Deploiement 2048 bis ; debug staticWebsites.location

.gitignore

@@ -1,6 +0,0 @@
-result
-result-*
-*.swp
-/public.tar.gz
-.direnv
-.envrc

hive.nix

@@ -1,73 +0,0 @@
-let
-  sources = import ./npins;
-  metadata = import ./meta.nix;
-
-  defaultNixpkgs = importNixpkgsPath "x86_64-linux" sources."nixos-unstable";
-
-  inherit (defaultNixpkgs) lib;
-
-  revision =
-    node:
-    (builtins.fromJSON (builtins.readFile ./npins/sources.json)).pins.${pkgsVersion node}.revision;
-
-  mkNode = node: {
-    ${node} =
-      {
-        name,
-        nodes,
-        ...
-      }:
-      {
-        imports = [
-          ./machines/${node}/_configuration.nix
-        ] ++ lib.attrByPath [ "imports" ] [ ] metadata.nodes.${node};
-        inherit (metadata.nodes.${node}) deployment;
-        nix.nixPath = builtins.map (n: "${n}=${sources.${n}}") (builtins.attrNames sources) ++ [
-          "nixpkgs=${mkNixpkgsPath name}"
-        ];
-        system.nixos.tags = [
-          (revision node)
-        ];
-      };
-  };
-
-  pkgsVersion =
-    node:
-    lib.attrByPath [
-      node
-      "nixpkgs"
-    ] "nixos-unstable" metadata.nodes;
-
-  mkNixpkgsPath = node: sources.${pkgsVersion node};
-
-  mkNixpkgs = node: {
-    ${node} = importNixpkgsPath (lib.attrByPath [ "arch" ] "x86_64-linux" metadata.nodes.${node}) (
-      mkNixpkgsPath node
-    );
-  };
-
-  importNixpkgsPath =
-    arch: p:
-    import p {
-      config.allowUnfree = true;
-      overlays = import ./pkgs/overlays.nix { inherit sources; };
-      system = arch;
-    };
-
-  nodes = builtins.attrNames metadata.nodes;
-
-  concatAttrs = builtins.foldl' (x: y: x // y) { };
-in
-{
-  meta = {
-    specialArgs = {
-      inherit sources metadata;
-    };
-    nixpkgs = defaultNixpkgs;
-    nodeNixpkgs = concatAttrs (builtins.map mkNixpkgs nodes);
-    specialArgs = {
-      lib = lib;
-    };
-  };
-}
-// (concatAttrs (builtins.map mkNode nodes))

hosts/hackens-milieu/configuration.nix

@@ -5,33 +5,24 @@
 { config, pkgs, ... }:
 
 {
-  imports = [
-    # Include the results of the hardware scan.
-    ./aarch64.nix
-    ./audio.nix
-    ./dns
-    ./gnome.nix
-    ./hardware-configuration.nix
-    ./i18n.nix
-    ./lampion.nix
-    ./networking.nix
-    ./no-sleep.nix
-    ./pixiecore
-    ./programs.nix
-    ./secrets
-    ./system.nix
-    ./users.nix
-    ./vim.nix
-  ];
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      ../../profiles/hackens
+    ];
 
-  boot.loader.efi.canTouchEfiVariables = true;
-  boot.loader.systemd-boot = {
-    enable = true;
-  };
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.efiSupport = true;
+  boot.loader.grub.efiInstallAsRemovable = true;
   boot.loader.efi.efiSysMountPoint = "/boot";
+  boot.loader.grub.device = "nodev"; # or "nodev" for efi only
+  boot.loader.grub.configurationLimit = 2;
 
   networking.hostName = "hackens-milieu"; # Define your hostname.
 
+
   # The global useDHCP flag is deprecated, therefore explicitly set to false here.
   # Per-interface useDHCP will be mandatory in the future, so this generated config
   # replicates the default behaviour.
@@ -46,3 +37,4 @@
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
   system.stateVersion = "20.09"; # Did you read the comment?
 }
+

hosts/hackens-milieu/hardware-configuration.nix

@@ -0,0 +1,33 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+    ];
+
+  boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-label/nixos-root";
+      fsType = "btrfs";
+      options = [ "ssd" "noatime" "ssd_spread" "discard" "space_cache" ];
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-label/BOOT";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-label/SWAP"; }
+    ];
+
+  nix.maxJobs = lib.mkDefault 4;
+  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
+}

hosts/hackens-org/2048.nix

@@ -0,0 +1,15 @@
+{ config, pkgs, ... }:
+{
+  services.staticWebsites.sites = {
+    "2048" = {
+      root = pkgs.fetchFromGitHub {
+        owner = "hackEns";
+        repo = "2048NdS";
+        rev = "1df6db154ca22c380eb52844c7a6a7f888fb5610";
+        sha256 = "1y2v637j0g03g4l80ag72pm9kc46f07npir7ddp8i6x15bzygj1a";
+      };
+      hostname = config.my.subZone;
+      location = "/2048";
+    };
+  };
+}

hosts/hackens-org/acme-ssl.nix

@@ -0,0 +1,13 @@
+# Issue du club reseau
+{ config, ... }:
+let
+    my = config.my;
+in
+{
+  security.acme.acceptTerms = true;
+  security.acme.email = my.email;
+  security.acme.server =
+    if my.acmeStaging
+    then "https://acme-staging-v02.api.letsencrypt.org/directory"
+    else null;
+}

hosts/hackens-org/configuration.nix

@@ -5,29 +5,23 @@
 { config, pkgs, ... }:
 
 {
-  imports = [
-    ./_bootloader.nix
-    ./_networking.nix
-    ./_ssh.nix
-    ./_users.nix
-    ./dokuwiki.nix
-    ./thelounge.nix
-    ./hardware-configuration.nix
-    ./matterbridge.nix
-    ./nginx.nix
-    ./orga
-    ./ragb.nix
-    ./snipe-it.nix
-    ./secrets
-    ./static-sites.nix
-    ./legacy-redir.nix
-    ./webpass.nix
-    ./prometheus.nix
-    ./grafana.nix
-    ./kfet-monitor
-  ];
-
-  time.timeZone = "Europe/Paris";
+  imports =
+    [
+      ./hardware-configuration.nix
+      ./physical.nix
+      ../../profiles/core-hackens
+      ./hackens-my.nix
+      #Services
+      ./wiki.nix
+      ./webpass.nix
+      ./test-static.nix
+      # ./bridge.nix
+      # ./gha.nix
+      # ./sync.nix
+      #Modules
+      ./misc
+      ./modules
+    ];
 
   networking.hostName = "hackens-org"; # Define your hostname.
 
@@ -37,6 +31,7 @@
   # this value at the release version of the first install of this system.
   # Before changing this value read the documentation for this option
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "22.11"; # Did you read the comment?
+  system.stateVersion = "21.11"; # Did you read the comment?
 
 }
+

hosts/hackens-org/hackens-my.nix

@@ -0,0 +1,12 @@
+# Inspire du club reseau
+{ lib, ... }:
+{
+  imports = [ ./modules/my.nix ];
+
+  my = {
+    email = "hackens@clipper.ens.fr";
+    acmeStaging = lib.mkDefault true;
+    debug = false;
+    subZone = "new.hackens.org";
+  };
+}

hosts/hackens-org/hardware-configuration.nix

@@ -0,0 +1,29 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "uhci_hcd" "ahci" "virtio_pci" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/8deb32c9-ee6a-4de8-94da-239c8ec509a2";
+      fsType = "btrfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/0795-75ED";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/bd7c1c01-ce31-4db3-9c06-70716020e24a"; } ];
+
+}

hosts/hackens-org/misc/default.nix

@@ -0,0 +1,12 @@
+{ pkgs, ... }:
+{
+  imports = [
+    # ./static-website.nix
+    # ./game2048.nix
+    # ./casauth.nix
+    # ./nds.nix
+    # ./prez.nix
+    # ./public.nix
+    # ./jarvis.nix
+  ];
+}

hosts/hackens-org/modules/default.nix

@@ -0,0 +1,9 @@
+{ pkgs, ... }:
+{
+  imports = [
+    ./my.nix
+    ./staticWebsites.nix
+    ./nginx.nix
+    ./webhooks.nix
+  ];
+}

hosts/hackens-org/modules/my.nix

@@ -0,0 +1,28 @@
+# Inspiré du club réseau
+{ config, lib, ... }:
+with lib;
+with types;
+{
+  options.my = {
+    email = mkOption {
+      description = "Admin email";
+      type = str;
+      default = "";
+      example = "hackens@clipper.ens.fr";
+    };
+    acmeStaging = mkOption {
+      description = "Enable staging servers";
+      type = bool;
+      default = false;
+    };
+    subZone = mkOption {
+      description = "Sub zone for hosting the services";
+      type = str;
+    };
+    debug = mkOption {
+      description = "Debug mode";
+      type = bool;
+      default = false;
+    };
+  };
+}

hosts/hackens-org/modules/staticWebsites.nix

@@ -0,0 +1,64 @@
+{ lib, config , ... }:
+with lib;
+let
+  eachSite = config.services.staticWebsites.sites;
+  website = { name, ... }: {
+    options = {
+      root = mkOption {
+        type = types.path;
+        default = "/var/lib/nginx/static/${name}";
+        description = "Static files path for the website";
+      };
+      hostname = mkOption {
+        type = types.str;
+        default = name;
+        description = "Website hostname";
+      };
+      location = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        description = "Add a location rule if not null";
+      };
+    };
+  };
+in
+{
+  options.services.staticWebsites = {
+    sites = mkOption {
+      type = types.attrsOf (types.submodule website);
+      description = "Specification of one or more static websites to serve";
+    };
+    debug = mkOption {
+      type = types.bool;
+      default = false;
+    };
+  };
+  config = mkIf (eachSite != {}) {
+    services.nginx = {
+      enable = true;
+      virtualHosts = mapAttrs' ( hostname: conf: {
+        name = conf.hostname;
+        value = (mkMerge [
+          {
+            serverName = conf.hostname;
+            forceSSL = if config.services.staticWebsites.debug then false else true;
+            enableACME = if config.services.staticWebsites.debug then false else true;
+          }
+  
+          (mkIf (conf.location == null) {
+            root = conf.root;
+          })
+  
+          (mkIf (conf.location != null) {
+            locations = {
+              "${conf.location}/" = {
+                alias = "${conf.root}/";
+              };
+            };
+          })
+  
+          ]);
+        }) eachSite;
+    };
+  };
+}

hosts/hackens-org/modules/webhooks.nix

@@ -0,0 +1,56 @@
+{ pkgs, config, lib, ... }:
+with lib;
+let
+  json = pkgs.formats.json {};
+  cfg = config.services.webhooks;
+in
+{
+  options.services.webhooks = {
+    enable = mkEnableOption "Set up webhooks";
+    package = mkOption {
+      type = types.package;
+      default = pkgs.webhook;
+      description = "`webhook` package to use";
+    };
+    hostname = mkOption {
+      type = types.str;
+      description = "The vhost on which webhook will listen";
+    };
+    endpoint = mkOption {
+      type = types.str;
+      default = "hooks";
+      description = "The endpoint of the webhooks";
+    };
+    hooks = mkOption {
+      type = json.type;
+      description = "Configuration for this webhook, check <link xlink:href="https://github.com/adnanh/webhook/blob/master/docs/Hook-Definition.md"/> for supported values";
+    };
+    internalPort = mkOption {
+      type = types.int;
+      default = 9000;
+      description = "The local port used to (proxy)pass requests from nginx to webhook";
+    };
+    debug = mkOption {
+      type = types.bool;
+      default = false;
+    };
+  };
+  config = mkIf cfg.enable {
+    services.nginx = {
+      enable = true;
+      virtualHosts."${cfg.hostname}" = {
+        locations."${cfg.endpoint}".proxyPass = "http://127.0.0.1:${toString cfg.internalPort}/hooks";
+        enableACME = if cfg.debug then false else true;
+      };
+    };
+    systemd.services.webhook = {
+      enable = true;
+      unitConfig = {
+        Description = "Small server for creating HTTP hooks";
+        Documentation = "https://github.com/adnanh/webhook/";
+      };
+      script = "${cfg.package}/bin/webhook -nopanic -ip \"127.0.0.1\" -port \"${toString cfg.internalPort}\" -verbose -hooks ${json.generate "conf.json" cfg.hooks}";
+      wantedBy = [ "mulit-user.target" ];
+    };
+  };
+}

hosts/hackens-org/physical.nix

@@ -0,0 +1,15 @@
+{ pkgs, ... }:
+{
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/vdb"; # or "nodev" for efi only
+
+  time.timeZone = "Europe/Paris";
+
+  networking.useDHCP = false;
+  networking.interfaces.eth0 = {
+    ipv4.addresses = [ { address = "129.199.129.76"; prefixLength = 24; } ];
+  };
+  networking.defaultGateway = { address = "129.199.129.1"; interface = "eth0"; };
+}

hosts/hackens-org/test-static.nix

@@ -0,0 +1,7 @@
+{ config, pkgs, ... }:
+{
+  services.staticWebsites.sites.test = {
+    hostname = "test.${config.my.subZone}";
+    root = pkgs.writeTextDir "index.html" "Hello world!";
+  };
+}

hosts/hackens-org/test-webhook.nix

@@ -0,0 +1,17 @@
+{ config, pkgs, ... }:
+{
+  services.webhooks = {
+    enable = true;
+    hostname = "test-webhook.${config.my.subZone}";
+    hooks = [
+      {
+        id = "testhook";
+        execute-command = pkgs.writeScript "echo.sh" ''
+          #!/bin/sh
+          echo "Bonjour"
+          '';
+        response-message = "Test hook sucess";
+      }
+    ];
+  };
+}

hosts/hackens-org/webpass.nix

@@ -8,20 +8,19 @@
   services.vaultwarden = {
     enable = true;
     config = {
-      DOMAIN = "https://pass.hackens.org";
+      DOMAIN = "https://pass.new.hackens.org";
       WEBSOCKET_ENABLED = true;
       WEBSOCKET_PORT = 10500;
       SIGNUPS_DOMAINS_WHITELIST = "ens.fr,ens.psl.eu";
       ROCKET_PORT = 10501;
       ROCKET_ADDRESS = "127.0.0.1";
-      LOG_FILE = "/var/lib/bitwarden_rs/logfile";
+      LOG_FILE = "/var/log/vaultwarden";
       SIGNUPS_VERIFY = true;
     };
     environmentFile = "/etc/secrets/vaultwarden.env";
   };
 
-  services.nginx.enable = true;
-  services.nginx.virtualHosts."pass.hackens.org" = {
+  services.nginx.virtualHosts."pass.new.hackens.org" = {
     forceSSL = true;
     enableACME = true;
     locations."/" = {
@@ -37,8 +36,4 @@
       proxyWebsockets = true;
     };
   };
-  networking.firewall.allowedTCPPorts = [
-    80
-    443
-  ];
 }

hosts/hackens-org/wiki.nix

@@ -0,0 +1,63 @@
+{ pkgs, config, ... }:
+{
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  # TODO: move to hackens.org
+  services.dokuwiki.sites."${config.my.subZone}" = {
+    enable = true;
+
+    extraConfig = ''
+      $conf['title'] = 'hackEns';
+      $conf['start'] = 'accueil';
+      $conf['lang'] = 'fr';
+      $conf['template'] = 'bootstrap3';
+      $conf['license'] = 'cc-by-sa';
+      $conf['breadcrumbs'] = 0; # On s'en fiche de l'historique des pages visitées
+      $conf['youarehere'] = true; # Par contre on veut notre position dans la hiérarchie du site
+      # On veut que les liens externes s'ouvrent dans de nouveaux onglets
+      $conf['target'] = array(
+        'extern' => '_tab'
+      );
+      $conf['htmlok'] = 1; # On peut mettre du html dans les pages
+      $conf['sitemap'] = 7;
+      $conf['rss_type'] = 'rss2';
+      $conf['userewrite'] = 1; # Important, sinon on casse tout avec les règles nginx définies par le module nixos
+      $conf['useslash'] = 1;
+      $conf['plugin']['tokenbucketauth']['tba_send_mail'] = 'hackens@clipper.ens.fr'; # Ban auto des IPs qui brute-forcent
+      $conf['htmlmail'] = 0; # On envoie les mails en plain text
+      $conf['useacl'] = 1; # On ne veut pas que n'importe qui écrive
+    '';
+
+    pluginsConfig = ''
+      $plugins['authmysql'] = 0;
+      $plugins['popularity'] = 0;
+      $plugins['authpgsql'] = 0;
+      $plugins['authpdo'] = 0;
+      $plugins['authldap'] = 0;
+    '';
+
+    disableActions = "register";
+    superUser = "@admin";
+
+    acl = ''
+      *	@ALL	1
+      *	@users  8
+    '';
+
+    # Il faut packager les templates
+    templates = let
+      template-bootstrap3 = pkgs.stdenv.mkDerivation {
+        name = "bootstrap3";
+        # Download the theme from the dokuwiki site
+        src = pkgs.fetchurl {
+          url = "https://github.com/giterlizzi/dokuwiki-template-bootstrap3/archive/v2019-05-22.zip";
+          sha256 = "4de5ff31d54dd61bbccaf092c9e74c1af3a4c53e07aa59f60457a8f00cfb23a6";
+        };
+        # We need unzip to build this package
+        buildInputs = [ pkgs.unzip ];
+        # Installing simply means copying all files to the output directory
+        installPhase = "mkdir -p $out; cp -R * $out/";
+      };
+    # And then pass this theme to the template list like this:
+    in [ template-bootstrap3 ];
+  };
+}

machines/agb01/_configuration.nix

@@ -1,42 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}:
-  {
-  imports = [
-    (modulesPath + "/installer/sd-card/sd-image-aarch64.nix") # this holds the hardware-config
-    ./bootloader.nix
-    ./secrets
-    ./networking.nix
-    ./users.nix
-  ];
-
-  # nix.settings.substituters = lib.mkForce [];
-
-  networking.hostName = "agb01"; # Define your hostname.
-
-  environment.systemPackages = [
-  ];
-
-  services.openssh.enable = true;
-  programs.mosh = {
-    enable = true;
-    openFirewall = true;
-  };
-
-  # Set your time zone.
-  time.timeZone = "Europe/Paris";
-
-  fonts.enableDefaultPackages = true;
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "25.05"; # Did you read the comment?
-}

machines/agb01/bootloader.nix

@@ -1,4 +0,0 @@
-{pkgs, ...}: {
-  boot.loader.grub.enable = false;
-  boot.loader.generic-extlinux-compatible.enable = true;
-}

machines/agb01/networking.nix

@@ -1,85 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: {
-  boot.kernel.sysctl."net.ipv4.ip_forward" = true;
-
-  systemd.network = {
-    enable = true;
-    wait-online.anyInterface = true;
-
-    networks = {
-      "10-uplink" = {
-        name = "enu1u1";
-        DHCP = "yes";
-      };
-      "50-wg0" = {
-        name = "wg0";
-        address = [
-          "10.10.10.5/24"
-        ];
-      };
-      "10-wifi" = {
-        name = "wlan0";
-        DHCP = "yes";
-        networkConfig = {
-        };
-      };
-    };
-    netdevs = {
-      "50-wg0" = {
-        netdevConfig = {
-          Name = "wg0";
-          Kind = "wireguard";
-        };
-        wireguardConfig.PrivateKeyFile = config.age.secrets."wg".path;
-
-        wireguardPeers = [
-          {
-            AllowedIPs = [
-              "10.10.10.0/24"
-            ];
-            PublicKey = lib.trim (builtins.readFile ../../wg-keys/hackens-org.pub);
-            Endpoint = "129.199.129.76:1194";
-            PersistentKeepalive = 5;
-          }
-        ];
-      };
-    };
-  };
-  networking = {
-    useDHCP = false;
-    nameservers = [
-      "2620:fe::fe"
-      "2620:fe::9"
-      "9.9.9.9"
-      "149.112.112.112"
-    ];
-    nftables = {
-      enable = true;
-      tables.nat = {
-        family = "ip";
-        content = ''
-          chain postrouting {
-            type nat hook postrouting priority 100;
-            oifname "wlan0" masquerade;
-          }
-        '';
-      };
-    };
-
-    firewall.allowedUDPPorts = [ 67 ];
-  };
-
-  networking.wireless = {
-    #userControlled.enable = true;
-    enable = true;
-    networks."WLED-AGB".psk = "lateteatoto";
-    extraConfig = ''
-      country=FR
-    '';
-  };
-
-}

machines/agb01/secrets/default.nix

@@ -1,11 +0,0 @@
-{
-  pkgs,
-  config,
-  lib,
-  ...
-}: {
-  age.secrets."wg" = {
-    file = ./wg.age;
-    owner = "systemd-network";
-  };
-}

machines/agb01/secrets/secrets.nix

@@ -1,9 +0,0 @@
-let
-  lib = (import <nixpkgs> {}).lib;
-  readPubkeys = user:
-    builtins.filter (k: k != "") (lib.splitString "\n"
-      (builtins.readFile (../../../pubkeys + "/${user}.keys")));
-in {
-  "wg.age".publicKeys = (readPubkeys "catvayor") ++ (readPubkeys "sinavir") ++ (readPubkeys "agb01");
-
-}

machines/agb01/secrets/wg.age

@@ -1,17 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 ZIo4kw 1xAL0ZXu3ubwC6HK4dETN1LgtpvNFf9nH/NQQ1+s1AA
-NQUXZwkejiWJXEImndmxAsL65dKZixXQ3F8Fa5doVC8
--> ssh-ed25519 9/PCvA zo5Ct5tIQjFYykwbTRyTHxnLlaCk/oMVLUqYKK6ry24
-g4ayvGtSZNA/80uhGpxDXeBU8F32sKPVBAWQ2qC/cr0
--> ssh-ed25519 JGx7Ng 0ro2us2J17krgJp09P3+ArhZuQMPt6K8SQxGGb91XVc
-4wrK0+G8LkwitDcZ/WWslENOhv4Mu9JeVPivyuIm9TA
--> ssh-ed25519 kXobKQ bwvhd2LjCYYxrtQh5ZR4OgjTi/KlFQMEOOboMv0G5SE
-U+vrBW9PIpUU9bivT1PWYYT+6bri1oFmrXFQ/D4nBxo
--> ssh-ed25519 mrEzvA AB1zH2mbuo2JE9H8mIXdMewxADp2A5udQTPtw2dKTGA
-97zv5MreXIfFPVvpch41AkLoU/iMxSaHLLhQcq2wkcg
--> x[6Bx[-grease +n6t(` ^E,
-kWd3Ro0LFVRTOV7umHCVJUFGRPfnITYvAG48m1OnrWNSqA2jWEU2VlO+mxixLFyt
-7ghhls3oKf7ZT7ObwKAP
---- T8kROJrmL/+d4npmEtunYpe2tWx22uFh+IwK5v5mQHw
-峴弁堥<E5BC81>唥A\,H闉)en'卿拏譍B鯛u攃2
-D臟覐deT砽;铎噰髷S夋暫腵麗艬襼<E889AC>2v<1F>

machines/agb01/users.nix

@@ -1,14 +0,0 @@
-{ ... }:
-{
-  users = {
-    mutableUsers = false;
-    users = {
-      root.openssh.authorizedKeys.keyFiles = [
-        ../../pubkeys/sinavir.keys
-        ../../pubkeys/catvayor.keys
-        ../../pubkeys/soyouzpanda.keys
-        ../../pubkeys/sel.keys
-      ];
-    };
-  };
-}

machines/agb02/_configuration.nix

@@ -1,38 +0,0 @@
-{ config, pkgs, lib, modulesPath, ... }:
-let
-  agb-control-box = pkgs.callPackage ./agb { };
-in
-{
-  imports = [
-    "${modulesPath}/installer/sd-card/sd-image-aarch64.nix"
-    ./secrets
-    ./networking.nix
-    ./users.nix
-  ];
-  sdImage.compressImage = false;
-  services = {
-    getty.autologinUser = "root";
-    openssh.enable = true;
-  };
-
-  networking.hostName = "agb02";
-  networking.networkmanager.enable = true;
-
-  environment.systemPackages = [
-    agb-control-box
-    pkgs.libgpiod
-  ];
-
-  systemd.services."agb-control-box" = {
-    wantedBy = [ "multi-user.target" ];
-    wants = [ "network-online.target" ];
-    after = [ "network-online.target" ];
-    unitConfig.Description = "The program of the control-box";
-    serviceConfig = {
-      Restart = "always";
-      ExecStart = "${agb-control-box}/bin/agb /dev/gpiochip0";
-    };
-  };
-
-  system.stateVersion = "24.11";
-}

machines/agb02/agb/agb.cpp

@@ -1,214 +0,0 @@
-#include <sys/socket.h>
-#include <sys/types.h>
-#include <arpa/inet.h>
-#include <gpiod.hpp>
-#include <iostream>
-#include <fstream>
-#include <thread>
-
-using namespace std::literals::chrono_literals;
-
-constexpr std::chrono::microseconds debounce = 40ms;
-constexpr std::chrono::microseconds poll_period = 5ms;
-constexpr std::chrono::microseconds autorepeat_delay = 70ms;
-constexpr std::chrono::microseconds server_ratelimit = 50ms;
-constexpr std::chrono::microseconds retry_timeout = 500ms;
-
-constexpr double joystick_movement = 0.2;
-
-const gpiod::line::offsets drive_down = { 21, 13, 6 };
-
-const gpiod::line::offsets decoder = { 3, 4, 17, 27, 24, 23, 18, 2 }; // lsbf
-const gpiod::line::offsets joystick = { 19, 26, 5, 0 }; // x+, y+, x-, y-
-const gpiod::line::offset black_button = 20;
-const gpiod::line::offset white_button = 16;
-
-const gpiod::line_settings input_settings =
-  gpiod::line_settings()
-    .set_direction(gpiod::line::direction::INPUT)
-    .set_bias(gpiod::line::bias::PULL_UP)
-    .set_active_low(false)
-    .set_debounce_period(debounce);
-
-constexpr std::array<uint8_t, 256> decoder_table =
-  #include "decoder_table.inl"
-
-uint8_t read_decoder_realpos(gpiod::line_request& line_reader){
-  static gpiod::line::values decoder_read(8);
-  line_reader.get_values(decoder, decoder_read);
-  uint8_t graycode = 0;
-  for(uint8_t i = 0; i < 8; ++i) graycode |= uint8_t(decoder_read[i]) << i;
-  return decoder_table[graycode];
-};
-
-inline void clamp_decoder(uint8_t& decoder, int move){
-  decoder = uint8_t(std::clamp(decoder + move, 0, 255));
-}
-
-int main(const int argc, char const* const* const argv) {
-  if(argc < 2) {
-    std::cerr << "usage: agb gpiodevice" << std::endl;
-    return 1;
-  }
-
-  /// init gpio chip ///
-
-  gpiod::chip chip(argv[1]);
-  gpiod::line_request line_reader =
-    chip.prepare_request()
-      .set_consumer("AGB")
-      .add_line_settings(drive_down,
-        gpiod::line_settings()
-          .set_direction(gpiod::line::direction::OUTPUT)
-          .set_drive(gpiod::line::drive::OPEN_DRAIN)
-          .set_output_value(gpiod::line::value::INACTIVE)
-      )
-      .add_line_settings({ black_button, white_button }, input_settings)
-      .add_line_settings(joystick,
-          gpiod::line_settings(input_settings)
-            .set_active_low(true))
-      .add_line_settings(decoder,
-          gpiod::line_settings(input_settings)
-            .set_debounce_period(0ms))
-      .do_request();
-
-  // let the settings apply
-  std::this_thread::sleep_for(poll_period);
-
-  /// internal state and buffers ///
-
-  std::chrono::time_point now = std::chrono::system_clock::now();
-
-  gpiod::line::values joystick_read(4);
-  gpiod::line::values joystick_last_read(4);
-  line_reader.get_values(joystick, joystick_read);
-  std::vector<std::chrono::time_point<std::chrono::system_clock>> rising_point = { now, now, now, now };
-  std::pair<double, double> spot_pos(0.0, 0.0); //TODO: init from server
-  auto joystick_move = [&](int i) -> double {
-    if (! bool(joystick_read[i]))
-      return 0.0;
-    else if (bool(joystick_last_read[i])){
-      if (now - rising_point[i] < autorepeat_delay)
-        return 0.0;
-      else
-        return joystick_movement;
-    } else {
-      rising_point[i] = now;
-      return 1.0;
-    }
-  };
-
-  uint8_t decoder_pos = 0; //TODO: init from server
-  uint8_t decoder_realpos = read_decoder_realpos(line_reader);
-
-  uint8_t white_state = 0;
-  bool white_pressed = false;
-  bool black_pressed = false;
-
-  bool has_changed = true;
-  std::chrono::time_point last_send = now;
-  std::string postData;
-
-  /// init server communication ///
-
-  int socket_file_desc;
-connection:
-  socket_file_desc = socket(AF_INET, SOCK_STREAM, 0);
-  {
-    sockaddr_in socket_addr = {
-      .sin_family = AF_INET,
-      .sin_port = htons(1235),
-      .sin_addr = { .s_addr = inet_addr("10.10.10.1") }
-    };
-    while (connect(socket_file_desc,
-                   reinterpret_cast<const sockaddr*>(&socket_addr),
-                   sizeof(socket_addr)) < 0) {
-      std::cerr << "Failed to open tcp socket, retrying..." << std::endl;
-      std::this_thread::sleep_for(retry_timeout);
-    }
-    std::cout << "Connected." << std::endl;
-  }
-
-  for(;;){
-    std::this_thread::sleep_for(poll_period);
-    now = std::chrono::system_clock::now();
-
-    /// joystick ///
-    std::swap(joystick_read, joystick_last_read);
-    line_reader.get_values(joystick, joystick_read);
-
-    spot_pos.first  += joystick_move(0);
-    spot_pos.second += joystick_move(1);
-    spot_pos.first  -= joystick_move(2);
-    spot_pos.second -= joystick_move(3);
-
-    if (bool(joystick_read[0]) || bool(joystick_read[1])
-        || bool(joystick_read[2]) || bool(joystick_read[3])){
-      spot_pos.first = std::clamp(spot_pos.first, 0.0, 255.0);
-      spot_pos.second = std::clamp(spot_pos.second, 0.0, 255.0);
-      has_changed = true;
-    }
-
-    /// Buttons ///
-    bool pressed = bool(line_reader.get_value(black_button));
-    if(pressed ^ black_pressed)
-      has_changed = true;
-    black_pressed = pressed;
-
-    pressed = bool(line_reader.get_value(white_button));
-    if(pressed && !white_pressed){
-      has_changed = true;
-      white_state = (white_state + 1)%9;
-    }
-    white_pressed = pressed;
-
-    /// decoder ///
-    uint8_t new_realpos = read_decoder_realpos(line_reader);
-    uint8_t seen_travel = std::abs(int(new_realpos) - int(decoder_realpos));
-
-    // CCW
-    if(seen_travel < 50 && new_realpos < decoder_realpos)
-      clamp_decoder(decoder_pos, -seen_travel);
-    if(seen_travel >= 50 && new_realpos > decoder_realpos)
-      clamp_decoder(decoder_pos, seen_travel - 128);
-
-    // CW
-    if(seen_travel < 50 && new_realpos > decoder_realpos)
-      clamp_decoder(decoder_pos, seen_travel);
-    if(seen_travel >= 50 && new_realpos < decoder_realpos)
-      clamp_decoder(decoder_pos, 128 - seen_travel);
-
-    decoder_realpos = new_realpos;
-    if(seen_travel)
-      has_changed = true;
-
-    /// server notification
-    if(has_changed && (now - last_send > server_ratelimit)){
-      postData.clear();
-      std::format_to(std::back_inserter(postData), "{{"
-          "\"pan\": {},"
-          "\"tilt\": {},"
-          "\"focus\": {},"
-          "\"white_button\": {},"
-          "\"black_button\": {}"
-        "}}\n",
-        uint8_t(spot_pos.first),
-        uint8_t(spot_pos.second),
-        int(decoder_pos),
-        white_state,
-        black_pressed
-      );
-
-      int wrote = write(socket_file_desc, postData.data(), postData.size());
-      if(wrote < postData.size()){
-        std::cerr << "Failed to send data, reconnecting..." << std::endl;
-        close(socket_file_desc);
-        std::this_thread::sleep_for(retry_timeout);
-        goto connection;
-      } else {
-        has_changed = false;
-        last_send = now;
-      }
-    }
-  }
-}

machines/agb02/agb/decoder_table.inl

@@ -1,132 +0,0 @@
-[]() {
-  std::array<uint8_t, 256> table;
-	table[127] = 0;
-	table[63] = 1;
-	table[62] = 2;
-	table[58] = 3;
-	table[56] = 4;
-	table[184] = 5;
-	table[152] = 6;
-	table[24] = 7;
-	table[8] = 8;
-	table[72] = 9;
-	table[73] = 10;
-	table[77] = 11;
-	table[79] = 12;
-	table[15] = 13;
-	table[47] = 14;
-	table[175] = 15;
-	table[191] = 16;
-	table[159] = 17;
-	table[31] = 18;
-	table[29] = 19;
-	table[28] = 20;
-	table[92] = 21;
-	table[76] = 22;
-	table[12] = 23;
-	table[4] = 24;
-	table[36] = 25;
-	table[164] = 26;
-	table[166] = 27;
-	table[167] = 28;
-	table[135] = 29;
-	table[151] = 30;
-	table[215] = 31;
-	table[223] = 32;
-	table[207] = 33;
-	table[143] = 34;
-	table[142] = 35;
-	table[14] = 36;
-	table[46] = 37;
-	table[38] = 38;
-	table[6] = 39;
-	table[2] = 40;
-	table[18] = 41;
-	table[82] = 42;
-	table[83] = 43;
-	table[211] = 44;
-	table[195] = 45;
-	table[203] = 46;
-	table[235] = 47;
-	table[239] = 48;
-	table[231] = 49;
-	table[199] = 50;
-	table[71] = 51;
-	table[7] = 52;
-	table[23] = 53;
-	table[19] = 54;
-	table[3] = 55;
-	table[1] = 56;
-	table[9] = 57;
-	table[41] = 58;
-	table[169] = 59;
-	table[233] = 60;
-	table[225] = 61;
-	table[229] = 62;
-	table[245] = 63;
-	table[247] = 64;
-	table[243] = 65;
-	table[227] = 66;
-	table[163] = 67;
-	table[131] = 68;
-	table[139] = 69;
-	table[137] = 70;
-	table[129] = 71;
-	table[128] = 72;
-	table[132] = 73;
-	table[148] = 74;
-	table[212] = 75;
-	table[244] = 76;
-	table[240] = 77;
-	table[242] = 78;
-	table[250] = 79;
-	table[251] = 80;
-	table[249] = 81;
-	table[241] = 82;
-	table[209] = 83;
-	table[193] = 84;
-	table[197] = 85;
-	table[196] = 86;
-	table[192] = 87;
-	table[64] = 88;
-	table[66] = 89;
-	table[74] = 90;
-	table[106] = 91;
-	table[122] = 92;
-	table[120] = 93;
-	table[121] = 94;
-	table[125] = 95;
-	table[253] = 96;
-	table[252] = 97;
-	table[248] = 98;
-	table[232] = 99;
-	table[224] = 100;
-	table[226] = 101;
-	table[98] = 102;
-	table[96] = 103;
-	table[32] = 104;
-	table[33] = 105;
-	table[37] = 106;
-	table[53] = 107;
-	table[61] = 108;
-	table[60] = 109;
-	table[188] = 110;
-	table[190] = 111;
-	table[254] = 112;
-	table[126] = 113;
-	table[124] = 114;
-	table[116] = 115;
-	table[112] = 116;
-	table[113] = 117;
-	table[49] = 118;
-	table[48] = 119;
-	table[16] = 120;
-	table[144] = 121;
-	table[146] = 122;
-	table[154] = 123;
-	table[158] = 124;
-	table[30] = 125;
-	table[94] = 126;
-	table[95] = 127;
-  return table;
-} ();

machines/agb02/agb/default.nix

@@ -1,15 +0,0 @@
-{ stdenv, libgpiod }:
-stdenv.mkDerivation rec {
-  pname = "agb";
-  version = "oct-24";
-  src = ./.;
-
-  buildPhase = ''
-    g++ --std=c++23 agb.cpp -o agb \
-      -L${libgpiod}/lib -lgpiodcxx -I${libgpiod}/include \
-  '';
-  installPhase = ''
-    mkdir -p $out/bin
-    cp agb $out/bin
-  '';
-}

machines/agb02/networking.nix

@@ -1,47 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: {
-  systemd.network = {
-    enable = true;
-
-    networks = {
-      "50-wg0" = {
-        name = "wg0";
-        address = [
-          "10.10.10.6/24"
-        ];
-      };
-    };
-    netdevs = {
-      "50-wg0" = {
-        netdevConfig = {
-          Name = "wg0";
-          Kind = "wireguard";
-        };
-        wireguardConfig.PrivateKeyFile = config.age.secrets."wg".path;
-
-        wireguardPeers = [
-          {
-            AllowedIPs = [
-              "10.10.10.0/24"
-            ];
-            PublicKey = lib.trim (builtins.readFile ../../wg-keys/hackens-org.pub);
-            Endpoint = "129.199.129.76:1194";
-            PersistentKeepalive = 5;
-          }
-        ];
-      };
-    };
-  };
-  networking = {
-    nameservers = [
-      "2620:fe::fe"
-      "2620:fe::9"
-      "9.9.9.9"
-      "149.112.112.112"
-    ];
-  };
-}

machines/agb02/secrets/default.nix

@@ -1,11 +0,0 @@
-{
-  pkgs,
-  config,
-  lib,
-  ...
-}: {
-  age.secrets."wg" = {
-    file = ./wg.age;
-    owner = "systemd-network";
-  };
-}

machines/agb02/secrets/secrets.nix

@@ -1,8 +0,0 @@
-let
-  lib = (import <nixpkgs> {}).lib;
-  readPubkeys = user:
-    builtins.filter (k: k != "") (lib.splitString "\n"
-      (builtins.readFile (../../../pubkeys + "/${user}.keys")));
-in {
-  "wg.age".publicKeys = (readPubkeys "catvayor") ++ (readPubkeys "sinavir") ++ (readPubkeys "agb02");
-}

machines/agb02/users.nix

@@ -1,14 +0,0 @@
-{ ... }:
-{
-  users = {
-    mutableUsers = false;
-    users = {
-      root.openssh.authorizedKeys.keyFiles = [
-        ../../pubkeys/sinavir.keys
-        ../../pubkeys/catvayor.keys
-        ../../pubkeys/soyouzpanda.keys
-        ../../pubkeys/sel.keys
-      ];
-    };
-  };
-}

machines/hackens-milieu/audio.nix

@@ -1,5 +0,0 @@
-{ pkgs, ... }:
-{
-  # Enable sound.
-#  hardware.pulseaudio.enable = true;
-}

machines/hackens-milieu/default.nix

@@ -1,6 +0,0 @@
-{ pkgs, ... }:
-{
-  imports =
-    [
-    ];
-}

machines/hackens-milieu/gnome.nix

@@ -1,10 +0,0 @@
-{ ... }:
-{
-  services.xserver = {
-    enable = true;
-    displayManager.gdm.enable = true;
-    desktopManager.gnome.enable = true;
-  };
-  services.xserver.layout = "fr";
-  services.autorandr.enable = true;
-}

machines/hackens-milieu/hardware-configuration.nix

@@ -1,49 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
-  lib,
-  modulesPath,
-  ...
-}:
-
-{
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
-
-  boot.initrd.availableKernelModules = [
-    "ehci_pci"
-    "ahci"
-    "usbhid"
-    "sd_mod"
-    "sr_mod"
-  ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  # boot.kernelParams = [ "nomodeset" ];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-label/nixos-root";
-    fsType = "btrfs";
-    options = [
-      "ssd"
-      "noatime"
-      "ssd_spread"
-      "discard"
-      "space_cache"
-    ];
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-label/BOOT";
-    fsType = "vfat";
-  };
-
-  swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ];
-
-  nix.maxJobs = lib.mkDefault 4;
-  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
-}

machines/hackens-milieu/lampion.nix

@@ -1,21 +0,0 @@
-{
-  pkgs,
-  config,
-  lib,
-  ...
-}: {
-systemd.services.lampion-kfet =
-{
-	script = ''
-		${pkgs.lampion-kfet}/bin/lampion_kfet.py
-	'';
-	serviceConfig = {
-		Restart = "always";
-		RestartSec = 20;
-		DynamicUser = true;
-	};
-	description = "Drives the physical K-Fêt indicator.";
-	after = [ "network.target" ];
-	wantedBy = [ "multi-user.target" ];
-};
-}

machines/hackens-milieu/networking.nix

@@ -1,33 +0,0 @@
-{ lib, config, ... }: {
-  systemd.network = {
-    enable = true;
-
-    networks."50-wg0" = {
-      name = "wg0";
-      address = [
-        "10.10.10.4/24"
-      ];
-    };
-
-    netdevs = {
-      "50-wg0" = {
-        netdevConfig = {
-          Name = "wg0";
-          Kind = "wireguard";
-        };
-        wireguardConfig.PrivateKeyFile = config.age.secrets."wg".path;
-
-        wireguardPeers = [
-          {
-            AllowedIPs = [
-              "10.10.10.0/24"
-            ];
-            PublicKey = lib.trim (builtins.readFile ../../wg-keys/hackens-org.pub);
-            Endpoint = "129.199.129.76:1194";
-            PersistentKeepalive = 5;
-          }
-        ];
-      };
-    };
-  };
-}

machines/hackens-milieu/no-sleep.nix

@@ -1,9 +0,0 @@
-{ ... }:
-{
-  systemd.targets = {
-    sleep.enable = false;
-    suspend.enable = false;
-    hibernate.enable = false;
-    hybrid-sleep.enable = false;
-  };
-}

machines/hackens-milieu/pixiecore/default.nix

@@ -1,16 +0,0 @@
-{ pkgs, config, ... }:
-let
-  netboot_efi = pkgs.fetchurl rec {
-    version = "2.0.82";
-    url = "https://github.com/netbootxyz/netboot.xyz/releases/download/${version}/netboot.xyz.efi";
-    hash = "sha256-cO8MCkroQ0s/j8wnwwIWfnxEvChLeOZw+gD4wrYBAog=";
-  };
-in
-{
-  services.pixiecore = rec {
-    enable = true;
-    openFirewall = true;
-    kernel = "${netboot_efi}";
-    extraArguments = [ "-d" "--ipxe-efi64" "${kernel}" ];
-  };
-}

machines/hackens-milieu/secrets/default.nix

@@ -1,11 +0,0 @@
-{
-  pkgs,
-  config,
-  lib,
-  ...
-}: {
-  age.secrets."wg" = {
-    file = ./wg.age;
-    owner = "systemd-network";
-  };
-}

machines/hackens-milieu/secrets/secrets.nix

@@ -1,8 +0,0 @@
-let
-  lib = (import <nixpkgs> {}).lib;
-  readPubkeys = user:
-    builtins.filter (k: k != "") (lib.splitString "\n"
-      (builtins.readFile (../../../pubkeys + "/${user}.keys")));
-in {
-  "wg.age".publicKeys = (readPubkeys "catvayor") ++ (readPubkeys "sinavir") ++ (readPubkeys "hackens-milieu");
-}

machines/hackens-milieu/secrets/wg.age

@@ -1,12 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 5rrg4g B36oMQ2IqhBXDaltfkba8gBjhTzHujh/KtpXmoBfIkE
-ga5w9MzfwR2LwlSmeA0ddyx2Fms/ZSp1c8p/rC46OSE
--> ssh-ed25519 JGx7Ng wis78jvQlXpeK0rb50RNgliWwVaPqUYR66Dfxxq8+nk
-awK/Il5jYV2s95GxDLkeRas0PjDKKnVE2HjKTOFyQco
--> ssh-ed25519 kXobKQ gYW3wXPQr756wsRQ6nKo4qQtT09OaEsnQmAX4G41PXQ
-sa8Bhxfosqf1VNXfj+rS2ryJs9T4sZK13tx5j+NOCm4
--> ssh-ed25519 Dx1R2Q 2BLCykYc4lKLyBnDfJ6J7ZCD8CeX3vt2S2fLkwjeunw
-ueU6TaxgeX9Cp98LkHy5pkaUaRGdcTHtV8CopEILv10
---- Ah6a49hN7wxxfR8C8Jczc/2jMAoTJoumYMj4PPKax2I
-î)Bš+£Ín
-c™ï<EFBFBD>›ÁY<EFBFBD>ú-l™k<E284A2>ÛMF+ÞÙ<C39E>r1)æÞ‹¸aU=<3D>}%\õÔ²¶=W~ã)Àp6nÜG%ð*ðâšk>	ä

machines/hackens-org/_bootloader.nix

@@ -1,5 +0,0 @@
-{
-  # Use the GRUB 2 boot loader.
-  boot.loader.grub.enable = true;
-  boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
-}

machines/hackens-org/_networking.nix

@@ -1,45 +0,0 @@
-{ pkgs, ... }:
-{
-  imports = [
-    ./wireguard.nix
-  ];
-  networking.useDHCP = false;
-  systemd.network = {
-    enable = true;
-    netdevs."10-sit-he" = {
-      netdevConfig = {
-        Kind = "sit";
-        Name = "sit-he";
-      };
-      tunnelConfig = {
-        Local = "129.199.129.76";
-        Remote = "216.66.84.42";
-      };
-    };
-    networks = {
-      "10-uplink" = {
-        name = "enp1s0";
-        DHCP = "no";
-        address = [
-          "129.199.129.76/24"
-        ];
-        networkConfig = {
-          Gateway = "129.199.129.1";
-          Tunnel = [ "sit-he" ];
-        };
-      };
-      "10-tun-he" = {
-        matchConfig.Name = "sit-he";
-        networkConfig = {
-          Gateway = [ "2001:470:1f12:d21::1" ];
-          Description = "HE.NET IPv6 Tunnel (owned by maurice)";
-          Address = [ "2001:470:1f12:d21::2/64" ];
-        };
-      };
-    };
-  };
-  networking.nameservers = [
-    "1.1.1.1"
-    "8.8.8.8"
-  ];
-}

machines/hackens-org/_ssh.nix

@@ -1,19 +0,0 @@
-{ ... }:
-{
-  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
-  services.openssh.settings.PasswordAuthentication = false;
-  services.openssh.ports = [
-    22
-    2222
-  ];
-
-  # Open ports in the firewall. (In fact not needed)
-  networking.firewall.allowedTCPPorts = [
-    22
-    2222
-  ];
-
-  # Mosh <3
-  programs.mosh.enable = true;
-}

machines/hackens-org/_users.nix

@@ -1,43 +0,0 @@
-{ ... }:
-{
-  users = {
-    mutableUsers = false;
-    users = {
-      rlahfa = {
-        isNormalUser = true;
-        extraGroups = [ "wheel" ];
-        hashedPassword = "$6$y/I6nKCMYUku7$91vTR5kYz4nHyhbuA/j6kPsD8Vfo/Rg7ri6Ympftra9V6emOt/mPg0AScECtYjSIxretvfQ3sPUF1Ho0IWx381";
-        openssh.authorizedKeys.keyFiles = [ ../../pubkeys/raito.keys ];
-      };
-      gdoriathdohler = {
-        isNormalUser = true;
-        extraGroups = [ "wheel" ];
-        openssh.authorizedKeys.keyFiles = [ ../../pubkeys/gdd.keys ];
-      };
-      mdebray = {
-        isNormalUser = true;
-        extraGroups = [ "wheel" ];
-        hashedPassword = "$6$ujz06kXa4TgvPAbF$NaXkDuOUpf3.fBRh7JuygtS0V2U/Bz4N3DpbOznO.md44xEdlKwPH/pSbL9CQJBhI5kodaKZeSaoCyhzybBPA/";
-        openssh.authorizedKeys.keyFiles = [ ../../pubkeys/sinavir.keys ];
-      };
-      ecoppens = {
-        isNormalUser = true;
-        extraGroups = [ "wheel" ];
-        hashedPassword = "$2b$05$c7kIDOunRJvgncWq5pmbXupy/wzUzCvN3b/RHgl/BjlUw891wI.Oa";
-        openssh.authorizedKeys.keyFiles = [ ../../pubkeys/soyouzpanda.keys ];
-      };
-      hbarral = {
-        isNormalUser = true;
-        extraGroups = [ "wheel" ];
-        openssh.authorizedKeys.keyFiles = [ ../../pubkeys/backslash.keys ];
-      };
-      root.openssh.authorizedKeys.keyFiles = [
-        ../../pubkeys/beigbeder.keys
-        ../../pubkeys/sinavir.keys
-        ../../pubkeys/soyouzpanda.keys
-        ../../pubkeys/catvayor.keys
-        ../../pubkeys/sel.keys
-      ];
-    };
-  };
-}

machines/hackens-org/dokuwiki.nix

@@ -1,97 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-{
-
-  services.nginx.virtualHosts."hackens.org" = {
-    enableACME = true;
-    forceSSL = true;
-  };
-
-  # Si tu as des problèmes un jour, vide le cache avant tout
-  services.dokuwiki.sites."hackens.org" = {
-    enable = true;
-    settings = {
-      template = "bootstrap3";
-      license = "cc-by-sa";
-      title = "hackENS";
-      lang = "fr";
-      breadcrumbs = 0;
-      yourarehere = true;
-      userewrite = 1;
-      useacl = true;
-      htmlok = 1;
-      target._raw = ''
-        array(
-          'extern' => '_tab'
-        );
-      '';
-      sitemap = 7;
-      disableactions = "register";
-      superuser = "@admin";
-      start = "accueil";
-      tpl.bootstrap3 = {
-        showAddNewPage = "logged";
-        fluidContainer = 0;
-      };
-      plugin.htmlok.htmlok = 1;
-    };
-    pluginsConfig = {
-
-      authad = false;
-      authldap = false;
-      authpdo = false;
-      authmysql = false;
-      authpgsql = false;
-      popularity = false;
-
-    };
-
-    plugins = [
-      (pkgs.fetchFromGitHub {
-        name = "catlist";
-        owner = "xif-fr";
-        repo = "dokuwiki-plugin-catlist";
-        rev = "147793e2b41e8cb6465df888eecfbc4ee54fb68a";
-        hash = "sha256-kTL0Hm4BeWpmusLnybmBM9JPpx+ss0e/cusDHu6hH2I=";
-      })
-      (pkgs.php.buildComposerProject (finalAttrs: {
-        pname = "commonmark";
-        name = "commonmark";
-        version = "1.3.1";
-        composerStrictValidation = false;
-        src = pkgs.fetchFromGitHub {
-          owner = "clockoon";
-          repo = "dokuwiki-plugin-commonmark";
-          rev = "671ab735193ffb1324064ff0ddb92f63408b8580";
-          hash = "sha256-0WFz71O6GLVZ1Mf5eu96cQ3t+H6F6VtlC3hNtlANwBs=";
-        };
-        vendorHash = "sha256-QnFdwc6IfdH98Hbm9jt6E/rO+u6I7kZqb7+hRnPra9I=";
-        postInstall = ''
-          rm -r $out/share
-          cp -r . $out
-        '';
-      }))
-      (pkgs.fetchFromGitHub {
-        name = "htmlok";
-        owner = "saggi-dw";
-        repo = "dokuwiki-plugin-htmlok";
-        rev = "f186dda6240c61079cd9166c1f17aabefa21c7d8";
-        hash = "sha256-3s+WAb1BG2mq8+wxpQ6HgPJZ+dx6v5e+vMXaOiLYceo=";
-      })
-    ];
-    templates = [
-      (pkgs.fetchFromGitHub {
-        name = "bootstrap3";
-        owner = "giterlizzi";
-        repo = "dokuwiki-template-bootstrap3";
-        rev = "v2022-07-27";
-        hash = "sha256-B3Yd4lxdwqfCnfmZdp+i/Mzwn/aEuZ0ovagDxuR6lxo=";
-      })
-    ];
-  };
-
-}

machines/hackens-org/gestiohackens/default.nix

@@ -1,91 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}:
-let
-  src = pkgs.fetchgit {
-    url = "https://git.rz.ens.wtf/HackENS/gestiojeux.git";
-    rev = "HEAD";
-    hash = "sha256-ly786xct9U4hdsHr7NLl23smnOfE891au9/GXqxpFb4=";
-  };
-in
-{
-  imports =
-    [
-    ];
-  systemd.services.django-gestiohackens.serviceConfig = {
-    DynamicUser = lib.mkForce false;
-    User = "django-gestiohackens";
-    SupplementaryGroups = [ "nginx" ];
-  };
-  users.users.django-gestiohackens = {
-    group = "django-gestiohackens";
-    isSystemUser = true;
-  };
-  users.groups.django-gestiohackens = { };
-  services.nginx = {
-    enable = true;
-    recommendedProxySettings = true;
-    virtualHosts."inventaire.hackens.org" = {
-      enableACME = true;
-      forceSSL = true;
-      locations = {
-        "/" = {
-          proxyPass = "http://localhost:51667";
-        };
-        "/media/".alias = "/var/lib/django-gestiohackens/media/";
-        "/static".root = config.services.django.gestiohackens.staticAssets;
-      };
-    };
-  };
-  services.django.gestiohackens = {
-    inherit src;
-    enable = true;
-    mainModule = "gestiojeux";
-    port = 51667;
-    settings = {
-      DEBUG = false;
-      CSRF_COOKIE_SECURE = true;
-      AUTHENS_ALLOW_STAFF = true;
-      SESSION_COOKIE_SECURE = true;
-      MEDIA_URL = "media/";
-      ALLOWED_HOSTS = [ "inventaire.hackens.org" ];
-      DATABASES = {
-        "default" = {
-          "ENGINE" = "django.db.backends.sqlite3";
-          "NAME" = "/var/lib/django-gestiohackens/db.sqlite3";
-        };
-      };
-      HAYSTACK_CONNECTIONS = {
-        "default" = {
-          "ENGINE" = "haystack.backends.whoosh_backend.WhooshEngine";
-          "PATH" = "/var/lib/django-gestiohackens/whoosh_index";
-        };
-      };
-      MEDIA_ROOT = "/var/lib/django-gestiohackens/media";
-    };
-    extraPackages = ps: [
-      ps.django-autoslug
-      ps.loadcredential
-      ps.django-cleanup
-      ps.django-haystack
-      ps.django-markdownx
-      ps.django-tables2
-      ps.pillow
-      ps.whoosh
-      ps.markdown-icons
-      ps.authens
-
-      ps.qrcode
-      ps.pillow
-
-      # Django haystack is drunk
-      ps.setuptools
-    ];
-    secrets = {
-      SECRET_KEY = config.age.secrets.django-gestiohackens.path;
-    };
-  };
-}

machines/hackens-org/grafana.nix

@@ -1,59 +0,0 @@
-{ config, ... }:
-
-let
-  host = "grafana.hackens.org";
-  port = 3033;
-
-in
-
-{
-  services = {
-    grafana = {
-      enable = true;
-
-      settings = {
-        database = {
-          type = "postgres";
-          user = "grafana";
-          host = "/run/postgresql";
-        };
-
-        server = {
-          domain = host;
-          enable_gzip = true;
-          enforce_domain = true;
-          http_port = port;
-          root_url = "https://${host}";
-          router_logging = true;
-        };
-
-        users = {
-          default_theme = "system";
-          default_language = "en-GB";
-        };
-      };
-    };
-
-    postgresql = {
-      enable = true;
-      ensureDatabases = [ "grafana" ];
-      ensureUsers = [
-        {
-          name = "grafana";
-          ensureDBOwnership = true;
-        }
-      ];
-    };
-
-    nginx.virtualHosts.${host} = {
-      enableACME = true;
-      forceSSL = true;
-
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:${builtins.toString port}";
-        proxyWebsockets = true;
-        recommendedProxySettings = true;
-      };
-    };
-  };
-}

machines/hackens-org/hardware-configuration.nix

@@ -1,39 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}:
-
-{
-  imports = [
-    (modulesPath + "/profiles/qemu-guest.nix")
-  ];
-
-  boot.initrd.availableKernelModules = [
-    "uhci_hcd"
-    "ahci"
-    "virtio_pci"
-    "virtio_blk"
-  ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/8deb32c9-ee6a-4de8-94da-239c8ec509a2";
-    fsType = "btrfs";
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/0795-75ED";
-    fsType = "vfat";
-  };
-
-  swapDevices = [ { device = "/dev/disk/by-uuid/bd7c1c01-ce31-4db3-9c06-70716020e24a"; } ];
-
-}

machines/hackens-org/kfet-monitor/default.nix

@@ -1,25 +0,0 @@
-{ lib, pkgs, ... }:
-let
-  wsScraper = pkgs.callPackage ./websocket-exporter.nix { };
-in
-{
-  systemd.services.kfet-open-recorder = {
-    environment = {
-      WEBSOCKET_EXPORTER_URI = "wss://cof.ens.fr/ws/k-fet/open";
-      WEBSOCKET_EXPORTER_MATCH_TYPE = "contains";
-      WEBSOCKET_EXPORTER_EXPECTED_MESSAGE = "open";
-      WEBSOCKET_EXPORTER_LISTEN_ADDR = "127.0.0.1";
-    };
-    wantedBy = [ "multi-user.target" ];
-    after = [ "network.target" ];
-    wants = [ "network.target" ];
-
-    serviceConfig = {
-      ExecStart = "${lib.getExe wsScraper}";
-      Restart = "always";
-      RestartSec = 5;
-      DynamicUser = true;
-      StateDirectory = "kfet-open-recorder";
-    };
-  };
-}

machines/hackens-org/kfet-monitor/patch

@@ -1,61 +0,0 @@
-diff --git a/websocket_exporter/probe.py b/websocket_exporter/probe.py
-index a95b97e..a7b057e 100644
---- a/websocket_exporter/probe.py
-+++ b/websocket_exporter/probe.py
-@@ -3,28 +3,29 @@ import logging
- from time import perf_counter
- from typing import Union
- 
--from websockets import NegotiationError, client, InvalidStatusCode
-+from websockets import InvalidStatusCode, NegotiationError, client
- 
--
--EXACT_MATCH = 'exact'
--CONTAINS_MATCH = 'contains'
-+EXACT_MATCH = "exact"
-+CONTAINS_MATCH = "contains"
- 
- 
- class ProbResults(object):
-     def __init__(self, up: int, latency: float = 0, received: int = 0):
-         self.up = up
-         self.latency = round(latency, 2)
--        self.received = int(received) if received is not None else "NaN"
-+        self.received = int(received) if received is not None else 0
- 
-     def __str__(self):
-         if self.up:
-             return f'Websocket up, latency:{self.latency}s, expected response {"" if self.received else "NOT"} received'
--        return f'Webserver DOWN'
-+        return f"Webserver DOWN"
- 
- 
- class WebSocketProbe(object):
- 
--    def __init__(self, uri, message=None, expected=None, match=CONTAINS_MATCH, timeout=10):
-+    def __init__(
-+        self, uri, message=None, expected=None, match=CONTAINS_MATCH, timeout=10
-+    ):
-         """
-         Create a websocket probe that tries establishing a connection and reports the metrics
-         :param uri: starts with 'ws://' or ws://
-@@ -68,13 +69,17 @@ class WebSocketProbe(object):
-         elapsed = 0
-         while elapsed < self.timeout:
-             try:
--                resp = await asyncio.wait_for(connection.recv(), timeout=(self.timeout-elapsed))
-+                resp = await asyncio.wait_for(
-+                    connection.recv(), timeout=(self.timeout - elapsed)
-+                )
-                 if self._match(resp):
-                     return True
-                 await asyncio.sleep(1)
-                 elapsed += 1
-             except asyncio.TimeoutError:
--                logging.info(f'Time out while waiting for {self.expected_message} from {self.uri}')
-+                logging.info(
-+                    f"Time out while waiting for {self.expected_message} from {self.uri}"
-+                )
-                 return None
-         return None
- 

machines/hackens-org/kfet-monitor/websocket-exporter.nix

@@ -1,40 +0,0 @@
-{
-  lib,
-  python3,
-  fetchFromGitHub,
-}:
-
-python3.pkgs.buildPythonApplication rec {
-  pname = "blackbox-websocket-exporter";
-  version = "unstable-2021-12-15";
-  pyproject = true;
-
-  src = fetchFromGitHub {
-    owner = "smohsensh";
-    repo = "blackbox-websocket-exporter";
-    rev = "6f9f32396f740fe606bf1b0118a27ad5caa3d9a6";
-    hash = "sha256-+G7xw5631TllDGNzVK9swbSNfVu4r4glbYIblEa0WqA=";
-  };
-
-  patches = [
-    ./patch
-  ];
-
-  nativeBuildInputs = [
-    python3.pkgs.setuptools
-    python3.pkgs.wheel
-  ];
-
-  propagatedBuildInputs = with python3.pkgs; [
-    prometheus-client
-    websockets
-  ];
-
-  meta = with lib; {
-    description = "A Blackbox Websocket Uptime Exporter for Prometheus";
-    homepage = "https://github.com/smohsensh/blackbox-websocket-exporter";
-    license = licenses.mit;
-    maintainers = with maintainers; [ ];
-    mainProgram = "websocket_exporter";
-  };
-}

machines/hackens-org/legacy-redir.nix

@@ -1,55 +0,0 @@
-{
-  services.nginx.virtualHosts = {
-
-    "www.hackens.org" = {
-      forceSSL = true;
-      enableACME = true;
-      extraConfig = ''
-        return 301 $scheme://hackens.org$request_uri;
-      '';
-    };
-
-    "new.hackens.org" = {
-      forceSSL = true;
-      enableACME = true;
-      extraConfig = ''
-        return 301 $scheme://hackens.org$request_uri;
-      '';
-    };
-    "pass.new.hackens.org" = {
-      forceSSL = true;
-      enableACME = true;
-      extraConfig = ''
-        return 301 $scheme://pass.hackens.org$request_uri;
-      '';
-    };
-    "known.hackens.org" = {
-      forceSSL = true;
-      enableACME = true;
-      extraConfig = ''
-        return 301 $scheme://hackens.org/known$request_uri;
-      '';
-    };
-    "prez.hackens.org" = {
-      forceSSL = true;
-      enableACME = true;
-      extraConfig = ''
-        return 301 $scheme://hackens.org/prez$request_uri;
-      '';
-    };
-    "pub.hackens.org" = {
-      forceSSL = true;
-      enableACME = true;
-      extraConfig = ''
-        return 301 $scheme://hackens.org/pub$request_uri;
-      '';
-    };
-    "2048.hackens.org" = {
-      forceSSL = true;
-      enableACME = true;
-      extraConfig = ''
-        return 301 $scheme://hackens.org/2048$request_uri;
-      '';
-    };
-  };
-}

machines/hackens-org/matterbridge.nix

@@ -1,60 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}:
-let
-  port = 52187;
-  configFile = pkgs.writeText "metterbridge.toml" ''
-    [irc]
-        [irc.ulminfo]
-        Server="ulminfo.fr:6697" # Ou ens.wtf tu choisis.
-        Nick="roBOT"
-            UseTLS=true
-            Charset="utf8"
-            PrefixMessagesWithNick=true
-            RemoteNickFormat="<{NICK}> "
-          
-    [mattermost]
-        [mattermost.merle]
-            WebhookBindAddress="0.0.0.0:${builtins.toString port}"
-            PrefixMessagesWithNick=false
-            RemoteNickFormat="{NICK}"
-      
-    [[gateway]]
-    name="hackens"
-    enable=true
-        [[gateway.inout]]
-        account="irc.ulminfo"
-        channel="#hackens"
-        [[gateway.inout]]
-        account="mattermost.merle"
-        channel="town-square"
-  '';
-in
-{
-  systemd.services.matterbridge = {
-    description = "Matterbridge chat platform bridge";
-    wantedBy = [ "multi-user.target" ];
-    after = [ "network.target" ];
-    script = ''
-      ${pkgs.matterbridge}/bin/matterbridge -conf ${configFile}
-    '';
-
-    serviceConfig = {
-      User = "matterbridge";
-      Group = "matterbridge";
-      Restart = "always";
-      RestartSec = "10";
-      EnvironmentFile = config.age.secrets."matterbridge-env".path;
-    };
-  };
-  users.users.matterbridge = {
-    isSystemUser = true;
-    group = "matterbridge";
-
-  };
-  users.groups.matterbridge = { };
-  networking.firewall.allowedTCPPorts = [ port ];
-}

machines/hackens-org/orga/default.nix

@@ -1,54 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}:
-let
-  src = pkgs.fetchgit {
-    url = "https://git.rz.ens.wtf/HackENS/hackens-orga.git";
-    rev = "HEAD";
-    hash = "sha256-BiOKGeDPVp7EV/q4S9Zc54jUeBTpfOs5e/MsCPGAk/I=";
-  };
-in
-{
-  imports =
-    [
-    ];
-  services.nginx = {
-    enable = true;
-    recommendedProxySettings = true;
-    virtualHosts."hackens.org" = {
-      locations = {
-        "/orga" = {
-          proxyPass = "http://localhost:51666/orga";
-          extraConfig = ''
-            proxy_set_header SCRIPT_NAME /orga;
-          '';
-        };
-        "/static".root = config.services.django.hackens-orga.staticAssets;
-      };
-    };
-  };
-  services.django.hackens-orga = {
-    inherit src;
-    enable = true;
-    mainModule = "hackens_orga";
-    settings = {
-      DEBUG = false;
-      ALLOWED_HOSTS = [ "hackens.org" ];
-      DATABASES = {
-        "default" = {
-          "ENGINE" = "django.db.backends.sqlite3";
-          "NAME" = "/var/lib/django-hackens-orga/db.sqlite3";
-        };
-      };
-    };
-    extraPackages = p: [
-      p.authens
-    ];
-    secrets = {
-      SECRET_KEY = config.age.secrets.django.path;
-    };
-  };
-}

machines/hackens-org/programs.nix

@@ -1,6 +0,0 @@
-{ pkgs, ... }:
-{
-  environment.systemPackages = [
-    pkgs.vim
-  ];
-}

machines/hackens-org/prometheus.nix

@@ -1,68 +0,0 @@
-{ config, ... }:
-
-let
-  host = "prometheus.hackens.org";
-  port = 9091;
-in
-
-{
-  services.prometheus = {
-    enable = true;
-
-    inherit port;
-
-    checkConfig = "syntax-only";
-    enableReload = true;
-
-    listenAddress = "127.0.0.1";
-
-    webConfigFile = config.age.secrets."prometheus-webconf".path;
-
-    webExternalUrl = "https://${host}";
-
-    retentionTime = "5y";
-
-    extraFlags = [ "--storage.tsdb.retention.size=2GB" ];
-
-    rules = [
-      ''
-        groups:
-          - name: Chrony
-            rules:
-              - record: instance:chrony_clock_error_seconds:abs
-                expr: >
-                  abs(chrony_tracking_last_offset_seconds)
-                  +
-                  chrony_tracking_root_dispersion_seconds
-                  +
-                  (0.5 * chrony_tracking_root_delay_seconds)
-      ''
-    ];
-
-    scrapeConfigs = [
-      {
-        job_name = "prometheus";
-        static_configs = [ { targets = [ "localhost:9090" ]; } ];
-      }
-      {
-        job_name = "chrony";
-        static_configs = [ { targets = [ "10.10.10.3:9123" ]; } ];
-      }
-      {
-        job_name = "kfet";
-        static_configs = [ { targets = [ "127.0.0.1:9802" ]; } ];
-      }
-    ];
-  };
-
-  services.nginx.virtualHosts.${host} = {
-    enableACME = true;
-    forceSSL = true;
-
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:${builtins.toString port}";
-      proxyWebsockets = true;
-      recommendedProxySettings = true;
-    };
-  };
-}

machines/hackens-org/ragb.nix

@@ -1,81 +0,0 @@
-{
-  sources,
-  lib,
-  pkgs,
-  config,
-  ...
-}:
-{
-  services.django.ragb = {
-    enable = true;
-    src = pkgs.ragb-src + "/frontend";
-    settings = {
-      DEBUG = false;
-      WEBSOCKET_ENDPOINT = "https://agb.hackens.org/api";
-      ALLOWED_HOSTS = [
-        "127.0.0.1"
-        "agb.hackens.org"
-      ];
-      DATABASES = {
-        "default" = {
-          "ENGINE" = "django.db.backends.sqlite3";
-          "NAME" = "/var/lib/django-ragb/ragb_frontend.sqlite3";
-        };
-      };
-    };
-    processes = 2;
-    threads = 4;
-    port = 9991;
-    extraPackages = p: [
-      p.authens
-      p.pyjwt
-    ];
-    secrets = {
-      SECRET_KEY = config.age.secrets.ragb.path;
-      JWT_SECRET = config.age.secrets.ragbJWT.path;
-    };
-  };
-  services.nginx.virtualHosts."agb.hackens.org" = {
-    forceSSL = true;
-    enableACME = true;
-    locations = {
-      "/" = {
-        proxyPass = "http://localhost:9991";
-      };
-      "/api" = {
-        proxyPass = "http://localhost:9999";
-        proxyWebsockets = true;
-      };
-      "/static".root = config.services.django.ragb.staticAssets;
-      "= /api-docs" = {
-        return = "302 /api-docs/";
-      };
-      "/api-docs/" = {
-        alias = "${pkgs.ragb-src + "/api-docs/"}/";
-        extraConfig = "autoindex on;";
-      };
-      "= /api-docs/patch.json".alias = pkgs.ragb-src + "/frontend/patch.json";
-    };
-  };
-
-  systemd.services.django-ragb.serviceConfig = {
-    Wants = [ "ragb-backend.service" ];
-  };
-  systemd.services.ragb-backend = {
-    script = ''
-      export JWT_SECRET=$(cat $CREDENTIALS_DIRECTORY/jwt_secret)
-      export BK_FILE="$STATE_DIRECTORY/data.json"
-      export BIND_TCP="10.10.10.1:1235"
-      export WLED_ENDPOINT="http://4.3.2.1/json"
-      export RUST_LOG=debug
-      ${pkgs.ragb-backend}/bin/ragb-backend
-    '';
-    serviceConfig = {
-      LoadCredential = [
-        "jwt_secret:${config.age.secrets.ragbJWT.path}"
-      ];
-      DynamicUser = true;
-      StateDirectory = "ragb-backend";
-    };
-  };
-}

machines/hackens-org/secrets/default.nix

@@ -1,31 +0,0 @@
-{ ... }:
-{
-  age.secrets."django" = {
-    file = ./django.age;
-  };
-  age.secrets."ragbJWT" = {
-    file = ./ragbJWT.age;
-  };
-  age.secrets."ragb" = {
-    file = ./ragb.age;
-  };
-  age.secrets."snipeit" = {
-    file = ./snipeit.age;
-    owner = "snipeit";
-  };
-  age.secrets."django-gestiohackens" = {
-    file = ./django-gestiohackens.age;
-  };
-  age.secrets."matterbridge-env" = {
-    file = ./matterbridge-env.age;
-    owner = "matterbridge";
-  };
-  age.secrets."wg-key" = {
-    file = ./wg-key.age;
-    owner = "systemd-network";
-  };
-  age.secrets."prometheus-webconf" = {
-    file = ./prometheus-webconf;
-    owner = "prometheus";
-  };
-}

machines/hackens-org/secrets/django-gestiohackens.age

@@ -1,30 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 JGx7Ng UMbo24t6bweWPSYr1MUpjW96t3+usu+M3+WmLkJpSTc
-vW8wOX/E6p3YEh8rRObScdcKB+uCtVIEOQ58HXSHYRU
--> ssh-ed25519 kXobKQ wEsnzLjnW+tdNvBHYBL+pLQh0GsAviTiD7tODc+5nSc
-gW8TEewhh4N0ed6KNe+PYBQuEmuL8iO+KxLQt2imbbo
--> ssh-ed25519 7hZk0g 2Y9Y3DSR9Zt5N1XXckNMlHEpczvsyruqBue54fC4lQY
-1UTRMGuN4uXR2ljP+3h7y58dU9C4GCkfKMY6l6GgRas
--> ssh-ed25519 5rrg4g 6ILvq1I6OlTmvxhgo145YUdpNxZomFvCYl7nguL10kI
-7DPETzO4s3J4+lHIlkWvo4M0zH2792NttKBIJ09xii4
--> ssh-rsa krWCLQ
-LdJzAaTTOSSxXTjLEv2n3pRjDJ8Cv/rLZZCsadK2vIK/2swax5loeprUzx60xRUt
-3qLZuXocsE1S8sUq4E0lzyQXmJj3DtgjWFvvhDhsx+UnUPB/S7yojlNPLsqSxJkO
-r5p6dvXsngF78BDDlFU/DnDI/tMnH6wL5PqV7iZiosSmASWxHMAQYcWGNZqdV1xl
-9q2txZF7LxvE1S2eUOFcXTC7r8Z/kBt7XqPfGyBWI1wYPG2r2Zw+tbO8S04iZExT
-Lj2YGnrNGGwNbREoqhMwAxDM6fLVoNnhHXoVQvCkr/wxk+sh2/Lt1ivcTT7Ua2YG
-ApaavUan7cEs3ghnanM+6A
--> ssh-ed25519 /vwQcQ oaIOirE4++Kx76xSCoQ8EKmnI3Zh8rzou0XACYVY3Gw
-H9DsHQPdKaN/5bz4kf224NiJ8W1ykGx9tARd5UUrMbc
--> ssh-ed25519 0R97PA SujU6d2DMDGX4zxsQwQTLFM2ap/3ni2y7zpU8BksTw0
-zLuD8EwORd5aDOFBpE0Nm5gHpi8ChRobg6v7r1sNfMU
--> ssh-ed25519 cvTB5g t62LJ9atiYi5K+CBXXLB9obIZRWBKxrC896q6iCz/mA
-WYkA2muGBMuXlO5ebnul3NkidNcyIWecAdNTo03trf0
--> ssh-ed25519 Wu8JLQ 3gzrf2TLDbG3YtMmO0qKVKiEPw+arN8DJvNiC09/4wg
-bYCCgA0ve55hKEjGFa+nAelWiYWy6WFHss9R6uEjiUI
--> ssh-ed25519 EIt1vA kKs5NcxlLTt3iGD8stN7nOgOfomKEv2aZZ969dZNFlg
-IQT3Fx9Egd4kJ6Q3gsbiymu8EHSrjG1F7T5Uz76Z6Bo
--> ssh-ed25519 X51wxg GU838E9JPhdAkYgRRcYi+gMsFFUTvY4iciFi9b43WhY
-vsHQ70mCsW0NUzMKjgRq6czFD8FwIFj6uo/jklPzI68
---- axO8MoSOSkcp2HcVpAz9tQuuf0Unh2Ri20S60/Yq6xA
-i¸0ä<3›6,Û{àu›$apG7¢—Ú10Y•&«Øf7(&{3Û]àƒcÝ“ ¶>l¶P"$`ÝU(9¨ì5+°îJî^¼æé‚Ï»|†Õ:~

machines/hackens-org/secrets/django.age

@@ -1,31 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 JGx7Ng IWxk65t5YAq/Sg+0CCcLGJyDhvPydKm1D9rYAfCDjUc
-ckB1V+J7Qddbt9EILraMge9RrThyTU2al5Eg6ffD7C4
--> ssh-ed25519 kXobKQ ZEECnMHvZL3+JfkQpSjuzIuGfcLIIcudeiMlanUUBhc
-pBWa6DxVrinuv6urFDKPW2kSaa95FVFCXOFwMQ/X1RY
--> ssh-ed25519 7hZk0g la8ZgkcqYQgFzYoqgkZrdSuaK+89mPx9UbiSWGOVXjQ
-4NWbJtWRUnZGMMLyDLArvZktfVfhXmgtn7h5oghH5Ms
--> ssh-ed25519 5rrg4g KC9SOs8NJ18pbE4/HwHmX8W5XSeu528dFl2tEt3JfW0
-at+D2BMK1UAPsA2fkhMW5uHUjJSK2p+BPeFcfqyD/LA
--> ssh-rsa krWCLQ
-U0DpCXNugnsPlWvDJZIwlFA3lCg/uihhLmLFYsdpwpx7kdyRF3KGn9p4X0kfjNQa
-PjT7akh+xaCC9a3GRDEsc3B4L6M/91YdiIX5kCtWccT3fFkdC8xrHnVblE0h6vYM
-+I4ay5PR9etittiMIb3coanBU5gZpAhCFvSNjWIV3YvchpOtWO2PL8rR9fRqDfmT
-BdTZMUOm01vuFuPFKmzKNbQS5ydwydv8BGc1MktqoyhafYVBirnVcwtsTQKZKDEL
-CBNgH81down+UFaCi/FTSffkBtBfnl1mzCF3TJ0CrSeEMgyY5yxvtWHUksDzznfJ
-C2ev+95nbRYUSM+OOBABHQ
--> ssh-ed25519 /vwQcQ C7TusZYxTvR03xbxEmUf8+ePmdTRBbi4eAeg2+kbAAY
-3YpLUT5mmGLSel0vPpDUwPyFav1z/HCAsPsYA7woQas
--> ssh-ed25519 0R97PA iQRH2sRnDsNoWuom8fVt8naGMrVAX3JAPmwnU/pZ3m8
-CipYmklGkMXYlWyhatEj7cGk51RNdfkkwlKPz26Q220
--> ssh-ed25519 cvTB5g 05g8kd7yu1+4JzFCrqMEZ6QNsO8VE2egXOUR73fo/hM
-AY/8cMfVTyOY4z08Hz6cLnKrM1GYZbbgpwPVnwnJ3NU
--> ssh-ed25519 Wu8JLQ Bn0shD1/Uzb3VdAOuyNeHSzLaboxhAUsqQWXycZYDFc
-V2EHtwK0CUdLYCzia43m4WmBxFy8frfR0hkdIkARnl4
--> ssh-ed25519 EIt1vA FmznskIDNtFkD6HD64uL5OS2rwPwT1S5lCirtYFW0Rk
-3TKTCN45ygLTcrfSRdsXJZKdoz+A3tP7lXbNn2NOhvk
--> ssh-ed25519 X51wxg X3KyzjW97PF8CFcb0NWW5F6JNMZslmP22d0+r0FRvlo
-mZq7lSEnD3Ui7hcloSCdTH/q4mB2q6lFTvzMRS+BCb4
---- 4u64XNKKDMEaWeL4wLdkOgugYTkrqpfoFeG/BW4/zK8
-)Éé9çèñ”ÖÙ
-È.kâùô}O<>0Š«6ï'¥áJ¼}ŒýW(„ÖÖ·V>dè$ö8icjw	hÂ<aöÞ¿4›3Ð5NŒUºÎÎègYÃ

machines/hackens-org/secrets/ragb.age

@@ -1,30 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 JGx7Ng 6s1XuhN3TFuW433ZrghssoyScvjqG6tg+ZSvHBwYOjQ
-54ijsvv7CO/1L9ib4fgiRAQHmlU2r3j/fbc79qiAo38
--> ssh-ed25519 kXobKQ WMApvaovS/ddPbz7Eh9bCF3SzmUJN1NQGMKzWCJ6jQc
-3NehvO3X7uMU/H7g7d4nFsmHk0PhXrRT1XetWUBHAnY
--> ssh-ed25519 7hZk0g RqNPzJqoSY1umAJE/FPZ+MR0R9eCDdxonzuh3uMBRhI
-Cfou0mqV4gHGP7OJbgPm8VotU4cM5YVX3iUkd6myU+E
--> ssh-ed25519 5rrg4g mSZUVF9y4vYfBbjgP0UnSfgaGTC3/Yx+fAFquA5022E
-1yiri7+CZTSUhPpJlo9f1EraRVl3Ihw4wtjgXJPMRqY
--> ssh-rsa krWCLQ
-gMc7ogvibqMuboKqSgqfedIxqyhhljJFp5zI2bK6D5rdcV5CIPVz2xQdk4h678Qg
-8pYlg1+UDu+JyXvJgtWZHYMGSs17woIYZmw9UQh+IYMo4Qn89tn4QN4exYwB+7gm
-dWEqo7GggWG0Mu2w2OVu2oB1D5aUvF940hUCyl40V7hIkMpJwFfMfvvD04XsScXV
-GLpWNYcWIQNaBAxTWRGkpt9jvD1W/DjsOUhOk0BP5hnSPm39awfLFRo3wWFBiaDq
-yPRi6P8AJdVWS2n+KdQ1j5dLo19DngkUAmepIR+oiNvgIFKqDAvIB5y30d3guGdP
-7zCS7IEOOMLQvBiq99DU2Q
--> ssh-ed25519 /vwQcQ GWEth3AXh2blSPzXzyqaHdRlA+Qmopvdk9DfL69PVlk
-sVq7EbVmJ0SnYLueCHB5zOr/aR9QurTqtMIXGdL22cY
--> ssh-ed25519 0R97PA gZLoe8C+FTOXM0i4VWBwBSNSxZhfxG6U3pakRBDwZ0k
-LKxzJofqUfdY1swAbRNcOcWfZJ1lbp7S20y+dfjKvUU
--> ssh-ed25519 cvTB5g GbEB6Z/6A/ntU8truri+tshuy5tqYSSo5SF0Brt0VgI
-DOkGd68tE85ajEBmKUx9HXiKLjCdUf/tKME6+Ems/RA
--> ssh-ed25519 Wu8JLQ tOF/Dc72uMnmQy4rNjPoRzVhQEuwiYLrmmdCsmJ5wEk
-RS5erkX1HIvTDw6g8qrOtZy1zpCphnGw/bqT4F0Q6/8
--> ssh-ed25519 EIt1vA tSBgk0ljTD1pLRsw7axRh2zl+vIMISjrw7zrr01TBB0
-hb3kb12kRHCxMeBlxjg6tJpgQpHzJkovH5ncuM4MzNA
--> ssh-ed25519 X51wxg Gy0QJbua5ZoNYDnuQXlPVFxQvm7SSOMUR0uDRI719gk
-VEYU1qazlM62F2xsXIFhIAEL4ssWW8o2/e07NguMp88
---- VwkrST6cm5HpWtRWBM4tkk14C/NwtxpBbXHVj6ouyxk
-(`WÊ;+u'oÓj	Ý<>—õ{ïMÄP0ž‡›DèÈ™J}Å<>¯»È{ìætˆ°ïj`ÂK:׸ŠI;™çA2ÿCÕ+ ö\Nú

machines/hackens-org/secrets/secrets.nix

@@ -1,32 +0,0 @@
-let
-  lib = (import <nixpkgs> { }).lib;
-  readpubkeys =
-    user:
-    builtins.filter (k: k != "") (
-      lib.splitString "\n" (builtins.readFile (../../../pubkeys + "/${user}.keys"))
-    );
-  keys = 
-    (readpubkeys "sinavir")
-    ++ (readpubkeys "hackens-host")
-    ++ (readpubkeys "catvayor")
-    ++ (readpubkeys "raito")
-    ++ (readpubkeys "gdd")
-    ++ (readpubkeys "backslash");
-in
-{
-  "matterbridge-env.age".publicKeys = keys;
-  "snipeit.age".publicKeys =
-    keys;
-  "ragbJWT.age".publicKeys =
-    keys;
-  "ragb.age".publicKeys =
-    keys;
-  "django.age".publicKeys =
-    keys;
-  "django-gestiohackens.age".publicKeys =
-    keys;
-  "wg-key.age".publicKeys =
-    keys;
-  "prometheus-webconf".publicKeys =
-    keys;
-}

machines/hackens-org/secrets/snipeit.age

@@ -1,30 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 JGx7Ng XPTwmcI9Xyu3ulX68UgyFhORwDsbTAvcaTDhGKzcAFs
-EkDJhGqFqtW4VMIKN9SMU3MrwIf+3Y50Ku0ToKf/wJI
--> ssh-ed25519 kXobKQ /Z+Qh1kUFI+X97VsebUHv51+XyJT2fZWsDF0TFdl0A0
-8W13NrPTb1aoDYA5M7Xej5R/DJ2YLyngx/UzIAIVnXU
--> ssh-ed25519 7hZk0g xRggNYJuJGAR4uSeZeoZI7tNqorkc1BDEO+Jz6saKH4
-xYKIqp/E0GQ1t5VhOWBpCi8WgLSDDZuKbOg6l7Htjuk
--> ssh-ed25519 5rrg4g hW1VZuxL+eCGeUJDhDXg3L9h1KMp/OTpTvj2bOPIwnU
-s3Fvjx/jFCPa6dG5RgJseJPYf4LcojDSq4mtbEza+sc
--> ssh-rsa krWCLQ
-AwxiOyNOxRKOA3B6sbnFm97UABVXnuXdddHhl0Qk0jGdJtK/Gg3IQ3RAUPdW46e4
-S3LsQ+REqcA33h3DUhh6Yaz3agAvNtqFfp3h3Wy1+tVsIKQx9T6rEg7XcyWlQGg6
-/sLkLMKg2kcMxTZFjGlYfoRMu/yMD3I+M/3DMZiccSYTa+Z+cJ13ERDmhLVh5X+j
-R/v3JMM0vupwjxWnVdMJNAz2dLNawWTFIBN1IVAgYPyaVrL99H65CPLUAeN2CVx6
-I8bEOJ15tk5q8yzX8DwTfJnXYBP+FyN8WVS0v5WfxSvB/ME6VtjeuZRd2h/nPpbc
-FKZgZZt94GDjZLl+zHff5w
--> ssh-ed25519 /vwQcQ ct0vQfUsUO8gg2kU41lVDB2acgxuT8hCKWHZwymkFzM
-Eu3YaXAVUoF6q2xhk4B77mCTYCqL87rbqZeFNBtYrWA
--> ssh-ed25519 0R97PA xwM4ukaEfI0B93YHSU9f77F6VvnZZctR03regzrDDF4
-uoL8wz3iqzB5dnS8z+wRIAu5CmHM8yjnJFduoDtjlAM
--> ssh-ed25519 cvTB5g czmtpirWtnbAjcJEOkLSc2Sfr4SXmtE+e7pS+AE86Co
-s20XHgWekxWvP4nypSUZ0YgKWyDobm/3lNA4REUvUGQ
--> ssh-ed25519 Wu8JLQ l4hH8MAJesz5jXzSDf8SDCXNcp8jWJnq0SRYyCCPNB0
-Y4XOuoxWXGDnrdhu7aCf8sJNYN/loaKc1bx81KaDAFc
--> ssh-ed25519 EIt1vA eMUqUckKwH5ubKSY8swqT3jfUi9loZKerl9WljV8Hxo
-AJL3yBcCaitwOYHL74dymm1cngBf47Yq2jiGJoxeC0g
--> ssh-ed25519 X51wxg I8aIi5liVlYQointFhCCIj5OiRrjhyxWOJdu7JAg3x8
-rqPx/8e8e2nNiRwzH61HXA++a5HTyRjMU46c1Tm97yk
---- t53Ft5ztsJLbK0jJZ7uolsbf+NZij6A++98DeqroOro
-ºåjKË}§Ú³Ý9QŸ<ïm#ž>EÔ—9’+)Äí‚_³äaTaÔiSR̵}½ RoP=Õëž-Æ<JœÈ”66Æ+<2B>

machines/hackens-org/secrets/wg-key.age

@@ -1,30 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 JGx7Ng HCBkB8gfYUDnWwaPlGquE39fnEBvm0cEVxL8Vuh/f2Y
-yJapxn2cVn0QjEnpGUq+gfdf+V8f5Mji2JhqPUH13WI
--> ssh-ed25519 kXobKQ 9flhpuGn/MgqRlT4AlphvNRf9ktnuyFvyQrK7eeKbXE
-hHpPk2m4XWKgbwNv16Vzh8uJkpk0kwN1WqC4G4rGL5E
--> ssh-ed25519 7hZk0g /DQi1BAovPKmel2zgchEhZkxr9v8ZxVXe6SRuX/yjxg
-KALPbUNK6YGvSiNfgQGSdZriJokpHUmO/vVtW9Sfm+I
--> ssh-ed25519 5rrg4g NqFtTNIaoTYEhq7SzFCVD+t2AZ03ANe+kqhDQHmd7zA
-NDYBZIdGLItcHPmYRHZ1DZ5vhlR1Qt0PPtDqRxfo9hg
--> ssh-rsa krWCLQ
-tylZdWKOsro4O2g5Oa34ALB3hDmb5krinvk7sXBKQWj+QaRA/J6geAUq7pHGM+zs
-MehzMsdJX4tklCUE8ECh5clwdfnTl57m+V9jdD88CAgscyFsMHdX2BEIjzGN3kB1
-jYzDO7sLoOx6k8eiQaPFtxkT/tYPI9vpdyyyxKS5thowmQ99NSZQUHaMTqmC36H3
-sCr1uyFPrKTEoCZe9Klsdz2KxaPPd7oOo7J5VU4SeiosPfNFhO9kDQ5xRn3SDClD
-PMUFhjRxmWjNY4aQqUxi9lJWK35pb87mZNdaPZXH18mbraTIuI08B3KTrR5112PW
-oDTckZo3szhzR2JJ0cTG6Q
--> ssh-ed25519 /vwQcQ b9mdEG1+JMJxDBp6b0wU/JGM4Mldh7w7jf4pghb+ejw
-1GfaMyOkfHD/I/OvHNjd1kzdT1vWnbR1fAP4za++c5g
--> ssh-ed25519 0R97PA 0DdkxpjsoA6ERi43skpS7/lyttMlJu5BcNFSAF3+g34
-tz3fM0C+zT6enFgiqbKwiBWLTdOS2xKLZQOngRpf5q4
--> ssh-ed25519 cvTB5g aL+EY/DYolrhoaKHPpAvPr3rNO3vThV+uqX9m39jEG4
-cnFq0cgCWac07x+6Fu+M9os6wxPxfoHcSJ+8ispYkPk
--> ssh-ed25519 Wu8JLQ wwQGruBxZ8tUHGw08B7ezoPj1ddPlWmemmm8aI6EIRE
-0WUod40m3tVP+mTx2B9b/4AoT1kcXAeNVMnj8BLFRuM
--> ssh-ed25519 EIt1vA zYOPPPZgk4NIUyInXyoapCRkg/dshOuRPnKuwJyM7lM
-Jn8J2sQn1qrtH4OANx73OYsBChGUB2fuWaB38pEhbm8
--> ssh-ed25519 X51wxg 9ofVG6z1+KwMkk97WViCDfnAXTNgFzQYBBsEYhBP1yw
-wwWlCbJ2xOWR9FZw+apjn11MQqKSeyHsRJYvFEV+0VU
---- QU5Ewm2faKYtF6HK7hagXVPSjzqjQbaZ6/wPJ61eDCI
-fÞ<EFBFBD>ž×ÝnšÓ£*¨
…¯;©uï~õls0Ô¤¾íM5fÎjhâ呧iž¤Ÿ£ŒÈ6«í%ôH»
cv`®$©˜ùYÑ0WW¢

machines/hackens-org/snipe-it.nix

@@ -1,22 +0,0 @@
-{ config, ... }:
-{
-  services.snipe-it = {
-    enable = true;
-    appKeyFile = config.age.secrets."snipeit".path;
-    config = {
-      APP_LOCALE = "fr-FR";
-      APP_TIMEZONE = "Europe/Paris";
-    };
-    database = {
-      createLocally = true;
-      user = "snipeit";
-    };
-    user = "snipeit";
-    group = "snipeit";
-    hostName = "inventaire.hackens.org";
-    nginx = {
-      enableACME = true;
-      forceSSL = true;
-    };
-  };
-}

machines/hackens-org/static-sites.nix

@@ -1,31 +0,0 @@
-{ pkgs, lib, ... }:
-let
-  sites = [
-    "/2048"
-    "/prez"
-    "/known"
-    "/pub"
-  ];
-in
-{
-
-  services.nginx.enable = true;
-  services.nginx.virtualHosts = {
-    "hackens.org" = {
-      forceSSL = true;
-      enableACME = true;
-      locations = lib.genAttrs sites (name: {
-        root = "/var/www";
-        extraConfig = ''
-          autoindex on;
-          charset utf-8;
-        '';
-      });
-    };
-
-  };
-  networking.firewall.allowedTCPPorts = [
-    80
-    443
-  ];
-}

machines/hackens-org/thelounge.nix

@@ -1,40 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}: {
-  services.thelounge = {
-    enable = true;
-    port = 9000;
-    extraConfig = {
-      reverseProxy = true;
-      host = "127.0.0.1";
-      public = false;
-      prefetch = true;
-      fileUpload = {
-        enable = true;
-      };
-
-      defaults= {
-        name= "ulminfo";
-        host= "ulminfo.fr";
-        port= 3725;
-        password= "";
-        tls= true;
-        rejectUnauthorized= true;
-        join= "#hackens";
-      };
-    };
-  };
-  services.nginx.enable = true;
-  services.nginx.virtualHosts."irc.hackens.org" = {
-    forceSSL = true;
-    enableACME = true;
-    locations."/" = {
-      proxyPass = "http://localhost:9000";
-      proxyWebsockets = true;
-    };
-  };
-  networking.firewall.allowedTCPPorts = [80 443];
-}

machines/hackens-org/wireguard.nix

@@ -1,99 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-{
-  networking.firewall.trustedInterfaces = [ "wg0" ];
-  systemd.network = {
-    enable = true;
-    networks = {
-      "50-wg0" = {
-        name = "wg0";
-        address = [
-          "10.10.10.1/24"
-        ];
-        networkConfig = {
-          IPv4Forwarding = true;
-        };
-        routes = [
-          {
-            Destination = "10.10.10.0/24";
-            Scope = "link";
-          }
-          {
-            Gateway = "10.10.10.5";
-            Destination = "4.3.2.0/24";
-          }
-        ];
-      };
-    };
-    netdevs = {
-      "50-wg0" = {
-        netdevConfig = {
-          Name = "wg0";
-          Kind = "wireguard";
-        };
-        wireguardConfig = {
-          ListenPort = 1194;
-          PrivateKeyFile = config.age.secrets."wg-key".path;
-        };
-
-        wireguardPeers = [
-          {
-            # hackens-desktop
-            AllowedIPs = [
-              "10.10.10.3/32"
-            ];
-            PublicKey = "h4Nf+e4JIjqOMuM5JtLN298BF/fym9fWKGtRZmS5MVA=";
-          }
-          {
-            # hackens-milieu
-            AllowedIPs = [
-              "10.10.10.4/32"
-            ];
-            PublicKey = lib.trim (builtins.readFile ../../wg-keys/hackens-milieu.pub);
-          }
-          {
-            # agb01
-            AllowedIPs = [
-              "10.10.10.5/32"
-              "4.3.2.0/24"
-            ];
-            PublicKey = lib.trim (builtins.readFile ../../wg-keys/agb01.pub);
-          }
-          {
-            # agb02
-            AllowedIPs = [
-              "10.10.10.6/32"
-            ];
-            PublicKey = lib.trim (builtins.readFile ../../wg-keys/agb02.pub);
-          }
-          {
-            # soyouzpanda
-            AllowedIPs = [
-              "10.10.10.11/32"
-            ];
-            PublicKey = "/xjWqkiyHY93wqo/Apj5SHP8UaXF4mKQRVwylKC2wy8=";
-          }
-          {
-            # sinavir
-            AllowedIPs = [
-              "10.10.10.12/32"
-            ];
-            PublicKey = "kmc3PexCMKm1Tg8WUDbHaOkcWLl8KUh52CtrDOODf0M=";
-          }
-          {
-            # catvayor
-            AllowedIPs = [
-              "10.10.10.13/32"
-            ];
-            PublicKey = "zIHvCSzk5a94jvnXU4iscbp9RUGzbWpARDMRgHNtMl4=";
-          }
-        ];
-      };
-    };
-  };
-  networking.firewall.allowedUDPPorts = [ 1194 ];
-}

machines/rigel/README.md

@@ -1,11 +0,0 @@
-Put pls key in keys.keys
-
-Put pls mac in networking
-
-
-# How to get an sd image
-
-```
-DRV_PATH=$(colmena eval -E "{ nodes, ...}: nodes.rigel.config.system.build.sdImage.drvPath")
-nix-store -r $DRV_PATH
-```

machines/rigel/_configuration.nix

@@ -1,64 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}:
-let
-  launchpad = pkgs.python3.withPackages (ps: [
-    (ps.callPackage ./launchpad.nix { lpminimk3 = ps.callPackage ./lpminimk3.nix { }; })
-  ]);
-in
-{
-  imports = [
-    (modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
-    ./bootloader.nix
-    ./networking.nix
-    ./nix-conf.nix
-    ./programs.nix
-    ./ssh.nix
-    ./users.nix
-  ];
-
-  nix.settings.substituters = lib.mkForce [ ];
-
-  networking.hostName = "rigel"; # Define your hostname.
-
-  # Set your time zone.
-  time.timeZone = "Europe/Paris";
-
-  environment.systemPackages = [
-    launchpad
-  ];
-
-  systemd.services.launchpad = {
-    wantedBy = [ "multi-user.target" ];
-    after = [ "network.target" ];
-    path = [
-      launchpad
-      pkgs.unixtools.ping
-    ];
-    script = ''
-      while ! ping -n -w 1 -c 1 10.1.1.2 &> /dev/null
-      do
-          echo "waiting eos"
-      done
-      sleep 0.1
-      python -m eos_midi 10.1.1.2
-    '';
-  };
-  environment.shellAliases = {
-    r = "systemctl restart launchpad.service";
-  };
-
-  fonts.enableDefaultPackages = true;
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "unstable"; # Did you read the comment?
-}

machines/rigel/bootloader.nix

@@ -1,5 +0,0 @@
-{ pkgs, ... }:
-{
-  boot.loader.grub.enable = false;
-  boot.loader.generic-extlinux-compatible.enable = true;
-}

machines/rigel/keys.keys

@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRA2W8T8rnWIn0xnP2LXSmmB92YuQygkLwLK60rpBG+ PLS@DESKTOP-KK74B9P

machines/rigel/kfet_lauchpad_controller.nix

@@ -1,38 +0,0 @@
-{
-  lib,
-  buildPythonPackage,
-  fetchgit,
-  poetry,
-  lpminimk3,
-  python-osc,
-}:
-
-buildPythonPackage rec {
-  pname = "kfet-launchpad-controller";
-  version = "unstable";
-  pyproject = true;
-
-  src = fetchgit {
-    url = "https://git.soyouzpanda.fr/soyouzpanda/kfet_launchpad_controller.git";
-    rev = "58f1086ca7a8a9258da7240987bf26c03182b152";
-    hash = "sha256-c21BbRKK1AK6roIjdEg3zfMThyijRTK5Z87DBBBjoL0=";
-  };
-
-  nativeBuildInputs = [
-    poetry
-  ];
-
-  propagatedBuildInputs = [
-    lpminimk3
-    python-osc
-  ];
-
-  pythonImportsCheck = [ "eos_midi" ];
-
-  meta = with lib; {
-    description = "";
-    homepage = "https://git.soyouzpanda.fr/soyouzpanda/kfet_launchpad_controller.git";
-    license = licenses.mit;
-    maintainers = with maintainers; [ ];
-  };
-}

machines/rigel/launchpad.nix

@@ -1,40 +0,0 @@
-{
-  lib,
-  buildPythonPackage,
-  fetchgit,
-  poetry-core,
-  lpminimk3,
-  python-osc,
-}:
-
-buildPythonPackage rec {
-  pname = "kfet-launchpad-controller";
-  version = "unstable";
-  pyproject = true;
-
-  src = fetchgit {
-    url = "https://git.soyouzpanda.fr/soyouzpanda/kfet_launchpad_controller";
-    rev = "6d7df83cfd2f558d4837474ea101f98439a4f8c5";
-    hash = "sha256-HkaR1+9NxvyRQ3+iP6pq3Wn6QT+qQRFJBvxHNH6qM0k=";
-  };
-
-  patches = [ ./launchpad.patch ];
-
-  nativeBuildInputs = [
-    poetry-core
-  ];
-
-  propagatedBuildInputs = [
-    lpminimk3
-    python-osc
-  ];
-
-  pythonImportsCheck = [ "eos_midi" ];
-
-  meta = with lib; {
-    description = "";
-    homepage = "https://git.soyouzpanda.fr/soyouzpanda/kfet_launchpad_controller";
-    license = licenses.mit;
-    maintainers = with maintainers; [ ];
-  };
-}

machines/rigel/launchpad.patch

@@ -1,13 +0,0 @@
-diff --git a/pyproject.toml b/pyproject.toml
-index dd2e48c..48339c9 100644
---- a/pyproject.toml
-+++ b/pyproject.toml
-@@ -42,7 +42,7 @@ black = "*"
- 
- 
- [build-system]
--requires = ["poetry>=1.7.1"]
-+requires = ["poetry-core"]
- build-backend = "poetry.core.masonry.api"
- 
- [tool.isort]

machines/rigel/lpminimk3.nix

@@ -1,43 +0,0 @@
-{
-  lib,
-  buildPythonPackage,
-  fetchFromGitHub,
-  setuptools,
-  wheel,
-  jsonschema,
-  python-rtmidi,
-  websockets,
-}:
-
-buildPythonPackage rec {
-  pname = "lpminimk3";
-  version = "0.6.2";
-  pyproject = true;
-
-  src = fetchFromGitHub {
-    owner = "obeezzy";
-    repo = "lpminimk3";
-    rev = "v${version}";
-    hash = "sha256-CVjBUKjLOFaIgCpwNIO/PJ55s7nQ0WMRKKqVS3xOI3g=";
-  };
-
-  nativeBuildInputs = [
-    setuptools
-    wheel
-  ];
-
-  propagatedBuildInputs = [
-    jsonschema
-    python-rtmidi
-    websockets
-  ];
-
-  pythonImportsCheck = [ "lpminimk3" ];
-
-  meta = with lib; {
-    description = "Python API for the Launchpad Mini MK3";
-    homepage = "https://github.com/obeezzy/lpminimk3";
-    license = licenses.mit;
-    maintainers = with maintainers; [ ];
-  };
-}

machines/rigel/networking.nix

@@ -1,47 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-{
-  networking.useDHCP = false;
-  networking.firewall.allowedUDPPorts = [ 67 ];
-
-  systemd.network = {
-    enable = true;
-    networks = {
-      "10-uplink" = {
-        name = "end0";
-        networkConfig = {
-          Address = "10.1.1.1/24";
-          DHCPServer = "yes";
-          IPMasquerade = "ipv4";
-        };
-        dhcpServerConfig = {
-          PoolOffset = 100;
-          PoolSize = 20;
-          UplinkInterface = ":none";
-          EmitDNS = "no";
-          EmitNTP = "no";
-          EmitSIP = "no";
-          EmitRouter = "no";
-        };
-        dhcpServerStaticLeases = [
-          {
-            dhcpServerStaticLeaseConfig = {
-              Address = "10.1.1.2";
-              MACAddress = "14:b3:1f:06:3c:2e";
-            };
-          }
-        ];
-      };
-    };
-  };
-  networking.nameservers = [
-    "2620:fe::fe"
-    "2620:fe::9"
-    "9.9.9.9"
-    "149.112.112.112"
-  ];
-}

machines/rigel/nix-conf.nix

@@ -1,21 +0,0 @@
-{
-  lib,
-  pkgs,
-  config,
-  metadata,
-  nodes,
-  name,
-  ...
-}:
-{
-  nix.settings = {
-    trusted-users = [
-      "root"
-      "@wheel"
-    ];
-    extra-experimental-features = [
-      "nix-command"
-      "flakes"
-    ];
-  };
-}

machines/rigel/programs.nix

@@ -1,28 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-{
-  environment.systemPackages = with pkgs; [
-    sqlite-web
-    dhcpdump
-    dig
-    git
-    htop
-    jq
-    nmap
-    npins
-    ripgrep
-    screen
-    tcpdump
-    unzip
-    vim
-    wireguard-tools
-  ];
-
-  programs.mtr.enable = true;
-
-  programs.vim.defaultEditor = true;
-}

machines/rigel/ssh.nix

@@ -1,5 +0,0 @@
-{ ... }:
-{
-  services.openssh.enable = true;
-  services.openssh.settings.PasswordAuthentication = true;
-}

machines/rigel/users.nix

@@ -1,12 +0,0 @@
-{ ... }:
-{
-  users.mutableUsers = false;
-  users.users.root = {
-    openssh.authorizedKeys.keyFiles = [
-      ../../pubkeys/sinavir.keys
-      ../../pubkeys/soyouzpanda.keys
-      ./keys.keys
-    ];
-    hashedPassword = "$y$j9T$p6Fe9Gm/C4iLIQBYXCjBn.$zLCzaxrsUDd4/2H5eTXqNch.bVJubrpZNOZgAZqbeV/";
-  };
-}

machines/router/liminix

@@ -1 +0,0 @@
-Subproject commit 5bb68f24b539db1d9591ea320436b9dbdd2dc354

meta.nix

@@ -1,52 +0,0 @@
-let
-  sources = import ./npins;
-
-  agenix = sources.agenix + "/modules/age.nix";
-  djangonix = sources.djangonix + "/module.nix";
-
-  metadata = {
-    nodes = {
-      hackens-milieu = {
-        deployment = {
-          targetHost = "10.10.10.4";
-          allowLocalDeployment = true;
-          tags = [ "desktop" ];
-        };
-        imports = [ agenix ];
-      };
-      agb01 = {
-        deployment = {
-          targetHost = "10.10.10.5";
-        };
-        arch = "aarch64-linux";
-        imports = [ agenix ];
-      };
-      rigel = {
-        deployment = {
-          targetHost = "10.1.1.1";
-        };
-        arch = "aarch64-linux";
-      };
-      hackens-org = {
-        deployment = {
-          targetHost = "10.10.10.1"; # todo make something with ens firewall
-          tags = [ "server" ];
-          targetPort = 22;
-        };
-        imports = [
-          agenix
-          djangonix
-        ];
-      };
-
-      agb02 = {
-        deployment = {
-          targetHost = "10.10.10.6";
-        };
-        arch = "aarch64-linux";
-        imports = [ agenix ];
-      };
-    };
-  };
-in
-metadata

npins/default.nix

@@ -1,74 +0,0 @@
-# Generated by npins. Do not modify; will be overwritten regularly
-let
-  data = builtins.fromJSON (builtins.readFile ./sources.json);
-  version = data.version;
-
-  mkSource =
-    spec:
-    assert spec ? type;
-    let
-      path =
-        if spec.type == "Git" then
-          mkGitSource spec
-        else if spec.type == "GitRelease" then
-          mkGitSource spec
-        else if spec.type == "PyPi" then
-          mkPyPiSource spec
-        else if spec.type == "Channel" then
-          mkChannelSource spec
-        else
-          builtins.throw "Unknown source type ${spec.type}";
-    in
-    spec // { outPath = path; };
-
-  mkGitSource =
-    {
-      repository,
-      revision,
-      url ? null,
-      hash,
-      ...
-    }:
-    assert repository ? type;
-    # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
-    # In the latter case, there we will always be an url to the tarball
-    if url != null then
-      (builtins.fetchTarball {
-        inherit url;
-        sha256 = hash; # FIXME: check nix version & use SRI hashes
-      })
-    else
-      assert repository.type == "Git";
-      builtins.fetchGit {
-        url = repository.url;
-        rev = revision;
-        # hash = hash;
-        allRefs = true;
-      };
-
-  mkPyPiSource =
-    {
-      url,
-      hash,
-      ...
-    }:
-    builtins.fetchurl {
-      inherit url;
-      sha256 = hash;
-    };
-
-  mkChannelSource =
-    {
-      url,
-      hash,
-      ...
-    }:
-    builtins.fetchTarball {
-      inherit url;
-      sha256 = hash;
-    };
-in
-if version == 3 then
-  builtins.mapAttrs (_: mkSource) data.pins
-else
-  throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`"

npins/sources.json

@@ -1,78 +0,0 @@
-{
-  "pins": {
-    "agenix": {
-      "type": "Git",
-      "repository": {
-        "type": "GitHub",
-        "owner": "ryantm",
-        "repo": "agenix"
-      },
-      "branch": "main",
-      "revision": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
-      "url": "https://github.com/ryantm/agenix/archive/e600439ec4c273cf11e06fe4d9d906fb98fa097c.tar.gz",
-      "hash": "006ngydiykjgqs85cl19h9klq8kaqm5zs0ng51dnwy7nzgqxzsdr"
-    },
-    "disko": {
-      "type": "Git",
-      "repository": {
-        "type": "GitHub",
-        "owner": "nix-community",
-        "repo": "disko"
-      },
-      "branch": "master",
-      "revision": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de",
-      "url": "https://github.com/nix-community/disko/archive/0d8c6ad4a43906d14abd5c60e0ffe7b587b213de.tar.gz",
-      "hash": "0mwnd7vfyd2wqbrvlpjgxng83fp97lg1ihzzx9ipbj5c9l0bjgjm"
-    },
-    "djangonix": {
-      "type": "Git",
-      "repository": {
-        "type": "Git",
-        "url": "https://git.dgnum.eu/mdebray/djangonix.git"
-      },
-      "branch": "master",
-      "revision": "a61afb48e2478c47360a8efea6f835c3b0f5f503",
-      "url": null,
-      "hash": "0a0hnkyhvr6am484m7lg46040icbxzydnycaa1a2hclfnpgrxrdk"
-    },
-    "dns.nix": {
-      "type": "GitRelease",
-      "repository": {
-        "type": "GitHub",
-        "owner": "kirelagin",
-        "repo": "dns.nix"
-      },
-      "pre_releases": false,
-      "version_upper_bound": null,
-      "release_prefix": null,
-      "version": "v1.2.0",
-      "revision": "a3196708a56dee76186a9415c187473b94e6cbae",
-      "url": "https://api.github.com/repos/kirelagin/dns.nix/tarball/v1.2.0",
-      "hash": "011b6ahj4qcf7jw009qgbf6k5dvjmgls88khwzgjr9kxlgbypb90"
-    },
-    "nixos-unstable": {
-      "type": "Git",
-      "repository": {
-        "type": "GitHub",
-        "owner": "NixOS",
-        "repo": "nixpkgs"
-      },
-      "branch": "nixos-unstable",
-      "revision": "b6eaf97c6960d97350c584de1b6dcff03c9daf42",
-      "url": "https://github.com/NixOS/nixpkgs/archive/b6eaf97c6960d97350c584de1b6dcff03c9daf42.tar.gz",
-      "hash": "0aics7ak6d6gd2fz12yq7hgs2gs8izlpmf6imhbr9amywgk1l72g"
-    },
-    "ragb": {
-      "type": "Git",
-      "repository": {
-        "type": "Git",
-        "url": "https://git.dgnum.eu/HackENS/ragb"
-      },
-      "branch": "wled_fork",
-      "revision": "3e5b18677f4e37e8278c43f8fb9066d45dbdaa6e",
-      "url": null,
-      "hash": "0isk56kgs8iiap2a5hl3vgy5nvqayayig45vqvn6h1c41clypmqr"
-    }
-  },
-  "version": 3
-}

pkgs/authens/01-get-success_url.patch

@@ -1,15 +0,0 @@
-diff --git a/authens/views.py b/authens/views.py
-index 0478861..b1c93e9 100644
---- a/authens/views.py
-+++ b/authens/views.py
-@@ -138,8 +138,8 @@ class LogoutView(auth_views.LogoutView):
-         else:
-             self.cas_connected = False
- 
--    def get_next_page(self):
--        next_page = super().get_next_page()
-+    def get_success_url(self):
-+        next_page = super().get_success_url()
-         if self.cas_connected:
-             cas_client = get_cas_client(self.request)
- 

pkgs/authens/default.nix

@@ -1,24 +0,0 @@
-{
-  python-cas,
-  django,
-  ldap,
-  buildPythonPackage,
-}:
-buildPythonPackage rec {
-  pname = "authens";
-  version = "v0.1b5";
-  doCheck = false;
-  patches = [
-    ./01-get-success_url.patch
-  ];
-  src = builtins.fetchGit {
-    url = "https://git.eleves.ens.fr/klub-dev-ens/authens.git";
-    #rev = "master";
-    #sha256 = "sha256-R0Nw212/BOPHfpspT5wzxtji1vxZ/JOuwr00naklWE8=";
-  };
-  propagatedBuildInputs = [
-    django
-    ldap
-    python-cas
-  ];
-}

pkgs/django-autoslug/default.nix

@@ -1,39 +0,0 @@
-{
-  lib,
-  buildPythonPackage,
-  fetchFromGitHub,
-  setuptools,
-  wheel,
-  django,
-}:
-
-buildPythonPackage rec {
-  pname = "django-autoslug";
-  version = "1.9.9";
-  pyproject = true;
-
-  src = fetchFromGitHub {
-    owner = "justinmayer";
-    repo = "django-autoslug";
-    rev = "v${version}";
-    hash = "sha256-IRLY4VaKYXVkSgU/zdY+PSmGrcFB2FlE5L7j0FqisRM=";
-  };
-
-  nativeBuildInputs = [
-    setuptools
-    wheel
-  ];
-
-  propagatedBuildInputs = [ django ];
-
-  # Requires DJANGO_SETTINGS_MODULE
-  # pythonImportsCheck = [ "autoslug" ];
-
-  meta = with lib; {
-    description = "AutoSlugField for Django";
-    homepage = "https://github.com/justinmayer/django-autoslug/";
-    changelog = "https://github.com/justinmayer/django-autoslug/blob/${src.rev}/CHANGELOG.rst";
-    license = licenses.lgpl3Only;
-    maintainers = with maintainers; [ thubrecht ];
-  };
-}

pkgs/lampion/default.nix

@@ -1,16 +0,0 @@
-{
-  python3,
-  stdenv
-}:
-stdenv.mkDerivation {
-  name = "lampion-kfet";
-  version = "1.0";
-  src = ./.;
-  installPhase = "install -Dm755 ./lampion_kfet.py $out/bin/lampion_kfet.py";
-  buildInputs = [
-    (python3.withPackages (p: [
-      p.websockets
-      p.requests
-    ]))
-  ];
-}

pkgs/lampion/lampion_kfet.py

@@ -1,47 +0,0 @@
-#!/usr/bin/env python3
-
-import os
-import asyncio
-import websockets
-import json
-from multiprocessing import Process, Value
-import requests
-
-status = Value('i', 2)
-
-# Channel 1 est ROSE
-# Channel 0 est BLANC
-# L'interface est ACTIVE LOW
-def changecolor(color):
-    if color=="ROSE":
-        requests.post("http://espressif.lan/0", data=b'0')
-        requests.post("http://espressif.lan/1", data=b'0')
-    elif color=="BLANC":
-        requests.post("http://espressif.lan/0", data=b'0')
-        requests.post("http://espressif.lan/1", data=b'1')
-
-
-async def do_listen():
-  async with websockets.connect("wss://cof.ens.fr/ws/k-fet/open") as websocket:
-      while True:
-          try:
-              message = await websocket.recv()
-              unpacked = json.loads(message)
-              if unpacked['status'] == "opened":
-                  changecolor("ROSE")
-                  print("Kfet ouverte")
-              else:
-                  changecolor("BLANC")
-                  print("Kfet fermee")
-          except websockets.ConnectionClosedOK:
-              print("Connection error")
-              changecolor("BLANC")
-              break
-
-async def main():
-    while True:
-        await do_listen()
-        asyncio.sleep(20)
-        print("Restarting websocket")
-
-asyncio.run(main())