RGBCube/ncc
1
Fork 0
mirror of https://github.com/RGBCube/ncc synced 2025-07-28 10:37:44 +00:00
Code Issues Activity

Sanify agenix situation

Browse source
This commit is contained in:
RGBCube 2024-03-27 09:37:43 +03:00
parent a6b9665856
commit f145bdaa4a
No known key found for this signature in database
37 changed files with 134 additions and 116 deletions
Download patch file Download diff file Expand all files Collapse all files

13
.gitignore vendored
View file

@ -2,9 +2,18 @@
!derivations/
!docs/
!hosts/
!hosts/enka/
!hosts/cube/
!hosts/cube/acme/
!hosts/cube/forgejo/
!hosts/cube/grafana/
!hosts/cube/mail/
!hosts/cube/matrix-synapse/
!hosts/cube/nextcloud/
!modules/
@ -14,10 +23,6 @@
!lib/
!secrets/
!secrets/cube/
!secrets/enka/
!.gitignore
!flake.lock

9
flake.nix
View file

@ -161,7 +161,7 @@
};
in defaults // other;
keys = (import ./secrets/secrets.nix).keys;
keys = import ./keys.nix;
theme = themes.custom (themes.raw.gruvbox-dark-hard // {
cornerRadius = 8;
@ -202,7 +202,9 @@
mapDirectory = function: directory: with builtins;
attrValues (mapAttrs function (readDir directory));
nullIfUnderscore = name: if (builtins.substring 0 1 name) == "_" then
nullIfUnderscoreOrNotNix = name: if (builtins.substring 0 1 name) == "_" then
null
else if lib.hasSuffix ".age" name then
null
else
name;
@ -210,12 +212,11 @@
filterNull = builtins.filter (x: x != null);
importDirectory = directory:
filterNull (mapDirectory (name: _: lib.mapNullable (name: /${directory}/${name}) (nullIfUnderscore name)) directory);
filterNull (mapDirectory (name: _: lib.mapNullable (name: /${directory}/${name}) (nullIfUnderscoreOrNotNix name)) directory);
in [
homeManager.nixosModules.default
ageNix.nixosModules.default
./secrets
simpleMail.nixosModules.default

4
hosts/cube/acme.nix → hosts/cube/acme/default.nix
View file

@ -3,11 +3,13 @@
let
inherit (config.networking) domain;
in serverSystemConfiguration {
age.secrets."hosts/cube/acme/password".file = ./password.age;
security.acme = {
acceptTerms = true;
defaults = {
environmentFile = config.age.secrets."cube/password.acme".path;
environmentFile = config.age.secrets."hosts/cube/acme/password".path;
dnsProvider = "cloudflare";
dnsResolver = "1.1.1.1";
email = "security@${domain}";

BIN
hosts/cube/acme/password.age Normal file
View file

Binary file not shown.

6
hosts/cube/default.nix
View file

@ -8,13 +8,15 @@
time.timeZone = "Europe/Amsterdam";
users.users.root.hashedPasswordFile = config.age.secrets."cube/password.hash.rgb".path;
age.secrets."hosts/cube/password.rgb".file = ./password.rgb.age;
users.users.root.hashedPasswordFile = config.age.secrets."hosts/cube/password.rgb".path;
users.users.rgb = normalUser {
description = "RGB";
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [ keys.enka ];
hashedPasswordFile = config.age.secrets."cube/password.hash.rgb".path;
hashedPasswordFile = config.age.secrets."hosts/cube/password.rgb".path;
};
})

14
hosts/cube/forgejo.nix → hosts/cube/forgejo/default.nix
View file

@ -5,8 +5,14 @@ let
fqdn = "git.${domain}";
in serverSystemConfiguration {
age.secrets."cube/password.mail.forgejo".owner = "forgejo";
age.secrets."cube/password.runner.forgejo".owner = "forgejo";
age.secrets."hosts/cube/forgejo/password.mail" = {
file = ./password.mail.age;
owner = "forgejo";
};
age.secrets."hosts/cube/forgejo/password.runner" = {
file = ./password.runner.age;
owner = "forgejo";
};
services.postgresql = {
ensureDatabases = [ "forgejo" ];
@ -36,7 +42,7 @@ in serverSystemConfiguration {
"act:docker://ghcr.io/catthehacker/ubuntu:act-latest"
];
tokenFile = config.age.secrets."cube/password.runner.forgejo".path;
tokenFile = config.age.secrets."hosts/cube/forgejo/password.runner".path;
settings = {
cache.enabled = true;
@ -59,7 +65,7 @@ in serverSystemConfiguration {
services.forgejo = enabled {
lfs = enabled {};
mailerPasswordFile = config.age.secrets."cube/password.mail.forgejo".path;
mailerPasswordFile = config.age.secrets."hosts/cube/forgejo/password.mail".path;
database = {
socket = "/run/postgresql";

0
secrets/cube/password.mail.forgejo.age → hosts/cube/forgejo/password.mail.age
View file

0
secrets/cube/password.runner.forgejo.age → hosts/cube/forgejo/password.runner.age
View file

14
hosts/cube/grafana.nix → hosts/cube/grafana/default.nix
View file

@ -5,8 +5,14 @@ let
fqdn = "metrics.${domain}";
in serverSystemConfiguration {
age.secrets."cube/password.grafana".owner = "grafana";
age.secrets."cube/password.mail.grafana".owner = "grafana";
age.secrets."hosts/cube/grafana/password" = {
file = ./password.age;
owner = "grafana";
};
age.secrets."hosts/cube/grafana/password.mail" = {
file = ./password.mail.age;
owner = "grafana";
};
services.fail2ban.jails.grafana.settings = {
filter = "grafana";
@ -46,7 +52,7 @@ in serverSystemConfiguration {
settings.security = {
admin_email = "metrics@${domain}";
admin_password = "$__file{${config.age.secrets."cube/password.grafana".path}}";
admin_password = "$__file{${config.age.secrets."hosts/cube/grafana/password".path}}";
admin_user = "admin";
cookie_secure = true;
@ -58,7 +64,7 @@ in serverSystemConfiguration {
settings.smtp = {
enabled = true;
password = "$__file{${config.age.secrets."cube/password.mail.grafana".path}}";
password = "$__file{${config.age.secrets."hosts/cube/grafana/password.mail".path}}";
startTLS_policy = "MandatoryStartTLS";
ehlo_identity = "contact@${domain}";

BIN
hosts/cube/grafana/password.age Normal file
View file

Binary file not shown.

5
hosts/cube/grafana/password.mail.age Normal file
View file

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw xkWa1fXAqQk5S+VNegGJpwGGDK0S3U+/QqPqSJgDUzI
xQRrNt48YL6ueLKKN4VXZuwzP0wu7AykvShOTv06YVQ
--- pEof9mZkQfWKgX5jrFGissq6m8/CvS7O2G52d/XbS8w
Ñ,5 ÜK¬h×¾#s®( z™_IipY/ð=¸£Ü¯øßRw•S“¹

4
hosts/cube/mail.nix → hosts/cube/mail/default.nix
View file

@ -5,6 +5,8 @@ let
fqdn = "mail.${domain}";
in serverSystemConfiguration {
age.secrets."hosts/cube/mail/password".file = ./password.age;
services.prometheus = {
exporters.postfix = enabled {
port = 9040;
@ -72,7 +74,7 @@ in serverSystemConfiguration {
loginAccounts."contact@${domain}" = {
aliases = [ "@${domain}" ];
hashedPasswordFile = config.age.secrets."cube/password.hash.mail".path;
hashedPasswordFile = config.age.secrets."hosts/cube/mail/password".path;
};
};
}

BIN
hosts/cube/mail/password.age Normal file
View file

Binary file not shown.

14
hosts/cube/matrix-synapse.nix → hosts/cube/matrix-synapse/default.nix
View file

@ -35,8 +35,14 @@ let
synapsePort = 8001;
syncPort = 8002;
in serverSystemConfiguration {
age.secrets."cube/password.secret.matrix-synapse".owner = "matrix-synapse";
age.secrets."cube/password.sync.matrix-synapse".owner = "matrix-synapse";
age.secrets."hosts/cube/matrix-synapse/password.secret" = {
file = ./password.secret.age;
owner = "matrix-synapse";
};
age.secrets."hosts/cube/matrix-synapse/password.sync" = {
file = ./password.sync.age;
owner = "matrix-synapse";
};
services.postgresql = {
ensureDatabases = [ "matrix-synapse" "matrix-sliding-sync" ];
@ -82,7 +88,7 @@ in serverSystemConfiguration {
};
# Sets registration_shared_secret.
extraConfigFiles = [ config.age.secrets."cube/password.secret.matrix-synapse".path ];
extraConfigFiles = [ config.age.secrets."hosts/cube/matrix-synapse/password.secret".path ];
settings.listeners = [{
port = synapsePort;
@ -109,7 +115,7 @@ in serverSystemConfiguration {
}];
services.matrix-sliding-sync = enabled {
environmentFile = config.age.secrets."cube/password.sync.matrix-synapse".path;
environmentFile = config.age.secrets."hosts/cube/matrix-synapse/password.sync".path;
settings = {
SYNCV3_SERVER = "https://${chatDomain}";
SYNCV3_DB = "postgresql:///matrix-sliding-sync?host=/run/postgresql";

BIN
hosts/cube/matrix-synapse/password.secret.age Normal file
View file

Binary file not shown.

6
hosts/cube/matrix-synapse/password.sync.age Normal file
View file

@ -0,0 +1,6 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw qnll3AmLOYVpsLP78bOa0F20HjoN0dOFK2Rk/Ye5w24
Gsmy22GHYX+0dlrUJalVlPXTWyzCz7q9W5gQza71XbA
--- UQhQek9ss1w8rqxj7HQxh8H/uaIsTK5SIfxqCAe1xoQ
ÈfÉ<> ZôržŽU¬Z'²P<C2B2><E280A2>~@þŽf ã‡5_<35>Ëcru<72>ùÒË/<£÷ÚQ°é|fYŠ[‡rò^²<>SO6>
d!ÈHkZõXr$j [—\í…BüÃ(/ëÈÐÏ#

7
hosts/cube/nextcloud/default.nix
View file

@ -5,7 +5,10 @@ let
fqdn = "cloud.${domain}";
in serverSystemConfiguration {
age.secrets."cube/password.nextcloud".owner = "nextcloud";
age.secrets."hosts/cube/nextcloud/password" = {
file = ./password.age;
owner = "nextcloud";
};
services.postgresql = {
ensureDatabases = [ "nextcloud" ];
@ -39,7 +42,7 @@ in serverSystemConfiguration {
configureRedis = true;
config.adminuser = "admin";
config.adminpassFile = config.age.secrets."cube/password.nextcloud".path;
config.adminpassFile = config.age.secrets."hosts/cube/nextcloud/password".path;
config.dbhost = "/run/postgresql";
config.dbtype = "pgsql";

5
hosts/cube/nextcloud/password.age Normal file
View file

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw 3QOn//uIWJTnBEVz3bn3s3yQlAeGDCynaJ4C+2Zi8iE
AsPa4woWILuLVS0bvkLBddda9mQqJ9CS1hkWwhNrLg8
--- 7XNX3eRRei1LrcRiQSLgHJ0OkYt145uDVq+gtN/A9tk
˜²KD r.'Q…î‰ø°ü<C2B0>¦”¡DöÕML3óIš•Çû½3ðì

5
hosts/cube/password.rgb.age Normal file
View file

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw 5+B9syGilyIjTRiIbR/tQqIRZ5ZUax8gOIZR62lYGhw
vTzxsGNvqnZKGkDHy2+gyIIPqLXZltVBzwEQ5HeuLO0
--- eRFepEnDGHeb96HOq0kZOvILnQlL/WCf8fnVJbFHP8w
iaõþëo'DÝÌ—êc[‰º\;m/¤ÖëKÝÉù€ªðsÒê0óñ rð½û)Vàöh}¬™Ïxhðâzq¡A}w¢ÚDª— Ù«V÷×P1jÛÓ%ÁµJ-

9
hosts/enka/default.nix
View file

@ -6,18 +6,21 @@
time.timeZone = "Europe/Istanbul";
users.users.root.hashedPasswordFile = config.age.secrets."enka/password.hash.said".path;
age.secrets."hosts/enka/password.said".file = ./password.said.age;
age.secrets."hosts/enka/password.orhan".file = ./password.orhan.age;
users.users.root.hashedPasswordFile = config.age.secrets."hosts/enka/password.said".path;
users.users.said = graphicalUser {
description = "Said";
extraGroups = [ "wheel" ];
hashedPasswordFile = config.age.secrets."enka/password.hash.said".path;
hashedPasswordFile = config.age.secrets."hosts/enka/password.said".path;
uid = 1000;
};
users.users.orhan = graphicalUser {
description = "Orhan";
hashedPasswordFile = config.age.secrets."enka/password.hash.orhan".path;
hashedPasswordFile = config.age.secrets."hosts/enka/password.orhan".path;
uid = 1001;
};

13
hosts/enka/password.orhan.age Normal file
View file

@ -0,0 +1,13 @@
age-encryption.org/v1
-> ssh-rsa jPaU3Q
M19jE1+l5CGuAbWy3AAhJcVtW9E1b8al9rgjSJ26ESewP5fipabiW8/KEA6QowU4
NbFFu9Za0Sqo2ly5AS7kubYROCYQE238cZgMfVG15nFmIP1s3MY8hNZFaeJdjYJW
W8SLTddBA5xWBzfNH2ZtW7KBICMgl5+mKAj35pB6qxcZjj274llFy8d8Xs0UsyDW
4exLZdzbgCXC5JXVgZpOR0Ou0AdJPtHIxYmkaS+gjkr45fSo3XGSepxRw+SOlkV/
0kQgyw5KPPNZZ9wXo89P4zponyWNqQCKPaxXbGJl44mKBXLxFSvCPjjuAZ7cZ+xn
vd2ZcwztgLV84JT5pSJbUwjo6a5GrzOJ3/frxYgG4MK5foM8iyZ6cHFpNVeyOx/b
IhfCdFc71+c+hfLpa1OETlKYEVYHDQ/nuAELAy81bfEa8OL1yh8q75gJZukgwWX8
QEJLzwsN/496uBbFwwjj05R4feu35Iql1XLqOrTaixUA6uSdWjsnJscENFpchfzI
--- 06pUnwHPhIIgovnUcakwOCjfK5Et4twJF8NChBf3G9o
àçg0FÓ»Äͱõ*¯ŠŽUö;¢ÄÇÍGK½sÏqH-ÞŒ-Mí« v%Ç ¾o÷ºjdOx¸çCkìëÞÕÌçJrºªeÑn±:ÿKãBÓMœ7

13
hosts/enka/password.said.age Normal file
View file

@ -0,0 +1,13 @@
age-encryption.org/v1
-> ssh-rsa jPaU3Q
fNM8bL9QB/wvgB+MZOfWXDrPMCc/2bs3B5t1xgXe/Z6I0HXcnL/G1ipebvth/+Mr
Wv6bMPgPPwrxvWaoC84PHTclp8kqsipTYO4r40cB5F7Yyq+oBOHlm3Kd1SGSPQQn
FPCA0BxFhYQuHtQuqEdoMRZ5YxgoxWoso1gAAMzcnhac9HVK595F4HITpYzs453Q
UTW+c1UigqvI70YNKo2jNSqAwJh2rA4EP/ivz5Y0fOv/WD8TpygbFdbFhvLZ4rBS
NveQrMJcha/KArzu5cxYuQq+vF7ckGmPygGSMGkXCbb66ET8Mj/daBhfPfZ+nC+v
eaBOlAJ4y+jUwajn3PlWelOjUTNoDHdp8I/xHtJs1avmlWhv8pdA/vR/61C0mApd
39uzl2XsnvKQkqlE2CD618h1xsmXk9RDxzUzDuejO0Kv1Of7+SsR1Swk7IKaJQpB
SzAfBCtnJxRsTIDVcBvqtb1cJiBgJt5/FFN8IGa9C0Hf3lFvB8qqR2BlwijhfGi/
--- JmxH14QpQiLryhESgYyK4H7fpol168CbjecUwfnRFRM
bd!<&Š¦<C5A0>-1e³ƒs”ă¼{OqóG¡~Çû.c¸Šm‰u!Õ$(!/Ää¾aš§§æ´svz¡áw6ãCü¾êE2¢÷>ñ.xBÞb=€ËÿºÔ<C2BA>gjÎ<xàáýN

4
keys.nix Normal file
View file

@ -0,0 +1,4 @@
{
enka = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRSLWxpIMOZIQv9ggDnAwSxmux/TZvuEPgq2HFiH+oI2OE07xYQAiroBVI5HH+aIg1nwpYtArANoD8V9Hrx2XCo2py/fMi9LhJWNMlFVcRLqYrCmrZYhBqZhxXIdY+wXqkSE7kvTKsz84BrhwilfA/bqTgVw2Ro6w0RnTzUhlYx4w10DT3isN09cQJMgvuyWNRlpGpkEGhPwyXythKM2ERoHTfq/XtpiGZQeLr6yoTTd9q4rbvnGGka5IUEz3RrmeXEs13l02IY6dCUFJkRRsK8dvB9zFjQyM08IqdaoHeudZoCOsnl/AiegZ7C5FoYEKIXY86RqxS3TH3nwuxe2fXTNr9gwf2PumM1Yh2WxV4+pHQOksxW8rWgv1nXMT5AG0RrJxr+S0Nn7NBbzCImrprX3mg4vJqT24xcUjUSDYllEMa2ioXGCeff8cwVKK/Ly5fwj0AX1scjiw+b7jD6VvDLA5z+ALwCblxiRMCN0SOMk9/V2Xsg9YIRMHyQwpqu8k= said@enka";
cube = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINMkCJeHcD0SIOZ4HkyF6rqUmbvlKhSha3HWMZ0hbIjp rgb@cube";
}

18
secrets.nix Normal file
View file

@ -0,0 +1,18 @@
let
keys = import ./keys.nix;
in with builtins.mapAttrs (_: value: [ value ]) keys; {
"hosts/enka/password.orhan.age".publicKeys = enka;
"hosts/enka/password.said.age".publicKeys = enka;
"hosts/cube/acme/password.age".publicKeys = cube;
"hosts/cube/forjego/password.mail.age".publicKeys = cube;
"hosts/cube/forjego/password.runner.age".publicKeys = cube;
"hosts/cube/grafana/password.age".publicKeys = cube;
"hosts/cube/grafana/password.mail.age".publicKeys = cube;
"hosts/cube/mail/password.age".publicKeys = cube;
"hosts/cube/matrix-synapse/password.secret.age".publicKeys = cube;
"hosts/cube/matrix-synapse/password.sync.age".publicKeys = cube;
"hosts/cube/nextcloud/password.age".publicKeys = cube;
"hosts/cube/password.rgb.age".publicKeys = cube;
}

BIN
secrets/cube/id.age
View file

Binary file not shown.

5
secrets/cube/password.acme.age
View file

@ -1,5 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw FIt0hA2bl/r3zRNh/Ge0falVQFtN0nEaEnB+yVM8xAQ
R5FMyM3mvsY9VN5M5BZUnONIXYEK+apQAz/eo23u6pY
--- YmsJMVVOqUkeffeu8Y0kvQj1jPw7LHPc3t8kMGME5mM
Э2<0E>àRõÕCÜ×<C39C>ø;Åfm {¡)åúö)ÊgN)£Ä}U4¢zrÞÎÞú·ZÎç~Ç{A;f™œÆ%ø´4¡èa<10>ÑwµÁŠ»b.¬Ï—óªÜqQœ<51>7„S”$É ¦ù±”Ý|±¯|Gþ4ÐÆoWZKàÂëÇ­áR4ï®­˽¡á[on©ö±·B"ÞÈdlŸ4ð9öùUû~c®ˆG,N îË0Ñå`¶üí±ßì³鿇

5
secrets/cube/password.grafana.age
View file

@ -1,5 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw IRSz6OlQIRTzg02u754CEOKaatzt740YzfhowALePwc
j82Zc4XLnEUnuvt5bnvcxMpHp80UWt24JimfA4MOoKA
--- jBWCSgdLuA6ATl35gBsNwKT8Wv9gcsovQGqljlqqxRw
OµÁ•<EFBFBD>öÓÓ4ÑžC©*/…ã\]$ŸG©°oˆH²$X‰±…>œ

5
secrets/cube/password.hash.mail.age
View file

@ -1,5 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw 9umH7uCQ70QwO6MxQutKpazOcTfLH2w0XoEbhKIVCls
052qFDNcYPVtpAd9o/gVl2h/yR5LviLYPKXD4mxdDkE
--- uldKptLWhSWkYbOwoOKRCUaIvRkHmAeK5j8KQ6jspHI
ÑrpøYÖ8Þ6ÏŽ•Ü/:·ïž¤Otôk÷£U0—„Ý Š©8í³xãákX@á2 gÃ}ò¦¥zêvÌ.½ÁÕú·ùi—…€I<œ¤ë:Y“ü®

7
secrets/cube/password.hash.rgb.age
View file

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw pavYW4DxwidelX0yh6W3xD0uGv+RSK8AOGccIXRbu24
SB21TrxyZUNxBaBjrCWHDGRyeUWAM5jbM/Ps2w1GdgM
--- js5hNinbe1Y7pq6RF75ScCdjMU/IxYJk9m9zbQUz9z4
V¾ßñ`”ö<E2809D> D9ôU„<55>|ÓžÐT
GCyGuî0m9GQ⣔(œkÒù³»æ'¦çg+ïØÔ¬ªÝè…<C3A8>
¼ˆ?o )s>†‹$g7º?Lo:çòX{

6
secrets/cube/password.mail.grafana.age
View file

@ -1,6 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw k4u86tbxSaZTIr9QzN2P+md9WwGvn93jOXqR2JHWy30
tG7p/GaP0MhTqbAin3KmIMCrE67Ls3NYoztcJT8r7po
--- cmz8sBFqHk8RyAae/gBqrWgjCyHrVtngjZGn1xQOze8
9rgMÐ׶9±¬¹¥òíªgù<67>šÉzã<7A>
ý@ÕÙðuO·Þê0×¥ôa

5
secrets/cube/password.nextcloud.age
View file

@ -1,5 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw okdsP260oVUSzMwXwa71LPNIxKCH9IqA99r632rFk0M
IYV5CmqbsbDX4GhLA+OkcPTXD0Cen+8s1AQ0wzyeSbc
--- QDLGYNZYfCfioRt85MeDYj5bXY21Zsx8NA9IGae6Mvo
•…Ò¼½ M`2­|sÕýóY¤ÙÌ÷WYÒ&â¤ðöSCh£z

BIN
secrets/cube/password.secret.matrix-synapse.age
View file

Binary file not shown.

BIN
secrets/cube/password.sync.matrix-synapse.age
View file

Binary file not shown.

10
secrets/default.nix
View file

@ -1,10 +0,0 @@
{ lib, ulib, ... }: with ulib;
systemConfiguration {
age.secrets = lib.genAttrs
(map
(lib.removeSuffix ".age")
(builtins.attrNames
(builtins.removeAttrs (import ./secrets.nix) [ "keys" ])))
(name: { file = ./${name}.age; });
}

13
secrets/enka/password.hash.orhan.age
View file

@ -1,13 +0,0 @@
age-encryption.org/v1
-> ssh-rsa jPaU3Q
uVq0J1PS5EJlU6sFDxSNuyh2qBcZvvrtYpLyRNThxQOg3K7eP/lnTgrR3LADUfgq
drnhATToI5JvYpahIr6qio40pmVVSP2KbOQdoRFC4i1zGAQEy6NgGPLdmeZ76wIx
dMBiwDPcUH2+Vxy5oRGbT0NGkUWHvU58axlFpC85IrSmdLFDISyd5WcWNZwG72Jh
Cw6RCRe+dOp7RDNmE9UEu9CTGaGgKtkDqxNgGX1ZnjhPNmYbCLs8ncUEPCRBLc5C
0jYgPHgLlBXE+rTUkJgiKFwqfv4G0f5VFW94ndDgUoek/d/+cOOkHvzwfSG5Ap1L
6Ib2R667NDTBtxYggT2BLsNJz/vZNRz3vcABPQYHcBfbsgwoJ+p6KGrDOV8xhZ9L
NEo5MCaksIcRBDLYI0cRICgl/mPyZTs+GkXv21dS7yYU662+5hHYcHOXLd7CF48a
h+m74qmi0cDOJI8yEAyGi6lBGjMCdu64fMoog1XhUh+q31oTrVT4NNdflM4hWSzo
--- uTCYebEZ6buIwDxK6HNo9itri05JHpbrZbeYynquS8I
×ۿБ"$6°Šru¦bröYÎ[eB·ÑN©Û´<>mƒé×b1³…¢W|&‰8ô) *n¬%µE×Å~ÎͨX•:fቶï}o?EzÐh™XM

BIN
secrets/enka/password.hash.said.age
View file

Binary file not shown.

31
secrets/secrets.nix
View file

@ -1,31 +0,0 @@
let
keys = {
enka = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRSLWxpIMOZIQv9ggDnAwSxmux/TZvuEPgq2HFiH+oI2OE07xYQAiroBVI5HH+aIg1nwpYtArANoD8V9Hrx2XCo2py/fMi9LhJWNMlFVcRLqYrCmrZYhBqZhxXIdY+wXqkSE7kvTKsz84BrhwilfA/bqTgVw2Ro6w0RnTzUhlYx4w10DT3isN09cQJMgvuyWNRlpGpkEGhPwyXythKM2ERoHTfq/XtpiGZQeLr6yoTTd9q4rbvnGGka5IUEz3RrmeXEs13l02IY6dCUFJkRRsK8dvB9zFjQyM08IqdaoHeudZoCOsnl/AiegZ7C5FoYEKIXY86RqxS3TH3nwuxe2fXTNr9gwf2PumM1Yh2WxV4+pHQOksxW8rWgv1nXMT5AG0RrJxr+S0Nn7NBbzCImrprX3mg4vJqT24xcUjUSDYllEMa2ioXGCeff8cwVKK/Ly5fwj0AX1scjiw+b7jD6VvDLA5z+ALwCblxiRMCN0SOMk9/V2Xsg9YIRMHyQwpqu8k= nixos@enka";
cube = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINMkCJeHcD0SIOZ4HkyF6rqUmbvlKhSha3HWMZ0hbIjp rgb@cube";
};
key = key: [ key ];
in with keys; {
inherit keys;
"cube/id.age".publicKeys = key cube;
"cube/password.hash.mail.age".publicKeys = key cube;
"cube/password.hash.rgb.age".publicKeys = key cube;
"cube/password.acme.age".publicKeys = key cube;
"cube/password.mail.forgejo.age".publicKeys = key cube;
"cube/password.runner.forgejo.age".publicKeys = key cube;
"cube/password.grafana.age".publicKeys = key cube;
"cube/password.mail.grafana.age".publicKeys = key cube;
"cube/password.secret.matrix-synapse.age".publicKeys = key cube;
"cube/password.sync.matrix-synapse.age".publicKeys = key cube;
"cube/password.nextcloud.age".publicKeys = key cube;
"enka/password.hash.orhan.age".publicKeys = key enka;
"enka/password.hash.said.age".publicKeys = key enka;
}