cadey
/
nixos-configs
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

agenix 

Signed-off-by: Xe <me@christine.website>
This commit is contained in:
Cadey Ratio 2022-02-19 17:19:35 -05:00
parent 150a2e129e
commit 1b4093f217
6 changed files with 101 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
hosts/firgu/default.nix
View File

@ -3,7 +3,6 @@
let metadata = pkgs.callPackage ../../ops/metadata/peers.nix { };
in {
imports = [
../../common
./hardware-configuration.nix
./matrix.nix
./shellbox.nix
@ -34,6 +33,12 @@ in {
system.stateVersion = "20.09"; # Did you read the comment?
within.services.snoo2nebby.enable = true;
age.secrets.snoo2nebby = {
file = ./secret/snoo2nebby.age;
path = "/var/lib/snoo2nebby/whurl.txt";
user = "snoo2nebby";
group = "snoo2nebby";
};
within.users.enableSystem = true;
boot.kernel.sysctl = {

5
hosts/firgu/matrix.nix
View File

@ -96,4 +96,9 @@ in {
extraDomainNames = [ "matrix.within.website" "element.within.website" ];
inherit extraLegoFlags;
};
age.secrets.cloudflare = {
file = ./secret/cf.env.age;
path = "/srv/within/cf.env";
};
}

26
hosts/firgu/secret/cf.env.age Normal file
View File

@ -0,0 +1,26 @@
age-encryption.org/v1
-> ssh-ed25519 extxyg nHfHVcsv2e5aa8Le8x84zdWQfE3TiUbTMM4RAK/8HXw
GWaA8XNg/w6qS7K5064jU6fZqeVniUNK2El/NIFUFwE
-> ssh-ed25519 0rx8bA 3xxBfxdgl2WC59+BToWEDNRzLPdeOb/6f/Tytvc+K2g
1mfkd3thjBMED7fS1UJMPgTGywgxjiasdllpIsgsefk
-> ssh-ed25519 ZvILxA V1TM0aSacrOe6VGF6m0vQBoqKfg6Z6YQHpCoKg2TlVE
XBPWPzUEkazB1f1uxQXLaKLi8TtOQ9moxG7DtUk9lRk
-> ssh-ed25519 x40ZwA rmQEFwaxgLWoX3hPQzQ9n7gY0N48BRxzq9GUFJJRUno
OgUyl1S216E4BWppFjT/MMoy9Hpf1TODW9siEaNLffY
-> ssh-ed25519 Cb6l4g yTsovU8vVFe9P/DpzzY2983GWPB0MjW1apDL04E3ZBQ
QxscEqibJqsgcgPFKStHXmcvX9HbwpPRcb76/ol8dGA
-> ssh-ed25519 6Sqpww dImNfMzyWtDdaebp1XGVFojAMETDazTpNLYDHhpLsnw
DLcQlK4mn5HzAf3MXzR+hqQqvvw/Uonbx8SfFTaeUO8
-> ssh-ed25519 H5HtPA W5K0snFwGGN+iTn4prC5tns8Nl7Hryi8QrqZ/MrZPEo
h4AAu4jKiFpcTtuN5G7NfRqB6Fm84KYnKJM0njuAVWQ
-> ssh-ed25519 YcYwVA S/N6GvXHURyHnp47G7tiVdDPEMA7pV6Dbl99P5nYRjg
Ody+QTg/m+iTKB/s8r7pXIe7BdcpD41zJJ5H5YWPOgU
-> ssh-ed25519 6Mkn0Q 7lZpuleWSq5ucceHAB4wTjllAz6NfVrqqEmEWeJO1zM
JSUBNOUHhCZBV2ty5/Zi27ocYsxu/oQwT6MHRxphuwk
-> ssh-ed25519 jO2MvQ RpYqccGjW6Uqdi31cnpNhUjm2yEuWn5YBQ8XTpwYkAU
PIn6XNeZS45wjZXsO3N1NxKe7thERAPZTru7+o19tJg
-> X6Q0-M_-grease ^QO^ O(~7'@^ $Ma r3
1XVvy8GtDMuAsaSDl++SuDy61M+aS4AYR4h9C2Ub/b7jh2U8l2DEr8N2EkJhVYKo
aqmQ0DzgV9mxFPK2vl6zr04fGON+4+KfsyQgen5uQaBsawLn2MsFvARy3A
--- uXGb+F9FfmNq9E/26j6+XCLYmXuJIbKRRxgliZB7XBg
-t4‰vK¿d+½š¼ÎêêQrìèÌÖ¢`¯·_+§­¹K"tQ¯¥{T>s…œ| 6QzŠ1¿ÔdB B3ra))hiWËD#TcàØ•#Þœ?X­Ýƒ7@ò!¬Ê¨àø•Ä÷&[5Ùš<C399>¯',}aÛ7̶ê»ç§> ­6<C2AD>êÚ³

28
hosts/firgu/secret/snoo2nebby.age Normal file
View File

@ -0,0 +1,28 @@
age-encryption.org/v1
-> ssh-ed25519 extxyg 8bh9qqxT8ONVQFEuETptWXm7dNhEws65uzT/qa/qewY
LJDsWf4inwYUuA9+tEp1zo5coaldAzHL6gL5TV6O82M
-> ssh-ed25519 0rx8bA uPlLodKVRUG/qzcx16a3+/659feslmZ3x4/Lt+b6dnI
eprTco5qrva2RYEs3W2E6gFigR7bCXYpFXGDEamf4Lo
-> ssh-ed25519 ZvILxA oUmNooEA+bAHhzXvFdl31ih+tcDg/CKk42fHZSPSdVg
pgDMzgtpWvYg+jnP+FHTsuj9ZcYuGLHVOw4ZIRPF0i4
-> ssh-ed25519 x40ZwA Yl+mVvmy+MA0c2napnHeG0UAvKeoyqjYCnDQ5p/n/RA
zfC81V/5qp8VXPV4z5UufDa/haEvPQm/Mr3Q8MW46Bs
-> ssh-ed25519 Cb6l4g L7RTEqOYLnXuwjn1Uz+nkov5k/VKB96PlWMbA1pr9jI
9sQ7hROXXI5dQJVdee1LQQqkC6EbAzsNwJrc2nDoWuw
-> ssh-ed25519 6Sqpww qH0AmWWcPsqROahcEHjfEKr95NcBAShfY9ocC52oqwY
WEYfeyJuJNWgZ1DkQOSoL/B8PBS3zRaUsrHC9LZVH0s
-> ssh-ed25519 H5HtPA e/pN1CYVsJ6sPOhUTXj7S/cNTENJNzdK9nYQt/U66AM
11knvZvdDUOLhoHx5dkP3UtDFDtU4dFvVvfFGogavsg
-> ssh-ed25519 YcYwVA BQ39UnwIOWL656MJfqS2il/XkRGJArkkLujuvqyGmyU
4/pbDp5NTcyL7rW1ufge3WWHfQx1Nbd2XjGljkdyNPY
-> ssh-ed25519 6Mkn0Q o0nOEYWMC/pt8PuGiM6ZSZxoX/XDE7xpH5VQ5Ucv4GU
dhspWlY99db6p2FJ8LJIMb1EvZ2ePvzbNLpaPgPoRZc
-> ssh-ed25519 jO2MvQ JeBNrhVMZuCpoY2dIFE8cPUsGanBZTX7gKAITnwQiEM
jkRMfNQtEU/kts5nHP/QnQh4xkV/Kw7U+XHGqSIMm20
-> ;Bp}r-grease )M*/
KJKydWSfJaRZ5VzwpvLgF2Xvny6JvkZT1CjZf+S5O8f0cHyZJ7H/QeB60cswkMMr
b7IEAgrjB/pElp0PWtAmAgIi2H0V
--- tt38NrseQLBdPe1FOZAz0jC75BHHCSrStimqLjoZVD4
½l<EFBFBD>k,ǧ°U—ûæ
<’æ䋾þØäT‚©€ ØvCþ"Ö í:¬¨íß²_9r@€ -VTE®e=8ݯ½Ÿ¶ŠþÂÊìÀ¡·ZlSš<53>ì^J&¨ùmgÏ͉€² 3Ý$ʈ <0A>ÌîzÕ•|Â
 èp<C3A8>a(šëAŸ[’¤Žº©¿íý{ãïðØ2¯ž

2
hosts/firgu/shellbox.nix
View File

@ -84,7 +84,7 @@ in {
};
security.acme.acceptTerms = true;
security.acme.email = "me+firgu@christine.website";
security.acme.defaults.email = "me+firgu@christine.website";
systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
services.nginx = {

35
secrets.nix Normal file
View File

@ -0,0 +1,35 @@
let
xe = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPg9gYKVglnO2HQodSJt4z4mNrUSUiyJQ7b+J798bwD9 cadey@shachi"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPYr9hiLtDHgd6lZDgQMkJzvYeAXmePOrgFaWHAjJvNU cadey@kos-mos"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMOyr7PjUfbALe3+zgygnL0fQz4GhQ7qT9b0Lw+1Gzwk cadey@lufta"
];
hosts = [
# chrysalis
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDA5iXvkKyvAiMEd/5IruwKwoymC8WxH4tLcLWOSYJ1"
# itsuki
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP0eD0K2FqhkkIsUrYfmHigwbaUgOSotdSsNlLMRJiqx"
# kos-mos
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINT+TxO1wYtifFcd7b5+asgImZb5ReLV1dTj6C2qgKzK"
# lufta
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMADhGV0hKt3ZY+uBjgOXX08txBS6MmHZcSL61KAd3df"
# logos
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/P13gDGzvfbCRwLD6hXnnH8VRYLOCiQ7kbIMTK9I2w"
# ontos
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJ0MKlPgIfnS9T/sh57tz4pL5DND4RU7bXvhNCLo+8g"
# pneuma
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFMYB+fI24NlIA+Zc7G/3whu8vK4+EdGKkygrE++zTXq"
];
publicKeys = xe ++ hosts;
in {
"hosts/firgu/secret/cf.env.age".publicKeys = publicKeys;
"hosts/firgu/secret/snoo2nebby.age".publicKeys = publicKeys;
}