set up forgejo ports for ssh correctly

temporarily deploy forgejo
motd
2025-04-18 08:57:00 +02:00 · 2025-04-17 19:23:49 +02:00 · 2025-04-15 19:07:27 +02:00 · 2025-04-15 19:01:08 +02:00 · 2025-04-15 18:52:51 +02:00 · 2025-04-15 18:49:03 +02:00
13 changed files with 247 additions and 20 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +0,0 @@
-secrets/
--- a/.sops.yaml
+++ b/.sops.yaml
@ -0,0 +1,19 @@
+keys:
+  # People
+  - &clara 58EF8D71114EF548DEE3320DE6F04916B6EEBD83
+
+  # Servers
+  - &wireguard age12d8mxwnt0a7gl4uu0uwdqaxuqdf5j7zm50qy5qrhj0kd4ny7luaqv7rj4e
+  - &mcserver  age1v98yggaarelrp7z8rljzpf3gm70up4q8460trejmptdpv7gjucrqssjz9h
+  - &zammad    age14ukkn4plvnjacvjux929qwpeynxk4cfxw285vlwddqakm43kfyysfdg02c
+  - &forgejo   age1vd33efsea2509hm0dwmhkuu7mm2kgw6tsss6lmzsqfg7gat06qyqys3qfh
+
+creation_rules:
+  - path_regex: secrets\/all\/*
+    key_groups:
+      - pgp: [*clara]
+        age: [*wireguard, *mcserver, *zammad, *forgejo]
+  - path_regex: secrets\/wireguard\/*
+    key_groups:
+      - pgp: [*clara]
+        age: [*wireguard]
--- a/configs/container_config.nix
+++ b/configs/container_config.nix
@ -1,5 +1,17 @@
-{ modulesPath, pkgs, lib, ... }: {
-  imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ];
+{ modulesPath, pkgs, lib, inputs, config, ... }: {
+  imports = [
+    (modulesPath + "/virtualisation/proxmox-lxc.nix")
+    inputs.sops-nix.nixosModules.sops
+  ];
+
+  # set up secret key
+  sops = {
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    defaultSopsFile = ../secrets/all/secrets.yaml;
+    secrets.initial_password_clara = {
+      neededForUsers = true;
+    };
+  };

  time.timeZone = "Europe/Berlin";

@ -22,11 +34,20 @@
  # default user with sudo
  users.users.clara = {
    isNormalUser = true;
-    initialPassword = "123456";
+    hashedPasswordFile = config.sops.secrets.initial_password_clara.path;
    extraGroups = [ "sudo" "wheel" ];
    shell = pkgs.zsh;
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC45xdNbidyqMV7CFxhObUFSuKKjDTE1+wCJFX8GC5uoV/dYmzNKxG5l8oMEQn6wVrWvOYNbuy4hsOxhBoVa9Y7YlgGZaStKPkjerafi4YUvQ5U2f5oztConmD1EHASOalDviHt+5HevokQDtZimx2sUYgz5lN/DtYzgsNgFueUt96iQEQ7zUDtSC5BiZ13lasyNcVQK1XuP9aqeoa11ce2CcDg3LMJ5tXn+yxRlN9v5R1Mkt028mqwLr8d/uAUbcgUo7j+ommrXoK6+/3n2SoAiTIp3UZPMOjMEMQUuSVBAjhycVoMM1hzGSoUsfXk0GZTDZQdvIBrjsIyysdsEtNWiu51F9OnX07YqEh9KEX1i7KK7U30MAl172Nf85egP/oRRUmZOm9JPEW8rlTbnQYSGvtDsFEcwzfvZODQW+Knb/n02RkHTyXVRgTkEdhavgSnSXeTJB8zn+OVpwYj1EQ1v+x9H9DDALAWj3ac61WAKk+SAa/1WjQNDt+bFQ/ehxkMTeLnaak+fWJO/pqwSrevJtlCC+5FbzSwlLOiqevOg97ciu1ESeYPYnTwU0rFSAh4ZEP7CbSg2vmniZNF3kbeZrw3a5ZlnFU29cPs0b5t8A3txGFQi1W1zK2Y2oFZqcm7u+WntH9Aq69g1vEPWT7yH4kK1Y5HumpPsP1II38evw== cardno:11_075_348"
+    ];
  };

+  users.motd = ''
+    ##################################
+    Logged in to: ${config.networking.hostName}
+    ##################################
+  '';
+
  # localization stuff
  console.keyMap = "de";
  i18n.defaultLocale = "en_US.UTF-8";
--- a/configs/containers/forgejo_container.nix
+++ b/configs/containers/forgejo_container.nix
@ -0,0 +1,19 @@
+{ lib, pkgs, config, ... }: {
+
+  deployment = {
+    targetHost = "192.168.178.60";
+    targetPort = 22;
+    targetUser = "root";
+  };
+  networking.hostName = "forgejo";
+  networking.interfaces.wgbr.ipv4.addresses = [
+    {
+      address = "10.8.1.4";
+      prefixLength = 24;
+    }
+  ];
+  imports = [
+    ../container_config.nix
+    ../services/forgejo.nix
+  ];
+}
--- a/configs/containers/zammad_container.nix
+++ b/configs/containers/zammad_container.nix
@ -1,6 +1,6 @@
 { lib, pkgs, config, ... }: {
  deployment = {
-    targetHost = "192.168.178.50";
+    targetHost = "192.168.178.58";
    targetPort = 22;
    targetUser = "root";
  };
@ -13,5 +13,6 @@
  ];
  imports = [
    ../container_config.nix
+    ../services/zammad.nix
  ];
 }
--- a/configs/services/forgejo.nix
+++ b/configs/services/forgejo.nix
@ -1,7 +1,9 @@
 { lib, pkgs, config, ... }:
 let
  dbname = "forgejo";
-  ssh_port = 2000;
+  ssh_port = 2225;
+  http_port = 3000;
+  domain = "new.git.cdaut.de";
 in
 {

@ -15,8 +17,10 @@ in

    settings = {
      server = {
-        DOMAIN = "192.168.178.50";
+        ROOT_URL = "https://${domain}";
+        DOMAIN = domain;
        SSH_PORT = ssh_port;
+        HTTP_PORT = http_port;
        # important because otherwise ssh doesn't seem to work…
        START_SSH_SERVER = true;
        BUILTIN_SSH_SERVER_USER = "git";
@ -37,6 +41,6 @@ in
    ensureDatabases = [ dbname ];
  };

-  networking.firewall.allowedTCPPorts = [ 3000 ssh_port ];
+  networking.firewall.allowedTCPPorts = [ http_port ssh_port ];

 }
--- a/configs/services/wireguard.nix
+++ b/configs/services/wireguard.nix
@ -5,6 +5,15 @@ in {
    "net.ipv4.ip_forward" = lib.mkDefault true;
    "net.ipv6.conf.all.forwarding" = lib.mkDefault true;
  };
+
+  # set up secret key
+  sops = {
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    secrets.wg_private_key = {
+      sopsFile = ../../secrets/wireguard/secrets.yaml;
+    };
+  };
+
  networking = {
    firewall.allowedUDPPorts = [ wg_port ];
    firewall.rejectPackets = true;
@ -25,8 +34,8 @@ in {
        address = [ "10.8.1.1/16" ];
        listenPort = wg_port; # to match firewall allowedUDPPorts (without this wg uses random port numbers)

-        # Path to the private key file.
-        privateKeyFile = "/root/privkey";
+        # Path to the private key file (see sops).
+        privateKeyFile = "/run/secrets/wg_private_key";

        peers = [
          # For a client configuration, one peer entry for the server will suffice.
--- a/configs/services/zammad.nix
+++ b/configs/services/zammad.nix
@ -0,0 +1,15 @@
+{ lib, pkgs, config, ... }: {
+  services.zammad = {
+    enable = true;
+    openPorts = true;
+    host = "10.8.1.3";
+    database.createLocally = true;
+    redis.createLocally = true;
+  };
+
+
+  networking.firewall.allowedTCPPorts = [
+    config.services.zammad.port
+    config.services.zammad.websocketPort
+  ];
+}
--- a/flake.lock
+++ b/flake.lock
@ -2,11 +2,11 @@
  "nodes": {
    "nixpkgs": {
      "locked": {
-        "lastModified": 1741851582,
-        "narHash": "sha256-cPfs8qMccim2RBgtKGF+x9IBCduRvd/N5F4nYpU0TVE=",
+        "lastModified": 1744463964,
+        "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "6607cf789e541e7873d40d3a8f7815ea92204f32",
+        "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650",
        "type": "github"
      },
      "original": {
@ -16,9 +16,44 @@
        "type": "github"
      }
    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1744502386,
+        "narHash": "sha256-QAd1L37eU7ktL2WeLLLTmI6P9moz9+a/ONO8qNBYJgM=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "f6db44a8daa59c40ae41ba6e5823ec77fe0d2124",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
    "root": {
      "inputs": {
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs",
+        "sops-nix": "sops-nix"
+      }
+    },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_2"
+      },
+      "locked": {
+        "lastModified": 1744669848,
+        "narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "61154300d945f0b147b30d24ddcafa159148026a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
      }
    }
  },
--- a/flake.nix
+++ b/flake.nix
@ -1,13 +1,15 @@
 {
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    sops-nix.url = "github:Mic92/sops-nix";
  };
-  outputs = { nixpkgs, ... }: {
+  outputs = { nixpkgs, sops-nix, ... } @ inputs: {
    colmena = {
      meta = {
        nixpkgs = import nixpkgs {
          system = "x86_64-linux";
        };
+        specialArgs = { inherit inputs; };
      };

      mcserver = import ./configs/containers/mc_container.nix;
@ -15,6 +17,8 @@
      wireguard = import ./configs/containers/wg_container.nix;

      zammad = import ./configs/containers/zammad_container.nix;
+
+      forgejo = import ./configs/containers/forgejo_container.nix;
    };
  };
 }
--- a/secrets/all/secrets.yaml
+++ b/secrets/all/secrets.yaml
@ -0,0 +1,64 @@
+initial_password_clara: ENC[AES256_GCM,data:ux8zKQbsw52SDMjX4wyXFp445vbCV4eFdvAJNzYSb3YMxbVWlBTV3KaEFYW0dKFwUvvserHPfyXmFgXJJ5Lx+D+49b8s8mVZqwVs,iv:2c8I40749+bXnwHJ2Gnjkv8a/AtV1P30sCE113jZcH4=,tag:b8kmLLZ80lytRH4dAl6tpg==,type:str]
+sops:
+    age:
+        - recipient: age12d8mxwnt0a7gl4uu0uwdqaxuqdf5j7zm50qy5qrhj0kd4ny7luaqv7rj4e
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAweHFOQWNaTGxLTTVNWlpw
+            UUdZYklScktnL3QvM0xLMTkrTmpYTG1ocXdzCnlPNVdkQ1FwZ21wUlhiOXpCSmV2
+            R0Q4RGlTNWRybTFRU1ZnK3VEU0NWUVkKLS0tIGFNRzVDMnkvRXhLTzMwVEpONGFr
+            RGFIVDZyL0dSTWNDMDZEWEJIamxRMDgKBeRdsbub+XhYKyCkpo9x1yXXqha7PP/s
+            /nzUyMNqDB7Fh5K9xY2BRxwpxIKYWpzFPjybt5mHL1NxbYheGle5hA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1v98yggaarelrp7z8rljzpf3gm70up4q8460trejmptdpv7gjucrqssjz9h
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzaWxRVVd3bU84bGwrZk5F
+            blgyRnd3MmdSdGtaWHdnVVVIeUs5dGNkVDJVCmo1MU9PeVRrNEZzcHhKUVk1OXlG
+            MDNCRCtCOERnQmtmUmt4YXlWTVl1dmcKLS0tIGZiYnlveWlKd2VZaVhNaUtlWlVK
+            UXkzL3k4YW5ESGRza0hURC9wR0o3RGMKsvc9zCQ323d/eSP9vVDiYTNgZrNmVvfE
+            +GfDEc/4+OpG+RRmMrXvlvCYRof56ywWZJr9tpAlunZ/t8vHRCUJow==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age14ukkn4plvnjacvjux929qwpeynxk4cfxw285vlwddqakm43kfyysfdg02c
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0YjhORkRmWk9pOVV6cUpo
+            RVRpNmhzWS9pZDMxTXViMDFLSVNYR1F5NkZZCnFCb0Q3QjMzNk5WVkM3K1JYYjJ4
+            c1VER25FVUtyWHFpcVpKdUJ0YlhSTEEKLS0tIEF6a1dJY2JmelQyVzd4Mk9SK0R2
+            WFZHdVZiMVdaNHFhTVZGMzdYRTl3ZU0K6yMpKKXKIaYHxR1cAHam7jogZShH5xsK
+            c43sMBz/WxHjvmI9TCNyxnkvgwC6kJUpV9vABduJg2INjkLltjNc/Q==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1vd33efsea2509hm0dwmhkuu7mm2kgw6tsss6lmzsqfg7gat06qyqys3qfh
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPelBOdktOV3Naa1ZWdlFv
+            N1c1clFsZTlkbVlpYU81L3Y3L2UxTTJMaUdNCnJYd3Y0YWpRNTRsTkt4Q0ppblVB
+            K01HSzgvQ1lIaUNSR2lJZWY4NG1tL28KLS0tIGVjZ0svVlFrK1h1NFViVmV0bk5Q
+            MW5ZTWQwZy9iQnFNL2dRalM3VSswVkEKcE2M6Ph8d+7BafgjlARITRbxivOajQ3H
+            7evjNzFDqga/AZ1rLG+5anuD2giAKVZGok10NvDroCKkobUpsXd6jQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-04-17T14:15:59Z"
+    mac: ENC[AES256_GCM,data:QBoeoWS2eoUjbXm40OLk8vxpdZRUkLgVLPQ6AX9JaYVLl4+reefFw269yngF2ZATBniuYLBHNhkSjOYttC+J7M2Zt8cQhhj4G2TFt7JkYHQRtkbuoa9ZiP3Oi3Jaj6z0w3cHsyMT+fBBdr02winxf8QggYHGmvcK8QXoayccyl8=,iv:lG94yszjtq1tDYrNM+xt5ehdrNYO6M+oqZg/Qg/cO4g=,tag:K3Cr7DySQ02fgHOaVtYmDA==,type:str]
+    pgp:
+        - created_at: "2025-04-17T14:15:33Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAzwtBoBqH5ZOAQ/9Gx1uySXuafWQT/xz2b4yY37t3ZKE5SE4LxKoyOPXRhWR
+            yVISxG9MBrYeDe7DR4QYJ5KVpKUui/TMKv5+SFiDvlxgQdWVA2PZ2KXgGK0KDDEk
+            cOn3YNGLHpZL4ZHwAlbgeNWFjT/A99logCnv7D4VocAX9k+AMSh5ZQqI5HLmBHfO
+            ZQOugRfGDI28D/iH/8LUXoK+l6VDX3CLt0xfQmNN81q2IQzb2NK9GZvj5qyILR3c
+            MMzGDMU1pw0OWCZWZDRCE5YA71mrvflGOQPo3/JPsVg1Qr8l6TbGjbFwKlYUgGDU
+            JTSsZ1ATKjzbWg7KSdrBgztWHcSDdrCW1yytUh9uoJks2UHGdfb060k9DH99IYXk
+            +u5DutiPqiz8xwn5YHetO3SaJjJA9uIODQ+Em7ElZ+XbY81NIlhbdT8DZKdDHmOx
+            ozFIs5r1glRaojo8Yc9fym0j8cZ6Dr6rkD+nbgwzRCuUucuzOILIPrutdUSgdpbp
+            LnK8ScJnOBsF3AhKuOB4Qhnb6Q0ooT8Zt+R2uDdezfACFMa6nW95MP4sPYPqy7ee
+            ZGuWOaMGQ1Cn9Ck3nBCn8hROzHwp9pv56mqVIKu+oWCGsFm9GUZ5XFvZxez6Kq//
+            SVhH/qbV3RElBj/Q8u4Xcbl3ZNnHbMhvi/Xe2Ji64orZkzjHrsViB6KXR6uzY/7S
+            XAF4UTbjzSVkqbZ+IKQbkhoM62YQpT1bOgMk9djNFilauKRqD5x3eKTyuooOnMGh
+            jVjxulE755eSO6qvATN/P7OIXzaPKI+HSPcdm0WH8ZXVTXrZjkeO7D7gCfh/
+            =qTot
+            -----END PGP MESSAGE-----
+          fp: 58EF8D71114EF548DEE3320DE6F04916B6EEBD83
+    unencrypted_suffix: _unencrypted
+    version: 3.10.1
--- a/secrets/wireguard/secrets.yaml
+++ b/secrets/wireguard/secrets.yaml
@ -0,0 +1,37 @@
+wg_private_key: ENC[AES256_GCM,data:51eBmT70Y0dMcTs/tIZrLpPoXsC7YBcbKLl5UPnRp7iEw+ZSpSnrSrKI/uQ=,iv:ULxRzi1bv74WINeDtcw0LrSuquQfQuZTYz+n2eH1nCk=,tag:79oVQvpnYHihdQZviiClvg==,type:str]
+sops:
+    age:
+        - recipient: age12d8mxwnt0a7gl4uu0uwdqaxuqdf5j7zm50qy5qrhj0kd4ny7luaqv7rj4e
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNaUM0RHNTck5PMWtWcnh6
+            R2dpSElSUjhheWZCazBDL2VtcXNLL2VCOW5RCmZIVVNkbi9hWnpMcjFGMldrWjVC
+            alhIMmZLZWVGam9Ld1ZIdjNvcm4xbGcKLS0tIEtYQ2RDWWtNSlpibmJXZHRQdlVD
+            ZFhFdHpSbkFSaTc2VmUyeHUwalZCVUUKNMDMcyrV2J2zhX/m6W5pIzp5YoQlPdKY
+            0QA7RYTQQIBuu0C19+E3VlpU0eMHupsTpqTHMA6RNSwY3wyyV10hrA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-04-15T06:32:59Z"
+    mac: ENC[AES256_GCM,data:tJpQdvPndAmv9AG81vYlD7Bgf+/np2uOBZ4AjgBJc3D9l80Rb+BVS5DPjFpVhOiIxe5vrKDKfiYAe2Ke6x5F9bE6vIC7CA5pN2oAQ/h5K4wwyCrjCSPMqkjv3KB+a2EFKeX2JRHeGfz+RMMYjnk8lhG9DdxZT9q1T9TyKdFchbc=,iv:bY/hNb3QvCKC0bmtCWZeb4cNgbXNCAWcFhAuKQI4WPM=,tag:3MJGVP4aLuFrZ46rwOS0EA==,type:str]
+    pgp:
+        - created_at: "2025-04-15T06:28:27Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAzwtBoBqH5ZOAQ//cOhooxvYdj++jbDDcv6w70gh3K62r5AcBf5iEXgtbHcZ
+            Ag0qQpGxb6dySyys/++//fRizVTokQUd+zFHMX8ppMri7JHlw0ioX7GvUAwlW2jE
+            6nibHvbJFYEJ2xIunGHJwJ98ryPp65qdP0wCyMsdzCc+UOzgKeeyi3NccYbQXYCK
+            0aQ0VnDHh0OF1B9vLbBCSaCfZstTCG8ADnK6FzANipoMoU8KytFdUqjj3zZxNwfx
+            9lgZocFoNm7Kx4Uv5r0DXKrJe56q0UJPFMkDnPoRp8YRU9h7tt2yUvBL9lJyIoFy
+            D/eKIPokM4CjeqByecDfsRTlmmFLRPPoLXHWklcJFkmapfW/c3jmsUhZwq8WAaSa
+            LxtFkesveyXhn/xuL6uWWTtmGdmwk4gJ0QIDDlDhGrrkuHSgRqb+2wI90pIggmHS
+            tZvsSfT16FOWuWgO5Fx+PQqNLT2vvMnsVxFkWeNdvpQ1sBd3BPZiwE48pVaTNQwH
+            2NNYY4gZPxKFPsj1CesPVa8x2jskguYMZ8Mo4O3GSn77jKbaj+GtrBSy+TE2dSJ7
+            k7LEuqtnmGBE1JrsEeXXWmVAnY3mWcaTKmljFOSBOT9/jJPUATTbuB0CCIdlsxlB
+            O3egc9x5VRgYshBnznw/IipLFUGBD0idUFwch+ijPyLk3efhFDXuvId22IPfmjDS
+            XgH83/dkii+PTK0tNdtaeIx8zEtamRlS8UYSE8f/Oko78X2O7Vy/wRpdAgs9RslB
+            VP1Ti9J3yFvo6mhFZg4Mm//WFa8dsMbphjoKKAqrHP0Qa4Z2O5GJvUMkKC0Gy1s=
+            =pswU
+            -----END PGP MESSAGE-----
+          fp: 58EF8D71114EF548DEE3320DE6F04916B6EEBD83
+    unencrypted_suffix: _unencrypted
+    version: 3.10.1
Author	SHA1	Message	Date
Clara Dautermann	9bec44c636	set up forgejo ports for ssh correctly	2025-04-18 08:57:00 +02:00
Clara Dautermann	7693a3ccc0	temporarily deploy forgejo	2025-04-17 19:23:49 +02:00
Clara Dautermann	f51a453c14	motd	2025-04-15 19:07:27 +02:00
Clara Dautermann	b521cb1e72	sops for initial user password	2025-04-15 19:01:08 +02:00
Clara Dautermann	84072ee09b	added zammad server	2025-04-15 18:52:51 +02:00
Clara Dautermann	13a9c9f13e	configure Password via Colmena	2025-04-15 18:49:03 +02:00
Clara Dautermann	05a89fe0f2	flake.lock: Update Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/6607cf789e541e7873d40d3a8f7815ea92204f32?narHash=sha256-cPfs8qMccim2RBgtKGF%2Bx9IBCduRvd/N5F4nYpU0TVE%3D' (2025-03-13) → 'github:NixOS/nixpkgs/2631b0b7abcea6e640ce31cd78ea58910d31e650?narHash=sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR%2BXhw3kr/3Xd0GPTM%3D' (2025-04-12) • Updated input 'sops-nix': 'github:Mic92/sops-nix/69d5a5a4635c27dae5a742f36108beccc506c1ba?narHash=sha256-SR6%2BqjkPjGQG%2B8eM4dCcVtss8r9bre/LAxFMPJpaZeU%3D' (2025-04-08) → 'github:Mic92/sops-nix/61154300d945f0b147b30d24ddcafa159148026a?narHash=sha256-pXyanHLUzLNd3MX9vsWG%2B6Z2hTU8niyphWstYEP3/GU%3D' (2025-04-14) • Updated input 'sops-nix/nixpkgs': 'github:NixOS/nixpkgs/2bfc080955153be0be56724be6fa5477b4eefabb?narHash=sha256-y7Hg5lwWhEOgflEHRfzSH96BOt26LaYfrYWzZ%2BVoVdg%3D' (2025-04-03) → 'github:NixOS/nixpkgs/f6db44a8daa59c40ae41ba6e5823ec77fe0d2124?narHash=sha256-QAd1L37eU7ktL2WeLLLTmI6P9moz9%2Ba/ONO8qNBYJgM%3D' (2025-04-12)	2025-04-15 08:44:52 +02:00
Clara Dautermann	30156bad33	sops-nix setup	2025-04-15 08:43:01 +02:00
Clara Dautermann	d51709f0cd	added sops-nix	2025-04-14 14:09:10 +02:00
Clara Dautermann	df35107001	zammad setup	2025-04-08 19:06:54 +02:00