1
0

Update from updated-inputs-2024-05-11-01-03

This commit is contained in:
clerie 2024-05-11 03:05:07 +02:00
commit 79f78cbec7
41 changed files with 200 additions and 362 deletions

View File

@ -14,7 +14,6 @@
# Deployment # Deployment
bij bij
colmena colmena
agenix
clerie-sops clerie-sops
clerie-sops-edit clerie-sops-edit
sops sops

View File

@ -1,26 +1,5 @@
{ {
"nodes": { "nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1682101079,
"narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=",
"owner": "ryantm",
"repo": "agenix",
"rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"bij": { "bij": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -59,28 +38,6 @@
"url": "https://git.clerie.de/clerie/chaosevents.git" "url": "https://git.clerie.de/clerie/chaosevents.git"
} }
}, },
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1673295039,
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"fernglas": { "fernglas": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
@ -283,11 +240,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1715087517, "lastModified": 1715266358,
"narHash": "sha256-CLU5Tsg24Ke4+7sH8azHWXKd0CFd4mhLWfhYgUiDBpQ=", "narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b211b392b8486ee79df6cdfb1157ad2133427a29", "rev": "f1010e0469db743d14519a1efd37e23f8513d714",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -299,7 +256,6 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix",
"bij": "bij", "bij": "bij",
"chaosevents": "chaosevents", "chaosevents": "chaosevents",
"fernglas": "fernglas", "fernglas": "fernglas",

View File

@ -3,10 +3,6 @@
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-krypton.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-krypton.url = "github:NixOS/nixpkgs/nixos-unstable";
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
};
bij = { bij = {
url = "git+https://git.clerie.de/clerie/bij.git"; url = "git+https://git.clerie.de/clerie/bij.git";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -37,7 +33,7 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };
outputs = { self, agenix, nixpkgs, nixos-hardware, chaosevents, fernglas, nixos-exporter, solid-xmpp-alarm, ssh-to-age, ... }@inputs: let outputs = { self, nixpkgs, nixos-hardware, chaosevents, fernglas, nixos-exporter, solid-xmpp-alarm, ssh-to-age, ... }@inputs: let
lib = import ./lib inputs; lib = import ./lib inputs;
helper = lib.flake-helper; helper = lib.flake-helper;
in { in {
@ -115,8 +111,6 @@
overlays = [ overlays = [
self.overlays.clerie self.overlays.clerie
(_: _: { (_: _: {
inherit (agenix.packages.${system})
agenix;
inherit (chaosevents.packages.${system}) inherit (chaosevents.packages.${system})
chaosevents; chaosevents;
inherit (ssh-to-age.packages.${system}) inherit (ssh-to-age.packages.${system})
@ -136,9 +130,7 @@
chromium-incognito chromium-incognito
iot-data iot-data
nix-remove-result-links nix-remove-result-links
nixfiles-add-secret
nixfiles-auto-install nixfiles-auto-install
nixfiles-generate-backup-secrets
nixfiles-generate-config nixfiles-generate-config
nixfiles-update-ssh-host-keys nixfiles-update-ssh-host-keys
print-afra print-afra

View File

@ -9,8 +9,8 @@
enable = true; enable = true;
ommIp = "10.42.132.2"; ommIp = "10.42.132.2";
ommUser = "omm"; ommUser = "omm";
ommPasswordPath = config.age.secrets.fieldpoc-ommpassword.path; ommPasswordPath = config.sops.secrets.fieldpoc-ommpassword.path;
sipsecretPath = config.age.secrets.fieldpoc-sipsecret.path; sipsecretPath = config.sops.secrets.fieldpoc-sipsecret.path;
dhcp = { dhcp = {
enable = true; enable = true;
interface = "enp3s0"; interface = "enp3s0";

View File

@ -0,0 +1,27 @@
{
"fieldpoc-ommpassword": "ENC[AES256_GCM,data:F856G4jZjbj7RQ==,iv:svnlwqEPMDHHlSSv5Anv7w7TlDjHUBmKqiBL+IBV+1w=,tag:fnySgzaHzf2paWEBwD4DYg==,type:str]",
"fieldpoc-sipsecret": "ENC[AES256_GCM,data:ysnHLFHPbOcgTfoAmZy+3Q==,iv:6G66WDGzuyfTzezVK0uwY5Ihv22dR7x7g/A1fvxUhjk=,tag:WUVNU6Bw5u0kyHpyFsKmaw==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age12nr9jt7u04ef0uf3h3pmh5wsw0t5ax7flwtk0t57zhsqj7s0lvnqxdgtu4",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2SVJHaWVpVFRtZ0tiTElr\ndk5jem4xbm1rTDdkNFdEanR3eGljak4ySUFrCkVSKzhOMzB6elR6WlFtaW5vTXZK\nVE1TZ0pLcmo5alJnL2thVWVvRmV5YjgKLS0tIFJUY3pVKzhoSDNpQ0Z4TC9vdmNL\nc0RlZ1pVUmhIMjRPd1ltZFBlMXZhZncKgtH6HYaK9GLPmwHpIRXwwyhWLqHVvhDV\nRCusRPXi7vpl9Codn/gKa1yhtS+Nbrftpfibcf4Zpp6tbICBJw6Chw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-05-10T12:55:36Z",
"mac": "ENC[AES256_GCM,data:rYVMHm97fym9o88cF6IjPsOl1ZgIafIlvw3BhS3y1tFKuiIAmsqL+DvD+yy8oLz2atvyxIdcKihDRNoriC6V80WZg2jqedSbkK0QQHng8z+9KE0SAfoacuJqb/SMULOPVvW81Zhox3Y0fbSVdO3WScx7Z0czNBZ0JGWVObRFbHY=,iv:97/B4g0JTHLlyR9yV8xqhhDnkDDfS9VhsXFb8v3pMVs=,tag:No47WYn/Uk6R2mq2j2gpzw==,type:str]",
"pgp": [
{
"created_at": "2024-05-10T12:54:53Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPARAAqgQosLYib0E8DjzA2YFhXqSvsDhRQblHDMNgTuO2/LkB\nVFj674m60/04eFHkUzAo1Ix9W8ji3Q/vVLJ/bLcfx4mGS7atBNzCFHlRrXPcSS5v\nMyihaRqfusweNTwYF64aQ2iE/EWjEDRo4Ssl5aOoilnPHpIqaTyeIbejzHoZWqqi\n7GZttP33NiQP0iWVO4SXlwkF5yuZT6qaHjUIOQEGImz5q87eMUtTNm+Xf3Qx/jAw\nqSkxwN5ySMuMcMqGpShhztoXpe123YlvNr22fZzkBHU5AwakscC5nf8skaMc2Lrh\nJ/+qFL2tWdgEf/fPd7aYFEIuC2YdJRo+yGMZ9s2VjD9ZlBQUFd8KZhytxmzoO3rW\nNKPM7/4tMyhdomt+uKqQNrVDOFMdyR+xLowyGgVqn9MDDDcnQhEdGyqk+WEeQCWN\nXlrQEVshHvC0YTIIXoyFljmMo/z251FoVY8+PHZOQzAJB2RyUIzjEDTX3a7xDNff\n5j9THrSloPLXuW9lXQO8qX8h/50GbJ2Hjpapslx3jhYx7viOHp2h3ojXbNditrIE\nWHEw679IjgTuantfnTzy1NPtIVvH5twrncPRdRsOqVVL4UHI66O5SCATAuVFXM7O\n+ZlLZS3TnuHE9JDlmV1Ts065VB3iYxXA/3p78gCcVp9otQVeDSVq3PTmKzUCLbSF\nAgwDvZ9WSAhwutIBD/9xwPiMUY60fKMS5/BoFYxKB4Ml41MalHdSURmU5IMp5oax\ngykVOoWmOTw3pm90lsZg809SwO3rbJjejMzzUZZpN+vN2pJbZeqRaY7Av/y1K6Sq\nlWXY7Jzbw2bI3JDPVq0tetM4EixGyN+P5p4tVB07BxKzbaN7dCFWk8EkFZBS5Fg9\nQiqLBwk1EofEsZHEbw6BYPivYHi0Cy63ghQ8t66SfhMyh+s2t9jPFB7s24UACaOe\nQ2aC1CP+kDvEMIlS3StNcHGUvZ73/CAkbTmbb0gynFw3odNN7+8tWHmWL3J+0RaO\n0TfXABH8/A3zka97IoZvMt9SqO0FT9VrxE2xBp318rsTfQrkYN8UiiBfvGjI6Gc2\nlZ7qXgFa1tlzYmTjYYs6TCxyT0a8mCt7wOS5yFkph4pXEumJIhh7nmJlr3/gdapt\nwA/LhAq63+UNCGvAKum2XdfwycLDvxciyz40c0ZN25SDQ+2WQp51/GESvVQNDyIc\ngI+BTFSxVjW2Qs7WdN2dJeQ7bLmN0EpGNGszHYiz/T0zowvuUiOrfjVdoNigSPwR\nSeNDI7KQ+miLiqLCSSNTF6D3MlstHBXeEfGLbJ1qFvT4hX5ErI0xmn3lVeAeQIAu\nW9wMvtmMtt7XAef9hzyUUKvnkf3pQw+GBtvY4/pCJrFWKw8vADmLZ56t8UlNFIUC\nDAM1GWv08EiACgEP/icY5+u/9/LLXcnQ0gUsOwL1ChTAOnJxl2Dfu6Wdl/Xohe20\n6VsznYeAyOQ7pq0yweTRYejx96S5M1H+M6uZJPt4lMUaX4/WwM0zJeRH0nsaqbQT\nr6YUZX+jWKhVtuHZinmSLLo5Kj/DH2DPkDPH+ZZbPHjbsltPnYggx8x5NfseN1wO\nLe/dUCz3uH0LhgMpIxeQRWJSkstV64F907SyuU8fqaQJbq28YuEYZS99yE4VTUH/\nYion7EfHpAU54f9SfAahe4VL4hvDIKQ5qbC8JiiQnPYXElNwvQnDwOpysOAq9LQL\n0VXanXeQf/mXfjRc+NiiF+7sfavSRNmIkKOm8xEgdEASQ8lh4UDhoA8mcSnB1dFJ\nAt8YOmkPEC7kplF2wQNFI0RpI+xsJ4hxsCZ3QFoXNwHK1HbeEZ7/FxtSvzxFdXsx\nNyB7EagsIMq/G6R4J9rWCHAf9LKlnFNyVzMin2LoOUtp17yvODXOszKVEj38TMfr\nz9K31QTellrFzJCNTY1VwZyb1JJfiVsbGCqJTbILB3SYV36Lwb3neAvK1P4KsVFY\nDIqMHeY3oLoxLyHRajtjKxhYTwjB3c0ov2IAqOszAvwnO9YBClxeewMt2/Vv2Eok\nzgkEV3cTSZCtPPhF7+C/0bZ35A1MDNXaG1AyQS+4idN0a3LuIgROF3Ow8gB81GgB\nCQIQBdPtKSJqTekbsvXlb4HEHZmjdwjoinMUiuDjAsccGSAvuEqC85NLKjn3+KpK\n7nYnI6NAI6SJ4IUy6YJ4/nKPw6hKTEn442rhUDMmQ3dmCMQFBTLx+VSUpsHE2SSL\nyZ8fqDq6Dw==\n=LtRd\n-----END PGP MESSAGE-----",
"fp": "0C982F87B7AFBA0F504F90A2629E741947C87928"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

View File

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 HwR33w dvnkhXiz/AAZa3xT6RDx8OIQnBihgUiBddXtVB85JTA
NqFXVizLIgp08r41jP1myZ/sfOcHYRk7qvPrRjH0KUA
-> ssh-ed25519 GUpvaA X5Nhz0ppW4smw1cVZ0xPwcgcCREpcF4OHIjgwelm6Eo
N3rA06TZIEOgXGROcTUHlGSN4jpisGbMXX3WnHoIKek
-> }zICz2Kn-grease ;yh
NSFTNcxuAeDoIHy7HqGJn6FD7t3admS1EiIlVuPvcY0X8lqUKACMAym8GcCd2vrQ
VF1NK0BsKgW1j6uUFASqBn5/us2Nx6/mwxdaX4QBGINlkas+/zN53bM
--- e+nEDx4JO9clhnhTKZLeTuUdfRSHNJS+kY2UA46j8CM
öH>9 ã±¡­³§½(Pälû<6C>ª·k<C2B7>?CÚ<43>â,x¼}ÔW³Í?a*Ê

View File

@ -1,11 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 HwR33w IXd1561I7Ia8Vr1nlqcMCMN9xF0LXlpXPJUIW102UBI
KFpKJdE6ge2yE+kp1pYcHnmn3th0m0X2iETZ8rFze48
-> ssh-ed25519 GUpvaA VyC2gxp7m7uz9ba1qmjQ05Cbi1ZXpkCU9ydwpYMAlyw
LC3flGQhaBdl8LeJnG5HbEBXcmEbDarWqZ/XFGhUAoI
-> _7e:/rX-grease ~R' V
KlOMxJRircN7onkmcF3Omw8Nseg0kgx9CsqdRsWV9jVV8+aY/4SFRC2cllIDOIQa
71hNmC6LqcOW
--- zr22gxWcsyuMcUg3gXiIUPvbsV/dE2hRvWD+e6i1B98
®áð1â("ùîSb/ûQ<‡*nÉI<C389>ç$IgšfÔåX¬Ý† ­Ó
¤

26
hosts/carbon/secrets.json Normal file
View File

@ -0,0 +1,26 @@
{
"wg-monitoring": "ENC[AES256_GCM,data:+k5MgBrj/psMCE1T2jDtCCJI9Q7L+wJ3j83inNkeGp3LSUjoAPtBp4YoyL4=,iv:C19g/Lqi+cWAyiJBMNDtgLc3SDNI9bMBrBPWn+26mVY=,tag:9zIoawuGeGCMbOX1HKR/sQ==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age16mln27e2p58gu6dpxfclttmuzfnq39mv62kthjpps33g3nl3scfq449857",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3Rkd5WFE3aE5EQzY5ZXV4\nbXVGYmxTdVg1ekRpVjlRUnozY2tMTGloL21RCktjZW95OU9ZZ2owTCtMR1NxaXJn\na2VYS2ttb3VhSjNXOG84UUJtYU04QjAKLS0tIGd3aHM0RldFYnVFdDRVS0Vhc3BF\nckJhYmN6a1FJUC9ibks1cGlRaU1zbFkKE4ClunQ3XGAILwluC6iYFs+rlR02PdhK\njOmPbOlS0aNG0hoC7Z6aetgpj689AkJgl68QVcyvm+ecHH7TOT7l1A==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-05-10T13:06:06Z",
"mac": "ENC[AES256_GCM,data:Suz7S6XzlEMvVVRMb1YIkeiZWRcnadFeX6oswLiZSc4w35Xw/nn/XY1wsWTZEXj+TecEyhWJDzw27mKLRoqClA9BqPT0E1nzkXMjb2aTp72DjrI6VuBmbuUDBQgKDXToEfrv3/H5ovAT1s69nlxYDqUq185KR2eMqhsJPUwMRSw=,iv:0vj9ezTPxPyx751iEY++GMnzuQ/HM0tgLwAeJpk7CAk=,tag:7nYfqhy4R5JOYR0majlafg==,type:str]",
"pgp": [
{
"created_at": "2024-05-10T13:05:56Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPAQ//ZkYls0F1NMJDUkJw7tOO+pgRm6R8u29qNLAbGMtMGGqB\nwc69WpYfO7hy2IQKGcGBp/Qrp5+gpmNBGjyq6AKEaox1TKCu2drKVRClH/Htzjhe\niAllegoS1Z0W8RGze3C9i5SiUHvVaK3c2iUJ8bCTitTgUZNvteCCgXECL42Jjb49\neGZSsTDkSUr89wECHs5thx8SV2hcYk+mZk7J/yZO54BVHxZXPfYdgyINwWnmU1vf\nqOnePaIBiRTz3+ICvb9pnndlO3KEXClnBq3N6q9IcNgfH/eCenQPc6Z2TRS/2aGl\nBvK+zygO9QJVJcprNx2WdTahf6fXGU8ZmvWj9R3wv62KmQNTWmLQzCEzpTxkfpnw\nMY2WTSFZ4EHm8xSzQMJK7QyXLyH8tOemqb/sRJpaFdvLIw66nmQtAHnY9xcKSOrC\nGdN0pyX7yEtFajgRfPU2kQb9wzyoj3hRU2lNlsvJC58R+rMLsNw5FT4+LFC2RBO4\n+E7th4fFEj6dyFfISRZfi/Rj4FWBtHLxLBm15xEYRoblciQDb0o3Qh0SIgbxnaCG\nM3Dp8zJ1EiWLPtxUo/G/8P0MkfbzuO9h07ypM/Y8r40Yrbxb4QFadXEeYcNMaRGz\n2UW84LNipLeirwQVajQv5FsCRiBCcU6hoJ9MCgDWKWDU45yFy5UBCZ88KH5PdUyF\nAgwDvZ9WSAhwutIBD/4iGSjtc9LI4OR6UXOWwm78lR685QvVy4zwdwaFzwXECWGn\niPKj8H8ku9DxxxSr316/8eC0IEs2mcyU62yVbrGP5fp9zsNnQKp1LQVPx+9tyzi3\nKrIL1nFQreMtqSKn7w/HDWG2HubbgazZAs97tN9hTVtMHCE5bu6nmRcBnnzNX248\nH+kFACSdP7Oya2TiJNqSs8JrB/BSZu2nk/yVwDd6y+mgkXKDjzIUK8B6NMP7cwf/\n4ukNkhgCaO4vGboKl6DIIMtkEkGlPcxqid3XRSai+KyB1hucDei+ZwCKWgR1W6PW\nYNTZdL6gwz/t5AMxoT1y8lnoNrtmvv6HzmlytKeuK64h1oOwwUdruJFnGGGVVfuC\nLoJPKF7CX4JGPW3hvofrXMfaJTBj5cyuUga02yiLfYbT4bUqb78dOt9AeKx4Hkej\nZvmFoaivMwWg5rkKjt9frI4b8ST/J0tmqwdLzYsrUUdBItviBEulv46jYlHw/qME\nP2hLgr2IeSEutaxyYxQl07rg8b43T8RvsRsQ/ySKn+Z8qC7sDxzXsRLeHuOoZnDD\nyf1UTSt9dfKY6oJ8SKd8Q0wSPMcVd5KgW/WIV8Wp3he63ONOdmiQgLhF++xFtK//\n0OXLvXVsT0qQBBCY7sPdfVQsSpjENl0ef2o4+5MirIzoFTQdRk3jINnoGzmQu4UC\nDAM1GWv08EiACgEP/0Q/h8MGGVjAvJGxloY/Ed4gvn2rVn7Uw6XPUktSoUQnwq9A\npmMsVDnrw2NWjWktjjgFC6HbMtkAlNH7UukxCzvTimwl5KOib8Yk+CKME6KGlFmh\nvEfx6YRmvDrE8qYVM4MYXccXUW4vbbzGJl9ReRH3ouvlxSIeZ8zH28EUE8ntVok9\njNcUHt05SFrM8O5LdjsCOEV1ltG8IWIPL4kVVDWDgy6WHzm7+lcWmGn0B9Astrpp\nxKnk/mjJoivoUpJoZcFpr5U8O4kcCrwmQJppn6/8xiJuoFWbSjbWw7M4BPWK3LOF\nRmgfv8OVgZ/DvR6uCkTXg+yc60s3DvbJ9KSLSjPguxcmUPNTZwZrH1fcsbgpSgfS\njGb0GouQDNY62DsfyGS1JEGiuG2SZPZajIbOVPkuxYvUbscPWjdJhwvRdhdF3/6t\n4tAM9b1Uf+xmFhbHBcqAeQIRxCSERYVeGuHxg5JOVmQkjFOJptFZgJEVCqP/0bPA\n+AoSF/Wq9IpuKH+dirU9RVATc35F4GP4gc0mKjR03i84+DDYvB3l8oeDDlYUygga\nueK2+HX7BDeQmdh4nWxV/7An1owt3DATj2dve437cqUtXhgWprea9VOzzl0shZyw\niIRukJq7A0IJA70gPXNOhLhls4fv9VdecNlbuF8NROA7t9Fwx0G36uysfARe1GgB\nCQIQnwDSpF57ZfhaQjNGmGCGXW51ARrlC9gHevQ2M8gIt9TowIJvkUJRP+1rsDXq\nGekIV6a+rNpbr9Lbgh7EbEG+OoHRSLD1sk5aK5nNQRUqlQprNqfxJ+wr6qkqYdGQ\nYLcwaMzwBw==\n=CejJ\n-----END PGP MESSAGE-----",
"fp": "0C982F87B7AFBA0F504F90A2629E741947C87928"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

View File

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 HwR33w IkxlO8D2o7SoBGyg9/edvw97sAqj9e1nUtQk9ci8tws
t3mju7vCMEQcOs21Q56U53hTYyplMlj8L89oVVcgifQ
-> ssh-ed25519 5EcjHQ W1oWURPqGGfSwDZbIfqKVBBL+fMdLh1KnW3mMqALWmA
RbuAx/Sgj4wmuzijnjtS2Mai3n0T+89qSv2v5pxDfVw
-> w)}-grease $do
nc2bWeMeBxc3hd4XkX/k+isQudb0VZBD
--- 3Smsch2WrfWCMaeQffV+52LBY11YTtUa9K40DWrsAzY
Ç×›Ž¼öŠ¢u•í€In´m—»)­”n‰ÖO'ÜÝÎ Âq—̨¹r•Ü R{€ŸâT<C3A2>=‰žéïjíc‰? Hw]dBaÏú

View File

@ -0,0 +1,29 @@
{
"clerie-backup-job-main": "ENC[AES256_GCM,data:cAjyW2/vT9XRdfLVfzAboPgxORi/ji6Vznw5SifgIX07Y1IipfMy5axCzh9HmfdaSlasrn/r4GAeW4zV1ROolw==,iv:TwE1Vovs9Lec079lf3F/0lO5VmCstUoI9PxSec31O3k=,tag:fuy/Kg1ZQAEZdEk6OMpoZg==,type:str]",
"clerie-backup-target-cyan": "ENC[AES256_GCM,data:IWIeEQk/apNO/m2eC+4EANkXriGptG9S3H3IWY1lWHJ0UTDZbBLYizRbP5EwS38vGgsymUzvJv5mdIKEzGyBKQ==,iv:3nuh0A8pDoeCtMj8HBhuv/5uRawXJsd+LfXb4VRPd/o=,tag:TJPxg+9CQ7l7ENwKzhqkeA==,type:str]",
"clerie-backup-target-magenta": "ENC[AES256_GCM,data:Ql3mqe3GVsS8yF2pvZj4MItCUG1/tPnMhAsvN21iWSNEiRS48Pt6/+sx2n7Xo8gOvMXJuxSUZnBvgLWCUQhysw==,iv:2+lmmNt0mgqFvd6JUcSo/6MZmJvD/wnkF/IOvTIMmVU=,tag:k8D1U+bS1T07HRqnlI0Ybg==,type:str]",
"wg-clerie": "ENC[AES256_GCM,data:m3zjtNxBCrfJ/ESesHGEPTLrYq0mfLDl/ZlIxpNyX2ONNe5swiktBURLdHQ=,iv:yK8eHemA5VPH4BM/5fKbz0bmWfrMRU1d/rQNUWUAar8=,tag:p4kTdpmnuCZKX8vTO3ndZA==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1mg72cmpk494cpfcxqm4a8jjfje7hkx5jm63rvqnctz5xexxf5udq86nt5g",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4Y25VWS83OU5GckN3Ry9n\nbDcra1liZm5GNU1pK1FqRjlWb2ZsR3Axdmk0CkVhVmxrbGh5VVAwbnBaSGRHY1dm\nMVBzWWlEdGc4bm1pZlA5TFRmVXkvRHMKLS0tIFU0UXBmMDczWU1VM2NaanZnSDZT\nSVRmRlBGVHpOeTh6a21LUjFQMlQ4YlEKwtXhnq72eSDxlJtffZORc8k6F+z90O6w\nJcIMQVkVYGXk+AdGQH/FC1R/0Y11Bl/1mI/T3jIxfRXYgXiribTLOA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-05-10T13:21:18Z",
"mac": "ENC[AES256_GCM,data:UFJv7bRwWYac+ZrDBBDzWiAy600/Q6qLR67uSr3FMBok/M1i9Krby+bf5YR1raRsTMeIPI8X4yqOs4852P1CRIWKCeDuhr9NSA7WJsIJ0HoWRjhMHvr+TYQcCw42cMQ6tHtkA6+kjI+uGYXR/KliEWz6CCGuIxpx1dRv/kqf+ac=,iv:CWcOA0IoN3gb/grUaRR+ETL3RSp95/6AtRbUEhH3D+U=,tag:Kc4l+oDYSpfPxZprkzE+dA==,type:str]",
"pgp": [
{
"created_at": "2024-05-10T13:20:01Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPAQ/+M3IkbIxRCm3arVo7nLrOF9tgtVytEHtxFyTc7Gfp5o1C\nz3u45WmI8mXG3UqCczHFmihaY6XQrLJkSQefnKkw5PPGKTOX3QiI92wdF2tkj6ib\nZTpNRsRutGUZtu3xSvq74uBt3p7a5PJQtl4GS7zqrMKdeZbseQK1Mf3Ezncwn9xb\npcu7bYeQhwIc8zpoOvPQr6Y/8dHakWHuOGIk5LAXKAHT0CKwM+PEJQu7Delna3HE\n7l5EEmiklmfVDoM49AjgA2LN2av7naCsEfwfN1k2oy9EXKuuUb3jlCpa9DpFTbLu\njY69ITOyePx2vMww+HFVSyLMZ8NaA80aV/2tbJiJRPruDFU6QjJRDYA2jcKnHXIW\nDTTC+ZqIxbizgRcjJC8M+0qafd0RdwcL2nBO795bBtVzMncXWyH/NAFqehqvb3c4\n1VjBemqrPZBNTFMuJx8sEQVv1ZUbjybMSA++1iNA8eWJR44rbmNe+1Ie7aTecjAo\nbR8CnpREPPJ2DAQ1QQzG3JDWdrI7yiEXLSpzme2Qju4Vsc4heuerPBCJJYTZCqsk\nOgZnUpzKX8bPT1GoqaLuyK7CNL7XRsoHRbItYQ7Cd/PLsLt7cO8kJ/ox9CYSVeN/\nefKY4YVE0HQP7sewzAArHQcapZjeG1Q1+yxfzuL8Dwi4smsXarOaHO6Kg6LrnU2F\nAgwDvZ9WSAhwutIBD/41WAEJg6UPkwyHT8Ng7YbtCGwOgHaz0oF0uk/RnUTrFg/l\nu5mHtnR7gL8fHPewSi6nIAWbXMyDjVhhMaPiyXxYkUYA0VJcpnaStUWKNZoEgSkH\nR95IgyEB7ZeehQ91X2oYc+fdLvklaCTH7VYRe1CaCQRufKSI6Hgm8BucPFV0Go/y\nUwGtDjB1VXeXU0S403L/QY7GlW1jXXl13Te/21/Xl2B/gZbitnex8FQBXDZAKCRF\nIU/KcD9IE6Acb6e8zQyAPDPL9AO/mAFz2ukGJQ443Nn14jXRNDtusiAoS2Uy7D2B\ner9ZflX+tMLpeGnm/hJPQemLeqiMwU/bcxqeZSwWFPCeks83InbvAao55PxmwT87\nT9EaGIuTFGWdI9BfKxt6qWI+W9ofsKd6wVEjj+yHqCIHUXeUcyi/rX0Y/hLpgcSf\n8MxxKVOHNGcCd7LDAYvxdKEEzSehs8fBIDwq+lJ417VfrxssUJnGMmxWYisPmvYD\nM6fOT8N7nB1pEsyqy5DnjDRtWWfeYvOCTqKdiVkbMzf2xzX2v49LmOghoHekPIfX\nmsU5jClQEBpWd6OsGz+5ofZv/qI1E8sBfbDmC7w6ZV4j2fAIpiLWRofeAKxuH6CV\nliAUr4yfDKJcMl51Jc47LjmucRWdIJvzWTI1T9B92FcgX4QR+cPo+JiE16fwpIUC\nDAM1GWv08EiACgEP/AtQE2phftv+vC+hyDkeCvAYoghJ5AAbmf19Zhkbx5IOKGcd\nuIATwpdu+zXT50QxIWhpCTy3O5ydWfnIIecLB+pA/m5H32j0NkawPdsuz800gndt\n8LUoT98ALm6bMv4xfOFbI9BvGSUUm37oLvK/xVIM+1L+4UfsJ8yTZPUTzbqSOTTP\nvJuDSnRScDRhUsmQUUa7icoH/tjYfbNEdSaUN+PzyvQsHBfedsThGjm41IxhTbT4\n+axNCpPwBH6H36mvqPmXqg3ty6696EwPXAspBJBT3Z0Y9y6f/mrF4bCDliLtqtf+\nFlKnjqSxZv1C6d0I1ExjkxB3FAiXnrH3Efpbd/AIgtaEqHDgCdVYZU+oIVI7q3s2\nxUqSnUF8oBcOnH97Hv8B/cUZ3susfFv+wji0c+T4whmnQultiNOrHqPtu2ZbNA+n\nXiU/qla8TCy1wQlBmPcCZSqXYlYBF+wUP+oO0wqztNbfQ2E6mxot+J+UBpVpI+VW\ntESabVHLtpT3pcDfUv3yIrXcGkrBwt5gwYCkMvbyWKnJ2fmBBuhFpKYos47QlAnb\nf92frPEZm92QUJwNWm/bZ7O/YfrGef8Ckkv+gPKYlqG1zwJ+si0KLp2W7WLwwHSv\nCeeyaTADB5IKd0PTehdizGmI6TACaO0VcE8SmfI3fDiGA6uJ25pseEpy3j5B1GgB\nCQIQjUqiPSc+z4VvCYaH3fKH3if9WWbk32tRgTA/ANmYmCO8Em8P2Dfi2MToIAqi\ngZLdx2kQHf+TnnbFly2QrRdoA/pAbuc2/4/wNcBTPaN1Aq8RDkalG+Hpd20jHuRJ\nHOZBWaG2ww==\n=k+uJ\n-----END PGP MESSAGE-----",
"fp": "0C982F87B7AFBA0F504F90A2629E741947C87928"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

View File

@ -1,11 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 HwR33w VDZ3mtQaW1MsXQ6gan2Xcfv4/8IHHdMsPqCZDuauPEE
WSUmbw8NXcgkJf06iNFGsx7tNiVt7VAnynqroRymbkU
-> ssh-ed25519 xvh52g ie1NcuCJIJrPX4oklSLXEoxd6YmapsbOr4wf6TrJYEM
lx5xuRHZXXG1YuYoDUlvPZxxtfDE1Sv/aStz53mJ4nI
-> ,TT@-grease 6JH, x4O9 $E$9`?` &
pd1+tQGZkVIl7xbEsdJw9zQiNjy2/83PF+uAaekiLTolgHXmPWIp70ZsL6oHA/G6
y1JOCL9l03GSgbpx
--- Lv/Xf3QnA523yOR63Gugq9mvfen5+YR2OYwGEim59B4
¼JM«°@gû&V<|ôŸ®fšÑ<l
V{¥àتš¸2~i.úªÌ1´á¬<C3A1>ŠžgÌRb©NÇŽòe¿Œ9NdßüÚÝ|F%](_À|

View File

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 HwR33w 0Y7NesE81LYY2VHbm19hKWEo8p9S8T5aMnQku3wxQBw
zwmczl908y+wPZ2p9F+zqNxZ5i71lp3HztvBAVCWmcg
-> ssh-ed25519 xvh52g UKiSotdLrKTXzD2NI55W/os6CSeZNbq95aC+ThyVRAs
k539/K+GeDXttvFpAaNPEB73lXlnWuRmFU7p5D1xT2U
-> E29ePW!@-grease
Og
--- RTfeDZoUpF9cpXKRKKlQmnoooxVj7nRB+ef1G4bgvDI
á÷^¡pͧåù|Ül“ñ‡`ºùmïþ¶i¿bh´ ë¶4òÑl%Ýn„¦àÔp² ƒ‚+© ]i<®Sjñù^™<·»ÿ

View File

@ -0,0 +1,26 @@
{
"wg-monitoring": "ENC[AES256_GCM,data:ip6L61RXAVxaPqizhNTr6zVvKgd40CAsgeNFoAXMARM1nl146ayHK2q7mhc=,iv:G4WLmcPpJOxTcW0bHuEwWmth6u8fYoH7GmpkMo8Z3TQ=,tag:xJ+wCVEUMdqfXPcwgr9WSw==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1tl2cd730ctn6jcgg0vf8c5gg9722umk30zwvcwxhejh26p3gt3ds92msyx",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsNHllOHpoYkNyQXMwL002\nRDR4eFVRemc4bW8vYS9GWHFkcmpRbWFFc2tzCmFjV1ZNTzhOYjM4VWltRGhaQ0RP\naC9vN2hrM3NSTDlSd1ZJTldXamJ4NUUKLS0tIDFuUzRKWWQrUFU1SXNqdEV2R1lM\nWXU1by9rYTBINTVralo0TTJmSEZHMm8KYEggCHnOyMcQSdJ9+Ujf61OANuja0ZIf\n+wa9ugc2OZrOYepkjN5X/bETdKfU33pIAL208N9HcOttfhcZq70yUQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-05-10T13:25:28Z",
"mac": "ENC[AES256_GCM,data:fLw0q9h+rlAAiXjtCJeGPi0COEt/UvApRiOpE+ydSrD/jXy+vh2OVW57UZPRBCP1mWtqfUJLiT1BZyOWor7dsPfTvaxCQmYhGcKBLucFEaiUovGgVjxJloD8hDJvSG9SJnlIiDobMsG87MsEWpi70oAbQu3/d4JT1BPSaRpvsjI=,iv:iS7tFqZMa0OzA5ASKPS6CSNTJYYJ0zhjLmBcipjLapg=,tag:Lspazw8Pi5Dxqcrk35A6tA==,type:str]",
"pgp": [
{
"created_at": "2024-05-10T13:25:16Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPAQ/+KsEUiNCgfajBMEEFsqHqNG3utLNQSLOd6VX/Rk56CjT9\nUtfiCdZCSzrtyT3Anu72auTJ+PHNAVhhHPcDiUcwY9JYXEXNETzEn0U/byS+kvOD\nNTpcpR1gSxJCj1aDqDDpfQQ02hSpKO4iw0B71gKcekUXcD2AQeeW0Djq60CusWVk\nRgC3odnyTr1CN1+JRtKVZKIa78rfOkyhmFP2G2gvsSHhUBd5RtMhJdfYVUTMIKXO\nQFB2IGCoIzE0zDitCcAZ8q6Dc8lBuAvNSiVkFanJn7e7etU3JwDhYsZKRO7jvNX3\nmjHnQ9vf0idCWAi0oabZQ1OGdwPbtjssxmQkzzR8R/paw+iRB50i1UG3/5ehXTV4\nTp/2rEwrsF8jO1bahTcrJirR7RPLEy2BvJ4ALzmEYrIoEwWuCIexrY+e2C2rXpy5\nK2+9Ch0YCaz8sc700bgO5ZkyvnmnbVJxGCaMGQtT9LXiEWvc36sUXhbEGJ0K782Z\n7uVFRs4xWsrUQHo8lFTfW/vLZDq7FvkGnDf5xnoEJp4BNYvYmMmsFiaygkbbqEdH\n2aHRCam9q5zcuBq+aA40KI1P4adIFgij+fijwQ+019JrfaMEXcmwgtOfkb2OZNOF\nXQ3tRgYLaxSae7BYJA4uTaFq60kpp1c8qgxw3WKPEiHywtl/SaPcx1XD9VJoVTGF\nAgwDvZ9WSAhwutIBD/9O0inQ/HmpwtD1AnE89SuZNuGQty71LVhX2PQQWsUdQOuz\ndKZN1wy6UxIImFGisBodUH+48k1DjbkDjL5cLSAUOt9OhAxW2Ubp6HA6wDJPqWj1\nYQMHKmHlf2zh5G1qTUXV3NNw6hSaWejVDS73WNODv1WfUFXrPN9DVLaPsS/RJo2Q\nAoDG/iedeQhIIBwrLIcQ8ttjv9MTI1GzsNRC/CjxQpDnHabqQzFzenjnVRLDXcmr\nwfw0HeTPeNh+pLYb+sBqzGUP0j1GWui99/6NUeo/TloBWJbIung4wq23gYZbHn+K\nbWJSxSy980mvjCXiRukzXlNJMwLZDVoBlPQSbe/pOApHM9HTScZ+3VcLlYOPjgZk\nhnCvFNm+4/00ZgF+tcvLOugIfqwxvOuqW4gGGhNAycHinJZuSfDHYe6zCfEiqc7t\nnHlbhNvlhC8zDu+fOurC2ju5eGv8LqFiobfsBFVdKpl9Gj7yg00S+QmjBcz0lkE9\n1BftwEQaj+r4EDa4cJHSgP+K76utv4Xzt9hHZZJo7hvii+lGxFI7rBm0xbV5bSuY\ntOhN6d98HH2++AoXufIW5vmnydGk2NXu7O8vi6sQWzoqed84ZHbJDWLQawQ8YQlR\nkbht2PzH4+rq1oOVHbLslxWkYF9WMsQRUef6ALNpys/Dj8N54gEN4RTV+SxIVoUC\nDAM1GWv08EiACgEP/1eiG0aASQogSByxl8ZbRjRg768YVR1fwTa8GG5tE7wfcGiI\njZF2TI+yQWt7gRS4AKNm1gfWEEjCH1tBOj53/Wfwn9ZuGoNqboA2jgsh2rnVVSXR\nOdXK3is/FMh9JREr669be83nnQ8fNP8nIz3snEvKVYVGcdsdkDXBz4GKmJx52NNb\nauL+4w14/0PydCVH/njsFY8FyWqP9lUFgpJU8jHjX28oTB3khwWrDs0THwqilTFn\nhFjgeCy555zeh5rDpBDPdPbLUNd094RB15zaKzn2dC15F8DMCLoA9ASNET7S/+u3\n1SjvI4XnOpxK9hyETcwjzbWJc2gV7U38VqxhQW9Vch3AvXOufMMTm6cobLjiwxjF\nl3XTMJ5GvHDZXCwrGEapy9GbHQjbd9yi0iFgfSGV4nkNmCj1jtAMUngdCqELDVU2\nZe3a8IeJswlTteGlXAM5mwnDaegMsiD/vwsq5Rtl0gs3iI3uIN4RFXuvxP+UeJ/c\ndJWqpF8vcQI4qGN3kxgB30I7mUiz1aggv5uw6nDWRJHTQKLeOkV8ssTq4FLs4XYL\n4z4qmMT5i+8bGu575py/LRDjvXBldeitnQj1jAN2y/uPNVWsZqU3S+OkEosYIgSQ\njAe3N0EyH5k3j7j43x91toYOCAkulAuPkox6GyUKKq4dCPWxg9fqQ8u4PaSN1GYB\nCQIQ3+GP0DNWupTIkTS4Bk1LwbT99lyr2DyExqb2pgXmzn05Qs6CE4+jcIxXnmUQ\nzCl6PLiw+DJ1nq5gKtTrkO96HtHGyfPiUunDZXty1/zNltYjedk7ebkWF3LNXBhE\nK38c6yE=\n=w0Nn\n-----END PGP MESSAGE-----",
"fp": "0C982F87B7AFBA0F504F90A2629E741947C87928"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

View File

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 HwR33w ctm6hruSuzSBwGGcW9x7qIIFe7z+AGhlO8ICU8cwO3U
9fhK5PdJJn7BpM9Vplrpi1Gcofpzafv30z+O2SuEVR0
-> ssh-ed25519 RfitmQ fnVZmd42HVD6iBkEzEGn57D4LNMcYfWXeRpnRutjNyY
s1+OrASe6ONf9kVgfBiAuoSd8314h4ek6yoz+mL04Cw
-> nTx'S6-grease 1Dt%/
mr9/gUTNOMrFAQVmUgVVfXpkKk+aXes6CulorL24APwN9dL1GPEOWdP3v1NEFcR1
db6L78xilCtNf/jszgpMFYh5ctehauTa
--- EkgK0s3mBI1KvlZIWl5iB+p9xu6of0oL3NEVV+Jcjfc
+0xE£~¦<>T:ï“ÙÖŸTjÈ~c‡ÎL˜@ãîwDX†D¤«NJ4sõ׳ªDS€<53>Á«ÑK/¤VìðÑ!o¤ÿùÙUþœ_x„¶:

View File

@ -15,32 +15,45 @@
forceSSL = true; forceSSL = true;
root = pkgs.fetchgit { root = pkgs.fetchgit {
url = "https://git.clerie.de/clerie/clerie.de.git"; url = "https://git.clerie.de/clerie/clerie.de.git";
rev = "6ae72f9c8616fe005474a1244dbdf8efd61a07a0"; rev = "785693e6826c6377c3f3200274c281d2ef3317b3";
hash = "sha256-GBAclFkcIzCPi8P+UmATw01uzND3EoUYXiytjVnEjtc="; hash = "sha256-cyTHOOm7hpPUD8paKB7Wci3RYAo6Jr/MI/Xqx4iwXwY=";
}; };
locations."/ssh" = { locations."/ssh" = {
extraConfig = ''
types {
text/plain pub;
}
'';
root = pkgs.clerie-keys; root = pkgs.clerie-keys;
}; };
locations."= /ssh/known_hosts" = { locations."= /ssh/known_hosts" = {
alias = pkgs.writeText "known_hosts" (import ../../lib/ssh-known-hosts.nix); alias = pkgs.writeText "known_hosts" (import ../../lib/ssh-known-hosts.nix);
extraConfig = '' extraConfig = ''
types { } default_type "text/plain; charset=utf-8"; types { }
default_type "text/plain; charset=utf-8";
''; '';
}; };
locations."/gpg" = { locations."/gpg" = {
extraConfig = ''
types {
text/plain asc;
}
'';
root = pkgs.clerie-keys; root = pkgs.clerie-keys;
}; };
locations."~ ^/.well-known/openpgpkey/hu/[a-z0-9]+/?$" = { locations."~ ^/.well-known/openpgpkey/hu/[a-z0-9]+/?$" = {
root = pkgs.clerie-keys; root = pkgs.clerie-keys;
extraConfig = '' extraConfig = ''
types { } default_type application/octet-stream; types { }
default_type application/octet-stream;
add_header Access-Control-Allow-Origin * always; add_header Access-Control-Allow-Origin * always;
try_files /gpg/clerie@clerie.de =404; try_files /gpg/clerie@clerie.de =404;
''; '';
}; };
locations."= /.well-known/openpgpkey/policy" = { locations."= /.well-known/openpgpkey/policy" = {
extraConfig = '' extraConfig = ''
types { } default_type application/octet-stream; types { }
default_type application/octet-stream;
add_header Access-Control-Allow-Origin * always; add_header Access-Control-Allow-Origin * always;
''; '';
return = "200 ''"; return = "200 ''";

View File

@ -12,7 +12,6 @@
./drop.nix ./drop.nix
./fieldpoc.nix ./fieldpoc.nix
./gitea.nix ./gitea.nix
./hedgedoc.nix
./iot-data.nix ./iot-data.nix
./ip.nix ./ip.nix
./legal.nix ./legal.nix

View File

@ -1,42 +0,0 @@
{ ... }:
{
services.hedgedoc = {
enable = true;
settings = {
domain = "md.clerie.de";
protocolUseSSL = true;
db = {
dialect = "postgres";
host = "/run/postgresql";
};
port = 3835;
host = "::1";
allowEmailRegister = false;
};
};
services.postgresql = {
ensureDatabases = [ "hedgedoc" ];
ensureUsers = [
{
name = "hedgedoc";
ensureDBOwnership = true;
}
];
};
services.nginx.virtualHosts = {
"md.clerie.de" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://[::1]:3835";
proxyWebsockets = true;
};
};
};
};
}

View File

@ -1,7 +1,7 @@
{ config, ... }: { config, ... }:
{ {
age.secrets.radicale-htpasswd = { sops.secrets.radicale-htpasswd = {
owner = "radicale"; owner = "radicale";
group = "radicale"; group = "radicale";
}; };
@ -14,7 +14,7 @@
}; };
auth = { auth = {
type = "htpasswd"; type = "htpasswd";
htpasswd_filename = config.age.secrets.radicale-htpasswd.path; htpasswd_filename = config.sops.secrets.radicale-htpasswd.path;
htpasswd_encryption = "bcrypt"; htpasswd_encryption = "bcrypt";
}; };
storage = { storage = {

30
hosts/web-2/secrets.json Normal file
View File

@ -0,0 +1,30 @@
{
"clerie-backup-job-main": "ENC[AES256_GCM,data:AoreXT9N9blmaSsIVF+fWuGPVc8Fi1J4uQDrjtY6fzQFCFM9Yk0JQT/+POGiltOUkJSd+Ua1yKAxQ6zoR33WvQ==,iv:He82CVLKZ0dMBpkNzzrnUZhZcuFJXcWDmBKCJhBPrBA=,tag:EDDBVAcceURYV2SL2qEuyQ==,type:str]",
"clerie-backup-target-cyan": "ENC[AES256_GCM,data:G6ILFo1w1SVs7b5pIk/JdFvcIXdIaKFL5qKxrchxLedlovltnnRuufxfKivgjWgjTeVV78WNJMRVQVwXIcBhLg==,iv:gUjvjG04ClAxyFqhhj60XTWX6gbJELRRbUT/EbXxa+o=,tag:hsfmuQh0GRCRVm7NUnBInw==,type:str]",
"clerie-backup-target-magenta": "ENC[AES256_GCM,data:zsPFXpnTWHL2b9/fZiW1fhpla8hTeZb1+O8oihnwDIAcC4Tgn8PrFDEYK7kuWYcdbIvL5XRJRR48erSACsntFA==,iv:lTlAyVl3ndgca4Mp9lSldXmhlP8ECPvE/CM7Zpzy9ao=,tag:LCNF1loABQpZ8Y5wfpXjkg==,type:str]",
"wg-monitoring": "ENC[AES256_GCM,data:AfkytaHshFSyKkMdKVMdYaq3sKUC9dKYs5rKXN4Ouv5kjDGNXC18liEsRuc=,iv:4mMgsovdAJ++Myr+9GuhAaEBuzDBNZbGK6zfzoAEJ0E=,tag:/d0ZXNbpaMFyxyzov23kdQ==,type:str]",
"radicale-htpasswd": "ENC[AES256_GCM,data:+FHsq5We/fc8gBNub/GV5Mfs2i0/7Qm9UPDhb3unEhak6XDAvMSUQb4eaX0wn7Yi3y/gFGmapd0eYilTjfoJnI9gVnvi,iv:lEV8kQh9RBL/xKcCLIRzUR6ADq4zoah1c8Z67Qrs3dQ=,tag:cw6jKYbZUXBD3Zio5CH+Hw==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1nn8dwl2avshdhwn66w92jvlvz2ugl5fdxc8dxz6lpru72hlq44uq5a88az",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlU2tEMHIvRUFxa24wMVcy\nb2lheGR2ekl6S0wzWUd5cTMwTC9HdFN1eVc0CkRjRHdJVUw3ZCtZSTlUOHZCV2J6\nYkxqdnNmU05LTTNmNFZiTzBxZVdkOTgKLS0tIEZUZ0svL2NhcTZPdFZrYUhwQ05Q\nWnZXRWIvRXBOMWNDTzQ4RDNKa3IwSUkKj+vI9dEEUQYN9uT6H1FdexComfbe+iA9\nVzLF970ASzptGiNYtdN9GYdXY7JGHoOfmYy3fpjZGN3p2KqiYyi3UA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-05-10T13:32:34Z",
"mac": "ENC[AES256_GCM,data:lxfYT2TEO9KFx0x6DPRQ2mRy5Ft6syyyO1yV9my6GwvDxd1e7odXGRcFo3N1AFod8Y6z4+XaxqZ/GoqSp94Pk8aF4eEhyAFun/UUr8KhKGsnq6xnQA4p37oYccvTY4eohS5YHBr/+AMutddmQ7qiYtQhVViXAr6+dmOsV1Tfu+A=,iv:bC+z9SP2W048bR3aWIcPgRlfLB5n5ccst6OvH0NjYBk=,tag:qhoXUAl0nG4LYy6yXQP2/g==,type:str]",
"pgp": [
{
"created_at": "2024-05-10T13:29:58Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPAQ/9EWbkWn0T2rknNHaAwSKis43wQe9ItWzi1KNaGtE2yJt6\nvFWN43+Uop58NQqRsQiBD+wXrrkZCceIsiwT11FiOr1xwxm+j5Dt9ItfYG4SLPQy\ndRCgABRHXkJTlizFLBqhNH+m28rVeP2rjv/VISnX9dsaN3wBe1SQdCWahirbdoUZ\n3pQAJKDqptEp8MwW9OYhQf0A+etUKGyY1UZBdizgGI+FQH3NASDq/TbfzytE2h7f\nk4ptT0Wn3CqIeqSRwQ89x2ma/pmN/7sHvC0wmmyCuL8m59EGwX4pMu5jk249n8S9\nfi0PFsaPa150wCcsF3G9K9RpxzKJOQ5ysWbKKzKTvc9KIzeGzC4BjEwaSu1mtqmb\n7JVjbwXPUD1QbbB8Vymd0LUcUg20rMHqExMvOJfYwVb+eUMUdYJQHNpmOpRAlgkr\n8cd5bPWmFiWyCZ6DaEUA+cdtLHkrz1nWkrlG2n3K+7aSCVRZayheraIP53uMG9Ng\n3Co1mTrHy6bLAT+keRWseOEkCnAFGns+Il6v4dign4Q7hQ9Ovp2d3kMj4uWOHrd7\nyWUKIUT2ejTF3iM6UoNF8POvtgMD0ZmwMI0wZlc1FE6pkSAVC/1lEUqE4eT+l/Mv\nLCDF5ktd7MBdsMzdEbsVV55D9/vRb4AP8cccof5/akeZbbj9A5spWcBzApLv5MuF\nAgwDvZ9WSAhwutIBD/4o7j58zECSLtSHa3E8hDt1zy4u5Bbddtldzk6ItW78nJWK\nPHU0+IoTWAybSkqD8NBVMyo4ijHs5ipmvmeJ+DIdpR7219VFfBAr36suP0F0f2dg\nVQOsbZdeDar1sqacmcHcdqaBgkVW+M8A216moCld582Yy8JvGVvRSW647mBnhgW9\npkcuT+zKQJUwczXSUw/y23w+9qiuby3CmiJuAWFMVRT4E36cl9xAaezafDfp8doC\nZ4AcATAvZtLIOHKg3XjYzJyzuN0pyocTZu4x4PiJsHLtx34WOivwU3i0Iu9J/2VE\nDvXsWRql/P/r5O5U7np4cDGHR/siaJvHx9nbZOottisETAWGI+V/QnVTqzUEcK8C\nu4PGrgaPyFHtW/rDAcINU/tmLB78FM+BgNXJNxBDeJgoRQ9VB0nHlDT4pOZ5Bdo6\nkmxi/bCWpasThNE0EEQRMhNr1zXMwxaD5/enm4wIY6oXDmIxAf5Cj+rHPrCSiBpV\npge6xBhXGQSZMJT+QAQPwAu3l0g52DKIb8zJaLMCRnpra48W7dFRpIRb8LV3G4PQ\n7xxiSTO0NE1GbYMmqC/LU7RgRRqt2P0y5VaHqHSFwjdJpHk/zdoZ2QCh36Wtc3nw\nvTP7crZVZj0oYKenMBIIYOR74GY0L92Owxd1yNi+YdKtnFzXzvPtqrldx/Ps7IUC\nDAM1GWv08EiACgEP/1Red5Qltvhdb7UN06EYmZtbqf/ERExu8Zom4C1887HHOz/d\nkq/uOfXo4PHfEI/8mkcV5FDZ0kI1sGYXv9czLiImAwwPRD2klo4irfvBSWZglRE2\nO5sa2xPkeiXyaWkOeV48fm7c1TxUSzA5olFZad4z+3LzkEv2qyVJJZ6MW3We1wu6\nYXyGesF1oJQZb4GxQr6feknlG9WP35spMk/9s3zR6ZQCdgm1VZx50vfzpgbvVo8D\nySnVCWUqG6/3PTToMxm+LndE5ejbFOvubh7ppgsceOZyDsPNGPA3tVwJDZU/T2DC\n0D9M3F0DHUe1aNzQAA+CUgRiC1F95IgHtXUcCfF4aDtDmvHOMjDwKlxpeE00Qthp\nxms00wT+I0Wt0ieTErmHJHmpkGtGdr3aQXi4LFS6EZhleWdZkJXko/UBIsxfLKji\naEdz3sooHTVBUxQ6qmieVwZQBS5dFbqxoRId/y71QjW6whVi7JpAzUZ9J9Av503b\nxYrJrrfiUM/qmH7/EcBaYWZUDwzh6E71G/luyiGrJYlXV7mp7I2yw1EDYpDCz084\ngUQTdKtav6YNUFE8IWvK5mmXCnnWTmiOhxmomGcJC8s9CXoBYaC7ItxqkeeLcMaD\nYl2RcCSsynJpicJx5oDKr/J1EX92e9RzGYrgdmvVhlSGDBqpXL2+6n0wm1qG1GYB\nCQIQf4J+4HW3sHrDVXEDvuxA4sebLViuSm9+YkwCEIp5TvqVH9O3y1TMS0/MK15N\n6KomgzU9q8N7MsR07NoOMWYGF99RB/4/7lIIlN79g6jwqPuXbqZPFMf51woXb8Mo\nUn5pu94=\n=binq\n-----END PGP MESSAGE-----",
"fp": "0C982F87B7AFBA0F504F90A2629E741947C87928"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

View File

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 HwR33w xLbOv/c4pjyh513O2LPkoKcprKZbM+217yy1a8Z7AFo
83NxTqotYXOM+w+gCR3zHdar9kNabgar0/eJBewO3DY
-> ssh-ed25519 1nn+0Q Oc01U+rgGAizyKzhgvmqThlXAEMuhlRAqsQL+/ozQFs
xHxOl3ESipcMZdnulTxC7W628patS2eO6681oNZa/6g
-> e[x'-grease 6N W+gfF\l \ x}~
yqY9BH/fmjHn2QizHe1/DRDfTJmSAVPuJlIOmeuXWfhhfiauy6ia/DjbgVjcyqha
XarEaYsvkI4JqKODHRRaiJ1i3TOs2Cdk
--- 5wtIT/mhGMy8kQHbzO1h9Wj7OgX1ax8bk6k05tfLhsQ
Ó0«IÔ°ûê§È¬„5™H¦“½¨à,oq´eHÏ}ÅùíºÌÑr2Š,íðЪ\î4ÑU²#<23> Z"+jóÄÛìÄy&W ½æO~(ϨµÓ©g Î~°Aš?

View File

@ -1,11 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 HwR33w +w13fgMLBeHKig0VX67/mlhQb0EPSJAFTu//velYNRY
irMedsePNfFFOYhKksrqLcLdNdYHMxFy4iTPneIOtWU
-> ssh-ed25519 1nn+0Q KpFGP/y4zZ8E8Jut8Gpea1DLH6rXGKODLE3IPTbzOUo
p28M4shr97sqqTBAxB1fQRNCj2E+xio3TboKZ/6smb8
-> rXRB4)-grease
t3CdM1EbN2yfSeKURCJRMTZ4w9FtXu6+Y8PWxo2RTV0fyv6XJdrq1jn1n4IflQLP
CV3H9FlQp4Lg/bdqVZDqDoMJ6dprVWK4rACnF6/tRRkZR4Ndfk4JRRWtWBOfR/ax
GWNb
--- yNRoOEai4ypvo0uGZYI1q/qwzS4wIZFXQEGYcW+H/wc
Ñî ³Z¼ÿ<C2BC>·îe0±<30>ä_îÀD@äΕÃ>¸KOQBuP÷9TGgŽ×(€9´pœŒZ@1†&RZÁOŸªCp$kr¿ô®¤èòlg!\‹«„—èÑÄ=W׃×Vq

View File

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 HwR33w ZWn7K/SI1OWS0FslI6Vz+KooVyWXuww4dNa5y0O1+Xo
P723ghoGExFpcMYjdvcZrvT1eOG/pmccI3IO0/UnaAw
-> ssh-ed25519 1nn+0Q IL+SAfWJvd1KPV1z1kAyoLu3o/t6qdCx4cHjplqkaAo
5io07rjFwtbvmgvA2sYn0VsjdtHi0AA1JRwhH5yijpI
-> m2cEFebO-grease )(5.!z\
--- 4ILHmhv4fz6NZaWVYAKmFGY4ojpt4WQu3ulxz0R5FCA
(Ôµ²nlÎï*Uæèü<C3A8>j„ˮß:—U51 Ð‡<C382>AÓí <20>Þ´cÕþøµCÑNÞÞ|œæ_X.sœ[K&ÉË

26
hosts/zinc/secrets.json Normal file
View File

@ -0,0 +1,26 @@
{
"wg-clerie": "ENC[AES256_GCM,data:ur9cCDLDzLinS3kDNjBjdB9LOqWqGeHsUsJyqEP0wCHcTAd2FkzAMNm7RpE=,iv:EsldkKZ+u7zE4Dw5CApoN61nqcCsuxt2tH4hJ844iuQ=,tag:EFJsNvOaM0nSS5WVoEMXpg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1kujyx47uakll5pnwwknll474wz9euswcxwhmkfq44r8jr9a9u3cqu62dlq",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpU1UveW93VFdyKzkvKzVt\nWnZzTEl4M0NRSExydktBSnN5R05IaXdQRXpRCkM5Wm5uT08vNDl0WDdWa1loZnZQ\nVGk2alJqZGs4Wkt5eFh2bzlQRHFmSW8KLS0tIEtVOXE1QnNkdUYwZjYrY2NuMzhs\nMG9DdjR2T05ERnhFWWgyR2FCQmhDSzgKvhFmOk89P5SXSNr3A98XMT4658ek+0Z1\nfZBQGNHrepztC2X4bzxUd5sDbZYRJEljahbdvx8jiP5Kg2O6sskL5Q==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-05-10T12:43:13Z",
"mac": "ENC[AES256_GCM,data:7r5LBkFsB+KFFe5ULPNSOEoC8qGtN5/EhMRyOOGhTdTVdkUxdiLjSyfw1j8Aw5K+YTyYNdA0g0Wrl9VGgttYE39RinEpnCkk4xXaNM6QidADxoa4CJ3Wh9t3zngbu89CqrT4h3GBOLrMP5XIuabDzq2Jb03NOmIacbgEgl4+lgg=,iv:uvz9nyYZ0zhJnjVc+HOsaFqFkeftpX+7l5CvKCrWKB0=,tag:/eP1uLjFofjI+Av/LiOstQ==,type:str]",
"pgp": [
{
"created_at": "2024-05-10T12:43:01Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPAQ/+JY4laX1ouqePr/W36zHFOWyJOxj1Xc6mDqzijxbuOr/O\nEbF0WQCb2PiZLZ+rFJdOC/d9znS7Yb+LnSFk4bagYtb8WU6L+3mBQIdBmu60sjqe\nY36QgYiUJ8Gn0n+ZgfEWmBlJJHOF3jl7x94U4SjyOQRijhz6GRP9YuSuepXjd0i4\ngSbusLNslmO1O9hpjxzP4DuZBwpVlg6w2KFdjv0hcboYexp16Mhto+jnR1VavSLG\n4pWNPSpGiRbeDMP/0TKCk73G+Foc1qj3XEEN5ZMGGNv+q/rYtmzqkhn7+45dLZB4\n6/tykjbtemD5MRY57qzxE+S0HjDy/qGx9wJ+QXkKe/N0yiDsTlWv9/0EzTRnKpf1\nKIB5G2LIRLYoH+VnRUmWF6mMS4TVcIBZBuvUJWO46WcXFM624aL0+n+UPCkGxnAB\nKc6+YCCrR/9CQYVodz1BG1aILJj3iu+j2ce1Wz7NSu8vr98h1etcWclH6AksgNcj\nzQgtblO6LJB8Nb4FcNwx0+dEqxXyl2Wx7/d1DA3gcXclXEQOXnXDQGhUrR8/6Y9U\n///PgU1BLeTQh/1uAVe6cJBxj1uH2XF+8wjwBRUChSozcj9lSFIRd4uyBoEkbM/a\nQPWgD4WT0YaOlA4Df/x+iaslKoPTU3TQZjbfPSYmqOZaA/uux8Thmvnzub6QC+6F\nAgwDvZ9WSAhwutIBD/9bUeDrADkWVzrU2DAI3drGKPwxCPd59n46HsXchPqdUYTS\nKdYsIpGfV9W+ns6CpCVriwaSXRsuZQnBJA/t9B7nHwlFKlDsTAJ0ERni5lJMY7fz\nP5h+0q29Nh0Yys/FNFK/Q8WdSXwDo+19zYi/nBGve01ezThKNrXBQRov45D8rHHw\nOu8Df/G2q2TfXVBOLT3K12i2nyUov9ggIqNNpAsurOO5sL8sx84ff9vCoa896LjO\nQKFWZUh7xLRzC7NBbuYyEiaL8z/mU2XPt5pooOdUGDKlkwuCxeHOFiAf6MZobSHf\nDUeKAXhD3/RDf7NWQaAti0a99oCjm5sz1ldkjVg6j4Hi7nsrVitTBI7LN+mW4ESz\nM4VXIhIlbVRzci/efpPXFA0j35E3tPtVJUEhJBZGXb/kUlu/z9qE78ykGM9Fhc6k\n8A7Bu3xhCGSRpoEOa3LROFHP+OM4zAx6MrDVKE2IV3rp3T65v3X99aCkptEbTe+7\nOr3PdZ1xKXG1TM95iowmHRGDRGI8GEYiD5+cEYoNnC6QJGaEni7RIbNzsz+2ywyF\nmsR27oPpPmBJxTR1w87mSrvc9mv/q3oqLqch8Fhvn7olYpQIR9TunvXtMfhSZbQT\nIACDuWt2KIw2uKUZsKlrbU7j/myQ3/+6wRWzkA+pmDCEgq4dZQ5cXnj5uOHTLoUC\nDAM1GWv08EiACgEP/iLSnmPQRmFkiL0zjZ5tGmRFp1rhspv2gqGSHyaG6loYRu3P\nya/8CU+4JpANhshJMtVxMamMkYoiFAXNQB8sGHC9LoL71Hcu5L1/7cZbu8TX/5kw\nf53n3V8KmoGldLp7bIov7d3H7jaBPe9NeO5T77jTjmLVtC9lgBuF5fH9/211Db+/\nh2TJnzZNNA5HNdOHfyzy0y09/NVp43W8aKqxzz4wKBC1M2/ZUWSNh1o67xr9Y8hz\nYJ1E4Xj/g+0WEraaZZOH8OcvVapYqU/zTxR2aLy+VT/CD5iUOJmb8s38kPkbHoo6\nVR01XTxC9li97UG/16AMbtB66+ADh04MItQ5GEfPkf7tRHEyIEoo9ww0yRjTOK5O\nte7F+wPJagISmxe7NiI64NAaSZDPwmyBA843g0PjWxJBOuQiV3qYxXB7myGSd64P\nUatSQf9QO6viZ+6FZu1C8D/FGPuCw7OMSiKY/qB4EV99A85nYuHN0LGG/MUMOYRi\ng4bbbqFnjj/Y/E48XrADsSVbh5/0RPdEIiuF4DVfa66Pru6SaA3Mynp6zSmwqLWA\n34cKFnQ6v8tjW3SKeXdAdfOYbeJ3DG/41hE2nAG0LRd4VUdeITvc6li7h8L4rPXM\nQpeCdSfLTKIzJ4VS3esOIgPAxxJPjzPP0zvbsjnuve+IgoGRocKhbpAhoesg1GgB\nCQIQupq2OyF0/r1n968M6FpEN1f6yJceIUSGKXUjxL4jVS5T5SPbRw/cbCvMv9xg\n61/VNHirgTre7CEo2zmJPRIY8g82PA+JkLyRFRwEKsAngYsYdZtMH5CVoXfu73U3\nbT/SWbcB4Q==\n=uw6j\n-----END PGP MESSAGE-----",
"fp": "0C982F87B7AFBA0F504F90A2629E741947C87928"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

View File

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 HwR33w RJr/aWAuz9pHJyeiT4VGl24oBL3PW/h2yhMlNKdeH3k
KsHqO3xKdVMgtgXFYFKD7sapwaQBDX70yUMwFqVSsc4
-> ssh-ed25519 h49YJA woMEtKliLp92iPq8OFK2okbFbZbqtsH2LIRYyBQEs1U
BJRYOXn4Yg5IzJxOukdzvlrZadralTdJg7FKcz4yV9c
-> 5R?-grease @H*!dd.z qES\G 7JLNzC
AzZ7dZCu+BRUNqJ7Qikw8fbSxSlP7IOm1/9DmYNm6KJIQbNLqrdCfMI8i5G7hbEG
pGVLYCrnZudEPKmEI7WtgGsQ
--- DEhkE0BvIaahPO/+T8NzqSCNg2hmbdCwTSF2faMECgk
«ŒÈ߃ïCиáùÝgu«1à"ï Zc1æ À53)Ëb‡¦f]QDF k:óc;ÈiQw<02>nðq­TÁbmÓbšcÜHo¸

View File

@ -1,4 +1,4 @@
{ self, nixpkgs, agenix, bij, chaosevents, fernglas, fieldpoc, nixos-exporter, solid-xmpp-alarm, sops-nix, ... }@inputs: { self, nixpkgs, bij, chaosevents, fernglas, fieldpoc, nixos-exporter, solid-xmpp-alarm, sops-nix, ... }@inputs:
rec { rec {
generateNixosSystem = { generateNixosSystem = {
@ -28,8 +28,6 @@ rec {
nixpkgs.overlays = [ nixpkgs.overlays = [
self.overlays.clerie self.overlays.clerie
(_: _: { (_: _: {
inherit (agenix.packages."x86_64-linux")
agenix;
inherit (bij.packages."${system}") inherit (bij.packages."${system}")
bij; bij;
inherit (chaosevents.packages."x86_64-linux") inherit (chaosevents.packages."x86_64-linux")
@ -38,21 +36,12 @@ rec {
]; ];
clerie.monitoring = nixpkgs.lib.attrsets.optionalAttrs (group != null) { serviceLevel = group; }; clerie.monitoring = nixpkgs.lib.attrsets.optionalAttrs (group != null) { serviceLevel = group; };
}) })
agenix.nixosModules.default
fernglas.nixosModules.default fernglas.nixosModules.default
fieldpoc.nixosModules.default fieldpoc.nixosModules.default
nixos-exporter.nixosModules.default nixos-exporter.nixosModules.default
solid-xmpp-alarm.nixosModules.solid-xmpp-alarm solid-xmpp-alarm.nixosModules.solid-xmpp-alarm
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
(../hosts + "/${name}/configuration.nix") (../hosts + "/${name}/configuration.nix")
# Automatically load secrets from the hosts secrets directory
({ lib, ... }: let
secretsPath = ../hosts + "/${name}/secrets";
in {
age.secrets = lib.mapAttrs' (filename: _: lib.nameValuePair (lib.removeSuffix ".age" filename) {
file = secretsPath + "/${filename}";
}) (lib.filterAttrs (name: type: (type == "regular") && (lib.hasSuffix ".age" name) ) (if builtins.pathExists secretsPath then builtins.readDir secretsPath else {}));
})
# Automatically load secrets from sops file for host # Automatically load secrets from sops file for host
({ config, lib, ... }: { ({ config, lib, ... }: {
sops.defaultSopsFile = ../hosts + "/${name}/secrets.json"; sops.defaultSopsFile = ../hosts + "/${name}/secrets.json";

View File

@ -23,12 +23,10 @@ let
backupServiceUnits = listToAttrs (map ({jobName, jobOptions, targetName, targetOptions}: let backupServiceUnits = listToAttrs (map ({jobName, jobOptions, targetName, targetOptions}: let
jobPasswordFile = if jobOptions.passwordFile != null then jobOptions.passwordFile else jobPasswordFile = if jobOptions.passwordFile != null then jobOptions.passwordFile else
if builtins.elem "clerie-backup-job-${jobName}" (attrNames config.sops.secrets) then config.sops.secrets."clerie-backup-job-${jobName}".path else config.sops.secrets."clerie-backup-job-${jobName}".path;
config.age.secrets."clerie-backup-job-${jobName}".path;
repoPath = if jobOptions.repoPath == null then "/${config.networking.hostName}/${jobName}" else jobOptions.repoPath; repoPath = if jobOptions.repoPath == null then "/${config.networking.hostName}/${jobName}" else jobOptions.repoPath;
targetPasswordFile = if targetOptions.passwordFile != null then targetOptions.passwordFile else targetPasswordFile = if targetOptions.passwordFile != null then targetOptions.passwordFile else
if builtins.elem "clerie-backup-target-${targetName}" (attrNames config.sops.secrets) then config.sops.secrets."clerie-backup-target-${targetName}".path else config.sops.secrets."clerie-backup-target-${targetName}".path;
config.age.secrets."clerie-backup-target-${targetName}".path;
targetUsername = if targetOptions.username == null then config.networking.hostName else targetOptions.username; targetUsername = if targetOptions.username == null then config.networking.hostName else targetOptions.username;
in in
nameValuePair "clerie-backup-${jobName}-${targetName}" { nameValuePair "clerie-backup-${jobName}-${targetName}" {
@ -73,12 +71,10 @@ let
backupCommands = map ({jobName, jobOptions, targetName, targetOptions}: let backupCommands = map ({jobName, jobOptions, targetName, targetOptions}: let
jobPasswordFile = if jobOptions.passwordFile != null then jobOptions.passwordFile else jobPasswordFile = if jobOptions.passwordFile != null then jobOptions.passwordFile else
if builtins.elem "clerie-backup-job-${jobName}" (attrNames config.sops.secrets) then config.sops.secrets."clerie-backup-job-${jobName}".path else config.sops.secrets."clerie-backup-job-${jobName}".path;
config.age.secrets."clerie-backup-job-${jobName}".path;
repoPath = if jobOptions.repoPath == null then "/${config.networking.hostName}/${jobName}" else jobOptions.repoPath; repoPath = if jobOptions.repoPath == null then "/${config.networking.hostName}/${jobName}" else jobOptions.repoPath;
targetPasswordFile = if targetOptions.passwordFile != null then targetOptions.passwordFile else targetPasswordFile = if targetOptions.passwordFile != null then targetOptions.passwordFile else
if builtins.elem "clerie-backup-target-${targetName}" (attrNames config.sops.secrets) then config.sops.secrets."clerie-backup-target-${targetName}".path else config.sops.secrets."clerie-backup-target-${targetName}".path;
config.age.secrets."clerie-backup-target-${targetName}".path;
targetUsername = if targetOptions.username == null then config.networking.hostName else targetOptions.username; targetUsername = if targetOptions.username == null then config.networking.hostName else targetOptions.username;
in pkgs.writeShellApplication { in pkgs.writeShellApplication {
name = "clerie-backup-${jobName}-${targetName}"; name = "clerie-backup-${jobName}-${targetName}";

View File

@ -55,8 +55,7 @@ in
} }
]; ];
privateKeyFile = if cfg.privateKeyFile != null then cfg.privateKeyFile else privateKeyFile = if cfg.privateKeyFile != null then cfg.privateKeyFile else
if builtins.elem "wg-monitoring" (attrNames config.sops.secrets) then config.sops.secrets.wg-monitoring.path else config.sops.secrets.wg-monitoring.path;
config.age.secrets.wg-monitoring.path;
}; };
}; };

View File

@ -66,8 +66,7 @@ in
networking.wireguard.interfaces = { networking.wireguard.interfaces = {
wg-clerie = { wg-clerie = {
privateKeyFile = if cfg.privateKeyFile != null then cfg.privateKeyFile else privateKeyFile = if cfg.privateKeyFile != null then cfg.privateKeyFile else
if builtins.elem "wg-clerie" (attrNames config.sops.secrets) then config.sops.secrets.wg-clerie.path else config.sops.secrets.wg-clerie.path;
config.age.secrets.wg-clerie.path;
ips = cfg.ipv6s ++ cfg.ipv4s; ips = cfg.ipv6s ++ cfg.ipv4s;
table = "wg-clerie"; table = "wg-clerie";
peers = [ peers = [

View File

@ -98,7 +98,7 @@ in
''; '';
boot.initrd.secrets = { boot.initrd.secrets = {
"/var/src/secrets/wireguard/wg-initrd" = if cfg.privateKeyFile == null then config.age.secrets.wg-clerie.path else cfg.privateKeyFile; "/var/src/secrets/wireguard/wg-initrd" = cfg.privateKeyFile;
}; };
}; };
} }

View File

@ -1,11 +0,0 @@
{ pkgs, ... }:
pkgs.writeShellApplication {
name = "nixfiles-add-secret";
text = builtins.readFile ./nixfiles-add-secret.sh;
runtimeInputs = with pkgs; [
agenix
git
];
}

View File

@ -1,15 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
cd "$(git rev-parse --show-toplevel)"
host="$1"
secret="$2"
mkdir -p "hosts/${host}/secrets"
agenix -e "hosts/${host}/secrets/new"
mv "hosts/${host}/secrets/new" "hosts/${host}/secrets/${secret}.age"

View File

@ -9,9 +9,7 @@ final: prev: {
chromium-incognito = final.callPackage ./chromium-incognito {}; chromium-incognito = final.callPackage ./chromium-incognito {};
iot-data = final.python3.pkgs.callPackage ./iot-data {}; iot-data = final.python3.pkgs.callPackage ./iot-data {};
nix-remove-result-links = final.callPackage ./nix-remove-result-links {}; nix-remove-result-links = final.callPackage ./nix-remove-result-links {};
nixfiles-add-secret = final.callPackage ./nixfiles/nixfiles-add-secret.nix {};
nixfiles-auto-install = final.callPackage ./nixfiles/nixfiles-auto-install.nix {}; nixfiles-auto-install = final.callPackage ./nixfiles/nixfiles-auto-install.nix {};
nixfiles-generate-backup-secrets = final.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {};
nixfiles-generate-config = final.callPackage ./nixfiles/nixfiles-generate-config.nix {}; nixfiles-generate-config = final.callPackage ./nixfiles/nixfiles-generate-config.nix {};
nixfiles-update-ssh-host-keys = final.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {}; nixfiles-update-ssh-host-keys = final.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {};
print-afra = final.callPackage ./print-afra {}; print-afra = final.callPackage ./print-afra {};

View File

@ -1,96 +0,0 @@
/*
Because I'm way too lazy I'm automatically generating the secret files config.
Secrets can be found below
hosts/${hostname}/secrets/*.age
Pubkeys can be found for the specific host below
hosts/${hostname}/ssh.pub
The users have their keys below
users/${username}/ssh.pub
Secrets get encrypted for the host they are in and the users specified.
Every host with a secrets directory has an entry for a secret called "new".
This exist to overcome the chicken and egg problem.
Create a secret with them name new in the specific secrets directory and rename it afterwards with the suffix .age.
*/
let
/*
Returns an attrset for a given directory,
having the name of a subdirectory as its attribute names
and the contents of the containing ssh.pub file as their value
{
clerie = "ssh-ed25519 AAAA...";
}
*/
pubkeysFor = directory: let
instances = builtins.attrNames (builtins.readDir directory);
instancesWithPubkey = builtins.filter (i: builtins.pathExists (directory + "/${i}/ssh.pub")) instances;
in
builtins.listToAttrs (map (i: { name = i; value = builtins.readFile (directory + "/${i}/ssh.pub"); }) instancesWithPubkey);
users = pubkeysFor ./users;
hosts = pubkeysFor ./hosts;
/*
Returns secret configuration for a given hostname
*/
secretsForHost = hostname: let
/*
Returns a list of all file names in the secrets directory of the specified host
*/
secretsFiles = builtins.attrNames (builtins.readDir (./hosts + "/${hostname}/secrets"));
/*
Returns all file names that end with .age
*/
listOfSecrets = builtins.filter (i:
# Make sure the file name is longer than the file extension
(builtins.stringLength i) > 4
# Take the last four letters of the file name and check if it is .age
&& builtins.substring ((builtins.stringLength i) - 4) (builtins.stringLength i) i == ".age"
) secretsFiles;
in
if
# Make sure the host has a secrets directory
builtins.pathExists (./hosts + "/${hostname}/secrets")
# Make sure the host has a public ssh key provided
&& builtins.pathExists (./hosts + "/${hostname}/ssh.pub")
then
/*
This map specifies all public keys for which a given secret file should be encrypted
It returns a list of name value pairs
The name is the path to the secret file
The value is an attribute set containing a list of public keys as a string
*/
map
(secret: {
name = "hosts/${hostname}/secrets/${secret}";
value = {
publicKeys = [
# Hardcode clerie's public key here
users.clerie
# No other user should have access to any secrets
# A host should only have access to their own secrets
hosts."${hostname}"
];
};
})
# All file names of already existing secrets plus the magic "new" secret
(listOfSecrets ++ [ "new" ])
else
# Answer with an empty list, if no secrets are provided for a host
[];
in
# We just have a list of name value pairs that need to get transformed into an attribute set
builtins.listToAttrs (
builtins.concatMap
# Provide a list of secrets for a given hostname
(hostname: secretsForHost hostname)
# Names of all hosts
(builtins.attrNames (builtins.readDir ./hosts))
)

View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIzEQEWeunhkzP+invKjdsZe4rbUloixa374bYEhBSA5 clerie_id

View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC17V4z147CtKGMvnAEC8BATO2Dttut9T8q0eIxGwmCVO96s/E2ZbxQSjqp9FOuAhD7xJH4kUf4uwlM8yU6sFnWPLbawFxlbyLChTurv2GV5polkqP7awHU7WP2DpO8vhPYcoo5w2GI/q/IfL1+6KHqAuqenQw6H/fERllMkYnqyLcJqfoyfFXD6r/TJfhpB5ryoIeX45sakZvjtrIYpGjjHMjlHu8RG8zuad6UHTg7NqLnYCk2aGcvvA8H1OP/vfuAElhwwVEekKD2VvDcARmXyRyzKl7qCoqXZLRHrlDH+oqKzQLctTjDmGJtETW2Oca3NM6fp6xuuI8NHQhNq1SghoIQDu4LcdHQtclc5a8oOV3C6O6fpgTZI99gp6OcvRGuyAO43uKOg/BmegRDs7AapVsm1+um5hwLdI5wFzMvhpWJw7j7D9hfIS9K8VmLULKy6q+G4fg4s9QklxOg5ExgxUnWnANsgXvct6k8dr0IkZtcVzLGc86XPP0Qd5Rgtcb6JYITSezssL7Gn+rLnNhvKQZVoeOCJ4vyB9OFwcv0ESs9Cx8tg2ZDZpYSkVMoIhoi3LUCinozineRypy3+ItrMRm+PD8wEPZGlwcAaFhDSAML+xpKSCt0c1EqLsF8CtadbXuyNn3DsNaOzWWQha+47HiVl8QipSfF751hVtTH9Q== openpgp:0xDEC2998F

View File

@ -11,8 +11,6 @@
]; ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
(builtins.readFile ./ssh.pub) (builtins.readFile ./ssh.pub)
(builtins.readFile ./clerie_id-2024.pub)
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnUBblmmVoMMBftn4EnwnzqR12m9zill51LpO124hHb10K2rqxNoq8tYSc2pMkV/3briZovffpe5SzB+m2MnXbtOBstIEXkrPZQ78vaZ/nLh7+eWg30lCmMPwjf2wIjlTXkcbxbsi7FbPW7FsolGkU/0mqGhqK1Xft/g7SnCXIoGPSSrHMXEv5dPPofCa1Z0Un+98wQTVfOSKek6TnIsfLbG01UFQVkN7afE4dqSmMiWwEm2PK9l+OiBA2/QzDpbtu9wsfTol4c192vFEWR9crB2YZ1JlMbjVWHjYmB7NFsS0A6lUOikss0Y+LUWS2/QuM/kqybSo4rasZMAIazM6D clerie"
]; ];
}; };

View File

@ -1 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIzEQEWeunhkzP+invKjdsZe4rbUloixa374bYEhBSA5 clerie_id ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC17V4z147CtKGMvnAEC8BATO2Dttut9T8q0eIxGwmCVO96s/E2ZbxQSjqp9FOuAhD7xJH4kUf4uwlM8yU6sFnWPLbawFxlbyLChTurv2GV5polkqP7awHU7WP2DpO8vhPYcoo5w2GI/q/IfL1+6KHqAuqenQw6H/fERllMkYnqyLcJqfoyfFXD6r/TJfhpB5ryoIeX45sakZvjtrIYpGjjHMjlHu8RG8zuad6UHTg7NqLnYCk2aGcvvA8H1OP/vfuAElhwwVEekKD2VvDcARmXyRyzKl7qCoqXZLRHrlDH+oqKzQLctTjDmGJtETW2Oca3NM6fp6xuuI8NHQhNq1SghoIQDu4LcdHQtclc5a8oOV3C6O6fpgTZI99gp6OcvRGuyAO43uKOg/BmegRDs7AapVsm1+um5hwLdI5wFzMvhpWJw7j7D9hfIS9K8VmLULKy6q+G4fg4s9QklxOg5ExgxUnWnANsgXvct6k8dr0IkZtcVzLGc86XPP0Qd5Rgtcb6JYITSezssL7Gn+rLnNhvKQZVoeOCJ4vyB9OFwcv0ESs9Cx8tg2ZDZpYSkVMoIhoi3LUCinozineRypy3+ItrMRm+PD8wEPZGlwcAaFhDSAML+xpKSCt0c1EqLsF8CtadbXuyNn3DsNaOzWWQha+47HiVl8QipSfF751hVtTH9Q== openpgp:0xDEC2998F