From 3943f34c925a9b81ca1dc8ca158ceda544bf2c7e Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 13 Oct 2024 17:15:24 +0200 Subject: [PATCH 1/3] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'disko': 'github:nix-community/disko/48ebb577855fb2398653f033b3b2208a9249203d' (2024-10-05) → 'github:nix-community/disko/d7d57edb72e54891fa67a6f058a46b2bb405663b' (2024-10-16) • Updated input 'nix-darwin': 'github:lnl7/nix-darwin/8c8388ade72e58efdeae71b4cbb79e872c23a56b' (2024-10-03) → 'github:lnl7/nix-darwin/a60ac02f9466f85f092e576fd8364dfc4406b5a6' (2024-10-14) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/6e6b3dd395c3b1eb9be9f2d096383a8d05add030' (2024-10-04) → 'github:nixos/nixpkgs/dc2e0028d274394f73653c7c90cc63edbb696be1' (2024-10-16) • Updated input 'unstable': 'github:nixos/nixpkgs/bc947f541ae55e999ffdb4013441347d83b00feb' (2024-10-04) → 'github:nixos/nixpkgs/a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c' (2024-10-14) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 6cf7d748..fac574ac 100644 --- a/flake.lock +++ b/flake.lock @@ -94,11 +94,11 @@ ] }, "locked": { - "lastModified": 1728109432, - "narHash": "sha256-wmbErh8FG7dRKOtMMpHUqDtFjeqt9Zjx4zssSeTalwU=", + "lastModified": 1729099656, + "narHash": "sha256-VftVIg7UXTy1bq+tzi1aVYOWl7PQ35IpjW88yMYjjpc=", "owner": "nix-community", "repo": "disko", - "rev": "48ebb577855fb2398653f033b3b2208a9249203d", + "rev": "d7d57edb72e54891fa67a6f058a46b2bb405663b", "type": "github" }, "original": { @@ -304,11 +304,11 @@ ] }, "locked": { - "lastModified": 1727999297, - "narHash": "sha256-LTJuQPCsSItZ/8TieFeP30iY+uaLoD0mT0tAj1gLeyQ=", + "lastModified": 1728901530, + "narHash": "sha256-I9Qd0LnAsEGHtKE9+uVR0iDFmsijWSy7GT0g3jihG4Q=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "8c8388ade72e58efdeae71b4cbb79e872c23a56b", + "rev": "a60ac02f9466f85f092e576fd8364dfc4406b5a6", "type": "github" }, "original": { @@ -320,11 +320,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1728067476, - "narHash": "sha256-/uJcVXuBt+VFCPQIX+4YnYrHaubJSx4HoNsJVNRgANM=", + "lastModified": 1729044727, + "narHash": "sha256-GKJjtPY+SXfLF/yTN7M2cAnQB6RERFKnQhD8UvPSf3M=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6e6b3dd395c3b1eb9be9f2d096383a8d05add030", + "rev": "dc2e0028d274394f73653c7c90cc63edbb696be1", "type": "github" }, "original": { @@ -467,11 +467,11 @@ }, "unstable": { "locked": { - "lastModified": 1728018373, - "narHash": "sha256-NOiTvBbRLIOe5F6RbHaAh6++BNjsb149fGZd1T4+KBg=", + "lastModified": 1728888510, + "narHash": "sha256-nsNdSldaAyu6PE3YUA+YQLqUDJh+gRbBooMMekZJwvI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "bc947f541ae55e999ffdb4013441347d83b00feb", + "rev": "a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c", "type": "github" }, "original": { From c39cf9c0b97429b5b65cefe9af7a800fa0adaded Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 15 Oct 2024 23:16:34 +0200 Subject: [PATCH 2/3] mastodon: update to version 4.3.0 from nixos-unstable https://github.com/mastodon/mastodon/releases/tag/v4.3.0 https://github.com/NixOS/nixpkgs/pull/337545/files --- hosts/nachtigall/default.nix | 7 ++- modules/mastodon/default.nix | 18 +++++++ overlays/default.nix | 1 + ...ve-record-encryption-deterministic-key.age | 43 +++++++++++++++++ ...-record-encryption-key-derivation-salt.age | 44 ++++++++++++++++++ ...n-active-record-encryption-primary-key.age | Bin 0 -> 2434 bytes secrets/mastodon-extra-env-secrets.age | Bin 2655 -> 2878 bytes secrets/secrets.nix | 3 ++ 8 files changed, 115 insertions(+), 1 deletion(-) create mode 100644 secrets/mastodon-active-record-encryption-deterministic-key.age create mode 100644 secrets/mastodon-active-record-encryption-key-derivation-salt.age create mode 100644 secrets/mastodon-active-record-encryption-primary-key.age diff --git a/hosts/nachtigall/default.nix b/hosts/nachtigall/default.nix index 1b98981a..9c40c7b8 100644 --- a/hosts/nachtigall/default.nix +++ b/hosts/nachtigall/default.nix @@ -9,5 +9,10 @@ ./networking.nix ./wireguard.nix ./backups.nix - ]; + "${flake.inputs.unstable}/nixos/modules/services/web-apps/mastodon.nix" + ]; + + disabledModules = [ + "services/web-apps/mastodon.nix" + ]; } diff --git a/modules/mastodon/default.nix b/modules/mastodon/default.nix index 47d93f49..01acf7a6 100644 --- a/modules/mastodon/default.nix +++ b/modules/mastodon/default.nix @@ -7,6 +7,21 @@ }: { + age.secrets."mastodon-active-record-encryption-deterministic-key" = { + file = "${flake.self}/secrets//mastodon-active-record-encryption-deterministic-key.age"; + mode = "400"; + owner = config.services.mastodon.user; + }; + age.secrets."mastodon-active-record-encryption-key-derivation-salt" = { + file = "${flake.self}/secrets//mastodon-active-record-encryption-key-derivation-salt.age"; + mode = "400"; + owner = config.services.mastodon.user; + }; + age.secrets."mastodon-active-record-encryption-primary-key" = { + file = "${flake.self}/secrets//mastodon-active-record-encryption-primary-key.age"; + mode = "400"; + owner = config.services.mastodon.user; + }; age.secrets."mastodon-secret-key-base" = { file = "${flake.self}/secrets/mastodon-secret-key-base.age"; mode = "400"; @@ -54,6 +69,9 @@ webProcesses = 2; # Threads per process used by the mastodon-web service webThreads = 5; + activeRecordEncryptionDeterministicKeyFile = "/run/agenix/mastodon-active-record-encryption-deterministic-key"; + activeRecordEncryptionKeyDerivationSaltFile = "/run/agenix/mastodon-active-record-encryption-key-derivation-salt"; + activeRecordEncryptionPrimaryKeyFile = "/run/agenix/mastodon-active-record-encryption-primary-key"; secretKeyBaseFile = "/run/agenix/mastodon-secret-key-base"; otpSecretFile = "/run/agenix/mastodon-otp-secret"; vapidPrivateKeyFile = "/run/agenix/mastodon-vapid-private-key"; diff --git a/overlays/default.nix b/overlays/default.nix index af9faa9b..50ede5d3 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -16,6 +16,7 @@ element-stickerpicker = prev.callPackage ./pkgs/element-stickerpicker { inherit (inputs) element-stickers maunium-stickerpicker; }; + mastodon = unstable.mastodon; } ) ]; diff --git a/secrets/mastodon-active-record-encryption-deterministic-key.age b/secrets/mastodon-active-record-encryption-deterministic-key.age new file mode 100644 index 00000000..3fa08635 --- /dev/null +++ b/secrets/mastodon-active-record-encryption-deterministic-key.age @@ -0,0 +1,43 @@ +age-encryption.org/v1 +-> ssh-ed25519 iDKjwg 1hTwlkE1sBAeCz0gf7XU6o0iMX9NXcqs4dFKrmerV1Y +QTRSr5Ab6redaWHmSkGv3QBDOTCoN+0bqZnWTkUXw+k +-> ssh-ed25519 uYcDNw FJ3Jxz2Y1uz7cZwYw+IfO3MQjoXkO4OU+CIeMDa9Mk0 +MgTZesZpxk788OBPM1forUuxIYFKkpsnp7NsEzmx9M4 +-> ssh-rsa f5THog +JH7iLrQWeElqdYWVwQJIVh7KjBx2TmfqUekwkI0FA9ikqaWM9byewNkT+juu7egY +eZol4fyx9WLVVNI0P+Gc64mi1K3DzW6IzJT5PN24TSOeVggj0buKRLBPZeSroCL8 +mfIRPJF5esA0j2ohGOzZLA1cpeHCkAVU6tGq5iXI7w883AOhZDZHtEJWJHE+QMZG +9ZaSnGPLeAiC9xFjxxUQRuxUAE7nOjqoflcEPcm1/OkZoauqsJGzvNl2L+b1D1Oz +wgSTTSVxsNH6MDKmuxZgjPLUpU9rbi1/ylfI+caW8SJ1ygu2yYhTh+KyXiDjtj03 ++ZZYBjOw9bR12qiQx1it0OaxJU8YPGAlBIN+PZQIQrV7j1KwGUfsYXFmHGdRehK9 +7bVcDMeIEPYorQWiOL59zolwQ1u0Y5oFPJBiXxDwpVKEwen/VzYCtJwCDb4eIfsS +AWLARmnRR2KIOJn6SgcoqBl8OfPntPjWr3KjvfXXrH1wo56Ba/5c4her1S/wQNh1 +MuMLE61WgCcR5Pn14gtuzMh4cqt2UN4kHLQi2KluRSa9v02WhWOCyf8AJFInANo5 +tdvM0asCAAE0vTPqk1/gwrsIAdATjC50lCyJsmUZQs6iMuL1voihWfZ154CtRS48 +ji8wKDlOuIalbzq9/kQUa6vM1kaHqq8LoLtw5wHFLJQ +-> ssh-rsa kFDS0A +QkIAoXUvfop74tdybgxTC6l4RSJD+QcSnCMadA4fQhfgvxftXXAMERPVmWS8L8Rr +fnkb7WOsLKe5uFwDBAi/stjNugtjxPE6j4Hbv0LxyMh2KzsczRKQjdcEN4IVjHMi +EZoePsshDJ1ND/SBhfSqQ/Y3N7g9sEU3K3oTE70hGX+0MOxQYz/vhw5VfjwwfihL +n4Btjn/kmUALlWtox599tvNfy+Tjq583UdZNQMHakI4bust1FOatIdJEz4qHVb7C +XJ0QnqlJPqY/V8KF5IOh5at37U2raAp/54RDAAziXjLnbeiCIFGFpPNNH4c1XMRe +MNcDJQo9VxfDreVAWUEjaQSv0xK3bv64A/RelDCvgQA9+4MBDZO9i9PRkC/dUf1C +0UzNT0pQPR/8TmAo2S/XcPYGaQif6g+OL0dvNivKNjhpx5AUxR+nImuIRL5c4H/P +x37O6iZbg38B2g6l4oS9kOEALr3zithv7k/J9tC/5kOtXDcnDo5nuLDV1+maASnk +a1mKGF+NnJNj9HfN9Tf5v1HYSgOHjH1RXZWaSUqQEaaIJ7jKg/hZroXUDGEZxU0E +0u9rzeoQNXNLvTJtZjO79EWLlp8C+CryfVgJLBELe6yY4FcLR6TbB9t1bWT3VOnf +s62sU5fpsgQgQ1Wv4JyEPt1Vy93JNPQGrbnI0euFQhc +-> piv-p256 vRzPNw AmLneGaB8PWxhNVQakxubRiTfQI8ztGWXsZv+eirFURz +N5bR+P/vKP0hgnejhIBEMG3c3fbnpTeZOsL4FTQdIiA +-> piv-p256 zqq/iw AzQcsc5Tdm4R+yYGO0TDiDyEkXlsdqhZm5hp4mAj1CPG +Nxc2z1uW63Cl3N4cQ2T3g1/fju/bVHc2BwA8VGtL/Z0 +-> ssh-ed25519 YFSOsg iKhgZjb+wldSbt6GK6RXHVOmmHIy/q1kvwR/sirvQ3w +0IIhK9FhVl6CsdDS6e1oqlha2DfeUZ/Bs9MNooPFTpY +-> ssh-ed25519 iHV63A u5F2ywZTiWhB19r3ey9JTzho7za06Cq8UISh4G1ApGQ +NpuI82VTuaZdqGKyftNIrYhr5KAkh56sf84J9aw51+s +-> ssh-ed25519 BVsyTA kDelsR5/FRuItCOMX6m6H7vyLlZRYyMrb32Eve3lMEY +sNGS7R6zqSLT7xNJAJWmzWfWL0uj5QnJ+Gbh49YfpKQ +-> ssh-ed25519 +3V2lQ idYZrubfci3W4Yn+3pEblXOQCf1UoyA7cxKnFmfh3Bc +OMI1yg67nxUBH1xj9NikqFVeCTqAWa+69DYvB4T4uiQ +--- 7HlnH19UqRCTjysYSSUJGrdsK4ZduF8+k4nSK/3JDq8 +}sˆðDéµYá–ÀMÔŽzS’Å~ºùÂ…«.Qc¯¶d("û)#š¾þý*Hdº Ó…Œ%/s¬g—hé]½m} \ No newline at end of file diff --git a/secrets/mastodon-active-record-encryption-key-derivation-salt.age b/secrets/mastodon-active-record-encryption-key-derivation-salt.age new file mode 100644 index 00000000..01bb53a6 --- /dev/null +++ b/secrets/mastodon-active-record-encryption-key-derivation-salt.age @@ -0,0 +1,44 @@ +age-encryption.org/v1 +-> ssh-ed25519 iDKjwg dNFZ+e+a0AjH6Gs5POmZVl9bSXREvkqx1lSdmOq5IRI +ZPEuKmVDwWgPL0qfDsMtslNJ7RG55MPTQjlBL2iEJdk +-> ssh-ed25519 uYcDNw qDCVM6EndKJxZUXOUg0d4ElU9vlMGS9mJxELjezs8H0 +clZ8JJ24IPAd74jKyOcUvKeeanxm/Cy4b3B5mrvg9ds +-> ssh-rsa f5THog +rjdgXMdt8KqI1qJA0hWkF3SyjsaDz0f7AwUzcTY7hk5ULa98mCRe26tmWbTiil5D +gchbehmLRy1JTzahUw+1xLH/iZzo3RqXCvzjrBoPCM/iucHJZPHpLNoOTtL//zXR +0lZusQaUZ/lQrjCwyMwACJ9DKv4QiCIUfgYBzZGq6oLMYiWpEHfZQ7tWiROAO4/T +cCCvLtM2LQ5Q5vZ5cCdBQLxrAZz+OnPgXQRAoLqH5WLMIqleUhkoVh8JoIzww+UG +c2OKazF2dL4djnujrTQfS1uWirfmkpNW+TKrKKq6q0+cLOMjc/eLjOfBvgD+yZuO +TxnkRRbOGNuc8hA+9FL3A/yfYk/TH78eQ27aiiV6yaX3qK9KcPp1/vUe+m4XguXE +8LRemmCVazYuYKXzh4jr+ecppVokKep3tzb/eKSjw55xx/PIcG3AV4UjuN3Vvtdx +BkP4/S/jn7tEBlNc1DmkrgmuUF5iwPR0CTMG1I6gxUkjyxWyPKntq6wegPT4QMRE +eePq6SjKOOH06u4W1z4HM1ipMOK1VJrozQabnmZnhbE2+Gfy76N+Fe0sjG2iK/pg +J8v/KT6BrhR0PYvGJirnZD0MvIlSZA+xI/FpKav/Y2195Bb+LEJY+nJoxepdj8ev +d7N+J6g5Yt6SN9BJS0QTmtatFlTnfsU8nAYCEVB1Uxc +-> ssh-rsa kFDS0A +PnAXBG7IsVdWs3TEthQFSDglnQdZlmBzhYWq5er7Q32i06BGw0OJp5c7VNi6zLFd +EOSYtdZ8SaK/CL7m3LROmv8NraVst2ml7zKeYPZ5/xHLVBb57SWkFYZIalMpZDr3 +IVRxHifZVS6hgdCa5MWUotOsdzbStUSSh6G7TCrP/LnCeh/abOXLkvqLj9NrHeAH +UOb+Sxay3y5jUc3OBPGWw0LzGFa8S0vKhqGYIIMUcFBoenQ68/WYMMt9Lc5nD9yA +fiH0ytkhZVkPd1+0MQ99dpCgUOcK7SOG/jUDIOhVJ8OQMoqovaML0Kmz6+Csj8l3 +l+iMd19D8CCK16dLGDi3LdvDaanIHq7H8vOW5ihWgV313aLYWdYJDIKhyn90XO0b +SjF7dFuPxsIb+8r8/hk8xPdGu1cB3ryfEUaccQF1f0q3jBaM1RZ5Jfu/0fVHDnOj +9c1lMC2MvwBOFFrNo9GzKjq6ezLBb58i8fV5+LZTVOgMa25BusCpnHW+KerjpGb1 +/2RK8WoXoviGAAaPuIp0ttD21oj7Ba7ZjalzO328cTlK/J6wp6qxoJOC9FuXBZCf +M91kGWavS8Y941kRZJBD14VhLQeIjzRphnR64r03kv8HyIDSAmNc2sDOoqji1G4Q +Fxs1oKVnSxmnGWazjmxtOtbDMhJjJlLyVEJOxgHXmz0 +-> piv-p256 vRzPNw A8qqho2hbHfodtF8D4JFu039UlMDhXhIy1lzqOBkIpIB +CY5cHkLTHhhNIq1s6iFVGyKyIMemO/my/GmnWS2we08 +-> piv-p256 zqq/iw A23triY0bM1tpn20GXCvGCcWny9dkQDY6tP7du/HmJty +vXVsqP2j6Kf0mwb29jSY/qn1FFnmQLWVEcL002MT6U0 +-> ssh-ed25519 YFSOsg KZ5TnAoRXHKCIEg1eoMO28saKhKmG08lCoCKNnWaOTM +FOOqg8s2cVDPAiIVmYI2UkmpXWimQE4Sy+gCwH7oYEw +-> ssh-ed25519 iHV63A mlcNQxplVIGOPIte0u+vibNIQtV1FCzC5IUmz7183SY +5IlGvhYYU510PkdyzdNGgFfS9f2rkU1dMJ2Spt3RGls +-> ssh-ed25519 BVsyTA s5BCUQJfI9Oo8XclNEp9ZJxklF/OwVECb7vFReVQ+SA +0U2S5Y2den/c/5wNt3RI69AaURAZoEIxjoL1cBtomxM +-> ssh-ed25519 +3V2lQ ot8xMJdVEzGv0W17UMaOvDp5ltMV1t8zrXhkpRjwrEo +M8ky+nhQo/rgBZ2gzD1rf++MIJXzrkh9RmGOvL4cqV8 +--- 5RnhwI3yXutsCzaH+lUK221P8Drag4a4LWW0vMJKyis +P£v ^V÷ä]zù;>Ev»-䊽Uª¨}üpb€ð2žÆ3W?Ôo¬!m»ç¶× +ËNÌ 7™—"•Ÿ'•â}qk \ No newline at end of file diff --git a/secrets/mastodon-active-record-encryption-primary-key.age b/secrets/mastodon-active-record-encryption-primary-key.age new file mode 100644 index 0000000000000000000000000000000000000000..dc287344236cfdeba3a1ec7feb41a533ce03f237 GIT binary patch literal 2434 zcmZXVIm`SA0mgSh5dvzVh~?WTNcfv%a?E54CHH+zu1Ok6GC3yqeKmdrJ3-ib3&AaH z6+2rS8yhPN8^yw2d@UAq{RBTAo-4}J4{4i>M?b&1_J`e=Ln{J&_|e-m6(7>)1;-Kc z?ZqnPmcKzLXt=5+rneW~SE;x9SH-&##Wc^@;M#FE1yH5?16pA~yRK=NVA+C;%>EqQ z$Y8Lf>)3wT3Qe~z5t&O#I?bRD=9rslN30pju}r25;wY5*TOc>LS0$H?GD1^|d!bTMZOx;3blt5Evsz-*Bc{TU(&X#{mQe+SP=+owY-MaMq!SqCdan(khnnEv5O_d)4`A#Bp+>hP*&Wi3ti$VIEH$3yA>`Ggzb1rb zH?FHdJtF;gjw_zEVG3{^)lNg#xQ^TIc2w?32`pb00Zum8=f~M-*Ag%Fhl6X^%lNMyi0z(imJwwMEUIw^$N+46d)RZrIOrV|?YQE^^u4DZfKZvxd!P4yQ z$>2wzu=P4X>RGX>154Qr8Q@cDHWIoeB%9=FyM@;sRkG@4R@Ot>+CXyXmCl92-7`zN z0d=<`l2MZAgzvOTp;Y+Z!RI;)g(t)W!`sm<)+Qb!R($hLP6JqR+U@L4I=4+< z4`g7<$RBprdFaS|S-oqt5Dv|UOm_tT$#MT$KlB%zcw6tM`9A#=i9C_kj*9_{gI57< zgb!bjxB_XL(W?vJP!*-(jj7Bb34ow2UhszDyC!{d=(*sm1{-R85pBj9ojmivJ{>V8 z*SP;-ox=dV-dTN!ZB2iHIKFi-UY(+q-r_r2>oFaYBa8l zmKSS$GLmNV0?IsZ{zwL8+2l)m^=g;UzUb!{9~$tsG39TkoPZ(>O9CkE?F-g=_Kp@2 z$l5eK?AU16uiG7Z(n%w9fKV$nxh+u>+0DEM!KskQd8eA}c*6F4JTFDM^;kEv%m01o zOY{hodZSwo7s2Gnl}$%YEqp(8bV&_LGP+KN41bvhqTZ#p-k9dx zF4v5Jz=#~Yaa6N9218zVxhdMSYl&r9r5-Uu)EjX2+cheoh!Mim@9Kab-&ZC}u2t^@ z4E(4#18Q}Ma;=#HK79D_Rvv42#%Zk+NoOXV4Wj-7ywyVL+(D5Am6B*rRivE^y8+++ z{Hq`BfBnJlj~{c%ufJdZ;vd;>zVg$*{rT_4!u{)G>094uzm|OV>2Lq|y`O7e|I07o cKYjku?>_z6$DjS-ldJvD@BZXh-~7(M0q%bx9smFU literal 0 HcmV?d00001 diff --git a/secrets/mastodon-extra-env-secrets.age b/secrets/mastodon-extra-env-secrets.age index dba14bbec575be03cacae8976c2d0474d403a962..14ad42713dc4552370b4f661043838718a37b4cb 100644 GIT binary patch literal 2878 zcmZ9OjqfA{dB-KnwYOL8wNVVT;IEtkbvS2tW@l!H9zEt|XJ&VHW@l#S-L|?r?=QQv zJFh!~v_M}BVrh)^4bj9P7!_YmQ$$KjX;O%2P}EvuuP4{2gr13(M2{+o{j~{+C#TnIr1_(4STaT6Rk6x#W|L9(K^ zFdDVpYTiyv0ApjJrEyF zLAY|KK-e!rgpL$vfb6$!5O+?Ydr7J*>>Q900~x(Y%ZufKkEmQ0^row+Eg&=|F!Q=C zt$D%}nzIEpmp46DWP>uTs!|r$n!!s@7JE2G1n!Kr1Uz?|vBdNQUDjo4VobQTDLI(~ zTI$HH5Wpk$yupW|IYK;wm}}rt9M$#2bcJF$6q(tfKE#g4Nw4$;zb&T;1kQK7IyEQ2 zcIeZ>+N+#xhC54=8+YT;R2b~AO&>YVzB(Q0% zi*Cu$(y{^4$v}^DautR1RD=Lwhi8exB(p%MpZV3uH_qT;|3Ky{oBidJ^G#sMXiPrjcrPP_AZrPeDY31$EouE054DjvsqAK(?Zw z0Tuv4MYfp@qiKcj<=ja?nq;#bYa>t?jfM;yFYTVr2q3P}4Y2FfeZN2{(a&+uGzlh7 zDP%ZgnMH?)X;<|Fi`ejG)3~+Oj8-_q>=>@8dqrT6F%xl1UeC4=V|yAQ&xk6LZ-0G5Ej>X*yP zn@u^iO>K~r1!z@b;`Js`hT0++2P85RVUm;;URQiK z8*LHaT|k&XBnX)Fc0-J*C^>T0b&w}5(ohCp!z*vk4+v*s(Ds^PLJRXXb86d%0T**u zH>;$-8IpRYP+rfAiP^H1)@s(NjH|X5g4dl84i(-h_FXcxi*Xy|88T#sxLF)l1fv34 z?oCa+WanEu=oR}hnAbkD7UH;Vi#iLZF{s2fvahtPYMFr}(eA>@Vaql2aHZC>wj6em zC4@-kxlNqi{&K%i5NHCh~8w?@lWgrd$8q1{Eq7s=5 zN{yPu>$WG$%p&YGMTWF8Wu>tbBl>L3l>5w&Y;!PT0&UMUhTgQTD#Mh#?xJOlb0G*Q zJj-mo-X2ias*+VJQBgwFs}nrM`qhLURD5O`3xrY8kv9gqttv*fq2rNVrald2d^lYw zc82t3I>)g&IX70R&Ph_dLLm!p25B&?)|^F?g6C4&Oxx{e`F1d-_mibnxvd)L=B_9# z!|eGr+l3IiaKuHPPGc0@iA#!J5fE_hvtBZwmo14(;9{6AK=+kw#`YYhu#JeYw5*B{_pD-%tBZkb)*Nrz5_W=nIL zj+SUk_Z_X5@(#6_P;JESHz*0@xU9KDYan3DNQ=^R7AOlqc4=C!lNa~%#T#ldi+K?o z1cb`jO*?@}vu1XrBd@S*2~#E?Z3bOdLv0bRV8q;IEYX`-{C3Q`QO(vfV#`xh4p@52 zC<6iZXD!z>IfAtEB#)BuOKB0OqcCxhi`_`TXj`!+;bz)Z<-W%2kr!#CD=Diz)5X4} z`$Cb@!ycLJHhU>C%ZynHtZl?RHpS%~+yo;Fr%2f9&tPz;t?J_cJp0xEfYggtB@T9d z3gTwV*a|pBU!}Pf)j`~6Hl)AC40&O7+l@A@%4Vtzd#u16V`@#?6e_C2TyAfKBsKZ2+u8seB-fbPA*=A*895+pRbKoqpKy9;MZ?i5Oid0|Fz% z<_t*3JxGihx{oW>T-w768Q_*<%GErm8$~oUW~COyyQ#OPDG5)ApkwAXlldH|Rok^)XnXDc}M=(R<{f{pZd;9R1O^uRr+A{oklm3;o{0JHp-R zKKSenpE>vW$>R83pZ)LSA3u1@S04G{&tBdC*PC9EyylMI`@-=sdf=6-Uq1fKHTfrA zxb20DgQvRt2TyeG{mI$4-}KhkTz}%j&wus7@|!=dkKBCetBhYfclw&^&i~iXzVvhJ z^r@?lJ$>}s|KTmjIpaeQ|I6P(!Ob7M|E~Lg?frj~efrNY zKK8~xyA?cfhj`6(&%XIDzOJ9U_Uk)0h0mr-&bZ>@xoKyH5n(bw6PIyNS!cduRIGn{E#NZo&NH_kQ=C z=U$#a^PboJY4M*|=!SCTnMYrC;dfpO{D{{tJ#+cR$#4DfNc+%x|KW?t<-ZAC_V&BH zBl+F8{_}TUuikUwsc(_rKl<8tU48D@$1b^W!*$m_|J^rSbzk=-7<%C15&usL{N0~_ z_$D0q#Yb)|uYWRl^wBqbz}$9^f3z`rxQ>;ge5X`|2b2 zp1=2N$3FVk4;=j^!d!Uh$EVsW?)~y#J$mGhv&aAb*y;D2`rzuy_kI7j&-lw%p1kei z(SQ3~{i?yY-uM&h1FPGg{*m^+%Z@$s*)!ih{ZHV1&pofr-^M@w7<&7I$M3xH>?N07 zycGWE)y0+Xc-e29JO+F3yz9bMx1QHO{EGfr`kOD@c+G7GGV{~(KYjX^^UwYdxJ&g4 literal 2655 zcmZ9N`RgC92 zMW~RJqIeV{`9nk+rU^c1i9{HvLFx}mClqQFef{AP@-KMt`MfVT@Xz?!w(5&RlxNrE zRRA?GaOR6Abse7ZJp{+$@kzwVaT}a;B!@u+j$pCvh_EwVqQ_Dusfk=9)Z7^CWmH6- z0SQh&2QnAjce>Z>Eodp!L5g!Br!YH|sFVu{Q*=$Qs4B-Pgye&?qrK&n_5_vOVCS|9 zku_MNk;a(Zr(}+^R49xOy~H^S3!xY$X4x9ZWgKVqi7BO9*=$xcH6!g{As5|&MPwB; zOAQNloh+y%eU4Vu?#T|aM%+}>J5O!OZ1OdeqYln8W6%y^WvZt_gNoM9i^Z8tlp`$fpFmHDPck;fBoJpA%h_%)ctxMwl*gS{| zJa`4M6|77yqj_Jq+zMEG&;X)MCg9$%-mvrxVm&1M$KNG!4nZ<6G%wL zi&2xP?LIcbZm3W|Sc%#wDyfF!aC0|WGdn31^>oAP8|={M*}?9kDh$c4p}Jtbj;Lc@ zK*(UTFs^SQRR^lX0~?~$6vOC*c-<>~G3}#lpnH8kSbIX7?S**_sYFB2eumR?IE5Fb zJh)&vkd!3?n@P`bbPkfo?y##i6tb4wqie2%V6mio4b5PknmAR_={YTINu^y9+koca zGRrzr50(ILY}5_C=xQ1#Qps1$dL_rZXkv|0QWE18@4FJJOJ$gj7nC|ynQFc*y*->C z9g;RzE+D#Ymd{g^o3u{obg^9G7UU20l9U;BFKJ zUhb&C;FTE^#4~{!71kjM*Xay4XDhSN&0|N$Q>RK6BpYQQ_I_&K^Kl|@>WBuG%+Xug z*h2OaXPVX=F?QFrU`6eWHt{Kp$>fe4uSXcUNysT>@@TP8AU-R2w^thno&s_KCWn1W z>wOf1_;Ks#5F^g>sRl`94@;bX!4f&xwL!7tGi>A-;VvqeXtq$SU2C?kK}@&J$muYuR^0#zS#!^%`Rtaea zRl%Ks!4imQI zJ#-b5$%1IJ!LSFWo#c(UFDsaX^)G!8lbw|k@7Xa#rOY4Mo5#Lw}NZJn7(J$np zBrws%l~(Xw!UU&CY{2YxJTn4ct*V7YEkgnxhhQH9LODkwrjAF~pMW#_gk(PO;r z4t$+pyMwJOr)@P(_ytu})lr$m0Uk`CLec|DNNbA$~W@g~O@v4(KW z7geg6_%vf%5CybV>MZt!8;rSb5sUn(F>QHoDsxa3aZ*emLR_KUoMW~BXANZuMW?Jn znfqx;(vCyHR;?Mc#tzgR#d~XI^>DqSMF}a*$xNDufFaTgW>_EAgj%Of$W#dx6USQ7 zDu$g?2I(oLEmX=7i0|j~+=kkMx~PMb1y~))VFcq|sHc1+cQKKe^q%ogKQ8*-xI3*T zWmOMRzXC7^4sz2;=Nu0A9lzmD2eE?kUIzS^(OX8gwxiLp?OTvh zcx$H6E4QyPiJ2|!DfU4cW7NGypG?ey%i!B;>FulyZQGuRjle|RdGyv&W{t5{ku2dg z-!w*mk?$RO*UckRqt_0|$Wep_Ryg(WQbGB^#N{TB(8U3pyuaAzZUa#RNmnP!nS`$V zxZsdg=`IhYvC;iXEahD9(Ro=UTI{I0k}DgP2HdrEG;Mm)Xqu6$9HF*rHXp~Z?L=MS z1c!#q6=umMrN;wj&YU@!?{=;)gaS8ewS_z+V7ZC?ow}YPO?z|!F!>Ec(YfA_b4|GQ7W{Eh!ybqV*Or`|h2fBD&x0b8NYVh!v(Rq Y^rqFLFTMu+>()2ky72jD?)~=oe|wRVg#Z8m diff --git a/secrets/secrets.nix b/secrets/secrets.nix index da61f634..1bf62513 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -43,6 +43,9 @@ in "delite-wg-private-key.age".publicKeys = deliteKeys ++ adminKeys; "blue-shell-wg-private-key.age".publicKeys = blueshellKeys ++ adminKeys; + "mastodon-active-record-encryption-deterministic-key.age".publicKeys = nachtigallKeys ++ adminKeys; + "mastodon-active-record-encryption-key-derivation-salt.age".publicKeys = nachtigallKeys ++ adminKeys; + "mastodon-active-record-encryption-primary-key.age".publicKeys = nachtigallKeys ++ adminKeys; "mastodon-secret-key-base.age".publicKeys = nachtigallKeys ++ adminKeys; "mastodon-otp-secret.age".publicKeys = nachtigallKeys ++ adminKeys; "mastodon-vapid-private-key.age".publicKeys = nachtigallKeys ++ adminKeys; From 987c0919ca2f5806f463cb8d81d41a6ed7a71419 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 16 Oct 2024 11:37:10 +0200 Subject: [PATCH 3/3] style: fix formatting --- hosts/nachtigall/default.nix | 10 +++++----- secrets/secrets.nix | 3 ++- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/hosts/nachtigall/default.nix b/hosts/nachtigall/default.nix index 9c40c7b8..9a69c4f2 100644 --- a/hosts/nachtigall/default.nix +++ b/hosts/nachtigall/default.nix @@ -9,10 +9,10 @@ ./networking.nix ./wireguard.nix ./backups.nix - "${flake.inputs.unstable}/nixos/modules/services/web-apps/mastodon.nix" - ]; + "${flake.inputs.unstable}/nixos/modules/services/web-apps/mastodon.nix" + ]; - disabledModules = [ - "services/web-apps/mastodon.nix" - ]; + disabledModules = [ + "services/web-apps/mastodon.nix" + ]; } diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 1bf62513..999cec92 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -44,7 +44,8 @@ in "blue-shell-wg-private-key.age".publicKeys = blueshellKeys ++ adminKeys; "mastodon-active-record-encryption-deterministic-key.age".publicKeys = nachtigallKeys ++ adminKeys; - "mastodon-active-record-encryption-key-derivation-salt.age".publicKeys = nachtigallKeys ++ adminKeys; + "mastodon-active-record-encryption-key-derivation-salt.age".publicKeys = + nachtigallKeys ++ adminKeys; "mastodon-active-record-encryption-primary-key.age".publicKeys = nachtigallKeys ++ adminKeys; "mastodon-secret-key-base.age".publicKeys = nachtigallKeys ++ adminKeys; "mastodon-otp-secret.age".publicKeys = nachtigallKeys ++ adminKeys;