diff --git a/hosts/default.nix b/hosts/default.nix index e1881a43..af64b843 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -33,6 +33,7 @@ self.nixosModules.promtail self.nixosModules.searx self.nixosModules.tmate + self.nixosModules.tt-rss self.nixosModules.obs-portal self.nixosModules.matrix self.nixosModules.matrix-irc diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 433bbcbb..2ab0efb3 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -74,6 +74,11 @@ in "obs-portal-env.age".publicKeys = nachtigallKeys ++ adminKeys; "obs-portal-database-env.age".publicKeys = nachtigallKeys ++ adminKeys; + "tt-rss-feed-crypt-key.age".publicKeys = flora6Keys ++ adminKeys; + "tt-rss-keycloak-client-secret.age".publicKeys = flora6Keys ++ adminKeys; + "tt-rss-smtp-password.age".publicKeys = flora6Keys ++ adminKeys; + "tt-rss-database-password.age".publicKeys = flora6Keys ++ adminKeys; + # mail "mail/hensoko.age".publicKeys = metronomKeys ++ adminKeys; "mail/teutat3s.age".publicKeys = metronomKeys ++ adminKeys; diff --git a/secrets/tt-rss-database-password.age b/secrets/tt-rss-database-password.age new file mode 100644 index 00000000..1e2fb9e7 --- /dev/null +++ b/secrets/tt-rss-database-password.age @@ -0,0 +1,43 @@ +age-encryption.org/v1 +-> ssh-ed25519 Y0ZZaw +borJOE6vmkj+tFUuJi9rbiCTvrqylnCHaixOxH/djY +qtrSzU1xUdCMf4JygibfgcNKkp64QmAbjVOql07+V2A +-> ssh-ed25519 uYcDNw Bhq6J61s0NeYVN7ERjRQLH+0UyURG947lVhBKaCbijw +0uovPKjWtoDu06k5OTbuzb+XulkxHB2C445CC+tMf/4 +-> ssh-rsa f5THog +IsHXryMvZTlFjccefMsgyV9MeniCTaSdXnhcKLbhnCi25rEoXXBM98MQc3nKnl1h +tFiSp7EGe5ffoHNGkZQFTCok/GmPB2FID2+LNd+/J7bliNq7ak630U9YoeTZUTpV +NtOMq4lttpiOA89LCFbWWPoiq0K+0aWQQOLLNdopVS9wil0eQgQyzbxksPkX4fWd +Flgoca34yF5mONjXL5jGJ32yUwOM3bEh2skgGMdVnL3dUxvTlPlfYTjWrEVZx77j +LE0VgkJXlI1YHSwAvHuEpFmol7NwSxC7NL7wH0hqBK7KNgnm8eVqRzhVLNTXd52o +0PDoKFfWyuXDPw/PtEZ4HlK/3wCrn8aRnp/ufI7mtVBRZMRnO3kHDySkN2yJ7kzR +M/KFiAYV3DKjoGhpAE1VAFFKGIdf69XrU+54KlhK++AOM+cQb+2t+hq8NQMY7sWz +7py4D94zE5iXnZ/mlcyNQ6tUrNM2xxcC2UrcZ2oZUY8zxfWBrObfuSO4gZJ/UQS7 +SIT0n7JDnNoPDQ6ij96fH+NmyB9T+s2kE5FhbXsgbhGCOtXo90xUtVaFxfdoICch +JO0eHTgn4Lmye+TAgJIrfU+77pyn/BBtbEtMnpH47Q1XuPBYrGD61EF4qgQtjDKP +YQI/Vo/hszC6HXh8wDYNx9dMSQcNz1j54oKf8CuGtio +-> ssh-rsa kFDS0A +TxrUvGYol0b2ky+T6W4UI7DaH/TlJyq2797Ic2A/fls0FJ28IeD6JnAQmOLuHs4X +cx/Ss0iZb10Ad0l9PgF3QBoXz9Iwr8c2CwYfQ1+AK2RGExu9mqvwsuc6Ir9Wo/3i +Fb5YkQt35IPzLkXXASRIBoJIhFgRCIZkf7fPZ6ModyDz+vUUiX0syiACDUeeeDix +pKpRGToPxXMZKh9unPUXM4MI7hpmkdRaAvmq6lY3+orYRQSCHS4GEWdJAR2r3AE7 +XD6GS5fufiMrcTVuE94l+iix5E8+32NQLYutmNej+0MewwXSSWVraNMrKEKowxwe +URx9DB2oIb7+PZFJptRsLVpQJpuYVTxAf1gir5JPLlTfF3FZDOtAyYl5S6gxMa0F +Zzv1W25EY6oKIHtLTdCS4YGBZYdLfo6FOiDAJ//mdNZp/KKj3f+Vhd298t+Iubgu +A5zHB57Xx3+Yx6JmsYF1I0e01sFh4R204P8jQWDFXB0cFnEDXOu2YkmwpbGVcqmL +o9Sek6pIFRBE4w3/Tn53MxnzvfGGJReZUVoAGOjffim270IsKfi8Nm37G3vnaSO+ +LVaRwAzGGy9CBcTsUPzrWZiEjhbqujH2BqqLzq6OHwzf1Np6VZ7tId49Tk2VRN3o +E2HX0MuzpTzXGuqTQzibBE83Qkiek/WGNQcJNtKRkfI +-> piv-p256 vRzPNw Ask4dKgnJzxcLH8Y7JXPmpJz/FnLMLzwrU3Ra9sVzX46 +QUK0tJElxIcy3AdZ18ocGuQB/5AeenSxTwjURmM/6sc +-> piv-p256 zqq/iw A1TG7lZAnrPyD5rvNsBpiIy1SBPQol5PMuO55x0gSQDd +FZSRjqbvSLFvgpqfAb2aDN+sIXamil7f3DvT8exd5mQ +-> ssh-ed25519 YFSOsg nsHXpCsFmfF5W3FoVCq/rC6VKGu6GbBDwPnNLuoGxEs +2yUYAD+54QJD/oYSJYF/+LGTIvl+JwSY9CBVijR+ghA +-> ssh-ed25519 iHV63A ykphh8wpIMyDWOKvDDEkHFDk3ehOIHdPnBXJVYgYKX4 +88NDoL9v8uMzexfAcgIAIRz9noaZA8uPVVTWGwJdQ7c +-> ssh-ed25519 BVsyTA tvcb1nnvjiBZubVWOxPuKnYSK2dQwacTHD/nstzQbF0 +zax487bKjgwmELMNc+qGaz4qWeY5zLl5TW3o6xEqdhs +-> ssh-ed25519 +3V2lQ fT0+WfhKXkahpQkNeEe90KklbI+kdjVqqHQcXyIEnAs +/96afmu3e2D5cfgBbkTEUB65rCYfH4KjsSloIV5pqb8 +--- OzXfNhFub2fhTcmH6M64ErDGPBTiFUJVEyifNDylbiY +ùv ssh-ed25519 Y0ZZaw EPdVIjlZPusw/gfgF68jbN4fe1BNHZVXr0jsz6MkfF0 +uuJA26R9BHOg4BiqVdsfNP54rTOV2UyvS9in7rO4cio +-> ssh-ed25519 uYcDNw 3udVteOpSVuX0e3KCaBdEkqFppYLu9PPuXkNzaX26D0 +ahAA5nn+dQTOT7WYn0DXLwsCZf5B8X1fYzeaz30CEyU +-> ssh-rsa f5THog +GJTms6amJXlAXD7wnL+GsYHgw2NPqeiUMPOXoJpIzBQ7+LHY7vIgozMshM7G+Qcu +OzAB9S3NeXB1FYJir+X32ZMuOlvVJFIS6Z0SyUlUd1gdrJJ/cSkj/GkgGjg6ZRUo +rxtvZYB3VDU7HEelps+EoLTxF2SPM4BLNN/EFDwOPB+MSOKrpjcZEF4ARJAAu/8k +SKlUnmU7n/2ModYn7QHTuTaOrNEzHmng1b4Rf83ZNU/N6cG+DVjGposkSFeE0gZV +Rde0NXox+mRKQXGmdtqrHJCTd+o/+2e22mCfbVLl3YC5oWQZCX+uwGx5Aa8AiFbt +1510bYJf+9XV9ceB8UEtyelkWA8/zF1uv6NUj+et89SioKh/+RD2KltqQ5s0Be98 ++9/oZSBnBrNVHJkDB0M7vD0CDTb2pgwAzP3wpaK2sUMSHGndosLMVz1DhWjjdoLC +/8IpQOm+mN2hmKzb8KNYXhc3+kXI71DM0y2EYM/d+8vbansex2Ec26bmD5s1/eZN +LcNHhGkN6p6dTO+ACJ0Vs2684SJt/YO0JGe1b3T3RNA9fvxMpM/qnNRn1bzIUzLN +SY8ptdihDdtwUR5LjVSVxK+pq/+WrvV6ek0fxHNfMad0SPP/nsLtrOe5tziIGFbn +TJC2AM22CCN9h7is75ffEqug9kSW0byQmzqJpKrDu+w +-> ssh-rsa kFDS0A +oVjWnKc0iSx368gYMj33kbV0uTJuxliy8L+OKajPIcUo2yZGDGYel6jGjWvKFMjm +9CFV7AzWgP4P9D6gBRunUtYqAGncNNvrGKQZZyjwyY0DWMjU908ioZTieeb2ZPmp +WjrFM3OD3NHQ2N9huj9bcp2xAwsCs2+l5VG7SGBXoLnPyBl+ep9V90HVDznsEa+P +DAO1TGxhiIcdKhqVkymU0pu0LF3S+aKU3P+ehDfSr8jeu2DaW/6q3VVjkzZmfJVZ +yk2w3RrLT53CHx/p0f7erecsiBXxSTIf++aafrr5EvzSooHJTx3YJg3R1qt7F5ZR +W6QyQL/aseRj9HmpEUKuaKhix3latAEFPDDH/teIXXTgZwaVa3CJAmqUPtuseTW7 +03j3/rAmMJG72ur5YpkCF9KumBhDThtpbZGX4ossWUV+zd3tXiLjH7B902yeHQmV +B/zCql0UR2Dx1MV8tIlye6Sc3HxqGKjpzD442XbwGqRUkfYRV0TQiZYJ3USh7ST/ +AL1cQnxgMbaIPvTpUwPAyAK6FYxZL9pfLIZb/hy5DhlkplJMMa3TawPWGmN1yJ7V +zly9tbidORcUYLLhcfs3xYBuQtrMZs4OGA+gCavDYpANT8uSkcobtyms0qtTZTCl +S8t2hC/KtuU8XxO1AiAbt3iMf3X9JxNHsQ69bAN1m24 +-> piv-p256 vRzPNw AxbTI09w3zG/h37Cur8v/Cs7E8GllL1jbWZCk7MoeA9H +EgHKblYy8w4p6z5vygPBbYywiTeDFjeUOpSIFCPP3XY +-> piv-p256 zqq/iw A2H6gWAp/VJXudmCZcw5tg+jow+UEEaycSVtUGaArBnW +l+oIvzC2Zy3GKFl5LbgNr6wdQVBFR5B7Q8Jsj1XYJRY +-> ssh-ed25519 YFSOsg RGe5jaisrFydbvW2T/qmurZMvDh3VOis5pK8kSPES1E +lWobpu0a8lJQM0/1NMXSHSgzLX9ZxIh/mJjFqq6jIo0 +-> ssh-ed25519 iHV63A JYEPADhIo3NOEj26Fcpin+5DjIlZVEkyJY37jrlPsRI +nJw7jwGYaj4dNVK7EDKFQ/q1yy+uWF/jdtT7H5o/hhM +-> ssh-ed25519 BVsyTA /8EgEA/kZx4JbUMH1qZn4vJrnzCUo3HubP78nd47EVA +IwUd6D1E420HH2EQDiook7nzJfguKstGsR5gQT6Zg8I +-> ssh-ed25519 +3V2lQ ai05KCkV6KAOmtvRi2IHoDf1LORoKAGuy/xUYMGt/Ds +7t0zzhEySFvHNVsyALpc/7QzjhUEOxd9LHnyFeORsDU +--- cLVvcbSbO7tAfRpm3ugO9VgR9CqLQLMgtslqm6cr9s8 +h)t7ϯOC&Q١W!r+,N +FU+'ro \ No newline at end of file diff --git a/secrets/tt-rss-keycloak-client-secret.age b/secrets/tt-rss-keycloak-client-secret.age new file mode 100644 index 00000000..1f367673 --- /dev/null +++ b/secrets/tt-rss-keycloak-client-secret.age @@ -0,0 +1,43 @@ +age-encryption.org/v1 +-> ssh-ed25519 Y0ZZaw DEiyiueJ8BREDZKqMqO/t5twTT6+2d6E2CRBUjzawlY +yyjKu/qQLEfNWcIllWFcokT1/XAQONuV8ztNm+kPvD8 +-> ssh-ed25519 uYcDNw CFUbofGu63MCJ37VsnNWA1cOADkFzQlK0HAauPgpVB0 +JBQrjUVfZG0Tn8sswvpMBAjmyIiKja99OiscO4ZXTKU +-> ssh-rsa f5THog +L1ThE5NbQkfeuCFJJ8RP1kbDvmrNodPuDrNK+hypi8lflyRaSP59x+BOrjLbAOML +dYYLNKNX3kO4pqizRMZYH5UPCHT6lS1d7jJLAkjW3vvqaAUtYcLKnPT2+9dqy0Oi +vph5zW/d2l9Mg/aETiFhBJwdsRXRFiAcWAqqU7xOSKGSDyxz1GUx8hbhEja9fbG5 +sFBj7QiuBIZb3vzLHi7lo4q81A2T1q1UqhJ84ps6LBuQYVHLWZOJJzWEqU/9PuWQ +J1mb4db0Bg6yRneX24mcwbHq23nMgaTH5gbGvDoIgo+dHQpdiJG+P/4bKiVHdfg7 +nQQB6MIvQtMCN8HduGZX3M78dYTKB45iCugKYWWERDeDxD30dfuFU8jpXESql+VB +VDk/bMgivV8OLvcnwXPqKTjLZb16pgVYpde88zLZczWOJXWIhuzF0XSYTAERQWIC +PMleWFhz9CY2ivY0noWrLYL+zl7VamcQEAcgEDw8qtEx+Pq0zAGuHsmu5hbYvph4 +Mzly0QhNapfD0BKkwCZ8Qz1nMuEXeZxBsv4zCWuEvkywnqRTKRBFd7IpoyAx+8um +hZgkYvsDfOmgHt+k73Gavq7Cu//cfH+Cpn9xflBkh3TqWafMheZOm4E5oOddfszC +UsvJiBDWQ7Vg6m5gzJRYtewdX4vzo65z5rF4VlavSjY +-> ssh-rsa kFDS0A +IxklxbzF+1si1E0lzzoCYZ+HlBq4muKTA55c3q9mYi1x71aUxDvd2UZ+R26MUKNP ++2UVVBegOQv7vG+a7qE4Fmecg53vdkHA2aFBmWZPKkv7Uf1AifrbniqySs/pKm7a +MZr5Y1cHCOWs8tAtg9nOsnIIhVL+kZKLDkIhQUlx1QIpkjHoXlcywmr0QMNC0Rwi +Gi9gzczHSdO3c6UurPrplsxlQ333A6NASjoSHtnR5KaYUE6F60qpQ42cp4YMwhJz +9NqfgwXARxrATlDVYzakdMDpvwbBC3f4NQruJkwLsdv/Y/JjeLS+sJklUdC54hdO +MDB6rhfTHjcSSTPQDYHT89OWnWLjfLmDybdnuozV7Dr+RrmoMwUZp6PIq2Nhpvdd +J8On5BktaVgBdKxhbpnsZz154moiCvTNjMB5ZeRUeUVlxBFWvAQjd/Mqn80HP0nq +hkE0ysmg8TeDWAsS1mnGL46z1iMedf+qo1LgZxNNaiXcDxHW26klozqtuUNf6JQi +BpgIulHS2q9OtfpWImMLmU2g4gCuXY4KmeyHVc7cHyNDHg173i4XnLTgzUv4vry/ +eJ55CWLPeFtaX/Ha2rpbXzf03RgPa/3VSl8Rc6C5ByxNX8osP2Cqw3t4/r5r4Aav +J/H0kpGvllKm9Z7N4P38f3ib1l/eL6P4QuoQAS3Bnho +-> piv-p256 vRzPNw A92vvztf3bC8zvaoE7Cvyx5+4h1bJDVYNHB61pRKJXMA +tyaolFQw9b7J92hnglfXjGKVBBn6eojwuapM/JyD45c +-> piv-p256 zqq/iw Akj9U/ko9QSTizPdUygD4i09R1FGjWyrVzmF+LYKcnw+ +gkG+XPlh4fzAVX2NX/+kOViL+tJYVbfv02j3LUs6Isw +-> ssh-ed25519 YFSOsg tB+h7/iK01WxZ4fTgQ70G/5knfhRHEV0xAO2ZJCq32I +C7S/7QZFW0jr0AkC+Lrp7lGLc5qv6Oiwz95snC3fbQo +-> ssh-ed25519 iHV63A OKo/vciV1cLidEife4NKpb3Wvpwqm6VIwdSIa8vAviY +mtr8obwzhTmRGraIlXspR9+pBLxAqX4CTPw47lcaSNE +-> ssh-ed25519 BVsyTA CigB96X7zNM2KeiXFi1ZM/+srzAgwAkjgj1WhwgMDiU +cr/V7vxTMwD+Hl/UwWBIcUQoCH8sGiRKrejZCLjNT10 +-> ssh-ed25519 +3V2lQ DKQPv1yeLMkj6GxPH7lE/XQf+56O+ocyiEwc3JGixRM +1p1/+QoZmxvr7/u+IAMa3qJL/4i6TFadTtnWiNC93fU +--- ELKtSro2FeA35vty3wLJdJA0cwhPOBfp3fC295OEEAw +4O @N/҉ 'Ĩ;}wӵ)g`'| ssh-ed25519 Y0ZZaw xcTM7SY2FBhLO3K+eXAV20DIeTvgEMsXHPbK3ZpJNyI +M8fk0N+kWSUNFqF31u7fSvfmiSie9D/9/d6Zzso5HKY +-> ssh-ed25519 uYcDNw iC9p7dRLBH9QFCTeMro5FRzDtiIr8mtAIyEUwK0Xvyo +gb+HeQGfcaHyL8qKX7RXNnY4MZs0A1rQFDb/VEsYAFU +-> ssh-rsa f5THog +gKf+6+O29NEZii0qH1D5bIM9a8KUt8ZznexG4BBMglk7PCEOMb1a7FkQGa8JAh8O +A/y9j+vT4ZCf/HuWlw5yqknW9p83JcE2hWzqkHf3TEAeoQnP56BAiJN+lGf1Yhjc +dikbgEJn1DaHBKUmsVOuRr3GTXvBq6aENHZEWEX+rRHsuUb6Y7ZaIkrvUqUaN+EE +NDSF6ZHsPWP4WRfILhMY2pD9ybnNWr44pAPC1rxfMbOsGLCL+lU/f3S++7IRPNsu +shociVBxZOchxgxx3hBMUJUYEZZoxKi+xO1FgNTVVhEkbePxyAzwktPyPquoSj5R +OHsgCuoXAaKyhPsKnr+OGHXrNks3fAdACcnuJ0Vw9/ATkbuuysaI+tWk9b3p3b49 +QPCDJtCdSSvOxnd0UOZ5PItbJ16KJK1WWgX8gyb9m7lPtjDb0A5ZH9gEjq9C+NHc +yxiOd8sPfEAUJur7D0DGz7HSUDjoxkkdfrTTBkJEYKoyxyucFk5xdJ3vKTHJJy9J +0zq2sxCjt7/rpodzDXoHf4wxY55YwrIgSlE+5BJ0vH2dDa3SJMmSrzgnQ/oE0Qt9 +vOpQxXxEJmQ2VT+qnvsPceyFEbrfpsHYvULL1HnqrF8djmhxK5sIrjs+w36CqYZe +emDar0xn54PBkWDZg9JPtyyMnfNi3NsN9STjrqDE7BQ +-> ssh-rsa kFDS0A +a5mr0TZfRLG6DMoYtKE5DuvbKgkKnVYMMKTigAsB1IfZRbKJ+/8slJ5tILuRnII2 +Z3WlfB6v1OhzKM2cjeoOkZS69mSVdxj1TnA6vvxd4Avi4rX9LmqwitSywULqBq2L +N6SANCRoegmQC9TEQpPo+B9Cp91FkhXzYBlyxlBw2pKS9Z8l+KlSr942lmNLqjLF +7HkZnhfn3Kzt7ZyJxSgVHSn0e+n5GGJcf8xcv7rO/+HUOrRj9cOAoQHlS1AENJCY +mlDdi4FhqMqRbBLgPEoLk/hMpaH6bu7yA+xs8RZH1ZEhwGlypaREHKHnYC0HUm4/ +oFSGul0VAorXVRJz1yNbJF+ZexI0daR/e9f86/3VnWF2Obs4oOvvGk03gMZrulse +9W5XpOL0xzK+czCinyVl6ccKEOE4wJdC08crHbB3qQNGzzdg6KTet88QHP1FgYSe +dCcA11o+9t5u/YlAqlJbCC4ffqXu0BBh2l3xw55QxOYB+oJFy0EJsIoKyksQtFZu +TYHnBs8pvJd6mGL+wnrK+Qjxf+tYkOFHeSNWByvNa0GrysQ/Z1khPg9UhDCH00g7 +H6dBPs+3Z9kb+UNEtOHoEKR2po8YCF14G8w4K3vDrhabUvvRN27eohG45arGEjl9 +KblvtbR5C88sb/iHgI6TVWyhppv9wkTjzv6o0KXbewE +-> piv-p256 vRzPNw A2VLSRquRznC9RWlzRqTHWjZV16VOoXKXfSjHxLCt3xy +ilWRm7eSOPKU6fMpn1oJsgGIqdUj3u7t232NerH2/p8 +-> piv-p256 zqq/iw Ap1PecekG75fGk87MtuIW6K2UBiK2N/l2aYRG/J5ODK2 +ne9ie3j+w7Sle+3HG6m/dh3W8lJPgqlcW/m8jTBw+H8 +-> ssh-ed25519 YFSOsg vzSB1cpLB7v5w4ODaeeQcdU3k8YTb7mS+aA5B9BncTE +WBpQQ+TrmzvYuFH6bE4w+8zjQ0R5UaPAhyYSCNXdYJc +-> ssh-ed25519 iHV63A LxTbHATRBQLRJ0+irWC3vL503QplrSho6N7ViIJxPGc +3gDFWCE5suDA65QrUkjKr441mKxmw+L+P9voWJFpBOA +-> ssh-ed25519 BVsyTA b+b/OZNuP6skvZa61CQJ0kUKFHfZZuzfrNjSQ4HXzl0 +bBGKqrmRBFFCelNNgvdKWTuJWMaeTDo7LifMhns8TNc +-> ssh-ed25519 +3V2lQ 2PH42pQzkDVdB0TVcq4CPoX9uGCzf7g7AsRGDM09gQI +Q4Sa4mP2r4To47oBI7u8xP3vRxi0OydlVu1rN+m7mjc +--- VPJ6/nvJyQ4kVWnOJ0Rg2VVznd5nVD0oxgPujx+S8mY +B]+Gf):BEsLhC7euOܢ \ No newline at end of file diff --git a/terraform/dns.tf b/terraform/dns.tf index 97be97f1..e20c284e 100644 --- a/terraform/dns.tf +++ b/terraform/dns.tf @@ -84,6 +84,11 @@ resource "namecheap_domain_records" "pub-solar" { type = "CNAME" address = "nachtigall.pub.solar." } + record { + hostname = "rss" + type = "CNAME" + address = "nachtigall.pub.solar." + } record { hostname = "stream" type = "CNAME"