aboutsummaryrefslogtreecommitdiff
path: root/systems/zoldene
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2023-10-04 01:35:06 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2023-10-04 02:11:48 +0200
commit1a64deeb894dc95e2645a75771732c6cc53a79ad (patch)
tree1b9df4838f894577a09b9b260151756272efeb53 /systems/zoldene
parentfa25ffd4583cc362075cd5e1b4130f33306103f0 (diff)
downloadNix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz
Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst
Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip
Squash changes containing private information
There were a lot of changes since the previous commit, but a lot of them contained personnal information about users. All thos changes got stashed into a single commit (history is kept in a different place) and private information was moved in a separate private repository
Diffstat (limited to 'systems/zoldene')
-rw-r--r--systems/zoldene/Immae.pub322
-rw-r--r--systems/zoldene/base.nix122
-rw-r--r--systems/zoldene/disko.nix87
-rw-r--r--systems/zoldene/flake.lock560
-rw-r--r--systems/zoldene/flake.nix29
-rw-r--r--systems/zoldene/logging.nix138
6 files changed, 1258 insertions, 0 deletions
diff --git a/systems/zoldene/Immae.pub b/systems/zoldene/Immae.pub
new file mode 100644
index 0000000..dd42b04
--- /dev/null
+++ b/systems/zoldene/Immae.pub
@@ -0,0 +1,322 @@
1-----BEGIN PGP PUBLIC KEY BLOCK-----
2
3mQINBFvwA+gBEADlchQGPyI2M9RNRUsk8wsL9XLc8qAFWTYlVp5p7177ucxTQf6S
4rny9yRCF69UqtE0ugwt+432sAAsDPi7BRA/JE95bIRBiewOiY1jYiivccP5dR6Jr
558HJ3QOHYPekqZIQhxzCWjdD2nRhhCbbxeWFJsJyaG8idGBiLkgNKxEEmqE5LIat
6tzMpQFwOpL2FoYZ7+e4ZTMc+x+yqpOnGcQD1qwouqx68okSCjrVBWo5S2tK5AzzU
7X8esBLNpgkhpUEZVltiNc4bmj7GZPdy4+mvS33/HQTed8YpatCFVWzcK+/uK0SYE
8P8Hj1mguT9idBhAf+kv7qbTycrFkTBliP3oDNUoARWDmfQdV4nlxqW03QxUY18mL
9KPByduK3hEXAZnD+/8QfVzbNVVP+70/jdSB+ckF88Li2g4bv/9uqjaObKVJB9ocG
10EWslm1h7tvdCLBRgIl8b2+Zl0fComRAMuwUr+LYlWLnfygAi8Uy9hl7UcRWAAj99
11PG4ba0+y8eD8k1J2IE8HpeIzMzRwYTLtvLyJBvrKiQHJb1PGM5cS8iry81wjUPZm
12dO5p5rbC8z99w7UNMaiz6iqAFAaDyLLsBZ5gWD+1ps9XxCA0zf28Z/Tc/Gj4QKAf
13kpMd7lQ+gprsFyRtzcRD4WhsOL2ogKYFHYi4LE0GYduspGdQPlK/YfrKQwARAQAB
14tB9Jc21hZWwgQm91eWEgPGlzbWFlbEBib3V5YS5vcmc+iQJRBBMBCAA7AhsDBQsJ
15CAcCBhUKCQgLAgQWAgMBAh4BAheAFiEE+CgG/aG/W5obMBTnyfztbKa3lFQFAlvw
16BU4CGQEACgkQyfztbKa3lFR/kA//cHVrb/RRTLQZy514vMkOBKgAk+dj+j0lrgvJ
17yR0JK1KjodduSoccPq7qRFAU+KVa3FsXMn8yY/lWaCXYJoF0DT5iEHsEuzJRc7Cn
18N4aq2h42DD7z8dJCXZvtvJs+vZ7G/rlLl322TjLb2OyIybBEoPOmJl0dVG0wKBFC
19r7EJmOKl3ytUWUpEbuxs1U/pP4GKrPT2CK3QcLF8JHKIPkEO347RorseeHcHhMxs
20Bz5JXojts1NyLJh7lErT42atgEdTGzSmkkGm8OifZVIH2rgmnRsPHnCqrXYsa7dE
21yPsC01Ns3DPYk4C5FtbpfiNvATbnkOicEwb2U55OpYUZLsFCKo7Bl+duJVY0nPRN
22WiLCALPcdJL+a6hbh1hSuqHt5eNGxyrDtRPowXRTS1D4nTCgAh6+wpH47xXWEwXZ
23mEnkXqHLIjsW4CSIz2gc+Bza40+wkWz6NQDEb3ncytDZu9vKK1CYwl7RGW4RFkAO
24j3FWZvZp8ETPLNRVy64BhZzHY3uOxbYreE+T6JfiIZux8X+Bh4cPJHizfhSMLLS5
25kwABzalaTD33XnjKn5wQ/DfGJ+fGbF54fMlGFjne5VTNwY1ju2ieXTgVrUyzfKPF
2696zcvnxo/MWwqcQ8+dXFCZjldP76puo1eVATEBeOCQs8Vj7eL9eN/eo+BfzhS3S8
27CfFFYWeIXQQQEQIAHRYhBNw4R0hwnSYZ/yhnIW0Mr/3bHP6QBQJb8AgDAAoJEG0M
28r/3bHP6Q/TsAnA6vTjmrX4nY3QnevNrKefWaQvf3AJ0TALTqXhTcVYVLxfzRt/Qd
29u5W2/rQvSXNtYWVsIEJvdXlhIChXb3JrKSA8aXNtYWVsLmJvdXlhQGZyZXRsaW5r
30LmNvbT6JAk4EEwEIADgWIQT4KAb9ob9bmhswFOfJ/O1spreUVAUCW/AFCwIbAwUL
31CQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDJ/O1spreUVKlBD/sE/eDbJtL8UKc6
32CN7zmA038RSjxlcJrMRoBoThCFKOFtBsYLPebnIkzCDiUwQJaIMYe2RNBHKKz0p+
332Kvzf7q+xq8W1e72aK1DRhsBTL8/LA1kQkvh3GwMS8z3SOcbXLWqKQuQ7ztYReQG
34wsT2/S8reVM96eV67K9vMHKMDF3NyYZewahX0I44YIbQJfLVG5elCkBrfHjGSeIt
35tSAv56BhN8J8ky+9nGx5jwWmxc/4Oquyfe9Lf0NMTCjw1xess7UoHlzSMp57yF3T
36AaqDcqD2Jdgr2meN9Yo4/Yb9dEvHFy34ppXYanX1nrHGev7YaaQWLoKLVZc3f6gR
37+D7sEJUJm3IxO041CR7DBwQ1CQkx3sa66mcHxe+wchOoXBZdsqyl5Ds+zqh6eMyO
38UiixDcXDxZuimEY0/+7XjlFjtzhGVNKsjV/Azh+Hx3GZnGHMVpTw73qQFHkWeDrX
39FPUbinjtEVTxw0fS9PkDZB5ysgAWlXs2cqoNDMcbdyJn2xszbV5+vjlmcofsQZTr
40PiX+hB6P5RQP5ogtnotvbkPDSfPfqdUk5HjGFrGX08FoP4rCromHvSL6Un2lP4I2
41mJbbQzBU/bQUGzfz6U6VEbUHtOL+7woGuXuzTYsRZ/O7/fKohyi/+qsmOozQpLFN
42k5xocbF1PgpFphrKYpHaSkf6DS2/F4hdBBARAgAdFiEE3DhHSHCdJhn/KGchbQyv
43/dsc/pAFAlvwCAQACgkQbQyv/dsc/pDXWACeKMbL/Dtifpd466TqQP8isfWedtIA
44n2xbEmlpxG8yk0w4HQ4djwgY4RbutCpJc21hZWwgQm91eWEgPGlzbWFlbC5ib3V5
45YUBub3JtYWxlc3VwLm9yZz6JAk4EEwEIADgWIQT4KAb9ob9bmhswFOfJ/O1spreU
46VAUCW/AEawIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDJ/O1spreUVMGJ
47EAC5hKt5NCanRxEl13nQUu4+n05tdRl9C3sTczR8EUZ30zhpBV4chKgeJSD0r1VA
48zBSQHMNzroGawaQn38qxFtbcSmkGRDd+0y798x1HFHp+UFiYOdQDQJVsyDuwjq4k
49RF7zV+FBj0ffjn5JBy6R3wLmWCFxz1mPmkImdyyS8GEeifwTftC+SSotqfg1lh0K
50C+DSQGYtPk0jLvxVPRllnjltDOSPUt9xRE785I6E9oyYrCa5Om51e0eEMzwpkl4e
51QschAYILb6SNrVyEMRD5E3lJHD2r6dPvIPFNcLxIQuK/Kdco2jNq7dCL6ukdGI40
52j/oZi7XRrlFCQW321BuipJZ/7t9JWOXOrrEndQv+hOb6PeWkwF1rigjbQq+IipdJ
53DUXGBfiIzlpJM5tLhs7BGfLxYNn09rOpkotXrdBzRO62lYyRdQepKpD33v96bQV2
540w64U44+CxuicjGDw/6no54LY4J7bM1lLGwqvHSeqgYoc+Zs9WH95TNNSmaAHGSf
55An4LpzW5nOXbq2rsWVbZpvsVHz3VmC9qmpsYl5tT/ninkLta3tN6TrYUFHXcDWz9
56K+HW+/oARzEmN8eg3iMmWtOnV59YEr/x2vvOHndguUL0tUpRjwuTunH9KOGZE0Kb
57uI3ovgLLO2kCSGk4SdXlntu/eLq9FPYqlOpjM9CtLf9JdIhdBBARAgAdFiEE3DhH
58SHCdJhn/KGchbQyv/dsc/pAFAlvwCAQACgkQbQyv/dsc/pCHCQCfdPdGx0FmknAs
59rPvjuUmuCj9Q8xUAn32dsgQYTlgfTdwLSxWGj4mTD2h6tClJc21hZWwgQm91eWEg
60PGJvdXlhQHBoYXJlLm5vcm1hbGVzdXAub3JnPokCTgQTAQgAOBYhBPgoBv2hv1ua
61GzAU58n87Wymt5RUBQJb8ASdAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ
62EMn87Wymt5RU58QQALMGlOJzcQj/arHezum5H/PiYIpZ1yY+QMCzpSgPdwupwawW
63VN88aQRfU6k9xwmsU+Ghjreja09AuqYi/D2+61TM/Tmqi/9HdU6NRYw0hvaZnwFc
64vudFBII2XrxmU5k9PnSR6Sq4uLUGkXmvhJddV0q+cjtif+vDi5pl9mqbWBQY8d9S
655Q6ZFZPeEeASUK7Xt/tSq9iXpb1tQsmEJ94Czl5G+gNFJcqj7nlHQ1/c9XeNsvJT
66GZVLGM/cAZNzB6AC8Kz+iWUypFuXifC2PYGpJDJ8klqTmDQikGQtM1HMHda6rnwU
67L7JIfbuwGbMk65CtG2YE8QqB+/GIfkzWySenmIrldn9Vp5EKB0DD529TyOwQWgzz
68+HuVP/4QfkNRxNquWxlAPXmcNfV1SV+/Xn1KwSspb7QlAjiXXOL13J2dwYFpV+21
69vsSW5XqJXfWUU8d4YVOdq1kUTwLjWnWyxwtt8j68KSuTOT4JTA8oNXg87r0B4Fzr
706AoxCM8ePywm5IW55gNAwViTKWBAcNrcwRTP647oNOM5+8D7NZIBpnKffNc/S2S5
71iI1tmaM0yXavmCm0Hb7lkFIsxM2Y2lxwHexPck2ftPXIrjhPYLcFVBdLVx2V2yXe
72cFW2vMGZiasVobFqqp1g8htmAlTkN0cTDY7l96wDuirC6OeCbVomEgxQEd0MiF0E
73EBECAB0WIQTcOEdIcJ0mGf8oZyFtDK/92xz+kAUCW/AIBAAKCRBtDK/92xz+kHsv
74AJ4+zdfjTdO1FUWb42bWdPQfiFe9nACeMIRp1Iu3tNVJkfS9CGGqhrChpfu0LUlz
75bWFlbCBCb3V5YSA8aXNtYWVsLmJvdXlhLjA2QG5vcm1hbGVzdXAub3JnPokCTgQT
76AQgAOBYhBPgoBv2hv1uaGzAU58n87Wymt5RUBQJb8ASsAhsDBQsJCAcCBhUKCQgL
77AgQWAgMBAh4BAheAAAoJEMn87Wymt5RUxa8P/i7zdQ9i5BfWITbdyCgXNoQYIcE3
78J6lIa15eLUcfDcL707zOrUSbhSkthLjeqZoNRCalqjeDOdgCQC1PNoISdkMGd9PO
79VOwS3G7Pjt4FSjPVHyw9+Su57pwTcLXBhEyBAkv+tx/QrB/UBCFzPUnsl71QH51y
80T8+bNdOiBxssdgn/9IrObn7tu8xDf+d/yGsA493x+mxalai+fhd/t0yzQcdcTrvD
81EKRxAaU8wXe8oSwcW5cRmXIi+N4aEnLRO/so9YDGf4z2FQVSL0ktoZYMqZ1ZvIb0
82MNCNl2NgNXThhrAPk9Rhs+S5nRzazJ+tS+D2S728EPpRHpUE43+vewtCdu5c5NWd
83Lz88o/jxLwcNwQa2iJoFMyqr15lHt+vM7OyD9X650IJwQw24n4tF6TijzH5GhWcN
84SnB7RpLSkftQldpK/zK+tmFH4vVpv+bI3JKAfzRga+5Fu42kB5uHVzXF3qMwYgEO
85sRNL5d4xV4SATce1mb8vFpsQmGOWnZAcCaQYhLKfMl7zR5ukytTjf3hRMRH0GAjh
8606QAoBMJZhWosYehPi1odjTngIf6hFOqA5prz8Cu/AFe/8aftp9UorJOekAj2io0
87CENRv21qrN8R4bNo04aTMD6WrY+mBL8MteR0ooD3ENQEAZ6UUyZwTzUJk2UUl+5M
88ch/HgJ+rQozmRGYeiF0EEBECAB0WIQTcOEdIcJ0mGf8oZyFtDK/92xz+kAUCW/AI
89BAAKCRBtDK/92xz+kPsmAJ4wGQ0Hly2eTVzsU8Ht4609Q5kf2wCdHGuu863a0GHv
90uUdEokzQEsumYPG0OElzbWFlbCBCb3V5YSAoRG9uJ3QgY29udGFjdCBtZSB0aGVy
91ZSkgPGlfYm91eWFAeWFob28uZnI+iQJOBBMBCAA4FiEE+CgG/aG/W5obMBTnyfzt
92bKa3lFQFAlvwBMkCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQyfztbKa3
93lFQTlxAAjbuDy3prdEBNMYfi/870MO5eeDOCMtiDJDae4fQjj2NANjeuDGNP659B
94/k9uS7o5nrWB7E6rdG4a1J+Qzj5I775xTP/zVbrNSchcLwSoHMMXBm2IdbIanCX0
95JX+dRg2YX6yX+6ZmL8UaWRVICQ84ZxGtYHZ8o8hMCFOuxFklNjYFEPciO9M9m+rv
96fUEihQgcBF7+x9KVntlxad61Aa9AzUJLULgY3snaZK687tHUq3yYwXpF9s1CuJ81
97SfZxH32dKqy+2cpJqwQ38BZrTUwjBxxIMR5TRC7h/O9aRIBKQZKlpLcmxWPv18i7
98DwWlrJVb2Sd2WUh+TwPNa7VQc3NjlGtu74SfZqmirE0FyuB86fnsQaF8zhJnRsqE
99lagnLoW24PCvc8A9TK95tj+0JO8DIeM49Gg+Br/NBtRB8q5q/ICJOREber6Ke+/I
100p90q5VkZafIgeuO+EkyQ6Dq+58NRqC2qEs209xnKOd6exxT+2tEzx6Hy0PKwaay3
101h8WzUamJOTqRv1WG4GmlCeRUQGx8BtdIAEMdww26cN8rmxh5Foh5CH+V75bcybkv
102yH+FBDoKFYSpEPg0axHM/e13/nujgLNnSTHuMf7ILvpwoNkkIcQwSpH17B5hZdgl
103y0xD7aIS5XU9OoP9mKs1unzUKerWQWY6CxgYOqpssyDTUG+fohuIXQQQEQIAHRYh
104BNw4R0hwnSYZ/yhnIW0Mr/3bHP6QBQJb8AgEAAoJEG0Mr/3bHP6QFPAAn3DbFqHo
105hjznqQvg15QjlGFaPJaaAJ4ps0+VWG9BN7UBQPG+fcCRwqLaVLQ0SXNtYWVsIEJv
106dXlhIChEb24ndCBjb250YWN0IG1lIHRoZXJlKSA8Ym91eWFAa3RoLnNlPokCTgQT
107AQgAOBYhBPgoBv2hv1uaGzAU58n87Wymt5RUBQJb8ATfAhsDBQsJCAcCBhUKCQgL
108AgQWAgMBAh4BAheAAAoJEMn87Wymt5RU2vAP/12b6S0yJdZ1rgNLj+ZohY36PhCm
10930/amkGPQp7HCBylYIRv+y5m4IdiqynzJoap547cFMWNsCyfyU2VKbcy1Uy44FCI
110PCUcBME95jD1JWviINDKqLhglciKlJnWUhupiolqFcr2ro+rJVc/fBMWJoBjM5fJ
1119eq1ge2LxuYKbu9cpSEtopk7ZBeo69khhrFACdZEqfJtW4qp0hEC0pAKLjN8LhpQ
112EEVcq4zejksB+1e1qkuJ6be3/Q2Sj+1ijaJBElJIVJ8qyYs9XSlTlUA1USfy3Yqu
113jOkFrIaycxYgKooFgwYfYXCniuqXWZ2geCm2IE90lanQC2w7ZDN/JGwwVuAFVi4H
114Mrx6x/yEreqy2AUMesB1eGxqQQG9cgssMLoMAN2IDDJ6FS+e0imWTTMZ6r3ou9W8
115+pFzSIT8LMnBNwp+RxrW3QzBs8sXDw5mS6WroiZMRlfJdA1sUPsrW0GV4/AFuEaK
116PhCUvIvoh6zxYR0lA/gYqtszCHGzHeNLoczOhytUZM+KQpOtO3TSING/+o59HHuM
117niD6k3mWcyk6MkSgIXquJRGUVGVFeLGlXXf7aWEkIOrXeqjBZpBchZUIxZfkg100
118xxmEgNVGG4vxB/UIGeVqV2S4JscJmCyDGs130nRp7Qp5YGfkaTLKyOdutssrqatP
119m5Zcjl2VGr4Xt4uXiF0EEBECAB0WIQTcOEdIcJ0mGf8oZyFtDK/92xz+kAUCW/AI
120BAAKCRBtDK/92xz+kEViAJ9zBTPNNTYIxPxt8BEvb3pUDeZkiQCffsDGKi7kdlTj
121oZ26K7yxdjexaYS0OUlzbWFlbCBCb3V5YSAoRG9uJ3QgY29udGFjdCBtZSB0aGVy
122ZSkgPGJvdXlhQG1lY2gua3RoLnNlPokCTgQTAQgAOBYhBPgoBv2hv1uaGzAU58n8
1237Wymt5RUBQJb8ATwAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEMn87Wym
124t5RUIzgP/0/7+y7UOgj4Yja6Lwa+Lm7ESRZnbVmR1ERSAa9RKKr8BbPT4KhgwN2R
125x8c3CedFupS02sG1G57u+4qQbEeZylaMu6rusf/XyQ+esh06cRXfR7Vb2d14yFQg
126xun9PgPR7jL0RiU2fsgvF6O+u9KwnGRmABZXILDBxzGZBXKBIkmqBM8+rBkXFVWc
127gezZqD106KcuGewciuWM7bfyLj+2yV9GhvX8iRyptgkx9/CNEdOqQzKYEbXVTSkh
128tUW4QUmNnIiTnD/pZ4kr3UsQV6y0GC1kf9G5EeQHbD+kVROFM0/sX6qGn99IeC+j
12996MflMnKuXJeXjlxNFZIYPoolBAC7CvpRfdky5q0KB2xWh+x2jQbn3fPpa6lVZdQ
130De14guXdcEsj1QVUMRL3wFCDwHIsi3gqOpCHdy5GmunFRNqUWmoGU+uHt3Kk031w
131DJdQY4YP+8tFWLPG3vKoPSf5EcG2Mf0hZiWiiIAX8sVw13W+oDlAQ0HKah/uxV77
132gM2ScBiiiOr92JIf3ftq2AjMuzrGhpKME/wG2DdcOqmq7U+tcVbambSc7SVa5nTM
133JXm8ZPOSH0Fax1PULPd3pyLLhfF0rnPiDLcVa6UzG1MaSJiGBurIf3D3OCHRjQQ6
134kVpF9VtXhWeziV8wkyt66HNcuqUs6HDBNkpxPTNacKcZmW8J/FlaiF0EEBECAB0W
135IQTcOEdIcJ0mGf8oZyFtDK/92xz+kAUCW/AIBAAKCRBtDK/92xz+kKOiAJ4shO9b
136nZ2Nx9XzBBg4C0nUl05LyQCbBpk7t2NIPMKaNtjsPb+RV5HbiQa0O0lzbWFlbCBC
137b3V5YSAoRG9uJ3QgY29udGFjdCBtZSB0aGVyZSkgPGlzbWFlbC5ib3V5YUBlbnMu
138ZnI+iQJOBBMBCAA4FiEE+CgG/aG/W5obMBTnyfztbKa3lFQFAlvwBZYCGwMFCwkI
139BwIGFQoJCAsCBBYCAwECHgECF4AACgkQyfztbKa3lFRK1w//cqsweiuXGPepyn0t
140AL/S/scM6r9IwcjD3HrZqmUNSDAqU6PJ0FFialOPuSQIyEvrpY1GL+TiVtnYyAit
141sbotxNxNQFwiBvqchg6xd1ftpjJihuo7RysNdSNAnlOxFlEz9X+EGkRqq8rCTpoS
142GA9+4uFyFKzfv9CDg7YUVX5GVsE3bsPWymfCW1boW0TQyL7xNrDPfzKpVRHFu7hi
1435OghiTbHbifmIolj5Mo0hGuXxz26gFzrufCjgxK9ycW7LnHEnnK0zX8Qfueir8RV
144EisuAXtKILgS5mmOj0ywsrva4Qtf5JW5SKymhgsKCWskfz0lq6S6ceIKaYBr4Syk
1450MLI82M0zDfGlLuRP6yQ3DTiTC4lWfXHdjyd0w4SwcuAQPCWz34gtUEGfMTyrd6O
146le6pYreL1NPzd/NakYsR1H1fsXVJkgpESktoDIkzooLmBV6Pjr+PEt4DvPZYqgKl
147AyD+aZeZ5HlTZCLbN9O38nDttWdAvsGjq82qvNI8A/d2Vvz4L1ND6NT71+wtC2QT
148a95epSBD64l/JtK99SW/HjLjyvV9O+Nu2p8ESTOEaQhyIudnWYU+er+Vwy7YtLvY
149y8L9/Xu9KvlBMjHBXAAV047KwkIQNrNyoTla5yQFSpv57hFYbx5CKTprpsl9Ic4v
150uPjC/GMgkAJ3yTwIgxa47hgUAtKIXQQQEQIAHRYhBNw4R0hwnSYZ/yhnIW0Mr/3b
151HP6QBQJb8AgEAAoJEG0Mr/3bHP6QyCcAnRuTQIMOpwxbyzjj+t0C9GdNJYmGAJ9v
1525c5kvNCFiJAFCbUD4OxJBNA28rQ9SXNtYWVsIEJvdXlhIChEb24ndCBjb250YWN0
153IG1lIHRoZXJlKSA8Ym91eWFAbWF0aC5qdXNzaWV1LmZyPokCTgQTAQgAOBYhBPgo
154Bv2hv1uaGzAU58n87Wymt5RUBQJb8AW0AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4B
155AheAAAoJEMn87Wymt5RUaT8P/2OvKAfgqu0zQX0JhKu/wd9AATVmLa8C48JPQMUn
1565Z9dQyDcFyKKfKbGCz9B5jTOrzHNX0VJfpDujOTiPIk6ci0KqAJ3Fz0gdpxIcEoW
157B2zg0nwDtGHsGMX8togpcbVgKqblp0XSsMAFV2FN5PsAnxkqdXPDmZ5iZSgs9roi
1589nxHPavbcr1cSAjsiRoFxFudzo7Q0Z/KLRlTuTSAX6B+vRAeyRB4NcXThKYZlAi6
159cr+xXTvPFddiQZgVBT+ICZRQY0gwgHpQcj70fNx1w6tTHfThlxInojKGlreOZov9
160A4TVeex/QagVTsjRAQuZ9yLMkx7JxakAxBPZ/OHuv7/K1Qdx90AJ8zQZ6uOXpUNl
161c2MDEBoTI/nbsgMeHI/Mj4ndxCBUMperZ1oCITl+AhaqEZ+LxTKyne41YJedlqjc
1625xnUVigz4ajmZPYmbO6eRDxisx4fMG7hI2HnNWak2xBDVOp1z2aqZY0xsG7o697d
163I9BeR9JxbIusx0Szq6GabwI5beEI1xLlT333Fe3XDtT0NIQQvW9byuYuyfp7H6Xm
164hFj2ut7jVI9xG932sJ8ioRJGCK1UcGYEL0ei4YZRv+mVysEJFjki2nlxspnG4C/V
165Q20jXnLAXOpKLiStkNJ15WsnzeoL4eq0AUOYMMmYKAquXXgpVs+xUDv6XathWA2v
166oZkAiF0EEBECAB0WIQTcOEdIcJ0mGf8oZyFtDK/92xz+kAUCW/AIBAAKCRBtDK/9
1672xz+kEBpAJ4x7hASmdnDcyFGTyuRHj6NwsDtNwCfRVfqoiRcGmvDRA8U25cPk5XT
168ZYTRzlXOUwEQAAEBAAAAAAAAAAAAAAAA/9j/4AAQSkZJRgABAQEASABIAAD/2wBD
169AAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcp
170LDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIy
171MjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCACMAG4D
172AREAAhEBAxEB/8QAHAAAAgIDAQEAAAAAAAAAAAAABgcEBQACAwEI/8QAQhAAAQIE
173BAIGBgYIBwEAAAAAAQIDAAQFEQYSITFBURMUImFxsQcjMoGRwUJDUmJjchUlNTaC
174odHwFiYzc4OS4bL/xAAZAQADAQEBAAAAAAAAAAAAAAAAAQIDBAX/xAAgEQEBAAID
175AQEBAQEBAAAAAAAAAQIRAyExQRJREyIy/9oADAMBAAIRAxEAPwB2JHaECEjiPGA4
1766GA3kMMgDy8AZAGQAp8XD/Nc5+VP/wAiJT9GeBv3e/5VQ4cEu8M3sAZAGQBFT7Qh
177JSOUBt4DZYww8O0AeQB5cc4AgzNXk5dfRh1Dj1r9Ghab/wAzpE3KQFdiSotTGIph
1784trQFpAFyDwtwjO8mqqYbHeByDQNCD61R0jTGyzcTrQmigyAMsYAyxgCtTNt5hqI
179SUnrKOYgN06yjnCVtnWUc4BtyenmWGVuurSlttJUpR2AGpMGyKbEHpZm3ulapLSW
180GTcIdWm6yOZ1sIj92q0Cf8UVp2Y6b9IOIVtZkkD366xOzkjujFc83mROKZcCjc9M
181kE/1hbV+Yq1VhC3TkUEKvcWNxE6UY3o4xKpueVIuKGRaSoWO5GsXhdXSM59Nhucb
182cbStJFlAEeEa7Q26yj7UPdJ71pv7Qhboedab+0Iexsu2p2ZuD0sJltZom5gkEuaQ
183jldxMPkZuk0gW2E05cetgIvfSJihZY/RcvODKpXr0NntKA4HkCeHdEWrkLBc67fK
184EoF+Khc/CEuMYZn5tYyMFwX0KQRbwtCtkXMbUk4eqBKgpC9eYN4n9xf+Vczh+fYv
185maUoDUHlD/cF47EmlTz0hPtFalsrQsdoGxtx1hs7DpolaTO5JZl7sdHmZPNKbAjx
186Fx7jFY34ys+rcl4/XGL0jbVQmODpgsG2JD/F1UVIVqmRKgcT8YbNcy8qOrqO/ZiL
1876uRLTKAU8WGloF/A3WpgUqjTc8gjOy0Si+2bYQr1C9pAzM469NOuKdUpxxRN766x
188LUXYWw6mYbEw+m9zpeMc8/kdPHh/THp9LaYQAlCR4CMvXRNLASSCbqSOUGha0ekW
189ym2QW8INBRVbCkjUJJ1BbCHCLpcA1SeBiscrEZ4ygLD1XmaFXUNzCypcutSSgnTX
190Q2jbf2OTLH5TvkHGpuVbfTey0hWpvvHRjdxzWdrJiXSraHRi1cZQlVjDhUFGqNgX
191zDaCxAtpjgepRcHFMQvHxaNIzUoG30YF/Cl9JM0sYVW2nNZb6EqI5an5ROXgw9LX
192DEiieniVpBCNLGMuTLUdPHNmzTpdEu2lKUgJHARzW9uqToQy1iBDhpRtaKJ4bFO0
193A+oTygLxKiXxS2WMSqWNFGyzaN8L/wAuXlnY9whWn2qX0SyS2k3bJ5co14/45uXX
194pjYYnOvpcUdcpt/KNazxaVWotys8W1HWwMBX0s0yM8sWyDbTtCK2z0ZNBys0INPO
195thwIsRmEQ0x8XLEzLimhBfazBNvaEJfwtMeU0PYXnCVIOSzicqrm4MK+Fj6XeBmg
1963LuuH2s9o5+V2cRgsz7DashKlHiEi8YadMqwYr9NS4lourSs8FIMVoerxDzTiLg7
197xW4WkWZqkhK9mYm2m1HYKO8IIipyXmFXYeQsDkYiztW+iwxmwheJAyDYrQlV78yY
19834/HNy+jOkUZCqQyEzLbRCbZSNY6OOfXHyW0Y4TXK0lp1ExNt3Uq4+EXU49K3Eja
199ahVS/LTSMmQJhwspuhRc20nUz7dvGIDZmYbWq6ZtKtDteAK1AeW0XElwoG6glRA9
2008JfTkp7MhSOnGoI3MTlLpWNm44YdkhKiYlr3UHLE8zaObO7jswx1dLadROyqkplz
201kSsi6xwiJZb231Z4i081l0zJnnAgIUOg49IL8deWusVlMNdFj/pvsZ0guO0txbg9
202Yi4FuNoz1dKvoPrM1WOtN9Tlm3hm7YNiUjgf75ReEx13U5/rf/MWtPdmzNOMvNhS
203Uq7DgTa45wrZL0NWzsP4ukutYokg3bpFNpzC17gE8PCNuPxy8vq1ammGWg31lQt9
204wxvjLI5rd1IYdMySJdb7pG/RsqV8orsumrs0GHC286+2sbpUyoHygLcQQhpSkHKk
205gnlFMqaOHZdkUI2Zb9k/RETV4+L2ntNijpSEJtk2AhxfwAzbTIdc9UjQn6IgjOg8
206ASlaW1fTQ352J1jhynseljd2X+ixltuYbGZIULcYjTqk6Y9KtMsKUEITpuBBelad
2076SvNT1FI02EOeM/XPqMu+c/RpUR3awo0+OqZZtkWQkCFpNnSfhuiSk3PzFYdZSp6
208XXkaWe5JGngSfjHXwzp53PQfOPFM1Mg7dKoD4x0uQZejxZWzM34OfKFVYIGMr/pw
209AH6seZhxOXoClnCpSQf71gSbmHf2D/CYmrx8XdO/Y6b75YIv4AZ0WcdP3j5xTOl7
210UOtMYkPS3U0U5m1HdQO49x090cvLjJt18Wdup/BfSpglsDhHNvT0ML0ytTWVlCm5
211hKXG1ZshTmze6FO7s8spEalVqeZQ+2uUzIOqFIQRvwsdovxHqdKz6lqz5wHL9pGX
212KbRF3LtpLPE1+ZyIzngLxU7RnlqC7CssZfDDeY3W6OkV4nWO3jx1HmZ5fqlhU05a
213g+k8XFecbRz0aejtIS3M2+2PKFkrBExgi9bB/DHmYIWfpdygs4k+ECThw5rQP4TC
214q8fF1TtaQm/2YS/gAqH+o9+Y+cUyoWxNklaVIzJSi/WVoJ2Psgxjyzrpvw3vtrSZ
2154XzZzkWNDyMcWUehhk7Lpk7Jzhf6wtTLlipIAKx/FBLNaaY49rlpMsWdVzpNtgtO
216/wAItprP+xBNPmUTInFzDnQJUAlpdlFPffv5RGV+M8vfXs9N5gWxYlZypHO8XxY7
217sjDlz1jaaVDFsPsDk2PKO5wTwqKwgmpPH8Q+cWxo09HySG5m/wBseULJeCNjAE1Z
218On0PmYIMi8ZFn0i0NmbeGz+oB+U+cTWmPi6p6gqlAjbLCXPC2xDPJpsnOTa05g1m
219OUfSN9BDt0zk3dF+1XprF9BmGX5Zlhlp3MwpBJUVW1uT7o5+XPVjq4uP1UyFWXIu
220dXfAQ6g+0rYjmIzuP67jWZfnqmXR6tIz8olsrvbTX+sYXCyujDOWLhFNkmLv5la8
221OkNoeulb0HazX2ULLSVZGxcbjwiphazyzkQKMtycfdnHgRlA6FJ5Hj746+HCTtwc
222/JbdHNQ1ZqAyfwx5RpU4+FnUtZ5/T6xXnF7ZaGGBT6t8Wt2h5Qsl4oWK1XrOX8MH
223+ZggsLmUN3UlXdDZG5hz9hC3IxFaY+Leln9Tp/LAv4RnpEqahUxIJPqkErcAO5US
224Nfd5wqWE+oWFZNtmTYlEG6bE35m+scXLv9Xbv4pNPK9hhbt1JbVobpUOELDPR54b
225DDTlTo7pBbK0g7jjGu8cmWssVpMY3qEzLpl0srFhYgA3I+EKYRV5MrHeh0KerlVQ
226/UG1NSvtKSrQqHL3w8spjOk443K9iOj1aVqU3PBgpSQuyUfdT2QR3aCOnj6mnLyz
227vZyUD93mf9sRVGPhbz6gZ18X+tV5xWmWxfgdeZDwtqFfKFkvFVYxWUV5JHFr5wQZ
228eoLHo+m21AmbR/1/9hbT+aNqVTHKdTjLqWFGxFwIVVjNRS1fGdOwpTTJqUJufCbB
229hs6A/ePDw3hKkIGqzj9QemZ15RW46orUfE/KBUTqDVxITjZevkvfSMuTj/U6bcef
2305vZryjrM3LocQpK0LFwRqDHJZ/XXL9jSYpjDuvRI8csJSKaWhBu20gHnYQi1GPI6
231tJulBAWoGyu+KhXwmqa9N0esKbKih9lw5rbf2fIx3Y3fccOWPyvqHB861UsKyr7S
232hZaMqkj6KhoR/fdFbZya6QH8DtPPrdM04CtRVaw4xX6R+FrQ6EmilwJeU4Fm/agt
2332cx0gV3DT1WqImEzCUAIy2y34wbFxBLWO6iUlSsgA3JhaR+rVZW/SJVJ1gyss6WE
234EWWtGi1DlfgPCE0k/oEecU4sklVz3wKQ7WcUyq2VYJT8x84DaS4DjRaX7aNP/YAJ
235sK4lVRpoSk8SZN09le/Rq5+HMRjycf67nrbj5Pz1fDWllNzDCXEKStChdKkm4UOY
236jm18rp3/AB4tnXQQtK2qag2S6G+65gKlJWQhzFs84kdkry+8C0dfF/5cvJ6JMO4w
237qeHWnGpZ31CiFKbUnMkm1r24HbaNWFgrlPSS/NKQkvNt3PaJJ0hzSLL8HWHKoupv
238qzPBxNgRlMOyQsbbe0bEdZnqbUQ1LrbyFN+2qx3hyDLLVJWamweyDoNkxC5jpXrW
239V7QG4lRO1r84DR5hpbqUqSrK4ghST3/0gPTmhwOuIeQLH2VjlASUUh1JSRfXUQGn
240UrGUzhR9ptbinZZau00o3FufcfD+cRlhMl48lxNuk12RrcqJiTdC08Qd0+Mc2WNl
2411XVjlMpuK/EU+mlyz02QCVdlNzbW0TMbbpWVkm6S70+/1t0hpokqvmNySd47ccZJ
242pw223bnKTU4mdbadc6Rp0ELSRsddRDSnq6RhwkXAuFAwGJsLYvn8NzqX2CHWFH1j
243K9ljuPA98BWbG9dqTGJ52Vnqcq7a2LqSrQoObVJ74ueMMuqVSlG+u8Q6HNSiIA8J
244SdYA8NucAQVlUrNlxKFKbXbOEi5B52hBKXMC3qknMRuRDCKqX6W/SDPffNxgDrTl
245zNImumkHXGuYQsix7v6QrJfTls8XFYxBO10s9YASptOWw0BPFXjE44TGqz5LlNVT
246mXGc+MWh6ZZKilRSCU8YA7FG45jSAMaJSgDkbQBd0SsPUxbuUZkKHsnnzh70jLHa
247qHHxiVtV6JvDDjt8YA3ygI4wBrlGf3QBsEjLtAbLDlAG6QIQcrdpR5GGTpYWvAGx
248FlECAPLa35QBooBPSW4C8ASZXVRvyhlX/9mJAk4EEwEIADgWIQT4KAb9ob9bmhsw
249FOfJ/O1spreUVAUCW/AHrgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDJ
250/O1spreUVJ4nD/9tGS8cg2eUSwd0ExCl0dWsJRdM0mUYh17mXyVNLcvbglIkSdma
251v/Ty3ke533izRN/SkkU8vNthjKAohZmmXlaXrruEyHq2vfXcDg4+C7FJQ+O3PT2B
252S5ft3Ht2GmRpD2lWpeUlJ9BXF2EF5pSnHPOrlTHRUfjBCDU4uuSeKgioSyoc2iWb
253BBaSXyeQAUR+ppM1AYKUlCDxpLbe3nVCOUc+JgJzv+47EqwMyVODwzk7oFO4GMRm
254KTKlctb1ym75oV1tiZi2fL/KA2uAab/RMO0rfxa9HVWnJGvUEDMPlTfs7222zuLB
25555Fzllfx5rQlou+MLBQIV978HRZrDxZesQOOJ4/BwTPgQ42GREf+uf5/SG4Fn3Qh
256NZsvoaePMLN/QQEjM7eqOUzRJRVcdJfRH+LinIFrAqcmbbcp1bvq8LV5lbmlFJLF
257gimvW/shf/6Zu1YsfBhvLWInUCyoOPFa1tASF6qqi1hEOd8tQgNE/H/FSIehmTHT
25874kYPNRm+DzlvrW2JPVl24Nf/SWbOG/IzGBY/pDActTwYqnpXKR7eUt/YcPpmrPi
259kyIKX32U2vTBCE3yvCm0KRzrcSbTJGfVgmlxxqIuOtbeaBtf96m+o5z/xw9ro7Ek
260VZbsx6fPuWuLY/MqeLXl1EuiU6X1sr+skDY8lJeeiRt+Uq5mCZuEgWdM1IhdBBAR
261AgAdFiEE3DhHSHCdJhn/KGchbQyv/dsc/pAFAlvwCAQACgkQbQyv/dsc/pABQACf
262YaUOqzlafrzeGdwHwDleootu0UcAn2adbaKJ79QBtDVPkR77zV801JlXuQINBFvw
263A+gBEACt8AiUTMcyNXwN6kiOLPd+85IPlLwEVyofz8p2QBAxJsqKozlXXpnK7ahC
264RSiHt02EK39WiyZpeY1/2dGmdvyI1vc7ld3814Dveh4nf1GRSpDZ427cxayaclh+
265wRQ8nDWFOQUsMB3He/Z+aO6l/ZNvdVdzRUHda1XvN41nwXUL9FQUn/TLYgHbxa7P
266Yy18ZnNzH/xGSwDgRrqPEAZ8KOpbHEbNyYuYuv6IM8Xmbp8Q6bl2RyBNnrlphksJ
267kLvO6RLHUvvw5uX5bt+u3umoZ+yHUkP13NtQHTyZ8VTCQimkB6OisisOTnV8OjLG
268xtLEF/TjeGFAAoEnc8bQAPvrtONQL19rPkMB0gXYXPBbGw7eWYr3QpuOujUXcz9U
2690JSSEov7cUepdTY8LEYFw8U5WimKY6f/uJUVx/ukNPtuAljJji0cjIGEOX2XGlBV
270Ix/U3vywLBfUFW5hT+75z7UB3yG3Zexo0WSaQxxZ5PHxyPYBK1PvVkH0LvkbxJcr
271rouJJQ66chjRglUbv4lf85/cG1ZLu3Ds0UbuD0gE9sAEwXtfdgDmp/HB7mxwJr1O
272BRbTRv0Okx/lovWXkxt+hX+DXZ1u1qdZUW3zjmge8W7xag3epD21jIjFDODgUfDT
273fgJi2FQq+szpagfPN5j5aIQKHCZf0DLbBD+ZWYQdld5JZs2V5QARAQABiQI2BBgB
274CAAgFiEE+CgG/aG/W5obMBTnyfztbKa3lFQFAlvwA+gCGwwACgkQyfztbKa3lFTa
275yxAAxQo/9dvOO74J+9XznCYb5iO1B1ksnVegSGVuId45JKXkCkuWvDOkcU8+ma38
276wo3MBoPLpSMCXc/mKQ0p0ntO1tD/Wf4nBBCvseWcsR6RR5Su5jYorm0qZ89IOEPN
277K2W2Z41X6DHyteB1dAyIyexOYoLKD7iWcQzga4/EoUPEwcr8BWWgGLBfRhXsYySz
278F3fQPS7KaemDLGbJfTDZCSqmsZPnlksSvGxEBwUwfCjfY+QHxzWPRFPkuQJJR6YW
279tiZ3z7jBRdRk/R5v2CJZJuGHcPPYQy6j2TYGONojm+ifaq1hz+A0aoy4P9qRW5Nl
280mm6yiqEoJe07DrMLxn3H3ucuOo7DiNWmkkjW8DfhFSd+3pFMSvKGujOJWN27UDEp
281ERWFX50gE15Sq4aPbMPNRejFQ1n75B4jfFQXg6WuwF3kwgHK3Y5T5vTEkbPgce9c
282SyyFWU7EA4DJGnt7/FoaPDTKOWI9WSkmjOSABTBNSaUiMSFA3Wg/T0aS5pETpkv2
283S/GVVX022orAGK8zEY1vr2a24itOAKpQwFRuMjqDCBVgKAsMtlPu8jv3Zm/AMcYM
284sRRnDWJh2TO8bqXXUG/o783fcTE3d1Ff7s4BfmBqpGHigZeehNvu+FshRDYaDrDN
285IS0fTqbsX/JjaCXwU/o2E6G4aE79Ut/IMsCYzItTDh2UmcS5Ag0EW/G8wgEQALBi
2862/A7Ev/92mYi4Gm//IJEKjm2Vc3NcX5LdSyPwdSLlHSRwvzZz7M0VeflcTYqssto
287VPVf4maDtLGbQJn43CLqjvIW/C6jzjfvoZf0gbHpNfKY1ENs5xgE0wd3ZdsqpQC6
288W9Pu+kN31QS9+RUKwiG2bNBIREChL/omqiLhNu3hDbZnB+uSByOk901XVrNmKa8G
289NzXSfJSCt0gP7XU6VpMqjxppA8Y2Vo7jnylbrgVJriTt6jtjDylBBQqmHSOXMT+q
2909kIWDSocKhSFHBMO6LYnAwbMef2kqio5zaKzZAuwis0zjOqKHwW54xL2T7djFav9
291VlgcAYN105iMLUiIl39HLeZnS5pUESOXRUv/qLwiQRvBlWBPIep3+ycM2eK8r5a1
2925EwCgN2nSl3KYjzTOisCmK1nQs+gQ1RMraeBGYEG0uIUvDxfoONTuYkM3dhWq2Xx
293V/OO6yUkfyOlBGUREe1PXAOsP0LtAFJha7kbh7Eg6GGU7gRYh2dG2Ln6Vmx1ldbS
294F3woFYPGNMsQmgEKxwyjKaq0Qhd/sKHrTpPz8PXfGP4dHegExKegS7Yof1VrKBB+
295L8Q8o1Oi8JPCjRp47iga5OYS1Vn3h5a07ajzSAxPsmF0lmF4tYk2MFxSs403ShiE
296BTjN4t6rjmnoQV/b+CuhpmvzxaYr736/jkY7s0I5ABEBAAGJBGwEGAEIACAWIQT4
297KAb9ob9bmhswFOfJ/O1spreUVAUCW/G8wgIbAgJACRDJ/O1spreUVMF0IAQZAQgA
298HRYhBB2wOl45wX3kd77c+/0dTvV/qVkCBQJb8bzCAAoJEP0dTvV/qVkC3tUP/2rR
299VDaSPj9+UYJtHGDfQmYCEqxROm5wGCJbNrUQspLeL8+XrsaUDh1ldNAQtoDqGjRp
300kwjJAS0OZfvCv7pI052NK/KVGaK5Tj2+0lxTAcGbAKoH8E2HWPlERpU9CRLvzvDE
3014GGxw2nw7aobNGbf9d98c9RpZuAul92BOClnpGEU4VzjKUk9IsSjZQVJnggQujxL
302qWWiwfGwVsj2PdgPao/P48cYNl5CACBgY19AAh7WzgJVz/6je/5NLdAAV+E31qSE
303EaZsvTBqrMOtH6iTn1GpJ73FsJ0BYVt9X99bRT0Vi0iWulBuhYfZG4PdCY6fv6uC
304d+6pAC+Y/M9npaLbBHscSlJheTyvfuB7bzYBY+Q87VHSOMuNni7U08FuiILFoF+e
305/ESU/v0Hde44ghiXKSaFO8djxc874KM9UlGWvw9UbmI8Z2uM0kDcrPZ/8tcjXOhp
306PEBib54ab4tKCUCtOmsF9ZiT0hOqYdP9bXW+6OGfCignJ7ABhPpANfx2Sn/28L9l
307PbF1nA5CkHdyo/ku1Z/lNq44yvrB8r0Ljq6s3KS69dUZqqrADeogOdi0/TrghtKU
308DERWGmQagYSzMIvsXoAI56MxXFLriSObmpFLTWq7cr/+Ju3AcaSkrpDSYi3U6vLL
3098NuXPhul1S/+yPwvX6Mk1Zkip9/Wg4SQeiT2R7xj8zMP/RJ8uKbnKpOftY89Kv0Y
310FZ4hE3FeBR3UJvkuPdQYNLQRluzh63Bzc4ClSxB9Ma7fmAEiuFtgEi4HLTMBDOHO
311uVMuWYcgubu9VBlAGLJ++gnKxCAJXEntuB49il8MjMsy+uv/cFCjPG9z/1pmWYrE
312XBNA+vcaOrNTS2IykAbqybcPYbBcN47bm+A4i5yqiahk0q++j4LOW/nf88xXO7xI
313V/4vQgemh7RHgHJOkKfzOPw/Kx3UjV1jA9gEUrusHE4R3Upxh0ZeQW19hUnVlao1
314TxxKEUryrRzckuRfc5ziMWNyJaZsPMkeBEhyY/CizDFPrsSXIAijfu8KFnxCsnaM
315ylFBWOu5FwsKMDXxu0QdwqpL2CM8p+q12z1VruNjpIc8bAc0/YMndjYnxzsqQEMV
316GQIDKWqh/m6v7sqbn65ZQcVAzSAriGcQxCOIoT/TA/J+/4BSk5c8TKlqT8NBT77B
317Z70vMr41mZus1A/ciI8AxgbYwlhuvTehdm74k/c7NSzTxeG3OumTlBR1I18C4AIi
318y4iM3O4H4jvEssWBUzpm3VJG0NvcN/M4YVZHX5yxWQuIFcghzb7sLYddmRvR9B0M
319Xowot//r/sgn43xv54sIvwe9MkCCU6j7ePYUlOUnn+vQ5i7rFN/UPub3V3toI2gg
320DRuKdymWEii1jA9KlmheLTFr
321=r9L+
322-----END PGP PUBLIC KEY BLOCK-----
diff --git a/systems/zoldene/base.nix b/systems/zoldene/base.nix
new file mode 100644
index 0000000..8ca5d52
--- /dev/null
+++ b/systems/zoldene/base.nix
@@ -0,0 +1,122 @@
1{ name, config, lib, pkgs, secrets, ... }:
2let
3 # udev rules to be able to boot from qemu in a rescue
4 udev-qemu-rules =
5 let disks = config.disko.devices.disk;
6 in builtins.concatStringsSep "\n" (lib.imap1 (i: d: ''
7 SUBSYSTEM=="block", KERNEL=="sd*", ENV{DEVTYPE}=="disk", ENV{ID_MODEL}=="QEMU_HARDDISK", ENV{ID_SERIAL_SHORT}=="QM0000${builtins.toString i}", SYMLINK+="${lib.removePrefix "/dev/" disks."${d}".device}"
8 SUBSYSTEM=="block", KERNEL=="sd*", ENV{DEVTYPE}=="partition", ENV{ID_MODEL}=="QEMU_HARDDISK", ENV{ID_SERIAL_SHORT}=="QM0000${builtins.toString i}", SYMLINK+="${lib.removePrefix "/dev/" disks."${d}".device}-part%E{PARTN}"
9 '') (builtins.attrNames disks));
10in
11{
12 services.openssh = {
13 settings.KbdInteractiveAuthentication = false;
14 hostKeys = [
15 {
16 path = "/persist/zpool/etc/ssh/ssh_host_ed25519_key";
17 type = "ed25519";
18 }
19 {
20 path = "/persist/zpool/etc/ssh/ssh_host_rsa_key";
21 type = "rsa";
22 bits = 4096;
23 }
24 ];
25 };
26
27 system.stateVersion = "23.05";
28
29 # Useful when booting from qemu in rescue
30 console = {
31 earlySetup = true;
32 keyMap = "fr";
33 };
34
35 services.udev.extraRules = udev-qemu-rules;
36 fileSystems."/persist/zfast".neededForBoot = true;
37 boot = {
38 zfs.forceImportAll = true; # needed for the first boot after
39 # install, because nixos-anywhere
40 # doesn't export filesystems properly
41 # after install (only affects fs not
42 # needed for boot, see fsNeededForBoot
43 # in nixos/lib/utils.nix
44 kernelParams = [ "boot.shell_on_fail" ];
45 loader.grub.devices = [
46 config.disko.devices.disk.sda.device
47 config.disko.devices.disk.sdb.device
48 ];
49 extraModulePackages = [ ];
50 kernelModules = [ "kvm-intel" ];
51 supportedFilesystems = [ "zfs" ];
52 kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
53 initrd = {
54 postDeviceCommands = lib.mkAfter ''
55 zfs rollback -r zfast/root@blank
56 '';
57 services.udev.rules = udev-qemu-rules;
58 availableKernelModules = [ "e1000e" "ahci" "sd_mod" ];
59 network = {
60 enable = true;
61 postCommands = "echo 'cryptsetup-askpass' >> /root/.profile";
62 flushBeforeStage2 = true;
63 ssh = {
64 enable = true;
65 port = 2222;
66 authorizedKeys = config.users.extraUsers.root.openssh.authorizedKeys.keys;
67 hostKeys = [
68 "/boot/initrdSecrets/ssh_host_rsa_key"
69 "/boot/initrdSecrets/ssh_host_ed25519_key"
70 ];
71 };
72 };
73 };
74 };
75 networking = {
76 hostId = "6251d3d5";
77 firewall.enable = false;
78 firewall.allowedUDPPorts = [ 43484 ];
79 # needed for initrd proper network setup too
80 useDHCP = lib.mkDefault true;
81
82 wireguard.interfaces.wg0 = {
83 generatePrivateKeyFile = true;
84 privateKeyFile = "/persist/zpool/etc/wireguard/wg0";
85 #presharedKeyFile = config.secrets.fullPaths."wireguard/preshared_key";
86 listenPort = 43484;
87
88 ips = [
89 "192.168.1.25/24"
90 ];
91 peers = [
92 ];
93 };
94 };
95
96 powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
97 hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
98 hardware.enableRedistributableFirmware = lib.mkDefault true;
99 system.activationScripts.createDatasets = {
100 deps = [ ];
101 text = ''
102 PATH=${pkgs.zfs}/bin:$PATH
103 '' + builtins.concatStringsSep "\n" (lib.mapAttrsToList (name: c: ''
104 if ! zfs list "${c._parent.name}/${name}" 2>/dev/null >/dev/null; then
105 ${c._create { zpool = c._parent.name; }}
106 fi
107 '') (config.disko.devices.zpool.zfast.datasets // config.disko.devices.zpool.zpool.datasets));
108 };
109
110 secrets.keys."wireguard/preshared_key/eldiron" = {
111 permissions = "0400";
112 user = "root";
113 group = "root";
114 text = let
115 key = builtins.concatStringsSep "_" (builtins.sort builtins.lessThan [ name "eldiron" ]);
116 in
117 "{{ .wireguard.preshared_keys.${key} }}";
118 };
119 secrets.decryptKey = "/persist/zpool/etc/ssh/ssh_host_ed25519_key";
120 # ssh-keyscan zoldene | nix-shell -p ssh-to-age --run ssh-to-age
121 secrets.ageKeys = [ "age1rqr7qdpjm8fy9nf3x07fa824v87n40g0ljrgdysuayuklnvhcynq4c8en8" ];
122}
diff --git a/systems/zoldene/disko.nix b/systems/zoldene/disko.nix
new file mode 100644
index 0000000..7df5697
--- /dev/null
+++ b/systems/zoldene/disko.nix
@@ -0,0 +1,87 @@
1{ cryptKeyFile, ... }: {
2 disko.devices = let
3 zpoolDatasets = {
4 "root" = { type = "zfs_fs"; options.mountpoint = "none"; };
5 "root/persist" = { type = "zfs_fs"; mountpoint = "/persist/zpool"; options.mountpoint = "legacy"; };
6 };
7 zfastDatasets = {
8 "root" = { type = "zfs_fs"; mountpoint = "/"; options.mountpoint = "legacy"; postCreateHook = "zfs snapshot zfast/root@blank"; };
9 "root/nix" = { type = "zfs_fs"; mountpoint = "/nix"; options.mountpoint = "legacy"; };
10 "root/persist" = { type = "zfs_fs"; mountpoint = "/persist/zfast"; options.mountpoint = "legacy"; };
11 "root/persist/var" = { type = "zfs_fs"; mountpoint = "/persist/zfast/var"; options.mountpoint = "legacy"; };
12 "root/persist/var/lib" = { type = "zfs_fs"; mountpoint = "/persist/zfast/var/lib"; options.mountpoint = "legacy"; };
13 };
14 in {
15 disk = {
16 sda = {
17 type = "disk";
18 device = "/dev/disk/by-id/ata-SAMSUNG_MZ7LM480HCHP-00003_S1YJNYAG700613";
19 content = {
20 type = "table";
21 format = "gpt";
22 partitions = [
23 { start = "2GiB"; end = "-8GiB"; name = "ssdLuksA"; content = { type = "luks"; name = "ssdA"; keyFile = cryptKeyFile; content = { type = "zfs"; pool = "zfast"; }; }; }
24 { start = "-8GiB"; end = "-2MiB"; name = "swapA"; flags = [ "swap" ]; content = { type = "swap"; }; }
25 { start = "2048s"; end = "4095s"; name = "ssdGrubA"; flags = [ "bios_grub" ]; }
26 { start = "4096s"; end = "2GiB"; name = "ssdBootA"; content = { type = "filesystem"; format = "ext4"; mountpoint = "/boot"; }; }
27 ];
28 };
29 };
30 sdb = {
31 type = "disk";
32 device = "/dev/disk/by-id/ata-SAMSUNG_MZ7LM480HCHP-00003_S1YJNYAG700682";
33 content = {
34 type = "table";
35 format = "gpt";
36 partitions = [
37 { start = "2GiB"; end = "-8GiB"; name = "ssdLuksB"; content = { type = "luks"; name = "ssdB"; keyFile = cryptKeyFile; content = { type = "zfs"; pool = "zfast"; }; }; }
38 { start = "-8GiB"; end = "-2MiB"; name = "swapB"; flags = [ "swap" ]; content = { type = "swap"; }; }
39 { start = "2048s"; end = "4095s"; name = "ssdGrubB"; flags = [ "bios_grub" ]; }
40 #{ start = "4096s"; end = "2GiB"; name = "ssdBootB"; content = { type = "filesystem"; format = "ext4"; }; } # non monté
41 ];
42 };
43 };
44 sdc = {
45 type = "disk";
46 device = "/dev/disk/by-id/ata-ST4000NM0245-1Z2107_ZC110SY1";
47 content = {
48 type = "table";
49 format = "gpt";
50 partitions = [
51 { start = "2048s"; end = "-34s"; name = "hddLuksA"; content = { type = "luks"; name = "bigA"; keyFile = cryptKeyFile; content = { type = "zfs"; pool = "zpool"; }; }; }
52 ];
53 };
54 };
55 sdd = {
56 type = "disk";
57 device = "/dev/disk/by-id/ata-ST4000NM0245-1Z2107_ZC110YXX";
58 content = {
59 type = "table";
60 format = "gpt";
61 partitions = [
62 { start = "2048s"; end = "-34s"; name = "hddLuksB"; content = { type = "luks"; name = "bigB"; keyFile = cryptKeyFile; content = { type = "zfs"; pool = "zpool"; }; }; }
63 ];
64 };
65 };
66 };
67
68 zpool = {
69 zpool = {
70 type = "zpool";
71 mode = "mirror";
72 mountRoot = "/";
73 rootFsOptions = { mountpoint = "none"; atime = "off"; xattr = "sa"; acltype = "posix"; };
74 options = { ashift = "12"; };
75 datasets = zpoolDatasets;
76 };
77 zfast = {
78 type = "zpool";
79 mode = "mirror";
80 mountRoot = "/";
81 rootFsOptions = { mountpoint = "none"; atime = "off"; xattr = "sa"; acltype = "posix"; };
82 options = { ashift = "12"; };
83 datasets = zfastDatasets;
84 };
85 };
86 };
87}
diff --git a/systems/zoldene/flake.lock b/systems/zoldene/flake.lock
new file mode 100644
index 0000000..0a9ba64
--- /dev/null
+++ b/systems/zoldene/flake.lock
@@ -0,0 +1,560 @@
1{
2 "nodes": {
3 "backports": {
4 "inputs": {
5 "flake-utils": "flake-utils_2",
6 "nixpkgs": "nixpkgs_6"
7 },
8 "locked": {
9 "lastModified": 1,
10 "narHash": "sha256-VewHWeZvwLvWVm2bMQk5UQ0G/HyO8X87BssvmbLWbrY=",
11 "path": "../../backports",
12 "type": "path"
13 },
14 "original": {
15 "path": "../../backports",
16 "type": "path"
17 }
18 },
19 "colmena": {
20 "inputs": {
21 "flake-compat": "flake-compat",
22 "flake-utils": "flake-utils",
23 "nixpkgs": "nixpkgs",
24 "stable": "stable"
25 },
26 "locked": {
27 "lastModified": 1687954574,
28 "narHash": "sha256-YasVTaNXq2xqZdejyIhuyqvNypmx+K/Y1ZZ4+raeeII=",
29 "owner": "immae",
30 "repo": "colmena",
31 "rev": "e427171150a35e23204c4c15a2483358d22a0eff",
32 "type": "github"
33 },
34 "original": {
35 "owner": "immae",
36 "ref": "add-lib-get-flake",
37 "repo": "colmena",
38 "type": "github"
39 }
40 },
41 "disko": {
42 "inputs": {
43 "nixpkgs": "nixpkgs_2"
44 },
45 "locked": {
46 "lastModified": 1687968164,
47 "narHash": "sha256-L9jr2zCB6NIaBE3towusjGBigsnE2pMID8wBGkYbTS4=",
48 "owner": "nix-community",
49 "repo": "disko",
50 "rev": "8002e7cb899bc2a02a2ebfb7f999fcd7c18b92a1",
51 "type": "github"
52 },
53 "original": {
54 "owner": "nix-community",
55 "repo": "disko",
56 "type": "github"
57 }
58 },
59 "environment": {
60 "locked": {
61 "lastModified": 1,
62 "narHash": "sha256-rMKbM7fHqWQbI7y59BsPG8KwoDj2jyrvN2niPWB24uE=",
63 "path": "../environment",
64 "type": "path"
65 },
66 "original": {
67 "path": "../environment",
68 "type": "path"
69 }
70 },
71 "flake-compat": {
72 "flake": false,
73 "locked": {
74 "lastModified": 1650374568,
75 "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
76 "owner": "edolstra",
77 "repo": "flake-compat",
78 "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
79 "type": "github"
80 },
81 "original": {
82 "owner": "edolstra",
83 "repo": "flake-compat",
84 "type": "github"
85 }
86 },
87 "flake-parts": {
88 "inputs": {
89 "nixpkgs-lib": "nixpkgs-lib"
90 },
91 "locked": {
92 "lastModified": 1687762428,
93 "narHash": "sha256-DIf7mi45PKo+s8dOYF+UlXHzE0Wl/+k3tXUyAoAnoGE=",
94 "owner": "hercules-ci",
95 "repo": "flake-parts",
96 "rev": "37dd7bb15791c86d55c5121740a1887ab55ee836",
97 "type": "github"
98 },
99 "original": {
100 "owner": "hercules-ci",
101 "repo": "flake-parts",
102 "type": "github"
103 }
104 },
105 "flake-parts_2": {
106 "inputs": {
107 "nixpkgs-lib": "nixpkgs-lib_2"
108 },
109 "locked": {
110 "lastModified": 1675295133,
111 "narHash": "sha256-dU8fuLL98WFXG0VnRgM00bqKX6CEPBLybhiIDIgO45o=",
112 "owner": "hercules-ci",
113 "repo": "flake-parts",
114 "rev": "bf53492df08f3178ce85e0c9df8ed8d03c030c9f",
115 "type": "github"
116 },
117 "original": {
118 "owner": "hercules-ci",
119 "repo": "flake-parts",
120 "type": "github"
121 }
122 },
123 "flake-utils": {
124 "locked": {
125 "lastModified": 1659877975,
126 "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
127 "owner": "numtide",
128 "repo": "flake-utils",
129 "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
130 "type": "github"
131 },
132 "original": {
133 "owner": "numtide",
134 "repo": "flake-utils",
135 "type": "github"
136 }
137 },
138 "flake-utils_2": {
139 "locked": {
140 "lastModified": 1667395993,
141 "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
142 "owner": "numtide",
143 "repo": "flake-utils",
144 "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
145 "type": "github"
146 },
147 "original": {
148 "owner": "numtide",
149 "repo": "flake-utils",
150 "type": "github"
151 }
152 },
153 "impermanence": {
154 "locked": {
155 "lastModified": 1684264534,
156 "narHash": "sha256-K0zr+ry3FwIo3rN2U/VWAkCJSgBslBisvfRIPwMbuCQ=",
157 "owner": "nix-community",
158 "repo": "impermanence",
159 "rev": "89253fb1518063556edd5e54509c30ac3089d5e6",
160 "type": "github"
161 },
162 "original": {
163 "owner": "nix-community",
164 "ref": "master",
165 "repo": "impermanence",
166 "type": "github"
167 }
168 },
169 "my-lib": {
170 "inputs": {
171 "colmena": "colmena",
172 "disko": "disko",
173 "flake-parts": "flake-parts",
174 "nixos-anywhere": "nixos-anywhere",
175 "nixpkgs": "nixpkgs_4"
176 },
177 "locked": {
178 "lastModified": 1,
179 "narHash": "sha256-wwpT+I5/zrln85BDzlZoEDC19GwYrcZSXbrJjyvC4jk=",
180 "path": "../../flakes/lib",
181 "type": "path"
182 },
183 "original": {
184 "path": "../../flakes/lib",
185 "type": "path"
186 }
187 },
188 "mypackages": {
189 "inputs": {
190 "flake-parts": "flake-parts_2",
191 "nixpkgs": "nixpkgs_7",
192 "webapps-ttrss": "webapps-ttrss"
193 },
194 "locked": {
195 "lastModified": 1,
196 "narHash": "sha256-C0plEL+g6kv5fo/VmTjMJK45RfFcGufqPKJVnviMyGY=",
197 "path": "../../mypackages",
198 "type": "path"
199 },
200 "original": {
201 "path": "../../mypackages",
202 "type": "path"
203 }
204 },
205 "myuids": {
206 "locked": {
207 "lastModified": 1,
208 "narHash": "sha256-HkW9YCLQCNBX3Em7J7MjraVEZO3I3PizkVV2QrUdULQ=",
209 "path": "../../myuids",
210 "type": "path"
211 },
212 "original": {
213 "path": "../../myuids",
214 "type": "path"
215 }
216 },
217 "nixos-2305": {
218 "locked": {
219 "lastModified": 1687938137,
220 "narHash": "sha256-Z00c0Pk3aE1aw9x44lVcqHmvx+oX7dxCXCvKcUuE150=",
221 "owner": "NixOS",
222 "repo": "nixpkgs",
223 "rev": "ba2ded3227a2992f2040fad4ba6f218a701884a5",
224 "type": "github"
225 },
226 "original": {
227 "owner": "NixOS",
228 "ref": "release-23.05",
229 "repo": "nixpkgs",
230 "type": "github"
231 }
232 },
233 "nixos-anywhere": {
234 "inputs": {
235 "disko": [
236 "my-lib",
237 "disko"
238 ],
239 "flake-parts": [
240 "my-lib",
241 "flake-parts"
242 ],
243 "nixos-2305": "nixos-2305",
244 "nixos-images": "nixos-images",
245 "nixpkgs": "nixpkgs_3",
246 "treefmt-nix": "treefmt-nix"
247 },
248 "locked": {
249 "lastModified": 1689945193,
250 "narHash": "sha256-+GPRt7ouE84A7GPNKnFYGU0cQL7skKxz0BAY0sUjUmw=",
251 "owner": "numtide",
252 "repo": "nixos-anywhere",
253 "rev": "27161266077a177ac116e2cb72cc70af5f145189",
254 "type": "github"
255 },
256 "original": {
257 "owner": "numtide",
258 "repo": "nixos-anywhere",
259 "type": "github"
260 }
261 },
262 "nixos-images": {
263 "inputs": {
264 "nixos-2305": [
265 "my-lib",
266 "nixos-anywhere",
267 "nixos-2305"
268 ],
269 "nixos-unstable": [
270 "my-lib",
271 "nixos-anywhere",
272 "nixpkgs"
273 ]
274 },
275 "locked": {
276 "lastModified": 1686819168,
277 "narHash": "sha256-IbRVStbKoMC2fUX6TxNO82KgpVfI8LL4Cq0bTgdYhnY=",
278 "owner": "nix-community",
279 "repo": "nixos-images",
280 "rev": "ccc1a2c08ce2fc38bcece85d2a6e7bf17bac9e37",
281 "type": "github"
282 },
283 "original": {
284 "owner": "nix-community",
285 "repo": "nixos-images",
286 "type": "github"
287 }
288 },
289 "nixpkgs": {
290 "locked": {
291 "lastModified": 1683408522,
292 "narHash": "sha256-9kcPh6Uxo17a3kK3XCHhcWiV1Yu1kYj22RHiymUhMkU=",
293 "owner": "NixOS",
294 "repo": "nixpkgs",
295 "rev": "897876e4c484f1e8f92009fd11b7d988a121a4e7",
296 "type": "github"
297 },
298 "original": {
299 "owner": "NixOS",
300 "ref": "nixos-unstable",
301 "repo": "nixpkgs",
302 "type": "github"
303 }
304 },
305 "nixpkgs-lib": {
306 "locked": {
307 "dir": "lib",
308 "lastModified": 1685564631,
309 "narHash": "sha256-8ywr3AkblY4++3lIVxmrWZFzac7+f32ZEhH/A8pNscI=",
310 "owner": "NixOS",
311 "repo": "nixpkgs",
312 "rev": "4f53efe34b3a8877ac923b9350c874e3dcd5dc0a",
313 "type": "github"
314 },
315 "original": {
316 "dir": "lib",
317 "owner": "NixOS",
318 "ref": "nixos-unstable",
319 "repo": "nixpkgs",
320 "type": "github"
321 }
322 },
323 "nixpkgs-lib_2": {
324 "locked": {
325 "dir": "lib",
326 "lastModified": 1675183161,
327 "narHash": "sha256-Zq8sNgAxDckpn7tJo7V1afRSk2eoVbu3OjI1QklGLNg=",
328 "owner": "NixOS",
329 "repo": "nixpkgs",
330 "rev": "e1e1b192c1a5aab2960bf0a0bd53a2e8124fa18e",
331 "type": "github"
332 },
333 "original": {
334 "dir": "lib",
335 "owner": "NixOS",
336 "ref": "nixos-unstable",
337 "repo": "nixpkgs",
338 "type": "github"
339 }
340 },
341 "nixpkgs_2": {
342 "locked": {
343 "lastModified": 1687701825,
344 "narHash": "sha256-aMC9hqsf+4tJL7aJWSdEUurW2TsjxtDcJBwM9Y4FIYM=",
345 "owner": "NixOS",
346 "repo": "nixpkgs",
347 "rev": "07059ee2fa34f1598758839b9af87eae7f7ae6ea",
348 "type": "github"
349 },
350 "original": {
351 "owner": "NixOS",
352 "ref": "nixpkgs-unstable",
353 "repo": "nixpkgs",
354 "type": "github"
355 }
356 },
357 "nixpkgs_3": {
358 "locked": {
359 "lastModified": 1687893427,
360 "narHash": "sha256-jJHj0Lxpvov1IPYQK441oLAKxxemHm16U9jf60bXAFU=",
361 "owner": "nixos",
362 "repo": "nixpkgs",
363 "rev": "4b14ab2a916508442e685089672681dff46805be",
364 "type": "github"
365 },
366 "original": {
367 "owner": "nixos",
368 "ref": "nixos-unstable-small",
369 "repo": "nixpkgs",
370 "type": "github"
371 }
372 },
373 "nixpkgs_4": {
374 "locked": {
375 "lastModified": 1648725829,
376 "narHash": "sha256-tXEzI38lLrzW2qCAIs0UAatE2xcsTsoKWaaXqAcF1NI=",
377 "owner": "NixOS",
378 "repo": "nixpkgs",
379 "rev": "72152ff5ad470ed1a5b97c0ba2737938c136c994",
380 "type": "github"
381 },
382 "original": {
383 "owner": "NixOS",
384 "repo": "nixpkgs",
385 "type": "github"
386 }
387 },
388 "nixpkgs_5": {
389 "locked": {
390 "lastModified": 1693158576,
391 "narHash": "sha256-aRTTXkYvhXosGx535iAFUaoFboUrZSYb1Ooih/auGp0=",
392 "owner": "nixos",
393 "repo": "nixpkgs",
394 "rev": "a999c1cc0c9eb2095729d5aa03e0d8f7ed256780",
395 "type": "github"
396 },
397 "original": {
398 "owner": "NixOS",
399 "ref": "nixos-unstable",
400 "repo": "nixpkgs",
401 "type": "github"
402 }
403 },
404 "nixpkgs_6": {
405 "locked": {
406 "lastModified": 1687502512,
407 "narHash": "sha256-dBL/01TayOSZYxtY4cMXuNCBk8UMLoqRZA+94xiFpJA=",
408 "owner": "NixOS",
409 "repo": "nixpkgs",
410 "rev": "3ae20aa58a6c0d1ca95c9b11f59a2d12eebc511f",
411 "type": "github"
412 },
413 "original": {
414 "owner": "NixOS",
415 "ref": "nixos-unstable",
416 "repo": "nixpkgs",
417 "type": "github"
418 }
419 },
420 "nixpkgs_7": {
421 "locked": {
422 "lastModified": 1646497237,
423 "narHash": "sha256-Ccpot1h/rV8MgcngDp5OrdmLTMaUTbStZTR5/sI7zW0=",
424 "owner": "nixos",
425 "repo": "nixpkgs",
426 "rev": "062a0c5437b68f950b081bbfc8a699d57a4ee026",
427 "type": "github"
428 },
429 "original": {
430 "owner": "nixos",
431 "repo": "nixpkgs",
432 "rev": "062a0c5437b68f950b081bbfc8a699d57a4ee026",
433 "type": "github"
434 }
435 },
436 "private-environment": {
437 "locked": {
438 "lastModified": 1,
439 "narHash": "sha256-rMKbM7fHqWQbI7y59BsPG8KwoDj2jyrvN2niPWB24uE=",
440 "path": "../../flakes/private/environment",
441 "type": "path"
442 },
443 "original": {
444 "path": "../../flakes/private/environment",
445 "type": "path"
446 }
447 },
448 "private-system": {
449 "inputs": {
450 "backports": "backports",
451 "environment": "environment",
452 "mypackages": "mypackages",
453 "myuids": "myuids",
454 "secrets-public": "secrets-public"
455 },
456 "locked": {
457 "lastModified": 1,
458 "narHash": "sha256-vOs7fcQVsOSl/gsyzFXfsWE7u0/O9mIKpHnwDwHxJTQ=",
459 "path": "../../flakes/private/system",
460 "type": "path"
461 },
462 "original": {
463 "path": "../../flakes/private/system",
464 "type": "path"
465 }
466 },
467 "public-secrets": {
468 "locked": {
469 "lastModified": 1,
470 "narHash": "sha256-5AakznhrJFmwCD7lr4JEh55MtdAJL6WA/YuBks6ISSE=",
471 "path": "../../flakes/secrets",
472 "type": "path"
473 },
474 "original": {
475 "path": "../../flakes/secrets",
476 "type": "path"
477 }
478 },
479 "root": {
480 "inputs": {
481 "impermanence": "impermanence",
482 "my-lib": "my-lib",
483 "nixpkgs": "nixpkgs_5",
484 "private-environment": "private-environment",
485 "private-system": "private-system",
486 "public-secrets": "public-secrets"
487 }
488 },
489 "secrets-public": {
490 "locked": {
491 "lastModified": 1,
492 "narHash": "sha256-5AakznhrJFmwCD7lr4JEh55MtdAJL6WA/YuBks6ISSE=",
493 "path": "../../secrets",
494 "type": "path"
495 },
496 "original": {
497 "path": "../../secrets",
498 "type": "path"
499 }
500 },
501 "stable": {
502 "locked": {
503 "lastModified": 1669735802,
504 "narHash": "sha256-qtG/o/i5ZWZLmXw108N2aPiVsxOcidpHJYNkT45ry9Q=",
505 "owner": "NixOS",
506 "repo": "nixpkgs",
507 "rev": "731cc710aeebecbf45a258e977e8b68350549522",
508 "type": "github"
509 },
510 "original": {
511 "owner": "NixOS",
512 "ref": "nixos-22.11",
513 "repo": "nixpkgs",
514 "type": "github"
515 }
516 },
517 "treefmt-nix": {
518 "inputs": {
519 "nixpkgs": [
520 "my-lib",
521 "nixos-anywhere",
522 "nixpkgs"
523 ]
524 },
525 "locked": {
526 "lastModified": 1687940979,
527 "narHash": "sha256-D4ZFkgIG2s9Fyi78T3fVG9mqMD+/UnFDB62jS4gjZKY=",
528 "owner": "numtide",
529 "repo": "treefmt-nix",
530 "rev": "0a4f06c27610a99080b69433873885df82003aae",
531 "type": "github"
532 },
533 "original": {
534 "owner": "numtide",
535 "repo": "treefmt-nix",
536 "type": "github"
537 }
538 },
539 "webapps-ttrss": {
540 "flake": false,
541 "locked": {
542 "lastModified": 1546759381,
543 "narHash": "sha256-urjf4EoLWS7G0s0hRtaErrs2B8DUatNK/eoneuB0anY=",
544 "ref": "master",
545 "rev": "986ca251f995f7754a0470d3e0c44538a545081f",
546 "revCount": 9256,
547 "type": "git",
548 "url": "https://git.tt-rss.org/fox/tt-rss.git"
549 },
550 "original": {
551 "ref": "master",
552 "rev": "986ca251f995f7754a0470d3e0c44538a545081f",
553 "type": "git",
554 "url": "https://git.tt-rss.org/fox/tt-rss.git"
555 }
556 }
557 },
558 "root": "root",
559 "version": 7
560}
diff --git a/systems/zoldene/flake.nix b/systems/zoldene/flake.nix
new file mode 100644
index 0000000..42466e8
--- /dev/null
+++ b/systems/zoldene/flake.nix
@@ -0,0 +1,29 @@
1{
2 inputs = {
3 nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
4 impermanence.url = "github:nix-community/impermanence/master";
5 my-lib.url = "path:../../flakes/lib";
6 public-secrets.url = "path:../../flakes/secrets";
7 private-environment.url = "path:../../flakes/private/environment";
8 private-system.url = "path:../../flakes/private/system";
9 };
10 outputs = inputs@{ self, nixpkgs, my-lib, ... }:
11 my-lib.lib.mkColmenaFlake {
12 name = "zoldene";
13 inherit self nixpkgs;
14 system = "x86_64-linux";
15 targetHost = "88.198.39.152";
16 targetUser = "root";
17 nixosModules = with inputs; {
18 impermanence = impermanence.nixosModule;
19 base = ./base.nix;
20 disko = ./disko.nix;
21 logging = ./logging.nix;
22
23 secrets = public-secrets.nixosModule;
24
25 environment = private-environment.nixosModule;
26 system = private-system.nixosModule;
27 };
28 };
29}
diff --git a/systems/zoldene/logging.nix b/systems/zoldene/logging.nix
new file mode 100644
index 0000000..09ee104
--- /dev/null
+++ b/systems/zoldene/logging.nix
@@ -0,0 +1,138 @@
1{ config, pkgs, name, ... }:
2# Initialization
3# CREATE INDEX ON LOGS (tag);
4# CREATE INDEX ON LOGS (time);
5# CREATE INDEX ON LOGS (((data->>'PRIORITY')::int));
6# CREATE INDEX ON LOGS ((data->>'_SYSTEMD_UNIT'));
7# CREATE INDEX ON LOGS ((data->>'SYSLOG_IDENTIFIER'));
8let
9 fluent-bit-config = {
10 pipeline = {
11 inputs = [
12 {
13 name = "systemd";
14 tag = "${name}.systemd";
15 DB = "/var/lib/fluentbit/fluent-bit.db";
16 }
17 ];
18 outputs = [
19 {
20 name = "loki";
21 match = "${name}.systemd";
22 line_format = "json";
23 labels = "job=fluentbit, server=${name}, priority=$PRIORITY, syslog_identifier=$SYSLOG_IDENTIFIER, systemd_unit=$_SYSTEMD_UNIT";
24 }
25 {
26 name = "pgsql";
27 match = "*";
28 host = "/run/postgresql";
29 user = "fluentbit";
30 table = "logs";
31 database = "fluentbit";
32 timestamp_key = "event_timestamp";
33 }
34 ];
35 };
36 };
37 yamlFormat = pkgs.formats.yaml {};
38 psqlVersion = pkgs.postgresql_13.psqlSchema;
39in
40{
41 disko.devices.zpool.zfast.datasets."root/persist/var/lib/loki" =
42 { type = "zfs_fs"; mountpoint = "/persist/zfast/var/lib/loki"; options.mountpoint = "legacy"; };
43 disko.devices.zpool.zfast.datasets."root/persist/var/lib/fluentbit" =
44 { type = "zfs_fs"; mountpoint = "/persist/zfast/var/lib/fluentbit"; options.mountpoint = "legacy"; };
45 disko.devices.zpool.zfast.datasets."root/persist/var/lib/postgresql" =
46 { type = "zfs_fs"; mountpoint = "/persist/zfast/var/lib/postgresql"; options.mountpoint = "legacy"; };
47 disko.devices.zpool.zfast.datasets."root/persist/var/lib/postgresql/${psqlVersion}" =
48 { type = "zfs_fs"; mountpoint = "/persist/zfast/var/lib/postgresql/${psqlVersion}"; options.mountpoint = "legacy"; };
49 environment.persistence."/persist/zfast".directories = [
50 {
51 directory = "/var/lib/postgresql";
52 user = config.users.users.postgres.name;
53 group = config.users.users.postgres.group;
54 mode = "0755";
55 }
56 {
57 directory = "/var/lib/fluentbit";
58 user = config.users.users.fluentbit.name;
59 group = config.users.users.fluentbit.group;
60 mode = "0755";
61 }
62 {
63 directory = "/var/lib/loki";
64 user = config.users.users.loki.name;
65 group = config.users.users.loki.group;
66 mode = "0755";
67 }
68 ];
69
70 ids.uids.fluentbit = 500;
71 ids.gids.fluentbit = 500;
72 users.users.fluentbit = {
73 name = "fluentbit";
74 home = "/var/lib/fluentbit";
75 uid = config.ids.uids.fluentbit;
76 group = "fluentbit";
77 isSystemUser = true;
78 extraGroups = [ "systemd-journal" ];
79 };
80 users.groups.fluentbit.gid = config.ids.gids.fluentbit;
81
82 services.loki = {
83 enable = true;
84 configuration = {
85 auth_enabled = false;
86 common = {
87 ring.kvstore.store = "inmemory";
88 ring.instance_addr = "127.0.0.1";
89 replication_factor = 1;
90 path_prefix = "/var/lib/loki";
91 };
92 server.log_level = "warn";
93 limits_config = {
94 reject_old_samples = false;
95 ingestion_rate_mb = 100;
96 ingestion_burst_size_mb = 200;
97 per_stream_rate_limit = "100MB";
98 per_stream_rate_limit_burst = "200MB";
99 };
100
101 schema_config.configs = [
102 {
103 from = "2020-10-24";
104 store = "boltdb-shipper";
105 object_store = "filesystem";
106 schema = "v11";
107 index.prefix = "index_";
108 index.period = "24h";
109 }
110 ];
111 };
112 };
113 services.postgresql = {
114 enable = true;
115 package = pkgs.postgresql_13;
116 ensureDatabases = [ "fluentbit" ];
117 ensureUsers = [
118 {
119 name = "fluentbit";
120 ensurePermissions."DATABASE \"fluentbit\"" = "ALL PRIVILEGES";
121 }
122 ];
123 };
124
125 environment.systemPackages = [
126 pkgs.fluent-bit
127 ];
128 systemd.services.fluent-bit = {
129 description = "Fluent-bit daemon";
130 wantedBy = [ "multi-user.target" ];
131 serviceConfig = {
132 ExecStart = "${pkgs.fluent-bit}/bin/fluent-bit -c ${yamlFormat.generate "fluent.yaml" fluent-bit-config}";
133 User = "fluentbit";
134 Group = "fluentbit";
135 SupplementaryGroups = [ "systemd-journal" ];
136 };
137 };
138}