diff --git a/agenix/hosts/argon/acme/credentials.age b/agenix/hosts/argon/acme/credentials.age index e94dd80..d947f22 100644 Binary files a/agenix/hosts/argon/acme/credentials.age and b/agenix/hosts/argon/acme/credentials.age differ diff --git a/agenix/hosts/argon/adguardhome-sync/environment.age b/agenix/hosts/argon/adguardhome-sync/environment.age index e19a623..1ddeae4 100644 Binary files a/agenix/hosts/argon/adguardhome-sync/environment.age and b/agenix/hosts/argon/adguardhome-sync/environment.age differ diff --git a/agenix/hosts/argon/tailscale/authkey.age b/agenix/hosts/argon/tailscale/authkey.age index f3381fc..c9201fd 100644 Binary files a/agenix/hosts/argon/tailscale/authkey.age and b/agenix/hosts/argon/tailscale/authkey.age differ diff --git a/agenix/hosts/argon/user/danielPassword.age b/agenix/hosts/argon/user/danielPassword.age index 759c674..d502704 100644 --- a/agenix/hosts/argon/user/danielPassword.age +++ b/agenix/hosts/argon/user/danielPassword.age @@ -1,10 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 MtGp6g U64tjf5zAbKc75lCbHo62p2KNcfXQt52yJHiUTpJg14 -FeiGVg/RnR29rmqE3Xpy4eMtsp3IHoszyxjSsOxa/Fs --> ssh-ed25519 1fcLUQ rIwdZ+Y34BAgOPpxgn07Y12hfdZ3WgYZSFFA5vzbvE8 -EdbSNo1esy9Cswpam5sdgoy0gEc8HkNociwsYpiUqcI --> =P.Kq,e;-grease 4/;kU&E@A)r`,SFHdZ7%2E7@2]P\c \ No newline at end of file +-> ssh-ed25519 MtGp6g jHQlphYRDC9XoEGaBEMVkt0Cudd4LcOKt1T9sSoT6QY +uBnznP5KOBryzJh+0bKHhhk4wNT8vDKZyh3qpXLI+U4 +-> ssh-ed25519 1fcLUQ suONNORdjKzdUCPau4nUG1L0BzNHzT9eQ669eaZP5Qg +5F6Zp8vf/NsCRThnHNOpukBGxstpaHErnzHcOGJ27Oc +-> 9N!KJ-grease F(!,53 "CH3^Xe esi +cpdiFvK9ConkBNLPhy0hWuhJguPVmfLCL7uWrjMeJMThGPp2nf40ksnzDtRCVGkx +3GSVg8BaQEXLAY6gYjCdr6jlyw +--- ZBIcep+gXp2+AGh5wc101THkQ2eoSN8UWroyEbABEeQ +3[zjS$nڔc@h=]>UmPޕ?_[z!g R5ݲ"JծT'䮺JC(^%e#ٙS{˻A0}w%Dd] \ No newline at end of file diff --git a/agenix/hosts/argon/weewx-proxy/environment.age b/agenix/hosts/argon/weewx-proxy/environment.age index 74b06f5..d285a59 100644 Binary files a/agenix/hosts/argon/weewx-proxy/environment.age and b/agenix/hosts/argon/weewx-proxy/environment.age differ diff --git a/agenix/hosts/attic/acme/credentials.age b/agenix/hosts/attic/acme/credentials.age deleted file mode 100644 index 01cddf3..0000000 --- a/agenix/hosts/attic/acme/credentials.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 MtGp6g DslZcdbEJXsgQOXutAA28YdnuVEiPLNxirSYMAD2FEk -ODkI3TL7vI0IV/MSVWbS1D1wsjn08bzxTkBtMcC2rdU --> ssh-ed25519 sVf6CA TSOraE+TswUinNv50TM9Lm9oLLxtqNAh82c/MAdBgRg -CB9r0e4VHevtDQL/3xNg34/QSCImVk5tQATVXQysOqc --> 3ZTo(g'k-grease c <] zy -+jjPLQTWp9/HOKUk6IiSwgbUVWDPcPa9tONiUweoYYWPnH+bL7mATIOaS34/PA ---- 90yUb8QnWQu4fS9C/ZsxhBwYnnU7fhE1KetrVeP6jBQ -pu''-FK$Na:TXQA0Ոr!e (e>9<)j@y&ƓhkM"ȼ4ߘu:DjY \ No newline at end of file diff --git a/agenix/hosts/attic/atticd/environment.age b/agenix/hosts/attic/atticd/environment.age deleted file mode 100644 index 02ecc4a..0000000 Binary files a/agenix/hosts/attic/atticd/environment.age and /dev/null differ diff --git a/agenix/hosts/attic/config.nix b/agenix/hosts/attic/config.nix deleted file mode 100644 index 55833b8..0000000 --- a/agenix/hosts/attic/config.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - age.secrets = { - user-daniel-password = { - file = ./user/danielPassword.age; - }; - - acme-credentials = { - file = ./acme/credentials.age; - owner = "acme"; - group = "acme"; - }; - - tailscale-authkey = { - file = ./tailscale/authkey.age; - }; - - atticd-environment = { - file = ./atticd/environment.age; - }; - }; -} diff --git a/agenix/hosts/attic/tailscale/authkey.age b/agenix/hosts/attic/tailscale/authkey.age deleted file mode 100644 index 3f1f3ea..0000000 --- a/agenix/hosts/attic/tailscale/authkey.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 MtGp6g klhDMFv4exDFJWgCvrnOKuq94w+BNW4lrs+Z67zmzGg -eTkqX6c2lbR+olFS7M7YDQLSLav/k+UhEW8Zg5fULFw --> ssh-ed25519 sVf6CA tCvlYnJONVV9QTb9zAUPT0D8EEkCCqKGfoF6+bOT5CE -2L+wcL/c2tw+19RykIUpFzrjtaxzmsOKinCgnWYVf0Q --> s}I~&9-grease \$RX.n= -JH5ASx5rlWPLH/abJSr8o0QI4e17aK1HZrQQKweMEsoGXA7POgbUiow+XBt+MP8/ -PzKaC14zI2mTEzWiQvjlZH6pUnGUQkGE5zbxouWR3ovQVk8JtclO ---- 5My3p+I2aFCfnzjU1oC5Joc9Q4/k2bCNZv7Ilj/h65g --!i: mK}ǓmRPT *[XFL,]׌崗e#4zxkE8'/ OGA;ƵȐQ \ No newline at end of file diff --git a/agenix/hosts/attic/user/danielPassword.age b/agenix/hosts/attic/user/danielPassword.age deleted file mode 100644 index fdf1ada..0000000 --- a/agenix/hosts/attic/user/danielPassword.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 MtGp6g LNOEk3AXwGl658cTFbFvoICbrlhAIH6DILIh+Jc5knc -l7dm0Q4Z8GwFSzvoHf3LFUerYBXUeps87z69zZk3+tE --> ssh-ed25519 sVf6CA JwHPawkaLzeFIvtj5lC4evUdSLFXfBlqiRqGhi6mcR0 -pQP/DXnLaxNocMVok53cWGbAgvS/zEbS2uxWX+YvVQ8 --> k3jDW:F-grease -ORZpRxVBdQGP1F+Zc+tsJP5/ccuQLmYEeB/i40kAZTcgeuPtN6HRZ9DfqsjLhwfx -oAPkZDQ ---- vvt7wsQx4VSYTSF/K+Gb4tGIpI82G91olEaqUvm9gxM -&#bar y. xH&yW (L,:ݑzK}j8|y[X c\?%j-Zɕh_چ^XNBw \ No newline at end of file diff --git a/agenix/hosts/mediaserver/acme/credentials.age b/agenix/hosts/mediaserver/acme/credentials.age index 94329ef..eb2dee4 100644 --- a/agenix/hosts/mediaserver/acme/credentials.age +++ b/agenix/hosts/mediaserver/acme/credentials.age @@ -1,10 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 MtGp6g kw/hxMdmfaeoZaZuzOs6D6NQDg0uw0te/xIC1ig0CRQ -75WtQJ5+yJae8ggB/Lc7Ojsf02zuGUtFmjbIrmn9pj8 --> ssh-ed25519 Y94Yig Kole+FkRwVj74aP/M86s9gT8qNnfXSj4fVndlkCSo1E -0Eg9XeabpYUWsZ9ACxwAshpClrl80D+vvpFimAPbIP0 --> MWBvSZ-grease _ -R7vhLfAa1heAGRRBqKbgob3fIml3HEEoB2soDw3NEU25qvqVmrGq2K7JQPmmh3vR -vWfDK6j5dyIGZHxaSElWTkL9EbFCJRoTJ3YbfAkAQl0XrSc ---- 7HsStyCAvdGBkspUWV3Ncjn/5hst8LxkBCBn72M8kR0 -MՃ=#ra5ֲf ,ej}m5 NBp(l4n'_ȅŝ> :v->$96G& 8Y͵AS \ No newline at end of file +-> ssh-ed25519 MtGp6g m7rxbRakBZWmaDl2Ze2yH1tKyKsAFjxgiNwBb0kff0k +RYAz9tkDi3JjRiA5y9ppG4kvT6rHMdwWsFCGgq37quE +-> ssh-ed25519 Y94Yig c5z91SNovAll3sw7RPhoxqKUVp0sV15tsw1161VNZiM +ksoXSV8jTJerNpLwff9Rg0CkJOTUyjRQ+o4Fj8XwPAs +-> 3"7-grease Wv:?HV F}vV``\{ [fQg-^d +XOSM60qDImR1kqTIyJgCflATN/RgvOo2VgTo2Ndaz2+yFLDLGcmvBTrXMw +--- RIRQ4Fy71E6j3bIE9m9tEQB5ZZ++AnBfGMDwPPng73c +zC]~Kt,?2TׁN\rRݯ͗}d֤!3}b$8 d(0&m`/3=c \ No newline at end of file diff --git a/agenix/hosts/mediaserver/aria2/config.age b/agenix/hosts/mediaserver/aria2/config.age index 0a782ec..2ee5ac0 100644 Binary files a/agenix/hosts/mediaserver/aria2/config.age and b/agenix/hosts/mediaserver/aria2/config.age differ diff --git a/agenix/hosts/mediaserver/tailscale/authkey.age b/agenix/hosts/mediaserver/tailscale/authkey.age index 94b6f3f..3c365f3 100644 --- a/agenix/hosts/mediaserver/tailscale/authkey.age +++ b/agenix/hosts/mediaserver/tailscale/authkey.age @@ -1,9 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 MtGp6g h74pL3awChmTkZzkbne2+rzjNwk067747QW5Z+6yUhQ -7Xtv1G5K+t2tKsByHiVz7nmBEMXAzeznrNd1XeJr6ls --> ssh-ed25519 Y94Yig +Tf9z/WZbA5bgQ1H8R5QZRB6OnUq83xM2zDAXXBLjWU -wYSY5rCQYWXFPWVL0cCLcFOLAgisq+5L9LI9RyUFM7E --> 0e-grease LB fw E5 -YA ---- Sd0E1+Qg5kuFVEY60MlMux3HCFq2T+Qh+oWQaMnNc1A -WVCOsΫ3Zܯ4dw0AvH[VlO~f۱O᪷jY/Pwx]+>Lydz!-MJ`i Fd \ No newline at end of file +-> ssh-ed25519 MtGp6g WF7NACS4+2IWcLmDTjbiXQsI93ZUDUeofMg6eYwXyRM +xy71RLaW5MwZU69EP4A4x9SSTLsv2vINzdjPZbHUJ+8 +-> ssh-ed25519 Y94Yig nCe73IOsZbRmWpGBAg26zTkTP3GC3FnpmS7UujJkTyU +kY6qLgHIH+5bUTKDTqcak2r2l15XNJR2Hm7uCk1OxGM +-> F>J-grease @@cdP +NHDpMlW3kAJD9b/YgQkciZs7IILSWIFi0LY5L6j3IaQp1QTU1xQRzGs0QpH2jYCs +6UIr2dIfw/qc9Q8IGeOYJvHXfjtw +--- l+vCsTsawEm3J0DqduySW+9k3YMqa0iSHMoo/7Kk9xo +i(A]b ͓gn: #|=Kc4 RX:#D.~<=sKb>.] "V$C廊(͹ \ No newline at end of file diff --git a/agenix/hosts/mediaserver/tubearchivist/environmentES.age b/agenix/hosts/mediaserver/tubearchivist/environmentES.age index eae7526..12b35fe 100644 Binary files a/agenix/hosts/mediaserver/tubearchivist/environmentES.age and b/agenix/hosts/mediaserver/tubearchivist/environmentES.age differ diff --git a/agenix/hosts/mediaserver/tubearchivist/environmentTA.age b/agenix/hosts/mediaserver/tubearchivist/environmentTA.age index c3113da..62db1dd 100644 --- a/agenix/hosts/mediaserver/tubearchivist/environmentTA.age +++ b/agenix/hosts/mediaserver/tubearchivist/environmentTA.age @@ -1,12 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 MtGp6g uz0oiP4HsWKnBVTsigSUa7/2eZ0Tz65MGKeCEw8dDBY -oXj1IeJXnZdAd20pPzQUNi4KfI3XGVt0NfXp/PMPfsM --> ssh-ed25519 Y94Yig avWFRpAb+szO9DakgpIFF4kjb9B4dut1wMv/SS/0KTo -jPxw05Jj6bf4OnjqxHMQnB61p99UWSVWzH1xNvWCMTk --> +UJT-grease J1?Z{u 2[~S(c g,$ -vMYK6xvyUQPaBDeLu+DXdUOKVu1eTcqpvFsjDKa5XEPd6yQ ---- 2UKtiIzTaIaajjEbFvdoVCvzWCymjjy2YYW/N5sNIxU -hehT͎ '(.^S5V{w|ᘖ_Ij!QskO -N/ܔ}1lj238xμ \eLA@>!ߛT^CJdb188pT -NQ:`}:ۄEch<&2 -+'Ƥ:Nsb;q3kp& ɇüӲI\AGU`,f2d#WZ(#Gٱy>!&'S7NscMo*A,AM \ No newline at end of file +-> ssh-ed25519 MtGp6g GW9N5T3dh0ptZ/MfDX6J2XAK7wXEdUNsmnAd3eSP6mc +24XiI6o1aDyczMgfNR8hLszZXALvaD4nCV2lcL8Mce0 +-> ssh-ed25519 Y94Yig sHCIlqEqZ852T3+rMZISdUfFGfP5r6QetoPH4iSA/zs +vdSf8/l1hUq1s8uNQVhodlup94VbinbcPhw7jcrI+eU +-> 8-grease v9^\c +m3K3WQ +--- r+JHLR8RENpeN8oKOotwOfNISdTntyK8u332xH1jToA +^Cˀ6;-@t;d`fT@PoWȨBoH肠 U={L傤JsZ%vQ|#'zVMXKWЂy6BU~}'c𞯴H*݋z +tkU&EY1j`|Nm.G$ }AX1f մٽ' _o@u͓4U;̖H}=~p&͗O;\Sd\0,NL[v \ No newline at end of file diff --git a/agenix/hosts/mediaserver/unpackerr/config.age b/agenix/hosts/mediaserver/unpackerr/config.age index 8fe1d18..a21d12f 100644 Binary files a/agenix/hosts/mediaserver/unpackerr/config.age and b/agenix/hosts/mediaserver/unpackerr/config.age differ diff --git a/agenix/hosts/mediaserver/user/danielPassword.age b/agenix/hosts/mediaserver/user/danielPassword.age index b4ed21e..7c02da4 100644 Binary files a/agenix/hosts/mediaserver/user/danielPassword.age and b/agenix/hosts/mediaserver/user/danielPassword.age differ diff --git a/agenix/hosts/mediaserver/wireguard/config.age b/agenix/hosts/mediaserver/wireguard/config.age index 785d515..02d2be5 100644 Binary files a/agenix/hosts/mediaserver/wireguard/config.age and b/agenix/hosts/mediaserver/wireguard/config.age differ diff --git a/agenix/hosts/sail/acme/credentials.age b/agenix/hosts/sail/acme/credentials.age deleted file mode 100644 index 8bc0825..0000000 --- a/agenix/hosts/sail/acme/credentials.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 MtGp6g /0mUj2HFKLDNi68WSNo7AUzVPzYo2P6FYL7s2wezywk -axlQ+U9bJAws8svdsQ2yrEhpvrgjmvukuAPjpr+eJc0 --> ssh-ed25519 NbV4hw 5xhDSZOlPky3UvTHpznrB8AqQjyssU5HJqEpoGQ0wkw -N+XSv3maCLpMu8bEawrk7rUk+ZimKJRJKbrePUcsqOs --> e-grease `*$0X[e 6)& M3nc [rHD2˾\vtahX3(P&5 !|ˮ`nLt_LV`n,`X_+eͅ E[mO_ \ No newline at end of file diff --git a/agenix/hosts/sail/anonymous-overflow/config.age b/agenix/hosts/sail/anonymous-overflow/config.age deleted file mode 100644 index eebd772..0000000 --- a/agenix/hosts/sail/anonymous-overflow/config.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 MtGp6g j+wWxN36oq1/JJ4TMfKhe6QrKE5tgFz0dI/wwWCun28 -tUt/rdrzReLpQj3RkxYcF9HoE42aeHsYIaIMldaNTxk --> ssh-ed25519 NbV4hw 2O3kiqwJx5gWymqQfigGtUJ3IldVBu7JGGzktAS0yxU -own6iED8pE5xCw6zDnF86udNprBCQUDebIMxCqo33WA --> a-grease 7 =QE -oGBj3oq7WxxKpkGWpsuGJGtZasLHOQ6JH2JZnNCzEy2ctYiTW87vVPsFTGDdUWsP -7C8 ---- 4hM4yp5w5eEtln5zvu2dXeTND2XAYcxFonWcDLdsU4M -(uԷ#}1bCr}ͪF*#<=<ـbOCoWYR@2#mꜵwܨ\a8vVa{gn#nNA~wiQ|y:X6o \ No newline at end of file diff --git a/agenix/hosts/sail/atuin/environment.age b/agenix/hosts/sail/atuin/environment.age deleted file mode 100644 index 30935b8..0000000 --- a/agenix/hosts/sail/atuin/environment.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 MtGp6g 0hWrwfexWC7VgGb6GGZi7hbACRDxYRNXlsFrmXAIEiw -QcICViQGVktlUalatvBBHD/H3uASbcwK9SCO5F4xbQ8 --> ssh-ed25519 NbV4hw oFVVxqJeZjbmHkSLsg96kCKgARheMYkvJf1pKMSUqn4 -QT/d4FQT858lIqrNngI0xOT7pLlJVn64VIEhSeoYcEg --> D"A\4L4-grease TiT>[b%D #aq q[;-n EdXt&&Y -5EdxN4sgedRoDPWsWFKvQjHLLyagraSy/GQP8OhaZS0Litb0ipxgFIoheGDNyyX4 -HJnXx5SQ/hkVuyMv8HGM9GwFRHodDVdM9w ---- nJbxhp1UbqWzLvBTiZDS4nIV7nTIdA7oS0wC2nvzEl4 -9%PtMԱ>0YPEL{.[>Т ߿*Y 4n) IK80oiiG2klhF@ZM%R&VAKUY |Knk%ykˈSC>=.Εd!^J[z5yެѮU=iS-/E \ No newline at end of file diff --git a/agenix/hosts/sail/freshrss/databasePassword.age b/agenix/hosts/sail/freshrss/databasePassword.age deleted file mode 100644 index 8722ac1..0000000 Binary files a/agenix/hosts/sail/freshrss/databasePassword.age and /dev/null differ diff --git a/agenix/hosts/sail/freshrss/userPassword.age b/agenix/hosts/sail/freshrss/userPassword.age deleted file mode 100644 index 859f6fd..0000000 Binary files a/agenix/hosts/sail/freshrss/userPassword.age and /dev/null differ diff --git a/agenix/hosts/sail/invidious/databasePassword.age b/agenix/hosts/sail/invidious/databasePassword.age deleted file mode 100644 index 620cfa7..0000000 Binary files a/agenix/hosts/sail/invidious/databasePassword.age and /dev/null differ diff --git a/agenix/hosts/sail/mastodon/databasePassword.age b/agenix/hosts/sail/mastodon/databasePassword.age deleted file mode 100644 index 21813ad..0000000 --- a/agenix/hosts/sail/mastodon/databasePassword.age +++ /dev/null @@ -1,11 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 MtGp6g BHVqOYqAxl88lFQQs1D2oxHAuZ7E4HSAUlZysn9kmQs -asPKs1JpbUk9gfGbZOQyyT567c+XCMSrM/JizXVgGj4 --> ssh-ed25519 NbV4hw eCuSnWhbg8swZtNMZIirU6sri3Hc5+5rLQi9DUI82Hs -mAjvnx+NybVEh6rN1PrBXZgVp2eMDCDU6pm+eSALehM --> DtQ5-grease @$2={ Y' !Qw6C -ZVoPVcXGSqGvwFlT+L+OwDGus0Au5sXx2wtESOpzwEgImUndNxzgARLAuO+oOzX/ -722ju53IqUGnvMh5IybU8suMm3R1CBo9FoL5Vc0MUBQEp+kHG4UbCU5pjkLld1a5 - ---- zew38IQLg8t/0n4Nmf7PpEI2uACfZdbHZDrMWj9v3PU -(<`֣ f%/7+?2* j=g[ 8?| \ No newline at end of file diff --git a/agenix/hosts/sail/mastodon/extraConfig.age b/agenix/hosts/sail/mastodon/extraConfig.age deleted file mode 100644 index 39bb5d5..0000000 Binary files a/agenix/hosts/sail/mastodon/extraConfig.age and /dev/null differ diff --git a/agenix/hosts/sail/mastodon/otpSecret.age b/agenix/hosts/sail/mastodon/otpSecret.age deleted file mode 100644 index 69f7671..0000000 --- a/agenix/hosts/sail/mastodon/otpSecret.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 MtGp6g hsE2kvTf8occU2CJg+Ro52qm+ec1gNxBoQtCeHzZflg -b85OF5ipJIYlBOlgpUqNw7XK/MB+Ftd4pHMqjN+ArGI --> ssh-ed25519 NbV4hw dYum1uJ8J+Nbrz2UWZiijdJQ68QEac+NS9YM/h3dj0c -5lGJ2SdUnEp01oTr/Hm7IEj/0he9be37RXxmaNsOhpY --> =-~;<1--grease Zhb7zWk ]\1S-]W 1!$YB[ UM -urANgmNT3fiJft53WEhRmALdnBMcU2f9hjGfYrmBduXQYbqF50EUCBqLt+3hrmw ---- 3QCLu9/P+Dyvd2iVSo7d1fO0YC5D0gglZIFYIDrMGV4 -s`O5mCy)g۹2FG_8h$zǿJSkOziL REdB B ,47*Sj$'u#%cÌ#RnסNBb ߷3<'s> bZ|ALUlC{)!I \ No newline at end of file diff --git a/agenix/hosts/sail/mastodon/secretKeyBase.age b/agenix/hosts/sail/mastodon/secretKeyBase.age deleted file mode 100644 index 231149a..0000000 Binary files a/agenix/hosts/sail/mastodon/secretKeyBase.age and /dev/null differ diff --git a/agenix/hosts/sail/mastodon/smtpPassword.age b/agenix/hosts/sail/mastodon/smtpPassword.age deleted file mode 100644 index 85ae69c..0000000 --- a/agenix/hosts/sail/mastodon/smtpPassword.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 MtGp6g WRjFU1vNCp3fBfPodbmlRG7C6T7d50mfys4BZ0y3YVg -k9gVyVKqNKHUSQrwjeWmHhUYISSkLPE/gfxNfRODxTU --> ssh-ed25519 NbV4hw zQI28bXO7mBOyQN/iAaNCn2fwIFYFUWxPnklPa/MtGY -Hw4rOpcnqBjwNQ1wvozrOvNMGvOnc7QhzZMbmXI3Yuo --> jAN.9BRS-grease -dodkWJOX+0qm9jAT2fKStatcnhWBou+wo0Ytjha+w7ouHGk ---- E5w5Suq/PqT7b9cinBgU/GzEJTGwWPoULqFe4KkKjAE -g$ /B[W%3{p0:cAv; &a#{r="鎚ܿLy_<|PKaA!efa\l \ No newline at end of file diff --git a/agenix/hosts/sail/mastodon/vapidPrivateKey.age b/agenix/hosts/sail/mastodon/vapidPrivateKey.age deleted file mode 100644 index 63fa976..0000000 --- a/agenix/hosts/sail/mastodon/vapidPrivateKey.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 MtGp6g pfAwifbGls2XDS+Pn08B4B88XgB3DgizQytPLURZlVI -/f/CEHzojiwlVnA8mCcg8JwVAre419Sudk/MMJYOiO0 --> ssh-ed25519 NbV4hw 8DaGuQ9G6cZr9GSlqMBlHoTk0HcOKlmVWzz2ytvGB3I -bEEtNtIPiS2RdxwMLhNVU4We1+gf1N6bL9f2gjS1wVA --> Em:17j-grease G1mw> $hkViHO -0StibfZj6Bt54P+9csvjWxHJfPaTL72gK+bnmPVDBUNsTAXVwoO6Ed25t0LwsY5s -PbnGF3EjbMba6/lte1aDS3uaWqUcx4OT0NQ3joF0je10m5gPd9VptKKWSEg ---- zHAFp0QAwZsfUf8v+KIqSHo2UutjLHqm6WGXqW2iy9Y -_a*bKpNi ΒCN9 Al\g(b-WBuq\Ώpf,) \ No newline at end of file diff --git a/agenix/hosts/sail/mastodon/vapidPublicKey.age b/agenix/hosts/sail/mastodon/vapidPublicKey.age deleted file mode 100644 index 523747f..0000000 Binary files a/agenix/hosts/sail/mastodon/vapidPublicKey.age and /dev/null differ diff --git a/agenix/hosts/sail/mosquitto/passwordWeewx.age b/agenix/hosts/sail/mosquitto/passwordWeewx.age deleted file mode 100644 index 139e529..0000000 Binary files a/agenix/hosts/sail/mosquitto/passwordWeewx.age and /dev/null differ diff --git a/agenix/hosts/sail/mosquitto/passwordWeewxProxy.age b/agenix/hosts/sail/mosquitto/passwordWeewxProxy.age deleted file mode 100644 index fe18ee9..0000000 Binary files a/agenix/hosts/sail/mosquitto/passwordWeewxProxy.age and /dev/null differ diff --git a/agenix/hosts/sail/nitter/config.age b/agenix/hosts/sail/nitter/config.age deleted file mode 100644 index 7dc3832..0000000 Binary files a/agenix/hosts/sail/nitter/config.age and /dev/null differ diff --git a/agenix/hosts/sail/proxitok/environment.age b/agenix/hosts/sail/proxitok/environment.age deleted file mode 100644 index 2840225..0000000 Binary files a/agenix/hosts/sail/proxitok/environment.age and /dev/null differ diff --git a/agenix/hosts/sail/signald/environment.age b/agenix/hosts/sail/signald/environment.age deleted file mode 100644 index ef7fd3e..0000000 Binary files a/agenix/hosts/sail/signald/environment.age and /dev/null differ diff --git a/agenix/hosts/sail/synapse/extraConfig.age b/agenix/hosts/sail/synapse/extraConfig.age deleted file mode 100644 index 3d79a45..0000000 Binary files a/agenix/hosts/sail/synapse/extraConfig.age and /dev/null differ diff --git a/agenix/hosts/sail/tailscale/authkey.age b/agenix/hosts/sail/tailscale/authkey.age deleted file mode 100644 index 171a8e7..0000000 --- a/agenix/hosts/sail/tailscale/authkey.age +++ /dev/null @@ -1,11 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 MtGp6g Sk2HTzPviEFNJaD/G4FfYC1bv7aH4fQbEoEdvI/PMUo -f0lLi1o/RyadEbkHbXjpxzbuRT0WSMM/ZVM/eT3J6tk --> ssh-ed25519 NbV4hw TAR37t4C167S7DhZSJnRjV6YUtRCiXFI/ISMdT9rhVU -rn7TyQNB2oXlns5NU6DwHMVYCBFp/vKFilc7z6FDrss --> ]-grease -RmlKK+z9Gjb0eNJ3GLbC9DjuX4Rvj/aq6w ---- sNgUQAHFGfm3s3cK7GnUeLWfmDuCgNIsJ2Y8uKDSuvI -&WY]*t:JVE(b[.$y& =upBzmW -!>x4 -IIQ,(7x S \ No newline at end of file diff --git a/agenix/hosts/sail/weewx/config.age b/agenix/hosts/sail/weewx/config.age deleted file mode 100644 index 370450e..0000000 Binary files a/agenix/hosts/sail/weewx/config.age and /dev/null differ diff --git a/agenix/hosts/sail/weewx/skin.age b/agenix/hosts/sail/weewx/skin.age deleted file mode 100644 index 54af15b..0000000 Binary files a/agenix/hosts/sail/weewx/skin.age and /dev/null differ diff --git a/agenix/hosts/tanker/acme/credentials.age b/agenix/hosts/tanker/acme/credentials.age new file mode 100644 index 0000000..33ef7a4 --- /dev/null +++ b/agenix/hosts/tanker/acme/credentials.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g L1q+qwfU2wkTEJlWOG5vKlGBMHhI4b/U2M98R7RL5VE +m0NQP/AqnP8RDTxxOoVW7/7K4yRmFIcVxc1100Qt3Do +-> ssh-ed25519 iO8/4g ejCho6/w8f2gCYe2aRkIzpnSwWIG7JMi9z2g+4epOnw +W0NXnwvDegpCAdaT/e1uvIlPGO+QtseVijF2OcWm9Nk +-> h#U-|w-grease cT:yCeNj urp |i +uUcVWPo +--- aKA2jy1cZi/x3Ubt74sgZEiA7xxJiTOhgB6ZEAWvUk8 +n@8 8VϚf'*L ssh-ed25519 MtGp6g wLDb226kaMU+cwnasBSt4+lOgR62PlOP9sZ8LFl8li8 +NBJZZebrSrW8mnyFg8QzzyJWUsqd35q0YJREo/Lgugg +-> ssh-ed25519 iO8/4g zsFAJQKm3GmsxBKXNSgkyA/gI7LMYnG4ZVNdftgZjmU +x4UbQjPbVEiPSpmsD8BWY/Siakx9xCXchtc/+KsjC4E +-> NTcLv-grease w+P{u0@8 zKRW+'Yw H1g \ +7ezW+2UuxLjyPy/ApdJULZdkjoX+d8Qxo5nQRvS+CqvfJzwnqiZWoRc3c0DAPaRO +IybgnfUAXGv0RO6BRLFz7uAHchlx4ifSsjP91X+DuT5i6D3IagFk5IUC9enwdFc +--- 8cajqhgqHoalzZFfzdV4io6/BuXA7t9obNkeMyzBwZk +S70S(uB}$2܃ި;o| BQ* ssh-ed25519 MtGp6g Rio2L6qhE3HLAxtdsf5aDXWbDowXsR74H36HkBRY1Qs +H36+ug7qZlnWks0j4rxhb7smuaE+fvJzrYYfYKz9VDs +-> ssh-ed25519 iO8/4g qHBdGD/HGzbFqvXL/KuPwLUg30CV/26KSOREF6qHpB0 +N35CMIkrxCPA/l4G0CqaMD7hjnvUgXLVI9vwvdvBCkE +-> (-grease @V D*c +/zy4Ks2tvL+zUP+eL+2XXiqxm9wfCbv8iExB5sq6AHnvjPecoh2+ +--- /5TCNr2PFppr/TtIPsSxkzyLtEzku996EiJ2AiULda0 +%/f&Q2nL`c:mӾ~eI u9S  rt4S@!M84'<,?f-H-7f(T7} Uv& LI )҈ssCmޫ[X5罘Ep ZB(A:_\E2hҗJ4HBWK\hت09e;Τ*PR+[50KEu`{4451&[@4TL|%4] +zcD8:I:b.=Z0:OK%>sS=-(Wˀ/`k- Uun>>,ztsP}EU]z +=6_: \ No newline at end of file diff --git a/agenix/hosts/tanker/atuin/environment.age b/agenix/hosts/tanker/atuin/environment.age new file mode 100644 index 0000000..a1327e7 Binary files /dev/null and b/agenix/hosts/tanker/atuin/environment.age differ diff --git a/agenix/hosts/sail/config.nix b/agenix/hosts/tanker/config.nix similarity index 69% rename from agenix/hosts/sail/config.nix rename to agenix/hosts/tanker/config.nix index 35a89d1..9cc896b 100644 --- a/agenix/hosts/sail/config.nix +++ b/agenix/hosts/tanker/config.nix @@ -1,5 +1,9 @@ { age.secrets = { + user-daniel-password = { + file = ./user/danielPassword.age; + }; + acme-credentials = { file = ./acme/credentials.age; owner = "acme"; @@ -10,6 +14,20 @@ file = ./tailscale/authkey.age; }; + atuin-environment = { + file = ./atuin/environment.age; + }; + + atticd-environment = { + file = ./atticd/environment.age; + }; + + fedifetcher-config = { + file = ./fedifetcher/config.age; + symlink = false; + path = "/var/lib/fedifetcher/config.json"; + }; + mastodon-database-password = { file = ./mastodon/databasePassword.age; owner = "mastodon"; @@ -52,32 +70,8 @@ group = "mastodon"; }; - synapse-extra-config = { - file = ./synapse/extraConfig.age; - owner = "matrix-synapse"; - group = "matrix-synapse"; - }; - - signald-environment = { - file = ./signald/environment.age; - }; - - weewx-config = { - file = ./weewx/config.age; - symlink = false; - path = "/etc/container-weewx/weewx.conf"; - mode = "640"; - owner = "421"; - group = "421"; - }; - - weewx-skin = { - file = ./weewx/skin.age; - symlink = false; - path = "/etc/container-weewx/skin-wdc/skin.conf"; - mode = "644"; - owner = "421"; - group = "421"; + miniflux-credentials = { + file = ./miniflux/credentials.age; }; mosquitto-password-weewx-proxy = { @@ -92,27 +86,6 @@ group = "mosquitto"; }; - atuin-environment = { - file = ./atuin/environment.age; - }; - - freshrss-user-password = { - file = ./freshrss/userPassword.age; - owner = "freshrss"; - group = "freshrss"; - }; - - freshrss-database-password = { - file = ./freshrss/databasePassword.age; - owner = "freshrss"; - group = "freshrss"; - }; - - invidious-database-password = { - file = ./invidious/databasePassword.age; - mode = "444"; - }; - nitter-config = { file = ./nitter/config.age; }; @@ -121,8 +94,59 @@ file = ./anonymous-overflow/config.age; }; + invidious-extra-settings = { + file = ./invidious/extraSettings.age; + mode = "444"; + }; + proxitok-environment = { file = ./proxitok/environment.age; }; + + mautrix-signal-config = { + file = ./mautrix-signal/config.age; + symlink = false; + path = "/var/lib/matrix-bridges/signal/config.yaml"; + mode = "640"; + owner = "1337"; + group = "1337"; + }; + + signald-environment = { + file = ./signald/environment.age; + }; + + synapse-extra-config = { + file = ./synapse/extraConfig.age; + owner = "matrix-synapse"; + group = "matrix-synapse"; + }; + + mautrix-whatsapp-config = { + file = ./mautrix-whatsapp/config.age; + symlink = false; + path = "/var/lib/matrix-bridges/whatsapp/config.yaml"; + mode = "640"; + owner = "1337"; + group = "1337"; + }; + + weewx-config = { + file = ./weewx/config.age; + symlink = false; + path = "/var/lib/weewx/weewx.conf"; + mode = "640"; + owner = "421"; + group = "421"; + }; + + weewx-skin = { + file = ./weewx/skin.age; + symlink = false; + path = "/var/lib/weewx/skin-wdc/skin.conf"; + mode = "644"; + owner = "421"; + group = "421"; + }; }; } diff --git a/agenix/hosts/tanker/fedifetcher/config.age b/agenix/hosts/tanker/fedifetcher/config.age new file mode 100644 index 0000000..967c12b Binary files /dev/null and b/agenix/hosts/tanker/fedifetcher/config.age differ diff --git a/agenix/hosts/tanker/invidious/databasePassword.age b/agenix/hosts/tanker/invidious/databasePassword.age new file mode 100644 index 0000000..dd6c563 --- /dev/null +++ b/agenix/hosts/tanker/invidious/databasePassword.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g DZHI9LtTvwlKXyZw+fe33PwcgdWCze39MvWKKzkC8jc +R7GgrTzyF96GSzCbKmgzlB1k+JDeW3NGbFMVaPIeOBs +-> ssh-ed25519 iO8/4g cN6H4tPW2+D4WWTTontl6zg3IPCcOTqzFqDYQMJVajY +Ewzk3VgyGJ18JyhC7WKA7PrZfmnZXfTHdsMPep9smKI +-> ZOBXX:-grease +5eB!v) r#hU +U8ClN+91QW5mEodsaPx77H/9+W58LeV7AQ/Mm4v1Z5tlLy8uHQKR1lVDgApow6mI +EmbOatS3d62wpzz5Byd1n7acuORvgHkgFHhDWoOl6xLR +--- BxssSHOarZtYmAL9w+3NqJv3j5VO8Iu/+npamK1ujPI +1oUb$u}% yA>&s3F5_-T=g[j:Q+]qkTroQsÖ_y +Lb \ No newline at end of file diff --git a/agenix/hosts/tanker/invidious/extraSettings.age b/agenix/hosts/tanker/invidious/extraSettings.age new file mode 100644 index 0000000..f4d0094 Binary files /dev/null and b/agenix/hosts/tanker/invidious/extraSettings.age differ diff --git a/agenix/hosts/tanker/mastodon/databasePassword.age b/agenix/hosts/tanker/mastodon/databasePassword.age new file mode 100644 index 0000000..ec88b0c --- /dev/null +++ b/agenix/hosts/tanker/mastodon/databasePassword.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g wAwIsd2n0Fqui061boqUxqp+uMgqde27zPJeQohN5ik +TvGOeXoL98QUyGJ0UrLB2nvqCe+nkmGtEHfvZ8DTJc4 +-> ssh-ed25519 iO8/4g mbpwuiAKbj5ZbMxq2cYTpN0pRt5qfFcwxZNjRvKXqkU +bikCM08DQoCbocBWTOV4s5amEAO+gHlAJavfUWDMTTs +-> pS6>-grease j$PHEqF mA0,x h~ov7sK +ygTukhyfp8i8TJYCZpCSn3lIU9QS+6SN1BUapf0kYQiBU0mggnp6ywwYVf9jDOjU +BA +--- xdDdjEkcETSSFi4MPxBC0Ffr+ToRplrry4moUEQMQpk +>^m/0q7\ۼ"5Bnr) I}IF \ No newline at end of file diff --git a/agenix/hosts/tanker/mastodon/extraConfig.age b/agenix/hosts/tanker/mastodon/extraConfig.age new file mode 100644 index 0000000..a3c8c87 Binary files /dev/null and b/agenix/hosts/tanker/mastodon/extraConfig.age differ diff --git a/agenix/hosts/tanker/mastodon/otpSecret.age b/agenix/hosts/tanker/mastodon/otpSecret.age new file mode 100644 index 0000000..075924c --- /dev/null +++ b/agenix/hosts/tanker/mastodon/otpSecret.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g QRDjuTTTgd2UkCDITpSwImVEcUBIm7XI1IxzquiOHDM +lPv5CG9xdqA3djkvEAn2Zzy37VE7mlir+/mi1AqALv8 +-> ssh-ed25519 iO8/4g x79JNsGXJv92vMQ0V7v14+yPft90aA769No37ajRZm0 +HSlLIdBxW9P62kRsfBc519YAxxlYV2kZt4rxBO99B8g +-> {K-grease +Awy+8DrMd7Lmbok1+tqlv5AuIWTiNR2UqwxQgaN3D2MuD+yzwA +--- 1pwWY4vETJK5D6o7NZYLF9Uy2jl6N3F9/+8YtaUod6c +M2DxAf1 +NԈQ9йU30vEC o*i5vZ-i1Q6%ųm8>j.$Sg ܕZ3Y|e/EJ> Ju `So ,D%%M \ No newline at end of file diff --git a/agenix/hosts/tanker/mastodon/secretKeyBase.age b/agenix/hosts/tanker/mastodon/secretKeyBase.age new file mode 100644 index 0000000..33079fb --- /dev/null +++ b/agenix/hosts/tanker/mastodon/secretKeyBase.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g JkpzXmNNBQMnFsTHq6LTGdqcnOuaoyuoHLEhZ1B1IE0 +48v3LSzdX0n6MKAyDFhKdTeZjzhmgW4lXOHX30oHNcQ +-> ssh-ed25519 iO8/4g F9+dikSYBCq/mUOUrvoowMKRHvcI/K6XtSxlxtAMaU0 +b6Dx/C5vYNXdkzujLlnZQ3aEryKOrTRnUkn/0OIBsz0 +-> )sx-grease S SY71l?&= +BccDaWVHeqAeMNWT3S+3X1sZiEodhot5jJPsGSdcBtOSy7+4xufrdX/B+z+QfuMo +rIXGmQ +--- 4sbs6kDby/Pt9s4GPe704cxmxYrYI2Naa1YjgMO6y70 +~&*o0pBgk>Lü%ʸD A/}ڶt}_|}v 0y$jL8״SMsA邋 BcxMي6nq<`j;Ok*Xǝ@XV \ No newline at end of file diff --git a/agenix/hosts/tanker/mastodon/smtpPassword.age b/agenix/hosts/tanker/mastodon/smtpPassword.age new file mode 100644 index 0000000..028910e --- /dev/null +++ b/agenix/hosts/tanker/mastodon/smtpPassword.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g UYcHcYsaMBFH6RS+TBDpT45/3+eVVlRx/JVpXDvJdUQ +QkdeRft5FX4kKRcGNZ+hH8sLuFcb2dQVFxiIAnDDJX4 +-> ssh-ed25519 iO8/4g I3VCKLLgT+V8ehWhvYTcEDyj5fSAf+rhcFOpDDk5RnA +YnA8+ovbUDt7zsyhLiNYp6mBBRqmfdN3E/VAh/szdKI +-> {xVn9&^-grease +KVC2owNNTYRwUKb9qQ9rG9RFMn9Jve8DYbkt0ek +--- ECbJ8V2BT+01+k0dMfYkxkyp0GMzrn/R1ZCN4Kd8DQo +яR%Q w&V*V4~hu\XYٔiKksMNӰn0(u'{T79PC \ No newline at end of file diff --git a/agenix/hosts/tanker/mastodon/vapidPrivateKey.age b/agenix/hosts/tanker/mastodon/vapidPrivateKey.age new file mode 100644 index 0000000..9e71672 --- /dev/null +++ b/agenix/hosts/tanker/mastodon/vapidPrivateKey.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g lQFP6XGVNeVhNW2GNvbhwB6Ioo1aGbSv1pTlH3oO3Hw +J7YCjWhzbL2bvy6BYx5catINr2WCi/lg6XsfhPuMm6c +-> ssh-ed25519 iO8/4g 5r2bAlPLqTbtNZsXz5Gn7ncrRtXGpunp2t/GwSmhulg +4ydNTfRT0JDYc+iwYVDEdTJFoEiEifz6HxYJtVC3sn0 +-> gC-N|-grease +xVkdxNoYdrK21FwLl6SQj4vuK2dte5l4 +--- 1cc/CKuc3QQVSA/7/Boof2VuaMMnrOH8TLZPIrzfa9s +<%ABMMLx$G4;#&{NcѦf@'p.ӽ 7;%Q ]ET \ No newline at end of file diff --git a/agenix/hosts/tanker/mastodon/vapidPublicKey.age b/agenix/hosts/tanker/mastodon/vapidPublicKey.age new file mode 100644 index 0000000..1187522 --- /dev/null +++ b/agenix/hosts/tanker/mastodon/vapidPublicKey.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g U34DG4CcXltkDyCczpdzlk2uWF3tdZmHQvJz+VcC/mo +PuUL691MRlpyC1QE86eciJmA+q5t9a7oJYzsltNJ/Cw +-> ssh-ed25519 iO8/4g 03tbfcgMSrAWu7h2i6YHmmYfjJc84HMVznv+A6yW3Sw +x14/IabzH8x1xaPs5gWsHjcik57M8GiOl8XSL+2kZFw +-> y~qZ1RN-grease XZ +YE8TxLeH4mXaJ/sYJdb2mr1olb69mra/IMYsnTsjJjxZaFQh +--- u8AEpBN454GKBoXTo5LZfhT8O8NmMPoxZ2DoHRawVAQ +_S?KqF9"wm8\W<M7?#JCZ̢J \Eā-PJ'u\L2hȷ$nXAw(BͶ yD*xFS \ No newline at end of file diff --git a/agenix/hosts/tanker/mautrix-signal/config.age b/agenix/hosts/tanker/mautrix-signal/config.age new file mode 100644 index 0000000..43e272e Binary files /dev/null and b/agenix/hosts/tanker/mautrix-signal/config.age differ diff --git a/agenix/hosts/tanker/mautrix-whatsapp/config.age b/agenix/hosts/tanker/mautrix-whatsapp/config.age new file mode 100644 index 0000000..392bd75 Binary files /dev/null and b/agenix/hosts/tanker/mautrix-whatsapp/config.age differ diff --git a/agenix/hosts/tanker/miniflux/credentials.age b/agenix/hosts/tanker/miniflux/credentials.age new file mode 100644 index 0000000..70e173c --- /dev/null +++ b/agenix/hosts/tanker/miniflux/credentials.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g qZGcazmYr0cVRxTug4vtakkBqgWm9QC5wQPVnLU5iwM ++tKPQhktikJSIjzW/kcg+izEwJEY3z6gckQb3DdW5Qs +-> ssh-ed25519 iO8/4g pSIzsTaHkoV9WAjCSJIAr9uRNuVTiPTnyacfylF1y0o +oGXKk9SAnuUzGpdO5iOiaZvqtXmco+FAYIgyH89K+SA +-> \@3Ti?[K-grease n[ qu\ 9?W +7NfUxbNE7d9Om27ckTLpoqygnue5pR5Epu7QWoMaR4CZDQx0KfkeGf6EuCeybfcz +6XSsjsAYkZDMsQXn7hMWiQ +--- S6oZE6vH8A8dVnWOpfU/5vIGb0pkCueIB7soIj2SqwU +ԴU]kvXD|94| x{_BrwO"=eKAP<{LZN%M t[DjErg \ No newline at end of file diff --git a/agenix/hosts/tanker/mosquitto/passwordWeewx.age b/agenix/hosts/tanker/mosquitto/passwordWeewx.age new file mode 100644 index 0000000..f4241cf --- /dev/null +++ b/agenix/hosts/tanker/mosquitto/passwordWeewx.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g /XSuE5hFhZ9uikrpqA2Xg26QtfIKzj9DVTbtQpUMvmI +/TwDUNPZLU/CDQ22FIl8CUDz2mxAjf8W0/nurMx4diM +-> ssh-ed25519 iO8/4g KpdQeVMhb+Cm7JrndSD0PN7DGX2Z2DrEMUGdifQCehE +s15SBfOmUDDLUc+Kg9Tk15lLISUqU/5OcGeV+LuKMR4 +-> z#6ki~-grease =f5 c/\1V4tV m{<_`g &= +mY4q54CFASChkcQUH7ufRmNtUbBNquJ1BPUOVSl1GPWJQo4wLa4S2uVgzre6/JHM +jS3wv7r2Qz4jyIlTJke1uhO4oMYr3cVKQYMh7pwjLIRUOY4 +--- jiSqygWYh76uBkRcxLVCIvaqwfmUbzpg3pJf06E6Szg +GCэ)L#`]b`0EfFO#13\&#D4_ gDQ'7 ^"AvakU7;ӡ;󑉰 #D  +'gI \ No newline at end of file diff --git a/agenix/hosts/tanker/mosquitto/passwordWeewxProxy.age b/agenix/hosts/tanker/mosquitto/passwordWeewxProxy.age new file mode 100644 index 0000000..c9da380 --- /dev/null +++ b/agenix/hosts/tanker/mosquitto/passwordWeewxProxy.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g DDKoUegvH8ay9AZet7JR5Fm5rlLbG+J8M3S95FYvtlQ +/Y+EVrGiGvLNXNx9auwYU3+X8sk7iwreBCq0FxznYCM +-> ssh-ed25519 iO8/4g +OGDl9FY/C7bWx/BvsLurIlFfbcZ4gMTxwcn2PCuLRk +jNPfr5GtIpjpPRVu7CTqKFr+d0iktmbsYR4mYls3lnQ +-> VTq6sn-grease +Hz3Jv4/CTn0KY0K+fczMLo1TA53IvBrbPuIpNLHUGu7lVE8jIaDMOTKIArWdbcrR +iPdv +--- pCIBj99TU5X4ZaJLTBeTf58TIXAHj3GP7P+AszQ3mfc +R18M:^1zYq.~$ʬk g嗟QЉibYwIjBuyWf$R7 s'S2˴]&rǠ$NrKP^o нɉ3VCӻ`3 \ No newline at end of file diff --git a/agenix/hosts/tanker/nitter/config.age b/agenix/hosts/tanker/nitter/config.age new file mode 100644 index 0000000..76e3ea3 Binary files /dev/null and b/agenix/hosts/tanker/nitter/config.age differ diff --git a/agenix/hosts/tanker/proxitok/environment.age b/agenix/hosts/tanker/proxitok/environment.age new file mode 100644 index 0000000..f783d3f --- /dev/null +++ b/agenix/hosts/tanker/proxitok/environment.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g 0jnqFOQg3RhkdCG5+JjsKUcd/JE9fhzFDvsgB6fZ7R0 +KHrpFOnbkjbstLBgaFlLg7skOh7JrJPBlxerJ561unk +-> ssh-ed25519 iO8/4g x7hvbSev2gbPawB/rma1sHu7TQEh7GZnD7EOzNdKDBo +66lFTBhvGHoZxs9HadLktr8N0eJXHgHLctaV+ZqM+cM +-> .,hk(wE5#Z%׬ \ No newline at end of file diff --git a/agenix/hosts/tanker/signald/environment.age b/agenix/hosts/tanker/signald/environment.age new file mode 100644 index 0000000..ea99d38 --- /dev/null +++ b/agenix/hosts/tanker/signald/environment.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g TjcF9u1gbYjURFImt7uh+O7hNw3E2pR6H/i8Xd90DkU +wdeuBiwP0BTzMeVx+i7+jpWFaAW+dMnsXakFenPad/E +-> ssh-ed25519 iO8/4g V/BUJLff8IK0g5UFXqJ5ftK6Fs8zpheFr4ETzKQd5xs +0hzEB9qG6VX878t7tZzfjyH2BkgAhl+uDR4jX9chwgY +-> g.G-grease X;7X` 3ecO{T|m +/2RKLQzMCznCQXYnltmy7YhoXzHRJ4oxdArYCfQzJEcWDwy465xgm8EMNdu0mNA+ +O15n2g +--- C896AcFfLEvwf3tcYqZP5dfPKFmE4oaaKH6KveEao6A +'{3*v䖋Ѷ4ޫ<;QC(b- `.gon˲< >:l0ԑ]T⵽ 2Δ*h%l*WA O(屄WRA0[_HC6` \ No newline at end of file diff --git a/agenix/hosts/tanker/synapse/extraConfig.age b/agenix/hosts/tanker/synapse/extraConfig.age new file mode 100644 index 0000000..cf0f079 Binary files /dev/null and b/agenix/hosts/tanker/synapse/extraConfig.age differ diff --git a/agenix/hosts/tanker/tailscale/authkey.age b/agenix/hosts/tanker/tailscale/authkey.age new file mode 100644 index 0000000..f2042a5 --- /dev/null +++ b/agenix/hosts/tanker/tailscale/authkey.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g 8/VvalpTjMjXQYaGZiNTJ/UyXXcgaaKXT46+sn2IuC0 +eH+i//7AQiJ9KSD8NUkAd6CL6G6wuPeWBYLaUVUkH1s +-> ssh-ed25519 iO8/4g B9Tzo0djfjhV5wDj3i6JZseYJth+zIxkfbbMDuK8y3s +Wgokb9VVhd49riNZZ1JxuCGX1MgwzGr1Yqju475U0YA +-> 4S?&lGG-grease ? {z[+;U.< l8P&' !'eh+ +mEhY97w5jF9ubheu6mx4puGrqsUyPxwGLhiwMjr5YLLwR5Hnj9xRY40UHGdng1H1 +ssoX94PaJQN2YwwMSa8WudBhe2hAP7cWpH8tFMH6u/exmGO4UA +--- x1cfStmTuQb1xfYJ5DazYeAhjA1JcHZJF7Z4dhy2V58 +XKet0M(QiB-7 xgGNBXɒ\V=GfMK.$+'؟;ӀdMÇrǯH \ No newline at end of file diff --git a/agenix/hosts/tanker/user/danielPassword.age b/agenix/hosts/tanker/user/danielPassword.age new file mode 100644 index 0000000..40c2621 Binary files /dev/null and b/agenix/hosts/tanker/user/danielPassword.age differ diff --git a/agenix/hosts/tanker/weewx/config.age b/agenix/hosts/tanker/weewx/config.age new file mode 100644 index 0000000..ca62a9d Binary files /dev/null and b/agenix/hosts/tanker/weewx/config.age differ diff --git a/agenix/hosts/tanker/weewx/skin.age b/agenix/hosts/tanker/weewx/skin.age new file mode 100644 index 0000000..3cfc2ab Binary files /dev/null and b/agenix/hosts/tanker/weewx/skin.age differ diff --git a/agenix/hosts/weather-sdr/mosquitto/passwordWeewxProxy.age b/agenix/hosts/weather-sdr/mosquitto/passwordWeewxProxy.age index 6cf6216..e60939d 100644 Binary files a/agenix/hosts/weather-sdr/mosquitto/passwordWeewxProxy.age and b/agenix/hosts/weather-sdr/mosquitto/passwordWeewxProxy.age differ diff --git a/agenix/hosts/weather-sdr/user/danielPassword.age b/agenix/hosts/weather-sdr/user/danielPassword.age index 321cdd5..1467e29 100644 Binary files a/agenix/hosts/weather-sdr/user/danielPassword.age and b/agenix/hosts/weather-sdr/user/danielPassword.age differ diff --git a/container/matrix/default.nix b/container/matrix/default.nix index d818861..a2d7248 100644 --- a/container/matrix/default.nix +++ b/container/matrix/default.nix @@ -7,7 +7,7 @@ image = "registry.gitlab.com/signald/signald:0.23.2"; environmentFiles = [ config.age.secrets.signald-environment.path ]; volumes = [ - "/etc/container-matrix/signald:/signald" + "/var/lib/matrix-bridges/signald:/signald" ]; }; @@ -17,8 +17,8 @@ dependsOn = [ "signald" ]; ports = [ "127.0.0.1:29328:29328" ]; volumes = [ - "/etc/container-matrix/signal:/data" - "/etc/container-matrix/signald:/signald" + "/var/lib/matrix-bridges/signal:/data" + "/var/lib/matrix-bridges/signald:/signald" ]; }; @@ -27,37 +27,14 @@ image = "dock.mau.dev/mautrix/whatsapp:v0.8.4"; ports = [ "127.0.0.1:29318:29318" ]; volumes = [ - "/etc/container-matrix/whatsapp:/data" + "/var/lib/matrix-bridges/whatsapp:/data" ]; }; }; - networking.firewall.interfaces."podman+" = { - allowedUDPPorts = [ 443 ]; - allowedTCPPorts = [ 443 ]; - }; - systemd.tmpfiles.rules = [ - "d /etc/container-matrix/signald 0775 0 0" - "d /etc/container-matrix/signal 0775 1337 1337" - "d /etc/container-matrix/whatsapp 0775 1337 1337" + "d /var/lib/matrix-bridges/signald 0775 0 0" + "d /var/lib/matrix-bridges/signal 0775 1337 1337" + "d /var/lib/matrix-bridges/whatsapp 0775 1337 1337" ]; - - # Matrix: Signal - - environment.etc."container-matrix/signal/config.yaml" = { - source = ../../secret/container/matrix/config/signal.yaml; - mode = "0640"; - uid = 1337; - gid = 1337; - }; - - # Matrix: WhatsApp - - environment.etc."container-matrix/whatsapp/config.yaml" = { - source = ../../secret/container/matrix/config/whatsapp.yaml; - mode = "0640"; - uid = 1337; - gid = 1337; - }; } diff --git a/container/proxitok/default.nix b/container/proxitok/default.nix index 43f8dbd..7756042 100644 --- a/container/proxitok/default.nix +++ b/container/proxitok/default.nix @@ -29,8 +29,24 @@ "d /etc/container-proxitok/cache 0755 33 33" ]; + services.redis.servers.proxitok = { + enable = true; + bind = "10.88.0.1"; + port = 6381; + + databases = 1; + save = [ ]; + appendFsync = "no"; + + settings = { + protected-mode = "no"; + }; + }; + + networking.firewall.interfaces."podman+".allowedTCPPorts = [ 6381 ]; + services.nginx.virtualHosts."tictac.daniel.sx" = { - listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ]; + listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ]; quic = true; http3 = true; diff --git a/container/weewx/default.nix b/container/weewx/default.nix index b8642da..635c230 100644 --- a/container/weewx/default.nix +++ b/container/weewx/default.nix @@ -2,7 +2,7 @@ let secret = import ../../secret/container/weewx; - data-dir = "/etc/container-weewx"; + data-dir = "/var/lib/weewx"; in { virtualisation.oci-containers.containers.weewx = { @@ -71,7 +71,7 @@ in mosquittoPorts = [ 1883 ]; in { - "enp7s0".allowedTCPPorts = mosquittoPorts; + "enp41s0".allowedTCPPorts = mosquittoPorts; "tailscale0".allowedTCPPorts = mosquittoPorts; "podman+".allowedTCPPorts = mosquittoPorts; }; diff --git a/flake.lock b/flake.lock index 5d959e9..27198e2 100644 --- a/flake.lock +++ b/flake.lock @@ -110,11 +110,11 @@ ] }, "locked": { - "lastModified": 1686307493, - "narHash": "sha256-R4VEFnDn7nRmNxAu1LwNbjns5DPM8IBsvnrWmZ8ymPs=", + "lastModified": 1687290953, + "narHash": "sha256-PF0VGsuLxozDPLEGajGnb5usoO1v7YzzqOcG6k4ndQ4=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "7c16d31383a90e0e72ace0c35d2d66a18f90fb4f", + "rev": "ed275afbbaad9b0670e2aeac3ae542595255d604", "type": "github" }, "original": { @@ -145,6 +145,26 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1687134796, + "narHash": "sha256-gjBAkEtNPMQzqK4IHjTQBUv3VhggszOHLJbhXZy0OVQ=", + "owner": "nix-community", + "repo": "disko", + "rev": "4823509bb3b014dc85abefc13efcfa076d36338a", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -256,11 +276,11 @@ ] }, "locked": { - "lastModified": 1686922395, - "narHash": "sha256-ysevinohPxdKp0RXyhDRsz1/vh1eXazg4AWp0n5X/U4=", + "lastModified": 1687337969, + "narHash": "sha256-5b58eo7Eku2ae+62HHHTbHtwe4jlS44JfYCDulGdopg=", "owner": "nix-community", "repo": "home-manager", - "rev": "9ba7b3990eb1f4782ea3f5fe7ac4f3c88dd7a32c", + "rev": "9ce6977fe76fb408042a432e314764f8d1d86263", "type": "github" }, "original": { @@ -279,11 +299,11 @@ }, "locked": { "dir": "contrib", - "lastModified": 1686981691, - "narHash": "sha256-0ruufYV+/3E8kSneuBEIrX8032hTkcSi4PErPU5rl5c=", + "lastModified": 1687335032, + "narHash": "sha256-Mcy5o7jnkOjrT0b5haJ2bT+8bqSUoa1z+HW2H7DzaA4=", "owner": "neovim", "repo": "neovim", - "rev": "c07dceba335c56c9a356395ad0d1e5a14d416752", + "rev": "8d4a53fe6e20652946948170f2436ec520f9bdfe", "type": "github" }, "original": { @@ -304,11 +324,11 @@ "weewx-proxy-flake": "weewx-proxy-flake" }, "locked": { - "lastModified": 1686989911, - "narHash": "sha256-R9D6w+XyHk74iTVFNEcni9yW06TfPVH1w2+y0HnbN7o=", + "lastModified": 1687335565, + "narHash": "sha256-k9cIZ5ZSM2iyuRxPX6fce+qTPegdzu7H+VdgI9mB0l8=", "owner": "nifoc", "repo": "nix-overlay", - "rev": "582b7424ce2e4438728722f04c06969efa3008bc", + "rev": "7e3f4c1539b2df1c08ad2904802740c42189b6dc", "type": "github" }, "original": { @@ -335,11 +355,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1686979235, - "narHash": "sha256-gBlBtk+KrezFkfMrZw6uwTuA7YWtbFciiS14mEoTCo0=", + "lastModified": 1687274257, + "narHash": "sha256-TutzPriQcZ8FghDhEolnHcYU2oHIG5XWF+/SUBNnAOE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7cc30fd5372ddafb3373c318507d9932bd74aafe", + "rev": "2c9ecd1f0400076a4d6b2193ad468ff0a7e7fdc5", "type": "github" }, "original": { @@ -389,6 +409,7 @@ "attic": "attic", "darwin": "darwin", "deploy-rs": "deploy-rs", + "disko": "disko", "home-manager": "home-manager_2", "nifoc-overlay": "nifoc-overlay", "nixos-hardware": "nixos-hardware", @@ -464,11 +485,11 @@ ] }, "locked": { - "lastModified": 1686421566, - "narHash": "sha256-Doz8X6s2u33Lm0ZWxH/2d8r5AessR2unrDGHWSpxqUs=", + "lastModified": 1687028025, + "narHash": "sha256-haI8io27PLu8xijJDPcnKnD/oxB7LTnHNsHk8hLvl3A=", "owner": "nifoc", "repo": "weewx-proxy", - "rev": "224fdba4acb4c42f3f4cb49e1192fa26441f2e68", + "rev": "59d3a6cd0dd118a46f88badf33ffd3b2674c0bbf", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index e188fa4..5356a21 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,11 @@ { inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; - #nixpkgs.url = "github:nixos/nixpkgs?rev=22467e240f390f029d6c745ce031f0ffbdc40916"; + + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; darwin = { url = "github:lnl7/nix-darwin"; @@ -44,13 +48,8 @@ inherit inputs; }; - sail = import ./system/flakes/sail.nix { - inherit (inputs) nixpkgs deploy-rs home-manager agenix; - inherit inputs; - }; - - attic = import ./system/flakes/attic.nix { - inherit (inputs) nixpkgs deploy-rs home-manager agenix attic; + tanker = import ./system/flakes/tanker.nix { + inherit (inputs) nixpkgs disko deploy-rs home-manager agenix attic; inherit inputs; }; @@ -80,8 +79,7 @@ }; nixosConfigurations = { - sail = sail.system; - attic = attic.system; + tanker = tanker.system; mediaserver = mediaserver.system; argon = argon.system; weather-sdr = weather-sdr.system; @@ -89,8 +87,7 @@ }; deploy.nodes = { - sail = sail.deployment; - attic = attic.deployment; + tanker = tanker.deployment; mediaserver = mediaserver.deployment; argon = argon.deployment; weather-sdr = weather-sdr.deployment; diff --git a/hardware/disko/tanker.nix b/hardware/disko/tanker.nix new file mode 100644 index 0000000..b47a003 --- /dev/null +++ b/hardware/disko/tanker.nix @@ -0,0 +1,169 @@ +{ + disko.devices = { + disk = { + x = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { + name = "boot"; + start = "0"; + end = "1M"; + part-type = "primary"; + flags = [ "bios_grub" ]; + } + + { + name = "ESP"; + start = "1M"; + end = "1GiB"; + fs-type = "fat32"; + bootable = true; + content = { + type = "mdraid"; + name = "boot"; + }; + } + + { + name = "zfs"; + start = "1GiB"; + end = "-1GiB"; + content = { + type = "zfs"; + pool = "zroot"; + }; + } + + { + name = "swap"; + start = "-1GiB"; + end = "100%"; + part-type = "primary"; + content = { + type = "swap"; + randomEncryption = true; + }; + } + ]; + }; + }; + y = { + type = "disk"; + device = "/dev/nvme1n1"; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { + name = "boot"; + start = "0"; + end = "1M"; + part-type = "primary"; + flags = [ "bios_grub" ]; + } + + { + name = "ESP"; + start = "1M"; + end = "1GiB"; + fs-type = "fat32"; + bootable = true; + content = { + type = "mdraid"; + name = "boot"; + }; + } + + { + name = "zfs"; + start = "1GiB"; + end = "-1GiB"; + content = { + type = "zfs"; + pool = "zroot"; + }; + } + + { + name = "swap"; + start = "-1GiB"; + end = "100%"; + part-type = "primary"; + content = { + type = "swap"; + randomEncryption = true; + }; + } + ]; + }; + }; + }; + + mdadm = { + boot = { + type = "mdadm"; + level = 1; + metadata = "1.0"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + }; + + zpool = { + zroot = { + type = "zpool"; + mode = "mirror"; + rootFsOptions = { + compression = "lz4"; + "com.sun:auto-snapshot" = "true"; + }; + mountpoint = "/"; + postCreateHook = "zfs snapshot zroot@blank"; + + datasets = { + postgresql = { + type = "zfs_fs"; + mountpoint = "/var/lib/postgresql"; + options = { + recordsize = "16k"; + atime = "off"; + }; + }; + + elasticsearch = { + type = "zfs_fs"; + mountpoint = "/var/lib/elasticsearch"; + options = { + atime = "off"; + }; + }; + + mastodon = { + type = "zfs_fs"; + mountpoint = "/var/lib/mastodon"; + options = { + recordsize = "512k"; + atime = "off"; + }; + }; + + synapse = { + type = "zfs_fs"; + mountpoint = "/var/lib/matrix-synapse"; + options = { + recordsize = "512k"; + atime = "off"; + }; + }; + }; + }; + }; + }; +} diff --git a/hardware/hosts/attic.nix b/hardware/hosts/attic.nix deleted file mode 100644 index 7532f38..0000000 --- a/hardware/hosts/attic.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ pkgs, modulesPath, ... }: - -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - boot = { - loader.grub.device = "/dev/sda"; - - initrd = { - availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; - kernelModules = [ "nvme" "tls" ]; - }; - - kernelPackages = pkgs.linuxPackages_latest; - kernelModules = [ "tcp_bbr" ]; - - kernel.sysctl = { - "net.core.default_qdisc" = "fq"; - "net.ipv4.tcp_congestion_control" = "bbr"; - "net.ipv4.tcp_syncookies" = 0; - "net.ipv4.tcp_timestamps" = 1; - "net.ipv4.tcp_window_scaling" = 1; - "net.core.rmem_max" = 2500000; - }; - }; - - fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; -} diff --git a/hardware/hosts/sail.nix b/hardware/hosts/sail.nix deleted file mode 100644 index 6136f95..0000000 --- a/hardware/hosts/sail.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ pkgs, modulesPath, ... }: - -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - boot = { - loader.grub.device = "/dev/sda"; - - initrd = { - availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; - kernelModules = [ "nvme" "tls" ]; - }; - - kernelPackages = pkgs.linuxPackages_latest; - kernelModules = [ "tcp_bbr" ]; - - kernel.sysctl = { - "net.core.default_qdisc" = "fq"; - "net.ipv4.tcp_congestion_control" = "bbr"; - "net.ipv4.tcp_syncookies" = 0; - "net.ipv4.tcp_timestamps" = 1; - "net.ipv4.tcp_window_scaling" = 1; - "net.core.rmem_max" = 2500000; - }; - }; - - fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; -} diff --git a/hardware/hosts/tanker.nix b/hardware/hosts/tanker.nix new file mode 100644 index 0000000..1ed908a --- /dev/null +++ b/hardware/hosts/tanker.nix @@ -0,0 +1,36 @@ +{ pkgs, modulesPath, ... }: + +{ + imports = [ + ../disko/tanker.nix + ]; + + boot = { + loader.grub = { + enable = true; + + copyKernels = true; + devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ]; + efiInstallAsRemovable = true; + efiSupport = true; + fsIdentifier = "uuid"; + }; + + initrd = { + availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ]; + kernelModules = [ "tls" ]; + }; + + kernelPackages = pkgs.zfs.latestCompatibleLinuxPackages; + kernelModules = [ "tcp_bbr" ]; + + kernel.sysctl = { + "net.core.default_qdisc" = "fq"; + "net.ipv4.tcp_congestion_control" = "bbr"; + "net.ipv4.tcp_syncookies" = 0; + "net.ipv4.tcp_timestamps" = 1; + "net.ipv4.tcp_window_scaling" = 1; + "net.core.rmem_max" = 2500000; + }; + }; +} diff --git a/home/hosts/sail.nix b/home/hosts/sail.nix deleted file mode 100644 index 56ef1fb..0000000 --- a/home/hosts/sail.nix +++ /dev/null @@ -1,38 +0,0 @@ -args@{ pkgs, ... }: - -let - secret = import ../../secret/hosts/sail.nix; -in -{ - imports = [ - ../programs/fish.nix - ../programs/atuin.nix - ../programs/starship.nix - - ../programs/nvim - - ../programs/git.nix - - ../programs/bat.nix - - ../programs/fzf.nix - - ../programs/jq.nix - - ../programs/scripts.nix - ]; - - home = { - stateVersion = "22.11"; - - packages = with pkgs; [ - awscli2 - curlHTTP3 - lnav - mtr - parallel - q - ripgrep - ]; - }; -} diff --git a/home/hosts/attic.nix b/home/hosts/tanker.nix similarity index 100% rename from home/hosts/attic.nix rename to home/hosts/tanker.nix diff --git a/home/programs/nvim/plugins.nix b/home/programs/nvim/plugins.nix index d1a5899..dd34a93 100644 --- a/home/programs/nvim/plugins.nix +++ b/home/programs/nvim/plugins.nix @@ -30,12 +30,12 @@ in }; nvim-web-devicons = buildVimPluginFrom2Nix { pname = "nvim-web-devicons"; - version = "2023-05-27"; + version = "2023-06-18"; src = fetchFromGitHub { owner = "kyazdani42"; repo = "nvim-web-devicons"; - rev = "2a125024a137677930efcfdf720f205504c97268"; - sha256 = "0hjfi7zrxn7hci0gagnx50p20afdg5c63skjbh89rvsh0v2qgg3f"; + rev = "14b3a5ba63b82b60cde98d0a40319d80f25e8301"; + sha256 = "0hn54zz5a3zhg796jfryg1vsikv96vpvcgg71mz95wshnqjlr3jr"; fetchSubmodules = false; }; }; @@ -85,12 +85,12 @@ in }; leap-nvim = buildVimPluginFrom2Nix { pname = "leap.nvim"; - version = "2023-06-02"; + version = "2023-06-17"; src = fetchFromGitHub { owner = "ggandor"; repo = "leap.nvim"; - rev = "14b5a65190fe69388a8f59c695ed3394a10d6af8"; - sha256 = "1p3bz2zs4s2kg1q1gyaf2pffp1fwd0hmh5cds8s8a1r3cab9mnap"; + rev = "96f0f60baf037a3f91c8c725a0aad56094a73808"; + sha256 = "0qgqiiw2cmm60cxnil2cvkh5h6p8kx3zvcyw60ia7n4s93yqzbkx"; fetchSubmodules = false; }; }; @@ -107,23 +107,23 @@ in }; nvim-treesitter = buildVimPluginFrom2Nix { pname = "nvim-treesitter"; - version = "2023-06-17"; + version = "2023-06-21"; src = fetchFromGitHub { owner = "nvim-treesitter"; repo = "nvim-treesitter"; - rev = "840e5d71787b02789f909315f646a6dd66a0de2c"; - sha256 = "0zqp1bckgijic464868dqs4gxfmvjkmkrj9hkrjwm4vp5qfcqwk6"; + rev = "39b9f45a646371736ce95ec0c8cf685a727b5312"; + sha256 = "0cqwx2sqi5lqs7jmy8vsn81qhnfx6n403pxqyj8wihvl7g9kjz1n"; fetchSubmodules = false; }; }; nvim-ts-rainbow2 = buildVimPluginFrom2Nix { pname = "nvim-ts-rainbow2"; - version = "2023-06-14"; + version = "2023-06-20"; src = fetchFromGitHub { owner = "HiPhish"; repo = "nvim-ts-rainbow2"; - rev = "9e228dc94d083cb2dfddac64d524483f452dab40"; - sha256 = "13q9kpiwmydf39dfk47inaas2r49scsvrqb1v7rnimjmjxp2654d"; + rev = "a716318361239c9ee5364fc032795679b16762db"; + sha256 = "1k48q777kdxa12l5g47cmrd1lmih3h076jlcsway2anxa7kfjddl"; fetchSubmodules = false; }; }; @@ -220,12 +220,12 @@ in }; nvim-lspconfig = buildVimPluginFrom2Nix { pname = "nvim-lspconfig"; - version = "2023-06-17"; + version = "2023-06-20"; src = fetchFromGitHub { owner = "neovim"; repo = "nvim-lspconfig"; - rev = "80861dc087982a6ed8ba91ec4836adce619f5a8a"; - sha256 = "03n3zh5gizia6ryafj88c0n6rpwzqhfa7b3gwrr66z25c0sqqxv3"; + rev = "a51892484c2002c083a8b0a9dfcefb3a569be36d"; + sha256 = "02yxlfqlvv8nprk9mbxhw2mh52plcjka5kwbn4h8s4d49dzp396w"; fetchSubmodules = false; }; }; @@ -297,34 +297,34 @@ in }; LuaSnip = buildVimPluginFrom2Nix { pname = "LuaSnip"; - version = "2023-06-16"; + version = "2023-06-19"; src = fetchFromGitHub { owner = "L3MON4D3"; repo = "LuaSnip"; - rev = "4964cd11e19de4671189b97de37f3c4930d43191"; - sha256 = "15qfwwc5fsc6yhr0qsrfw4s8xvknrf1m25443lgz95v3d37hxkn5"; + rev = "3d2ad0c0fa25e4e272ade48a62a185ebd0fe26c1"; + sha256 = "01ih6rp99qvip3zpyd663c6fi69r4xfqj2x1k6x679h6gicharl0"; fetchSubmodules = false; }; }; friendly-snippets = buildVimPluginFrom2Nix { pname = "friendly-snippets"; - version = "2023-06-17"; + version = "2023-06-21"; src = fetchFromGitHub { owner = "rafamadriz"; repo = "friendly-snippets"; - rev = "70b727d3454cceb3a818b1746be09786568b7e33"; - sha256 = "13winfmabdpxwgig519qr11znjngdlmbgbmksyrilxangaw3zgjf"; + rev = "01f80274100fe3ff6c9183b9c0674a520141be4d"; + sha256 = "1pxbbdjq25ri5jhwl953020xwbzhy564m35xz9vhnv8i2wz8kg2l"; fetchSubmodules = false; }; }; nvim-cmp = buildVimPluginFrom2Nix { pname = "nvim-cmp"; - version = "2023-06-11"; + version = "2023-06-19"; src = fetchFromGitHub { owner = "hrsh7th"; repo = "nvim-cmp"; - rev = "b8c2a62b3bd3827aa059b43be3dd4b5c45037d65"; - sha256 = "1xh3pzcdbz2hqa3vl14gwn77pqjv939q9jfq1y4ln676jz5ljr4q"; + rev = "fa492591fecdc41798cd5d3d1713232a5088fba0"; + sha256 = "0a7szf6lfgadlxrsg34qjc6hyz2ca9k0z0xfyvdcqnibfhlbgg0l"; fetchSubmodules = false; }; }; @@ -429,12 +429,12 @@ in }; nvim-autopairs = buildVimPluginFrom2Nix { pname = "nvim-autopairs"; - version = "2023-06-14"; + version = "2023-06-18"; src = fetchFromGitHub { owner = "windwp"; repo = "nvim-autopairs"; - rev = "41803bdbf75569571f93fd4571f6c654635b1b46"; - sha256 = "1lxq0qr3ninkz4yk2a0467vzyx7lslg7fqix918cqd10mgrg5xkr"; + rev = "e8f7dd7a72de3e7b6626c050a802000e69d53ff0"; + sha256 = "0lk78zvmf5cyyq4nmrzybi7dbpbwx499r0la4wza9h1gp4l7xvy7"; fetchSubmodules = false; }; }; @@ -462,12 +462,12 @@ in }; nvim-treesitter-textobjects = buildVimPluginFrom2Nix { pname = "nvim-treesitter-textobjects"; - version = "2023-06-08"; + version = "2023-06-19"; src = fetchFromGitHub { owner = "nvim-treesitter"; repo = "nvim-treesitter-textobjects"; - rev = "2d6d3c7e49a24f6ffbbf7898241fefe9784f61bd"; - sha256 = "1mlx0hkx42al578ilwsj4547rqny85x089is189hdic287yw59gp"; + rev = "83c59ed1eeae70a55605990993cf4d208948fdf7"; + sha256 = "1780104ap415dlnvik1s027vhd0ikvly23lcb4dq2d2smlkymjgf"; fetchSubmodules = false; }; }; @@ -539,23 +539,23 @@ in }; gitsigns-nvim = buildVimPluginFrom2Nix { pname = "gitsigns.nvim"; - version = "2023-06-16"; + version = "2023-06-20"; src = fetchFromGitHub { owner = "lewis6991"; repo = "gitsigns.nvim"; - rev = "256569c2fe697a3003dbd49ff474e5935af9066c"; - sha256 = "1xxpqjmxqf7bkia4jrf78grjg9myq7lnhygmi0gm90nwlm9wi8vl"; + rev = "a36bc3360d584d39b4fb076d855c4180842d4444"; + sha256 = "1kq2ykmpagan4d4anjv8s8dp2gi22n8paqzkk933zr5azd9q6pjp"; fetchSubmodules = false; }; }; nui-nvim = buildVimPluginFrom2Nix { pname = "nui.nvim"; - version = "2023-06-16"; + version = "2023-06-18"; src = fetchFromGitHub { owner = "MunifTanjim"; repo = "nui.nvim"; - rev = "e319f2554d14a521f4271576ebff2685105d7628"; - sha256 = "1lm7fm2pdclsrimiw73m5pbg6h0g1yj9bd7kin55xapzvn4j3131"; + rev = "d146966a423e60699b084eeb28489fe3b6427599"; + sha256 = "0cg0771dai5gsch36qfandx3i48gq2zhifnmgwarl174af8f8mrq"; fetchSubmodules = false; }; }; @@ -572,12 +572,12 @@ in }; noice-nvim = buildVimPluginFrom2Nix { pname = "noice.nvim"; - version = "2023-06-12"; + version = "2023-06-19"; src = fetchFromGitHub { owner = "folke"; repo = "noice.nvim"; - rev = "a3318600bc1eba2cca84e879048c1ab8d4a0262d"; - sha256 = "1hba8idla910jwwpm9dgsa200nb0jw3054rnan7dyawg694d67bv"; + rev = "39461475d9de676bccc338876689c9e5b44bc932"; + sha256 = "11b4bv0dhy8y478p1gfw2ic47bg0x9v073ljndvcz5qcdh3qpsv9"; fetchSubmodules = false; }; }; diff --git a/home/programs/ssh/shared/builder.nix b/home/programs/ssh/shared/builder.nix index aacc468..16d3f21 100644 --- a/home/programs/ssh/shared/builder.nix +++ b/home/programs/ssh/shared/builder.nix @@ -16,6 +16,14 @@ identitiesOnly = true; }; + "builder-tanker" = { + hostname = "tanker.ts.kempkens.network"; + port = 22; + user = "root"; + identityFile = "~/.ssh/Hetzner.pub"; + identitiesOnly = true; + }; + "builder-mediaserver" = { hostname = "mediaserver.ts.kempkens.network"; port = 22; diff --git a/home/programs/ssh/shared/private.nix b/home/programs/ssh/shared/private.nix index 0192327..7c15b83 100644 --- a/home/programs/ssh/shared/private.nix +++ b/home/programs/ssh/shared/private.nix @@ -60,6 +60,15 @@ identitiesOnly = true; }; + "tanker" = { + hostname = "tanker.ts.kempkens.network"; + port = 22; + user = "daniel"; + forwardAgent = true; + identityFile = "~/.ssh/Hetzner.pub"; + identitiesOnly = true; + }; + "attic" = { hostname = "attic.ts.kempkens.network"; port = 22; diff --git a/secret/container/matrix/config/signal.yaml b/secret/container/matrix/config/signal.yaml deleted file mode 100644 index cbce2cc..0000000 Binary files a/secret/container/matrix/config/signal.yaml and /dev/null differ diff --git a/secret/container/matrix/config/whatsapp.yaml b/secret/container/matrix/config/whatsapp.yaml deleted file mode 100644 index 6eed493..0000000 Binary files a/secret/container/matrix/config/whatsapp.yaml and /dev/null differ diff --git a/secret/hosts/attic.nix b/secret/hosts/attic.nix deleted file mode 100644 index 2a75e72..0000000 Binary files a/secret/hosts/attic.nix and /dev/null differ diff --git a/secret/hosts/sail.nix b/secret/hosts/sail.nix deleted file mode 100644 index 05835dd..0000000 Binary files a/secret/hosts/sail.nix and /dev/null differ diff --git a/secret/hosts/tanker.nix b/secret/hosts/tanker.nix new file mode 100644 index 0000000..c1ef958 Binary files /dev/null and b/secret/hosts/tanker.nix differ diff --git a/secrets.nix b/secrets.nix index 1d2df53..1fca677 100644 --- a/secrets.nix +++ b/secrets.nix @@ -1,63 +1,62 @@ let user-daniel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1UfCIu7jUe64iQmp2UUyAgqZ3IYdMOo/Me6hRTnKoG"; - system-sail = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJMs1BqZ+MC7XBwV+dZW8EmaZt2cOg/xcOBPS9KSzIl"; - system-attic = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHe6N3LfPxu7KNsyuI8YE3R0OHLTxNw5+WhuQjKL6PUr"; + system-tanker = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpnogLd3Ttmz/At0dXveaG1xF37vV7lz34ojDTIuCOi"; system-mediaserver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDlB0cL5CtTOyARWSE2yUsNU4JHUPmr71710mZHzsmbX"; system-argon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPP9ygczyi6g8abvj1I0eAj7N2Rli9UMlkC8VT6SnWLU"; system-weather-sdr = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBHuAdx5u9R2DyK065DUxdwhEOi0at1WNkY5f4JtrOzk"; - sail = [ user-daniel system-sail ]; - attic = [ user-daniel system-attic ]; + tanker = [ user-daniel system-tanker ]; mediaserver = [ user-daniel system-mediaserver ]; argon = [ user-daniel system-argon ]; weather-sdr = [ user-daniel system-weather-sdr ]; in { - # sail - "agenix/hosts/sail/acme/credentials.age".publicKeys = sail; + # tanker + "agenix/hosts/tanker/user/danielPassword.age".publicKeys = tanker; - "agenix/hosts/sail/tailscale/authkey.age".publicKeys = sail; + "agenix/hosts/tanker/acme/credentials.age".publicKeys = tanker; - "agenix/hosts/sail/mastodon/databasePassword.age".publicKeys = sail; - "agenix/hosts/sail/mastodon/smtpPassword.age".publicKeys = sail; - "agenix/hosts/sail/mastodon/otpSecret.age".publicKeys = sail; - "agenix/hosts/sail/mastodon/secretKeyBase.age".publicKeys = sail; - "agenix/hosts/sail/mastodon/vapidPrivateKey.age".publicKeys = sail; - "agenix/hosts/sail/mastodon/vapidPublicKey.age".publicKeys = sail; - "agenix/hosts/sail/mastodon/extraConfig.age".publicKeys = sail; + "agenix/hosts/tanker/tailscale/authkey.age".publicKeys = tanker; - "agenix/hosts/sail/synapse/extraConfig.age".publicKeys = sail; + "agenix/hosts/tanker/atuin/environment.age".publicKeys = tanker; - "agenix/hosts/sail/signald/environment.age".publicKeys = sail; + "agenix/hosts/tanker/atticd/environment.age".publicKeys = tanker; - "agenix/hosts/sail/weewx/config.age".publicKeys = sail; - "agenix/hosts/sail/weewx/skin.age".publicKeys = sail; + "agenix/hosts/tanker/fedifetcher/config.age".publicKeys = tanker; - "agenix/hosts/sail/mosquitto/passwordWeewxProxy.age".publicKeys = sail; - "agenix/hosts/sail/mosquitto/passwordWeewx.age".publicKeys = sail; + "agenix/hosts/tanker/mastodon/databasePassword.age".publicKeys = tanker; + "agenix/hosts/tanker/mastodon/smtpPassword.age".publicKeys = tanker; + "agenix/hosts/tanker/mastodon/otpSecret.age".publicKeys = tanker; + "agenix/hosts/tanker/mastodon/secretKeyBase.age".publicKeys = tanker; + "agenix/hosts/tanker/mastodon/vapidPrivateKey.age".publicKeys = tanker; + "agenix/hosts/tanker/mastodon/vapidPublicKey.age".publicKeys = tanker; + "agenix/hosts/tanker/mastodon/extraConfig.age".publicKeys = tanker; - "agenix/hosts/sail/atuin/environment.age".publicKeys = sail; + "agenix/hosts/tanker/miniflux/credentials.age".publicKeys = tanker; - "agenix/hosts/sail/freshrss/userPassword.age".publicKeys = sail; - "agenix/hosts/sail/freshrss/databasePassword.age".publicKeys = sail; + "agenix/hosts/tanker/mosquitto/passwordWeewxProxy.age".publicKeys = tanker; + "agenix/hosts/tanker/mosquitto/passwordWeewx.age".publicKeys = tanker; - "agenix/hosts/sail/invidious/databasePassword.age".publicKeys = sail; + "agenix/hosts/tanker/nitter/config.age".publicKeys = tanker; - "agenix/hosts/sail/nitter/config.age".publicKeys = sail; + "agenix/hosts/tanker/anonymous-overflow/config.age".publicKeys = tanker; - "agenix/hosts/sail/anonymous-overflow/config.age".publicKeys = sail; + "agenix/hosts/tanker/invidious/databasePassword.age".publicKeys = tanker; + "agenix/hosts/tanker/invidious/extraSettings.age".publicKeys = tanker; - "agenix/hosts/sail/proxitok/environment.age".publicKeys = sail; + "agenix/hosts/tanker/proxitok/environment.age".publicKeys = tanker; - # attic - "agenix/hosts/attic/user/danielPassword.age".publicKeys = attic; + "agenix/hosts/tanker/synapse/extraConfig.age".publicKeys = tanker; - "agenix/hosts/attic/acme/credentials.age".publicKeys = attic; + "agenix/hosts/tanker/mautrix-signal/config.age".publicKeys = tanker; - "agenix/hosts/attic/tailscale/authkey.age".publicKeys = attic; + "agenix/hosts/tanker/signald/environment.age".publicKeys = tanker; - "agenix/hosts/attic/atticd/environment.age".publicKeys = attic; + "agenix/hosts/tanker/mautrix-whatsapp/config.age".publicKeys = tanker; + + "agenix/hosts/tanker/weewx/config.age".publicKeys = tanker; + "agenix/hosts/tanker/weewx/skin.age".publicKeys = tanker; # mediaserver "agenix/hosts/mediaserver/user/danielPassword.age".publicKeys = mediaserver; diff --git a/system/flakes/sail.nix b/system/flakes/sail.nix deleted file mode 100644 index a1bc4e5..0000000 --- a/system/flakes/sail.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ nixpkgs, deploy-rs, home-manager, agenix, inputs, ... }: - -let - default-system = "x86_64-linux"; - - overlay-attic = inputs.attic.overlays.default; - overlay-deploy-rs = _: _: { inherit (deploy-rs.packages.${default-system}) deploy-rs; }; - overlay-nifoc = inputs.nifoc-overlay.overlay; - - nixpkgsConfig = { - overlays = [ - overlay-attic - overlay-deploy-rs - overlay-nifoc - ]; - - config = { - allowUnfree = true; - allowBroken = true; - - permittedInsecurePackages = [ - "openssl-1.1.1t" - ]; - }; - }; -in -rec { - system = nixpkgs.lib.nixosSystem { - system = default-system; - modules = [ - ../hosts/sail.nix - - home-manager.nixosModules.home-manager - - agenix.nixosModules.default - - { - nixpkgs = nixpkgsConfig; - nix.nixPath = [ "nixpkgs=${nixpkgs}" ]; - nix.registry.nixpkgs.flake = nixpkgs; - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.daniel = import ../../home/hosts/sail.nix; - } - ]; - }; - - deployment = { - hostname = "sail"; - sshUser = "root"; - remoteBuild = true; - autoRollback = false; - magicRollback = false; - - profiles.system = { - path = deploy-rs.lib.${default-system}.activate.nixos system; - }; - }; -} diff --git a/system/flakes/attic.nix b/system/flakes/tanker.nix similarity index 82% rename from system/flakes/attic.nix rename to system/flakes/tanker.nix index c8eff78..75bd20b 100644 --- a/system/flakes/attic.nix +++ b/system/flakes/tanker.nix @@ -1,4 +1,4 @@ -{ nixpkgs, deploy-rs, home-manager, agenix, attic, inputs, ... }: +{ nixpkgs, disko, deploy-rs, home-manager, agenix, attic, inputs, ... }: let default-system = "x86_64-linux"; @@ -26,7 +26,9 @@ rec { system = nixpkgs.lib.nixosSystem { system = default-system; modules = [ - ../hosts/attic.nix + disko.nixosModules.disko + + ../hosts/tanker.nix home-manager.nixosModules.home-manager @@ -40,13 +42,13 @@ rec { nix.registry.nixpkgs.flake = nixpkgs; home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; - home-manager.users.daniel = import ../../home/hosts/attic.nix; + home-manager.users.daniel = import ../../home/hosts/tanker.nix; } ]; }; deployment = { - hostname = "attic"; + hostname = "94.130.142.168"; sshUser = "root"; remoteBuild = true; autoRollback = false; diff --git a/system/hosts/Styx.nix b/system/hosts/Styx.nix index f713dcd..ea4c348 100644 --- a/system/hosts/Styx.nix +++ b/system/hosts/Styx.nix @@ -74,7 +74,7 @@ }; }; - documentation.doc.enable = false; + documentation.enable = false; users = { users.daniel = { diff --git a/system/hosts/attic.nix b/system/hosts/attic.nix deleted file mode 100644 index 0d4fbba..0000000 --- a/system/hosts/attic.nix +++ /dev/null @@ -1,143 +0,0 @@ -args@{ pkgs, config, lib, ... }: - -let - secret = import ../../secret/hosts/attic.nix; - ssh-keys = import ../shared/ssh-keys.nix; -in -{ - imports = [ - ../../hardware/hosts/attic.nix - ../../agenix/hosts/attic/config.nix - ../shared/show-update-changelog.nix - ../nixos/ssh.nix - - ../nixos/git.nix - - ../nixos/acme-attic.nix - ../nixos/nginx.nix - - (import ../nixos/atticd.nix (args // { inherit secret; })) - - (import ../nixos/home-proxy.nix (args // { inherit secret; })) - - ../nixos/tailscale.nix - ]; - - system.stateVersion = "22.11"; - - nix = { - package = pkgs.nixVersions.stable; - - settings = { - auto-optimise-store = true; - - substituters = [ - "https://attic.cache.daniel.sx/nifoc-systems" - "https://nifoc.cachix.org" - "https://nix-community.cachix.org" - ]; - - trusted-public-keys = [ - "nifoc-systems:eDDqVP5BFR6/1KvXbF9oUL8JahDdmbrsYtxlQ57LOTU=" - "nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; - }; - - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 14d"; - }; - - extraOptions = '' - experimental-features = nix-command flakes - extra-platforms = aarch64-linux - keep-derivations = true - keep-outputs = true - post-build-hook = ${../../home/programs/scripts/attic-system-cache} - ''; - }; - - environment.etc."nix/netrc".source = ../../secret/shared/nix-netrc; - - boot = { - tmp.cleanOnBoot = true; - - binfmt.emulatedSystems = [ "aarch64-linux" ]; - }; - - zramSwap.enable = true; - - networking = { - hostName = "attic"; - useNetworkd = true; - - extraHosts = '' - 127.0.0.1 attic.cache.daniel.sx - ''; - }; - - systemd.network = { - enable = true; - - networks = { - "10-wan" = { - matchConfig.Name = "enp1s0"; - networkConfig = { - DHCP = "ipv4"; - Address = "2a01:4f8:c0c:fa14::1/64"; - Gateway = "fe80::1"; - }; - linkConfig.RequiredForOnline = "routable"; - - ntp = [ - "ntp1.hetzner.de" - "ntp2.hetzner.com" - "ntp3.hetzner.net" - ]; - }; - - "20-private" = { - matchConfig.Name = "enp7s0"; - networkConfig = { - DHCP = "ipv4"; - IPv6AcceptRA = false; - }; - linkConfig.RequiredForOnline = "routable"; - }; - }; - - wait-online.extraArgs = [ - "--interface=enp1s0" - "--interface=enp7s0" - ]; - }; - - services.journald.extraConfig = '' - SystemMaxUse=1G - ''; - - documentation = { - nixos.enable = false; - doc.enable = false; - }; - - programs.fish.enable = true; - - users.users = { - root = { - openssh.authorizedKeys.keys = [ ssh-keys.Hetzner ]; - }; - - daniel = { - passwordFile = config.age.secrets.user-daniel-password.path; - isNormalUser = true; - home = "/home/daniel"; - description = "Daniel"; - extraGroups = [ "wheel" ]; - shell = pkgs.fish; - openssh.authorizedKeys.keys = [ ssh-keys.Hetzner ]; - }; - }; -} diff --git a/system/hosts/sail.nix b/system/hosts/tanker.nix similarity index 68% rename from system/hosts/sail.nix rename to system/hosts/tanker.nix index 3285b5e..4d3f5c8 100644 --- a/system/hosts/sail.nix +++ b/system/hosts/tanker.nix @@ -1,34 +1,43 @@ -args@{ pkgs, ... }: +args@{ pkgs, config, ... }: let - secret = import ../../secret/hosts/sail.nix; + secret = import ../../secret/hosts/tanker.nix; ssh-keys = import ../shared/ssh-keys.nix; in { imports = [ - ../../hardware/hosts/sail.nix - ../../agenix/hosts/sail/config.nix + ../../hardware/hosts/tanker.nix + ../nixos/zfs.nix + ../../agenix/hosts/tanker/config.nix ../shared/show-update-changelog.nix ../nixos/ssh.nix ../nixos/git.nix - ../nixos/acme-sail.nix + ../nixos/acme-tanker.nix ../nixos/nginx.nix - - ../nixos/atuin-sync.nix - - ../nixos/attic.nix + ../nixos/postgresql.nix + ../nixos/elasticsearch.nix + ../nixos/mosquitto.nix + ../nixos/container.nix ../nixos/anonymous-overflow.nix - (import ../nixos/freshrss.nix (args // { inherit secret; })) + ../nixos/atuin-sync.nix + + (import ../nixos/atticd.nix (args // { inherit secret; })) + + ../nixos/fedifetcher.nix + + (import ../nixos/home-proxy.nix (args // { inherit secret; })) ../nixos/invidious.nix (import ../nixos/libreddit.nix (args // { inherit secret; })) - (import ../nixos/mastodon.nix (args // { inherit secret; })) + ../nixos/mastodon.nix + + ../nixos/miniflux.nix (import ../nixos/nitter.nix (args // { inherit secret; })) @@ -38,18 +47,13 @@ in ../nixos/synapse.nix - ../nixos/websites-sail.nix - ../nixos/tailscale.nix - ../nixos/mosquitto.nix + ../nixos/websites-tanker.nix - ../nixos/container.nix - ../../container/weewx ../../container/matrix ../../container/proxitok - - (import ../nixos/fedifetcher.nix (args // { inherit secret; })) + ../../container/weewx ]; system.stateVersion = "22.11"; @@ -96,14 +100,13 @@ in binfmt.emulatedSystems = [ "aarch64-linux" ]; }; - zramSwap.enable = true; - networking = { - hostName = "sail"; + hostName = "tanker"; + hostId = "d89f488a"; useNetworkd = true; extraHosts = '' - 10.99.99.4 attic.cache.daniel.sx + 127.0.0.1 attic.cache.daniel.sx ''; }; @@ -112,55 +115,58 @@ in networks = { "10-wan" = { - matchConfig.Name = "enp1s0"; - networkConfig = { - DHCP = "ipv4"; - Address = "2a01:4f8:c2c:989c::1/64"; - Gateway = "fe80::1"; - }; + matchConfig.Name = "enp41s0"; + address = [ + "94.130.142.168/26" + "2a01:4f8:13b:2d81::2/64" + ]; + gateway = [ + "94.130.142.129" + "fe80::1" + ]; linkConfig.RequiredForOnline = "routable"; + dns = [ + "185.12.64.1" + "185.12.64.2" + "2a01:4ff:ff00::add:1" + "2a01:4ff:ff00::add:2" + ]; + ntp = [ "ntp1.hetzner.de" "ntp2.hetzner.com" "ntp3.hetzner.net" ]; }; - - "20-private" = { - matchConfig.Name = "enp7s0"; - networkConfig = { - DHCP = "ipv4"; - IPv6AcceptRA = false; - }; - linkConfig.RequiredForOnline = "routable"; - }; }; wait-online.extraArgs = [ - "--interface=enp1s0" - "--interface=enp7s0" + "--interface=enp41s0" ]; }; services.journald.extraConfig = '' - SystemMaxUse=1G + SystemMaxUse=4G ''; + services.zfs.autoScrub.enable = true; + documentation = { nixos.enable = false; doc.enable = false; }; programs.fish.enable = true; + programs.htop.enable = true; users.users = { root = { - openssh.authorizedKeys.keys = [ ssh-keys.Hetzner ]; + openssh.authorizedKeys.keys = [ ssh-keys.Hetzner ssh-keys.BackupTanker ]; }; daniel = { - inherit (secret.users.daniel) hashedPassword; + passwordFile = config.age.secrets.user-daniel-password.path; isNormalUser = true; home = "/home/daniel"; description = "Daniel"; diff --git a/system/nixos/acme-attic.nix b/system/nixos/acme-tanker.nix similarity index 62% rename from system/nixos/acme-attic.nix rename to system/nixos/acme-tanker.nix index 8733aaa..6de2764 100644 --- a/system/nixos/acme-attic.nix +++ b/system/nixos/acme-tanker.nix @@ -15,8 +15,17 @@ }; certs = { - "cache.daniel.sx" = { - domain = "*.cache.daniel.sx"; + "kempkens.io" = { + domain = "*.kempkens.io"; + }; + + "daniel.sx" = { + domain = "*.daniel.sx"; + extraDomainNames = [ "*.cache.daniel.sx" ]; + }; + + "nifoc.pw" = { + domain = "*.nifoc.pw"; }; }; }; diff --git a/system/nixos/adguardhome.nix b/system/nixos/adguardhome.nix index eb2e0b7..c149c82 100644 --- a/system/nixos/adguardhome.nix +++ b/system/nixos/adguardhome.nix @@ -92,8 +92,8 @@ useACMEHost = "internal.kempkens.network"; extraConfig = '' - set_real_ip_from 100.76.233.31/32; - set_real_ip_from fd7a:115c:a1e0:ab12:4843:cd96:624c:e91f/128; + set_real_ip_from 100.108.165.26/32; + set_real_ip_from fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a/128; real_ip_header X-Forwarded-For; ''; diff --git a/system/nixos/anonymous-overflow.nix b/system/nixos/anonymous-overflow.nix index 6e39779..6b08ce4 100644 --- a/system/nixos/anonymous-overflow.nix +++ b/system/nixos/anonymous-overflow.nix @@ -39,7 +39,7 @@ in }; services.nginx.virtualHosts."overflow.daniel.sx" = { - listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ]; + listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ]; quic = true; http3 = true; diff --git a/system/nixos/atticd.nix b/system/nixos/atticd.nix index 3dd06e6..2c18b84 100644 --- a/system/nixos/atticd.nix +++ b/system/nixos/atticd.nix @@ -39,17 +39,12 @@ in }; }; - systemd.services.atticd = { - after = lib.mkForce [ "network.target" "network-online.target" ]; - wants = [ "network.target" "network-online.target" ]; - }; - services.nginx.virtualHosts."${fqdn}" = { quic = true; http3 = true; onlySSL = true; - useACMEHost = "cache.daniel.sx"; + useACMEHost = "daniel.sx"; extraConfig = '' client_max_body_size 0; diff --git a/system/nixos/atuin-sync.nix b/system/nixos/atuin-sync.nix index a1f2008..f0d57cd 100644 --- a/system/nixos/atuin-sync.nix +++ b/system/nixos/atuin-sync.nix @@ -19,7 +19,7 @@ }; services.nginx.virtualHosts."atuin-sync.kempkens.io" = { - listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ]; + listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ]; quic = true; http3 = true; diff --git a/system/nixos/container.nix b/system/nixos/container.nix index edc82e8..9e9627f 100644 --- a/system/nixos/container.nix +++ b/system/nixos/container.nix @@ -25,8 +25,8 @@ }; networking.firewall.interfaces."podman+" = { - allowedUDPPorts = [ 53 ]; - allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 443 ]; + allowedTCPPorts = [ 53 443 5432 ]; }; # It looks like there is no way to activate the "built-in" service and timer ... diff --git a/system/nixos/elasticsearch.nix b/system/nixos/elasticsearch.nix new file mode 100644 index 0000000..d7d612b --- /dev/null +++ b/system/nixos/elasticsearch.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: + +{ + services.elasticsearch = { + enable = true; + + cluster_name = "elasticsearch-tanker"; + single_node = true; + + extraConf = '' + xpack.security.enabled: false + ''; + }; +} diff --git a/system/nixos/fedifetcher.nix b/system/nixos/fedifetcher.nix index fe4bcf0..cb21a4b 100644 --- a/system/nixos/fedifetcher.nix +++ b/system/nixos/fedifetcher.nix @@ -1,6 +1,10 @@ -{ config, secret, ... }: +{ config, ... }: { + systemd.tmpfiles.rules = [ + "d /var/lib/fedifetcher 0744 root root" + ]; + systemd.services.fedifetcher = { description = "FediFetcher"; wants = [ "mastodon-web.service" ]; @@ -13,12 +17,10 @@ podman = config.virtualisation.podman.package; image = "ghcr.io/nanos/fedifetcher:latest"; data = "/var/lib/fedifetcher:/app/artifacts"; - token = secret.mastodon.fedifetcher.accessToken; - server = "mastodon.kempkens.io"; in { Type = "oneshot"; - ExecStart = "${podman}/bin/podman run --name fedifetcher -v ${data} --rm ${image} --access-token=${token} --server=${server} --home-timeline-length=50 --max-followings=5 --from-notifications=1"; + ExecStart = "${podman}/bin/podman run --name fedifetcher -v ${data} --rm ${image} --config=/app/artifacts/config.json"; }; }; } diff --git a/system/nixos/home-proxy.nix b/system/nixos/home-proxy.nix index ee0f79b..51f4c61 100644 --- a/system/nixos/home-proxy.nix +++ b/system/nixos/home-proxy.nix @@ -43,7 +43,7 @@ http3 = true; onlySSL = true; - useACMEHost = "cache.daniel.sx"; + useACMEHost = "daniel.sx"; locations."/${secret.adguardhome.auth}/dns-query" = { recommendedProxySettings = true; @@ -58,7 +58,7 @@ }; }; - networking.firewall.interfaces."enp1s0".allowedTCPPorts = [ + networking.firewall.interfaces."enp41s0".allowedTCPPorts = [ secret.nginx.upstream.video.externalPort ]; } diff --git a/system/nixos/invidious.nix b/system/nixos/invidious.nix index 375e9f0..5230766 100644 --- a/system/nixos/invidious.nix +++ b/system/nixos/invidious.nix @@ -11,10 +11,7 @@ in port = 8007; database = { - createLocally = false; - host = "10.99.99.3"; - port = 5432; - passwordFile = config.age.secrets.invidious-database-password.path; + createLocally = true; }; settings = { @@ -40,11 +37,13 @@ in channel_refresh_interval = "15m"; }; + extraSettingsFile = config.age.secrets.invidious-extra-settings.path; + nginx.enable = false; }; services.nginx.virtualHosts."${fqdn}" = { - listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ]; + listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ]; quic = true; http3 = true; diff --git a/system/nixos/jellyfin.nix b/system/nixos/jellyfin.nix index 23880fb..572f647 100644 --- a/system/nixos/jellyfin.nix +++ b/system/nixos/jellyfin.nix @@ -71,7 +71,8 @@ useACMEHost = "internal.kempkens.network"; extraConfig = '' - set_real_ip_from 100.76.233.31/32; + set_real_ip_from 100.108.165.26/32; + set_real_ip_from fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a/128; real_ip_header proxy_protocol; ''; diff --git a/system/nixos/libreddit.nix b/system/nixos/libreddit.nix index d3f9b1c..9c454cf 100644 --- a/system/nixos/libreddit.nix +++ b/system/nixos/libreddit.nix @@ -9,7 +9,7 @@ }; services.nginx.virtualHosts."${secret.nginx.hostnames.libreddit}" = { - listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ]; + listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ]; quic = true; http3 = true; diff --git a/system/nixos/mastodon.nix b/system/nixos/mastodon.nix index d8d4eb9..775d776 100644 --- a/system/nixos/mastodon.nix +++ b/system/nixos/mastodon.nix @@ -1,4 +1,4 @@ -{ config, secret, ... }: +{ config, ... }: let web-domain = "mastodon.kempkens.io"; @@ -26,22 +26,15 @@ in vapidPrivateKeyFile = config.age.secrets.mastodon-vapid-private-key.path; database = { - createLocally = false; - host = "10.99.99.3"; - port = 5432; - name = "mastodon"; - inherit (secret.mastodon.database) user; - passwordFile = config.age.secrets.mastodon-database-password.path; + createLocally = true; }; redis = { - createLocally = false; - host = "10.99.99.3"; - port = 6379; + createLocally = true; }; elasticsearch = { - host = "10.99.99.3"; + host = "127.0.0.1"; port = 9200; }; @@ -51,7 +44,7 @@ in host = "smtp.mailgun.org"; port = 587; fromAddress = "mastodon@mg.kempkens.io"; - inherit (secret.mastodon.smtp) user; + user = "postmaster@mg.kempkens.io"; passwordFile = config.age.secrets.mastodon-smtp-password.path; }; diff --git a/system/nixos/miniflux.nix b/system/nixos/miniflux.nix new file mode 100644 index 0000000..a30ef8c --- /dev/null +++ b/system/nixos/miniflux.nix @@ -0,0 +1,43 @@ +{ config, ... }: + +let + fqdn = "feeds.kempkens.io"; +in +{ + services.miniflux = { + enable = true; + + config = { + LISTEN_ADDR = "127.0.0.1:8016"; + BASE_URL = "https://${fqdn}/"; + POLLING_FREQUENCY = "25"; + + INVIDIOUS_INSTANCE = "yt.daniel.sx"; + }; + + adminCredentialsFile = config.age.secrets.miniflux-credentials.path; + }; + + services.postgresql = { + identMap = '' + miniflux miniflux miniflux + ''; + + authentication = '' + local miniflux miniflux peer map=miniflux + ''; + }; + + services.nginx.virtualHosts."${fqdn}" = { + quic = true; + http3 = true; + + onlySSL = true; + useACMEHost = "kempkens.io"; + + locations."/" = { + recommendedProxySettings = true; + proxyPass = "http://127.0.0.1:8016"; + }; + }; +} diff --git a/system/nixos/nitter.nix b/system/nixos/nitter.nix index 979e9fd..d2b9aca 100644 --- a/system/nixos/nitter.nix +++ b/system/nixos/nitter.nix @@ -9,7 +9,8 @@ in systemd.services.nitter = { description = "Nitter (An alternative Twitter front-end)"; wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "network-online.target" ]; + requires = [ "redis-nitter.service" ]; + after = [ "network.target" "network-online.target" "redis-nitter.service" ]; serviceConfig = { DynamicUser = true; StateDirectory = "nitter"; @@ -47,8 +48,18 @@ in }; }; + services.redis.servers.nitter = { + enable = true; + bind = "127.0.0.1"; + port = 6380; + + databases = 1; + save = [ ]; + appendFsync = "no"; + }; + services.nginx.virtualHosts."${secret.nginx.hostnames.nitter}" = { - listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ]; + listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ]; quic = true; http3 = true; diff --git a/system/nixos/postgresql.nix b/system/nixos/postgresql.nix new file mode 100644 index 0000000..b5c661b --- /dev/null +++ b/system/nixos/postgresql.nix @@ -0,0 +1,36 @@ +{ pkgs, ... }: + +{ + services.postgresql = { + enable = true; + package = pkgs.postgresql_15; + + enableTCPIP = true; + + settings = { + full_page_writes = "off"; + wal_init_zero = "off"; + wal_recycle = "off"; + }; + + ensureDatabases = [ + "attic" + ]; + + ensureUsers = [ + { + name = "attic"; + ensurePermissions = { + "DATABASE attic" = "ALL PRIVILEGES"; + }; + } + ]; + + authentication = '' + host all all 100.113.242.85/32 md5 + host all all 10.88.0.0/16 md5 + ''; + }; + + networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ 5432 ]; +} diff --git a/system/nixos/rimgo.nix b/system/nixos/rimgo.nix index 841fe29..5343c7f 100644 --- a/system/nixos/rimgo.nix +++ b/system/nixos/rimgo.nix @@ -41,7 +41,7 @@ in }; services.nginx.virtualHosts."ringo.daniel.sx" = { - listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ]; + listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ]; quic = true; http3 = true; diff --git a/system/nixos/ssh.nix b/system/nixos/ssh.nix index 1a57857..71c528c 100644 --- a/system/nixos/ssh.nix +++ b/system/nixos/ssh.nix @@ -5,6 +5,7 @@ settings = { PasswordAuthentication = false; KbdInteractiveAuthentication = false; + PermitRootLogin = "prohibit-password"; }; }; } diff --git a/system/nixos/synapse.nix b/system/nixos/synapse.nix index d778ec2..914cc05 100644 --- a/system/nixos/synapse.nix +++ b/system/nixos/synapse.nix @@ -12,7 +12,7 @@ listeners = [ { - bind_addresses = [ "127.0.0.1" "10.99.99.2" ]; + bind_addresses = [ "127.0.0.1" "10.88.0.1" ]; port = 8008; tls = false; type = "http"; @@ -29,7 +29,7 @@ database = { name = "psycopg2"; args = { - host = "10.99.99.3"; + host = "127.0.0.1"; }; }; @@ -44,6 +44,7 @@ url_preview_enabled = true; url_preview_ip_range_blacklist = [ "10.0.0.0/8" + "94.130.142.168/32" "100.64.0.0/10" "127.0.0.0/8" "157.90.18.162/32" @@ -65,6 +66,7 @@ "ff00::/8" "2001:db8::/32" "2a01:4f8:c2c:989c::/64" + "2a01:4f8:13b:2d81::/64" ]; enable_registration = false; @@ -73,8 +75,8 @@ report_stats = false; app_service_config_files = [ - "/etc/container-matrix/signal/registration.yaml" - "/etc/container-matrix/whatsapp/registration.yaml" + "/var/lib/matrix-bridges/signal/registration.yaml" + "/var/lib/matrix-bridges/whatsapp/registration.yaml" ]; experimental_features = { @@ -87,7 +89,7 @@ extraConfigFiles = [ config.age.secrets.synapse-extra-config.path ]; }; - networking.firewall.allowedTCPPorts = [ 8008 ]; + networking.firewall.interfaces."podman+".allowedTCPPorts = [ 8008 ]; services.nginx.virtualHosts."matrix.kempkens.io" = { quic = true; diff --git a/system/nixos/websites-sail.nix b/system/nixos/websites-tanker.nix similarity index 100% rename from system/nixos/websites-sail.nix rename to system/nixos/websites-tanker.nix diff --git a/system/nixos/zfs.nix b/system/nixos/zfs.nix new file mode 100644 index 0000000..a18366f --- /dev/null +++ b/system/nixos/zfs.nix @@ -0,0 +1,12 @@ +{ + services.zfs = { + trim.enable = true; + + autoSnapshot = { + enable = true; + flags = "-k -p --utc"; + + monthly = 3; + }; + }; +} diff --git a/system/shared/ssh-keys.nix b/system/shared/ssh-keys.nix index f7a7289..a1ede27 100644 --- a/system/shared/ssh-keys.nix +++ b/system/shared/ssh-keys.nix @@ -8,4 +8,6 @@ LAN = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDrF80S1XX9KDHxJpm3gJsYQOCPAcrkOHK3rWrNGTegWB9wcjYQyKcuFyA+E2o3czx+lCDbDMjJOTS8L7RNBShEKxFDENqfNSpPrpCzw0MX5qhzF0CYhgMjgnPZK3qjdR+5424y3rK90mrOxWHuRtTM+Lm0GQUaOr/HMDq69JLNlPdI+Ww2hHx1PyzS30zKaHnFFRdEcdsQAY2dhEoh6J06XD8q8yRb2aNsDzDcXzNlkZl1K6FE0qqEsuLSF0cYJuXZh3anE3+AzL7NSj/nL33WInEEjmbib46K8lPXzG0P3LDcx/roPslgr0IAxFHOoCb32CO/mN6raaPBrb+eHwBCaE2nLDIaxPXRQO/gxYW7Qk1Q7AkuH/ytdNreE/4QfsUjCXQd4gWLYTh+WVIJDMC7sX+xsCAGQzGe3UVXkUp//6Ye9BA3fquhpSl8He/0MZqj051q53eEuwnA6OnIjmVFtz/4X3lMUwLxBs9yzn+LDmFUMB6Q6RcmzwQz5+ErwVLPm+/Jbzbwpp6JdyTwDjEd7BMPz0Xm2/41XAsUTYY7H8OnFDjQSzIQiSLCQU5tQeCP09zuyx1Dv2nPr08RW1wT4Jpquk9tut4smEsyLDrFA7ijRsS+1TYx9cDEXujheCxqLmuNZhBLEiscBChZMxcyzBG1Yktm/kepKAWEvWqz7w=="; ShellFish = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGU56Ebq41/DAKmfSHRO3xv2XBFFq+rMWH1L70L1qgcX"; + + BackupTanker = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCncIcbsNkfRODGjADNIJVI7PMrLRGD/fYfsjyelqv9XI1eVzZdVt5rXJeEDf2B0kzciGE+tcvrQ4iwpavucsIgTp68lFETb2QaiWTvGNNdi9Ejgeoe7LhuVGP3XcvJTODLGU5qviIXljfBZVuDZdK2jfA68RBlYUipXWD/rjhnQLOcr5gUQJ6OtPgSDukjyyrDIzmyXZpw4g80v+KweTXf5e2kL5wea4AhSVWBewVLPAVYsOoxh3lisVee/RX/rlMpyNxrEMJOtUQgke1xekFq6wPyPDKLn4HdotqJWlUa1/oCyDQGHVqECL1wWHDEXoJFyKGWsJ8QoctvwFePkwCpDcQaLqd38d8STZOTC2Sa2CBOMFlZUgAS6l+lPFv4wTAmML/yGyqJPug6oEaCFD+m0kcBcLTIT0r6Bc5B9iB34Vw5TrcLVjfTlKity0ioPtNcHTo1gsqCES/gA86Ci2dVanrWTjyT/36UmdzTd02nNgmzTWqZZf7Mc0OPmAMHTrE="; }