tanker: init system and consolidate attic and sail
This commit is contained in:
parent
d5364960b8
commit
72f8352b6a
117 changed files with 854 additions and 738 deletions
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -1,10 +1,10 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g U64tjf5zAbKc75lCbHo62p2KNcfXQt52yJHiUTpJg14
|
||||
FeiGVg/RnR29rmqE3Xpy4eMtsp3IHoszyxjSsOxa/Fs
|
||||
-> ssh-ed25519 1fcLUQ rIwdZ+Y34BAgOPpxgn07Y12hfdZ3WgYZSFFA5vzbvE8
|
||||
EdbSNo1esy9Cswpam5sdgoy0gEc8HkNociwsYpiUqcI
|
||||
-> =P.Kq,e;-grease 4/;kU&<q R V
|
||||
YSXJcc1Cd1KRqZVqvg
|
||||
--- GLXAST4tBdr8sc/uxG/wqn4C+YQOcZmm1AuqQOddUvg
|
||||
‚Ë#—_<E28094>[€Nò=R—F ŸR ÈjÕ°ÐÇæBkÓ3~º}´Œs<NgÆ
7©t°Öœ
|
||||
•æPDîÉK¼ñj÷ëQ<C3AB>àXŠ´}*¤•%‰®ñ¬éÒ×É`üêb‚Í‹>”E¼í¦äÎ@ïAÁ)r`,ËSFH¯dºÏìÄZ7%æŽÇ2E7@‹2]µP\‡c
|
||||
-> ssh-ed25519 MtGp6g jHQlphYRDC9XoEGaBEMVkt0Cudd4LcOKt1T9sSoT6QY
|
||||
uBnznP5KOBryzJh+0bKHhhk4wNT8vDKZyh3qpXLI+U4
|
||||
-> ssh-ed25519 1fcLUQ suONNORdjKzdUCPau4nUG1L0BzNHzT9eQ669eaZP5Qg
|
||||
5F6Zp8vf/NsCRThnHNOpukBGxstpaHErnzHcOGJ27Oc
|
||||
-> 9N!KJ-grease F(!,53 "CH3^Xe esi
|
||||
cpdiFvK9ConkBNLPhy0hWuhJguPVmfLCL7uWrjMeJMThGPp2nf40ksnzDtRCVGkx
|
||||
3GSVg8BaQEXLAY6gYjCdr6jlyw
|
||||
--- ZBIcep+gXp2+AGh5wc101THkQ2eoSN8UWroyEbABEeQ
|
||||
3óÄ[¯z±j¸žÒS¼$»³<C2BB>nÚ”c@ð<>h¨=·]¹‘>Um¹PçÞ•?_€[z’«!g<>
¶˜Rª€©¦5ݲ"âÂå¿JÕ®ªT'ÛêáŒä®º«J—Cçî(^Èý…%§e“²†‰#Ù™åSÅæ{…Ë»úAÞ0¨¼çÎî¸Í}wò%D€éd]
|
Binary file not shown.
|
@ -1,9 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g DslZcdbEJXsgQOXutAA28YdnuVEiPLNxirSYMAD2FEk
|
||||
ODkI3TL7vI0IV/MSVWbS1D1wsjn08bzxTkBtMcC2rdU
|
||||
-> ssh-ed25519 sVf6CA TSOraE+TswUinNv50TM9Lm9oLLxtqNAh82c/MAdBgRg
|
||||
CB9r0e4VHevtDQL/3xNg34/QSCImVk5tQATVXQysOqc
|
||||
-> 3ZTo(g'k-grease c <] zy
|
||||
+jjPLQTWp9/HOKUk6IiSwgbUVWDPcPa9tONiUweoYYWPnH+bL7mATIOaS34/PA
|
||||
--- 90yUb8QnWQu4fS9C/ZsxhBwYnnU7fhE1KetrVeP6jBQ
|
||||
pu''-FK$Na:T·XøQ‰A¨Ž0Õˆr<>!Ýe(€²e²ðó>9ª”ê¦ø<)¼j¥@Ñyª&– Æ“hkÇM"ȼ4çߘu:ÙÚDµ®§jû¤öðƒŸY
|
Binary file not shown.
|
@ -1,21 +0,0 @@
|
|||
{
|
||||
age.secrets = {
|
||||
user-daniel-password = {
|
||||
file = ./user/danielPassword.age;
|
||||
};
|
||||
|
||||
acme-credentials = {
|
||||
file = ./acme/credentials.age;
|
||||
owner = "acme";
|
||||
group = "acme";
|
||||
};
|
||||
|
||||
tailscale-authkey = {
|
||||
file = ./tailscale/authkey.age;
|
||||
};
|
||||
|
||||
atticd-environment = {
|
||||
file = ./atticd/environment.age;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,10 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g klhDMFv4exDFJWgCvrnOKuq94w+BNW4lrs+Z67zmzGg
|
||||
eTkqX6c2lbR+olFS7M7YDQLSLav/k+UhEW8Zg5fULFw
|
||||
-> ssh-ed25519 sVf6CA tCvlYnJONVV9QTb9zAUPT0D8EEkCCqKGfoF6+bOT5CE
|
||||
2L+wcL/c2tw+19RykIUpFzrjtaxzmsOKinCgnWYVf0Q
|
||||
-> s}I~&9-grease \$RX.n=
|
||||
JH5ASx5rlWPLH/abJSr8o0QI4e17aK1HZrQQKweMEsoGXA7POgbUiow+XBt+MP8/
|
||||
PzKaC14zI2mTEzWiQvjlZH6pUnGUQkGE5zbxouWR3ovQVk8JtclO
|
||||
--- 5My3p+I2aFCfnzjU1oC5Joc9Q4/k2bCNZv7Ilj/h65g
|
||||
-!×i×:¨«é
<0A>mK}Ç“mRPú¤T© ð™*Ÿ[¾XüFÑLÝú€Áã,]׌åå´—‰že#4<>z¡xkE¶8ŸÛ'¦/ä OGAÏ×;ñƵÈ<C2B5>Qí
|
|
@ -1,10 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g LNOEk3AXwGl658cTFbFvoICbrlhAIH6DILIh+Jc5knc
|
||||
l7dm0Q4Z8GwFSzvoHf3LFUerYBXUeps87z69zZk3+tE
|
||||
-> ssh-ed25519 sVf6CA JwHPawkaLzeFIvtj5lC4evUdSLFXfBlqiRqGhi6mcR0
|
||||
pQP/DXnLaxNocMVok53cWGbAgvS/zEbS2uxWX+YvVQ8
|
||||
-> k3jDW:F-grease
|
||||
ORZpRxVBdQGP1F+Zc+tsJP5/ccuQLmYEeB/i40kAZTcgeuPtN6HRZ9DfqsjLhwfx
|
||||
oAPkZDQ
|
||||
--- vvt7wsQx4VSYTSF/K+Gb4tGIpI82G91olEaqUvm9gxM
|
||||
±<EFBFBD>ù´Ó÷&#¦§ôé¾barÆyÇ.”x“”€ÉH&y¥¡Wàô‡é
õ„ý(¼Lã§,:Ý‘õ²ÏûîzK}j8|ç›yÀ»›[çXÁ cÃðÊõÿÀÙ\ë?¥·³Ä%j-ûZÞÿÔÉ•¡h_àÚ†^úÔXNõ‰BÐw˜<77>œ‚ìÔ
|
|
@ -1,10 +1,9 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g kw/hxMdmfaeoZaZuzOs6D6NQDg0uw0te/xIC1ig0CRQ
|
||||
75WtQJ5+yJae8ggB/Lc7Ojsf02zuGUtFmjbIrmn9pj8
|
||||
-> ssh-ed25519 Y94Yig Kole+FkRwVj74aP/M86s9gT8qNnfXSj4fVndlkCSo1E
|
||||
0Eg9XeabpYUWsZ9ACxwAshpClrl80D+vvpFimAPbIP0
|
||||
-> MWBvSZ-grease _
|
||||
R7vhLfAa1heAGRRBqKbgob3fIml3HEEoB2soDw3NEU25qvqVmrGq2K7JQPmmh3vR
|
||||
vWfDK6j5dyIGZHxaSElWTkL9EbFCJRoTJ3YbfAkAQl0XrSc
|
||||
--- 7HsStyCAvdGBkspUWV3Ncjn/5hst8LxkBCBn72M8kR0
|
||||
•üMÕƒŠü‰…=ö#Ïra5‹Ö²f Ÿ ´,ejº}m5Í ÄNBpÍ(l4nº'Ý÷ö¨æ_È…Å<E280A6>> þ:Úv–->‚ï…º$96G™&˜8ûY͵ASâÉâ
|
||||
-> ssh-ed25519 MtGp6g m7rxbRakBZWmaDl2Ze2yH1tKyKsAFjxgiNwBb0kff0k
|
||||
RYAz9tkDi3JjRiA5y9ppG4kvT6rHMdwWsFCGgq37quE
|
||||
-> ssh-ed25519 Y94Yig c5z91SNovAll3sw7RPhoxqKUVp0sV15tsw1161VNZiM
|
||||
ksoXSV8jTJerNpLwff9Rg0CkJOTUyjRQ+o4Fj8XwPAs
|
||||
-> 3"7-grease Wv:?HV F}vV``\{ [fQg-^d
|
||||
XOSM60qDImR1kqTIyJgCflATN/RgvOo2VgTo2Ndaz2+yFLDLGcmvBTrXMw
|
||||
--- RIRQ4Fy71E6j3bIE9m9tEQB5ZZ++AnBfGMDwPPng73c
|
||||
Á‰zC]~…KÝïˆt,?ê2áT×<54>éÎòN™¹Û\r¥íÿöº¶æ©øRݯ͗}döÖ¤¥é¶!œÎ3â}€ÔbÉ$Þ8
d(°0‘&<26>m`<60>ñç<04>/3=cíò´þ
|
Binary file not shown.
|
@ -1,9 +1,10 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g h74pL3awChmTkZzkbne2+rzjNwk067747QW5Z+6yUhQ
|
||||
7Xtv1G5K+t2tKsByHiVz7nmBEMXAzeznrNd1XeJr6ls
|
||||
-> ssh-ed25519 Y94Yig +Tf9z/WZbA5bgQ1H8R5QZRB6OnUq83xM2zDAXXBLjWU
|
||||
wYSY5rCQYWXFPWVL0cCLcFOLAgisq+5L9LI9RyUFM7E
|
||||
-> 0e-grease LB fw E5
|
||||
YA
|
||||
--- Sd0E1+Qg5kuFVEY60MlMux3HCFq2T+Qh+oWQaMnNc1A
|
||||
WùVCOsåΫ3Zܯý4dwþ0Aè‡vºH¨ð[´¹’Võl¼O~fÛ±O᪷úº¦jY/Pwx]ì+>L<>ydz!ÿ-í·MJ`iFdš´–î
|
||||
-> ssh-ed25519 MtGp6g WF7NACS4+2IWcLmDTjbiXQsI93ZUDUeofMg6eYwXyRM
|
||||
xy71RLaW5MwZU69EP4A4x9SSTLsv2vINzdjPZbHUJ+8
|
||||
-> ssh-ed25519 Y94Yig nCe73IOsZbRmWpGBAg26zTkTP3GC3FnpmS7UujJkTyU
|
||||
kY6qLgHIH+5bUTKDTqcak2r2l15XNJR2Hm7uCk1OxGM
|
||||
-> F>J-grease @@cdP
|
||||
NHDpMlW3kAJD9b/YgQkciZs7IILSWIFi0LY5L6j3IaQp1QTU1xQRzGs0QpH2jYCs
|
||||
6UIr2dIfw/qc9Q8IGeOYJvHXfjtw
|
||||
--- l+vCsTsawEm3J0DqduySW+9k3YMqa0iSHMoo/7Kk9xo
|
||||
i(èA]÷‚b ÖÍ“gônÑ:
#|<7C>=Kcµ4ƒ…¥ˆ „Rê<52>X:‡#D.~í<=Ës«KžËÖbøþ>ž.À¹ˆ]"ãôV$<24>C廊(ôÚ͹Øÿ
|
Binary file not shown.
|
@ -1,12 +1,10 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g uz0oiP4HsWKnBVTsigSUa7/2eZ0Tz65MGKeCEw8dDBY
|
||||
oXj1IeJXnZdAd20pPzQUNi4KfI3XGVt0NfXp/PMPfsM
|
||||
-> ssh-ed25519 Y94Yig avWFRpAb+szO9DakgpIFF4kjb9B4dut1wMv/SS/0KTo
|
||||
jPxw05Jj6bf4OnjqxHMQnB61p99UWSVWzH1xNvWCMTk
|
||||
-> +UJT-grease J1?Z{u 2[~S(c g,$
|
||||
vMYK6xvyUQPaBDeLu+DXdUOKVu1eTcqpvFsjDKa5XEPd6yQ
|
||||
--- 2UKtiIzTaIaajjEbFvdoVCvzWCymjjy2YYW/N5sNIxU
|
||||
hšÉeöhTÌÌÍŽ'(“ò¡ßÑ.„Ê^ÝäS›5V©{Èw|œòᘖ˜_Ij!QsäkO
|
||||
ÑãN/Ü”}…¥Å1ƒŒüÄälj”238©xμ¯ú º\e¿¶<C2BF>L¤ÁþA«@œ‘Ü>Ë!Ùùøß›ÿT–^CJÓdb1<15>ï88<38>pTó
|
||||
ŒNQ:è`}óëê™éˆ:Û„E®Æch<&è2ý
|
||||
£+Ðìîçüøâà'Ƥò:ü<>‹òNs¢b;Æq”µŽ3’Žkp<6B>«&
òÛɇÅü<C383>Ó²‹Iù\ÀAGŠUá¤`,Þ†f2dÿ#W<>Zò(#G±Ù±y>ÿ!¼&'ÏS7NÈsc§MoÓÌ*þAú§,<03>A÷M
|
||||
-> ssh-ed25519 MtGp6g GW9N5T3dh0ptZ/MfDX6J2XAK7wXEdUNsmnAd3eSP6mc
|
||||
24XiI6o1aDyczMgfNR8hLszZXALvaD4nCV2lcL8Mce0
|
||||
-> ssh-ed25519 Y94Yig sHCIlqEqZ852T3+rMZISdUfFGfP5r6QetoPH4iSA/zs
|
||||
vdSf8/l1hUq1s8uNQVhodlup94VbinbcPhw7jcrI+eU
|
||||
-> 8-grease v9^\c
|
||||
m3K3WQ
|
||||
--- r+JHLR8RENpeN8oKOotwOfNISdTntyK8u332xH1jToA
|
||||
^C¤Ë€6‰„Øìü‹;³€ÚùË<18>-@t¡;dò¿ÿ`åÕfT@Po«WȨÐB oàÈH¯¡è‚ È U<>ô•<C3B4>=¶¢œ{‹L傤JsZ%vîá³ùßø‚ÜÀÒÂQè|ÿ#'ºzÃóïðØVåMÐXK’›WЂÉáyÿ6BUå~}Æ'ßc÷𞯴“H*íäÝ‹¨z
|
||||
t‚ü<EFBFBD>Ùk‹UÆ&EYý‚èÔ1éÜj„`•î³|NmïÑæ.G<>$¯ Š}A³X1ãÕÎîfÕ´Ù½'Ûá _¼þñoãµî@uÍ“4žU;õÌ–¥Hå¹}¢ŸË=~Ýép&–›”Í—O;á…\½½SdëÂÎ\0ö,´N<C2B4>ÞL‡[v
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -1,10 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g /0mUj2HFKLDNi68WSNo7AUzVPzYo2P6FYL7s2wezywk
|
||||
axlQ+U9bJAws8svdsQ2yrEhpvrgjmvukuAPjpr+eJc0
|
||||
-> ssh-ed25519 NbV4hw 5xhDSZOlPky3UvTHpznrB8AqQjyssU5HJqEpoGQ0wkw
|
||||
N+XSv3maCLpMu8bEawrk7rUk+ZimKJRJKbrePUcsqOs
|
||||
-> e-grease `*$0X[e 6)& M3<a2_ lstkG
|
||||
rYBL9bPjctGG45xU/OfmmJgKcOKflNBE61tjH17IKaT2dPIMYXzNTJ5z7jg5NSWH
|
||||
q9ECE1y9Q+o
|
||||
--- mE52mLHBr4dAn+4T6Sg/WCdn2jtfDUlhy35sWzB/TUY
|
||||
a}>nc´<63> À[r¤HŸD2ŸË¾\v§étahX“3Ü(ØP<C398>&ï5 çá¸!<19>|õò€Ë®`nêÁ•LtÅ_LVê`nÏðå,Ã`X_¯+eÍ… EÕÊ[mO_‹×˜Î
|
|
@ -1,10 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g j+wWxN36oq1/JJ4TMfKhe6QrKE5tgFz0dI/wwWCun28
|
||||
tUt/rdrzReLpQj3RkxYcF9HoE42aeHsYIaIMldaNTxk
|
||||
-> ssh-ed25519 NbV4hw 2O3kiqwJx5gWymqQfigGtUJ3IldVBu7JGGzktAS0yxU
|
||||
own6iED8pE5xCw6zDnF86udNprBCQUDebIMxCqo33WA
|
||||
-> a-grease 7 =QE
|
||||
oGBj3oq7WxxKpkGWpsuGJGtZasLHOQ6JH2JZnNCzEy2ctYiTW87vVPsFTGDdUWsP
|
||||
7C8
|
||||
--- 4hM4yp5w5eEtln5zvu2dXeTND2XAYcxFonWcDLdsU4M
|
||||
¹¸(¸uÔ·#…}£Ò1ñ‚bCø˜r}ͪðãFÛ*‚Ä#<=¤ä<Šõ–Ù€bOCo<C2AD><6F>WðÛYÒâÛR@‘2#Æmõ¿ÍÖꜵ¯Ówܨ\aøâý8ÌvV¦‹Âîa«±{gó”ný#€ínÆÍNñçA~wÜÝÌiQ<02>š|yý”Ÿåð…:X£Ÿ‘ô6oî
|
|
@ -1,10 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g 0hWrwfexWC7VgGb6GGZi7hbACRDxYRNXlsFrmXAIEiw
|
||||
QcICViQGVktlUalatvBBHD/H3uASbcwK9SCO5F4xbQ8
|
||||
-> ssh-ed25519 NbV4hw oFVVxqJeZjbmHkSLsg96kCKgARheMYkvJf1pKMSUqn4
|
||||
QT/d4FQT858lIqrNngI0xOT7pLlJVn64VIEhSeoYcEg
|
||||
-> D"A\4L4-grease TiT>[b%D #aq q[;-n EdXt&&Y
|
||||
5EdxN4sgedRoDPWsWFKvQjHLLyagraSy/GQP8OhaZS0Litb0ipxgFIoheGDNyyX4
|
||||
HJnXx5SQ/hkVuyMv8HGM9GwFRHodDVdM9w
|
||||
--- nJbxhp1UbqWzLvBTiZDS4nIV7nTIdA7oS0wC2nvzEl4
|
||||
¡9ˆ%PtêMŒÔ±À>0ÏYPEƒ¢³LØ{.<2E>æ<>[·>Тíï<C3AD>£×
Æû¬Õß¿*Y¹Š ¹³‡ú¶ø–¥4–†·n)Æ §ÇIK80ÎÉoðiãƒüiG2€ý–klþhíFÎÒÐîà@ZÄÜëMôø%•úÌR¾&–ÜV½«îœžA¶KUY ú|K<>nkÆ%™yk„®þ½°ËˆSÇ®ÕC>=.ªÎ•d!^ÓJÒ[ôz°5›ÔÛyÇެѮU=Å÷ÄiýS¤Î-/½ÒEÖ
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -1,11 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g BHVqOYqAxl88lFQQs1D2oxHAuZ7E4HSAUlZysn9kmQs
|
||||
asPKs1JpbUk9gfGbZOQyyT567c+XCMSrM/JizXVgGj4
|
||||
-> ssh-ed25519 NbV4hw eCuSnWhbg8swZtNMZIirU6sri3Hc5+5rLQi9DUI82Hs
|
||||
mAjvnx+NybVEh6rN1PrBXZgVp2eMDCDU6pm+eSALehM
|
||||
-> DtQ5-grease @$2={ Y' !Qw6C
|
||||
ZVoPVcXGSqGvwFlT+L+OwDGus0Au5sXx2wtESOpzwEgImUndNxzgARLAuO+oOzX/
|
||||
722ju53IqUGnvMh5IybU8suMm3R1CBo9FoL5Vc0MUBQEp+kHG4UbCU5pjkLld1a5
|
||||
|
||||
--- zew38IQLg8t/0n4Nmf7PpEI2uACfZdbHZDrMWj9v3PU
|
||||
(ƒ<`•ÇÖ£
fâ%/Ç7ı+È?Š2¯*¯
j«=g”[Â<> «8?ãœÿ¼|
|
Binary file not shown.
|
@ -1,9 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g hsE2kvTf8occU2CJg+Ro52qm+ec1gNxBoQtCeHzZflg
|
||||
b85OF5ipJIYlBOlgpUqNw7XK/MB+Ftd4pHMqjN+ArGI
|
||||
-> ssh-ed25519 NbV4hw dYum1uJ8J+Nbrz2UWZiijdJQ68QEac+NS9YM/h3dj0c
|
||||
5lGJ2SdUnEp01oTr/Hm7IEj/0he9be37RXxmaNsOhpY
|
||||
-> =-~;<1--grease Zhb7zWk ]\1S-]W 1!$YB[ UM
|
||||
urANgmNT3fiJft53WEhRmALdnBMcU2f9hjGfYrmBduXQYbqF50EUCBqLt+3hrmw
|
||||
--- 3QCLu9/P+Dyvd2iVSo7d1fO0YC5D0gglZIFYIDrMGV4
|
||||
És`ËOâ<4F>âÐ5m‰Cy)ÅÆÑg„Û¹Û2ÜßÍFG_Ü8h$Öz«€àÇ¿J©ŠS†kO»ziL¡úR·EŒdœB
ƒB ,47É*Sj<53>$Ö'u#%½<>cª‹ÃŒí#«šåRöà®ÅnסNÈBbØÀÜäß·©«ç3È<'s>ß bœÏZô|AÅíLðŽåUõlCÀ{þ)!£I€
|
Binary file not shown.
|
@ -1,9 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g WRjFU1vNCp3fBfPodbmlRG7C6T7d50mfys4BZ0y3YVg
|
||||
k9gVyVKqNKHUSQrwjeWmHhUYISSkLPE/gfxNfRODxTU
|
||||
-> ssh-ed25519 NbV4hw zQI28bXO7mBOyQN/iAaNCn2fwIFYFUWxPnklPa/MtGY
|
||||
Hw4rOpcnqBjwNQ1wvozrOvNMGvOnc7QhzZMbmXI3Yuo
|
||||
-> jAN.9BRS-grease
|
||||
dodkWJOX+0qm9jAT2fKStatcnhWBou+wo0Ytjha+w7ouHGk
|
||||
--- E5w5Suq/PqT7b9cinBgU/GzEJTGwWPoULqFe4KkKjAE
|
||||
éÑgÞ$Éâ/B[WÛ%Ð3{pÌ”0:cAv‹ÆÆ;
&Ûa·#{í—rå=“"鎚ùÊÜ¿Ly±_<|øP§KaAð!ÁÿÄe¥faî\žlãÌ
|
|
@ -1,10 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g pfAwifbGls2XDS+Pn08B4B88XgB3DgizQytPLURZlVI
|
||||
/f/CEHzojiwlVnA8mCcg8JwVAre419Sudk/MMJYOiO0
|
||||
-> ssh-ed25519 NbV4hw 8DaGuQ9G6cZr9GSlqMBlHoTk0HcOKlmVWzz2ytvGB3I
|
||||
bEEtNtIPiS2RdxwMLhNVU4We1+gf1N6bL9f2gjS1wVA
|
||||
-> Em:17j-grease G1mw> $hkViHO
|
||||
0StibfZj6Bt54P+9csvjWxHJfPaTL72gK+bnmPVDBUNsTAXVwoO6Ed25t0LwsY5s
|
||||
PbnGF3EjbMba6/lte1aDS3uaWqUcx4OT0NQ3joF0je10m5gPd9VptKKWSEg
|
||||
--- zHAFp0QAwZsfUf8v+KIqSHo2UutjLHqm6WGXqW2iy9Y
|
||||
_›a<EFBFBD>ü*bKÌpNiù Î’ÖCšN9™¨‘ÎöóAŠìl¿<6C>âáƒ\g(bÁ-ž‹WB±uq¬\¯’<C2AF>Î<EFBFBD>÷šìpé<70>fñ–,À£þ)
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -1,11 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g Sk2HTzPviEFNJaD/G4FfYC1bv7aH4fQbEoEdvI/PMUo
|
||||
f0lLi1o/RyadEbkHbXjpxzbuRT0WSMM/ZVM/eT3J6tk
|
||||
-> ssh-ed25519 NbV4hw TAR37t4C167S7DhZSJnRjV6YUtRCiXFI/ISMdT9rhVU
|
||||
rn7TyQNB2oXlns5NU6DwHMVYCBFp/vKFilc7z6FDrss
|
||||
-> ]-grease
|
||||
RmlKK+z9Gjb0eNJ3GLbC9DjuX4Rvj/aq6w
|
||||
--- sNgUQAHFGfm3s3cK7GnUeLWfmDuCgNIsJ2Y8uKDSuvI
|
||||
&ÚW¨Y]*t:Ž’ŽJÄV”áEøîö(˜¨ÊÅb¦Ê[. ¹³$y’&
=upBÜz§ãm™âãW¿
|
||||
ª!>šŸýÑx4
|
||||
IIü’QÇ,(¶¤7xõS
|
Binary file not shown.
Binary file not shown.
10
agenix/hosts/tanker/acme/credentials.age
Normal file
10
agenix/hosts/tanker/acme/credentials.age
Normal file
|
@ -0,0 +1,10 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g L1q+qwfU2wkTEJlWOG5vKlGBMHhI4b/U2M98R7RL5VE
|
||||
m0NQP/AqnP8RDTxxOoVW7/7K4yRmFIcVxc1100Qt3Do
|
||||
-> ssh-ed25519 iO8/4g ejCho6/w8f2gCYe2aRkIzpnSwWIG7JMi9z2g+4epOnw
|
||||
W0NXnwvDegpCAdaT/e1uvIlPGO+QtseVijF2OcWm9Nk
|
||||
-> h#U-|w-grease cT:yCeNj urp |i
|
||||
uUcVWPo
|
||||
--- aKA2jy1cZi/x3Ubt74sgZEiA7xxJiTOhgB6ZEAWvUk8
|
||||
nýş¬§›†@°8
8VŚ”©Ďš›f±äĽ€Ž'ř*L<Çu ž„ĽÇóĽv}<7D>§yîš
|
||||
g÷_ĎpČ}ç áV‰WtqE.č‡i‹ćÜ÷Ą¤đ(ŚŻgćňi$ë*D
|
10
agenix/hosts/tanker/anonymous-overflow/config.age
Normal file
10
agenix/hosts/tanker/anonymous-overflow/config.age
Normal file
|
@ -0,0 +1,10 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g wLDb226kaMU+cwnasBSt4+lOgR62PlOP9sZ8LFl8li8
|
||||
NBJZZebrSrW8mnyFg8QzzyJWUsqd35q0YJREo/Lgugg
|
||||
-> ssh-ed25519 iO8/4g zsFAJQKm3GmsxBKXNSgkyA/gI7LMYnG4ZVNdftgZjmU
|
||||
x4UbQjPbVEiPSpmsD8BWY/Siakx9xCXchtc/+KsjC4E
|
||||
-> NTcLv-grease w+P{u0@8 zKRW+'Yw H1g \
|
||||
7ezW+2UuxLjyPy/ApdJULZdkjoX+d8Qxo5nQRvS+CqvfJzwnqiZWoRc3c0DAPaRO
|
||||
IybgnfUAXGv0RO6BRLFz7uAHchlx4ifSsjP91X+DuT5i6D3IagFk5IUC9enwdFc
|
||||
--- 8cajqhgqHoalzZFfzdV4io6/BuXA7t9obNkeMyzBwZk
|
||||
…ùS70ý¥•öSÁÖÒ(uúB}Â$2‰ö܃ި;îßoÝ|
„ÕBöŽŸQÿ¸¯¼Úï*<¿/½ÌþצØO¼Éü=“ /®•z«y…!Âisž-1Iµ~þþÏKTaò˜’±w4Gò,¨ì<C2A8>v5<76>º²‚pAìöpÐóC];÷„[Í4*Ö’ì!χ0¯¬Fˆß
|
11
agenix/hosts/tanker/atticd/environment.age
Normal file
11
agenix/hosts/tanker/atticd/environment.age
Normal file
|
@ -0,0 +1,11 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g Rio2L6qhE3HLAxtdsf5aDXWbDowXsR74H36HkBRY1Qs
|
||||
H36+ug7qZlnWks0j4rxhb7smuaE+fvJzrYYfYKz9VDs
|
||||
-> ssh-ed25519 iO8/4g qHBdGD/HGzbFqvXL/KuPwLUg30CV/26KSOREF6qHpB0
|
||||
N35CMIkrxCPA/l4G0CqaMD7hjnvUgXLVI9vwvdvBCkE
|
||||
-> (-grease @V D*c
|
||||
/zy4Ks2tvL+zUP+eL+2XXiqxm9wfCbv8iExB5sq6AHnvjPecoh2+
|
||||
--- /5TCNr2PFppr/TtIPsSxkzyLtEzku996EiJ2AiULda0
|
||||
%ä/…fØÌ&Q2‰…nL`ýc:÷ªmÓ¾~eIÁžó “u<E2809C>9è‹ËS‘š
õÐÕÓrt4À•S@!“ÁM‰´Â84ÊÅý'”<,?f¸È-ÕáH-7f(T7Õ}
UÍЛºvº¤& L³I ¿ÇÀœ™)Òˆss«¤C›<43>mÞ«[X5¯ç½˜•EÕØÐЯ£pÍúÓZ¹B(÷ÃA÷:_°\¹Eë2h®ÊÒ—JµØÓ4Hä¶BWK\h‹Øªü¨0¡«•À¼™9e;ñí¤¼»ÊìΤ*PR+[ð50KùEu¸`{4œ45ÅÒ1&‚¬[°“@„çÎ4TL|Œž%4üñ]§‘ý
|
||||
z†<EFBFBD>ÔcDüœ8:ƒÌöüø„ÛýIç:b.=†Z0Ñ:Oõ†ÛKÞ%>sSë=Û-(W±Ë€/Ž–`ÉŽÅ<18>§k±Íü- Uun>Ÿ>Œ,ztsPõ”æ‚}EU]zî
|
||||
<EFBFBD>»=ù¶·›Äš6î_:
|
BIN
agenix/hosts/tanker/atuin/environment.age
Normal file
BIN
agenix/hosts/tanker/atuin/environment.age
Normal file
Binary file not shown.
|
@ -1,5 +1,9 @@
|
|||
{
|
||||
age.secrets = {
|
||||
user-daniel-password = {
|
||||
file = ./user/danielPassword.age;
|
||||
};
|
||||
|
||||
acme-credentials = {
|
||||
file = ./acme/credentials.age;
|
||||
owner = "acme";
|
||||
|
@ -10,6 +14,20 @@
|
|||
file = ./tailscale/authkey.age;
|
||||
};
|
||||
|
||||
atuin-environment = {
|
||||
file = ./atuin/environment.age;
|
||||
};
|
||||
|
||||
atticd-environment = {
|
||||
file = ./atticd/environment.age;
|
||||
};
|
||||
|
||||
fedifetcher-config = {
|
||||
file = ./fedifetcher/config.age;
|
||||
symlink = false;
|
||||
path = "/var/lib/fedifetcher/config.json";
|
||||
};
|
||||
|
||||
mastodon-database-password = {
|
||||
file = ./mastodon/databasePassword.age;
|
||||
owner = "mastodon";
|
||||
|
@ -52,32 +70,8 @@
|
|||
group = "mastodon";
|
||||
};
|
||||
|
||||
synapse-extra-config = {
|
||||
file = ./synapse/extraConfig.age;
|
||||
owner = "matrix-synapse";
|
||||
group = "matrix-synapse";
|
||||
};
|
||||
|
||||
signald-environment = {
|
||||
file = ./signald/environment.age;
|
||||
};
|
||||
|
||||
weewx-config = {
|
||||
file = ./weewx/config.age;
|
||||
symlink = false;
|
||||
path = "/etc/container-weewx/weewx.conf";
|
||||
mode = "640";
|
||||
owner = "421";
|
||||
group = "421";
|
||||
};
|
||||
|
||||
weewx-skin = {
|
||||
file = ./weewx/skin.age;
|
||||
symlink = false;
|
||||
path = "/etc/container-weewx/skin-wdc/skin.conf";
|
||||
mode = "644";
|
||||
owner = "421";
|
||||
group = "421";
|
||||
miniflux-credentials = {
|
||||
file = ./miniflux/credentials.age;
|
||||
};
|
||||
|
||||
mosquitto-password-weewx-proxy = {
|
||||
|
@ -92,27 +86,6 @@
|
|||
group = "mosquitto";
|
||||
};
|
||||
|
||||
atuin-environment = {
|
||||
file = ./atuin/environment.age;
|
||||
};
|
||||
|
||||
freshrss-user-password = {
|
||||
file = ./freshrss/userPassword.age;
|
||||
owner = "freshrss";
|
||||
group = "freshrss";
|
||||
};
|
||||
|
||||
freshrss-database-password = {
|
||||
file = ./freshrss/databasePassword.age;
|
||||
owner = "freshrss";
|
||||
group = "freshrss";
|
||||
};
|
||||
|
||||
invidious-database-password = {
|
||||
file = ./invidious/databasePassword.age;
|
||||
mode = "444";
|
||||
};
|
||||
|
||||
nitter-config = {
|
||||
file = ./nitter/config.age;
|
||||
};
|
||||
|
@ -121,8 +94,59 @@
|
|||
file = ./anonymous-overflow/config.age;
|
||||
};
|
||||
|
||||
invidious-extra-settings = {
|
||||
file = ./invidious/extraSettings.age;
|
||||
mode = "444";
|
||||
};
|
||||
|
||||
proxitok-environment = {
|
||||
file = ./proxitok/environment.age;
|
||||
};
|
||||
|
||||
mautrix-signal-config = {
|
||||
file = ./mautrix-signal/config.age;
|
||||
symlink = false;
|
||||
path = "/var/lib/matrix-bridges/signal/config.yaml";
|
||||
mode = "640";
|
||||
owner = "1337";
|
||||
group = "1337";
|
||||
};
|
||||
|
||||
signald-environment = {
|
||||
file = ./signald/environment.age;
|
||||
};
|
||||
|
||||
synapse-extra-config = {
|
||||
file = ./synapse/extraConfig.age;
|
||||
owner = "matrix-synapse";
|
||||
group = "matrix-synapse";
|
||||
};
|
||||
|
||||
mautrix-whatsapp-config = {
|
||||
file = ./mautrix-whatsapp/config.age;
|
||||
symlink = false;
|
||||
path = "/var/lib/matrix-bridges/whatsapp/config.yaml";
|
||||
mode = "640";
|
||||
owner = "1337";
|
||||
group = "1337";
|
||||
};
|
||||
|
||||
weewx-config = {
|
||||
file = ./weewx/config.age;
|
||||
symlink = false;
|
||||
path = "/var/lib/weewx/weewx.conf";
|
||||
mode = "640";
|
||||
owner = "421";
|
||||
group = "421";
|
||||
};
|
||||
|
||||
weewx-skin = {
|
||||
file = ./weewx/skin.age;
|
||||
symlink = false;
|
||||
path = "/var/lib/weewx/skin-wdc/skin.conf";
|
||||
mode = "644";
|
||||
owner = "421";
|
||||
group = "421";
|
||||
};
|
||||
};
|
||||
}
|
BIN
agenix/hosts/tanker/fedifetcher/config.age
Normal file
BIN
agenix/hosts/tanker/fedifetcher/config.age
Normal file
Binary file not shown.
11
agenix/hosts/tanker/invidious/databasePassword.age
Normal file
11
agenix/hosts/tanker/invidious/databasePassword.age
Normal file
|
@ -0,0 +1,11 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g DZHI9LtTvwlKXyZw+fe33PwcgdWCze39MvWKKzkC8jc
|
||||
R7GgrTzyF96GSzCbKmgzlB1k+JDeW3NGbFMVaPIeOBs
|
||||
-> ssh-ed25519 iO8/4g cN6H4tPW2+D4WWTTontl6zg3IPCcOTqzFqDYQMJVajY
|
||||
Ewzk3VgyGJ18JyhC7WKA7PrZfmnZXfTHdsMPep9smKI
|
||||
-> ZOBXX:-grease +5eB!v) r#hU
|
||||
U8ClN+91QW5mEodsaPx77H/9+W58LeV7AQ/Mm4v1Z5tlLy8uHQKR1lVDgApow6mI
|
||||
EmbOatS3d62wpzz5Byd1n7acuORvgHkgFHhDWoOl6xLR
|
||||
--- BxssSHOarZtYmAL9w+3NqJv3j5VO8Iu/+npamK1ujPI
|
||||
1oUb$u}・% y<>ヲA><3E><>&s3認5_カ沌-Tユ<54>=g[jネ:Q+]q竊<71>典<1E>oヒQsテ棒マy
|
||||
ウLb<4C>
|
BIN
agenix/hosts/tanker/invidious/extraSettings.age
Normal file
BIN
agenix/hosts/tanker/invidious/extraSettings.age
Normal file
Binary file not shown.
10
agenix/hosts/tanker/mastodon/databasePassword.age
Normal file
10
agenix/hosts/tanker/mastodon/databasePassword.age
Normal file
|
@ -0,0 +1,10 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g wAwIsd2n0Fqui061boqUxqp+uMgqde27zPJeQohN5ik
|
||||
TvGOeXoL98QUyGJ0UrLB2nvqCe+nkmGtEHfvZ8DTJc4
|
||||
-> ssh-ed25519 iO8/4g mbpwuiAKbj5ZbMxq2cYTpN0pRt5qfFcwxZNjRvKXqkU
|
||||
bikCM08DQoCbocBWTOV4s5amEAO+gHlAJavfUWDMTTs
|
||||
-> pS6>-grease j$PHEqF mA0,x h~ov7sK
|
||||
ygTukhyfp8i8TJYCZpCSn3lIU9QS+6SN1BUapf0kYQiBU0mggnp6ywwYVf9jDOjU
|
||||
BA
|
||||
--- xdDdjEkcETSSFi4MPxBC0Ffr+ToRplrry4moUEQMQpk
|
||||
>^m/タ・ゥミ<04>0賭、7\シ曙ロシン"5カ「B系‡r) 。I烋IF
|
BIN
agenix/hosts/tanker/mastodon/extraConfig.age
Normal file
BIN
agenix/hosts/tanker/mastodon/extraConfig.age
Normal file
Binary file not shown.
9
agenix/hosts/tanker/mastodon/otpSecret.age
Normal file
9
agenix/hosts/tanker/mastodon/otpSecret.age
Normal file
|
@ -0,0 +1,9 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g QRDjuTTTgd2UkCDITpSwImVEcUBIm7XI1IxzquiOHDM
|
||||
lPv5CG9xdqA3djkvEAn2Zzy37VE7mlir+/mi1AqALv8
|
||||
-> ssh-ed25519 iO8/4g x79JNsGXJv92vMQ0V7v14+yPft90aA769No37ajRZm0
|
||||
HSlLIdBxW9P62kRsfBc519YAxxlYV2kZt4rxBO99B8g
|
||||
-> {K-grease
|
||||
Awy+8DrMd7Lmbok1+tqlv5AuIWTiNR2UqwxQgaN3D2MuD+yzwA
|
||||
--- 1pwWY4vETJK5D6o7NZYLF9Uy2jl6N3F9/+8YtaUod6c
|
||||
<EFBFBD>M2ÇDx”AÔf€1‰å ¿+°N¦Ôˆ¿Q9ÔÖÝìèºÐ¹íU3õ° Ó0vE‚C¸ Ê™êo*iŒ©5vÁÞý“…Z¸<5A>-³¾ÚÊîÅi1¤Q6Ì%ųmß8>j.$SgÓÜ•í·Z3Y|e/Eƒ¹ù‚¾ J>Ju<> `SÂo
¨,D±»%æâ%M<>‰
|
10
agenix/hosts/tanker/mastodon/secretKeyBase.age
Normal file
10
agenix/hosts/tanker/mastodon/secretKeyBase.age
Normal file
|
@ -0,0 +1,10 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g JkpzXmNNBQMnFsTHq6LTGdqcnOuaoyuoHLEhZ1B1IE0
|
||||
48v3LSzdX0n6MKAyDFhKdTeZjzhmgW4lXOHX30oHNcQ
|
||||
-> ssh-ed25519 iO8/4g F9+dikSYBCq/mUOUrvoowMKRHvcI/K6XtSxlxtAMaU0
|
||||
b6Dx/C5vYNXdkzujLlnZQ3aEryKOrTRnUkn/0OIBsz0
|
||||
-> )sx-grease S SY71l?&=
|
||||
BccDaWVHeqAeMNWT3S+3X1sZiEodhot5jJPsGSdcBtOSy7+4xufrdX/B+z+QfuMo
|
||||
rIXGmQ
|
||||
--- 4sbs6kDby/Pt9s4GPe704cxmxYrYI2Naa1YjgMO6y70
|
||||
®ÜéÇ~&•<>*<2A>Ź’oí0pBÚgk>LíˇŚĂĽ%ŕÜÉÇáô›Ę¸ţ–D‚ĄžŚţAúĎ/}ŰÚ¶˝‰t}±ç_|ý} «ď—Áť±ůŚ®™ň“ĆvÎĺ
0yłăô$Ż©ÜjL8ĺ×´SMŻďs<C48F>Aý™•öú˝é‚‹ BcŠ€ĐxMÝŮŠ6Ănq<`ęj×;†OÖk*XÇťë¤@·‚XŹV
|
9
agenix/hosts/tanker/mastodon/smtpPassword.age
Normal file
9
agenix/hosts/tanker/mastodon/smtpPassword.age
Normal file
|
@ -0,0 +1,9 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g UYcHcYsaMBFH6RS+TBDpT45/3+eVVlRx/JVpXDvJdUQ
|
||||
QkdeRft5FX4kKRcGNZ+hH8sLuFcb2dQVFxiIAnDDJX4
|
||||
-> ssh-ed25519 iO8/4g I3VCKLLgT+V8ehWhvYTcEDyj5fSAf+rhcFOpDDk5RnA
|
||||
YnA8+ovbUDt7zsyhLiNYp6mBBRqmfdN3E/VAh/szdKI
|
||||
-> {xVn9&^-grease
|
||||
KVC2owNNTYRwUKb9qQ9rG9RFMn9Jve8DYbkt0ek
|
||||
--- ECbJ8V2BT+01+k0dMfYkxkyp0GMzrn/R1ZCN4Kd8DQo
|
||||
›Ñ<EFBFBD><EFBFBD>îR<>%˜Q¾óŒ¬ÇÊwæòÏ&V*½VÖ4~Âhä<68>uì\X±¦YÙ”iKkòsMýNíØúÓ°nð0(»êu<C3AA>'é{T7õ9PC
|
9
agenix/hosts/tanker/mastodon/vapidPrivateKey.age
Normal file
9
agenix/hosts/tanker/mastodon/vapidPrivateKey.age
Normal file
|
@ -0,0 +1,9 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g lQFP6XGVNeVhNW2GNvbhwB6Ioo1aGbSv1pTlH3oO3Hw
|
||||
J7YCjWhzbL2bvy6BYx5catINr2WCi/lg6XsfhPuMm6c
|
||||
-> ssh-ed25519 iO8/4g 5r2bAlPLqTbtNZsXz5Gn7ncrRtXGpunp2t/GwSmhulg
|
||||
4ydNTfRT0JDYc+iwYVDEdTJFoEiEifz6HxYJtVC3sn0
|
||||
-> gC-N|-grease
|
||||
xVkdxNoYdrK21FwLl6SQj4vuK2dte5l4
|
||||
--- 1cc/CKuc3QQVSA/7/Boof2VuaMMnrOH8TLZPIrzfa9s
|
||||
<%¡A»BMæÚMLx$€GÖþ4‡;Ù•Ÿù½öª#&{½ÞNcâîѦf@'p.Ó½
Á7õÎÍ;¥<>œš%ˆ˜Q ]EèT¬âÁ
|
9
agenix/hosts/tanker/mastodon/vapidPublicKey.age
Normal file
9
agenix/hosts/tanker/mastodon/vapidPublicKey.age
Normal file
|
@ -0,0 +1,9 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g U34DG4CcXltkDyCczpdzlk2uWF3tdZmHQvJz+VcC/mo
|
||||
PuUL691MRlpyC1QE86eciJmA+q5t9a7oJYzsltNJ/Cw
|
||||
-> ssh-ed25519 iO8/4g 03tbfcgMSrAWu7h2i6YHmmYfjJc84HMVznv+A6yW3Sw
|
||||
x14/IabzH8x1xaPs5gWsHjcik57M8GiOl8XSL+2kZFw
|
||||
-> y~qZ1RN-grease XZ
|
||||
YE8TxLeH4mXaJ/sYJdb2mr1olb69mra/IMYsnTsjJjxZaFQh
|
||||
--- u8AEpBN454GKBoXTo5LZfhT8O8NmMPoxZ2DoHRawVAQ
|
||||
Û_‘S?K qÒíFÀ9æþñ"wû¨¼m•8\<5C>W<ô¶M7¬?#Ÿ‡JCZéþÁ”Ì¢J
\EÄ<45>Ÿ-P<>ÂJ'•¯u§\ú²’L2<4C>žh¿ÑøæÈ·þ$nXŠAÿ<41>wÆð(þÂÉB²†‹¦Í¶yDè*ëxFS
|
BIN
agenix/hosts/tanker/mautrix-signal/config.age
Normal file
BIN
agenix/hosts/tanker/mautrix-signal/config.age
Normal file
Binary file not shown.
BIN
agenix/hosts/tanker/mautrix-whatsapp/config.age
Normal file
BIN
agenix/hosts/tanker/mautrix-whatsapp/config.age
Normal file
Binary file not shown.
10
agenix/hosts/tanker/miniflux/credentials.age
Normal file
10
agenix/hosts/tanker/miniflux/credentials.age
Normal file
|
@ -0,0 +1,10 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g qZGcazmYr0cVRxTug4vtakkBqgWm9QC5wQPVnLU5iwM
|
||||
+tKPQhktikJSIjzW/kcg+izEwJEY3z6gckQb3DdW5Qs
|
||||
-> ssh-ed25519 iO8/4g pSIzsTaHkoV9WAjCSJIAr9uRNuVTiPTnyacfylF1y0o
|
||||
oGXKk9SAnuUzGpdO5iOiaZvqtXmco+FAYIgyH89K+SA
|
||||
-> \@3Ti?[K-grease n[ qu\ 9?W
|
||||
7NfUxbNE7d9Om27ckTLpoqygnue5pR5Epu7QWoMaR4CZDQx0KfkeGf6EuCeybfcz
|
||||
6XSsjsAYkZDMsQXn7hMWiQ
|
||||
--- S6oZE6vH8A8dVnWOpfU/5vIGb0pkCueIB7soIj2SqwU
|
||||
–Ô´çU]Å×kûÐÐþ±šÉñŒëvXÇ™D|94|©†x{¤_öÉB˜ü<CB9C>¾r°ówëÒOë"”=eK°AâP<{©LÚÊZõN”%Mù ¢µ°t½Òôžè[ýÐDjEúrúgè¾
|
11
agenix/hosts/tanker/mosquitto/passwordWeewx.age
Normal file
11
agenix/hosts/tanker/mosquitto/passwordWeewx.age
Normal file
|
@ -0,0 +1,11 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g /XSuE5hFhZ9uikrpqA2Xg26QtfIKzj9DVTbtQpUMvmI
|
||||
/TwDUNPZLU/CDQ22FIl8CUDz2mxAjf8W0/nurMx4diM
|
||||
-> ssh-ed25519 iO8/4g KpdQeVMhb+Cm7JrndSD0PN7DGX2Z2DrEMUGdifQCehE
|
||||
s15SBfOmUDDLUc+Kg9Tk15lLISUqU/5OcGeV+LuKMR4
|
||||
-> z#6ki~-grease =f5 c/\1V4tV m{<_`g &=
|
||||
mY4q54CFASChkcQUH7ufRmNtUbBNquJ1BPUOVSl1GPWJQo4wLa4S2uVgzre6/JHM
|
||||
jS3wv7r2Qz4jyIlTJke1uhO4oMYr3cVKQYMh7pwjLIRUOY4
|
||||
--- jiSqygWYh76uBkRcxLVCIvaqwfmUbzpg3pJf06E6Szg
|
||||
õGCÑ<EFBFBD>)L#`]b`0½‹»Eæf‰ÍFO”™#çÉ×ÄÀ¸ìå£üÈ1Í3µ\&#žDî4_ g§DŸåøQ'7
^˜"<22>™”AþòvakÄUÔé€7ç;îÎøÓ¡¬;󑉰†Å Ä<Ðzä<7A>*5yê¡<C3AA>Æ&ËD6Q}•>#¬D ‚Ñ
|
||||
'ÝËg<18>¶ŒI
|
10
agenix/hosts/tanker/mosquitto/passwordWeewxProxy.age
Normal file
10
agenix/hosts/tanker/mosquitto/passwordWeewxProxy.age
Normal file
|
@ -0,0 +1,10 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g DDKoUegvH8ay9AZet7JR5Fm5rlLbG+J8M3S95FYvtlQ
|
||||
/Y+EVrGiGvLNXNx9auwYU3+X8sk7iwreBCq0FxznYCM
|
||||
-> ssh-ed25519 iO8/4g +OGDl9FY/C7bWx/BvsLurIlFfbcZ4gMTxwcn2PCuLRk
|
||||
jNPfr5GtIpjpPRVu7CTqKFr+d0iktmbsYR4mYls3lnQ
|
||||
-> VTq6sn-grease
|
||||
Hz3Jv4/CTn0KY0K+fczMLo1TA53IvBrbPuIpNLHUGu7lVE8jIaDMOTKIArWdbcrR
|
||||
iPdv
|
||||
--- pCIBj99TU5X4ZaJLTBeTf58TIXAHj3GP7P+AszQ3mfc
|
||||
Rš1Ì8M:ê^ºÐóˆ1zYq.~$ŽÊ¬ö‚kŸð
„ðg¡å—ŸQЉibYwïIí¨jB¤êÀ<C3AA>’uyWf$R´¦7™Ès'˜þÓSÊ2Ë´]ºò&rÇ $NÈÎrˆì•àçK«æ“ÕÛP›´^ÖûËoð ¾Ð½øɉš³3÷VCÓ»€§÷<C2A7>ƒ`3¦¬
|
BIN
agenix/hosts/tanker/nitter/config.age
Normal file
BIN
agenix/hosts/tanker/nitter/config.age
Normal file
Binary file not shown.
11
agenix/hosts/tanker/proxitok/environment.age
Normal file
11
agenix/hosts/tanker/proxitok/environment.age
Normal file
|
@ -0,0 +1,11 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g 0jnqFOQg3RhkdCG5+JjsKUcd/JE9fhzFDvsgB6fZ7R0
|
||||
KHrpFOnbkjbstLBgaFlLg7skOh7JrJPBlxerJ561unk
|
||||
-> ssh-ed25519 iO8/4g x7hvbSev2gbPawB/rma1sHu7TQEh7GZnD7EOzNdKDBo
|
||||
66lFTBhvGHoZxs9HadLktr8N0eJXHgHLctaV+ZqM+cM
|
||||
-> .,hk(<S-grease U,
|
||||
kWqF/pPUTMiUAwmX2tl7YRUfu5cnCWUf8vLpt0BJjOIUkY5wzUXpbPaz1vGDtTm5
|
||||
w0jLRJR8Mn1KzQ
|
||||
--- opbWo/5603yqmCX6olIgaiMo2qdgnnf18GJPXBWoo9E
|
||||
ηOÐTqTíÚKȼԴé01¥GE®ŽLÚ_°ŽTV¦`‚}«5Bt-vn¼m›"–PË}<7D>„†Ã?Xÿí^*Ü&”5Õö$ÌK4ÐÁ\Wäí
|
||||
Ö„‰§×¬ü¦È?yíQqÿfs;ç‹Ä:Vú_{‰ú‚“ÓYU.©²2³
úãNÛ¬× z¬G*ÔŠ<>[;aô® <09>‰¹û$´¨}W#Ó¬1sk$Áü›½<mêaV8´Ïþ×O`õÁÜ@Tð{ˆ¼ÚôQu€<75>ÈÔ$¦T•ÙuÝ?CÑ ·[µå3U¼Ñm„Æ°ù<C2B0>‡0<E280A1>–çSW9çîŠ|®S§† ºˆOA\œ€/áŠÜs®Í@•öiî¢ò‹NCˆí"¾x,Ø¢y¸wšúpæ¼ÓÅ<C393>Îô`K«G‹ÜUõ<55>IMu=J§õŸŒï³‡'œÙ|úVàøŽKß>…¨ìwÆú•³äE¤5#Z%׬˜
|
10
agenix/hosts/tanker/signald/environment.age
Normal file
10
agenix/hosts/tanker/signald/environment.age
Normal file
|
@ -0,0 +1,10 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g TjcF9u1gbYjURFImt7uh+O7hNw3E2pR6H/i8Xd90DkU
|
||||
wdeuBiwP0BTzMeVx+i7+jpWFaAW+dMnsXakFenPad/E
|
||||
-> ssh-ed25519 iO8/4g V/BUJLff8IK0g5UFXqJ5ftK6Fs8zpheFr4ETzKQd5xs
|
||||
0hzEB9qG6VX878t7tZzfjyH2BkgAhl+uDR4jX9chwgY
|
||||
-> g.G-grease X;7X` 3ecO{T|m
|
||||
/2RKLQzMCznCQXYnltmy7YhoXzHRJ4oxdArYCfQzJEcWDwy465xgm8EMNdu0mNA+
|
||||
O15n2g
|
||||
--- C896AcFfLEvwf3tcYqZP5dfPKFmE4oaaKH6KveEao6A
|
||||
'ř»{Ă3‹Ć*vřä–‹ůѶ4†ŻŢ«ÎË–<—;‰îQC(Őb-á`.˝goŕ ĐănČ˲<>:šľl0¬Ô‘ň]Tâµ˝ 2Δ*‡ěh‘ř”%Ýl<C39D>*WĹA Ŕü
O(ëţí屄WăRŐA0[“_HžCÎë6`
|
BIN
agenix/hosts/tanker/synapse/extraConfig.age
Normal file
BIN
agenix/hosts/tanker/synapse/extraConfig.age
Normal file
Binary file not shown.
10
agenix/hosts/tanker/tailscale/authkey.age
Normal file
10
agenix/hosts/tanker/tailscale/authkey.age
Normal file
|
@ -0,0 +1,10 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g 8/VvalpTjMjXQYaGZiNTJ/UyXXcgaaKXT46+sn2IuC0
|
||||
eH+i//7AQiJ9KSD8NUkAd6CL6G6wuPeWBYLaUVUkH1s
|
||||
-> ssh-ed25519 iO8/4g B9Tzo0djfjhV5wDj3i6JZseYJth+zIxkfbbMDuK8y3s
|
||||
Wgokb9VVhd49riNZZ1JxuCGX1MgwzGr1Yqju475U0YA
|
||||
-> 4S?&lGG-grease ? {z[+;U.< l8P&' !'eh+
|
||||
mEhY97w5jF9ubheu6mx4puGrqsUyPxwGLhiwMjr5YLLwR5Hnj9xRY40UHGdng1H1
|
||||
ssoX94PaJQN2YwwMSa8WudBhe2hAP7cWpH8tFMH6u/exmGO4UA
|
||||
--- x1cfStmTuQb1xfYJ5DazYeAhjA1JcHZJF7Z4dhy2V58
|
||||
Åú´ÌXK†eµtš0ùM(QiœB-7ÒxgG<67>NÁ¿ŠÀéBXÉ’ÿ\V†ÎØ=GfM§KÀèÀšé.<2E>$+ÿÂË'‹ØŸ;Ó€¨›ôdÈMÇrǯ¢H
|
BIN
agenix/hosts/tanker/user/danielPassword.age
Normal file
BIN
agenix/hosts/tanker/user/danielPassword.age
Normal file
Binary file not shown.
BIN
agenix/hosts/tanker/weewx/config.age
Normal file
BIN
agenix/hosts/tanker/weewx/config.age
Normal file
Binary file not shown.
BIN
agenix/hosts/tanker/weewx/skin.age
Normal file
BIN
agenix/hosts/tanker/weewx/skin.age
Normal file
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -7,7 +7,7 @@
|
|||
image = "registry.gitlab.com/signald/signald:0.23.2";
|
||||
environmentFiles = [ config.age.secrets.signald-environment.path ];
|
||||
volumes = [
|
||||
"/etc/container-matrix/signald:/signald"
|
||||
"/var/lib/matrix-bridges/signald:/signald"
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -17,8 +17,8 @@
|
|||
dependsOn = [ "signald" ];
|
||||
ports = [ "127.0.0.1:29328:29328" ];
|
||||
volumes = [
|
||||
"/etc/container-matrix/signal:/data"
|
||||
"/etc/container-matrix/signald:/signald"
|
||||
"/var/lib/matrix-bridges/signal:/data"
|
||||
"/var/lib/matrix-bridges/signald:/signald"
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -27,37 +27,14 @@
|
|||
image = "dock.mau.dev/mautrix/whatsapp:v0.8.4";
|
||||
ports = [ "127.0.0.1:29318:29318" ];
|
||||
volumes = [
|
||||
"/etc/container-matrix/whatsapp:/data"
|
||||
"/var/lib/matrix-bridges/whatsapp:/data"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.interfaces."podman+" = {
|
||||
allowedUDPPorts = [ 443 ];
|
||||
allowedTCPPorts = [ 443 ];
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /etc/container-matrix/signald 0775 0 0"
|
||||
"d /etc/container-matrix/signal 0775 1337 1337"
|
||||
"d /etc/container-matrix/whatsapp 0775 1337 1337"
|
||||
"d /var/lib/matrix-bridges/signald 0775 0 0"
|
||||
"d /var/lib/matrix-bridges/signal 0775 1337 1337"
|
||||
"d /var/lib/matrix-bridges/whatsapp 0775 1337 1337"
|
||||
];
|
||||
|
||||
# Matrix: Signal
|
||||
|
||||
environment.etc."container-matrix/signal/config.yaml" = {
|
||||
source = ../../secret/container/matrix/config/signal.yaml;
|
||||
mode = "0640";
|
||||
uid = 1337;
|
||||
gid = 1337;
|
||||
};
|
||||
|
||||
# Matrix: WhatsApp
|
||||
|
||||
environment.etc."container-matrix/whatsapp/config.yaml" = {
|
||||
source = ../../secret/container/matrix/config/whatsapp.yaml;
|
||||
mode = "0640";
|
||||
uid = 1337;
|
||||
gid = 1337;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -29,8 +29,24 @@
|
|||
"d /etc/container-proxitok/cache 0755 33 33"
|
||||
];
|
||||
|
||||
services.redis.servers.proxitok = {
|
||||
enable = true;
|
||||
bind = "10.88.0.1";
|
||||
port = 6381;
|
||||
|
||||
databases = 1;
|
||||
save = [ ];
|
||||
appendFsync = "no";
|
||||
|
||||
settings = {
|
||||
protected-mode = "no";
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.interfaces."podman+".allowedTCPPorts = [ 6381 ];
|
||||
|
||||
services.nginx.virtualHosts."tictac.daniel.sx" = {
|
||||
listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ];
|
||||
listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ];
|
||||
quic = true;
|
||||
http3 = true;
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
let
|
||||
secret = import ../../secret/container/weewx;
|
||||
data-dir = "/etc/container-weewx";
|
||||
data-dir = "/var/lib/weewx";
|
||||
in
|
||||
{
|
||||
virtualisation.oci-containers.containers.weewx = {
|
||||
|
@ -71,7 +71,7 @@ in
|
|||
mosquittoPorts = [ 1883 ];
|
||||
in
|
||||
{
|
||||
"enp7s0".allowedTCPPorts = mosquittoPorts;
|
||||
"enp41s0".allowedTCPPorts = mosquittoPorts;
|
||||
"tailscale0".allowedTCPPorts = mosquittoPorts;
|
||||
"podman+".allowedTCPPorts = mosquittoPorts;
|
||||
};
|
||||
|
|
57
flake.lock
57
flake.lock
|
@ -110,11 +110,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1686307493,
|
||||
"narHash": "sha256-R4VEFnDn7nRmNxAu1LwNbjns5DPM8IBsvnrWmZ8ymPs=",
|
||||
"lastModified": 1687290953,
|
||||
"narHash": "sha256-PF0VGsuLxozDPLEGajGnb5usoO1v7YzzqOcG6k4ndQ4=",
|
||||
"owner": "lnl7",
|
||||
"repo": "nix-darwin",
|
||||
"rev": "7c16d31383a90e0e72ace0c35d2d66a18f90fb4f",
|
||||
"rev": "ed275afbbaad9b0670e2aeac3ae542595255d604",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -145,6 +145,26 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"disko": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1687134796,
|
||||
"narHash": "sha256-gjBAkEtNPMQzqK4IHjTQBUv3VhggszOHLJbhXZy0OVQ=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "4823509bb3b014dc85abefc13efcfa076d36338a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
|
@ -256,11 +276,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1686922395,
|
||||
"narHash": "sha256-ysevinohPxdKp0RXyhDRsz1/vh1eXazg4AWp0n5X/U4=",
|
||||
"lastModified": 1687337969,
|
||||
"narHash": "sha256-5b58eo7Eku2ae+62HHHTbHtwe4jlS44JfYCDulGdopg=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "9ba7b3990eb1f4782ea3f5fe7ac4f3c88dd7a32c",
|
||||
"rev": "9ce6977fe76fb408042a432e314764f8d1d86263",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -279,11 +299,11 @@
|
|||
},
|
||||
"locked": {
|
||||
"dir": "contrib",
|
||||
"lastModified": 1686981691,
|
||||
"narHash": "sha256-0ruufYV+/3E8kSneuBEIrX8032hTkcSi4PErPU5rl5c=",
|
||||
"lastModified": 1687335032,
|
||||
"narHash": "sha256-Mcy5o7jnkOjrT0b5haJ2bT+8bqSUoa1z+HW2H7DzaA4=",
|
||||
"owner": "neovim",
|
||||
"repo": "neovim",
|
||||
"rev": "c07dceba335c56c9a356395ad0d1e5a14d416752",
|
||||
"rev": "8d4a53fe6e20652946948170f2436ec520f9bdfe",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -304,11 +324,11 @@
|
|||
"weewx-proxy-flake": "weewx-proxy-flake"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1686989911,
|
||||
"narHash": "sha256-R9D6w+XyHk74iTVFNEcni9yW06TfPVH1w2+y0HnbN7o=",
|
||||
"lastModified": 1687335565,
|
||||
"narHash": "sha256-k9cIZ5ZSM2iyuRxPX6fce+qTPegdzu7H+VdgI9mB0l8=",
|
||||
"owner": "nifoc",
|
||||
"repo": "nix-overlay",
|
||||
"rev": "582b7424ce2e4438728722f04c06969efa3008bc",
|
||||
"rev": "7e3f4c1539b2df1c08ad2904802740c42189b6dc",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -335,11 +355,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1686979235,
|
||||
"narHash": "sha256-gBlBtk+KrezFkfMrZw6uwTuA7YWtbFciiS14mEoTCo0=",
|
||||
"lastModified": 1687274257,
|
||||
"narHash": "sha256-TutzPriQcZ8FghDhEolnHcYU2oHIG5XWF+/SUBNnAOE=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "7cc30fd5372ddafb3373c318507d9932bd74aafe",
|
||||
"rev": "2c9ecd1f0400076a4d6b2193ad468ff0a7e7fdc5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -389,6 +409,7 @@
|
|||
"attic": "attic",
|
||||
"darwin": "darwin",
|
||||
"deploy-rs": "deploy-rs",
|
||||
"disko": "disko",
|
||||
"home-manager": "home-manager_2",
|
||||
"nifoc-overlay": "nifoc-overlay",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
|
@ -464,11 +485,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1686421566,
|
||||
"narHash": "sha256-Doz8X6s2u33Lm0ZWxH/2d8r5AessR2unrDGHWSpxqUs=",
|
||||
"lastModified": 1687028025,
|
||||
"narHash": "sha256-haI8io27PLu8xijJDPcnKnD/oxB7LTnHNsHk8hLvl3A=",
|
||||
"owner": "nifoc",
|
||||
"repo": "weewx-proxy",
|
||||
"rev": "224fdba4acb4c42f3f4cb49e1192fa26441f2e68",
|
||||
"rev": "59d3a6cd0dd118a46f88badf33ffd3b2674c0bbf",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
21
flake.nix
21
flake.nix
|
@ -1,7 +1,11 @@
|
|||
{
|
||||
inputs = {
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
|
||||
#nixpkgs.url = "github:nixos/nixpkgs?rev=22467e240f390f029d6c745ce031f0ffbdc40916";
|
||||
|
||||
disko = {
|
||||
url = "github:nix-community/disko";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
darwin = {
|
||||
url = "github:lnl7/nix-darwin";
|
||||
|
@ -44,13 +48,8 @@
|
|||
inherit inputs;
|
||||
};
|
||||
|
||||
sail = import ./system/flakes/sail.nix {
|
||||
inherit (inputs) nixpkgs deploy-rs home-manager agenix;
|
||||
inherit inputs;
|
||||
};
|
||||
|
||||
attic = import ./system/flakes/attic.nix {
|
||||
inherit (inputs) nixpkgs deploy-rs home-manager agenix attic;
|
||||
tanker = import ./system/flakes/tanker.nix {
|
||||
inherit (inputs) nixpkgs disko deploy-rs home-manager agenix attic;
|
||||
inherit inputs;
|
||||
};
|
||||
|
||||
|
@ -80,8 +79,7 @@
|
|||
};
|
||||
|
||||
nixosConfigurations = {
|
||||
sail = sail.system;
|
||||
attic = attic.system;
|
||||
tanker = tanker.system;
|
||||
mediaserver = mediaserver.system;
|
||||
argon = argon.system;
|
||||
weather-sdr = weather-sdr.system;
|
||||
|
@ -89,8 +87,7 @@
|
|||
};
|
||||
|
||||
deploy.nodes = {
|
||||
sail = sail.deployment;
|
||||
attic = attic.deployment;
|
||||
tanker = tanker.deployment;
|
||||
mediaserver = mediaserver.deployment;
|
||||
argon = argon.deployment;
|
||||
weather-sdr = weather-sdr.deployment;
|
||||
|
|
169
hardware/disko/tanker.nix
Normal file
169
hardware/disko/tanker.nix
Normal file
|
@ -0,0 +1,169 @@
|
|||
{
|
||||
disko.devices = {
|
||||
disk = {
|
||||
x = {
|
||||
type = "disk";
|
||||
device = "/dev/nvme0n1";
|
||||
content = {
|
||||
type = "table";
|
||||
format = "gpt";
|
||||
partitions = [
|
||||
{
|
||||
name = "boot";
|
||||
start = "0";
|
||||
end = "1M";
|
||||
part-type = "primary";
|
||||
flags = [ "bios_grub" ];
|
||||
}
|
||||
|
||||
{
|
||||
name = "ESP";
|
||||
start = "1M";
|
||||
end = "1GiB";
|
||||
fs-type = "fat32";
|
||||
bootable = true;
|
||||
content = {
|
||||
type = "mdraid";
|
||||
name = "boot";
|
||||
};
|
||||
}
|
||||
|
||||
{
|
||||
name = "zfs";
|
||||
start = "1GiB";
|
||||
end = "-1GiB";
|
||||
content = {
|
||||
type = "zfs";
|
||||
pool = "zroot";
|
||||
};
|
||||
}
|
||||
|
||||
{
|
||||
name = "swap";
|
||||
start = "-1GiB";
|
||||
end = "100%";
|
||||
part-type = "primary";
|
||||
content = {
|
||||
type = "swap";
|
||||
randomEncryption = true;
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
y = {
|
||||
type = "disk";
|
||||
device = "/dev/nvme1n1";
|
||||
content = {
|
||||
type = "table";
|
||||
format = "gpt";
|
||||
partitions = [
|
||||
{
|
||||
name = "boot";
|
||||
start = "0";
|
||||
end = "1M";
|
||||
part-type = "primary";
|
||||
flags = [ "bios_grub" ];
|
||||
}
|
||||
|
||||
{
|
||||
name = "ESP";
|
||||
start = "1M";
|
||||
end = "1GiB";
|
||||
fs-type = "fat32";
|
||||
bootable = true;
|
||||
content = {
|
||||
type = "mdraid";
|
||||
name = "boot";
|
||||
};
|
||||
}
|
||||
|
||||
{
|
||||
name = "zfs";
|
||||
start = "1GiB";
|
||||
end = "-1GiB";
|
||||
content = {
|
||||
type = "zfs";
|
||||
pool = "zroot";
|
||||
};
|
||||
}
|
||||
|
||||
{
|
||||
name = "swap";
|
||||
start = "-1GiB";
|
||||
end = "100%";
|
||||
part-type = "primary";
|
||||
content = {
|
||||
type = "swap";
|
||||
randomEncryption = true;
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
mdadm = {
|
||||
boot = {
|
||||
type = "mdadm";
|
||||
level = 1;
|
||||
metadata = "1.0";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
zpool = {
|
||||
zroot = {
|
||||
type = "zpool";
|
||||
mode = "mirror";
|
||||
rootFsOptions = {
|
||||
compression = "lz4";
|
||||
"com.sun:auto-snapshot" = "true";
|
||||
};
|
||||
mountpoint = "/";
|
||||
postCreateHook = "zfs snapshot zroot@blank";
|
||||
|
||||
datasets = {
|
||||
postgresql = {
|
||||
type = "zfs_fs";
|
||||
mountpoint = "/var/lib/postgresql";
|
||||
options = {
|
||||
recordsize = "16k";
|
||||
atime = "off";
|
||||
};
|
||||
};
|
||||
|
||||
elasticsearch = {
|
||||
type = "zfs_fs";
|
||||
mountpoint = "/var/lib/elasticsearch";
|
||||
options = {
|
||||
atime = "off";
|
||||
};
|
||||
};
|
||||
|
||||
mastodon = {
|
||||
type = "zfs_fs";
|
||||
mountpoint = "/var/lib/mastodon";
|
||||
options = {
|
||||
recordsize = "512k";
|
||||
atime = "off";
|
||||
};
|
||||
};
|
||||
|
||||
synapse = {
|
||||
type = "zfs_fs";
|
||||
mountpoint = "/var/lib/matrix-synapse";
|
||||
options = {
|
||||
recordsize = "512k";
|
||||
atime = "off";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,28 +0,0 @@
|
|||
{ pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||
|
||||
boot = {
|
||||
loader.grub.device = "/dev/sda";
|
||||
|
||||
initrd = {
|
||||
availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
|
||||
kernelModules = [ "nvme" "tls" ];
|
||||
};
|
||||
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
kernelModules = [ "tcp_bbr" ];
|
||||
|
||||
kernel.sysctl = {
|
||||
"net.core.default_qdisc" = "fq";
|
||||
"net.ipv4.tcp_congestion_control" = "bbr";
|
||||
"net.ipv4.tcp_syncookies" = 0;
|
||||
"net.ipv4.tcp_timestamps" = 1;
|
||||
"net.ipv4.tcp_window_scaling" = 1;
|
||||
"net.core.rmem_max" = 2500000;
|
||||
};
|
||||
};
|
||||
|
||||
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
|
||||
}
|
|
@ -1,28 +0,0 @@
|
|||
{ pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||
|
||||
boot = {
|
||||
loader.grub.device = "/dev/sda";
|
||||
|
||||
initrd = {
|
||||
availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];
|
||||
kernelModules = [ "nvme" "tls" ];
|
||||
};
|
||||
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
kernelModules = [ "tcp_bbr" ];
|
||||
|
||||
kernel.sysctl = {
|
||||
"net.core.default_qdisc" = "fq";
|
||||
"net.ipv4.tcp_congestion_control" = "bbr";
|
||||
"net.ipv4.tcp_syncookies" = 0;
|
||||
"net.ipv4.tcp_timestamps" = 1;
|
||||
"net.ipv4.tcp_window_scaling" = 1;
|
||||
"net.core.rmem_max" = 2500000;
|
||||
};
|
||||
};
|
||||
|
||||
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
|
||||
}
|
36
hardware/hosts/tanker.nix
Normal file
36
hardware/hosts/tanker.nix
Normal file
|
@ -0,0 +1,36 @@
|
|||
{ pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../disko/tanker.nix
|
||||
];
|
||||
|
||||
boot = {
|
||||
loader.grub = {
|
||||
enable = true;
|
||||
|
||||
copyKernels = true;
|
||||
devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ];
|
||||
efiInstallAsRemovable = true;
|
||||
efiSupport = true;
|
||||
fsIdentifier = "uuid";
|
||||
};
|
||||
|
||||
initrd = {
|
||||
availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ];
|
||||
kernelModules = [ "tls" ];
|
||||
};
|
||||
|
||||
kernelPackages = pkgs.zfs.latestCompatibleLinuxPackages;
|
||||
kernelModules = [ "tcp_bbr" ];
|
||||
|
||||
kernel.sysctl = {
|
||||
"net.core.default_qdisc" = "fq";
|
||||
"net.ipv4.tcp_congestion_control" = "bbr";
|
||||
"net.ipv4.tcp_syncookies" = 0;
|
||||
"net.ipv4.tcp_timestamps" = 1;
|
||||
"net.ipv4.tcp_window_scaling" = 1;
|
||||
"net.core.rmem_max" = 2500000;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,38 +0,0 @@
|
|||
args@{ pkgs, ... }:
|
||||
|
||||
let
|
||||
secret = import ../../secret/hosts/sail.nix;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
../programs/fish.nix
|
||||
../programs/atuin.nix
|
||||
../programs/starship.nix
|
||||
|
||||
../programs/nvim
|
||||
|
||||
../programs/git.nix
|
||||
|
||||
../programs/bat.nix
|
||||
|
||||
../programs/fzf.nix
|
||||
|
||||
../programs/jq.nix
|
||||
|
||||
../programs/scripts.nix
|
||||
];
|
||||
|
||||
home = {
|
||||
stateVersion = "22.11";
|
||||
|
||||
packages = with pkgs; [
|
||||
awscli2
|
||||
curlHTTP3
|
||||
lnav
|
||||
mtr
|
||||
parallel
|
||||
q
|
||||
ripgrep
|
||||
];
|
||||
};
|
||||
}
|
|
@ -30,12 +30,12 @@ in
|
|||
};
|
||||
nvim-web-devicons = buildVimPluginFrom2Nix {
|
||||
pname = "nvim-web-devicons";
|
||||
version = "2023-05-27";
|
||||
version = "2023-06-18";
|
||||
src = fetchFromGitHub {
|
||||
owner = "kyazdani42";
|
||||
repo = "nvim-web-devicons";
|
||||
rev = "2a125024a137677930efcfdf720f205504c97268";
|
||||
sha256 = "0hjfi7zrxn7hci0gagnx50p20afdg5c63skjbh89rvsh0v2qgg3f";
|
||||
rev = "14b3a5ba63b82b60cde98d0a40319d80f25e8301";
|
||||
sha256 = "0hn54zz5a3zhg796jfryg1vsikv96vpvcgg71mz95wshnqjlr3jr";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
};
|
||||
|
@ -85,12 +85,12 @@ in
|
|||
};
|
||||
leap-nvim = buildVimPluginFrom2Nix {
|
||||
pname = "leap.nvim";
|
||||
version = "2023-06-02";
|
||||
version = "2023-06-17";
|
||||
src = fetchFromGitHub {
|
||||
owner = "ggandor";
|
||||
repo = "leap.nvim";
|
||||
rev = "14b5a65190fe69388a8f59c695ed3394a10d6af8";
|
||||
sha256 = "1p3bz2zs4s2kg1q1gyaf2pffp1fwd0hmh5cds8s8a1r3cab9mnap";
|
||||
rev = "96f0f60baf037a3f91c8c725a0aad56094a73808";
|
||||
sha256 = "0qgqiiw2cmm60cxnil2cvkh5h6p8kx3zvcyw60ia7n4s93yqzbkx";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
};
|
||||
|
@ -107,23 +107,23 @@ in
|
|||
};
|
||||
nvim-treesitter = buildVimPluginFrom2Nix {
|
||||
pname = "nvim-treesitter";
|
||||
version = "2023-06-17";
|
||||
version = "2023-06-21";
|
||||
src = fetchFromGitHub {
|
||||
owner = "nvim-treesitter";
|
||||
repo = "nvim-treesitter";
|
||||
rev = "840e5d71787b02789f909315f646a6dd66a0de2c";
|
||||
sha256 = "0zqp1bckgijic464868dqs4gxfmvjkmkrj9hkrjwm4vp5qfcqwk6";
|
||||
rev = "39b9f45a646371736ce95ec0c8cf685a727b5312";
|
||||
sha256 = "0cqwx2sqi5lqs7jmy8vsn81qhnfx6n403pxqyj8wihvl7g9kjz1n";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
};
|
||||
nvim-ts-rainbow2 = buildVimPluginFrom2Nix {
|
||||
pname = "nvim-ts-rainbow2";
|
||||
version = "2023-06-14";
|
||||
version = "2023-06-20";
|
||||
src = fetchFromGitHub {
|
||||
owner = "HiPhish";
|
||||
repo = "nvim-ts-rainbow2";
|
||||
rev = "9e228dc94d083cb2dfddac64d524483f452dab40";
|
||||
sha256 = "13q9kpiwmydf39dfk47inaas2r49scsvrqb1v7rnimjmjxp2654d";
|
||||
rev = "a716318361239c9ee5364fc032795679b16762db";
|
||||
sha256 = "1k48q777kdxa12l5g47cmrd1lmih3h076jlcsway2anxa7kfjddl";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
};
|
||||
|
@ -220,12 +220,12 @@ in
|
|||
};
|
||||
nvim-lspconfig = buildVimPluginFrom2Nix {
|
||||
pname = "nvim-lspconfig";
|
||||
version = "2023-06-17";
|
||||
version = "2023-06-20";
|
||||
src = fetchFromGitHub {
|
||||
owner = "neovim";
|
||||
repo = "nvim-lspconfig";
|
||||
rev = "80861dc087982a6ed8ba91ec4836adce619f5a8a";
|
||||
sha256 = "03n3zh5gizia6ryafj88c0n6rpwzqhfa7b3gwrr66z25c0sqqxv3";
|
||||
rev = "a51892484c2002c083a8b0a9dfcefb3a569be36d";
|
||||
sha256 = "02yxlfqlvv8nprk9mbxhw2mh52plcjka5kwbn4h8s4d49dzp396w";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
};
|
||||
|
@ -297,34 +297,34 @@ in
|
|||
};
|
||||
LuaSnip = buildVimPluginFrom2Nix {
|
||||
pname = "LuaSnip";
|
||||
version = "2023-06-16";
|
||||
version = "2023-06-19";
|
||||
src = fetchFromGitHub {
|
||||
owner = "L3MON4D3";
|
||||
repo = "LuaSnip";
|
||||
rev = "4964cd11e19de4671189b97de37f3c4930d43191";
|
||||
sha256 = "15qfwwc5fsc6yhr0qsrfw4s8xvknrf1m25443lgz95v3d37hxkn5";
|
||||
rev = "3d2ad0c0fa25e4e272ade48a62a185ebd0fe26c1";
|
||||
sha256 = "01ih6rp99qvip3zpyd663c6fi69r4xfqj2x1k6x679h6gicharl0";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
};
|
||||
friendly-snippets = buildVimPluginFrom2Nix {
|
||||
pname = "friendly-snippets";
|
||||
version = "2023-06-17";
|
||||
version = "2023-06-21";
|
||||
src = fetchFromGitHub {
|
||||
owner = "rafamadriz";
|
||||
repo = "friendly-snippets";
|
||||
rev = "70b727d3454cceb3a818b1746be09786568b7e33";
|
||||
sha256 = "13winfmabdpxwgig519qr11znjngdlmbgbmksyrilxangaw3zgjf";
|
||||
rev = "01f80274100fe3ff6c9183b9c0674a520141be4d";
|
||||
sha256 = "1pxbbdjq25ri5jhwl953020xwbzhy564m35xz9vhnv8i2wz8kg2l";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
};
|
||||
nvim-cmp = buildVimPluginFrom2Nix {
|
||||
pname = "nvim-cmp";
|
||||
version = "2023-06-11";
|
||||
version = "2023-06-19";
|
||||
src = fetchFromGitHub {
|
||||
owner = "hrsh7th";
|
||||
repo = "nvim-cmp";
|
||||
rev = "b8c2a62b3bd3827aa059b43be3dd4b5c45037d65";
|
||||
sha256 = "1xh3pzcdbz2hqa3vl14gwn77pqjv939q9jfq1y4ln676jz5ljr4q";
|
||||
rev = "fa492591fecdc41798cd5d3d1713232a5088fba0";
|
||||
sha256 = "0a7szf6lfgadlxrsg34qjc6hyz2ca9k0z0xfyvdcqnibfhlbgg0l";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
};
|
||||
|
@ -429,12 +429,12 @@ in
|
|||
};
|
||||
nvim-autopairs = buildVimPluginFrom2Nix {
|
||||
pname = "nvim-autopairs";
|
||||
version = "2023-06-14";
|
||||
version = "2023-06-18";
|
||||
src = fetchFromGitHub {
|
||||
owner = "windwp";
|
||||
repo = "nvim-autopairs";
|
||||
rev = "41803bdbf75569571f93fd4571f6c654635b1b46";
|
||||
sha256 = "1lxq0qr3ninkz4yk2a0467vzyx7lslg7fqix918cqd10mgrg5xkr";
|
||||
rev = "e8f7dd7a72de3e7b6626c050a802000e69d53ff0";
|
||||
sha256 = "0lk78zvmf5cyyq4nmrzybi7dbpbwx499r0la4wza9h1gp4l7xvy7";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
};
|
||||
|
@ -462,12 +462,12 @@ in
|
|||
};
|
||||
nvim-treesitter-textobjects = buildVimPluginFrom2Nix {
|
||||
pname = "nvim-treesitter-textobjects";
|
||||
version = "2023-06-08";
|
||||
version = "2023-06-19";
|
||||
src = fetchFromGitHub {
|
||||
owner = "nvim-treesitter";
|
||||
repo = "nvim-treesitter-textobjects";
|
||||
rev = "2d6d3c7e49a24f6ffbbf7898241fefe9784f61bd";
|
||||
sha256 = "1mlx0hkx42al578ilwsj4547rqny85x089is189hdic287yw59gp";
|
||||
rev = "83c59ed1eeae70a55605990993cf4d208948fdf7";
|
||||
sha256 = "1780104ap415dlnvik1s027vhd0ikvly23lcb4dq2d2smlkymjgf";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
};
|
||||
|
@ -539,23 +539,23 @@ in
|
|||
};
|
||||
gitsigns-nvim = buildVimPluginFrom2Nix {
|
||||
pname = "gitsigns.nvim";
|
||||
version = "2023-06-16";
|
||||
version = "2023-06-20";
|
||||
src = fetchFromGitHub {
|
||||
owner = "lewis6991";
|
||||
repo = "gitsigns.nvim";
|
||||
rev = "256569c2fe697a3003dbd49ff474e5935af9066c";
|
||||
sha256 = "1xxpqjmxqf7bkia4jrf78grjg9myq7lnhygmi0gm90nwlm9wi8vl";
|
||||
rev = "a36bc3360d584d39b4fb076d855c4180842d4444";
|
||||
sha256 = "1kq2ykmpagan4d4anjv8s8dp2gi22n8paqzkk933zr5azd9q6pjp";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
};
|
||||
nui-nvim = buildVimPluginFrom2Nix {
|
||||
pname = "nui.nvim";
|
||||
version = "2023-06-16";
|
||||
version = "2023-06-18";
|
||||
src = fetchFromGitHub {
|
||||
owner = "MunifTanjim";
|
||||
repo = "nui.nvim";
|
||||
rev = "e319f2554d14a521f4271576ebff2685105d7628";
|
||||
sha256 = "1lm7fm2pdclsrimiw73m5pbg6h0g1yj9bd7kin55xapzvn4j3131";
|
||||
rev = "d146966a423e60699b084eeb28489fe3b6427599";
|
||||
sha256 = "0cg0771dai5gsch36qfandx3i48gq2zhifnmgwarl174af8f8mrq";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
};
|
||||
|
@ -572,12 +572,12 @@ in
|
|||
};
|
||||
noice-nvim = buildVimPluginFrom2Nix {
|
||||
pname = "noice.nvim";
|
||||
version = "2023-06-12";
|
||||
version = "2023-06-19";
|
||||
src = fetchFromGitHub {
|
||||
owner = "folke";
|
||||
repo = "noice.nvim";
|
||||
rev = "a3318600bc1eba2cca84e879048c1ab8d4a0262d";
|
||||
sha256 = "1hba8idla910jwwpm9dgsa200nb0jw3054rnan7dyawg694d67bv";
|
||||
rev = "39461475d9de676bccc338876689c9e5b44bc932";
|
||||
sha256 = "11b4bv0dhy8y478p1gfw2ic47bg0x9v073ljndvcz5qcdh3qpsv9";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
};
|
||||
|
|
|
@ -16,6 +16,14 @@
|
|||
identitiesOnly = true;
|
||||
};
|
||||
|
||||
"builder-tanker" = {
|
||||
hostname = "tanker.ts.kempkens.network";
|
||||
port = 22;
|
||||
user = "root";
|
||||
identityFile = "~/.ssh/Hetzner.pub";
|
||||
identitiesOnly = true;
|
||||
};
|
||||
|
||||
"builder-mediaserver" = {
|
||||
hostname = "mediaserver.ts.kempkens.network";
|
||||
port = 22;
|
||||
|
|
|
@ -60,6 +60,15 @@
|
|||
identitiesOnly = true;
|
||||
};
|
||||
|
||||
"tanker" = {
|
||||
hostname = "tanker.ts.kempkens.network";
|
||||
port = 22;
|
||||
user = "daniel";
|
||||
forwardAgent = true;
|
||||
identityFile = "~/.ssh/Hetzner.pub";
|
||||
identitiesOnly = true;
|
||||
};
|
||||
|
||||
"attic" = {
|
||||
hostname = "attic.ts.kempkens.network";
|
||||
port = 22;
|
||||
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
secret/hosts/tanker.nix
Normal file
BIN
secret/hosts/tanker.nix
Normal file
Binary file not shown.
63
secrets.nix
63
secrets.nix
|
@ -1,63 +1,62 @@
|
|||
let
|
||||
user-daniel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1UfCIu7jUe64iQmp2UUyAgqZ3IYdMOo/Me6hRTnKoG";
|
||||
|
||||
system-sail = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJMs1BqZ+MC7XBwV+dZW8EmaZt2cOg/xcOBPS9KSzIl";
|
||||
system-attic = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHe6N3LfPxu7KNsyuI8YE3R0OHLTxNw5+WhuQjKL6PUr";
|
||||
system-tanker = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpnogLd3Ttmz/At0dXveaG1xF37vV7lz34ojDTIuCOi";
|
||||
system-mediaserver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDlB0cL5CtTOyARWSE2yUsNU4JHUPmr71710mZHzsmbX";
|
||||
system-argon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPP9ygczyi6g8abvj1I0eAj7N2Rli9UMlkC8VT6SnWLU";
|
||||
system-weather-sdr = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBHuAdx5u9R2DyK065DUxdwhEOi0at1WNkY5f4JtrOzk";
|
||||
|
||||
sail = [ user-daniel system-sail ];
|
||||
attic = [ user-daniel system-attic ];
|
||||
tanker = [ user-daniel system-tanker ];
|
||||
mediaserver = [ user-daniel system-mediaserver ];
|
||||
argon = [ user-daniel system-argon ];
|
||||
weather-sdr = [ user-daniel system-weather-sdr ];
|
||||
in
|
||||
{
|
||||
# sail
|
||||
"agenix/hosts/sail/acme/credentials.age".publicKeys = sail;
|
||||
# tanker
|
||||
"agenix/hosts/tanker/user/danielPassword.age".publicKeys = tanker;
|
||||
|
||||
"agenix/hosts/sail/tailscale/authkey.age".publicKeys = sail;
|
||||
"agenix/hosts/tanker/acme/credentials.age".publicKeys = tanker;
|
||||
|
||||
"agenix/hosts/sail/mastodon/databasePassword.age".publicKeys = sail;
|
||||
"agenix/hosts/sail/mastodon/smtpPassword.age".publicKeys = sail;
|
||||
"agenix/hosts/sail/mastodon/otpSecret.age".publicKeys = sail;
|
||||
"agenix/hosts/sail/mastodon/secretKeyBase.age".publicKeys = sail;
|
||||
"agenix/hosts/sail/mastodon/vapidPrivateKey.age".publicKeys = sail;
|
||||
"agenix/hosts/sail/mastodon/vapidPublicKey.age".publicKeys = sail;
|
||||
"agenix/hosts/sail/mastodon/extraConfig.age".publicKeys = sail;
|
||||
"agenix/hosts/tanker/tailscale/authkey.age".publicKeys = tanker;
|
||||
|
||||
"agenix/hosts/sail/synapse/extraConfig.age".publicKeys = sail;
|
||||
"agenix/hosts/tanker/atuin/environment.age".publicKeys = tanker;
|
||||
|
||||
"agenix/hosts/sail/signald/environment.age".publicKeys = sail;
|
||||
"agenix/hosts/tanker/atticd/environment.age".publicKeys = tanker;
|
||||
|
||||
"agenix/hosts/sail/weewx/config.age".publicKeys = sail;
|
||||
"agenix/hosts/sail/weewx/skin.age".publicKeys = sail;
|
||||
"agenix/hosts/tanker/fedifetcher/config.age".publicKeys = tanker;
|
||||
|
||||
"agenix/hosts/sail/mosquitto/passwordWeewxProxy.age".publicKeys = sail;
|
||||
"agenix/hosts/sail/mosquitto/passwordWeewx.age".publicKeys = sail;
|
||||
"agenix/hosts/tanker/mastodon/databasePassword.age".publicKeys = tanker;
|
||||
"agenix/hosts/tanker/mastodon/smtpPassword.age".publicKeys = tanker;
|
||||
"agenix/hosts/tanker/mastodon/otpSecret.age".publicKeys = tanker;
|
||||
"agenix/hosts/tanker/mastodon/secretKeyBase.age".publicKeys = tanker;
|
||||
"agenix/hosts/tanker/mastodon/vapidPrivateKey.age".publicKeys = tanker;
|
||||
"agenix/hosts/tanker/mastodon/vapidPublicKey.age".publicKeys = tanker;
|
||||
"agenix/hosts/tanker/mastodon/extraConfig.age".publicKeys = tanker;
|
||||
|
||||
"agenix/hosts/sail/atuin/environment.age".publicKeys = sail;
|
||||
"agenix/hosts/tanker/miniflux/credentials.age".publicKeys = tanker;
|
||||
|
||||
"agenix/hosts/sail/freshrss/userPassword.age".publicKeys = sail;
|
||||
"agenix/hosts/sail/freshrss/databasePassword.age".publicKeys = sail;
|
||||
"agenix/hosts/tanker/mosquitto/passwordWeewxProxy.age".publicKeys = tanker;
|
||||
"agenix/hosts/tanker/mosquitto/passwordWeewx.age".publicKeys = tanker;
|
||||
|
||||
"agenix/hosts/sail/invidious/databasePassword.age".publicKeys = sail;
|
||||
"agenix/hosts/tanker/nitter/config.age".publicKeys = tanker;
|
||||
|
||||
"agenix/hosts/sail/nitter/config.age".publicKeys = sail;
|
||||
"agenix/hosts/tanker/anonymous-overflow/config.age".publicKeys = tanker;
|
||||
|
||||
"agenix/hosts/sail/anonymous-overflow/config.age".publicKeys = sail;
|
||||
"agenix/hosts/tanker/invidious/databasePassword.age".publicKeys = tanker;
|
||||
"agenix/hosts/tanker/invidious/extraSettings.age".publicKeys = tanker;
|
||||
|
||||
"agenix/hosts/sail/proxitok/environment.age".publicKeys = sail;
|
||||
"agenix/hosts/tanker/proxitok/environment.age".publicKeys = tanker;
|
||||
|
||||
# attic
|
||||
"agenix/hosts/attic/user/danielPassword.age".publicKeys = attic;
|
||||
"agenix/hosts/tanker/synapse/extraConfig.age".publicKeys = tanker;
|
||||
|
||||
"agenix/hosts/attic/acme/credentials.age".publicKeys = attic;
|
||||
"agenix/hosts/tanker/mautrix-signal/config.age".publicKeys = tanker;
|
||||
|
||||
"agenix/hosts/attic/tailscale/authkey.age".publicKeys = attic;
|
||||
"agenix/hosts/tanker/signald/environment.age".publicKeys = tanker;
|
||||
|
||||
"agenix/hosts/attic/atticd/environment.age".publicKeys = attic;
|
||||
"agenix/hosts/tanker/mautrix-whatsapp/config.age".publicKeys = tanker;
|
||||
|
||||
"agenix/hosts/tanker/weewx/config.age".publicKeys = tanker;
|
||||
"agenix/hosts/tanker/weewx/skin.age".publicKeys = tanker;
|
||||
|
||||
# mediaserver
|
||||
"agenix/hosts/mediaserver/user/danielPassword.age".publicKeys = mediaserver;
|
||||
|
|
|
@ -1,59 +0,0 @@
|
|||
{ nixpkgs, deploy-rs, home-manager, agenix, inputs, ... }:
|
||||
|
||||
let
|
||||
default-system = "x86_64-linux";
|
||||
|
||||
overlay-attic = inputs.attic.overlays.default;
|
||||
overlay-deploy-rs = _: _: { inherit (deploy-rs.packages.${default-system}) deploy-rs; };
|
||||
overlay-nifoc = inputs.nifoc-overlay.overlay;
|
||||
|
||||
nixpkgsConfig = {
|
||||
overlays = [
|
||||
overlay-attic
|
||||
overlay-deploy-rs
|
||||
overlay-nifoc
|
||||
];
|
||||
|
||||
config = {
|
||||
allowUnfree = true;
|
||||
allowBroken = true;
|
||||
|
||||
permittedInsecurePackages = [
|
||||
"openssl-1.1.1t"
|
||||
];
|
||||
};
|
||||
};
|
||||
in
|
||||
rec {
|
||||
system = nixpkgs.lib.nixosSystem {
|
||||
system = default-system;
|
||||
modules = [
|
||||
../hosts/sail.nix
|
||||
|
||||
home-manager.nixosModules.home-manager
|
||||
|
||||
agenix.nixosModules.default
|
||||
|
||||
{
|
||||
nixpkgs = nixpkgsConfig;
|
||||
nix.nixPath = [ "nixpkgs=${nixpkgs}" ];
|
||||
nix.registry.nixpkgs.flake = nixpkgs;
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.users.daniel = import ../../home/hosts/sail.nix;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
deployment = {
|
||||
hostname = "sail";
|
||||
sshUser = "root";
|
||||
remoteBuild = true;
|
||||
autoRollback = false;
|
||||
magicRollback = false;
|
||||
|
||||
profiles.system = {
|
||||
path = deploy-rs.lib.${default-system}.activate.nixos system;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
{ nixpkgs, deploy-rs, home-manager, agenix, attic, inputs, ... }:
|
||||
{ nixpkgs, disko, deploy-rs, home-manager, agenix, attic, inputs, ... }:
|
||||
|
||||
let
|
||||
default-system = "x86_64-linux";
|
||||
|
@ -26,7 +26,9 @@ rec {
|
|||
system = nixpkgs.lib.nixosSystem {
|
||||
system = default-system;
|
||||
modules = [
|
||||
../hosts/attic.nix
|
||||
disko.nixosModules.disko
|
||||
|
||||
../hosts/tanker.nix
|
||||
|
||||
home-manager.nixosModules.home-manager
|
||||
|
||||
|
@ -40,13 +42,13 @@ rec {
|
|||
nix.registry.nixpkgs.flake = nixpkgs;
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.users.daniel = import ../../home/hosts/attic.nix;
|
||||
home-manager.users.daniel = import ../../home/hosts/tanker.nix;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
deployment = {
|
||||
hostname = "attic";
|
||||
hostname = "94.130.142.168";
|
||||
sshUser = "root";
|
||||
remoteBuild = true;
|
||||
autoRollback = false;
|
|
@ -74,7 +74,7 @@
|
|||
};
|
||||
};
|
||||
|
||||
documentation.doc.enable = false;
|
||||
documentation.enable = false;
|
||||
|
||||
users = {
|
||||
users.daniel = {
|
||||
|
|
|
@ -1,143 +0,0 @@
|
|||
args@{ pkgs, config, lib, ... }:
|
||||
|
||||
let
|
||||
secret = import ../../secret/hosts/attic.nix;
|
||||
ssh-keys = import ../shared/ssh-keys.nix;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
../../hardware/hosts/attic.nix
|
||||
../../agenix/hosts/attic/config.nix
|
||||
../shared/show-update-changelog.nix
|
||||
../nixos/ssh.nix
|
||||
|
||||
../nixos/git.nix
|
||||
|
||||
../nixos/acme-attic.nix
|
||||
../nixos/nginx.nix
|
||||
|
||||
(import ../nixos/atticd.nix (args // { inherit secret; }))
|
||||
|
||||
(import ../nixos/home-proxy.nix (args // { inherit secret; }))
|
||||
|
||||
../nixos/tailscale.nix
|
||||
];
|
||||
|
||||
system.stateVersion = "22.11";
|
||||
|
||||
nix = {
|
||||
package = pkgs.nixVersions.stable;
|
||||
|
||||
settings = {
|
||||
auto-optimise-store = true;
|
||||
|
||||
substituters = [
|
||||
"https://attic.cache.daniel.sx/nifoc-systems"
|
||||
"https://nifoc.cachix.org"
|
||||
"https://nix-community.cachix.org"
|
||||
];
|
||||
|
||||
trusted-public-keys = [
|
||||
"nifoc-systems:eDDqVP5BFR6/1KvXbF9oUL8JahDdmbrsYtxlQ57LOTU="
|
||||
"nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II="
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
];
|
||||
};
|
||||
|
||||
gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 14d";
|
||||
};
|
||||
|
||||
extraOptions = ''
|
||||
experimental-features = nix-command flakes
|
||||
extra-platforms = aarch64-linux
|
||||
keep-derivations = true
|
||||
keep-outputs = true
|
||||
post-build-hook = ${../../home/programs/scripts/attic-system-cache}
|
||||
'';
|
||||
};
|
||||
|
||||
environment.etc."nix/netrc".source = ../../secret/shared/nix-netrc;
|
||||
|
||||
boot = {
|
||||
tmp.cleanOnBoot = true;
|
||||
|
||||
binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||
};
|
||||
|
||||
zramSwap.enable = true;
|
||||
|
||||
networking = {
|
||||
hostName = "attic";
|
||||
useNetworkd = true;
|
||||
|
||||
extraHosts = ''
|
||||
127.0.0.1 attic.cache.daniel.sx
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.network = {
|
||||
enable = true;
|
||||
|
||||
networks = {
|
||||
"10-wan" = {
|
||||
matchConfig.Name = "enp1s0";
|
||||
networkConfig = {
|
||||
DHCP = "ipv4";
|
||||
Address = "2a01:4f8:c0c:fa14::1/64";
|
||||
Gateway = "fe80::1";
|
||||
};
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
|
||||
ntp = [
|
||||
"ntp1.hetzner.de"
|
||||
"ntp2.hetzner.com"
|
||||
"ntp3.hetzner.net"
|
||||
];
|
||||
};
|
||||
|
||||
"20-private" = {
|
||||
matchConfig.Name = "enp7s0";
|
||||
networkConfig = {
|
||||
DHCP = "ipv4";
|
||||
IPv6AcceptRA = false;
|
||||
};
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
};
|
||||
};
|
||||
|
||||
wait-online.extraArgs = [
|
||||
"--interface=enp1s0"
|
||||
"--interface=enp7s0"
|
||||
];
|
||||
};
|
||||
|
||||
services.journald.extraConfig = ''
|
||||
SystemMaxUse=1G
|
||||
'';
|
||||
|
||||
documentation = {
|
||||
nixos.enable = false;
|
||||
doc.enable = false;
|
||||
};
|
||||
|
||||
programs.fish.enable = true;
|
||||
|
||||
users.users = {
|
||||
root = {
|
||||
openssh.authorizedKeys.keys = [ ssh-keys.Hetzner ];
|
||||
};
|
||||
|
||||
daniel = {
|
||||
passwordFile = config.age.secrets.user-daniel-password.path;
|
||||
isNormalUser = true;
|
||||
home = "/home/daniel";
|
||||
description = "Daniel";
|
||||
extraGroups = [ "wheel" ];
|
||||
shell = pkgs.fish;
|
||||
openssh.authorizedKeys.keys = [ ssh-keys.Hetzner ];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,34 +1,43 @@
|
|||
args@{ pkgs, ... }:
|
||||
args@{ pkgs, config, ... }:
|
||||
|
||||
let
|
||||
secret = import ../../secret/hosts/sail.nix;
|
||||
secret = import ../../secret/hosts/tanker.nix;
|
||||
ssh-keys = import ../shared/ssh-keys.nix;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
../../hardware/hosts/sail.nix
|
||||
../../agenix/hosts/sail/config.nix
|
||||
../../hardware/hosts/tanker.nix
|
||||
../nixos/zfs.nix
|
||||
../../agenix/hosts/tanker/config.nix
|
||||
../shared/show-update-changelog.nix
|
||||
../nixos/ssh.nix
|
||||
|
||||
../nixos/git.nix
|
||||
|
||||
../nixos/acme-sail.nix
|
||||
../nixos/acme-tanker.nix
|
||||
../nixos/nginx.nix
|
||||
|
||||
../nixos/atuin-sync.nix
|
||||
|
||||
../nixos/attic.nix
|
||||
../nixos/postgresql.nix
|
||||
../nixos/elasticsearch.nix
|
||||
../nixos/mosquitto.nix
|
||||
../nixos/container.nix
|
||||
|
||||
../nixos/anonymous-overflow.nix
|
||||
|
||||
(import ../nixos/freshrss.nix (args // { inherit secret; }))
|
||||
../nixos/atuin-sync.nix
|
||||
|
||||
(import ../nixos/atticd.nix (args // { inherit secret; }))
|
||||
|
||||
../nixos/fedifetcher.nix
|
||||
|
||||
(import ../nixos/home-proxy.nix (args // { inherit secret; }))
|
||||
|
||||
../nixos/invidious.nix
|
||||
|
||||
(import ../nixos/libreddit.nix (args // { inherit secret; }))
|
||||
|
||||
(import ../nixos/mastodon.nix (args // { inherit secret; }))
|
||||
../nixos/mastodon.nix
|
||||
|
||||
../nixos/miniflux.nix
|
||||
|
||||
(import ../nixos/nitter.nix (args // { inherit secret; }))
|
||||
|
||||
|
@ -38,18 +47,13 @@ in
|
|||
|
||||
../nixos/synapse.nix
|
||||
|
||||
../nixos/websites-sail.nix
|
||||
|
||||
../nixos/tailscale.nix
|
||||
|
||||
../nixos/mosquitto.nix
|
||||
../nixos/websites-tanker.nix
|
||||
|
||||
../nixos/container.nix
|
||||
../../container/weewx
|
||||
../../container/matrix
|
||||
../../container/proxitok
|
||||
|
||||
(import ../nixos/fedifetcher.nix (args // { inherit secret; }))
|
||||
../../container/weewx
|
||||
];
|
||||
|
||||
system.stateVersion = "22.11";
|
||||
|
@ -96,14 +100,13 @@ in
|
|||
binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||
};
|
||||
|
||||
zramSwap.enable = true;
|
||||
|
||||
networking = {
|
||||
hostName = "sail";
|
||||
hostName = "tanker";
|
||||
hostId = "d89f488a";
|
||||
useNetworkd = true;
|
||||
|
||||
extraHosts = ''
|
||||
10.99.99.4 attic.cache.daniel.sx
|
||||
127.0.0.1 attic.cache.daniel.sx
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -112,55 +115,58 @@ in
|
|||
|
||||
networks = {
|
||||
"10-wan" = {
|
||||
matchConfig.Name = "enp1s0";
|
||||
networkConfig = {
|
||||
DHCP = "ipv4";
|
||||
Address = "2a01:4f8:c2c:989c::1/64";
|
||||
Gateway = "fe80::1";
|
||||
};
|
||||
matchConfig.Name = "enp41s0";
|
||||
address = [
|
||||
"94.130.142.168/26"
|
||||
"2a01:4f8:13b:2d81::2/64"
|
||||
];
|
||||
gateway = [
|
||||
"94.130.142.129"
|
||||
"fe80::1"
|
||||
];
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
|
||||
dns = [
|
||||
"185.12.64.1"
|
||||
"185.12.64.2"
|
||||
"2a01:4ff:ff00::add:1"
|
||||
"2a01:4ff:ff00::add:2"
|
||||
];
|
||||
|
||||
ntp = [
|
||||
"ntp1.hetzner.de"
|
||||
"ntp2.hetzner.com"
|
||||
"ntp3.hetzner.net"
|
||||
];
|
||||
};
|
||||
|
||||
"20-private" = {
|
||||
matchConfig.Name = "enp7s0";
|
||||
networkConfig = {
|
||||
DHCP = "ipv4";
|
||||
IPv6AcceptRA = false;
|
||||
};
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
};
|
||||
};
|
||||
|
||||
wait-online.extraArgs = [
|
||||
"--interface=enp1s0"
|
||||
"--interface=enp7s0"
|
||||
"--interface=enp41s0"
|
||||
];
|
||||
};
|
||||
|
||||
services.journald.extraConfig = ''
|
||||
SystemMaxUse=1G
|
||||
SystemMaxUse=4G
|
||||
'';
|
||||
|
||||
services.zfs.autoScrub.enable = true;
|
||||
|
||||
documentation = {
|
||||
nixos.enable = false;
|
||||
doc.enable = false;
|
||||
};
|
||||
|
||||
programs.fish.enable = true;
|
||||
programs.htop.enable = true;
|
||||
|
||||
users.users = {
|
||||
root = {
|
||||
openssh.authorizedKeys.keys = [ ssh-keys.Hetzner ];
|
||||
openssh.authorizedKeys.keys = [ ssh-keys.Hetzner ssh-keys.BackupTanker ];
|
||||
};
|
||||
|
||||
daniel = {
|
||||
inherit (secret.users.daniel) hashedPassword;
|
||||
passwordFile = config.age.secrets.user-daniel-password.path;
|
||||
isNormalUser = true;
|
||||
home = "/home/daniel";
|
||||
description = "Daniel";
|
|
@ -15,8 +15,17 @@
|
|||
};
|
||||
|
||||
certs = {
|
||||
"cache.daniel.sx" = {
|
||||
domain = "*.cache.daniel.sx";
|
||||
"kempkens.io" = {
|
||||
domain = "*.kempkens.io";
|
||||
};
|
||||
|
||||
"daniel.sx" = {
|
||||
domain = "*.daniel.sx";
|
||||
extraDomainNames = [ "*.cache.daniel.sx" ];
|
||||
};
|
||||
|
||||
"nifoc.pw" = {
|
||||
domain = "*.nifoc.pw";
|
||||
};
|
||||
};
|
||||
};
|
|
@ -92,8 +92,8 @@
|
|||
useACMEHost = "internal.kempkens.network";
|
||||
|
||||
extraConfig = ''
|
||||
set_real_ip_from 100.76.233.31/32;
|
||||
set_real_ip_from fd7a:115c:a1e0:ab12:4843:cd96:624c:e91f/128;
|
||||
set_real_ip_from 100.108.165.26/32;
|
||||
set_real_ip_from fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a/128;
|
||||
real_ip_header X-Forwarded-For;
|
||||
'';
|
||||
|
||||
|
|
|
@ -39,7 +39,7 @@ in
|
|||
};
|
||||
|
||||
services.nginx.virtualHosts."overflow.daniel.sx" = {
|
||||
listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ];
|
||||
listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ];
|
||||
quic = true;
|
||||
http3 = true;
|
||||
|
||||
|
|
|
@ -39,17 +39,12 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
systemd.services.atticd = {
|
||||
after = lib.mkForce [ "network.target" "network-online.target" ];
|
||||
wants = [ "network.target" "network-online.target" ];
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."${fqdn}" = {
|
||||
quic = true;
|
||||
http3 = true;
|
||||
|
||||
onlySSL = true;
|
||||
useACMEHost = "cache.daniel.sx";
|
||||
useACMEHost = "daniel.sx";
|
||||
|
||||
extraConfig = ''
|
||||
client_max_body_size 0;
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
};
|
||||
|
||||
services.nginx.virtualHosts."atuin-sync.kempkens.io" = {
|
||||
listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ];
|
||||
listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ];
|
||||
quic = true;
|
||||
http3 = true;
|
||||
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue