1
0
Fork 0
forked from pub-solar/infra

Merge pull request 'maintenance: update element-web, keycloak, mastodon, nextcloud' (#240) from flake-updates into main

Reviewed-on: pub-solar/infra#240
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
This commit is contained in:
teutat3s 2024-10-17 19:12:37 +00:00
commit b1391521b9
Signed by: pub.solar gitea
GPG key ID: F0332B04B7054873
9 changed files with 127 additions and 12 deletions

View file

@ -94,11 +94,11 @@
]
},
"locked": {
"lastModified": 1728109432,
"narHash": "sha256-wmbErh8FG7dRKOtMMpHUqDtFjeqt9Zjx4zssSeTalwU=",
"lastModified": 1729099656,
"narHash": "sha256-VftVIg7UXTy1bq+tzi1aVYOWl7PQ35IpjW88yMYjjpc=",
"owner": "nix-community",
"repo": "disko",
"rev": "48ebb577855fb2398653f033b3b2208a9249203d",
"rev": "d7d57edb72e54891fa67a6f058a46b2bb405663b",
"type": "github"
},
"original": {
@ -304,11 +304,11 @@
]
},
"locked": {
"lastModified": 1727999297,
"narHash": "sha256-LTJuQPCsSItZ/8TieFeP30iY+uaLoD0mT0tAj1gLeyQ=",
"lastModified": 1728901530,
"narHash": "sha256-I9Qd0LnAsEGHtKE9+uVR0iDFmsijWSy7GT0g3jihG4Q=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "8c8388ade72e58efdeae71b4cbb79e872c23a56b",
"rev": "a60ac02f9466f85f092e576fd8364dfc4406b5a6",
"type": "github"
},
"original": {
@ -320,11 +320,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1728067476,
"narHash": "sha256-/uJcVXuBt+VFCPQIX+4YnYrHaubJSx4HoNsJVNRgANM=",
"lastModified": 1729044727,
"narHash": "sha256-GKJjtPY+SXfLF/yTN7M2cAnQB6RERFKnQhD8UvPSf3M=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6e6b3dd395c3b1eb9be9f2d096383a8d05add030",
"rev": "dc2e0028d274394f73653c7c90cc63edbb696be1",
"type": "github"
},
"original": {
@ -467,11 +467,11 @@
},
"unstable": {
"locked": {
"lastModified": 1728018373,
"narHash": "sha256-NOiTvBbRLIOe5F6RbHaAh6++BNjsb149fGZd1T4+KBg=",
"lastModified": 1728888510,
"narHash": "sha256-nsNdSldaAyu6PE3YUA+YQLqUDJh+gRbBooMMekZJwvI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "bc947f541ae55e999ffdb4013441347d83b00feb",
"rev": "a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c",
"type": "github"
},
"original": {

View file

@ -9,5 +9,10 @@
./networking.nix
./wireguard.nix
./backups.nix
"${flake.inputs.unstable}/nixos/modules/services/web-apps/mastodon.nix"
];
disabledModules = [
"services/web-apps/mastodon.nix"
];
}

View file

@ -7,6 +7,21 @@
}:
{
age.secrets."mastodon-active-record-encryption-deterministic-key" = {
file = "${flake.self}/secrets//mastodon-active-record-encryption-deterministic-key.age";
mode = "400";
owner = config.services.mastodon.user;
};
age.secrets."mastodon-active-record-encryption-key-derivation-salt" = {
file = "${flake.self}/secrets//mastodon-active-record-encryption-key-derivation-salt.age";
mode = "400";
owner = config.services.mastodon.user;
};
age.secrets."mastodon-active-record-encryption-primary-key" = {
file = "${flake.self}/secrets//mastodon-active-record-encryption-primary-key.age";
mode = "400";
owner = config.services.mastodon.user;
};
age.secrets."mastodon-secret-key-base" = {
file = "${flake.self}/secrets/mastodon-secret-key-base.age";
mode = "400";
@ -54,6 +69,9 @@
webProcesses = 2;
# Threads per process used by the mastodon-web service
webThreads = 5;
activeRecordEncryptionDeterministicKeyFile = "/run/agenix/mastodon-active-record-encryption-deterministic-key";
activeRecordEncryptionKeyDerivationSaltFile = "/run/agenix/mastodon-active-record-encryption-key-derivation-salt";
activeRecordEncryptionPrimaryKeyFile = "/run/agenix/mastodon-active-record-encryption-primary-key";
secretKeyBaseFile = "/run/agenix/mastodon-secret-key-base";
otpSecretFile = "/run/agenix/mastodon-otp-secret";
vapidPrivateKeyFile = "/run/agenix/mastodon-vapid-private-key";

View file

@ -16,6 +16,7 @@
element-stickerpicker = prev.callPackage ./pkgs/element-stickerpicker {
inherit (inputs) element-stickers maunium-stickerpicker;
};
mastodon = unstable.mastodon;
}
)
];

View file

@ -0,0 +1,43 @@
age-encryption.org/v1
-> ssh-ed25519 iDKjwg 1hTwlkE1sBAeCz0gf7XU6o0iMX9NXcqs4dFKrmerV1Y
QTRSr5Ab6redaWHmSkGv3QBDOTCoN+0bqZnWTkUXw+k
-> ssh-ed25519 uYcDNw FJ3Jxz2Y1uz7cZwYw+IfO3MQjoXkO4OU+CIeMDa9Mk0
MgTZesZpxk788OBPM1forUuxIYFKkpsnp7NsEzmx9M4
-> ssh-rsa f5THog
JH7iLrQWeElqdYWVwQJIVh7KjBx2TmfqUekwkI0FA9ikqaWM9byewNkT+juu7egY
eZol4fyx9WLVVNI0P+Gc64mi1K3DzW6IzJT5PN24TSOeVggj0buKRLBPZeSroCL8
mfIRPJF5esA0j2ohGOzZLA1cpeHCkAVU6tGq5iXI7w883AOhZDZHtEJWJHE+QMZG
9ZaSnGPLeAiC9xFjxxUQRuxUAE7nOjqoflcEPcm1/OkZoauqsJGzvNl2L+b1D1Oz
wgSTTSVxsNH6MDKmuxZgjPLUpU9rbi1/ylfI+caW8SJ1ygu2yYhTh+KyXiDjtj03
+ZZYBjOw9bR12qiQx1it0OaxJU8YPGAlBIN+PZQIQrV7j1KwGUfsYXFmHGdRehK9
7bVcDMeIEPYorQWiOL59zolwQ1u0Y5oFPJBiXxDwpVKEwen/VzYCtJwCDb4eIfsS
AWLARmnRR2KIOJn6SgcoqBl8OfPntPjWr3KjvfXXrH1wo56Ba/5c4her1S/wQNh1
MuMLE61WgCcR5Pn14gtuzMh4cqt2UN4kHLQi2KluRSa9v02WhWOCyf8AJFInANo5
tdvM0asCAAE0vTPqk1/gwrsIAdATjC50lCyJsmUZQs6iMuL1voihWfZ154CtRS48
ji8wKDlOuIalbzq9/kQUa6vM1kaHqq8LoLtw5wHFLJQ
-> ssh-rsa kFDS0A
QkIAoXUvfop74tdybgxTC6l4RSJD+QcSnCMadA4fQhfgvxftXXAMERPVmWS8L8Rr
fnkb7WOsLKe5uFwDBAi/stjNugtjxPE6j4Hbv0LxyMh2KzsczRKQjdcEN4IVjHMi
EZoePsshDJ1ND/SBhfSqQ/Y3N7g9sEU3K3oTE70hGX+0MOxQYz/vhw5VfjwwfihL
n4Btjn/kmUALlWtox599tvNfy+Tjq583UdZNQMHakI4bust1FOatIdJEz4qHVb7C
XJ0QnqlJPqY/V8KF5IOh5at37U2raAp/54RDAAziXjLnbeiCIFGFpPNNH4c1XMRe
MNcDJQo9VxfDreVAWUEjaQSv0xK3bv64A/RelDCvgQA9+4MBDZO9i9PRkC/dUf1C
0UzNT0pQPR/8TmAo2S/XcPYGaQif6g+OL0dvNivKNjhpx5AUxR+nImuIRL5c4H/P
x37O6iZbg38B2g6l4oS9kOEALr3zithv7k/J9tC/5kOtXDcnDo5nuLDV1+maASnk
a1mKGF+NnJNj9HfN9Tf5v1HYSgOHjH1RXZWaSUqQEaaIJ7jKg/hZroXUDGEZxU0E
0u9rzeoQNXNLvTJtZjO79EWLlp8C+CryfVgJLBELe6yY4FcLR6TbB9t1bWT3VOnf
s62sU5fpsgQgQ1Wv4JyEPt1Vy93JNPQGrbnI0euFQhc
-> piv-p256 vRzPNw AmLneGaB8PWxhNVQakxubRiTfQI8ztGWXsZv+eirFURz
N5bR+P/vKP0hgnejhIBEMG3c3fbnpTeZOsL4FTQdIiA
-> piv-p256 zqq/iw AzQcsc5Tdm4R+yYGO0TDiDyEkXlsdqhZm5hp4mAj1CPG
Nxc2z1uW63Cl3N4cQ2T3g1/fju/bVHc2BwA8VGtL/Z0
-> ssh-ed25519 YFSOsg iKhgZjb+wldSbt6GK6RXHVOmmHIy/q1kvwR/sirvQ3w
0IIhK9FhVl6CsdDS6e1oqlha2DfeUZ/Bs9MNooPFTpY
-> ssh-ed25519 iHV63A u5F2ywZTiWhB19r3ey9JTzho7za06Cq8UISh4G1ApGQ
NpuI82VTuaZdqGKyftNIrYhr5KAkh56sf84J9aw51+s
-> ssh-ed25519 BVsyTA kDelsR5/FRuItCOMX6m6H7vyLlZRYyMrb32Eve3lMEY
sNGS7R6zqSLT7xNJAJWmzWfWL0uj5QnJ+Gbh49YfpKQ
-> ssh-ed25519 +3V2lQ idYZrubfci3W4Yn+3pEblXOQCf1UoyA7cxKnFmfh3Bc
OMI1yg67nxUBH1xj9NikqFVeCTqAWa+69DYvB4T4uiQ
--- 7HlnH19UqRCTjysYSSUJGrdsK4ZduF8+k4nSK/3JDq8
}sˆðDéµÀMÔŽzSÅ~ºùÂ…«.Qc¯¶d("û)#š¾þý*Hdº Ó…Œ%/s¬g—hé]½m}

View file

@ -0,0 +1,44 @@
age-encryption.org/v1
-> ssh-ed25519 iDKjwg dNFZ+e+a0AjH6Gs5POmZVl9bSXREvkqx1lSdmOq5IRI
ZPEuKmVDwWgPL0qfDsMtslNJ7RG55MPTQjlBL2iEJdk
-> ssh-ed25519 uYcDNw qDCVM6EndKJxZUXOUg0d4ElU9vlMGS9mJxELjezs8H0
clZ8JJ24IPAd74jKyOcUvKeeanxm/Cy4b3B5mrvg9ds
-> ssh-rsa f5THog
rjdgXMdt8KqI1qJA0hWkF3SyjsaDz0f7AwUzcTY7hk5ULa98mCRe26tmWbTiil5D
gchbehmLRy1JTzahUw+1xLH/iZzo3RqXCvzjrBoPCM/iucHJZPHpLNoOTtL//zXR
0lZusQaUZ/lQrjCwyMwACJ9DKv4QiCIUfgYBzZGq6oLMYiWpEHfZQ7tWiROAO4/T
cCCvLtM2LQ5Q5vZ5cCdBQLxrAZz+OnPgXQRAoLqH5WLMIqleUhkoVh8JoIzww+UG
c2OKazF2dL4djnujrTQfS1uWirfmkpNW+TKrKKq6q0+cLOMjc/eLjOfBvgD+yZuO
TxnkRRbOGNuc8hA+9FL3A/yfYk/TH78eQ27aiiV6yaX3qK9KcPp1/vUe+m4XguXE
8LRemmCVazYuYKXzh4jr+ecppVokKep3tzb/eKSjw55xx/PIcG3AV4UjuN3Vvtdx
BkP4/S/jn7tEBlNc1DmkrgmuUF5iwPR0CTMG1I6gxUkjyxWyPKntq6wegPT4QMRE
eePq6SjKOOH06u4W1z4HM1ipMOK1VJrozQabnmZnhbE2+Gfy76N+Fe0sjG2iK/pg
J8v/KT6BrhR0PYvGJirnZD0MvIlSZA+xI/FpKav/Y2195Bb+LEJY+nJoxepdj8ev
d7N+J6g5Yt6SN9BJS0QTmtatFlTnfsU8nAYCEVB1Uxc
-> ssh-rsa kFDS0A
PnAXBG7IsVdWs3TEthQFSDglnQdZlmBzhYWq5er7Q32i06BGw0OJp5c7VNi6zLFd
EOSYtdZ8SaK/CL7m3LROmv8NraVst2ml7zKeYPZ5/xHLVBb57SWkFYZIalMpZDr3
IVRxHifZVS6hgdCa5MWUotOsdzbStUSSh6G7TCrP/LnCeh/abOXLkvqLj9NrHeAH
UOb+Sxay3y5jUc3OBPGWw0LzGFa8S0vKhqGYIIMUcFBoenQ68/WYMMt9Lc5nD9yA
fiH0ytkhZVkPd1+0MQ99dpCgUOcK7SOG/jUDIOhVJ8OQMoqovaML0Kmz6+Csj8l3
l+iMd19D8CCK16dLGDi3LdvDaanIHq7H8vOW5ihWgV313aLYWdYJDIKhyn90XO0b
SjF7dFuPxsIb+8r8/hk8xPdGu1cB3ryfEUaccQF1f0q3jBaM1RZ5Jfu/0fVHDnOj
9c1lMC2MvwBOFFrNo9GzKjq6ezLBb58i8fV5+LZTVOgMa25BusCpnHW+KerjpGb1
/2RK8WoXoviGAAaPuIp0ttD21oj7Ba7ZjalzO328cTlK/J6wp6qxoJOC9FuXBZCf
M91kGWavS8Y941kRZJBD14VhLQeIjzRphnR64r03kv8HyIDSAmNc2sDOoqji1G4Q
Fxs1oKVnSxmnGWazjmxtOtbDMhJjJlLyVEJOxgHXmz0
-> piv-p256 vRzPNw A8qqho2hbHfodtF8D4JFu039UlMDhXhIy1lzqOBkIpIB
CY5cHkLTHhhNIq1s6iFVGyKyIMemO/my/GmnWS2we08
-> piv-p256 zqq/iw A23triY0bM1tpn20GXCvGCcWny9dkQDY6tP7du/HmJty
vXVsqP2j6Kf0mwb29jSY/qn1FFnmQLWVEcL002MT6U0
-> ssh-ed25519 YFSOsg KZ5TnAoRXHKCIEg1eoMO28saKhKmG08lCoCKNnWaOTM
FOOqg8s2cVDPAiIVmYI2UkmpXWimQE4Sy+gCwH7oYEw
-> ssh-ed25519 iHV63A mlcNQxplVIGOPIte0u+vibNIQtV1FCzC5IUmz7183SY
5IlGvhYYU510PkdyzdNGgFfS9f2rkU1dMJ2Spt3RGls
-> ssh-ed25519 BVsyTA s5BCUQJfI9Oo8XclNEp9ZJxklF/OwVECb7vFReVQ+SA
0U2S5Y2den/c/5wNt3RI69AaURAZoEIxjoL1cBtomxM
-> ssh-ed25519 +3V2lQ ot8xMJdVEzGv0W17UMaOvDp5ltMV1t8zrXhkpRjwrEo
M8ky+nhQo/rgBZ2gzD1rf++MIJXzrkh9RmGOvL4cqV8
--- 5RnhwI3yXutsCzaH+lUK221P8Drag4a4LWW0vMJKyis
P£v ^V÷ä]zù;>Ev»-䊽Uª¨}üpb€ð2žÆ3W?Ôo¬!m»ç¶×
ËNÌ 7™—"•Ÿ'•â}qk

View file

@ -43,6 +43,10 @@ in
"delite-wg-private-key.age".publicKeys = deliteKeys ++ adminKeys;
"blue-shell-wg-private-key.age".publicKeys = blueshellKeys ++ adminKeys;
"mastodon-active-record-encryption-deterministic-key.age".publicKeys = nachtigallKeys ++ adminKeys;
"mastodon-active-record-encryption-key-derivation-salt.age".publicKeys =
nachtigallKeys ++ adminKeys;
"mastodon-active-record-encryption-primary-key.age".publicKeys = nachtigallKeys ++ adminKeys;
"mastodon-secret-key-base.age".publicKeys = nachtigallKeys ++ adminKeys;
"mastodon-otp-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
"mastodon-vapid-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;