fix(vault01): Fixed MTU of br0

fix(build01/nix-builder): Use dgn-access-control
fix(meta/nodes): Don't duplicate imported modules
2025-01-10 19:37:54 +01:00 · 2025-01-10 19:26:24 +01:00 · 2025-01-10 09:37:58 +01:00 · 2025-01-09 23:08:08 +01:00 · 2025-01-09 22:04:02 +01:00 · 2025-01-09 21:16:03 +01:00
71 changed files with 1844 additions and 1048 deletions
--- a/.forgejo/workflows/eval-nodes.yaml
+++ b/.forgejo/workflows/eval-nodes.yaml
@ -21,6 +21,17 @@ jobs:
        STORE_USER: admin
      name: Build and cache bridge01
      run: nix-shell -A eval-nodes --run cache-node
  build01:
    runs-on: nix
    steps:
    - uses: actions/checkout@v3
    - env:
        BUILD_NODE: build01
        STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/
        STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
        STORE_USER: admin
      name: Build and cache build01
      run: nix-shell -A eval-nodes --run cache-node
  compute01:
    runs-on: nix
    steps:
--- a/README.md
+++ b/README.md
@ -98,7 +98,7 @@ The general metadata is declared in `meta/nodes.nix`, the main values to declare
 Create the directory `secrets` in the configuration folder, and add a `secrets.nix` file containing :
 ```nix
-(import ../../../keys.nix).mkSecrets [ "host02" ] [
+(import ../../../keys).mkSecrets [ "host02" ] [
  # List of secrets for host02
 ]
 ```
--- a/default.nix
+++ b/default.nix
@ -4,8 +4,8 @@
 # SPDX-License-Identifier: EUPL-1.2
 {
-  sources ? import ./sources.nix,
+  sources ? import ./npins,
-  pkgs ? sources.bootstrapNixpkgs,
+  pkgs ? import sources.nixpkgs { },
 }:
 let
--- a/hive.nix
+++ b/hive.nix
@ -4,25 +4,44 @@
 #
 # SPDX-License-Identifier: EUPL-1.2
 # TODO: change comments to ### \n # [text] \n #
 let
-  ### Init some tooling
+  sources' = import ./npins;
-  sources = import ./sources.nix;
+  # Patch sources directly
  sources = builtins.mapAttrs (patch.base { pkgs = import sources'.nixos-unstable { }; })
    .applyPatches' sources';
-  lib = sources.fullLib;
+  nix-lib = import ./lib/nix-lib;
  inherit (nix-lib) mapSingleFuse;
-  inherit (lib.extra) mapSingleFuse;
+  patch = import ./lib/nix-patches { patchFile = ./patches; };
-  ### Let's build meta
+  nodes' = import ./meta/nodes;
-  meta = (import ./meta) lib;
+  nodes = builtins.attrNames nodes';
-  nodes = builtins.attrNames meta.nodes;
+  mkNode = node: {
-
+    deployment.systemType = system node;
-  ### Nixpkgs instanciation
+  };
  nixpkgs' = import ./meta/nixpkgs.nix;
  # All supported nixpkgs versions × systems, instanciated
  nixpkgs = mapSingleFuse (s: mapSingleFuse (mkSystemNixpkgs s) nixpkgs'.versions) nixpkgs'.systems;
  # Get the configured nixos version for the node,
  # defaulting to the one defined in meta/nixpkgs
  version = node: nodes'.${node}.nixpkgs.version;
  system = node: nodes'.${node}.nixpkgs.system;
  category = node: nixpkgs'.categories.${system node};
  nodePkgs = node: nixpkgs.${system node}.${version node};
  # Builds a patched version of nixpkgs, only as the source
  mkNixpkgs' =
    v:
    patch.mkNixpkgsSrc rec {
      src = sources'.${name};
      name = "nixos-${v}";
    };
  # Build up the nixpkgs configuration for Liminix embedded systems
  mkLiminixConfig =
@ -42,47 +61,29 @@ let
  mkNixpkgsConfig =
    system:
    {
-      nixos = _: { overlays = [ (import "${sources.nix-pkgs}/overlay.nix").default ]; };
+      nixos = _: { };
      zyxel-nwa50ax = mkLiminixConfig system;
      netconf = _: { };
    }
    .${system} or (throw "Unknown system: ${system} for nixpkgs configuration instantiation");
  # Instanciates the required nixpkgs version
-  mkSystemNixpkgs =
+  mkSystemNixpkgs = system: version: import (mkNixpkgs' version) (mkNixpkgsConfig system version);
    system: version: import sources."nixos-${version}" (mkNixpkgsConfig system version);
-  # All supported nixpkgs versions × systems, instanciated
+  ###
  nixpkgs = mapSingleFuse (s: mapSingleFuse (mkSystemNixpkgs s) nixpkgs'.versions) nixpkgs'.systems;
  # Get the configured nixos version for the node,
  # defaulting to the one defined in meta/nixpkgs
  version = node: meta.nodes.${node}.nixpkgs.version;
  system = node: meta.nodes.${node}.nixpkgs.system;
  category = node: nixpkgs'.categories.${system node};
  nodePkgs = node: nixpkgs.${system node}.${version node};
  ##########
  # Function to create arguments based on the node
  #
  mkArgs = node: rec {
-    lib = sourcePkgs.lib.extend sources.libOverlay;
+    lib = sourcePkgs.lib // {
      extra = nix-lib;
    };
    sourcePkgs = nodePkgs node;
-    inherit meta;
+    meta = (import ./meta) lib;
    nodeMeta = meta.nodes.${node};
    nodePath = "machines/${category node}/${node}";
  };
  ##########
  # Module for each node (quite empty since almost everything is in the default module)
  #
  mkNode = node: {
    deployment.systemType = system node;
  };
 in
 {
@ -93,7 +94,7 @@ in
    specialArgs = {
      inherit nixpkgs sources;
-      dgn-keys = import ./lib/keys { inherit meta lib; };
+      dgn-keys = import ./keys;
    };
    nodeSpecialArgs = mapSingleFuse mkArgs nodes;
@ -217,6 +218,5 @@ in
        };
    };
  };
 }
 // (mapSingleFuse mkNode nodes)
--- a/iso/configuration.nix
+++ b/iso/configuration.nix
@ -5,9 +5,9 @@
 { lib, pkgs, ... }:
 let
-  dgn-keys = import ../keys.nix;
+  dgn-keys = import ../keys;
-  dgn-members = (import ../meta lib).config.organization.groups.root;
+  dgn-members = (import ../meta lib).organization.groups.root;
 in
 {
--- a/keys.nix
+++ b/keys.nix
@ -1,13 +0,0 @@
 # SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
 #
 # SPDX-License-Identifier: EUPL-1.2
 let
  sources = import ./sources.nix;
  lib = sources.fullLib;
  meta = (import ../meta lib).config;
 in
 import ./lib/keys { inherit meta lib; }
--- a/keys/default.nix
+++ b/keys/default.nix
@ -0,0 +1,109 @@
 # SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
 #
 # SPDX-License-Identifier: EUPL-1.2
 let
  _sources = import ../npins;
  inherit (import _sources.nixpkgs { }) lib;
  meta = import ../meta lib;
  getAttr = flip builtins.getAttr;
  inherit (import ../lib/nix-lib) flip setDefault unique;
 in
 rec {
  # WARNING: When updating this list, make sure that the nodes and members are alphabetically sorted
  #          If not, you will face an angry maintainer
  _keys = {
    # SSH keys of the nodes
    bridge01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP5bS3iBXz8wycBnTvI5Qi79WLu0h4IVv/EOdKYbP5y7" ];
    build01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIYJcEMQpOyKInqtd2/brnSQuzwgv6fNPlTSQx9tcvPu" ];
    compute01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/YluSVS+4h3oV8CIUj0OmquyJXju8aEQy0Jz210vTu" ];
    geo01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEl6Pubbau+usQkemymoSKrTBbrX8JU5m5qpZbhNx8p4" ];
    geo02 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFNXaCS0/Nsu5npqQk1TP6wMHCVIOaj4pblp2tIg6Ket" ];
    hypervisor01 = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINPE0typcnvSioMfdLUloIfR5zcf/X0k6201xMHoQBCr"
    ];
    hypervisor02 = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPETkWlOfESXQic+HgfGLV/T4Nqg0WjdDbEqtgDwkH+S"
    ];
    hypervisor03 = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLF0mxSGitsDE3/YXfrHNjtOMUt4HT2MbryyUKPLSBI"
    ];
    rescue01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJa02Annu8o7ggPjTH/9ttotdNGyghlWfU9E8pnuLUf" ];
    storage01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA0s+rPcEcfWCqZ4B2oJiWT/60awOI8ijL1rtDM2glXZ" ];
    tower01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICVpR+TMRLGAfhn7Q0C3tKOydYYjfoC/e1ZYbKpby01Z" ];
    vault01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJA6VA7LENvTRlKdcrqt8DxDOPvX3bg3Gjy9mNkdFEW" ];
    web01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR+lewuJ/zhCyizJGJOH1UaAB699ItNKEaeuoK57LY5" ];
    web02 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID+QDE+GgZs6zONHvzRW15BzGJNW69k2BFZgB/Zh/tLX" ];
    web03 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICrWsMEfK86iaO9SubMqE2UvZNtHkLY5VUod/bbqKC0L" ];
    # SSH keys of the DGNum members
    agroudiev = [
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgyt3ntpcoI/I2n97R1hzjBiNL6R98S73fSi7pkSE/8mQbI8r9GzsPUBcxQ+tIg0FgwkLxTwF8DwLf0E+Le/rPznxBS5LUQaAktSQSrxz/IIID1+jN8b03vf5PjfKS8H2Tu3Q8jZXa8HNsj3cpySpGMqGrE3ieUmknd/YfppRRf+wM4CsGKZeS3ZhB9oZi3Jn22A0U/17AOJTnv4seq+mRZWRQt3pvQvpp8/2M7kEqizie/gTr/DnwxUr45wisqYYH4tat9Cw6iDr7LK10VCrK37BfFagMIZ08Hkh3c46jghjYNQWe+mBUWJByWYhTJ0AtYrbaYeUV1HVYbsRJ6bNx25K6794QQPaE/vc2Z/VK/ILgvJ+9myFSAWVylCWdyYpwUu07RH/jDBl2aqH62ESwAG7SDUUcte6h9N+EryAQLWc8OhsGAYLpshhBpiqZwzX90m+nkbhx1SqMbtt6TS+RPDEHKFYn8E6FBrf1FK34482ndq/hHXZ88mqzGb1nOnM="
    ];
    catvayor = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor"
    ];
    cst1 = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrijwPlb7KQkYPLznMPVzPPT69cLzhEsJzZi9tmxzTh cst1@x270"
    ];
    ecoppens = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIGmU7yEOCGuGNt4PlQbzd0Cms1RePpo8yEA7Ij/+TdA" ];
    gdd = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICE7TN5NQKGojNGIeTFiHjLHTDQGT8i05JFqX/zLW2zc"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFbkPWWZzOBaRdx4+7xQUgxDwuncSl2fxAeVuYfVUPZ"
    ];
    jemagius = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOoxmou5OU74GgpIUkhVt6GiB+O9Jy4ge0TwK5MDFJ2F"
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxQX0JLRah3GfIOkua4ZhEJhp5Ykv55RO0SPrSUwCBs5arnALg8gq12YLr09t4bzW/NA9/jn7flhh4S54l4RwBUhmV4JSQhGu71KGhfOj5ZBkDoSyYqzbu206DfZP5eQonSmjfP6XghcWOr/jlBzw9YAAQkFxsQgXEkr4kdn0ZXfZGz6b0t3YUjYIuDNbptFsGz2V9iQVy1vnxrjnLSfc25j4et8z729Vpy4M7oCaE6a6hgon4V1jhVbg43NAE5gu2eYFAPIzO3E7ZI8WjyLu1wtOBClk1f+HMen3Tr+SX2PXmpPGb+I2fAkbzu/C4X/M3+2bL1dYjxuvQhvvpAjxFwmdoXW4gWJ3J/FRiFrKsiAY0rYC+yi8SfacJWCv4EEcV/yQ4gYwpmU9xImLaro6w5cOHGCqrzYqjZc4Wi6AWFGeBSNzNs9PXLgMRWeUyiIDOFnSep2ebZeVjTB16m+o/YDEhE10uX9kCCx3Dy/41iJ1ps7V4JWGFsr0Fqaz8mu8="
    ];
    luj = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMBW7rTtfZL9wtrpCVgariKdpN60/VeAzXkh9w3MwbO julien@enigma"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa+7n7kNzb86pTqaMn554KiPrkHRGeTJ0asY1NjSbpr julien@tower"
    ];
    mboyer = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGYnwZaFYvUxtJeNvpaA20rLfq8fOO4dFp7cIXsD8YNx" ];
    mdebray = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEpwF+XD3HgX64kqD42pcEZRNYAWoO4YNiOm5KO4tH6o maurice@polaris"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFdDnSl3cyWil+S5JiyGqOvBR3wVh+lduw58S5WvraoL maurice@fekda"
    ];
    raito = [
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0xMwWedkKosax9+7D2OlnMxFL/eV4CvFZLsbLptpXr"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU"
    ];
    thubrecht = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+EZXYziiaynJX99EW8KesnmRTZMof3BoIs3mdEl8L3"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHL4M4HKjs4cjRAYRk9pmmI8U0R4+T/jQh6Fxp/i1Eoy"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM1jpXR7BWQa7Sed7ii3SbvIPRRlKb3G91qC0vOwfJn"
    ];
  };
  getKeys = ls: builtins.concatLists (builtins.map (getAttr _keys) ls);
  mkSecrets =
    nodes: setDefault { publicKeys = unique (rootKeys ++ (builtins.concatMap getNodeKeys' nodes)); };
  getNodeKeys' =
    node:
    let
      names = builtins.foldl' (names: group: names ++ meta.organization.groups.${group}) (
        meta.nodes.${node}.admins ++ [ node ]
      ) meta.nodes.${node}.adminGroups;
    in
    unique (getKeys names);
  getNodeKeys = node: rootKeys ++ getNodeKeys' node;
  # List of keys for the root group
  rootKeys = getKeys meta.organization.groups.root;
  # List of 'machine' keys
  machineKeys = rootKeys ++ (getKeys (builtins.attrNames meta.nodes));
  nixosMachineKeys =
    rootKeys
    ++ (getKeys (builtins.attrNames (lib.filterAttrs (_: v: v.nixpkgs.system == "nixos") meta.nodes)));
 }
--- a/lib/keys/default.nix
+++ b/lib/keys/default.nix
@ -1,46 +0,0 @@
 # SPDX-FileCopyrightText: 2024 Ryan Lahfa <ryan.lahfa@dgnum.eu>
 # SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
 # SPDX-FileContributor: Maurice Debray <maurice.debray@dgnum.eu>
 #
 # SPDX-License-Identifier: EUPL-1.2
 { meta, lib }:
 let
  inherit (lib.extra) setDefault unique;
  getAttr = lib.flip builtins.getAttr;
 in
 rec {
  _memberKeys = builtins.mapAttrs (_: v: v.sshKeys) meta.organization.members;
  _nodeKeys = builtins.mapAttrs (_: v: v.sshKeys) meta.nodes;
  # Get keys of the users
  getMemberKeys = name: builtins.concatLists (builtins.map (getAttr _memberKeys) name);
  # Get keys of the ssh server
  getNodeKeys = name: builtins.concatLists (builtins.map (getAttr _nodeKeys) name);
  # List of keys for the root group
  rootKeys = getMemberKeys meta.organization.groups.root;
  # All keys that can access a node
  getNodeKeys' =
    node:
    let
      names = meta.nodes.${node}.admins;
    in
    unique (getMemberKeys names ++ getNodeKeys [ node ]);
  # List of keys for all machines wide secrets
  machineKeys = rootKeys ++ (getNodeKeys (builtins.attrNames meta.nodes));
  mkSecrets = nodes: setDefault { publicKeys = unique (builtins.concatMap getNodeKeys' nodes); };
  machineKeysBySystem =
    system:
    rootKeys
    ++ (getNodeKeys (
      builtins.attrNames (lib.filterAttrs (_: v: v.nixpkgs.system == system) meta.nodes)
    ));
 }
--- a/lib/nix-lib/default.nix
+++ b/lib/nix-lib/default.nix
@ -2,13 +2,17 @@
 # SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
 #
 # SPDX-License-Identifier: EUPL-1.2
-{ lib }:
+
 let
  # Reimplement optional functions
  _optional =
    default: b: value:
    if b then value else default;
 in
 rec {
-  inherit (lib)
+  inherit (import ./nixpkgs.nix)
    flip
    optionals
    optionalString
    hasPrefix
    recursiveUpdate
    splitString
@ -108,8 +112,11 @@ rec {
  subAttrs = attrs: builtins.map (subAttr attrs);
-  optionalList = optionals;
+  optionalList = _optional [ ];
  optionalAttrs = _optional { };
  optionalString = _optional "";
  /*
    Same as fuseAttrs but using `lib.recursiveUpdate` to merge attribute
    sets together.
--- a/lib/nix-lib/nixpkgs.nix
+++ b/lib/nix-lib/nixpkgs.nix
@ -0,0 +1,466 @@
 # SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
 #
 # SPDX-License-Identifier: EUPL-1.2
 ###
 # Collection of nixpkgs library functions, those are necessary for defining our own lib
 #
 # They have been simplified and builtins are used in some places, instead of lib shims.
 rec {
  /**
    Does the same as the update operator '//' except that attributes are
    merged until the given predicate is verified.  The predicate should
    accept 3 arguments which are the path to reach the attribute, a part of
    the first attribute set and a part of the second attribute set.  When
    the predicate is satisfied, the value of the first attribute set is
    replaced by the value of the second attribute set.
    # Inputs
    `pred`
    : Predicate, taking the path to the current attribute as a list of strings for attribute names, and the two values at that path from the original arguments.
    `lhs`
    : Left attribute set of the merge.
    `rhs`
    : Right attribute set of the merge.
    # Type
    ```
    recursiveUpdateUntil :: ( [ String ] -> AttrSet -> AttrSet -> Bool ) -> AttrSet -> AttrSet -> AttrSet
    ```
    # Examples
    :::{.example}
    ## `lib.attrsets.recursiveUpdateUntil` usage example
    ```nix
    recursiveUpdateUntil (path: l: r: path == ["foo"]) {
      # first attribute set
      foo.bar = 1;
      foo.baz = 2;
      bar = 3;
    } {
      #second attribute set
      foo.bar = 1;
      foo.quz = 2;
      baz = 4;
    }
    => {
      foo.bar = 1; # 'foo.*' from the second set
      foo.quz = 2; #
      bar = 3;     # 'bar' from the first set
      baz = 4;     # 'baz' from the second set
    }
    ```
    :::
  */
  recursiveUpdateUntil =
    pred: lhs: rhs:
    let
      f =
        attrPath:
        builtins.zipAttrsWith (
          n: values:
          let
            here = attrPath ++ [ n ];
          in
          if builtins.length values == 1 || pred here (builtins.elemAt values 1) (builtins.head values) then
            builtins.head values
          else
            f here values
        );
    in
    f [ ] [
      rhs
      lhs
    ];
  /**
    A recursive variant of the update operator ‘//’.  The recursion
    stops when one of the attribute values is not an attribute set,
    in which case the right hand side value takes precedence over the
    left hand side value.
    # Inputs
    `lhs`
    : Left attribute set of the merge.
    `rhs`
    : Right attribute set of the merge.
    # Type
    ```
    recursiveUpdate :: AttrSet -> AttrSet -> AttrSet
    ```
    # Examples
    :::{.example}
    ## `lib.attrsets.recursiveUpdate` usage example
    ```nix
    recursiveUpdate {
      boot.loader.grub.enable = true;
      boot.loader.grub.device = "/dev/hda";
    } {
      boot.loader.grub.device = "";
    }
    returns: {
      boot.loader.grub.enable = true;
      boot.loader.grub.device = "";
    }
    ```
    :::
  */
  recursiveUpdate =
    lhs: rhs:
    recursiveUpdateUntil (
      _: lhs: rhs:
      !(builtins.isAttrs lhs && builtins.isAttrs rhs)
    ) lhs rhs;
  /**
    Determine whether a string has given prefix.
    # Inputs
    `pref`
    : Prefix to check for
    `str`
    : Input string
    # Type
    ```
    hasPrefix :: string -> string -> bool
    ```
    # Examples
    :::{.example}
    ## `lib.strings.hasPrefix` usage example
    ```nix
    hasPrefix "foo" "foobar"
    => true
    hasPrefix "foo" "barfoo"
    => false
    ```
    :::
  */
  hasPrefix = pref: str: (builtins.substring 0 (builtins.stringLength pref) str == pref);
  /**
    Escape occurrence of the elements of `list` in `string` by
    prefixing it with a backslash.
    # Inputs
    `list`
    : 1\. Function argument
    `string`
    : 2\. Function argument
    # Type
    ```
    escape :: [string] -> string -> string
    ```
    # Examples
    :::{.example}
    ## `lib.strings.escape` usage example
    ```nix
    escape ["(" ")"] "(foo)"
    => "\\(foo\\)"
    ```
    :::
  */
  escape = list: builtins.replaceStrings list (builtins.map (c: "\\${c}") list);
  /**
    Convert a string `s` to a list of characters (i.e. singleton strings).
    This allows you to, e.g., map a function over each character.  However,
    note that this will likely be horribly inefficient; Nix is not a
    general purpose programming language. Complex string manipulations
    should, if appropriate, be done in a derivation.
    Also note that Nix treats strings as a list of bytes and thus doesn't
    handle unicode.
    # Inputs
    `s`
    : 1\. Function argument
    # Type
    ```
    stringToCharacters :: string -> [string]
    ```
    # Examples
    :::{.example}
    ## `lib.strings.stringToCharacters` usage example
    ```nix
    stringToCharacters ""
    => [ ]
    stringToCharacters "abc"
    => [ "a" "b" "c" ]
    stringToCharacters "🦄"
    => [ "<EFBFBD>" "<EFBFBD>" "<EFBFBD>" "<EFBFBD>" ]
    ```
    :::
  */
  stringToCharacters = s: builtins.genList (p: builtins.substring p 1 s) (builtins.stringLength s);
  /**
    Turn a string `s` into an exact regular expression
    # Inputs
    `s`
    : 1\. Function argument
    # Type
    ```
    escapeRegex :: string -> string
    ```
    # Examples
    :::{.example}
    ## `lib.strings.escapeRegex` usage example
    ```nix
    escapeRegex "[^a-z]*"
    => "\\[\\^a-z]\\*"
    ```
    :::
  */
  escapeRegex = escape (stringToCharacters "\\[{()^$?*+|.");
  /**
    Appends string context from string like object `src` to `target`.
    :::{.warning}
    This is an implementation
    detail of Nix and should be used carefully.
    :::
    Strings in Nix carry an invisible `context` which is a list of strings
    representing store paths. If the string is later used in a derivation
    attribute, the derivation will properly populate the inputDrvs and
    inputSrcs.
    # Inputs
    `src`
    : The string to take the context from. If the argument is not a string,
      it will be implicitly converted to a string.
    `target`
    : The string to append the context to. If the argument is not a string,
      it will be implicitly converted to a string.
    # Type
    ```
    addContextFrom :: string -> string -> string
    ```
    # Examples
    :::{.example}
    ## `lib.strings.addContextFrom` usage example
    ```nix
    pkgs = import <nixpkgs> { };
    addContextFrom pkgs.coreutils "bar"
    => "bar"
    ```
    The context can be displayed using the `toString` function:
    ```nix
    nix-repl> builtins.getContext (lib.strings.addContextFrom pkgs.coreutils "bar")
    {
      "/nix/store/m1s1d2dk2dqqlw3j90jl3cjy2cykbdxz-coreutils-9.5.drv" = { ... };
    }
    ```
    :::
  */
  addContextFrom = src: target: builtins.substring 0 0 src + target;
  /**
    Cut a string with a separator and produces a list of strings which
    were separated by this separator.
    # Inputs
    `sep`
    : 1\. Function argument
    `s`
    : 2\. Function argument
    # Type
    ```
    splitString :: string -> string -> [string]
    ```
    # Examples
    :::{.example}
    ## `lib.strings.splitString` usage example
    ```nix
    splitString "." "foo.bar.baz"
    => [ "foo" "bar" "baz" ]
    splitString "/" "/usr/local/bin"
    => [ "" "usr" "local" "bin" ]
    ```
    :::
  */
  splitString =
    sep: s:
    let
      splits = builtins.filter builtins.isString (
        builtins.split (escapeRegex (builtins.toString sep)) (builtins.toString s)
      );
    in
    builtins.map (addContextFrom s) splits;
  /**
    Remove duplicate elements from the `list`. O(n^2) complexity.
    # Inputs
    `list`
    : Input list
    # Type
    ```
    unique :: [a] -> [a]
    ```
    # Examples
    :::{.example}
    ## `lib.lists.unique` usage example
    ```nix
    unique [ 3 2 3 4 ]
    => [ 3 2 4 ]
    ```
    :::
  */
  unique = builtins.foldl' (acc: e: if builtins.elem e acc then acc else acc ++ [ e ]) [ ];
  /**
    Flip the order of the arguments of a binary function.
    # Inputs
    `f`
    : 1\. Function argument
    `a`
    : 2\. Function argument
    `b`
    : 3\. Function argument
    # Type
    ```
    flip :: (a -> b -> c) -> (b -> a -> c)
    ```
    # Examples
    :::{.example}
    ## `lib.trivial.flip` usage example
    ```nix
    flip concat [1] [2]
    => [ 2 1 ]
    ```
    :::
  */
  flip =
    f: a: b:
    f b a;
  /**
    `warn` *`message`* *`value`*
    Print a warning before returning the second argument.
    See [`builtins.warn`](https://nix.dev/manual/nix/latest/language/builtins.html#builtins-warn) (Nix >= 2.23).
    On older versions, the Nix 2.23 behavior is emulated with [`builtins.trace`](https://nix.dev/manual/nix/latest/language/builtins.html#builtins-warn), including the [`NIX_ABORT_ON_WARN`](https://nix.dev/manual/nix/latest/command-ref/conf-file#conf-abort-on-warn) behavior, but not the `nix.conf` setting or command line option.
    # Inputs
    *`message`* (String)
    : Warning message to print before evaluating *`value`*.
    *`value`* (any value)
    : Value to return as-is.
    # Type
    ```
    String -> a -> a
    ```
  */
  warn =
    # Since Nix 2.23, https://github.com/NixOS/nix/pull/10592
    builtins.warn or (
      let
        mustAbort = builtins.elem (builtins.getEnv "NIX_ABORT_ON_WARN") [
          "1"
          "true"
          "yes"
        ];
      in
      # Do not eta reduce v, so that we have the same strictness as `builtins.warn`.
      msg: v:
      # `builtins.warn` requires a string message, so we enforce that in our implementation, so that callers aren't accidentally incompatible with newer Nix versions.
      assert builtins.isString msg;
      if mustAbort then
        builtins.trace "[1;31mevaluation warning:[0m ${msg}" (
          abort "NIX_ABORT_ON_WARN=true; warnings are treated as unrecoverable errors."
        )
      else
        builtins.trace "[1;35mevaluation warning:[0m ${msg}" v
    );
 }
--- a/machines/nixos/bridge01/secrets/secrets.nix
+++ b/machines/nixos/bridge01/secrets/secrets.nix
@ -2,6 +2,6 @@
 #
 # SPDX-License-Identifier: EUPL-1.2
-(import ../../../../keys.nix).mkSecrets [ "bridge01" ] [
+(import ../../../../keys).mkSecrets [ "bridge01" ] [
  # List of secrets for bridge01
 ]
--- a/machines/nixos/build01/_configuration.nix
+++ b/machines/nixos/build01/_configuration.nix
@ -0,0 +1,26 @@
 # SPDX-FileCopyrightText: 2025 Elias Coppens <elias@dgnum.eu>
 #
 # SPDX-License-Identifier: EUPL-1.2
 { lib, ... }:
 lib.extra.mkConfig {
  enabledModules = [
    "dgn-forgejo-runners"
  ];
  enabledServices = [
    "nix-builder"
  ];
  extraConfig = {
    dgn-forgejo-runners = {
      nbRunners = 16;
      dataDirectory = "/data";
    };
    services.netbird.enable = true;
  };
  root = ./.;
 }
--- a/machines/nixos/build01/_hardware-configuration.nix
+++ b/machines/nixos/build01/_hardware-configuration.nix
@ -0,0 +1,59 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 {
  config,
  lib,
  modulesPath,
  ...
 }:
 {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  boot = {
    initrd = {
      availableKernelModules = [
        "xhci_pci"
        "nvme"
        "megaraid_sas"
        "ehci_pci"
        "ahci"
        "usbhid"
        "sd_mod"
      ];
      kernelModules = [ "dm-snapshot" ];
    };
    kernelModules = [ "kvm-amd" ];
    extraModulePackages = [ ];
  };
  fileSystems = {
    "/" = {
      device = "/dev/disk/by-uuid/fed99278-0916-4d9c-b974-c7125d3557b3";
      fsType = "xfs";
    };
    "/data" = {
      device = "/dev/disk/by-uuid/69b62f16-7db1-4720-a115-fd3b8dafe123";
      fsType = "xfs";
    };
    "/boot" = {
      device = "/dev/disk/by-uuid/1372-46EA";
      fsType = "vfat";
      options = [
        "fmask=0022"
        "dmask=0022"
      ];
    };
  };
  swapDevices = [
    { device = "/dev/disk/by-uuid/34b9e0ab-c579-4293-849c-78f5093cf35a"; }
  ];
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/machines/nixos/build01/nix-builder.nix
+++ b/machines/nixos/build01/nix-builder.nix
@ -0,0 +1,64 @@
 # SPDX-FileCopyrightText: 2025 Elias Coppens <elias@dgnum.eu>
 #
 # SPDX-License-Identifier: EUPL-1.2
 {
  pkgs,
  lib,
  meta,
  ...
 }:
 {
  config = {
    dgn-access-control.users = lib.genAttrs meta.organization.groups.nix-builder (u: lib.singleton u);
    security.pam.loginLimits = [
      {
        domain = "*";
        item = "nofile";
        type = "-";
        value = "20480";
      }
    ];
    systemd.services.nix-daemon.serviceConfig = {
      MemoryAccounting = true;
      MemoryMax = "450G";
      MemoryHigh = "440G";
      MemorySwapMax = "2G";
      ManagedOOMSwap = "kill";
      ManagedOOMMemoryPressure = "kill";
      MemoryPressureWatch = "on";
    };
    nix = {
      gc = {
        automatic = true;
        dates = lib.mkForce "*:45";
        options = lib.mkForce ''--max-freed "$((128 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"'';
        randomizedDelaySec = "1800";
      };
      nrBuildUsers = 128;
      settings = {
        keep-outputs = false;
        keep-derivations = false;
        use-cgroups = true;
        http-connections = 0;
        auto-allocate-uids = true;
        cores = 0;
        max-jobs = 8;
        fsync-metadata = true;
        experimental-features = [
          "auto-allocate-uids"
          # "ca-derivations" this feature is really extremely broken.
          "cgroups"
          "fetch-closure"
          "impure-derivations"
        ];
      };
    };
  };
 }
--- a/machines/nixos/build01/secrets/forgejo_runners-token_file
+++ b/machines/nixos/build01/secrets/forgejo_runners-token_file
@ -0,0 +1,31 @@
 age-encryption.org/v1
 -> ssh-ed25519 jIXfPA plGvUUrRbdkfNyD4UGIjjkv3Ktu4iqL4dImFZzWnqWA
 asE0N7d6lqnOFJWoU+V1bCLhlD5oFAkjs9HSM+ps6Ak
 -> ssh-ed25519 QlRB9Q hagbD6do4gKBuRBN8m8cDL6K0RFmiJwpvJOtAaPKXnA
 9727tWz+PhGm/bycXUUQHV3YqeXc0AD/mM1DvTrBLC4
 -> ssh-ed25519 r+nK/Q bnu+1g77I2LLnXNHZWMkIrgJpxpwJ1ZYgdAL4HE6hCo
 cDLyOiULyjO9s6PACs6Ou6m5h0XcDzbdc7o2P7OAizQ
 -> ssh-rsa krWCLQ
 X8SpFIBmd7LOnJqI+V3MWlaYB8f4Mron5IKYZGrqRPWzLrrkAkJsr1QdV4K9vepe
 zQsHecw8VvCKQesAKFrKTZxF8oXvoJU3GP5q9IVISLuEv8nLxgyhhLqQQqPVWLbC
 0nGGtbke2Xw2QXgUpoe6GdZ53Neg2BShUmV6SYoGeTwdxGmuL6nFH7UMzwsKWLW5
 95CoXfRyp4oxV7FQscuewPL+tNHXh6DoeW8Qlr3rxxgJkCSNMp+EchZJZOroGmtd
 SQb2SgFs712x9han1vNR7Dn3o270xa/AVldmjRBNvDGyNefItb20OP4n3bWSK3b1
 ejR3mZyP5SU2+Pr6navc0w
 -> ssh-ed25519 /vwQcQ NQSD4lKvM7uWm0deYyc22DC7/IGYve0XB9Zg8yOY5GE
 hpDWSKnlW6BtyKlXXS1anB78CvK+mnsm3BOxht7mL4Y
 -> ssh-ed25519 0R97PA i4DSi49b4vQpt3hjiHPn0/H9MzyvHz0OEPJXcvn+G1M
 C9uEKNTPRK8f4d2AYnPqDwTqDOV0SHmG/x/529l3YLA
 -> ssh-ed25519 JGx7Ng 5WgVespkMD/X/67sBoF2RbG+YXu06UuSozHrLJSn2xE
 pISCxxw/Hg9GBxh33gW6JO2mLKrdvSUVb6+AHMHwTtE
 -> ssh-ed25519 bUjjig 14Ocpj1tCsZ5lZQ32wDHsO9iFkrNi8wZS8NUhQ5HEh0
 ZbX31ejXuqmgKD1EcmH/B0zo1CeORzJn+QjrRuWNxh0
 -> ssh-ed25519 oRtTqQ dSGSGECezsXdDeyFcOSLIvKT0jdOs2d73/dRAeBuJjc
 2O/CXEu0rV5EdAewyvdA5XfLXMQvzEEtl8lPsBqICqk
 -> ssh-ed25519 IxxZqA BbHNkDUiEoWcwGjjrkFbOHCXvq2gEd8Rv7tt3p8fXHA
 yJsvxku/Kz26jTTEtuoHDLGO/gUotw/QZc+UwxCIwKE
 -> Tqc#'yq%-grease b
 X3iOhNF2FNp0ImC6uLsqjT1pAbNPBIxUCXLivDKbVIZYoBhtrLpQRJXoWK7GEakA
 8TkORCQQUYZIlNqu2Psfbi0
 --- 19Nolty0dET6QnYlxtieiluPP9R3HbrhEn5EDuFu/s4
 “˜?l÷6r] úfBžo<ŸŒ9Ç‰5M+Ší7íNõÏ¹äô%
Ñ.èœELÄ˜âÂÒw§¾snÑáã¬nšN
-×ØÌ¯pñûëËŠÓ
--- a/machines/nixos/build01/secrets/secrets.nix
+++ b/machines/nixos/build01/secrets/secrets.nix
@ -0,0 +1,7 @@
 # SPDX-FileCopyrightText: 2025 La Délégation Générale Numérique <contact@dgnum.eu>
 #
 # SPDX-License-Identifier: EUPL-1.2
 (import ../../../../keys).mkSecrets [ "build01" ] [
  "forgejo_runners-token_file"
 ]
--- a/machines/nixos/compute01/dgsi/default.nix
+++ b/machines/nixos/compute01/dgsi/default.nix
@ -14,7 +14,30 @@
 let
  inherit (lib) toLower;
-  pythonEnv = pkgs.python312.withPackages (
+  python =
    let
      python3 = pkgs.python312;
      nix-pkgs = import sources.nix-pkgs { inherit pkgs python3; };
    in
    python3.override {
      packageOverrides = _: _: {
        inherit (nix-pkgs)
          django-allauth
          django-allauth-cas
          django-browser-reload
          django-bulma-forms
          django-sass-processor
          django-sass-processor-dart-sass
          django-unfold
          pykanidm
          python-cas
          loadcredential
          xlwt
          ;
      };
    };
  pythonEnv = python.withPackages (
    ps:
    [
      ps.django
--- a/machines/nixos/compute01/kanidm/default.nix
+++ b/machines/nixos/compute01/kanidm/default.nix
@ -44,8 +44,6 @@ let
  usernameFor = member: meta.organization.members.${member}.username;
 in
 {
  nixpkgs.config.permittedInsecurePackages = [ "kanidm-1.3.3" ];
  services.kanidm = {
    enableServer = true;
--- a/machines/nixos/compute01/kanidm/secrets/secrets.nix
+++ b/machines/nixos/compute01/kanidm/secrets/secrets.nix
@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: EUPL-1.2
-(import ../../../../../keys.nix).mkSecrets [ "compute01" ] [
+(import ../../../../../keys).mkSecrets [ "compute01" ] [
  "kanidm-password_admin"
  "kanidm-password_idm_admin"
 ]
--- a/machines/nixos/compute01/secrets/secrets.nix
+++ b/machines/nixos/compute01/secrets/secrets.nix
@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: EUPL-1.2
-(import ../../../../keys.nix).mkSecrets [ "compute01" ] [
+(import ../../../../keys).mkSecrets [ "compute01" ] [
  # List of secrets for compute01
  "arkheon-env_file"
  "bupstash-put_key"
--- a/machines/nixos/geo01/secrets/secrets.nix
+++ b/machines/nixos/geo01/secrets/secrets.nix
@ -2,6 +2,6 @@
 #
 # SPDX-License-Identifier: EUPL-1.2
-(import ../../../../keys.nix).mkSecrets [ "geo01" ] [
+(import ../../../../keys).mkSecrets [ "geo01" ] [
  # List of secrets for geo01
 ]
--- a/machines/nixos/geo02/secrets/secrets.nix
+++ b/machines/nixos/geo02/secrets/secrets.nix
@ -2,6 +2,6 @@
 #
 # SPDX-License-Identifier: EUPL-1.2
-(import ../../../../keys.nix).mkSecrets [ "geo02" ] [
+(import ../../../../keys).mkSecrets [ "geo02" ] [
  # List of secrets for geo02
 ]
--- a/machines/nixos/hypervisor01/secrets/secrets.nix
+++ b/machines/nixos/hypervisor01/secrets/secrets.nix
@ -2,6 +2,6 @@
 #
 # SPDX-License-Identifer: EUPL-1.2
-(import ../../../../keys.nix).mkSecrets [ "hypervisor01" ] [
+(import ../../../../keys).mkSecrets [ "hypervisor01" ] [
 ]
--- a/machines/nixos/hypervisor02/secrets/secrets.nix
+++ b/machines/nixos/hypervisor02/secrets/secrets.nix
@ -2,6 +2,6 @@
 #
 # SPDX-License-Identifer: EUPL-1.2
-(import ../../../../keys.nix).mkSecrets [ "hypervisor02" ] [
+(import ../../../../keys).mkSecrets [ "hypervisor02" ] [
 ]
--- a/machines/nixos/hypervisor03/secrets/secrets.nix
+++ b/machines/nixos/hypervisor03/secrets/secrets.nix
@ -2,6 +2,6 @@
 #
 # SPDX-License-Identifer: EUPL-1.2
-(import ../../../../keys.nix).mkSecrets [ "hypervisor03" ] [
+(import ../../../../keys).mkSecrets [ "hypervisor03" ] [
 ]
--- a/machines/nixos/rescue01/secrets/secrets.nix
+++ b/machines/nixos/rescue01/secrets/secrets.nix
@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: EUPL-1.2
-(import ../../../../keys.nix).mkSecrets [ "rescue01" ] [
+(import ../../../../keys).mkSecrets [ "rescue01" ] [
  # List of secrets for rescue01
  "stateless-uptime-kuma-password"
 ]
--- a/machines/nixos/storage01/_configuration.nix
+++ b/machines/nixos/storage01/_configuration.nix
@ -9,6 +9,7 @@ lib.extra.mkConfig {
    # List of modules to enable
    "dgn-backups"
    "dgn-web"
    "dgn-forgejo-runners"
  ];
  enabledServices = [
--- a/machines/nixos/storage01/forgejo-runners.nix
+++ b/machines/nixos/storage01/forgejo-runners.nix
@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: EUPL-1.2
-{ config, pkgs, ... }:
+_:
 let
  url = "https://git.dgnum.eu";
@ -30,22 +30,10 @@ let
    };
 in
 {
-  services.forgejo-nix-runners = {
+  dgn-forgejo-runners = {
    enable = true;
    inherit url;
    storePath = "/data/slow";
    tokenFile = config.age.secrets."forgejo_runners-token_file".path;
    dependencies = [
      pkgs.npins
      pkgs.tea
    ];
    containerOptions = [ "--cpus=4" ];
    nbRunners = 6;
    nbCpus = 4;
    dataDirectory = "/data/slow";
  };
  services.gitea-actions-runner.instances = builtins.mapAttrs (_: mkRunner) {
@ -63,23 +51,4 @@ in
      labels = [ "debian-latest:docker://node:20-bookworm" ];
    };
  };
  virtualisation = {
    podman = {
      enable = true;
      defaultNetwork.settings = {
        dns_enable = true;
        ipv6_enabled = true;
      };
    };
    containers.storage.settings = {
      storage = {
        driver = "overlay";
        graphroot = "/data/slow/containers/storage";
        runroot = "/run/containers/storage";
      };
    };
  };
 }
--- a/machines/nixos/storage01/forgejo.nix
+++ b/machines/nixos/storage01/forgejo.nix
@ -79,8 +79,7 @@ in
        "cron.git_gc_repos".ENABLED = true;
        "cron.update_checker".ENABLED = false;
      };
-
+      secrets.mailer.PASSWD = config.age.secrets."forgejo-mailer_password_file".path;
      mailerPasswordFile = config.age.secrets."forgejo-mailer_password_file".path;
    };
  };
--- a/machines/nixos/storage01/secrets/secrets.nix
+++ b/machines/nixos/storage01/secrets/secrets.nix
@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: EUPL-1.2
-(import ../../../../keys.nix).mkSecrets [ "storage01" ] [
+(import ../../../../keys).mkSecrets [ "storage01" ] [
  # List of secrets for storage01
  "bupstash-put_key"
  "forgejo-mailer_password_file"
--- a/machines/nixos/tower01/secrets/secrets.nix
+++ b/machines/nixos/tower01/secrets/secrets.nix
@ -2,6 +2,6 @@
 #
 # SPDX-License-Identifer: EUPL-1.2
-(import ../../../../keys.nix).mkSecrets [ "tower01" ] [
+(import ../../../../keys).mkSecrets [ "tower01" ] [
 ]
--- a/machines/nixos/vault01/networking.nix
+++ b/machines/nixos/vault01/networking.nix
@ -207,6 +207,7 @@ in
            IPv6AcceptRA = false;
            IPv6SendRA = false;
          };
          linkConfig.MTUBytes = 1500;
        };
        "50-wg0" = {
          name = "wg0";
--- a/machines/nixos/vault01/secrets/secrets.nix
+++ b/machines/nixos/vault01/secrets/secrets.nix
@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: EUPL-1.2
-(import ../../../../keys.nix).mkSecrets [ "vault01" ] [
+(import ../../../../keys).mkSecrets [ "vault01" ] [
  # List of secrets for vault01
  "radius-auth_token_file"
  "radius-ca_pem_file"
--- a/machines/nixos/web01/secrets/secrets.nix
+++ b/machines/nixos/web01/secrets/secrets.nix
@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: EUPL-1.2
-(import ../../../../keys.nix).mkSecrets [ "web01" ] [
+(import ../../../../keys).mkSecrets [ "web01" ] [
  # List of secrets for web01
  "acme-certs_secret"
  "bupstash-put_key"
--- a/machines/nixos/web02/cas-eleves/default.nix
+++ b/machines/nixos/web02/cas-eleves/default.nix
@ -19,9 +19,18 @@ let
  port = 9889;
-  python3 = pkgs.python312.override {
+  python3 =
-    packageOverrides = _: prev: {
+    let
-      django-cas-server = prev.django-cas-server.overridePythonAttrs (_: {
+      nix-pkgs = import sources.nix-pkgs {
        inherit pkgs;
        python3 = pkgs.python312;
      };
    in
    pkgs.python312.override {
      packageOverrides = _: _: {
        inherit (nix-pkgs) django-browser-reload django-bulma-forms loadcredential;
        django-cas-server = nix-pkgs.django-cas-server.overridePythonAttrs (_: {
          patches = [ ./01-pytest-cas.patch ];
        });
      };
--- a/machines/nixos/web02/kadenios/default.nix
+++ b/machines/nixos/web02/kadenios/default.nix
@ -16,11 +16,28 @@ let
  host = "vote.dgnum.eu";
  port = 9888;
  python3 =
    let
      nix-pkgs = import sources.nix-pkgs { inherit pkgs; };
    in
    pkgs.python3.override {
      packageOverrides = _: _: {
        inherit (nix-pkgs)
          authens
          django-background-tasks
          django-browser-reload
          django-bulma-forms
          django-translated-fields
          loadcredential
          ;
      };
    };
  pythonEnv =
    {
      debug ? false,
    }:
-    pkgs.python3.withPackages (
+    python3.withPackages (
      ps:
      [
        ps.django
--- a/machines/nixos/web02/secrets/secrets.nix
+++ b/machines/nixos/web02/secrets/secrets.nix
@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: EUPL-1.2
-(import ../../../../keys.nix).mkSecrets [ "web02" ] [
+(import ../../../../keys).mkSecrets [ "web02" ] [
  # List of secrets for web02
  "cas_eleves-secret_key_file"
  "kadenios-secret_key_file"
--- a/machines/nixos/web03/django-apps/annuaire.nix
+++ b/machines/nixos/web03/django-apps/annuaire.nix
@ -3,10 +3,16 @@
 # SPDX-License-Identifier: EUPL-1.2
 {
  pkgs,
  sources,
  config,
  ...
 }:
 let
  nix-pkgs = import sources.nix-pkgs { inherit pkgs; };
 in
 {
  services.django-apps.sites.annuaire = {
    source = "https://git.dgnum.eu/DGNum/annuaire-eleves";
@ -20,6 +26,10 @@
    webHookSecret = config.age.secrets."webhook-annuaire_token".path;
    python = pkgs.python3.override {
      packageOverrides = _: _: { inherit (nix-pkgs) authens loadcredential; };
    };
    dependencies = ps: [
      ps.django
      ps.pillow
--- a/machines/nixos/web03/django-apps/bocal.nix
+++ b/machines/nixos/web03/django-apps/bocal.nix
@ -3,10 +3,16 @@
 # SPDX-License-Identifier: EUPL-1.2
 {
  pkgs,
  sources,
  config,
  ...
 }:
 let
  nix-pkgs = import sources.nix-pkgs { inherit pkgs; };
 in
 {
  services.django-apps.sites.bocal = {
    source = "https://git.dgnum.eu/DGNum/www-bocal";
@ -20,6 +26,10 @@
    webHookSecret = config.age.secrets."webhook-bocal_token".path;
    python = pkgs.python3.override {
      packageOverrides = _: _: { inherit (nix-pkgs) django-cas-ng django-solo loadcredential; };
    };
    dependencies = ps: [
      ps.django
      ps.django-cas-ng
--- a/machines/nixos/web03/django-apps/ernestophone.nix
+++ b/machines/nixos/web03/django-apps/ernestophone.nix
@ -3,10 +3,16 @@
 # SPDX-License-Identifier: EUPL-1.2
 {
  pkgs,
  sources,
  config,
  ...
 }:
 let
  nix-pkgs = import sources.nix-pkgs { inherit pkgs; };
 in
 {
  services.django-apps.sites.ernestophone = {
    source = "https://git.dgnum.eu/DGNum/ernestophone.ens.fr";
@ -25,6 +31,17 @@
    webHookSecret = config.age.secrets."webhook-ernestophone_token".path;
    python = pkgs.python3.override {
      packageOverrides = _: _: {
        inherit (nix-pkgs)
          django-avatar
          django-cas-ng
          django-solo
          loadcredential
          ;
      };
    };
    dependencies = ps: [
      ps.django
      ps.django-avatar
--- a/machines/nixos/web03/django-apps/gestiojeux.nix
+++ b/machines/nixos/web03/django-apps/gestiojeux.nix
@ -3,10 +3,16 @@
 # SPDX-License-Identifier: EUPL-1.2
 {
  pkgs,
  sources,
  config,
  ...
 }:
 let
  nix-pkgs = import sources.nix-pkgs { inherit pkgs; };
 in
 {
  services.django-apps.sites.gestiojeux = {
    source = "https://git.dgnum.eu/DGNum/gestiojeux";
@ -25,8 +31,18 @@
      module = "gestiojeux";
    };
-    django = ps: ps.django_4;
+    python = pkgs.python3.override {
      packageOverrides = _: _: {
        inherit (nix-pkgs)
          django-autoslug
          django-cas-ng
          loadcredential
          markdown-icons
          ;
      };
    };
    django = ps: ps.django_4;
    dependencies = ps: [
      ps.django-autoslug
      ps.loadcredential
--- a/machines/nixos/web03/django-apps/interludes.nix
+++ b/machines/nixos/web03/django-apps/interludes.nix
@ -4,9 +4,15 @@
 {
  config,
  pkgs,
  sources,
  ...
 }:
 let
  nix-pkgs = import sources.nix-pkgs { inherit pkgs; };
 in
 {
  services.webhook.extraArgs = [ "-debug" ];
  services.django-apps.sites.interludes = {
@ -30,6 +36,10 @@
    dbType = "sqlite";
    python = pkgs.python3.override {
      packageOverrides = _: _: { inherit (nix-pkgs) python-cas loadcredential; };
    };
    django = ps: ps.django_4;
    dependencies = ps: [
      ps.loadcredential
--- a/machines/nixos/web03/django-apps/wikiens.nix
+++ b/machines/nixos/web03/django-apps/wikiens.nix
@ -3,10 +3,16 @@
 # SPDX-License-Identifier: EUPL-1.2
 {
  pkgs,
  sources,
  config,
  ...
 }:
 let
  nix-pkgs = import sources.nix-pkgs { inherit pkgs; };
 in
 {
  services.django-apps.sites.wikiens = {
    source = "https://git.dgnum.eu/DGNum/wiki-eleves";
@ -20,6 +26,17 @@
    webHookSecret = config.age.secrets."webhook-wikiens_token".path;
    python = pkgs.python3.override {
      packageOverrides = _: _: {
        inherit (nix-pkgs)
          django-allauth
          django-allauth-ens
          django-wiki
          loadcredential
          ;
      };
    };
    dependencies =
      ps:
      [
--- a/machines/nixos/web03/secrets/secrets.nix
+++ b/machines/nixos/web03/secrets/secrets.nix
@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: EUPL-1.2
-(import ../../../../keys.nix).mkSecrets [ "web03" ] [
+(import ../../../../keys).mkSecrets [ "web03" ] [
  # List of secrets for web03
  "bupstash-put_key"
  "dj_annuaire-secret_key_file"
--- a/meta/default.nix
+++ b/meta/default.nix
@ -12,9 +12,11 @@ lib:
 (lib.evalModules {
  modules = [
    ./options.nix
-    ./network.nix
+    {
-    ./nodes
+      network = import ./network.nix;
-    ./organization.nix
+      nodes = import ./nodes;
      organization = import ./organization.nix;
    }
  ];
  class = "dgnumMeta";
 }).config
--- a/meta/network.nix
+++ b/meta/network.nix
@ -6,7 +6,6 @@
 # SPDX-License-Identifier: EUPL-1.2
 {
  network = {
  bridge01 = {
    hostId = "f57f3ba0";
@ -14,6 +13,25 @@
    netbirdIp = null;
  };
  build01 = {
    interfaces = {
      enp35s0f0np0 = {
        ipv4 = [
          {
            address = "10.0.254.21";
            prefixLength = 24;
          }
        ];
        gateways = [ "10.0.254.1" ];
        enableDefaultDNS = true;
      };
    };
    hostId = "adb676ce";
    netbirdIp = "100.80.31.249";
  };
  compute01 = {
    interfaces = {
      eno1 = {
@ -288,5 +306,4 @@
    hostId = "8afc7749";
    netbirdIp = "100.80.157.46";
  };
  };
 }
--- a/meta/nodes/default.nix
+++ b/meta/nodes/default.nix
@ -2,10 +2,9 @@
 # SPDX-FileContributor: Ryan Lahfa <ryan.lahfa@dgnum.eu>
 #
 # SPDX-License-Identifier: EUPL-1.2
-{
+
-  imports = [
+builtins.foldl' (nodes: path: nodes // import path) { } [
  ./liminix.nix
  ./nixos.nix
  ./netconf.nix
-  ];
+]
 }
--- a/meta/nodes/liminix.nix
+++ b/meta/nodes/liminix.nix
@ -16,7 +16,6 @@
 # }
 {
  nodes = {
  ap01 = {
    site = "unknown";
    adminGroups = [ "fai" ];
@ -30,5 +29,4 @@
      version = "24.05";
    };
  };
  };
 }
--- a/meta/nodes/netconf.nix
+++ b/meta/nodes/netconf.nix
@ -2,7 +2,6 @@
 #
 # SPDX-License-Identifier: EUPL-1.2
 {
  nodes = {
  netcore02 = {
    site = "hyp01";
@ -47,5 +46,4 @@
  #      system = "netconf";
  #    };
  #  };
  };
 }
--- a/meta/nodes/nixos.nix
+++ b/meta/nodes/nixos.nix
@ -26,12 +26,9 @@
  - luj01 -> VM de Luj
 */
 {
  nodes = {
  bridge01 = {
    site = "hyp01";
      sshKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP5bS3iBXz8wycBnTvI5Qi79WLu0h4IVv/EOdKYbP5y7" ];
    hashedPassword = "$y$j9T$EPJdz70kselouXAVUmAH01$8nYbUBY9NPTMfYigegY0qFSdxJwhqzW8sFacDqEYCP5";
    stateVersion = "24.05";
@ -52,11 +49,28 @@
    };
  };
  build01 = {
    site = "pot01";
    hashedPassword = "$y$j9T$n83qOn1OkQhFwQe50tPM11$jZ1tvgqMTcp4HLGEfJmTMsf0NnRUYQkzco9vibWTpU2";
    stateVersion = "24.11";
    nixpkgs = {
      version = "24.11";
      system = "nixos";
    };
    admins = [ "ecoppens" ];
    deployment = {
      targetHost = "build01.dgnum";
    };
  };
  compute01 = {
    site = "pav01";
      sshKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/YluSVS+4h3oV8CIUj0OmquyJXju8aEQy0Jz210vTu" ];
    hashedPassword = "$y$j9T$2nxZHq84G7fWvWMEaGavE/$0ADnmD9qMpXJJ.rWWH9086EakvZ3wAg0mSxZYugOf3C";
    stateVersion = "23.05";
@ -72,12 +86,8 @@
    site = "oik01";
    deployment.tags = [ "geo" ];
      sshKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEl6Pubbau+usQkemymoSKrTBbrX8JU5m5qpZbhNx8p4" ];
    hashedPassword = "$y$j9T$2XmDpJu.QLhV57yYCh5Lf1$LK.X0HKB02Q0Ujvhj5nIofW2IRrIAL/Uxnvl9AXM1L8";
      deployment.targetHost = "geo01.dgnum";
    stateVersion = "24.05";
    nixpkgs = {
@ -90,12 +100,8 @@
    site = "oik01";
    deployment.tags = [ "geo" ];
      sshKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFNXaCS0/Nsu5npqQk1TP6wMHCVIOaj4pblp2tIg6Ket" ];
    hashedPassword = "$y$j9T$Q4fbMpSm9beWu4DPNAR9t0$dx/1pH4GPY72LpS5ZiECXAZFDdxwmIywztsX.qo2VVA";
      deployment.targetHost = "geo02.dgnum";
    stateVersion = "24.05";
    nixpkgs = {
@ -116,8 +122,6 @@
      system = "nixos";
    };
      sshKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINPE0typcnvSioMfdLUloIfR5zcf/X0k6201xMHoQBCr" ];
    adminGroups = [ "hypervisors" ];
    deployment = {
@ -137,8 +141,6 @@
      system = "nixos";
    };
      sshKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPETkWlOfESXQic+HgfGLV/T4Nqg0WjdDbEqtgDwkH+S" ];
    adminGroups = [ "hypervisors" ];
    deployment = {
@ -153,8 +155,6 @@
    stateVersion = "24.11";
      sshKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLF0mxSGitsDE3/YXfrHNjtOMUt4HT2MbryyUKPLSBI" ];
    nixpkgs = {
      version = "24.11";
      system = "nixos";
@ -170,8 +170,6 @@
  rescue01 = {
    site = "luj01";
      sshKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJa02Annu8o7ggPjTH/9ttotdNGyghlWfU9E8pnuLUf" ];
    deployment.targetHost = "v6.rescue01.luj01.infra.dgnum.eu";
    hashedPassword = "$y$j9T$nqoMMu/axrD0m8AlUFdbs.$UFVmIdPAOHBe2jJv5HJJTcDgINC7LTnSGRQNs9zS1mC";
@ -188,8 +186,6 @@
  storage01 = {
    site = "pav01";
      sshKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA0s+rPcEcfWCqZ4B2oJiWT/60awOI8ijL1rtDM2glXZ" ];
    hashedPassword = "$y$j9T$tvRu1EJ9MwDSvEm0ogwe70$bKSw6nNteN0L3NOy2Yix7KlIvO/oROQmQ.Ynq002Fg8";
    stateVersion = "23.11";
@ -200,7 +196,6 @@
    };
    nix-modules = [
        "services/forgejo-nix-runners"
      "services/netbird/server.nix"
    ];
  };
@ -210,10 +205,6 @@
    hashedPassword = "$y$j9T$axihKDa.CrYcyoamJWxBq1$bl4TfropTrwLqMy6XK0DKkWRyx9b74kyI/ukE8X5iiD";
      sshKeys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICVpR+TMRLGAfhn7Q0C3tKOydYYjfoC/e1ZYbKpby01Z"
      ];
    stateVersion = "24.11";
    nixpkgs = {
@ -228,8 +219,6 @@
    site = "hyp01";
    deployment.targetHost = "vault01.hyp01.infra.dgnum.eu";
      sshKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJA6VA7LENvTRlKdcrqt8DxDOPvX3bg3Gjy9mNkdFEW" ];
    hashedPassword = "$y$j9T$5osXVNxCDxu3jIndcyh7G.$UrjiDRpMu3W59tKHLGNdLWllZh.4p8IM4sBS5SrNrN1";
    stateVersion = "23.11";
@ -247,8 +236,6 @@
    deployment.tags = [ "web" ];
      sshKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR+lewuJ/zhCyizJGJOH1UaAB699ItNKEaeuoK57LY5" ];
    hashedPassword = "$y$j9T$9YqXO93VJE/GP3z8Sh4h51$hrBsEPL2O1eP/wBZTrNT8XV906V4JKbQ0g04IWBcyd2";
    stateVersion = "23.05";
@ -263,8 +250,6 @@
  web02 = {
    site = "rat01";
      sshKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID+QDE+GgZs6zONHvzRW15BzGJNW69k2BFZgB/Zh/tLX" ];
    hashedPassword = "$y$j9T$p42UVNy78PykkQOjPwXNJ/$B/zCUOrHXVSFGUY63wnViMiSmU2vCWsiX0y62qqgNQ5";
    stateVersion = "24.05";
@ -279,8 +264,6 @@
  web03 = {
    site = "rat01";
      sshKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICrWsMEfK86iaO9SubMqE2UvZNtHkLY5VUod/bbqKC0L" ];
    hashedPassword = "$y$j9T$Un/tcX5SPKNXG.sy/BcTa.$kyNHELjb1GAOWnauJfcjyVi5tacWcuEBKflZDCUC6x4";
    stateVersion = "24.05";
@ -291,5 +274,4 @@
      system = "nixos";
    };
  };
  };
 }
--- a/meta/options.nix
+++ b/meta/options.nix
@ -22,8 +22,6 @@ let
    ints
    listOf
    nullOr
    positive
    singleLineStr
    str
    submodule
    unspecified
@ -44,22 +42,6 @@ let
      };
    };
  vpnKeyType = submodule {
    options = {
      id = mkOption {
        type = positive;
        description = ''
          Unique ID that will be  used to guess IP address
        '';
      };
      key = mkOption {
        type = str;
        description = ''
          Public key of the user for this VPN
        '';
      };
    };
  };
  org = config.organization;
  nixpkgs = import ./nixpkgs.nix;
 in
@ -95,24 +77,6 @@ in
                    WARNING: Must be the same as the ens login!
                  '';
                };
                sshKeys = lib.mkOption {
                  type = listOf singleLineStr;
                  description = ''
                    A list of verbatim OpenSSH public keys that should be added to the
                    user's authorized keys.
                  '';
                  example = [
                    "ssh-rsa AAAAB3NzaC1yc2etc/etc/etcjwrsh8e596z6J0l7 example@host"
                    "ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ foo@bar"
                  ];
                };
                vpnKeys = mkOption {
                  type = attrsOf vpnKeyType;
                  default = { };
                  description = "Attribute sets to define vpn keys of the user";
                };
              };
            }
          )
@ -215,18 +179,6 @@ in
                '';
              };
              sshKeys = lib.mkOption {
                type = listOf singleLineStr;
                default = [ ];
                description = ''
                  A list of verbatim OpenSSH public keys used by the machine ssh server.
                '';
                example = [
                  "ssh-rsa AAAAB3NzaC1yc2etc/etc/etcjwrsh8e596z6J0l7 example@host"
                  "ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ foo@bar"
                ];
              };
              admins = mkOption {
                type = listOf str;
                default = [ ];
@ -377,13 +329,6 @@ in
                  IP address of the node in the netbird network.
                '';
              };
              vpnKeys = mkOption {
                type = attrsOf vpnKeyType;
                default = { };
                description = "Attribute sets to define vpn keys of the machine";
              };
            };
            config =
@ -469,6 +414,12 @@ in
        (membersExists (
          name: "A member of the external service ${name} admins was not found in the members list."
        ) org.external)
        # Check that all members have ssh keys
        (builtins.map (name: {
          assertion = ((import ../keys)._keys.${name} or [ ]) != [ ];
          message = "No ssh keys found for ${name}.";
        }) members)
      ];
    };
 }
--- a/meta/organization.nix
+++ b/meta/organization.nix
@ -13,95 +13,61 @@
 */
 {
  organization = {
  members = {
    agroudiev = {
      name = "Antoine Groudiev";
      email = "antoine.groudiev@dgnum.eu";
        sshKeys = [
          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgyt3ntpcoI/I2n97R1hzjBiNL6R98S73fSi7pkSE/8mQbI8r9GzsPUBcxQ+tIg0FgwkLxTwF8DwLf0E+Le/rPznxBS5LUQaAktSQSrxz/IIID1+jN8b03vf5PjfKS8H2Tu3Q8jZXa8HNsj3cpySpGMqGrE3ieUmknd/YfppRRf+wM4CsGKZeS3ZhB9oZi3Jn22A0U/17AOJTnv4seq+mRZWRQt3pvQvpp8/2M7kEqizie/gTr/DnwxUr45wisqYYH4tat9Cw6iDr7LK10VCrK37BfFagMIZ08Hkh3c46jghjYNQWe+mBUWJByWYhTJ0AtYrbaYeUV1HVYbsRJ6bNx25K6794QQPaE/vc2Z/VK/ILgvJ+9myFSAWVylCWdyYpwUu07RH/jDBl2aqH62ESwAG7SDUUcte6h9N+EryAQLWc8OhsGAYLpshhBpiqZwzX90m+nkbhx1SqMbtt6TS+RPDEHKFYn8E6FBrf1FK34482ndq/hHXZ88mqzGb1nOnM="
        ];
    };
    catvayor = {
      name = "Lubin Bailly";
      email = "catvayor@dgnum.eu";
      username = "lbailly";
        sshKeys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor"
        ];
    };
    cst1 = {
      name = "Constantin Gierczak--Galle";
      email = "cst1@dgnum.eu";
      username = "cgierczakgalle";
        sshKeys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrijwPlb7KQkYPLznMPVzPPT69cLzhEsJzZi9tmxzTh cst1@x270"
        ];
    };
    ecoppens = {
      name = "Elias Coppens";
      email = "ecoppens@dgnum.eu";
        sshKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIGmU7yEOCGuGNt4PlQbzd0Cms1RePpo8yEA7Ij/+TdA" ];
    };
    jemagius = {
      name = "Jean-Marc Gailis";
      email = "jm@dgnum.eu";
      username = "jgailis";
        sshKeys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOoxmou5OU74GgpIUkhVt6GiB+O9Jy4ge0TwK5MDFJ2F"
          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxQX0JLRah3GfIOkua4ZhEJhp5Ykv55RO0SPrSUwCBs5arnALg8gq12YLr09t4bzW/NA9/jn7flhh4S54l4RwBUhmV4JSQhGu71KGhfOj5ZBkDoSyYqzbu206DfZP5eQonSmjfP6XghcWOr/jlBzw9YAAQkFxsQgXEkr4kdn0ZXfZGz6b0t3YUjYIuDNbptFsGz2V9iQVy1vnxrjnLSfc25j4et8z729Vpy4M7oCaE6a6hgon4V1jhVbg43NAE5gu2eYFAPIzO3E7ZI8WjyLu1wtOBClk1f+HMen3Tr+SX2PXmpPGb+I2fAkbzu/C4X/M3+2bL1dYjxuvQhvvpAjxFwmdoXW4gWJ3J/FRiFrKsiAY0rYC+yi8SfacJWCv4EEcV/yQ4gYwpmU9xImLaro6w5cOHGCqrzYqjZc4Wi6AWFGeBSNzNs9PXLgMRWeUyiIDOFnSep2ebZeVjTB16m+o/YDEhE10uX9kCCx3Dy/41iJ1ps7V4JWGFsr0Fqaz8mu8="
        ];
    };
    luj = {
      name = "Julien Malka";
      email = "luj@dgnum.eu";
      username = "jmalka";
        sshKeys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMBW7rTtfZL9wtrpCVgariKdpN60/VeAzXkh9w3MwbO julien@enigma"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa+7n7kNzb86pTqaMn554KiPrkHRGeTJ0asY1NjSbpr julien@tower"
        ];
    };
    mboyer = {
      name = "Matthieu Boyer";
      email = "matthieu.boyer@dgnum.eu";
      username = "mboyer02";
        sshKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGYnwZaFYvUxtJeNvpaA20rLfq8fOO4dFp7cIXsD8YNx" ];
    };
    mdebray = {
      name = "Maurice Debray";
      email = "maurice.debray@dgnum.eu";
        sshKeys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEpwF+XD3HgX64kqD42pcEZRNYAWoO4YNiOm5KO4tH6o maurice@polaris"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFdDnSl3cyWil+S5JiyGqOvBR3wVh+lduw58S5WvraoL maurice@fekda"
        ];
    };
    raito = {
      name = "Ryan Lahfa";
      email = "ryan@dgnum.eu";
      username = "rlahfa";
        sshKeys = [
          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0xMwWedkKosax9+7D2OlnMxFL/eV4CvFZLsbLptpXr"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU"
        ];
    };
    thubrecht = {
      name = "Tom Hubrecht";
      email = "tom.hubrecht@dgnum.eu";
        sshKeys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+EZXYziiaynJX99EW8KesnmRTZMof3BoIs3mdEl8L3"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHL4M4HKjs4cjRAYRk9pmmI8U0R4+T/jQh6Fxp/i1Eoy"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM1jpXR7BWQa7Sed7ii3SbvIPRRlKb3G91qC0vOwfJn"
        ];
    };
  };
@ -129,6 +95,14 @@
      "catvayor"
      "ecoppens"
    ];
    nix-builder = [
      "catvayor"
      "ecoppens"
      "mdebray"
      "raito"
      "thubrecht"
    ];
  };
  external = {
@ -164,5 +138,4 @@
    # Videos DGNum
    peertube.admins = [ "thubrecht" ];
  };
  };
 }
--- a/meta/verify.nix
+++ b/meta/verify.nix
@ -6,8 +6,8 @@
 # Nix expression to check if meta module is evaluating correctly.
 # To do so run `nix-build ./verify.nix`
 let
-  sources = import ../sources.nix;
+  sources = import ../npins;
-  pkgs = sources.bootstrapNixpkgs;
+  pkgs = import sources.nixpkgs { };
  dns = import sources."dns.nix" { inherit pkgs; };
 in
@ -32,7 +32,9 @@ in
      import ./dns.nix {
        inherit dns;
-        lib = sources.fullLib;
+        lib = pkgs.lib // {
          extra = import ../lib/nix-lib;
        };
      }
    )
  );
--- a/modules/liminix/dgn-access-control.nix
+++ b/modules/liminix/dgn-access-control.nix
@ -56,7 +56,7 @@ in
    # Admins have root access to the node
    dgn-access-control.users.root = mkDefault admins;
    users = builtins.mapAttrs (_: members: {
-      openssh.authorizedKeys.keys = dgn-keys.getMemberKeys members;
+      openssh.authorizedKeys.keys = dgn-keys.getKeys members;
    }) cfg.users;
  };
 }
--- a/modules/netconf/dgn-access-control.nix
+++ b/modules/netconf/dgn-access-control.nix
@ -56,7 +56,7 @@ in
    dgn-access-control.root = mkDefault admins;
    system = {
      root-authentication = {
-        ssh-keys = dgn-keys.getMemberKeys cfg.root;
+        ssh-keys = dgn-keys.getKeys cfg.root;
        hashedPasswd = nodeMeta.hashedPassword;
      };
      services.ssh.root-login = mkDefault "deny-password";
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@ -21,6 +21,7 @@
      "dgn-console"
      "dgn-chatops"
      "dgn-firewall"
      "dgn-forgejo-runners"
      "dgn-hardware"
      "dgn-netbox-agent"
      "dgn-network"
@ -43,6 +44,7 @@
      [
        "age-secrets"
        "services/bupstash"
        "services/forgejo-nix-runners"
        "services/reaction"
        "services/systemd-notify"
      ]
--- a/modules/nixos/dgn-access-control.nix
+++ b/modules/nixos/dgn-access-control.nix
@ -58,7 +58,8 @@ in
    users.users = builtins.mapAttrs (
      username: members:
      {
-        openssh.authorizedKeys.keys = dgn-keys.getMemberKeys members;
+        isNormalUser = lib.mkIf (username != "root") true;
        openssh.authorizedKeys.keys = dgn-keys.getKeys members;
      }
      // optionalAttrs (username == "root") { inherit (nodeMeta) hashedPassword; }
    ) cfg.users;
--- a/modules/nixos/dgn-backups/default.nix
+++ b/modules/nixos/dgn-backups/default.nix
@ -114,7 +114,7 @@ in
        access = [
          {
            repo = "default";
-            keys = dgn-keys.getNodeKeys [
+            keys = dgn-keys.getKeys [
              "compute01"
              "storage01"
              "vault01"
@ -131,7 +131,7 @@ in
    };
    programs.ssh.knownHosts =
-      lib.extra.mapFuse (host: { "${host}.dgnum".publicKey = builtins.head dgn-keys._nodeKeys.${host}; })
+      lib.extra.mapFuse (host: { "${host}.dgnum".publicKey = builtins.head dgn-keys._keys.${host}; })
        [
          "compute01"
          "geo01"
--- a/modules/nixos/dgn-backups/keys/secrets.nix
+++ b/modules/nixos/dgn-backups/keys/secrets.nix
@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: EUPL-1.2
-(import ../../../../keys.nix).mkSecrets [ ] [
+(import ../../../../keys).mkSecrets [ ] [
  "compute01.key"
  "storage01.key"
  "web01.key"
--- a/modules/nixos/dgn-forgejo-runners.nix
+++ b/modules/nixos/dgn-forgejo-runners.nix
@ -0,0 +1,91 @@
 # SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
 # SPDX-FileContributor: Elias Coppens <elias@dgnum.eu>
 #
 # SPDX-License-Identifier: EUPL-1.2
 {
  config,
  lib,
  pkgs,
  name,
  ...
 }:
 let
  inherit (lib) mkEnableOption mkIf mkOption;
  inherit (lib.types) int nullOr str;
  cfg = config.dgn-forgejo-runners;
 in
 {
  options.dgn-forgejo-runners = {
    enable = mkEnableOption "forgejo-nix-runners for the DGNum forge";
    nbRunners = mkOption {
      type = int;
      description = ''
        Number of runners to spawn.
      '';
    };
    nbCpus = mkOption {
      type = nullOr int;
      default = null;
      description = ''
        Maximum number of cores available for each runner.
        When set to null, there will be no restriction.
      '';
    };
    dataDirectory = mkOption {
      type = str;
      description = ''
        Base directory to store data for runners.
      '';
    };
  };
  config = mkIf cfg.enable {
    services.forgejo-nix-runners = {
      enable = true;
      url = "https://git.dgnum.eu";
      storePath = cfg.dataDirectory;
      tokenFile = config.age.secrets."forgejo_runners-token_file".path;
      names = [
        "on-${name}"
      ];
      dependencies = [
        pkgs.npins
        pkgs.tea
      ];
      containerOptions = lib.optional (cfg.nbCpus != null) "--cpus=${builtins.toString cfg.nbCpus}";
      inherit (cfg) nbRunners;
    };
    virtualisation = {
      podman = {
        enable = true;
        defaultNetwork.settings = {
          dns_enable = true;
          ipv6_enabled = true;
        };
      };
      containers.storage.settings = {
        storage = {
          driver = "overlay";
          graphroot = "${cfg.dataDirectory}/containers/storage";
          runroot = "/run/containers/storage";
        };
      };
    };
  };
 }
--- a/modules/nixos/dgn-netbox-agent/secrets/secrets.nix
+++ b/modules/nixos/dgn-netbox-agent/secrets/secrets.nix
@ -2,4 +2,4 @@
 #
 # SPDX-License-Identifier: EUPL-1.2
-{ netbox-agent.publicKeys = (import ../../../../keys.nix).machineKeysBySystem "nixos"; }
+{ netbox-agent.publicKeys = (import ../../../../keys).nixosMachineKeys; }
--- a/modules/nixos/dgn-notify/mail
+++ b/modules/nixos/dgn-notify/mail
@ -1,55 +1,56 @@
 age-encryption.org/v1
-> ssh-ed25519 jIXfPA tqrbtRQ1sOAfNdcydUswVCvTPlMOyxJk7KIWuVo0zTo
+-> ssh-ed25519 jIXfPA uwfDbp6deCl1ZuO/9HWEghRdmx6C48WYfrUSprsUhGw
-8NlgzrKyFh4K5NreS0CmBNQ2ZmiLZYpD+fhbqNX/aAQ
+/ram5+hhFm4otCrfe8ikxazml7GlXydSLnV6Gx88eeA
-> ssh-ed25519 QlRB9Q 9so2ZMz5fmmbqRpwEtJ0/u7iV+MLLLkDgODMfu6rdyo
+-> ssh-ed25519 QlRB9Q k5ASPvydXiyyIhcviZWBMrKBT5UQeY68Lvs7OSYVH0U
-mYpFyrEI3p5uIvogAeTTgC+bHNHBx+eR6VGKMx8hIQk
+VQD2FHyF76l+OI87JUvgz+4ZIpYZbTmojWr6w+0Ce4M
-> ssh-ed25519 r+nK/Q ldIiggaMYAi9twBQpG5w6EA1stvDYgznDytN/zN0IDM
+-> ssh-ed25519 r+nK/Q PKv1jnfLjPoevbENLT+BDrkzhngXmtDiepSDKZPPvXg
-bOqzUc4m/pecyG+6jv8HilAJKJS5ywiagv1IN3DMtEM
+Egz1qIKAoYwM9WnRIsxaVcMVnZQ4ejBZB2tWvuqPZto
 -> ssh-rsa krWCLQ
-OypBhkIZl8NGjojPR0Lg0A3SG9BhkA9oocO1zQqGh+gJdO1X8O3m5cIdxu7Ggw8s
+JxjsWDFX9cqlYYj8XfEz6WlO9xHM6Kjz/Bdkl0E9vRjP8RohPGvGjMwWTv5rAmYf
-RE+B41TWwEfOV0KfRdOBoVxTLYg027f5/EnlU0G5igGUCDt6vDgyScLsYkdiPUYs
+n4yMTfau5BNq04WOUoHEz+TJBLwgdGs0yLVrqauLVSSquNxNFaTDN7wIoq3YJ1sP
-7otyfXpCwM5eKpHV6q1qne91BjGXOiUpIPnlaOKXFvNkvNlihz9D1uw+n9vnsKGS
+66bqP7KqKfgYM+wPg07pnhEVm4T6io9IiH5D4utupSQGBGtXBNWeoORW2Q4XgqBg
-fb9jYX3fACcInbdnNOKeDSUE6+e6wj/ijOwGT8pL5X4cYmGslhfqk4WLubJIUoGx
+n5pPM+EIqCAGIH+iotKzQLAtn3JaxXBliY69JYXZ9m6eKonTGOnltLgAnkslEIm9
-6TTD0Qh0tiaWlbHJU6jB/Iv0zQgXDBvOCasN6Nlln+PYQnQ8N0gDRkQ8Eq+eKA2d
+qwArShZ5YKcEfO9QMioUnbiZU9MV+61ybq16ilWn2MfSUTXS4OBAtJxz6uu093D8
-19komclluvh6zNZQHXod/g
+jmGuhxzXKhB48P/frH/hRQ
-> ssh-ed25519 /vwQcQ l8YLbHxqW4Ynk9ElKIws+Z/cVvdYa9E/ELOt1gIkXww
+-> ssh-ed25519 /vwQcQ riG1XuW1BCD0xyVeRSgBNrnVmnzL13eor65GEr6AxgM
-nENmHEF5A73imF1H0m+Zn7Fzf2EFTyRPX8HTkgfWvLk
+N08UbQEOhWsAZyazEN59ztZ7XcXpxSVS2i5m2on1R5k
-> ssh-ed25519 0R97PA FVqDeagt+Q8qXxLNaSU5AttATiVmHyQlZT2mv7ETshs
+-> ssh-ed25519 0R97PA abXQZeB5lRIGNdR/a0uh0o6nU62ZgJgP/Ifo2Sa8VkQ
-XG9/OKfvS/Q1yHHHexCeJ3/5HTu/oe8O5lIZJouANv0
+dP2djzaPrNoXAs7Wf9hPQ7cAi2lABLfm/XNW7x3G4XM
-> ssh-ed25519 JGx7Ng xuF0PD3YtE8kqWBH+OnxI+Qw6AQZ9Ib53xpSm9NMrGs
+-> ssh-ed25519 JGx7Ng bgExR1n+lL4Nth44hAlaPwJyTOJnX0HzzTV13UCvEBg
-wLVrBPL4KKWf5AKIN7MZfIAzOoaeqnf7XswaSt8UHKQ
+rEjfzKhpwMUQCAxX8u7duZeZURdwtEwtE9rngMYMA5M
-> ssh-ed25519 bUjjig 1Ekic+sPi08+xo5Lx38SsIN78ODOaJJpuMPorgelIn4
+-> ssh-ed25519 bUjjig bAhLFnqdVKEzST6m7NWGeqInuNQyclLYFNzjBJOEmmE
-icUH+He/zxMhoDsakE8lJ1BCkeuwm3izXVnugQrxoCk
+rVRcUfyfMG2EpIucz65bOuC1PVuNjKU285czNjKwJ2k
-> ssh-ed25519 DqHxWQ oQ1K9/CaOXBCqckeGC2M8rXtPiOSFFetK51+LU5NLGw
+-> ssh-ed25519 DqHxWQ j0yUDi5WL76b9ywKcBA0TAX6ilQMXApiPWMgDFucxHc
-zX2MVGKe7jdoPfJhWHd3M0cJ9uczWyyUqzFOZhP8DCM
+8NynFQxLhhvyMLeHY7jBxvEGkbDeItSN9GxyMvpCmJo
-> ssh-ed25519 tDqJRg btCKh9SJuHDiGIQu3FNf3a04p6Qm9EYoTOMaxBFFbCs
+-> ssh-ed25519 IxxZqA 7fkr+YUngEszyOXKf5ba26X08LALDEZh1YdP2lmBD1s
-xsGNb+7jXb5MJbnNAJBZRwBvd7a0uFk8cZWWz0xPLKE
+qQhTzEV7K0AIRcNQHrBmGjViBfxMhfTc74ez4oRYz88
-> ssh-ed25519 9pVK7Q bjH8hNGrjV1euwfetjy+P7FmmVEqg+D2VsyIbPN6dBM
+-> ssh-ed25519 tDqJRg 3lNl0f4EI5iGfkOEwgsdbuqFH/Ii7aSLC/ZTPXVPejc
-Ut+81wp4IaHYgR7mjAHiPi3uC5K5l/wLrtUEwxxhVs0
+0NiYrCEhLaQF2zycyNT358CKVnhPLU5bibKZONWiISs
-> ssh-ed25519 /BRpBQ nYOgDzHkeh2T3vcC0c3X+/5GPmn4AOavPaLtluG9/X8
+-> ssh-ed25519 9pVK7Q r7ug0wHYoccWduiMCC8nbPB0zKTUOJHJGuL6Cex0r38
-yLeebplBqT7cbo7mgZJvbqVOf1SPFFAs/P8lwVUBjnE
+SJZ2al16eRaKR02RIAJeRtlwjqIsGO5kpyaKRq9BsRg
-> ssh-ed25519 t0vvHQ R14ScgZyALLYI9VQXC9ulRiIT6pKeNjsUETqmf39Ajk
+-> ssh-ed25519 /BRpBQ 98rwPrpOBbpjz38FEArCgEv1MqXWsak65tRrfQykrHA
-8sATMxF2qt2ZquQkL8lUjtYYCE/c6HAV7CzVBXgAlzY
+nfzNG899bAb8dltFR9QrJ4Zb/xX5BL+vSQDD5vC/a2A
-> ssh-ed25519 E6cGqw 0kdE7TYnCGGB6laGnB67OFIdI5pKo9k/4M2hSZB8dVg
+-> ssh-ed25519 t0vvHQ +XZLiLJdJqMxRf6CZwJoS75uQ5b9BxToBUsscsvjCgs
-6ZbKr6REXl2e589LDQjTdXAOSxKo+Crzb/qU3UiT7Fo
+0IsEB8Q7ZVMzbQMUXVbHdBIC3bcAlhtKHrsjENMvNss
-> ssh-ed25519 EEPmeQ iKAT49L0Ps0DPUc/jHZ1eYPQvkouTbEaMMT1WgGgNGU
+-> ssh-ed25519 E6cGqw wYdLb3oelo2KDUrh9oDfxN26d/zLPZysKHTp8rxMnEY
-5tO5/612OXfDVgPkC+pObQJP/EqIljq1Sb5/sEQpKOo
+yJ5I2PL32is3cgrh06XRpITykFL282pmhEvCTLRAhQA
-> ssh-ed25519 +MNHsw +XV+vFgYZBjgS+MKcIx1YaZgV34konYI5r2okZWcpE0
+-> ssh-ed25519 EEPmeQ CQLZuD21cKyZOWJZxrEl2N4GnT/3nfkyv5GjK+aveCQ
-xBVIa8Zep/eRgD2gjPooTS5oQuzgjRxw3cvUrVhbFLM
+XMUaUgHw6mnFh9AEHTn/sRRe1VFGcKRjK4Ib1cNyFns
-> ssh-ed25519 rHotTw kpkPh9yUnPayJBCiUihPbSMIGiCMNV3Q9EX/GqrDuEY
+-> ssh-ed25519 +MNHsw Ir6Ev8iz1/jyOJJF6boc5T+yjzCtx+L7VtuPFua8WGA
-9U+MZrgXh8wWMr+YA+OFHzVtVoiNXusQIAKHSIv5dy4
+1sjWSysDuMJ9/hxaYRWF8so6TsdC/ZpLuK1r2AC/st0
-> ssh-ed25519 NaIdrw P7GGMkwEt5ueKMBok+EpEmuomOQtWMGjqShy2zMcziY
+-> ssh-ed25519 rHotTw 33l1xN6i1ST04iKhrtEdMNyGZyrEdJKjNma+Qat9p34
-D38Akh4B2IIhiMHm9L4BAlXkqtmRHBFNYnq7MBxuLEw
+FgdTjE9NpeR41h49lEbxNAuMTZyvZSVaYyT9PJEn+mU
-> ssh-ed25519 +mFdtQ q0Ry7jtJzq6UfKDbzfovl5KBjdJtOKxlzMBKOBt/wl4
+-> ssh-ed25519 NaIdrw OO+OV7X39UdIhust47t7/JOpWmRtxS5MeOFGkKoaKmw
-5LE2G25RaXJSNC88AUKZVsec9f6kRMTrRJH0f+rHjiw
+gaFE7kl9BQWMMolgkc3Q8HtaD2YlV+vRNyO2Q8FM6fI
-> ssh-ed25519 0IVRbA E9wi9oRwNigFI5Gx6rOzdQRmLsaG7bADK0JwevQnHHk
+-> ssh-ed25519 +mFdtQ YahBCDKX2N+mkYLQAlKPpd2ZypIDSMOqzO0+UcCH6wU
-R3ssmspGUasfQCiak6mbelWszIEfgBhoUSwTmVAZVHo
+IH0q2uTCo8OtF6IQGynKLe7rh4T12kSROuLr2dteoVM
-> ssh-ed25519 IY5FSQ XecGNqCa7W77aVxHu2PMyGP3kjJaIuMkPu/uxxmcTWM
+-> ssh-ed25519 0IVRbA Cvpi2cd3tVS3DL18C1OZsA0wHBxCCV2vWEhAu4L3CiE
-XBswdNeVgQzf1dHC7epw/R4aR+aPM/D6Ojfemv6h3Zw
+kIu/v9xU+0xfZ1ntnDY73GvPM6DfdXOK/nWoYp0d9o4
-> ssh-ed25519 VQSaNw W9s97+9Zp9HHHLujy3AfY6AmhXG06zubbKmzuHfI32E
+-> ssh-ed25519 IY5FSQ SAp5chelp2ahomzr9SIkaKLHQUA5BnHSwUzWrqJdpUc
-6sBZ/SCxyOAYxusVng5xTp2FIWP46svn9jHrGdDoITY
+CfEu14yiOq1KvU52zqYme6CTjhdykRNuhQIi2dgqKh0
-> QywF>>&-grease
+-> ssh-ed25519 VQSaNw ApDOYnJwe1LC5EKjBmSrsXvr73D1bG/MlTzJXEBQWGA
-an4MLFRuHd5YzvAuctEATrgtHX6ptlOPxRnGyFsIZEx4CVadG8bEn4+aPF64Bvxy
+1DtCyWFGlmrRdv01bqOPfL/jufaYLzrtNF2GGHpGuuY
-RXa8
+-> ~s)%%W-grease <vT lar/&
--- fF16JxCEn1JKV0R0onxLmfe1SJViPsfwcW/aNzakOlI
+qKU8Y2viz71kG8JlAT6i/UWF
-™dØë¦\YjÐÙ\¡:ìls–ZV¸¦©ë
ñ‹¶÷È"é³‰]…wOpì4àŒƒeÔÅ9¨Ï±üB9<42>
+--- 3nsxdyr8AeVlK8l2fhXVZldrw5d0gu4+GWadkNHp9Lc
 f-kp;<3B>1QŸªaZ¦¦X<02>º”/M@NCD¶€ª‚<C2AA>¶Þ2Š4‡ÔÌÑ°vðÑG¯ó7ý@Sôì)?#
--- a/modules/nixos/dgn-notify/secrets.nix
+++ b/modules/nixos/dgn-notify/secrets.nix
@ -2,4 +2,4 @@
 #
 # SPDX-License-Identifier: EUPL-1.2
-{ mail.publicKeys = (import ../../../keys.nix).machineKeysBySystem "nixos"; }
+{ mail.publicKeys = (import ../../../keys).nixosMachineKeys; }
--- a/modules/nixos/dgn-records/__arkheon-token_file
+++ b/modules/nixos/dgn-records/__arkheon-token_file
@ -1,55 +1,57 @@
 age-encryption.org/v1
-> ssh-ed25519 jIXfPA Fg3/a46Mon39gTFeQkn0wtxbwsTzeBUNyEAaNHd27hQ
+-> ssh-ed25519 jIXfPA sb7nmDkbVrutjmrkaUKnEfWlU4lWm7qQmD6OWcb/qHo
-A78ImPc4lST6bAeBmWiWxoICV4JVCJVAmKuQJySerHs
+GdZ/AyZS75kXiG7XbS2x+sz2LCzrEZYL7PpOPZ8g8qc
-> ssh-ed25519 QlRB9Q P1C+ZzsB4oAWkwIq2zcaqoukMMo+yFwk9g6Al32fCWM
+-> ssh-ed25519 QlRB9Q yZkNZ2UOSM7LJbBU9qWcloWPceARFVFIQoEIAfEUsUw
-G+M9cYya5pX64/oEbvpvha2qbQg4y8frl1i18ZIG6fY
+F6x/QjToEmfLka6LAZxsuOTrKG93EHmFEiiCBiPBdvk
-> ssh-ed25519 r+nK/Q r4kctDRssAYznMRxHJqu7/GoBHyibP4xWdua6KYnpU0
+-> ssh-ed25519 r+nK/Q TSh3AgdlSZP4FOVka4/KTa9Z/nuwRRZl3mGw1uKTUhs
-l5KS9reXjT2P5iUCe0swZmK/m9Vg7VvtrK4L/TaEuAI
+fvtdpPW+zsgBHAQrvkWc7heHE56gPZwMEPOpz+fxbh0
 -> ssh-rsa krWCLQ
-g+zPwOWXgd06McsOCwo2QjAQF7B7t8oCf5eA5K79Om/X63VAqakts3ilwOt9SgZk
+J3PRXa0ojIn7T4bsFYnhERqGH4bLSSRyMm4X85iuGkhjldW/qVIs3EsGUeyLKWwY
-yQYa72TP67nyljLO4tPG7u/aKIBIwitGXIIYs+ZNLq9Q0ciWvzVAhsLsfi9yE7AF
+prvS1uwGY4qGbNgEaj0MhoZobhn9V3oiTAmlepl2tHgwMFqDi0Dagym4DBKhYaym
-I3tnL03fES2v5sbKes/JulBQl+87065YZr67TNWRY9f7a0XQZtfewP0vOxxfJsSy
+ezG4GvOSEQOFAhroGK7FscUeziQilfXMAGX88JrJQVM/wz5c2e4ZJmAc5sBzo1mj
-RYBpztlzAGkaWXtqk2291x7yGhKsQWXmUhxx4KqyPs+KvFm1d4GglalFjhySzCkG
+D/ko6/KazOokbCO89wjjUYLzwM82aJKHgGZElNKOx2fcpi23ZIlIERbqcTUgxnVS
-Rc7Flg1ukru3Bd1/fieOWpr3DyDBQ8pZyS4gIUYLB7xcy2t1JI/U3egTQTPBCSgy
+ifgfSHcggEP47UldzfuH09Lfz8YTDqpebhufWkVhnvdJRYahrkNC+vPqBFXwqK8F
-PwoWgyQ7lGLRIarTMRa1JQ
+xCVq7a8AkHK1LfDSfm041g
-> ssh-ed25519 /vwQcQ FOpyMB3qDu3HpjqsH2VVpInqlvJlZD35y/XNf8RkSXU
+-> ssh-ed25519 /vwQcQ Lclbvme60sst7vG3OT+SK/BWPBJlMPBuijzX5a41xQY
-ZUxuGbwH1XtE9Da+L7SjfoYinjq0cAwsHsDaz2u5Lrg
+iqI9+kIOEja/uAHP3YxCXOAH94IbVbArTD/zzpEWATI
-> ssh-ed25519 0R97PA kphmpWyiMaxGmUAH4rvFUjtf0mvseVkPPBlMqKNE3lA
+-> ssh-ed25519 0R97PA tvNEZpxUdaDrLOhuTnp/tuta75aInxweI6u55lts9Fw
-F1cgXiz2UjCHU0MeS5DryvOBtxW/1DIsjw28uQ1nd3A
+hd0OB8wSMhqyLPyy3dshVLjwXk/iqRhW/CK0v9EkMKs
-> ssh-ed25519 JGx7Ng ejW0Pf2cwsitmVLY8jJUaHZ/6Qhfxa7fnYWoaWYISWk
+-> ssh-ed25519 JGx7Ng 11MGDeZVC6uXrb6x7xH1DDaUS9hEkY4cgFd6UqwuVWI
-awOvJwkkFdXuc/ikZTX6512zG91FCi+0n7KaYrULO3E
+HsLCmr749be0M6o8od+cxqEF6fcsqjZttczwNxzU8ZU
-> ssh-ed25519 bUjjig 2Gw2h1bx0TRc6CmRjY8GPgtSHRs5rl/lg394JKiWBlA
+-> ssh-ed25519 bUjjig stqKeXyQYQ4rrPUoFAJ07hfIyNp32BbITxUavwsvFR4
-yvltWHak7XMXBmBmlelE4pF5y1saRaQJmV5IUxzaPyo
+oeDwDiSyXD803qDruxzJhgQ9ckfQoisJjVzq/S1CvUg
-> ssh-ed25519 DqHxWQ gh/5iRZQbmbvwWGtah4b9MK3DNe4+UNiHoXPYnw0sEQ
+-> ssh-ed25519 DqHxWQ zGJoJNznwsrVy1hELu5Zd08xPpnCRPms5JUjnuEFB0A
-z/nbwMWAjsBRAzTMSS/9dPzXe1st8mQWiUlZnVmtcCw
+DS1GEfaNSSz8BD0VqYEpEU5retLzy6EAF0ZEMbcZzys
-> ssh-ed25519 tDqJRg 0GBbdUBhJxdCICdp6WtgXW2GXfQskuxanzucrKRoBns
+-> ssh-ed25519 IxxZqA qPdVGKGRIErFLQsV8LH8UFElhV32XdTw8PmT2HdQVTE
-AW0jVC8Y8lbhycDgLzPu40kQtgb7OI7fyycLldXknwc
+rZzFPIx7iO1RT6cHu8AeO6FYLMsZn8UMjpqf2K3R9Ds
-> ssh-ed25519 9pVK7Q +aOx8mN/HX4F7SdNdJZjMRWiy6SIhqFkWYIo+I24cTI
+-> ssh-ed25519 tDqJRg BfjsSuGW3EteYrTAtpVJNrdoNdpGKuYOxHU0ZNBUYUM
-IQCd6tA+bUDlnW9JsxVE02EBKj38yYDybBe24PxXr68
+wlMXOu/IVNFyghhyd/HnBud8b+VwgqZ3vG8Ceqx2DV8
-> ssh-ed25519 /BRpBQ 8UN2aIKUhi3JLhnOoOs38+a9qx+UhDnV5tYlWVF8d24
+-> ssh-ed25519 9pVK7Q pPA/PzPfmC4VNLqcqgb1LwfJ68q7LffBAqaRP3YJGmw
-FkScXVvXdhFbDGs2Ks0BYfj9nJpAUVPz6OhX7vkOTmI
+RJBpLt3WzJoNxsbAby/XVB0bWlHqw5ZwSHT47PQeJ2M
-> ssh-ed25519 t0vvHQ wDCpgqimo5goEB9Gj5/QGQ98nTEkKy/qHyxPg3NA6Ss
+-> ssh-ed25519 /BRpBQ 9irIejQQmwv9p1n/N82JPcQlRkMgCPsoeqvrEH24QUs
-sielO8aAj9ke+nZL+F/zyMUzUPn1LjtKrSkAoMW6YYE
+WV1CGQiitxqJOj+2V/AA3R9NevcNKCohiEV4ssDEKwA
-> ssh-ed25519 E6cGqw zbwhYf2zKgjdymEjG0sVuqQQ/CgCDnSlT72OrAUFSiw
+-> ssh-ed25519 t0vvHQ vEuLV5mD3BkRQc0h2wg1l4UVj/ORVC5sz1SSqt6gD2Q
-B70dyGna1SRXvf5SLJCiZGeBiXwS9nf3LPTBkG/3fGs
+voKXQa3QwUt9yN4OD2Kq58iI/pjNJxRZCHYOWr3mojM
-> ssh-ed25519 EEPmeQ 06lIugc0LbiXVFwbV/6GKbSnlac0ROIVNmgS2Q9MM2A
+-> ssh-ed25519 E6cGqw wqCRvdwHzeZNFG73mnCxP6dY8HFLnUd0q3QMHxC9lTk
-KTUmdmSXZT2D4oQQpO1qNsdOn5sH70ameln6i7Itb+A
+D0bqFDUQSgHgwrfluCnJ0FQ8+Bwtho0jGXdF7Mdepj8
-> ssh-ed25519 +MNHsw OMAS3ud2K1+JGVytqHp9P/i+r4apcb91Dyc+tTudpQ8
+-> ssh-ed25519 EEPmeQ cgyB/xXkZYjS9rqDE5saVVWaZCqWA1KieSwupV8sJ3U
-V6T+VPSvRZ21nVtDeRkOsuP62bECSGcIm8vO3JADxVQ
+6NSDsrPTVP0AfLf2R7SYCu175u3AvSl6/9KyI5ZZr4Y
-> ssh-ed25519 rHotTw JAc7ZlrFGL+DXq07YrmqY4lS5Pib31RoRTT6o7zJH04
+-> ssh-ed25519 +MNHsw yQYlre+4ZPx0sfdC6iObUu4AyUT/QFCR9nVMDe93PVw
-Y1qLn6nWk7FfkrWIiBBd7BHHp5WXHTZfq734DMUlB74
+0fqncmEgXK8UFoWr+S45imxC4zi1rYTmzp5aiPWqcJM
-> ssh-ed25519 NaIdrw ZWfEZfhiXxkq6P6H2kbiVZiiPxH13Cehk+2ti9fYx08
+-> ssh-ed25519 rHotTw 4P96tfTWGWu6sNpnhQS2pOncXTJDBY/0LIMJH6MZ9ws
-gMlI5Da2cgP7m2pZnHpwJiA7BVVtZgNyZnPkYqhBYHQ
+HJ9yHwUv613F3Xj0s1l2e1CY2ca9jqrwKvjjrfr+BRE
-> ssh-ed25519 +mFdtQ GZQpMTZySkDwDvzpWou8nfvAtYco/v4xF+YU7LYjAAI
+-> ssh-ed25519 NaIdrw e+Mk++x9jtnYuH76OXRohKUKELiLRW7DBPmD4Kw0uhE
-deNceVs+tUxiQy2JHcoOd/w6KLYnxuDwrIPoVWJ66Vo
+P84wmJvkSnM68JmMS24xrilAsqJ0PzsqgmvWIDh2TYA
-> ssh-ed25519 0IVRbA S917NcJZ75oqjwGMMwknUFcHYJ2TCkEt331mpOZ5DxI
+-> ssh-ed25519 +mFdtQ YE1hcu3vCq1QHr38JEhU+pLZy+NuxzjSk8O64CYqakI
-khoDidhLjy1wIs+qGAfx/qH+t4ROB71QeiiUmnpZ1s8
+SNsqng6gjqR8m+KO+RQqt0gbXeGdfHNjvfVncmKD3DQ
-> ssh-ed25519 IY5FSQ 2HjLcN2RK/dtAeHXUTu/Du4LiBH4SxpG0d6f7QCa61Y
+-> ssh-ed25519 0IVRbA Zw0Sq8NnSluum9p9RPO906gKnXLPlOAWwjIDuYt5oSQ
-ql6B8ZZzEaz+Czb0TRT8pF1KD7dhEv0XE9k9IJ9AgBo
+6jUZKI7yu6ThE1behgXMqO5beNj2Gap2rGhlSn8vrA8
-> ssh-ed25519 VQSaNw aAcXlRKzMgw847XeDTqnh+4XvApVIE183gJ2O42eohE
+-> ssh-ed25519 IY5FSQ qo7pkpJsNQ3vdedlPJIfXpmjHwcEyiuu90TEoay0Xz8
-wndgsI85eDc+i+CBPmo2ym5koIvTMS9mOuWdLvLM3Qs
+zbqt1vojiiYfLnh3ChxHwG9mn3d5D2HrQlUJTlGRB+M
-> lm-grease -KjCZ 46y2wU x1
+-> ssh-ed25519 VQSaNw nsL5mErC5CJgd4EZKs4ZPb4BINCZMGAhkFr3Z/5vSk0
-1iP6
+vk3vhlydKtsWDCUmO6+fj231tEzNp+5vovLO0Wr7Aqs
--- MthoOm+rboJhFyo+SKFlPfwT9V3VeaKl5xQ2gs0W2ns
+-> @=-grease bI=Z 'IEY&[|q $&(!B z'y\s855
-;Ö<>ÓÖ"b/‚éðÙ*ü}ýeÁ½g}âLšq
+yNfimzcHFAcfpv7UmfYWh/CAXuUP8mSMxI9w29AI+W7ykCKwWXv9ixLensYRinoo
-zGŠ~Q.í_àX{½ËìA	ùþó²ëöË
+vmoBfW/f9aQr
 --- M790Aym/OBexvX+HZK7Hom3HRpLr8ACf4LzYJdSsR8c
 h8ÖÿƒíÃúÑy`¡Œ;ú™ÊÖæ”º±TØ“ÉÚ<áD{–mÉ,Xô´Š_®§ÅíF"šþ]£¦”"
--- a/modules/nixos/dgn-records/secrets.nix
+++ b/modules/nixos/dgn-records/secrets.nix
@ -2,4 +2,4 @@
 #
 # SPDX-License-Identifier: EUPL-1.2
-{ __arkheon-token_file.publicKeys = (import ../../../keys.nix).machineKeysBySystem "nixos"; }
+{ __arkheon-token_file.publicKeys = (import ../../../keys).nixosMachineKeys; }
--- a/modules/nixos/django-apps/default.nix
+++ b/modules/nixos/django-apps/default.nix
@ -392,6 +392,10 @@ in
      webhook = {
        enable = true;
        package = pkgs.webhook.overrideAttrs (old: {
          patches = (old.patches or [ ]) ++ [ ./01-webhook.patch ];
        });
        # extraArgs = [ "-debug" ];
        # Only listen on localhost
--- a/npins/default.nix
+++ b/npins/default.nix
@ -42,6 +42,7 @@ let
      builtins.fetchGit {
        inherit (repository) url;
        rev = revision;
        allRefs = true;
        # hash = hash;
      };
--- a/npins/sources.json
+++ b/npins/sources.json
@ -237,9 +237,9 @@
        "url": "https://git.hubrecht.ovh/hubrecht/nix-modules"
      },
      "branch": "dgnum",
-      "revision": "f3bfda88cf5ca652baa8577da491f9427d98fe5e",
+      "revision": "5cc5d497565cae685bd2eb91606016791c3a9313",
      "url": null,
-      "hash": "1jh8wqlz1bv3b5crfhyvqnh4gjjsyzvs3q0iys6iwq0l337ddgvx"
+      "hash": "09is2zl9570ql1sw250mhpjj8mz2ggy3jx1kvyn6dh2817mv77dc"
    },
    "nix-pkgs": {
      "type": "Git",
--- a/patches/default.nix
+++ b/patches/default.nix
@ -35,12 +35,4 @@ in
    # Build netbird-relay
    (local ./nixpkgs/05-netbird-relay.patch)
  ];
  "agenix" = [
    {
      _type = "url";
      url = "https://github.com/ryantm/agenix/pull/292.patch";
      hash = "sha256-e45hiHF0HbCYb+3RRhy+8nNIFvefb6SZSN3xcl1mpvI=";
    }
  ];
 }
--- a/sources.nix
+++ b/sources.nix
@ -1,38 +0,0 @@
 # SPDX-FileCopyrightText: 2024 Ryan Lahfa <ryan.lahfa@dgnum.eu>
 # SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
 # SPDX-FileContributor: Maurice Debray <maurice.debray@dgnum.eu>
 #
 # SPDX-License-Identifier: EUPL-1.2
 let
  unpatchedSources = import ./npins;
  bootstrapNixpkgs = import unpatchedSources.nixpkgs { };
  patch = (import ./lib/nix-patches { patchFile = ./patches; }).base {
    pkgs = bootstrapNixpkgs;
  };
  sources = builtins.mapAttrs (
    k: src:
    patch.applyPatches {
      inherit src;
      name = k;
    }
  ) unpatchedSources;
  libOverlay = final: _: {
    extra = import ./lib/nix-lib { lib = final; };
  };
 in
 sources
 // {
  inherit
    bootstrapNixpkgs
    libOverlay
    unpatchedSources
    ;
  fullLib = bootstrapNixpkgs.lib.extend libOverlay;
 }
--- a/workflows/eval-nodes.nix
+++ b/workflows/eval-nodes.nix
@ -7,7 +7,7 @@
 let
  inherit (lib) attrNames genAttrs;
-  nodes = attrNames (import ../meta lib).nodes;
+  nodes = attrNames (import ../meta/nodes);
 in
 {
Author	SHA1	Message	Date
Elias Coppens	1447ec9eb8	fix(vault01): Fixed MTU of br0 All checks were successful Build all the nodes / hypervisor03 (pull_request) Successful in 1m37s Details Build all the nodes / bridge01 (pull_request) Successful in 1m55s Details Build all the nodes / geo02 (pull_request) Successful in 1m55s Details Build all the nodes / ap01 (push) Successful in 31s Details Build all the nodes / rescue01 (pull_request) Successful in 2m1s Details Build all the nodes / tower01 (pull_request) Successful in 1m38s Details Build all the nodes / web03 (pull_request) Successful in 1m56s Details Build all the nodes / web02 (pull_request) Successful in 2m5s Details Build all the nodes / vault01 (pull_request) Successful in 2m8s Details Build all the nodes / netcore02 (push) Successful in 32s Details Build all the nodes / compute01 (pull_request) Successful in 3m12s Details Build all the nodes / storage01 (pull_request) Successful in 2m24s Details Build all the nodes / web01 (pull_request) Successful in 2m20s Details Build all the nodes / bridge01 (push) Successful in 1m43s Details Build all the nodes / build01 (push) Successful in 1m43s Details Build all the nodes / geo01 (push) Successful in 1m48s Details Build all the nodes / hypervisor03 (push) Successful in 1m34s Details Build all the nodes / geo02 (push) Successful in 1m55s Details Build all the nodes / compute01 (push) Successful in 2m9s Details Build all the nodes / hypervisor01 (push) Successful in 2m3s Details Build the shell / build-shell (push) Successful in 26s Details Build all the nodes / hypervisor02 (push) Successful in 2m7s Details Run pre-commit on all files / pre-commit (push) Successful in 23s Details Build all the nodes / rescue01 (push) Successful in 2m4s Details Build all the nodes / storage01 (push) Successful in 1m51s Details Build all the nodes / tower01 (push) Successful in 1m43s Details Build all the nodes / vault01 (push) Successful in 1m56s Details Build all the nodes / web02 (push) Successful in 1m42s Details Build all the nodes / web03 (push) Successful in 1m40s Details Build all the nodes / web01 (push) Successful in 2m12s Details	2025-01-10 19:37:54 +01:00
sinavir	07d226a06e	fix(build01/nix-builder): Use dgn-access-control All checks were successful Build the shell / build-shell (push) Successful in 26s Details Build all the nodes / netcore02 (push) Successful in 32s Details Build all the nodes / ap01 (push) Successful in 33s Details Run pre-commit on all files / pre-commit (push) Successful in 23s Details Build all the nodes / geo01 (push) Successful in 1m34s Details Build all the nodes / tower01 (push) Successful in 1m39s Details Build all the nodes / hypervisor02 (push) Successful in 1m46s Details Build all the nodes / hypervisor03 (push) Successful in 1m46s Details Build all the nodes / bridge01 (push) Successful in 1m55s Details Build all the nodes / geo02 (push) Successful in 1m59s Details Build all the nodes / vault01 (push) Successful in 1m59s Details Build all the nodes / web02 (push) Successful in 1m58s Details Build all the nodes / rescue01 (push) Successful in 2m0s Details Build all the nodes / hypervisor01 (push) Successful in 2m6s Details Build all the nodes / web03 (push) Successful in 2m4s Details Build all the nodes / compute01 (push) Successful in 2m17s Details Build all the nodes / build01 (push) Successful in 2m18s Details Build all the nodes / storage01 (push) Successful in 2m23s Details Build all the nodes / web01 (push) Successful in 2m56s Details	2025-01-10 19:26:24 +01:00
Tom Hubrecht	4b30fb8a36	fix(meta/nodes): Don't duplicate imported modules All checks were successful Build all the nodes / ap01 (push) Successful in 33s Details Build all the nodes / netcore02 (push) Successful in 23s Details Run pre-commit on all files / pre-commit (push) Successful in 24s Details Build the shell / build-shell (push) Successful in 53s Details Build all the nodes / web02 (push) Successful in 1m56s Details Build all the nodes / web03 (push) Successful in 1m56s Details Build all the nodes / bridge01 (push) Successful in 2m16s Details Build all the nodes / tower01 (push) Successful in 2m6s Details Build all the nodes / geo01 (push) Successful in 2m13s Details Build all the nodes / geo02 (push) Successful in 2m13s Details Build all the nodes / build01 (push) Successful in 2m27s Details Build all the nodes / hypervisor03 (push) Successful in 2m17s Details Build all the nodes / rescue01 (push) Successful in 2m22s Details Build all the nodes / storage01 (push) Successful in 2m34s Details Build all the nodes / hypervisor01 (push) Successful in 2m36s Details Build all the nodes / compute01 (push) Successful in 2m51s Details Build all the nodes / hypervisor02 (push) Successful in 2m54s Details Build all the nodes / web01 (push) Successful in 2m59s Details Build all the nodes / vault01 (push) Successful in 3m16s Details	2025-01-10 09:37:58 +01:00
soyouzpanda	8cfc0001b9	feat(build01): Init Some checks failed Check meta / check_meta (push) Successful in 15s Details Check meta / check_dns (push) Successful in 31s Details Build all the nodes / ap01 (push) Successful in 33s Details Build all the nodes / netcore02 (push) Successful in 41s Details Build all the nodes / rescue01 (push) Has been cancelled Details Build all the nodes / web03 (push) Has been cancelled Details Build all the nodes / hypervisor01 (push) Has been cancelled Details Build all the nodes / build01 (push) Has been cancelled Details Build all the nodes / storage01 (push) Has been cancelled Details Build all the nodes / geo02 (push) Has been cancelled Details Build all the nodes / tower01 (push) Has been cancelled Details Build all the nodes / bridge01 (push) Has been cancelled Details Build all the nodes / geo01 (push) Has been cancelled Details Build all the nodes / compute01 (push) Has been cancelled Details Build all the nodes / web02 (push) Has been cancelled Details Build all the nodes / hypervisor02 (push) Has been cancelled Details Build all the nodes / web01 (push) Has been cancelled Details Build all the nodes / vault01 (push) Has been cancelled Details Build all the nodes / hypervisor03 (push) Has been cancelled Details Run pre-commit on all files / pre-commit (push) Has been cancelled Details Build the shell / build-shell (push) Has been cancelled Details Build all the nodes / web02 (pull_request) Successful in 2m15s Details Build all the nodes / hypervisor03 (pull_request) Successful in 2m20s Details Build all the nodes / storage01 (pull_request) Successful in 2m26s Details Build all the nodes / geo01 (pull_request) Successful in 2m26s Details Build all the nodes / vault01 (pull_request) Successful in 2m28s Details Build all the nodes / hypervisor01 (pull_request) Successful in 2m35s Details Build all the nodes / web03 (pull_request) Successful in 2m33s Details Build all the nodes / web01 (pull_request) Successful in 2m49s Details Build all the nodes / compute01 (pull_request) Successful in 2m59s Details	2025-01-09 23:08:08 +01:00
sinavir	d474e39b92	fix(kanidm): Remove useless nixpkgs config for old kanidm All checks were successful Build all the nodes / netcore02 (push) Successful in 20s Details Run pre-commit on all files / pre-commit (push) Successful in 25s Details Build all the nodes / ap01 (push) Successful in 33s Details Build the shell / build-shell (push) Successful in 32s Details Build all the nodes / web03 (push) Successful in 1m38s Details Build all the nodes / bridge01 (push) Successful in 1m40s Details Build all the nodes / hypervisor01 (push) Successful in 1m44s Details Build all the nodes / storage01 (push) Successful in 1m45s Details Build all the nodes / hypervisor03 (push) Successful in 1m47s Details Build all the nodes / rescue01 (push) Successful in 1m57s Details Build all the nodes / hypervisor02 (push) Successful in 1m57s Details Build all the nodes / compute01 (push) Successful in 2m22s Details Build all the nodes / tower01 (push) Successful in 2m55s Details Build all the nodes / geo02 (push) Successful in 2m57s Details Build all the nodes / geo01 (push) Successful in 2m59s Details Build all the nodes / web02 (push) Successful in 2m59s Details Build all the nodes / vault01 (push) Successful in 3m8s Details Build all the nodes / web01 (push) Successful in 3m37s Details	2025-01-09 22:04:02 +01:00
sinavir	ea5c0787d7	fix(forgejo): Renamed option mailerPasswordFile All checks were successful Build all the nodes / netcore02 (push) Successful in 23s Details Run pre-commit on all files / pre-commit (push) Successful in 25s Details Build the shell / build-shell (push) Successful in 48s Details Build all the nodes / ap01 (push) Successful in 1m21s Details Build all the nodes / geo02 (push) Successful in 1m58s Details Build all the nodes / geo01 (push) Successful in 2m0s Details Build all the nodes / tower01 (push) Successful in 2m5s Details Build all the nodes / hypervisor03 (push) Successful in 2m8s Details Build all the nodes / storage01 (push) Successful in 2m12s Details Build all the nodes / web03 (push) Successful in 2m12s Details Build all the nodes / hypervisor01 (push) Successful in 2m13s Details Build all the nodes / bridge01 (push) Successful in 2m21s Details Build all the nodes / hypervisor02 (push) Successful in 2m23s Details Build all the nodes / rescue01 (push) Successful in 2m28s Details Build all the nodes / web02 (push) Successful in 2m35s Details Build all the nodes / vault01 (push) Successful in 2m44s Details Build all the nodes / web01 (push) Successful in 2m48s Details Build all the nodes / compute01 (push) Successful in 2m59s Details	2025-01-09 21:16:03 +01:00