···

       
11
       
11
       
 
       
{

     

       
12
       
12
       
 
       
  "anubis-key.age".publicKeys = marvinDefault;

     

       
13
       
13
       
 
       
  "authentik-env.age".publicKeys = marvinDefault;

     

       
14
       
14
       
-
       
  "buildbot/gitea-token.age".publicKeys = marvinDefault;

     

       
15
       
15
       
-
       
  "buildbot/oauth-secret.age".publicKeys = marvinDefault;

     

       
16
       
16
       
-
       
  "buildbot/worker-password.age".publicKeys = marvinDefault;

     

       
17
       
17
       
-
       
  "buildbot/workers.age".publicKeys = marvinDefault;

     

       
14
       
14
       
+
       
  # "buildbot/gitea-token.age".publicKeys = marvinDefault;

     

       
15
       
15
       
+
       
  # "buildbot/oauth-secret.age".publicKeys = marvinDefault;

     

       
16
       
16
       
+
       
  # "buildbot/worker-password.age".publicKeys = marvinDefault;

     

       
17
       
17
       
+
       
  # "buildbot/workers.age".publicKeys = marvinDefault;

     

       
18
       
18
       
 
       
  "forgejo/aux-docs-runner-token.age".publicKeys = marvinDefault;

     

       
19
       
19
       
 
       
  "forgejo/db-pw.age".publicKeys = marvinDefault;

     

       
20
       
20
       
 
       
  "forgejo/default-runner-token.age".publicKeys = marvinDefault;

     
···

       
38
       
38
       
 
       
  "pingvin-secrets.age".publicKeys = marvinDefault;

     

       
39
       
39
       
 
       
  "planka-env.age".publicKeys = marvinDefault;

     

       
40
       
40
       
 
       
  "pocket-id-secrets.age".publicKeys = marvinDefault;

     

       
41
       
41
       
-
       
  "tangled-knot-secrets.age".publicKeys = marvinDefault;

     

       
42
       
41
       
 
       
  "vaultwarden-vars.age".publicKeys = marvinDefault;

     

       
43
       
42
       
 
       
  "vaultwarden-pgpass.age".publicKeys = marvinDefault;

     

       
44
       
43
       
 
       
  "webmentiond-env.age".publicKeys = marvinDefault;

     

This is a binary file and will not be displayed.

···

       
19
       
19
       
 
       
        listenAddr = "0.0.0.0:${toString dk.port}";

     

       
20
       
20
       
 
       
        hostname = dk.extUrl;

     

       
21
       
21
       
 
       
        internalListenAddr = "127.0.0.1:${toString dk.intListenPort}";

     

       
22
       
22
       
-
       
        secretFile = config.age.secrets.tangled-knot-secrets.path;

     

       
22
       
22
       
+
       
        owner = "did:plc:5cqzysioqzttihsnbsaxrggu";

     

       
23
       
23
       
 
       
      };

     

       
24
       
24
       
 
       
    };

     

       
25
       
25
       
 
       
    tangled-spindle = {

     
···

       
35
       
35
       
 
       
    openssh.ports = [ 2222 ];

     

       
36
       
36
       
 
       
    openssh.settings.AllowUsers = [ "git" ];

     

       
37
       
37
       
 
       
    openssh.settings.AllowGroups = [ "git" ];

     

       
38
       
38
       
-
       
  };

     

       
39
       
39
       
-
       
  age.secrets.tangled-knot-secrets = {

     

       
40
       
40
       
-
       
    file = ./secrets/tangled-knot-secrets.age;

     

       
41
       
41
       
-
       
    owner = "git";

     

       
42
       
42
       
-
       
    group = "git";

     

       
43
       
38
       
 
       
  };

     

       
44
       
39
       
 
       
}