jana/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

initial setup

Browse source
This commit is contained in:
Jana Dönszelmann 2025-06-27 22:44:26 +02:00
commit b27835f9b7
No known key found for this signature in database
26 changed files with 964 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.direnv/flake-profile Symbolic link
View file

@ -0,0 +1 @@
flake-profile-9-link

1
.direnv/flake-profile-9-link Symbolic link
View file

@ -0,0 +1 @@
/nix/store/k88yspmzczh2hz8assh7447skldwjdw7-nix-shell-env

1
.envrc Normal file
View file

@ -0,0 +1 @@
use flake . --show-trace

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
secret/

134
default-machine-config.nix Normal file
View file

@ -0,0 +1,134 @@
{
lib,
pkgs,
...
}:
{
imports = [
# ./cli-programs
# inputs.home-manager.nixosModules.home-manager
];
system.stateVersion = "25.05";
services.resolved.enable = false;
# Enable SSH
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = lib.mkDefault false;
PermitRootLogin = lib.mkDefault "no";
};
};
networking.firewall.allowedTCPPorts = [ 22 ];
# Setup packages available everywhere
environment.systemPackages = with pkgs; [
fzf
git
htop
ncdu
psmisc
ripgrep
rsync
tmux
zoxide
tmux
direnv
atuin
rcon
lix
];
# Set up direnv
programs.direnv = {
package = pkgs.direnv;
silent = false;
loadInNixShell = true;
direnvrcExtra = "";
nix-direnv = {
enable = true;
package = pkgs.nix-direnv;
};
};
# Install Neovim and set it as alias for vi(m)
programs.neovim = {
enable = true;
viAlias = true;
vimAlias = true;
defaultEditor = true;
};
# Disable sudo prompt for `wheel` users.
security.sudo.wheelNeedsPassword = lib.mkDefault false;
# Configure the root account
users.extraUsers.root = {
# Allow my SSH keys for logging in as root. TODO: find from users list
# openssh.authorizedKeys.keys = ;
# Also use zsh for root
shell = pkgs.zsh;
};
programs.zsh.enable = true;
programs.fish.enable = true;
services.qemuGuest.enable = true;
# Clean /tmp on boot.
boot.tmp.cleanOnBoot = true;
# Set your time zone.
time.timeZone = lib.mkDefault "Europe/Amsterdam";
systemd.oomd = {
enableRootSlice = true;
# enableUserServices = true;
enableUserSlices = true;
};
# Limit the systemd journal to 100 MB of disk or the
# last 7 days of logs, whichever happens first.
services.journald.extraConfig = ''
SystemMaxUse=100M
MaxFileSec=7day
'';
nix = {
package = pkgs.lix;
settings = {
auto-optimise-store = true;
};
optimise = {
automatic = true;
dates = [ "weekly" ];
};
gc = {
automatic = true;
dates = "weekly";
randomizedDelaySec = "3h";
options = "--delete-older-than 7d";
};
extraOptions = ''
experimental-features = nix-command flakes
'';
};
# Debloat
documentation = {
enable = lib.mkForce false;
doc.enable = lib.mkForce false;
man.enable = lib.mkForce false;
info.enable = lib.mkForce false;
nixos.enable = lib.mkForce false;
};
# home-manager = {
# useGlobalPkgs = true;
# useUserPackages = true;
# verbose = true;
# extraSpecialArgs = { inherit inputs; };
# };
}

37
fili/configuration.nix Normal file
View file

@ -0,0 +1,37 @@
_: {
imports = [
./hardware-configuration.nix
./storage.nix
./networking.nix
./services
];
networking.nameservers = [
"1.1.1.1"
"9.9.9.9"
];
networking = {
hostName = "fili";
};
nix.settings = {
# users that can interact with nix
trusted-users = [
"jana"
"root"
];
};
boot.initrd = {
supportedFilesystems = [ "nfs" ];
kernelModules = [ "nfs" ];
};
# use systemd-boot as bootloader
boot.loader.systemd-boot.enable = true;
# secrets
sops.age.keyFile = "/sops/sops-key.txt";
sops.defaultSopsFormat = "dotenv";
}

49
fili/hardware-configuration.nix Normal file
View file

@ -0,0 +1,49 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/ccc13e67-82d6-4dd1-b627-8eed8d28a200";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/2BF5-CEBD";
fsType = "vfat";
};
swapDevices = [ { device = "/dev/disk/by-uuid/eb6ee273-11d1-4f11-8230-45be75fe036f"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

12
fili/networking.nix Normal file
View file

@ -0,0 +1,12 @@
_: {
networking.useDHCP = false;
networking.interfaces.ens18.ipv4.addresses = [
{
address = "192.168.178.59";
prefixLength = 24;
}
];
networking.defaultGateway = "192.168.178.1";
networking.nameservers = [ "8.8.8.8" ];
networking.networkmanager.enable = true;
}

71
fili/services/databases.nix Normal file
View file

@ -0,0 +1,71 @@
{ pkgs, ... }:
{
services.postgresql = rec {
package = pkgs.postgresql_15;
enable = true;
enableTCPIP = true;
authentication = pkgs.lib.mkOverride 10 ''
# allow local logins
local all all trust
# loopback (v4/v6)
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
# and from podman
host all all 10.88.0.0/16 trust
# and from vms
host all all 10.0.0.0/24 trust
# and the local network
host all all 192.168.0.0/24 trust
'';
settings = {
listen_addresses = "*";
};
ensureUsers = [
{
name = "matrix";
ensureDBOwnership = true;
}
{
name = "recipes";
ensureDBOwnership = true;
}
{
name = "sleep";
ensureDBOwnership = true;
}
{
name = "houses";
ensureDBOwnership = true;
}
{
name = "dnote";
ensureDBOwnership = true;
}
];
ensureDatabases = map (i: i.name) ensureUsers;
};
services.mysql = {
enable = true;
package = pkgs.mariadb;
settings = {
mysqld = {
bind-address = "0.0.0.0";
};
};
};
networking = {
firewall.allowedTCPPorts = [
# postgres
5432
# mariadb
3306
];
};
}

7
fili/services/default.nix Normal file
View file

@ -0,0 +1,7 @@
_: {
imports = [
./nginx.nix
./databases.nix
./media
];
}

74
fili/services/matrix-synapse.nix Normal file
View file

@ -0,0 +1,74 @@
_:
let
server_name = "jdonszelmann.nl";
port = 11001;
in {
services.nginx.virtualHosts.${server_name} = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://[::1]:${port}";
proxyWebsockets = true;
};
};
services.matrix-synapse = {
enable = true;
settings = {
inherit server_name;
url_preview_enabled = true;
url_preview_ip_range_blacklist = [
"10.0.0.0/8"
"100.64.0.0/10"
"127.0.0.0/8"
"169.254.0.0/16"
"172.16.0.0/12"
"192.0.0.0/24"
"192.0.2.0/24"
"192.168.0.0/16"
"192.88.99.0/24"
"198.18.0.0/15"
"198.51.100.0/24"
"2001:db8::/32"
"203.0.113.0/24"
"224.0.0.0/4"
"::1/128"
"fc00::/7"
"fe80::/10"
"fec0::/10"
"ff00::/8"
];
};
extras = [
"url-preview"
];
settings.listeners = [
{
inherit port;
bind_addresses = [ "::1" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [
"client"
"federation"
];
compress = true;
}
];
}
];
settings.database = {
name = "psycopg2";
args = {
database = "matrix";
user = "matrix";
};
};
};
}

1
fili/services/media/default.nix Normal file
View file

@ -0,0 +1 @@
_: { }

23
fili/services/nginx.nix Normal file
View file

@ -0,0 +1,23 @@
_: {
services.nginx = {
enable = true;
statusPage = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
clientMaxBodySize = "499m";
logError = "stderr debug";
};
networking.firewall.allowedTCPPorts = [
79
442
];
security.acme.defaults.email = "jana@donsz.nl";
security.acme.acceptTerms = true;
security.acme.preliminarySelfsigned = true;
}

51
fili/storage.nix Normal file
View file

@ -0,0 +1,51 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:
let
directory = "/storage";
storage = "${directory}/storage";
in
{
boot.swraid.enable = true;
boot.swraid.mdadmConf = ''
ARRAY /dev/md0 metadata=1.2 name=fili:0 UUID=0796fee2:0d9f2908:24af61b0:1250fa0e
'';
# todo: email notifications (through PROGRAM)
fileSystems.storage = {
mountPoint = "${storage}";
device = "/dev/md0";
fsType = "btrfs";
options = [
"compress=zstd"
];
};
# for vpn in containers
fileSystems."/tmp/net_cls" = {
device = "net_cls";
fsType = "cgroup";
options = [ "net_cls" ];
};
# don't allow execute permissions for "other" people
# (not root user and not in storage group)
# to effectively disallow people outside the storage group
# to access /storage
systemd.tmpfiles.rules = [
"d ${directory} 0777 root ${config.users.groups.storage.name}"
];
users.groups.storage = {
name = "storage";
members = [ config.users.users.jana.name ];
};
networking.firewall.allowedTCPPorts = [
2049
];
}

220
flake.lock generated Normal file
View file

@ -0,0 +1,220 @@
{
"nodes": {
"colmena": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs",
"stable": "stable"
},
"locked": {
"lastModified": 1749739748,
"narHash": "sha256-csQQPoCA5iv+Nd9yCOCQNKflP7qUKEe7D27wsz+LPKM=",
"owner": "zhaofengli",
"repo": "colmena",
"rev": "c61641b156dfa3e82fc0671e77fccf7d7ccfaa3b",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"repo": "colmena",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"colmena",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729742964,
"narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1746461020,
"narHash": "sha256-7+pG1I9jvxNlmln4YgnlW4o+w0TZX24k688mibiFDUE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3730d8a308f94996a9ba7c7138ede69c1b9ac4ae",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1703950681,
"narHash": "sha256-veU5bE4eLOmi7aOzhE7LfZXcSOONRMay0BKv01WHojo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0aad9113182747452dbfc68b93c86e168811fa6c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1751104741,
"narHash": "sha256-xPlVbk6WlgTzDvWFRyzvXMdh/ZFLEOTCQik18wg5AFQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e6117712d8b930e3aa8cf77b4816a3f0a88b3637",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1703499205,
"narHash": "sha256-lF9rK5mSUfIZJgZxC3ge40tp1gmyyOXZ+lRY3P8bfbg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e1fa12d4f6c6fe19ccb59cac54b5b3f25e160870",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"colmena": "colmena",
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_2",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_3",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1704122840,
"narHash": "sha256-K+ubwROTgvoMzBe6h/JExJTdDSrX3gWNHX2XNOsybB0=",
"owner": "jdonszelmann",
"repo": "sops-nix",
"rev": "162696bebe125a43aaaf6a249aea16fab6925762",
"type": "github"
},
"original": {
"owner": "jdonszelmann",
"repo": "sops-nix",
"type": "github"
}
},
"stable": {
"locked": {
"lastModified": 1746557022,
"narHash": "sha256-QkNoyEf6TbaTW5UZYX0OkwIJ/ZMeKSSoOMnSDPQuol0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1d3aeb5a193b9ff13f63f4d9cc169fb88129f860",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

81
flake.nix Normal file
View file

@ -0,0 +1,81 @@
{
description = "jana's server infrastructure";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/release-25.05";
colmena.url = "github:zhaofengli/colmena";
flake-utils.url = "github:numtide/flake-utils";
sops-nix.url = "github:jdonszelmann/sops-nix";
};
outputs =
{
self,
nixpkgs,
colmena,
flake-utils,
sops-nix,
...
}:
let
pkgsForSystem =
system:
import nixpkgs {
inherit system;
# config.allowUnfree = true;
overlays = [ ];
};
in
{
colmenaHive = colmena.lib.makeHive self.outputs.colmena;
colmena = {
meta = {
nixpkgs = pkgsForSystem "x86_64-linux";
};
fili = {
deployment = {
targetHost = "donsz.nl";
targetPort = 22;
replaceUnknownProfiles = false;
tags = [ "server" ];
# buildOnTarget = true;
targetUser = "jana";
};
imports = [
./fili/configuration.nix
./users/users.nix
./default-machine-config.nix
sops-nix.nixosModules.sops
];
};
};
}
// flake-utils.lib.eachDefaultSystem (
system:
let
pkgs = pkgsForSystem system;
in
{
devShells.default = pkgs.mkShell {
buildInputs = with pkgs; [
lix
colmena.packages.${system}.colmena
(pkgs.writeShellScriptBin "apply" ''
colmena apply --no-substitute
'')
];
shellHook = "exec $NIX_BUILD_SHELL";
};
formatter = pkgs.nixfmt-rfc-style;
}
);
nixConfig = {
extra-substituters = [ "https://jana.cachix.org" ];
extra-trusted-public-keys = [
"jana.cachix.org-1:LN0lzHx7QH1RBoDn3+psi4HOEAXW3EqRa/u0ncQ1XBE="
];
};
}

8
secrets/authentik.env Normal file
View file

@ -0,0 +1,8 @@
AUTHENTIK_SECRET_KEY=ENC[AES256_GCM,data:Iml9MKD/GVvsLJLEdkOPH2U+JENsaAvhlk4FT2cyFxlbaCAET2ipCD/GDx4=,iv:okpZlEnrFoXlS+6J11vB+z576pOshO9Tao9rlsDTkoY=,tag:3N3pVuIhPz4I42yt5tMX9g==,type:str]
AUTHENTIK_EMAIL__PASSWORD=ENC[AES256_GCM,data:m7r1IMvitkWEF5ngcAP8xY65anGq,iv:6vdnm8QXrNabTOLePwdMVSYvtcjmJUwRb6inbKxKii0=,tag:IOiSSQHltejNETUHuWvHgQ==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiYkJWNmhXM0FVWEUxQUhZ\nZnBDMnhQV2x0V3RrU292b241eW9pVXE0Tmo0CnUzVDVPbmVSdDlJWEpFTnhuRWtZ\ndW9OT3dVenlMbmYrQUpjcUt6RlJDcVUKLS0tIElQWkpUSVhkalVxYVM1TWRmUmNQ\nK1JTVmFMS21OeGlndWJSK0FLeHVZeFEKWX8mTFaauqBolk0nAkUcv+b/6rKA8Qzp\nhF16OnjtkjSDQw6Y5zNvahOXNgQudrGRZqudSC7RwvTEQ55Ci/JMFg==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1ygkcl4ss92z5ptzt3w5g4n98qx2c4kagyssm96m5z4c7t299c5wszjchxw
sops_lastmodified=2024-11-16T15:46:29Z
sops_mac=ENC[AES256_GCM,data:KQeVdOC2nrB+ZrLhSolLIkympnSgHRO+uF1Ku4PG3GU07hHhlyOe4UEfU8+zm8ETgwf66u1yWv9b2O4J5l//KqBR6fWJyu4htDSYBfcLT69E2IrtfyWgTbjRWcXcLCXx5XT3OmNr7EcjkzoeW8fPFmTAjTjMPzddD0uqOoJAeJ8=,iv:E4hiyBiffBWqdDjeNCMrWP1YQjEeGkHJhGTCdmlJ52k=,tag:GdEX74HgCVyp0gFHPhi18g==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.9.1

21
secrets/deluge.yaml Normal file
View file

@ -0,0 +1,21 @@
deluge: ENC[AES256_GCM,data:/w9plpppO+CjKy+WhjfxQZfCWgVU5+zfl2HgUMqNcGG4Rjik,iv:qGlxtKgmwvVnNw4E8lZnZbkI4NZ9nQaFQNrp3xaXI8k=,tag:JLaNuxYTNnIgthSBXkyRVw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1ygkcl4ss92z5ptzt3w5g4n98qx2c4kagyssm96m5z4c7t299c5wszjchxw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0VWhtSjNFVVhMWFlqV0U3
Z3R4bkd1eHpFaXBTWjh0RENKaEdCa0UzL0dZCnNPSExXeGxQdGR2d1I3Vk1FdVdT
WnFkQnZtWGpOVVpOMGlWMDVGMXJXYlkKLS0tIEdpdVNhaVlaYW1ZU081NS84TlFS
Q0JwVDJGbzNlc2o0R1VTeG80bEpLV2sKe6fwXt7P0/zxbZucu4L61iAht/Xj1V82
UR7Qc7SmX6sAFD5JOh9SaFY19UGl0l1gQ3LYR34w3KABirSqC4BIrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-27T07:52:50Z"
mac: ENC[AES256_GCM,data:s9QaVqCAD4Jqatr0cahB2DSDQaaDCnJIFrC9AsWLlkrXZbnrnzCn77WOaBpOTttAAzamY5zWqYIFHtc1LRRJvg+IOD6fRc2zCLOR7DsQH+7EzNjCFVfH85e0QrDqoD0OhBAqDtZb1O7lS8i62J5PyXgIpcuD+NJMqX80FYu5Kxw=,iv:2ATaeguyBEvYnd+xJ4kV02K0sPZngHhCDqest8aH75U=,tag:mgtq8b+2TRdhF/2itumbwQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

8
secrets/houses.env Normal file
View file

@ -0,0 +1,8 @@
EMAIL_PSWD=ENC[AES256_GCM,data:Msh1GU/+/dLhFPcUdjoSuGTNIfrf,iv:q/e6bGIuSqLZhQ9jrcNPZz5Dx24ftubq37mp5Y0aflI=,tag:Uqw06eOXoRWOGHMnmWr8UQ==,type:str]
EMAIL_ADDR=ENC[AES256_GCM,data:1Beva3P2R5DZQlwXo70YOkrAsQ==,iv:kg9jr2/HAK6C6d2LBFqpPstMjZ6h4MWW6QD0CXgnsqA=,tag:Rb1/TMWQYzKaBQPe5zIBqA==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJNVRWcjQ2QmxudmdSUzlP\nLzcwSXBib3dQblZSSFFNclMzYlpZdDVmb21vCmJTNjluRC9pV0h2ckpzaUJNcnhV\nZWhrOHVmUHc5cmJpRHYwOWp5TWJlQzgKLS0tIFd3WUw4YUVsZkRHeVR2SkN3dGVB\nZncvU2J4akN6Zlg3TUxYbTdmZ1FZSlEKMXuc+Xwr160bz+uraiwM1pNYpnws27zD\ngEClwqCGUrzcfogleYifnFT324ibk72IdEp95yPKuB9fTP9lYEtt9w==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1ygkcl4ss92z5ptzt3w5g4n98qx2c4kagyssm96m5z4c7t299c5wszjchxw
sops_lastmodified=2024-11-15T21:58:51Z
sops_mac=ENC[AES256_GCM,data:8Gbu85+JPbHtCJpFsterCWYeDjBRlkydsNAiDm31W17xXHeExXcHB8q57lK/KeNuEfeaMLBIEh7J0wII+Y3LHJmZq4ErZgw/NRm8SGIrPqRtQRA9rIPiAklZEwmcgizEGvAuDMmfdNCGln8CRXLnkkeLqtmK0zqRYnahhL03yxE=,iv:JRF71fqSU02DNiXXq9SIJmNXMjGd+323a/72f6XYUjQ=,tag:7nx6W+HhoBDHhdCm3+0eqw==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.9.1

7
secrets/mapf-prod.env Normal file
View file

@ -0,0 +1,7 @@
MAPF_SECRET: rZGeBaShgtOYxy/8sKwWyTGlFABkAbJ+QcRpr5Vwc1oJddwjye5U2A=ENC[AES256_GCM,data:Xg==,iv:k+gFdGIIcT8y9Qh+pe1BLki+1w5vm+AXDzXRjXyKRgg=,tag:5h9+IDMQ4jpXlMZrc23MoQ==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpcDhRSXcwSVBoSmVpcW1P\ndGNoSHRMK29jekVIYzR4N1dVclMrVWROd2hjCjNVRWRGTmFTbHNLTytTUGoxSG52\nR3YxS0FqWHk3WFc5cHRSQTNkRWs4Tk0KLS0tIDJ1TkVFY1Q4L1B0YkNhQk9FRlUv\nOUV2aFgwT0t2R3lhRFpJYmptc2RuaTgKzXKb1lXfIYYt0ufluK6KGeKEYaTzg6Zr\n7CYjLaEFTiOcSyjx3ns1v4KvfPkugRX4OHK1vU18WJLUw6dxuOEx9w==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1ygkcl4ss92z5ptzt3w5g4n98qx2c4kagyssm96m5z4c7t299c5wszjchxw
sops_lastmodified=2024-07-20T13:00:34Z
sops_mac=ENC[AES256_GCM,data:InU5BymJGWK+rORfpsW7NnpAspdLHUQvBpFdPbZLE+m8RTLW+f1VE27MOtdTOGKPc5X5yM1YNcHodiiJ4D+L6fG9cHM6dhjmVBWQCVsg5/RiH1V746NSACgdHnY15cUndMjX5ETNr+Ap1VW83SzOUSzpGrd9G/Yczt4yhWb1bGw=,iv:bC8wR+iLQSgGhJHC7Ny60oh+PKFPuH9PklrYyUyzTgY=,tag:UfvIO7p1fufSRyoCktESoA==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.8.1

9
secrets/markdown.env Normal file
View file

@ -0,0 +1,9 @@
MINIO_ACCESS_KEY=ENC[AES256_GCM,data:ocRHyEiRDLwlu6QUN0t6CIhC,iv:pEjcEeIGOrQZ6cfrsPNgOAUVo6id5uoUm80QCkBWlBo=,tag:dBbWBk1gM9fklQnWFOxFng==,type:str]
MINIO_SECRET_KEY=ENC[AES256_GCM,data:TmIoWFU6KXcou/PX57jHXndtDwWuAWNWzSfXSezUuJ+d+A==,iv:MaMoFlIJw42B3ivZuVScpszgyUAH8RJ4umIrdO8jsew=,tag:Le5+9AhdresYVhM/NY37zQ==,type:str]
SESSION_SECRET=ENC[AES256_GCM,data:KghcYAqFAAau+1h6D9Pyinf4qY0W9FDJid/8VJDBW9uHdyo4QBUJNbB1m7r3Dh9MH4kBfVjwagBAADaYEYLTbKzOSrNGRrdp7+UQhmYH0sQn6Ja4V1VnzMyunLPHojU+apsyvy3dgzLPl5MZ2kfn4NFKX/6RhnbVqOO5ybx60k76rw==,iv:STjAYh/DcX8JUjnPHtEFbL2/2JwC/N0w3wFaDIkUybg=,tag:s9EbeDSkyfCsCyp9OlSO6w==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrb1BDZ1N6U29LVUxmOXBz\nMVNGdTcyZGdrREtwYnZiUDRBUEtkNWtrbEdNCjEvQTdBKy9wbUEzRnJ1Uk9neDhq\nT0ZNWk5tTHRUTDJOTFRiVHNXUnlqUmcKLS0tIEVoQS9pQTZ6eHdKTjRaZFhjSVNY\nNXBWbHpHN1I4UWdNNXpqQkE0YWJ0UHcK0ssbcZUWntiHse1ZkqJwQ4+ta4V2Yk0o\nzJCEClYzuJHPZzdLRMxzgRMYOib8J+oDFrQxG69eE+8x7zzzQdZf0w==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1ygkcl4ss92z5ptzt3w5g4n98qx2c4kagyssm96m5z4c7t299c5wszjchxw
sops_lastmodified=2024-01-01T15:11:06Z
sops_mac=ENC[AES256_GCM,data:dx1lF7o8cThBDgcnEt4s7KrIv3qQGRww6aIdQ8chAeFFjC7Wfdfsjz+gLn4R/vEzBSRPfly/W4tPbNE6B89st13vCSuIBMLMa8F3JKzmcAarvFmGuRDGnfV+EAHJECviEa/DOBXbg1W4t33dTqont8ZOYD9PtsK7e55yaCPOg2Q=,iv:rCLbIxYS19DXK2QIlYQgwqo+LxaXX6+ZfPm3+Ucl/9Q=,tag:a0lnwcLjSbQ4QV3566osIQ==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.8.1

8
secrets/minio.env Normal file
View file

@ -0,0 +1,8 @@
MINIO_ROOT_PASSWORD=ENC[AES256_GCM,data:xo1XpBya+c+0/isGS4Y7dDzpCMQSgdqDniI79YwsC6bk,iv:SE6ueqs3slZqfw1FMwIeOlTWW1c9AEA1rNgElmnmny8=,tag:NPrTkhPlIWkUleQH8rv8Rg==,type:str]
MINIO_ROOT_USER=ENC[AES256_GCM,data:SLD7qLdp9Qw=,iv:nyoJMkFpYCMrENkNWCPtKeSr3VuzJsDAEX1MCcSXSes=,tag:El3t0wLar3GbSTW+ha8lFQ==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2dWhsWEpwUnpwVVNBL2ZS\nbjhUc1h1MXd4YUdYRlg4L3liaE5VRG9GTUZNCjcxMUkveDBtZ1BFMDQ4RURpdFpH\nbjZENFE2OHVDWU1tY2doM1RqcHNtZWcKLS0tIGE1QnZUTWNzTWpXSmU4OThFZVFE\nL0NlVjZwT09XRDdGUnhpZ2VCaVZhNmMKs+v6IrYTbhqZzYcrHwGqHmYsHqQyJAcg\nrplBAzyY8pSPnwDrJnvZpgHJwZFq/UUoVRgLktWomdiWIgC+USysiw==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1ygkcl4ss92z5ptzt3w5g4n98qx2c4kagyssm96m5z4c7t299c5wszjchxw
sops_lastmodified=2024-01-01T15:13:59Z
sops_mac=ENC[AES256_GCM,data:XcT4SHTC+divZHUccpjUu1F8zEeL3Du0IGZqb3Plz/lQC4yFuqZpFs8MAmiFhbw+8PO0w1ESFV33roMIDp1ZSrReUp+Pd8wtqDd3PS087l+yuOExISY0566BR141cujYUw83WO63KNyJf3n35aoFtTUAOZ7ZDPtHG4BVuSXSifM=,iv:q6tCSwsA1dzX11Ml6kwrpVt8JFyRyx3diJqn57eFeCE=,tag:SlMAvzcgBhhGAX1DZrNSSw==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.8.1

21
secrets/mullvad.yaml Normal file
View file

@ -0,0 +1,21 @@
mullvad: ENC[AES256_GCM,data:ZzLVUyH32OnyMx5K36PVw4KxL0hMjEco4f88FhRqooaxJMuPhbfth16sgCGhkn9/fv2IE5pJj/oLNmbCQhDfh1SXIbfoV+TAoVNePeHvTZl2oRhMPvhwMM9FYf9+tQqZ2sah7weO7nFt1Z1Ue85h0asiUoIC0Ft16H2IQI3ScNBildajZL2NDXT2zGiEQuPcLzQg4x9qOtB5IBy/3rIA/DGVH4YlDH9jN8InxmV8Q26/1oN7MHIMOd0UQWOQEKggzPZETrY6RDkpEGKPyGqO2oyoLadWsE+TV7cFiT3ULaJSB0ZcNf3ZmkkqJ5zAb5bWztLmPUTDtFPohMcSJulLwXKxooz1RhTjlklZY2dvRF0EfuHQZB5ccJS32c3545HvpQ==,iv:7u0g70YFNlzyt/IJnC3mWjkLEhOwu9C93r7VnZ828EU=,tag:TskCPydRlB38GQdMFQDvrw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1ygkcl4ss92z5ptzt3w5g4n98qx2c4kagyssm96m5z4c7t299c5wszjchxw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJQnNrYXg3ajBycjJ2am5I
cnFrb2doRHhiM3U1emZ0VElWSjY3WVRzKzNBCml0amYzREdtTmk4WHVhYy83cWt1
aDBjN2xiVFQyamczNHBlUS9USWc5Uk0KLS0tIGgrVGhranZ2bjVTd3lJM0NIUVFN
cTgrSlBaK3BVTlBMM0lqd1FRSjVqcXMKnAI3PFSqhRaPGxzuclxj2dp4v/vMRZti
JXoi26CV1UAHlWYcl+bDLPpOl1ti1IFDx+tO5aJJVOEuIi1L8iTibg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-16T12:47:50Z"
mac: ENC[AES256_GCM,data:3tWeubU1vuGc6VbJus6OzAaf5RQ85mCZV3UBT4wpQz+QGUPmDsEqq1B+Pid+viW/Rn9E8gAjiz/nR7pDWGrLH7SIWcpVSm2Psxc5LBhldek5EPtR7SNA8uTX4S5P5/Jj4+9mPHSPu8zR3my/6JrigEYoJdWDSV6B2Jt2HIL2aDQ=,iv:U2MQ/XS1HtQSUJs19cYDYDc6GGvy7SDxzqD4qb40B+8=,tag:zWX8pcuntUlrpgz8erXpIw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

12
secrets/recipes.env Normal file
View file

@ -0,0 +1,12 @@
SECRET_KEY=ENC[AES256_GCM,data:KWZ1ZVt0ql3n4P7o97OXllVEBa5FDm0rZdvZf7vprP6y9U0NkKcrdYSsLr4B6lNjfA==,iv:A7sBP3dswrPEcu0LDEVfX/ZhAy7qO37mwkAoGc0k1n0=,tag:hGwlnxRrpYpZ6Nm26mknEQ==,type:str]
SOCIAL_PROVIDERS=ENC[AES256_GCM,data:jKhtPHbxj28yIT3O4609U3oRkM9n+Y2tmoDgFYrXXlrhBtMI0IopqPef5UAttA==,iv:GZKjJ+bkO9dvjcA8Y06rJ1dQynXr+nvdWut33LrCl9Q=,tag:joRgpsS85Q6ljUUpqQ53oA==,type:str]
SOCIALACCOUNT_PROVIDERS=ENC[AES256_GCM,data:ud6mfmwH7Mw0HuG3N6phugiCdqG2T8JpMYaFZTFIvE9Kwl4Bzpz6IF2qKcTGI6Dx+zTBKrpfsfoZuUoARiUE5Ib6oKXVpO+JUsf1waHpIxot/qKisX3YM6901Ud+u+ofnpB94vzg0ppAcqoiJ+M/PnzFWgEUiQSJBuiBjkZ6uPviCIFwBUYjPqwQkp66Pbftw908rmE302g+LMIUko5Yb7DwDlez44vZuTGiFAf48dgWmQ3gotpqpFCSJeFAsPuXX0T6wWQp3xrEZ/GNoxPSp0lrjQ4rP8OzKML+hj0PfwRB2UeEpfwg7QzyKfr/ugLVVkXgH1zjNYRRtl8awbrlYIprKES80+msfi/KjJ5trV7cAnHzDpkIwCtggLawKq5ZNoYVCTrLlhDyRtYgtRzhhoHd3z6wxPvglxXpa9n9cj7iO9AkmqnWXHHFG4+9HAUzZFX4/w8zSNazRvGXHNAszosH5NlzwruD/RFr9AykJZQIcVJfuW4wKslfGW3nEMzKijJ0GoshSFK/5c4zaBmOX2EDbjs+nZAd7iYJtSUW0iG6yfrmoQIzf29FlCV0dg==,iv:YEcG1KakdP0XB2QGi5qL72bkwgQa3s+u4AVtA/roZvo=,tag:/4kGp3yXXLdiT9vngXsr2A==,type:str]
REMOTE_USER_AUTH=ENC[AES256_GCM,data:FQ==,iv:9sxvJMxdBnDCVhw59VFxEAtplnc5PatqmTdjJslR/xA=,tag:Br66wtmmgsqjUnOgT8qY/Q==,type:str]
SOCIAL_DEFAULT_ACCESS=ENC[AES256_GCM,data:HQ==,iv:NX4blKkmgufydRi0g2GcrribsmL0JD1Wt7SKw9H/phE=,tag:+cNNg47B0WS8//uylNfSNQ==,type:str]
SOCIAL_DEFAULT_GROUP=ENC[AES256_GCM,data:M5X7I48=,iv:Sghrk+50vdwIMKX1t/YS6k1eUZgU/oZl6nPB3uUkqCE=,tag:z2o4wLqM6pEypfg0YPEqlA==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1MGU4eUE4VHk3Uk5NMHBk\nZW44UTQ5VWZqRWZ2R09Zdk9XZjBzRzFZREVJCklaNm5KT2RPaDB1Z21STFVvZDFE\nQXZ3VjVTRldhVlVWeGtvdzJPL1RyNlUKLS0tIDVqYTc1dE5Td1NsbWdSbVZHajZz\nZnQ5TkplSXh0WlhDY09FOTg4V3dWdlUK3hW+DyFioTjjEfYJI6viOwHjrk/nCUNo\npGwYm8Ds+9vyDPGMazkUzCdM050y599YStjE7XnsbApMAI5myJ1BNQ==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1ygkcl4ss92z5ptzt3w5g4n98qx2c4kagyssm96m5z4c7t299c5wszjchxw
sops_lastmodified=2024-11-17T15:17:33Z
sops_mac=ENC[AES256_GCM,data:ixkzumZ+2blsD8ztx7dOEqQQRUysyrSu57WZarRm4rlSlcm6817GL7Wt89ktkuUqZvXJ9/uoqsmrVQ7AvDOXa5b5z9aTwXPm2WlH9lQ753qBtlRusJduLku6NDCmiWTm6trgu/+Ri9UdMuTEjgrRaJMZpmYWWT+UPR4Eq1UCaSI=,iv:6PbeWnvNHQ+lq5LZ0tMSslocwwCZlwxszss6FL3uZl0=,tag:v31EioeVkSP6jYCXwYVWVQ==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.9.1

7
secrets/sleep.env Normal file
View file

@ -0,0 +1,7 @@
DISCORD_TOKEN=ENC[AES256_GCM,data:r2JY5Ig7yUijarzneODaa2jhhVTFzboaYsx4xrp1T0SiR3Rk6Bz8Uxxj340iYtfotA1RPgWBvuefVS89905GooHpGvgx7gfQx54=,iv:cwkmhBHPEGOfAxjIlSWvRa0Lxyvb5AxRDk7zYS17aig=,tag:H3v7VeALIomL0cABaECyVw==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwaUVlUlJHUjBDWGRaV0JW\nd3VkZ25WbyswWHVtVnlxUUhaVyt5aE5DRENNCkc4eDRHb2tNUmlZWGhNOU16ZXF5\nd2V6c2VhT0laWXc2N0dIckxEZytzaUEKLS0tIGRReUkzWmdNTGtrR0FaNFdtQytT\nMUF2MTVlTzZMTHYvVENCTndhVHFCblUKqH5Wd0rxrOcVCDrt5ntYRlWkw8rv872C\nEOcKYcAyujQwCgAqclpSi7//VkuvWu11LQGkb24bD3LKbT2wLaJ3AQ==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1ygkcl4ss92z5ptzt3w5g4n98qx2c4kagyssm96m5z4c7t299c5wszjchxw
sops_lastmodified=2024-11-15T21:42:42Z
sops_mac=ENC[AES256_GCM,data:p8sTnU3L/g7WwaVdm/tQOWkKM8Jymitxg1EpkprPc1jfsbb7Joa3/bMxsziwUqaHv95ltbJwpvoZpLlKNKz61Kpm0qGZvXdCQsTTBpkxsn7ILKDs1B2DMToHqqZBume9NjrozmjFoR5m8jFvOhSdwVI1o/CLAHc3IJhZPk++3Jo=,iv:UjpYPxcmfzYe311GHGepKsd07HYUmNeqRNlisJz7Qzw=,tag:L2cIsM3QVU48T/Okw2wA5g==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.9.1

99
users/users.nix Normal file
View file

@ -0,0 +1,99 @@
{ pkgs, ... }:
{
users.groups.media = { };
users.extraUsers.vivian = {
isNormalUser = true;
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKME+A5zu36tMIsY+PBoboizgAzt6xReUNrKRBkxvl3i vivian@null"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8llUcEBHsLqotFZc++LNP2fjItuuzeUsu5ObXecYNj vivian@eevee"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBhJAp7NWlHgwDYd2z6VNROy5RkeZHRINFLsFvwT4b3 vivian@bastion"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMMbdjysLnmwJD5Fs/SjBPstdIQNUxy8zFHP0GlhHMJB vivian@bastion"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIfooZjMWXvXZu1ReOEACDZ0TMb2WJRBSOLlWE8y6fUh vivian@aoife"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBMTCUjDbDjAiEKbKmLPavuYM0wJIBdjgytLsg1uWuGc vivian@nord"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIM3TqXaApX2JZsgfZd7PKVFMecDgqTHKibpSzgdXNpYAAAAABHNzaDo= solov2-le"
];
};
users.extraUsers.jana = {
isNormalUser = true;
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
# ori (lenovo laptop/desktop)
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIET69oniNUA2nJV5+GxQ6XuK+vQbO8Uhtgrp1TrmiXVi jana@ori"
# bastion (arch server)
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJT6QJcxhUKjvHBv3Bd1rugyfAFUpxIe9cu1Frw3ylL jana@bastion"
# fili (server)
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0pmCsQeMMJ0r3o/XN7Zw8YFa9OEqrL3ikoGTK0OUY6 jana@fili"
# kili (tudelft laptop)
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOAXOTU6E06zjK/zkzlSPhTG35PoNRYgTCStEPUYyjeE jana@kili"
# nori hp tudelft laptop
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSCuEu1kFg8mAgpOuYZ/IH2Ur7LQP7sQrDjcPmerkSx jana@nori"
# oneplus 5 phone
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTqoHEVYxD+mwmZhPj+1+i1P0XmgTxXgSnPdPwFT1vr u0_a484@localhost"
# git deploy key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgadaDrViJp0Z6fbLBAo9grkmCeNQliIPXe12l3X3i/ jana@deploy"
];
# Make me admin
extraGroups = [
"systemd-journal"
"wheel"
"networkmanager"
"libvirtd"
"dialout"
"storage"
"syncthing"
"jellyfin"
"media"
];
};
users.extraUsers.laura = {
isNormalUser = true;
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBIlFUUXbwOkhNUjoA6zueTdRuaylgpgFqSe/xWGK9zb laura@zmeura"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBVkk9/80askWhInQk03JMntF6SThAYkFZNm+lIGt4E7 laura@mura"
];
};
users.extraUsers.wffl = {
isNormalUser = true;
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbYifrfevSlcZvKSCpJShXGX89dlLdD0wEl5L3CvX6e"
];
extraGroups = [ "media" ];
};
users.extraUsers.julia = {
isNormalUser = true;
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfVoCjrBTOH746bJCKQwRgWzjFskNeLQKz73qmd4P3tmiJIFMAim7MiCwtQbxvIUOTZHbG7vRHZ5SwSH/d/wqmESmY1meRH/43uP4YlRRwUFkUHcwEJsVP9dDza0jYuBXVo04B/fuP93W2+aeBPKiSuWrnQ9s2LwRJ/0aqani8xpVn87EXp90aXjdF4iqu7tL4Nn1zUULYOdULrry0j6moUumUhmtkWb0PrTcxZr7BoDz8UH7Fu9G0uK8Xr5dAxs7RgTyFpUWg6h+AKQczMHLluwuRr2m12gWXKZIVO+Sw1PYYuU58Y7+E00KEM1Xy9SnuOW5ZgnxWBqydD+Gc2q67"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPCatP3klEjfQPSiJNUc3FRDdz927BG1IzektpouzOZR"
];
extraGroups = [ "media" ];
};
users.extraUsers.jonathan-brouwer = {
isNormalUser = true;
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFP6UDiX8vb4rHV+8Zwaozh8dnCAsPM+fe/4BEfC/xyV jonathantbrouwer@gmail.com"
];
};
}