boron: enable resilio sync

hosts/boron.cx.ts.hillion.co.uk/default.nix

@@ -101,6 +101,34 @@
       fileSystems = [ "/data" ];
     };
 
+    ## Resilio
+    custom.resilio = {
+      enable = true;
+      folders =
+        let
+          folderNames = [
+            "dad"
+            "joseph"
+            "projects"
+            "resources"
+            "sync"
+          ];
+          mkFolder = name: {
+            name = name;
+            secret = {
+              name = "resilio/plain/${name}";
+              file = ../../secrets/resilio/plain/${name}.age;
+            };
+          };
+        in
+        builtins.map (mkFolder) folderNames;
+    };
+    services.resilio = {
+      deviceName = "boron.cx";
+      directoryRoot = "/data/sync";
+      storagePath = "/data/sync/.sync";
+    };
+
     ## General usability
     ### Make podman available for dev tools such as act
     virtualisation = {

hosts/router.home.ts.hillion.co.uk/default.nix

@@ -32,14 +32,6 @@
       nat.enable = lib.mkForce false;
 
       useDHCP = false;
-
-      vlans = {
-        cameras = {
-          id = 3;
-          interface = "eth2";
-        };
-      };
-
       interfaces = {
         enp1s0 = {
           name = "eth0";
@@ -64,14 +56,6 @@
             }
           ];
         };
-        cameras /* cameras@eth2 */ = {
-          ipv4.addresses = [
-            {
-              address = "10.133.145.1";
-              prefixLength = 24;
-            }
-          ];
-        };
         enp4s0 = { name = "eth3"; };
         enp5s0 = { name = "eth4"; };
         enp6s0 = { name = "eth5"; };
@@ -98,8 +82,8 @@
 
               ip protocol icmp counter accept comment "accept all ICMP types"
 
-              iifname { "eth0", "cameras" } ct state { established, related } counter accept
-              iifname { "eth0", "cameras" } drop
+              iifname "eth0" ct state { established, related } counter accept
+              iifname "eth0" drop
             }
 
             chain forward {
@@ -154,7 +138,7 @@
 
           settings = {
             interfaces-config = {
-              interfaces = [ "eth1" "eth2" "cameras" ];
+              interfaces = [ "eth1" "eth2" ];
             };
             lease-database = {
               type = "memfile";
@@ -259,29 +243,6 @@
                   }
                 ];
               }
-              {
-                subnet = "10.133.145.0/24";
-                interface = "cameras";
-                pools = [{
-                  pool = "10.133.145.64 - 10.133.145.254";
-                }];
-                option-data = [
-                  {
-                    name = "routers";
-                    data = "10.133.145.1";
-                  }
-                  {
-                    name = "broadcast-address";
-                    data = "10.133.145.255";
-                  }
-                  {
-                    name = "domain-name-servers";
-                    data = "1.1.1.1, 8.8.8.8";
-                  }
-                ];
-                reservations = [
-                ];
-              }
             ];
           };
         };

secrets/resilio/plain/joseph.age

@@ -1,25 +1,24 @@
 age-encryption.org/v1
 -> ssh-rsa GxPFJQ
-N0VP3h6ZmNIxTP9P1NVeBYHTng1jpoIf82WjLCgZVggdqgRNHCpYcwBmA0uVoaq9
-EfFKOOGqKVD6B9NjMJBah1pjQLuEVeJaLCmh6W7ZtJceDJb0TvwRliCNp6lpsIFz
-JObFo6DfDH77u8WJh1H//55mDzBxgG02HuW0re+ABHMxbHHGOZ0AeeWVLijPtRi3
-kTR1bxL8Q+F9Ux2E5WmEOJmwUguchnrFgPljFSDVMLZ9gYzJfgqs1MGPw9dq191T
-5dCZlUJ+eP6kOwJBmUdsxw9+SJs7bT/dcbJRm0Ne9FEW+wnGye1x5VYHIWej3bEL
-TebNxUIvydTNxY2HGql9nQ
+Zcw4m8Od9Pnengg3KJoZhrrRUtF2Al7krJmW99W3jSzMqkw8IiIeLlFeu15a4YD/
+vcw9INzSf3yYM24Icl/DSoE+DVfOOa9HnaLoMzo4Ijyue81H8C1idVBe1LjUOZ1K
+ufEbtocSfk7rKDZV6DnTHBqVSP6C0iqH0mzh1b+vj9JinMeFNrkra3Hvz6VjxVmT
+kxLssE+22Q2xyetmptEhnhF4PNrzjX7rfgrLz6FBieRucaGuzdlBCDTL3s+FAc+Q
+nOkjHinefvYMQyJypBLxH1+st9BRPOYN7yEmDWUzqhTIC07XtveehjwwntpfzLMX
+wCs4d3szykEMlmxsQiTMyA
 -> ssh-rsa K9mW1w
-cyTDw16UAa+Cf4cBDX4H45w+uszxy3qkjgvBdFdo74VzNHSbAo8lwWkyOQKU4ywD
-/IYxWTdZmWRMIM5dxVhixEEwJEdQj0vxZ8IfaWjPxrcct3dDBn1L4pRaagUGoE3d
-K56WB1DQaCNKdR+NQDoYvQjCTl3EOHuAHiJq/rThPm3Vu/FCHcOplU9gDJOVFyk4
-sbtjip5w1LAlZN6oGZPA9C4VX/QmZcRJGE45tHbnhjzQgc1so5feKonD8Ge7TiJl
-Q7u6GL1cinwtUYNjMyxgxBukxmBRkqyJO3TqlINE6OdHGOBEBS09vR4GLVP1PSvx
-IQtRHQyhyIgga7O9Op3sDw
--> ssh-ed25519 rjda/A ZcRs6gk/JWi0s9XfxEBdfl9k5hDWkyHE65xj+w44diA
-qqWMAbaNk3PHYcP+oMSkSig+226l9K5gf4FxM/akQzc
--> ssh-ed25519 nWv9MA pPqXG1RXqm3l1zYL1hU00dWdJs+prvBeYfaflx6luD0
-iaonXbQUnpcts8i3Z1c9DrDZidSkZBz+Qv1oxIPRNAw
--> ;6~#q-grease mya6IC:y qxW
-9hFfSKg1yIN/ZGRECw2hM3BrhAPwZFdN+R9gXAqylOw0gZVZkcRkG0jZ4HemItw7
-yyNUnLnzs00QGznabM8IrYoAJ2PamCEepwNu2807PJ4hKxnZPyjeJInTaCy2Nw
---- TYJ29oooz7yPQjWtojmVC+ICLfPlPFtKCNgmmr6+7zo
-UU=à<>Ýuê“Ȍ鄤[Ië4
-1ãùQ<>ê<µADpÔ~§Ü‘d½ð§s=gqP]-Á]Êïµõ¡[B€ê
+ju/Maj+4mXcXJ7DfUGlZ/kV/EjvOS9SAOXMO1ttxcsEYoV49guZ31HYB+qbtNz5/
+L3cGgLC3UksUPQrjtRRNErFDByHUuJR9RDRCjMb5ffGY22Y4dpY20B1lJm3YitRm
+3duFetD4fuOJZBecmmFqFJxbdwZn0bjSXnkCSRr5ulLS3ERDyGd0sNKgTv+9ujkF
+BM89qM8Aj6jp/QWt5qNDR+hJEabENLwe7FiMEYCLyCBUK85OMgStaUYESvNP0l2i
+P3LBAS6+/BSkcG32NWslwOU3AZxy0Zfgzkt99yPbfn+oNzvWJOArPdGASADwKqaQ
+UVcS0b6bztXTTAVKM8iEIg
+-> ssh-ed25519 rjda/A 4Tw30Vnwbz106yiuuLbt/5Wi+uVBOXagCk0lcL0wEhE
+0qqIo/x4gvajzFmOrUiF0zxZWWdrmgGw5lbv9sWbV6o
+-> ssh-ed25519 nWv9MA v1P8G5dscP4iwTYgemJFNNuo91Hf5qkfqdEIcnMGeR0
+q3ac7CbaDD8+XUUlKR9Zd/L7mmJshoLZ5uNBDE3WzPM
+-> ssh-ed25519 iWiFbA SOlcMdPXkowBriA+bHHJKx08YqxcLZ20bld0kWU9VXI
+Qo3Cl9EfZS/tlBFXdMd/9+wHShqP6ULIiLoi2s/8Rxg
+--- A9MghdnqxJAxxmBb4iYg2ZkhFz3HTYAXtGjyo7HJjl4
+„ZyGí»pW¸´^›	Ì
0߸$2J?±ê‘Xg“ZïLjÆ<>?‹hVª¿¬ïò§â—nÏi
+¤\öœ<qÆÌð

secrets/resilio/plain/projects.age

@@ -1,23 +1,23 @@
 age-encryption.org/v1
 -> ssh-rsa GxPFJQ
-ZGmn0IOsCUZwoxg3/VT0G/41LtqRdI5Q9pypppmOLaB96feUhaEi1W8X+YzFxqrR
-oqCoZd7H6vKySuHFj+jPepglRdTx3+Yjb/zikF1NR8i61FJy1X7sBF+9dwGPK5aW
-nq+43brPM+3JoUQ8qNCT8wNkQ69M4Qt7tYFtL+x+lZYE50Qb5psI7sHwbplhOcUI
-ybRw+FncXAuuVCvxgfiVIJ1YatrgJqrvuiUR3+4mNuQhB52YwbYOAVVt5ABqiEl3
-p9328b+BD0/AcqSm5cP9ZNBjiMwsFMs0S9CI4PQExPcat1GPxZWfxTkxqItLtFru
-5a7dLhg5FMsAGiKSl+FoAg
+kr5QeN/a++wOJO8yHI9BI2htivfR3fUjzoAgd01goz0GT1qaHWGWtD9UmjyUODMU
+yg6tao4k1okxCjKHVsvE18GkQ9aPdSPL4ttUp67bGyjINDxxn6yaXTP68c3QIzfP
+FcInSvBOMBA4bFFVUhiltVLhZfD+y/qBWw8rM8qfM79LPdUtPIJ16v/HWynT4Z82
+mj3CvAKdcLVbPZQhSJcvoV5FIWeTjNcBlP5QJ+NIXHzCaTNTpA9J8235fiZSBVHq
+26YRtU6ER7OqRvFYlpqwSq+piHIdISEv+Vxf8hyxUMTEiryaKNcoU5lFJfg9FeLH
+Mn32shLhjETOYaMPqtgeYQ
 -> ssh-rsa K9mW1w
-XSwS7nvOb2IgYbKQNgZc0kdiumlOlBorRiM6iCATvC/HPfRhpwDK7xmcKFpe2W3f
-QoA+hDkYJh0J2wXn3kG7eHG3eT/J8iPz8a7BGRQAfHdlAb5ZQ6sejNa5HIp1tLwU
-FJUxZadNjNcf6QldFdR+xf0q1+QgnXYRxMIwvTb5KCZWuckCp7zFkp62bnWq+/Ks
-OD5ZInGz2Op570Tml3wKJILlkHr1R2N+BRIMjUBcOV+TL+BYSrm6e0+34LnX8TA7
-rmWlPDTHlRwd5rjeXlPixIe24LKdoIfi6GDbPHkP/bUkVR8A80kFdorC/J5bRjK2
-8TI6GH9NlYYFl8kbaR3S/w
--> ssh-ed25519 rjda/A E67aoDTTaQIsO2Z1mZmLFE2fdhc+UKRLMymYBLlNdk8
-kkqBDCBjvwU/Y6t/D/HMOhC8o7PNp9WoeCJB7RyhSbI
--> ssh-ed25519 nWv9MA Xoi+vFuSBg+43Jts+RU4U+N5Y1JuOLKN4NKoJytIyVg
-lzkw5G3PIzhW+KmDboGScR1KnzUZsiIRDeexaKV1Q+E
--> }g)!-grease
-ZF+kKUH8C4soYUK+K0W5CQ
---- Xr5qooiocM3gr8DFEt3PkrTqnpzqKqPhvJNn8tnV5N8
-¯ºJý`VÙÜ!äÊ}<7D>~Úh!"Q_‚³¦;ÍŠ f:mì<>?é7:<3A>DAFU–®$Ý<>¶ûWGß”mPö4Fš
+xZXWV59MTmJxi82X2uh9OWhTgzPceUo4qznn/jEf0uMUyTH4iBVotH0eq17uUtrF
+06SCC3hJhhooMW8JnOxdFtzYFOdFO5ZlWvqj7+PKk5q9FN18CgFje4NZbtTIdAs6
+NVpudz6C8XjJMrx/O2lXPcvchGpYvYb0jfx7T7zpqUnQ2E74kR60HYY1gp477b4v
+PkYXCSgklOtKHdiL7+HAYM2dahnf81+oF+BbtAquiPzf5rycLlLxUJZ+T0RAN1YQ
+B9cMlmVQg/ov/sjrqoDEG4wESPWo44lBujQGyIat+FAn9x8oKWXH9eKcROqlNSzR
+Lj9ElTZnBi7rSw3WzWFdHg
+-> ssh-ed25519 rjda/A HhX//+Ks2fcVYEyx9mQ45BA0h2CjWV3j1PxU8+seUDI
+T+9pwIO7Bi8tnORRWMQ715T4zxifF9N2027sLiMchf8
+-> ssh-ed25519 nWv9MA WTaFB7Cv6jIQ2C2a03KSSikfT+/qcVhQBHZIPylyY0g
+Y5ZDWf8VC7KDfVRcDhfrZmQidR0B31qwBMK7nji19zo
+-> ssh-ed25519 iWiFbA ok1iycHc5Y2rNZgpso3YNz7C5JLD6GrAKei7se0bD30
+3wAnC9usTFCIIvWWmCqS440grscYWyOVcFVhjipIfhY
+--- NTL+Ln6MrahJsgcuWJQdzv40W49MENPglYSqJMRBkC4
+<EFBFBD>½PÌŠéß5¶Œ+×6š/è8ÃsP¤6Î#2¬z°ßljÚËnÀE>@eJ'Lfh_¢#[ô/¾µ¬¼6<À%æW

secrets/resilio/plain/resources.age

@@ -1,24 +1,25 @@
 age-encryption.org/v1
 -> ssh-rsa GxPFJQ
-Bdk7KBKtx47kmf+hvq8gclY3Gcdv6f9ZZQfU4vwmdy7OxVnBLOFB35lz2oju0XQy
-LiQ5vmIp7gy/5A5iKiTOMfx2RGhjVRN/SLLG+2jVnXDEt/UJkYGtw5lmr9grzwRK
-Gn9kHCegR+sS2eSb1cLS7fg0xfgbkp8ch25UPfLK81ndWxfeT9zmJQpJ2Kde7P5U
-QfVTu2ExlEwSL/y08DGCHwIZkSfMvpO8axqQ3MnL/Rd1QDtnKJjyK0uPLqg9U0tI
-vFAqoTY/uPA2rhUxa0kAuTUkzzTqifdSgpbcAaMq7a3NaSX1HPu5Nx1OEY/4WJ+l
-URigXZaq6EzBn9otnS12ZQ
+C2XqNUJBi64XN3h0J51IGrc4uK088tdy1BpG4veEQUVJvXkQX/c/Nnpx7nECRfuG
+HJf0d8y8MhW8rum1Mk/Z8zzKFhvAvEpo9ygg5iip6AfZES8l+vRIKcKHJI+hdGwi
+BpUnYyBUzDpEZA45DeWbTh2EhxVrESas7Fytv3BMhAvE5TDDQ19GPb431yjuaz8b
+d31CpWw1mYoFlcmmjUK8WDtLz8rPzJ7Kn3+MNqjj0qohBC/nWiVcTVi9G+ywtU3z
+LLxaYqeuOJ8WStKjp8umDBRJAzlQHsBETNIXySgkAXDw5LRyvCw/dAGAAT4K0NL8
+3DzhCYXbnbDQZLTCXvwBGQ
 -> ssh-rsa K9mW1w
-Hn9bshIdWat8kEm8bwtK1dsnf1yNVVyN/6r0lCiABBpj3l4+Y98WhegMQm9XcsrM
-FO7nlkKskv/N0lMrM/8yJ2/mwyB9hsAucnjfcDA4xJGVEE272Irtx3vgz7F4scFt
-5kucXpGUJdwyebxdf/OEjbt7QO+62EQTwoyAk7L63+KPjvaX2ScTKmnqqTh1K7Zy
-k0G/N+YIWQUJJhN2ENQrxL1FBE5cFviUwnjM140Xf2rCdYYWmAchLvT9sTbVSb8b
-knEVgqvMrKqmBUnkUu9GvIsV9e+9faaH9FEjglZVVRnwmkRiVP2FQY3PRdAa2riY
-Ye5QiJo/cgkM7nzkgaxBPA
--> ssh-ed25519 rjda/A Qw+NxLTPJbUpNgKA+zquu7muM4IfojE6U4JhCOXw81w
-pGszDohVHyqrSAR+8Z0lobnXIeIA/nUH34HrqosQOQc
--> ssh-ed25519 nWv9MA HVWZ0v1U9Z+jBPnBTuXzeWtH11TaryPPg3f/P1kZ9kk
-dbUtX/PW2NK5Wvq+sfHhB1tTQczZrWdoB5yO2NNfA+c
--> lRQnw-grease Uae}/ \F Xdj./{u+
-CUJ/fDfPZMqzAT54kejikTVyN5fuEoz4YyGEY8OP7wBfTfjHRag9V9KTqieKMEQN
-9eZua9s
---- 9HRoxNcGBsRfiZO604w6z/AWbOIvniL9LDwc5l3PJho
-ÔÞ´ôtñqDJû‚ÈWß‘¤àq<C3A0>SUe駰‘K}iÅ<69>).\=µ9ãðÅ¡·ÊtÔÌXùHÄøÞÅû€Ï.‰@

–À
+mXuRq5hBdv7074YqUWveOh/g9fTJFoqbjrinGGLMKbu6ryNL3bftoB4S/mA00uJH
+qnmHrCqzW4Sq0OjqYCM2jXNkKSsIH8fMC6bvDNk3SUSRBrtavjBcgMbC4ZtrNbK2
+cnYTdDUdeB4R/CMZMOedE8A9DtRf5gBJRdohttHB3FDlaDscB7Z0f9+5Xo4282WJ
+hdn6U7NVuxXy4W+xtRamkTkvbmkqm3MD/d0cJblcgzoM+E7uQxG632atWlCfLOwe
+g6i9OsKgFek4+TsemO2m73rjVo2vK7HQ3YRpEZQJM2Elf5ic82CwqB3KSMvHe0Lo
+YVs9dfw9IiDpYUDPuWe66Q
+-> ssh-ed25519 rjda/A fG8LxAYuHS/aehyNucu9u7I2HXVv/vqrsB0KNdmw4jI
+ELELNsGgxmSn/N23BBZSwbNQJeqjSAIRw79HbIjeOU8
+-> ssh-ed25519 nWv9MA JAZIWWeykigrlaFLGF9vmvdyxkg5bY4J/PBalJZMixA
+FfX5nC3Bo+S71zHHJpZfIcSS3BcHe/v35P42Fj2pFmE
+-> ssh-ed25519 iWiFbA h4W+ytsT3O/HgGsg1OJsAU2lgEYSrQ+SHqnPWDZvCFw
+Ej+cXJ7L6UK5LKFWy6RNqMMJjMKRHC20ifURI5VKvYY
+--- M1bGGp67Gr4rz/OZk+bFMFgiq1/kTai/HQKFjLJarr0
+C½<±¹)þR8¶‹<C2B6><kL|=.X±0~—]¶=ñÒJ
+<EFBFBD>4Éÿ9k&{Æ­¹§.‡í«>_)Ž_½ç…8Å
+ºý&I€‘

secrets/secrets.nix

@@ -68,11 +68,11 @@ in
   "resilio/encrypted/sync.age".publicKeys = jake_users ++ [ ];
 
   ## Read/Write Resilio Sync Secrets
-  "resilio/plain/dad.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ];
-  "resilio/plain/joseph.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ];
-  "resilio/plain/projects.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ];
-  "resilio/plain/resources.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ];
-  "resilio/plain/sync.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ];
+  "resilio/plain/dad.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ts.cx.boron ];
+  "resilio/plain/joseph.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ts.cx.boron ];
+  "resilio/plain/projects.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ts.cx.boron ];
+  "resilio/plain/resources.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ts.cx.boron ];
+  "resilio/plain/sync.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ts.cx.boron ];
 
   # Matrix Secrets
   "matrix/matrix.hillion.co.uk/macaroon_secret_key.age".publicKeys = jake_users ++ [ ts.cx.boron ];