Compare commits
88 Commits
Author | SHA1 | Date | |
---|---|---|---|
d5c2f8d543 | |||
1189a41df9 | |||
39730d2ec3 | |||
ac6f285400 | |||
e4b8fd7438 | |||
24be3394bc | |||
ba053c539c | |||
3aeeb69c2b | |||
85246af424 | |||
ba7a39b66e | |||
df31ebebf8 | |||
2f3a33ad8e | |||
343b34b4dc | |||
264799952e | |||
5cef32cf1e | |||
6cc70e117d | |||
a52aed5778 | |||
70b53b5c01 | |||
3d642e2320 | |||
41d5f0cc53 | |||
974c947130 | |||
8a9498f8d7 | |||
2ecdafe1cf | |||
db5dc5aee6 | |||
f96f03ba0c | |||
e81cad1670 | |||
67c8e3dcaf | |||
1052379119 | |||
0edb8394c8 | |||
bbab551b0f | |||
13c937b196 | |||
6bdaca40e0 | |||
462f0eecf4 | |||
5dcf3b8e3f | |||
b0618cd3dc | |||
a9829eea9e | |||
cfd64e9a73 | |||
b3af1739a8 | |||
cde6bdd498 | |||
bd5efa3648 | |||
30679f9f4b | |||
67644162e1 | |||
81c77de5ad | |||
a0f93c73d0 | |||
78705d440a | |||
3f829236a2 | |||
7b221eda07 | |||
22305815c6 | |||
fa493123fc | |||
62e61bec8a | |||
50d70ed8bc | |||
796bbc7a68 | |||
8123653a92 | |||
55ade830a8 | |||
a9c9600b14 | |||
eae5e105ff | |||
f1fd6ee270 | |||
1dc370709a | |||
de905e23a8 | |||
9247ae5d91 | |||
7298955391 | |||
f59824ad62 | |||
bff93529aa | |||
13bfe6f787 | |||
ad8c8b9b19 | |||
b7c07d0107 | |||
9cc389f865 | |||
2153c22d7f | |||
a4235b2581 | |||
36ce6ca185 | |||
e3887e320e | |||
a272cd0661 | |||
1ca4daab9c | |||
745ea58dec | |||
348bca745b | |||
0ef24c14e7 | |||
d9233021c7 | |||
b39549e1a9 | |||
8fdd915e76 | |||
62d62500ae | |||
b012d48e1d | |||
eba1dae06b | |||
b6ef41cae0 | |||
700ca88feb | |||
1c75fa88a7 | |||
c3447b3ec9 | |||
5350581676 | |||
4d1521e4b4 |
@ -11,14 +11,13 @@ jobs:
|
||||
flake:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Prepare for Nix installation
|
||||
run: |
|
||||
apt-get update
|
||||
apt-get install -y sudo
|
||||
- uses: cachix/install-nix-action@v26
|
||||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
- uses: DeterminateSystems/nix-installer-action@da36cb69b1c3247ad7a1f931ebfd954a1105ef14 # v14
|
||||
- uses: DeterminateSystems/magic-nix-cache-action@87b14cf437d03d37989d87f0fa5ce4f5dc1a330b # v8
|
||||
- name: lint
|
||||
run: nix fmt
|
||||
run: |
|
||||
nix fmt
|
||||
git diff --exit-code
|
||||
- name: flake check
|
||||
run: nix flake check --all-systems
|
||||
timeout-minutes: 10
|
||||
|
27
darwin/jakehillion-mba-m2-15/configuration.nix
Normal file
27
darwin/jakehillion-mba-m2-15/configuration.nix
Normal file
@ -0,0 +1,27 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
config = {
|
||||
system.stateVersion = 4;
|
||||
|
||||
networking.hostName = "jakehillion-mba-m2-15";
|
||||
|
||||
nix = {
|
||||
useDaemon = true;
|
||||
};
|
||||
|
||||
programs.zsh.enable = true;
|
||||
|
||||
security.pam.enableSudoTouchIdAuth = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
fd
|
||||
htop
|
||||
mosh
|
||||
neovim
|
||||
nix
|
||||
ripgrep
|
||||
sapling
|
||||
];
|
||||
};
|
||||
}
|
130
flake.lock
130
flake.lock
@ -2,7 +2,9 @@
|
||||
"nodes": {
|
||||
"agenix": {
|
||||
"inputs": {
|
||||
"darwin": "darwin",
|
||||
"darwin": [
|
||||
"darwin"
|
||||
],
|
||||
"home-manager": [
|
||||
"home-manager"
|
||||
],
|
||||
@ -12,11 +14,11 @@
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1712079060,
|
||||
"narHash": "sha256-/JdiT9t+zzjChc5qQiF+jhrVhRt8figYH29rZO7pFe4=",
|
||||
"lastModified": 1723293904,
|
||||
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "1381a759b205dff7a6818733118d02253340fd5e",
|
||||
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -28,66 +30,23 @@
|
||||
"darwin": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"agenix",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1700795494,
|
||||
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
|
||||
"lastModified": 1726188813,
|
||||
"narHash": "sha256-Vop/VRi6uCiScg/Ic+YlwsdIrLabWUJc57dNczp0eBc=",
|
||||
"owner": "lnl7",
|
||||
"repo": "nix-darwin",
|
||||
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
|
||||
"rev": "21fe31f26473c180390cfa81e3ea81aca0204c80",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "lnl7",
|
||||
"ref": "master",
|
||||
"repo": "nix-darwin",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"deploy-rs": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"utils": [
|
||||
"flake-utils"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1711973905,
|
||||
"narHash": "sha256-UFKME/N1pbUtn+2Aqnk+agUt8CekbpuqwzljivfIme8=",
|
||||
"owner": "serokell",
|
||||
"repo": "deploy-rs",
|
||||
"rev": "88b3059b020da69cbe16526b8d639bd5e0b51c8b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "serokell",
|
||||
"ref": "master",
|
||||
"repo": "deploy-rs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696426674,
|
||||
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils": {
|
||||
"inputs": {
|
||||
"systems": "systems_2"
|
||||
@ -113,27 +72,47 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1712386041,
|
||||
"narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=",
|
||||
"lastModified": 1725703823,
|
||||
"narHash": "sha256-tDgM4d8mLK0Hd6YMB2w1BqMto1XBXADOzPEaLl10VI4=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff",
|
||||
"rev": "208df2e558b73b6a1f0faec98493cb59a25f62ba",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"ref": "release-24.05",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"home-manager-unstable": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs-unstable"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1726357542,
|
||||
"narHash": "sha256-p4OrJL2weh0TRtaeu1fmNYP6+TOp/W2qdaIJxxQay4c=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "e524c57b1fa55d6ca9d8354c6ce1e538d2a1f47f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"ref": "release-23.11",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"impermanence": {
|
||||
"locked": {
|
||||
"lastModified": 1708968331,
|
||||
"narHash": "sha256-VUXLaPusCBvwM3zhGbRIJVeYluh2uWuqtj4WirQ1L9Y=",
|
||||
"lastModified": 1725690722,
|
||||
"narHash": "sha256-4qWg9sNh5g1qPGO6d/GV2ktY+eDikkBTbWSg5/iD2nY=",
|
||||
"owner": "nix-community",
|
||||
"repo": "impermanence",
|
||||
"rev": "a33ef102a02ce77d3e39c25197664b7a636f9c30",
|
||||
"rev": "63f4d0443e32b0dd7189001ee1894066765d18a5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -143,29 +122,44 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1713344939,
|
||||
"narHash": "sha256-jpHkAt0sG2/J7ueKnG7VvLLkBYUMQbXQ2L8OBpVG53s=",
|
||||
"lastModified": 1725885300,
|
||||
"narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "e402c3eb6d88384ca6c52ef1c53e61bdc9b84ddd",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-23.11",
|
||||
"repo": "nixos-hardware",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1726320982,
|
||||
"narHash": "sha256-RuVXUwcYwaUeks6h3OLrEmg14z9aFXdWppTWPMTwdQw=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "8f7492cce28977fbf8bd12c72af08b1f6c7c3e49",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-24.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1713297878,
|
||||
"narHash": "sha256-hOkzkhLT59wR8VaMbh1ESjtZLbGi+XNaBN6h49SPqEc=",
|
||||
"lastModified": 1726243404,
|
||||
"narHash": "sha256-sjiGsMh+1cWXb53Tecsm4skyFNag33GPbVgCdfj3n9I=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "66adc1e47f8784803f2deb6cacd5e07264ec2d5c",
|
||||
"rev": "345c263f2f53a3710abe117f28a5cb86d0ba4059",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -178,10 +172,12 @@
|
||||
"root": {
|
||||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"deploy-rs": "deploy-rs",
|
||||
"darwin": "darwin",
|
||||
"flake-utils": "flake-utils",
|
||||
"home-manager": "home-manager",
|
||||
"home-manager-unstable": "home-manager-unstable",
|
||||
"impermanence": "impermanence",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs-unstable": "nixpkgs-unstable"
|
||||
}
|
||||
|
131
flake.nix
131
flake.nix
@ -1,80 +1,91 @@
|
||||
{
|
||||
inputs = {
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
|
||||
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||
|
||||
nixos-hardware.url = "github:nixos/nixos-hardware";
|
||||
|
||||
flake-utils.url = "github:numtide/flake-utils";
|
||||
|
||||
darwin.url = "github:lnl7/nix-darwin";
|
||||
darwin.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
agenix.url = "github:ryantm/agenix";
|
||||
agenix.inputs.nixpkgs.follows = "nixpkgs";
|
||||
agenix.inputs.darwin.follows = "darwin";
|
||||
agenix.inputs.home-manager.follows = "home-manager";
|
||||
|
||||
home-manager.url = "github:nix-community/home-manager/release-23.11";
|
||||
home-manager.url = "github:nix-community/home-manager/release-24.05";
|
||||
home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
||||
home-manager-unstable.url = "github:nix-community/home-manager";
|
||||
home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||||
|
||||
impermanence.url = "github:nix-community/impermanence/master";
|
||||
|
||||
deploy-rs.url = "github:serokell/deploy-rs/master";
|
||||
deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
|
||||
deploy-rs.inputs.utils.follows = "flake-utils";
|
||||
};
|
||||
|
||||
description = "Hillion Nix flake";
|
||||
|
||||
outputs = { self, nixpkgs, nixpkgs-unstable, flake-utils, agenix, home-manager, impermanence, deploy-rs, ... }@inputs: {
|
||||
nixosConfigurations =
|
||||
let
|
||||
fqdns = builtins.attrNames (builtins.readDir ./hosts);
|
||||
getSystemOverlays = system: nixpkgsConfig: [
|
||||
(final: prev: {
|
||||
"storj" = final.callPackage ./pkgs/storj.nix { };
|
||||
})
|
||||
];
|
||||
mkHost = fqdn:
|
||||
let system = builtins.readFile ./hosts/${fqdn}/system;
|
||||
in
|
||||
nixpkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
specialArgs = inputs;
|
||||
modules = [
|
||||
./hosts/${fqdn}/default.nix
|
||||
./modules/default.nix
|
||||
|
||||
agenix.nixosModules.default
|
||||
impermanence.nixosModules.impermanence
|
||||
|
||||
home-manager.nixosModules.default
|
||||
{
|
||||
home-manager.sharedModules = [
|
||||
impermanence.nixosModules.home-manager.impermanence
|
||||
];
|
||||
}
|
||||
|
||||
({ config, ... }: {
|
||||
nix.registry.nixpkgs.flake = nixpkgs; # pin `nix shell` nixpkgs
|
||||
system.configurationRevision = nixpkgs.lib.mkIf (self ? rev) self.rev;
|
||||
nixpkgs.overlays = getSystemOverlays config.nixpkgs.hostPlatform.system config.nixpkgs.config;
|
||||
})
|
||||
];
|
||||
};
|
||||
in
|
||||
nixpkgs.lib.genAttrs fqdns mkHost;
|
||||
|
||||
deploy = {
|
||||
nodes = builtins.mapAttrs
|
||||
(name: value: {
|
||||
hostname = name;
|
||||
profiles.system = {
|
||||
user = "root";
|
||||
remoteBuild = true;
|
||||
path = deploy-rs.lib.aarch64-darwin.activate.nixos self.nixosConfigurations.${name};
|
||||
};
|
||||
outputs = { self, nixpkgs, nixpkgs-unstable, nixos-hardware, flake-utils, agenix, home-manager, home-manager-unstable, darwin, impermanence, ... }@inputs:
|
||||
let
|
||||
getSystemOverlays = system: nixpkgsConfig: [
|
||||
(final: prev: {
|
||||
unstable = nixpkgs-unstable.legacyPackages.${prev.system};
|
||||
"storj" = final.callPackage ./pkgs/storj.nix { };
|
||||
})
|
||||
self.nixosConfigurations;
|
||||
};
|
||||
];
|
||||
in
|
||||
{
|
||||
nixosConfigurations =
|
||||
let
|
||||
fqdns = builtins.attrNames (builtins.readDir ./hosts);
|
||||
mkHost = fqdn:
|
||||
let
|
||||
system = builtins.readFile ./hosts/${fqdn}/system;
|
||||
func = if builtins.pathExists ./hosts/${fqdn}/unstable then nixpkgs-unstable.lib.nixosSystem else nixpkgs.lib.nixosSystem;
|
||||
home-manager-pick = if builtins.pathExists ./hosts/${fqdn}/unstable then home-manager-unstable else home-manager;
|
||||
in
|
||||
func {
|
||||
inherit system;
|
||||
specialArgs = inputs;
|
||||
modules = [
|
||||
./hosts/${fqdn}/default.nix
|
||||
./modules/default.nix
|
||||
|
||||
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
|
||||
} // flake-utils.lib.eachDefaultSystem (system: {
|
||||
formatter = nixpkgs.legacyPackages.${system}.nixpkgs-fmt;
|
||||
});
|
||||
agenix.nixosModules.default
|
||||
impermanence.nixosModules.impermanence
|
||||
|
||||
home-manager-pick.nixosModules.default
|
||||
{
|
||||
home-manager.sharedModules = [
|
||||
impermanence.nixosModules.home-manager.impermanence
|
||||
];
|
||||
}
|
||||
|
||||
({ config, ... }: {
|
||||
system.configurationRevision = nixpkgs.lib.mkIf (self ? rev) self.rev;
|
||||
nixpkgs.overlays = getSystemOverlays config.nixpkgs.hostPlatform.system config.nixpkgs.config;
|
||||
})
|
||||
];
|
||||
};
|
||||
in
|
||||
nixpkgs.lib.genAttrs fqdns mkHost;
|
||||
|
||||
darwinConfigurations = {
|
||||
jakehillion-mba-m2-15 = darwin.lib.darwinSystem {
|
||||
system = "aarch64-darwin";
|
||||
specialArgs = inputs;
|
||||
|
||||
modules = [
|
||||
./darwin/jakehillion-mba-m2-15/configuration.nix
|
||||
|
||||
({ config, ... }: {
|
||||
nixpkgs.overlays = getSystemOverlays "aarch64-darwin" config.nixpkgs.config;
|
||||
})
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
} // flake-utils.lib.eachDefaultSystem (system: {
|
||||
formatter = nixpkgs.legacyPackages.${system}.nixpkgs-fmt;
|
||||
});
|
||||
}
|
||||
|
55
hosts/be.lt.ts.hillion.co.uk/default.nix
Normal file
55
hosts/be.lt.ts.hillion.co.uk/default.nix
Normal file
@ -0,0 +1,55 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
config = {
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
networking.hostName = "be";
|
||||
networking.domain = "lt.ts.hillion.co.uk";
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
custom.defaults = true;
|
||||
|
||||
## Impermanence
|
||||
custom.impermanence = {
|
||||
enable = true;
|
||||
userExtraFiles.jake = [
|
||||
".ssh/id_ecdsa_sk_keys"
|
||||
];
|
||||
};
|
||||
|
||||
## WiFi
|
||||
age.secrets."wifi/be.lt.ts.hillion.co.uk".file = ../../secrets/wifi/be.lt.ts.hillion.co.uk.age;
|
||||
networking.wireless = {
|
||||
enable = true;
|
||||
environmentFile = config.age.secrets."wifi/be.lt.ts.hillion.co.uk".path;
|
||||
|
||||
networks = {
|
||||
"Hillion WPA3 Network".psk = "@HILLION_WPA3_NETWORK_PSK@";
|
||||
};
|
||||
};
|
||||
|
||||
## Desktop
|
||||
custom.users.jake.password = true;
|
||||
custom.desktop.awesome.enable = true;
|
||||
|
||||
## Tailscale
|
||||
age.secrets."tailscale/be.lt.ts.hillion.co.uk".file = ../../secrets/tailscale/be.lt.ts.hillion.co.uk.age;
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
authKeyFile = config.age.secrets."tailscale/be.lt.ts.hillion.co.uk".path;
|
||||
};
|
||||
|
||||
security.sudo.wheelNeedsPassword = lib.mkForce true;
|
||||
|
||||
## Enable btrfs compression
|
||||
fileSystems."/data".options = [ "compress=zstd" ];
|
||||
fileSystems."/nix".options = [ "compress=zstd" ];
|
||||
};
|
||||
}
|
59
hosts/be.lt.ts.hillion.co.uk/hardware-configuration.nix
Normal file
59
hosts/be.lt.ts.hillion.co.uk/hardware-configuration.nix
Normal file
@ -0,0 +1,59 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{
|
||||
device = "tmpfs";
|
||||
fsType = "tmpfs";
|
||||
options = [ "mode=0755" ];
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/D184-A79B";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
fileSystems."/nix" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/3fdc1b00-28d5-41dd-b8e0-fa6b1217f6eb";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=nix" ];
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/c8ffa91a-5152-4d84-8995-01232fd5acd6";
|
||||
|
||||
fileSystems."/data" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/3fdc1b00-28d5-41dd-b8e0-fa6b1217f6eb";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=data" ];
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp0s20f0u1u4.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
7
hosts/boron.cx.ts.hillion.co.uk/README.md
Normal file
7
hosts/boron.cx.ts.hillion.co.uk/README.md
Normal file
@ -0,0 +1,7 @@
|
||||
# boron.cx.ts.hillion.co.uk
|
||||
|
||||
Additional installation step for Clevis/Tang:
|
||||
|
||||
$ echo -n $DISK_ENCRYPTION_PASSWORD | clevis encrypt sss "$(cat /etc/nixos/hosts/boron.cx.ts.hillion.co.uk/clevis_config.json)" >/mnt/data/disk_encryption.jwe
|
||||
$ sudo chown root:root /mnt/data/disk_encryption.jwe
|
||||
$ sudo chmod 0400 /mnt/data/disk_encryption.jwe
|
13
hosts/boron.cx.ts.hillion.co.uk/clevis_config.json
Normal file
13
hosts/boron.cx.ts.hillion.co.uk/clevis_config.json
Normal file
@ -0,0 +1,13 @@
|
||||
{
|
||||
"t": 1,
|
||||
"pins": {
|
||||
"tang": [
|
||||
{
|
||||
"url": "http://80.229.251.26:7654"
|
||||
},
|
||||
{
|
||||
"url": "http://185.240.111.53:7654"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
170
hosts/boron.cx.ts.hillion.co.uk/default.nix
Normal file
170
hosts/boron.cx.ts.hillion.co.uk/default.nix
Normal file
@ -0,0 +1,170 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
config = {
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
networking.hostName = "boron";
|
||||
networking.domain = "cx.ts.hillion.co.uk";
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
boot.kernelParams = [ "ip=dhcp" ];
|
||||
boot.initrd = {
|
||||
availableKernelModules = [ "igb" ];
|
||||
network.enable = true;
|
||||
clevis = {
|
||||
enable = true;
|
||||
useTang = true;
|
||||
devices = {
|
||||
"disk0-crypt".secretFile = "/data/disk_encryption.jwe";
|
||||
"disk1-crypt".secretFile = "/data/disk_encryption.jwe";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
custom.defaults = true;
|
||||
|
||||
## Kernel
|
||||
### Explicitly use the latest kernel at time of writing because the LTS
|
||||
### kernels available in NixOS do not seem to support this server's very
|
||||
### modern hardware.
|
||||
boot.kernelPackages = pkgs.linuxPackages_6_10;
|
||||
### Apply patch to enable sched_ext which isn't yet available upstream.
|
||||
boot.kernelPatches = [{
|
||||
name = "sched_ext";
|
||||
patch = pkgs.fetchpatch {
|
||||
url = "https://github.com/sched-ext/scx-kernel-releases/releases/download/v6.10.3-scx1/linux-v6.10.3-scx1.patch.zst";
|
||||
hash = "sha256-c4UlXsVOHGe0gvL69K9qTMWqCR8as25qwhfNVxCXUTs=";
|
||||
decode = "${pkgs.zstd}/bin/unzstd";
|
||||
excludes = [ "Makefile" ];
|
||||
};
|
||||
extraConfig = ''
|
||||
BPF y
|
||||
BPF_EVENTS y
|
||||
BPF_JIT y
|
||||
BPF_SYSCALL y
|
||||
DEBUG_INFO_BTF y
|
||||
FTRACE y
|
||||
SCHED_CLASS_EXT y
|
||||
'';
|
||||
}];
|
||||
|
||||
## Enable btrfs compression
|
||||
fileSystems."/data".options = [ "compress=zstd" ];
|
||||
fileSystems."/nix".options = [ "compress=zstd" ];
|
||||
|
||||
## Impermanence
|
||||
custom.impermanence = {
|
||||
enable = true;
|
||||
cache.enable = true;
|
||||
};
|
||||
boot.initrd.postDeviceCommands = lib.mkAfter ''
|
||||
btrfs subvolume delete /cache/system
|
||||
btrfs subvolume snapshot /cache/empty_snapshot /cache/system
|
||||
'';
|
||||
|
||||
## Custom Services
|
||||
custom = {
|
||||
locations.autoServe = true;
|
||||
www.global.enable = true;
|
||||
services = {
|
||||
gitea.actions = {
|
||||
enable = true;
|
||||
tokenSecret = ../../secrets/gitea/actions/boron.age;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.nsd.interfaces = [
|
||||
"138.201.252.214"
|
||||
"2a01:4f8:173:23d2::2"
|
||||
];
|
||||
|
||||
## Enable ZRAM to help with root on tmpfs
|
||||
zramSwap = {
|
||||
enable = true;
|
||||
memoryPercent = 200;
|
||||
algorithm = "zstd";
|
||||
};
|
||||
|
||||
## Filesystems
|
||||
services.btrfs.autoScrub = {
|
||||
enable = true;
|
||||
interval = "Tue, 02:00";
|
||||
# By default both /data and /nix would be scrubbed. They are the same filesystem so this is wasteful.
|
||||
fileSystems = [ "/data" ];
|
||||
};
|
||||
|
||||
## General usability
|
||||
### Make podman available for dev tools such as act
|
||||
virtualisation = {
|
||||
containers.enable = true;
|
||||
podman = {
|
||||
enable = true;
|
||||
dockerCompat = true;
|
||||
dockerSocket.enable = true;
|
||||
};
|
||||
};
|
||||
users.users.jake.extraGroups = [ "podman" ];
|
||||
|
||||
## Networking
|
||||
boot.kernel.sysctl = {
|
||||
"net.ipv4.ip_forward" = true;
|
||||
"net.ipv6.conf.all.forwarding" = true;
|
||||
};
|
||||
|
||||
networking = {
|
||||
useDHCP = false;
|
||||
interfaces = {
|
||||
enp6s0 = {
|
||||
name = "eth0";
|
||||
useDHCP = true;
|
||||
ipv6.addresses = [{
|
||||
address = "2a01:4f8:173:23d2::2";
|
||||
prefixLength = 64;
|
||||
}];
|
||||
};
|
||||
};
|
||||
defaultGateway6 = {
|
||||
address = "fe80::1";
|
||||
interface = "eth0";
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall = {
|
||||
trustedInterfaces = [ "tailscale0" ];
|
||||
allowedTCPPorts = lib.mkForce [ ];
|
||||
allowedUDPPorts = lib.mkForce [ ];
|
||||
interfaces = {
|
||||
eth0 = {
|
||||
allowedTCPPorts = lib.mkForce [
|
||||
22 # SSH
|
||||
3022 # SSH (Gitea) - redirected to 22
|
||||
53 # DNS
|
||||
80 # HTTP 1-2
|
||||
443 # HTTPS 1-2
|
||||
8080 # Unifi (inform)
|
||||
];
|
||||
allowedUDPPorts = lib.mkForce [
|
||||
53 # DNS
|
||||
443 # HTTP 3
|
||||
3478 # Unifi STUN
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
## Tailscale
|
||||
age.secrets."tailscale/boron.cx.ts.hillion.co.uk".file = ../../secrets/tailscale/boron.cx.ts.hillion.co.uk.age;
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
authKeyFile = config.age.secrets."tailscale/boron.cx.ts.hillion.co.uk".path;
|
||||
};
|
||||
};
|
||||
}
|
72
hosts/boron.cx.ts.hillion.co.uk/hardware-configuration.nix
Normal file
72
hosts/boron.cx.ts.hillion.co.uk/hardware-configuration.nix
Normal file
@ -0,0 +1,72 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-amd" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{
|
||||
device = "tmpfs";
|
||||
fsType = "tmpfs";
|
||||
options = [ "mode=0755" "size=100%" ];
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/ED9C-4ABC";
|
||||
fsType = "vfat";
|
||||
options = [ "fmask=0022" "dmask=0022" ];
|
||||
};
|
||||
|
||||
fileSystems."/data" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/9aebe351-156a-4aa0-9a97-f09b01ac23ad";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=data" ];
|
||||
};
|
||||
|
||||
fileSystems."/cache" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/9aebe351-156a-4aa0-9a97-f09b01ac23ad";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=cache" ];
|
||||
};
|
||||
|
||||
fileSystems."/nix" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/9aebe351-156a-4aa0-9a97-f09b01ac23ad";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=nix" ];
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."disk0-crypt" = {
|
||||
device = "/dev/disk/by-uuid/a68ead16-1bdc-4d26-9e55-62c2be11ceee";
|
||||
allowDiscards = true;
|
||||
};
|
||||
boot.initrd.luks.devices."disk1-crypt" = {
|
||||
device = "/dev/disk/by-uuid/19bde205-bee4-430d-a4c1-52d635a23963";
|
||||
allowDiscards = true;
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp6s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
1
hosts/boron.cx.ts.hillion.co.uk/system
Normal file
1
hosts/boron.cx.ts.hillion.co.uk/system
Normal file
@ -0,0 +1 @@
|
||||
x86_64-linux
|
@ -2,8 +2,6 @@
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../modules/common/default.nix
|
||||
../../modules/spotify/default.nix
|
||||
./bluetooth.nix
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
@ -17,6 +15,8 @@
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
custom.defaults = true;
|
||||
|
||||
## Impermanence
|
||||
custom.impermanence = {
|
||||
enable = true;
|
||||
@ -29,6 +29,13 @@
|
||||
];
|
||||
};
|
||||
|
||||
## Enable ZRAM swap to help with root on tmpfs
|
||||
zramSwap = {
|
||||
enable = true;
|
||||
memoryPercent = 200;
|
||||
algorithm = "zstd";
|
||||
};
|
||||
|
||||
## Desktop
|
||||
custom.users.jake.password = true;
|
||||
custom.desktop.awesome.enable = true;
|
||||
@ -61,9 +68,9 @@
|
||||
|
||||
## Tailscale
|
||||
age.secrets."tailscale/gendry.jakehillion-terminals.ts.hillion.co.uk".file = ../../secrets/tailscale/gendry.jakehillion-terminals.ts.hillion.co.uk.age;
|
||||
custom.tailscale = {
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
preAuthKeyFile = config.age.secrets."tailscale/gendry.jakehillion-terminals.ts.hillion.co.uk".path;
|
||||
authKeyFile = config.age.secrets."tailscale/gendry.jakehillion-terminals.ts.hillion.co.uk".path;
|
||||
};
|
||||
|
||||
security.sudo.wheelNeedsPassword = lib.mkForce true;
|
||||
@ -76,19 +83,13 @@
|
||||
boot.initrd.kernelModules = [ "amdgpu" ];
|
||||
services.xserver.videoDrivers = [ "amdgpu" ];
|
||||
|
||||
## Spotify
|
||||
home-manager.users.jake.services.spotifyd.settings = {
|
||||
global = {
|
||||
device_name = "Gendry";
|
||||
device_type = "computer";
|
||||
bitrate = 320;
|
||||
};
|
||||
};
|
||||
|
||||
users.users."${config.custom.user}" = {
|
||||
packages = with pkgs; [
|
||||
prismlauncher
|
||||
];
|
||||
};
|
||||
|
||||
## Networking
|
||||
networking.nameservers = lib.mkForce [ ]; # Trust the DHCP nameservers
|
||||
};
|
||||
}
|
||||
|
@ -28,7 +28,10 @@
|
||||
options = [ "subvol=nix" ];
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/af328e8d-d929-43f1-8d04-1c96b5147e5e";
|
||||
boot.initrd.luks.devices."root" = {
|
||||
device = "/dev/disk/by-uuid/af328e8d-d929-43f1-8d04-1c96b5147e5e";
|
||||
allowDiscards = true;
|
||||
};
|
||||
|
||||
fileSystems."/data" =
|
||||
{
|
||||
|
@ -1,110 +0,0 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../modules/common/default.nix
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
config = {
|
||||
system.stateVersion = "23.05";
|
||||
|
||||
networking.hostName = "jorah";
|
||||
networking.domain = "cx.ts.hillion.co.uk";
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
## Impermanence
|
||||
custom.impermanence.enable = true;
|
||||
|
||||
## Custom Services
|
||||
custom = {
|
||||
locations.autoServe = true;
|
||||
www.global.enable = true;
|
||||
services = {
|
||||
version_tracker.enable = true;
|
||||
gitea.actions = {
|
||||
enable = true;
|
||||
tokenSecret = ../../secrets/gitea/actions/jorah.age;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.foldingathome = {
|
||||
enable = true;
|
||||
user = "JakeH"; # https://stats.foldingathome.org/donor/id/357021
|
||||
daemonNiceLevel = 19;
|
||||
};
|
||||
|
||||
## Enable ZRAM to help with root on tmpfs
|
||||
zramSwap = {
|
||||
enable = true;
|
||||
memoryPercent = 200;
|
||||
algorithm = "zstd";
|
||||
};
|
||||
|
||||
## Filesystems
|
||||
services.btrfs.autoScrub = {
|
||||
enable = true;
|
||||
interval = "Tue, 02:00";
|
||||
# By default both /data and /nix would be scrubbed. They are the same filesystem so this is wasteful.
|
||||
fileSystems = [ "/data" ];
|
||||
};
|
||||
|
||||
## Networking
|
||||
boot.kernel.sysctl = {
|
||||
"net.ipv4.ip_forward" = true;
|
||||
"net.ipv6.conf.all.forwarding" = true;
|
||||
};
|
||||
|
||||
networking = {
|
||||
useDHCP = false;
|
||||
interfaces = {
|
||||
enp5s0 = {
|
||||
name = "eth0";
|
||||
useDHCP = true;
|
||||
ipv6.addresses = [{
|
||||
address = "2a01:4f9:4b:3953::2";
|
||||
prefixLength = 64;
|
||||
}];
|
||||
};
|
||||
};
|
||||
defaultGateway6 = {
|
||||
address = "fe80::1";
|
||||
interface = "eth0";
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall = {
|
||||
trustedInterfaces = [ "tailscale0" ];
|
||||
allowedTCPPorts = lib.mkForce [
|
||||
22 # SSH
|
||||
3022 # Gitea SSH (accessed via public 22)
|
||||
];
|
||||
allowedUDPPorts = lib.mkForce [ ];
|
||||
interfaces = {
|
||||
eth0 = {
|
||||
allowedTCPPorts = lib.mkForce [
|
||||
80 # HTTP 1-2
|
||||
443 # HTTPS 1-2
|
||||
8080 # Unifi (inform)
|
||||
];
|
||||
allowedUDPPorts = lib.mkForce [
|
||||
443 # HTTP 3
|
||||
3478 # Unifi STUN
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
## Tailscale
|
||||
age.secrets."tailscale/jorah.cx.ts.hillion.co.uk".file = ../../secrets/tailscale/jorah.cx.ts.hillion.co.uk.age;
|
||||
custom.tailscale = {
|
||||
enable = true;
|
||||
preAuthKeyFile = config.age.secrets."tailscale/jorah.cx.ts.hillion.co.uk".path;
|
||||
ipv4Addr = "100.96.143.138";
|
||||
ipv6Addr = "fd7a:115c:a1e0:ab12:4843:cd96:6260:8f8a";
|
||||
};
|
||||
};
|
||||
}
|
@ -1,48 +0,0 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sr_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-amd" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{
|
||||
device = "tmpfs";
|
||||
fsType = "tmpfs";
|
||||
options = [ "mode=0755" ];
|
||||
};
|
||||
|
||||
fileSystems."/nix" =
|
||||
{
|
||||
device = "/dev/disk/by-id/nvme-KXG60ZNV512G_TOSHIBA_106S10VHT9LM_1-part2";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=nix" ];
|
||||
};
|
||||
|
||||
fileSystems."/data" =
|
||||
{
|
||||
device = "/dev/disk/by-id/nvme-KXG60ZNV512G_TOSHIBA_106S10VHT9LM_1-part2";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=data" ];
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/4D7E-8DE8";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
@ -3,7 +3,6 @@
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
../../modules/common/default.nix
|
||||
../../modules/rpi/rpi4.nix
|
||||
];
|
||||
|
||||
@ -13,6 +12,11 @@
|
||||
networking.hostName = "li";
|
||||
networking.domain = "pop.ts.hillion.co.uk";
|
||||
|
||||
custom.defaults = true;
|
||||
|
||||
## Custom Services
|
||||
custom.locations.autoServe = true;
|
||||
|
||||
# Networking
|
||||
## Tailscale
|
||||
age.secrets."tailscale/li.pop.ts.hillion.co.uk".file = ../../secrets/tailscale/li.pop.ts.hillion.co.uk.age;
|
||||
@ -33,6 +37,14 @@
|
||||
## Run a persistent iperf3 server
|
||||
services.iperf3.enable = true;
|
||||
services.iperf3.openFirewall = true;
|
||||
|
||||
networking.firewall.interfaces = {
|
||||
"end0" = {
|
||||
allowedTCPPorts = [
|
||||
7654 # Tang
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
|
@ -3,7 +3,6 @@
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
../../modules/common/default.nix
|
||||
../../modules/rpi/rpi4.nix
|
||||
];
|
||||
|
||||
@ -13,17 +12,23 @@
|
||||
networking.hostName = "microserver";
|
||||
networking.domain = "home.ts.hillion.co.uk";
|
||||
|
||||
custom.defaults = true;
|
||||
|
||||
## Custom Services
|
||||
custom.locations.autoServe = true;
|
||||
|
||||
# Networking
|
||||
## Tailscale
|
||||
age.secrets."tailscale/microserver.home.ts.hillion.co.uk".file = ../../secrets/tailscale/microserver.home.ts.hillion.co.uk.age;
|
||||
custom.tailscale = {
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
preAuthKeyFile = config.age.secrets."tailscale/microserver.home.ts.hillion.co.uk".path;
|
||||
advertiseRoutes = [ "10.64.50.0/24" "10.239.19.0/24" ];
|
||||
advertiseExitNode = true;
|
||||
authKeyFile = config.age.secrets."tailscale/microserver.home.ts.hillion.co.uk".path;
|
||||
useRoutingFeatures = "server";
|
||||
extraUpFlags = [
|
||||
"--advertise-routes"
|
||||
"10.64.50.0/24,10.239.19.0/24"
|
||||
"--advertise-exit-node"
|
||||
];
|
||||
};
|
||||
|
||||
## Enable IoT VLAN
|
||||
@ -47,12 +52,15 @@
|
||||
services.iperf3.enable = true;
|
||||
services.iperf3.openFirewall = true;
|
||||
|
||||
networking.nameservers = lib.mkForce [ ]; # Trust the DHCP nameservers
|
||||
networking.firewall.interfaces = {
|
||||
"eth0" = {
|
||||
allowedUDPPorts = [
|
||||
5353 # HomeKit
|
||||
];
|
||||
allowedTCPPorts = [
|
||||
1400 # HA Sonos
|
||||
7654 # Tang
|
||||
21063 # HomeKit
|
||||
];
|
||||
};
|
||||
|
@ -2,7 +2,6 @@
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../modules/common/default.nix
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
@ -19,6 +18,8 @@
|
||||
"net.ipv4.conf.all.forwarding" = true;
|
||||
};
|
||||
|
||||
custom.defaults = true;
|
||||
|
||||
## Interactive password
|
||||
custom.users.jake.password = true;
|
||||
|
||||
@ -31,6 +32,14 @@
|
||||
nat.enable = lib.mkForce false;
|
||||
|
||||
useDHCP = false;
|
||||
|
||||
vlans = {
|
||||
cameras = {
|
||||
id = 3;
|
||||
interface = "eth2";
|
||||
};
|
||||
};
|
||||
|
||||
interfaces = {
|
||||
enp1s0 = {
|
||||
name = "eth0";
|
||||
@ -55,6 +64,14 @@
|
||||
}
|
||||
];
|
||||
};
|
||||
cameras /* cameras@eth2 */ = {
|
||||
ipv4.addresses = [
|
||||
{
|
||||
address = "10.133.145.1";
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
};
|
||||
enp4s0 = { name = "eth3"; };
|
||||
enp5s0 = { name = "eth4"; };
|
||||
enp6s0 = { name = "eth5"; };
|
||||
@ -81,8 +98,8 @@
|
||||
|
||||
ip protocol icmp counter accept comment "accept all ICMP types"
|
||||
|
||||
iifname "eth0" ct state { established, related } counter accept
|
||||
iifname "eth0" drop
|
||||
iifname { "eth0", "cameras" } ct state { established, related } counter accept
|
||||
iifname { "eth0", "cameras" } drop
|
||||
}
|
||||
|
||||
chain forward {
|
||||
@ -105,14 +122,8 @@
|
||||
ip daddr 10.64.50.20 tcp dport 32400 counter accept comment "Plex"
|
||||
|
||||
ip daddr 10.64.50.20 tcp dport 8444 counter accept comment "Chia"
|
||||
ip daddr 10.64.50.20 tcp dport 28967 counter accept comment "zfs.tywin.storj"
|
||||
ip daddr 10.64.50.20 udp dport 28967 counter accept comment "zfs.tywin.storj"
|
||||
ip daddr 10.64.50.20 tcp dport 28968 counter accept comment "d0.tywin.storj"
|
||||
ip daddr 10.64.50.20 udp dport 28968 counter accept comment "d0.tywin.storj"
|
||||
ip daddr 10.64.50.20 tcp dport 28969 counter accept comment "d1.tywin.storj"
|
||||
ip daddr 10.64.50.20 udp dport 28969 counter accept comment "d1.tywin.storj"
|
||||
ip daddr 10.64.50.20 tcp dport 28970 counter accept comment "d2.tywin.storj"
|
||||
ip daddr 10.64.50.20 udp dport 28970 counter accept comment "d2.tywin.storj"
|
||||
|
||||
ip daddr 10.64.50.21 tcp dport 7654 counter accept comment "Tang"
|
||||
}
|
||||
}
|
||||
|
||||
@ -123,14 +134,8 @@
|
||||
iifname eth0 tcp dport 32400 counter dnat to 10.64.50.20
|
||||
|
||||
iifname eth0 tcp dport 8444 counter dnat to 10.64.50.20
|
||||
iifname eth0 tcp dport 28967 counter dnat to 10.64.50.20
|
||||
iifname eth0 udp dport 28967 counter dnat to 10.64.50.20
|
||||
iifname eth0 tcp dport 28968 counter dnat to 10.64.50.20
|
||||
iifname eth0 udp dport 28968 counter dnat to 10.64.50.20
|
||||
iifname eth0 tcp dport 28969 counter dnat to 10.64.50.20
|
||||
iifname eth0 udp dport 28969 counter dnat to 10.64.50.20
|
||||
iifname eth0 tcp dport 28970 counter dnat to 10.64.50.20
|
||||
iifname eth0 udp dport 28970 counter dnat to 10.64.50.20
|
||||
|
||||
iifname eth0 tcp dport 7654 counter dnat to 10.64.50.21
|
||||
}
|
||||
|
||||
chain postrouting {
|
||||
@ -149,12 +154,42 @@
|
||||
|
||||
settings = {
|
||||
interfaces-config = {
|
||||
interfaces = [ "eth1" "eth2" ];
|
||||
interfaces = [ "eth1" "eth2" "cameras" ];
|
||||
};
|
||||
lease-database = {
|
||||
type = "memfile";
|
||||
persist = false;
|
||||
persist = true;
|
||||
name = "/var/lib/kea/dhcp4.leases";
|
||||
};
|
||||
|
||||
option-def = [
|
||||
{
|
||||
name = "cookie";
|
||||
space = "vendor-encapsulated-options-space";
|
||||
code = 1;
|
||||
type = "string";
|
||||
array = false;
|
||||
}
|
||||
];
|
||||
client-classes = [
|
||||
{
|
||||
name = "APC";
|
||||
test = "option[vendor-class-identifier].text == 'APC'";
|
||||
option-data = [
|
||||
{
|
||||
always-send = true;
|
||||
name = "vendor-encapsulated-options";
|
||||
}
|
||||
{
|
||||
name = "cookie";
|
||||
space = "vendor-encapsulated-options-space";
|
||||
code = 1;
|
||||
data = "1APC";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
subnet4 = [
|
||||
{
|
||||
subnet = "10.64.50.0/24";
|
||||
@ -173,22 +208,20 @@
|
||||
}
|
||||
{
|
||||
name = "domain-name-servers";
|
||||
data = "1.1.1.1, 8.8.8.8";
|
||||
data = "10.64.50.1, 1.1.1.1, 8.8.8.8";
|
||||
}
|
||||
];
|
||||
reservations = [
|
||||
{
|
||||
# tywin.storage.ts.hillion.co.uk
|
||||
hw-address = "c8:7f:54:6d:e1:03";
|
||||
ip-address = "10.64.50.20";
|
||||
hostname = "tywin";
|
||||
}
|
||||
{
|
||||
# syncbox
|
||||
hw-address = "00:1e:06:49:06:1e";
|
||||
ip-address = "10.64.50.22";
|
||||
hostname = "syncbox";
|
||||
}
|
||||
reservations = lib.lists.imap0
|
||||
(i: el: {
|
||||
ip-address = "10.64.50.${toString (20 + i)}";
|
||||
inherit (el) hw-address hostname;
|
||||
}) [
|
||||
{ hostname = "tywin"; hw-address = "c8:7f:54:6d:e1:03"; }
|
||||
{ hostname = "microserver"; hw-address = "e4:5f:01:b4:58:95"; }
|
||||
{ hostname = "theon"; hw-address = "00:1e:06:49:06:1e"; }
|
||||
{ hostname = "server-switch"; hw-address = "84:d8:1b:9d:0d:85"; }
|
||||
{ hostname = "apc-ap7921"; hw-address = "00:c0:b7:6b:f4:34"; }
|
||||
{ hostname = "sodium"; hw-address = "d8:3a:dd:c3:d6:2b"; }
|
||||
];
|
||||
}
|
||||
{
|
||||
@ -208,7 +241,7 @@
|
||||
}
|
||||
{
|
||||
name = "domain-name-servers";
|
||||
data = "1.1.1.1, 8.8.8.8";
|
||||
data = "10.239.19.1, 1.1.1.1, 8.8.8.8";
|
||||
}
|
||||
];
|
||||
reservations = [
|
||||
@ -226,19 +259,70 @@
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
subnet = "10.133.145.0/24";
|
||||
interface = "cameras";
|
||||
pools = [{
|
||||
pool = "10.133.145.64 - 10.133.145.254";
|
||||
}];
|
||||
option-data = [
|
||||
{
|
||||
name = "routers";
|
||||
data = "10.133.145.1";
|
||||
}
|
||||
{
|
||||
name = "broadcast-address";
|
||||
data = "10.133.145.255";
|
||||
}
|
||||
{
|
||||
name = "domain-name-servers";
|
||||
data = "1.1.1.1, 8.8.8.8";
|
||||
}
|
||||
];
|
||||
reservations = [
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
unbound = {
|
||||
enable = true;
|
||||
settings = {
|
||||
server = {
|
||||
interface = [
|
||||
"127.0.0.1"
|
||||
"10.64.50.1"
|
||||
"10.239.19.1"
|
||||
];
|
||||
access-control = [
|
||||
"10.64.50.0/24 allow"
|
||||
"10.239.19.0/24 allow"
|
||||
];
|
||||
};
|
||||
|
||||
forward-zone = [
|
||||
{
|
||||
name = ".";
|
||||
forward-tls-upstream = "yes";
|
||||
forward-addr = [
|
||||
"1.1.1.1#cloudflare-dns.com"
|
||||
"1.0.0.1#cloudflare-dns.com"
|
||||
"8.8.8.8#dns.google"
|
||||
"8.8.4.4#dns.google"
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
## Tailscale
|
||||
age.secrets."tailscale/router.home.ts.hillion.co.uk".file = ../../secrets/tailscale/router.home.ts.hillion.co.uk.age;
|
||||
custom.tailscale = {
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
preAuthKeyFile = config.age.secrets."tailscale/router.home.ts.hillion.co.uk".path;
|
||||
ipv4Addr = "100.105.71.48";
|
||||
ipv6Addr = "fd7a:115c:a1e0:ab12:4843:cd96:6269:4730";
|
||||
authKeyFile = config.age.secrets."tailscale/router.home.ts.hillion.co.uk".path;
|
||||
};
|
||||
|
||||
## Enable btrfs compression
|
||||
@ -263,7 +347,7 @@
|
||||
services.caddy = {
|
||||
enable = true;
|
||||
virtualHosts."http://graphs.router.home.ts.hillion.co.uk" = {
|
||||
listenAddresses = [ config.custom.tailscale.ipv4Addr config.custom.tailscale.ipv6Addr ];
|
||||
listenAddresses = [ config.custom.dns.tailscale.ipv4 config.custom.dns.tailscale.ipv6 ];
|
||||
extraConfig = "reverse_proxy unix///run/netdata/netdata.sock";
|
||||
};
|
||||
};
|
||||
|
87
hosts/sodium.pop.ts.hillion.co.uk/default.nix
Normal file
87
hosts/sodium.pop.ts.hillion.co.uk/default.nix
Normal file
@ -0,0 +1,87 @@
|
||||
{ config, pkgs, lib, nixos-hardware, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
"${nixos-hardware}/raspberry-pi/5/default.nix"
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
config = {
|
||||
system.stateVersion = "24.05";
|
||||
|
||||
networking.hostName = "sodium";
|
||||
networking.domain = "pop.ts.hillion.co.uk";
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
custom.defaults = true;
|
||||
|
||||
## Enable btrfs compression
|
||||
fileSystems."/data".options = [ "compress=zstd" ];
|
||||
fileSystems."/nix".options = [ "compress=zstd" ];
|
||||
|
||||
## Impermanence
|
||||
custom.impermanence = {
|
||||
enable = true;
|
||||
cache.enable = true;
|
||||
};
|
||||
boot.initrd.postDeviceCommands = lib.mkAfter ''
|
||||
btrfs subvolume delete /cache/tmp
|
||||
btrfs subvolume snapshot /cache/empty_snapshot /cache/tmp
|
||||
chmod 1777 /cache/tmp
|
||||
'';
|
||||
|
||||
## CA server
|
||||
custom.ca.service.enable = true;
|
||||
|
||||
### nix only supports build-dir from 2.22. bind mount /tmp to something persistent instead.
|
||||
fileSystems."/tmp" = {
|
||||
device = "/cache/tmp";
|
||||
options = [ "bind" ];
|
||||
};
|
||||
# nix = {
|
||||
# settings = {
|
||||
# build-dir = "/cache/tmp/";
|
||||
# };
|
||||
# };
|
||||
|
||||
## Custom Services
|
||||
custom.locations.autoServe = true;
|
||||
|
||||
# Networking
|
||||
networking = {
|
||||
useDHCP = false;
|
||||
interfaces = {
|
||||
end0 = {
|
||||
name = "eth0";
|
||||
useDHCP = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
networking.nameservers = lib.mkForce [ ]; # Trust the DHCP nameservers
|
||||
|
||||
networking.firewall = {
|
||||
trustedInterfaces = [ "tailscale0" ];
|
||||
allowedTCPPorts = lib.mkForce [
|
||||
];
|
||||
allowedUDPPorts = lib.mkForce [ ];
|
||||
interfaces = {
|
||||
eth0 = {
|
||||
allowedTCPPorts = lib.mkForce [
|
||||
7654 # Tang
|
||||
];
|
||||
allowedUDPPorts = lib.mkForce [
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
## Tailscale
|
||||
age.secrets."tailscale/sodium.pop.ts.hillion.co.uk".file = ../../secrets/tailscale/sodium.pop.ts.hillion.co.uk.age;
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
authKeyFile = config.age.secrets."tailscale/sodium.pop.ts.hillion.co.uk".path;
|
||||
};
|
||||
};
|
||||
}
|
63
hosts/sodium.pop.ts.hillion.co.uk/hardware-configuration.nix
Normal file
63
hosts/sodium.pop.ts.hillion.co.uk/hardware-configuration.nix
Normal file
@ -0,0 +1,63 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "usbhid" "usb_storage" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{
|
||||
device = "tmpfs";
|
||||
fsType = "tmpfs";
|
||||
options = [ "mode=0755" ];
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/417B-1063";
|
||||
fsType = "vfat";
|
||||
options = [ "fmask=0022" "dmask=0022" ];
|
||||
};
|
||||
|
||||
fileSystems."/nix" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/48ae82bd-4d7f-4be6-a9c9-4fcc29d4aac0";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=nix" ];
|
||||
};
|
||||
|
||||
fileSystems."/data" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/48ae82bd-4d7f-4be6-a9c9-4fcc29d4aac0";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=data" ];
|
||||
};
|
||||
|
||||
fileSystems."/cache" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/48ae82bd-4d7f-4be6-a9c9-4fcc29d4aac0";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=cache" ];
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enu1u4.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
|
||||
}
|
1
hosts/sodium.pop.ts.hillion.co.uk/system
Normal file
1
hosts/sodium.pop.ts.hillion.co.uk/system
Normal file
@ -0,0 +1 @@
|
||||
aarch64-linux
|
@ -2,7 +2,6 @@
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../modules/common/default.nix
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
@ -15,14 +14,18 @@
|
||||
boot.loader.grub.enable = false;
|
||||
boot.loader.generic-extlinux-compatible.enable = true;
|
||||
|
||||
custom.defaults = true;
|
||||
|
||||
## Custom Services
|
||||
custom = {
|
||||
locations.autoServe = true;
|
||||
};
|
||||
|
||||
## Networking
|
||||
networking.useNetworkd = true;
|
||||
systemd.network.enable = true;
|
||||
|
||||
networking.nameservers = lib.mkForce [ ]; # Trust the DHCP nameservers
|
||||
networking.firewall = {
|
||||
trustedInterfaces = [ "tailscale0" ];
|
||||
allowedTCPPorts = lib.mkForce [
|
||||
@ -39,11 +42,9 @@
|
||||
|
||||
## Tailscale
|
||||
age.secrets."tailscale/theon.storage.ts.hillion.co.uk".file = ../../secrets/tailscale/theon.storage.ts.hillion.co.uk.age;
|
||||
custom.tailscale = {
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
preAuthKeyFile = config.age.secrets."tailscale/theon.storage.ts.hillion.co.uk".path;
|
||||
ipv4Addr = "100.104.142.22";
|
||||
ipv6Addr = "fd7a:115c:a1e0::4aa8:8e16";
|
||||
authKeyFile = config.age.secrets."tailscale/theon.storage.ts.hillion.co.uk".path;
|
||||
};
|
||||
|
||||
## Packages
|
||||
|
7
hosts/tywin.storage.ts.hillion.co.uk/README.md
Normal file
7
hosts/tywin.storage.ts.hillion.co.uk/README.md
Normal file
@ -0,0 +1,7 @@
|
||||
# tywin.storage.ts.hillion.co.uk
|
||||
|
||||
Additional installation step for Clevis/Tang:
|
||||
|
||||
$ echo -n $DISK_ENCRYPTION_PASSWORD | clevis encrypt sss "$(cat /etc/nixos/hosts/tywin.storage.ts.hillion.co.uk/clevis_config.json)" >/mnt/disk_encryption.jwe
|
||||
$ sudo chown root:root /mnt/disk_encryption.jwe
|
||||
$ sudo chmod 0400 /mnt/disk_encryption.jwe
|
14
hosts/tywin.storage.ts.hillion.co.uk/clevis_config.json
Normal file
14
hosts/tywin.storage.ts.hillion.co.uk/clevis_config.json
Normal file
@ -0,0 +1,14 @@
|
||||
{
|
||||
"t": 1,
|
||||
"pins": {
|
||||
"tang": [
|
||||
{
|
||||
"url": "http://10.64.50.21:7654"
|
||||
},
|
||||
{
|
||||
"url": "http://10.64.50.25:7654"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
|
@ -2,7 +2,6 @@
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../modules/common/default.nix
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
@ -16,15 +15,35 @@
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
boot.kernelParams = [
|
||||
"ip=dhcp"
|
||||
"zfs.zfs_arc_max=25769803776"
|
||||
];
|
||||
boot.initrd = {
|
||||
availableKernelModules = [ "r8169" ];
|
||||
network.enable = true;
|
||||
clevis = {
|
||||
enable = true;
|
||||
useTang = true;
|
||||
devices."root".secretFile = "/disk_encryption.jwe";
|
||||
};
|
||||
};
|
||||
|
||||
custom.locations.autoServe = true;
|
||||
custom.defaults = true;
|
||||
|
||||
# zram swap: used in the hope it will give the ZFS ARC more room to back off
|
||||
zramSwap = {
|
||||
enable = true;
|
||||
memoryPercent = 200;
|
||||
algorithm = "zstd";
|
||||
};
|
||||
|
||||
## Tailscale
|
||||
age.secrets."tailscale/tywin.storage.ts.hillion.co.uk".file = ../../secrets/tailscale/tywin.storage.ts.hillion.co.uk.age;
|
||||
custom.tailscale = {
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
preAuthKeyFile = config.age.secrets."tailscale/tywin.storage.ts.hillion.co.uk".path;
|
||||
ipv4Addr = "100.115.31.91";
|
||||
ipv6Addr = "fd7a:115c:a1e0:ab12:4843:cd96:6273:1f5b";
|
||||
authKeyFile = config.age.secrets."tailscale/tywin.storage.ts.hillion.co.uk".path;
|
||||
};
|
||||
|
||||
## Filesystems
|
||||
@ -35,11 +54,17 @@
|
||||
forceImportRoot = false;
|
||||
extraPools = [ "data" ];
|
||||
};
|
||||
boot.kernelParams = [ "zfs.zfs_arc_max=25769803776" ];
|
||||
|
||||
services.zfs.autoScrub = {
|
||||
services.btrfs.autoScrub = {
|
||||
enable = true;
|
||||
interval = "Tue, 02:00";
|
||||
# All filesystems includes the BTRFS parts of all the hard drives. This
|
||||
# would take forever and is redundant as they get fully read regularly.
|
||||
fileSystems = [ "/" ];
|
||||
};
|
||||
services.zfs.autoScrub = {
|
||||
enable = true;
|
||||
interval = "Wed, 02:00";
|
||||
};
|
||||
|
||||
## Backups
|
||||
@ -130,7 +155,7 @@
|
||||
services.caddy = {
|
||||
enable = true;
|
||||
virtualHosts."http://restic.tywin.storage.ts.hillion.co.uk".extraConfig = ''
|
||||
bind ${config.custom.tailscale.ipv4Addr} ${config.custom.tailscale.ipv6Addr}
|
||||
bind ${config.custom.dns.tailscale.ipv4} ${config.custom.dns.tailscale.ipv6}
|
||||
reverse_proxy http://localhost:8000
|
||||
'';
|
||||
};
|
||||
@ -193,7 +218,7 @@
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
keyFile = config.age.secrets."chia/farmer.key".path;
|
||||
plotDirectories = builtins.genList (i: "/mnt/d${toString i}/plots/contract-k32") 7;
|
||||
plotDirectories = builtins.genList (i: "/mnt/d${toString i}/plots/contract-k32") 8;
|
||||
};
|
||||
|
||||
## Downloads
|
||||
@ -211,13 +236,10 @@
|
||||
openFirewall = true;
|
||||
};
|
||||
|
||||
## Firewall
|
||||
## Networking
|
||||
networking.nameservers = lib.mkForce [ ]; # Trust the DHCP nameservers
|
||||
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [
|
||||
80 # Caddy (restic.tywin.storage.ts.)
|
||||
14002 # Storj Dashboard (d0.)
|
||||
14003 # Storj Dashboard (d1.)
|
||||
14004 # Storj Dashboard (d2.)
|
||||
14005 # Storj Dashboard (d3.)
|
||||
];
|
||||
};
|
||||
}
|
||||
|
@ -20,6 +20,11 @@
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."root" = {
|
||||
device = "/dev/disk/by-uuid/32837730-5e15-4917-9939-cbb58bb0aabf";
|
||||
allowDiscards = true;
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/BC57-0AF6";
|
||||
@ -62,6 +67,18 @@
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
fileSystems."/mnt/d6" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/b461e07d-39ab-46b4-b1d1-14c2e0791915";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
fileSystems."/mnt/d7" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/eb8d32d0-e506-449b-8dbc-585ba05c4252";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
|
11
modules/ca/README.md
Normal file
11
modules/ca/README.md
Normal file
@ -0,0 +1,11 @@
|
||||
# ca
|
||||
|
||||
Getting the certificates in the right place is a manual process (for now, at least). This is to keep the most control over the root certificate's key and allow manual cycling. The manual commands should be run on a trusted machine.
|
||||
|
||||
Creating a 10 year root certificate:
|
||||
|
||||
nix run nixpkgs#step-cli -- certificate create 'Hillion ACME' cert.pem key.pem --kty=EC --curve=P-521 --profile=root-ca --not-after=87600h
|
||||
|
||||
Creating the intermediate key:
|
||||
|
||||
nix run nixpkgs#step-cli -- certificate create 'Hillion ACME (sodium.pop.ts.hillion.co.uk)' intermediate_cert.pem intermediate_key.pem --kty=EC --curve=P-521 --profile=intermediate-ca --not-after=8760h --ca=$NIXOS_ROOT/modules/ca/cert.pem --ca-key=DOWNLOADED_KEY.pem
|
13
modules/ca/cert.pem
Normal file
13
modules/ca/cert.pem
Normal file
@ -0,0 +1,13 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIB+TCCAVqgAwIBAgIQIZdaIUsuJdjnu7DQP1N8oTAKBggqhkjOPQQDBDAXMRUw
|
||||
EwYDVQQDEwxIaWxsaW9uIEFDTUUwHhcNMjQwODAxMjIyMjEwWhcNMzQwNzMwMjIy
|
||||
MjEwWjAXMRUwEwYDVQQDEwxIaWxsaW9uIEFDTUUwgZswEAYHKoZIzj0CAQYFK4EE
|
||||
ACMDgYYABAAJI3z1PrV97EFc1xaENcr6ML1z6xdXTy+ReHtf42nWsw+c3WDKzJ45
|
||||
+xHJ/p2BTOR5+NQ7RGQQ68zmFJnEYTYDogAw6U9YzxxDGlG1HlgnZ9PPmXoF+PFl
|
||||
Zy2WZCiDPx5KDJcjTPzLV3ITt4fl3PMA12BREVeonvrvRLcpVrMfS2b7wKNFMEMw
|
||||
DgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYEFFBT
|
||||
fMT0uUbS+lVUbGKK8/SZHPISMAoGCCqGSM49BAMEA4GMADCBiAJCAPNIwrQztPrN
|
||||
MaHB3J0lNVODIGwQWblt99vnjqIWOKJhgckBxaElyInsyt8dlnmTCpOCJdY4BA+K
|
||||
Nr87AfwIWdAaAkIBV5i4zXPXVKblGKnmM0FomFSbq2cYE3pmi5BO1StakH1kEHlf
|
||||
vbkdwFgkw2MlARp0Ka3zbWivBG9zjPoZtsL/8tk=
|
||||
-----END CERTIFICATE-----
|
14
modules/ca/consumer.nix
Normal file
14
modules/ca/consumer.nix
Normal file
@ -0,0 +1,14 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.custom.ca.consumer;
|
||||
in
|
||||
{
|
||||
options.custom.ca.consumer = {
|
||||
enable = lib.mkEnableOption "ca.service";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
security.pki.certificates = [ (builtins.readFile ./cert.pem) ];
|
||||
};
|
||||
}
|
8
modules/ca/default.nix
Normal file
8
modules/ca/default.nix
Normal file
@ -0,0 +1,8 @@
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./consumer.nix
|
||||
./service.nix
|
||||
];
|
||||
}
|
45
modules/ca/service.nix
Normal file
45
modules/ca/service.nix
Normal file
@ -0,0 +1,45 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.custom.ca.service;
|
||||
in
|
||||
{
|
||||
options.custom.ca.service = {
|
||||
enable = lib.mkEnableOption "ca.service";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.step-ca = {
|
||||
enable = true;
|
||||
|
||||
address = config.custom.dns.tailscale.ipv4;
|
||||
port = 8443;
|
||||
|
||||
intermediatePasswordFile = "/data/system/ca/intermediate.psk";
|
||||
|
||||
settings = {
|
||||
root = ./cert.pem;
|
||||
crt = "/data/system/ca/intermediate.crt";
|
||||
key = "/data/system/ca/intermediate.pem";
|
||||
|
||||
dnsNames = [ "ca.ts.hillion.co.uk" ];
|
||||
|
||||
logger = { format = "text"; };
|
||||
|
||||
db = {
|
||||
type = "badgerv2";
|
||||
dataSource = "/var/lib/step-ca/db";
|
||||
};
|
||||
|
||||
authority = {
|
||||
provisioners = [
|
||||
{
|
||||
type = "ACME";
|
||||
name = "acme";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -46,7 +46,7 @@ in
|
||||
};
|
||||
|
||||
virtualisation.oci-containers.containers.chia = {
|
||||
image = "ghcr.io/chia-network/chia:2.1.4";
|
||||
image = "ghcr.io/chia-network/chia:2.4.1";
|
||||
ports = [ "8444" ];
|
||||
extraOptions = [
|
||||
"--uidmap=0:${toString config.users.users.chia.uid}:1"
|
||||
|
@ -1,60 +0,0 @@
|
||||
{ pkgs, lib, config, agenix, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../home/default.nix
|
||||
./shell.nix
|
||||
./ssh.nix
|
||||
./update_scripts.nix
|
||||
];
|
||||
|
||||
nix = {
|
||||
settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
settings = {
|
||||
auto-optimise-store = true;
|
||||
};
|
||||
gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 90d";
|
||||
};
|
||||
};
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
time.timeZone = "Europe/London";
|
||||
i18n.defaultLocale = "en_GB.UTF-8";
|
||||
|
||||
users = {
|
||||
mutableUsers = false;
|
||||
users."jake" = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" ]; # enable sudo
|
||||
};
|
||||
};
|
||||
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
agenix.packages."${system}".default
|
||||
gh
|
||||
git
|
||||
htop
|
||||
nix
|
||||
sapling
|
||||
vim
|
||||
];
|
||||
variables.EDITOR = "vim";
|
||||
shellAliases = {
|
||||
ls = "ls -p --color=auto";
|
||||
};
|
||||
};
|
||||
|
||||
networking = rec {
|
||||
nameservers = [ "1.1.1.1" "8.8.8.8" ];
|
||||
networkmanager.dns = "none";
|
||||
};
|
||||
networking.firewall.enable = true;
|
||||
|
||||
custom.hostinfo.enable = true;
|
||||
}
|
@ -1,40 +0,0 @@
|
||||
{ pkgs, lib, config, ... }:
|
||||
|
||||
{
|
||||
users.users."jake".openssh.authorizedKeys.keys = [
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOt74U+rL+BMtAEjfu/Optg1D7Ly7U+TupRxd5u9kfN7oJnW4dJA25WRSr4dgQNq7MiMveoduBY/ky2s0c9gvIA= jake@jake-gentoo"
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC0uKIvvvkzrOcS7AcamsQRFId+bqPwUC9IiUIsiH5oWX1ReiITOuEo+TL9YMII5RyyfJFeu2ZP9moNuZYlE7Bs= jake@jake-mbp"
|
||||
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAyFsYYjLZ/wyw8XUbcmkk6OKt2IqLOnWpRE5gEvm3X0V4IeTOL9F4IL79h7FTsPvi2t9zGBL1hxeTMZHSGfrdWaMJkQp94gA1W30MKXvJ47nEVt0HUIOufGqgTTaAn4BHxlFUBUuS7UxaA4igFpFVoPJed7ZMhMqxg+RWUmBAkcgTWDMgzUx44TiNpzkYlG8cYuqcIzpV2dhGn79qsfUzBMpGJgkxjkGdDEHRk66JXgD/EtVasZvqp5/KLNnOpisKjR88UJKJ6/buV7FLVra4/0hA9JtH9e1ecCfxMPbOeluaxlieEuSXV2oJMbQoPP87+/QriNdi/6QuCHkMDEhyGw== jake@jake-mbp"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw4lgH20nfuchDqvVf0YciqN0GnBw5hfh8KIun5z0P7wlNgVYnCyvPvdIlGf2Nt1z5EGfsMzMLhKDOZkcTMlhupd+j2Er/ZB764uVBGe1n3CoPeasmbIlnamZ12EusYDvQGm2hVJTGQPPp9nKaRxr6ljvTMTNl0KWlWvKP4kec74d28MGgULOPLT3HlAyvUymSULK4lSxFK0l97IVXLa8YwuL5TNFGHUmjoSsi/Q7/CKaqvNh+ib1BYHzHYsuEzaaApnCnfjDBNexHm/AfbI7s+g3XZDcZOORZn6r44dOBNFfwvppsWj3CszwJQYIFeJFuMRtzlC8+kyYxci0+FXHn jake@jake-gentoo"
|
||||
|
||||
];
|
||||
|
||||
programs.mosh.enable = true;
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
|
||||
settings = {
|
||||
PermitRootLogin = "no";
|
||||
PasswordAuthentication = false;
|
||||
};
|
||||
};
|
||||
|
||||
programs.ssh.knownHosts = {
|
||||
# Global Internet hosts
|
||||
"ssh.gitea.hillion.co.uk".publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxQpywsy+WGeaEkEL67xOBL1NIE++pcojxro5xAPO6VQe2N79388NRFMLlX6HtnebkIpVrvnqdLOs0BPMAokjaWCC4Ay7T/3ko1kXSOlqHY5Ye9jtjRK+wPHMZgzf74a3jlvxjrXJMA70rPQ3X+8UGpA04eB3JyyLTLuVvc6znMe53QiZ0x+hSz+4pYshnCO2UazJ148vV3htN6wRK+uqjNdjjQXkNJ7llNBSrvmfrLidlf0LRphEk43maSQCBcLEZgf4pxXBA7rFuZABZTz1twbnxP2ziyBaSOs7rcII+jVhF2cqJlElutBfIgRNJ3DjNiTcdhNaZzkwJ59huR0LUFQlHI+SALvPzE9ZXWVOX/SqQG+oIB8VebR52icii0aJH7jatkogwNk0121xmhpvvR7gwbJ9YjYRTpKs4lew3bq/W/OM8GF/FEuCsCuNIXRXKqIjJVAtIpuuhxPymFHeqJH3wK3f6jTJfcAz/z33Rwpow2VOdDyqrRfAW8ti73CCnRlN+VJi0V/zvYGs9CHldY3YvMr7rSd0+fdGyJHSTSRBF0vcyRVA/SqSfcIo/5o0ssYoBnQCg6gOkc3nNQ0C0/qh1ww17rw4hqBRxFJ2t3aBUMK+UHPxrELLVmG6ZUmfg9uVkOoafjRsoML6DVDB4JAk5JsmcZhybOarI9PJfEQ==";
|
||||
|
||||
# Tailscale hosts
|
||||
"dancefloor.dancefloor.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEXkGueVYKr2wp/VHo2QLis0kmKtc/Upg3pGoHr6RkzY";
|
||||
"gendry.jakehillion.terminals.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPXM5aDvNv4MTITXAvJWSS2yvr/mbxJE31tgwJtcl38c";
|
||||
"homeassistant.homeassistant.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM2ytacl/zYXhgvosvhudsl0zW5eQRHXm9aMqG9adux";
|
||||
"jorah.cx.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILA9Hp37ljgVRZwjXnTh+XqRuQWk23alOqe7ptwSr2A5";
|
||||
"li.pop.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQWgcDFL9UZBDKHPiEGepT1Qsc4gz3Pee0/XVHJ6V6u";
|
||||
"microserver.home.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPPOCPqXm5a+vGB6PsJFvjKNgjLhM5MxrwCy6iHGRjXw";
|
||||
"router.home.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAlCj/i2xprN6h0Ik2tthOJQy6Qwq3Ony73+yfbHYTFu";
|
||||
"theon.storage.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN59psLVu3/sQORA4x3p8H3ei8MCQlcwX5T+k3kBeBMf";
|
||||
"tywin.storage.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGATsjWO0qZNFp2BhfgDuWi+e/ScMkFxp79N2OZoed1k";
|
||||
};
|
||||
programs.ssh.knownHostsFiles = [ ./github_known_hosts ];
|
||||
}
|
@ -3,16 +3,21 @@
|
||||
{
|
||||
imports = [
|
||||
./backups/default.nix
|
||||
./ca/default.nix
|
||||
./chia.nix
|
||||
./common/hostinfo.nix
|
||||
./defaults.nix
|
||||
./desktop/awesome/default.nix
|
||||
./dns.nix
|
||||
./home/default.nix
|
||||
./hostinfo.nix
|
||||
./ids.nix
|
||||
./impermanence.nix
|
||||
./locations.nix
|
||||
./resilio.nix
|
||||
./services/default.nix
|
||||
./shell/default.nix
|
||||
./ssh/default.nix
|
||||
./storj.nix
|
||||
./tailscale.nix
|
||||
./users.nix
|
||||
./www/global.nix
|
||||
./www/www-repo.nix
|
||||
|
64
modules/defaults.nix
Normal file
64
modules/defaults.nix
Normal file
@ -0,0 +1,64 @@
|
||||
{ pkgs, lib, config, agenix, ... }:
|
||||
|
||||
{
|
||||
options.custom.defaults = lib.mkEnableOption "defaults";
|
||||
|
||||
config = lib.mkIf config.custom.defaults {
|
||||
nix = {
|
||||
settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
settings = {
|
||||
auto-optimise-store = true;
|
||||
};
|
||||
gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 90d";
|
||||
};
|
||||
};
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
time.timeZone = "Europe/London";
|
||||
i18n.defaultLocale = "en_GB.UTF-8";
|
||||
|
||||
users = {
|
||||
mutableUsers = false;
|
||||
users.${config.custom.user} = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" ]; # enable sudo
|
||||
uid = config.ids.uids.${config.custom.user};
|
||||
};
|
||||
};
|
||||
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
agenix.packages."${system}".default
|
||||
gh
|
||||
git
|
||||
htop
|
||||
nix
|
||||
sapling
|
||||
vim
|
||||
];
|
||||
variables.EDITOR = "vim";
|
||||
shellAliases = {
|
||||
ls = "ls -p --color=auto";
|
||||
};
|
||||
};
|
||||
|
||||
networking = rec {
|
||||
nameservers = [ "1.1.1.1" "8.8.8.8" ];
|
||||
networkmanager.dns = "none";
|
||||
};
|
||||
networking.firewall.enable = true;
|
||||
|
||||
# Delegation
|
||||
custom.ca.consumer.enable = true;
|
||||
custom.dns.enable = true;
|
||||
custom.home.defaults = true;
|
||||
custom.hostinfo.enable = true;
|
||||
custom.shell.enable = true;
|
||||
custom.ssh.enable = true;
|
||||
};
|
||||
}
|
112
modules/dns.nix
Normal file
112
modules/dns.nix
Normal file
@ -0,0 +1,112 @@
|
||||
{ pkgs, lib, config, ... }:
|
||||
|
||||
let
|
||||
cfg = config.custom.dns;
|
||||
in
|
||||
{
|
||||
options.custom.dns = {
|
||||
enable = lib.mkEnableOption "dns";
|
||||
|
||||
authoritative = {
|
||||
ipv4 = lib.mkOption {
|
||||
description = "authoritative ipv4 mappings";
|
||||
readOnly = true;
|
||||
};
|
||||
ipv6 = lib.mkOption {
|
||||
description = "authoritative ipv6 mappings";
|
||||
readOnly = true;
|
||||
};
|
||||
};
|
||||
|
||||
tailscale =
|
||||
{
|
||||
ipv4 = lib.mkOption {
|
||||
description = "tailscale ipv4 address";
|
||||
readOnly = true;
|
||||
};
|
||||
ipv6 = lib.mkOption {
|
||||
description = "tailscale ipv6 address";
|
||||
readOnly = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
custom.dns.authoritative = {
|
||||
ipv4 = {
|
||||
uk = {
|
||||
co = {
|
||||
hillion = {
|
||||
ts = {
|
||||
cx = {
|
||||
boron = "100.113.188.46";
|
||||
};
|
||||
home = {
|
||||
microserver = "100.105.131.47";
|
||||
router = "100.105.71.48";
|
||||
};
|
||||
jakehillion-terminals = { gendry = "100.70.100.77"; };
|
||||
lt = { be = "100.105.166.79"; };
|
||||
pop = {
|
||||
li = "100.106.87.35";
|
||||
sodium = "100.87.188.4";
|
||||
};
|
||||
storage = {
|
||||
theon = "100.104.142.22";
|
||||
tywin = "100.115.31.91";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
ipv6 = {
|
||||
uk = {
|
||||
co = {
|
||||
hillion = {
|
||||
ts = {
|
||||
cx = {
|
||||
boron = "fd7a:115c:a1e0::2a01:bc2f";
|
||||
};
|
||||
home = {
|
||||
microserver = "fd7a:115c:a1e0:ab12:4843:cd96:6269:832f";
|
||||
router = "fd7a:115c:a1e0:ab12:4843:cd96:6269:4730";
|
||||
};
|
||||
jakehillion-terminals = { gendry = "fd7a:115c:a1e0:ab12:4843:cd96:6246:644d"; };
|
||||
lt = { be = "fd7a:115c:a1e0::9001:a64f"; };
|
||||
pop = {
|
||||
li = "fd7a:115c:a1e0::e701:5723";
|
||||
sodium = "fd7a:115c:a1e0::3701:bc04";
|
||||
};
|
||||
storage = {
|
||||
theon = "fd7a:115c:a1e0::4aa8:8e16";
|
||||
tywin = "fd7a:115c:a1e0:ab12:4843:cd96:6273:1f5b";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
custom.dns.tailscale =
|
||||
let
|
||||
lookupFqdn = lib.attrsets.attrByPath (lib.reverseList (lib.splitString "." config.networking.fqdn)) null;
|
||||
in
|
||||
{
|
||||
ipv4 = lookupFqdn cfg.authoritative.ipv4;
|
||||
ipv6 = lookupFqdn cfg.authoritative.ipv6;
|
||||
};
|
||||
|
||||
networking.hosts =
|
||||
let
|
||||
mkHosts = hosts:
|
||||
(lib.collect (x: (builtins.hasAttr "name" x && builtins.hasAttr "value" x))
|
||||
(lib.mapAttrsRecursive
|
||||
(path: value:
|
||||
lib.nameValuePair value [ (lib.concatStringsSep "." (lib.reverseList path)) ])
|
||||
hosts));
|
||||
in
|
||||
builtins.listToAttrs (mkHosts cfg.authoritative.ipv4 ++ mkHosts cfg.authoritative.ipv6);
|
||||
};
|
||||
}
|
@ -6,7 +6,9 @@
|
||||
./tmux/default.nix
|
||||
];
|
||||
|
||||
config = {
|
||||
options.custom.home.defaults = lib.mkEnableOption "home";
|
||||
|
||||
config = lib.mkIf config.custom.home.defaults {
|
||||
home-manager = {
|
||||
users.root.home = {
|
||||
stateVersion = "22.11";
|
||||
@ -22,5 +24,9 @@
|
||||
file.".zshrc".text = "";
|
||||
};
|
||||
};
|
||||
|
||||
# Delegation
|
||||
custom.home.git.enable = true;
|
||||
custom.home.tmux.enable = true;
|
||||
};
|
||||
}
|
||||
|
@ -1,21 +1,30 @@
|
||||
{ pkgs, lib, config, ... }:
|
||||
|
||||
let
|
||||
cfg = config.custom.home.git;
|
||||
in
|
||||
{
|
||||
home-manager.users.jake.programs.git = {
|
||||
enable = true;
|
||||
extraConfig = {
|
||||
user = {
|
||||
email = "jake@hillion.co.uk";
|
||||
name = "Jake Hillion";
|
||||
};
|
||||
pull = {
|
||||
rebase = true;
|
||||
};
|
||||
merge = {
|
||||
conflictstyle = "diff3";
|
||||
};
|
||||
init = {
|
||||
defaultBranch = "main";
|
||||
options.custom.home.git = {
|
||||
enable = lib.mkEnableOption "git";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
home-manager.users.jake.programs.git = lib.mkIf (config.custom.user == "jake") {
|
||||
enable = true;
|
||||
extraConfig = {
|
||||
user = {
|
||||
email = "jake@hillion.co.uk";
|
||||
name = "Jake Hillion";
|
||||
};
|
||||
pull = {
|
||||
rebase = true;
|
||||
};
|
||||
merge = {
|
||||
conflictstyle = "diff3";
|
||||
};
|
||||
init = {
|
||||
defaultBranch = "main";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -8,3 +8,11 @@ bind -n C-k clear-history
|
||||
bind '"' split-window -c "#{pane_current_path}"
|
||||
bind % split-window -h -c "#{pane_current_path}"
|
||||
bind c new-window -c "#{pane_current_path}"
|
||||
|
||||
# Start indices at 1 to match keyboard
|
||||
set -g base-index 1
|
||||
setw -g pane-base-index 1
|
||||
|
||||
# Open a new session when attached to and one isn't open
|
||||
# Must come after base-index settings
|
||||
new-session
|
||||
|
@ -1,8 +1,17 @@
|
||||
{ pkgs, lib, config, ... }:
|
||||
|
||||
let
|
||||
cfg = config.custom.home.tmux;
|
||||
in
|
||||
{
|
||||
home-manager.users.jake.programs.tmux = {
|
||||
enable = true;
|
||||
extraConfig = lib.readFile ./.tmux.conf;
|
||||
options.custom.home.tmux = {
|
||||
enable = lib.mkEnableOption "tmux";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
home-manager.users.jake.programs.tmux = {
|
||||
enable = true;
|
||||
extraConfig = lib.readFile ./.tmux.conf;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -6,6 +6,7 @@
|
||||
## Defined System Users (see https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/misc/ids.nix)
|
||||
unifi = 183;
|
||||
chia = 185;
|
||||
gitea = 186;
|
||||
|
||||
## Consistent People
|
||||
jake = 1000;
|
||||
@ -15,6 +16,7 @@
|
||||
## Defined System Groups (see https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/misc/ids.nix)
|
||||
unifi = 183;
|
||||
chia = 185;
|
||||
gitea = 186;
|
||||
|
||||
## Consistent Groups
|
||||
mediaaccess = 1200;
|
||||
|
@ -2,7 +2,6 @@
|
||||
|
||||
let
|
||||
cfg = config.custom.impermanence;
|
||||
listIf = (enable: x: if enable then x else [ ]);
|
||||
in
|
||||
{
|
||||
options.custom.impermanence = {
|
||||
@ -12,6 +11,13 @@ in
|
||||
type = lib.types.str;
|
||||
default = "/data";
|
||||
};
|
||||
cache = {
|
||||
enable = lib.mkEnableOption "impermanence.cache";
|
||||
path = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "/cache";
|
||||
};
|
||||
};
|
||||
|
||||
users = lib.mkOption {
|
||||
type = with lib.types; listOf str;
|
||||
@ -40,18 +46,32 @@ in
|
||||
gitea.stateDir = "${cfg.base}/system/var/lib/gitea";
|
||||
};
|
||||
|
||||
environment.persistence."${cfg.base}/system" = {
|
||||
hideMounts = true;
|
||||
environment.persistence = lib.mkMerge [
|
||||
{
|
||||
"${cfg.base}/system" = {
|
||||
hideMounts = true;
|
||||
|
||||
directories = [
|
||||
"/etc/nixos"
|
||||
] ++ (listIf config.custom.tailscale.enable [ "/var/lib/tailscale" ]) ++
|
||||
(listIf config.services.zigbee2mqtt.enable [ config.services.zigbee2mqtt.dataDir ]) ++
|
||||
(listIf config.services.postgresql.enable [ config.services.postgresql.dataDir ]) ++
|
||||
(listIf config.hardware.bluetooth.enable [ "/var/lib/bluetooth" ]) ++
|
||||
(listIf config.custom.services.unifi.enable [ "/var/lib/unifi" ]) ++
|
||||
(listIf (config.virtualisation.oci-containers.containers != { }) [ "/var/lib/containers" ]);
|
||||
};
|
||||
directories = [
|
||||
"/etc/nixos"
|
||||
] ++ (lib.lists.optional config.services.tailscale.enable "/var/lib/tailscale") ++
|
||||
(lib.lists.optional config.services.zigbee2mqtt.enable config.services.zigbee2mqtt.dataDir) ++
|
||||
(lib.lists.optional config.services.postgresql.enable config.services.postgresql.dataDir) ++
|
||||
(lib.lists.optional config.hardware.bluetooth.enable "/var/lib/bluetooth") ++
|
||||
(lib.lists.optional config.custom.services.unifi.enable "/var/lib/unifi") ++
|
||||
(lib.lists.optional (config.virtualisation.oci-containers.containers != { }) "/var/lib/containers") ++
|
||||
(lib.lists.optional config.services.tang.enable "/var/lib/private/tang") ++
|
||||
(lib.lists.optional config.services.caddy.enable "/var/lib/caddy") ++
|
||||
(lib.lists.optional config.services.step-ca.enable "/var/lib/step-ca/db");
|
||||
};
|
||||
}
|
||||
(lib.mkIf cfg.cache.enable {
|
||||
"${cfg.cache.path}/system" = {
|
||||
hideMounts = true;
|
||||
|
||||
directories = (lib.lists.optional config.services.postgresqlBackup.enable config.services.postgresqlBackup.location);
|
||||
};
|
||||
})
|
||||
];
|
||||
|
||||
home-manager.users =
|
||||
let
|
||||
|
@ -11,25 +11,41 @@ in
|
||||
};
|
||||
|
||||
locations = lib.mkOption {
|
||||
default = {
|
||||
services = {
|
||||
downloads = "tywin.storage.ts.hillion.co.uk";
|
||||
gitea = "jorah.cx.ts.hillion.co.uk";
|
||||
homeassistant = "microserver.home.ts.hillion.co.uk";
|
||||
mastodon = "";
|
||||
matrix = "jorah.cx.ts.hillion.co.uk";
|
||||
unifi = "jorah.cx.ts.hillion.co.uk";
|
||||
};
|
||||
};
|
||||
readOnly = true;
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.autoServe {
|
||||
custom.services.downloads.enable = cfg.locations.services.downloads == config.networking.fqdn;
|
||||
custom.services.gitea.enable = cfg.locations.services.gitea == config.networking.fqdn;
|
||||
custom.services.homeassistant.enable = cfg.locations.services.homeassistant == config.networking.fqdn;
|
||||
custom.services.mastodon.enable = cfg.locations.services.mastodon == config.networking.fqdn;
|
||||
custom.services.matrix.enable = cfg.locations.services.matrix == config.networking.fqdn;
|
||||
custom.services.unifi.enable = cfg.locations.services.unifi == config.networking.fqdn;
|
||||
};
|
||||
config = lib.mkMerge [
|
||||
{
|
||||
custom.locations.locations = {
|
||||
services = {
|
||||
authoritative_dns = [ "boron.cx.ts.hillion.co.uk" ];
|
||||
downloads = "tywin.storage.ts.hillion.co.uk";
|
||||
gitea = "boron.cx.ts.hillion.co.uk";
|
||||
homeassistant = "microserver.home.ts.hillion.co.uk";
|
||||
mastodon = "";
|
||||
matrix = "boron.cx.ts.hillion.co.uk";
|
||||
tang = [
|
||||
"li.pop.ts.hillion.co.uk"
|
||||
"microserver.home.ts.hillion.co.uk"
|
||||
"sodium.pop.ts.hillion.co.uk"
|
||||
];
|
||||
unifi = "boron.cx.ts.hillion.co.uk";
|
||||
version_tracker = [ "boron.cx.ts.hillion.co.uk" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
(lib.mkIf cfg.autoServe
|
||||
{
|
||||
custom.services = lib.mapAttrsRecursive
|
||||
(path: value: {
|
||||
enable =
|
||||
if builtins.isList value
|
||||
then builtins.elem config.networking.fqdn value
|
||||
else config.networking.fqdn == value;
|
||||
})
|
||||
cfg.locations.services;
|
||||
})
|
||||
];
|
||||
}
|
||||
|
@ -1,12 +1,9 @@
|
||||
{ pkgs, lib, config, nixpkgs-unstable, ... }:
|
||||
{ pkgs, lib, config, ... }:
|
||||
|
||||
let
|
||||
cfg = config.custom.resilio;
|
||||
in
|
||||
{
|
||||
imports = [ "${nixpkgs-unstable}/nixos/modules/services/networking/resilio.nix" ];
|
||||
disabledModules = [ "services/networking/resilio.nix" ];
|
||||
|
||||
options.custom.resilio = {
|
||||
enable = lib.mkEnableOption "resilio";
|
||||
|
||||
@ -64,5 +61,7 @@ in
|
||||
in
|
||||
builtins.map (folder: mkFolder folder.name folder.secret) cfg.folders;
|
||||
};
|
||||
|
||||
systemd.services.resilio.unitConfig.RequiresMountsFor = builtins.map (folder: "${config.services.resilio.directoryRoot}/${folder.name}") cfg.folders;
|
||||
};
|
||||
}
|
||||
|
50
modules/services/authoritative_dns.nix
Normal file
50
modules/services/authoritative_dns.nix
Normal file
@ -0,0 +1,50 @@
|
||||
{ pkgs, lib, config, ... }:
|
||||
|
||||
let
|
||||
cfg = config.custom.services.authoritative_dns;
|
||||
in
|
||||
{
|
||||
options.custom.services.authoritative_dns = {
|
||||
enable = lib.mkEnableOption "authoritative_dns";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.nsd = {
|
||||
enable = true;
|
||||
|
||||
zones = {
|
||||
"ts.hillion.co.uk" = {
|
||||
data =
|
||||
let
|
||||
makeRecords = type: s: (lib.concatStringsSep "\n" (lib.collect builtins.isString (lib.mapAttrsRecursive (path: value: "${lib.concatStringsSep "." (lib.reverseList path)} 86400 ${type} ${value}") s)));
|
||||
in
|
||||
''
|
||||
$ORIGIN ts.hillion.co.uk.
|
||||
$TTL 86400
|
||||
|
||||
ts.hillion.co.uk. IN SOA ns1.hillion.co.uk. hostmaster.hillion.co.uk. (
|
||||
1 ;Serial
|
||||
7200 ;Refresh
|
||||
3600 ;Retry
|
||||
1209600 ;Expire
|
||||
3600 ;Negative response caching TTL
|
||||
)
|
||||
|
||||
86400 NS ns1.hillion.co.uk.
|
||||
|
||||
ca 21600 CNAME sodium.pop.ts.hillion.co.uk.
|
||||
deluge.downloads 21600 CNAME tywin.storage.ts.hillion.co.uk.
|
||||
graphs.router.home 21600 CNAME router.home.ts.hillion.co.uk.
|
||||
prowlarr.downloads 21600 CNAME tywin.storage.ts.hillion.co.uk.
|
||||
radarr.downloads 21600 CNAME tywin.storage.ts.hillion.co.uk.
|
||||
restic.tywin.storage 21600 CNAME tywin.storage.ts.hillion.co.uk.
|
||||
sonarr.downloads 21600 CNAME tywin.storage.ts.hillion.co.uk.
|
||||
zigbee2mqtt.home 21600 CNAME router.home.ts.hillion.co.uk.
|
||||
|
||||
'' + (makeRecords "A" config.custom.dns.authoritative.ipv4.uk.co.hillion.ts) + "\n\n" + (makeRecords "AAAA" config.custom.dns.authoritative.ipv6.uk.co.hillion.ts);
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -2,11 +2,13 @@
|
||||
|
||||
{
|
||||
imports = [
|
||||
./authoritative_dns.nix
|
||||
./downloads.nix
|
||||
./gitea/default.nix
|
||||
./homeassistant.nix
|
||||
./mastodon/default.nix
|
||||
./matrix.nix
|
||||
./tang.nix
|
||||
./unifi.nix
|
||||
./version_tracker.nix
|
||||
./zigbee2mqtt.nix
|
||||
|
@ -29,10 +29,16 @@ in
|
||||
|
||||
virtualHosts = builtins.listToAttrs (builtins.map
|
||||
(x: {
|
||||
name = "http://${x}.downloads.ts.hillion.co.uk";
|
||||
name = "${x}.downloads.ts.hillion.co.uk";
|
||||
value = {
|
||||
listenAddresses = [ config.custom.tailscale.ipv4Addr config.custom.tailscale.ipv6Addr ];
|
||||
extraConfig = "reverse_proxy unix//${cfg.metadataPath}/caddy/caddy.sock";
|
||||
listenAddresses = [ config.custom.dns.tailscale.ipv4 config.custom.dns.tailscale.ipv6 ];
|
||||
extraConfig = ''
|
||||
reverse_proxy unix//${cfg.metadataPath}/caddy/caddy.sock
|
||||
|
||||
tls {
|
||||
ca https://ca.ts.hillion.co.uk:8443/acme/acme/directory
|
||||
}
|
||||
'';
|
||||
};
|
||||
}) [ "prowlarr" "sonarr" "radarr" "deluge" ]);
|
||||
};
|
||||
@ -132,7 +138,10 @@ in
|
||||
|
||||
script = with pkgs; "${iproute2}/bin/ip link set up lo";
|
||||
};
|
||||
networking.hosts = { "127.0.0.1" = builtins.map (x: "${x}.downloads.ts.hillion.co.uk") [ "prowlarr" "sonarr" "radarr" "deluge" ]; };
|
||||
networking = {
|
||||
nameservers = [ "1.1.1.1" "8.8.8.8" ];
|
||||
hosts = { "127.0.0.1" = builtins.map (x: "${x}.downloads.ts.hillion.co.uk") [ "prowlarr" "sonarr" "radarr" "deluge" ]; };
|
||||
};
|
||||
|
||||
services = {
|
||||
prowlarr.enable = true;
|
||||
|
@ -63,6 +63,11 @@ in
|
||||
runner = {
|
||||
capacity = 3;
|
||||
};
|
||||
cache = {
|
||||
enabled = true;
|
||||
host = "10.108.27.2";
|
||||
port = 41919;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@ -76,6 +81,8 @@ in
|
||||
chain output {
|
||||
type filter hook output priority 100; policy accept;
|
||||
|
||||
ct state { established, related } counter accept
|
||||
|
||||
ip daddr 10.0.0.0/8 drop
|
||||
ip daddr 100.64.0.0/10 drop
|
||||
ip daddr 172.16.0.0/12 drop
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ config, pkgs, lib, nixpkgs-unstable, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.custom.services.gitea;
|
||||
@ -50,9 +50,12 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
users.users.gitea.uid = config.ids.uids.gitea;
|
||||
users.groups.gitea.gid = config.ids.gids.gitea;
|
||||
|
||||
services.gitea = {
|
||||
enable = true;
|
||||
package = nixpkgs-unstable.legacyPackages.x86_64-linux.gitea;
|
||||
package = pkgs.unstable.gitea;
|
||||
mailerPasswordFile = config.age.secrets."gitea/mailer_password".path;
|
||||
|
||||
appName = "Hillion Gitea";
|
||||
@ -103,8 +106,8 @@ in
|
||||
ip6tables -A PREROUTING -t nat -i eth0 -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.sshPort}
|
||||
|
||||
# proxy locally originating outgoing packets
|
||||
iptables -A OUTPUT -d 95.217.229.104 -t nat -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.sshPort}
|
||||
ip6tables -A OUTPUT -d 2a01:4f9:4b:3953::2 -t nat -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.sshPort}
|
||||
iptables -A OUTPUT -d 138.201.252.214 -t nat -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.sshPort}
|
||||
ip6tables -A OUTPUT -d 2a01:4f8:173:23d2::2 -t nat -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.sshPort}
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
@ -44,16 +44,20 @@ in
|
||||
"bluetooth"
|
||||
"default_config"
|
||||
"esphome"
|
||||
"flux"
|
||||
"google_assistant"
|
||||
"homekit"
|
||||
"met"
|
||||
"mobile_app"
|
||||
"mqtt"
|
||||
"otp"
|
||||
"smartthings"
|
||||
"sonos"
|
||||
"sun"
|
||||
"switchbot"
|
||||
];
|
||||
customComponents = with pkgs.home-assistant-custom-components; [
|
||||
adaptive_lighting
|
||||
];
|
||||
|
||||
config = {
|
||||
default_config = { };
|
||||
@ -64,7 +68,10 @@ in
|
||||
|
||||
http = {
|
||||
use_x_forwarded_for = true;
|
||||
trusted_proxies = [ "100.96.143.138" ];
|
||||
trusted_proxies = with config.custom.dns.authoritative; [
|
||||
ipv4.uk.co.hillion.ts.cx.boron
|
||||
ipv6.uk.co.hillion.ts.cx.boron
|
||||
];
|
||||
};
|
||||
|
||||
google_assistant = {
|
||||
@ -76,6 +83,9 @@ in
|
||||
report_state = true;
|
||||
expose_by_default = true;
|
||||
exposed_domains = [ "light" ];
|
||||
entity_config = {
|
||||
"input_boolean.sleep_mode" = { };
|
||||
};
|
||||
};
|
||||
homekit = [{
|
||||
filter = {
|
||||
@ -85,25 +95,19 @@ in
|
||||
|
||||
bluetooth = { };
|
||||
|
||||
switch = [
|
||||
{
|
||||
platform = "flux";
|
||||
start_time = "07:00";
|
||||
stop_time = "23:59";
|
||||
mode = "mired";
|
||||
disable_brightness_adjust = true;
|
||||
lights = [
|
||||
"light.bedroom_lamp"
|
||||
"light.bedroom_light"
|
||||
"light.cubby_light"
|
||||
"light.desk_lamp"
|
||||
"light.hallway_light"
|
||||
"light.living_room_lamp"
|
||||
"light.living_room_light"
|
||||
"light.wardrobe_light"
|
||||
];
|
||||
}
|
||||
];
|
||||
adaptive_lighting = {
|
||||
lights = [
|
||||
"light.bedroom_lamp"
|
||||
"light.bedroom_light"
|
||||
"light.cubby_light"
|
||||
"light.desk_lamp"
|
||||
"light.hallway_light"
|
||||
"light.living_room_lamp"
|
||||
"light.living_room_light"
|
||||
"light.wardrobe_light"
|
||||
];
|
||||
min_sunset_time = "21:00";
|
||||
};
|
||||
|
||||
light = [
|
||||
{
|
||||
@ -111,12 +115,9 @@ in
|
||||
lights = {
|
||||
bathroom_light = {
|
||||
unique_id = "87a4cbb5-e5a7-44fd-9f28-fec2d6a62538";
|
||||
value_template = "on";
|
||||
value_template = "{{ false if state_attr('script.bathroom_light_switch_if_on', 'last_triggered') > states.sensor.bathroom_motion_sensor_illuminance_lux.last_reported else states('sensor.bathroom_motion_sensor_illuminance_lux') | int > 500 }}";
|
||||
turn_on = { service = "script.noop"; };
|
||||
turn_off = {
|
||||
service = "switch.turn_on";
|
||||
entity_id = "switch.bathroom_light";
|
||||
};
|
||||
turn_off = { service = "script.bathroom_light_switch_if_on"; };
|
||||
};
|
||||
};
|
||||
}
|
||||
@ -145,6 +146,13 @@ in
|
||||
}
|
||||
];
|
||||
|
||||
input_boolean = {
|
||||
sleep_mode = {
|
||||
name = "Set house to sleep mode";
|
||||
icon = "mdi:sleep";
|
||||
};
|
||||
};
|
||||
|
||||
# UI managed expansions
|
||||
automation = "!include automations.yaml";
|
||||
script = "!include scripts.yaml";
|
||||
|
@ -41,6 +41,10 @@ in
|
||||
owner = "matrix-synapse";
|
||||
group = "matrix-synapse";
|
||||
};
|
||||
|
||||
"matrix/matrix.hillion.co.uk/syncv3_secret" = {
|
||||
file = ../../secrets/matrix/matrix.hillion.co.uk/syncv3_secret.age;
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
@ -76,8 +80,8 @@ in
|
||||
x_forwarded = true;
|
||||
bind_addresses = [
|
||||
"::1"
|
||||
config.custom.tailscale.ipv4Addr
|
||||
config.custom.tailscale.ipv6Addr
|
||||
config.custom.dns.tailscale.ipv4
|
||||
config.custom.dns.tailscale.ipv6
|
||||
];
|
||||
resources = [
|
||||
{
|
||||
@ -114,6 +118,15 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
matrix-sliding-sync = {
|
||||
enable = true;
|
||||
environmentFile = config.age.secrets."matrix/matrix.hillion.co.uk/syncv3_secret".path;
|
||||
settings = {
|
||||
SYNCV3_SERVER = "https://matrix.hillion.co.uk";
|
||||
SYNCV3_BINDADDR = "[::]:8009";
|
||||
};
|
||||
};
|
||||
|
||||
heisenbridge = lib.mkIf cfg.heisenbridge {
|
||||
enable = true;
|
||||
owner = "@jake:hillion.co.uk";
|
||||
|
20
modules/services/tang.nix
Normal file
20
modules/services/tang.nix
Normal file
@ -0,0 +1,20 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.custom.services.tang;
|
||||
in
|
||||
{
|
||||
options.custom.services.tang = {
|
||||
enable = lib.mkEnableOption "tang";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.tang = {
|
||||
enable = true;
|
||||
ipAddressAllow = [
|
||||
"138.201.252.214/32"
|
||||
"10.64.50.20/32"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
@ -10,20 +10,14 @@ in
|
||||
dataDir = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "/var/lib/unifi";
|
||||
readOnly = true; # NixOS module only supports this directory
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
users.users.unifi = {
|
||||
uid = config.ids.uids.unifi;
|
||||
isSystemUser = true;
|
||||
group = "unifi";
|
||||
description = "UniFi controller daemon user";
|
||||
home = "${cfg.dataDir}";
|
||||
};
|
||||
users.groups.unifi = {
|
||||
gid = config.ids.gids.unifi;
|
||||
};
|
||||
# Fix dynamically allocated user and group ids
|
||||
users.users.unifi.uid = config.ids.uids.unifi;
|
||||
users.groups.unifi.gid = config.ids.gids.unifi;
|
||||
|
||||
services.caddy = {
|
||||
enable = true;
|
||||
@ -38,21 +32,9 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
virtualisation.oci-containers.containers = {
|
||||
"unifi" = {
|
||||
image = "lscr.io/linuxserver/unifi-controller:8.0.24-ls221";
|
||||
environment = {
|
||||
PUID = toString config.ids.uids.unifi;
|
||||
PGID = toString config.ids.gids.unifi;
|
||||
TZ = "Etc/UTC";
|
||||
};
|
||||
volumes = [ "${cfg.dataDir}:/config" ];
|
||||
ports = [
|
||||
"8080:8080"
|
||||
"8443:8443"
|
||||
"3478:3478/udp"
|
||||
];
|
||||
};
|
||||
services.unifi = {
|
||||
enable = true;
|
||||
unifiPackage = pkgs.unifi8;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -23,7 +23,7 @@ in
|
||||
enable = true;
|
||||
|
||||
virtualHosts."http://zigbee2mqtt.home.ts.hillion.co.uk" = {
|
||||
listenAddresses = [ config.custom.tailscale.ipv4Addr config.custom.tailscale.ipv6Addr ];
|
||||
listenAddresses = [ config.custom.dns.tailscale.ipv4 config.custom.dns.tailscale.ipv6 ];
|
||||
extraConfig = "reverse_proxy http://127.0.0.1:15606";
|
||||
};
|
||||
};
|
||||
|
@ -1,7 +1,20 @@
|
||||
{ pkgs, lib, config, ... }:
|
||||
|
||||
let
|
||||
cfg = config.custom.shell;
|
||||
in
|
||||
{
|
||||
config = {
|
||||
imports = [
|
||||
./update_scripts.nix
|
||||
];
|
||||
|
||||
options.custom.shell = {
|
||||
enable = lib.mkEnableOption "shell";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
custom.shell.update_scripts.enable = true;
|
||||
|
||||
users.defaultUserShell = pkgs.zsh;
|
||||
|
||||
environment.systemPackages = with pkgs; [ direnv ];
|
@ -1,6 +1,8 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.custom.shell.update_scripts;
|
||||
|
||||
update = pkgs.writeScriptBin "update" ''
|
||||
#! ${pkgs.runtimeShell}
|
||||
set -e
|
||||
@ -50,7 +52,11 @@ let
|
||||
'';
|
||||
in
|
||||
{
|
||||
config = {
|
||||
options.custom.shell.update_scripts = {
|
||||
enable = lib.mkEnableOption "update_scripts";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = [
|
||||
update
|
||||
];
|
@ -1,25 +0,0 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
|
||||
{
|
||||
config.age.secrets."spotify/11132032266" = {
|
||||
file = ../../secrets/spotify/11132032266.age;
|
||||
owner = "jake";
|
||||
};
|
||||
|
||||
config.hardware.pulseaudio.enable = true;
|
||||
|
||||
config.users.users.jake.extraGroups = [ "audio" ];
|
||||
config.users.users.jake.packages = with pkgs; [ spotify-tui ];
|
||||
|
||||
config.home-manager.users.jake.services.spotifyd = {
|
||||
enable = true;
|
||||
settings = {
|
||||
global = {
|
||||
username = "11132032266";
|
||||
password_cmd = "cat ${config.age.secrets."spotify/11132032266".path}";
|
||||
backend = "pulseaudio";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
55
modules/ssh/default.nix
Normal file
55
modules/ssh/default.nix
Normal file
@ -0,0 +1,55 @@
|
||||
{ pkgs, lib, config, ... }:
|
||||
|
||||
let
|
||||
cfg = config.custom.ssh;
|
||||
in
|
||||
{
|
||||
options.custom.ssh = {
|
||||
enable = lib.mkEnableOption "ssh";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
users.users =
|
||||
if config.custom.user == "jake" then {
|
||||
"jake".openssh.authorizedKeys.keys = [
|
||||
"sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBBwJH4udKNvi9TjOBgkxpBBy7hzWqmP0lT5zE9neusCpQLIiDhr6KXYMPXWXdZDc18wH1OLi2+639dXOvp8V/wgAAAAEc3NoOg== jake@beryllium-keys"
|
||||
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOt74U+rL+BMtAEjfu/Optg1D7Ly7U+TupRxd5u9kfN7oJnW4dJA25WRSr4dgQNq7MiMveoduBY/ky2s0c9gvIA= jake@jake-gentoo"
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC0uKIvvvkzrOcS7AcamsQRFId+bqPwUC9IiUIsiH5oWX1ReiITOuEo+TL9YMII5RyyfJFeu2ZP9moNuZYlE7Bs= jake@jake-mbp"
|
||||
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAyFsYYjLZ/wyw8XUbcmkk6OKt2IqLOnWpRE5gEvm3X0V4IeTOL9F4IL79h7FTsPvi2t9zGBL1hxeTMZHSGfrdWaMJkQp94gA1W30MKXvJ47nEVt0HUIOufGqgTTaAn4BHxlFUBUuS7UxaA4igFpFVoPJed7ZMhMqxg+RWUmBAkcgTWDMgzUx44TiNpzkYlG8cYuqcIzpV2dhGn79qsfUzBMpGJgkxjkGdDEHRk66JXgD/EtVasZvqp5/KLNnOpisKjR88UJKJ6/buV7FLVra4/0hA9JtH9e1ecCfxMPbOeluaxlieEuSXV2oJMbQoPP87+/QriNdi/6QuCHkMDEhyGw== jake@jake-mbp"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw4lgH20nfuchDqvVf0YciqN0GnBw5hfh8KIun5z0P7wlNgVYnCyvPvdIlGf2Nt1z5EGfsMzMLhKDOZkcTMlhupd+j2Er/ZB764uVBGe1n3CoPeasmbIlnamZ12EusYDvQGm2hVJTGQPPp9nKaRxr6ljvTMTNl0KWlWvKP4kec74d28MGgULOPLT3HlAyvUymSULK4lSxFK0l97IVXLa8YwuL5TNFGHUmjoSsi/Q7/CKaqvNh+ib1BYHzHYsuEzaaApnCnfjDBNexHm/AfbI7s+g3XZDcZOORZn6r44dOBNFfwvppsWj3CszwJQYIFeJFuMRtzlC8+kyYxci0+FXHn jake@jake-gentoo"
|
||||
];
|
||||
} else { };
|
||||
|
||||
programs.mosh.enable = true;
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
|
||||
settings = {
|
||||
PermitRootLogin = "no";
|
||||
PasswordAuthentication = false;
|
||||
};
|
||||
};
|
||||
|
||||
programs.ssh.knownHosts = {
|
||||
# Global Internet hosts
|
||||
"ssh.gitea.hillion.co.uk".publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxQpywsy+WGeaEkEL67xOBL1NIE++pcojxro5xAPO6VQe2N79388NRFMLlX6HtnebkIpVrvnqdLOs0BPMAokjaWCC4Ay7T/3ko1kXSOlqHY5Ye9jtjRK+wPHMZgzf74a3jlvxjrXJMA70rPQ3X+8UGpA04eB3JyyLTLuVvc6znMe53QiZ0x+hSz+4pYshnCO2UazJ148vV3htN6wRK+uqjNdjjQXkNJ7llNBSrvmfrLidlf0LRphEk43maSQCBcLEZgf4pxXBA7rFuZABZTz1twbnxP2ziyBaSOs7rcII+jVhF2cqJlElutBfIgRNJ3DjNiTcdhNaZzkwJ59huR0LUFQlHI+SALvPzE9ZXWVOX/SqQG+oIB8VebR52icii0aJH7jatkogwNk0121xmhpvvR7gwbJ9YjYRTpKs4lew3bq/W/OM8GF/FEuCsCuNIXRXKqIjJVAtIpuuhxPymFHeqJH3wK3f6jTJfcAz/z33Rwpow2VOdDyqrRfAW8ti73CCnRlN+VJi0V/zvYGs9CHldY3YvMr7rSd0+fdGyJHSTSRBF0vcyRVA/SqSfcIo/5o0ssYoBnQCg6gOkc3nNQ0C0/qh1ww17rw4hqBRxFJ2t3aBUMK+UHPxrELLVmG6ZUmfg9uVkOoafjRsoML6DVDB4JAk5JsmcZhybOarI9PJfEQ==";
|
||||
|
||||
# Tailscale hosts
|
||||
"boron.cx.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDtcJ7HY/vjtheMV8EN2wlTw1hU53CJebGIeRJcSkzt5";
|
||||
"be.lt.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILV3OSUT+cqFqrFHZGfn7/xi5FW3n1qjUFy8zBbYs2Sm";
|
||||
"dancefloor.dancefloor.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEXkGueVYKr2wp/VHo2QLis0kmKtc/Upg3pGoHr6RkzY";
|
||||
"gendry.jakehillion.terminals.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPXM5aDvNv4MTITXAvJWSS2yvr/mbxJE31tgwJtcl38c";
|
||||
"homeassistant.homeassistant.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM2ytacl/zYXhgvosvhudsl0zW5eQRHXm9aMqG9adux";
|
||||
"li.pop.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQWgcDFL9UZBDKHPiEGepT1Qsc4gz3Pee0/XVHJ6V6u";
|
||||
"microserver.home.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPPOCPqXm5a+vGB6PsJFvjKNgjLhM5MxrwCy6iHGRjXw";
|
||||
"router.home.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAlCj/i2xprN6h0Ik2tthOJQy6Qwq3Ony73+yfbHYTFu";
|
||||
"sodium.pop.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQmG7v/XrinPmkTU2eIoISuU3+hoV4h60Bmbwd+xDjr";
|
||||
"theon.storage.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN59psLVu3/sQORA4x3p8H3ei8MCQlcwX5T+k3kBeBMf";
|
||||
"tywin.storage.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGATsjWO0qZNFp2BhfgDuWi+e/ScMkFxp79N2OZoed1k";
|
||||
};
|
||||
programs.ssh.knownHostsFiles = [ ./github_known_hosts ];
|
||||
};
|
||||
}
|
@ -1,65 +0,0 @@
|
||||
{ pkgs, lib, config, ... }:
|
||||
|
||||
let
|
||||
cfg = config.custom.tailscale;
|
||||
in
|
||||
{
|
||||
options.custom.tailscale = {
|
||||
enable = lib.mkEnableOption "tailscale";
|
||||
|
||||
preAuthKeyFile = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
};
|
||||
|
||||
advertiseRoutes = lib.mkOption {
|
||||
type = with lib.types; listOf str;
|
||||
default = [ ];
|
||||
};
|
||||
|
||||
advertiseExitNode = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
};
|
||||
|
||||
ipv4Addr = lib.mkOption { type = lib.types.str; };
|
||||
ipv6Addr = lib.mkOption { type = lib.types.str; };
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.tailscale ];
|
||||
|
||||
services.tailscale.enable = true;
|
||||
|
||||
networking.firewall.checkReversePath = lib.mkIf cfg.advertiseExitNode "loose";
|
||||
|
||||
systemd.services.tailscale-autoconnect = {
|
||||
description = "Automatic connection to Tailscale";
|
||||
|
||||
# make sure tailscale is running before trying to connect to tailscale
|
||||
after = [ "network-pre.target" "tailscale.service" ];
|
||||
wants = [ "network-pre.target" "tailscale.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
# set this service as a oneshot job
|
||||
serviceConfig.Type = "oneshot";
|
||||
|
||||
# have the job run this shell script
|
||||
script = with pkgs; ''
|
||||
# wait for tailscaled to settle
|
||||
sleep 2
|
||||
|
||||
# check if we are already authenticated to tailscale
|
||||
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
|
||||
if [ $status = "Running" ]; then # if so, then do nothing
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# otherwise authenticate with tailscale
|
||||
${tailscale}/bin/tailscale up \
|
||||
--authkey "$(<${cfg.preAuthKeyFile})" \
|
||||
--advertise-routes "${lib.concatStringsSep "," cfg.advertiseRoutes}" \
|
||||
--advertise-exit-node=${if cfg.advertiseExitNode then "true" else "false"}
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
@ -33,6 +33,11 @@ in
|
||||
|
||||
services.caddy = {
|
||||
enable = true;
|
||||
package = pkgs.unstable.caddy;
|
||||
|
||||
globalConfig = ''
|
||||
email acme@hillion.co.uk
|
||||
'';
|
||||
|
||||
virtualHosts = {
|
||||
"hillion.co.uk".extraConfig = ''
|
||||
@ -42,7 +47,10 @@ in
|
||||
header /.well-known/matrix/* Access-Control-Allow-Origin *
|
||||
|
||||
respond /.well-known/matrix/server "{\"m.server\": \"matrix.hillion.co.uk:443\"}" 200
|
||||
respond /.well-known/matrix/client `{"m.homeserver":{"base_url":"https://matrix.hillion.co.uk"}}`
|
||||
respond /.well-known/matrix/client `${builtins.toJSON {
|
||||
"m.homeserver" = { "base_url" = "https://matrix.hillion.co.uk"; };
|
||||
"org.matrix.msc3575.proxy" = { "url" = "https://matrix.hillion.co.uk"; };
|
||||
}}` 200
|
||||
|
||||
respond 404
|
||||
}
|
||||
@ -65,6 +73,7 @@ in
|
||||
reverse_proxy http://${locations.services.gitea}:3000
|
||||
'';
|
||||
"matrix.hillion.co.uk".extraConfig = ''
|
||||
reverse_proxy /_matrix/client/unstable/org.matrix.msc3575/sync http://${locations.services.matrix}:8009
|
||||
reverse_proxy /_matrix/* http://${locations.services.matrix}:8008
|
||||
reverse_proxy /_synapse/client/* http://${locations.services.matrix}:8008
|
||||
'';
|
||||
|
@ -4,7 +4,21 @@
|
||||
},
|
||||
"lockFileMaintenance": {
|
||||
"enabled": true,
|
||||
"rebaseWhen": "behind-base-branch",
|
||||
"schedule": ["* 2-5 * * *"]
|
||||
}
|
||||
},
|
||||
"rebaseWhen": "behind-base-branch",
|
||||
"packageRules": [
|
||||
{
|
||||
"matchManagers": ["github-actions"],
|
||||
"automerge": true,
|
||||
"schedule": [
|
||||
"after 11pm on Monday",
|
||||
"after 11pm on Thursday"
|
||||
]
|
||||
}
|
||||
],
|
||||
"extends": [
|
||||
"config:recommended",
|
||||
"helpers:pinGitHubActionDigests"
|
||||
]
|
||||
}
|
||||
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
19
secrets/gitea/actions/boron.age
Normal file
19
secrets/gitea/actions/boron.age
Normal file
@ -0,0 +1,19 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-rsa GxPFJQ
|
||||
O6XXkSIScAPiHbBj6VDHrAzbZjossHPW2AQJtQKkrUmERLABYIZuYFJHk9yH2q2W
|
||||
uBdO/jKN8slQ/7fzKMRu/1EKNRscc1ufgrCCDWdZicdNPSy7948dx+mVK0ass/US
|
||||
jnPgn75erR+KLsi8/yNJc12mx6onvVFE0mxFihZobiEdt7FcjSFCV9k2pPtN+1TK
|
||||
5bKpjyodla+KwSXMGDH7jttvMFXtX5NKda4nYNOM1fHwQ5XCdLti67txcn2y85LV
|
||||
fuo9Pzu++o6aFOalfufKyflOh8Vk3RrBwCDK81e+YLMVjSGv4ZsiTp5O+sI8dBwR
|
||||
BqftVb523V4L3FhksG/e7Q
|
||||
-> ssh-rsa K9mW1w
|
||||
xUjF7ctBetl6as6/N1dVa+Zkg8EOfOILOMzCNUQVGStJ0cEeC3vi54xwoTxnZqX8
|
||||
n2f6wsgcZP203MBX5YJTw8w80WN8WPNYM8IZxdrcSNNuOrPJQbJZkikYGOg8z9/g
|
||||
7zaSotrxcHrHYR2DM/qsQJRYNQgZn7AKviEPwDNSkiGHzolIHRuAi+e2M891/DzA
|
||||
k4X5VsYGusM3Lo9ABZvNzX0MEnLxtStl3TwW4i4MgWts4rjcjBAp5ybZPrQLgMf6
|
||||
M//FNwBXv2adLSC8oUiTWYKB5l5sTmjNawp1FED3T9WvesKWNY0Tm4KrqJA+Ul2Z
|
||||
8aoxg/TCjuuypTIaEPm2aQ
|
||||
-> ssh-ed25519 iWiFbA Zl3LbVd8MHnlj1t4LuAcH13UVwHSJb/wSacM5BkTKHY
|
||||
vwJ4d2obJPXkgOn44+beKbiKR+qnKvFgkOvotwPDJK8
|
||||
--- 2q02v2RlVgBjT3qCe2nAXft976YYbr80qtjw3N9i8Vs
|
||||
Ł×?ŢëČ׍[ĺÔ=GľMI(ět¸?ÄÄo⼍/s˝ź¨P}ř™Ńvr,_ţ3×ĂňîÂjŮDJ/;‰ĺdŤut˘;ä‰@+˛
|
@ -1,19 +0,0 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-rsa GxPFJQ
|
||||
IULcxHpUsH6OI4cfixNPM89VJNcVkK+Z8IpgjzRspSyKc5N7jox6DYSbcuPsjGs7
|
||||
aS2JYOKOx4hYW9aL3B+tef2I24+NzMDTCT31g9gvuLA0wSMWBoFwVodPbfj1ekHy
|
||||
wDUK5XrgyJtFrwTrvuklGYpb/qIEG//k7M/342C9QqfNesv9nULQ6P7+r7jJvxIW
|
||||
sOo6qWHFqD/wIiwtLYiX3pOWC6m91L1QNGVh+9/t58YU8RLsgLm2+2vyg13mKya1
|
||||
UktTKZbhgRXyUJb7h+vVgDKjAnwqnIDL8asCSDuoSRDBcCxwgSpTDOxAEn9X2oJx
|
||||
6S3JLQDhWLlIYrqmVT1aGg
|
||||
-> ssh-rsa K9mW1w
|
||||
hbVlu640hhzR9rJi4b+1c+/V+EilbmwWaNzV7/0+a9BQusTf413hffhk8QXvuze8
|
||||
04LuVctZW5L5B1eOCIeziHc6F5CyAjTsaEDM8SeKGmFjKccjdcSUdbsql87KR5Id
|
||||
/drK41oNA6NlmWrLz3YaSz7A9F+B5lgsJDWgXhMFK3Hru8+gnBQPXkwT/IuQLWI1
|
||||
sXhJN/dHrBsQ5Cc+fRO7/r6u3jiQ1DOS85qQHStsYYXqea0pfiu5wpPdGZVuECwa
|
||||
/R3+ov1JOTK4T3W8TIqOU9ODJxWT697Nv64c8dV3Hq5ymEKkvmZpp1C1/QoCW2EY
|
||||
Nk7PF5zM95SM/IdECQjJGQ
|
||||
-> ssh-ed25519 Qo6/7A 3gQq8TrBY/7Evlu+q6awqBFjG9m5b7ED+dolo8CJCE4
|
||||
JdbLYPo875DQyocjOaVmWQPdgWssuz/T6DJNqgFF020
|
||||
--- 0si8/IY1PiYgcmtTFDqu0cj7dW6DFqvgirY0tiSZfdA
|
||||
ûÈA©®¦£Ž®¬(]ý¸’7£ÆüùÙÚqp0<70>„5Èc“ý$$æW|ß%`§/uXûɈ\~â!åléedäþDg˜ .<2E>i•]§§)l>EÌ
|
Binary file not shown.
@ -1,19 +1,19 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-rsa GxPFJQ
|
||||
gDF6kKcuWAKwIhdnB7zav8ZXdHEuq+4yYVc0ZOmpXpiRReo8yVgAcDcMIt5Wkfjk
|
||||
9quZWwFal2YZ9YH7HhG4vXVxzgL0s7oQfnzjsBwVO9lE/hly5gL9TqGY4fjuVv6Q
|
||||
kBbp+JaogGv6RsHVajNWNto1qKNJWB8JyewnIdZOVRHee21u/a3qRMHuyRhIeiWR
|
||||
QLMXxJxdvdgaCUjXMyOgMifsdklK/12kuRb6cTp9Zg+LzMUVloROSbhzofLUtjST
|
||||
GnJR8qKDIDAG6XIzi4+/VZCcHRA/NEAs965GQrK/qyvyTcFW6BUwuoHMq3Ia/9jM
|
||||
K+hgOULnfi+jIDw5U0HJKQ
|
||||
EpPN7UHHRuytMr2vXy9CHzjVkH1iCt9LiTLhFsqXbL03Rk+X82q233Lm12f0sQvz
|
||||
Hqjukkh9bU90TLKcEOFpKrU5FQwKUjzEy85A+4UoovWdJ8VwACOzoJf29Ys1bX3i
|
||||
Xp4gUT7ne5+4afNwKXVFDS1YCPjIoQPu2cGw6iTNIYwVY5fNxz5y5ZHLkI9lOqJD
|
||||
mT7jCgLLdkK8vJiDcu4Ofr21GaziQh93YXK69i3gyAt6pqSRyQdAfhMGkykOWdrO
|
||||
FXMtpzT82UCvfbFbbRCRuSFga0uq5zx2cwvBD4Xagw8Dfg9RQO0rX9NAbbgcoyfG
|
||||
qnk+0bYAk3pWfdXW9Z/psQ
|
||||
-> ssh-rsa K9mW1w
|
||||
TJKNczUv82J3W4sXH76qPmijKcOjvpLvZC7rKf85zBr2fdgOtXzXULQbFhW3l6gs
|
||||
V50Lkw3gwSBC6ckWWKqfJkSxqWgAQumy5/5yZc9zqnNDJPXCaBEOkz3IL43Eu13V
|
||||
4AihecOthSqFkfr1VsrllDckANsTse1Md/p8XDHOpNr/wyUHKRuFKnBmTG7nV2Ja
|
||||
3sqOmI9RzIArUHY868ecGqPrZXWR72vqZJ3twtivq6aQI9mTw+98VPZeAUZVSMVf
|
||||
5T7Z0XGfA3O5x8KDAtHcqUMA87vZ/NwsAHxsy7F64u4yaihIvG+8EQDmkGEP/7eG
|
||||
lPijgnL0SUte+Df3/wXt7Q
|
||||
-> ssh-ed25519 Qo6/7A 7U/6Bj8AWyHKrCZ38LOyUSr/d4HOUXPqT0FoID0ON1A
|
||||
3jqYYywJlhN/i7QuXBWb0kajeZcZyBnNXpUWCMf9Kzc
|
||||
--- pPjt0YCs2Wah1kyAp2qLbL9Q2z/K16jv4DJXAO7x2NU
|
||||
-õ?ùÌQ5©`Y›_ËÐŒ§þ£5†È,u¶.:…ÅÊ»AžoTc¿”p°ûNÝá·F[äX¿‹°‘†’f<E28099>³‘4§ê•¡ÄGs©¿
|
||||
NaR245c+88dGflT9cG73bQOBxQsVi5x8JkMTrqjabzwzHpRiBUdtP+Ou1w+klOI4
|
||||
cv1RLngEZH9jsSiEdvpvRkzE2ILOR/abgABXZi/4vl7iXiC8T23QSOPXnMxrAgpH
|
||||
RV9B3GcSClb70+Lf3pJtPBVHVENhFVFvj5JgxQ2Zi6eMpcMuL18r/Szn4erk8zXQ
|
||||
330oEau80X6WoPtRaSqSxVRrMGecGHdIE9chLosCf1x8CgIcYBTtviky+fDQMkKZ
|
||||
iwueW1luuBj1AuP33jUqjeyyMaJ6SqSmaxGqGHGXA/ayxF8HnHU9AJlhPH+tEEbs
|
||||
84Xu2vwg9ikUz7B1tTBYeA
|
||||
-> ssh-ed25519 iWiFbA CuUeGNUBc5K+AkXBRvp7SUTJNoMDW0bWRnYs3ZhFSGM
|
||||
UwwyxNA2L9q6yYK+BqYcqOq6F5CF+iCUpuceWsEj7ck
|
||||
--- 3XKIweSg0UFqbadbOP0APwaLyquaEdoanlvndvxcQkk
|
||||
ßüu_śnTx#H-7<>‰yó—Îç<>¨—B„ô»uµŐÉîj<C3AE>ZHĐ'&÷_đś#‘ľĽ3ŕHÍ˝0‘f
šBęą×Ö™ýčÂLĽî–z
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -1,21 +1,19 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-rsa GxPFJQ
|
||||
j36S9K1vUFeNZxh1l1dea+8KqzTnLqR3beGzDGmPSljkTPZrRs9MSsSwuAsH01Zh
|
||||
95mfzFBvw3y7yGWgcW0NyGeiZ/NGvqYzuplqJbCXf/5Zwt9fnwGiWqIUZK3pGDvt
|
||||
bEoJwfdTPPGgGH6egm/n+uZw7HuHklJtDwygh5wQobhsfu+q44JeaaC6Dg8Iu0Fs
|
||||
ZNj2tJ1LIts0bsmevnJveOTXNq3TcHsPP1E3kYCt8OPEfPjx5Y2Ajba+VmDATDN/
|
||||
5e6ncNOX5viA/DnlfL1Kx+1kf8A1wKJSNnCd0zPIDhDlagdcbd88CXdQPmPUuesD
|
||||
qdUDplc+FjnCxkWrJPHnnQ
|
||||
oP+PAtaEFPKwY/p94ofdBlLtCJDzaOkE7jblE4COKCp6NcfjUot7a7G2rSzG3Z9A
|
||||
cF3HcuKsMrG2Tth4ElBB0nwfaXUJZOBO3nrZaU0RGBBkxqooDVV2LzA+NG0HpIZ6
|
||||
8Rd/Ch621gaBDYbSNFKLx5pAotqsARt13BMVY9nuifNGmWAamZ5UsJwZ/OhxKC5i
|
||||
bkFZGeHZm4tilpsBEnh99PxofQmFy52AQhpx2UZETaD7yXvyEQjN9yBVKGhwA8Xs
|
||||
xIRZLVgCbMv5lroYChpj/SiuoNhuaLo+05+3r5JnL/ODEl2dYZHkr2fAo31QUPnr
|
||||
kmir2Nwoq4MlNELjQvSfdQ
|
||||
-> ssh-rsa K9mW1w
|
||||
Fkzo4emHSiZilicSPgihNC9DjuNMih0pG9gjPJFeL6z3i8vzb2Wlr47Hs3RX8ccd
|
||||
GUu97/g6Pk71STbZpq0J694lZLlzRrQiAoRD+nvbwDyiY4NThkWGwJyrK5YVsXb9
|
||||
Tn8koBMyWAl173UZBfX9/tZbV/BgibajNYYUSOYqGPTtKMO2iwZi/f5vNP2Ss9Xn
|
||||
a6xV3A9uJ0iQd1HFXxDqoy66KsP4cJX7U+cV4jPp0dcdAY/umgVcWnhAVRISiP0f
|
||||
qLMEW6g63MXeJqij1vVl3WhEXqa4AZHGMGuHbWfuRhES8TVVxkslh6S1HnrbQq8Q
|
||||
5x0sR+jPHIHk2ZJ3QLWQsQ
|
||||
-> ssh-ed25519 Qo6/7A AgI2XGB68qmD4HsNzLJlGMOI8RHag/CyOOPgJNZ5Vgc
|
||||
Oqto0uatJOeVEY6ON8jJIbNkGy96KJOW/HHvKqkKT0A
|
||||
-> eG853-grease Pw3j" PcU:Uj0
|
||||
qf1JY7M0YjgzXs73vuw/gwnTut46
|
||||
--- 1wceU1/J0KK3A4H2iTKGpPIGIv6rbawHYerjWYeNYRA
|
||||
+aäyz_¥ªì‹e¹¶_üJ=‘¼VÌ—Dâ„4n¤WÉ4òàv…‹ø%<25>ÿ=Äá>;lAôv–a~Á×ä__Á‰z¿ìˆ½U2=U?”šéÉXëj½d%1äj‚Gì»Mk·ÕÉ’#’ª²—^ø*Új‹–y§¦î¥<C3AE>+Š
|
||||
GVNgJY5cse7GnU0UpgfBT2a8Ev0KeFC+Tfvj8Jd7Wgu7pYv/DlwIumJN2NcmU76S
|
||||
zW1Z6we+Fs4DO83v+4Bug4d+m7oUbKxbUfgIDE4MDEkc4B/XUKv0Ex1VaO4lGh6h
|
||||
0lRF4PO22OjyO4TT4tkLZgTAStq/vS20GhluEdVPp2ovSsn7KYLwmx81iBnfNDbm
|
||||
0uEKAE2dj01BHSiRZ1rVj9OnTacrRpzp6mbVJxZqkUMJ+A/tMp1B7eTjWiGhUUGs
|
||||
+de52Ba/ww1jM0BmbdemWS5SA1Kch1ttgnSFKIh24tYyRxX4AVsuYqPkIuH8+W4O
|
||||
Jh0387AJaR+3+Tvweo88Tw
|
||||
-> ssh-ed25519 iWiFbA xx3oYrX6/Z1srbxmAztZV5AJgYZn20UMvRnn4qrSoAU
|
||||
98oe26dqhSE3eET7hwdV/jJTVu2ldBiZ6ysabwK97Co
|
||||
--- qrw4HhyaHrpDmws4EoABLFF3HU30AaZFCt4qHKo6gUM
|
||||
OnÄCfIÚìQÿlµç@‡?:5¸• <09>Öm*63ÿgt‚jhšÁÛïÖA‘8^;TÓx%;O»·»×ß׶Yoé‚G¢€,mïÞÜ â¥ ®Éîs8Pƒ
òR«–\nòXA÷·w‚‹;—ÚXRMÛù2–´òFÏ
|
@ -1,22 +1,20 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-rsa GxPFJQ
|
||||
PcYDtUs6evvvrjU3cZxaEoj62lvEyRQI4aGvGFK+6E/5ROwjBsyv7g6ClxDOICNU
|
||||
CUHzDYtbepFIycvqGGm/TDk2ZDknjpcef/pC2MjlPk+WZDkTx2MeNQs6uk8fNvS5
|
||||
6Ppw3CvdiABcx3NFUrgh/N1NKsvgGCR621q/AkyjodUdjWwTxYbr3XnZVA1J+S6M
|
||||
Nj+1RGYGBRGvUYcC7JIqArLZaCjDyXlyExtlCzlux8jUtblEBBmuwDYjMjUNE4fB
|
||||
Qq7D0RZW1AiaMqiFuzB03l9+n+NzYtmWHDWpgZcp1mbTWEaGWvfSI1xxULjp89Hx
|
||||
+3GopFzQpknChP+KIGWCIA
|
||||
XtQerUqo59DoCzMSSbYWK1fZR5uPzA20NJcpZ8YOCD2cPJvGiSN4ePnPLSSnyUAV
|
||||
ei45c6sdRRRZEKcq/uabTWPqk1xymKv4CrLn4FjS9VviKNYW0p+oo0J9ummwE6sa
|
||||
/REKRIQRrsP1HwSO0gaq6CQEyGr9NouybuDDS5AIGpvaRV9+F1Htc/Um5JmsGaeC
|
||||
aUBSJdZGnUajg/NN+QBlhhndT1PevFNKaviOJB4ghZUv8V89KZUhZMLuWQHVSr6D
|
||||
fPQLXCI7mDjv82rydG5NWzE3OiMycLlt3AXWE97G4dhrtQGMPb3KDeGaY2mXBQ5G
|
||||
Qq+myMZJqx9LbQWPyBgLgQ
|
||||
-> ssh-rsa K9mW1w
|
||||
ioNuiJFlFdVWMmAHlocThTlQYIn0m9I85WZjtbXbBGaV6B7WPVJOAfj8dsKAx2a+
|
||||
E8kq3Ffc1iNfcnw5gBb9X9zXReyi1cdSsdjwJS8Wew2was3rcbcRBh4cL+bzZ1U5
|
||||
BOkUqWo8lF1PNf/oJyjK3y07br8EKcjDTMs+n3AkjGTLyyP2Li2ZwzCHCoKgyHxf
|
||||
COcFAFWQdli4fZon9KjZ+Je4UtPtyDEKUUZxZMxXsXd4OTs/cpaFpzrl7MpB2Qdg
|
||||
31x0SQbY7Vt7+88yFoE55NmTTDPtIj9A38xSn9HBGHDl8+nftXTnkoQa+E2gJ2V0
|
||||
LYeWbozz2zFUQiUsQhM72A
|
||||
-> ssh-ed25519 Qo6/7A h+m0fzmo6DpdSejGvgcrYIuQFM0My3X+Vk4XvwlRyDg
|
||||
fWmR5VvANbi8P2zouqz66lxx61YzcW9R6wQLZvh3Y48
|
||||
-> Z#,x-grease ~ts
|
||||
zKs31SssQzG0GYI+xfHhfC+0
|
||||
--- Aa0oGbJedOyry0m22fwH+VY5koBC2NO7o4OwIQe6YlY
|
||||
4´ž-v°OÊ?È
|
||||
n.dýçCèµD«Þ,Ï+kr½>¿ÖdiØþÕáý8ŒÉøŸ³å4
|
||||
QjWGmW/CSl1+xidbzQ7rBjPI9gphRAqC9j4dTsQmK48WlnlG9fAX1w7s8zJI287c
|
||||
VwtOndfP/yYe8zj14IB0bn/efJ4s9DXS1toSVHhHMXGRYNx4LZJtGrHPEe7bmBDR
|
||||
g3m6i3dFB48o4niZwLFmsTWD8KpYFPRmGnD9AX7cXtA1KzjD61ebb7dsjQ0J7/04
|
||||
QLUmPUJ4BMgvMhv5zHfjq/LjasrOVY5QkKi95xYVREacy9hp/5COs9d0d40+qLFh
|
||||
QJ2CuiOba5+aYnVWtbq63F9YJsAwknPOI2nV64l1BflQGJjec+wS4LPi4+l6pT+0
|
||||
wPStv+iVu5vYdVNuq7KtnQ
|
||||
-> ssh-ed25519 iWiFbA Qrs30RtQXXEglsSKQbmeLhZvQB9yR0EbKeba8IV1/wo
|
||||
o89IKeFH91zdqfRJrIge0Sod6k+66BbN3DcUfnqSgqg
|
||||
--- zhvOvBCbfuhWDejcJcXxtdypACwgPb1KrqpsNYWiKNc
|
||||
|
||||
å<}š‡: ¸Ã2bzªüÙÄq¬‘SYîÌõr掑uÀ„Ý}¯â<C2AF>u—»ÌòbŸ\;
|
20
secrets/matrix/matrix.hillion.co.uk/syncv3_secret.age
Normal file
20
secrets/matrix/matrix.hillion.co.uk/syncv3_secret.age
Normal file
@ -0,0 +1,20 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-rsa GxPFJQ
|
||||
Z3WKcEusrn04hb2zUpEFBHOoqDIaCzMo/jZuOX/eMKPBqTrxcba9ZgxOFE7+yaUi
|
||||
FJvlQNg5pQn/vaCtHkJWfBXdKiwZ3pIeaqwNcto8EprKLxIAkLjMBMOursz9k41E
|
||||
0B4NKRyxiQO2kMgjKb9jYzhioan3NG1Loto8RbjbUPlqn/Q0NEsq8Uql0qaM02Ba
|
||||
zBd1Xt1MFDtemXxzfmeqLMX45F67B8JKFujnXajR7qoRCmzz6kkj6zb+SEE+Nodq
|
||||
9J/i4rpgwP0B9Zgp9QqnvOBVuLtxPOv/EE+Dp9Ktj1v5SxlJbQoPBiX5pZd5n3/n
|
||||
dqibdn1Jls57qCs9sHAlDQ
|
||||
-> ssh-rsa K9mW1w
|
||||
BMNOK5nTDPSw5wZsdWlpWzbA62WdDmqg3CdiYSA8mDZT5LFHsmZt4azfwvCWnwKh
|
||||
jvzWsNgASSdCCGk4xzDR8qzVAvcku5IxgQjGWCfa307r8k1RFMF910+QpS0nsckE
|
||||
voBCvNIbv1Qjg6MKSXIDmmDjeLedL/0WYp7mX2FHQbs2Mau3xHz+l4mW9C6Dlyeu
|
||||
PdR6IYJxqxDOqQk2FIMYq7vS1JWDo2ntS3XcufUL4V6TeFj1Soauff9/55hqt8Tm
|
||||
JlUkbHmc/69bsqbr3en1sk6lk7GV7M87tfjGJuhdsMQLY10jFuZfkpewRhCLTEpR
|
||||
LFooblAploXTZfXkvmoj2A
|
||||
-> ssh-ed25519 iWiFbA izGiArlZgQMVSnQv/WG7+tBUnk0z/iUHI1TgAf0d5V0
|
||||
Qw/pUd8y7UNElE9U+VwE7cQhemfPXFhFoiKQya34Bwo
|
||||
--- FfPFhjvH78/oBzE1tL93Vxm6fV9zsHL3S8aDb3KWA4o
|
||||
óœ}þŠlj¿mE_¿9mç}z ¼?ü-Ø9F•]IóãÞØy7uw¼x¼ŠQ3ÅìüqñŠJ„åVº–/”º@>°vÊî-G4;Êí1Ñ&@§k®
ÍWë+c*ûžìá|#»û˜Èª³Wy
|
||||
fC°
|
@ -1,21 +1,25 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-rsa GxPFJQ
|
||||
clM3ZZ+BrFyrKzQEptaVd8zHVtQJZi2gCxeQcdr4X07XFFfDoz+Ft2uY8+FVq54E
|
||||
U2d1Qorf14/K7ubHlTMFcTLksD9CsMSpj4tiVzZ6jLzoL2g8ygsnllyT2IcG6dmB
|
||||
8ZLRL+agcZJo+9cfdxOYwJTzjbDuuhGKsQDfS5T833CgDfleJ96XVFkDEnf4yQcB
|
||||
DBNU4R10SIyHAhRDjZpIRyDAOkwfTVABxHFS9TFfIOWho6tRwfdUeoWAnzqO4wUJ
|
||||
FFTvnbiX44WU5VbUf7Em/92NDWtDJM98B2s+LbgZpGk3oqcY4iyVJIhi7Tfrz5+m
|
||||
5EXsa62mgd30xXHkdBp+6w
|
||||
V2AvkOD5bHByhebVLzXhGpKgD+ZbpXVU8qizj+nvcmsapadSjtnqo/PYHLatc3Hc
|
||||
9zJoCvW4hXu8DVx6sgEapBUibny8mRBUYm58yxi9UIv4PfutFfOqAaTDolOZkVr2
|
||||
5cNY6JTjB8l3x0j+rQfSATMebCJr0mexi/vCxfk20BYAYxm71FWa/3HchH5ktf76
|
||||
YyQFgBG3zSLaWRS8wgWPZxbr3oz2mlQsgAgc2Q+D0RKQ9k9y4MFDy2kQgyBD0mh/
|
||||
LfEy27pFYDcFq5YFrHDx1mzFP6zmdrgNvJtTvIVHurMX0bjkMVvL1EMPkK89zft0
|
||||
2fO5lhEhjN1ZtsiRdi1AHw
|
||||
-> ssh-rsa K9mW1w
|
||||
hMggZlLSWTyf2LhYSVnvC11S9yPM7GN5uMRYlRyQoppHsHvNMkRQKYdwdzJUX2QA
|
||||
5OZ8XQwxct1MAxCp1kiwa7B/EwrlZfoFZgao8VWSs0TZTMCJnYFJ+ETBmVU1JnNa
|
||||
ZOJR+0bTdFMvWCkf5FeIAPz2CeOQ4XfmyU4QMnMdENzUVqPMoB0vPDd9mPNrWeiz
|
||||
wuZgD4jqzZDbyuRhveOy4fCBQ485jxnqaT9l+VPQSA9xrDUMC5TA6Vg6yxwmu/hY
|
||||
pv1Dni7aCiYALRPr7UK2hNUU84cG+8eFf53w+rngzt1lZElvjO0Oailaz5weCkP7
|
||||
nmSfOOpf5/sHE8uhHb9TSA
|
||||
-> ssh-ed25519 rjda/A rnnAChws0QFbuQeviARY1GxIMf7Q1EGcLclq9b/pFxM
|
||||
sOIHM3BMvKIKzXi14CRXJEiIHikJuRf2cl5egADncV4
|
||||
-> ssh-ed25519 8+Ls0w tJ9gHXR03ez8quA9/KSLzc+g8y1HE7RJ6SPsJ8O66hY
|
||||
J+YWnfPQClYZRZehQco7zpCZUorLYv8uNinfmcEtq+o
|
||||
--- iHsZcXh9VESnGPGMQnB7mdn3EVgCUXduFshfX1q88q0
|
||||
ęAZZ›Ź=É:“N3ĘVL¨AÓ"6Nčć4µ†áŇş:éƉX`řÍżkÔýěČ<01>9Ŕs/rćaWîÍPŐ@§z<C2A7>ínµ›E,PŃ{0V$’mÎj'"=ŽLîŁ&B9$ú(<1B>w†,m›ô©gŚźÉtT8J<˙©0ťú…
_<>!˙PEv®JÎY鳲ě
|
||||
Ma3+rklXzp3GvZeLMJRsBFzQn7zx2XSRbeYGjbpwQ15aDaLkvwj30tTkC8T8UOaJ
|
||||
BxhMcsqVJtUQ+8VDT+8TI8G6z8FZRincI0RTpLXkjnd7wr+7dJGty3I8lvmAZLfc
|
||||
Lq/ufWLR5siaHbPIdzD7xc3uIOM6uCEtirO69jylsOxI1ln2nFs/XmB7KFKVXFoR
|
||||
BU7guCumIoxrPU/PRXsSxW2ZgnI/gMGzTFxdfBB+DG5ji3FQJDlQw7PZSKZV3e9r
|
||||
0zOnJiRIdxwcdw22C5OWPV0NmchcVk07RVMC7g7ZlYn1ZvzyH4F6915vBO0AliQn
|
||||
owjfSi9xeR8B+6prms40Mw
|
||||
-> ssh-ed25519 rjda/A R372Lvn/wI+8QHzPHlfdjHbJdsd3CpUP+rDGgBQJCWI
|
||||
PohaMx5p6FHhx+EwypsBRHq2R3ujNU8UpbmYS8TKOBM
|
||||
-> ssh-ed25519 8+Ls0w jQRlUZRjOdFjp2jmKLBWiG1EM6XP1JYScC+y5ju62mA
|
||||
Siiu+PBmnnlXkY3iP16fOaqADppeMLW9csE6ezXOLCQ
|
||||
-> ssh-ed25519 ikTTQA qQIFOuadfKL5Ie3YekLaMDP5txofg9RDtirNvuun4DQ
|
||||
C+o9BE/MLnklCpTqR3z4VDULpcHuGolyxfDRMvmzSDM
|
||||
--- 6gNHbYKsXqKslBJBUbRtAGIGQqqS2uulAq7tmlOBYm4
|
||||
(rÒNäP+ƒ£_ŠC‹<43>¡L±s¾—Çë ôíz#vó-) `ÌâCöj¦ÓíÇëÚÈü}}A•.1üḎW«|
|
||||
g¥ôW¶ÓbÏ)Ç
|
||||
»4_•X¹¢a¸rH…Ø»¾Ý@Aô}YÄüz¶Q€óp«¦Éà(•2øÅm%nš‡
|
@ -1,24 +1,23 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-rsa GxPFJQ
|
||||
EZBFKBAzoSqlSaMvehEGiiCXaT7qhewJy1v6mr3NVCvQqTck6STzEBoalKDi3mIF
|
||||
fLoX7oVMEh5bgOkKIYBiv00ueHe+osNCJtx/dHx9X462RXixrcbIqdPCD+XS0puZ
|
||||
CxaohxNu+kSmbtZc9pZ8PETZ93dmCetSIwo1uQiGJChFBxNn7lm/fvOPvdN1821i
|
||||
ougijCL+f8fG/fymXnnlULbAdyhUI+6Hx2WAP8v9796XQHBieKJJfRFVhbUGRKD9
|
||||
1AK66zZClZ1dD8SuZBtCnafrVm3Wjwys2aKgncKdrWuNoScWoZNiL4nS55w3PCEN
|
||||
U2Jq6smqxjPdC/18xuBiNA
|
||||
S3ctNbWyX1A6JQIN1vNnZamNMMYK20sP5Fv8P6XR4tlrM97QRcFujN6FM3a2siI7
|
||||
/bHryIpHu1cdK90qCLbIvyYm1lilTrXiN1JIN+4sm808dqinKwUI+RF0B+JzTbLW
|
||||
JaITpkJubkrudALAoYARWBRcSkBRSnZYfWBIqDyuj42eGiqObTZdw6flA362cplX
|
||||
j+XaqdyrISSsCq+nH22zpNC62MdwYKGnBNkao3ICZ74lYOdtjPE3FrokGkt1Hllm
|
||||
AqZaLcYUTBbBlysrf8YlsAK9AvtdRHtwACcBv0YrJ35+HIJP7fkAWkfoCqD6iCu6
|
||||
z7XHv1LrtMY/HG3md8hV9A
|
||||
-> ssh-rsa K9mW1w
|
||||
wYSU6EnCqBEQL950d/suDPPmJmqiPWHX0GJuc37bYffJTCJIJKthk43FDOWrcgbD
|
||||
vsfTjRkzRZY8H6ngTTlwIuECzoJDhLq4/4n69dOi2Uz8XZvD9y6lPE7qmqClMziZ
|
||||
mtheoib/PVoV6OvPnCg+d52HfR2REuQNHxGhNucDOjmL+lcjYNqrVq1IHhZJ0WUh
|
||||
4+8J5kA17yFtdnLuIcIPdVNZ1oI1Y5E6H+fiJhje5cnEJ7u/GQAFRLmdV36cZDzF
|
||||
OaUap/nxyAIjga+zbGptHjvKvLfWL+5EA+H47es6xcpJfadBuq0+AfTlSvsQzrqj
|
||||
15xCp6IeGXJeZCOF3NchWw
|
||||
-> ssh-ed25519 nWv9MA k5cpWIDL6sNwqlr9dx3KBd8SXW4gwLZwjUPD1jqL4VM
|
||||
xkDd8nnNoZNOPxIMt2iXvOVjUXxPcBpI0KD1I4p40p0
|
||||
-> ssh-ed25519 Qo6/7A 7eJXxyASGk0iZu7o81zoiIm33IILsL9I7ScDXARPXzw
|
||||
L0WP9V9nkRUvLXVVWf6BWf2GR8xvEI0LkDDAYOmGqLE
|
||||
-> ssh-ed25519 L5AKYA h7RKESPZ5k1wt67mErHvfWBpXY20mTVf/rMsvEcnb3s
|
||||
xoHeghX8qvq2A9LYQpH+jna3Qr9tegIkTI/RhcZFXig
|
||||
--- EwX1bjkJInYJEdM64ZNnt4UfwXAHcAz6ce+eBU9ORC0
|
||||
š®
|
||||
@µéÂl’¥ëf}É4Œ0÷urú
*'n•³%j=Õ’´"<22>÷œ;y§×
|
||||
fv366v8Yl7JHgYP6dyy9CMDY7KtjTK22WZed2zRTNpK4Z2lPrhPkMSahjuKCOtg1
|
||||
dPw2/mxHL/765f5V+ayGa3OxGzVfycmsKfTWhEBa6AcumVUTXCXk9i0u8MkyW36n
|
||||
RjSd2wAPhXXt/RJUg0OQ7GB5ILY7sy/z8TGByMIWKUfNqqxJeBqm+D6k4kMjOkx4
|
||||
/S0JEPFpC3izwVjjnQh+NX5Wm9qOVNViJcCJ/+XX+ydK1uloeZjDvSs1E2+/xlo6
|
||||
wC4hsIBo7qQ9Fi0XIyE0UZiuLLtwozNEvctIzYOLMgqprP/zVgvDMc/qIrxN6ZzG
|
||||
zC/n6bzufZ1v/wkyQZVz3Q
|
||||
-> ssh-ed25519 nWv9MA YWPBSHvP1thV1nTOqv1dSLD3hsmwAoPZ3ha8uyy6ciw
|
||||
lNiy/gXYtBwMqwPu4kKHPXmA/t/iQ3sYYtZFO/kwB0o
|
||||
-> ssh-ed25519 iWiFbA K/RtHtowVbVOFjciimyV3qncJpGdXnlgPu2wydgbZC8
|
||||
RE2ZIl7Huu03JzI2HnzPQlXOH1lCK+Gq85s7ZGQoKOk
|
||||
-> ssh-ed25519 L5AKYA QeK0d2kufo23d5gYcyz43ZZJG/r6ehro6aF9VIiVihA
|
||||
D2UVzyBu/ZEgXRvmosYS/EOGFSWVaRANQnJgue1vFzg
|
||||
--- xS5J/VAzbw0OANF+qfcLIqcrtLpXkRct2miWOIhM+Uk
|
||||
§[Ði<1A>,g¯ý-EÛy®4*ðÞ&'ЊÁã:°fQ°aº55
„zC®Þ§A‹<>
|
@ -12,12 +12,18 @@ let
|
||||
co = {
|
||||
hillion = {
|
||||
ts = {
|
||||
cx = { jorah = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILA9Hp37ljgVRZwjXnTh+XqRuQWk23alOqe7ptwSr2A5 root@jorah"; };
|
||||
cx = {
|
||||
boron = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDtcJ7HY/vjtheMV8EN2wlTw1hU53CJebGIeRJcSkzt5 root@boron";
|
||||
};
|
||||
home = {
|
||||
microserver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPPOCPqXm5a+vGB6PsJFvjKNgjLhM5MxrwCy6iHGRjXw root@microserver";
|
||||
router = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAlCj/i2xprN6h0Ik2tthOJQy6Qwq3Ony73+yfbHYTFu root@router";
|
||||
};
|
||||
pop = { li = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQWgcDFL9UZBDKHPiEGepT1Qsc4gz3Pee0/XVHJ6V6u root@li"; };
|
||||
lt = { be = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILV3OSUT+cqFqrFHZGfn7/xi5FW3n1qjUFy8zBbYs2Sm root@be"; };
|
||||
pop = {
|
||||
li = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQWgcDFL9UZBDKHPiEGepT1Qsc4gz3Pee0/XVHJ6V6u root@li";
|
||||
sodium = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQmG7v/XrinPmkTU2eIoISuU3+hoV4h60Bmbwd+xDjr root@sodium";
|
||||
};
|
||||
terminals = { jakehillion = { gendry = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPXM5aDvNv4MTITXAvJWSS2yvr/mbxJE31tgwJtcl38c root@gendry"; }; };
|
||||
storage = {
|
||||
tywin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGATsjWO0qZNFp2BhfgDuWi+e/ScMkFxp79N2OZoed1k root@tywin";
|
||||
@ -34,17 +40,26 @@ let
|
||||
in
|
||||
{
|
||||
# User Passwords
|
||||
"passwords/jake.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.home.router ];
|
||||
"passwords/jake.age".publicKeys = jake_users ++ [
|
||||
ts.terminals.jakehillion.gendry
|
||||
ts.home.router
|
||||
ts.lt.be
|
||||
];
|
||||
|
||||
# Tailscale Pre-Auth Keys
|
||||
"tailscale/be.lt.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.lt.be ];
|
||||
"tailscale/boron.cx.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
||||
"tailscale/gendry.jakehillion-terminals.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ];
|
||||
"tailscale/jorah.cx.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
|
||||
"tailscale/microserver.home.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.home.microserver ];
|
||||
"tailscale/li.pop.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.pop.li ];
|
||||
"tailscale/router.home.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.home.router ];
|
||||
"tailscale/sodium.pop.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.pop.sodium ];
|
||||
"tailscale/theon.storage.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.storage.theon ];
|
||||
"tailscale/tywin.storage.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
|
||||
|
||||
# WiFi Environment Files
|
||||
"wifi/be.lt.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.lt.be ];
|
||||
|
||||
# Resilio Sync Secrets
|
||||
## Encrypted Resilio Sync Secrets
|
||||
"resilio/encrypted/dad.age".publicKeys = jake_users ++ [ ];
|
||||
@ -60,20 +75,19 @@ in
|
||||
"resilio/plain/sync.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ];
|
||||
|
||||
# Matrix Secrets
|
||||
"matrix/matrix.hillion.co.uk/macaroon_secret_key.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
|
||||
"matrix/matrix.hillion.co.uk/email.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
|
||||
"matrix/matrix.hillion.co.uk/registration_shared_secret.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
|
||||
"matrix/matrix.hillion.co.uk/macaroon_secret_key.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
||||
"matrix/matrix.hillion.co.uk/email.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
||||
"matrix/matrix.hillion.co.uk/registration_shared_secret.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
||||
|
||||
"matrix/matrix.hillion.co.uk/syncv3_secret.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
||||
|
||||
# Backups Secrets
|
||||
"restic/128G.age".publicKeys = jake_users ++ [ ts.storage.tywin ts.cx.jorah ts.home.microserver ];
|
||||
"restic/128G.age".publicKeys = jake_users ++ [ ts.storage.tywin ts.cx.boron ts.home.microserver ];
|
||||
"restic/1.6T.age".publicKeys = jake_users ++ [ ts.storage.tywin ts.home.router ];
|
||||
|
||||
"git/git_backups_ecdsa.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
|
||||
"git/git_backups_remotes.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
|
||||
|
||||
# Spotify Secrets
|
||||
"spotify/11132032266.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ];
|
||||
|
||||
# Mastodon Secrets
|
||||
"mastodon/social.hillion.co.uk/otp_secret_file.age".publicKeys = jake_users ++ [ ];
|
||||
"mastodon/social.hillion.co.uk/secret_key_base.age".publicKeys = jake_users ++ [ ];
|
||||
@ -87,7 +101,7 @@ in
|
||||
"storj/auth.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
|
||||
|
||||
# Version tracker secrets
|
||||
"version_tracker/ssh.key.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
|
||||
"version_tracker/ssh.key.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
||||
|
||||
# Home Automation secrets
|
||||
"mqtt/zigbee2mqtt.age".publicKeys = jake_users ++ [ ts.home.router ];
|
||||
@ -100,21 +114,21 @@ in
|
||||
"deluge/auth.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
|
||||
|
||||
# Gitea Secrets
|
||||
"gitea/lfs_jwt_secret.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
|
||||
"gitea/mailer_password.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
|
||||
"gitea/oauth_jwt_secret.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
|
||||
"gitea/security_secret_key.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
|
||||
"gitea/security_internal_token.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
|
||||
"gitea/lfs_jwt_secret.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
||||
"gitea/mailer_password.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
||||
"gitea/oauth_jwt_secret.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
||||
"gitea/security_secret_key.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
||||
"gitea/security_internal_token.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
||||
|
||||
"gitea/actions/jorah.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
|
||||
"gitea/actions/boron.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
||||
|
||||
# HomeAssistant Secrets
|
||||
"homeassistant/secrets.yaml.age".publicKeys = jake_users ++ [ ts.home.microserver ];
|
||||
|
||||
# Web certificates
|
||||
"certs/hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
|
||||
"certs/blog.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
|
||||
"certs/gitea.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
|
||||
"certs/homeassistant.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
|
||||
"certs/links.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
|
||||
"certs/hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
||||
"certs/blog.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
||||
"certs/gitea.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
||||
"certs/homeassistant.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
||||
"certs/links.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
||||
}
|
||||
|
Binary file not shown.
19
secrets/tailscale/be.lt.ts.hillion.co.uk.age
Normal file
19
secrets/tailscale/be.lt.ts.hillion.co.uk.age
Normal file
@ -0,0 +1,19 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-rsa GxPFJQ
|
||||
quD5S+nsgtv5VnsIk08B5Fqhs4oJFmwuw/mj2GwhOhzgMSzF/KiWnkRlcKL3w2LY
|
||||
zXnh2hB4kQHeudSNXLEh+3WupvynPcaSiuzBQaG559lBroFHR/Vw90MthhnnJszv
|
||||
a0WQzcLy0e+46gyV5PGD+qX281/lLJMztC6onR7WdGwfBdGsv9z/y4RVkGi/A34n
|
||||
pfXeJuTAP+tRcIeQCXUP87XBZdXBruNNtlRwM16UaVx2SzQH/WAirTD1zaG9GNG5
|
||||
oN8Uj030maXgxVBAzCwyM+9euWllx5XBuvpVsxypB0uqZZV7YJ108tjyY5ydDGTY
|
||||
tIV99TBm9IsENczBY85+ng
|
||||
-> ssh-rsa K9mW1w
|
||||
ZfMMTh58zNW63m9HaAdZ9KmlCiCAWfmMUyYBfnMEc3h7K5bIJPU3E7DymtvlO53/
|
||||
CsXMGb+t/cnctrTGlFT2VP8OhoQ5vQfDShjBbS49zYaP6oZR2D0iX7LqRSzZPpQF
|
||||
SWyFWnXKvYIRmtSXT8Ld+kfONBna3nLWUcPiBgQjLJ7pcRA2UJb78+t5sDKJp7iu
|
||||
CFbOEBIHBwnt5uk4tThzB/uZlJO1UMNRttgW5yyiivUSMHuVL729vllXNN2+4EUn
|
||||
H0r88XV6jR6j26Xvx7VmdZV6lLBUFJiBjy353OYfvl7wYWsTMZqRttJi+MZ6kx6V
|
||||
5NmbqWhtJ8ZoM3L1oV6DEQ
|
||||
-> ssh-ed25519 ikTTQA ahMu1d62ggresMO+p12kL27Sv+m0jMGG+FH9Knq27yM
|
||||
0dxGvslHl7EYLOl1nmXPqJBclwtid2+nV3zhJUNa8uQ
|
||||
--- JLHa4NeSjrwXflyWsZpr/vFO6SpTGXOpocmEDVOotE8
|
||||
0ê„#¿I¼æ¨÷á¥þÆÀæãç¤ÔSòØû5½%ù©³r:oLkÕ?Ÿ<ÈÚ‡ÄN–ù!ÔT¹ä`6·.Ɉxé¶è:Œ¥S~$UónXÐ(ü\d
²;W
|
20
secrets/tailscale/boron.cx.ts.hillion.co.uk.age
Normal file
20
secrets/tailscale/boron.cx.ts.hillion.co.uk.age
Normal file
@ -0,0 +1,20 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-rsa GxPFJQ
|
||||
KaDpbglS1rAJv+jdkYv81xbu6jm20CR/L4AnrCJhBRqAl/oOd0+dJ2+6Nf71TuLK
|
||||
xCYDsQhvpOZNTokg3h7vfCBQFW3twvuDFXetETKkieQmE2KvXpRR+r8C6JnI9TMF
|
||||
z6UcCMyl5wIctHt+hjOy5EPap93G7zXKu4cSBIVt+9C95ThGDZcCo8CFSguJykRQ
|
||||
xgbT+9l/1DlrCyrbX6efNGYyuxPkqXqS9MuF5A9/ScsyXbfACqxOxb4255Q784+u
|
||||
TkgV4aOIlxmGaI8l6OuCLwavmt/stKKkW7M8seDdm0ro975r9ogDlJlr4JSO2wmW
|
||||
8rknDFzzdBtnXgqp6PWtUw
|
||||
-> ssh-rsa K9mW1w
|
||||
MuSScMNbn2QWudIop+kA+v6UrlXEzXk/3tgyJ0248K7vj2DX+wRUb3dc2EewrfIt
|
||||
0wDslBWKZxDoOjXS4HcuSDRnXxZwg1eT3RjhlKRPjVMhKj4V2OG/4eelQd+0wfJv
|
||||
OIzvQzkRqw25vk+hfWFJ+UwLkZ6/DVDm8YjQ70bMmpJcJmC+sn6muta8n3qVpI3a
|
||||
jrHZk4Qs4Bpmmcq7MbFuGnp8XLP+2EnOCAGWpIH82LWKf4ZOAry06tu153ilZ+pD
|
||||
dr/khG8kIoZWCvXHS1ZlsKsM4l2+ljdTXqrhoIR60/3/J2X1pf5lg9/du0lUU7wG
|
||||
6DjCagmoQx45VCvysrwi7w
|
||||
-> ssh-ed25519 iWiFbA 5ufDF6LdfTqTDNGWCKi4tQKQDm/gNB1PLRGw7K9QpmM
|
||||
PsNdWW0tPRT8KQrBtiRWeOin/SsDeRl0HJMUnZERaFE
|
||||
--- C5mp1K/mzIrDH1BAOAYs1RN3Nhj+6sUn+urZpZuJbrA
|
||||
ý8xÒÕq5z0ëÕj09îS<C3AE>‰IÆmtYr×¹©…Âéò5‹LZ<4C>È‘ž<E28098>^Ê/‰wÍk³Êš
|
||||
1o[Èú+Ñ
w‹ò/¬5Õ1¹š/hœXõÁ‚Q<E2809A>ƒj³Ð¯µ
|
@ -1,23 +0,0 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-rsa GxPFJQ
|
||||
kqQ9ovZi1Wqf7hz75QB+v8oLr5oRT4Uce7juM+R04CrOOGn1O6DkQtVeFa4Q7Ho0
|
||||
DTYeaP3jTR8zo7poTI323q8FbQ/dLG4jxBFafDZJZlXGEThVLnhNYqZZSjiCJHma
|
||||
hUn8nSC0y6AdA+lMn8tvZcaivaYpPtT+bALXtvxZ6rTo+mTbJrVRxPY5FZdmdmCC
|
||||
Z1h3UFZoyuAO9VWQKtPO3o0Ijh+L7e+TFdRl1YowGB+hvZdJ08AkPXrwIEUMnnMA
|
||||
+e/FA5HxHgvi6ud8RTcAkaecYt0l/vKDgBON9ESfHIMuS+vNk5GKT7a+ImKmfb4/
|
||||
o2cSmR8y/+J5z4MEBcj/Vg
|
||||
-> ssh-rsa K9mW1w
|
||||
veHh0OpoW3Hnvy9k7NwANMae2StqGcohTI9hfeHNi7mR6wHly1HqOD9U7eijVYIC
|
||||
qvKJsk7sEO8NyAVqLWqrvdq9bLkgTgsNWQsXbulY8VHhwZMIko9YYIZeJv8Um9Bz
|
||||
q4QiwJW1KoLItqJNR9c1ZLRfwHaLZwKTThAKMjgt5KFiN5NJYb9CLbAZi4eG1hi0
|
||||
PsIP/S/dsUKAeN6Bz2JZ4HB0jsvyPiQLr2p4q5nfEKybJEmjOfc9Z7TjwZTNlC0Y
|
||||
0MKVarhwFqsMIP63gTYZisacAhmsG7DoLFA5eHf0VPa1KjqFait0dG+zuojehMfj
|
||||
uifZFGahsWaAMg+oq+/Cvg
|
||||
-> ssh-ed25519 Qo6/7A sLXu4pSLH2lnzLYVzisN9Zl/EW1jL21Km6kPZO0/Zjk
|
||||
chDyf7Sb5GtSVi3TmfYpwwFbI3PhoOnxS5lRcqQGwyY
|
||||
-> Y1-grease ,Lz| "Uil>z36 -K
|
||||
xfFD+uEZIkGkysF3HdMkMbhsPnu+Cnu6o8tT0lq8rdSOn26V6Fj5CZi1muuD7d2c
|
||||
BLtH1vyQx4M71Hb6PmKu7+s5V9xsJqKxtDqx/6iAc9uZnbmeU27nsA
|
||||
--- YXh9Kl4PGetzx8qsLJa5gTO3W7UNtio1tXs/HXS271U
|
||||
Þûa…kž+J+/û€áñ<1A>ÍKÅbÄä‰éù|Ï$MäåÒ{NýÇ]¦ï=ö7Ïß@ƒ›—<E280BA>(h.ql2¢X}]ê,¦'ùN ÙCô!Æ;ØW£±
|
||||
äû·Dï
|
19
secrets/tailscale/sodium.pop.ts.hillion.co.uk.age
Normal file
19
secrets/tailscale/sodium.pop.ts.hillion.co.uk.age
Normal file
@ -0,0 +1,19 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-rsa GxPFJQ
|
||||
rgebPOZWAkQIqQZn5UywtUzu1ZpEK9yF3wDLl7b76vOLBM8BeE/cud2AgwRe49VM
|
||||
UfbL+5IInvqvVCtCmciVvDhBp85BLvuB/e6DkWxH+HkKm7/stgXkuaotnbxftLN5
|
||||
w90Qz8jVgwOSWlpDdW+MACphLBOiDe6oUrcodiQTD+FmA/cH7oEnjaxyElZA4aey
|
||||
Yw6df7NiMCbh8LitSqLm9YTB6yWlVw6fumpvsVJqW9UPOdTtOEilFT6qrXIMeu10
|
||||
MEdDkU5FlocDSxYLN1buIRSVb+wtN8eSYrMsOd7zwB/FYWw9fFNbZ/1JFxQKl9SK
|
||||
w+fHN1jQyOjKpbYELeCdRg
|
||||
-> ssh-rsa K9mW1w
|
||||
hAYfQrfwWNmck6t7oDzS/JKd7Gb/j3MMH19kEZ74k2Z/t6j9VgNlo0cLCQCRd29l
|
||||
NXNwx4H1VLFqP0f0YOIpbeZAPjvLxWODv97ovLWTtokPX9/kDugigqdW59KYcxWB
|
||||
cbGAJrBm+D7b5uEuVBCWWBAAv8dZ4EajguoBR6u9mkJRDyy55q3JnS8zUoSz/9XK
|
||||
Ne+pf9Bej2hen5CrFJoIBs3YGL81Tqn9zfI3RsgyncB355aL0bH3FKeeWU/Qm2Eb
|
||||
fqJroSjNteWp+vqu9RzgrzpRUrZbw+KZL7sssTc0qXTI6UuUrchJ3ku8bOAmYYj+
|
||||
4GgOgMeY5ne15Xkc0g/U7Q
|
||||
-> ssh-ed25519 oW6Y8A koK5dt68rm3ItiMLS/D85cL1FyvBFOoOUn2iU431HXk
|
||||
isWccUR1wymJzBSoNVh+aFMrp1/VS3In6w/kcb1RTSM
|
||||
--- Askgu9440tsbF855jM94XpINs1fv69fSY/+CchwH/q8
|
||||
š3 ÌV÷<07>‘‹Ôy~ϸtˆ¯ÿÉÏè@öpƒÆࢅ~Ón‚Oî°¥Ä ¾âaUUr›•1P¤žÓ6W8ÆFÎ<46>Å<EFBFBD>€?ë›7…üÞ&Ü—OŠ×t|œpoË
|
Binary file not shown.
20
secrets/wifi/be.lt.ts.hillion.co.uk.age
Normal file
20
secrets/wifi/be.lt.ts.hillion.co.uk.age
Normal file
@ -0,0 +1,20 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-rsa GxPFJQ
|
||||
j23rAXS9bmi74Aw3K+Ym/+4eajkeddGn0JsT4y7LkM54KZDazHLSpdIY8G4bPEC1
|
||||
Hmwb6tC/fXjCwxZlR69UcWOhYtGFNQKKe66uO4+LnLHrosppsFNUduk1/yamorxh
|
||||
foTF1BYstniAO4dkeS+gqU+EozOnpOgnXDjJwQu2az7H0ecTkrdaExVSZefoak2Q
|
||||
NdiMVzLgx4/jcuNFIQhej9h2RuTZFcYqoxLvpDYhgCHHrZGXT4MpMtpbV/1z0rjE
|
||||
RZiMsaD0cFUB0xY4ncZu/UYTqDInCmiQ/hT1IpHXo41mJgAoOjxvBuMtT1JLFIPx
|
||||
eHV8+2B6t6cmvJ94oDb6pA
|
||||
-> ssh-rsa K9mW1w
|
||||
nX3geP4iz2iW8cIaiI+gUsf2Me5N5yLVxyp0AZx3mxm+REVeW/3gIs6RFwgVvNz4
|
||||
O3Rd714c5eufkVb0jaHcnh9xPkhd9JPhDx9ALJebFyDwviQelRucCNkAiFU8cCp0
|
||||
5CwdTOsa+QoTL0yzkgFch32sEnrmi3NQpMyQdIACFaFyvVl0vd8jOvIrNUqEc1dZ
|
||||
XL2brlteJ5tDn4+7riShILdrkWUXMt127YtBLk4kzAFq9bem6KR3mxoupoGOMZKM
|
||||
6erqfETaoGyQYfETg7+/4CSoCOnSw7EgleOQ92Esof2KPiLWqvVVLRYQkajr5atn
|
||||
QM8pEVHysfP7tYCOw5Pc3Q
|
||||
-> ssh-ed25519 ikTTQA pS/dHNYcNr5Td/Gd7bzuODNdtg5Z/EOl2ZMkRhWIbxs
|
||||
7S4TzwwGr20Ar2EHYzF42yK3nKf6k2YAV97URcvtssU
|
||||
--- aaywXgy4WGMmd1EoyFk/LXbATavqk0N5rrAJ43aHXo0
|
||||
*¢’X%jø
gàïP5)ÚKS•=ØøÞa~зR7œ©\>ëŠv¡w°¿›8©Ã
|
||||
Ì•ŠQ±Nx…Lžlã`™÷Ì!ä¸^Z¥éE¼R››·V è\׺ ‰ÚÝ-R°vÞû¾Sgtw
M©ÞÓÓç)#8Ã΃óɾn
|
Loading…
Reference in New Issue
Block a user