commit ecb2dc44b50916b3d80200a7546c888a874963f0 · soopy.moe/gensokyo

-58

creds/sops/bocchi/default.yaml

···

       1
       -
       lego:

     

       2
       -
           cf_token: ENC[AES256_GCM,data:XkoVqohA0yDBiiOcwuckcq7Md+qiy+bw3bZDXa10VVb/oIOAibi9yA==,iv:oO/tPda0vvW564z6EPaqvrS4U2UGQH8nGSPmaQeBtSk=,tag:CukJmfRWrioBStLjC0wBvw==,type:str]

     

       3
       -
       vmetrics:

     

       4
       -
           auth: ENC[AES256_GCM,data:WKgG+0Aru+vXa5SV+FHn7A89oNU3Hc6GRxy5e4FMthugMnCirw3pY+llm/p6jEzEUUL8+dAsUkYKpMHpUvjJJDgZinkQFoL2OKowESJkSJvcogdeFGEMCZlxtYxqjyyktsPa3MnSZnefuicBvTvjsc7AXR+1tVP/Oqesf29214k1gZYDTw5td92KEGkdI1nf4BsA80UGHA9jDIaUB1PmfZcrX4yK5GwitpHV0w==,iv:w5fvbIwKablXI6xmGAJcVLC1Zb1WrifLyzsEXfA24TY=,tag:1S+faetlrYArRBcUtp6/gA==,type:str]

     

       5
       -
       hydra:

     

       6
       -
           signing_key:

     

       7
       -
               local: ENC[AES256_GCM,data:3IceMcpCOXrWi0ttv8d5oVSbnF6PSsS8TfSFF6xvCYp8I6BuhzorG0envw4YMNrVz2n4n7yzwa0eXFt14ekSj75jGKq0y22GRaIMGiCUQbDNG6IqAyc7JOWs8t8rrG/owdz9/roCatA=,iv:DS9xhapQ/pTZ72LZgRRO8To7euHqQCGecfC9SoPfwvI=,tag:Udygs/yA8PYC3claQ8c/WA==,type:str]

     

       8
       -
               r2: ENC[AES256_GCM,data:/0a93HqlUxFa3I5HkInB+RX4L37XPujX0mIyEPW2BUI522RPgmVZsbzv9vsI/K7rKeFu33y8uPwPsAUCz/Po0XwQ+na4yVrd6vxcHrKYD0pea1j1B1BSpcK9TRXu/4nAx/QTpViE82YPww==,iv:NIrkN62yd6dT+SbY+/bwHhwSovUUpDUOBKtHXea6xJI=,tag:qC0V0T21cyox0O6PNOYL+A==,type:str]

     

       9
       -
           s3: ENC[AES256_GCM,data:6csZoQFgwNi4YH7Rg+pA/iyPV1Glska0w1IG0+9bscnIWpwpBBeIiKYPXnhIsgh5m7Rua6bkyWS9tgPNk9sVueXWVuIQ7zeuj54jwVOHyZZ3f3xBmH+BMGbf2LHZV6/5i0fh1KaKDs/GKQntbc4fvguAFgC3zsLJwtu8ulDJrEUqXZ5/NzC0MIx5TEMnFDzkds8IoCcq1xUMH+ApDZtKmuxQSyYshA==,iv:27WxlgaF+L6OGPtmWebYPEl7wM85UB9W7u+o+3VbeMU=,tag:QLg9AtiwL0wKf3KnvCVVgQ==,type:str]

     

       10
       -
           auth:

     

       11
       -
               gitea:

     

       12
       -
                   cassie: ENC[AES256_GCM,data:fjDua36VNykAp4vZ+9J5Pa/KjTUUNMOmP504ChLsSfmw+G+KGKrnpA==,iv:4mVVPqO4U66nG/ZYdJ+l77vUnvmOtYNAEZ47Wf69PUA=,tag:r9czBVWGG6uen/Bv7X4aHA==,type:str]

     

       13
       -
       infra:

     

       14
       -
           wrangler:

     

       15
       -
               account_id: ENC[AES256_GCM,data:vM5XSi4gEhrp8ayUltd9bYfC+7Ly/IApsAA4Xp0it+4=,iv:w2o9HNN9KhpUGt9yystqtmMZRTohU3Q/EmtvmhST3JE=,tag:cHkdrYjhZHLN8pyFmMlvFg==,type:str]

     

       16
       -
               token: ENC[AES256_GCM,data:AmQ69ObdOmdLAL8bCRO4UD3mYUzZetPKtj97MjzIjf4Fv7V3B6LMuA==,iv:imXyYC/ts36JTpyGxbAIAZevxCQXcwQtMMDaO+Pe7Y0=,tag:HsSMydbDsAA5s9aZNTDQiA==,type:str]

     

       17
       -
       gateway:

     

       18
       -
           db_pass: ENC[AES256_GCM,data:0ogT8DeqaHC8Nk8xVrTNdOuwC53SypicH1yNrWmUhSIePKcFZRifdnnJ3+q/BMMTh5AEcuz/GKScUXv7x/cI4w==,iv:II/TQgRp0xBOibNPlsO8e4g0SsMjnjm+nKEb+GuZvs4=,tag:hnB+S9h8QY0LPNK2rLABMw==,type:str]

     

       19
       -
           secret_key: ENC[AES256_GCM,data:egCJodYW69YdTdapIdydZ3+bAsfpgWNmz/FjWEUSfMCXfA96v6u0AGHlr8u0iEDf6xDmMP4tbiSJqiwoAiljmF0r5hDQWS15Tpo/T/DdgpQ=,iv:t7CwUCAr/nGPU6cYyc3OpAR3xpJ+Lx444Eo0THsnuQw=,tag:6T+666zNd7lMX361tOnq9A==,type:str]

     

       20
       -
           email_pass: ENC[AES256_GCM,data:5K9CbyR3ZLKZldsx7oCC7AeNYI82YGjnli26/PmeO40mdZdy+yEiZ7yYJjZVOWTXLWajfc0jsYcodPxKGPyZ5I4O1nt5jk4jwzHyswvisGsMTJKJHSo2XQ==,iv:/HdegQ1LbGZb1vduxFxPP0gie0P+fsqRJW9pgW4y+Ik=,tag:N8FIY1lYjdo5botMChwgaw==,type:str]

     

       21
       -
       sops:

     

       22
       -
           kms: []

     

       23
       -
           gcp_kms: []

     

       24
       -
           azure_kv: []

     

       25
       -
           hc_vault: []

     

       26
       -
           age:

     

       27
       -
               - recipient: age1l3qxt6630dzesdclfm3eqgw3uuhwj09dh6typwlwr6clcv0qhfrqgtj2fk

     

       28
       -
                 enc: |

     

       29
       -
                   -----BEGIN AGE ENCRYPTED FILE-----

     

       30
       -
                   YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwREZxUTJmeGlYNDJxQWRY

     

       31
       -
                   OEJPRW8zQXdVVnJUdStxeFJDZW9vK0o1K2xjCktUT3RIbVJkVFBOd0cveFozNEVG

     

       32
       -
                   OVZma3Z1ZVFzQWxMWUwzRTl4YVhaSEkKLS0tIGtHSVlsTWJwMmxlYjlLNDd3V0N0

     

       33
       -
                   cjJ1WjhpbEhQVnNZYS9YeFJUNCtYNlkKTxqQoqRCe402ryPn/tXAUbR8VWBZBjR8

     

       34
       -
                   pMVP/wZjngoz4Z5b3G1DObTE3HIngcFsaAoBCWo/6Ze+AqGqsF/R6g==

     

       35
       -
                   -----END AGE ENCRYPTED FILE-----

     

       36
       -
               - recipient: age1zkafenrdkkmatjh034yykpzjzzs5fx6kft23jlmsung3dwyufcksds59l2

     

       37
       -
                 enc: |

     

       38
       -
                   -----BEGIN AGE ENCRYPTED FILE-----

     

       39
       -
                   YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCVDN1MzRKNUVnd3VyeW54

     

       40
       -
                   RnV2MWg4eVFzZ1cvWmY5bWhoUHlyT1hITENRClpjNmNTNVluaGVjT09NalNMM1Zr

     

       41
       -
                   ZTkwM3IwQ0pqQk1kWEcvVkg5TGc2cWsKLS0tIHVicHE3d09nVWNBVzV1R2s5U25M

     

       42
       -
                   UWEvUkhqWlJsRG1TS05zM3poR0QzR3cKpSh+FVWiXXhk5dOxeD++/ba/rBuzYMqK

     

       43
       -
                   v831qPF86OH2w+1oJLk630ERjObxkwQqb9/q5qfto7sMbRM0PNoPkw==

     

       44
       -
                   -----END AGE ENCRYPTED FILE-----

     

       45
       -
               - recipient: age1kdctxllje2rw3kwpzell0rt6t7mruc3h3j5zfjelnpmahchjlaqs9v9vm9

     

       46
       -
                 enc: |

     

       47
       -
                   -----BEGIN AGE ENCRYPTED FILE-----

     

       48
       -
                   YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLL0Vnc3ZCejNMOExWUkdt

     

       49
       -
                   eDU3c0RSRzAvK3JQMkU0cDU4NHdwWHpzYkJvCmxhMHlJVnBXWmMyNDA5eGdrc1B5

     

       50
       -
                   M3ZhNjVmQkJKWGh6a2IvUGtScDQ0ZGsKLS0tIHFRWXVvaXhDVzkxUmp3SDU3WXhK

     

       51
       -
                   U1ZKd3VwZmFGNDJsZjRtUENiNjFWUUEKz2qKrpapPG7ftskAnhCYAdp3UKksxMKb

     

       52
       -
                   KVXNCwjl/2uJ7dKQB/xyFdHr+r3/99LXNWZeKg2n5tA+HrcfVSFIng==

     

       53
       -
                   -----END AGE ENCRYPTED FILE-----

     

       54
       -
           lastmodified: "2024-10-21T13:14:54Z"

     

       55
       -
           mac: ENC[AES256_GCM,data:MmRkkStwrRrDgoFSW/OyAlfI1aa6ZfPls6V7nel9a1a0nkvlJCufduL+UI2KuhWXFwI7Asr9cji1IVlLilJGiSuzmmPB4QU+xd5BegkGuZ2FlCbMbdWPM8xWGXh+dPubMLswHFPIRJkV7zfiQfisyYri0SkpM//+nqq7532I//Y=,iv:jSSFlbJtWvoknwFFow92/AmJa+I0WqDzE9xP5VW3Z+s=,tag:6xHeo4zCsnPWLAwN0yTulw==,type:str]

     

       56
       -
           pgp: []

     

       57
       -
           unencrypted_suffix: _unencrypted

     

       58
       -
           version: 3.8.1

+11 -2

creds/sops/koumakan/default.yaml

···

       74
        
           gh:

     

       75
        
               webhook_secret: ENC[AES256_GCM,data:nWDjqZcyJunimntZAZooMJCNshHW2o+OouajFcJEcEOEV1mxxwBJu6rrAnnKeVgM9Zw6NEyI94UHJ4PnL+s/h/sLDdt7s/eCSil6dzbX9hRs+f/1ODIgfQ==,iv:phpn4qVtr92Oc2R1cCY4HmZGFGfAg5EQhWXnMMX6uBs=,tag:C/VY/Kzz6oO2CK1kCCcArQ==,type:str]

     

       76
        
               private_key: ENC[AES256_GCM,data:Jei9bt1XNpNz8iu7Qxsq+0lpFFS/8pLi+fyTUrp7a4fb5Po8uUI/a5ZbSIlE5v7XIS+BaeALs7/rvGhxkQ0BXNtFTejPPSL/8amRNBfmMLPJzNhvJJDhxszthzQpGaeAcavp8sa3SCJhEW/ozit+ejwUHqWaof0U9WNgxfjcO2NvWJMHbafkcao4kiOcdtzXiVa0an7CA1TZO8sTxdxEJDn7Bf+busMvfx6qIUUXmM2sJzNEAKCVczTQd0cjkVtNRCOyzGxE93C3WoMaZ1E+6/Fse3/c4k9fXavwXLck20HUbCkg4MRqtpJAsi7fObWFuHvjg7XI0mrWVyH0GY+/+jY056ncFXllrf3o9OPeMka+JHmy8iVFU/wQ+DZixZ/BVEt+f1s7ivy0Vtz0d/ZzWjnW6USJlsCy9cbIuK6+a2zQz1rAruht/WQu+MvDy2Wuv8Bn7ZSHevFGcK9wV3/gvuaRxb/+xRjFkYsjwGt8mgufJLFf3S/NCldaakhIFYBzKJvJN2wiRcQmJ2hJB7GVbHWb6SwFnOHLrnxHN8Pu6nVjios6OtFnNtSyX4egHeBAfc+14UwPicvMttpkuXFal5kCwvWUJ/DUm6qpMWnLkAWwxDPahevKItaTjD8Td0udxLlGtKMKcTD2NXifSOnlJ5frTl9TZZFWbFCE4+DC7j1j6hIN3lxyK7bHQV4d6LTsmSz75bGqoF0xFX6H52Ajz3xw5cfXDK0dw2bwW9QwsrEiQHwX1pLXpXCI+z7rRdFVuB8B2JlUNzNlfNUkV+hhIBw7GiKE4EN9DR7hcVtMoHwMtuHDM7IThlO7Hl0N/1tc/sTybHvfjIUpZY8JG177TBwPX94SVND/7g2QizIUkMnTpFEV9Xd1Jb6juVrJSV6Rqg7EZ/MhmM1/8V8IwJchlV/IA2PEWMowN2SeedmqMCgATqL9usfbZoHTxZ21S15nG01lxeJnO4unpMB/Gb/r2MdRh/WNSxdiW0oKtm1dywB4JZ53TmCr/DOUMbKPgVdMoUU4HMzIGtlNIFmJOsbeivsXKXtrVQdQgntlDxbUc6iJFfiVS8fW6nqJG1dMAbjOPgosg07rm8gek9omEP1fOUayY1Hy5/VsQdpULVDYgohFhylzx79tISXS+UkVE86j7xWdNbD79rLDzvoQdY0mkkNGiLw4xoFeMm6qDQYuY7CHE5mbhp7e2zjmFqRpM0TCz25O2LONRpfBzSjxTrj68PJA8QvsfcDNKX3NY/ULdHTVnrAkL94NUKRyVHENbtDUwkOwNCeTO2JobV1FxPGaKrAA4sR1ipYwFSZkA0gpoZ1zCQOANTwRAZfOBXzA8aG/b+WBhHBbB+XIpuiN9AbEeupvQnn30XkVdCNQPZxYuk19v0GZRYgaZKyoM5QaihBA5XE+4uQyIaqtfjiFhIt/EPR7fSp3AInW+cPABpQC5SAG+siVKmR/1KeKeoN45qxQa4SydPHTzmsM6GJEgdjn3XqSqHzmk7Bk+kV8fD/supV9yb0tcIkQOU5rOrlso9TrgudcKs8npO+kQTbP77og5C7M0Lp9G90Szkw9X/AXj5XjsnqG7qzxBxPwsA4N0p5C+29c46vk/4m6elpc0gy6bn9ZHzIbDgKzN295lWLFjLRJW3KiWPQRfcEhqaRtdE9arnnkzBtAs1SKnaF4c0hahGyBuUmiGZiahy6Ij4ZEItOnil1KVZcmmZyRRK4jUtl0SQjAIAT3BEE0W9E/oSHerCaMLKI+uWBNCHYQLW9BhxUIVJDGXYjNvDSwIi5YkFNSlLNG/e2A6lyYTTOYJgtfAINlL54yay5JRRboO0wzlRVEuZqMG2A3ivd4Z+5LBfXp8fG6Hrj1tG/6WsL0FE9Wen9txAqENQdvwujHBR0pKKnKSmLmZCZIsfR0VZW8PgZW88DCi4c/00/p0FlkFEaVpSTd3duEkng+yLB+ra1/+44Ie3obvNuOg42bu/NeBoeQfRpJ/zLCyyVHItQgMs6R+6I6uN9vMmZZE7FftLQW3XpZOeGstdWECao5nbOFkF6ouDgsbqPHDVBPop56kvrxNLEquGnkdtTm1BGziHn+BAuMSBKvxi6gZstR6J93XHoczqeQ/40bh/G/6UYf7D/ZH2F+8XK5/ty1MrF3g6kw3QzPKJnHoxU5eaHcHa8R0dWRiUre7tg6DrJsWprR9RyR9+uI7uBSCHJpdMDqHNOO0x5DgSvGNi5/79Zldw==,iv:BggfLd6AC8Y2Nov1/a56sJUH+r5gjBjjSGQfZ9Rxe4c=,tag:Yuy8AeRyIcaVif9O/4R+TQ==,type:str]

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       77
        
       sops:

     

       78
        
           kms: []

     

       79
        
           gcp_kms: []

     
···

       107
        
                   QUlVNExmVGd2QXJwVmRGa0JvMmtocEUK7Zo0Mtj3oZm5Etp61cGbLs+2XP97pjR6

     

       108
        
                   rtfHnuxceJj0+yBugfwgFD1TGJ+6M7z5YCwTx+GAvbPDrmSm2TGrwg==

     

       109
        
                   -----END AGE ENCRYPTED FILE-----

     

       110
       -
           lastmodified: "2025-02-09T08:52:13Z"

     

       111
       -
           mac: ENC[AES256_GCM,data:8vP/E9LGGmIGvSlsNtRt/yLtGYd8Kbst5Cc68+BqFhinRUEfZ/9Ki0nDBHC+6rLDTzRWJMnZIn/xaO0AF4cC4552OZjMq1uDo8IqpygluI9UWO5nxinAjUXALKZHschzMk1+KxJbMRFzAixfhgZo7kcH3UtNcizGm62hqRLLTAk=,iv:3cMehOoB6Q39wOIbyodpEqDV/SsCMiNZkooEKUiajwU=,tag:9DLS+egx1Xbv4AtrIIgJxw==,type:str]

     

       112
        
           pgp: []

     

       113
        
           unencrypted_suffix: _unencrypted

     

       114
        
           version: 3.9.4

···

       74
        
           gh:

     

       75
        
               webhook_secret: ENC[AES256_GCM,data:nWDjqZcyJunimntZAZooMJCNshHW2o+OouajFcJEcEOEV1mxxwBJu6rrAnnKeVgM9Zw6NEyI94UHJ4PnL+s/h/sLDdt7s/eCSil6dzbX9hRs+f/1ODIgfQ==,iv:phpn4qVtr92Oc2R1cCY4HmZGFGfAg5EQhWXnMMX6uBs=,tag:C/VY/Kzz6oO2CK1kCCcArQ==,type:str]

     

       76
        
               private_key: ENC[AES256_GCM,data:Jei9bt1XNpNz8iu7Qxsq+0lpFFS/8pLi+fyTUrp7a4fb5Po8uUI/a5ZbSIlE5v7XIS+BaeALs7/rvGhxkQ0BXNtFTejPPSL/8amRNBfmMLPJzNhvJJDhxszthzQpGaeAcavp8sa3SCJhEW/ozit+ejwUHqWaof0U9WNgxfjcO2NvWJMHbafkcao4kiOcdtzXiVa0an7CA1TZO8sTxdxEJDn7Bf+busMvfx6qIUUXmM2sJzNEAKCVczTQd0cjkVtNRCOyzGxE93C3WoMaZ1E+6/Fse3/c4k9fXavwXLck20HUbCkg4MRqtpJAsi7fObWFuHvjg7XI0mrWVyH0GY+/+jY056ncFXllrf3o9OPeMka+JHmy8iVFU/wQ+DZixZ/BVEt+f1s7ivy0Vtz0d/ZzWjnW6USJlsCy9cbIuK6+a2zQz1rAruht/WQu+MvDy2Wuv8Bn7ZSHevFGcK9wV3/gvuaRxb/+xRjFkYsjwGt8mgufJLFf3S/NCldaakhIFYBzKJvJN2wiRcQmJ2hJB7GVbHWb6SwFnOHLrnxHN8Pu6nVjios6OtFnNtSyX4egHeBAfc+14UwPicvMttpkuXFal5kCwvWUJ/DUm6qpMWnLkAWwxDPahevKItaTjD8Td0udxLlGtKMKcTD2NXifSOnlJ5frTl9TZZFWbFCE4+DC7j1j6hIN3lxyK7bHQV4d6LTsmSz75bGqoF0xFX6H52Ajz3xw5cfXDK0dw2bwW9QwsrEiQHwX1pLXpXCI+z7rRdFVuB8B2JlUNzNlfNUkV+hhIBw7GiKE4EN9DR7hcVtMoHwMtuHDM7IThlO7Hl0N/1tc/sTybHvfjIUpZY8JG177TBwPX94SVND/7g2QizIUkMnTpFEV9Xd1Jb6juVrJSV6Rqg7EZ/MhmM1/8V8IwJchlV/IA2PEWMowN2SeedmqMCgATqL9usfbZoHTxZ21S15nG01lxeJnO4unpMB/Gb/r2MdRh/WNSxdiW0oKtm1dywB4JZ53TmCr/DOUMbKPgVdMoUU4HMzIGtlNIFmJOsbeivsXKXtrVQdQgntlDxbUc6iJFfiVS8fW6nqJG1dMAbjOPgosg07rm8gek9omEP1fOUayY1Hy5/VsQdpULVDYgohFhylzx79tISXS+UkVE86j7xWdNbD79rLDzvoQdY0mkkNGiLw4xoFeMm6qDQYuY7CHE5mbhp7e2zjmFqRpM0TCz25O2LONRpfBzSjxTrj68PJA8QvsfcDNKX3NY/ULdHTVnrAkL94NUKRyVHENbtDUwkOwNCeTO2JobV1FxPGaKrAA4sR1ipYwFSZkA0gpoZ1zCQOANTwRAZfOBXzA8aG/b+WBhHBbB+XIpuiN9AbEeupvQnn30XkVdCNQPZxYuk19v0GZRYgaZKyoM5QaihBA5XE+4uQyIaqtfjiFhIt/EPR7fSp3AInW+cPABpQC5SAG+siVKmR/1KeKeoN45qxQa4SydPHTzmsM6GJEgdjn3XqSqHzmk7Bk+kV8fD/supV9yb0tcIkQOU5rOrlso9TrgudcKs8npO+kQTbP77og5C7M0Lp9G90Szkw9X/AXj5XjsnqG7qzxBxPwsA4N0p5C+29c46vk/4m6elpc0gy6bn9ZHzIbDgKzN295lWLFjLRJW3KiWPQRfcEhqaRtdE9arnnkzBtAs1SKnaF4c0hahGyBuUmiGZiahy6Ij4ZEItOnil1KVZcmmZyRRK4jUtl0SQjAIAT3BEE0W9E/oSHerCaMLKI+uWBNCHYQLW9BhxUIVJDGXYjNvDSwIi5YkFNSlLNG/e2A6lyYTTOYJgtfAINlL54yay5JRRboO0wzlRVEuZqMG2A3ivd4Z+5LBfXp8fG6Hrj1tG/6WsL0FE9Wen9txAqENQdvwujHBR0pKKnKSmLmZCZIsfR0VZW8PgZW88DCi4c/00/p0FlkFEaVpSTd3duEkng+yLB+ra1/+44Ie3obvNuOg42bu/NeBoeQfRpJ/zLCyyVHItQgMs6R+6I6uN9vMmZZE7FftLQW3XpZOeGstdWECao5nbOFkF6ouDgsbqPHDVBPop56kvrxNLEquGnkdtTm1BGziHn+BAuMSBKvxi6gZstR6J93XHoczqeQ/40bh/G/6UYf7D/ZH2F+8XK5/ty1MrF3g6kw3QzPKJnHoxU5eaHcHa8R0dWRiUre7tg6DrJsWprR9RyR9+uI7uBSCHJpdMDqHNOO0x5DgSvGNi5/79Zldw==,iv:BggfLd6AC8Y2Nov1/a56sJUH+r5gjBjjSGQfZ9Rxe4c=,tag:Yuy8AeRyIcaVif9O/4R+TQ==,type:str]

     

       77
       +
       hydra:

     

       78
       +
           signing_key:

     

       79
       +
               v1: ENC[AES256_GCM,data:Oc1E2MNzUgRZvXm54HmumhomF3M7LIHQl1u/Jta8cdOKmZgB5jSzv8aUeaKa1SOGCtIfVSbsJb7ijKTULtrWOkge6SBtiNYkOAKlvDGXWhChAO4GRFrMyeJgjLFWgY7+OKFicNQwU3uLPA==,iv:j25ZwWmzt7r53CVxJkGia8tSpIUQD7UecQElM+JDJ3w=,tag:zxSvJV3qfius+QwBYbgNrw==,type:str]

     

       80
       +
           s3:

     

       81
       +
               key_id: ENC[AES256_GCM,data:ONhytMHluXYgZw0hErBid5PmD+o=,iv:j6NPjLPIPN3rNs/RSDoqhYqGaZ11ZZwyM3Q4SoXviKY=,tag:oc+L6+TwAy/OLKQVfZsdww==,type:str]

     

       82
       +
               key_secret: ENC[AES256_GCM,data:41QIwGRJP3Pw2fsYgZIG3wk6GLCy3EeJszwM+kdGrjriIfCXs6D45g==,iv:sWMgzhIh9VnBbiuv1jg+ZIfolHtuaxamthp3OKwOVgc=,tag:JLIHG5f4tdjaJxP5Il+nFA==,type:str]

     

       83
       +
           #ENC[AES256_GCM,data:CH6/YXv8,iv:oMs4Y809mk5WLxAXi/CyBgq2FYe/7eej1mXJkFdqZRo=,tag:PuyZMIasjOWfGwCTRi/8ig==,type:comment]

     

       84
       +
           #ENC[AES256_GCM,data:x2uA3MzhKheBQ08=,iv:OUaw7sd4HagNufEYZZVhFPNVL50S9PE+JUIG1n6wtkM=,tag:41p0lCy43/sWFq1xSdpXoA==,type:comment]

     

       85
       +
           #ENC[AES256_GCM,data:tjyl0E5Vq6OT4xxYHm1vgMDoPt6+e1GDZPQBYRGe2dMiDyNuOItLlaVtGbAB+z4ZEVrAig00YDa+,iv:w5SBAGDBu1WTcsyIi1cGk5BsT7hyli/3+QQ73p5pba8=,tag:J79QwE+QAHh3Kvp6B/ptFw==,type:comment]

     

       86
        
       sops:

     

       87
        
           kms: []

     

       88
        
           gcp_kms: []

     
···

       116
        
                   QUlVNExmVGd2QXJwVmRGa0JvMmtocEUK7Zo0Mtj3oZm5Etp61cGbLs+2XP97pjR6

     

       117
        
                   rtfHnuxceJj0+yBugfwgFD1TGJ+6M7z5YCwTx+GAvbPDrmSm2TGrwg==

     

       118
        
                   -----END AGE ENCRYPTED FILE-----

     

       119
       +
           lastmodified: "2025-02-15T09:19:40Z"

     

       120
       +
           mac: ENC[AES256_GCM,data:+QqJi5X5W8SSKid6W/Nie41fANg6W1wIQKA180Iuag4Gz3VTmyBgVqyIYTCxdAqI+XCxAiikT4YOWZR77lD23RdhEZkgxgq0RF8nZ/PhnzCsiD6/cZAkmqAQxEObmH5g83EJzZu2zKQ+OGwnX/IgOeiFr4jtxhpSbGg992e03gM=,iv:JUPVkda+j4RwXHL5ePB0cOJni5rbg8AD3TL+iuF75pU=,tag:iuJuZaiTVJZu1iTi0lUaFw==,type:str]

     

       121
        
           pgp: []

     

       122
        
           unencrypted_suffix: _unencrypted

     

       123
        
           version: 3.9.4

-9

systems/bocchi/certificates/bocchi.nix

···

       1
       -
       {...}: {

     

       2
       -
         security.acme.certs."bocchi.c.soopy.moe" = {

     

       3
       -
           group = "nginx";

     

       4
       -
           extraDomainNames = [

     

       5
       -
             "bocchi.soopy.moe"

     

       6
       -
             "hydra.soopy.moe"

     

       7
       -
           ];

     

       8
       -
         };

     

       9
       -
       }

-9

systems/bocchi/certificates/bsky-sandbox.nix

···

       1
       -
       {...}: {

     

       2
       -
         security.acme.certs."amia-sandbox.c.soopy.moe" = {

     

       3
       -
           group = "nginx";

     

       4
       -
           extraDomainNames = [

     

       5
       -
             "amia.sandbox.soopy.moe"

     

       6
       -
             "*.amia.sandbox.soopy.moe"

     

       7
       -
           ];

     

       8
       -
         };

     

       9
       -
       }

-8

systems/bocchi/certificates/default.nix

···

       1
       -
       {...}: {

     

       2
       -
         imports = [

     

       3
       -
           ./bocchi.nix

     

       4
       -
           ./bsky-sandbox.nix

     

       5
       -
         ];

     

       6
       -
       

     

       7
       -
         gensokyo.presets.certificates = true;

     

       8
       -
       }

-18

systems/bocchi/configuration.nix

···

       1
       -
       {inputs, ...}: {

     

       2
       -
         imports = [

     

       3
       -
           ./certificates

     

       4
       -
           ./services

     

       5
       -
       

     

       6
       -
           inputs.hydra.nixosModules.hydra

     

       7
       -
           inputs.mystia.nixosModules.bsky-pds

     

       8
       -
         ];

     

       9
       -
       

     

       10
       -
         boot.tmp.cleanOnBoot = true;

     

       11
       -
         zramSwap = {

     

       12
       -
           enable = true;

     

       13
       -
         };

     

       14
       -
       

     

       15
       -
         gensokyo.presets.vmetrics = true;

     

       16
       -
       

     

       17
       -
         system.stateVersion = "23.11";

     

       18
       -
       }

-10

systems/bocchi/hardware-configuration.nix

···

       1
       -
       {modulesPath, ...}: {

     

       2
       -
         imports = [(modulesPath + "/profiles/qemu-guest.nix")];

     

       3
       -
         boot.loader.grub.device = "/dev/sda";

     

       4
       -
         boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];

     

       5
       -
         boot.initrd.kernelModules = ["nvme"];

     

       6
       -
         fileSystems."/" = {

     

       7
       -
           device = "/dev/sda3";

     

       8
       -
           fsType = "ext4";

     

       9
       -
         };

     

       10
       -
       }

-23

systems/bocchi/services/bsky-pds.nix

···

       1
       -
       # sandbox deployment of a bsky pds

     

       2
       -
       {

     

       3
       -
         pkgs,

     

       4
       -
         inputs,

     

       5
       -
         _utils,

     

       6
       -
         config,

     

       7
       -
         ...

     

       8
       -
       }: {

     

       9
       -
         services.bsky-pds = {

     

       10
       -
           enable = true;

     

       11
       -
           package = inputs.mystia.packages.${pkgs.system}.bsky-pds;

     

       12
       -
       

     

       13
       -
           settings.PDS_HOSTNAME = "amia.sandbox.soopy.moe";

     

       14
       -
         };

     

       15
       -
       

     

       16
       -
         services.nginx.virtualHosts.".amia.sandbox.soopy.moe" = _utils.mkSimpleProxy {

     

       17
       -
           port = config.services.bsky-pds.settings.PDS_PORT;

     

       18
       -
           # websockets = true;

     

       19
       -
           extraConfig = {

     

       20
       -
             useACMEHost = "amia-sandbox.c.soopy.moe";

     

       21
       -
           };

     

       22
       -
         };

     

       23
       -
       }

-10

systems/bocchi/services/default.nix

···

       1
       -
       {...}: {

     

       2
       -
         imports = [

     

       3
       -
           ./hydra

     

       4
       -
           ./fallback_page

     

       5
       -
       

     

       6
       -
           ./bsky-pds.nix

     

       7
       -
         ];

     

       8
       -
       

     

       9
       -
         gensokyo.presets.nginx = true;

     

       10
       -
       }

-15

systems/bocchi/services/fallback_page/default.nix

···

       1
       -
       {

     

       2
       -
         pkgs,

     

       3
       -
         _utils,

     

       4
       -
         ...

     

       5
       -
       }: {

     

       6
       -
         services.nginx.virtualHosts."_" = _utils.mkVhost {

     

       7
       -
           useACMEHost = "bocchi.c.soopy.moe";

     

       8
       -
           default = true;

     

       9
       -
       

     

       10
       -
           locations."/" = {

     

       11
       -
             root = pkgs.callPackage ./package.nix {};

     

       12
       -
             tryFiles = "$uri $uri/index.html $uri.html =404";

     

       13
       -
           };

     

       14
       -
         };

     

       15
       -
       }

systems/bocchi/services/fallback_page/image.png

This is a binary file and will not be displayed.

-14

systems/bocchi/services/fallback_page/index.html

···

       1
       -
       <!doctype html>

     

       2
       -
       <html lang="en">

     

       3
       -
       <head>

     

       4
       -
       	<title>bwaa</title>

     

       5
       -
       	<meta name="description" content="bwaa" />

     

       6
       -
       	<style>

     

       7
       -
       		img {width: 100%; height: 100%; object-fit: contain;}

     

       8
       -
       	</style>

     

       9
       -
       </head>

     

       10
       -
       

     

       11
       -
       <body>

     

       12
       -
       	<a href="https://twitter.com/nira_syungiku/status/1594374235124006912"><img src="image.png" alt="A catified Gotoh Hitori from the anime Bocchi the Rock! lifted by Ichiji Nijika from a box labeled 'Combustible'." /></a>

     

       13
       -
       </body>

     

       14
       -
       </html>

-10

systems/bocchi/services/fallback_page/package.nix

···

       1
       -
       {stdenvNoCC}:

     

       2
       -
       stdenvNoCC.mkDerivation (final: {

     

       3
       -
         name = "bocchi-landing";

     

       4
       -
         src = ./.;

     

       5
       -
       

     

       6
       -
         installPhase = ''

     

       7
       -
           mkdir $out

     

       8
       -
           cp ${final.src}/* $out/

     

       9
       -
         '';

     

       10
       -
       })

-95

systems/bocchi/services/hydra/default.nix

···

       1
       -
       {

     

       2
       -
         inputs,

     

       3
       -
         pkgs,

     

       4
       -
         _utils,

     

       5
       -
         config,

     

       6
       -
         lib,

     

       7
       -
         ...

     

       8
       -
       }: let

     

       9
       -
         secrets = _utils.setupSecrets config {

     

       10
       -
           namespace = "hydra";

     

       11
       -
           secrets = [

     

       12
       -
             "s3"

     

       13
       -
             "signing_key/local"

     

       14
       -
             "signing_key/r2"

     

       15
       -
             "auth/gitea/cassie"

     

       16
       -
           ];

     

       17
       -
           config = {

     

       18
       -
             owner = config.users.users.hydra-www.name;

     

       19
       -
             group = config.users.users.hydra-www.group;

     

       20
       -
             mode = "0440";

     

       21
       -
           };

     

       22
       -
         };

     

       23
       -
       in {

     

       24
       -
         imports = [

     

       25
       -
           secrets.generate

     

       26
       -
       

     

       27
       -
           (secrets.mkTemplate "hydra-auth.conf" ''

     

       28
       -
             <gitea_authorization>

     

       29
       -
               cassie = ${secrets.placeholder "auth/gitea/cassie"}

     

       30
       -
             </gitea_authorization>

     

       31
       -
           '')

     

       32
       -
         ];

     

       33
       -
       

     

       34
       -
         sops.secrets."hydra/s3" = {

     

       35
       -
           owner = lib.mkForce config.users.users.hydra-queue-runner.name;

     

       36
       -
           path = config.users.users.hydra-queue-runner.home + "/.aws/credentials";

     

       37
       -
         };

     

       38
       -
         sops.secrets.builder_key.owner = config.users.users.hydra-queue-runner.name;

     

       39
       -
       

     

       40
       -
         services.hydra-dev = {

     

       41
       -
           enable = true;

     

       42
       -
           package = inputs.hydra.packages.${pkgs.system}.hydra;

     

       43
       -
           listenHost = "127.0.0.1";

     

       44
       -
           useSubstitutes = true;

     

       45
       -
           hydraURL = "https://hydra.soopy.moe";

     

       46
       -
           notificationSender = "hydra@services.soopy.moe";

     

       47
       -
           smtpHost = "mail.soopy.moe";

     

       48
       -
       

     

       49
       -
           logo = ./hydra.png;

     

       50
       -
       

     

       51
       -
           # wow so tracker

     

       52
       -
           tracker = ''

     

       53
       -
             <link rel="icon" type="image/png" href="/logo" />

     

       54
       -
             <style>

     

       55
       -
               .logo {

     

       56
       -
                 margin-top: unset !important;

     

       57
       -
               }

     

       58
       -
             </style>

     

       59
       -
           '';

     

       60
       -
       

     

       61
       -
           extraConfig = ''

     

       62
       -
             # compress_build_logs 1

     

       63
       -
             #binary_cache_secret_key_file ${secrets.get "signing_key/local"} ## !! deprecated setting

     

       64
       -
       

     

       65
       -
             max_output_size = 5368709120 # 5 << 30 (5 GiB)

     

       66
       -
             upload_logs_to_binary_cache = true

     

       67
       -
             store_uri = s3://nixos-cache?scheme=https&endpoint=2857eeff8794176be771f0e5567219f1.r2.cloudflarestorage.com&priority=50&compression=zstd&parallel-compression=true&write-nar-listing=true&ls-compression=br&log-compression=br&region=auto&want-mass-query=true&secret-key=${secrets.get "signing_key/r2"}

     

       68
       -
       

     

       69
       -
             <git-input>

     

       70
       -
               timeout = 1800

     

       71
       -
             </git-input>

     

       72
       -
       

     

       73
       -
             # Includes

     

       74
       -
             Include ${secrets.getTemplate "hydra-auth.conf"}

     

       75
       -
           '';

     

       76
       -
         };

     

       77
       -
       

     

       78
       -
         services.nginx.virtualHosts."hydra.soopy.moe" = _utils.mkSimpleProxy {

     

       79
       -
           port = 3000;

     

       80
       -
           extraConfig = {

     

       81
       -
             useACMEHost = "bocchi.c.soopy.moe";

     

       82
       -
       

     

       83
       -
             locations."/metrics" = {

     

       84
       -
               return = "444";

     

       85
       -
             };

     

       86
       -
       

     

       87
       -
             locations."= /pubkey" = {

     

       88
       -
               extraConfig = ''

     

       89
       -
                 add_header content-type text/plain always;

     

       90
       -
               '';

     

       91
       -
               return = "200 hydra.soopy.moe:IZ/bZ1XO3IfGtq66g+C85fxU/61tgXLaJ2MlcGGXU8Q=";

     

       92
       -
             };

     

       93
       -
           };

     

       94
       -
         };

     

       95
       -
       }

systems/bocchi/services/hydra/hydra.png systems/koumakan/services/ci/hydra/hydra.png

+1

systems/koumakan/configuration.nix

···

       3
        
           inputs.mystia.nixosModules.fixups

     

       4
        
           inputs.mystia.nixosModules.vmauth

     

       5
        
           inputs.mystia.nixosModules.bsky-pds

     

       0
        
       
     

       6
        
           inputs.buildbot-nix.nixosModules.buildbot-master

     

       7
        
       

     

       8
        
           ./hardware-configuration.nix

···

       3
        
           inputs.mystia.nixosModules.fixups

     

       4
        
           inputs.mystia.nixosModules.vmauth

     

       5
        
           inputs.mystia.nixosModules.bsky-pds

     

       6
       +
           inputs.hydra.nixosModules.hydra

     

       7
        
           inputs.buildbot-nix.nixosModules.buildbot-master

     

       8
        
       

     

       9
        
           ./hardware-configuration.nix

+1

systems/koumakan/services/ci/default.nix

···

       1
        
       {...}: {

     

       2
        
         imports = [

     

       3
        
           ./buildbot.nix

     

       0
        
       
     

       4
        
         ];

     

       5
        
       }

···

       1
        
       {...}: {

     

       2
        
         imports = [

     

       3
        
           ./buildbot.nix

     

       4
       +
           ./hydra

     

       5
        
         ];

     

       6
        
       }

+90

systems/koumakan/services/ci/hydra/default.nix

···

       1
       +
       {

     

       2
       +
         inputs,

     

       3
       +
         pkgs,

     

       4
       +
         _utils,

     

       5
       +
         config,

     

       6
       +
         lib,

     

       7
       +
         ...

     

       8
       +
       }: let

     

       9
       +
         secrets = _utils.setupSecrets config {

     

       10
       +
           namespace = "hydra";

     

       11
       +
           secrets = [

     

       12
       +
             "s3/key_id"

     

       13
       +
             "s3/key_secret"

     

       14
       +
             "signing_key/v1"

     

       15
       +
             # "auth/gitea/cassie"

     

       16
       +
           ];

     

       17
       +
           config = {

     

       18
       +
             owner = config.users.users.hydra-www.name;

     

       19
       +
             group = config.users.users.hydra-www.group;

     

       20
       +
             mode = "0440";

     

       21
       +
           };

     

       22
       +
         };

     

       23
       +
       in {

     

       24
       +
         imports = [

     

       25
       +
           secrets.generate

     

       26
       +
       

     

       27
       +
           # (secrets.mkTemplate "hydra-auth.conf" ''

     

       28
       +
           #   <gitea_authorization>

     

       29
       +
           #     cassie = ${secrets.placeholder "auth/gitea/cassie"}

     

       30
       +
           #   </gitea_authorization>

     

       31
       +
           # '')

     

       32
       +
           (secrets.mkTemplate "hydra-s3-creds" ''

     

       33
       +
             [default]

     

       34
       +
             aws_access_key_id = ${secrets.placeholder "s3/key_id"}

     

       35
       +
             aws_secret_access_key = ${secrets.placeholder "s3/key_secret"}

     

       36
       +
           '')

     

       37
       +
         ];

     

       38
       +
       

     

       39
       +
         sops.templates."hydra-s3-creds" = {

     

       40
       +
           owner = lib.mkForce config.users.users.hydra-queue-runner.name;

     

       41
       +
           path = config.users.users.hydra-queue-runner.home + "/.aws/credentials";

     

       42
       +
         };

     

       43
       +
         sops.secrets.builder_key.owner = config.users.users.hydra-queue-runner.name;

     

       44
       +
       

     

       45
       +
         services.hydra-dev = {

     

       46
       +
           enable = true;

     

       47
       +
           package = inputs.hydra.packages.${pkgs.system}.hydra;

     

       48
       +
       

     

       49
       +
           listenHost = "127.0.0.1";

     

       50
       +
           hydraURL = "https://hydra.soopy.moe";

     

       51
       +
           

     

       52
       +
           useSubstitutes = true;

     

       53
       +
           notificationSender = "hydra+noreply@services.soopy.moe";

     

       54
       +
       

     

       55
       +
           logo = ./hydra.png;

     

       56
       +
           # wow so tracker

     

       57
       +
           tracker = ''

     

       58
       +
             <link rel="icon" type="image/png" href="/logo" />

     

       59
       +
             <style>

     

       60
       +
               .logo {

     

       61
       +
                 margin-top: unset !important;

     

       62
       +
               }

     

       63
       +
             </style>

     

       64
       +
           '';

     

       65
       +
       

     

       66
       +
           extraConfig = ''

     

       67
       +
             # compress_build_logs 1

     

       68
       +
       

     

       69
       +
             max_output_size = 5368709120 # 5 << 30 (5 GiB)

     

       70
       +
             upload_logs_to_binary_cache = true

     

       71
       +
             store_uri = s3://nix-cache?scheme=https&endpoint=s3.soopy.moe&compression=zstd&parallel-compression=true&write-nar-listing=true&ls-compression=br&log-compression=br&region=ap-east-1&secret-key=${secrets.get "signing_key/v1"}

     

       72
       +
       

     

       73
       +
             <git-input>

     

       74
       +
               timeout = 1800

     

       75
       +
             </git-input>

     

       76
       +
       

     

       77
       +
             # Secrets

     

       78
       +
             # Include ''${secrets.getTemplate "hydra-auth.conf"}

     

       79
       +
           '';

     

       80
       +
         };

     

       81
       +
       

     

       82
       +
         services.nginx.virtualHosts."hydra.soopy.moe" = _utils.mkSimpleProxy {

     

       83
       +
           port = 3000;

     

       84
       +
           extraConfig = {

     

       85
       +
             locations."/metrics" = {

     

       86
       +
               return = "444";

     

       87
       +
             };

     

       88
       +
           };

     

       89
       +
         };

     

       90
       +
       }