initial work on mail
This commit is contained in:
parent
941eff6d87
commit
157ddf4ec2
104
flake.lock
104
flake.lock
|
@ -27,6 +27,22 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"blobs": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1604995301,
|
||||
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"repo": "blobs",
|
||||
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
|
||||
"type": "gitlab"
|
||||
},
|
||||
"original": {
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"repo": "blobs",
|
||||
"type": "gitlab"
|
||||
}
|
||||
},
|
||||
"deploy-rs": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
|
@ -128,6 +144,22 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_2": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1668681692,
|
||||
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-parts": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
|
@ -328,6 +360,21 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-23_05": {
|
||||
"locked": {
|
||||
"lastModified": 1704290814,
|
||||
"narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-23.05",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixpkgs-lib": {
|
||||
"locked": {
|
||||
"lastModified": 1714640452,
|
||||
|
@ -340,6 +387,21 @@
|
|||
"url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1705856552,
|
||||
"narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-unstable",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
|
@ -354,10 +416,37 @@
|
|||
"nixos-flake": "nixos-flake",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs-2205": "nixpkgs-2205",
|
||||
"simple-nixos-mailserver": "simple-nixos-mailserver",
|
||||
"triton-vmtools": "triton-vmtools",
|
||||
"unstable": "unstable"
|
||||
}
|
||||
},
|
||||
"simple-nixos-mailserver": {
|
||||
"inputs": {
|
||||
"blobs": "blobs",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"nixpkgs-23_05": "nixpkgs-23_05",
|
||||
"nixpkgs-23_11": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"utils": "utils_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1706219574,
|
||||
"narHash": "sha256-qO+8UErk+bXCq2ybHU4GzXG4Ejk4Tk0rnnTPNyypW4g=",
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"repo": "nixos-mailserver",
|
||||
"rev": "e47f3719f1db3e0961a4358d4cb234a0acaa7baf",
|
||||
"type": "gitlab"
|
||||
},
|
||||
"original": {
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"ref": "nixos-23.11",
|
||||
"repo": "nixos-mailserver",
|
||||
"type": "gitlab"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
|
@ -475,6 +564,21 @@
|
|||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"utils_2": {
|
||||
"locked": {
|
||||
"lastModified": 1605370193,
|
||||
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "5021eac20303a61fafe17224c087f5519baed54d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
|
|
|
@ -38,6 +38,9 @@
|
|||
element-stickers.url = "git+https://git.pub.solar/pub-solar/maunium-stickerpicker-nix?ref=main";
|
||||
element-stickers.inputs.maunium-stickerpicker.follows = "maunium-stickerpicker";
|
||||
element-stickers.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11";
|
||||
simple-nixos-mailserver.inputs.nixpkgs-23_11.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
outputs =
|
||||
|
@ -123,6 +126,10 @@
|
|||
hostname = "10.7.6.2";
|
||||
sshUser = username;
|
||||
};
|
||||
metronom = {
|
||||
hostname = "49.13.236.167";
|
||||
sshUser = username;
|
||||
};
|
||||
tankstelle = {
|
||||
hostname = "80.244.242.5";
|
||||
sshUser = username;
|
||||
|
|
|
@ -59,6 +59,19 @@
|
|||
];
|
||||
};
|
||||
|
||||
metronom = self.nixos-flake.lib.mkLinuxSystem {
|
||||
imports = [
|
||||
self.inputs.agenix.nixosModules.default
|
||||
self.nixosModules.home-manager
|
||||
./metronom
|
||||
self.nixosModules.overlays
|
||||
self.nixosModules.unlock-zfs-on-boot
|
||||
self.nixosModules.core
|
||||
|
||||
self.inputs.simple-nixos-mailserver.nixosModule
|
||||
];
|
||||
};
|
||||
|
||||
tankstelle = self.nixos-flake.lib.mkLinuxSystem {
|
||||
imports = [
|
||||
self.inputs.agenix.nixosModules.default
|
||||
|
|
13
hosts/metronom/backups.nix
Normal file
13
hosts/metronom/backups.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
{ flake, ... }:
|
||||
{
|
||||
age.secrets."restic-repo-droppie" = {
|
||||
file = "${flake.self}/secrets/restic-repo-droppie.age";
|
||||
mode = "400";
|
||||
owner = "root";
|
||||
};
|
||||
age.secrets."restic-repo-storagebox" = {
|
||||
file = "${flake.self}/secrets/restic-repo-storagebox.age";
|
||||
mode = "400";
|
||||
owner = "root";
|
||||
};
|
||||
}
|
34
hosts/metronom/configuration.nix
Normal file
34
hosts/metronom/configuration.nix
Normal file
|
@ -0,0 +1,34 @@
|
|||
{
|
||||
flake,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
{
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.supportedFilesystems = [ "zfs" ];
|
||||
|
||||
boot.kernelParams = [
|
||||
"boot.shell_on_fail=1"
|
||||
"ip=dhcp"
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "igb" ];
|
||||
|
||||
# https://nixos.wiki/wiki/ZFS#declarative_mounting_of_ZFS_datasets
|
||||
systemd.services.zfs-mount.enable = false;
|
||||
|
||||
# Declarative SSH private key
|
||||
#age.secrets."metronom-root-ssh-key" = {
|
||||
# file = "${flake.self}/secrets/metronom-root-ssh-key.age";
|
||||
# path = "/root/.ssh/id_ed25519";
|
||||
# mode = "400";
|
||||
# owner = "root";
|
||||
#};
|
||||
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
# compatible, in order to avoid breaking some software such as database
|
||||
# servers. You should change this only after NixOS release notes say you
|
||||
# should.
|
||||
system.stateVersion = "23.11"; # Did you read the comment?
|
||||
}
|
13
hosts/metronom/default.nix
Normal file
13
hosts/metronom/default.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
{ flake, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
./configuration.nix
|
||||
|
||||
./networking.nix
|
||||
./mail.nix
|
||||
./wireguard.nix
|
||||
#./backups.nix
|
||||
];
|
||||
}
|
48
hosts/metronom/hardware-configuration.nix
Normal file
48
hosts/metronom/hardware-configuration.nix
Normal file
|
@ -0,0 +1,48 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
modulesPath,
|
||||
...
|
||||
}:
|
||||
|
||||
{
|
||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||
|
||||
boot.initrd.availableKernelModules = [
|
||||
"xhci_pci"
|
||||
"virtio_pci"
|
||||
"virtio_scsi"
|
||||
"usbhid"
|
||||
"sr_mod"
|
||||
];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "root_pool/root";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/2083-C68E";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
26
hosts/metronom/mail.nix
Normal file
26
hosts/metronom/mail.nix
Normal file
|
@ -0,0 +1,26 @@
|
|||
{ config, flake, ... }:
|
||||
|
||||
{
|
||||
age.secrets.mail-hensoko.file = "${flake.self}/secrets/mail/hensoko.age";
|
||||
|
||||
mailserver = {
|
||||
enable = true;
|
||||
fqdn = "metronom.pub.solar";
|
||||
domains = [ "pub.solar" ];
|
||||
|
||||
# A list of all login accounts. To create the password hashes, use
|
||||
# nix-shell -p mkpasswd --run 'mkpasswd -R11 -m bcrypt'
|
||||
loginAccounts = {
|
||||
"hensoko@pub.solar" = {
|
||||
hashedPasswordFile = config.age.secrets.mail-hensoko.path;
|
||||
aliases = [ "postmaster@pub.solar" ];
|
||||
};
|
||||
};
|
||||
|
||||
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
||||
# down nginx and opens port 80.
|
||||
certificateScheme = "acme-nginx";
|
||||
};
|
||||
security.acme.acceptTerms = true;
|
||||
security.acme.defaults.email = "security@pub.solar";
|
||||
}
|
19
hosts/metronom/networking.nix
Normal file
19
hosts/metronom/networking.nix
Normal file
|
@ -0,0 +1,19 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
flake,
|
||||
...
|
||||
}:
|
||||
{
|
||||
|
||||
networking.hostName = "metronom";
|
||||
networking.domain = "pub.solar";
|
||||
networking.hostId = "00000002";
|
||||
|
||||
networking.enableIPv6 = true;
|
||||
networking.useDHCP = false;
|
||||
networking.interfaces."enp1s0".useDHCP = true;
|
||||
|
||||
# TODO: ssh via wireguard only
|
||||
services.openssh.openFirewall = true;
|
||||
}
|
54
hosts/metronom/wireguard.nix
Normal file
54
hosts/metronom/wireguard.nix
Normal file
|
@ -0,0 +1,54 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
flake,
|
||||
...
|
||||
}:
|
||||
{
|
||||
networking.firewall.allowedUDPPorts = [ 51820 ];
|
||||
|
||||
age.secrets.wg-private-key.file = "${flake.self}/secrets/metronom-wg-private-key.age";
|
||||
|
||||
networking.wireguard.interfaces = {
|
||||
wg-ssh = {
|
||||
listenPort = 51820;
|
||||
mtu = 1300;
|
||||
ips = [
|
||||
"10.7.6.3/32"
|
||||
"fd00:fae:fae:fae:fae:3::/96"
|
||||
];
|
||||
privateKeyFile = config.age.secrets.wg-private-key.path;
|
||||
peers = flake.self.logins.admins.wireguardDevices ++ [
|
||||
{
|
||||
# flora-6.pub.solar
|
||||
endpoint = "80.71.153.210:51820";
|
||||
publicKey = "jtSR5G2P/nm9s8WrVc26Xc/SQLupRxyXE+5eIeqlsTU=";
|
||||
allowedIPs = [
|
||||
"10.7.6.2/32"
|
||||
"fd00:fae:fae:fae:fae:2::/96"
|
||||
];
|
||||
}
|
||||
{
|
||||
# nachtigall.pub.solar
|
||||
endpoint = "138.201.80.102:51820";
|
||||
publicKey = "qzNywKY9RvqTnDO8eLik75/SHveaSk9OObilDzv+xkk=";
|
||||
allowedIPs = [
|
||||
"10.7.6.1/32"
|
||||
"fd00:fae:fae:fae:fae:1::/96"
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
#services.openssh.listenAddresses = [
|
||||
# {
|
||||
# addr = "10.7.6.3";
|
||||
# port = 22;
|
||||
# }
|
||||
# {
|
||||
# addr = "[fd00:fae:fae:fae:fae:3::]";
|
||||
# port = 22;
|
||||
# }
|
||||
#];
|
||||
}
|
|
@ -8,7 +8,7 @@
|
|||
{ lib, inputs }:
|
||||
let
|
||||
# https://github.com/serokell/deploy-rs#overall-usage
|
||||
system = "x86_64-linux";
|
||||
system = "aarch64-linux";
|
||||
pkgs = import inputs.nixpkgs { inherit system; };
|
||||
deployPkgs = import inputs.nixpkgs {
|
||||
inherit system;
|
||||
|
|
44
secrets/mail/hensoko.age
Normal file
44
secrets/mail/hensoko.age
Normal file
|
@ -0,0 +1,44 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 UE5Ceg F7J2BMCNuOUcZhcbEyXBbFHkOI4sVA0qXbRmCWYNBAE
|
||||
Na/iuNS8cxz0qEiosflBEB9TAF87sQgwBbUl0/fhmZo
|
||||
-> ssh-ed25519 uYcDNw Xd8D3eCNMcXrxlYef4kj1N4CD16b5Xs3pfA/J8RJQDk
|
||||
UoBSRBj4wS1cxnDV37JjW5kBP2XWWo7seJJsU0y0cEA
|
||||
-> ssh-rsa f5THog
|
||||
OxPFa8NRWqy2ShVfYtxqZWfJAmgkYd2xg2E8vNCPoWafo/6hBob7C+4hDiKRZPZa
|
||||
EVLw0wgTe/nlMzBLOO3FlgZ0Ceb/uA2n4nu7st6mjwYQpsmVXwZoap88B2b+GYCs
|
||||
GG4sgybkZ/BrfFgm94TIcC1lr2lMjA6C4xhC9Mphf2iEQf1wjL4N1msOC4gTAW8Q
|
||||
zaH+K+qNEbTXne5Pox9wp6FjApSx33ldqRxOSzcf7RUuL2ew/63fTywW8ZdHcUgm
|
||||
usKqBZX9vyhLdsHzZWSXwetybMfKWs1ry5kU3ekf9EmAAkSiukFxFdr7PON3l+VV
|
||||
+hNFxi7RBKGC2u+ZE2Oh/MdXkKHMIVuJE1yhUJyiirH9/Mj2S6gOpSL7pjXIQdbC
|
||||
RoGoE4fHWtp14Yn5X2YQCeGYPS+y87md9qKlVTzf29u95UjVkN4V8xwquOssWp/P
|
||||
qlBJscmU3cp+U3W4Gzh1k1IwdBQ7B26rUOFEwa2/DI8VsBd/x4WmLQGiIe0VnOIB
|
||||
YCekxeLrl4AAf/XTEc/qNTaXcn3OguMMq6KzyeWMTdKsrcw7/P7j+06SbK+Co57D
|
||||
7zt/h2dDeAEz1eo7yGLu/zd2s2iyEBNxnzvSqvRpYAkcNNI7DvNfdotDYWj0kbuW
|
||||
rKfPKnXOUvf9tKsjbd1BRI563TpcoL3ebnokhBfu+v4
|
||||
-> ssh-rsa kFDS0A
|
||||
k8vywS465lFJyN/RvPMx3OUSl3UG2phrlZ0QY9BL2Gqf79tiSqMrWFCKqeZ8Djg6
|
||||
yDNC8F62IwWSQB030iWQMhQfI3FM9BFepmMpVE3zviyg1WRTNgLl9vdpjLP4FuNi
|
||||
Il5S3T49RmUgAzsPGMs0UWLhEudm9tJOU3tI3XD32tG7mYVrMcimtog8/1zasFf1
|
||||
GE3H3MyBiuawfSu0uMnQ267rxYiGF75bI8Er1nI7zIF55Lw7twHLjN+KOlSed3Vk
|
||||
VU7tNeRKfbircTrfxXo0I6SVPuX21SfBP5RWq4KrO/h4chW36OLxza2eiRvy74lY
|
||||
/MekrH3PgO0q7y+uqeSbiGAcvL1UXeZFFdItv5pKxMC95vpdsEhoywO8Rj6dd+9q
|
||||
iQjmy5RS/HC6uDzbqAl0HQSq1fZXO3UO0fQg5Rv3whpKMBHVMTU/PVimP93oAu4J
|
||||
rXnUUpqpKJqecVDYQT4XSuMDK5Iw+S+7RLxBk6hIYsg0jtywqgwD+zF1S8RHi9kK
|
||||
BEX5mR3NC/B+LdHAzphYQkHuY6UOk5AcgMO5jYCLtVK4vqlvTJPVbTSgdO86rmdy
|
||||
nZXZmi0Uqgz8QEdOgIp0ego8WdqGkZF0aQwMUw11Bi+78Asx5+hy+fUncw0qZndZ
|
||||
04ayMacztVL0cEaQ1AeOf85z0MPOugcVYFvih/XkgjE
|
||||
-> piv-p256 vRzPNw AyKY9szzF5MMfOBUISqtfu4EVk3GWOQ2WSqwgn8tCE9B
|
||||
uoSrnNdzVP1WO3uZflc+Va6cT8y5AfUpm8P3njiSQzo
|
||||
-> piv-p256 zqq/iw Atu7Vk8b6dyNLZcLFtnOkAlYxOMN033PV/bv8O77LORR
|
||||
jbYx5/YXY6LwoFvOfXHHPhTiMOMLwgbENvFzFmGf6ak
|
||||
-> ssh-ed25519 YFSOsg BCuhqDI2VVkG3gk927TjEOLLOQNeURfxVbGodW/Xh2c
|
||||
lUEeZrF5FSC/e6XRxWNQq5B7oC70mKit56AIrWMTKCY
|
||||
-> ssh-ed25519 iHV63A Job9bw0T6OJpmgeizCOyNGqA9YHrcbml8sj+9kadKVw
|
||||
4+pfaDyrgXuj8DKQzMj04nk2KRfobvQ6Z+E7RDOUm24
|
||||
-> ssh-ed25519 BVsyTA 2cN+HWBYc7mSbSEziFpyuDfHs7cbVd5Vdfj7NYNJ6Uk
|
||||
8+APjCiQmu9hoqffuqdJKk09wtk0Ywa3NqeURnP+n+M
|
||||
-> ssh-ed25519 +3V2lQ h+MbnwkJqmQbk2gtkyWvU/8gqJHYIG90lUH3AMENonk
|
||||
wXsXHxzIsP9kSsi3mxmr5oujWL0Grj7y5inECZNSuIk
|
||||
--- hkrqXuu9Lldhr675cyYUX5peiFT2s5ZMjIrOi7oRIyw
|
||||
ê®è( <¾i0þøÃk$bL
|
||||
ø+ë©€¯ï¬]–†úß…ÑÇEÄ¢¦wêíÆÈ »µ¬YÞ†é!0$šiôKÜà0DXæJdBÍÕ¦O.V×S¿‚ºd€Ä8çSƒ©¢
|
43
secrets/metronom-wg-private-key.age
Normal file
43
secrets/metronom-wg-private-key.age
Normal file
|
@ -0,0 +1,43 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 UE5Ceg 1YUuuRDXFkGG2ZNYrRUro+Bx2GNGVTTCha+P9+T46DE
|
||||
gTxW/j5xNSxjSq5wze7fhNJm1SB5/YEizO65jG4Q9Tw
|
||||
-> ssh-ed25519 uYcDNw 7lGPy/ykR0Vnye8NYSBKcTRR2UzJ0lw2EXY6d/5gBjQ
|
||||
SHbqjmcN4TNzFbQb3AgHgzzm8Yhr0LHSFQHXMLyTDVM
|
||||
-> ssh-rsa f5THog
|
||||
IKJVe3MhHIFyivBHwYuf+COke576b1h0ARtu44ycuLSS71C2kteigviIwstXz97M
|
||||
GIHz9+aC0xJCa/gZ4WWZ5t5qO4XSmkIYCHPsV5UhjCEj6AAL27rP5oqXZKCTvPV6
|
||||
7bEw4dNJmVyjAGYP0h4M+HaAFwe8nlKO291lyJ3NoyZcMR+KjEFiBK22W0oEqvS6
|
||||
tvh3GgPp1iiHUvhF5uSUTxOqu30S7ogY1jtPLxQvEEJZwbXdCKZ/0BltfRGqKUWu
|
||||
DKBcKERUeEa+fSYRtxZqd0GGGOi0Xq3UKjTSmt5w58cBkrntbQeRTNYfnvvqXJJ7
|
||||
a0uRylsK2vnMjLXjlZryvL3ug+Ylpup/BuIMwzwpNEjasCqQt97v066Ho0qB0uej
|
||||
rwslyXSjwlOsvblf6UovUzQ3GIG17X9POOavsW6md7wxZFCNtioo+qb7fegKK5Tr
|
||||
W/H5GoB7g79pCbBUCMJP6MgPpMUVGH+5jDkWAQbik4lTH9ehD4Wu9V2hnyBub6fW
|
||||
CjEtrWzpwH+yHFkm7R5IjI8DWoE4CWsb8KI+GUgr2R3AjdNuXINbJy+ya+wpuMLh
|
||||
d5Q5tQbteQ2uBKJxXRrR8nNiiLqtQvRYsyF5G+BdXmAqAB0cBuH8yMmjUKju5tH9
|
||||
lSmdqUScCcVY11T6Hccath065f8Jtvwj3nJE9f2iPfo
|
||||
-> ssh-rsa kFDS0A
|
||||
RVoy79ijvAmU9XlEsbmiOOWUfenL+hITb6tXELUGjZjYIg+JPDneg7m1plUnRpBM
|
||||
sfLrTSzOLisWfct5rbXWb4QbNnD7biX0/uAPk8Jk3tmUfJsM1oLmNaRGGgo7RkFh
|
||||
J28PG0n5+eumauoS0Yf11GIgWUpC8FeVJMrNM5r4yV65EJEyyjRxFHjIGl5Jh6Rq
|
||||
bkJWpDsuFb2eb2BdZACV/M/aDYn+XGJW0oozNW91rryrQfsAHc3GzKoX2HtqNxua
|
||||
3Z348+NTS7jCKKhEwwNwibgTSz1PT2ynyaXi2N60KZ8IDc1xwtn1Ybj2/S1no64h
|
||||
P1GCjzKmwizgINoWQ8LYQ3nHxRXQjFdS4X63YUSXKcZ2TKMNydlB3IGL9N+xKflo
|
||||
w5EMqFTuHInpyOfz73WDg2LKuzlWabjn8KIlx2bYG8Etn5alSX+oQGD5zTUkDt4p
|
||||
/J3b8kLCdRSfVxwBudftXnk8CDg5gzM7LD0NOQ8/VK8lyTVE1dCCty1NUcM0o4mc
|
||||
VgdlcJn9ISZSd3UAt6BDUHEMYdxktJnlPr8Gsw1iDU44Gu2fPUY2OpmAnIz6FshR
|
||||
KkSThN08FL2EgEO99fbJ/8NiD+bml5duUNJQnjlQ8NC9w1S/4ADXpHSrJARQY0pn
|
||||
DfTvCz2CJnPqojb2vDb0knqvhPNLu1lmtrlyqMygmLg
|
||||
-> piv-p256 vRzPNw AlRMMj08FZgVJAcUdKDVtQzrrZWqOah1fq0xeLFOFYh/
|
||||
fySXnGSZYyKOX75bwaByIAqaiatXpFF4zsuE7JEH//c
|
||||
-> piv-p256 zqq/iw A7dI4n0fDq3z6OG/iuU8z4euPvx77lJJC9OlZG/RMPRc
|
||||
waoyEH8qBDeUmCugy7ZnMj6tgLx/1+slhJTAJ4uXMNQ
|
||||
-> ssh-ed25519 YFSOsg 99jNRmoZlrfV1ytKu8Pj41vBTNHED3dG99mjWnYe9Ec
|
||||
p+Q3Dik27t8LRb5Mr17EzVwxdSQIZBeO+ezJVvFqg00
|
||||
-> ssh-ed25519 iHV63A 1V4hJI/P7TkMWDbZb0NMdCSULS8XddPl6gGvc1gJ91I
|
||||
CKzsgmbASOGWYRFSyYBvY90HrmLfQNKcrTPLvf5m0es
|
||||
-> ssh-ed25519 BVsyTA tJu2Y42CtsqGMLf5VObT+nEMYHyujU2nmJQfWOTZsg8
|
||||
MGxxNMPHyRNRDVurqovUkptzqfsemX9mCLSLu0RL7b4
|
||||
-> ssh-ed25519 +3V2lQ vHPgK6xOUrH/1fqjkw2rhg10O0izPSTPX7b02v7J22A
|
||||
A/V11elKo6YNiFHYMQrWBnUTsaz21MNH9jcY78dTlmU
|
||||
--- QV+btlc1pzitb681enVVR/tT/kwE3s2sV1qB7yYJ/3Q
|
||||
Y¥DgIx,ìµ´âÙËœ!à¢ptë m•ŠÂòä"$ú•‚™€¿¦aZTÔ4'Äû`õejüÊúKøAÕ£t×WÚS÷&){i–_íSŽ
|
|
@ -3,6 +3,7 @@ let
|
|||
|
||||
nachtigall-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7G0ufi+MNvaAZLDgpieHrABPGN7e/kD5kMFwSk4ABj root@nachtigall";
|
||||
flora-6-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP1InpTBN4AlF/4V8HHumAMLJzeO8DpzjUv9Co/+J09 root@flora-6";
|
||||
metronom-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLX6UvvrKALKL0xsNnytLPHryzZF5evUnxAgGokf14i root@metronom";
|
||||
tankstelle-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJdF6cJKPDiloWiDja1ZtqkXDdXOCHPs10HD+JMzgeU4 root@tankstelle";
|
||||
|
||||
adminKeys = builtins.foldl' (
|
||||
|
@ -14,6 +15,8 @@ let
|
|||
tankstelleKeys = [ tankstelle-host ];
|
||||
|
||||
flora6Keys = [ flora-6-host ];
|
||||
|
||||
metronomKeys = [ metronom-host ];
|
||||
in
|
||||
{
|
||||
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBB5XaH02a6+TchnyQED2VwaltPgeFCbildbE2h6nF5e root@nachtigall
|
||||
|
@ -22,6 +25,7 @@ in
|
|||
"nachtigall-wg-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||
"tankstelle-wg-private-key.age".publicKeys = tankstelleKeys ++ adminKeys;
|
||||
"flora6-wg-private-key.age".publicKeys = flora6Keys ++ adminKeys;
|
||||
"metronom-wg-private-key.age".publicKeys = metronomKeys ++ adminKeys;
|
||||
|
||||
"mastodon-secret-key-base.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||
"mastodon-otp-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||
|
@ -72,4 +76,7 @@ in
|
|||
|
||||
"obs-portal-env.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||
"obs-portal-database-env.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||
|
||||
# mail
|
||||
"mail/hensoko.age".publicKeys = metronomKeys ++ adminKeys;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue