Compare commits
2 Commits
709a24366a
...
6f8626ca8a
| Author | SHA1 | Date | |
|---|---|---|---|
| 6f8626ca8a | |||
| 04c08bf419 |
@@ -61,9 +61,9 @@ in {
|
||||
./proxies.nix
|
||||
# ./matrix.nix
|
||||
./n8n.nix
|
||||
./piped.nix # Replaced by Invidious
|
||||
# ./invidious.nix
|
||||
# ./invidious-init-user.nix
|
||||
# ./piped.nix # Replaced by Invidious
|
||||
./invidious.nix
|
||||
./invidious-init-user.nix
|
||||
];
|
||||
|
||||
networkPrefix = config.networkPrefix;
|
||||
|
||||
@@ -1,9 +1,15 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
{
|
||||
# Invidious - Privacy-focused YouTube frontend
|
||||
# Replaces Piped with native NixOS service
|
||||
|
||||
# Secret for Invidious companion authentication
|
||||
sops.secrets.invidious-companion-key = {
|
||||
key = "invidious-companion-key";
|
||||
};
|
||||
|
||||
# Main Invidious service
|
||||
services.invidious = {
|
||||
enable = true;
|
||||
@@ -52,6 +58,115 @@
|
||||
};
|
||||
};
|
||||
|
||||
# Use Podman for OCI containers
|
||||
virtualisation.oci-containers.backend = "podman";
|
||||
|
||||
# Create Invidious network for container communication
|
||||
systemd.services.init-invidious-network = {
|
||||
description = "Create Podman network for Invidious companion";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
before = [ "podman-invidious-companion.service" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
script = ''
|
||||
${pkgs.podman}/bin/podman network exists invidious-net || \
|
||||
${pkgs.podman}/bin/podman network create --interface-name=podman2 --subnet=10.90.0.0/24 invidious-net
|
||||
'';
|
||||
};
|
||||
|
||||
# Create systemd tmpfiles directory for Invidious config
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /var/lib/invidious 0755 root root - -"
|
||||
"d /run/invidious-companion 0700 root root - -"
|
||||
];
|
||||
|
||||
# Generate companion environment file with secret key
|
||||
systemd.services.invidious-companion-env-generate = {
|
||||
description = "Generate Invidious companion environment file";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
before = [ "podman-invidious-companion.service" ];
|
||||
after = [ "init-invidious-network.service" ];
|
||||
requires = [ "init-invidious-network.service" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
script = ''
|
||||
COMPANION_KEY=$(cat ${config.sops.secrets.invidious-companion-key.path})
|
||||
cat > /run/invidious-companion/env <<EOF
|
||||
PORT=8282
|
||||
HOST=0.0.0.0
|
||||
SERVER_SECRET_KEY=$COMPANION_KEY
|
||||
EOF
|
||||
chmod 600 /run/invidious-companion/env
|
||||
'';
|
||||
};
|
||||
|
||||
# Invidious Companion container (handles PO token generation and video streams)
|
||||
virtualisation.oci-containers.containers.invidious-companion = {
|
||||
image = "quay.io/invidious/invidious-companion:latest";
|
||||
ports = [ "127.0.0.1:8282:8282" ];
|
||||
volumes = [
|
||||
"invidious-companion-cache:/var/tmp:rw"
|
||||
];
|
||||
environmentFiles = [
|
||||
"/run/invidious-companion/env"
|
||||
];
|
||||
extraOptions = [
|
||||
"--pull=newer"
|
||||
"--network=invidious-net"
|
||||
"--cap-drop=ALL"
|
||||
"--security-opt=no-new-privileges:true"
|
||||
"--read-only"
|
||||
];
|
||||
};
|
||||
|
||||
# Ensure companion container depends on env file generation
|
||||
systemd.services."podman-invidious-companion" = {
|
||||
after = mkAfter [ "invidious-companion-env-generate.service" ];
|
||||
requires = mkAfter [ "invidious-companion-env-generate.service" ];
|
||||
};
|
||||
|
||||
# Generate Invidious companion config with actual secret key
|
||||
systemd.services.invidious-companion-config-generate = {
|
||||
description = "Generate Invidious companion configuration";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
before = [ "invidious.service" ];
|
||||
after = [ "init-invidious-network.service" ];
|
||||
requires = [ "init-invidious-network.service" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
script = ''
|
||||
mkdir -p /var/lib/invidious
|
||||
COMPANION_KEY=$(cat ${config.sops.secrets.invidious-companion-key.path})
|
||||
cat > /var/lib/invidious/companion-config.json <<EOF
|
||||
{
|
||||
"invidious_companion": [
|
||||
{
|
||||
"private_url": "http://127.0.0.1:8282/companion"
|
||||
}
|
||||
],
|
||||
"invidious_companion_key": "$COMPANION_KEY"
|
||||
}
|
||||
EOF
|
||||
chmod 644 /var/lib/invidious/companion-config.json
|
||||
chown root:root /var/lib/invidious/companion-config.json
|
||||
'';
|
||||
};
|
||||
|
||||
# Configure Invidious to use companion via extraSettingsFile
|
||||
services.invidious.extraSettingsFile = "/var/lib/invidious/companion-config.json";
|
||||
|
||||
# Ensure Invidious service depends on companion config generation
|
||||
systemd.services.invidious = {
|
||||
after = mkAfter [ "invidious-companion-config-generate.service" ];
|
||||
requires = mkAfter [ "invidious-companion-config-generate.service" ];
|
||||
};
|
||||
|
||||
# Override nginx vhost configuration
|
||||
services.nginx.virtualHosts."invidious.cloonar.com" = {
|
||||
acmeRoot = null;
|
||||
|
||||
@@ -190,9 +190,9 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
# Piped Backend Podman container (using custom image with iOS compatibility fixes)
|
||||
# Piped Backend Podman container (using official upstream image)
|
||||
virtualisation.oci-containers.containers.piped-backend = {
|
||||
image = "git.cloonar.com/infrastructure/piped-backend:latest";
|
||||
image = "1337kavin/piped:latest";
|
||||
ports = [ "127.0.0.1:${toString backendPort}:${toString backendPort}" ];
|
||||
volumes = [
|
||||
"/var/lib/piped/config/config.properties:/app/config.properties:ro"
|
||||
@@ -270,6 +270,24 @@ in
|
||||
proxyPass = "http://127.0.0.1:${toString backendPort}/";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
# Hide CORS headers from backend to avoid duplicates
|
||||
proxy_hide_header Access-Control-Allow-Origin;
|
||||
proxy_hide_header Access-Control-Allow-Methods;
|
||||
proxy_hide_header Access-Control-Allow-Headers;
|
||||
proxy_hide_header Access-Control-Expose-Headers;
|
||||
proxy_hide_header Access-Control-Allow-Credentials;
|
||||
|
||||
# CORS headers for iOS API requests
|
||||
add_header Access-Control-Allow-Origin * always;
|
||||
add_header Access-Control-Allow-Methods "GET, POST, HEAD, OPTIONS" always;
|
||||
add_header Access-Control-Allow-Headers "Range, Content-Type, Authorization" always;
|
||||
add_header Access-Control-Expose-Headers "Content-Length, Content-Range" always;
|
||||
|
||||
# Handle preflight requests
|
||||
if ($request_method = OPTIONS) {
|
||||
return 204;
|
||||
}
|
||||
|
||||
# Increase timeouts for long-running requests
|
||||
proxy_connect_timeout 600s;
|
||||
proxy_send_timeout 600s;
|
||||
@@ -281,9 +299,23 @@ in
|
||||
locations."/proxy/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString proxyPort}/";
|
||||
extraConfig = ''
|
||||
# CORS headers for video streaming (restricted to own frontend)
|
||||
# add_header Access-Control-Allow-Origin https://${domain} always;
|
||||
# add_header Access-Control-Allow-Credentials "true" always;
|
||||
# Hide CORS headers from proxy to avoid duplicates
|
||||
proxy_hide_header Access-Control-Allow-Origin;
|
||||
proxy_hide_header Access-Control-Allow-Methods;
|
||||
proxy_hide_header Access-Control-Allow-Headers;
|
||||
proxy_hide_header Access-Control-Expose-Headers;
|
||||
proxy_hide_header Access-Control-Allow-Credentials;
|
||||
|
||||
# CORS headers for iOS HLS video streaming
|
||||
add_header Access-Control-Allow-Origin * always;
|
||||
add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS" always;
|
||||
add_header Access-Control-Allow-Headers "Range, Content-Type" always;
|
||||
add_header Access-Control-Expose-Headers "Content-Length, Content-Range" always;
|
||||
|
||||
# Handle preflight requests
|
||||
if ($request_method = OPTIONS) {
|
||||
return 204;
|
||||
}
|
||||
|
||||
proxy_buffering on;
|
||||
|
||||
|
||||
@@ -1,53 +1,54 @@
|
||||
borg-passphrase: ENC[AES256_GCM,data:8ufR69AT0KDYCyjlDM8ZteiCaOs9GgTY0GutQIb4zZqGaXmLl8+ZKZfPdISz7s12INIJzQS73Am4L4DSmLt8/Gz0v/Q=,iv:yHE6eSX7E18SthxEpsIsuw3Mab65UvQPSNEDsjQGaGo=,tag:YYC8r9Ci/Ozu+6tqseFn/Q==,type:str]
|
||||
borg-ssh-key: ENC[AES256_GCM,data:9YstInAqRioQKUm2AQD1Lm8NNuyjYxfdnbGu8K8wGIaUjNPfQxFe3afv1CndWWzSs0KVZnuV8pja2+F5PwpEvvlEYIV+pdXCcUGTE9VnhmHHcQVrf9bDMgt/yca1bWBmiUJJZnn9SSO1ncUtjWWY0k/thSLylKPhAg6fo94snx8Mo89A9b1xBZfsVTBqi2cgYWZ6VGPmCVcOVv2G89m8qttj8bY1QWFXryGFHiONXwWKLafN0UNmn3++r4h+Dgdm1NX7FNRawt2CbbJ+aXuPNqtPcHJgEL43DA6LQwSK4MB57rh7iUeURBYAfC/HoHnngfPJLl8GHbAZaKlmS4vc/hJW3Or5JpJZIMR6taimYX7kklJys5kHgDoPjUqGucdPh+6d/cVTxFPaBGvIBFStljtgah3IlDyLuHO5bRKjOfZ5qSZpyCg3TZw7+cVN5RHCaIEp8AKlgIKdHTvSsWfXQsnbJ+e3gFe6P+MXC0VARFeRnT4q6ssUTj1hX7X4erwtER9fYD+ogCiDXW981GdJLssWGIy6cIg0F3JP5uOFKmnS/GnmGAyQY3Ukae3b2R3tJiABDjQ4trkBQ0b6KjH85F/KjSAVW43Wx1kO0rUGYdo/RhVVj+8DP3ECnrh2s6CpPT29/kpCSuA7C7bGkiGnDroFt4PbyveqsqlqAR9GQzz0c0u0zowxUZjeTgb76NsFfSSReTmDQ2qZbEBiW6FHe34s+lPZO3wtW6j/Z7aAf1F+EW3uvMqB7Jh9+sbDjarvGgXni5ApQzP+n7T7TOhgDbxU8mql7fb8v6ZGLv4OtQDvpoFAthe0JKY/REN5AQFL4f4oQi+GFVVEh1hZW9zssXZOWHJzlL3jljTTljZFFVBGWOk2livnf/IKs7uV5FWWBRx6MCw3wE/L4Vs3zSIBl6tTDeGOZsRnlGdCGAxIqLkUaM7OGMidyoMYHJbaxyfeLgsY6GJ1pOKIfK1bBYlHibrlq+DARZZTU2G/bdlWZZPsIMpXDo05GgSjMFRWbkL2TBWBLWO+1eaP2tkejZZWaS2Bdv70Zqa+vbJI3vGJN/f2a/kw111sVzhdKHX+F6rDmCuCZBTrxsnmXZIBRW/Kz17OL607zuCHi3s7ruA38WGufnzxacQP+V2qADvkmXtlFB8FkbLxd0RAAKUX+wAQDehN3PWItmdqBakZVXKIOa3Y9sye/tDOUdpMmHqtW9zsHkj+5sL2Zvls9XPzWrwTpR4PL7Vwl84VdeGJqmh+Mpo1wld4/IXX1egBPVABK+h+1A7aD/DKTkcawFDSs6K3o9HWvPZnCSgXhxdoFAQt2bqj9NCxs6ONNc4dQps7hGKMjcjE9UBtacUdlT9twiiGzqoUhqcCJLBqn0hrgt5hg5OQP4vNoNAZJUcZ3LbHBaZcthnSkXAuWVhnuY8gxuBVpZrVq60XQgTeV6ZQHtGBhBc7YYOqfGkudQLQyrysmvaDRoNVbKxE8TqnQfMrvsBBdT3t8iKM/+jZjZ64tMoUXz3O8qWCpChB/mMVB3zEROZptmbCh4foOQuEC4n1/dwWdSFHSNoBjzaApI3CyqQ6taxGM4owuV37RgzAarG4FeUSjSknzGkZUzLynL+3pTtcVKdR+Z7S5leHITZRp1YmLKr8+CTwixDYveSJd0uhy9GITOKS18JHqJPxyP6qrOvopnl+Nm1Oh/eum7hl3KvCHPzn0XT3vgoEzjae3Qct974ACblNMEcY2KTVNMB9ecEkexC/ZoDnacu/VpZx5uVqPpMgdRn59IjutrXPCt48HiEswbKA32kL361/wXKPLuLQ75qbxeNpoBIK95hEIB5SYL47Nz4a7mOTOkBFX6zBoeG1DdPh2jC64pIa7TCg2hk/B9sBg9YdTFp54ngtODSTYoG6tlSEycyR3972KLrpOYFQDMBwh93itxAzr9cHkw+XdHeK86wQXbhAtR6ruerYdbnBNilckFC9VrYQK6TwOJSWzyQMP9EJ4DL3oskh46oodHF/p2OedTd5o/JfI6ctXFFwJPBpQK/k1r8hXRvuSNQHsiey1Urpw1qWMB3l8KyZ7O2rvmr2kRu/QIh/pF4Dlgd0LfYr3MO+0xV7XcIESexZzi/eMdkaVvKeGXjJUmNJhxt6l50Xz6hWJWXFvdfddI9Th6LTUiMHavvMZZNDd8J4+ZD1x4Gk3cEflUiLTiHGPZnKcCbIf4Zra7CNds1VU3+N8jdaB8qjCE/Wdf0A0gcNBbT8hF/4Ypym/iV76NytrNbgF6+1NtH0GQd4+27HLPhnK0QSNkl/tl6UojJh+jy6pVo92GyTY+NEUpfECGfMKcH7OjmkKf8kJXLIzweDRrM6nEXmuEQfN7Zkf1hR/sM38OtMnAw09exZ9OG+uoFG4F0e/myraQaut9nUXGWEdxr+LA4X+ZlJmp0DboURJKrT9jgiy5Kzn++dTXQpeuMpxn0kLMMjzfumS7GdMhj8tpibyku7WeQ61Y7D01cqtzTpHsECiTLhEe3g98RcfH1Zq8DvAKLUnkIXiI0ooo3a3hKBd2m8/tyWijoVLIWhpRUl5ac/DJVwmeEItepKChsQX0ELC4VKAgzuY/a9RyZ0Qd1JUJL0w1aFs4db08ID1cZsq6frY6W/xJGExpZQR2+yzuDeGAPW1rvql8W+I4O97UO4Y4YxiBGgeXbh0ve0lUgm9mORQw+R0hRvcNkvHJC2FC6A/qp4N59OGPNkb2NCBmI/By/iIyFmP+zQKP1X+yktHX+Alez41R68lAlDrGp+5yFEViZTLnnoJoe5AsZBuyz7ij4OIaat8+6TLmeF4hbmiL3rPMAjVKfnumSZoANcPf9gi3hJ3ltKy5jfDUw3+CyVTj9YixPLRTRJjDGgOPWqhKy9UclmAA+wHq+s2D/geEmGmhvuWDw6TrJ9EqrrDNWdd7s4YRe+9C5dgxasP2NtWo5HR0wf+F3SqXyIb9zaj4aalr5Rm7p0fH7GN0Gs7aowoyKfrka6+qe+kXChKT4j+ogyUkn7+pMRnPFdh+652yfle9BADQlbRUssf/a79EUaBDvty1YXrU2BdqKCPR4OxCzyU7/Jfvn7tCPPnPjnLkwMRARwn347dK9T2+7ry8Ik1ezGrKMmGl3+uLcJ1BsNK2nCDZe07mkvRTdq/WI2iS5UGzSurp0nxVe95YzFjOwTy71yDxS5A2tI+/dVynU+McapmJqhBOpPinV8yhVyyAVQSS33iNk0xUhUw8s/MLan1XKjEIra1xgjTpKQWYIMvsza9mwbp8q0rbJv39dgC0L/mZVHbx417BE2HYHrxv3fCwdttuOUOKMZff03v0D1OyKD9X4/bjKPcEfmg3PhL2m004DDkuCpZ4wPZRCSIZ/1qHHk1KVrtnMvplm17tFI654b36TGUf4Ry8zC4iVOYPSpn+WQD+dl02FvfmDkks4TGIVfeav+9h3K14cJEFZKWkiKmELp35a8Yw==,iv:q8vIXAvmoYkvBHItDTiu0e9lUVpxKB0fNhWt2p3x8KU=,tag:m3S47WxDYVCFWxn2HuRN4w==,type:str]
|
||||
zammad-key-base: ENC[AES256_GCM,data:rf9yUAaVRLIGapSBa9dWywPbQxOLNNuwB9H2L2eDZ7Hod6YzoOnX2kJmmRN3Q/VoFX4cN1HRBYHnhhaTFSphIlqWt3RMIv29vZAgSBGKqg3l1DAQPiCrXMslQCt1E3BFYMyvfKefscBI14F4C2UDSsyrfUBoEys9hMSU4nsKIXc=,iv:kLJniOc4GwuiOKniS5H2FX89+V2ymN5RClE7hlMKg0s=,tag:+p1dlhgzIMkfOaOvv2gc1w==,type:str]
|
||||
invidious-hmac-key: ENC[AES256_GCM,data:6ycC0op/xwFcS07gYupToc4eBpi0+lah1Npv9A==,iv:P8I1rQaaQKM86ykdnp7nR0wVYPV5I2qSe644aqSNews=,tag:L3wD75bTOGxI/aDUpQn86g==,type:str]
|
||||
invidious-admin-password: ENC[AES256_GCM,data:nLpb78d3lVb7RkVJQxE+e6kDYvA5+HkvVa0ITaTyBb8+Zap1I6fV9NGohfjrGTPTGg==,iv:0Rsw6kB0pDenltJo65ZVSVq8xvAn6HGsg+X0S5cSRJc=,tag:tGDuhCt8Wtc1ZjVZqhrDFA==,type:str]
|
||||
dendrite-private-key: ENC[AES256_GCM,data:I7JRujo8/XeF8zCz6GwOqjqzW/b9ve/+FGiB7GfwRtBF33zAMBoE0kHJNvypvi4sLAB7W+BOiZvSeNU+qTuNlK9poviSbpEoMb8GQH9qL1OBW8gWqc/23h89NVxG/FPNE6eQiERwIcld7jGXuIjnCPu3tSSzrutTMgdgiTiwuMVAO9f0gcnLGWU=,iv:SchQxe8Z/vRzzDSKOJ/IHY+414vZNAyZm26/lhefpuM=,tag:RQpEnlDUuR7dK9Z4xBce+w==,type:str]
|
||||
matrix-shared-secret: ENC[AES256_GCM,data:jpgIio7iGrQ8KN5CAgssi2Vufv1CTh74ObOKfwGNAD+odIt+M9fu5LAiByP11tX9X8G3GgNP1zCGSThj,iv:KlAdTN3+3aFlUNbZtHasDfw0Q4D8pIPyxbnkNXuhERw=,tag:otAuKehS/+fMG37lKtqO4w==,type:str]
|
||||
n8n-env: ENC[AES256_GCM,data:rKaT9yHFXNNZk2zPPUgcaKWSwL1t8IwsACQYN9nA6uCwZryLgknW9jz57ZQ/YRxHmhARd9ucMZk0uPaHad1Iyf/XZwgUkYsYJYVtL/DU3rb4gRwdU4nvGIKTJH/LdcFMePFd48q3AuZDNXusCd6Haf54XkpJtqKJS8PYv3wbrH+1noTsKf8u4EbBaAwPofdwsFrS6jANbDY+7sf4N5Gvjn9PjaxZza1C5gqqT5Qz3chIBdbAEO8/OY6PZJ/uHtbTcCgxGFZNwzZjIlZdXGbAmzDqOFU+XnESZeW7f1T2OMTBRPdi87AdCvV4mCJVyKi0Sm7oyZKpeUnRwn98xajiEsNpkjzo0gt49w0Hs+EMB08Okg2IXFbCMPFkYX2xCSc=,iv:17jSsSMtLwBmslRN02gz5AXuRonmeA57eCr916h1g9g=,tag:sKyp0ROPB7vliyTwpl8XYQ==,type:str]
|
||||
n8n-git-key: ENC[AES256_GCM,data:VUuK35Anwgwh29lGPeBdvKusIlt6Vh96i5aMy+/LVQAGtlrqmFQwK0EmLkMGqMWx924ZpuOlEo5qDriXyvzuue3SBaMlJnSeSETT3UBpDoy+cX+K+KUx5Y8q78l6mD8+uXIZIGqNz3ZQ2HUNtwvcAwlM8jWCpCPvR+e6D3XA51sMICLOMIZjORqE7qqtJpbPiRXrKS7/HL9nR5JcHwx5ukssMUL0iTbHZ9O/AxLW1U/QBFSGluCF0mu2UnvuScCpm05qmLU9COjgDayIh7RHGCDXgTRjol8Kt1pV/bj4WK9h7Nj9kl1sCEhmLn4MMB7CpORfqVY1LX3v10BdDc4o+KQUdRYdKLwWOk7RNbeDzuw1P3hRcwGzcIRusv/xKViEaJv4ju78UuHHU9RoSFxxJP9EqT7VP2hn9F3bhfAZ7DUVXfEqD5bxDwJQOiyLxePuk/JImS3FweAih7/KbPLIqkVuqjcVqH+XUduVmOQks3ZflwskL0C8elJST3zEXEPd8b3Bv0XQD0jMZPFQ+PKg,iv:ZWTWbe4MI8fItYRjxCszBLtLGp1jhO0PrSOmLxfnpok=,tag:C2MxSRYNIEhn06ucRqZkQQ==,type:str]
|
||||
phpldapadmin: ENC[AES256_GCM,data:7WSqMdRm6gtndh3LhLQ7H+e32uOwGQLNr3xAVWa3Zsrs4gD6r5QSaqxGJQjwILU/gt3xj8SerDNEQKDOKBooIVm2Oa12tBo/4WAMmJB3rqasmoPuW76wEEaVzPFAV9kxy1inCzcGPnUJlKaxGkF+GNTntiQ6Q/yCkQJHbsPO1j5J7PD18tL7Zm7a3mxp3p1B1uVVPDwKPh/+rguzY33avwjld+MhaBtdrjSv4suRkCsMkJP1YPEP0m3wThd/bVz18x4bF9OkGjiz1qkVbifgKcgW+lY6igLvpC0+u2DkXqNE0pxIlvMdRZM=,iv:id2nNign8ocz+F+e2mU2cL65HIhEPnR6Em6hfzti3PY=,tag:bOyRB4CWxanHVU2pD8xtag==,type:str]
|
||||
piped-db-password: ENC[AES256_GCM,data:U6rBTl31hUiuwk9iUtxZ4Gyh1XtloLcDUpXhrfgam7ctwIsHSJLa5knt2LI=,iv:ZfcUmgglfiMmBJz+vzgh8QJ8tGkKbmXWR2ukKlByG0c=,tag:XOSRlBK57WvN6plpZbZr1A==,type:str]
|
||||
borg-passphrase: ENC[AES256_GCM,data:seAsFcQcBiIUnkoUYGoY6uEKbjf0TMJZklkE6TFwlHkdzwBqoKD0ASNzsIlrqEkQaLG7zlHpFci6SVnlMjSQsywZ2z8=,iv:E1Z/ttSVUvm8PTXq9lh12I0ogdQwORawm7DsUXh+04Q=,tag:pwZVzgO/MdIrKSNhutT+og==,type:str]
|
||||
borg-ssh-key: ENC[AES256_GCM,data:9qHlG7ggl8zoLGRr6B7sdLn33ISmRe9SnOQUvFby8UbeSO93XreQw2B/l6vJpX12vWWXMu8H1S0T7CM2BteZLn6SlIhefG2fvKHf+0mwJ6Jd3AU1lrYnyXzHfoliWnt4ikGPyNESPO1VSToupJHX3fb1sRscx27euRVITB4wgFxlyd0/dn+v88EUf0ucLTYSEP1+K8eiY0WLxNiwjl0G0E9hwN5Ze5rKOl0AlFw+7Kif5OXe956kaExmuBLPjlBgxjt49hfZfqZy4uOovg0mslFalOWgZkOCBfJ7k3YYHmsn9+ymCJE4ub2b9GXnSbudipEFQkcYv4pQ/NWFloYZVt6rh7Qm7IdqJu07aAS25vGXptNXbTmmS6fPF/2lXa1GaRT8EhpgsKIZ8LS6VJiCWD5Ela900Mw91xsbkz/CyKLjCIoMONgDwsRieCJoZqirtmj3S9DcOFjxZ/9d9xxD1xgRxl5ourVWoOusd7mWo9X5KEsQQ9wpr32U6NTrQUDR8SYJisWRW/RoTEeDsD5vYUqYn6jXcNT78cA9I1E3Il1zDMogTlBNUpvBjh7euaOj5pDZ1F0SPNLm9XTJ/TbIQd/Xxlmuct6AAEV+2s8gWvo5nQ0yO32Z5QssEfXl9UtNfKlNfukL6scJliQRyNtown9+6XMuRgI/Pm8iXx+aeurbGijnJs6miUI7F2Q9VJU1ioXXXTIQwfe/MijpSLdDggIKbwid3bkkMSsNpEgidodPmm0s94i7KH7tlnaxtY+oILjgT1k0jTBCl7pZ2lsuRs2LehUJ/aD8tuPDgOxB+aYFy8i5C3wWLjcRRAbYCDuTboIY8r7e+n3rIxe+KggsTS2dMthNgCBFJtAb4Dp8V8dtZGrPIfwI/dzAdUtQo11SuSx2TrI8bTH2iy38FXs6t8wGsx3aFuW1jjcMRRY1lIQFnyfcLmUqYNSW48YOT/AqsYklMcyG6UcTPxazm3sUmvmInflJOb14M7+Jb3HEYX4Utr7ic4CdJLPBN1ACOxW28JghCTBFvmrEHiJPIHJj+FHvgHBls3Turf/D3m0uST0dMM3dXpG7dSud0HuyKdt3p0GiDY1cQQ+ppLs/v9idrqK/PlkiTVoNy5rZuXk/XzpdaHRUzkUlg+XifisW1deZxP3/ATjDJBqJniHdCvN4He4iAVCe4Grbp68BhpvmRgowDWZM9qHyShMhyIAh98f+K7jsNnQx55+/rgKDS+TmEKj9WDiTrYmb6knZ+Y2yi4r6bc60yGOQjewe5eAo3bh4V5nQYr4xOUsHxRj+rirtIi9Re7UpDqTghcnwc4F0w838pFOE7XsVC7VcmIfvmBll39imDws2KhWOgIT3j+DCNntwKktU8SW96bQTFFl0Yjt2EwGvAXu4LtcOdH/RMmMd1NKiBWHeUONA7pIwtYY+rSi+TzzB0GkDGpp7Qs/S0va4tpq1rg4cobnLOiBSFrkLaI5F0qJXDPn5vdGflV3ca5oV44P4vozvUEn33mT1l8bi6SPOy9BN4QuRDFAdMnmsUkWU+jERbGb6QzFPzPr2ZRxtlvSRCRoYgLxmBujA4eiecWI0g7JB9Oj4HEmEfO4dSf0MPuatEqfJClglt/VPDAsz65IM9Nei2bub5insfO964vTsEGblf13ZyLmuZLhfRwdhN6+cJdVSHiXtPEkI9h6fbxZDw98X2Kts+NVXiiryUiODEJgCb1frOONCZ3sEpRWilAekxYjTSCwOg6oW/US8s++ljm6kb2vqg9OP/cPa7idwJx/c8VzXFvQZoxCYTMQ482VMfGa5//4JqxuxDBVE2JHEwPnQ+uSgdRs4wJfjL2+CvfeOtlpg7tz8BuKZFEJf5P80nz5tbezae7HxI3OnOdHohlFL9QkeYINDSx0k0C/4Yuc0YfRsqPbZRx8FXLYNrMGSm7WNLnNPJ04i6vhn7vOD6oGcRBfQ8FZMXQsZNZgPKZ+bnh44GpLu2ARBrd76WuNEoxTgw2LgI81pJ3MzcMVb530ePVf8Mq9UrNs6M3V8H5/t1xNm6vfjlhGL+QZbpwXaPBjeU86K7d3r7iZ6W2k/+iLkxLI2bz39kNfAXnci9P/G24P3uhAQWTa5LKG9PhMY9oPkJuJTNAg3ZR0Lycc2Nq3+h0U4mnEtejl6okoyacYUNtXJz5Iy0kKdcEPFgDWzsPya6tgp3/1rHOUk6+iHhmt0o49wrkbmAomNEN5kAN8F7ILAY6wfVU+H02dYM7EOS7TpjC1zy9pSJD1ItgGUTaC/6TXTrVY7L5Hdu8zMteDpqijaNrOY1RUTzURTDx/ga53r+YcozK4lvr4whKl45q2keIMhZF03TmtkQ5VYPjyv7tvo75Z0QotFuzNTb04ChMgDB+VnZzCwuO1lvWXnGB8+fOvr42ZjW9RB+cs8CUz5fLOes0la61+LPZf8KDNj3CURKknwglIJrabfJmquPRiJ9lGHgx4Y4wCcuTHPK8BMooDokBF1eJdLRr7Qn3jupJnqc63fRdHaQQG+PynP7syBROFLg/O0tGT40mc/Z8QBs3J7Eq01aM24RRrM5/5w+2gm5RPKart5eMIItR9BUFuyCvMVjnFKG13YpA5GhL+zJqKof7DacBhJMCRVNsNxsUOh/lkvHhFrvDQREM/cBnRB3ux4TkAeMvRy+0qiEUA+GdDcHn6HkhO+ot0NtWxpG+vZ6hxHMU1+VMw0mk0B/Hmomu+e1LDsl858UKNrNZKrJWUxd6SES5YZRptImaiQkuTtBVU+dzID8Q/aS/XyWIt1ADKmoRRKMM5H/uNSYufPgVYx8RAcpmKo5xpax61go/Vz/dovWFp6/kW7tUALaZDqnBgEto01pmJ9ZFdfYXFnQFifJ9UVFIlPQ33J1K/jDKYBUPSgl57QrG5JJzvnhWs5QxtPiomc2XIPcI+PnI8WNEdkAeMYkUpyoLRn49VPomOPzfm81ygvGOxAJytyI2faILKszSRS5nOw3asHq2ai0Eq6cL7sJu5CP8Ed7/ZspmfOMzQtZxGkZmaItWTN06NMS35qUq0MrOvbOZoXynsTQ9f/QnrITVTUky0Qd7FaYym72ZxlieQWCueKoyjrKxPYz3esryOxRGuTraE23pKgnep9MYgrp1p6GLbAICyMSKDYfwqd98Ren+/gTU9JyCKbpvamS5Vfrt62WFmKk3PR101M1lAA0CdPe0wiU/Dput258Gkq4eLkYzAgyJVMOoUXP+6CKEi2nyDRSAnflgG0/gvB3cg6orj0jAVJ+LfUOwRcO7ARjXlbqxe4sl6L2PiH8TbtXGNqpWwnDGk+8rJXaKcXAVyQxPy1NHiD06O8FUAmhZ4e5PpZ64i6UfKaiPrBuCH1no0CioItOCSNWmyFE3Ztfo3OI5c65+f5JfwqBvfwWdEZBmNeddZfVN74L5ElWk0FaHt4Dm8fw2bC40FqbVU2jbNnTdIRfYJhEPo9VyG0AA==,iv:3O+SAjX/D4k9SUmGKAfriyOAKaH2Jm4tAbfKDOoZts0=,tag:3yeNyl9TjlENfV+IxZkj/w==,type:str]
|
||||
zammad-key-base: ENC[AES256_GCM,data:62Gj7zyDGGMTVOv2YvrNVDIX+fxt94KVQ/EJBIqXssM6nrKN7veh4sIoLy3+/KwEMpCL3cnb3x7BKXDndnjulfVuF6pTDUEaiH/8YC5YPp+N3imWRTFYDsCJEkB7AsXkuVCH7f0MoMO3v+56BBYFEAp9E7wVT4Jdid7h56zfzaY=,iv:MMvHSUhNaIZb6XBBXBJlqolmXzPKuiFH0jQxlKnK7GY=,tag:2PPZtcD9wWBI1mokXAfMxw==,type:str]
|
||||
invidious-hmac-key: ENC[AES256_GCM,data:UZM6COUUHgLu/OVjkkp7rvzhiXBo5O4V/X+8ig==,iv:VX46ainev8JfGNic9FpnYlP7ZQMpTrMwDH0kW/l776s=,tag:HkQwPt23lHw7TQj9HqFIhw==,type:str]
|
||||
invidious-admin-password: ENC[AES256_GCM,data:YEdvUckgHhq23fa0ZDLvZM9/yRiClqT5LsoX6tPhNTi9rKTFUHwNrCKLZAr8dafbaw==,iv:romRuJxhQqSQMNepVS04Fu4e3SpA0yl7P8LUI1R76Iw=,tag:puncGz4EH5qkNfHRzjEdBg==,type:str]
|
||||
invidious-companion-key: ENC[AES256_GCM,data:HERKJBEyZbdxLcButZZ+OA==,iv:RHXz3OdnR+6Y/GefC7NoSYAmJ9RrxkCO25jms0E0fRo=,tag:pDtK/LCVnXmCJBHfo9Yz1A==,type:str]
|
||||
dendrite-private-key: ENC[AES256_GCM,data:ANQ9bFh4z03C755/Q1CKdPDMkBzqKXS64pJAvj975eMJfsfEXUfX72tRAJL/p3ok7iC4PZkM0Rp+ILjS24PyJHjAzIRLhP1P4NE0PFLQEuIBr7Z5D+s2E9rUDno7HtUSC5/Ht4qPTe7nhwwk+KM+OsuQJHfjm/gRxp3izcuha5qbErW/IWgiy6o=,iv:kwdbrb3UGx/3viNve6Zg1KrE4djt5pO02Nxdl6h7jhA=,tag:EXtYO6+TTnOJxYjelCRvKw==,type:str]
|
||||
matrix-shared-secret: ENC[AES256_GCM,data:jDQXFuBtWrDRWG8y/4pT67oNyHmkTyzwvMb9daAmlNBwqNc79fKS28ODbbkcHUkDl2ueDdysLY3l4zmM,iv:tkHi0ufo2rLm88gEPn4I3knl61raFWbYbJvRCl5Vwr0=,tag:JBo1ud52EOWxowStCdU/ug==,type:str]
|
||||
n8n-env: ENC[AES256_GCM,data:+pYI9J8wqY19IInhlomeGraw0zTFuHh3q6hPfGmcUrRzijc1xW1qI0sMADoakKrcN4mh/G+DzSu3D5fdWpEME5874xWn4iJvLuySVfjIyAzUWzadv3BDqMVEri6MdQUGuI71eBACb8iYLyHUUcy2Tso/KCPfT84oAJ5DXN3ccUBOKpAcjSbR3f1vuZfKBknAuomYmu2py+lOQnmXYvVbwkbstK77U38OOIJTktJE7BYqqt/m6NbGRZpm2Muu8l/NHHtiK1UeK9LtUlXm98iKC7ZOylQb+zAILhAihAohOaFIni1DRFKVv4FqaoQ2UsfQKyYoqKnbm/UraE27TQ+4Jpi28nbOR4GuZpkF29mZ7e/9OxOcJztgjUW+zKQKXsE=,iv:mmtFUEanzDIKuoOQvJ+Tm/Dn7DKXeXqO5geOFwxyVzo=,tag:8BSrrzu+rX6VpcEhUt32ag==,type:str]
|
||||
n8n-git-key: ENC[AES256_GCM,data:owmAGcmEOw3HKVY7QMko7/5gO/6nWkWO5q+R1C/Q0KwPwVLKU/4GKS1TXcIPo+kB74nlgiKJ77hu7GczzJT8qIQp2kYi6OE+y/+sSBx90T5DBjS2CSJWZOuAgJOmaPE7zmEnEK+PQWMwfqgDOi2WnV9g/AH1ZtIVqbrarAX20Ma6Cqxcd8ZvGsA3tG79jhWt3VCXhM0Zy2sIbin7uafgKdBtswbdzTxS3UCVaFpJqFkeK7oKLATP2NC2MuB9V/DxbN3QK3TzRkjxmD+msgEhnVRyCbo6Y1SBbLfIv9QUcdwZ/gSurJGUh8JyfQykDsn2smLocTqtM2vau21LQBS2ODMhIs3+0DNzz2sPK+PNuR1qJVM9El0pe7mpgSP3EP2OQZIPwZgYq5HW825Qsnpslrcb6Rx2Csx01P4Xx4PATX5fGbnAlOTGwm34juOHYkWqPVwUqmx53evv4lNuj8xJi97s2zbIzFpDgOU/+fZ0NM0UYfwI8Vp4UAcKUiOSUzyzNODEfkpQtLAc8oqXq14C,iv:0GtMeydlw3hWzLSoLQfH88STq2lRC01xKRTMaWocsFc=,tag:eVbQnugJ8wMHQAAmRKtEkQ==,type:str]
|
||||
phpldapadmin: ENC[AES256_GCM,data:0ce+P1JUQY6PrC/NX3gNIFPBA/1gAqzYTjR+yW7WqeOkmqKI+R/oSNIdnscrbHnz3rrGcCOV7xD0u18YBeiAbLVCxVfLePa04C5l3bGMWmhqGvcrNLoxk6dK/M0FXgf4qoVTBfwsUWDaTHUFTfLgffPFR/Qcpvc0Zl447CTQzGBPr7IfpiioR6Lt8LAyKLyc/C7NezEFZtDhNK9dsFGAAPKGykKGQUW6J3E+hs/iF38lTmUFM1Jo8z71N/2faBYwggoRLFcvZIZA2g1xKPHzUqbvU2lemE7bQiwi50bSGvAb39OszCZhAGo=,iv:zde4W0Jv8gtUuMsctrc7moOjF2ci+U9+7Mx3X0doMJg=,tag:6cyKEeVOUvqhFhznzWgVcg==,type:str]
|
||||
piped-db-password: ENC[AES256_GCM,data:AWCGHzXnZ4KPgrzPyJVzyQKBwcAa2NDwfOTiitvoAJ6qG/7eeBieFD1L3MU=,iv:A6YYQBOGzkqPEGWdJmGmaxYlMsTUw6CiwriWWIo6T1M=,tag:ANWKHBKTgfq+sbif0yQ4XA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6bUR0Q3U1ZldrejRSTE5z
|
||||
dU1IeThPYTZPTWVFTXBrOUo4ckJrZlVac0cwCkJ1ODcxRGdzbG0xMFI1ZlhSNWoz
|
||||
aERRcHRMRXNyYVZOcGxJVzA0UGNHeW8KLS0tIG0vUkJVYk9MeWI3cXRUaEQyTUlD
|
||||
bm4xUWxYaDNoMWRZNmhBeDJCQWgva28KTI0NIhKKwAl+5ERTtd+Uv4Vrc61rQXv8
|
||||
OpuwORiKD2hC+eYmdTTbzdRozRmuhW1ZV+jQsAag5a5QMJ1J/4cQvw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYNVBOdGZHbmc2b2UyVGNj
|
||||
aVJkV2RwYVlvTzBURndiVTVhOFFJRDVEckJ3CndyVk50UGUxNDE1dS9rblQ5VkZh
|
||||
aGtYZitMNDhDUi9xczQ4cGNXK1NvOGsKLS0tIFVHSWErVHhma09BcFlzd2x1ZTBj
|
||||
eXN6NlpjdDNVci9oQTZGRTJ3ZHNHencK53kJSr3udGgPUsaDxYny6gkWXRCldSfM
|
||||
kGYpeGMh2CGc9x5x2L3JlS3EbGPerblva/6wvmoszI2uL/hZzU/g8g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1exny8unxynaw03yu8ppahu5z28uermghr8ag34e7kdqnaduq9stsyettzz
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3RDlsR3RQcWZNSnlBRkx3
|
||||
YTFRQ1Z6VytGd3MrdXM1L1BwZ2xIWHdYWFJ3CnFSczJTelh1NitldDhubEZmMngz
|
||||
bUhnOEQ1a3dNZmxKTlhRWVRKbFMyZGMKLS0tIDFja2psQnJmOG95RWpkL0RkeSta
|
||||
clAvTnR3TWJaTXRqNFM3RnhyMnEzcWsKp4iGnlaGqF81vTCtr7QHfT0TF+zeT2fG
|
||||
Xp/fgcUvubAvLWkaLxymF+8DXSZEipKy/M3sikiYEXBUP9WKdL92NA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhZDJUVXo3bkY0Mzc1RDNG
|
||||
RXZBRXVSVXpDKzJFdWNpS1RqcEdQUEF5d3hrCkNqcC9CY1I0RzRWdGcwREpzbEt5
|
||||
d1liOVZEWUEzTWxzZU8vaTZFQzNWQ2sKLS0tIDNYeEt1RlozaGdYNnhpWmZwMGVE
|
||||
c256c284cmFhUWhQeE5rY3JDY3liekUKIPl8/qYgp2JlVjw5t5PnvS4II+YU1V+C
|
||||
K7WOVpqIGi5F4Taa3SOtNBzRs7jbdTEE231C4zwZnBucZoX9gGVC+w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhSUI5MHJSajB0MjJUNHhZ
|
||||
L3BLN09aMjRxQTh6Q3MxaktzcGJGSDlVZVRZCloxRW1yWlYwd0hGRVFYNzdidnF2
|
||||
U0EwMnhyY21mT0Z4eUc4Q2VHMmxCTk0KLS0tIFdVeDlVZzB4OWlXY0hBVUJyUnNq
|
||||
U1g1MXRhTlYyTktTOTRhSVN3V1kya0kKTTxtLGwaTsZ2QhZbYeE777Fj3FJJPmbo
|
||||
obE8R5CGiHT+1qrR9TqA/UKWwd7zWNruHQT3O8qhjbWKyurmqUxlqw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTTERxOHJxTW5Gdk45Ukxx
|
||||
MjkzWFpuSmdBT1psbWFsSENBVURnb2pObzBFCkZNY3dEeHVSbWpKUVlRSnVEWk9r
|
||||
cUs4NHNRSWd2OGZ3R2tqcDZqR3I1SmMKLS0tIC8wTkpBUW5PLzFidVJkcFVIL3pP
|
||||
elhqbCtTN0FyYVdBNEhyTkVacHEyY0kKJam6XZgN7INkIThBPyZ+vi4xhknY7GVJ
|
||||
57aIYLI6xMvs5E+120qVjXxoo29kzs2uwnKzlbAqMJIY/eoDWW33XQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1gjm4c3swt8u88e36gf2qlg3syxfc0ly94u64c42f2tsf24npw4csa6e4fw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHK0JsQ3d1MWt0a1pjVHNT
|
||||
dE52K2IrTyswbTMyYiszbjBvZExvcGNNUGs4CjB2Z0p3WUEyOHU2UFloNHRIcVVa
|
||||
OExQN1p0UzRJaEtMMFhZWjhPZWhOclUKLS0tIGZDb0pTYnZ2ek02S3c1OXhBVjZ1
|
||||
dE9JSGJKd0JKQVE4eXN2UWh5WHVUc2MKWjLJFNm7Ithf1qEOMBb6pxRp91dR1MzP
|
||||
0En9N1BxtK/LP66OVWTl6c7rnmx/domdt5YRQusXuWDL3yg05hEfqA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlTUJHTnJOL2pJM0ViVEZh
|
||||
SzdNdjlScG1OMDlTSTlLSXdOcTJwOUpWeFJBCjA4UEpFaEZNRGRMSENHWXdyd2RE
|
||||
akE3T00wUC84Y0JSSldkaGh3TU5CL2cKLS0tIHpURHdSMnRBVHNrSk44ZzBUQTRC
|
||||
QlRRcFVzby9namhkOGJ6Zk9TVGxMbDQKEyd9Tf67JclHM+kWZxpXl+g3+cMimfHI
|
||||
VfeF0z7zBcPuLb6xIzEHmXDn6Z3EeCYOq975nQde2JSpmKIZagerhw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-11-03T00:25:45Z"
|
||||
mac: ENC[AES256_GCM,data:pJPxZS3FIXyQuo65ya4osPZCGz09fpQ4FDzl2rVj95Xg5nWokEqFh9HJdp8YgWTa71PsxJEZSguYtpORrTNtn/yp1/GhdzZgf8gZhzl0TZhna/Yc6anrOJpdLE0RICBDUJC78heeWJe9QWguiDu5y+WHn+q8khHG2dyvOOUza68=,iv:Of8DcXBhBxDtEi+tFVYFVy5g3RpgJ2mykAvTsLtL19c=,tag:o4IkNmzHS/qhrMBXt2PMbw==,type:str]
|
||||
lastmodified: "2025-11-03T12:45:54Z"
|
||||
mac: ENC[AES256_GCM,data:1+D1VGQ19gAfEL30hUN6BeBxVnYLvkQ1lV48WHeTcM0mlWl9z1KI6eencwNfHw04fnJzt9VNOClw+p8ekRTygUnUOMSEh9QQCGuCaFU7s+vRwtafO4t5Ip00b5P+TM3HEbSFNBRO19+Btqk1sfYZv1u3YemST/v57Y9tk/yx09c=,iv:Ea1KnGony2CvGHB5x0PBqLSb8faxTVbjDPo1F1Sf9bo=,tag:hduJprCw11FJB0bpF8dSHA==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.11.0
|
||||
|
||||
130
scripts/update-ai-mailer-hash
Executable file
130
scripts/update-ai-mailer-hash
Executable file
@@ -0,0 +1,130 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
# Colors for output
|
||||
RED='\033[0;31m'
|
||||
GREEN='\033[0;32m'
|
||||
YELLOW='\033[1;33m'
|
||||
NC='\033[0m' # No Color
|
||||
|
||||
# Script directory
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
|
||||
|
||||
# Check if commit hash is provided
|
||||
if [ $# -ne 1 ]; then
|
||||
echo -e "${RED}Error: Commit hash required${NC}"
|
||||
echo "Usage: $0 <commit-hash>"
|
||||
echo "Example: $0 6de059dca7cc9c053b56f26ff14edb77083fad73"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
COMMIT_HASH="$1"
|
||||
|
||||
# Validate commit hash format (basic check for 40-char hex or 7+ char short hash)
|
||||
if ! [[ "$COMMIT_HASH" =~ ^[0-9a-f]{7,40}$ ]]; then
|
||||
echo -e "${RED}Error: Invalid commit hash format${NC}"
|
||||
echo "Commit hash must be 7-40 hexadecimal characters"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo -e "${GREEN}==> Updating ai-mailer to commit: ${COMMIT_HASH}${NC}"
|
||||
|
||||
# File to update
|
||||
PKG_FILE="$REPO_ROOT/utils/pkgs/ai-mailer.nix"
|
||||
|
||||
if [ ! -f "$PKG_FILE" ]; then
|
||||
echo -e "${RED}Error: Package file not found: $PKG_FILE${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Step 1: Update rev in package file
|
||||
echo -e "${YELLOW}Step 1: Updating rev in package file...${NC}"
|
||||
sed -i "s/rev = \"[0-9a-f]\{7,40\}\";/rev = \"$COMMIT_HASH\";/" "$PKG_FILE"
|
||||
echo " ✓ Updated rev in $PKG_FILE"
|
||||
|
||||
# Step 2: Set sha256 to lib.fakeHash to trigger hash discovery
|
||||
echo -e "${YELLOW}Step 2: Setting sha256 to lib.fakeHash...${NC}"
|
||||
sed -i 's/sha256 = "sha256-[^"]*";/sha256 = lib.fakeHash;/' "$PKG_FILE"
|
||||
echo " ✓ Updated sha256 in $PKG_FILE"
|
||||
|
||||
# Step 3: Build package to discover the correct source hash
|
||||
echo -e "${YELLOW}Step 3: Building package to discover source hash...${NC}"
|
||||
BUILD_OUTPUT=$(NIXPKGS_ALLOW_UNFREE=1 nix-build --impure -E "with import <nixpkgs> { config.allowUnfree = true; }; callPackage $PKG_FILE { }" 2>&1 || true)
|
||||
|
||||
# Extract source hash from error message
|
||||
SOURCE_HASH=$(echo "$BUILD_OUTPUT" | grep -oP '\s+got:\s+\Ksha256-[A-Za-z0-9+/=]+' | head -1)
|
||||
|
||||
if [ -z "$SOURCE_HASH" ]; then
|
||||
echo -e "${RED}Error: Failed to extract source hash from build output${NC}"
|
||||
echo "Build output:"
|
||||
echo "$BUILD_OUTPUT"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo " ✓ Discovered sha256: $SOURCE_HASH"
|
||||
|
||||
# Step 4: Update package file with the correct source hash
|
||||
echo -e "${YELLOW}Step 4: Updating sha256 in package file...${NC}"
|
||||
sed -i "s|sha256 = lib\.fakeHash;|sha256 = \"$SOURCE_HASH\";|" "$PKG_FILE"
|
||||
echo " ✓ Updated sha256 in $PKG_FILE"
|
||||
|
||||
# Step 5: Set vendorHash to lib.fakeHash to trigger hash discovery
|
||||
echo -e "${YELLOW}Step 5: Setting vendorHash to lib.fakeHash...${NC}"
|
||||
sed -i 's/vendorHash = "sha256-[^"]*";/vendorHash = lib.fakeHash;/' "$PKG_FILE"
|
||||
echo " ✓ Updated vendorHash in $PKG_FILE"
|
||||
|
||||
# Step 6: Build package to discover the correct vendor hash
|
||||
echo -e "${YELLOW}Step 6: Building package to discover vendor hash...${NC}"
|
||||
BUILD_OUTPUT=$(NIXPKGS_ALLOW_UNFREE=1 nix-build --impure -E "with import <nixpkgs> { config.allowUnfree = true; }; callPackage $PKG_FILE { }" 2>&1 || true)
|
||||
|
||||
# Extract vendor hash from error message
|
||||
VENDOR_HASH=$(echo "$BUILD_OUTPUT" | grep -oP '\s+got:\s+\Ksha256-[A-Za-z0-9+/=]+' | head -1)
|
||||
|
||||
if [ -z "$VENDOR_HASH" ]; then
|
||||
echo -e "${RED}Error: Failed to extract vendor hash from build output${NC}"
|
||||
echo "Build output:"
|
||||
echo "$BUILD_OUTPUT"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo " ✓ Discovered vendorHash: $VENDOR_HASH"
|
||||
|
||||
# Step 7: Update package file with the correct vendor hash
|
||||
echo -e "${YELLOW}Step 7: Updating vendorHash in package file...${NC}"
|
||||
sed -i "s|vendorHash = lib\.fakeHash;|vendorHash = \"$VENDOR_HASH\";|" "$PKG_FILE"
|
||||
echo " ✓ Updated vendorHash in $PKG_FILE"
|
||||
|
||||
# Step 8: Verify the build succeeds
|
||||
echo -e "${YELLOW}Step 8: Verifying build with correct hashes...${NC}"
|
||||
if NIXPKGS_ALLOW_UNFREE=1 nix-build --impure -E "with import <nixpkgs> { config.allowUnfree = true; }; callPackage $PKG_FILE { }" > /dev/null 2>&1; then
|
||||
echo " ✓ Build verification successful"
|
||||
else
|
||||
echo -e "${RED}Error: Build verification failed${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Step 9: Test configuration for fw host (which uses ai-mailer)
|
||||
echo -e "${YELLOW}Step 9: Testing fw configuration...${NC}"
|
||||
cd "$REPO_ROOT"
|
||||
if ./scripts/test-configuration fw > /dev/null 2>&1; then
|
||||
echo " ✓ Configuration test passed"
|
||||
else
|
||||
echo -e "${RED}Warning: Configuration test failed${NC}"
|
||||
echo "This may be due to missing secrets or other issues unrelated to the hash update."
|
||||
fi
|
||||
|
||||
# Success summary
|
||||
echo -e "${GREEN}"
|
||||
echo "======================================"
|
||||
echo "✓ ai-mailer updated successfully!"
|
||||
echo "======================================"
|
||||
echo "Commit: $COMMIT_HASH"
|
||||
echo "SourceHash: $SOURCE_HASH"
|
||||
echo "VendorHash: $VENDOR_HASH"
|
||||
echo -e "${NC}"
|
||||
echo "Next steps:"
|
||||
echo " 1. Review changes: git diff $PKG_FILE"
|
||||
echo " 2. Test locally if needed"
|
||||
echo " 3. Commit changes: git add $PKG_FILE && git commit -m 'update: ai-mailer to $COMMIT_HASH'"
|
||||
echo " 4. Push to trigger automatic deployment"
|
||||
@@ -6,8 +6,8 @@ buildGoModule rec {
|
||||
|
||||
src = fetchgit {
|
||||
url = "https://git.cloonar.com/Paraclub/ai-mailer.git";
|
||||
rev = "56c9f764fcea2834fefac28f446b86c52f3274bd";
|
||||
sha256 = "sha256-zOabK0OWh0iHEL0kMC74i4rYnUlry57dGQE4k/wqDG0=";
|
||||
rev = "6de059dca7cc9c053b56f26ff14edb77083fad73";
|
||||
sha256 = "sha256-EPW0yLu1XHejEsU25ACO5FjxxCneVMlLmy1ZEHYqFtQ=";
|
||||
};
|
||||
|
||||
vendorHash = "sha256-h4RaB891GXAkgObZHYil6BOvbYp6yJSRxRj40Fhchmw=";
|
||||
|
||||
Reference in New Issue
Block a user