Compare commits
13 Commits
6a5c340016
...
79f78cbec7
Author | SHA1 | Date | |
---|---|---|---|
79f78cbec7 | |||
|
cc0e575c58 | ||
d0bd09896a | |||
e094afc4a0 | |||
f25723941b | |||
1da102386d | |||
1e45b64387 | |||
ba30850a81 | |||
a7b8569ed8 | |||
27fb1be845 | |||
9fd359f14e | |||
28e1168c7e | |||
9c7c9ab183 |
@ -14,7 +14,6 @@
|
||||
# Deployment
|
||||
bij
|
||||
colmena
|
||||
agenix
|
||||
clerie-sops
|
||||
clerie-sops-edit
|
||||
sops
|
||||
|
50
flake.lock
50
flake.lock
@ -1,26 +1,5 @@
|
||||
{
|
||||
"nodes": {
|
||||
"agenix": {
|
||||
"inputs": {
|
||||
"darwin": "darwin",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1682101079,
|
||||
"narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"bij": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
@ -59,28 +38,6 @@
|
||||
"url": "https://git.clerie.de/clerie/chaosevents.git"
|
||||
}
|
||||
},
|
||||
"darwin": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"agenix",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1673295039,
|
||||
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
|
||||
"owner": "lnl7",
|
||||
"repo": "nix-darwin",
|
||||
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "lnl7",
|
||||
"ref": "master",
|
||||
"repo": "nix-darwin",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"fernglas": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils",
|
||||
@ -283,11 +240,11 @@
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1715087517,
|
||||
"narHash": "sha256-CLU5Tsg24Ke4+7sH8azHWXKd0CFd4mhLWfhYgUiDBpQ=",
|
||||
"lastModified": 1715266358,
|
||||
"narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "b211b392b8486ee79df6cdfb1157ad2133427a29",
|
||||
"rev": "f1010e0469db743d14519a1efd37e23f8513d714",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -299,7 +256,6 @@
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"bij": "bij",
|
||||
"chaosevents": "chaosevents",
|
||||
"fernglas": "fernglas",
|
||||
|
10
flake.nix
10
flake.nix
@ -3,10 +3,6 @@
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||
nixpkgs-krypton.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
||||
agenix = {
|
||||
url = "github:ryantm/agenix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
bij = {
|
||||
url = "git+https://git.clerie.de/clerie/bij.git";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
@ -37,7 +33,7 @@
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
};
|
||||
outputs = { self, agenix, nixpkgs, nixos-hardware, chaosevents, fernglas, nixos-exporter, solid-xmpp-alarm, ssh-to-age, ... }@inputs: let
|
||||
outputs = { self, nixpkgs, nixos-hardware, chaosevents, fernglas, nixos-exporter, solid-xmpp-alarm, ssh-to-age, ... }@inputs: let
|
||||
lib = import ./lib inputs;
|
||||
helper = lib.flake-helper;
|
||||
in {
|
||||
@ -115,8 +111,6 @@
|
||||
overlays = [
|
||||
self.overlays.clerie
|
||||
(_: _: {
|
||||
inherit (agenix.packages.${system})
|
||||
agenix;
|
||||
inherit (chaosevents.packages.${system})
|
||||
chaosevents;
|
||||
inherit (ssh-to-age.packages.${system})
|
||||
@ -136,9 +130,7 @@
|
||||
chromium-incognito
|
||||
iot-data
|
||||
nix-remove-result-links
|
||||
nixfiles-add-secret
|
||||
nixfiles-auto-install
|
||||
nixfiles-generate-backup-secrets
|
||||
nixfiles-generate-config
|
||||
nixfiles-update-ssh-host-keys
|
||||
print-afra
|
||||
|
@ -9,8 +9,8 @@
|
||||
enable = true;
|
||||
ommIp = "10.42.132.2";
|
||||
ommUser = "omm";
|
||||
ommPasswordPath = config.age.secrets.fieldpoc-ommpassword.path;
|
||||
sipsecretPath = config.age.secrets.fieldpoc-sipsecret.path;
|
||||
ommPasswordPath = config.sops.secrets.fieldpoc-ommpassword.path;
|
||||
sipsecretPath = config.sops.secrets.fieldpoc-sipsecret.path;
|
||||
dhcp = {
|
||||
enable = true;
|
||||
interface = "enp3s0";
|
||||
|
27
hosts/aluminium/secrets.json
Normal file
27
hosts/aluminium/secrets.json
Normal file
@ -0,0 +1,27 @@
|
||||
{
|
||||
"fieldpoc-ommpassword": "ENC[AES256_GCM,data:F856G4jZjbj7RQ==,iv:svnlwqEPMDHHlSSv5Anv7w7TlDjHUBmKqiBL+IBV+1w=,tag:fnySgzaHzf2paWEBwD4DYg==,type:str]",
|
||||
"fieldpoc-sipsecret": "ENC[AES256_GCM,data:ysnHLFHPbOcgTfoAmZy+3Q==,iv:6G66WDGzuyfTzezVK0uwY5Ihv22dR7x7g/A1fvxUhjk=,tag:WUVNU6Bw5u0kyHpyFsKmaw==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age12nr9jt7u04ef0uf3h3pmh5wsw0t5ax7flwtk0t57zhsqj7s0lvnqxdgtu4",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2SVJHaWVpVFRtZ0tiTElr\ndk5jem4xbm1rTDdkNFdEanR3eGljak4ySUFrCkVSKzhOMzB6elR6WlFtaW5vTXZK\nVE1TZ0pLcmo5alJnL2thVWVvRmV5YjgKLS0tIFJUY3pVKzhoSDNpQ0Z4TC9vdmNL\nc0RlZ1pVUmhIMjRPd1ltZFBlMXZhZncKgtH6HYaK9GLPmwHpIRXwwyhWLqHVvhDV\nRCusRPXi7vpl9Codn/gKa1yhtS+Nbrftpfibcf4Zpp6tbICBJw6Chw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-05-10T12:55:36Z",
|
||||
"mac": "ENC[AES256_GCM,data:rYVMHm97fym9o88cF6IjPsOl1ZgIafIlvw3BhS3y1tFKuiIAmsqL+DvD+yy8oLz2atvyxIdcKihDRNoriC6V80WZg2jqedSbkK0QQHng8z+9KE0SAfoacuJqb/SMULOPVvW81Zhox3Y0fbSVdO3WScx7Z0czNBZ0JGWVObRFbHY=,iv:97/B4g0JTHLlyR9yV8xqhhDnkDDfS9VhsXFb8v3pMVs=,tag:No47WYn/Uk6R2mq2j2gpzw==,type:str]",
|
||||
"pgp": [
|
||||
{
|
||||
"created_at": "2024-05-10T12:54:53Z",
|
||||
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPARAAqgQosLYib0E8DjzA2YFhXqSvsDhRQblHDMNgTuO2/LkB\nVFj674m60/04eFHkUzAo1Ix9W8ji3Q/vVLJ/bLcfx4mGS7atBNzCFHlRrXPcSS5v\nMyihaRqfusweNTwYF64aQ2iE/EWjEDRo4Ssl5aOoilnPHpIqaTyeIbejzHoZWqqi\n7GZttP33NiQP0iWVO4SXlwkF5yuZT6qaHjUIOQEGImz5q87eMUtTNm+Xf3Qx/jAw\nqSkxwN5ySMuMcMqGpShhztoXpe123YlvNr22fZzkBHU5AwakscC5nf8skaMc2Lrh\nJ/+qFL2tWdgEf/fPd7aYFEIuC2YdJRo+yGMZ9s2VjD9ZlBQUFd8KZhytxmzoO3rW\nNKPM7/4tMyhdomt+uKqQNrVDOFMdyR+xLowyGgVqn9MDDDcnQhEdGyqk+WEeQCWN\nXlrQEVshHvC0YTIIXoyFljmMo/z251FoVY8+PHZOQzAJB2RyUIzjEDTX3a7xDNff\n5j9THrSloPLXuW9lXQO8qX8h/50GbJ2Hjpapslx3jhYx7viOHp2h3ojXbNditrIE\nWHEw679IjgTuantfnTzy1NPtIVvH5twrncPRdRsOqVVL4UHI66O5SCATAuVFXM7O\n+ZlLZS3TnuHE9JDlmV1Ts065VB3iYxXA/3p78gCcVp9otQVeDSVq3PTmKzUCLbSF\nAgwDvZ9WSAhwutIBD/9xwPiMUY60fKMS5/BoFYxKB4Ml41MalHdSURmU5IMp5oax\ngykVOoWmOTw3pm90lsZg809SwO3rbJjejMzzUZZpN+vN2pJbZeqRaY7Av/y1K6Sq\nlWXY7Jzbw2bI3JDPVq0tetM4EixGyN+P5p4tVB07BxKzbaN7dCFWk8EkFZBS5Fg9\nQiqLBwk1EofEsZHEbw6BYPivYHi0Cy63ghQ8t66SfhMyh+s2t9jPFB7s24UACaOe\nQ2aC1CP+kDvEMIlS3StNcHGUvZ73/CAkbTmbb0gynFw3odNN7+8tWHmWL3J+0RaO\n0TfXABH8/A3zka97IoZvMt9SqO0FT9VrxE2xBp318rsTfQrkYN8UiiBfvGjI6Gc2\nlZ7qXgFa1tlzYmTjYYs6TCxyT0a8mCt7wOS5yFkph4pXEumJIhh7nmJlr3/gdapt\nwA/LhAq63+UNCGvAKum2XdfwycLDvxciyz40c0ZN25SDQ+2WQp51/GESvVQNDyIc\ngI+BTFSxVjW2Qs7WdN2dJeQ7bLmN0EpGNGszHYiz/T0zowvuUiOrfjVdoNigSPwR\nSeNDI7KQ+miLiqLCSSNTF6D3MlstHBXeEfGLbJ1qFvT4hX5ErI0xmn3lVeAeQIAu\nW9wMvtmMtt7XAef9hzyUUKvnkf3pQw+GBtvY4/pCJrFWKw8vADmLZ56t8UlNFIUC\nDAM1GWv08EiACgEP/icY5+u/9/LLXcnQ0gUsOwL1ChTAOnJxl2Dfu6Wdl/Xohe20\n6VsznYeAyOQ7pq0yweTRYejx96S5M1H+M6uZJPt4lMUaX4/WwM0zJeRH0nsaqbQT\nr6YUZX+jWKhVtuHZinmSLLo5Kj/DH2DPkDPH+ZZbPHjbsltPnYggx8x5NfseN1wO\nLe/dUCz3uH0LhgMpIxeQRWJSkstV64F907SyuU8fqaQJbq28YuEYZS99yE4VTUH/\nYion7EfHpAU54f9SfAahe4VL4hvDIKQ5qbC8JiiQnPYXElNwvQnDwOpysOAq9LQL\n0VXanXeQf/mXfjRc+NiiF+7sfavSRNmIkKOm8xEgdEASQ8lh4UDhoA8mcSnB1dFJ\nAt8YOmkPEC7kplF2wQNFI0RpI+xsJ4hxsCZ3QFoXNwHK1HbeEZ7/FxtSvzxFdXsx\nNyB7EagsIMq/G6R4J9rWCHAf9LKlnFNyVzMin2LoOUtp17yvODXOszKVEj38TMfr\nz9K31QTellrFzJCNTY1VwZyb1JJfiVsbGCqJTbILB3SYV36Lwb3neAvK1P4KsVFY\nDIqMHeY3oLoxLyHRajtjKxhYTwjB3c0ov2IAqOszAvwnO9YBClxeewMt2/Vv2Eok\nzgkEV3cTSZCtPPhF7+C/0bZ35A1MDNXaG1AyQS+4idN0a3LuIgROF3Ow8gB81GgB\nCQIQBdPtKSJqTekbsvXlb4HEHZmjdwjoinMUiuDjAsccGSAvuEqC85NLKjn3+KpK\n7nYnI6NAI6SJ4IUy6YJ4/nKPw6hKTEn442rhUDMmQ3dmCMQFBTLx+VSUpsHE2SSL\nyZ8fqDq6Dw==\n=LtRd\n-----END PGP MESSAGE-----",
|
||||
"fp": "0C982F87B7AFBA0F504F90A2629E741947C87928"
|
||||
}
|
||||
],
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.8.1"
|
||||
}
|
||||
}
|
@ -1,10 +0,0 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 HwR33w dvnkhXiz/AAZa3xT6RDx8OIQnBihgUiBddXtVB85JTA
|
||||
NqFXVizLIgp08r41jP1myZ/sfOcHYRk7qvPrRjH0KUA
|
||||
-> ssh-ed25519 GUpvaA X5Nhz0ppW4smw1cVZ0xPwcgcCREpcF4OHIjgwelm6Eo
|
||||
N3rA06TZIEOgXGROcTUHlGSN4jpisGbMXX3WnHoIKek
|
||||
-> }zICz2Kn-grease ;yh
|
||||
NSFTNcxuAeDoIHy7HqGJn6FD7t3admS1EiIlVuPvcY0X8lqUKACMAym8GcCd2vrQ
|
||||
VF1NK0BsKgW1j6uUFASqBn5/us2Nx6/mwxdaX4QBGINlkas+/zN53bM
|
||||
--- e+nEDx4JO9clhnhTKZLeTuUdfRSHNJS+kY2UA46j8CM
|
||||
öH>9 㱡³§½(Pälû<6C>ª·k<C2B7>?CÚ<43>â,x¼}ÔW³Í?a*Ê
|
@ -1,11 +0,0 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 HwR33w IXd1561I7Ia8Vr1nlqcMCMN9xF0LXlpXPJUIW102UBI
|
||||
KFpKJdE6ge2yE+kp1pYcHnmn3th0m0X2iETZ8rFze48
|
||||
-> ssh-ed25519 GUpvaA VyC2gxp7m7uz9ba1qmjQ05Cbi1ZXpkCU9ydwpYMAlyw
|
||||
LC3flGQhaBdl8LeJnG5HbEBXcmEbDarWqZ/XFGhUAoI
|
||||
-> _7e:/rX-grease ~R' V
|
||||
KlOMxJRircN7onkmcF3Omw8Nseg0kgx9CsqdRsWV9jVV8+aY/4SFRC2cllIDOIQa
|
||||
71hNmC6LqcOW
|
||||
--- zr22gxWcsyuMcUg3gXiIUPvbsV/dE2hRvWD+e6i1B98
|
||||
®áð1â("ùîSb/ûQ<‡*nÉI<C389>ç$IgšfÔåX¬Ý† ÓÇ
|
||||
¤
|
26
hosts/carbon/secrets.json
Normal file
26
hosts/carbon/secrets.json
Normal file
@ -0,0 +1,26 @@
|
||||
{
|
||||
"wg-monitoring": "ENC[AES256_GCM,data:+k5MgBrj/psMCE1T2jDtCCJI9Q7L+wJ3j83inNkeGp3LSUjoAPtBp4YoyL4=,iv:C19g/Lqi+cWAyiJBMNDtgLc3SDNI9bMBrBPWn+26mVY=,tag:9zIoawuGeGCMbOX1HKR/sQ==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age16mln27e2p58gu6dpxfclttmuzfnq39mv62kthjpps33g3nl3scfq449857",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3Rkd5WFE3aE5EQzY5ZXV4\nbXVGYmxTdVg1ekRpVjlRUnozY2tMTGloL21RCktjZW95OU9ZZ2owTCtMR1NxaXJn\na2VYS2ttb3VhSjNXOG84UUJtYU04QjAKLS0tIGd3aHM0RldFYnVFdDRVS0Vhc3BF\nckJhYmN6a1FJUC9ibks1cGlRaU1zbFkKE4ClunQ3XGAILwluC6iYFs+rlR02PdhK\njOmPbOlS0aNG0hoC7Z6aetgpj689AkJgl68QVcyvm+ecHH7TOT7l1A==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-05-10T13:06:06Z",
|
||||
"mac": "ENC[AES256_GCM,data:Suz7S6XzlEMvVVRMb1YIkeiZWRcnadFeX6oswLiZSc4w35Xw/nn/XY1wsWTZEXj+TecEyhWJDzw27mKLRoqClA9BqPT0E1nzkXMjb2aTp72DjrI6VuBmbuUDBQgKDXToEfrv3/H5ovAT1s69nlxYDqUq185KR2eMqhsJPUwMRSw=,iv:0vj9ezTPxPyx751iEY++GMnzuQ/HM0tgLwAeJpk7CAk=,tag:7nYfqhy4R5JOYR0majlafg==,type:str]",
|
||||
"pgp": [
|
||||
{
|
||||
"created_at": "2024-05-10T13:05:56Z",
|
||||
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPAQ//ZkYls0F1NMJDUkJw7tOO+pgRm6R8u29qNLAbGMtMGGqB\nwc69WpYfO7hy2IQKGcGBp/Qrp5+gpmNBGjyq6AKEaox1TKCu2drKVRClH/Htzjhe\niAllegoS1Z0W8RGze3C9i5SiUHvVaK3c2iUJ8bCTitTgUZNvteCCgXECL42Jjb49\neGZSsTDkSUr89wECHs5thx8SV2hcYk+mZk7J/yZO54BVHxZXPfYdgyINwWnmU1vf\nqOnePaIBiRTz3+ICvb9pnndlO3KEXClnBq3N6q9IcNgfH/eCenQPc6Z2TRS/2aGl\nBvK+zygO9QJVJcprNx2WdTahf6fXGU8ZmvWj9R3wv62KmQNTWmLQzCEzpTxkfpnw\nMY2WTSFZ4EHm8xSzQMJK7QyXLyH8tOemqb/sRJpaFdvLIw66nmQtAHnY9xcKSOrC\nGdN0pyX7yEtFajgRfPU2kQb9wzyoj3hRU2lNlsvJC58R+rMLsNw5FT4+LFC2RBO4\n+E7th4fFEj6dyFfISRZfi/Rj4FWBtHLxLBm15xEYRoblciQDb0o3Qh0SIgbxnaCG\nM3Dp8zJ1EiWLPtxUo/G/8P0MkfbzuO9h07ypM/Y8r40Yrbxb4QFadXEeYcNMaRGz\n2UW84LNipLeirwQVajQv5FsCRiBCcU6hoJ9MCgDWKWDU45yFy5UBCZ88KH5PdUyF\nAgwDvZ9WSAhwutIBD/4iGSjtc9LI4OR6UXOWwm78lR685QvVy4zwdwaFzwXECWGn\niPKj8H8ku9DxxxSr316/8eC0IEs2mcyU62yVbrGP5fp9zsNnQKp1LQVPx+9tyzi3\nKrIL1nFQreMtqSKn7w/HDWG2HubbgazZAs97tN9hTVtMHCE5bu6nmRcBnnzNX248\nH+kFACSdP7Oya2TiJNqSs8JrB/BSZu2nk/yVwDd6y+mgkXKDjzIUK8B6NMP7cwf/\n4ukNkhgCaO4vGboKl6DIIMtkEkGlPcxqid3XRSai+KyB1hucDei+ZwCKWgR1W6PW\nYNTZdL6gwz/t5AMxoT1y8lnoNrtmvv6HzmlytKeuK64h1oOwwUdruJFnGGGVVfuC\nLoJPKF7CX4JGPW3hvofrXMfaJTBj5cyuUga02yiLfYbT4bUqb78dOt9AeKx4Hkej\nZvmFoaivMwWg5rkKjt9frI4b8ST/J0tmqwdLzYsrUUdBItviBEulv46jYlHw/qME\nP2hLgr2IeSEutaxyYxQl07rg8b43T8RvsRsQ/ySKn+Z8qC7sDxzXsRLeHuOoZnDD\nyf1UTSt9dfKY6oJ8SKd8Q0wSPMcVd5KgW/WIV8Wp3he63ONOdmiQgLhF++xFtK//\n0OXLvXVsT0qQBBCY7sPdfVQsSpjENl0ef2o4+5MirIzoFTQdRk3jINnoGzmQu4UC\nDAM1GWv08EiACgEP/0Q/h8MGGVjAvJGxloY/Ed4gvn2rVn7Uw6XPUktSoUQnwq9A\npmMsVDnrw2NWjWktjjgFC6HbMtkAlNH7UukxCzvTimwl5KOib8Yk+CKME6KGlFmh\nvEfx6YRmvDrE8qYVM4MYXccXUW4vbbzGJl9ReRH3ouvlxSIeZ8zH28EUE8ntVok9\njNcUHt05SFrM8O5LdjsCOEV1ltG8IWIPL4kVVDWDgy6WHzm7+lcWmGn0B9Astrpp\nxKnk/mjJoivoUpJoZcFpr5U8O4kcCrwmQJppn6/8xiJuoFWbSjbWw7M4BPWK3LOF\nRmgfv8OVgZ/DvR6uCkTXg+yc60s3DvbJ9KSLSjPguxcmUPNTZwZrH1fcsbgpSgfS\njGb0GouQDNY62DsfyGS1JEGiuG2SZPZajIbOVPkuxYvUbscPWjdJhwvRdhdF3/6t\n4tAM9b1Uf+xmFhbHBcqAeQIRxCSERYVeGuHxg5JOVmQkjFOJptFZgJEVCqP/0bPA\n+AoSF/Wq9IpuKH+dirU9RVATc35F4GP4gc0mKjR03i84+DDYvB3l8oeDDlYUygga\nueK2+HX7BDeQmdh4nWxV/7An1owt3DATj2dve437cqUtXhgWprea9VOzzl0shZyw\niIRukJq7A0IJA70gPXNOhLhls4fv9VdecNlbuF8NROA7t9Fwx0G36uysfARe1GgB\nCQIQnwDSpF57ZfhaQjNGmGCGXW51ARrlC9gHevQ2M8gIt9TowIJvkUJRP+1rsDXq\nGekIV6a+rNpbr9Lbgh7EbEG+OoHRSLD1sk5aK5nNQRUqlQprNqfxJ+wr6qkqYdGQ\nYLcwaMzwBw==\n=CejJ\n-----END PGP MESSAGE-----",
|
||||
"fp": "0C982F87B7AFBA0F504F90A2629E741947C87928"
|
||||
}
|
||||
],
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.8.1"
|
||||
}
|
||||
}
|
@ -1,9 +0,0 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 HwR33w IkxlO8D2o7SoBGyg9/edvw97sAqj9e1nUtQk9ci8tws
|
||||
t3mju7vCMEQcOs21Q56U53hTYyplMlj8L89oVVcgifQ
|
||||
-> ssh-ed25519 5EcjHQ W1oWURPqGGfSwDZbIfqKVBBL+fMdLh1KnW3mMqALWmA
|
||||
RbuAx/Sgj4wmuzijnjtS2Mai3n0T+89qSv2v5pxDfVw
|
||||
-> w)}-grease $do
|
||||
nc2bWeMeBxc3hd4XkX/k+isQudb0VZBD
|
||||
--- 3Smsch2WrfWCMaeQffV+52LBY11YTtUa9K40DWrsAzY
|
||||
Ç×›Ž¼öŠ¢u•í€In´m—»)”n‰ÖO'ÜÝÎÂq—̨¹r•Ü R{€Ÿ›âT<C3A2>=‰žé+ò’ïjíc‰? Hw]dBaÏú
|
29
hosts/krypton/secrets.json
Normal file
29
hosts/krypton/secrets.json
Normal file
@ -0,0 +1,29 @@
|
||||
{
|
||||
"clerie-backup-job-main": "ENC[AES256_GCM,data:cAjyW2/vT9XRdfLVfzAboPgxORi/ji6Vznw5SifgIX07Y1IipfMy5axCzh9HmfdaSlasrn/r4GAeW4zV1ROolw==,iv:TwE1Vovs9Lec079lf3F/0lO5VmCstUoI9PxSec31O3k=,tag:fuy/Kg1ZQAEZdEk6OMpoZg==,type:str]",
|
||||
"clerie-backup-target-cyan": "ENC[AES256_GCM,data:IWIeEQk/apNO/m2eC+4EANkXriGptG9S3H3IWY1lWHJ0UTDZbBLYizRbP5EwS38vGgsymUzvJv5mdIKEzGyBKQ==,iv:3nuh0A8pDoeCtMj8HBhuv/5uRawXJsd+LfXb4VRPd/o=,tag:TJPxg+9CQ7l7ENwKzhqkeA==,type:str]",
|
||||
"clerie-backup-target-magenta": "ENC[AES256_GCM,data:Ql3mqe3GVsS8yF2pvZj4MItCUG1/tPnMhAsvN21iWSNEiRS48Pt6/+sx2n7Xo8gOvMXJuxSUZnBvgLWCUQhysw==,iv:2+lmmNt0mgqFvd6JUcSo/6MZmJvD/wnkF/IOvTIMmVU=,tag:k8D1U+bS1T07HRqnlI0Ybg==,type:str]",
|
||||
"wg-clerie": "ENC[AES256_GCM,data:m3zjtNxBCrfJ/ESesHGEPTLrYq0mfLDl/ZlIxpNyX2ONNe5swiktBURLdHQ=,iv:yK8eHemA5VPH4BM/5fKbz0bmWfrMRU1d/rQNUWUAar8=,tag:p4kTdpmnuCZKX8vTO3ndZA==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1mg72cmpk494cpfcxqm4a8jjfje7hkx5jm63rvqnctz5xexxf5udq86nt5g",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4Y25VWS83OU5GckN3Ry9n\nbDcra1liZm5GNU1pK1FqRjlWb2ZsR3Axdmk0CkVhVmxrbGh5VVAwbnBaSGRHY1dm\nMVBzWWlEdGc4bm1pZlA5TFRmVXkvRHMKLS0tIFU0UXBmMDczWU1VM2NaanZnSDZT\nSVRmRlBGVHpOeTh6a21LUjFQMlQ4YlEKwtXhnq72eSDxlJtffZORc8k6F+z90O6w\nJcIMQVkVYGXk+AdGQH/FC1R/0Y11Bl/1mI/T3jIxfRXYgXiribTLOA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-05-10T13:21:18Z",
|
||||
"mac": "ENC[AES256_GCM,data:UFJv7bRwWYac+ZrDBBDzWiAy600/Q6qLR67uSr3FMBok/M1i9Krby+bf5YR1raRsTMeIPI8X4yqOs4852P1CRIWKCeDuhr9NSA7WJsIJ0HoWRjhMHvr+TYQcCw42cMQ6tHtkA6+kjI+uGYXR/KliEWz6CCGuIxpx1dRv/kqf+ac=,iv:CWcOA0IoN3gb/grUaRR+ETL3RSp95/6AtRbUEhH3D+U=,tag:Kc4l+oDYSpfPxZprkzE+dA==,type:str]",
|
||||
"pgp": [
|
||||
{
|
||||
"created_at": "2024-05-10T13:20:01Z",
|
||||
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPAQ/+M3IkbIxRCm3arVo7nLrOF9tgtVytEHtxFyTc7Gfp5o1C\nz3u45WmI8mXG3UqCczHFmihaY6XQrLJkSQefnKkw5PPGKTOX3QiI92wdF2tkj6ib\nZTpNRsRutGUZtu3xSvq74uBt3p7a5PJQtl4GS7zqrMKdeZbseQK1Mf3Ezncwn9xb\npcu7bYeQhwIc8zpoOvPQr6Y/8dHakWHuOGIk5LAXKAHT0CKwM+PEJQu7Delna3HE\n7l5EEmiklmfVDoM49AjgA2LN2av7naCsEfwfN1k2oy9EXKuuUb3jlCpa9DpFTbLu\njY69ITOyePx2vMww+HFVSyLMZ8NaA80aV/2tbJiJRPruDFU6QjJRDYA2jcKnHXIW\nDTTC+ZqIxbizgRcjJC8M+0qafd0RdwcL2nBO795bBtVzMncXWyH/NAFqehqvb3c4\n1VjBemqrPZBNTFMuJx8sEQVv1ZUbjybMSA++1iNA8eWJR44rbmNe+1Ie7aTecjAo\nbR8CnpREPPJ2DAQ1QQzG3JDWdrI7yiEXLSpzme2Qju4Vsc4heuerPBCJJYTZCqsk\nOgZnUpzKX8bPT1GoqaLuyK7CNL7XRsoHRbItYQ7Cd/PLsLt7cO8kJ/ox9CYSVeN/\nefKY4YVE0HQP7sewzAArHQcapZjeG1Q1+yxfzuL8Dwi4smsXarOaHO6Kg6LrnU2F\nAgwDvZ9WSAhwutIBD/41WAEJg6UPkwyHT8Ng7YbtCGwOgHaz0oF0uk/RnUTrFg/l\nu5mHtnR7gL8fHPewSi6nIAWbXMyDjVhhMaPiyXxYkUYA0VJcpnaStUWKNZoEgSkH\nR95IgyEB7ZeehQ91X2oYc+fdLvklaCTH7VYRe1CaCQRufKSI6Hgm8BucPFV0Go/y\nUwGtDjB1VXeXU0S403L/QY7GlW1jXXl13Te/21/Xl2B/gZbitnex8FQBXDZAKCRF\nIU/KcD9IE6Acb6e8zQyAPDPL9AO/mAFz2ukGJQ443Nn14jXRNDtusiAoS2Uy7D2B\ner9ZflX+tMLpeGnm/hJPQemLeqiMwU/bcxqeZSwWFPCeks83InbvAao55PxmwT87\nT9EaGIuTFGWdI9BfKxt6qWI+W9ofsKd6wVEjj+yHqCIHUXeUcyi/rX0Y/hLpgcSf\n8MxxKVOHNGcCd7LDAYvxdKEEzSehs8fBIDwq+lJ417VfrxssUJnGMmxWYisPmvYD\nM6fOT8N7nB1pEsyqy5DnjDRtWWfeYvOCTqKdiVkbMzf2xzX2v49LmOghoHekPIfX\nmsU5jClQEBpWd6OsGz+5ofZv/qI1E8sBfbDmC7w6ZV4j2fAIpiLWRofeAKxuH6CV\nliAUr4yfDKJcMl51Jc47LjmucRWdIJvzWTI1T9B92FcgX4QR+cPo+JiE16fwpIUC\nDAM1GWv08EiACgEP/AtQE2phftv+vC+hyDkeCvAYoghJ5AAbmf19Zhkbx5IOKGcd\nuIATwpdu+zXT50QxIWhpCTy3O5ydWfnIIecLB+pA/m5H32j0NkawPdsuz800gndt\n8LUoT98ALm6bMv4xfOFbI9BvGSUUm37oLvK/xVIM+1L+4UfsJ8yTZPUTzbqSOTTP\nvJuDSnRScDRhUsmQUUa7icoH/tjYfbNEdSaUN+PzyvQsHBfedsThGjm41IxhTbT4\n+axNCpPwBH6H36mvqPmXqg3ty6696EwPXAspBJBT3Z0Y9y6f/mrF4bCDliLtqtf+\nFlKnjqSxZv1C6d0I1ExjkxB3FAiXnrH3Efpbd/AIgtaEqHDgCdVYZU+oIVI7q3s2\nxUqSnUF8oBcOnH97Hv8B/cUZ3susfFv+wji0c+T4whmnQultiNOrHqPtu2ZbNA+n\nXiU/qla8TCy1wQlBmPcCZSqXYlYBF+wUP+oO0wqztNbfQ2E6mxot+J+UBpVpI+VW\ntESabVHLtpT3pcDfUv3yIrXcGkrBwt5gwYCkMvbyWKnJ2fmBBuhFpKYos47QlAnb\nf92frPEZm92QUJwNWm/bZ7O/YfrGef8Ckkv+gPKYlqG1zwJ+si0KLp2W7WLwwHSv\nCeeyaTADB5IKd0PTehdizGmI6TACaO0VcE8SmfI3fDiGA6uJ25pseEpy3j5B1GgB\nCQIQjUqiPSc+z4VvCYaH3fKH3if9WWbk32tRgTA/ANmYmCO8Em8P2Dfi2MToIAqi\ngZLdx2kQHf+TnnbFly2QrRdoA/pAbuc2/4/wNcBTPaN1Aq8RDkalG+Hpd20jHuRJ\nHOZBWaG2ww==\n=k+uJ\n-----END PGP MESSAGE-----",
|
||||
"fp": "0C982F87B7AFBA0F504F90A2629E741947C87928"
|
||||
}
|
||||
],
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.8.1"
|
||||
}
|
||||
}
|
Binary file not shown.
Binary file not shown.
@ -1,11 +0,0 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 HwR33w VDZ3mtQaW1MsXQ6gan2Xcfv4/8IHHdMsPqCZDuauPEE
|
||||
WSUmbw8NXcgkJf06iNFGsx7tNiVt7VAnynqroRymbkU
|
||||
-> ssh-ed25519 xvh52g ie1NcuCJIJrPX4oklSLXEoxd6YmapsbOr4wf6TrJYEM
|
||||
lx5xuRHZXXG1YuYoDUlvPZxxtfDE1Sv/aStz53mJ4nI
|
||||
-> ,TT@-grease 6JH, x4O9 $E$9`?` &
|
||||
pd1+tQGZkVIl7xbEsdJw9zQiNjy2/83PF+uAaekiLTolgHXmPWIp70ZsL6oHA/G6
|
||||
y1JOCL9l03GSgbpx
|
||||
--- Lv/Xf3QnA523yOR63Gugq9mvfen5+YR2OYwGEim59B4
|
||||
¼JM~Õ«°@gû&’‘V<|ô–Ÿ®fšÑ<l
|
||||
‘Jß–V{¥àتš¸2~i.úªÌ1´á¬<C3A1>Šžg‹ÌRb©NÇŽòe¿Œ9NdßüÚÝ|F%](_À–|
|
@ -1,9 +0,0 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 HwR33w 0Y7NesE81LYY2VHbm19hKWEo8p9S8T5aMnQku3wxQBw
|
||||
zwmczl908y+wPZ2p9F+zqNxZ5i71lp3HztvBAVCWmcg
|
||||
-> ssh-ed25519 xvh52g UKiSotdLrKTXzD2NI55W/os6CSeZNbq95aC+ThyVRAs
|
||||
k539/K+GeDXttvFpAaNPEB73lXlnWuRmFU7p5D1xT2U
|
||||
-> E29ePW!@-grease
|
||||
Og
|
||||
--- RTfeDZoUpF9cpXKRKKlQmnoooxVj7nRB+ef1G4bgvDI
|
||||
á÷^¡pͧåù|Ül“ñ‡`ºùmïþ¶i¿bh´ 5Ö’‘ë¶4›òÑl%Ýn„¦àÔp² ƒ‚+© ]i<®Sjñù^™<·»ÿ
|
26
hosts/palladium/secrets.json
Normal file
26
hosts/palladium/secrets.json
Normal file
@ -0,0 +1,26 @@
|
||||
{
|
||||
"wg-monitoring": "ENC[AES256_GCM,data:ip6L61RXAVxaPqizhNTr6zVvKgd40CAsgeNFoAXMARM1nl146ayHK2q7mhc=,iv:G4WLmcPpJOxTcW0bHuEwWmth6u8fYoH7GmpkMo8Z3TQ=,tag:xJ+wCVEUMdqfXPcwgr9WSw==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1tl2cd730ctn6jcgg0vf8c5gg9722umk30zwvcwxhejh26p3gt3ds92msyx",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsNHllOHpoYkNyQXMwL002\nRDR4eFVRemc4bW8vYS9GWHFkcmpRbWFFc2tzCmFjV1ZNTzhOYjM4VWltRGhaQ0RP\naC9vN2hrM3NSTDlSd1ZJTldXamJ4NUUKLS0tIDFuUzRKWWQrUFU1SXNqdEV2R1lM\nWXU1by9rYTBINTVralo0TTJmSEZHMm8KYEggCHnOyMcQSdJ9+Ujf61OANuja0ZIf\n+wa9ugc2OZrOYepkjN5X/bETdKfU33pIAL208N9HcOttfhcZq70yUQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-05-10T13:25:28Z",
|
||||
"mac": "ENC[AES256_GCM,data:fLw0q9h+rlAAiXjtCJeGPi0COEt/UvApRiOpE+ydSrD/jXy+vh2OVW57UZPRBCP1mWtqfUJLiT1BZyOWor7dsPfTvaxCQmYhGcKBLucFEaiUovGgVjxJloD8hDJvSG9SJnlIiDobMsG87MsEWpi70oAbQu3/d4JT1BPSaRpvsjI=,iv:iS7tFqZMa0OzA5ASKPS6CSNTJYYJ0zhjLmBcipjLapg=,tag:Lspazw8Pi5Dxqcrk35A6tA==,type:str]",
|
||||
"pgp": [
|
||||
{
|
||||
"created_at": "2024-05-10T13:25:16Z",
|
||||
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPAQ/+KsEUiNCgfajBMEEFsqHqNG3utLNQSLOd6VX/Rk56CjT9\nUtfiCdZCSzrtyT3Anu72auTJ+PHNAVhhHPcDiUcwY9JYXEXNETzEn0U/byS+kvOD\nNTpcpR1gSxJCj1aDqDDpfQQ02hSpKO4iw0B71gKcekUXcD2AQeeW0Djq60CusWVk\nRgC3odnyTr1CN1+JRtKVZKIa78rfOkyhmFP2G2gvsSHhUBd5RtMhJdfYVUTMIKXO\nQFB2IGCoIzE0zDitCcAZ8q6Dc8lBuAvNSiVkFanJn7e7etU3JwDhYsZKRO7jvNX3\nmjHnQ9vf0idCWAi0oabZQ1OGdwPbtjssxmQkzzR8R/paw+iRB50i1UG3/5ehXTV4\nTp/2rEwrsF8jO1bahTcrJirR7RPLEy2BvJ4ALzmEYrIoEwWuCIexrY+e2C2rXpy5\nK2+9Ch0YCaz8sc700bgO5ZkyvnmnbVJxGCaMGQtT9LXiEWvc36sUXhbEGJ0K782Z\n7uVFRs4xWsrUQHo8lFTfW/vLZDq7FvkGnDf5xnoEJp4BNYvYmMmsFiaygkbbqEdH\n2aHRCam9q5zcuBq+aA40KI1P4adIFgij+fijwQ+019JrfaMEXcmwgtOfkb2OZNOF\nXQ3tRgYLaxSae7BYJA4uTaFq60kpp1c8qgxw3WKPEiHywtl/SaPcx1XD9VJoVTGF\nAgwDvZ9WSAhwutIBD/9O0inQ/HmpwtD1AnE89SuZNuGQty71LVhX2PQQWsUdQOuz\ndKZN1wy6UxIImFGisBodUH+48k1DjbkDjL5cLSAUOt9OhAxW2Ubp6HA6wDJPqWj1\nYQMHKmHlf2zh5G1qTUXV3NNw6hSaWejVDS73WNODv1WfUFXrPN9DVLaPsS/RJo2Q\nAoDG/iedeQhIIBwrLIcQ8ttjv9MTI1GzsNRC/CjxQpDnHabqQzFzenjnVRLDXcmr\nwfw0HeTPeNh+pLYb+sBqzGUP0j1GWui99/6NUeo/TloBWJbIung4wq23gYZbHn+K\nbWJSxSy980mvjCXiRukzXlNJMwLZDVoBlPQSbe/pOApHM9HTScZ+3VcLlYOPjgZk\nhnCvFNm+4/00ZgF+tcvLOugIfqwxvOuqW4gGGhNAycHinJZuSfDHYe6zCfEiqc7t\nnHlbhNvlhC8zDu+fOurC2ju5eGv8LqFiobfsBFVdKpl9Gj7yg00S+QmjBcz0lkE9\n1BftwEQaj+r4EDa4cJHSgP+K76utv4Xzt9hHZZJo7hvii+lGxFI7rBm0xbV5bSuY\ntOhN6d98HH2++AoXufIW5vmnydGk2NXu7O8vi6sQWzoqed84ZHbJDWLQawQ8YQlR\nkbht2PzH4+rq1oOVHbLslxWkYF9WMsQRUef6ALNpys/Dj8N54gEN4RTV+SxIVoUC\nDAM1GWv08EiACgEP/1eiG0aASQogSByxl8ZbRjRg768YVR1fwTa8GG5tE7wfcGiI\njZF2TI+yQWt7gRS4AKNm1gfWEEjCH1tBOj53/Wfwn9ZuGoNqboA2jgsh2rnVVSXR\nOdXK3is/FMh9JREr669be83nnQ8fNP8nIz3snEvKVYVGcdsdkDXBz4GKmJx52NNb\nauL+4w14/0PydCVH/njsFY8FyWqP9lUFgpJU8jHjX28oTB3khwWrDs0THwqilTFn\nhFjgeCy555zeh5rDpBDPdPbLUNd094RB15zaKzn2dC15F8DMCLoA9ASNET7S/+u3\n1SjvI4XnOpxK9hyETcwjzbWJc2gV7U38VqxhQW9Vch3AvXOufMMTm6cobLjiwxjF\nl3XTMJ5GvHDZXCwrGEapy9GbHQjbd9yi0iFgfSGV4nkNmCj1jtAMUngdCqELDVU2\nZe3a8IeJswlTteGlXAM5mwnDaegMsiD/vwsq5Rtl0gs3iI3uIN4RFXuvxP+UeJ/c\ndJWqpF8vcQI4qGN3kxgB30I7mUiz1aggv5uw6nDWRJHTQKLeOkV8ssTq4FLs4XYL\n4z4qmMT5i+8bGu575py/LRDjvXBldeitnQj1jAN2y/uPNVWsZqU3S+OkEosYIgSQ\njAe3N0EyH5k3j7j43x91toYOCAkulAuPkox6GyUKKq4dCPWxg9fqQ8u4PaSN1GYB\nCQIQ3+GP0DNWupTIkTS4Bk1LwbT99lyr2DyExqb2pgXmzn05Qs6CE4+jcIxXnmUQ\nzCl6PLiw+DJ1nq5gKtTrkO96HtHGyfPiUunDZXty1/zNltYjedk7ebkWF3LNXBhE\nK38c6yE=\n=w0Nn\n-----END PGP MESSAGE-----",
|
||||
"fp": "0C982F87B7AFBA0F504F90A2629E741947C87928"
|
||||
}
|
||||
],
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.8.1"
|
||||
}
|
||||
}
|
@ -1,10 +0,0 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 HwR33w ctm6hruSuzSBwGGcW9x7qIIFe7z+AGhlO8ICU8cwO3U
|
||||
9fhK5PdJJn7BpM9Vplrpi1Gcofpzafv30z+O2SuEVR0
|
||||
-> ssh-ed25519 RfitmQ fnVZmd42HVD6iBkEzEGn57D4LNMcYfWXeRpnRutjNyY
|
||||
s1+OrASe6ONf9kVgfBiAuoSd8314h4ek6yoz+mL04Cw
|
||||
-> nTx'S6-grease 1Dt%/
|
||||
mr9/gUTNOMrFAQVmUgVVfXpkKk+aXes6CulorL24APwN9dL1GPEOWdP3v1NEFcR1
|
||||
db6L78xilCtNf/jszgpMFYh5ctehauTa
|
||||
--- EkgK0s3mBI1KvlZIWl5iB+p9xu6of0oL3NEVV+Jcjfc
|
||||
+0xE£~¦<>T:ï“ÙÖŸTjÈ~c‡ÎL˜@ãîwDX†D¤–«NJ4sõ׳ªDS€<53>Á«ÑK/¤VìðÑ!–o¤ÿùÙUþœ_x„¶:
|
@ -15,32 +15,45 @@
|
||||
forceSSL = true;
|
||||
root = pkgs.fetchgit {
|
||||
url = "https://git.clerie.de/clerie/clerie.de.git";
|
||||
rev = "6ae72f9c8616fe005474a1244dbdf8efd61a07a0";
|
||||
hash = "sha256-GBAclFkcIzCPi8P+UmATw01uzND3EoUYXiytjVnEjtc=";
|
||||
rev = "785693e6826c6377c3f3200274c281d2ef3317b3";
|
||||
hash = "sha256-cyTHOOm7hpPUD8paKB7Wci3RYAo6Jr/MI/Xqx4iwXwY=";
|
||||
};
|
||||
locations."/ssh" = {
|
||||
extraConfig = ''
|
||||
types {
|
||||
text/plain pub;
|
||||
}
|
||||
'';
|
||||
root = pkgs.clerie-keys;
|
||||
};
|
||||
locations."= /ssh/known_hosts" = {
|
||||
alias = pkgs.writeText "known_hosts" (import ../../lib/ssh-known-hosts.nix);
|
||||
extraConfig = ''
|
||||
types { } default_type "text/plain; charset=utf-8";
|
||||
types { }
|
||||
default_type "text/plain; charset=utf-8";
|
||||
'';
|
||||
};
|
||||
locations."/gpg" = {
|
||||
extraConfig = ''
|
||||
types {
|
||||
text/plain asc;
|
||||
}
|
||||
'';
|
||||
root = pkgs.clerie-keys;
|
||||
};
|
||||
locations."~ ^/.well-known/openpgpkey/hu/[a-z0-9]+/?$" = {
|
||||
root = pkgs.clerie-keys;
|
||||
extraConfig = ''
|
||||
types { } default_type application/octet-stream;
|
||||
types { }
|
||||
default_type application/octet-stream;
|
||||
add_header Access-Control-Allow-Origin * always;
|
||||
try_files /gpg/clerie@clerie.de =404;
|
||||
'';
|
||||
};
|
||||
locations."= /.well-known/openpgpkey/policy" = {
|
||||
extraConfig = ''
|
||||
types { } default_type application/octet-stream;
|
||||
types { }
|
||||
default_type application/octet-stream;
|
||||
add_header Access-Control-Allow-Origin * always;
|
||||
'';
|
||||
return = "200 ''";
|
||||
|
@ -12,7 +12,6 @@
|
||||
./drop.nix
|
||||
./fieldpoc.nix
|
||||
./gitea.nix
|
||||
./hedgedoc.nix
|
||||
./iot-data.nix
|
||||
./ip.nix
|
||||
./legal.nix
|
||||
|
@ -1,42 +0,0 @@
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
services.hedgedoc = {
|
||||
enable = true;
|
||||
settings = {
|
||||
domain = "md.clerie.de";
|
||||
protocolUseSSL = true;
|
||||
db = {
|
||||
dialect = "postgres";
|
||||
host = "/run/postgresql";
|
||||
};
|
||||
port = 3835;
|
||||
host = "::1";
|
||||
|
||||
allowEmailRegister = false;
|
||||
};
|
||||
};
|
||||
|
||||
services.postgresql = {
|
||||
ensureDatabases = [ "hedgedoc" ];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "hedgedoc";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts = {
|
||||
"md.clerie.de" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = {
|
||||
"/" = {
|
||||
proxyPass = "http://[::1]:3835";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -1,7 +1,7 @@
|
||||
{ config, ... }:
|
||||
|
||||
{
|
||||
age.secrets.radicale-htpasswd = {
|
||||
sops.secrets.radicale-htpasswd = {
|
||||
owner = "radicale";
|
||||
group = "radicale";
|
||||
};
|
||||
@ -14,7 +14,7 @@
|
||||
};
|
||||
auth = {
|
||||
type = "htpasswd";
|
||||
htpasswd_filename = config.age.secrets.radicale-htpasswd.path;
|
||||
htpasswd_filename = config.sops.secrets.radicale-htpasswd.path;
|
||||
htpasswd_encryption = "bcrypt";
|
||||
};
|
||||
storage = {
|
||||
|
30
hosts/web-2/secrets.json
Normal file
30
hosts/web-2/secrets.json
Normal file
@ -0,0 +1,30 @@
|
||||
{
|
||||
"clerie-backup-job-main": "ENC[AES256_GCM,data:AoreXT9N9blmaSsIVF+fWuGPVc8Fi1J4uQDrjtY6fzQFCFM9Yk0JQT/+POGiltOUkJSd+Ua1yKAxQ6zoR33WvQ==,iv:He82CVLKZ0dMBpkNzzrnUZhZcuFJXcWDmBKCJhBPrBA=,tag:EDDBVAcceURYV2SL2qEuyQ==,type:str]",
|
||||
"clerie-backup-target-cyan": "ENC[AES256_GCM,data:G6ILFo1w1SVs7b5pIk/JdFvcIXdIaKFL5qKxrchxLedlovltnnRuufxfKivgjWgjTeVV78WNJMRVQVwXIcBhLg==,iv:gUjvjG04ClAxyFqhhj60XTWX6gbJELRRbUT/EbXxa+o=,tag:hsfmuQh0GRCRVm7NUnBInw==,type:str]",
|
||||
"clerie-backup-target-magenta": "ENC[AES256_GCM,data:zsPFXpnTWHL2b9/fZiW1fhpla8hTeZb1+O8oihnwDIAcC4Tgn8PrFDEYK7kuWYcdbIvL5XRJRR48erSACsntFA==,iv:lTlAyVl3ndgca4Mp9lSldXmhlP8ECPvE/CM7Zpzy9ao=,tag:LCNF1loABQpZ8Y5wfpXjkg==,type:str]",
|
||||
"wg-monitoring": "ENC[AES256_GCM,data:AfkytaHshFSyKkMdKVMdYaq3sKUC9dKYs5rKXN4Ouv5kjDGNXC18liEsRuc=,iv:4mMgsovdAJ++Myr+9GuhAaEBuzDBNZbGK6zfzoAEJ0E=,tag:/d0ZXNbpaMFyxyzov23kdQ==,type:str]",
|
||||
"radicale-htpasswd": "ENC[AES256_GCM,data:+FHsq5We/fc8gBNub/GV5Mfs2i0/7Qm9UPDhb3unEhak6XDAvMSUQb4eaX0wn7Yi3y/gFGmapd0eYilTjfoJnI9gVnvi,iv:lEV8kQh9RBL/xKcCLIRzUR6ADq4zoah1c8Z67Qrs3dQ=,tag:cw6jKYbZUXBD3Zio5CH+Hw==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1nn8dwl2avshdhwn66w92jvlvz2ugl5fdxc8dxz6lpru72hlq44uq5a88az",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlU2tEMHIvRUFxa24wMVcy\nb2lheGR2ekl6S0wzWUd5cTMwTC9HdFN1eVc0CkRjRHdJVUw3ZCtZSTlUOHZCV2J6\nYkxqdnNmU05LTTNmNFZiTzBxZVdkOTgKLS0tIEZUZ0svL2NhcTZPdFZrYUhwQ05Q\nWnZXRWIvRXBOMWNDTzQ4RDNKa3IwSUkKj+vI9dEEUQYN9uT6H1FdexComfbe+iA9\nVzLF970ASzptGiNYtdN9GYdXY7JGHoOfmYy3fpjZGN3p2KqiYyi3UA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-05-10T13:32:34Z",
|
||||
"mac": "ENC[AES256_GCM,data:lxfYT2TEO9KFx0x6DPRQ2mRy5Ft6syyyO1yV9my6GwvDxd1e7odXGRcFo3N1AFod8Y6z4+XaxqZ/GoqSp94Pk8aF4eEhyAFun/UUr8KhKGsnq6xnQA4p37oYccvTY4eohS5YHBr/+AMutddmQ7qiYtQhVViXAr6+dmOsV1Tfu+A=,iv:bC+z9SP2W048bR3aWIcPgRlfLB5n5ccst6OvH0NjYBk=,tag:qhoXUAl0nG4LYy6yXQP2/g==,type:str]",
|
||||
"pgp": [
|
||||
{
|
||||
"created_at": "2024-05-10T13:29:58Z",
|
||||
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPAQ/9EWbkWn0T2rknNHaAwSKis43wQe9ItWzi1KNaGtE2yJt6\nvFWN43+Uop58NQqRsQiBD+wXrrkZCceIsiwT11FiOr1xwxm+j5Dt9ItfYG4SLPQy\ndRCgABRHXkJTlizFLBqhNH+m28rVeP2rjv/VISnX9dsaN3wBe1SQdCWahirbdoUZ\n3pQAJKDqptEp8MwW9OYhQf0A+etUKGyY1UZBdizgGI+FQH3NASDq/TbfzytE2h7f\nk4ptT0Wn3CqIeqSRwQ89x2ma/pmN/7sHvC0wmmyCuL8m59EGwX4pMu5jk249n8S9\nfi0PFsaPa150wCcsF3G9K9RpxzKJOQ5ysWbKKzKTvc9KIzeGzC4BjEwaSu1mtqmb\n7JVjbwXPUD1QbbB8Vymd0LUcUg20rMHqExMvOJfYwVb+eUMUdYJQHNpmOpRAlgkr\n8cd5bPWmFiWyCZ6DaEUA+cdtLHkrz1nWkrlG2n3K+7aSCVRZayheraIP53uMG9Ng\n3Co1mTrHy6bLAT+keRWseOEkCnAFGns+Il6v4dign4Q7hQ9Ovp2d3kMj4uWOHrd7\nyWUKIUT2ejTF3iM6UoNF8POvtgMD0ZmwMI0wZlc1FE6pkSAVC/1lEUqE4eT+l/Mv\nLCDF5ktd7MBdsMzdEbsVV55D9/vRb4AP8cccof5/akeZbbj9A5spWcBzApLv5MuF\nAgwDvZ9WSAhwutIBD/4o7j58zECSLtSHa3E8hDt1zy4u5Bbddtldzk6ItW78nJWK\nPHU0+IoTWAybSkqD8NBVMyo4ijHs5ipmvmeJ+DIdpR7219VFfBAr36suP0F0f2dg\nVQOsbZdeDar1sqacmcHcdqaBgkVW+M8A216moCld582Yy8JvGVvRSW647mBnhgW9\npkcuT+zKQJUwczXSUw/y23w+9qiuby3CmiJuAWFMVRT4E36cl9xAaezafDfp8doC\nZ4AcATAvZtLIOHKg3XjYzJyzuN0pyocTZu4x4PiJsHLtx34WOivwU3i0Iu9J/2VE\nDvXsWRql/P/r5O5U7np4cDGHR/siaJvHx9nbZOottisETAWGI+V/QnVTqzUEcK8C\nu4PGrgaPyFHtW/rDAcINU/tmLB78FM+BgNXJNxBDeJgoRQ9VB0nHlDT4pOZ5Bdo6\nkmxi/bCWpasThNE0EEQRMhNr1zXMwxaD5/enm4wIY6oXDmIxAf5Cj+rHPrCSiBpV\npge6xBhXGQSZMJT+QAQPwAu3l0g52DKIb8zJaLMCRnpra48W7dFRpIRb8LV3G4PQ\n7xxiSTO0NE1GbYMmqC/LU7RgRRqt2P0y5VaHqHSFwjdJpHk/zdoZ2QCh36Wtc3nw\nvTP7crZVZj0oYKenMBIIYOR74GY0L92Owxd1yNi+YdKtnFzXzvPtqrldx/Ps7IUC\nDAM1GWv08EiACgEP/1Red5Qltvhdb7UN06EYmZtbqf/ERExu8Zom4C1887HHOz/d\nkq/uOfXo4PHfEI/8mkcV5FDZ0kI1sGYXv9czLiImAwwPRD2klo4irfvBSWZglRE2\nO5sa2xPkeiXyaWkOeV48fm7c1TxUSzA5olFZad4z+3LzkEv2qyVJJZ6MW3We1wu6\nYXyGesF1oJQZb4GxQr6feknlG9WP35spMk/9s3zR6ZQCdgm1VZx50vfzpgbvVo8D\nySnVCWUqG6/3PTToMxm+LndE5ejbFOvubh7ppgsceOZyDsPNGPA3tVwJDZU/T2DC\n0D9M3F0DHUe1aNzQAA+CUgRiC1F95IgHtXUcCfF4aDtDmvHOMjDwKlxpeE00Qthp\nxms00wT+I0Wt0ieTErmHJHmpkGtGdr3aQXi4LFS6EZhleWdZkJXko/UBIsxfLKji\naEdz3sooHTVBUxQ6qmieVwZQBS5dFbqxoRId/y71QjW6whVi7JpAzUZ9J9Av503b\nxYrJrrfiUM/qmH7/EcBaYWZUDwzh6E71G/luyiGrJYlXV7mp7I2yw1EDYpDCz084\ngUQTdKtav6YNUFE8IWvK5mmXCnnWTmiOhxmomGcJC8s9CXoBYaC7ItxqkeeLcMaD\nYl2RcCSsynJpicJx5oDKr/J1EX92e9RzGYrgdmvVhlSGDBqpXL2+6n0wm1qG1GYB\nCQIQf4J+4HW3sHrDVXEDvuxA4sebLViuSm9+YkwCEIp5TvqVH9O3y1TMS0/MK15N\n6KomgzU9q8N7MsR07NoOMWYGF99RB/4/7lIIlN79g6jwqPuXbqZPFMf51woXb8Mo\nUn5pu94=\n=binq\n-----END PGP MESSAGE-----",
|
||||
"fp": "0C982F87B7AFBA0F504F90A2629E741947C87928"
|
||||
}
|
||||
],
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.8.1"
|
||||
}
|
||||
}
|
Binary file not shown.
Binary file not shown.
@ -1,10 +0,0 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 HwR33w xLbOv/c4pjyh513O2LPkoKcprKZbM+217yy1a8Z7AFo
|
||||
83NxTqotYXOM+w+gCR3zHdar9kNabgar0/eJBewO3DY
|
||||
-> ssh-ed25519 1nn+0Q Oc01U+rgGAizyKzhgvmqThlXAEMuhlRAqsQL+/ozQFs
|
||||
xHxOl3ESipcMZdnulTxC7W628patS2eO6681oNZa/6g
|
||||
-> e[x'-grease 6N W+gfF\l \ x}~
|
||||
yqY9BH/fmjHn2QizHe1/DRDfTJmSAVPuJlIOmeuXWfhhfiauy6ia/DjbgVjcyqha
|
||||
XarEaYsvkI4JqKODHRRaiJ1i3TOs2Cdk
|
||||
--- 5wtIT/mhGMy8kQHbzO1h9Wj7OgX1ax8bk6k05tfLhsQ
|
||||
Ó0«IÔ°ûê§È¬„5™H¦“½¨à,oq´eHÏ}ÅùíºÌÑr2Š,íðЪ\î4ÑU²#<23>]¬Z"+jóÄÛìÄy&W½æO~(ϨµÓ©g Î~°Aš?
|
@ -1,11 +0,0 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 HwR33w +w13fgMLBeHKig0VX67/mlhQb0EPSJAFTu//velYNRY
|
||||
irMedsePNfFFOYhKksrqLcLdNdYHMxFy4iTPneIOtWU
|
||||
-> ssh-ed25519 1nn+0Q KpFGP/y4zZ8E8Jut8Gpea1DLH6rXGKODLE3IPTbzOUo
|
||||
p28M4shr97sqqTBAxB1fQRNCj2E+xio3TboKZ/6smb8
|
||||
-> rXRB4)-grease
|
||||
t3CdM1EbN2yfSeKURCJRMTZ4w9FtXu6+Y8PWxo2RTV0fyv6XJdrq1jn1n4IflQLP
|
||||
CV3H9FlQp4Lg/bdqVZDqDoMJ6dprVWK4rACnF6/tRRkZR4Ndfk4JRRWtWBOfR/ax
|
||||
GWNb
|
||||
--- yNRoOEai4ypvo0uGZYI1q/qwzS4wIZFXQEGYcW+H/wc
|
||||
Ñî ³Z¼ÿ<C2BC>·îe0±<30>ä_îÀD@äΕÃ>¸[ñKOQBuP÷9TGgŽ×(€9´pœŒZ@1†&RZÁOŸªC›p$kr¿ô®¤èò‘’lg!\‹«„—èÑÄ=W׃×(ìVq
|
@ -1,9 +0,0 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 HwR33w ZWn7K/SI1OWS0FslI6Vz+KooVyWXuww4dNa5y0O1+Xo
|
||||
P723ghoGExFpcMYjdvcZrvT1eOG/pmccI3IO0/UnaAw
|
||||
-> ssh-ed25519 1nn+0Q IL+SAfWJvd1KPV1z1kAyoLu3o/t6qdCx4cHjplqkaAo
|
||||
5io07rjFwtbvmgvA2sYn0VsjdtHi0AA1JRwhH5yijpI
|
||||
-> m2cEFebO-grease )(5.!z\
|
||||
|
||||
--- 4ILHmhv4fz6NZaWVYAKmFGY4ojpt4WQu3ulxz0R5FCA
|
||||
(Ôµ²nl‘Îï*Uæèü<C3A8>j„ˮß:—U51rÚ Ð‡<C382>AÓí <20>Þ´cÕþøµC‹ÑNÞÞ|œæ_X.sœ[K&ÉË
|
26
hosts/zinc/secrets.json
Normal file
26
hosts/zinc/secrets.json
Normal file
@ -0,0 +1,26 @@
|
||||
{
|
||||
"wg-clerie": "ENC[AES256_GCM,data:ur9cCDLDzLinS3kDNjBjdB9LOqWqGeHsUsJyqEP0wCHcTAd2FkzAMNm7RpE=,iv:EsldkKZ+u7zE4Dw5CApoN61nqcCsuxt2tH4hJ844iuQ=,tag:EFJsNvOaM0nSS5WVoEMXpg==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1kujyx47uakll5pnwwknll474wz9euswcxwhmkfq44r8jr9a9u3cqu62dlq",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpU1UveW93VFdyKzkvKzVt\nWnZzTEl4M0NRSExydktBSnN5R05IaXdQRXpRCkM5Wm5uT08vNDl0WDdWa1loZnZQ\nVGk2alJqZGs4Wkt5eFh2bzlQRHFmSW8KLS0tIEtVOXE1QnNkdUYwZjYrY2NuMzhs\nMG9DdjR2T05ERnhFWWgyR2FCQmhDSzgKvhFmOk89P5SXSNr3A98XMT4658ek+0Z1\nfZBQGNHrepztC2X4bzxUd5sDbZYRJEljahbdvx8jiP5Kg2O6sskL5Q==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-05-10T12:43:13Z",
|
||||
"mac": "ENC[AES256_GCM,data:7r5LBkFsB+KFFe5ULPNSOEoC8qGtN5/EhMRyOOGhTdTVdkUxdiLjSyfw1j8Aw5K+YTyYNdA0g0Wrl9VGgttYE39RinEpnCkk4xXaNM6QidADxoa4CJ3Wh9t3zngbu89CqrT4h3GBOLrMP5XIuabDzq2Jb03NOmIacbgEgl4+lgg=,iv:uvz9nyYZ0zhJnjVc+HOsaFqFkeftpX+7l5CvKCrWKB0=,tag:/eP1uLjFofjI+Av/LiOstQ==,type:str]",
|
||||
"pgp": [
|
||||
{
|
||||
"created_at": "2024-05-10T12:43:01Z",
|
||||
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPAQ/+JY4laX1ouqePr/W36zHFOWyJOxj1Xc6mDqzijxbuOr/O\nEbF0WQCb2PiZLZ+rFJdOC/d9znS7Yb+LnSFk4bagYtb8WU6L+3mBQIdBmu60sjqe\nY36QgYiUJ8Gn0n+ZgfEWmBlJJHOF3jl7x94U4SjyOQRijhz6GRP9YuSuepXjd0i4\ngSbusLNslmO1O9hpjxzP4DuZBwpVlg6w2KFdjv0hcboYexp16Mhto+jnR1VavSLG\n4pWNPSpGiRbeDMP/0TKCk73G+Foc1qj3XEEN5ZMGGNv+q/rYtmzqkhn7+45dLZB4\n6/tykjbtemD5MRY57qzxE+S0HjDy/qGx9wJ+QXkKe/N0yiDsTlWv9/0EzTRnKpf1\nKIB5G2LIRLYoH+VnRUmWF6mMS4TVcIBZBuvUJWO46WcXFM624aL0+n+UPCkGxnAB\nKc6+YCCrR/9CQYVodz1BG1aILJj3iu+j2ce1Wz7NSu8vr98h1etcWclH6AksgNcj\nzQgtblO6LJB8Nb4FcNwx0+dEqxXyl2Wx7/d1DA3gcXclXEQOXnXDQGhUrR8/6Y9U\n///PgU1BLeTQh/1uAVe6cJBxj1uH2XF+8wjwBRUChSozcj9lSFIRd4uyBoEkbM/a\nQPWgD4WT0YaOlA4Df/x+iaslKoPTU3TQZjbfPSYmqOZaA/uux8Thmvnzub6QC+6F\nAgwDvZ9WSAhwutIBD/9bUeDrADkWVzrU2DAI3drGKPwxCPd59n46HsXchPqdUYTS\nKdYsIpGfV9W+ns6CpCVriwaSXRsuZQnBJA/t9B7nHwlFKlDsTAJ0ERni5lJMY7fz\nP5h+0q29Nh0Yys/FNFK/Q8WdSXwDo+19zYi/nBGve01ezThKNrXBQRov45D8rHHw\nOu8Df/G2q2TfXVBOLT3K12i2nyUov9ggIqNNpAsurOO5sL8sx84ff9vCoa896LjO\nQKFWZUh7xLRzC7NBbuYyEiaL8z/mU2XPt5pooOdUGDKlkwuCxeHOFiAf6MZobSHf\nDUeKAXhD3/RDf7NWQaAti0a99oCjm5sz1ldkjVg6j4Hi7nsrVitTBI7LN+mW4ESz\nM4VXIhIlbVRzci/efpPXFA0j35E3tPtVJUEhJBZGXb/kUlu/z9qE78ykGM9Fhc6k\n8A7Bu3xhCGSRpoEOa3LROFHP+OM4zAx6MrDVKE2IV3rp3T65v3X99aCkptEbTe+7\nOr3PdZ1xKXG1TM95iowmHRGDRGI8GEYiD5+cEYoNnC6QJGaEni7RIbNzsz+2ywyF\nmsR27oPpPmBJxTR1w87mSrvc9mv/q3oqLqch8Fhvn7olYpQIR9TunvXtMfhSZbQT\nIACDuWt2KIw2uKUZsKlrbU7j/myQ3/+6wRWzkA+pmDCEgq4dZQ5cXnj5uOHTLoUC\nDAM1GWv08EiACgEP/iLSnmPQRmFkiL0zjZ5tGmRFp1rhspv2gqGSHyaG6loYRu3P\nya/8CU+4JpANhshJMtVxMamMkYoiFAXNQB8sGHC9LoL71Hcu5L1/7cZbu8TX/5kw\nf53n3V8KmoGldLp7bIov7d3H7jaBPe9NeO5T77jTjmLVtC9lgBuF5fH9/211Db+/\nh2TJnzZNNA5HNdOHfyzy0y09/NVp43W8aKqxzz4wKBC1M2/ZUWSNh1o67xr9Y8hz\nYJ1E4Xj/g+0WEraaZZOH8OcvVapYqU/zTxR2aLy+VT/CD5iUOJmb8s38kPkbHoo6\nVR01XTxC9li97UG/16AMbtB66+ADh04MItQ5GEfPkf7tRHEyIEoo9ww0yRjTOK5O\nte7F+wPJagISmxe7NiI64NAaSZDPwmyBA843g0PjWxJBOuQiV3qYxXB7myGSd64P\nUatSQf9QO6viZ+6FZu1C8D/FGPuCw7OMSiKY/qB4EV99A85nYuHN0LGG/MUMOYRi\ng4bbbqFnjj/Y/E48XrADsSVbh5/0RPdEIiuF4DVfa66Pru6SaA3Mynp6zSmwqLWA\n34cKFnQ6v8tjW3SKeXdAdfOYbeJ3DG/41hE2nAG0LRd4VUdeITvc6li7h8L4rPXM\nQpeCdSfLTKIzJ4VS3esOIgPAxxJPjzPP0zvbsjnuve+IgoGRocKhbpAhoesg1GgB\nCQIQupq2OyF0/r1n968M6FpEN1f6yJceIUSGKXUjxL4jVS5T5SPbRw/cbCvMv9xg\n61/VNHirgTre7CEo2zmJPRIY8g82PA+JkLyRFRwEKsAngYsYdZtMH5CVoXfu73U3\nbT/SWbcB4Q==\n=uw6j\n-----END PGP MESSAGE-----",
|
||||
"fp": "0C982F87B7AFBA0F504F90A2629E741947C87928"
|
||||
}
|
||||
],
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.8.1"
|
||||
}
|
||||
}
|
@ -1,10 +0,0 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 HwR33w RJr/aWAuz9pHJyeiT4VGl24oBL3PW/h2yhMlNKdeH3k
|
||||
KsHqO3xKdVMgtgXFYFKD7sapwaQBDX70yUMwFqVSsc4
|
||||
-> ssh-ed25519 h49YJA woMEtKliLp92iPq8OFK2okbFbZbqtsH2LIRYyBQEs1U
|
||||
BJRYOXn4Yg5IzJxOukdzvlrZadralTdJg7FKcz4yV9c
|
||||
-> 5R?-grease @H*!dd.z qES\G 7JLNzC
|
||||
AzZ7dZCu+BRUNqJ7Qikw8fbSxSlP7IOm1/9DmYNm6KJIQbNLqrdCfMI8i5G7hbEG
|
||||
pGVLYCrnZudEPKmEI7WtgGsQ
|
||||
--- DEhkE0BvIaahPO/+T8NzqSCNg2hmbdCwTSF2faMECgk
|
||||
«ŒÈ߃ïCиáùÝgu«1à"ïZc1æ
À53)Ëb‡¦f]QDFk:‹óc;ÈiQw<02>nðqTÁbmÓbšcÜHo¸oÚ
|
@ -1,4 +1,4 @@
|
||||
{ self, nixpkgs, agenix, bij, chaosevents, fernglas, fieldpoc, nixos-exporter, solid-xmpp-alarm, sops-nix, ... }@inputs:
|
||||
{ self, nixpkgs, bij, chaosevents, fernglas, fieldpoc, nixos-exporter, solid-xmpp-alarm, sops-nix, ... }@inputs:
|
||||
|
||||
rec {
|
||||
generateNixosSystem = {
|
||||
@ -28,8 +28,6 @@ rec {
|
||||
nixpkgs.overlays = [
|
||||
self.overlays.clerie
|
||||
(_: _: {
|
||||
inherit (agenix.packages."x86_64-linux")
|
||||
agenix;
|
||||
inherit (bij.packages."${system}")
|
||||
bij;
|
||||
inherit (chaosevents.packages."x86_64-linux")
|
||||
@ -38,21 +36,12 @@ rec {
|
||||
];
|
||||
clerie.monitoring = nixpkgs.lib.attrsets.optionalAttrs (group != null) { serviceLevel = group; };
|
||||
})
|
||||
agenix.nixosModules.default
|
||||
fernglas.nixosModules.default
|
||||
fieldpoc.nixosModules.default
|
||||
nixos-exporter.nixosModules.default
|
||||
solid-xmpp-alarm.nixosModules.solid-xmpp-alarm
|
||||
sops-nix.nixosModules.sops
|
||||
(../hosts + "/${name}/configuration.nix")
|
||||
# Automatically load secrets from the hosts secrets directory
|
||||
({ lib, ... }: let
|
||||
secretsPath = ../hosts + "/${name}/secrets";
|
||||
in {
|
||||
age.secrets = lib.mapAttrs' (filename: _: lib.nameValuePair (lib.removeSuffix ".age" filename) {
|
||||
file = secretsPath + "/${filename}";
|
||||
}) (lib.filterAttrs (name: type: (type == "regular") && (lib.hasSuffix ".age" name) ) (if builtins.pathExists secretsPath then builtins.readDir secretsPath else {}));
|
||||
})
|
||||
# Automatically load secrets from sops file for host
|
||||
({ config, lib, ... }: {
|
||||
sops.defaultSopsFile = ../hosts + "/${name}/secrets.json";
|
||||
|
@ -23,12 +23,10 @@ let
|
||||
|
||||
backupServiceUnits = listToAttrs (map ({jobName, jobOptions, targetName, targetOptions}: let
|
||||
jobPasswordFile = if jobOptions.passwordFile != null then jobOptions.passwordFile else
|
||||
if builtins.elem "clerie-backup-job-${jobName}" (attrNames config.sops.secrets) then config.sops.secrets."clerie-backup-job-${jobName}".path else
|
||||
config.age.secrets."clerie-backup-job-${jobName}".path;
|
||||
config.sops.secrets."clerie-backup-job-${jobName}".path;
|
||||
repoPath = if jobOptions.repoPath == null then "/${config.networking.hostName}/${jobName}" else jobOptions.repoPath;
|
||||
targetPasswordFile = if targetOptions.passwordFile != null then targetOptions.passwordFile else
|
||||
if builtins.elem "clerie-backup-target-${targetName}" (attrNames config.sops.secrets) then config.sops.secrets."clerie-backup-target-${targetName}".path else
|
||||
config.age.secrets."clerie-backup-target-${targetName}".path;
|
||||
config.sops.secrets."clerie-backup-target-${targetName}".path;
|
||||
targetUsername = if targetOptions.username == null then config.networking.hostName else targetOptions.username;
|
||||
in
|
||||
nameValuePair "clerie-backup-${jobName}-${targetName}" {
|
||||
@ -73,12 +71,10 @@ let
|
||||
|
||||
backupCommands = map ({jobName, jobOptions, targetName, targetOptions}: let
|
||||
jobPasswordFile = if jobOptions.passwordFile != null then jobOptions.passwordFile else
|
||||
if builtins.elem "clerie-backup-job-${jobName}" (attrNames config.sops.secrets) then config.sops.secrets."clerie-backup-job-${jobName}".path else
|
||||
config.age.secrets."clerie-backup-job-${jobName}".path;
|
||||
config.sops.secrets."clerie-backup-job-${jobName}".path;
|
||||
repoPath = if jobOptions.repoPath == null then "/${config.networking.hostName}/${jobName}" else jobOptions.repoPath;
|
||||
targetPasswordFile = if targetOptions.passwordFile != null then targetOptions.passwordFile else
|
||||
if builtins.elem "clerie-backup-target-${targetName}" (attrNames config.sops.secrets) then config.sops.secrets."clerie-backup-target-${targetName}".path else
|
||||
config.age.secrets."clerie-backup-target-${targetName}".path;
|
||||
config.sops.secrets."clerie-backup-target-${targetName}".path;
|
||||
targetUsername = if targetOptions.username == null then config.networking.hostName else targetOptions.username;
|
||||
in pkgs.writeShellApplication {
|
||||
name = "clerie-backup-${jobName}-${targetName}";
|
||||
|
@ -55,8 +55,7 @@ in
|
||||
}
|
||||
];
|
||||
privateKeyFile = if cfg.privateKeyFile != null then cfg.privateKeyFile else
|
||||
if builtins.elem "wg-monitoring" (attrNames config.sops.secrets) then config.sops.secrets.wg-monitoring.path else
|
||||
config.age.secrets.wg-monitoring.path;
|
||||
config.sops.secrets.wg-monitoring.path;
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -66,8 +66,7 @@ in
|
||||
networking.wireguard.interfaces = {
|
||||
wg-clerie = {
|
||||
privateKeyFile = if cfg.privateKeyFile != null then cfg.privateKeyFile else
|
||||
if builtins.elem "wg-clerie" (attrNames config.sops.secrets) then config.sops.secrets.wg-clerie.path else
|
||||
config.age.secrets.wg-clerie.path;
|
||||
config.sops.secrets.wg-clerie.path;
|
||||
ips = cfg.ipv6s ++ cfg.ipv4s;
|
||||
table = "wg-clerie";
|
||||
peers = [
|
||||
|
@ -98,7 +98,7 @@ in
|
||||
'';
|
||||
|
||||
boot.initrd.secrets = {
|
||||
"/var/src/secrets/wireguard/wg-initrd" = if cfg.privateKeyFile == null then config.age.secrets.wg-clerie.path else cfg.privateKeyFile;
|
||||
"/var/src/secrets/wireguard/wg-initrd" = cfg.privateKeyFile;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -1,11 +0,0 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
pkgs.writeShellApplication {
|
||||
name = "nixfiles-add-secret";
|
||||
text = builtins.readFile ./nixfiles-add-secret.sh;
|
||||
runtimeInputs = with pkgs; [
|
||||
agenix
|
||||
git
|
||||
];
|
||||
}
|
||||
|
@ -1,15 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
cd "$(git rev-parse --show-toplevel)"
|
||||
|
||||
host="$1"
|
||||
secret="$2"
|
||||
|
||||
mkdir -p "hosts/${host}/secrets"
|
||||
|
||||
agenix -e "hosts/${host}/secrets/new"
|
||||
|
||||
mv "hosts/${host}/secrets/new" "hosts/${host}/secrets/${secret}.age"
|
||||
|
@ -9,9 +9,7 @@ final: prev: {
|
||||
chromium-incognito = final.callPackage ./chromium-incognito {};
|
||||
iot-data = final.python3.pkgs.callPackage ./iot-data {};
|
||||
nix-remove-result-links = final.callPackage ./nix-remove-result-links {};
|
||||
nixfiles-add-secret = final.callPackage ./nixfiles/nixfiles-add-secret.nix {};
|
||||
nixfiles-auto-install = final.callPackage ./nixfiles/nixfiles-auto-install.nix {};
|
||||
nixfiles-generate-backup-secrets = final.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {};
|
||||
nixfiles-generate-config = final.callPackage ./nixfiles/nixfiles-generate-config.nix {};
|
||||
nixfiles-update-ssh-host-keys = final.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {};
|
||||
print-afra = final.callPackage ./print-afra {};
|
||||
|
96
secrets.nix
96
secrets.nix
@ -1,96 +0,0 @@
|
||||
/*
|
||||
Because I'm way too lazy I'm automatically generating the secret files config.
|
||||
Secrets can be found below
|
||||
hosts/${hostname}/secrets/*.age
|
||||
|
||||
Pubkeys can be found for the specific host below
|
||||
hosts/${hostname}/ssh.pub
|
||||
The users have their keys below
|
||||
users/${username}/ssh.pub
|
||||
|
||||
Secrets get encrypted for the host they are in and the users specified.
|
||||
|
||||
Every host with a secrets directory has an entry for a secret called "new".
|
||||
This exist to overcome the chicken and egg problem.
|
||||
Create a secret with them name new in the specific secrets directory and rename it afterwards with the suffix .age.
|
||||
*/
|
||||
|
||||
let
|
||||
/*
|
||||
Returns an attrset for a given directory,
|
||||
having the name of a subdirectory as its attribute names
|
||||
and the contents of the containing ssh.pub file as their value
|
||||
|
||||
{
|
||||
clerie = "ssh-ed25519 AAAA...";
|
||||
}
|
||||
*/
|
||||
pubkeysFor = directory: let
|
||||
instances = builtins.attrNames (builtins.readDir directory);
|
||||
instancesWithPubkey = builtins.filter (i: builtins.pathExists (directory + "/${i}/ssh.pub")) instances;
|
||||
in
|
||||
builtins.listToAttrs (map (i: { name = i; value = builtins.readFile (directory + "/${i}/ssh.pub"); }) instancesWithPubkey);
|
||||
|
||||
users = pubkeysFor ./users;
|
||||
hosts = pubkeysFor ./hosts;
|
||||
|
||||
/*
|
||||
Returns secret configuration for a given hostname
|
||||
*/
|
||||
secretsForHost = hostname: let
|
||||
/*
|
||||
Returns a list of all file names in the secrets directory of the specified host
|
||||
*/
|
||||
secretsFiles = builtins.attrNames (builtins.readDir (./hosts + "/${hostname}/secrets"));
|
||||
|
||||
/*
|
||||
Returns all file names that end with .age
|
||||
*/
|
||||
listOfSecrets = builtins.filter (i:
|
||||
# Make sure the file name is longer than the file extension
|
||||
(builtins.stringLength i) > 4
|
||||
# Take the last four letters of the file name and check if it is .age
|
||||
&& builtins.substring ((builtins.stringLength i) - 4) (builtins.stringLength i) i == ".age"
|
||||
) secretsFiles;
|
||||
|
||||
in
|
||||
if
|
||||
# Make sure the host has a secrets directory
|
||||
builtins.pathExists (./hosts + "/${hostname}/secrets")
|
||||
# Make sure the host has a public ssh key provided
|
||||
&& builtins.pathExists (./hosts + "/${hostname}/ssh.pub")
|
||||
then
|
||||
/*
|
||||
This map specifies all public keys for which a given secret file should be encrypted
|
||||
It returns a list of name value pairs
|
||||
The name is the path to the secret file
|
||||
The value is an attribute set containing a list of public keys as a string
|
||||
*/
|
||||
map
|
||||
(secret: {
|
||||
name = "hosts/${hostname}/secrets/${secret}";
|
||||
value = {
|
||||
publicKeys = [
|
||||
# Hardcode clerie's public key here
|
||||
users.clerie
|
||||
# No other user should have access to any secrets
|
||||
|
||||
# A host should only have access to their own secrets
|
||||
hosts."${hostname}"
|
||||
];
|
||||
};
|
||||
})
|
||||
# All file names of already existing secrets plus the magic "new" secret
|
||||
(listOfSecrets ++ [ "new" ])
|
||||
else
|
||||
# Answer with an empty list, if no secrets are provided for a host
|
||||
[];
|
||||
in
|
||||
# We just have a list of name value pairs that need to get transformed into an attribute set
|
||||
builtins.listToAttrs (
|
||||
builtins.concatMap
|
||||
# Provide a list of secrets for a given hostname
|
||||
(hostname: secretsForHost hostname)
|
||||
# Names of all hosts
|
||||
(builtins.attrNames (builtins.readDir ./hosts))
|
||||
)
|
1
users/clerie/clerie_id-2023.pub
Normal file
1
users/clerie/clerie_id-2023.pub
Normal file
@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIzEQEWeunhkzP+invKjdsZe4rbUloixa374bYEhBSA5 clerie_id
|
@ -1 +0,0 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC17V4z147CtKGMvnAEC8BATO2Dttut9T8q0eIxGwmCVO96s/E2ZbxQSjqp9FOuAhD7xJH4kUf4uwlM8yU6sFnWPLbawFxlbyLChTurv2GV5polkqP7awHU7WP2DpO8vhPYcoo5w2GI/q/IfL1+6KHqAuqenQw6H/fERllMkYnqyLcJqfoyfFXD6r/TJfhpB5ryoIeX45sakZvjtrIYpGjjHMjlHu8RG8zuad6UHTg7NqLnYCk2aGcvvA8H1OP/vfuAElhwwVEekKD2VvDcARmXyRyzKl7qCoqXZLRHrlDH+oqKzQLctTjDmGJtETW2Oca3NM6fp6xuuI8NHQhNq1SghoIQDu4LcdHQtclc5a8oOV3C6O6fpgTZI99gp6OcvRGuyAO43uKOg/BmegRDs7AapVsm1+um5hwLdI5wFzMvhpWJw7j7D9hfIS9K8VmLULKy6q+G4fg4s9QklxOg5ExgxUnWnANsgXvct6k8dr0IkZtcVzLGc86XPP0Qd5Rgtcb6JYITSezssL7Gn+rLnNhvKQZVoeOCJ4vyB9OFwcv0ESs9Cx8tg2ZDZpYSkVMoIhoi3LUCinozineRypy3+ItrMRm+PD8wEPZGlwcAaFhDSAML+xpKSCt0c1EqLsF8CtadbXuyNn3DsNaOzWWQha+47HiVl8QipSfF751hVtTH9Q== openpgp:0xDEC2998F
|
@ -11,8 +11,6 @@
|
||||
];
|
||||
openssh.authorizedKeys.keys = [
|
||||
(builtins.readFile ./ssh.pub)
|
||||
(builtins.readFile ./clerie_id-2024.pub)
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnUBblmmVoMMBftn4EnwnzqR12m9zill51LpO124hHb10K2rqxNoq8tYSc2pMkV/3briZovffpe5SzB+m2MnXbtOBstIEXkrPZQ78vaZ/nLh7+eWg30lCmMPwjf2wIjlTXkcbxbsi7FbPW7FsolGkU/0mqGhqK1Xft/g7SnCXIoGPSSrHMXEv5dPPofCa1Z0Un+98wQTVfOSKek6TnIsfLbG01UFQVkN7afE4dqSmMiWwEm2PK9l+OiBA2/QzDpbtu9wsfTol4c192vFEWR9crB2YZ1JlMbjVWHjYmB7NFsS0A6lUOikss0Y+LUWS2/QuM/kqybSo4rasZMAIazM6D clerie"
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -1 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIzEQEWeunhkzP+invKjdsZe4rbUloixa374bYEhBSA5 clerie_id
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC17V4z147CtKGMvnAEC8BATO2Dttut9T8q0eIxGwmCVO96s/E2ZbxQSjqp9FOuAhD7xJH4kUf4uwlM8yU6sFnWPLbawFxlbyLChTurv2GV5polkqP7awHU7WP2DpO8vhPYcoo5w2GI/q/IfL1+6KHqAuqenQw6H/fERllMkYnqyLcJqfoyfFXD6r/TJfhpB5ryoIeX45sakZvjtrIYpGjjHMjlHu8RG8zuad6UHTg7NqLnYCk2aGcvvA8H1OP/vfuAElhwwVEekKD2VvDcARmXyRyzKl7qCoqXZLRHrlDH+oqKzQLctTjDmGJtETW2Oca3NM6fp6xuuI8NHQhNq1SghoIQDu4LcdHQtclc5a8oOV3C6O6fpgTZI99gp6OcvRGuyAO43uKOg/BmegRDs7AapVsm1+um5hwLdI5wFzMvhpWJw7j7D9hfIS9K8VmLULKy6q+G4fg4s9QklxOg5ExgxUnWnANsgXvct6k8dr0IkZtcVzLGc86XPP0Qd5Rgtcb6JYITSezssL7Gn+rLnNhvKQZVoeOCJ4vyB9OFwcv0ESs9Cx8tg2ZDZpYSkVMoIhoi3LUCinozineRypy3+ItrMRm+PD8wEPZGlwcAaFhDSAML+xpKSCt0c1EqLsF8CtadbXuyNn3DsNaOzWWQha+47HiVl8QipSfF751hVtTH9Q== openpgp:0xDEC2998F
|
||||
|
Loading…
Reference in New Issue
Block a user