commit 9cbd6c9a3627ae811413f36bf8c1c2679d94e461 · soopy.moe/gensokyo

+13 -2

creds/sops/koumakan/default.yaml

···

       63
        
           token: ENC[AES256_GCM,data:N90DOJ0mip8FuuQD2iHA2OMDIePuM6tddLRLCjgNXpnp4PnRBFgt7UOvY/163DYphRtI/dl6Dl2odlpJ7UDtqYUKmNVtzGUGHLz38XQMCXN4rXnCXQ==,iv:3w5L2p+yQvKxusT3LBG/YXwQMrYhz+km1RuWmr4ZeO8=,tag:YHAHqrgqzq3K0x3XcNizwg==,type:str]

     

       64
        
       searxng:

     

       65
        
           secret: ENC[AES256_GCM,data:u1qFKXn4J21sO5a68/YJq8pWHHk98NINOG7FuwY8+o7M+hNod4vO2Axw1fJPUnDnUdcnEBQ/UUpUuH/DeAjr5HyjuZ1kyzHQYUVhjl8Mp7W7S/R2GCKoIg==,iv:bPKgs0ZAJl7TgNOjTh4aKks5/DHBYdfIemYa9SnfoXg=,tag:KiKf4sKhsi1dtwNFtzhEPw==,type:str]

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       66
        
       sops:

     

       67
        
           kms: []

     

       68
        
           gcp_kms: []

     
···

       96
        
                   QUlVNExmVGd2QXJwVmRGa0JvMmtocEUK7Zo0Mtj3oZm5Etp61cGbLs+2XP97pjR6

     

       97
        
                   rtfHnuxceJj0+yBugfwgFD1TGJ+6M7z5YCwTx+GAvbPDrmSm2TGrwg==

     

       98
        
                   -----END AGE ENCRYPTED FILE-----

     

       99
       -
           lastmodified: "2025-02-06T11:15:04Z"

     

       100
       -
           mac: ENC[AES256_GCM,data:w+j0lAchxF5wovLXswHafApZkDaG8SuFRAbIXc47bScLI46KRSRog3TmJ0brZa7TChJnODAAX5jduu5SaueU7L+QWHkYkQ8YKWauHenUw5DDCZlsqCcpZaXdvkdQ3+dlRgCE7R5HYxZJooZ6zJd2W7dXAJvHkVhxH4pMlgPM/cs=,iv:M71pvf1CxYBmOPNRpPXI9/z2kVtuh1p2e6SNzjtFi0M=,tag:Xf9dv4QgOEqmHy7b2sAlZA==,type:str]

     

       101
        
           pgp: []

     

       102
        
           unencrypted_suffix: _unencrypted

     

       103
        
           version: 3.9.4

···

       63
        
           token: ENC[AES256_GCM,data:N90DOJ0mip8FuuQD2iHA2OMDIePuM6tddLRLCjgNXpnp4PnRBFgt7UOvY/163DYphRtI/dl6Dl2odlpJ7UDtqYUKmNVtzGUGHLz38XQMCXN4rXnCXQ==,iv:3w5L2p+yQvKxusT3LBG/YXwQMrYhz+km1RuWmr4ZeO8=,tag:YHAHqrgqzq3K0x3XcNizwg==,type:str]

     

       64
        
       searxng:

     

       65
        
           secret: ENC[AES256_GCM,data:u1qFKXn4J21sO5a68/YJq8pWHHk98NINOG7FuwY8+o7M+hNod4vO2Axw1fJPUnDnUdcnEBQ/UUpUuH/DeAjr5HyjuZ1kyzHQYUVhjl8Mp7W7S/R2GCKoIg==,iv:bPKgs0ZAJl7TgNOjTh4aKks5/DHBYdfIemYa9SnfoXg=,tag:KiKf4sKhsi1dtwNFtzhEPw==,type:str]

     

       66
       +
       buildbot:

     

       67
       +
           workers:

     

       68
       +
               renko: ENC[AES256_GCM,data:LIn+7zzhsbEHALPni5SOy86EAp1M8YkhLGmn0G05fz6KxADF+TRpu1EUxmGLOZkwZeMLTTQ8lzNKUomGneLOINICQ+6967TZYcxeaUd0TWxi0hCPXkXw0wT4eXm9vDaXgk0gLvZlF17Q1vkGWJhGiDqI5gKqcvx3HojDvSnCe4UflnZ/CK4P3LDwCCEKdMXgp8Qv/G8Im52nCP9W1ZBSFEhY/DfA8JSHE1p2gQ==,iv:3MSPRmMPVRuHgkf97N+mBNS3SLAdH1TuHSB7em3R2Fo=,tag:arDSGfQkD9dzVLlA66+INA==,type:str]

     

       69
       +
               nijika: ENC[AES256_GCM,data:XrelW0Au0e41Alp2nFF9gWCM2NmmD0bevoJdP24t0ukKU07KzXOw8FXnqDaOcbx12siOzhSDLRp3TCB3CMoY7QNhpP3U2BI0vJxiLp31aipA+zgXaSqivnHjWIyiH/Wf6i6OimrrO3ygtiKK4OTPvQU7zYofjrr02gRKzjqhZuURzrfx9SlzNVQ7NhjgYaeeP7Ht3KeGcLyRIKr0N4yiwfTOcHtBV/7kSH1Q+Q==,iv:fXalFVVlu2FpvsCvXjlag9moYVfUf6utYdumok8fBXQ=,tag:Z2m+/DgCYOONFgRYXwKShQ==,type:str]

     

       70
       +
           gitea:

     

       71
       +
               webhook_secret: ENC[AES256_GCM,data:QZh04722SnJhxtxKNCUD+pnqSTP0fr/B4qj4v6vA7UCm/JH42x7a0yMVi87tATnQsRDX8/5oHWXqtYkskJZigfXs5ptqOqu6lCG88vP4my0gg8Y3017pfA==,iv:sJd8Zzf/Q05srghCABmKW4IARjusYR4VvBxjj9ihKqU=,tag:0Cd01OKVwPCbpMH9qwB+Gw==,type:str]

     

       72
       +
               token: ENC[AES256_GCM,data:CAFVuDHsjwmUxmWfL/bt3FlQk0lllchJOM2UtxbwQjq9B4XLZWSnwg==,iv:wp4xDaBzUOBp91oXRN5S0XM8/ge75SbceD1TmASMB0Y=,tag:eJSGlCCdWeOHIJUDY1dDeQ==,type:str]

     

       73
       +
               client_secret: ENC[AES256_GCM,data:RbL87pLdAnpoKoh1hmvQexnJ8RqCPGscAtGn1eMhzb9SghknzaUxJRtAe6Jz+2S+vrFE/n+BofI=,iv:4QHVMx6NqDg3V+WeQ7dnIgYu6EBD3RTOpCFopH065rU=,tag:AgyXE+hIFFljqHWr/SOsEQ==,type:str]

     

       74
       +
           gh:

     

       75
       +
               webhook_secret: ENC[AES256_GCM,data:nWDjqZcyJunimntZAZooMJCNshHW2o+OouajFcJEcEOEV1mxxwBJu6rrAnnKeVgM9Zw6NEyI94UHJ4PnL+s/h/sLDdt7s/eCSil6dzbX9hRs+f/1ODIgfQ==,iv:phpn4qVtr92Oc2R1cCY4HmZGFGfAg5EQhWXnMMX6uBs=,tag:C/VY/Kzz6oO2CK1kCCcArQ==,type:str]

     

       76
       +
               private_key: ENC[AES256_GCM,data:Jei9bt1XNpNz8iu7Qxsq+0lpFFS/8pLi+fyTUrp7a4fb5Po8uUI/a5ZbSIlE5v7XIS+BaeALs7/rvGhxkQ0BXNtFTejPPSL/8amRNBfmMLPJzNhvJJDhxszthzQpGaeAcavp8sa3SCJhEW/ozit+ejwUHqWaof0U9WNgxfjcO2NvWJMHbafkcao4kiOcdtzXiVa0an7CA1TZO8sTxdxEJDn7Bf+busMvfx6qIUUXmM2sJzNEAKCVczTQd0cjkVtNRCOyzGxE93C3WoMaZ1E+6/Fse3/c4k9fXavwXLck20HUbCkg4MRqtpJAsi7fObWFuHvjg7XI0mrWVyH0GY+/+jY056ncFXllrf3o9OPeMka+JHmy8iVFU/wQ+DZixZ/BVEt+f1s7ivy0Vtz0d/ZzWjnW6USJlsCy9cbIuK6+a2zQz1rAruht/WQu+MvDy2Wuv8Bn7ZSHevFGcK9wV3/gvuaRxb/+xRjFkYsjwGt8mgufJLFf3S/NCldaakhIFYBzKJvJN2wiRcQmJ2hJB7GVbHWb6SwFnOHLrnxHN8Pu6nVjios6OtFnNtSyX4egHeBAfc+14UwPicvMttpkuXFal5kCwvWUJ/DUm6qpMWnLkAWwxDPahevKItaTjD8Td0udxLlGtKMKcTD2NXifSOnlJ5frTl9TZZFWbFCE4+DC7j1j6hIN3lxyK7bHQV4d6LTsmSz75bGqoF0xFX6H52Ajz3xw5cfXDK0dw2bwW9QwsrEiQHwX1pLXpXCI+z7rRdFVuB8B2JlUNzNlfNUkV+hhIBw7GiKE4EN9DR7hcVtMoHwMtuHDM7IThlO7Hl0N/1tc/sTybHvfjIUpZY8JG177TBwPX94SVND/7g2QizIUkMnTpFEV9Xd1Jb6juVrJSV6Rqg7EZ/MhmM1/8V8IwJchlV/IA2PEWMowN2SeedmqMCgATqL9usfbZoHTxZ21S15nG01lxeJnO4unpMB/Gb/r2MdRh/WNSxdiW0oKtm1dywB4JZ53TmCr/DOUMbKPgVdMoUU4HMzIGtlNIFmJOsbeivsXKXtrVQdQgntlDxbUc6iJFfiVS8fW6nqJG1dMAbjOPgosg07rm8gek9omEP1fOUayY1Hy5/VsQdpULVDYgohFhylzx79tISXS+UkVE86j7xWdNbD79rLDzvoQdY0mkkNGiLw4xoFeMm6qDQYuY7CHE5mbhp7e2zjmFqRpM0TCz25O2LONRpfBzSjxTrj68PJA8QvsfcDNKX3NY/ULdHTVnrAkL94NUKRyVHENbtDUwkOwNCeTO2JobV1FxPGaKrAA4sR1ipYwFSZkA0gpoZ1zCQOANTwRAZfOBXzA8aG/b+WBhHBbB+XIpuiN9AbEeupvQnn30XkVdCNQPZxYuk19v0GZRYgaZKyoM5QaihBA5XE+4uQyIaqtfjiFhIt/EPR7fSp3AInW+cPABpQC5SAG+siVKmR/1KeKeoN45qxQa4SydPHTzmsM6GJEgdjn3XqSqHzmk7Bk+kV8fD/supV9yb0tcIkQOU5rOrlso9TrgudcKs8npO+kQTbP77og5C7M0Lp9G90Szkw9X/AXj5XjsnqG7qzxBxPwsA4N0p5C+29c46vk/4m6elpc0gy6bn9ZHzIbDgKzN295lWLFjLRJW3KiWPQRfcEhqaRtdE9arnnkzBtAs1SKnaF4c0hahGyBuUmiGZiahy6Ij4ZEItOnil1KVZcmmZyRRK4jUtl0SQjAIAT3BEE0W9E/oSHerCaMLKI+uWBNCHYQLW9BhxUIVJDGXYjNvDSwIi5YkFNSlLNG/e2A6lyYTTOYJgtfAINlL54yay5JRRboO0wzlRVEuZqMG2A3ivd4Z+5LBfXp8fG6Hrj1tG/6WsL0FE9Wen9txAqENQdvwujHBR0pKKnKSmLmZCZIsfR0VZW8PgZW88DCi4c/00/p0FlkFEaVpSTd3duEkng+yLB+ra1/+44Ie3obvNuOg42bu/NeBoeQfRpJ/zLCyyVHItQgMs6R+6I6uN9vMmZZE7FftLQW3XpZOeGstdWECao5nbOFkF6ouDgsbqPHDVBPop56kvrxNLEquGnkdtTm1BGziHn+BAuMSBKvxi6gZstR6J93XHoczqeQ/40bh/G/6UYf7D/ZH2F+8XK5/ty1MrF3g6kw3QzPKJnHoxU5eaHcHa8R0dWRiUre7tg6DrJsWprR9RyR9+uI7uBSCHJpdMDqHNOO0x5DgSvGNi5/79Zldw==,iv:BggfLd6AC8Y2Nov1/a56sJUH+r5gjBjjSGQfZ9Rxe4c=,tag:Yuy8AeRyIcaVif9O/4R+TQ==,type:str]

     

       77
        
       sops:

     

       78
        
           kms: []

     

       79
        
           gcp_kms: []

     
···

       107
        
                   QUlVNExmVGd2QXJwVmRGa0JvMmtocEUK7Zo0Mtj3oZm5Etp61cGbLs+2XP97pjR6

     

       108
        
                   rtfHnuxceJj0+yBugfwgFD1TGJ+6M7z5YCwTx+GAvbPDrmSm2TGrwg==

     

       109
        
                   -----END AGE ENCRYPTED FILE-----

     

       110
       +
           lastmodified: "2025-02-09T08:52:13Z"

     

       111
       +
           mac: ENC[AES256_GCM,data:8vP/E9LGGmIGvSlsNtRt/yLtGYd8Kbst5Cc68+BqFhinRUEfZ/9Ki0nDBHC+6rLDTzRWJMnZIn/xaO0AF4cC4552OZjMq1uDo8IqpygluI9UWO5nxinAjUXALKZHschzMk1+KxJbMRFzAixfhgZo7kcH3UtNcizGm62hqRLLTAk=,iv:3cMehOoB6Q39wOIbyodpEqDV/SsCMiNZkooEKUiajwU=,tag:9DLS+egx1Xbv4AtrIIgJxw==,type:str]

     

       112
        
           pgp: []

     

       113
        
           unencrypted_suffix: _unencrypted

     

       114
        
           version: 3.9.4

+3 -11

creds/sops/nijika/default.yaml

···

       3
        
       lego:

     

       4
        
           cf_token: ENC[AES256_GCM,data:qxF3WPZlhX3G,iv:kNFCT0zJype1OrAqngAOsQRp1zxzGIUJfhTBwhACxTs=,tag:Z6W4fKvGQAfi3ATWaTGg8Q==,type:str]

     

       5
        
       buildbot:

     

       6
       -
           workers:

     

       7
       -
               renko: ENC[AES256_GCM,data:8E8bAVCp8PB0xNMiSAg/ReDFuviteJ2nySwb/EmCiEi+21Xta8hLMb4zd70kUGd9bUdKvX4KsGYZaU3XFHopv/0WFJETgutDtNNLf/EwQE4O+r8hqamLml3IUBzeQrYEuMbwJmkMTtilVGr8TO30/NrOjAX7zlvpZazJBE6mROMgjnmi4i/1bwu7D865avJCYID6COHsmBSbRSCOsnODybtScuGMJq5+2FIseg==,iv:Hw4nV0UPtkABXCz/bTj7GPk+tar/Q2Xhe1DjJGXF3R8=,tag:AA2L7B4GEacHvJ5j+a87+A==,type:str]

     

       8
       -
           gitea:

     

       9
       -
               webhook_secret: ENC[AES256_GCM,data:8BPEMEFSZmOaloDzd0ufrHIMC8KnGfRPd/jOOSrM0QfGLs+yQe83Sd2MfwwB77SMXfXCIEZwCh+bzXdf/3ila3yM1cFknFZLUCXuzstQWfJ0P9rxWe2s2A==,iv:FcPe8rDrr3M3CQs5wwwQk4b+L5lbfvEQ9BfsxdxpHfk=,tag:q0VESxUJSJglKzyiz01eQA==,type:str]

     

       10
       -
               token: ENC[AES256_GCM,data:XszEjcK7HSWPAhZXf6TrqjWHlLQceabFZYqoM8ipg3fGqpMul7AGeA==,iv:GvsAbfIe5AfZY7pg3ctiUYt+MZlqgbhvrM56W34OaOA=,tag:3x8qCZBBy0gB8Hr/L5b1XQ==,type:str]

     

       11
       -
               client_secret: ENC[AES256_GCM,data:8POpHFTwpp6lMr6P8qqJPjkGho90Etv42YwsnUUDf2mlB9pa7GJp0mg6i225UWiynlHehzTlVG0=,iv:+xG7eOUVBnDel1uxfOy4wK19KUZI8Eac+3BRuof+720=,tag:EjA3lHZfeJr7O0bsaaEjBg==,type:str]

     

       12
       -
           gh:

     

       13
       -
               webhook_secret: ENC[AES256_GCM,data:3D62C0VFcyriTuyr+zs8gqYQ5uagtAAtGXarJkPr6gcHnUq6G8a715p6alPbCORmODF37jCriu64+221F4vSj1fFH7+imOUmWCgUai0BJOXiZPDDEC2XyA==,iv:Xd/q8SozAHZA/x3X6LvEKmhaFVKCRuPuOH9pEE2QjzQ=,tag:sXqIUxuEDIjcP+ac6fTUIQ==,type:str]

     

       14
       -
               private_key: ENC[AES256_GCM,data:uTd7A0C0Px3KWCNpUiWKjgKnZEm5fX3549UdbDLQPJ2ic96MpsE4HnT4uen9oJat3n1bqO5TDyU9NBr6Qv6uZx3esdM9z8wcGG9W5l8oyIMQpCHmLrtak9VP19f+GWRXhGjYxJBEFwC+wzvfsQUekVhr9jcwKKrup1gxJow31JEbmzxmkVXAMmrkhO2iMNN75iYwptXmLrptkpjKFs/c18jtJIv4q3V/D0QhXlNueG6bOlAaLp4yifJNrcptEX4D2svU15wkP8jv2TzrW3ug5y6XV0o0dy8FndioofGHW+7weyFENdS+5rDvFyplFVHdzyqsyUAx2CZ6rl6xzLPekQuuNDOTOPfhCftoBA0Se/FchdlLuyihtB4emZ03/VlBDCS1ff8AI639Pdgntaq2gfWY6fH81BVXET1TCLVutGnvdvTX5pJ/ykAg6O9kaSAHXLLVtG843JoxkrRmUWT3sgymYTAPfXiuMCRFQrSCE/tY/avOatHoVYg3ARalZQsoSQpGgpiACWYdsgFCB0aOVK4Ip4wXrs4qKARGrC3429cqsHz7c8zeq0mclNEKjumqvYfuR4f2mseL/4wL5iD+byo2xYR0yW5kY6WdpEJhp87i1+dNM1i73kyCMMOt8yia1AUrGV6EPNRIBZl7Ggk8C6ijJQDnI4gYZZhLYtNPVyxGFWQ+CqRsTFGUpaG++a29BW+DdIEcM3Xs5GjXOiI19xfmllp4JC/enUjzW+Y/lJPtkrJmPyVpY6QRmUVUFUhIzRGenCICpkqwcZVmAw7gs88ojKSlElXnQsbervttx9PK7Fc3x87c7YEyG4FrYX4fORJ9kwsdnsXT6hT7bYZQFJj7BtEu42Pl5RSABwvOisZRee47AnhCt0RYacpxr5pGxmUBhAffUtan7hL0fDxocypQf5jCtTObSoh4iEDV4DGQNb0Rwl9kEL6y+NCGk5gOFo1IJiP4Ez9BgduDTkU05xnTY+lNn5eIxMy0XZFtbSO9YjyzP6lG6Xvg9BcFAw6AC+T9Vn1B/lLK69A8WKEhbtUNZJedJhI1+muj4qqwQaXnLYRbZuK/rCsyaHEy9XmSdEHiG4f7gnYYDf/BSfFMlo1uN8wwPpVLE+H8hg54GFT7VSSegaDlFt6AjG/0K53F0439yFHYTbrvJwBC4ethBfIvHo22qD6HHuE0alokLOi5eO/noty5JE9jyC9qteMuXASc76ocDND2qH2W0/YT5QnNR9pKSZvjX/2Dd0ue2CWNRuCJAiGnYvssT1qyOTeg3gUfmv4IK2Sk353qYGTyD0a/nr2o0kbd8kXQZMBWX45B3o46FK2X3LWrF3STWfCbZCDX6ss614fqdSUMc1oEa6gLnozQz6R5ztlnNPQXL+LnBPO09jwHJHUgWun44+CeKpGO/QreoumQFlgoPM1/+bt5dKC+ihZVowAOyay6DhADiuq22M4lxTHwoaf6WlUXzhsWvDi8Q5mxQDqo/86p6nXF+dcYjQpqTE9uc3muMiXgWmUi6p1w0/ghVU63Etce18Aok0dqdYQ9P/4sAZHhUceYZxoicPSh9GhcmH6Klpzzl3J+UKo0PPl/ELB0Kgn2tQl1/IcIKeQA8BzfsTVfBYKpNpPHnjV8RFI4lKVnrTQRNH6a33JzZAODSQ7a0Ae1isHUf0OEAWJpizxU+ty4vCJHPZk0fXM8/XS8RwBES4rvl6AqMLB+cOG1JYHvOG4NnYa7ocQJTlhBQyddRaZQTvpKfdb8IQ7VQMBvCsc0/ibtRlLBtBJvXmVlb8mnjhptChLW3A2cp9vK4i1pUvk3UPZECOmnGAWcjpeA0yKQDw6DMdm96xKZ5Fe/Ar2u1DzJJeWvIbysaEv63kTuF2tMx2NAA8ywIK85sjipPQddW2Y497pTuXzlmUYVDy9zI0C0ROqEv7+uzFErbweHecBn+cSWHitQDA5ksBRDiokRzz2ZeqU6h57uz/40icV5FVAGNqTNBTGblwvZhVEV91ifCgDQghsKySyNS+TE1lm5slL5m6t6teKgQve/hPnOxRCYNaZM/vriHuyM4oPkVdi9CKzb7tZ60wjQp0etvWIWh8dtqOb3h2CRoetETQi7DkLvQVCc3gfPNUlqnQ/fsfs95CHJrojbxi6+rMV6G+WxZgClxKUdHg9RH/ztAiYDI4q6mUvqcWymQn28Odq+SNzpyeedXYwoRmhPysnSW7aon0PKeV+sqK+XVN7nFQ==,iv:D+0OvrNDG3smrRilANSQvB2DLcT4sUpdrgfV2im5miw=,tag:NIa2WL+hgERc8GshcQ0EiQ==,type:str]

     

       15
        
       sops:

     

       16
        
           kms: []

     

       17
        
           gcp_kms: []

     
···

       45
        
                   S0lOdU16bXA5cGxVcHc3VzBWenQrREUKL1AQpV36+pBph9nRNgPQnnBZ/CJ/2R6C

     

       46
        
                   Gz3Uus0Jf8hLe6fWCnOOZFcI/8JibSBJs0x5LWwC04CJ0J2eWSMHIQ==

     

       47
        
                   -----END AGE ENCRYPTED FILE-----

     

       48
       -
           lastmodified: "2025-02-06T13:40:54Z"

     

       49
       -
           mac: ENC[AES256_GCM,data:LrNE7/kZCi4gsj/oNTvrtbkvzYjLH/b1KlmPYStxlk2YO9o0ibbp3d3Q2OQRvY4AEZlGOEhYrTDcWKCRYkzvrC+QUH/aW89Q4VTIjelc/jVD6EZRCotXNFNlfkuaZHvf1lqduZhobssp8CHoiLZT6HDgFDZVtjhvQWMeeirQwcg=,iv:xKIoPa1+DSf/eccZGsN++c0PXgmE1c4NrJeuAcdXzFo=,tag:hBblYc1HfnIvwdpVRw9lHQ==,type:str]

     

       50
        
           pgp: []

     

       51
        
           unencrypted_suffix: _unencrypted

     

       52
        
           version: 3.9.4

···

       3
        
       lego:

     

       4
        
           cf_token: ENC[AES256_GCM,data:qxF3WPZlhX3G,iv:kNFCT0zJype1OrAqngAOsQRp1zxzGIUJfhTBwhACxTs=,tag:Z6W4fKvGQAfi3ATWaTGg8Q==,type:str]

     

       5
        
       buildbot:

     

       6
       +
           token: ENC[AES256_GCM,data:S02GVtA9CAlevVvzjP/S4NvRK0F/qhc0GWjL75+7nSXAezPwAIla+zt7ErApkz3zwd3WFl92P0ljE9bUlvEiZYjMMsBn4ggQMO6NmzsEFxOnLjhhWA5faX+w32J+UOWxOBSgBoPJG3Q+KxMMJLiieTHbn4Vfp8SzleG9wvqu/MdbCOVa6YRm7IMMMS6Ac1klPJSbSkQLCiRM8VjU/a1da3qwjLgHtDgyLU4W+A==,iv:6l09P+B816Jsyee8OlP0qAm/V9qQ4xLcqI92cRhyx/Q=,tag:4YLQu+7i2aBWoE8Me+1wrw==,type:str]

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       7
        
       sops:

     

       8
        
           kms: []

     

       9
        
           gcp_kms: []

     
···

       37
        
                   S0lOdU16bXA5cGxVcHc3VzBWenQrREUKL1AQpV36+pBph9nRNgPQnnBZ/CJ/2R6C

     

       38
        
                   Gz3Uus0Jf8hLe6fWCnOOZFcI/8JibSBJs0x5LWwC04CJ0J2eWSMHIQ==

     

       39
        
                   -----END AGE ENCRYPTED FILE-----

     

       40
       +
           lastmodified: "2025-02-09T08:51:04Z"

     

       41
       +
           mac: ENC[AES256_GCM,data:XFdQLiSC9andNwHW8DBkfYuJ07eBaRPU3bsdXsT3QZge9fdHTMHMYiVL+yo3uhHuruZp4UWXiA97GZo/R+eN1oenkEjnrrdxl0ntQs60xNrsdZ+hltG25JcYlwRP6U8E9wkHaPTbwbHDBikpCPnUS6rVW+4ngZJrmnMGstPvVd8=,iv:6MgoDofvekrENhWnV4XgVwwFOGPF/mYx1FwT7jY+ZUw=,tag:C8l2A7wDRtt2VG6HRuEL8A==,type:str]

     

       42
        
           pgp: []

     

       43
        
           unencrypted_suffix: _unencrypted

     

       44
        
           version: 3.9.4

+16

docs/src/internal/presets/buildbot.md

···

       1
       +
       # Certificates presets

     

       2
       +
       

     

       3
       +
       ```nix

     

       4
       +
       {...}: {

     

       5
       +
         gensokyo.presets.buildbot = true;

     

       6
       +
       }

     

       7
       +
       ```

     

       8
       +
       

     

       9
       +
       This enables the buildbot worker on the current host.

     

       10
       +
       

     

       11
       +
       This requires the following secrets to be set:

     

       12
       +
       

     

       13
       +
       ```yaml

     

       14
       +
       buildbot:

     

       15
       +
           token: # generate from cloudflare

     

       16
       +
       ```

+21

global/gensokyo/presets/buildbot.nix

···

       1
       +
       {

     

       2
       +
         _utils,

     

       3
       +
         config,

     

       4
       +
         lib,

     

       5
       +
         ...

     

       6
       +
       }: let

     

       7
       +
         secrets = _utils.setupSecrets config {

     

       8
       +
           namespace = "buildbot";

     

       9
       +
           secrets = lib.singleton "token";

     

       10
       +
         };

     

       11
       +
       in

     

       12
       +
         lib.mkIf config.gensokyo.presets.buildbot (lib.mkMerge [

     

       13
       +
           {

     

       14
       +
             services.buildbot-nix.worker = {

     

       15
       +
               enable = true;

     

       16
       +
               masterUrl = "tcp:host=koumakan:port=9989";

     

       17
       +
               workerPasswordFile = secrets.get "token";

     

       18
       +
             };

     

       19
       +
           }

     

       20
       +
           secrets.generate

     

       21
       +
         ])

+2

global/gensokyo/presets/default.nix

···

       1
        
       {lib, ...}: {

     

       2
        
         imports = [

     

       0
        
       
     

       3
        
           ./vmetrics.nix

     

       4
        
           ./nginx.nix

     

       5
        
           ./certificates.nix

     
···

       7
        
         ];

     

       8
        
       

     

       9
        
         options.gensokyo.presets = {

     

       0
        
       
     

       10
        
           vmetrics = lib.mkEnableOption "vmetrics presets";

     

       11
        
           nginx = lib.mkEnableOption "nginx presets";

     

       12
        
           certificates = lib.mkEnableOption "boilerplate certificate issuing presets";

···

       1
        
       {lib, ...}: {

     

       2
        
         imports = [

     

       3
       +
           ./buildbot.nix

     

       4
        
           ./vmetrics.nix

     

       5
        
           ./nginx.nix

     

       6
        
           ./certificates.nix

     
···

       8
        
         ];

     

       9
        
       

     

       10
        
         options.gensokyo.presets = {

     

       11
       +
           buildbot = lib.mkEnableOption "buildbot presets";

     

       12
        
           vmetrics = lib.mkEnableOption "vmetrics presets";

     

       13
        
           nginx = lib.mkEnableOption "nginx presets";

     

       14
        
           certificates = lib.mkEnableOption "boilerplate certificate issuing presets";

+1 -1

systems/default.nix

···

       35
        
         bocchi = mkSystem "bocchi" "x86_64-linux";

     

       36
        
         kita = mkSystem "kita" "x86_64-linux";

     

       37
        
         ryo = mkSystem "ryo" "x86_64-linux";

     

       38
       -
         nijika = mkSystem "nijika" "x86_64-linux";

     

       39
        
       }

···

       35
        
         bocchi = mkSystem "bocchi" "x86_64-linux";

     

       36
        
         kita = mkSystem "kita" "x86_64-linux";

     

       37
        
         ryo = mkSystem "ryo" "x86_64-linux";

     

       38
       +
         nijika = mkSystem "nijika" "aarch64-linux";

     

       39
        
       }

+1

systems/koumakan/configuration.nix

···

       3
        
           inputs.mystia.nixosModules.fixups

     

       4
        
           inputs.mystia.nixosModules.vmauth

     

       5
        
           inputs.mystia.nixosModules.bsky-pds

     

       0
        
       
     

       6
        
       

     

       7
        
           ./hardware-configuration.nix

     

       8

···

       3
        
           inputs.mystia.nixosModules.fixups

     

       4
        
           inputs.mystia.nixosModules.vmauth

     

       5
        
           inputs.mystia.nixosModules.bsky-pds

     

       6
       +
           inputs.buildbot-nix.nixosModules.buildbot-master

     

       7
        
       

     

       8
        
           ./hardware-configuration.nix

     

       9

+59

systems/koumakan/services/ci/buildbot.nix

···

       1
       +
       {

     

       2
       +
         _utils,

     

       3
       +
         config,

     

       4
       +
         ...

     

       5
       +
       }: let

     

       6
       +
         secrets = _utils.setupSecrets config {

     

       7
       +
           namespace = "buildbot";

     

       8
       +
           secrets = [

     

       9
       +
             "gh/private_key"

     

       10
       +
             "gh/webhook_secret"

     

       11
       +
             "gitea/token"

     

       12
       +
             "gitea/client_secret"

     

       13
       +
             "gitea/webhook_secret"

     

       14
       +
       

     

       15
       +
             "workers/renko"

     

       16
       +
           ];

     

       17
       +
         };

     

       18
       +
         mkWorker = name: cores: {

     

       19
       +
           inherit name cores;

     

       20
       +
           pass = secrets.placeholder "workers/${name}";

     

       21
       +
         };

     

       22
       +
       in {

     

       23
       +
         imports = [

     

       24
       +
           secrets.generate

     

       25
       +
           (secrets.mkTemplate "buildbot.workers.json" (builtins.toJSON [

     

       26
       +
             (mkWorker "renko" 12)

     

       27
       +
           ]))

     

       28
       +
         ];

     

       29
       +
       

     

       30
       +
         services.buildbot-nix.master = {

     

       31
       +
           enable = true;

     

       32
       +
           domain = "ci.soopy.moe";

     

       33
       +
           useHTTPS = true;

     

       34
       +
           admins = ["soopyc"];

     

       35
       +
           accessMode.public = {};

     

       36
       +
           workersFile = secrets.getTemplate "buildbot.workers.json";

     

       37
       +
       

     

       38
       +
           # forges configuration

     

       39
       +
           authBackend = "gitea";

     

       40
       +
           github = {

     

       41
       +
             enable = true;

     

       42
       +
             webhookSecretFile = secrets.get "gh/webhook_secret";

     

       43
       +
             authType.app = {

     

       44
       +
               id = 1135740;

     

       45
       +
               secretKeyFile = secrets.get "gh/private_key";

     

       46
       +
             };

     

       47
       +
           };

     

       48
       +
           gitea = {

     

       49
       +
             enable = true;

     

       50
       +
             tokenFile = secrets.get "gitea/token";

     

       51
       +
             webhookSecretFile = secrets.get "gitea/webhook_secret";

     

       52
       +
             instanceUrl = "https://patchy.soopy.moe";

     

       53
       +
             oauthId = "4c9061a1-2ec9-42bb-a80c-8f3124f13b29";

     

       54
       +
             oauthSecretFile = secrets.get "gitea/client_secret";

     

       55
       +
           };

     

       56
       +
         };

     

       57
       +
       

     

       58
       +
         services.nginx.virtualHosts.${config.services.buildbot-nix.master.domain} = _utils.mkVhost {};

     

       59
       +
       }

+1

systems/koumakan/services/default.nix

···

       4
        
       

     

       5
        
           ./databases

     

       6
        
           ./scm

     

       0
        
       
     

       7
        
       

     

       8
        
           # "containers" in a burning text gif

     

       9
        
           ./arion

···

       4
        
       

     

       5
        
           ./databases

     

       6
        
           ./scm

     

       7
       +
           ./ci

     

       8
        
       

     

       9
        
           # "containers" in a burning text gif

     

       10
        
           ./arion

-2

systems/nijika/configuration.nix

···

       2
        
         imports = [

     

       3
        
           ./services

     

       4
        
           ./networking.nix # generated at runtime by nixos-infect

     

       5
       -
       

     

       6
       -
           inputs.buildbot-nix.nixosModules.buildbot-master

     

       7
        
         ];

     

       8
        
       

     

       9
        
         gensokyo.presets = {

···

       2
        
         imports = [

     

       3
        
           ./services

     

       4
        
           ./networking.nix # generated at runtime by nixos-infect

     

       0
        
       
     

       0
        
       
     

       5
        
         ];

     

       6
        
       

     

       7
        
         gensokyo.presets = {

+10 -2

systems/nijika/hardware-configuration.nix

···

       1
        
       {modulesPath, ...}: {

     

       2
        
         imports = [(modulesPath + "/profiles/qemu-guest.nix")];

     

       3
       -
         boot.loader.grub.device = "/dev/sda";

     

       4
       -
         boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       5
        
         boot.initrd.kernelModules = ["nvme"];

     

       6
        
         fileSystems."/" = {

     

       7
        
           device = "/dev/sda1";

···

       1
        
       {modulesPath, ...}: {

     

       2
        
         imports = [(modulesPath + "/profiles/qemu-guest.nix")];

     

       3
       +
         boot.loader.grub = {

     

       4
       +
           efiSupport = true;

     

       5
       +
           efiInstallAsRemovable = true;

     

       6
       +
           device = "nodev";

     

       7
       +
         };

     

       8
       +
         fileSystems."/boot" = {

     

       9
       +
           device = "/dev/disk/by-uuid/5E93-6B15";

     

       10
       +
           fsType = "vfat";

     

       11
       +
         };

     

       12
       +
         boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];

     

       13
        
         boot.initrd.kernelModules = ["nvme"];

     

       14
        
         fileSystems."/" = {

     

       15
        
           device = "/dev/sda1";

+2 -2

systems/nijika/networking.nix

···

       28
        
                   prefixLength = 64;

     

       29
        
                 }

     

       30
        
                 {

     

       31
       -
                   address = "fe80::9400:4ff:fe0c:1c84";

     

       32
        
                   prefixLength = 64;

     

       33
        
                 }

     

       34
        
               ];

     
···

       48
        
           };

     

       49
        
         };

     

       50
        
         services.udev.extraRules = ''

     

       51
       -
           ATTR{address}=="96:00:04:0c:1c:84", NAME="eth0"

     

       52
        
         '';

     

       53
        
       }

···

       28
        
                   prefixLength = 64;

     

       29
        
                 }

     

       30
        
                 {

     

       31
       +
                   address = "fe80::9400:4ff:fe0e:e3d";

     

       32
        
                   prefixLength = 64;

     

       33
        
                 }

     

       34
        
               ];

     
···

       48
        
           };

     

       49
        
         };

     

       50
        
         services.udev.extraRules = ''

     

       51
       +
           ATTR{address}=="96:00:04:0e:0e:3d", NAME="eth0"

     

       52
        
         '';

     

       53
        
       }

+2 -62

systems/nijika/services/buildbot.nix

···

       1
       -
       {

     

       2
       -
         _utils,

     

       3
       -
         lib,

     

       4
       -
         config,

     

       5
       -
         ...

     

       6
       -
       }: let

     

       7
       -
         secrets = _utils.setupSecrets config {

     

       8
       -
           namespace = "buildbot";

     

       9
       -
           secrets = [

     

       10
       -
             "gh/private_key"

     

       11
       -
             "gh/webhook_secret"

     

       12
       -
             "gitea/token"

     

       13
       -
             "gitea/client_secret"

     

       14
       -
             "gitea/webhook_secret"

     

       15
       -
       

     

       16
       -
             "workers/renko"

     

       17
       -
           ];

     

       18
       -
         };

     

       19
       -
         mkWorker = name: cores: {

     

       20
       -
           inherit name cores;

     

       21
       -
           pass = secrets.placeholder "workers/${name}";

     

       22
       -
         };

     

       23
       -
       in {

     

       24
       -
         imports = [

     

       25
       -
           secrets.generate

     

       26
       -
           (secrets.mkTemplate "buildbot.workers.json" (builtins.toJSON [

     

       27
       -
             (mkWorker "renko" 12)

     

       28
       -
           ]))

     

       29
       -
         ];

     

       30
       -
       

     

       31
       -
         services.buildbot-nix.master = {

     

       32
       -
           enable = true;

     

       33
       -
           domain = "ci.soopy.moe";

     

       34
       -
           useHTTPS = true;

     

       35
       -
           admins = ["soopyc"];

     

       36
       -
           accessMode.public = {};

     

       37
       -
           workersFile = secrets.getTemplate "buildbot.workers.json";

     

       38
       -
       

     

       39
       -
           # forges configuration

     

       40
       -
           authBackend = "gitea";

     

       41
       -
           github = {

     

       42
       -
             enable = true;

     

       43
       -
             webhookSecretFile = secrets.get "gh/webhook_secret";

     

       44
       -
             authType.app = {

     

       45
       -
               id = 1135740;

     

       46
       -
               secretKeyFile = secrets.get "gh/private_key";

     

       47
       -
             };

     

       48
       -
           };

     

       49
       -
           gitea = {

     

       50
       -
             enable = true;

     

       51
       -
             tokenFile = secrets.get "gitea/token";

     

       52
       -
             webhookSecretFile = secrets.get "gitea/webhook_secret";

     

       53
       -
             instanceUrl = "https://patchy.soopy.moe";

     

       54
       -
             oauthId = "4c9061a1-2ec9-42bb-a80c-8f3124f13b29";

     

       55
       -
             oauthSecretFile = secrets.get "gitea/client_secret";

     

       56
       -
           };

     

       57
       -
         };

     

       58
       -
       

     

       59
       -
         services.nginx.virtualHosts.${config.services.buildbot-nix.master.domain} = _utils.mkVhost {

     

       60
       -
           useACMEHost = lib.mkForce null;

     

       61
       -
           enableACME = true;

     

       62
       -
         };

     

       63
        
       }

···

       1
       +
       {...}: {

     

       2
       +
         gensokyo.presets.buildbot = true;

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       3
        
       }

+1 -1

systems/renko/configuration.nix

···

       6
        
         imports = [

     

       7
        
           ./gui

     

       8
        
           ./development

     

       9
       -
           ./services

     

       10
        
         ];

     

       11
        
       

     

       12
        
         gensokyo = {

     
···

       15
        
             games = true;

     

       16
        
           };

     

       17
        
           presets = {

     

       0
        
       
     

       18
        
             vmetrics = true;

     

       19
        
             secureboot = true;

     

       20
        
           };

···

       6
        
         imports = [

     

       7
        
           ./gui

     

       8
        
           ./development

     

       0
        
       
     

       9
        
         ];

     

       10
        
       

     

       11
        
         gensokyo = {

     
···

       14
        
             games = true;

     

       15
        
           };

     

       16
        
           presets = {

     

       17
       +
             buildbot = true;

     

       18
        
             vmetrics = true;

     

       19
        
             secureboot = true;

     

       20
        
           };

-18

systems/renko/services/buildbot.nix

···

       1
       -
       {

     

       2
       -
         _utils,

     

       3
       -
         config,

     

       4
       -
         lib,

     

       5
       -
         ...

     

       6
       -
       }: let

     

       7
       -
         secrets = _utils.setupSecrets config {

     

       8
       -
           namespace = "buildbot";

     

       9
       -
           secrets = lib.singleton "token";

     

       10
       -
         };

     

       11
       -
       in {

     

       12
       -
         imports = lib.singleton secrets.generate;

     

       13
       -
         services.buildbot-nix.worker = {

     

       14
       -
           enable = true;

     

       15
       -
           masterUrl = "tcp:host=nijika:port=9989";

     

       16
       -
           workerPasswordFile = secrets.get "token";

     

       17
       -
         };

     

       18
       -
       }

systems/renko/services/default.nix systems/koumakan/services/ci/default.nix