From 08061fb6e20d86d32ede4cdbe18b2e4031b8f9a7 Mon Sep 17 00:00:00 2001 From: RGBCube Date: Sat, 22 Feb 2025 22:00:52 +0300 Subject: [PATCH] chore: migrate disk host --- .gitignore | 4 ++ hosts/disk/default.nix | 66 ++++++++++++++++++++++ hosts/disk/hardware.nix | 36 ++++++++++++ hosts/disk/id.age | Bin 0 -> 721 bytes hosts/disk/mail.nix | 11 ++++ hosts/disk/password.floppy.age | 7 +++ hosts/disk/site6.nix | 7 +++ hosts/nine/default.nix | 12 ---- hosts/nine/github2forgejo/environment.age | Bin 554 -> 554 bytes hosts/nine/hardware.nix | 10 ++-- hosts/nine/id.age | Bin 721 -> 721 bytes hosts/nine/password.seven.age | Bin 396 -> 396 bytes modules/acme/environment.age | 22 ++++---- modules/common/ssh/config.age | 21 ++++--- modules/common/ssh/default.nix | 10 ++-- modules/linux/ip.nix | 16 ++++++ modules/linux/restic/password.age | Bin 560 -> 560 bytes modules/mail/default.nix | 4 -- modules/mail/password.hash.age | Bin 603 -> 603 bytes modules/mail/password.plain.age | 22 ++++---- secrets.nix | 6 +- 21 files changed, 194 insertions(+), 60 deletions(-) create mode 100644 hosts/disk/default.nix create mode 100644 hosts/disk/hardware.nix create mode 100644 hosts/disk/id.age create mode 100644 hosts/disk/mail.nix create mode 100644 hosts/disk/password.floppy.age create mode 100644 hosts/disk/site6.nix create mode 100644 modules/linux/ip.nix diff --git a/.gitignore b/.gitignore index 5ac5559..36de04e 100644 --- a/.gitignore +++ b/.gitignore @@ -5,8 +5,12 @@ !docs/ !hosts/ + +!hosts/disk/ + !hosts/nine/ !hosts/nine/github2forgejo/ + !hosts/pala/ !lib/ diff --git a/hosts/disk/default.nix b/hosts/disk/default.nix new file mode 100644 index 0000000..abd05e9 --- /dev/null +++ b/hosts/disk/default.nix @@ -0,0 +1,66 @@ +lib: lib.nixosSystem ({ config, keys, lib, ... }: let + inherit (lib) collectNix remove; +in { + imports = collectNix ./. |> remove ./default.nix; + + secrets.id.file = ./id.age; + services.openssh.hostKeys = [{ + type = "ed25519"; + path = config.secrets.id.path; + }]; + + secrets.floppyPassword.file = ./password.floppy.age; + users.users = { + root.hashedPasswordFile = config.secrets.floppyPassword.path; + + floppy = { + description = "Floppy"; + openssh.authorizedKeys.keys = keys.admins; + hashedPasswordFile = config.secrets.floppyPassword.path; + isNormalUser = true; + extraGroups = [ "wheel" ]; + }; + + backup = { + description = "Backup"; + openssh.authorizedKeys.keys = keys.all; + hashedPasswordFile = config.secrets.floppyPassword.path; + isNormalUser = true; + }; + }; + + home-manager.users = { + root = {}; + floppy = {}; + backup = {}; + }; + + networking = let + interface = "ens32"; + in { + hostName = "disk"; + + ipv4 = "23.164.232.40"; + ipv6 = "2602:f9f7::40"; + + domain = "rgbcu.be"; + + defaultGateway = { + inherit interface; + + address = "23.164.232.1"; + }; + + defaultGateway6 = { + inherit interface; + + address = "2602:f9f7::1"; + }; + }; + + nixpkgs.hostPlatform = "x86_64-linux"; + system.stateVersion = "23.11"; + home-manager.sharedModules = [{ + home.stateVersion = "23.11"; + }]; +}) diff --git a/hosts/disk/hardware.nix b/hosts/disk/hardware.nix new file mode 100644 index 0000000..9c07aa5 --- /dev/null +++ b/hosts/disk/hardware.nix @@ -0,0 +1,36 @@ +{ config, lib, modulesPath, ... }: let + inherit (lib) enabled; +in { + imports = [(modulesPath + "/profiles/qemu-guest.nix")]; + + boot.loader = { + systemd-boot = enabled { + editor = false; + }; + + efi.canTouchEfiVariables = true; + }; + + boot.initrd.availableKernelModules = [ + "ahci" + "ata_piix" + "nvme" + "sr_mod" + ]; + + fileSystems."/" = { + device = "/dev/disk/by-label/root"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + + fileSystems.${config.boot.loader.efi.efiSysMountPoint} = { + device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + options = [ "noatime" ]; + }; + + swapDevices = [{ + device = "/dev/disk/by-label/swap"; + }]; +} diff --git a/hosts/disk/id.age b/hosts/disk/id.age new file mode 100644 index 0000000000000000000000000000000000000000..4ff9d0ad5480c3389706a4e63d8b0a94ba358524 GIT binary patch literal 721 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSHE^u=TbW|wL%JebJ zO$_s|G%9l}cP?@)3(*hq3`h!cjP$Q?aknro3D$OZFDNQ^N#+XIuQDnLNc74n&3CE{ zG&8oybaL{k3NQ9B_bT^`FthN`*3K!evdr@Ga7DMxxvDTJAW*?C$vmhiCE3KdwAjxp z-7&{0%Q4->qAE2p*|o&m-PI&JG%DD@Bf=>^Je14L%&RicC{w$@&&WN?$R#qltlXn2 zCowA|*CRAL#njow$J02V)WV=V)s;(ES69I=G||F5$0N-WylUM}$YzlV9&L4C6N_Pk%6j@7b$GFE-^*OW6HF zxcS@X1EEP4tG-F4M(BNhvd^LZ^%|*KS(DxK@&!Mh(bHE`)q@ ztQ(;iUc6z`JFLZ8Y!8QdaQ| z-c{#k)Rf(@5|)=*``^TSs?AE?x0zLJg$4{iBxn5pZFxz(wRm#Nct;8D3(~4{4 z+>h9P-q~xw{NeM0$KQD_f4uVh!s-W1iUqS|`Y+fA=}r=!_p|u)q&xb#VTJ3BYrij+ z4s@LC`RaI`qmzJ^m*s)Esa^jH%#U8!=VZWfdVcOL8^5Y4YFBo6*Y2y+pFdsR>F#~k z;;aV#H_LNoOHNfUXTE=bZqVM&;-ZBbC2sFOsrNWpT5>gt+>%! Jz~Z_#6aZ3LFYf>V literal 0 HcmV?d00001 diff --git a/hosts/disk/mail.nix b/hosts/disk/mail.nix new file mode 100644 index 0000000..ba40048 --- /dev/null +++ b/hosts/disk/mail.nix @@ -0,0 +1,11 @@ +{ config, self, ... }: let + inherit (config.networking) domain; + + fqdn = "mail1.${domain}"; +in { + imports = [(self + /modules/mail)]; + + mailserver = { + inherit fqdn; + }; +} diff --git a/hosts/disk/password.floppy.age b/hosts/disk/password.floppy.age new file mode 100644 index 0000000..22d78fe --- /dev/null +++ b/hosts/disk/password.floppy.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 spFFQA pJguGLlB7R7iXrGfwKabGxmryMrfY57yvfaCytZG/Fs +1USXbjiteoTrs7+KEFPTMVBNHpBWFXyHi/iLxFL7tls +-> ssh-ed25519 CzqbPQ IbK7nvEUn324R2zHDJzfgMV/FDqwLCU/jGZLSjrG4FY +naDshlcyrpvgLQydqxAXg/hhfFAFov568p163F7wrZ4 +--- MTj/7Zs1N348gDK+G1p01d6EZ21JzpPJnlaUc1ChcBo +*luM=&Z0!A3e\B0VښR; \6ֹo^ZR}_%~›k o$O$^A* \ No newline at end of file diff --git a/hosts/disk/site6.nix b/hosts/disk/site6.nix new file mode 100644 index 0000000..5bf000c --- /dev/null +++ b/hosts/disk/site6.nix @@ -0,0 +1,7 @@ +{ self, ... }: { + imports = [ + # (self + /modules/acme) + # (self + /modules/nginx.nix) + # (self + /modules/site.nix) + ]; +} diff --git a/hosts/nine/default.nix b/hosts/nine/default.nix index 0b180d3..a6de34f 100644 --- a/hosts/nine/default.nix +++ b/hosts/nine/default.nix @@ -56,18 +56,6 @@ in { address = "fe80::1"; }; - - interfaces.${interface} = { - ipv4.addresses = [{ - address = config.networking.ipv4; - prefixLength = 22; - }]; - - ipv6.addresses = [{ - address = config.networking.ipv6; - prefixLength = 64; - }]; - }; }; nixpkgs.hostPlatform = "aarch64-linux"; diff --git a/hosts/nine/github2forgejo/environment.age b/hosts/nine/github2forgejo/environment.age index 98edaa6e8aa506bf5946c73e93207689a8c77ba8..1373ee0e65ddafdba554951f434f6534fca3858f 100644 GIT binary patch delta 521 zcmZ3*vWjJbPQ7t}Wq4?6kVjg+M|x&uhQF(?YhXyJdx>^#eppI=NM%w*reRrec|=~h z1(&N)K~7+PzEg0HkwKY9zN=Ybwv&%(sJ4s0hgYg;YH@M0OHh!uPjI?ZIhU@TLUD11 zZfc5=si~o*f^$`2Qb3@BfwO^yOHfpJV0d{*Rf>VTc72&kc|cxfxOS4aVOmtGwp+GK zfm2aNkdeD9SAJetMMSo-xml&Lca=|2m6M-il)IaSx4(8~ZctjNaZZs_n7>z|pJ{qF zm#(g^LW!Yid3I`kx^}ilXkwyohHs^_V}_HvcSN~?hh<_;wsAm)g?p;LOGJq)m+-~s z6Qgdwcu@a;zT$=Z&HuFLz3$drpz2{1x&FfO8dsS)iyLd=96ot9TG#J=Z=TQ8lXYVL zu2`ka^r;Can|zpmiV2@fRQ~6FKgCqXw)5C!F4I&yotqxB`J@zPeCZcIbf|CR1^3ei zpHv>5Wqen!-paGdW_7XX!ymf2JK6uOwffm*c&cDgVEvk}_2TYnwGCcg0gu0%Y8@Aj z^At*7liIlL!&(QcYa33^wqo<#Cv`MnzkHp+kxx@*wjOH{Sd{Xe>wt+e&kbF!rLSEB zOI~w*I(lX5+!wZYAG>^6*6OJer#e05etvanLBbyW&ZzAlnKr2YFh90G+4KCFY#pY+*k delta 521 zcmZ3*vWjJbPJL)-rN4PbVYy4Vt4TwOe`JceTTZUGOT9^yldorSzG1n0Rd`0AS$L9> zYgt&9p?`2BS5k#(rdL&tzoBmbYh$euQI^eu-m#XpUJV*SbK5 zQ{N}pWY$ZoRUi9%yf8b$x#zR|@(sbx`{OSxyU-E&(miyQYpUx!KArQN=A62j?ONea z0#$xyc4jN?e{^*h$AK3KMInVX{+SG{Pp%y*+j@X?o!joGdFoCV4?L-6{(Q);zUa&Y zS*5+xi_X2Z*%7wp>5XpZ{An`Ht$w#KIf}` z;N87;$AnK3{if+1%86ax|KD8Lt8;nP#HQk^p90k}nSB@b@NV28-*V$k*i~fe^#ESccOo8F_*5LLUD11 zZfc5=si~o*f^$`2Qb3@BZ(fwMwt-`jMMaT$R*p|qdA+M!c6qKzuDh9|V?@4LpqZ(w zMQ&bFxtCicS89ZBPKrx-ae7IbL7}l(QhtG(ZT`cZ~ z?R|s4XRBAL>rcv$7P(V0-|N;s@#@|<7pHlyh4(FgcZ=q{tnX_J{QEhruOMKVgPo`2 z!|vnZ2g-{xM5a97`}?_keyi`Iq#f_HpU#v!{-B(VZ^nL&lxg3x^56OL?R+D6<-3|= zlI-0rTmH-Zc)nBG>i5t6KI)pcCwFY=jXAW(sN`Rl>RK0usYjnWZa>Cv-DCN%;a1_( z+_@r0UKXwpe|!1&8Lgb{^<8V@+}8(L-{0%ZbS>1VAv^iw`P*Ka$Ey};T^0RUy6D7| zo9Pc2Rw!x~x`gm_?_6U1 zF_%Spu3vvcG?RfSG4uXi7kKu(!8sQE`S_S%9IVSCMbFVUmj@ zm#(g^LYSF%ibt5Cd1{22TR?tPvRP0`v4@Fin3s!zvt_Y1H-ftY=HVE@ry+Rx$GP-hBox z(WwEqC-yx~TC2TO_HAP2`_&VFwyv7^+U@hV#fPlb6(>H~Q*SjT{z0@}ecN)zR_;p2 zdm=O9EYGgs@t?04R@8rUQEbj5!$SVn%r~5;56{c8i97W8s6jD9yupSW|610lWhlID zo&5EOvvo?D?V3{yl59Lu6_yR-u({>DyT>smee zEdTxg9jKCRQI{PODecbaWVV?KIYNcHM{S$@t7vir{+^53rZS>4x-<=pm9%d5`I zNyzS<^+hy}v3crL&P^YmX__4O`!2%BwdiuWu!QB?CW~h-PZsZPyZbWZ)pN09rt5D< z-dz@Y^=0tFhxKU_gxrl6te3IdV`cM!XXW+lGiA0uIFZI{{Qu0v1E%5O8NFKjALf6O r3&@$XEA9KN9zk9YL*3o{>lp#Y*H2IS>PP*sqGaR79MHB zrK_u};9QdC?vYwnWad^_gXKMX@(+$>o3bJ~8_M|aKq@>jS|+p>3+ zk9yUIE6C+ delta 361 zcmeBS?qQywQ(t0Q67G_i7U=@^7V4i^=56ekADL!U8ENd9lM>)w z%;lSzZ;@9JSyfn8Sr8GHZxm=5RT+}3?_Uv;mlBodn&Vm?WnmOh;uB<%o0d|{wJ@e) zQi-W-eNvEgced>ck?)ZVKT3ZbTN5GwYUv$LHsuR*R ssh-ed25519 +rZ0Tw /sYx2CZG4l/oWbh9aKT4lFOcSiwY6A9SxwgX32mXqBs -iK6qzFpI4xGh5m4oqmW18eM2v6OVj/z3t1aRslnhH50 --> ssh-ed25519 spFFQA S3tkGQbTGQgWcp8Uh625eMCnE/h4nFVeb/z1AVemBkw -9RiAPo2w7PC+2abVofU1Aficcn0eOfvvOMgxGXRIL+0 --> ssh-ed25519 dASlBQ zuVu1QbtutWUG93M+i/UlVlkrmUdz71SrW8jhV4Pxg4 -OMEdnXV0Ix11FRX58Q3zH7nRG2tSkBl1wDmGY7J4JLM --> ssh-ed25519 CzqbPQ XLqIYDBAQXyL4/khZ71XP6uajnkX2HhzA2Ksx1UTGiU -MWrt9f1XjxECD4TRKbME2bN4XU1ns9VQ7btuqijXJYU ---- rpTCT+04nE+Jl+2qDHbocBGeYQYBtW/EcRiYHWTqcvw -P3ԢpQ^ 8lA ŻhYQ GW'&תH;ܐ *3 -tAOXk>Mi:!ơs9!:$ra4"HUD - bH Hw'Š̍xJ XYy+P(eG& &TG'8:!)Ԫ<´ \ No newline at end of file +-> ssh-ed25519 +rZ0Tw DMMzxXSIPSsRLkIvKJAiE6OzV1z3EZ0T+od2iIxMiA0 +OHVLHmVzeiWlsVI+DQ5M+iNik+nsdiQBz4zcquygC0A +-> ssh-ed25519 spFFQA TVqArtAoudQlrgAqshCP8ZU0YlVZoKwkvUVh968NqC8 +Cy7+Y1rTFiAoWp6Gw8a1cljCjWPHtNwXjlXWQyu8A8U +-> ssh-ed25519 dASlBQ ui5a61Tg1JoJvR8okc8qKkDhrSE9dH84XZQWhLn7cCo +5ehK2bvVgLZSYr5AstV1dwW7/qaVGRxs8PdzAg7sk4w +-> ssh-ed25519 CzqbPQ wgktFhPRIAwX8BNJu8svEHDrpz0ZCOw94nR+M3FJCTY +RAErTHg/g/voC7yPf2lB+ELmysNwQXre9jucw2y+ZVc +--- AB7oiyhts6riNlp5xuWsFTzIx2y7Axn0CU4uCXHfVLo +`8eߧJST'BězgK zꚉWcFݸ3ᇴGR}Rיq6]n0b <+  dԴ\ECMUͱ3 X{qjʁE0&M8xtʈF }/Oq_:ҟ0(I/hKHK\X\'(gbAܐ \ No newline at end of file diff --git a/modules/common/ssh/config.age b/modules/common/ssh/config.age index 4519152..3fca7c9 100644 --- a/modules/common/ssh/config.age +++ b/modules/common/ssh/config.age @@ -1,12 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 +rZ0Tw 6O4kuzuRQRYphZTIWeFHBxZ8iRImicVWzISKkRDpkHU -e4kCn+CEtt85NtnEik+GwHyP4VxO926URUgUSXPKF3E --> ssh-ed25519 spFFQA lzDLZiLU3qfjGEIxLVk6ax+UqvEDsBzyDEA5oBXl+1k -fA0ObL1S1V19XSv+Wj+sZlxxMQoVDTgMvncn4y56RHo --> ssh-ed25519 dASlBQ qZALhRmOTNN4Q/rKN6MQkEUFfFbGBZdwrx3rLtC3Xis -+cNLajIY16dErY3W5jyQt1q/O+AZ08pgqxbxh2e6MV4 --> ssh-ed25519 CzqbPQ YnkQEcf1jOm9/voAlbqmjPdTlNFeyW1eeHGC53V4n2c -RVtx1VD0yzSGFwBJ7y5nNWBA0qEt8VXwKjCw3c5iMS8 ---- j7fj7Ke05D5Q7xr9LhM6++la9TW0gn2R46DxBztXgGE -˺ _+=xMvyQ -+-te{2.G2}#eAųAT-u͒s \ No newline at end of file +-> ssh-ed25519 +rZ0Tw ifhIam0q2bs/Y59Z7OcOSOLoTL6+ZpEnnSp+NV6M7wU +iW4MNMvME9OoYs98bofV5yIAzkRnEC/r+VcI9oDHWGU +-> ssh-ed25519 spFFQA JwTUt4N7UUYn2DS6BIXceJTxnZSssFh8eFRcg9Fz+18 +aah1QHiAM2qSkKoQPxzNTDQVxyxaJUNGtVXJSNv1n48 +-> ssh-ed25519 dASlBQ jeeRHlJ/5hqyDX2GiQYk1ZRgkpBid9jzZ5qeqVzByyk +OawpP+fHhVqoB4OFw1ATbc53TZcVMR4EGJ2xcV67xq8 +-> ssh-ed25519 CzqbPQ a2f0ztMO4RQdadwdHbb70javzdF+loMSA65ts+crexI +inoxpsQcz/ZintLwIsvtOeCdRJ/gqvNdDGRyyXPFBEw +--- m4JEHQx5W7mCBUSctSb2U9CJSFKEu6oROraAR2pyU7s +vЎ4 J$S#sQ\P?Oع` VRI.ڙCQ9`*DVTPZBJȤq \ No newline at end of file diff --git a/modules/common/ssh/default.nix b/modules/common/ssh/default.nix index ff398ea..5999e17 100644 --- a/modules/common/ssh/default.nix +++ b/modules/common/ssh/default.nix @@ -40,11 +40,11 @@ in { # port = 2222; # }; - # disk = { - # hostname = self.disk.networking.ipv4; - # user = "floppy"; - # port = 2222; - # }; + disk = { + hostname = self.disk.networking.ipv4; + user = "floppy"; + port = 2222; + }; nine = { hostname = self.nine.networking.ipv4; diff --git a/modules/linux/ip.nix b/modules/linux/ip.nix new file mode 100644 index 0000000..15dac4a --- /dev/null +++ b/modules/linux/ip.nix @@ -0,0 +1,16 @@ +{ config, lib, ... }: let + inherit (config.networking.defaultGateway) interface; + inherit (lib) optionals; +in { + networking.interfaces.${interface} = { + ipv4.addresses = optionals (config.networking.ipv4 != null) [{ + address = config.networking.ipv4; + prefixLength = 22; + }]; + + ipv6.addresses = optionals (config.networking.ipv4 != null) [{ + address = config.networking.ipv6; + prefixLength = 64; + }]; + }; +} diff --git a/modules/linux/restic/password.age b/modules/linux/restic/password.age index ec5595219dbb6234ffdd42270591ad3efdec36ce..dfe39fc33837b4c30ad9605908b4e0563253f19a 100644 GIT binary patch delta 488 zcmdnMvVmoSPJNJjS!98ClBHW>N|jNBe|DguWm1`EhGUMoo3B?&azJ{BuR*Gjk*mH( zF;`M(q?2#DueqP6f3S&HQF?G%M5=zOUv_zMBW@Y8x8RjV-748O;;~B;43&Ok-b4&`2 z4c$CV&5ZribKEUGeI1J*TY3!N$~E4-_6%}gT7JsqpO z4O0AET%w%)t5U;Uvdbf^^L#@>JkrYZxfFJ0V1aR-fth|)q<&F>S*U-cYeuSprBQ*iho`rP zFPFZ%N4j&ev4>k=g@L(caEV7nvUXB=rA4Syp0QSVllnMWIKbr&~%$NNJ_7cY0(_k$Y5tsfmAa zL_kzPPIjOxS3!71dZ34~W3souzgf0%L}8k%d0C-vhOu{GS+1{deo{bHl6jV!TbOzI z#E;_P*#XAB0Vc+o8R@}cS#DY3My9TY#V(%yQ9hPgPDN1`m1Ww=i54MQZh015$tm9H zc|pM;mD%pWM$X2$CZ3g%IZh?Pl_9yohQR^BNvXvtL1wAxRUXBY;~B;4O&vpheF}_n zL(5bAq6$*;T$4P_oU6(WD?=@vE3%zaixNxHvm>%ntHSfSQgR(Vyz_IbEHcvqN_|pt zBhsD1JS|cjGjcrAvO}T_^pi6(Qk+vlJTkJmbaizV%8T5KT+*Dhi;4@=%uF49(!5Ju zd^6l!%#wY4Gg2KrEWIME10#~l0x~?3xtQu(k~Zy`mMG(vcw%~4|IVFzpQdcFd1%~P eEF9DO&yi`(#@06%F1`|+@o3H8MrG^AdBOmdVX903 diff --git a/modules/mail/default.nix b/modules/mail/default.nix index 19c1886..295301e 100644 --- a/modules/mail/default.nix +++ b/modules/mail/default.nix @@ -1,8 +1,6 @@ { self, config, lib, ... }: let inherit (lib) const enabled genAttrs head mkDefault; inherit (config.networking) domain; - - fqdn = "mail1.${domain}"; in { imports = [(self + /modules/acme)]; @@ -19,8 +17,6 @@ in { acmeGroup = "mail"; mailserver = enabled { - fqdn = mkDefault fqdn; - domains = mkDefault [ domain ]; certificateScheme = "acme"; diff --git a/modules/mail/password.hash.age b/modules/mail/password.hash.age index c0137314df146758fd4dbc9662d7208225745912..83472727123f4bce3678da062e336a5f413ad836 100644 GIT binary patch delta 531 zcmcc3a+_s>PJK>Am4SOua$;pzh=EH=TDoP1M?hwQc1fmtQg*0Yn5&yXX-IN;l1F}M zI+wATQITI@aA<}}Syfhgs8dN+fk$L&Wo1A`lv|Fwd8&nnyIDkNPJ*x|^R{a*nBISx!}QPENQ_sc7SI|Xl8nrMW{(txrKkJn|@GAQdm)lXJxWwMS*veSx`~_ z#E;_PKBX1ueq~wVsTP(w?m;C*E-8K`CGP2&&TiV-rrG8t1wJ9Afj;@+?uNcx7L`$M zNyfn$Cgv{gSy683E-B^)Ws#=oN$DQNCElKf`i7;UM#15QNlBiQ;~B;4Gd+qkBZ^J4 zQ}ta^f=iOT^8$iQEhDo$LPJ6-f{OKXoyr`Y^ecl((!yQ2+`J5mwOz6!@(WXnT=J4b zEXq^NGLyUmGlGm$%?iCt1M;Jc43o=4GeU~FbaizVd_%%r(!*1HoGN?^lif_*3cUhT z%Ol;gi!$@`lT1^K^1Ln6@(PNI0!!R{xeU*lPPNZ{r*3seD^%a9Y=8M%yN&0Bqqn|) zw~^!5!~CK&tzCckw~8yxVqv%@n(7z4vUefxZ7+rJIX2FFln-X_QkVa%&;H;JFN=>+ XNLSA#ndZYr&h6EYvM$~(HrNUP&xpN? delta 531 zcmcc3a+_s>PQ9_4ce-Par%|q_M|O^xk#TlOxJh`JQ)Nbgab;AIL9lyXXpV1cdZmX) zGFN(1aF%D5nPriycY0>3Q=)T;xnojpn76M4w_$-_rhjp8RdT7p z#E;_P#^(A(p*fz(RUV0+rrs$Qp^>I}?pYZoQHhy(d1i@0`4L`eM&-_)zIlOML4kRx z*(JrM*s42y$YxgKq}7yQLLyXfGnnQBQMlTFL7Z8c~(oN66< zJu5f#sHEl8B^km&H(2(m8k${Vs)=2!b*y;HKmIeX%fpvfvdjsI{};`CtyDDKq9HIg X&qeIUgB4{DCoE{$&~c9Qhx0`M(fPi0 diff --git a/modules/mail/password.plain.age b/modules/mail/password.plain.age index e5276de..917472f 100644 --- a/modules/mail/password.plain.age +++ b/modules/mail/password.plain.age @@ -1,12 +1,12 @@ age-encryption.org/v1 --> ssh-ed25519 +rZ0Tw yK5fuqcnE1yO5tTAudZ/TXDvBf0sn4eCr39j/jZgil0 -+hTr80COfDui7lhRnaDjNB2c2gtNOKQaiW4Yiz0am/A --> ssh-ed25519 spFFQA kDMyjjSxHOaLZ6ocr/q7MmRoqrXHdzHFzbZslaA0hlE -jurwi1z6m+weYx5Wr3+E8+2fbYgwPFTKOPOuAYjt8wI --> ssh-ed25519 dASlBQ 5CYRg+Sw+jDk+S1EtLEG+PXf6EKJwx/Re9e/txOrs2A -vUaTfOS9Fuce2x/qL5Pg3L0ZHZPBrhr63W4UT0n28uI --> ssh-ed25519 CzqbPQ 1uz6duuPfhpAjWjGdjwUGr7UHyqxG/zKn6rCVPgxSF8 -y5t/i2p08GqDOeaC27CJE528br/qU4i+iUEvMXDdX4w ---- mGUus7T7rcsjt8LRCBc0vr5f3KFLSZweFYvaaNen+zg -iO2 ѻGQ(o X3=>:)m -"[QQ \ No newline at end of file +-> ssh-ed25519 +rZ0Tw e/Myh9IdG3mTDdO2Y6dQX1xH7O/wXFXeu5J/3L9AZns +FflORBOBRxFu+BxdFocuYpAMROBks9S+n/jo+fGYzNI +-> ssh-ed25519 spFFQA VjBxKfyWeNSLlyryeQ/XHtQZIrYOIPaaGsir52DBAn4 +gI3kBrmv7za+3n00TeUXAlA0rHLmwFq3rcd4XjUpZu4 +-> ssh-ed25519 dASlBQ YNcwqwyyyjqthVG1U51b8ZlWJy97oaBhspAloOyG2Sw +OjdM1z/V3OOIIJCQfslqvUq2UAoZMBLTpjRhgJnvUSY +-> ssh-ed25519 CzqbPQ Zg6rZXjzr4SBL7C9Ns9OgIOh+Cu4nMN9g8k7p64kuAk +vgFArTTOqj72QjbfKnstG9rOUcFygZBMPKFPFlpeAok +--- dougaYMQ93Sk/8K3EcxZJCLLpikrKytfNgWpVbQ7yYM +rEvЫ _# Qk|< +#vb49GaI,F \ No newline at end of file diff --git a/secrets.nix b/secrets.nix index 66791aa..1476caa 100644 --- a/secrets.nix +++ b/secrets.nix @@ -1,6 +1,10 @@ let - inherit (import ./keys.nix) nine admins all; + inherit (import ./keys.nix) disk nine admins all; in { + # disk + "hosts/disk/password.floppy.age".publicKeys = [ disk ] ++ admins; + "hosts/disk/id.age".publicKeys = [ disk ] ++ admins; + # nine "hosts/nine/id.age".publicKeys = [ nine ] ++ admins; "hosts/nine/password.seven.age".publicKeys = [ nine ] ++ admins;