From 1a64deeb894dc95e2645a75771732c6cc53a79ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Wed, 4 Oct 2023 01:35:06 +0200 Subject: Squash changes containing private information There were a lot of changes since the previous commit, but a lot of them contained personnal information about users. All thos changes got stashed into a single commit (history is kept in a different place) and private information was moved in a separate private repository --- systems/zoldene/Immae.pub | 322 +++++++++++++++++++++++++ systems/zoldene/base.nix | 122 ++++++++++ systems/zoldene/disko.nix | 87 +++++++ systems/zoldene/flake.lock | 560 ++++++++++++++++++++++++++++++++++++++++++++ systems/zoldene/flake.nix | 29 +++ systems/zoldene/logging.nix | 138 +++++++++++ 6 files changed, 1258 insertions(+) create mode 100644 systems/zoldene/Immae.pub create mode 100644 systems/zoldene/base.nix create mode 100644 systems/zoldene/disko.nix create mode 100644 systems/zoldene/flake.lock create mode 100644 systems/zoldene/flake.nix create mode 100644 systems/zoldene/logging.nix (limited to 'systems/zoldene') diff --git a/systems/zoldene/Immae.pub b/systems/zoldene/Immae.pub new file mode 100644 index 0000000..dd42b04 --- /dev/null +++ b/systems/zoldene/Immae.pub @@ -0,0 +1,322 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFvwA+gBEADlchQGPyI2M9RNRUsk8wsL9XLc8qAFWTYlVp5p7177ucxTQf6S +rny9yRCF69UqtE0ugwt+432sAAsDPi7BRA/JE95bIRBiewOiY1jYiivccP5dR6Jr +58HJ3QOHYPekqZIQhxzCWjdD2nRhhCbbxeWFJsJyaG8idGBiLkgNKxEEmqE5LIat +tzMpQFwOpL2FoYZ7+e4ZTMc+x+yqpOnGcQD1qwouqx68okSCjrVBWo5S2tK5AzzU +X8esBLNpgkhpUEZVltiNc4bmj7GZPdy4+mvS33/HQTed8YpatCFVWzcK+/uK0SYE +P8Hj1mguT9idBhAf+kv7qbTycrFkTBliP3oDNUoARWDmfQdV4nlxqW03QxUY18mL +KPByduK3hEXAZnD+/8QfVzbNVVP+70/jdSB+ckF88Li2g4bv/9uqjaObKVJB9ocG +EWslm1h7tvdCLBRgIl8b2+Zl0fComRAMuwUr+LYlWLnfygAi8Uy9hl7UcRWAAj99 +PG4ba0+y8eD8k1J2IE8HpeIzMzRwYTLtvLyJBvrKiQHJb1PGM5cS8iry81wjUPZm +dO5p5rbC8z99w7UNMaiz6iqAFAaDyLLsBZ5gWD+1ps9XxCA0zf28Z/Tc/Gj4QKAf +kpMd7lQ+gprsFyRtzcRD4WhsOL2ogKYFHYi4LE0GYduspGdQPlK/YfrKQwARAQAB +tB9Jc21hZWwgQm91eWEgPGlzbWFlbEBib3V5YS5vcmc+iQJRBBMBCAA7AhsDBQsJ +CAcCBhUKCQgLAgQWAgMBAh4BAheAFiEE+CgG/aG/W5obMBTnyfztbKa3lFQFAlvw +BU4CGQEACgkQyfztbKa3lFR/kA//cHVrb/RRTLQZy514vMkOBKgAk+dj+j0lrgvJ +yR0JK1KjodduSoccPq7qRFAU+KVa3FsXMn8yY/lWaCXYJoF0DT5iEHsEuzJRc7Cn +N4aq2h42DD7z8dJCXZvtvJs+vZ7G/rlLl322TjLb2OyIybBEoPOmJl0dVG0wKBFC +r7EJmOKl3ytUWUpEbuxs1U/pP4GKrPT2CK3QcLF8JHKIPkEO347RorseeHcHhMxs +Bz5JXojts1NyLJh7lErT42atgEdTGzSmkkGm8OifZVIH2rgmnRsPHnCqrXYsa7dE +yPsC01Ns3DPYk4C5FtbpfiNvATbnkOicEwb2U55OpYUZLsFCKo7Bl+duJVY0nPRN +WiLCALPcdJL+a6hbh1hSuqHt5eNGxyrDtRPowXRTS1D4nTCgAh6+wpH47xXWEwXZ +mEnkXqHLIjsW4CSIz2gc+Bza40+wkWz6NQDEb3ncytDZu9vKK1CYwl7RGW4RFkAO +j3FWZvZp8ETPLNRVy64BhZzHY3uOxbYreE+T6JfiIZux8X+Bh4cPJHizfhSMLLS5 +kwABzalaTD33XnjKn5wQ/DfGJ+fGbF54fMlGFjne5VTNwY1ju2ieXTgVrUyzfKPF +96zcvnxo/MWwqcQ8+dXFCZjldP76puo1eVATEBeOCQs8Vj7eL9eN/eo+BfzhS3S8 +CfFFYWeIXQQQEQIAHRYhBNw4R0hwnSYZ/yhnIW0Mr/3bHP6QBQJb8AgDAAoJEG0M +r/3bHP6Q/TsAnA6vTjmrX4nY3QnevNrKefWaQvf3AJ0TALTqXhTcVYVLxfzRt/Qd +u5W2/rQvSXNtYWVsIEJvdXlhIChXb3JrKSA8aXNtYWVsLmJvdXlhQGZyZXRsaW5r +LmNvbT6JAk4EEwEIADgWIQT4KAb9ob9bmhswFOfJ/O1spreUVAUCW/AFCwIbAwUL +CQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDJ/O1spreUVKlBD/sE/eDbJtL8UKc6 +CN7zmA038RSjxlcJrMRoBoThCFKOFtBsYLPebnIkzCDiUwQJaIMYe2RNBHKKz0p+ +2Kvzf7q+xq8W1e72aK1DRhsBTL8/LA1kQkvh3GwMS8z3SOcbXLWqKQuQ7ztYReQG +wsT2/S8reVM96eV67K9vMHKMDF3NyYZewahX0I44YIbQJfLVG5elCkBrfHjGSeIt +tSAv56BhN8J8ky+9nGx5jwWmxc/4Oquyfe9Lf0NMTCjw1xess7UoHlzSMp57yF3T +AaqDcqD2Jdgr2meN9Yo4/Yb9dEvHFy34ppXYanX1nrHGev7YaaQWLoKLVZc3f6gR ++D7sEJUJm3IxO041CR7DBwQ1CQkx3sa66mcHxe+wchOoXBZdsqyl5Ds+zqh6eMyO +UiixDcXDxZuimEY0/+7XjlFjtzhGVNKsjV/Azh+Hx3GZnGHMVpTw73qQFHkWeDrX +FPUbinjtEVTxw0fS9PkDZB5ysgAWlXs2cqoNDMcbdyJn2xszbV5+vjlmcofsQZTr +PiX+hB6P5RQP5ogtnotvbkPDSfPfqdUk5HjGFrGX08FoP4rCromHvSL6Un2lP4I2 +mJbbQzBU/bQUGzfz6U6VEbUHtOL+7woGuXuzTYsRZ/O7/fKohyi/+qsmOozQpLFN +k5xocbF1PgpFphrKYpHaSkf6DS2/F4hdBBARAgAdFiEE3DhHSHCdJhn/KGchbQyv +/dsc/pAFAlvwCAQACgkQbQyv/dsc/pDXWACeKMbL/Dtifpd466TqQP8isfWedtIA +n2xbEmlpxG8yk0w4HQ4djwgY4RbutCpJc21hZWwgQm91eWEgPGlzbWFlbC5ib3V5 +YUBub3JtYWxlc3VwLm9yZz6JAk4EEwEIADgWIQT4KAb9ob9bmhswFOfJ/O1spreU +VAUCW/AEawIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDJ/O1spreUVMGJ +EAC5hKt5NCanRxEl13nQUu4+n05tdRl9C3sTczR8EUZ30zhpBV4chKgeJSD0r1VA +zBSQHMNzroGawaQn38qxFtbcSmkGRDd+0y798x1HFHp+UFiYOdQDQJVsyDuwjq4k +RF7zV+FBj0ffjn5JBy6R3wLmWCFxz1mPmkImdyyS8GEeifwTftC+SSotqfg1lh0K +C+DSQGYtPk0jLvxVPRllnjltDOSPUt9xRE785I6E9oyYrCa5Om51e0eEMzwpkl4e +QschAYILb6SNrVyEMRD5E3lJHD2r6dPvIPFNcLxIQuK/Kdco2jNq7dCL6ukdGI40 +j/oZi7XRrlFCQW321BuipJZ/7t9JWOXOrrEndQv+hOb6PeWkwF1rigjbQq+IipdJ +DUXGBfiIzlpJM5tLhs7BGfLxYNn09rOpkotXrdBzRO62lYyRdQepKpD33v96bQV2 +0w64U44+CxuicjGDw/6no54LY4J7bM1lLGwqvHSeqgYoc+Zs9WH95TNNSmaAHGSf +An4LpzW5nOXbq2rsWVbZpvsVHz3VmC9qmpsYl5tT/ninkLta3tN6TrYUFHXcDWz9 +K+HW+/oARzEmN8eg3iMmWtOnV59YEr/x2vvOHndguUL0tUpRjwuTunH9KOGZE0Kb +uI3ovgLLO2kCSGk4SdXlntu/eLq9FPYqlOpjM9CtLf9JdIhdBBARAgAdFiEE3DhH +SHCdJhn/KGchbQyv/dsc/pAFAlvwCAQACgkQbQyv/dsc/pCHCQCfdPdGx0FmknAs +rPvjuUmuCj9Q8xUAn32dsgQYTlgfTdwLSxWGj4mTD2h6tClJc21hZWwgQm91eWEg +PGJvdXlhQHBoYXJlLm5vcm1hbGVzdXAub3JnPokCTgQTAQgAOBYhBPgoBv2hv1ua +GzAU58n87Wymt5RUBQJb8ASdAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ +EMn87Wymt5RU58QQALMGlOJzcQj/arHezum5H/PiYIpZ1yY+QMCzpSgPdwupwawW +VN88aQRfU6k9xwmsU+Ghjreja09AuqYi/D2+61TM/Tmqi/9HdU6NRYw0hvaZnwFc +vudFBII2XrxmU5k9PnSR6Sq4uLUGkXmvhJddV0q+cjtif+vDi5pl9mqbWBQY8d9S +5Q6ZFZPeEeASUK7Xt/tSq9iXpb1tQsmEJ94Czl5G+gNFJcqj7nlHQ1/c9XeNsvJT +GZVLGM/cAZNzB6AC8Kz+iWUypFuXifC2PYGpJDJ8klqTmDQikGQtM1HMHda6rnwU +L7JIfbuwGbMk65CtG2YE8QqB+/GIfkzWySenmIrldn9Vp5EKB0DD529TyOwQWgzz ++HuVP/4QfkNRxNquWxlAPXmcNfV1SV+/Xn1KwSspb7QlAjiXXOL13J2dwYFpV+21 +vsSW5XqJXfWUU8d4YVOdq1kUTwLjWnWyxwtt8j68KSuTOT4JTA8oNXg87r0B4Fzr +6AoxCM8ePywm5IW55gNAwViTKWBAcNrcwRTP647oNOM5+8D7NZIBpnKffNc/S2S5 +iI1tmaM0yXavmCm0Hb7lkFIsxM2Y2lxwHexPck2ftPXIrjhPYLcFVBdLVx2V2yXe +cFW2vMGZiasVobFqqp1g8htmAlTkN0cTDY7l96wDuirC6OeCbVomEgxQEd0MiF0E +EBECAB0WIQTcOEdIcJ0mGf8oZyFtDK/92xz+kAUCW/AIBAAKCRBtDK/92xz+kHsv +AJ4+zdfjTdO1FUWb42bWdPQfiFe9nACeMIRp1Iu3tNVJkfS9CGGqhrChpfu0LUlz +bWFlbCBCb3V5YSA8aXNtYWVsLmJvdXlhLjA2QG5vcm1hbGVzdXAub3JnPokCTgQT +AQgAOBYhBPgoBv2hv1uaGzAU58n87Wymt5RUBQJb8ASsAhsDBQsJCAcCBhUKCQgL +AgQWAgMBAh4BAheAAAoJEMn87Wymt5RUxa8P/i7zdQ9i5BfWITbdyCgXNoQYIcE3 +J6lIa15eLUcfDcL707zOrUSbhSkthLjeqZoNRCalqjeDOdgCQC1PNoISdkMGd9PO +VOwS3G7Pjt4FSjPVHyw9+Su57pwTcLXBhEyBAkv+tx/QrB/UBCFzPUnsl71QH51y +T8+bNdOiBxssdgn/9IrObn7tu8xDf+d/yGsA493x+mxalai+fhd/t0yzQcdcTrvD +EKRxAaU8wXe8oSwcW5cRmXIi+N4aEnLRO/so9YDGf4z2FQVSL0ktoZYMqZ1ZvIb0 +MNCNl2NgNXThhrAPk9Rhs+S5nRzazJ+tS+D2S728EPpRHpUE43+vewtCdu5c5NWd +Lz88o/jxLwcNwQa2iJoFMyqr15lHt+vM7OyD9X650IJwQw24n4tF6TijzH5GhWcN +SnB7RpLSkftQldpK/zK+tmFH4vVpv+bI3JKAfzRga+5Fu42kB5uHVzXF3qMwYgEO +sRNL5d4xV4SATce1mb8vFpsQmGOWnZAcCaQYhLKfMl7zR5ukytTjf3hRMRH0GAjh +06QAoBMJZhWosYehPi1odjTngIf6hFOqA5prz8Cu/AFe/8aftp9UorJOekAj2io0 +CENRv21qrN8R4bNo04aTMD6WrY+mBL8MteR0ooD3ENQEAZ6UUyZwTzUJk2UUl+5M +ch/HgJ+rQozmRGYeiF0EEBECAB0WIQTcOEdIcJ0mGf8oZyFtDK/92xz+kAUCW/AI +BAAKCRBtDK/92xz+kPsmAJ4wGQ0Hly2eTVzsU8Ht4609Q5kf2wCdHGuu863a0GHv +uUdEokzQEsumYPG0OElzbWFlbCBCb3V5YSAoRG9uJ3QgY29udGFjdCBtZSB0aGVy +ZSkgPGlfYm91eWFAeWFob28uZnI+iQJOBBMBCAA4FiEE+CgG/aG/W5obMBTnyfzt +bKa3lFQFAlvwBMkCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQyfztbKa3 +lFQTlxAAjbuDy3prdEBNMYfi/870MO5eeDOCMtiDJDae4fQjj2NANjeuDGNP659B +/k9uS7o5nrWB7E6rdG4a1J+Qzj5I775xTP/zVbrNSchcLwSoHMMXBm2IdbIanCX0 +JX+dRg2YX6yX+6ZmL8UaWRVICQ84ZxGtYHZ8o8hMCFOuxFklNjYFEPciO9M9m+rv +fUEihQgcBF7+x9KVntlxad61Aa9AzUJLULgY3snaZK687tHUq3yYwXpF9s1CuJ81 +SfZxH32dKqy+2cpJqwQ38BZrTUwjBxxIMR5TRC7h/O9aRIBKQZKlpLcmxWPv18i7 +DwWlrJVb2Sd2WUh+TwPNa7VQc3NjlGtu74SfZqmirE0FyuB86fnsQaF8zhJnRsqE +lagnLoW24PCvc8A9TK95tj+0JO8DIeM49Gg+Br/NBtRB8q5q/ICJOREber6Ke+/I +p90q5VkZafIgeuO+EkyQ6Dq+58NRqC2qEs209xnKOd6exxT+2tEzx6Hy0PKwaay3 +h8WzUamJOTqRv1WG4GmlCeRUQGx8BtdIAEMdww26cN8rmxh5Foh5CH+V75bcybkv +yH+FBDoKFYSpEPg0axHM/e13/nujgLNnSTHuMf7ILvpwoNkkIcQwSpH17B5hZdgl +y0xD7aIS5XU9OoP9mKs1unzUKerWQWY6CxgYOqpssyDTUG+fohuIXQQQEQIAHRYh +BNw4R0hwnSYZ/yhnIW0Mr/3bHP6QBQJb8AgEAAoJEG0Mr/3bHP6QFPAAn3DbFqHo +hjznqQvg15QjlGFaPJaaAJ4ps0+VWG9BN7UBQPG+fcCRwqLaVLQ0SXNtYWVsIEJv +dXlhIChEb24ndCBjb250YWN0IG1lIHRoZXJlKSA8Ym91eWFAa3RoLnNlPokCTgQT +AQgAOBYhBPgoBv2hv1uaGzAU58n87Wymt5RUBQJb8ATfAhsDBQsJCAcCBhUKCQgL +AgQWAgMBAh4BAheAAAoJEMn87Wymt5RU2vAP/12b6S0yJdZ1rgNLj+ZohY36PhCm +30/amkGPQp7HCBylYIRv+y5m4IdiqynzJoap547cFMWNsCyfyU2VKbcy1Uy44FCI +PCUcBME95jD1JWviINDKqLhglciKlJnWUhupiolqFcr2ro+rJVc/fBMWJoBjM5fJ +9eq1ge2LxuYKbu9cpSEtopk7ZBeo69khhrFACdZEqfJtW4qp0hEC0pAKLjN8LhpQ +EEVcq4zejksB+1e1qkuJ6be3/Q2Sj+1ijaJBElJIVJ8qyYs9XSlTlUA1USfy3Yqu +jOkFrIaycxYgKooFgwYfYXCniuqXWZ2geCm2IE90lanQC2w7ZDN/JGwwVuAFVi4H +Mrx6x/yEreqy2AUMesB1eGxqQQG9cgssMLoMAN2IDDJ6FS+e0imWTTMZ6r3ou9W8 ++pFzSIT8LMnBNwp+RxrW3QzBs8sXDw5mS6WroiZMRlfJdA1sUPsrW0GV4/AFuEaK +PhCUvIvoh6zxYR0lA/gYqtszCHGzHeNLoczOhytUZM+KQpOtO3TSING/+o59HHuM +niD6k3mWcyk6MkSgIXquJRGUVGVFeLGlXXf7aWEkIOrXeqjBZpBchZUIxZfkg100 +xxmEgNVGG4vxB/UIGeVqV2S4JscJmCyDGs130nRp7Qp5YGfkaTLKyOdutssrqatP +m5Zcjl2VGr4Xt4uXiF0EEBECAB0WIQTcOEdIcJ0mGf8oZyFtDK/92xz+kAUCW/AI +BAAKCRBtDK/92xz+kEViAJ9zBTPNNTYIxPxt8BEvb3pUDeZkiQCffsDGKi7kdlTj +oZ26K7yxdjexaYS0OUlzbWFlbCBCb3V5YSAoRG9uJ3QgY29udGFjdCBtZSB0aGVy +ZSkgPGJvdXlhQG1lY2gua3RoLnNlPokCTgQTAQgAOBYhBPgoBv2hv1uaGzAU58n8 +7Wymt5RUBQJb8ATwAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEMn87Wym +t5RUIzgP/0/7+y7UOgj4Yja6Lwa+Lm7ESRZnbVmR1ERSAa9RKKr8BbPT4KhgwN2R +x8c3CedFupS02sG1G57u+4qQbEeZylaMu6rusf/XyQ+esh06cRXfR7Vb2d14yFQg +xun9PgPR7jL0RiU2fsgvF6O+u9KwnGRmABZXILDBxzGZBXKBIkmqBM8+rBkXFVWc +gezZqD106KcuGewciuWM7bfyLj+2yV9GhvX8iRyptgkx9/CNEdOqQzKYEbXVTSkh +tUW4QUmNnIiTnD/pZ4kr3UsQV6y0GC1kf9G5EeQHbD+kVROFM0/sX6qGn99IeC+j +96MflMnKuXJeXjlxNFZIYPoolBAC7CvpRfdky5q0KB2xWh+x2jQbn3fPpa6lVZdQ +De14guXdcEsj1QVUMRL3wFCDwHIsi3gqOpCHdy5GmunFRNqUWmoGU+uHt3Kk031w +DJdQY4YP+8tFWLPG3vKoPSf5EcG2Mf0hZiWiiIAX8sVw13W+oDlAQ0HKah/uxV77 +gM2ScBiiiOr92JIf3ftq2AjMuzrGhpKME/wG2DdcOqmq7U+tcVbambSc7SVa5nTM +JXm8ZPOSH0Fax1PULPd3pyLLhfF0rnPiDLcVa6UzG1MaSJiGBurIf3D3OCHRjQQ6 +kVpF9VtXhWeziV8wkyt66HNcuqUs6HDBNkpxPTNacKcZmW8J/FlaiF0EEBECAB0W +IQTcOEdIcJ0mGf8oZyFtDK/92xz+kAUCW/AIBAAKCRBtDK/92xz+kKOiAJ4shO9b +nZ2Nx9XzBBg4C0nUl05LyQCbBpk7t2NIPMKaNtjsPb+RV5HbiQa0O0lzbWFlbCBC +b3V5YSAoRG9uJ3QgY29udGFjdCBtZSB0aGVyZSkgPGlzbWFlbC5ib3V5YUBlbnMu +ZnI+iQJOBBMBCAA4FiEE+CgG/aG/W5obMBTnyfztbKa3lFQFAlvwBZYCGwMFCwkI +BwIGFQoJCAsCBBYCAwECHgECF4AACgkQyfztbKa3lFRK1w//cqsweiuXGPepyn0t +AL/S/scM6r9IwcjD3HrZqmUNSDAqU6PJ0FFialOPuSQIyEvrpY1GL+TiVtnYyAit +sbotxNxNQFwiBvqchg6xd1ftpjJihuo7RysNdSNAnlOxFlEz9X+EGkRqq8rCTpoS +GA9+4uFyFKzfv9CDg7YUVX5GVsE3bsPWymfCW1boW0TQyL7xNrDPfzKpVRHFu7hi +5OghiTbHbifmIolj5Mo0hGuXxz26gFzrufCjgxK9ycW7LnHEnnK0zX8Qfueir8RV +EisuAXtKILgS5mmOj0ywsrva4Qtf5JW5SKymhgsKCWskfz0lq6S6ceIKaYBr4Syk +0MLI82M0zDfGlLuRP6yQ3DTiTC4lWfXHdjyd0w4SwcuAQPCWz34gtUEGfMTyrd6O +le6pYreL1NPzd/NakYsR1H1fsXVJkgpESktoDIkzooLmBV6Pjr+PEt4DvPZYqgKl +AyD+aZeZ5HlTZCLbN9O38nDttWdAvsGjq82qvNI8A/d2Vvz4L1ND6NT71+wtC2QT +a95epSBD64l/JtK99SW/HjLjyvV9O+Nu2p8ESTOEaQhyIudnWYU+er+Vwy7YtLvY +y8L9/Xu9KvlBMjHBXAAV047KwkIQNrNyoTla5yQFSpv57hFYbx5CKTprpsl9Ic4v +uPjC/GMgkAJ3yTwIgxa47hgUAtKIXQQQEQIAHRYhBNw4R0hwnSYZ/yhnIW0Mr/3b +HP6QBQJb8AgEAAoJEG0Mr/3bHP6QyCcAnRuTQIMOpwxbyzjj+t0C9GdNJYmGAJ9v +5c5kvNCFiJAFCbUD4OxJBNA28rQ9SXNtYWVsIEJvdXlhIChEb24ndCBjb250YWN0 +IG1lIHRoZXJlKSA8Ym91eWFAbWF0aC5qdXNzaWV1LmZyPokCTgQTAQgAOBYhBPgo +Bv2hv1uaGzAU58n87Wymt5RUBQJb8AW0AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4B +AheAAAoJEMn87Wymt5RUaT8P/2OvKAfgqu0zQX0JhKu/wd9AATVmLa8C48JPQMUn +5Z9dQyDcFyKKfKbGCz9B5jTOrzHNX0VJfpDujOTiPIk6ci0KqAJ3Fz0gdpxIcEoW +B2zg0nwDtGHsGMX8togpcbVgKqblp0XSsMAFV2FN5PsAnxkqdXPDmZ5iZSgs9roi +9nxHPavbcr1cSAjsiRoFxFudzo7Q0Z/KLRlTuTSAX6B+vRAeyRB4NcXThKYZlAi6 +cr+xXTvPFddiQZgVBT+ICZRQY0gwgHpQcj70fNx1w6tTHfThlxInojKGlreOZov9 +A4TVeex/QagVTsjRAQuZ9yLMkx7JxakAxBPZ/OHuv7/K1Qdx90AJ8zQZ6uOXpUNl +c2MDEBoTI/nbsgMeHI/Mj4ndxCBUMperZ1oCITl+AhaqEZ+LxTKyne41YJedlqjc +5xnUVigz4ajmZPYmbO6eRDxisx4fMG7hI2HnNWak2xBDVOp1z2aqZY0xsG7o697d +I9BeR9JxbIusx0Szq6GabwI5beEI1xLlT333Fe3XDtT0NIQQvW9byuYuyfp7H6Xm +hFj2ut7jVI9xG932sJ8ioRJGCK1UcGYEL0ei4YZRv+mVysEJFjki2nlxspnG4C/V +Q20jXnLAXOpKLiStkNJ15WsnzeoL4eq0AUOYMMmYKAquXXgpVs+xUDv6XathWA2v +oZkAiF0EEBECAB0WIQTcOEdIcJ0mGf8oZyFtDK/92xz+kAUCW/AIBAAKCRBtDK/9 +2xz+kEBpAJ4x7hASmdnDcyFGTyuRHj6NwsDtNwCfRVfqoiRcGmvDRA8U25cPk5XT +ZYTRzlXOUwEQAAEBAAAAAAAAAAAAAAAA/9j/4AAQSkZJRgABAQEASABIAAD/2wBD +AAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcp +LDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIy +MjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCACMAG4D +AREAAhEBAxEB/8QAHAAAAgIDAQEAAAAAAAAAAAAABgcEBQACAwEI/8QAQhAAAQIE +BAIGBgYIBwEAAAAAAQIDAAQFEQYSITFBURMUImFxsQcjMoGRwUJDUmJjchUlNTaC +odHwFiYzc4OS4bL/xAAZAQADAQEBAAAAAAAAAAAAAAAAAQIDBAX/xAAgEQEBAAID +AQEBAQEBAAAAAAAAAQIRAyExQRJREyIy/9oADAMBAAIRAxEAPwB2JHaECEjiPGA4 +6GA3kMMgDy8AZAGQAp8XD/Nc5+VP/wAiJT9GeBv3e/5VQ4cEu8M3sAZAGQBFT7Qh +JSOUBt4DZYww8O0AeQB5cc4AgzNXk5dfRh1Dj1r9Ghab/wAzpE3KQFdiSotTGIph +4trQFpAFyDwtwjO8mqqYbHeByDQNCD61R0jTGyzcTrQmigyAMsYAyxgCtTNt5hqI +SUnrKOYgN06yjnCVtnWUc4BtyenmWGVuurSlttJUpR2AGpMGyKbEHpZm3ulapLSW +GTcIdWm6yOZ1sIj92q0Cf8UVp2Y6b9IOIVtZkkD366xOzkjujFc83mROKZcCjc9M +kE/1hbV+Yq1VhC3TkUEKvcWNxE6UY3o4xKpueVIuKGRaSoWO5GsXhdXSM59Nhucb +cbStJFlAEeEa7Q26yj7UPdJ71pv7Qhboedab+0Iexsu2p2ZuD0sJltZom5gkEuaQ +jldxMPkZuk0gW2E05cetgIvfSJihZY/RcvODKpXr0NntKA4HkCeHdEWrkLBc67fK +EoF+Khc/CEuMYZn5tYyMFwX0KQRbwtCtkXMbUk4eqBKgpC9eYN4n9xf+Vczh+fYv +maUoDUHlD/cF47EmlTz0hPtFalsrQsdoGxtx1hs7DpolaTO5JZl7sdHmZPNKbAjx +Fx7jFY34ys+rcl4/XGL0jbVQmODpgsG2JD/F1UVIVqmRKgcT8YbNcy8qOrqO/ZiL +6uRLTKAU8WGloF/A3WpgUqjTc8gjOy0Si+2bYQr1C9pAzM469NOuKdUpxxRN766x +LUXYWw6mYbEw+m9zpeMc8/kdPHh/THp9LaYQAlCR4CMvXRNLASSCbqSOUGha0ekW +ym2QW8INBRVbCkjUJJ1BbCHCLpcA1SeBiscrEZ4ygLD1XmaFXUNzCypcutSSgnTX +Q2jbf2OTLH5TvkHGpuVbfTey0hWpvvHRjdxzWdrJiXSraHRi1cZQlVjDhUFGqNgX +zDaCxAtpjgepRcHFMQvHxaNIzUoG30YF/Cl9JM0sYVW2nNZb6EqI5an5ROXgw9LX +DEiieniVpBCNLGMuTLUdPHNmzTpdEu2lKUgJHARzW9uqToQy1iBDhpRtaKJ4bFO0 +A+oTygLxKiXxS2WMSqWNFGyzaN8L/wAuXlnY9whWn2qX0SyS2k3bJ5co14/45uXX +pjYYnOvpcUdcpt/KNazxaVWotys8W1HWwMBX0s0yM8sWyDbTtCK2z0ZNBys0INPO +thwIsRmEQ0x8XLEzLimhBfazBNvaEJfwtMeU0PYXnCVIOSzicqrm4MK+Fj6XeBmg +3LuuH2s9o5+V2cRgsz7DashKlHiEi8YadMqwYr9NS4lourSs8FIMVoerxDzTiLg7 +xW4WkWZqkhK9mYm2m1HYKO8IIipyXmFXYeQsDkYiztW+iwxmwheJAyDYrQlV78yY +34/HNy+jOkUZCqQyEzLbRCbZSNY6OOfXHyW0Y4TXK0lp1ExNt3Uq4+EXU49K3Eja +ahVS/LTSMmQJhwspuhRc20nUz7dvGIDZmYbWq6ZtKtDteAK1AeW0XElwoG6glRA9 +8JfTkp7MhSOnGoI3MTlLpWNm44YdkhKiYlr3UHLE8zaObO7jswx1dLadROyqkplz +kSsi6xwiJZb231Z4i081l0zJnnAgIUOg49IL8deWusVlMNdFj/pvsZ0guO0txbg9 +Yi4FuNoz1dKvoPrM1WOtN9Tlm3hm7YNiUjgf75ReEx13U5/rf/MWtPdmzNOMvNhS +Uq7DgTa45wrZL0NWzsP4ukutYokg3bpFNpzC17gE8PCNuPxy8vq1ammGWg31lQt9 +wxvjLI5rd1IYdMySJdb7pG/RsqV8orsumrs0GHC286+2sbpUyoHygLcQQhpSkHKk +gnlFMqaOHZdkUI2Zb9k/RETV4+L2ntNijpSEJtk2AhxfwAzbTIdc9UjQn6IgjOg8 +ASlaW1fTQ352J1jhynseljd2X+ixltuYbGZIULcYjTqk6Y9KtMsKUEITpuBBelad +6SvNT1FI02EOeM/XPqMu+c/RpUR3awo0+OqZZtkWQkCFpNnSfhuiSk3PzFYdZSp6 +XXkaWe5JGngSfjHXwzp53PQfOPFM1Mg7dKoD4x0uQZejxZWzM34OfKFVYIGMr/pw +AH6seZhxOXoClnCpSQf71gSbmHf2D/CYmrx8XdO/Y6b75YIv4AZ0WcdP3j5xTOl7 +UOtMYkPS3U0U5m1HdQO49x090cvLjJt18Wdup/BfSpglsDhHNvT0ML0ytTWVlCm5 +hKXG1ZshTmze6FO7s8spEalVqeZQ+2uUzIOqFIQRvwsdovxHqdKz6lqz5wHL9pGX +KbRF3LtpLPE1+ZyIzngLxU7RnlqC7CssZfDDeY3W6OkV4nWO3jx1HmZ5fqlhU05a +g+k8XFecbRz0aejtIS3M2+2PKFkrBExgi9bB/DHmYIWfpdygs4k+ECThw5rQP4TC +q8fF1TtaQm/2YS/gAqH+o9+Y+cUyoWxNklaVIzJSi/WVoJ2Psgxjyzrpvw3vtrSZ +4XzZzkWNDyMcWUehhk7Lpk7Jzhf6wtTLlipIAKx/FBLNaaY49rlpMsWdVzpNtgtO +/wAItprP+xBNPmUTInFzDnQJUAlpdlFPffv5RGV+M8vfXs9N5gWxYlZypHO8XxY7 +sjDlz1jaaVDFsPsDk2PKO5wTwqKwgmpPH8Q+cWxo09HySG5m/wBseULJeCNjAE1Z +On0PmYIMi8ZFn0i0NmbeGz+oB+U+cTWmPi6p6gqlAjbLCXPC2xDPJpsnOTa05g1m +OUfSN9BDt0zk3dF+1XprF9BmGX5Zlhlp3MwpBJUVW1uT7o5+XPVjq4uP1UyFWXIu +dXfAQ6g+0rYjmIzuP67jWZfnqmXR6tIz8olsrvbTX+sYXCyujDOWLhFNkmLv5la8 +OkNoeulb0HazX2ULLSVZGxcbjwiphazyzkQKMtycfdnHgRlA6FJ5Hj746+HCTtwc +/JbdHNQ1ZqAyfwx5RpU4+FnUtZ5/T6xXnF7ZaGGBT6t8Wt2h5Qsl4oWK1XrOX8MH ++ZggsLmUN3UlXdDZG5hz9hC3IxFaY+Leln9Tp/LAv4RnpEqahUxIJPqkErcAO5US +Nfd5wqWE+oWFZNtmTYlEG6bE35m+scXLv9Xbv4pNPK9hhbt1JbVobpUOELDPR54b +DDTlTo7pBbK0g7jjGu8cmWssVpMY3qEzLpl0srFhYgA3I+EKYRV5MrHeh0KerlVQ +/UG1NSvtKSrQqHL3w8spjOk443K9iOj1aVqU3PBgpSQuyUfdT2QR3aCOnj6mnLyz +vZyUD93mf9sRVGPhbz6gZ18X+tV5xWmWxfgdeZDwtqFfKFkvFVYxWUV5JHFr5wQZ +eoLHo+m21AmbR/1/9hbT+aNqVTHKdTjLqWFGxFwIVVjNRS1fGdOwpTTJqUJufCbB +hs6A/ePDw3hKkIGqzj9QemZ15RW46orUfE/KBUTqDVxITjZevkvfSMuTj/U6bcef +5vZryjrM3LocQpK0LFwRqDHJZ/XXL9jSYpjDuvRI8csJSKaWhBu20gHnYQi1GPI6 +tJulBAWoGyu+KhXwmqa9N0esKbKih9lw5rbf2fIx3Y3fccOWPyvqHB861UsKyr7S +hZaMqkj6KhoR/fdFbZya6QH8DtPPrdM04CtRVaw4xX6R+FrQ6EmilwJeU4Fm/agt +2cx0gV3DT1WqImEzCUAIy2y34wbFxBLWO6iUlSsgA3JhaR+rVZW/SJVJ1gyss6WE +EWWtGi1DlfgPCE0k/oEecU4sklVz3wKQ7WcUyq2VYJT8x84DaS4DjRaX7aNP/YAJ +sK4lVRpoSk8SZN09le/Rq5+HMRjycf67nrbj5Pz1fDWllNzDCXEKStChdKkm4UOY +jm18rp3/AB4tnXQQtK2qag2S6G+65gKlJWQhzFs84kdkry+8C0dfF/5cvJ6JMO4w +qeHWnGpZ31CiFKbUnMkm1r24HbaNWFgrlPSS/NKQkvNt3PaJJ0hzSLL8HWHKoupv +qzPBxNgRlMOyQsbbe0bEdZnqbUQ1LrbyFN+2qx3hyDLLVJWamweyDoNkxC5jpXrW +V7QG4lRO1r84DR5hpbqUqSrK4ghST3/0gPTmhwOuIeQLH2VjlASUUh1JSRfXUQGn +UrGUzhR9ptbinZZau00o3FufcfD+cRlhMl48lxNuk12RrcqJiTdC08Qd0+Mc2WNl +1XVjlMpuK/EU+mlyz02QCVdlNzbW0TMbbpWVkm6S70+/1t0hpokqvmNySd47ccZJ +pw223bnKTU4mdbadc6Rp0ELSRsddRDSnq6RhwkXAuFAwGJsLYvn8NzqX2CHWFH1j +K9ljuPA98BWbG9dqTGJ52Vnqcq7a2LqSrQoObVJ74ueMMuqVSlG+u8Q6HNSiIA8J +SdYA8NucAQVlUrNlxKFKbXbOEi5B52hBKXMC3qknMRuRDCKqX6W/SDPffNxgDrTl +zNImumkHXGuYQsix7v6QrJfTls8XFYxBO10s9YASptOWw0BPFXjE44TGqz5LlNVT +mXGc+MWh6ZZKilRSCU8YA7FG45jSAMaJSgDkbQBd0SsPUxbuUZkKHsnnzh70jLHa +qHHxiVtV6JvDDjt8YA3ygI4wBrlGf3QBsEjLtAbLDlAG6QIQcrdpR5GGTpYWvAGx +FlECAPLa35QBooBPSW4C8ASZXVRvyhlX/9mJAk4EEwEIADgWIQT4KAb9ob9bmhsw +FOfJ/O1spreUVAUCW/AHrgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDJ +/O1spreUVJ4nD/9tGS8cg2eUSwd0ExCl0dWsJRdM0mUYh17mXyVNLcvbglIkSdma +v/Ty3ke533izRN/SkkU8vNthjKAohZmmXlaXrruEyHq2vfXcDg4+C7FJQ+O3PT2B +S5ft3Ht2GmRpD2lWpeUlJ9BXF2EF5pSnHPOrlTHRUfjBCDU4uuSeKgioSyoc2iWb +BBaSXyeQAUR+ppM1AYKUlCDxpLbe3nVCOUc+JgJzv+47EqwMyVODwzk7oFO4GMRm +KTKlctb1ym75oV1tiZi2fL/KA2uAab/RMO0rfxa9HVWnJGvUEDMPlTfs7222zuLB +55Fzllfx5rQlou+MLBQIV978HRZrDxZesQOOJ4/BwTPgQ42GREf+uf5/SG4Fn3Qh +NZsvoaePMLN/QQEjM7eqOUzRJRVcdJfRH+LinIFrAqcmbbcp1bvq8LV5lbmlFJLF +gimvW/shf/6Zu1YsfBhvLWInUCyoOPFa1tASF6qqi1hEOd8tQgNE/H/FSIehmTHT +74kYPNRm+DzlvrW2JPVl24Nf/SWbOG/IzGBY/pDActTwYqnpXKR7eUt/YcPpmrPi +kyIKX32U2vTBCE3yvCm0KRzrcSbTJGfVgmlxxqIuOtbeaBtf96m+o5z/xw9ro7Ek +VZbsx6fPuWuLY/MqeLXl1EuiU6X1sr+skDY8lJeeiRt+Uq5mCZuEgWdM1IhdBBAR +AgAdFiEE3DhHSHCdJhn/KGchbQyv/dsc/pAFAlvwCAQACgkQbQyv/dsc/pABQACf +YaUOqzlafrzeGdwHwDleootu0UcAn2adbaKJ79QBtDVPkR77zV801JlXuQINBFvw +A+gBEACt8AiUTMcyNXwN6kiOLPd+85IPlLwEVyofz8p2QBAxJsqKozlXXpnK7ahC +RSiHt02EK39WiyZpeY1/2dGmdvyI1vc7ld3814Dveh4nf1GRSpDZ427cxayaclh+ +wRQ8nDWFOQUsMB3He/Z+aO6l/ZNvdVdzRUHda1XvN41nwXUL9FQUn/TLYgHbxa7P +Yy18ZnNzH/xGSwDgRrqPEAZ8KOpbHEbNyYuYuv6IM8Xmbp8Q6bl2RyBNnrlphksJ +kLvO6RLHUvvw5uX5bt+u3umoZ+yHUkP13NtQHTyZ8VTCQimkB6OisisOTnV8OjLG +xtLEF/TjeGFAAoEnc8bQAPvrtONQL19rPkMB0gXYXPBbGw7eWYr3QpuOujUXcz9U +0JSSEov7cUepdTY8LEYFw8U5WimKY6f/uJUVx/ukNPtuAljJji0cjIGEOX2XGlBV +Ix/U3vywLBfUFW5hT+75z7UB3yG3Zexo0WSaQxxZ5PHxyPYBK1PvVkH0LvkbxJcr +rouJJQ66chjRglUbv4lf85/cG1ZLu3Ds0UbuD0gE9sAEwXtfdgDmp/HB7mxwJr1O +BRbTRv0Okx/lovWXkxt+hX+DXZ1u1qdZUW3zjmge8W7xag3epD21jIjFDODgUfDT +fgJi2FQq+szpagfPN5j5aIQKHCZf0DLbBD+ZWYQdld5JZs2V5QARAQABiQI2BBgB +CAAgFiEE+CgG/aG/W5obMBTnyfztbKa3lFQFAlvwA+gCGwwACgkQyfztbKa3lFTa +yxAAxQo/9dvOO74J+9XznCYb5iO1B1ksnVegSGVuId45JKXkCkuWvDOkcU8+ma38 +wo3MBoPLpSMCXc/mKQ0p0ntO1tD/Wf4nBBCvseWcsR6RR5Su5jYorm0qZ89IOEPN +K2W2Z41X6DHyteB1dAyIyexOYoLKD7iWcQzga4/EoUPEwcr8BWWgGLBfRhXsYySz +F3fQPS7KaemDLGbJfTDZCSqmsZPnlksSvGxEBwUwfCjfY+QHxzWPRFPkuQJJR6YW +tiZ3z7jBRdRk/R5v2CJZJuGHcPPYQy6j2TYGONojm+ifaq1hz+A0aoy4P9qRW5Nl +mm6yiqEoJe07DrMLxn3H3ucuOo7DiNWmkkjW8DfhFSd+3pFMSvKGujOJWN27UDEp +ERWFX50gE15Sq4aPbMPNRejFQ1n75B4jfFQXg6WuwF3kwgHK3Y5T5vTEkbPgce9c +SyyFWU7EA4DJGnt7/FoaPDTKOWI9WSkmjOSABTBNSaUiMSFA3Wg/T0aS5pETpkv2 +S/GVVX022orAGK8zEY1vr2a24itOAKpQwFRuMjqDCBVgKAsMtlPu8jv3Zm/AMcYM +sRRnDWJh2TO8bqXXUG/o783fcTE3d1Ff7s4BfmBqpGHigZeehNvu+FshRDYaDrDN +IS0fTqbsX/JjaCXwU/o2E6G4aE79Ut/IMsCYzItTDh2UmcS5Ag0EW/G8wgEQALBi +2/A7Ev/92mYi4Gm//IJEKjm2Vc3NcX5LdSyPwdSLlHSRwvzZz7M0VeflcTYqssto +VPVf4maDtLGbQJn43CLqjvIW/C6jzjfvoZf0gbHpNfKY1ENs5xgE0wd3ZdsqpQC6 +W9Pu+kN31QS9+RUKwiG2bNBIREChL/omqiLhNu3hDbZnB+uSByOk901XVrNmKa8G +NzXSfJSCt0gP7XU6VpMqjxppA8Y2Vo7jnylbrgVJriTt6jtjDylBBQqmHSOXMT+q +9kIWDSocKhSFHBMO6LYnAwbMef2kqio5zaKzZAuwis0zjOqKHwW54xL2T7djFav9 +VlgcAYN105iMLUiIl39HLeZnS5pUESOXRUv/qLwiQRvBlWBPIep3+ycM2eK8r5a1 +5EwCgN2nSl3KYjzTOisCmK1nQs+gQ1RMraeBGYEG0uIUvDxfoONTuYkM3dhWq2Xx +V/OO6yUkfyOlBGUREe1PXAOsP0LtAFJha7kbh7Eg6GGU7gRYh2dG2Ln6Vmx1ldbS +F3woFYPGNMsQmgEKxwyjKaq0Qhd/sKHrTpPz8PXfGP4dHegExKegS7Yof1VrKBB+ +L8Q8o1Oi8JPCjRp47iga5OYS1Vn3h5a07ajzSAxPsmF0lmF4tYk2MFxSs403ShiE +BTjN4t6rjmnoQV/b+CuhpmvzxaYr736/jkY7s0I5ABEBAAGJBGwEGAEIACAWIQT4 +KAb9ob9bmhswFOfJ/O1spreUVAUCW/G8wgIbAgJACRDJ/O1spreUVMF0IAQZAQgA +HRYhBB2wOl45wX3kd77c+/0dTvV/qVkCBQJb8bzCAAoJEP0dTvV/qVkC3tUP/2rR +VDaSPj9+UYJtHGDfQmYCEqxROm5wGCJbNrUQspLeL8+XrsaUDh1ldNAQtoDqGjRp +kwjJAS0OZfvCv7pI052NK/KVGaK5Tj2+0lxTAcGbAKoH8E2HWPlERpU9CRLvzvDE +4GGxw2nw7aobNGbf9d98c9RpZuAul92BOClnpGEU4VzjKUk9IsSjZQVJnggQujxL +qWWiwfGwVsj2PdgPao/P48cYNl5CACBgY19AAh7WzgJVz/6je/5NLdAAV+E31qSE +EaZsvTBqrMOtH6iTn1GpJ73FsJ0BYVt9X99bRT0Vi0iWulBuhYfZG4PdCY6fv6uC +d+6pAC+Y/M9npaLbBHscSlJheTyvfuB7bzYBY+Q87VHSOMuNni7U08FuiILFoF+e +/ESU/v0Hde44ghiXKSaFO8djxc874KM9UlGWvw9UbmI8Z2uM0kDcrPZ/8tcjXOhp +PEBib54ab4tKCUCtOmsF9ZiT0hOqYdP9bXW+6OGfCignJ7ABhPpANfx2Sn/28L9l +PbF1nA5CkHdyo/ku1Z/lNq44yvrB8r0Ljq6s3KS69dUZqqrADeogOdi0/TrghtKU +DERWGmQagYSzMIvsXoAI56MxXFLriSObmpFLTWq7cr/+Ju3AcaSkrpDSYi3U6vLL +8NuXPhul1S/+yPwvX6Mk1Zkip9/Wg4SQeiT2R7xj8zMP/RJ8uKbnKpOftY89Kv0Y +FZ4hE3FeBR3UJvkuPdQYNLQRluzh63Bzc4ClSxB9Ma7fmAEiuFtgEi4HLTMBDOHO +uVMuWYcgubu9VBlAGLJ++gnKxCAJXEntuB49il8MjMsy+uv/cFCjPG9z/1pmWYrE +XBNA+vcaOrNTS2IykAbqybcPYbBcN47bm+A4i5yqiahk0q++j4LOW/nf88xXO7xI +V/4vQgemh7RHgHJOkKfzOPw/Kx3UjV1jA9gEUrusHE4R3Upxh0ZeQW19hUnVlao1 +TxxKEUryrRzckuRfc5ziMWNyJaZsPMkeBEhyY/CizDFPrsSXIAijfu8KFnxCsnaM +ylFBWOu5FwsKMDXxu0QdwqpL2CM8p+q12z1VruNjpIc8bAc0/YMndjYnxzsqQEMV +GQIDKWqh/m6v7sqbn65ZQcVAzSAriGcQxCOIoT/TA/J+/4BSk5c8TKlqT8NBT77B +Z70vMr41mZus1A/ciI8AxgbYwlhuvTehdm74k/c7NSzTxeG3OumTlBR1I18C4AIi +y4iM3O4H4jvEssWBUzpm3VJG0NvcN/M4YVZHX5yxWQuIFcghzb7sLYddmRvR9B0M +Xowot//r/sgn43xv54sIvwe9MkCCU6j7ePYUlOUnn+vQ5i7rFN/UPub3V3toI2gg +DRuKdymWEii1jA9KlmheLTFr +=r9L+ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/systems/zoldene/base.nix b/systems/zoldene/base.nix new file mode 100644 index 0000000..8ca5d52 --- /dev/null +++ b/systems/zoldene/base.nix @@ -0,0 +1,122 @@ +{ name, config, lib, pkgs, secrets, ... }: +let + # udev rules to be able to boot from qemu in a rescue + udev-qemu-rules = + let disks = config.disko.devices.disk; + in builtins.concatStringsSep "\n" (lib.imap1 (i: d: '' + SUBSYSTEM=="block", KERNEL=="sd*", ENV{DEVTYPE}=="disk", ENV{ID_MODEL}=="QEMU_HARDDISK", ENV{ID_SERIAL_SHORT}=="QM0000${builtins.toString i}", SYMLINK+="${lib.removePrefix "/dev/" disks."${d}".device}" + SUBSYSTEM=="block", KERNEL=="sd*", ENV{DEVTYPE}=="partition", ENV{ID_MODEL}=="QEMU_HARDDISK", ENV{ID_SERIAL_SHORT}=="QM0000${builtins.toString i}", SYMLINK+="${lib.removePrefix "/dev/" disks."${d}".device}-part%E{PARTN}" + '') (builtins.attrNames disks)); +in +{ + services.openssh = { + settings.KbdInteractiveAuthentication = false; + hostKeys = [ + { + path = "/persist/zpool/etc/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + { + path = "/persist/zpool/etc/ssh/ssh_host_rsa_key"; + type = "rsa"; + bits = 4096; + } + ]; + }; + + system.stateVersion = "23.05"; + + # Useful when booting from qemu in rescue + console = { + earlySetup = true; + keyMap = "fr"; + }; + + services.udev.extraRules = udev-qemu-rules; + fileSystems."/persist/zfast".neededForBoot = true; + boot = { + zfs.forceImportAll = true; # needed for the first boot after + # install, because nixos-anywhere + # doesn't export filesystems properly + # after install (only affects fs not + # needed for boot, see fsNeededForBoot + # in nixos/lib/utils.nix + kernelParams = [ "boot.shell_on_fail" ]; + loader.grub.devices = [ + config.disko.devices.disk.sda.device + config.disko.devices.disk.sdb.device + ]; + extraModulePackages = [ ]; + kernelModules = [ "kvm-intel" ]; + supportedFilesystems = [ "zfs" ]; + kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + initrd = { + postDeviceCommands = lib.mkAfter '' + zfs rollback -r zfast/root@blank + ''; + services.udev.rules = udev-qemu-rules; + availableKernelModules = [ "e1000e" "ahci" "sd_mod" ]; + network = { + enable = true; + postCommands = "echo 'cryptsetup-askpass' >> /root/.profile"; + flushBeforeStage2 = true; + ssh = { + enable = true; + port = 2222; + authorizedKeys = config.users.extraUsers.root.openssh.authorizedKeys.keys; + hostKeys = [ + "/boot/initrdSecrets/ssh_host_rsa_key" + "/boot/initrdSecrets/ssh_host_ed25519_key" + ]; + }; + }; + }; + }; + networking = { + hostId = "6251d3d5"; + firewall.enable = false; + firewall.allowedUDPPorts = [ 43484 ]; + # needed for initrd proper network setup too + useDHCP = lib.mkDefault true; + + wireguard.interfaces.wg0 = { + generatePrivateKeyFile = true; + privateKeyFile = "/persist/zpool/etc/wireguard/wg0"; + #presharedKeyFile = config.secrets.fullPaths."wireguard/preshared_key"; + listenPort = 43484; + + ips = [ + "192.168.1.25/24" + ]; + peers = [ + ]; + }; + }; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.enableRedistributableFirmware = lib.mkDefault true; + system.activationScripts.createDatasets = { + deps = [ ]; + text = '' + PATH=${pkgs.zfs}/bin:$PATH + '' + builtins.concatStringsSep "\n" (lib.mapAttrsToList (name: c: '' + if ! zfs list "${c._parent.name}/${name}" 2>/dev/null >/dev/null; then + ${c._create { zpool = c._parent.name; }} + fi + '') (config.disko.devices.zpool.zfast.datasets // config.disko.devices.zpool.zpool.datasets)); + }; + + secrets.keys."wireguard/preshared_key/eldiron" = { + permissions = "0400"; + user = "root"; + group = "root"; + text = let + key = builtins.concatStringsSep "_" (builtins.sort builtins.lessThan [ name "eldiron" ]); + in + "{{ .wireguard.preshared_keys.${key} }}"; + }; + secrets.decryptKey = "/persist/zpool/etc/ssh/ssh_host_ed25519_key"; + # ssh-keyscan zoldene | nix-shell -p ssh-to-age --run ssh-to-age + secrets.ageKeys = [ "age1rqr7qdpjm8fy9nf3x07fa824v87n40g0ljrgdysuayuklnvhcynq4c8en8" ]; +} diff --git a/systems/zoldene/disko.nix b/systems/zoldene/disko.nix new file mode 100644 index 0000000..7df5697 --- /dev/null +++ b/systems/zoldene/disko.nix @@ -0,0 +1,87 @@ +{ cryptKeyFile, ... }: { + disko.devices = let + zpoolDatasets = { + "root" = { type = "zfs_fs"; options.mountpoint = "none"; }; + "root/persist" = { type = "zfs_fs"; mountpoint = "/persist/zpool"; options.mountpoint = "legacy"; }; + }; + zfastDatasets = { + "root" = { type = "zfs_fs"; mountpoint = "/"; options.mountpoint = "legacy"; postCreateHook = "zfs snapshot zfast/root@blank"; }; + "root/nix" = { type = "zfs_fs"; mountpoint = "/nix"; options.mountpoint = "legacy"; }; + "root/persist" = { type = "zfs_fs"; mountpoint = "/persist/zfast"; options.mountpoint = "legacy"; }; + "root/persist/var" = { type = "zfs_fs"; mountpoint = "/persist/zfast/var"; options.mountpoint = "legacy"; }; + "root/persist/var/lib" = { type = "zfs_fs"; mountpoint = "/persist/zfast/var/lib"; options.mountpoint = "legacy"; }; + }; + in { + disk = { + sda = { + type = "disk"; + device = "/dev/disk/by-id/ata-SAMSUNG_MZ7LM480HCHP-00003_S1YJNYAG700613"; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { start = "2GiB"; end = "-8GiB"; name = "ssdLuksA"; content = { type = "luks"; name = "ssdA"; keyFile = cryptKeyFile; content = { type = "zfs"; pool = "zfast"; }; }; } + { start = "-8GiB"; end = "-2MiB"; name = "swapA"; flags = [ "swap" ]; content = { type = "swap"; }; } + { start = "2048s"; end = "4095s"; name = "ssdGrubA"; flags = [ "bios_grub" ]; } + { start = "4096s"; end = "2GiB"; name = "ssdBootA"; content = { type = "filesystem"; format = "ext4"; mountpoint = "/boot"; }; } + ]; + }; + }; + sdb = { + type = "disk"; + device = "/dev/disk/by-id/ata-SAMSUNG_MZ7LM480HCHP-00003_S1YJNYAG700682"; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { start = "2GiB"; end = "-8GiB"; name = "ssdLuksB"; content = { type = "luks"; name = "ssdB"; keyFile = cryptKeyFile; content = { type = "zfs"; pool = "zfast"; }; }; } + { start = "-8GiB"; end = "-2MiB"; name = "swapB"; flags = [ "swap" ]; content = { type = "swap"; }; } + { start = "2048s"; end = "4095s"; name = "ssdGrubB"; flags = [ "bios_grub" ]; } + #{ start = "4096s"; end = "2GiB"; name = "ssdBootB"; content = { type = "filesystem"; format = "ext4"; }; } # non monté + ]; + }; + }; + sdc = { + type = "disk"; + device = "/dev/disk/by-id/ata-ST4000NM0245-1Z2107_ZC110SY1"; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { start = "2048s"; end = "-34s"; name = "hddLuksA"; content = { type = "luks"; name = "bigA"; keyFile = cryptKeyFile; content = { type = "zfs"; pool = "zpool"; }; }; } + ]; + }; + }; + sdd = { + type = "disk"; + device = "/dev/disk/by-id/ata-ST4000NM0245-1Z2107_ZC110YXX"; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { start = "2048s"; end = "-34s"; name = "hddLuksB"; content = { type = "luks"; name = "bigB"; keyFile = cryptKeyFile; content = { type = "zfs"; pool = "zpool"; }; }; } + ]; + }; + }; + }; + + zpool = { + zpool = { + type = "zpool"; + mode = "mirror"; + mountRoot = "/"; + rootFsOptions = { mountpoint = "none"; atime = "off"; xattr = "sa"; acltype = "posix"; }; + options = { ashift = "12"; }; + datasets = zpoolDatasets; + }; + zfast = { + type = "zpool"; + mode = "mirror"; + mountRoot = "/"; + rootFsOptions = { mountpoint = "none"; atime = "off"; xattr = "sa"; acltype = "posix"; }; + options = { ashift = "12"; }; + datasets = zfastDatasets; + }; + }; + }; +} diff --git a/systems/zoldene/flake.lock b/systems/zoldene/flake.lock new file mode 100644 index 0000000..0a9ba64 --- /dev/null +++ b/systems/zoldene/flake.lock @@ -0,0 +1,560 @@ +{ + "nodes": { + "backports": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_6" + }, + "locked": { + "lastModified": 1, + "narHash": "sha256-VewHWeZvwLvWVm2bMQk5UQ0G/HyO8X87BssvmbLWbrY=", + "path": "../../backports", + "type": "path" + }, + "original": { + "path": "../../backports", + "type": "path" + } + }, + "colmena": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs", + "stable": "stable" + }, + "locked": { + "lastModified": 1687954574, + "narHash": "sha256-YasVTaNXq2xqZdejyIhuyqvNypmx+K/Y1ZZ4+raeeII=", + "owner": "immae", + "repo": "colmena", + "rev": "e427171150a35e23204c4c15a2483358d22a0eff", + "type": "github" + }, + "original": { + "owner": "immae", + "ref": "add-lib-get-flake", + "repo": "colmena", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1687968164, + "narHash": "sha256-L9jr2zCB6NIaBE3towusjGBigsnE2pMID8wBGkYbTS4=", + "owner": "nix-community", + "repo": "disko", + "rev": "8002e7cb899bc2a02a2ebfb7f999fcd7c18b92a1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "environment": { + "locked": { + "lastModified": 1, + "narHash": "sha256-rMKbM7fHqWQbI7y59BsPG8KwoDj2jyrvN2niPWB24uE=", + "path": "../environment", + "type": "path" + }, + "original": { + "path": "../environment", + "type": "path" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1687762428, + "narHash": "sha256-DIf7mi45PKo+s8dOYF+UlXHzE0Wl/+k3tXUyAoAnoGE=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "37dd7bb15791c86d55c5121740a1887ab55ee836", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_2" + }, + "locked": { + "lastModified": 1675295133, + "narHash": "sha256-dU8fuLL98WFXG0VnRgM00bqKX6CEPBLybhiIDIgO45o=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "bf53492df08f3178ce85e0c9df8ed8d03c030c9f", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "impermanence": { + "locked": { + "lastModified": 1684264534, + "narHash": "sha256-K0zr+ry3FwIo3rN2U/VWAkCJSgBslBisvfRIPwMbuCQ=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "89253fb1518063556edd5e54509c30ac3089d5e6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "master", + "repo": "impermanence", + "type": "github" + } + }, + "my-lib": { + "inputs": { + "colmena": "colmena", + "disko": "disko", + "flake-parts": "flake-parts", + "nixos-anywhere": "nixos-anywhere", + "nixpkgs": "nixpkgs_4" + }, + "locked": { + "lastModified": 1, + "narHash": "sha256-wwpT+I5/zrln85BDzlZoEDC19GwYrcZSXbrJjyvC4jk=", + "path": "../../flakes/lib", + "type": "path" + }, + "original": { + "path": "../../flakes/lib", + "type": "path" + } + }, + "mypackages": { + "inputs": { + "flake-parts": "flake-parts_2", + "nixpkgs": "nixpkgs_7", + "webapps-ttrss": "webapps-ttrss" + }, + "locked": { + "lastModified": 1, + "narHash": "sha256-C0plEL+g6kv5fo/VmTjMJK45RfFcGufqPKJVnviMyGY=", + "path": "../../mypackages", + "type": "path" + }, + "original": { + "path": "../../mypackages", + "type": "path" + } + }, + "myuids": { + "locked": { + "lastModified": 1, + "narHash": "sha256-HkW9YCLQCNBX3Em7J7MjraVEZO3I3PizkVV2QrUdULQ=", + "path": "../../myuids", + "type": "path" + }, + "original": { + "path": "../../myuids", + "type": "path" + } + }, + "nixos-2305": { + "locked": { + "lastModified": 1687938137, + "narHash": "sha256-Z00c0Pk3aE1aw9x44lVcqHmvx+oX7dxCXCvKcUuE150=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ba2ded3227a2992f2040fad4ba6f218a701884a5", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixos-anywhere": { + "inputs": { + "disko": [ + "my-lib", + "disko" + ], + "flake-parts": [ + "my-lib", + "flake-parts" + ], + "nixos-2305": "nixos-2305", + "nixos-images": "nixos-images", + "nixpkgs": "nixpkgs_3", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1689945193, + "narHash": "sha256-+GPRt7ouE84A7GPNKnFYGU0cQL7skKxz0BAY0sUjUmw=", + "owner": "numtide", + "repo": "nixos-anywhere", + "rev": "27161266077a177ac116e2cb72cc70af5f145189", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "nixos-anywhere", + "type": "github" + } + }, + "nixos-images": { + "inputs": { + "nixos-2305": [ + "my-lib", + "nixos-anywhere", + "nixos-2305" + ], + "nixos-unstable": [ + "my-lib", + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1686819168, + "narHash": "sha256-IbRVStbKoMC2fUX6TxNO82KgpVfI8LL4Cq0bTgdYhnY=", + "owner": "nix-community", + "repo": "nixos-images", + "rev": "ccc1a2c08ce2fc38bcece85d2a6e7bf17bac9e37", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-images", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1683408522, + "narHash": "sha256-9kcPh6Uxo17a3kK3XCHhcWiV1Yu1kYj22RHiymUhMkU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "897876e4c484f1e8f92009fd11b7d988a121a4e7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "dir": "lib", + "lastModified": 1685564631, + "narHash": "sha256-8ywr3AkblY4++3lIVxmrWZFzac7+f32ZEhH/A8pNscI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4f53efe34b3a8877ac923b9350c874e3dcd5dc0a", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib_2": { + "locked": { + "dir": "lib", + "lastModified": 1675183161, + "narHash": "sha256-Zq8sNgAxDckpn7tJo7V1afRSk2eoVbu3OjI1QklGLNg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e1e1b192c1a5aab2960bf0a0bd53a2e8124fa18e", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1687701825, + "narHash": "sha256-aMC9hqsf+4tJL7aJWSdEUurW2TsjxtDcJBwM9Y4FIYM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "07059ee2fa34f1598758839b9af87eae7f7ae6ea", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1687893427, + "narHash": "sha256-jJHj0Lxpvov1IPYQK441oLAKxxemHm16U9jf60bXAFU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "4b14ab2a916508442e685089672681dff46805be", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1648725829, + "narHash": "sha256-tXEzI38lLrzW2qCAIs0UAatE2xcsTsoKWaaXqAcF1NI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "72152ff5ad470ed1a5b97c0ba2737938c136c994", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1693158576, + "narHash": "sha256-aRTTXkYvhXosGx535iAFUaoFboUrZSYb1Ooih/auGp0=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "a999c1cc0c9eb2095729d5aa03e0d8f7ed256780", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1687502512, + "narHash": "sha256-dBL/01TayOSZYxtY4cMXuNCBk8UMLoqRZA+94xiFpJA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3ae20aa58a6c0d1ca95c9b11f59a2d12eebc511f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_7": { + "locked": { + "lastModified": 1646497237, + "narHash": "sha256-Ccpot1h/rV8MgcngDp5OrdmLTMaUTbStZTR5/sI7zW0=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "062a0c5437b68f950b081bbfc8a699d57a4ee026", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "rev": "062a0c5437b68f950b081bbfc8a699d57a4ee026", + "type": "github" + } + }, + "private-environment": { + "locked": { + "lastModified": 1, + "narHash": "sha256-rMKbM7fHqWQbI7y59BsPG8KwoDj2jyrvN2niPWB24uE=", + "path": "../../flakes/private/environment", + "type": "path" + }, + "original": { + "path": "../../flakes/private/environment", + "type": "path" + } + }, + "private-system": { + "inputs": { + "backports": "backports", + "environment": "environment", + "mypackages": "mypackages", + "myuids": "myuids", + "secrets-public": "secrets-public" + }, + "locked": { + "lastModified": 1, + "narHash": "sha256-vOs7fcQVsOSl/gsyzFXfsWE7u0/O9mIKpHnwDwHxJTQ=", + "path": "../../flakes/private/system", + "type": "path" + }, + "original": { + "path": "../../flakes/private/system", + "type": "path" + } + }, + "public-secrets": { + "locked": { + "lastModified": 1, + "narHash": "sha256-5AakznhrJFmwCD7lr4JEh55MtdAJL6WA/YuBks6ISSE=", + "path": "../../flakes/secrets", + "type": "path" + }, + "original": { + "path": "../../flakes/secrets", + "type": "path" + } + }, + "root": { + "inputs": { + "impermanence": "impermanence", + "my-lib": "my-lib", + "nixpkgs": "nixpkgs_5", + "private-environment": "private-environment", + "private-system": "private-system", + "public-secrets": "public-secrets" + } + }, + "secrets-public": { + "locked": { + "lastModified": 1, + "narHash": "sha256-5AakznhrJFmwCD7lr4JEh55MtdAJL6WA/YuBks6ISSE=", + "path": "../../secrets", + "type": "path" + }, + "original": { + "path": "../../secrets", + "type": "path" + } + }, + "stable": { + "locked": { + "lastModified": 1669735802, + "narHash": "sha256-qtG/o/i5ZWZLmXw108N2aPiVsxOcidpHJYNkT45ry9Q=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "731cc710aeebecbf45a258e977e8b68350549522", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-22.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "my-lib", + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1687940979, + "narHash": "sha256-D4ZFkgIG2s9Fyi78T3fVG9mqMD+/UnFDB62jS4gjZKY=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "0a4f06c27610a99080b69433873885df82003aae", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "webapps-ttrss": { + "flake": false, + "locked": { + "lastModified": 1546759381, + "narHash": "sha256-urjf4EoLWS7G0s0hRtaErrs2B8DUatNK/eoneuB0anY=", + "ref": "master", + "rev": "986ca251f995f7754a0470d3e0c44538a545081f", + "revCount": 9256, + "type": "git", + "url": "https://git.tt-rss.org/fox/tt-rss.git" + }, + "original": { + "ref": "master", + "rev": "986ca251f995f7754a0470d3e0c44538a545081f", + "type": "git", + "url": "https://git.tt-rss.org/fox/tt-rss.git" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/systems/zoldene/flake.nix b/systems/zoldene/flake.nix new file mode 100644 index 0000000..42466e8 --- /dev/null +++ b/systems/zoldene/flake.nix @@ -0,0 +1,29 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + impermanence.url = "github:nix-community/impermanence/master"; + my-lib.url = "path:../../flakes/lib"; + public-secrets.url = "path:../../flakes/secrets"; + private-environment.url = "path:../../flakes/private/environment"; + private-system.url = "path:../../flakes/private/system"; + }; + outputs = inputs@{ self, nixpkgs, my-lib, ... }: + my-lib.lib.mkColmenaFlake { + name = "zoldene"; + inherit self nixpkgs; + system = "x86_64-linux"; + targetHost = "88.198.39.152"; + targetUser = "root"; + nixosModules = with inputs; { + impermanence = impermanence.nixosModule; + base = ./base.nix; + disko = ./disko.nix; + logging = ./logging.nix; + + secrets = public-secrets.nixosModule; + + environment = private-environment.nixosModule; + system = private-system.nixosModule; + }; + }; +} diff --git a/systems/zoldene/logging.nix b/systems/zoldene/logging.nix new file mode 100644 index 0000000..09ee104 --- /dev/null +++ b/systems/zoldene/logging.nix @@ -0,0 +1,138 @@ +{ config, pkgs, name, ... }: +# Initialization +# CREATE INDEX ON LOGS (tag); +# CREATE INDEX ON LOGS (time); +# CREATE INDEX ON LOGS (((data->>'PRIORITY')::int)); +# CREATE INDEX ON LOGS ((data->>'_SYSTEMD_UNIT')); +# CREATE INDEX ON LOGS ((data->>'SYSLOG_IDENTIFIER')); +let + fluent-bit-config = { + pipeline = { + inputs = [ + { + name = "systemd"; + tag = "${name}.systemd"; + DB = "/var/lib/fluentbit/fluent-bit.db"; + } + ]; + outputs = [ + { + name = "loki"; + match = "${name}.systemd"; + line_format = "json"; + labels = "job=fluentbit, server=${name}, priority=$PRIORITY, syslog_identifier=$SYSLOG_IDENTIFIER, systemd_unit=$_SYSTEMD_UNIT"; + } + { + name = "pgsql"; + match = "*"; + host = "/run/postgresql"; + user = "fluentbit"; + table = "logs"; + database = "fluentbit"; + timestamp_key = "event_timestamp"; + } + ]; + }; + }; + yamlFormat = pkgs.formats.yaml {}; + psqlVersion = pkgs.postgresql_13.psqlSchema; +in +{ + disko.devices.zpool.zfast.datasets."root/persist/var/lib/loki" = + { type = "zfs_fs"; mountpoint = "/persist/zfast/var/lib/loki"; options.mountpoint = "legacy"; }; + disko.devices.zpool.zfast.datasets."root/persist/var/lib/fluentbit" = + { type = "zfs_fs"; mountpoint = "/persist/zfast/var/lib/fluentbit"; options.mountpoint = "legacy"; }; + disko.devices.zpool.zfast.datasets."root/persist/var/lib/postgresql" = + { type = "zfs_fs"; mountpoint = "/persist/zfast/var/lib/postgresql"; options.mountpoint = "legacy"; }; + disko.devices.zpool.zfast.datasets."root/persist/var/lib/postgresql/${psqlVersion}" = + { type = "zfs_fs"; mountpoint = "/persist/zfast/var/lib/postgresql/${psqlVersion}"; options.mountpoint = "legacy"; }; + environment.persistence."/persist/zfast".directories = [ + { + directory = "/var/lib/postgresql"; + user = config.users.users.postgres.name; + group = config.users.users.postgres.group; + mode = "0755"; + } + { + directory = "/var/lib/fluentbit"; + user = config.users.users.fluentbit.name; + group = config.users.users.fluentbit.group; + mode = "0755"; + } + { + directory = "/var/lib/loki"; + user = config.users.users.loki.name; + group = config.users.users.loki.group; + mode = "0755"; + } + ]; + + ids.uids.fluentbit = 500; + ids.gids.fluentbit = 500; + users.users.fluentbit = { + name = "fluentbit"; + home = "/var/lib/fluentbit"; + uid = config.ids.uids.fluentbit; + group = "fluentbit"; + isSystemUser = true; + extraGroups = [ "systemd-journal" ]; + }; + users.groups.fluentbit.gid = config.ids.gids.fluentbit; + + services.loki = { + enable = true; + configuration = { + auth_enabled = false; + common = { + ring.kvstore.store = "inmemory"; + ring.instance_addr = "127.0.0.1"; + replication_factor = 1; + path_prefix = "/var/lib/loki"; + }; + server.log_level = "warn"; + limits_config = { + reject_old_samples = false; + ingestion_rate_mb = 100; + ingestion_burst_size_mb = 200; + per_stream_rate_limit = "100MB"; + per_stream_rate_limit_burst = "200MB"; + }; + + schema_config.configs = [ + { + from = "2020-10-24"; + store = "boltdb-shipper"; + object_store = "filesystem"; + schema = "v11"; + index.prefix = "index_"; + index.period = "24h"; + } + ]; + }; + }; + services.postgresql = { + enable = true; + package = pkgs.postgresql_13; + ensureDatabases = [ "fluentbit" ]; + ensureUsers = [ + { + name = "fluentbit"; + ensurePermissions."DATABASE \"fluentbit\"" = "ALL PRIVILEGES"; + } + ]; + }; + + environment.systemPackages = [ + pkgs.fluent-bit + ]; + systemd.services.fluent-bit = { + description = "Fluent-bit daemon"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${pkgs.fluent-bit}/bin/fluent-bit -c ${yamlFormat.generate "fluent.yaml" fluent-bit-config}"; + User = "fluentbit"; + Group = "fluentbit"; + SupplementaryGroups = [ "systemd-journal" ]; + }; + }; +} -- cgit v1.2.3