diff --git a/agenix/hosts/argon/acme/credentials.age b/agenix/hosts/argon/acme/credentials.age new file mode 100644 index 0000000..e94dd80 Binary files /dev/null and b/agenix/hosts/argon/acme/credentials.age differ diff --git a/agenix/hosts/argon/config.nix b/agenix/hosts/argon/config.nix new file mode 100644 index 0000000..cd72e45 --- /dev/null +++ b/agenix/hosts/argon/config.nix @@ -0,0 +1,21 @@ +{ + age.secrets = { + user-daniel-password = { + file = ./user/danielPassword.age; + }; + + acme-credentials = { + file = ./acme/credentials.age; + owner = "acme"; + group = "acme"; + }; + + tailscale-authkey = { + file = ./tailscale/authkey.age; + }; + + weewx-proxy-environment = { + file = ./weewx-proxy/environment.age; + }; + }; +} diff --git a/agenix/hosts/argon/tailscale/authkey.age b/agenix/hosts/argon/tailscale/authkey.age new file mode 100644 index 0000000..f3381fc --- /dev/null +++ b/agenix/hosts/argon/tailscale/authkey.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g MSB4LHO5ylgHxGfLDgMKyIrC+1tbcJjg4COxsChp12c +1mQyLIhrjT3IaqjkMolHewiZBpXQ54IrBP8VI+QmgD4 +-> ssh-ed25519 1fcLUQ Uvw/+gXv/B03o7lw8UrCGV33sPPnYc2GTHPUqJDP+Xc +4KmZAO+nB4ZcNFSLvSw4ZiOAxwvEhcqljTDq37eUJxg +-> 2n]G-grease 9w`dL[G K{0VS 1*\j + +--- assYGBPVppp1CC6zKOs677mfff+wpTfJGBIXcL5o7Ro +<( ~Zt) [: iɤk2uP)@'dM` N[@T?&RnV!ֵ \ No newline at end of file diff --git a/agenix/hosts/argon/user/danielPassword.age b/agenix/hosts/argon/user/danielPassword.age new file mode 100644 index 0000000..759c674 --- /dev/null +++ b/agenix/hosts/argon/user/danielPassword.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g U64tjf5zAbKc75lCbHo62p2KNcfXQt52yJHiUTpJg14 +FeiGVg/RnR29rmqE3Xpy4eMtsp3IHoszyxjSsOxa/Fs +-> ssh-ed25519 1fcLUQ rIwdZ+Y34BAgOPpxgn07Y12hfdZ3WgYZSFFA5vzbvE8 +EdbSNo1esy9Cswpam5sdgoy0gEc8HkNociwsYpiUqcI +-> =P.Kq,e;-grease 4/;kU&E@A)r`,SFHdZ7%2E7@2]P\c \ No newline at end of file diff --git a/agenix/hosts/argon/weewx-proxy/environment.age b/agenix/hosts/argon/weewx-proxy/environment.age new file mode 100644 index 0000000..74b06f5 Binary files /dev/null and b/agenix/hosts/argon/weewx-proxy/environment.age differ diff --git a/agenix/hosts/attic/acme/credentials.age b/agenix/hosts/attic/acme/credentials.age index 96ee38a..01cddf3 100644 --- a/agenix/hosts/attic/acme/credentials.age +++ b/agenix/hosts/attic/acme/credentials.age @@ -1,13 +1,9 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBZWEFs -RWJpNlRUZ1ZFTWtRajhvU0JieWFBNk50L3hTU1VpYmYzdkw4N3hZCmpadUsvc1g3 -NC84dFJMZklKRm9KRnhMWGZ2TlJTQjlrYnJNL25vN0hwZk0KLT4gc3NoLWVkMjU1 -MTkgc1ZmNkNBIHdsc3N2cXJOQ0NNR293M3J3V2dPNXBDQzhXL2FwYUVSeDFkTmZW -TEtiVHcKeVVTNFVpYnRHY2I4NnR0WGk5OStITVZKQUhiLzVKdzRMM0V5dzA4TFow -TQotPiBaRGQvZHYrLWdyZWFzZSAvTTAocTUyCkFBd2I0cTZodUF3SFpZRzdaU1l4 -Q3k3Q3BXZjl5eTM3em5WZ1JCcW5SZmRTWStBMkFxQ3RwV0JXU05ZSE1PbngKTE5H -cGhPOFp0NjBoVnAyWUdLTVFNclJGM3BhZVdlU1Nnbllib2Y3S0dYSQotLS0gN2xU -OE1uSXpPMG9YcFkvTVdqZ2dlalA2SFFxSXRZNFNDaVVpMVFoZE13NAq9+hYgo/p8 -DgxCfKSB+2SptR2K6Im1p5wc3MWTqb7pypm3Ag2PSc6AhQDlWmm0/ZVU49ux/lIT -gpjAaCc0DLo7ata/rBHDpTYUt48O+Ot1pTDkM8k1te0vKoSvXi3DtZC/7w== ------END AGE ENCRYPTED FILE----- +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g DslZcdbEJXsgQOXutAA28YdnuVEiPLNxirSYMAD2FEk +ODkI3TL7vI0IV/MSVWbS1D1wsjn08bzxTkBtMcC2rdU +-> ssh-ed25519 sVf6CA TSOraE+TswUinNv50TM9Lm9oLLxtqNAh82c/MAdBgRg +CB9r0e4VHevtDQL/3xNg34/QSCImVk5tQATVXQysOqc +-> 3ZTo(g'k-grease c <] zy ++jjPLQTWp9/HOKUk6IiSwgbUVWDPcPa9tONiUweoYYWPnH+bL7mATIOaS34/PA +--- 90yUb8QnWQu4fS9C/ZsxhBwYnnU7fhE1KetrVeP6jBQ +pu''-FK$Na:TXQA0Ոr!e (e>9<)j@y&ƓhkM"ȼ4ߘu:DjY \ No newline at end of file diff --git a/agenix/hosts/attic/atticd/environment.age b/agenix/hosts/attic/atticd/environment.age index c426c08..02ecc4a 100644 Binary files a/agenix/hosts/attic/atticd/environment.age and b/agenix/hosts/attic/atticd/environment.age differ diff --git a/agenix/hosts/attic/tailscale/authkey.age b/agenix/hosts/attic/tailscale/authkey.age index 2f51042..3f1f3ea 100644 --- a/agenix/hosts/attic/tailscale/authkey.age +++ b/agenix/hosts/attic/tailscale/authkey.age @@ -1,13 +1,10 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyA0RWxY -emZBSTBlQ1hTRkhDaU9HaS9JMUpCaWRYcHB1enh2TGRUcmFwZDFrCmdkZDRMY0hz -MS9ERy9kcndQVC8wRzhZK1JWNGlobzcralBzSjdZTGNSSk0KLT4gc3NoLWVkMjU1 -MTkgc1ZmNkNBIGJqRHI1R2J3dTVlUmhXNW1JaTNvNTNBcVJyTmhuVlcydlhiS1Vn -ZkVyaVUKUWJjNG83YmNmV0wwcVd1L3o4bzh4aFBjNGI1NzJYUGtKME01MDBkOEYr -cwotPiAyaTEtZ3JlYXNlICYpR08jeiB7LCVNc0R4TyBSdGFnU0wgMT49d0hmdApW -N1pieTVZd3U0NVJ6VXR1dFlvSmtRVFp3Yi9SSmpxdStNTVE5SE80ZUs5RDhlNUI5 -bDI5eE45NWROdTJPVE9FCkQyUUVyZkhYVldEUVlqcHFBK1ZhCi0tLSA0VVBZR2c2 -TTBIb1hTWnM0TzRpUzRqZUp2QlpLWDQ0ZUJIcFhKUWMrR0Y4Ci83j/AYh3pgxFQA -iaWWkiOCPIAh7J8D6vJhpECGSxrfFlPyzVWSVoCtvFJgcOlsrsm7kUkyisbG3O7I -AqgBfmCyJbkhjMzKl2RbzlV1IGnJeFP/2jFnXGHC6w== ------END AGE ENCRYPTED FILE----- +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g klhDMFv4exDFJWgCvrnOKuq94w+BNW4lrs+Z67zmzGg +eTkqX6c2lbR+olFS7M7YDQLSLav/k+UhEW8Zg5fULFw +-> ssh-ed25519 sVf6CA tCvlYnJONVV9QTb9zAUPT0D8EEkCCqKGfoF6+bOT5CE +2L+wcL/c2tw+19RykIUpFzrjtaxzmsOKinCgnWYVf0Q +-> s}I~&9-grease \$RX.n= +JH5ASx5rlWPLH/abJSr8o0QI4e17aK1HZrQQKweMEsoGXA7POgbUiow+XBt+MP8/ +PzKaC14zI2mTEzWiQvjlZH6pUnGUQkGE5zbxouWR3ovQVk8JtclO +--- 5My3p+I2aFCfnzjU1oC5Joc9Q4/k2bCNZv7Ilj/h65g +-!i: mK}ǓmRPT *[XFL,]׌崗e#4zxkE8'/ OGA;ƵȐQ \ No newline at end of file diff --git a/agenix/hosts/attic/user/danielPassword.age b/agenix/hosts/attic/user/danielPassword.age index 90daa63..fdf1ada 100644 --- a/agenix/hosts/attic/user/danielPassword.age +++ b/agenix/hosts/attic/user/danielPassword.age @@ -1,15 +1,10 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBtY3Nl -OG1NUkZKaWJ2WFdDQWkxc3B2cjFOOFZmR0RyWmtpSTRSZXJJbDFrCmhMZ2xSdGtQ -bjJpY3ZhM1YxWG5LQllGcHdGNDA0MEdydUFoak9tTHZ0cGMKLT4gc3NoLWVkMjU1 -MTkgc1ZmNkNBIFlYZHlYWnJ0YkdoK1d1NWc0K2ZoQ2FXWithMTBGYmJQNFBuK09Z -QzhzR28KSkM3L3M1cTl6bGoxN0dCenI3bUh2c1hVaTFvRXh1WFAyc0N2N1l5YTk4 -NAotPiB5MjMtZ3JlYXNlIGcvO3hMd2MgVSBkV0IgIjlJXigtUjcKRzFkbkxBRkMv -VURiVHhpUFdEUE9CSDBZR3Y2SEgwMk9QMkVwNzRobGk5NHZqQndOV1hzUVp2KzVz -dXpsa1hWVQpZbWgrMFJUYlcrcW55dENqSnY3SXhKcG1oRzg3cDNRcTh0WlV4a3VS -eE1kSFlUallmOWFMR2cKLS0tIGxyaS82dFAyL0g1aXJlNGRBQXFFRTR1dlVDaGhn -UUYzTGlhaWh6WkRUU1EKRoZpIw9V8TPzCZ1uKMFKIIQBXXMdgl4/dKha6WnjoIbk -ASDFOC0CRcL6LE1yw1ri70BRKS575w6dSt3myRIAYuDOScVTdu6i6aceS9Llj/oz -FNT1/Gf4cpMB6itAh27+3gGy8xiGt4wvvnDRc1R4M8M+wTvIZr0c7Sl1DMfCHcuJ -7wvjpXpili0JOw== ------END AGE ENCRYPTED FILE----- +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g LNOEk3AXwGl658cTFbFvoICbrlhAIH6DILIh+Jc5knc +l7dm0Q4Z8GwFSzvoHf3LFUerYBXUeps87z69zZk3+tE +-> ssh-ed25519 sVf6CA JwHPawkaLzeFIvtj5lC4evUdSLFXfBlqiRqGhi6mcR0 +pQP/DXnLaxNocMVok53cWGbAgvS/zEbS2uxWX+YvVQ8 +-> k3jDW:F-grease +ORZpRxVBdQGP1F+Zc+tsJP5/ccuQLmYEeB/i40kAZTcgeuPtN6HRZ9DfqsjLhwfx +oAPkZDQ +--- vvt7wsQx4VSYTSF/K+Gb4tGIpI82G91olEaqUvm9gxM +&#bar y. xH&yW (L,:ݑzK}j8|y[X c\?%j-Zɕh_چ^XNBw \ No newline at end of file diff --git a/agenix/hosts/mediaserver/acme/credentials.age b/agenix/hosts/mediaserver/acme/credentials.age index 3a8c5ee..94329ef 100644 --- a/agenix/hosts/mediaserver/acme/credentials.age +++ b/agenix/hosts/mediaserver/acme/credentials.age @@ -1,11 +1,10 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyA1TTFz -TW9lU1N2VEhQa21mV250YUFFbk1LL2xYcmEzT09SRUMxY0IyK0JJCnlCNjkwR0Nr -VEV5TVk0aHhjOUNodDZZaUpjVlRLa1ZsY0F1VDlqMTZCencKLT4gc3NoLWVkMjU1 -MTkgWTk0WWlnIGxMbVhCWEFuQ24zL0hoUkJSVzdycGNDRjlobHNma3hYM1JyZ2FX -cGRIQXcKTkRWelc0dGJIb2Y3UStZZng3S21VNytQUWZQNGtRWGduY0VKNG9lVy91 -WQotPiBoby8xQyJHYy1ncmVhc2UgZW0jazMKWTYyaUwwdEhyUC8vb1EKLS0tIDJT -SkRBK242YTA3WkNQU3N4bFJXWnlKcENZa0xjTU0xU0NJOWxNNzlKSFkK9F1rNSdf -76qvHTa2JYv/7S/f1EbK5Y9DX6kgnCgI2p7O2Ywh+mtzon8cFl/UtxZ45fxezFX3 -COdO04nAScl/XCzD6RHI71Q9HxpEOwGg5qx8uqVFubePBsaFXmIXOPfmo/U= ------END AGE ENCRYPTED FILE----- +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g kw/hxMdmfaeoZaZuzOs6D6NQDg0uw0te/xIC1ig0CRQ +75WtQJ5+yJae8ggB/Lc7Ojsf02zuGUtFmjbIrmn9pj8 +-> ssh-ed25519 Y94Yig Kole+FkRwVj74aP/M86s9gT8qNnfXSj4fVndlkCSo1E +0Eg9XeabpYUWsZ9ACxwAshpClrl80D+vvpFimAPbIP0 +-> MWBvSZ-grease _ +R7vhLfAa1heAGRRBqKbgob3fIml3HEEoB2soDw3NEU25qvqVmrGq2K7JQPmmh3vR +vWfDK6j5dyIGZHxaSElWTkL9EbFCJRoTJ3YbfAkAQl0XrSc +--- 7HsStyCAvdGBkspUWV3Ncjn/5hst8LxkBCBn72M8kR0 +MՃ=#ra5ֲf ,ej}m5 NBp(l4n'_ȅŝ> :v->$96G& 8Y͵AS \ No newline at end of file diff --git a/agenix/hosts/mediaserver/aria2/config.age b/agenix/hosts/mediaserver/aria2/config.age index 268c361..0a782ec 100644 Binary files a/agenix/hosts/mediaserver/aria2/config.age and b/agenix/hosts/mediaserver/aria2/config.age differ diff --git a/agenix/hosts/mediaserver/tailscale/authkey.age b/agenix/hosts/mediaserver/tailscale/authkey.age index 326ccb6..94b6f3f 100644 --- a/agenix/hosts/mediaserver/tailscale/authkey.age +++ b/agenix/hosts/mediaserver/tailscale/authkey.age @@ -1,13 +1,9 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyB0MUhv -MDhGSEh3SHdZM2xRU0E4REQrRlIySTdwVUpYRUJGZ0VvSTg2bHc0CmhXRms3TFR0 -T0NlZ2FLUXBKbGF5WDRIV2VHczB6VE92OUczcnJmenhVWlEKLT4gc3NoLWVkMjU1 -MTkgWTk0WWlnIGNFdGZDL2ZNQ2xaTlB6ZTNwRG1YbGVjbkhSaVNDNTBOQkdHdy9q -dEpoVTQKcE1YdUpWc0RDSmRiNUh4UU43aTlYQlJZN3Y0VmlmRnpxSnc1MmhpS1lZ -SQotPiBrW2YtZ3JlYXNlIEw2cyRtRCBoZHUoLSUKd0dyOGhPY1J3U0tJbll3ZnJC -Sjh2Yi9leEZyS3gyckdPZlFhMUNOK2wvclFmcjJQQTBCTDBrZXl3bFNnVVR0SQpE -bzlidWtwMXdlM3NLS3dBTkVpZllRCi0tLSBrUmtBNVJjNnVwQkdvaDgyemdtM2Fo -Sjd1V1VjMW5RemR5aHNyMWhML3hFCk8aT0cMr6BOGrcE2LDgs/MWh0cWOjw1C7v4 -rHVokUPFnSYDVosSV3eDmglyNYPiZVtbXkskHoEVu0OB5zkTDOXsmC0Ihd127ygA -e+qWyqFq4eMblaoBIc+dUQ== ------END AGE ENCRYPTED FILE----- +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g h74pL3awChmTkZzkbne2+rzjNwk067747QW5Z+6yUhQ +7Xtv1G5K+t2tKsByHiVz7nmBEMXAzeznrNd1XeJr6ls +-> ssh-ed25519 Y94Yig +Tf9z/WZbA5bgQ1H8R5QZRB6OnUq83xM2zDAXXBLjWU +wYSY5rCQYWXFPWVL0cCLcFOLAgisq+5L9LI9RyUFM7E +-> 0e-grease LB fw E5 +YA +--- Sd0E1+Qg5kuFVEY60MlMux3HCFq2T+Qh+oWQaMnNc1A +WVCOsΫ3Zܯ4dw0AvH[VlO~f۱O᪷jY/Pwx]+>Lydz!-MJ`i Fd \ No newline at end of file diff --git a/agenix/hosts/mediaserver/tubearchivist/environmentES.age b/agenix/hosts/mediaserver/tubearchivist/environmentES.age index 065bf64..eae7526 100644 Binary files a/agenix/hosts/mediaserver/tubearchivist/environmentES.age and b/agenix/hosts/mediaserver/tubearchivist/environmentES.age differ diff --git a/agenix/hosts/mediaserver/tubearchivist/environmentTA.age b/agenix/hosts/mediaserver/tubearchivist/environmentTA.age index 5e7613c..c3113da 100644 Binary files a/agenix/hosts/mediaserver/tubearchivist/environmentTA.age and b/agenix/hosts/mediaserver/tubearchivist/environmentTA.age differ diff --git a/agenix/hosts/mediaserver/unpackerr/config.age b/agenix/hosts/mediaserver/unpackerr/config.age index 45ec0d9..8fe1d18 100644 Binary files a/agenix/hosts/mediaserver/unpackerr/config.age and b/agenix/hosts/mediaserver/unpackerr/config.age differ diff --git a/agenix/hosts/mediaserver/user/danielPassword.age b/agenix/hosts/mediaserver/user/danielPassword.age index 7f2219b..b4ed21e 100644 --- a/agenix/hosts/mediaserver/user/danielPassword.age +++ b/agenix/hosts/mediaserver/user/danielPassword.age @@ -1,13 +1,10 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBMUzZP -MS9jajNJaUZnQzU2cjlLUlZSU0k5YzNEdTF2VlZ1WVhRa3daaVNRCmM2OHJtYXVt -akpqS3IxUHloR3N1R2tvM1FXZm9XL2t6Y2xYaDFpUVVPZ3MKLT4gc3NoLWVkMjU1 -MTkgWTk0WWlnIDB6OEdkc0JoQjdTQjM2RmNQK1NLVDF0OXEvM09EQVJqQ1c0Z3Rl -dXZaRHMKcGQwK2dwNEI4R0MwZFkwT0hSNithc1FjZkxna2RzbHd5bEx5N2w3bjZt -dwotPiBASEAhLWdyZWFzZSBUKwpGTXUvOHhFMEJSc0tEWUF4dFB3dTJNZ3dvc1p4 -R0c1VS9EQ2kKLS0tIDQ4T2RzQTJXZ0tSOTN4bnM1NzIrb2JrVHA0ODM5NkxYczN4 -aW55eFp2VlkKflcGYpyoxjqM+0ZWERBYXstYzpWVW/2FWBRbfDFUBwISHp5qJdJz -joR+bIe2Gf18qRZf7NOvpqfOsl8sU+kfYKb1mG4bTZ4fsR8X24fDFgsJw6VLHgPj -7ksFOkH+VEFEsIBTdccYs9QMUvBA0PrDbk/UylQGpCpzRjEGyCijLGpuPjWZ+O+Y -ZeKPaQ== ------END AGE ENCRYPTED FILE----- +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g QCyzjaRfHcYzhP9g4/XGHYqJffhAL32EmSTugohV+EM +AShFBy/bjE5VKmErWCWpn9A/kVGHigNFDuPuRNdnd4s +-> ssh-ed25519 Y94Yig 9BQgoUAgCwAtCBZAl7ntpo5QI6odSB0XvaEycNAu8Fo +b2eThql79+kIEROlnEgq0DipdGLS61XIfXawOZb9VA0 +-> E|Gn+z?-grease F2 f +tX4movu8fpFPkoBpkwftCwk1iiVslnRCJLJ5gVOAdhPIPB6SfxWnXuA+vvU +--- YdkGvLa55xej0+6O86ZYQvFq6qm1tncqppNflhq/bLk + ]W/rS$-$`MEᰍZSTSsX ${'_*7yPJ۩Q_Aqq 먥,JEH @_r%& bq~QWզR +׼ʺW ssh-ed25519 MtGp6g /0mUj2HFKLDNi68WSNo7AUzVPzYo2P6FYL7s2wezywk +axlQ+U9bJAws8svdsQ2yrEhpvrgjmvukuAPjpr+eJc0 +-> ssh-ed25519 NbV4hw 5xhDSZOlPky3UvTHpznrB8AqQjyssU5HJqEpoGQ0wkw +N+XSv3maCLpMu8bEawrk7rUk+ZimKJRJKbrePUcsqOs +-> e-grease `*$0X[e 6)& M3nc [rHD2˾\vtahX3(P&5 !|ˮ`nLt_LV`n,`X_+eͅ E[mO_ \ No newline at end of file diff --git a/agenix/hosts/sail/anonymous-overflow/config.age b/agenix/hosts/sail/anonymous-overflow/config.age index 357c926..eebd772 100644 Binary files a/agenix/hosts/sail/anonymous-overflow/config.age and b/agenix/hosts/sail/anonymous-overflow/config.age differ diff --git a/agenix/hosts/sail/atuin/environment.age b/agenix/hosts/sail/atuin/environment.age index 6dcf618..30935b8 100644 --- a/agenix/hosts/sail/atuin/environment.age +++ b/agenix/hosts/sail/atuin/environment.age @@ -1,14 +1,10 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBCdE14 -R2tjZkJINUFjTVBwOUR2cmx3SEZ4NUpKYlZmcFBLSWRrMU1zQzJRClRUaFhMSzdV -MGZLYnNSMWRKOWIzOXVtS3pmRDNyTlZSWkVmUS9WNkk2NncKLT4gc3NoLWVkMjU1 -MTkgTmJWNGh3IFJuS3NkQ2UzTjRjTGV4cjByRW1mRHl1VmpEQnRSS3RyRkxlTHRC -bzRyekEKZCtiSitaejhmRDZyS2pPR0ZROE00ckRtbUx1bHIySmVkWmZnQVBXc0xQ -RQotPiB6azY1LWdyZWFzZSBSNFBENyQ0ICZACmNkR0h6OXFwT3JnTnhINUoKLS0t -IFJCKzRXSW1kR2d6bHR6bjNGVVZYWWRjeEdkZzJkdlhtN0pHVG5FbTY1dlEK70F/ -nw+k8Orhf2kaTlLfXD5BKdKLaCAgEBr7TN0hVy7kq8SNUCjr5cnRbdVy/AAhcp+T -JzAcd83FN8nFyRnVxPOdlgDsFqMyhdrvqneGkmtvhqCkuME6AmL4Q6x1SqCIc2BM -AlTWmyfYHcZXjQmOoPyPjVl2SGBTy7D7bozZiqT5xsV8e0M4deBbqWBAngtPNOWd -6bePMyUnUjPko7OfI+2/JPUs24FsdAUbs/7gPjGC04aXZrRJdEms8jJ6RRw0QTYy -1XuTRVHpOM62Rn1jukVfavihumowyg== ------END AGE ENCRYPTED FILE----- +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g 0hWrwfexWC7VgGb6GGZi7hbACRDxYRNXlsFrmXAIEiw +QcICViQGVktlUalatvBBHD/H3uASbcwK9SCO5F4xbQ8 +-> ssh-ed25519 NbV4hw oFVVxqJeZjbmHkSLsg96kCKgARheMYkvJf1pKMSUqn4 +QT/d4FQT858lIqrNngI0xOT7pLlJVn64VIEhSeoYcEg +-> D"A\4L4-grease TiT>[b%D #aq q[;-n EdXt&&Y +5EdxN4sgedRoDPWsWFKvQjHLLyagraSy/GQP8OhaZS0Litb0ipxgFIoheGDNyyX4 +HJnXx5SQ/hkVuyMv8HGM9GwFRHodDVdM9w +--- nJbxhp1UbqWzLvBTiZDS4nIV7nTIdA7oS0wC2nvzEl4 +9%PtMԱ>0YPEL{.[>Т ߿*Y 4n) IK80oiiG2klhF@ZM%R&VAKUY |Knk%ykˈSC>=.Εd!^J[z5yެѮU=iS-/E \ No newline at end of file diff --git a/agenix/hosts/sail/freshrss/databasePassword.age b/agenix/hosts/sail/freshrss/databasePassword.age index 6163527..8722ac1 100644 Binary files a/agenix/hosts/sail/freshrss/databasePassword.age and b/agenix/hosts/sail/freshrss/databasePassword.age differ diff --git a/agenix/hosts/sail/freshrss/userPassword.age b/agenix/hosts/sail/freshrss/userPassword.age index b8fee56..859f6fd 100644 Binary files a/agenix/hosts/sail/freshrss/userPassword.age and b/agenix/hosts/sail/freshrss/userPassword.age differ diff --git a/agenix/hosts/sail/invidious/databasePassword.age b/agenix/hosts/sail/invidious/databasePassword.age index d45d9f9..620cfa7 100644 Binary files a/agenix/hosts/sail/invidious/databasePassword.age and b/agenix/hosts/sail/invidious/databasePassword.age differ diff --git a/agenix/hosts/sail/mastodon/databasePassword.age b/agenix/hosts/sail/mastodon/databasePassword.age index c8a9fce..21813ad 100644 --- a/agenix/hosts/sail/mastodon/databasePassword.age +++ b/agenix/hosts/sail/mastodon/databasePassword.age @@ -1,9 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 MtGp6g kj+4E2M6w0BeKDFju23lE5jzo2NKSu7dq54WYZ6Ev2I -tYCT8sTAN/CPspF0CpuJGZs+v7SohqoPS603KIuC9P0 --> ssh-ed25519 NbV4hw u2SbT+zAyUOklReSOWAixVG+xLDqHZJBFB+WRKIRMh8 -OQF6gfP+l6tkxQuOnLyJjRPuBqqEJodEkepPCziAS/4 --> kd_S`/h-grease -3LGIeeHj8FVmvvGbWRqpHJ5hq+HF2a+aexz3VEdiD21A/oY84iE ---- BmBLCcoSzVhteAy3BObVbIKIIENsMjaFxTCatrMSP4Y -%<";3mGy^aaY%`"0F$F5Lu{"( \ No newline at end of file +-> ssh-ed25519 MtGp6g BHVqOYqAxl88lFQQs1D2oxHAuZ7E4HSAUlZysn9kmQs +asPKs1JpbUk9gfGbZOQyyT567c+XCMSrM/JizXVgGj4 +-> ssh-ed25519 NbV4hw eCuSnWhbg8swZtNMZIirU6sri3Hc5+5rLQi9DUI82Hs +mAjvnx+NybVEh6rN1PrBXZgVp2eMDCDU6pm+eSALehM +-> DtQ5-grease @$2={ Y' !Qw6C +ZVoPVcXGSqGvwFlT+L+OwDGus0Au5sXx2wtESOpzwEgImUndNxzgARLAuO+oOzX/ +722ju53IqUGnvMh5IybU8suMm3R1CBo9FoL5Vc0MUBQEp+kHG4UbCU5pjkLld1a5 + +--- zew38IQLg8t/0n4Nmf7PpEI2uACfZdbHZDrMWj9v3PU +(<`֣ f%/7+?2* j=g[ 8?| \ No newline at end of file diff --git a/agenix/hosts/sail/mastodon/extraConfig.age b/agenix/hosts/sail/mastodon/extraConfig.age index 861402a..39bb5d5 100644 Binary files a/agenix/hosts/sail/mastodon/extraConfig.age and b/agenix/hosts/sail/mastodon/extraConfig.age differ diff --git a/agenix/hosts/sail/mastodon/otpSecret.age b/agenix/hosts/sail/mastodon/otpSecret.age index 577236f..69f7671 100644 --- a/agenix/hosts/sail/mastodon/otpSecret.age +++ b/agenix/hosts/sail/mastodon/otpSecret.age @@ -1,10 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 MtGp6g fnK6JuXaG6Ui6QyyrZatt8lTWgT12LbuyEl9fi/atBc -9JQqyq0n/jwti4M7LSBovfAUIoyq3/z55S4ibxExBhk --> ssh-ed25519 NbV4hw ya3y2RsNpSDpI7d6wIHTg8j3FYb0LPDXsAtumPtBFxU -eKsy13xWUvErMsieOKijxQsWegh3x+Y8gQeI9gzCNu8 --> vV(u$9-grease #<.W T + -tjkBjlXnISe371f8BEZ7qOnQ7jtdCuvu8Lnr0JHjMPl++HC8R6fOlzcwNtMiNSC/ -bZ+YiTl/eEPQDGwY8WlAS/e/rGWy+w ---- sNqULAmuZaO3IvYjUJQamlpOw/GGQSUcTW0lJVXGhCU -*,\A `sR$^̕?`L;<[""*=1/+)Zj<=FX ssh-ed25519 MtGp6g hsE2kvTf8occU2CJg+Ro52qm+ec1gNxBoQtCeHzZflg +b85OF5ipJIYlBOlgpUqNw7XK/MB+Ftd4pHMqjN+ArGI +-> ssh-ed25519 NbV4hw dYum1uJ8J+Nbrz2UWZiijdJQ68QEac+NS9YM/h3dj0c +5lGJ2SdUnEp01oTr/Hm7IEj/0he9be37RXxmaNsOhpY +-> =-~;<1--grease Zhb7zWk ]\1S-]W 1!$YB[ UM +urANgmNT3fiJft53WEhRmALdnBMcU2f9hjGfYrmBduXQYbqF50EUCBqLt+3hrmw +--- 3QCLu9/P+Dyvd2iVSo7d1fO0YC5D0gglZIFYIDrMGV4 +s`O5mCy)g۹2FG_8h$zǿJSkOziL REdB B ,47*Sj$'u#%cÌ#RnסNBb ߷3<'s> bZ|ALUlC{)!I \ No newline at end of file diff --git a/agenix/hosts/sail/mastodon/secretKeyBase.age b/agenix/hosts/sail/mastodon/secretKeyBase.age index 66c4b1e..231149a 100644 Binary files a/agenix/hosts/sail/mastodon/secretKeyBase.age and b/agenix/hosts/sail/mastodon/secretKeyBase.age differ diff --git a/agenix/hosts/sail/mastodon/smtpPassword.age b/agenix/hosts/sail/mastodon/smtpPassword.age index 362f73c..85ae69c 100644 Binary files a/agenix/hosts/sail/mastodon/smtpPassword.age and b/agenix/hosts/sail/mastodon/smtpPassword.age differ diff --git a/agenix/hosts/sail/mastodon/vapidPrivateKey.age b/agenix/hosts/sail/mastodon/vapidPrivateKey.age index 0e65d40..63fa976 100644 --- a/agenix/hosts/sail/mastodon/vapidPrivateKey.age +++ b/agenix/hosts/sail/mastodon/vapidPrivateKey.age @@ -1,9 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 MtGp6g wI6SPDxCjA42XGOHMAIjDljbxs58O9EBMvNqmP/sOl0 -0QD7wfkHZwrx2YX7197cP38rxbjWfsaobb+ZqGuSRhI --> ssh-ed25519 NbV4hw KbzBiDjXZ3ucC53mA4+F/Wk4zCqYCjxQvQCH0SMxshI -u1Yz/41HavMr8EedK0aITWix5jFbjW/7r2o0QD4W4H8 --> 7l"<0f-grease -IoNM0Lcjd38O+RHgZbI54BVLvQd7osB9OnaMkSE ---- 8X+0/9QuJP+F9//y1TOz+cw4Ry603mia6dTb5ZUNbB0 -Hg?}P..%>Ϊeh9Ƈ9cy͠[sz+ڼ \ No newline at end of file +-> ssh-ed25519 MtGp6g pfAwifbGls2XDS+Pn08B4B88XgB3DgizQytPLURZlVI +/f/CEHzojiwlVnA8mCcg8JwVAre419Sudk/MMJYOiO0 +-> ssh-ed25519 NbV4hw 8DaGuQ9G6cZr9GSlqMBlHoTk0HcOKlmVWzz2ytvGB3I +bEEtNtIPiS2RdxwMLhNVU4We1+gf1N6bL9f2gjS1wVA +-> Em:17j-grease G1mw> $hkViHO +0StibfZj6Bt54P+9csvjWxHJfPaTL72gK+bnmPVDBUNsTAXVwoO6Ed25t0LwsY5s +PbnGF3EjbMba6/lte1aDS3uaWqUcx4OT0NQ3joF0je10m5gPd9VptKKWSEg +--- zHAFp0QAwZsfUf8v+KIqSHo2UutjLHqm6WGXqW2iy9Y +_a*bKpNi ΒCN9 Al\g(b-WBuq\Ώpf,) \ No newline at end of file diff --git a/agenix/hosts/sail/mastodon/vapidPublicKey.age b/agenix/hosts/sail/mastodon/vapidPublicKey.age index 66e0f29..523747f 100644 Binary files a/agenix/hosts/sail/mastodon/vapidPublicKey.age and b/agenix/hosts/sail/mastodon/vapidPublicKey.age differ diff --git a/agenix/hosts/sail/mosquitto/passwordWeewx.age b/agenix/hosts/sail/mosquitto/passwordWeewx.age index 86f2d1a..139e529 100644 Binary files a/agenix/hosts/sail/mosquitto/passwordWeewx.age and b/agenix/hosts/sail/mosquitto/passwordWeewx.age differ diff --git a/agenix/hosts/sail/mosquitto/passwordWeewxProxy.age b/agenix/hosts/sail/mosquitto/passwordWeewxProxy.age index f44a51d..fe18ee9 100644 Binary files a/agenix/hosts/sail/mosquitto/passwordWeewxProxy.age and b/agenix/hosts/sail/mosquitto/passwordWeewxProxy.age differ diff --git a/agenix/hosts/sail/nitter/config.age b/agenix/hosts/sail/nitter/config.age index 13d39b4..7dc3832 100644 Binary files a/agenix/hosts/sail/nitter/config.age and b/agenix/hosts/sail/nitter/config.age differ diff --git a/agenix/hosts/sail/proxitok/environment.age b/agenix/hosts/sail/proxitok/environment.age index 4ae06f7..2840225 100644 Binary files a/agenix/hosts/sail/proxitok/environment.age and b/agenix/hosts/sail/proxitok/environment.age differ diff --git a/agenix/hosts/sail/signald/environment.age b/agenix/hosts/sail/signald/environment.age index adf7d92..ef7fd3e 100644 Binary files a/agenix/hosts/sail/signald/environment.age and b/agenix/hosts/sail/signald/environment.age differ diff --git a/agenix/hosts/sail/synapse/extraConfig.age b/agenix/hosts/sail/synapse/extraConfig.age index c41f10f..3d79a45 100644 Binary files a/agenix/hosts/sail/synapse/extraConfig.age and b/agenix/hosts/sail/synapse/extraConfig.age differ diff --git a/agenix/hosts/sail/tailscale/authkey.age b/agenix/hosts/sail/tailscale/authkey.age index 7f28bad..171a8e7 100644 --- a/agenix/hosts/sail/tailscale/authkey.age +++ b/agenix/hosts/sail/tailscale/authkey.age @@ -1,12 +1,11 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBGMEx1 -MDZxTTlPM3I0OW1jeHFoV1pneDNLUjIvazBZRGhYQ3oxak84RmlnCmRMU2VkMi83 -Sy9vTEVoaUpGZEljMEExU05jZmxvS3RZakVTWmhidWxVN1EKLT4gc3NoLWVkMjU1 -MTkgTmJWNGh3IFgyS0pZRTRScDU2REppODhQYlZMeENMU1FlbDVzM2UramgyNktR -K3RCdzAKT1QwZVVKa2krZERxeVlqYjQ4WFZBZ1d5eDR5Sm4vZ0hCKzhnNk9Vdjlw -SQotPiAxfThiLWdyZWFzZSBFe0kgPVp4R2IiTSA0bgo2MzU5K0U3UFZqS2NQUDF5 -dENQNUNhSkVvdwotLS0geFBEM0d2MHQzdTIrL25Ka21FaGxjUjNpazFhdGJoQ25w -Uk5XS1ZJaHhwcwq968fFE3WeIkYgzqjHkDbJU6t0vBqII6/urAckSzfR/2PIrSJX -1pg/U1U/CnTe15PnIopE9qB7gttNaaec0z6f2lzvYudfIrydhUzr2hHy8rx79XJS -L0CBK+E= ------END AGE ENCRYPTED FILE----- +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g Sk2HTzPviEFNJaD/G4FfYC1bv7aH4fQbEoEdvI/PMUo +f0lLi1o/RyadEbkHbXjpxzbuRT0WSMM/ZVM/eT3J6tk +-> ssh-ed25519 NbV4hw TAR37t4C167S7DhZSJnRjV6YUtRCiXFI/ISMdT9rhVU +rn7TyQNB2oXlns5NU6DwHMVYCBFp/vKFilc7z6FDrss +-> ]-grease +RmlKK+z9Gjb0eNJ3GLbC9DjuX4Rvj/aq6w +--- sNgUQAHFGfm3s3cK7GnUeLWfmDuCgNIsJ2Y8uKDSuvI +&WY]*t:JVE(b[.$y& =upBzmW +!>x4 +IIQ,(7x S \ No newline at end of file diff --git a/agenix/hosts/sail/weewx/config.age b/agenix/hosts/sail/weewx/config.age index 84d961e..370450e 100644 Binary files a/agenix/hosts/sail/weewx/config.age and b/agenix/hosts/sail/weewx/config.age differ diff --git a/agenix/hosts/sail/weewx/skin.age b/agenix/hosts/sail/weewx/skin.age index 281f057..54af15b 100644 Binary files a/agenix/hosts/sail/weewx/skin.age and b/agenix/hosts/sail/weewx/skin.age differ diff --git a/flake.lock b/flake.lock index fe664d5..166d8a7 100644 --- a/flake.lock +++ b/flake.lock @@ -253,11 +253,11 @@ ] }, "locked": { - "lastModified": 1685885003, - "narHash": "sha256-+OB0EvZBfGvnlTGg6mtyUCqkMnUp9DkmRUU4d7BZBVE=", + "lastModified": 1686142265, + "narHash": "sha256-IP0xPa0VYqxCzpqZsg3iYGXarUF+4r2zpkhwdHy9WsM=", "owner": "nix-community", "repo": "home-manager", - "rev": "607d8fad96436b134424b9935166a7cd0884003e", + "rev": "39c7d0a97a77d3f31953941767a0822c94dc01f5", "type": "github" }, "original": { @@ -276,11 +276,11 @@ }, "locked": { "dir": "contrib", - "lastModified": 1685945365, - "narHash": "sha256-pnxdrmkacMD+WafBM/j1bpRgIK84gsmRLRtLFf5K2gI=", + "lastModified": 1686106284, + "narHash": "sha256-UsJTmzpM6gtQDo4QnMNjCNSQSlqlRoUWwH8JL4ZLRxw=", "owner": "neovim", "repo": "neovim", - "rev": "16561dac39490921715a9a8a14dab884659ffc3e", + "rev": "a217675a67233ca2032cd668e919858d2aed92e7", "type": "github" }, "original": { @@ -297,14 +297,15 @@ "neovim-flake": "neovim-flake", "nixpkgs": [ "nixpkgs" - ] + ], + "weewx-proxy-flake": "weewx-proxy-flake" }, "locked": { - "lastModified": 1685953207, - "narHash": "sha256-yfxHv80GSbVeDFubq6rIlLs7eF/1kZpn170wDbj9g/s=", + "lastModified": 1686126028, + "narHash": "sha256-qZcjDerxaAejZWOKIZ/BRzlO6Dk3kSAcGScImAjHKuo=", "owner": "nifoc", "repo": "nix-overlay", - "rev": "6764c13526e83394aceb8c235f561934b9663c23", + "rev": "34792fe066ac58e2441ffc6c854ef6c809c3d91d", "type": "github" }, "original": { @@ -313,13 +314,29 @@ "type": "github" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1684899633, + "narHash": "sha256-NtwerXX8UFsoNy6k+DukJMriWtEjQtMU/Urbff2O2Dg=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "4cc688ee711159b9bcb5a367be44007934e1a49d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1685938391, - "narHash": "sha256-96Jw6TbWDLSopt5jqCW8w1Fc1cjQyZlhfBnJ3OZGpME=", + "lastModified": 1686089707, + "narHash": "sha256-LTNlJcru2qJ0XhlhG9Acp5KyjB774Pza3tRH0pKIb3o=", "owner": "nixos", "repo": "nixpkgs", - "rev": "31cd1b4afbaf0b1e81272ee9c31d1ab606503aed", + "rev": "af21c31b2a1ec5d361ed8050edd0303c31306397", "type": "github" }, "original": { @@ -371,6 +388,7 @@ "deploy-rs": "deploy-rs", "home-manager": "home-manager_2", "nifoc-overlay": "nifoc-overlay", + "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs" } }, @@ -415,6 +433,31 @@ "repo": "flake-utils", "type": "github" } + }, + "weewx-proxy-flake": { + "inputs": { + "flake-parts": [ + "nifoc-overlay", + "flake-parts" + ], + "nixpkgs": [ + "nifoc-overlay", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1686080637, + "narHash": "sha256-qM6kb5cf9eC94KRdkfAaDhLYPjlRq525KtCP6TyIaok=", + "owner": "nifoc", + "repo": "weewx-proxy", + "rev": "2c21daf3c42190fde7bda45d94f603fdd314ae44", + "type": "github" + }, + "original": { + "owner": "nifoc", + "repo": "weewx-proxy", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index a6088ab..6af377c 100644 --- a/flake.nix +++ b/flake.nix @@ -12,6 +12,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -56,6 +58,11 @@ inherit inputs; }; + argon = import ./system/flakes/argon.nix { + inherit (inputs) nixpkgs nixos-hardware deploy-rs home-manager agenix; + inherit inputs; + }; + adsb-antenna = import ./system/flakes/adsb-antenna.nix { inherit (inputs) nixpkgs deploy-rs home-manager; inherit inputs; @@ -70,6 +77,7 @@ sail = sail.system; attic = attic.system; mediaserver = mediaserver.system; + argon = argon.system; adsb-antenna = adsb-antenna.system; }; @@ -77,6 +85,7 @@ sail = sail.deployment; attic = attic.deployment; mediaserver = mediaserver.deployment; + argon = argon.deployment; adsb-antenna = adsb-antenna.deployment; }; }; diff --git a/hardware/hosts/argon.nix b/hardware/hosts/argon.nix new file mode 100644 index 0000000..6e86b41 --- /dev/null +++ b/hardware/hosts/argon.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot = { + kernelModules = [ "tcp_bbr" ]; + + kernel.sysctl = { + "net.core.default_qdisc" = "fq"; + "net.ipv4.tcp_congestion_control" = "bbr"; + "net.ipv4.tcp_syncookies" = 0; + "net.ipv4.tcp_timestamps" = 1; + "net.ipv4.tcp_window_scaling" = 1; + }; + }; + + fileSystems."/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + }; + + swapDevices = [ + { + device = "/var/lib/swapfile"; + size = 4096; + } + ]; + + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eth0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; +} diff --git a/home/hosts/argon.nix b/home/hosts/argon.nix new file mode 100644 index 0000000..03f7d30 --- /dev/null +++ b/home/hosts/argon.nix @@ -0,0 +1,27 @@ +args@{ pkgs, ... }: + +{ + imports = [ + ../programs/fish.nix + ../programs/atuin.nix + ../programs/starship.nix + + ../programs/git.nix + + ../programs/bat.nix + + ../programs/fzf.nix + + ../programs/jq.nix + + ../programs/scripts.nix + ]; + + home = { + stateVersion = "22.11"; + + packages = with pkgs; [ + ripgrep + ]; + }; +} diff --git a/home/programs/nvim/plugins.nix b/home/programs/nvim/plugins.nix index bf8cb5d..806f248 100644 --- a/home/programs/nvim/plugins.nix +++ b/home/programs/nvim/plugins.nix @@ -107,12 +107,12 @@ in }; nvim-treesitter = buildVimPluginFrom2Nix { pname = "nvim-treesitter"; - version = "2023-06-05"; + version = "2023-06-07"; src = fetchFromGitHub { owner = "nvim-treesitter"; repo = "nvim-treesitter"; - rev = "1b5a7334bb9862abafcf6676d2a2a6973d15ae3a"; - sha256 = "0rf603j2i7a1y1xli2yvv2ddl82qnr2sraii5mc442k1lmwbbk8d"; + rev = "46ddea9deccb0608df416822228786d1a5a2b7d1"; + sha256 = "17rlv3gqh9glskr3ncnvwa6pgk6iansdl6b2fjyrk3zw5kj99gak"; fetchSubmodules = false; }; }; @@ -140,12 +140,12 @@ in }; telescope-nvim = buildVimPluginFrom2Nix { pname = "telescope.nvim"; - version = "2023-05-25"; + version = "2023-06-07"; src = fetchFromGitHub { owner = "nvim-telescope"; repo = "telescope.nvim"; - rev = "6d3fbffe426794296a77bb0b37b6ae0f4f14f807"; - sha256 = "171f5lprqfdyh2lg2wkakzdxkxpzxdd9x2nhmvhv63rbskf0v00l"; + rev = "be49680937e821e4d8522329727e50734fdb9b97"; + sha256 = "15bq92f9vvqhzhr6djm8r0vybsm0z030xp5wpf904kir1svpwdgb"; fetchSubmodules = false; }; }; @@ -220,12 +220,12 @@ in }; nvim-lspconfig = buildVimPluginFrom2Nix { pname = "nvim-lspconfig"; - version = "2023-06-05"; + version = "2023-06-07"; src = fetchFromGitHub { owner = "neovim"; repo = "nvim-lspconfig"; - rev = "664de12a7816dfa348bb475607edfa4fe0122025"; - sha256 = "0f2068l6kcrxxvk9wk8gxswqj0f3f6w6dm1nzmbcvqv4j5mvwnps"; + rev = "1028360e0f2f724d93e876df3d22f63c1acd6ff9"; + sha256 = "17n18dkhd39vkbqx0hxgg6zf1yq1052rlnxpqj0x5p7s0zxwqhmr"; fetchSubmodules = false; }; }; @@ -297,23 +297,23 @@ in }; LuaSnip = buildVimPluginFrom2Nix { pname = "LuaSnip"; - version = "2023-05-31"; + version = "2023-06-07"; src = fetchFromGitHub { owner = "L3MON4D3"; repo = "LuaSnip"; - rev = "51ebb4b6637290e1b8e0fb0d6f38b605d3c24940"; - sha256 = "1ncdr76izf38s9ia11f32byskz2spmb0x22ixvras2g19w2bk63q"; + rev = "a13af80734eb28f744de6c875330c9d3c24b5f3b"; + sha256 = "050f0rh8mb7v6zg0d779i7hxl3l2bmbjg608rsb34hr8h0qkk5qd"; fetchSubmodules = false; }; }; friendly-snippets = buildVimPluginFrom2Nix { pname = "friendly-snippets"; - version = "2023-06-04"; + version = "2023-06-06"; src = fetchFromGitHub { owner = "rafamadriz"; repo = "friendly-snippets"; - rev = "9025d37189f26b6ca0b965a9e5eec3e69c37d2e9"; - sha256 = "0y3lbpqm2yby1i3mvybkkxn8sfiwbwxs685zpvpjq6l3b184h9jc"; + rev = "b471f5419155ce832eff71ad8920ea8cfbd54840"; + sha256 = "14yjacmzryd8mkbi7dkacq0zqc8r52dipdsjyzak45pqacc4wzvs"; fetchSubmodules = false; }; }; @@ -539,12 +539,12 @@ in }; gitsigns-nvim = buildVimPluginFrom2Nix { pname = "gitsigns.nvim"; - version = "2023-05-25"; + version = "2023-06-07"; src = fetchFromGitHub { owner = "lewis6991"; repo = "gitsigns.nvim"; - rev = "f868d82a36f7f7f5e110eb0a9659993984f59875"; - sha256 = "1pbrm7y6z1b96yy8v9chn69jfbznlzrkygp802cb4946snnb5dj7"; + rev = "4455bb5364d29ff86639dfd5533d4fe4b48192d4"; + sha256 = "0zhsrfr5gqij7yg28q0ds9qnxadjxnms0ws345rj3drz2lmysrhf"; fetchSubmodules = false; }; }; @@ -572,12 +572,12 @@ in }; noice-nvim = buildVimPluginFrom2Nix { pname = "noice.nvim"; - version = "2023-06-04"; + version = "2023-06-06"; src = fetchFromGitHub { owner = "folke"; repo = "noice.nvim"; - rev = "7b14678f83ad1a875b1bcea34de4377ebfb50973"; - sha256 = "05y8lz4r4rmjbnma7zv3fz0lknlgby6385sai92zkh5a959bj51x"; + rev = "acf47e2b863eb20f177aa1bd5398041513e731e1"; + sha256 = "1w4vzkashi7yqkzgb9cdq7nv27ibkw94ih041jf36k9axmlffqbr"; fetchSubmodules = false; }; }; diff --git a/home/programs/ssh/shared/builder.nix b/home/programs/ssh/shared/builder.nix index 19a3c9a..aacc468 100644 --- a/home/programs/ssh/shared/builder.nix +++ b/home/programs/ssh/shared/builder.nix @@ -23,5 +23,13 @@ identityFile = "~/.ssh/LAN.pub"; identitiesOnly = true; }; + + "builder-argon" = { + hostname = "argon.ts.kempkens.network"; + port = 22; + user = "root"; + identityFile = "~/.ssh/LAN.pub"; + identitiesOnly = true; + }; }; } diff --git a/home/programs/ssh/shared/private.nix b/home/programs/ssh/shared/private.nix index ca8377d..4e941bd 100644 --- a/home/programs/ssh/shared/private.nix +++ b/home/programs/ssh/shared/private.nix @@ -75,5 +75,14 @@ identityFile = "~/.ssh/LAN.pub"; identitiesOnly = true; }; + + "argon" = { + hostname = "argon.ts.kempkens.network"; + port = 22; + user = "daniel"; + forwardAgent = true; + identityFile = "~/.ssh/LAN.pub"; + identitiesOnly = true; + }; }; } diff --git a/secret/hosts/argon.nix b/secret/hosts/argon.nix new file mode 100644 index 0000000..786124e Binary files /dev/null and b/secret/hosts/argon.nix differ diff --git a/secret/hosts/attic.nix b/secret/hosts/attic.nix index 360aaa9..65eafbe 100644 Binary files a/secret/hosts/attic.nix and b/secret/hosts/attic.nix differ diff --git a/secrets.nix b/secrets.nix index 44a8592..3f23e28 100644 --- a/secrets.nix +++ b/secrets.nix @@ -4,10 +4,12 @@ let system-sail = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJMs1BqZ+MC7XBwV+dZW8EmaZt2cOg/xcOBPS9KSzIl"; system-attic = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHe6N3LfPxu7KNsyuI8YE3R0OHLTxNw5+WhuQjKL6PUr"; system-mediaserver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDlB0cL5CtTOyARWSE2yUsNU4JHUPmr71710mZHzsmbX"; + system-argon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPP9ygczyi6g8abvj1I0eAj7N2Rli9UMlkC8VT6SnWLU"; sail = [ user-daniel system-sail ]; attic = [ user-daniel system-attic ]; mediaserver = [ user-daniel system-mediaserver ]; + argon = [ user-daniel system-argon ]; in { # sail @@ -71,4 +73,13 @@ in "agenix/hosts/mediaserver/aria2/config.age".publicKeys = mediaserver; "agenix/hosts/mediaserver/unpackerr/config.age".publicKeys = mediaserver; + + # argon + "agenix/hosts/argon/user/danielPassword.age".publicKeys = argon; + + "agenix/hosts/argon/acme/credentials.age".publicKeys = argon; + + "agenix/hosts/argon/tailscale/authkey.age".publicKeys = argon; + + "agenix/hosts/argon/weewx-proxy/environment.age".publicKeys = argon; } diff --git a/system/flakes/argon.nix b/system/flakes/argon.nix new file mode 100644 index 0000000..5aa7190 --- /dev/null +++ b/system/flakes/argon.nix @@ -0,0 +1,61 @@ +{ nixpkgs, nixos-hardware, deploy-rs, home-manager, agenix, inputs, ... }: + +let + default-system = "aarch64-linux"; + + overlay-attic = inputs.attic.overlays.default; + overlay-deploy-rs = _: _: { inherit (inputs.deploy-rs.packages.${default-system}) deploy-rs; }; + overlay-nifoc = inputs.nifoc-overlay.overlay; + + nixpkgsConfig = { + overlays = [ + overlay-attic + overlay-deploy-rs + overlay-nifoc + ]; + + config = { + allowUnfree = true; + allowBroken = true; + + permittedInsecurePackages = [ + "openssl-1.1.1t" + ]; + }; + }; +in +rec { + system = nixpkgs.lib.nixosSystem { + system = default-system; + modules = [ + ../hosts/argon.nix + + nixos-hardware.nixosModules.raspberry-pi-4 + + home-manager.nixosModules.home-manager + + agenix.nixosModules.default + + { + nixpkgs = nixpkgsConfig; + nix.nixPath = [ "nixpkgs=${nixpkgs}" ]; + nix.registry.nixpkgs.flake = nixpkgs; + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.daniel = import ../../home/hosts/argon.nix; + } + ]; + }; + + deployment = { + hostname = "argon"; + sshUser = "root"; + remoteBuild = true; + autoRollback = false; + magicRollback = false; + + profiles.system = { + path = deploy-rs.lib.${default-system}.activate.nixos system; + }; + }; +} diff --git a/system/hosts/Styx.nix b/system/hosts/Styx.nix index c044fb0..f713dcd 100644 --- a/system/hosts/Styx.nix +++ b/system/hosts/Styx.nix @@ -59,6 +59,12 @@ systems = [ "x86_64-linux" "aarch64-linux" ]; maxJobs = 1; } + + { + hostName = "builder-argon"; + systems = [ "aarch64-linux" ]; + maxJobs = 1; + } ]; gc = { diff --git a/system/hosts/adsb-antenna.nix b/system/hosts/adsb-antenna.nix index cc47acb..cd2c234 100644 --- a/system/hosts/adsb-antenna.nix +++ b/system/hosts/adsb-antenna.nix @@ -71,10 +71,9 @@ in dhcpcd.denyInterfaces = [ "veth*" ]; timeServers = [ - "ntp1.hetzner.de" - "ntp2.hetzner.com" - "ntp3.hetzner.net" - "time.cloudflare.com" + "ptbtime1.ptb.de" + "ptbtime2.ptb.de" + "ptbtime3.ptb.de" ]; }; diff --git a/system/hosts/argon.nix b/system/hosts/argon.nix new file mode 100644 index 0000000..82c1957 --- /dev/null +++ b/system/hosts/argon.nix @@ -0,0 +1,172 @@ +args@{ pkgs, config, lib, ... }: + +let + secret = import ../../secret/hosts/argon.nix; + ssh-keys = import ../shared/ssh-keys.nix; +in +{ + imports = [ + ../../hardware/hosts/argon.nix + ../../agenix/hosts/argon/config.nix + ../shared/show-update-changelog.nix + ../nixos/raspberry.nix + ../nixos/ssh.nix + + ../nixos/git.nix + + ../nixos/acme-argon.nix + ../nixos/nginx.nix + + (import ../nixos/adguardhome.nix (args // { inherit secret; })) + + ../nixos/attic.nix + + ../nixos/tailscale.nix + + ../nixos/weewx-proxy.nix + ]; + + system.stateVersion = "22.11"; + + nix = { + package = pkgs.nixVersions.stable; + + settings = { + auto-optimise-store = true; + + substituters = [ + "https://attic.cache.daniel.sx/nifoc-systems" + "https://nifoc.cachix.org" + "https://nix-community.cachix.org" + ]; + + trusted-public-keys = [ + "nifoc-systems:eDDqVP5BFR6/1KvXbF9oUL8JahDdmbrsYtxlQ57LOTU=" + "nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + }; + + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 14d"; + }; + + extraOptions = '' + experimental-features = nix-command flakes + keep-derivations = true + keep-outputs = true + post-build-hook = ${../../home/programs/scripts/attic-system-cache} + ''; + }; + + environment.etc."nix/netrc".source = ../../secret/shared/nix-netrc; + + boot = { + loader = { + grub.enable = false; + generic-extlinux-compatible.enable = true; + }; + + tmp.cleanOnBoot = true; + }; + + networking = { + hostName = "argon"; + useNetworkd = true; + }; + + systemd.network = { + enable = true; + + netdevs = { + "20-vlan10" = { + netdevConfig = { + Kind = "vlan"; + Name = "vlan51"; + }; + vlanConfig.Id = 51; + }; + + "20-vlan20" = { + netdevConfig = { + Kind = "vlan"; + Name = "vlan777"; + }; + vlanConfig.Id = 777; + }; + }; + + networks = { + "10-lan" = { + matchConfig.Name = "end0"; + vlan = [ "vlan51" "vlan777" ]; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = true; + IPv6PrivacyExtensions = true; + }; + linkConfig.RequiredForOnline = "routable"; + + ntp = [ + "ptbtime1.ptb.de" + "ptbtime2.ptb.de" + "ptbtime3.ptb.de" + ]; + }; + + "20-iot" = { + matchConfig.Name = "vlan51"; + networkConfig = { + DHCP = "no"; + IPv6AcceptRA = false; + }; + address = [ "10.0.51.5/24" ]; + linkConfig.RequiredForOnline = "routable"; + }; + + "30-modem" = { + matchConfig.Name = "vlan777"; + networkConfig = { + DHCP = "no"; + IPv6AcceptRA = false; + }; + address = [ "192.168.1.5/24" ]; + linkConfig.RequiredForOnline = "routable"; + }; + }; + + wait-online.extraArgs = [ + "--interface=end0" + ]; + }; + + services.journald.extraConfig = '' + SystemMaxUse=512M + ''; + + documentation = { + nixos.enable = false; + doc.enable = false; + }; + + services.hardware.argonone.enable = true; + programs.fish.enable = true; + + users.users = { + root = { + openssh.authorizedKeys.keys = [ ssh-keys.LAN ]; + }; + + daniel = { + passwordFile = config.age.secrets.user-daniel-password.path; + isNormalUser = true; + home = "/home/daniel"; + description = "Daniel"; + extraGroups = [ "wheel" ]; + shell = pkgs.fish; + openssh.authorizedKeys.keys = [ ssh-keys.LAN ]; + }; + }; +} diff --git a/system/nixos/acme-argon.nix b/system/nixos/acme-argon.nix new file mode 100644 index 0000000..d224cc9 --- /dev/null +++ b/system/nixos/acme-argon.nix @@ -0,0 +1,23 @@ +{ config, ... }: + +{ + security.acme = { + acceptTerms = true; + + defaults = { + email = "acme@kempkens.io"; + group = "nginx"; + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.acme-credentials.path; + dnsResolver = "1.1.1.1:53"; + dnsPropagationCheck = true; + reloadServices = [ "nginx.service" ]; + }; + + certs = { + "internal.kempkens.network" = { + domain = "*.internal.kempkens.network"; + }; + }; + }; +} diff --git a/system/nixos/adguardhome.nix b/system/nixos/adguardhome.nix index 3bd21b0..18d73db 100644 --- a/system/nixos/adguardhome.nix +++ b/system/nixos/adguardhome.nix @@ -1,3 +1,5 @@ +{ lib, config, secret, ... }: + { services.adguardhome = { enable = true; @@ -6,11 +8,17 @@ bind_host = "127.0.0.1"; bind_port = 3000; + users = [ + { + inherit (secret.adguardhome.users.daniel) name password; + } + ]; + auth_attempts = 3; debug_pprof = false; dns = { - bind_hosts = [ "0.0.0.0" ]; + bind_hosts = [ "127.0.0.1" "10.0.0.5" ]; port = 53; bootstrap_dns = [ @@ -30,13 +38,63 @@ }; }; - services.nginx.virtualHosts."dns.internal.kempkens.network" = { + networking.firewall.interfaces = + let + interfaces = lib.mapAttrsToList (_: value: lib.attrsets.attrByPath [ "matchConfig" "Name" ] null value) config.systemd.network.networks; + in + builtins.listToAttrs + (builtins.map + (iface: + { + name = iface; + value = { + allowedTCPPorts = [ 53 9053 ]; + allowedUDPPorts = [ 53 9053 ]; + }; + }) + (builtins.filter builtins.isString interfaces)); + + services.nginx.virtualHosts."agh.internal.kempkens.network" = { + serverAliases = [ "dns.internal.kempkens.network" ]; + + listen = [ + { + addr = "0.0.0.0"; + port = 443; + ssl = true; + } + + { + addr = "[::0]"; + port = 443; + ssl = true; + } + + { + addr = "0.0.0.0"; + port = 9053; + ssl = true; + } + + { + addr = "[::0]"; + port = 9053; + ssl = true; + } + ]; + quic = true; http3 = true; onlySSL = true; useACMEHost = "internal.kempkens.network"; + extraConfig = '' + set_real_ip_from 100.76.233.31/32; + set_real_ip_from fd7a:115c:a1e0:ab12:4843:cd96:624c:e91f/128; + real_ip_header X-Forwarded-For; + ''; + locations."/" = { recommendedProxySettings = true; proxyPass = "http://127.0.0.1:3000"; diff --git a/system/nixos/chrony.nix b/system/nixos/chrony.nix new file mode 100644 index 0000000..4370d89 --- /dev/null +++ b/system/nixos/chrony.nix @@ -0,0 +1,29 @@ +{ lib, ... }: + +{ + services.chrony = { + enable = true; + + servers = [ + "ptbtime1.ptb.de" + "ptbtime2.ptb.de" + "time.cloudflare.com" + "ntp1.hetzner.de" + ]; + + extraConfig = '' + bindaddress 0.0.0.0 + port 123 + allow + ''; + }; + + systemd.services.chronyd = { + after = lib.mkForce [ "network-online.target" "nss-lookup.target" ]; + }; + + networking.firewall.interfaces."end0" = { + allowedUDPPorts = [ 123 ]; + allowedTCPPorts = [ 123 ]; + }; +} diff --git a/system/nixos/home-proxy.nix b/system/nixos/home-proxy.nix index 8bb1685..d5e605e 100644 --- a/system/nixos/home-proxy.nix +++ b/system/nixos/home-proxy.nix @@ -4,16 +4,49 @@ services.nginx.streamConfig = '' resolver 1.1.1.1 ipv6=off; - upstream home { - server ${secret.nginx.upstream.home.hostname}:${builtins.toString secret.nginx.upstream.home.upstreamPort}; + upstream video { + server ${secret.nginx.upstream.video.hostname}:${builtins.toString secret.nginx.upstream.video.upstreamPort}; } server { - listen ${builtins.toString secret.nginx.upstream.home.externalPort}; + listen ${builtins.toString secret.nginx.upstream.video.externalPort}; proxy_protocol on; - proxy_pass home; + proxy_pass video; } ''; - networking.firewall.interfaces."enp1s0".allowedTCPPorts = [ secret.nginx.upstream.home.externalPort ]; + services.nginx = { + commonHttpConfig = '' + resolver 1.1.1.1; + ''; + + upstreams.dns = { + servers = { + "${secret.nginx.upstream.dns.primary.hostname}:${builtins.toString secret.nginx.upstream.dns.primary.upstreamPort}" = { }; + }; + }; + + virtualHosts."${secret.nginx.upstream.dns.fqdn}" = { + quic = true; + http3 = true; + + onlySSL = true; + useACMEHost = "cache.daniel.sx"; + + locations."/${secret.adguardhome.auth}/dns-query" = { + recommendedProxySettings = true; + proxyPass = "https://dns"; + + extraConfig = '' + rewrite ^/${secret.adguardhome.auth}(.*)$ $1 break; + + proxy_hide_header alt-svc; + ''; + }; + }; + }; + + networking.firewall.interfaces."enp1s0".allowedTCPPorts = [ + secret.nginx.upstream.video.externalPort + ]; } diff --git a/system/nixos/weewx-proxy.nix b/system/nixos/weewx-proxy.nix new file mode 100644 index 0000000..f9ac5a6 --- /dev/null +++ b/system/nixos/weewx-proxy.nix @@ -0,0 +1,22 @@ +{ pkgs, config, ... }: + +{ + systemd.services.weewx-proxy = { + description = "A proxy service for WeeWX sources"; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + serviceConfig = { + DynamicUser = true; + StateDirectory = "weewx-proxy"; + EnvironmentFile = [ config.age.secrets.weewx-proxy-environment.path ]; + ExecStart = "${pkgs.weewx-proxy}/bin/weewx_proxy start"; + Type = "notify"; + WatchdogSec = "10s"; + Restart = "on-failure"; + }; + }; + + networking.firewall.interfaces."vlan51" = { + allowedTCPPorts = [ 4040 ]; + }; +}