daniel/dotfiles
1
0
Fork 0
Code Actions Activity

tanker: init system and consolidate attic and sail

Browse source
This commit is contained in:
Daniel Kempkens 2023-06-21 14:21:40 +02:00
parent d5364960b8
commit 72f8352b6a
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
117 changed files with 854 additions and 738 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
agenix/hosts/argon/acme/credentials.age
View file

Binary file not shown.

BIN
agenix/hosts/argon/adguardhome-sync/environment.age
View file

Binary file not shown.

BIN
agenix/hosts/argon/tailscale/authkey.age
View file

Binary file not shown.

18
agenix/hosts/argon/user/danielPassword.age
View file

@ -1,10 +1,10 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 MtGp6g U64tjf5zAbKc75lCbHo62p2KNcfXQt52yJHiUTpJg14 -> ssh-ed25519 MtGp6g jHQlphYRDC9XoEGaBEMVkt0Cudd4LcOKt1T9sSoT6QY
FeiGVg/RnR29rmqE3Xpy4eMtsp3IHoszyxjSsOxa/Fs uBnznP5KOBryzJh+0bKHhhk4wNT8vDKZyh3qpXLI+U4
-> ssh-ed25519 1fcLUQ rIwdZ+Y34BAgOPpxgn07Y12hfdZ3WgYZSFFA5vzbvE8 -> ssh-ed25519 1fcLUQ suONNORdjKzdUCPau4nUG1L0BzNHzT9eQ669eaZP5Qg
EdbSNo1esy9Cswpam5sdgoy0gEc8HkNociwsYpiUqcI 5F6Zp8vf/NsCRThnHNOpukBGxstpaHErnzHcOGJ27Oc
-> =P.Kq,e;-grease 4/;kU&<q R V -> 9N!KJ-grease F(!,53 "CH3^Xe esi
YSXJcc1Cd1KRqZVqvg cpdiFvK9ConkBNLPhy0hWuhJguPVmfLCL7uWrjMeJMThGPp2nf40ksnzDtRCVGkx
--- GLXAST4tBdr8sc/uxG/wqn4C+YQOcZmm1AuqQOddUvg 3GSVg8BaQEXLAY6gYjCdr6jlyw
‚Ë#—_<E28094>[€Nò=R—F ŸR ÈjÕ°ÐÇæBkÓ3~º}´Œs<NgÆ 7©t°Öœ --- ZBIcep+gXp2+AGh5wc101THkQ2eoSN8UWroyEbABEeQ
æPDîÉK¼ñj÷ ëQ<C3AB>àXŠ´}*¤•%‰®ñ¬éÒ×É`üêbÍ>”E¼í¦äÎ@ïAÁ)r`,ËSFH¯dºÏìÄZ7%æŽÇ2E7@2]µP\‡c 3óÄ[¯z±j¸žÒS¼$»³<C2BB>nÚ”c@ð<>h¨=·>Um¹PçÞ•?_€[z«!g<>˜Rª€©¦5ݲ"âÂå¿JÕ®ªT'ÛêáŒä®º«J—Cçî(^Èý…%§e²†‰#Ù™åSÅæ{…Ë»úAÞ0¨¼çÎî¸Í}wò%D€éd]

BIN
agenix/hosts/argon/weewx-proxy/environment.age
View file

Binary file not shown.

9
agenix/hosts/attic/acme/credentials.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g DslZcdbEJXsgQOXutAA28YdnuVEiPLNxirSYMAD2FEk
ODkI3TL7vI0IV/MSVWbS1D1wsjn08bzxTkBtMcC2rdU
-> ssh-ed25519 sVf6CA TSOraE+TswUinNv50TM9Lm9oLLxtqNAh82c/MAdBgRg
CB9r0e4VHevtDQL/3xNg34/QSCImVk5tQATVXQysOqc
-> 3ZTo(g'k-grease c <] zy
+jjPLQTWp9/HOKUk6IiSwgbUVWDPcPa9tONiUweoYYWPnH+bL7mATIOaS34/PA
--- 90yUb8QnWQu4fS9C/ZsxhBwYnnU7fhE1KetrVeP6jBQ
pu''-FK$Na:T·XøQ‰A¨Ž0Õˆr<>e (€²e²ðó>9ª”ê¦ø<)¼j¥yª& Æ“hkÇM"ȼ4çߘu:ÙÚDµ®§jû¤öðƒŸY

BIN
agenix/hosts/attic/atticd/environment.age
View file

Binary file not shown.

21
agenix/hosts/attic/config.nix
View file

@ -1,21 +0,0 @@
{
age.secrets = {
user-daniel-password = {
file = ./user/danielPassword.age;
};
acme-credentials = {
file = ./acme/credentials.age;
owner = "acme";
group = "acme";
};
tailscale-authkey = {
file = ./tailscale/authkey.age;
};
atticd-environment = {
file = ./atticd/environment.age;
};
};
}

10
agenix/hosts/attic/tailscale/authkey.age
View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g klhDMFv4exDFJWgCvrnOKuq94w+BNW4lrs+Z67zmzGg
eTkqX6c2lbR+olFS7M7YDQLSLav/k+UhEW8Zg5fULFw
-> ssh-ed25519 sVf6CA tCvlYnJONVV9QTb9zAUPT0D8EEkCCqKGfoF6+bOT5CE
2L+wcL/c2tw+19RykIUpFzrjtaxzmsOKinCgnWYVf0Q
-> s}I~&9-grease \$RX.n=
JH5ASx5rlWPLH/abJSr8o0QI4e17aK1HZrQQKweMEsoGXA7POgbUiow+XBt+MP8/
PzKaC14zI2mTEzWiQvjlZH6pUnGUQkGE5zbxouWR3ovQVk8JtclO
--- 5My3p+I2aFCfnzjU1oC5Joc9Q4/k2bCNZv7Ilj/h65g
-!×i×:¨«­é <0A>mK}Ç“mRPú¤T© ð™*Ÿ[¾XüFÑLÝú€Áã,]׌åå´—‰že#4<>z¡xkE¶8ŸÛ'¦/ä OGAÏ×ƵÈ<C2B5>

10
agenix/hosts/attic/user/danielPassword.age
View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g LNOEk3AXwGl658cTFbFvoICbrlhAIH6DILIh+Jc5knc
l7dm0Q4Z8GwFSzvoHf3LFUerYBXUeps87z69zZk3+tE
-> ssh-ed25519 sVf6CA JwHPawkaLzeFIvtj5lC4evUdSLFXfBlqiRqGhi6mcR0
pQP/DXnLaxNocMVok53cWGbAgvS/zEbS2uxWX+YvVQ8
-> k3jDW:F-grease
ORZpRxVBdQGP1F+Zc+tsJP5/ccuQLmYEeB/i40kAZTcgeuPtN6HRZ9DfqsjLhwfx
oAPkZDQ
--- vvt7wsQx4VSYTSF/K+Gb4tGIpI82G91olEaqUvm9gxM
±<EFBFBD>ù´Ó÷&#¦§ôé­¾bar ÆyÇ.” x“”€ÉH&y¥¡Wàô‡é õ„ý(¼Lã§,:Ýõ²ÏûîzK}j8|çyÀ»[çXÁ cÃðÊõÿÀÙ\ë?¥·³Ä%j-ûZÞÿÔÉ•¡h_àÚ†^úÔXNõ‰BÐw˜<77>œ‚ìÔ

17
agenix/hosts/mediaserver/acme/credentials.age
View file

@ -1,10 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 MtGp6g kw/hxMdmfaeoZaZuzOs6D6NQDg0uw0te/xIC1ig0CRQ -> ssh-ed25519 MtGp6g m7rxbRakBZWmaDl2Ze2yH1tKyKsAFjxgiNwBb0kff0k
75WtQJ5+yJae8ggB/Lc7Ojsf02zuGUtFmjbIrmn9pj8 RYAz9tkDi3JjRiA5y9ppG4kvT6rHMdwWsFCGgq37quE
-> ssh-ed25519 Y94Yig Kole+FkRwVj74aP/M86s9gT8qNnfXSj4fVndlkCSo1E -> ssh-ed25519 Y94Yig c5z91SNovAll3sw7RPhoxqKUVp0sV15tsw1161VNZiM
0Eg9XeabpYUWsZ9ACxwAshpClrl80D+vvpFimAPbIP0 ksoXSV8jTJerNpLwff9Rg0CkJOTUyjRQ+o4Fj8XwPAs
-> MWBvSZ-grease _ -> 3"7-grease Wv:?HV F}vV``\{ [fQg-^d
R7vhLfAa1heAGRRBqKbgob3fIml3HEEoB2soDw3NEU25qvqVmrGq2K7JQPmmh3vR XOSM60qDImR1kqTIyJgCflATN/RgvOo2VgTo2Ndaz2+yFLDLGcmvBTrXMw
vWfDK6j5dyIGZHxaSElWTkL9EbFCJRoTJ3YbfAkAQl0XrSc --- RIRQ4Fy71E6j3bIE9m9tEQB5ZZ++AnBfGMDwPPng73c
--- 7HsStyCAvdGBkspUWV3Ncjn/5hst8LxkBCBn72M8kR0 Á‰zC]~…KÝïˆt,?ê2áT×<54>éÎòN™¹Û\r¥íÿöº¶æ©øRݯ͗}döÖ¤¥é¶!œÎ3â}€ÔbÉ$Þ8 d(°0&<26>m­`<60>ñç<04>/3=cíò´þ
•üMÕƒŠü‰…=ö#Ïra5Ö²f Ÿ ´,e}m5Í ÄNBpÍ(l4nº'Ý÷ö¨æ_È…Å<E280A6>> þ:Úv->‚ï…º$96G™& ˜8ûY͵ASâÉâ

BIN
agenix/hosts/mediaserver/aria2/config.age
View file

Binary file not shown.

17
agenix/hosts/mediaserver/tailscale/authkey.age
View file

@ -1,9 +1,10 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 MtGp6g h74pL3awChmTkZzkbne2+rzjNwk067747QW5Z+6yUhQ -> ssh-ed25519 MtGp6g WF7NACS4+2IWcLmDTjbiXQsI93ZUDUeofMg6eYwXyRM
7Xtv1G5K+t2tKsByHiVz7nmBEMXAzeznrNd1XeJr6ls xy71RLaW5MwZU69EP4A4x9SSTLsv2vINzdjPZbHUJ+8
-> ssh-ed25519 Y94Yig +Tf9z/WZbA5bgQ1H8R5QZRB6OnUq83xM2zDAXXBLjWU -> ssh-ed25519 Y94Yig nCe73IOsZbRmWpGBAg26zTkTP3GC3FnpmS7UujJkTyU
wYSY5rCQYWXFPWVL0cCLcFOLAgisq+5L9LI9RyUFM7E kY6qLgHIH+5bUTKDTqcak2r2l15XNJR2Hm7uCk1OxGM
-> 0e-grease LB fw E5 -> F>J-grease @@cdP
YA NHDpMlW3kAJD9b/YgQkciZs7IILSWIFi0LY5L6j3IaQp1QTU1xQRzGs0QpH2jYCs
--- Sd0E1+Qg5kuFVEY60MlMux3HCFq2T+Qh+oWQaMnNc1A 6UIr2dIfw/qc9Q8IGeOYJvHXfjtw
WùVCOsåΫ3Zܯý4dwþ0Aè‡vºH¨ð[´¹Võl¼O~fÛ±O᪷úº¦jY/Pwx]ì+>L<>ydz!ÿ-í·MJ`i­ F´î --- l+vCsTsawEm3J0DqduySW+9k3YMqa0iSHMoo/7Kk9xo
i(èA]÷b ÖÍ“gônÑ: #|<7C>=Kcµ4ƒ…¥ˆ <52>X:‡#D.~í<=Ës«KžËÖbøþ>ž.À¹ˆ] "ãôV$<24>C廊(ôÚ͹Øÿ

BIN
agenix/hosts/mediaserver/tubearchivist/environmentES.age
View file

Binary file not shown.

20
agenix/hosts/mediaserver/tubearchivist/environmentTA.age
View file

@ -1,12 +1,10 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 MtGp6g uz0oiP4HsWKnBVTsigSUa7/2eZ0Tz65MGKeCEw8dDBY -> ssh-ed25519 MtGp6g GW9N5T3dh0ptZ/MfDX6J2XAK7wXEdUNsmnAd3eSP6mc
oXj1IeJXnZdAd20pPzQUNi4KfI3XGVt0NfXp/PMPfsM 24XiI6o1aDyczMgfNR8hLszZXALvaD4nCV2lcL8Mce0
-> ssh-ed25519 Y94Yig avWFRpAb+szO9DakgpIFF4kjb9B4dut1wMv/SS/0KTo -> ssh-ed25519 Y94Yig sHCIlqEqZ852T3+rMZISdUfFGfP5r6QetoPH4iSA/zs
jPxw05Jj6bf4OnjqxHMQnB61p99UWSVWzH1xNvWCMTk vdSf8/l1hUq1s8uNQVhodlup94VbinbcPhw7jcrI+eU
-> +UJT-grease J1?Z{u 2[~S(c g,$ -> 8-grease v9^\c
vMYK6xvyUQPaBDeLu+DXdUOKVu1eTcqpvFsjDKa5XEPd6yQ m3K3WQ
--- 2UKtiIzTaIaajjEbFvdoVCvzWCymjjy2YYW/N5sNIxU --- r+JHLR8RENpeN8oKOotwOfNISdTntyK8u332xH1jToA
hšÉeöhTÌÌÍŽ '(“ò¡ßÑ.„Ê^ÝäS5V©{Èw|œòᘖ˜_Ij!QsäkO ^C¤Ë€6‰„Øìü;³€ÚùË<18>-@t¡;dò¿ÿ`åÕfT@Po«WȨÐB ÈH¯¡è È U<>ô•<C3B4>=¶¢œ{¤JsZ%vîá³ùßøÜÀÒÂQè|ÿ#'ºzÃóïðØVåMÐXKÉáyÿ6BUå~}Æ'ßc÷𞯴“H*íäݨz
ÑãN/Ü”}…¥Å1ƒŒüÄälj”238©xμ¯ú  º\e¿¶<C2BF>L¤ÁþA«@œ‘Ü>Ë!ÙùøßÿT^CJÓdb1<15>ï88<38>pTó tü<EFBFBD>ÙkUÆ&EYýèÔ1éÜj„`•î³|NmïÑæ.G<>$ ¯ Š}A³X1ãÕÎîf Õ´Ù½'Ûá _¼þñoãµî@uÍ“4žU;õÌ¥Hå¹}¢ŸË=~Ýép&–›”Í—O…\½½SdëÂÎ\0ö,´N<C2B4>ÞL‡[v
ŒNQ:è`}óëê™éˆ:Û„E®Æch<&è2ý
£+Ðìîçüøâà'Ƥò:ü<>òNs¢b;Æq”µŽ3Žkp<6B>«& òÛɇÅü<C383>Ó²Iù\ÀAGŠUá¤`,Þf2dÿ#W<>Zò(#G±Ù±y>ÿ!¼&'ÏS7NÈsc§MoÓÌ*þAú§,<03>A÷M

BIN
agenix/hosts/mediaserver/unpackerr/config.age
View file

Binary file not shown.

BIN
agenix/hosts/mediaserver/user/danielPassword.age
View file

Binary file not shown.

BIN
agenix/hosts/mediaserver/wireguard/config.age
View file

Binary file not shown.

10
agenix/hosts/sail/acme/credentials.age
View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g /0mUj2HFKLDNi68WSNo7AUzVPzYo2P6FYL7s2wezywk
axlQ+U9bJAws8svdsQ2yrEhpvrgjmvukuAPjpr+eJc0
-> ssh-ed25519 NbV4hw 5xhDSZOlPky3UvTHpznrB8AqQjyssU5HJqEpoGQ0wkw
N+XSv3maCLpMu8bEawrk7rUk+ZimKJRJKbrePUcsqOs
-> e-grease `*$0X[e 6)& M3<a2_ lstkG
rYBL9bPjctGG45xU/OfmmJgKcOKflNBE61tjH17IKaT2dPIMYXzNTJ5z7jg5NSWH
q9ECE1y9Q+o
--- mE52mLHBr4dAn+4T6Sg/WCdn2jtfDUlhy35sWzB/TUY
a}>nc´<63> À[r¤HŸD2ŸË¾\v§étahX“3Ü(ØP<C398>&ï5 çá¸!<19>|õò€Ë®`nêÁ•LtÅ_LVê`nÏðå,Ã`X_¯+eÍ… EÕÊ[mO_טÎ

10
agenix/hosts/sail/anonymous-overflow/config.age
View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g j+wWxN36oq1/JJ4TMfKhe6QrKE5tgFz0dI/wwWCun28
tUt/rdrzReLpQj3RkxYcF9HoE42aeHsYIaIMldaNTxk
-> ssh-ed25519 NbV4hw 2O3kiqwJx5gWymqQfigGtUJ3IldVBu7JGGzktAS0yxU
own6iED8pE5xCw6zDnF86udNprBCQUDebIMxCqo33WA
-> a-grease 7 =QE
oGBj3oq7WxxKpkGWpsuGJGtZasLHOQ6JH2JZnNCzEy2ctYiTW87vVPsFTGDdUWsP
7C8
--- 4hM4yp5w5eEtln5zvu2dXeTND2XAYcxFonWcDLdsU4M
¹¸(¸uÔ·#…}£Ò1ñbCø˜r}ͪðãFÛ*‚Ä#<=¤ä<ŠõÙ€bOC­o<C2AD><6F>WðÛYÒâÛR@2#Æmõ¿ÍÖꜵ¯Ówܨ\aøâý8ÌvV¦Âîa«±{gó”ný#€ínÆÍN­ñçA~wÜÝÌiQ<02>š|yý”Ÿåð…:X£Ÿô6oî

10
agenix/hosts/sail/atuin/environment.age
View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g 0hWrwfexWC7VgGb6GGZi7hbACRDxYRNXlsFrmXAIEiw
QcICViQGVktlUalatvBBHD/H3uASbcwK9SCO5F4xbQ8
-> ssh-ed25519 NbV4hw oFVVxqJeZjbmHkSLsg96kCKgARheMYkvJf1pKMSUqn4
QT/d4FQT858lIqrNngI0xOT7pLlJVn64VIEhSeoYcEg
-> D"A\4L4-grease TiT>[b%D #aq q[;-n EdXt&&Y
5EdxN4sgedRoDPWsWFKvQjHLLyagraSy/GQP8OhaZS0Litb0ipxgFIoheGDNyyX4
HJnXx5SQ/hkVuyMv8HGM9GwFRHodDVdM9w
--- nJbxhp1UbqWzLvBTiZDS4nIV7nTIdA7oS0wC2nvzEl4
¡9ˆ%PtêMŒÔ±À>0ÏYPEƒ¢³LØ{.<2E>æ<>[·>Тíï<C3AD>£× Æû¬Õß¿*Y¹Š ¹³‡ú¶ø–¥4·n)Æ §ÇIK80ÎÉoðiãƒüiG2€ýklþhíFÎÒÐîà@ZÄÜëMôø%•úÌR¾&ÜV½«îœžA¶KUY ú|K<>nkÆ%™yk„®þ½°Ëˆ®ÕC>=.ªÎ•d!^ÓJÒ[ôz°5ÔÛyÇެѮU=Å÷ÄiýS¤Î-/½ÒEÖ

BIN
agenix/hosts/sail/freshrss/databasePassword.age
View file

Binary file not shown.

BIN
agenix/hosts/sail/freshrss/userPassword.age
View file

Binary file not shown.

BIN
agenix/hosts/sail/invidious/databasePassword.age
View file

Binary file not shown.

11
agenix/hosts/sail/mastodon/databasePassword.age
View file

@ -1,11 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g BHVqOYqAxl88lFQQs1D2oxHAuZ7E4HSAUlZysn9kmQs
asPKs1JpbUk9gfGbZOQyyT567c+XCMSrM/JizXVgGj4
-> ssh-ed25519 NbV4hw eCuSnWhbg8swZtNMZIirU6sri3Hc5+5rLQi9DUI82Hs
mAjvnx+NybVEh6rN1PrBXZgVp2eMDCDU6pm+eSALehM
-> DtQ5-grease @$2={ Y' !Qw6C
ZVoPVcXGSqGvwFlT+L+OwDGus0Au5sXx2wtESOpzwEgImUndNxzgARLAuO+oOzX/
722ju53IqUGnvMh5IybU8suMm3R1CBo9FoL5Vc0MUBQEp+kHG4UbCU5pjkLld1a5
--- zew38IQLg8t/0n4Nmf7PpEI2uACfZdbHZDrMWj9v3PU
(ƒ<`•ÇÖ£ fâ%/Ç7ı+È?Š2¯*¯ j«=g”[Â<> «8?ãœÿ¼|

BIN
agenix/hosts/sail/mastodon/extraConfig.age
View file

Binary file not shown.

9
agenix/hosts/sail/mastodon/otpSecret.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g hsE2kvTf8occU2CJg+Ro52qm+ec1gNxBoQtCeHzZflg
b85OF5ipJIYlBOlgpUqNw7XK/MB+Ftd4pHMqjN+ArGI
-> ssh-ed25519 NbV4hw dYum1uJ8J+Nbrz2UWZiijdJQ68QEac+NS9YM/h3dj0c
5lGJ2SdUnEp01oTr/Hm7IEj/0he9be37RXxmaNsOhpY
-> =-~;<1--grease Zhb7zWk ]\1S-]W 1!$YB[ UM
urANgmNT3fiJft53WEhRmALdnBMcU2f9hjGfYrmBduXQYbqF50EUCBqLt+3hrmw
--- 3QCLu9/P+Dyvd2iVSo7d1fO0YC5D0gglZIFYIDrMGV4
És`Ë<4F>âÐ5m‰Cy)ÅÆÑg„Û¹Û2ÜßÍFG_Ü8h$Öz«€àÇ¿J©ŠS†kO»ziL¡ úR·EŒdœB ƒB ,47É*Sj<53>$Ö'u#%½<>ÃŒí#«šåRöà®ÅnסNÈBbØÀÜ äß·©«ç3È<'s>ß bœÏZô|AÅíLðŽåUõlCÀ{þ)!£I

BIN
agenix/hosts/sail/mastodon/secretKeyBase.age
View file

Binary file not shown.

9
agenix/hosts/sail/mastodon/smtpPassword.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g WRjFU1vNCp3fBfPodbmlRG7C6T7d50mfys4BZ0y3YVg
k9gVyVKqNKHUSQrwjeWmHhUYISSkLPE/gfxNfRODxTU
-> ssh-ed25519 NbV4hw zQI28bXO7mBOyQN/iAaNCn2fwIFYFUWxPnklPa/MtGY
Hw4rOpcnqBjwNQ1wvozrOvNMGvOnc7QhzZMbmXI3Yuo
-> jAN.9BRS-grease
dodkWJOX+0qm9jAT2fKStatcnhWBou+wo0Ytjha+w7ouHGk
--- E5w5Suq/PqT7b9cinBgU/GzEJTGwWPoULqFe4KkKjAE
éÑgÞ$É â/B[WÛ%Ð3{pÌ”0:cAvÆÆ; &Ûa·#{í—rå=“"鎚ùÊÜ¿Ly±_<|øP§KaAð!ÁÿÄe¥faî\žlãÌ

10
agenix/hosts/sail/mastodon/vapidPrivateKey.age
View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g pfAwifbGls2XDS+Pn08B4B88XgB3DgizQytPLURZlVI
/f/CEHzojiwlVnA8mCcg8JwVAre419Sudk/MMJYOiO0
-> ssh-ed25519 NbV4hw 8DaGuQ9G6cZr9GSlqMBlHoTk0HcOKlmVWzz2ytvGB3I
bEEtNtIPiS2RdxwMLhNVU4We1+gf1N6bL9f2gjS1wVA
-> Em:17j-grease G1mw> $hkViHO
0StibfZj6Bt54P+9csvjWxHJfPaTL72gK+bnmPVDBUNsTAXVwoO6Ed25t0LwsY5s
PbnGF3EjbMba6/lte1aDS3uaWqUcx4OT0NQ3joF0je10m5gPd9VptKKWSEg
--- zHAFp0QAwZsfUf8v+KIqSHo2UutjLHqm6WGXqW2iy9Y
_a<EFBFBD>ü*bKÌpNiù ÎÖCšN9™ ¨ÎöóAŠìl¿<6C>âáƒ\g(bÁ-žWB±uq¬\¯<C2AF>Î<EFBFBD>÷šìpé<70>,À£þ)

BIN
agenix/hosts/sail/mastodon/vapidPublicKey.age
View file

Binary file not shown.

BIN
agenix/hosts/sail/mosquitto/passwordWeewx.age
View file

Binary file not shown.

BIN
agenix/hosts/sail/mosquitto/passwordWeewxProxy.age
View file

Binary file not shown.

BIN
agenix/hosts/sail/nitter/config.age
View file

Binary file not shown.

BIN
agenix/hosts/sail/proxitok/environment.age
View file

Binary file not shown.

BIN
agenix/hosts/sail/signald/environment.age
View file

Binary file not shown.

BIN
agenix/hosts/sail/synapse/extraConfig.age
View file

Binary file not shown.

11
agenix/hosts/sail/tailscale/authkey.age
View file

@ -1,11 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g Sk2HTzPviEFNJaD/G4FfYC1bv7aH4fQbEoEdvI/PMUo
f0lLi1o/RyadEbkHbXjpxzbuRT0WSMM/ZVM/eT3J6tk
-> ssh-ed25519 NbV4hw TAR37t4C167S7DhZSJnRjV6YUtRCiXFI/ISMdT9rhVU
rn7TyQNB2oXlns5NU6DwHMVYCBFp/vKFilc7z6FDrss
-> ]-grease
RmlKK+z9Gjb0eNJ3GLbC9DjuX4Rvj/aq6w
--- sNgUQAHFGfm3s3cK7GnUeLWfmDuCgNIsJ2Y8uKDSuvI
&ÚW¨Y]*t:ŽŽJÄV”áEøîö(˜¨ÊÅb¦Ê[. ¹³$y& =upBÜz§ãm™âãW¿­
ª!>šŸýÑx4
IIüQÇ,(¶¤7x õS

BIN
agenix/hosts/sail/weewx/config.age
View file

Binary file not shown.

BIN
agenix/hosts/sail/weewx/skin.age
View file

Binary file not shown.

10
agenix/hosts/tanker/acme/credentials.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g L1q+qwfU2wkTEJlWOG5vKlGBMHhI4b/U2M98R7RL5VE
m0NQP/AqnP8RDTxxOoVW7/7K4yRmFIcVxc1100Qt3Do
-> ssh-ed25519 iO8/4g ejCho6/w8f2gCYe2aRkIzpnSwWIG7JMi9z2g+4epOnw
W0NXnwvDegpCAdaT/e1uvIlPGO+QtseVijF2OcWm9Nk
-> h#U-|w-grease cT:yCeNj urp |i
uUcVWPo
--- aKA2jy1cZi/x3Ubt74sgZEiA7xxJiTOhgB6ZEAWvUk8
nýş¬§†@°8 8VŚ”©Ďšf±äĽ€Ž'ř*L<Çu ž„Ľ ÇóĽv}<7D>§yîš
_ĎpČ}ç áV‰WtqE.č‡ićÜ÷Ą¤đ(ŚŻgćňi$ë*D

10
agenix/hosts/tanker/anonymous-overflow/config.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g wLDb226kaMU+cwnasBSt4+lOgR62PlOP9sZ8LFl8li8
NBJZZebrSrW8mnyFg8QzzyJWUsqd35q0YJREo/Lgugg
-> ssh-ed25519 iO8/4g zsFAJQKm3GmsxBKXNSgkyA/gI7LMYnG4ZVNdftgZjmU
x4UbQjPbVEiPSpmsD8BWY/Siakx9xCXchtc/+KsjC4E
-> NTcLv-grease w+P{u0@8 zKRW+'Yw H1g \
7ezW+2UuxLjyPy/ApdJULZdkjoX+d8Qxo5nQRvS+CqvfJzwnqiZWoRc3c0DAPaRO
IybgnfUAXGv0RO6BRLFz7uAHchlx4ifSsjP91X+DuT5i6D3IagFk5IUC9enwdFc
--- 8cajqhgqHoalzZFfzdV4io6/BuXA7t9obNkeMyzBwZk
…ùS70ý¥•öSÁÖÒ(uúB}Â$2‰ö܃ި;îßoÝ| „ÕBöŽŸQ­ÿ¸¯¼Úï*<¿/½ÌþצØO¼Éü=“ /®•z«y…­!Âisž-1Iµ~þþÏKTaò˜±w4Gò,¨ì<C2A8>v5<76>º²pAìöpÐóC];÷„[Í4*Ö’ì!χ0¯¬Fˆß

11
agenix/hosts/tanker/atticd/environment.age Normal file
View file

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g Rio2L6qhE3HLAxtdsf5aDXWbDowXsR74H36HkBRY1Qs
H36+ug7qZlnWks0j4rxhb7smuaE+fvJzrYYfYKz9VDs
-> ssh-ed25519 iO8/4g qHBdGD/HGzbFqvXL/KuPwLUg30CV/26KSOREF6qHpB0
N35CMIkrxCPA/l4G0CqaMD7hjnvUgXLVI9vwvdvBCkE
-> (-grease @V D*c
/zy4Ks2tvL+zUP+eL+2XXiqxm9wfCbv8iExB5sq6AHnvjPecoh2+
--- /5TCNr2PFppr/TtIPsSxkzyLtEzku996EiJ2AiULda0
%ä/…fØÌ&Q2‰…nL`ýc:÷ªmÓ¾~eIÁžó “u<E2809C>ËSš õÐ ÕÓrt4À•S@!“ÁM‰´Â84ÊÅý'”<,?f¸È-ÕáH-7f(T7Õ} UÍкvº¤& L³I ¿ÇÀœ™)Òˆss«¤C<43>mÞ«[X5¯ç½˜•EÕØÐЯ£pÍúÓ Z¹B(÷ÃA÷:_°\¹Eë2h®ÊÒ—JµØÓ4Hä¶BWK\hتü¨0¡«•À¼™9e;ñí¤¼»ÊìΤ*PR+[ð50KùEu¸`{4œ45ÅÒ1&¬[°“@„çÎ4TL|Œž%4üñ]§‘ý
z†<EFBFBD>ÔcDüœ8:ƒÌöüø„ÛýIç:b.=†Z0Ñ:Oõ†ÛKÞ%>sS­ë=Û-(W±Ë€/Ž–`ÉŽÅ<18>§k±Íü- Uun>Ÿ>Œ,zts”æ‚}EU]zî
<EFBFBD>»=ù¶·›Äš6î_:

BIN
agenix/hosts/tanker/atuin/environment.age Normal file
View file

Binary file not shown.

118
agenix/hosts/sail/config.nix → agenix/hosts/tanker/config.nix
View file

@ -1,5 +1,9 @@
{ {
age.secrets = { age.secrets = {
user-daniel-password = {
file = ./user/danielPassword.age;
};
acme-credentials = { acme-credentials = {
file = ./acme/credentials.age; file = ./acme/credentials.age;
owner = "acme"; owner = "acme";
@ -10,6 +14,20 @@
file = ./tailscale/authkey.age; file = ./tailscale/authkey.age;
}; };
atuin-environment = {
file = ./atuin/environment.age;
};
atticd-environment = {
file = ./atticd/environment.age;
};
fedifetcher-config = {
file = ./fedifetcher/config.age;
symlink = false;
path = "/var/lib/fedifetcher/config.json";
};
mastodon-database-password = { mastodon-database-password = {
file = ./mastodon/databasePassword.age; file = ./mastodon/databasePassword.age;
owner = "mastodon"; owner = "mastodon";
@ -52,32 +70,8 @@
group = "mastodon"; group = "mastodon";
}; };
synapse-extra-config = { miniflux-credentials = {
file = ./synapse/extraConfig.age; file = ./miniflux/credentials.age;
owner = "matrix-synapse";
group = "matrix-synapse";
};
signald-environment = {
file = ./signald/environment.age;
};
weewx-config = {
file = ./weewx/config.age;
symlink = false;
path = "/etc/container-weewx/weewx.conf";
mode = "640";
owner = "421";
group = "421";
};
weewx-skin = {
file = ./weewx/skin.age;
symlink = false;
path = "/etc/container-weewx/skin-wdc/skin.conf";
mode = "644";
owner = "421";
group = "421";
}; };
mosquitto-password-weewx-proxy = { mosquitto-password-weewx-proxy = {
@ -92,27 +86,6 @@
group = "mosquitto"; group = "mosquitto";
}; };
atuin-environment = {
file = ./atuin/environment.age;
};
freshrss-user-password = {
file = ./freshrss/userPassword.age;
owner = "freshrss";
group = "freshrss";
};
freshrss-database-password = {
file = ./freshrss/databasePassword.age;
owner = "freshrss";
group = "freshrss";
};
invidious-database-password = {
file = ./invidious/databasePassword.age;
mode = "444";
};
nitter-config = { nitter-config = {
file = ./nitter/config.age; file = ./nitter/config.age;
}; };
@ -121,8 +94,59 @@
file = ./anonymous-overflow/config.age; file = ./anonymous-overflow/config.age;
}; };
invidious-extra-settings = {
file = ./invidious/extraSettings.age;
mode = "444";
};
proxitok-environment = { proxitok-environment = {
file = ./proxitok/environment.age; file = ./proxitok/environment.age;
}; };
mautrix-signal-config = {
file = ./mautrix-signal/config.age;
symlink = false;
path = "/var/lib/matrix-bridges/signal/config.yaml";
mode = "640";
owner = "1337";
group = "1337";
};
signald-environment = {
file = ./signald/environment.age;
};
synapse-extra-config = {
file = ./synapse/extraConfig.age;
owner = "matrix-synapse";
group = "matrix-synapse";
};
mautrix-whatsapp-config = {
file = ./mautrix-whatsapp/config.age;
symlink = false;
path = "/var/lib/matrix-bridges/whatsapp/config.yaml";
mode = "640";
owner = "1337";
group = "1337";
};
weewx-config = {
file = ./weewx/config.age;
symlink = false;
path = "/var/lib/weewx/weewx.conf";
mode = "640";
owner = "421";
group = "421";
};
weewx-skin = {
file = ./weewx/skin.age;
symlink = false;
path = "/var/lib/weewx/skin-wdc/skin.conf";
mode = "644";
owner = "421";
group = "421";
};
}; };
} }

BIN
agenix/hosts/tanker/fedifetcher/config.age Normal file
View file

Binary file not shown.

11
agenix/hosts/tanker/invidious/databasePassword.age Normal file
View file

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g DZHI9LtTvwlKXyZw+fe33PwcgdWCze39MvWKKzkC8jc
R7GgrTzyF96GSzCbKmgzlB1k+JDeW3NGbFMVaPIeOBs
-> ssh-ed25519 iO8/4g cN6H4tPW2+D4WWTTontl6zg3IPCcOTqzFqDYQMJVajY
Ewzk3VgyGJ18JyhC7WKA7PrZfmnZXfTHdsMPep9smKI
-> ZOBXX:-grease +5eB!v) r#hU
U8ClN+91QW5mEodsaPx77H/9+W58LeV7AQ/Mm4v1Z5tlLy8uHQKR1lVDgApow6mI
EmbOatS3d62wpzz5Byd1n7acuORvgHkgFHhDWoOl6xLR
--- BxssSHOarZtYmAL9w+3NqJv3j5VO8Iu/+npamK1ujPI
1oUb$u}・% y<>A><3E><>&s3認5_カ沌-Tユ<54>=g[jネ:Q+]q竊<71><1E>oヒQsテ棒マy
ウLb<4C>

BIN
agenix/hosts/tanker/invidious/extraSettings.age Normal file
View file

Binary file not shown.

10
agenix/hosts/tanker/mastodon/databasePassword.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g wAwIsd2n0Fqui061boqUxqp+uMgqde27zPJeQohN5ik
TvGOeXoL98QUyGJ0UrLB2nvqCe+nkmGtEHfvZ8DTJc4
-> ssh-ed25519 iO8/4g mbpwuiAKbj5ZbMxq2cYTpN0pRt5qfFcwxZNjRvKXqkU
bikCM08DQoCbocBWTOV4s5amEAO+gHlAJavfUWDMTTs
-> pS6>-grease j$PHEqF mA0,x h~ov7sK
ygTukhyfp8i8TJYCZpCSn3lIU9QS+6SN1BUapf0kYQiBU0mggnp6ywwYVf9jDOjU
BA
--- xdDdjEkcETSSFi4MPxBC0Ffr+ToRplrry4moUEQMQpk
>^m/タ・ゥミ<04>0賭、7\シ曙ロシン"5カ「B‡r) 。I烋IF

BIN
agenix/hosts/tanker/mastodon/extraConfig.age Normal file
View file

Binary file not shown.

9
agenix/hosts/tanker/mastodon/otpSecret.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g QRDjuTTTgd2UkCDITpSwImVEcUBIm7XI1IxzquiOHDM
lPv5CG9xdqA3djkvEAn2Zzy37VE7mlir+/mi1AqALv8
-> ssh-ed25519 iO8/4g x79JNsGXJv92vMQ0V7v14+yPft90aA769No37ajRZm0
HSlLIdBxW9P62kRsfBc519YAxxlYV2kZt4rxBO99B8g
-> {K-grease
Awy+8DrMd7Lmbok1+tqlv5AuIWTiNR2UqwxQgaN3D2MuD+yzwA
--- 1pwWY4vETJK5D6o7NZYLF9Uy2jl6N3F9/+8YtaUod6c
<EFBFBD>M2ÇDxAÔf€1‰å ¿+°N¦Ôˆ¿Q9­ÔÖÝìèºÐ¹íU3õ° Ó0vEC¸ Ê™êo*iŒ©5vÁÞý“…Z¸<5A>-³­¾ÚÊîÅi1¤Q6Ì%ųmß8>j.$SgÓ Ü•í·Z3­Y|e/Eƒ¹ù¾ J> Ju<> `SÂo ¨,D±»%æâ%M<>

10
agenix/hosts/tanker/mastodon/secretKeyBase.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g JkpzXmNNBQMnFsTHq6LTGdqcnOuaoyuoHLEhZ1B1IE0
48v3LSzdX0n6MKAyDFhKdTeZjzhmgW4lXOHX30oHNcQ
-> ssh-ed25519 iO8/4g F9+dikSYBCq/mUOUrvoowMKRHvcI/K6XtSxlxtAMaU0
b6Dx/C5vYNXdkzujLlnZQ3aEryKOrTRnUkn/0OIBsz0
-> )sx-grease S SY71l?&=
BccDaWVHeqAeMNWT3S+3X1sZiEodhot5jJPsGSdcBtOSy7+4xufrdX/B+z+QfuMo
rIXGmQ
--- 4sbs6kDby/Pt9s4GPe704cxmxYrYI2Naa1YjgMO6y70
®ÜéÇ~&•<>*<2A>Źoí0pBÚgk>LíˇŚĂĽ%ŕÜÉÇáôʸţDĄž ŚţAúĎ/}ŰÚ¶˝‰t}±ç_|ý} «ď—Áť±ůŚ®™ň“ĆvÎĺ 0yłăô$Ż©ÜjL8ĺ×´SMŻďs<C48F>Aý™•öú˝é‚‹ BcŠ€ĐxMÝŮŠ6Ănq<`ęj×;†OÖk*XÇťë¤@·XŹV

9
agenix/hosts/tanker/mastodon/smtpPassword.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g UYcHcYsaMBFH6RS+TBDpT45/3+eVVlRx/JVpXDvJdUQ
QkdeRft5FX4kKRcGNZ+hH8sLuFcb2dQVFxiIAnDDJX4
-> ssh-ed25519 iO8/4g I3VCKLLgT+V8ehWhvYTcEDyj5fSAf+rhcFOpDDk5RnA
YnA8+ovbUDt7zsyhLiNYp6mBBRqmfdN3E/VAh/szdKI
-> {xVn9&^-grease
KVC2owNNTYRwUKb9qQ9rG9RFMn9Jve8DYbkt0ek
--- ECbJ8V2BT+01+k0dMfYkxkyp0GMzrn/R1ZCN4Kd8DQo
Ñ<EFBFBD><EFBFBD>îR<>%˜Q¾óŒ ¬ÇÊwæòÏ&V*½VÖ4~Âhä<68>uì\X±¦YÙ”iKkòsMýNíØúÓ°nð0(»êu<C3AA>'é{T7õ9PC

9
agenix/hosts/tanker/mastodon/vapidPrivateKey.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g lQFP6XGVNeVhNW2GNvbhwB6Ioo1aGbSv1pTlH3oO3Hw
J7YCjWhzbL2bvy6BYx5catINr2WCi/lg6XsfhPuMm6c
-> ssh-ed25519 iO8/4g 5r2bAlPLqTbtNZsXz5Gn7ncrRtXGpunp2t/GwSmhulg
4ydNTfRT0JDYc+iwYVDEdTJFoEiEifz6HxYJtVC3sn0
-> gC-N|-grease
xVkdxNoYdrK21FwLl6SQj4vuK2dte5l4
--- 1cc/CKuc3QQVSA/7/Boof2VuaMMnrOH8TLZPIrzfa9s
<%¡A»BMæÚMLx$€GÖþ4‡;Ù•Ÿù½öª#&{½ÞNcâîѦf@'p.Ó½ Á7õÎÍ;¥<>œš%ˆ˜Q ]EèT¬â Á

9
agenix/hosts/tanker/mastodon/vapidPublicKey.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g U34DG4CcXltkDyCczpdzlk2uWF3tdZmHQvJz+VcC/mo
PuUL691MRlpyC1QE86eciJmA+q5t9a7oJYzsltNJ/Cw
-> ssh-ed25519 iO8/4g 03tbfcgMSrAWu7h2i6YHmmYfjJc84HMVznv+A6yW3Sw
x14/IabzH8x1xaPs5gWsHjcik57M8GiOl8XSL+2kZFw
-> y~qZ1RN-grease XZ
YE8TxLeH4mXaJ/sYJdb2mr1olb69mra/IMYsnTsjJjxZaFQh
--- u8AEpBN454GKBoXTo5LZfhT8O8NmMPoxZ2DoHRawVAQ
Û_S?K qÒíFÀ9æþñ"wû¨¼m•8\<5C>W<ô¶M7¬?#Ÿ‡JCZéþÁ”Ì¢J \EÄ<45>Ÿ-P<>ÂJ'•¯u§\ú²L2<4C>žh¿ÑøæÈ·þ$nXŠAÿ<41>wÆð(þÂÉB²†¦Í¶ yDè*ëxFS

BIN
agenix/hosts/tanker/mautrix-signal/config.age Normal file
View file

Binary file not shown.

BIN
agenix/hosts/tanker/mautrix-whatsapp/config.age Normal file
View file

Binary file not shown.

10
agenix/hosts/tanker/miniflux/credentials.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g qZGcazmYr0cVRxTug4vtakkBqgWm9QC5wQPVnLU5iwM
+tKPQhktikJSIjzW/kcg+izEwJEY3z6gckQb3DdW5Qs
-> ssh-ed25519 iO8/4g pSIzsTaHkoV9WAjCSJIAr9uRNuVTiPTnyacfylF1y0o
oGXKk9SAnuUzGpdO5iOiaZvqtXmco+FAYIgyH89K+SA
-> \@3Ti?[K-grease n[ qu\ 9?W
7NfUxbNE7d9Om27ckTLpoqygnue5pR5Epu7QWoMaR4CZDQx0KfkeGf6EuCeybfcz
6XSsjsAYkZDMsQXn7hMWiQ
--- S6oZE6vH8A8dVnWOpfU/5vIGb0pkCueIB7soIj2SqwU
Ô´çU]Å×kûÐÐþ±šÉñŒëv™D|94| ©†x{¤_öÉB˜ü<CB9C>¾r°ówëÒOë"”=eK°AâP<{©LÚÊZõN”%Mù ¢µ°t½Òôžè[ýÐDjEúrúgè¾

11
agenix/hosts/tanker/mosquitto/passwordWeewx.age Normal file
View file

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g /XSuE5hFhZ9uikrpqA2Xg26QtfIKzj9DVTbtQpUMvmI
/TwDUNPZLU/CDQ22FIl8CUDz2mxAjf8W0/nurMx4diM
-> ssh-ed25519 iO8/4g KpdQeVMhb+Cm7JrndSD0PN7DGX2Z2DrEMUGdifQCehE
s15SBfOmUDDLUc+Kg9Tk15lLISUqU/5OcGeV+LuKMR4
-> z#6ki~-grease =f5 c/\1V4tV m{<_`g &=
mY4q54CFASChkcQUH7ufRmNtUbBNquJ1BPUOVSl1GPWJQo4wLa4S2uVgzre6/JHM
jS3wv7r2Qz4jyIlTJke1uhO4oMYr3cVKQYMh7pwjLIRUOY4
--- jiSqygWYh76uBkRcxLVCIvaqwfmUbzpg3pJf06E6Szg
õGCÑ<EFBFBD>)L#`]b`0½»Eæf‰ÍFO™#çÉ×ÄÀ¸ìå£üÈ1Í3µ\&#žDî4_ g§DŸåøQ'7 ^˜"<22>™”AþòvakÄUÔé€7ç;îÎøÓ¡¬;󑉰†Å Ä<Ðzä<7A>*5yê¡<C3AA>Æ&ËD6Q}•>#¬D Ñ
'ÝËg<18>¶ŒI

10
agenix/hosts/tanker/mosquitto/passwordWeewxProxy.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g DDKoUegvH8ay9AZet7JR5Fm5rlLbG+J8M3S95FYvtlQ
/Y+EVrGiGvLNXNx9auwYU3+X8sk7iwreBCq0FxznYCM
-> ssh-ed25519 iO8/4g +OGDl9FY/C7bWx/BvsLurIlFfbcZ4gMTxwcn2PCuLRk
jNPfr5GtIpjpPRVu7CTqKFr+d0iktmbsYR4mYls3lnQ
-> VTq6sn-grease
Hz3Jv4/CTn0KY0K+fczMLo1TA53IvBrbPuIpNLHUGu7lVE8jIaDMOTKIArWdbcrR
iPdv
--- pCIBj99TU5X4ZaJLTBeTf58TIXAHj3GP7P+AszQ3mfc
Rš1Ì8M:ê^ºÐóˆ1zYq.~$ŽÊ¬ökŸð „ðg¡å—ŸQЉibYwïIí¨jB¤êÀ<C3AA>uyWf$R´¦7 ™Ès'˜þÓSÊ2Ë´]ºò&rÇ $NÈÎrˆì•àçK«æ“ÕÛP´^ÖûËoð ¾Ð½øɉš³3÷VCÓ»€§÷<C2A7>ƒ`3¦¬

BIN
agenix/hosts/tanker/nitter/config.age Normal file
View file

Binary file not shown.

11
agenix/hosts/tanker/proxitok/environment.age Normal file
View file

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g 0jnqFOQg3RhkdCG5+JjsKUcd/JE9fhzFDvsgB6fZ7R0
KHrpFOnbkjbstLBgaFlLg7skOh7JrJPBlxerJ561unk
-> ssh-ed25519 iO8/4g x7hvbSev2gbPawB/rma1sHu7TQEh7GZnD7EOzNdKDBo
66lFTBhvGHoZxs9HadLktr8N0eJXHgHLctaV+ZqM+cM
-> .,hk(<S-grease U,
kWqF/pPUTMiUAwmX2tl7YRUfu5cnCWUf8vLpt0BJjOIUkY5wzUXpbPaz1vGDtTm5
w0jLRJR8Mn1KzQ
--- opbWo/5603yqmCX6olIgaiMo2qdgnnf18GJPXBWoo9E
ηOÐTqTíÚKȼԴé01¥GE®ŽLÚ_°ŽTV¦`}«5Bt-vn¼m"PË}<7D>„†Ã?Xÿí^* Ü&”5 Õö$ÌK4ÐÁ\Wäí
Ö„‰§×¬ü¦È?yíQqÿfs;ç‹Ä:Vú_{‰ú‚“ÓYU.©²2³ úãNÛ¬× z¬G*ÔŠ<>[;aô® <09>‰¹û$´¨}W#Ó¬1sk­$Áü›½<mêaV8´Ïþ×O`õÁÜ@Tð{ˆ¼ÚôQu€<75>ÈÔ$¦T•ÙuÝ?CÑ ·[µå3U¼Ñm„Æ°ù<C2B0>‡0<E280A1>çSW9çîŠ|®S§† ºˆOA\œ€/áŠÜs®Í@•öiî¢òNCˆ í"¾x,Ø¢y¸wšúpæ¼ÓÅ<C393>Îô`K«GÜ ­<55>IMu=J §õŸŒï³‡'œÙ|ú VàøŽKß>…¨ìwÆú•³äE¤5#Z%׬ ˜

10
agenix/hosts/tanker/signald/environment.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g TjcF9u1gbYjURFImt7uh+O7hNw3E2pR6H/i8Xd90DkU
wdeuBiwP0BTzMeVx+i7+jpWFaAW+dMnsXakFenPad/E
-> ssh-ed25519 iO8/4g V/BUJLff8IK0g5UFXqJ5ftK6Fs8zpheFr4ETzKQd5xs
0hzEB9qG6VX878t7tZzfjyH2BkgAhl+uDR4jX9chwgY
-> g.G-grease X;7X` 3ecO{T|m
/2RKLQzMCznCQXYnltmy7YhoXzHRJ4oxdArYCfQzJEcWDwy465xgm8EMNdu0mNA+
O15n2g
--- C896AcFfLEvwf3tcYqZP5dfPKFmE4oaaKH6KveEao6A
'ř»{Ă3Ć*vřäůѶ4†ŻŢ«ÎË<—;‰îQC(Őb-á `.˝goŕ ĐănČ˲< >:šľl0¬Ôň]Tâµ˝ 2Δ*‡ěhř”%Ýl<C39D>*WĹA Ŕü O(ëţí屄WăRŐA0[“­_HžCÎë6`

BIN
agenix/hosts/tanker/synapse/extraConfig.age Normal file
View file

Binary file not shown.

10
agenix/hosts/tanker/tailscale/authkey.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g 8/VvalpTjMjXQYaGZiNTJ/UyXXcgaaKXT46+sn2IuC0
eH+i//7AQiJ9KSD8NUkAd6CL6G6wuPeWBYLaUVUkH1s
-> ssh-ed25519 iO8/4g B9Tzo0djfjhV5wDj3i6JZseYJth+zIxkfbbMDuK8y3s
Wgokb9VVhd49riNZZ1JxuCGX1MgwzGr1Yqju475U0YA
-> 4S?&lGG-grease ? {z[+;U.< l8P&' !'eh+
mEhY97w5jF9ubheu6mx4puGrqsUyPxwGLhiwMjr5YLLwR5Hnj9xRY40UHGdng1H1
ssoX94PaJQN2YwwMSa8WudBhe2hAP7cWpH8tFMH6u/exmGO4UA
--- x1cfStmTuQb1xfYJ5DazYeAhjA1JcHZJF7Z4dhy2V58
Åú´ÌXK†eµtš0ùM(QiœB-7 ÒxgG<67>NÁ¿ŠÀéBXÉÿ\V†ÎØ=GfM§KÀèÀšé.<2E>$+ÿÂË'‹ØŸ;Ó€¨ôdÈMÇrǯ¢H

BIN
agenix/hosts/tanker/user/danielPassword.age Normal file
View file

Binary file not shown.

BIN
agenix/hosts/tanker/weewx/config.age Normal file
View file

Binary file not shown.

BIN
agenix/hosts/tanker/weewx/skin.age Normal file
View file

Binary file not shown.

BIN
agenix/hosts/weather-sdr/mosquitto/passwordWeewxProxy.age
View file

Binary file not shown.

BIN
agenix/hosts/weather-sdr/user/danielPassword.age
View file

Binary file not shown.

37
container/matrix/default.nix
View file

@ -7,7 +7,7 @@
image = "registry.gitlab.com/signald/signald:0.23.2"; image = "registry.gitlab.com/signald/signald:0.23.2";
environmentFiles = [ config.age.secrets.signald-environment.path ]; environmentFiles = [ config.age.secrets.signald-environment.path ];
volumes = [ volumes = [
"/etc/container-matrix/signald:/signald" "/var/lib/matrix-bridges/signald:/signald"
]; ];
}; };
@ -17,8 +17,8 @@
dependsOn = [ "signald" ]; dependsOn = [ "signald" ];
ports = [ "127.0.0.1:29328:29328" ]; ports = [ "127.0.0.1:29328:29328" ];
volumes = [ volumes = [
"/etc/container-matrix/signal:/data" "/var/lib/matrix-bridges/signal:/data"
"/etc/container-matrix/signald:/signald" "/var/lib/matrix-bridges/signald:/signald"
]; ];
}; };
@ -27,37 +27,14 @@
image = "dock.mau.dev/mautrix/whatsapp:v0.8.4"; image = "dock.mau.dev/mautrix/whatsapp:v0.8.4";
ports = [ "127.0.0.1:29318:29318" ]; ports = [ "127.0.0.1:29318:29318" ];
volumes = [ volumes = [
"/etc/container-matrix/whatsapp:/data" "/var/lib/matrix-bridges/whatsapp:/data"
]; ];
}; };
}; };
networking.firewall.interfaces."podman+" = {
allowedUDPPorts = [ 443 ];
allowedTCPPorts = [ 443 ];
};
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /etc/container-matrix/signald 0775 0 0" "d /var/lib/matrix-bridges/signald 0775 0 0"
"d /etc/container-matrix/signal 0775 1337 1337" "d /var/lib/matrix-bridges/signal 0775 1337 1337"
"d /etc/container-matrix/whatsapp 0775 1337 1337" "d /var/lib/matrix-bridges/whatsapp 0775 1337 1337"
]; ];
# Matrix: Signal
environment.etc."container-matrix/signal/config.yaml" = {
source = ../../secret/container/matrix/config/signal.yaml;
mode = "0640";
uid = 1337;
gid = 1337;
};
# Matrix: WhatsApp
environment.etc."container-matrix/whatsapp/config.yaml" = {
source = ../../secret/container/matrix/config/whatsapp.yaml;
mode = "0640";
uid = 1337;
gid = 1337;
};
} }

18
container/proxitok/default.nix
View file

@ -29,8 +29,24 @@
"d /etc/container-proxitok/cache 0755 33 33" "d /etc/container-proxitok/cache 0755 33 33"
]; ];
services.redis.servers.proxitok = {
enable = true;
bind = "10.88.0.1";
port = 6381;
databases = 1;
save = [ ];
appendFsync = "no";
settings = {
protected-mode = "no";
};
};
networking.firewall.interfaces."podman+".allowedTCPPorts = [ 6381 ];
services.nginx.virtualHosts."tictac.daniel.sx" = { services.nginx.virtualHosts."tictac.daniel.sx" = {
listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ]; listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ];
quic = true; quic = true;
http3 = true; http3 = true;

4
container/weewx/default.nix
View file

@ -2,7 +2,7 @@
let let
secret = import ../../secret/container/weewx; secret = import ../../secret/container/weewx;
data-dir = "/etc/container-weewx"; data-dir = "/var/lib/weewx";
in in
{ {
virtualisation.oci-containers.containers.weewx = { virtualisation.oci-containers.containers.weewx = {
@ -71,7 +71,7 @@ in
mosquittoPorts = [ 1883 ]; mosquittoPorts = [ 1883 ];
in in
{ {
"enp7s0".allowedTCPPorts = mosquittoPorts; "enp41s0".allowedTCPPorts = mosquittoPorts;
"tailscale0".allowedTCPPorts = mosquittoPorts; "tailscale0".allowedTCPPorts = mosquittoPorts;
"podman+".allowedTCPPorts = mosquittoPorts; "podman+".allowedTCPPorts = mosquittoPorts;
}; };

57
flake.lock
View file

@ -110,11 +110,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1686307493, "lastModified": 1687290953,
"narHash": "sha256-R4VEFnDn7nRmNxAu1LwNbjns5DPM8IBsvnrWmZ8ymPs=", "narHash": "sha256-PF0VGsuLxozDPLEGajGnb5usoO1v7YzzqOcG6k4ndQ4=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "7c16d31383a90e0e72ace0c35d2d66a18f90fb4f", "rev": "ed275afbbaad9b0670e2aeac3ae542595255d604",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -145,6 +145,26 @@
"type": "github" "type": "github"
} }
}, },
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1687134796,
"narHash": "sha256-gjBAkEtNPMQzqK4IHjTQBUv3VhggszOHLJbhXZy0OVQ=",
"owner": "nix-community",
"repo": "disko",
"rev": "4823509bb3b014dc85abefc13efcfa076d36338a",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -256,11 +276,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1686922395, "lastModified": 1687337969,
"narHash": "sha256-ysevinohPxdKp0RXyhDRsz1/vh1eXazg4AWp0n5X/U4=", "narHash": "sha256-5b58eo7Eku2ae+62HHHTbHtwe4jlS44JfYCDulGdopg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "9ba7b3990eb1f4782ea3f5fe7ac4f3c88dd7a32c", "rev": "9ce6977fe76fb408042a432e314764f8d1d86263",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -279,11 +299,11 @@
}, },
"locked": { "locked": {
"dir": "contrib", "dir": "contrib",
"lastModified": 1686981691, "lastModified": 1687335032,
"narHash": "sha256-0ruufYV+/3E8kSneuBEIrX8032hTkcSi4PErPU5rl5c=", "narHash": "sha256-Mcy5o7jnkOjrT0b5haJ2bT+8bqSUoa1z+HW2H7DzaA4=",
"owner": "neovim", "owner": "neovim",
"repo": "neovim", "repo": "neovim",
"rev": "c07dceba335c56c9a356395ad0d1e5a14d416752", "rev": "8d4a53fe6e20652946948170f2436ec520f9bdfe",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -304,11 +324,11 @@
"weewx-proxy-flake": "weewx-proxy-flake" "weewx-proxy-flake": "weewx-proxy-flake"
}, },
"locked": { "locked": {
"lastModified": 1686989911, "lastModified": 1687335565,
"narHash": "sha256-R9D6w+XyHk74iTVFNEcni9yW06TfPVH1w2+y0HnbN7o=", "narHash": "sha256-k9cIZ5ZSM2iyuRxPX6fce+qTPegdzu7H+VdgI9mB0l8=",
"owner": "nifoc", "owner": "nifoc",
"repo": "nix-overlay", "repo": "nix-overlay",
"rev": "582b7424ce2e4438728722f04c06969efa3008bc", "rev": "7e3f4c1539b2df1c08ad2904802740c42189b6dc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -335,11 +355,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1686979235, "lastModified": 1687274257,
"narHash": "sha256-gBlBtk+KrezFkfMrZw6uwTuA7YWtbFciiS14mEoTCo0=", "narHash": "sha256-TutzPriQcZ8FghDhEolnHcYU2oHIG5XWF+/SUBNnAOE=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7cc30fd5372ddafb3373c318507d9932bd74aafe", "rev": "2c9ecd1f0400076a4d6b2193ad468ff0a7e7fdc5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -389,6 +409,7 @@
"attic": "attic", "attic": "attic",
"darwin": "darwin", "darwin": "darwin",
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"disko": "disko",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"nifoc-overlay": "nifoc-overlay", "nifoc-overlay": "nifoc-overlay",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
@ -464,11 +485,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1686421566, "lastModified": 1687028025,
"narHash": "sha256-Doz8X6s2u33Lm0ZWxH/2d8r5AessR2unrDGHWSpxqUs=", "narHash": "sha256-haI8io27PLu8xijJDPcnKnD/oxB7LTnHNsHk8hLvl3A=",
"owner": "nifoc", "owner": "nifoc",
"repo": "weewx-proxy", "repo": "weewx-proxy",
"rev": "224fdba4acb4c42f3f4cb49e1192fa26441f2e68", "rev": "59d3a6cd0dd118a46f88badf33ffd3b2674c0bbf",
"type": "github" "type": "github"
}, },
"original": { "original": {

21
flake.nix
View file

@ -1,7 +1,11 @@
{ {
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
#nixpkgs.url = "github:nixos/nixpkgs?rev=22467e240f390f029d6c745ce031f0ffbdc40916";
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
darwin = { darwin = {
url = "github:lnl7/nix-darwin"; url = "github:lnl7/nix-darwin";
@ -44,13 +48,8 @@
inherit inputs; inherit inputs;
}; };
sail = import ./system/flakes/sail.nix { tanker = import ./system/flakes/tanker.nix {
inherit (inputs) nixpkgs deploy-rs home-manager agenix; inherit (inputs) nixpkgs disko deploy-rs home-manager agenix attic;
inherit inputs;
};
attic = import ./system/flakes/attic.nix {
inherit (inputs) nixpkgs deploy-rs home-manager agenix attic;
inherit inputs; inherit inputs;
}; };
@ -80,8 +79,7 @@
}; };
nixosConfigurations = { nixosConfigurations = {
sail = sail.system; tanker = tanker.system;
attic = attic.system;
mediaserver = mediaserver.system; mediaserver = mediaserver.system;
argon = argon.system; argon = argon.system;
weather-sdr = weather-sdr.system; weather-sdr = weather-sdr.system;
@ -89,8 +87,7 @@
}; };
deploy.nodes = { deploy.nodes = {
sail = sail.deployment; tanker = tanker.deployment;
attic = attic.deployment;
mediaserver = mediaserver.deployment; mediaserver = mediaserver.deployment;
argon = argon.deployment; argon = argon.deployment;
weather-sdr = weather-sdr.deployment; weather-sdr = weather-sdr.deployment;

169
hardware/disko/tanker.nix Normal file
View file

@ -0,0 +1,169 @@
{
disko.devices = {
disk = {
x = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "table";
format = "gpt";
partitions = [
{
name = "boot";
start = "0";
end = "1M";
part-type = "primary";
flags = [ "bios_grub" ];
}
{
name = "ESP";
start = "1M";
end = "1GiB";
fs-type = "fat32";
bootable = true;
content = {
type = "mdraid";
name = "boot";
};
}
{
name = "zfs";
start = "1GiB";
end = "-1GiB";
content = {
type = "zfs";
pool = "zroot";
};
}
{
name = "swap";
start = "-1GiB";
end = "100%";
part-type = "primary";
content = {
type = "swap";
randomEncryption = true;
};
}
];
};
};
y = {
type = "disk";
device = "/dev/nvme1n1";
content = {
type = "table";
format = "gpt";
partitions = [
{
name = "boot";
start = "0";
end = "1M";
part-type = "primary";
flags = [ "bios_grub" ];
}
{
name = "ESP";
start = "1M";
end = "1GiB";
fs-type = "fat32";
bootable = true;
content = {
type = "mdraid";
name = "boot";
};
}
{
name = "zfs";
start = "1GiB";
end = "-1GiB";
content = {
type = "zfs";
pool = "zroot";
};
}
{
name = "swap";
start = "-1GiB";
end = "100%";
part-type = "primary";
content = {
type = "swap";
randomEncryption = true;
};
}
];
};
};
};
mdadm = {
boot = {
type = "mdadm";
level = 1;
metadata = "1.0";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
};
zpool = {
zroot = {
type = "zpool";
mode = "mirror";
rootFsOptions = {
compression = "lz4";
"com.sun:auto-snapshot" = "true";
};
mountpoint = "/";
postCreateHook = "zfs snapshot zroot@blank";
datasets = {
postgresql = {
type = "zfs_fs";
mountpoint = "/var/lib/postgresql";
options = {
recordsize = "16k";
atime = "off";
};
};
elasticsearch = {
type = "zfs_fs";
mountpoint = "/var/lib/elasticsearch";
options = {
atime = "off";
};
};
mastodon = {
type = "zfs_fs";
mountpoint = "/var/lib/mastodon";
options = {
recordsize = "512k";
atime = "off";
};
};
synapse = {
type = "zfs_fs";
mountpoint = "/var/lib/matrix-synapse";
options = {
recordsize = "512k";
atime = "off";
};
};
};
};
};
};
}

28
hardware/hosts/attic.nix
View file

@ -1,28 +0,0 @@
{ pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
loader.grub.device = "/dev/sda";
initrd = {
availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
kernelModules = [ "nvme" "tls" ];
};
kernelPackages = pkgs.linuxPackages_latest;
kernelModules = [ "tcp_bbr" ];
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
"net.ipv4.tcp_syncookies" = 0;
"net.ipv4.tcp_timestamps" = 1;
"net.ipv4.tcp_window_scaling" = 1;
"net.core.rmem_max" = 2500000;
};
};
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
}

28
hardware/hosts/sail.nix
View file

@ -1,28 +0,0 @@
{ pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
loader.grub.device = "/dev/sda";
initrd = {
availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];
kernelModules = [ "nvme" "tls" ];
};
kernelPackages = pkgs.linuxPackages_latest;
kernelModules = [ "tcp_bbr" ];
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
"net.ipv4.tcp_syncookies" = 0;
"net.ipv4.tcp_timestamps" = 1;
"net.ipv4.tcp_window_scaling" = 1;
"net.core.rmem_max" = 2500000;
};
};
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
}

36
hardware/hosts/tanker.nix Normal file
View file

@ -0,0 +1,36 @@
{ pkgs, modulesPath, ... }:
{
imports = [
../disko/tanker.nix
];
boot = {
loader.grub = {
enable = true;
copyKernels = true;
devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ];
efiInstallAsRemovable = true;
efiSupport = true;
fsIdentifier = "uuid";
};
initrd = {
availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ];
kernelModules = [ "tls" ];
};
kernelPackages = pkgs.zfs.latestCompatibleLinuxPackages;
kernelModules = [ "tcp_bbr" ];
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
"net.ipv4.tcp_syncookies" = 0;
"net.ipv4.tcp_timestamps" = 1;
"net.ipv4.tcp_window_scaling" = 1;
"net.core.rmem_max" = 2500000;
};
};
}

38
home/hosts/sail.nix
View file

@ -1,38 +0,0 @@
args@{ pkgs, ... }:
let
secret = import ../../secret/hosts/sail.nix;
in
{
imports = [
../programs/fish.nix
../programs/atuin.nix
../programs/starship.nix
../programs/nvim
../programs/git.nix
../programs/bat.nix
../programs/fzf.nix
../programs/jq.nix
../programs/scripts.nix
];
home = {
stateVersion = "22.11";
packages = with pkgs; [
awscli2
curlHTTP3
lnav
mtr
parallel
q
ripgrep
];
};
}

0
home/hosts/attic.nix → home/hosts/tanker.nix
View file

78
home/programs/nvim/plugins.nix
View file

@ -30,12 +30,12 @@ in
}; };
nvim-web-devicons = buildVimPluginFrom2Nix { nvim-web-devicons = buildVimPluginFrom2Nix {
pname = "nvim-web-devicons"; pname = "nvim-web-devicons";
version = "2023-05-27"; version = "2023-06-18";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "kyazdani42"; owner = "kyazdani42";
repo = "nvim-web-devicons"; repo = "nvim-web-devicons";
rev = "2a125024a137677930efcfdf720f205504c97268"; rev = "14b3a5ba63b82b60cde98d0a40319d80f25e8301";
sha256 = "0hjfi7zrxn7hci0gagnx50p20afdg5c63skjbh89rvsh0v2qgg3f"; sha256 = "0hn54zz5a3zhg796jfryg1vsikv96vpvcgg71mz95wshnqjlr3jr";
fetchSubmodules = false; fetchSubmodules = false;
}; };
}; };
@ -85,12 +85,12 @@ in
}; };
leap-nvim = buildVimPluginFrom2Nix { leap-nvim = buildVimPluginFrom2Nix {
pname = "leap.nvim"; pname = "leap.nvim";
version = "2023-06-02"; version = "2023-06-17";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "ggandor"; owner = "ggandor";
repo = "leap.nvim"; repo = "leap.nvim";
rev = "14b5a65190fe69388a8f59c695ed3394a10d6af8"; rev = "96f0f60baf037a3f91c8c725a0aad56094a73808";
sha256 = "1p3bz2zs4s2kg1q1gyaf2pffp1fwd0hmh5cds8s8a1r3cab9mnap"; sha256 = "0qgqiiw2cmm60cxnil2cvkh5h6p8kx3zvcyw60ia7n4s93yqzbkx";
fetchSubmodules = false; fetchSubmodules = false;
}; };
}; };
@ -107,23 +107,23 @@ in
}; };
nvim-treesitter = buildVimPluginFrom2Nix { nvim-treesitter = buildVimPluginFrom2Nix {
pname = "nvim-treesitter"; pname = "nvim-treesitter";
version = "2023-06-17"; version = "2023-06-21";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "nvim-treesitter"; owner = "nvim-treesitter";
repo = "nvim-treesitter"; repo = "nvim-treesitter";
rev = "840e5d71787b02789f909315f646a6dd66a0de2c"; rev = "39b9f45a646371736ce95ec0c8cf685a727b5312";
sha256 = "0zqp1bckgijic464868dqs4gxfmvjkmkrj9hkrjwm4vp5qfcqwk6"; sha256 = "0cqwx2sqi5lqs7jmy8vsn81qhnfx6n403pxqyj8wihvl7g9kjz1n";
fetchSubmodules = false; fetchSubmodules = false;
}; };
}; };
nvim-ts-rainbow2 = buildVimPluginFrom2Nix { nvim-ts-rainbow2 = buildVimPluginFrom2Nix {
pname = "nvim-ts-rainbow2"; pname = "nvim-ts-rainbow2";
version = "2023-06-14"; version = "2023-06-20";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "HiPhish"; owner = "HiPhish";
repo = "nvim-ts-rainbow2"; repo = "nvim-ts-rainbow2";
rev = "9e228dc94d083cb2dfddac64d524483f452dab40"; rev = "a716318361239c9ee5364fc032795679b16762db";
sha256 = "13q9kpiwmydf39dfk47inaas2r49scsvrqb1v7rnimjmjxp2654d"; sha256 = "1k48q777kdxa12l5g47cmrd1lmih3h076jlcsway2anxa7kfjddl";
fetchSubmodules = false; fetchSubmodules = false;
}; };
}; };
@ -220,12 +220,12 @@ in
}; };
nvim-lspconfig = buildVimPluginFrom2Nix { nvim-lspconfig = buildVimPluginFrom2Nix {
pname = "nvim-lspconfig"; pname = "nvim-lspconfig";
version = "2023-06-17"; version = "2023-06-20";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "neovim"; owner = "neovim";
repo = "nvim-lspconfig"; repo = "nvim-lspconfig";
rev = "80861dc087982a6ed8ba91ec4836adce619f5a8a"; rev = "a51892484c2002c083a8b0a9dfcefb3a569be36d";
sha256 = "03n3zh5gizia6ryafj88c0n6rpwzqhfa7b3gwrr66z25c0sqqxv3"; sha256 = "02yxlfqlvv8nprk9mbxhw2mh52plcjka5kwbn4h8s4d49dzp396w";
fetchSubmodules = false; fetchSubmodules = false;
}; };
}; };
@ -297,34 +297,34 @@ in
}; };
LuaSnip = buildVimPluginFrom2Nix { LuaSnip = buildVimPluginFrom2Nix {
pname = "LuaSnip"; pname = "LuaSnip";
version = "2023-06-16"; version = "2023-06-19";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "L3MON4D3"; owner = "L3MON4D3";
repo = "LuaSnip"; repo = "LuaSnip";
rev = "4964cd11e19de4671189b97de37f3c4930d43191"; rev = "3d2ad0c0fa25e4e272ade48a62a185ebd0fe26c1";
sha256 = "15qfwwc5fsc6yhr0qsrfw4s8xvknrf1m25443lgz95v3d37hxkn5"; sha256 = "01ih6rp99qvip3zpyd663c6fi69r4xfqj2x1k6x679h6gicharl0";
fetchSubmodules = false; fetchSubmodules = false;
}; };
}; };
friendly-snippets = buildVimPluginFrom2Nix { friendly-snippets = buildVimPluginFrom2Nix {
pname = "friendly-snippets"; pname = "friendly-snippets";
version = "2023-06-17"; version = "2023-06-21";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "rafamadriz"; owner = "rafamadriz";
repo = "friendly-snippets"; repo = "friendly-snippets";
rev = "70b727d3454cceb3a818b1746be09786568b7e33"; rev = "01f80274100fe3ff6c9183b9c0674a520141be4d";
sha256 = "13winfmabdpxwgig519qr11znjngdlmbgbmksyrilxangaw3zgjf"; sha256 = "1pxbbdjq25ri5jhwl953020xwbzhy564m35xz9vhnv8i2wz8kg2l";
fetchSubmodules = false; fetchSubmodules = false;
}; };
}; };
nvim-cmp = buildVimPluginFrom2Nix { nvim-cmp = buildVimPluginFrom2Nix {
pname = "nvim-cmp"; pname = "nvim-cmp";
version = "2023-06-11"; version = "2023-06-19";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "hrsh7th"; owner = "hrsh7th";
repo = "nvim-cmp"; repo = "nvim-cmp";
rev = "b8c2a62b3bd3827aa059b43be3dd4b5c45037d65"; rev = "fa492591fecdc41798cd5d3d1713232a5088fba0";
sha256 = "1xh3pzcdbz2hqa3vl14gwn77pqjv939q9jfq1y4ln676jz5ljr4q"; sha256 = "0a7szf6lfgadlxrsg34qjc6hyz2ca9k0z0xfyvdcqnibfhlbgg0l";
fetchSubmodules = false; fetchSubmodules = false;
}; };
}; };
@ -429,12 +429,12 @@ in
}; };
nvim-autopairs = buildVimPluginFrom2Nix { nvim-autopairs = buildVimPluginFrom2Nix {
pname = "nvim-autopairs"; pname = "nvim-autopairs";
version = "2023-06-14"; version = "2023-06-18";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "windwp"; owner = "windwp";
repo = "nvim-autopairs"; repo = "nvim-autopairs";
rev = "41803bdbf75569571f93fd4571f6c654635b1b46"; rev = "e8f7dd7a72de3e7b6626c050a802000e69d53ff0";
sha256 = "1lxq0qr3ninkz4yk2a0467vzyx7lslg7fqix918cqd10mgrg5xkr"; sha256 = "0lk78zvmf5cyyq4nmrzybi7dbpbwx499r0la4wza9h1gp4l7xvy7";
fetchSubmodules = false; fetchSubmodules = false;
}; };
}; };
@ -462,12 +462,12 @@ in
}; };
nvim-treesitter-textobjects = buildVimPluginFrom2Nix { nvim-treesitter-textobjects = buildVimPluginFrom2Nix {
pname = "nvim-treesitter-textobjects"; pname = "nvim-treesitter-textobjects";
version = "2023-06-08"; version = "2023-06-19";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "nvim-treesitter"; owner = "nvim-treesitter";
repo = "nvim-treesitter-textobjects"; repo = "nvim-treesitter-textobjects";
rev = "2d6d3c7e49a24f6ffbbf7898241fefe9784f61bd"; rev = "83c59ed1eeae70a55605990993cf4d208948fdf7";
sha256 = "1mlx0hkx42al578ilwsj4547rqny85x089is189hdic287yw59gp"; sha256 = "1780104ap415dlnvik1s027vhd0ikvly23lcb4dq2d2smlkymjgf";
fetchSubmodules = false; fetchSubmodules = false;
}; };
}; };
@ -539,23 +539,23 @@ in
}; };
gitsigns-nvim = buildVimPluginFrom2Nix { gitsigns-nvim = buildVimPluginFrom2Nix {
pname = "gitsigns.nvim"; pname = "gitsigns.nvim";
version = "2023-06-16"; version = "2023-06-20";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "lewis6991"; owner = "lewis6991";
repo = "gitsigns.nvim"; repo = "gitsigns.nvim";
rev = "256569c2fe697a3003dbd49ff474e5935af9066c"; rev = "a36bc3360d584d39b4fb076d855c4180842d4444";
sha256 = "1xxpqjmxqf7bkia4jrf78grjg9myq7lnhygmi0gm90nwlm9wi8vl"; sha256 = "1kq2ykmpagan4d4anjv8s8dp2gi22n8paqzkk933zr5azd9q6pjp";
fetchSubmodules = false; fetchSubmodules = false;
}; };
}; };
nui-nvim = buildVimPluginFrom2Nix { nui-nvim = buildVimPluginFrom2Nix {
pname = "nui.nvim"; pname = "nui.nvim";
version = "2023-06-16"; version = "2023-06-18";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "MunifTanjim"; owner = "MunifTanjim";
repo = "nui.nvim"; repo = "nui.nvim";
rev = "e319f2554d14a521f4271576ebff2685105d7628"; rev = "d146966a423e60699b084eeb28489fe3b6427599";
sha256 = "1lm7fm2pdclsrimiw73m5pbg6h0g1yj9bd7kin55xapzvn4j3131"; sha256 = "0cg0771dai5gsch36qfandx3i48gq2zhifnmgwarl174af8f8mrq";
fetchSubmodules = false; fetchSubmodules = false;
}; };
}; };
@ -572,12 +572,12 @@ in
}; };
noice-nvim = buildVimPluginFrom2Nix { noice-nvim = buildVimPluginFrom2Nix {
pname = "noice.nvim"; pname = "noice.nvim";
version = "2023-06-12"; version = "2023-06-19";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "folke"; owner = "folke";
repo = "noice.nvim"; repo = "noice.nvim";
rev = "a3318600bc1eba2cca84e879048c1ab8d4a0262d"; rev = "39461475d9de676bccc338876689c9e5b44bc932";
sha256 = "1hba8idla910jwwpm9dgsa200nb0jw3054rnan7dyawg694d67bv"; sha256 = "11b4bv0dhy8y478p1gfw2ic47bg0x9v073ljndvcz5qcdh3qpsv9";
fetchSubmodules = false; fetchSubmodules = false;
}; };
}; };

8
home/programs/ssh/shared/builder.nix
View file

@ -16,6 +16,14 @@
identitiesOnly = true; identitiesOnly = true;
}; };
"builder-tanker" = {
hostname = "tanker.ts.kempkens.network";
port = 22;
user = "root";
identityFile = "~/.ssh/Hetzner.pub";
identitiesOnly = true;
};
"builder-mediaserver" = { "builder-mediaserver" = {
hostname = "mediaserver.ts.kempkens.network"; hostname = "mediaserver.ts.kempkens.network";
port = 22; port = 22;

9
home/programs/ssh/shared/private.nix
View file

@ -60,6 +60,15 @@
identitiesOnly = true; identitiesOnly = true;
}; };
"tanker" = {
hostname = "tanker.ts.kempkens.network";
port = 22;
user = "daniel";
forwardAgent = true;
identityFile = "~/.ssh/Hetzner.pub";
identitiesOnly = true;
};
"attic" = { "attic" = {
hostname = "attic.ts.kempkens.network"; hostname = "attic.ts.kempkens.network";
port = 22; port = 22;

BIN
secret/container/matrix/config/signal.yaml
View file

Binary file not shown.

BIN
secret/container/matrix/config/whatsapp.yaml
View file

Binary file not shown.

BIN
secret/hosts/attic.nix
View file

Binary file not shown.

BIN
secret/hosts/sail.nix
View file

Binary file not shown.

BIN
secret/hosts/tanker.nix Normal file
View file

Binary file not shown.

63
secrets.nix
View file

@ -1,63 +1,62 @@
let let
user-daniel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1UfCIu7jUe64iQmp2UUyAgqZ3IYdMOo/Me6hRTnKoG"; user-daniel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1UfCIu7jUe64iQmp2UUyAgqZ3IYdMOo/Me6hRTnKoG";
system-sail = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJMs1BqZ+MC7XBwV+dZW8EmaZt2cOg/xcOBPS9KSzIl"; system-tanker = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpnogLd3Ttmz/At0dXveaG1xF37vV7lz34ojDTIuCOi";
system-attic = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHe6N3LfPxu7KNsyuI8YE3R0OHLTxNw5+WhuQjKL6PUr";
system-mediaserver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDlB0cL5CtTOyARWSE2yUsNU4JHUPmr71710mZHzsmbX"; system-mediaserver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDlB0cL5CtTOyARWSE2yUsNU4JHUPmr71710mZHzsmbX";
system-argon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPP9ygczyi6g8abvj1I0eAj7N2Rli9UMlkC8VT6SnWLU"; system-argon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPP9ygczyi6g8abvj1I0eAj7N2Rli9UMlkC8VT6SnWLU";
system-weather-sdr = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBHuAdx5u9R2DyK065DUxdwhEOi0at1WNkY5f4JtrOzk"; system-weather-sdr = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBHuAdx5u9R2DyK065DUxdwhEOi0at1WNkY5f4JtrOzk";
sail = [ user-daniel system-sail ]; tanker = [ user-daniel system-tanker ];
attic = [ user-daniel system-attic ];
mediaserver = [ user-daniel system-mediaserver ]; mediaserver = [ user-daniel system-mediaserver ];
argon = [ user-daniel system-argon ]; argon = [ user-daniel system-argon ];
weather-sdr = [ user-daniel system-weather-sdr ]; weather-sdr = [ user-daniel system-weather-sdr ];
in in
{ {
# sail # tanker
"agenix/hosts/sail/acme/credentials.age".publicKeys = sail; "agenix/hosts/tanker/user/danielPassword.age".publicKeys = tanker;
"agenix/hosts/sail/tailscale/authkey.age".publicKeys = sail; "agenix/hosts/tanker/acme/credentials.age".publicKeys = tanker;
"agenix/hosts/sail/mastodon/databasePassword.age".publicKeys = sail; "agenix/hosts/tanker/tailscale/authkey.age".publicKeys = tanker;
"agenix/hosts/sail/mastodon/smtpPassword.age".publicKeys = sail;
"agenix/hosts/sail/mastodon/otpSecret.age".publicKeys = sail;
"agenix/hosts/sail/mastodon/secretKeyBase.age".publicKeys = sail;
"agenix/hosts/sail/mastodon/vapidPrivateKey.age".publicKeys = sail;
"agenix/hosts/sail/mastodon/vapidPublicKey.age".publicKeys = sail;
"agenix/hosts/sail/mastodon/extraConfig.age".publicKeys = sail;
"agenix/hosts/sail/synapse/extraConfig.age".publicKeys = sail; "agenix/hosts/tanker/atuin/environment.age".publicKeys = tanker;
"agenix/hosts/sail/signald/environment.age".publicKeys = sail; "agenix/hosts/tanker/atticd/environment.age".publicKeys = tanker;
"agenix/hosts/sail/weewx/config.age".publicKeys = sail; "agenix/hosts/tanker/fedifetcher/config.age".publicKeys = tanker;
"agenix/hosts/sail/weewx/skin.age".publicKeys = sail;
"agenix/hosts/sail/mosquitto/passwordWeewxProxy.age".publicKeys = sail; "agenix/hosts/tanker/mastodon/databasePassword.age".publicKeys = tanker;
"agenix/hosts/sail/mosquitto/passwordWeewx.age".publicKeys = sail; "agenix/hosts/tanker/mastodon/smtpPassword.age".publicKeys = tanker;
"agenix/hosts/tanker/mastodon/otpSecret.age".publicKeys = tanker;
"agenix/hosts/tanker/mastodon/secretKeyBase.age".publicKeys = tanker;
"agenix/hosts/tanker/mastodon/vapidPrivateKey.age".publicKeys = tanker;
"agenix/hosts/tanker/mastodon/vapidPublicKey.age".publicKeys = tanker;
"agenix/hosts/tanker/mastodon/extraConfig.age".publicKeys = tanker;
"agenix/hosts/sail/atuin/environment.age".publicKeys = sail; "agenix/hosts/tanker/miniflux/credentials.age".publicKeys = tanker;
"agenix/hosts/sail/freshrss/userPassword.age".publicKeys = sail; "agenix/hosts/tanker/mosquitto/passwordWeewxProxy.age".publicKeys = tanker;
"agenix/hosts/sail/freshrss/databasePassword.age".publicKeys = sail; "agenix/hosts/tanker/mosquitto/passwordWeewx.age".publicKeys = tanker;
"agenix/hosts/sail/invidious/databasePassword.age".publicKeys = sail; "agenix/hosts/tanker/nitter/config.age".publicKeys = tanker;
"agenix/hosts/sail/nitter/config.age".publicKeys = sail; "agenix/hosts/tanker/anonymous-overflow/config.age".publicKeys = tanker;
"agenix/hosts/sail/anonymous-overflow/config.age".publicKeys = sail; "agenix/hosts/tanker/invidious/databasePassword.age".publicKeys = tanker;
"agenix/hosts/tanker/invidious/extraSettings.age".publicKeys = tanker;
"agenix/hosts/sail/proxitok/environment.age".publicKeys = sail; "agenix/hosts/tanker/proxitok/environment.age".publicKeys = tanker;
# attic "agenix/hosts/tanker/synapse/extraConfig.age".publicKeys = tanker;
"agenix/hosts/attic/user/danielPassword.age".publicKeys = attic;
"agenix/hosts/attic/acme/credentials.age".publicKeys = attic; "agenix/hosts/tanker/mautrix-signal/config.age".publicKeys = tanker;
"agenix/hosts/attic/tailscale/authkey.age".publicKeys = attic; "agenix/hosts/tanker/signald/environment.age".publicKeys = tanker;
"agenix/hosts/attic/atticd/environment.age".publicKeys = attic; "agenix/hosts/tanker/mautrix-whatsapp/config.age".publicKeys = tanker;
"agenix/hosts/tanker/weewx/config.age".publicKeys = tanker;
"agenix/hosts/tanker/weewx/skin.age".publicKeys = tanker;
# mediaserver # mediaserver
"agenix/hosts/mediaserver/user/danielPassword.age".publicKeys = mediaserver; "agenix/hosts/mediaserver/user/danielPassword.age".publicKeys = mediaserver;

59
system/flakes/sail.nix
View file

@ -1,59 +0,0 @@
{ nixpkgs, deploy-rs, home-manager, agenix, inputs, ... }:
let
default-system = "x86_64-linux";
overlay-attic = inputs.attic.overlays.default;
overlay-deploy-rs = _: _: { inherit (deploy-rs.packages.${default-system}) deploy-rs; };
overlay-nifoc = inputs.nifoc-overlay.overlay;
nixpkgsConfig = {
overlays = [
overlay-attic
overlay-deploy-rs
overlay-nifoc
];
config = {
allowUnfree = true;
allowBroken = true;
permittedInsecurePackages = [
"openssl-1.1.1t"
];
};
};
in
rec {
system = nixpkgs.lib.nixosSystem {
system = default-system;
modules = [
../hosts/sail.nix
home-manager.nixosModules.home-manager
agenix.nixosModules.default
{
nixpkgs = nixpkgsConfig;
nix.nixPath = [ "nixpkgs=${nixpkgs}" ];
nix.registry.nixpkgs.flake = nixpkgs;
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.daniel = import ../../home/hosts/sail.nix;
}
];
};
deployment = {
hostname = "sail";
sshUser = "root";
remoteBuild = true;
autoRollback = false;
magicRollback = false;
profiles.system = {
path = deploy-rs.lib.${default-system}.activate.nixos system;
};
};
}

10
system/flakes/attic.nix → system/flakes/tanker.nix
View file

@ -1,4 +1,4 @@
{ nixpkgs, deploy-rs, home-manager, agenix, attic, inputs, ... }: { nixpkgs, disko, deploy-rs, home-manager, agenix, attic, inputs, ... }:
let let
default-system = "x86_64-linux"; default-system = "x86_64-linux";
@ -26,7 +26,9 @@ rec {
system = nixpkgs.lib.nixosSystem { system = nixpkgs.lib.nixosSystem {
system = default-system; system = default-system;
modules = [ modules = [
../hosts/attic.nix disko.nixosModules.disko
../hosts/tanker.nix
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
@ -40,13 +42,13 @@ rec {
nix.registry.nixpkgs.flake = nixpkgs; nix.registry.nixpkgs.flake = nixpkgs;
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.users.daniel = import ../../home/hosts/attic.nix; home-manager.users.daniel = import ../../home/hosts/tanker.nix;
} }
]; ];
}; };
deployment = { deployment = {
hostname = "attic"; hostname = "94.130.142.168";
sshUser = "root"; sshUser = "root";
remoteBuild = true; remoteBuild = true;
autoRollback = false; autoRollback = false;

2
system/hosts/Styx.nix
View file

@ -74,7 +74,7 @@
}; };
}; };
documentation.doc.enable = false; documentation.enable = false;
users = { users = {
users.daniel = { users.daniel = {

143
system/hosts/attic.nix
View file

@ -1,143 +0,0 @@
args@{ pkgs, config, lib, ... }:
let
secret = import ../../secret/hosts/attic.nix;
ssh-keys = import ../shared/ssh-keys.nix;
in
{
imports = [
../../hardware/hosts/attic.nix
../../agenix/hosts/attic/config.nix
../shared/show-update-changelog.nix
../nixos/ssh.nix
../nixos/git.nix
../nixos/acme-attic.nix
../nixos/nginx.nix
(import ../nixos/atticd.nix (args // { inherit secret; }))
(import ../nixos/home-proxy.nix (args // { inherit secret; }))
../nixos/tailscale.nix
];
system.stateVersion = "22.11";
nix = {
package = pkgs.nixVersions.stable;
settings = {
auto-optimise-store = true;
substituters = [
"https://attic.cache.daniel.sx/nifoc-systems"
"https://nifoc.cachix.org"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"nifoc-systems:eDDqVP5BFR6/1KvXbF9oUL8JahDdmbrsYtxlQ57LOTU="
"nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 14d";
};
extraOptions = ''
experimental-features = nix-command flakes
extra-platforms = aarch64-linux
keep-derivations = true
keep-outputs = true
post-build-hook = ${../../home/programs/scripts/attic-system-cache}
'';
};
environment.etc."nix/netrc".source = ../../secret/shared/nix-netrc;
boot = {
tmp.cleanOnBoot = true;
binfmt.emulatedSystems = [ "aarch64-linux" ];
};
zramSwap.enable = true;
networking = {
hostName = "attic";
useNetworkd = true;
extraHosts = ''
127.0.0.1 attic.cache.daniel.sx
'';
};
systemd.network = {
enable = true;
networks = {
"10-wan" = {
matchConfig.Name = "enp1s0";
networkConfig = {
DHCP = "ipv4";
Address = "2a01:4f8:c0c:fa14::1/64";
Gateway = "fe80::1";
};
linkConfig.RequiredForOnline = "routable";
ntp = [
"ntp1.hetzner.de"
"ntp2.hetzner.com"
"ntp3.hetzner.net"
];
};
"20-private" = {
matchConfig.Name = "enp7s0";
networkConfig = {
DHCP = "ipv4";
IPv6AcceptRA = false;
};
linkConfig.RequiredForOnline = "routable";
};
};
wait-online.extraArgs = [
"--interface=enp1s0"
"--interface=enp7s0"
];
};
services.journald.extraConfig = ''
SystemMaxUse=1G
'';
documentation = {
nixos.enable = false;
doc.enable = false;
};
programs.fish.enable = true;
users.users = {
root = {
openssh.authorizedKeys.keys = [ ssh-keys.Hetzner ];
};
daniel = {
passwordFile = config.age.secrets.user-daniel-password.path;
isNormalUser = true;
home = "/home/daniel";
description = "Daniel";
extraGroups = [ "wheel" ];
shell = pkgs.fish;
openssh.authorizedKeys.keys = [ ssh-keys.Hetzner ];
};
};
}

90
system/hosts/sail.nix → system/hosts/tanker.nix
View file

@ -1,34 +1,43 @@
args@{ pkgs, ... }: args@{ pkgs, config, ... }:
let let
secret = import ../../secret/hosts/sail.nix; secret = import ../../secret/hosts/tanker.nix;
ssh-keys = import ../shared/ssh-keys.nix; ssh-keys = import ../shared/ssh-keys.nix;
in in
{ {
imports = [ imports = [
../../hardware/hosts/sail.nix ../../hardware/hosts/tanker.nix
../../agenix/hosts/sail/config.nix ../nixos/zfs.nix
../../agenix/hosts/tanker/config.nix
../shared/show-update-changelog.nix ../shared/show-update-changelog.nix
../nixos/ssh.nix ../nixos/ssh.nix
../nixos/git.nix ../nixos/git.nix
../nixos/acme-sail.nix ../nixos/acme-tanker.nix
../nixos/nginx.nix ../nixos/nginx.nix
../nixos/postgresql.nix
../nixos/atuin-sync.nix ../nixos/elasticsearch.nix
../nixos/mosquitto.nix
../nixos/attic.nix ../nixos/container.nix
../nixos/anonymous-overflow.nix ../nixos/anonymous-overflow.nix
(import ../nixos/freshrss.nix (args // { inherit secret; })) ../nixos/atuin-sync.nix
(import ../nixos/atticd.nix (args // { inherit secret; }))
../nixos/fedifetcher.nix
(import ../nixos/home-proxy.nix (args // { inherit secret; }))
../nixos/invidious.nix ../nixos/invidious.nix
(import ../nixos/libreddit.nix (args // { inherit secret; })) (import ../nixos/libreddit.nix (args // { inherit secret; }))
(import ../nixos/mastodon.nix (args // { inherit secret; })) ../nixos/mastodon.nix
../nixos/miniflux.nix
(import ../nixos/nitter.nix (args // { inherit secret; })) (import ../nixos/nitter.nix (args // { inherit secret; }))
@ -38,18 +47,13 @@ in
../nixos/synapse.nix ../nixos/synapse.nix
../nixos/websites-sail.nix
../nixos/tailscale.nix ../nixos/tailscale.nix
../nixos/mosquitto.nix ../nixos/websites-tanker.nix
../nixos/container.nix
../../container/weewx
../../container/matrix ../../container/matrix
../../container/proxitok ../../container/proxitok
../../container/weewx
(import ../nixos/fedifetcher.nix (args // { inherit secret; }))
]; ];
system.stateVersion = "22.11"; system.stateVersion = "22.11";
@ -96,14 +100,13 @@ in
binfmt.emulatedSystems = [ "aarch64-linux" ]; binfmt.emulatedSystems = [ "aarch64-linux" ];
}; };
zramSwap.enable = true;
networking = { networking = {
hostName = "sail"; hostName = "tanker";
hostId = "d89f488a";
useNetworkd = true; useNetworkd = true;
extraHosts = '' extraHosts = ''
10.99.99.4 attic.cache.daniel.sx 127.0.0.1 attic.cache.daniel.sx
''; '';
}; };
@ -112,55 +115,58 @@ in
networks = { networks = {
"10-wan" = { "10-wan" = {
matchConfig.Name = "enp1s0"; matchConfig.Name = "enp41s0";
networkConfig = { address = [
DHCP = "ipv4"; "94.130.142.168/26"
Address = "2a01:4f8:c2c:989c::1/64"; "2a01:4f8:13b:2d81::2/64"
Gateway = "fe80::1"; ];
}; gateway = [
"94.130.142.129"
"fe80::1"
];
linkConfig.RequiredForOnline = "routable"; linkConfig.RequiredForOnline = "routable";
dns = [
"185.12.64.1"
"185.12.64.2"
"2a01:4ff:ff00::add:1"
"2a01:4ff:ff00::add:2"
];
ntp = [ ntp = [
"ntp1.hetzner.de" "ntp1.hetzner.de"
"ntp2.hetzner.com" "ntp2.hetzner.com"
"ntp3.hetzner.net" "ntp3.hetzner.net"
]; ];
}; };
"20-private" = {
matchConfig.Name = "enp7s0";
networkConfig = {
DHCP = "ipv4";
IPv6AcceptRA = false;
};
linkConfig.RequiredForOnline = "routable";
};
}; };
wait-online.extraArgs = [ wait-online.extraArgs = [
"--interface=enp1s0" "--interface=enp41s0"
"--interface=enp7s0"
]; ];
}; };
services.journald.extraConfig = '' services.journald.extraConfig = ''
SystemMaxUse=1G SystemMaxUse=4G
''; '';
services.zfs.autoScrub.enable = true;
documentation = { documentation = {
nixos.enable = false; nixos.enable = false;
doc.enable = false; doc.enable = false;
}; };
programs.fish.enable = true; programs.fish.enable = true;
programs.htop.enable = true;
users.users = { users.users = {
root = { root = {
openssh.authorizedKeys.keys = [ ssh-keys.Hetzner ]; openssh.authorizedKeys.keys = [ ssh-keys.Hetzner ssh-keys.BackupTanker ];
}; };
daniel = { daniel = {
inherit (secret.users.daniel) hashedPassword; passwordFile = config.age.secrets.user-daniel-password.path;
isNormalUser = true; isNormalUser = true;
home = "/home/daniel"; home = "/home/daniel";
description = "Daniel"; description = "Daniel";

13
system/nixos/acme-attic.nix → system/nixos/acme-tanker.nix
View file

@ -15,8 +15,17 @@
}; };
certs = { certs = {
"cache.daniel.sx" = { "kempkens.io" = {
domain = "*.cache.daniel.sx"; domain = "*.kempkens.io";
};
"daniel.sx" = {
domain = "*.daniel.sx";
extraDomainNames = [ "*.cache.daniel.sx" ];
};
"nifoc.pw" = {
domain = "*.nifoc.pw";
}; };
}; };
}; };

4
system/nixos/adguardhome.nix
View file

@ -92,8 +92,8 @@
useACMEHost = "internal.kempkens.network"; useACMEHost = "internal.kempkens.network";
extraConfig = '' extraConfig = ''
set_real_ip_from 100.76.233.31/32; set_real_ip_from 100.108.165.26/32;
set_real_ip_from fd7a:115c:a1e0:ab12:4843:cd96:624c:e91f/128; set_real_ip_from fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a/128;
real_ip_header X-Forwarded-For; real_ip_header X-Forwarded-For;
''; '';

2
system/nixos/anonymous-overflow.nix
View file

@ -39,7 +39,7 @@ in
}; };
services.nginx.virtualHosts."overflow.daniel.sx" = { services.nginx.virtualHosts."overflow.daniel.sx" = {
listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ]; listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ];
quic = true; quic = true;
http3 = true; http3 = true;

7
system/nixos/atticd.nix
View file

@ -39,17 +39,12 @@ in
}; };
}; };
systemd.services.atticd = {
after = lib.mkForce [ "network.target" "network-online.target" ];
wants = [ "network.target" "network-online.target" ];
};
services.nginx.virtualHosts."${fqdn}" = { services.nginx.virtualHosts."${fqdn}" = {
quic = true; quic = true;
http3 = true; http3 = true;
onlySSL = true; onlySSL = true;
useACMEHost = "cache.daniel.sx"; useACMEHost = "daniel.sx";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;

2
system/nixos/atuin-sync.nix
View file

@ -19,7 +19,7 @@
}; };
services.nginx.virtualHosts."atuin-sync.kempkens.io" = { services.nginx.virtualHosts."atuin-sync.kempkens.io" = {
listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ]; listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ];
quic = true; quic = true;
http3 = true; http3 = true;

Some files were not shown because too many files have changed in this diff Show more