue01/secrets/secrets.nix
View file

@ -6,6 +6,5 @@
[ "rescue01" ]
[
# List of secrets for rescue01
"netbird-relay_environment_file"
"stateless-uptime-kuma-password"
]

2
machines/nixos/storage01/_configuration.nix
View file

@ -23,8 +23,6 @@ lib.extra.mkConfig {
"peertube"
"prometheus"
"redirections"
"victorialogs"
"victoriametrics"
];
extraConfig = {

2
machines/nixos/storage01/garage.nix
View file

@ -14,14 +14,12 @@ let
"lanuit.ens.fr"
"simi.normalesup.eu"
"pub.dgnum.eu"
"actes-administratifs.dgnum.eu"
];
buckets = [
"monorepo-terraform-state"
"banda-website"
"actes-administratifs-website"
"castopod-dgnum"
"hackens-website"
"nuit-website"

5
machines/nixos/storage01/netbird.nix
View file

@ -69,10 +69,7 @@ in
};
Relay = {
Addresses = builtins.map (host: "rels://${host}:443") [
domain
"nb-relay01.dgnum.eu"
];
Addresses = [ "rels://${domain}:443" ];
CredentialsTTL = "24h";
Secret._secret = s "netbird-relay_secret_file";
};

4
machines/nixos/storage01/prometheus.nix
View file

@ -17,9 +17,9 @@ let
lib.mapAttrsToList (
node:
{ config, ... }:
lib.optional config.dgn-monitoring.exporters.enable {
lib.optional config.dgn-node-monitoring.enable {
targets = map (p: "${node}.dgnum:${builtins.toString p}") (
builtins.attrValues config.dgn-monitoring.exporters.ports
builtins.attrValues config.dgn-node-monitoring.ports
);
labels = {
host = node;

1
machines/nixos/storage01/secrets/secrets.nix
View file

@ -9,6 +9,7 @@
"bupstash-put_key"
"forgejo-mailer_password_file"
"forgejo_runners-token_file"
"garage-environment_file"
"influxdb2-grafana_token_file"
"influxdb2-initial_password_file"
"influxdb2-initial_token_file"

2
machines/nixos/storage01/tvix-cache/cache-settings.nix
View file

@ -13,6 +13,6 @@ in
{ caches }:
{
substituters = builtins.map (cache: cache-info.${cache}.url) caches;
trusted-substituters = builtins.map (cache: cache-info.${cache}.url) caches;
trusted-public-keys = builtins.map (cache: cache-info.${cache}.public-key) caches;
}

20
machines/nixos/storage01/victoria-metrics.nix Normal file
View file

@ -0,0 +1,20 @@
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
let
host = "victoria-metrics.dgnum.eu";
port = 9099;
in
{
services.victoriametrics = {
enable = true;
listenAddress = "127.0.0.1:${builtins.toString port}";
};
dgn-web.simpleProxies.victoria-metrics = {
inherit host port;
};
}

22
machines/nixos/storage01/victorialogs.nix
View file

@ -1,22 +0,0 @@
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{ meta, name, ... }:
let
port = 9428;
in
{
services.victorialogs = {
enable = true;
flags = {
retentionPeriod = "4w";
httpListenAddr = "${meta.network.${name}.netbirdIp}:${builtins.toString port}";
};
};
networking.firewall.interfaces.wt0.allowedTCPPorts = [ port ];
}

23
machines/nixos/storage01/victoriametrics.nix
View file

@ -1,23 +0,0 @@
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{ meta, name, ... }:
let
port = 8428;
in
{
services.victoriametrics = {
enable = true;
flags = {
# INFO: We keep the data for 2 years (24 months)
retentionPeriod = "24";
httpListenAddr = "${meta.network.${name}.netbirdIp}:${builtins.toString port}";
};
};
networking.firewall.interfaces.wt0.allowedTCPPorts = [ port ];
}

1
machines/nixos/vault01/_configuration.nix
View file

@ -12,7 +12,6 @@ lib.extra.mkConfig {
enabledServices = [
# List of services to enable
"k-radius"
"monitoring"
"networking"
"ups"
"ulogd"

13
machines/nixos/vault01/k-radius/default.nix
View file

@ -40,13 +40,16 @@
radius_required_groups = [ "radius_access@sso.dgnum.eu" ];
# A mapping between Kanidm groups and VLANS
radius_groups = map (
{ vlan, ... }:
radius_groups = [
{
inherit vlan;
spn = "vlan_${toString vlan}@sso.dgnum.eu";
spn = "dgnum_members@sso.dgnum.eu";
vlan = 1;
}
) config.networking.vlans-info;
{
spn = "dgnum_clients@sso.dgnum.eu";
vlan = 2;
}
];
};
authTokenFile = config.age.secrets."radius-auth_token_file".path;

9
machines/nixos/vault01/monitoring/default.nix
View file

@ -1,9 +0,0 @@
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{
imports = [
./victorialogs.nix
];
}

37
machines/nixos/vault01/monitoring/victorialogs.nix
View file

@ -1,37 +0,0 @@
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{ meta, ... }:
let
port = 9428;
in
{
services = {
nginx = {
enable = true;
streamConfig = ''
server {
listen 10.0.253.1:${toString port};
listen ${meta.network.vault01.netbirdIp}:${toString port};
proxy_pass 127.0.0.1:${toString port};
}
'';
};
victorialogs = {
enable = true;
flags = {
retentionPeriod = "52w";
httpListenAddr = "127.0.0.1:${builtins.toString port}";
};
};
};
networking.firewall.interfaces = {
wt0.allowedTCPPorts = [ port ];
vlan-admin-ap.allowedTCPPorts = [ port ];
};
}

477
machines/nixos/vault01/networking.nix
View file

@ -12,8 +12,7 @@
}:
let
inherit (lib) mapAttrs' mkOption nameValuePair;
inherit (lib.types) listOf attrs;
inherit (lib) mapAttrs' nameValuePair;
uplink = {
ip = "10.120.33.250";
@ -75,6 +74,14 @@ let
Table = "user";
}
];
routingPolicyRules = [
{
From = "${netIP}/27";
To = "10.0.0.0/27";
IncomingInterface = interfaceName;
Table = "user";
}
];
};
};
};
@ -86,7 +93,6 @@ let
netIP = "10.0.${toString prefix24nb}.${toString prefix27nb}";
servIP = "10.0.${toString prefix24nb}.${toString (prefix27nb + 1)}";
interfaceName = "vlan-user-${toString vlan}";
prefixLen = 27;
}) 850;
vlans = {
@ -94,16 +100,13 @@ let
Id = 223;
address = with uplink; [ "${ip}/${builtins.toString prefix}" ];
extraNetwork = {
routes = [
{
# Get the public ip from the metadata
PreferredSource = builtins.head meta.network.${name}.addresses.ipv4;
Gateway = uplink.router;
}
];
linkConfig.MTUBytes = 1500;
};
extraNetwork.routes = [
{
# Get the public ip from the metadata
PreferredSource = builtins.head meta.network.${name}.addresses.ipv4;
Gateway = uplink.router;
}
];
};
vlan-admin = {
@ -113,34 +116,21 @@ let
vlan-admin-ap = {
Id = 3001;
address = [
"fd26:baf9:d250:8001::1/64"
# FIXME: ipv4 is temporary for APs in production
"10.0.253.1/24"
address = [ "fd26:baf9:d250:8001::1/64" ];
extraNetwork.ipv6Prefixes = [
{
AddressAutoconfiguration = false;
OnLink = false;
Prefix = "fd26:baf9:d250:8001::/64";
}
];
extraNetwork = {
networkConfig = {
IPv6SendRA = true;
DHCPServer = "yes";
};
ipv6Prefixes = [
{
AddressAutoconfiguration = false;
OnLink = false;
Prefix = "fd26:baf9:d250:8001::/64";
}
];
};
};
vlan-apro = {
Id = 2000;
address = [ "10.0.255.1/24" ];
extraNetwork = {
networkConfig.DHCPServer = "yes";
linkConfig.MTUBytes = 1500;
};
extraNetwork.networkConfig.DHCPServer = "yes";
};
vlan-hypervisor = {
@ -154,258 +144,193 @@ let
};
} // builtins.listToAttrs (map mkUserVlan userVlans);
in
{
options.networking.vlans-info = mkOption {
type = listOf attrs;
description = ''
Information about vlans for log analysis.
'';
readOnly = true;
};
config = {
systemd = {
network = {
config.routeTables."user" = 1000;
networks = {
"10-lo" = {
name = "lo";
address = [
"::1/128"
"127.0.0.1/8"
"10.0.0.1/27"
];
routes = [
{
Destination = "10.0.0.0/27";
Table = "user";
}
];
routingPolicyRules = [
{
To = "10.0.0.0/16";
Table = "user";
}
];
};
"10-enp67s0f0np0" = {
name = "enp67s0f0np0";
linkConfig.Promiscuous = true;
networkConfig = {
Bridge = "br0";
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
linkConfig.MTUBytes = 1504;
};
"50-gretap1" = {
name = "gretap1";
networkConfig = {
Bridge = "br0";
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
linkConfig.MTUBytes = 1504;
};
"50-br0" = {
name = "br0";
networkConfig = {
VLAN = builtins.attrNames vlans;
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
linkConfig.MTUBytes = 1504;
};
"50-wg0" = {
name = "wg0";
address = [ "10.10.17.1/30" ];
networkConfig.Tunnel = "gretap1";
};
} // (mapAttrs' mkNetwork vlans);
netdevs = {
"50-gretap1" = {
netdevConfig = {
Name = "gretap1";
Kind = "gretap";
};
tunnelConfig = {
Local = "10.10.17.1";
Remote = "10.10.17.2";
};
};
"50-br0" = {
netdevConfig = {
Name = "br0";
Kind = "bridge";
};
bridgeConfig = {
VLANFiltering = false;
STP = false;
};
};
"50-wg0" = {
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig = {
ListenPort = 1194;
PrivateKeyFile = config.age.secrets."wg-key".path;
};
wireguardPeers = [
{
AllowedIPs = [
"10.10.17.0/30"
];
PublicKey = "g6S3gBx1Hf2iX41tokD+m8WfzJJTTcsKifOkn+Wcd00=";
}
];
};
} // mapAttrs' mkNetdev vlans;
};
services = {
ethtoolConfig = {
wantedBy = [ "systemd-networkd.service" ];
after = [ "sys-subsystem-net-devices-enp67s0f0np0.device" ];
bindsTo = [ "sys-subsystem-net-devices-enp67s0f0np0.device" ];
script = builtins.concatStringsSep "\n" (
builtins.map (name: "${lib.getExe pkgs.ethtool} -K enp67s0f0np0 ${name} off") [
"rxvlan"
"txvlan"
"rx-vlan-filter"
"rx-vlan-offload"
"tx-vlan-offload"
"tx-vlan-stag-hw-insert"
]
);
};
systemd-networkd.serviceConfig.LimitNOFILE = 4096;
net-checker = {
path = [
pkgs.iputils
pkgs.systemd
systemd = {
network = {
config.routeTables."user" = 1000;
networks = {
"10-lo" = {
name = "lo";
address = [
"::1/128"
"127.0.0.1/8"
"10.0.0.1/27"
];
routes = [
{
Destination = "10.0.0.0/27";
Table = "user";
}
];
routingPolicyRules = [
{
IncomingInterface = "lo";
Table = "user";
}
];
script = ''
if ping -c 1 8.8.8.8 > /dev/null || ping -c 1 1.1.1.1 > /dev/null; then
echo network is up
${lib.concatMapStringsSep "\n " (
{ interfaceName, ... }: "networkctl up ${interfaceName}"
) userVlans}
else
echo network is down
${lib.concatMapStringsSep "\n " (
{ interfaceName, ... }: "networkctl down ${interfaceName}"
) userVlans}
fi
'';
};
};
"10-enp67s0f0np0" = {
name = "enp67s0f0np0";
linkConfig.Promiscuous = true;
networkConfig = {
Bridge = "br0";
timers.net-checker = {
wantedBy = [ "timers.target" ];
timerConfig.OnCalendar = "*-*-* *:*:42";
};
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
linkConfig.MTUBytes = 1504;
};
"50-gretap1" = {
name = "gretap1";
networkConfig = {
Bridge = "br0";
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
};
"50-br0" = {
name = "br0";
networkConfig = {
VLAN = builtins.attrNames vlans;
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
linkConfig.MTUBytes = 1500;
};
"50-wg0" = {
name = "wg0";
address = [ "10.10.17.1/30" ];
networkConfig.Tunnel = "gretap1";
};
} // (mapAttrs' mkNetwork vlans);
netdevs = {
"50-gretap1" = {
netdevConfig = {
Name = "gretap1";
Kind = "gretap";
};
tunnelConfig = {
Local = "10.10.17.1";
Remote = "10.10.17.2";
};
};
"50-br0" = {
netdevConfig = {
Name = "br0";
Kind = "bridge";
};
bridgeConfig = {
VLANFiltering = false;
STP = false;
};
};
"50-wg0" = {
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig = {
ListenPort = 1194;
PrivateKeyFile = config.age.secrets."wg-key".path;
};
wireguardPeers = [
{
AllowedIPs = [
"10.10.17.0/30"
];
PublicKey = "g6S3gBx1Hf2iX41tokD+m8WfzJJTTcsKifOkn+Wcd00=";
}
];
};
} // mapAttrs' mkNetdev vlans;
};
networking = {
vlans-info = [
{
vlan = 2001;
netIP = "10.0.254.0";
prefixLen = 24;
}
{
vlan = 3001;
netIP = "10.0.253.0";
prefixLen = 24;
}
] ++ userVlans;
nftables = {
enable = true;
tables = {
nat = {
family = "ip";
content = ''
chain postrouting {
type nat hook postrouting priority 100;
ip saddr 10.0.0.0/16 ip daddr != 10.0.0.0/16 snat ip to 129.199.195.130-129.199.195.157
}
'';
};
filter = {
family = "inet";
content = ''
chain forward {
type filter hook forward priority filter; policy accept;
ct state vmap {
invalid: drop,
established: accept,
related: accept,
new: jump forward_decide,
untracked: jump forward_decide,
};
}
chain forward_decide {
# Block access to vpn
ip daddr {
10.10.17.0/30,
100.80.0.0/16,
} jump forward_reject;
# And administrative vlans
ip6 daddr {
fd26:baf9:d250::/48,
} jump forward_reject;
# These are being deployed, and so are not trusted
ip saddr 10.0.255.0/24 jump forward_reject;
# We only forward for ISP clients and our stuff
ip saddr != 10.0.0.0/16 jump forward_reject;
# Can talk to us
ip daddr 10.0.0.0/27 accept;
# Not others nor CRI
ip daddr 10.0.0.0/8 jump forward_reject;
}
chain forward_reject {
reject with icmpx type admin-prohibited;
}
'';
};
};
services = {
ethtoolConfig = {
wantedBy = [ "systemd-networkd.service" ];
after = [ "sys-subsystem-net-devices-enp67s0f0np0.device" ];
bindsTo = [ "sys-subsystem-net-devices-enp67s0f0np0.device" ];
script = builtins.concatStringsSep "\n" (
builtins.map (name: "${lib.getExe pkgs.ethtool} -K enp67s0f0np0 ${name} off") [
"rxvlan"
"txvlan"
"rx-vlan-filter"
"rx-vlan-offload"
"tx-vlan-offload"
"tx-vlan-stag-hw-insert"
]
);
};
firewall = {
allowedUDPPorts = [
67
1194
systemd-networkd.serviceConfig.LimitNOFILE = 4096;
net-checker = {
path = [
pkgs.iputils
pkgs.systemd
];
# FIXME: I dont't remember why it's here, and it doesn't seems right
# comes from https://git.dgnum.eu/DGNum/infrastructure/commit/411795c664374549e5e831722a80180b51fbf0d5
# checkReversePath = false;
script = ''
if ping -c 1 8.8.8.8 > /dev/null || ping -c 1 1.1.1.1 > /dev/null; then
${lib.concatMapStringsSep "\n " (
{ interfaceName, ... }: "networkctl up ${interfaceName}"
) userVlans}
else
${lib.concatMapStringsSep "\n " (
{ interfaceName, ... }: "networkctl down ${interfaceName}"
) userVlans}
fi
'';
};
};
age.secrets."wg-key".owner = "systemd-network";
users.users."systemd-network".extraGroups = [ "keys" ];
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
timers.net-checker = {
wantedBy = [ "timers.target" ];
timerConfig.OnCalendar = "*-*-* *:*:42";
};
};
networking = {
nftables = {
enable = true;
tables.nat = {
family = "ip";
content = ''
chain postrouting {
type nat hook postrouting priority 100;
ip saddr 10.0.0.0/16 ip saddr != 10.0.255.0/24 snat ip to 129.199.195.130-129.199.195.158
ether saddr { e0:2e:0b:bd:97:73, e8:d5:2b:0d:fe:4a } snat to 129.199.195.130 comment "Elias"
ether saddr { 1c:1b:b5:14:9c:e5, e6:ce:e2:b6:e3:82 } snat to 129.199.195.131 comment "Lubin"
ether saddr d0:49:7c:46:f6:39 snat to 129.199.195.132 comment "Jean-Marc"
ether saddr { 5c:64:8e:f4:09:06 } snat to 129.199.195.158 comment "APs"
}
'';
};
};
firewall = {
allowedUDPPorts = [
67
1194
];
checkReversePath = false;
};
};
age.secrets."wg-key".owner = "systemd-network";
users.users."systemd-network".extraGroups = [ "keys" ];
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
}

9
machines/nixos/vault01/ulogd/default.nix → machines/nixos/vault01/ulogd.nix
View file

@ -57,13 +57,4 @@
fi
'';
};
environment.defaultPackages = [
(pkgs.callPackage ./fill-vlan_prefixes.nix {
inherit (config.networking) vlans-info;
postgresql = config.services.postgresql.package;
})
(pkgs.callPackage ./nat-request-daddr.nix {
postgresql = config.services.postgresql.package;
})
];
}

39
machines/nixos/vault01/ulogd/fill-vlan_prefixes.nix
View file

@ -1,39 +0,0 @@
# SPDX-FileCopyrightText: 2025 Lubin Bailly <lubin.bailly@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{
lib,
writeShellApplication,
writeText,
vlans-info,
postgresql,
}:
let
inherit (lib) concatMapStringsSep;
sql-script = writeText "vlan-filling.sql" ''
DROP TABLE IF EXISTS vlan_prefixes;
CREATE TABLE vlan_prefixes (
vlan_id smallint PRIMARY KEY UNIQUE NOT NULL,
prefix inet NOT NULL
);
INSERT INTO vlan_prefixes VALUES
${concatMapStringsSep ",\n " (
{
vlan,
netIP,
prefixLen,
...
}:
"(${toString vlan}, inet '${netIP}/${toString prefixLen}')"
) vlans-info}
;
'';
in
writeShellApplication {
name = "fill-vlan_prefixes";
runtimeInputs = [ postgresql ];
text = ''
psql -d ulogd -U ulogd -f ${sql-script}
'';
}

35
machines/nixos/vault01/ulogd/nat-request-daddr.nix
View file

@ -1,35 +0,0 @@
# SPDX-FileCopyrightText: 2025 Lubin Bailly <lubin.bailly@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{
writeShellApplication,
postgresql,
}:
writeShellApplication {
name = "nat-request-daddr";
runtimeInputs = [ postgresql ];
text = ''
TARGET_TIMESTAMP=$2
TARGET_PREFIX=$1
psql -d ulogd -U ulogd -c "
select
vlan_id,
reply_ip_daddr_str as used_ip,
reply_l4_dport as used_port,
orig_ip_daddr_str as daddr,
orig_l4_dport as dport,
flow_start_sec, flow_end_sec
from ulog2_ct
join vlan_prefixes on ulog2_ct.orig_ip_saddr_str <<= vlan_prefixes.prefix
where
-- if we don't have conn start, we considered it started before the target time
( flow_start_sec IS NULL or flow_start_sec <= $TARGET_TIMESTAMP )
and
-- similar for conn end
( flow_end_sec IS NULL or flow_end_sec >= $TARGET_TIMESTAMP )
and
orig_ip_daddr_str <<= inet '$TARGET_PREFIX'
;"
'';
}

12
machines/nixos/web01/wordpress/default.nix
View file

@ -61,18 +61,6 @@ in
languages = [ pkgs.wordpressPackages.languages.fr_FR ];
};
"npr.wp.dgnum.eu" = {
themes = {
inherit (wp4nix.themes) twentytwentyfive;
};
plugins = {
inherit (wp4nix.plugins) user-role-editor;
};
languages = [ pkgs.wordpressPackages.languages.fr_FR ];
};
};
};

5
machines/nixos/web02/_configuration.nix
View file

@ -13,8 +13,7 @@ lib.extra.mkConfig {
enabledServices = [
# List of services to enable
"cas-eleves"
# "kadenios"
"django-apps"
"kadenios"
];
extraConfig = {
@ -22,7 +21,7 @@ lib.extra.mkConfig {
dgn-access-control.users.root = [ "thubrecht" ];
# Disable monitoring
dgn-monitoring.enable = false;
dgn-node-monitoring.enable = false;
# Enable Postgres databases
services.postgresql = {

21
machines/nixos/web02/cas-eleves/default.nix
View file

@ -19,22 +19,13 @@ let
port = 9889;
python3 =
let
nix-pkgs = import sources.nix-pkgs {
inherit pkgs;
python3 = pkgs.python312;
};
in
pkgs.python312.override {
packageOverrides = _: _: {
inherit (nix-pkgs) django-browser-reload django-bulma-forms loadcredential;
django-cas-server = nix-pkgs.django-cas-server.overridePythonAttrs (_: {
patches = [ ./01-pytest-cas.patch ];
});
};
python3 = pkgs.python312.override {
packageOverrides = _: prev: {
django-cas-server = prev.django-cas-server.overridePythonAttrs (_: {
patches = [ ./01-pytest-cas.patch ];
});
};
};
pythonEnv = python3.withPackages (ps: [
ps.django

22
machines/nixos/web02/django-apps/default.nix
View file

@ -1,22 +0,0 @@
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{
imports = [
./kadenios.nix
];
services.django-apps = {
enable = true;
webhook = {
domain = "web02.dj-hooks.dgnum.eu";
nginx = {
enableACME = true;
forceSSL = true;
};
};
};
}

66
machines/nixos/web02/django-apps/kadenios.nix
View file

@ -1,66 +0,0 @@
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{ config, ... }:
{
services.django-apps.sites.kadenios = {
source = "https://git.dgnum.eu/DGNum/kadenios";
branch = "production";
domain = "vote.dgnum.eu";
nginx = {
enableACME = true;
forceSSL = true;
};
webHookSecret = config.age.secrets."webhook-kadenios_token".path;
overlays.nix-pkgs = [
# Required packages
"authens"
"django-background-tasks"
"django-bulma-forms"
"django-translated-fields"
"loadcredential"
# Dependencies
"python-cas"
];
dependencies = ps: [
ps.authens
ps.django
ps.django-background-tasks
ps.django-bulma-forms
ps.django-translated-fields
ps.gunicorn
ps.loadcredential
ps.markdown
ps.networkx
ps.numpy
ps.psycopg
];
environment = {
KADENIOS_EMAIL_HOST_USER = "web-services@infra.dgnum.eu";
KADENIOS_EMAIL_USE_SSL = true;
KADENIOS_FROM_EMAIL = "Kadenios <vote@infra.dgnum.eu>";
KADENIOS_SERVER_EMAIL = "kadenios@infra.dgnum.eu";
};
credentials = {
SECRET_KEY = config.age.secrets."dj_kadenios-secret_key_file".path;
EMAIL_HOST_PASSWORD = config.age.secrets."dj_kadenios-email_password_file".path;
};
extraServices.tasks = {
script = "python3 manage.py process_tasks";
serviceConfig = {
WorkingDirectory = "/var/lib/django-apps/kadenios/source";
};
};
};
}

173
machines/nixos/web02/kadenios/default.nix Normal file
View file

@ -0,0 +1,173 @@
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{
config,
lib,
pkgs,
sources,
...
}:
let
inherit (lib) mapAttrsToList optionals;
host = "vote.dgnum.eu";
port = 9888;
pythonEnv =
{
debug ? false,
}:
pkgs.python3.withPackages (
ps:
[
ps.django
ps.gunicorn
ps.markdown
ps.numpy
ps.networkx
ps.psycopg
ps.authens
ps.django-background-tasks
ps.django-bulma-forms
ps.django-translated-fields
ps.loadcredential
]
++ (optionals debug [
ps.django-browser-reload
ps.django-debug-toolbar
])
);
manage = pkgs.writeShellApplication {
name = "kadenios-manage";
runtimeInputs = path ++ [
config.systemd.package
pkgs.util-linux
];
text = ''
MainPID=$(systemctl show -p MainPID --value django-kadenios.service)
nsenter -e -a -t "$MainPID" -G follow -S follow python ${sources.kadenios}/manage.py "$@"
'';
};
staticDrv = pkgs.stdenv.mkDerivation {
name = "kadenios-static";
src = sources.kadenios;
nativeBuildInputs = [ (pythonEnv { debug = true; }) ];
configurePhase = ''
export KADENIOS_STATIC_ROOT=$out/static
export KADENIOS_DEBUG=true
export CREDENTIALS_DIRECTORY=$(pwd)/.credentials
'';
doBuild = false;
installPhase = ''
mkdir -p $out/static
python3 manage.py collectstatic
'';
};
environment = builtins.mapAttrs (_: builtins.toJSON) {
KADENIOS_ALLOWED_HOSTS = [ "vote.dgnum.eu" ];
KADENIOS_STATIC_ROOT = staticDrv;
KADENIOS_DATABASES = {
default = {
ENGINE = "django.db.backends.postgresql";
NAME = "kadenios";
};
};
KADENIOS_EMAIL_HOST_USER = "web-services@infra.dgnum.eu";
KADENIOS_EMAIL_USE_SSL = true;
KADENIOS_FROM_EMAIL = "Kadenios <vote@infra.dgnum.eu>";
KADENIOS_SERVER_EMAIL = "kadenios@infra.dgnum.eu";
};
path = [ (pythonEnv { }) ];
in
{
environment.systemPackages = [ manage ];
systemd.services = {
django-kadenios = {
description = "ENS simple voting server";
wantedBy = [ "multi-user.target" ];
after = [
"network.target"
"postgresql.service"
];
serviceConfig = {
DynamicUser = true;
LoadCredential = mapAttrsToList (name: value: "${name}:${value}") {
SECRET_KEY = config.age.secrets."kadenios-secret_key_file".path;
EMAIL_HOST_PASSWORD = config.age.secrets."kadenios-email_password_file".path;
};
StateDirectory = "django-kadenios";
User = "kadenios";
};
inherit environment path;
script = ''
python3 ${sources.kadenios}/manage.py migrate
gunicorn app.wsgi --pythonpath ${sources.kadenios} -b 127.0.0.1:${builtins.toString port} --workers=2 --threads=4
'';
};
django-kadenios-tasks = {
description = "Background tasks worker for Kadenios";
wantedBy = [ "multi-user.target" ];
after = [
"network.target"
"postgresql.service"
"django-kadenios.service"
];
serviceConfig = {
DynamicUser = true;
LoadCredential = mapAttrsToList (name: value: "${name}:${value}") {
SECRET_KEY = config.age.secrets."kadenios-secret_key_file".path;
EMAIL_HOST_PASSWORD = config.age.secrets."kadenios-email_password_file".path;
};
StateDirectory = "django-kadenios";
User = "kadenios";
WorkingDirectory = sources.kadenios;
};
inherit environment path;
script = ''
python3 manage.py process_tasks
'';
};
};
dgn-web.simpleProxies.kadenios = {
inherit host port;
vhostConfig.locations."/static/".root = staticDrv;
};
services.postgresql = {
ensureDatabases = [ "kadenios" ];
ensureUsers = [
{
name = "kadenios";
ensureDBOwnership = true;
}
];
};
}

BIN
machines/nixos/web02/secrets/bupstash-put_key
View file

Binary file not shown.

0
machines/nixos/web02/secrets/dj_kadenios-email_password_file → machines/nixos/web02/secrets/kadenios-email_password_file
View file

0
machines/nixos/web02/secrets/dj_kadenios-secret_key_file → machines/nixos/web02/secrets/kadenios-secret_key_file
View file

6
machines/nixos/web02/secrets/secrets.nix
View file

@ -6,9 +6,7 @@
[ "web02" ]
[
# List of secrets for web02
"bupstash-put_key"
"cas_eleves-secret_key_file"
"dj_kadenios-secret_key_file"
"dj_kadenios-email_password_file"
"webhook-kadenios_token"
"kadenios-secret_key_file"
"kadenios-email_password_file"
]

29
machines/nixos/web02/secrets/webhook-kadenios_token
View file

@ -1,29 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA miVq8rZazx0Y0NYZklZh8ITlY7fOTwbPsAPcHwvJ3jI
Vs0xx9ulk2++7+DfD+HqhISSvYMtuSJIs9zyGlnW8Wk
-> ssh-ed25519 QlRB9Q z5TQpHovWNJ+Dq4GEcPfByMpTcTojIamJbU3kNKlmHQ
U+ZFJ/0TVcfo85xAWYqcnzpMfU0KcY8QJ8jqWlyt1U0
-> ssh-ed25519 r+nK/Q l5oBCnALC2HSoszpawrJZZUEFHjjGwei4Fd1Y+f7OjI
PLgEu00ItWIbT3ZSNioZ3oXwBBVQTD/wf8I8akEDNWs
-> ssh-rsa krWCLQ
2rt9GmpSxUJSArSOlXKQscrApgLLIWuTo/IXensBP1uCnrpLl4IdcpEJNTs7wtZq
h4OLCaLDoZvB3ZT3k+CXXXeBqLqz1DdBGo08RgfcUADTsm2Z9LsEyLo0GtHGEFjw
m1r/VF8githDxaEK52+znr1FG8CE7+DBQAU9ZydhKKjjFS7ckDHw0qFXyGqpyWk4
KnL7FGPX2z07V3nwauElDbaD1LLt0xHhqqEjmiRskhE2UU6q35IrLyKFHC1VHsFy
ItsONTu8lDiqXSi7Z5b5Iv+iAWWTtt/glTv3WFa8u7CIahuZIfemr8NzjD2Z+Vxh
yOEqBKyVgz8sFh1U7CgxCg
-> ssh-ed25519 /vwQcQ dcnBNyypzMkxHwh76v7bKhGckPjIOL2vP2aDWhB8WxQ
tTxcMXcLrFhD7u2xTOhsjWErSiCOfsVIDZgJldVePMw
-> ssh-ed25519 0R97PA stdF6UFkWDCwNUAv+aAetpku7O9XRvtaxafCjok9yhI
gXVXcwlY4Xue9WGk+WlByXvSgMju+VWKTBTXIngWYvE
-> ssh-ed25519 JGx7Ng e+Ux4HK63pAM4scQCi4wHTUmo28z105Ok59dlki0OS8
ulkU6zhXNpa3OswEC005BZ/YIExPysg25a4/O60fcWQ
-> ssh-ed25519 bUjjig SEnDWloeuVgCGLUJNvsBL1HPYJGBSBhqdDngkQk+KiE
MYL9SudJNuFyS4Inaod2Xxldi3d/kDwlIT9rVWs8vFc
-> ssh-ed25519 IY5FSQ TO9BPLBwdlqyKXOBiohCzfZWrTDwqhLjZYeq9rZgH2c
7Hqrqe+A3wg11H3wg9Cd+6F7mDwsLpzoh70sba32gCw
-> 1DV;-grease
9Ul6qKgH063H/HI1op+Gyk2+JRUGHwRG/SlOPTAnvBtq7xEy7yrR4lblBK8bcJNY
lwmI4xOokAnIveVaPS8SAig
--- GpJyGpk3QxJljiR6FZw8hdX0dXvEAIPZEZpL6oorLcM
}­o÷ÕŸ¦A¹qç ™Ò™ö>áp™€M Õ¬Ía“ zþƒÍT VVƒvI«f®<17>!>µ\Ö-þèÿ

1
machines/nixos/web03/_configuration.nix
View file

@ -14,7 +14,6 @@ lib.extra.mkConfig {
# List of services to enable
"django-apps"
"redirections"
"users-guests"
];
extraConfig = {

18
machines/nixos/web03/django-apps/annuaire.nix
View file

@ -2,7 +2,10 @@
#
# SPDX-License-Identifier: EUPL-1.2
{ config, ... }:
{
config,
...
}:
{
services.django-apps.sites.annuaire = {
@ -17,19 +20,11 @@
webHookSecret = config.age.secrets."webhook-annuaire_token".path;
overlays.nix-pkgs = [
"authens"
"loadcredential"
# Dependencies
"python-cas"
];
dependencies = ps: [
ps.authens
ps.django
ps.loadcredential
ps.pillow
ps.loadcredential
ps.authens
ps.python-dateutil
];
@ -38,6 +33,7 @@
};
environment = {
ANNUAIRE_ALLOWED_HOSTS = [ "annuaire-ens.webapps.dgnum.eu" ];
ANNUAIRE_LDAP = {
SPI = {
PROTOCOL = "ldaps";

29
machines/nixos/web03/django-apps/bocal.nix
View file

@ -2,39 +2,24 @@
#
# SPDX-License-Identifier: EUPL-1.2
{ config, ... }:
{
config,
...
}:
{
services.django-apps.sites.bocal = {
source = "https://git.dgnum.eu/DGNum/www-bocal";
branch = "main";
domain = "bocal.cof.ens.fr";
domain = "bocal.webapps.dgnum.eu";
nginx = {
enableACME = true;
forceSSL = true;
locations = {
"/www/".root = "/users/guests/bocal/";
"= /preparation.pdf".root = "/users/guests/bocal/www/";
"~ /bocal_www/".extraConfig = ''
rewrite ^/bocal_www(/.*)$ /www$1 last;
try_files $uri $args;
'';
};
};
webHookSecret = config.age.secrets."webhook-bocal_token".path;
overlays.nix-pkgs = [
"django-cas-ng"
"django-solo"
"loadcredential"
# Dependencies
"python-cas"
];
dependencies = ps: [
ps.django
ps.django-cas-ng
@ -50,7 +35,9 @@
};
environment = {
BOCAL_RHOSTS_PATH = "/users/guests/bocal/.rhosts";
DJANGO_SETTINGS_MODULE = "app.settings";
BOCAL_ALLOWED_HOSTS = [ "bocal.webapps.dgnum.eu" ];
BOCAL_RHOSTS_PATH = "/var/lib/django-apps/bocal/.rhosts";
};
};
}

2
machines/nixos/web03/django-apps/default.nix
View file

@ -7,8 +7,6 @@
./annuaire.nix
./bocal.nix
./ernestophone.nix
./gestiobds.nix
./gestiocof.nix
./gestiojeux.nix
./interludes.nix
./wikiens.nix

18
machines/nixos/web03/django-apps/ernestophone.nix
View file

@ -2,7 +2,10 @@
#
# SPDX-License-Identifier: EUPL-1.2
{ config, ... }:
{
config,
...
}:
{
services.django-apps.sites.ernestophone = {
@ -22,13 +25,6 @@
webHookSecret = config.age.secrets."webhook-ernestophone_token".path;
overlays.nix-pkgs = [
"django-avatar"
"django-cas-ng"
"django-solo"
"loadcredential"
];
dependencies = ps: [
ps.django
ps.django-avatar
@ -42,7 +38,11 @@
credentials = {
SECRET_KEY = config.age.secrets."dj_ernestophone-secret_key_file".path;
ACCOUNT_CREATION_PASS = config.age.secrets."dj_ernestophone-password_file".path;
};
environment = {
DJANGO_SETTINGS_MODULE = "Ernestophone.settings";
ERNESTOPHONE_ALLOWED_HOSTS = [ "ernestophone.ens.fr" ];
};
};
}

53
machines/nixos/web03/django-apps/gestiobds.nix
View file

@ -1,53 +0,0 @@
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{ config, ... }:
{
services.django-apps.sites.gestiobds = {
source = "https://git.dgnum.eu/DGNum/gestioCOF";
branch = "bds-prod";
domain = "gestion.bds.ens.fr";
nginx = {
enableACME = true;
forceSSL = true;
};
webHookSecret = config.age.secrets."webhook-gestiobds_token".path;
overlays.nix-pkgs = [
# Required packages
"authens"
"django-bootstrap-form"
"django-cas-ng"
"loadcredential"
# Dependencies
"python-cas"
];
dependencies = ps: [
ps.authens
ps.django
ps.django-bootstrap-form
ps.django-autocomplete-light
ps.django-cas-ng
ps.django-widget-tweaks
ps.loadcredential
ps.pillow
];
application = {
module = "gestioasso";
settingsModule = "gestioasso.settings_bds";
};
credentials = {
SECRET_KEY = config.age.secrets."dj_gestiobds-secret_key_file".path;
SYMPA_PASSWORD = config.age.secrets."dj_gestiobds-sympa_password_file".path;
SYMPA_USERNAME = config.age.secrets."dj_gestiobds-sympa_username_file".path;
};
};
}

156
machines/nixos/web03/django-apps/gestiocof.nix
View file

@ -1,156 +0,0 @@
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{ config, lib, ... }:
let
inherit (lib) listToAttrs nameValuePair;
in
{
services.django-apps.sites.gestiocof = {
source = "https://git.dgnum.eu/DGNum/gestioCOF";
branch = "cof-prod";
domain = "cof.ens.fr";
nginx = {
enableACME = true;
forceSSL = true;
locations =
{
"/ws/" = {
proxyPass = "http://unix:/run/django-apps/gestiocof/socket";
proxyWebsockets = true;
};
}
// (listToAttrs (
builtins.map (folder: nameValuePair "~ ^/${folder}/" { root = "/users/guests/cof/www/"; }) [
"arcanoid"
"cirque"
"pompom"
"trouveres"
]
));
extraConfig = ''
rewrite ^/$ /news;
'';
};
webHookSecret = config.age.secrets."webhook-gestiocof_token".path;
overlays = {
kat-pkgs = [
"django-djconfig"
"django-hCaptcha"
"wagtail-modeltranslation"
"wagtailmenus"
"django-cogwheels"
];
nix-pkgs = [
# Required packages
"authens"
"django-bootstrap-form"
"django-cas-ng"
"loadcredential"
# Dependencies
"python-cas"
];
};
dependencies = ps: [
ps.authens
ps.channels
ps.channels-redis
ps.configparser
ps.django
ps.django-autocomplete-light
ps.django-bootstrap-form
ps.django-cas-ng
ps.django-cors-headers
ps.django-djconfig
ps.django-hCaptcha
ps.django-js-reverse
ps.django-widget-tweaks
ps.icalendar
ps.loadcredential
ps.pillow
ps.python-dateutil
ps.redis
ps.statistics
ps.wagtail
ps.wagtail-modeltranslation
ps.wagtailmenus
];
application = {
module = "gestioasso";
type = "daphne";
settingsModule = "gestioasso.settings_cof";
};
credentials = {
SECRET_KEY = config.age.secrets."dj_gestiocof-secret_key_file".path;
HCAPTCHA_SECRET = config.age.secrets."dj_gestiocof-hcaptcha_secret_file".path;
HCAPTCHA_SITEKEY = config.age.secrets."dj_gestiocof-hcaptcha_sitekey_file".path;
KFETOPEN_TOKEN = config.age.secrets."dj_gestiocof-kfetopen_token_file".path;
SYMPA_PASSWORD = config.age.secrets."dj_gestiocof-sympa_password_file".path;
SYMPA_USERNAME = config.age.secrets."dj_gestiocof-sympa_username_file".path;
EMAIL_HOST = config.age.secrets."dj_gestiocof-email_host_file".path;
};
environment = {
GESTIOCOF_CHANNEL_LAYERS.default = {
BACKEND = "shared.channels.ChannelLayer";
CONFIG.hosts = [ "unix://${config.services.redis.servers.gestiocof.unixSocket}" ];
};
GESTIOCOF_CACHES.default = {
BACKEND = "django.core.cache.backends.redis.RedisCache";
LOCATION = "unix://${config.services.redis.servers.gestiocof.unixSocket}";
};
GESTIOCOF_CORS_ALLOWED_ORIGINS = [
"https://${config.services.django-apps.sites.gestiocof.domain}"
];
GESTIOCOF_SERVER_EMAIL = "gestion@cof.ens.fr";
};
extraServices.worker = {
script = "python3 manage.py runworker default";
serviceConfig = {
WorkingDirectory = "/var/lib/django-apps/gestiocof/source";
SupplementaryGroups = [ "redis-gestiocof" ];
};
};
timers = {
rappel-negatifs = {
script = ''
python3 manage.py sendrappelsnegatifs
'';
startAt = "*-*-* 1,13:17:19";
};
rappel-bda = {
script = ''
python3 manage.py sendrappels
'';
startAt = "*-*-* 2,14:17:19";
};
manage-reventes = {
script = ''
python3 manage.py manage_reventes
'';
startAt = "*-*-* *:01..56/5:29";
};
};
};
services.redis.servers.gestiocof = {
enable = true;
};
systemd.services.dj-gestiocof.serviceConfig.SupplementaryGroups = [ "redis-gestiocof" ];
}

19
machines/nixos/web03/django-apps/gestiojeux.nix
View file

@ -2,13 +2,16 @@
#
# SPDX-License-Identifier: EUPL-1.2
{ config, ... }:
{
config,
...
}:
{
services.django-apps.sites.gestiojeux = {
source = "https://git.dgnum.eu/DGNum/gestiojeux";
branch = "production";
domain = "jeux.cof.ens.fr";
domain = "gestiojeux.webapps.dgnum.eu";
nginx = {
enableACME = true;
@ -22,17 +25,8 @@
module = "gestiojeux";
};
overlays.nix-pkgs = [
"django-autoslug"
"django-cas-ng"
"loadcredential"
"markdown-icons"
# Dependencies
"python-cas"
];
django = ps: ps.django_4;
dependencies = ps: [
ps.django-autoslug
ps.loadcredential
@ -58,6 +52,7 @@
};
environment = {
GESTIOJEUX_ALLOWED_HOSTS = [ "gestiojeux.webapps.dgnum.eu" ];
GESTIOJEUX_EMAIL_HOST_USER = "web-services@infra.dgnum.eu";
GESTIOJEUX_DEFAULT_FROM_EMAIL = "Kadenios <web-services@infra.dgnum.eu>";
GESTIOJEUX_SERVER_EMAIL = "webapps@infra.dgnum.eu";

10
machines/nixos/web03/django-apps/interludes.nix
View file

@ -2,7 +2,10 @@
#
# SPDX-License-Identifier: EUPL-1.2
{ config, ... }:
{
config,
...
}:
{
services.webhook.extraArgs = [ "-debug" ];
@ -27,11 +30,6 @@
dbType = "sqlite";
overlays.nix-pkgs = [
"loadcredential"
"python-cas"
];
django = ps: ps.django_4;
dependencies = ps: [
ps.loadcredential

21
machines/nixos/web03/django-apps/wikiens.nix
View file

@ -3,16 +3,10 @@
# SPDX-License-Identifier: EUPL-1.2
{
pkgs,
sources,
config,
...
}:
let
nix-pkgs = import sources.nix-pkgs { inherit pkgs; };
in
{
services.django-apps.sites.wikiens = {
source = "https://git.dgnum.eu/DGNum/wiki-eleves";
@ -26,17 +20,6 @@ in
webHookSecret = config.age.secrets."webhook-wikiens_token".path;
python = pkgs.python3.override {
packageOverrides = _: _: {
inherit (nix-pkgs)
django-allauth
django-allauth-ens
django-wiki
loadcredential
;
};
};
dependencies =
ps:
[
@ -51,5 +34,9 @@ in
credentials = {
SECRET_KEY = config.age.secrets."dj_wikiens-secret_key_file".path;
};
environment = {
WIKIENS_ALLOWED_HOSTS = [ "wiki.eleves.ens.fr" ];
};
};
}

1
machines/nixos/web03/redirections.nix
View file

@ -6,7 +6,6 @@
dgn-redirections = {
permanent = {
"www.ernestophone.ens.fr" = "ernestophone.ens.fr";
"www.cof.ens.fr" = "cof.ens.fr";
};
};
}

BIN
machines/nixos/web03/secrets/bupstash-put_key
View file

Binary file not shown.

BIN
machines/nixos/web03/secrets/dj_annuaire-secret_key_file
View file

Binary file not shown.

59
machines/nixos/web03/secrets/dj_bocal-secret_key_file
View file

@ -1,33 +1,30 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA w23oZwRdOmR6ZmJ/u1UVJX3aDjvFlP9J/0DX421EzTk
GwBhoK4pLMph83ufQSh/DaKtDsQv2Vc/31kN4ahx1O0
-> ssh-ed25519 QlRB9Q bx2P8KY31nlurmjEsq6rOGz4RivuubPRr/pwJi8vZR4
pHUYj6nCuQfv9Y6oJmLqmIWw9rSrb7YgFIGh4/DDBxk
-> ssh-ed25519 r+nK/Q xX3R7A7Pq+l98C/4rDzZfLa5IyoW4mS1RXCg8jmCVBg
pZZ91CQNMfv+A9nUGM7FCHt79YsEIP8SA4UZ7NmIYyg
-> ssh-ed25519 jIXfPA HF+w4Kuk7Wo2s94SeNxAB3zFZhKNn1fPabJhUK/xGH0
KY5tknNrICYq0HTfNRX760OPyWPJ8B4Sasq8BjN9a6k
-> ssh-ed25519 QlRB9Q OGcCe/S1aIQckJGzt4Wz+DFebTZpNV+YCevnVOPDMXQ
keDckjD4Vjhj3gmQnW0V8nJ1Soubkhb9WP28fsanhMA
-> ssh-ed25519 r+nK/Q lO6xwuhfQ6gMlJzFBF5J9c2elEg1J3leAt5x1uTYGSk
HQG0VQXvn72CIOqe6FRGrSX8TIa7sBB3cOZZQzXBl8w
-> ssh-rsa krWCLQ
JSYdRpvAP/pb8v9Rviw+DcwTGmlVbes8LNW/Hjjc3eKNYT6f5TR56Ma0C+ZXA8hC
BiEoDyvV631v7jf1NQENWgOrx8kIaMlJyJlndEUviFesoUXvBsrRVxZkPo9+q8gm
2jx8uLxRlq04fIh39YOcxayNPU6ZE0k4iV5Sv8bgNdPPsiSDPEcoGh4ptB/L7PqC
qa73mSskFsWLMdkhlF2PmobhFYBbJw76ekctHK4enABJR0wnpw76MB/1xaRysO0Z
cE1yXy0TKPeQ6tBs+TgEbWPdjs7q2cCe78Cx14ob/bDTrSxn1VXxlTSEa+jZ8ES2
aRJM0RnnbulZJMu8vD+ztw
-> ssh-ed25519 /vwQcQ +etnXlMmCofk42qEtdvIZyzpdGPTUR44Ur3rNiYpqQY
+h+hNOOJHWXi4vqsBDudgiQ3BPHVOA1bl+R4d5zCs2g
-> ssh-ed25519 0R97PA VuTnbuLdQANqvVDvIEOJVFWh3IgOKLHXROxSCx5E0C0
euVIt58WGFPxL5IgE0Stce7q9MaQCLkWOGpLyxhszJk
-> ssh-ed25519 JGx7Ng /1DGw0uUQ99aDlw5AdNIKZNZbRSXoxCwJZU4iotnMVA
v9B+dF8KmmVLjYh7IT61p757x+CeJQ0qY+kU69Ced3s
-> ssh-ed25519 bUjjig tvi0aragAV8TvSAvVVYwgAe4D/iFPy8Hmo5BFIiMigc
ixKZkBQDFDoM3ntd43TPb5gzQmJKiuYHuPRvh+wlLwg
-> ssh-ed25519 ZIo4kw 4mpL5GIsgcXQH3+DTwo1wBO2IGtwqYX71sSj3HRTUD8
FyiH/fpn6rFmw6L1nbxqnlEQwHdgq2kacvkl4dDSpDA
-> ssh-ed25519 9/PCvA rwGsoEUqcUK/bj0wpo/2GIcPgJPdUCs/y/0MacBXlTQ
4IRzAh7PgafkdUGOoUnTFZwQwpupt+09tNCuMQPtNow
-> ssh-ed25519 VQSaNw if6Cp0uuuBCn5/sIEhhiD3Xa3MGOgxNhpA5jk/sNaxk
tZLZbxe2EswPA2DOzm1XILWxPJOfvtQEBb3J/g7gOdg
-> p0A#yj-grease
GR/rBHQQMBRnEs3FdKUmaxDXNLeZuXXftbiAi+6dzv4SsZoJ5oqi4UKivc5DYLfO
C8GywA
--- XSYpA1AoDYYWRAjVBKAfn9s/nI7d6hE2j57BKVdMQ5Q
#žSõ/ éž5Õn%´ªžô‰w9EŒ­¨¦TüMƒýP»?â…œ¡˜(<28>PGrj4$*<2A>Cû èü8´‡¤ô¥Jpt=H`Âî½n
pvF18GVS3dHr2jiss4sn00UqVVM2f/6BmkpYMgAVQ3FNpgnimQGsgCssuBo3Hjrc
BTO4v2U6cQ28LTUsruWdPhRChT0zfGRtx1QIn0tPzy3XKUxjt2XkBeblxtLhCHmI
muQ0yA15bP+aQfZn0dE1Eb4krw1unKWE4f82L/BQ5Y/i1P2rubhyBhBoQRb6atHv
S2EWBafaNr3orbFl9FPMjhWW3WZX/zKJxlu0saN88I6ZU2967mdR4PogMpL9iqST
atraraA1jG6mR9Ojloyrf8FG6wTlplDlZk8Sgtg88FD1iHMN1q0DQv1LwRoD3QUa
ywIn9MABMufNXQ+jm/DQpw
-> ssh-ed25519 /vwQcQ 83MxgOJhIBBGU6IRcTQPtxtyR4MapAxhdKT634w/em4
scNxodN5j1HXOIPCB3glvc08Gb4wW9gmZ5gkWMCbm4E
-> ssh-ed25519 0R97PA LBFUS7zx26+rjiWqVwQ4UBqRxr+3Sx+j+GGrRaBbz08
fnFwvJz36SiKnEoJr+0+enNVcT7wduZUrYe7bWhyxfE
-> ssh-ed25519 JGx7Ng iXjAn4Y7+yHASx4ZbIrvFffLzgX52DbQy9hIcTScHAs
6AJZoV33mBryiCaquKTAkw8yB1NQs38QlG2p4LIcoMc
-> ssh-ed25519 bUjjig 0cqMXUVHqhyYhygR7meIyWRr/c7H8ZGB5eO7tTHhRUk
GYKKGB02ElJXpObmBJKF4Bvoswd3o83vvVYIHIpDprg
-> ssh-ed25519 VQSaNw xHhzKnYeKxrN2MJz84v7Mjg3Nh69UJ6Q/eAyVAvC3V0
/bvauGesQw9/tl4DhCNFY9Rq+qWv12O4TcqzdxTCWzk
-> T:){{-grease NuQ <}vLGT%
0JSFYPMWs6LXpWacfiHNdwqvs/eHecFwj6cg0eLZEQe96shxy8/WSUBMpgasKufB
Nc4tpfiOVWVRGm4arhunwJ+1sgg37X35PWde89Qpg5g
--- Y6N6GuCpRLdD25EWW+05qbUAadrT3z2Pzc5golCBHJw
ßNê¯3'8ú³€@/¨0,zWêS¦‘ï;ßñì)§e<C2A7>ßÉïèÞí
qMjÏŒrçHBÇR2šš E2H+d­% ¶Ò–®

BIN
machines/nixos/web03/secrets/dj_ernestophone-admins_file
View file

Binary file not shown.

56
machines/nixos/web03/secrets/dj_ernestophone-password_file
View file

@ -1,32 +1,28 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA EsnCV2WNHwC5zZpIqMiOnpixioiS32MkPW2gvPW0hlA
SdJ0CVIn+xIw851NfAVq2xi4eyIkjE5OBSjWjmXMbrA
-> ssh-ed25519 QlRB9Q pSqgkPUwNF0ahPyz+bRXfnJqlhiis8+JLtGVXMJFkGs
gEovHZ0L9Hf0FxITH7Pw82GmtpSry9AttmYyzOget/g
-> ssh-ed25519 r+nK/Q abHRhq9gLkRJZnW16AkJUNkuDkFx6ZEgcfcPKD7qkl8
TZOo2qI9wtTr5EFyLa7XwcNu9t4TiBTjYFfDcXF5WzY
-> ssh-ed25519 jIXfPA kBFUMktUZ09T8ujSXHRIo4OIWxIiwysmRv+UTiH+02M
TvefF7CMKZIASBYaVQA22PzLr2rgZ3i7Q8ENBOmpQmI
-> ssh-ed25519 QlRB9Q 0R2BthIX790DAiL36WPOemUa04tOnN0Drpg6u72j7UE
nFGbwKZvSXo0SpO8AMfAGcZkphcXhX+GoFxYwadNzwQ
-> ssh-ed25519 r+nK/Q cs+vGq5RzK/AogpcGjRG3KZjl4fp2Ghhv2ngHjTdvlE
AyXbgDlQbe3HurX7lodUrMZyRSWADSFWmTndnHjh0dY
-> ssh-rsa krWCLQ
NiW6aPN5sW1w8AWe66x5wkyJTYPnPqlmPdwkRMH62Z9rdRGoplPaThh46N1F7iSN
R7YfTRNy/xcSq612Wf1PbEGtcaEBU4snLwBUMxzgCEf7lLebnBFEv+wM46c6M4Vh
sRHm7LJP4EIFtC/OVi4Po3AOxnzWie6sgMtwVO1dxA92F52ANJm85+S9v4LyKf6B
3j1CTlQnST4Jz+NFR1lIWkAzawQkrObj1XNw0JjAH5cCFPNX8KJwGPPtRaw6qdE2
NN6boxJRuw015LFoT2REg8hFUj9mvKi1CF7zzAorlU8U5tGsTzWopFaz8sw6uw1e
hnLDEWU79TB/Ytc9mk+VgQ
-> ssh-ed25519 /vwQcQ uGDPoAidrjD4YOahlB14fECk3q7JYAgK2U3AwiTZp3Q
VMBSpbWgh9/+vNsxb31DztSAmuXQ2OT8PhGY8e5oEyg
-> ssh-ed25519 0R97PA dneC7N5KN3lOt+tf+SBVHac5PiFuzah+kxPCL7taES0
2ax/oATQ3RCZJrwa6rhRFjP/Pb83SE/K/JqzkDe4q5s
-> ssh-ed25519 JGx7Ng e+gbiPqeQvqH5SsMLtJjO1Yamqf/T3zMx9sZP/lE1WM
ZaLKy2fNia1FOO/8McmHLCTs7mU02UhIEcfnWR8Rmo0
-> ssh-ed25519 bUjjig YG96Anu4XdeqjveqgPKBg9DXRgQWzbZyqUh4zyp7NW8
XOW98Ncs7wa8+J7bdcni1BTvi0yt157YsqS37SyE1UE
-> ssh-ed25519 ZIo4kw 0bsqX9eZWnobso+67zX7mv4NZHN0iLJgREpEAjsSog8
chztA4fSI+l/hFC1JG/I8csRjW6nRL5nD8H2BIvKhtc
-> ssh-ed25519 9/PCvA u1TmEMmSAY01VT5KSkHIeGZyFR/AjO04fbdaQMOzWUU
KgNuPOluctxdmyoRQKGhxzUdM+lJYijOTZTppx1x8Ig
-> ssh-ed25519 VQSaNw y6+jgJvBopK1AkLk+FRsd1hOKyYhU3udCmpSqH73F2Y
qZyA/Fe6kxaIaYBtEWdIt69phdcpPgPr6hvHslYGZV8
-> ~Ef{]c0-grease ]bzX}@u' 23 } pjfN*GE
cHkSTFWSdWHGclY
--- 9GRqhQV1hb50rv2MYPgyJBP6eEm5KQUEUNqJnMMMx/0
j ·!½DÚ'×­(ã°<C3A3>!³€É݈ço&Þˆo) ü½Ô~Ñå
AnU8JBZXw8xIHA3L+220wCHwddC51Fx+sQx58tYsFg7eVH1NM2PKUr57a7+0KlxH
TkIDMUuBotY4QPA0tzv212wnWaTw9ddV+T+Xe+l7JNyurCQRj1g1gWP3NLYIyYFC
i/eXHg3XxByQG1BfBSL2nnUEiy6eJ2bLMFsJ9P6baB6hpdEnoFIuGdV4Bg3k/KGl
Zp+Q1a7Ov0l/G7sRCw4WLQtq59otI2lxeKRSonCqSNOmDXyZBr82GMr/BmhebtK4
h19K+EXU+Ze57lUf2kDCe0b4RSHbSGU1T1fSEMNcXFV0952r6zO9YClTsQeKl+ev
1O7xqUhcRXgFUbDYRjTsLw
-> ssh-ed25519 /vwQcQ AtEImZ61sgC2OzZvDldY7ttRf9I5+zmL2I7hZkmBoTY
zQiLX4L6t+jZqzAJmN7iuRTeadD1jbs3E/NZZj/25UA
-> ssh-ed25519 0R97PA JVheI/2kfdkqgM5Jf/py32lyYLtWjpmcx4zkHYMZl3g
z/+qXmvziQo8yZ6f+2y5XVDv6d/uAghCVDQ9tpLXt54
-> ssh-ed25519 JGx7Ng 41ZgklG6LmM5Mk6BkGWAf8N3j1safWPBKBAHKN2EQG0
yOiGIHkyoMFI6NQMLCZavCaz+qxAy9jhf+vctWQ2z4k
-> ssh-ed25519 bUjjig 0o9QkwuPZPOl/db1sQ9YL50DL1uyZqQ6ICxMEIupQ20
FwFbAYzLUNwoAQNcbcwWckhqRSEicQTe4O4BMK7wHyg
-> ssh-ed25519 VQSaNw iaWBGmaWmBxMJILFyob6CyVXyY24edPtT2itTQGP7xM
EGmCuYElC5EgwqXtcXLAy7nNFt75Hl/gAehvfh+0sgg
-> /Wa)P<iw-grease (;ag_e g#LM+oA Y n(M-1K+.
lWfOmA
--- k01yU9ZR8KIyG0JEfcYoP4iBlvqq7J676oPfDLpbvfs
ÎD—èŒ<C3A8>Ptáçø4Õ•?6”N|ÐïZƒ³åM/œqo¨[ÄNä

58
machines/nixos/web03/secrets/dj_ernestophone-secret_key_file
View file

@ -1,33 +1,29 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA iQr5+V3ESwwPQ0N5TWvKPQllxl51JbvY1pQ/LWFoGRM
mmPi5TEsoKaqqCNR9wFOW9m/ZO+LybILeAr0IltAA6A
-> ssh-ed25519 QlRB9Q uWG5fTIkrcvoZPwTjeUIvUBb9SSw/tqLVXQ5EgPEpA4
NxUobR435SRYhgtfqeL4nCTyBimMFQDeHkv1EXxyeW0
-> ssh-ed25519 r+nK/Q mWebzwprS5rda66lWzpTXkeLBJ1cQr92jt1IKiGuhmI
s5C7BIJioGzDafwDDsBBEy9FfSDLhVI8loGPMI59ITE
-> ssh-ed25519 jIXfPA hAdsxHTIT08JvDQGzY0Vz+Jxd48Kw3XNpf6TEjiGiTc
hZgLRBDGwpfIFMhTRExY6JJ0poJ+nqrBK8Fy3ukINFI
-> ssh-ed25519 QlRB9Q AyfmPVVcb9WVzrbyh2KdPQMwPypQ0uq3q6kkPFcMyjw
S2h//+6MMnUiBWrznI/1+qS83Gw1vpFmU8Hlma40bdA
-> ssh-ed25519 r+nK/Q 741XzH0HZf/y8HR1AQIn+qgn0+L+2kcdPsepRcXx7w8
5aNoPnRTYHB5FTXipQV+8C/s8t1s5/ZF9PwnJfYy8bM
-> ssh-rsa krWCLQ
O0u81IdCYXC/caM9tEUD21d06Uq+AEaUWauHd3T4uBzx6k8KxZQsXL7FlmpyHMQy
jWKX3lni54qWZqyGi3AVBWwrdT3C59vAUUtOPsR9BdhuETjuNhUVgOQhfygbpNTP
Z+1xv/H+6iY4iaijkneUqjO+Zf8XzNiBjV1jxAEgVSMAYfYi2IUKaNGfTCxsf7z6
FbcOZiwKffzF9ml3jRbi0zacy2YfBVA3HLtr0G2konocqB2blx0yQx+CUN66vODT
Dg2Rvjvxj/UILT6DHfhSEienmIyRVcEV4FMyDRAqVnSWvY+5rQu7Q193lsdwxu1V
imAsspRLp7cLTHO13E7HEQ
-> ssh-ed25519 /vwQcQ D7UkEEde5wt6JLVwgw09YpI1jda5PpseNb3/oYXeuxY
mAyubu6vZt9WGQz7LN66OFLysMJnggQM3Lzp1WL2WIw
-> ssh-ed25519 0R97PA KELROPFrMKhwm6qZa3pDGUwL46djU6KXuEvvJdvPVTY
TLnuP2JD9KWnJyFG/TniJ7SZA8MwEGWRm/slgexr6Ws
-> ssh-ed25519 JGx7Ng frq2JO+UyHShB9/ho6SSO4gpm1x5gsT/FWNcce4FejI
0yjxhYvLi6BJCV04liQ8EUfvd/QQDfvQW/+69k81SLI
-> ssh-ed25519 bUjjig V8kyKJYS7AEddNQ/A1dDofL72gZhQx8S7CWXXDhO11M
70GSlCUdlM1C2TtWO34E/AeP6ESA2q/2hiRsG3yKa5M
-> ssh-ed25519 ZIo4kw Q9v6Hj82FPt0vOADqZZvrA1C5zw5Xi54TdkWFQhY1GY
/bbWn0eVMOcKMuxhSlHL5YNBAdNGkOEWDtKFbXfl5kI
-> ssh-ed25519 9/PCvA umec3ZH6etHJWPhH350dg89jPisIen+g+V1biOk8uQg
nrkdFNMpVaeYmxaXh9f5ZBwxjdPoCbbB0NMIGP6rgJA
-> ssh-ed25519 VQSaNw jcBuMSisYemI6teXpAXmIfzmkCnQRUhzR02oIED7mw4
mRPa20AN2KGqp5Sh5rxqMbTLCd6N3eNNNKRzu1TrBN8
-> ;yNT#P-grease bzX
MQVFOK4d6Iy4B1TtfEhvVM1nNBec24na1BPH++gbZE1n1dHxyy65O998u1oVml/V
3PBkae5UTR62Hm/2oSTih/TIfGRSzT+MrjxzkRAxsWFaS+wNx3I8J3/kXg
--- cevd2eHQSfWzGNPVrJB3XVoqxblBsDQEKKQn2HtbFBc
¾‡ÃŽÌ¿ì +^FdÎÍ<C38E>†Õ^yGx·í$åF7 <öŽT»¶˜.ƒ0µ ³ºOÇ'“â9ÕŽIxÕ³³ï_ŠóTÎŽ')“†<E2809C>Ý
HhSOliN7XQZngyyrJ++S2JMBytkPjSt/dEUlJNbJP5n6HY5H7QKqd9rsc4LLu/Hz
BXKC9T3IVeuabMPNOBhE6SiOUejGv/txbMHPMdPTCju6JL4wP/2gqIK696kP62pL
CAS/cOZXrHS8etEFkpqSuEVquNIXbivXNHEwFMH/GkNut0SCpafvQHrN1wZdveH5
rp60R9ULzTzS3ztjEomAt9gWN6s7CtqZEozCMExPTXSW+OmBJprY+/Ae/uxeKZMS
x6pscBbZSEazZ476sZCWKTpeej7iFlSrIvLfkwYn9PtKqmaInoM/0F2thkqpVPkZ
/pcg11dUQpXJdaIiPEowlg
-> ssh-ed25519 /vwQcQ m01BxY0nPTfcW0D/iFRbCNbFFp+lE/XLW315aPyNbTM
hiKCfZH9k5GcUAkCJ/+x5V20SCeql8031lOge0Y9WXk
-> ssh-ed25519 0R97PA oGfUKErY65Jd0ZlcVox/HXA3itOI5KImRqDwH+UR6XI
32BtXjqImmG6TjUKoDU2QaJiMxldZdZoAP9SKPfGuHA
-> ssh-ed25519 JGx7Ng FJCtkG+Ig5dC+ftTClgrKtIt/D8s9Dr97eWObbNEZDs
i6tf7p5FDsdTZMJuBNmcTgVnL6eQDZFkjjH7AaBakqE
-> ssh-ed25519 bUjjig mOfri52IdeSNAawjBR5rhvL2eZNlVOwYK6u1uHv98xw
nx0Ko3omL+OVq3JHuCIacYfjn96kb78IgyvECEGq0G4
-> ssh-ed25519 VQSaNw gEQeKOEwwR8QlykdFlo7iqrsmhemiS02v8Kfx2ER9Xc
jpAEZx64/AXpA8HahtJq9OdcZYbqIFti5mxaPztvul8
-> $5-grease (y&6%5f<
YSrHrNaXa7b7Ivv1yVP3idg8t4iIdu5NX3hzczFp64bY7Bjp/g7jK+bWnDG26ryd
G+fhmUbFuDj8ZtXg6yk
--- YmnVS7kPp6h4pC9u28A32/xh67NwhIXwB1dxolI1DCg
.¼Zs‡…n} ®ì,èémõR€ÏêeÞ)¾bOª¶<C2AA>îնܷ†m8¼z£RyúìT/¦@¿CÜÝôW™¨F5ˆ?<ð.[Ö†r¡Ó[°M

BIN
machines/nixos/web03/secrets/dj_gestiobds-secret_key_file
View file

Binary file not shown.

BIN
machines/nixos/web03/secrets/dj_gestiobds-sympa_password_file
View file

Binary file not shown.

32
machines/nixos/web03/secrets/dj_gestiobds-sympa_username_file
View file

@ -1,32 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA BPmZDRfAOk4XKTzCbDP6g5A5rBkiPT3XYNJ7VYi4zDU
hpR40ckBN8fDmn1zJ1gsOIPNAL1nQQSjOykfC8Wmvlo
-> ssh-ed25519 QlRB9Q VR4c0MXH8TqfVl/jt1H+c7N1YZxforsbwfUdbaftwgI
P0ID0YN8g0q80gCNVy8/CesgfyNM8Hgju/YFBNNc7i4
-> ssh-ed25519 r+nK/Q 1LnsAqB3OHqlvvaGxYZFvU8Oa9Xvjrp01sUDjVOO8Bw
Z4N53ptx9ezp5Z0e8wglFN9YsTC2Wx+xcyWphqEN+SQ
-> ssh-rsa krWCLQ
uLQNwGSU9U64PTg0FB+C0NbM50mCsPY7QZTOe6JU45KRB6QaxMPRFTf/XoAmKd6Z
LiwXSODmuufSqBHT10ORDC20VHVY/5jE0OwDbO3PQNMOxSqlbDDrD6HKONESIvwt
+xRK5QvALr9qtOUQIRdIZWR62IfJpeCHsw/GAuyqGDoQiY35QXU3+54RImQXbdul
7EcZDkuPORUN5mLkcwD6Qal3LlsvppvuzbiMoM2Uf+V95l+uye4b60mr3tcuyu50
/j9Kw2bcw8/3mRxvHHIm12VkWJ7RxOKh3ZyqENOovCVAjTFjFg2WNaTQgjQyz6Q2
u/Y04YgwM20W+RfZVwy0fA
-> ssh-ed25519 /vwQcQ VBfJjQvfTB2egyV6ROWec4PHogtHvA/NwDsTIAghEyM
XCJUP4HyX3VTPcJie0UlCckTb6xH6t2UtRnYy8iAiVo
-> ssh-ed25519 0R97PA 4XLCUKQqhwcSNlGPPux5x5SaQJngLXtxnEzhvZnaYFs
i33YipEo+eCmsPXHUSJUSRcVPy0icME7p/IHfsfH3v4
-> ssh-ed25519 JGx7Ng hwjq+ArsRBw5hzQqWjdiAiYcgdKtEnOARCW8bKx5WhU
hKTFWUBIEL1yA90AxvP/zKCzslhX6f+uKBbAiONyKRM
-> ssh-ed25519 bUjjig eN6ZA6ZFTAvw6ybUhpULEliCF3ylYolKoc7Q4qNb9QE
irRbRPuK5DbNedgrl1zdvlsekKbr6uTrYQSZToUnuPs
-> ssh-ed25519 ZIo4kw YC9n67JcDrrXEvCxScfic1XxAp3p+FhMYs5f+gwMDiA
mpQSeWFRedr3N0NVx1mZIfyHvYBSPlvSkX4aS180qO4
-> ssh-ed25519 9/PCvA 9z1Q3HCLVVGoCRs/o95lPay8tpF3AkQCsTFoH6pYPVs
kLQufNXzg5Ilhu+AnXg0q7O//cG99k6XUQFfeV3xBpI
-> ssh-ed25519 VQSaNw P5JHIXN0XRL76iZ2D9h9qIszcJ4iU7Nkl4loTEAk9yg
ggCMz8DLzprbo26Pg1EPmsDVAD9TxNq70N3pve3SdgI
-> 0-grease F:o
uui5Q+g
--- 6FFZScIxri+ww/0vzMlzRMdyiFY+wP7E5b78FK1XTSs
ネXメ -<2D>=餃撈卲$g゚棚S艫ナT@*暈ー瞠<EFBDB0>ニレ4。

33
machines/nixos/web03/secrets/dj_gestiocof-email_host_file
View file

@ -1,33 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA OokbMT7prPJZJjF0p6QIntLClz6D2sMUbe01RUW3BCI
hI25+2VNfhSLlXbJpvlU+Jv2SnFHOONDHU69Fb5X1AA
-> ssh-ed25519 QlRB9Q pvt/09oGgvlSl3KnJ5WjE+Eg/xD0eZNuenoz/e1SBFQ
ijatvoxkfVhiRxBDV4Krns2LKf9fcZgFe1JqmQ6FO0c
-> ssh-ed25519 r+nK/Q 3INSyjdy/Er/v5H9x5lqePbxq9z4O7jKg21J5sTvJxI
Pr5Qtf6v1ubDwB+OcfaUFKnoVAQrdWlf1QVfmXE9XAY
-> ssh-rsa krWCLQ
lEqyOxr41HNiNbuj5Yfrk0bVyfmCCIFaRR8ooHRQt2zr/Xs4DwWuuLjaReigbcTD
hunJFmsGO7A0kcsREIJ4PED6bIfNqau5H5iNYByVS3u/wpiFIrdMpotvcmTrcvjv
VU6Hd8t3EPBUWr0mFYk9pySve1rjtVatt1B9dIVQoWBfSy3NGTIuzINs68Xq2gF1
p/cUNor1kAOWm+tVJca/lthne/iulZF8+WwLOvaVM3OUS5Nkhe7tGAZ4xMoJ99UR
X8S9PSq6k+FTaBIse86/awGqxsG+FMCQ2P0KQRcQ3Jw0gaglhMv1BfeLVkQBqV15
X6/OD9QHft7ZJqp5bA1lbg
-> ssh-ed25519 /vwQcQ I6wGOkDkU4zkhGi9TzQTSpt/lKcXsvMQqQL9R97DbX8
KRdXPF7341KetuDotzj+CbzH3QvYBOUZOsuRs6fpvMs
-> ssh-ed25519 0R97PA fzovQHEruBaBn9nbKv7GpBAZFDYqhUTvhkF9WRqmEAk
1QKpz96s6bymkJJvA4Xiph0/76UM2VEiSEy88sJCzSg
-> ssh-ed25519 JGx7Ng wg04iyuGrkafjDFJR8CNYx65TItIV4O+l34sWirjdEU
x8Cd2YyQbOn53zx/SDRtxtj58S5EV7Pv5cb+2wW2n64
-> ssh-ed25519 bUjjig 8AxapWt5E4GIz4KRFyPN0IcUVPzlnvFoO1vPWoYV5Gs
B26oR1JGchThFOTe+op6cN05mp80wF3FaU360fneGKs
-> ssh-ed25519 ZIo4kw WGuR+yNBVfZ1iJB0LRjCHWyFaxiEGiIqXu++1ZI3mVE
FD3KcCScrbCrNindYkbf26kWMXCtpasHIoe+5Vr8RfM
-> ssh-ed25519 9/PCvA YSp6DaDPkilW1Brvxbjo56fffGL+zfilYjtsQKC7aiY
Y48wFLNgQAgFnKz9mV/1vVRUZ6K3xDgGYsQ/lhCjK04
-> ssh-ed25519 VQSaNw U874flU9cCoV+PECaYS7M9L93kjGej6618YTGfhfnng
T+azIdtKrZll5R66g95lvUsTmO3HI96A8PEJGqi8J7E
-> {X-grease l2'
fnV77WKZsp8DjL9aKhnMBmmbMoqj0c+V4i65+Omn/iCwz8rbsZoURxiiwN8cF157
yCV8MaGVMTBFBvL73h3Sjk7hxLI
--- TNaYRXelk5PNioHcYqgPDiKl89pF8zh2L8hdJagRsLc
­TpOdE¬H¢öšÖèp[&¬‰[€Õ¶VC~|·c5Í þh9

32
machines/nixos/web03/secrets/dj_gestiocof-hcaptcha_secret_file
View file

@ -1,32 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA 4hjU0on/SxbPxirYIlpFSJBRjmO7S0QLPx4unF6hfUk
KwHoWosU33Q9DwOjg/6IlR84EsowxRPH8OE44c5wJAk
-> ssh-ed25519 QlRB9Q krNkxhJc6YaWiKFECX6b3vrd3L2P57Mw0/78Wr3TrCk
UzxrrJcHKUUyBcxnT49T69fUJkwEZlvT9URxg68yMHU
-> ssh-ed25519 r+nK/Q gqDzS83j1Borr8LCP+JlV6GjVyL3aSegvQbpWzbxLTs
W6t7d8ptDk+BalumIrGpgKIK4a/6PDQjx+px/Ke74T8
-> ssh-rsa krWCLQ
gGtH4clOsmZ29CpK3zLvr08jXo2PaOWjhtSy/7IsqwPcgIlqfnvC57jkmxLo+R7i
jnvJW36vj2Z9+zdyh8R8r/bjq+obM3YejNa63CU2VUWfDMXJ6cLbH+4cvApjEHwW
bU7JpA42rIuBa1yOEfwCBeGZSPejn8SE8IGVde83lidHyDbE5w11tM1uZs7p6g+p
iFAmOkJvMfeL7IySfSgKrbLArvyiJ4kKLKnq8GogbLH9K1NoEJX8AgCWW8sbl53Y
6atYFVEoBvXpNIUBUIGbIFCxg95K8t4pTLT4NJtBYPSfVajMvgfWxYb0llaP9vcF
pXlLJXmK9R2mbUXi7q9KEA
-> ssh-ed25519 /vwQcQ lSlAg8d/doQev0BY20FIer1HPabfU9S6xiraYkUi1xk
X5VeZeE4RBb1BmyCsUeCih+Jza8xEMtXOEorbxc3B1A
-> ssh-ed25519 0R97PA kMMyu43xgEhvu2EQradSUio0OBPrlAHbAICkAgwZCE4
5FKRscx1Pwbc2vU3P7PVeBI8H/b5Quu1kBYkBhh7+ZI
-> ssh-ed25519 JGx7Ng P0S73HUrNcAPJytI06avYJNmzb4hEau1MKZYThIAV0Y
VD5nM4kNkBQ0ZG4tVAHEZIGgkt+CnM4ww0QR/pQIwWc
-> ssh-ed25519 bUjjig P9MW9urFRjMwFZeRTQgKKLcc8gYPcKTqRYNACheuClw
i4d6i6UZP2hwUa/EKGCU1UFYJZSz6mGjE7o3JvkhpCY
-> ssh-ed25519 ZIo4kw 3z0osjGyfGZOZfFEG6T+oEi29zzOKVPhnwiPvzW020w
9Wb+jrkd51SQeKN3O8OUCAdUQUldAGFe65m11/mnal0
-> ssh-ed25519 9/PCvA qPVRQCMWfsiuBSP0uvatMcLKob51pau5r/DwZGzq1TQ
D9K6jGpeEJWUOzoA4UUN8AHMw5V04DeCwWfMV5QNWr4
-> ssh-ed25519 VQSaNw t8xP6xwwZ4a0JHQEB9GwpVGUZ8v2FLBmhK/61wLGm1E
3PZztuUXXj2rIwHGsuXUE4MB312n8346/ItQRpZDfxk
-> XH-grease b# H& k
MkWCQvMT9aQ
--- nV69zhB/4Jdx1PcW/pQwquuKqhV+AV5+fwo31uyLigE
ムR~晋・ ソ;<cニマ薈dq@)ミ<>гjォy:<3A>=<ホSaCユr銚+Qd+キ;dト豊svヌ,L、Enィ゚ヒD・(ゥニo-

32
machines/nixos/web03/secrets/dj_gestiocof-hcaptcha_sitekey_file
View file

@ -1,32 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA eiXeHynuVt1vOWsD1no0TMqttRm/axLW+wIzNraSgFc
D8zX2HnSMNHDQTM4cJCSbQ+E4AYOBcF9tS9184zZ3GQ
-> ssh-ed25519 QlRB9Q 4A79ltHT/OMWLAOFqzxOB5GvueAzYk78A5yhupFcQHc
iJrSRMEZOwYcx0rLAccAR6GUnHkZcSrKoVt8ioULwtc
-> ssh-ed25519 r+nK/Q ZWZri+oIBCPQnil7LxJlCYy4j4I+S3fElLObh9ThBjc
MQvVix1wV5/CP9VmBZD6+wValAWNSvaFYSbkL36yzxQ
-> ssh-rsa krWCLQ
RvlP8fkg/HB8T2t9uo8A0zDddmVAQpEbK+AEF20ng5Zt859asZnc/1hqvvtegqgu
xy592kzvowErfVgjMgjpN67tlfb0Kin51cKWc8uAmeupDh2ydacjMwnJ4UdL/zCM
sHdHIcCiU9SUEEOmFxraJL43G3uLTwGMzmLOUl5w0d/bVT3ITJNlbz2Gse5EhvMS
m4o9KKdhXsDcq8AOfZvfOwxAJBFzVoN4wpyfwBeNgnoBFGSS82YECEP/2vN6R4V+
GZtykyZuHfcllcltc3lD4Fqf34N4D+el4vu76rBh7RJxuPNhILZewddOrPajnjS+
2b9GzwWrC639Y3ohykD+YA
-> ssh-ed25519 /vwQcQ /jHt4DyopmM0mOlyRExPLA/10oQeOCotPFdMWF+WeAg
3R08vbxxk73QzV5QM0TbAKDkorXqWYP8VlnbjZQXImQ
-> ssh-ed25519 0R97PA Dyc3Io3Hq2rLAhnbz9uf0H1AfwqdNOESkeBz8VJGlDU
932XLP4+5fH8fPUPzSB9JIQ3khM7JYzy/RNsZprJyg8
-> ssh-ed25519 JGx7Ng uf8A3wocRRwdGWnYmuhhtIdUAZiWRgmyHUOMn/FLfRQ
x/wmMb4RLUhEu8JfPKocVRmS4iIf0RAu12QRU6qBBDA
-> ssh-ed25519 bUjjig P+P1fUaxBe1lVmQ7ZKAf+XQFFhiDdL9ExDe0/8wDGzw
84nCcZIQcrxQsA0Aa7pY40Q8xYTIgB18gs+3bdgJlJI
-> ssh-ed25519 ZIo4kw +DJO5S5V/9p6BadHZu5VmMMs2gdM18OJ9c80O3nFIEg
zErpydt7m7hllV6X6LGQSRYgtfRZSPxxJR5md3Qttcs
-> ssh-ed25519 9/PCvA DW5/eJkVAy7+PmuNgydWMrh4szpVMnCkSDA8HOyvc1I
ezdYONRrTsg+VNxsqQkgH5BknlPGNgYPH8KRE50kJd4
-> ssh-ed25519 VQSaNw 1JZON6PDffstIzpfOuwGbyTfCBOIdhic4ofFyrWr03A
vAqaU/gjx9pbbMlM7AMCfaRxPzjXboqHfxIcfJoCqHM
-> 1[-grease d)j#.:d PS@ #zRnlcP
oREL6bNfh9sWMBs
--- iq9xOQojdNrj4f1llBqPDoxmvHOY+grEvkAl1GtHcoc
œ¿£¬õàß2²xøeò>È4Ý!Šôã<C3B4>&Û+;ÉjŠØø[óÈxE¯üsF BÙx§(T8ÚÆë@“«©®q×¼·À÷&´•

32
machines/nixos/web03/secrets/dj_gestiocof-kfetopen_token_file
View file

@ -1,32 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA kLeGA1GrLQz8oC2ughSKkAZlSOE5FB5EaHCkWg3FtD8
+DynFsHlO+mQqye5NhBBLghGN4NSvChMaYXecMFSB9w
-> ssh-ed25519 QlRB9Q yy7I6++wiMC9xDBxyRqKyigrVfEZWuDtTklbjlum+j0
8pI0hrygKrYtvyEvE/m/VYgutJZ6mMKjFks6JkeIfYM
-> ssh-ed25519 r+nK/Q xDOAAqSWFSvcaNqJeXz0S5O9G55GJcom6IjZiuuFdXs
Xbseehe8YvEWrtXw303pCLoxOJyj+ej1A7/XuRexU0g
-> ssh-rsa krWCLQ
netYNZja5O0asbYGRQpTUfPSvo/g53Q2IGLU5Fx8b8fxEiIA3AQwaZg1wzgzfSfU
SpSLydASjukWl4tGuQYQpVXMCXlAPTREnsl3iGf8JZGBRyc4GuVx0cCXV3LSmH9i
He1/Y7fKaOpfoYQkWsjMDpYufiEZTtBSiRYTtdE1XySqyQtsdd/gkStk5AJui6v1
DhILi4FFKzXiikO8ul1/zmLSFyg8swz0VJ9vSFAK+nP+R4SasXc0NdJLyw6Vn7xF
+DR7gzHG3WUP+9c4LWY8pbfLvcwe5/caFtzXONU0jV7itOMpEnyDmcjfUAT1SJ3O
ZaxS0JpWYEacqj/kNyPoEg
-> ssh-ed25519 /vwQcQ lv1c6xd9Lj07MsJ9ErRGma/WENDa3DKFU0BPfRMtzA0
VFonRj0kvHwr9+2FnI9LK0Z80HoVPLb1fv2piPhcMC0
-> ssh-ed25519 0R97PA 0xVsflR1l7Tr+RxHYJDjV03cBtkN5HEPXWYCce2DMyE
F6p4PO4TbGzkO4dB9UOpkpS9wLAXMM3ev0kQc/ZvkoY
-> ssh-ed25519 JGx7Ng dRXolBjmNvpmqhhdck1a+pHET1md/YnDLGsOgaaWLnQ
VS9uaxn/wH8jxduz5z4BmpsxngG6HydxPVUMLugC5Co
-> ssh-ed25519 bUjjig jYoJtlMUe11fZbly2pM9EPmyeN+xdCaG3TDBGn69rBY
sFAEnPFVdt+qwi0qb4S047UqMk1CWwU/EKbEbE5cm9k
-> ssh-ed25519 ZIo4kw KPlH0SlnaO3ogLRvDqX2eWYw2BvoyloO3IO/3G5MGy8
CMjejAw9296aBlesgbem0fo954acGE+gZPVh33WS6XE
-> ssh-ed25519 9/PCvA /35Q4xJQiTQn4zDBdqvNOsM40y2kYHuTNRU0P09Yeks
bLGA6lQxuMYN2onRsbfS4tWBXLAVFIHvZ+S4D+V94NE
-> ssh-ed25519 VQSaNw WaVOWg3OPNFjkXxGWfkjPn5lJmbpRDLskeU/HgL/4zQ
K8Mhr65Z3loFyO2NTRQYwFkTyOvNG1Usf7POx7UBcQg
-> H2k-grease 7n+C e'fuzViT #w
bUaQJ25Xi9g
--- cwW+MFPovm31sU8S3DqMm0NzulVqOoOZIC4NhZgXBdw
2Õ,.súr¸§¡Øhµ³š È´úÁ[* 8òyIzK`¢Çi7Y·A«ýÕ0ÝÈ:H,

33
machines/nixos/web03/secrets/dj_gestiocof-secret_key_file
View file

@ -1,33 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA Mj+RSpweX+puapfgXwuaUu7BrEG0pJj+Xiadmgf/KEI
SVMs6gtNgL7PzB+C31EhrRWhPYWx6o/zJKud7NtVpQA
-> ssh-ed25519 QlRB9Q a8TA5GfNMxx0SffG51n+Zr+huoXvm+rfDZiPG0cBazs
lRct7Cr0cfq98WzV/TmtFCfKjHTFYlYCRWsIBwWgQvk
-> ssh-ed25519 r+nK/Q kFeJYAAzpIvp2HQNuZym2U6BC5oh9CfYoUcnu0dViiQ
T0Y6C+/xNj1/NRDrgyPho+JF2SdlA4BpJXoxobtV9IQ
-> ssh-rsa krWCLQ
GSgK4NUuQ4rZgfYdVOtLydkgWspFtceILqTTWHGVDLxT5es+Iid4ccO06mBWi9p7
LUJYEeFhKExMS+oFa/AG3eCpsqsw4Bq62joN98R7KCHWm3fbL/H2sfmB6f1HHyIj
BUoPxeJs6NDO6KwqJS7FnUzYq5dm+uOW7KdkhLpr4kjaSG2QlCpL0GtMPoy9wO8S
4NVZFO8oS7hHYx8eBInSj5hNv18s2f/MW+yR9VYOnvME81qhAWWK0R6GG5R4pGgw
RbNeMXpn25LZMlF1YQNGVG6H8qwHw+9pqJfsnSeiYou3j6Mn79BobpGo41wqC/61
WJwuloeUC5m0CLburddxOA
-> ssh-ed25519 /vwQcQ d6l740FopulLX0/HlPqhy+qpEZUbJ1zKmXfWq0wr/m0
7AaAghPmeCpKhzXtTL3WygI28xNfevpusy31KRT5g6w
-> ssh-ed25519 0R97PA TWlkPlYgaFQm8yDwv/Jot/VVJerPdA/ZkF7m4vsB4ng
FWaGESJf+1l2bhIOyJ3UiSE3W/olLpsMgQ4Xph7Gy+o
-> ssh-ed25519 JGx7Ng 6wBbc7hTwvvWu7pJ+cKx8dTvUjRgBt30h1GU+ctVSTo
Mz8VxcpxZr0lbk7P0sA76CY6OhQuCHlOXn7ZMeYA6j4
-> ssh-ed25519 bUjjig qnkM/4TCTmP7XBpfS17I5mKq62eIdROnOle920ClmDc
LxrWclVdyAh+iHrJGvviyZiboZDuq9Sy1eDjJDqXO4w
-> ssh-ed25519 ZIo4kw sn8wK7TX1viq7lqVkCtyV/BRaLnfFH/PNYZyJIYsSkU
gLqKABolumlpG4kX0j+DXqE6ItqXb0USFwCeofxPg9I
-> ssh-ed25519 9/PCvA 5oHC6vK6B0i7xOE/X3K67QkEvJNb/ANIOrTsD4nJo20
vn+DfR3JEuT4/iwJoYgO5U6skJTjPSqNhMDgR8XO2JI
-> ssh-ed25519 VQSaNw AOGX4yvO4+goAjFeS4vrUtBvKcIoYqZtAinPEQL5uic
aanxEX57O66Bl6hCeiUtSuRPiECeO1+RB3Gtiy4mLwo
-> jb1$-grease :|V57:Gk LbZ`
WDd2sM9ngrVkA6IV1XlsFVIM1nJup9Po/5FmNtO0OgAfrRUAiUBmY8cgMpl6V8o/
mRKo7HprZ+kloHVuJO+XqgLnGMuJb1GPEt/Z6PV2AedrWwF8Qw
--- kfO6xPGkAx+2canLeho9W6j7Wim/BhboAHQVPeEuDbg
ßµdâ—>dvC¢ßGzqo*<2A>B .·éÖÌÍ£oÔö._.Ûq<65>u?ŒªbÍ4<·ªÄ®ú¦õ.E˜ªã×N.=Fuóä´Wf$¦>ø*

32
machines/nixos/web03/secrets/dj_gestiocof-sympa_password_file
View file

@ -1,32 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA DOvwE74iP3OrmsTCdOtRzX5wzulOrKWO27V/Js2gQWk
lelv6pqnAIMMA/q6T0M5DJjw8GduaVZSFVxafb3KRwE
-> ssh-ed25519 QlRB9Q JaubhHgX/Td97DNgU2VjjKdHExtVg7uiBcIp7vtcBWM
nLpFsH+Wct+fOuAiJzmb3vxg2mGNo+KP598LD7q+E0Y
-> ssh-ed25519 r+nK/Q /eiCAg3tmw91BtrWaYw5GQ0yUgctzv7umLw5oyu+XXc
6qH2S2w0KXh4e3VfYw1dDbsk2qHdxxFlYGxKQuqZZUM
-> ssh-rsa krWCLQ
KEpmxnfHmqfeB+1g6YAY3Dh49Vi0fb/St3/nm9MBC1iXXg2Z0AZwxT1mOewZEPzl
JeQBxxtgLltU3MpkGHmOZfSbQ5fANIleRqjWX4khHtquXjYoUEgCzBbhBz4rgaRF
aSbsu3PNEUTEJykE7eZZOc2R4K2xJoPTCvc0qXBJYNqhjg3aAZ1y+mSspf9JUQeK
NwdLXZRNbUQ2HPYwbkXbR2/ET5YuNF9RqIrCQt1k8n0xImb0I2mTZU4ZIJMCXYDo
38S80bY7h/mrrb8wIqXE/yqbCrANkRZLzPDTDYtoI64XqjjkkeCaQGRt/pRJHbDW
4EXtcaLMnhLwGAvMBjzEkw
-> ssh-ed25519 /vwQcQ WoWf+dh9BQUdhgJMCgCFHMY8I6PcaSjUbDTMO8Bpnzg
FvBY2MZC/1aurbcs6ktYHY6pG3cAbJL4d8nylNKUqGQ
-> ssh-ed25519 0R97PA GliGVV1/sGa033xlhcDJZGLF3xHmPrvYKhZQg0w4Qjw
Gn61VstI2qAIDpYbolHfHBIw3cWr0JvRyVU8JnEYlE4
-> ssh-ed25519 JGx7Ng dskA9zgaLaMbBrRXZg8hT2XpH26iwQbmtZKZVrASgkU
zrkfE+ibw9TXgHf+3ZBZpIInwFD+bzen6RIf0yNVY+M
-> ssh-ed25519 bUjjig 1kjn2m1NxrKCOuElJNHMWkcqPHgLGrdyFNq7k/OrLGU
JNn72hRd39El37S4WgmEjNzI6W0R6KHnaamVbyThI1o
-> ssh-ed25519 ZIo4kw F5vezjoWzQWToYf36Mq/diaNMTKorKIQg0UeROL2vi0
UlgFh2h9bCrF5g2s9EuV2KZLUB1MSjWuJJ6mM3Xo+FI
-> ssh-ed25519 9/PCvA JauUBQSUBf7AFWnY5LyuFOdyHfzBCBMR/aqnXEw/hnM
bvBbFLDFiYE0Fk+Zh5rX+S8MD61roomfiS2LBhzJjSk
-> ssh-ed25519 VQSaNw QnQbe+gkAk3pqQvR2YPqrdgbfSfPbMmcv+0HfABT4kA
hAaebd4sdK/VPVpIRoQEG4XnMGyQlxjDoFF+7sb46dI
-> 5_@^MRlh-grease 5
50UfFPahorsv5B8WxLN4tQOZAPOrHYAJYYLsBwrKWHTCsouct/zu/ppMKIJyog
--- gaRQJkyCTtCiG7rklroVvdPbx092c9rGUxAqktWQ8l0
{ðP“=­ ÂÈé㠆ϣ ôhç̹JéÕ|Bp¨”ˆò Ø6<12>öŸ Ô¾Iâƒ}‰ú:ß¹,Ð.hxõÛl

32
machines/nixos/web03/secrets/dj_gestiocof-sympa_username_file
View file

@ -1,32 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA N1vsOzYsWwqsv2IeSCfqnpdIqur3+6o8oe+YbYmmNDM
LQqUD8faNqEg21ZBYLQ2xwmfBNDk9q43lpN3Q8VWMzg
-> ssh-ed25519 QlRB9Q O0W5sqIViqPEL7kby6l9Aj6V1N1jSKgU5+9iW4B5Ol0
/mDHkjw93UFUFJAEEzICGeHwd9sanvMcUXU4xoKkPIs
-> ssh-ed25519 r+nK/Q U3Pny6Va0B8QQ6hTPN0l3tPoO/qFmAVC4/2d/x/pmGw
dpENAFOFEC+1FJHXBhc7HxPjev2KqKT8X8ayFfhLwgM
-> ssh-rsa krWCLQ
DBVzHje7MNBK65yLN4S9Z3G1vK4GhwZBQNqyzyNs7bGlWVIy3ZQACkT7rTmnrCCM
uNrO6lRso+sau91e16lPkYxG5XkKfJ8APuXpVTv0d+AS5hHluYyAzY9XaA9Ie6jJ
Q8A2IWCUF9Loj7KShu5BNWTnchgG1sIZwaOGG4tr3xn42Pvl1A4fmyIxjx+xGiiy
d1gaaFPpk2TE6owNLZAGyOX33/Ppc+mnUcJwDqM/5O5zv7UQ2K0XSk5uvUHmVcQx
pIsIhIOXUtQLr+/E6nNDhBGYtdlhmuNIiAdVWPlBUaowE/tpffkKRReM59G9y48U
8z1VNrMRXhRqd7oZnRnFqQ
-> ssh-ed25519 /vwQcQ ED5ahBRsHSt2683QUYn/SJ02hPRrbv13IMAsVJ1oyHs
H7wDLtnHXcyGOiLTMxNWNhWDikCwvCMHXa1kDbuW66k
-> ssh-ed25519 0R97PA xrqvY9+rjo6txooIwUERpGSnfYA93xSDByyxZK9AN0A
fnfq2fCbO5W9ig7jMB4f24WZoyGo9h0Q2sKGhkqB2XA
-> ssh-ed25519 JGx7Ng T831q2KWSxBKmkFkXzs7Dpr0+1M8Xi1lToOa3T7/MwE
2cg2MBO+1lZ8fiwf8PGnS4iYK3RD6wzd1rrseLNYp68
-> ssh-ed25519 bUjjig ZOHRk2Belx0dg9T0UsOXsfGa0HTKzy3tLuvKv1NfZW8
A6ccwGepjkpAqe8A+1Z9QjlOhGS+pRG3hP/OSE0+iNs
-> ssh-ed25519 ZIo4kw Pq8ZGC2qkN2mzhQgyfM2x4jslpQc234UINtXUiMGwwE
L+zFnX+PrUsvBIluuLdd2wWmSD432mB3+jHjkZsnmq0
-> ssh-ed25519 9/PCvA rDyI/wr6y1C/Ndi5FJQN8tvUjT3dQSRYllV6gnQX3GA
R0YNT6e8KKVTCbv0I417S+dVhRf7DdsRzGaciuZkvio
-> ssh-ed25519 VQSaNw uNLUKcGfx5vZA5Ds6EMHRa72JMe2UlCvAcl1sd6u2G0
PhYZWAXLrwdUhpP+buJj2+MVOdMIr5wgAX56VXtdL2Q
-> B-grease 5AlSmu%' B1 <W
oM47+2XCp0HX25MMJr28IzxyzHlRW6qqqffgL1KdlIV8CVvQ
--- R5FloNTR5d54U8LYdaPQGzvntJ+wHdSCJlX+Jcp+D6I
±²œŒ˜óuäsò<€aÍDvžu«ÂÔÛñRÖ$ä^þ–+÷hc

59
machines/nixos/web03/secrets/dj_gestiojeux-secret_key_file
View file

@ -1,33 +1,30 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA F2yLcxiPRV/Zcvrb+BPb9jPv/aPh8COXxPhxo9TE1jU
qjzaCR/MWWGXp8nNdli4L2dNIA9eBlcnJu/FlgTdhG0
-> ssh-ed25519 QlRB9Q PxeXnGimZ+uJQ8mx8wxbjaTFT7Lg+SQiwhJuosetMzw
cFJVu7TAYmxu6XYPFKY7EMLpGtHIKCjAqKzgLEyLQmE
-> ssh-ed25519 r+nK/Q 3+GlYdbxFFAETjEYpOBws7H7PbapurOvKSN7xqnPkh0
+NjlS22iOmYfEfnrsxT+gWDnn+8yHY63ZvvdK/TJOrg
-> ssh-ed25519 jIXfPA tuq63SvMOBnLOZNkIA5RenFt0DTg6bwCX4zJ8ISYRxc
B1K+kEO/JC0t2EL+2od+UiVNlzBbpRg29lsp2L1DhHw
-> ssh-ed25519 QlRB9Q r3M3DQi3xJiP+3nTpwm+2PQipnAaRyaWSH+mb0es6kE
codqvk7AgptYBRyz2BFVH0FcQ7ebZGGdJ6PJmoWWXTk
-> ssh-ed25519 r+nK/Q Ah4Oim/N0Tdkz1KPbQiHJQaqx614/jjlMqCxtYqjBy0
aTrlmm3TbWN6pyDEHf9uGy9H9CyyChXGKL0RZr7U3W4
-> ssh-rsa krWCLQ
kZ+QyO1l0GdBS0xSXrPlwyGgoQbWm5NWJQVPB2lhB90EPySItGVUtk7x+NYo/J08
iOKQpkRjC6mqowGaACR1+rg1CXxjEHU1I4S0AKBSjKky0eAX8QdO1WONxwhl7n7U
N3u/rWnoct1CZH2Nf7Lbctu8YIns1qbKeDSWix6Wtrhf/pqj3uCtpeyT7OsihLuI
ZF6r6NEIaytt+f1Q5AD2Yzqzjoca+YyWvJ+hr49xuOmI+GfnUBG4h/UMUG3e4z4N
V0qqHFe1MdGlOXuKDgFEIv/xygivSvzsPYNmY8h14WMoB9/el0F/gfHQNbvwHJ9p
Ulx7gg2S1kL0HNUTiJmObw
-> ssh-ed25519 /vwQcQ dWptyg0Ye4/0glS16k05kPPCapVHoC6PmzR6jeps0QM
hU9XFJfxIPdfn9UVuFfuXIqM+pEoS4ffEKfWXjHQu14
-> ssh-ed25519 0R97PA s5Ezbm8HvX6Tt/AmoMmTDikVS2dbAjPqMyrzdiiTZxM
xv7Tm2zl/uNTbM3v+m0LQQ0i58DXlSLjHGaVZ0jpweU
-> ssh-ed25519 JGx7Ng 1pNyUUXwSrJQntvYkVW2sRrF5pDr2vRILVkoDHFjHik
4IVatk+3s0/CVIJ7LY9aXL2KJleZfgNkl/GjYy7dIsM
-> ssh-ed25519 bUjjig +7PIzrm/jY+E4HNUzMjIgiE4FHDBv6nk8eAZMWQIo2c
czp+K5WI02gwJxaYEt35PeJjotQSaEgU9lACDP2Vpbs
-> ssh-ed25519 ZIo4kw 9gwIlnLlz4OY9g4luxUyyyraGhnPdbM48sbr6wuwlB8
iBy0YahwFT0vmtgKkqcefPeSlqsadbBdbEYxlkf2vwg
-> ssh-ed25519 9/PCvA W12k1RPHDQ1zeb9wizqpMWRZSPasgYrz8vtj8MKp/gk
5Zc6Dv5zMyVJElOg24HHV6V9Akh5kqVnXMEX+IjCXDU
-> ssh-ed25519 VQSaNw SM2x7ZYYZNPlAh/S0lSAjE3IxkB7pW4x9T1gG0vEUVw
c213+J+1MSZ6BhfVEJ6byDnmp5sKiES9IAztwr0iklM
-> DAAZlx-grease h<2eB& -1f =2 HOG=-\
8u0unS6HmifDJwOyG9rSF0a+b2pWzS4CeMpTHUDta0g5CaYgsieEgJUeu7hYylNm
znqrgJwnSK90Vu46/H+HMEgHwch1uQ
--- 6sVHaqhrf5bqLXtxsoBPr2DkLpKThpQ8RS6fCpsXj0E
#Ä]\<5C>â‰<1F>r˜]Õ"\èâÓŸ$"Ï. ‡Œw?c}¤ A,¹ú£²5vOEÄ$a&­T!^RtYLð—r¨­âg—`eí
ZbbBqvj7L2XFfJBCQrn799m7FQDrFDg96Moev+Uab/U5caQoJIljMldkfD7VphEt
56dyeJ7IdKdnwyt07213ua2gZ8Cmjyffi4b0mYhHkvRI5aSmfUtfiomXU0HkgZvK
rk4+AVQYXTLZKlGaq5KkTt4i0ltwzjA9ECNirciqi5JmORkUD1T41xBKCSb+7N5b
34Z/uka+oacxt7q27GnSonyFQIm7/owS4bTWV7vxoWLoOYTJcg4Oki/Op4gE9GkK
1y4RDpdVsHcRZbi7ewB9UKbvMzH44TN5VJARUf0mFQ/OHUo5IJcm/glS898fSLu/
mrjVT6XGAmPELB8uaVhSkg
-> ssh-ed25519 /vwQcQ 2mD6dstuZmOkYlBajNevQkeCYAGWshp0h0F1TzdcJSY
pzjxW+RZDSqPAHm+c5cMJZOdIfkwTmSLw2BktGh/kHk
-> ssh-ed25519 0R97PA /vOiTSDwQVYTX+tFuJD0M8Enk+4b0ViZUnrZ/WhUKiI
83r35uyZ/XELwTXZXzlU1yq+xzsNTUYNwK9aGGlOSAA
-> ssh-ed25519 JGx7Ng V6Xnn5q1hSvWHjiWtWJAD7as5N2fdtWNKWi3JwhfYgQ
aL3fX67spVrgguVtNNrfJ20fy3LRaDgMZldw5D1fKuE
-> ssh-ed25519 bUjjig RdTpxQYpmEtG2Cn1EACf85/ZynfPbZhGfoSF+sfw1AA
YovrKYRtwRPco3luRBVA0IA1qAq1jKxoS1UdoouhLGE
-> ssh-ed25519 VQSaNw F4hYo2UaLzV8leVHx/oY9aIcZkZ9Fap5HiuTvZy+Hko
Qwf9JDKqLXmIzId7gAtG5ERirfwZlQWCV6YiKgbexS4
-> v>[->`-grease O {|u& 2o9 {w&!Ev
jZPBNd6e20KQYli80kXK9D+qfmIVbOw9Y0aKXB3uvyNJPWDOoYTbzanjeXLuJdN+
pB/fgMX7znIg+VP87n2qMR5jFVj/x4g4vNgKTUtglw
--- j4kt4DFy3r3y6IMvNakNkmlkeb6iHYI5xAK8CZtbPD4
EWS¦|p^/<2F> Ž?<7F>Np%åeFU/>Ží¸0bccývr(ˆ‰Œº
“.èýVŸdgðáADZ3"® ‡Ù(½\5Ó§q<

57
machines/nixos/web03/secrets/dj_interludes-email_host_password_file
View file

@ -1,32 +1,29 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA MalSvW8Rf+B1R6BeJyhFjOTg3Jf8qIJGfzCX3Ixg7hQ
qD2S/IjS3QIc9HWLn0S/S1RwJOBuRiJQXC0b8UV8TrA
-> ssh-ed25519 QlRB9Q 9Bp5jDt8gLP59UH9kbM+h92iWeQAt3zazFfmLFIFc3Y
iDbCd+T4rDMKugKzBj4H6atB2BW4AiY3r0/buleJNKo
-> ssh-ed25519 r+nK/Q 84V4RkvqJsdGbjt1n3qMsCwSDfQSw+kn9XMFgcEnmTU
hemc6TuwlJftBmdJZfBYjzklac3nf9Hz9kVhTP7gSKE
-> ssh-ed25519 jIXfPA iJSzsbA8RiEhUIyhlKWCASQKoSQstjK4drMYl+PsChw
8THrknrBu0WGFEb4xTZiJxEY26q7sW83rwViDjyTE24
-> ssh-ed25519 QlRB9Q e7PRE212Ggt8nO6Bb+BabO85FOARsJGs9cPJmZNI9kg
ubKIBxI1ZBXttA7TWj401siKNT1HyB+N2MsZ+ldkgb8
-> ssh-ed25519 r+nK/Q EWV24Emm9hENa+yUAuQpkuJ0uJ0zIv+vRIbWpM4Wtg4
J59wnHRytgNqpX4+5HaJ9KZ5GvhckgtRK6TzfX7Ci8Y
-> ssh-rsa krWCLQ
sF5eSqFt831fEF9C/orPPNIlUivKn2M7PdYEBvTK2TUjdm+MCbEcKcP5nvFZo791
tc1BPul9V2MYBrtioOII5wQX1LhZirEMAWanknJezTKxMZ4CzI1mn72TETH9Td+a
so/JqUsdbjfjIlUlffNrgCZEycu2s6Do5LA7GC7vf3SEFUVM/93cujz9Ei6/rAKr
rtW6wHbs+k4HKSD6sU9RHyTYKxIW6Hammy4XVDO23/HtmN/a0LEe3OwUgFXsjBay
tQu8pPeLKsBCMAw+jCYQ2Ms+d5MXT6FfcsWf35rsCwiEwqzhe+J88ECiSL0BF/Gb
hyJrWFaaHPugqwSREv8bjQ
-> ssh-ed25519 /vwQcQ qByuoq9zsn0tfcWzAlO2GKqCH4UfeaUloOAxIGYvABQ
pY+N5rw/tmFNhJsfHaPY332wJ33tKREbip0CoTBqTT8
-> ssh-ed25519 0R97PA 5fvujKG6IoKXlhRZGN2XcuN0BopvZyNyCnvJvF56iBc
2gGNHuDK3sveihZ8RBg16bnaZsPtA41Sg12UDpecSwg
-> ssh-ed25519 JGx7Ng d0sn0he1kbivcUImnwrGpRnIOfTnbJiTIRKMINV1/CQ
hsMMKBFKNMLJb+vH3o0WQcX5lRmuHziRXd6dxCJGsMA
-> ssh-ed25519 bUjjig hhEbxz4nar2tCF9/kNlpxI9ONR1IQ4VD9yHoryuxfH4
UnEDFZnge5U1ZUR0U1C8OI2xzUYiiloLG5XsITc6is0
-> ssh-ed25519 ZIo4kw +ZqTM7fJr4a3DZr07ZvfZzFf/7b+f4dlYzBxx3Rl0hQ
cS/FV6ZahQn6kro/UPpuvolvBL5H5RuBWO7XnK9XHPg
-> ssh-ed25519 9/PCvA cJBd7PxCMTilzWSf/RuNeRa3vfMcIuTp5dQULJfrO24
OXL9Y6nvopL4LlXvSZnHY9O00iU8dqRPIIdYqYreFCY
-> ssh-ed25519 VQSaNw GEQDTjuE+hOu+DNzZsKq8R/sJs77N6NRq/2vfcZmJjI
Rz6bW6UE4Wwh1v765YVBltRVf5/zo6sJKquqEjCx/cg
-> P-grease !}P4V B O'Lk,
/uJ6ZehJVzp6mQ
--- Cqqr/cLuPZ+c4ODhL+so5Cok6ACXhXBhqfcDtHPvBms
¦,l¡ØÒ©Nwä϶™ŠDB&_ Çìgµ ­@¨¶ÌÏ"#/ÛD³-Šp¬ý $€ø»ÓFª~„AÌ£<C38C>7
AvmrzShR+XTpUpKaScoqvgFQ40PTSqh8p383p98xjG5LIz5kqJoWBnxJK7JabBpq
JkqVeq5XdH5RX4weobieG4KYUV8EDheLfOMXH5BrPgeJO4yhJ1rzH+oHBw4TwvFM
UvEZEAVgi3G1/suPfJAkO7QRkZjE7fRppEo5RAI0gMlM43YyJavrfqVIqB40Uugk
h0b0ybChUbKpXlZjqhYAAMN45jTAvW1emO0DMeIk6dbmnbZNdibul8f+NNdWKbI1
9NN5iH2IzuqTdc6gkE4912hdDeUJ4NZ6x/Fxp1/u3d1z/Yg7daUQUXUIoDX0Hyvb
+01dH0D/7kzRhEdNLO2NXA
-> ssh-ed25519 /vwQcQ GAsAj2i65KDQeFhe69YR2ycdGskop1wu3Lzrxp59sTg
wCSUqEtWv0i6sNg1RVtHI/jZh3VeNX3qtnbagXoNGT4
-> ssh-ed25519 0R97PA mFZ3q/3jd1guXl8bhRWyYjgsgE4JErJEels6vdmpfCs
7oIAT0MTsaKxbf26PSDBk7KqfyFgcBq09FGJ9v/rXqE
-> ssh-ed25519 JGx7Ng tpslfMWMJMUH46EGycbLiXotVdXlP4xmK0slb7XKYS8
wLLfX4jX4mIxzI8zr2GBlpBcPztTrHqKngi/ON0TExg
-> ssh-ed25519 bUjjig zLoniLfwKGH9Ctu34103WHBvjIyImtPyKx8O+5UMLUU
sYsterVGvCg6JWA0z3AO5sSlj9DBfj8u5o5jH9K2xeA
-> ssh-ed25519 VQSaNw oHzU9Lc/7p+MZAjVylzC63h586vOcffXkkpAi4XB8Q0
7T8CREpaCxM58KMYW28FY2i+ELjrx3eC3K7xaBy7O6A
-> (_o61>U-grease .P>ZRrj~ -=7S;N
6vnQVKKZwp4JowIwVb4klrhaR6NZjwlZYnngVQ0wqVenMZPj9oyhIXthLRqE1Q6/
k+sGxA
--- +yT0o8oZJS+32MeUAl8T9zREh31rq77pSVsSoFjHO5A
è ™ñΗ´ä!î^ûØÖ8ÔzøÑaÒÓ ÐàÔ@Ö¡s\ ˜_ÃÃúoÖö<C396>wõÖ¥Cr)¾€fû¿AÃ'•3D€â

BIN
machines/nixos/web03/secrets/dj_interludes-secret_key_file
View file

Binary file not shown.

BIN
machines/nixos/web03/secrets/dj_wikiens-secret_key_file
View file

Binary file not shown.

12
machines/nixos/web03/secrets/secrets.nix
View file

@ -12,16 +12,6 @@
"dj_ernestophone-secret_key_file"
"dj_ernestophone-password_file"
"dj_ernestophone-admins_file"
"dj_gestiobds-secret_key_file"
"dj_gestiobds-sympa_password_file"
"dj_gestiobds-sympa_username_file"
"dj_gestiocof-secret_key_file"
"dj_gestiocof-sympa_password_file"
"dj_gestiocof-sympa_username_file"
"dj_gestiocof-hcaptcha_secret_file"
"dj_gestiocof-hcaptcha_sitekey_file"
"dj_gestiocof-kfetopen_token_file"
"dj_gestiocof-email_host_file"
"dj_gestiojeux-secret_key_file"
"dj_interludes-email_host_password_file"
"dj_interludes-secret_key_file"
@ -29,8 +19,6 @@
"webhook-annuaire_token"
"webhook-bocal_token"
"webhook-ernestophone_token"
"webhook-gestiobds_token"
"webhook-gestiocof_token"
"webhook-gestiojeux_token"
"webhook-interludes_token"
"webhook-wikiens_token"

58
machines/nixos/web03/secrets/webhook-annuaire_token
View file

@ -1,33 +1,29 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA XTwwas0xEtuVCH9RLjor/7sJi+eFgIf8hVP0qLr2RnU
aDsqnVAMo0W/Wshq+fSIv1OLZ9zd5zJURryZUJj5dTI
-> ssh-ed25519 QlRB9Q TQ8Hbjhf+bp5m1NmO4FGkGyLRyK1jaAHY6CEbpjq81A
/VdXs19yIAoEx3tW4lrASII5kB7YSSeTv06oWJDhnPk
-> ssh-ed25519 r+nK/Q hzJ+Uxo7qJH/f7XXjbkqNS1MwD4bHnsWIw49C1El+X0
PJLFt1iOqVvkfcVF6bjvi4dtyLP19s8ZRo1oLqwwFak
-> ssh-ed25519 jIXfPA NovhLzllQnEbnI7bno+zDoSRFJyZMfVVYPQMReUIymw
sefGtZ8fbYVqtKgMhrEj9AlwP70YM5MGkQ+o8Dmfb/Q
-> ssh-ed25519 QlRB9Q 9mh3vQVo5tPorLYBVCcZUJOlcEftQKA94PxNhh+pDwg
GXM67qitYqnxbFoHbsfa1lNNLIahPqshosIY7h0fDBA
-> ssh-ed25519 r+nK/Q BOXck7k9AH+KvmoicI/fmGzWcna0nwnJ+uyteUjIukE
Hyts1/6EAdruuBilhifl/HwPTWEBe+Kr1RL6SDjHaaM
-> ssh-rsa krWCLQ
Or3oEfiA3iiI/GxfXYY7O025VplXwrknsycRvRtbyiZk8WQjmEibTXierciTlbX5
SIob012w8/T4tRcNJMliciTi+BeAn9W3Mwx9qnE02yoP6WyPmTT2BzoV34XCMUlz
LXuDOPSX2R2YURNCM06d7ksI3ruK4bHODdSPcAqedC5no2Jr8dE7TviZRFSvLB1i
7nuqH16BOCgvraiLInskpkHdA3kC642b0ZUcPfrfS4OX+6vAtDrx5FPUkIl2sExF
FdNe7YTN331RdMba0aoHgfyJHZ3omSE+XRa6Cxxm/gSUxdC3LugPSXYShJr1JNB8
ZV3SbIOKzx7of59TDA97lg
-> ssh-ed25519 /vwQcQ fwtC63XD7Lv9FF++QkKpahHyuXDVoZ27CmFzIgQfDDM
eDwbjI9To+wcybm//jFt7BZqLpaKm0O+Jw1bHHp41ZQ
-> ssh-ed25519 0R97PA 4DFNn1jL86Cul2LsdUZHTpGUxjRZDsdFerYVM6sK7DU
rjOsKCuw8iQdSehoZiSNau9IpwA4bH2sacYwIJ3b6DI
-> ssh-ed25519 JGx7Ng MCchgB9GKJ4nDKo6Evgy0TKQlO/gUXYxSgudvRwiuA0
9NeUUtq7N3Bm8F8dxK7BJISOBHF5lQ2Dt+VHwWPTyhY
-> ssh-ed25519 bUjjig 4Q4vFKZ346x4Ge1YFHavHYoAmPAtHAdgwo5YJIy9yCQ
p+PATQkqC/RYZ8EGOd12QZ+Bew7XllfexjcMY3vJw0U
-> ssh-ed25519 ZIo4kw UncHT8lpi7qXA8L7d05xlhXVMr9SRuihu8QN9DCtT2Q
MnKuPXpE8S1dtKUVwMVjN4a2tu/2z3u9efuwjoeuEg0
-> ssh-ed25519 9/PCvA fK05xfaZacnYx2OYjWXbHebbC8xECKZbpqEBouNMtWo
9mdTdeF8IAMfO+0re7ijiFnUP5WPKxPrjfBttBkJ5xI
-> ssh-ed25519 VQSaNw BIeE2LriKTvcixgno6bVAJvNRyZZPLB+JrjQh2PojxI
cK2+6Z1/x3XeXUB07Ciww+s6UOW60JvYcXaATa+lUpk
-> PA`a-grease .[V<@M%r 5&?aJO
DCL6YRyrFvIFK0DO+xBMeRBN+rEmW5lc9/a5A7XUAU8fciat
--- r+lRXC3t5YAvRG+j/CGedfTfBWfqjywQWWSasBzWxD0
Ö"ä2 “â I¼Éi$-…
ÏܾÅëžN×6>è4!! pxµØ‹¸‡“=žÀ^Ì<>òåHÀÖ<C380>¬•ÇÌvÓÀÞÇ­ù×
1ROqUHCkbkEgRTQUha0cVJVAqLu0nvfKik9yI392sbEQYgmpuf7F0gzA97BXcoi3
2BdZWu/cJ6m6bfMvXdZ04cUjRcNrnpPHsoqie3G9s9p6aa9XIrLO5K6kH7S6f5DZ
pZdOqfSYldtJKRx7F8k0D/pscN5qB1Tb1x0CIULJVo7uKf9X1MnZwapOOCY2q40U
Ip2aefr40h3EO7jBlswx2/fB8aqW95BR4JQzJZ/uiIsBUQDqvn39GU7R0JaLdAPB
6kJXaJ3ORaDDtslcaAVZWLqFbOlINXYHr/mqYNTZMubE4BmNjvJL3aRozQQWraoJ
q5rDvgwUXVhpGpcaNf4/xw
-> ssh-ed25519 /vwQcQ FHYnfCad1imFiV5tRIfe9mtJ2ouiu2l19th2UD7j3gw
Xu+Sk9GEQ9Wyf7iU790yxv80vLYHp2StArPkfRqfRhI
-> ssh-ed25519 0R97PA etwCsiGmvzufJGMw8aDN+M931lPlE9fTUBQmk0X4DFk
o6xJbfNjQ3Lko1MSJ9JBu6FefZ8267dZ+vL1Gpd1eH8
-> ssh-ed25519 JGx7Ng h0XzejD/c5F2M7sWS4vTQL9OoRG73ACwlWCtK51Dcyo
diMDy201IpwL6Ec+Zb4pH5f1yyMOMHT3jg6yriopCRU
-> ssh-ed25519 bUjjig 2Oh5FhWfrbA9c5TisXuxasyYF41YOlNdurZR9QowETA
706/MLiPT9+9xHZPZQYtvKm8zbN5qS/9XJ+TK15etIs
-> ssh-ed25519 VQSaNw YbtnCoySon7jNBq7IFOl8UfxuJXRjzLrgXp238q4RRE
10au0QwFP9ntPMU4u2bMl3KLYBIPy09xVoKNLxWvpw0
-> Vu-grease !oqb p1-QmV
i1WmaOmxmdAX/se60fnUL41n57c8tN1gnUjjBjSV7GkQGzhKnxTplJTUpifP9Js3
8D+xe86sN2l2JQ5R9QFOAbsvSa5eXSo
--- JE+yvBRH9Jz6Sdz46AzWuhVI0kXWObODKSiNWz5L9As
_n´(I 6ÔÃPèCa\³U¼=é @ “†?6—P[Tò³ñˆjk<6A>0ãrÒ…°“ƒ¼-É(]/³a¿É õ8¶=é¤i²<69>

58
machines/nixos/web03/secrets/webhook-bocal_token
View file

@ -1,33 +1,29 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA 08egVQc7ktR2MhlymKTW0HdWc2mus8aJSn2Xb6Hp6Qk
R/2uk//Fhe2NA7oJeqIn/5HFvzaA28ASSXdfBSTqWlg
-> ssh-ed25519 QlRB9Q 7m1UsjXtZNrepWj5We+EUorSRsI1Deo8ZtcB7LtbmkI
ysD6OEWgWxr39cn4WekqCRoKd8NshmbQUxh0nFLA49Q
-> ssh-ed25519 r+nK/Q +ge9YK6GUu6Q0MT95hZ26Uu6If2P77zdSHFHebxrxV4
cbNRLgoJA0ThRVdHDoR4wVZaO/GEI/2NnR1fNNtZN5E
-> ssh-ed25519 jIXfPA Ju7YL9wvvYr9VPLmYtYTniyuj9JTVqe2V8eRLISkIH8
EJjZPLOhspyyrx7a+fYlPPH+1pr93KzW7E2Ztkic0cY
-> ssh-ed25519 QlRB9Q X+TAfiEk1d67rkz6CgIO66bBrahY39ZTnmj0cBGGrSo
kBLFu6DnN7rIzP3mSlPEc+yBN+yU5toLeA069vuNW6g
-> ssh-ed25519 r+nK/Q wcXXCuAS9bOp3GM6c0pU7sxpylFEHFPmnibQTEwJ1x4
fR41b7fhZCzuNP1jst3vx3wUjIkBDsz54VzubwNX6+M
-> ssh-rsa krWCLQ
H6+NdcBX/Jk+r/BhWkomBGraoZdlO6D3rpSaq/lkgLf30bRwOEmdaNYD79XaWY9B
YT10dGtON5v1/8GuPSWup4SUDjFoSw/hiEerxApWPQiccrC5roTnCKQ8U2glOd5d
6GKu+ZvyvsW3vu20JMrDirzR0dxVM6UuHNoKyFur+uF2Ldwmsj5K4x+KK2oQgPu2
M+31AyyI1SxuBW+Ud29mCN4Wo0fi4qZ8+mkyHSUMjRa6oQP1sZ53NIhrjS3A5uB/
egLfTwlrzXbHvJ2SGwD4DY8ifZSHaN/mca7OTtQjAlhMRS9DCGE1CkKH31lrGd6X
0JNBnULyuy/rha3TcMTMtA
-> ssh-ed25519 /vwQcQ xLMRHBPx6fODmXha0Sy+vJQf1deTQXryBguot3WVh2M
dUgdi70Lsr1rIiotYqQ0c96j3EfRkQOafKY2RrhidB8
-> ssh-ed25519 0R97PA w+hdiOdbnrWnn9tFsF6L6mZ1///cV6XoMjWtYXyKnQ8
1at9SRvM5Sbu5iSYEFbYbXVoto1LMW1EzEdsJSWpwY0
-> ssh-ed25519 JGx7Ng o/cdIVdkjzIAHw625tEfw7hTaQGo0vki+qdIL+CYz0c
Vocwm0geOXTk0H5WrBYMDZcUNk8n/8VNdW8x6dMl2cM
-> ssh-ed25519 bUjjig 5OBdUl4Arg1wZJKQdWh3V/KNZV6qUGsAO1a2v99Q0nA
aCrZaE35dXkQlagPSaDWss+IkIwPif1/r6bfZz3TNrA
-> ssh-ed25519 ZIo4kw 3OQoo8uI2P00UlbjnIvFEIvQoWGKGyHU3LGXw+sXBwc
A46XyfquPbtbK8BGPp0hKgCWuoGCeYeDxVqYkD7tdyw
-> ssh-ed25519 9/PCvA I0FpL5vPxf7U093O+NY6CJJrCHnpuY0hFWvf/qJK+Qs
vcl4vxnuO1iLHinvmiOM/gkjZjRVabrQvEqY1cSog6M
-> ssh-ed25519 VQSaNw ff4SovgItjAFXti6SvyObcPDmk5NeTlAoavPL/Wnlyo
QO4PFFxL+W9kFo6vFa1ttc7bZeqRzqSmETeDnwhh2jo
-> k-grease
abx9DzQh9Vg7jjvbeTQkJ3HgHRgTKe4cKX26LTeRpAkJh3Su83UnhBYaa8f1LE4V
lqwHbpD3EZ43lmqKZN7MIEU4S4DV
--- rb95jJQm1T4fp8BBYzzcszoX5UZX/e8LdTPzK1EdSX0
ö©ê{ <55>$s<>sQiWh"<22>çKkiº-èdšÇ|2nØZæG¯¾´<C2BE> {<7B>/ÛÏîxž ÒÇ·e\‡Ó£ò›
ySG+OgB3gMW/ijdWqlGr1LnkfqeFD53ChxkOUfAe4+Z1VsK0FkVaBmqvW38SFMw9
S4dcOkO6Km8umsaZBZi2QaItm+p8Rf/j7+W2WZPoyoKE1l1KW1ic/wGOY7uqeucn
YZRq7rWX+DaH2VLbkl12wUlVgYwJGcH6VrpRizbq2z0jcdTak6hgzcXo7WhcNAit
DY8W8X5Zv34mpj1VO7n2LJs5V7gzfSLq+KVMIi++QphVv2VkFpvaOqlEP2neVXnV
C3YNJTkVx+R6wANCao+9a5VHC261Bkm81dKgzceW2OCHkwOP6XTbDpj59sMRxRuU
B7jrvre5S1WZN9jc16Dv/Q
-> ssh-ed25519 /vwQcQ TW560PIrbJV3ZB55w+EvH2PEYOoYM93x3aaeeShYKE8
LC6pydBK3yCq/Vs7MUoa0xjDSn3WjRaZuqwvhX24YJQ
-> ssh-ed25519 0R97PA zyerO6EIwW90XVSBVP3Y/7Q8hK+7uPe6kKENGCdDJRw
WEpgo8Y64YXnat1OJU5qtpecf+Zu2P2LmB7DEtmUuAU
-> ssh-ed25519 JGx7Ng 7h4q8ztQ0BFJSfavV4l1pKjbNRZveOPIJG0KF98vh28
mYcUEL4n2+bkjpvJylIvzXSxoa71YZKMSgN21ONnvko
-> ssh-ed25519 bUjjig 9wKWtLWD+9LlAOO24iQiOdvpSDIWpL6Xo0Wt3QOLIQY
Kq2QLFB7E5tiqZQlsn5pZRM52v8XqUyYsvwNHXZspRs
-> ssh-ed25519 VQSaNw 3tJNtvi0WK9iAzx3Q7Q0Ogj1TGH0Zrm5v0ERhQILBVk
4232/j+xnbhQpId7ZS6+xAQBDxtumeOp4c1HVeMRqB4
-> Pug13&(-grease 'w0JG}JF .t`9lMF v)8}4qW
yRriwE//abKvQgu962F7URbOAiHDFMipnsq22itGkLDvmwIRY6Bi83xOzx72EV4y
27GNdxQOni+z8NPt0YTskqq4fHfZky/EMFUvXTfteB7izYxEliHLRKA
--- JNvexaDwzwOIUCxanJRLunfhBh1/PE8ssFCytr8nPjo
TX¹Þxòšd˜~KS?ìIò…Ce þ—3ÑJõ ¹ŸýCíÓF6qœv~Dùq¢T<>©55€bjˆfÕ5”ñëã"ø£ÅŽp

59
machines/nixos/web03/secrets/webhook-ernestophone_token
View file

@ -1,33 +1,30 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA 16vr8JKVz+RF5XzpDk1oV4YxkFCzWwo3mTOBI2VFfS0
ianzE2kl4JWoueI2m/HuxdoVkf2rjFIQc4rv/VuhEQo
-> ssh-ed25519 QlRB9Q l5GoSxEDfUk5mkPf0zNrA91WUEjxfFVpAkfjS/niIE0
EEE73Rbula4xHZqMiirGjtoiB2mziOLBUm9+4KCdev8
-> ssh-ed25519 r+nK/Q 98sEpNMpoczfjW2l2yr9jJOc1VepL7Pk+TjJ6hFbkx0
gpmp+Osr+idHXklG7gqVd61XMyOmuC7NxWWzXbbqOfc
-> ssh-ed25519 jIXfPA Ifc4K8jusXCbeMSYeAL+3jdvmDK1ojYiSzHJO/uefzk
h5ewdTYV3o8+tPCzVWvLtqEM3WxVjtOqTRnrFAwKnes
-> ssh-ed25519 QlRB9Q djvVFcR5y+WI5+rED8ztIQZuLfCj2z8wHx3WIutlfjk
nsTUZEQRJAAZfNXw2YbzwV+RUJEx6Dmi0ujswMBqIro
-> ssh-ed25519 r+nK/Q Ryx2iuVCefSFFMEyRjVbKFxTqaX6D+Ty4B1+6mRLSCg
s7YjJa6NESaNZ9wzurlrsovu5ecJNnWLOhD80RnFqV4
-> ssh-rsa krWCLQ
jQixiivph6yAlVzUE+Ir6rinwMo5R+2e16I2JS1xF8JNxu4/oYIwc80nsLhmf66t
uGrYg3SqQq9r9OajpxKsIO9JuzuJLJWpMjh3Lk+hu149RXFgIfwzuYk9vUZpwRxW
d7aJTLa00MoIlTQ+AyZgSLPtBp8WX7Mcem6ZMDAgyP4BxEJO56bIDS9Qp2x7eCif
XRdUIw6HjvEFTzhQKBqUFNNFITbNNkg+d3k/PhxtGkuc8XSEroiNpEUJoGckIu5R
+vZrJpBGuZ7o7TOj22WhH0+Kr6J4Jl3T8aSFzUxg6NL8HgYCnPle1EAHpsPXZYcJ
q9Bi08TiS1JW1th7O9+6Sw
-> ssh-ed25519 /vwQcQ Q+8UC629ZU+37zcq5SF7qS7biRDWda++Bh3G61sj+zU
amTcoqlY/Ip7vLw1NNsUZs5KMb9sVAlDlcadgm3oaOg
-> ssh-ed25519 0R97PA Ysgil3FnJTdr+kbc/WnkqMyX6gWTYyeIvOZl7br3rCE
oaJ+LtabA60dp78KNyg7jrYXvG9mzqSIoDuaf1zM6Z8
-> ssh-ed25519 JGx7Ng GzD1qZ8quTyBQk8/rwTu9BKULhVU3FF/z5YAfzKSQHQ
OpdNcQwWY+ky4VUZqsP/DonDpT6Kmxug72BvwHwVAx0
-> ssh-ed25519 bUjjig 87s2MhD6NkK8eV5hww4ylMyew12IGaOEes8o1xUbZX4
WAaALYovgjW7iYLB7itFysR7clZGoK7cVWJSLCTSttM
-> ssh-ed25519 ZIo4kw MEAFHWzbBdah28L7NsQzwfCPuXIc0wjjXjj0/+bmnyA
WdcddcNr4+36q+nK7Y3ye9VTcK2U1rZ+02/zCaqY/IQ
-> ssh-ed25519 9/PCvA hUkZ64AD3UwIIe8w5wjQwedCtm5F6o93+wcr0ahZDDY
u/HyNw2RwdR24d7u1QF3IQrFJoUCafGZIPZoHd2QhIg
-> ssh-ed25519 VQSaNw SY3/Zld3DWCnJfwtANjFRF0Ouxj/6qY/p1Y479zdIhs
WkVhwibatw01SNLcvnxvBgGkFlPhAp/fYgX27VqRnRU
-> uE9hj_n-grease &Ys xCJnv#]: cc@Br M^KC|v%
gsudKgvjsE6HDhMQ/mGXUSL38bKXvszMenPLcr6TvDTqzU7AA7fXn3Ct3bg6y4NU
sfaWT2F8M8bJvg
--- m5R+t6PYaGOTy18NgUIJRBVev6HpIYd2GfM1yvLFlMg
/•éöÀ<C3B6> )ÏœëN®=è´š¸¼`gϼ‡Jx€ †ë—k.‰H´I˜d[ßÐtWyšÓ£,!E^«²âŸg'v†ŒT™ç'‡ÉàfÇ2
utXBcdyAmbl463xcacn1+K9UyG78vKG9LW1vJ/q40ltqEsuxktP2C5YgBL2Whcld
UYTsNFa3b02HP1wp0fPP4eVyk0NNKqO1rairMAvLJmQk15s0OVCk7LvjZe+Q31m1
gYxBSuN4oy7gljtOlIfrHtcRqDMC5IToYSt91pwt/0wgkHDH1OcLap8jaQIuPdc1
pQqd6iUTF96kvvp1P6XbvOHH3nVLNw/bITR5BUSqm/YBocJBrDNIL2wXcq27bBMs
YqF2nykztoSss+YM40XnHx14wNU0WeocbSYuPKabKvtgV0ry62w+EW5t453TfMng
y0dYmBdXVTKgCyL2v/onlA
-> ssh-ed25519 /vwQcQ tax06kUoYtjoUZ8k0+2L0cBr9CTpZpWd5Ev1qRh4dWM
x2RYQ+53UJnBXz8plzYrpga9JCWgm+WvkjpGg+CpG8M
-> ssh-ed25519 0R97PA DoPbx9NVAHTe6NRxT50nwdStoUJRnATQDEKgIyq2hhA
6DUg7uQ9L80KzaMJi6h/Nm5EgtLlAI+R01Mke9GpyzQ
-> ssh-ed25519 JGx7Ng AG1PM5MB2TlfZoiF29gu01LqhcQ+rEQRQZHFVxdHYG8
ePz8kT+axuMZe8MKi1Yj+ZOCITIYjVAuRE2iTScgpyY
-> ssh-ed25519 bUjjig SgZgUi5qfE8wK54Mj8P/FJ4QPNs4HUV5qPc9jJTskmY
n/fedObFehvhLwd3uhkhfBamFpjZDVK7M1J67BucoPI
-> ssh-ed25519 VQSaNw a+SLVFR9PqKgyHfAPTjH4SGkp4XXjz6xz6uMjZgYOg0
hv5F5ENsfpU27opx8OT4mvL0waGO+AieG/VXvHNi2hg
-> g**u4-grease Fb|HQ E
FcQESlzpmCxDtrbCZhddPdNjVROYKj2XsOppqa2GPZsWqQH8cFfKzxjwlNlE7WNF
Q3xupVqn8H1Cg98i
--- lYBZVJ4DEtBmKhenHOOkQpuPT7TrGGgN1OmTrfCTtY4
Žy[§—ÀÒh{`Z³öNŠx/ùºóSyFú£ç
+¨Õr: ¶úÀ cJ¸L˜b¿Mô™w<E284A2>n+™õœ"§¢—|w¼¯¬kµ*

BIN
machines/nixos/web03/secrets/webhook-gestiobds_token
View file

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show more