newedge/infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: newedge:inventree-test
Branches Tags
newedge:main newedge:mob/phonebox-multi-clients newedge:phonebox-multi-clients newedge:buna-machine newedge:mob/phonebook newedge:phonebook newedge:mob/inventree-test newedge:inventree-test newedge:whitehouse-router newedge:mob/vega-backup newedge:mob/router-device newedge:router-device newedge:vega-backup newedge:mob/noreply-mailer newedge:noreply-mailer newedge:mob/vega-ups newedge:b4l-vpn newedge:vega-ups newedge:mob/gitea newedge:gitea
..
compare: newedge:bbf5a931c1077f0f83e55175f32808698cd549c6
Branches Tags
newedge:mob/phonebox-multi-clients newedge:main newedge:phonebox-multi-clients newedge:buna-machine newedge:mob/phonebook newedge:phonebook newedge:mob/inventree-test newedge:inventree-test newedge:whitehouse-router newedge:mob/vega-backup newedge:mob/router-device newedge:router-device newedge:vega-backup newedge:mob/noreply-mailer newedge:noreply-mailer newedge:mob/vega-ups newedge:b4l-vpn newedge:vega-ups newedge:mob/gitea newedge:gitea

13 Commits
inventree- ... bbf5a931c1

Author SHA1 Message Date
kurogeek
bbf5a931c1 mob next [ci-skip] [ci skip] [skip ci] 
lastFile:machines/ramus/think-greater-chiangmai.nix
 2025-11-27 10:48:44 +07:00
kurogeek
b6d60ac0a8 mob next [ci-skip] [ci skip] [skip ci] 
lastFile:machines/ramus/think-greater-chiangmai.nix
 2025-11-27 10:46:42 +07:00
kurogeek
2dd271c7ba mob next [ci-skip] [ci skip] [skip ci] 
lastFile:machines/ramus/think-greater-chiangmai.nix
 2025-11-27 10:42:09 +07:00
kurogeek
63d11c013a mob next [ci-skip] [ci skip] [skip ci] 
lastFile:machines/ramus/think-greater-chiangmai.nix
 2025-11-26 16:17:42 +07:00
kurogeek
c3eb7fc814 mob next [ci-skip] [ci skip] [skip ci] 
lastFile:machines/ramus/configuration.nix
 2025-11-26 14:55:45 +07:00
kurogeek
beb24e867e mob next [ci-skip] [ci skip] [skip ci] 
lastFile:modules/nixos/think-backend-gtcm.nix
 2025-11-26 14:51:14 +07:00
kurogeek
8bc157f4c0 mob next [ci-skip] [ci skip] [skip ci] 
lastFile:modules/nixos/think-gtcm.nix
 2025-11-26 14:50:23 +07:00
kurogeek
10c7ab0667 mob next [ci-skip] [ci skip] [skip ci] 
lastFile:machines/ramus/configuration.nix
 2025-11-26 14:49:13 +07:00
kurogeek
cf30c9e92d mob next [ci-skip] [ci skip] [skip ci] 
lastFile:machines/ramus/configuration.nix
 2025-11-26 14:44:28 +07:00
kurogeek
5246b83a8f mob next [ci-skip] [ci skip] [skip ci] 
lastFile:tests/default.nix
 2025-11-26 14:21:11 +07:00
kurogeek
e6760d320d ramus machine 2025-11-26 14:01:11 +07:00
kurogeek
bfeea4156b disappearing default route is fixed by a hacky way 2025-11-21 16:53:55 +07:00
kurogeek
3aa93c1333 nameservers whitehouse 2025-11-18 13:58:59 +07:00
41 changed files with 4133 additions and 15 deletions
Expand all files Collapse all files

15
flake.nix
View File

@@ -44,9 +44,24 @@
./machines ./machines
./routers ./routers
./inventories ./inventories
./overlays
./tests
./modules/clan/flake-module.nix ./modules/clan/flake-module.nix
./modules/nixos/flake-module.nix ./modules/nixos/flake-module.nix
]; ];
perSystem =
{ pkgs, system, ... }:
{
_module.args.pkgs = import inputs.nixpkgs {
inherit system;
overlays = [
inputs.self.overlays.packagesOverlay
];
config = { };
};
packages.think = pkgs.think-gtcm;
packages.think-be = pkgs.think-backend-gtcm;
};
} }
); );
} }

14
inventories/default.nix
View File

@@ -3,7 +3,10 @@
inventory = { inventory = {
tags = { tags = {
glom = [ "vega" ]; glom = [
"vega"
"ramus"
];
b4l = [ "rigel" ]; b4l = [ "rigel" ];
w = [ "sirius" ]; w = [ "sirius" ];
fax-bridge = [ ]; fax-bridge = [ ];
@@ -84,63 +87,54 @@
name = "pocket-id"; name = "pocket-id";
input = "self"; input = "self";
}; };
roles.default.machines.b4l = { };
}; };
nextcloud = { nextcloud = {
module = { module = {
name = "nextcloud"; name = "nextcloud";
input = "self"; input = "self";
}; };
roles.default.machines.b4l = { };
}; };
stirling-pdf = { stirling-pdf = {
module = { module = {
name = "stirling-pdf"; name = "stirling-pdf";
input = "self"; input = "self";
}; };
roles.default.machines.b4l = { };
}; };
actual-budget = { actual-budget = {
module = { module = {
name = "actual-budget"; name = "actual-budget";
input = "self"; input = "self";
}; };
roles.default.machines.b4l = { };
}; };
victoriametrics = { victoriametrics = {
module = { module = {
name = "victoriametrics"; name = "victoriametrics";
input = "self"; input = "self";
}; };
roles.default.machines.b4l = { };
}; };
vikunja = { vikunja = {
module = { module = {
name = "vikunja"; name = "vikunja";
input = "self"; input = "self";
}; };
roles.default.machines.b4l = { };
}; };
grafana = { grafana = {
module = { module = {
name = "grafana"; name = "grafana";
input = "self"; input = "self";
}; };
roles.default.machines.b4l = { };
}; };
pingvin = { pingvin = {
module = { module = {
name = "pingvin"; name = "pingvin";
input = "self"; input = "self";
}; };
roles.default.machines.b4l = { };
}; };
paperless = { paperless = {
module = { module = {
name = "paperless"; name = "paperless";
input = "self"; input = "self";
}; };
roles.default.machines.b4l = { };
}; };
}; };
}; };

8
inventory.json
View File

@@ -1 +1,7 @@
{} {
"machines": {
"ramus": {
"installedAt": 1764139649
}
}
}

17
machines/ramus/configuration.nix Normal file
View File

@@ -0,0 +1,17 @@
{ self, config, ... }:
{
system.stateVersion = "25.11";
nixpkgs.hostPlatform = {
system = "x86_64-linux";
};
clan.meta.name = "ramus";
clan.meta.description = ''
A Hetzner VPS machine own by Alex.
'';
clan.core.sops.defaultGroups = [ "admins" ];
clan.core.networking.targetHost = "root@[${config.clan.core.vars.generators.zerotier.files.zerotier-ip.value}]";
imports = [ ./think-greater-chiangmai.nix ];
}

84
machines/ramus/disko.nix Normal file
View File

@@ -0,0 +1,84 @@
{ ... }:
let
hashDisk = disk: "os-${builtins.substring 0 5 (builtins.hashString "sha256" disk)}";
os = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_107266387";
in
{
boot.loader = {
systemd-boot = {
enable = true;
};
efi = {
canTouchEfiVariables = true;
};
};
disko.devices = {
disk = {
"os-${hashDisk os}" = {
type = "disk";
device = os;
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "nofail" ];
};
};
system = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
rootFsOptions = {
mountpoint = "none";
compression = "lz4";
acltype = "posixacl";
xattr = "sa";
"com.sun:auto-snapshot" = "true";
};
options.ashift = "12";
datasets = {
"root" = {
type = "zfs_fs";
options.mountpoint = "none";
};
"root/nixos" = {
type = "zfs_fs";
options.mountpoint = "/";
mountpoint = "/";
};
"root/home" = {
type = "zfs_fs";
options.mountpoint = "/home";
mountpoint = "/home";
};
"root/tmp" = {
type = "zfs_fs";
mountpoint = "/tmp";
options = {
mountpoint = "/tmp";
sync = "disabled";
};
};
};
};
};
};
}

2799
machines/ramus/facter.json Normal file
View File

File diff suppressed because it is too large Load Diff

117
machines/ramus/think-greater-chiangmai.nix Normal file
View File

@@ -0,0 +1,117 @@
{ self, config, ... }:
let
commonSettings = {
APP_NAME = "Laravel";
APP_ENV = "local";
APP_KEY._secret = config.clan.core.vars.generators.greaterchiangmai.files.app_key.path;
APP_DEBUG = "false";
APP_URL = "http://localhost";
DB_CONNECTION = "mysql";
DB_HOST = "localhost";
DB_PORT = 3306;
DB_DATABASE = "thinkgtcm";
DB_USERNAME = "gtcm";
R2_ACCESS_KEY_ID = config.clan.core.vars.generators.greaterchiangmai-s3.files.access_key_id.value;
R2_SECRET_ACCESS_KEY._secret =
config.clan.core.vars.generators.greaterchiangmai-s3.files.secret_access_key.path;
R2_REGION = config.clan.core.vars.generators.greaterchiangmai-s3.files.region.value;
R2_BUCKET = config.clan.core.vars.generators.greaterchiangmai-s3.files.bucket.value;
R2_ENDPOINT = config.clan.core.vars.generators.greaterchiangmai-s3.files.endpoint.value;
LOG_CHANNEL = "stack";
LOG_LEVEL = "debug";
FILESYSTEM_DISK = "local";
BROADCAST_DRIVER = "log";
CACHE_DRIVER = "file";
QUEUE_CONNECTION = "sync";
SESSION_DRIVER = "file";
SESSION_LIFETIME = 120;
MEMCACHED_HOST = "127.0.0.1";
REDIS_HOST = "127.0.0.1";
REDIS_PORT = 6379;
UPLOAD_MAX_FILESIZE = "5000M";
POST_MAX_SIZE = "5000M";
TEST_LOCAL = true;
};
in
{
imports = [
self.nixosModules.think-gtcm
self.nixosModules.think-backend-gtcm
];
nixpkgs.overlays = [ self.overlays.packagesOverlay ];
clan.core.vars.generators.greaterchiangmai = {
files = {
app_key.secret = true;
};
prompts = {
app_key.persist = true;
};
script = ''
cat $prompts/app_key > $out/app_key
'';
};
clan.core.vars.generators.greaterchiangmai-s3 = {
files = {
access_key_id.secret = false;
secret_access_key.secret = true;
endpoint.secret = false;
region.secret = false;
bucket.secret = false;
};
prompts = {
access_key_id.persist = true;
secret_access_key.persist = true;
endpoint.persist = true;
region.persist = true;
bucket.persist = true;
};
script = ''
cat $prompts/access_key_id > $out/access_key_id
cat $prompts/secret_access_key > $out/secret_access_key
cat $prompts/endpoint > $out/endpoint
cat $prompts/region > $out/region
cat $prompts/bucket > $out/bucket
'';
};
services.think-greaterchiangmai = {
enable = true;
domain = "think.greaterchiangmai.com";
settings = {
APP_SERVICES_CACHE = "/run/think-gtcm/cache/services.php";
APP_PACKAGES_CACHE = "/run/think-gtcm/cache/packages.php";
APP_CONFIG_CACHE = "/run/think-gtcm/cache/config.php";
APP_ROUTES_CACHE = "/run/think-gtcm/cache/routes-v7.php";
APP_EVENTS_CACHE = "/run/think-gtcm/cache/events.php";
}
// commonSettings;
};
services.think-backend-greaterchiangmai = {
enable = true;
domain = "think-backend.greaterchiangmai.com";
settings = {
APP_SERVICES_CACHE = "/run/think-backend-gtcm/cache/services.php";
APP_PACKAGES_CACHE = "/run/think-backend-gtcm/cache/packages.php";
APP_CONFIG_CACHE = "/run/think-backend-gtcm/cache/config.php";
APP_ROUTES_CACHE = "/run/think-backend-gtcm/cache/routes-v7.php";
APP_EVENTS_CACHE = "/run/think-backend-gtcm/cache/events.php";
}
// commonSettings;
};
}

6
modules/nixos/flake-module.nix
View File

@@ -3,5 +3,11 @@
common = { common = {
imports = [ ./common.nix ]; imports = [ ./common.nix ];
}; };
think-gtcm = {
imports = [ ./think-gtcm.nix ];
};
think-backend-gtcm = {
imports = [ ./think-backend-gtcm.nix ];
};
}; };
} }

285
modules/nixos/think-backend-gtcm.nix Normal file
View File

@@ -0,0 +1,285 @@
{
config,
pkgs,
lib,
...
}:
let
cfg = config.services.think-backend-greaterchiangmai;
think-backend-gtcm = pkgs.think-backend-gtcm.override { dataDir = cfg.dataDir; };
defaultUser = "gtcm";
defaultGroup = "gtcm";
php = pkgs.php83;
artisan-be = pkgs.writeScriptBin "gtcm-be" ''
#! ${pkgs.runtimeShell}
cd ${think-backend-gtcm}
sudo() {
if [[ "$USER" != ${cfg.user} ]]; then
exec /run/wrappers/bin/sudo -u ${cfg.user} "$@"
else
exec "$@"
fi
}
sudo ${lib.getExe php} artisan "$@"
'';
in
{
options.services.think-backend-greaterchiangmai = {
enable = lib.mkEnableOption "To enable think.greaterchiangmai.com";
dataDir = lib.mkOption {
type = lib.types.path;
default = "/var/lib/think-backend.greaterchiangmai.com";
description = ''A place where to store states'';
};
user = lib.mkOption {
type = lib.types.str;
default = defaultUser;
description = "User account under which this runs.";
};
group = lib.mkOption {
type = lib.types.str;
default = defaultGroup;
defaultText = "${defaultGroup}";
description = ''
Group under which the website runs.
'';
};
package = lib.mkPackageOption pkgs "think-backend-gtcm" { };
domain = lib.mkOption {
type = lib.types.str;
default = "think-backend.greaterchiangmai.com";
example = "forum.example.com";
description = "Domain to serve on.";
};
settings = lib.mkOption {
type =
with lib.types;
attrsOf (
nullOr (
either
(oneOf [
bool
int
port
path
str
])
(submodule {
options = {
_secret = mkOption {
type = nullOr str;
description = ''
The path to a file containing the value the
option should be set to in the final
configuration file.
'';
};
};
})
)
);
default = { };
description = ''
Options for settings environment variables
'';
example = lib.literalExpression ''
{
APP_NAME = "Laravel";
APP_ENV = "local";
APP_KEY = "key";
APP_DEBUG = true;
APP_URL = "http://localhost";
LOG_CHANNEL = "stack";
LOG_DEPRECATIONS_CHANNEL = "null";
LOG_LEVEL = "debug";
DB_CONNECTION = "mysql";
DB_HOST = "127.0.0.1";
DB_PORT = "3306";
DB_DATABASE = "laravel";
DB_USERNAME = "root";
DB_PASSWORD = "";
}
'';
};
};
config = lib.mkIf cfg.enable {
users.users.${cfg.user} = {
isSystemUser = true;
home = cfg.dataDir;
createHome = true;
homeMode = "755";
group = cfg.group;
};
users.groups.${cfg.group} = { };
services.phpfpm.pools.think-backend-gtcm = {
inherit (cfg) user group;
phpPackage = php;
settings = {
"listen.owner" = config.services.nginx.user;
"listen.group" = config.services.nginx.group;
"listen.mode" = "0600";
"pm" = lib.mkDefault "dynamic";
"pm.max_children" = lib.mkDefault 10;
"pm.max_requests" = lib.mkDefault 500;
"pm.start_servers" = lib.mkDefault 2;
"pm.min_spare_servers" = lib.mkDefault 1;
"pm.max_spare_servers" = lib.mkDefault 3;
};
phpOptions = ''
error_log = syslog
log_errors = on
'';
};
environment.systemPackages = [
artisan-be
];
systemd.services.think-backend-gtcm-setup = {
description = "think-backend.greaterchiangmai installation";
requiredBy = [ "phpfpm-think-backend-gtcm.service" ];
before = [ "phpfpm-think-backend-gtcm.service" ];
requires = [ "mysql.service" ];
after = [ "mysql.service" ];
serviceConfig = {
type = "oneshot";
RemainAfterExit = true;
User = cfg.user;
UMask = 77;
WorkingDirectory = "${think-backend-gtcm}";
RuntimeDirectory = "think-backend-gtcm/cache";
RuntimeDirectoryMode = 700;
};
path = [ pkgs.replace-secret ];
script =
let
isSecret = v: lib.isAttrs v && v ? _secret && lib.isString v._secret;
gtcmEnvVars = lib.generators.toKeyValue {
mkKeyValue = lib.flip lib.generators.mkKeyValueDefault "=" {
mkValueString =
v:
with builtins;
if isInt v then
toString v
else if isString v then
v
else if true == v then
"true"
else if false == v then
"false"
else if isSecret v then
hashString "sha256" v._secret
else
throw "unsupported type ${typeOf v}: ${(lib.generators.toPretty { }) v}";
};
};
secretPaths = lib.mapAttrsToList (_: v: v._secret) (lib.filterAttrs (_: isSecret) cfg.settings);
mkSecretReplacement = file: ''
replace-secret ${
lib.escapeShellArgs [
(builtins.hashString "sha256" file)
file
"${cfg.dataDir}/.env"
]
}
'';
secretReplacements = lib.concatMapStrings mkSecretReplacement secretPaths;
filteredConfig = lib.converge (lib.filterAttrsRecursive (
_: v:
!lib.elem v [
{ }
null
]
)) cfg.settings;
gtcmEnv = pkgs.writeText "gtcm-be.env" (gtcmEnvVars filteredConfig);
in
''
# error handling
set -euo pipefail
# create .env file
install -T -m 0600 -o ${cfg.user} ${gtcmEnv} "${cfg.dataDir}/.env"
${secretReplacements}
if ! grep 'APP_KEY=base64:' "${cfg.dataDir}/.env" >/dev/null; then
sed -i 's/APP_KEY=/APP_KEY=base64:/' "${cfg.dataDir}/.env"
fi
# migrate & seed db
${lib.getExe php} artisan key:generate --force
${lib.getExe php} artisan migrate --force
${lib.getExe php} artisan config:cache
'';
};
systemd.tmpfiles.rules = [
"d ${cfg.dataDir} 0710 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/public 0750 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/public/uploads 0750 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/storage 0700 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/storage/app 0700 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/storage/fonts 0700 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/storage/framework 0700 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/storage/framework/cache 0700 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/storage/framework/sessions 0700 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/storage/framework/views 0700 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/storage/logs 0700 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/storage/uploads 0700 ${cfg.user} ${cfg.group} - -"
];
networking.firewall.allowedTCPPorts = [
80
443
];
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedBrotliSettings = true;
recommendedProxySettings = true;
virtualHosts."${cfg.domain}" = {
root = "${think-backend-gtcm}/public";
locations = {
"/" = {
index = "index.php";
tryFiles = "$uri $uri/ /index.php?$query_string";
};
"~ \\.php$".extraConfig = ''
fastcgi_pass unix:${config.services.phpfpm.pools."think-backend-gtcm".socket};
'';
"~ \\.(js|css|gif|png|ico|jpg|jpeg)$" = {
extraConfig = "expires 365d;";
};
};
};
};
services.mysql = {
enable = true;
package = pkgs.mariadb;
ensureDatabases = [ cfg.settings.DB_DATABASE ];
ensureUsers = [
{
name = cfg.settings.DB_USERNAME;
ensurePermissions = {
"${cfg.settings.DB_DATABASE}.*" = "ALL PRIVILEGES";
};
}
];
};
};
}

288
modules/nixos/think-gtcm.nix Normal file
View File

@@ -0,0 +1,288 @@
{
config,
pkgs,
lib,
...
}:
let
cfg = config.services.think-greaterchiangmai;
think-gtcm = pkgs.think-gtcm.override { dataDir = cfg.dataDir; };
defaultUser = "gtcm";
defaultGroup = "gtcm";
php = pkgs.php83;
artisan = pkgs.writeScriptBin "gtcm" ''
#! ${pkgs.runtimeShell}
cd ${think-gtcm}
sudo() {
if [[ "$USER" != ${cfg.user} ]]; then
exec /run/wrappers/bin/sudo -u ${cfg.user} "$@"
else
exec "$@"
fi
}
sudo ${lib.getExe php} artisan "$@"
'';
in
{
options.services.think-greaterchiangmai = {
enable = lib.mkEnableOption "To enable think.greaterchiangmai.com";
dataDir = lib.mkOption {
type = lib.types.path;
default = "/var/lib/think.greaterchiangmai.com";
description = ''A place where to store states'';
};
user = lib.mkOption {
type = lib.types.str;
default = defaultUser;
description = "User account under which this runs.";
};
group = lib.mkOption {
type = lib.types.str;
default = defaultGroup;
defaultText = "${defaultGroup}";
description = ''
Group under which the website runs.
'';
};
package = lib.mkPackageOption pkgs "think-gtcm" { };
packageBackend = lib.mkPackageOption pkgs "think-backend-gtcm" { };
domain = lib.mkOption {
type = lib.types.str;
default = "think.greaterchiangmai.com";
example = "forum.example.com";
description = "Domain to serve on.";
};
settings = lib.mkOption {
type =
with lib.types;
attrsOf (
nullOr (
either
(oneOf [
bool
int
port
path
str
])
(submodule {
options = {
_secret = mkOption {
type = nullOr str;
description = ''
The path to a file containing the value the
option should be set to in the final
configuration file.
'';
};
};
})
)
);
default = { };
description = ''
Options for settings environment variables
'';
example = lib.literalExpression ''
{
APP_NAME = "Laravel";
APP_ENV = "local";
APP_KEY = "key";
APP_DEBUG = true;
APP_URL = "http://localhost";
LOG_CHANNEL = "stack";
LOG_DEPRECATIONS_CHANNEL = "null";
LOG_LEVEL = "debug";
DB_CONNECTION = "mysql";
DB_HOST = "127.0.0.1";
DB_PORT = "3306";
DB_DATABASE = "laravel";
DB_USERNAME = "root";
DB_PASSWORD = "";
}
'';
};
};
config = lib.mkIf cfg.enable {
users.users.${cfg.user} = {
isSystemUser = true;
home = cfg.dataDir;
createHome = true;
homeMode = "755";
group = cfg.group;
};
users.groups.${cfg.group} = { };
services.phpfpm.pools.think-gtcm = {
inherit (cfg) user group;
phpPackage = php;
settings = {
"listen.owner" = config.services.nginx.user;
"listen.group" = config.services.nginx.group;
"listen.mode" = "0600";
"pm" = lib.mkDefault "dynamic";
"pm.max_children" = lib.mkDefault 10;
"pm.max_requests" = lib.mkDefault 500;
"pm.start_servers" = lib.mkDefault 2;
"pm.min_spare_servers" = lib.mkDefault 1;
"pm.max_spare_servers" = lib.mkDefault 3;
};
phpOptions = ''
error_log = syslog
log_errors = on
'';
};
environment.systemPackages = [
artisan
];
systemd.services.think-gtcm-setup = {
description = "think.greaterchiangmai installation";
requiredBy = [ "phpfpm-think-gtcm.service" ];
before = [ "phpfpm-think-gtcm.service" ];
requires = [ "mysql.service" ];
after = [ "mysql.service" ];
serviceConfig = {
type = "oneshot";
RemainAfterExit = true;
User = cfg.user;
UMask = 77;
WorkingDirectory = "${think-gtcm}";
RuntimeDirectory = "think-gtcm/cache";
RuntimeDirectoryMode = 700;
};
path = [ pkgs.replace-secret ];
script =
let
isSecret = v: lib.isAttrs v && v ? _secret && lib.isString v._secret;
gtcmEnvVars = lib.generators.toKeyValue {
mkKeyValue = lib.flip lib.generators.mkKeyValueDefault "=" {
mkValueString =
v:
with builtins;
if isInt v then
toString v
else if isString v then
v
else if true == v then
"true"
else if false == v then
"false"
else if isSecret v then
hashString "sha256" v._secret
else
throw "unsupported type ${typeOf v}: ${(lib.generators.toPretty { }) v}";
};
};
secretPaths = lib.mapAttrsToList (_: v: v._secret) (lib.filterAttrs (_: isSecret) cfg.settings);
mkSecretReplacement = file: ''
replace-secret ${
lib.escapeShellArgs [
(builtins.hashString "sha256" file)
file
"${cfg.dataDir}/.env"
]
}
'';
secretReplacements = lib.concatMapStrings mkSecretReplacement secretPaths;
filteredConfig = lib.converge (lib.filterAttrsRecursive (
_: v:
!lib.elem v [
{ }
null
]
)) cfg.settings;
gtcmEnv = pkgs.writeText "gtcm.env" (gtcmEnvVars filteredConfig);
in
''
# error handling
set -euo pipefail
# create .env file
install -T -m 0600 -o ${cfg.user} ${gtcmEnv} "${cfg.dataDir}/.env"
${secretReplacements}
if ! grep 'APP_KEY=base64:' "${cfg.dataDir}/.env" >/dev/null; then
sed -i 's/APP_KEY=/APP_KEY=base64:/' "${cfg.dataDir}/.env"
fi
# migrate & seed db
${lib.getExe php} artisan key:generate --force
${lib.getExe php} artisan migrate --force
${lib.getExe php} artisan config:cache
'';
};
systemd.tmpfiles.rules = [
"d ${cfg.dataDir} 0710 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/public 0750 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/public/uploads 0750 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/storage 0700 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/storage/app 0700 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/storage/fonts 0700 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/storage/framework 0700 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/storage/framework/cache 0700 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/storage/framework/sessions 0700 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/storage/framework/views 0700 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/storage/logs 0700 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/storage/uploads 0700 ${cfg.user} ${cfg.group} - -"
];
networking.firewall.allowedTCPPorts = [
80
443
];
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedBrotliSettings = true;
recommendedProxySettings = true;
virtualHosts."${cfg.domain}" = {
root = "${think-gtcm}/public";
locations = {
"/" = {
index = "index.php";
tryFiles = "$uri $uri/ /index.php?$query_string";
};
"~ \\.php$".extraConfig = ''
fastcgi_pass unix:${config.services.phpfpm.pools."think-gtcm".socket};
'';
"~ \\.(js|css|gif|png|ico|jpg|jpeg)$" = {
extraConfig = "expires 365d;";
};
};
};
};
services.mysql = {
enable = true;
package = pkgs.mariadb;
ensureDatabases = [ cfg.settings.DB_DATABASE ];
ensureUsers = [
{
name = cfg.settings.DB_USERNAME;
ensurePermissions = {
"${cfg.settings.DB_DATABASE}.*" = "ALL PRIVILEGES";
};
}
];
};
};
}

6
overlays/default.nix Normal file
View File

@@ -0,0 +1,6 @@
{ ... }:
{
flake.overlays = {
packagesOverlay = import ../pkgs/overlay.nix;
};
}

4
pkgs/overlay.nix Normal file
View File

@@ -0,0 +1,4 @@
final: prev: {
think-gtcm = final.callPackage ./think-gtcm.nix { };
think-backend-gtcm = final.callPackage ./think-backend-gtcm.nix { php = final.php83; };
}

32
pkgs/think-backend-gtcm.nix Normal file
View File

@@ -0,0 +1,32 @@
{
fetchgit,
php,
dataDir ? "/var/lib/think-backend-gtcm",
}:
let
repoSrc = fetchgit {
url = "https://git.b4l.co.th/newedge/think-greaterchiangmai";
rev = "7c17aa78436538241c09fc7d633904d3c063011e";
hash = "sha256-GDx0+PmuCXC+UPtsvsocCZQiTPcnOZEzJI17sxrVv7Q=";
};
src = "${repoSrc}/think-backend.greaterchiangmai.com";
in
php.buildComposerProject2 (finalAttrs: {
pname = "think-backend-gtcm";
version = "1.0.0";
inherit src;
installPhase = ''
runHook preInstall
mkdir -p $out
cp -R * $out
rm -rf $out/storage
ln -s ${dataDir}/.env $out/.env
ln -s ${dataDir}/storage $out/storage
runHook postInstall
'';
composerStrictValidation = false;
vendorHash = "sha256-eXm1x3E9KHWojaT2RU4inMdZqQVcWdLCKlvzhOlIZrc=";
})

32
pkgs/think-gtcm.nix Normal file
View File

@@ -0,0 +1,32 @@
{
fetchgit,
php,
dataDir ? "/var/lib/think-gtcm",
}:
let
repoSrc = fetchgit {
url = "https://git.b4l.co.th/newedge/think-greaterchiangmai";
rev = "7c17aa78436538241c09fc7d633904d3c063011e";
hash = "sha256-GDx0+PmuCXC+UPtsvsocCZQiTPcnOZEzJI17sxrVv7Q=";
};
src = "${repoSrc}/think.greaterchiangmai.com";
in
php.buildComposerProject2 (finalAttrs: {
pname = "think-gtcm";
version = "1.0.0";
inherit src;
installPhase = ''
runHook preInstall
mkdir -p $out
cp -R * $out
rm -rf $out/storage
ln -s ${dataDir}/.env $out/.env
ln -s ${dataDir}/storage $out/storage
runHook postInstall
'';
composerStrictValidation = false;
vendorHash = "sha256-QV3hR3U3GwCqrCRxfkazmJwDpO1vFyMfA6YqUb4bjMI=";
})

2
routers/default.nix
View File

@@ -1,4 +1,4 @@
{ inputs, ... }: { inputs, pkgs, ... }:
{ {
flake.legacyPackages = { flake.legacyPackages = {
whitehouse-router = import "${inputs.liminix}/default.nix" { whitehouse-router = import "${inputs.liminix}/default.nix" {

39
routers/white-house/configuration.nix
View File

@@ -25,6 +25,7 @@ in
"${inputs.liminix}/modules/vlan" "${inputs.liminix}/modules/vlan"
"${inputs.liminix}/modules/ssh" "${inputs.liminix}/modules/ssh"
"${inputs.liminix}/modules/bridge" "${inputs.liminix}/modules/bridge"
"${inputs.liminix}/modules/health-check"
"${modulesPath}/profiles/gateway.nix" "${modulesPath}/profiles/gateway.nix"
]; ];
@@ -48,14 +49,46 @@ in
name = "resolvconf"; name = "resolvconf";
up = '' up = ''
( in_outputs ${name} ( in_outputs ${name}
echo "nameserver $(output ${config.services.wan} ns1)" > resolv.conf echo "nameserver 208.67.222.222" >> resolv.conf
echo "nameserver $(output ${config.services.wan} ns2)" >> resolv.conf echo "nameserver 208.67.220.220" >> resolv.conf
echo "nameserver 1.1.1.1" >> resolv.conf
echo "nameserver 1.0.0.1" >> resolv.conf
echo "nameserver 8.8.8.8" >> resolv.conf
chmod 0444 resolv.conf chmod 0444 resolv.conf
) )
''; '';
} }
); );
services.reAddDefaultroute =
let
threshold = 3;
healthCheck = pkgs.writeAshScript "ping-check" { } "ping 1.1.1.1";
in
pkgs.liminix.services.longrun rec {
# dependencies = [ config.services.wan ];
name = "hack-default-route";
run = ''
fails=0
while sleep 10 ; do
${healthCheck}
if test $? -gt 0; then
fails=$(expr $fails + 1)
else
fails=0
fi
echo fails $fails/${toString threshold} for ${name}
if test "$fails" -gt "${toString threshold}" ; then
echo [+] adding default route
${config.services.defaultroute4}/${config.services.defaultroute4.name}/up
${config.services.defaultroute6}/${config.services.defaultroute6.name}/up
echo bounced
fails=0
fi
done
'';
};
profile.gateway = { profile.gateway = {
lan = { lan = {
interfaces = with config.hardware.networkInterfaces; [ interfaces = with config.hardware.networkInterfaces; [
@@ -123,7 +156,7 @@ in
defaultProfile.packages = with pkgs; [ defaultProfile.packages = with pkgs; [
busybox busybox
iw iw
iptables nftables
]; ];
} }

6
sops/machines/ramus/key.json Executable file
View File

@@ -0,0 +1,6 @@
[
{
"publickey": "age1egztkqupggjcpy4g9tfwq6kqeh3ljw7enzhx4l53hjge73wmdscqy5qwfp",
"type": "age"
}
]

1
sops/secrets/ramus-age.key/groups/admins Symbolic link
View File

@@ -0,0 +1 @@
../../../groups/admins

46
sops/secrets/ramus-age.key/secret Normal file
View File

@@ -0,0 +1,46 @@
{
"data": "ENC[AES256_GCM,data:lc5PP4xpLq/JXq2LkG/5zkEY5luxKC7EZHx0s6exiwd+UtuGb5rjIOq0kUBFuJWYFWduqcvNS62kR76oQpRfmjIkq2t02NxZ1lA=,iv:eZsHK9u5Rvt886Elz7Vm+PMD8urm1UyoNbNNwnlJtj8=,tag:inCrDdsNmLb+L+LpF9k4Ag==,type:str]",
"sops": {
"age": [
{
"recipient": "age134vt63pjqpd0m7702fyn8vhdlzyj2deqc2q78sp9uw9052kxsgwq6d25ez",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0STRlY1h1NTVUdDJRM1NO\nc1hacUg4TUtlK3Y0dVZqaE5LdUlqMkFKNmtVCllTYXFHdXM0NVdUejhHZWM1TnVx\nUURvd1JrQmR2K0N3RlZIS2d0RFhTRUEKLS0tIFp1ZlJSNmd2V3dpN05LYWh1VHNC\nbFNkdkY1aUhTZmM1R1FKUWlGWThSdE0KYxgpuknCD07awfN85PkaJjPohYyqT1wL\nbjUcGo6TmFQKIgEzTzNj+in1dm9wz0AnYl1teiHa9WjK/Udd2BANBQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age17d4qt0n9edq57tgcqyk8eu5mrendl59yt6z2y3a4vkq7el8krqtq6lq28g",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCd2Z1aTFYenowSnczWk05\nVEZ3d0FUNFNkV3RlWlpFWk5jd3QwazVES0ZVClVjY0Y2eW1hSGEraVVpSjdoaHMr\naS9lWFUvbFl6Nzd4U2l6dUhXRHBlT0kKLS0tIFNCYTlSL1VnNURBQUxoYVozODZw\nVVRkVGVINTV6SXExN3dCT1JmRmNFdlkK+jNS9cUz4TzBBzrtxuYcoiEmxKcRNTlt\nqksdFqnPWzKI+edJSWq3rkBYeuI7c4wmxTtsgVtHbv2jwbD1kJar1g==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fido2-hmac1qqpf43tgcfjm048lsqskvq34w2t4uvrm5qy6m2eg6zjj82ctca8wctgpczxvj0q4y6337uhvsxdh5j86k9h9ymautpvv2759ucwnef75ez7pa7fpkddklp40mxk2tedsp74359g0kefn5rsq0x0yss6cu4yd0h06up0rp08t6yc4l0hfa9y8jn5fkx6nk0hjhz06ykwv0fyxe7z42q683jy0",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIGNxVDh0SWNL\nOUt4TG93eGVjaUxzczhnVjNYRlB1Vy9haWxjYnN6aGI3ejQgQVEgd0l6SlBCVW1v\neDl5N0lHYmVrajZzVzVTYjd4WVdNVjZoZVlkUEtmVXlMdyBIdmtoczF0dmhxL1py\nS1hsc0ErckdoVVB0bE02RGdCNW5raERXT1ZJMTkzNjRGNHd2T3ZSTVYrKzZlbEll\nVTZKc2JVN1B2SzRuNkpaekhwSWJQaFZVQQpxSEtwcUxGcVY3RzNjR2REYmdrRWV6\nYWJyTjhXMVNtVFVpczRDc2dDaHRBCi0tLSA3NUVyR3YvMnVsd0l0TXIxQS9odUZO\nZnJWV0MvRlpwU3luNm9FOGtDNkhzCm/yGJJvQf5qvBRyGLrmCeiI31qHr+JoZ2Av\nbqMUeg3Vv82ffTLT6GX+JjiG0wQFcYAX3/k0noVN9JMR/boiWIc=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fido2-hmac1qqprw0vfpc8wzsu78quc777kmee54ln6nnsjrnrhl7nr33eh4kvkksqp05qqxj4kgfzrmrugrsvg7skx6ghh3q9xc0x0agthtkvy25d9eq7eklta5wf7s30hexkuyl5546rdz9ffa5tawlp5yweqkgccntw0ny540n2am3cqw3luhxkfmrp63kwr6mwplhr9u26wll48x0n3k5f60c7hg9a3",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIGpMZ3JmMVFy\nU3AzeEFFa3B2TGxSL1NlQjhSa28waGtLQUlFTkp4N0hVeEEgQVEgZlFBRFNyWkNS\nRDJQaUJ3WWowTEcwaTk0Z0tiRHpQNmhkMTJZUlZHbHlEMCBtMzE5bzVQb1JmZkpy\nY0orbEs2RzBSVXA3UmZYZkRRanNnc2pHSnJjK1pLVmZOWGR4d0IwZjh1YXlkakRx\nTm5EMXR3ZjNHWGl0Ty8rcHpQbkcxRTZmZwpYVDJSdCtnVHIzVXhSQ0lXRzE5dlJo\nS1NHa2F1WEpJK2xJQUQwa0RNNCs4Ci0tLSBBdmpiZGVSOWJwanRiUjUxT3JMT0VT\nM2k5bE0zOW5SVWg2ZGw0QUVvcWVrCrc2TjHS6Pp38MTPU9H59q2seVYlESH80V4+\ny1/qjB6fK8lnnyi5TLrSo+M9MAcG5T4EGvCcAPuzjTvF/DO7hxk=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fido2-hmac1qqpyewum3q8dfcumfgec8nn958aec9f4q9aqy0k06kw5kq27d6fdqdgp0p7y4ru3n5xk90u747xevxa2af3v37e85j9g3axrmw5hdwdfh0wz22hut5vrafxsx26a7vh8fjwkymz3ramfgvvu4detztu075kmpr8l9ydqda0rnjwatdwmfgswg849p37astvld98s3nleeq575azlwc2hhpuh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIC9jZllPWWhO\nV3pDa1MxSzF2ejRJMXJBWDlNMzZqcG1JdVB2Y0xjMlJKeGsgQVEgZUh4S2o1R2RE\nV0svbnErTmxodXE2bUxJK3lla2lvajB3OXVwZHJtcHU5dyBKU3I4WFJnK3BOQXl0\nZDh5NTB5ZFlteFJIM2FVTVp5cmNyRXZqL1V0c0l6L0tSb0c5ZU9jbmRXMTIwb2c1\nQjZsREgzWUxaOXBUd2pQK2NncDZuUmZkZwpwSUdWWlFFbW55aXVkZ0pSeUVPRkF2\nTm5tTnkrTGNmcEdoWE1UckwvcXFBCi0tLSBnN1J1VlQvVnRXbkEvOWtLbHhzVzNN\nU01XVkpRNnd4bCtYb3poNjR4bno4CirmDl+6Kebk0jMjgRp00d8kpkzGtQFsZNht\nm5MPBM+FXVzpDcEWQGUlLr50yDKYVzHdIeeuGsWZ3KaI1GM8pdg=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByOEQrR1Z1K3RETGgzVi9H\nNXIzUW04UHFCMk5vQVZEN0taRWJwV040Q3h3CmpaVWV0WDZNemFSTHF1TTF4YXI3\nL1loMnA5OUNCbE55aGUyR2EwbklaczQKLS0tIEpnTkkzNStsNmdNS01HWDhXY2s1\nZ3hMNXA1dXUxVmxucTdtbWN4akQ2MTgKAolaT+61/BN/yzljENx7YZTrFRGA8zwN\nsquQs9vnFS8yduVMoaemXrCLTpiQ1KGCAWVX8pPtY8+GV9YKLZsV7A==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1sg0rvgyetdcqw7j2x983fh69kdkvqsngpe5x36e5920qa7fze3cqhj4wgx",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtTlNuQXN3VU9TVTlQd01N\nYVBpN1BxcjRLYWN5SUg3TlhUbHl0UzkrOWcwClZ5OHpOcGp6V2craFBkWCtwcktp\nWDZYYWR4ZjVhaVNPdEN4WmZ0UlJqR3cKLS0tIEx2WXdQL0x1Zm5rRnJGMmJQWFVW\nNW1nMFlac2lyY1ZuOW9OZmNWSjJxbTAK72xqJBlpV3UWAFhGlUjudEILQSnGDhQm\nS4U51sUc8rrUZLlmAivWg1nxCUAdrhLo/r9OuITR6QX9DeFsaeR9uA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1swlyyk2rzvevqawyeekv75nx2dz34zpe3xqhkqme26gcgeavy4dqrfpcd8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6WmVUUDJ0V2sxS0Q1UFZv\nWldFK0tRSlViUkc5aXFTV0JDdDFVbVVXR1QwClUwLzg0eTAvbUtaTVRFV3ptZkJQ\naDR1REl6MXZ2cDlsZzk1SVI1N3pocGcKLS0tIFlUbGFPUXAxWVBvNXhjZ2QzWGNh\nWTkrMklIQnl2T3ZYL0Q1c3JOTU85bkUKL4h+PDQSnVbls8iuioUHTBVpVh5Yhhx5\nrK9ELFCYGPAVzbx5cFoOapnIJcTQUAPZdBpmlm7kgRmMLXptMdGkGg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1vphy2sr6uw4ptsua3gh9khrm2cqyt65t46tusmt44z98qa7q6ymq6prrdl",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFZ3lPeVJyZUF3cVEvWnhH\nbVBwRmxaQUhaaExQSVRyeVJNZVFSRkFrU25NCkZDcklIcU5TQWplQkE1ZkFTUXB5\nLzZ0VFlEdks3OWpGM0JMSi9ZOVNndnMKLS0tIG11UFZkdWRYdHZJNk9TSDYvaHcw\nQUk1dGxIOFhwaXJZaEZNdVppWWlpdUUKQJ/UjgWIaeKa4o2El4cFkwv+O0bi9SOp\n13XExCNLB+BtwOGPREWbrmW/Z15c8koBEyrW7iuIhu0Pgz95oAF2Sw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-11-26T06:08:15Z",
"mac": "ENC[AES256_GCM,data:ovjPl0pJ6DSJGjGz+Zt5GLbwu3ZTMwOKNSsYxIx1NcjWAiGYpPNFcFrD5OBciVQ2K7VxlRoWW5WqbJt7mrvQXDO69LxvQqiK1+qHeFJOHRd6Sp29fRA1aqEz+kOif0SSzaEkHOXAp1kzk31CnEfIG2j5yQ3oMyrSqNnhnVrx6F4=,iv:NdeCrqNo5SV1Npu8aqPJcZDhPMGfUviyBQi2CUjYZOM=,tag:yM6P7P2vLUMs9GdT284Gvg==,type:str]",
"version": "3.11.0"
}
}

1
sops/secrets/ramus-age.key/users/kurogeek Symbolic link
View File

@@ -0,0 +1 @@
../../../users/kurogeek

16
tests/default.nix Normal file
View File

@@ -0,0 +1,16 @@
{ self, ... }:
{
perSystem =
{ pkgs, ... }:
{
checks =
let
checkArgs = {
inherit pkgs self;
};
in
{
think-gtcm = import ./tests/think-gtcm.nix checkArgs;
};
};
}

18
tests/lib.nix Normal file
View File

@@ -0,0 +1,18 @@
test:
# These arguments are provided by `flake.nix` on import, see checkArgs
{ pkgs, self }:
let
inherit (pkgs) lib;
# this imports the nixos library that contains our testing framework
nixos-lib = import (pkgs.path + "/nixos/lib") { };
in
(nixos-lib.runTest {
hostPkgs = pkgs;
# This speeds up the evaluation by skipping evaluating documentation (optional)
defaults.documentation.enable = lib.mkDefault false;
# This makes `self` available in the NixOS configuration of our virtual machines.
# This is useful for referencing modules or packages from your own flake
# as well as importing from other flakes.
node.specialArgs = { inherit self; };
imports = [ test ];
}).config.result

102
tests/tests/think-gtcm.nix Normal file
View File

@@ -0,0 +1,102 @@
(import ../lib.nix) {
name = "think-gtcm";
nodes =
let
settings = {
DB_CONNECTION = "mysql";
DB_HOST = "localhost";
DB_PORT = 3306;
DB_DATABASE = "thinkgtcm";
DB_USERNAME = "gtcm";
DB_PASSWORD = "";
APP_NAME = "Laravel";
APP_ENV = "local";
APP_DEBUG = "false";
APP_URL = "http://localhost";
LOG_CHANNEL = "stack";
LOG_LEVEL = "debug";
BROADCAST_DRIVER = "log";
CACHE_DRIVER = "file";
FILESYSTEM_DISK = "local";
QUEUE_CONNECTION = "sync";
SESSION_DRIVER = "file";
SESSION_LIFETIME = "120";
MEMCACHED_HOST = "127.0.0.1";
REDIS_HOST = "127.0.0.1";
REDIS_PASSWORD = "null";
REDIS_PORT = "6379";
MAIL_MAILER = "smtp";
MAIL_HOST = "mailpit";
MAIL_PORT = "1025";
MAIL_USERNAME = "null";
MAIL_PASSWORD = "null";
MAIL_ENCRYPTION = "null";
MAIL_FROM_ADDRESS = "hello@example.com";
AWS_DEFAULT_REGION = "us-east-1";
AWS_USE_PATH_STYLE_ENDPOINT = "false";
PUSHER_PORT = 443;
PUSHER_SCHEME = "https";
PUSHER_APP_CLUSTER = "mt1";
UPLOAD_MAX_FILESIZE = "5000M";
POST_MAX_SIZE = "5000M";
TEST_LOCAL = "false";
};
in
{
gtcm1 =
{ self, pkgs, ... }:
{
nixpkgs.overlays = [ self.overlays.packagesOverlay ];
imports = [ self.nixosModules.think-gtcm ];
services.think-greaterchiangmai = {
enable = true;
settings = settings // {
APP_SERVICES_CACHE = "/run/think-gtcm/cache/services.php";
APP_PACKAGES_CACHE = "/run/think-gtcm/cache/packages.php";
APP_CONFIG_CACHE = "/run/think-gtcm/cache/config.php";
APP_ROUTES_CACHE = "/run/think-gtcm/cache/routes-v7.php";
APP_EVENTS_CACHE = "/run/think-gtcm/cache/events.php";
};
};
};
backend1 =
{ self, pkgs, ... }:
{
nixpkgs.overlays = [ self.overlays.packagesOverlay ];
imports = [ self.nixosModules.think-backend-gtcm ];
services.think-backend-greaterchiangmai = {
enable = true;
settings = settings // {
APP_SERVICES_CACHE = "/run/think-backend-gtcm/cache/services.php";
APP_PACKAGES_CACHE = "/run/think-backend-gtcm/cache/packages.php";
APP_CONFIG_CACHE = "/run/think-backend-gtcm/cache/config.php";
APP_ROUTES_CACHE = "/run/think-backend-gtcm/cache/routes-v7.php";
APP_EVENTS_CACHE = "/run/think-backend-gtcm/cache/events.php";
};
};
};
};
# This is the test code that will check if our service is running correctly:
testScript = ''
start_all()
gtcm1.wait_for_unit("phpfpm-think-gtcm")
gtcm1.wait_for_open_port(80)
output = gtcm1.succeed("curl localhost")
backend1.wait_for_unit("phpfpm-think-backend-gtcm")
backend1.wait_for_open_port(80)
output = backend1.succeed("curl localhost")
'';
}

1
vars/per-machine/ramus/openssh/ssh.id_ed25519.pub/value Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvItw14tB6fc6gdZalSkZPOUSWGsTNyLnXk4yLAnkrb

1
vars/per-machine/ramus/openssh/ssh.id_ed25519/groups/admins Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/groups/admins

1
vars/per-machine/ramus/openssh/ssh.id_ed25519/machines/ramus Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/machines/ramus

50
vars/per-machine/ramus/openssh/ssh.id_ed25519/secret Normal file
View File

@@ -0,0 +1,50 @@
{
"data": "ENC[AES256_GCM,data:AzcnY511v0LvR5Z3MIjTY2QWnCgvd5cJ3ezs+E6LdXvzp/nf8XM2zyVpl+2tVlSdAgZs4TvxwtHihOanWQ8yLdNnXT8jP0hUgtYUs9RGLagsbxjLZQ4fKc/Qj3lXDrJdHtV1Ycx7uPXJ10acn4TDiO4GgoghbaRQJWkXaWSxNB2aTVV+76fswLcIimm8D8sLo7NGi3X767/u1xOoz7/jnAke9VCF502EtwK59DhAJvcuuwHGTuHwi1H7BQCs6WTNS4cvfSV9sB4EWmj+J3x65IvAp3uo9KfSlRdAIScJulHm9pOhBU/edTb1goSKAXHfahWrQArcKFOjGW54sWN0MakmHN0UFQVlZF1sqEpmHEXNOyjCPLJYpRxaRmjWBeUuJ/2xHvQWVQVBLC2RvhbGdE06lClrX100EX31txzuIJVUirAHR2owbY7+jOOTZuZtLcXZkHGRVgREej6KmDZWr7yNw9NJ178oD7x5/zivajnlAxYEIUoin7UofkDx3T+sMU9N,iv:Q1YlntA6bScOu9hCOshG6MAbhYIBWw6EbM/5z4nJVvQ=,tag:TFZpP9CeOAmOb3GpCVqRWg==,type:str]",
"sops": {
"age": [
{
"recipient": "age134vt63pjqpd0m7702fyn8vhdlzyj2deqc2q78sp9uw9052kxsgwq6d25ez",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1RDc4WTlWVnBvVWJMZFZR\nL1M2ZWxib1NZM0M1aDM4SlhVaXEwTzF6Um1BCmJiRDdCNXVPaDRDdW1CdTNUMjQz\ncVVIMWZRd2YrV1o0M3NjVkRlZW9XZEUKLS0tIGNYazU2a0pqTzhXczlsbUxBUlBP\nUHJlUHgzdVVZdHdyTjlLQTRpdlJWS3cKHghMTLA/S6F60y56nL/at+iECyoEzZmO\nECJhGSDyQ0vbGgEAnskfseoA2xtzNvkj1sO2kbnPg3pCvlIDGaAX7Q==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age17d4qt0n9edq57tgcqyk8eu5mrendl59yt6z2y3a4vkq7el8krqtq6lq28g",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBESGo3M3J5S0FLK21HUHZv\nd21uUTZiMWRVaEhZeGR5MFVLcHEvMnd3UmxzCis3K1poM29LY3BBU2pYRXc5azV1\nYnNpT3lZeFRndmhHb0xHZFZzZTBEOUEKLS0tIGZHZXpESlBjNWpWTkFlMDZERW1K\nRDM2aUF6bzNMZ3hLbStOTS9aUlI2bkUKIzTIQ69JjjIlJl3xUUa8c67+WOLXIcxh\nLN/p58/sGa1PH5X9uI9yBxH+7dmn2u7xwZKGcHt/1D1BwH+1f42eyA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1egztkqupggjcpy4g9tfwq6kqeh3ljw7enzhx4l53hjge73wmdscqy5qwfp",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsaFgrWllHdXZxQUFGSWV4\nZHMweFpkRHZRV0FEOVBDVFh6MU83SEhpZmlvCkJCUmNIMm5kemZFbzUwYU1POFVx\nVk8rTC9HRi9pQUo0Y0JBdFphWGRuT1EKLS0tIC9PUmZvVC9URks4VitMWG5zSmh1\nNEJldTNEd0dsQjQ2V2JUbVU5UHFNSGsKKV03KeObcSAM5tMBNJp+F6hdDpziyABY\neEAJxMr9BuGoPwvAHLAAvIsIuOw6Zw+wfbxeZK+szhwiFmMdZMCffQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fido2-hmac1qqpf43tgcfjm048lsqskvq34w2t4uvrm5qy6m2eg6zjj82ctca8wctgpczxvj0q4y6337uhvsxdh5j86k9h9ymautpvv2759ucwnef75ez7pa7fpkddklp40mxk2tedsp74359g0kefn5rsq0x0yss6cu4yd0h06up0rp08t6yc4l0hfa9y8jn5fkx6nk0hjhz06ykwv0fyxe7z42q683jy0",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIE1xbW85Wi9V\nOTdhdk9jWVBlZm9HbXV1SUh6WmFmdnN4TzdRcm92N2JDa28gQVEgd0l6SlBCVW1v\neDl5N0lHYmVrajZzVzVTYjd4WVdNVjZoZVlkUEtmVXlMdyBIdmtoczF0dmhxL1py\nS1hsc0ErckdoVVB0bE02RGdCNW5raERXT1ZJMTkzNjRGNHd2T3ZSTVYrKzZlbEll\nVTZKc2JVN1B2SzRuNkpaekhwSWJQaFZVQQpjVVhQU2lLSlp1Z04zcjJjeWNEamEx\nWGltR2FtdlBDTFRpNGNYRTg0Mm1RCi0tLSBVbWV2WVRUbnFySGp2ZEFnNG9Xc3kw\nTzMrV3dEOEMvL1RGTXJ6L3l6b2t3CjxtxJah0sEljMT01ch9x30OeFzvE/HNzXSb\npnG8Dh0rYjv1lJ2unja8zZdfrl41avHP7BeHqSb5QAMVxZj3h8s=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fido2-hmac1qqprw0vfpc8wzsu78quc777kmee54ln6nnsjrnrhl7nr33eh4kvkksqp05qqxj4kgfzrmrugrsvg7skx6ghh3q9xc0x0agthtkvy25d9eq7eklta5wf7s30hexkuyl5546rdz9ffa5tawlp5yweqkgccntw0ny540n2am3cqw3luhxkfmrp63kwr6mwplhr9u26wll48x0n3k5f60c7hg9a3",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIE5CM1NOOUdl\nZHkwN3I0YkNhaDNYWnMwRFM0bnBPRXlUSy9BZUZYVGRtQjAgQVEgZlFBRFNyWkNS\nRDJQaUJ3WWowTEcwaTk0Z0tiRHpQNmhkMTJZUlZHbHlEMCBtMzE5bzVQb1JmZkpy\nY0orbEs2RzBSVXA3UmZYZkRRanNnc2pHSnJjK1pLVmZOWGR4d0IwZjh1YXlkakRx\nTm5EMXR3ZjNHWGl0Ty8rcHpQbkcxRTZmZwprYkxXMUpZZjhjcjdYYno0NWE3b0ND\nSG1nT1d3dGZEUXE1enMrQnlsU3pVCi0tLSBNMitqcnhkeXdueFFIb2ZSNEtmZmhE\nemdYbGtpV2dadTRscnlidzJNK29jClycgQIySOi0Pb7H9G2fbff+VRhbQY4wqliB\ntGyGUMijiTPpKC5CMqoVz3RsMdZkX2NuwfL3p0oZXpHx2gWCPLA=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fido2-hmac1qqpyewum3q8dfcumfgec8nn958aec9f4q9aqy0k06kw5kq27d6fdqdgp0p7y4ru3n5xk90u747xevxa2af3v37e85j9g3axrmw5hdwdfh0wz22hut5vrafxsx26a7vh8fjwkymz3ramfgvvu4detztu075kmpr8l9ydqda0rnjwatdwmfgswg849p37astvld98s3nleeq575azlwc2hhpuh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIG1yS21OR2JC\nY2xKWW5tdWhGWUxZNEVadTdkQW5NeGhtb0xtaml2N0hnR0kgQVEgZUh4S2o1R2RE\nV0svbnErTmxodXE2bUxJK3lla2lvajB3OXVwZHJtcHU5dyBKU3I4WFJnK3BOQXl0\nZDh5NTB5ZFlteFJIM2FVTVp5cmNyRXZqL1V0c0l6L0tSb0c5ZU9jbmRXMTIwb2c1\nQjZsREgzWUxaOXBUd2pQK2NncDZuUmZkZwpXa2ZmN1ljazgxQmRKUitGQlJhMHlk\nYzNrdVJCaU1QeDlMdGZHTWhjajE0Ci0tLSBmcWhNUmlzd0tWNHVHcW5Dd29rRFpF\nUUl0VkNKb0ZUcWpKaWZvT09VVWpFCuvNqV9L0/XREyuFeNA41+G53wx56k1qzfhz\nk407lcOzWtlo9e4GHzSeV4ZEAP4Pxt56AtoIlSM4LNrlEpBpP9M=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0UzNQcU9Zcmt3Y25BeC9X\neU9NRllWYmNQSkdlakZTbDc0RVhQMElnbDJJCkpMVDRRUm00eG1GN2QxdHppRDVn\nK3kwNERzeWx4YnYrWEFZQUd6YWdlVEUKLS0tIFRyNC8yOUtqdC9IN0lCenlFY1R3\nNlRnWXo4ZTQ2endweHZvRnRldnVHVEUKjNVzo097eHcaQdt3l36ptfzkfAaXNsDJ\n5b6gyjs/arzYj8ygdv6UyDdTNjlZfvATSMgfYIjrCKKt/9EDHfXhRg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1sg0rvgyetdcqw7j2x983fh69kdkvqsngpe5x36e5920qa7fze3cqhj4wgx",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSWUl3WlNQQTF1dVdmQjVS\nRnNRK0pNUStjV3VuN0QrK051ZHNPNVZZdlJFCndMRmJRSnFMcjJlYjJOa3hjYzAw\nSHRpaDFFUnd3UU1EdjZFNktzczZucXMKLS0tIHNhUXEzOEFIRDdBdHBrOGhKY0ww\nNEFUMlJLakd4bUUrK1BDNDQydzFPRzgKNJUKAxK/8vTbnHM6/gM4J+FibHkvx6dt\n4hbLPRcXAp/5mVJCMAIGHxsuyG4ypSaOkF25e43PiI7f6HacJkw6AQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1swlyyk2rzvevqawyeekv75nx2dz34zpe3xqhkqme26gcgeavy4dqrfpcd8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtbVlpY2RxOGQ1NjFaMzUy\nSU1Vd2crYmNrcjhWRFpkdUl4ak03b0c4SEQ0CkhieCtFc0hPQUtsQmNwRnBhdkY5\nMTBOaGVTKzNtUWl3QUIrU2VRYWhWMEEKLS0tIE9VNmFWaGF3KzdKcmJCbHNTZllx\nSnBtNVZUdnJHYVRuZ1NQUWNoRkp0Y3MK0x4epBjs6Czgzpp525Z8FMpJkuQn5LQ2\nbaL3VJJxdjpKKk3AeS3rnIUJ5XV10qtsG4eaQ3wgAQGdXl45jcvDaA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1vphy2sr6uw4ptsua3gh9khrm2cqyt65t46tusmt44z98qa7q6ymq6prrdl",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3L1pLSkI5YkdWV3d3TDV2\ncW9lWUNodXhBN2xGcE1KaElaTmxRR2V0eUc4CkF6M0ZCd3NTMVhUZEpqTERnVEt1\ncXE5STdJckRwaWdJdE5SNStsajh1dTAKLS0tIFhrVzEzL1ZGOFVOL2oxbmFDQ1ZS\nTEc1UmM0V3F3YU94WVBDYk54SWZtZUUKl7eW0214fmkJ88J93O9uudjxxZfQ1kFl\ndeZfjYg1N2UEGImL4sZgz05+m8ehxLh+FntlGgJ7MHFrqAE/g6UF1A==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-11-26T06:08:15Z",
"mac": "ENC[AES256_GCM,data:Ve2ded5v+sZaMocncuTS+y9g5nGP6wWvu2bWsBn4AbYigZnfp9eROIf7ewCT2pxcu7VFGdYv1DjWrizwvYu1PkRvVMxJZy2BgZeYwtmSVWW+x7m82QFb8kapO5j+8hK6V2tyiaGUw8xwNDtN/QyUhlpS1kjfmNLwy1sBM0rinLo=,iv:G5oif6tMGzS3TAPRk/6LZeHLDvyognPPCjuwxoX05YQ=,tag:M8+mU2/C3MNwc4TABkR9Xg==,type:str]",
"version": "3.11.0"
}
}

1
vars/per-machine/ramus/openssh/ssh.id_ed25519/users/kurogeek Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/users/kurogeek

1
vars/per-machine/ramus/root-password/password-hash/groups/admins Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/groups/admins

1
vars/per-machine/ramus/root-password/password-hash/machines/ramus Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/machines/ramus

50
vars/per-machine/ramus/root-password/password-hash/secret Normal file
View File

@@ -0,0 +1,50 @@
{
"data": "ENC[AES256_GCM,data:6/cp0K3a8htco1rlIfExnL+ppIgNg0+/XlPPAx0Ylp/KtDfkQg3OI+Y9zWRX2UN1dHjVVBJ0vDrqKv5OaijQbl14E6U46HH4EjevBmGeUCLmDrsFTNIPqGw+D12LoYuOGwkfonsRO5LbtQ==,iv:Beb8wBVdZvkKA69aCtxGMxuQ9fProDLN4WWKtvKPbvc=,tag:+rpJT78McFuf1wJq6DWyoQ==,type:str]",
"sops": {
"age": [
{
"recipient": "age134vt63pjqpd0m7702fyn8vhdlzyj2deqc2q78sp9uw9052kxsgwq6d25ez",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpMUllOTM1RUtHSWJ3bDN0\nVnRTWDErQTV3b2lHcEYzanp2VVhoQllyNmhzCk5zN0xwUVlDQjB2RDRLUzlvVW9u\nYjh5eDdnWGRXRWxoYmp0ZTNEam94NDgKLS0tIHBTdHREQ2dRR3ZFNHFhZXV6cDgx\nRk9OOVUrSWlVZGZHTksvN0RocHFyWWsKfhDdr6qFmtt7dAegVIIb3JH01rGxzvyN\naQv6F6BWbhvMUU3/eJNVerJti1Y/RinGxBLSP58SxksJiDTFBv/jWQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age17d4qt0n9edq57tgcqyk8eu5mrendl59yt6z2y3a4vkq7el8krqtq6lq28g",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMZHQ2U2tsd29qTFQ1aVBP\ndW94RXJqbE9LUkdXeXVsQ0F4TFUxdGo5ZFg4Ck1PWHJGWHVEeTR2QTRTM1NGWVkx\ndG1HMmZUS24yNHNQbjFPMjVNeE83aVUKLS0tIGtiZXEzY1g5QS9FcHlOOWpxbE8y\nbUtrMngrQ0lLdlQ5N2Uwd1ZVWkRYaGsKD+xmS2gjw7o2Wohxh7+4dk2+9Uf7jK75\nFz2RmP6oLNIcWanAENygOR8etcuBMcCPAc08VSEGtjDg9JUC4lV2mw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1egztkqupggjcpy4g9tfwq6kqeh3ljw7enzhx4l53hjge73wmdscqy5qwfp",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJYVJmUDNNMWVHSSt0RWk0\nNHlyOU9uYjg2aytjaXVnV21NNDFGUVMyUDNJClBYTUFzNWRxOTNKVmxIdm9pQlRq\nRGQ4am5mSytDOFFjUklGNkJZQ29tQk0KLS0tIE1jQkkvRGltYUExazhKUDlhZlF6\nSDUwNFR0NFdJSC8yNy9yOWxHYUJxSEkKf7bxUdVDAvHnU8kscXInOcIy6vuxj5pL\nBaW5dYJ5yQiroXuv2U9rDygTQYAAiE0g8xZRjp98qzTHT25lG0pgzw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fido2-hmac1qqpf43tgcfjm048lsqskvq34w2t4uvrm5qy6m2eg6zjj82ctca8wctgpczxvj0q4y6337uhvsxdh5j86k9h9ymautpvv2759ucwnef75ez7pa7fpkddklp40mxk2tedsp74359g0kefn5rsq0x0yss6cu4yd0h06up0rp08t6yc4l0hfa9y8jn5fkx6nk0hjhz06ykwv0fyxe7z42q683jy0",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIDc3Zjc3blhq\nOVpLSWF3dHRLVitOd1BtWTNISVBPVHREMkpJdkxJUTZHbHcgQVEgd0l6SlBCVW1v\neDl5N0lHYmVrajZzVzVTYjd4WVdNVjZoZVlkUEtmVXlMdyBIdmtoczF0dmhxL1py\nS1hsc0ErckdoVVB0bE02RGdCNW5raERXT1ZJMTkzNjRGNHd2T3ZSTVYrKzZlbEll\nVTZKc2JVN1B2SzRuNkpaekhwSWJQaFZVQQo4cUZZRXVrMzFiV01QenVJd2oyMXJv\nVENRYmdtazROVnU5d1RkRGp6NVVZCi0tLSBabmQvcjdQQkU3SGZNU3BwVUltN1Er\nZ3hxS01ZeFRFSkZVYjc0UXFqTTZjClLbO5vhBcv+lIMvSEPeuztAL7/L2OttICB5\nEJghMMExc7/kgM7d88q75qEsPsVNgE/4BWzyesrvKXb2gWLosQg=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fido2-hmac1qqprw0vfpc8wzsu78quc777kmee54ln6nnsjrnrhl7nr33eh4kvkksqp05qqxj4kgfzrmrugrsvg7skx6ghh3q9xc0x0agthtkvy25d9eq7eklta5wf7s30hexkuyl5546rdz9ffa5tawlp5yweqkgccntw0ny540n2am3cqw3luhxkfmrp63kwr6mwplhr9u26wll48x0n3k5f60c7hg9a3",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIHh5M3BYQ0di\ndkhjL0hDWVZqbU0rTjlkV1NZZTZ6eERTc2JLc1l1b1N6d3cgQVEgZlFBRFNyWkNS\nRDJQaUJ3WWowTEcwaTk0Z0tiRHpQNmhkMTJZUlZHbHlEMCBtMzE5bzVQb1JmZkpy\nY0orbEs2RzBSVXA3UmZYZkRRanNnc2pHSnJjK1pLVmZOWGR4d0IwZjh1YXlkakRx\nTm5EMXR3ZjNHWGl0Ty8rcHpQbkcxRTZmZwpXdEY5MFhNeXJRdlJuREw5emJSakhT\nL3pqNFBpOFozcXRaT3NreXJERVNvCi0tLSA4Mms1NzZRdG4wbnUzSVFVVStueXJ5\naUh0NWd3aVJUeDFQSGRtMjdaNEtrCtQQU4t80k6OnmsBcH6Z0hyBPTLFsb9n+/2h\nxWFf2MsBTboevVnOhvEGaA8XhBB2/MrUCGTbkFStfdf+8jyVj+k=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fido2-hmac1qqpyewum3q8dfcumfgec8nn958aec9f4q9aqy0k06kw5kq27d6fdqdgp0p7y4ru3n5xk90u747xevxa2af3v37e85j9g3axrmw5hdwdfh0wz22hut5vrafxsx26a7vh8fjwkymz3ramfgvvu4detztu075kmpr8l9ydqda0rnjwatdwmfgswg849p37astvld98s3nleeq575azlwc2hhpuh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIHU0dHI2L2FH\nZ3loaEZxRUY3NW51Ty9pc3FYd25OVGtwNG84OUJUdWFCMVkgQVEgZUh4S2o1R2RE\nV0svbnErTmxodXE2bUxJK3lla2lvajB3OXVwZHJtcHU5dyBKU3I4WFJnK3BOQXl0\nZDh5NTB5ZFlteFJIM2FVTVp5cmNyRXZqL1V0c0l6L0tSb0c5ZU9jbmRXMTIwb2c1\nQjZsREgzWUxaOXBUd2pQK2NncDZuUmZkZwpYU3FIZ0crV3NWTkNLR29BNFlvbFJZ\nRFNzZk1iWGRvRFdRc1NGMVlpZGNnCi0tLSBmK0FXeW5SbzJLV1c5Q2wxMDkzL0Ew\nMTZoRklJL3JIaXcvcFJ4bzFySm1jCvY44UAa+HixIuoFn5n8BBqWigjNYS0bhFTr\nTLOcMxGb26VeoWMULZs/SaONRAVbbtCYAbv+ZXFu3GH7rn9xx48=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0dmJacm4vYjN2WlJNTFEw\ncHpPamdqa21FZmJKRnRtRUNodE1NNFNZWWp3Ci96R01JWDY3NFNINHg5MVRTbWNU\nVytLV0hyUmI1YkV4dGJ5MXpuQzU5eDgKLS0tIHhlS3NjVWZId1lIa2ZYY1VFUmE1\nc0UwaTR6NEFZcUg1OVh5MG9RSHFKUncKGnRavc/A4Y24WK9g07ofpdw4jf/Dzs14\n2MesaajLi2pHwSeb48V3c/iYgS3cK4j0iosY+viWrfvV3vRG9FE0Tw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1sg0rvgyetdcqw7j2x983fh69kdkvqsngpe5x36e5920qa7fze3cqhj4wgx",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXMGNtaHl1MEFFSWwrOW10\na1JQNnZIcjNnMGREMTlXb0lwWS9OMC9uNlZJCkxBSXVJSGdzMC9mU3dldkk5K0Vo\nOG5uMDM3S05jZjdBY0ZyNGZSR3ZQQVkKLS0tIEN1WGRDaGNva3dJWGczWHBVVUtw\nTzZad1FCeTB4UDNsZWJ3Tml6M25FVGMKzXCnA2ehQ/bfV32Xc8mflXfWAim/v/+u\nEqU0fp3Bhn1FIWFCBvh18o20kw+MsE3+zpiY6FxxI2EtrVTMyobXuQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1swlyyk2rzvevqawyeekv75nx2dz34zpe3xqhkqme26gcgeavy4dqrfpcd8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCMmtNaDJLL1hhb2tCSm16\nck4zcEVabjh3OXpuMHFsbnd3MTIvbnVmRTMwCjFhRWNWSUlZbmtuUDBVakRaL1Uv\nSVlYeXJtOWd2UWVuVyszQjNkdldrbkkKLS0tIGJnSThzQ2Z2TFkrNExQVWI0V0pD\nMXNBUDZNWXpSb1doYW9teEZLMW9PdXcKa3zgLXVDJ07cEMlHVGNCKOcUtajRBy7x\nssbScq1+iCZeBk/4k1Ex3kyZ5yfmMe3nE8fS8Mx1HtXxvrHcxLmbgA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1vphy2sr6uw4ptsua3gh9khrm2cqyt65t46tusmt44z98qa7q6ymq6prrdl",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtakZaeWUvVFROK3ZpQ1ZB\nYTVKTWtNVkdQVE5SeE9veFdtcUJDQXF2MmhnCldYdmZZT3VyZmV3eTNPbHIxWEc1\nYTNSNEhZbExrblRKdWMzUUplQmFGNHcKLS0tIExjQUhKanpmV2xuUzI1ZnBMdHJU\nU05OL2ZaYTEvWWxRTHIzUWUwbU4vODQK13v0k5tac1CYvsESefWacZe+xXUOXWPy\nn/soHGUVG9L2RdiSh4RcZc7n7Foq6GwJqi9wDc8Ms1FpzvuaVdOF/A==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-11-26T06:08:16Z",
"mac": "ENC[AES256_GCM,data:QwBGFbzWLFEdzT1bVjV77rtWCZwKXXf9P3byS0+SLRbfyxzRY0+BkzTa+vxj153udYwFkimJX9ywWISUDfqm6FJs6a4jqG8Xmwk1AmSyg585dc2Z26PC30nn4rBcezWBMF2IVFw+pJ65dZq8NSG6EmyHgmzedTOHMis9NZmm/b0=,iv:i/5MNOcH3TcKYRojVKCy0Pw5tHzSzvS8YLLYn0pwQ6s=,tag:96JAFD/kjUKPv1ZnGnEzMw==,type:str]",
"version": "3.11.0"
}
}

1
vars/per-machine/ramus/root-password/password-hash/users/kurogeek Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/users/kurogeek

1
vars/per-machine/ramus/root-password/password/groups/admins Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/groups/admins

46
vars/per-machine/ramus/root-password/password/secret Normal file
View File

@@ -0,0 +1,46 @@
{
"data": "ENC[AES256_GCM,data:nSFIQBxSi3uDpuzA3bOUgBaVLxgAMt2mBfrJFqE1BxNpez5eFvDvXcAvRhtj+rg=,iv:Zd+A4RCKxo4FnDQklNKl9OXIjAJi4Ec69SksSSfsnM4=,tag:c4LuluVLBD5X090JeYYV4g==,type:str]",
"sops": {
"age": [
{
"recipient": "age134vt63pjqpd0m7702fyn8vhdlzyj2deqc2q78sp9uw9052kxsgwq6d25ez",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPZys0OC8xSmhLd1RUeVFs\nVTJteC8vWTZGZkYvOFRSZHd4Z1djZXN4NXdRCmxCZkw0aWJLMzNPV0FFdHV0OGNx\nQy9yanVPUzRYUXg4L1prMkhtdWFsQjgKLS0tIFhXVlpmTUlPTTV5VSsxVHc4R2ts\nUXh4d2RCRFdVSWxDVzBJOEZCK0ZyNkEK97mBLq3AYu/2UDBM9vUx6ssS+076ld5I\nMW2JnHVOcVZpxVKdRBNuT++ZnxmDCGe5gIn2/rChZWZ/BnjHkvDDsw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age17d4qt0n9edq57tgcqyk8eu5mrendl59yt6z2y3a4vkq7el8krqtq6lq28g",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBERk5SSm5Pc1BqbmZKeDZF\nT0ZzdU8yMTkxMTd6ZGl3K2NaUGc5Zkk2dW44CitHbC9PbmhPTHU5eHhQYS9HMU02\nOEg5clpqRm5SR01rQ1NVOVpHR3VKRm8KLS0tIDVqUWh6WnA3MXUvR0NFeUlsK0xz\nUlZWL2JZNHE2eHdUOUpORS9iT1NVZVUKyaJNVRUepQssPLcyg5rYhhsoHGfawApM\nLisr6Yo48eSNcwxeiRc0bljmPEGjn9Na5rqPUFV/YwKL9OhkKIuwpw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fido2-hmac1qqpf43tgcfjm048lsqskvq34w2t4uvrm5qy6m2eg6zjj82ctca8wctgpczxvj0q4y6337uhvsxdh5j86k9h9ymautpvv2759ucwnef75ez7pa7fpkddklp40mxk2tedsp74359g0kefn5rsq0x0yss6cu4yd0h06up0rp08t6yc4l0hfa9y8jn5fkx6nk0hjhz06ykwv0fyxe7z42q683jy0",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIFY3Z3RRdGxS\nWEVDblVPK2pWUjVMTDZDalpLcE9vQ0YvVHRWVDMvT0lZelUgQVEgd0l6SlBCVW1v\neDl5N0lHYmVrajZzVzVTYjd4WVdNVjZoZVlkUEtmVXlMdyBIdmtoczF0dmhxL1py\nS1hsc0ErckdoVVB0bE02RGdCNW5raERXT1ZJMTkzNjRGNHd2T3ZSTVYrKzZlbEll\nVTZKc2JVN1B2SzRuNkpaekhwSWJQaFZVQQpFY1hXSlNiZVVzd0s4UTl3UHNoUnZ2\nOHRjRThOVzFUSFdFZ1Fqc2o0VDQ4Ci0tLSBMTXQ1aitWVWg0VUI3YXhKNEZzbjVq\naXhjN3NvcEpHUy9RMDdseVJYdGxJCh3+EmDMaHvVZEHPQHfXrIg5uq0/DXpGb6eK\nRfFHXOhH31NOIr3KiwiPlm3B2NmNyHGgZlwwy3xcZQV12ZRy3xA=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fido2-hmac1qqprw0vfpc8wzsu78quc777kmee54ln6nnsjrnrhl7nr33eh4kvkksqp05qqxj4kgfzrmrugrsvg7skx6ghh3q9xc0x0agthtkvy25d9eq7eklta5wf7s30hexkuyl5546rdz9ffa5tawlp5yweqkgccntw0ny540n2am3cqw3luhxkfmrp63kwr6mwplhr9u26wll48x0n3k5f60c7hg9a3",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIFp4cjFKM2Nm\nR3NTMXF3RE5zNE5FQldMWVhtUm1nK3lhK3FmTmVuaWw2V1EgQVEgZlFBRFNyWkNS\nRDJQaUJ3WWowTEcwaTk0Z0tiRHpQNmhkMTJZUlZHbHlEMCBtMzE5bzVQb1JmZkpy\nY0orbEs2RzBSVXA3UmZYZkRRanNnc2pHSnJjK1pLVmZOWGR4d0IwZjh1YXlkakRx\nTm5EMXR3ZjNHWGl0Ty8rcHpQbkcxRTZmZwo0VVpnenpuSjFDYmsvWXU5L0kwdjk3\na1RWMlFIUjBCN3BOWWZMQmhZRk5nCi0tLSAwN2pUcVF6RityMzN4NkV4UjBXRzU2\nQ0J2QUNWd0pIam93ZXZmQjAyRjNnCgqa0WSEnaK+qU0BK5FjZwsUAgtNdH9ujG4S\nEK9w50mUf6sL7frwnYHVFHDLrdCezNxGvbfNT3ed0vr3Tj4VZmk=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fido2-hmac1qqpyewum3q8dfcumfgec8nn958aec9f4q9aqy0k06kw5kq27d6fdqdgp0p7y4ru3n5xk90u747xevxa2af3v37e85j9g3axrmw5hdwdfh0wz22hut5vrafxsx26a7vh8fjwkymz3ramfgvvu4detztu075kmpr8l9ydqda0rnjwatdwmfgswg849p37astvld98s3nleeq575azlwc2hhpuh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIHdYTXlqeU92\ndGk4TzBCY0E1MGc1bHA3QU5qYjBMdFQ1TkZxQmNQQnN4MFUgQVEgZUh4S2o1R2RE\nV0svbnErTmxodXE2bUxJK3lla2lvajB3OXVwZHJtcHU5dyBKU3I4WFJnK3BOQXl0\nZDh5NTB5ZFlteFJIM2FVTVp5cmNyRXZqL1V0c0l6L0tSb0c5ZU9jbmRXMTIwb2c1\nQjZsREgzWUxaOXBUd2pQK2NncDZuUmZkZwp1VE1XQUptQTc1TXA1dWlTQlNMV2R3\nNG1sZEw0WVJPTEg2aDBTWnUxd2s0Ci0tLSBpbm9CaTU3UlF0ZEI1a04xdmVxTkh6\nSHBXWE1QTmlMdEtITmN5VWxJL05VCk/sMVWhDp4vWSWjPhFdaCoZ6FyoQQPnYWKW\nQ8TApAcEfj1WQ4JwuVlgFTkiq05do5EpVdcFiOCOT+85OruS9dU=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKeEJJUGU1Uml2T1kzajBq\nOXlTSHJMTGQzbFROZDg2Z2N2UjdFb0l3dUg0CjRaTngwa1RQdnJHM243d1NpQ2lZ\nTEtSYktENjN5OHVFOU1zaXJuaDIyakUKLS0tIDBtbUlueTBSRTgzQkx2ejRwejVi\nRlVIenZaS05JUG5leHRILzRjaU9EN0UKKgKUO9OoOH1oDwuITR4uteDxzZBQi/Bj\nrlaVgUFuqlwNaeRRwtn3dheKmKuXIl1kOQWN1aEPZ08Bg6o0j7KTVg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1sg0rvgyetdcqw7j2x983fh69kdkvqsngpe5x36e5920qa7fze3cqhj4wgx",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1SGRla1BlREVqek9EdEh2\nTFRoRmg4VGpaUlV0aWRQZ0w0dm4wRnhnTm4wCk40NUdyaC9XZStMd2Fkc2lOZkR2\nU2w4WWhOUDVXalZuNGt2V3VhY2xVVmcKLS0tIEh3akdjSlhSTnA3ZEVYSDFpZXdZ\nL1Y0Wi9DUFNwTHU3d3d5OEFZMUpuZEUKSg2TBM6UzY54Zx+dfF9ykU6hy/5bANbb\ndDDsmyJ7wwVmmqs1sJAPjcKgb3o/OcdGk6AUaaSToDkOQ9mDQmZDhw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1swlyyk2rzvevqawyeekv75nx2dz34zpe3xqhkqme26gcgeavy4dqrfpcd8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOWldVNDExcnJsSkpCU1Rt\neFNscHl3Y1VzZ2xXWWdNL2lmMlYzdHFjeW1ZClliNFhzQWtZRW05QUJ3QkJuRXIr\nMytaeHNIS2RwWTNSYWNnblpPbFdyZWMKLS0tIFZjNTF4akhMZ1pNRUdiK0ZhR0Rv\na0dXS3VWbjF0aENRYjdsNWgreG1MSFUKZjR7FaHpHJofgXUBNP0eaM3GzVf9bb7j\nwNKqEs2xmGlw9yzBxCNkkmqwRaT38/2a4r3CfIzVMEWeHP9/4LTFhw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1vphy2sr6uw4ptsua3gh9khrm2cqyt65t46tusmt44z98qa7q6ymq6prrdl",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxTzZoVXN6QStEMitPZXNQ\nbTB0S3lwL1JaeVFRTmpSWVVtSW5LcUJBclRnCkNTTnUwYXBpU2dJTWF4allLY1VP\nNUo4LzdGWGdGNGRkQjNYby83U1BEQlkKLS0tIDlHVkJ1YVA4ZGJ5TFg4UDYwejMz\nZFUyMWNIeEI5VHhIc29rdHdSYk50V0UKyJXjwEZ3amIFPp45PulmPHI7aTXPa4wd\n0p4Y3DaXiLtf6hRZ2Xa/uz+wExUFhEdQFnMaBbdVufD/VK4MA/ZmLQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-11-26T06:08:16Z",
"mac": "ENC[AES256_GCM,data:DpCzrb2qMkmcTpIV8LhzRzT/hagY3zDw+aRucyey0tLoego95ZO/pPPRd7gzfacWlYG3eioPvcwnY/brCmU0tyByEW1gNT2AHii8VIiLoHzaSJnDYiwJOt4ocXhuLw+CRK+od1TtGXO8JJimDvG6YThkR1cNgkFibz55DrL8QLk=,iv:qCNMZXNmjhEAJy1u9Mh/ebn/ob9ujoQoTqeYQ2YhFiQ=,tag:XGoM06/Y6QZv5b4QEgterg==,type:str]",
"version": "3.11.0"
}
}

1
vars/per-machine/ramus/root-password/password/users/kurogeek Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/users/kurogeek

1
vars/per-machine/ramus/state-version/version/value Normal file
View File

@@ -0,0 +1 @@
25.11

1
vars/per-machine/ramus/zerotier/zerotier-identity-secret/groups/admins Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/groups/admins

1
vars/per-machine/ramus/zerotier/zerotier-identity-secret/machines/ramus Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/machines/ramus

50
vars/per-machine/ramus/zerotier/zerotier-identity-secret/secret Normal file
View File

@@ -0,0 +1,50 @@
{
"data": "ENC[AES256_GCM,data:WY6kTgFo+10SoJYmL7+PJqmcdJQCEXvph/mo5Rc5aXM8x4yuBZeCModRwYBOYNDrMtaZI6xr8wIrZ1vb3dh9/CgxwiWRyu0zTB+d6MhgHCLD3uZA184A29HFQJmLPV1jbh1EopPLQlBztw5dzFqN2+vzwWvt6nFS4mCFJvVq+L0TYQD6r7SJzrIofJpGnBFwiFqVh5NVpmAhmlMJbbK3vKy06//AUBP5e/JNz5+J9MkPGhiehBsEA1TkrZ2fuevwOlOONAF2zWLNyuvMpMH/+Tf8KFwQB76/IGXLdRzRECB+A1rn4lSDeft3vnfZcqwIjfCOgTcVjQSPdkwIdblVpHiKBV/t3msyirVKhvfr,iv:fW+jdFVFfpWWy9jpa5yQxbcYJYMIVWlEWmUjBXRqtE8=,tag:3RfYjX88RuQoyoTOWk4UHA==,type:str]",
"sops": {
"age": [
{
"recipient": "age134vt63pjqpd0m7702fyn8vhdlzyj2deqc2q78sp9uw9052kxsgwq6d25ez",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEYTM2V0FTSEZGaEZnbzA1\nZDE2aUNGK1dHZmh2Z3lDUjJYbFZxS2ZTL3dRCnF3NGJ6VVJkRU9hdmlWOWMyMzNP\nekgvM0QyZFFYVUhFOW5PZDE0dURWcWsKLS0tIFRRR2xuZ0RqZnM5clNHdlU3SFN4\nTSsxajg2M2cxakpmZ29iNUVpOFBOaDgKRgDL0V1nC+7kKzQvMKhBRTUt2bG0BBYu\nYmhpay3KKWsG324MuV+n3J6ibPRSwNhYg6VjdO0lT+VfhT++JPg6Yw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age17d4qt0n9edq57tgcqyk8eu5mrendl59yt6z2y3a4vkq7el8krqtq6lq28g",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVeC9sN04yeXF1OXBpSEZ2\ncnQ3dWFFQnY1Um1TczVIdzBBMXE4em1pL0FNClhVUEFpcDJpWmhFRWxydWNnbFUw\neVNEZmRiS1Y3TFR0d2dnUWMrMVJpYUkKLS0tIExOMUpzKzZzb0JPaC9VM0M0aFk2\nc3RWcTR6NW9ibDVjMWdtY1BIUTUxdzgKkoqAtuMI3ibOx4BhjaFgka8c/5OCXyow\nUJOrfZtqVJMLYmmtAN/BZbk3beLljkmXie17MjGtH5eVO/QhAcDH7Q==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1egztkqupggjcpy4g9tfwq6kqeh3ljw7enzhx4l53hjge73wmdscqy5qwfp",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkZGZRZUJBRTBqUk91UHh1\nZDRMN3VTbk02YWdnSVVqZ29zb0Vmc21HaUhnClJLT3V0NC9QWVF2Z1labWkrLzBj\ndEQ2cVNUR2xOUGhvaGYxWEkxQ2x6UDQKLS0tIHU5TnhxWVhRSXpaQkdFb0kyVEpP\ncnozaHcyVXk1MDVVNm1UeXNDSkFOa00KiG6pbbAW2KfjUfovP3q1ny8eEZ5zDkV1\nMa1UBEoIOV01P+vCXeVm0bGmR21/53lAUhIgQyJcFJIsGFuctKo0Og==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fido2-hmac1qqpf43tgcfjm048lsqskvq34w2t4uvrm5qy6m2eg6zjj82ctca8wctgpczxvj0q4y6337uhvsxdh5j86k9h9ymautpvv2759ucwnef75ez7pa7fpkddklp40mxk2tedsp74359g0kefn5rsq0x0yss6cu4yd0h06up0rp08t6yc4l0hfa9y8jn5fkx6nk0hjhz06ykwv0fyxe7z42q683jy0",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIC9tYm5qa3B2\nbW96bjFsZDNZbHd1T241QnI1RE5MR3NxS0dtbWNZWDhXeGMgQVEgd0l6SlBCVW1v\neDl5N0lHYmVrajZzVzVTYjd4WVdNVjZoZVlkUEtmVXlMdyBIdmtoczF0dmhxL1py\nS1hsc0ErckdoVVB0bE02RGdCNW5raERXT1ZJMTkzNjRGNHd2T3ZSTVYrKzZlbEll\nVTZKc2JVN1B2SzRuNkpaekhwSWJQaFZVQQo4bFRwbEt5dHFXQ2tPN2J2WEI1RDF1\ncUQxVnFDbDEwSCs0dVhEVS9OeVJvCi0tLSBOb3l2VjBGZGlwRzFtYXFyM3hBRVg2\neEtsS1FNdU5CVks1UWtmWkxob0h3CnD57mICPa91qa5uh/9OpSuwkKIzUynRESsc\nvaNYEGbHB5UI1gysjKr8CkjJu9jRvGYF58CSQMr5UXuXppVb2oE=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fido2-hmac1qqprw0vfpc8wzsu78quc777kmee54ln6nnsjrnrhl7nr33eh4kvkksqp05qqxj4kgfzrmrugrsvg7skx6ghh3q9xc0x0agthtkvy25d9eq7eklta5wf7s30hexkuyl5546rdz9ffa5tawlp5yweqkgccntw0ny540n2am3cqw3luhxkfmrp63kwr6mwplhr9u26wll48x0n3k5f60c7hg9a3",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIFFJRXBVcEt6\nQVpBRGlrS0JtWmlXVFhkSkptc3RlOVFpWjhPRjRlNFMrd2cgQVEgZlFBRFNyWkNS\nRDJQaUJ3WWowTEcwaTk0Z0tiRHpQNmhkMTJZUlZHbHlEMCBtMzE5bzVQb1JmZkpy\nY0orbEs2RzBSVXA3UmZYZkRRanNnc2pHSnJjK1pLVmZOWGR4d0IwZjh1YXlkakRx\nTm5EMXR3ZjNHWGl0Ty8rcHpQbkcxRTZmZwpWZHpTWmNpVkhEWWlGS0pHajJQSUFV\nb0cweXpaOU4xNGw0SkFWbXN3RUMwCi0tLSBQRnE5UE9zZTRSbUc4OTdZTjJMK3ZP\nM0JjdHEzWDVYNWh0emtBakRwRyswCnQo99tq/B+eABVaxmNrYJgiPsURV7AV97+9\ndokjrWgaceiIWGoElr88TzefzZn9NGsQtdhrpqYMBmYFepZLW8A=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fido2-hmac1qqpyewum3q8dfcumfgec8nn958aec9f4q9aqy0k06kw5kq27d6fdqdgp0p7y4ru3n5xk90u747xevxa2af3v37e85j9g3axrmw5hdwdfh0wz22hut5vrafxsx26a7vh8fjwkymz3ramfgvvu4detztu075kmpr8l9ydqda0rnjwatdwmfgswg849p37astvld98s3nleeq575azlwc2hhpuh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIE1BWWtSRDFD\nYWpwakFGQS9qL3hmVWswMElsSThIaUxDS0I3RVVmaFJOVXcgQVEgZUh4S2o1R2RE\nV0svbnErTmxodXE2bUxJK3lla2lvajB3OXVwZHJtcHU5dyBKU3I4WFJnK3BOQXl0\nZDh5NTB5ZFlteFJIM2FVTVp5cmNyRXZqL1V0c0l6L0tSb0c5ZU9jbmRXMTIwb2c1\nQjZsREgzWUxaOXBUd2pQK2NncDZuUmZkZwp4TEhiQnFwQUJOMFErSjgrcTQ2L0Mz\nemZCckQyYk5aamRYVWV2OEVDZzBnCi0tLSBoeDBsOTBUOUN2S01CUndnS1F1SXhJ\nRG5hbGZhK1JYK2d1VzRQK0h1RnVRCoB/9J5g6DeTm+ZtyU7a0OAXYdI8jgBCMCHe\nslOAG3rdxXIEVnzLJbCqApAbpCaWPfR6uV9klezqcLLn/S7NwFk=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjQnltSEdQSFJzS0RBVG10\naFkzRis3ZGxLUTVEMXFaODQ4VUwyWTlvNndrCk51eXM1cExSdENNRnpvWFRDaXFY\nMXhSREVwb1Jzak5MRFdDS2FjVFRFOGcKLS0tIFdjV3YyTUU4eHJ6R21DNkt1ZFFh\nQ1JUSjhDbm9lc1FhRFBOVnh5dWE0dEEK80RUCpj6DS6qq8HOC39J2BwRPe7WSDPp\nU+gnoIQjVg6ZtSF2BLakK6ZIylTGn2cZihfUgvEnyBU7QR70naccmQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1sg0rvgyetdcqw7j2x983fh69kdkvqsngpe5x36e5920qa7fze3cqhj4wgx",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1emkrMldpSGZGak1FYW5L\nUEFZTHo5dmJaYk9tVzZxeGNaLytseXpRbkRBCmxJbGhRQ2lnVU9TTjd6Zklxems5\nOWtFWlhIQkJXVm9KeEtVckJoS0o4QlEKLS0tIEZqRDI3VjRHRVFLOXJVOEdhYkEy\nbU1jaUJ1TGUxeG5qMjJBRjh1TUtQemcKCVVn8eyZhg5rL2nBIJeLaX7r2kNN5QNN\nIvd3avnE/FSz11JXXPtOdMx6NZUsqoYAgXz5BazcJHqcr5r3o4xknA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1swlyyk2rzvevqawyeekv75nx2dz34zpe3xqhkqme26gcgeavy4dqrfpcd8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBa2lzMWdFTTkzajlzNEVz\nYW83aWl3ZnE2Z3lMeWZ0UW5KbGxZbTlwSEcwCkh4M21ES3h1UUYxSzhIdGlIaSs0\nRzhMMGhUb2doajJuSkVYVEtMQzI2dVUKLS0tIHU1SEpQeW51SnVTYVVnVWZCdVl2\naGtBTllvK2F6QklTYnVmNE5MRHF3aFkKou1VSbbf8AZbH/QW/gfSRGMolku3VFyX\nTsquZfgHUL4T0aPO9kDMT08I+Q9B90g8/9Hn89uCvAks0XwjGfpULg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1vphy2sr6uw4ptsua3gh9khrm2cqyt65t46tusmt44z98qa7q6ymq6prrdl",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1ajFQKytkTDMrT1huakdY\naDVBdXV3UHJKd1pqcUZiRXNhejZmeElQWGk4CnB0OG04aGNXbUxlUmVaNDdSSk1D\nYjN1bkhscDhkU0hGV1p3eFpJNFo3NmsKLS0tIEp2dkpzMVh6TjloZWU5UDUxNXRn\nRmtZRWVOSGdWaFFES0NHZlA3Vll5K1EKOZH9n811NgBJ7ULdaMGUrUNKu0xgOV7k\nIIIOZFfRGs2Dk614XhqLu8HrZFjkmHRvQYXd41TsqUGEjcli2SbIMQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-11-26T06:08:19Z",
"mac": "ENC[AES256_GCM,data:f3sm1jjZNFehuasCEtcsWbh5Co+qinsFvvr7cSLp+GoBN/ZU8xjjHsdwc1VMznHmgaYv0m5SueqQXKQmrx+mkfBUHpWrY2X5ZdyjnDpBpInn6TtH0sQ+up0cS/x50WbIkL1eOlOcERHisd9PMOPpjm6lwLGFtK58tVL7cNERuPc=,iv:A38W51dRFKHj94KRNavFoCX3zXScWVzpYfBf9ryLtiQ=,tag:OPgLqBylcwlU24f35ml+Xw==,type:str]",
"version": "3.11.0"
}
}

1
vars/per-machine/ramus/zerotier/zerotier-identity-secret/users/kurogeek Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/users/kurogeek

1
vars/per-machine/ramus/zerotier/zerotier-ip/value Normal file
View File

@@ -0,0 +1 @@
fdf7:d53f:344b:8562:2599:9369:62f:7f3