kartei/makefu: update telex key

flake.lock

@@ -9,11 +9,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1724150417,
-        "narHash": "sha256-BF7UsEHmXvaVZc4m/pHEKxR122N34NgIpK0CPAXd01M=",
+        "lastModified": 1725761443,
+        "narHash": "sha256-RX3qnLYaFxlvOAYL6WsM5nGjNnMZQIgKIpIxigPmiAU=",
         "owner": "Mic92",
         "repo": "buildbot-nix",
-        "rev": "2d1bd50430303caf22bca06069e9f9bf3ff83f82",
+        "rev": "ade5f42d7e56c8298d729aa0e804c8062e7a77ac",
         "type": "github"
       },
       "original": {
@@ -30,11 +30,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1722555600,
-        "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
+        "lastModified": 1725234343,
+        "narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
+        "rev": "567b938d64d4b4112ee253b9274472dc3a346eb6",
         "type": "github"
       },
       "original": {
@@ -61,11 +61,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1723991338,
-        "narHash": "sha256-Grh5PF0+gootJfOJFenTTxDTYPidA3V28dqJ/WV7iis=",
+        "lastModified": 1725634671,
+        "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8a3354191c0d7144db9756a74755672387b702ba",
+        "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c",
         "type": "github"
       },
       "original": {
@@ -90,11 +90,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1723808491,
-        "narHash": "sha256-rhis3qNuGmJmYC/okT7Dkc4M8CeUuRCSvW6kC2f3hBc=",
+        "lastModified": 1725271838,
+        "narHash": "sha256-VcqxWT0O/gMaeWTTjf1r4MOyG49NaNxW4GHTO3xuThE=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "1d07739554fdc4f8481068f1b11d6ab4c1a4167a",
+        "rev": "9fb342d14b69aefdf46187f6bb80a4a0d97007cd",
         "type": "github"
       },
       "original": {

flake.nix

@@ -13,7 +13,7 @@
 
   description = "stockholm";
 
-  outputs = { self, nixpkgs, nix-writers, buildbot-nix, ... }@inputs: {
+  outputs = { self, nixpkgs, nix-writers, buildbot-nix, ... }: {
     nixosConfigurations = nixpkgs.lib.mapAttrs (machineName: _: nixpkgs.lib.nixosSystem {
       system = "x86_64-linux";
       specialArgs.stockholm = self;

kartei/feliks/default.nix

@@ -18,6 +18,30 @@ in {
     mail = "feliks@flipdot.org";
   };
   hosts = mapAttrs hostDefaults {
+    ioka = {
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.10.242";
+          aliases = [ "ioka.r" "ioka.feliks.r" ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIICCgKCAgEAwmwpsohYq/KJTXvUmacsFqolf3Me2dG5NypdosJT5jIVjQMa5M6U
+            HWpkfOFi3v0NTiUN8OP3714N1hF7x+Lq/EVYSSxT1bB4IWSIyaVLmSjs+sycHRKK
+            zvOL249iOqdyFjAeGVXmLw/zYOH6uzdJpRvlgMcGT5BPL+Jx+G5KUZgeqkDDDpcy
+            1j+6nCyBRn9yK0yfZ5z6LJQqLCJzZ4KE5ym6t8RqgRXWchewQP/aYxtk1dn03GEn
+            NSiJmjb3QtKM1ZWAMNSCJ0xdPNQtMp7Xi4EdwDcyNAmu+Tk48MSV/G4TL5PXAV1p
+            WYWS6KxAc/huwKW/HCGFAj7d7cTMd4XzcN7fMg6gAs4GQTVn7AYelMb6teAGZj5Y
+            ifHmhl5Sy2umuDBhUWAfLDZu97gmF2ZlpO48VG/ZJjKejw9gP8u3Qek3+4iO22wM
+            xrj1ZZEuxhEyJu1OYNr/MES6h5l+FdiVpV6JMpzOCGhiVRN4z4FzUHcUixFIgJni
+            zlr0h6c0fJh4mEmOSu2WwNV7xMmqWe7SAcLOnvRaAqBfAprIvy/rpcB7Ji1gFcMq
+            4k/GkbKD+8/NZxujAJhyUo08JNHb0TACZiVIhbaafsEEgRQZBs9wa0u7MMzqlwXP
+            1ewjfwmfEQa7yEt0BQVjYm2C017IWngXv0dU49gVDGh9MMG9EBcS4scCAwEAAQ==
+            -----END RSA PUBLIC KEY-----
+          '';
+          tinc.pubkey_ed25519 = "jhPsb07ilQDliw8H9lQ1JQ5Potj+//HwNSD7+OHdFvD";
+        };
+      };
+    };
     papawhakaaro = {
       nets = {
         retiolum = {

kartei/makefu/wiregrill/telex.pub

@@ -1 +1 @@
-yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=
+Y6fOW2QDt0SsHT7hSVzzJYQVB3JI/txO4/FDB54Z52A=

krebs/3modules/git.nix

@@ -391,12 +391,14 @@ let
       };
     };
 
-    services.fcgiwrap = {
+    services.fcgiwrap.instances.cgit = {
       enable = true;
-      user = cfg.cgit.fcgiwrap.user.name;
-      group = cfg.cgit.fcgiwrap.group.name;
-      # socketAddress = "/run/fcgiwrap.sock" (default)
-      # socketType = "unix" (default)
+      process.user = cfg.cgit.fcgiwrap.user.name;
+      socket.user = cfg.cgit.fcgiwrap.user.name;
+      process.group = cfg.cgit.fcgiwrap.group.name;
+      socket.group = cfg.cgit.fcgiwrap.group.name;
+      socket.address = "/run/fcgiwrap.sock";
+      # socket.type = "unix" (default)
     };
 
     environment.etc."cgitrc".text = let

krebs/3modules/iptables.nix

@@ -108,12 +108,12 @@ let
     })
     ({
       krebs.iptables.tables.filter.INPUT.rules = map
-        (portRange: { predicate = "-p tcp --dport ${toString port.from}:${toString port.to}"; target = "ACCEPT"; })
+        (portRange: { predicate = "-p tcp --dport ${toString portRange.from}:${toString portRange.to}"; target = "ACCEPT"; })
         config.networking.firewall.allowedTCPPortRanges;
     })
     ({
       krebs.iptables.tables.filter.INPUT.rules = map
-        (portRange: { predicate = "-p udp --dport ${toString port.from}:${toString port.to}"; target = "ACCEPT"; })
+        (portRange: { predicate = "-p udp --dport ${toString portRange.from}:${toString portRange.to}"; target = "ACCEPT"; })
         config.networking.firewall.allowedUDPPortRanges;
     })
     ({