From 7a8b6de2a186246b44a322b71a37e43bb9180ac9 Mon Sep 17 00:00:00 2001 From: Yorick van Pelt Date: Wed, 18 May 2022 15:57:58 +0200 Subject: [PATCH] switch to agenix --- .gitattributes | 3 --- flake.lock | 21 +++++++++++++++++++++ flake.nix | 5 ++++- nixos/conf | 16 +--------------- nixos/deploy/keys.nix | 23 ----------------------- nixos/keys/backup.pennyworth.key | Bin 7599 -> 0 bytes nixos/keys/grafana.env | Bin 174 -> 0 bytes nixos/keys/http.muflax.key | Bin 909 -> 0 bytes nixos/keys/pennyworth_borg_repo.key | Bin 70 -> 0 bytes nixos/keys/pennyworth_borg_ssh.key | Bin 3403 -> 0 bytes nixos/keys/pennyworth_borg_ssh.key.pub | Bin 763 -> 0 bytes nixos/keys/ssh.frumar.key | Bin 909 -> 0 bytes nixos/keys/ssh.jarvis.key | Bin 909 -> 0 bytes nixos/keys/ssh.pennyworth.key | Bin 909 -> 0 bytes nixos/keys/ssh.woodhouse.key | Bin 909 -> 0 bytes nixos/keys/wg.blackadder.key | Bin 67 -> 0 bytes nixos/keys/wg.frumar.key | Bin 67 -> 0 bytes nixos/keys/wg.jarvis.key | Bin 67 -> 0 bytes nixos/keys/wg.mullvad-nl3.key | Bin 67 -> 0 bytes nixos/keys/wg.mullvad-nl4.key | Bin 67 -> 0 bytes nixos/keys/wg.pennyworth.key | Bin 67 -> 0 bytes nixos/keys/wg.smithers.key | Bin 67 -> 0 bytes nixos/keys/wg.woodhouse.key | Bin 67 -> 0 bytes nixos/keys/wg.zazu.key | Bin 67 -> 0 bytes nixos/keys/yori-nix.key | Bin 117 -> 0 bytes nixos/logical/frumar.nix | 6 ++---- nixos/logical/jarvis.nix | 1 + nixos/logical/pennyworth.nix | 4 ++-- nixos/logical/zazu.nix | 4 ++-- nixos/modules/lumi-cache.nix | 16 ++-------------- nixos/roles/default.nix | 6 +++--- nixos/services/backup.nix | 12 +++++------- nixos/services/torrent-wg.nix | 4 ++-- secrets/grafana.env.age | Bin 0 -> 605 bytes secrets/http.muflax.age | Bin 0 -> 1282 bytes secrets/nix-netrc.age | Bin 0 -> 563 bytes secrets/pennyworth_borg_repo.age | 10 ++++++++++ secrets/pennyworth_borg_ssh.age | Bin 0 -> 3838 bytes secrets/secrets.nix | Bin 0 -> 1376 bytes secrets/wg.blackadder.age | 11 +++++++++++ secrets/wg.frumar.age | 11 +++++++++++ secrets/wg.jarvis.age | Bin 0 -> 428 bytes secrets/wg.mullvad-nl4.age | 9 +++++++++ secrets/wg.pennyworth.age | Bin 0 -> 517 bytes secrets/wg.smithers.age | Bin 0 -> 468 bytes secrets/wg.zazu.age | Bin 0 -> 516 bytes 46 files changed, 86 insertions(+), 76 deletions(-) delete mode 100644 nixos/deploy/keys.nix delete mode 100644 nixos/keys/backup.pennyworth.key delete mode 100644 nixos/keys/grafana.env delete mode 100644 nixos/keys/http.muflax.key delete mode 100644 nixos/keys/pennyworth_borg_repo.key delete mode 100644 nixos/keys/pennyworth_borg_ssh.key delete mode 100644 nixos/keys/pennyworth_borg_ssh.key.pub delete mode 100644 nixos/keys/ssh.frumar.key delete mode 100644 nixos/keys/ssh.jarvis.key delete mode 100644 nixos/keys/ssh.pennyworth.key delete mode 100644 nixos/keys/ssh.woodhouse.key delete mode 100644 nixos/keys/wg.blackadder.key delete mode 100644 nixos/keys/wg.frumar.key delete mode 100644 nixos/keys/wg.jarvis.key delete mode 100644 nixos/keys/wg.mullvad-nl3.key delete mode 100644 nixos/keys/wg.mullvad-nl4.key delete mode 100644 nixos/keys/wg.pennyworth.key delete mode 100644 nixos/keys/wg.smithers.key delete mode 100644 nixos/keys/wg.woodhouse.key delete mode 100644 nixos/keys/wg.zazu.key delete mode 100644 nixos/keys/yori-nix.key create mode 100644 secrets/grafana.env.age create mode 100644 secrets/http.muflax.age create mode 100644 secrets/nix-netrc.age create mode 100644 secrets/pennyworth_borg_repo.age create mode 100644 secrets/pennyworth_borg_ssh.age create mode 100644 secrets/secrets.nix create mode 100644 secrets/wg.blackadder.age create mode 100644 secrets/wg.frumar.age create mode 100644 secrets/wg.jarvis.age create mode 100644 secrets/wg.mullvad-nl4.age create mode 100644 secrets/wg.pennyworth.age create mode 100644 secrets/wg.smithers.age create mode 100644 secrets/wg.zazu.age diff --git a/.gitattributes b/.gitattributes index 690a2a8..f0bd4f3 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,4 +1 @@ secrets.nix filter=git-crypt diff=git-crypt -*.key filter=git-crypt diff=git-crypt -deploy_key filter=git-crypt diff=git-crypt -keys/** filter=git-crypt diff=git-crypt diff --git a/flake.lock b/flake.lock index 23fefbb..4f332e7 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,25 @@ { "nodes": { + "agenix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1652712410, + "narHash": "sha256-hMJ2TqLt0DleEnQFGUHK9sV2aAzJPU8pZeiZoqRozbE=", + "owner": "ryantm", + "repo": "agenix", + "rev": "7e5e58b98c3dcbf497543ff6f22591552ebfe65b", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, "blobs": { "flake": false, "locked": { @@ -259,6 +279,7 @@ }, "root": { "inputs": { + "agenix": "agenix", "emacs-overlay": "emacs-overlay", "home-manager": "home-manager", "nixos-hardware": "nixos-hardware", diff --git a/flake.nix b/flake.nix index 128bc9a..b893753 100644 --- a/flake.nix +++ b/flake.nix @@ -10,14 +10,17 @@ nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-21.05"; nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; nixos-mailserver.inputs.nixpkgs.follows = "nixpkgs"; + agenix.url = "github:ryantm/agenix"; + agenix.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = inputs@{ nixpkgs, home-manager, nixpkgs-mozilla, emacs-overlay - , nixpkgs-wayland, nixpkgs-stable, nixos-hardware, self, ... }: { + , nixpkgs-wayland, nixpkgs-stable, nixos-hardware, agenix, self, ... }: { overlay = nixpkgs.lib.composeManyExtensions [ nixpkgs-wayland.overlay #nixpkgs-mozilla.overlay emacs-overlay.overlay + agenix.overlay (import ./fixups.nix) (import ./pkgs) (import ./pkgs/mdr.nix) diff --git a/nixos/conf b/nixos/conf index 940c162..fc9dd22 100755 --- a/nixos/conf +++ b/nixos/conf @@ -4,12 +4,6 @@ cd "$( dirname "${BASH_SOURCE[0]}" )" export NIX_PATH= host=$1 COPY_USER=yorick -decrypt() { - if ! [ -e secrets.nix ] - then - git crypt unlock - fi -} get_target_host() { TARGET_HOST=$(nix eval --raw -f vpn.nix ips.$host) TARGET_HOST=$(ssh $TARGET_HOST ip --json r get 1.1.1.1 | jq -r '.[0].prefsrc') @@ -19,20 +13,12 @@ peek() { command "$@" } nix() { - decrypt - peek nix --extra-experimental-features nix-command "$@" + peek nix --extra-experimental-features "nix-command flakes" "$@" } nix-build() { - decrypt peek nix-build "$@" } case $2 in - copy-keys) - nix build -f ../. yorick.machine."$host".config.deployment.keys-copy --out-link copy-keys - get_target_host - peek ./copy-keys/bin/copy-keys "$TARGET_HOST" - # rm ./copy-keys - ;; ssh) get_target_host peek ssh root@"$TARGET_HOST" diff --git a/nixos/deploy/keys.nix b/nixos/deploy/keys.nix deleted file mode 100644 index e295f13..0000000 --- a/nixos/deploy/keys.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ pkgs, lib, config, ... }: -with lib; -let cfg = config.deployment.keyys; -in { - options.deployment.keyys = mkOption { - type = types.listOf types.path; - default = [ ]; - }; - options.deployment.keys-copy = mkOption { type = types.package; }; - config = { - deployment.keys-copy = pkgs.writeShellScriptBin "copy-keys" - (if cfg != [ ] then '' - set -e - ssh root@$1 "mkdir -p /root/keys" - scp ${concatMapStringsSep " " toString cfg} root@$1:/root/keys - echo "uploaded keys" - '' else '' - echo "no keys to upload" - ''); - - }; - -} diff --git a/nixos/keys/backup.pennyworth.key b/nixos/keys/backup.pennyworth.key deleted file mode 100644 index e58f7fed0e2499d6eb76dd73c9abb912c4ea4b59..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7599 zcmV;g9Z=!`M@dveQdv+`03<8^!A}D--%>S3{=@ZZ!t1p4OlBDww+rzzj0)pQa4}zR2BwOSpdZM z^+EfKe-olBRbUfz_6|0o#&Wj$^}WG@P&J%>Wgg8?QLbOWLI`Nk*!P;BRk&w_Zl68uJ^im`lh)+4ny2RXCL zB?HZGAhV8}fo-l%=ip00Bul}!6mla2BkxAKs<-c?Z2Ix)Awhb}2C{2F3!_$Oo{ZHy zA~;z|J=W4ipN?8XrZ%7QI4y@_mkhDDcR(-MJdz&adSvxpxFy#=b;oSe0 z+;EwnOB)C0eKuZ#|Jh~pKX?Z&3MGhC$ zOcPMMY_lwgH1JsDBv8jF?v11MQCX_;Dsg+kk#5;lN$hs`I3?GZ^l$^+o`u0|$Z-CJ zBR%mnniAJ7Pnd5+?1ZCh(E&D2^}<%^iqFZhnv&x`yF`e6OmC?rrQqkR$(8O$EfF;* zmh@7HD|S@_%gS0z9^h-U0mQV$!|Nv`(Iz12Jdj2$H zxcIEvN#ikuNGC4?HVjq}LTBIPq(|8}iN3;wio2-V=s2WUsDaK|%L~o-lW_CM0W;33 zO}fAZrQcG62!o2#I?>vjxn$J&F`oiPK1gbFu12#ZP&9V~X?U1O(G~ zMy17`=QjrZ9td|W^U5V2QaeI>0Uvzwm|K)8jZ17OD4YlUEVC4N--38Yk7b27x1Pm@ zNNLsC)_ivx)Rc$J2`}BOgn}gOru)U6o_0`E5`D7!Y5fuIrMv7C*l z!l353)Zd=M`^TlIcxp0bO`#Z^4ZEKP(x}LVL2_t0n`5~}8a)7(&~v*H()$`5er;Q$ z?;(h1c-QLaIHo;ah8D~ZAuFEsj2>mOF?;gKjX zEqfRq{9K~~o~TD}z6JhFffYgX;m7}LCYTjAsZgEWuXDt}ATq7d(4?)t_j$0&;6FFm z7P96u(4rcd&Vs$=)}=%XleM4N5aC9kBe8`sHNG9QfYRmxV}trj*YxZlg5M$&}ZURQ|i=4Gu;9BUan>&q-1oB^eCs z)6u$fr`H;dhZNqS_vX7C1@muJS1a-2C91ymIRv=@%~N!FzdY9E(aoSu1+!=+ez&rn z!h>4$SPuh`9fP#Sr`;@>3#14o(zfI7O!Bp0km4kfWqMg5eNZhQ$(kc6-v_qXYra+L zlxWNAB_jKLp42R8Y*tV2eINZcAo6bGS9s%AtWsoODwvVO_H6fsnu%V?)mgHY)zJA~ zkuu&4of$HMuZ_~n1Dx{dL~uP6ol-4c3@kLV@j4_9!*pZhA}o#j`eIh{oRlS|g$Xa- zf^z=nEuKKM_|>+ysVvQR!}w$bx0nwvI_7b0SGCvWG8Gek)I{IQBmnM;PwCce{bycZ z+3d5oz6ha&!{rYOphEGYu7#~GRvMG~DbG$=r>v_=kP{u8t4+cyn@@aKAo9_iA zxx1~^?__fSAM8RmW8fru4zA9r?iUOvRqt)+qmR<=w@|W>|MOD3J z|K0sMB)T89>J<+@Py+t(%k^y#3Ia9(#E`oDSbabZgD|gfWy*#s6S7t@Qn&gTVpmV% zjl+rhdLOLZFeY!h;QJpVb&a@J+F0uNjqHzsyAg)vB8)&w=|$B7ZtH(r!JEu)5ODxy6b)mf2_b`bq2jAPrLsD`)3>&&L`0BSUxb_ANcTMge$ zNaO+T<*O6NO5MqW<*#Dy87{9aF6hAn+N{wPs7qmGH>q1n1F3jh zV@M5kJ@%I)l~;k*R0mf42=Zvt;|pV3lQc1fSKyOZx?C49 z8-NrPQHZ$t-=T#K-A!P*b|EP?UJm>h?7Tec2IyaRB@%crq3cmI>DacL{%qmCkT@oU zzsUIv)b@u+7HnYR-W#QCPYmRT#J~@UgBrID0(xf9yVJ4eLs%|XLuHapBC6W0!?cy4 zW;<BYlIx;~;@k(!D!&Ix9K3nBrXiAh-B@l{$*Yjs!VrvQm9A7dgSSK2fsCf)RehX1Tv3N*By#bH~$&j6I| z12os>$1YoP>e$n(4aZNKCkh1gROSSMR zgyU5A;KidoC_Mw|CHa18VsbBxqWMB18X9nEWhoc%gJjL?!{EAHt~0^G%EQlE@k^3@ z3tW7`Hb<)PByH=JI2u%|mhjq8u5Ew;hK1mSK1$~43z+LQ5^)l(*>dmA{{~KB*QjRu zvCHUDc%@YwrgulPW4}(LWlPo}#{ndj=iDaL3>>Y5wO-97{$C>!Sj)jjZXkqRK@}Z6 zpn{&k1&NP{riCcP8LB3}%#90QbW#^_%IUE@ z^sJPRUeA_n7nVw$dUY97JV)tHbO=OOL8`A(+t1Ui@%3KGN6eNp6&XnLy}j|x(K$w#11n%oC1(!FVseZLeLEVka=N}cqlGAW(hJi?E%5zpm$Q^~U+4_`YRTV}qzW#9GK}ob z)T)xGUD?IKAR`gnk{`k#e4Ze3W5qXe$DiUPd>6DhqZJrASxeu4A-hPkTnNpW`~*k; zDR@SaE>eHn5D_P{6K_P=x*CizMWR64b+XEtg36)34$0;Y=Sy8*pZgRUZ z`Sm)hf`}|zq@#YDTonULB&Sx~MUH;nJT~&XtG@{y9be-C=S7SeP=0}}S=nbefnrJ> z*_%bZdrG0XQcuM8&h@TwR1qH5{kk@9VO6pK&|(q?(j@)P;m64U!Sd+15r^)@!r?z# zJRUqXLKKB{4kL){4AMH3J07H9;F<5kT*$bycv&#MAx{F$1XV?&e(HcvS~#JXAYy~? z{%(SP1UI|jKNqw@QC=V;)*qvm7pqFQoijl&)KvFXhwPVK?M2PR``H%J|K#n3$9CAc zr#w(puQwV#V zHgZ9U)F=iZ!wT{Ll)`xdyBsD|JJ`C9` z4*@VKnLj}r1s!o7*9Pq+vV;_6SU=~4Vh0c>DAH3QrW@YQ9jpm5{RofKRBr(&(yN!* z*K(bZDqf^=P%nuQN9^TPg61FkNNH!-g% zCCfJhO%A#aDW7=e?qCv;qg*O+Qb@1t%Hh8EY_csY#Eh69Q(sJeQ~y-h4^`l0ZIs}_ zhZ#WH`7`_M54y#~{OH|g%Pj@ay)gOUkrSpYa}KIB#%&`}h7VpRM`tLY6h};{0D}IQ z!mw-)3tr^A+B10+s~VC(*_UV?Dr^I0*{}(PlLKpIruc`VFfUDRR*8RhkikRsC6jf# zC*x>{Xg|=CtuHz1A(`eFo%^MSawBxDM?nTRF2@d#pv)WGQ3^pmwI$LCku2=;z&RpfBMeK>+WL~@p=LeT$F~qV-C9100!MYdVzZCU+8$$OFXO1w z41hFXNgdni8nn9bIIteub@Un8_FWNaPyUTN^&6&@wPlX9daimqYp&*cY3CE;dy|+xtG*Rnf zPeG3#Rfm^JCe%JNB1*s}A0#*GrTrfp(b?o)Lt_*?M;c06`Q}@O#$rs~SK2qe&+)t6E4;i%DO#^8eg`PaVU=VoGP-!8UModqqEIE$Jg zVRsl|zjNkxvVQKs7ujIloY-@TH{9xB1!Thj>QFRFmJy0q64O%s-{$1CMzTzFDC2GdlEnsL#2YiL`gt74 zQ_}mq4;AwvcUi;yD%r5M{k243oztH$>q76DgfmiUv31&71}Og_i^`i&-hRhA=!~-n zQhFxTz&o!iQg3CORV$t!@DMo55Vm5d0vEc~2KquWo1+s-TgVoCf9_We`@Jy{XwL>i zNJ;XvOE1(lCy^*45q#gEUCCi!w$SmYNBZ$c=(-H_A_qqvdm!R0v9?Dtbv_*?DZPs3nW zdX?A-168`DsTX(0(|b>rQux-y(k7x;gIBUGKecuy_qH)QH>I$BDJ4Y6DkQvvr66r; zQEla6JkJR^3rmzA;JHO7tEx*CATy@Lh*UCzZ@&0r;7B#Fd0B+@p-lA3^$4DvW{WA9 zsODf)c_8gqBFMj0g*lbrFeIUsaFwK7F%<$M7wFy}hV4%9{7O0pxt-^>X&!%YRH)>M z8*uO{XSqg*?4Tzyt#%lk0G$C>RCqI}>gN87Rsh04eIAc2a?pF`8rz4qZc^a?aWElri?X*+ zqQ%sl?ktYrOic;?-$)Ajwl=ygEU^QyqZ64Tjt!YzyM$)7ga|2;x9O+#C=DFMheh_S z)s90{YIknx!0O+ObFvGh{VsA5(s7f>RMLQspHTFSR=0_C@*qon_zo1l)5~aJ3_9bF zrQNEZ=P_8EYG<1^5u?bvkE9XaOtuq|<=}sO^D<$rZ6`-S-5# zQ+J)zpY=zCghF9ag=mCC*!z#82glReQ}~yGdo7s*GRWomDm!icd3?^VGZ2t(n`D|R z!}b&7pXWrWAlFH%qO>SkuOo3aM&g(r*Q9V6J}o-#Nt1!c-JYx@ns5rdzxGltznTnp zf=&JzSmyq=o701;PqovkQXO``nt0V`-qIHK26`AJtOApATd)+G*1N=jW|=hzStk`l z_{N%opsKFzZcDrcA2&WBd?K=0!O>pXg%ARs0kOgP5BDhHAIGPm?Jw16!tmo@>7lm>gBYq7r8ih$z>k;%;$JA)StCtp~Egtvd(8@NOt0>P8$Y3@W54-xJw!x zm3h_@6$U`UK#T~%1=KR~@~3ti7qb|u{yKPb*Klz+R=;h<=Np0b=WM8U^7Jf8@)u}| zxBx5hG6i#a%;}R`^>JM#5LLQ>%rf<}!DuMxr!XN2ACj58bhi4ExUphvjsB6E2>^!v zF*c_$3ZS4!ay&a7n~CIwubBe1m!~2AAA0qWT^lL@AIEqFl>HfS~r~-ho<@v z67;QK6=)N==VG59v(I4|M)!$J>Ch6(*!cR3_}1kzNGAG}gM6+uQTR!)zd%I;(3BxN zD2}(>YBkxBa|is9ikZGiFA%JO$$n}s*26Si3Gcp=?~mIX9}aNbu2j zO<;j^*W^_!M(~#l2Y$phB`>+hGv*s>n`@x`-^TX~%p3Y_)y8c}hO2~q;3YgE< z#QOyUQXD_I3w{hSSdEpa>ZF^%W7gY>*-1p5`nL%7=5G(**N0$ppL(-B;je(E8Ww!8hW!kN^v!siQ*)CQ-AGg4mtPh`D>e`Zy2>exU%-^cj zeI|HjI25;zvAP4;TWoNjX3TgA^MPO-WL~Vh=^Vx&5OEE&(K!lRX2u`&Q{J9UjCMj1_^%Fek~m5qe(l zZm-zs9oRR$rqpedU!I{cLN~bui!kuUh{D|8+r{b%oD0PClQT8zbvlqz>5fMnuKZ&o zV-P5Rn_I&-X+f?#!kzew#NOoQQ|N47&Z3b1jCF3}DZ^{3`K))q2$$Ygn^5%h79xfJ z`X}^iS72F48LdsyI4Su>VyAMKmuG)$-V!EWqFf~zfTV`8*j8wSht|R>GA(<&)De#Z z*J6nA3#!phi8?LLE|9>Lq0xAeMwtrRhd#aOV?QD;TKs&Jn65>|5%vLRcXJP_+Fa`D&FcbUdC;diZE z8SGO8g?Uy16Vs(!<#|VY!ZVssFYWEOn`j>sAMIM|>eyU{OxEA!3Pk;Eo&sOGqswJ% zzp;|lHB&~T0t^>gocR#~u`uSj2X(3-?efLK5FfFAeAYFViL8)Hf^GEpgl76397GtK zvnrSE={JwZ<|yq~^IY;u2OI^tB=P&Wci+DnR237I#Hb`!fz_b%YKjOKjg|D+2k$F_ zKg}JO#Jn&M<*_C_fj2}KD4m70eLxVuUlZ|EXYXDq@^05C=)*pMrP5_iom-phyAJR( zRfHNlmRpP`Xza$5DYU?>T*)#nWboxeLUiuGDff?2izds8T45?!hgcW3#GT zI_y)BX_e*V_E>djfS#ybM>hrM4o4@!+#M7bX4LC6|1MZ5c5m+vU>pc;#>D)yQ55lV z&wze#`T0}+s;k9%znHc-==oqU?qY)yo+TVVjsh|`E%0VvndY*jQkVIYN%4morr_P5 zHlNKg;Y>dq9SnUozy+OSo!D!b&kirn6D>JvS%K2T&fIsf*mH#-XkAuoV;5rJgh@DB zS1Nq1*R$!yzYD>6d!(N~0}ud!Z1u{pwp3gJ_18&Mbl) z9MA!m5cxs20&AAmKUZ7mOf=a3kqcOaR{2-D?}G`pnGSaG94Z!t7HDql7?fRr)?tlp zu;J(G{|okrI1{3l6Eg8~$PFf|P69l@C1{WV?FXsH_tqU!bxk-&%lg^U4d2C~fh+R( csk!Mls7l10(s@)C*_*G@txNzo8*70BYrfV}Bme*a diff --git a/nixos/keys/http.muflax.key b/nixos/keys/http.muflax.key deleted file mode 100644 index 982c489c6b08c780a85b5e0ea4df1f403a349d64..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 909 zcmV;819JQTM@dveQdv+`0JDg!DA8;ts)=NWm=k4m&sDu!b)WVef0Le$$+DUHM zZofB{I5d+K!bCQF=g4?3zj&f2?peW*rDsRFScPVXn}}$c^t#dcuryp8mCL4SDw7bk)MIkcrlG6MPivF37pO z#%Gif&9&VrV#*M>iP;8g_JDtQpWuTyc_T*UNivJU|eB^2atMBH}11}#4 z7-yK6Gad(?`2g1ieT-4XBs3+QzMD(UEBkr*vRsh-wmQsCne^9STjiVgcMHStw7 zK-;g)-}_pGT}F*LPLv`T0fh`MG_NXRZBoCBl3Qe*&J{z-+?g_0hNJf3e|lvTV3dhq zBT{?osZcil9UE(|y?uknJ;NItlA0HFur#5aC>+7})X6%5c_d-Us5_wr8$k-ZJmbXY z9eqPnh|o&Afe|5Gjz5y>mf#e2a~h8(Q6Lh4RQP)RxnK}hf81{3Pm^!@YNP;4qc^|p zjflqVt4N(#o#>EMPlhvKz`|_5U9X|CPGO4pL$767XiBPdjJ3c diff --git a/nixos/keys/pennyworth_borg_ssh.key b/nixos/keys/pennyworth_borg_ssh.key deleted file mode 100644 index c830363bb66791f3a50395860b84f2d2a1d0e776..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3403 zcmV-R4YcwAM@dveQdv+`0NWuILs_62z@EZDW0{tcGTP6(Np)rSXBp<({olx^MNH)o zU{ub!d_HOPtQ=wd+XD|XcnC52BbOVd%Dp0N2iI_Lzj+!7BFa2}?&McNOkPOD;B7F# z;0As7GAN;+r3-DmIKc;b)_JB6o%Z2SU`7yvio_SO6#Bhi!FXyNs-HMo8D}SW-abEF##KeaRc9uzG@$%($Sy?$=d3#PSwTnG1H??exs<2NAxr8}z~So9(7;>s701gfsM_J<9hIP|@A{8W` z8{mh6V${MTg%_n|O)UJgIY7SzK;}KDiZgdtq}r^xZGFAG3a!C}=;%MHT)Q^KOQ=`` zR{p8zUby}EE7f#uEZ69DeVzF0ZuD&-G07IJH5^Yen-3Ndis9^*j)Fg3Wx4ra%H5W$ z^xi(v&cqk#ViusNU?lc-j#ca(Vd?9B5aa3Y;#jnLQ!zO|{Eo$mZu1r>` zS}QUclcFciQ>jk1&!moS9HP#MA@dnmTlMoGNA)I6?B?}&%}Igz32S7v!g ziS)==7Fvsf79Rd7P(Wk@n(<4uIceSFJx8^eyad1-Fh|67M`1sK?<;mRFI~b&>b&;fI7-0ym;X@^s z+3Rn9a8^B$C~Iz22t`B1iJ_z5cxP;~HXDvfE*Sw6YN&DUH7s;-fH%`%K-))~)3DK^ zLf8l<03{Y~@?aMnE5E?h2pl2mMDJ#~rhFblxu$w5*^&KK9_aLIAYF`gtSzh z*}d5m4-yIlN(qzwSpj&F+C1fIXzn$9CvtNiU+A<2QfmaHKpEp?-B|1f^)-z@XeE;n zIQ55R+6$byyf6C&F7=+DL9i*(pgkjIQGwR9qT5QuIR0&bcc%Gp9s%yy(Tli95!{#^ z*}`H{)n=#!kldl4_i1lyljj1HXJNMvbwTz1PjV|fC@Ym8jxA*nG&JK?2|hNKw%SBo zvHPEl)@AcGb--rhwKCyV_$=CqKY0%3 zQlf5*wpqq=mQ-oI*kHks7{F>rotlZAG-L%sW|35-Ek2SPL6xHWYlLE5R17RAfUr|E z#lcdUfQ9zyG$9NaDfbS*Xigwd{5D7#lO&(Ed=Vh1~uS&<>?$cR}- z>91kx0dXM@XU*#Lp%vmTz!*GpU%hM>H66|vF!Vs9650qL7l^D-gjSoHm*tfc#O&&^ zJzlMk10i+iZ3MPjAhCa%0i`^4)-{k2ec<~06h{EErPuFTv%0BzZ@Q+bxQKrkF}mT& z=@V3pX9DUmtRfnTIk5hh+YuJazH-hX2fJ30bDOt#m3~Ha*!rW!`fG6tDN1*`2)ltC zA8cG(g#GoZX2ZwK=ET~t(5^nE(X%Oxm|)$fj^1Dh+LK=K*rq);_$$c2CcD??;=^(7G5a;r*e(2;Q3!L>#k0m>_+_tL(XIXeC zt^OnOs=fL5RP1Hm#CxB1FQr?GN95Se{Kf56HzMNYi46XDtkcqw0P0U3C;=scc|d+} zUcK86>xSncaMs#U?h00#%3Rio0Mpvxt)8?KB1Ru3Vr=bqEt8Clz6HZyU~MKr^b>!k z*u0|te{>B)rnXG|Tw=WMRYNTvvGxAHi1MpjjQzyWpAHwTctqa z!dX;Lb03e@qBWRJHczOH7lf1ttwe=V7@$!ci2Qc`#ymZbGAWOt0j%MXfLN;IVs#q; zp0-bYMi4-1JbJ;jqfhtKWjYhk!OYV7r;9|=hkSCQpMTzL?jTygja|CIP#tvZkubKU z6bcN^1`K8IG%><$Ui%x4ZTRzf%onaUMefl7vZbV+sqFgP--W5{u3j^hhwo`=;~noJ z0!rO9kO5R~2kwqLGjJtEnT#1HKX#UyfIpge9+2>qRm1qIt+Afs%(=tNi_`FgMFqVt zVpeXNO6C)H!ZI1=#Fiw&f{+%q;bU}YS7vlN*U}^7%5tRhd7i?37{nA{&B@z|KaYB{ zub85;j`Mt2M5i=+RWZPu@O3h&d@D-5PgS{`;)T%4mmOdnXfTEL!FBwwX-2V?{zU%6 zU3FI>s&JwvAdi<|P3$lYfmZ*#VLyT_T&tS~eOBFy=vT$f2`5%_N0DCy7SLdW2SM#A^+W7M zYtiO?GB&(f>k{i^-3;$~9GT)aID#<@wes*T23la;y4Xms#EbJGJKo{!vc!09($0tW zat43lm1>_*?rvsyoPY!mx&a?R)7Iq|T26E8>^;=-ve3r=*td+c3C+{?S4DkRi_P8V{$$G*4@I%h|UM$bO zfTzj1%d1c0!@Gb_vxM5&>KbU8EZ>?5kU!0XN4HJ-RPwYmV^>Nk0?E)7nl*}IK9$3g ztq0BWJm{7&c*j2?M~Icb@)^7Ni&wB}{x9g&^H+lyH`@omEr2=c(AP{2OsP!4*~c}&h{qC}7`ab<9%&Kq3S+IQ2Rn=S;h_TuLX>4}3=6P3ZRp3k5c))? zq_D%|)}@i|E=b5FZG8zPmeXiN1aMt*7Vk_nu)B0KYf z8vn8p|5X`Zh2wV1^tK9v&?L0MBJ4&qsmIc?b5vv)aMhFke9j{_?(S?0wLkf@S6Pv@ zBH%w}e%MB*DQuW5wOvOrrRHu)(eyO|Y@)sV6987v?(ZVrAJW6HUOlMB$2?+@1s*q9 zWFmCf_WI!~?orMi`+3J2yg0#=Sq#_9~_ujI*e-*%p6B8z0T&)*Y;R@!nAP1i{S<_(#S;t z{cb%9jGVY^H4h|~by5*wRwQY!=5JCtel{{-Pv_3oMbjz5OpSzU6vm7B1AN&$ZYJEV zMAf(>cfXDq8x?b8o;QF1(|yNZ?KG_(Sw;{VXkdSAAM@d%dfzO^<4WfkfSupJex~St z)cto*xm8Iv6;4S8a`n{t{Z%+!hGJihv3-UJ5V(Wba8rsPZ>5D^|5~?5r|)x=jcvY{ zk(b}t)UU5$$_irprypX^UhG9(5U8#~duKgrAxY!jhg54}`LJ0-i?v&Vd)h} zetAH_PqV=Kd}G3Ws~v5unYn#yjULod7(*B(muQu+`6rwQ5G0k9ad4ksV%hJL>Fq)Z>i#TG8SPBvCpRXVx^DIbi{u0nNDi55&ywtQUWw_jnOY?#pSttM zF>#rHsdwWICE?YbT>0TPMlbhNXm58cDdKr%{`K170KS96;lD1$8XTTOfYJp0FQ1$v zKj`ro$@r|Saw8*yA+~xkz}{~IE{I)09gY+Lt~G-)Gj^jK?$3=n$^Sw0q8ZtM71@oL)J-06=UEnMVn=U< zGrE(io)+5eej9%j)?W_g&Iqyn&4I3r3ywA}#7i%As?)(uP<4HwW-Uk7u^uen8R@Z!gAUcP3vj{%UN3 z0KUj-5g)Eq;KLKpYe7(N`l)2cT7WjK)B0z_QKb3atA$FV83N?oDo3#l=3}(m&D=6Y zeUsk4L*NI)7mzNKz|jMEIk78@E{v~gY;VrNWyk&K_`dxmv1?{?lg{6F+l5a+14J~8 zxJL-mze?xntPmgCLigIdTe((uEsIQLw2RApKArp4iqB(eVakb89YVOvjF}YcLk#c@ zXaWV`57SoL_$D7nAa{P^-0sKnfl?!KM=l=APYwDt*$2mS!2LfewpTq-5UJQlsIW*R zukZ3g{wKJF>*%l!?8(ne>Z~#`>@B{wA$7b_(wshnGO`zREvdd2_ZCAv%Y)~j$s6PJ z+n)W20UH07T`X*|i*7NbM2?6+ESDi4ob{~sRYdl{*-G{?MFQI zG-(zQJv-PNb6IN1i^2k|Bd;eU2TfzG=-hqJ$$O!UY;W^jm%uGIEhg#>+02P3>#u7@ ziubX#=f4xc5NjE-EDf+o1DArPa<540|0gCDiz!w$^ZhvK`{`62yU?xrN)sCT_q@z* zkkxsI_>#?B{ygR%Y?bq^FhV*#$^GVplP~09j|)_Vm4X2Hcy$_H0-u j+5d&`v+xEr3+!V1@%U6#xf?IOa|;MuJ?C`c@=IYrKXNw(Fxx+ryFrWhFlzrj|!EB^(jj|@_DC; z1H6lNGOn5ge1pmio$Gl_5m^xyk*f(qaBQafd76RhJa%yJs#fMs(d8lzVepiBgELxj z5ja*lxQlWu&zaGTqIDpzK$Z>+qT$}AHf3@G*+{Qv`h&)Veid%p4NQOD9332T1H4Kz zXm=K`&_aQCf{d&@*2U}*?N454?}D2TMmkEstlm7PRrH(LF8zewy(jil>f^T_LY=8@ z^D&-G>*IkFEONWJ!fJ3JCD^tn>>9y*F|rzzz*|`XU7)ygZCA>ZFD?2Zd~9WqYHcaR z>a<=mlIyieEeNmIq7V~k z+*p(T@tIqTXc2g5C#Y)U9BilqE^G;lI!+Q~G~;N(NnJa=YWHx;d-MdJ$*8}()ka2H zk@?yoD2e%umceAr$LJfEO@s-#DxsdozH^G)%%^tN%!C?&K3CNpZxU8>L*h zZuyjw{VHfYOlkvFE;g$=b9$OUzFe5u0n#>Y@EsVX0}FmtcZmK$1g8G4<*N1{2ss13 z{~ZqPdL7SK@srJ@P;+f?;`1-n2rJK`;3`E7?78|q_y8MhpQ4OJrtI<^pUb1~*k2iQ zQHz0449y>r1%K!nz5KL&lH-6#Wa3*#ZC@KCAh|-T#JW-%ebpgRp|xrL;$0p&v#k`4 zcg0<$p3DSf@I1*xHIrVQ)l}j~Z$x2n?1bhw{-}C_^(P2Xs6NIO}~ z+Ydo#bbv{eXm90BUUW>D}0&wvD8E2=nuEz?Qrx^{pLIaz@~el`m)6&Qij?3&A0 jIOh%TbB!w*uTQ50wnX_$HW zJ@;8cS3V+-?OeH*+?utr&{AFGorhxxdUhB~J)WXTzQMa0T-l=7WdJJuf1qw7GqZ6( zGY@MC;i}Fhk;$s{R9mPNhwpN(0;n>Ui%G<2ym4J-ijp~BJ8((>p zaTX5ygZR^+HXSNmhp%6v5qf|{3O@9|H__Xd{9JF<2{wEO1n5aP;paJ3#y|v3Rk7Ai zqU$g1MGqtAJ(+4$3z!wCTs!*my05&XS?reP?>*|(F5|kd0im8TG)D`|2ao@sLUJ=6UTkZ119ZMYbgSOGWGw_X)76^*3Q324)dix_pKv3wKP45e3uYrWz@PHw3(PyZk?iTDY$Y&tVKJ z*cE9ucNB$(e~1t=N$nj`kFhG?ADf$!TtkeZ9}_{qORakNcyeVDi-)-R+fz(Ly)+kJ zRSc_v-}PIFvL7iMk-Cx7b6H2Tmkh@Gdyw#;d!2rE@P4LM($$HOGdQk%b*Yi0d%flo jD!yLLb17Ih#f-XxoJmthsWrqk=t~(HpSLjVR}}KxF{rty diff --git a/nixos/keys/ssh.woodhouse.key b/nixos/keys/ssh.woodhouse.key deleted file mode 100644 index f30c841fee6c0b9d9e344f7c0dea06afc6545448..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 909 zcmV;819JQTM@dveQdv+`0258o)4ngUlcykH7 zqKyD#+G0GA$x?N{7Q5%Tl69N@cNPR5cS?J$);-7Q`oyTT;KaVg18TwnvE@W9xML|1m^FCb!)`h30>{^ ze?_eXM;qB??QXl}_;(|wghv+9h&eoM+qpHIMfWHzY8a+ zNlJk(Go=W`d>o~jV`hS#6X(Pt(O%V4)B}F$8gYdRc)LYVyiK3ASdN-!ttYGz=qr{{ z9ib9p%PffRoxHmgH^t7!uI`d04mpJxR_;m)WcBk~rBuHq;PML^hU!sGu_)hg|H@&3 zj5Rt@3H+XGnBg3;t8nmAs;Y>)D)ZWZT_&FLmBQ+s=e%!!=E_Xclz(5%+EuI@wQfGe zfkh{R@F8q>t$ZuwTUDI);<8p$ufn^_IW7FF2#8Pv!-(lq+nE1qJ(|S=kh2`JEPNL= z?`rFF9wAA@_YM9lj_eokbc5V6Cf5lxv9lT*rjK55+EHE-1g4LR|6ExHh+sm~N332R z^DfC&3JN8j0fE!tHHDy8kpQgVq0o>vO+ zQyVYM3u|aqc97aUcFg86$zr{ITOlQOUEyq!#p1a1!0JNL8uW{Nm*ji+L+92+qFDX) z8ml^!{%V>5d{EE=;oml_iIPYqEemm|hX@d)?fifY(#iKnaCKjF-+C$$7o;gk*G3Wa zHkm5J{2p3#7QTysfbjr(EeaXuw%evusndW_Li;5ajh2CASHXm)en)Qu!Q1&-L!qX8 z8Zk7kN}!@IK6I32$$SE*T&%db3fo!O7%b6qoP5Tms6p*32JBnt<7o7zXgf%10drBu zU)B*HjI~j*9ye|zptQx;)ir6ul3RR_Gf}vp>6gwPS(_I!)2+pw^Nvy8TH#0NT9bMJ jG=Z%g0pb@o$J(9JK%d diff --git a/nixos/keys/wg.mullvad-nl3.key b/nixos/keys/wg.mullvad-nl3.key deleted file mode 100644 index 91584a6cb02b346f0ac75689b9a6a0bdff69605a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 67 zcmV-J0KESIM@dveQdv+`0Ilk2|18SBkx@O!i1J9UX)o}l=xsPU^W+i1-FGW;diXLu ZWHAOfiwi6EF8j{$#(CCRQIIO)^=c=^Asqk! diff --git a/nixos/keys/wg.mullvad-nl4.key b/nixos/keys/wg.mullvad-nl4.key deleted file mode 100644 index 6ff1d02535eb3c50da758792351d47487d2ac57f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 67 zcmV-J0KESIM@dveQdv+`0KFqfZzcEjMc6BI60fBQqYjDhP^2XDIRf)~3OYzi*g%A| ZV>RapX~*Moc*ySA^ODKkXdwoYWxS?09?Ad! diff --git a/nixos/keys/wg.pennyworth.key b/nixos/keys/wg.pennyworth.key deleted file mode 100644 index 9eb68a877a7927541f7f1d5e631e001f25ccca80..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 67 zcmV-J0KESIM@dveQdv+`0JVwl%%f<$76R^ItX@rl_q#5>ZX|o_{0$Qce&xw@!iOx8 ZNr4Xt(n1w{gdV?<7!cYD$;L|q{HNfQ9ohf@ diff --git a/nixos/keys/wg.smithers.key b/nixos/keys/wg.smithers.key deleted file mode 100644 index 73d1bab1cded673b91f4b23f3bf098599f04eaa9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 67 zcmV-J0KESIM@dveQdv+`0NTtIJ0M^LJ|RHQrQVD-@s!Ky?dM^Rp05whluc4>8c|1h ZEyu?vBsWwhI#ej3>Qy$bKaxuhyM?5(94!C< diff --git a/nixos/keys/wg.woodhouse.key b/nixos/keys/wg.woodhouse.key deleted file mode 100644 index 91b24e026241ade77b0b5fdc093b73ba3131fc41..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 67 zcmV-J0KESIM@dveQdv+`0ONqluL&J6v|);s47K!6P@YHMN*k3c&b{-HSaU8``%|}O ZX=RDZ2QK|~ktt^;cfERePwgp6Y7xO;9YO#A diff --git a/nixos/keys/wg.zazu.key b/nixos/keys/wg.zazu.key deleted file mode 100644 index ea44d6ab4cfc191c407b2a733a127e49a4f8e639..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 67 zcmV-J0KESIM@dveQdv+`0N6P)+(|#RAf~v03^p1|w{F0-35uU+PV91l ZlTb354?F8KIg>0hanir7x^RM}q}ZDe9t!{f diff --git a/nixos/keys/yori-nix.key b/nixos/keys/yori-nix.key deleted file mode 100644 index f080c825bfb0485c322eaa1a3161139555c47cdc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 117 zcmV-*0E+(rM@dveQdv+`06{*6JwO1DqB_Mye6GmbF}f)I?*}^K`L0XN7Ueoyv(+9w zfp7kt9B7_R>E{BVl9hsYA79R9$;D|D)HrivOAfa)p|5{ diff --git a/nixos/logical/frumar.nix b/nixos/logical/frumar.nix index d0fbc4e..798fd6e 100644 --- a/nixos/logical/frumar.nix +++ b/nixos/logical/frumar.nix @@ -6,8 +6,6 @@ ../services/torrent-wg.nix ]; - deployment.keyys = [ ../keys/grafana.env ]; - system.stateVersion = "15.09"; networking.hostId = "0702dbe9"; @@ -88,8 +86,8 @@ AUTH_GOOGLE_ALLOW_SIGN_UP = "false"; }; }; - systemd.services.grafana.serviceConfig.EnvironmentFile = - "/root/keys/grafana.env"; + age.secrets.grafana.file = ../../secrets/grafana.env.age; + systemd.services.grafana.serviceConfig.EnvironmentFile = config.age.secrets.grafana.path; services.zfs = { trim.enable = false; # no ssd's autoScrub = { diff --git a/nixos/logical/jarvis.nix b/nixos/logical/jarvis.nix index db2c300..8875329 100644 --- a/nixos/logical/jarvis.nix +++ b/nixos/logical/jarvis.nix @@ -4,4 +4,5 @@ system.stateVersion = "17.09"; yorick.lumi-vpn.name = "yorick"; + yorick.lumi-vpn.ip = "10.109.0.10"; } diff --git a/nixos/logical/pennyworth.nix b/nixos/logical/pennyworth.nix index 1538ef6..ac007de 100644 --- a/nixos/logical/pennyworth.nix +++ b/nixos/logical/pennyworth.nix @@ -44,12 +44,13 @@ in { }; }; + age.secrets.muflax.file = ../../secrets/http.muflax.age; services.muflax-blog = { enable = true; web-server = { port = 9001; }; hidden-service = { hostname = "muflax65ngodyewp.onion"; - private_key = "/root/keys/http.muflax.key"; + private_key = config.age.secrets.muflax.path; }; }; services.nginx.commonHttpConfig = '' @@ -89,7 +90,6 @@ in { }; "media.yori.cc" = sslforward "http://${vpn.ips.frumar}:32001"; }; - deployment.keyys = [ ../keys/http.muflax.key ]; networking.firewall.allowedUDPPorts = [ 31790 ]; # wg networking.wireguard.interfaces.wg-y.peers = lib.mkForce (lib.mapAttrsToList (machine: publicKey: { diff --git a/nixos/logical/zazu.nix b/nixos/logical/zazu.nix index 42df95a..1e5b77d 100644 --- a/nixos/logical/zazu.nix +++ b/nixos/logical/zazu.nix @@ -1,5 +1,5 @@ # Edit this configuration file to define what should be installed on your system. Help is available in the configuration.nix(5) man page and in the NixOS manual (accessible by running ‘nixos-help’). -{ config, lib, pkgs, inputs, ... }: +{ config, lib, pkgs, inputs, modulesPath, ... }: { imports = [ # Include the results of the hardware scan. @@ -7,7 +7,7 @@ # ../roles inputs.nixos-hardware.nixosModules.pcengines-apu - + "${modulesPath}/profiles/minimal.nix" ]; boot.loader.grub.enable = true; diff --git a/nixos/modules/lumi-cache.nix b/nixos/modules/lumi-cache.nix index 71aaaf5..1804a50 100644 --- a/nixos/modules/lumi-cache.nix +++ b/nixos/modules/lumi-cache.nix @@ -1,27 +1,15 @@ { config, lib, pkgs, ... }: let cfg = config.yorick.lumi-cache; - nixNetrcFile = pkgs.runCommand "nix-netrc-file" { - hostname = "cache.lumi.guide"; - username = "lumi"; - } '' - cat > $out <= 1.0 BORG_REMOTE_PATH = "borg1"; # SSH key is specific to the subaccount defined in the repo username - BORG_RSH = "ssh -i /root/keys/${name}_borg_ssh.key"; + BORG_RSH = "ssh -i ${config.age.secrets.backup_ssh.path}"; }; # Define schedule diff --git a/nixos/services/torrent-wg.nix b/nixos/services/torrent-wg.nix index e8001e8..e5d9dd6 100644 --- a/nixos/services/torrent-wg.nix +++ b/nixos/services/torrent-wg.nix @@ -7,11 +7,11 @@ in { namespace = mkOption { type = types.str; }; }; config = { - deployment.keyys = [ (../keys + "/wg.${cfg.name}.key") ]; + age.secrets.wg-torrent.file = ../../secrets/wg.${cfg.name}.age; networking.wireguard.interfaces.${cfg.name} = { # curl -s https://api.mullvad.net/www/relays/all/ | jq '.[] | select(.type == "wireguard" and .country_code == "nl")' ips = [ "10.66.30.26/32" "fc00:bbbb:bbbb:bb01::3:1e19/128" ]; - privateKeyFile = "/root/keys/wg.${cfg.name}.key"; + privateKeyFile = config.age.secrets.wg-torrent.path; peers = [{ publicKey = "hnRyse6QxPPcZOoSwRsHUtK1W+APWXnIoaDTmH6JsHQ="; allowedIPs = [ "0.0.0.0/0" "::0/0" ]; diff --git a/secrets/grafana.env.age b/secrets/grafana.env.age new file mode 100644 index 0000000000000000000000000000000000000000..18f3fcf2db54f3d330917f94f65b0335986f78d0 GIT binary patch literal 605 zcmZ9_OK8&o007YGKqLxI#EbJ2989ppCTY^oL~)C z7(FMl)S!s4I7;&xWBQ}v5=%LL$FQ?iUozg8R@rzMtq#Pf0P5sO3aMBUTp@yhR2BVl zIL4<8FQux2Ez;FqU#Vc^TmXU~FqkNMXpfoV@kFHVD7=Z4k#0MUCAl(Trc)t4L1-1k z>#fNy@OCP*xtLmN8GF^-Bk=7cJUy-`mlk);|Jw5N^SCfOJNandH`Dm`pzZy=p*zi) zRq5gDAJHq;*t1(tF1|T(wKVbaF!^Ef#`5kQwl1~Kp770CUlp-sZQJjzsq(_c3fcgN zziTU}8p~fM4(#9#T~@62mg~&)%IHC-us^;pw)NV=rt_FQ4eyQ4rC&U~zp?%Js*ir> iKA+G=JJ)Y7U0C~cKG2%}n7$d88%_GI(CpgTHuMKfqT=!Z literal 0 HcmV?d00001 diff --git a/secrets/http.muflax.age b/secrets/http.muflax.age new file mode 100644 index 0000000000000000000000000000000000000000..6e6dff10168ccd4f2e371bef89be364ec39f2434 GIT binary patch literal 1282 zcmV+d1^xPAXJsvAZewzJaCB*JZZ2ja5ZvcGB|fpbahd4V>WRwOL8!JQ7~_FGg%5PJ|J^*Xf0)AGBq_ZIUrhk zbx%1_AY*QJS9eNrGe}2sN@6xoQ(9(0HdHcKNKJNDNNqzxS3x;ALPJesW^*ua3Ug3p zcXVS{Zf#FlNMdzHRcbdlVP#oFRZTB)cTi|EcvNCbRA?(iVoh~43N1b$VJJU2PAzA0 zWnpt=AaZ_rYBFJ5AUz6XK`}39S~f9gYiDL>W_edpO;%`UQ7d9fS94WRIZbyfLP2dg zLo0B3baHBKK?*G`Eg)}dLpf$jGf7i-WpGh*N_s|URC7^EO}VzDk%z^$rUG#cBI@LRWeweFO(^EZ_&tgR&O*FPBd_FdRoB*RsK z`I55assqnBok=_KM9)(+4I2@PFvBJ%{45VdCz?X+|BJ3en3@W8YTa=6i&idw%4boL zzm(i*SeR%mIh-*20Tfczn~63OB1}Y+J^`-`1yNk zj-RdOq0}x{hL!2ewPQBLnXp)w@-&}ls5SWcJ<26+2V!QtMZ8>M`091a6X z6aj`s>JO1e3g(#A^n7bZ=srehC1BMNfneM(LoP^{J5Z6U)=;x(6UUEvOL_5{Yfmn& zc7M@mKgBYUI`_qD1lGP~q6F_Ski|}1OON&D_EMA21{mt($M*FRZ_=!eNvAWfsbC>T z_nxU8d?P_SmWz;x_sZRYRe!pc$dYoUW6BWz4CkXHNgrJ6M^+}>*&v`#@7Z{JE8-d* zmz{*-3-n%=d2*h3(BfmRl=H^$)j)UxTPuW3>=fu@m2x9dm_p^fMNq~jBm!&I7sEOXh)1UIU;IurfeXucmXA#sjZIj#7Z#n=CU^t zlpF|M*USiNI2tGg1&^@s{xL^41TaM08&i2o7jS_OpH(E(=jI6x1<`+VKM{wTJ)iev sCrtYn1d||sRbAF5@N2#j{%*dgN65BWLW%Mx2B5qbVHUH||9 literal 0 HcmV?d00001 diff --git a/secrets/nix-netrc.age b/secrets/nix-netrc.age new file mode 100644 index 0000000000000000000000000000000000000000..626a1d69619ca9fb5df758abd0e171213d04a783 GIT binary patch literal 563 zcmZ9|OKZ~r003b1Bt40O4nz$y5Ug37q)!KfG>5wMzSQ*33(7;&6<&+p^I3a_G@K}#{ zrd(%O#F5Zoh>deHPEYs=)8%ZdHz~>jY$Gm#9@h%OFnD z6`B}d>xOPrrc6n2lR#4v)JRJ;mn;*3_Fn@P(DaPHZvfZD)tecW?3EjA6BBC**5KSw zVLO=rF98IBLMtHJa<+pdlk|(-gV!;S~ySl?~sRIUyMF1jt=f^i$}<}jR$u>a~s>cmp ssh-ed25519 lYFcsw HsqJA3brEYXwaJT7VjTassnpzZSBsa+968Oe6BC7FFA +rwqKJVSh2BkXpUbnkegEOKMWV68CXZnOg5HJlFhGWmY +-> ssh-ed25519 ZzuO9Q SbeT6ExvwzTog2HXThI8OOgJQoMqWOOtU6gmU+v/x28 +pgEYyg6EuRsIW1shMlvQfTGxwyq0/uFHQumDmB0QzZM +-> P*s7TnXP-grease C O$ +KXqmSEK5b3oWErBT6A5w5A +--- 7XjRgeS86xeERnenf8zSZPb47lV2GiSa55ZPKEvjJBc +x6 +KO+SUaHr-ACMnfs;bBd;L92 LSR͞t nnN \ No newline at end of file diff --git a/secrets/pennyworth_borg_ssh.age b/secrets/pennyworth_borg_ssh.age new file mode 100644 index 0000000000000000000000000000000000000000..77380f7d6f9c080cb79758359813123f61655818 GIT binary patch literal 3838 zcmV#lODl6}H#BE@V{B<^RX7S~ML}*ebxcua zF-kB;Ms9d8Z&7PyLTzDsYiv+fFK}=#Pi1&xF+y^5O<4*pJ|J^*Xf0)AGBq_ZIUrhk zbx%1_AX#B{MshSsL@zLSQFU)oFkwwIXKYPLL2Wi{a#T}nMLA)1HF#QVX?jIX3Qt5z zXI4izVo*V3N_SK+YEwaJO>#$OF)~ImK{8D_Pf~C~WJxkJN^ebX3N1b$K4D;WUVANP za%Ew2Wgv1*ZCO}*HeDcAKrbM0AUAb#H75#qYjSgXMom~@Y+818Rc%sMOG`~sMOJ4= zM|ea{Yb$PVRXBG`H#m4pK}tb)NMSTZS!y&+Nii>RRxmerNLn%qcQZM2Ia+jMXhvp2 zT48rGL}_X=X*fqrOmA^QNMc0_EiEk|X-a7|F>iNQRcTOZT1;V2dQw(-LPv5|QgT)` zH$r7{K}>l>FL^OVQ)4&^%TnJ7;LSiuI!RE=`%|Rrhmp4#S$gmEEH#H@7BJ$U8iTv| zaGK*4=}06YV$_cz%x^k*1DWcJ>DGuH{uq49c=Mh3@=O~$k>%7^%`6siG^uE=mH*3K zE}M85DPC8_e9mTg;Ld9Ndi2406?T=?8XChmvUg;uY;2!Uw*z0TH@`a}7FmmN+~Hin z@okTgNp;cytiaMchKc=AQkKwGj!^Xi^I5sHuFPHxzJ=?gGez-&XbpS+VX&Rk))Jm> zZp~@SoTQWZV&e@+iO6L%J#y{A6>h8s$B*GQR7e1^8(pfG52+JZC~}B;*6h?)AH+TS zK6cCmrF*v=Ios>!_19HNn>%p?ZKf{vjY_r;Mo}43iqS@6p$)|ND;R?{yQ$d`pZBaPQe3t9xx~Sk7N^!S?hzUFa3Pb0=(BVptE)q zxMu9+#k6Dw*yd%SRgUI_?~IcW7ex>Ye<`)J69-egtro8C>_ z*7@HD&G)c@neKADICxU(2m_tOhY<0u({zRs7}i)rzITyFqcm+Z`{nN0AR9QO6TR;b zPS#>nB+{Qo#N>S>CY&)<`>pXiL*x#3(w3#S^u-VSXl7K*7xeXzpuMgZYX4Z72lehD zwWo8Rp>`RTq|&Bk?~fa=)lB?3Ifdz`>X1OTzK67ho$dT*z1mrZnI+7H+6j)^EbA+4 zUfN65A2ls7Jx=v3c>Iv;K19w|Mi~zSWh#B;EAd{_RDTa2!V!l~nh-+)K5Y**FhCCf z)^o4!OGs_eF7=8$?6F#;2^ztLFl8Y;>Fq52GTkcFgH`T>g`B)2N+4ff##Wr6#L2}b zw9Ukv!2!`N7qZ-TGgYxMiLhi9o5H{4)v|#kKVBsJVLM9PU^@g=yM+kvG+x^ow{OZ^YQJ8r!R} zDIa(9;A%CM?b+L7npCeavM-`^J;C7fS16{H{Zf%&ljWQ3rzC72l%p z!3Z3*@j^6Ai%2MBEm&Ai(hPZwzhv0e};;JNDAXsWhfX zQy_;l*`wN*?b=YbhVo^cVKEYGZJWd675)&VT*PIq61M}5$zdzo2dhc$H{|je^gOyF z7xPVuSYR(45}q*UCMM$VppV6D+{2&dIh28?S8H(YGXArz&#$(RWBF1JF^4!Voaa$0 znNJ~ZL?Wwh*P=uy?kfjQKXT`o@u-Ik@ghXWhtI~rBS@zw|qNdQim% z&QQ-N2%MWF^}^kJd^5}s|H>YdeLOveDUJqI#_C+7$(=>a) zj~d+sq0|Dz+hsl7!*dr(U{z7xTv(4|`>I=Xw0Azp{Q?S?>%ljw6C_^Jnj#^~+sP#!^QFX8HjzEe*YoG)|Y z0iRXuT&+xjvqN?)z6O%9Z0wOO79_wNDRjry;nlY?ONPkU>O~T# zZFTT8I6)&zekcdVrp>@Osi0`ohQQDQ3S5=FjIBnH7V-qB1eY^KoA^qA{Pv~k83jO+ zJ}o-F-N5M?P23*3iAh?T;A#fRt6)%BwUl#Y8QiDT@z^)2*7nlD{Ixa4`Be4>bd5JI zd-wgVP@tzp3mt;MD$V# zd~qW3DRPq37izm2p(ol*ChfOZx%Dy@1WYo(g6B5vxgA@~%b0Z6;f5uoFY0F-pCfvh z-$s$LnbQYb=usN%f5n;QFm%2+-BtSzdU6Ya$$y%4J}KxkqYXfkwwA()j5yUCg(dn; znfpR@iyL@VFBy}n+xVW)2+Xcv2S}+1GjHsDmkuMpm>YlRDcn~zV44}5=b^d}epw`G z%PA;n(%rkjRtipQs4@^za>%||$TenD>O)d{Rz5n-*>hod@G^n38K6;V>Fk}IDQ32P@zjsncZ%n*txEcnI?FfW(+j#rlgpYy>!~v8Fr!*4SO* zMUkVJb(Tp3`fd5oIoLe39k9bc$*CjES|5JB_bOJny5VL}lc3y9ehulTnEP|3KZY65 zzWe1aPm&K^n?Zr!k$%@%Bwdt2Kp<>g{~?7?etUiN_wBxDO(EqD|I3g%FywWj64{ps zGUMyS1-VT@s-=x)7l@D5IiRKHBXJn#1#}T0#c5^fcXoA=yaQW4tbD41H@1A8mtY*VR1-!}0$2_s4>@!H+~E^)B{l@E5iD znqR=tx4V8c_sJ|Zgh0#V$+MbdBa!a64BI^gscOj@0gJ82VXjgXQM%+W<0g{n4)qQ| z7>=#GidH>QIEFO)syS`ftJTx_>}Fa-_=Pr?y*+wJT1 z^_7k?KsH?Q>jlX}OaZ@l@EIVvsd(R-yVs69mYzwZW=X#Viat>yjvH#04OL#obk*Fl{!*4k6NL*Fd24Y(v`_jAw$yR6Re3sc6A0&R0MD~x-}wi z4Ekn52Rp!xwHHiC#iD=U0AYXRQ#NXz+iRpuDXRoF-(tLjwvW+I)QV;)^<{W1$mG}| z;WOMM_GFLYPOmG4@~gChR>H>CHG=l^CQO-NmY}nNH7QQbuaiMh|HLaKRTaJK#KkFr z6a~QwJS2w!tY_v=`gwL=s-dUNPA^1-%QBO=CY2?L@)-FAVE6GavmLNuaQff(C5GhObD3vi*GO6%U7Z@$6;JAZ_1<6zd{Eo={(e?}90_`bJip2yVU z5F&sitVQzBg%gPsU?FKq{eNTf zBv$YpYxS(S`KD`aDUsopK0N!tD)DUBg=~b$sw6ygEWkx~%EmQB%|PF}B6VK#)pdzC^R3U(joq2+7QL-yEK{KbQS<> zc$0>o6YsjJ4zH1dz3UtX{zRIL(L@M~sk?)Su^um_2p`Mx1`M_FmN=0G=ZW@cNeH`r zf;4U_!XR)GXr*U_0ozRktR)D=JcFh6%tvS*#37kRK1a_Kxm*(2d!|&mi>1{OuWhUv zUjoFbzesocJ4Y`w`|6wQJ6_{)i21}#iBanv0zX4Gd4q*MS1O2B4oB9?nXaRkLh5m_ zQ$Wi3Ia_$;A=pgNb!wN&{61vH1`N^}NODc1<)f1sDT+lo3nj z^N(X9;GAz|XL6hkPzoaI=T(VJmWY1-og4DqE)2NmghP7Patiz|4oBWLdy`=eQV1jP zN7cF*N+6zIIraq++B}9wtUrWoPfu&ZYy&&+|40E;Z@w*-Mjg$bL z@0~x?TW4x1P>dY&$rBzFVoKFf0So<^RuKnw#rPAzsHlUp@iQcgpTMyJuBZo0>9`;* zTMd6dQSHrp>e@IKsdS0Hbnipgf^Zp-035{7*$ly`!2)jX`hpdI&Z zROGxCsM!z)Vo!S7i2#hUIfh-n8?1H;q#WIWvygV0&tI4Lhyt;j=<0ZQosK;g0Da+7 zH3-#^>J<_8RF5b1x>Rb9u6)tmb50VDM>EY~#*Cy6g6zL;-`RCPnaXwt91$pBQegEG9^rfNvGn4pFh889!9&|Noxbe?-(>2BG}I~>+ghd{wwdVUAr0a@=AOCTJlA9GAnUE zYmS8ecFNlAgwbP7307JmG3axn_K4Ye`IQLr+rJsOH2(Do@Pf8p0BMqf7dmDV{@0OA ztLdGwpT&vB*+*pV+TQhPN*nTIzgNQ1-3O5wT;{8#(I2GS!%B`RNUYyhfeDQ+7|1pX z3W8dC^e3^{QyxvUmDZnuoG)?uWMwnrynlsju{to6dQmFI?lzjmehtB%p`zgxJ*!BT}jzE3o2J74q0! zNJR^itd&t9DGe@Vc1%gBAk00-?7qaNy(T$+kPMS}%|8X~J1sxC@ZjNV`RVu!U>wCY z3Q&iH{x;PeouY3DP;F36%Vz`|0K%U9s+WdbsY`(p%l8SaklT`9X(V8LY9Tvjs2)$R z&|Z#QUCq7}l%1;qIu|uHze-&O{pVJZp)oQfIIC|W=>$d=WA7mg#hT$)88)l}+Y!Ix iP_w0q$E=9uyOitl~;jux^ND+3W#dqJE?;YNFq?m^Q literal 0 HcmV?d00001 diff --git a/secrets/wg.blackadder.age b/secrets/wg.blackadder.age new file mode 100644 index 0000000..92eb358 --- /dev/null +++ b/secrets/wg.blackadder.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 lYFcsw v6eGXaE307KPZGNPiZizSUSiJ4om5/igqveCtyXJpVA +7tJ+o/YBYrHF+DeLaHeBdV6ZVPEV7w9Dxq/4HcpGdDc +-> ssh-ed25519 4Ui0LA 2gDiPTnSkhgMySIeIITAUmTRzCDHwFH73BKayFzIBmE +mc8SgUhs7WSR9sl+Y1ZkQahwJ2zXdbkEekZkGXiL7ss +-> !ff-grease BK qoe krs&bJ +pKON54F5tCt2T9YGQM920TxaK+l08X/1xCSIpSLy0WwpzJYeFu6XRT6VoPTga/hG +tDqS6PvXw12729k5JH7qMS2XzDEuh+6NIRnDuwGC/ttfk+2HJe25FifbZhE+1YNC +9A +--- BxJEHO4W1sUHQ2pk8CZViEDCy+WhyzVdWlZUZHIHlBE +-fV7O9_B?Z /TQ+3B*wv/ ^@X!/uҪ \ No newline at end of file diff --git a/secrets/wg.frumar.age b/secrets/wg.frumar.age new file mode 100644 index 0000000..6de9114 --- /dev/null +++ b/secrets/wg.frumar.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 lYFcsw vv0M0zAhNZ8dsIuOI6p1Y++WusqBwdYJqzXuK4IXflo +MERLtcazm/pWBSvyISDLoil5eiNDDwAYDY+H1pTrYN4 +-> ssh-ed25519 n7yA6g dV0UCZeAfZIxaoNYM5OZnbLRHiad1XJdYcidUCa6qj8 +7PJAgRS4r+oQiQAM4Lt+yvQXRZzrOEMp0RwlwTge6Ic +-> D-grease 9p~L6^ #_8k_6RW GT_SePRjSoG0%=HG;#?H z@-N5t$%H27@$0(=R-96Vo707k6;7ZL)vUIP?^b2+^Dh(@i%5lzeH_COk zuqZ7Kt27GrvIvVXk4nxiw+txq1=(g;UYF{pYp$DKl$uza%2n>?X5g>wn3E9{Zt3CV zo@!DWnG;WNrymd*QCU#sVxsTlY96HR z5>#GfnHS|(VQf+0SL~h~=$LC*P@b2}wWvj8>HWJZtXYvl(_;THTon;|-QGS|^bLE@ zhF`xL531=FpWlC0;qdF#>@A`vmM>dbTV3>7WP|G73u-P>@|n(_3a8k<>9mE)Jh~c| G`v3p{?3OG5 literal 0 HcmV?d00001 diff --git a/secrets/wg.mullvad-nl4.age b/secrets/wg.mullvad-nl4.age new file mode 100644 index 0000000..eaf64a4 --- /dev/null +++ b/secrets/wg.mullvad-nl4.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 lYFcsw TtNKEpF1PW3hFdAR6yvwlppBsb4aS8G7GxpBhtpwvVQ +p4VgueR9Evc7lxckk9psbD/i0su9XSzfns8/YnroKVY +-> ssh-ed25519 n7yA6g YRrCJZMq/Rz3VRlOXSM6QFsRLK+S7H/ThVigcin21Gk +S4X0SNQUtxLpsDei6PkzQm+cFxL9cyLubTlVXrdZmHE +-> 6LOV|>L-grease ;6R Kod}I/ bmRbO| +SPzo5pVPaREotXuB0w +--- UfqolORCJHBYP9FQU/cxuRbPuQBWAX8bqUWrrUx3GTQ +߆C=%݋ ukʘsx.C5~d c4 $ yV)q \ No newline at end of file diff --git a/secrets/wg.pennyworth.age b/secrets/wg.pennyworth.age new file mode 100644 index 0000000000000000000000000000000000000000..67b02b4afabbb53ea8bd7b221b2bda1cc451ca55 GIT binary patch literal 517 zcmZ9_J&%)M003YIC;S7tk=$ZZIr^3_tI6f)2mPSsqXk;74!(uH)vww zU^*CMH2MRKlY@z?lZ%6!@gt^}8+34S(->EuKkz^_BWAu8<>A^1{QV$8WC}3i0FUDZ zF|#WS1FE=Z3Raxq)g>>oQ)S&K0kI`4yCqO3)zG7L$dxIxSRZqCqZk>fZ)6x_j|x_u zc4(Fv#O;`aZ8?LWij3t5$>X>p$-{i?O+`+O|KE;^M6RkhMcJm_U|UCNvsQFGW||;6 z$-!7jW2sY@HN{&E95x6GKER|DmRA5ey(|lx_JX%?~z)QJ8929|n2U*LoFNEio;prB_5_qwT+)4C8GZ$^5^BS4xq%oVw(4fAAZK7w-Sq|F(U7a*=!c>eIRBcRv4qbocPu`r+o|lNY~EH|*nQXYb$b czJRB@;ny3NCLeB{K5&KT<;{Dy%hdM#U+}ND%m4rY literal 0 HcmV?d00001 diff --git a/secrets/wg.smithers.age b/secrets/wg.smithers.age new file mode 100644 index 0000000000000000000000000000000000000000..db82635691a4379af72f5dd2fe4d2547085abfab GIT binary patch literal 468 zcmZ9_JCBoa003|uWiuu&x3HL)5Dxwv(2^MSfI@-xD52%x5;eR_c|XddgBmAyjWIeo ztHZ4(H{8X<#KrHS(@n-fV_f}xfu9}vsGqsjP&84V?dMg9wE#lz!gakyeUG3hz`%(m zxOE4cxicHlm?y^VM$?f&R%k(9AjA@p>5529o)7HI;LH(lp|BbFRtD>ZVpUCsV+WdQ z1XQ>~8m#hxA)GizlgJ4OQ^fz@JPRMB5N77x;i0<&Qfx}>F=kuzMkm)By!Q`+QByKY zFL0-7%9>FJO(cg~x=GYmid3p$u}Y0qnU2|Ln~r6L?(fYTQTiq4Z{T2-? z->!XVlCw-VS!sD zEo7+)88Hk}PC4HZ=oCUx6fTKO(~ITYHpWJb0|{f5jPP(W)hR`vgK>7GNZUn*6k!eB zM?T#CVZ1y;;r^$aeZKzf``3%Nci#WG89Y2Mubjcx&M#ky@19#HHy+%ZIJEZU@|XTG c=^j0PbIZ=32EU0HUoK9szTSKG=~Phv0{dB@OaK4? literal 0 HcmV?d00001 diff --git a/secrets/wg.zazu.age b/secrets/wg.zazu.age new file mode 100644 index 0000000000000000000000000000000000000000..829ec68d474747be560037e70ac3a96b117d7f6a GIT binary patch literal 516 zcmZ9_JFC-B003a&B4WTz9GvQ+L&$B?COysK&^(&7xp_3{;}k{nYI2%1ZBE*>>FgjV zK5!7k-Axgy_x=ReJKoVBAP9muh={A-ANbrTq{7U{)oP8F+3^xb^^zf|yS1W-sW518 z9K+XADEq~>R%EVj^a`PcP-WHo;;OWFZ6+#*vF<115wK#kF&%G~?^wbD4x)KeM2eDg zI@3(8ZWjP+Zqb$r=`!&g_as%5zAZVyaCa{C~tgSo9N=m_C*=^;ef=NC}_}K zgDLc7VuZ9+h&=?F%W6_6Jts)SJ(*WARNIy;E{v=Za*WQqt*9IX0`zShM+>XR?l*c- z*b{=FD5|y=Y#4WDWVy!JDR@^BeW_45K5vTq#3jdUp!!0qxf@E5cyj~4yMF2Elk?+H zS~}>NboA}c_tTq~r-#KMKd0Y+s(<|X;xR?qude;RxH$V#pY={3-TM0W^~1x