From fd95fe2c3c5149e5d1e9339d7677e327d4d3f840 Mon Sep 17 00:00:00 2001 From: sinavir Date: Tue, 16 May 2023 23:50:06 +0200 Subject: [PATCH 01/78] init colmena for web-01 --- flake.nix | 7 ------- hive.nix | 21 +++++++++++++++++++++ npins/sources.json | 15 +-------------- shell.nix | 2 +- 4 files changed, 23 insertions(+), 22 deletions(-) delete mode 100644 flake.nix create mode 100644 hive.nix diff --git a/flake.nix b/flake.nix deleted file mode 100644 index 70a2cf8..0000000 --- a/flake.nix +++ /dev/null @@ -1,7 +0,0 @@ -❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ -❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ -❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ -❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ -❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ -❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ -❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ .nix diff --git a/hive.nix b/hive.nix new file mode 100644 index 0000000..c849d44 --- /dev/null +++ b/hive.nix @@ -0,0 +1,21 @@ +let + sources = import ./npins; +in +{ + meta = { + nixpkgs = import sources.nixpkgs; + + nodeNixpkgs = { + }; + + # TODO: Add remote builders (`machinesFile` option) + }; + + web-01 = { name, nodes, ... }: { + imports = [ ./machines/${name}/configuration.nix ]; + deployment = { + targetUser = "root"; + targetHost = "129.199.129.200"; + }; + }; +} diff --git a/npins/sources.json b/npins/sources.json index 48e831c..ce56fa7 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -14,19 +14,6 @@ "url": "https://api.github.com/repos/nix-community/disko/tarball/v1.0.0", "hash": "153cm29hjgklsi1aw85srvcd3h3afm7j77llk4fj3slf5gcwnmx9" }, - "krops": { - "type": "GitRelease", - "repository": { - "type": "Git", - "url": "https://cgit.krebsco.de/krops" - }, - "pre_releases": false, - "version_upper_bound": null, - "version": "1.28.2", - "revision": "59aa5d0e41cf4a6d4356673feb1adbd0fcf68936", - "url": null, - "hash": "1a2pgg52y577lpvg2kcyblr2lgjij1l2d4vv1i8xd5gmsaphcfji" - }, "nixpkgs": { "type": "Channel", "name": "nixpkgs-unstable", @@ -35,4 +22,4 @@ } }, "version": 3 -} \ No newline at end of file +} diff --git a/shell.nix b/shell.nix index da44745..83d1f41 100644 --- a/shell.nix +++ b/shell.nix @@ -5,7 +5,7 @@ in pkgs.mkShell { packages = [ pkgs.npins + pkgs.colmena (pkgs.callPackage (sources.disko + "/package.nix") {}) ]; } -# ❄️ ❄️ ❄️ -- 2.47.1 From 618f4900e04057c817613007f0c45bc05c7a5a00 Mon Sep 17 00:00:00 2001 From: sinavir Date: Wed, 17 May 2023 01:10:18 +0200 Subject: [PATCH 02/78] web-01: refactor of network and ssh --- machines/web-01/configuration.nix | 10 ++++------ machines/web-01/networking.nix | 4 ++++ machines/web-01/ssh.nix | 7 +++++++ 3 files changed, 15 insertions(+), 6 deletions(-) create mode 100644 machines/web-01/networking.nix create mode 100644 machines/web-01/ssh.nix diff --git a/machines/web-01/configuration.nix b/machines/web-01/configuration.nix index 1187078..35c7ad2 100644 --- a/machines/web-01/configuration.nix +++ b/machines/web-01/configuration.nix @@ -2,28 +2,26 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ config, pkgs, lib, ... }: +{ name, config, pkgs, lib, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix + ./networking.nix + ./ssh.nix ]; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "web-01";# Define your hostname. + networking.hostName = name; time.timeZone = "Europe/Paris"; - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens3.useDHCP = lib.mkDefault true; users.users.root.openssh.authorizedKeys.keyFiles = [ ../../admin_keys/anon.keys ../../admin_keys/mdebray.keys ]; - # Enable the OpenSSH daemon. - services.openssh.enable = true; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions diff --git a/machines/web-01/networking.nix b/machines/web-01/networking.nix new file mode 100644 index 0000000..cd57656 --- /dev/null +++ b/machines/web-01/networking.nix @@ -0,0 +1,4 @@ +{ lib, ... }: { + # TODO: Switch to networkd + networking.useDHCP = lib.mkDefault true; +} diff --git a/machines/web-01/ssh.nix b/machines/web-01/ssh.nix new file mode 100644 index 0000000..0d9c50b --- /dev/null +++ b/machines/web-01/ssh.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + services.openssh = { + passwordAuthentication = false; + enable = true; + }; +} -- 2.47.1 From 5a0ba443169ee98056a713836b512ef19d7f88fc Mon Sep 17 00:00:00 2001 From: sinavir Date: Wed, 17 May 2023 01:11:47 +0200 Subject: [PATCH 03/78] web-01: feat: add mosh --- machines/web-01/ssh.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/machines/web-01/ssh.nix b/machines/web-01/ssh.nix index 0d9c50b..0f3a438 100644 --- a/machines/web-01/ssh.nix +++ b/machines/web-01/ssh.nix @@ -4,4 +4,5 @@ passwordAuthentication = false; enable = true; }; + programs.mosh.enable = true; } -- 2.47.1 From 3e052803ca8afabccf76b39b0164df4579f4b92e Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 22 May 2023 15:05:12 +0200 Subject: [PATCH 04/78] keys: Separate keys and move them --- LICENSE | 548 +++++++++++++++++++++++++++++- {admin_keys => keys}/anon.keys | 2 - {admin_keys => keys}/mdebray.keys | 0 keys/thubrecht.keys | 2 + shell.nix | 52 ++- 5 files changed, 590 insertions(+), 14 deletions(-) rename {admin_keys => keys}/anon.keys (77%) rename {admin_keys => keys}/mdebray.keys (100%) create mode 100644 keys/thubrecht.keys diff --git a/LICENSE b/LICENSE index 2071b23..64e1d71 100644 --- a/LICENSE +++ b/LICENSE @@ -1,9 +1,547 @@ -MIT License + CONTRAT DE LICENCE DE LOGICIEL LIBRE CeCILL -Copyright (c) +Version 2.1 du 2013-06-21 -Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: -The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + Avertissement -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +Ce contrat est une licence de logiciel libre issue d'une concertation +entre ses auteurs afin que le respect de deux grands principes préside à +sa rédaction: + + * d'une part, le respect des principes de diffusion des logiciels + libres: accès au code source, droits étendus conférés aux utilisateurs, + * d'autre part, la désignation d'un droit applicable, le droit + français, auquel elle est conforme, tant au regard du droit de la + responsabilité civile que du droit de la propriété intellectuelle et + de la protection qu'il offre aux auteurs et titulaires des droits + patrimoniaux sur un logiciel. + +Les auteurs de la licence CeCILL (Ce[a] C[nrs] I[nria] L[ogiciel] L[ibre]) +sont: + +Commissariat à l'énergie atomique et aux énergies alternatives - CEA, +établissement public de recherche à caractère scientifique, technique et +industriel, dont le siège est situé 25 rue Leblanc, immeuble Le Ponant +D, 75015 Paris. + +Centre National de la Recherche Scientifique - CNRS, établissement +public à caractère scientifique et technologique, dont le siège est +situé 3 rue Michel-Ange, 75794 Paris cedex 16. + +Institut National de Recherche en Informatique et en Automatique - +Inria, établissement public à caractère scientifique et technologique, +dont le siège est situé Domaine de Voluceau, Rocquencourt, BP 105, 78153 +Le Chesnay cedex. + + + Préambule + +Ce contrat est une licence de logiciel libre dont l'objectif est de +conférer aux utilisateurs la liberté de modification et de +redistribution du logiciel régi par cette licence dans le cadre d'un +modèle de diffusion en logiciel libre. + +L'exercice de ces libertés est assorti de certains devoirs à la charge +des utilisateurs afin de préserver ce statut au cours des +redistributions ultérieures. + +L'accessibilité au code source et les droits de copie, de modification +et de redistribution qui en découlent ont pour contrepartie de n'offrir +aux utilisateurs qu'une garantie limitée et de ne faire peser sur +l'auteur du logiciel, le titulaire des droits patrimoniaux et les +concédants successifs qu'une responsabilité restreinte. + +A cet égard l'attention de l'utilisateur est attirée sur les risques +associés au chargement, à l'utilisation, à la modification et/ou au +développement et à la reproduction du logiciel par l'utilisateur étant +donné sa spécificité de logiciel libre, qui peut le rendre complexe à +manipuler et qui le réserve donc à des développeurs ou des +professionnels avertis possédant des connaissances informatiques +approfondies. Les utilisateurs sont donc invités à charger et tester +l'adéquation du logiciel à leurs besoins dans des conditions permettant +d'assurer la sécurité de leurs systèmes et/ou de leurs données et, plus +généralement, à l'utiliser et l'exploiter dans les mêmes conditions de +sécurité. Ce contrat peut être reproduit et diffusé librement, sous +réserve de le conserver en l'état, sans ajout ni suppression de clauses. + +Ce contrat est susceptible de s'appliquer à tout logiciel dont le +titulaire des droits patrimoniaux décide de soumettre l'exploitation aux +dispositions qu'il contient. + +Une liste de questions fréquemment posées se trouve sur le site web +officiel de la famille des licences CeCILL +(http://www.cecill.info/index.fr.html) pour toute clarification qui +serait nécessaire. + + + Article 1 - DEFINITIONS + +Dans ce contrat, les termes suivants, lorsqu'ils seront écrits avec une +lettre capitale, auront la signification suivante: + +Contrat: désigne le présent contrat de licence, ses éventuelles versions +postérieures et annexes. + +Logiciel: désigne le logiciel sous sa forme de Code Objet et/ou de Code +Source et le cas échéant sa documentation, dans leur état au moment de +l'acceptation du Contrat par le Licencié. + +Logiciel Initial: désigne le Logiciel sous sa forme de Code Source et +éventuellement de Code Objet et le cas échéant sa documentation, dans +leur état au moment de leur première diffusion sous les termes du Contrat. + +Logiciel Modifié: désigne le Logiciel modifié par au moins une +Contribution. + +Code Source: désigne l'ensemble des instructions et des lignes de +programme du Logiciel et auquel l'accès est nécessaire en vue de +modifier le Logiciel. + +Code Objet: désigne les fichiers binaires issus de la compilation du +Code Source. + +Titulaire: désigne le ou les détenteurs des droits patrimoniaux d'auteur +sur le Logiciel Initial. + +Licencié: désigne le ou les utilisateurs du Logiciel ayant accepté le +Contrat. + +Contributeur: désigne le Licencié auteur d'au moins une Contribution. + +Concédant: désigne le Titulaire ou toute personne physique ou morale +distribuant le Logiciel sous le Contrat. + +Contribution: désigne l'ensemble des modifications, corrections, +traductions, adaptations et/ou nouvelles fonctionnalités intégrées dans +le Logiciel par tout Contributeur, ainsi que tout Module Interne. + +Module: désigne un ensemble de fichiers sources y compris leur +documentation qui permet de réaliser des fonctionnalités ou services +supplémentaires à ceux fournis par le Logiciel. + +Module Externe: désigne tout Module, non dérivé du Logiciel, tel que ce +Module et le Logiciel s'exécutent dans des espaces d'adressage +différents, l'un appelant l'autre au moment de leur exécution. + +Module Interne: désigne tout Module lié au Logiciel de telle sorte +qu'ils s'exécutent dans le même espace d'adressage. + +GNU GPL: désigne la GNU General Public License dans sa version 2 ou +toute version ultérieure, telle que publiée par Free Software Foundation +Inc. + +GNU Affero GPL: désigne la GNU Affero General Public License dans sa +version 3 ou toute version ultérieure, telle que publiée par Free +Software Foundation Inc. + +EUPL: désigne la Licence Publique de l'Union européenne dans sa version +1.1 ou toute version ultérieure, telle que publiée par la Commission +Européenne. + +Parties: désigne collectivement le Licencié et le Concédant. + +Ces termes s'entendent au singulier comme au pluriel. + + + Article 2 - OBJET + +Le Contrat a pour objet la concession par le Concédant au Licencié d'une +licence non exclusive, cessible et mondiale du Logiciel telle que +définie ci-après à l'article 5 <#etendue> pour toute la durée de +protection des droits portant sur ce Logiciel. + + + Article 3 - ACCEPTATION + +3.1 L'acceptation par le Licencié des termes du Contrat est réputée +acquise du fait du premier des faits suivants: + + * (i) le chargement du Logiciel par tout moyen notamment par + téléchargement à partir d'un serveur distant ou par chargement à + partir d'un support physique; + * (ii) le premier exercice par le Licencié de l'un quelconque des + droits concédés par le Contrat. + +3.2 Un exemplaire du Contrat, contenant notamment un avertissement +relatif aux spécificités du Logiciel, à la restriction de garantie et à +la limitation à un usage par des utilisateurs expérimentés a été mis à +disposition du Licencié préalablement à son acceptation telle que +définie à l'article 3.1 <#acceptation-acquise> ci dessus et le Licencié +reconnaît en avoir pris connaissance. + + + Article 4 - ENTREE EN VIGUEUR ET DUREE + + + 4.1 ENTREE EN VIGUEUR + +Le Contrat entre en vigueur à la date de son acceptation par le Licencié +telle que définie en 3.1 <#acceptation-acquise>. + + + 4.2 DUREE + +Le Contrat produira ses effets pendant toute la durée légale de +protection des droits patrimoniaux portant sur le Logiciel. + + + Article 5 - ETENDUE DES DROITS CONCEDES + +Le Concédant concède au Licencié, qui accepte, les droits suivants sur +le Logiciel pour toutes destinations et pour la durée du Contrat dans +les conditions ci-après détaillées. + +Par ailleurs, si le Concédant détient ou venait à détenir un ou +plusieurs brevets d'invention protégeant tout ou partie des +fonctionnalités du Logiciel ou de ses composants, il s'engage à ne pas +opposer les éventuels droits conférés par ces brevets aux Licenciés +successifs qui utiliseraient, exploiteraient ou modifieraient le +Logiciel. En cas de cession de ces brevets, le Concédant s'engage à +faire reprendre les obligations du présent alinéa aux cessionnaires. + + + 5.1 DROIT D'UTILISATION + +Le Licencié est autorisé à utiliser le Logiciel, sans restriction quant +aux domaines d'application, étant ci-après précisé que cela comporte: + + 1. + + la reproduction permanente ou provisoire du Logiciel en tout ou + partie par tout moyen et sous toute forme. + + 2. + + le chargement, l'affichage, l'exécution, ou le stockage du Logiciel + sur tout support. + + 3. + + la possibilité d'en observer, d'en étudier, ou d'en tester le + fonctionnement afin de déterminer les idées et principes qui sont à + la base de n'importe quel élément de ce Logiciel; et ceci, lorsque + le Licencié effectue toute opération de chargement, d'affichage, + d'exécution, de transmission ou de stockage du Logiciel qu'il est en + droit d'effectuer en vertu du Contrat. + + + 5.2 DROIT D'APPORTER DES CONTRIBUTIONS + +Le droit d'apporter des Contributions comporte le droit de traduire, +d'adapter, d'arranger ou d'apporter toute autre modification au Logiciel +et le droit de reproduire le logiciel en résultant. + +Le Licencié est autorisé à apporter toute Contribution au Logiciel sous +réserve de mentionner, de façon explicite, son nom en tant qu'auteur de +cette Contribution et la date de création de celle-ci. + + + 5.3 DROIT DE DISTRIBUTION + +Le droit de distribution comporte notamment le droit de diffuser, de +transmettre et de communiquer le Logiciel au public sur tout support et +par tout moyen ainsi que le droit de mettre sur le marché à titre +onéreux ou gratuit, un ou des exemplaires du Logiciel par tout procédé. + +Le Licencié est autorisé à distribuer des copies du Logiciel, modifié ou +non, à des tiers dans les conditions ci-après détaillées. + + + 5.3.1 DISTRIBUTION DU LOGICIEL SANS MODIFICATION + +Le Licencié est autorisé à distribuer des copies conformes du Logiciel, +sous forme de Code Source ou de Code Objet, à condition que cette +distribution respecte les dispositions du Contrat dans leur totalité et +soit accompagnée: + + 1. + + d'un exemplaire du Contrat, + + 2. + + d'un avertissement relatif à la restriction de garantie et de + responsabilité du Concédant telle que prévue aux articles 8 + <#responsabilite> et 9 <#garantie>, + +et que, dans le cas où seul le Code Objet du Logiciel est redistribué, +le Licencié permette un accès effectif au Code Source complet du +Logiciel pour une durée d'au moins 3 ans à compter de la distribution du +logiciel, étant entendu que le coût additionnel d'acquisition du Code +Source ne devra pas excéder le simple coût de transfert des données. + + + 5.3.2 DISTRIBUTION DU LOGICIEL MODIFIE + +Lorsque le Licencié apporte une Contribution au Logiciel, les conditions +de distribution du Logiciel Modifié en résultant sont alors soumises à +l'intégralité des dispositions du Contrat. + +Le Licencié est autorisé à distribuer le Logiciel Modifié, sous forme de +code source ou de code objet, à condition que cette distribution +respecte les dispositions du Contrat dans leur totalité et soit +accompagnée: + + 1. + + d'un exemplaire du Contrat, + + 2. + + d'un avertissement relatif à la restriction de garantie et de + responsabilité du Concédant telle que prévue aux articles 8 + <#responsabilite> et 9 <#garantie>, + +et, dans le cas où seul le code objet du Logiciel Modifié est redistribué, + + 3. + + d'une note précisant les conditions d'accès effectif au code source + complet du Logiciel Modifié, pendant une période d'au moins 3 ans à + compter de la distribution du Logiciel Modifié, étant entendu que le + coût additionnel d'acquisition du code source ne devra pas excéder + le simple coût de transfert des données. + + + 5.3.3 DISTRIBUTION DES MODULES EXTERNES + +Lorsque le Licencié a développé un Module Externe les conditions du +Contrat ne s'appliquent pas à ce Module Externe, qui peut être distribué +sous un contrat de licence différent. + + + 5.3.4 COMPATIBILITE AVEC D'AUTRES LICENCES + +Le Licencié peut inclure un code soumis aux dispositions d'une des +versions de la licence GNU GPL, GNU Affero GPL et/ou EUPL dans le +Logiciel modifié ou non et distribuer l'ensemble sous les conditions de +la même version de la licence GNU GPL, GNU Affero GPL et/ou EUPL. + +Le Licencié peut inclure le Logiciel modifié ou non dans un code soumis +aux dispositions d'une des versions de la licence GNU GPL, GNU Affero +GPL et/ou EUPL et distribuer l'ensemble sous les conditions de la même +version de la licence GNU GPL, GNU Affero GPL et/ou EUPL. + + + Article 6 - PROPRIETE INTELLECTUELLE + + + 6.1 SUR LE LOGICIEL INITIAL + +Le Titulaire est détenteur des droits patrimoniaux sur le Logiciel +Initial. Toute utilisation du Logiciel Initial est soumise au respect +des conditions dans lesquelles le Titulaire a choisi de diffuser son +oeuvre et nul autre n'a la faculté de modifier les conditions de +diffusion de ce Logiciel Initial. + +Le Titulaire s'engage à ce que le Logiciel Initial reste au moins régi +par le Contrat et ce, pour la durée visée à l'article 4.2 <#duree>. + + + 6.2 SUR LES CONTRIBUTIONS + +Le Licencié qui a développé une Contribution est titulaire sur celle-ci +des droits de propriété intellectuelle dans les conditions définies par +la législation applicable. + + + 6.3 SUR LES MODULES EXTERNES + +Le Licencié qui a développé un Module Externe est titulaire sur celui-ci +des droits de propriété intellectuelle dans les conditions définies par +la législation applicable et reste libre du choix du contrat régissant +sa diffusion. + + + 6.4 DISPOSITIONS COMMUNES + +Le Licencié s'engage expressément: + + 1. + + à ne pas supprimer ou modifier de quelque manière que ce soit les + mentions de propriété intellectuelle apposées sur le Logiciel; + + 2. + + à reproduire à l'identique lesdites mentions de propriété + intellectuelle sur les copies du Logiciel modifié ou non. + +Le Licencié s'engage à ne pas porter atteinte, directement ou +indirectement, aux droits de propriété intellectuelle du Titulaire et/ou +des Contributeurs sur le Logiciel et à prendre, le cas échéant, à +l'égard de son personnel toutes les mesures nécessaires pour assurer le +respect des dits droits de propriété intellectuelle du Titulaire et/ou +des Contributeurs. + + + Article 7 - SERVICES ASSOCIES + +7.1 Le Contrat n'oblige en aucun cas le Concédant à la réalisation de +prestations d'assistance technique ou de maintenance du Logiciel. + +Cependant le Concédant reste libre de proposer ce type de services. Les +termes et conditions d'une telle assistance technique et/ou d'une telle +maintenance seront alors déterminés dans un acte séparé. Ces actes de +maintenance et/ou assistance technique n'engageront que la seule +responsabilité du Concédant qui les propose. + +7.2 De même, tout Concédant est libre de proposer, sous sa seule +responsabilité, à ses licenciés une garantie, qui n'engagera que lui, +lors de la redistribution du Logiciel et/ou du Logiciel Modifié et ce, +dans les conditions qu'il souhaite. Cette garantie et les modalités +financières de son application feront l'objet d'un acte séparé entre le +Concédant et le Licencié. + + + Article 8 - RESPONSABILITE + +8.1 Sous réserve des dispositions de l'article 8.2 +<#limite-responsabilite>, le Licencié a la faculté, sous réserve de +prouver la faute du Concédant concerné, de solliciter la réparation du +préjudice direct qu'il subirait du fait du Logiciel et dont il apportera +la preuve. + +8.2 La responsabilité du Concédant est limitée aux engagements pris en +application du Contrat et ne saurait être engagée en raison notamment: +(i) des dommages dus à l'inexécution, totale ou partielle, de ses +obligations par le Licencié, (ii) des dommages directs ou indirects +découlant de l'utilisation ou des performances du Logiciel subis par le +Licencié et (iii) plus généralement d'un quelconque dommage indirect. En +particulier, les Parties conviennent expressément que tout préjudice +financier ou commercial (par exemple perte de données, perte de +bénéfices, perte d'exploitation, perte de clientèle ou de commandes, +manque à gagner, trouble commercial quelconque) ou toute action dirigée +contre le Licencié par un tiers, constitue un dommage indirect et +n'ouvre pas droit à réparation par le Concédant. + + + Article 9 - GARANTIE + +9.1 Le Licencié reconnaît que l'état actuel des connaissances +scientifiques et techniques au moment de la mise en circulation du +Logiciel ne permet pas d'en tester et d'en vérifier toutes les +utilisations ni de détecter l'existence d'éventuels défauts. L'attention +du Licencié a été attirée sur ce point sur les risques associés au +chargement, à l'utilisation, la modification et/ou au développement et à +la reproduction du Logiciel qui sont réservés à des utilisateurs avertis. + +Il relève de la responsabilité du Licencié de contrôler, par tous +moyens, l'adéquation du produit à ses besoins, son bon fonctionnement et +de s'assurer qu'il ne causera pas de dommages aux personnes et aux biens. + +9.2 Le Concédant déclare de bonne foi être en droit de concéder +l'ensemble des droits attachés au Logiciel (comprenant notamment les +droits visés à l'article 5 <#etendue>). + +9.3 Le Licencié reconnaît que le Logiciel est fourni "en l'état" par le +Concédant sans autre garantie, expresse ou tacite, que celle prévue à +l'article 9.2 <#bonne-foi> et notamment sans aucune garantie sur sa +valeur commerciale, son caractère sécurisé, innovant ou pertinent. + +En particulier, le Concédant ne garantit pas que le Logiciel est exempt +d'erreur, qu'il fonctionnera sans interruption, qu'il sera compatible +avec l'équipement du Licencié et sa configuration logicielle ni qu'il +remplira les besoins du Licencié. + +9.4 Le Concédant ne garantit pas, de manière expresse ou tacite, que le +Logiciel ne porte pas atteinte à un quelconque droit de propriété +intellectuelle d'un tiers portant sur un brevet, un logiciel ou sur tout +autre droit de propriété. Ainsi, le Concédant exclut toute garantie au +profit du Licencié contre les actions en contrefaçon qui pourraient être +diligentées au titre de l'utilisation, de la modification, et de la +redistribution du Logiciel. Néanmoins, si de telles actions sont +exercées contre le Licencié, le Concédant lui apportera son expertise +technique et juridique pour sa défense. Cette expertise technique et +juridique est déterminée au cas par cas entre le Concédant concerné et +le Licencié dans le cadre d'un protocole d'accord. Le Concédant dégage +toute responsabilité quant à l'utilisation de la dénomination du +Logiciel par le Licencié. Aucune garantie n'est apportée quant à +l'existence de droits antérieurs sur le nom du Logiciel et sur +l'existence d'une marque. + + + Article 10 - RESILIATION + +10.1 En cas de manquement par le Licencié aux obligations mises à sa +charge par le Contrat, le Concédant pourra résilier de plein droit le +Contrat trente (30) jours après notification adressée au Licencié et +restée sans effet. + +10.2 Le Licencié dont le Contrat est résilié n'est plus autorisé à +utiliser, modifier ou distribuer le Logiciel. Cependant, toutes les +licences qu'il aura concédées antérieurement à la résiliation du Contrat +resteront valides sous réserve qu'elles aient été effectuées en +conformité avec le Contrat. + + + Article 11 - DISPOSITIONS DIVERSES + + + 11.1 CAUSE EXTERIEURE + +Aucune des Parties ne sera responsable d'un retard ou d'une défaillance +d'exécution du Contrat qui serait dû à un cas de force majeure, un cas +fortuit ou une cause extérieure, telle que, notamment, le mauvais +fonctionnement ou les interruptions du réseau électrique ou de +télécommunication, la paralysie du réseau liée à une attaque +informatique, l'intervention des autorités gouvernementales, les +catastrophes naturelles, les dégâts des eaux, les tremblements de terre, +le feu, les explosions, les grèves et les conflits sociaux, l'état de +guerre... + +11.2 Le fait, par l'une ou l'autre des Parties, d'omettre en une ou +plusieurs occasions de se prévaloir d'une ou plusieurs dispositions du +Contrat, ne pourra en aucun cas impliquer renonciation par la Partie +intéressée à s'en prévaloir ultérieurement. + +11.3 Le Contrat annule et remplace toute convention antérieure, écrite +ou orale, entre les Parties sur le même objet et constitue l'accord +entier entre les Parties sur cet objet. Aucune addition ou modification +aux termes du Contrat n'aura d'effet à l'égard des Parties à moins +d'être faite par écrit et signée par leurs représentants dûment habilités. + +11.4 Dans l'hypothèse où une ou plusieurs des dispositions du Contrat +s'avèrerait contraire à une loi ou à un texte applicable, existants ou +futurs, cette loi ou ce texte prévaudrait, et les Parties feraient les +amendements nécessaires pour se conformer à cette loi ou à ce texte. +Toutes les autres dispositions resteront en vigueur. De même, la +nullité, pour quelque raison que ce soit, d'une des dispositions du +Contrat ne saurait entraîner la nullité de l'ensemble du Contrat. + + + 11.5 LANGUE + +Le Contrat est rédigé en langue française et en langue anglaise, ces +deux versions faisant également foi. + + + Article 12 - NOUVELLES VERSIONS DU CONTRAT + +12.1 Toute personne est autorisée à copier et distribuer des copies de +ce Contrat. + +12.2 Afin d'en préserver la cohérence, le texte du Contrat est protégé +et ne peut être modifié que par les auteurs de la licence, lesquels se +réservent le droit de publier périodiquement des mises à jour ou de +nouvelles versions du Contrat, qui posséderont chacune un numéro +distinct. Ces versions ultérieures seront susceptibles de prendre en +compte de nouvelles problématiques rencontrées par les logiciels libres. + +12.3 Tout Logiciel diffusé sous une version donnée du Contrat ne pourra +faire l'objet d'une diffusion ultérieure que sous la même version du +Contrat ou une version postérieure, sous réserve des dispositions de +l'article 5.3.4 <#compatibilite>. + + + Article 13 - LOI APPLICABLE ET COMPETENCE TERRITORIALE + +13.1 Le Contrat est régi par la loi française. Les Parties conviennent +de tenter de régler à l'amiable les différends ou litiges qui +viendraient à se produire par suite ou à l'occasion du Contrat. + +13.2 A défaut d'accord amiable dans un délai de deux (2) mois à compter +de leur survenance et sauf situation relevant d'une procédure d'urgence, +les différends ou litiges seront portés par la Partie la plus diligente +devant les Tribunaux compétents de Paris. diff --git a/admin_keys/anon.keys b/keys/anon.keys similarity index 77% rename from admin_keys/anon.keys rename to keys/anon.keys index ef0e9c0..7a717dd 100644 --- a/admin_keys/anon.keys +++ b/keys/anon.keys @@ -1,5 +1,3 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0xMwWedkKosax9+7D2OlnMxFL/eV4CvFZLsbLptpXr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+EZXYziiaynJX99EW8KesnmRTZMof3BoIs3mdEl8L3 -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHL4M4HKjs4cjRAYRk9pmmI8U0R4+T/jQh6Fxp/i1Eoy diff --git a/admin_keys/mdebray.keys b/keys/mdebray.keys similarity index 100% rename from admin_keys/mdebray.keys rename to keys/mdebray.keys diff --git a/keys/thubrecht.keys b/keys/thubrecht.keys new file mode 100644 index 0000000..bfa6a33 --- /dev/null +++ b/keys/thubrecht.keys @@ -0,0 +1,2 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+EZXYziiaynJX99EW8KesnmRTZMof3BoIs3mdEl8L3 +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHL4M4HKjs4cjRAYRk9pmmI8U0R4+T/jQh6Fxp/i1Eoy diff --git a/shell.nix b/shell.nix index 83d1f41..45f1ad0 100644 --- a/shell.nix +++ b/shell.nix @@ -1,11 +1,49 @@ +/* + Copyright : + - Maurice Debray 2023 + - Tom Hubrecht 2023 + + Ce logiciel est un programme informatique servant à déployer des + configurations de serveurs via NixOS. + + Ce logiciel est régi par la licence CeCILL soumise au droit français et + respectant les principes de diffusion des logiciels libres. Vous pouvez + utiliser, modifier et/ou redistribuer ce programme sous les conditions + de la licence CeCILL telle que diffusée par le CEA, le CNRS et l'INRIA + sur le site "http://www.cecill.info". + + En contrepartie de l'accessibilité au code source et des droits de copie, + de modification et de redistribution accordés par cette licence, il n'est + offert aux utilisateurs qu'une garantie limitée. Pour les mêmes raisons, + seule une responsabilité restreinte pèse sur l'auteur du programme, le + titulaire des droits patrimoniaux et les concédants successifs. + + A cet égard l'attention de l'utilisateur est attirée sur les risques + associés au chargement, à l'utilisation, à la modification et/ou au + développement et à la reproduction du logiciel par l'utilisateur étant + donné sa spécificité de logiciel libre, qui peut le rendre complexe à + manipuler et qui le réserve donc à des développeurs et des professionnels + avertis possédant des connaissances informatiques approfondies. Les + utilisateurs sont donc invités à charger et tester l'adéquation du + logiciel à leurs besoins dans des conditions permettant d'assurer la + sécurité de leurs systèmes et ou de leurs données et, plus généralement, + à l'utiliser et l'exploiter dans les mêmes conditions de sécurité. + + Le fait que vous puissiez accéder à cet en-tête signifie que vous avez + pris connaissance de la licence CeCILL, et que vous en avez accepté les + termes. +*/ + let - sources = (import ./npins); - pkgs = import sources.nixpkgs {}; + sources = import ./npins; + pkgs = import sources.nixpkgs { }; in + pkgs.mkShell { - packages = [ - pkgs.npins - pkgs.colmena - (pkgs.callPackage (sources.disko + "/package.nix") {}) - ]; + packages = with pkgs; [ + npins + colmena + ] ++ (builtins.map (p: callPackage p { }) [ + (sources.disko + "/package.nix") + ]); } -- 2.47.1 From b3d2cd60713407f27dd1cbf4ce88f58320463114 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 22 May 2023 15:05:20 +0200 Subject: [PATCH 05/78] lib: Init --- lib/default.nix | 20 ++++++++++++++++++++ lib/trivial.nix | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 lib/default.nix create mode 100644 lib/trivial.nix diff --git a/lib/default.nix b/lib/default.nix new file mode 100644 index 0000000..024f465 --- /dev/null +++ b/lib/default.nix @@ -0,0 +1,20 @@ +{ lib, ... }: + +let + trivial = import ./trivial.nix; +in + +trivial // (with trivial; rec { + mkImport = root: file: + let path = mkRel root file; in + path + (lib.optionalString (!lib.pathIsDirectory path) ".nix"); + + mkImports = root: builtins.map (mkImport root); + + getKeys = name: builtins.filter (k: k != "") (lib.splitString "\n" (builtins.readFile (../keys + "/${name}.keys"))); + + /* List version of getKeys */ + getAllKeys = names: builtins.concatLists (builtins.map getKeys names); + + getKeyFiles = builtins.map (compose (n: "${n}.keys") (mkRel ../keys)); +}) diff --git a/lib/trivial.nix b/lib/trivial.nix new file mode 100644 index 0000000..f9952d0 --- /dev/null +++ b/lib/trivial.nix @@ -0,0 +1,39 @@ +rec { + /* Fuses a list of attribute sets into a single attribute set. + + Example: + x = [ { a = 1; } { b = 2; } ] + fuseAttrs x + => { a = 1; b = 2; } + */ + fuseAttrs = builtins.foldl' (attrs: x: attrs // x) { }; + + /* Maps then fuses a list of attribute sets into a single attribute set. + + Example: + x = [ "a" "b" ] + mapFuse (c: { ${c} = 42; }) x + => { a = 42; b = 42; } + */ + mapFuse = f: attrsList: fuseAttrs (builtins.map f attrsList); + + /* Equivalent of lib.singleton but for an attribute set. + + Example: + singleAttr "a" 1 + => { a = 1; } + */ + singleAttr = name: value: { ${name} = value; }; + + mapSingleFuse = f: mapFuse (x: singleAttr x (f x)); + + /* Creates a relative path as a string + + Example: + mkRel /home/test/ "file.txt" + => "/home/test/file.txt" + */ + mkRel = path: file: builtins.toString (path + "/${file}"); + + compose = f: g: (x: g (f x)); +} -- 2.47.1 From 91cf28e9d1cbeba50deb2c4167ac488b15290f23 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 22 May 2023 15:05:58 +0200 Subject: [PATCH 06/78] web-01: Rename main config files --- .../web-01/{configuration.nix => _configuration.nix} | 10 +++------- ...e-configuration.nix => _hardware-configuration.nix} | 0 2 files changed, 3 insertions(+), 7 deletions(-) rename machines/web-01/{configuration.nix => _configuration.nix} (83%) rename machines/web-01/{hardware-configuration.nix => _hardware-configuration.nix} (100%) diff --git a/machines/web-01/configuration.nix b/machines/web-01/_configuration.nix similarity index 83% rename from machines/web-01/configuration.nix rename to machines/web-01/_configuration.nix index 35c7ad2..87eb05e 100644 --- a/machines/web-01/configuration.nix +++ b/machines/web-01/_configuration.nix @@ -5,8 +5,9 @@ { name, config, pkgs, lib, ... }: { imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix + [ + # Include the results of the hardware scan. + # ./hardware-configuration.nix ./networking.nix ./ssh.nix ]; @@ -19,10 +20,6 @@ time.timeZone = "Europe/Paris"; - - users.users.root.openssh.authorizedKeys.keyFiles = [ ../../admin_keys/anon.keys ../../admin_keys/mdebray.keys ]; - - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave @@ -32,4 +29,3 @@ system.stateVersion = "22.11"; # Did you read the comment? } - diff --git a/machines/web-01/hardware-configuration.nix b/machines/web-01/_hardware-configuration.nix similarity index 100% rename from machines/web-01/hardware-configuration.nix rename to machines/web-01/_hardware-configuration.nix -- 2.47.1 From fa3bb514778024d2a4fb8ed9f04bb8a21d13a935 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 22 May 2023 15:06:11 +0200 Subject: [PATCH 07/78] meta: Start members, groups and nodes --- meta/default.nix | 6 ++++++ meta/members.nix | 21 +++++++++++++++++++++ meta/nodes.nix | 13 +++++++++++++ 3 files changed, 40 insertions(+) create mode 100644 meta/default.nix create mode 100644 meta/members.nix create mode 100644 meta/nodes.nix diff --git a/meta/default.nix b/meta/default.nix new file mode 100644 index 0000000..54f88a0 --- /dev/null +++ b/meta/default.nix @@ -0,0 +1,6 @@ +let + members = import ./members.nix; + nodes = import ./nodes.nix; +in + +{ inherit members nodes; } diff --git a/meta/members.nix b/meta/members.nix new file mode 100644 index 0000000..3ddbfd0 --- /dev/null +++ b/meta/members.nix @@ -0,0 +1,21 @@ +let + members = { + mdebray = { + name = "Maurice Debray"; + email = "maurice.debray@dgnum.eu"; + }; + + thubrecht = { + name = "Tom Hubrecht"; + email = "tom.hubrecht@dgnum.eu"; + }; + }; + + groups = { + root = [ "thubrecht" ]; + + web = [ "mdebray" ]; + }; +in + +{ inherit groups members; } diff --git a/meta/nodes.nix b/meta/nodes.nix new file mode 100644 index 0000000..6eb18fe --- /dev/null +++ b/meta/nodes.nix @@ -0,0 +1,13 @@ +{ + web-01 = { + adminGroups = [ "web" ]; + admins = [ ]; + + deployment = { + tags = [ "web" ]; + targetHost = "129.199.129.200"; + }; + + nixpkgs = "unstable"; + }; +} -- 2.47.1 From 24500ed3693467f1ee66572c40d8697eeefb682b Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 22 May 2023 15:07:03 +0200 Subject: [PATCH 08/78] modules: Init with access control --- modules/default.nix | 7 +++++++ modules/dgn-access-control.nix | 35 ++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 modules/default.nix create mode 100644 modules/dgn-access-control.nix diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..596ea40 --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,7 @@ +{ dgn-lib, ... }: + +{ + imports = dgn-lib.mkImports ./. [ + "dgn-access-control" + ]; +} diff --git a/modules/dgn-access-control.nix b/modules/dgn-access-control.nix new file mode 100644 index 0000000..f04e71d --- /dev/null +++ b/modules/dgn-access-control.nix @@ -0,0 +1,35 @@ +{ config, lib, dgn-lib, meta, name, ... }: + +let + nodeMeta = meta.nodes.${name}; + admins = meta.members.groups.root ++ nodeMeta.admins + ++ (builtins.concatMap (g: meta.members.groups.${g}) nodeMeta.adminGroups); + + cfg = config.dgn-access-control; +in + +with lib; + +{ + options.dgn-access-control = { + enable = mkEnableOption "DGNum access control." // { default = true; }; + + users = mkOption { + type = with types; attrsOf (listOf str); + default = { }; + description = '' + Attribute set describing which member has access to which user on the node. + ''; + }; + }; + + config = mkIf cfg.enable { + # Admins have root access to the node + dgn-access-control.users.root = mkDefault admins; + + users.users = builtins.mapAttrs + (u: members: { openssh.authorizedKeys.keys = dgn-lib.getKeyFiles members; }) + cfg.users; + + }; +} -- 2.47.1 From f5bc7517dadbe4b9af33910046570ada51787eff Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 22 May 2023 15:07:33 +0200 Subject: [PATCH 09/78] npins: Add nixos-{22.11,unstable} and update nixpkgs --- npins/sources.json | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/npins/sources.json b/npins/sources.json index ce56fa7..9bfc64f 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -14,12 +14,24 @@ "url": "https://api.github.com/repos/nix-community/disko/tarball/v1.0.0", "hash": "153cm29hjgklsi1aw85srvcd3h3afm7j77llk4fj3slf5gcwnmx9" }, + "nixos-22.11": { + "type": "Channel", + "name": "nixos-22.11", + "url": "https://releases.nixos.org/nixos/22.11/nixos-22.11.4256.628d4bb6e9f/nixexprs.tar.xz", + "hash": "1pb1jfcadb5fr7xk6rvf2bq6yw63rhzq6g3c0hp819j6p61rfqgi" + }, + "nixos-unstable": { + "type": "Channel", + "name": "nixos-unstable", + "url": "https://releases.nixos.org/nixos/unstable/nixos-23.05pre486371.3005f20ce0a/nixexprs.tar.xz", + "hash": "1a0kk320ca3ilcf0dq2v92m03czmd7zir50izvjqi1ikq2npm2g6" + }, "nixpkgs": { "type": "Channel", "name": "nixpkgs-unstable", - "url": "https://releases.nixos.org/nixpkgs/nixpkgs-23.05pre483213.635a306fc8e/nixexprs.tar.xz", - "hash": "0lvmz0l12qkyg7lj69mn03lv8i44xsw84ld4d8yqyj9m9dng7hsd" + "url": "https://releases.nixos.org/nixpkgs/nixpkgs-23.05pre486356.7a288f777a5/nixexprs.tar.xz", + "hash": "0zbil4dvs7czhiyfy0r0s6krdjidr7jpjvvv2ryx8lb3plwf3qaw" } }, "version": 3 -} +} \ No newline at end of file -- 2.47.1 From 0fd05cd1972c36647be8f798e0c57d3e3290ed70 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 22 May 2023 15:07:48 +0200 Subject: [PATCH 10/78] shell.nix: Always build locally --- shell.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/shell.nix b/shell.nix index 45f1ad0..bd90833 100644 --- a/shell.nix +++ b/shell.nix @@ -46,4 +46,6 @@ pkgs.mkShell { ] ++ (builtins.map (p: callPackage p { }) [ (sources.disko + "/package.nix") ]); + + allowSubstitutes = false; } -- 2.47.1 From 8949cf78dce68d4296907adfa86182c7d4960b9d Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 22 May 2023 15:08:33 +0200 Subject: [PATCH 11/78] hive.nix: Add abstraction --- hive.nix | 41 +++++++++++++++++++++++++++++++---------- 1 file changed, 31 insertions(+), 10 deletions(-) diff --git a/hive.nix b/hive.nix index c849d44..6de1f2c 100644 --- a/hive.nix +++ b/hive.nix @@ -1,21 +1,42 @@ let sources = import ./npins; + metadata = import ./meta; + + lib = import ./lib/trivial.nix; + + mkNode = node: { name, nodes, ... }: { + # Import the base configuration for each node + imports = builtins.map (lib.mkRel ./machines/${node}) [ + "_configuration.nix" + "_hardware-configuration.nix" + ]; + + # Deployment config is specified in meta.nodes.${node}.deployment + inherit (metadata.nodes.${node}) deployment; + }; + + mkNixpkgs = node: import sources."nixos-${metadata.nodes.${node}.nixpkgs}" { }; + + mkArgs = node: { + dgn-lib = import ./lib { inherit ((mkNixpkgs node)) lib; }; + }; + + nodes = builtins.attrNames metadata.nodes; in + { meta = { - nixpkgs = import sources.nixpkgs; + nodeNixpkgs = lib.mapSingleFuse mkNixpkgs nodes; - nodeNixpkgs = { - }; + specialArgs = { meta = metadata; }; + + nodeSpecialArgs = lib.mapSingleFuse mkArgs nodes; # TODO: Add remote builders (`machinesFile` option) }; - web-01 = { name, nodes, ... }: { - imports = [ ./machines/${name}/configuration.nix ]; - deployment = { - targetUser = "root"; - targetHost = "129.199.129.200"; - }; + defaults = { ... }: { + # Import the default modules + imports = [ ./modules ]; }; -} +} // (lib.mapSingleFuse mkNode nodes) -- 2.47.1 From 7356ef8b1d0ee251a340a50274cb263978095e74 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 22 May 2023 15:08:43 +0200 Subject: [PATCH 12/78] Use direnv --- .envrc | 1 + .gitignore | 1 + 2 files changed, 2 insertions(+) create mode 100644 .envrc diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..1d953f4 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use nix diff --git a/.gitignore b/.gitignore index a806510..e003f90 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ result result-* +.direnv -- 2.47.1 From d9f7a944af499bb266c33efd16e7eec3bfb80d04 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 22 May 2023 15:09:04 +0200 Subject: [PATCH 13/78] web-01: Reformat --- machines/web-01/disko.nix | 9 +++++---- machines/web-01/ssh.nix | 3 ++- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/machines/web-01/disko.nix b/machines/web-01/disko.nix index b9a5f8e..52c9262 100644 --- a/machines/web-01/disko.nix +++ b/machines/web-01/disko.nix @@ -1,6 +1,7 @@ -{...}: -let - luksName = "mainfs"; +_: + +let + luksName = "mainfs"; in { boot.initrd.luks.devices.${luksName} = { @@ -33,7 +34,7 @@ in start = "512MiB"; end = "-4GiB"; content = rec { - type = "luks"; + type = "luks"; name = luksName; extraOpenArgs = [ "--keyfile-size=1" ]; extraFormatArgs = extraOpenArgs; diff --git a/machines/web-01/ssh.nix b/machines/web-01/ssh.nix index 0f3a438..bb2c346 100644 --- a/machines/web-01/ssh.nix +++ b/machines/web-01/ssh.nix @@ -1,4 +1,5 @@ -{ ... }: +_: + { services.openssh = { passwordAuthentication = false; -- 2.47.1 From 4c6154bd3936301be9e7bba4b7584cf9b5b30c3f Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 22 May 2023 15:36:53 +0200 Subject: [PATCH 14/78] lib: Use mkRel --- lib/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/default.nix b/lib/default.nix index 024f465..07fe91e 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -11,7 +11,9 @@ trivial // (with trivial; rec { mkImports = root: builtins.map (mkImport root); - getKeys = name: builtins.filter (k: k != "") (lib.splitString "\n" (builtins.readFile (../keys + "/${name}.keys"))); + getKeys = name: builtins.filter + (k: k != "") + (lib.splitString "\n" (builtins.readFile (mkRel ../keys "${name}.keys"))); /* List version of getKeys */ getAllKeys = names: builtins.concatLists (builtins.map getKeys names); -- 2.47.1 From be29da5e7ec2e568ce1bb496284881ef95beaa8e Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 22 May 2023 15:58:41 +0200 Subject: [PATCH 15/78] modules/dgn-access-control: Fix keys --- modules/dgn-access-control.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/dgn-access-control.nix b/modules/dgn-access-control.nix index f04e71d..d1ceebd 100644 --- a/modules/dgn-access-control.nix +++ b/modules/dgn-access-control.nix @@ -28,7 +28,7 @@ with lib; dgn-access-control.users.root = mkDefault admins; users.users = builtins.mapAttrs - (u: members: { openssh.authorizedKeys.keys = dgn-lib.getKeyFiles members; }) + (u: members: { openssh.authorizedKeys.keyFiles = dgn-lib.getKeyFiles members; }) cfg.users; }; -- 2.47.1 From 8a65ff477d0823c43facc77bbfa9140a28a0450f Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 22 May 2023 16:28:18 +0200 Subject: [PATCH 16/78] modules/dgn-access-control: Use getAllKeys instead of getKeyFiles --- modules/dgn-access-control.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/dgn-access-control.nix b/modules/dgn-access-control.nix index d1ceebd..d99b8e5 100644 --- a/modules/dgn-access-control.nix +++ b/modules/dgn-access-control.nix @@ -28,7 +28,7 @@ with lib; dgn-access-control.users.root = mkDefault admins; users.users = builtins.mapAttrs - (u: members: { openssh.authorizedKeys.keyFiles = dgn-lib.getKeyFiles members; }) + (u: members: { openssh.authorizedKeys.keys = dgn-lib.getAllKeys members; }) cfg.users; }; -- 2.47.1 From 0eb81321b2f86127229b2fd1d2a9ec3c9960b0b1 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 22 May 2023 17:18:57 +0200 Subject: [PATCH 17/78] keys: Add raito's keys --- keys/{anon.keys => raito.keys} | 0 meta/members.nix | 7 ++++++- 2 files changed, 6 insertions(+), 1 deletion(-) rename keys/{anon.keys => raito.keys} (100%) diff --git a/keys/anon.keys b/keys/raito.keys similarity index 100% rename from keys/anon.keys rename to keys/raito.keys diff --git a/meta/members.nix b/meta/members.nix index 3ddbfd0..c3a94e9 100644 --- a/meta/members.nix +++ b/meta/members.nix @@ -9,12 +9,17 @@ let name = "Tom Hubrecht"; email = "tom.hubrecht@dgnum.eu"; }; + + raito = { + name = "Raito Bezarius"; + email = "raito@dgnume.eu"; + }; }; groups = { root = [ "thubrecht" ]; - web = [ "mdebray" ]; + web = [ "mdebray" "raito" ]; }; in -- 2.47.1 From a7ce39a2f51c9eaa604fc35f3b7b7ca8caf17ad4 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 22 May 2023 16:47:13 +0200 Subject: [PATCH 18/78] modules/dgn-ssh: Add default ssh configuration for all nodes --- machines/web-01/_configuration.nix | 3 +- machines/web-01/ssh.nix | 9 ----- modules/default.nix | 1 + modules/dgn-ssh.nix | 57 ++++++++++++++++++++++++++++++ 4 files changed, 59 insertions(+), 11 deletions(-) delete mode 100644 machines/web-01/ssh.nix create mode 100644 modules/dgn-ssh.nix diff --git a/machines/web-01/_configuration.nix b/machines/web-01/_configuration.nix index 87eb05e..01fcf2f 100644 --- a/machines/web-01/_configuration.nix +++ b/machines/web-01/_configuration.nix @@ -2,14 +2,13 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ name, config, pkgs, lib, ... }: +{ name, ... }: { imports = [ # Include the results of the hardware scan. # ./hardware-configuration.nix ./networking.nix - ./ssh.nix ]; # Use the systemd-boot EFI boot loader. diff --git a/machines/web-01/ssh.nix b/machines/web-01/ssh.nix deleted file mode 100644 index bb2c346..0000000 --- a/machines/web-01/ssh.nix +++ /dev/null @@ -1,9 +0,0 @@ -_: - -{ - services.openssh = { - passwordAuthentication = false; - enable = true; - }; - programs.mosh.enable = true; -} diff --git a/modules/default.nix b/modules/default.nix index 596ea40..8e05e85 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -3,5 +3,6 @@ { imports = dgn-lib.mkImports ./. [ "dgn-access-control" + "dgn-ssh" ]; } diff --git a/modules/dgn-ssh.nix b/modules/dgn-ssh.nix new file mode 100644 index 0000000..1d13553 --- /dev/null +++ b/modules/dgn-ssh.nix @@ -0,0 +1,57 @@ +# Copyright : +# - Maurice Debray 2023 +# - Tom Hubrecht 2023 +# +# Ce logiciel est un programme informatique servant à déployer des +# configurations de serveurs via NixOS. +# +# Ce logiciel est régi par la licence CeCILL soumise au droit français et +# respectant les principes de diffusion des logiciels libres. Vous pouvez +# utiliser, modifier et/ou redistribuer ce programme sous les conditions +# de la licence CeCILL telle que diffusée par le CEA, le CNRS et l'INRIA +# sur le site "http://www.cecill.info". +# +# En contrepartie de l'accessibilité au code source et des droits de copie, +# de modification et de redistribution accordés par cette licence, il n'est +# offert aux utilisateurs qu'une garantie limitée. Pour les mêmes raisons, +# seule une responsabilité restreinte pèse sur l'auteur du programme, le +# titulaire des droits patrimoniaux et les concédants successifs. +# +# A cet égard l'attention de l'utilisateur est attirée sur les risques +# associés au chargement, à l'utilisation, à la modification et/ou au +# développement et à la reproduction du logiciel par l'utilisateur étant +# donné sa spécificité de logiciel libre, qui peut le rendre complexe à +# manipuler et qui le réserve donc à des développeurs et des professionnels +# avertis possédant des connaissances informatiques approfondies. Les +# utilisateurs sont donc invités à charger et tester l'adéquation du +# logiciel à leurs besoins dans des conditions permettant d'assurer la +# sécurité de leurs systèmes et ou de leurs données et, plus généralement, +# à l'utiliser et l'exploiter dans les mêmes conditions de sécurité. +# +# Le fait que vous puissiez accéder à cet en-tête signifie que vous avez +# pris connaissance de la licence CeCILL, et que vous en avez accepté les +# termes. + +{ config, lib, ... }: + +with lib; + +let + cfg = config.dgn-ssh; +in + +{ + options.dgn-ssh = { + enable = mkEnableOption "ssh default configuration." // { default = true; }; + }; + + config = mkIf cfg.enable { + services.openssh = { + enable = true; + + passwordAuthentication = false; + }; + + programs.mosh.enable = true; + }; +} -- 2.47.1 From 5bc379c1d1a0f015dabddbd98b5ebdc260d96d49 Mon Sep 17 00:00:00 2001 From: sinavir Date: Mon, 22 May 2023 17:24:42 +0200 Subject: [PATCH 19/78] document access control --- meta/default.nix | 4 ++++ meta/members.nix | 6 ++++++ meta/nodes.nix | 12 ++++++++++++ modules/dgn-access-control.nix | 6 ++++++ 4 files changed, 28 insertions(+) diff --git a/meta/default.nix b/meta/default.nix index 54f88a0..d6e1690 100644 --- a/meta/default.nix +++ b/meta/default.nix @@ -1,3 +1,7 @@ +/* +Metadata for the nodes. You can add custom attributes, they are +accessible through the specialArg meta in the config. +*/ let members = import ./members.nix; nodes = import ./nodes.nix; diff --git a/meta/members.nix b/meta/members.nix index c3a94e9..7097ee7 100644 --- a/meta/members.nix +++ b/meta/members.nix @@ -1,3 +1,7 @@ +/* +To add a new member add an attribute to `members` +Then add the key to the required groups. +*/ let members = { mdebray = { @@ -17,8 +21,10 @@ let }; groups = { + # members of this group are root on all nodes root = [ "thubrecht" ]; + # members of this group are root on web nodes web = [ "mdebray" "raito" ]; }; in diff --git a/meta/nodes.nix b/meta/nodes.nix index 6eb18fe..2fb1949 100644 --- a/meta/nodes.nix +++ b/meta/nodes.nix @@ -1,3 +1,15 @@ +/* File specifying all the deployement options for the nodes administrated by the dgnum. + +Node metadata template is: + +NODE_NAME = { + adminGroups = []; # List of groups that have root access + admins = []; # List of individuals that have root access + deployment = {}; # Colmena deployment options + nixpkgs = "unstable" or "22.11"; # nixpkgs version +} +*/ + { web-01 = { adminGroups = [ "web" ]; diff --git a/modules/dgn-access-control.nix b/modules/dgn-access-control.nix index d99b8e5..dd9296f 100644 --- a/modules/dgn-access-control.nix +++ b/modules/dgn-access-control.nix @@ -19,6 +19,12 @@ with lib; default = { }; description = '' Attribute set describing which member has access to which user on the node. + Members must be declared in `meta/members.nix`. + ''; + example = '' + { + user1 = [ "member1" "member2" ]; + } ''; }; }; -- 2.47.1 From 857c1bb88e6225f1f6d1d134f02f5c4f769358ab Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Tue, 23 May 2023 11:11:27 +0200 Subject: [PATCH 20/78] lib: Fix mkRel When using strings instead of paths, the required files are not included in the closure and thus not sent to the nodes. --- lib/trivial.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/trivial.nix b/lib/trivial.nix index f9952d0..1ba84d5 100644 --- a/lib/trivial.nix +++ b/lib/trivial.nix @@ -33,7 +33,7 @@ rec { mkRel /home/test/ "file.txt" => "/home/test/file.txt" */ - mkRel = path: file: builtins.toString (path + "/${file}"); + mkRel = path: file: path + "/${file}"; compose = f: g: (x: g (f x)); } -- 2.47.1 From c21e8669c683e173590bd9f3808bfefc3466fba5 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Wed, 7 Jun 2023 14:13:36 +0200 Subject: [PATCH 21/78] iso: Make a script for iso generation --- iso/build-iso.sh | 5 +++++ iso/configuration.nix | 32 ++++++++++++++++++++++++++++++++ iso/nixpkgs.nix | 5 +++++ meta/members.nix | 3 +++ shell.nix | 1 + 5 files changed, 46 insertions(+) create mode 100644 iso/build-iso.sh create mode 100644 iso/configuration.nix create mode 100644 iso/nixpkgs.nix diff --git a/iso/build-iso.sh b/iso/build-iso.sh new file mode 100644 index 0000000..2586426 --- /dev/null +++ b/iso/build-iso.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +NIXPKGS=$(nix-build nixpkgs.nix) + +nixos-generate -c configuration.nix -I NIX_PATH="$NIXPKGS" -f install-iso diff --git a/iso/configuration.nix b/iso/configuration.nix new file mode 100644 index 0000000..ab5ce0b --- /dev/null +++ b/iso/configuration.nix @@ -0,0 +1,32 @@ +{ pkgs, ... }: + +let + dgn-lib = import ../lib/trivial.nix; + + dgn-members = (import ../meta).members.groups.iso; +in + +{ + boot = { + blacklistedKernelModules = [ "snd_pcsp" ]; + kernelPackages = pkgs.linuxPackages_6_1; + tmp.cleanOnBoot = true; + + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + + supportedFilesystems = [ + "exfat" + "zfs" + ]; + }; + + services = { + openssh.enable = true; + }; + + users.users.root.openssh.authorizedKeys.keyFiles = + builtins.map (m: dgn-lib.mkRel ../keys "${m}.keys") dgn-members; +} diff --git a/iso/nixpkgs.nix b/iso/nixpkgs.nix new file mode 100644 index 0000000..73a6d6a --- /dev/null +++ b/iso/nixpkgs.nix @@ -0,0 +1,5 @@ +let + inherit (import ../npins) nixpkgs; +in + +(import nixpkgs { }).srcOnly { name = "nixpkgs-for-iso"; src = nixpkgs; } diff --git a/meta/members.nix b/meta/members.nix index 7097ee7..b9c6a84 100644 --- a/meta/members.nix +++ b/meta/members.nix @@ -26,6 +26,9 @@ let # members of this group are root on web nodes web = [ "mdebray" "raito" ]; + + # members of this group will have root acces on the installation isos + iso = [ "thubrecht" "mdebray" "raito" ]; }; in diff --git a/shell.nix b/shell.nix index bd90833..bcef228 100644 --- a/shell.nix +++ b/shell.nix @@ -43,6 +43,7 @@ pkgs.mkShell { packages = with pkgs; [ npins colmena + nixos-generators ] ++ (builtins.map (p: callPackage p { }) [ (sources.disko + "/package.nix") ]); -- 2.47.1 From e64c32bf3445033304e0d97c1ce1da0bfd553b93 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Thu, 8 Jun 2023 10:20:55 +0200 Subject: [PATCH 22/78] iso: Update iso config and add a script to ease the installation process --- iso/build-iso.sh | 0 iso/configuration.nix | 4 + iso/dgn-install/README.md | 1 + iso/dgn-install/default.nix | 20 +++++ iso/dgn-install/dgn-install.sh | 141 +++++++++++++++++++++++++++++++++ 5 files changed, 166 insertions(+) mode change 100644 => 100755 iso/build-iso.sh create mode 100644 iso/dgn-install/README.md create mode 100644 iso/dgn-install/default.nix create mode 100644 iso/dgn-install/dgn-install.sh diff --git a/iso/build-iso.sh b/iso/build-iso.sh old mode 100644 new mode 100755 diff --git a/iso/configuration.nix b/iso/configuration.nix index ab5ce0b..f09979f 100644 --- a/iso/configuration.nix +++ b/iso/configuration.nix @@ -7,6 +7,8 @@ let in { + imports = [ ./dgn-install ]; + boot = { blacklistedKernelModules = [ "snd_pcsp" ]; kernelPackages = pkgs.linuxPackages_6_1; @@ -23,6 +25,8 @@ in ]; }; + console.keyMap = "fr"; + services = { openssh.enable = true; }; diff --git a/iso/dgn-install/README.md b/iso/dgn-install/README.md new file mode 100644 index 0000000..32f2f2f --- /dev/null +++ b/iso/dgn-install/README.md @@ -0,0 +1 @@ +Script pour installer automatiquement NixOS sur les machines de la DGNum diff --git a/iso/dgn-install/default.nix b/iso/dgn-install/default.nix new file mode 100644 index 0000000..3028540 --- /dev/null +++ b/iso/dgn-install/default.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: + +let + installScript = pkgs.writeShellApplication { + name = "dgn-install"; + + runtimeInputs = with pkgs; [ + coreutils + gnused + nixos-install-tools + zfs + ]; + + text = builtins.readFile ./dgn-install.sh; + }; +in + +{ + environment.systemPackages = [ installScript ]; +} diff --git a/iso/dgn-install/dgn-install.sh b/iso/dgn-install/dgn-install.sh new file mode 100644 index 0000000..ab5c767 --- /dev/null +++ b/iso/dgn-install/dgn-install.sh @@ -0,0 +1,141 @@ +bootDevice= +rootDevice= + +domain="par01.infra.dgnum.eu" +hostname="dgn0x" + +hasZFS= + +while [ "$#" -gt 0 ]; do + i="$1" + shift 1 + case "$i" in + --root) + rootDevice="$1" + shift 1 + ;; + --boot) + bootDevice="$1" + shift 1 + ;; + --domain) + domain="$1" + shift 1 + ;; + --hostname) + hostname="$1" + shift 1 + ;; + --with-zfs) + hasZFS="1" + ;; + *) + echo "$0: unknown option \`$i'" + exit 1 + ;; + esac +done + +if [ -z "$bootDevice" ]; then + echo "Missing boot partition" + exit 1 +fi + +if [ -z "$rootDevice" ]; then + echo "Missing root partition" + exit 1 +fi + +# Mount the partitions to where they should be +mount "$rootDevice" /mnt +mkdir /mnt/boot + +mount "$bootDevice" /mnt/boot + +# Generate configration +nixos-generate-config --root /mnt + +NIX="/mnt/etc/nixos/" + +# Setup our own files +mv $NIX/configuration.nix $NIX/base-configuration.nix + +cat < $NIX/dgnum-server.nix +{ ... }: { + services.nscd.enableNsncd = false; + programs.bash.promptInit = '' + # Provide a nice prompt if the terminal supports it. + if [ "\$TERM" != "dumb" ] || [ -n "\$INSIDE_EMACS" ]; then + PROMPT_COLOR="1;31m" + ((UID)) && PROMPT_COLOR="1;32m" + if [ -n "\$INSIDE_EMACS" ] || [ "\$TERM" = "eterm" ] || [ "\$TERM" = "eterm-color" ]; then + # Emacs term mode doesn't support xterm title escape sequence (\e]0;) + PS1="\n\[\033[\$PROMPT_COLOR\][\u@\$(hostname -f):\w]\\\$\[\033[0m\] " + else + PS1="\n\[\033[\$PROMPT_COLOR\][\[\e]0;\u@\H: \w\a\]\u@\$(hostname -f):\w]\\\$\[\033[0m\] " + fi + if test "\$TERM" = "xterm"; then + PS1="\[\033]2;\$(hostname -f):\u:\w\007\]\$PS1" + fi + fi + ''; +} +EOF + +cat < $NIX/configuration.nix +{ pkgs, ... }: { + imports = [ + ./base-configuration.nix + ./dgnum-server.nix + $(if [ -n "$hasZFS" ]; then echo './zfs.nix'; fi) + ]; + + boot.tmp.cleanOnBoot = true; + + console.keyMap = "fr"; + + time.timeZone = "Europe/Paris"; + + environment.systemPackages = with pkgs; [ + vim + wget + kitty.terminfo + ]; + + networking = { + hostName = "$hostname"; + domain = "$domain"; + }; + + # Activate SSH and set the keys + services.openssh = { + enable = true; + + settings.PasswordAuthentication = false; + }; + + users.users.root.openssh.authorizedKeys.keyFiles = [ ./rootKeys ]; +} +EOF + +if [ -n "$hasZFS" ]; then + cat < $NIX/zfs.nix +{ ... }: { + boot = { + supportedFilesystems = [ "zfs" ]; + zfs.forceImportRoot = false; + zfs.extraPools = [ + $(zpool list -Ho name | sed 's/^/"/;s/$/"/') + ]; + }; + + networking.hostId = "$(head -c4 /dev/urandom | od -A none -t x4 | sed 's/ //')"; +} +EOF +fi + +# Copy the keys +cp /etc/ssh/authorized_keys.d/root $NIX/rootKeys + +# Perform the installation +nixos-install -- 2.47.1 From c06fe743b0a34203928ca20ae1510ac7d5049fec Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Fri, 30 Jun 2023 18:29:56 +0200 Subject: [PATCH 23/78] lib: Add utility functions --- lib/default.nix | 12 ++++++++++++ lib/trivial.nix | 6 ++++++ 2 files changed, 18 insertions(+) diff --git a/lib/default.nix b/lib/default.nix index 07fe91e..99b2785 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -5,6 +5,8 @@ let in trivial // (with trivial; rec { + recursiveFuse = builtins.foldl' lib.recursiveUpdate { }; + mkImport = root: file: let path = mkRel root file; in path + (lib.optionalString (!lib.pathIsDirectory path) ".nix"); @@ -19,4 +21,14 @@ trivial // (with trivial; rec { getAllKeys = names: builtins.concatLists (builtins.map getKeys names); getKeyFiles = builtins.map (compose (n: "${n}.keys") (mkRel ../keys)); + + getNodeKeys = node: + let + meta = import ../meta; + names = builtins.foldl' + (names: group: names ++ meta.members.groups.${group}) + (meta.nodes.${node}.admins ++ [ "/machines/${node}" ]) + (meta.nodes.${node}.adminGroups ++ [ "root" ]); + in + getAllKeys names; }) diff --git a/lib/trivial.nix b/lib/trivial.nix index 1ba84d5..075a99f 100644 --- a/lib/trivial.nix +++ b/lib/trivial.nix @@ -27,6 +27,8 @@ rec { mapSingleFuse = f: mapFuse (x: singleAttr x (f x)); + setDefault = default: mapFuse (name: { ${name} = default; }); + /* Creates a relative path as a string Example: @@ -36,4 +38,8 @@ rec { mkRel = path: file: path + "/${file}"; compose = f: g: (x: g (f x)); + + mkBaseSecrets = root: mapFuse (secret: { ${secret}.file = mkRel root secret; }); + + getSecrets = dir: builtins.attrNames (import (mkRel dir "secrets.nix")); } -- 2.47.1 From 88529a87ee18906b3ace3eb797d9163a10e135ec Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Fri, 30 Jun 2023 18:30:35 +0200 Subject: [PATCH 24/78] meta: Switch web-01 to 23.05 --- meta/nodes.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/nodes.nix b/meta/nodes.nix index 2fb1949..f292ac9 100644 --- a/meta/nodes.nix +++ b/meta/nodes.nix @@ -20,6 +20,6 @@ NODE_NAME = { targetHost = "129.199.129.200"; }; - nixpkgs = "unstable"; + nixpkgs = "23.05"; }; } -- 2.47.1 From 94305d27236aee62e2c9ab913617fe593d8a74bf Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Fri, 30 Jun 2023 18:37:44 +0200 Subject: [PATCH 25/78] modules/dgn-acme: Init --- modules/dgn-acme.nix | 53 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 modules/dgn-acme.nix diff --git a/modules/dgn-acme.nix b/modules/dgn-acme.nix new file mode 100644 index 0000000..d9f4548 --- /dev/null +++ b/modules/dgn-acme.nix @@ -0,0 +1,53 @@ +# Copyright : +# - Tom Hubrecht 2023 +# +# Ce logiciel est un programme informatique servant à déployer des +# configurations de serveurs via NixOS. +# +# Ce logiciel est régi par la licence CeCILL soumise au droit français et +# respectant les principes de diffusion des logiciels libres. Vous pouvez +# utiliser, modifier et/ou redistribuer ce programme sous les conditions +# de la licence CeCILL telle que diffusée par le CEA, le CNRS et l'INRIA +# sur le site "http://www.cecill.info". +# +# En contrepartie de l'accessibilité au code source et des droits de copie, +# de modification et de redistribution accordés par cette licence, il n'est +# offert aux utilisateurs qu'une garantie limitée. Pour les mêmes raisons, +# seule une responsabilité restreinte pèse sur l'auteur du programme, le +# titulaire des droits patrimoniaux et les concédants successifs. +# +# A cet égard l'attention de l'utilisateur est attirée sur les risques +# associés au chargement, à l'utilisation, à la modification et/ou au +# développement et à la reproduction du logiciel par l'utilisateur étant +# donné sa spécificité de logiciel libre, qui peut le rendre complexe à +# manipuler et qui le réserve donc à des développeurs et des professionnels +# avertis possédant des connaissances informatiques approfondies. Les +# utilisateurs sont donc invités à charger et tester l'adéquation du +# logiciel à leurs besoins dans des conditions permettant d'assurer la +# sécurité de leurs systèmes et ou de leurs données et, plus généralement, +# à l'utiliser et l'exploiter dans les mêmes conditions de sécurité. +# +# Le fait que vous puissiez accéder à cet en-tête signifie que vous avez +# pris connaissance de la licence CeCILL, et que vous en avez accepté les +# termes. + +{ config, lib, ... }: + +let + inherit (lib) + mkEnableOption + mkIf; + + cfg = config.dgn-acme; +in + +{ + options.dgn-acme.enable = mkEnableOption "ACME settings." // { default = true; }; + + config = mkIf cfg.enable { + security.acme = { + acceptTerms = true; + defaults.email = "acme@dgnum.eu"; + }; + }; +} -- 2.47.1 From 9e18e8e078d5eacff002bc779a980da476338006 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Fri, 30 Jun 2023 18:38:10 +0200 Subject: [PATCH 26/78] modules/dgn-secrets: Init Add a way to simplify secrets imports --- modules/dgn-secrets.nix | 112 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 112 insertions(+) create mode 100644 modules/dgn-secrets.nix diff --git a/modules/dgn-secrets.nix b/modules/dgn-secrets.nix new file mode 100644 index 0000000..c43eea3 --- /dev/null +++ b/modules/dgn-secrets.nix @@ -0,0 +1,112 @@ +# Copyright : +# - Tom Hubrecht 2023 +# +# Ce logiciel est un programme informatique servant à déployer des +# configurations de serveurs via NixOS. +# +# Ce logiciel est régi par la licence CeCILL soumise au droit français et +# respectant les principes de diffusion des logiciels libres. Vous pouvez +# utiliser, modifier et/ou redistribuer ce programme sous les conditions +# de la licence CeCILL telle que diffusée par le CEA, le CNRS et l'INRIA +# sur le site "http://www.cecill.info". +# +# En contrepartie de l'accessibilité au code source et des droits de copie, +# de modification et de redistribution accordés par cette licence, il n'est +# offert aux utilisateurs qu'une garantie limitée. Pour les mêmes raisons, +# seule une responsabilité restreinte pèse sur l'auteur du programme, le +# titulaire des droits patrimoniaux et les concédants successifs. +# +# A cet égard l'attention de l'utilisateur est attirée sur les risques +# associés au chargement, à l'utilisation, à la modification et/ou au +# développement et à la reproduction du logiciel par l'utilisateur étant +# donné sa spécificité de logiciel libre, qui peut le rendre complexe à +# manipuler et qui le réserve donc à des développeurs et des professionnels +# avertis possédant des connaissances informatiques approfondies. Les +# utilisateurs sont donc invités à charger et tester l'adéquation du +# logiciel à leurs besoins dans des conditions permettant d'assurer la +# sécurité de leurs systèmes et ou de leurs données et, plus généralement, +# à l'utiliser et l'exploiter dans les mêmes conditions de sécurité. +# +# Le fait que vous puissiez accéder à cet en-tête signifie que vous avez +# pris connaissance de la licence CeCILL, et que vous en avez accepté les +# termes. + +{ config, lib, dgn-lib, ... }: + +let + inherit (lib) + mkOption + + types; + + inherit (dgn-lib) + getSecrets + mkBaseSecrets + recursiveFuse; + + cfg = config.dgn-secrets; + + optionsType = with types; submodule ({ config, ... }: { + options = { + mode = mkOption { + type = str; + default = "0400"; + description = '' + Permissions mode of the decrypted secret in a format understood by chmod. + ''; + }; + + owner = mkOption { + type = str; + default = "0"; + description = '' + User of the decrypted secret. + ''; + }; + + group = mkOption { + type = str; + default = users.${config.owner}.group or "0"; + description = '' + Group of the decrypted secret. + ''; + }; + }; + }); +in + +{ + options.dgn-secrets = { + sources = mkOption { + type = with types; listOf path; + default = [ ]; + description = '' + List of directories containing secrets managed with agenix. + ''; + }; + + options = mkOption { + type = with types; listOf (attrsOf optionsType); + default = [ ]; + description = '' + List of attribute sets of secrets' configuration overrides. + ''; + }; + + names = mkOption { + type = with types; listOf str; + default = builtins.foldl' (acc: dir: acc ++ (dgn-lib.getSecrets dir)) [ ] cfg.sources; + description = '' + List of the names of the secrets. + ''; + }; + }; + + config = { + age.secrets = recursiveFuse (cfg.options ++ ( + builtins.map + (dir: mkBaseSecrets dir (getSecrets dir)) + cfg.sources + )); + }; +} -- 2.47.1 From 4b610d0b803bb29ccdbf833e28aac0ee314ae9ad Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Fri, 30 Jun 2023 18:38:23 +0200 Subject: [PATCH 27/78] modules/dgn-ssh: Update settings --- modules/dgn-ssh.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/dgn-ssh.nix b/modules/dgn-ssh.nix index 1d13553..88c6b67 100644 --- a/modules/dgn-ssh.nix +++ b/modules/dgn-ssh.nix @@ -49,7 +49,7 @@ in services.openssh = { enable = true; - passwordAuthentication = false; + settings.PasswordAuthentication = false; }; programs.mosh.enable = true; -- 2.47.1 From 91e8fc2ce462c8a3577cf1ca50526bb5d7f11653 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Fri, 30 Jun 2023 18:38:29 +0200 Subject: [PATCH 28/78] npins: Update --- npins/sources.json | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/npins/sources.json b/npins/sources.json index 9bfc64f..cfbb0e5 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -1,5 +1,19 @@ { "pins": { + "agenix": { + "type": "GitRelease", + "repository": { + "type": "GitHub", + "owner": "ryantm", + "repo": "agenix" + }, + "pre_releases": false, + "version_upper_bound": null, + "version": "0.13.0", + "revision": "9c9fbfb94b2d545c7f0b78da0254ea0041595795", + "url": "https://api.github.com/repos/ryantm/agenix/tarball/0.13.0", + "hash": "0k6aggy3lhqv6j11cvi4gr0i3jps8hlf262xl9ji3ffxwas46p54" + }, "disko": { "type": "GitRelease", "repository": { @@ -14,23 +28,23 @@ "url": "https://api.github.com/repos/nix-community/disko/tarball/v1.0.0", "hash": "153cm29hjgklsi1aw85srvcd3h3afm7j77llk4fj3slf5gcwnmx9" }, - "nixos-22.11": { + "nixos-23.05": { "type": "Channel", - "name": "nixos-22.11", - "url": "https://releases.nixos.org/nixos/22.11/nixos-22.11.4256.628d4bb6e9f/nixexprs.tar.xz", - "hash": "1pb1jfcadb5fr7xk6rvf2bq6yw63rhzq6g3c0hp819j6p61rfqgi" + "name": "nixos-23.05", + "url": "https://releases.nixos.org/nixos/23.05/nixos-23.05.1375.9790f3242da/nixexprs.tar.xz", + "hash": "12lk6kpraw6gj4nm18g7w8jcnwh9r42jsviypvk12w8b21kzdd14" }, "nixos-unstable": { "type": "Channel", "name": "nixos-unstable", - "url": "https://releases.nixos.org/nixos/unstable/nixos-23.05pre486371.3005f20ce0a/nixexprs.tar.xz", - "hash": "1a0kk320ca3ilcf0dq2v92m03czmd7zir50izvjqi1ikq2npm2g6" + "url": "https://releases.nixos.org/nixos/unstable/nixos-23.11pre499690.4bc72cae107/nixexprs.tar.xz", + "hash": "0jpmwi76ylw2z3qj51as64i5m7qp9ypgznf920jck3qgcxqq9958" }, "nixpkgs": { "type": "Channel", "name": "nixpkgs-unstable", - "url": "https://releases.nixos.org/nixpkgs/nixpkgs-23.05pre486356.7a288f777a5/nixexprs.tar.xz", - "hash": "0zbil4dvs7czhiyfy0r0s6krdjidr7jpjvvv2ryx8lb3plwf3qaw" + "url": "https://releases.nixos.org/nixpkgs/nixpkgs-23.11pre499392.60a783e0051/nixexprs.tar.xz", + "hash": "12bhb6dyki505llipm25nw254nig8mnvrnhxvxh74wyxziii2w9x" } }, "version": 3 -- 2.47.1 From 12e959664f50f41b7a6bc7b4483ab9db5da0b37a Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Fri, 30 Jun 2023 18:38:53 +0200 Subject: [PATCH 29/78] hive.nix: Add sources to arguments and add default secret sources --- hive.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hive.nix b/hive.nix index 6de1f2c..318fac3 100644 --- a/hive.nix +++ b/hive.nix @@ -11,6 +11,9 @@ let "_hardware-configuration.nix" ]; + # Include default secrets + dgn-secrets.sources = [ ./machines/${node}/secrets ]; + # Deployment config is specified in meta.nodes.${node}.deployment inherit (metadata.nodes.${node}) deployment; }; @@ -28,7 +31,7 @@ in meta = { nodeNixpkgs = lib.mapSingleFuse mkNixpkgs nodes; - specialArgs = { meta = metadata; }; + specialArgs = { inherit sources; meta = metadata; }; nodeSpecialArgs = lib.mapSingleFuse mkArgs nodes; -- 2.47.1 From 6003afb8b82674155902a4b7e2f272d69a7fa0e1 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Fri, 30 Jun 2023 18:39:06 +0200 Subject: [PATCH 30/78] modules: Add new modules and agenix --- modules/default.nix | 41 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) diff --git a/modules/default.nix b/modules/default.nix index 8e05e85..ca16072 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,8 +1,45 @@ -{ dgn-lib, ... }: +# Copyright : +# - Tom Hubrecht 2023 +# +# Ce logiciel est un programme informatique servant à déployer des +# configurations de serveurs via NixOS. +# +# Ce logiciel est régi par la licence CeCILL soumise au droit français et +# respectant les principes de diffusion des logiciels libres. Vous pouvez +# utiliser, modifier et/ou redistribuer ce programme sous les conditions +# de la licence CeCILL telle que diffusée par le CEA, le CNRS et l'INRIA +# sur le site "http://www.cecill.info". +# +# En contrepartie de l'accessibilité au code source et des droits de copie, +# de modification et de redistribution accordés par cette licence, il n'est +# offert aux utilisateurs qu'une garantie limitée. Pour les mêmes raisons, +# seule une responsabilité restreinte pèse sur l'auteur du programme, le +# titulaire des droits patrimoniaux et les concédants successifs. +# +# A cet égard l'attention de l'utilisateur est attirée sur les risques +# associés au chargement, à l'utilisation, à la modification et/ou au +# développement et à la reproduction du logiciel par l'utilisateur étant +# donné sa spécificité de logiciel libre, qui peut le rendre complexe à +# manipuler et qui le réserve donc à des développeurs et des professionnels +# avertis possédant des connaissances informatiques approfondies. Les +# utilisateurs sont donc invités à charger et tester l'adéquation du +# logiciel à leurs besoins dans des conditions permettant d'assurer la +# sécurité de leurs systèmes et ou de leurs données et, plus généralement, +# à l'utiliser et l'exploiter dans les mêmes conditions de sécurité. +# +# Le fait que vous puissiez accéder à cet en-tête signifie que vous avez +# pris connaissance de la licence CeCILL, et que vous en avez accepté les +# termes. + +{ dgn-lib, sources, ... }: { - imports = dgn-lib.mkImports ./. [ + imports = (dgn-lib.mkImports ./. [ "dgn-access-control" + "dgn-acme" + "dgn-secrets" "dgn-ssh" + ]) ++ [ + "${sources.agenix}/modules/age.nix" ]; } -- 2.47.1 From 5a0e196658f77f1bcd3733bd293f77046b1f1f91 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Fri, 30 Jun 2023 18:39:38 +0200 Subject: [PATCH 31/78] modules/dgn-access-control: Add license --- modules/dgn-access-control.nix | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/modules/dgn-access-control.nix b/modules/dgn-access-control.nix index dd9296f..1813262 100644 --- a/modules/dgn-access-control.nix +++ b/modules/dgn-access-control.nix @@ -1,3 +1,36 @@ +# Copyright : +# - Tom Hubrecht 2023 +# +# Ce logiciel est un programme informatique servant à déployer des +# configurations de serveurs via NixOS. +# +# Ce logiciel est régi par la licence CeCILL soumise au droit français et +# respectant les principes de diffusion des logiciels libres. Vous pouvez +# utiliser, modifier et/ou redistribuer ce programme sous les conditions +# de la licence CeCILL telle que diffusée par le CEA, le CNRS et l'INRIA +# sur le site "http://www.cecill.info". +# +# En contrepartie de l'accessibilité au code source et des droits de copie, +# de modification et de redistribution accordés par cette licence, il n'est +# offert aux utilisateurs qu'une garantie limitée. Pour les mêmes raisons, +# seule une responsabilité restreinte pèse sur l'auteur du programme, le +# titulaire des droits patrimoniaux et les concédants successifs. +# +# A cet égard l'attention de l'utilisateur est attirée sur les risques +# associés au chargement, à l'utilisation, à la modification et/ou au +# développement et à la reproduction du logiciel par l'utilisateur étant +# donné sa spécificité de logiciel libre, qui peut le rendre complexe à +# manipuler et qui le réserve donc à des développeurs et des professionnels +# avertis possédant des connaissances informatiques approfondies. Les +# utilisateurs sont donc invités à charger et tester l'adéquation du +# logiciel à leurs besoins dans des conditions permettant d'assurer la +# sécurité de leurs systèmes et ou de leurs données et, plus généralement, +# à l'utiliser et l'exploiter dans les mêmes conditions de sécurité. +# +# Le fait que vous puissiez accéder à cet en-tête signifie que vous avez +# pris connaissance de la licence CeCILL, et que vous en avez accepté les +# termes. + { config, lib, dgn-lib, meta, name, ... }: let @@ -36,6 +69,5 @@ with lib; users.users = builtins.mapAttrs (u: members: { openssh.authorizedKeys.keys = dgn-lib.getAllKeys members; }) cfg.users; - }; } -- 2.47.1 From c9264e6389bfdf7d874223c82e16fae5c0f9aa79 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Fri, 30 Jun 2023 18:40:09 +0200 Subject: [PATCH 32/78] machines/web-01: Install plausible --- keys/machines/web-01.keys | 1 + machines/web-01/_configuration.nix | 4 +- machines/web-01/plausible.nix | 54 ++++++++++++++++++ .../plausible_admin-user-password-file | Bin 0 -> 1188 bytes .../secrets/plausible_release-cookie-file | 24 ++++++++ .../secrets/plausible_secret-key-base-file | 26 +++++++++ machines/web-01/secrets/secrets.nix | 10 ++++ 7 files changed, 117 insertions(+), 2 deletions(-) create mode 100644 keys/machines/web-01.keys create mode 100644 machines/web-01/plausible.nix create mode 100644 machines/web-01/secrets/plausible_admin-user-password-file create mode 100644 machines/web-01/secrets/plausible_release-cookie-file create mode 100644 machines/web-01/secrets/plausible_secret-key-base-file create mode 100644 machines/web-01/secrets/secrets.nix diff --git a/keys/machines/web-01.keys b/keys/machines/web-01.keys new file mode 100644 index 0000000..e81c999 --- /dev/null +++ b/keys/machines/web-01.keys @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR+lewuJ/zhCyizJGJOH1UaAB699ItNKEaeuoK57LY5 diff --git a/machines/web-01/_configuration.nix b/machines/web-01/_configuration.nix index 01fcf2f..598a841 100644 --- a/machines/web-01/_configuration.nix +++ b/machines/web-01/_configuration.nix @@ -3,12 +3,12 @@ # and in the NixOS manual (accessible by running ‘nixos-help’). { name, ... }: + { imports = [ - # Include the results of the hardware scan. - # ./hardware-configuration.nix ./networking.nix + ./plausible.nix ]; # Use the systemd-boot EFI boot loader. diff --git a/machines/web-01/plausible.nix b/machines/web-01/plausible.nix new file mode 100644 index 0000000..42a8fc4 --- /dev/null +++ b/machines/web-01/plausible.nix @@ -0,0 +1,54 @@ +{ config, ... }: + +let + host = "analytics.dgnum.eu"; + port = 8111; +in + +{ + services.plausible = { + enable = true; + + mail = { + email = "analytics@infra.dgnum.eu"; + smtp = { + user = "web-services@infra.dgnum.eu"; + # passwordFile = config.age.secrets."_smtp-password-file".path; + hostPort = 465; + hostAddr = "kurisu.lahfa.xyz"; + enableSSL = true; + }; + }; + + server = { + baseUrl = "https://${host}"; + inherit port; + + secretKeybaseFile = config.age.secrets."plausible_secret-key-base-file".path; + }; + + releaseCookiePath = config.age.secrets."plausible_release-cookie-file".path; + + adminUser = { + passwordFile = config.age.secrets."plausible_admin-user-password-file".path; + email = "tom.hubrecht@dgnum.eu"; + name = "thubrecht"; + activate = true; + }; + }; + + services.nginx = { + enable = true; + + virtualHosts.${host} = { + enableACME = true; + forceSSL = true; + + locations."/" = { + proxyPass = "http://127.0.0.1:${builtins.toString port}"; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; +} diff --git a/machines/web-01/secrets/plausible_admin-user-password-file b/machines/web-01/secrets/plausible_admin-user-password-file new file mode 100644 index 0000000000000000000000000000000000000000..364d943ec7cfd8fc92083742effd7c39035b4fd8 GIT binary patch literal 1188 zcmZ9~yXxz70KjpFwDshsF!(O6Rcf4YrYA60dD%lG2GL09jJQ{~bL&$s2dytnCKu4vH*zTa~ z)=8b47!5NU%4ii+?l`}tbFN+5RXU@F>)WCTN~qx1+Ew(oW{dkz#$E+CG8 z5iwEEY{hxv#WwAeAIYdIQ01KobGVoSLRF}1G^q>@0s;2@az=VMbZWlNXVir1gWZ)w zwNQiy?$sOvx_6dRkvxIM39RpLZpZEVu$g3I4D(5NN3E>lD`VVG#;`W3q5(FJr5dh;<-ZO|H+S+YCT&orQX; zT|_VaPZRvaLG}yh;Y1unOG10hxt+9Q^Vp3=FheyZt}v8VObUJJ>vFt;J@d1Q=BixG7GLcorZCneHS zT1=!0BVxQ&LQHxKo9T#NDASXjUc8t~F$aZWqQ@z%MO&sLMo}d9p(6ilB>Q}w^+`A+ z(6QLzzoHjkP5<~GfA~rDZ2RZS&wu&y_21up{@o9+z4O^O TU-WOEfBt&+=KF6&fB*U~$i9gO literal 0 HcmV?d00001 diff --git a/machines/web-01/secrets/plausible_release-cookie-file b/machines/web-01/secrets/plausible_release-cookie-file new file mode 100644 index 0000000..e5d3b30 --- /dev/null +++ b/machines/web-01/secrets/plausible_release-cookie-file @@ -0,0 +1,24 @@ +age-encryption.org/v1 +-> ssh-ed25519 0IVRbA 0jTTPBKyGia3BvT9EJlTY0UVqIF05D6zWokv6wE+Swc +LLt0vGzPA8wKKa/s794GQ+4CVIV9DApJXswEjOx4kYw +-> ssh-ed25519 JGx7Ng /oOaCppA2fnvo3kv27Ynl9P9NO04UWbs/yw9OrtfkzI +Jt0wq/IdyiTBDxE78drV90zHgnfXT7JT305THHrcH+0 +-> ssh-rsa krWCLQ +1yYjwCF3m/n+wOeQIiXbZAl4tVttROXIlRIhRqgK9pbsI22WmXIXV0qmMsac8VZQ +OsaZJGvY38yhUpYfDZZZHN3JNKL5yZcPFX+HeXQo305oFKsuUSs5EGIWDZmE5XsJ +AFcqwrSRhNLHCJ3PVk6+C9RWfLMhbTNl4Kelndv/KqOfG5AkW193ZG4DHOWSwE3k +8nUgwUGrY79ZVCpGkQAi65TJ4C/3toGcooVxwFVsBX8tfVX53VLvLuUIeD/uvV6A +pZ+cdzwanUK8BNDY3yWPN+a8IYltlWKxruF2Q/Ae+eez5BFHC9p9bok558GTrMwC ++0cu/C1X2nqFormascUW2Q +-> ssh-ed25519 /vwQcQ Ei8pI/GiyHtZWyqxYPoNTz5UVXtSdZllCQU8sF7CYH0 +oPuVJbkDVCgWZUp45wkPbogRP3AliLiidKTNP7ttzCY +-> ssh-ed25519 0R97PA RLo/0D0TUnvH6yoLbjV9jEVIYZG/G/2nK9RaA/Zepg0 +18hpQWaZmJJFjABVvQJiM6pe7PtcF94BIg3J61+BX14 +-> ssh-ed25519 jIXfPA X+zJWTGGvy0LPBgTFRURdS4Rsnd+eSYiW7JhdnlK9yc +mQjvg4cijN8VOeQR0ht9tyHKUX0Eg0iazcN36AAKQE8 +-> ssh-ed25519 QlRB9Q KI6rxe4Kek4IkMlDQvDlaO4MgMEKc/DdpWX4pCJFGjI +MAaBVH1HlRntm8gFdbXPPYy1dQcHv8aU6OPCIuVLXYc +-> kEXh"WN-grease WpN@loT^ MVM G\ +dL1RrBYkPiADu5E7PXyTBfx3UOhAhaFf66Dajg3aZwgwPOlSciKtsQqu4Q +--- ApT4k9TGTnj3hpJVkSbIElRAwBNliRfmnLYBKsVutpA +B6 t1X!o.=ZXt}O K g;aVyYtM) !;].XPG;=f37 2Wk<+IXl*QSEpoc@‚{=ݞα*_) \ No newline at end of file diff --git a/machines/web-01/secrets/plausible_secret-key-base-file b/machines/web-01/secrets/plausible_secret-key-base-file new file mode 100644 index 0000000..3016bb8 --- /dev/null +++ b/machines/web-01/secrets/plausible_secret-key-base-file @@ -0,0 +1,26 @@ +age-encryption.org/v1 +-> ssh-ed25519 0IVRbA zuXFn55iEAtXdyZIrqGFhMuRmJWO7vVj6biT+/70Vk4 +RqGr6dEsYs/zQML0nkaVgnWBdYkaLso0fBZCFNAVosk +-> ssh-ed25519 JGx7Ng 1qQXt05dyoJ/1MVe5XudTJEvDwnLPB8wPg+IDIfoyjw +wSW6ivHK38p+AcaayIY3bn3Io6mB54ut0eaLhvXBWxg +-> ssh-rsa krWCLQ +iaQb8f5LiExwJbZA5rF5FQNuKAh63XLmUjgyoxgkFOn6VprJ9oAH22Y8wq85SMrv +rp5SmOYTcdn9hG1LnABPiSCGcquW+vEfL1LnpQIk0E+sFAHW/P8Pt7iK7L6nyxmR +WF0xhKNBvZudysNMEtYtCWbAWf93awXx2qdH1+N/uITNGLgmviBXGThuz+sKGwVO +mi86qk+B1MKkOCYJpWL6CrFeRJrYgph51y1fHl8Rywb3LE605oDCJ18GyvqBTpKl +AGGtVDmMRIr16TEDVjfTg0XmNKQWDdmqvlpesxyXvKk1kU77eT4bfVtsdqyIDNjk +/9RQqW2kiUDrYuige+p1cg +-> ssh-ed25519 /vwQcQ 8rY5jPREmYfaWWP8KWjOEHgh87e241JbQO5EEgBhVBo +RQhE8XjdFuj/eQujOot4oFrKEb63LrZ34AIeSigosKc +-> ssh-ed25519 0R97PA G/zvtYihaKYoA6hFWoI4ceZt+T7ysxQ+aUSu2XZQHWA +Nud2DqDI/gOeMXg0vZZN75RnDcQxRQix+uKOVS0RMz4 +-> ssh-ed25519 jIXfPA NnB25GAo+1eyVKI0m74E93V52XZ35UjECnYLgSTpFjY +ip2J8AW+vo3e3otTE67/ns1lelFQs38JaCdb6l6CLW8 +-> ssh-ed25519 QlRB9Q 5PvEcPWMg0+k2fVP5oXjBQxcLLN2S3yV7zvzLO7d6gs +TyZSXXPDyQwZtJmoElqmcl915oHOAaY2EEBb38rfSSM +-> gS\H(UbE-grease xPm5+9D~ ` +jBi] +IMHs3CjXalMD9i1riMNx0E61OhfZfaeONQn0OEn074kj6Qtjll/kr34yXf4CTmG2 +LtnT6xiGtf3Hq88Bk0QyuhmOyXpePk0//c40Qr+Ym82RR+mJmv9yRQ +--- fjFYmVm6FP+waGy4INlgyAQonGSp4Q4g1HS/OZfDJWI +1pW +i8fܱ 7zoHyehf3Nc\ϋ3;*Ȓ28CtAw c!Hhpt}$(`>T״R`e%xI¾…^wѹ_AmsiX`6x>j2ffC \ No newline at end of file diff --git a/machines/web-01/secrets/secrets.nix b/machines/web-01/secrets/secrets.nix new file mode 100644 index 0000000..a1634b6 --- /dev/null +++ b/machines/web-01/secrets/secrets.nix @@ -0,0 +1,10 @@ +let + lib = import ../../../lib { inherit (import { }) lib; }; + publicKeys = lib.getNodeKeys "web-01"; +in + +lib.setDefault { inherit publicKeys; } [ + "plausible_admin-user-password-file" + "plausible_secret-key-base-file" + "plausible_release-cookie-file" +] -- 2.47.1 From da20afa6a629e6545dbad18eca576e3b4678a7b8 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Sun, 2 Jul 2023 13:31:42 +0200 Subject: [PATCH 33/78] web-01/plausible: Add smtp password --- machines/web-01/plausible.nix | 3 ++- machines/web-01/secrets/_smtp-password-file | 25 +++++++++++++++++++++ machines/web-01/secrets/secrets.nix | 1 + 3 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 machines/web-01/secrets/_smtp-password-file diff --git a/machines/web-01/plausible.nix b/machines/web-01/plausible.nix index 42a8fc4..3dc1118 100644 --- a/machines/web-01/plausible.nix +++ b/machines/web-01/plausible.nix @@ -11,9 +11,10 @@ in mail = { email = "analytics@infra.dgnum.eu"; + smtp = { user = "web-services@infra.dgnum.eu"; - # passwordFile = config.age.secrets."_smtp-password-file".path; + passwordFile = config.age.secrets."_smtp-password-file".path; hostPort = 465; hostAddr = "kurisu.lahfa.xyz"; enableSSL = true; diff --git a/machines/web-01/secrets/_smtp-password-file b/machines/web-01/secrets/_smtp-password-file new file mode 100644 index 0000000..87584e7 --- /dev/null +++ b/machines/web-01/secrets/_smtp-password-file @@ -0,0 +1,25 @@ +age-encryption.org/v1 +-> ssh-ed25519 0IVRbA cZCE8mKHO2PTChNTA6+1H4I3q4s2uHn+EG6lt3MM8Xs +FUID2ymmT2Cpp1hSCEoe6Msb6q5DvCebNOgqM6oXME8 +-> ssh-ed25519 JGx7Ng LEbrpjdHw8A79rj6+WVFRJNj5pCw5Sass8Hca2c3FFg +fI+RUcxfsjXCes7BfqBAQ+DnqLZzxhMTC5jykb/mDdM +-> ssh-rsa krWCLQ +NzUVdayQo5mroNmgSUZvY2s73af6UbEscX8rE3fJIOyryCKR1D3oZ4Obvp7Pt8wP +NkyNC3yZ/1awTc13RWvHw8YGeTPugrbmLfxcE6HEYk8i/k4X6spgxdNVOMqfXlsR +zUdgjrwFB6LVjdcsjIuTeRtJqE7wF0FCq/f9aTolcvJzptuCIr/J5oQOlWJba88r +24b+FKFyxiL3zFfuCv+OhCSQnwaVcISUt39Cve8htElO7aUAprwM69Sr0R/HeYOi +palhdzakhQ00E9LTDLoMl3H/nLRbDF8SwRY60jTScMHIlwxnTC4vFmFpEktPmvTf +CNpD+v4JnPcOrXrNYTHjRQ +-> ssh-ed25519 /vwQcQ BzKg1eOPWJ4Yldf7CI5QW4aBUfg6gSuhwhoqBOnev04 +3+t9+Rx37FKGhIM0xf65QF0hqgI/4SsKe/XHxMVE2OY +-> ssh-ed25519 0R97PA 7ueqrFZXhEUlqK+y8ZT0kXd3+CzChefB9C5ejnlWDEk +A858uk0/BtyqrbwIv6gX1hE7AHcnywJuI9m5hLgtmSs +-> ssh-ed25519 jIXfPA JioutJFJ+egzcMCiNumBPMNeeEAQVoMQMtbpMtmqoQk +iabPYCNe3yuEJTRJD6tkhQHv4ofXXAVudpj9EWO0ZEY +-> ssh-ed25519 QlRB9Q HzVChUjrV3VmSKm4MEYdXTLEY3MnkwoY6Y4H/HfZT0E +smqbVsRJGgoYGoJBrK0c88ty3GDDIlGEytXyadqmVvg +-> `-grease ?wWe@l T#Zco G5 nxA +606wl2wFtQEpgUend2CvF3JHFR3iJnmkdrAU8+xPs3O8VjTmAxmnuheKI1Aoi9AF +rmHvXSMqq7cwbWParl8iHSXGhikyjon1Ju0uzZxuXN4hgiAMWh/1Hw+T3nggMg +--- KrORJ/ccXLK8gZnnQKBUsHomAaOvk3+WQRV1Vv2ZOi4 +H$im"mR\5,:Agֈҗgf Date: Sun, 2 Jul 2023 17:16:17 +0200 Subject: [PATCH 34/78] hive.nix: Add automatic patching of nixpkgs --- hive.nix | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/hive.nix b/hive.nix index 318fac3..421915e 100644 --- a/hive.nix +++ b/hive.nix @@ -18,10 +18,18 @@ let inherit (metadata.nodes.${node}) deployment; }; - mkNixpkgs = node: import sources."nixos-${metadata.nodes.${node}.nixpkgs}" { }; + mkNixpkgs = node: + let version = "nixos-${metadata.nodes.${node}.nixpkgs}"; in + (import sources.${version} { }).applyPatches { + name = "${version}-patched"; + src = sources.${version}; + patches = (import ./nix-patches).${version} or [ ]; + }; + + mkNixpkgs' = node: import (mkNixpkgs node) { }; mkArgs = node: { - dgn-lib = import ./lib { inherit ((mkNixpkgs node)) lib; }; + dgn-lib = import ./lib { inherit ((mkNixpkgs' node)) lib; }; }; nodes = builtins.attrNames metadata.nodes; @@ -29,7 +37,7 @@ in { meta = { - nodeNixpkgs = lib.mapSingleFuse mkNixpkgs nodes; + nodeNixpkgs = lib.mapSingleFuse mkNixpkgs' nodes; specialArgs = { inherit sources; meta = metadata; }; -- 2.47.1 From 4327bac6e48629c08f22ace62eb5e1929fb4d3e8 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Sun, 2 Jul 2023 17:17:20 +0200 Subject: [PATCH 35/78] web-01/plausible: Fix fuckery from happysalada --- machines/web-01/plausible.nix | 4 ++++ nix-patches/241126.patch | 31 +++++++++++++++++++++++++++++++ nix-patches/default.nix | 5 +++++ 3 files changed, 40 insertions(+) create mode 100644 nix-patches/241126.patch create mode 100644 nix-patches/default.nix diff --git a/machines/web-01/plausible.nix b/machines/web-01/plausible.nix index 3dc1118..95263c5 100644 --- a/machines/web-01/plausible.nix +++ b/machines/web-01/plausible.nix @@ -25,6 +25,8 @@ in baseUrl = "https://${host}"; inherit port; + disableRegistration = false; + secretKeybaseFile = config.age.secrets."plausible_secret-key-base-file".path; }; @@ -51,5 +53,7 @@ in }; }; + # dgn-secrets.options."_smtp-password-file".owner = "plausible"; + # networking.firewall.allowedTCPPorts = [ 80 443 ]; } diff --git a/nix-patches/241126.patch b/nix-patches/241126.patch new file mode 100644 index 0000000..5496754 --- /dev/null +++ b/nix-patches/241126.patch @@ -0,0 +1,31 @@ +From d7e721f614aef3e6bd7f4dfb6c1526e00d257fad Mon Sep 17 00:00:00 2001 +From: Raito Bezarius +Date: Sun, 2 Jul 2023 17:03:53 +0200 +Subject: [PATCH] plausible: fix admin user password seed and SMTP passwords + +LoadCredential was misused as it is not building any environment variable, +it is the responsibility of our preStart to do it so +Plausible's script can pick it up. +--- + nixos/modules/services/web-apps/plausible.nix | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/nixos/modules/services/web-apps/plausible.nix b/nixos/modules/services/web-apps/plausible.nix +index 893dfa10acbc0..911daa53e6587 100644 +--- a/nixos/modules/services/web-apps/plausible.nix ++++ b/nixos/modules/services/web-apps/plausible.nix +@@ -238,9 +238,12 @@ in { + path = [ cfg.package ] + ++ optional cfg.database.postgres.setup config.services.postgresql.package; + script = '' +- export CONFIG_DIR=$CREDENTIALS_DIRECTORY +- + export RELEASE_COOKIE="$(< $CREDENTIALS_DIRECTORY/RELEASE_COOKIE )" ++ export ADMIN_USER_PWD="$(< $CREDENTIALS_DIRECTORY/ADMIN_USER_PWD )" ++ export SECRET_KEY_BASE="$(< $CREDENTIALS_DIRECTORY/SECRET_KEY_BASE )" ++ ++ ${lib.optionalString (cfg.mail.smtp.passwordFile != null) ++ ''export SMTP_USER_PWD="$(< $CREDENTIALS_DIRECTORY/SMTP_USER_PWD )"''} + + # setup + ${cfg.package}/createdb.sh diff --git a/nix-patches/default.nix b/nix-patches/default.nix new file mode 100644 index 0000000..4740621 --- /dev/null +++ b/nix-patches/default.nix @@ -0,0 +1,5 @@ +{ + "nixos-23.05" = [ + ./241126.patch + ]; +} -- 2.47.1 From 5629c255167c731f6687f98b63f69436d24575fa Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Sun, 2 Jul 2023 17:17:56 +0200 Subject: [PATCH 36/78] npins: Update nixpkgs --- npins/sources.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/npins/sources.json b/npins/sources.json index cfbb0e5..a62650a 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -43,8 +43,8 @@ "nixpkgs": { "type": "Channel", "name": "nixpkgs-unstable", - "url": "https://releases.nixos.org/nixpkgs/nixpkgs-23.11pre499392.60a783e0051/nixexprs.tar.xz", - "hash": "12bhb6dyki505llipm25nw254nig8mnvrnhxvxh74wyxziii2w9x" + "url": "https://releases.nixos.org/nixpkgs/nixpkgs-23.11pre499791.3c614fbc76f/nixexprs.tar.xz", + "hash": "0l685ckns6ycgskyj0bqcd75dnsimsy4wbzax8vwbv6ms11p1bf6" } }, "version": 3 -- 2.47.1 From 9ab9e3c1b0e10d2e69a8fb4bc0d4cbc2a569d2c8 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Tue, 18 Jul 2023 16:59:38 +0200 Subject: [PATCH 37/78] keys: Add gdd.keys --- keys/gdd.keys | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 keys/gdd.keys diff --git a/keys/gdd.keys b/keys/gdd.keys new file mode 100644 index 0000000..b5d4e40 --- /dev/null +++ b/keys/gdd.keys @@ -0,0 +1,2 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICE7TN5NQKGojNGIeTFiHjLHTDQGT8i05JFqX/zLW2zc +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFbkPWWZzOBaRdx4+7xQUgxDwuncSl2fxAeVuYfVUPZ -- 2.47.1 From 5b4cf12ed79fd44698e962a56cf88209ba101d53 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Tue, 18 Jul 2023 17:00:31 +0200 Subject: [PATCH 38/78] machines: Add compute01 and storage01 --- keys/machines/compute01.keys | 0 keys/machines/storage01.keys | 0 machines/compute01/_configuration.nix | 10 ++ .../compute01/_hardware-configuration.nix | 60 +++++++++++ machines/compute01/secrets/secrets.nix | 7 ++ machines/storage01/_configuration.nix | 99 +++++++++++++++++++ .../storage01/_hardware-configuration.nix | 58 +++++++++++ machines/storage01/secrets/secrets.nix | 7 ++ meta/members.nix | 2 + meta/nodes.nix | 24 +++++ modules/default.nix | 1 + modules/dgn-console.nix | 53 ++++++++++ 12 files changed, 321 insertions(+) create mode 100644 keys/machines/compute01.keys create mode 100644 keys/machines/storage01.keys create mode 100644 machines/compute01/_configuration.nix create mode 100644 machines/compute01/_hardware-configuration.nix create mode 100644 machines/compute01/secrets/secrets.nix create mode 100644 machines/storage01/_configuration.nix create mode 100644 machines/storage01/_hardware-configuration.nix create mode 100644 machines/storage01/secrets/secrets.nix create mode 100644 modules/dgn-console.nix diff --git a/keys/machines/compute01.keys b/keys/machines/compute01.keys new file mode 100644 index 0000000..e69de29 diff --git a/keys/machines/storage01.keys b/keys/machines/storage01.keys new file mode 100644 index 0000000..e69de29 diff --git a/machines/compute01/_configuration.nix b/machines/compute01/_configuration.nix new file mode 100644 index 0000000..1c92de7 --- /dev/null +++ b/machines/compute01/_configuration.nix @@ -0,0 +1,10 @@ +{ ... }: + +{ + # Use the systemd-boot EFI boot loader. + networking.hostName = "compute01"; + networking.domain = "par01.infra.dgnum.eu"; + networking.hostId = "8df60941"; + + system.stateVersion = "23.05"; # Did you read the comment? +} diff --git a/machines/compute01/_hardware-configuration.nix b/machines/compute01/_hardware-configuration.nix new file mode 100644 index 0000000..cf225d8 --- /dev/null +++ b/machines/compute01/_hardware-configuration.nix @@ -0,0 +1,60 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "ehci_pci" "megaraid_sas" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.supportedFilesystems = [ "zfs" ]; + boot.zfs.forceImportRoot = false; + boot.zfs.extraPools = [ "fast01" "work01" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { + device = "/dev/disk/by-uuid/c83f6978-fd26-44a8-a86a-b0e971bb0c8c"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { + device = "/dev/disk/by-uuid/55DB-056F"; + fsType = "vfat"; + }; + + swapDevices = + [{ device = "/dev/disk/by-uuid/30547280-00e9-4ee1-8a07-d116590d9fbf"; }]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + # networking.useDHCP = lib.mkDefault true; + networking.interfaces.eno1 = { + useDHCP = true; + ipv4 = { + addresses = [ + { address = "129.199.146.147"; prefixLength = 24; } + { address = "192.168.1.147"; prefixLength = 24; } + ]; + + routes = [ + { address = "192.168.1.0"; prefixLength = 24; } + ]; + }; + }; + # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + # networking.interfaces.eno3.useDHCP = lib.mkDefault true; + # networking.interfaces.eno4.useDHCP = lib.mkDefault true; + # networking.interfaces.idrac.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/machines/compute01/secrets/secrets.nix b/machines/compute01/secrets/secrets.nix new file mode 100644 index 0000000..2ee797d --- /dev/null +++ b/machines/compute01/secrets/secrets.nix @@ -0,0 +1,7 @@ +let + lib = import ../../../lib { inherit (import { }) lib; }; + publicKeys = lib.getNodeKeys "compute01"; +in + +lib.setDefault { inherit publicKeys; } [ +] diff --git a/machines/storage01/_configuration.nix b/machines/storage01/_configuration.nix new file mode 100644 index 0000000..241c17b --- /dev/null +++ b/machines/storage01/_configuration.nix @@ -0,0 +1,99 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running `nixos-help`). + +{ config, pkgs, ... }: + +{ + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "storage01"; + networking.domain = "par01.infra.dgnum.eu"; + networking.hostId = "d4e7c369"; + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + time.timeZone = "Europe/Paris"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + console = { + # font = "Lat2-Terminus16"; + keyMap = "fr"; + # useXkbConfig = true; # use xkbOptions in tty. + }; + + # Configure keymap in X11 + services.xserver.layout = "fr"; + # services.xserver.xkbOptions = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # sound.enable = true; + # hardware.pulseaudio.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + # users.users.alice = { + # isNormalUser = true; + # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + # packages = with pkgs; [ + # firefox + # tree + # ]; + # }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + wget + kitty.terminfo + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + # users.users.root.openssh.authorizedKeys.keyFiles = [ ./rootKeys ]; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It's perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? + +} diff --git a/machines/storage01/_hardware-configuration.nix b/machines/storage01/_hardware-configuration.nix new file mode 100644 index 0000000..8b933d5 --- /dev/null +++ b/machines/storage01/_hardware-configuration.nix @@ -0,0 +1,58 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "ehci_pci" "megaraid_sas" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.supportedFilesystems = [ "zfs" ]; + boot.zfs.forceImportRoot = false; + boot.zfs.extraPools = [ "fast01" "medium01" "work01" "small01" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { + device = "/dev/disk/by-uuid/278cb2a2-47b9-4ec5-8b68-a5a6d037d59e"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { + device = "/dev/disk/by-uuid/8BD2-C908"; + fsType = "vfat"; + }; + + swapDevices = + [{ device = "/dev/disk/by-uuid/65a6f6e4-e996-4718-a4d0-cd0c78dcb15b"; }]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.interfaces.eno1 = { + useDHCP = true; + ipv4 = { + addresses = [ + { address = "129.199.146.148"; prefixLength = 24; } + { address = "192.168.1.148"; prefixLength = 24; } + ]; + + routes = [ + { address = "192.168.1.0"; prefixLength = 24; } + ]; + }; + }; + # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + # networking.interfaces.eno3.useDHCP = lib.mkDefault true; + # networking.interfaces.eno4.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/machines/storage01/secrets/secrets.nix b/machines/storage01/secrets/secrets.nix new file mode 100644 index 0000000..17c20cd --- /dev/null +++ b/machines/storage01/secrets/secrets.nix @@ -0,0 +1,7 @@ +let + lib = import ../../../lib { inherit (import { }) lib; }; + publicKeys = lib.getNodeKeys "storage01"; +in + +lib.setDefault { inherit publicKeys; } [ +] diff --git a/meta/members.nix b/meta/members.nix index b9c6a84..4ad6b5e 100644 --- a/meta/members.nix +++ b/meta/members.nix @@ -29,6 +29,8 @@ let # members of this group will have root acces on the installation isos iso = [ "thubrecht" "mdebray" "raito" ]; + + bureau = [ "gdd" "raito" ]; }; in diff --git a/meta/nodes.nix b/meta/nodes.nix index f292ac9..5fc84a6 100644 --- a/meta/nodes.nix +++ b/meta/nodes.nix @@ -22,4 +22,28 @@ NODE_NAME = { nixpkgs = "23.05"; }; + + compute01 = { + adminGroups = [ "bureau" ]; + admins = [ ]; + + deployment = { + tags = [ "infra-pasteur" ]; + targetHost = "129.199.146.147"; + }; + + nixpkgs = "23.05"; + }; + + storage01 = { + adminGroups = [ "bureau" ]; + admins = [ ]; + + deployment = { + tags = [ "infra-pasteur" ]; + targetHost = "129.199.146.148"; + }; + + nixpkgs = "23.05"; + }; } diff --git a/modules/default.nix b/modules/default.nix index ca16072..e57a4b2 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -37,6 +37,7 @@ imports = (dgn-lib.mkImports ./. [ "dgn-access-control" "dgn-acme" + "dgn-console" "dgn-secrets" "dgn-ssh" ]) ++ [ diff --git a/modules/dgn-console.nix b/modules/dgn-console.nix new file mode 100644 index 0000000..dc45f3b --- /dev/null +++ b/modules/dgn-console.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) + mkEnableOption + mkIf; + + cfg = config.dgn-console; +in + +{ + options.dgn-console = { + enable = mkEnableOption "DGNum console setup." // { default = true; }; + }; + + config = mkIf cfg.enable { + time.timeZone = "Europe/Paris"; + + console = { + keyMap = "fr"; + }; + + environment.systemPackages = with pkgs; [ + nvim + wget + kitty.terminfo + ]; + + environment.variables.EDITOR = "nvim"; + + programs.neovim.vimAlias = true; + + services.nscd.enableNsncd = false; + programs.bash.promptInit = '' + # Provide a nice prompt if the terminal supports it. + if [ "$TERM" != "dumb" ] || [ -n "$INSIDE_EMACS" ]; then + PROMPT_COLOR="1;31m" + ((UID)) && PROMPT_COLOR="1;32m" + if [ -n "$INSIDE_EMACS" ] || [ "$TERM" = "eterm" ] || [ "$TERM" = "eterm-color" ]; then + # Emacs term mode doesn't support xterm title escape sequence (\e]0;) + PS1="\n\[\033[$PROMPT_COLOR\][\u@$(hostname -f):\w]\\$\[\033[0m\] " + else + PS1="\n\[\033[$PROMPT_COLOR\][\[\e]0;\u@\H: \w\a\]\u@$(hostname -f):\w]\\$\[\033[0m\] " + fi + if test "$TERM" = "xterm"; then + PS1="\[\033]2;$(hostname -f):\u:\w\007\]$PS1" + fi + fi + ''; + + hardware.enableRedistributableFirmware = true; + }; +} -- 2.47.1 From 935d4a5ee517360cd3cc6074d652589711d43ab1 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Tue, 18 Jul 2023 17:00:51 +0200 Subject: [PATCH 39/78] modules: Use inherit instead of with --- modules/dgn-access-control.nix | 10 ++++++++-- modules/dgn-ssh.nix | 6 ++++-- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/modules/dgn-access-control.nix b/modules/dgn-access-control.nix index 1813262..b073a09 100644 --- a/modules/dgn-access-control.nix +++ b/modules/dgn-access-control.nix @@ -34,6 +34,14 @@ { config, lib, dgn-lib, meta, name, ... }: let + inherit (lib) + mkDefault + mkEnableOption + mkIf + mkOption + + types; + nodeMeta = meta.nodes.${name}; admins = meta.members.groups.root ++ nodeMeta.admins ++ (builtins.concatMap (g: meta.members.groups.${g}) nodeMeta.adminGroups); @@ -41,8 +49,6 @@ let cfg = config.dgn-access-control; in -with lib; - { options.dgn-access-control = { enable = mkEnableOption "DGNum access control." // { default = true; }; diff --git a/modules/dgn-ssh.nix b/modules/dgn-ssh.nix index 88c6b67..ede7bae 100644 --- a/modules/dgn-ssh.nix +++ b/modules/dgn-ssh.nix @@ -34,9 +34,11 @@ { config, lib, ... }: -with lib; - let + inherit (lib) + mkEnableOption + mkIf; + cfg = config.dgn-ssh; in -- 2.47.1 From c111662a9e0a51ba3f4658510e9b47d05fd424b6 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Tue, 18 Jul 2023 17:03:01 +0200 Subject: [PATCH 40/78] modules/dgn-hardware: Set default configurations --- machines/storage01/_configuration.nix | 86 --------------------------- machines/web-01/_configuration.nix | 7 +-- modules/default.nix | 1 + modules/dgn-hardware.nix | 29 +++++++++ 4 files changed, 31 insertions(+), 92 deletions(-) create mode 100644 modules/dgn-hardware.nix diff --git a/machines/storage01/_configuration.nix b/machines/storage01/_configuration.nix index 241c17b..5e758f0 100644 --- a/machines/storage01/_configuration.nix +++ b/machines/storage01/_configuration.nix @@ -5,95 +5,9 @@ { config, pkgs, ... }: { - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "storage01"; networking.domain = "par01.infra.dgnum.eu"; networking.hostId = "d4e7c369"; - # Pick only one of the below networking options. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. - # Set your time zone. - time.timeZone = "Europe/Paris"; - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Select internationalisation properties. - # i18n.defaultLocale = "en_US.UTF-8"; - console = { - # font = "Lat2-Terminus16"; - keyMap = "fr"; - # useXkbConfig = true; # use xkbOptions in tty. - }; - - # Configure keymap in X11 - services.xserver.layout = "fr"; - # services.xserver.xkbOptions = "eurosign:e,caps:escape"; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # Enable sound. - # sound.enable = true; - # hardware.pulseaudio.enable = true; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - # users.users.alice = { - # isNormalUser = true; - # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - # packages = with pkgs; [ - # firefox - # tree - # ]; - # }; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - wget - kitty.terminfo - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - # users.users.root.openssh.authorizedKeys.keyFiles = [ ./rootKeys ]; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It's perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "23.05"; # Did you read the comment? - } diff --git a/machines/web-01/_configuration.nix b/machines/web-01/_configuration.nix index 598a841..4bf5139 100644 --- a/machines/web-01/_configuration.nix +++ b/machines/web-01/_configuration.nix @@ -9,16 +9,11 @@ [ ./networking.nix ./plausible.nix + # ./wordpress ]; - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = name; - time.timeZone = "Europe/Paris"; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/modules/default.nix b/modules/default.nix index e57a4b2..cb1a24b 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -38,6 +38,7 @@ "dgn-access-control" "dgn-acme" "dgn-console" + "dgn-hardware" "dgn-secrets" "dgn-ssh" ]) ++ [ diff --git a/modules/dgn-hardware.nix b/modules/dgn-hardware.nix new file mode 100644 index 0000000..4324604 --- /dev/null +++ b/modules/dgn-hardware.nix @@ -0,0 +1,29 @@ +{ config, lib, ... }: + +let + inherit (lib) + mkEnableOption + mkIf + mkMerge; + + cfg = config.dgn-ssh; +in + +{ + options.dgn-hardware = { + enable = mkEnableOption "default hardware configuration." // { default = true; }; + + useSystemd = mkEnableOption "sytemd boot and configuration." // { default = true; }; + }; + + config = mkIf cfg.enable (mkMerge [ + { hardware.enableRedistributableFirmware = true; } + + (mkIf cfg.useSystemd { + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }) + ]); +} -- 2.47.1 From 58e269d7f2604dab231c4bba1d08e29ebd4762be Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Tue, 18 Jul 2023 17:07:14 +0200 Subject: [PATCH 41/78] modules: Fix typos --- modules/dgn-console.nix | 2 +- modules/dgn-hardware.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/dgn-console.nix b/modules/dgn-console.nix index dc45f3b..17fe466 100644 --- a/modules/dgn-console.nix +++ b/modules/dgn-console.nix @@ -21,7 +21,7 @@ in }; environment.systemPackages = with pkgs; [ - nvim + neovim wget kitty.terminfo ]; diff --git a/modules/dgn-hardware.nix b/modules/dgn-hardware.nix index 4324604..f178b37 100644 --- a/modules/dgn-hardware.nix +++ b/modules/dgn-hardware.nix @@ -6,7 +6,7 @@ let mkIf mkMerge; - cfg = config.dgn-ssh; + cfg = config.dgn-hardware; in { -- 2.47.1 From 1f6205673691d58f3c0461282ddc987ffeb55a26 Mon Sep 17 00:00:00 2001 From: jgailis Date: Tue, 18 Jul 2023 18:20:41 +0000 Subject: [PATCH 42/78] Ajouter keys/jemagius.keys --- keys/jemagius.keys | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 keys/jemagius.keys diff --git a/keys/jemagius.keys b/keys/jemagius.keys new file mode 100644 index 0000000..be7b1ed --- /dev/null +++ b/keys/jemagius.keys @@ -0,0 +1,2 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOoxmou5OU74GgpIUkhVt6GiB+O9Jy4ge0TwK5MDFJ2F +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxQX0JLRah3GfIOkua4ZhEJhp5Ykv55RO0SPrSUwCBs5arnALg8gq12YLr09t4bzW/NA9/jn7flhh4S54l4RwBUhmV4JSQhGu71KGhfOj5ZBkDoSyYqzbu206DfZP5eQonSmjfP6XghcWOr/jlBzw9YAAQkFxsQgXEkr4kdn0ZXfZGz6b0t3YUjYIuDNbptFsGz2V9iQVy1vnxrjnLSfc25j4et8z729Vpy4M7oCaE6a6hgon4V1jhVbg43NAE5gu2eYFAPIzO3E7ZI8WjyLu1wtOBClk1f+HMen3Tr+SX2PXmpPGb+I2fAkbzu/C4X/M3+2bL1dYjxuvQhvvpAjxFwmdoXW4gWJ3J/FRiFrKsiAY0rYC+yi8SfacJWCv4EEcV/yQ4gYwpmU9xImLaro6w5cOHGCqrzYqjZc4Wi6AWFGeBSNzNs9PXLgMRWeUyiIDOFnSep2ebZeVjTB16m+o/YDEhE10uX9kCCx3Dy/41iJ1ps7V4JWGFsr0Fqaz8mu8= -- 2.47.1 From 5fb591f771ba5756bb0013ee12999ef09a507913 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Tue, 18 Jul 2023 22:56:44 +0200 Subject: [PATCH 43/78] meta/members: Fix email typo --- meta/members.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/members.nix b/meta/members.nix index 4ad6b5e..22dfe26 100644 --- a/meta/members.nix +++ b/meta/members.nix @@ -16,7 +16,7 @@ let raito = { name = "Raito Bezarius"; - email = "raito@dgnume.eu"; + email = "raito@dgnum.eu"; }; }; -- 2.47.1 From 9f097636d096cd125f77a6ee7a82ebd0acc8afd9 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Tue, 18 Jul 2023 22:59:08 +0200 Subject: [PATCH 44/78] meta/members: Set raito as root --- meta/members.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/members.nix b/meta/members.nix index 22dfe26..9f2f24f 100644 --- a/meta/members.nix +++ b/meta/members.nix @@ -22,15 +22,15 @@ let groups = { # members of this group are root on all nodes - root = [ "thubrecht" ]; + root = [ "thubrecht" "raito" ]; # members of this group are root on web nodes - web = [ "mdebray" "raito" ]; + web = [ "mdebray" ]; # members of this group will have root acces on the installation isos iso = [ "thubrecht" "mdebray" "raito" ]; - bureau = [ "gdd" "raito" ]; + bureau = [ "gdd" ]; }; in -- 2.47.1 From 8d2c4ec379a344a7f5dd346713f88457548dc07e Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Tue, 18 Jul 2023 23:03:08 +0200 Subject: [PATCH 45/78] meta/members: Use Ryan's real name Also fix a typo --- meta/members.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/members.nix b/meta/members.nix index 9f2f24f..970a362 100644 --- a/meta/members.nix +++ b/meta/members.nix @@ -15,8 +15,8 @@ let }; raito = { - name = "Raito Bezarius"; - email = "raito@dgnum.eu"; + name = "Ryan Lahfa"; + email = "ryan@dgnum.eu"; }; }; @@ -27,7 +27,7 @@ let # members of this group are root on web nodes web = [ "mdebray" ]; - # members of this group will have root acces on the installation isos + # members of this group will have root access on the installation isos iso = [ "thubrecht" "mdebray" "raito" ]; bureau = [ "gdd" ]; -- 2.47.1 From 2274668f9bcef827ecf698844c0ef32889e808f3 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Thu, 20 Jul 2023 12:32:31 +0200 Subject: [PATCH 46/78] modules: Setup dgn-network with configuration from metadata --- hive.nix | 5 +- machines/compute01/_configuration.nix | 5 -- .../compute01/_hardware-configuration.nix | 18 ----- machines/storage01/_configuration.nix | 4 -- .../storage01/_hardware-configuration.nix | 26 +++---- meta/default.nix | 47 +++++++++++-- meta/infrastructure.nix | 14 ++++ meta/network.nix | 69 +++++++++++++++++++ meta/nodes.nix | 57 ++++++++------- modules/default.nix | 1 + modules/dgn-network.nix | 43 ++++++++++++ 11 files changed, 211 insertions(+), 78 deletions(-) create mode 100644 meta/infrastructure.nix create mode 100644 meta/network.nix create mode 100644 modules/dgn-network.nix diff --git a/hive.nix b/hive.nix index 421915e..40d3005 100644 --- a/hive.nix +++ b/hive.nix @@ -16,6 +16,9 @@ let # Deployment config is specified in meta.nodes.${node}.deployment inherit (metadata.nodes.${node}) deployment; + + # Set NIX_PATH to the patched version of nixpkgs + nix.nixPath = [ "nixpkgs=${mkNixpkgs node}" ]; }; mkNixpkgs = node: @@ -42,8 +45,6 @@ in specialArgs = { inherit sources; meta = metadata; }; nodeSpecialArgs = lib.mapSingleFuse mkArgs nodes; - - # TODO: Add remote builders (`machinesFile` option) }; defaults = { ... }: { diff --git a/machines/compute01/_configuration.nix b/machines/compute01/_configuration.nix index 1c92de7..ffc7f5f 100644 --- a/machines/compute01/_configuration.nix +++ b/machines/compute01/_configuration.nix @@ -1,10 +1,5 @@ { ... }: { - # Use the systemd-boot EFI boot loader. - networking.hostName = "compute01"; - networking.domain = "par01.infra.dgnum.eu"; - networking.hostId = "8df60941"; - system.stateVersion = "23.05"; # Did you read the comment? } diff --git a/machines/compute01/_hardware-configuration.nix b/machines/compute01/_hardware-configuration.nix index cf225d8..5c7c0a4 100644 --- a/machines/compute01/_hardware-configuration.nix +++ b/machines/compute01/_hardware-configuration.nix @@ -32,24 +32,6 @@ swapDevices = [{ device = "/dev/disk/by-uuid/30547280-00e9-4ee1-8a07-d116590d9fbf"; }]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - # networking.useDHCP = lib.mkDefault true; - networking.interfaces.eno1 = { - useDHCP = true; - ipv4 = { - addresses = [ - { address = "129.199.146.147"; prefixLength = 24; } - { address = "192.168.1.147"; prefixLength = 24; } - ]; - - routes = [ - { address = "192.168.1.0"; prefixLength = 24; } - ]; - }; - }; # networking.interfaces.eno2.useDHCP = lib.mkDefault true; # networking.interfaces.eno3.useDHCP = lib.mkDefault true; # networking.interfaces.eno4.useDHCP = lib.mkDefault true; diff --git a/machines/storage01/_configuration.nix b/machines/storage01/_configuration.nix index 5e758f0..9123abe 100644 --- a/machines/storage01/_configuration.nix +++ b/machines/storage01/_configuration.nix @@ -5,9 +5,5 @@ { config, pkgs, ... }: { - networking.hostName = "storage01"; - networking.domain = "par01.infra.dgnum.eu"; - networking.hostId = "d4e7c369"; - system.stateVersion = "23.05"; # Did you read the comment? } diff --git a/machines/storage01/_hardware-configuration.nix b/machines/storage01/_hardware-configuration.nix index 8b933d5..03e663e 100644 --- a/machines/storage01/_hardware-configuration.nix +++ b/machines/storage01/_hardware-configuration.nix @@ -36,19 +36,19 @@ # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.interfaces.eno1 = { - useDHCP = true; - ipv4 = { - addresses = [ - { address = "129.199.146.148"; prefixLength = 24; } - { address = "192.168.1.148"; prefixLength = 24; } - ]; - - routes = [ - { address = "192.168.1.0"; prefixLength = 24; } - ]; - }; - }; + # networking.interfaces.eno1 = { + # useDHCP = true; + # ipv4 = { + # addresses = [ + # { address = "129.199.146.148"; prefixLength = 24; } + # { address = "192.168.1.148"; prefixLength = 24; } + # ]; + # + # routes = [ + # { address = "192.168.1.0"; prefixLength = 24; } + # ]; + # }; + # }; # networking.interfaces.eno2.useDHCP = lib.mkDefault true; # networking.interfaces.eno3.useDHCP = lib.mkDefault true; # networking.interfaces.eno4.useDHCP = lib.mkDefault true; diff --git a/meta/default.nix b/meta/default.nix index d6e1690..cb11765 100644 --- a/meta/default.nix +++ b/meta/default.nix @@ -1,10 +1,45 @@ -/* -Metadata for the nodes. You can add custom attributes, they are -accessible through the specialArg meta in the config. -*/ +### +# Metadata for the nodes. You can add custom attributes, they are +# accessible through the specialArg meta in the config. + let + ### + # Transforms data from : + # { + # zone01 = [ node01 node02 ]; + # zone02 = [ node03 ]; + # } + # to : + # { + # node01 = zone01; + # node02 = zone01; + # node03 = zone02; + # } + locations = builtins.foldl' + (a: loc: a // loc) + { } + (builtins.concatLists (builtins.attrValues (builtins.mapAttrs + (zone: builtins.map (n: { ${n} = zone; })) + infra))); + + ### + # Add computed data about the nodes : + # - zone + # - deployment tags + # - network information + mkNode = node: attrs: attrs // { + zone = locations.${node}; + deployment = let old = attrs.deployment; in old // { + tags = (old.tags or [ ]) ++ [ "infra-${locations.${node}}" ]; + targetHost = builtins.head network.${node}.addresses.public; + }; + }; + + infra = import ./infrastructure.nix; members = import ./members.nix; - nodes = import ./nodes.nix; + network = import ./network.nix; + + nodes = builtins.mapAttrs mkNode (import ./nodes.nix); in -{ inherit members nodes; } +{ inherit infra members network nodes; } diff --git a/meta/infrastructure.nix b/meta/infrastructure.nix new file mode 100644 index 0000000..d983ec7 --- /dev/null +++ b/meta/infrastructure.nix @@ -0,0 +1,14 @@ +# Description of the infrastructure + +{ + # Salle serveur sous le pavillon Pasteur + par01 = [ + "compute01" + "storage01" + ]; + + # VMs du SPI/NPS/Whatever + dmi01 = [ + "web01" + ]; +} diff --git a/meta/network.nix b/meta/network.nix new file mode 100644 index 0000000..c83105c --- /dev/null +++ b/meta/network.nix @@ -0,0 +1,69 @@ +let + mkDefaultInterface = _: attrs: { ipv4 = [ ]; ipv6 = [ ]; gateways = [ ]; } // attrs; + + mkBase = config: config // { interfaces = builtins.mapAttrs mkDefaultInterface (config.interfaces or { }); }; + + getAddresses = version: interface: builtins.map (builtins.getAttr "address") interface.${version}; + + mkNet = _: value: + let base = mkBase value; in + base // { + addresses = + let + _addresses = builtins.foldl' + ({ ipv4, ipv6 }: net: { + ipv4 = ipv4 ++ getAddresses "ipv4" net; + ipv6 = ipv6 ++ getAddresses "ipv6" net; + }) + { ipv4 = [ ]; ipv6 = [ ]; } + (builtins.attrValues base.interfaces); + in + _addresses // { + public = (builtins.filter + (ip: builtins.substring 0 7 ip != "192.168") + _addresses.ipv4) ++ _addresses.ipv6; + }; + }; +in + +builtins.mapAttrs mkNet { + compute01 = { + interfaces = { + eno1 = { + ipv4 = [ + { address = "129.199.146.147"; prefixLength = 24; } + { address = "192.168.1.147"; prefixLength = 24; } + ]; + + gateways = [ "129.199.146.254" ]; + }; + }; + + hostId = "8df60941"; + }; + + storage01 = { + interfaces = { + eno1 = { + ipv4 = [ + { address = "129.199.146.148"; prefixLength = 24; } + { address = "192.168.1.148"; prefixLength = 24; } + ]; + + gateways = [ "129.199.146.254" ]; + }; + }; + + hostId = "d4e7c369"; + }; + + web01 = { + interfaces = { + ens3 = { + ipv4 = [{ address = "129.199.129.53"; prefixLength = 24; }]; + + gateways = [ "129.199.129.1" ]; + }; + }; + }; +} diff --git a/meta/nodes.nix b/meta/nodes.nix index 5fc84a6..e48571d 100644 --- a/meta/nodes.nix +++ b/meta/nodes.nix @@ -1,49 +1,46 @@ -/* File specifying all the deployement options for the nodes administrated by the dgnum. +### +# File specifying all the deployement options for the nodes administrated by the dgnum. +# +# Node metadata template is: +# +# NODE_NAME = { +# adminGroups = []; # List of groups that have root access +# admins = []; # List of individuals that have root access +# deployment = {}; # Colmena deployment options +# nixpkgs = "unstable" or "22.11"; # nixpkgs version +# } -Node metadata template is: - -NODE_NAME = { - adminGroups = []; # List of groups that have root access - admins = []; # List of individuals that have root access - deployment = {}; # Colmena deployment options - nixpkgs = "unstable" or "22.11"; # nixpkgs version -} -*/ - -{ - web-01 = { - adminGroups = [ "web" ]; +let + mkNode = _: attrs: { + adminGroups = [ ]; admins = [ ]; + deployment = { }; + + nixpkgs = "23.05"; + } // attrs; +in + +builtins.mapAttrs mkNode { + web01 = { + adminGroups = [ "web" ]; + deployment = { tags = [ "web" ]; - targetHost = "129.199.129.200"; }; - nixpkgs = "23.05"; + stateVersion = "23.05"; }; compute01 = { adminGroups = [ "bureau" ]; - admins = [ ]; - deployment = { - tags = [ "infra-pasteur" ]; - targetHost = "129.199.146.147"; - }; - - nixpkgs = "23.05"; + stateVersion = "23.05"; }; storage01 = { adminGroups = [ "bureau" ]; - admins = [ ]; - deployment = { - tags = [ "infra-pasteur" ]; - targetHost = "129.199.146.148"; - }; - - nixpkgs = "23.05"; + stateVersion = "23.05"; }; } diff --git a/modules/default.nix b/modules/default.nix index cb1a24b..fca9132 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -39,6 +39,7 @@ "dgn-acme" "dgn-console" "dgn-hardware" + "dgn-network" "dgn-secrets" "dgn-ssh" ]) ++ [ diff --git a/modules/dgn-network.nix b/modules/dgn-network.nix new file mode 100644 index 0000000..0d8dff8 --- /dev/null +++ b/modules/dgn-network.nix @@ -0,0 +1,43 @@ +{ config, lib, meta, name, ... }: + +let + inherit (lib) + mapAttrs' + mkEnableOption + mkIf + optionalAttrs; + + net = meta.network.${name}; + + mkAddress = { address, prefixLength, ... }: "${address}/${builtins.toString prefixLength}"; + mkRoute = gateway: { routeConfig = { Gateway = gateway; GatewayOnLink = true; }; }; + + mkInterface = interface: net: { + name = "10-${interface}"; + value = { + name = interface; + address = builtins.map mkAddress (net.ipv4 ++ net.ipv6); + routes = builtins.map mkRoute net.gateways; + + networkConfig = optionalAttrs (net ? DHCP) { inherit (net) DHCP; }; + }; + }; + + cfg = config.dgn-network; +in + +{ + options.dgn-network.enable = mkEnableOption "automatic network configuration based on metadata" // { default = true; }; + + config = mkIf cfg.enable { + networking = { + inherit (net) hostId; + + hostName = name; + domain = "${meta.nodes.${name}.zone}.infra.dgnum.eu"; + useNetworkd = true; + }; + + systemd.network.networks = mapAttrs' mkInterface net.interfaces; + }; +} -- 2.47.1 From 6c0e2818acf7ef87cc4fb35d76c0ea586d12eb26 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Thu, 20 Jul 2023 14:21:25 +0200 Subject: [PATCH 47/78] web01: Rename from web-01 --- machines/{web-01 => web01}/_configuration.nix | 0 .../{web-01 => web01}/_hardware-configuration.nix | 0 machines/{web-01 => web01}/disko.nix | 0 machines/{web-01 => web01}/networking.nix | 0 machines/{web-01 => web01}/plausible.nix | 0 .../{web-01 => web01}/secrets/_smtp-password-file | 0 .../secrets/plausible_admin-user-password-file | Bin .../secrets/plausible_release-cookie-file | 0 .../secrets/plausible_secret-key-base-file | 0 machines/{web-01 => web01}/secrets/secrets.nix | 0 10 files changed, 0 insertions(+), 0 deletions(-) rename machines/{web-01 => web01}/_configuration.nix (100%) rename machines/{web-01 => web01}/_hardware-configuration.nix (100%) rename machines/{web-01 => web01}/disko.nix (100%) rename machines/{web-01 => web01}/networking.nix (100%) rename machines/{web-01 => web01}/plausible.nix (100%) rename machines/{web-01 => web01}/secrets/_smtp-password-file (100%) rename machines/{web-01 => web01}/secrets/plausible_admin-user-password-file (100%) rename machines/{web-01 => web01}/secrets/plausible_release-cookie-file (100%) rename machines/{web-01 => web01}/secrets/plausible_secret-key-base-file (100%) rename machines/{web-01 => web01}/secrets/secrets.nix (100%) diff --git a/machines/web-01/_configuration.nix b/machines/web01/_configuration.nix similarity index 100% rename from machines/web-01/_configuration.nix rename to machines/web01/_configuration.nix diff --git a/machines/web-01/_hardware-configuration.nix b/machines/web01/_hardware-configuration.nix similarity index 100% rename from machines/web-01/_hardware-configuration.nix rename to machines/web01/_hardware-configuration.nix diff --git a/machines/web-01/disko.nix b/machines/web01/disko.nix similarity index 100% rename from machines/web-01/disko.nix rename to machines/web01/disko.nix diff --git a/machines/web-01/networking.nix b/machines/web01/networking.nix similarity index 100% rename from machines/web-01/networking.nix rename to machines/web01/networking.nix diff --git a/machines/web-01/plausible.nix b/machines/web01/plausible.nix similarity index 100% rename from machines/web-01/plausible.nix rename to machines/web01/plausible.nix diff --git a/machines/web-01/secrets/_smtp-password-file b/machines/web01/secrets/_smtp-password-file similarity index 100% rename from machines/web-01/secrets/_smtp-password-file rename to machines/web01/secrets/_smtp-password-file diff --git a/machines/web-01/secrets/plausible_admin-user-password-file b/machines/web01/secrets/plausible_admin-user-password-file similarity index 100% rename from machines/web-01/secrets/plausible_admin-user-password-file rename to machines/web01/secrets/plausible_admin-user-password-file diff --git a/machines/web-01/secrets/plausible_release-cookie-file b/machines/web01/secrets/plausible_release-cookie-file similarity index 100% rename from machines/web-01/secrets/plausible_release-cookie-file rename to machines/web01/secrets/plausible_release-cookie-file diff --git a/machines/web-01/secrets/plausible_secret-key-base-file b/machines/web01/secrets/plausible_secret-key-base-file similarity index 100% rename from machines/web-01/secrets/plausible_secret-key-base-file rename to machines/web01/secrets/plausible_secret-key-base-file diff --git a/machines/web-01/secrets/secrets.nix b/machines/web01/secrets/secrets.nix similarity index 100% rename from machines/web-01/secrets/secrets.nix rename to machines/web01/secrets/secrets.nix -- 2.47.1 From ef211567a857252a80cf69926050c44b54dfe2d3 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Thu, 20 Jul 2023 15:48:01 +0200 Subject: [PATCH 48/78] web01: Finish switching to the new network config --- machines/web01/_configuration.nix | 1 - machines/web01/networking.nix | 4 ---- meta/default.nix | 2 +- meta/network.nix | 2 ++ 4 files changed, 3 insertions(+), 6 deletions(-) delete mode 100644 machines/web01/networking.nix diff --git a/machines/web01/_configuration.nix b/machines/web01/_configuration.nix index 4bf5139..aa6a06c 100644 --- a/machines/web01/_configuration.nix +++ b/machines/web01/_configuration.nix @@ -7,7 +7,6 @@ { imports = [ - ./networking.nix ./plausible.nix # ./wordpress ]; diff --git a/machines/web01/networking.nix b/machines/web01/networking.nix deleted file mode 100644 index cd57656..0000000 --- a/machines/web01/networking.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ lib, ... }: { - # TODO: Switch to networkd - networking.useDHCP = lib.mkDefault true; -} diff --git a/meta/default.nix b/meta/default.nix index cb11765..a719a8b 100644 --- a/meta/default.nix +++ b/meta/default.nix @@ -31,7 +31,7 @@ let zone = locations.${node}; deployment = let old = attrs.deployment; in old // { tags = (old.tags or [ ]) ++ [ "infra-${locations.${node}}" ]; - targetHost = builtins.head network.${node}.addresses.public; + targetHost = old.targetHost or (builtins.head network.${node}.addresses.public); }; }; diff --git a/meta/network.nix b/meta/network.nix index c83105c..4a4f4d3 100644 --- a/meta/network.nix +++ b/meta/network.nix @@ -65,5 +65,7 @@ builtins.mapAttrs mkNet { gateways = [ "129.199.129.1" ]; }; }; + + hostId = "050df79e"; }; } -- 2.47.1 From fef1e9038694f5db5fb2a8ae1d9a5235d3b16b10 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Thu, 20 Jul 2023 15:48:24 +0200 Subject: [PATCH 49/78] modules/dgn-console: Update hostname display --- modules/dgn-console.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/dgn-console.nix b/modules/dgn-console.nix index 17fe466..e2c1ae1 100644 --- a/modules/dgn-console.nix +++ b/modules/dgn-console.nix @@ -32,18 +32,19 @@ in services.nscd.enableNsncd = false; programs.bash.promptInit = '' + FQDN="$(hostname).$(domainname)" # Provide a nice prompt if the terminal supports it. if [ "$TERM" != "dumb" ] || [ -n "$INSIDE_EMACS" ]; then PROMPT_COLOR="1;31m" ((UID)) && PROMPT_COLOR="1;32m" if [ -n "$INSIDE_EMACS" ] || [ "$TERM" = "eterm" ] || [ "$TERM" = "eterm-color" ]; then # Emacs term mode doesn't support xterm title escape sequence (\e]0;) - PS1="\n\[\033[$PROMPT_COLOR\][\u@$(hostname -f):\w]\\$\[\033[0m\] " + PS1="\n\[\033[$PROMPT_COLOR\][\u@$FQDN:\w]\\$\[\033[0m\] " else - PS1="\n\[\033[$PROMPT_COLOR\][\[\e]0;\u@\H: \w\a\]\u@$(hostname -f):\w]\\$\[\033[0m\] " + PS1="\n\[\033[$PROMPT_COLOR\][\[\e]0;\u@\H: \w\a\]\u@$FQDN:\w]\\$\[\033[0m\] " fi if test "$TERM" = "xterm"; then - PS1="\[\033]2;$(hostname -f):\u:\w\007\]$PS1" + PS1="\[\033]2;$FQDN:\u:\w\007\]$PS1" fi fi ''; -- 2.47.1 From c2616ce4f5d6f1c414721a6648c9cf537838299d Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Fri, 21 Jul 2023 00:37:05 +0200 Subject: [PATCH 50/78] modules/dgn-dns: init Also deploy a DNS server on compute01 --- machines/compute01/_configuration.nix | 2 + meta/network.nix | 11 +-- meta/nodes.nix | 2 + modules/default.nix | 1 + modules/dgn-dns/default.nix | 33 +++++++++ modules/dgn-dns/serial.nix | 1 + modules/dgn-dns/zones/_dgnum.eu.nix | 96 +++++++++++++++++++++++++++ modules/dgn-dns/zones/default.nix | 52 +++++++++++++++ npins/sources.json | 13 ++++ scripts/default.nix | 30 +++++++++ scripts/ns-update.sh | 13 ++++ shell.nix | 4 +- 12 files changed, 252 insertions(+), 6 deletions(-) create mode 100644 modules/dgn-dns/default.nix create mode 100644 modules/dgn-dns/serial.nix create mode 100644 modules/dgn-dns/zones/_dgnum.eu.nix create mode 100644 modules/dgn-dns/zones/default.nix create mode 100644 scripts/default.nix create mode 100644 scripts/ns-update.sh diff --git a/machines/compute01/_configuration.nix b/machines/compute01/_configuration.nix index ffc7f5f..8ab7753 100644 --- a/machines/compute01/_configuration.nix +++ b/machines/compute01/_configuration.nix @@ -1,5 +1,7 @@ { ... }: { + dgn-dns.enable = true; + system.stateVersion = "23.05"; # Did you read the comment? } diff --git a/meta/network.nix b/meta/network.nix index 4a4f4d3..8072f8b 100644 --- a/meta/network.nix +++ b/meta/network.nix @@ -5,6 +5,9 @@ let getAddresses = version: interface: builtins.map (builtins.getAttr "address") interface.${version}; + filterIPv4 = ip: builtins.substring 0 7 ip != "192.168"; + filterIPv6 = _: true; + mkNet = _: value: let base = mkBase value; in base // { @@ -18,10 +21,10 @@ let { ipv4 = [ ]; ipv6 = [ ]; } (builtins.attrValues base.interfaces); in - _addresses // { - public = (builtins.filter - (ip: builtins.substring 0 7 ip != "192.168") - _addresses.ipv4) ++ _addresses.ipv6; + _addresses // rec { + publicV4 = builtins.filter filterIPv4 _addresses.ipv4; + publicV6 = builtins.filter filterIPv6 _addresses.ipv6; + public = publicV4 ++ publicV6; }; }; in diff --git a/meta/nodes.nix b/meta/nodes.nix index e48571d..8a698c6 100644 --- a/meta/nodes.nix +++ b/meta/nodes.nix @@ -35,6 +35,8 @@ builtins.mapAttrs mkNode { compute01 = { adminGroups = [ "bureau" ]; + deployment.tags = [ "dns" ]; + stateVersion = "23.05"; }; diff --git a/modules/default.nix b/modules/default.nix index fca9132..bdeaa13 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -38,6 +38,7 @@ "dgn-access-control" "dgn-acme" "dgn-console" + "dgn-dns" "dgn-hardware" "dgn-network" "dgn-secrets" diff --git a/modules/dgn-dns/default.nix b/modules/dgn-dns/default.nix new file mode 100644 index 0000000..ee46589 --- /dev/null +++ b/modules/dgn-dns/default.nix @@ -0,0 +1,33 @@ +args@{ config, lib, meta, name, sources, ... }: + +let + inherit (lib) + mkEnableOption + mkIf; + + dns = import sources."dns.nix"; + + cfg = config.dgn-dns; +in + +{ + options.dgn-dns = { + enable = mkEnableOption "an authoritative dns service on this server."; + }; + + + config = mkIf cfg.enable { + services.nsd = { + enable = true; + + interfaces = meta.network.${name}.addresses.public; + + zones = import ./zones (args // { inherit dns; }); + }; + + networking.firewall = { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; + }; +} diff --git a/modules/dgn-dns/serial.nix b/modules/dgn-dns/serial.nix new file mode 100644 index 0000000..40caa4c --- /dev/null +++ b/modules/dgn-dns/serial.nix @@ -0,0 +1 @@ +2023072002 \ No newline at end of file diff --git a/modules/dgn-dns/zones/_dgnum.eu.nix b/modules/dgn-dns/zones/_dgnum.eu.nix new file mode 100644 index 0000000..fde6788 --- /dev/null +++ b/modules/dgn-dns/zones/_dgnum.eu.nix @@ -0,0 +1,96 @@ +{ dgn-lib, meta, dns, ... }: + +let + inherit (dgn-lib) + fuseAttrs + mapSingleFuse; + + inherit (dns.lib.combinators) + mx + spf + ttl; + + mkCNAME = host: { CNAME = [ host ]; }; + + mkRecord = host: + let net = meta.network.${host}; in + { + A = net.addresses.publicV4; + AAAA = net.addresses.publicV6; + }; + + mkNS = { A, AAAA, ... }: { inherit A AAAA; }; + + mkHosted = server: mapSingleFuse (_: mkCNAME "${server}.${meta.nodes.${server}.zone}.infra"); + + hosted = fuseAttrs (builtins.attrValues + (builtins.mapAttrs mkHosted { + compute01 = [ + "social" + ]; + + storage01 = [ + "cloud" + "git" + "s3" + "video" + ]; + + web01 = [ + "analytics" + ]; + }) + ); + + infra.subdomains = builtins.mapAttrs + (_: nodes: { subdomains = mapSingleFuse mkRecord nodes; }) + meta.infra; + + kurisuDKIM = [{ + selector = "kurisu"; + k = "rsa"; + s = [ "email" ]; + p = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDa5KuK6ry+Ss2VsKL0FsDpoBlc7dcXZyp62fGqFJFJv4/GEivPWiwbr2o5oLKjQVI4kIYjIZsyQJFtI/Xcu4BrtDdBknb5WvCN8V9EvIMh3pfXOBLVx4oqw4BR7wF8Rw1J9xyfgsfK+m2n0M39XlMHH0Nuy6kU48jH9vYpZs17ZQIDAQAB"; + }]; +in + +{ + # Primary DNS servers + NS = [ + "ns01.dgnum.eu." + ]; + + # dgnum.codeberg.pages + # ALIAS = [ "codeberg.page" ]; + A = [ "217.197.91.145" ]; + AAAA = [ "2001:67c:1401:20f0::1" ]; + + MX = map (ttl 3600) [ + (mx.mx 10 "kurisu.lahfa.xyz.") + ]; + + TXT = [ + "dgnum.codeberg.page" + (spf.strict [ "a:kurisu.lahfa.xyz" ]) + ]; + DMARC = [{ p = "none"; }]; + DKIM = kurisuDKIM; + + subdomains = hosted // { + ns01 = mkNS infra.subdomains.par01.subdomains.compute01; + } // { + infra = infra // { + MX = map (ttl 3600) [ + (mx.mx 10 "kurisu.lahfa.xyz.") + ]; + + TXT = [ (spf.strict [ "a:kurisu.lahfa.xyz" ]) ]; + DMARC = [{ p = "none"; }]; + DKIM = kurisuDKIM; + }; + + dev.CNAME = [ "dev.pages.codeberg.page." ]; + irc.CNAME = [ "public.p.lahfa.xyz." ]; + webmail.CNAME = [ "kurisu.dual.lahfa.xyz." ]; + }; +} diff --git a/modules/dgn-dns/zones/default.nix b/modules/dgn-dns/zones/default.nix new file mode 100644 index 0000000..972f918 --- /dev/null +++ b/modules/dgn-dns/zones/default.nix @@ -0,0 +1,52 @@ +args@{ dgn-lib, dns, ... }: + +let + inherit (dgn-lib) + mapSingleFuse + mkRel + recursiveFuse; + + delegations = { + "dgnum.eu" = { + "ns-01.hubrecht.ovh." = [ "51.15.174.50" ]; + "ns-03.hubrecht.ovh." = [ "51.178.27.125" ]; + "kurisu.dual.lahfa.xyz." = [ ]; + }; + }; + + servedZones = [ + "dgnum.eu" + + # For reverse DNS + # "ip6.arpa" + ]; + + SOA = { + nameServer = "ns01.dgnum.eu."; + adminEmail = "dns.dgnum.eu"; + serial = import ../serial.nix; + retry = 3600; + minimum = 300; + }; + + mkZone = zone: + let + secondaryDNS = builtins.map + (ip: "${ip} NOKEY") + (builtins.concatLists (builtins.attrValues (delegations.${zone} or { }))); + in + { + data = + let attrs = import (mkRel ./. "_${zone}.nix") args; in + dns.lib.toString zone (recursiveFuse [ + { inherit SOA; } + attrs + { NS = attrs.NS ++ (builtins.attrNames (delegations.${zone} or { })); } + ]); + + provideXFR = secondaryDNS; + notify = secondaryDNS; + }; +in + +mapSingleFuse mkZone servedZones diff --git a/npins/sources.json b/npins/sources.json index a62650a..0194d75 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -28,6 +28,19 @@ "url": "https://api.github.com/repos/nix-community/disko/tarball/v1.0.0", "hash": "153cm29hjgklsi1aw85srvcd3h3afm7j77llk4fj3slf5gcwnmx9" }, + "dns.nix": { + "type": "GitRelease", + "repository": { + "type": "Git", + "url": "https://git.hubrecht.ovh/hubrecht/dns.nix" + }, + "pre_releases": false, + "version_upper_bound": null, + "version": "v1.2.1", + "revision": "66979725afe2164491be38ffff78460cc9b0ffd7", + "url": null, + "hash": "1bashjbh71dqs32yld7ihw2vz0vrad73pc35crf3qck8ssgpzv7d" + }, "nixos-23.05": { "type": "Channel", "name": "nixos-23.05", diff --git a/scripts/default.nix b/scripts/default.nix new file mode 100644 index 0000000..9e2e4c6 --- /dev/null +++ b/scripts/default.nix @@ -0,0 +1,30 @@ +{ pkgs, ... }: + +let + substitutions = { + inherit (pkgs) + bash + colmena + coreutils + git; + }; + + mkShellScript = name: (pkgs.substituteAll ({ + inherit name; + src = ./. + "/${name}.sh"; + dir = "/bin/"; + isExecutable = true; + + checkPhase = '' + ${pkgs.stdenv.shellDryRun} "$target" + ''; + } // substitutions)); + + scripts = [ + "ns-update" + # "mk-backup-key" + # "wg-setup" + ]; +in + +builtins.map mkShellScript scripts diff --git a/scripts/ns-update.sh b/scripts/ns-update.sh new file mode 100644 index 0000000..d909afa --- /dev/null +++ b/scripts/ns-update.sh @@ -0,0 +1,13 @@ +#!@bash@/bin/bash + +cd "$(@git@/bin/git rev-parse --show-toplevel)" + +SERIAL=$(@coreutils@/bin/cat modules/dgn-dns/serial.nix) +T_SERIAL="$(@coreutils@/bin/date +'%Y%m%d')00" + +N_SERIAL=$(( ( SERIAL >= T_SERIAL ? SERIAL : T_SERIAL ) + 1 )) + +echo "New SOA serial: $N_SERIAL" +echo -n "$N_SERIAL" > modules/dgn-dns/serial.nix + +@colmena@/bin/colmena apply --on @dns diff --git a/shell.nix b/shell.nix index bcef228..9b9e252 100644 --- a/shell.nix +++ b/shell.nix @@ -40,13 +40,13 @@ let in pkgs.mkShell { - packages = with pkgs; [ + packages = (with pkgs; [ npins colmena nixos-generators ] ++ (builtins.map (p: callPackage p { }) [ (sources.disko + "/package.nix") - ]); + ])) ++ (import ./scripts { inherit pkgs; }); allowSubstitutes = false; } -- 2.47.1 From 8cecf0eae80200ebe6476ff96ac75e8f44f2e71d Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Sun, 23 Jul 2023 21:46:20 +0200 Subject: [PATCH 51/78] hive: Use stateVersion defined in the nodes metadata --- hive.nix | 3 +++ machines/compute01/_configuration.nix | 1 - machines/storage01/_configuration.nix | 1 - machines/web01/_configuration.nix | 7 ------- 4 files changed, 3 insertions(+), 9 deletions(-) diff --git a/hive.nix b/hive.nix index 40d3005..e6ddf7b 100644 --- a/hive.nix +++ b/hive.nix @@ -19,6 +19,9 @@ let # Set NIX_PATH to the patched version of nixpkgs nix.nixPath = [ "nixpkgs=${mkNixpkgs node}" ]; + + # Use the stateVersion declared in the metadata + system = { inherit (metadata.nodes.${node}) stateVersion; }; }; mkNixpkgs = node: diff --git a/machines/compute01/_configuration.nix b/machines/compute01/_configuration.nix index 8ab7753..6f592f2 100644 --- a/machines/compute01/_configuration.nix +++ b/machines/compute01/_configuration.nix @@ -3,5 +3,4 @@ { dgn-dns.enable = true; - system.stateVersion = "23.05"; # Did you read the comment? } diff --git a/machines/storage01/_configuration.nix b/machines/storage01/_configuration.nix index 9123abe..81428ad 100644 --- a/machines/storage01/_configuration.nix +++ b/machines/storage01/_configuration.nix @@ -5,5 +5,4 @@ { config, pkgs, ... }: { - system.stateVersion = "23.05"; # Did you read the comment? } diff --git a/machines/web01/_configuration.nix b/machines/web01/_configuration.nix index aa6a06c..b1ee27a 100644 --- a/machines/web01/_configuration.nix +++ b/machines/web01/_configuration.nix @@ -13,12 +13,5 @@ networking.hostName = name; - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.11"; # Did you read the comment? } -- 2.47.1 From 98f20775683d70003fd1dbe28bacf074d9ff1601 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Sun, 23 Jul 2023 21:46:53 +0200 Subject: [PATCH 52/78] machines: Add boilerplate for enabling modules and services --- lib/trivial.nix | 5 ++++ machines/compute01/_configuration.nix | 27 ++++++++++++++++++---- machines/storage01/_configuration.nix | 28 ++++++++++++++++++----- machines/web01/_configuration.nix | 33 +++++++++++++++++---------- 4 files changed, 71 insertions(+), 22 deletions(-) diff --git a/lib/trivial.nix b/lib/trivial.nix index 075a99f..cd848c0 100644 --- a/lib/trivial.nix +++ b/lib/trivial.nix @@ -25,6 +25,11 @@ rec { */ singleAttr = name: value: { ${name} = value; }; + /* Enables a list of modules. */ + enableAttrs' = enable: mapFuse (m: { ${m}.${enable} = true; }); + + enableModules = enableAttrs' "enable"; + mapSingleFuse = f: mapFuse (x: singleAttr x (f x)); setDefault = default: mapFuse (name: { ${name} = default; }); diff --git a/machines/compute01/_configuration.nix b/machines/compute01/_configuration.nix index 6f592f2..c9c4f3d 100644 --- a/machines/compute01/_configuration.nix +++ b/machines/compute01/_configuration.nix @@ -1,6 +1,25 @@ -{ ... }: +{ dgn-lib, ... }: -{ - dgn-dns.enable = true; +let + inherit (dgn-lib) + enableModules + mkImports + recursiveFuse; -} + # List of modules to enable + enabledModules = [ + "dgn-dns" + ]; + + # List of services to enable + enabledServices = [ + ]; +in + +recursiveFuse [ + (enableModules enabledModules) + + { + imports = mkImports ./. enabledServices; + } +] diff --git a/machines/storage01/_configuration.nix b/machines/storage01/_configuration.nix index 81428ad..f9ff469 100644 --- a/machines/storage01/_configuration.nix +++ b/machines/storage01/_configuration.nix @@ -1,8 +1,24 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running `nixos-help`). +{ dgn-lib, ... }: -{ config, pkgs, ... }: +let + inherit (dgn-lib) + enableModules + mkImports + recursiveFuse; -{ -} + # List of modules to enable + enabledModules = [ + ]; + + # List of services to enable + enabledServices = [ + ]; +in + +recursiveFuse [ + (enableModules enabledModules) + + { + imports = mkImports ./. enabledServices; + } +] diff --git a/machines/web01/_configuration.nix b/machines/web01/_configuration.nix index b1ee27a..2410d92 100644 --- a/machines/web01/_configuration.nix +++ b/machines/web01/_configuration.nix @@ -1,17 +1,26 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). +{ dgn-lib, ... }: -{ name, ... }: +let + inherit (dgn-lib) + enableModules + mkImports + recursiveFuse; -{ - imports = - [ - ./plausible.nix - # ./wordpress - ]; + # List of modules to enable + enabledModules = [ + ]; - networking.hostName = name; + # List of services to enable + enabledServices = [ + "plausible" + # "wordpress" + ]; +in +recursiveFuse [ + (enableModules enabledModules) -} + { + imports = mkImports ./. enabledServices; + } +] -- 2.47.1 From 9b5f39d7f2e808a63958c638bdec7d6547a94a1f Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Sun, 23 Jul 2023 22:16:59 +0200 Subject: [PATCH 53/78] hive.nix: Switch dgn-lib to nix-lib --- hive.nix | 4 ++-- lib/default.nix | 31 ++-------------------------- lib/trivial.nix | 50 ---------------------------------------------- npins/sources.json | 13 ++++++++++++ 4 files changed, 17 insertions(+), 81 deletions(-) delete mode 100644 lib/trivial.nix diff --git a/hive.nix b/hive.nix index e6ddf7b..9d3f78e 100644 --- a/hive.nix +++ b/hive.nix @@ -2,7 +2,7 @@ let sources = import ./npins; metadata = import ./meta; - lib = import ./lib/trivial.nix; + lib = import (sources.nix-lib + "/trivial.nix"); mkNode = node: { name, nodes, ... }: { # Import the base configuration for each node @@ -35,7 +35,7 @@ let mkNixpkgs' = node: import (mkNixpkgs node) { }; mkArgs = node: { - dgn-lib = import ./lib { inherit ((mkNixpkgs' node)) lib; }; + dgn-lib = import sources.nix-lib { inherit ((mkNixpkgs' node)) lib; keysRoot = ./keys; }; }; nodes = builtins.attrNames metadata.nodes; diff --git a/lib/default.nix b/lib/default.nix index 99b2785..7947fed 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,34 +1,7 @@ { lib, ... }: let - trivial = import ./trivial.nix; + sources = import ../npins; in -trivial // (with trivial; rec { - recursiveFuse = builtins.foldl' lib.recursiveUpdate { }; - - mkImport = root: file: - let path = mkRel root file; in - path + (lib.optionalString (!lib.pathIsDirectory path) ".nix"); - - mkImports = root: builtins.map (mkImport root); - - getKeys = name: builtins.filter - (k: k != "") - (lib.splitString "\n" (builtins.readFile (mkRel ../keys "${name}.keys"))); - - /* List version of getKeys */ - getAllKeys = names: builtins.concatLists (builtins.map getKeys names); - - getKeyFiles = builtins.map (compose (n: "${n}.keys") (mkRel ../keys)); - - getNodeKeys = node: - let - meta = import ../meta; - names = builtins.foldl' - (names: group: names ++ meta.members.groups.${group}) - (meta.nodes.${node}.admins ++ [ "/machines/${node}" ]) - (meta.nodes.${node}.adminGroups ++ [ "root" ]); - in - getAllKeys names; -}) +import sources.nix-lib { inherit lib; keysRoot = ../keys; } diff --git a/lib/trivial.nix b/lib/trivial.nix deleted file mode 100644 index cd848c0..0000000 --- a/lib/trivial.nix +++ /dev/null @@ -1,50 +0,0 @@ -rec { - /* Fuses a list of attribute sets into a single attribute set. - - Example: - x = [ { a = 1; } { b = 2; } ] - fuseAttrs x - => { a = 1; b = 2; } - */ - fuseAttrs = builtins.foldl' (attrs: x: attrs // x) { }; - - /* Maps then fuses a list of attribute sets into a single attribute set. - - Example: - x = [ "a" "b" ] - mapFuse (c: { ${c} = 42; }) x - => { a = 42; b = 42; } - */ - mapFuse = f: attrsList: fuseAttrs (builtins.map f attrsList); - - /* Equivalent of lib.singleton but for an attribute set. - - Example: - singleAttr "a" 1 - => { a = 1; } - */ - singleAttr = name: value: { ${name} = value; }; - - /* Enables a list of modules. */ - enableAttrs' = enable: mapFuse (m: { ${m}.${enable} = true; }); - - enableModules = enableAttrs' "enable"; - - mapSingleFuse = f: mapFuse (x: singleAttr x (f x)); - - setDefault = default: mapFuse (name: { ${name} = default; }); - - /* Creates a relative path as a string - - Example: - mkRel /home/test/ "file.txt" - => "/home/test/file.txt" - */ - mkRel = path: file: path + "/${file}"; - - compose = f: g: (x: g (f x)); - - mkBaseSecrets = root: mapFuse (secret: { ${secret}.file = mkRel root secret; }); - - getSecrets = dir: builtins.attrNames (import (mkRel dir "secrets.nix")); -} diff --git a/npins/sources.json b/npins/sources.json index 0194d75..95265af 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -41,6 +41,19 @@ "url": null, "hash": "1bashjbh71dqs32yld7ihw2vz0vrad73pc35crf3qck8ssgpzv7d" }, + "nix-lib": { + "type": "GitRelease", + "repository": { + "type": "Git", + "url": "https://git.hubrecht.ovh/hubrecht/nix-lib" + }, + "pre_releases": false, + "version_upper_bound": null, + "version": "0.1.1", + "revision": "5db2443e2cb18335375ad84ffbc066a239c054de", + "url": null, + "hash": "18xzi2yn2vk7zq79pgz8z2s1ijhyjcx5866mp21rrdi9gz37yiif" + }, "nixos-23.05": { "type": "Channel", "name": "nixos-23.05", -- 2.47.1 From c97c9303fe2b6666934613c9bc68f5c309cff82e Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 24 Jul 2023 09:09:15 +0200 Subject: [PATCH 54/78] keys: Rename web-01 to web01 --- keys/machines/{web-01.keys => web01.keys} | 0 machines/web01/secrets/secrets.nix | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename keys/machines/{web-01.keys => web01.keys} (100%) diff --git a/keys/machines/web-01.keys b/keys/machines/web01.keys similarity index 100% rename from keys/machines/web-01.keys rename to keys/machines/web01.keys diff --git a/machines/web01/secrets/secrets.nix b/machines/web01/secrets/secrets.nix index af807b9..7fa74f7 100644 --- a/machines/web01/secrets/secrets.nix +++ b/machines/web01/secrets/secrets.nix @@ -1,6 +1,6 @@ let lib = import ../../../lib { inherit (import { }) lib; }; - publicKeys = lib.getNodeKeys "web-01"; + publicKeys = lib.getNodeKeys "web01"; in lib.setDefault { inherit publicKeys; } [ -- 2.47.1 From 078365e5765079982f9355f91e7ad99a8d608793 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 24 Jul 2023 09:10:34 +0200 Subject: [PATCH 55/78] lib: Use sources.nixpkgs instead of --- lib/default.nix | 4 +++- machines/compute01/secrets/secrets.nix | 4 ++-- machines/storage01/secrets/secrets.nix | 4 ++-- machines/web01/secrets/secrets.nix | 2 +- 4 files changed, 8 insertions(+), 6 deletions(-) diff --git a/lib/default.nix b/lib/default.nix index 7947fed..74b426f 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,6 +1,8 @@ -{ lib, ... }: +_: let + inherit ((import sources.nixpkgs { })) lib; + sources = import ../npins; in diff --git a/machines/compute01/secrets/secrets.nix b/machines/compute01/secrets/secrets.nix index 2ee797d..b7de844 100644 --- a/machines/compute01/secrets/secrets.nix +++ b/machines/compute01/secrets/secrets.nix @@ -1,6 +1,6 @@ let - lib = import ../../../lib { inherit (import { }) lib; }; - publicKeys = lib.getNodeKeys "compute01"; + lib = import ../../../lib { }; + publicKeys = lib.getNodeKeys "web01"; in lib.setDefault { inherit publicKeys; } [ diff --git a/machines/storage01/secrets/secrets.nix b/machines/storage01/secrets/secrets.nix index 17c20cd..b7de844 100644 --- a/machines/storage01/secrets/secrets.nix +++ b/machines/storage01/secrets/secrets.nix @@ -1,6 +1,6 @@ let - lib = import ../../../lib { inherit (import { }) lib; }; - publicKeys = lib.getNodeKeys "storage01"; + lib = import ../../../lib { }; + publicKeys = lib.getNodeKeys "web01"; in lib.setDefault { inherit publicKeys; } [ diff --git a/machines/web01/secrets/secrets.nix b/machines/web01/secrets/secrets.nix index 7fa74f7..384b505 100644 --- a/machines/web01/secrets/secrets.nix +++ b/machines/web01/secrets/secrets.nix @@ -1,5 +1,5 @@ let - lib = import ../../../lib { inherit (import { }) lib; }; + lib = import ../../../lib { }; publicKeys = lib.getNodeKeys "web01"; in -- 2.47.1 From 3c38fc687edd91fbe5456d2921004ad310b36114 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 24 Jul 2023 09:49:53 +0200 Subject: [PATCH 56/78] keys: Add keys for storage01 and compute01 --- keys/machines/compute01.keys | 1 + keys/machines/storage01.keys | 1 + 2 files changed, 2 insertions(+) diff --git a/keys/machines/compute01.keys b/keys/machines/compute01.keys index e69de29..ba12030 100644 --- a/keys/machines/compute01.keys +++ b/keys/machines/compute01.keys @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/YluSVS+4h3oV8CIUj0OmquyJXju8aEQy0Jz210vTu diff --git a/keys/machines/storage01.keys b/keys/machines/storage01.keys index e69de29..eff8f43 100644 --- a/keys/machines/storage01.keys +++ b/keys/machines/storage01.keys @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA0s+rPcEcfWCqZ4B2oJiWT/60awOI8ijL1rtDM2glXZ -- 2.47.1 From 28fc16dc96f353c0e5731cdea1963e97eddc9e6f Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 24 Jul 2023 09:50:17 +0200 Subject: [PATCH 57/78] npins: Update nix-lib --- hive.nix | 2 +- lib/default.nix | 2 +- npins/sources.json | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/hive.nix b/hive.nix index 9d3f78e..7434320 100644 --- a/hive.nix +++ b/hive.nix @@ -35,7 +35,7 @@ let mkNixpkgs' = node: import (mkNixpkgs node) { }; mkArgs = node: { - dgn-lib = import sources.nix-lib { inherit ((mkNixpkgs' node)) lib; keysRoot = ./keys; }; + dgn-lib = import sources.nix-lib { inherit ((mkNixpkgs' node)) lib; keysRoot = ./keys; metaRoot = ./meta; }; }; nodes = builtins.attrNames metadata.nodes; diff --git a/lib/default.nix b/lib/default.nix index 74b426f..de03c3e 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -6,4 +6,4 @@ let sources = import ../npins; in -import sources.nix-lib { inherit lib; keysRoot = ../keys; } +import sources.nix-lib { inherit lib; keysRoot = ../keys; metaRoot = ../meta; } diff --git a/npins/sources.json b/npins/sources.json index 95265af..24aa84c 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -49,10 +49,10 @@ }, "pre_releases": false, "version_upper_bound": null, - "version": "0.1.1", - "revision": "5db2443e2cb18335375ad84ffbc066a239c054de", + "version": "0.1.3", + "revision": "2e8dfd77b6c3b6542b37829d6a26f48824be9c90", "url": null, - "hash": "18xzi2yn2vk7zq79pgz8z2s1ijhyjcx5866mp21rrdi9gz37yiif" + "hash": "0mlcq0bjipahn6hmprw91xam2ia618hq8x2w6shik5s0483sfvas" }, "nixos-23.05": { "type": "Channel", -- 2.47.1 From c6121e63d7def06bced07e55f567b4b17aefcd68 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 24 Jul 2023 09:50:33 +0200 Subject: [PATCH 58/78] modules/dgn-secrets: Fix options --- modules/dgn-secrets.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/dgn-secrets.nix b/modules/dgn-secrets.nix index c43eea3..8453213 100644 --- a/modules/dgn-secrets.nix +++ b/modules/dgn-secrets.nix @@ -66,7 +66,7 @@ let group = mkOption { type = str; - default = users.${config.owner}.group or "0"; + default = config.users.${config.owner}.group or "0"; description = '' Group of the decrypted secret. ''; -- 2.47.1 From e755c43d5a99fefe01a319a1c44f862496039412 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 24 Jul 2023 09:50:57 +0200 Subject: [PATCH 59/78] storage01/forgejo: Init on git.dgnum.eu --- machines/storage01/_configuration.nix | 1 + machines/storage01/forgejo.nix | 101 ++++++++++++++++++ .../secrets/forgejo_database-password-file | 27 +++++ machines/storage01/secrets/secrets.nix | 3 +- 4 files changed, 131 insertions(+), 1 deletion(-) create mode 100644 machines/storage01/forgejo.nix create mode 100644 machines/storage01/secrets/forgejo_database-password-file diff --git a/machines/storage01/_configuration.nix b/machines/storage01/_configuration.nix index f9ff469..e9f6f6f 100644 --- a/machines/storage01/_configuration.nix +++ b/machines/storage01/_configuration.nix @@ -12,6 +12,7 @@ let # List of services to enable enabledServices = [ + "forgejo" ]; in diff --git a/machines/storage01/forgejo.nix b/machines/storage01/forgejo.nix new file mode 100644 index 0000000..9c7c14e --- /dev/null +++ b/machines/storage01/forgejo.nix @@ -0,0 +1,101 @@ +{ config, lib, pkgs, dgn-lib, ... }: + +let + inherit (dgn-lib) + setDefault; + + port = 3000; + host = "git.dgnum.eu"; +in + +{ + services.gitea = { + enable = true; + + user = "git"; + package = pkgs.forgejo; + stateDir = "/var/lib/git"; + + appName = "forgejo: DGNum's git instance"; + + database = { + type = "postgres"; + user = "git"; + passwordFile = config.age.secrets."forgejo_database-password-file".path; + }; + + settings = { + server = { + ROOT_URL = "https://${host}/"; + DOMAIN = host; + HTTP_ADDRESS = "127.0.0.1"; + HTTP_PORT = port; + APP_DATA_PATH = "/var/lib/git/data"; + }; + + service = { + EMAIL_DOMAIN_WHITELIST = "dgnum.eu"; + + DISABLE_REGISTRATION = false; + }; + + log.LEVEL = "Warn"; + + ui.THEMES = "forgejo-auto,forgejo-light,forgejo-dark"; + + actions = { + ENABLED = true; + DEFAULT_ACTIONS_URL = "https://gitea.com"; + }; + + mailer = { + ENABLED = false; + FROM = "git@infra.dgnum.eu"; + MAILER_TYPE = "smtp"; + SMTP_ADDR = "kurisu.lahfa.xyz"; + SMTP_PORT = 465; + IS_TLS_ENABLED = true; + USER = "web-services@infra.dgnum.eu"; + }; + }; + + # Dump configuration + # dump = { + # enable = false; + # type = "tar.xz"; + # file = "gitea.bk"; + # }; + + # mailerPasswordFile = config.age.secrets."_ht-mail.pwd".path; + }; + + services.nginx = { + enable = true; + + virtualHosts.${host} = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString port}"; + }; + }; + }; + + users.users.git = { + description = "Git Service"; + home = "/var/lib/git"; + useDefaultShell = true; + group = "git"; + isSystemUser = true; + }; + + users.groups.git = { }; + + dgn-secrets.options = [ + (setDefault { owner = "git"; } (builtins.filter + (lib.hasPrefix "forgejo") + config.dgn-secrets.names)) + ]; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; +} diff --git a/machines/storage01/secrets/forgejo_database-password-file b/machines/storage01/secrets/forgejo_database-password-file new file mode 100644 index 0000000..06ce2fa --- /dev/null +++ b/machines/storage01/secrets/forgejo_database-password-file @@ -0,0 +1,27 @@ +age-encryption.org/v1 +-> ssh-ed25519 rHotTw VROWia1UGxKvLi+SZ2grFqfUi10BGbBWKrSmi4Iw01U +wFFoxP9MrADS3Wl34L0CjsaoTSy7JHJ4t4w2N52mBKU +-> ssh-ed25519 cvTB5g Ev1w1VPlQKBwOB/yYpEg6w/g1eGN190lwP8mMpq75Xc +FUfyIDYZ/cxPtywZw+OgNpRhSISP6muWTF/8hEtSLOg +-> ssh-ed25519 Wu8JLQ FoYe+iG0zFzw7Mc9wtudLPqdnsZWLNyd/gbw1TahQz8 +0nRkMbgV3QXrw1+sQG3vRaFWBitrotoJB+1nyqCWhM8 +-> ssh-ed25519 jIXfPA U+PEeBy1vXu1leN0P+5ps4LlStESvHTb11zOaM0yPDI +UjB+PPMuc9209bHi5gKvkbSa7ZcWsu6JWy8s6E1jJDQ +-> ssh-ed25519 QlRB9Q i2KcBk2W0AmvnZF3AcV1GlWQ473qTDvn/rrH3kIRIik +6HMK0d5NnA25xfrKFO91Rb9FDbU7zPJbUdLet3L7WaU +-> ssh-rsa krWCLQ +j/BIE/IyHE9+zrAVQW+50A25UIZW9h/plLsuKJ82gcCkPmNUSLDHmlTxLvLg9qpR +oanp5V5zbuJj1iRy4IuWRKszx2IBFAor9MoDS93QieccjRYkuFPGLroUWolODJ5X +eP6F2lhjBMDFbNCOCWdL4p66MtDy9ZNDVMUKYA8aXaOU/oPxr4VwkVkoHJeGOTje ++aJ3tKse/QdvT7vVHCutYGZoYhuWyI1LUFRIXdkeoqmY1RnF43kdui84a//quJT2 +iBPgZ4HLezbf6MTp9Gi2RmcVPVViAxLWXWH8GYKMI51TsWLHYrPszcpqwM7B+m14 +AnD/J6srq08SnZYIsg+wOg +-> ssh-ed25519 /vwQcQ IZwQ56Xm+BnDhBZ7EzjWLiWAa5Iw3C3x4Fp/roWmRXE ++O8Jd341LtyLc2+DzKrtpN25iJbmboaLDlPvMYxphtQ +-> ssh-ed25519 0R97PA p0QpsWsYTms12BQitqWSAHRcAFNNN1zzPuSFnW/ocxU +Ze+Z1S5KFUJ5/YCSGPnl8wvSpiPhVR8QzthLRuyRJnY +-> IC-grease -KhJ+=P Z5S .wB +vZm9JOMOQRAl3+KxelQniW7O1BwQmeSpSNGjY12oY/xVue5LOpqjxDC63jpYJHoG +izw +--- NB/JS3Ab3dw33pEARrn+OwGLmtwcqBg/VVc1FX3yhrc +KtMqkmy~ȇ#/U:>x^[!jg \ No newline at end of file diff --git a/machines/storage01/secrets/secrets.nix b/machines/storage01/secrets/secrets.nix index b7de844..31bf8ca 100644 --- a/machines/storage01/secrets/secrets.nix +++ b/machines/storage01/secrets/secrets.nix @@ -1,7 +1,8 @@ let lib = import ../../../lib { }; - publicKeys = lib.getNodeKeys "web01"; + publicKeys = lib.getNodeKeys "storage01"; in lib.setDefault { inherit publicKeys; } [ + "forgejo_database-password-file" ] -- 2.47.1 From c74ab04df0b09d0530f672a4811814ab6b8f1eb5 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 11 Sep 2023 11:17:30 +0200 Subject: [PATCH 60/78] feat(compute01): Deploy cloud.dgnum.eu --- machines/compute01/_configuration.nix | 1 + machines/compute01/nextcloud.nix | 59 +++++++++++++++++++ .../secrets/nextcloud-adminpass_file | 23 ++++++++ machines/compute01/secrets/secrets.nix | 3 +- 4 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 machines/compute01/nextcloud.nix create mode 100644 machines/compute01/secrets/nextcloud-adminpass_file diff --git a/machines/compute01/_configuration.nix b/machines/compute01/_configuration.nix index c9c4f3d..a0a2cfd 100644 --- a/machines/compute01/_configuration.nix +++ b/machines/compute01/_configuration.nix @@ -13,6 +13,7 @@ let # List of services to enable enabledServices = [ + "nextcloud" ]; in diff --git a/machines/compute01/nextcloud.nix b/machines/compute01/nextcloud.nix new file mode 100644 index 0000000..a9f478c --- /dev/null +++ b/machines/compute01/nextcloud.nix @@ -0,0 +1,59 @@ +{ config, lib, pkgs, dgn-lib, ... }: + +let + inherit (dgn-lib) setDefault; + + host = "cloud.dgnum.eu"; +in { + services.nextcloud = { + enable = true; + hostName = host; + + package = pkgs.nextcloud27; + + https = true; + + config = { + overwriteProtocol = "https"; + + dbtype = "pgsql"; + + adminpassFile = config.age.secrets."nextcloud-adminpass_file".path; + adminuser = "thubrecht"; + + defaultPhoneRegion = "FR"; + + trustedProxies = [ "::1" ]; + }; + + notify_push = { enable = true; }; + + database.createLocally = true; + configureRedis = true; + + autoUpdateApps.enable = true; + + enableBrokenCiphersForSSE = false; + + extraOptions = { + overwritehost = host; + "overwrite.cli.url" = "https://${host}"; + updatechecker = false; + + allow_local_remote_servers = true; + "opcache.interned_strings_buffer" = 16; + }; + }; + + services.nginx.virtualHosts.${host} = { + enableACME = true; + forceSSL = true; + }; + + dgn-secrets.options = [ + (setDefault { owner = "nextcloud"; } + (builtins.filter (lib.hasPrefix "nextcloud") config.dgn-secrets.names)) + ]; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; +} diff --git a/machines/compute01/secrets/nextcloud-adminpass_file b/machines/compute01/secrets/nextcloud-adminpass_file new file mode 100644 index 0000000..dc11369 --- /dev/null +++ b/machines/compute01/secrets/nextcloud-adminpass_file @@ -0,0 +1,23 @@ +age-encryption.org/v1 +-> ssh-ed25519 tDqJRg evx+Y82HrlSYjiNcAOi/c2wy2nAWLbC65tolSOMfBS4 +UeUruJRtQOaUShCjJ9OVEGJyMZBVzzAEi6tvwQKM0d0 +-> ssh-ed25519 jIXfPA oZkfWCbiR/OjidO/cPShgXHJlqF9Kpubiy7ztol4DlQ +tU6IbBtALUC/5KF8uLMGAWAZoAqIgr+epypd/WVfebc +-> ssh-ed25519 QlRB9Q ZFyh2k8NYrMU3cVdg0vVv+UYrHMrhSIsrIkSKSOY5Uw +L2yfOmxNYyboK/uxc2PqXEpiHkPmm3aSgCdJtgWFVjw +-> ssh-rsa krWCLQ +ERww+4XKYoT8glUVJQv9cC/BrxWwry1opqtoWu71VYJyOFfASnTEnkO4Uljf1bg2 +nTB7oPly9eVKeMul/esYoAS/ygSXtxbTdcRizEQo9Yv8KmNO/h2Gyn3oSXQIdrxI +nHH+F26iuzuGFxrFpX29sqlMMDczzPCEryi7WKnZCBTeZAcMqkBSIJzmiFUhzLL0 +/rXBhys2xp3ylqpJ64UAJyT4qdBJw/JqssnW1dXlsmY6/COpf7Y9DgseGx5jB/z/ +CIavbJMZzyAJykiBdbTRqL11Hlp3LXwE+NTxSClKPaUJXRFtNgJrRIvy+hSsRp9z +0pGm1b1pKzOOyAjJu1poRQ +-> ssh-ed25519 /vwQcQ C0R57jIfKWTXY17Rsyb7dI5YaeIg3lx4Wtj1xA+U7Dc +Pjzq+q2qRPbqwKBuRkxw7B//fszkw+ygkMWg9S7BCfk +-> ssh-ed25519 0R97PA X/EIa3dWMIoC2ed7cB47wbRYHttZHPDl+ENcHgQ1gXA +mCcMfpVfQ9GeNsydWgYzTTzVrRk6CL7JNmNKPNjl2PY +-> / Date: Mon, 11 Sep 2023 11:17:52 +0200 Subject: [PATCH 61/78] feat(storage01): Deploy basic garage --- machines/storage01/_configuration.nix | 1 + machines/storage01/garage.nix | 45 +++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 machines/storage01/garage.nix diff --git a/machines/storage01/_configuration.nix b/machines/storage01/_configuration.nix index e9f6f6f..c32169d 100644 --- a/machines/storage01/_configuration.nix +++ b/machines/storage01/_configuration.nix @@ -13,6 +13,7 @@ let # List of services to enable enabledServices = [ "forgejo" + "garage" ]; in diff --git a/machines/storage01/garage.nix b/machines/storage01/garage.nix new file mode 100644 index 0000000..1d89448 --- /dev/null +++ b/machines/storage01/garage.nix @@ -0,0 +1,45 @@ +_: + +let + host = "s3.dgnum.eu"; + webHost = "cdn.dgnum.eu"; +in { + services.garage = { + enable = true; + + settings = { + replication_mode = "none"; + compression_level = 7; + + rpc_bind_addr = "[::]:3901"; + rpc_public_addr = "127.0.0.1:3901"; + rpc_secret = + "a79e86c6fc0e0a02ff71fd3c6127887b6e029ea6e8ade6c3de1a0b7b09ad2873"; + + s3_api = { + s3_region = "par01"; + api_bind_addr = "[::]:3900"; + root_domain = ".${host}"; + }; + + s3_web = { + bind_addr = "[::]:3902"; + root_domain = ".${webHost}"; + index = "index.html"; + }; + + k2v_api = { api_bind_addr = "[::]:3904"; }; + + admin = { + api_bind_addr = "0.0.0.0:3903"; + admin_token = "KVGyC6SNrIwT4o9alxg7T1SWFs29vjev0AzLBwqchjo="; + }; + }; + }; + + services.nginx.virtualHosts.${host} = { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://[::1]:3900"; + }; +} -- 2.47.1 From 5f473104bfe8b2392e24b223d62eab479987411a Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 11 Sep 2023 11:18:15 +0200 Subject: [PATCH 62/78] fix(dgn-lib): Switch to new source path --- hive.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hive.nix b/hive.nix index 7434320..2d23408 100644 --- a/hive.nix +++ b/hive.nix @@ -2,7 +2,7 @@ let sources = import ./npins; metadata = import ./meta; - lib = import (sources.nix-lib + "/trivial.nix"); + lib = import (sources.nix-lib + "/src/trivial.nix"); mkNode = node: { name, nodes, ... }: { # Import the base configuration for each node -- 2.47.1 From a23ba62f27519b49e71b4d886633ad29ee52fd3d Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 11 Sep 2023 11:18:23 +0200 Subject: [PATCH 63/78] chore(npins): Update --- npins/sources.json | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/npins/sources.json b/npins/sources.json index 24aa84c..73961c5 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -49,28 +49,28 @@ }, "pre_releases": false, "version_upper_bound": null, - "version": "0.1.3", - "revision": "2e8dfd77b6c3b6542b37829d6a26f48824be9c90", + "version": "0.1.4", + "revision": "7f41fb168f0a97481d06019b3de305ebff9ee348", "url": null, - "hash": "0mlcq0bjipahn6hmprw91xam2ia618hq8x2w6shik5s0483sfvas" + "hash": "1ymx3ayi189xcinpc6r71qvwgqsvz96y7dwdxzlrjawr08c95wm2" }, "nixos-23.05": { "type": "Channel", "name": "nixos-23.05", - "url": "https://releases.nixos.org/nixos/23.05/nixos-23.05.1375.9790f3242da/nixexprs.tar.xz", - "hash": "12lk6kpraw6gj4nm18g7w8jcnwh9r42jsviypvk12w8b21kzdd14" + "url": "https://releases.nixos.org/nixos/23.05/nixos-23.05.3279.4077a0e4ac33/nixexprs.tar.xz", + "hash": "1fwb9cbkcq18hhcr7iwn46rfak30smphkmird90hl9j4s4bwqcps" }, "nixos-unstable": { "type": "Channel", "name": "nixos-unstable", - "url": "https://releases.nixos.org/nixos/unstable/nixos-23.11pre499690.4bc72cae107/nixexprs.tar.xz", - "hash": "0jpmwi76ylw2z3qj51as64i5m7qp9ypgznf920jck3qgcxqq9958" + "url": "https://releases.nixos.org/nixos/unstable/nixos-23.11pre522946.0bffda19b8af/nixexprs.tar.xz", + "hash": "1hxa2hdjrx4pinsl0px94nkpfcvdvg7qzk4hr810bfm52ld1cjbj" }, "nixpkgs": { "type": "Channel", "name": "nixpkgs-unstable", - "url": "https://releases.nixos.org/nixpkgs/nixpkgs-23.11pre499791.3c614fbc76f/nixexprs.tar.xz", - "hash": "0l685ckns6ycgskyj0bqcd75dnsimsy4wbzax8vwbv6ms11p1bf6" + "url": "https://releases.nixos.org/nixpkgs/nixpkgs-23.11pre523160.efd23a1c9ae8/nixexprs.tar.xz", + "hash": "1rh4mqan98f19i6flyx7n45shlc0fm3wfdb648qvwx3y1vpkpfj3" } }, "version": 3 -- 2.47.1 From 4b6e2fc3b1a2fa639fc835dd4b1865ecc25f233a Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 11 Sep 2023 18:54:17 +0200 Subject: [PATCH 64/78] fix(garage): Setup correctly the reverse proxy --- machines/storage01/garage.nix | 31 ++++++++++++++++++++++++------- 1 file changed, 24 insertions(+), 7 deletions(-) diff --git a/machines/storage01/garage.nix b/machines/storage01/garage.nix index 1d89448..902c26d 100644 --- a/machines/storage01/garage.nix +++ b/machines/storage01/garage.nix @@ -17,13 +17,13 @@ in { "a79e86c6fc0e0a02ff71fd3c6127887b6e029ea6e8ade6c3de1a0b7b09ad2873"; s3_api = { - s3_region = "par01"; - api_bind_addr = "[::]:3900"; + s3_region = "garage"; + api_bind_addr = "127.0.0.1:3900"; root_domain = ".${host}"; }; s3_web = { - bind_addr = "[::]:3902"; + bind_addr = "127.0.0.1:3902"; root_domain = ".${webHost}"; index = "index.html"; }; @@ -37,9 +37,26 @@ in { }; }; - services.nginx.virtualHosts.${host} = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://[::1]:3900"; + services.nginx.virtualHosts = { + ${host} = { + enableACME = true; + forceSSL = true; + locations."/".extraConfig = '' + proxy_pass http://127.0.0.1:3900; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + # Disable buffering to a temporary file. + proxy_max_temp_file_size 0; + ''; + }; + + ${webHost} = { + enableACME = true; + forceSSL = true; + locations."/".extraConfig = '' + proxy_pass http://127.0.0.1:3902; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host;''; + }; }; } -- 2.47.1 From c4ee0dfc43b33bbd3a4a11c230d6e4be63cdcf04 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 11 Sep 2023 18:56:07 +0200 Subject: [PATCH 65/78] feat(nextcloud): Setup s3.dgnum.eu as the primary storage backend --- machines/compute01/nextcloud.nix | 18 ++++++++++++-- .../secrets/nextcloud-s3_secret_file | 24 +++++++++++++++++++ machines/compute01/secrets/secrets.nix | 1 + 3 files changed, 41 insertions(+), 2 deletions(-) create mode 100644 machines/compute01/secrets/nextcloud-s3_secret_file diff --git a/machines/compute01/nextcloud.nix b/machines/compute01/nextcloud.nix index a9f478c..37bfd85 100644 --- a/machines/compute01/nextcloud.nix +++ b/machines/compute01/nextcloud.nix @@ -24,6 +24,20 @@ in { defaultPhoneRegion = "FR"; trustedProxies = [ "::1" ]; + + objectstore.s3 = { + enable = true; + + hostname = "s3.dgnum.eu"; + region = "garage"; + usePathStyle = true; + port = 443; + + bucket = "nextcloud-dgnum"; + key = "GKda5367c73ca607c349d83c35"; + autocreate = false; + secretFile = config.age.secrets."nextcloud-s3_secret_file".path; + }; }; notify_push = { enable = true; }; @@ -41,7 +55,7 @@ in { updatechecker = false; allow_local_remote_servers = true; - "opcache.interned_strings_buffer" = 16; + "opcache.interned_strings_buffer" = 32; }; }; @@ -52,7 +66,7 @@ in { dgn-secrets.options = [ (setDefault { owner = "nextcloud"; } - (builtins.filter (lib.hasPrefix "nextcloud") config.dgn-secrets.names)) + (builtins.filter (lib.hasPrefix "nextcloud-") config.dgn-secrets.names)) ]; networking.firewall.allowedTCPPorts = [ 80 443 ]; diff --git a/machines/compute01/secrets/nextcloud-s3_secret_file b/machines/compute01/secrets/nextcloud-s3_secret_file new file mode 100644 index 0000000..20580db --- /dev/null +++ b/machines/compute01/secrets/nextcloud-s3_secret_file @@ -0,0 +1,24 @@ +age-encryption.org/v1 +-> ssh-ed25519 tDqJRg 2RokFJ8iIvUHNIkc8C0GB1CSho8pDWnj5zQ3rfCiI3k +C/u+oGgguGe8ZhcWFN3dWFdby7g+uizSoc9qUfyqh6U +-> ssh-ed25519 jIXfPA yGY4tw7TB0dxo7feCsTDgyMp9RFbJJUge9vF7DbhDRI +xjQcbO9sIDudnsILaQp1xZuDP5qYz0zz7sN5I115yTU +-> ssh-ed25519 QlRB9Q 90eLE1s+T5NdMprV4dOyVCoZbFKDYzr+ZmET8RTWOCE +n4uZBqYolKJ+gtNvZaleSLtY9JXHDKZBVYQTrAu64uE +-> ssh-rsa krWCLQ +mvsGtGUsHMVlLVd4WWWPmUU3XukP53JDxltl198Ar1nkviOU3e7kuBo7iQJqP7KM +GyZyZof280IWEulMgq15XPLyiPUXUs5ZJU4ESObWNaFV56fCRnJVpy1egoUx6QcA +jWpM3IdSswKM7JJIhZF6ol0C1HFFVmDOMyPu50YnoFUs2AgQZbiYAah8JFOIi55C +pzn0sTz/uejbbkqbmNnFEiNg6lH0u1hvIkFt00CSPtQFjcEgctOfK3lTjwbhj4C1 +VPjEmuEjl6BsfSRYS5/qyXJNBf9j3GXz/ngFeowgwOkFvhMHdpHLnzFTK5ST8ZkM +usrlFAWo4EsGArIB+9eo6A +-> ssh-ed25519 /vwQcQ EcyRCQAIz0MPe9SYyOp3Mw/SzmOSejj0TjBLOZNp7CQ +QTvtuZ0asPFJK14fLfeQ8ikHDm1Dph1G7YhEmrnzeUc +-> ssh-ed25519 0R97PA Kun17Nn0O9HcAq1z1kuWtJmgW/6/edrl5wrWJhkw8HA +Q7EZzEyK70xrdYBxz33GlgKOP2QScwYBRLlYufRVQss +-> !<+i-grease FxH]dhGf ` +uQHW6ZkCjGWBGqY9vDpOiib4Ti+ayNuS8tJnKnXaxTVH/UhCQrai2qhFdnRIHcO2 ++1VU3tqiN8LWyBXeeEC8Tq8I +--- BSn6z9x3g31WTDla9cia0InR+KDEerjJh2bRhXlwbaY +weݟ/mOTm,K\5ԖخTtm +SQՈ=IS,CPpFM?=P~ \ No newline at end of file diff --git a/machines/compute01/secrets/secrets.nix b/machines/compute01/secrets/secrets.nix index b50b7d3..f5f87a7 100644 --- a/machines/compute01/secrets/secrets.nix +++ b/machines/compute01/secrets/secrets.nix @@ -5,4 +5,5 @@ in lib.setDefault { inherit publicKeys; } [ "nextcloud-adminpass_file" + "nextcloud-s3_secret_file" ] -- 2.47.1 From 1e3b88d3c2a7cdf8b0b590b705af26060055b665 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 11 Sep 2023 18:59:59 +0200 Subject: [PATCH 66/78] feat(meta): Remove bureau from root access --- meta/nodes.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/nodes.nix b/meta/nodes.nix index 8a698c6..5e52b60 100644 --- a/meta/nodes.nix +++ b/meta/nodes.nix @@ -33,7 +33,7 @@ builtins.mapAttrs mkNode { }; compute01 = { - adminGroups = [ "bureau" ]; + # adminGroups = [ "bureau" ]; deployment.tags = [ "dns" ]; @@ -41,7 +41,7 @@ builtins.mapAttrs mkNode { }; storage01 = { - adminGroups = [ "bureau" ]; + # adminGroups = [ "bureau" ]; stateVersion = "23.05"; }; -- 2.47.1 From 475638baa81258c9dcd04bae603358b3737a1ed0 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Wed, 13 Sep 2023 10:00:50 +0200 Subject: [PATCH 67/78] fix(forgejo): Use common rules for the secret name --- machines/storage01/forgejo.nix | 2 +- ...jo_database-password-file => forgejo-database_password_file} | 0 machines/storage01/secrets/secrets.nix | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) rename machines/storage01/secrets/{forgejo_database-password-file => forgejo-database_password_file} (100%) diff --git a/machines/storage01/forgejo.nix b/machines/storage01/forgejo.nix index 9c7c14e..dfd5b8e 100644 --- a/machines/storage01/forgejo.nix +++ b/machines/storage01/forgejo.nix @@ -21,7 +21,7 @@ in database = { type = "postgres"; user = "git"; - passwordFile = config.age.secrets."forgejo_database-password-file".path; + passwordFile = config.age.secrets."forgejo-database_password_file".path; }; settings = { diff --git a/machines/storage01/secrets/forgejo_database-password-file b/machines/storage01/secrets/forgejo-database_password_file similarity index 100% rename from machines/storage01/secrets/forgejo_database-password-file rename to machines/storage01/secrets/forgejo-database_password_file diff --git a/machines/storage01/secrets/secrets.nix b/machines/storage01/secrets/secrets.nix index 31bf8ca..de4f9b8 100644 --- a/machines/storage01/secrets/secrets.nix +++ b/machines/storage01/secrets/secrets.nix @@ -4,5 +4,5 @@ let in lib.setDefault { inherit publicKeys; } [ - "forgejo_database-password-file" + "forgejo-database_password_file" ] -- 2.47.1 From 8ff860d3b82b6fe73f76a4f7f12a11aea1897d12 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Wed, 13 Sep 2023 10:39:55 +0200 Subject: [PATCH 68/78] feat(storage01): Deploy peertube on videos.dgnum.eu --- machines/storage01/_configuration.nix | 1 + machines/storage01/peertube.nix | 54 ++++++++++++++++++ .../storage01/secrets/peertube-secrets_file | Bin 0 -> 1211 bytes .../secrets/peertube-service_environment_file | 23 ++++++++ machines/storage01/secrets/secrets.nix | 2 + 5 files changed, 80 insertions(+) create mode 100644 machines/storage01/peertube.nix create mode 100644 machines/storage01/secrets/peertube-secrets_file create mode 100644 machines/storage01/secrets/peertube-service_environment_file diff --git a/machines/storage01/_configuration.nix b/machines/storage01/_configuration.nix index c32169d..6b9d643 100644 --- a/machines/storage01/_configuration.nix +++ b/machines/storage01/_configuration.nix @@ -14,6 +14,7 @@ let enabledServices = [ "forgejo" "garage" + "peertube" ]; in diff --git a/machines/storage01/peertube.nix b/machines/storage01/peertube.nix new file mode 100644 index 0000000..68c028a --- /dev/null +++ b/machines/storage01/peertube.nix @@ -0,0 +1,54 @@ +{ config, lib, dgn-lib, ... }: + +let + inherit (dgn-lib) setDefault; + + host = "videos.dgnum.eu"; + +in { + services.peertube = { + enable = true; + + settings = { + object_storage = { + enabled = true; + + endpoint = "s3.dgnum.eu"; + region = "garage"; + + videos = { + bucket_name = "peertube-videos-dgnum"; + prefix = "web-videos"; + }; + + streaming_playlists = { + bucket_name = "peertube-videos-dgnum"; + prefix = "streaming-playlists"; + }; + }; + }; + + localDomain = host; + configureNginx = true; + listenWeb = 443; + enableWebHttps = true; + + redis.createLocally = true; + database.createLocally = true; + + # smtp.passwordFile = ""; + serviceEnvironmentFile = + config.age.secrets."peertube-service_environment_file".path; + secrets.secretsFile = config.age.secrets."peertube-secrets_file".path; + }; + + services.nginx.virtualHosts.${host} = { + enableACME = true; + forceSSL = true; + }; + + dgn-secrets.options = [ + (setDefault { owner = "peertube"; } + (builtins.filter (lib.hasPrefix "peertube-") config.dgn-secrets.names)) + ]; +} diff --git a/machines/storage01/secrets/peertube-secrets_file b/machines/storage01/secrets/peertube-secrets_file new file mode 100644 index 0000000000000000000000000000000000000000..e1423d243918fd1baaee518883c9b000b35221ab GIT binary patch literal 1211 zcmZY7xy$5q0LJmPunDY!f?8NiKfdOe9213Qlg#9rT))Yk1u-)@Co`GJB$*ulfMEB6 zu$5R^DA)+XYHQ&t+F96$wy%Pym9XNnu+91pJYRVDglT*gm)rAjYVu?G=JA}u7Zkd> zGpXzBDvmIMKpZ|6k8chd;}`^GVaF<6bSB#!3G4!%t?eW)F_=k)VEkfXMjkva&s3VA zHj-6?O{G=OZAMmhgE^BX)85Z*i0?9LCBWS*O8CSG_s3>DF;s|yVNVoRZf}=z&*>(c zHuGm|V83Q*FaeixCEK33j6j?UZ4s!lNF1DL*>$>g>hf#}b{T<~eldsQt_-!AFs<@c zfcJa~e0VNO`Y>og5MlUSL}V(S#*#m?pVrQGI4RC9rvNDSRRE$@f+?lrbW5JWgUILj zImy)m$^dQP5Rpc^gS{JJAh(%VaynZD#*Pxq(qD5>xz=lobsZlqXQAalOJOD0~=8Dznq zbu%@qQdT5R3(jXv>~+alS%*b}t#UIg3d}=hFfE0J4K3HLra0)4Zd2g|tAVQt+Ja5+ zp;v~K>d-iJRB8uTZS_C5$eN}eyDg_!vuS`J73-K@;3SZyRDP<-xw8oSvESNpeW~ag z&k6)eQD9d|9dB$^gqIp}5ZEE1GL?>UE$;Zus2^QTOd_U!BI&MrxJu7)SjQ7)65bIZ zMrb#Kyv=gNB-uqtX_Z5(S#PvUg(3xc5F^>&ID}Re#xZq_irB35Y*ZYpTA-?!bC8Z< z0!4H4z1?eWnFpZ@tK>MMY_=0ybuAe)Lh9LASw8;u>T1$OV}tW0qJla@8+kNNrH(tE`^)H{@d+y#xh5>%|{(9-=d-pc{ z&3muCa}9lX^Zd1RYx8Ni{^5`72M@k_<)26K%Rk+%zWnapNBpaQo8SJ6mT%u|U$5W~ V9)9A#|NF-YeapK4)~y$Q{13nll%N0r literal 0 HcmV?d00001 diff --git a/machines/storage01/secrets/peertube-service_environment_file b/machines/storage01/secrets/peertube-service_environment_file new file mode 100644 index 0000000..4172d55 --- /dev/null +++ b/machines/storage01/secrets/peertube-service_environment_file @@ -0,0 +1,23 @@ +age-encryption.org/v1 +-> ssh-ed25519 rHotTw WmrGFW7qSFMAHK2A9EsQqVoyEydBBKIPOLco5Qz+FTM +wTNVKVrELhjOCImcB5Aa6xQDM44Pgjg7c/peWowB5pE +-> ssh-ed25519 jIXfPA i8WVVJhJhqbyKteoXh12iKXbh9kMoSYwNKOlc5R0ly4 +lDeP6wuEJ1CRn2eO8/xgzkFwQbDiAClet/E+ApCEpwc +-> ssh-ed25519 QlRB9Q q2/WkbWx8jfguSWff3CRPzDqRkj9rdSSFiyx8XP43Wk +JSXsS5vlOuZ4KLPV2BlYREWeJFLgmyFu4PkmERWRwQQ +-> ssh-rsa krWCLQ +IG+sRvnI27Y9WOFiwJFu/gVjWuHsC/UuIaztYFp3hcsQ5u5OkkColFTyYchexcr+ +wacFxSuh97rAaBNf3pVrHkadbE+xzabeqbAHwj82cwNa46//B9QNe55dQPI/brNP +PscadzoSk4hO5hFYbO3yKsY3SGBDZ1HaKoGkqHTBp0yLwh9OS52uZn4a7qhfFYm2 +ANmZ9hsiUWuRlX6oB5qwAYw9fR3U4fMMfoq+ned9H3q6mgKOBHlTd60LnlPfZ3Rv +w14Yd4kXkyhamzG4s9LMLmcOH5Ecd8K6p+zk4eeU+XlfCQtftCbUVHFowDvh4t9p +BWDGnBrlDuFUKSO1rkms/w +-> ssh-ed25519 /vwQcQ M3pYIIOBiiFMU+P5fTKb1Au883HHRp8Wg8W4BvUV7BE +Abok9TA/fCZGWNBU8TOckLBWNrCe645jZyvXrXjeJ00 +-> ssh-ed25519 0R97PA uedNJfc0nIpRktsjJW1PDJVBJkFcbYZ8cafgIr38hVo +vm4su6RqEU3ZnyFfxrzju9f1S2zjXkNbvCHN6WAkJdM +-> z Date: Wed, 13 Sep 2023 11:09:41 +0200 Subject: [PATCH 69/78] feat(compute01): Deploy mastodon on social.dgnum.eu --- machines/compute01/_configuration.nix | 1 + machines/compute01/mastodon.nix | 46 +++++++++++++++++++ .../compute01/secrets/mastodon-extra_env_file | 22 +++++++++ machines/compute01/secrets/secrets.nix | 1 + 4 files changed, 70 insertions(+) create mode 100644 machines/compute01/mastodon.nix create mode 100644 machines/compute01/secrets/mastodon-extra_env_file diff --git a/machines/compute01/_configuration.nix b/machines/compute01/_configuration.nix index a0a2cfd..84c56f1 100644 --- a/machines/compute01/_configuration.nix +++ b/machines/compute01/_configuration.nix @@ -13,6 +13,7 @@ let # List of services to enable enabledServices = [ + "mastodon" "nextcloud" ]; in diff --git a/machines/compute01/mastodon.nix b/machines/compute01/mastodon.nix new file mode 100644 index 0000000..dc34407 --- /dev/null +++ b/machines/compute01/mastodon.nix @@ -0,0 +1,46 @@ +{ config, lib, dgn-lib, ... }: + +let + inherit (dgn-lib) setDefault; + + host = "social.dgnum.eu"; +in { + services.mastodon = { + enable = true; + + localDomain = host; + smtp = { + # TODO: smtp setup + fromAddress = "social@services.dgnum.eu"; + + }; + + configureNginx = true; + + extraConfig = { + # https://docs.codeberg.org/codeberg-pages/redirects/ is not yet active + # LOCAL_DOMAIN = "dgnum.eu"; + WEB_DOMAIN = host; + + RAILS_LOG_LEVEL = "warn"; + + # ObjectStorage configuration + S3_ENABLED = "true"; + S3_BUCKET = "mastodon-dgnum"; + S3_REGION = "garage"; + S3_HOSTNAME = "s3.dgnum.eu"; + S3_ALIAS_HOST = "cdn.dgnum.eu"; + + # TODO: Setup SAML & OIDC + # OIDC_ENABLED = true; + # SAML_ENABLED = true; + }; + + extraEnvFiles = [ config.age.secrets."mastodon-extra_env_file".path ]; + }; + + dgn-secrets.options = [ + (setDefault { owner = "mastodon"; } + (builtins.filter (lib.hasPrefix "mastodon-") config.dgn-secrets.names)) + ]; +} diff --git a/machines/compute01/secrets/mastodon-extra_env_file b/machines/compute01/secrets/mastodon-extra_env_file new file mode 100644 index 0000000..b2fc2cb --- /dev/null +++ b/machines/compute01/secrets/mastodon-extra_env_file @@ -0,0 +1,22 @@ +age-encryption.org/v1 +-> ssh-ed25519 tDqJRg xNNldkifAQwLOkeNpg+xXdxCaLnH0ziL7KiX58Wdyk8 +irS6sJtxQ9MIsbdAFWgl/jK+fmzA9p3ryApL1ZIeCqc +-> ssh-ed25519 jIXfPA lQSpiHzk48aMknwBSmF5pOTbyw5glnB5ZUYcJl6qthY +/1MF+IlsT/CPV7nOnsl/Wyv6y5Ek2ZBPjLxvTFf4PTE +-> ssh-ed25519 QlRB9Q QipZpn7OE0MN15+eLJc0VJY2erbHJpFu3KEH3AVSs18 +FbF8C0xeapi38xPaIdWTJ+nilygdDrkF6zga3TqpXKQ +-> ssh-rsa krWCLQ +F8bCPw//P3fDNTFSw6Rz9/bfyGTzhfhDm5rFBH+55WxKgqjozdl2Jih4mEP+U//E +W/qu/w0dl/Ezsg6EVSfwvbr9yVkkEQ4fIjWrqOrA7vWTrjZEizuKc3+X5UL1ph6B +4E4ycTSG+8IztcJMkInxbVGFkKf1NzUd+cR7jyk7kHvEFA0KGQm+IbQXoqtTpDbC +WmgmXxl+YHAtO2a7WvtW4awTvhVIVyTT0Y80kB7qg41fhlCz3/g+ba1KSvYXeEcz +xJws4w2Q4vWBrdx6R+pZz474+9/xoNOHgQBHkaaPX/uLH4lR52/1s+FW9fU+dZb2 +3N4WgwUmqZFRzXjnnLOHug +-> ssh-ed25519 /vwQcQ GFlgw/L4yEP9rYDV3clED6J0P2zvxYEfpn68VbUnAzU +FlNYopCEnLrSOWTWrDVeniiie5Yyc3bz8R0AMRr2zT8 +-> ssh-ed25519 0R97PA tqjjGtFmabpyOA0HqHj+UQ3uuWCKNqphljKjExRNjEg +oe8v9P1kT/NkigmqEVc2Gnj819qwZWRYDl1kZdirHcw +-> ^"=JjR6L-grease x!Vh }L4 'D|=jT\ +mjg7e7m0a15qA22d5KgAmDLIr70ZG/zOFSIGatd9nYBy +--- y4n3JGSjNqSdna6V9lb9GaSBd72nQpOebNaPGwaduuo +h4ėru;zzBJQٰNUYXC t\qKւ u~++?Uﺶٿ^~Vߘv͎'v )wv~>Ŭ23rcwPn,ӈ\|A@TP؇ \ No newline at end of file diff --git a/machines/compute01/secrets/secrets.nix b/machines/compute01/secrets/secrets.nix index f5f87a7..7a01886 100644 --- a/machines/compute01/secrets/secrets.nix +++ b/machines/compute01/secrets/secrets.nix @@ -4,6 +4,7 @@ let in lib.setDefault { inherit publicKeys; } [ + "mastodon-extra_env_file" "nextcloud-adminpass_file" "nextcloud-s3_secret_file" ] -- 2.47.1 From 9fa7d44048c2685cae1daa46b18b2b96a76e50af Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Wed, 13 Sep 2023 11:09:56 +0200 Subject: [PATCH 70/78] chore(npins): Update --- npins/sources.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/npins/sources.json b/npins/sources.json index 73961c5..2f073c1 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -57,8 +57,8 @@ "nixos-23.05": { "type": "Channel", "name": "nixos-23.05", - "url": "https://releases.nixos.org/nixos/23.05/nixos-23.05.3279.4077a0e4ac33/nixexprs.tar.xz", - "hash": "1fwb9cbkcq18hhcr7iwn46rfak30smphkmird90hl9j4s4bwqcps" + "url": "https://releases.nixos.org/nixos/23.05/nixos-23.05.3376.4c8cf44c5b94/nixexprs.tar.xz", + "hash": "0y4rgn0qynj8a2pnz5hhjpszr5zgjixgvcvimnncgx2sczbmrnp5" }, "nixos-unstable": { "type": "Channel", -- 2.47.1 From 17149184a9131e8912b044ddf98df930052cb29b Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Thu, 14 Sep 2023 08:04:48 +0200 Subject: [PATCH 71/78] feat(compute01): Deploy kanidm on sso.dgnum.eu --- machines/compute01/_configuration.nix | 1 + machines/compute01/kanidm/default.nix | 75 + nix-patches/246564.patch | 5628 +++++++++++++++++++++++++ nix-patches/default.nix | 4 + 4 files changed, 5708 insertions(+) create mode 100644 machines/compute01/kanidm/default.nix create mode 100644 nix-patches/246564.patch diff --git a/machines/compute01/_configuration.nix b/machines/compute01/_configuration.nix index 84c56f1..8c8225f 100644 --- a/machines/compute01/_configuration.nix +++ b/machines/compute01/_configuration.nix @@ -13,6 +13,7 @@ let # List of services to enable enabledServices = [ + "kanidm" "mastodon" "nextcloud" ]; diff --git a/machines/compute01/kanidm/default.nix b/machines/compute01/kanidm/default.nix new file mode 100644 index 0000000..57b902a --- /dev/null +++ b/machines/compute01/kanidm/default.nix @@ -0,0 +1,75 @@ +{ config, ... }: + +let + domain = "sso.dgnum.eu"; + + cert = config.security.acme.certs.${domain}; + + allowedSubDomains = [ "cloud" "git" "videos" "social" ]; +in { + services.kanidm = { + enableServer = true; + + serverSettings = { + inherit domain; + + origin = "https://${domain}"; + + bindaddress = "127.0.0.1:8443"; + ldapbindaddress = "0.0.0.0:636"; + + trust_x_forward_for = true; + + tls_chain = "${cert.directory}/fullchain.pem"; + tls_key = "${cert.directory}/key.pem"; + }; + }; + + users.users.kanidm.extraGroups = [ cert.group ]; + + services.nginx = { + enable = true; + + virtualHosts.${domain} = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "https://127.0.0.1:8443"; + + extraConfig = '' + if ( $request_method !~ ^(GET|POST|HEAD|OPTIONS|PUT|PATCH|DELETE)$ ) { + return 444; + } + + set $origin $http_origin; + + if ($origin !~ '^https?://(${builtins.concatStringsSep "|" allowedSubDomains})\.dgnum\.eu$') { + set $origin 'https://${domain}'; + } + + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' "$origin" always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PATCH, PUT, DELETE, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'Content-Type, Accept, Authorization' always; + add_header 'Access-Control-Allow-Credentials' 'true' always; + + add_header Access-Control-Max-Age 1728000; + add_header Content-Type 'text/plain charset=UTF-8'; + add_header Content-Length 0; + return 204; + } + + if ($request_method ~ '(GET|POST|PATCH|PUT|DELETE)') { + add_header Access-Control-Allow-Origin "$origin" always; + add_header Access-Control-Allow-Methods 'GET, POST, PATCH, PUT, DELETE, OPTIONS' always; + add_header Access-Control-Allow-Headers 'Content-Type, Accept, Authorization' always; + add_header Access-Control-Allow-Credentials true always; + } + ''; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 636 ]; + networking.firewall.allowedUDPPorts = [ 636 ]; +} diff --git a/nix-patches/246564.patch b/nix-patches/246564.patch new file mode 100644 index 0000000..ae87f98 --- /dev/null +++ b/nix-patches/246564.patch @@ -0,0 +1,5628 @@ +From 184d15cc068def96972c88a4d4a80336fe13bc88 Mon Sep 17 00:00:00 2001 +From: Martin Weinelt +Date: Tue, 1 Aug 2023 12:56:10 +0200 +Subject: [PATCH] kanidm: 1.1.0-alpha.12 -> 1.1.0-beta.13 + +https://github.com/kanidm/kanidm/releases/tag/v1.1.0-beta.13 + +The kanidmd process now creates a unix socket, over which admin tasks +can be done, without having to shut kanidm down first. + +The kanidm_unixd process now wants access to /etc/shadow and /etc/group, +so it can rule out collisions with the host system. +--- + nixos/modules/services/security/kanidm.nix | 17 +- + nixos/tests/kanidm.nix | 9 +- + pkgs/servers/kanidm/Cargo.lock | 5427 -------------------- + pkgs/servers/kanidm/default.nix | 33 +- + 4 files changed, 29 insertions(+), 5457 deletions(-) + delete mode 100644 pkgs/servers/kanidm/Cargo.lock + +diff --git a/nixos/modules/services/security/kanidm.nix b/nixos/modules/services/security/kanidm.nix +index cea2a56bdcd1bd..6fb9f71a489e2d 100644 +--- a/nixos/modules/services/security/kanidm.nix ++++ b/nixos/modules/services/security/kanidm.nix +@@ -122,8 +122,8 @@ in + }; + log_level = lib.mkOption { + description = lib.mdDoc "Log level of the server."; +- default = "default"; +- type = lib.types.enum [ "default" "verbose" "perfbasic" "perffull" ]; ++ default = "info"; ++ type = lib.types.enum [ "info" "debug" "trace" ]; + }; + role = lib.mkOption { + description = lib.mdDoc "The role of this server. This affects the replication relationship and thereby available features."; +@@ -236,17 +236,23 @@ in + { + StateDirectory = "kanidm"; + StateDirectoryMode = "0700"; ++ RuntimeDirectory = "kanidmd"; + ExecStart = "${pkgs.kanidm}/bin/kanidmd server -c ${serverConfigFile}"; + User = "kanidm"; + Group = "kanidm"; + ++ BindPaths = [ ++ # To create the socket ++ "/run/kanidmd:/run/kanidmd" ++ ]; ++ + AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; + CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ]; + # This would otherwise override the CAP_NET_BIND_SERVICE capability. + PrivateUsers = lib.mkForce false; + # Port needs to be exposed to the host network + PrivateNetwork = lib.mkForce false; +- RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; ++ RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ]; + TemporaryFileSystem = "/:ro"; + } + ]; +@@ -273,6 +279,8 @@ in + "-/etc/static/kanidm" + "-/etc/ssl" + "-/etc/static/ssl" ++ "-/etc/passwd" ++ "-/etc/group" + ]; + BindPaths = [ + # To create the socket +@@ -327,6 +335,9 @@ in + + # These paths are hardcoded + environment.etc = lib.mkMerge [ ++ (lib.mkIf cfg.enableServer { ++ "kanidm/server.toml".source = serverConfigFile; ++ }) + (lib.mkIf options.services.kanidm.clientSettings.isDefined { + "kanidm/config".source = clientConfigFile; + }) +diff --git a/nixos/tests/kanidm.nix b/nixos/tests/kanidm.nix +index 673a65174dfee0..3f5bca397740ef 100644 +--- a/nixos/tests/kanidm.nix ++++ b/nixos/tests/kanidm.nix +@@ -67,9 +67,10 @@ import ./make-test-python.nix ({ pkgs, ... }: + '' + start_all() + server.wait_for_unit("kanidm.service") ++ client.wait_for_unit("network-online.target") + + with subtest("Test HTTP interface"): +- server.wait_until_succeeds("curl -sf https://${serverDomain} | grep Kanidm") ++ server.wait_until_succeeds("curl -Lsf https://${serverDomain} | grep Kanidm") + + with subtest("Test LDAP interface"): + server.succeed("ldapsearch -H ldaps://${serverDomain}:636 -b '${ldapBaseDN}' -x '(name=test)'") +@@ -80,15 +81,11 @@ import ./make-test-python.nix ({ pkgs, ... }: + client.succeed("kanidm logout") + + with subtest("Recover idm_admin account"): +- # Must stop the server for account recovery or else kanidmd fails with +- # "unable to lock kanidm exclusive lock at /var/lib/kanidm/kanidm.db.klock". +- server.succeed("systemctl stop kanidm") + idm_admin_password = server.succeed("su - kanidm -c 'kanidmd recover-account -c ${serverConfigFile} idm_admin 2>&1 | rg -o \'[A-Za-z0-9]{48}\' '").strip().removeprefix("'").removesuffix("'") +- server.succeed("systemctl start kanidm") + + with subtest("Test unixd connection"): + client.wait_for_unit("kanidm-unixd.service") +- # TODO: client.wait_for_file("/run/kanidm-unixd/sock") ++ client.wait_for_file("/run/kanidm-unixd/sock") + client.wait_until_succeeds("kanidm-unix status | grep working!") + + with subtest("Test user creation"): +diff --git a/pkgs/servers/kanidm/Cargo.lock b/pkgs/servers/kanidm/Cargo.lock +deleted file mode 100644 +index 8ffa5ae63ed992..00000000000000 +--- a/pkgs/servers/kanidm/Cargo.lock ++++ /dev/null +@@ -1,5427 +0,0 @@ +-# This file is automatically @generated by Cargo. +-# It is not intended for manual editing. +-version = 3 +- +-[[package]] +-name = "adler" +-version = "1.0.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" +- +-[[package]] +-name = "aead" +-version = "0.3.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "7fc95d1bdb8e6666b2b217308eeeb09f2d6728d104be3e31916cc74d15420331" +-dependencies = [ +- "generic-array 0.14.7", +-] +- +-[[package]] +-name = "aes" +-version = "0.6.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "884391ef1066acaa41e766ba8f596341b96e93ce34f9a43e7d24bf0a0eaf0561" +-dependencies = [ +- "aes-soft", +- "aesni", +- "cipher", +-] +- +-[[package]] +-name = "aes-gcm" +-version = "0.8.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "5278b5fabbb9bd46e24aa69b2fdea62c99088e0a950a9be40e3e0101298f88da" +-dependencies = [ +- "aead", +- "aes", +- "cipher", +- "ctr", +- "ghash", +- "subtle", +-] +- +-[[package]] +-name = "aes-soft" +-version = "0.6.4" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "be14c7498ea50828a38d0e24a765ed2effe92a705885b57d029cd67d45744072" +-dependencies = [ +- "cipher", +- "opaque-debug 0.3.0", +-] +- +-[[package]] +-name = "aesni" +-version = "0.10.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "ea2e11f5e94c2f7d386164cc2aa1f97823fed6f259e486940a71c174dd01b0ce" +-dependencies = [ +- "cipher", +- "opaque-debug 0.3.0", +-] +- +-[[package]] +-name = "ahash" +-version = "0.7.6" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "fcb51a0695d8f838b1ee009b3fbf66bda078cd64590202a864a8f3e8c4315c47" +-dependencies = [ +- "getrandom 0.2.9", +- "once_cell", +- "version_check", +-] +- +-[[package]] +-name = "ahash" +-version = "0.8.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "2c99f64d1e06488f620f932677e24bc6e2897582980441ae90a671415bd7ec2f" +-dependencies = [ +- "cfg-if 1.0.0", +- "once_cell", +- "version_check", +-] +- +-[[package]] +-name = "aho-corasick" +-version = "1.0.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "67fc08ce920c31afb70f013dcce1bfc3a3195de6a228474e45e1f145b36f8d04" +-dependencies = [ +- "memchr", +-] +- +-[[package]] +-name = "android_system_properties" +-version = "0.1.5" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311" +-dependencies = [ +- "libc", +-] +- +-[[package]] +-name = "anes" +-version = "0.1.6" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "4b46cbb362ab8752921c97e041f5e366ee6297bd428a31275b9fcf1e380f7299" +- +-[[package]] +-name = "anyhow" +-version = "1.0.71" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "9c7d0618f0e0b7e8ff11427422b64564d5fb0be1940354bfe2e0529b18a9d9b8" +- +-[[package]] +-name = "anymap2" +-version = "0.13.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "d301b3b94cb4b2f23d7917810addbbaff90738e0ca2be692bd027e70d7e0330c" +- +-[[package]] +-name = "arrayref" +-version = "0.3.7" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "6b4930d2cb77ce62f89ee5d5289b4ac049559b1c45539271f5ed4fdc7db34545" +- +-[[package]] +-name = "arrayvec" +-version = "0.5.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "23b62fc65de8e4e7f52534fb52b0f3ed04746ae267519eef2a83941e8085068b" +- +-[[package]] +-name = "asn1-rs" +-version = "0.3.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "30ff05a702273012438132f449575dbc804e27b2f3cbe3069aa237d26c98fa33" +-dependencies = [ +- "asn1-rs-derive", +- "asn1-rs-impl", +- "displaydoc", +- "nom", +- "num-traits", +- "rusticata-macros", +- "thiserror", +- "time 0.3.21", +-] +- +-[[package]] +-name = "asn1-rs-derive" +-version = "0.1.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "db8b7511298d5b7784b40b092d9e9dcd3a627a5707e4b5e507931ab0d44eeebf" +-dependencies = [ +- "proc-macro2", +- "quote", +- "syn 1.0.109", +- "synstructure", +-] +- +-[[package]] +-name = "asn1-rs-impl" +-version = "0.1.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "2777730b2039ac0f95f093556e61b6d26cebed5393ca6f152717777cec3a42ed" +-dependencies = [ +- "proc-macro2", +- "quote", +- "syn 1.0.109", +-] +- +-[[package]] +-name = "async-channel" +-version = "1.8.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "cf46fee83e5ccffc220104713af3292ff9bc7c64c7de289f66dae8e38d826833" +-dependencies = [ +- "concurrent-queue", +- "event-listener", +- "futures-core", +-] +- +-[[package]] +-name = "async-compression" +-version = "0.3.15" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "942c7cd7ae39e91bde4820d74132e9862e62c2f386c3aa90ccf55949f5bad63a" +-dependencies = [ +- "flate2", +- "futures-core", +- "futures-io", +- "memchr", +- "pin-project-lite 0.2.9", +-] +- +-[[package]] +-name = "async-compression" +-version = "0.4.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "5b0122885821398cc923ece939e24d1056a2384ee719432397fa9db87230ff11" +-dependencies = [ +- "flate2", +- "futures-core", +- "memchr", +- "pin-project-lite 0.2.9", +- "tokio", +-] +- +-[[package]] +-name = "async-dup" +-version = "1.2.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "7427a12b8dc09291528cfb1da2447059adb4a257388c2acd6497a79d55cf6f7c" +-dependencies = [ +- "futures-io", +- "simple-mutex", +-] +- +-[[package]] +-name = "async-executor" +-version = "1.5.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "6fa3dc5f2a8564f07759c008b9109dc0d39de92a88d5588b8a5036d286383afb" +-dependencies = [ +- "async-lock", +- "async-task", +- "concurrent-queue", +- "fastrand", +- "futures-lite", +- "slab", +-] +- +-[[package]] +-name = "async-global-executor" +-version = "2.3.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "f1b6f5d7df27bd294849f8eec66ecfc63d11814df7a4f5d74168a2394467b776" +-dependencies = [ +- "async-channel", +- "async-executor", +- "async-io", +- "async-lock", +- "blocking", +- "futures-lite", +- "once_cell", +-] +- +-[[package]] +-name = "async-h1" +-version = "2.3.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "8101020758a4fc3a7c326cb42aa99e9fa77cbfb76987c128ad956406fe1f70a7" +-dependencies = [ +- "async-channel", +- "async-dup", +- "async-std", +- "futures-core", +- "http-types", +- "httparse", +- "log", +- "pin-project", +-] +- +-[[package]] +-name = "async-io" +-version = "1.13.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "0fc5b45d93ef0529756f812ca52e44c221b35341892d3dcc34132ac02f3dd2af" +-dependencies = [ +- "async-lock", +- "autocfg", +- "cfg-if 1.0.0", +- "concurrent-queue", +- "futures-lite", +- "log", +- "parking", +- "polling", +- "rustix", +- "slab", +- "socket2", +- "waker-fn", +-] +- +-[[package]] +-name = "async-lock" +-version = "2.7.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "fa24f727524730b077666307f2734b4a1a1c57acb79193127dcc8914d5242dd7" +-dependencies = [ +- "event-listener", +-] +- +-[[package]] +-name = "async-process" +-version = "1.7.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "7a9d28b1d97e08915212e2e45310d47854eafa69600756fc735fb788f75199c9" +-dependencies = [ +- "async-io", +- "async-lock", +- "autocfg", +- "blocking", +- "cfg-if 1.0.0", +- "event-listener", +- "futures-lite", +- "rustix", +- "signal-hook", +- "windows-sys 0.48.0", +-] +- +-[[package]] +-name = "async-session" +-version = "2.0.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "345022a2eed092cd105cc1b26fd61c341e100bd5fcbbd792df4baf31c2cc631f" +-dependencies = [ +- "anyhow", +- "async-std", +- "async-trait", +- "base64 0.12.3", +- "bincode", +- "blake3", +- "chrono", +- "hmac 0.8.1", +- "kv-log-macro", +- "rand 0.7.3", +- "serde", +- "serde_json", +- "sha2 0.9.9", +-] +- +-[[package]] +-name = "async-sse" +-version = "4.1.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "53bba003996b8fd22245cd0c59b869ba764188ed435392cf2796d03b805ade10" +-dependencies = [ +- "async-channel", +- "async-std", +- "http-types", +- "log", +- "memchr", +- "pin-project-lite 0.1.12", +-] +- +-[[package]] +-name = "async-std" +-version = "1.12.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "62565bb4402e926b29953c785397c6dc0391b7b446e45008b0049eb43cec6f5d" +-dependencies = [ +- "async-channel", +- "async-global-executor", +- "async-io", +- "async-lock", +- "async-process", +- "crossbeam-utils", +- "futures-channel", +- "futures-core", +- "futures-io", +- "futures-lite", +- "gloo-timers", +- "kv-log-macro", +- "log", +- "memchr", +- "once_cell", +- "pin-project-lite 0.2.9", +- "pin-utils", +- "slab", +- "wasm-bindgen-futures", +-] +- +-[[package]] +-name = "async-std-openssl" +-version = "0.6.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "408a76b00fc49b11fe78f1f7a90557a3c887af1d4570fb33e15a70eb7e6b95ee" +-dependencies = [ +- "async-dup", +- "async-std", +- "futures-util", +- "openssl", +- "openssl-sys", +-] +- +-[[package]] +-name = "async-task" +-version = "4.4.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "ecc7ab41815b3c653ccd2978ec3255c81349336702dfdf62ee6f7069b12a3aae" +- +-[[package]] +-name = "async-trait" +-version = "0.1.68" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "b9ccdd8f2a161be9bd5c023df56f1b2a0bd1d83872ae53b71a84a12c9bf6e842" +-dependencies = [ +- "proc-macro2", +- "quote", +- "syn 2.0.16", +-] +- +-[[package]] +-name = "atomic-waker" +-version = "1.1.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "1181e1e0d1fce796a03db1ae795d67167da795f9cf4a39c37589e85ef57f26d3" +- +-[[package]] +-name = "atty" +-version = "0.2.14" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8" +-dependencies = [ +- "hermit-abi 0.1.19", +- "libc", +- "winapi", +-] +- +-[[package]] +-name = "authenticator-ctap2-2021" +-version = "0.3.2-dev.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "d06c690e5e2800f70c0cf8773a9fe7680d66e719dae9b4cabedd13ef4885d056" +-dependencies = [ +- "base64 0.13.1", +- "bitflags", +- "cfg-if 1.0.0", +- "core-foundation", +- "devd-rs", +- "libc", +- "libudev", +- "log", +- "memoffset 0.6.5", +- "nom", +- "openssl", +- "openssl-sys", +- "rand 0.8.5", +- "runloop", +- "serde", +- "serde_bytes", +- "serde_cbor", +- "serde_json", +- "sha2 0.10.6", +- "winapi", +-] +- +-[[package]] +-name = "autocfg" +-version = "1.1.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" +- +-[[package]] +-name = "base-x" +-version = "0.2.11" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "4cbbc9d0964165b47557570cce6c952866c2678457aca742aafc9fb771d30270" +- +-[[package]] +-name = "base32" +-version = "0.4.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "23ce669cd6c8588f79e15cf450314f9638f967fc5770ff1c7c1deb0925ea7cfa" +- +-[[package]] +-name = "base64" +-version = "0.12.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "3441f0f7b02788e948e47f457ca01f1d7e6d92c693bc132c22b087d3141c03ff" +- +-[[package]] +-name = "base64" +-version = "0.13.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" +- +-[[package]] +-name = "base64" +-version = "0.21.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "3f1e31e207a6b8fb791a38ea3105e6cb541f55e4d029902d3039a4ad07cc4105" +- +-[[package]] +-name = "base64urlsafedata" +-version = "0.1.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "18b3d30abb74120a9d5267463b9e0045fdccc4dd152e7249d966612dc1721384" +-dependencies = [ +- "base64 0.21.1", +- "serde", +- "serde_json", +-] +- +-[[package]] +-name = "bincode" +-version = "1.3.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "b1f45e9417d87227c7a56d22e471c6206462cba514c7590c09aff4cf6d1ddcad" +-dependencies = [ +- "serde", +-] +- +-[[package]] +-name = "bit-set" +-version = "0.5.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "0700ddab506f33b20a03b13996eccd309a48e5ff77d0d95926aa0210fb4e95f1" +-dependencies = [ +- "bit-vec", +-] +- +-[[package]] +-name = "bit-vec" +-version = "0.6.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb" +- +-[[package]] +-name = "bitflags" +-version = "1.3.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" +- +-[[package]] +-name = "blake3" +-version = "0.3.8" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "b64485778c4f16a6a5a9d335e80d449ac6c70cdd6a06d2af18a6f6f775a125b3" +-dependencies = [ +- "arrayref", +- "arrayvec", +- "cc", +- "cfg-if 0.1.10", +- "constant_time_eq", +- "crypto-mac 0.8.0", +- "digest 0.9.0", +-] +- +-[[package]] +-name = "block-buffer" +-version = "0.7.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "c0940dc441f31689269e10ac70eb1002a3a1d3ad1390e030043662eb7fe4688b" +-dependencies = [ +- "block-padding", +- "byte-tools", +- "byteorder", +- "generic-array 0.12.4", +-] +- +-[[package]] +-name = "block-buffer" +-version = "0.9.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4" +-dependencies = [ +- "generic-array 0.14.7", +-] +- +-[[package]] +-name = "block-buffer" +-version = "0.10.4" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +-dependencies = [ +- "generic-array 0.14.7", +-] +- +-[[package]] +-name = "block-padding" +-version = "0.1.5" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "fa79dedbb091f449f1f39e53edf88d5dbe95f895dae6135a8d7b881fb5af73f5" +-dependencies = [ +- "byte-tools", +-] +- +-[[package]] +-name = "blocking" +-version = "1.3.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "77231a1c8f801696fc0123ec6150ce92cffb8e164a02afb9c8ddee0e9b65ad65" +-dependencies = [ +- "async-channel", +- "async-lock", +- "async-task", +- "atomic-waker", +- "fastrand", +- "futures-lite", +- "log", +-] +- +-[[package]] +-name = "boolinator" +-version = "2.4.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "cfa8873f51c92e232f9bac4065cddef41b714152812bfc5f7672ba16d6ef8cd9" +- +-[[package]] +-name = "bumpalo" +-version = "3.13.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "a3e2c3daef883ecc1b5d58c15adae93470a91d425f3532ba1695849656af3fc1" +- +-[[package]] +-name = "byte-tools" +-version = "0.3.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "e3b5ca7a04898ad4bcd41c90c5285445ff5b791899bb1b0abdd2a2aa791211d7" +- +-[[package]] +-name = "bytemuck" +-version = "1.13.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "17febce684fd15d89027105661fec94afb475cb995fbc59d2865198446ba2eea" +- +-[[package]] +-name = "byteorder" +-version = "1.4.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" +- +-[[package]] +-name = "bytes" +-version = "1.4.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "89b2fd2a0dcf38d7971e2194b6b6eebab45ae01067456a7fd93d5547a61b70be" +- +-[[package]] +-name = "cast" +-version = "0.3.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5" +- +-[[package]] +-name = "cc" +-version = "1.0.79" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "50d30906286121d95be3d479533b458f87493b30a4b5f79a607db8f5d11aa91f" +-dependencies = [ +- "jobserver", +-] +- +-[[package]] +-name = "cfg-if" +-version = "0.1.10" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822" +- +-[[package]] +-name = "cfg-if" +-version = "1.0.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" +- +-[[package]] +-name = "checked_int_cast" +-version = "1.0.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "17cc5e6b5ab06331c33589842070416baa137e8b0eb912b008cfd4a78ada7919" +- +-[[package]] +-name = "chrono" +-version = "0.4.24" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "4e3c5919066adf22df73762e50cffcde3a758f2a848b113b586d1f86728b673b" +-dependencies = [ +- "iana-time-zone", +- "js-sys", +- "num-integer", +- "num-traits", +- "serde", +- "time 0.1.45", +- "wasm-bindgen", +- "winapi", +-] +- +-[[package]] +-name = "ciborium" +-version = "0.2.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "effd91f6c78e5a4ace8a5d3c0b6bfaec9e2baaef55f3efc00e45fb2e477ee926" +-dependencies = [ +- "ciborium-io", +- "ciborium-ll", +- "serde", +-] +- +-[[package]] +-name = "ciborium-io" +-version = "0.2.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "cdf919175532b369853f5d5e20b26b43112613fd6fe7aee757e35f7a44642656" +- +-[[package]] +-name = "ciborium-ll" +-version = "0.2.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "defaa24ecc093c77630e6c15e17c51f5e187bf35ee514f4e2d67baaa96dae22b" +-dependencies = [ +- "ciborium-io", +- "half", +-] +- +-[[package]] +-name = "cipher" +-version = "0.2.5" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "12f8e7987cbd042a63249497f41aed09f8e65add917ea6566effbc56578d6801" +-dependencies = [ +- "generic-array 0.14.7", +-] +- +-[[package]] +-name = "clap" +-version = "3.2.25" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "4ea181bf566f71cb9a5d17a59e1871af638180a18fb0035c92ae62b705207123" +-dependencies = [ +- "atty", +- "bitflags", +- "clap_derive", +- "clap_lex", +- "indexmap", +- "once_cell", +- "strsim", +- "termcolor", +- "textwrap", +-] +- +-[[package]] +-name = "clap_complete" +-version = "3.2.5" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "3f7a2e0a962c45ce25afce14220bc24f9dade0a1787f185cecf96bfba7847cd8" +-dependencies = [ +- "clap", +-] +- +-[[package]] +-name = "clap_derive" +-version = "3.2.25" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "ae6371b8bdc8b7d3959e9cf7b22d4435ef3e79e138688421ec654acf8c81b008" +-dependencies = [ +- "heck", +- "proc-macro-error", +- "proc-macro2", +- "quote", +- "syn 1.0.109", +-] +- +-[[package]] +-name = "clap_lex" +-version = "0.2.4" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "2850f2f5a82cbf437dd5af4d49848fbdfc27c157c3d010345776f952765261c5" +-dependencies = [ +- "os_str_bytes", +-] +- +-[[package]] +-name = "color_quant" +-version = "1.1.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "3d7b894f5411737b7867f4827955924d7c254fc9f4d91a6aad6b097804b1018b" +- +-[[package]] +-name = "compact_jwt" +-version = "0.2.9" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "51f9032b96a89dd79ffc5f62523d5351ebb40680cbdfc4029393b511b9e971aa" +-dependencies = [ +- "base64 0.13.1", +- "base64urlsafedata", +- "hex", +- "openssl", +- "serde", +- "serde_json", +- "tracing", +- "url", +- "uuid", +-] +- +-[[package]] +-name = "concread" +-version = "0.4.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "5d3d825450e64aece76bdcf5c6d115c454ebb284c892da3e4cc7ff1e62e72069" +-dependencies = [ +- "ahash 0.7.6", +- "crossbeam-epoch", +- "crossbeam-queue", +- "crossbeam-utils", +- "lru 0.7.8", +- "smallvec", +- "sptr", +- "tokio", +- "tracing", +-] +- +-[[package]] +-name = "concurrent-queue" +-version = "2.2.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "62ec6771ecfa0762d24683ee5a32ad78487a3d3afdc0fb8cae19d2c5deb50b7c" +-dependencies = [ +- "crossbeam-utils", +-] +- +-[[package]] +-name = "console" +-version = "0.15.7" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "c926e00cc70edefdc64d3a5ff31cc65bb97a3460097762bd23afb4d8145fccf8" +-dependencies = [ +- "encode_unicode", +- "lazy_static", +- "libc", +- "unicode-width", +- "windows-sys 0.45.0", +-] +- +-[[package]] +-name = "console_error_panic_hook" +-version = "0.1.7" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "a06aeb73f470f66dcdbf7223caeebb85984942f22f1adb2a088cf9668146bbbc" +-dependencies = [ +- "cfg-if 1.0.0", +- "wasm-bindgen", +-] +- +-[[package]] +-name = "const_fn" +-version = "0.4.9" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "fbdcdcb6d86f71c5e97409ad45898af11cbc995b4ee8112d59095a28d376c935" +- +-[[package]] +-name = "constant_time_eq" +-version = "0.1.5" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "245097e9a4535ee1e3e3931fcfcd55a796a44c643e8596ff6566d68f09b87bbc" +- +-[[package]] +-name = "cookie" +-version = "0.14.4" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "03a5d7b21829bc7b4bf4754a978a241ae54ea55a40f92bb20216e54096f4b951" +-dependencies = [ +- "aes-gcm", +- "base64 0.13.1", +- "hkdf", +- "hmac 0.10.1", +- "percent-encoding", +- "rand 0.8.5", +- "sha2 0.9.9", +- "time 0.2.27", +- "version_check", +-] +- +-[[package]] +-name = "cookie" +-version = "0.16.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "e859cd57d0710d9e06c381b550c06e76992472a8c6d527aecd2fc673dcc231fb" +-dependencies = [ +- "percent-encoding", +- "time 0.3.21", +- "version_check", +-] +- +-[[package]] +-name = "cookie_store" +-version = "0.16.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "2e4b6aa369f41f5faa04bb80c9b1f4216ea81646ed6124d76ba5c49a7aafd9cd" +-dependencies = [ +- "cookie 0.16.2", +- "idna 0.2.3", +- "log", +- "publicsuffix", +- "serde", +- "serde_json", +- "time 0.3.21", +- "url", +-] +- +-[[package]] +-name = "core-foundation" +-version = "0.9.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "194a7a9e6de53fa55116934067c844d9d749312f75c6f6d0980e8c252f8c2146" +-dependencies = [ +- "core-foundation-sys", +- "libc", +-] +- +-[[package]] +-name = "core-foundation-sys" +-version = "0.8.4" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "e496a50fda8aacccc86d7529e2c1e0892dbd0f898a6b5645b5561b89c3210efa" +- +-[[package]] +-name = "cpufeatures" +-version = "0.2.7" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "3e4c1eaa2012c47becbbad2ab175484c2a84d1185b566fb2cc5b8707343dfe58" +-dependencies = [ +- "libc", +-] +- +-[[package]] +-name = "cpuid-bool" +-version = "0.2.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "dcb25d077389e53838a8158c8e99174c5a9d902dee4904320db714f3c653ffba" +- +-[[package]] +-name = "crc32fast" +-version = "1.3.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "b540bd8bc810d3885c6ea91e2018302f68baba2129ab3e88f32389ee9370880d" +-dependencies = [ +- "cfg-if 1.0.0", +-] +- +-[[package]] +-name = "criterion" +-version = "0.4.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "e7c76e09c1aae2bc52b3d2f29e13c6572553b30c4aa1b8a49fd70de6412654cb" +-dependencies = [ +- "anes", +- "atty", +- "cast", +- "ciborium", +- "clap", +- "criterion-plot", +- "itertools", +- "lazy_static", +- "num-traits", +- "oorandom", +- "plotters", +- "rayon", +- "regex", +- "serde", +- "serde_derive", +- "serde_json", +- "tinytemplate", +- "walkdir", +-] +- +-[[package]] +-name = "criterion-plot" +-version = "0.5.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "6b50826342786a51a89e2da3a28f1c32b06e387201bc2d19791f622c673706b1" +-dependencies = [ +- "cast", +- "itertools", +-] +- +-[[package]] +-name = "cron" +-version = "0.12.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "1ff76b51e4c068c52bfd2866e1567bee7c567ae8f24ada09fd4307019e25eab7" +-dependencies = [ +- "chrono", +- "nom", +- "once_cell", +-] +- +-[[package]] +-name = "crossbeam" +-version = "0.8.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "2801af0d36612ae591caa9568261fddce32ce6e08a7275ea334a06a4ad021a2c" +-dependencies = [ +- "cfg-if 1.0.0", +- "crossbeam-channel", +- "crossbeam-deque", +- "crossbeam-epoch", +- "crossbeam-queue", +- "crossbeam-utils", +-] +- +-[[package]] +-name = "crossbeam-channel" +-version = "0.5.8" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "a33c2bf77f2df06183c3aa30d1e96c0695a313d4f9c453cc3762a6db39f99200" +-dependencies = [ +- "cfg-if 1.0.0", +- "crossbeam-utils", +-] +- +-[[package]] +-name = "crossbeam-deque" +-version = "0.8.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "ce6fd6f855243022dcecf8702fef0c297d4338e226845fe067f6341ad9fa0cef" +-dependencies = [ +- "cfg-if 1.0.0", +- "crossbeam-epoch", +- "crossbeam-utils", +-] +- +-[[package]] +-name = "crossbeam-epoch" +-version = "0.9.14" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "46bd5f3f85273295a9d14aedfb86f6aadbff6d8f5295c4a9edb08e819dcf5695" +-dependencies = [ +- "autocfg", +- "cfg-if 1.0.0", +- "crossbeam-utils", +- "memoffset 0.8.0", +- "scopeguard", +-] +- +-[[package]] +-name = "crossbeam-queue" +-version = "0.3.8" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "d1cfb3ea8a53f37c40dea2c7bedcbd88bdfae54f5e2175d6ecaff1c988353add" +-dependencies = [ +- "cfg-if 1.0.0", +- "crossbeam-utils", +-] +- +-[[package]] +-name = "crossbeam-utils" +-version = "0.8.15" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "3c063cd8cc95f5c377ed0d4b49a4b21f632396ff690e8470c29b3359b346984b" +-dependencies = [ +- "cfg-if 1.0.0", +-] +- +-[[package]] +-name = "crypto-common" +-version = "0.1.6" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" +-dependencies = [ +- "generic-array 0.14.7", +- "typenum", +-] +- +-[[package]] +-name = "crypto-mac" +-version = "0.8.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "b584a330336237c1eecd3e94266efb216c56ed91225d634cb2991c5f3fd1aeab" +-dependencies = [ +- "generic-array 0.14.7", +- "subtle", +-] +- +-[[package]] +-name = "crypto-mac" +-version = "0.10.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "bff07008ec701e8028e2ceb8f83f0e4274ee62bd2dbdc4fefff2e9a91824081a" +-dependencies = [ +- "generic-array 0.14.7", +- "subtle", +-] +- +-[[package]] +-name = "csv" +-version = "1.2.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "0b015497079b9a9d69c02ad25de6c0a6edef051ea6360a327d0bd05802ef64ad" +-dependencies = [ +- "csv-core", +- "itoa", +- "ryu", +- "serde", +-] +- +-[[package]] +-name = "csv-core" +-version = "0.1.10" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "2b2466559f260f48ad25fe6317b3c8dac77b5bdb5763ac7d9d6103530663bc90" +-dependencies = [ +- "memchr", +-] +- +-[[package]] +-name = "ctor" +-version = "0.1.26" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "6d2301688392eb071b0bf1a37be05c469d3cc4dbbd95df672fe28ab021e6a096" +-dependencies = [ +- "quote", +- "syn 1.0.109", +-] +- +-[[package]] +-name = "ctr" +-version = "0.6.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "fb4a30d54f7443bf3d6191dcd486aca19e67cb3c49fa7a06a319966346707e7f" +-dependencies = [ +- "cipher", +-] +- +-[[package]] +-name = "daemon" +-version = "1.1.0-alpha.12" +-dependencies = [ +- "clap", +- "clap_complete", +- "fs2", +- "kanidm_lib_file_permissions", +- "kanidm_proto", +- "kanidmd_core", +- "profiles", +- "reqwest", +- "serde", +- "sketching", +- "tikv-jemallocator", +- "tokio", +- "toml", +- "users", +- "whoami", +-] +- +-[[package]] +-name = "darling" +-version = "0.14.4" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "7b750cb3417fd1b327431a470f388520309479ab0bf5e323505daf0290cd3850" +-dependencies = [ +- "darling_core", +- "darling_macro", +-] +- +-[[package]] +-name = "darling_core" +-version = "0.14.4" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "109c1ca6e6b7f82cc233a97004ea8ed7ca123a9af07a8230878fcfda9b158bf0" +-dependencies = [ +- "fnv", +- "ident_case", +- "proc-macro2", +- "quote", +- "strsim", +- "syn 1.0.109", +-] +- +-[[package]] +-name = "darling_macro" +-version = "0.14.4" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "a4aab4dbc9f7611d8b55048a3a16d2d010c2c8334e46304b40ac1cc14bf3b48e" +-dependencies = [ +- "darling_core", +- "quote", +- "syn 1.0.109", +-] +- +-[[package]] +-name = "data-encoding" +-version = "2.4.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "c2e66c9d817f1720209181c316d28635c050fa304f9c79e47a520882661b7308" +- +-[[package]] +-name = "der-parser" +-version = "7.0.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "fe398ac75057914d7d07307bf67dc7f3f574a26783b4fc7805a20ffa9f506e82" +-dependencies = [ +- "asn1-rs", +- "displaydoc", +- "nom", +- "num-bigint", +- "num-traits", +- "rusticata-macros", +-] +- +-[[package]] +-name = "derive_builder" +-version = "0.12.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "8d67778784b508018359cbc8696edb3db78160bab2c2a28ba7f56ef6932997f8" +-dependencies = [ +- "derive_builder_macro", +-] +- +-[[package]] +-name = "derive_builder_core" +-version = "0.12.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "c11bdc11a0c47bc7d37d582b5285da6849c96681023680b906673c5707af7b0f" +-dependencies = [ +- "darling", +- "proc-macro2", +- "quote", +- "syn 1.0.109", +-] +- +-[[package]] +-name = "derive_builder_macro" +-version = "0.12.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "ebcda35c7a396850a55ffeac740804b40ffec779b98fffbb1738f4033f0ee79e" +-dependencies = [ +- "derive_builder_core", +- "syn 1.0.109", +-] +- +-[[package]] +-name = "devd-rs" +-version = "0.3.6" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "9313f104b590510b46fc01c0a324fc76505c13871454d3c48490468d04c8d395" +-dependencies = [ +- "libc", +- "nom", +-] +- +-[[package]] +-name = "dialoguer" +-version = "0.10.4" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "59c6f2989294b9a498d3ad5491a79c6deb604617378e1cdc4bfc1c1361fe2f87" +-dependencies = [ +- "console", +- "shell-words", +- "tempfile", +- "zeroize", +-] +- +-[[package]] +-name = "digest" +-version = "0.8.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "f3d0c8c8752312f9713efd397ff63acb9f85585afbf179282e720e7704954dd5" +-dependencies = [ +- "generic-array 0.12.4", +-] +- +-[[package]] +-name = "digest" +-version = "0.9.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066" +-dependencies = [ +- "generic-array 0.14.7", +-] +- +-[[package]] +-name = "digest" +-version = "0.10.7" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" +-dependencies = [ +- "block-buffer 0.10.4", +- "crypto-common", +-] +- +-[[package]] +-name = "dirs" +-version = "4.0.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "ca3aa72a6f96ea37bbc5aa912f6788242832f75369bdfdadcb0e38423f100059" +-dependencies = [ +- "dirs-sys", +-] +- +-[[package]] +-name = "dirs-sys" +-version = "0.3.7" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "1b1d1d91c932ef41c0f2663aa8b0ca0342d444d842c06914aa0a7e352d0bada6" +-dependencies = [ +- "libc", +- "redox_users", +- "winapi", +-] +- +-[[package]] +-name = "discard" +-version = "1.0.4" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "212d0f5754cb6769937f4501cc0e67f4f4483c8d2c3e1e922ee9edbe4ab4c7c0" +- +-[[package]] +-name = "displaydoc" +-version = "0.2.4" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d" +-dependencies = [ +- "proc-macro2", +- "quote", +- "syn 2.0.16", +-] +- +-[[package]] +-name = "dyn-clone" +-version = "1.0.11" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "68b0cf012f1230e43cd00ebb729c6bb58707ecfa8ad08b52ef3a4ccd2697fc30" +- +-[[package]] +-name = "either" +-version = "1.8.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "7fcaabb2fef8c910e7f4c7ce9f67a1283a1715879a7c230ca9d6d1ae31f16d91" +- +-[[package]] +-name = "encode_unicode" +-version = "0.3.6" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "a357d28ed41a50f9c765dbfe56cbc04a64e53e5fc58ba79fbc34c10ef3df831f" +- +-[[package]] +-name = "encoding_rs" +-version = "0.8.32" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "071a31f4ee85403370b58aca746f01041ede6f0da2730960ad001edc2b71b394" +-dependencies = [ +- "cfg-if 1.0.0", +-] +- +-[[package]] +-name = "erased-serde" +-version = "0.3.25" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "4f2b0c2380453a92ea8b6c8e5f64ecaafccddde8ceab55ff7a8ac1029f894569" +-dependencies = [ +- "serde", +-] +- +-[[package]] +-name = "errno" +-version = "0.3.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "4bcfec3a70f97c962c307b2d2c56e358cf1d00b558d74262b5f929ee8cc7e73a" +-dependencies = [ +- "errno-dragonfly", +- "libc", +- "windows-sys 0.48.0", +-] +- +-[[package]] +-name = "errno-dragonfly" +-version = "0.1.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "aa68f1b12764fab894d2755d2518754e71b4fd80ecfb822714a1206c2aab39bf" +-dependencies = [ +- "cc", +- "libc", +-] +- +-[[package]] +-name = "event-listener" +-version = "2.5.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0" +- +-[[package]] +-name = "fake-simd" +-version = "0.1.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "e88a8acf291dafb59c2d96e8f59828f3838bb1a70398823ade51a84de6a6deed" +- +-[[package]] +-name = "fallible-iterator" +-version = "0.2.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "4443176a9f2c162692bd3d352d745ef9413eec5782a80d8fd6f8a1ac692a07f7" +- +-[[package]] +-name = "fallible-streaming-iterator" +-version = "0.1.9" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "7360491ce676a36bf9bb3c56c1aa791658183a54d2744120f27285738d90465a" +- +-[[package]] +-name = "fancy-regex" +-version = "0.11.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "b95f7c0680e4142284cf8b22c14a476e87d61b004a3a0861872b32ef7ead40a2" +-dependencies = [ +- "bit-set", +- "regex", +-] +- +-[[package]] +-name = "fastrand" +-version = "1.9.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "e51093e27b0797c359783294ca4f0a911c270184cb10f85783b118614a1501be" +-dependencies = [ +- "instant", +-] +- +-[[package]] +-name = "femme" +-version = "2.2.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "cc04871e5ae3aa2952d552dae6b291b3099723bf779a8054281c1366a54613ef" +-dependencies = [ +- "cfg-if 1.0.0", +- "js-sys", +- "log", +- "serde", +- "serde_derive", +- "serde_json", +- "wasm-bindgen", +- "web-sys", +-] +- +-[[package]] +-name = "fernet" +-version = "0.2.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "3364d69f691f3903b1a71605fa04f40a7c2d259f0f0512347e36d19a63debf1f" +-dependencies = [ +- "base64 0.21.1", +- "byteorder", +- "getrandom 0.2.9", +- "openssl", +- "zeroize", +-] +- +-[[package]] +-name = "filetime" +-version = "0.2.21" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "5cbc844cecaee9d4443931972e1289c8ff485cb4cc2767cb03ca139ed6885153" +-dependencies = [ +- "cfg-if 1.0.0", +- "libc", +- "redox_syscall 0.2.16", +- "windows-sys 0.48.0", +-] +- +-[[package]] +-name = "flate2" +-version = "1.0.26" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "3b9429470923de8e8cbd4d2dc513535400b4b3fef0319fb5c4e1f520a7bef743" +-dependencies = [ +- "crc32fast", +- "miniz_oxide", +-] +- +-[[package]] +-name = "fnv" +-version = "1.0.7" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" +- +-[[package]] +-name = "foreign-types" +-version = "0.3.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" +-dependencies = [ +- "foreign-types-shared", +-] +- +-[[package]] +-name = "foreign-types-shared" +-version = "0.1.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" +- +-[[package]] +-name = "form_urlencoded" +-version = "1.1.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "a9c384f161156f5260c24a097c56119f9be8c798586aecc13afbcbe7b7e26bf8" +-dependencies = [ +- "percent-encoding", +-] +- +-[[package]] +-name = "fs2" +-version = "0.4.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "9564fc758e15025b46aa6643b1b77d047d1a56a1aea6e01002ac0c7026876213" +-dependencies = [ +- "libc", +- "winapi", +-] +- +-[[package]] +-name = "futures" +-version = "0.3.28" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "23342abe12aba583913b2e62f22225ff9c950774065e4bfb61a19cd9770fec40" +-dependencies = [ +- "futures-channel", +- "futures-core", +- "futures-executor", +- "futures-io", +- "futures-sink", +- "futures-task", +- "futures-util", +-] +- +-[[package]] +-name = "futures-channel" +-version = "0.3.28" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "955518d47e09b25bbebc7a18df10b81f0c766eaf4c4f1cccef2fca5f2a4fb5f2" +-dependencies = [ +- "futures-core", +- "futures-sink", +-] +- +-[[package]] +-name = "futures-concurrency" +-version = "3.1.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "113411b30b3a4fd9aba3eb9654f436976b71bc7f709318aeae7f8e90f74a71d6" +-dependencies = [ +- "async-trait", +- "futures-core", +- "pin-project", +-] +- +-[[package]] +-name = "futures-core" +-version = "0.3.28" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "4bca583b7e26f571124fe5b7561d49cb2868d79116cfa0eefce955557c6fee8c" +- +-[[package]] +-name = "futures-executor" +-version = "0.3.28" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "ccecee823288125bd88b4d7f565c9e58e41858e47ab72e8ea2d64e93624386e0" +-dependencies = [ +- "futures-core", +- "futures-task", +- "futures-util", +-] +- +-[[package]] +-name = "futures-io" +-version = "0.3.28" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "4fff74096e71ed47f8e023204cfd0aa1289cd54ae5430a9523be060cdb849964" +- +-[[package]] +-name = "futures-lite" +-version = "1.13.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "49a9d51ce47660b1e808d3c990b4709f2f415d928835a17dfd16991515c46bce" +-dependencies = [ +- "fastrand", +- "futures-core", +- "futures-io", +- "memchr", +- "parking", +- "pin-project-lite 0.2.9", +- "waker-fn", +-] +- +-[[package]] +-name = "futures-macro" +-version = "0.3.28" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "89ca545a94061b6365f2c7355b4b32bd20df3ff95f02da9329b34ccc3bd6ee72" +-dependencies = [ +- "proc-macro2", +- "quote", +- "syn 2.0.16", +-] +- +-[[package]] +-name = "futures-sink" +-version = "0.3.28" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "f43be4fe21a13b9781a69afa4985b0f6ee0e1afab2c6f454a8cf30e2b2237b6e" +- +-[[package]] +-name = "futures-task" +-version = "0.3.28" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "76d3d132be6c0e6aa1534069c705a74a5997a356c0dc2f86a47765e5617c5b65" +- +-[[package]] +-name = "futures-util" +-version = "0.3.28" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "26b01e40b772d54cf6c6d721c1d1abd0647a0106a12ecaa1c186273392a69533" +-dependencies = [ +- "futures-channel", +- "futures-core", +- "futures-io", +- "futures-macro", +- "futures-sink", +- "futures-task", +- "memchr", +- "pin-project-lite 0.2.9", +- "pin-utils", +- "slab", +-] +- +-[[package]] +-name = "generic-array" +-version = "0.12.4" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "ffdf9f34f1447443d37393cc6c2b8313aebddcd96906caf34e54c68d8e57d7bd" +-dependencies = [ +- "typenum", +-] +- +-[[package]] +-name = "generic-array" +-version = "0.14.7" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" +-dependencies = [ +- "typenum", +- "version_check", +-] +- +-[[package]] +-name = "getrandom" +-version = "0.1.16" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce" +-dependencies = [ +- "cfg-if 1.0.0", +- "libc", +- "wasi 0.9.0+wasi-snapshot-preview1", +-] +- +-[[package]] +-name = "getrandom" +-version = "0.2.9" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "c85e1d9ab2eadba7e5040d4e09cbd6d072b76a557ad64e797c2cb9d4da21d7e4" +-dependencies = [ +- "cfg-if 1.0.0", +- "js-sys", +- "libc", +- "wasi 0.11.0+wasi-snapshot-preview1", +- "wasm-bindgen", +-] +- +-[[package]] +-name = "ghash" +-version = "0.3.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "97304e4cd182c3846f7575ced3890c53012ce534ad9114046b0a9e00bb30a375" +-dependencies = [ +- "opaque-debug 0.3.0", +- "polyval", +-] +- +-[[package]] +-name = "git2" +-version = "0.13.25" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "f29229cc1b24c0e6062f6e742aa3e256492a5323365e5ed3413599f8a5eff7d6" +-dependencies = [ +- "bitflags", +- "libc", +- "libgit2-sys", +- "log", +- "openssl-probe", +- "openssl-sys", +- "url", +-] +- +-[[package]] +-name = "gloo" +-version = "0.8.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "3a4bef6b277b3ab073253d4bca60761240cf8d6998f4bd142211957b69a61b20" +-dependencies = [ +- "gloo-console", +- "gloo-dialogs", +- "gloo-events", +- "gloo-file", +- "gloo-history", +- "gloo-net", +- "gloo-render", +- "gloo-storage", +- "gloo-timers", +- "gloo-utils", +- "gloo-worker", +-] +- +-[[package]] +-name = "gloo-console" +-version = "0.2.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "82b7ce3c05debe147233596904981848862b068862e9ec3e34be446077190d3f" +-dependencies = [ +- "gloo-utils", +- "js-sys", +- "serde", +- "wasm-bindgen", +- "web-sys", +-] +- +-[[package]] +-name = "gloo-dialogs" +-version = "0.1.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "67062364ac72d27f08445a46cab428188e2e224ec9e37efdba48ae8c289002e6" +-dependencies = [ +- "wasm-bindgen", +- "web-sys", +-] +- +-[[package]] +-name = "gloo-events" +-version = "0.1.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "68b107f8abed8105e4182de63845afcc7b69c098b7852a813ea7462a320992fc" +-dependencies = [ +- "wasm-bindgen", +- "web-sys", +-] +- +-[[package]] +-name = "gloo-file" +-version = "0.2.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "a8d5564e570a38b43d78bdc063374a0c3098c4f0d64005b12f9bbe87e869b6d7" +-dependencies = [ +- "futures-channel", +- "gloo-events", +- "js-sys", +- "wasm-bindgen", +- "web-sys", +-] +- +-[[package]] +-name = "gloo-history" +-version = "0.1.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "dd451019e0b7a2b8a7a7b23e74916601abf1135c54664e57ff71dcc26dfcdeb7" +-dependencies = [ +- "gloo-events", +- "gloo-utils", +- "serde", +- "serde-wasm-bindgen", +- "serde_urlencoded", +- "thiserror", +- "wasm-bindgen", +- "web-sys", +-] +- +-[[package]] +-name = "gloo-net" +-version = "0.2.6" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "9902a044653b26b99f7e3693a42f171312d9be8b26b5697bd1e43ad1f8a35e10" +-dependencies = [ +- "futures-channel", +- "futures-core", +- "futures-sink", +- "gloo-utils", +- "js-sys", +- "pin-project", +- "serde", +- "serde_json", +- "thiserror", +- "wasm-bindgen", +- "wasm-bindgen-futures", +- "web-sys", +-] +- +-[[package]] +-name = "gloo-render" +-version = "0.1.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "2fd9306aef67cfd4449823aadcd14e3958e0800aa2183955a309112a84ec7764" +-dependencies = [ +- "wasm-bindgen", +- "web-sys", +-] +- +-[[package]] +-name = "gloo-storage" +-version = "0.2.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "5d6ab60bf5dbfd6f0ed1f7843da31b41010515c745735c970e821945ca91e480" +-dependencies = [ +- "gloo-utils", +- "js-sys", +- "serde", +- "serde_json", +- "thiserror", +- "wasm-bindgen", +- "web-sys", +-] +- +-[[package]] +-name = "gloo-timers" +-version = "0.2.6" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "9b995a66bb87bebce9a0f4a95aed01daca4872c050bfcb21653361c03bc35e5c" +-dependencies = [ +- "futures-channel", +- "futures-core", +- "js-sys", +- "wasm-bindgen", +-] +- +-[[package]] +-name = "gloo-utils" +-version = "0.1.6" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "a8e8fc851e9c7b9852508bc6e3f690f452f474417e8545ec9857b7f7377036b5" +-dependencies = [ +- "js-sys", +- "serde", +- "serde_json", +- "wasm-bindgen", +- "web-sys", +-] +- +-[[package]] +-name = "gloo-worker" +-version = "0.2.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "13471584da78061a28306d1359dd0178d8d6fc1c7c80e5e35d27260346e0516a" +-dependencies = [ +- "anymap2", +- "bincode", +- "gloo-console", +- "gloo-utils", +- "js-sys", +- "serde", +- "wasm-bindgen", +- "wasm-bindgen-futures", +- "web-sys", +-] +- +-[[package]] +-name = "h2" +-version = "0.3.19" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "d357c7ae988e7d2182f7d7871d0b963962420b0678b0997ce7de72001aeab782" +-dependencies = [ +- "bytes", +- "fnv", +- "futures-core", +- "futures-sink", +- "futures-util", +- "http", +- "indexmap", +- "slab", +- "tokio", +- "tokio-util", +- "tracing", +-] +- +-[[package]] +-name = "half" +-version = "1.8.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "eabb4a44450da02c90444cf74558da904edde8fb4e9035a9a6a4e15445af0bd7" +- +-[[package]] +-name = "hashbrown" +-version = "0.12.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" +-dependencies = [ +- "ahash 0.7.6", +- "serde", +-] +- +-[[package]] +-name = "hashbrown" +-version = "0.13.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "43a3c133739dddd0d2990f9a4bdf8eb4b21ef50e4851ca85ab661199821d510e" +-dependencies = [ +- "ahash 0.8.3", +-] +- +-[[package]] +-name = "hashlink" +-version = "0.8.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "0761a1b9491c4f2e3d66aa0f62d0fba0af9a0e2852e4d48ea506632a4b56e6aa" +-dependencies = [ +- "hashbrown 0.13.2", +-] +- +-[[package]] +-name = "heck" +-version = "0.4.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" +- +-[[package]] +-name = "hermit-abi" +-version = "0.1.19" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33" +-dependencies = [ +- "libc", +-] +- +-[[package]] +-name = "hermit-abi" +-version = "0.2.6" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "ee512640fe35acbfb4bb779db6f0d80704c2cacfa2e39b601ef3e3f47d1ae4c7" +-dependencies = [ +- "libc", +-] +- +-[[package]] +-name = "hermit-abi" +-version = "0.3.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "fed44880c466736ef9a5c5b5facefb5ed0785676d0c02d612db14e54f0d84286" +- +-[[package]] +-name = "hex" +-version = "0.4.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" +- +-[[package]] +-name = "hkdf" +-version = "0.10.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "51ab2f639c231793c5f6114bdb9bbe50a7dbbfcd7c7c6bd8475dec2d991e964f" +-dependencies = [ +- "digest 0.9.0", +- "hmac 0.10.1", +-] +- +-[[package]] +-name = "hmac" +-version = "0.8.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "126888268dcc288495a26bf004b38c5fdbb31682f992c84ceb046a1f0fe38840" +-dependencies = [ +- "crypto-mac 0.8.0", +- "digest 0.9.0", +-] +- +-[[package]] +-name = "hmac" +-version = "0.10.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "c1441c6b1e930e2817404b5046f1f989899143a12bf92de603b69f4e0aee1e15" +-dependencies = [ +- "crypto-mac 0.10.1", +- "digest 0.9.0", +-] +- +-[[package]] +-name = "http" +-version = "0.2.9" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "bd6effc99afb63425aff9b05836f029929e345a6148a14b7ecd5ab67af944482" +-dependencies = [ +- "bytes", +- "fnv", +- "itoa", +-] +- +-[[package]] +-name = "http-body" +-version = "0.4.5" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "d5f38f16d184e36f2408a55281cd658ecbd3ca05cce6d6510a176eca393e26d1" +-dependencies = [ +- "bytes", +- "http", +- "pin-project-lite 0.2.9", +-] +- +-[[package]] +-name = "http-client" +-version = "6.5.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "1947510dc91e2bf586ea5ffb412caad7673264e14bb39fb9078da114a94ce1a5" +-dependencies = [ +- "async-trait", +- "cfg-if 1.0.0", +- "http-types", +- "log", +-] +- +-[[package]] +-name = "http-types" +-version = "2.12.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "6e9b187a72d63adbfba487f48095306ac823049cb504ee195541e91c7775f5ad" +-dependencies = [ +- "anyhow", +- "async-channel", +- "async-std", +- "base64 0.13.1", +- "cookie 0.14.4", +- "futures-lite", +- "infer", +- "pin-project-lite 0.2.9", +- "rand 0.7.3", +- "serde", +- "serde_json", +- "serde_qs", +- "serde_urlencoded", +- "url", +-] +- +-[[package]] +-name = "httparse" +-version = "1.8.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "d897f394bad6a705d5f4104762e116a75639e470d80901eed05a860a95cb1904" +- +-[[package]] +-name = "httpdate" +-version = "1.0.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "c4a1e36c821dbe04574f602848a19f742f4fb3c98d40449f11bcad18d6b17421" +- +-[[package]] +-name = "hyper" +-version = "0.14.26" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "ab302d72a6f11a3b910431ff93aae7e773078c769f0a3ef15fb9ec692ed147d4" +-dependencies = [ +- "bytes", +- "futures-channel", +- "futures-core", +- "futures-util", +- "h2", +- "http", +- "http-body", +- "httparse", +- "httpdate", +- "itoa", +- "pin-project-lite 0.2.9", +- "socket2", +- "tokio", +- "tower-service", +- "tracing", +- "want", +-] +- +-[[package]] +-name = "hyper-tls" +-version = "0.5.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905" +-dependencies = [ +- "bytes", +- "hyper", +- "native-tls", +- "tokio", +- "tokio-native-tls", +-] +- +-[[package]] +-name = "iana-time-zone" +-version = "0.1.56" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "0722cd7114b7de04316e7ea5456a0bbb20e4adb46fd27a3697adb812cff0f37c" +-dependencies = [ +- "android_system_properties", +- "core-foundation-sys", +- "iana-time-zone-haiku", +- "js-sys", +- "wasm-bindgen", +- "windows 0.48.0", +-] +- +-[[package]] +-name = "iana-time-zone-haiku" +-version = "0.1.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f" +-dependencies = [ +- "cc", +-] +- +-[[package]] +-name = "ident_case" +-version = "1.0.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" +- +-[[package]] +-name = "idlset" +-version = "0.2.4" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "340756d15be4b22d5e501bad90a9f68fcdc6b9b7d2f6d6afe350645e9839dac6" +-dependencies = [ +- "serde", +- "serde_derive", +- "smallvec", +-] +- +-[[package]] +-name = "idna" +-version = "0.2.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "418a0a6fab821475f634efe3ccc45c013f742efe03d853e8d3355d5cb850ecf8" +-dependencies = [ +- "matches", +- "unicode-bidi", +- "unicode-normalization", +-] +- +-[[package]] +-name = "idna" +-version = "0.3.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "e14ddfc70884202db2244c223200c204c2bda1bc6e0998d11b5e024d657209e6" +-dependencies = [ +- "unicode-bidi", +- "unicode-normalization", +-] +- +-[[package]] +-name = "image" +-version = "0.23.14" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "24ffcb7e7244a9bf19d35bf2883b9c080c4ced3c07a9895572178cdb8f13f6a1" +-dependencies = [ +- "bytemuck", +- "byteorder", +- "color_quant", +- "num-iter", +- "num-rational", +- "num-traits", +-] +- +-[[package]] +-name = "implicit-clone" +-version = "0.3.5" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "40fc102e70475c320b185cd18c1e48bba2d7210b63970a4d581ef903e4368ef7" +-dependencies = [ +- "indexmap", +-] +- +-[[package]] +-name = "indexmap" +-version = "1.9.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99" +-dependencies = [ +- "autocfg", +- "hashbrown 0.12.3", +-] +- +-[[package]] +-name = "infer" +-version = "0.2.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "64e9829a50b42bb782c1df523f78d332fe371b10c661e78b7a3c34b0198e9fac" +- +-[[package]] +-name = "instant" +-version = "0.1.12" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c" +-dependencies = [ +- "cfg-if 1.0.0", +-] +- +-[[package]] +-name = "io-lifetimes" +-version = "1.0.11" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "eae7b9aee968036d54dce06cebaefd919e4472e753296daccd6d344e3e2df0c2" +-dependencies = [ +- "hermit-abi 0.3.1", +- "libc", +- "windows-sys 0.48.0", +-] +- +-[[package]] +-name = "ipnet" +-version = "2.7.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "12b6ee2129af8d4fb011108c73d99a1b83a85977f23b82460c0ae2e25bb4b57f" +- +-[[package]] +-name = "itertools" +-version = "0.10.5" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "b0fd2260e829bddf4cb6ea802289de2f86d6a7a690192fbe91b3f46e0f2c8473" +-dependencies = [ +- "either", +-] +- +-[[package]] +-name = "itoa" +-version = "1.0.6" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "453ad9f582a441959e5f0d088b02ce04cfe8d51a8eaf077f12ac6d3e94164ca6" +- +-[[package]] +-name = "jobserver" +-version = "0.1.26" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "936cfd212a0155903bcbc060e316fb6cc7cbf2e1907329391ebadc1fe0ce77c2" +-dependencies = [ +- "libc", +-] +- +-[[package]] +-name = "js-sys" +-version = "0.3.63" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "2f37a4a5928311ac501dee68b3c7613a1037d0edb30c8e5427bd832d55d1b790" +-dependencies = [ +- "wasm-bindgen", +-] +- +-[[package]] +-name = "kanidm-ipa-sync" +-version = "1.1.0-alpha.12" +-dependencies = [ +- "base64urlsafedata", +- "chrono", +- "clap", +- "clap_complete", +- "cron", +- "kanidm_client", +- "kanidm_proto", +- "kanidmd_lib", +- "ldap3_client", +- "serde", +- "serde_json", +- "tokio", +- "toml", +- "tracing", +- "tracing-subscriber", +- "url", +- "users", +- "uuid", +-] +- +-[[package]] +-name = "kanidm_client" +-version = "1.1.0-alpha.12" +-dependencies = [ +- "kanidm_proto", +- "reqwest", +- "serde", +- "serde_json", +- "time 0.2.27", +- "tokio", +- "toml", +- "tracing", +- "url", +- "uuid", +- "webauthn-rs-proto", +-] +- +-[[package]] +-name = "kanidm_lib_crypto" +-version = "0.1.0" +-dependencies = [ +- "base64 0.21.1", +- "base64urlsafedata", +- "hex", +- "kanidm_proto", +- "openssl", +- "openssl-sys", +- "rand 0.8.5", +- "serde", +- "sketching", +- "tracing", +-] +- +-[[package]] +-name = "kanidm_lib_file_permissions" +-version = "0.1.0" +-dependencies = [ +- "users", +- "whoami", +-] +- +-[[package]] +-name = "kanidm_proto" +-version = "1.1.0-alpha.12" +-dependencies = [ +- "base32", +- "base64urlsafedata", +- "last-git-commit", +- "num_enum", +- "scim_proto", +- "serde", +- "serde_json", +- "time 0.2.27", +- "tracing", +- "url", +- "urlencoding", +- "uuid", +- "webauthn-rs-proto", +-] +- +-[[package]] +-name = "kanidm_tools" +-version = "1.1.0-alpha.12" +-dependencies = [ +- "clap", +- "clap_complete", +- "compact_jwt", +- "dialoguer", +- "futures-concurrency", +- "kanidm_client", +- "kanidm_proto", +- "libc", +- "qrcode", +- "rpassword 7.2.0", +- "serde", +- "serde_json", +- "shellexpand", +- "time 0.2.27", +- "tokio", +- "tracing", +- "tracing-subscriber", +- "url", +- "uuid", +- "webauthn-authenticator-rs", +- "zxcvbn", +-] +- +-[[package]] +-name = "kanidm_unix_int" +-version = "1.1.0-alpha.12" +-dependencies = [ +- "bytes", +- "clap", +- "clap_complete", +- "futures", +- "kanidm_client", +- "kanidm_lib_crypto", +- "kanidm_lib_file_permissions", +- "kanidm_proto", +- "kanidmd_core", +- "libc", +- "libsqlite3-sys", +- "lru 0.8.1", +- "profiles", +- "r2d2", +- "r2d2_sqlite", +- "reqwest", +- "rpassword 7.2.0", +- "rusqlite", +- "serde", +- "serde_json", +- "sketching", +- "tokio", +- "tokio-util", +- "toml", +- "tracing", +- "users", +- "walkdir", +-] +- +-[[package]] +-name = "kanidmd_core" +-version = "1.1.0-alpha.12" +-dependencies = [ +- "async-trait", +- "chrono", +- "compact_jwt", +- "cron", +- "futures-util", +- "http-types", +- "kanidm_proto", +- "kanidmd_lib", +- "ldap3_proto", +- "libc", +- "openssl", +- "profiles", +- "rand 0.8.5", +- "regex", +- "serde", +- "serde_json", +- "sketching", +- "tide", +- "tide-compress", +- "tide-openssl", +- "time 0.2.27", +- "tokio", +- "tokio-openssl", +- "tokio-util", +- "toml", +- "tracing", +- "uuid", +-] +- +-[[package]] +-name = "kanidmd_lib" +-version = "1.1.0-alpha.12" +-dependencies = [ +- "async-trait", +- "base64 0.21.1", +- "base64urlsafedata", +- "compact_jwt", +- "concread", +- "criterion", +- "dyn-clone", +- "fernet", +- "filetime", +- "futures", +- "futures-util", +- "hashbrown 0.12.3", +- "idlset", +- "kanidm_lib_crypto", +- "kanidm_proto", +- "kanidmd_lib_macros", +- "lazy_static", +- "ldap3_proto", +- "libc", +- "libsqlite3-sys", +- "nonempty", +- "num_enum", +- "openssl", +- "openssl-sys", +- "profiles", +- "r2d2", +- "r2d2_sqlite", +- "rand 0.8.5", +- "regex", +- "rusqlite", +- "serde", +- "serde_cbor_2", +- "serde_json", +- "sketching", +- "smartstring", +- "smolset", +- "sshkeys", +- "tide", +- "time 0.2.27", +- "tokio", +- "tokio-util", +- "toml", +- "touch", +- "tracing", +- "url", +- "urlencoding", +- "users", +- "uuid", +- "webauthn-authenticator-rs", +- "webauthn-rs", +- "webauthn-rs-core", +- "whoami", +- "zxcvbn", +-] +- +-[[package]] +-name = "kanidmd_lib_macros" +-version = "0.1.0" +-dependencies = [ +- "proc-macro2", +- "quote", +- "syn 2.0.16", +-] +- +-[[package]] +-name = "kanidmd_testkit" +-version = "1.1.0-alpha.12" +-dependencies = [ +- "compact_jwt", +- "futures", +- "kanidm_client", +- "kanidm_proto", +- "kanidmd_core", +- "kanidmd_lib", +- "oauth2", +- "profiles", +- "reqwest", +- "serde_json", +- "sketching", +- "testkit-macros", +- "time 0.2.27", +- "tokio", +- "tracing", +- "url", +- "webauthn-authenticator-rs", +-] +- +-[[package]] +-name = "kanidmd_web_ui" +-version = "1.1.0-alpha.12" +-dependencies = [ +- "compact_jwt", +- "gloo", +- "gloo-net", +- "js-sys", +- "kanidm_proto", +- "qrcode", +- "serde", +- "serde-wasm-bindgen", +- "serde_json", +- "time 0.2.27", +- "url", +- "uuid", +- "wasm-bindgen", +- "wasm-bindgen-futures", +- "wasm-bindgen-test", +- "web-sys", +- "yew", +- "yew-router", +-] +- +-[[package]] +-name = "kv-log-macro" +-version = "1.0.7" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "0de8b303297635ad57c9f5059fd9cee7a47f8e8daa09df0fcd07dd39fb22977f" +-dependencies = [ +- "log", +-] +- +-[[package]] +-name = "last-git-commit" +-version = "0.2.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "9f2e5243385b2ea0443d79fd6f5ea97b0509f2571e8f39e99d1ead2bcc1c89c0" +-dependencies = [ +- "git2", +-] +- +-[[package]] +-name = "lazy_static" +-version = "1.4.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" +- +-[[package]] +-name = "lber" +-version = "0.4.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "b5d85f5e00e12cb50c70c3b1c1f0daff6546eb4c608b44d0a990e38a539e0446" +-dependencies = [ +- "bytes", +- "nom", +-] +- +-[[package]] +-name = "ldap3_client" +-version = "0.3.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "0236f3aac28f4f79929664cd635f310fa7469f17b67d45c85848a0f3ca516d53" +-dependencies = [ +- "base64 0.13.1", +- "base64urlsafedata", +- "futures-util", +- "ldap3_proto", +- "openssl", +- "serde", +- "tokio", +- "tokio-openssl", +- "tokio-util", +- "tracing", +- "url", +- "uuid", +-] +- +-[[package]] +-name = "ldap3_proto" +-version = "0.3.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "57ea4b099d9f84c8424a56e9b361f5f9aeae9d87ca9bd683c54a6a27c8676597" +-dependencies = [ +- "bytes", +- "lber", +- "nom", +- "peg", +- "tokio-util", +- "tracing", +- "uuid", +-] +- +-[[package]] +-name = "libc" +-version = "0.2.144" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "2b00cc1c228a6782d0f076e7b232802e0c5689d41bb5df366f2a6b6621cfdfe1" +- +-[[package]] +-name = "libgit2-sys" +-version = "0.12.26+1.3.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "19e1c899248e606fbfe68dcb31d8b0176ebab833b103824af31bddf4b7457494" +-dependencies = [ +- "cc", +- "libc", +- "libssh2-sys", +- "libz-sys", +- "openssl-sys", +- "pkg-config", +-] +- +-[[package]] +-name = "libnss" +-version = "0.4.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "48b67ef5ebef2a035ac8106c9b71176b6246be2a580ff4ee94bb80919e55b34c" +-dependencies = [ +- "lazy_static", +- "libc", +- "paste 0.1.18", +-] +- +-[[package]] +-name = "libsqlite3-sys" +-version = "0.25.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "29f835d03d717946d28b1d1ed632eb6f0e24a299388ee623d0c23118d3e8a7fa" +-dependencies = [ +- "cc", +- "pkg-config", +- "vcpkg", +-] +- +-[[package]] +-name = "libssh2-sys" +-version = "0.2.23" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "b094a36eb4b8b8c8a7b4b8ae43b2944502be3e59cd87687595cf6b0a71b3f4ca" +-dependencies = [ +- "cc", +- "libc", +- "libz-sys", +- "openssl-sys", +- "pkg-config", +- "vcpkg", +-] +- +-[[package]] +-name = "libudev" +-version = "0.2.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "ea626d3bdf40a1c5aee3bcd4f40826970cae8d80a8fec934c82a63840094dcfe" +-dependencies = [ +- "libc", +- "libudev-sys", +-] +- +-[[package]] +-name = "libudev-sys" +-version = "0.1.4" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "3c8469b4a23b962c1396b9b451dda50ef5b283e8dd309d69033475fa9b334324" +-dependencies = [ +- "libc", +- "pkg-config", +-] +- +-[[package]] +-name = "libz-sys" +-version = "1.1.9" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "56ee889ecc9568871456d42f603d6a0ce59ff328d291063a45cbdf0036baf6db" +-dependencies = [ +- "cc", +- "libc", +- "pkg-config", +- "vcpkg", +-] +- +-[[package]] +-name = "linux-raw-sys" +-version = "0.3.8" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519" +- +-[[package]] +-name = "lock_api" +-version = "0.4.9" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "435011366fe56583b16cf956f9df0095b405b82d76425bc8981c0e22e60ec4df" +-dependencies = [ +- "autocfg", +- "scopeguard", +-] +- +-[[package]] +-name = "log" +-version = "0.4.17" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e" +-dependencies = [ +- "cfg-if 1.0.0", +- "serde", +- "value-bag", +-] +- +-[[package]] +-name = "lru" +-version = "0.7.8" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "e999beba7b6e8345721bd280141ed958096a2e4abdf74f67ff4ce49b4b54e47a" +-dependencies = [ +- "hashbrown 0.12.3", +-] +- +-[[package]] +-name = "lru" +-version = "0.8.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "b6e8aaa3f231bb4bd57b84b2d5dc3ae7f350265df8aa96492e0bc394a1571909" +-dependencies = [ +- "hashbrown 0.12.3", +-] +- +-[[package]] +-name = "matchers" +-version = "0.1.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "8263075bb86c5a1b1427b5ae862e8889656f126e9f77c484496e8b47cf5c5558" +-dependencies = [ +- "regex-automata", +-] +- +-[[package]] +-name = "matches" +-version = "0.1.10" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "2532096657941c2fea9c289d370a250971c689d4f143798ff67113ec042024a5" +- +-[[package]] +-name = "mathru" +-version = "0.13.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "9a42bf938e4c9a6ad581cf528d5606eb50c5458ac759ca23719291e2f6499bec" +-dependencies = [ +- "rand 0.8.5", +-] +- +-[[package]] +-name = "memchr" +-version = "2.5.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d" +- +-[[package]] +-name = "memoffset" +-version = "0.6.5" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "5aa361d4faea93603064a027415f07bd8e1d5c88c9fbf68bf56a285428fd79ce" +-dependencies = [ +- "autocfg", +-] +- +-[[package]] +-name = "memoffset" +-version = "0.8.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "d61c719bcfbcf5d62b3a09efa6088de8c54bc0bfcd3ea7ae39fcc186108b8de1" +-dependencies = [ +- "autocfg", +-] +- +-[[package]] +-name = "mime" +-version = "0.3.17" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" +- +-[[package]] +-name = "minimal-lexical" +-version = "0.2.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" +- +-[[package]] +-name = "miniz_oxide" +-version = "0.7.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7" +-dependencies = [ +- "adler", +-] +- +-[[package]] +-name = "mio" +-version = "0.8.6" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "5b9d9a46eff5b4ff64b45a9e316a6d1e0bc719ef429cbec4dc630684212bfdf9" +-dependencies = [ +- "libc", +- "log", +- "wasi 0.11.0+wasi-snapshot-preview1", +- "windows-sys 0.45.0", +-] +- +-[[package]] +-name = "native-tls" +-version = "0.2.11" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "07226173c32f2926027b63cce4bcd8076c3552846cbe7925f3aaffeac0a3b92e" +-dependencies = [ +- "lazy_static", +- "libc", +- "log", +- "openssl", +- "openssl-probe", +- "openssl-sys", +- "schannel", +- "security-framework", +- "security-framework-sys", +- "tempfile", +-] +- +-[[package]] +-name = "nom" +-version = "7.1.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" +-dependencies = [ +- "memchr", +- "minimal-lexical", +-] +- +-[[package]] +-name = "nonempty" +-version = "0.8.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "aeaf4ad7403de93e699c191202f017118df734d3850b01e13a3a8b2e6953d3c9" +-dependencies = [ +- "serde", +-] +- +-[[package]] +-name = "nss_kanidm" +-version = "1.1.0-alpha.12" +-dependencies = [ +- "kanidm_unix_int", +- "lazy_static", +- "libc", +- "libnss", +- "paste 1.0.12", +-] +- +-[[package]] +-name = "nu-ansi-term" +-version = "0.46.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "77a8165726e8236064dbb45459242600304b42a5ea24ee2948e18e023bf7ba84" +-dependencies = [ +- "overload", +- "winapi", +-] +- +-[[package]] +-name = "num-bigint" +-version = "0.4.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "f93ab6289c7b344a8a9f60f88d80aa20032336fe78da341afc91c8a2341fc75f" +-dependencies = [ +- "autocfg", +- "num-integer", +- "num-traits", +-] +- +-[[package]] +-name = "num-integer" +-version = "0.1.45" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9" +-dependencies = [ +- "autocfg", +- "num-traits", +-] +- +-[[package]] +-name = "num-iter" +-version = "0.1.43" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "7d03e6c028c5dc5cac6e2dec0efda81fc887605bb3d884578bb6d6bf7514e252" +-dependencies = [ +- "autocfg", +- "num-integer", +- "num-traits", +-] +- +-[[package]] +-name = "num-rational" +-version = "0.3.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "12ac428b1cb17fce6f731001d307d351ec70a6d202fc2e60f7d4c5e42d8f4f07" +-dependencies = [ +- "autocfg", +- "num-integer", +- "num-traits", +-] +- +-[[package]] +-name = "num-traits" +-version = "0.2.15" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd" +-dependencies = [ +- "autocfg", +-] +- +-[[package]] +-name = "num_cpus" +-version = "1.15.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "0fac9e2da13b5eb447a6ce3d392f23a29d8694bff781bf03a16cd9ac8697593b" +-dependencies = [ +- "hermit-abi 0.2.6", +- "libc", +-] +- +-[[package]] +-name = "num_enum" +-version = "0.5.11" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "1f646caf906c20226733ed5b1374287eb97e3c2a5c227ce668c1f2ce20ae57c9" +-dependencies = [ +- "num_enum_derive", +-] +- +-[[package]] +-name = "num_enum_derive" +-version = "0.5.11" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "dcbff9bc912032c62bf65ef1d5aea88983b420f4f839db1e9b0c281a25c9c799" +-dependencies = [ +- "proc-macro-crate", +- "proc-macro2", +- "quote", +- "syn 1.0.109", +-] +- +-[[package]] +-name = "oauth2" +-version = "4.4.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "50df55a3cc0374df91ef8da8741542d9e0b9e6581481ed1cffe84f64d2f5fc3d" +-dependencies = [ +- "base64 0.13.1", +- "chrono", +- "getrandom 0.2.9", +- "http", +- "rand 0.8.5", +- "serde", +- "serde_json", +- "serde_path_to_error", +- "sha2 0.10.6", +- "thiserror", +- "url", +-] +- +-[[package]] +-name = "oid-registry" +-version = "0.4.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "38e20717fa0541f39bd146692035c37bedfa532b3e5071b35761082407546b2a" +-dependencies = [ +- "asn1-rs", +-] +- +-[[package]] +-name = "once_cell" +-version = "1.17.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "b7e5500299e16ebb147ae15a00a942af264cf3688f47923b8fc2cd5858f23ad3" +- +-[[package]] +-name = "oorandom" +-version = "11.1.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" +- +-[[package]] +-name = "opaque-debug" +-version = "0.2.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "2839e79665f131bdb5782e51f2c6c9599c133c6098982a54c794358bf432529c" +- +-[[package]] +-name = "opaque-debug" +-version = "0.3.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" +- +-[[package]] +-name = "openssl" +-version = "0.10.52" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "01b8574602df80f7b85fdfc5392fa884a4e3b3f4f35402c070ab34c3d3f78d56" +-dependencies = [ +- "bitflags", +- "cfg-if 1.0.0", +- "foreign-types", +- "libc", +- "once_cell", +- "openssl-macros", +- "openssl-sys", +-] +- +-[[package]] +-name = "openssl-macros" +-version = "0.1.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" +-dependencies = [ +- "proc-macro2", +- "quote", +- "syn 2.0.16", +-] +- +-[[package]] +-name = "openssl-probe" +-version = "0.1.5" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" +- +-[[package]] +-name = "openssl-sys" +-version = "0.9.87" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "8e17f59264b2809d77ae94f0e1ebabc434773f370d6ca667bd223ea10e06cc7e" +-dependencies = [ +- "cc", +- "libc", +- "pkg-config", +- "vcpkg", +-] +- +-[[package]] +-name = "orca" +-version = "1.1.0-alpha.12" +-dependencies = [ +- "clap", +- "crossbeam", +- "csv", +- "dialoguer", +- "futures-util", +- "kanidm_client", +- "kanidm_proto", +- "ldap3_proto", +- "mathru", +- "openssl", +- "profiles", +- "rand 0.8.5", +- "serde", +- "serde_json", +- "tikv-jemallocator", +- "tokio", +- "tokio-openssl", +- "tokio-util", +- "toml", +- "tracing", +- "tracing-subscriber", +- "uuid", +-] +- +-[[package]] +-name = "os_str_bytes" +-version = "6.5.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "ceedf44fb00f2d1984b0bc98102627ce622e083e49a5bacdb3e514fa4238e267" +- +-[[package]] +-name = "overload" +-version = "0.1.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39" +- +-[[package]] +-name = "pam_kanidm" +-version = "1.1.0-alpha.12" +-dependencies = [ +- "kanidm_unix_int", +- "libc", +- "pkg-config", +-] +- +-[[package]] +-name = "parking" +-version = "2.1.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "14f2252c834a40ed9bb5422029649578e63aa341ac401f74e719dd1afda8394e" +- +-[[package]] +-name = "parking_lot" +-version = "0.12.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f" +-dependencies = [ +- "lock_api", +- "parking_lot_core", +-] +- +-[[package]] +-name = "parking_lot_core" +-version = "0.9.7" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "9069cbb9f99e3a5083476ccb29ceb1de18b9118cafa53e90c9551235de2b9521" +-dependencies = [ +- "cfg-if 1.0.0", +- "libc", +- "redox_syscall 0.2.16", +- "smallvec", +- "windows-sys 0.45.0", +-] +- +-[[package]] +-name = "paste" +-version = "0.1.18" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "45ca20c77d80be666aef2b45486da86238fabe33e38306bd3118fe4af33fa880" +-dependencies = [ +- "paste-impl", +- "proc-macro-hack", +-] +- +-[[package]] +-name = "paste" +-version = "1.0.12" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "9f746c4065a8fa3fe23974dd82f15431cc8d40779821001404d10d2e79ca7d79" +- +-[[package]] +-name = "paste-impl" +-version = "0.1.18" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "d95a7db200b97ef370c8e6de0088252f7e0dfff7d047a28528e47456c0fc98b6" +-dependencies = [ +- "proc-macro-hack", +-] +- +-[[package]] +-name = "peg" +-version = "0.8.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "a07f2cafdc3babeebc087e499118343442b742cc7c31b4d054682cc598508554" +-dependencies = [ +- "peg-macros", +- "peg-runtime", +-] +- +-[[package]] +-name = "peg-macros" +-version = "0.8.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "4a90084dc05cf0428428e3d12399f39faad19b0909f64fb9170c9fdd6d9cd49b" +-dependencies = [ +- "peg-runtime", +- "proc-macro2", +- "quote", +-] +- +-[[package]] +-name = "peg-runtime" +-version = "0.8.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "9fa00462b37ead6d11a82c9d568b26682d78e0477dc02d1966c013af80969739" +- +-[[package]] +-name = "percent-encoding" +-version = "2.2.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "478c572c3d73181ff3c2539045f6eb99e5491218eae919370993b890cdbdd98e" +- +-[[package]] +-name = "pin-project" +-version = "1.1.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "c95a7476719eab1e366eaf73d0260af3021184f18177925b07f54b30089ceead" +-dependencies = [ +- "pin-project-internal", +-] +- +-[[package]] +-name = "pin-project-internal" +-version = "1.1.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "39407670928234ebc5e6e580247dd567ad73a3578460c5990f9503df207e8f07" +-dependencies = [ +- "proc-macro2", +- "quote", +- "syn 2.0.16", +-] +- +-[[package]] +-name = "pin-project-lite" +-version = "0.1.12" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "257b64915a082f7811703966789728173279bdebb956b143dbcd23f6f970a777" +- +-[[package]] +-name = "pin-project-lite" +-version = "0.2.9" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "e0a7ae3ac2f1173085d398531c705756c94a4c56843785df85a60c1a0afac116" +- +-[[package]] +-name = "pin-utils" +-version = "0.1.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" +- +-[[package]] +-name = "pinned" +-version = "0.1.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "a829027bd95e54cfe13e3e258a1ae7b645960553fb82b75ff852c29688ee595b" +-dependencies = [ +- "futures", +- "rustversion", +- "thiserror", +-] +- +-[[package]] +-name = "pkg-config" +-version = "0.3.27" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964" +- +-[[package]] +-name = "plotters" +-version = "0.3.4" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "2538b639e642295546c50fcd545198c9d64ee2a38620a628724a3b266d5fbf97" +-dependencies = [ +- "num-traits", +- "plotters-backend", +- "plotters-svg", +- "wasm-bindgen", +- "web-sys", +-] +- +-[[package]] +-name = "plotters-backend" +-version = "0.3.4" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "193228616381fecdc1224c62e96946dfbc73ff4384fba576e052ff8c1bea8142" +- +-[[package]] +-name = "plotters-svg" +-version = "0.3.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "f9a81d2759aae1dae668f783c308bc5c8ebd191ff4184aaa1b37f65a6ae5a56f" +-dependencies = [ +- "plotters-backend", +-] +- +-[[package]] +-name = "polling" +-version = "2.8.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "4b2d323e8ca7996b3e23126511a523f7e62924d93ecd5ae73b333815b0eb3dce" +-dependencies = [ +- "autocfg", +- "bitflags", +- "cfg-if 1.0.0", +- "concurrent-queue", +- "libc", +- "log", +- "pin-project-lite 0.2.9", +- "windows-sys 0.48.0", +-] +- +-[[package]] +-name = "polyval" +-version = "0.4.5" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "eebcc4aa140b9abd2bc40d9c3f7ccec842679cd79045ac3a7ac698c1a064b7cd" +-dependencies = [ +- "cpuid-bool", +- "opaque-debug 0.3.0", +- "universal-hash", +-] +- +-[[package]] +-name = "ppv-lite86" +-version = "0.2.17" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" +- +-[[package]] +-name = "prettyplease" +-version = "0.1.25" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "6c8646e95016a7a6c4adea95bafa8a16baab64b583356217f2c85db4a39d9a86" +-dependencies = [ +- "proc-macro2", +- "syn 1.0.109", +-] +- +-[[package]] +-name = "proc-macro-crate" +-version = "1.3.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "7f4c021e1093a56626774e81216a4ce732a735e5bad4868a03f3ed65ca0c3919" +-dependencies = [ +- "once_cell", +- "toml_edit", +-] +- +-[[package]] +-name = "proc-macro-error" +-version = "1.0.4" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c" +-dependencies = [ +- "proc-macro-error-attr", +- "proc-macro2", +- "quote", +- "syn 1.0.109", +- "version_check", +-] +- +-[[package]] +-name = "proc-macro-error-attr" +-version = "1.0.4" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869" +-dependencies = [ +- "proc-macro2", +- "quote", +- "version_check", +-] +- +-[[package]] +-name = "proc-macro-hack" +-version = "0.5.20+deprecated" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "dc375e1527247fe1a97d8b7156678dfe7c1af2fc075c9a4db3690ecd2a148068" +- +-[[package]] +-name = "proc-macro2" +-version = "1.0.58" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "fa1fb82fc0c281dd9671101b66b771ebbe1eaf967b96ac8740dcba4b70005ca8" +-dependencies = [ +- "unicode-ident", +-] +- +-[[package]] +-name = "profiles" +-version = "1.1.0-alpha.12" +-dependencies = [ +- "base64 0.21.1", +- "serde", +- "toml", +-] +- +-[[package]] +-name = "prokio" +-version = "0.1.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "03b55e106e5791fa5a13abd13c85d6127312e8e09098059ca2bc9b03ca4cf488" +-dependencies = [ +- "futures", +- "gloo", +- "num_cpus", +- "once_cell", +- "pin-project", +- "pinned", +- "tokio", +- "tokio-stream", +- "wasm-bindgen-futures", +-] +- +-[[package]] +-name = "psl-types" +-version = "2.0.11" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "33cb294fe86a74cbcf50d4445b37da762029549ebeea341421c7c70370f86cac" +- +-[[package]] +-name = "publicsuffix" +-version = "2.2.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "96a8c1bda5ae1af7f99a2962e49df150414a43d62404644d98dd5c3a93d07457" +-dependencies = [ +- "idna 0.3.0", +- "psl-types", +-] +- +-[[package]] +-name = "qrcode" +-version = "0.12.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "16d2f1455f3630c6e5107b4f2b94e74d76dea80736de0981fd27644216cff57f" +-dependencies = [ +- "checked_int_cast", +- "image", +-] +- +-[[package]] +-name = "quick-error" +-version = "2.0.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "a993555f31e5a609f617c12db6250dedcac1b0a85076912c436e6fc9b2c8e6a3" +- +-[[package]] +-name = "quote" +-version = "1.0.27" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "8f4f29d145265ec1c483c7c654450edde0bfe043d3938d6972630663356d9500" +-dependencies = [ +- "proc-macro2", +-] +- +-[[package]] +-name = "r2d2" +-version = "0.8.10" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "51de85fb3fb6524929c8a2eb85e6b6d363de4e8c48f9e2c2eac4944abc181c93" +-dependencies = [ +- "log", +- "parking_lot", +- "scheduled-thread-pool", +-] +- +-[[package]] +-name = "r2d2_sqlite" +-version = "0.21.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "b4f5d0337e99cd5cacd91ffc326c6cc9d8078def459df560c4f9bf9ba4a51034" +-dependencies = [ +- "r2d2", +- "rusqlite", +-] +- +-[[package]] +-name = "rand" +-version = "0.7.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03" +-dependencies = [ +- "getrandom 0.1.16", +- "libc", +- "rand_chacha 0.2.2", +- "rand_core 0.5.1", +- "rand_hc", +-] +- +-[[package]] +-name = "rand" +-version = "0.8.5" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +-dependencies = [ +- "libc", +- "rand_chacha 0.3.1", +- "rand_core 0.6.4", +-] +- +-[[package]] +-name = "rand_chacha" +-version = "0.2.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402" +-dependencies = [ +- "ppv-lite86", +- "rand_core 0.5.1", +-] +- +-[[package]] +-name = "rand_chacha" +-version = "0.3.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +-dependencies = [ +- "ppv-lite86", +- "rand_core 0.6.4", +-] +- +-[[package]] +-name = "rand_core" +-version = "0.5.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19" +-dependencies = [ +- "getrandom 0.1.16", +-] +- +-[[package]] +-name = "rand_core" +-version = "0.6.4" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +-dependencies = [ +- "getrandom 0.2.9", +-] +- +-[[package]] +-name = "rand_hc" +-version = "0.2.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c" +-dependencies = [ +- "rand_core 0.5.1", +-] +- +-[[package]] +-name = "rayon" +-version = "1.7.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "1d2df5196e37bcc87abebc0053e20787d73847bb33134a69841207dd0a47f03b" +-dependencies = [ +- "either", +- "rayon-core", +-] +- +-[[package]] +-name = "rayon-core" +-version = "1.11.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "4b8f95bd6966f5c87776639160a66bd8ab9895d9d4ab01ddba9fc60661aebe8d" +-dependencies = [ +- "crossbeam-channel", +- "crossbeam-deque", +- "crossbeam-utils", +- "num_cpus", +-] +- +-[[package]] +-name = "redox_syscall" +-version = "0.2.16" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a" +-dependencies = [ +- "bitflags", +-] +- +-[[package]] +-name = "redox_syscall" +-version = "0.3.5" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "567664f262709473930a4bf9e51bf2ebf3348f2e748ccc50dea20646858f8f29" +-dependencies = [ +- "bitflags", +-] +- +-[[package]] +-name = "redox_users" +-version = "0.4.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "b033d837a7cf162d7993aded9304e30a83213c648b6e389db233191f891e5c2b" +-dependencies = [ +- "getrandom 0.2.9", +- "redox_syscall 0.2.16", +- "thiserror", +-] +- +-[[package]] +-name = "regex" +-version = "1.8.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "d1a59b5d8e97dee33696bf13c5ba8ab85341c002922fba050069326b9c498974" +-dependencies = [ +- "aho-corasick", +- "memchr", +- "regex-syntax 0.7.2", +-] +- +-[[package]] +-name = "regex-automata" +-version = "0.1.10" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132" +-dependencies = [ +- "regex-syntax 0.6.29", +-] +- +-[[package]] +-name = "regex-syntax" +-version = "0.6.29" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1" +- +-[[package]] +-name = "regex-syntax" +-version = "0.7.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "436b050e76ed2903236f032a59761c1eb99e1b0aead2c257922771dab1fc8c78" +- +-[[package]] +-name = "reqwest" +-version = "0.11.18" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "cde824a14b7c14f85caff81225f411faacc04a2013f41670f41443742b1c1c55" +-dependencies = [ +- "async-compression 0.4.0", +- "base64 0.21.1", +- "bytes", +- "cookie 0.16.2", +- "cookie_store", +- "encoding_rs", +- "futures-core", +- "futures-util", +- "h2", +- "http", +- "http-body", +- "hyper", +- "hyper-tls", +- "ipnet", +- "js-sys", +- "log", +- "mime", +- "native-tls", +- "once_cell", +- "percent-encoding", +- "pin-project-lite 0.2.9", +- "serde", +- "serde_json", +- "serde_urlencoded", +- "tokio", +- "tokio-native-tls", +- "tokio-util", +- "tower-service", +- "url", +- "wasm-bindgen", +- "wasm-bindgen-futures", +- "web-sys", +- "winreg", +-] +- +-[[package]] +-name = "route-recognizer" +-version = "0.2.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "56770675ebc04927ded3e60633437841581c285dc6236109ea25fbf3beb7b59e" +- +-[[package]] +-name = "route-recognizer" +-version = "0.3.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "afab94fb28594581f62d981211a9a4d53cc8130bbcbbb89a0440d9b8e81a7746" +- +-[[package]] +-name = "rpassword" +-version = "5.0.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "ffc936cf8a7ea60c58f030fd36a612a48f440610214dc54bc36431f9ea0c3efb" +-dependencies = [ +- "libc", +- "winapi", +-] +- +-[[package]] +-name = "rpassword" +-version = "7.2.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "6678cf63ab3491898c0d021b493c94c9b221d91295294a2a5746eacbe5928322" +-dependencies = [ +- "libc", +- "rtoolbox", +- "winapi", +-] +- +-[[package]] +-name = "rtoolbox" +-version = "0.0.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "034e22c514f5c0cb8a10ff341b9b048b5ceb21591f31c8f44c43b960f9b3524a" +-dependencies = [ +- "libc", +- "winapi", +-] +- +-[[package]] +-name = "runloop" +-version = "0.1.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "5d79b4b604167921892e84afbbaad9d5ad74e091bf6c511d9dbfb0593f09fabd" +- +-[[package]] +-name = "rusqlite" +-version = "0.28.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "01e213bc3ecb39ac32e81e51ebe31fd888a940515173e3a18a35f8c6e896422a" +-dependencies = [ +- "bitflags", +- "fallible-iterator", +- "fallible-streaming-iterator", +- "hashlink", +- "libsqlite3-sys", +- "smallvec", +-] +- +-[[package]] +-name = "rustc_version" +-version = "0.2.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "138e3e0acb6c9fb258b19b67cb8abd63c00679d2851805ea151465464fe9030a" +-dependencies = [ +- "semver", +-] +- +-[[package]] +-name = "rusticata-macros" +-version = "4.1.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "faf0c4a6ece9950b9abdb62b1cfcf2a68b3b67a10ba445b3bb85be2a293d0632" +-dependencies = [ +- "nom", +-] +- +-[[package]] +-name = "rustix" +-version = "0.37.19" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "acf8729d8542766f1b2cf77eb034d52f40d375bb8b615d0b147089946e16613d" +-dependencies = [ +- "bitflags", +- "errno", +- "io-lifetimes", +- "libc", +- "linux-raw-sys", +- "windows-sys 0.48.0", +-] +- +-[[package]] +-name = "rustversion" +-version = "1.0.12" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "4f3208ce4d8448b3f3e7d168a73f5e0c43a61e32930de3bceeccedb388b6bf06" +- +-[[package]] +-name = "ryu" +-version = "1.0.13" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "f91339c0467de62360649f8d3e185ca8de4224ff281f66000de5eb2a77a79041" +- +-[[package]] +-name = "same-file" +-version = "1.0.6" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502" +-dependencies = [ +- "winapi-util", +-] +- +-[[package]] +-name = "schannel" +-version = "0.1.21" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "713cfb06c7059f3588fb8044c0fad1d09e3c01d225e25b9220dbfdcf16dbb1b3" +-dependencies = [ +- "windows-sys 0.42.0", +-] +- +-[[package]] +-name = "scheduled-thread-pool" +-version = "0.2.7" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "3cbc66816425a074528352f5789333ecff06ca41b36b0b0efdfbb29edc391a19" +-dependencies = [ +- "parking_lot", +-] +- +-[[package]] +-name = "scim_proto" +-version = "0.1.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "e5abc672c8241e5bd368c0a73bf24727e98b0000a8636a44b8eb42a1e22835ef" +-dependencies = [ +- "base64urlsafedata", +- "peg", +- "serde", +- "serde_json", +- "time 0.2.27", +- "tracing", +- "tracing-subscriber", +- "url", +- "uuid", +-] +- +-[[package]] +-name = "scoped-tls" +-version = "1.0.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "e1cf6437eb19a8f4a6cc0f7dca544973b0b78843adbfeb3683d1a94a0024a294" +- +-[[package]] +-name = "scopeguard" +-version = "1.1.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" +- +-[[package]] +-name = "security-framework" +-version = "2.9.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "1fc758eb7bffce5b308734e9b0c1468893cae9ff70ebf13e7090be8dcbcc83a8" +-dependencies = [ +- "bitflags", +- "core-foundation", +- "core-foundation-sys", +- "libc", +- "security-framework-sys", +-] +- +-[[package]] +-name = "security-framework-sys" +-version = "2.9.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "f51d0c0d83bec45f16480d0ce0058397a69e48fcdc52d1dc8855fb68acbd31a7" +-dependencies = [ +- "core-foundation-sys", +- "libc", +-] +- +-[[package]] +-name = "semver" +-version = "0.9.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "1d7eb9ef2c18661902cc47e535f9bc51b78acd254da71d375c2f6720d9a40403" +-dependencies = [ +- "semver-parser", +-] +- +-[[package]] +-name = "semver-parser" +-version = "0.7.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3" +- +-[[package]] +-name = "serde" +-version = "1.0.163" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "2113ab51b87a539ae008b5c6c02dc020ffa39afd2d83cffcb3f4eb2722cebec2" +-dependencies = [ +- "serde_derive", +-] +- +-[[package]] +-name = "serde-wasm-bindgen" +-version = "0.4.5" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "e3b4c031cd0d9014307d82b8abf653c0290fbdaeb4c02d00c63cf52f728628bf" +-dependencies = [ +- "js-sys", +- "serde", +- "wasm-bindgen", +-] +- +-[[package]] +-name = "serde_bytes" +-version = "0.11.9" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "416bda436f9aab92e02c8e10d49a15ddd339cea90b6e340fe51ed97abb548294" +-dependencies = [ +- "serde", +-] +- +-[[package]] +-name = "serde_cbor" +-version = "0.11.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "2bef2ebfde456fb76bbcf9f59315333decc4fda0b2b44b420243c11e0f5ec1f5" +-dependencies = [ +- "half", +- "serde", +-] +- +-[[package]] +-name = "serde_cbor_2" +-version = "0.12.0-dev" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "b46d75f449e01f1eddbe9b00f432d616fbbd899b809c837d0fbc380496a0dd55" +-dependencies = [ +- "half", +- "serde", +-] +- +-[[package]] +-name = "serde_derive" +-version = "1.0.163" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "8c805777e3930c8883389c602315a24224bcc738b63905ef87cd1420353ea93e" +-dependencies = [ +- "proc-macro2", +- "quote", +- "syn 2.0.16", +-] +- +-[[package]] +-name = "serde_fmt" +-version = "1.0.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "e1d4ddca14104cd60529e8c7f7ba71a2c8acd8f7f5cfcdc2faf97eeb7c3010a4" +-dependencies = [ +- "serde", +-] +- +-[[package]] +-name = "serde_json" +-version = "1.0.96" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "057d394a50403bcac12672b2b18fb387ab6d289d957dab67dd201875391e52f1" +-dependencies = [ +- "itoa", +- "ryu", +- "serde", +-] +- +-[[package]] +-name = "serde_path_to_error" +-version = "0.1.11" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "f7f05c1d5476066defcdfacce1f52fc3cae3af1d3089727100c02ae92e5abbe0" +-dependencies = [ +- "serde", +-] +- +-[[package]] +-name = "serde_qs" +-version = "0.8.5" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "c7715380eec75f029a4ef7de39a9200e0a63823176b759d055b613f5a87df6a6" +-dependencies = [ +- "percent-encoding", +- "serde", +- "thiserror", +-] +- +-[[package]] +-name = "serde_urlencoded" +-version = "0.7.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd" +-dependencies = [ +- "form_urlencoded", +- "itoa", +- "ryu", +- "serde", +-] +- +-[[package]] +-name = "sha1" +-version = "0.6.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "c1da05c97445caa12d05e848c4a4fcbbea29e748ac28f7e80e9b010392063770" +-dependencies = [ +- "sha1_smol", +-] +- +-[[package]] +-name = "sha1_smol" +-version = "1.0.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "ae1a47186c03a32177042e55dbc5fd5aee900b8e0069a8d70fba96a9375cd012" +- +-[[package]] +-name = "sha2" +-version = "0.8.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "a256f46ea78a0c0d9ff00077504903ac881a1dafdc20da66545699e7776b3e69" +-dependencies = [ +- "block-buffer 0.7.3", +- "digest 0.8.1", +- "fake-simd", +- "opaque-debug 0.2.3", +-] +- +-[[package]] +-name = "sha2" +-version = "0.9.9" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "4d58a1e1bf39749807d89cf2d98ac2dfa0ff1cb3faa38fbb64dd88ac8013d800" +-dependencies = [ +- "block-buffer 0.9.0", +- "cfg-if 1.0.0", +- "cpufeatures", +- "digest 0.9.0", +- "opaque-debug 0.3.0", +-] +- +-[[package]] +-name = "sha2" +-version = "0.10.6" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "82e6b795fe2e3b1e845bafcb27aa35405c4d47cdfc92af5fc8d3002f76cebdc0" +-dependencies = [ +- "cfg-if 1.0.0", +- "cpufeatures", +- "digest 0.10.7", +-] +- +-[[package]] +-name = "sharded-slab" +-version = "0.1.4" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "900fba806f70c630b0a382d0d825e17a0f19fcd059a2ade1ff237bcddf446b31" +-dependencies = [ +- "lazy_static", +-] +- +-[[package]] +-name = "shell-words" +-version = "1.1.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "24188a676b6ae68c3b2cb3a01be17fbf7240ce009799bb56d5b1409051e78fde" +- +-[[package]] +-name = "shellexpand" +-version = "2.1.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "7ccc8076840c4da029af4f87e4e8daeb0fca6b87bbb02e10cb60b791450e11e4" +-dependencies = [ +- "dirs", +-] +- +-[[package]] +-name = "signal-hook" +-version = "0.3.15" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "732768f1176d21d09e076c23a93123d40bba92d50c4058da34d45c8de8e682b9" +-dependencies = [ +- "libc", +- "signal-hook-registry", +-] +- +-[[package]] +-name = "signal-hook-registry" +-version = "1.4.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "d8229b473baa5980ac72ef434c4415e70c4b5e71b423043adb4ba059f89c99a1" +-dependencies = [ +- "libc", +-] +- +-[[package]] +-name = "simple-mutex" +-version = "1.1.5" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "38aabbeafa6f6dead8cebf246fe9fae1f9215c8d29b3a69f93bd62a9e4a3dcd6" +-dependencies = [ +- "event-listener", +-] +- +-[[package]] +-name = "sketching" +-version = "1.1.0-alpha.12" +-dependencies = [ +- "async-trait", +- "num_enum", +- "tide", +- "tracing", +- "tracing-forest", +- "tracing-subscriber", +-] +- +-[[package]] +-name = "slab" +-version = "0.4.8" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "6528351c9bc8ab22353f9d776db39a20288e8d6c37ef8cfe3317cf875eecfc2d" +-dependencies = [ +- "autocfg", +-] +- +-[[package]] +-name = "smallvec" +-version = "1.10.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "a507befe795404456341dfab10cef66ead4c041f62b8b11bbb92bffe5d0953e0" +-dependencies = [ +- "serde", +-] +- +-[[package]] +-name = "smartstring" +-version = "1.0.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "3fb72c633efbaa2dd666986505016c32c3044395ceaf881518399d2f4127ee29" +-dependencies = [ +- "autocfg", +- "serde", +- "static_assertions", +- "version_check", +-] +- +-[[package]] +-name = "smolset" +-version = "1.3.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "a8d372e8fe15dc5229e7d6c65f5810849385e79e24f9d9d64263e132879c7be0" +-dependencies = [ +- "smallvec", +-] +- +-[[package]] +-name = "socket2" +-version = "0.4.9" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "64a4a911eed85daf18834cfaa86a79b7d266ff93ff5ba14005426219480ed662" +-dependencies = [ +- "libc", +- "winapi", +-] +- +-[[package]] +-name = "sptr" +-version = "0.3.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "3b9b39299b249ad65f3b7e96443bad61c02ca5cd3589f46cb6d610a0fd6c0d6a" +- +-[[package]] +-name = "sshkeys" +-version = "0.3.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "c926cb006a77964474a13a86aa0135ea82c9fd43e6793a1151cc54143db6637c" +-dependencies = [ +- "base64 0.12.3", +- "byteorder", +- "sha2 0.8.2", +-] +- +-[[package]] +-name = "standback" +-version = "0.2.17" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "e113fb6f3de07a243d434a56ec6f186dfd51cb08448239fe7bcae73f87ff28ff" +-dependencies = [ +- "version_check", +-] +- +-[[package]] +-name = "static_assertions" +-version = "1.1.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f" +- +-[[package]] +-name = "stdweb" +-version = "0.4.20" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "d022496b16281348b52d0e30ae99e01a73d737b2f45d38fed4edf79f9325a1d5" +-dependencies = [ +- "discard", +- "rustc_version", +- "stdweb-derive", +- "stdweb-internal-macros", +- "stdweb-internal-runtime", +- "wasm-bindgen", +-] +- +-[[package]] +-name = "stdweb-derive" +-version = "0.5.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "c87a60a40fccc84bef0652345bbbbbe20a605bf5d0ce81719fc476f5c03b50ef" +-dependencies = [ +- "proc-macro2", +- "quote", +- "serde", +- "serde_derive", +- "syn 1.0.109", +-] +- +-[[package]] +-name = "stdweb-internal-macros" +-version = "0.2.9" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "58fa5ff6ad0d98d1ffa8cb115892b6e69d67799f6763e162a1c9db421dc22e11" +-dependencies = [ +- "base-x", +- "proc-macro2", +- "quote", +- "serde", +- "serde_derive", +- "serde_json", +- "sha1", +- "syn 1.0.109", +-] +- +-[[package]] +-name = "stdweb-internal-runtime" +-version = "0.1.5" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "213701ba3370744dcd1a12960caa4843b3d68b4d1c0a5d575e0d65b2ee9d16c0" +- +-[[package]] +-name = "strsim" +-version = "0.10.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" +- +-[[package]] +-name = "subtle" +-version = "2.4.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" +- +-[[package]] +-name = "sval" +-version = "1.0.0-alpha.5" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "45f6ee7c7b87caf59549e9fe45d6a69c75c8019e79e212a835c5da0e92f0ba08" +-dependencies = [ +- "serde", +-] +- +-[[package]] +-name = "syn" +-version = "1.0.109" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" +-dependencies = [ +- "proc-macro2", +- "quote", +- "unicode-ident", +-] +- +-[[package]] +-name = "syn" +-version = "2.0.16" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "a6f671d4b5ffdb8eadec19c0ae67fe2639df8684bd7bc4b83d986b8db549cf01" +-dependencies = [ +- "proc-macro2", +- "quote", +- "unicode-ident", +-] +- +-[[package]] +-name = "synstructure" +-version = "0.12.6" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f" +-dependencies = [ +- "proc-macro2", +- "quote", +- "syn 1.0.109", +- "unicode-xid", +-] +- +-[[package]] +-name = "tempfile" +-version = "3.5.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "b9fbec84f381d5795b08656e4912bec604d162bff9291d6189a78f4c8ab87998" +-dependencies = [ +- "cfg-if 1.0.0", +- "fastrand", +- "redox_syscall 0.3.5", +- "rustix", +- "windows-sys 0.45.0", +-] +- +-[[package]] +-name = "termcolor" +-version = "1.2.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "be55cf8942feac5c765c2c993422806843c9a9a45d4d5c407ad6dd2ea95eb9b6" +-dependencies = [ +- "winapi-util", +-] +- +-[[package]] +-name = "testkit-macros" +-version = "0.1.0" +-dependencies = [ +- "proc-macro2", +- "quote", +- "syn 2.0.16", +-] +- +-[[package]] +-name = "textwrap" +-version = "0.16.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "222a222a5bfe1bba4a77b45ec488a741b3cb8872e5e499451fd7d0129c9c7c3d" +- +-[[package]] +-name = "thiserror" +-version = "1.0.40" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "978c9a314bd8dc99be594bc3c175faaa9794be04a5a5e153caba6915336cebac" +-dependencies = [ +- "thiserror-impl", +-] +- +-[[package]] +-name = "thiserror-impl" +-version = "1.0.40" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "f9456a42c5b0d803c8cd86e73dd7cc9edd429499f37a3550d286d5e86720569f" +-dependencies = [ +- "proc-macro2", +- "quote", +- "syn 2.0.16", +-] +- +-[[package]] +-name = "thread_local" +-version = "1.1.7" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "3fdd6f064ccff2d6567adcb3873ca630700f00b5ad3f060c25b5dcfd9a4ce152" +-dependencies = [ +- "cfg-if 1.0.0", +- "once_cell", +-] +- +-[[package]] +-name = "tide" +-version = "0.16.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "c459573f0dd2cc734b539047f57489ea875af8ee950860ded20cf93a79a1dee0" +-dependencies = [ +- "async-h1", +- "async-session", +- "async-sse", +- "async-std", +- "async-trait", +- "femme", +- "futures-util", +- "http-client", +- "http-types", +- "kv-log-macro", +- "log", +- "pin-project-lite 0.2.9", +- "route-recognizer 0.2.0", +- "serde", +- "serde_json", +-] +- +-[[package]] +-name = "tide-compress" +-version = "0.10.6" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "92a55e754f247bb04c6ea1c2ec46f1a4e8a91dabca9dc7a38c67aa3a9df6b359" +-dependencies = [ +- "async-compression 0.3.15", +- "futures-lite", +- "http-types", +- "regex", +- "tide", +-] +- +-[[package]] +-name = "tide-openssl" +-version = "0.1.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "5ca37203863763d3faf05b22d32a0c2da7a2d429b8fb22345e19e45ec2ad1071" +-dependencies = [ +- "async-dup", +- "async-h1", +- "async-std", +- "async-std-openssl", +- "futures-util", +- "openssl", +- "openssl-sys", +- "tide", +-] +- +-[[package]] +-name = "tikv-jemalloc-sys" +-version = "0.5.3+5.3.0-patched" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "a678df20055b43e57ef8cddde41cdfda9a3c1a060b67f4c5836dfb1d78543ba8" +-dependencies = [ +- "cc", +- "libc", +-] +- +-[[package]] +-name = "tikv-jemallocator" +-version = "0.5.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "20612db8a13a6c06d57ec83953694185a367e16945f66565e8028d2c0bd76979" +-dependencies = [ +- "libc", +- "tikv-jemalloc-sys", +-] +- +-[[package]] +-name = "time" +-version = "0.1.45" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "1b797afad3f312d1c66a56d11d0316f916356d11bd158fbc6ca6389ff6bf805a" +-dependencies = [ +- "libc", +- "wasi 0.10.0+wasi-snapshot-preview1", +- "winapi", +-] +- +-[[package]] +-name = "time" +-version = "0.2.27" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "4752a97f8eebd6854ff91f1c1824cd6160626ac4bd44287f7f4ea2035a02a242" +-dependencies = [ +- "const_fn", +- "libc", +- "serde", +- "standback", +- "stdweb", +- "time-macros 0.1.1", +- "version_check", +- "winapi", +-] +- +-[[package]] +-name = "time" +-version = "0.3.21" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "8f3403384eaacbca9923fa06940178ac13e4edb725486d70e8e15881d0c836cc" +-dependencies = [ +- "itoa", +- "serde", +- "time-core", +- "time-macros 0.2.9", +-] +- +-[[package]] +-name = "time-core" +-version = "0.1.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "7300fbefb4dadc1af235a9cef3737cea692a9d97e1b9cbcd4ebdae6f8868e6fb" +- +-[[package]] +-name = "time-macros" +-version = "0.1.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "957e9c6e26f12cb6d0dd7fc776bb67a706312e7299aed74c8dd5b17ebb27e2f1" +-dependencies = [ +- "proc-macro-hack", +- "time-macros-impl", +-] +- +-[[package]] +-name = "time-macros" +-version = "0.2.9" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "372950940a5f07bf38dbe211d7283c9e6d7327df53794992d293e534c733d09b" +-dependencies = [ +- "time-core", +-] +- +-[[package]] +-name = "time-macros-impl" +-version = "0.1.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "fd3c141a1b43194f3f56a1411225df8646c55781d5f26db825b3d98507eb482f" +-dependencies = [ +- "proc-macro-hack", +- "proc-macro2", +- "quote", +- "standback", +- "syn 1.0.109", +-] +- +-[[package]] +-name = "tinytemplate" +-version = "1.2.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "be4d6b5f19ff7664e8c98d03e2139cb510db9b0a60b55f8e8709b689d939b6bc" +-dependencies = [ +- "serde", +- "serde_json", +-] +- +-[[package]] +-name = "tinyvec" +-version = "1.6.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "87cc5ceb3875bb20c2890005a4e226a4651264a5c75edb2421b52861a0a0cb50" +-dependencies = [ +- "tinyvec_macros", +-] +- +-[[package]] +-name = "tinyvec_macros" +-version = "0.1.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" +- +-[[package]] +-name = "tokio" +-version = "1.28.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "0aa32867d44e6f2ce3385e89dceb990188b8bb0fb25b0cf576647a6f98ac5105" +-dependencies = [ +- "autocfg", +- "bytes", +- "libc", +- "mio", +- "num_cpus", +- "pin-project-lite 0.2.9", +- "signal-hook-registry", +- "socket2", +- "tokio-macros", +- "windows-sys 0.48.0", +-] +- +-[[package]] +-name = "tokio-macros" +-version = "2.1.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "630bdcf245f78637c13ec01ffae6187cca34625e8c63150d424b59e55af2675e" +-dependencies = [ +- "proc-macro2", +- "quote", +- "syn 2.0.16", +-] +- +-[[package]] +-name = "tokio-native-tls" +-version = "0.3.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2" +-dependencies = [ +- "native-tls", +- "tokio", +-] +- +-[[package]] +-name = "tokio-openssl" +-version = "0.6.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "c08f9ffb7809f1b20c1b398d92acf4cc719874b3b2b2d9ea2f09b4a80350878a" +-dependencies = [ +- "futures-util", +- "openssl", +- "openssl-sys", +- "tokio", +-] +- +-[[package]] +-name = "tokio-stream" +-version = "0.1.14" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "397c988d37662c7dda6d2208364a706264bf3d6138b11d436cbac0ad38832842" +-dependencies = [ +- "futures-core", +- "pin-project-lite 0.2.9", +- "tokio", +-] +- +-[[package]] +-name = "tokio-util" +-version = "0.7.8" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "806fe8c2c87eccc8b3267cbae29ed3ab2d0bd37fca70ab622e46aaa9375ddb7d" +-dependencies = [ +- "bytes", +- "futures-core", +- "futures-sink", +- "pin-project-lite 0.2.9", +- "tokio", +- "tracing", +-] +- +-[[package]] +-name = "toml" +-version = "0.5.11" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "f4f7f0dd8d50a853a531c426359045b1998f04219d88799810762cd4ad314234" +-dependencies = [ +- "serde", +-] +- +-[[package]] +-name = "toml_datetime" +-version = "0.6.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "5a76a9312f5ba4c2dec6b9161fdf25d87ad8a09256ccea5a556fef03c706a10f" +- +-[[package]] +-name = "toml_edit" +-version = "0.19.10" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "2380d56e8670370eee6566b0bfd4265f65b3f432e8c6d85623f728d4fa31f739" +-dependencies = [ +- "indexmap", +- "toml_datetime", +- "winnow", +-] +- +-[[package]] +-name = "touch" +-version = "0.0.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "c0ff985ccaedc537018a1b6c7f377d25e16d08aa1fcc5f8f4fba984c7e69cf09" +-dependencies = [ +- "log", +-] +- +-[[package]] +-name = "tower-service" +-version = "0.3.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "b6bc1c9ce2b5135ac7f93c72918fc37feb872bdc6a5533a8b85eb4b86bfdae52" +- +-[[package]] +-name = "tracing" +-version = "0.1.37" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "8ce8c33a8d48bd45d624a6e523445fd21ec13d3653cd51f681abf67418f54eb8" +-dependencies = [ +- "cfg-if 1.0.0", +- "pin-project-lite 0.2.9", +- "tracing-attributes", +- "tracing-core", +-] +- +-[[package]] +-name = "tracing-attributes" +-version = "0.1.24" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "0f57e3ca2a01450b1a921183a9c9cbfda207fd822cef4ccb00a65402cbba7a74" +-dependencies = [ +- "proc-macro2", +- "quote", +- "syn 2.0.16", +-] +- +-[[package]] +-name = "tracing-core" +-version = "0.1.31" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "0955b8137a1df6f1a2e9a37d8a6656291ff0297c1a97c24e0d8425fe2312f79a" +-dependencies = [ +- "once_cell", +- "valuable", +-] +- +-[[package]] +-name = "tracing-forest" +-version = "0.1.5" +-source = "git+https://github.com/QnnOkabayashi/tracing-forest.git?rev=77daf8c8abf010b87d45ece2bf656983c6f8cecb#77daf8c8abf010b87d45ece2bf656983c6f8cecb" +-dependencies = [ +- "smallvec", +- "thiserror", +- "tokio", +- "tracing", +- "tracing-subscriber", +- "uuid", +-] +- +-[[package]] +-name = "tracing-log" +-version = "0.1.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "78ddad33d2d10b1ed7eb9d1f518a5674713876e97e5bb9b7345a7984fbb4f922" +-dependencies = [ +- "lazy_static", +- "log", +- "tracing-core", +-] +- +-[[package]] +-name = "tracing-subscriber" +-version = "0.3.17" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "30a651bc37f915e81f087d86e62a18eec5f79550c7faff886f7090b4ea757c77" +-dependencies = [ +- "matchers", +- "nu-ansi-term", +- "once_cell", +- "regex", +- "sharded-slab", +- "smallvec", +- "thread_local", +- "tracing", +- "tracing-core", +- "tracing-log", +-] +- +-[[package]] +-name = "try-lock" +-version = "0.2.4" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "3528ecfd12c466c6f163363caf2d02a71161dd5e1cc6ae7b34207ea2d42d81ed" +- +-[[package]] +-name = "typenum" +-version = "1.16.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "497961ef93d974e23eb6f433eb5fe1b7930b659f06d12dec6fc44a8f554c0bba" +- +-[[package]] +-name = "unicode-bidi" +-version = "0.3.13" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "92888ba5573ff080736b3648696b70cafad7d250551175acbaa4e0385b3e1460" +- +-[[package]] +-name = "unicode-ident" +-version = "1.0.9" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "b15811caf2415fb889178633e7724bad2509101cde276048e013b9def5e51fa0" +- +-[[package]] +-name = "unicode-normalization" +-version = "0.1.22" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "5c5713f0fc4b5db668a2ac63cdb7bb4469d8c9fed047b1d0292cc7b0ce2ba921" +-dependencies = [ +- "tinyvec", +-] +- +-[[package]] +-name = "unicode-width" +-version = "0.1.10" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b" +- +-[[package]] +-name = "unicode-xid" +-version = "0.2.4" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c" +- +-[[package]] +-name = "universal-hash" +-version = "0.4.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "9f214e8f697e925001e66ec2c6e37a4ef93f0f78c2eed7814394e10c62025b05" +-dependencies = [ +- "generic-array 0.14.7", +- "subtle", +-] +- +-[[package]] +-name = "url" +-version = "2.3.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "0d68c799ae75762b8c3fe375feb6600ef5602c883c5d21eb51c09f22b83c4643" +-dependencies = [ +- "form_urlencoded", +- "idna 0.3.0", +- "percent-encoding", +- "serde", +-] +- +-[[package]] +-name = "urlencoding" +-version = "2.1.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "e8db7427f936968176eaa7cdf81b7f98b980b18495ec28f1b5791ac3bfe3eea9" +- +-[[package]] +-name = "users" +-version = "0.11.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "24cc0f6d6f267b73e5a2cadf007ba8f9bc39c6a6f9666f8cf25ea809a153b032" +-dependencies = [ +- "libc", +- "log", +-] +- +-[[package]] +-name = "uuid" +-version = "1.3.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "345444e32442451b267fc254ae85a209c64be56d2890e601a0c37ff0c3c5ecd2" +-dependencies = [ +- "getrandom 0.2.9", +- "serde", +-] +- +-[[package]] +-name = "valuable" +-version = "0.1.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d" +- +-[[package]] +-name = "value-bag" +-version = "1.0.0-alpha.9" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "2209b78d1249f7e6f3293657c9779fe31ced465df091bbd433a1cf88e916ec55" +-dependencies = [ +- "ctor", +- "erased-serde", +- "serde", +- "serde_fmt", +- "sval", +- "version_check", +-] +- +-[[package]] +-name = "vcpkg" +-version = "0.2.15" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" +- +-[[package]] +-name = "version_check" +-version = "0.9.4" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" +- +-[[package]] +-name = "waker-fn" +-version = "1.1.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "9d5b2c62b4012a3e1eca5a7e077d13b3bf498c4073e33ccd58626607748ceeca" +- +-[[package]] +-name = "walkdir" +-version = "2.3.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "36df944cda56c7d8d8b7496af378e6b16de9284591917d307c9b4d313c44e698" +-dependencies = [ +- "same-file", +- "winapi-util", +-] +- +-[[package]] +-name = "want" +-version = "0.3.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "1ce8a968cb1cd110d136ff8b819a556d6fb6d919363c61534f6860c7eb172ba0" +-dependencies = [ +- "log", +- "try-lock", +-] +- +-[[package]] +-name = "wasi" +-version = "0.9.0+wasi-snapshot-preview1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519" +- +-[[package]] +-name = "wasi" +-version = "0.10.0+wasi-snapshot-preview1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "1a143597ca7c7793eff794def352d41792a93c481eb1042423ff7ff72ba2c31f" +- +-[[package]] +-name = "wasi" +-version = "0.11.0+wasi-snapshot-preview1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" +- +-[[package]] +-name = "wasm-bindgen" +-version = "0.2.86" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "5bba0e8cb82ba49ff4e229459ff22a191bbe9a1cb3a341610c9c33efc27ddf73" +-dependencies = [ +- "cfg-if 1.0.0", +- "serde", +- "serde_json", +- "wasm-bindgen-macro", +-] +- +-[[package]] +-name = "wasm-bindgen-backend" +-version = "0.2.86" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "19b04bc93f9d6bdee709f6bd2118f57dd6679cf1176a1af464fca3ab0d66d8fb" +-dependencies = [ +- "bumpalo", +- "log", +- "once_cell", +- "proc-macro2", +- "quote", +- "syn 2.0.16", +- "wasm-bindgen-shared", +-] +- +-[[package]] +-name = "wasm-bindgen-futures" +-version = "0.4.36" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "2d1985d03709c53167ce907ff394f5316aa22cb4e12761295c5dc57dacb6297e" +-dependencies = [ +- "cfg-if 1.0.0", +- "js-sys", +- "wasm-bindgen", +- "web-sys", +-] +- +-[[package]] +-name = "wasm-bindgen-macro" +-version = "0.2.86" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "14d6b024f1a526bb0234f52840389927257beb670610081360e5a03c5df9c258" +-dependencies = [ +- "quote", +- "wasm-bindgen-macro-support", +-] +- +-[[package]] +-name = "wasm-bindgen-macro-support" +-version = "0.2.86" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "e128beba882dd1eb6200e1dc92ae6c5dbaa4311aa7bb211ca035779e5efc39f8" +-dependencies = [ +- "proc-macro2", +- "quote", +- "syn 2.0.16", +- "wasm-bindgen-backend", +- "wasm-bindgen-shared", +-] +- +-[[package]] +-name = "wasm-bindgen-shared" +-version = "0.2.86" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "ed9d5b4305409d1fc9482fee2d7f9bcbf24b3972bf59817ef757e23982242a93" +- +-[[package]] +-name = "wasm-bindgen-test" +-version = "0.3.36" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "c9e636f3a428ff62b3742ebc3c70e254dfe12b8c2b469d688ea59cdd4abcf502" +-dependencies = [ +- "console_error_panic_hook", +- "js-sys", +- "scoped-tls", +- "wasm-bindgen", +- "wasm-bindgen-futures", +- "wasm-bindgen-test-macro", +-] +- +-[[package]] +-name = "wasm-bindgen-test-macro" +-version = "0.3.36" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "f18c1fad2f7c4958e7bcce014fa212f59a65d5e3721d0f77e6c0b27ede936ba3" +-dependencies = [ +- "proc-macro2", +- "quote", +-] +- +-[[package]] +-name = "web-sys" +-version = "0.3.63" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "3bdd9ef4e984da1187bf8110c5cf5b845fbc87a23602cdf912386a76fcd3a7c2" +-dependencies = [ +- "js-sys", +- "wasm-bindgen", +-] +- +-[[package]] +-name = "webauthn-authenticator-rs" +-version = "0.4.9" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "603b8602cae2d6c3706b6195765ff582389494d10c442d84a1de2ed5a25679ef" +-dependencies = [ +- "authenticator-ctap2-2021", +- "base64urlsafedata", +- "nom", +- "openssl", +- "rpassword 5.0.1", +- "serde", +- "serde_cbor_2", +- "serde_json", +- "tracing", +- "url", +- "uuid", +- "webauthn-rs-proto", +- "windows 0.41.0", +-] +- +-[[package]] +-name = "webauthn-rs" +-version = "0.4.8" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "2db00711c712414e93b019c4596315085792215bc2ac2d5872f9e8913b0a6316" +-dependencies = [ +- "base64urlsafedata", +- "serde", +- "tracing", +- "url", +- "uuid", +- "webauthn-rs-core", +-] +- +-[[package]] +-name = "webauthn-rs-core" +-version = "0.4.9" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "294c78c83f12153a51e1cf1e6970b5da1397645dada39033a9c3173a8fc4fc2b" +-dependencies = [ +- "base64 0.13.1", +- "base64urlsafedata", +- "compact_jwt", +- "der-parser", +- "nom", +- "openssl", +- "rand 0.8.5", +- "serde", +- "serde_cbor_2", +- "serde_json", +- "thiserror", +- "tracing", +- "url", +- "uuid", +- "webauthn-rs-proto", +- "x509-parser", +-] +- +-[[package]] +-name = "webauthn-rs-proto" +-version = "0.4.9" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "d24e638361a63ba5c0a0be6a60229490fcdf33740ed63df5bb6bdb627b52a138" +-dependencies = [ +- "base64urlsafedata", +- "js-sys", +- "serde", +- "serde-wasm-bindgen", +- "serde_json", +- "url", +- "wasm-bindgen", +- "web-sys", +-] +- +-[[package]] +-name = "whoami" +-version = "1.4.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "2c70234412ca409cc04e864e89523cb0fc37f5e1344ebed5a3ebf4192b6b9f68" +-dependencies = [ +- "wasm-bindgen", +- "web-sys", +-] +- +-[[package]] +-name = "winapi" +-version = "0.3.9" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +-dependencies = [ +- "winapi-i686-pc-windows-gnu", +- "winapi-x86_64-pc-windows-gnu", +-] +- +-[[package]] +-name = "winapi-i686-pc-windows-gnu" +-version = "0.4.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" +- +-[[package]] +-name = "winapi-util" +-version = "0.1.5" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178" +-dependencies = [ +- "winapi", +-] +- +-[[package]] +-name = "winapi-x86_64-pc-windows-gnu" +-version = "0.4.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" +- +-[[package]] +-name = "windows" +-version = "0.41.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "5a3ed69de2c1f8d0524a8a3417a80a85dd316a071745fbfdf5eb028b310058ab" +-dependencies = [ +- "windows_aarch64_gnullvm 0.41.0", +- "windows_aarch64_msvc 0.41.0", +- "windows_i686_gnu 0.41.0", +- "windows_i686_msvc 0.41.0", +- "windows_x86_64_gnu 0.41.0", +- "windows_x86_64_gnullvm 0.41.0", +- "windows_x86_64_msvc 0.41.0", +-] +- +-[[package]] +-name = "windows" +-version = "0.48.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "e686886bc078bc1b0b600cac0147aadb815089b6e4da64016cbd754b6342700f" +-dependencies = [ +- "windows-targets 0.48.0", +-] +- +-[[package]] +-name = "windows-sys" +-version = "0.42.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "5a3e1820f08b8513f676f7ab6c1f99ff312fb97b553d30ff4dd86f9f15728aa7" +-dependencies = [ +- "windows_aarch64_gnullvm 0.42.2", +- "windows_aarch64_msvc 0.42.2", +- "windows_i686_gnu 0.42.2", +- "windows_i686_msvc 0.42.2", +- "windows_x86_64_gnu 0.42.2", +- "windows_x86_64_gnullvm 0.42.2", +- "windows_x86_64_msvc 0.42.2", +-] +- +-[[package]] +-name = "windows-sys" +-version = "0.45.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0" +-dependencies = [ +- "windows-targets 0.42.2", +-] +- +-[[package]] +-name = "windows-sys" +-version = "0.48.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" +-dependencies = [ +- "windows-targets 0.48.0", +-] +- +-[[package]] +-name = "windows-targets" +-version = "0.42.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071" +-dependencies = [ +- "windows_aarch64_gnullvm 0.42.2", +- "windows_aarch64_msvc 0.42.2", +- "windows_i686_gnu 0.42.2", +- "windows_i686_msvc 0.42.2", +- "windows_x86_64_gnu 0.42.2", +- "windows_x86_64_gnullvm 0.42.2", +- "windows_x86_64_msvc 0.42.2", +-] +- +-[[package]] +-name = "windows-targets" +-version = "0.48.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "7b1eb6f0cd7c80c79759c929114ef071b87354ce476d9d94271031c0497adfd5" +-dependencies = [ +- "windows_aarch64_gnullvm 0.48.0", +- "windows_aarch64_msvc 0.48.0", +- "windows_i686_gnu 0.48.0", +- "windows_i686_msvc 0.48.0", +- "windows_x86_64_gnu 0.48.0", +- "windows_x86_64_gnullvm 0.48.0", +- "windows_x86_64_msvc 0.48.0", +-] +- +-[[package]] +-name = "windows_aarch64_gnullvm" +-version = "0.41.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "163d2761774f2278ecb4e6719e80b2b5e92e5a2be73a7bcd3ef624dd5e3091fd" +- +-[[package]] +-name = "windows_aarch64_gnullvm" +-version = "0.42.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8" +- +-[[package]] +-name = "windows_aarch64_gnullvm" +-version = "0.48.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "91ae572e1b79dba883e0d315474df7305d12f569b400fcf90581b06062f7e1bc" +- +-[[package]] +-name = "windows_aarch64_msvc" +-version = "0.41.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "ef005ff2bceb00d3b84166a359cc19084f9459754fd3fe5a504dee3dddcd0a0c" +- +-[[package]] +-name = "windows_aarch64_msvc" +-version = "0.42.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43" +- +-[[package]] +-name = "windows_aarch64_msvc" +-version = "0.48.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "b2ef27e0d7bdfcfc7b868b317c1d32c641a6fe4629c171b8928c7b08d98d7cf3" +- +-[[package]] +-name = "windows_i686_gnu" +-version = "0.41.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "02b4df2d51e32f03f8b4b228e487828c03bcb36d97b216fc5463bcea5bb1440b" +- +-[[package]] +-name = "windows_i686_gnu" +-version = "0.42.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f" +- +-[[package]] +-name = "windows_i686_gnu" +-version = "0.48.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "622a1962a7db830d6fd0a69683c80a18fda201879f0f447f065a3b7467daa241" +- +-[[package]] +-name = "windows_i686_msvc" +-version = "0.41.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "568a966834571f2f3267f07dd72b4d8507381f25e53d056808483b2637385ef7" +- +-[[package]] +-name = "windows_i686_msvc" +-version = "0.42.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060" +- +-[[package]] +-name = "windows_i686_msvc" +-version = "0.48.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "4542c6e364ce21bf45d69fdd2a8e455fa38d316158cfd43b3ac1c5b1b19f8e00" +- +-[[package]] +-name = "windows_x86_64_gnu" +-version = "0.41.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "fc395dac1adf444e276d096d933ae7961361c8cda3245cffef7a9b3a70a8f994" +- +-[[package]] +-name = "windows_x86_64_gnu" +-version = "0.42.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36" +- +-[[package]] +-name = "windows_x86_64_gnu" +-version = "0.48.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "ca2b8a661f7628cbd23440e50b05d705db3686f894fc9580820623656af974b1" +- +-[[package]] +-name = "windows_x86_64_gnullvm" +-version = "0.41.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "90e8ec22b715d5b436e1d59c8adad6c744dc20cd984710121d5836b4e8dbb5e0" +- +-[[package]] +-name = "windows_x86_64_gnullvm" +-version = "0.42.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3" +- +-[[package]] +-name = "windows_x86_64_gnullvm" +-version = "0.48.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "7896dbc1f41e08872e9d5e8f8baa8fdd2677f29468c4e156210174edc7f7b953" +- +-[[package]] +-name = "windows_x86_64_msvc" +-version = "0.41.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "8b9761f0216b669019df1512f6e25e5ee779bf61c5cdc43c7293858e7efd7926" +- +-[[package]] +-name = "windows_x86_64_msvc" +-version = "0.42.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0" +- +-[[package]] +-name = "windows_x86_64_msvc" +-version = "0.48.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "1a515f5799fe4961cb532f983ce2b23082366b898e52ffbce459c86f67c8378a" +- +-[[package]] +-name = "winnow" +-version = "0.4.6" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "61de7bac303dc551fe038e2b3cef0f571087a47571ea6e79a87692ac99b99699" +-dependencies = [ +- "memchr", +-] +- +-[[package]] +-name = "winreg" +-version = "0.10.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "80d0f4e272c85def139476380b12f9ac60926689dd2e01d4923222f40580869d" +-dependencies = [ +- "winapi", +-] +- +-[[package]] +-name = "x509-parser" +-version = "0.13.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "9fb9bace5b5589ffead1afb76e43e34cff39cd0f3ce7e170ae0c29e53b88eb1c" +-dependencies = [ +- "asn1-rs", +- "base64 0.13.1", +- "data-encoding", +- "der-parser", +- "lazy_static", +- "nom", +- "oid-registry", +- "rusticata-macros", +- "thiserror", +- "time 0.3.21", +-] +- +-[[package]] +-name = "yew" +-version = "0.20.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "5dbecfe44343b70cc2932c3eb445425969ae21754a8ab3a0966981c1cf7af1cc" +-dependencies = [ +- "console_error_panic_hook", +- "futures", +- "gloo", +- "implicit-clone", +- "indexmap", +- "js-sys", +- "prokio", +- "rustversion", +- "serde", +- "slab", +- "thiserror", +- "tokio", +- "tracing", +- "wasm-bindgen", +- "wasm-bindgen-futures", +- "web-sys", +- "yew-macro", +-] +- +-[[package]] +-name = "yew-macro" +-version = "0.20.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "b64c253c1d401f1ea868ca9988db63958cfa15a69f739101f338d6f05eea8301" +-dependencies = [ +- "boolinator", +- "once_cell", +- "prettyplease", +- "proc-macro-error", +- "proc-macro2", +- "quote", +- "syn 1.0.109", +-] +- +-[[package]] +-name = "yew-router" +-version = "0.17.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "426ee0486d2572a6c5e39fbdbc48b58d59bb555f3326f54631025266cf04146e" +-dependencies = [ +- "gloo", +- "js-sys", +- "route-recognizer 0.3.1", +- "serde", +- "serde_urlencoded", +- "tracing", +- "wasm-bindgen", +- "web-sys", +- "yew", +- "yew-router-macro", +-] +- +-[[package]] +-name = "yew-router-macro" +-version = "0.17.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "89b249cdb39e0cddaf0644dedc781854524374664793479fdc01e6a65d6e6ae3" +-dependencies = [ +- "proc-macro2", +- "quote", +- "syn 1.0.109", +-] +- +-[[package]] +-name = "zeroize" +-version = "1.6.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9" +-dependencies = [ +- "zeroize_derive", +-] +- +-[[package]] +-name = "zeroize_derive" +-version = "1.4.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" +-dependencies = [ +- "proc-macro2", +- "quote", +- "syn 2.0.16", +-] +- +-[[package]] +-name = "zxcvbn" +-version = "2.2.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "103fa851fff70ea29af380e87c25c48ff7faac5c530c70bd0e65366d4e0c94e4" +-dependencies = [ +- "derive_builder", +- "fancy-regex", +- "itertools", +- "js-sys", +- "lazy_static", +- "quick-error", +- "regex", +- "time 0.3.21", +-] +diff --git a/pkgs/servers/kanidm/default.nix b/pkgs/servers/kanidm/default.nix +index d5ae310dd54647..e6c49b846f4be4 100644 +--- a/pkgs/servers/kanidm/default.nix ++++ b/pkgs/servers/kanidm/default.nix +@@ -4,13 +4,13 @@ + , nixosTests + , rustPlatform + , fetchFromGitHub +-, fetchpatch + , installShellFiles + , pkg-config + , udev + , openssl + , sqlite + , pam ++, bashInteractive + }: + + let +@@ -18,45 +18,35 @@ let + in + rustPlatform.buildRustPackage rec { + pname = "kanidm"; +- version = "1.1.0-alpha.12"; ++ version = "1.1.0-beta.13"; + + src = fetchFromGitHub { + owner = pname; + repo = pname; +- rev = "f5924443f08e462067937a5dd0e2c19e5e1255da"; +- hash = "sha256-kJUxVrGpczIdOqKQbgRp1xERfKP6C0SDQgWdjtSuvZ8="; ++ # Latest 1.1.0-beta.13 tip ++ rev = "5d1e2f90e6901017ab3ef9b5fbc10e25a5451fd2"; ++ hash = "sha256-70yeHVOrCuC+H96UC84kly3CCQ+y1RGzF5K/2FIag/o="; + }; + +- cargoLock = { +- lockFile = ./Cargo.lock; +- outputHashes = { +- "tracing-forest-0.1.5" = "sha256-L6auSKB4DCnZBZpx7spiikhSOD6i1W3erc3zjn+26Ao="; +- }; +- }; ++ cargoHash = "sha256-Qdc+E5+k9NNE4s6eAnpkam56pc2JJPahkuT4lB328cY="; + + KANIDM_BUILD_PROFILE = "release_nixos_${arch}"; + +- patches = [ +- (fetchpatch { +- # Bring back x86_64-v1 microarchitecture level +- name = "cpu-opt-level.patch"; +- url = "https://github.com/kanidm/kanidm/commit/59c6723f7dfb2266eae45c3b2ddd377872a7a113.patch"; +- hash = "sha256-8rVEYitxvdVduQ/+AD/UG3v+mgT/VxkLoxNIXczUfCQ="; +- }) +- ]; +- + postPatch = + let + format = (formats.toml { }).generate "${KANIDM_BUILD_PROFILE}.toml"; + profile = { +- web_ui_pkg_path = "@web_ui_pkg_path@"; ++ admin_bind_path = "/run/kanidmd/sock"; + cpu_flags = if stdenv.isx86_64 then "x86_64_legacy" else "none"; ++ default_config_path = "/etc/kanidm/server.toml"; ++ default_unix_shell_path = "${lib.getBin bashInteractive}/bin/bash"; ++ web_ui_pkg_path = "@web_ui_pkg_path@"; + }; + in + '' + cp ${format profile} libs/profiles/${KANIDM_BUILD_PROFILE}.toml + substituteInPlace libs/profiles/${KANIDM_BUILD_PROFILE}.toml \ +- --replace '@web_ui_pkg_path@' "$out/ui" ++ --replace '@web_ui_pkg_path@' "${placeholder "out"}/ui" + ''; + + nativeBuildInputs = [ +@@ -92,6 +82,7 @@ rustPlatform.buildRustPackage rec { + passthru.tests = { inherit (nixosTests) kanidm; }; + + meta = with lib; { ++ changelog = "https://github.com/kanidm/kanidm/releases/tag/v${version}"; + description = "A simple, secure and fast identity management platform"; + homepage = "https://github.com/kanidm/kanidm"; + license = licenses.mpl20; diff --git a/nix-patches/default.nix b/nix-patches/default.nix index 4740621..671d680 100644 --- a/nix-patches/default.nix +++ b/nix-patches/default.nix @@ -1,5 +1,9 @@ { "nixos-23.05" = [ + # Plausible fix ./241126.patch + + # Kanidm 1.1.0-beta.13 + ./246564.patch ]; } -- 2.47.1 From 4e618d6129251a62a416986aa02906d0a815f897 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Thu, 14 Sep 2023 19:27:01 +0200 Subject: [PATCH 72/78] feat(forgejo): Update to 1.20.4-0 via patch --- machines/storage01/forgejo.nix | 15 +++++---------- nix-patches/default.nix | 3 +++ nix-patches/forgejo.patch | 33 +++++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+), 10 deletions(-) create mode 100644 nix-patches/forgejo.patch diff --git a/machines/storage01/forgejo.nix b/machines/storage01/forgejo.nix index dfd5b8e..718b36c 100644 --- a/machines/storage01/forgejo.nix +++ b/machines/storage01/forgejo.nix @@ -1,14 +1,12 @@ { config, lib, pkgs, dgn-lib, ... }: let - inherit (dgn-lib) - setDefault; + inherit (dgn-lib) setDefault; port = 3000; host = "git.dgnum.eu"; -in -{ +in { services.gitea = { enable = true; @@ -75,9 +73,7 @@ in virtualHosts.${host} = { enableACME = true; forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString port}"; - }; + locations."/" = { proxyPass = "http://127.0.0.1:${toString port}"; }; }; }; @@ -92,9 +88,8 @@ in users.groups.git = { }; dgn-secrets.options = [ - (setDefault { owner = "git"; } (builtins.filter - (lib.hasPrefix "forgejo") - config.dgn-secrets.names)) + (setDefault { owner = "git"; } + (builtins.filter (lib.hasPrefix "forgejo") config.dgn-secrets.names)) ]; networking.firewall.allowedTCPPorts = [ 80 443 ]; diff --git a/nix-patches/default.nix b/nix-patches/default.nix index 671d680..9f3e0da 100644 --- a/nix-patches/default.nix +++ b/nix-patches/default.nix @@ -5,5 +5,8 @@ # Kanidm 1.1.0-beta.13 ./246564.patch + + # Forgejo 1.20.4-0 + ./forgejo.patch ]; } diff --git a/nix-patches/forgejo.patch b/nix-patches/forgejo.patch new file mode 100644 index 0000000..b1907e4 --- /dev/null +++ b/nix-patches/forgejo.patch @@ -0,0 +1,33 @@ +diff --git a/pkgs/applications/version-management/forgejo/default.nix b/pkgs/applications/version-management/forgejo/default.nix +index d21097df07b..2ee652d8785 100644 +--- a/pkgs/applications/version-management/forgejo/default.nix ++++ b/pkgs/applications/version-management/forgejo/default.nix +@@ -23,7 +23,7 @@ let + pname = "forgejo-frontend"; + inherit (forgejo) src version; + +- npmDepsHash = "sha256-dB/uBuS0kgaTwsPYnqklT450ejLHcPAqBdDs3JT8Uxg="; ++ npmDepsHash = "sha256-YZzVw+WWqTmJafqnZ5vrzb7P6V4DTMNQwW1/+wvZEM8="; + + patches = [ + ./package-json-npm-build-frontend.patch +@@ -38,17 +38,17 @@ let + in + buildGoModule rec { + pname = "forgejo"; +- version = "1.19.4-0"; ++ version = "1.20.4-0"; + + src = fetchFromGitea { + domain = "codeberg.org"; + owner = "forgejo"; + repo = "forgejo"; + rev = "v${version}"; +- hash = "sha256-pTcnST8A4gADPBkNago9uwRFEmTx8vNONL/Emer4xLI="; ++ hash = "sha256-guKU3VG1Wyhr5p6w0asL/CopQ5b7HiNi26Tw8WCEpwE="; + }; + +- vendorHash = "sha256-LKxhNbSIRaP4EGWX6mE26G9CWfoFTrPRjrL4ShpRHWo="; ++ vendorHash = "sha256-dgtZjsLBwblhdge3BvdbK/mN/TeZKps9K5dJbqomtjo="; + + subPackages = [ "." ]; -- 2.47.1 From 9825675c9caa8f140607ab02c33034ec0e7d54e8 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Fri, 15 Sep 2023 18:19:11 +0200 Subject: [PATCH 73/78] feat(nextcloud): Add ffmpeg for video transcoding --- machines/compute01/nextcloud.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/machines/compute01/nextcloud.nix b/machines/compute01/nextcloud.nix index 37bfd85..cd8fd06 100644 --- a/machines/compute01/nextcloud.nix +++ b/machines/compute01/nextcloud.nix @@ -64,6 +64,8 @@ in { forceSSL = true; }; + environment.systemPackages = [ pkgs.ffmpeg_6-headless ]; + dgn-secrets.options = [ (setDefault { owner = "nextcloud"; } (builtins.filter (lib.hasPrefix "nextcloud-") config.dgn-secrets.names)) -- 2.47.1 From a13e318aee9a2f1024492eb273fea26818eb65d5 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Fri, 15 Sep 2023 18:19:34 +0200 Subject: [PATCH 74/78] chore(npins): Update nixos-23.05 --- npins/sources.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/npins/sources.json b/npins/sources.json index 2f073c1..c11367c 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -57,8 +57,8 @@ "nixos-23.05": { "type": "Channel", "name": "nixos-23.05", - "url": "https://releases.nixos.org/nixos/23.05/nixos-23.05.3376.4c8cf44c5b94/nixexprs.tar.xz", - "hash": "0y4rgn0qynj8a2pnz5hhjpszr5zgjixgvcvimnncgx2sczbmrnp5" + "url": "https://releases.nixos.org/nixos/23.05/nixos-23.05.3427.e5f018cf150e/nixexprs.tar.xz", + "hash": "11idpz92nh7hcvfqk8gby7kdfdm7fhwi2q8cfr7dd3n0i12zy6hk" }, "nixos-unstable": { "type": "Channel", -- 2.47.1 From a49774b6a6b635157068b5f08edbab52fee18c5a Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Sat, 16 Sep 2023 16:08:08 +0200 Subject: [PATCH 75/78] feat(keys): Add a key for thubrecht and rekey secrets --- keys/thubrecht.keys | 1 + .../kanidm/secrets/kanidm-password_admin | 24 +++++++++ machines/compute01/kanidm/secrets/secrets.nix | 10 ++++ .../compute01/secrets/mastodon-extra_env_file | 42 ++++++++------- .../secrets/nextcloud-adminpass_file | 45 ++++++++-------- .../secrets/nextcloud-s3_secret_file | 44 +++++++-------- .../secrets/forgejo-database_password_file | 48 ++++++++--------- .../storage01/secrets/lychee-environment_file | Bin 0 -> 2242 bytes .../storage01/secrets/peertube-secrets_file | Bin 1211 -> 1276 bytes .../secrets/peertube-service_environment_file | Bin 1213 -> 1354 bytes machines/storage01/secrets/secrets.nix | 1 + machines/web01/secrets/_smtp-password-file | 47 ++++++++-------- .../plausible_admin-user-password-file | Bin 1188 -> 1405 bytes .../secrets/plausible_release-cookie-file | 51 ++++++++++-------- .../secrets/plausible_secret-key-base-file | 49 ++++++++--------- 15 files changed, 205 insertions(+), 157 deletions(-) create mode 100644 machines/compute01/kanidm/secrets/kanidm-password_admin create mode 100644 machines/compute01/kanidm/secrets/secrets.nix create mode 100644 machines/storage01/secrets/lychee-environment_file diff --git a/keys/thubrecht.keys b/keys/thubrecht.keys index bfa6a33..ddeabce 100644 --- a/keys/thubrecht.keys +++ b/keys/thubrecht.keys @@ -1,2 +1,3 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+EZXYziiaynJX99EW8KesnmRTZMof3BoIs3mdEl8L3 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHL4M4HKjs4cjRAYRk9pmmI8U0R4+T/jQh6Fxp/i1Eoy +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM1jpXR7BWQa7Sed7ii3SbvIPRRlKb3G91qC0vOwfJn diff --git a/machines/compute01/kanidm/secrets/kanidm-password_admin b/machines/compute01/kanidm/secrets/kanidm-password_admin new file mode 100644 index 0000000..136097c --- /dev/null +++ b/machines/compute01/kanidm/secrets/kanidm-password_admin @@ -0,0 +1,24 @@ +age-encryption.org/v1 +-> ssh-ed25519 tDqJRg b9YfFtY2tYFdKAkv/IeejX9pMcKhVRrbeKYvWR3bDF4 +Ehhlt9l/hGnuev1qp3+EUBnplEqwld/zpAWoWuIq6eU +-> ssh-ed25519 jIXfPA Vf0VHLLRr5DPtwg7rCdxPdbkzG2HBd1bl1bKEtjBOVA +ao+mJ46VVq8V3mun5GbDFKNLwls1c/CSf9hZ5J+oYOk +-> ssh-ed25519 QlRB9Q /bftKC7iGzTMfsz+Ji0uL6HrRvH1PScfDUkTNEs/6w8 +9XaQ1BQILM+BVUZMcsjSFIbbaiMTkpiHXaihjqHEtMg +-> ssh-ed25519 r+nK/Q 2kZxpMVtApoA1LvW0x+ofYSvkBVgDxqqD+jZU9TQYAg +jUrLwlr2Yrw9S8fFt7mAUA0SmZbBtkLxqZcW+JYKdWk +-> ssh-rsa krWCLQ +xjJlNIC6+VvHDp5tE6y4hJ+AOI+BP+D+hlPYxGw6wCFH9WBioEgd5Susq8EAffU6 +igSdi1XqUsmnwWr2QH0TbRvvMaX98SzmbASVx4L1xccZDaUEfsgfOKcwfZ0snjpA +FhxXPcnC27PA9jhqY5vm0T+DnnWpk24Vak0hdQX+1zTcXAWOIgEM4/rOoBQn5nnp +ZjNXLUvTtVc4GhbCtvyb92Q6vdtMfKJdHY9Rv37CW4766bhL/8Xt9XFcHK0UDZCy +fqcQYcE1e7seENl5X3n1g5TqSKpicuqijS5pRkcEahhp68NuEOodeOsYVZmCHCIG +w1OkxHZWFyyCsCYMjlK8BA +-> ssh-ed25519 /vwQcQ 5gsfcu2zyH6AcxWdbO5bFTc7coGNBPRWJYw5Wq9gdTI +g1KGYbrGU8GPTe4UFFRjm3ZyVGdEE8FolQKsY2MWuvc +-> ssh-ed25519 0R97PA IErchiv8XgBZqrbvL+QRFSS9Pmu6m/s27/PEBnLQXRc +BvjbYSEIm810AWwVqEDWRQ0nabICjlfT5j+uEHP0bc4 +-> MTtV--grease 2`mQ"gm +vK3DTLDfojRicLMlLffClzG4bfiW0AZkMEk +--- za+MHCazVeOA9WTCnEU59j+dYMQAGPc7GhdIkfHZgU8 + Q\7FYOqyA¶Ҕ=c3w.nBĿvSM6K$e-Ml$0>!l1Ћ \ No newline at end of file diff --git a/machines/compute01/kanidm/secrets/secrets.nix b/machines/compute01/kanidm/secrets/secrets.nix new file mode 100644 index 0000000..175b50e --- /dev/null +++ b/machines/compute01/kanidm/secrets/secrets.nix @@ -0,0 +1,10 @@ +let + lib = import ../../../../lib { }; + publicKeys = lib.getNodeKeys "compute01"; +in + +lib.setDefault { inherit publicKeys; } [ + "kanidm-password_admin" + "kanidm-password_idm_admin" +] + diff --git a/machines/compute01/secrets/mastodon-extra_env_file b/machines/compute01/secrets/mastodon-extra_env_file index b2fc2cb..d338ed4 100644 --- a/machines/compute01/secrets/mastodon-extra_env_file +++ b/machines/compute01/secrets/mastodon-extra_env_file @@ -1,22 +1,24 @@ age-encryption.org/v1 --> ssh-ed25519 tDqJRg xNNldkifAQwLOkeNpg+xXdxCaLnH0ziL7KiX58Wdyk8 -irS6sJtxQ9MIsbdAFWgl/jK+fmzA9p3ryApL1ZIeCqc --> ssh-ed25519 jIXfPA lQSpiHzk48aMknwBSmF5pOTbyw5glnB5ZUYcJl6qthY -/1MF+IlsT/CPV7nOnsl/Wyv6y5Ek2ZBPjLxvTFf4PTE --> ssh-ed25519 QlRB9Q QipZpn7OE0MN15+eLJc0VJY2erbHJpFu3KEH3AVSs18 -FbF8C0xeapi38xPaIdWTJ+nilygdDrkF6zga3TqpXKQ +-> ssh-ed25519 tDqJRg JGfCsH6aM+j+3gQQxonyTn03nz4UyRzr3DobpmUF5xs +tMS+XHDrA85tXNs9UTWQImLr7H53p1wEJzM4bjUYJW4 +-> ssh-ed25519 jIXfPA ncY7hLJXHcmv4JxCDRf8LrH0pophfgfcgm1X0BfkShs +IofWkxnSKHLoEM7BLDq+Af/f/mtobvX84it9eWQvpE0 +-> ssh-ed25519 QlRB9Q NwMxL3+JF2nC7B5QREdXAwK1uetcHiYzWIl3wHBZBhw +ntiqG4qrhN2VnuurXKmAsPue+FeTaWMbDYHRRzpixkU +-> ssh-ed25519 r+nK/Q SqPuPkLGTmAykxlEf2Sg1xmSUSFjIbbRCMChk3hwoi8 +56QbhmG9jl1XpbBch0VcuTouEqP2SmPkf2zhwGtEJ2o -> ssh-rsa krWCLQ -F8bCPw//P3fDNTFSw6Rz9/bfyGTzhfhDm5rFBH+55WxKgqjozdl2Jih4mEP+U//E -W/qu/w0dl/Ezsg6EVSfwvbr9yVkkEQ4fIjWrqOrA7vWTrjZEizuKc3+X5UL1ph6B -4E4ycTSG+8IztcJMkInxbVGFkKf1NzUd+cR7jyk7kHvEFA0KGQm+IbQXoqtTpDbC -WmgmXxl+YHAtO2a7WvtW4awTvhVIVyTT0Y80kB7qg41fhlCz3/g+ba1KSvYXeEcz -xJws4w2Q4vWBrdx6R+pZz474+9/xoNOHgQBHkaaPX/uLH4lR52/1s+FW9fU+dZb2 -3N4WgwUmqZFRzXjnnLOHug --> ssh-ed25519 /vwQcQ GFlgw/L4yEP9rYDV3clED6J0P2zvxYEfpn68VbUnAzU -FlNYopCEnLrSOWTWrDVeniiie5Yyc3bz8R0AMRr2zT8 --> ssh-ed25519 0R97PA tqjjGtFmabpyOA0HqHj+UQ3uuWCKNqphljKjExRNjEg -oe8v9P1kT/NkigmqEVc2Gnj819qwZWRYDl1kZdirHcw --> ^"=JjR6L-grease x!Vh }L4 'D|=jT\ -mjg7e7m0a15qA22d5KgAmDLIr70ZG/zOFSIGatd9nYBy ---- y4n3JGSjNqSdna6V9lb9GaSBd72nQpOebNaPGwaduuo -h4ėru;zzBJQٰNUYXC t\qKւ u~++?Uﺶٿ^~Vߘv͎'v )wv~>Ŭ23rcwPn,ӈ\|A@TP؇ \ No newline at end of file +e28MhLaSZN2PTgvRWKPvq15Sx40f7U66VFSDycoJELnM7nuF+C+XAB+5uazk2VhG +Vv8LdcgaBSIo59blWsL2RFlkMOMV80bnK46Xav9lEY2rEsLWpuOjn5X0pmOw+4M2 +sj6K5DBTeFDmCFSDlx7RWDRKj4gNt1BNCnq1yHaKbbV3Z1HjLaECdBxbpwV1uBQi +0zNjozjqlz7ynOB/6dFD6A+NFtpQm+87MY2kVS9+j7xdRY4CmylsygHxHSxl/Od+ +NBCqL84jF65J69Fz132NEDbCW7Kf7y7gu0mEvl4xK2UIW5OvzzmYJQkviEnL+cU8 +mHiyP+RhCPHNJf8fxTqL1g +-> ssh-ed25519 /vwQcQ AzeJIkCOhRrxEZl2XI5PuUs3Biwstp2LgbWh2wlknEE +KjTiQBGqrtLz7dR5mPtZgETLjgNKALgkfsEk58VqPTw +-> ssh-ed25519 0R97PA P3KqpYd/6tvFi/5pVY5RlEj2KKzQRW81avBFVoiBHlg +bxW0WEwry0ugWgh5+AUmP2/CeGiYa+MzfXe09gffl0k +-> ahe/-grease +>9/#$~ 04\ (VBgPz:* <~L8n[ +y92kfCvyoXqwZTbluJOubwvKCCA+aW6XvDPQSmBFUCyZDA +--- PtP2oiKlbwNz1HH11h21XGVseLoHXNiVoWI7lzco03I +U~1]]_2Pfϙb|(E$C YBld}ӌxԻ?%åSLr7ud-{nC!:l=bb3~)+p,0>*lJw)-&INj»pape \ No newline at end of file diff --git a/machines/compute01/secrets/nextcloud-adminpass_file b/machines/compute01/secrets/nextcloud-adminpass_file index dc11369..9fc9d50 100644 --- a/machines/compute01/secrets/nextcloud-adminpass_file +++ b/machines/compute01/secrets/nextcloud-adminpass_file @@ -1,23 +1,26 @@ age-encryption.org/v1 --> ssh-ed25519 tDqJRg evx+Y82HrlSYjiNcAOi/c2wy2nAWLbC65tolSOMfBS4 -UeUruJRtQOaUShCjJ9OVEGJyMZBVzzAEi6tvwQKM0d0 --> ssh-ed25519 jIXfPA oZkfWCbiR/OjidO/cPShgXHJlqF9Kpubiy7ztol4DlQ -tU6IbBtALUC/5KF8uLMGAWAZoAqIgr+epypd/WVfebc --> ssh-ed25519 QlRB9Q ZFyh2k8NYrMU3cVdg0vVv+UYrHMrhSIsrIkSKSOY5Uw -L2yfOmxNYyboK/uxc2PqXEpiHkPmm3aSgCdJtgWFVjw +-> ssh-ed25519 tDqJRg TEeQHYENR0xbz5PFJ+vVyhBpHrzrQbzNESwyl9oYDhA +ak6b1pnL2t2ZWQEjldTfGRm+MQN6Hnm0cqU+s8xYw1M +-> ssh-ed25519 jIXfPA 1hs2jSKux9o1+Dr/jVf13pVSCJXCBh9G7FAXY01a1m0 +LpOm7sKQ75gJRa0A4+NG30srvZVmqrUKNoh5GDyzfS4 +-> ssh-ed25519 QlRB9Q yS/QWb9K2hgHFX7qlELANWoyCVzg2tuAYSC+ERfi3g0 +p5OACR6T3kpf1IaTIHQMC6Bljx3PvUlLudGdI7KyUwM +-> ssh-ed25519 r+nK/Q jvrqWvjK8CoHFod1hUWhgIUvf1+bG2foEZekh1WoywQ +5hCeC401AWpCWqb/sIfsPneVByd+duoKerRHdy1H8do -> ssh-rsa krWCLQ -ERww+4XKYoT8glUVJQv9cC/BrxWwry1opqtoWu71VYJyOFfASnTEnkO4Uljf1bg2 -nTB7oPly9eVKeMul/esYoAS/ygSXtxbTdcRizEQo9Yv8KmNO/h2Gyn3oSXQIdrxI -nHH+F26iuzuGFxrFpX29sqlMMDczzPCEryi7WKnZCBTeZAcMqkBSIJzmiFUhzLL0 -/rXBhys2xp3ylqpJ64UAJyT4qdBJw/JqssnW1dXlsmY6/COpf7Y9DgseGx5jB/z/ -CIavbJMZzyAJykiBdbTRqL11Hlp3LXwE+NTxSClKPaUJXRFtNgJrRIvy+hSsRp9z -0pGm1b1pKzOOyAjJu1poRQ --> ssh-ed25519 /vwQcQ C0R57jIfKWTXY17Rsyb7dI5YaeIg3lx4Wtj1xA+U7Dc -Pjzq+q2qRPbqwKBuRkxw7B//fszkw+ygkMWg9S7BCfk --> ssh-ed25519 0R97PA X/EIa3dWMIoC2ed7cB47wbRYHttZHPDl+ENcHgQ1gXA -mCcMfpVfQ9GeNsydWgYzTTzVrRk6CL7JNmNKPNjl2PY --> / ssh-ed25519 /vwQcQ ITw6WJBt6q5ZkS8+Tpe7Cw3l0of+DFNvAWhjeQB8JVM +Nq634KDcSMFkRmqkSUb80n75v98c44W2UhFTE2PyyiY +-> ssh-ed25519 0R97PA rGOeoKrXtGXQwiC9oH1QF/rVQUYZjoLvn1YWCTugy1M +/G5JFxl0HuC1wlpcoICtmRrQ7Cq50IWX6sdc5YKEKno +-> wA-grease +UJZJCBdUyuH+/s+z5O85CFTs69JkG/Z8ljHvxSHWHgJL+qCj/wc8PofEzBLoPX54 +U4aUAtMUt7e6Rniveav4V9quwY3DMt4JTQ531kCGeBMBmR19TPtMkfWN1d0EbZAy + +--- 54FZufK9rx5PR+5AikozUXFvkSkzom2CrXAE06Wz07M +IZukȓhP9f ssh-ed25519 tDqJRg 2RokFJ8iIvUHNIkc8C0GB1CSho8pDWnj5zQ3rfCiI3k -C/u+oGgguGe8ZhcWFN3dWFdby7g+uizSoc9qUfyqh6U --> ssh-ed25519 jIXfPA yGY4tw7TB0dxo7feCsTDgyMp9RFbJJUge9vF7DbhDRI -xjQcbO9sIDudnsILaQp1xZuDP5qYz0zz7sN5I115yTU --> ssh-ed25519 QlRB9Q 90eLE1s+T5NdMprV4dOyVCoZbFKDYzr+ZmET8RTWOCE -n4uZBqYolKJ+gtNvZaleSLtY9JXHDKZBVYQTrAu64uE +-> ssh-ed25519 tDqJRg kFyoHxCpR4l/5SoXCr/cwiO7vGX9BVJFp8M+e1gcKXU +QtapayEmP1YyCtbmz6A0F+gInawmX+IPuo8LnUbB3xM +-> ssh-ed25519 jIXfPA LURgNLFnBHbiUaIasyI35/ZUTEBoa1A6ZzGtsmX1xxg +uI6IzXD8k1BvkU3eG75mA/UKNQ03pWypEbDtMBP39fE +-> ssh-ed25519 QlRB9Q 5zR3ahrp+p5mYhrY8a9GKviRv8W23fWIrvEW8aZSNH8 +1EVd2wSp4yzpcSFYzIILd6KsxhiQ16axsQgxiuRg/C0 +-> ssh-ed25519 r+nK/Q bsdD8k0lEELgKrw4SrXm6p4tocWUf+qNxELzcWXO6Aw +nJoHXGoQcAITmM5q4V7J2H5zAJYCZauDCUV4XEOFifg -> ssh-rsa krWCLQ -mvsGtGUsHMVlLVd4WWWPmUU3XukP53JDxltl198Ar1nkviOU3e7kuBo7iQJqP7KM -GyZyZof280IWEulMgq15XPLyiPUXUs5ZJU4ESObWNaFV56fCRnJVpy1egoUx6QcA -jWpM3IdSswKM7JJIhZF6ol0C1HFFVmDOMyPu50YnoFUs2AgQZbiYAah8JFOIi55C -pzn0sTz/uejbbkqbmNnFEiNg6lH0u1hvIkFt00CSPtQFjcEgctOfK3lTjwbhj4C1 -VPjEmuEjl6BsfSRYS5/qyXJNBf9j3GXz/ngFeowgwOkFvhMHdpHLnzFTK5ST8ZkM -usrlFAWo4EsGArIB+9eo6A --> ssh-ed25519 /vwQcQ EcyRCQAIz0MPe9SYyOp3Mw/SzmOSejj0TjBLOZNp7CQ -QTvtuZ0asPFJK14fLfeQ8ikHDm1Dph1G7YhEmrnzeUc --> ssh-ed25519 0R97PA Kun17Nn0O9HcAq1z1kuWtJmgW/6/edrl5wrWJhkw8HA -Q7EZzEyK70xrdYBxz33GlgKOP2QScwYBRLlYufRVQss --> !<+i-grease FxH]dhGf ` -uQHW6ZkCjGWBGqY9vDpOiib4Ti+ayNuS8tJnKnXaxTVH/UhCQrai2qhFdnRIHcO2 -+1VU3tqiN8LWyBXeeEC8Tq8I ---- BSn6z9x3g31WTDla9cia0InR+KDEerjJh2bRhXlwbaY -weݟ/mOTm,K\5ԖخTtm -SQՈ=IS,CPpFM?=P~ \ No newline at end of file +H5dhRjE+xJJ5DqXt7RHlB9RxH2RGLgg5vfLPkbvq/6tbArHMuNlKv7yrztkHD78i +oVcG7Wtu+UOhE/OT9DQhYm1AvuN40aVX9xMB/6pVccdb50Jh4/70ETPnOpbtOefF +OHNw+oU8NnYb2iLxRLwNOvPO7r/AQ3xiNWeZVJlcw2KdqjXguJ3tdAM+dCvi4Lcc +hLJf3oAsQqaqHFXjWynII54p44W3BjAzUPsUgEXHP97nVYoTv45P20OsMz+qSz6k +yN00fy5njXQn/oOT/Eq1gwatoAfj4sNFQ4QRv2mhiAgItrl6CMqFDz63GVoFAi3o +AKae11lHZnK6Xo7hYAw6pQ +-> ssh-ed25519 /vwQcQ 3DajD8S6y5kdddU6HGgNAbhxBJQOTDTqBMUt9yj5qnE +ySHVT2MUDZrLTEsBlG5/Xae0bv8nvtrOYJ0W9oC4UHE +-> ssh-ed25519 0R97PA EaCVT8uNqHII/1p6ibYrjCdHNovjG3pZj29QLxEPLnw +WKUr9zSkhGJ+Hu9i92t0sCi0riIyeQkexg0Q/BwKBrI +-> TB:n-grease m}VqDFC 8kx44l_ \U(_g"o u,c +YjUjimgsYeF2L4QfgWrG0ODWbDSshlV3MCytzv4h/r/cSDzADNu8GZWpGK0 +--- 20yxHLdcKt2ln0JB69EMV7dFYbTnQUvBZ/v/+x+P/yU +6V }t43]hh6sPrI ssh-ed25519 rHotTw VROWia1UGxKvLi+SZ2grFqfUi10BGbBWKrSmi4Iw01U -wFFoxP9MrADS3Wl34L0CjsaoTSy7JHJ4t4w2N52mBKU --> ssh-ed25519 cvTB5g Ev1w1VPlQKBwOB/yYpEg6w/g1eGN190lwP8mMpq75Xc -FUfyIDYZ/cxPtywZw+OgNpRhSISP6muWTF/8hEtSLOg --> ssh-ed25519 Wu8JLQ FoYe+iG0zFzw7Mc9wtudLPqdnsZWLNyd/gbw1TahQz8 -0nRkMbgV3QXrw1+sQG3vRaFWBitrotoJB+1nyqCWhM8 --> ssh-ed25519 jIXfPA U+PEeBy1vXu1leN0P+5ps4LlStESvHTb11zOaM0yPDI -UjB+PPMuc9209bHi5gKvkbSa7ZcWsu6JWy8s6E1jJDQ --> ssh-ed25519 QlRB9Q i2KcBk2W0AmvnZF3AcV1GlWQ473qTDvn/rrH3kIRIik -6HMK0d5NnA25xfrKFO91Rb9FDbU7zPJbUdLet3L7WaU +-> ssh-ed25519 rHotTw cRsQL1AoguZwuF2c7gsa1PS3IpxfYnTojdfPnrzZ/xs +7+WoIBagodqRqCHw6JgeeKmwJpIph8ETDN7Po5chwvg +-> ssh-ed25519 jIXfPA xaAzDWj8ugsv76FXAkREbaUggUivuyQxVfV3VsStIyg +ftLniocSqsIBAPzdnBQ+9N0fPHk637LLeis7wen6C9M +-> ssh-ed25519 QlRB9Q zoIKYVOUa4daM+sQfTrGomKLulTT8Jfw12NtAVm8YHc +drutGKfvn9vgHoAujHWNoqOLC7GoelSYISwBJgkwgOw +-> ssh-ed25519 r+nK/Q LL18CupobcDtfsdo02jrS118dGAFJcS1lz3+Xy9N134 +WUuG/+PR92tptPK/SR2mV9exW5lY4ODQggIbLoO77I8 -> ssh-rsa krWCLQ -j/BIE/IyHE9+zrAVQW+50A25UIZW9h/plLsuKJ82gcCkPmNUSLDHmlTxLvLg9qpR -oanp5V5zbuJj1iRy4IuWRKszx2IBFAor9MoDS93QieccjRYkuFPGLroUWolODJ5X -eP6F2lhjBMDFbNCOCWdL4p66MtDy9ZNDVMUKYA8aXaOU/oPxr4VwkVkoHJeGOTje -+aJ3tKse/QdvT7vVHCutYGZoYhuWyI1LUFRIXdkeoqmY1RnF43kdui84a//quJT2 -iBPgZ4HLezbf6MTp9Gi2RmcVPVViAxLWXWH8GYKMI51TsWLHYrPszcpqwM7B+m14 -AnD/J6srq08SnZYIsg+wOg --> ssh-ed25519 /vwQcQ IZwQ56Xm+BnDhBZ7EzjWLiWAa5Iw3C3x4Fp/roWmRXE -+O8Jd341LtyLc2+DzKrtpN25iJbmboaLDlPvMYxphtQ --> ssh-ed25519 0R97PA p0QpsWsYTms12BQitqWSAHRcAFNNN1zzPuSFnW/ocxU -Ze+Z1S5KFUJ5/YCSGPnl8wvSpiPhVR8QzthLRuyRJnY --> IC-grease -KhJ+=P Z5S .wB -vZm9JOMOQRAl3+KxelQniW7O1BwQmeSpSNGjY12oY/xVue5LOpqjxDC63jpYJHoG -izw ---- NB/JS3Ab3dw33pEARrn+OwGLmtwcqBg/VVc1FX3yhrc -KtMqkmy~ȇ#/U:>x^[!jg \ No newline at end of file +Ya3Qfv1TQ7iYb4fD60MJEimHkjyekvGfYULGFmNGXrhS3GSRngqg39LgL3AhA6I8 +KwpZIWEzokt60YDmA5DQ+dICTYRsdSWIK7WtCQicsQbzBpV/n6JJ8wqpjyeooxqe +jeZImVX/l6G/voXma/r91qykzpGFTDGh7/EVfL/LhUBuvLUVYnrQ39Ir8v3XZ9zk +PRixLyzHRjdf5kUiwxNdVyOVl9tIb/gXBvFvYf9wQzyufvsX+Qnwjy0ihxoWMy6h +EXqPl1wiyDvprQwnuDaPlj0E6JlXFQvu8nz5AILNjzAgJDdnwFT2iqParto4weOH +aH5tyk8QHe3ho+U5oTRS7g +-> ssh-ed25519 /vwQcQ tbecmifId5P54julo+wgZa1dIYQjmyDq4gLAQMDfWDw +x57WopUTuVEL2co+/Gto85Vj4i6V97/8d3g9TXDz2aQ +-> ssh-ed25519 0R97PA AZYGlMin/ITqHMNhNM5muFN3yZH+2puS3ZNgbqG8+Ac +8Rhy9FhpKXbWhEurP+MuaHvzNFNUESIbRyaGfz+46Ek +-> 19-grease +ckUbXyOHiakCdh4qHl5hujCKDmEmLGz/Dwx7oS24iRkbXNlBzQ9oJK/AHK6zeOAB +8ikt9dR/AU3s0pAJJpHK4pPCW6ouHTGIZmJ+fT3YN1JWSF1w +--- X2S8O8FYHGsxnCfNJ4ucxJ8F5NoOCnNbmc4o6L3mrq8 +V$)D~3Pe1OD[ QKbN`D֝iF*4' \ No newline at end of file diff --git a/machines/storage01/secrets/lychee-environment_file b/machines/storage01/secrets/lychee-environment_file new file mode 100644 index 0000000000000000000000000000000000000000..1b366f92c50c78d677a5577e3ee6b1a762f37740 GIT binary patch literal 2242 zcmZ9LXOPnd7JvgBuy}wF2seZlA3f_^B=z`husNekCS!<NtpGt(Yt6*N zx;UrK<Y6N3eJxjI>71PXTG zdA%7z<+LfP)Hofv* z)g%FxV2G3xAa09B4I$FvVFCc3&2fof9Mg#9X4vEN3q>EAgA@g`-yl&Ts5R!c(wZ!! zB&eud?ofDRk%&>@b0sW#Guxt$M50{F#_|{nCuIlrlnC+_HcCQjbucW* zg^G-qz@mx6M7%V}z^MMc?e~=cxjgA7rI?8DEjQoL%QL3ARWOYL46PuLmq^4yX2viRtK1)yje(dGD|ci%1BE{zdG!Sb1oaN zgrS5U@cTGx+@s4E0|2dZqL|;?@}yy0AYXdjec55Xz>Dx@6-TcR! z8$(&SyPX9IM$8dj!e5jRWF!(>-CUhnaX~z<}@DHV1ZZA^uO;K1T5X#amc|LSKF*u z_=iT%&Lz!np2b?#+o#OU!Kn7Z%cf47qlAd~pL(<(-~ZwzcOz-5M4e9tm%Mx3+gzFE$JbU$H*Cv(yY3P1i&X7f{NHNv z=cX^}mk;V{A(}=*m1PsoF41Z_zf zzt4YvrSz=3{`yCs_zc(oillrG;*E3HXL|*D_wRXo&b(2r^%1z!Sx1}8ALAc&S*603 zfBKh4;O(hXDvsUDy&FIJ%)9f-5xeIczVr_1a%+*s^!#7n>;P6TOwIWveYb~f;sE>+ zbL8>GvZL+sBX-G`ljdsBp)ZvS#%yxfF9(MG$oHJK|GQOGXX4GN$SyEoKgpCqlczEs~cBNEJ88QtN7*za-$`I zfA3yh+L{~lV#4~pFaIecJRL{O{kppLe%%@VZRyFx{nnFBipjw}+7-X_s5vu#@E0GS zvRyTgZ@XD6UJ8I9)?=y2*|1VeW`+DTHx-q{tq(&cP=Ft_uB@S0(ou6GxwKqS1 z_%iV465{;co9$Ok+b+ICUun?>q}`P$plrks#@KI#38^Y>j=gtvtyLo}X#v6_GP77m@mrp}*taN*lo z+Ksb*P%f$8(ul0GtR86H#&zs^8Y{73f~ot^?t9xBm4$KBfn$&1x_YJbbWdSp4YZm` aez&u*c@VidADF#Z_uJ7v7j~?ldFOxr7kpL# literal 0 HcmV?d00001 diff --git a/machines/storage01/secrets/peertube-secrets_file b/machines/storage01/secrets/peertube-secrets_file index e1423d243918fd1baaee518883c9b000b35221ab..1c1ce78f6e2e4a0539f722350e97c66fdb508b7a 100644 GIT binary patch literal 1276 zcmZY9yX)fw00;2FEufp++Qs1vHIFt;f^d>&n`fJM+H*;oXY*{5CQWb<1Vs=X6kHsf z1Qi_)L{M%MTyDBi#KlEX55z%1P|wBT=U?#Q%a`xhi^F+X9-Fc5(yDx}YGSBIfcc$S z+a~icKrsvqS#HUVd^TIoduf2bMM3ya(q)e32wBbX1iXu_PIr9(nLZ{dd;@s zwog0OM2yn(C_X3?dqr)G8HM8^q{|u^`t=dLiXZwCopHp_VLazCyF6Ch)Z1sDA-BLt|7iKlvHnf zY(${iJ=l8U2YHiil%mD3eZ1JkkaAONz*2&=Sp%VkZ|ohxlU;Axwpp_3Y&0xrub@$W z6NdYUN3biM#4unFSiz{;8uR(F4KdWm=m@WSnK^`x+mV<|I!h`$Eh7Ivt!cek);Nr; z0selwnaov#DJFKQ6OHw;;@Gz_o)rV3*?jhpqkZD3ez>f8V{ z35=;>kf%6u?PF=DBC}@6sXXPQE{}y17;c&L9aAio5QSyz$bqRmvTRehxRF`}AVq7b zf|3)*b8V1g8M;%1rKqT*>(IzvX-zBgsa7_JQ+wn4CXRp>-;cYm(uR+*zzG9059waWYKw- zmfH(aKvL$#+OgNFgt&oCq71S;R%J>iYvKVMob)2%tKDTEL9mdcj_m_IXANQ?=tYzW zP*jQmZCtqFX17p3Xh&^!UQy~6R%rc71;G|nrgjZWb~Ql6MmP5kGcW?aufn{_2_S|e z)QK2Zh1ueqyX}rdH_Wp37nW!&`Kog(0Wm5;ahv~XuukHSSF*?`$DqV(hi)+wW8h3Y zp=+k)Rn!-^m9$ldwYAWRtG^zA1FAPi=u%>+rEz0OL!y4fos(=;@P)ddg1yV^D&54+ zNd22ldp5d@Li4x@y*8XBGjyCiFTlv{yA%veNg&CK^;KsV*^s2Z6OKBL`@MZaC9MRl z9;*f_6S`H=V+t79DAxk>`FsXSuJQOoQf)l7LO~ohDN1`bg9X~zbZsFpR*!oPyVzm& z0Q@0v``3>$fP3$qPk#92edo3B9{qVAe`fjWCi&@U<^1*wYWeZ^ugw4WcKg>iw+QU^ zo1ee?n-oICkwJYfBEv?VE5a-FMj{PN8fmAcpZH3)t&Xj GhyMWZ60H{i literal 1211 zcmZY7xy$5q0LJmPunDY!f?8NiKfdOe9213Qlg#9rT))Yk1u-)@Co`GJB$*ulfMEB6 zu$5R^DA)+XYHQ&t+F96$wy%Pym9XNnu+91pJYRVDglT*gm)rAjYVu?G=JA}u7Zkd> zGpXzBDvmIMKpZ|6k8chd;}`^GVaF<6bSB#!3G4!%t?eW)F_=k)VEkfXMjkva&s3VA zHj-6?O{G=OZAMmhgE^BX)85Z*i0?9LCBWS*O8CSG_s3>DF;s|yVNVoRZf}=z&*>(c zHuGm|V83Q*FaeixCEK33j6j?UZ4s!lNF1DL*>$>g>hf#}b{T<~eldsQt_-!AFs<@c zfcJa~e0VNO`Y>og5MlUSL}V(S#*#m?pVrQGI4RC9rvNDSRRE$@f+?lrbW5JWgUILj zImy)m$^dQP5Rpc^gS{JJAh(%VaynZD#*Pxq(qD5>xz=lobsZlqXQAalOJOD0~=8Dznq zbu%@qQdT5R3(jXv>~+alS%*b}t#UIg3d}=hFfE0J4K3HLra0)4Zd2g|tAVQt+Ja5+ zp;v~K>d-iJRB8uTZS_C5$eN}eyDg_!vuS`J73-K@;3SZyRDP<-xw8oSvESNpeW~ag z&k6)eQD9d|9dB$^gqIp}5ZEE1GL?>UE$;Zus2^QTOd_U!BI&MrxJu7)SjQ7)65bIZ zMrb#Kyv=gNB-uqtX_Z5(S#PvUg(3xc5F^>&ID}Re#xZq_irB35Y*ZYpTA-?!bC8Z< z0!4H4z1?eWnFpZ@tK>MMY_=0ybuAe)Lh9LASw8;u>T1$OV}tW0qJla@8+kNNrH(tE`^)H{@d+y#xh5>%|{(9-=d-pc{ z&3muCa}9lX^Zd1RYx8Ni{^5`72M@k_<)26K%Rk+%zWnapNBpaQo8SJ6mT%u|U$5W~ V9)9A#|NF-YeapK4)~y$Q{13nll%N0r diff --git a/machines/storage01/secrets/peertube-service_environment_file b/machines/storage01/secrets/peertube-service_environment_file index 4172d5584b2df3dfffa5e78ab9bbb204392c215d..68a9e35994809b9cfad9599d0205ec5c22653daf 100644 GIT binary patch literal 1354 zcmZXT+pF6I0EZQXN!XNmzdRUF1nJIc(los=kJvOx+cZg=q)D0}LM}~nPntAIQ&hys z9;SE!6?MoIZ$p`n;wIjhc)=+u`Y`8%KB|Z^6~PtN z6mCYzyqd$n#vNdq+8Z;ohN5sAO#0DsQh*~wWQLYKn2Mtj=hXOE)yM{kgc`}p2vlX9 z_6j1KCREf?AZ$f`$(2!cN|3N)sS{M0jVMxC<2E1DbP#0OO6^*?w65=@xr3=S?trN! z`KS;t>bZcJHj29gp%X@a7;ytAYo(p`s_F?V*{H}6P#x6>nI12a6|TABh-7QoN^VoM zt#8t3y^n*&>HqY$B%l`%Y<>Ju#rvYto;k|Ch0z*1t#L?M6S zAtr19gp2qoMu|b;LUP*L@K3>6)S+tXuRKj7E1EVM(<_l2~ zU~A}g$<$#ZO_}S|pj(p009~fZ63YcGu9F3T(QU(#ax$;eEV(WV)=wP7)NrpNNORkY zQMle;Qo%^_{xg}R8t5f*m*#+6=}?2DDcNy35atV*?ouYkXwbA@@yD_g5`;+wHr9r$ zX;)U028kB^!c<%#tghHu>;e-A$0@cT1+JgQ{G>8R+(w;Hy=V%z%(=GE@nMx&*4ZVR zI_{vy$?JJFMz|>~^SG$zDNwjdcTM}cG(dDX=^+$p@q!A|z50A8JMIEzMbzv1>4+2y zosHV9cBS67hfO_LP`GafKuXhA8FHn*3Luiu;b6?R>`9qGk)!it%kew5R+XS0l^`OC3^t|h5A=Y_FB`A}d@ zDs_`;bj% zZ`6G6R-pX-kE_n@|MlKS_q_6DplP`H#@-XxDxY2YQIna(>6()pmQW?(zI!tw>B?5nWRb6Ce3TpH1#-~ z2jINk83De#Y+hrE(Uo?ohL0uZNxIuBUr9R;B+d+N?6dvm?XKj zz;~?>71tm$=mGhluW(92cikCJwdWRz5=MO`HhTynOlFgY1x2MlUN4mOywCBzg-R8_KmfmK3-vssJ5@>wYBrBStI679 za?xx~3Cgz@5DgL$MMt@HttR>siHoJU2C1H@uCSRi$z;`WU`i6!%~V|4%0=<2mZV0>OH`^W0__%< zO3R>KYv{PjGt<1oWY9#JsTrG6&@gKo>xIrluxq6vnxVYsQK8Qa3f*$;m6d=%ZdlAp z&Ro2a5C++I;7CbW&lsCDxLO;g9h(H3&#;=6_YI^DL7VgXHj0i#p$(ZyUjT&EGREsr z_7ImxT}C%~xZqM9mRn?VRAmh=Y}YizxwvoZlPr^T4JdOM|!)>lhY~F8-fDr3^=n&WEcjstQ2AD1XB@mIaC@X z4G?DN;R6D4s8LJplS6F4TV9t``w3;&5p*^xmRh3C>`tX}tyYon#%8yfJ??iLs}i&$ z$y=nej#?F(9fj<8jAiO0%rcxwJApA*34!GtNwc~X(?fU^6pXV<*0T(Es&Z{T)4aa9 zq}YC4CA`kK_rJD&0D?s*C{GgGNNu3i&@h~d!RcmZ<#I_d0=oj{Ad0a=Kc5wL>iI^P zU<+t%v=eC=I!b{1${b`0Ox{q#O#!w;@|B^R4&}SBY z@c7|#GIwg{?k~6g_I&xP+n#*uqn-cgpI ssh-ed25519 0IVRbA cZCE8mKHO2PTChNTA6+1H4I3q4s2uHn+EG6lt3MM8Xs -FUID2ymmT2Cpp1hSCEoe6Msb6q5DvCebNOgqM6oXME8 --> ssh-ed25519 JGx7Ng LEbrpjdHw8A79rj6+WVFRJNj5pCw5Sass8Hca2c3FFg -fI+RUcxfsjXCes7BfqBAQ+DnqLZzxhMTC5jykb/mDdM +-> ssh-ed25519 0IVRbA rmOQbOpWWs00xklhNfv8Bo7CqALDoy09ODCelkGjuX4 +xytbiFoOpDRiNtYytM5bNwAC5JPD7N7w+CC7/y1T3RA +-> ssh-ed25519 JGx7Ng s9sHO2xEaMyHvMPknM1Ne/+DekgspqQYR/kt4v2o20o +U++tl1/+GHGTjruZJQ20dIysrDWpzCdE1Et0b9kImE4 +-> ssh-ed25519 jIXfPA 8KhKERoNMAXjkJNhZtCTCtgKTyRS4FhyAVtMzw0iWhc +bRdWhvX1a3g4kSpBu6R+HIfBkNJrlBNfK9HmmrRxy5A +-> ssh-ed25519 QlRB9Q tB40CSiTmjZGocnKPu5Ydcn98O2kUECszxL+/q6X4hg +uRM02f2Huxo2bR5AvfGPCn6m4MGdGUDTLZrgtjLFUHY +-> ssh-ed25519 r+nK/Q 5c9cq1jhNRcamN4O3xBzTkuqBk3AuAssl5gIqX05pDI +qXnnjSHH2LXZL2gde2Rf29SH9zhBTPSTF3C9n1CaECo -> ssh-rsa krWCLQ -NzUVdayQo5mroNmgSUZvY2s73af6UbEscX8rE3fJIOyryCKR1D3oZ4Obvp7Pt8wP -NkyNC3yZ/1awTc13RWvHw8YGeTPugrbmLfxcE6HEYk8i/k4X6spgxdNVOMqfXlsR -zUdgjrwFB6LVjdcsjIuTeRtJqE7wF0FCq/f9aTolcvJzptuCIr/J5oQOlWJba88r -24b+FKFyxiL3zFfuCv+OhCSQnwaVcISUt39Cve8htElO7aUAprwM69Sr0R/HeYOi -palhdzakhQ00E9LTDLoMl3H/nLRbDF8SwRY60jTScMHIlwxnTC4vFmFpEktPmvTf -CNpD+v4JnPcOrXrNYTHjRQ --> ssh-ed25519 /vwQcQ BzKg1eOPWJ4Yldf7CI5QW4aBUfg6gSuhwhoqBOnev04 -3+t9+Rx37FKGhIM0xf65QF0hqgI/4SsKe/XHxMVE2OY --> ssh-ed25519 0R97PA 7ueqrFZXhEUlqK+y8ZT0kXd3+CzChefB9C5ejnlWDEk -A858uk0/BtyqrbwIv6gX1hE7AHcnywJuI9m5hLgtmSs --> ssh-ed25519 jIXfPA JioutJFJ+egzcMCiNumBPMNeeEAQVoMQMtbpMtmqoQk -iabPYCNe3yuEJTRJD6tkhQHv4ofXXAVudpj9EWO0ZEY --> ssh-ed25519 QlRB9Q HzVChUjrV3VmSKm4MEYdXTLEY3MnkwoY6Y4H/HfZT0E -smqbVsRJGgoYGoJBrK0c88ty3GDDIlGEytXyadqmVvg --> `-grease ?wWe@l T#Zco G5 nxA -606wl2wFtQEpgUend2CvF3JHFR3iJnmkdrAU8+xPs3O8VjTmAxmnuheKI1Aoi9AF -rmHvXSMqq7cwbWParl8iHSXGhikyjon1Ju0uzZxuXN4hgiAMWh/1Hw+T3nggMg ---- KrORJ/ccXLK8gZnnQKBUsHomAaOvk3+WQRV1Vv2ZOi4 -H$im"mR\5,:Agֈҗgf ssh-ed25519 /vwQcQ S8ai+L9VOkMc49hGZpg6KTE9mKvVhDtME29prFyEbwI +qIW4zjZZ8FO9edOMi5jbPh+iCOeZD52Dio7cIm2rexk +-> ssh-ed25519 0R97PA fKTjyVv5fhye2H5sMCi3io8Ey1Rkn6TZFFeei9+QnXA +WZkiOJvyTLqgzKA7xvemlF/xonl3fgXraka0AMFrFQM +-> "-grease an +BKbHW8353UNcROksK1ks5QQqRDaAxfmm6HO9ORd55QJLPnmsZQ +--- Ydou4p6+13eEzew0CcrmjxzE0QwhgXWEPT7aP5iFWn4 +)k5j]!3doQ&:PIT|8/>]Q \ No newline at end of file diff --git a/machines/web01/secrets/plausible_admin-user-password-file b/machines/web01/secrets/plausible_admin-user-password-file index 364d943ec7cfd8fc92083742effd7c39035b4fd8..e3d58b3f64f9171d8f8cf2bf34663ff0f0be93c4 100644 GIT binary patch literal 1405 zcmZXTxytMW0EH_pQV8}Iqn(ETW|?G?fLzEnS!OaxChJ7hn>~|cvQE}QTfsLFEG)Is zP6Qu7gbTibjo1i+omT$05`O!``8elr{4{=utFT*|`?ao~)m;jW2=MTH)A!j!9HBUl zP#ajX&jG!GD^4|fZ!$2e$jvG7RXB#jj`hK!u7`ZC#!A_;sAt_Kz_iq3X9xAdxmXkO zhOliAMMrv8Gvq3~g&GIh9GF0}89t@S!c3gfO}b5xOofDa&Idi0E7r=$))_Fo9d7=p{l8Y;ka=a5xxIKRO_$MyxH2@FiX< z%9OdP?CN?e$n|BX{Ew!WXNJ-@<15uUh$PPK{7UsMa=SwxOFW=br*;0+@Cw3dF`Y2(eKaAEFWQkQo(Sp1`P}k3`HOws^zo z8D~&Pi7XYcECuE30sq?@C#sxPfX1DCbNF8)_z4O@i z9%p9Sbzq7uFkcL`<>4JNUva5eY??N@4v9s<^@^RMBn^amsampLgDSiLy4P%GIEcBk zd*acrvjNsU)gk4h4sPC(-OjcmDuh#k_N@+Gw|fR{oxX>SQg_+RzSvQmPpl^fyJZI+ zD**)oU&N@#hsaFs8DY4uyLstz!FR-=F?({aU^i@#?bQ^W-I_TeD6Qg9UjnT&sy!&N z0}vuR<~~N5S?>K(rxtM1YEyr@Ei_JgsBdaY#7`iFm6IbvUVoSlt4Wjh0@iL-1hV_( z(%DB^K2D1c@P;|_>RFv?YW2@mLk&HTJNTULsKO4=-mLG;0hIT*6njd8&lK_a5_zDe zoT@?g#GI1$+En7KXk=uEdQjvg9gv<397&UG0bFwDshsF!(O6Rcf4YrYA60dD%lG2GL09jJQ{~bL&$s2dytnCKu4vH*zTa~ z)=8b47!5NU%4ii+?l`}tbFN+5RXU@F>)WCTN~qx1+Ew(oW{dkz#$E+CG8 z5iwEEY{hxv#WwAeAIYdIQ01KobGVoSLRF}1G^q>@0s;2@az=VMbZWlNXVir1gWZ)w zwNQiy?$sOvx_6dRkvxIM39RpLZpZEVu$g3I4D(5NN3E>lD`VVG#;`W3q5(FJr5dh;<-ZO|H+S+YCT&orQX; zT|_VaPZRvaLG}yh;Y1unOG10hxt+9Q^Vp3=FheyZt}v8VObUJJ>vFt;J@d1Q=BixG7GLcorZCneHS zT1=!0BVxQ&LQHxKo9T#NDASXjUc8t~F$aZWqQ@z%MO&sLMo}d9p(6ilB>Q}w^+`A+ z(6QLzzoHjkP5<~GfA~rDZ2RZS&wu&y_21up{@o9+z4O^O TU-WOEfBt&+=KF6&fB*U~$i9gO diff --git a/machines/web01/secrets/plausible_release-cookie-file b/machines/web01/secrets/plausible_release-cookie-file index e5d3b30..6c257f7 100644 --- a/machines/web01/secrets/plausible_release-cookie-file +++ b/machines/web01/secrets/plausible_release-cookie-file @@ -1,24 +1,31 @@ age-encryption.org/v1 --> ssh-ed25519 0IVRbA 0jTTPBKyGia3BvT9EJlTY0UVqIF05D6zWokv6wE+Swc -LLt0vGzPA8wKKa/s794GQ+4CVIV9DApJXswEjOx4kYw --> ssh-ed25519 JGx7Ng /oOaCppA2fnvo3kv27Ynl9P9NO04UWbs/yw9OrtfkzI -Jt0wq/IdyiTBDxE78drV90zHgnfXT7JT305THHrcH+0 +-> ssh-ed25519 0IVRbA 3o/m+iCmFgQIuhqULLKoBAsGkNmj97fEAwvjxivFFA4 +IHk3/2ZNE4FzJCj8jPzvdNncZIZscYtV2p1EyeE2MwA +-> ssh-ed25519 JGx7Ng FN/hCBTU/JTw8dn7Yynks4FQREJxillO9Rs4TU6PDVU +VzNFkwgaSMt77pyPDSBzk9oUIQaZjaHQPB0QX3QZygM +-> ssh-ed25519 jIXfPA 6mKMot1mPRRZCegoXK9N+i0WnQZ6/gd2ev30xrYnwRQ +zMcJ3i7lo5M10zxhjnp2V2ohMi/j+wDfbrVnnaN2bd4 +-> ssh-ed25519 QlRB9Q 6kbG9lbOSRo4s/GKaeEOTpQOei/wVIVxtfcHN/A4FRs +wYFDlXnIhWRnlFR8ObR43WvaUUOuJ2xEqENWOZqqK/Q +-> ssh-ed25519 r+nK/Q BI65gyxtwiAmR0Z8jL7mQTmMPyE/jf7WWnSsikctIUU +EXcTedRC5mMOlXrxtQsh83FgmH6d6lzqd+8NyhfnvPc -> ssh-rsa krWCLQ -1yYjwCF3m/n+wOeQIiXbZAl4tVttROXIlRIhRqgK9pbsI22WmXIXV0qmMsac8VZQ -OsaZJGvY38yhUpYfDZZZHN3JNKL5yZcPFX+HeXQo305oFKsuUSs5EGIWDZmE5XsJ -AFcqwrSRhNLHCJ3PVk6+C9RWfLMhbTNl4Kelndv/KqOfG5AkW193ZG4DHOWSwE3k -8nUgwUGrY79ZVCpGkQAi65TJ4C/3toGcooVxwFVsBX8tfVX53VLvLuUIeD/uvV6A -pZ+cdzwanUK8BNDY3yWPN+a8IYltlWKxruF2Q/Ae+eez5BFHC9p9bok558GTrMwC -+0cu/C1X2nqFormascUW2Q --> ssh-ed25519 /vwQcQ Ei8pI/GiyHtZWyqxYPoNTz5UVXtSdZllCQU8sF7CYH0 -oPuVJbkDVCgWZUp45wkPbogRP3AliLiidKTNP7ttzCY --> ssh-ed25519 0R97PA RLo/0D0TUnvH6yoLbjV9jEVIYZG/G/2nK9RaA/Zepg0 -18hpQWaZmJJFjABVvQJiM6pe7PtcF94BIg3J61+BX14 --> ssh-ed25519 jIXfPA X+zJWTGGvy0LPBgTFRURdS4Rsnd+eSYiW7JhdnlK9yc -mQjvg4cijN8VOeQR0ht9tyHKUX0Eg0iazcN36AAKQE8 --> ssh-ed25519 QlRB9Q KI6rxe4Kek4IkMlDQvDlaO4MgMEKc/DdpWX4pCJFGjI -MAaBVH1HlRntm8gFdbXPPYy1dQcHv8aU6OPCIuVLXYc --> kEXh"WN-grease WpN@loT^ MVM G\ -dL1RrBYkPiADu5E7PXyTBfx3UOhAhaFf66Dajg3aZwgwPOlSciKtsQqu4Q ---- ApT4k9TGTnj3hpJVkSbIElRAwBNliRfmnLYBKsVutpA -B6 t1X!o.=ZXt}O K g;aVyYtM) !;].XPG;=f37 2Wk<+IXl*QSEpoc@‚{=ݞα*_) \ No newline at end of file +feoqE8KJ+yfFbDQubFdDZ4lhj2gj1mGKf3OTEJQWcDVQw2lrWcLbwI7LNDHo1tFn +Vw99XIKeJzm/VdbEpubprvL/oX3kZNubuhpYQmOd+8QA72mrr20GZ6DmGRmjOjla +nTIBbjwmrDm2TfeQsDRBRaTW3b+wVnq8dRW3qLWHZXkDK3eoej0tot1JvuKijo7r +jGG4BMhMscj9R1xD8wDuaXBMPrCuFXy97erwNayz+8FLi6FKAV/PuwXh0GP4gNwf +6RVzciCflK5wGDvtafa89KjY9697w5xOG5yoPhhp9YPE79e9BQExDqKaZcunby2h +xHSR0BxSLwnqK/dX1qhg7w +-> ssh-ed25519 /vwQcQ OvPXCaPks6tdxS5bfNUvDsyeirCMjDeq9eP+tJo0iC0 +CWB4I1/CB3mfUQzjRH5hVUXr8XCfoLhkmxfBzfFlcMQ +-> ssh-ed25519 0R97PA NeTDElU0R1+imojAj2aZjppnJiNUbgipHlB9gXYJx34 +oTj2ms/vvh5hXOTiKe8G8n+vKBwIsYLOzWFwWoBJX9s +-> l>ZC^GQX-grease YT =kA +QRhpCIQS +--- MJxB4HNKswFY9dEwqFhhazFOPMO9xk+yrBs/lFk6Dug +X6wBg$~ +L + \ No newline at end of file diff --git a/machines/web01/secrets/plausible_secret-key-base-file b/machines/web01/secrets/plausible_secret-key-base-file index 3016bb8..a6d11b3 100644 --- a/machines/web01/secrets/plausible_secret-key-base-file +++ b/machines/web01/secrets/plausible_secret-key-base-file @@ -1,26 +1,27 @@ age-encryption.org/v1 --> ssh-ed25519 0IVRbA zuXFn55iEAtXdyZIrqGFhMuRmJWO7vVj6biT+/70Vk4 -RqGr6dEsYs/zQML0nkaVgnWBdYkaLso0fBZCFNAVosk --> ssh-ed25519 JGx7Ng 1qQXt05dyoJ/1MVe5XudTJEvDwnLPB8wPg+IDIfoyjw -wSW6ivHK38p+AcaayIY3bn3Io6mB54ut0eaLhvXBWxg +-> ssh-ed25519 0IVRbA L4YZmm8+Lsx/UJkV4yL5n4BB4+01lvVBWhiHOryfQnQ +/PovO/rlHGru73OB4cUaAt0TjWnuH+pUYa+v4Oc3M/o +-> ssh-ed25519 JGx7Ng ZoO5+9pkXJJQLVeUu47RtCFELDORU21IdxYb9Jlw6mQ +E2xoa82PgUvftaijQL77IwWpfZj8VG+E/V2FBDPb0bw +-> ssh-ed25519 jIXfPA 8LDO3q2ywDWkNRqICCzFFXFF8EZ7NXOvNkFzJ1t4wjk +2knzMWSCHzAt6aXFGQAv7kV4VvviyGjPFSigl6q1/rw +-> ssh-ed25519 QlRB9Q Vb23CLrDxNYs/dSCm8OHxWiNMn8/ARvdGgwbSMf5jQM +/4OWBhgqodJ54JMmj2+e2eDK4+1BkfgVUW+Dd4AkjGA +-> ssh-ed25519 r+nK/Q Vy7L39H4nuZLXp02Kmev49sq+fDKMrjEFgBKZTMDBnQ +brSufV9Ayeo1uUyMBJRBo7WLr0bTJzehThUnfJI74Xo -> ssh-rsa krWCLQ -iaQb8f5LiExwJbZA5rF5FQNuKAh63XLmUjgyoxgkFOn6VprJ9oAH22Y8wq85SMrv -rp5SmOYTcdn9hG1LnABPiSCGcquW+vEfL1LnpQIk0E+sFAHW/P8Pt7iK7L6nyxmR -WF0xhKNBvZudysNMEtYtCWbAWf93awXx2qdH1+N/uITNGLgmviBXGThuz+sKGwVO -mi86qk+B1MKkOCYJpWL6CrFeRJrYgph51y1fHl8Rywb3LE605oDCJ18GyvqBTpKl -AGGtVDmMRIr16TEDVjfTg0XmNKQWDdmqvlpesxyXvKk1kU77eT4bfVtsdqyIDNjk -/9RQqW2kiUDrYuige+p1cg --> ssh-ed25519 /vwQcQ 8rY5jPREmYfaWWP8KWjOEHgh87e241JbQO5EEgBhVBo -RQhE8XjdFuj/eQujOot4oFrKEb63LrZ34AIeSigosKc --> ssh-ed25519 0R97PA G/zvtYihaKYoA6hFWoI4ceZt+T7ysxQ+aUSu2XZQHWA -Nud2DqDI/gOeMXg0vZZN75RnDcQxRQix+uKOVS0RMz4 --> ssh-ed25519 jIXfPA NnB25GAo+1eyVKI0m74E93V52XZ35UjECnYLgSTpFjY -ip2J8AW+vo3e3otTE67/ns1lelFQs38JaCdb6l6CLW8 --> ssh-ed25519 QlRB9Q 5PvEcPWMg0+k2fVP5oXjBQxcLLN2S3yV7zvzLO7d6gs -TyZSXXPDyQwZtJmoElqmcl915oHOAaY2EEBb38rfSSM --> gS\H(UbE-grease xPm5+9D~ ` +jBi] -IMHs3CjXalMD9i1riMNx0E61OhfZfaeONQn0OEn074kj6Qtjll/kr34yXf4CTmG2 -LtnT6xiGtf3Hq88Bk0QyuhmOyXpePk0//c40Qr+Ym82RR+mJmv9yRQ ---- fjFYmVm6FP+waGy4INlgyAQonGSp4Q4g1HS/OZfDJWI -1pW -i8fܱ 7zoHyehf3Nc\ϋ3;*Ȓ28CtAw c!Hhpt}$(`>T״R`e%xI¾…^wѹ_AmsiX`6x>j2ffC \ No newline at end of file +AOgl8SdZouqtbSjYIk7VonEfSkf+OUiNQnAQjOInaBkzBKUBgVfXwirJhzyekCzR +EvuKs/jvDydaKZJ8zgKZtKSjd1dwA6lKKoAVbob5nJTaffQL0BCVQwceYfwCPSP5 +LZKnJM//vWv9TqqxL42ri2CXR2TsKOHjxvXv8v07+tQz0EPPiuFmyfldtpcnN3EY +N/V7imXz/LuCaVC8Sr1+lThQf/rxVTRzESupAC84JhaNIx2YmTlfBw/wFzCchsJ1 +BHa3uhI8hYD94M46PZxqG2UyZJhY07X9t8y8Hhr2TKZ9vbnFWiqndD3xVr/I4suz +b1QNlzQlLIFRdvrwBHHkcg +-> ssh-ed25519 /vwQcQ 6K9caZ+V0U+z163i5mph+mJ3bojwu+uQ16TGtMV0ZRM +vM7Y2iygeuZH9hfxXDQPrDdoDD0xFLv1Srjbeth+LZg +-> ssh-ed25519 0R97PA wwNHjPefNiw0J5XCNwKCL8ZNSbn9NdCicKi5O4u0O0s +fT+jWG1bB8AJvhKPChYMLkHn9T68qqXEFPkZ9EqfUGU +-> mHCA.yi-grease \mpj) iv w~zasWif +cqa+UmgdUBb0PrV5QeWiM79klA +--- ODudNdhSivK8pFmXiOq9cFI9552SO1d8F8T+LcLtpIE +bw)uriU 9*^7a:o}3и%f۠2҆m?~WH:z P;˃s|5)?Z_RYG& _Kݺ@D +(1](Q&`4ZUK \ No newline at end of file -- 2.47.1 From 0441ebe4ae1446fd9ff874e3c98e43ccf7cfdf2f Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Sun, 17 Sep 2023 18:13:35 +0200 Subject: [PATCH 76/78] feat(storage01): Update zpool configuration Use only one pool for slow storage Setup garage to use the available pools --- machines/storage01/_hardware-configuration.nix | 4 ++-- machines/storage01/garage.nix | 16 ++++++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/machines/storage01/_hardware-configuration.nix b/machines/storage01/_hardware-configuration.nix index 03e663e..7706a41 100644 --- a/machines/storage01/_hardware-configuration.nix +++ b/machines/storage01/_hardware-configuration.nix @@ -1,7 +1,7 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ config, lib, modulesPath, ... }: { imports = @@ -14,7 +14,7 @@ boot.kernelModules = [ "kvm-intel" ]; boot.supportedFilesystems = [ "zfs" ]; boot.zfs.forceImportRoot = false; - boot.zfs.extraPools = [ "fast01" "medium01" "work01" "small01" ]; + boot.zfs.extraPools = [ "fast01" "work01" ]; boot.extraModulePackages = [ ]; fileSystems."/" = diff --git a/machines/storage01/garage.nix b/machines/storage01/garage.nix index 902c26d..85201de 100644 --- a/machines/storage01/garage.nix +++ b/machines/storage01/garage.nix @@ -3,11 +3,16 @@ _: let host = "s3.dgnum.eu"; webHost = "cdn.dgnum.eu"; + + data_dir = "/data/slow/garage/data"; + metadata_dir = "/data/fast/garage/meta"; in { services.garage = { enable = true; settings = { + inherit data_dir metadata_dir; + replication_mode = "none"; compression_level = 7; @@ -37,6 +42,17 @@ in { }; }; + systemd.services.garage.serviceConfig = { + User = "garage"; + ReadWriteDirectories = [ data_dir metadata_dir ]; + }; + + users.users.garage = { + isSystemUser = true; + group = "garage"; + }; + users.groups.garage = { }; + services.nginx.virtualHosts = { ${host} = { enableACME = true; -- 2.47.1 From ac373ba380de74f077a01771f3ba09075bddb4b3 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Sun, 17 Sep 2023 18:14:02 +0200 Subject: [PATCH 77/78] feat(nextcloud): Add jpegoptim for use in nc workflow --- machines/compute01/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/compute01/nextcloud.nix b/machines/compute01/nextcloud.nix index cd8fd06..bef8302 100644 --- a/machines/compute01/nextcloud.nix +++ b/machines/compute01/nextcloud.nix @@ -64,7 +64,7 @@ in { forceSSL = true; }; - environment.systemPackages = [ pkgs.ffmpeg_6-headless ]; + environment.systemPackages = [ pkgs.ffmpeg_6-headless pkgs.jpegoptim ]; dgn-secrets.options = [ (setDefault { owner = "nextcloud"; } -- 2.47.1 From 7395f240eeee6975ad9b2c6af3b59a98aee5ebcf Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 18 Sep 2023 10:48:54 +0200 Subject: [PATCH 78/78] fix(forgejo): Use allowlist instead of whitelist Also fix the filter --- machines/storage01/forgejo.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/machines/storage01/forgejo.nix b/machines/storage01/forgejo.nix index 718b36c..ae1750d 100644 --- a/machines/storage01/forgejo.nix +++ b/machines/storage01/forgejo.nix @@ -32,7 +32,7 @@ in { }; service = { - EMAIL_DOMAIN_WHITELIST = "dgnum.eu"; + EMAIL_DOMAIN_ALLOWLIST = "dgnum.eu"; DISABLE_REGISTRATION = false; }; @@ -89,7 +89,7 @@ in { dgn-secrets.options = [ (setDefault { owner = "git"; } - (builtins.filter (lib.hasPrefix "forgejo") config.dgn-secrets.names)) + (builtins.filter (lib.hasPrefix "forgejo-") config.dgn-secrets.names)) ]; networking.firewall.allowedTCPPorts = [ 80 443 ]; -- 2.47.1