From 74b6539fb37743c9f7fb68632943672d25a26012 Mon Sep 17 00:00:00 2001 From: Xe Date: Fri, 4 Nov 2022 17:00:40 -0400 Subject: [PATCH] akko akko uwu Signed-off-by: Xe --- flake.lock | 17 +++++ flake.nix | 37 +++++++++-- hosts/akko/blocklist.nix | 101 ++++++++++++++++++++++++++++++ hosts/akko/default.nix | 81 ++++++++++++++++++++++++ hosts/chrysalis/secret/mara.age | Bin 1761 -> 1788 bytes hosts/firgu/secret/cf.env.age | 55 ++++++++-------- hosts/firgu/secret/snoo2nebby.age | Bin 1562 -> 1607 bytes secret/akko-applicationkey.age | 29 +++++++++ secret/akko-keyid.age | Bin 0 -> 1552 bytes secret/aws-within.website.age | 31 +++++++++ secret/robocadey.age | Bin 1596 -> 1712 bytes secrets.nix | 6 ++ 12 files changed, 324 insertions(+), 33 deletions(-) create mode 100644 hosts/akko/blocklist.nix create mode 100644 hosts/akko/default.nix create mode 100644 secret/akko-applicationkey.age create mode 100644 secret/akko-keyid.age create mode 100644 secret/aws-within.website.age diff --git a/flake.lock b/flake.lock index f114c74..0d2e656 100644 --- a/flake.lock +++ b/flake.lock @@ -18,6 +18,22 @@ "type": "github" } }, + "akkoma": { + "locked": { + "lastModified": 1667411116, + "narHash": "sha256-4urYh8H5WDKV0uq2TDPS8mRxlRhoP7BKBOr7owBxNq4=", + "owner": "illdefined", + "repo": "nixpkgs", + "rev": "14512449024cd2b76e6f74279b42b2b7f97a35a8", + "type": "github" + }, + "original": { + "owner": "illdefined", + "ref": "akkoma", + "repo": "nixpkgs", + "type": "github" + } + }, "ckiee": { "locked": { "lastModified": 1651228769, @@ -492,6 +508,7 @@ "root": { "inputs": { "agenix": "agenix", + "akkoma": "akkoma", "deploy-rs": "deploy-rs", "emacs-overlay": "emacs-overlay", "home-manager": "home-manager", diff --git a/flake.nix b/flake.nix index b3238eb..e2a7ea3 100644 --- a/flake.nix +++ b/flake.nix @@ -8,7 +8,9 @@ nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; utils.url = "github:numtide/flake-utils"; emacs-overlay.url = "github:nix-community/emacs-overlay"; + nixpkgs-master.url = "nixpkgs/master"; + akkoma.url = "github:illdefined/nixpkgs/akkoma"; wsl = { url = "github:nix-community/NixOS-WSL"; @@ -44,7 +46,7 @@ }; outputs = { self, nixpkgs, deploy-rs, home-manager, agenix, printerfacts, mara - , rhea, waifud, emacs-overlay, wsl, x, nixpkgs-master, ... }: + , rhea, waifud, emacs-overlay, wsl, x, nixpkgs-master, akkoma, ... }: let pkgs = nixpkgs.legacyPackages."x86_64-linux"; pkgsMaster = nixpkgs-master.legacyPackages."x86_64-linux"; @@ -66,7 +68,10 @@ nixpkgs.overlays = [ emacs-overlay.overlay (self: super: { - nginxStable = super.nginxStable.override { openssl = super.libressl; }; + nginxStable = + super.nginxStable.override { openssl = super.libressl; }; + inherit (akkoma.legacyPackages.${super.system}) + akkoma akkoma-frontends; }) ]; }) @@ -218,6 +223,15 @@ ]; # cloud + akko = mkSystem [ + ({ ... }: { + imports = + [ "${akkoma}/nixos/modules/services/web-apps/akkoma.nix" ]; + }) + ./hosts/akko + ./hardware/location/YYZ + ]; + firgu = mkSystem [ ./hosts/firgu ./hardware/location/YYZ ]; # vms @@ -225,15 +239,14 @@ hugo = mkSystem [ ./hosts/vm/hugo ./hardware/libvirt-generic ]; }; - deploy.nodes.chrysalis = { - hostname = "192.168.2.29"; + deploy.nodes.akko = { + hostname = "akko.within.website"; sshUser = "root"; - fastConnection = true; profiles.system = { user = "root"; path = deploy-rs.lib.x86_64-linux.activate.nixos - self.nixosConfigurations.chrysalis; + self.nixosConfigurations.akko; }; }; @@ -248,6 +261,18 @@ }; }; + deploy.nodes.chrysalis = { + hostname = "192.168.2.29"; + sshUser = "root"; + fastConnection = true; + + profiles.system = { + user = "root"; + path = deploy-rs.lib.x86_64-linux.activate.nixos + self.nixosConfigurations.chrysalis; + }; + }; + deploy.nodes.itsuki = { hostname = "192.168.2.174"; sshUser = "root"; diff --git a/hosts/akko/blocklist.nix b/hosts/akko/blocklist.nix new file mode 100644 index 0000000..78dac05 --- /dev/null +++ b/hosts/akko/blocklist.nix @@ -0,0 +1,101 @@ +{ + # Automated moderation list + # Largely borrowed from https://github.com/chaossocial/about/blob/master/blocked_instances.md + + media_nsfw = { "sinblr.com" = "Untagged NSFW content"; }; + + reject = { + "bae.st" = ''Discrimination, racism, "free speech zone"²''; + "baraag.net" = "Lolicon"; + "beta.birdsite.live" = "Twitter crossposter"; + "birb.elfenban.de" = "Twitter crossposter"; + "bird.evilcyberhacker.net" = "Twitter crossposter"; + "bird.froth.zone" = "Twitter crossposter"; + "bird.nzbr.de" = "Twitter crossposter"; + "birdbots.leptonics.com" = "Twitter crossposter"; + "birdsite.b93.dece.space" = "Twitter crossposter"; + "birdsite.link" = "Twitter crossposter"; + "birdsite.monster" = "Twitter crossposter"; + "birdsite.slashdev.space" = "Twitter crossposter"; + "birdsitelive.treffler.cloud" = "Twitter crossposter"; + "birdsite.thorlaksson.com" = "Twitter crossposter"; + "birdsite.wilde.cloud" = "Twitter crossposter"; + "bridge.birb.space" = "Twitter crossposter"; + "brighteon.social" = ''"free speech zone"²''; + "cawfee.club" = ''Discrimination, racism, "free speech zone"²''; + "chudbuds.lol" = ''Discrimination, racism, "free speech zone"²''; + "club.darknight-coffee.eu" = ''"free speech zone"²''; + "comfyboy.club" = "Discrimination, racism"; + "daishouri.moe" = "Fascism, openly advertises with swastika"; + "detroitriotcity.com" = ''Discrimination, racism, "free speech zone"²''; + "freeatlantis.com" = "Conspiracy theory instance"; + "freefedifollowers.ga" = "Follower spam"; + "frennet.link" = ''Discrimination, racism, "free speech zone"²''; + "freespeechextremist.com" = ''Discrimination, racism, "free speech zone"²''; + "f.haeder.net" = "Discrimination"; + "gab.com, gab.ai" = ''Discrimination, racism, "free speech zone"²''; + "gameliberty.club" = ''"free speech zone"²''; + "gegenstimme.tv" = ''"free speech zone"²''; + "gitmo.life" = ''"free speech zone"²''; + "glindr.org" = "Discrimination"; + "glowers.club" = ''Discrimination, racism, "free speech zone"²''; + "honkwerx.tech" = "Racism"; + "iddqd.social" = ''Discrimination, racism, "free speech zone"²''; + "itmslaves.com" = ''"free speech zone"², noagenda affiliated''; + "jaeger.website" = ''Discrimination, racism, "free speech zone"²''; + "kenfm.quadplay.tv" = "Conspiracy videos"; + "kiwifarms.cc" = "Discrimination"; + "libre.tube" = + "Promotion of violence and murder, multiple other violations of our rules"; + "lolicon.rocks" = "Lolicon"; + "mastodon.network" = "Imperaonation linking to porn"; + "mastodon.popps.org" = "Homophobia"; + "meta-tube.de" = + "Conspiracy, CoVid19 denier videos https://fediblock.org/blocklist/#meta-tube.de"; + "midnightride.rs" = "Discrimination"; + "mstdn.foxfam.club" = "Right wing twitter mirror"; + "nicecrew.digital" = ''Discrimination, racism, "free speech zone"²''; + "ns.auction" = "Racism etc"; + "newjack.city" = "Exclusive to unwanted follow bots"; + "noagendasocial.com" = ''"free speech zone"², harassment''; + "ohai.su" = "Offline"; + "outpoa.st" = ''"free speech zone"''; + "pawoo.net" = "Untagged nfsw content, unwanted follow bots, lolicon***"; + "paypig.org" = "Racism"; + "pieville.net" = "Racism, antisemitism"; + "play.xmr.101010.pl" = "Cryptomining"; + "pleroma.rareome.ga" = + "Doesn't respect blocks or status privacy, lolicons³"; + "pleroma.kitsunemimi.club" = "Discrimination"; + "pleroma.narrativerry.xyz" = + ''Discrimination, racism, "free speech zone"²''; + "pleroma.nobodyhasthe.biz" = "Doxxing and discrimination"; + "pl.natehiggers.online" = "Racism"; + "pl.info.natehiggers.online" = "Racism"; + "pl.tkammer.de" = "Transphobia"; + "poa.st" = "Discrimination"; + "shitpost.cloud" = ''"Free speech zone"²''; + "shitposter.club" = ''"Free speech zone"²''; + "skippers-bin.com" = "Same admin as neckbeard.xyz, same behaviour"; + "sneak.berlin" = "privacy violation"; + "social.urspringer.de" = "Conspiracy, CoVid19 denier"; + "social.ancreport.com" = ''Discrimination, racism, "free speech zone"²''; + "socnet.supes.com" = ''Right wing "free speech zone"²''; + "solagg.com" = "Scammers"; + "spinster.xyz" = "Discrimination"; + "toot.canberrasocial.net" = ''"free speech zone"²''; + "truthsocial.co.in" = "Alt-right trolls"; + "tube.kenfm.de" = "Conspiracy videos"; + "tube.querdenken-711.de" = "Conspiracy videos"; + "twitter.activitypub.actor" = "Twitter crossposting bots breaking mentions"; + "twtr.plus" = "Twitter crossposting bots breaking mentions"; + "varishangout.net" = "Transphobia, aggressive trolling"; + "wiki-tube.de" = "Right wing conspiracy videos"; + "wintermute.fr.to" = "Discrimination"; + "yggdrasil.social" = "Discrimination"; + }; + + followers_only = { + "beta.birdsite.live" = "Avoid polluting timelines with Twitter posts"; + }; +} diff --git a/hosts/akko/default.nix b/hosts/akko/default.nix new file mode 100644 index 0000000..4f0ac70 --- /dev/null +++ b/hosts/akko/default.nix @@ -0,0 +1,81 @@ +{ pkgs, lib, ... }: +let vhost = "akko.within.website"; +in { + services.akkoma = { + enable = true; + config = let inherit ((pkgs.formats.elixirConf { }).lib) mkRaw mkMap; + in { + ":pleroma"."Pleroma.Web.Endpoint".url.host = vhost; + ":pleroma".":media_proxy".enabled = true; + ":pleroma".":instance" = { + name = "Within's Bot Zone"; + description = + "Within's akkoma server for testing and bot deployment, antifash edition"; + email = "akko@xeserv.us"; + notify_email = "akko@xeserv.us"; + + registrations_open = false; + invites_enabled = true; + + limit = 69420; + remote_limit = 100000; + max_pinned_statuses = 10; + max_account_fields = 100; + + limit_to_local_content = mkRaw ":unauthenticated"; + healthcheck = true; + cleanup_attachments = true; + allow_relay = true; + }; + ":pleroma".":mrf".policies = + map mkRaw [ "Pleroma.Web.ActivityPub.MRF.SimplePolicy" ]; + + # To allow configuration from admin-fe + ":pleroma".":configurable_from_database" = false; + + # S3 setup + ":pleroma"."Pleroma.Upload" = { + uploader = mkRaw "Pleroma.Uploaders.S3"; + base_url = "https://s3.us-west-000.backblazeb2.com"; + strip_exif = false; + }; + ":pleroma"."Pleroma.Uploaders.S3".bucket = "xeserv-akko"; + ":ex_aws".":s3" = { + access_key_id._secret = "/var/lib/secrets/akkoma/b2_key_id"; + secret_access_key._secret = "/var/lib/secrets/akkoma/b2_app_key"; + host = "s3.us-west-001.backblazeb2.com"; + }; + + # Automated moderation settings + # Borrowed from https://github.com/chaossocial/about/blob/master/blocked_instances.md + ":pleroma".":mrf_simple" = let blocklist = import ./blocklist.nix; + in { + media_nsfw = mkMap blocklist.media_nsfw; + reject = mkMap blocklist.reject; + followers_only = mkMap blocklist.followers_only; + }; + }; + + nginx = { + enableACME = true; + forceSSL = true; + }; + }; + + services.postgresql.enable = true; + + age.secrets = { + akko-keyid = { + file = ../../secret/akko-keyid.age; + path = "/var/lib/secrets/akkoma/b2_key_id"; + owner = "akkoma"; + group = "akkoma"; + }; + akko-applicationkey = { + file = ../../secret/akko-applicationkey.age; + path = "/var/lib/secrets/akkoma/b2_app_key"; + owner = "akkoma"; + group = "akkoma"; + }; + }; +} diff --git a/hosts/chrysalis/secret/mara.age b/hosts/chrysalis/secret/mara.age index 6268b954b56ebc00fe29f3d9a70b5fada0ad7a51..0bf34c942f2dfb658e0bdc6c1147b8818c2a42bd 100644 GIT binary patch literal 1788 zcmZXU{ma}20mmy-JEGNRQ?Tp>qqss1&yw8b?HJumE_atace&i7HuB$)ka0Mu~ynW?53nrkoGC4S*pLBMn7b zMG?F;ke8a(BOxtwx|0C+=^p0F4akK3R(B!nrD>Lyt27vj>?#$>AcVOzVaf;T%{ue%Z5;Kt$HvPXl$BokM4v)~#zJ*jvTT*VPrunW?s zmldWA`dq4W zA?7(a=EleXTM6pQA!oKS*ZWl%_XM`X&qwnzU)1p4-0hM^7o~w>Qm18j=DJc2wL`@- zqnJTr8JtPsH}YLgO1V4Gsix#V5mA-RSb2`htc#MsCSm zKeBmI>f|eeX?egxk6WdHh{W7ar5Y7viY+xJjcU%u!?q&ItQAR%NwX6SZ%DFk5tnBv1q&s!JuQbIHk;wYKmqa@O*D00&J=0a&!;@0*6o#3 zWd${*I-8JuM$#2LvDsC!*R8-1J*Pn;TEx{BR^M0+D?YjiL)2PAc$Ml{I$ANb)oy2% zku}7N3I;T%O?V-&Mba@@*g`sH zPyj7pqBRS394bv=h789jR8R@SryfJrN4+^Vs1ZfUwbYE>OS6k*Q958}ZuVU}nN<Vmtx^X^n5IQyljxUs;CYkz(2bf;wn@ZS;sfpfz^l@Gm<#0F8j`T>B{dj@HH!%6 zRDVn(WjfZN0i9sL`uaN98d@GNS7$!a=GjE*2NoF=Bt78^Dz7xyK0Pc)$SBUVW(fS^ z$;+GO`{33+Cw{3P|H@sbcUsTB^QVhP^nWtfE}i=94>orm-P+1-{a1GW{ZC#1zufOX z@`-zM_kw)eo5!F2)@%P6zV-YoKe~TwyQc-peGi3qe02K*kKOl;yR`4#cHoV*!}CYw z|33ZT_0L@Y$nzJUx^nxM?z!`0cOJj=!$S|B+kbiO9r(nNKmYoL^x)|;mw%7l^!Sx` zzq#)_ca-Pu{*-d~=+4#8AN$(Di|?H~_4Bvc9e)3Z{%sK7+xN^{*AAeY2manTX+OFB zj|ZG5K7M}fc9ppKw{NO1fAJ?jUXKo({n=BS0B~gOMdfb~LW~w(`|2_5+)dkmc$cQ!InbEXMDA30ARLlYk~=+ff+m0m=hrgAo4<)U9B@!^-h;FWhi z`Dl(+vqEFFi4!jhx1yC(&!9@}E5Lf~)+`f7QHTKMA}nMQAWfZRYuXKQRn(#lEQ~ki zGO1_kW{JWD#jEwU)eeOQV^MhpWYB8DWC5(rGZq^8+0^5gkg2=QH0?q>%q;R{Ia47> z1NUl4A@v9nu%bv>#AXt}S>P`w@dgy&20F51aty7JHaP7#b<^mPJzuW0Q+b5-IebXQ zk{QATt8nrLMj(R9$}z*~)nH}Rb7!SE@?K3f)LbEfay{ylv4RL9#FhlCZw4iv#-xPw zPw8mA|=4+{;+TNoB^w^}S!29c>drm^UfMXw&Kd$kVQ zNd_b^+!%|5qJ5G`6)D9xT*Fy6SBo|du@O5KLr!icEbHi$B3G!`f)x=@mw3MjI#Pks zf;(BrmdqrWEmNh&#VO}47J}~Y)zl4$EpmV&qER@W1Z+}8++1Ag<1wd;_OQP&Vs14u zT8Ow2VYbS)!3r&86RsIWQvsB@5g*u-Io6&hF5F8Laxv`=5SCfHxsjp9UJV;9<2(o2 zguuggnTRn0N$nX$jSb)Kv5StW#zfS!!XVf9xIm3Uttf6eMm63iyk<+CFS~B6G=r%{ zPpm*1OoG_gh6UK@=?m{e8m(gi;sC>tM|r{@B=KD7JCNLj29%SmS;&)|vE z(${Mi#B9=r47kMYmE|R7pMmANU`HaIR}@%ptZbXD(yo_bQ731jLSyoA=?v=XBx8^z z-pz%q9(JU?ZB~&K8wcR^IVrHdT7|SW+{6Q$1gAlDh4npOXsaW?g{MXW_6;hKDiGQ9 zQ3F>rHNR22y(s~a*3Tlkpd;SN1)@ZJCKX58)F&dqDi%F@;rpaEN7aJVVZ z!w&=a9k;G{Nb6UEE{)K5LEC1%#9WNg$tpy7{SL&=(=gLg)=W?l)zNA^OQ32O;ioF% ztd*oMxusF{hLvj5YOwlX(i=N4F%B$Z+F(5+i&2t^{Us^qB_V)WvlQT5n>cP-snu!# zAF5#qLZZWQY~0&0^m2$W>WCW1x~k&CbV97TdJ;?X6s+8MnbD{lzW;}-m&Gfg- z{qE6k?>=?iKTa#o n=O1_A?!&kJ@uKeBu15)8ANL`1jx8_4fY&5A ssh-ed25519 jO2MvQ pIQesnWtmau/RfbRYQKyJvmNmAeGZQsGieWh+ogbTQ4 -r8XEFFqdHf5Oi/G9UQUFJ6MTSiBKCCrBzT8sXjYFpyk --> ssh-ed25519 txQL9A r3OhPRLxv0rxEXpwGMxKA0vBF/ZmmiB2wDCGVgcv53w -qDm7VhrUaOXhf05CGQAIIrcFRDScBBBxIua67yc60gg --> ssh-ed25519 YcYwVA ddLAQL+nxqE7nLV4GlNnbKS2ZA+Q8sdVxkAgc5Q2iBQ -1PaXs+ey4XdagxZhiGXeS8aRp3B66QbXb4+iRLfeNwY --> ssh-ed25519 H5HtPA oDv0XpL35VRE/kw0BQ9/OU0nJJ6+UYA7SB/Wtu/yHlw -rTlMEqW+85vCmsGJ3ng0al+IaLNGy2vIvWxh+gh3J+c --> ssh-ed25519 Yy06mw xPgDydZNhSWLekHZr7rur/rKKjaQarDZYVMz/EyaYns -FLRsP8/DOMLChjrJvpW6zcXmKah2WvLY2IF05CKsswg --> ssh-ed25519 6Sqpww aZ1po8f+d0rGEOEOfNck38DT+jQ4aF/idh4D/ySDNXQ -xRfQGwaq2NvDYokR97Q249A51FyMEXqjSYqfvrf8s1g --> ssh-ed25519 Cb6l4g vwOdY5kdVUXhhuaIBtzv0LuxNKIFrq5u63dhTKwMT3I -JBZ/vtXVy49C4XUcXX9A2D5d0Y3lUrdMOOwXLGbFChU --> ssh-ed25519 x40ZwA uHKDi+iFhShnNeG3/Zt6R5J4hiUnP5PBc39O7hCC4jM -W7qXeTZaVzluKtLDJr2t5GWYYjZ3BIl4nQ3HRM+AA4w --> ssh-ed25519 ZvILxA zcTc+IFOH2KmICNu+ONfRUtb+NP9T8Vg/tUzaqLO0HQ -S85K1y17EFMZUlNclxgE3A5hJgOXsy/UOXXeoVWSHk8 --> ssh-ed25519 0rx8bA AjVOOZ9wysPdl4PGqWmAzXSB/6yccfaTySNMFoBwoF8 -PQvy7noDqRfO4YWqXMUHIrgS5PlFMl8nJaRtbApnUxQ --> ssh-ed25519 extxyg zHO+lKhI+iPJifa8Hgujno8wI3Z7Y0vHWZJUKug33Bw -NRaOhy8Z0vRRBUa0HDoDQX/d/Y/AGjM2GXydKguz1m8 --> oe>Ra-grease S8qQ -SjxElkhSXw18QxOtEbbtoRHh1bzaUlONSxRGDLbPi7z5y8U ---- qEuOe0WeBMjxb/a01/P0LCl73qwTaLxye9zXBnGuzsM -$ƋW*F -Q/xjG* L023ws;8DsyRGnЬ dJ9m$ KTҹXEp# 3ZxS#gDYMllҏ7 \ No newline at end of file +-> ssh-ed25519 jO2MvQ B4o+wf0/7uSaCKhqXFonCmt0T+iX32vYV+kmdxcxVms +fM3lPp4f9xqwuVEjzoxooRwQ+XQ12ZlWD3Uc+207o6Y +-> ssh-ed25519 txQL9A 8XJSR3t8ra29z0i3waiT7Nakoewn0gbGFE0pNGD9FXE +3O26rWrypJJpnZOdz1jDyx3HSCrSdlvNrwcL9YPkayE +-> ssh-ed25519 YcYwVA En57OQlYYTV0uKZEhWpuLja9ftpYlyMf1Ya0WfwPNHc +/opq3HkegZJ0n6PUUMQ+IwJIIWPyS5iDg+eBmBkzr0g +-> ssh-ed25519 rIaBGw sH57uN8E+vMqsyL+ff7yy4gXkKpKGjcQfq0FjA+IKgY +o9ugEFkzIyFT9g+urYiigOVBhKmUEDl1siuYn4kaAuw +-> ssh-ed25519 H5HtPA wvps1ztkVfA5bepwO5wM553va48M16uH7GRorVl9kx8 +SprnYzqV5KaY29c3lxdNcfe7hKeIDWboDPZPCIfIERQ +-> ssh-ed25519 Yy06mw XrYuXplius2EVgcwJx1y/7NP01zB/EEbOie417MXXlM +mQnZJFVRN3Py6o8dfQqexx3ihCzy0SmHZBceOuGzzwQ +-> ssh-ed25519 6Sqpww LGKa5UIJ8wG7iWUQ4O4xR3a76jViCZrD3MAu1nb/+Wk +XZDlQgl+CfrzGv8NZKMZ/cb7CHNONFovkYUV83kgJNk +-> ssh-ed25519 Cb6l4g /lE16gf1g2g5mD6MfzDCfHYuKPHfxyPkFSpkwrxc6HM +5L5G2oOLEYbEJaPSbN9SnYi7aS/oR6NwivXqSIAJ9ng +-> ssh-ed25519 x40ZwA tqUpIQe2AlhUfCjcqe67yLDqrw5XhakmJrc2j38+2l4 +zxL1Un7av5KZKLp2XXhxD+SN1xGECWaQvkIf3AfIl8I +-> ssh-ed25519 ZvILxA u1dP4OV50cnHLXjZaYIV12dZizz8OvXC1ZUucVELawc +o5IhCfR88frboL043ttoIWc2ZCH4f1aRNBJ9QI7MYZ8 +-> ssh-ed25519 0rx8bA Zd1exdxFlBu36wumDbrXPkQSr4C/nAXwpHEo/oJShkE +2vQ6yv6yI8MpbwVSvVG1eX1OGAiDV8b8A7y6jX2rV8A +-> ssh-ed25519 extxyg K0sHjTnwVizgxCY5QYqNpCzhsPdnvE5rClwMG3zQDDA +88j0VELnqiPgkVIg2cOAZ/cu02cwf6dYMQTsfcv0lEI +-> d%]OE]y6-grease k/mP@ -E%$MbH$ $[\c;k l< +cfSJAYw4AgoS1bw9biaaMmCnC/Ko +--- Ju193fSw4jWT/RyZZd0DTPOZNYeHzU4fuD3iSfjRBlY +@A*&y}ad+>,Ӝ>yѱB(@ʚ(r7O޸)e\V'~x}=?jPeEk`U9Ԑm0 \ No newline at end of file diff --git a/hosts/firgu/secret/snoo2nebby.age b/hosts/firgu/secret/snoo2nebby.age index b3a1b3a51f6f02dbedb68feaa9734296a6241907..77bef2f8ca4370896995047991c5b26c1cd81f2e 100644 GIT binary patch literal 1607 zcmZY7$;;ye7{_rHMF}z0Q;|M{O)7HO z#uXI<`Y^6TqLv&amxx_28Cn>`rh7v3n|!`C6fWv%!a>-GwRv2tT2&-SFeXSfc5`P3u>MUxt<1INRF1vg%VrnmJ5N7&+2KDBc+?!R38_)Qpu){jc6ug1g!5z zW!l*OTH$l`xVG>XjYWbM@6ZQ6K(@)g?<#5}tU`V{F>Df!=(6c&>qR<9Aud~64UnhU zo{ct~o+XvrRS=68OvO`~Cq)uAnPW;-B=l@)>HGM&R`Sa++kgo+vAi6j2W}zEG`4R_ zE?Jio8fTUg2`5}9jbJOO?1=IJCt*mdqEcc?*ExyM`hcfFm;y75F+$IP@}rqCX^_Yqs75sJH720t+Qtwg0S^4Nyy{daD7`e z4Om;0LUq1AX3cFzp%LPf+n6m$4GV&njU^M=&vYWJwI&2MtUdD@221i1Wm0iXx5`G$ z_Kk2zRL0||z^iy;Z6t}iJFZbKo}eMv!?QAnM^%Y&9BHlmn1QB~an=uXEbb4a%VRYN zVwo0CJRl7cENI}R55=>MW{&rDlo|7h*_g9X!s%c)P8oj@RKWo~uC*xaG$hFDaU$C0 zK_^TuZl;c8+sYI|tEz|M%0UzdvZI!qB*z*F%$zXtcY&D3F=dVfPHya>+?y47NC{od zm;Dhkc4!qw%`3V&H7~X#I4BJ>mZow4fZ}7(!I-8`4nlJ_nbV3POG4J+)C7RcZCL*?Z_oTffUG0ZY@XCDxA@K zD&p-nhbUZk!`8n14dui{TN*WHTmxjYbtbci1tM+r1Zphb&eArC&6?NUjX&3^-a6-T z%yQE!v{hTRT?is>D6WR3(bp5)*&qiA>GWw}qjPqJUQP!qOANEt=B8jIz$!!`VrMdoT+Zst)~u9mwMNP{XkhXu@&0p9ZZ1x631 zyy-HOaXFk$WXyKB7>@+Yp|?o_Pqm#s0*;Q3K#$Lo2v+o(UYBODhp?SIlTese54IDL zmZ>={-AOyV!xzBGe?ENCzx4ebPsqRrpLXBgECcqr=bwF-J$b`hPx9CQ^pg7Xzi-@m z&1awd__p^I_4m08-PQX)9{Ketd4|JQ9NKELYZz1MuL7H57rap{(u zE}Z{OyZcN2<4gCwe#eQIFTVH2cdtEo`aTKkON!p}IPzHWUlcrgkrcJX{6p}PevovX%y(*3% zUK|e|6!ap9f=3S`2#OwNMi3EE4<1wm8E{8IPzMCZ>*HVW;`9D~ZQncc5_jM3iXcrM zNcTQmp`D{sP@Zp&yj2g!Q3?u`o?NMrZ50mC^&&<_juL@VV|Q-a-((KqiC7?Q@nMDM ztz=rJ+o|H&!HXt)mh9JAQcK$+8=z6k=cK8^rVtI-$kBQ{Z#2kpt!Pw<0uYi2i!Qh8 zVL`f4V&4Wk*1)FxK%Ck>=!OICV7Z=R%8V*^2q(}*rm|&)K=HLC3p(o9Ruc7nEgbCj znlci=Drw^JaB*C-T&varWWXyp-D0`lG_E*dXFA}gT2RGfi>Z>Hv}FjRv1yo~hjqtI z%0YT=$2A`3iz$G>#zVZ>UL7qLOutb# zz}%N}EKd!Wt?*Ezq$Rdm#JMb}YDXmsuLwkIh?>~Ez&E>Es4N4!)OBMQVN-TjN^hGD zMJ`B>YgUU4wl$QI_^wQQ^CgD!CAJ=02Y6zngt>DTvJgmC=(jNp5Q{v>9dcrERc+L9 zsJWX#H&X%%F6HH<9+nk4OMK1XXm5o1rh^^V2J>uJ*O0YER|+g@gU0i>6@!eu@s3)= zl_so7ZDSyqxS=x17J8i3LADx zy1O~WbV=72lrc^ZQ*c1}a_H5DdVE`hA?}sgC z*GYgQG*Y=Vs&;ZtLK$T<Rd(*dB@&bkS5q<>f$aw!4H9=arXTw7LSsR0m& zj>jz%O~PiU(b80hF$pJvBymJL0nIXsL}t|}ae=5vXYPxmy?)~eIW@ByK&b1y3M0VWR}o~6)QSX{c)%9^J^ zuiBV>bkC3;-S5BT{(9)G`)@w|)rIfB zTio=^Z;!-p+;Z8^;;nB!`{(WdoOOPD@CE0>xhp=n`1@71_{E*y{&C}(>+y5JD+>4I Q`Q$qL%&R|r7=&;C3z6Uu82|tP diff --git a/secret/akko-applicationkey.age b/secret/akko-applicationkey.age new file mode 100644 index 0000000..a7fa5da --- /dev/null +++ b/secret/akko-applicationkey.age @@ -0,0 +1,29 @@ +age-encryption.org/v1 +-> ssh-ed25519 jO2MvQ sBID6yHFY+5SUNW7FI1JtsXSi7Y2DWYEHx41ZGJT8VU +M/vAI/71d00ABQQymq8YyX38QGh4716Snfdms9kjljw +-> ssh-ed25519 txQL9A vrM5MmCmtMOsOdEzSshWb/gW6eCvb2mDTQUvFEUvLms ++3sKz7mAfzaMetzgjJ/ZMzKueHjVeuL/lxFzoDSFw5w +-> ssh-ed25519 YcYwVA ymW83vZA9PEOk9BZ8etnnWmM5siD1bj8BEshedmlWis +gdleLahHgd8qVsYZ0NvlzGR43ZAWQYxXVFy6wlGQyZU +-> ssh-ed25519 rIaBGw fbnAlw88PH2AjsMukwxrHSYntvUt56L5kgxwurPskW8 +h5xbpp2pojx98aTD+Xomm6V1dakOKyIOeg6I1LYNsYI +-> ssh-ed25519 H5HtPA ha3gAEI8y3CrTv5gVJOCUXFOObkaXMtRkdhrMOPJTFA +0YyhvAsbhJjFCrGj6lq2CEUN7jU1xY5Ffukq/qVxpak +-> ssh-ed25519 Yy06mw wnuwjJVLz1krrSrHMQL6dVMmnU4CG/CA7rBZZ2jIWB0 +7TY5AsvJy1nQVcpPkQleDX7ptRLsS+Pu35OCEce8TmM +-> ssh-ed25519 6Sqpww vHxc6MIbo4Krw4a6A2mk5wzb0OHjoTD6II8zlPrVmDc +8DB74f6fFr6nO4MXwM+/RcTHxd13ta9IeBESd6TWk+0 +-> ssh-ed25519 Cb6l4g KJQbjfkyarWw+tZ3EAJGeEd/Ex0PcOwDBVlfLttd2hY +5LhL8gRbWOIwC/NoHg3x3c0pUq8375AGzYlmFONN1qA +-> ssh-ed25519 x40ZwA L4jUJ1IbXuETrm+eaq/xcofwgs1hraiUFlPQJOSaF2E +0lsGCD3dL+CEvo9dkpkxUmfYTeLJ/07psDHWzSTbv/Q +-> ssh-ed25519 ZvILxA Z7hHx+Md+S0kg2LK6rIf8bPfNswaaXhw6CoZhAh03G8 +ZCJM1wtMhc/eXrMtKgy+q8WF/PzrmNlr/S2EVbzHmYc +-> ssh-ed25519 0rx8bA 3UhkiASVAzT4LVEpGKPz9ubUZTKwZ9XdN9qVsXo9GjE +Ew9Ln33+yz8mFKqPxsYTXIGmQWGPC9YSaWua9AxSOac +-> ssh-ed25519 extxyg u6jQf0ynHNeuFHBgYWficGuX+n+ZTc/PhbJn+g57dFw +Twy1nX1VLcFjlhTyagqS/tYCJ3XdJd2wmW4gyGPC+mg +-> 6#iv^QYS-grease +alb8dDgU6YOHXrcUcY54G88g3HgBEmODGiZwHq60dV/WVCy9qN+g +--- DmuBDeYyr+rT2873Kwe/rkUP4oW/ebEWPz2xNqMiMqQ +Z.:Zhw#kG }Soo 1d|YGlDp\π`9 \ No newline at end of file diff --git a/secret/akko-keyid.age b/secret/akko-keyid.age new file mode 100644 index 0000000000000000000000000000000000000000..369ea7925ed76ea8c9e1b098920e128456daac00 GIT binary patch literal 1552 zcmZA1EAQ(B7zS_>45`5*NC_t)Wcky}+O9Puy{+xquJ>yor0u$Hy|3$CkmCu0AdW!c z&_Hqo0)yZapl}dA01gHJAm`uYC!Xhdqbz+&>!e%S{@Tlw{eArdy4$H6UH(02R+hVQQM0qSIx0 zMje8S*7#K_0su+{iYpvhBvtIt!% zFC#@5m|YE&>yW@G^%brz8-!uD6;B9lG^P^s4 z(R6ACN8~)+OANuMrbn%lB1V|NI8^83IgzD&vKGWI0&Uns@^lh*!5|ZBFD_DNTp+cd zB;Zi)4>Y5$jEP%3r^JpWnQn({a@Z}+iDl`~i2cr{MOJ#$L|p838WhMnf*C4uw`Q&N z9)CEj)!gKs&ccHqut9jZY9>yH$GQP5_c^AbTU|p~Pp9!zRTr*jgEV8**w5R<_Z*VW z`!EaPM=e-jqME>5uBW}2HaMSD()*an4~!cVXAnd=W&LzI}L4_0|~_i z9UuaU&9%r7JNm`Y2+vS^))?smWTorC#fCPQi| znFop~0LvTlvzFIcK-4z$oDrkJFlKS$p_lioX_jrUM@u*o)Z|eMM@gA!&{c*uJTt ssh-ed25519 jO2MvQ TodkKmnVirM8GHR/iAUQW2vsvD5H99a6zyTeHAfjCz0 +0KL47BKaGpR/lfgjHj/axuM7JU5pF10eZtMaV/QdX1Y +-> ssh-ed25519 txQL9A iAvjNqDtQzNuYtschwv1fo7smWZq0el2kPQl9ORnn2w +kLk1Ze/EETBRQHeU38J2SW2jhPwHogpZO80Q86Md28s +-> ssh-ed25519 YcYwVA bXXJF+bFVcPPFzNabLMoC5OcfKeIP2QEmv6kl97cuGY +D7rhIIr8+c7n3wGywGE8lWbk1iTLqDXpr2VRb0vN6JU +-> ssh-ed25519 rIaBGw r728K0bANMZmE+UprCN5S6tWFM3nAKNN+f1oB2cXlkg ++mZSGuFa2GQDc+dzvDR3kOqzJ2VGNV8txQ9qsoFazyg +-> ssh-ed25519 H5HtPA tWom8kAvJ8uwGX4ycHI//GXv2wFuGMsNdz8Zw9a1TyA +/HPz71QW6JpaQjqhJU6XqQtO/SylP1Jg8ywMwWeyjpg +-> ssh-ed25519 Yy06mw +8H0CNeESK9vBym3BmqmcpInMT3FxlZ51B/lMNwFo04 +BAPvf7p1v0rJ1/kxtNj97u2gFeoho2ixLQI5Jvs2JTA +-> ssh-ed25519 6Sqpww zW4KMHR/AtQZFSf4374VTFixkQ5daD4+lrdqgtXxWjc +YUXyne62AfDWMdDz5j66cGXJQd19MkSchph8+RMqZac +-> ssh-ed25519 Cb6l4g 7eAmEUjqR2xkiNZMnQbx4Rauuiw4TJtq0s+lwSdMxSU +hn9l6RiF3YUYwDx3HbOcd+8AVp+eKxd5s5G3Obeoze4 +-> ssh-ed25519 x40ZwA hxLvba5bfer+18O3xqg1uMrILdUmfRoJfrjbqeBpVnQ +1ZUSQ+R5Jgleuo+SiV2z567cPUG3Ql5Hx0hHX+uLN2E +-> ssh-ed25519 ZvILxA BXu5VFw343ZAuaKhRnAhHc8AzazdWXEmNBoBA4NXSX4 +QmASL6kpsF+39q0AZlg3nYoS8SfXCx+xKj4L2/2cIyo +-> ssh-ed25519 0rx8bA hhtaTd5jctKskvFx1ggRFZkRgwU33KYGxmfVKS2jgi4 +lDjYS82GDytozVbOsEN/0dCyiroOZH2rB0A+cJDReKo +-> ssh-ed25519 extxyg DOMYenbAAgufIUO0m1+ZLub9AVaFC0wchBDp4mDMbyg +qUdmPfviYaFie8GY1k0BzFLBskiXhBRJShYCnu8ab2M +-> *"k-grease y_`)i+ }z*zZ4Nw [3F3u +3YWnyuyMBmwiLsa/fOqUFtK8qkWdFRx/uKSBjdpm9+TmM8Ja +--- qTlo1JM8IoPht4ku+oseK7Zf0JzXbBVPRYM62lKsKK0 +~0cYT; +aUCI~X2HY +moܫ"U#P5$ HlEyM}ϝXH^@#PmJ"ĩ=/wo#s,%x]@<+t] \ No newline at end of file diff --git a/secret/robocadey.age b/secret/robocadey.age index 601365c251bfb927cf426957529f32f43a1370c1..8bfd19ad3bf8c1ebf0a3975cdc0df209a78b98f2 100644 GIT binary patch literal 1712 zcmZXSNysDz8HRNtK}!Nc@Zg}KL5zmVKeaD?h*Dik*WR^s*U}KQwyv(OuIj2@YD>T% zYK+W`%fW+2$Uy{?kQ~G$5aLmZN#-Im3Bd(27Zr&iIG~r{c>VwL2j9cP`vhrnmXy)H zua4QSyt3P;P=f$xUmYC|>$4N#Tw+B!CiXj$!uso|w@3RSqDS?bPB!)-UgVv5Z*^E~a?nd+Ds zQE76FLTsL9m7*rpGAPwV^YoaZBa&zkvmJ7Dzd&W##DPpPO&6+XC0n_AA>$&<>iV!5 zw|raJS%S!3?UhaDN5tYh&5!)nVMYWqoi@F~NT5>c)1xRKmYih=oX&NOuc?@5l^9u{ z(6NmJl+F`#v{5JvTLuQ?@(4cGx2VwVG%5k*%>hy^VIqXH?1I}~3MSKbL?$Siu&P#1 zv{hpWwu)|aq;9Z9wx3#3VVh;D_glgdIStrZN|d5&D4Z?Ybl7#4>BDYa8;)c;Cvwcw zdwx#Dh({UPc{h;|j|MYR@j5|fQ)3Qpu${dcAjf1mBWZdwCo|bA8IfsMzOU{W3Frzf z6ZR%=Y55jJIntC|ZUu^}P<7RwWT&nr=xkx=c9ou|`8`Y)?I_a5Tl$e@#A)>8a}C)jyOatuSzJQZ#vW2j<+;z9_nsNfN%l}0oB$@dH~oVg6O=2WG!ub zKkU0I^|VgIL57_s$P{D*2UD$h-XAYi!iMA)Pe=1bvk35Zs^Bo~AH@Jyf&w-mc1LrV zK_Q4Rm*90vaqE-^y6xRl6K@)w4h#-y=Tn}xyJ>ef+J)w=hNGQtTq5L9nLh8<;qbC$ zMr+%LJ*|c@_OwVRr(h^~n-g)D_Cq4c38jy)C&iB}SZ+;f3REXjqA z-TiO-ZXU{vtjJ_~!dD7^p^{}IsU0)g(^U^GsPQQY{H2a{;}cnswWOM{r_b3cbl1gF z4ZL>i@IbhklmY8Rtrju2LCz#&Zb78At$9;>1LE~B$?I^DF|J@$^GEoX=={^Y#37}Gq0*dv9 zni)C0m$r&@K-_{n%(=E00+KIgHAa>GIKZ9V0;FRSZ>8*N=z`cn*JPLjAAbA; z>CIQJz54CHpl1*NHog4mXa4*l`8NDy`q+&dzyI#-r!EO}aqX$*ji<|hoSy#iH!g?f zzph_}|MoFZNbB`y?!7Y9@818xZ+`UiFTVKN{lnoCKYRI6;5$z|aP#K%AL74y;M!a7 z{QdP8UjM~?S04HG)kn?8-%H;52)XmnPapi`txp*@pMC#M#IL?}>2~(`OSk_i-TX-W z%Cj#%f8YC8|N1raKksDD4=(rjy!?>!*c<yW nXZId<>vx=U>4~q;=QplXpH0Lk@AdzE_9gZEME1*j@H_tl&{jZ+ literal 1596 zcmZY8%j+Bm0S9m^RCJn)k3+p}NlV)-zs!4f7i?f3vpcgpGdnx4-I;osnVt9Syq{ZW zFo;A&lqz0+2Ok)y)#4#(1w}#w2_DiO+QTo}l47uwCYVA!G)hy9*I)jE58p4}ukKg} zR%B*vQh0H6I?f!hf`NlGoji9BtSy4$@Sx)_5w==&`~^3HXL{MD;GkBy%%@i4iO8?r zZ3gufnAO2nDN0rfhA|M~y)CDBU~Iq&WP&UGSQ;#n66$(HweBMI-rfn+!Yo!>`nX2nRKX8BGnm)i zsuXKN;5I9NC!ky$2uKrnUV?PR2``ot3qeR!Ac1*9@`1>&RJqKZxwx!lCG$tst}h9+ z+sc_%P@cPAa~^FT*VGmwc6Dcqu3G{}Mq6P{wL!0s@RW)g>cH0&pQmTCK>Hjx@pY?R z0rqT8u0Uh$qv&u#xjakgtHz*X#$NNSEn+4@;26j&$f`cB5n`Iub!U$nb~Fa(IZ>ee z95NW8Egqd=kx9`@M~WQ5CWP5p723a+=sN(WPAxCAS;90g=Yy+lA{^yFf9) zP1z0P-9t@|4I;#xj>l3uJ5}wiF&njTZOVpP3qI%IUKH*zc!P;mI#Xgx2rwXovK&jX zZf8V@khhTA=~ zsOkYhF0?sLi6RC!VLX#6Uj>{=Z$0QUROP`BW-|bpv4vR*G2X5sX_FfZcZ!b@eGNIZ zd|cBinrVie2U*C*Pke7m^au&r^hX-UFuCN8S(Yq?RRK*~#-%kVi~;8XR{3PojFup? zDVKSk=AIDi37RPsF_$MjnB%3&O-2uCP}cN~VMhq9nY|Z_$XQBe7bU$i^<0CSdS=}9 zxzVBp6P-2*dgcWHm1&b;%i^YxFx@#HKz*bck78wDz(kRd%}~H>oDCKB;Rjev(X>uS z&qK4q8>+S0H6LM0=?*L!UR+u0DpTFegXr34$m!NEZX+$|(b-)Zb* z$jm8F9U&xGHGQI@Eio&pZp_WtQR+e6ejj+|`>f=)1q!UcA&l zd*<;I(Yr7EFMaXWpMLed{NU%=PrmXNcO(6!{Nkm>+27s14_$xxHF5mKz??Ed)Go8KBeeFZr0U;X^rvxncj@`K0s z!td|wKYjlT-}&*a_}8Z{BIau^efvZ2&maH0c;yb_Y}tEX^DdL`UB4+5C$H|=&;EG$ ziyPG8+dsYgob8;s`26Z;?Ahj@+b{q3^3l29UM8hGuD>`rH&G%)_i*Pnd7 LbMB*SKfLfiEpjQP diff --git a/secrets.nix b/secrets.nix index ff73085..2a3d778 100644 --- a/secrets.nix +++ b/secrets.nix @@ -6,6 +6,9 @@ let ]; hosts = [ + # akko + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKTRkq4ZX6hckN+WlChBoQyoNfB3c+QTNO0HwGaMq/cc" + # chrysalis "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDA5iXvkKyvAiMEd/5IruwKwoymC8WxH4tLcLWOSYJ1" @@ -37,5 +40,8 @@ in { "hosts/firgu/secret/cf.env.age".publicKeys = publicKeys; "hosts/firgu/secret/snoo2nebby.age".publicKeys = publicKeys; + "secret/aws-within.website.age".publicKeys = publicKeys; "secret/robocadey.age".publicKeys = publicKeys; + "secret/akko-keyid.age".publicKeys = publicKeys; + "secret/akko-applicationkey.age".publicKeys = publicKeys; }