vueko/mail: Add alias

Add cargo credentials provider via pass
renge/element-web: Fix frame-ancestors CSP
2024-08-17 08:53:33 +02:00 · 2024-08-08 23:37:40 +02:00 · 2024-08-08 21:26:14 +02:00 · 2024-08-03 13:53:07 +02:00 · 2024-08-03 12:26:36 +02:00 · 2024-08-03 11:06:41 +02:00
24 changed files with 465 additions and 102 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -20,6 +20,7 @@ keys:
  - &nazuna 0b8be5d87a10a0e68dda97212c4befad1f9e915c
  - &yuzuru a1ee5bc0249163a047440ef2649e770ec6ea16e4
  - &koyomi a53d4ca8d2cf54613822c81d660e69babee42643
+  - &ci-runner 20e376b89b30327fb82f12e8e8b72d52c3aa39ee
 creation_rules:
  - path_regex: machines/nunotaba/secrets\.yaml$
    key_groups:
@ -105,6 +106,13 @@ creation_rules:
      - *simon-alpha
      - *simon-beta
      - *koyomi
+  - path_regex: machines/ci-runner/secrets\.yaml$
+    key_groups:
+    - pgp:
+      - *simon
+      - *simon-alpha
+      - *simon-beta
+      - *ci-runner
  - path_regex: secrets\.yaml$
    key_groups:
    - pgp:
--- a/flake.lock
+++ b/flake.lock
@ -85,11 +85,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1716736833,
-        "narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=",
+        "lastModified": 1720042825,
+        "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6",
+        "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
        "type": "github"
      },
      "original": {
@ -106,11 +106,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1717316182,
-        "narHash": "sha256-Xi0EpZcu39N0eW7apLjFfUOR9y80toyjYizez7J1wMI=",
+        "lastModified": 1722630065,
+        "narHash": "sha256-QfM/9BMRkCmgWzrPDK+KbgJOUlSJnfX4OvsUupEUZvA=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "9b53a10f4c91892f5af87cf55d08fba59ca086af",
+        "rev": "afc892db74d65042031a093adb6010c4c3378422",
        "type": "github"
      },
      "original": {
@ -189,11 +189,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1698974481,
-        "narHash": "sha256-yPncV9Ohdz1zPZxYHQf47S8S0VrnhV7nNhCawY46hDA=",
+        "lastModified": 1703863825,
+        "narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=",
        "owner": "nix-community",
        "repo": "nix-github-actions",
-        "rev": "4bb5e752616262457bc7ca5882192a564c0472d2",
+        "rev": "5163432afc817cf8bd1f031418d1869e4c9d5547",
        "type": "github"
      },
      "original": {
@ -212,11 +212,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1716213921,
-        "narHash": "sha256-xrsYFST8ij4QWaV6HEokCUNIZLjjLP1bYC60K8XiBVA=",
+        "lastModified": 1721042469,
+        "narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
-        "rev": "0e8fcc54b842ad8428c9e705cb5994eaf05c26a0",
+        "rev": "f451c19376071a90d8c58ab1a953c6e9840527fd",
        "type": "github"
      },
      "original": {
@ -228,11 +228,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1717248095,
-        "narHash": "sha256-e8X2eWjAHJQT82AAN+mCI0B68cIDBJpqJ156+VRrFO0=",
+        "lastModified": 1722332872,
+        "narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=",
        "owner": "nixos",
        "repo": "nixos-hardware",
-        "rev": "7b49d3967613d9aacac5b340ef158d493906ba79",
+        "rev": "14c333162ba53c02853add87a0000cbd7aa230c2",
        "type": "github"
      },
      "original": {
@ -244,11 +244,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1717144377,
-        "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
+        "lastModified": 1722519197,
+        "narHash": "sha256-VEdJmVU2eLFtLqCjTYJd1J7+Go8idAcZoT11IewFiRg=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "805a384895c696f802a9bf5bf4720f37385df547",
+        "rev": "05405724efa137a0b899cce5ab4dde463b4fd30b",
        "type": "github"
      },
      "original": {
@ -272,11 +272,11 @@
        "poetry2nix": "poetry2nix"
      },
      "locked": {
-        "lastModified": 1712934106,
-        "narHash": "sha256-JubHgaV6HUZarwwq4y2rxJaaj2a6euErJfCqpmhrhWk=",
+        "lastModified": 1719952130,
+        "narHash": "sha256-j38XlExNwK4ycmoNEdH/dHUd1QGdNvD3gx/UuLY+04Q=",
        "ref": "refs/heads/master",
-        "rev": "2bcb2b6c7b0e04f4ef8e51e00fd93a5e5cb00bf8",
-        "revCount": 66,
+        "rev": "3487b8ce24d40cc898f3dba0a9af5e028e1d5844",
+        "revCount": 68,
        "type": "git",
        "url": "https://git.sbruder.de/simon/nixpkgs-overlay"
      },
@ -287,43 +287,43 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1710695816,
-        "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
+        "lastModified": 1720386169,
+        "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "614b4613980a522ba49f0d194531beddbb7220d3",
+        "rev": "194846768975b7ad2c4988bdb82572c00222c0d7",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-23.11",
+        "ref": "nixos-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-stable_2": {
      "locked": {
-        "lastModified": 1717265169,
-        "narHash": "sha256-IITcGd6xpNoyq9SZBigCkv4+qMHSqot0RDPR4xsZ2CA=",
+        "lastModified": 1721524707,
+        "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "3b1b4895b2c5f9f5544d02132896aeb9ceea77bc",
+        "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "release-23.11",
+        "ref": "release-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1716948383,
-        "narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=",
+        "lastModified": 1722421184,
+        "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "ad57eef4ef0659193044870c731987a6df5cf56b",
+        "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58",
        "type": "github"
      },
      "original": {
@ -359,11 +359,11 @@
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1703801091,
-        "narHash": "sha256-ay1oI2IxhODG4KheqdxqlHlt6bUmvAogRZbzIcavR+k=",
+        "lastModified": 1721396844,
+        "narHash": "sha256-VduymKyeovo7JzcJ3ar4fryebNu36RnKlI+/TOMWN8w=",
        "ref": "refs/heads/master",
-        "rev": "9bddae5f112cdc471faf1a71d34bc4cc2497e946",
-        "revCount": 16,
+        "rev": "a09c08847b2539a069833d9ef72d74224c170a54",
+        "revCount": 19,
        "type": "git",
        "url": "https://git.sbruder.de/simon/password-hash-self-service"
      },
@ -387,11 +387,11 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1701399357,
-        "narHash": "sha256-QSGP2J73HQ4gF5yh+MnClv2KUKzcpTmikdmV8ULfq2E=",
+        "lastModified": 1714509427,
+        "narHash": "sha256-YTcd6n7BeAVxBNhzOgUHMmsgBkfQ2Cz9ZcFotXrpEg8=",
        "owner": "nix-community",
        "repo": "poetry2nix",
-        "rev": "7acb78166a659d6afe9b043bb6fe5cb5e86bb75e",
+        "rev": "184960be60652ca7f865123e8394ece988afb566",
        "type": "github"
      },
      "original": {
@ -450,11 +450,11 @@
        "nixpkgs-stable": "nixpkgs-stable_2"
      },
      "locked": {
-        "lastModified": 1717297459,
-        "narHash": "sha256-cZC2f68w5UrJ1f+2NWGV9Gx0dEYmxwomWN2B0lx0QRA=",
+        "lastModified": 1722114803,
+        "narHash": "sha256-s6YhI8UHwQvO4cIFLwl1wZ1eS5Cuuw7ld2VzUchdFP0=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "ab2a43b0d21d1d37d4d5726a892f714eaeb4b075",
+        "rev": "eb34eb588132d653e4c4925d862f1e5a227cc2ab",
        "type": "github"
      },
      "original": {
@ -501,11 +501,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1699786194,
-        "narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=",
+        "lastModified": 1714058656,
+        "narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1",
+        "rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f",
        "type": "github"
      },
      "original": {
--- a/keys/machines/ci-runner.asc
+++ b/keys/machines/ci-runner.asc
@ -0,0 +1,28 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+xsFNBAAAAAABEADCLQ+QHuf+tfp88c7rUzPPLLsfSNvH4lPw57cIz0hCADDIyBfs
+xZH+uSfBDX7EJyCdpRulpKeI+ixoMtpTo1sgLLnXTaiVY024+ZNtbHUtN28CuS5P
+O1uBfWn8ska524DobfHsiIfWRlHrrOdQpgoFfNLIalgbDJv84ktkV92e4NXwp9fg
+6/KzcR/LOwUr/ps/OV0+nXgWir9Kz7FepDBIu60UnMeqmqrpptFfxyhB9drps9m0
+8wQwaqX+1H4MRNnDVcZEQSdyCHrb3ia7Nc/ysUtguRlhmCuUxRAg1iGoQ4CwDadQ
+SgS8eofAmueoV0D0AM6zptFtHydX4U7ZYUeaVdEoKqAcl2IOEydSDg71bDrHDonc
+II71WezXY8B76M9W7vvphYjql97x8Eb7HMiDecrqxpaOcnPDeGSy2J9+ENXUhVbk
+tak2itzD7FXXpDy15Oam3zNAZV718TfyvsxjOq8xNIDUh1x5iDlR/YAOErro3qF/
+fQWIGaKZDDllOpP6BxTR87x85w56i9yPRJ1jl5UvUYKkU30HrnIo/sScy4s1NeSH
+XyIGHemm+8e1S2LYEQ/w2bnwKHHNS5kdfARMnaSpMurD+Pd9UBOHPn+M+ZVjX7hT
+wCn8QJSJZiUA0b1lJ8YgbXRodHn9jdpZugQ8frtImcDE3Lq+H/VqzJm0tQARAQAB
+zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT
+AQgAFgUCAAAAAAkQ6LctUsOqOe4CGw8CGQEAAC2dEAABcy5TinEg/yr40qtrPmdR
+qw+B3CezIZOhkFVXJ5SnKSD6kNmijgJjloSJgpQf9qqDsZ8asWzZN79h5s9fqNa
+GBn5jBBqoSLPtnNAvxiLk62iRyCbb7y645I1u5Cmg5eBPLjGpVrxI3rPcGojkBz7
+1LjtxCY94JI7lRYMpN6qOvyQlrTOxlFDE+C/x60UeliNzL3Ld17O9iuqlSGiYpz4
+kellyHF4zHvOcSmURmGmHDzPQvkLop81rCogMZkVoA0tg446U1sPdIo8HJZD+cLt
+LXCNlyLU/MK7RCAG25+Z2KE43Z0xuXyNmHc0tpYOWs6oob7+ZmsWFObpyN6v69G/
+rTnZbQCp/H/Rr19UbJhoEhDpB6J+6O1OlJXe5hUDiiIYpC6vtzJV8B0ERQ9Vr1TC
+nCo+RaBJoPbkJySSO500G3/psQugsxBcxRtCy78cHV1B4fKEJM4e1Hi3VP2uhCju
+gRaiLGikDy4rpQQxasszOO2Yt57OGV5qySnZ9hfDLhtmhmNjL2HazZlVT1um28j4
+DZQ7JUmjvlmzZPPt2fWG4k2zv6Xy1p2aLiuL+6TrQLjEyIMa41Lxf6bB7hlYo1Y
+3Xl5yE94wvBx2+gKEArlqdrn/P8cdktHuGrELBwVaVgvHHtBM3qfzBik2lIRJMIx
+haEIuBv/ZtSMbM/ItaAnJA==
+=eW+j
+-----END PGP PUBLIC KEY BLOCK-----
--- a/machines/ci-runner/README.md
+++ b/machines/ci-runner/README.md
@ -0,0 +1,15 @@
+<!--
+SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de>
+
+SPDX-License-Identifier: CC-BY-SA-4.0
+-->
+
+# ci-runner
+
+## Hardware
+
+QEMU/KVM virtual machine on [koyomi](../koyomi/README.md).
+
+## Purpose
+
+It will serve as a CI runner for Forgejo.
--- a/machines/ci-runner/configuration.nix
+++ b/machines/ci-runner/configuration.nix
@ -0,0 +1,79 @@
+# SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+{ config, lib, pkgs, ... }:
+let
+  instances = {
+    personal = {
+      url = "https://git.sbruder.de";
+    };
+    codeberg = {
+      url = "https://codeberg.org";
+    };
+  };
+in
+{
+  imports = [
+    ./hardware-configuration.nix
+    ../../modules
+  ];
+
+  sbruder = {
+    full = false;
+  };
+
+  networking.hostName = "ci-runner";
+
+  system.stateVersion = "24.05";
+
+  sops.secrets = lib.mapAttrs'
+    (name: _: lib.nameValuePair "forgejo-runner-token-${name}" {
+      sopsFile = ./secrets.yaml;
+    })
+    instances;
+
+  services.gitea-actions-runner = {
+    package = pkgs.forgejo-runner;
+    instances = lib.mapAttrs
+      (name: cfg: {
+        inherit (cfg) url;
+
+        enable = true;
+        name = "koyomi-vm";
+        tokenFile = config.sops.secrets."forgejo-runner-token-${name}".path;
+        labels = [
+          "nix:host"
+        ];
+        settings = {
+          log.level = "warn"; # seems to have little effect
+          runner = {
+            capacity = 4;
+            timeout = "1h";
+          };
+        };
+        hostPackages = with pkgs; [
+          bash
+          coreutils
+          git
+          git-lfs
+          nix
+          nodejs
+          podman
+        ];
+      })
+      instances;
+  };
+
+  virtualisation = {
+    podman = {
+      enable = true;
+      defaultNetwork.settings = {
+        ipv6_enabled = true;
+      };
+    };
+    containers.containersConf.settings = {
+      engine.cgroup_manager = "cgroupfs"; # systemd does not work for system user
+    };
+  };
+}
--- a/machines/ci-runner/hardware-configuration.nix
+++ b/machines/ci-runner/hardware-configuration.nix
@ -0,0 +1,56 @@
+# SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+{ modulesPath, ... }:
+
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  sbruder.machine.isVm = true;
+
+  boot = {
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
+    kernelParams = [ "console=ttyS0" ];
+    initrd = {
+      availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ];
+      kernelModules = [ ];
+    };
+    loader = {
+      grub.enable = false;
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/e1a9b0bb-9f04-498c-ac2f-aad9da4639f3";
+      fsType = "btrfs";
+      options = [ "compress=zstd" "discard" "noatime" "ssd" ]; # for some reason, the kernel assumes rotational
+    };
+    "/boot" = {
+      device = "/dev/disk/by-uuid/7A51-7897";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+  };
+
+  networking = {
+    useDHCP = false;
+    usePredictableInterfaceNames = false;
+  };
+  systemd.network = {
+    enable = true;
+    networks = {
+      eth0 = {
+        name = "eth0";
+        DHCP = "yes";
+        domains = [ "sbruder.de" ];
+      };
+    };
+  };
+}
--- a/machines/ci-runner/secrets.yaml
+++ b/machines/ci-runner/secrets.yaml
@ -0,0 +1,73 @@
+forgejo-runner-token-codeberg: ENC[AES256_GCM,data:dOoTwNaXUDrkE5qUldDMI/SQt3mufCF4Aeua7jqvSFTXuB15rLgdbC99+7MlMTc=,iv:7jakhJ3gKWxN0ACG9MfkOeA/X2HnTKHXxMvLJ/b/9uM=,tag:i7uk5pjd5ALnQrH6F5WhZg==,type:str]
+forgejo-runner-token-personal: ENC[AES256_GCM,data:U2VmQW3mO+3lNBczxU5MmKjseCICXcu1q9g4xctrJMl7Hcau0Hfy2IT8YzaEnTo=,iv:IRf+5sTyx20cMyUCg8jffDiSIuNgVRySD7eqOlzzAXY=,tag:vLEo/E2VUZ4Uu/vTFDomUw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2024-07-31T15:26:48Z"
+    mac: ENC[AES256_GCM,data:qS+MsheUb+zsG5VuNqPAQz4QHDutltBQoY/qWWxSHpp5ty9O477mpsAGwP2okQJfrfbr5zfy9fUMOB/9GV3VWwhNfzmLSbSHM9f/0a1sgv7q2qsX3Z9HTyYoYJD1i9vfIX+AYCgeP7IlbPH/DOi5R6zYO34ETk1UqgSAtWjpu44=,iv:/oe5jlyzDTPZlNB0ToZpsJr/nwGU3QoGerHd7N4TjDY=,tag:U1R8PwdeWvViEhHJ04Un2w==,type:str]
+    pgp:
+        - created_at: "2024-07-19T10:09:12Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hF4DLHeEFiC484ASAQdAV+XCpuYtwJAQ0tudjofCp9kLhagt3iFPOZxMVm7Wu38w
+            7h11CkDL2crHptPFundK0cVC1C149l8fpTRM3w6HzrqrYeSb2rVB3sTJnquWE6vc
+            hF4Dub78fMESoMASAQdAyxaxQvNwxAVVLs2zfhpaEVJMJTVb2X8Re28T5oyzBTsw
+            vfLrp2aF9f6aR0rKawCdWCtbkdT84RqjcmFeRFm80aKg/moUOsEGKrJIom8bvzgC
+            hF4DM6AcvgVUx2MSAQdAkmk2DPVyggHcMG98DGidvPx2lx6f1jUctmu4bgCOCXow
+            JmC3Navjws1ki32t3AYO18VLzTdJnnoUZsMgKIZjrmTYq1SYEbZF7YkHpFKyD2P/
+            1GgBCQIQznxhAwr2Y1EfOOIurUCAFioUkb00NYurpRtXkwlq6zXj+g3mqy4oIxwE
+            G8PWC0Gd5DDf3vgY8gu+yIPdQYVtPEmcgdVAuf2URXeZzOYkYdME9aHjmOkZZLgl
+            q+rcko9nXtgqfQ==
+            =a7Tl
+            -----END PGP MESSAGE-----
+          fp: 6CD375BD0741F67E5A289BC333A01CBE0554C763
+        - created_at: "2024-07-19T10:09:12Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hF4Dub78fMESoMASAQdAn4gu062b6uphH7aptsB+qJsJvw5j1jeEijaiN3g3HCEw
+            7efyFGEXz5Jr3QBkvA86zzzw4uaj6s8jcpGkygPgVxkid+wNPNE7Od2GxwsQ7Rzs
+            1GgBCQIQznKTHLTufQbnTxtYWdZ7Vd7d90/hl9ZkGRXCq5llvppaYkuO+RO3HeW1
+            Z4hAPFKrvOjNctb/Puh9kbmQ2g02KFdzs1xUvq3+Ma6gI+WeefV/R/VewAVve8+2
+            G/CwY+iDECvL1A==
+            =QVmD
+            -----END PGP MESSAGE-----
+          fp: 0C8AF4B4320A511384DF6B5BB9BEFC7CC112A0C0
+        - created_at: "2024-07-19T10:09:12Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hF4DLHeEFiC484ASAQdAwLuRB1t778hUtgsjaQisVwMhBudnSIOtrBFehLU5Smow
+            AA29mIR2539iMz/Qkdjoumj3IIKGu6a/fBeu0eLUcZqSt5PtpMKMDnF47HeRv/QQ
+            1GgBCQIQGjEJcIaQyjBPuHyxUNryt6M72ed5eKsnsHBhe+xmwc8AFliP2rt/kZOn
+            yJGjhMrFAib5i8rRDQiW+HlDHKZeGxsX3yLGdOSI9KfIFvawcYV8pxDFzIca/3X1
+            TcVFed7B2BUIow==
+            =6bPt
+            -----END PGP MESSAGE-----
+          fp: 403215E0F99D2582C7055C512C77841620B8F380
+        - created_at: "2024-07-19T10:09:12Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA+i3LVLDqjnuARAArF6aiDcKtyilbZXdBga+6nAqwBdpeYfXlnTMUztFLRYs
+            cSSe2HKu6J9G1oMqpZuNcGLUXgrdKk8PO3YmivWcPubQ0ruiorgzmSnXDhYvij7+
+            b9b3dSWXwe82sdCVlSQZRNeapeb1hW8wcrKSoFDUYyIl3HdlxFcB1Y7hKe3XpzAy
+            UMxgZ8B+Ne1JOHZw97YhZmr834F7/i4vCUv/US+dGd5Fl4a3bX/8ft43T0uj5JWW
+            PsbjZa2LIuV6dhXu8URraQHj24Z2xM/PSSmm277MzFiXVT/0jWHe38iXLxsp7/KV
+            hFYqbH49P7gTC7GWJ0xHJaICWXR9WJKSttc5ue8sMkf4rj3C/ULmxS7uKbUn4FgD
+            Po4XCOSanZZZos4Tz/KxExLjDioJbCBUSBVQUP07RRDyVjIEe4GlOG7QCVgqty6U
+            LJk7sQLgFOsCgaMGuA5u5hulWx7YDHqaZxKwWZ4ME8huoP2F7L4HzoWJGK33chCR
+            1t+p/cnflcz459bSGmDMjprZAtD2XFD08/GbDqS7rotPy0h+dnbT7TnvHrFFGjd2
+            Qw8SIytL0D0KcqKOIXztwtt30RqTMp3CnV22NasGJsbhshAV3zVheI/8dA6UuB4r
+            kltGrz+O+Z7HMwuYKKTUzz3C29VJYYhPlf4uq3kF+JJZC6ZQUNAoD5rgVDeZDyDS
+            WAEqbel5S7ImX3oAsIF21iI11jsbWHS1/PjHdsBQdSeBzVXooiRfVa/e4ixgk8S1
+            tbJl8GcvK4vdDxW689A86w7DoquocXRzJIYsKB/GVfsrTlTofAwPjHY=
+            =bQn7
+            -----END PGP MESSAGE-----
+          fp: 20e376b89b30327fb82f12e8e8b72d52c3aa39ee
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
--- a/machines/default.nix
+++ b/machines/default.nix
@ -85,4 +85,9 @@ in

    targetHost = "koyomi.sbruder.de";
  };
+  ci-runner = {
+    system = "x86_64-linux";
+
+    targetHost = "ci-runner.sbruder.de";
+  };
 }
--- a/machines/fuuko/configuration.nix
+++ b/machines/fuuko/configuration.nix
@ -19,6 +19,7 @@
  sbruder = {
    wireguard.home.enable = true;
    nginx.hardening.enable = true;
+    printing.server.enable = true;
    restic.system = {
      enable = true;
      qos = true;
--- a/machines/hitagi/configuration.nix
+++ b/machines/hitagi/configuration.nix
@ -18,6 +18,7 @@
    };
    gui.enable = true;
    media-proxy.enable = true;
+    podman.enable = true;
    restic.system = {
      enable = true;
      qos = true;
--- a/machines/renge/services/element-web.nix
+++ b/machines/renge/services/element-web.nix
@ -3,20 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-or-later

 { lib, pkgs, ... }:
-let
-  # This uses
-  # https://github.com/vector-im/element-web#configuration-best-practices
-  # but allows to disable the frame-ancestors rule for /usercontent/.
-  mkSecurityHeaders = withFrameOptions: ''
-    add_header X-Content-Type-Options nosniff;
-    add_header X-Frame-Options SAMEORIGIN;
-    add_header X-XSS-Protection "1; mode=block";
-  '' + lib.optionalString withFrameOptions ''
-    add_header Content-Security-Policy "frame-ancestors 'none'";
-  '' + lib.optionalString (!withFrameOptions) ''
-    add_header Content-Security-Policy "frame-ancestors 'self'";
-  '';
-in
+
 {
  services.nginx.virtualHosts."chat.sbruder.de" = {
    enableACME = true;
@ -24,8 +11,13 @@ in

    root = pkgs.element-web;

-    extraConfig = mkSecurityHeaders true;
-    locations."/usercontent/".extraConfig = mkSecurityHeaders false;
+    # https://github.com/vector-im/element-web#configuration-best-practices
+    extraConfig = ''
+      add_header X-Content-Type-Options nosniff;
+      add_header X-Frame-Options SAMEORIGIN;
+      add_header X-XSS-Protection "1; mode=block";
+      add_header Content-Security-Policy "frame-ancestors 'self'";
+    '';

    # nixpkgs’s override mechanism doesn’t allow overriding of all options
    locations."=/config.chat.sbruder.de.json".alias = pkgs.writeText "config.chat.sbruder.de.json" (lib.generators.toJSON { } {
--- a/machines/vueko/secrets/mail-users.nix
+++ b/machines/vueko/secrets/mail-users.nix
--- a/machines/yuzuru/configuration.nix
+++ b/machines/yuzuru/configuration.nix
@ -10,6 +10,7 @@
    ../../modules

    ./services/static-sites.nix
+    ./services/li7y.nix
  ];

  sbruder = {
--- a/machines/yuzuru/secrets.yaml
+++ b/machines/yuzuru/secrets.yaml
@ -1,12 +1,13 @@
 wg-home-private-key: ENC[AES256_GCM,data:0ylkx9p62CBGqVg+T52eHbMwbLcZM/v3tg/wJukDq76heN1TtQqbbqgVZKc=,iv:/aUkqKhihnBWQFLIRjS7kHigBCBXX7L4KY5q+cO9Q00=,tag:jQSMVElMfIyrG5hs7HuxUQ==,type:str]
+li7y-environment: ENC[AES256_GCM,data:cm4+672JelbYsBm0rwrF/I9gS72XfAlj335v0+EfXmPSD1LCBJ3clR7jZC7SVH5D9ZSaSlrY8J/+7hgDmzsiR2kypNBvfMvN825AF5QFehnYeHhxUktU+uig7RzpRUeWSPM0r8j6lmpGNc7vd3S+L3TWn2ZfCJ8Kc28Ad2M9yFiZ7PPqB6qqLnsx2peQuafDhefuohLPOYA=,iv:84yL6l7zqeb7l3w3ARskJoQEvI1+HxoCCKrLhB0kx7E=,tag:GCetAOW7pvyjKEM26A9ZbA==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age: []
-    lastmodified: "2024-01-02T22:37:47Z"
-    mac: ENC[AES256_GCM,data:oBfM/DF/TfWJIW1VlvZ4Z+vBQxCmHm8J83pjILtHFBwU14f1H09iIsswY1xyAwO9wO3cttf4xjrSa6mGGUyQFqLdEzj8z/JkCm1vwpLZQW+j8FpRjH1ryyE6G/3eS5tboUZgmAwBPDsulJr3NBi121RHhZvWf1dv2T/J5IcZMxI=,iv://TpDpO8tNaibh8ABqE1AT6CPK62rtUZiFmYP9ST3MA=,tag:5SErG/jDycIdxX3ABOcsow==,type:str]
+    lastmodified: "2024-07-14T17:32:43Z"
+    mac: ENC[AES256_GCM,data:7D9xHNpdhI6CgX94PAoJJIJqVZ403ZL7dXbdnod2do4M+Qf0yRrRDxi6hPipf0BX0vsSq1npdiXcnwP50PZHal8LW7IJRjfefW5WnO+BLD42sIxt5mikdNfZhpyg3dHB7j+8m1lE1+veK/Ho06V32sckibhBG4AFBfMZ/k1VIns=,iv:NS9CaSyEUdmJEKFejiaugtZ5Nf8norhoaCaOwPZsxow=,tag:Y2Nu92iYO0PSqtXMLc3D7g==,type:str]
    pgp:
        - created_at: "2024-01-22T00:20:20Z"
          enc: |-
--- a/machines/yuzuru/services/li7y.nix
+++ b/machines/yuzuru/services/li7y.nix
@ -0,0 +1,60 @@
+# SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+{ config, pkgs, ... }:
+
+{
+  sops.secrets.li7y-environment = {
+    sopsFile = ../secrets.yaml;
+    owner = "li7y";
+  };
+
+  users.users.li7y = {
+    isSystemUser = true;
+    home = "/var/lib/li7y";
+    createHome = true;
+    group = "li7y";
+  };
+  users.groups.li7y = { };
+
+  virtualisation = {
+    podman = {
+      enable = true;
+      defaultNetwork.settings = {
+        ipv6_enabled = true;
+      };
+    };
+  };
+
+  systemd.services.podman-li7y = {
+    wantedBy = [ "multi-user.target" ];
+
+    serviceConfig = {
+      ExecStartPre = "${pkgs.podman}/bin/podman pull git.sbruder.de/simon/li7y";
+      ExecStart = "${pkgs.podman}/bin/podman run --rm --name=li7y --userns=keep-id -v /run/postgresql:/run/postgresql --env-file ${config.sops.secrets.li7y-environment.path} -e 'DATABASE_URL=postgres:///?port=5432&host=/run/postgresql' -e LISTEN_ADDRESS=:: -p 127.0.0.1:8080:8080 git.sbruder.de/simon/li7y";
+      User = "li7y";
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    virtualHosts."i7y.eu" = {
+      forceSSL = true;
+      enableACME = true;
+
+      locations."/".proxyPass = "http://127.0.0.1:8080";
+    };
+  };
+
+  services.postgresql = {
+    enable = true;
+    ensureDatabases = [ "li7y" ];
+    ensureUsers = [
+      {
+        name = "li7y";
+        ensureDBOwnership = true;
+      }
+    ];
+  };
+}
--- a/modules/cups.nix
+++ b/modules/cups.nix
@ -1,36 +1,58 @@
-# SPDX-FileCopyrightText: 2020-2022 Simon Bruder <simon@sbruder.de>
+# SPDX-FileCopyrightText: 2020-2024 Simon Bruder <simon@sbruder.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later

 { config, lib, pkgs, ... }:
 let
-  gutenprintWithVersion = "gutenprint.${lib.versions.majorMinor (lib.getVersion pkgs.gutenprint)}";
-in
-lib.mkIf config.sbruder.gui.enable {
-  services = {
-    printing = {
-      enable = true;
-      drivers = with pkgs; [
-        gutenprint
-      ] ++ lib.optional config.sbruder.unfree.allowSoftware (cups-kyocera-ecosys-m552x-p502x.override {
-        # in Kyocera terms, EU means duplex enabled by default
-        region = "EU";
-      });
-    };
-    avahi.enable = true;
+  printersPerServer = {
+    fuuko = [
+      {
+        name = "etikettierviech";
+        deviceUri = "usb://SII/SLP650?serial=32152867B0";
+        model = "seiko/siislp650.ppd.gz";
+      }
+    ];
  };
-
-  hardware.printers.ensurePrinters = [
-    {
-      name = "ich_drucke_nicht";
-      deviceUri = "socket://192.168.178.26";
-      model = "${gutenprintWithVersion}://bjc-TS3100-series/expert";
-    }
-  ] ++ lib.optionals config.sbruder.unfree.allowSoftware [
-    {
-      name = "elma";
-      deviceUri = "socket://elma.fritz.box";
-      model = "Kyocera/Kyocera ECOSYS P5021cdn.PPD";
-    }
+in
+{
+  options.sbruder.printing = {
+    server.enable = lib.mkEnableOption "printing server";
+    client.enable = (lib.mkEnableOption "printing client") // { default = config.sbruder.gui.enable; };
+  };
+  config = lib.mkMerge [
+    (lib.mkIf (config.sbruder.printing.client.enable || config.sbruder.printing.server.enable) {
+      services.printing = {
+        enable = true;
+        drivers = with pkgs; [
+          cups-sii-slp-400-600
+          gutenprint
+        ];
+      };
+    })
+    (lib.mkIf config.sbruder.printing.server.enable {
+      services.printing = {
+        stateless = true;
+        startWhenNeeded = false; # cups.socket interferes with cups.service (cups.socket binds to IPv4, so cups.service can only bind to IPv6)
+        listenAddresses = [ "*:631" ];
+        allowFrom = [ "all" ];
+        openFirewall = true;
+        defaultShared = true;
+        extraConf = ''
+          ServerAlias fuuko.lan.shinonome-lab.de
+        '';
+      };
+      hardware.printers.ensurePrinters = printersPerServer.${config.networking.hostName};
+    })
+    (lib.mkIf config.sbruder.printing.client.enable {
+      services.avahi.enable = true;
+      hardware.printers.ensurePrinters = [
+        {
+          name = "etikettierviech";
+          model = "everywhere";
+          deviceUri = "ipps://fuuko.lan.shinonome-lab.de:631/printers/etikettierviech";
+          description = "SII SLP 650";
+        }
+      ];
+    })
  ];
 }
--- a/modules/nix.nix
+++ b/modules/nix.nix
@ -31,11 +31,6 @@ in
      nixpkgs-unstable.flake = nixpkgs-unstable;
    };

-    nixPath = [
-      "nixpkgs-overlays=${overlaysCompat}"
-      "nixpkgs-unstable=flake:nixpkgs-unstable"
-    ];
-
    settings = {
      # Make sudoers trusted nix users
      trusted-users = [ "@wheel" ];
@ -44,6 +39,13 @@ in
      auto-optimise-store = true;

      experimental-features = "nix-command flakes";
+
+      # nix.nixPath does not work when nix.channel.enable == false (for some reason)
+      nix-path = [
+        "nixpkgs-overlays=${overlaysCompat}"
+        "nixpkgs=flake:nixpkgs"
+        "nixpkgs-unstable=flake:nixpkgs-unstable"
+      ];
    } // (lib.optionalAttrs config.sbruder.full {
      # Keep output of derivations with gc root
      keep-outputs = true;
--- a/modules/podman.nix
+++ b/modules/podman.nix
@ -12,6 +12,7 @@

    environment.systemPackages = with pkgs; [
      buildah
+      passt # required by buildah by default
      podman-compose
      skopeo
    ];
--- a/modules/prometheus/smartctl_exporter.nix
+++ b/modules/prometheus/smartctl_exporter.nix
@ -4,9 +4,9 @@

 { config, lib, ... }:

-{
+lib.mkIf (config.sbruder.wireguard.home.enable && !config.sbruder.machine.isVm) {
  services.prometheus.exporters.smartctl = {
-    enable = config.sbruder.wireguard.home.enable && !config.sbruder.machine.isVm;
+    enable = true;
    listenAddress = config.sbruder.wireguard.home.address;
    # devices need to be specified for all systems that use NVMe
    # https://github.com/NixOS/nixpkgs/issues/210041
--- a/users/simon/modules/default.nix
+++ b/users/simon/modules/default.nix
@ -24,6 +24,7 @@
    ./neovim
    ./pass.nix
    ./programs.nix
+    ./rust.nix
    ./scripts
    ./sway
    ./tmate.nix
--- a/users/simon/modules/gpg.nix
+++ b/users/simon/modules/gpg.nix
@ -20,7 +20,7 @@
    enableZshIntegration = true;
    enableSshSupport = lib.mkDefault nixosConfig.sbruder.gui.enable;

-    pinentryPackage = if nixosConfig.sbruder.gui.enable then pkgs.pinentry-gnome3 else pkgs.pinentry-curses;
+    pinentryPackage = if nixosConfig.sbruder.gui.enable then pkgs.pinentry-qt else pkgs.pinentry-curses;

    defaultCacheTtl = 300;
    defaultCacheTtlSsh = defaultCacheTtl;
--- a/users/simon/modules/neovim/init.lua
+++ b/users/simon/modules/neovim/init.lua
@ -437,6 +437,9 @@ require('nvim-treesitter.configs').setup {
    },
    indent = {
        enable = true,
+        disable = {
+            'rust', -- broken in macros, annoying with maud
+        },
    },
 }

--- a/users/simon/modules/rust.nix
+++ b/users/simon/modules/rust.nix
@ -0,0 +1,16 @@
+# SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+{ lib, pkgs, ... }:
+
+{
+  home.file.".cargo/config.toml".source = (pkgs.formats.toml { }).generate "cargo-config.toml" {
+    registry = {
+      global-credential-providers = lib.singleton "cargo:token-from-stdout ${pkgs.writeShellScript "" ''
+        set -eu
+        pass cargo/registry-token/"$(base64 -w0 <<< "''${CARGO_REGISTRY_INDEX_URL}")"
+      ''}";
+    };
+  };
+}
--- a/users/simon/modules/youtube-dl.nix
+++ b/users/simon/modules/youtube-dl.nix
@ -25,12 +25,10 @@ let
 in
 {
  xdg.configFile = {
-    "youtube-dl/config".text = textConfig;
    "yt-dlp/config".text = textConfig;
  };

  home.packages = with pkgs; [
-    youtube-dl
    unstable.yt-dlp
  ];
 }
Author	SHA1	Message	Date
Simon Bruder	7a39ce50d2	vueko/mail: Add alias	2024-08-17 08:53:33 +02:00
Simon Bruder	0345000e05	Add cargo credentials provider via pass	2024-08-08 23:37:40 +02:00
Simon Bruder	391234776a	renge/element-web: Fix frame-ancestors CSP Something changed in how Firefox interprets the CSP, which made loading element web fail.	2024-08-08 21:26:14 +02:00
Simon Bruder	08e30e01cf	Remove youtube-dl It is marked as insecure, and was unused anyway.	2024-08-03 13:53:07 +02:00
Simon Bruder	e91ca8e267	flake.lock: Update Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/391ca6e950c2525b4f853cbe29922452c14eda82' (2024-07-01) → 'github:nix-community/home-manager/e1391fb22e18a36f57e6999c7a9f966dc80ac073' (2024-07-03) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/59ce796b2563e19821361abbe2067c3bb4143a7d' (2024-07-01) → 'github:nix-community/home-manager/afc892db74d65042031a093adb6010c4c3378422' (2024-08-02) • Updated input 'nix-pre-commit-hooks': 'github:cachix/pre-commit-hooks.nix/0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07' (2024-06-24) → 'github:cachix/pre-commit-hooks.nix/f451c19376071a90d8c58ab1a953c6e9840527fd' (2024-07-15) • Updated input 'nix-pre-commit-hooks/nixpkgs-stable': 'github:NixOS/nixpkgs/03d771e513ce90147b65fe922d87d3a0356fc125' (2024-06-19) → 'github:NixOS/nixpkgs/194846768975b7ad2c4988bdb82572c00222c0d7' (2024-07-07) • Updated input 'nixos-hardware': 'github:nixos/nixos-hardware/6e253f12b1009053eff5344be5e835f604bb64cd' (2024-07-02) → 'github:nixos/nixos-hardware/14c333162ba53c02853add87a0000cbd7aa230c2' (2024-07-30) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/d032c1a6dfad4eedec7e35e91986becc699d7d69' (2024-07-01) → 'github:nixos/nixpkgs/05405724efa137a0b899cce5ab4dde463b4fd30b' (2024-08-01) • Updated input 'nixpkgs-unstable': 'github:nixos/nixpkgs/00d80d13810dbfea8ab4ed1009b09100cca86ba8' (2024-07-01) → 'github:nixos/nixpkgs/9f918d616c5321ad374ae6cb5ea89c9e04bf3e58' (2024-07-31) • Updated input 'password-hash-self-service': 'git+https://git.sbruder.de/simon/password-hash-self-service?ref=refs/heads/master&rev=df4244f6c960f041d5b4373d4c3b093bba4caef7' (2024-06-02) → 'git+https://git.sbruder.de/simon/password-hash-self-service?ref=refs/heads/master&rev=a09c08847b2539a069833d9ef72d74224c170a54' (2024-07-19) • Updated input 'sops-nix': 'github:Mic92/sops-nix/a11224af8d824935f363928074b4717ca2e280db' (2024-07-01) → 'github:Mic92/sops-nix/eb34eb588132d653e4c4925d862f1e5a227cc2ab' (2024-07-27) • Updated input 'sops-nix/nixpkgs-stable': 'github:NixOS/nixpkgs/4a1e673523344f6ccc84b37f4413ad74ea19a119' (2024-06-29) → 'github:NixOS/nixpkgs/556533a23879fc7e5f98dd2e0b31a6911a213171' (2024-07-21)	2024-08-03 12:26:36 +02:00
Simon Bruder	8e6ca13338	ci-runner: Add codeberg	2024-08-03 11:06:41 +02:00
Simon Bruder	216074e457	vueko/mail: Add alias	2024-07-30 17:25:00 +02:00
Simon Bruder	528d94aeaf	vueko/mail: Add alias	2024-07-29 23:31:44 +02:00
Simon Bruder	a8565438e3	vueko/mail: Add alias	2024-07-28 11:18:04 +02:00
Simon Bruder	9a3290b259	ci-runner: Init	2024-07-28 11:17:57 +02:00
Simon Bruder	d7600be2e3	smartctl_exporter: Fix guard	2024-07-19 15:32:21 +02:00
Simon Bruder	900d7fac74	vueko/mail: Add alias	2024-07-19 11:36:07 +02:00
Simon Bruder	8627ed8dc1	yuzuru/li7y: Init For now, it is implemented using OCI containers for fast deployments.	2024-07-19 11:36:07 +02:00
Simon Bruder	7d23321c0f	cups: Restructure to include SII SLP 650	2024-07-19 11:36:06 +02:00
Simon Bruder	04b54a2ed1	vueko/mail: Add alias	2024-07-14 19:03:16 +02:00
Simon Bruder	54540aae6e	neovim: Disable tree-sitter indentation for rust	2024-07-14 19:02:21 +02:00
Simon Bruder	1d889fddbe	vueko/mail: Add alias	2024-07-05 01:24:27 +02:00
Simon Bruder	7ad4a45bb6	vueko/mail: Add alias	2024-07-02 21:41:55 +02:00
Simon Bruder	9458f0e70d	vueko/mail: Add alias	2024-07-02 19:09:44 +02:00
Simon Bruder	3193aa4399	flake.lock: Update Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/a631666f5ec18271e86a5cde998cba68c33d9ac6' (2024-05-26) → 'github:nix-community/home-manager/391ca6e950c2525b4f853cbe29922452c14eda82' (2024-07-01) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/9b53a10f4c91892f5af87cf55d08fba59ca086af' (2024-06-02) → 'github:nix-community/home-manager/59ce796b2563e19821361abbe2067c3bb4143a7d' (2024-07-01) • Updated input 'nix-pre-commit-hooks': 'github:cachix/pre-commit-hooks.nix/0e8fcc54b842ad8428c9e705cb5994eaf05c26a0' (2024-05-20) → 'github:cachix/pre-commit-hooks.nix/0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07' (2024-06-24) • Updated input 'nix-pre-commit-hooks/nixpkgs-stable': 'github:NixOS/nixpkgs/614b4613980a522ba49f0d194531beddbb7220d3' (2024-03-17) → 'github:NixOS/nixpkgs/03d771e513ce90147b65fe922d87d3a0356fc125' (2024-06-19) • Updated input 'nixos-hardware': 'github:nixos/nixos-hardware/7b49d3967613d9aacac5b340ef158d493906ba79' (2024-06-01) → 'github:nixos/nixos-hardware/6e253f12b1009053eff5344be5e835f604bb64cd' (2024-07-02) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/805a384895c696f802a9bf5bf4720f37385df547' (2024-05-31) → 'github:nixos/nixpkgs/d032c1a6dfad4eedec7e35e91986becc699d7d69' (2024-07-01) • Updated input 'nixpkgs-unstable': 'github:nixos/nixpkgs/ad57eef4ef0659193044870c731987a6df5cf56b' (2024-05-29) → 'github:nixos/nixpkgs/00d80d13810dbfea8ab4ed1009b09100cca86ba8' (2024-07-01) • Updated input 'password-hash-self-service': 'git+https://git.sbruder.de/simon/password-hash-self-service?ref=refs/heads/master&rev=9bddae5f112cdc471faf1a71d34bc4cc2497e946' (2023-12-28) → 'git+https://git.sbruder.de/simon/password-hash-self-service?ref=refs/heads/master&rev=df4244f6c960f041d5b4373d4c3b093bba4caef7' (2024-06-02) • Updated input 'sops-nix': 'github:Mic92/sops-nix/ab2a43b0d21d1d37d4d5726a892f714eaeb4b075' (2024-06-02) → 'github:Mic92/sops-nix/a11224af8d824935f363928074b4717ca2e280db' (2024-07-01) • Updated input 'sops-nix/nixpkgs-stable': 'github:NixOS/nixpkgs/3b1b4895b2c5f9f5544d02132896aeb9ceea77bc' (2024-06-01) → 'github:NixOS/nixpkgs/4a1e673523344f6ccc84b37f4413ad74ea19a119' (2024-06-29)	2024-07-02 18:24:57 +02:00
Simon Bruder	616d1df52c	vueko/mail: Add alias	2024-07-02 17:18:11 +02:00
Simon Bruder	9887789487	vueko/mail: Add alias	2024-07-02 16:56:47 +02:00
Simon Bruder	2e235dd1c7	gpg: Switch to pinentry-qt The Gnome 3 version has a weird issue where only about every fifth keypress is accepted.	2024-06-26 13:55:18 +02:00
Simon Bruder	59a2bb1e8a	hitagi: Enable podman	2024-06-26 13:55:02 +02:00
Simon Bruder	6f737c604a	vueko/mail: Add alias	2024-06-20 11:32:22 +02:00
Simon Bruder	2d70ccbdb3	podman: Add passt It (or rather pasta) is required by buildah.	2024-06-20 11:31:44 +02:00
Simon Bruder	750c9970f8	vueko/mail: Add alias	2024-06-18 16:56:12 +02:00
Simon Bruder	7a136f4eb7	fixup! nix: Update global nixpkgs definition	2024-06-15 17:17:23 +02:00
Simon Bruder	299bea8440	vueko/mail: Add alias	2024-06-15 02:59:01 +02:00
Simon Bruder	57b2f9888f	vueko/mail: Add alias	2024-06-15 01:52:26 +02:00