From e03ce4e26c8b1f118b5d4a16b499195d2c9bfd62 Mon Sep 17 00:00:00 2001 From: Jake Hillion Date: Mon, 21 Oct 2024 08:54:19 +0100 Subject: [PATCH] phoenix: enable resilio sync and backups --- hosts/phoenix.st.ts.hillion.co.uk/default.nix | 26 ++++ modules/resilio.nix | 127 +++++++++++------- secrets/resilio/plain/dad.age | 39 +++--- secrets/resilio/plain/joseph.age | Bin 1088 -> 1198 bytes secrets/resilio/plain/projects.age | Bin 1088 -> 1198 bytes secrets/resilio/plain/resources.age | Bin 1088 -> 1198 bytes secrets/resilio/plain/sync.age | 38 +++--- secrets/secrets.nix | 10 +- 8 files changed, 154 insertions(+), 86 deletions(-) diff --git a/hosts/phoenix.st.ts.hillion.co.uk/default.nix b/hosts/phoenix.st.ts.hillion.co.uk/default.nix index 4a093d6..052a5a7 100644 --- a/hosts/phoenix.st.ts.hillion.co.uk/default.nix +++ b/hosts/phoenix.st.ts.hillion.co.uk/default.nix @@ -59,6 +59,32 @@ in interval = "Wed, 02:00"; }; + ## Resilio + custom.resilio = { + enable = true; + backups.enable = true; + + folders = + let + folderNames = [ + "dad" + "joseph" + "projects" + "resources" + "sync" + ]; + mkFolder = name: { + name = name; + secret = { + name = "resilio/plain/${name}"; + file = ../../secrets/resilio/plain/${name}.age; + }; + }; + in + builtins.map (mkFolder) folderNames; + }; + services.resilio.directoryRoot = "/${zpool_name}/users/jake/sync"; + ## Chia age.secrets."chia/farmer.key" = { file = ../../secrets/chia/farmer.key.age; diff --git a/modules/resilio.nix b/modules/resilio.nix index e73f3a6..9a1bf48 100644 --- a/modules/resilio.nix +++ b/modules/resilio.nix @@ -16,56 +16,93 @@ in type = with lib.types; uniq (listOf attrs); default = [ ]; }; + + backups = { + enable = lib.mkEnableOption "resilio.backups"; + }; }; - config = lib.mkIf cfg.enable { - users.users = - let - mkUser = - (user: { - name = user; + config = lib.mkIf cfg.enable (lib.mkMerge [ + { + users.users = + let + mkUser = + (user: { + name = user; + value = { + extraGroups = [ "rslsync" ]; + }; + }); + in + builtins.listToAttrs (builtins.map mkUser cfg.extraUsers); + + age.secrets = + let + mkSecret = (secret: { + name = secret.name; value = { - extraGroups = [ "rslsync" ]; + file = secret.file; + owner = "rslsync"; + group = "rslsync"; }; }); - in - builtins.listToAttrs (builtins.map mkUser cfg.extraUsers); - - age.secrets = - let - mkSecret = (secret: { - name = secret.name; - value = { - file = secret.file; - owner = "rslsync"; - group = "rslsync"; - }; - }); - in - builtins.listToAttrs (builtins.map (folder: mkSecret folder.secret) cfg.folders); - - services.resilio = { - enable = true; - deviceName = lib.mkOverride 999 (lib.strings.concatStringsSep "." (lib.lists.take 2 (lib.strings.splitString "." config.networking.fqdnOrHostName))); - - storagePath = lib.mkOverride 999 "${config.services.resilio.directoryRoot}/.sync"; - - sharedFolders = - let - mkFolder = name: secret: { - directory = "${config.services.resilio.directoryRoot}/${name}"; - secretFile = "${config.age.secrets."${secret.name}".path}"; - knownHosts = [ ]; - searchLAN = true; - useDHT = true; - useRelayServer = true; - useSyncTrash = false; - useTracker = true; - }; in - builtins.map (folder: mkFolder folder.name folder.secret) cfg.folders; - }; + builtins.listToAttrs (builtins.map (folder: mkSecret folder.secret) cfg.folders); - systemd.services.resilio.unitConfig.RequiresMountsFor = builtins.map (folder: "${config.services.resilio.directoryRoot}/${folder.name}") cfg.folders; - }; + services.resilio = { + enable = true; + deviceName = lib.mkOverride 999 (lib.strings.concatStringsSep "." (lib.lists.take 2 (lib.strings.splitString "." config.networking.fqdnOrHostName))); + + storagePath = lib.mkOverride 999 "${config.services.resilio.directoryRoot}/.sync"; + + sharedFolders = + let + mkFolder = name: secret: { + directory = "${config.services.resilio.directoryRoot}/${name}"; + secretFile = "${config.age.secrets."${secret.name}".path}"; + knownHosts = [ ]; + searchLAN = true; + useDHT = true; + useRelayServer = true; + useSyncTrash = false; + useTracker = true; + }; + in + builtins.map (folder: mkFolder folder.name folder.secret) cfg.folders; + }; + + systemd.services.resilio.unitConfig.RequiresMountsFor = builtins.map (folder: "${config.services.resilio.directoryRoot}/${folder.name}") cfg.folders; + } + + (lib.mkIf cfg.backups.enable { + age.secrets."resilio/restic/128G.key" = { + file = ../secrets/restic/128G.age; + owner = "rslsync"; + group = "rslsync"; + }; + services.restic.backups."resilio" = { + repository = "rest:https://restic.ts.hillion.co.uk/128G"; + user = "rslsync"; + passwordFile = config.age.secrets."resilio/restic/128G.key".path; + + timerConfig = { + OnBootSec = "10m"; + OnUnitInactiveSec = "15m"; + RandomizedDelaySec = "5m"; + }; + + paths = [ config.services.resilio.directoryRoot ]; + exclude = [ + "${config.services.resilio.directoryRoot}/.sync" + "${config.services.resilio.directoryRoot}/*/.sync" + + "${config.services.resilio.directoryRoot}/resources/media/films" + "${config.services.resilio.directoryRoot}/resources/media/iso" + "${config.services.resilio.directoryRoot}/resources/media/tv" + + "${config.services.resilio.directoryRoot}/dad/media" + ]; + }; + }) + ]); } diff --git a/secrets/resilio/plain/dad.age b/secrets/resilio/plain/dad.age index 5eadf39..ce97b85 100644 --- a/secrets/resilio/plain/dad.age +++ b/secrets/resilio/plain/dad.age @@ -1,21 +1,24 @@ age-encryption.org/v1 -> ssh-rsa GxPFJQ -EPZOBgPiAUU7ZB/+HAU/rrTRY+xYvbUxzWqDE6h58ld4NMG6+eBE7TRvzzfnYyYN -n97k00+h2ygm52hfoQFuUW7kXOAlZZDd3u9r45ELN9sx3sPM7dmuOyGMWca5VYf/ -jqObPcEdhbcr3SdTocsNM5e3hWYYyEO/bvDgoRWeckOR0WRWflVRUXXrUTfTnty2 -KAaNuTyOtxjJGo0T4GXEOzZrM1Bkhk9nLJPdFhC1JgYV/pjIRSYD5J3ddWYiHFX5 -uih9bOq2TK/HdNTw2Y+c37XywQjacxqWvrk32tlf270hy4a5+xIYmuwJW/njcFXd -7rkeEhpr6/vGftAZLhlLDw +W/JpTGL3h9Ie2UIPRhJ5l3KyR/TbWlgHgJY/XZNafW/mlMyZSKrA2imwyoq+vh5L +nztzl52lpvq8qQyF5jlfPsKJG/0bAPHhon63RPPj8fgh9Txp+lDVZpt8IMv3GT7v +j/wmQ1/6wTTDar2XDxn8Rz/Spn8EBnHvGNgNUEKrs6xwcWylX+dVwwobm8OsazMY +tLiw+NGC/ctQPJNKAUfgGrcovoOpsnYgbT5bi3NU5hma2oogMSAAL/O7LcxLy5ta +yccw6E+Uwy20FDccvZcUCpuceKa3UT8tFBS3mjH/CmCpcPpoT+Wnx8iguwPzsEE7 +5KDSNBjTnK9OmexEeJcVHw -> ssh-rsa K9mW1w -oRU8fuhEhxnLcbKB9XWZXcG41GFSfInyI+D3RP+Nvk0NV39rDiNZNUV25drZvAxo -iphA7XuHDxAP5ropBjtZLNpIQDVwQynRoPmtvJmz74bYOxSRtGBvN1U9R0LOBgBz -6Sd/DRuXKEmFBhNoaGbyi+s7RBalJaGfncHWdWSt58Pr7yVVlgX7hxk/YJ4fTLDv -pXFUnvfO6VeCUVzowTXEZ62vh72L4+lNETBcJOx/ckJveee8kWrY0WAaxKEOXiC5 -IVHjWHXXhXic56ShaDUOcjICoBlQMg9OgYf0lRLOAN1gCAN5DXbQOMsFl3S7VSsF -YhdmaKTuV6IJ7cy5RIIdLg --> ssh-ed25519 rjda/A 6iDdTEocgv06P/3+L1iWwq7Gm7a1b7T6lZShSM5EJRs -m/S+62etPaEeHwtlFBtzUfnx2nkOgiQgIgBKceAJHeQ --> ssh-ed25519 iWiFbA pfQMsGLDsG++Xm/fD818zYDmRAa2nC0k549NX2OxiA0 -Dmlw+2WwBdVWzr13OTy6cjZAQVQRm9RVHFF5LsM5EBo ---- JUB1zhbUjh1AMqVohboNnNqsPBvv0fCaVqMgcyVpPH8 -h܍f$o,8A`뙚H f\_y0ݠwcPƀ1$[!tv \ No newline at end of file +E8ZznY4+Ku09sNlUqrnk0V0KXdlouRDVgEipNhnlH/comEtU41DsnIminGO3fw2R +9WS43TRzys0VOJasXN/f+nUJoc24S0RMfOCbm+S5yacr5hSctXobR8h7tJwkjchU +nh4LXpbMC9RZIPNEmlvi6ft1hvay1UARgEeLOmxXohg6i9dZN9PCgwuXhLi7LyyY +Xp+Dp8qTV8Z47wj4drkt5xo8CRADpK2gmaJM1gsKVHhiYw9YG0HDP4HnHj2eDX42 +Ub9fonGVe7qAtOcdGwvfE5asI7oRV0vMNWVXVeCpVJz4HnOS9j3KmBsIjqjYhtbd +GYmbj433+djDi7pkyuUAUg +-> ssh-ed25519 RR/L5A uX9nKtJKe5+S9h0xKahI20M5IbKhrhIPcrjSLquuW1c +Kkds3meVksyqjrn2Tz8LjowfFLqPlvlvK3/eyG1DbWw +-> ssh-ed25519 rjda/A f//WHnXa7eTJryZXEZHn3RMaEahT/MwG5Y5i2lQwuls +Iqw8M/kxiJPUOVuAIucFeY+fo9CBK9oGbLXtuz99eB4 +-> ssh-ed25519 iWiFbA 5IkM2IPNwhwgW5fTiaiaIyAi2BgBPHDgdL/5C/Qt2QA +AJ4wLzu6fAJ3R+PayHAyIZZgutWSO2zZddq4H6g4qRs +--- VyVB3OASslBK+4eWM2toRNwpKgpOn0qOs+F3e8MgEUs +)r>:Ƿ霸][8*ɋ%9"ӧ/` +f bHS_x \ No newline at end of file diff --git a/secrets/resilio/plain/joseph.age b/secrets/resilio/plain/joseph.age index 204c1629ff5a1a42271c7319fd467919726ba24f..d87ad1f2dce05580779467eef0311bf6a688f160 100644 GIT binary patch literal 1198 zcmZY5JL~IY0Dy6wgt!XgbP6s){F^jw(sWUiH1~Vj=291%`pSu3K5@$aVh_NA4?45-khPTU0pGF;X)mF#<7%n!InkaDouuaKblmF>%Lsa9pz#e>7MdWT zH}56psCP+lg8$c%dK zj}uMvo+F@aDr~T8p!x8yMo~9SiB?*3m`qY)z6OazJ3WO_ig!OZW`wDMnjwD98f1<4 zE#+zafX<8qT{=~+vRGH~k#8Tza4Bh%VJ7e5#7f?)LfWBO%DA&GoID!2r_wbd8uDVy zK%qmX?#JXd^wBOcZZesLEo9vxt?Vr?x+86$_1e9A(uNL9e?szuYn0v1bnXo;qH}jCg8kwL=dhI*fxx4N;T5yO@;Lurtt;Xy z#;n>(-;I(y$llf&3;TnmJ4X|*9+oM)G$F$RS+D?lDJ^~8DqL-jB zgk(d4z@W$qBtd{DU{|n)gy5cgc`wY)t8*Q9^YxZD_2Z_?kP(Ac??3cCSap5)z}+=g z)FEvlz^TXy)XI%@IaXPK==>J+Cyw91V|wO95hgc7u?!qz9a%tdZg)!MJsfNW%I?zZg<=0NcqMnlB`9Ou4ppK0!QU;%?5O(B_ zN=%|*2|F?mW_uFGMbj=E3mm%08ki42s>*{xsN0QqHk^bJ5c0l6g18X-ivbx1JeudM z5hzqWdeg4z31EnUUEMOB!izmHhE~WGx<0sj_Jo4U^mVpyRCOJ^tO`WvF65|Lw&Nin zEPlZ@3?1X@F11~9oZQ$46e*9uaQq%cyw-7RiY?>xoHGUpwF@!ukQn19fr-~uR(7-C z;t6G!L-ya>((dA76IA5|GKp&wxGgQu=7==heXPOkFL=JBQ57q*Wikr0t8&@*dxyo5 zE;TU%OG7McK@XXF9cXZzEnqG#k~sEZ>ff9_OHNm2gCU_VhGc)Od$dv$l}mCtjDWed zF^S{Q_QubUN@FHs?YqodGs+Z4%~s_~ukN#P)28Z(2H-3zS80H)DKgl7tNE289YAtv zkJrk@HR#GTcg?#q4(_gFBdpT0Km==oyW3jPNyh5)x!BtDA!D5LtkxSMs_r+f+J*eV z!Y=v$qM;#3BeT$C6X$eawxVi`^z~ zfW~ujH{iBwL)4r1s)rM0XiWd!J|{RuVY`Q}NJ4~uxHpD)pbn%+UMYN$B_-YVr;C&v z^B4i-W+!BOEOpAcTm;CMuIx^#HyB?UOMyu!vhCoJm*Q-utO*;KB-8Jv?3bth|F+!C z*@%AV#*QJWiB0V?8mdyU#wciFtqg591&M6djKKSdm8CNY9c!!QZyep-x{#x>y?)K8 zgQl;WVx)?4Bx1>-WjWaRkpQh$tA~g;QdC-G*af#Cp-ah&MJc?NcMG0pQV4DPpxlN! zjSB{P{m;+d_~X-0-v00l=;<%jiw*MQ56_;y2tRuM!S>zP;={LJzxT>lyKjE~UVi-i e*SDTL`|j^o(VyO#{@Q){^Yrnf-`;%UfBp}&)^X$j diff --git a/secrets/resilio/plain/projects.age b/secrets/resilio/plain/projects.age index 76fd85193853b1cfaafb0edbbccc8477a3c77cf3..e11710eef1d3465dc22d2cddc9ab3e266a62d7ca 100644 GIT binary patch literal 1198 zcmZXSJL~Io06-NdGdYNpLs1YR{LQ0DlPp3Wzobp`PMW55O7ng+?^i1-IOtc9iy(;e z1qTN=L2(e5D>#Uwo8uiE1VNW8f}h}U4#!WTho}m=TQg*J^;X>_$b>-;Z?F13edv0B zB`t<1n~*|H*yx`Lwfh{7{UxCaOG7*m zl{*qj3c;q1lFAJmDcLRR)}ODKwvpw`pa)Y5!xNrwyoEDshKV(y-sM5BMdZSyh;>^M`Urum={ou-dhWdIW3@ZozL}QP;5_U+Yc5OJ2vFCAd{9AWeEb#S{t6 z#>9?Y;WVeDBXk4g1&Rmx6b`eb&uoj%j%ZM7TO5l1=!IWTy6#}(Mot^qNSd>;>aasazw_e482Om7#tL1XqTJ42sw(IsK#Y8 zbcSz63FrF?8L@;d)9_X2NW{7k;tl5u*~}DUOh$+7P&e(1V(-tH>F=D|!kp>& zK4m8f5Vns6G^Wb}1MMv#7)GWRwe~JD)SQ|-RihV=R?{saDpI1!o|5bQey-UJ#GUDg zNE&#`k-Dq5tihpdm{W4F5nm>KGUq4$He7W09sp@Mva%(1z8_c(&#!wyz2GHIpLXQh zS-M1Cbb^vK$k*+{w_Bk?%F9fps$Fr+-DPZQayP|^SK$1P23Llf@hz*Yw#e?e#kgoo|PNoHVSbN*C~? z4?82jpET6Cj2S%A^#s<9es7pd8$3JdnOk#yiwcK~Eb3Zp0;RxShGM?fC6~y+1R<#0>LsBG+VnHh)74N!LIBpC{ z&puq}wk!oT*gp{I7JF2(_pPy9n$ryKZO#xmrwFA8H~QEo>tIb)1wbr>`w~h+J9k=` zTwtn{l(aQCXS1VTC)Lx#3L9|K>FZffRdN|dOLI9Bxy)m*cNYM!ZYRu*hFfHAn*}9U zhlXk|GMZ>xptoF3Uf10z=m}!*ni5q6Hcks=T9|Y-mca~R;E82dpOL%kZ0LCJ<|;_# zA@kpDg>F3L0r;s8nnX1zY0^H194pVYVzOBf!FR`2u7=MqVO<5*t>>`@#5H9r0jZ_feGpz0ZLrhLV1WA{`1LP~N=}|-tX5Kyx4Z<6>(c)5C3W0Z7;by&}ZGw!F z=d1bxpj8_WjD#eilLy%xRi$g$yKu5BDK`a$rEzR|oQu74r6nP*uH|Oe?%8J8-E}A0 zGy!d6XF=3B->7LcLrcQyU2|F0&~!@FJAt}Md;@3Oc}_b{*z2BHZ*d1) zGALslSpe^DRfd_gjU9c`p9W-*9}*1GtVuXfR0MYmr5JSQF{^1!Qcl*{Y)#5(fWfll zanv7kD_z4b=5kM+@yEa0X@cT7LLY|bB!ZX&)_0Y6dUQov3^=)}8tnFU)Igf0<5X@S z8b_5`dZPj#1`O=6*Y>Cc1SlE}y%>9}J&%&2R8<<@bteO7y9Z}x8?FX6ww{p!^Z-+hU_{o2n7@Y!#D_VtV6CG_VP#W#Qa T^!*#d?;o=t{rLF@693-c(pG2C diff --git a/secrets/resilio/plain/resources.age b/secrets/resilio/plain/resources.age index 25c20ad6552c297e82637094029e1bfd87f8ea3a..f0e99cdcd6a88b4e791d3fdd1e5197d2685caf1a 100644 GIT binary patch literal 1198 zcmZ9~x$5Ku0D$qvLQ>f*7FvwQHio~sCyB5N$>f?GlVfsBVl|Wdm}HVnP8QVK(rWt! zK@q_>P%DoI@Daqq!cr8p5oDj>gCE~HjUVDV?3UX-Z|e7(E`>$}czC+$`|P3X&l_IwmB)|f_7Y-&QTQOPSG!2|% zaewp<+tQh1aK>1*S9fFAED0iOIabBc)mq5FTOGX&g#=r=DB(FsqLsvKvMNb{Oq1KC zUuvwJ%1Ss0l5lS4(7U26&K+vDX!hfx=|*uB4O^0gprs`Rt;_7V5(e0sCVDR@W) zRkS*FjGQ9r|FsqR>LC*_+lpAVx5iFIEQdIrl(GBc+ObR1Ev^$m>F z1&)(PU&olVY-s?Cj`q+AolBmoX}8~ZT*K+eE{TxFhxIM41ZsI&!hnEc!^l+ib0NQ zRA|gI=mUL8TC{V52#CFaZNezDs9~#oC0&RFOJqRAqhwRt8w*-O(so&Kl6i-+dtOn_ z!TwkRI&@KbDlWED%Snb+^1in&*_hejx)?AHsW*s$kr#NvQ#%x|n%)?~aaZDR;&a z!X=a^=E8&3xJ5eaE(X%P1 z5{NK}no2D71auY!_5O5FgNfhnwKpx8~n(A09RWv8Y~S zT!%d`JABMomSn-|l@FD^frl-D1#zC)RjhL%@Ydzo^B;eG{_!6_-#>Wr3Gw@@pFaEi z75l{+{PvOj*W*9md;Ip_Uw!!5@d^3jmoLBg<~!rv?_b;e@W{Hq^Yyns<*&c-rvB(3 D>F|vZ literal 1088 zcmYk3%g&=@06=xiYTTGOF6`2T{6Z;|e#V&4ax3N10_C>j4j%=|z3>KVGA2e%oQH5b zJ72-5i5uU+m`q&gN;hMCf^%|?pTbmTy?fjMSIP=m4 zIpOMD(mNOA=VdpBTaXhS8Sl_zrIDH@?4xwu^w}JCoC93SB`$m>F9^2| zw$>%srDB^Dx`Y#?t{r=hcRO?52?1Cf$bzQuAl+iaouYCnPH=YFU=Kr_QtNkB)%$pJ(@;f zF?gb1oy#QqISbQ>*a38hm!d?Jaes&C!Dk^4^NJRa+wjWpS~U%!ks#$lma`)qrcyzv zTL75js58DldcTD#hpZ5c5 zQ+0TaFt%TB;3G5{Su;#Jr$L0r8nNF_*ePxCbe}+%^~X}s__0m0F>N_L9uvzjJlu{^ z8d+QkW=eCK^A0PvK~&aL&{MbiPO|qnIg3jb#GOqOEMQGiRD{||giMj?I&0;MS5zc# zT!UV&5mtDjRVo#JR1@yM+Hpis)EcZ>82K2pvd@cp*7u4ncvll2_V?zLX2WSv@a-%g zQ@}hzEpXbhBaTRZu=r)&Syv;UM9vmUKn`b2S~gJu#~Ky;4PoQfGFXq|&D%G$+|K!c zS;>iTG4>^E_AEsfifcEwY!?AYYLmnaC&#|wi%0QHzL}8u-0e+;1B7>(d>yw_P#^au z^hAv3m71y5QnwpPCCdRvo}QjokvrqD>_*Uc_OzoyVqufHJ9gXQps(qP1pFoKUW$)B%s>g6-$wSCDu^QX_Mw_lFfU(edY YH(r1J!RJ{0_lG~e`2Lp{&;R)5A7L ssh-rsa GxPFJQ -ZVcJQCHZVc/K9KaJTDRPCFJJCb9OAg6WYKLiS3hbBA2NhARsvw6plBu9WBrlExMj -n++ZCx6Jl1n0yq2+6rSaThHf7c7SoGRdO77rclK6ILhZ2uar49fRbjiJyhIEaH9g -g2pMwdvlqh4CyQBdyFigriXDpxhKPLBnNVZrlHknFNeEy+oMnrFgZXaEZMvsgzmD -T+laML8uH6dodxW48P7kOwKX0ya9WKrBAcEZ+XXEeTpwgGD0vXJmizRpCs6DrJl/ -FDy1p65vLIfZYzgxVBsoutdJKQP1h+Zu1ykVYm4JKwprD/hrK9vP9MBc5nSNRD0P -kYOcTkmueSh4S8tQGaf3lA +D0Idk3mWqB1Xnv/ovfhrhxigYg4iYpIVUv4Xq6mz3E/kf1aM1KMH+vOfdDpf6eg6 +ufriFO51HPAEN1nqq3bFteOxLq7B3RkbonDjgq90i+1er3bSNxrzlC+f440mmB6w +nc2UvqqN3UTGuQqrHWCUp7HQ/RBToASgz8SCqim96UY86Df2BPTY7P+EsMraO2Zw +bHTDNyLZB6hZZQfoCpUz4J7Hq5x7cBpLH+S2No1xWMHDy11LkgS9DDFGL6/lDGMm +GcoQv0V14iQyb0KHYwkJKd4q4Vx20LMwAYqSFt33XN2SAbqKgo8p2nJQnCBZkn/P +fl61Tqiiy5NEya2hc9bELQ -> ssh-rsa K9mW1w -PTIieqZ31cNjwUSHCXny/5botfCJt0X4ot1kzkDOXt402ZxrmSh7Lt+Zf3Avjvbs -+Q2jfSvh6Oj8bubBZdCgYADI7OOAAUGSFGjG9ctTVnoORUGF2P0xaVGv/EShO+2W -1gDUEJXfkDXW8GN7NmOlt7Yh0NNOndzsMhjxo+iqd8e4Ux8J6L7CV/Yg25v9Zs8W -ocwFYCngeFTZmvlTe7hsd+26BlvHSMOqKXZUDfjzsMX+bWTxzIgS4lAjNDCYDNan -vIXSktu051Q0aQ5bdGJtnWYx8xRz8/S+K9Xs7WgP9TEENd0kAcxQhn6dd2AUZYSD -4SqV4SgKsGpdNv6ceHI9qA --> ssh-ed25519 rjda/A WkxHtfUpVL2AE1eLn0Zp0qVr191/umWcGJl7KUGfURE -FBhE2Qwib+n3x9XL/GM1HzWMeeznPJw0gPZ/ALjGtJA --> ssh-ed25519 iWiFbA +5PSAc60g3QsJ3rPaz1a1S2A79Vew85c1uCn0ajLbyQ -IUcm6BA1kH8ZcvCBRoyR1HJ2GJEXaOrUH6JCIGAzKRE ---- OZtfOD2pDRkjgPMMFYErZfyAozBLBKzmUndxfKBcewI -Oj) 9Ԯ. b 萀LB{k+4dYC/  ssh-ed25519 RR/L5A Jd+CAknpb/VluTjp1rmyzyOaLBPWFXApespITJpc+2Q +UqrPrFFvG/4qA4VT4TvJSWQ1wPTsGpkn9141ob5yizY +-> ssh-ed25519 rjda/A AGNRQXks1E2i+in4IcTVCxv7sU+W6aWPqPxzMe2lig8 +/w+iid2fSic4HwjuU9wNvyL3O5KLeQBiRFFO+8HOda4 +-> ssh-ed25519 iWiFbA RxKG7+5QYBMxf/5GOlLkJtmxRIGrHZ0fNRT+SlIM33g +ejBO6/qUF2CGa6FiVutpjdTlakIoSSklfg6+ykgzo1U +--- CocYhJAFnI9XN+CU/AieVbBL1USYo1VydYANS35DASw + 73# /'e|rvf|{2h.?=inPdx \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 7a65131..0b0267a 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -70,11 +70,11 @@ in "resilio/encrypted/sync.age".publicKeys = jake_users ++ [ ]; ## Read/Write Resilio Sync Secrets - "resilio/plain/dad.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.cx.boron ]; - "resilio/plain/joseph.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.cx.boron ]; - "resilio/plain/projects.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.cx.boron ]; - "resilio/plain/resources.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.cx.boron ]; - "resilio/plain/sync.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.cx.boron ]; + "resilio/plain/dad.age".publicKeys = jake_users ++ [ ts.st.phoenix ts.terminals.jakehillion.gendry ts.cx.boron ]; + "resilio/plain/joseph.age".publicKeys = jake_users ++ [ ts.st.phoenix ts.terminals.jakehillion.gendry ts.cx.boron ]; + "resilio/plain/projects.age".publicKeys = jake_users ++ [ ts.st.phoenix ts.terminals.jakehillion.gendry ts.cx.boron ]; + "resilio/plain/resources.age".publicKeys = jake_users ++ [ ts.st.phoenix ts.terminals.jakehillion.gendry ts.cx.boron ]; + "resilio/plain/sync.age".publicKeys = jake_users ++ [ ts.st.phoenix ts.terminals.jakehillion.gendry ts.cx.boron ]; # Matrix Secrets "matrix/matrix.hillion.co.uk/macaroon_secret_key.age".publicKeys = jake_users ++ [ ts.cx.boron ];