forked from pub-solar/infra
Merge pull request 'maintenance: update element-web, keycloak, mastodon, nextcloud' (#240) from flake-updates into main
Reviewed-on: pub-solar/infra#240 Reviewed-by: b12f <b12f@noreply.git.pub.solar> Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
This commit is contained in:
commit
b1391521b9
24
flake.lock
24
flake.lock
|
@ -94,11 +94,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1728109432,
|
"lastModified": 1729099656,
|
||||||
"narHash": "sha256-wmbErh8FG7dRKOtMMpHUqDtFjeqt9Zjx4zssSeTalwU=",
|
"narHash": "sha256-VftVIg7UXTy1bq+tzi1aVYOWl7PQ35IpjW88yMYjjpc=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "48ebb577855fb2398653f033b3b2208a9249203d",
|
"rev": "d7d57edb72e54891fa67a6f058a46b2bb405663b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -304,11 +304,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1727999297,
|
"lastModified": 1728901530,
|
||||||
"narHash": "sha256-LTJuQPCsSItZ/8TieFeP30iY+uaLoD0mT0tAj1gLeyQ=",
|
"narHash": "sha256-I9Qd0LnAsEGHtKE9+uVR0iDFmsijWSy7GT0g3jihG4Q=",
|
||||||
"owner": "lnl7",
|
"owner": "lnl7",
|
||||||
"repo": "nix-darwin",
|
"repo": "nix-darwin",
|
||||||
"rev": "8c8388ade72e58efdeae71b4cbb79e872c23a56b",
|
"rev": "a60ac02f9466f85f092e576fd8364dfc4406b5a6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -320,11 +320,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1728067476,
|
"lastModified": 1729044727,
|
||||||
"narHash": "sha256-/uJcVXuBt+VFCPQIX+4YnYrHaubJSx4HoNsJVNRgANM=",
|
"narHash": "sha256-GKJjtPY+SXfLF/yTN7M2cAnQB6RERFKnQhD8UvPSf3M=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "6e6b3dd395c3b1eb9be9f2d096383a8d05add030",
|
"rev": "dc2e0028d274394f73653c7c90cc63edbb696be1",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -467,11 +467,11 @@
|
||||||
},
|
},
|
||||||
"unstable": {
|
"unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1728018373,
|
"lastModified": 1728888510,
|
||||||
"narHash": "sha256-NOiTvBbRLIOe5F6RbHaAh6++BNjsb149fGZd1T4+KBg=",
|
"narHash": "sha256-nsNdSldaAyu6PE3YUA+YQLqUDJh+gRbBooMMekZJwvI=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "bc947f541ae55e999ffdb4013441347d83b00feb",
|
"rev": "a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -9,5 +9,10 @@
|
||||||
./networking.nix
|
./networking.nix
|
||||||
./wireguard.nix
|
./wireguard.nix
|
||||||
./backups.nix
|
./backups.nix
|
||||||
|
"${flake.inputs.unstable}/nixos/modules/services/web-apps/mastodon.nix"
|
||||||
|
];
|
||||||
|
|
||||||
|
disabledModules = [
|
||||||
|
"services/web-apps/mastodon.nix"
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,6 +7,21 @@
|
||||||
}:
|
}:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
age.secrets."mastodon-active-record-encryption-deterministic-key" = {
|
||||||
|
file = "${flake.self}/secrets//mastodon-active-record-encryption-deterministic-key.age";
|
||||||
|
mode = "400";
|
||||||
|
owner = config.services.mastodon.user;
|
||||||
|
};
|
||||||
|
age.secrets."mastodon-active-record-encryption-key-derivation-salt" = {
|
||||||
|
file = "${flake.self}/secrets//mastodon-active-record-encryption-key-derivation-salt.age";
|
||||||
|
mode = "400";
|
||||||
|
owner = config.services.mastodon.user;
|
||||||
|
};
|
||||||
|
age.secrets."mastodon-active-record-encryption-primary-key" = {
|
||||||
|
file = "${flake.self}/secrets//mastodon-active-record-encryption-primary-key.age";
|
||||||
|
mode = "400";
|
||||||
|
owner = config.services.mastodon.user;
|
||||||
|
};
|
||||||
age.secrets."mastodon-secret-key-base" = {
|
age.secrets."mastodon-secret-key-base" = {
|
||||||
file = "${flake.self}/secrets/mastodon-secret-key-base.age";
|
file = "${flake.self}/secrets/mastodon-secret-key-base.age";
|
||||||
mode = "400";
|
mode = "400";
|
||||||
|
@ -54,6 +69,9 @@
|
||||||
webProcesses = 2;
|
webProcesses = 2;
|
||||||
# Threads per process used by the mastodon-web service
|
# Threads per process used by the mastodon-web service
|
||||||
webThreads = 5;
|
webThreads = 5;
|
||||||
|
activeRecordEncryptionDeterministicKeyFile = "/run/agenix/mastodon-active-record-encryption-deterministic-key";
|
||||||
|
activeRecordEncryptionKeyDerivationSaltFile = "/run/agenix/mastodon-active-record-encryption-key-derivation-salt";
|
||||||
|
activeRecordEncryptionPrimaryKeyFile = "/run/agenix/mastodon-active-record-encryption-primary-key";
|
||||||
secretKeyBaseFile = "/run/agenix/mastodon-secret-key-base";
|
secretKeyBaseFile = "/run/agenix/mastodon-secret-key-base";
|
||||||
otpSecretFile = "/run/agenix/mastodon-otp-secret";
|
otpSecretFile = "/run/agenix/mastodon-otp-secret";
|
||||||
vapidPrivateKeyFile = "/run/agenix/mastodon-vapid-private-key";
|
vapidPrivateKeyFile = "/run/agenix/mastodon-vapid-private-key";
|
||||||
|
|
|
@ -16,6 +16,7 @@
|
||||||
element-stickerpicker = prev.callPackage ./pkgs/element-stickerpicker {
|
element-stickerpicker = prev.callPackage ./pkgs/element-stickerpicker {
|
||||||
inherit (inputs) element-stickers maunium-stickerpicker;
|
inherit (inputs) element-stickers maunium-stickerpicker;
|
||||||
};
|
};
|
||||||
|
mastodon = unstable.mastodon;
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
];
|
];
|
||||||
|
|
|
@ -0,0 +1,43 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 iDKjwg 1hTwlkE1sBAeCz0gf7XU6o0iMX9NXcqs4dFKrmerV1Y
|
||||||
|
QTRSr5Ab6redaWHmSkGv3QBDOTCoN+0bqZnWTkUXw+k
|
||||||
|
-> ssh-ed25519 uYcDNw FJ3Jxz2Y1uz7cZwYw+IfO3MQjoXkO4OU+CIeMDa9Mk0
|
||||||
|
MgTZesZpxk788OBPM1forUuxIYFKkpsnp7NsEzmx9M4
|
||||||
|
-> ssh-rsa f5THog
|
||||||
|
JH7iLrQWeElqdYWVwQJIVh7KjBx2TmfqUekwkI0FA9ikqaWM9byewNkT+juu7egY
|
||||||
|
eZol4fyx9WLVVNI0P+Gc64mi1K3DzW6IzJT5PN24TSOeVggj0buKRLBPZeSroCL8
|
||||||
|
mfIRPJF5esA0j2ohGOzZLA1cpeHCkAVU6tGq5iXI7w883AOhZDZHtEJWJHE+QMZG
|
||||||
|
9ZaSnGPLeAiC9xFjxxUQRuxUAE7nOjqoflcEPcm1/OkZoauqsJGzvNl2L+b1D1Oz
|
||||||
|
wgSTTSVxsNH6MDKmuxZgjPLUpU9rbi1/ylfI+caW8SJ1ygu2yYhTh+KyXiDjtj03
|
||||||
|
+ZZYBjOw9bR12qiQx1it0OaxJU8YPGAlBIN+PZQIQrV7j1KwGUfsYXFmHGdRehK9
|
||||||
|
7bVcDMeIEPYorQWiOL59zolwQ1u0Y5oFPJBiXxDwpVKEwen/VzYCtJwCDb4eIfsS
|
||||||
|
AWLARmnRR2KIOJn6SgcoqBl8OfPntPjWr3KjvfXXrH1wo56Ba/5c4her1S/wQNh1
|
||||||
|
MuMLE61WgCcR5Pn14gtuzMh4cqt2UN4kHLQi2KluRSa9v02WhWOCyf8AJFInANo5
|
||||||
|
tdvM0asCAAE0vTPqk1/gwrsIAdATjC50lCyJsmUZQs6iMuL1voihWfZ154CtRS48
|
||||||
|
ji8wKDlOuIalbzq9/kQUa6vM1kaHqq8LoLtw5wHFLJQ
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
QkIAoXUvfop74tdybgxTC6l4RSJD+QcSnCMadA4fQhfgvxftXXAMERPVmWS8L8Rr
|
||||||
|
fnkb7WOsLKe5uFwDBAi/stjNugtjxPE6j4Hbv0LxyMh2KzsczRKQjdcEN4IVjHMi
|
||||||
|
EZoePsshDJ1ND/SBhfSqQ/Y3N7g9sEU3K3oTE70hGX+0MOxQYz/vhw5VfjwwfihL
|
||||||
|
n4Btjn/kmUALlWtox599tvNfy+Tjq583UdZNQMHakI4bust1FOatIdJEz4qHVb7C
|
||||||
|
XJ0QnqlJPqY/V8KF5IOh5at37U2raAp/54RDAAziXjLnbeiCIFGFpPNNH4c1XMRe
|
||||||
|
MNcDJQo9VxfDreVAWUEjaQSv0xK3bv64A/RelDCvgQA9+4MBDZO9i9PRkC/dUf1C
|
||||||
|
0UzNT0pQPR/8TmAo2S/XcPYGaQif6g+OL0dvNivKNjhpx5AUxR+nImuIRL5c4H/P
|
||||||
|
x37O6iZbg38B2g6l4oS9kOEALr3zithv7k/J9tC/5kOtXDcnDo5nuLDV1+maASnk
|
||||||
|
a1mKGF+NnJNj9HfN9Tf5v1HYSgOHjH1RXZWaSUqQEaaIJ7jKg/hZroXUDGEZxU0E
|
||||||
|
0u9rzeoQNXNLvTJtZjO79EWLlp8C+CryfVgJLBELe6yY4FcLR6TbB9t1bWT3VOnf
|
||||||
|
s62sU5fpsgQgQ1Wv4JyEPt1Vy93JNPQGrbnI0euFQhc
|
||||||
|
-> piv-p256 vRzPNw AmLneGaB8PWxhNVQakxubRiTfQI8ztGWXsZv+eirFURz
|
||||||
|
N5bR+P/vKP0hgnejhIBEMG3c3fbnpTeZOsL4FTQdIiA
|
||||||
|
-> piv-p256 zqq/iw AzQcsc5Tdm4R+yYGO0TDiDyEkXlsdqhZm5hp4mAj1CPG
|
||||||
|
Nxc2z1uW63Cl3N4cQ2T3g1/fju/bVHc2BwA8VGtL/Z0
|
||||||
|
-> ssh-ed25519 YFSOsg iKhgZjb+wldSbt6GK6RXHVOmmHIy/q1kvwR/sirvQ3w
|
||||||
|
0IIhK9FhVl6CsdDS6e1oqlha2DfeUZ/Bs9MNooPFTpY
|
||||||
|
-> ssh-ed25519 iHV63A u5F2ywZTiWhB19r3ey9JTzho7za06Cq8UISh4G1ApGQ
|
||||||
|
NpuI82VTuaZdqGKyftNIrYhr5KAkh56sf84J9aw51+s
|
||||||
|
-> ssh-ed25519 BVsyTA kDelsR5/FRuItCOMX6m6H7vyLlZRYyMrb32Eve3lMEY
|
||||||
|
sNGS7R6zqSLT7xNJAJWmzWfWL0uj5QnJ+Gbh49YfpKQ
|
||||||
|
-> ssh-ed25519 +3V2lQ idYZrubfci3W4Yn+3pEblXOQCf1UoyA7cxKnFmfh3Bc
|
||||||
|
OMI1yg67nxUBH1xj9NikqFVeCTqAWa+69DYvB4T4uiQ
|
||||||
|
--- 7HlnH19UqRCTjysYSSUJGrdsK4ZduF8+k4nSK/3JDq8
|
||||||
|
}sˆðDéµYá–ÀMÔŽzS’Å~ºùÂ…«.Qc¯¶d("û)#š¾þý*HdºÓ…Œ%/s¬g—hé]½m}
|
|
@ -0,0 +1,44 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 iDKjwg dNFZ+e+a0AjH6Gs5POmZVl9bSXREvkqx1lSdmOq5IRI
|
||||||
|
ZPEuKmVDwWgPL0qfDsMtslNJ7RG55MPTQjlBL2iEJdk
|
||||||
|
-> ssh-ed25519 uYcDNw qDCVM6EndKJxZUXOUg0d4ElU9vlMGS9mJxELjezs8H0
|
||||||
|
clZ8JJ24IPAd74jKyOcUvKeeanxm/Cy4b3B5mrvg9ds
|
||||||
|
-> ssh-rsa f5THog
|
||||||
|
rjdgXMdt8KqI1qJA0hWkF3SyjsaDz0f7AwUzcTY7hk5ULa98mCRe26tmWbTiil5D
|
||||||
|
gchbehmLRy1JTzahUw+1xLH/iZzo3RqXCvzjrBoPCM/iucHJZPHpLNoOTtL//zXR
|
||||||
|
0lZusQaUZ/lQrjCwyMwACJ9DKv4QiCIUfgYBzZGq6oLMYiWpEHfZQ7tWiROAO4/T
|
||||||
|
cCCvLtM2LQ5Q5vZ5cCdBQLxrAZz+OnPgXQRAoLqH5WLMIqleUhkoVh8JoIzww+UG
|
||||||
|
c2OKazF2dL4djnujrTQfS1uWirfmkpNW+TKrKKq6q0+cLOMjc/eLjOfBvgD+yZuO
|
||||||
|
TxnkRRbOGNuc8hA+9FL3A/yfYk/TH78eQ27aiiV6yaX3qK9KcPp1/vUe+m4XguXE
|
||||||
|
8LRemmCVazYuYKXzh4jr+ecppVokKep3tzb/eKSjw55xx/PIcG3AV4UjuN3Vvtdx
|
||||||
|
BkP4/S/jn7tEBlNc1DmkrgmuUF5iwPR0CTMG1I6gxUkjyxWyPKntq6wegPT4QMRE
|
||||||
|
eePq6SjKOOH06u4W1z4HM1ipMOK1VJrozQabnmZnhbE2+Gfy76N+Fe0sjG2iK/pg
|
||||||
|
J8v/KT6BrhR0PYvGJirnZD0MvIlSZA+xI/FpKav/Y2195Bb+LEJY+nJoxepdj8ev
|
||||||
|
d7N+J6g5Yt6SN9BJS0QTmtatFlTnfsU8nAYCEVB1Uxc
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
PnAXBG7IsVdWs3TEthQFSDglnQdZlmBzhYWq5er7Q32i06BGw0OJp5c7VNi6zLFd
|
||||||
|
EOSYtdZ8SaK/CL7m3LROmv8NraVst2ml7zKeYPZ5/xHLVBb57SWkFYZIalMpZDr3
|
||||||
|
IVRxHifZVS6hgdCa5MWUotOsdzbStUSSh6G7TCrP/LnCeh/abOXLkvqLj9NrHeAH
|
||||||
|
UOb+Sxay3y5jUc3OBPGWw0LzGFa8S0vKhqGYIIMUcFBoenQ68/WYMMt9Lc5nD9yA
|
||||||
|
fiH0ytkhZVkPd1+0MQ99dpCgUOcK7SOG/jUDIOhVJ8OQMoqovaML0Kmz6+Csj8l3
|
||||||
|
l+iMd19D8CCK16dLGDi3LdvDaanIHq7H8vOW5ihWgV313aLYWdYJDIKhyn90XO0b
|
||||||
|
SjF7dFuPxsIb+8r8/hk8xPdGu1cB3ryfEUaccQF1f0q3jBaM1RZ5Jfu/0fVHDnOj
|
||||||
|
9c1lMC2MvwBOFFrNo9GzKjq6ezLBb58i8fV5+LZTVOgMa25BusCpnHW+KerjpGb1
|
||||||
|
/2RK8WoXoviGAAaPuIp0ttD21oj7Ba7ZjalzO328cTlK/J6wp6qxoJOC9FuXBZCf
|
||||||
|
M91kGWavS8Y941kRZJBD14VhLQeIjzRphnR64r03kv8HyIDSAmNc2sDOoqji1G4Q
|
||||||
|
Fxs1oKVnSxmnGWazjmxtOtbDMhJjJlLyVEJOxgHXmz0
|
||||||
|
-> piv-p256 vRzPNw A8qqho2hbHfodtF8D4JFu039UlMDhXhIy1lzqOBkIpIB
|
||||||
|
CY5cHkLTHhhNIq1s6iFVGyKyIMemO/my/GmnWS2we08
|
||||||
|
-> piv-p256 zqq/iw A23triY0bM1tpn20GXCvGCcWny9dkQDY6tP7du/HmJty
|
||||||
|
vXVsqP2j6Kf0mwb29jSY/qn1FFnmQLWVEcL002MT6U0
|
||||||
|
-> ssh-ed25519 YFSOsg KZ5TnAoRXHKCIEg1eoMO28saKhKmG08lCoCKNnWaOTM
|
||||||
|
FOOqg8s2cVDPAiIVmYI2UkmpXWimQE4Sy+gCwH7oYEw
|
||||||
|
-> ssh-ed25519 iHV63A mlcNQxplVIGOPIte0u+vibNIQtV1FCzC5IUmz7183SY
|
||||||
|
5IlGvhYYU510PkdyzdNGgFfS9f2rkU1dMJ2Spt3RGls
|
||||||
|
-> ssh-ed25519 BVsyTA s5BCUQJfI9Oo8XclNEp9ZJxklF/OwVECb7vFReVQ+SA
|
||||||
|
0U2S5Y2den/c/5wNt3RI69AaURAZoEIxjoL1cBtomxM
|
||||||
|
-> ssh-ed25519 +3V2lQ ot8xMJdVEzGv0W17UMaOvDp5ltMV1t8zrXhkpRjwrEo
|
||||||
|
M8ky+nhQo/rgBZ2gzD1rf++MIJXzrkh9RmGOvL4cqV8
|
||||||
|
--- 5RnhwI3yXutsCzaH+lUK221P8Drag4a4LWW0vMJKyis
|
||||||
|
P£v ^V÷ä]zù;>Ev»-䊽Uª¨}üpb€ð2žÆ3W?Ôo¬!m»ç¶×
|
||||||
|
ËNÌ 7™—"•Ÿ'•â}qk
|
BIN
secrets/mastodon-active-record-encryption-primary-key.age
Normal file
BIN
secrets/mastodon-active-record-encryption-primary-key.age
Normal file
Binary file not shown.
Binary file not shown.
|
@ -43,6 +43,10 @@ in
|
||||||
"delite-wg-private-key.age".publicKeys = deliteKeys ++ adminKeys;
|
"delite-wg-private-key.age".publicKeys = deliteKeys ++ adminKeys;
|
||||||
"blue-shell-wg-private-key.age".publicKeys = blueshellKeys ++ adminKeys;
|
"blue-shell-wg-private-key.age".publicKeys = blueshellKeys ++ adminKeys;
|
||||||
|
|
||||||
|
"mastodon-active-record-encryption-deterministic-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
"mastodon-active-record-encryption-key-derivation-salt.age".publicKeys =
|
||||||
|
nachtigallKeys ++ adminKeys;
|
||||||
|
"mastodon-active-record-encryption-primary-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
"mastodon-secret-key-base.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"mastodon-secret-key-base.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
"mastodon-otp-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"mastodon-otp-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
"mastodon-vapid-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"mastodon-vapid-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
|
Loading…
Reference in a new issue