Merge pull request 'feat: mastodon + agenix secrets' (#13) from feat-mastodon into main
Reviewed-on: pub-solar/infra-new#13 Reviewed-by: hensoko <hensoko@gssws.de> Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
This commit is contained in:
commit
f804de372c
17
flake.lock
17
flake.lock
|
@ -150,6 +150,22 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"mastodon-fork": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1698490885,
|
||||||
|
"narHash": "sha256-Ic2YgJ7vlAoiihho4pJgHewIubIZQpv1L8ePRB1wfG4=",
|
||||||
|
"owner": "teutat3s",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "534d90c65614f05e543fd11b3f4acd748704a625",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "teutat3s",
|
||||||
|
"ref": "mastodon-4.2.1",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nix-darwin": {
|
"nix-darwin": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
@ -226,6 +242,7 @@
|
||||||
"deploy-rs": "deploy-rs",
|
"deploy-rs": "deploy-rs",
|
||||||
"flake-parts": "flake-parts",
|
"flake-parts": "flake-parts",
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager",
|
||||||
|
"mastodon-fork": "mastodon-fork",
|
||||||
"nix-darwin": "nix-darwin",
|
"nix-darwin": "nix-darwin",
|
||||||
"nixos-flake": "nixos-flake",
|
"nixos-flake": "nixos-flake",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
# Track channels with commits tested and built by hydra
|
# Track channels with commits tested and built by hydra
|
||||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
|
||||||
unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||||
|
mastodon-fork.url = "github:teutat3s/nixpkgs/mastodon-4.2.1";
|
||||||
|
|
||||||
nix-darwin.url = "github:lnl7/nix-darwin/master";
|
nix-darwin.url = "github:lnl7/nix-darwin/master";
|
||||||
nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
|
nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
@ -34,6 +35,7 @@
|
||||||
# ./terraform.nix
|
# ./terraform.nix
|
||||||
./public-keys
|
./public-keys
|
||||||
./lib
|
./lib
|
||||||
|
./overlays
|
||||||
];
|
];
|
||||||
|
|
||||||
perSystem = { system, pkgs, config, ... }: {
|
perSystem = { system, pkgs, config, ... }: {
|
||||||
|
@ -79,6 +81,7 @@
|
||||||
self.pub-solar.lib.linux.unlockZFSOnBoot
|
self.pub-solar.lib.linux.unlockZFSOnBoot
|
||||||
self.nixosModules.home-manager
|
self.nixosModules.home-manager
|
||||||
self.nixosModules.linux
|
self.nixosModules.linux
|
||||||
|
self.nixosModules.overlays
|
||||||
inputs.agenix.nixosModules.default
|
inputs.agenix.nixosModules.default
|
||||||
{
|
{
|
||||||
home-manager.users.${username} = {
|
home-manager.users.${username} = {
|
||||||
|
|
94
hosts/nachtigall/apps/mastodon.nix
Normal file
94
hosts/nachtigall/apps/mastodon.nix
Normal file
|
@ -0,0 +1,94 @@
|
||||||
|
{ config, pkgs, flake, inputs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
age.secrets."mastodon-secret-key-base" = {
|
||||||
|
file = "${flake.self}/secrets/mastodon-secret-key-base.age";
|
||||||
|
mode = "400";
|
||||||
|
owner = config.services.mastodon.user;
|
||||||
|
};
|
||||||
|
age.secrets."mastodon-otp-secret" = {
|
||||||
|
file = "${flake.self}/secrets/mastodon-otp-secret.age";
|
||||||
|
mode = "400";
|
||||||
|
owner = config.services.mastodon.user;
|
||||||
|
};
|
||||||
|
age.secrets."mastodon-vapid-private-key" = {
|
||||||
|
file = "${flake.self}/secrets/mastodon-vapid-private-key.age";
|
||||||
|
mode = "400";
|
||||||
|
owner = config.services.mastodon.user;
|
||||||
|
};
|
||||||
|
age.secrets."mastodon-vapid-public-key" = {
|
||||||
|
file = "${flake.self}/secrets/mastodon-vapid-public-key.age";
|
||||||
|
mode = "400";
|
||||||
|
owner = config.services.mastodon.user;
|
||||||
|
};
|
||||||
|
age.secrets."mastodon-smtp-password" = {
|
||||||
|
file = "${flake.self}/secrets/mastodon-smtp-password.age";
|
||||||
|
mode = "400";
|
||||||
|
owner = config.services.mastodon.user;
|
||||||
|
};
|
||||||
|
age.secrets."mastodon-extra-env-secrets" = {
|
||||||
|
file = "${flake.self}/secrets/mastodon-extra-env-secrets.age";
|
||||||
|
mode = "400";
|
||||||
|
owner = config.services.mastodon.user;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.mastodon = {
|
||||||
|
enable = true;
|
||||||
|
# Different from WEB_DOMAIN in our case
|
||||||
|
localDomain = "pub.solar";
|
||||||
|
configureNginx = true;
|
||||||
|
enableUnixSocket = true;
|
||||||
|
# Processes used by the mastodon-streaming service. Defaults to the number
|
||||||
|
# of CPU cores minus one
|
||||||
|
# This is without affect until this comment is addressed
|
||||||
|
# https://github.com/NixOS/nixpkgs/pull/251950#issuecomment-1732568492
|
||||||
|
streamingProcesses = 5;
|
||||||
|
# Processes used by the mastodon-web service
|
||||||
|
webProcesses = 2;
|
||||||
|
# Threads per process used by the mastodon-web service
|
||||||
|
webThreads = 5;
|
||||||
|
secretKeyBaseFile = "/run/agenix/mastodon-secret-key-base";
|
||||||
|
otpSecretFile = "/run/agenix/mastodon-otp-secret";
|
||||||
|
vapidPrivateKeyFile = "/run/agenix/mastodon-vapid-private-key";
|
||||||
|
vapidPublicKeyFile = "/run/agenix/mastodon-vapid-public-key";
|
||||||
|
smtp = {
|
||||||
|
createLocally = false;
|
||||||
|
host = "mx2.greenbaum.cloud";
|
||||||
|
port = 587;
|
||||||
|
authenticate = true;
|
||||||
|
user = "admins@pub.solar";
|
||||||
|
passwordFile = "/run/agenix/mastodon-smtp-password";
|
||||||
|
fromAddress = "mastodon-notifications@pub.solar";
|
||||||
|
};
|
||||||
|
extraEnvFiles = [
|
||||||
|
"/run/agenix/mastodon-extra-env-secrets"
|
||||||
|
];
|
||||||
|
extraConfig = {
|
||||||
|
WEB_DOMAIN = "mastodon.pub.solar";
|
||||||
|
# Defined in ./opensearch.nix
|
||||||
|
ES_HOST = "127.0.0.1";
|
||||||
|
# S3 File storage (optional)
|
||||||
|
# -----------------------
|
||||||
|
S3_ENABLED = "true";
|
||||||
|
S3_BUCKET = "pub-solar-mastodon";
|
||||||
|
S3_REGION = "europe-west-1";
|
||||||
|
S3_ENDPOINT = "https://gateway.tardigradeshare.io";
|
||||||
|
S3_ALIAS_HOST = "files.pub.solar";
|
||||||
|
# Translation (optional)
|
||||||
|
# -----------------------
|
||||||
|
DEEPL_PLAN = "free";
|
||||||
|
# OpenID Connect
|
||||||
|
# --------------
|
||||||
|
OIDC_ENABLED = "true";
|
||||||
|
OIDC_DISPLAY_NAME = "pub.solar ID";
|
||||||
|
OIDC_ISSUER = "https://auth.pub.solar/realms/pub.solar";
|
||||||
|
OIDC_DISCOVERY = "true";
|
||||||
|
OIDC_SCOPE = "openid,profile,email";
|
||||||
|
OIDC_UID_FIELD = "preferred_username";
|
||||||
|
OIDC_REDIRECT_URI = "https://mastodon.pub.solar/auth/auth/openid_connect/callback";
|
||||||
|
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED = "true";
|
||||||
|
# only use OIDC for login / registration
|
||||||
|
OMNIAUTH_ONLY = "true";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
5
hosts/nachtigall/apps/opensearch.nix
Normal file
5
hosts/nachtigall/apps/opensearch.nix
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.opensearch.enable = true;
|
||||||
|
}
|
5
hosts/nachtigall/apps/postgresql.nix
Normal file
5
hosts/nachtigall/apps/postgresql.nix
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.postgresql.enable = true;
|
||||||
|
}
|
|
@ -11,5 +11,8 @@
|
||||||
./apps/nginx.nix
|
./apps/nginx.nix
|
||||||
|
|
||||||
./apps/nginx-website.nix
|
./apps/nginx-website.nix
|
||||||
|
./apps/mastodon.nix
|
||||||
|
./apps/opensearch.nix
|
||||||
|
./apps/postgresql.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
17
overlays/default.nix
Normal file
17
overlays/default.nix
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
{
|
||||||
|
self,
|
||||||
|
inputs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
flake = {
|
||||||
|
nixosModules = rec {
|
||||||
|
overlays = ({ ... }: {
|
||||||
|
nixpkgs.overlays = [
|
||||||
|
(final: prev: {
|
||||||
|
mastodon = inputs.mastodon-fork.legacyPackages.${prev.system}.mastodon;
|
||||||
|
})
|
||||||
|
];
|
||||||
|
});
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
BIN
secrets/mastodon-extra-env-secrets.age
Normal file
BIN
secrets/mastodon-extra-env-secrets.age
Normal file
Binary file not shown.
27
secrets/mastodon-otp-secret.age
Normal file
27
secrets/mastodon-otp-secret.age
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 iDKjwg MIpZgS2K0KZ6NXSvHKaUs5IOwMK8C+THuH+OXGKgpk4
|
||||||
|
rwBSIPZ6pHczmeEuNsPgTJIdzE7yHBglYHGbOSd772I
|
||||||
|
-> ssh-ed25519 uYcDNw EY2Zk/jYWxYBPY/g6IH7aSIFvMuOwSplkmaeRC1aNSU
|
||||||
|
YCSThBBXbmozEZmUDgjA8xuFG9D2lGENZcWvCnRQk+c
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
Z8Xs3hFGUElQdNlxlcnJIA8814TZJYqga/SUXjxG/uvdzv9uExEiNp8FJ5emnT0u
|
||||||
|
zAaFv5aYiBa1b7aYEVdk30wjmWPT7leOPTFF5qAUdiPHxII+jHtx+eCnum72po42
|
||||||
|
SR03IjznH9fKaKiT0VNXDIVZnkP2SaAKhIj57XSUeE/weiU5apBmTMPzMQAkz7KR
|
||||||
|
sm7uFYYv8zY7LFC0ByPnFkYi6O+mc9LzunlGQVMAQe/fmoEfzI2dmrGhcG2iUbM5
|
||||||
|
6Oegjh5B4iKc/fktouHhh3Wc/K63DM9C0A9mkqtqrQJPfV+FseQoQbFwvInXY4u6
|
||||||
|
HMT4oymagXt5ifcc1WzyTde+Dz6OIOowpIXXJ0PjQ+KOn0PTG7+OfU/h1Hh/ozg4
|
||||||
|
G+finffzeffxdXSjITi+lmoWUFaZAwiico2IjH8cqDWnl8XGNfukZbsNsI6CukY2
|
||||||
|
aqffAZiu7MR1+kcMUjjG4OF1S4bRNYkqQej7GUdDmHn+dkJEuiN3ggXt+TW/mYPb
|
||||||
|
xPvPGOqDxwdOiyViZFBvZ+0ZAij8rnMdToNsY7x68B7C+Ew+cVomiIIkT1ghzmTu
|
||||||
|
T/ymvlqFlXIS3PFdUPQYd/+Ttw22n72yVxHH+61Ze/aQlt0nKdViEn4D03k3uNVg
|
||||||
|
K8VYuDwXIFdFIga5Hsw/ozp6tKZdxSzJsQJvAm0JFVk
|
||||||
|
-> ssh-ed25519 YFSOsg M0H0AhDNYpa8nD2nrDyFJOsm/SpfJ7YJXYyKZMIyxl4
|
||||||
|
YiocldCbP7HwuRi3AWfnFkqpWhuIuAwjjTzV2utwmn8
|
||||||
|
-> ssh-ed25519 iHV63A xhkCLcpQhqQxWacnI1M1652hNc/MaeCXL3e5fPGhXHo
|
||||||
|
0G5lFUE/gGHIz5giRjQPVWAIrHQ8LvxPpfVSBM3GEBM
|
||||||
|
-> ssh-ed25519 BVsyTA aAdMnpKatd4CTcFhtqSj+fiA0ofy+zhbnuN5nk5/umA
|
||||||
|
LuidYMCiM7IvA/M7k7pMqo5HJmNNmHrzl6kcud+ZS74
|
||||||
|
-> 0d%YFa-grease |F
|
||||||
|
fhLc8y67dmyhWtiOEKrZThfm4sTsNP8
|
||||||
|
--- /qZszkP7mR5whTTbCQ6JKKh2Ce+aySjeDX3HdDZag1g
|
||||||
|
÷~a’n“£ŒÀ@Ü©>ëáºx$•sk)º[J”H<E2809D>ãÀFˆ†Eh¤dŸ^3¢A±ïËá5ô_Q›<>p†ûâôLùN¦ƒR*[]žG˜õXY“ž\®¯aƒÜtÏÔU”+ÝÎ\9ób‡«N6BÖÃ\ãýWĉ.?N'µHf´œï Ójc TAÖWAO’M
üûXîÝ…Ï"©¼v
|
29
secrets/mastodon-secret-key-base.age
Normal file
29
secrets/mastodon-secret-key-base.age
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 iDKjwg hUHxNz0ZfR/cgTXIfrOobhUPxcFo8zyxD3idF/bpP3E
|
||||||
|
H6aIW7YO27ONIIcnmViIWaXiByJMmPFo6E8jsH1Xq2Q
|
||||||
|
-> ssh-ed25519 uYcDNw +D81Yz9zAmCEeIUIxLirpd/OVnWmHQnALp3GWyxUshc
|
||||||
|
reldI2bJQ2Jq3JxHZ7wWnm6I1pTISQ9G+jjupCrhQ0Q
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
BYla6U3WqibQOXQFIQrs0d37pmGNvVulP0p18jjTXfA61vth/icCTu3V5VAHz5ST
|
||||||
|
A8o2gHhQfGXpFm9GMPMVe+OKHnD4Ws4cWowW8/GLMg2XgqPBdvownVwl6hspjmwr
|
||||||
|
Mxrw1PQL63fiYmCiB49UFaQV0OIxyo3mo7kmF9KKRfdTQ1kF/vjiZuw3Tiz8ubDk
|
||||||
|
DoaK0g062iI1/GPeGH3blaZj6cFstT9UjoPbdOU9WLkDMUc0d73ih1u6a3VmIY/B
|
||||||
|
tToYCJuwcjAUvX9Y3Xolx9vKpg8dVD48T1GlPADZCyajY2fEPbJdS29jP7NwQsZ2
|
||||||
|
8sgmFkNzUq3Okjbz4lem/g4nlXQN++wdRIYgTLUfJWKOx5+bxSneRvvP6p4HyKZJ
|
||||||
|
O0OzJTg2ZUTqcpHvxj6DBTbg0e2KW44AkjMLIBwGxdfz3ogrfM2au0bA4SizXCsA
|
||||||
|
XL03eRmVbzgrBKNUUi6UbQ7iKp+OjWbM6jyZuNEwfepbedLqwDeTXHfm2gZBxUyM
|
||||||
|
JTk7iTERU5908VhlbNZY5rjXShkPzB9L5jgV23I9CwFlzYSC3mvPS7HMtWcgo8e4
|
||||||
|
EBBH5QptHOvaZtDtDqYia8tzKG1KUg75fP4PzKB7+DjGv1phvTyzJDd51qAVrdJH
|
||||||
|
PheURbBliQOQaqNnTdYfpBC4tdHAMYEp85Y8uMMihYc
|
||||||
|
-> ssh-ed25519 YFSOsg SJDEy0M+3X5SmXsr9C3CDbpWfyhnmu8IUIzNOshE830
|
||||||
|
g7jSKtpI+jUO5OC7vd6TJWOTWsIk/x9yL4RKL1lAv5g
|
||||||
|
-> ssh-ed25519 iHV63A tSREgTvnNiKMGWldq/Pp2EVWBmcs18j3zFDwtoBrQiM
|
||||||
|
kT4SzAuXqbdQSgmxbAy3BogMbh5tOPI3fuGWWQMK7fk
|
||||||
|
-> ssh-ed25519 BVsyTA k4rwyukpUYOGvtG9bm2dpw51P2udNnFSSldm8eCJP0E
|
||||||
|
C4Cm0eFg0KeXNf/BGX+vXIeAbsdYmN/97gj5snvRSzs
|
||||||
|
-> `rk-grease
|
||||||
|
Y6ohmk9v8XByEpy/oqM1aXpmeFS2ynIRyGiHfMMez4ONC54ZGOCmr1xUwEGxv7BG
|
||||||
|
SOltfLTf/rk/0ibNlvMoTqbUUhT1A/CBzSUH1tBy1w
|
||||||
|
--- DB1jba9WqtcKIEXV24rL0XmFmv1U23dEYaOYd1w9B4E
|
||||||
|
{.hP;v' ÔÖ<C394>ŸüÖmFŠfótÊ’¡²¸n®þ
|
||||||
|
4ZÛñ!E+B Lõ„âr"÷ëÈ¿³CÀT'ð'¹wýãɶ—j®>»b‡f÷ïÌ;Ë•íTË©Œárë§u;j&Žb1ÉÈ4;¯&Ò£81_‚§"o¢8]µ<>å£_
Î kÕb‘V»¥AGÁyõ¸8<C2B8>ŸÕY|g
|
BIN
secrets/mastodon-smtp-password.age
Normal file
BIN
secrets/mastodon-smtp-password.age
Normal file
Binary file not shown.
BIN
secrets/mastodon-vapid-private-key.age
Normal file
BIN
secrets/mastodon-vapid-private-key.age
Normal file
Binary file not shown.
30
secrets/mastodon-vapid-public-key.age
Normal file
30
secrets/mastodon-vapid-public-key.age
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 iDKjwg d2X1HF25fwdoxTgl76Y+IaLTaWmVgQECffHczTwAIhg
|
||||||
|
2Ze0HC2AE/vNh2yeUeByem8R3q+NdQdSbiMne3skYNI
|
||||||
|
-> ssh-ed25519 uYcDNw j0LY/+qchCFRbQNzDEXIK/ij6FfH4NpG/37vM+B1TlM
|
||||||
|
cmkBSn4pZgq9M4L8MzlSLKuyItgn3TolJ6v7a6wLnJw
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
DyP1Aa8XXbZoRpWFmEojepWlO95Ob3VVQO+9JK/uif4cs2cYkLJmUM/tkc2GeYYg
|
||||||
|
fDzlgNtdb8w28HHFInd1aYFC3fjW2JQ0sYmnTlsFNvCcopnIWgOVbsM3wxY9a2Z1
|
||||||
|
hnZb7ADPJJBoOO6E55apqSpYSCwgD9UTodSNDBvrGsxQcZem6KVQFXC2UBPS+xmz
|
||||||
|
IdSyiECPwjuH0wSa5NQ/jnJXQSxStLh1mPiM2SHwJh8P7EwICwfLGR7RbRj6gRYC
|
||||||
|
E9XXDh/tBx9wz8MrgPVGvv795KXvyh3DVXWNOewQBONHhyddQ0bds3g9FOKh46dJ
|
||||||
|
zZ16MXLhXA94MvZeR4pfQ00KYrtwsUmorKDHdDblfPlhYFF1V+LXiP+PgbM+IHHk
|
||||||
|
TRI/9sJHQqCi3sAqdKTHOfGJHoAWcwMtTt1gntbH1m4B3HcsO0yPAYT0fItQzlxm
|
||||||
|
9VNjfqrXhea67oxmbgpV1Gdw9Xl1sj65sUJTuOqhDMHxi4sjQlIZ1RB5sh5UEIVz
|
||||||
|
W66u3CHVhz3zCoI86RRkeIh7DYj59tQV5UWYvdpISxKwuq8Y8Y40bwHPN2lMym3Q
|
||||||
|
inE2G4+ysHbLL67uAg6cZ7gp0gLLabNh+1UxAZhP2SUKrXHnZYZciRlssnnTs2zo
|
||||||
|
QmmJqlCjSw5lCsxzbP/4yZ98PNpMmyiLk9ZsF6JnYFk
|
||||||
|
-> ssh-ed25519 YFSOsg Qt3U6zLbC5Es/HEB0LmxbdMr1UC4b6e1aEpiUsSDjAg
|
||||||
|
1JoH4tohBK6o0sBf+kPsoWms198u5cZ0d6xXWYe5M1g
|
||||||
|
-> ssh-ed25519 iHV63A E+hjbICVUQMYiKA8dm+e/wxeNQxYhSGkAtgqpZ52hF8
|
||||||
|
dUGkk3yTgGoGefx8jmDLnPcqwcm3/urAU9npWbiMyd0
|
||||||
|
-> ssh-ed25519 BVsyTA Ofa561Rugw6bu3V3zy/0UJHOfj0ojA2yqcs1Jof1dlI
|
||||||
|
SpFNg09o/JGQwzqSLWXGYelPf8H7ShX18CLqjuTa884
|
||||||
|
-> uk_7a:i-grease
|
||||||
|
4huOY9tBYiXrgI5G3041MDe/IF5AZA9eTnbKjOgbz5N2xb6KeuOWmIogctdxXhF0
|
||||||
|
nABs+TtIFJCXSLH3a53LEut7V1OHtwpO9hrUED2snhIi/SV3MIQvhTIRnQZ5eIxn
|
||||||
|
jqs
|
||||||
|
--- trgjIArcyooHt4cupN4Tm8rUihSUopfkZrLE1tOA7Yo
|
||||||
|
³Îèœá†¾xxîôB@%½¢@æ‘ä"Ìì°²!ÕHu¤¹m.<2E>Xs…ÁÍ
|
||||||
|
Â<ø‘Q¯ÅÇÒšn<>2;¶T¸áhòÔúˆLûÉX×NO¥zk!ß ¦‘)˜KL)ÁbלíÚa_ÖèÎæÏe€Ý4 ¼OE….(
|
35
secrets/secrets.nix
Normal file
35
secrets/secrets.nix
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
let
|
||||||
|
# set ssh public keys here for your system and user
|
||||||
|
axeman-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNeQYLFauAbzDyIbKC86NUh9yZfiyBm/BtIdkcpZnSU axeman@tuxnix";
|
||||||
|
b12f-bbcom = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmXpOU6vzQiVSSYCoxHYv7wDxC63Qg3dxlAMR6AOzwIABCU5PFFNcO0NWYms/YR7MOViorl+19LCLRABar9JgHU1n+uqxKV6eGph3OPeMp5sN8LAh7C9N+TZj8iJzBxQ3ch+Z/LdmLRwYNJ7KSUI+gwGK6xRS3+z1022Y4P0G0sx7IeCBl4lealQEIIF10ZOfjUdBcLQar7XTc5AxyGKnHCerXHRtccCoadLQujk0AvPXbv3Ma4JwX9X++AnCWRWakqS5UInu2tGuZ/6Hrjd2a9AKWjTaBVDcbYqCvY4XVuMj2/A2bCceFBaoi41apybSk26FSFTU4qiEUNQ6lxeOwG4+1NCXyHe2bGI4VyoxinDYa8vLLzXIRfTRA0qoGfCweXNeWPf0jMqASkUKaSOH5Ot7O5ps34r0j9pWzavDid8QeKJPyhxKuF1a5G4iBEZ0O9vuti60dPSjJPci9oTxbune2/jb7Sa0yO06DtLFJ2ncr5f70s/BDxKk4XIwQLy+KsvzlQEGdY8yA6xv28bOGxL3sQ0HE2pDTsvIbAisVOKzdJeolStL9MM5W8Hg0r/KkGj2bg0TfoRp1xHV9hjKkvJrsQ6okaPvNFeZq0HXzPhWMOVQ+/46z80uaQ1ByRLr3FTwuWJ7F/73ndfxiq6bDE4z2Ji0vOjeWJm6HCxTdGw== hello@benjaminbaedorf.com";
|
||||||
|
hensoko-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb";
|
||||||
|
hensoko-2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy";
|
||||||
|
teutat3s-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms";
|
||||||
|
|
||||||
|
nachtigall-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7G0ufi+MNvaAZLDgpieHrABPGN7e/kD5kMFwSk4ABj root@nachtigall";
|
||||||
|
|
||||||
|
baseKeys = [
|
||||||
|
axeman-1
|
||||||
|
b12f-bbcom
|
||||||
|
hensoko-1
|
||||||
|
hensoko-2
|
||||||
|
teutat3s-1
|
||||||
|
];
|
||||||
|
|
||||||
|
nachtigallKeys = [
|
||||||
|
nachtigall-host
|
||||||
|
];
|
||||||
|
in {
|
||||||
|
|
||||||
|
"mastodon-secret-key-base.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
|
||||||
|
"mastodon-otp-secret.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
|
||||||
|
"mastodon-vapid-private-key.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
|
||||||
|
"mastodon-vapid-public-key.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
|
||||||
|
"mastodon-smtp-password.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
|
||||||
|
"mastodon-extra-env-secrets.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
}
|
Loading…
Reference in a new issue