diff --git a/flake.nix b/flake.nix index f5135cf..c962e63 100644 --- a/flake.nix +++ b/flake.nix @@ -204,10 +204,10 @@ ./instances/baldur/configuration.nix # ./modules/nixos/digitalocean.nix - # ./modules/nixos/users/tiziano.nix + ./modules/nixos/users/tiziano.nix ] ++ homeManagerModules ++ [{ home-manager.users.bertof = import ./instances/baldur/hm.nix; - # home-manager.users.tiziano = import ./instances/baldur/hm_tiziano.nix; + home-manager.users.tiziano = import ./instances/baldur/hm_tiziano.nix; }]; }; }; diff --git a/instances/baldur/configuration.nix b/instances/baldur/configuration.nix index 1c95de0..fb01523 100644 --- a/instances/baldur/configuration.nix +++ b/instances/baldur/configuration.nix @@ -1,4 +1,4 @@ -{ pkgs, config, ... }: { +{ pkgs, ... }: { age.secrets = { garage_bertof_baldur_key = { file = ../../secrets/garage_bertof_baldur_key.age; owner = "bertof"; }; @@ -24,17 +24,13 @@ environment = { pathsToLink = [ "/share/zsh" ]; - systemPackages = - builtins.attrValues { inherit (pkgs) helix kitty tmux vim; }; + systemPackages = with pkgs; [ helix zellij kitty.terminfo ]; }; i18n.defaultLocale = "it_IT.UTF-8"; programs = { - gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; + gnupg.agent = { enable = true; enableSSHSupport = true; }; zsh.enable = true; }; @@ -43,22 +39,6 @@ time.timeZone = "Europe/Rome"; services = { - avahi = { - enable = true; - openFirewall = true; - allowInterfaces = [ "ztmjfdwjkp" ]; - nssmdns = true; - publish = { - enable = true; - addresses = true; - domain = true; - userServices = true; - workstation = true; - }; - extraServiceFiles = { - ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service"; - }; - }; fail2ban = { enable = true; bantime-increment.enable = true; @@ -85,12 +65,7 @@ recommendedTlsSettings = true; virtualHosts = let - ssl = { - enableACME = true; - forceSSL = true; - }; - loki_ipv4 = "172.23.254.55"; - # freya_ipv4 = "172.23.18.147"; + ssl = { enableACME = true; forceSSL = true; }; in { "unimi.bertof.net" = ssl // { @@ -98,45 +73,17 @@ "rewrite ^/(.*)$ https://homes.di.unimi.it/berto/$1 redirect ;"; }; "home-assistant.bertof.net" = ssl // { - locations."/" = { - proxyPass = "http://${loki_ipv4}:8123/"; - proxyWebsockets = true; - }; + locations."/" = { proxyPass = "http://loki.zto:8123/"; proxyWebsockets = true; }; extraConfig = '' proxy_pass_header Authorization; proxy_buffering off; ''; }; - "radarr.bertof.net" = ssl // { - locations."/" = { - proxyPass = "http://${loki_ipv4}:7878/"; - proxyWebsockets = true; - }; - }; - "sonarr.bertof.net" = ssl // { - locations."/" = { - proxyPass = "http://${loki_ipv4}:8989/"; - proxyWebsockets = true; - }; - }; - # "jellyfin.bertof.net" = ssl // { - # locations."/" = { - # proxyPass = "http://${loki_ipv4}:8096/"; - # proxyWebsockets = true; - # }; - # }; - # "my-nextcloud.bertof.net" = ssl // { - # locations."/" = { - # proxyPass = "http://${freya_ipv4}:80/"; - # proxyWebsockets = true; - # }; - # }; + "radarr.bertof.net" = ssl // { locations."/" = { proxyPass = "http://loki.zto:7878/"; proxyWebsockets = true; }; }; + "sonarr.bertof.net" = ssl // { locations."/" = { proxyPass = "http://loki.zto:8989/"; proxyWebsockets = true; }; }; }; }; - openssh = { - enable = true; - openFirewall = true; - }; + openssh = { enable = true; openFirewall = true; }; # wgautomesh = { # enable = true; # settings = { @@ -145,10 +92,7 @@ # }; }; - security.acme = { - acceptTerms = true; - defaults.email = "filippo.berto95@gmail.com"; - }; + security.acme = { acceptTerms = true; defaults.email = "filippo.berto95@gmail.com"; }; users.users.bertof = { isNormalUser = true; @@ -171,17 +115,16 @@ "net.ipv4.conf.default.forwarding" = true; }; - - services.dnsmasq = { - enable = true; - settings = { - server = [ "1.1.1.1" "8.8.8.8" ]; - interface = "wg0"; - }; - # extraConfig = '' - # interface=wg0 - # ''; - }; + # services.dnsmasq = { + # enable = true; + # settings = { + # server = [ "1.1.1.1" "8.8.8.8" ]; + # interface = "wg0"; + # }; + # # extraConfig = '' + # # interface=wg0 + # # ''; + # }; networking = { firewall = { @@ -240,48 +183,48 @@ # ]; # }; # }; - wg-quick.interfaces.wg0 = { - address = [ "10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64" ]; - listenPort = 51820; - privateKeyFile = config.age.secrets.baldur_wg_priv.path; + # wg-quick.interfaces.wg0 = { + # address = [ "10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64" ]; + # listenPort = 51820; + # privateKeyFile = config.age.secrets.baldur_wg_priv.path; - # This allows the wireguard server to route your traffic to the internet and hence be like a VPN - postUp = '' - ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.1/24 -o ens3 -j MASQUERADE - ${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg0 -j ACCEPT - ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o ens3 -j MASQUERADE - ''; + # # This allows the wireguard server to route your traffic to the internet and hence be like a VPN + # postUp = '' + # ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT + # ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.1/24 -o ens3 -j MASQUERADE + # ${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg0 -j ACCEPT + # ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o ens3 -j MASQUERADE + # ''; - # Undo the above - preDown = '' - ${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.1/24 -o ens3 -j MASQUERADE - ${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg0 -j ACCEPT - ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o ens3 -j MASQUERADE - ''; + # # Undo the above + # preDown = '' + # ${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT + # ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.1/24 -o ens3 -j MASQUERADE + # ${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg0 -j ACCEPT + # ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o ens3 -j MASQUERADE + # ''; - peers = [ - { - # odin - publicKey = "LDBhvzeYmHJ0z5ch+N559GWjT3It1gZvGR/9WtCfURw="; - presharedKeyFile = config.age.secrets.wg_psk.path; - allowedIPs = [ "10.0.0.2/32" "fdc9:281f:04d7:9ee9::2/128" ]; - } - { - # oppo - publicKey = "OBk6bHKuIYLwD7cwjmAuMn57jXqbDwCL52jhQxiHnnA="; - presharedKeyFile = config.age.secrets.wg_psk.path; - allowedIPs = [ "10.0.0.3/32" "fdc9:281f:04d7:9ee9::3/128" ]; - } - { - # thor - publicKey = "rpwR6n4IE96VZAmQDBufsWE/a9G7d8fpkvY1OwsbOhk="; - presharedKeyFile = config.age.secrets.wg_psk.path; - allowedIPs = [ "10.0.0.4/32" "fdc9:281f:04d7:9ee9::4/128" ]; - } - ]; - }; + # peers = [ + # { + # # odin + # publicKey = "LDBhvzeYmHJ0z5ch+N559GWjT3It1gZvGR/9WtCfURw="; + # presharedKeyFile = config.age.secrets.wg_psk.path; + # allowedIPs = [ "10.0.0.2/32" "fdc9:281f:04d7:9ee9::2/128" ]; + # } + # { + # # oppo + # publicKey = "OBk6bHKuIYLwD7cwjmAuMn57jXqbDwCL52jhQxiHnnA="; + # presharedKeyFile = config.age.secrets.wg_psk.path; + # allowedIPs = [ "10.0.0.3/32" "fdc9:281f:04d7:9ee9::3/128" ]; + # } + # { + # # thor + # publicKey = "rpwR6n4IE96VZAmQDBufsWE/a9G7d8fpkvY1OwsbOhk="; + # presharedKeyFile = config.age.secrets.wg_psk.path; + # allowedIPs = [ "10.0.0.4/32" "fdc9:281f:04d7:9ee9::4/128" ]; + # } + # ]; + # }; }; system.stateVersion = "23.05"; diff --git a/instances/baldur/hm.nix b/instances/baldur/hm.nix index de6deed..75ce819 100644 --- a/instances/baldur/hm.nix +++ b/instances/baldur/hm.nix @@ -1,4 +1,4 @@ -{ pkgs, nixosConfig, ... }: { +{ pkgs, ... }: { home = { language.base = "it_IT.UTF-8"; keyboard = { @@ -8,26 +8,26 @@ packages = builtins.attrValues { inherit (pkgs) nix-prefetch-scripts; }; }; - systemd.user.services.garage-home-s3 = { - Unit = { - After = [ "network.target" "network-online.target" "local-fs.target" ]; - AssertPathIsDirectory = "/home/bertof/s3"; - AssertPathIsReadWrite = "/home/bertof/s3"; - Description = "Mount S3 bucket in bertof's home"; - StartLimitBurst = 5; - StartLimitInterval = 200; - Wants = [ "network.target" "network-online.target" ]; - }; - Service = { - ExecStart = "${pkgs.s3fs}/bin/s3fs -f -d bertof /home/bertof/s3 -o passwd_file=${nixosConfig.age.secrets.garage_bertof_baldur_key.path},use_path_request_style,url=http://freya.local:3900"; - Restart = "always"; - RestartSec = 30; - Type = "exec"; - }; - Install = { - WantedBy = [ "default.target" ]; - }; - }; + # systemd.user.services.garage-home-s3 = { + # Unit = { + # After = [ "network.target" "network-online.target" "local-fs.target" ]; + # AssertPathIsDirectory = "/home/bertof/s3"; + # AssertPathIsReadWrite = "/home/bertof/s3"; + # Description = "Mount S3 bucket in bertof's home"; + # StartLimitBurst = 5; + # StartLimitInterval = 200; + # Wants = [ "network.target" "network-online.target" ]; + # }; + # Service = { + # ExecStart = "${pkgs.s3fs}/bin/s3fs -f -d bertof /home/bertof/s3 -o passwd_file=${nixosConfig.age.secrets.garage_bertof_baldur_key.path},use_path_request_style,url=http://freya.local:3900"; + # Restart = "always"; + # RestartSec = 30; + # Type = "exec"; + # }; + # Install = { + # WantedBy = [ "default.target" ]; + # }; + # }; imports = [ ../../modules/hm/__basic.nix diff --git a/instances/baldur/hm_tiziano.nix b/instances/baldur/hm_tiziano.nix index de54f68..9430ca5 100644 --- a/instances/baldur/hm_tiziano.nix +++ b/instances/baldur/hm_tiziano.nix @@ -1,4 +1,4 @@ -{ pkgs, nixosConfig, ... }: { +{ ... }: { home = { language.base = "it_IT.UTF-8"; keyboard = { @@ -7,26 +7,26 @@ }; }; - systemd.user.services.garage-home-s3 = { - Unit = { - After = [ "network.target" "network-online.target" "local-fs.target" ]; - AssertPathIsDirectory = "/home/tiziano/s3"; - AssertPathIsReadWrite = "/home/tiziano/s3"; - Description = "Mount S3 bucket in tiziano's home"; - StartLimitBurst = 5; - StartLimitInterval = 200; - Wants = [ "network.target" "network-online.target" ]; - }; - Service = { - ExecStart = "${pkgs.s3fs}/bin/s3fs -f -d tiziano /home/tiziano/s3 -o passwd_file=${nixosConfig.age.secrets.garage_tiziano_baldur_key.path},use_path_request_style,url=http://freya.local:3900"; - Restart = "always"; - RestartSec = 30; - Type = "exec"; - }; - Install = { - WantedBy = [ "default.target" ]; - }; - }; + # systemd.user.services.garage-home-s3 = { + # Unit = { + # After = [ "network.target" "network-online.target" "local-fs.target" ]; + # AssertPathIsDirectory = "/home/tiziano/s3"; + # AssertPathIsReadWrite = "/home/tiziano/s3"; + # Description = "Mount S3 bucket in tiziano's home"; + # StartLimitBurst = 5; + # StartLimitInterval = 200; + # Wants = [ "network.target" "network-online.target" ]; + # }; + # Service = { + # ExecStart = "${pkgs.s3fs}/bin/s3fs -f -d tiziano /home/tiziano/s3 -o passwd_file=${nixosConfig.age.secrets.garage_tiziano_baldur_key.path},use_path_request_style,url=http://freya.local:3900"; + # Restart = "always"; + # RestartSec = 30; + # Type = "exec"; + # }; + # Install = { + # WantedBy = [ "default.target" ]; + # }; + # }; imports = [ ../../modules/hm/__basic.nix diff --git a/modules/nixos/basics/distributed.nix b/modules/nixos/basics/distributed.nix index ef6d0e9..f6a06b6 100644 --- a/modules/nixos/basics/distributed.nix +++ b/modules/nixos/basics/distributed.nix @@ -9,6 +9,7 @@ "thor:yRx3HglIxjUYocp4/jAP9dPWxWBEpgP6hqj1ofEfn1A=" "odin:ClRXzxmDZl2Y94SG4YlWXGiJDY4L9DgZq/3OLR5+i6k=" "loki:HN1P2nXzIkqitl95MvjcSHxtDo7Ao+I8M8U/RqQLC5k=" + "baldur:iP+Cg3JIcjYES9cmk+nnpd+7Po+rPlwVKqpBOAyrD64=" "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" ]; diff --git a/secrets/baldur_wg_priv.age b/secrets/baldur_wg_priv.age index aba8f7a..0403fd5 100644 --- a/secrets/baldur_wg_priv.age +++ b/secrets/baldur_wg_priv.age @@ -1,19 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 13iwjQ QcFO/pfy0Ae8Cl14IdggEILAcjW7V+Vk7u7Jbw6pbAk -5+Z5zH81DDwGRr4S6DgINhxl7nI7+xc88dDmiFMicqU --> ssh-ed25519 7MB20A 1Lbhiu/VsQ5bgphsSwPAA/h36sSHIXzubf+FFUukIGk -qXGoDWZWzsLVs/qXlYm07s3eypS9H8U9+ncWBeXkBnY --> ssh-ed25519 IvyYug Erlyg8XITSWpCrmWfwWyqLk5eKbHfsDAXXxoa8wJVUU -0vtpL7ojMmZqeNQJWGsQqDfm4WZ+bF2uRwIVsYUJr2U --> ssh-ed25519 v7O/FA Ts691lTxidQgJ4QWXwMzmHSuqf/eMs3UyrvceRIR8wg -0qb2Z1GHAa2THkIyOv4RBj6hen+Yw3rgDGUTxinV6ig --> ssh-ed25519 wf0wgw HnZ4e6dXFPE5SSFijZSAKLu39Mghl51MOv1QJBGpmA8 -EKGPag8F2X7r2/tPe5TD1Qjvi4OGgicA0qy/skgmcqQ --> ssh-ed25519 XgC3XA KV+C8/WaZbzzZbUJlt707n8v0HFlpQ4nV4yZEjiMyQo -82g/4lu93dPHJyjgEZRh4MLVx8vwiFsBXtn2iCJKZX0 --> ssh-ed25519 l795CA 4Z+JR7720VBOZ72NDcX1dgQrhAL9PF+k6R45wMLjdXM -w1Xr/lYBkYTue3Q0dxafclXQNabJ8o2HcvfDh5XpePQ --> )Gy5ZU\J-grease -ciBxEgtu ---- 8mYhx9OlW6eFzP6aY+yuwiqcoIHvihea0sbO7fI5HvQ -h+)-leY^#Z jw=}6 .(b55g(k p^bKs;F \ No newline at end of file +-> ssh-ed25519 13iwjQ 2Bxe3iT5rGH2TjEdapdVoJMW+yVVknzi2KdLvDHrRH4 +HutDsSN9AenoETXLpkmw8lRE0U6kskjBnxXpXzmeVu0 +-> ssh-ed25519 7MB20A pGfEuUvn1TrKu3DnjfTgtNgVQRWHcDKdWIlj1HuR9ic +UVnpqIEdG88f2h+ENx93LBLqzoORDoQLgv3Nd2Dm0eU +-> ssh-ed25519 IvyYug x0L7dXkD3MVKyRWj15SeC8JjWZn5VAqHr/MllA8KTyA +iuUEqXqAKIZdVOoWvWhQcFgKUfwmWx7ldG/AiiDsmZg +-> ssh-ed25519 v7O/FA YGw0kBqBtuPgM+W1cvmy8aNPLzf/wK53t37+BHmFDkI +f46A0kB/f2P7fKSb60cWY1w+aoc5QWyL0cA+Frt4tLg +-> ssh-ed25519 XSnoeQ JlwVxf67MGiwf1FUOxFkOoczBweUg85K3X2U8k3yYBQ +dtn0OD6tY961/bQwkptN38sA3lwFUBUSHksdOLZrC4M +-> ssh-ed25519 XgC3XA 5jG1IwIp6jl/vVhs41K/EyHMmFO18iWX6kvIq2s4gis +vEqT7yZmMHy6ONq3ENyT6QneMfLQkGMR4wpbpiRHuVU +-> ssh-ed25519 l795CA GHKJ75o0sWlkXKSaM+8idhbP8nSS92guDaLnq5OINBg +8rnHUwvqpM+7LmlHO8zX327QjQjg7+0EFyDoXKd1dTs +-> 2_j?v-grease \SanE4' +:ea 1 +c6XAvac8Bx3nzrojwRQVrIaJR1pUXin38naYrGZOJ2YpAg1Hg6jzkfaRVfY1Ixt1 +eTUPyatBFQ +--- Cm/JFktkqvT4m0RbvrofzGc978YxUZPyAFmRZdgYIXI +F8nrrssg -l]74yMtIB>r*!NB%xvjm(, \ No newline at end of file diff --git a/secrets/garage_bertof_baldur_key.age b/secrets/garage_bertof_baldur_key.age index 1a54180..0c9b875 100644 Binary files a/secrets/garage_bertof_baldur_key.age and b/secrets/garage_bertof_baldur_key.age differ diff --git a/secrets/garage_bertof_freya_key.age b/secrets/garage_bertof_freya_key.age index 104030c..11319b1 100644 Binary files a/secrets/garage_bertof_freya_key.age and b/secrets/garage_bertof_freya_key.age differ diff --git a/secrets/garage_bertof_loki_key.age b/secrets/garage_bertof_loki_key.age index 3fab8ce..76b0155 100644 Binary files a/secrets/garage_bertof_loki_key.age and b/secrets/garage_bertof_loki_key.age differ diff --git a/secrets/garage_bertof_odin_key.age b/secrets/garage_bertof_odin_key.age index 354ab15..ff74d1d 100644 Binary files a/secrets/garage_bertof_odin_key.age and b/secrets/garage_bertof_odin_key.age differ diff --git a/secrets/garage_bertof_thor_key.age b/secrets/garage_bertof_thor_key.age index 9777063..e1168f3 100644 --- a/secrets/garage_bertof_thor_key.age +++ b/secrets/garage_bertof_thor_key.age @@ -1,12 +1,16 @@ age-encryption.org/v1 --> ssh-ed25519 13iwjQ nuVKbdG1q7LsZ4zGxoa0uHYC2PPELY6BbbNz9hbRe3A -1rASmCe/lzB/ZkBB8Jtgw/BLyyKriTLOSmPSE0UwwwY --> ssh-ed25519 7MB20A HHPzyLu70VlPZw6nO0mTh606YUVolK0lz1lsu0DV8BI -h+wCb8oJnljO16PjpRaM6g815FQRx8NchoWkPsPlT34 --> ssh-ed25519 v7O/FA TPUjz9so0coZAaENGKaZ97sBI0wejbvI2FMlZlW6AFE -BxDDCk8+/1IwZgUCRpsgW3L12y0bCgH55AwQW1rgLbA --> j0TGUG-grease ^]sP;@@ -++HuNc6/f6qHf6z3hlvOqA ---- q2dKtmkTQvu4b3G1zVlQv3vtGrhvjWZjl389PAMHG2E -WvŒM!Ou02 -G7]\(&`OGiq5iovTᔝK1|#\DeRJ o<6m1 PX I>0bEr'~QbcU*b+nM͂튄^/fs \ No newline at end of file +-> ssh-ed25519 13iwjQ TR5psR+1n85cgjQcjf0IatkqFfOMsaAu7d+4v4Xbh2c +HCHA3QolSgrduFEZJWU0gJZ0TWXQ+EfQKBd4cyMt88A +-> ssh-ed25519 7MB20A mPvH/fyhi21l6tyt/TzLRU0MxHV5uTzfSK3nhCAmTg0 +U1HeB9BHdS/efRFzddbMekOLRQ3gUL04+ZIrxcl1q0E +-> ssh-ed25519 v7O/FA 4fud8rYmPQuLD8JksWrXCtiL9iD7Jc19th9+dh40yVY +tU1RxafJbgSl9smzZKu/VmvTOfBgugeyHVtMkfBnaQ0 +-> D"-grease l~" +YMubQtvR842DwAYDUAe4dVe30nAuKZtkJSXGzahEsxr0hsbpl4ofgaBlTD9HytnI +/PUBx3eS8WlDZ+Z1CGDGStoGXqEYSBRaha7d9CyaCljLngBuKLQIacyE2LS1ttu1 +g+Nu +--- VHJpLd0CSLK7invHgqc2jy2xElUFxQkOKa308+kQXOg +:M+D +ِH>o010" FX 2J +,oilKsRS!yQ=Y +7;wybgNl?WJ{'| \ No newline at end of file diff --git a/secrets/garage_rpc_secret.age b/secrets/garage_rpc_secret.age index 0d9b79a..4a56c72 100644 Binary files a/secrets/garage_rpc_secret.age and b/secrets/garage_rpc_secret.age differ diff --git a/secrets/garage_tiziano_baldur_key.age b/secrets/garage_tiziano_baldur_key.age index 4d8072c..f528048 100644 --- a/secrets/garage_tiziano_baldur_key.age +++ b/secrets/garage_tiziano_baldur_key.age @@ -1,12 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 13iwjQ vU4C1deRGVqoOX78LkbvF0SeQ8gS0nudTYzA/We6LVg -9I4ah+O8k4V7sOvk1nkh5rqhn1VLHEu4VHKGyCk3hlc --> ssh-ed25519 7MB20A atuD1KZLpPbHAPvfHXQKn+/TO9aGFPYqUsjwgZ5xpVg -MGgbFxnKTI8hUyOFHCop3NDkkA1t7vsWygOZcukgLFc --> ssh-ed25519 wf0wgw EDJIr06gHotcPmKszZBLd9ET1pV4PBewUo+r4dUN9mU -ikWawLYOcHLJI+7RCGsSEZRwDPBKKl/NMJ37xgfmYQM --> !)]YBc-grease D1g+$Q e^%9*J( -7ToBwp79snkCNMeDEdcpG1fXLZ+7wbb81m+/Ubou0jH4igOwCeIswGL40AFKR7Fh -OqPEh53kjLhItSPPVI/bRlPUgf/0KkYzSKLLe/CUvGwbaQVciQQ ---- XnCk0Wl1m1KxUzWArpGKe+Kcuznk9FctJb+ppR1kPfk -b0"-Go[H<ދN n@Zg;u#.y:AE5#O`UuMp?:uU{(&SGWsyϢ#S]:m/oq rЇfB \ No newline at end of file +-> ssh-ed25519 13iwjQ 40cjvDtDg718ntLvzEQWqR7VzkE429mC8cEQH9lv4Ec +RUmyDRsvDtWfvLTjwcou3SxFfulYBIqWY7qgyaI9lIA +-> ssh-ed25519 7MB20A hYTVkLJ99dUqff4uvIFLqvmiQlbF0XUNL7ldEsGqf1k +O4GtWNHd33i1dxcjHIvb0I/IOrIRwDhK92yTMjzY3VM +-> ssh-ed25519 XSnoeQ nJexhZ5Tq3vjdEHBhkH+SkqkXStnHmx9vcnEGeyOIAQ +9MnH0xKrJOX6B7wt1/34KOXIcDypGef+23/hpmXBSoQ +-> jCb}1Rl-grease 5Bif@4u cRn|`qS +3evi1hkbfaIofgc0mS9N3MylPYpAEVnIRq0sV/TQ+GsQTLYB920113dnIHZDtkzl +9HbQ/k3gWRDmxJVWtkg7J0IyefZpGMorum6eeyZMw6SorMbfilUFFBC5CHDTTIJa + +--- oXy0Etj/WTYnHtPmgIyT2WeyJF9UvSVzmzikR1xXkJA +T6e,XoONQ"t\Y`,yIJl g#NM}Ph +F'f8Q =NGaz6/OҶ\u{k7c±-a \ No newline at end of file diff --git a/secrets/garage_tiziano_loki_key.age b/secrets/garage_tiziano_loki_key.age index e6c5b3f..b269fdf 100644 Binary files a/secrets/garage_tiziano_loki_key.age and b/secrets/garage_tiziano_loki_key.age differ diff --git a/secrets/odin_wg_priv.age b/secrets/odin_wg_priv.age index 2fb2a92..0f7f98c 100644 Binary files a/secrets/odin_wg_priv.age and b/secrets/odin_wg_priv.age differ diff --git a/secrets/oppo_wg_priv.age b/secrets/oppo_wg_priv.age index fc12155..8e8ea24 100644 --- a/secrets/oppo_wg_priv.age +++ b/secrets/oppo_wg_priv.age @@ -1,19 +1,21 @@ age-encryption.org/v1 --> ssh-ed25519 13iwjQ G780AE2LbQJim+aMPYfN7ycof/i2+019eWXkp6ifJl4 -0N6MtqSzfm4WmPrwR14Ev3FFHhKlekSeT3G7holRMec --> ssh-ed25519 7MB20A z3RZmZWRMigY3IO41V6KJoqn3zBdYrIz5ZCzJVNerwU -kCbbQ1DG+9YhBBgypeTTrF/qXsG4ZLOqDM14EuG5EUs --> ssh-ed25519 IvyYug IYYeRkFLNnMgVgnURaLKuHNZq3fOt/h1YNm9kdZQ9T4 -oU9kISTbFdco59azDMcUtsZAy2mAQyv7+Q19WQr/BMA --> ssh-ed25519 v7O/FA 0+TjPhjEUrC/P/rzAD4gJjXEQ+3AWXOz5/7gFKdDXGk -R7h77xFpnjCElD6kO+vo08m6N9iYjhTooNIyZmSAJEw --> ssh-ed25519 wf0wgw T653Xmhaivldl7iwEoI5508Yie9UPx9eoHvu50N58Rc -Q4fef5DzjRSB/CHoHdEA0wSuYDl0/Gzakv7m2V4bN/c --> ssh-ed25519 XgC3XA DMl79dfLSdaz2xlJSqIWuDwEExZ+oo5qRwOr0bGq2mc -9C2cNXK51NR1m1E9ImAnKyaM9MT/Ma/twCjiorAxB9E --> ssh-ed25519 l795CA XIjNxjYNcXxIDbmFtoUs4G/2Y0GQuSx6SELv5Dne5Tc -dp1qX2tvXYUlb8Vh9dd1OAe3TnbeGLB5k7uJkfMJwjI --> 9x-grease -7IlIjo/wDlHCZwwX2nBH84A3QQEMB3OxFAdoVnA ---- YWUiY6woTVnTNb8uHhYUYeiVfVvXa+/XaVlR2xBolDY -8Mb2hET2d^sh-k}6fVW79CE䍴^4O4*#Ɗ2t # \ No newline at end of file +-> ssh-ed25519 13iwjQ yDnZva2yDQZceAb3aOXQHf6V6zZGOw8j2PoFAXRARUc +S+5DzvjAUXh7wL9sl6ZSkp0iQTm0iHf6htzzwmc/BHc +-> ssh-ed25519 7MB20A v90nKl8y0z45Xuy7QFZ791Pndkxc76ZwhHY/Se75els +df574ycxv6Hv6vzsL636lC0cKmcLqG6abVzrIwh+kek +-> ssh-ed25519 IvyYug Pg5+tbv9RO/6ZS8+buk6QF2Dy56H+MhUlvfhwgiWkg8 ++mZla76JwsQPOOAEiDbwFnAyKV9UGwChiKJxFTzVIok +-> ssh-ed25519 v7O/FA Yc0oGbU00HIPbqW8TAw2B5Z1BJFD1XIo+T2wpzADZCM +nw9dBdHuQxvH9+zqvlO+CEIMTgIRsUBW8BABrhV1fHk +-> ssh-ed25519 XSnoeQ B4KCO0cLNbNxxn4z7o3gvqbmcfBygTOLLIu+zFagigM +2LtFr5XP611MSMGKO7mNDfa9JhK9/rBnK4/5AFpvG/Y +-> ssh-ed25519 XgC3XA q8FpEXgOwGrrTLNcqPcQ8a5Q1DFLYIXpjpUqduHMWxE +D3Lb4/QuUBK2VpZQU6lMC38rG/sCKx/fnIwTzdINJy0 +-> ssh-ed25519 l795CA 3R3N3Su1X1Gxb/LyEC1jy9zgGdN11+8TmgdVABDC7T0 +YOLkzbzeVn8VzHAxEsXmp+H28wTpf2FaMIIzH2O93DM +-> ~W}RI-grease F@$h|g,_ Q- eqV9wQ +Cabg4P2OtmJBSRWr1jsYCmX9T0+1PnXNhmui3rfl9vjcRTBKcDceIJ01xm66dRQQ +8oFvFwEbeXHHLrubd7ZfOW5c5MZZGo3IBOOsJAnS2J8YU1j0QxKEaxScTqMDZkQ +--- X2f6dagxbFpBSZMWSKPjG/0gvC0yHD8/5yCHxeiciwc +Р a5k`xIYdC2)- +p!(^e|T$mM7o." \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index def2691..c19fb26 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -4,7 +4,7 @@ let devUsers = [ bertof_odin bertof_thor ]; - baldur = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIud1ZZ9sZEU6Du6Y85+VmZir5suv3wu0h3b7/jg1OWZ"; + baldur = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZKc/X9TsoN3UbEJUa0PIx96RGYoDEzDlZPZb0ctwTN"; odin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP8bfOYmFN+KRjnAOdt9IazGeaRKm5tvGyblHD7MUhtr"; thor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJbMiGx/QZ/RKgad3UNyEzgLfqRU0zBo8n0AU3s244Zw"; loki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICeomEH/27XFlOjQ/GTO2mo8qPMHTbzLIsX0dloxXfhb"; diff --git a/secrets/spotify_password.age b/secrets/spotify_password.age index 8ef292a..284340f 100644 --- a/secrets/spotify_password.age +++ b/secrets/spotify_password.age @@ -1,19 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 13iwjQ BF7tr71LxM9yd152WOQ7Rl++YUmOO3Z5diGTX5WqSF0 -RVPFb5czVOuD4f8FlP2mCJ/cOkwHvz/ly1kY4G/rD8A --> ssh-ed25519 7MB20A xcGRfA0NweRkMDF2MvP6oSARToRiqzaEXeByXX804kY -7SdlKA5l+C3pnANjwF6E/a+5ZbakyGJgFf2o8ccFVu0 --> ssh-ed25519 IvyYug KqJgIO8ghBG92FsxGe5CHT5jgzgVP0eT7Aei20P1hho -Ajm6wC7kJdRqHra0z/Dt6pGJ/x83+Fe9Wa4n+0jSFD0 --> ssh-ed25519 v7O/FA Z6MKR3DNJ2ABrF5pIp9DB7/5cgRbwUSKTf4IjH2X2GM -n/QelXrT2cs8IfD+2taTmL8TjZRVICq0FcpiLAB8nrA --> ssh-ed25519 wf0wgw KH1cpSYoegIpXSE/JbKmFe5/KUoq4GlHLRmOhszX+hE -MsYB7DKtqArj+Xjjk4oYW13q6vn5Q8pKYgeYj0BJIyc --> ssh-ed25519 XgC3XA jdxlSCO4L/w9qoIvOKJ4xQ5cY9XxV28kXiZYT4QXyh8 -eZtEAYg1CwxeO2VzZBaqigH4OTXFLekY7th9KMxzbgg --> ssh-ed25519 l795CA 6f36pkHM26rehr/zDYfBSa/37NI1pMyBju9ICrCFeQM -bsu8/0tS+oLJ7jPQGRqYAcijZXrhPXsloqOrj/WWm2Q --> w'.qm{M(-grease # +rv VigtV=v j}? -ihQOcrC8wV+yzhob4VYGDHlRHxOk8hGbF7o ---- VZVRr6yibCME+sVac+zKhKVezgoSMt8yYnEsoZ8drdE -ԇxe/ @3[{t95H%}^ \ No newline at end of file +-> ssh-ed25519 13iwjQ 6ipaJiG94DYpNozHPh82jajC1mP4Ls2I6yoLlalHawI +uh7eN2S/I93AAIN0dI5HHzwOPWdcwf7blsRfl4FecLw +-> ssh-ed25519 7MB20A bJ8UzvezgcFgTTjcRzciiTLNd6XhyvC1NXC+SR/Zjx4 +CJY9MWD0O+B+v6MqDwgJ37G0sx72KbbsnP0oZmCJJ3I +-> ssh-ed25519 IvyYug PEMYliJO3Z+cfxgqqh0Ro/IzHUIJsjpAdV5FaNhHVXo +yOJEYbYsK+fsoeQ8KQxyy8PET0zMfBie524Z249YsO8 +-> ssh-ed25519 v7O/FA 7HLPgoyOu36iXiiJq86EBjz6arSlvMKhxqu05e6AyR0 +Pb0h08EmgUIFTh9wxGR80zhJwHHdoSl4+xhysiNd4LI +-> ssh-ed25519 XSnoeQ PwrbytnYWmte2oIdfyUsaKzVfvcNINb3E3uMGUco3Cw +0tVtbv6Ou23/0mz11LFSHd2ZfEZNxg2z2KHyIblVyn4 +-> ssh-ed25519 XgC3XA 3HfU6TKYDyYISPdosExNeNec3Q7Q9hrUGV5R+sxvXgs +ZsxkYXTcZHA33rMIb9thQnvaFwpopriDGxSl2rMnRkk +-> ssh-ed25519 l795CA NysIyhZHQsvUml6GZwY1xCwyZEyr6kdXWkQAMgT4u2E +mWDZvabcSc1QkDC3iO9Owe6D9rlHtjNgHvbJp4P81kk +-> _-grease +A4PFAJr/hw +--- DHJUdHeAsfvMhYVQIpi1ym5T8UvmGs1zOuzO9VBYRWg +J<&Grz˶ӣSn!^kVE@e \ No newline at end of file diff --git a/secrets/thor_wg_priv.age b/secrets/thor_wg_priv.age index f331a64..ff87baa 100644 Binary files a/secrets/thor_wg_priv.age and b/secrets/thor_wg_priv.age differ diff --git a/secrets/wg_psk.age b/secrets/wg_psk.age index d92c1ff..d59a331 100644 --- a/secrets/wg_psk.age +++ b/secrets/wg_psk.age @@ -1,19 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 13iwjQ OYSXYd6hTzcSvt8rHrMO+gvGeqR3O70629shw8qAhAY -tQ5Ofxv1rf7p0Se49TEuUatz+EHlObV0GLbEwzWKJ5s --> ssh-ed25519 7MB20A GYlbYCX/BJmB39ZvK7ZvVW+pU9kyjPzxhY0MLSkfBVo -iLf+0l6twlSFvuCMAehWM646RHMpbVfeRtIGZ/6DaGM --> ssh-ed25519 IvyYug NPfBRxUU74I5zmesMReaI3Gb5DcC04DmbiRr27ng0Fk -6XKz3vNZl8Ca3jTBiqCnDymjHIsO68MdJtOMST9V3ak --> ssh-ed25519 v7O/FA +JGFFIxOnw7Pal9ivMcp1IXrNXahtgKXNPuB5iS+yU4 -ZByWFzRKED41FjtDkzO5NkkpjzvunN0G+M+ddfVdQlI --> ssh-ed25519 wf0wgw Ehc+FJ60DDMLxgoTlfzHFNdPvISWB5XPCUbEXLxqlhE -gqYSahMXjjTvA1j/bmG1Xm3WWiho4k4i3J9V9713LTE --> ssh-ed25519 XgC3XA IE/mCJ4kxkvbBgrm86UJN3jgY6dXZ58XhUHhHH8wP0M -YiSHFsWvg+fVJlw47q4GMDAVXMOTrCKVG29JRG+ZzMo --> ssh-ed25519 l795CA W3lrlkgIN1XoWfpzS1bzwRRBYl+IuZ03I2AeinWOjAY -f1oNThaeGvIQGe6tWK78CiLU3rNvzDOJ4DCO4Le2nYo --> uLKvGjT-grease mM2B{qW* C y+ -dflek1iqduVxwSSrIu4OZNIcMQRj73Q+GO9LHqM ---- BXbque/J73X7CdHIRo0xqj2s61+4Xf5asUVVqv941H4 -Ipz0)#1u3™ߞ-BW%]bGf?w*zcM۸ q^IU6Ļ=d_n \ No newline at end of file +-> ssh-ed25519 13iwjQ YKWMbfZocQHNml56UqzYWdXyPJSGsJShGuPoUo8ExgM +Uah0rUd/S7k7e7LHymfPL4sYipTmbWo9wxUEDS8HdIY +-> ssh-ed25519 7MB20A Oh0+sTEoHu/uuom6pDpiLSSUWD3ktaNSor3dk9JXVCo +Yh6yluLeDRyfqYia+T2ewO1+WX91ZdQRXE+lYJHdYn4 +-> ssh-ed25519 IvyYug BRBLwTUAw5Udhbb2/omRb6qlb00JqQbpowww8aJhNmo +kA02qcB5yaZIlCJIdxzLizxDjlZO4KaMtwzbGeGhSS0 +-> ssh-ed25519 v7O/FA /BDY6/PcvN64hcJisx5f01zYCu5rZv4BvOhQjWDoOD0 +CxfrvxXpO5f45EtKlePKK8Hmo10OLUPMNZultFnwf6w +-> ssh-ed25519 XSnoeQ ukY++4dEsHYzA+0c/K/aNdlb3zGRXT7xnO2PukYB3xY +4fi+dnBNEuOohyopE54cFkFKvjasVaANm2MPDepy1U8 +-> ssh-ed25519 XgC3XA 1OSPAt69DuMCz3pGVN8KaBdcJ0EWjgtYjc1MKMd5kUg +SnAQgFZFzchZf7fBN5T9y59JlS9WVPPvhbv8Bg2fYjA +-> ssh-ed25519 l795CA phRn6CGF00u9tr7ZUmBZQ9K8iOQWVFR8PJxP2EB3l1Y +504lW7dKkThSu+RDakc0C+pfTxk6Lap3xUBs77BjFpk +-> U-grease xP`cg = +WHYp6LrxlamHxEUL6Wxj4FgIBTIy1AQ5MyTp +--- 3zDpnCCMtEwcj4D/c70HML3Me8xyIElLmXmCBg8vNek +5z[A tOĞitٿOIt'7I;Ku2z-ck +؅ӓCd \ No newline at end of file