diff --git a/flake.lock b/flake.lock index f114c74..0d2e656 100644 --- a/flake.lock +++ b/flake.lock @@ -18,6 +18,22 @@ "type": "github" } }, + "akkoma": { + "locked": { + "lastModified": 1667411116, + "narHash": "sha256-4urYh8H5WDKV0uq2TDPS8mRxlRhoP7BKBOr7owBxNq4=", + "owner": "illdefined", + "repo": "nixpkgs", + "rev": "14512449024cd2b76e6f74279b42b2b7f97a35a8", + "type": "github" + }, + "original": { + "owner": "illdefined", + "ref": "akkoma", + "repo": "nixpkgs", + "type": "github" + } + }, "ckiee": { "locked": { "lastModified": 1651228769, @@ -492,6 +508,7 @@ "root": { "inputs": { "agenix": "agenix", + "akkoma": "akkoma", "deploy-rs": "deploy-rs", "emacs-overlay": "emacs-overlay", "home-manager": "home-manager", diff --git a/flake.nix b/flake.nix index b3238eb..e2a7ea3 100644 --- a/flake.nix +++ b/flake.nix @@ -8,7 +8,9 @@ nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; utils.url = "github:numtide/flake-utils"; emacs-overlay.url = "github:nix-community/emacs-overlay"; + nixpkgs-master.url = "nixpkgs/master"; + akkoma.url = "github:illdefined/nixpkgs/akkoma"; wsl = { url = "github:nix-community/NixOS-WSL"; @@ -44,7 +46,7 @@ }; outputs = { self, nixpkgs, deploy-rs, home-manager, agenix, printerfacts, mara - , rhea, waifud, emacs-overlay, wsl, x, nixpkgs-master, ... }: + , rhea, waifud, emacs-overlay, wsl, x, nixpkgs-master, akkoma, ... }: let pkgs = nixpkgs.legacyPackages."x86_64-linux"; pkgsMaster = nixpkgs-master.legacyPackages."x86_64-linux"; @@ -66,7 +68,10 @@ nixpkgs.overlays = [ emacs-overlay.overlay (self: super: { - nginxStable = super.nginxStable.override { openssl = super.libressl; }; + nginxStable = + super.nginxStable.override { openssl = super.libressl; }; + inherit (akkoma.legacyPackages.${super.system}) + akkoma akkoma-frontends; }) ]; }) @@ -218,6 +223,15 @@ ]; # cloud + akko = mkSystem [ + ({ ... }: { + imports = + [ "${akkoma}/nixos/modules/services/web-apps/akkoma.nix" ]; + }) + ./hosts/akko + ./hardware/location/YYZ + ]; + firgu = mkSystem [ ./hosts/firgu ./hardware/location/YYZ ]; # vms @@ -225,15 +239,14 @@ hugo = mkSystem [ ./hosts/vm/hugo ./hardware/libvirt-generic ]; }; - deploy.nodes.chrysalis = { - hostname = "192.168.2.29"; + deploy.nodes.akko = { + hostname = "akko.within.website"; sshUser = "root"; - fastConnection = true; profiles.system = { user = "root"; path = deploy-rs.lib.x86_64-linux.activate.nixos - self.nixosConfigurations.chrysalis; + self.nixosConfigurations.akko; }; }; @@ -248,6 +261,18 @@ }; }; + deploy.nodes.chrysalis = { + hostname = "192.168.2.29"; + sshUser = "root"; + fastConnection = true; + + profiles.system = { + user = "root"; + path = deploy-rs.lib.x86_64-linux.activate.nixos + self.nixosConfigurations.chrysalis; + }; + }; + deploy.nodes.itsuki = { hostname = "192.168.2.174"; sshUser = "root"; diff --git a/hosts/akko/blocklist.nix b/hosts/akko/blocklist.nix new file mode 100644 index 0000000..78dac05 --- /dev/null +++ b/hosts/akko/blocklist.nix @@ -0,0 +1,101 @@ +{ + # Automated moderation list + # Largely borrowed from https://github.com/chaossocial/about/blob/master/blocked_instances.md + + media_nsfw = { "sinblr.com" = "Untagged NSFW content"; }; + + reject = { + "bae.st" = ''Discrimination, racism, "free speech zone"²''; + "baraag.net" = "Lolicon"; + "beta.birdsite.live" = "Twitter crossposter"; + "birb.elfenban.de" = "Twitter crossposter"; + "bird.evilcyberhacker.net" = "Twitter crossposter"; + "bird.froth.zone" = "Twitter crossposter"; + "bird.nzbr.de" = "Twitter crossposter"; + "birdbots.leptonics.com" = "Twitter crossposter"; + "birdsite.b93.dece.space" = "Twitter crossposter"; + "birdsite.link" = "Twitter crossposter"; + "birdsite.monster" = "Twitter crossposter"; + "birdsite.slashdev.space" = "Twitter crossposter"; + "birdsitelive.treffler.cloud" = "Twitter crossposter"; + "birdsite.thorlaksson.com" = "Twitter crossposter"; + "birdsite.wilde.cloud" = "Twitter crossposter"; + "bridge.birb.space" = "Twitter crossposter"; + "brighteon.social" = ''"free speech zone"²''; + "cawfee.club" = ''Discrimination, racism, "free speech zone"²''; + "chudbuds.lol" = ''Discrimination, racism, "free speech zone"²''; + "club.darknight-coffee.eu" = ''"free speech zone"²''; + "comfyboy.club" = "Discrimination, racism"; + "daishouri.moe" = "Fascism, openly advertises with swastika"; + "detroitriotcity.com" = ''Discrimination, racism, "free speech zone"²''; + "freeatlantis.com" = "Conspiracy theory instance"; + "freefedifollowers.ga" = "Follower spam"; + "frennet.link" = ''Discrimination, racism, "free speech zone"²''; + "freespeechextremist.com" = ''Discrimination, racism, "free speech zone"²''; + "f.haeder.net" = "Discrimination"; + "gab.com, gab.ai" = ''Discrimination, racism, "free speech zone"²''; + "gameliberty.club" = ''"free speech zone"²''; + "gegenstimme.tv" = ''"free speech zone"²''; + "gitmo.life" = ''"free speech zone"²''; + "glindr.org" = "Discrimination"; + "glowers.club" = ''Discrimination, racism, "free speech zone"²''; + "honkwerx.tech" = "Racism"; + "iddqd.social" = ''Discrimination, racism, "free speech zone"²''; + "itmslaves.com" = ''"free speech zone"², noagenda affiliated''; + "jaeger.website" = ''Discrimination, racism, "free speech zone"²''; + "kenfm.quadplay.tv" = "Conspiracy videos"; + "kiwifarms.cc" = "Discrimination"; + "libre.tube" = + "Promotion of violence and murder, multiple other violations of our rules"; + "lolicon.rocks" = "Lolicon"; + "mastodon.network" = "Imperaonation linking to porn"; + "mastodon.popps.org" = "Homophobia"; + "meta-tube.de" = + "Conspiracy, CoVid19 denier videos https://fediblock.org/blocklist/#meta-tube.de"; + "midnightride.rs" = "Discrimination"; + "mstdn.foxfam.club" = "Right wing twitter mirror"; + "nicecrew.digital" = ''Discrimination, racism, "free speech zone"²''; + "ns.auction" = "Racism etc"; + "newjack.city" = "Exclusive to unwanted follow bots"; + "noagendasocial.com" = ''"free speech zone"², harassment''; + "ohai.su" = "Offline"; + "outpoa.st" = ''"free speech zone"''; + "pawoo.net" = "Untagged nfsw content, unwanted follow bots, lolicon***"; + "paypig.org" = "Racism"; + "pieville.net" = "Racism, antisemitism"; + "play.xmr.101010.pl" = "Cryptomining"; + "pleroma.rareome.ga" = + "Doesn't respect blocks or status privacy, lolicons³"; + "pleroma.kitsunemimi.club" = "Discrimination"; + "pleroma.narrativerry.xyz" = + ''Discrimination, racism, "free speech zone"²''; + "pleroma.nobodyhasthe.biz" = "Doxxing and discrimination"; + "pl.natehiggers.online" = "Racism"; + "pl.info.natehiggers.online" = "Racism"; + "pl.tkammer.de" = "Transphobia"; + "poa.st" = "Discrimination"; + "shitpost.cloud" = ''"Free speech zone"²''; + "shitposter.club" = ''"Free speech zone"²''; + "skippers-bin.com" = "Same admin as neckbeard.xyz, same behaviour"; + "sneak.berlin" = "privacy violation"; + "social.urspringer.de" = "Conspiracy, CoVid19 denier"; + "social.ancreport.com" = ''Discrimination, racism, "free speech zone"²''; + "socnet.supes.com" = ''Right wing "free speech zone"²''; + "solagg.com" = "Scammers"; + "spinster.xyz" = "Discrimination"; + "toot.canberrasocial.net" = ''"free speech zone"²''; + "truthsocial.co.in" = "Alt-right trolls"; + "tube.kenfm.de" = "Conspiracy videos"; + "tube.querdenken-711.de" = "Conspiracy videos"; + "twitter.activitypub.actor" = "Twitter crossposting bots breaking mentions"; + "twtr.plus" = "Twitter crossposting bots breaking mentions"; + "varishangout.net" = "Transphobia, aggressive trolling"; + "wiki-tube.de" = "Right wing conspiracy videos"; + "wintermute.fr.to" = "Discrimination"; + "yggdrasil.social" = "Discrimination"; + }; + + followers_only = { + "beta.birdsite.live" = "Avoid polluting timelines with Twitter posts"; + }; +} diff --git a/hosts/akko/default.nix b/hosts/akko/default.nix new file mode 100644 index 0000000..4f0ac70 --- /dev/null +++ b/hosts/akko/default.nix @@ -0,0 +1,81 @@ +{ pkgs, lib, ... }: +let vhost = "akko.within.website"; +in { + services.akkoma = { + enable = true; + config = let inherit ((pkgs.formats.elixirConf { }).lib) mkRaw mkMap; + in { + ":pleroma"."Pleroma.Web.Endpoint".url.host = vhost; + ":pleroma".":media_proxy".enabled = true; + ":pleroma".":instance" = { + name = "Within's Bot Zone"; + description = + "Within's akkoma server for testing and bot deployment, antifash edition"; + email = "akko@xeserv.us"; + notify_email = "akko@xeserv.us"; + + registrations_open = false; + invites_enabled = true; + + limit = 69420; + remote_limit = 100000; + max_pinned_statuses = 10; + max_account_fields = 100; + + limit_to_local_content = mkRaw ":unauthenticated"; + healthcheck = true; + cleanup_attachments = true; + allow_relay = true; + }; + ":pleroma".":mrf".policies = + map mkRaw [ "Pleroma.Web.ActivityPub.MRF.SimplePolicy" ]; + + # To allow configuration from admin-fe + ":pleroma".":configurable_from_database" = false; + + # S3 setup + ":pleroma"."Pleroma.Upload" = { + uploader = mkRaw "Pleroma.Uploaders.S3"; + base_url = "https://s3.us-west-000.backblazeb2.com"; + strip_exif = false; + }; + ":pleroma"."Pleroma.Uploaders.S3".bucket = "xeserv-akko"; + ":ex_aws".":s3" = { + access_key_id._secret = "/var/lib/secrets/akkoma/b2_key_id"; + secret_access_key._secret = "/var/lib/secrets/akkoma/b2_app_key"; + host = "s3.us-west-001.backblazeb2.com"; + }; + + # Automated moderation settings + # Borrowed from https://github.com/chaossocial/about/blob/master/blocked_instances.md + ":pleroma".":mrf_simple" = let blocklist = import ./blocklist.nix; + in { + media_nsfw = mkMap blocklist.media_nsfw; + reject = mkMap blocklist.reject; + followers_only = mkMap blocklist.followers_only; + }; + }; + + nginx = { + enableACME = true; + forceSSL = true; + }; + }; + + services.postgresql.enable = true; + + age.secrets = { + akko-keyid = { + file = ../../secret/akko-keyid.age; + path = "/var/lib/secrets/akkoma/b2_key_id"; + owner = "akkoma"; + group = "akkoma"; + }; + akko-applicationkey = { + file = ../../secret/akko-applicationkey.age; + path = "/var/lib/secrets/akkoma/b2_app_key"; + owner = "akkoma"; + group = "akkoma"; + }; + }; +} diff --git a/hosts/chrysalis/secret/mara.age b/hosts/chrysalis/secret/mara.age index 6268b95..0bf34c9 100644 Binary files a/hosts/chrysalis/secret/mara.age and b/hosts/chrysalis/secret/mara.age differ diff --git a/hosts/firgu/secret/cf.env.age b/hosts/firgu/secret/cf.env.age index c9f3430..af41adb 100644 --- a/hosts/firgu/secret/cf.env.age +++ b/hosts/firgu/secret/cf.env.age @@ -1,28 +1,29 @@ age-encryption.org/v1 --> ssh-ed25519 jO2MvQ pIQesnWtmau/RfbRYQKyJvmNmAeGZQsGieWh+ogbTQ4 -r8XEFFqdHf5Oi/G9UQUFJ6MTSiBKCCrBzT8sXjYFpyk --> ssh-ed25519 txQL9A r3OhPRLxv0rxEXpwGMxKA0vBF/ZmmiB2wDCGVgcv53w -qDm7VhrUaOXhf05CGQAIIrcFRDScBBBxIua67yc60gg --> ssh-ed25519 YcYwVA ddLAQL+nxqE7nLV4GlNnbKS2ZA+Q8sdVxkAgc5Q2iBQ -1PaXs+ey4XdagxZhiGXeS8aRp3B66QbXb4+iRLfeNwY --> ssh-ed25519 H5HtPA oDv0XpL35VRE/kw0BQ9/OU0nJJ6+UYA7SB/Wtu/yHlw -rTlMEqW+85vCmsGJ3ng0al+IaLNGy2vIvWxh+gh3J+c --> ssh-ed25519 Yy06mw xPgDydZNhSWLekHZr7rur/rKKjaQarDZYVMz/EyaYns -FLRsP8/DOMLChjrJvpW6zcXmKah2WvLY2IF05CKsswg --> ssh-ed25519 6Sqpww aZ1po8f+d0rGEOEOfNck38DT+jQ4aF/idh4D/ySDNXQ -xRfQGwaq2NvDYokR97Q249A51FyMEXqjSYqfvrf8s1g --> ssh-ed25519 Cb6l4g vwOdY5kdVUXhhuaIBtzv0LuxNKIFrq5u63dhTKwMT3I -JBZ/vtXVy49C4XUcXX9A2D5d0Y3lUrdMOOwXLGbFChU --> ssh-ed25519 x40ZwA uHKDi+iFhShnNeG3/Zt6R5J4hiUnP5PBc39O7hCC4jM -W7qXeTZaVzluKtLDJr2t5GWYYjZ3BIl4nQ3HRM+AA4w --> ssh-ed25519 ZvILxA zcTc+IFOH2KmICNu+ONfRUtb+NP9T8Vg/tUzaqLO0HQ -S85K1y17EFMZUlNclxgE3A5hJgOXsy/UOXXeoVWSHk8 --> ssh-ed25519 0rx8bA AjVOOZ9wysPdl4PGqWmAzXSB/6yccfaTySNMFoBwoF8 -PQvy7noDqRfO4YWqXMUHIrgS5PlFMl8nJaRtbApnUxQ --> ssh-ed25519 extxyg zHO+lKhI+iPJifa8Hgujno8wI3Z7Y0vHWZJUKug33Bw -NRaOhy8Z0vRRBUa0HDoDQX/d/Y/AGjM2GXydKguz1m8 --> oe>Ra-grease S8qQ -SjxElkhSXw18QxOtEbbtoRHh1bzaUlONSxRGDLbPi7z5y8U ---- qEuOe0WeBMjxb/a01/P0LCl73qwTaLxye9zXBnGuzsM -$ƋW*F -Q/xjG* L023ws;8DsyRGnЬ dJ9m$ KTҹXEp# 3ZxS#gDYMllҏ7 \ No newline at end of file +-> ssh-ed25519 jO2MvQ B4o+wf0/7uSaCKhqXFonCmt0T+iX32vYV+kmdxcxVms +fM3lPp4f9xqwuVEjzoxooRwQ+XQ12ZlWD3Uc+207o6Y +-> ssh-ed25519 txQL9A 8XJSR3t8ra29z0i3waiT7Nakoewn0gbGFE0pNGD9FXE +3O26rWrypJJpnZOdz1jDyx3HSCrSdlvNrwcL9YPkayE +-> ssh-ed25519 YcYwVA En57OQlYYTV0uKZEhWpuLja9ftpYlyMf1Ya0WfwPNHc +/opq3HkegZJ0n6PUUMQ+IwJIIWPyS5iDg+eBmBkzr0g +-> ssh-ed25519 rIaBGw sH57uN8E+vMqsyL+ff7yy4gXkKpKGjcQfq0FjA+IKgY +o9ugEFkzIyFT9g+urYiigOVBhKmUEDl1siuYn4kaAuw +-> ssh-ed25519 H5HtPA wvps1ztkVfA5bepwO5wM553va48M16uH7GRorVl9kx8 +SprnYzqV5KaY29c3lxdNcfe7hKeIDWboDPZPCIfIERQ +-> ssh-ed25519 Yy06mw XrYuXplius2EVgcwJx1y/7NP01zB/EEbOie417MXXlM +mQnZJFVRN3Py6o8dfQqexx3ihCzy0SmHZBceOuGzzwQ +-> ssh-ed25519 6Sqpww LGKa5UIJ8wG7iWUQ4O4xR3a76jViCZrD3MAu1nb/+Wk +XZDlQgl+CfrzGv8NZKMZ/cb7CHNONFovkYUV83kgJNk +-> ssh-ed25519 Cb6l4g /lE16gf1g2g5mD6MfzDCfHYuKPHfxyPkFSpkwrxc6HM +5L5G2oOLEYbEJaPSbN9SnYi7aS/oR6NwivXqSIAJ9ng +-> ssh-ed25519 x40ZwA tqUpIQe2AlhUfCjcqe67yLDqrw5XhakmJrc2j38+2l4 +zxL1Un7av5KZKLp2XXhxD+SN1xGECWaQvkIf3AfIl8I +-> ssh-ed25519 ZvILxA u1dP4OV50cnHLXjZaYIV12dZizz8OvXC1ZUucVELawc +o5IhCfR88frboL043ttoIWc2ZCH4f1aRNBJ9QI7MYZ8 +-> ssh-ed25519 0rx8bA Zd1exdxFlBu36wumDbrXPkQSr4C/nAXwpHEo/oJShkE +2vQ6yv6yI8MpbwVSvVG1eX1OGAiDV8b8A7y6jX2rV8A +-> ssh-ed25519 extxyg K0sHjTnwVizgxCY5QYqNpCzhsPdnvE5rClwMG3zQDDA +88j0VELnqiPgkVIg2cOAZ/cu02cwf6dYMQTsfcv0lEI +-> d%]OE]y6-grease k/mP@ -E%$MbH$ $[\c;k l< +cfSJAYw4AgoS1bw9biaaMmCnC/Ko +--- Ju193fSw4jWT/RyZZd0DTPOZNYeHzU4fuD3iSfjRBlY +@A*&y}ad+>,Ӝ>yѱB(@ʚ(r7O޸)e\V'~x}=?jPeEk`U9Ԑm0 \ No newline at end of file diff --git a/hosts/firgu/secret/snoo2nebby.age b/hosts/firgu/secret/snoo2nebby.age index b3a1b3a..77bef2f 100644 Binary files a/hosts/firgu/secret/snoo2nebby.age and b/hosts/firgu/secret/snoo2nebby.age differ diff --git a/secret/akko-applicationkey.age b/secret/akko-applicationkey.age new file mode 100644 index 0000000..a7fa5da --- /dev/null +++ b/secret/akko-applicationkey.age @@ -0,0 +1,29 @@ +age-encryption.org/v1 +-> ssh-ed25519 jO2MvQ sBID6yHFY+5SUNW7FI1JtsXSi7Y2DWYEHx41ZGJT8VU +M/vAI/71d00ABQQymq8YyX38QGh4716Snfdms9kjljw +-> ssh-ed25519 txQL9A vrM5MmCmtMOsOdEzSshWb/gW6eCvb2mDTQUvFEUvLms ++3sKz7mAfzaMetzgjJ/ZMzKueHjVeuL/lxFzoDSFw5w +-> ssh-ed25519 YcYwVA ymW83vZA9PEOk9BZ8etnnWmM5siD1bj8BEshedmlWis +gdleLahHgd8qVsYZ0NvlzGR43ZAWQYxXVFy6wlGQyZU +-> ssh-ed25519 rIaBGw fbnAlw88PH2AjsMukwxrHSYntvUt56L5kgxwurPskW8 +h5xbpp2pojx98aTD+Xomm6V1dakOKyIOeg6I1LYNsYI +-> ssh-ed25519 H5HtPA ha3gAEI8y3CrTv5gVJOCUXFOObkaXMtRkdhrMOPJTFA +0YyhvAsbhJjFCrGj6lq2CEUN7jU1xY5Ffukq/qVxpak +-> ssh-ed25519 Yy06mw wnuwjJVLz1krrSrHMQL6dVMmnU4CG/CA7rBZZ2jIWB0 +7TY5AsvJy1nQVcpPkQleDX7ptRLsS+Pu35OCEce8TmM +-> ssh-ed25519 6Sqpww vHxc6MIbo4Krw4a6A2mk5wzb0OHjoTD6II8zlPrVmDc +8DB74f6fFr6nO4MXwM+/RcTHxd13ta9IeBESd6TWk+0 +-> ssh-ed25519 Cb6l4g KJQbjfkyarWw+tZ3EAJGeEd/Ex0PcOwDBVlfLttd2hY +5LhL8gRbWOIwC/NoHg3x3c0pUq8375AGzYlmFONN1qA +-> ssh-ed25519 x40ZwA L4jUJ1IbXuETrm+eaq/xcofwgs1hraiUFlPQJOSaF2E +0lsGCD3dL+CEvo9dkpkxUmfYTeLJ/07psDHWzSTbv/Q +-> ssh-ed25519 ZvILxA Z7hHx+Md+S0kg2LK6rIf8bPfNswaaXhw6CoZhAh03G8 +ZCJM1wtMhc/eXrMtKgy+q8WF/PzrmNlr/S2EVbzHmYc +-> ssh-ed25519 0rx8bA 3UhkiASVAzT4LVEpGKPz9ubUZTKwZ9XdN9qVsXo9GjE +Ew9Ln33+yz8mFKqPxsYTXIGmQWGPC9YSaWua9AxSOac +-> ssh-ed25519 extxyg u6jQf0ynHNeuFHBgYWficGuX+n+ZTc/PhbJn+g57dFw +Twy1nX1VLcFjlhTyagqS/tYCJ3XdJd2wmW4gyGPC+mg +-> 6#iv^QYS-grease +alb8dDgU6YOHXrcUcY54G88g3HgBEmODGiZwHq60dV/WVCy9qN+g +--- DmuBDeYyr+rT2873Kwe/rkUP4oW/ebEWPz2xNqMiMqQ +Z.:Zhw#kG }Soo 1d|YGlDp\π`9 \ No newline at end of file diff --git a/secret/akko-keyid.age b/secret/akko-keyid.age new file mode 100644 index 0000000..369ea79 Binary files /dev/null and b/secret/akko-keyid.age differ diff --git a/secret/aws-within.website.age b/secret/aws-within.website.age new file mode 100644 index 0000000..fdf7fa7 --- /dev/null +++ b/secret/aws-within.website.age @@ -0,0 +1,31 @@ +age-encryption.org/v1 +-> ssh-ed25519 jO2MvQ TodkKmnVirM8GHR/iAUQW2vsvD5H99a6zyTeHAfjCz0 +0KL47BKaGpR/lfgjHj/axuM7JU5pF10eZtMaV/QdX1Y +-> ssh-ed25519 txQL9A iAvjNqDtQzNuYtschwv1fo7smWZq0el2kPQl9ORnn2w +kLk1Ze/EETBRQHeU38J2SW2jhPwHogpZO80Q86Md28s +-> ssh-ed25519 YcYwVA bXXJF+bFVcPPFzNabLMoC5OcfKeIP2QEmv6kl97cuGY +D7rhIIr8+c7n3wGywGE8lWbk1iTLqDXpr2VRb0vN6JU +-> ssh-ed25519 rIaBGw r728K0bANMZmE+UprCN5S6tWFM3nAKNN+f1oB2cXlkg ++mZSGuFa2GQDc+dzvDR3kOqzJ2VGNV8txQ9qsoFazyg +-> ssh-ed25519 H5HtPA tWom8kAvJ8uwGX4ycHI//GXv2wFuGMsNdz8Zw9a1TyA +/HPz71QW6JpaQjqhJU6XqQtO/SylP1Jg8ywMwWeyjpg +-> ssh-ed25519 Yy06mw +8H0CNeESK9vBym3BmqmcpInMT3FxlZ51B/lMNwFo04 +BAPvf7p1v0rJ1/kxtNj97u2gFeoho2ixLQI5Jvs2JTA +-> ssh-ed25519 6Sqpww zW4KMHR/AtQZFSf4374VTFixkQ5daD4+lrdqgtXxWjc +YUXyne62AfDWMdDz5j66cGXJQd19MkSchph8+RMqZac +-> ssh-ed25519 Cb6l4g 7eAmEUjqR2xkiNZMnQbx4Rauuiw4TJtq0s+lwSdMxSU +hn9l6RiF3YUYwDx3HbOcd+8AVp+eKxd5s5G3Obeoze4 +-> ssh-ed25519 x40ZwA hxLvba5bfer+18O3xqg1uMrILdUmfRoJfrjbqeBpVnQ +1ZUSQ+R5Jgleuo+SiV2z567cPUG3Ql5Hx0hHX+uLN2E +-> ssh-ed25519 ZvILxA BXu5VFw343ZAuaKhRnAhHc8AzazdWXEmNBoBA4NXSX4 +QmASL6kpsF+39q0AZlg3nYoS8SfXCx+xKj4L2/2cIyo +-> ssh-ed25519 0rx8bA hhtaTd5jctKskvFx1ggRFZkRgwU33KYGxmfVKS2jgi4 +lDjYS82GDytozVbOsEN/0dCyiroOZH2rB0A+cJDReKo +-> ssh-ed25519 extxyg DOMYenbAAgufIUO0m1+ZLub9AVaFC0wchBDp4mDMbyg +qUdmPfviYaFie8GY1k0BzFLBskiXhBRJShYCnu8ab2M +-> *"k-grease y_`)i+ }z*zZ4Nw [3F3u +3YWnyuyMBmwiLsa/fOqUFtK8qkWdFRx/uKSBjdpm9+TmM8Ja +--- qTlo1JM8IoPht4ku+oseK7Zf0JzXbBVPRYM62lKsKK0 +~0cYT; +aUCI~X2HY +moܫ"U#P5$ HlEyM}ϝXH^@#PmJ"ĩ=/wo#s,%x]@<+t] \ No newline at end of file diff --git a/secret/robocadey.age b/secret/robocadey.age index 601365c..8bfd19a 100644 Binary files a/secret/robocadey.age and b/secret/robocadey.age differ diff --git a/secrets.nix b/secrets.nix index ff73085..2a3d778 100644 --- a/secrets.nix +++ b/secrets.nix @@ -6,6 +6,9 @@ let ]; hosts = [ + # akko + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKTRkq4ZX6hckN+WlChBoQyoNfB3c+QTNO0HwGaMq/cc" + # chrysalis "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDA5iXvkKyvAiMEd/5IruwKwoymC8WxH4tLcLWOSYJ1" @@ -37,5 +40,8 @@ in { "hosts/firgu/secret/cf.env.age".publicKeys = publicKeys; "hosts/firgu/secret/snoo2nebby.age".publicKeys = publicKeys; + "secret/aws-within.website.age".publicKeys = publicKeys; "secret/robocadey.age".publicKeys = publicKeys; + "secret/akko-keyid.age".publicKeys = publicKeys; + "secret/akko-applicationkey.age".publicKeys = publicKeys; }