Init mail.pub.solar #196
|
@ -10,13 +10,19 @@ Then, run `deploy-rs` with the hostname of the server you want to deploy:
|
||||||
For nachtigall.pub.solar:
|
For nachtigall.pub.solar:
|
||||||
|
|
||||||
```
|
```
|
||||||
deploy --targets '.#nachtigall' --magic-rollback false --auto-rollback false
|
deploy --targets '.#nachtigall' --magic-rollback false --auto-rollback false --keep-result --result-path ./results
|
||||||
```
|
```
|
||||||
|
|
||||||
For flora-6.pub.solar:
|
For flora-6.pub.solar:
|
||||||
|
|
||||||
```
|
```
|
||||||
deploy --targets '.#flora-6' --magic-rollback false --auto-rollback false
|
deploy --targets '.#flora-6' --magic-rollback false --auto-rollback false --keep-result --result-path ./results
|
||||||
|
```
|
||||||
|
|
||||||
|
For metronom.pub.solar (aarch64-linux):
|
||||||
|
|
||||||
|
```
|
||||||
|
deploy --targets '.#metronom' --magic-rollback false --auto-rollback false --keep-result --result-path ./results --remote-build
|
||||||
```
|
```
|
||||||
|
|
||||||
Usually we skip all rollback functionality, but if you want to deploy a change
|
Usually we skip all rollback functionality, but if you want to deploy a change
|
||||||
|
@ -28,6 +34,11 @@ deployment, add the flag `--skip-checks` at the end of the command.
|
||||||
`--dry-activate` can be used to only put all files in place without switching,
|
`--dry-activate` can be used to only put all files in place without switching,
|
||||||
to enable switching to the new config quickly at a later moment.
|
to enable switching to the new config quickly at a later moment.
|
||||||
|
|
||||||
|
We use `--keep-result --result-path ./results` to keep the last `result`
|
||||||
|
symlink of each `deploy` from being garbage collected. That way, we keep builds
|
||||||
|
cached in the Nix store. This is optional and both flags can be removed if disk
|
||||||
|
space is a scarce resource on your machine.
|
||||||
|
|
||||||
You'll need to have SSH Access to the boxes to be able to run `deploy`.
|
You'll need to have SSH Access to the boxes to be able to run `deploy`.
|
||||||
|
|
||||||
### Getting SSH access
|
### Getting SSH access
|
||||||
|
|
4
docs/mail.md
Normal file
4
docs/mail.md
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
### Mail
|
||||||
|
|
||||||
|
mail.pub.solar aka metronom.pub.solar hosts our internal mails.
|
||||||
|
This is a small Hetzner cloud instance on https://console.hetzner.cloud.
|
|
@ -1,9 +1,17 @@
|
||||||
# Unlocking the root partition on boot
|
# Unlocking the root partition on boot
|
||||||
|
|
||||||
After a boot, the encrypted root partition will have to be unlocked. This is done by accessing the server via SSH with user root on port 2222.
|
After a reboot, the encrypted ZFS pool will have to be unlocked. This is done by accessing the server via SSH with user `root` on port 2222.
|
||||||
|
|
||||||
|
Nachtigall:
|
||||||
|
|
||||||
```
|
```
|
||||||
ssh root@nachtigall.pub.solar -p2222
|
ssh root@138.201.80.102 -p2222
|
||||||
|
```
|
||||||
|
|
||||||
|
Metronom:
|
||||||
|
|
||||||
|
```
|
||||||
|
ssh root@49.13.236.167 -p2222
|
||||||
```
|
```
|
||||||
|
|
||||||
After connecting, paste the crypt passphrase you can find in the shared keepass. This will disconnect the SSH session right away and the server will keep booting into stage 2.
|
After connecting, paste the crypt passphrase you can find in the shared keepass. This will disconnect the SSH session right away and the server will keep booting into stage 2.
|
||||||
|
|
104
flake.lock
104
flake.lock
|
@ -27,6 +27,22 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"blobs": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1604995301,
|
||||||
|
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
|
||||||
|
"owner": "simple-nixos-mailserver",
|
||||||
|
"repo": "blobs",
|
||||||
|
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
|
||||||
|
"type": "gitlab"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "simple-nixos-mailserver",
|
||||||
|
"repo": "blobs",
|
||||||
|
"type": "gitlab"
|
||||||
|
}
|
||||||
|
},
|
||||||
"deploy-rs": {
|
"deploy-rs": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-compat": "flake-compat",
|
"flake-compat": "flake-compat",
|
||||||
|
@ -128,6 +144,22 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"flake-compat_2": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1668681692,
|
||||||
|
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"flake-parts": {
|
"flake-parts": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs-lib": "nixpkgs-lib"
|
"nixpkgs-lib": "nixpkgs-lib"
|
||||||
|
@ -328,6 +360,21 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixpkgs-23_05": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1704290814,
|
||||||
|
"narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"id": "nixpkgs",
|
||||||
|
"ref": "nixos-23.05",
|
||||||
|
"type": "indirect"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixpkgs-lib": {
|
"nixpkgs-lib": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1714640452,
|
"lastModified": 1714640452,
|
||||||
|
@ -340,6 +387,21 @@
|
||||||
"url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz"
|
"url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixpkgs_2": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1705856552,
|
||||||
|
"narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"id": "nixpkgs",
|
||||||
|
"ref": "nixos-unstable",
|
||||||
|
"type": "indirect"
|
||||||
|
}
|
||||||
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"agenix": "agenix",
|
"agenix": "agenix",
|
||||||
|
@ -354,10 +416,37 @@
|
||||||
"nixos-flake": "nixos-flake",
|
"nixos-flake": "nixos-flake",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
"nixpkgs-2205": "nixpkgs-2205",
|
"nixpkgs-2205": "nixpkgs-2205",
|
||||||
|
"simple-nixos-mailserver": "simple-nixos-mailserver",
|
||||||
"triton-vmtools": "triton-vmtools",
|
"triton-vmtools": "triton-vmtools",
|
||||||
"unstable": "unstable"
|
"unstable": "unstable"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"simple-nixos-mailserver": {
|
||||||
|
"inputs": {
|
||||||
|
"blobs": "blobs",
|
||||||
|
"flake-compat": "flake-compat_2",
|
||||||
|
"nixpkgs": "nixpkgs_2",
|
||||||
|
"nixpkgs-23_05": "nixpkgs-23_05",
|
||||||
|
"nixpkgs-23_11": [
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"utils": "utils_2"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1706219574,
|
||||||
|
"narHash": "sha256-qO+8UErk+bXCq2ybHU4GzXG4Ejk4Tk0rnnTPNyypW4g=",
|
||||||
|
"owner": "simple-nixos-mailserver",
|
||||||
|
"repo": "nixos-mailserver",
|
||||||
|
"rev": "e47f3719f1db3e0961a4358d4cb234a0acaa7baf",
|
||||||
|
"type": "gitlab"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "simple-nixos-mailserver",
|
||||||
|
"ref": "nixos-23.11",
|
||||||
|
"repo": "nixos-mailserver",
|
||||||
|
"type": "gitlab"
|
||||||
|
}
|
||||||
|
},
|
||||||
"systems": {
|
"systems": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1681028828,
|
"lastModified": 1681028828,
|
||||||
|
@ -475,6 +564,21 @@
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
"utils_2": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1605370193,
|
||||||
|
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"rev": "5021eac20303a61fafe17224c087f5519baed54d",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"root": "root",
|
"root": "root",
|
||||||
|
|
|
@ -38,6 +38,9 @@
|
||||||
element-stickers.url = "git+https://git.pub.solar/pub-solar/maunium-stickerpicker-nix?ref=main";
|
element-stickers.url = "git+https://git.pub.solar/pub-solar/maunium-stickerpicker-nix?ref=main";
|
||||||
element-stickers.inputs.maunium-stickerpicker.follows = "maunium-stickerpicker";
|
element-stickers.inputs.maunium-stickerpicker.follows = "maunium-stickerpicker";
|
||||||
element-stickers.inputs.nixpkgs.follows = "nixpkgs";
|
element-stickers.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
|
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11";
|
||||||
|
simple-nixos-mailserver.inputs.nixpkgs-23_11.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs =
|
outputs =
|
||||||
|
@ -123,6 +126,10 @@
|
||||||
hostname = "10.7.6.2";
|
hostname = "10.7.6.2";
|
||||||
sshUser = username;
|
sshUser = username;
|
||||||
};
|
};
|
||||||
|
metronom = {
|
||||||
teutat3s marked this conversation as resolved
Outdated
|
|||||||
|
hostname = "10.7.6.3";
|
||||||
|
sshUser = username;
|
||||||
|
};
|
||||||
tankstelle = {
|
tankstelle = {
|
||||||
hostname = "80.244.242.5";
|
hostname = "80.244.242.5";
|
||||||
sshUser = username;
|
sshUser = username;
|
||||||
|
|
|
@ -59,6 +59,19 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
metronom = self.nixos-flake.lib.mkLinuxSystem {
|
||||||
|
imports = [
|
||||||
|
self.inputs.agenix.nixosModules.default
|
||||||
|
self.nixosModules.home-manager
|
||||||
|
./metronom
|
||||||
|
self.nixosModules.overlays
|
||||||
|
self.nixosModules.unlock-zfs-on-boot
|
||||||
|
self.nixosModules.core
|
||||||
|
|
||||||
|
self.inputs.simple-nixos-mailserver.nixosModule
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
tankstelle = self.nixos-flake.lib.mkLinuxSystem {
|
tankstelle = self.nixos-flake.lib.mkLinuxSystem {
|
||||||
imports = [
|
imports = [
|
||||||
self.inputs.agenix.nixosModules.default
|
self.inputs.agenix.nixosModules.default
|
||||||
|
|
13
hosts/metronom/backups.nix
Normal file
13
hosts/metronom/backups.nix
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{ flake, ... }:
|
||||||
|
{
|
||||||
|
age.secrets."restic-repo-droppie" = {
|
||||||
|
file = "${flake.self}/secrets/restic-repo-droppie.age";
|
||||||
|
mode = "400";
|
||||||
|
owner = "root";
|
||||||
|
};
|
||||||
|
age.secrets."restic-repo-storagebox" = {
|
||||||
|
file = "${flake.self}/secrets/restic-repo-storagebox.age";
|
||||||
|
mode = "400";
|
||||||
|
owner = "root";
|
||||||
|
};
|
||||||
|
}
|
34
hosts/metronom/configuration.nix
Normal file
34
hosts/metronom/configuration.nix
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
{
|
||||||
|
flake,
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.supportedFilesystems = [ "zfs" ];
|
||||||
|
|
||||||
|
boot.kernelParams = [
|
||||||
|
"boot.shell_on_fail=1"
|
||||||
|
"ip=dhcp"
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "igb" ];
|
||||||
|
|
||||||
|
# https://nixos.wiki/wiki/ZFS#declarative_mounting_of_ZFS_datasets
|
||||||
|
systemd.services.zfs-mount.enable = false;
|
||||||
|
|
||||||
|
# Declarative SSH private key
|
||||||
|
#age.secrets."metronom-root-ssh-key" = {
|
||||||
|
# file = "${flake.self}/secrets/metronom-root-ssh-key.age";
|
||||||
|
# path = "/root/.ssh/id_ed25519";
|
||||||
|
# mode = "400";
|
||||||
|
# owner = "root";
|
||||||
|
#};
|
||||||
|
|
||||||
|
# This value determines the NixOS release with which your system is to be
|
||||||
|
# compatible, in order to avoid breaking some software such as database
|
||||||
|
# servers. You should change this only after NixOS release notes say you
|
||||||
|
# should.
|
||||||
|
system.stateVersion = "23.11"; # Did you read the comment?
|
||||||
|
}
|
12
hosts/metronom/default.nix
Normal file
12
hosts/metronom/default.nix
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
{ flake, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./hardware-configuration.nix
|
||||||
|
./configuration.nix
|
||||||
|
|
||||||
|
./networking.nix
|
||||||
|
./wireguard.nix
|
||||||
teutat3s marked this conversation as resolved
Outdated
b12f
commented
This should be in This should be in `/modules`
|
|||||||
|
#./backups.nix
|
||||||
|
];
|
||||||
|
}
|
48
hosts/metronom/hardware-configuration.nix
Normal file
48
hosts/metronom/hardware-configuration.nix
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
modulesPath,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [
|
||||||
|
"xhci_pci"
|
||||||
|
"virtio_pci"
|
||||||
|
"virtio_scsi"
|
||||||
|
"usbhid"
|
||||||
|
"sr_mod"
|
||||||
|
];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "root_pool/root";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/disk/by-uuid/2083-C68E";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [ ];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||||
|
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
23
hosts/metronom/networking.nix
Normal file
23
hosts/metronom/networking.nix
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
flake,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
|
|
||||||
|
networking.hostName = "metronom";
|
||||||
|
networking.extraHosts = ''
|
||||||
|
127.0.0.2 mail.pub.solar mail
|
||||||
|
::1 mail.pub.solar mail
|
||||||
|
'';
|
||||||
|
networking.domain = "pub.solar";
|
||||||
|
networking.hostId = "00000002";
|
||||||
|
|
||||||
|
networking.enableIPv6 = true;
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.interfaces."enp1s0".useDHCP = true;
|
||||||
|
|
||||||
|
# TODO: ssh via wireguard only
|
||||||
|
services.openssh.openFirewall = true;
|
||||||
|
}
|
54
hosts/metronom/wireguard.nix
Normal file
54
hosts/metronom/wireguard.nix
Normal file
|
@ -0,0 +1,54 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
flake,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
|
networking.firewall.allowedUDPPorts = [ 51820 ];
|
||||||
|
|
||||||
|
age.secrets.wg-private-key.file = "${flake.self}/secrets/metronom-wg-private-key.age";
|
||||||
|
|
||||||
|
networking.wireguard.interfaces = {
|
||||||
|
wg-ssh = {
|
||||||
|
listenPort = 51820;
|
||||||
|
mtu = 1300;
|
||||||
|
ips = [
|
||||||
|
"10.7.6.3/32"
|
||||||
|
"fd00:fae:fae:fae:fae:3::/96"
|
||||||
|
];
|
||||||
|
privateKeyFile = config.age.secrets.wg-private-key.path;
|
||||||
|
peers = flake.self.logins.admins.wireguardDevices ++ [
|
||||||
|
{
|
||||||
|
# flora-6.pub.solar
|
||||||
|
endpoint = "80.71.153.210:51820";
|
||||||
|
publicKey = "jtSR5G2P/nm9s8WrVc26Xc/SQLupRxyXE+5eIeqlsTU=";
|
||||||
|
allowedIPs = [
|
||||||
|
"10.7.6.2/32"
|
||||||
|
"fd00:fae:fae:fae:fae:2::/96"
|
||||||
|
];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# nachtigall.pub.solar
|
||||||
|
endpoint = "138.201.80.102:51820";
|
||||||
|
publicKey = "qzNywKY9RvqTnDO8eLik75/SHveaSk9OObilDzv+xkk=";
|
||||||
|
allowedIPs = [
|
||||||
|
"10.7.6.1/32"
|
||||||
|
"fd00:fae:fae:fae:fae:1::/96"
|
||||||
|
];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.openssh.listenAddresses = [
|
||||||
|
{
|
||||||
|
addr = "10.7.6.3";
|
||||||
|
port = 22;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
addr = "[fd00:fae:fae:fae:fae:3::]";
|
||||||
|
port = 22;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}
|
|
@ -7,21 +7,6 @@
|
||||||
|
|
||||||
{ lib, inputs }:
|
{ lib, inputs }:
|
||||||
let
|
let
|
||||||
# https://github.com/serokell/deploy-rs#overall-usage
|
|
||||||
system = "x86_64-linux";
|
|
||||||
pkgs = import inputs.nixpkgs { inherit system; };
|
|
||||||
deployPkgs = import inputs.nixpkgs {
|
|
||||||
inherit system;
|
|
||||||
overlays = [
|
|
||||||
inputs.deploy-rs.overlay
|
|
||||||
(self: super: {
|
|
||||||
deploy-rs = {
|
|
||||||
inherit (pkgs) deploy-rs;
|
|
||||||
lib = super.deploy-rs.lib;
|
|
||||||
};
|
|
||||||
})
|
|
||||||
];
|
|
||||||
};
|
|
||||||
getFqdn =
|
getFqdn =
|
||||||
c:
|
c:
|
||||||
teutat3s marked this conversation as resolved
Outdated
hensoko
commented
this needs to be set based on the target host platform this needs to be set based on the target host platform
|
|||||||
let
|
let
|
||||||
|
@ -66,7 +51,28 @@ in
|
||||||
*/
|
*/
|
||||||
lib.recursiveUpdate (lib.mapAttrs (_: c: {
|
lib.recursiveUpdate (lib.mapAttrs (_: c: {
|
||||||
hostname = getFqdn c;
|
hostname = getFqdn c;
|
||||||
profiles.system = {
|
profiles.system =
|
||||||
|
let
|
||||||
|
system = c.pkgs.system;
|
||||||
|
|
||||||
|
# Unmodified nixpkgs
|
||||||
|
pkgs = import inputs.nixpkgs { inherit system; };
|
||||||
|
|
||||||
|
# nixpkgs with deploy-rs overlay but force the nixpkgs package
|
||||||
|
deployPkgs = import inputs.nixpkgs {
|
||||||
|
inherit system;
|
||||||
|
overlays = [
|
||||||
|
inputs.deploy-rs.overlay # or deploy-rs.overlays.default
|
||||||
|
(self: super: {
|
||||||
|
deploy-rs = {
|
||||||
|
inherit (pkgs) deploy-rs;
|
||||||
|
lib = super.deploy-rs.lib;
|
||||||
|
};
|
||||||
|
})
|
||||||
|
];
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
user = "root";
|
user = "root";
|
||||||
path = deployPkgs.deploy-rs.lib.activate.nixos c;
|
path = deployPkgs.deploy-rs.lib.activate.nixos c;
|
||||||
};
|
};
|
||||||
|
|
|
@ -94,7 +94,7 @@
|
||||||
mailer = {
|
mailer = {
|
||||||
ENABLED = true;
|
ENABLED = true;
|
||||||
PROTOCOL = "smtps";
|
PROTOCOL = "smtps";
|
||||||
SMTP_ADDR = "mail.greenbaum.zone";
|
SMTP_ADDR = "mail.pub.solar";
|
||||||
SMTP_PORT = 465;
|
SMTP_PORT = 465;
|
||||||
FROM = ''"pub.solar git server" <forgejo@pub.solar>'';
|
FROM = ''"pub.solar git server" <forgejo@pub.solar>'';
|
||||||
USER = "admins@pub.solar";
|
USER = "admins@pub.solar";
|
||||||
|
|
|
@ -59,7 +59,7 @@
|
||||||
};
|
};
|
||||||
smtp = {
|
smtp = {
|
||||||
enabled = true;
|
enabled = true;
|
||||||
host = "mail.greenbaum.zone:465";
|
host = "mail.pub.solar:465";
|
||||||
user = "admins@pub.solar";
|
user = "admins@pub.solar";
|
||||||
password = "\$__file{${config.age.secrets.grafana-smtp-password.path}}";
|
password = "\$__file{${config.age.secrets.grafana-smtp-password.path}}";
|
||||||
from_address = "no-reply@pub.solar";
|
from_address = "no-reply@pub.solar";
|
||||||
|
|
70
modules/mail/default.nix
Normal file
70
modules/mail/default.nix
Normal file
|
@ -0,0 +1,70 @@
|
||||||
|
{ config, flake, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
age.secrets.mail-hensoko.file = "${flake.self}/secrets/mail/hensoko.age";
|
||||||
|
age.secrets.mail-teutat3s.file = "${flake.self}/secrets/mail/teutat3s.age";
|
||||||
|
age.secrets.mail-admins.file = "${flake.self}/secrets/mail/admins.age";
|
||||||
|
age.secrets.mail-bot.file = "${flake.self}/secrets/mail/bot.age";
|
||||||
|
age.secrets.mail-crew.file = "${flake.self}/secrets/mail/crew.age";
|
||||||
|
age.secrets.mail-erpnext.file = "${flake.self}/secrets/mail/erpnext.age";
|
||||||
|
age.secrets.mail-hakkonaut.file = "${flake.self}/secrets/mail/hakkonaut.age";
|
||||||
|
|
||||||
|
mailserver = {
|
||||||
|
enable = true;
|
||||||
|
fqdn = "mail.pub.solar";
|
||||||
|
domains = [ "pub.solar" ];
|
||||||
|
|
||||||
|
# A list of all login accounts. To create the password hashes, use
|
||||||
|
# nix-shell -p mkpasswd --run 'mkpasswd -R11 -m bcrypt'
|
||||||
|
loginAccounts = {
|
||||||
|
"hensoko@pub.solar" = {
|
||||||
|
hashedPasswordFile = config.age.secrets.mail-hensoko.path;
|
||||||
|
quota = "2G";
|
||||||
|
};
|
||||||
|
"teutat3s@pub.solar" = {
|
||||||
|
hashedPasswordFile = config.age.secrets.mail-teutat3s.path;
|
||||||
|
quota = "2G";
|
||||||
|
};
|
||||||
|
"admins@pub.solar" = {
|
||||||
|
hashedPasswordFile = config.age.secrets.mail-admins.path;
|
||||||
|
quota = "2G";
|
||||||
|
aliases = [
|
||||||
|
"abuse@pub.solar"
|
||||||
|
"alerts@pub.solar"
|
||||||
|
"forgejo@pub.solar"
|
||||||
|
"keycloak@pub.solar"
|
||||||
|
"mastodon-notifications@pub.solar"
|
||||||
|
"matrix@pub.solar"
|
||||||
|
"postmaster@pub.solar"
|
||||||
|
"nextcloud@pub.solar"
|
||||||
|
"no-reply@pub.solar"
|
||||||
|
"security@pub.solar"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
"bot@pub.solar" = {
|
||||||
|
hashedPasswordFile = config.age.secrets.mail-bot.path;
|
||||||
|
quota = "2G";
|
||||||
|
aliases = [ "hackernews-bot@pub.solar" ];
|
||||||
|
};
|
||||||
|
"crew@pub.solar" = {
|
||||||
|
hashedPasswordFile = config.age.secrets.mail-crew.path;
|
||||||
|
quota = "2G";
|
||||||
|
aliases = [ "moderation@pub.solar" ];
|
||||||
|
};
|
||||||
|
"erpnext@pub.solar" = {
|
||||||
|
hashedPasswordFile = config.age.secrets.mail-erpnext.path;
|
||||||
|
quota = "2G";
|
||||||
|
};
|
||||||
|
"hakkonaut@pub.solar" = {
|
||||||
|
hashedPasswordFile = config.age.secrets.mail-hakkonaut.path;
|
||||||
|
quota = "2G";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
||||||
|
# down nginx and opens port 80.
|
||||||
|
certificateScheme = "acme-nginx";
|
||||||
|
};
|
||||||
|
security.acme.acceptTerms = true;
|
||||||
|
security.acme.defaults.email = "security@pub.solar";
|
||||||
|
}
|
|
@ -60,7 +60,7 @@
|
||||||
vapidPublicKeyFile = "/run/agenix/mastodon-vapid-public-key";
|
vapidPublicKeyFile = "/run/agenix/mastodon-vapid-public-key";
|
||||||
smtp = {
|
smtp = {
|
||||||
createLocally = false;
|
createLocally = false;
|
||||||
host = "mail.greenbaum.zone";
|
host = "mail.pub.solar";
|
||||||
port = 587;
|
port = 587;
|
||||||
authenticate = true;
|
authenticate = true;
|
||||||
user = "admins@pub.solar";
|
user = "admins@pub.solar";
|
||||||
|
|
|
@ -63,7 +63,7 @@
|
||||||
mail_smtpname = "admins@pub.solar";
|
mail_smtpname = "admins@pub.solar";
|
||||||
mail_smtpsecure = "tls";
|
mail_smtpsecure = "tls";
|
||||||
mail_smtpauth = 1;
|
mail_smtpauth = 1;
|
||||||
mail_smtphost = "mail.greenbaum.zone";
|
mail_smtphost = "mail.pub.solar";
|
||||||
mail_smtpport = "587";
|
mail_smtpport = "587";
|
||||||
|
|
||||||
# This is to allow connections to collabora and keycloak, among other services
|
# This is to allow connections to collabora and keycloak, among other services
|
||||||
|
|
|
@ -129,7 +129,7 @@
|
||||||
send_resolved = true;
|
send_resolved = true;
|
||||||
to = "admins@pub.solar";
|
to = "admins@pub.solar";
|
||||||
from = "alerts@pub.solar";
|
from = "alerts@pub.solar";
|
||||||
smarthost = "mail.greenbaum.zone:465";
|
smarthost = "mail.pub.solar:465";
|
||||||
auth_username = "admins@pub.solar";
|
auth_username = "admins@pub.solar";
|
||||||
auth_password = "$SMTP_AUTH_PASSWORD";
|
auth_password = "$SMTP_AUTH_PASSWORD";
|
||||||
require_tls = false;
|
require_tls = false;
|
||||||
|
|
43
secrets/mail/admins.age
Normal file
43
secrets/mail/admins.age
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 UE5Ceg 6rewUSyj9mZOZp1Oi+DvWxj7u6r7HWUAnp/zSDLmZyA
|
||||||
|
OLBPwlUCqlVZqrZaqT/sfzslgcYRViuTt9yzJZRPIPI
|
||||||
|
-> ssh-ed25519 uYcDNw JNpKkljIQIPKR/KNG9AF/DxbJjYoMeQdhOjmpig2Q3c
|
||||||
|
bxu5hEvJi0ip74WUJNJhm6pAfdvVlFBbyCwQKYPkUXo
|
||||||
|
-> ssh-rsa f5THog
|
||||||
|
0Im1QWg1IHp5nYfo0OK908ohS+Mo0Jyyyimq3sc6q5WoDUzufaMVYfgVpHJxasO/
|
||||||
|
SrVAwE6QLcHuTBZPeyr1HZ7chyQiWT+Lepp/MXhgS8nDOkgJaSNxY35PO6W/qtpE
|
||||||
|
rxkgdNZdB2Orqq0wHo0is5+pfZdcD7n6O4VoiayUh6kv5Brk98BUCHrydXMfJv26
|
||||||
|
0Kzwg3s+/kDwOeVOt7uy6n5VPhcSLiJgQlK4t0HkPB2rUoD8dfyVqUZV3YmgCoJM
|
||||||
|
Km1lCxaS96xKGnvt0HklYy0OX5S7ActBGpQJjcNLTl7sb2M/U0XAF7O8teSKzdq4
|
||||||
|
ejKOnzMdxFB+qOSZ3fGzHbjxNDwxPqyps0yhm72rT5tww3wOzYZXUebn7LwNKVwU
|
||||||
|
99mA0CR9W3wg3Thv4nwmsrycTMFHh9jvGRXOYgIqXNDoo2oqqkzLnS+N2fx6Wush
|
||||||
|
SNziOeZkgb25h0wrehxmqsEOVjlSE6C59E40XlmSj+MJf6siDLQGpLShE4Fz1tyx
|
||||||
|
GXASxlTNcJ8TY0N4UmozdWRW8pyTOtl1MhiuaHdYLQGvd3Zlwkr9C7pV6eVBxPyF
|
||||||
|
agSqbSZXprY5owp17fUc7HQUu5AcNJyQtDstwqOTPbaJFNfPnyaHU61jt52sk468
|
||||||
|
W2d1hZ9SYxiN32rjYV6py2SiuOvHIWMz3ODkvhxQdAM
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
TRrrVhtSIhhR9OXVAEwfmVn44a/LIaYJZWndqPAcAEhQp1Z3kPpolkxtKskz982G
|
||||||
|
wQgSbzU3py4VRpXdy/FBttoEdBrhRMKG0z9N0szKlagfLA+DHQjTlaMn/UkxmO2S
|
||||||
|
4AdwO8jEJVe26h6Y/3ne7N+/Ji8QKO6tKeNVapBKHYsJ8qqscgYW1WgKOAfJ3M6c
|
||||||
|
6lyavfn2prTkM0xz6hMrywm1Is9ahM4vh39iLRAaVonFHmNJE+dAse8ijvKzjcYM
|
||||||
|
KAiZtabdJkWwjD/3x513fU/o9DQCnBTHfM8KLb7DTPC9Ro1K//O7LjcG+WiaERSh
|
||||||
|
0+dBZstMD7fQWEyJ/CgnRf54juZs2A7yBdrT9TcQtcgPKYk9QjFqHCmKB0R+TUaX
|
||||||
|
nNh4h33i5V/8JfPRQTLz/YYFdG+kG5Hvucs9I2HN1n/vaHL9UIH3zC8BmkUd5fnR
|
||||||
|
cnKXPjFCfrPPKg4DMT4gT5lIVtIBRx/IKxvjgR/8c8M9M3jk4SZSYHUlKtnzFOLq
|
||||||
|
ycGJopWX7kBWGliEQ8jC+nKYOXpSYH+mbHOV54zplmNOZKMdLJ9ek23WoX5/BD7i
|
||||||
|
arp4EtwYiD2LN3M1TG24gFW9VCY3Ofil6HAn5ySM9AMtIHwy/8srUBSCtdpWWGx+
|
||||||
|
0fk+wGVu/5lCn51RPXl1L2YRloyx3giKvappuUcpho4
|
||||||
|
-> piv-p256 vRzPNw AjkP6Dy1dEQ58LVB01S/1stB6JMpl+q3EuqHQp6RCfH9
|
||||||
|
cePnQF/DS9AJx0MJArNi/5b6tncv46lKpu/1SIb5X7Y
|
||||||
|
-> piv-p256 zqq/iw A7cNqXWWA3Zd4vccwwW/Wgfq5cCOjnIPq/Et0qpeQUMw
|
||||||
|
p/e2OBgHoHA06WR4h3k1GK65u3qYH2YGPYQ10jz+pvQ
|
||||||
|
-> ssh-ed25519 YFSOsg +Tl7z0DL81uPhdBuEJG+9qnZ6eoAzyZfvJ5FtrtyRUE
|
||||||
|
nfVzlc5NoSxHv+2tM3D444kH9fCjUEYD+7wE2h83qYk
|
||||||
|
-> ssh-ed25519 iHV63A FgYN6w2aRUPpBBp6lV8pqSyopRaWwzhkGXxncU83HVc
|
||||||
|
PcNQ0P2ZGCnumKWuHVo0wwF3KCz13JadNkAHWgqIfbc
|
||||||
|
-> ssh-ed25519 BVsyTA X/VL2A5AlbG1m6uTqbYDJTJj0wVrYGx5w/geJTpgQR4
|
||||||
|
zwlsYTehOA3oK92zFN2J+HhgaX1zYd3MP0vQ3W751Co
|
||||||
|
-> ssh-ed25519 +3V2lQ Hk8tcLh85helo+DXrRDhCHkDja+sEkM1CTz01s0SXDQ
|
||||||
|
ftNhb63/JDulFgTukVu76XG2Dfcorbdt47EV6kqXw9g
|
||||||
|
--- 37wAuChTQKbjj/RCIh7ZRB2GOf2kT1we3D4bQKevM3A
|
||||||
|
ñ(=žÙ>¤jIM¡ÿú ”ÑyÂA¼|à“áʯNè<4E>„…‰f‰1Dgí5èËÛÜ ¬á߈ßg<C39F>6ì²#>ßÐ%UjÃX›ŠÈ@ÌÑðG*ªNó™äÀå\çJE
|
43
secrets/mail/bot.age
Normal file
43
secrets/mail/bot.age
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 UE5Ceg iKhPkRjtE/7UadHCdLoQR0/fe1LhVF9wSp5DQUw0hV8
|
||||||
|
o8BmKJxLYcxml+hq7l57nWQ8xAQFrROcX/BDCpZW7YE
|
||||||
|
-> ssh-ed25519 uYcDNw It3n9bvJCC+H+r5VRrtjrga1S1TkhiHUTGL/ltQbk0c
|
||||||
|
h/98devoPCP18pYqK7KcXaDspMzQMtvs5YxsoyodDes
|
||||||
|
-> ssh-rsa f5THog
|
||||||
|
xVi9l7vg34PJaGhjOzOtPtoRMePzlvdYKjNnzCXLd0g6Y4JXQZMoKCeeWrO++rtY
|
||||||
|
7/PDxJ0kJjJAEY7q2BnfV+87nmrGxFFerldDcEO9pP8/sN/u393WQpngb0tMNx6M
|
||||||
|
cjhwv0Y9ygAb858G1NzvnALVZGmbUxX1JIsq8QDcoP3kz5JmonIKLM3b4LrO735I
|
||||||
|
bfu3T+wTRebOHdC9SOhz6iuhyTnu/RmU9w22AKK/IL19z+11NJB2Xoejkfw0c6ZU
|
||||||
|
cW25i3TdwmiJAZ+lCDJQyBXtLctDes1/e6HtOkXoJSKQA5QLfEtPeCMyBmE4y0pR
|
||||||
|
z1DPiP0wMd37YR8dMXoYDRfo3EvsDJkNR0SDTZj86kio9e2sXA3OtIx8BLM0y01F
|
||||||
|
0Vnh0FwpY9kclflboeY9w3Uq33/TCvy9aZ29XD+X7HGdqqiqxeo5rcAMXO9xAx3h
|
||||||
|
2fIwdVyWYTnLt8TDOH9ZKDw8vausEITQM/D73AbVlLRKDnXTd+YTkYBgzU1rJtR0
|
||||||
|
4FQK4PL2qkWYKEK7qDTp+Hrhc4vOnxURaLsdexTub/A/TXHhGAKPxpGBOcBbCjc5
|
||||||
|
4mHSRQsDTbTNNE7bcDbkBiUcXAdlPgvEhfLmmBw8sho45M+krSeSd7V5CJ1NENhJ
|
||||||
|
3SO92RqIuyGR48lmvsuN5js4uLS4ntoyQvnmIQIVSQI
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
EsW7RlBeeV69UwczFANtxqmz2Et2jpUL378UuMydlzRznbp/TJjrzCStMTOBEDyC
|
||||||
|
SuADuvcvLf1WsVbf+rxRuFgte0YMiqUNlijN7tsOFg92odk8tHVwXEA71SW8/ZWh
|
||||||
|
zFqUJ8pPFXPA6DEYMGmdNLV+tEx3YsUFCrTvhRIBGPCFbuYJj9Ta2xg0KK3uR5/l
|
||||||
|
xziM5xxc7NtJGpW3dA/qFyneuY6gPm17PWav2l7gjAge/6FvLFzfev9TuF82iPgc
|
||||||
|
RkCNgHZqClWLRO9b0af8FMGWIak6kr/mqao40net2azrFqMxmeQFLIKJSxa6Agz+
|
||||||
|
UtlOND1COQwHrogQkHVuanBRRdUZzGk4QdW8MN49JPkvwvVPGS2XZrkE5m4k66Nu
|
||||||
|
rfMtlcoSGSA+GIZXTDiDPLpfpYV/XDe4IoPTpLcivRNb8i75GwCT/5vD39Qmlyyc
|
||||||
|
GHOX+v5JXh8WYpgvTEPDYE/oeKnsq27QT1wt8q0hKuHcRO4BcdPuiaSMnn0kjvLd
|
||||||
|
o473b6cHE96F3cTKhXerLqeMFs1+DsJhrxYCmRikZot6Iz8H5GnqT82Me1by6cYt
|
||||||
|
+GDcuVLIB0OzWfI9ibZB0ueMM8UfrLeGDq8hSF5M0rDCbFc6ZzQw8PgI97PNaDGg
|
||||||
|
FdIMho7IXEQKXMV7ueZ2/PiQEA8vfBWRnxGKFRQLOTY
|
||||||
|
-> piv-p256 vRzPNw AjWew9VSba/AQKQ69l/4OhvZUT/bawt7AOSe4/LjanOI
|
||||||
|
wHkZs8QQAOE69dq0d/2PAMgsi3xDBqEEvEFB7WKMC1Q
|
||||||
|
-> piv-p256 zqq/iw AkKV76ktPNKCS/KidRxBHdRQmtH3BNO2kbBz408ZJ+wu
|
||||||
|
S8KdsoVZUgvW7E4mlVFpp7/wxBarAPTEBqsYoBXar+M
|
||||||
|
-> ssh-ed25519 YFSOsg SQt87e1+Lza1kqQl+AyqOu47+en8H2AbjCasMjDLfRE
|
||||||
|
vBO3eKJPzagd9NdPmVG1SvO3x9rnf4H/8oddfCwpjLY
|
||||||
|
-> ssh-ed25519 iHV63A a1iFLv3FlMcfq6p8+dKlFB9cDPC8RFVc9DxtpNIXU3c
|
||||||
|
eQW7PJ+eGgp2loZTMUf40D8V3LNAinBSXgxdlHEQq34
|
||||||
|
-> ssh-ed25519 BVsyTA KNSZgJezH8bUbpFOWiyBN9kPL6EvG/L7Yh9ZRGUJkzg
|
||||||
|
Fb4oMWqk3OfdKFkLd8qq2wGvq9Fz1D4A9HmA5a412r8
|
||||||
|
-> ssh-ed25519 +3V2lQ z3vxaJYUXcqI6f6U85Oj0u6cqyarKTLidDHsURqaTh0
|
||||||
|
HNC+nhMbrJOUUS5SAcqJDDjwhjvRxOibo7Xx911cyOg
|
||||||
|
--- 6hftMRn4kD/f/ixMq2T+VnXZwyfpcV7zxZ7PBAAcsDM
|
||||||
|
Êü÷å5lŠk—9Ë¡zÉRÏÓ©õרMáFM.º}ÊD§¨%ŒXŽºlu]7íÞç‹"\¼û<C2BC>êœ(}-¼â.åÐÿÛê25§‹>06ã
h'±^jˆK‹/5<16>Í
|
43
secrets/mail/crew.age
Normal file
43
secrets/mail/crew.age
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 UE5Ceg qBHHVskxlk6AOCGIusKKItMQVrJpjpyWXBfcmpx6Bn8
|
||||||
|
RDGWdLn/D8h+dKixRk39zrMFuoaqjdbnUX+CiRq+TSA
|
||||||
|
-> ssh-ed25519 uYcDNw K4nqUOfxtA3GDpg32ndobWATCQBN2ylzD3wyLlnT2nQ
|
||||||
|
hRPPtWcxI/paVmOHT3J5SS7Ov8+gvXDAqtceJFn7o+s
|
||||||
|
-> ssh-rsa f5THog
|
||||||
|
n+B7fmdbS+uwPFyHhBCNAAuCsGh6nzA3Q1ttF7vtadi2yw6P940XKB9hXnCe1btz
|
||||||
|
NBRvKkVtIzRqc/5xDTqbDJivIYzFu8StofWv4xRBFzpA3P9r1qQV1lHwxOCfrsdd
|
||||||
|
296KHvqWVo4rdhkbd9Cye7cxndr2AWs0Gwn1uNvM1WQjTzUWzuKy6UsVztEcsB0J
|
||||||
|
4avT6+S+yxpKkMIyLqlbis/VYe/CDpPJGnxeG2GN8POVQpSdyBCEL32qkj07wR17
|
||||||
|
9rZFWU5WKfIr0XXJkhq+ewNdJzQKfWDFEhHrZYrg8LxKYsOWhydRBVEHkWVXnLin
|
||||||
|
CSD1Cv4VNHnqCycJ1Dv2Lq2n7SHoGMLPyC1UPJudmpY1Z5XIvWOu5uxvv0674mdN
|
||||||
|
WxOXgZpitwpgcmMC6K4mBZtqI8yqMP1Gijupoj4hFK7YGqKdn6+Q6ZFsttL97I00
|
||||||
|
lU22H1kf/Rxh0ZxMPiT1JcTwAZdOHIuRG6xPhVIx1hNUOmdUpg3YZa8dMKeA3Yjz
|
||||||
|
7YL7ZaYkwsIhMh6w+3xWUiYNkWfmGffRq0DfXIzTkKzapQtQJGLOpeot4wPkW51q
|
||||||
|
fHoJ2MNvlB3Yo5AveAkIaJpofjFFZgy9XVPGH2XSAFRez3hixXkV2rWiM+GJAAnQ
|
||||||
|
z45H8qWfGnRKSjgqEKVPDlfFEiG78Dtzjtl4oW1gfbY
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
bZc7lDzI0kG/lY1reQtVjggoWfLj9/zz+BxmbZfisxsEE18AkYGsk/Ki9ddXFxDW
|
||||||
|
5EIbCHheFBvkq7eb5OKcTUf3AFTch2/8dY1hnmR6uPq1Zwgl4ATCpcQPY85+7bPb
|
||||||
|
GBl0msNpRHuo6um895rL4omdv+DItmMdp3Lyf+CcFRvaXOpRnFmOqgatZ1bMePx4
|
||||||
|
qJajnToar4YIEJBzc53oGWdAHfcmVrvEdOIUNoS3QoyCmusCkMNrSfqmvPfwqsWt
|
||||||
|
g+pTrI3NqmTt3+L0EawcRLjRYb/qM/L9/nSFOnYOv3hLzWOhwSQU/gr1ZKMxYnaI
|
||||||
|
GxqWzWg2dvkuHlRKVwwf8mNBrZlqQDV/ydOeyjJUKe48jM/PsIj8NVsqRhkgHrkH
|
||||||
|
/lvQClYEBhrgHc9Wdxzy4KM3DPyKCQSYxBPnZpFVzuFBKML/cnYU84i7r4Gkb/z4
|
||||||
|
Jxwy6jxRzjt+Sou6gTP9dIASaYfMKYnf4ijB3IZLNApkNMBd0qt5qptTCG0LylDX
|
||||||
|
eTGGWjKQrC11znI/PWkSJQsKuBDHesL+QmjgJBhPdpl7Tk9ZaI/rJk2KYAjF6J9V
|
||||||
|
add0KsLxAZbqlFo1CJO8HHysCRljXob0jYefmnDXO2x8xZvt3eSzVa8JsNLcMv5w
|
||||||
|
4/tAdHBfH4mifA5mVdVbeRUDby54TdfIWGAZtyhgvYg
|
||||||
|
-> piv-p256 vRzPNw A/0edIuqR6hf5WE2qoSGqX18sbslgSxxgmDOc6wNqfQD
|
||||||
|
GT94xHQpPOdNorZOaSi7EPdaqSSVjJNB2qaSYA6qZhY
|
||||||
|
-> piv-p256 zqq/iw A5bQxOBbSgsr6+TL8bgNWl287IF8Zvec6k9oAZPgIRt2
|
||||||
|
z0ygD5ZRl3WZjfVA3Aku70mKddTZZ/W9rX2XOBJ9cco
|
||||||
|
-> ssh-ed25519 YFSOsg R487ufjbfae0x3wSAYH9d4Yz0dW/ze3wXxQI/DCFuWw
|
||||||
|
klWo+lmfAMaZVo/gDz07/ht+szuA7YSpvDc0yEe0bgo
|
||||||
|
-> ssh-ed25519 iHV63A Ond1kPLFFFIC/lSpv6K1uobvXYFmw+yVwNUTN1HIUVw
|
||||||
|
ElzaC1ho8F2X2jRZtmAdY9FUMiCs5XAEcFqEPTy6Ilc
|
||||||
|
-> ssh-ed25519 BVsyTA F9U4uSI1sNELggtM7/VwlYOlg+ghBg0xAQLux5Fmvw8
|
||||||
|
4PY2p7QneYIuumlciTmEbR/DwBKVMXxsfRoSuSgfmR4
|
||||||
|
-> ssh-ed25519 +3V2lQ 6i+WKf5wToBT5vne7ACy51BTAZrzMHCyiQ4D65m5Ol0
|
||||||
|
/kt6I4forttfn8SbZ/9K2mvZRh4Cbj+JqmlZ746Pqqw
|
||||||
|
--- ufN6THtH8xQ83XVERTJFwO8Ti0AJyflJwZtA8V2mba4
|
||||||
|
g[Ä&‡à»¹î|þjG#¡—ßúíJÎ<0F>bƤT<C2A4>c@EˆÝÉë}Œñ><3E>m¥÷÷ÜÅÿc™D*ÙMèÛ,(Ï”Ò6Cê‚¥´ÞÓkÇ’°é=¸â”f
Q‹
|
43
secrets/mail/erpnext.age
Normal file
43
secrets/mail/erpnext.age
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 UE5Ceg I6uUuN8666FFZt7t0Z/EyWpTALPQKjGT8BBtjrJL8Ro
|
||||||
|
4Cy7GJ3RQqmrDpYocWTx31MV8yg5QKUCEfMjAaBunnU
|
||||||
|
-> ssh-ed25519 uYcDNw x+wqWbE6v2rzDZ8oDP8a/80yMBn5LI+aqBsUO7QktHU
|
||||||
|
1s7d1LfdY7bhXi6PJMi67RfxPDF8UWcLpS5cQzuiPvg
|
||||||
|
-> ssh-rsa f5THog
|
||||||
|
JQDnaZPrI5bw7OSCOo2d+C/4KsXOa7Dt0140G3/Snv7j/DPxkz+hC+jxLlt/GIY5
|
||||||
|
Py6bV/wqeS9HRUlReB9Lr+5Q89yOZhxqQI08zYnpmn6Ipr+ALNWy2jHKTBDHHPJ7
|
||||||
|
LSuv46ppPRDnZoy6NEUIlaIQ5EOXAGGVGi6nhS/R5I/fJIF4yk7B7MKur5Mhj731
|
||||||
|
Np7pb2yAfAZGxqleYO5I1jTLIGcBIDpmCricg8W057cdXFG9DG3P4Wvi+Q9bvSH8
|
||||||
|
cQwhCscUsxwZN4uVUvIAeavo06JqqOio4N3XJAwzY3syPfKhQ0xdAIMiOhl0TYYc
|
||||||
|
eVy7llsbtFd7PSu0FTFfWyuqOZNOmDoKghns3H7HCUeFcp0II1+LS0v6QKAJCEIR
|
||||||
|
CVtkNbfM8SxFioGaUTwSfxWIy9+usSX8oHYp0SYKYjBCoukq/N01yZIxVVrXgROK
|
||||||
|
FjEbyHCyIwnJ/UsrWh3TldwsDSKWbFogO66m9K0d0wJEq26UcVADQi2GLt1YCXgS
|
||||||
|
klNjHAdX1oodhr2p0ZURxngYaWuwMgEOjsMtxyA4M+4nbXfF1ds/uj7i7Btn3R6b
|
||||||
|
AzlOo+tVKg1iHFGMn5AUTOV7DtltaMxeWM24l3W9v677aozu7BDZQK5VwSSjyywF
|
||||||
|
Vq5p0Rsdif1Vywg0+AUxsPyTy4YqTvXRfQviEU/k9Qg
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
IVW5AyRKdS2zzPPZLt0qLS5aqb4+C+tFgHfD0mVtrYadn9ugn11+Wk+HKdDko43z
|
||||||
|
0rLdqE9q+Hyg3jCVk7DbnsL7lzfLKt6JQVfdCN2qihHLofPqqGgjC9pp8C48EjP/
|
||||||
|
ND/S1nrSTq8A9jF2/oja+ofcQCKGZKGC3u8E3UUdC2rmDrQF1CRZ6bW6kUxbEh7n
|
||||||
|
fogXy8BP4WX3/LxJxRwaUSQuYMrnA/SvCbQP50Z235xgr6v2+Hfm4KxmgBpy9YV1
|
||||||
|
BCuuS0Rgkkipa4SkDg4BdEyWcbTu4JaXTZPJ/6UKdNS9wEGkIaCIENkGIkl7ViTk
|
||||||
|
DDHjbGKMQD7nOv42Y9bQJwwcAEW3gN+g7kgD22GW9cpZEFTcGESX1tkYclZiZOIs
|
||||||
|
IC63gYk0o5fEuLsCYoE0Jld0D9Ja7JYbVH/ukzJ99rWgcLLKgkC5pEosPa0kex1y
|
||||||
|
L2+YDmSKtqSY3YjTFv8q4DVTBKeoWjNHkNaDl5IInhzbJ3k4zZAvJ5av02ws5aM9
|
||||||
|
i7WYk+tARjK/Bsl4pEOq5UwdAlQBuAOWUMhjLjR7BN5tWtA/wrz0LfCctTjpwxSE
|
||||||
|
vuIUIeJENpjIv88OAWVqR2SYqyTyLnHO0YpreWfF0nj1GTGY//XdwA/kqekhj8dZ
|
||||||
|
U70iXnquIhqzuwkMSC2cq1WL78pmh8kkmDbIgk8y1tw
|
||||||
|
-> piv-p256 vRzPNw AiRbeKSGWFJXI93xQ2+yh+CwJKIl6w9XFvaf1QMo8lSN
|
||||||
|
XjzQLjfA9e88kyGeBlLWqhYGSkcFhbEp2G0mthdYRyU
|
||||||
|
-> piv-p256 zqq/iw Ay5OxlqOR1CuTnrkdN0DbZXU0X3XbwKjj138AO3+GEGh
|
||||||
|
UqBjfcB5Xj829ZgvWk5eJk/5kXNE1oXBxOIo46SEqz0
|
||||||
|
-> ssh-ed25519 YFSOsg g11+RyINzDuZtkWMDhq03pXFK/sI0rrvu1nRgt2lTi0
|
||||||
|
KwhWvcS4dGb6usaNScrRUFtzaAbIHYNziY+E5tq/QBQ
|
||||||
|
-> ssh-ed25519 iHV63A 18otcJyCfFTil0bJHQzHbnS1MktjeryOSI1OZXypki4
|
||||||
|
vq7Og0UJmDgclm/MRFw77uGOiOatgPRhlTeEH7kjuS8
|
||||||
|
-> ssh-ed25519 BVsyTA ISv3vLZ8DHSiiNrRIFPB7YZqcMKkecuG4U7OPAj7hU8
|
||||||
|
8ANZ3bmxLZT+i0QCRQ2I/KgcKsdv0YBLX5FoGSw+M6M
|
||||||
|
-> ssh-ed25519 +3V2lQ qNtNUsgkHIHXGEIjzjPuF3xKLOfeSCeMrNrIdkpjmxU
|
||||||
|
OyS0yUzVdtpG+A+OvKVyX8vl7dUKysIosb5b+1qdH/Q
|
||||||
|
--- ptU7IkkyEOB/9kxpGyi6TS/nx4zIrRnvtCqGiZi0NII
|
||||||
|
8TxŒ˜úvþàJÄüƒ)&»ÍÕìkü—Çñ´ï•Äܲ‚¨‘úM–&.N¸ƒ½`ÏòS¯8|µw|Éí®2me/ð,¿…ôÜ@´3}³pÝ.oŵÐ>Gvzô/‡½
|
BIN
secrets/mail/hakkonaut.age
Normal file
BIN
secrets/mail/hakkonaut.age
Normal file
Binary file not shown.
44
secrets/mail/hensoko.age
Normal file
44
secrets/mail/hensoko.age
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 UE5Ceg F7J2BMCNuOUcZhcbEyXBbFHkOI4sVA0qXbRmCWYNBAE
|
||||||
|
Na/iuNS8cxz0qEiosflBEB9TAF87sQgwBbUl0/fhmZo
|
||||||
|
-> ssh-ed25519 uYcDNw Xd8D3eCNMcXrxlYef4kj1N4CD16b5Xs3pfA/J8RJQDk
|
||||||
|
UoBSRBj4wS1cxnDV37JjW5kBP2XWWo7seJJsU0y0cEA
|
||||||
|
-> ssh-rsa f5THog
|
||||||
|
OxPFa8NRWqy2ShVfYtxqZWfJAmgkYd2xg2E8vNCPoWafo/6hBob7C+4hDiKRZPZa
|
||||||
|
EVLw0wgTe/nlMzBLOO3FlgZ0Ceb/uA2n4nu7st6mjwYQpsmVXwZoap88B2b+GYCs
|
||||||
|
GG4sgybkZ/BrfFgm94TIcC1lr2lMjA6C4xhC9Mphf2iEQf1wjL4N1msOC4gTAW8Q
|
||||||
|
zaH+K+qNEbTXne5Pox9wp6FjApSx33ldqRxOSzcf7RUuL2ew/63fTywW8ZdHcUgm
|
||||||
|
usKqBZX9vyhLdsHzZWSXwetybMfKWs1ry5kU3ekf9EmAAkSiukFxFdr7PON3l+VV
|
||||||
|
+hNFxi7RBKGC2u+ZE2Oh/MdXkKHMIVuJE1yhUJyiirH9/Mj2S6gOpSL7pjXIQdbC
|
||||||
|
RoGoE4fHWtp14Yn5X2YQCeGYPS+y87md9qKlVTzf29u95UjVkN4V8xwquOssWp/P
|
||||||
|
qlBJscmU3cp+U3W4Gzh1k1IwdBQ7B26rUOFEwa2/DI8VsBd/x4WmLQGiIe0VnOIB
|
||||||
|
YCekxeLrl4AAf/XTEc/qNTaXcn3OguMMq6KzyeWMTdKsrcw7/P7j+06SbK+Co57D
|
||||||
|
7zt/h2dDeAEz1eo7yGLu/zd2s2iyEBNxnzvSqvRpYAkcNNI7DvNfdotDYWj0kbuW
|
||||||
|
rKfPKnXOUvf9tKsjbd1BRI563TpcoL3ebnokhBfu+v4
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
k8vywS465lFJyN/RvPMx3OUSl3UG2phrlZ0QY9BL2Gqf79tiSqMrWFCKqeZ8Djg6
|
||||||
|
yDNC8F62IwWSQB030iWQMhQfI3FM9BFepmMpVE3zviyg1WRTNgLl9vdpjLP4FuNi
|
||||||
|
Il5S3T49RmUgAzsPGMs0UWLhEudm9tJOU3tI3XD32tG7mYVrMcimtog8/1zasFf1
|
||||||
|
GE3H3MyBiuawfSu0uMnQ267rxYiGF75bI8Er1nI7zIF55Lw7twHLjN+KOlSed3Vk
|
||||||
|
VU7tNeRKfbircTrfxXo0I6SVPuX21SfBP5RWq4KrO/h4chW36OLxza2eiRvy74lY
|
||||||
|
/MekrH3PgO0q7y+uqeSbiGAcvL1UXeZFFdItv5pKxMC95vpdsEhoywO8Rj6dd+9q
|
||||||
|
iQjmy5RS/HC6uDzbqAl0HQSq1fZXO3UO0fQg5Rv3whpKMBHVMTU/PVimP93oAu4J
|
||||||
|
rXnUUpqpKJqecVDYQT4XSuMDK5Iw+S+7RLxBk6hIYsg0jtywqgwD+zF1S8RHi9kK
|
||||||
|
BEX5mR3NC/B+LdHAzphYQkHuY6UOk5AcgMO5jYCLtVK4vqlvTJPVbTSgdO86rmdy
|
||||||
|
nZXZmi0Uqgz8QEdOgIp0ego8WdqGkZF0aQwMUw11Bi+78Asx5+hy+fUncw0qZndZ
|
||||||
|
04ayMacztVL0cEaQ1AeOf85z0MPOugcVYFvih/XkgjE
|
||||||
|
-> piv-p256 vRzPNw AyKY9szzF5MMfOBUISqtfu4EVk3GWOQ2WSqwgn8tCE9B
|
||||||
|
uoSrnNdzVP1WO3uZflc+Va6cT8y5AfUpm8P3njiSQzo
|
||||||
|
-> piv-p256 zqq/iw Atu7Vk8b6dyNLZcLFtnOkAlYxOMN033PV/bv8O77LORR
|
||||||
|
jbYx5/YXY6LwoFvOfXHHPhTiMOMLwgbENvFzFmGf6ak
|
||||||
|
-> ssh-ed25519 YFSOsg BCuhqDI2VVkG3gk927TjEOLLOQNeURfxVbGodW/Xh2c
|
||||||
|
lUEeZrF5FSC/e6XRxWNQq5B7oC70mKit56AIrWMTKCY
|
||||||
|
-> ssh-ed25519 iHV63A Job9bw0T6OJpmgeizCOyNGqA9YHrcbml8sj+9kadKVw
|
||||||
|
4+pfaDyrgXuj8DKQzMj04nk2KRfobvQ6Z+E7RDOUm24
|
||||||
|
-> ssh-ed25519 BVsyTA 2cN+HWBYc7mSbSEziFpyuDfHs7cbVd5Vdfj7NYNJ6Uk
|
||||||
|
8+APjCiQmu9hoqffuqdJKk09wtk0Ywa3NqeURnP+n+M
|
||||||
|
-> ssh-ed25519 +3V2lQ h+MbnwkJqmQbk2gtkyWvU/8gqJHYIG90lUH3AMENonk
|
||||||
|
wXsXHxzIsP9kSsi3mxmr5oujWL0Grj7y5inECZNSuIk
|
||||||
|
--- hkrqXuu9Lldhr675cyYUX5peiFT2s5ZMjIrOi7oRIyw
|
||||||
|
ê®è( <¾i0þøÃk$bL
|
||||||
|
ø+ë©€¯ï¬]–†úß…ÑÇEÄ¢¦wêíÆÈ »µ¬YÞ†é!0$šiôKÜà0DXæJdBÍÕ¦O.V×S¿‚ºd€Ä8çSƒ©¢
|
43
secrets/mail/teutat3s.age
Normal file
43
secrets/mail/teutat3s.age
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 UE5Ceg NVteAXOZyA8sjXpRU5/ttHLFvGnzD1k48gWWd70erwM
|
||||||
|
u57XR4AZoHLagd1/6aiYyz8jNSEtnEGp9Kc2kOHwq3o
|
||||||
|
-> ssh-ed25519 uYcDNw CDCJGqbJfqR+8REsogbO7z2Uy4VDiWlLdd7FVUIHYn8
|
||||||
|
OV7rjh5kzbGzwcKYsfgZX4jMP2pudlKEH8biFLvkeZU
|
||||||
|
-> ssh-rsa f5THog
|
||||||
|
DTPOjmtjwHBIOxCcvDSu2cJBd9GHBD+0t25w6CaU8lQl3v1ZJE8eOpxV9Bs3u07Q
|
||||||
|
BTjPeGp2qyXxvlLQ7hrQfJyhO7pN+Ngk01MRppFN2t83XiHi6VdAHTwZfxndNt/e
|
||||||
|
elP72j5octVrPVJVjNsZSJH92LyZlD4/PGtr31VdzW0/jvjB8bjXqQDEhlhs7Qz8
|
||||||
|
9gVT380VmZv4HvXoSgyCT2I/Rmij3zaRX6JQVkKV4YuNcuqoAHCmcG5SgEtesot1
|
||||||
|
h2+zH5lewQVB00Airi/hnYbTanyv41vmvdejT6yxrLyCMUGHjX8zbKzr+kXpmywo
|
||||||
|
AMraBh47mknL0XKAvqwsVRWh5JZI75sWI51Vs0o8N4k7J4FXc6TOvB2o2yGj+C+8
|
||||||
|
4cHLqC967jec2wmDdC0K645Bdm0BdZmp3f70NYb9ts4O5naooYCIRqSGgl11J9Nx
|
||||||
|
vfGDVsg+FtMTbk3UN5kikoYltBnR4wOW5TWYeZ6NaB+VTkB++lcFVTS+TyN1ejhF
|
||||||
|
H5N0QRhG5NaEuTaTuDESudgB3Rmi3nkKCcGLWPpPnrqV+ID9zsoC85DFHNjM8eVO
|
||||||
|
hzeMQUStpwp/AMfJm94GoO+x+6xXocB4+2Mq1hnv3CkrEdCFQGhH6zSTJCrRDayq
|
||||||
|
WD/bqtJ6twBmnh+jUPUBxlmz42bGTROznoXjC3slVxU
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
ap5x1yM55tQyJZRa5EewQwQlN/8FJXZ2JaZhAxP7TuKE0X5OqLqdh5sfF88vG2FT
|
||||||
|
RwDImVDgAbCH/EN5DPRReW9XetmI/zC8vpXiqL5kNPh+pC9P46lVqsA9N4SE3AYk
|
||||||
|
4XV7V8Z7MYS14vi0d8DFXNEBtwXAM0s4ZfOfEngkjUvOqRC9qCpSemMjrfNhvovP
|
||||||
|
xjlwsh/LlEf7WAM+xPzNnMJEgs9sC3wp0+RdBZhjwSBiUp6lpmCZOcUyxKgwqfPU
|
||||||
|
mSiQarTx8FZjurF/QZCAIyRGc5vs2mgQpHGOduWrPgLLwEgaWmOCz4ymdI60RJ0K
|
||||||
|
qTD9EVDB8HO34+uPQWPvEJbtNL0KsEKjltGW661MJbQtqTIlChnzCsO79aqdqtGW
|
||||||
|
wmOPGJJc3NMocVII/IA4mi2N/Ev5fnKK20Q8vQdsLW0WD3cm4zCPyIg+jiisC2by
|
||||||
|
MRafMALkVBwTZYvjntv+l6Dlq6Q9IPfKPPi43UHWCv89yDrh19WxuM1e9lwYkWVl
|
||||||
|
GUB9ncT89ETHm7IHzl4wtiogrTJbzFr9A/oBQqdIBvUYHP2HwPdDiPV9NCFHnWke
|
||||||
|
4BzU8QUetQWDCvYreIxZobuJ2ig4SkBNsqrfb9ZQGS1lRqmkUk4J/38s8xAJpBR0
|
||||||
|
KwzkEhJt5Dc92Q9RLlIW+QujLUEh9KjQPua/qb/1TYs
|
||||||
|
-> piv-p256 vRzPNw AiWs1Nt6wGKVg0MqB7tHu8E6Wscj2Eo1xhxhB+/BZL2b
|
||||||
|
pRjLl1Ds2dhLXVf4Im3Xzr3lG8vq+VJ1/EaPSAD5oiQ
|
||||||
|
-> piv-p256 zqq/iw A64X3dQLMlgBuY3E+NRYn1TSs+CYq9JNDTgyMk3bTK79
|
||||||
|
/tjhPEv0KwN5dH93zRvMFzBZRayjXQaQZjSHeW2etHE
|
||||||
|
-> ssh-ed25519 YFSOsg a9MTVbDi1sA36SeVRnR51T4G2X6Wx1lx6VBI1bNsjFY
|
||||||
|
UDUkvNwDXiuWc8XsVeFAW+WATZpKlJsKc+6i6ot7Pvk
|
||||||
|
-> ssh-ed25519 iHV63A YwhQZF/lcI1OosRxfJ66wTcTctwcRa0/zY66U52G9VI
|
||||||
|
HMHAI6FmX1DDq5z41/VomhCvRkJ9fIrxPEcO+aUIVp0
|
||||||
|
-> ssh-ed25519 BVsyTA JKIbjoFUd8CNYCjYjxwaLersAaDp4yi/eN/KvTOhXkk
|
||||||
|
1u9t02DQFgL6iN6e8HylV/tc7KpDlv/6hkulcNisrWk
|
||||||
|
-> ssh-ed25519 +3V2lQ JJJAo2PVKGLTAFMPBGOSNfYEGEjkCPlRtxqBjFR9yDk
|
||||||
|
PWm5uatk8fzhr4gK5XRgtdvTlzYRBUIEBfH6+CROyks
|
||||||
|
--- FZl+1vvJBe49ofX4ncsNpdtzFmG0upDcJ3j0KUmXxbI
|
||||||
|
)À+K¢\5Óö4$*Í8ÄïÖ®£»ŒÙ‰ªxWõBÁà<C381>DÜ@æôIŒr¬HÖF}æ:ôÞeL ¤ÍáûýÌ•´¾qÓ½YûNCºùçíùŒ3uN–Z<E28093>Gža3Òû|
|
Binary file not shown.
43
secrets/metronom-wg-private-key.age
Normal file
43
secrets/metronom-wg-private-key.age
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 UE5Ceg 1YUuuRDXFkGG2ZNYrRUro+Bx2GNGVTTCha+P9+T46DE
|
||||||
|
gTxW/j5xNSxjSq5wze7fhNJm1SB5/YEizO65jG4Q9Tw
|
||||||
|
-> ssh-ed25519 uYcDNw 7lGPy/ykR0Vnye8NYSBKcTRR2UzJ0lw2EXY6d/5gBjQ
|
||||||
|
SHbqjmcN4TNzFbQb3AgHgzzm8Yhr0LHSFQHXMLyTDVM
|
||||||
|
-> ssh-rsa f5THog
|
||||||
|
IKJVe3MhHIFyivBHwYuf+COke576b1h0ARtu44ycuLSS71C2kteigviIwstXz97M
|
||||||
|
GIHz9+aC0xJCa/gZ4WWZ5t5qO4XSmkIYCHPsV5UhjCEj6AAL27rP5oqXZKCTvPV6
|
||||||
|
7bEw4dNJmVyjAGYP0h4M+HaAFwe8nlKO291lyJ3NoyZcMR+KjEFiBK22W0oEqvS6
|
||||||
|
tvh3GgPp1iiHUvhF5uSUTxOqu30S7ogY1jtPLxQvEEJZwbXdCKZ/0BltfRGqKUWu
|
||||||
|
DKBcKERUeEa+fSYRtxZqd0GGGOi0Xq3UKjTSmt5w58cBkrntbQeRTNYfnvvqXJJ7
|
||||||
|
a0uRylsK2vnMjLXjlZryvL3ug+Ylpup/BuIMwzwpNEjasCqQt97v066Ho0qB0uej
|
||||||
|
rwslyXSjwlOsvblf6UovUzQ3GIG17X9POOavsW6md7wxZFCNtioo+qb7fegKK5Tr
|
||||||
|
W/H5GoB7g79pCbBUCMJP6MgPpMUVGH+5jDkWAQbik4lTH9ehD4Wu9V2hnyBub6fW
|
||||||
|
CjEtrWzpwH+yHFkm7R5IjI8DWoE4CWsb8KI+GUgr2R3AjdNuXINbJy+ya+wpuMLh
|
||||||
|
d5Q5tQbteQ2uBKJxXRrR8nNiiLqtQvRYsyF5G+BdXmAqAB0cBuH8yMmjUKju5tH9
|
||||||
|
lSmdqUScCcVY11T6Hccath065f8Jtvwj3nJE9f2iPfo
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
RVoy79ijvAmU9XlEsbmiOOWUfenL+hITb6tXELUGjZjYIg+JPDneg7m1plUnRpBM
|
||||||
|
sfLrTSzOLisWfct5rbXWb4QbNnD7biX0/uAPk8Jk3tmUfJsM1oLmNaRGGgo7RkFh
|
||||||
|
J28PG0n5+eumauoS0Yf11GIgWUpC8FeVJMrNM5r4yV65EJEyyjRxFHjIGl5Jh6Rq
|
||||||
|
bkJWpDsuFb2eb2BdZACV/M/aDYn+XGJW0oozNW91rryrQfsAHc3GzKoX2HtqNxua
|
||||||
|
3Z348+NTS7jCKKhEwwNwibgTSz1PT2ynyaXi2N60KZ8IDc1xwtn1Ybj2/S1no64h
|
||||||
|
P1GCjzKmwizgINoWQ8LYQ3nHxRXQjFdS4X63YUSXKcZ2TKMNydlB3IGL9N+xKflo
|
||||||
|
w5EMqFTuHInpyOfz73WDg2LKuzlWabjn8KIlx2bYG8Etn5alSX+oQGD5zTUkDt4p
|
||||||
|
/J3b8kLCdRSfVxwBudftXnk8CDg5gzM7LD0NOQ8/VK8lyTVE1dCCty1NUcM0o4mc
|
||||||
|
VgdlcJn9ISZSd3UAt6BDUHEMYdxktJnlPr8Gsw1iDU44Gu2fPUY2OpmAnIz6FshR
|
||||||
|
KkSThN08FL2EgEO99fbJ/8NiD+bml5duUNJQnjlQ8NC9w1S/4ADXpHSrJARQY0pn
|
||||||
|
DfTvCz2CJnPqojb2vDb0knqvhPNLu1lmtrlyqMygmLg
|
||||||
|
-> piv-p256 vRzPNw AlRMMj08FZgVJAcUdKDVtQzrrZWqOah1fq0xeLFOFYh/
|
||||||
|
fySXnGSZYyKOX75bwaByIAqaiatXpFF4zsuE7JEH//c
|
||||||
|
-> piv-p256 zqq/iw A7dI4n0fDq3z6OG/iuU8z4euPvx77lJJC9OlZG/RMPRc
|
||||||
|
waoyEH8qBDeUmCugy7ZnMj6tgLx/1+slhJTAJ4uXMNQ
|
||||||
|
-> ssh-ed25519 YFSOsg 99jNRmoZlrfV1ytKu8Pj41vBTNHED3dG99mjWnYe9Ec
|
||||||
|
p+Q3Dik27t8LRb5Mr17EzVwxdSQIZBeO+ezJVvFqg00
|
||||||
|
-> ssh-ed25519 iHV63A 1V4hJI/P7TkMWDbZb0NMdCSULS8XddPl6gGvc1gJ91I
|
||||||
|
CKzsgmbASOGWYRFSyYBvY90HrmLfQNKcrTPLvf5m0es
|
||||||
|
-> ssh-ed25519 BVsyTA tJu2Y42CtsqGMLf5VObT+nEMYHyujU2nmJQfWOTZsg8
|
||||||
|
MGxxNMPHyRNRDVurqovUkptzqfsemX9mCLSLu0RL7b4
|
||||||
|
-> ssh-ed25519 +3V2lQ vHPgK6xOUrH/1fqjkw2rhg10O0izPSTPX7b02v7J22A
|
||||||
|
A/V11elKo6YNiFHYMQrWBnUTsaz21MNH9jcY78dTlmU
|
||||||
|
--- QV+btlc1pzitb681enVVR/tT/kwE3s2sV1qB7yYJ/3Q
|
||||||
|
Y¥DgIx,ìµ´âÙËœ!à¢ptë m•ŠÂòä"$ú•‚™€¿¦aZTÔ4'Äû`õejüÊúKøAÕ£t×WÚS÷&){i–_íSŽ
|
|
@ -3,6 +3,7 @@ let
|
||||||
|
|
||||||
nachtigall-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7G0ufi+MNvaAZLDgpieHrABPGN7e/kD5kMFwSk4ABj root@nachtigall";
|
nachtigall-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7G0ufi+MNvaAZLDgpieHrABPGN7e/kD5kMFwSk4ABj root@nachtigall";
|
||||||
flora-6-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP1InpTBN4AlF/4V8HHumAMLJzeO8DpzjUv9Co/+J09 root@flora-6";
|
flora-6-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP1InpTBN4AlF/4V8HHumAMLJzeO8DpzjUv9Co/+J09 root@flora-6";
|
||||||
|
metronom-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLX6UvvrKALKL0xsNnytLPHryzZF5evUnxAgGokf14i root@metronom";
|
||||||
tankstelle-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJdF6cJKPDiloWiDja1ZtqkXDdXOCHPs10HD+JMzgeU4 root@tankstelle";
|
tankstelle-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJdF6cJKPDiloWiDja1ZtqkXDdXOCHPs10HD+JMzgeU4 root@tankstelle";
|
||||||
|
|
||||||
adminKeys = builtins.foldl' (
|
adminKeys = builtins.foldl' (
|
||||||
|
@ -14,6 +15,8 @@ let
|
||||||
tankstelleKeys = [ tankstelle-host ];
|
tankstelleKeys = [ tankstelle-host ];
|
||||||
|
|
||||||
flora6Keys = [ flora-6-host ];
|
flora6Keys = [ flora-6-host ];
|
||||||
|
|
||||||
|
metronomKeys = [ metronom-host ];
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBB5XaH02a6+TchnyQED2VwaltPgeFCbildbE2h6nF5e root@nachtigall
|
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBB5XaH02a6+TchnyQED2VwaltPgeFCbildbE2h6nF5e root@nachtigall
|
||||||
|
@ -22,6 +25,7 @@ in
|
||||||
"nachtigall-wg-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"nachtigall-wg-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
"tankstelle-wg-private-key.age".publicKeys = tankstelleKeys ++ adminKeys;
|
"tankstelle-wg-private-key.age".publicKeys = tankstelleKeys ++ adminKeys;
|
||||||
"flora6-wg-private-key.age".publicKeys = flora6Keys ++ adminKeys;
|
"flora6-wg-private-key.age".publicKeys = flora6Keys ++ adminKeys;
|
||||||
|
"metronom-wg-private-key.age".publicKeys = metronomKeys ++ adminKeys;
|
||||||
|
|
||||||
"mastodon-secret-key-base.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"mastodon-secret-key-base.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
"mastodon-otp-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"mastodon-otp-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
@ -72,4 +76,13 @@ in
|
||||||
|
|
||||||
"obs-portal-env.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"obs-portal-env.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
"obs-portal-database-env.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"obs-portal-database-env.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
|
||||||
|
# mail
|
||||||
|
"mail/hensoko.age".publicKeys = metronomKeys ++ adminKeys;
|
||||||
|
"mail/teutat3s.age".publicKeys = metronomKeys ++ adminKeys;
|
||||||
|
"mail/admins.age".publicKeys = metronomKeys ++ adminKeys;
|
||||||
|
"mail/bot.age".publicKeys = metronomKeys ++ adminKeys;
|
||||||
|
"mail/crew.age".publicKeys = metronomKeys ++ adminKeys;
|
||||||
|
"mail/erpnext.age".publicKeys = metronomKeys ++ adminKeys;
|
||||||
|
"mail/hakkonaut.age".publicKeys = metronomKeys ++ adminKeys;
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,6 +9,16 @@ resource "namecheap_domain_records" "pub-solar" {
|
||||||
type = "A"
|
type = "A"
|
||||||
address = "80.71.153.210"
|
address = "80.71.153.210"
|
||||||
}
|
}
|
||||||
|
record {
|
||||||
|
hostname = "metronom"
|
||||||
|
type = "A"
|
||||||
|
address = "49.13.236.167"
|
||||||
|
}
|
||||||
|
record {
|
||||||
|
hostname = "mail"
|
||||||
|
type = "A"
|
||||||
|
address = "49.13.236.167"
|
||||||
|
}
|
||||||
record {
|
record {
|
||||||
hostname = "auth"
|
hostname = "auth"
|
||||||
type = "CNAME"
|
type = "CNAME"
|
||||||
|
@ -143,7 +153,7 @@ resource "namecheap_domain_records" "pub-solar" {
|
||||||
record {
|
record {
|
||||||
hostname = "@"
|
hostname = "@"
|
||||||
type = "TXT"
|
type = "TXT"
|
||||||
address = "v=spf1 include:spf.greenbaum.zone a:list.pub.solar ~all"
|
address = "v=spf1 a:mail.pub.solar a:list.pub.solar ~all"
|
||||||
}
|
}
|
||||||
record {
|
record {
|
||||||
hostname = "list"
|
hostname = "list"
|
||||||
|
@ -160,6 +170,11 @@ resource "namecheap_domain_records" "pub-solar" {
|
||||||
type = "TXT"
|
type = "TXT"
|
||||||
address = "v=DMARC1; p=reject;"
|
address = "v=DMARC1; p=reject;"
|
||||||
}
|
}
|
||||||
|
record {
|
||||||
|
hostname = "mail._domainkey"
|
||||||
|
type = "TXT"
|
||||||
|
address = "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI333HhjmVmDYc5hYTtmB6o9KYb782xw+ewH1eQlpFcCMyJ1giYFeGKviNki9uSm52tk34zUIthsqJMRlz2WsKGgk4oq3MRtgPtogxbh1ipJlynXejPU5WVetjjMnwr6AtV1DP1Sv4n5Vz0EV8cTi3tRZdgYpG6hlriiHXbrvlIwIDAQAB"
|
||||||
|
}
|
||||||
record {
|
record {
|
||||||
hostname = "modoboa._domainkey"
|
hostname = "modoboa._domainkey"
|
||||||
type = "TXT"
|
type = "TXT"
|
||||||
|
@ -168,7 +183,7 @@ resource "namecheap_domain_records" "pub-solar" {
|
||||||
record {
|
record {
|
||||||
hostname = "@"
|
hostname = "@"
|
||||||
type = "MX"
|
type = "MX"
|
||||||
address = "mail.greenbaum.zone."
|
address = "mail.pub.solar."
|
||||||
mx_pref = "0"
|
mx_pref = "0"
|
||||||
}
|
}
|
||||||
record {
|
record {
|
||||||
|
|
Loading…
Reference in a new issue
Change this to the wireguard internal address before merge if it's already deployed