diff --git a/.gitignore b/.gitignore index 9d392ca..b4f8486 100644 --- a/.gitignore +++ b/.gitignore @@ -2,9 +2,18 @@ !derivations/ +!docs/ + !hosts/ + !hosts/enka/ + !hosts/cube/ +!hosts/cube/acme/ +!hosts/cube/forgejo/ +!hosts/cube/grafana/ +!hosts/cube/mail/ +!hosts/cube/matrix-synapse/ !hosts/cube/nextcloud/ !modules/ @@ -14,10 +23,6 @@ !lib/ -!secrets/ -!secrets/cube/ -!secrets/enka/ - !.gitignore !flake.lock diff --git a/flake.nix b/flake.nix index 576586c..fa9efe4 100644 --- a/flake.nix +++ b/flake.nix @@ -161,7 +161,7 @@ }; in defaults // other; - keys = (import ./secrets/secrets.nix).keys; + keys = import ./keys.nix; theme = themes.custom (themes.raw.gruvbox-dark-hard // { cornerRadius = 8; @@ -202,7 +202,9 @@ mapDirectory = function: directory: with builtins; attrValues (mapAttrs function (readDir directory)); - nullIfUnderscore = name: if (builtins.substring 0 1 name) == "_" then + nullIfUnderscoreOrNotNix = name: if (builtins.substring 0 1 name) == "_" then + null + else if lib.hasSuffix ".age" name then null else name; @@ -210,12 +212,11 @@ filterNull = builtins.filter (x: x != null); importDirectory = directory: - filterNull (mapDirectory (name: _: lib.mapNullable (name: /${directory}/${name}) (nullIfUnderscore name)) directory); + filterNull (mapDirectory (name: _: lib.mapNullable (name: /${directory}/${name}) (nullIfUnderscoreOrNotNix name)) directory); in [ homeManager.nixosModules.default ageNix.nixosModules.default - ./secrets simpleMail.nixosModules.default diff --git a/hosts/cube/acme.nix b/hosts/cube/acme/default.nix similarity index 74% rename from hosts/cube/acme.nix rename to hosts/cube/acme/default.nix index afe2190..9aa3416 100644 --- a/hosts/cube/acme.nix +++ b/hosts/cube/acme/default.nix @@ -3,11 +3,13 @@ let inherit (config.networking) domain; in serverSystemConfiguration { + age.secrets."hosts/cube/acme/password".file = ./password.age; + security.acme = { acceptTerms = true; defaults = { - environmentFile = config.age.secrets."cube/password.acme".path; + environmentFile = config.age.secrets."hosts/cube/acme/password".path; dnsProvider = "cloudflare"; dnsResolver = "1.1.1.1"; email = "security@${domain}"; diff --git a/hosts/cube/acme/password.age b/hosts/cube/acme/password.age new file mode 100644 index 0000000..ccb115a Binary files /dev/null and b/hosts/cube/acme/password.age differ diff --git a/hosts/cube/default.nix b/hosts/cube/default.nix index eea5140..87318aa 100644 --- a/hosts/cube/default.nix +++ b/hosts/cube/default.nix @@ -8,13 +8,15 @@ time.timeZone = "Europe/Amsterdam"; - users.users.root.hashedPasswordFile = config.age.secrets."cube/password.hash.rgb".path; + age.secrets."hosts/cube/password.rgb".file = ./password.rgb.age; + + users.users.root.hashedPasswordFile = config.age.secrets."hosts/cube/password.rgb".path; users.users.rgb = normalUser { description = "RGB"; extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ keys.enka ]; - hashedPasswordFile = config.age.secrets."cube/password.hash.rgb".path; + hashedPasswordFile = config.age.secrets."hosts/cube/password.rgb".path; }; }) diff --git a/hosts/cube/forgejo.nix b/hosts/cube/forgejo/default.nix similarity index 88% rename from hosts/cube/forgejo.nix rename to hosts/cube/forgejo/default.nix index 37d184e..ceca47e 100644 --- a/hosts/cube/forgejo.nix +++ b/hosts/cube/forgejo/default.nix @@ -5,8 +5,14 @@ let fqdn = "git.${domain}"; in serverSystemConfiguration { - age.secrets."cube/password.mail.forgejo".owner = "forgejo"; - age.secrets."cube/password.runner.forgejo".owner = "forgejo"; + age.secrets."hosts/cube/forgejo/password.mail" = { + file = ./password.mail.age; + owner = "forgejo"; + }; + age.secrets."hosts/cube/forgejo/password.runner" = { + file = ./password.runner.age; + owner = "forgejo"; + }; services.postgresql = { ensureDatabases = [ "forgejo" ]; @@ -36,7 +42,7 @@ in serverSystemConfiguration { "act:docker://ghcr.io/catthehacker/ubuntu:act-latest" ]; - tokenFile = config.age.secrets."cube/password.runner.forgejo".path; + tokenFile = config.age.secrets."hosts/cube/forgejo/password.runner".path; settings = { cache.enabled = true; @@ -59,7 +65,7 @@ in serverSystemConfiguration { services.forgejo = enabled { lfs = enabled {}; - mailerPasswordFile = config.age.secrets."cube/password.mail.forgejo".path; + mailerPasswordFile = config.age.secrets."hosts/cube/forgejo/password.mail".path; database = { socket = "/run/postgresql"; diff --git a/secrets/cube/password.mail.forgejo.age b/hosts/cube/forgejo/password.mail.age similarity index 100% rename from secrets/cube/password.mail.forgejo.age rename to hosts/cube/forgejo/password.mail.age diff --git a/secrets/cube/password.runner.forgejo.age b/hosts/cube/forgejo/password.runner.age similarity index 100% rename from secrets/cube/password.runner.forgejo.age rename to hosts/cube/forgejo/password.runner.age diff --git a/hosts/cube/grafana.nix b/hosts/cube/grafana/default.nix similarity index 80% rename from hosts/cube/grafana.nix rename to hosts/cube/grafana/default.nix index c4b49d1..1031e34 100644 --- a/hosts/cube/grafana.nix +++ b/hosts/cube/grafana/default.nix @@ -5,8 +5,14 @@ let fqdn = "metrics.${domain}"; in serverSystemConfiguration { - age.secrets."cube/password.grafana".owner = "grafana"; - age.secrets."cube/password.mail.grafana".owner = "grafana"; + age.secrets."hosts/cube/grafana/password" = { + file = ./password.age; + owner = "grafana"; + }; + age.secrets."hosts/cube/grafana/password.mail" = { + file = ./password.mail.age; + owner = "grafana"; + }; services.fail2ban.jails.grafana.settings = { filter = "grafana"; @@ -46,7 +52,7 @@ in serverSystemConfiguration { settings.security = { admin_email = "metrics@${domain}"; - admin_password = "$__file{${config.age.secrets."cube/password.grafana".path}}"; + admin_password = "$__file{${config.age.secrets."hosts/cube/grafana/password".path}}"; admin_user = "admin"; cookie_secure = true; @@ -58,7 +64,7 @@ in serverSystemConfiguration { settings.smtp = { enabled = true; - password = "$__file{${config.age.secrets."cube/password.mail.grafana".path}}"; + password = "$__file{${config.age.secrets."hosts/cube/grafana/password.mail".path}}"; startTLS_policy = "MandatoryStartTLS"; ehlo_identity = "contact@${domain}"; diff --git a/hosts/cube/grafana/password.age b/hosts/cube/grafana/password.age new file mode 100644 index 0000000..a9816e2 Binary files /dev/null and b/hosts/cube/grafana/password.age differ diff --git a/hosts/cube/grafana/password.mail.age b/hosts/cube/grafana/password.mail.age new file mode 100644 index 0000000..01e8aee --- /dev/null +++ b/hosts/cube/grafana/password.mail.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 +rZ0Tw xkWa1fXAqQk5S+VNegGJpwGGDK0S3U+/QqPqSJgDUzI +xQRrNt48YL6ueLKKN4VXZuwzP0wu7AykvShOTv06YVQ +--- pEof9mZkQfWKgX5jrFGissq6m8/CvS7O2G52d/XbS8w +,5Kh#s( z_IipY/=ܯRwS \ No newline at end of file diff --git a/hosts/cube/mail.nix b/hosts/cube/mail/default.nix similarity index 91% rename from hosts/cube/mail.nix rename to hosts/cube/mail/default.nix index 6b2fae5..fef217c 100644 --- a/hosts/cube/mail.nix +++ b/hosts/cube/mail/default.nix @@ -5,6 +5,8 @@ let fqdn = "mail.${domain}"; in serverSystemConfiguration { + age.secrets."hosts/cube/mail/password".file = ./password.age; + services.prometheus = { exporters.postfix = enabled { port = 9040; @@ -72,7 +74,7 @@ in serverSystemConfiguration { loginAccounts."contact@${domain}" = { aliases = [ "@${domain}" ]; - hashedPasswordFile = config.age.secrets."cube/password.hash.mail".path; + hashedPasswordFile = config.age.secrets."hosts/cube/mail/password".path; }; }; } diff --git a/hosts/cube/mail/password.age b/hosts/cube/mail/password.age new file mode 100644 index 0000000..54765f9 Binary files /dev/null and b/hosts/cube/mail/password.age differ diff --git a/hosts/cube/matrix-synapse.nix b/hosts/cube/matrix-synapse/default.nix similarity index 88% rename from hosts/cube/matrix-synapse.nix rename to hosts/cube/matrix-synapse/default.nix index 72e27ca..e53b84e 100644 --- a/hosts/cube/matrix-synapse.nix +++ b/hosts/cube/matrix-synapse/default.nix @@ -35,8 +35,14 @@ let synapsePort = 8001; syncPort = 8002; in serverSystemConfiguration { - age.secrets."cube/password.secret.matrix-synapse".owner = "matrix-synapse"; - age.secrets."cube/password.sync.matrix-synapse".owner = "matrix-synapse"; + age.secrets."hosts/cube/matrix-synapse/password.secret" = { + file = ./password.secret.age; + owner = "matrix-synapse"; + }; + age.secrets."hosts/cube/matrix-synapse/password.sync" = { + file = ./password.sync.age; + owner = "matrix-synapse"; + }; services.postgresql = { ensureDatabases = [ "matrix-synapse" "matrix-sliding-sync" ]; @@ -82,7 +88,7 @@ in serverSystemConfiguration { }; # Sets registration_shared_secret. - extraConfigFiles = [ config.age.secrets."cube/password.secret.matrix-synapse".path ]; + extraConfigFiles = [ config.age.secrets."hosts/cube/matrix-synapse/password.secret".path ]; settings.listeners = [{ port = synapsePort; @@ -109,7 +115,7 @@ in serverSystemConfiguration { }]; services.matrix-sliding-sync = enabled { - environmentFile = config.age.secrets."cube/password.sync.matrix-synapse".path; + environmentFile = config.age.secrets."hosts/cube/matrix-synapse/password.sync".path; settings = { SYNCV3_SERVER = "https://${chatDomain}"; SYNCV3_DB = "postgresql:///matrix-sliding-sync?host=/run/postgresql"; diff --git a/hosts/cube/matrix-synapse/password.secret.age b/hosts/cube/matrix-synapse/password.secret.age new file mode 100644 index 0000000..40911ac Binary files /dev/null and b/hosts/cube/matrix-synapse/password.secret.age differ diff --git a/hosts/cube/matrix-synapse/password.sync.age b/hosts/cube/matrix-synapse/password.sync.age new file mode 100644 index 0000000..efa6027 --- /dev/null +++ b/hosts/cube/matrix-synapse/password.sync.age @@ -0,0 +1,6 @@ +age-encryption.org/v1 +-> ssh-ed25519 +rZ0Tw qnll3AmLOYVpsLP78bOa0F20HjoN0dOFK2Rk/Ye5w24 +Gsmy22GHYX+0dlrUJalVlPXTWyzCz7q9W5gQza71XbA +--- UQhQek9ss1w8rqxj7HQxh8H/uaIsTK5SIfxqCAe1xoQ +fɏ ZrUZ'P~@f 5_cru/<Q|fY[r^SO6}> +d!HkZXr$j [\nB(/# \ No newline at end of file diff --git a/hosts/cube/nextcloud/default.nix b/hosts/cube/nextcloud/default.nix index e6075eb..f5dfdba 100644 --- a/hosts/cube/nextcloud/default.nix +++ b/hosts/cube/nextcloud/default.nix @@ -5,7 +5,10 @@ let fqdn = "cloud.${domain}"; in serverSystemConfiguration { - age.secrets."cube/password.nextcloud".owner = "nextcloud"; + age.secrets."hosts/cube/nextcloud/password" = { + file = ./password.age; + owner = "nextcloud"; + }; services.postgresql = { ensureDatabases = [ "nextcloud" ]; @@ -39,7 +42,7 @@ in serverSystemConfiguration { configureRedis = true; config.adminuser = "admin"; - config.adminpassFile = config.age.secrets."cube/password.nextcloud".path; + config.adminpassFile = config.age.secrets."hosts/cube/nextcloud/password".path; config.dbhost = "/run/postgresql"; config.dbtype = "pgsql"; diff --git a/hosts/cube/nextcloud/password.age b/hosts/cube/nextcloud/password.age new file mode 100644 index 0000000..5836b95 --- /dev/null +++ b/hosts/cube/nextcloud/password.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 +rZ0Tw 3QOn//uIWJTnBEVz3bn3s3yQlAeGDCynaJ4C+2Zi8iE +AsPa4woWILuLVS0bvkLBddda9mQqJ9CS1hkWwhNrLg8 +--- 7XNX3eRRei1LrcRiQSLgHJ0OkYt145uDVq+gtN/A9tk +\KDr.'QDML3I3 \ No newline at end of file diff --git a/hosts/cube/password.rgb.age b/hosts/cube/password.rgb.age new file mode 100644 index 0000000..fc247cc --- /dev/null +++ b/hosts/cube/password.rgb.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 +rZ0Tw 5+B9syGilyIjTRiIbR/tQqIRZ5ZUax8gOIZR62lYGhw +vTzxsGNvqnZKGkDHy2+gyIIPqLXZltVBzwEQ5HeuLO0 +--- eRFepEnDGHeb96HOq0kZOvILnQlL/WCf8fnVJbFHP8w +iao'D̗c[\;m/K݂s0 r)Vh}xhzqA}wD ٫VP1jۛ%J- \ No newline at end of file diff --git a/hosts/enka/default.nix b/hosts/enka/default.nix index 4f66372..f7cf2a7 100644 --- a/hosts/enka/default.nix +++ b/hosts/enka/default.nix @@ -6,18 +6,21 @@ time.timeZone = "Europe/Istanbul"; - users.users.root.hashedPasswordFile = config.age.secrets."enka/password.hash.said".path; + age.secrets."hosts/enka/password.said".file = ./password.said.age; + age.secrets."hosts/enka/password.orhan".file = ./password.orhan.age; + + users.users.root.hashedPasswordFile = config.age.secrets."hosts/enka/password.said".path; users.users.said = graphicalUser { description = "Said"; extraGroups = [ "wheel" ]; - hashedPasswordFile = config.age.secrets."enka/password.hash.said".path; + hashedPasswordFile = config.age.secrets."hosts/enka/password.said".path; uid = 1000; }; users.users.orhan = graphicalUser { description = "Orhan"; - hashedPasswordFile = config.age.secrets."enka/password.hash.orhan".path; + hashedPasswordFile = config.age.secrets."hosts/enka/password.orhan".path; uid = 1001; }; diff --git a/hosts/enka/password.orhan.age b/hosts/enka/password.orhan.age new file mode 100644 index 0000000..2f79af2 --- /dev/null +++ b/hosts/enka/password.orhan.age @@ -0,0 +1,13 @@ +age-encryption.org/v1 +-> ssh-rsa jPaU3Q +M19jE1+l5CGuAbWy3AAhJcVtW9E1b8al9rgjSJ26ESewP5fipabiW8/KEA6QowU4 +NbFFu9Za0Sqo2ly5AS7kubYROCYQE238cZgMfVG15nFmIP1s3MY8hNZFaeJdjYJW +W8SLTddBA5xWBzfNH2ZtW7KBICMgl5+mKAj35pB6qxcZjj274llFy8d8Xs0UsyDW +4exLZdzbgCXC5JXVgZpOR0Ou0AdJPtHIxYmkaS+gjkr45fSo3XGSepxRw+SOlkV/ +0kQgyw5KPPNZZ9wXo89P4zponyWNqQCKPaxXbGJl44mKBXLxFSvCPjjuAZ7cZ+xn +vd2ZcwztgLV84JT5pSJbUwjo6a5GrzOJ3/frxYgG4MK5foM8iyZ6cHFpNVeyOx/b +IhfCdFc71+c+hfLpa1OETlKYEVYHDQ/nuAELAy81bfEa8OL1yh8q75gJZukgwWX8 +QEJLzwsN/496uBbFwwjj05R4feu35Iql1XLqOrTaixUA6uSdWjsnJscENFpchfzI + +--- 06pUnwHPhIIgovnUcakwOCjfK5Et4twJF8NChBf3G9o + g0Fӻͱ*U;GKsqH-ތ-M v% ojdOxCkJren:KBM7 \ No newline at end of file diff --git a/hosts/enka/password.said.age b/hosts/enka/password.said.age new file mode 100644 index 0000000..fb4dcd2 --- /dev/null +++ b/hosts/enka/password.said.age @@ -0,0 +1,13 @@ +age-encryption.org/v1 +-> ssh-rsa jPaU3Q +fNM8bL9QB/wvgB+MZOfWXDrPMCc/2bs3B5t1xgXe/Z6I0HXcnL/G1ipebvth/+Mr +Wv6bMPgPPwrxvWaoC84PHTclp8kqsipTYO4r40cB5F7Yyq+oBOHlm3Kd1SGSPQQn +FPCA0BxFhYQuHtQuqEdoMRZ5YxgoxWoso1gAAMzcnhac9HVK595F4HITpYzs453Q +UTW+c1UigqvI70YNKo2jNSqAwJh2rA4EP/ivz5Y0fOv/WD8TpygbFdbFhvLZ4rBS +NveQrMJcha/KArzu5cxYuQq+vF7ckGmPygGSMGkXCbb66ET8Mj/daBhfPfZ+nC+v +eaBOlAJ4y+jUwajn3PlWelOjUTNoDHdp8I/xHtJs1avmlWhv8pdA/vR/61C0mApd +39uzl2XsnvKQkqlE2CD618h1xsmXk9RDxzUzDuejO0Kv1Of7+SsR1Swk7IKaJQpB +SzAfBCtnJxRsTIDVcBvqtb1cJiBgJt5/FFN8IGa9C0Hf3lFvB8qqR2BlwijhfGi/ + +--- JmxH14QpQiLryhESgYyK4H7fpol168CbjecUwfnRFRM +bd!<&-1esă{OqG~.cmu!$(!/asvzw6CE2>.xBb=Ԑgj ssh-ed25519 +rZ0Tw FIt0hA2bl/r3zRNh/Ge0falVQFtN0nEaEnB+yVM8xAQ -R5FMyM3mvsY9VN5M5BZUnONIXYEK+apQAz/eo23u6pY ---- YmsJMVVOqUkeffeu8Y0kvQj1jPw7LHPc3t8kMGME5mM -Э2RCם;fm {))gN)}U4zrZ~{A;f%4awb.ϗqQ7S$ɠ||G4oWZKR4ﮭ˽[onB"dl4ð9U~cG,N 0`鿇 \ No newline at end of file diff --git a/secrets/cube/password.grafana.age b/secrets/cube/password.grafana.age deleted file mode 100644 index 2994a4b..0000000 --- a/secrets/cube/password.grafana.age +++ /dev/null @@ -1,5 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 +rZ0Tw IRSz6OlQIRTzg02u754CEOKaatzt740YzfhowALePwc -j82Zc4XLnEUnuvt5bnvcxMpHp80UWt24JimfA4MOoKA ---- jBWCSgdLuA6ATl35gBsNwKT8Wv9gcsovQGqljlqqxRw -O4ўC*/\]$GoH$X> \ No newline at end of file diff --git a/secrets/cube/password.hash.mail.age b/secrets/cube/password.hash.mail.age deleted file mode 100644 index ee2e918..0000000 --- a/secrets/cube/password.hash.mail.age +++ /dev/null @@ -1,5 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 +rZ0Tw 9umH7uCQ70QwO6MxQutKpazOcTfLH2w0XoEbhKIVCls -052qFDNcYPVtpAd9o/gVl2h/yR5LviLYPKXD4mxdDkE ---- uldKptLWhSWkYbOwoOKRCUaIvRkHmAeK5j8KQ6jspHI -rpY86ώ/:OtkU0q 8xkX@2 g}zv.iI<:Y \ No newline at end of file diff --git a/secrets/cube/password.hash.rgb.age b/secrets/cube/password.hash.rgb.age deleted file mode 100644 index fdf511c..0000000 --- a/secrets/cube/password.hash.rgb.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 +rZ0Tw pavYW4DxwidelX0yh6W3xD0uGv+RSK8AOGccIXRbu24 -SB21TrxyZUNxBaBjrCWHDGRyeUWAM5jbM/Ps2w1GdgM ---- js5hNinbe1Y7pq6RF75ScCdjMU/IxYJk9m9zbQUz9z4 -V`D9U|ӞT -GCyGu0m9GQ(k'g+腍 -?o )s>$g7?Lo:X{ \ No newline at end of file diff --git a/secrets/cube/password.mail.grafana.age b/secrets/cube/password.mail.grafana.age deleted file mode 100644 index 2113e92..0000000 --- a/secrets/cube/password.mail.grafana.age +++ /dev/null @@ -1,6 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 +rZ0Tw k4u86tbxSaZTIr9QzN2P+md9WwGvn93jOXqR2JHWy30 -tG7p/GaP0MhTqbAin3KmIMCrE67Ls3NYoztcJT8r7po ---- cmz8sBFqHk8RyAae/gBqrWgjCyHrVtngjZGn1xQOze8 -9rgM׶9gz -@uO0ץa \ No newline at end of file diff --git a/secrets/cube/password.nextcloud.age b/secrets/cube/password.nextcloud.age deleted file mode 100644 index 17033a8..0000000 --- a/secrets/cube/password.nextcloud.age +++ /dev/null @@ -1,5 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 +rZ0Tw okdsP260oVUSzMwXwa71LPNIxKCH9IqA99r632rFk0M -IYV5CmqbsbDX4GhLA+OkcPTXD0Cen+8s1AQ0wzyeSbc ---- QDLGYNZYfCfioRt85MeDYj5bXY21Zsx8NA9IGae6Mvo -Ҽ M`2.|sYWY&SChz \ No newline at end of file diff --git a/secrets/cube/password.secret.matrix-synapse.age b/secrets/cube/password.secret.matrix-synapse.age deleted file mode 100644 index 9b9c213..0000000 Binary files a/secrets/cube/password.secret.matrix-synapse.age and /dev/null differ diff --git a/secrets/cube/password.sync.matrix-synapse.age b/secrets/cube/password.sync.matrix-synapse.age deleted file mode 100644 index 6d47c5b..0000000 Binary files a/secrets/cube/password.sync.matrix-synapse.age and /dev/null differ diff --git a/secrets/default.nix b/secrets/default.nix deleted file mode 100644 index 9c0259c..0000000 --- a/secrets/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ lib, ulib, ... }: with ulib; - -systemConfiguration { - age.secrets = lib.genAttrs - (map - (lib.removeSuffix ".age") - (builtins.attrNames - (builtins.removeAttrs (import ./secrets.nix) [ "keys" ]))) - (name: { file = ./${name}.age; }); -} diff --git a/secrets/enka/password.hash.orhan.age b/secrets/enka/password.hash.orhan.age deleted file mode 100644 index f01abf4..0000000 --- a/secrets/enka/password.hash.orhan.age +++ /dev/null @@ -1,13 +0,0 @@ -age-encryption.org/v1 --> ssh-rsa jPaU3Q -uVq0J1PS5EJlU6sFDxSNuyh2qBcZvvrtYpLyRNThxQOg3K7eP/lnTgrR3LADUfgq -drnhATToI5JvYpahIr6qio40pmVVSP2KbOQdoRFC4i1zGAQEy6NgGPLdmeZ76wIx -dMBiwDPcUH2+Vxy5oRGbT0NGkUWHvU58axlFpC85IrSmdLFDISyd5WcWNZwG72Jh -Cw6RCRe+dOp7RDNmE9UEu9CTGaGgKtkDqxNgGX1ZnjhPNmYbCLs8ncUEPCRBLc5C -0jYgPHgLlBXE+rTUkJgiKFwqfv4G0f5VFW94ndDgUoek/d/+cOOkHvzwfSG5Ap1L -6Ib2R667NDTBtxYggT2BLsNJz/vZNRz3vcABPQYHcBfbsgwoJ+p6KGrDOV8xhZ9L -NEo5MCaksIcRBDLYI0cRICgl/mPyZTs+GkXv21dS7yYU662+5hHYcHOXLd7CF48a -h+m74qmi0cDOJI8yEAyGi6lBGjMCdu64fMoog1XhUh+q31oTrVT4NNdflM4hWSzo - ---- uTCYebEZ6buIwDxK6HNo9itri05JHpbrZbeYynquS8I -Б"$6rubrY[eBN۴-̏mb1W|&8S) *n%E~ͨX:fቶ}o?EzhXM \ No newline at end of file diff --git a/secrets/enka/password.hash.said.age b/secrets/enka/password.hash.said.age deleted file mode 100644 index 902ccfa..0000000 Binary files a/secrets/enka/password.hash.said.age and /dev/null differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix deleted file mode 100644 index 3868d89..0000000 --- a/secrets/secrets.nix +++ /dev/null @@ -1,31 +0,0 @@ -let - keys = { - enka = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRSLWxpIMOZIQv9ggDnAwSxmux/TZvuEPgq2HFiH+oI2OE07xYQAiroBVI5HH+aIg1nwpYtArANoD8V9Hrx2XCo2py/fMi9LhJWNMlFVcRLqYrCmrZYhBqZhxXIdY+wXqkSE7kvTKsz84BrhwilfA/bqTgVw2Ro6w0RnTzUhlYx4w10DT3isN09cQJMgvuyWNRlpGpkEGhPwyXythKM2ERoHTfq/XtpiGZQeLr6yoTTd9q4rbvnGGka5IUEz3RrmeXEs13l02IY6dCUFJkRRsK8dvB9zFjQyM08IqdaoHeudZoCOsnl/AiegZ7C5FoYEKIXY86RqxS3TH3nwuxe2fXTNr9gwf2PumM1Yh2WxV4+pHQOksxW8rWgv1nXMT5AG0RrJxr+S0Nn7NBbzCImrprX3mg4vJqT24xcUjUSDYllEMa2ioXGCeff8cwVKK/Ly5fwj0AX1scjiw+b7jD6VvDLA5z+ALwCblxiRMCN0SOMk9/V2Xsg9YIRMHyQwpqu8k= nixos@enka"; - cube = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINMkCJeHcD0SIOZ4HkyF6rqUmbvlKhSha3HWMZ0hbIjp rgb@cube"; - }; - - key = key: [ key ]; -in with keys; { - inherit keys; - - "cube/id.age".publicKeys = key cube; - - "cube/password.hash.mail.age".publicKeys = key cube; - "cube/password.hash.rgb.age".publicKeys = key cube; - - "cube/password.acme.age".publicKeys = key cube; - - "cube/password.mail.forgejo.age".publicKeys = key cube; - "cube/password.runner.forgejo.age".publicKeys = key cube; - - "cube/password.grafana.age".publicKeys = key cube; - "cube/password.mail.grafana.age".publicKeys = key cube; - - "cube/password.secret.matrix-synapse.age".publicKeys = key cube; - "cube/password.sync.matrix-synapse.age".publicKeys = key cube; - - "cube/password.nextcloud.age".publicKeys = key cube; - - "enka/password.hash.orhan.age".publicKeys = key enka; - "enka/password.hash.said.age".publicKeys = key enka; -}