From 718db6f8c37f857098a28e3461c59cac9d0170d7 Mon Sep 17 00:00:00 2001 From: Hendrik Sokolowski Date: Sat, 1 Apr 2023 15:47:37 +0200 Subject: [PATCH] drop obsolete config from cube --- hosts/cube/acme.nix | 8 - hosts/cube/backup.nix | 39 ----- hosts/cube/configuration.nix | 47 ++--- hosts/cube/drone.nix | 21 --- hosts/cube/hardware-configuration.nix | 73 ++++---- hosts/cube/home-assistant.nix | 19 -- hosts/cube/invoiceplane.nix | 53 ------ hosts/cube/nextcloud-apps.nix | 84 --------- hosts/cube/nextcloud.nix | 163 ------------------ hosts/cube/tang-container.nix | 64 ------- hosts/cube/tang.nix | 23 --- .../home_controller_cube_wireguard_key.age | 33 ++-- secrets/secrets.nix | 2 +- 13 files changed, 72 insertions(+), 557 deletions(-) delete mode 100644 hosts/cube/acme.nix delete mode 100644 hosts/cube/backup.nix delete mode 100644 hosts/cube/drone.nix delete mode 100644 hosts/cube/home-assistant.nix delete mode 100644 hosts/cube/invoiceplane.nix delete mode 100644 hosts/cube/nextcloud-apps.nix delete mode 100644 hosts/cube/nextcloud.nix delete mode 100644 hosts/cube/tang-container.nix delete mode 100644 hosts/cube/tang.nix diff --git a/hosts/cube/acme.nix b/hosts/cube/acme.nix deleted file mode 100644 index 6ed057b3..00000000 --- a/hosts/cube/acme.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, config, ... }: - -{ - security.acme = { - acceptTerms = true; - defaults.email = "hensoko@gssws.de"; - }; -} diff --git a/hosts/cube/backup.nix b/hosts/cube/backup.nix deleted file mode 100644 index d6a18ba7..00000000 --- a/hosts/cube/backup.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ - config, - lib, - self, - ... -}: { - age.secrets.restic_repository_password.file = "${self}/secrets/cube_restic_repository_password.age"; - age.secrets.restic_nextcloud_password.file = "${self}/secrets/cube_restic_nextcloud_password.age"; - - programs.ssh.extraConfig = '' - Host backup - HostName 10.0.1.12 - Port 32222 - User backup - IdentityFile /run/agenix/restic_ssh_private_key - ''; - - services.postgresqlBackup = { - enable = true; - backupAll = true; - compression = "zstd"; - }; - - services.restic.backups = { - cox = { - passwordFile = "/run/agenix/restic_repository_password"; - paths = [ - "/mnt/internal/nextcloud" - "/var/backup/postgresql" - ]; - repositoryFile = "/run/agenix/restic_nextcloud_password"; - #repository = "rest:http://nextcloud:md1TYoRcOqdr7sBRH9ZH0iGos0yv2pLhrnZc3Xhk@10.0.1.12"; - #repository = "sftp:backup:/data/hdd/restic"; - timerConfig = { - OnCalendar = "02:00"; - }; - }; - }; -} diff --git a/hosts/cube/configuration.nix b/hosts/cube/configuration.nix index 7ba483fb..f8758087 100644 --- a/hosts/cube/configuration.nix +++ b/hosts/cube/configuration.nix @@ -1,21 +1,14 @@ -{ config, lib, pkgs, ... }: - { - imports = - [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ./acme.nix - ./backup.nix - ./drone.nix - ./home-assistant.nix - ./nextcloud.nix - ./wireguard.nix - - ./invoiceplane.nix - #./tang.nix - #./whiteboard.nix - ]; + config, + lib, + pkgs, + ... +}: { + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ./wireguard.nix + ]; # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; @@ -26,26 +19,14 @@ time.timeZone = "Europe/Berlin"; - networking = { - useDHCP = false; - - interfaces.eno1.ipv4.addresses = [{ - address = "80.244.242.2"; - prefixLength = 29; - }]; - - defaultGateway = "80.244.242.1"; - nameservers = [ "95.129.51.51" "80.244.244.244" ]; - }; - - services.openssh.ports = [ 2222 ]; + networking.interfaces.eno1.useDHCP = true; networking.nat.enable = true; - networking.nat.internalIPs = [ "10.10.42.0/24" ]; + networking.nat.internalIPs = ["10.10.42.0/24"]; networking.nat.externalInterface = "eno1"; - networking.firewall.allowedTCPPorts = [ 80 443 2222 ]; - networking.firewall.allowedUDPPorts = [ 51899 ]; + networking.firewall.allowedTCPPorts = [80 443 22]; + networking.firewall.allowedUDPPorts = [51899]; networking.firewall.enable = lib.mkForce true; diff --git a/hosts/cube/drone.nix b/hosts/cube/drone.nix deleted file mode 100644 index 05a2ceb5..00000000 --- a/hosts/cube/drone.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ self, config, pkgs, ... }: - -{ - age.secrets.drone_exec_runner_config = { - file = "${self}/secrets/cube_drone_exec_runner_config.age"; - owner = "999"; - }; - - pub-solar.docker-ci-runner = { - enable = true; - enableKvm = true; - nixCacheLocation = "/mnt/internal/ci-cache-nix-store/nix"; - - runnerEnvironment = { - DRONE_RUNNER_CAPACITY = "1"; - DRONE_RUNNER_LABELS = "hosttype:baremetal"; - }; - - runnerVarsFile = "/run/agenix/drone_exec_runner_config"; - }; -} diff --git a/hosts/cube/hardware-configuration.nix b/hosts/cube/hardware-configuration.nix index 61cb3929..f5aec2b7 100644 --- a/hosts/cube/hardware-configuration.nix +++ b/hosts/cube/hardware-configuration.nix @@ -1,40 +1,55 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "uhci_hcd" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - boot.extraModprobeConfig = "options kvm_intel nested=1"; + boot.loader.grub = { + enable = true; + version = 2; + device = "/dev/disk/by-id/usb-HP_iLO_Internal_SD-CARD_000002660A01-0:0"; + }; - boot.kernelPackages = pkgs.linuxPackages_6_1; + boot.initrd.availableKernelModules = ["ehci_pci" "ahci" "uhci_hcd" "xhci_pci" "megaraid_sas" "usb_storage" "usbhid" "sd_mod"]; + boot.initrd.kernelModules = ["dm-snapshot"]; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; - fileSystems."/" = - { - device = "/dev/disk/by-uuid/715ef65c-6cb3-4455-99ed-fe7408935d00"; - fsType = "ext4"; - }; + boot.initrd.luks.devices."cryptroot" = { + device = "/dev/disk/by-uuid/24ddd650-e9fc-4407-ba4c-cc237de4c484"; + bypassWorkqueues = true; + }; - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/e76a2e82-bf17-4287-967c-bd0f16d16875"; - fsType = "ext2"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/c47cdc43-d77c-4a01-87b3-a289fa97ef14"; + fsType = "ext4"; + }; - fileSystems."/mnt/internal" = - { - device = "/dev/disk/by-uuid/3563f624-f8ed-4664-95d0-ca8b9db1c60a"; - fsType = "ext4"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/3ee236cc-c4a6-423b-ba77-7a15ba642123"; + fsType = "ext4"; + }; - swapDevices = - [{ device = "/dev/disk/by-uuid/4b0b445b-ae72-439a-8aeb-cbd6a3ed73b9"; }]; + swapDevices = [ + {device = "/dev/disk/by-uuid/0ddcb856-f39e-45d6-bde3-4fbf9c81fe6c";} + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/hosts/cube/home-assistant.nix b/hosts/cube/home-assistant.nix deleted file mode 100644 index e9b1d714..00000000 --- a/hosts/cube/home-assistant.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ self, pkgs, config, ... }: - -{ - # HTTP - services.nginx = { - virtualHosts."ha.gssws.de" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://10.0.1.254:8123"; - proxyWebsockets = true; - extraConfig = - "proxy_ssl_server_name on;" + - "proxy_pass_header Authorization;" - ; - }; - }; - }; -} diff --git a/hosts/cube/invoiceplane.nix b/hosts/cube/invoiceplane.nix deleted file mode 100644 index e5a98e84..00000000 --- a/hosts/cube/invoiceplane.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ self, config, pkgs, ... }: - -let - hostAddress = "10.10.42.1"; - serviceAddress = "10.10.42.11"; - - domain = "inv.gssws.de"; - hostStateDir = "/mnt/internal/invoiceplane"; - containerStateDir = "/var/lib/invoiceplane"; -in -{ - # nginx - services.nginx.virtualHosts."${domain}" = { - forceSSL = true; - enableACME = true; - locations = { - "/" = { - proxyPass = "http://${serviceAddress}:80"; - }; - }; - }; - - # invoiceplane - containers."invoiceplane" = { - privateNetwork = true; - hostAddress = "10.10.42.1"; - localAddress = serviceAddress; - - bindMounts."${containerStateDir}" = { - hostPath = hostStateDir; - isReadOnly = false; - }; - - config = { config, pkgs, ... }: { - networking.firewall.allowedTCPPorts = [ 80 ]; - - services.phpfpm.pools."invoiceplane-${domain}".phpOptions = '' - date.timezone = Europe/Berlin - ''; - services.caddy.virtualHosts."http://${domain}".listenAddresses = [ "0.0.0.0" ]; - - services.invoiceplane.sites."${domain}" = { - enable = true; - stateDir = containerStateDir; - - database = { - user = "invoiceplane"; - name = "invoiceplane"; - }; - }; - }; - }; -} diff --git a/hosts/cube/nextcloud-apps.nix b/hosts/cube/nextcloud-apps.nix deleted file mode 100644 index f478c162..00000000 --- a/hosts/cube/nextcloud-apps.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ self, pkgs, config, lib, ... }: - -let - notify_push = pkgs.fetchzip { - sha256 = "7q1I4V2xUkRUK8qfEwxPNW/srkrGPPXiS1Y1Ew22zls="; - url = "https://github.com/nextcloud-releases/notify_push/releases/download/v0.5.2/notify_push-v0.5.2.tar.gz"; - }; -in -{ - systemd.services.nextcloud-notify-push = { - enable = true; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Environment = [ - "PORT=7867" - "NEXTCLOUD_URL=https://data.gssws.de" - ]; - ExecStart = "${notify_push}/bin/x86_64/notify_push /mnt/internal/nextcloud/config/config.php"; - User = "nextcloud"; - }; - }; - - services.nextcloud.extraApps = with pkgs.nextcloud25Packages.apps; { - inherit bookmarks calendar contacts deck keeweb news tasks; - inherit notify_push; - - "bruteforcesettings" = pkgs.fetchzip { - sha256 = "8Sev4B7AOzLGPX6a4in0BEXJ5oL6m2EYGuBExSCnfok="; - url = "https://github.com/nextcloud-releases/bruteforcesettings/releases/download/v2.4.0/bruteforcesettings-v2.4.0.tar.gz"; - }; - "cookbook" = pkgs.fetchzip { - sha256 = "j7nAprAIY4NMPD6kXfmXVW+PgpRiyx5SRPSe6IEB/vY="; - url = "https://github.com/nextcloud/cookbook/releases/download/v0.10.1/Cookbook-0.10.1.tar.gz"; - }; - "cospend" = pkgs.fetchzip { - sha256 = "vGjK9Sy+q4ycS5MWeTTrwDGPTOp6t4leH+rF/Y54d0c="; - url = "https://github.com/eneiluj/cospend-nc/releases/download/v1.5.5/cospend-1.5.5.tar.gz"; - }; - "files_accesscontrol" = pkgs.fetchzip { - sha256 = "34goKXWLUym5p7alby3WEyFzr346psHUeJ/+OZtfGmc="; - url = "https://github.com/nextcloud-releases/files_accesscontrol/releases/download/v1.15.1/files_accesscontrol-v1.15.1.tar.gz"; - }; - "files_automatedtagging" = pkgs.fetchzip { - sha256 = "PmcqHojtfww3wNIFoLM+hVXAjoo4zqzK6sUMeveHYa0="; - url = "https://github.com/nextcloud-releases/files_automatedtagging/releases/download/v1.15.0/files_automatedtagging-v1.15.0.tar.gz"; - }; - "files_fulltextsearch" = pkgs.fetchzip { - sha256 = "DEl/CbCvwiWvkNQOuKtHWzifq3AMrhL5wLHmSMuL4TU="; - url = "https://github.com/nextcloud-releases/files_fulltextsearch/releases/download/25.0.0/files_fulltextsearch-25.0.0.tar.gz"; - }; - "files_mindmap" = pkgs.fetchzip { - sha256 = "/u1H2QvyKfdGjelFAkLc3rRGQlm3T+OajAbpUF0+cdY="; - url = "https://github.com/ACTom/files_mindmap/releases/download/v0.0.27/files_mindmap-0.0.27.tar.gz"; - }; - "fulltextsearch" = pkgs.fetchzip { - sha256 = "1LVo5Cv6Gf4M/laVlHfm5wAQ8I8EsdLIThVm/jUj6uA="; - url = "https://github.com/nextcloud-releases/fulltextsearch/releases/download/25.0.0/fulltextsearch-25.0.0.tar.gz"; - }; - "groupfolders" = pkgs.fetchzip { - sha256 = "CGGt5QEzdJqOJywZQTQYeKIy/2JhHYGACHrfAmH9LD0="; - url = "https://github.com/nextcloud-releases/groupfolders/releases/download/v13.1.0/groupfolders-v13.1.0.tar.gz"; - }; - "maps" = pkgs.fetchzip { - sha256 = "8HNew2sIlMd+wt2a6jXa1tZpub56AnB5gfBs/cYlkcI="; - url = "https://github.com/nextcloud/maps/releases/download/v0.2.4/maps-0.2.4.tar.gz"; - }; - #"notify_push" = pkgs.fetchzip { - # sha256 = "7q1I4V2xUkRUK8qfEwxPNW/srkrGPPXiS1Y1Ew22zls="; - # url = "https://github.com/nextcloud-releases/notify_push/releases/download/v0.5.2/notify_push-v0.5.2.tar.gz"; - #}; - "quota_warning" = pkgs.fetchzip { - sha256 = "If4tW4yJbJ1xgfOyN0wxcgHLxXUrtKPdphRhbQOM6b4="; - url = "https://github.com/nextcloud-releases/quota_warning/releases/download/v1.15.0/quota_warning-v1.15.0.tar.gz"; - }; - "richdocuments" = pkgs.fetchzip { - sha256 = "I6Y3lyZADiUCpmnkRS7Muc54uOOvKpWdlQ189EKzesA="; - url = "https://github.com/nextcloud-releases/richdocuments/releases/download/v7.0.2/richdocuments-v7.0.2.tar.gz"; - }; - #"twofactor_totp" = pkgs.fetchzip { - # sha256 = "p3Ft3sQ/2HPXCFE03dm8pBL39b7bWCi2iAxHkbOK2V4="; - # url = "https://github.com/nextcloud-releases/twofactor_totp/releases/download/v6.4.1/twofactor_totp-v6.4.1.tar.gz"; - #}; - }; -} diff --git a/hosts/cube/nextcloud.nix b/hosts/cube/nextcloud.nix deleted file mode 100644 index af0bdd53..00000000 --- a/hosts/cube/nextcloud.nix +++ /dev/null @@ -1,163 +0,0 @@ -{ self, pkgs, config, lib, ... }: - -let - notifyPushPort = 7867; -in -{ - imports = [ - ./nextcloud-apps.nix - ]; - - age.secrets.nextcloud_db_pass = { - owner = "nextcloud"; - group = "nextcloud"; - file = "${self}/secrets/cube_nextcloud_db_pass.age"; - }; - - age.secrets.nextcloud_admin_pass = { - owner = "nextcloud"; - group = "nextcloud"; - file = "${self}/secrets/cube_nextcloud_admin_pass.age"; - }; - - # HTTP - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; - virtualHosts."data.gssws.de" = { - enableACME = true; - forceSSL = true; - - locations."^~ /push/" = { - proxyPass = "http://127.0.0.1:${toString notifyPushPort}"; - proxyWebsockets = true; - }; - }; - }; - - # DATABASES - services.postgresql = { - enable = true; - package = pkgs.postgresql_11; - - settings = { - max_connections = "200"; - }; - - ensureDatabases = [ "nextcloud" ]; - ensureUsers = [ - { - name = "nextcloud"; - ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; - } - ]; - }; - - # REDIS - services.redis.servers = { - "nextcloud".enable = true; - }; - - users.groups."redis-nextcloud".members = [ "nextcloud" ]; - - # Collabora Code server - virtualisation.oci-containers.containers."nextcloud-collabora-code" = { - image = "collabora/code"; - autoStart = true; - ports = [ "127.0.0.1:9980:9980" ]; - environment.domain = "data\\.gssws\\.de"; - extraOptions = [ "--cap-add" "MKNOD" ]; - }; - - services.nginx.virtualHosts."office.gssws.de" = - let - proxyPass = "https://127.0.0.1:9980"; - extraConfig = "proxy_ssl_verify off;"; - in - { - enableACME = true; - forceSSL = true; - - locations."^~ /browser" = { - inherit proxyPass extraConfig; - }; - locations."^~ /hosting/discovery" = { - inherit proxyPass extraConfig; - }; - locations."^~ /hosting/capabilities" = { - inherit proxyPass extraConfig; - }; - locations."~ ^/cool/(.*)/ws''$" = { - inherit proxyPass extraConfig; - proxyWebsockets = true; - }; - locations."~ ^/(c|l)ool" = { - inherit proxyPass extraConfig; - }; - locations."^~ /cool/adminws" = { - inherit proxyPass extraConfig; - proxyWebsockets = true; - }; - }; - - # NEXTCLOUD - systemd.services."nextcloud-setup" = { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; - }; - services.nextcloud = { - enable = true; - package = pkgs.nextcloud25; - hostName = "data.gssws.de"; - https = true; - datadir = "/mnt/internal/nextcloud"; - - caching.apcu = true; - caching.redis = true; - - phpPackage = lib.mkForce pkgs.php81; - - poolSettings = { - "pm" = "dynamic"; - "pm.max_children" = "128"; - "pm.start_servers" = "64"; - "pm.min_spare_servers" = "32"; - "pm.max_spare_servers" = "76"; - "pm.max_requests" = "500"; - }; - - phpOptions = { - short_open_tag = "Off"; - expose_php = "Off"; - error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT"; - display_errors = "stderr"; - "opcache.enable_cli" = "1"; - "opcache.interned_strings_buffer" = "32"; - "opcache.max_accelerated_files" = "100000"; - "opcache.memory_consumption" = "256"; - "opcache.revalidate_freq" = "1"; - "opcache.fast_shutdown" = "1"; - "openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt"; - catch_workers_output = "yes"; - }; - - config = { - overwriteProtocol = "https"; - - dbtype = "pgsql"; - dbuser = "nextcloud"; - dbhost = "/run/postgresql"; - dbname = "nextcloud"; - dbpassFile = "/run/agenix/nextcloud_db_pass"; - adminpassFile = "/run/agenix/nextcloud_admin_pass"; - adminuser = "admin"; - - trustedProxies = [ "80.244.242.2" ]; - defaultPhoneRegion = "DE"; - }; - }; -} diff --git a/hosts/cube/tang-container.nix b/hosts/cube/tang-container.nix deleted file mode 100644 index 93f0d6de..00000000 --- a/hosts/cube/tang-container.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ pkgs, config, ... }: - -let - containerStateDir = "/data"; - hostStateDir = "/opt/tangd"; - domain = ""; - serviceAddress = "10.10.42.12"; -in -{ - services.nginx.virtualHosts."${domain}" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://${serviceAddress}:${toString servicePort}"; - }; - }; - - containers."tang" = { - autoStart = true; - ephemeral = true; - bindMounts."${containerStateDir}" = { - hostPath = hostStateDir; - isReadOnly = false; - }; - - config = { config, pkgs, ... }: { - networking.firewall.enable = false; - - users.groups."_tang" = {} ; - - users.users."_tang" = { - group = "_tang"; - isSystemUser = true; - }; - - environment.systemPackages = [ "${pkgs.jose}" ]; - - systemd.services."tangd@" = { - enable = true; - serviceConfig = { - ExecStartPre = "${pkgs.bash}/bin/bash -c \"mkdir -p ${containerStateDir}/tang-db\""; - ExecStart = "${pkgs.tang}/libexec/tangd ${containerStateDir}/tang-db"; - StandardInput = "socket"; - StandardOutput = "socket"; - StandardError = "journal"; - User = "_tang"; - Group = "_tang"; - }; - }; - - systemd.sockets."tangd" = { - enable = true; - listenStreams = [ "${toString servicePort}" ]; - wantedBy = [ "sockets.target" ]; - socketConfig = { - Accept = true; - }; - }; - - system.stateVersion = "22.11"; - }; - - }; -} diff --git a/hosts/cube/tang.nix b/hosts/cube/tang.nix deleted file mode 100644 index 4492a113..00000000 --- a/hosts/cube/tang.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ self, config, pkgs, ... }: - -let - domain = "t.gssws.de"; - servicePort = 63080; -in -{ - services.nginx.virtualHosts."${domain}" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://127.0.0.1:${builtins.toString(servicePort)}"; - }; - }; - - virtualisation.oci-containers.containers."tang" = { - image = "cloggo/tangd"; - ports = [ "127.0.0.1:${builtins.toString(servicePort)}:8080" ]; - environment = { - IP_WHITELIST = "172.17.0.1"; - }; - }; -} diff --git a/secrets/home_controller_cube_wireguard_key.age b/secrets/home_controller_cube_wireguard_key.age index aa1e8841..b6fba322 100644 --- a/secrets/home_controller_cube_wireguard_key.age +++ b/secrets/home_controller_cube_wireguard_key.age @@ -1,21 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 hPyiJw H9fC9B01yBIuK4kuLCR+T+PNPXr9GHyft8mZCnPDkTY -814T5tV6Y2fK2dgr66nCive8TFykciQfNmWAPEq7AjA --> ssh-ed25519 YFSOsg JtumpQSIC4q9Os3pu5E8yKygzPveW7a28Ec0mnoTQw4 -Sidzfymq9mkA/vbwHFbfz7vprlTjOQGywQULyz4FJiE --> ssh-rsa 42S2Dw -uhfQ06sREfsIph1DPBlwV0x5uVq8+qsaZMGwoJgx5y5JEPOkW4OVHqJeVRLswvLP -JAqNypMaJ99ZQAlTWWVZPP3fLT7xqT71MpwyMWerQ9aHs0TdmDT4Uflv8MXj70j0 -0m8HySMzBuWOIZJT2nTipcfrpsZSJJ852ATtPMWSxkd86FHwwKRfAobrWxgq7y3S -y4Mg+hHbLpyiHwJkgKFDj9zqbxxMxEuizE9e3xeAGCkOuUI15SdT6clzeEk79KjN -LA0AAukjogRX11OduAP/F/xUlYK+R3qPV6RC4DjdWv8jkyul3/VvHVUXTKQXh6dH -s2GVRWrewkvkVx1FGr9kFg --> ssh-ed25519 iHV63A jJ0elkHdU2Si46g6NvwlQT2HSv5X04ETvppVS0KXg04 -uf701nEPCV+h3R5tZKJVUPoSnZ0Q9G9YvbRbT1JaC58 --> ssh-ed25519 uTVbSg gZsQ/qVZfcBh2TjfjYr5x2derahCkp10NbcYEOu/lA8 -TKx+3ZZuYOI9x2WeYxlkc1eg4NB/t096Yfn/L6y+v/8 --> u36Zx2-grease EcPV lR? 5*n -jweUnWSlMzAJ9zos5dI4rA5EVzJe3haX0JtORFEQnbG088O8iRZG/s/V8G8KZmO1 -5LJnnPjvNA ---- lt548aI1VX+cDd5wQYt8PPpSDSlpKhWyiPjsMlAiyeU -nQs18<%ށHwҴc}Fǐ &;\F*lEKC(/qx'\ه \ No newline at end of file +-> ssh-ed25519 hPyiJw PDAYOfRC3WR52UPJyxRM0j/40vIaYXWHP9Qc5C1XeyM +YEFXLCYFtK7ejU+i/RrxhV8RjhuXpnB3T7J9H2WU6I0 +-> ssh-ed25519 YFSOsg wfTSTKasks8qxITzeG+w+Zb7Cduo7Poo28YopUm0hD8 +0HXEs1/Nb3irJPgEkI6yjDfQuqWSWr79m8VUZEJt/YQ +-> ssh-ed25519 iHV63A lvTyKq0jrMPiqAJNvvtiSv4hFDPpUxvCLmFC5QgAGCU +ZX7BuooTCRdZf6oFgOyAz5kXaKF5ZaaRr44sAz1KY8E +-> ssh-ed25519 M1hJoQ PCVjpMFR7eX088akl5gCGc2GG6WB4nqaCSsBeGFyzWw +YrhsfUVqL64p27AVDYu/sB26Jy82xpEZepa2oK8i9ZU +-> y-grease :)oCj; +ulVy3Ql0uRerTUPnktK8wLzzKx2cfoB8Ijlg26SguS1sH5UZnsOAoSkCG8d2h4MF +M/x29vX9jUUXlff0ljOvrzlEgLWGZA +--- GSVGY1hfaf8qxtY+WYnALG/8mK0xErR+4Zw2iYNNLoU ++XqXZeޫa{q&dW\#A'fMxqtqȤ \`C \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 1a02fdba..1d911d9d 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -9,7 +9,7 @@ let system_cox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMINORCNhrxSdo2z70GkKrV8vcge2elgNPYzdRve+hI5 root@nixos"; system_companion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJu4u9Q36B8acRdBJi2RYU5pYpIMeCh+HKmtInR+IKQs root@nixos"; - system_cube = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5ok5tIuDKYpIw3KVmUnqBSDJ1QriWQJ04IVLF1Kaig root@nixos"; + system_cube = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSUke0r8PV35PWJ3BsGwFPtc2kWk2xbupbbdnJDc50x root@nixos"; system_chonk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICt8I4z42DXGL3d6eju3WzSEnJMeaWPn3y+f/82oYBzy root@nixos"; system_ringo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5g8CfSiMxboEJT2U92JoYdnv0nsArBPW/vfTEsUWZO root@nixos";