Compare commits

...

11 Commits

Author SHA1 Message Date
390bdaaf51 resilio: update to unstable module
All checks were successful
flake / flake (push) Successful in 2m19s
Currently this pins `rslsync`'s group ID using https://github.com/NixOS/nixpkgs/pull/350055
2024-11-09 21:03:56 +00:00
ba9d54ddab chore(deps): lock file maintenance
All checks were successful
flake / flake (push) Successful in 2m7s
2024-11-09 15:20:26 +00:00
843802bcb7 backups: include more git repos
All checks were successful
flake / flake (push) Successful in 1m45s
2024-11-08 12:23:54 +00:00
a07c493802 stinger: update firewall for homeassistant
All checks were successful
flake / flake (push) Successful in 1m47s
2024-11-06 20:12:59 +00:00
3a2d6f4e2e stinger: enable bluetooth
All checks were successful
flake / flake (push) Successful in 1m35s
2024-11-06 10:34:33 +00:00
a383e013c6 homeassistant: microserver.home -> stinger.pop
All checks were successful
flake / flake (push) Successful in 2m0s
2024-11-06 01:36:14 +00:00
ed3b9019f2 homeassistant: backup database
All checks were successful
flake / flake (push) Successful in 1m36s
2024-11-06 01:05:52 +00:00
a3fd10be31 stinger: init host
All checks were successful
flake / flake (push) Successful in 1m36s
2024-11-05 22:10:12 +00:00
79a3c62924 defaults: enable all firmware
All checks were successful
flake / flake (push) Successful in 1m37s
2024-11-05 22:10:01 +00:00
0761162e34 chore(deps): update determinatesystems/nix-installer-action action to v15
All checks were successful
flake / flake (push) Successful in 1m31s
2024-11-04 23:01:03 +00:00
2999a5f744 merlin: init host
All checks were successful
flake / flake (push) Successful in 1m29s
2024-11-04 22:35:55 +00:00
32 changed files with 519 additions and 49 deletions

View File

@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: DeterminateSystems/nix-installer-action@da36cb69b1c3247ad7a1f931ebfd954a1105ef14 # v14
- uses: DeterminateSystems/nix-installer-action@b92f66560d6f97d6576405a7bae901ab57e72b6a # v15
- uses: DeterminateSystems/magic-nix-cache-action@87b14cf437d03d37989d87f0fa5ce4f5dc1a330b # v8
- name: lint
run: |

View File

@ -34,11 +34,11 @@
]
},
"locked": {
"lastModified": 1729826725,
"narHash": "sha256-w3WNlYxqWYsuzm/jgFPyhncduoDNjot28aC8j39TW0U=",
"lastModified": 1731153869,
"narHash": "sha256-3Ftf9oqOypcEyyrWJ0baVkRpvQqroK/SVBFLvU3nPuc=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "7840909b00fbd5a183008a6eb251ea307fe4a76e",
"rev": "5c74ab862c8070cbf6400128a1b56abb213656da",
"type": "github"
},
"original": {
@ -54,11 +54,11 @@
]
},
"locked": {
"lastModified": 1729942962,
"narHash": "sha256-xzt7tb4YUw6VZXSCGw4sukirJSfYsIcFyvmhK5KMiKw=",
"lastModified": 1731060864,
"narHash": "sha256-aYE7oAYZ+gPU1mPNhM0JwLAQNgjf0/JK1BF1ln2KBgk=",
"owner": "nix-community",
"repo": "disko",
"rev": "58cd832497f9c87cb4889744b86aba4284fd0474",
"rev": "5e40e02978e3bd63c2a6a9fa6fa8ba0e310e747f",
"type": "github"
},
"original": {
@ -113,11 +113,11 @@
]
},
"locked": {
"lastModified": 1729894599,
"narHash": "sha256-nL9nzNE5/re/P+zOv7NX6bRm5e+DeS1HIufQUJ01w20=",
"lastModified": 1730837930,
"narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "93435d27d250fa986bfec6b2ff263161ff8288cb",
"rev": "2f607e07f3ac7e53541120536708e824acccfaa8",
"type": "github"
},
"original": {
@ -128,11 +128,11 @@
},
"impermanence": {
"locked": {
"lastModified": 1729068498,
"narHash": "sha256-C2sGRJl1EmBq0nO98TNd4cbUy20ABSgnHWXLIJQWRFA=",
"lastModified": 1730403150,
"narHash": "sha256-W1FH5aJ/GpRCOA7DXT/sJHFpa5r8sq2qAUncWwRZ3Gg=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "e337457502571b23e449bf42153d7faa10c0a562",
"rev": "0d09341beeaa2367bac5d718df1404bf2ce45e6f",
"type": "github"
},
"original": {
@ -144,11 +144,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1729742320,
"narHash": "sha256-u3Of8xRkN//me8PU+RucKA59/6RNy4B2jcGAF36P4jI=",
"lastModified": 1730919458,
"narHash": "sha256-yMO0T0QJlmT/x4HEyvrCyigGrdYfIXX3e5gWqB64wLg=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "e8a2f6d5513fe7b7d15701b2d05404ffdc3b6dda",
"rev": "e1cc1f6483393634aee94514186d21a4871e78d7",
"type": "github"
},
"original": {
@ -159,11 +159,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1729691686,
"narHash": "sha256-BAuPWW+9fa1moZTU+jFh+1cUtmsuF8asgzFwejM4wac=",
"lastModified": 1730963269,
"narHash": "sha256-rz30HrFYCHiWEBCKHMffHbMdWJ35hEkcRVU0h7ms3x0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "32e940c7c420600ef0d1ef396dc63b04ee9cad37",
"rev": "83fb6c028368e465cd19bb127b86f971a5e41ebc",
"type": "github"
},
"original": {
@ -175,11 +175,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1730411648,
"narHash": "sha256-peNkSyOkRzR2nEi3s86xGV/6eMwO1yxRidSdItaQ+Nw=",
"rev": "6c3f1f46fd7ce56f6949ca6f6c124a62a8740222",
"lastModified": 1730867498,
"narHash": "sha256-Ce3a1w7Qf+UEPjVJcXxeSiWyPMngqf1M2EIsmqiluQw=",
"rev": "9240e11a83307a6e8cf2254340782cba4aa782fd",
"type": "tarball",
"url": "https://gitea.hillion.co.uk/api/v1/repos/JakeHillion/nixpkgs/archive/6c3f1f46fd7ce56f6949ca6f6c124a62a8740222.tar.gz"
"url": "https://gitea.hillion.co.uk/api/v1/repos/JakeHillion/nixpkgs/archive/9240e11a83307a6e8cf2254340782cba4aa782fd.tar.gz"
},
"original": {
"type": "tarball",

View File

@ -0,0 +1,75 @@
{ config, pkgs, lib, ... }:
{
imports = [
./disko.nix
./hardware-configuration.nix
];
config = {
system.stateVersion = "24.05";
networking.hostName = "merlin";
networking.domain = "rig.ts.hillion.co.uk";
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.kernelParams = [
"ip=dhcp"
# zswap
"zswap.enabled=1"
"zswap.compressor=zstd"
"zswap.max_pool_percent=20"
];
boot.initrd = {
availableKernelModules = [ "igc" ];
network.enable = true;
clevis = {
enable = true;
useTang = true;
devices = {
"disk0-crypt".secretFile = "/data/disk_encryption.jwe";
};
};
};
boot.kernelPackages = pkgs.linuxPackages_latest;
custom.defaults = true;
custom.locations.autoServe = true;
custom.impermanence.enable = true;
custom.users.jake.password = true;
security.sudo.wheelNeedsPassword = lib.mkForce true;
# Networking
networking = {
interfaces.enp171s0.name = "eth0";
interfaces.enp172s0.name = "eth1";
};
networking.nameservers = lib.mkForce [ ]; # Trust the DHCP nameservers
networking.firewall = {
trustedInterfaces = [ "tailscale0" ];
allowedTCPPorts = lib.mkForce [
22 # SSH
];
allowedUDPPorts = lib.mkForce [ ];
interfaces = {
eth0 = {
allowedTCPPorts = lib.mkForce [ ];
allowedUDPPorts = lib.mkForce [ ];
};
};
};
## Tailscale
age.secrets."tailscale/merlin.rig.ts.hillion.co.uk".file = ../../secrets/tailscale/merlin.rig.ts.hillion.co.uk.age;
services.tailscale = {
enable = true;
authKeyFile = config.age.secrets."tailscale/merlin.rig.ts.hillion.co.uk".path;
};
};
}

View File

@ -0,0 +1,70 @@
{
disko.devices = {
disk = {
disk0 = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
disk0-crypt = {
size = "100%";
content = {
type = "luks";
name = "disk0-crypt";
settings = {
allowDiscards = true;
};
content = {
type = "btrfs";
subvolumes = {
"/data" = {
mountpoint = "/data";
mountOptions = [ "compress=zstd" "ssd" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "ssd" ];
};
};
};
};
};
swap = {
size = "64G";
content = {
type = "swap";
randomEncryption = true;
discardPolicy = "both";
};
};
};
};
};
};
nodev = {
"/" = {
fsType = "tmpfs";
mountOptions = [
"mode=755"
"size=100%"
];
};
};
};
}

View File

@ -0,0 +1,28 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp171s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp172s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp173s0f0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View File

@ -0,0 +1 @@
x86_64-linux

View File

@ -45,12 +45,9 @@
networking.firewall.interfaces = {
"eth0" = {
allowedUDPPorts = [
5353 # HomeKit
];
allowedTCPPorts = [
1400 # HA Sonos
7654 # Tang
21063 # HomeKit
];
};
};

View File

@ -90,7 +90,7 @@ in
in
builtins.map (mkFolder) folderNames;
};
services.resilio.directoryRoot = "/${zpool_name}/users/jake/sync";
services.resilio.directoryRoot = "/${zpool_name}/sync";
## Chia
age.secrets."chia/farmer.key" = {

View File

@ -67,7 +67,6 @@
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp201s0f3u2u3.useDHCP = lib.mkDefault true;
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp6s0.useDHCP = lib.mkDefault true;

View File

@ -229,6 +229,8 @@
{ hostname = "sodium"; hw-address = "d8:3a:dd:c3:d6:2b"; }
{ hostname = "gendry"; hw-address = "18:c0:4d:35:60:1e"; }
{ hostname = "phoenix"; hw-address = "a8:b8:e0:04:17:a5"; }
{ hostname = "merlin"; hw-address = "b0:41:6f:13:20:14"; }
{ hostname = "stinger"; hw-address = "7c:83:34:be:30:dd"; }
]);
}
{

View File

@ -0,0 +1,84 @@
{ config, pkgs, lib, ... }:
{
imports = [
./disko.nix
./hardware-configuration.nix
];
config = {
system.stateVersion = "24.05";
networking.hostName = "stinger";
networking.domain = "pop.ts.hillion.co.uk";
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.kernelParams = [
"ip=dhcp"
# zswap
"zswap.enabled=1"
"zswap.compressor=zstd"
"zswap.max_pool_percent=20"
];
boot.initrd = {
availableKernelModules = [ "r8169" ];
network.enable = true;
clevis = {
enable = true;
useTang = true;
devices = {
"disk0-crypt".secretFile = "/data/disk_encryption.jwe";
};
};
};
custom.defaults = true;
custom.locations.autoServe = true;
custom.impermanence.enable = true;
hardware = {
bluetooth.enable = true;
};
# Networking
networking = {
interfaces.enp1s0.name = "eth0";
vlans = {
iot = {
id = 2;
interface = "eth0";
};
};
};
networking.nameservers = lib.mkForce [ ]; # Trust the DHCP nameservers
networking.firewall = {
trustedInterfaces = [ "tailscale0" ];
allowedTCPPorts = lib.mkForce [
22 # SSH
];
allowedUDPPorts = lib.mkForce [ ];
interfaces = {
eth0 = {
allowedTCPPorts = lib.mkForce [
1400 # HA Sonos
21063 # HomeKit
];
allowedUDPPorts = lib.mkForce [
5353 # HomeKit
];
};
};
};
## Tailscale
age.secrets."tailscale/stinger.pop.ts.hillion.co.uk".file = ../../secrets/tailscale/stinger.pop.ts.hillion.co.uk.age;
services.tailscale = {
enable = true;
authKeyFile = config.age.secrets."tailscale/stinger.pop.ts.hillion.co.uk".path;
};
};
}

View File

@ -0,0 +1,70 @@
{
disko.devices = {
disk = {
disk0 = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
disk0-crypt = {
size = "100%";
content = {
type = "luks";
name = "disk0-crypt";
settings = {
allowDiscards = true;
};
content = {
type = "btrfs";
subvolumes = {
"/data" = {
mountpoint = "/data";
mountOptions = [ "compress=zstd" "ssd" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "ssd" ];
};
};
};
};
};
swap = {
size = "64G";
content = {
type = "swap";
randomEncryption = true;
discardPolicy = "both";
};
};
};
};
};
};
nodev = {
"/" = {
fsType = "tmpfs";
mountOptions = [
"mode=755"
"size=100%"
];
};
};
};
}

View File

@ -0,0 +1,28 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s20f0u2.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View File

@ -0,0 +1 @@
x86_64-linux

View File

@ -2,7 +2,7 @@
{
imports = [
./git.nix
./git/default.nix
./homeassistant.nix
./matrix.nix
];

View File

@ -15,9 +15,9 @@ in
};
config = lib.mkIf cfg.enable {
age.secrets."git/git_backups_ecdsa".file = ../../secrets/git/git_backups_ecdsa.age;
age.secrets."git/git_backups_remotes".file = ../../secrets/git/git_backups_remotes.age;
age.secrets."git-backups/restic/128G".file = ../../secrets/restic/128G.age;
age.secrets."git/git_backups_ecdsa".file = ../../../secrets/git/git_backups_ecdsa.age;
age.secrets."git/git_backups_remotes".file = ../../../secrets/git/git_backups_remotes.age;
age.secrets."git-backups/restic/128G".file = ../../../secrets/restic/128G.age;
systemd.services.backup-git = {
description = "Git repo backup service.";

View File

@ -0,0 +1 @@
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIc3WVROMCifYtqHRWf5gZAOQFdpbcSYOC0JckKzUVM5sGdXtw3VXNiVqY3npdMizS4e1V8Hh77UecD3q9CLkMA= backups-git@nixos

View File

@ -14,9 +14,21 @@ in
owner = "hass";
group = "hass";
};
age.secrets."backups/homeassistant/restic/1.6T" = {
file = ../../secrets/restic/1.6T.age;
owner = "postgres";
group = "postgres";
};
services = {
restic.backups."homeassistant" = {
postgresqlBackup = {
enable = true;
compression = "none"; # for better diffing
databases = [ "homeassistant" ];
};
restic.backups = {
"homeassistant-config" = {
user = "hass";
timerConfig = {
OnCalendar = "03:00";
@ -28,6 +40,19 @@ in
config.services.home-assistant.configDir
];
};
"homeassistant-database" = {
user = "postgres";
timerConfig = {
OnCalendar = "03:00";
RandomizedDelaySec = "60m";
};
repository = "rest:https://restic.ts.hillion.co.uk/1.6T";
passwordFile = config.age.secrets."backups/homeassistant/restic/1.6T".path;
paths = [
"${config.services.postgresqlBackup.location}/homeassistant.sql"
];
};
};
};
};
}

View File

@ -4,6 +4,7 @@
options.custom.defaults = lib.mkEnableOption "defaults";
config = lib.mkIf config.custom.defaults {
hardware.enableAllFirmware = true;
nix = {
settings.experimental-features = [ "nix-command" "flakes" ];
settings = {

View File

@ -50,6 +50,10 @@ in
pop = {
li = "100.106.87.35";
sodium = "100.87.188.4";
stinger = "100.117.89.126";
};
rig = {
merlin = "100.69.181.56";
};
st = {
phoenix = "100.92.37.106";
@ -79,6 +83,10 @@ in
pop = {
li = "fd7a:115c:a1e0::e701:5723";
sodium = "fd7a:115c:a1e0::3701:bc04";
stinger = "fd7a:115c:a1e0::8401:597e";
};
rig = {
merlin = "fd7a:115c:a1e0::8d01:b538";
};
st = {
phoenix = "fd7a:115c:a1e0::6901:256a";

View File

@ -50,10 +50,18 @@ in
path = lib.mkOverride 999 "/data/chia";
};
services.resilio = lib.mkIf config.services.resilio.enable {
directoryRoot = lib.mkOverride 999 "${cfg.base}/sync";
};
services.plex = lib.mkIf config.services.plex.enable {
dataDir = lib.mkOverride 999 "/data/plex";
};
services.home-assistant = lib.mkIf config.services.home-assistant.enable {
configDir = lib.mkOverride 999 "/data/home-assistant";
};
environment.persistence = lib.mkMerge [
{
"${cfg.base}/system" = {

View File

@ -22,7 +22,7 @@ in
authoritative_dns = [ "boron.cx.ts.hillion.co.uk" ];
downloads = "phoenix.st.ts.hillion.co.uk";
gitea = "boron.cx.ts.hillion.co.uk";
homeassistant = "microserver.home.ts.hillion.co.uk";
homeassistant = "stinger.pop.ts.hillion.co.uk";
mastodon = "";
matrix = "boron.cx.ts.hillion.co.uk";
prometheus = "boron.cx.ts.hillion.co.uk";

View File

@ -1,9 +1,12 @@
{ pkgs, lib, config, ... }:
{ pkgs, lib, config, nixpkgs-unstable, ... }:
let
cfg = config.custom.resilio;
in
{
imports = [ "${nixpkgs-unstable}/nixos/modules/services/networking/resilio.nix" ];
disabledModules = [ "services/networking/resilio.nix" ];
options.custom.resilio = {
enable = lib.mkEnableOption "resilio";

View File

@ -15,6 +15,8 @@ in
"138.201.252.214/32"
"10.64.50.26/32"
"10.64.50.27/32"
"10.64.50.28/32"
"10.64.50.29/32"
];
};
};

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -24,12 +24,14 @@ let
pop = {
li = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQWgcDFL9UZBDKHPiEGepT1Qsc4gz3Pee0/XVHJ6V6u root@li";
sodium = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQmG7v/XrinPmkTU2eIoISuU3+hoV4h60Bmbwd+xDjr root@sodium";
stinger = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID28NGGSaK1OtpQkQnYqSZWSahX25uboiHwhsYQoKKbL root@stinger";
};
terminals = { jakehillion = { gendry = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPXM5aDvNv4MTITXAvJWSS2yvr/mbxJE31tgwJtcl38c root@gendry"; }; };
rig = { merlin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN99UrXe3puoW0Jr1bSPRHL6ImLZD9A9sXeE54JFggIC root@merlin"; };
st = { phoenix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBPQcp9MzabvwbViNmILVNfipMUnwV+5okRfhOuV7+Mt root@phoenix"; };
storage = {
theon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN59psLVu3/sQORA4x3p8H3ei8MCQlcwX5T+k3kBeBMf root@theon";
};
terminals = { jakehillion = { gendry = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPXM5aDvNv4MTITXAvJWSS2yvr/mbxJE31tgwJtcl38c root@gendry"; }; };
};
};
};
@ -42,10 +44,11 @@ in
{
# User Passwords
"passwords/jake.age".publicKeys = jake_users ++ [
ts.terminals.jakehillion.gendry
ts.home.router
ts.lt.be
ts.rig.merlin
ts.st.phoenix
ts.terminals.jakehillion.gendry
];
# Tailscale Pre-Auth Keys
@ -53,10 +56,12 @@ in
"tailscale/boron.cx.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.cx.boron ];
"tailscale/gendry.jakehillion-terminals.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ];
"tailscale/li.pop.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.pop.li ];
"tailscale/merlin.rig.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.rig.merlin ];
"tailscale/microserver.home.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.home.microserver ];
"tailscale/phoenix.st.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.st.phoenix ];
"tailscale/router.home.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.home.router ];
"tailscale/sodium.pop.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.pop.sodium ];
"tailscale/stinger.pop.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.pop.stinger ];
"tailscale/theon.storage.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.storage.theon ];
# WiFi Environment Files
@ -84,11 +89,11 @@ in
"matrix/matrix.hillion.co.uk/syncv3_secret.age".publicKeys = jake_users ++ [ ts.cx.boron ];
# Backups Secrets
"restic/128G.age".publicKeys = jake_users ++ [ ts.st.phoenix ts.cx.boron ts.home.microserver ];
"restic/128G.age".publicKeys = jake_users ++ [ ts.st.phoenix ts.cx.boron ts.pop.stinger ];
"restic/128G-wasabi.env.age".publicKeys = jake_users ++ [ ts.st.phoenix ];
"restic/128G-backblaze.env.age".publicKeys = jake_users ++ [ ts.st.phoenix ];
"restic/1.6T.age".publicKeys = jake_users ++ [ ts.st.phoenix ts.home.router ];
"restic/1.6T.age".publicKeys = jake_users ++ [ ts.st.phoenix ts.home.router ts.pop.stinger ];
"restic/1.6T-wasabi.env.age".publicKeys = jake_users ++ [ ts.st.phoenix ];
"restic/1.6T-backblaze.env.age".publicKeys = jake_users ++ [ ts.st.phoenix ];
@ -130,7 +135,7 @@ in
"gitea/actions/boron.age".publicKeys = jake_users ++ [ ts.cx.boron ];
# HomeAssistant Secrets
"homeassistant/secrets.yaml.age".publicKeys = jake_users ++ [ ts.home.microserver ];
"homeassistant/secrets.yaml.age".publicKeys = jake_users ++ [ ts.pop.stinger ];
# Web certificates
"certs/hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.boron ];

View File

@ -0,0 +1,31 @@
age-encryption.org/v1
-> ssh-rsa JSzstA
Vj60ZJQry8CORPuKGalgBn5TNyPZ8124gjq7oRCZXWLWQxsG/7CYJgNW7rqIWI35
QECakNvQz4GfbnKAa8XLQVlKXQow4FeY3M0UPoXdha1udhgdvk4IA9HjrGaCU+xK
NabjYDyHMcg004V2l4a72GZF6YEgqnZLFQff2xiYQ6dTisloMq560n4ZC7SXBkuw
oAS73wenS+3TQb80j4+4E/7+QmQlEcaAo7MZMLE8Oa8EraTxU4E2l1QCFNvdNLrg
19xqiZXMDgMMOmuz+bkrtsNRMd/2fmguWe6Te1JXAAQkNKtFCswgrp62yVg8VH9K
stJMT9M3h2YkJGcmUNUw5cjUJE1ByA/NW/QLSHXMUqNvStPTZQC5WvaeMcRnktxR
z5KcpvT5xPFbanTd1E94ix2m3I0S9153WoXalzhr/dpJkR4WokVgUHdVDWCtxMPz
hT8SAjlsqRY/ONKdTXoiuP+XT4BSLN1zkiziLC5IYvLWAw3Ha2/+gbfOweppxgLO
TetT2v83mmSboUIiDr62XaRnx6IBQnXMC5ojC88Ts1p/P75RTWIeO6tScY5+DdSa
mFvvl5HAZrJ8K9IAjasff8Uywor799sRVXesZ5xNEVFjeBzY21GgPXsWL5QQ+sB8
tCxWqBVrG1/4ZT9yNznpQFKrMpnvOXySzo/3X3rkG7k
-> ssh-rsa GxPFJQ
gqtoNF2H7yYBWLLNN7vqLf72a15FJXOnWCOehy/otuCHuxkyp7GWI2o0IYbf00LC
ztVCAnMG55hqm0aApzh3+2B55kzLLWlZ41z7J0Zv7euZCaiONIxn/5MeNKIKH3xq
BbKBHAFwtsPrNVWg1T6pCI0DESJRgFsi6wtybcCrnY4B2zb7/YxHM1lBGWkB5Bzh
T6GGN0mSLKI8XyWRDGkXVA96oqRgbMEnQo7SpWcJJ+bvFIZjXsJP7Dfj3ZI76Qwv
+jcDTGDogpezIop9hssULyl3S84lkb2UBNJgXFAaONOSoUDZ7CqDdbHTA6ZRl+NI
8rUMZ40ksPdWhRV3zpUn2w
-> ssh-rsa K9mW1w
b/kL9nAgHGDs6bodtMBT363Mq8FrTKOISajIYB0v2gvc3fiEeFv2BPsy81QfiD7v
gmtS0huJs+T/oan/M2Uznt2XfuQVZ3m0Snx0gDR0FEFCUa8f41djGQoxO9+LABp2
1C9VFxlytGMtBnU+/9ZyeLdJL5BCRdYRuXe3lOixG2N6we++JjCLFsrXjBNLvZHb
d2LzvybVbgkXHx47lrbJRVT31z1zlM8XAvGq1reGkADlaIDqkaWu5f5zLjWwO+do
KaL0/DuojOOyLqLJmMseOiH/qGue0KL0HFrxsz452xBSZZKFFmidi4Mh9UdJBG8L
jNHOOJV8OvJRYZt0wWu8Gg
-> ssh-ed25519 6tJ2Ww YESYsdZhznbNHdjzq2hp43u3iRsm2Jw7BEPARsgM/HY
fIlB0707w3zq2pXV5BndEeg95Mr0EeyOsdQr3nHdpxo
--- xMvjiEEiIGADQMIvMPyykndxIvX517CVarOFBr8CJR4
Ó¸¯B\¿üŠÛ)UÍÎö´ÞàÌ¢ï§Éx¸£¡ãnT<6E>“2†ŠU,§ùËsÝ|Oö4e¼ÑeÅ=1àù ê2`6Õðµ °(xR%"ÿu¼$r<72>§GμµTu: X

View File

@ -0,0 +1,31 @@
age-encryption.org/v1
-> ssh-rsa JSzstA
T80Ll0LkBPpkTCjsez+zE4FzosiZYcyd/u1sarG1g9tmTIkjhwMKLYjfYPHbZfKx
1lua7fZWeLZhKKHy8nDbOLgKC4sqrTxl/zopjywzp+1dSKm8ZtjWDk+uvrBY0gNk
G8c9yip7lnSGBB6rzDnCFgHfYXZJ93YMcGxNMVPrPKzW9YSbCacCh3fRCRxYE9rY
7ewLMuac3Ti/7DsrnFQUY8RHMqAz9hGMMXXXq1da5OXdGgf4l6LMurSZQKE3BmNI
vKwYrdVBQvql02nunB1h0PdhG8tdAwVOXtUi6zTlH4irwweoQBEvny+v44JDp5vl
tchI3X1BOHisTBCno1DXlLPjrcabVLfm1nQ8NDnscDoWjgmtaFhLtI6yDBO3328t
zzwLGTZi8ABzSowP2GtVvfDYxCjrNaKXa5rc6Ip9C98vJ6N3ZGlC7yXLet7hHiuI
1Evr9fMgXXdGIDxBdQDSFAQmIj4lrSnnzAj08gMdsKFdxG3xN9Y2ZeymT3AZ3bBQ
sS3KfFHy05uENSak+NBGU8YifUymq/U3/Yg2vZF4rVaGewC24pONbiFTQl58KEt8
T8LRoQNmuqpVXpj4vPgQ4nEO+8Y8i8aq3d1bqnm2+jMa5KKLmil2ilVzjbKJ9nzC
ZmsRSYv1hLC/r6lBp8ICa9Pe6XzYpgl3/FaPqc/Mdj4
-> ssh-rsa GxPFJQ
rWXbLajz8BnDwc0HyWoO49lrC2sjBJq+UDWerQnCKJjWfTKpDZr1t8/Z7jWQifTm
J2fG+nZ94M76QaPXDsEZCCHooXvcAfvAuoDfURVTXM7IIAwH3hl1esz+v/sIVV3Z
AWaXSiJBe6k84HC4Kz8+Tv6J955nusAm9Lxso3dTfT9Uvf9D+iRV8OxejZSJVwEA
lvU9Fh3U5+9CRPu5B4Ec67ShAHA7NWEzdM4KoNORLyADuQQ/LJv8LBbNMe14GWxc
eLrp+X1UJ8R2NspdlLdLJdAJIR/OZRS89RPPzVMo5+WeglrOBEUDrFdNIkVpOGLR
/EgxwNZkRKy+1zLZNICTaw
-> ssh-rsa K9mW1w
f20zvTnXg7X0rUVE4KRFZBffQFE+m8LvqHxCVuRikGg2H/xB4chKdLUJpTj1AR/I
c8TW1+KpUSoqNMN6NBGe//YCXPnLEgGwXIp/8+e3JoPVG0JELwAGN5nU6iLmhWzH
ya7upzNnRAGXhSJThRPQfDGbJAIOhhwhSVmOke6umf49xmyZ+/K6i+vtDhYTJhrA
NJ9GBebKEFeZmn2bvoWUZV5ZE2jZZ0l+f5gjLw+e8+STEgq7kg/vPLLRDVhs5VYV
mlRqmCJw2FO0+VJwxaHmVxlf8dKVC/woKNLxvrM1dkSIUKt5v7kZnrwlpSH8SoJ+
HHvU7VZdU3Gvz7XqQLp0PQ
-> ssh-ed25519 IrNzWQ +cAZF1BJiJGsWcB5Ss2QMxb4u2DiksWVgyCMVERppE0
4ztuTfGdvFKhUh26r8baU2nP9tWobaV7Yi6kpILs6VM
--- 0iwk2L+KkUhW4e4wKOgLiU7YsWEXsKC+cJNPJiXvWAA
¸×zšÝœË[ajF…b<E280A6>  ¢ÌA¹MÍt?“…r<14>Ìi_¹Øã [ö¸ªeŸ>(Öÿžž:U™Bidžë ®~#yrßè<C39F>Õ¿ˆš[îKñŒm¬