forked from pub-solar/infra
initial work on mail
This commit is contained in:
parent
6d8d34123f
commit
af233793fb
104
flake.lock
104
flake.lock
|
@ -27,6 +27,22 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"blobs": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1604995301,
|
||||||
|
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
|
||||||
|
"owner": "simple-nixos-mailserver",
|
||||||
|
"repo": "blobs",
|
||||||
|
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
|
||||||
|
"type": "gitlab"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "simple-nixos-mailserver",
|
||||||
|
"repo": "blobs",
|
||||||
|
"type": "gitlab"
|
||||||
|
}
|
||||||
|
},
|
||||||
"deploy-rs": {
|
"deploy-rs": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-compat": "flake-compat",
|
"flake-compat": "flake-compat",
|
||||||
|
@ -128,6 +144,22 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"flake-compat_2": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1668681692,
|
||||||
|
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"flake-parts": {
|
"flake-parts": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs-lib": "nixpkgs-lib"
|
"nixpkgs-lib": "nixpkgs-lib"
|
||||||
|
@ -328,6 +360,21 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixpkgs-23_05": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1704290814,
|
||||||
|
"narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"id": "nixpkgs",
|
||||||
|
"ref": "nixos-23.05",
|
||||||
|
"type": "indirect"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixpkgs-lib": {
|
"nixpkgs-lib": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1714640452,
|
"lastModified": 1714640452,
|
||||||
|
@ -340,6 +387,21 @@
|
||||||
"url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz"
|
"url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixpkgs_2": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1705856552,
|
||||||
|
"narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"id": "nixpkgs",
|
||||||
|
"ref": "nixos-unstable",
|
||||||
|
"type": "indirect"
|
||||||
|
}
|
||||||
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"agenix": "agenix",
|
"agenix": "agenix",
|
||||||
|
@ -354,10 +416,37 @@
|
||||||
"nixos-flake": "nixos-flake",
|
"nixos-flake": "nixos-flake",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
"nixpkgs-2205": "nixpkgs-2205",
|
"nixpkgs-2205": "nixpkgs-2205",
|
||||||
|
"simple-nixos-mailserver": "simple-nixos-mailserver",
|
||||||
"triton-vmtools": "triton-vmtools",
|
"triton-vmtools": "triton-vmtools",
|
||||||
"unstable": "unstable"
|
"unstable": "unstable"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"simple-nixos-mailserver": {
|
||||||
|
"inputs": {
|
||||||
|
"blobs": "blobs",
|
||||||
|
"flake-compat": "flake-compat_2",
|
||||||
|
"nixpkgs": "nixpkgs_2",
|
||||||
|
"nixpkgs-23_05": "nixpkgs-23_05",
|
||||||
|
"nixpkgs-23_11": [
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"utils": "utils_2"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1706219574,
|
||||||
|
"narHash": "sha256-qO+8UErk+bXCq2ybHU4GzXG4Ejk4Tk0rnnTPNyypW4g=",
|
||||||
|
"owner": "simple-nixos-mailserver",
|
||||||
|
"repo": "nixos-mailserver",
|
||||||
|
"rev": "e47f3719f1db3e0961a4358d4cb234a0acaa7baf",
|
||||||
|
"type": "gitlab"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "simple-nixos-mailserver",
|
||||||
|
"ref": "nixos-23.11",
|
||||||
|
"repo": "nixos-mailserver",
|
||||||
|
"type": "gitlab"
|
||||||
|
}
|
||||||
|
},
|
||||||
"systems": {
|
"systems": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1681028828,
|
"lastModified": 1681028828,
|
||||||
|
@ -475,6 +564,21 @@
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
"utils_2": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1605370193,
|
||||||
|
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"rev": "5021eac20303a61fafe17224c087f5519baed54d",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"root": "root",
|
"root": "root",
|
||||||
|
|
|
@ -38,6 +38,9 @@
|
||||||
element-stickers.url = "git+https://git.pub.solar/pub-solar/maunium-stickerpicker-nix?ref=main";
|
element-stickers.url = "git+https://git.pub.solar/pub-solar/maunium-stickerpicker-nix?ref=main";
|
||||||
element-stickers.inputs.maunium-stickerpicker.follows = "maunium-stickerpicker";
|
element-stickers.inputs.maunium-stickerpicker.follows = "maunium-stickerpicker";
|
||||||
element-stickers.inputs.nixpkgs.follows = "nixpkgs";
|
element-stickers.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
|
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11";
|
||||||
|
simple-nixos-mailserver.inputs.nixpkgs-23_11.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs =
|
outputs =
|
||||||
|
@ -123,6 +126,10 @@
|
||||||
hostname = "10.7.6.2";
|
hostname = "10.7.6.2";
|
||||||
sshUser = username;
|
sshUser = username;
|
||||||
};
|
};
|
||||||
|
metronom = {
|
||||||
|
hostname = "49.13.236.167";
|
||||||
|
sshUser = username;
|
||||||
|
};
|
||||||
tankstelle = {
|
tankstelle = {
|
||||||
hostname = "80.244.242.5";
|
hostname = "80.244.242.5";
|
||||||
sshUser = username;
|
sshUser = username;
|
||||||
|
|
|
@ -59,6 +59,19 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
metronom = self.nixos-flake.lib.mkLinuxSystem {
|
||||||
|
imports = [
|
||||||
|
self.inputs.agenix.nixosModules.default
|
||||||
|
self.nixosModules.home-manager
|
||||||
|
./metronom
|
||||||
|
self.nixosModules.overlays
|
||||||
|
self.nixosModules.unlock-zfs-on-boot
|
||||||
|
self.nixosModules.core
|
||||||
|
|
||||||
|
self.inputs.simple-nixos-mailserver.nixosModule
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
tankstelle = self.nixos-flake.lib.mkLinuxSystem {
|
tankstelle = self.nixos-flake.lib.mkLinuxSystem {
|
||||||
imports = [
|
imports = [
|
||||||
self.inputs.agenix.nixosModules.default
|
self.inputs.agenix.nixosModules.default
|
||||||
|
|
13
hosts/metronom/backups.nix
Normal file
13
hosts/metronom/backups.nix
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{ flake, ... }:
|
||||||
|
{
|
||||||
|
age.secrets."restic-repo-droppie" = {
|
||||||
|
file = "${flake.self}/secrets/restic-repo-droppie.age";
|
||||||
|
mode = "400";
|
||||||
|
owner = "root";
|
||||||
|
};
|
||||||
|
age.secrets."restic-repo-storagebox" = {
|
||||||
|
file = "${flake.self}/secrets/restic-repo-storagebox.age";
|
||||||
|
mode = "400";
|
||||||
|
owner = "root";
|
||||||
|
};
|
||||||
|
}
|
34
hosts/metronom/configuration.nix
Normal file
34
hosts/metronom/configuration.nix
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
{
|
||||||
|
flake,
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.supportedFilesystems = [ "zfs" ];
|
||||||
|
|
||||||
|
boot.kernelParams = [
|
||||||
|
"boot.shell_on_fail=1"
|
||||||
|
"ip=dhcp"
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "igb" ];
|
||||||
|
|
||||||
|
# https://nixos.wiki/wiki/ZFS#declarative_mounting_of_ZFS_datasets
|
||||||
|
systemd.services.zfs-mount.enable = false;
|
||||||
|
|
||||||
|
# Declarative SSH private key
|
||||||
|
#age.secrets."metronom-root-ssh-key" = {
|
||||||
|
# file = "${flake.self}/secrets/metronom-root-ssh-key.age";
|
||||||
|
# path = "/root/.ssh/id_ed25519";
|
||||||
|
# mode = "400";
|
||||||
|
# owner = "root";
|
||||||
|
#};
|
||||||
|
|
||||||
|
# This value determines the NixOS release with which your system is to be
|
||||||
|
# compatible, in order to avoid breaking some software such as database
|
||||||
|
# servers. You should change this only after NixOS release notes say you
|
||||||
|
# should.
|
||||||
|
system.stateVersion = "23.11"; # Did you read the comment?
|
||||||
|
}
|
13
hosts/metronom/default.nix
Normal file
13
hosts/metronom/default.nix
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{ flake, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./hardware-configuration.nix
|
||||||
|
./configuration.nix
|
||||||
|
|
||||||
|
./networking.nix
|
||||||
|
./mail.nix
|
||||||
|
./wireguard.nix
|
||||||
|
#./backups.nix
|
||||||
|
];
|
||||||
|
}
|
48
hosts/metronom/hardware-configuration.nix
Normal file
48
hosts/metronom/hardware-configuration.nix
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
modulesPath,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [
|
||||||
|
"xhci_pci"
|
||||||
|
"virtio_pci"
|
||||||
|
"virtio_scsi"
|
||||||
|
"usbhid"
|
||||||
|
"sr_mod"
|
||||||
|
];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "root_pool/root";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/disk/by-uuid/2083-C68E";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [ ];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||||
|
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
26
hosts/metronom/mail.nix
Normal file
26
hosts/metronom/mail.nix
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
{ config, flake, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
age.secrets.mail-hensoko.file = "${flake.self}/secrets/mail/hensoko.age";
|
||||||
|
|
||||||
|
mailserver = {
|
||||||
|
enable = true;
|
||||||
|
fqdn = "metronom.pub.solar";
|
||||||
|
domains = [ "pub.solar" ];
|
||||||
|
|
||||||
|
# A list of all login accounts. To create the password hashes, use
|
||||||
|
# nix-shell -p mkpasswd --run 'mkpasswd -R11 -m bcrypt'
|
||||||
|
loginAccounts = {
|
||||||
|
"hensoko@pub.solar" = {
|
||||||
|
hashedPasswordFile = config.age.secrets.mail-hensoko.path;
|
||||||
|
aliases = [ "postmaster@pub.solar" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
||||||
|
# down nginx and opens port 80.
|
||||||
|
certificateScheme = "acme-nginx";
|
||||||
|
};
|
||||||
|
security.acme.acceptTerms = true;
|
||||||
|
security.acme.defaults.email = "security@pub.solar";
|
||||||
|
}
|
19
hosts/metronom/networking.nix
Normal file
19
hosts/metronom/networking.nix
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
flake,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
|
|
||||||
|
networking.hostName = "metronom";
|
||||||
|
networking.domain = "pub.solar";
|
||||||
|
networking.hostId = "00000002";
|
||||||
|
|
||||||
|
networking.enableIPv6 = true;
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.interfaces."enp1s0".useDHCP = true;
|
||||||
|
|
||||||
|
# TODO: ssh via wireguard only
|
||||||
|
services.openssh.openFirewall = true;
|
||||||
|
}
|
54
hosts/metronom/wireguard.nix
Normal file
54
hosts/metronom/wireguard.nix
Normal file
|
@ -0,0 +1,54 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
flake,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
|
networking.firewall.allowedUDPPorts = [ 51820 ];
|
||||||
|
|
||||||
|
age.secrets.wg-private-key.file = "${flake.self}/secrets/metronom-wg-private-key.age";
|
||||||
|
|
||||||
|
networking.wireguard.interfaces = {
|
||||||
|
wg-ssh = {
|
||||||
|
listenPort = 51820;
|
||||||
|
mtu = 1300;
|
||||||
|
ips = [
|
||||||
|
"10.7.6.3/32"
|
||||||
|
"fd00:fae:fae:fae:fae:3::/96"
|
||||||
|
];
|
||||||
|
privateKeyFile = config.age.secrets.wg-private-key.path;
|
||||||
|
peers = flake.self.logins.admins.wireguardDevices ++ [
|
||||||
|
{
|
||||||
|
# flora-6.pub.solar
|
||||||
|
endpoint = "80.71.153.210:51820";
|
||||||
|
publicKey = "jtSR5G2P/nm9s8WrVc26Xc/SQLupRxyXE+5eIeqlsTU=";
|
||||||
|
allowedIPs = [
|
||||||
|
"10.7.6.2/32"
|
||||||
|
"fd00:fae:fae:fae:fae:2::/96"
|
||||||
|
];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# nachtigall.pub.solar
|
||||||
|
endpoint = "138.201.80.102:51820";
|
||||||
|
publicKey = "qzNywKY9RvqTnDO8eLik75/SHveaSk9OObilDzv+xkk=";
|
||||||
|
allowedIPs = [
|
||||||
|
"10.7.6.1/32"
|
||||||
|
"fd00:fae:fae:fae:fae:1::/96"
|
||||||
|
];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
#services.openssh.listenAddresses = [
|
||||||
|
# {
|
||||||
|
# addr = "10.7.6.3";
|
||||||
|
# port = 22;
|
||||||
|
# }
|
||||||
|
# {
|
||||||
|
# addr = "[fd00:fae:fae:fae:fae:3::]";
|
||||||
|
# port = 22;
|
||||||
|
# }
|
||||||
|
#];
|
||||||
|
}
|
|
@ -8,7 +8,7 @@
|
||||||
{ lib, inputs }:
|
{ lib, inputs }:
|
||||||
let
|
let
|
||||||
# https://github.com/serokell/deploy-rs#overall-usage
|
# https://github.com/serokell/deploy-rs#overall-usage
|
||||||
system = "x86_64-linux";
|
system = "aarch64-linux";
|
||||||
pkgs = import inputs.nixpkgs { inherit system; };
|
pkgs = import inputs.nixpkgs { inherit system; };
|
||||||
deployPkgs = import inputs.nixpkgs {
|
deployPkgs = import inputs.nixpkgs {
|
||||||
inherit system;
|
inherit system;
|
||||||
|
|
44
secrets/mail/hensoko.age
Normal file
44
secrets/mail/hensoko.age
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 UE5Ceg F7J2BMCNuOUcZhcbEyXBbFHkOI4sVA0qXbRmCWYNBAE
|
||||||
|
Na/iuNS8cxz0qEiosflBEB9TAF87sQgwBbUl0/fhmZo
|
||||||
|
-> ssh-ed25519 uYcDNw Xd8D3eCNMcXrxlYef4kj1N4CD16b5Xs3pfA/J8RJQDk
|
||||||
|
UoBSRBj4wS1cxnDV37JjW5kBP2XWWo7seJJsU0y0cEA
|
||||||
|
-> ssh-rsa f5THog
|
||||||
|
OxPFa8NRWqy2ShVfYtxqZWfJAmgkYd2xg2E8vNCPoWafo/6hBob7C+4hDiKRZPZa
|
||||||
|
EVLw0wgTe/nlMzBLOO3FlgZ0Ceb/uA2n4nu7st6mjwYQpsmVXwZoap88B2b+GYCs
|
||||||
|
GG4sgybkZ/BrfFgm94TIcC1lr2lMjA6C4xhC9Mphf2iEQf1wjL4N1msOC4gTAW8Q
|
||||||
|
zaH+K+qNEbTXne5Pox9wp6FjApSx33ldqRxOSzcf7RUuL2ew/63fTywW8ZdHcUgm
|
||||||
|
usKqBZX9vyhLdsHzZWSXwetybMfKWs1ry5kU3ekf9EmAAkSiukFxFdr7PON3l+VV
|
||||||
|
+hNFxi7RBKGC2u+ZE2Oh/MdXkKHMIVuJE1yhUJyiirH9/Mj2S6gOpSL7pjXIQdbC
|
||||||
|
RoGoE4fHWtp14Yn5X2YQCeGYPS+y87md9qKlVTzf29u95UjVkN4V8xwquOssWp/P
|
||||||
|
qlBJscmU3cp+U3W4Gzh1k1IwdBQ7B26rUOFEwa2/DI8VsBd/x4WmLQGiIe0VnOIB
|
||||||
|
YCekxeLrl4AAf/XTEc/qNTaXcn3OguMMq6KzyeWMTdKsrcw7/P7j+06SbK+Co57D
|
||||||
|
7zt/h2dDeAEz1eo7yGLu/zd2s2iyEBNxnzvSqvRpYAkcNNI7DvNfdotDYWj0kbuW
|
||||||
|
rKfPKnXOUvf9tKsjbd1BRI563TpcoL3ebnokhBfu+v4
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
k8vywS465lFJyN/RvPMx3OUSl3UG2phrlZ0QY9BL2Gqf79tiSqMrWFCKqeZ8Djg6
|
||||||
|
yDNC8F62IwWSQB030iWQMhQfI3FM9BFepmMpVE3zviyg1WRTNgLl9vdpjLP4FuNi
|
||||||
|
Il5S3T49RmUgAzsPGMs0UWLhEudm9tJOU3tI3XD32tG7mYVrMcimtog8/1zasFf1
|
||||||
|
GE3H3MyBiuawfSu0uMnQ267rxYiGF75bI8Er1nI7zIF55Lw7twHLjN+KOlSed3Vk
|
||||||
|
VU7tNeRKfbircTrfxXo0I6SVPuX21SfBP5RWq4KrO/h4chW36OLxza2eiRvy74lY
|
||||||
|
/MekrH3PgO0q7y+uqeSbiGAcvL1UXeZFFdItv5pKxMC95vpdsEhoywO8Rj6dd+9q
|
||||||
|
iQjmy5RS/HC6uDzbqAl0HQSq1fZXO3UO0fQg5Rv3whpKMBHVMTU/PVimP93oAu4J
|
||||||
|
rXnUUpqpKJqecVDYQT4XSuMDK5Iw+S+7RLxBk6hIYsg0jtywqgwD+zF1S8RHi9kK
|
||||||
|
BEX5mR3NC/B+LdHAzphYQkHuY6UOk5AcgMO5jYCLtVK4vqlvTJPVbTSgdO86rmdy
|
||||||
|
nZXZmi0Uqgz8QEdOgIp0ego8WdqGkZF0aQwMUw11Bi+78Asx5+hy+fUncw0qZndZ
|
||||||
|
04ayMacztVL0cEaQ1AeOf85z0MPOugcVYFvih/XkgjE
|
||||||
|
-> piv-p256 vRzPNw AyKY9szzF5MMfOBUISqtfu4EVk3GWOQ2WSqwgn8tCE9B
|
||||||
|
uoSrnNdzVP1WO3uZflc+Va6cT8y5AfUpm8P3njiSQzo
|
||||||
|
-> piv-p256 zqq/iw Atu7Vk8b6dyNLZcLFtnOkAlYxOMN033PV/bv8O77LORR
|
||||||
|
jbYx5/YXY6LwoFvOfXHHPhTiMOMLwgbENvFzFmGf6ak
|
||||||
|
-> ssh-ed25519 YFSOsg BCuhqDI2VVkG3gk927TjEOLLOQNeURfxVbGodW/Xh2c
|
||||||
|
lUEeZrF5FSC/e6XRxWNQq5B7oC70mKit56AIrWMTKCY
|
||||||
|
-> ssh-ed25519 iHV63A Job9bw0T6OJpmgeizCOyNGqA9YHrcbml8sj+9kadKVw
|
||||||
|
4+pfaDyrgXuj8DKQzMj04nk2KRfobvQ6Z+E7RDOUm24
|
||||||
|
-> ssh-ed25519 BVsyTA 2cN+HWBYc7mSbSEziFpyuDfHs7cbVd5Vdfj7NYNJ6Uk
|
||||||
|
8+APjCiQmu9hoqffuqdJKk09wtk0Ywa3NqeURnP+n+M
|
||||||
|
-> ssh-ed25519 +3V2lQ h+MbnwkJqmQbk2gtkyWvU/8gqJHYIG90lUH3AMENonk
|
||||||
|
wXsXHxzIsP9kSsi3mxmr5oujWL0Grj7y5inECZNSuIk
|
||||||
|
--- hkrqXuu9Lldhr675cyYUX5peiFT2s5ZMjIrOi7oRIyw
|
||||||
|
ê®è( <¾i0þøÃk$bL
|
||||||
|
ø+ë©€¯ï¬]–†úß…ÑÇEÄ¢¦wêíÆÈ »µ¬YÞ†é!0$šiôKÜà0DXæJdBÍÕ¦O.V×S¿‚ºd€Ä8çSƒ©¢
|
43
secrets/metronom-wg-private-key.age
Normal file
43
secrets/metronom-wg-private-key.age
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 UE5Ceg 1YUuuRDXFkGG2ZNYrRUro+Bx2GNGVTTCha+P9+T46DE
|
||||||
|
gTxW/j5xNSxjSq5wze7fhNJm1SB5/YEizO65jG4Q9Tw
|
||||||
|
-> ssh-ed25519 uYcDNw 7lGPy/ykR0Vnye8NYSBKcTRR2UzJ0lw2EXY6d/5gBjQ
|
||||||
|
SHbqjmcN4TNzFbQb3AgHgzzm8Yhr0LHSFQHXMLyTDVM
|
||||||
|
-> ssh-rsa f5THog
|
||||||
|
IKJVe3MhHIFyivBHwYuf+COke576b1h0ARtu44ycuLSS71C2kteigviIwstXz97M
|
||||||
|
GIHz9+aC0xJCa/gZ4WWZ5t5qO4XSmkIYCHPsV5UhjCEj6AAL27rP5oqXZKCTvPV6
|
||||||
|
7bEw4dNJmVyjAGYP0h4M+HaAFwe8nlKO291lyJ3NoyZcMR+KjEFiBK22W0oEqvS6
|
||||||
|
tvh3GgPp1iiHUvhF5uSUTxOqu30S7ogY1jtPLxQvEEJZwbXdCKZ/0BltfRGqKUWu
|
||||||
|
DKBcKERUeEa+fSYRtxZqd0GGGOi0Xq3UKjTSmt5w58cBkrntbQeRTNYfnvvqXJJ7
|
||||||
|
a0uRylsK2vnMjLXjlZryvL3ug+Ylpup/BuIMwzwpNEjasCqQt97v066Ho0qB0uej
|
||||||
|
rwslyXSjwlOsvblf6UovUzQ3GIG17X9POOavsW6md7wxZFCNtioo+qb7fegKK5Tr
|
||||||
|
W/H5GoB7g79pCbBUCMJP6MgPpMUVGH+5jDkWAQbik4lTH9ehD4Wu9V2hnyBub6fW
|
||||||
|
CjEtrWzpwH+yHFkm7R5IjI8DWoE4CWsb8KI+GUgr2R3AjdNuXINbJy+ya+wpuMLh
|
||||||
|
d5Q5tQbteQ2uBKJxXRrR8nNiiLqtQvRYsyF5G+BdXmAqAB0cBuH8yMmjUKju5tH9
|
||||||
|
lSmdqUScCcVY11T6Hccath065f8Jtvwj3nJE9f2iPfo
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
RVoy79ijvAmU9XlEsbmiOOWUfenL+hITb6tXELUGjZjYIg+JPDneg7m1plUnRpBM
|
||||||
|
sfLrTSzOLisWfct5rbXWb4QbNnD7biX0/uAPk8Jk3tmUfJsM1oLmNaRGGgo7RkFh
|
||||||
|
J28PG0n5+eumauoS0Yf11GIgWUpC8FeVJMrNM5r4yV65EJEyyjRxFHjIGl5Jh6Rq
|
||||||
|
bkJWpDsuFb2eb2BdZACV/M/aDYn+XGJW0oozNW91rryrQfsAHc3GzKoX2HtqNxua
|
||||||
|
3Z348+NTS7jCKKhEwwNwibgTSz1PT2ynyaXi2N60KZ8IDc1xwtn1Ybj2/S1no64h
|
||||||
|
P1GCjzKmwizgINoWQ8LYQ3nHxRXQjFdS4X63YUSXKcZ2TKMNydlB3IGL9N+xKflo
|
||||||
|
w5EMqFTuHInpyOfz73WDg2LKuzlWabjn8KIlx2bYG8Etn5alSX+oQGD5zTUkDt4p
|
||||||
|
/J3b8kLCdRSfVxwBudftXnk8CDg5gzM7LD0NOQ8/VK8lyTVE1dCCty1NUcM0o4mc
|
||||||
|
VgdlcJn9ISZSd3UAt6BDUHEMYdxktJnlPr8Gsw1iDU44Gu2fPUY2OpmAnIz6FshR
|
||||||
|
KkSThN08FL2EgEO99fbJ/8NiD+bml5duUNJQnjlQ8NC9w1S/4ADXpHSrJARQY0pn
|
||||||
|
DfTvCz2CJnPqojb2vDb0knqvhPNLu1lmtrlyqMygmLg
|
||||||
|
-> piv-p256 vRzPNw AlRMMj08FZgVJAcUdKDVtQzrrZWqOah1fq0xeLFOFYh/
|
||||||
|
fySXnGSZYyKOX75bwaByIAqaiatXpFF4zsuE7JEH//c
|
||||||
|
-> piv-p256 zqq/iw A7dI4n0fDq3z6OG/iuU8z4euPvx77lJJC9OlZG/RMPRc
|
||||||
|
waoyEH8qBDeUmCugy7ZnMj6tgLx/1+slhJTAJ4uXMNQ
|
||||||
|
-> ssh-ed25519 YFSOsg 99jNRmoZlrfV1ytKu8Pj41vBTNHED3dG99mjWnYe9Ec
|
||||||
|
p+Q3Dik27t8LRb5Mr17EzVwxdSQIZBeO+ezJVvFqg00
|
||||||
|
-> ssh-ed25519 iHV63A 1V4hJI/P7TkMWDbZb0NMdCSULS8XddPl6gGvc1gJ91I
|
||||||
|
CKzsgmbASOGWYRFSyYBvY90HrmLfQNKcrTPLvf5m0es
|
||||||
|
-> ssh-ed25519 BVsyTA tJu2Y42CtsqGMLf5VObT+nEMYHyujU2nmJQfWOTZsg8
|
||||||
|
MGxxNMPHyRNRDVurqovUkptzqfsemX9mCLSLu0RL7b4
|
||||||
|
-> ssh-ed25519 +3V2lQ vHPgK6xOUrH/1fqjkw2rhg10O0izPSTPX7b02v7J22A
|
||||||
|
A/V11elKo6YNiFHYMQrWBnUTsaz21MNH9jcY78dTlmU
|
||||||
|
--- QV+btlc1pzitb681enVVR/tT/kwE3s2sV1qB7yYJ/3Q
|
||||||
|
Y¥DgIx,ìµ´âÙËœ!à¢ptë m•ŠÂòä"$ú•‚™€¿¦aZTÔ4'Äû`õejüÊúKøAÕ£t×WÚS÷&){i–_íSŽ
|
|
@ -3,6 +3,7 @@ let
|
||||||
|
|
||||||
nachtigall-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7G0ufi+MNvaAZLDgpieHrABPGN7e/kD5kMFwSk4ABj root@nachtigall";
|
nachtigall-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7G0ufi+MNvaAZLDgpieHrABPGN7e/kD5kMFwSk4ABj root@nachtigall";
|
||||||
flora-6-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP1InpTBN4AlF/4V8HHumAMLJzeO8DpzjUv9Co/+J09 root@flora-6";
|
flora-6-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP1InpTBN4AlF/4V8HHumAMLJzeO8DpzjUv9Co/+J09 root@flora-6";
|
||||||
|
metronom-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLX6UvvrKALKL0xsNnytLPHryzZF5evUnxAgGokf14i root@metronom";
|
||||||
tankstelle-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJdF6cJKPDiloWiDja1ZtqkXDdXOCHPs10HD+JMzgeU4 root@tankstelle";
|
tankstelle-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJdF6cJKPDiloWiDja1ZtqkXDdXOCHPs10HD+JMzgeU4 root@tankstelle";
|
||||||
|
|
||||||
adminKeys = builtins.foldl' (
|
adminKeys = builtins.foldl' (
|
||||||
|
@ -14,6 +15,8 @@ let
|
||||||
tankstelleKeys = [ tankstelle-host ];
|
tankstelleKeys = [ tankstelle-host ];
|
||||||
|
|
||||||
flora6Keys = [ flora-6-host ];
|
flora6Keys = [ flora-6-host ];
|
||||||
|
|
||||||
|
metronomKeys = [ metronom-host ];
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBB5XaH02a6+TchnyQED2VwaltPgeFCbildbE2h6nF5e root@nachtigall
|
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBB5XaH02a6+TchnyQED2VwaltPgeFCbildbE2h6nF5e root@nachtigall
|
||||||
|
@ -22,6 +25,7 @@ in
|
||||||
"nachtigall-wg-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"nachtigall-wg-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
"tankstelle-wg-private-key.age".publicKeys = tankstelleKeys ++ adminKeys;
|
"tankstelle-wg-private-key.age".publicKeys = tankstelleKeys ++ adminKeys;
|
||||||
"flora6-wg-private-key.age".publicKeys = flora6Keys ++ adminKeys;
|
"flora6-wg-private-key.age".publicKeys = flora6Keys ++ adminKeys;
|
||||||
|
"metronom-wg-private-key.age".publicKeys = metronomKeys ++ adminKeys;
|
||||||
|
|
||||||
"mastodon-secret-key-base.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"mastodon-secret-key-base.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
"mastodon-otp-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"mastodon-otp-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
@ -72,4 +76,7 @@ in
|
||||||
|
|
||||||
"obs-portal-env.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"obs-portal-env.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
"obs-portal-database-env.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"obs-portal-database-env.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
|
||||||
|
# mail
|
||||||
|
"mail/hensoko.age".publicKeys = metronomKeys ++ adminKeys;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue