1
0
Fork 0

argon: init system

This commit is contained in:
Daniel Kempkens 2023-06-07 20:40:27 +02:00
parent 6aadcb38dc
commit e66b49b9f2
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
58 changed files with 744 additions and 188 deletions

Binary file not shown.

View file

@ -0,0 +1,21 @@
{
age.secrets = {
user-daniel-password = {
file = ./user/danielPassword.age;
};
acme-credentials = {
file = ./acme/credentials.age;
owner = "acme";
group = "acme";
};
tailscale-authkey = {
file = ./tailscale/authkey.age;
};
weewx-proxy-environment = {
file = ./weewx-proxy/environment.age;
};
};
}

View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g MSB4LHO5ylgHxGfLDgMKyIrC+1tbcJjg4COxsChp12c
1mQyLIhrjT3IaqjkMolHewiZBpXQ54IrBP8VI+QmgD4
-> ssh-ed25519 1fcLUQ Uvw/+gXv/B03o7lw8UrCGV33sPPnYc2GTHPUqJDP+Xc
4KmZAO+nB4ZcNFSLvSw4ZiOAxwvEhcqljTDq37eUJxg
-> 2n]G-grease 9w`dL[G K{0VS 1*\j
--- assYGBPVppp1CC6zKOs677mfff+wpTfJGBIXcL5o7Ro
<(å® <0A><>ñ<1A>~Zt£<74>)Ê [:ó£ „ ê¢íiòɤk2uàP)@'dMÁ`Ùî N£‚›Ý<0F>®[Â@T?˜&Êú×â<C397>ÒêRü<52>ÙÆn„—VÍ!Öµ•˜è

View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g U64tjf5zAbKc75lCbHo62p2KNcfXQt52yJHiUTpJg14
FeiGVg/RnR29rmqE3Xpy4eMtsp3IHoszyxjSsOxa/Fs
-> ssh-ed25519 1fcLUQ rIwdZ+Y34BAgOPpxgn07Y12hfdZ3WgYZSFFA5vzbvE8
EdbSNo1esy9Cswpam5sdgoy0gEc8HkNociwsYpiUqcI
-> =P.Kq,e;-grease 4/;kU&<q R V
YSXJcc1Cd1KRqZVqvg
--- GLXAST4tBdr8sc/uxG/wqn4C+YQOcZmm1AuqQOddUvg
‚Ë#—_<E28094>[€Nò=R—F ŸR ÈjÕ°ÐÇæBkÓ3~º}´Œs<NgÆ 7©t°Öœ
æPDîÉK¼ñj÷ ëQ<C3AB>àXŠ´}*¤•%‰®ñ¬éÒ×É`üêbÍ>”E¼í¦äÎ@ïAÁ)r`,ËSFH¯dºÏìÄZ7%æŽÇ2E7@2]µP\‡c

Binary file not shown.

View file

@ -1,13 +1,9 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBZWEFs
RWJpNlRUZ1ZFTWtRajhvU0JieWFBNk50L3hTU1VpYmYzdkw4N3hZCmpadUsvc1g3
NC84dFJMZklKRm9KRnhMWGZ2TlJTQjlrYnJNL25vN0hwZk0KLT4gc3NoLWVkMjU1
MTkgc1ZmNkNBIHdsc3N2cXJOQ0NNR293M3J3V2dPNXBDQzhXL2FwYUVSeDFkTmZW
TEtiVHcKeVVTNFVpYnRHY2I4NnR0WGk5OStITVZKQUhiLzVKdzRMM0V5dzA4TFow
TQotPiBaRGQvZHYrLWdyZWFzZSAvTTAocTUyCkFBd2I0cTZodUF3SFpZRzdaU1l4
Q3k3Q3BXZjl5eTM3em5WZ1JCcW5SZmRTWStBMkFxQ3RwV0JXU05ZSE1PbngKTE5H
cGhPOFp0NjBoVnAyWUdLTVFNclJGM3BhZVdlU1Nnbllib2Y3S0dYSQotLS0gN2xU
OE1uSXpPMG9YcFkvTVdqZ2dlalA2SFFxSXRZNFNDaVVpMVFoZE13NAq9+hYgo/p8
DgxCfKSB+2SptR2K6Im1p5wc3MWTqb7pypm3Ag2PSc6AhQDlWmm0/ZVU49ux/lIT
gpjAaCc0DLo7ata/rBHDpTYUt48O+Ot1pTDkM8k1te0vKoSvXi3DtZC/7w==
-----END AGE ENCRYPTED FILE-----
age-encryption.org/v1
-> ssh-ed25519 MtGp6g DslZcdbEJXsgQOXutAA28YdnuVEiPLNxirSYMAD2FEk
ODkI3TL7vI0IV/MSVWbS1D1wsjn08bzxTkBtMcC2rdU
-> ssh-ed25519 sVf6CA TSOraE+TswUinNv50TM9Lm9oLLxtqNAh82c/MAdBgRg
CB9r0e4VHevtDQL/3xNg34/QSCImVk5tQATVXQysOqc
-> 3ZTo(g'k-grease c <] zy
+jjPLQTWp9/HOKUk6IiSwgbUVWDPcPa9tONiUweoYYWPnH+bL7mATIOaS34/PA
--- 90yUb8QnWQu4fS9C/ZsxhBwYnnU7fhE1KetrVeP6jBQ
pu''-FK$Na:T·XøQ‰A¨Ž0Õˆr<>e (€²e²ðó>9ª”ê¦ø<)¼j¥yª& Æ“hkÇM"ȼ4çߘu:ÙÚDµ®§jû¤öðƒŸY

View file

@ -1,13 +1,10 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyA0RWxY
emZBSTBlQ1hTRkhDaU9HaS9JMUpCaWRYcHB1enh2TGRUcmFwZDFrCmdkZDRMY0hz
MS9ERy9kcndQVC8wRzhZK1JWNGlobzcralBzSjdZTGNSSk0KLT4gc3NoLWVkMjU1
MTkgc1ZmNkNBIGJqRHI1R2J3dTVlUmhXNW1JaTNvNTNBcVJyTmhuVlcydlhiS1Vn
ZkVyaVUKUWJjNG83YmNmV0wwcVd1L3o4bzh4aFBjNGI1NzJYUGtKME01MDBkOEYr
cwotPiAyaTEtZ3JlYXNlICYpR08jeiB7LCVNc0R4TyBSdGFnU0wgMT49d0hmdApW
N1pieTVZd3U0NVJ6VXR1dFlvSmtRVFp3Yi9SSmpxdStNTVE5SE80ZUs5RDhlNUI5
bDI5eE45NWROdTJPVE9FCkQyUUVyZkhYVldEUVlqcHFBK1ZhCi0tLSA0VVBZR2c2
TTBIb1hTWnM0TzRpUzRqZUp2QlpLWDQ0ZUJIcFhKUWMrR0Y4Ci83j/AYh3pgxFQA
iaWWkiOCPIAh7J8D6vJhpECGSxrfFlPyzVWSVoCtvFJgcOlsrsm7kUkyisbG3O7I
AqgBfmCyJbkhjMzKl2RbzlV1IGnJeFP/2jFnXGHC6w==
-----END AGE ENCRYPTED FILE-----
age-encryption.org/v1
-> ssh-ed25519 MtGp6g klhDMFv4exDFJWgCvrnOKuq94w+BNW4lrs+Z67zmzGg
eTkqX6c2lbR+olFS7M7YDQLSLav/k+UhEW8Zg5fULFw
-> ssh-ed25519 sVf6CA tCvlYnJONVV9QTb9zAUPT0D8EEkCCqKGfoF6+bOT5CE
2L+wcL/c2tw+19RykIUpFzrjtaxzmsOKinCgnWYVf0Q
-> s}I~&9-grease \$RX.n=
JH5ASx5rlWPLH/abJSr8o0QI4e17aK1HZrQQKweMEsoGXA7POgbUiow+XBt+MP8/
PzKaC14zI2mTEzWiQvjlZH6pUnGUQkGE5zbxouWR3ovQVk8JtclO
--- 5My3p+I2aFCfnzjU1oC5Joc9Q4/k2bCNZv7Ilj/h65g
-!×i×:¨«­é <0A>mK}Ç“mRPú¤T© ð™*Ÿ[¾XüFÑLÝú€Áã,]׌åå´—‰že#4<>z¡xkE¶8ŸÛ'¦/ä OGAÏ×ƵÈ<C2B5>

View file

@ -1,15 +1,10 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBtY3Nl
OG1NUkZKaWJ2WFdDQWkxc3B2cjFOOFZmR0RyWmtpSTRSZXJJbDFrCmhMZ2xSdGtQ
bjJpY3ZhM1YxWG5LQllGcHdGNDA0MEdydUFoak9tTHZ0cGMKLT4gc3NoLWVkMjU1
MTkgc1ZmNkNBIFlYZHlYWnJ0YkdoK1d1NWc0K2ZoQ2FXWithMTBGYmJQNFBuK09Z
QzhzR28KSkM3L3M1cTl6bGoxN0dCenI3bUh2c1hVaTFvRXh1WFAyc0N2N1l5YTk4
NAotPiB5MjMtZ3JlYXNlIGcvO3hMd2MgVSBkV0IgIjlJXigtUjcKRzFkbkxBRkMv
VURiVHhpUFdEUE9CSDBZR3Y2SEgwMk9QMkVwNzRobGk5NHZqQndOV1hzUVp2KzVz
dXpsa1hWVQpZbWgrMFJUYlcrcW55dENqSnY3SXhKcG1oRzg3cDNRcTh0WlV4a3VS
eE1kSFlUallmOWFMR2cKLS0tIGxyaS82dFAyL0g1aXJlNGRBQXFFRTR1dlVDaGhn
UUYzTGlhaWh6WkRUU1EKRoZpIw9V8TPzCZ1uKMFKIIQBXXMdgl4/dKha6WnjoIbk
ASDFOC0CRcL6LE1yw1ri70BRKS575w6dSt3myRIAYuDOScVTdu6i6aceS9Llj/oz
FNT1/Gf4cpMB6itAh27+3gGy8xiGt4wvvnDRc1R4M8M+wTvIZr0c7Sl1DMfCHcuJ
7wvjpXpili0JOw==
-----END AGE ENCRYPTED FILE-----
age-encryption.org/v1
-> ssh-ed25519 MtGp6g LNOEk3AXwGl658cTFbFvoICbrlhAIH6DILIh+Jc5knc
l7dm0Q4Z8GwFSzvoHf3LFUerYBXUeps87z69zZk3+tE
-> ssh-ed25519 sVf6CA JwHPawkaLzeFIvtj5lC4evUdSLFXfBlqiRqGhi6mcR0
pQP/DXnLaxNocMVok53cWGbAgvS/zEbS2uxWX+YvVQ8
-> k3jDW:F-grease
ORZpRxVBdQGP1F+Zc+tsJP5/ccuQLmYEeB/i40kAZTcgeuPtN6HRZ9DfqsjLhwfx
oAPkZDQ
--- vvt7wsQx4VSYTSF/K+Gb4tGIpI82G91olEaqUvm9gxM
±<EFBFBD>ù´Ó÷&#¦§ôé­¾bar ÆyÇ.” x“”€ÉH&y¥¡Wàô‡é õ„ý(¼Lã§,:Ýõ²ÏûîzK}j8|çyÀ»[çXÁ cÃðÊõÿÀÙ\ë?¥·³Ä%j-ûZÞÿÔÉ•¡h_àÚ†^úÔXNõ‰BÐw˜<77>œ‚ìÔ

View file

@ -1,11 +1,10 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyA1TTFz
TW9lU1N2VEhQa21mV250YUFFbk1LL2xYcmEzT09SRUMxY0IyK0JJCnlCNjkwR0Nr
VEV5TVk0aHhjOUNodDZZaUpjVlRLa1ZsY0F1VDlqMTZCencKLT4gc3NoLWVkMjU1
MTkgWTk0WWlnIGxMbVhCWEFuQ24zL0hoUkJSVzdycGNDRjlobHNma3hYM1JyZ2FX
cGRIQXcKTkRWelc0dGJIb2Y3UStZZng3S21VNytQUWZQNGtRWGduY0VKNG9lVy91
WQotPiBoby8xQyJHYy1ncmVhc2UgZW0jazMKWTYyaUwwdEhyUC8vb1EKLS0tIDJT
SkRBK242YTA3WkNQU3N4bFJXWnlKcENZa0xjTU0xU0NJOWxNNzlKSFkK9F1rNSdf
76qvHTa2JYv/7S/f1EbK5Y9DX6kgnCgI2p7O2Ywh+mtzon8cFl/UtxZ45fxezFX3
COdO04nAScl/XCzD6RHI71Q9HxpEOwGg5qx8uqVFubePBsaFXmIXOPfmo/U=
-----END AGE ENCRYPTED FILE-----
age-encryption.org/v1
-> ssh-ed25519 MtGp6g kw/hxMdmfaeoZaZuzOs6D6NQDg0uw0te/xIC1ig0CRQ
75WtQJ5+yJae8ggB/Lc7Ojsf02zuGUtFmjbIrmn9pj8
-> ssh-ed25519 Y94Yig Kole+FkRwVj74aP/M86s9gT8qNnfXSj4fVndlkCSo1E
0Eg9XeabpYUWsZ9ACxwAshpClrl80D+vvpFimAPbIP0
-> MWBvSZ-grease _
R7vhLfAa1heAGRRBqKbgob3fIml3HEEoB2soDw3NEU25qvqVmrGq2K7JQPmmh3vR
vWfDK6j5dyIGZHxaSElWTkL9EbFCJRoTJ3YbfAkAQl0XrSc
--- 7HsStyCAvdGBkspUWV3Ncjn/5hst8LxkBCBn72M8kR0
•üMÕƒŠü‰…=ö#Ïra5Ö²f Ÿ ´,e}m5Í ÄNBpÍ(l4nº'Ý÷ö¨æ_È…Å<E280A6>> þ:Úv->‚ï…º$96G™& ˜8ûY͵ASâÉâ

View file

@ -1,13 +1,9 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyB0MUhv
MDhGSEh3SHdZM2xRU0E4REQrRlIySTdwVUpYRUJGZ0VvSTg2bHc0CmhXRms3TFR0
T0NlZ2FLUXBKbGF5WDRIV2VHczB6VE92OUczcnJmenhVWlEKLT4gc3NoLWVkMjU1
MTkgWTk0WWlnIGNFdGZDL2ZNQ2xaTlB6ZTNwRG1YbGVjbkhSaVNDNTBOQkdHdy9q
dEpoVTQKcE1YdUpWc0RDSmRiNUh4UU43aTlYQlJZN3Y0VmlmRnpxSnc1MmhpS1lZ
SQotPiBrW2YtZ3JlYXNlIEw2cyRtRCBoZHUoLSUKd0dyOGhPY1J3U0tJbll3ZnJC
Sjh2Yi9leEZyS3gyckdPZlFhMUNOK2wvclFmcjJQQTBCTDBrZXl3bFNnVVR0SQpE
bzlidWtwMXdlM3NLS3dBTkVpZllRCi0tLSBrUmtBNVJjNnVwQkdvaDgyemdtM2Fo
Sjd1V1VjMW5RemR5aHNyMWhML3hFCk8aT0cMr6BOGrcE2LDgs/MWh0cWOjw1C7v4
rHVokUPFnSYDVosSV3eDmglyNYPiZVtbXkskHoEVu0OB5zkTDOXsmC0Ihd127ygA
e+qWyqFq4eMblaoBIc+dUQ==
-----END AGE ENCRYPTED FILE-----
age-encryption.org/v1
-> ssh-ed25519 MtGp6g h74pL3awChmTkZzkbne2+rzjNwk067747QW5Z+6yUhQ
7Xtv1G5K+t2tKsByHiVz7nmBEMXAzeznrNd1XeJr6ls
-> ssh-ed25519 Y94Yig +Tf9z/WZbA5bgQ1H8R5QZRB6OnUq83xM2zDAXXBLjWU
wYSY5rCQYWXFPWVL0cCLcFOLAgisq+5L9LI9RyUFM7E
-> 0e-grease LB fw E5
YA
--- Sd0E1+Qg5kuFVEY60MlMux3HCFq2T+Qh+oWQaMnNc1A
WùVCOsåΫ3Zܯý4dwþ0Aè‡vºH¨ð[´¹Võl¼O~fÛ±O᪷úº¦jY/Pwx]ì+>L<>ydz!ÿ-í·MJ`i­ F´î

View file

@ -1,13 +1,10 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBMUzZP
MS9jajNJaUZnQzU2cjlLUlZSU0k5YzNEdTF2VlZ1WVhRa3daaVNRCmM2OHJtYXVt
akpqS3IxUHloR3N1R2tvM1FXZm9XL2t6Y2xYaDFpUVVPZ3MKLT4gc3NoLWVkMjU1
MTkgWTk0WWlnIDB6OEdkc0JoQjdTQjM2RmNQK1NLVDF0OXEvM09EQVJqQ1c0Z3Rl
dXZaRHMKcGQwK2dwNEI4R0MwZFkwT0hSNithc1FjZkxna2RzbHd5bEx5N2w3bjZt
dwotPiBASEAhLWdyZWFzZSBUKwpGTXUvOHhFMEJSc0tEWUF4dFB3dTJNZ3dvc1p4
R0c1VS9EQ2kKLS0tIDQ4T2RzQTJXZ0tSOTN4bnM1NzIrb2JrVHA0ODM5NkxYczN4
aW55eFp2VlkKflcGYpyoxjqM+0ZWERBYXstYzpWVW/2FWBRbfDFUBwISHp5qJdJz
joR+bIe2Gf18qRZf7NOvpqfOsl8sU+kfYKb1mG4bTZ4fsR8X24fDFgsJw6VLHgPj
7ksFOkH+VEFEsIBTdccYs9QMUvBA0PrDbk/UylQGpCpzRjEGyCijLGpuPjWZ+O+Y
ZeKPaQ==
-----END AGE ENCRYPTED FILE-----
age-encryption.org/v1
-> ssh-ed25519 MtGp6g QCyzjaRfHcYzhP9g4/XGHYqJffhAL32EmSTugohV+EM
AShFBy/bjE5VKmErWCWpn9A/kVGHigNFDuPuRNdnd4s
-> ssh-ed25519 Y94Yig 9BQgoUAgCwAtCBZAl7ntpo5QI6odSB0XvaEycNAu8Fo
b2eThql79+kIEROlnEgq0DipdGLS61XIfXawOZb9VA0
-> E|Gn+z?-grease F2 f
tX4movu8fpFPkoBpkwftCwk1iiVslnRCJLJ5gVOAdhPIPB6SfxWnXuA+vvU
--- YdkGvLa55xej0+6O86ZYQvFq6qm1tncqppNflhq/bLk
 ãé]W/rS$«-Âö$¸`ME«á°<C3A1>ZSTSžsX ˆ…${ýéÌÛ'_Ÿó”¦*7y±PJ¦Û©Qœ«_AŽqqý 먥,JEH @âëòæä_rºË%õ&‹‰ ™úšbq~QöWã•Õ¦ÑÃýR
ê׼ʺÓW<d&2<>vXÒ*«i‰i

View file

@ -1,14 +1,10 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBDa08x
ZG5Vb2tJQVBubUladFk2T0wzSll2QW1TbG5wRWw4emZmUmpITkZNCjRkeTRPZnUy
TjZ4VUZlTnRGdUxxdW8xQ29pempXdHVoRnpzUEJ5b0M4MEkKLT4gc3NoLWVkMjU1
MTkgTmJWNGh3IEJVOWtXRFNzdEk3NkhocWtyb3JYekJ6MEFNN2dDM2N4cXlaL1Rr
YkdFRjgKM2VNTFNQTWdqbE9VanJVL3FmeWQ4c0ZuOThaVWlRdDlnTmFMeEJYU0lG
OAotPiBEQTZTa0d+PC1ncmVhc2UgMSB7a3QvKUxTOCBJM344Vj5ZCndISGdYVTI4
ZG5ja3FNUTlYeTlEczBiSXdySVNHVEo1SElvdHZ1ZnZ0eWhCZmlKclo3VWpJSlox
b0ZtSkk1VXYKMDF3cTFGNXVwMnd1Zm1pVnptY3VjRExHT2t1RklwQlEycEN4T1Jj
U25zdlNTYmcKLS0tIFZUcGZrTUtTT3djZ3d0VU05aDdFcDk1Tm9KN3NTMnl3alh3
QWlLN3BaNWMKFSyXplcynqnH04rkNdl+7Deq0sUTr32SvZJsYTWaqGK2x6BT3tYY
C9qbNY7N0kG8XAtWFUvIdlhOTQPgouiyBc94OtUioJgqx/j8+85REXqjiio1Emkj
7EPYwRgeatQl4CA=
-----END AGE ENCRYPTED FILE-----
age-encryption.org/v1
-> ssh-ed25519 MtGp6g /0mUj2HFKLDNi68WSNo7AUzVPzYo2P6FYL7s2wezywk
axlQ+U9bJAws8svdsQ2yrEhpvrgjmvukuAPjpr+eJc0
-> ssh-ed25519 NbV4hw 5xhDSZOlPky3UvTHpznrB8AqQjyssU5HJqEpoGQ0wkw
N+XSv3maCLpMu8bEawrk7rUk+ZimKJRJKbrePUcsqOs
-> e-grease `*$0X[e 6)& M3<a2_ lstkG
rYBL9bPjctGG45xU/OfmmJgKcOKflNBE61tjH17IKaT2dPIMYXzNTJ5z7jg5NSWH
q9ECE1y9Q+o
--- mE52mLHBr4dAn+4T6Sg/WCdn2jtfDUlhy35sWzB/TUY
a}>nc´<63> À[r¤HŸD2ŸË¾\v§étahX“3Ü(ØP<C398>&ï5 çá¸!<19>|õò€Ë®`nêÁ•LtÅ_LVê`nÏðå,Ã`X_¯+eÍ… EÕÊ[mO_טÎ

View file

@ -1,14 +1,10 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBCdE14
R2tjZkJINUFjTVBwOUR2cmx3SEZ4NUpKYlZmcFBLSWRrMU1zQzJRClRUaFhMSzdV
MGZLYnNSMWRKOWIzOXVtS3pmRDNyTlZSWkVmUS9WNkk2NncKLT4gc3NoLWVkMjU1
MTkgTmJWNGh3IFJuS3NkQ2UzTjRjTGV4cjByRW1mRHl1VmpEQnRSS3RyRkxlTHRC
bzRyekEKZCtiSitaejhmRDZyS2pPR0ZROE00ckRtbUx1bHIySmVkWmZnQVBXc0xQ
RQotPiB6azY1LWdyZWFzZSBSNFBENyQ0ICZACmNkR0h6OXFwT3JnTnhINUoKLS0t
IFJCKzRXSW1kR2d6bHR6bjNGVVZYWWRjeEdkZzJkdlhtN0pHVG5FbTY1dlEK70F/
nw+k8Orhf2kaTlLfXD5BKdKLaCAgEBr7TN0hVy7kq8SNUCjr5cnRbdVy/AAhcp+T
JzAcd83FN8nFyRnVxPOdlgDsFqMyhdrvqneGkmtvhqCkuME6AmL4Q6x1SqCIc2BM
AlTWmyfYHcZXjQmOoPyPjVl2SGBTy7D7bozZiqT5xsV8e0M4deBbqWBAngtPNOWd
6bePMyUnUjPko7OfI+2/JPUs24FsdAUbs/7gPjGC04aXZrRJdEms8jJ6RRw0QTYy
1XuTRVHpOM62Rn1jukVfavihumowyg==
-----END AGE ENCRYPTED FILE-----
age-encryption.org/v1
-> ssh-ed25519 MtGp6g 0hWrwfexWC7VgGb6GGZi7hbACRDxYRNXlsFrmXAIEiw
QcICViQGVktlUalatvBBHD/H3uASbcwK9SCO5F4xbQ8
-> ssh-ed25519 NbV4hw oFVVxqJeZjbmHkSLsg96kCKgARheMYkvJf1pKMSUqn4
QT/d4FQT858lIqrNngI0xOT7pLlJVn64VIEhSeoYcEg
-> D"A\4L4-grease TiT>[b%D #aq q[;-n EdXt&&Y
5EdxN4sgedRoDPWsWFKvQjHLLyagraSy/GQP8OhaZS0Litb0ipxgFIoheGDNyyX4
HJnXx5SQ/hkVuyMv8HGM9GwFRHodDVdM9w
--- nJbxhp1UbqWzLvBTiZDS4nIV7nTIdA7oS0wC2nvzEl4
¡9ˆ%PtêMŒÔ±À>0ÏYPEƒ¢³LØ{.<2E>æ<>[·>Тíï<C3AD>£× Æû¬Õß¿*Y¹Š ¹³‡ú¶ø–¥4·n)Æ §ÇIK80ÎÉoðiãƒüiG2€ýklþhíFÎÒÐîà@ZÄÜëMôø%•úÌR¾&ÜV½«îœžA¶KUY ú|K<>nkÆ%™yk„®þ½°Ëˆ®ÕC>=.ªÎ•d!^ÓJÒ[ôz°5ÔÛyÇެѮU=Å÷ÄiýS¤Î-/½ÒEÖ

View file

@ -1,9 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g kj+4E2M6w0BeKDFju23lE5jzo2NKSu7dq54WYZ6Ev2I
tYCT8sTAN/CPspF0CpuJGZs+v7SohqoPS603KIuC9P0
-> ssh-ed25519 NbV4hw u2SbT+zAyUOklReSOWAixVG+xLDqHZJBFB+WRKIRMh8
OQF6gfP+l6tkxQuOnLyJjRPuBqqEJodEkepPCziAS/4
-> kd_S`/h-grease
3LGIeeHj8FVmvvGbWRqpHJ5hq+HF2a+aexz3VEdiD21A/oY84iE
--- BmBLCcoSzVhteAy3BObVbIKIIENsMjaFxTCatrMSP4Y
%<ã"õ;Óö3îŽm…Gy^ïŸãáËaa ÷Y‰%`"0©±F«²$F˜5LuÕó{"(
-> ssh-ed25519 MtGp6g BHVqOYqAxl88lFQQs1D2oxHAuZ7E4HSAUlZysn9kmQs
asPKs1JpbUk9gfGbZOQyyT567c+XCMSrM/JizXVgGj4
-> ssh-ed25519 NbV4hw eCuSnWhbg8swZtNMZIirU6sri3Hc5+5rLQi9DUI82Hs
mAjvnx+NybVEh6rN1PrBXZgVp2eMDCDU6pm+eSALehM
-> DtQ5-grease @$2={ Y' !Qw6C
ZVoPVcXGSqGvwFlT+L+OwDGus0Au5sXx2wtESOpzwEgImUndNxzgARLAuO+oOzX/
722ju53IqUGnvMh5IybU8suMm3R1CBo9FoL5Vc0MUBQEp+kHG4UbCU5pjkLld1a5
--- zew38IQLg8t/0n4Nmf7PpEI2uACfZdbHZDrMWj9v3PU
(<28><`•ÇÖŁ fâ%/Ç7ı+Č?Š2Ż*Ż j«=g”[Â<> «8?ăś˙Ľ|

View file

@ -1,10 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g fnK6JuXaG6Ui6QyyrZatt8lTWgT12LbuyEl9fi/atBc
9JQqyq0n/jwti4M7LSBovfAUIoyq3/z55S4ibxExBhk
-> ssh-ed25519 NbV4hw ya3y2RsNpSDpI7d6wIHTg8j3FYb0LPDXsAtumPtBFxU
eKsy13xWUvErMsieOKijxQsWegh3x+Y8gQeI9gzCNu8
-> vV(u$9-grease #<.W T +
tjkBjlXnISe371f8BEZ7qOnQ7jtdCuvu8Lnr0JHjMPl++HC8R6fOlzcwNtMiNSC/
bZ+YiTl/eEPQDGwY8WlAS/e/rGWy+w
--- sNqULAmuZaO3IvYjUJQamlpOw/GGQSUcTW0lJVXGhCU
÷“*…âˆû,\èA Ì`sR$^Ì•?`ŽL;ÞÂ<[ž"ØÞ×"þ’*ç1Û/Þ+)²ªZ<>Áj×¾<Áæ‚æ=ÎFX<ñbÞµb?vXÐ!¦æhé(²C}ÐB ÔÂv̓µñq¾£EïÛ 6Àª¥K„Ó˜w ô‡œ#˜Š²E9.³Å=åYý(Í<14>WŽ ¯ôOÕa¢²ná
-> ssh-ed25519 MtGp6g hsE2kvTf8occU2CJg+Ro52qm+ec1gNxBoQtCeHzZflg
b85OF5ipJIYlBOlgpUqNw7XK/MB+Ftd4pHMqjN+ArGI
-> ssh-ed25519 NbV4hw dYum1uJ8J+Nbrz2UWZiijdJQ68QEac+NS9YM/h3dj0c
5lGJ2SdUnEp01oTr/Hm7IEj/0he9be37RXxmaNsOhpY
-> =-~;<1--grease Zhb7zWk ]\1S-]W 1!$YB[ UM
urANgmNT3fiJft53WEhRmALdnBMcU2f9hjGfYrmBduXQYbqF50EUCBqLt+3hrmw
--- 3QCLu9/P+Dyvd2iVSo7d1fO0YC5D0gglZIFYIDrMGV4
És`Ë<4F>âÐ5m‰Cy)ÅÆÑg„Û¹Û2ÜßÍFG_Ü8h$Öz«€àÇ¿J©ŠS†kO»ziL¡ úR·EŒdœB ƒB ,47É*Sj<53>$Ö'u#%½<>ÃŒí#«šåRöà®ÅnסNÈBbØÀÜ äß·©«ç3È<'s>ß bœÏZô|AÅíLðŽåUõlCÀ{þ)!£I

View file

@ -1,9 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g wI6SPDxCjA42XGOHMAIjDljbxs58O9EBMvNqmP/sOl0
0QD7wfkHZwrx2YX7197cP38rxbjWfsaobb+ZqGuSRhI
-> ssh-ed25519 NbV4hw KbzBiDjXZ3ucC53mA4+F/Wk4zCqYCjxQvQCH0SMxshI
u1Yz/41HavMr8EedK0aITWix5jFbjW/7r2o0QD4W4H8
-> 7l"<0f-grease
IoNM0Lcjd38O+RHgZbI54BVLvQd7osB9OnaMkSE
--- 8X+0/9QuJP+F9//y1TOz+cw4Ry603mia6dTb5ZUNbB0
Íô«“ñ¨ˆHg?ìÌï}»ˆ.‡.%>¡îúÈΪØeùh9ÜƇ¾·ù9ßûcÑ ú[ºs¡×æð†z+á<>Ú¼óàפ
-> ssh-ed25519 MtGp6g pfAwifbGls2XDS+Pn08B4B88XgB3DgizQytPLURZlVI
/f/CEHzojiwlVnA8mCcg8JwVAre419Sudk/MMJYOiO0
-> ssh-ed25519 NbV4hw 8DaGuQ9G6cZr9GSlqMBlHoTk0HcOKlmVWzz2ytvGB3I
bEEtNtIPiS2RdxwMLhNVU4We1+gf1N6bL9f2gjS1wVA
-> Em:17j-grease G1mw> $hkViHO
0StibfZj6Bt54P+9csvjWxHJfPaTL72gK+bnmPVDBUNsTAXVwoO6Ed25t0LwsY5s
PbnGF3EjbMba6/lte1aDS3uaWqUcx4OT0NQ3joF0je10m5gPd9VptKKWSEg
--- zHAFp0QAwZsfUf8v+KIqSHo2UutjLHqm6WGXqW2iy9Y
_aťü*bKĚpNiů ÎÖCšN9™ ¨ÎöóAŠělżťâá<C3A2>\g(bÁ-žWB±uq¬\Ż<C5BB>ÎŹ÷šěpéťfń,ŔŁţ)

Binary file not shown.

View file

@ -1,12 +1,11 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBGMEx1
MDZxTTlPM3I0OW1jeHFoV1pneDNLUjIvazBZRGhYQ3oxak84RmlnCmRMU2VkMi83
Sy9vTEVoaUpGZEljMEExU05jZmxvS3RZakVTWmhidWxVN1EKLT4gc3NoLWVkMjU1
MTkgTmJWNGh3IFgyS0pZRTRScDU2REppODhQYlZMeENMU1FlbDVzM2UramgyNktR
K3RCdzAKT1QwZVVKa2krZERxeVlqYjQ4WFZBZ1d5eDR5Sm4vZ0hCKzhnNk9Vdjlw
SQotPiAxfThiLWdyZWFzZSBFe0kgPVp4R2IiTSA0bgo2MzU5K0U3UFZqS2NQUDF5
dENQNUNhSkVvdwotLS0geFBEM0d2MHQzdTIrL25Ka21FaGxjUjNpazFhdGJoQ25w
Uk5XS1ZJaHhwcwq968fFE3WeIkYgzqjHkDbJU6t0vBqII6/urAckSzfR/2PIrSJX
1pg/U1U/CnTe15PnIopE9qB7gttNaaec0z6f2lzvYudfIrydhUzr2hHy8rx79XJS
L0CBK+E=
-----END AGE ENCRYPTED FILE-----
age-encryption.org/v1
-> ssh-ed25519 MtGp6g Sk2HTzPviEFNJaD/G4FfYC1bv7aH4fQbEoEdvI/PMUo
f0lLi1o/RyadEbkHbXjpxzbuRT0WSMM/ZVM/eT3J6tk
-> ssh-ed25519 NbV4hw TAR37t4C167S7DhZSJnRjV6YUtRCiXFI/ISMdT9rhVU
rn7TyQNB2oXlns5NU6DwHMVYCBFp/vKFilc7z6FDrss
-> ]-grease
RmlKK+z9Gjb0eNJ3GLbC9DjuX4Rvj/aq6w
--- sNgUQAHFGfm3s3cK7GnUeLWfmDuCgNIsJ2Y8uKDSuvI
&ÚW¨Y]*t:ŽŽJÄV”áEøîö(˜¨ÊÅb¦Ê[. ¹³$y& =upBÜz§ãm™âãW¿­
ª!>šŸýÑx4
IIüQÇ,(¶¤7x õS

Binary file not shown.

Binary file not shown.

View file

@ -253,11 +253,11 @@
]
},
"locked": {
"lastModified": 1685885003,
"narHash": "sha256-+OB0EvZBfGvnlTGg6mtyUCqkMnUp9DkmRUU4d7BZBVE=",
"lastModified": 1686142265,
"narHash": "sha256-IP0xPa0VYqxCzpqZsg3iYGXarUF+4r2zpkhwdHy9WsM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "607d8fad96436b134424b9935166a7cd0884003e",
"rev": "39c7d0a97a77d3f31953941767a0822c94dc01f5",
"type": "github"
},
"original": {
@ -276,11 +276,11 @@
},
"locked": {
"dir": "contrib",
"lastModified": 1685945365,
"narHash": "sha256-pnxdrmkacMD+WafBM/j1bpRgIK84gsmRLRtLFf5K2gI=",
"lastModified": 1686106284,
"narHash": "sha256-UsJTmzpM6gtQDo4QnMNjCNSQSlqlRoUWwH8JL4ZLRxw=",
"owner": "neovim",
"repo": "neovim",
"rev": "16561dac39490921715a9a8a14dab884659ffc3e",
"rev": "a217675a67233ca2032cd668e919858d2aed92e7",
"type": "github"
},
"original": {
@ -297,14 +297,15 @@
"neovim-flake": "neovim-flake",
"nixpkgs": [
"nixpkgs"
]
],
"weewx-proxy-flake": "weewx-proxy-flake"
},
"locked": {
"lastModified": 1685953207,
"narHash": "sha256-yfxHv80GSbVeDFubq6rIlLs7eF/1kZpn170wDbj9g/s=",
"lastModified": 1686126028,
"narHash": "sha256-qZcjDerxaAejZWOKIZ/BRzlO6Dk3kSAcGScImAjHKuo=",
"owner": "nifoc",
"repo": "nix-overlay",
"rev": "6764c13526e83394aceb8c235f561934b9663c23",
"rev": "34792fe066ac58e2441ffc6c854ef6c809c3d91d",
"type": "github"
},
"original": {
@ -313,13 +314,29 @@
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1684899633,
"narHash": "sha256-NtwerXX8UFsoNy6k+DukJMriWtEjQtMU/Urbff2O2Dg=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "4cc688ee711159b9bcb5a367be44007934e1a49d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1685938391,
"narHash": "sha256-96Jw6TbWDLSopt5jqCW8w1Fc1cjQyZlhfBnJ3OZGpME=",
"lastModified": 1686089707,
"narHash": "sha256-LTNlJcru2qJ0XhlhG9Acp5KyjB774Pza3tRH0pKIb3o=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "31cd1b4afbaf0b1e81272ee9c31d1ab606503aed",
"rev": "af21c31b2a1ec5d361ed8050edd0303c31306397",
"type": "github"
},
"original": {
@ -371,6 +388,7 @@
"deploy-rs": "deploy-rs",
"home-manager": "home-manager_2",
"nifoc-overlay": "nifoc-overlay",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs"
}
},
@ -415,6 +433,31 @@
"repo": "flake-utils",
"type": "github"
}
},
"weewx-proxy-flake": {
"inputs": {
"flake-parts": [
"nifoc-overlay",
"flake-parts"
],
"nixpkgs": [
"nifoc-overlay",
"nixpkgs"
]
},
"locked": {
"lastModified": 1686080637,
"narHash": "sha256-qM6kb5cf9eC94KRdkfAaDhLYPjlRq525KtCP6TyIaok=",
"owner": "nifoc",
"repo": "weewx-proxy",
"rev": "2c21daf3c42190fde7bda45d94f603fdd314ae44",
"type": "github"
},
"original": {
"owner": "nifoc",
"repo": "weewx-proxy",
"type": "github"
}
}
},
"root": "root",

View file

@ -12,6 +12,8 @@
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
@ -56,6 +58,11 @@
inherit inputs;
};
argon = import ./system/flakes/argon.nix {
inherit (inputs) nixpkgs nixos-hardware deploy-rs home-manager agenix;
inherit inputs;
};
adsb-antenna = import ./system/flakes/adsb-antenna.nix {
inherit (inputs) nixpkgs deploy-rs home-manager;
inherit inputs;
@ -70,6 +77,7 @@
sail = sail.system;
attic = attic.system;
mediaserver = mediaserver.system;
argon = argon.system;
adsb-antenna = adsb-antenna.system;
};
@ -77,6 +85,7 @@
sail = sail.deployment;
attic = attic.deployment;
mediaserver = mediaserver.deployment;
argon = argon.deployment;
adsb-antenna = adsb-antenna.deployment;
};
};

33
hardware/hosts/argon.nix Normal file
View file

@ -0,0 +1,33 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
kernelModules = [ "tcp_bbr" ];
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
"net.ipv4.tcp_syncookies" = 0;
"net.ipv4.tcp_timestamps" = 1;
"net.ipv4.tcp_window_scaling" = 1;
};
};
fileSystems."/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
swapDevices = [
{
device = "/var/lib/swapfile";
size = 4096;
}
];
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
}

27
home/hosts/argon.nix Normal file
View file

@ -0,0 +1,27 @@
args@{ pkgs, ... }:
{
imports = [
../programs/fish.nix
../programs/atuin.nix
../programs/starship.nix
../programs/git.nix
../programs/bat.nix
../programs/fzf.nix
../programs/jq.nix
../programs/scripts.nix
];
home = {
stateVersion = "22.11";
packages = with pkgs; [
ripgrep
];
};
}

View file

@ -107,12 +107,12 @@ in
};
nvim-treesitter = buildVimPluginFrom2Nix {
pname = "nvim-treesitter";
version = "2023-06-05";
version = "2023-06-07";
src = fetchFromGitHub {
owner = "nvim-treesitter";
repo = "nvim-treesitter";
rev = "1b5a7334bb9862abafcf6676d2a2a6973d15ae3a";
sha256 = "0rf603j2i7a1y1xli2yvv2ddl82qnr2sraii5mc442k1lmwbbk8d";
rev = "46ddea9deccb0608df416822228786d1a5a2b7d1";
sha256 = "17rlv3gqh9glskr3ncnvwa6pgk6iansdl6b2fjyrk3zw5kj99gak";
fetchSubmodules = false;
};
};
@ -140,12 +140,12 @@ in
};
telescope-nvim = buildVimPluginFrom2Nix {
pname = "telescope.nvim";
version = "2023-05-25";
version = "2023-06-07";
src = fetchFromGitHub {
owner = "nvim-telescope";
repo = "telescope.nvim";
rev = "6d3fbffe426794296a77bb0b37b6ae0f4f14f807";
sha256 = "171f5lprqfdyh2lg2wkakzdxkxpzxdd9x2nhmvhv63rbskf0v00l";
rev = "be49680937e821e4d8522329727e50734fdb9b97";
sha256 = "15bq92f9vvqhzhr6djm8r0vybsm0z030xp5wpf904kir1svpwdgb";
fetchSubmodules = false;
};
};
@ -220,12 +220,12 @@ in
};
nvim-lspconfig = buildVimPluginFrom2Nix {
pname = "nvim-lspconfig";
version = "2023-06-05";
version = "2023-06-07";
src = fetchFromGitHub {
owner = "neovim";
repo = "nvim-lspconfig";
rev = "664de12a7816dfa348bb475607edfa4fe0122025";
sha256 = "0f2068l6kcrxxvk9wk8gxswqj0f3f6w6dm1nzmbcvqv4j5mvwnps";
rev = "1028360e0f2f724d93e876df3d22f63c1acd6ff9";
sha256 = "17n18dkhd39vkbqx0hxgg6zf1yq1052rlnxpqj0x5p7s0zxwqhmr";
fetchSubmodules = false;
};
};
@ -297,23 +297,23 @@ in
};
LuaSnip = buildVimPluginFrom2Nix {
pname = "LuaSnip";
version = "2023-05-31";
version = "2023-06-07";
src = fetchFromGitHub {
owner = "L3MON4D3";
repo = "LuaSnip";
rev = "51ebb4b6637290e1b8e0fb0d6f38b605d3c24940";
sha256 = "1ncdr76izf38s9ia11f32byskz2spmb0x22ixvras2g19w2bk63q";
rev = "a13af80734eb28f744de6c875330c9d3c24b5f3b";
sha256 = "050f0rh8mb7v6zg0d779i7hxl3l2bmbjg608rsb34hr8h0qkk5qd";
fetchSubmodules = false;
};
};
friendly-snippets = buildVimPluginFrom2Nix {
pname = "friendly-snippets";
version = "2023-06-04";
version = "2023-06-06";
src = fetchFromGitHub {
owner = "rafamadriz";
repo = "friendly-snippets";
rev = "9025d37189f26b6ca0b965a9e5eec3e69c37d2e9";
sha256 = "0y3lbpqm2yby1i3mvybkkxn8sfiwbwxs685zpvpjq6l3b184h9jc";
rev = "b471f5419155ce832eff71ad8920ea8cfbd54840";
sha256 = "14yjacmzryd8mkbi7dkacq0zqc8r52dipdsjyzak45pqacc4wzvs";
fetchSubmodules = false;
};
};
@ -539,12 +539,12 @@ in
};
gitsigns-nvim = buildVimPluginFrom2Nix {
pname = "gitsigns.nvim";
version = "2023-05-25";
version = "2023-06-07";
src = fetchFromGitHub {
owner = "lewis6991";
repo = "gitsigns.nvim";
rev = "f868d82a36f7f7f5e110eb0a9659993984f59875";
sha256 = "1pbrm7y6z1b96yy8v9chn69jfbznlzrkygp802cb4946snnb5dj7";
rev = "4455bb5364d29ff86639dfd5533d4fe4b48192d4";
sha256 = "0zhsrfr5gqij7yg28q0ds9qnxadjxnms0ws345rj3drz2lmysrhf";
fetchSubmodules = false;
};
};
@ -572,12 +572,12 @@ in
};
noice-nvim = buildVimPluginFrom2Nix {
pname = "noice.nvim";
version = "2023-06-04";
version = "2023-06-06";
src = fetchFromGitHub {
owner = "folke";
repo = "noice.nvim";
rev = "7b14678f83ad1a875b1bcea34de4377ebfb50973";
sha256 = "05y8lz4r4rmjbnma7zv3fz0lknlgby6385sai92zkh5a959bj51x";
rev = "acf47e2b863eb20f177aa1bd5398041513e731e1";
sha256 = "1w4vzkashi7yqkzgb9cdq7nv27ibkw94ih041jf36k9axmlffqbr";
fetchSubmodules = false;
};
};

View file

@ -23,5 +23,13 @@
identityFile = "~/.ssh/LAN.pub";
identitiesOnly = true;
};
"builder-argon" = {
hostname = "argon.ts.kempkens.network";
port = 22;
user = "root";
identityFile = "~/.ssh/LAN.pub";
identitiesOnly = true;
};
};
}

View file

@ -75,5 +75,14 @@
identityFile = "~/.ssh/LAN.pub";
identitiesOnly = true;
};
"argon" = {
hostname = "argon.ts.kempkens.network";
port = 22;
user = "daniel";
forwardAgent = true;
identityFile = "~/.ssh/LAN.pub";
identitiesOnly = true;
};
};
}

BIN
secret/hosts/argon.nix Normal file

Binary file not shown.

Binary file not shown.

View file

@ -4,10 +4,12 @@ let
system-sail = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJMs1BqZ+MC7XBwV+dZW8EmaZt2cOg/xcOBPS9KSzIl";
system-attic = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHe6N3LfPxu7KNsyuI8YE3R0OHLTxNw5+WhuQjKL6PUr";
system-mediaserver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDlB0cL5CtTOyARWSE2yUsNU4JHUPmr71710mZHzsmbX";
system-argon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPP9ygczyi6g8abvj1I0eAj7N2Rli9UMlkC8VT6SnWLU";
sail = [ user-daniel system-sail ];
attic = [ user-daniel system-attic ];
mediaserver = [ user-daniel system-mediaserver ];
argon = [ user-daniel system-argon ];
in
{
# sail
@ -71,4 +73,13 @@ in
"agenix/hosts/mediaserver/aria2/config.age".publicKeys = mediaserver;
"agenix/hosts/mediaserver/unpackerr/config.age".publicKeys = mediaserver;
# argon
"agenix/hosts/argon/user/danielPassword.age".publicKeys = argon;
"agenix/hosts/argon/acme/credentials.age".publicKeys = argon;
"agenix/hosts/argon/tailscale/authkey.age".publicKeys = argon;
"agenix/hosts/argon/weewx-proxy/environment.age".publicKeys = argon;
}

61
system/flakes/argon.nix Normal file
View file

@ -0,0 +1,61 @@
{ nixpkgs, nixos-hardware, deploy-rs, home-manager, agenix, inputs, ... }:
let
default-system = "aarch64-linux";
overlay-attic = inputs.attic.overlays.default;
overlay-deploy-rs = _: _: { inherit (inputs.deploy-rs.packages.${default-system}) deploy-rs; };
overlay-nifoc = inputs.nifoc-overlay.overlay;
nixpkgsConfig = {
overlays = [
overlay-attic
overlay-deploy-rs
overlay-nifoc
];
config = {
allowUnfree = true;
allowBroken = true;
permittedInsecurePackages = [
"openssl-1.1.1t"
];
};
};
in
rec {
system = nixpkgs.lib.nixosSystem {
system = default-system;
modules = [
../hosts/argon.nix
nixos-hardware.nixosModules.raspberry-pi-4
home-manager.nixosModules.home-manager
agenix.nixosModules.default
{
nixpkgs = nixpkgsConfig;
nix.nixPath = [ "nixpkgs=${nixpkgs}" ];
nix.registry.nixpkgs.flake = nixpkgs;
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.daniel = import ../../home/hosts/argon.nix;
}
];
};
deployment = {
hostname = "argon";
sshUser = "root";
remoteBuild = true;
autoRollback = false;
magicRollback = false;
profiles.system = {
path = deploy-rs.lib.${default-system}.activate.nixos system;
};
};
}

View file

@ -59,6 +59,12 @@
systems = [ "x86_64-linux" "aarch64-linux" ];
maxJobs = 1;
}
{
hostName = "builder-argon";
systems = [ "aarch64-linux" ];
maxJobs = 1;
}
];
gc = {

View file

@ -71,10 +71,9 @@ in
dhcpcd.denyInterfaces = [ "veth*" ];
timeServers = [
"ntp1.hetzner.de"
"ntp2.hetzner.com"
"ntp3.hetzner.net"
"time.cloudflare.com"
"ptbtime1.ptb.de"
"ptbtime2.ptb.de"
"ptbtime3.ptb.de"
];
};

172
system/hosts/argon.nix Normal file
View file

@ -0,0 +1,172 @@
args@{ pkgs, config, lib, ... }:
let
secret = import ../../secret/hosts/argon.nix;
ssh-keys = import ../shared/ssh-keys.nix;
in
{
imports = [
../../hardware/hosts/argon.nix
../../agenix/hosts/argon/config.nix
../shared/show-update-changelog.nix
../nixos/raspberry.nix
../nixos/ssh.nix
../nixos/git.nix
../nixos/acme-argon.nix
../nixos/nginx.nix
(import ../nixos/adguardhome.nix (args // { inherit secret; }))
../nixos/attic.nix
../nixos/tailscale.nix
../nixos/weewx-proxy.nix
];
system.stateVersion = "22.11";
nix = {
package = pkgs.nixVersions.stable;
settings = {
auto-optimise-store = true;
substituters = [
"https://attic.cache.daniel.sx/nifoc-systems"
"https://nifoc.cachix.org"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"nifoc-systems:eDDqVP5BFR6/1KvXbF9oUL8JahDdmbrsYtxlQ57LOTU="
"nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 14d";
};
extraOptions = ''
experimental-features = nix-command flakes
keep-derivations = true
keep-outputs = true
post-build-hook = ${../../home/programs/scripts/attic-system-cache}
'';
};
environment.etc."nix/netrc".source = ../../secret/shared/nix-netrc;
boot = {
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
tmp.cleanOnBoot = true;
};
networking = {
hostName = "argon";
useNetworkd = true;
};
systemd.network = {
enable = true;
netdevs = {
"20-vlan10" = {
netdevConfig = {
Kind = "vlan";
Name = "vlan51";
};
vlanConfig.Id = 51;
};
"20-vlan20" = {
netdevConfig = {
Kind = "vlan";
Name = "vlan777";
};
vlanConfig.Id = 777;
};
};
networks = {
"10-lan" = {
matchConfig.Name = "end0";
vlan = [ "vlan51" "vlan777" ];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
IPv6PrivacyExtensions = true;
};
linkConfig.RequiredForOnline = "routable";
ntp = [
"ptbtime1.ptb.de"
"ptbtime2.ptb.de"
"ptbtime3.ptb.de"
];
};
"20-iot" = {
matchConfig.Name = "vlan51";
networkConfig = {
DHCP = "no";
IPv6AcceptRA = false;
};
address = [ "10.0.51.5/24" ];
linkConfig.RequiredForOnline = "routable";
};
"30-modem" = {
matchConfig.Name = "vlan777";
networkConfig = {
DHCP = "no";
IPv6AcceptRA = false;
};
address = [ "192.168.1.5/24" ];
linkConfig.RequiredForOnline = "routable";
};
};
wait-online.extraArgs = [
"--interface=end0"
];
};
services.journald.extraConfig = ''
SystemMaxUse=512M
'';
documentation = {
nixos.enable = false;
doc.enable = false;
};
services.hardware.argonone.enable = true;
programs.fish.enable = true;
users.users = {
root = {
openssh.authorizedKeys.keys = [ ssh-keys.LAN ];
};
daniel = {
passwordFile = config.age.secrets.user-daniel-password.path;
isNormalUser = true;
home = "/home/daniel";
description = "Daniel";
extraGroups = [ "wheel" ];
shell = pkgs.fish;
openssh.authorizedKeys.keys = [ ssh-keys.LAN ];
};
};
}

View file

@ -0,0 +1,23 @@
{ config, ... }:
{
security.acme = {
acceptTerms = true;
defaults = {
email = "acme@kempkens.io";
group = "nginx";
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets.acme-credentials.path;
dnsResolver = "1.1.1.1:53";
dnsPropagationCheck = true;
reloadServices = [ "nginx.service" ];
};
certs = {
"internal.kempkens.network" = {
domain = "*.internal.kempkens.network";
};
};
};
}

View file

@ -1,3 +1,5 @@
{ lib, config, secret, ... }:
{
services.adguardhome = {
enable = true;
@ -6,11 +8,17 @@
bind_host = "127.0.0.1";
bind_port = 3000;
users = [
{
inherit (secret.adguardhome.users.daniel) name password;
}
];
auth_attempts = 3;
debug_pprof = false;
dns = {
bind_hosts = [ "0.0.0.0" ];
bind_hosts = [ "127.0.0.1" "10.0.0.5" ];
port = 53;
bootstrap_dns = [
@ -30,13 +38,63 @@
};
};
services.nginx.virtualHosts."dns.internal.kempkens.network" = {
networking.firewall.interfaces =
let
interfaces = lib.mapAttrsToList (_: value: lib.attrsets.attrByPath [ "matchConfig" "Name" ] null value) config.systemd.network.networks;
in
builtins.listToAttrs
(builtins.map
(iface:
{
name = iface;
value = {
allowedTCPPorts = [ 53 9053 ];
allowedUDPPorts = [ 53 9053 ];
};
})
(builtins.filter builtins.isString interfaces));
services.nginx.virtualHosts."agh.internal.kempkens.network" = {
serverAliases = [ "dns.internal.kempkens.network" ];
listen = [
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
{
addr = "[::0]";
port = 443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 9053;
ssl = true;
}
{
addr = "[::0]";
port = 9053;
ssl = true;
}
];
quic = true;
http3 = true;
onlySSL = true;
useACMEHost = "internal.kempkens.network";
extraConfig = ''
set_real_ip_from 100.76.233.31/32;
set_real_ip_from fd7a:115c:a1e0:ab12:4843:cd96:624c:e91f/128;
real_ip_header X-Forwarded-For;
'';
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:3000";

29
system/nixos/chrony.nix Normal file
View file

@ -0,0 +1,29 @@
{ lib, ... }:
{
services.chrony = {
enable = true;
servers = [
"ptbtime1.ptb.de"
"ptbtime2.ptb.de"
"time.cloudflare.com"
"ntp1.hetzner.de"
];
extraConfig = ''
bindaddress 0.0.0.0
port 123
allow
'';
};
systemd.services.chronyd = {
after = lib.mkForce [ "network-online.target" "nss-lookup.target" ];
};
networking.firewall.interfaces."end0" = {
allowedUDPPorts = [ 123 ];
allowedTCPPorts = [ 123 ];
};
}

View file

@ -4,16 +4,49 @@
services.nginx.streamConfig = ''
resolver 1.1.1.1 ipv6=off;
upstream home {
server ${secret.nginx.upstream.home.hostname}:${builtins.toString secret.nginx.upstream.home.upstreamPort};
upstream video {
server ${secret.nginx.upstream.video.hostname}:${builtins.toString secret.nginx.upstream.video.upstreamPort};
}
server {
listen ${builtins.toString secret.nginx.upstream.home.externalPort};
listen ${builtins.toString secret.nginx.upstream.video.externalPort};
proxy_protocol on;
proxy_pass home;
proxy_pass video;
}
'';
networking.firewall.interfaces."enp1s0".allowedTCPPorts = [ secret.nginx.upstream.home.externalPort ];
services.nginx = {
commonHttpConfig = ''
resolver 1.1.1.1;
'';
upstreams.dns = {
servers = {
"${secret.nginx.upstream.dns.primary.hostname}:${builtins.toString secret.nginx.upstream.dns.primary.upstreamPort}" = { };
};
};
virtualHosts."${secret.nginx.upstream.dns.fqdn}" = {
quic = true;
http3 = true;
onlySSL = true;
useACMEHost = "cache.daniel.sx";
locations."/${secret.adguardhome.auth}/dns-query" = {
recommendedProxySettings = true;
proxyPass = "https://dns";
extraConfig = ''
rewrite ^/${secret.adguardhome.auth}(.*)$ $1 break;
proxy_hide_header alt-svc;
'';
};
};
};
networking.firewall.interfaces."enp1s0".allowedTCPPorts = [
secret.nginx.upstream.video.externalPort
];
}

View file

@ -0,0 +1,22 @@
{ pkgs, config, ... }:
{
systemd.services.weewx-proxy = {
description = "A proxy service for WeeWX sources";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
serviceConfig = {
DynamicUser = true;
StateDirectory = "weewx-proxy";
EnvironmentFile = [ config.age.secrets.weewx-proxy-environment.path ];
ExecStart = "${pkgs.weewx-proxy}/bin/weewx_proxy start";
Type = "notify";
WatchdogSec = "10s";
Restart = "on-failure";
};
};
networking.firewall.interfaces."vlan51" = {
allowedTCPPorts = [ 4040 ];
};
}