From de9e5cd8fa1260e37e10ec274c3b310f02283ece Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Tue, 9 Dec 2025 13:00:34 +0100 Subject: [PATCH 1/3] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'firefox-addons': 'gitlab:rycee/nur-expressions/a40541abfdeeee6f18da6f56e5882c90ed369b6e?dir=pkgs/firefox-addons&narHash=sha256-8JrQq%2BvRZTTMqHjyBC1OcDThjU29ui6%2BKCcQzGAVdRk%3D' (2025-12-05) → 'gitlab:rycee/nur-expressions/687d6eb2a8503afdeaaf9e230fb72f880daa7252?dir=pkgs/firefox-addons&narHash=sha256-D4/vwhvX26KW3gux9CCiJ87zc5UOiLTFlfG3%2B5h0VRI%3D' (2025-12-09) • Updated input 'home-manager': 'github:nix-community/home-manager/f63d0fe9d81d36e5fc95497217a72e02b8b7bcab?narHash=sha256-0GsEtXV9OquDQ1VclQfP16cU5VZh7NEVIOjSH4UaJuM%3D' (2025-12-04) → 'github:nix-community/home-manager/20561be440a11ec57a89715480717baf19fe6343?narHash=sha256-O8VTGey1xxiRW%2BFpb%2BPs9zU7ShmxUA1a7cMTcENCVNg%3D' (2025-12-08) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/c97c47f2bac4fa59e2cbdeba289686ae615f8ed4?narHash=sha256-OtzF5wBvO0jgW1WW1rQU9cMGx7zuvkF7CAVJ1ypzkxA%3D' (2025-12-04) → 'github:nixos/nixpkgs/d9bc5c7dceb30d8d6fafa10aeb6aa8a48c218454?narHash=sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o%3D' (2025-12-06) • Updated input 'nixpkgs-unstable': 'github:nixos/nixpkgs/418468ac9527e799809c900eda37cbff999199b6?narHash=sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y%3D' (2025-12-02) → 'github:nixos/nixpkgs/f61125a668a320878494449750330ca58b78c557?narHash=sha256-BmPWzogsG2GsXZtlT%2BMTcAWeDK5hkbGRZTeZNW42fwA%3D' (2025-12-05) • Updated input 'sops': 'github:Mic92/sops-nix/5aca6ff67264321d47856a2ed183729271107c9c?narHash=sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4%3D' (2025-11-30) → 'github:Mic92/sops-nix/7fd1416aba1865eddcdec5bb11339b7222c2363e?narHash=sha256-qdBzo6puTgG4G2RHG0PkADg22ZnQo1JmSVFRxrD4QM4%3D' (2025-12-08) • Updated input 'vscode-extensions': 'github:nix-community/nix-vscode-extensions/7194cfbf5b270c228ff189078e6d345ead97ae69?narHash=sha256-eMQ%2Beu5u/3AkhZ5zm3CaE7GSrP3Ca%2B70WzPs51uNKZ0%3D' (2025-12-05) → 'github:nix-community/nix-vscode-extensions/32a0d010099f0b982498b11cc04d5335b0fc1556?narHash=sha256-/%2BahII8MXi59KnRmzz%2BOgPXScr2Oyygin/XJWP7GvdU%3D' (2025-12-09) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 2656a8a..a4fcccb 100644 --- a/flake.lock +++ b/flake.lock @@ -88,11 +88,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1764907471, - "narHash": "sha256-8JrQq+vRZTTMqHjyBC1OcDThjU29ui6+KCcQzGAVdRk=", + "lastModified": 1765253041, + "narHash": "sha256-D4/vwhvX26KW3gux9CCiJ87zc5UOiLTFlfG3+5h0VRI=", "owner": "rycee", "repo": "nur-expressions", - "rev": "a40541abfdeeee6f18da6f56e5882c90ed369b6e", + "rev": "687d6eb2a8503afdeaaf9e230fb72f880daa7252", "type": "gitlab" }, "original": { @@ -160,11 +160,11 @@ ] }, "locked": { - "lastModified": 1764866045, - "narHash": "sha256-0GsEtXV9OquDQ1VclQfP16cU5VZh7NEVIOjSH4UaJuM=", + "lastModified": 1765170903, + "narHash": "sha256-O8VTGey1xxiRW+Fpb+Ps9zU7ShmxUA1a7cMTcENCVNg=", "owner": "nix-community", "repo": "home-manager", - "rev": "f63d0fe9d81d36e5fc95497217a72e02b8b7bcab", + "rev": "20561be440a11ec57a89715480717baf19fe6343", "type": "github" }, "original": { @@ -207,11 +207,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1764831616, - "narHash": "sha256-OtzF5wBvO0jgW1WW1rQU9cMGx7zuvkF7CAVJ1ypzkxA=", + "lastModified": 1764983851, + "narHash": "sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c97c47f2bac4fa59e2cbdeba289686ae615f8ed4", + "rev": "d9bc5c7dceb30d8d6fafa10aeb6aa8a48c218454", "type": "github" }, "original": { @@ -238,11 +238,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1764667669, - "narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=", + "lastModified": 1764950072, + "narHash": "sha256-BmPWzogsG2GsXZtlT+MTcAWeDK5hkbGRZTeZNW42fwA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "418468ac9527e799809c900eda37cbff999199b6", + "rev": "f61125a668a320878494449750330ca58b78c557", "type": "github" }, "original": { @@ -294,11 +294,11 @@ ] }, "locked": { - "lastModified": 1764483358, - "narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=", + "lastModified": 1765231718, + "narHash": "sha256-qdBzo6puTgG4G2RHG0PkADg22ZnQo1JmSVFRxrD4QM4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5aca6ff67264321d47856a2ed183729271107c9c", + "rev": "7fd1416aba1865eddcdec5bb11339b7222c2363e", "type": "github" }, "original": { @@ -382,11 +382,11 @@ ] }, "locked": { - "lastModified": 1764900054, - "narHash": "sha256-eMQ+eu5u/3AkhZ5zm3CaE7GSrP3Ca+70WzPs51uNKZ0=", + "lastModified": 1765245651, + "narHash": "sha256-/+ahII8MXi59KnRmzz+OgPXScr2Oyygin/XJWP7GvdU=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "7194cfbf5b270c228ff189078e6d345ead97ae69", + "rev": "32a0d010099f0b982498b11cc04d5335b0fc1556", "type": "github" }, "original": { From 30869b72f257450cbd6343f18a2d735ff9c7b28e Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Tue, 9 Dec 2025 13:27:54 +0100 Subject: [PATCH 2/3] forgejo: Remove unused sops setup --- modules/system/web-services/forgejo/default.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/modules/system/web-services/forgejo/default.nix b/modules/system/web-services/forgejo/default.nix index 3bef43b..86b506f 100644 --- a/modules/system/web-services/forgejo/default.nix +++ b/modules/system/web-services/forgejo/default.nix @@ -22,11 +22,6 @@ in ports.tcp = [ cfg.port ]; }; - sops.secrets."forgejo/admin-password" = { - owner = config.users.users.git.name; - restartUnits = [ "forgejo.service" ]; - }; - users = { users.git = { isSystemUser = true; From 25f4536bb300b6699d89659db3e34660d4de2e75 Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Tue, 9 Dec 2025 13:28:48 +0100 Subject: [PATCH 3/3] hosts/*: Update tailscale service-auth-keys --- hosts/vps-monitor/secrets.json | 8 ++++---- hosts/vps-private/secrets.json | 8 ++++---- hosts/vps-public/secrets.json | 6 +++--- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/hosts/vps-monitor/secrets.json b/hosts/vps-monitor/secrets.json index f4f5090..eca0fd8 100644 --- a/hosts/vps-monitor/secrets.json +++ b/hosts/vps-monitor/secrets.json @@ -2,7 +2,7 @@ "seb-password": "ENC[AES256_GCM,data:BsVFQMY7q+RhByY3RTWwrwbdC4Pgb2kNVG8HXn+kmI2evAo8XmGbDHbr7mXnI2LA6E+iXm5bewfwwTnJWZjaup06/kr1bd8JDg==,iv:GpBQNm1jspU8PCN+SzfAUKSps3YySg6JJVYOLOFetOI=,tag:ydQaXcLVYllSZYWNCtH7+A==,type:str]", "tailscale": { "auth-key": "ENC[AES256_GCM,data:b+m+4KGLeS7hYLSqYXxX5VhiA946b4SEp+OAQUkK6e6ShYe0RnC0VfnypHjqwrdOiGYAIxB4ggIjZ9F5lfw=,iv:o36k4vtsnSThDQNIMIPBQHJ92WodbIyVC42L1t8Fvzg=,tag:/9oYSFO3asAGmWiedNo+Bw==,type:str]", - "service-auth-key": "ENC[AES256_GCM,data:Lz8UTAa2Y0QZ0qtkxrN30/nKj5PoAuoZON0LgflJtvOb5xiE8qAN9E04HA4O2dMWTXJ4zfIK8QC/s/Amlh8=,iv:e55ow3YQh6hd7FkTu09fMN8XgBk5ZsuHCtRDb5Q2sDI=,tag:qpzj9J9BgVCDF/7U3lcbkA==,type:str]" + "service-auth-key": "ENC[AES256_GCM,data:Z/u3GJr1J7rhn1k+Ul0SyHhWKIxpIKqqinGphdZ/BNFvBGCsU8xKKHz7c4B6O94Oe3tuUNGp+X285lSnpZg=,iv:ch6Mg8ki82pxlWFGlOGoJB7Mhn3tYPEcL6Z8/6bXzCQ=,tag:9sHLrQ8F/DzYvdtvUM7dYg==,type:str]" }, "healthchecks": { "ping-key": "ENC[AES256_GCM,data:Zq71AU3oym7fC364YZNyRtx4N2G35Q==,iv:ibMBpcrSocLBhtumsSV00+KVN6Pi4SzE7soCkZcU4fY=,tag:Wv/Wr0wRZGXucMHZHgoNtg==,type:str]" @@ -21,9 +21,9 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTVmV4dkZEaWVDNHMxUFdr\nYnhuVWpReXBNSEhhZkltQTE4bEpzSlBzL0VJCk15UFlwa0haWTZNaE1DVzVZVFBI\nd0QzcUptYmQ3dmhhdjhFV0xDSWdmMGMKLS0tIFhWamx6SXJleFFSVUFkRmw2VFZy\nOVVhNm9NSE0yRGFMQjNrM1B6cDVxSXMKrhAkDcWqutgSmQI5O+5i8fcwuTh2/XKr\nljK/Vn8EvGr8qEUeHzOBI1b5VtgngJkVJyfM9G/Q0lZvQF7ZZ5YCgQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-10-11T15:48:45Z", - "mac": "ENC[AES256_GCM,data:4bECM/RM3hCmhGNpVlwQA3uLZvjzkqD/EBmGjhmLBUYIq251B36eJZh5hLli1AkMMiR5RdYxobSsQpMLkNEyLEVMOImsj4P3m+9h9Hh1R8+1R5InGI/afL/CHXjnYrJKohlOBDcJXRtgrQRPH1Rb35/20vl2RvoQ8OwimMRMmeY=,iv:Oqkac45fCnMQgXgLM06TGZjh3fRG2DATwlCKTvnO5Fw=,tag:xapQEWQpjVeIZRAoH0YbqQ==,type:str]", + "lastmodified": "2025-12-09T12:25:24Z", + "mac": "ENC[AES256_GCM,data:RlXJ6lSCzVKpmcSWuCCFKZLG5O6ltPq4yA7nZeWiFYJBJ9gIhVM/fLfqOk2a+msWDg5WDYXCyfARPhKzH6AnS0kK+yqdkytGklQUKLlBuWvswuiWycvShc+04hClpyn/76nTK6yQeXeYK+b807uc5PJHGnBweEteBLShFbSTfIY=,iv:FtYfeckV45KtgYp+V1ZSupV26gYEm3T3Vi/RovDWlAo=,tag:k1clC/bsLC1FCLuaB6ypMg==,type:str]", "unencrypted_suffix": "_unencrypted", - "version": "3.10.2" + "version": "3.11.0" } } diff --git a/hosts/vps-private/secrets.json b/hosts/vps-private/secrets.json index 5904085..aed6713 100644 --- a/hosts/vps-private/secrets.json +++ b/hosts/vps-private/secrets.json @@ -2,7 +2,7 @@ "seb-password": "ENC[AES256_GCM,data:Q+yRIOJCUzHmCZ5n0OAGyCkePVh0VJfeFYmgG2fh8Wwy6IKyG9c3/3qcMEIRSvG6Qm9KFGahuIR2md5bz7//pTRfPcu1GdIsMA==,iv:GpBQNm1jspU8PCN+SzfAUKSps3YySg6JJVYOLOFetOI=,tag:pOLRjWZKL2+GkMgV435FMw==,type:str]", "tailscale": { "auth-key": "ENC[AES256_GCM,data:qqJnjWR309LAuW49/7t2uZqWlAgPUvz8niLZuM2g8kJxaQmF0TEAWcBDpYridy9NLHnJ+xgA9g088t9dSg==,iv:imh6BrNPf2jVQ6eVaB9Mt+gX9zGq6mHX1+9yhY/KzrI=,tag:HPjhNE+vecDWwCAMC+nGfw==,type:str]", - "service-auth-key": "ENC[AES256_GCM,data:w9hTq+DLUcHdgHLKOWv0eg+Ew9GoN47GIiOlGNVZY+YnOgCqJ9L59xxt37B9ry1wTJXtlCJWl/fOSxUT/PA=,iv:1e7sWm+CEXOBt7p74b9O5Hhs5+NYv6v6QfdqiKHNn18=,tag:HpoX3OyDg0S4OzgGUXRfZw==,type:str]" + "service-auth-key": "ENC[AES256_GCM,data:x69Z9Ac533qpKb9y/CQXJYvkw3G6OGyvoih9wABwlYO969+PvQssuNvciFGq8ZmqUXaGRcFsL45edegiKs0=,iv:0yO9RGbrBVfnQ7GR+3rdLBCk+UY9DQJk7NVGlUEBdNs=,tag:ISv0GFT9yinM2BAvvI3mvw==,type:str]" }, "restic": { "password": "ENC[AES256_GCM,data:AERasH4M/uP3aUELnggUmH6NzAx6v4Uqjg+ymF5X,iv:q5qJkB3+feZyEm778hKI8ikNz9/9dj+Z1hda6M4eHfQ=,tag:adI4AwzXp63SRSA8uAjRZw==,type:str]" @@ -32,9 +32,9 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqU01heng3NHdrYnZFZmZn\nZlJtUUIyd1ExTmhzeU5iZFZadFcwR25GOEVZCmxHOXNWQVh1ZlJSRHJtaDVHNVUv\nbTY0TlNmZ2hESDkzS2M3WHdlamxwclkKLS0tIEEvOFd3TDFkQmQwbjBodHhpb1BD\nZ2NvTnNqQmtrLy9aVDdGRGxZbVgrZG8KdnnjJWcjZFu3R8fVKToj6THHHRCFou9k\njQoedCZAML2A2FZIhHugH9wnDUPQQjG86WbcCBuFWcOTGiTF2gN+Qg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-10-11T15:48:45Z", - "mac": "ENC[AES256_GCM,data:pVeX+/xaRJJ3g+q7Ob+pdxmybWykgMj+5uVNlSQ7EMSqm4SFEdZTGiH0JVcFOBld5da/feu9VDzQObItAftVNwi7Ta/jJ1BM+oiVzA9dG+sBKd3CIAFuGaODtNsXdaiNFHqZaY0t+7L1xpC8daYyI0E/3StPDsVGKo262CXNMYA=,iv:neXImm5GDmPaRHumiTTXRQob4cM6K019GzFnNBruGGA=,tag:V65xEBNpzn4nLoJYvdCIwQ==,type:str]", + "lastmodified": "2025-12-09T12:25:40Z", + "mac": "ENC[AES256_GCM,data:S9WbziGg3LInSZ0ClNa7AKAOHxmYN12K/8Gw0EEWU/Sw5drdQ0UUPapU6r2FJRssQhjw03tOfwylEHO0fFZx9ra0bk9ZX+QrNnktSWNzpJE3XAg9/OzApOoyWptvfxEFLWdYb7FgB4qlK+goNYTiC7sPe1Z4j9Ct25ARfFQYKFc=,iv:7vehA/fdtEJ3B+vnsP2EkaO0L8h4B/gmXudFgJCyyAA=,tag:wBYlqvWDQobqPutTVFbfEA==,type:str]", "unencrypted_suffix": "_unencrypted", - "version": "3.10.2" + "version": "3.11.0" } } diff --git a/hosts/vps-public/secrets.json b/hosts/vps-public/secrets.json index bcf32ec..93cf928 100644 --- a/hosts/vps-public/secrets.json +++ b/hosts/vps-public/secrets.json @@ -2,7 +2,7 @@ "seb-password": "ENC[AES256_GCM,data:znyHz9AhZipp2VNkXifU27IvEbPoKqLf4ibSkqfvkGGoX/jHnoJRYruWmwLnAaqTk6moHtew6HZq3xjvNgUf+qVgaleWQntrLg==,iv:GpBQNm1jspU8PCN+SzfAUKSps3YySg6JJVYOLOFetOI=,tag:CKgqMm/mVae1i9He/ioMAg==,type:str]", "tailscale": { "auth-key": "ENC[AES256_GCM,data:tnmR93k4iPsojBZgwVmnSPJkNDOYiJt9lJ/IpoDR/TWCIbpBmbFq7xKSnyoCXBRKiEZ6hK0z3jezuQc9IgQ=,iv:/b3+yxEOuPaRrrmD3LSUeSiNv/1u4bMxrg4B+1SKb0o=,tag:9f6ZSgFjP4HAExWiaStr2g==,type:str]", - "service-auth-key": "ENC[AES256_GCM,data:fW9M95GXFGUrhIXiuVQdD+l7O+7qcTcYGVuTZC1hSUQunL/fjNh+cLFvjwEpKVvsZJ7uDzD0IHQlicBmzPI=,iv:XDFwA47jyQ8jkIOfkooywXGzUAtbQb5ktjbrcHnep9g=,tag:kh6G1ey8Ly2Rzx1DdoDmRQ==,type:str]" + "service-auth-key": "ENC[AES256_GCM,data:xlXV01WcdLVm/vRw8Elb3iCId8LstKP0UWSXDXeOG10goKLoIMV4JmJ8a8OalE3s3pO3FSLYQFxjQNxQmhk=,iv:ikHW6XVow1NJZB0hUhKl5JsC9gEZtvXc4F9SlUycQlI=,tag:GgqQPIxOXkYhhqPcv2/k0A==,type:str]" }, "restic": { "password": "ENC[AES256_GCM,data:IGV07og9eSoleJnZ2+/FFLph7TLNd80q+u6WNn+V,iv:E2hBYbvpCMDul81lgUBNVr5Fm7x0u1f9cEkma9jKwYE=,tag:eA7CAtfQtodTCyOuEn4+ug==,type:str]" @@ -31,8 +31,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvVnphWlNaTUU0QytIdnEv\nQnNzelN4MUMreXZrME5KZStFMDg2V1VFd21rCkk2Uy9ITEF3SjlRVEdMMXlPdHhG\nam1PNnp3emtnMnczeFFSSStJaHF6TkkKLS0tIEJKbFRzbmNqMjk5NXVHZnhlWWZ3\nYng5L1F5YUJGOTg3TTJCK281SG9Id3MKsmH2yj19ig2g+KzBGLD9dWkdvr6TLdSd\nuuDC+frhj7wWrEomOOjIoYtWHXkUtTSAnCEZhrhfyupYhEvlFfWRlw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-12-09T11:54:09Z", - "mac": "ENC[AES256_GCM,data:hmQQhRVXv+g2run9fftwEjH9B+feiGLVaSgmkAt14z6n1y38heThksgaLCT3uE3hAmH7CJ8kumF9o6IYVSGQMWwmlB1GYajrptaF57/m0aMgPEZpODz+bnstRVU7z6EmTT3Pp49PIP8cRXT8U9HQQpOcM4Fr5+epFkkzJicpSKs=,iv:JkDOVQ5PciUYQcff9cuP+KWEry2+X5hpf7Y/TwPDUhQ=,tag:rocHo+ml5zXp2KgYY/chOw==,type:str]", + "lastmodified": "2025-12-09T12:24:32Z", + "mac": "ENC[AES256_GCM,data:96b2vkoRYVIYR7kL8yOjZTG2tpjJyWBFBZ+qIwMsDHxSa3tUULQs+xKbW1gbc06LJMe97ZfKZYAFt2ExJ19Ftw/xJumbuDgX0f7tk7dkx5QrlsUyAGM8T5bOtZDAUAnkAgcJsIepdtTTSW8GsEmiAClynX08c00/jv3PEaF3IPs=,iv:9QAeA05iSP1NKVDa/Mu/hFJ07gDjZdNoVzvrYGT7rhc=,tag:0x/CI8c0F7RW7IANY8DdwA==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.11.0" }