infra/secrets/secrets.nix

let
  admins = import ../logins/admins.nix;

  nachtigall-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7G0ufi+MNvaAZLDgpieHrABPGN7e/kD5kMFwSk4ABj root@nachtigall";
  metronom-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLX6UvvrKALKL0xsNnytLPHryzZF5evUnxAgGokf14i root@metronom";
  tankstelle-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJdF6cJKPDiloWiDja1ZtqkXDdXOCHPs10HD+JMzgeU4 root@tankstelle";
  trinkgenossin-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZXRDpom/LtyoCxvRuoONARKxIT6wNUwEyUjzHRE7DG root@trinkgenossin";
  delite-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAKo7zlfQhcJ5/okFTOoOstZtmEL1iNlHxQ4q2baEcWT root@delite";
  blue-shell-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP9g9X0a/MaVtbh44IeLxcq+McuYec0GYAdLsseBpk5f root@blue-shell";
  underground-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGF3PtA89yhVkmN7aJI6gqXK8DW9L7kI71IgiK4TAEwI root@underground";

  adminKeys = builtins.foldl' (
    keys: login: keys ++ (builtins.attrValues login.secretEncryptionKeys)
  ) [ ] (builtins.attrValues admins);

  nachtigallKeys = [ nachtigall-host ];

  tankstelleKeys = [ tankstelle-host ];

  metronomKeys = [ metronom-host ];

  trinkgenossinKeys = [ trinkgenossin-host ];

  deliteKeys = [ delite-host ];

  blueshellKeys = [ blue-shell-host ];

  undergroundKeys = [ underground-host ];

  garageKeys = [
    trinkgenossin-host
    delite-host
    blue-shell-host
  ];
in
{
  # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBB5XaH02a6+TchnyQED2VwaltPgeFCbildbE2h6nF5e root@nachtigall
  "nachtigall-root-ssh-key.age".publicKeys = nachtigallKeys ++ adminKeys;
  # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDeKXqbhNzbXk15h2k8wGBByxMDCC6HE1/fwa4j6ECu root@metronom
  "metronom-root-ssh-key.age".publicKeys = metronomKeys ++ adminKeys;

  "nachtigall-wg-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;
  "tankstelle-wg-private-key.age".publicKeys = tankstelleKeys ++ adminKeys;
  "metronom-wg-private-key.age".publicKeys = metronomKeys ++ adminKeys;
  "trinkgenossin-wg-private-key.age".publicKeys = trinkgenossinKeys ++ adminKeys;
  "delite-wg-private-key.age".publicKeys = deliteKeys ++ adminKeys;
  "blue-shell-wg-private-key.age".publicKeys = blueshellKeys ++ adminKeys;

  "mastodon-active-record-encryption-deterministic-key.age".publicKeys = nachtigallKeys ++ adminKeys;
  "mastodon-active-record-encryption-key-derivation-salt.age".publicKeys =
    nachtigallKeys ++ adminKeys;
  "mastodon-active-record-encryption-primary-key.age".publicKeys = nachtigallKeys ++ adminKeys;
  "mastodon-secret-key-base.age".publicKeys = nachtigallKeys ++ adminKeys;
  "mastodon-otp-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
  "mastodon-vapid-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;
  "mastodon-vapid-public-key.age".publicKeys = nachtigallKeys ++ adminKeys;
  "mastodon-smtp-password.age".publicKeys = nachtigallKeys ++ adminKeys;
  "mastodon-extra-env-secrets.age".publicKeys = nachtigallKeys ++ adminKeys;

  "keycloak-database-password.age".publicKeys = nachtigallKeys ++ adminKeys;

  "tankstelle-forgejo-actions-runner-token.age".publicKeys = tankstelleKeys ++ adminKeys;
  "forgejo-database-password.age".publicKeys = nachtigallKeys ++ adminKeys;
  "forgejo-mailer-password.age".publicKeys = nachtigallKeys ++ adminKeys;
  "forgejo-ssh-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;

  "matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ adminKeys;
  "matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ adminKeys;
  "matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ adminKeys;
  "matrix-synapse-sliding-sync-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
  "matrix-authentication-service-secret-config.yml.age".publicKeys = nachtigallKeys ++ adminKeys;

  "staging-matrix-synapse-secret-config.yaml.age".publicKeys = undergroundKeys ++ adminKeys;
  "staging-matrix-authentication-service-secret-config.yml.age".publicKeys =
    undergroundKeys ++ adminKeys;

  "nextcloud-secrets.age".publicKeys = nachtigallKeys ++ adminKeys;
  "nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ adminKeys;

  "searx-environment.age".publicKeys = nachtigallKeys ++ adminKeys;

  "restic-repo-garage-metronom.age".publicKeys = metronomKeys ++ adminKeys;
  "restic-repo-garage-metronom-env.age".publicKeys = metronomKeys ++ adminKeys;
  "restic-repo-droppie.age".publicKeys = nachtigallKeys ++ adminKeys;
  "restic-repo-storagebox-nachtigall.age".publicKeys = nachtigallKeys ++ adminKeys;
  "restic-repo-storagebox-metronom.age".publicKeys = metronomKeys ++ adminKeys;
  "restic-repo-garage-nachtigall.age".publicKeys = nachtigallKeys ++ adminKeys;
  "restic-repo-garage-nachtigall-env.age".publicKeys = nachtigallKeys ++ adminKeys;

  "mediawiki-database-password.age".publicKeys = nachtigallKeys ++ adminKeys;
  "mediawiki-admin-password.age".publicKeys = nachtigallKeys ++ adminKeys;
  "mediawiki-oidc-client-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
  "mediawiki-secret-key.age".publicKeys = nachtigallKeys ++ adminKeys;

  "coturn-static-auth-secret.age".publicKeys = nachtigallKeys ++ adminKeys;

  "grafana-admin-password.age".publicKeys = trinkgenossinKeys ++ adminKeys;
  "grafana-keycloak-client-secret.age".publicKeys = trinkgenossinKeys ++ adminKeys;
  "grafana-smtp-password.age".publicKeys = trinkgenossinKeys ++ adminKeys;

  "alertmanager-envfile.age".publicKeys = trinkgenossinKeys ++ adminKeys;

  "obs-portal-env.age".publicKeys = nachtigallKeys ++ adminKeys;
  "obs-portal-database-env.age".publicKeys = nachtigallKeys ++ adminKeys;

  "tt-rss-feed-crypt-key.age".publicKeys = nachtigallKeys ++ adminKeys;
  "tt-rss-keycloak-client-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
  "tt-rss-smtp-password.age".publicKeys = nachtigallKeys ++ adminKeys;
  "tt-rss-database-password.age".publicKeys = nachtigallKeys ++ adminKeys;

  # mail
  "mail/hensoko.age".publicKeys = metronomKeys ++ adminKeys;
  "mail/teutat3s.age".publicKeys = metronomKeys ++ adminKeys;
  "mail/admins.age".publicKeys = metronomKeys ++ adminKeys;
  "mail/bot.age".publicKeys = metronomKeys ++ adminKeys;
  "mail/crew.age".publicKeys = metronomKeys ++ adminKeys;
  "mail/erpnext.age".publicKeys = metronomKeys ++ adminKeys;
  "mail/hakkonaut.age".publicKeys = metronomKeys ++ adminKeys;

  # garage
  "garage-rpc-secret.age".publicKeys = garageKeys ++ adminKeys;
  "garage-admin-token.age".publicKeys = garageKeys ++ adminKeys;

  "acme-namecheap-env.age".publicKeys = garageKeys ++ adminKeys;
}
Merge pull request 'feature/pub-solar-website' (#20) from feature/pub-solar-website into main Reviewed-on: https://git.pub.solar/pub-solar/infra-new/pulls/20 2023-10-28 16:45:30 +02:00			`let`
wireguard: initial commit 2024-04-03 20:54:40 +02:00			`admins = import ../logins/admins.nix;`
Merge pull request 'feature/pub-solar-website' (#20) from feature/pub-solar-website into main Reviewed-on: https://git.pub.solar/pub-solar/infra-new/pulls/20 2023-10-28 16:45:30 +02:00
			`nachtigall-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7G0ufi+MNvaAZLDgpieHrABPGN7e/kD5kMFwSk4ABj root@nachtigall";`
initial work on mail 2024-05-22 21:49:34 +02:00			`metronom-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLX6UvvrKALKL0xsNnytLPHryzZF5evUnxAgGokf14i root@metronom";`
ci: add self-hosted forgejo-actions-runner wip: add git.pub.solar to /etc/hosts ci: add devshell with Node.js for forgejo actions ci: add PATH ci: add HOME 2024-05-29 17:45:23 +02:00			`tankstelle-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJdF6cJKPDiloWiDja1ZtqkXDdXOCHPs10HD+JMzgeU4 root@tankstelle";`
garage: init module 2024-08-24 03:05:16 +02:00			`trinkgenossin-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZXRDpom/LtyoCxvRuoONARKxIT6wNUwEyUjzHRE7DG root@trinkgenossin";`
			`delite-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAKo7zlfQhcJ5/okFTOoOstZtmEL1iNlHxQ4q2baEcWT root@delite";`
			`blue-shell-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP9g9X0a/MaVtbh44IeLxcq+McuYec0GYAdLsseBpk5f root@blue-shell";`
matrix-authentication-service: init host underground to test mas, related to #242 2024-10-26 02:03:31 +02:00			`underground-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGF3PtA89yhVkmN7aJI6gqXK8DW9L7kI71IgiK4TAEwI root@underground";`
Merge pull request 'feature/pub-solar-website' (#20) from feature/pub-solar-website into main Reviewed-on: https://git.pub.solar/pub-solar/infra-new/pulls/20 2023-10-28 16:45:30 +02:00
wireguard: initial commit 2024-04-03 20:54:40 +02:00			`adminKeys = builtins.foldl' (`
			`keys: login: keys ++ (builtins.attrValues login.secretEncryptionKeys)`
			`) [ ] (builtins.attrValues admins);`
Merge pull request 'feature/pub-solar-website' (#20) from feature/pub-solar-website into main Reviewed-on: https://git.pub.solar/pub-solar/infra-new/pulls/20 2023-10-28 16:45:30 +02:00
			`nachtigallKeys = [ nachtigall-host ];`
secrets: add drone, forgejo-actions-runner secrets and rekey 2023-11-06 21:28:37 +01:00
ci: add self-hosted forgejo-actions-runner wip: add git.pub.solar to /etc/hosts ci: add devshell with Node.js for forgejo actions ci: add PATH ci: add HOME 2024-05-29 17:45:23 +02:00			`tankstelleKeys = [ tankstelle-host ];`

initial work on mail 2024-05-22 21:49:34 +02:00			`metronomKeys = [ metronom-host ];`
garage: init module 2024-08-24 03:05:16 +02:00
wireguard: add trinkgenossin, delite, blue-shell 2024-08-25 00:13:53 +02:00			`trinkgenossinKeys = [ trinkgenossin-host ];`

			`deliteKeys = [ delite-host ];`

			`blueshellKeys = [ blue-shell-host ];`

matrix-authentication-service: init host underground to test mas, related to #242 2024-10-26 02:03:31 +02:00			`undergroundKeys = [ underground-host ];`

style: format using nixfmt-rfc-style 2024-08-24 17:39:49 +02:00			`garageKeys = [`
			`trinkgenossin-host`
			`delite-host`
			`blue-shell-host`
			`];`
Merge pull request 'feature/pub-solar-website' (#20) from feature/pub-solar-website into main Reviewed-on: https://git.pub.solar/pub-solar/infra-new/pulls/20 2023-10-28 16:45:30 +02:00			`in`
			`{`
feat: add declarative root ssh key on nachtigall 2023-11-05 19:35:37 +01:00			`# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBB5XaH02a6+TchnyQED2VwaltPgeFCbildbE2h6nF5e root@nachtigall`
wireguard: initial commit 2024-04-03 20:54:40 +02:00			`"nachtigall-root-ssh-key.age".publicKeys = nachtigallKeys ++ adminKeys;`
mail: add backups to garage bucket + storagebox Restic backups to garage S3 bucket metronom-backups 2024-08-25 03:45:53 +02:00			`# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDeKXqbhNzbXk15h2k8wGBByxMDCC6HE1/fwa4j6ECu root@metronom`
			`"metronom-root-ssh-key.age".publicKeys = metronomKeys ++ adminKeys;`
wireguard: initial commit 2024-04-03 20:54:40 +02:00
			`"nachtigall-wg-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;`
tankstelle: configure wireguard 2024-05-30 19:17:21 +02:00			`"tankstelle-wg-private-key.age".publicKeys = tankstelleKeys ++ adminKeys;`
initial work on mail 2024-05-22 21:49:34 +02:00			`"metronom-wg-private-key.age".publicKeys = metronomKeys ++ adminKeys;`
wireguard: add trinkgenossin, delite, blue-shell 2024-08-25 00:13:53 +02:00			`"trinkgenossin-wg-private-key.age".publicKeys = trinkgenossinKeys ++ adminKeys;`
			`"delite-wg-private-key.age".publicKeys = deliteKeys ++ adminKeys;`
			`"blue-shell-wg-private-key.age".publicKeys = blueshellKeys ++ adminKeys;`
feat: add declarative root ssh key on nachtigall 2023-11-05 19:35:37 +01:00
mastodon: update to version 4.3.0 from nixos-unstable https://github.com/mastodon/mastodon/releases/tag/v4.3.0 https://github.com/NixOS/nixpkgs/pull/337545/files 2024-10-15 23:16:34 +02:00			`"mastodon-active-record-encryption-deterministic-key.age".publicKeys = nachtigallKeys ++ adminKeys;`
style: fix formatting 2024-10-16 11:37:10 +02:00			`"mastodon-active-record-encryption-key-derivation-salt.age".publicKeys =`
			`nachtigallKeys ++ adminKeys;`
mastodon: update to version 4.3.0 from nixos-unstable https://github.com/mastodon/mastodon/releases/tag/v4.3.0 https://github.com/NixOS/nixpkgs/pull/337545/files 2024-10-15 23:16:34 +02:00			`"mastodon-active-record-encryption-primary-key.age".publicKeys = nachtigallKeys ++ adminKeys;`
wireguard: initial commit 2024-04-03 20:54:40 +02:00			`"mastodon-secret-key-base.age".publicKeys = nachtigallKeys ++ adminKeys;`
			`"mastodon-otp-secret.age".publicKeys = nachtigallKeys ++ adminKeys;`
			`"mastodon-vapid-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;`
			`"mastodon-vapid-public-key.age".publicKeys = nachtigallKeys ++ adminKeys;`
			`"mastodon-smtp-password.age".publicKeys = nachtigallKeys ++ adminKeys;`
			`"mastodon-extra-env-secrets.age".publicKeys = nachtigallKeys ++ adminKeys;`
feat: add keycloak secrets and virtualhost 2023-10-28 21:28:01 +02:00
wireguard: initial commit 2024-04-03 20:54:40 +02:00			`"keycloak-database-password.age".publicKeys = nachtigallKeys ++ adminKeys;`
feat: add forgejo 2023-10-28 21:46:18 +02:00
ci: add self-hosted forgejo-actions-runner wip: add git.pub.solar to /etc/hosts ci: add devshell with Node.js for forgejo actions ci: add PATH ci: add HOME 2024-05-29 17:45:23 +02:00			`"tankstelle-forgejo-actions-runner-token.age".publicKeys = tankstelleKeys ++ adminKeys;`
wireguard: initial commit 2024-04-03 20:54:40 +02:00			`"forgejo-database-password.age".publicKeys = nachtigallKeys ++ adminKeys;`
			`"forgejo-mailer-password.age".publicKeys = nachtigallKeys ++ adminKeys;`
forgejo: make SSH keys declarative 2024-04-05 19:14:10 +02:00			`"forgejo-ssh-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;`
nachtigall: Configure matrix-synapse with telegram integration 2023-10-28 02:21:34 +02:00
wireguard: initial commit 2024-04-03 20:54:40 +02:00			`"matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ adminKeys;`
modules/matrix: rename secrets to not include hostnames 2024-10-30 17:14:47 +01:00			`"matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ adminKeys;`
			`"matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ adminKeys;`
			`"matrix-synapse-sliding-sync-secret.age".publicKeys = nachtigallKeys ++ adminKeys;`
mas: move to module, add secrets for prod 2024-10-30 17:57:33 +01:00			`"matrix-authentication-service-secret-config.yml.age".publicKeys = nachtigallKeys ++ adminKeys;`
matrix-authentication-service: init host underground to test mas, related to #242 2024-10-26 02:03:31 +02:00
modules/matrix: rename secrets to not include hostnames 2024-10-30 17:14:47 +01:00			`"staging-matrix-synapse-secret-config.yaml.age".publicKeys = undergroundKeys ++ adminKeys;`
			`"staging-matrix-authentication-service-secret-config.yml.age".publicKeys =`
style: fix formatting 2024-10-27 17:28:20 +01:00			`undergroundKeys ++ adminKeys;`
feat: add nextcloud secrets 2023-10-28 18:53:02 +02:00
wireguard: initial commit 2024-04-03 20:54:40 +02:00			`"nextcloud-secrets.age".publicKeys = nachtigallKeys ++ adminKeys;`
			`"nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ adminKeys;`
fix: add searx secret key 2023-10-29 15:38:44 +01:00
wireguard: initial commit 2024-04-03 20:54:40 +02:00			`"searx-environment.age".publicKeys = nachtigallKeys ++ adminKeys;`
feat: droppie backups for all nachtigall services 2023-11-05 22:54:09 +01:00
mail: add backups to garage bucket + storagebox Restic backups to garage S3 bucket metronom-backups 2024-08-25 03:45:53 +02:00			`"restic-repo-garage-metronom.age".publicKeys = metronomKeys ++ adminKeys;`
			`"restic-repo-garage-metronom-env.age".publicKeys = metronomKeys ++ adminKeys;`
wireguard: initial commit 2024-04-03 20:54:40 +02:00			`"restic-repo-droppie.age".publicKeys = nachtigallKeys ++ adminKeys;`
secrets: rename restic-repo-storagebox{,-nachtigall} To use a restic repository per host 2024-08-29 16:22:58 +02:00			`"restic-repo-storagebox-nachtigall.age".publicKeys = nachtigallKeys ++ adminKeys;`
mail: add backups to garage bucket + storagebox Restic backups to garage S3 bucket metronom-backups 2024-08-25 03:45:53 +02:00			`"restic-repo-storagebox-metronom.age".publicKeys = metronomKeys ++ adminKeys;`
mediawiki: add backups to garage bucket + storagebox Restic backups to garage S3 bucket nachtigall-backups https://garagehq.deuxfleurs.fr/documentation/connect/backup/#restic 2024-08-28 17:10:17 +02:00			`"restic-repo-garage-nachtigall.age".publicKeys = nachtigallKeys ++ adminKeys;`
			`"restic-repo-garage-nachtigall-env.age".publicKeys = nachtigallKeys ++ adminKeys;`
secrets: add drone, forgejo-actions-runner secrets and rekey 2023-11-06 21:28:37 +01:00
wireguard: initial commit 2024-04-03 20:54:40 +02:00			`"mediawiki-database-password.age".publicKeys = nachtigallKeys ++ adminKeys;`
			`"mediawiki-admin-password.age".publicKeys = nachtigallKeys ++ adminKeys;`
			`"mediawiki-oidc-client-secret.age".publicKeys = nachtigallKeys ++ adminKeys;`
			`"mediawiki-secret-key.age".publicKeys = nachtigallKeys ++ adminKeys;`
nachtigall: Deploy coturn and configure matrix to use it 2023-11-19 17:22:09 +01:00
coturn: fix secret path this is fallout that was overlooked in #250 2024-11-13 21:25:12 +01:00			`"coturn-static-auth-secret.age".publicKeys = nachtigallKeys ++ adminKeys;`
feat(flora-6): init grafana + prometheus on grafana.pub.solar 2023-12-03 14:19:30 +01:00
flora-6: remove This commit removes the flora-6 host. All services are moved to trinkgenossin, with the drone service being removed completely in favour of forgejo actions. 2024-09-09 17:22:57 +02:00			`"grafana-admin-password.age".publicKeys = trinkgenossinKeys ++ adminKeys;`
			`"grafana-keycloak-client-secret.age".publicKeys = trinkgenossinKeys ++ adminKeys;`
			`"grafana-smtp-password.age".publicKeys = trinkgenossinKeys ++ adminKeys;`
feat(prometheus): add node-exporter to nachtigall, protect endpoint https://nachtigall.pub.solar/metrics with TLS and basic auth 2023-12-06 19:11:45 +01:00
flora-6: remove This commit removes the flora-6 host. All services are moved to trinkgenossin, with the drone service being removed completely in favour of forgejo actions. 2024-09-09 17:22:57 +02:00			`"alertmanager-envfile.age".publicKeys = trinkgenossinKeys ++ adminKeys;`
obs-portal: init obs-portal on nachtigall This follows the official installation instructions at https://github.com/openbikesensor/portal/blob/main/docs/production-deployment.md Unfortunately, the postgres database needs to have postgis enabled, so we'll have to start a second instance. To stay close to the official deployment instructions, this is running in docker. The secrets were taken from the old installation instance. During initial installation, we'll need to import data from the old instance into this one, which might take a while. 2024-02-22 19:20:24 +01:00
			`"obs-portal-env.age".publicKeys = nachtigallKeys ++ adminKeys;`
			`"obs-portal-database-env.age".publicKeys = nachtigallKeys ++ adminKeys;`
initial work on mail 2024-05-22 21:49:34 +02:00
secrets: rekey for nachtigalls tt-rss secrets 2024-07-17 18:49:36 +02:00			`"tt-rss-feed-crypt-key.age".publicKeys = nachtigallKeys ++ adminKeys;`
			`"tt-rss-keycloak-client-secret.age".publicKeys = nachtigallKeys ++ adminKeys;`
			`"tt-rss-smtp-password.age".publicKeys = nachtigallKeys ++ adminKeys;`
			`"tt-rss-database-password.age".publicKeys = nachtigallKeys ++ adminKeys;`
tt-rss: add pub.solar specific configuration 2024-07-17 13:12:57 +02:00
initial work on mail 2024-05-22 21:49:34 +02:00			`# mail`
			`"mail/hensoko.age".publicKeys = metronomKeys ++ adminKeys;`
mail: add more @pub.solar mail accounts 2024-05-25 17:24:42 +02:00			`"mail/teutat3s.age".publicKeys = metronomKeys ++ adminKeys;`
			`"mail/admins.age".publicKeys = metronomKeys ++ adminKeys;`
			`"mail/bot.age".publicKeys = metronomKeys ++ adminKeys;`
			`"mail/crew.age".publicKeys = metronomKeys ++ adminKeys;`
			`"mail/erpnext.age".publicKeys = metronomKeys ++ adminKeys;`
			`"mail/hakkonaut.age".publicKeys = metronomKeys ++ adminKeys;`
garage: init module 2024-08-24 03:05:16 +02:00
			`# garage`
			`"garage-rpc-secret.age".publicKeys = garageKeys ++ adminKeys;`
			`"garage-admin-token.age".publicKeys = garageKeys ++ adminKeys;`
garage: init buckets.pub.solar, use nginx as reverse proxy https://garagehq.deuxfleurs.fr/documentation/cookbook/reverse-proxy/ 2024-08-24 21:48:48 +02:00
			`"acme-namecheap-env.age".publicKeys = garageKeys ++ adminKeys;`
Merge pull request 'feature/pub-solar-website' (#20) from feature/pub-solar-website into main Reviewed-on: https://git.pub.solar/pub-solar/infra-new/pulls/20 2023-10-28 16:45:30 +02:00			`}`