diff --git a/data.nix b/data.nix index 5400a31..f028ffb 100644 --- a/data.nix +++ b/data.nix @@ -48,6 +48,12 @@ rec { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBudUFFEBpUVdr26vLJup8Hk6wj1iDbOPPQnJbv6GUGC"; jakstIP = "100.89.176.2"; }; + "fra1-a.servers.jakst" = rec { + extraHostNames = ["fra1-a.jakstys.lt" publicIP jakstIP]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFj9Ktw9SZQlHe/Pl5MI7PRUcCyTgZgZ0SsvWUmO0wBM"; + publicIP = "168.119.184.134"; + jakstIP = "100.89.176.5"; + }; "hel1-a.servers.jakst" = rec { extraHostNames = ["hel1-a.jakstys.lt" publicIP jakstIP]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6Wd2lKrpP2Gqul10obMo2dc1xKaaLv0I4FAnfIaFKu"; @@ -82,6 +88,7 @@ rec { jakstysLTZone = let hel1a = hosts."hel1-a.servers.jakst".publicIP; + fra1a = hosts."hel1-a.servers.jakst".publicIP; vno1 = hosts."vno1-oh2.servers.jakst".publicIP; in '' $ORIGIN jakstys.lt. @@ -99,6 +106,7 @@ rec { dl A ${vno1} fwmine A ${hel1a} hel1-a A ${hel1a} + fra1-a A ${fra1a} vno1 A ${vno1} @ MX 10 aspmx.l.google.com. diff --git a/flake.nix b/flake.nix index 3883944..202a384 100644 --- a/flake.nix +++ b/flake.nix @@ -118,6 +118,25 @@ specialArgs = {inherit myData;} // inputs; }; + nixosConfigurations.fra1-a = nixpkgs.lib.nixosSystem { + modules = [ + ./hosts/fra1-a/configuration.nix + + ./modules + + agenix.nixosModules.default + home-manager.nixosModules.home-manager + + { + age.secrets.motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age; + age.secrets.root-passwd-hash.file = ./secrets/root_passwd_hash.age; + age.secrets.sasl-passwd.file = ./secrets/postfix_sasl_passwd.age; + } + ]; + + specialArgs = {inherit myData;} // inputs; + }; + deploy.nodes.hel1-a = { hostname = myData.hosts."hel1-a.servers.jakst".jakstIP; profiles = { @@ -154,6 +173,18 @@ }; }; + deploy.nodes.fra1-a = { + hostname = myData.hosts."fra1-a.servers.jakst".jakstIP; + profiles = { + system = { + sshUser = "motiejus"; + path = + deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.fra1-a; + user = "root"; + }; + }; + }; + checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; } // flake-utils.lib.eachDefaultSystem (system: let diff --git a/hosts/fra1-a/configuration.nix b/hosts/fra1-a/configuration.nix new file mode 100644 index 0000000..7f2aafd --- /dev/null +++ b/hosts/fra1-a/configuration.nix @@ -0,0 +1,79 @@ +{ + config, + pkgs, + myData, + modulesPath, + ... +}: { + imports = [(modulesPath + "/profiles/qemu-guest.nix")]; + + zfs-root = { + boot = { + enable = true; + devNodes = "/dev/disk/by-id/"; + bootDevices = ["scsi-0QEMU_QEMU_HARDDISK_36151096"]; + forceNoDev2305 = true; + immutable = false; + availableKernelModules = ["xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod" "virtio_gpu"]; + removableEfi = true; + kernelParams = ["console=tty"]; + sshUnlock = { + enable = true; + authorizedKeys = + (builtins.attrValues myData.people_pubkeys) + ++ [ + myData.hosts."hel1-a.servers.jakst".publicKey + myData.hosts."vno1-oh2.servers.jakst".publicKey + ]; + }; + }; + }; + + mj = { + stateVersion = "23.05"; + timeZone = "UTC"; + base = { + users.passwd = { + root.passwordFile = config.age.secrets.root-passwd-hash.path; + motiejus.passwordFile = config.age.secrets.motiejus-passwd-hash.path; + }; + unitstatus = { + enable = true; + email = "motiejus+alerts@jakstys.lt"; + }; + }; + + services = { + node_exporter.enable = true; + + postfix = { + enable = true; + saslPasswdPath = config.age.secrets.sasl-passwd.path; + }; + + deployerbot = { + follower = { + enable = true; + uidgid = myData.uidgid.updaterbot-deployee; + publicKey = myData.hosts."vno1-oh2.servers.jakst".publicKey; + }; + }; + }; + }; + + services.tailscale.enable = true; + + networking = { + hostId = "bed6fa0b"; + hostName = "fra1-a"; + domain = "servers.jakst"; + useDHCP = true; + firewall = { + allowedUDPPorts = []; + allowedTCPPorts = [22]; + checkReversePath = "loose"; # for tailscale + }; + }; + + nixpkgs.hostPlatform = "aarch64-linux"; +} diff --git a/modules/base/boot/default.nix b/modules/base/boot/default.nix index d07d4e0..71e45cd 100644 --- a/modules/base/boot/default.nix +++ b/modules/base/boot/default.nix @@ -26,6 +26,11 @@ in { description = "Specify boot devices"; type = types.nonEmptyListOf types.str; }; + forceNoDev2305 = mkOption { + description = "https://github.com/NixOS/nixpkgs/issues/222491"; + type = types.bool; + default = false; + }; availableKernelModules = mkOption { type = types.nonEmptyListOf types.str; default = ["uas" "nvme" "ahci"]; @@ -130,7 +135,10 @@ in { generationsDir.copyKernels = true; grub = { enable = true; - devices = map (diskName: cfg.devNodes + diskName) cfg.bootDevices; + devices = + if cfg.forceNoDev2305 + then ["nodev"] + else map (diskName: cfg.devNodes + diskName) cfg.bootDevices; efiInstallAsRemovable = cfg.removableEfi; copyKernels = true; efiSupport = true; diff --git a/secrets.nix b/secrets.nix index 0d5573c..b6f9952 100644 --- a/secrets.nix +++ b/secrets.nix @@ -5,9 +5,10 @@ let motiejus = [motiejus_yk1 motiejus_yk2 motiejus_bk1]; hel1-a = (import ./data.nix).hosts."hel1-a.servers.jakst".publicKey; + fra1-a = (import ./data.nix).hosts."fra1-a.servers.jakst".publicKey; vno1-oh2 = (import ./data.nix).hosts."vno1-oh2.servers.jakst".publicKey; vno1-rp3b = (import ./data.nix).hosts."vno1-rp3b.servers.jakst".publicKey; - systems = [hel1-a vno1-oh2 vno1-rp3b]; + systems = [hel1-a fra1-a vno1-oh2 vno1-rp3b]; mk = auth: keyNames: builtins.listToAttrs ( diff --git a/secrets/grafana.jakstys.lt/oidc.age b/secrets/grafana.jakstys.lt/oidc.age index ba4a4d6..31e02d5 100644 --- a/secrets/grafana.jakstys.lt/oidc.age +++ b/secrets/grafana.jakstys.lt/oidc.age @@ -1,13 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 gJrHQg FIcNGRpq57RyXSx7ggde3ix79ijt7EHnU8LhMRrXiGk -feCa7Xln/wTFxSfBt1wW9nJDUunp1ng01kRR4fX3wtk --> X25519 9a/Z7fQMlb2Ossnx6OQfOEn+Sc7EkjH1qvRnAUNO3nI -gfpPM7RauKm2NnOfER+zJvJjaVEZOmXjxkbWKFGOUGw --> piv-p256 +y2G/w A4oYywSwobBVMGs3RTxmvnh7TQV1FYlNYrUVVqEjFUFa -qVGtilxTsOOkYaSQ8c8Io4JCqxuJSHB8szEEWc9HWNU --> piv-p256 jNqd3A AsVFA1wUy811MHNgMoCLvd3ETXbd8XxSr3uCgqGh7414 -d366KUCPHzScDv4A+9DkUcqRgfnpzoHwKXPTI6RM1Pc --> pKOSD-grease jSg. !!V_P>| +K ~E -JklMXPMAv8vHnxBr/F2g4tAKmDoe0ub/G45MSxmG5E8/HtE ---- zzyjEbFgNDFzw+NQaFyCJlqmkuYubPu2VKnkR2RHIcc -ܥlJNTsۍ-LLH|CbJ;kJQ4`Ug1ur{[_QrR[=1 \ No newline at end of file +-> ssh-ed25519 gJrHQg AwfB7w4hVyiTnbbFhZp/TYjwKXh4u1vV4tW7fbRSUD8 +sVSnkjJUZM9sWy7xXy8CaxzzXe0z0ZX4hhKwpnSgaGA +-> X25519 ZferPUdGyYwe9xe0oDZtzsioOSTO1VOZO/6cFn9oIjg +4jwGyF6Qhdu1mTLbjtP5rT2poLC5tBaZqwufRIeZ17I +-> piv-p256 +y2G/w Ai8ntDMBKe2o8AoIpy3bt4zaVGq4PivLBqvUncQ3M6bf +1XQ1uOpipPR15fWWo5uhNHxlewJDXwIdq3axCIBn1Ns +-> piv-p256 jNqd3A An1OrvEft3fnhdpfgLYkr2mzJAQhFgXEkrhcMJNzH6u9 +iGA+p7inVs/5L0SMrZXWeKQ7fozTMyBxXTSZLbZCHDM +-> np%0L/z(-grease nX] +y39sQdw8Mk3unpOkDXVIyFGlznFUecLzsRTBo1BPjwEAbZH+ppzBceiB8XYJvsGZ ++Zo +--- gsMsI9JUPzLqFZVh1Zq+jtOsm+D0c2k6POXnXc9nV6E +Y_Hf7 //[)>=S3\+r`ƷtV݊1 6ʍl{ ȿ7 \ No newline at end of file diff --git a/secrets/headscale/oidc_client_secret2.age b/secrets/headscale/oidc_client_secret2.age index 9015ad3..87766e6 100644 --- a/secrets/headscale/oidc_client_secret2.age +++ b/secrets/headscale/oidc_client_secret2.age @@ -1,14 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 gJrHQg /05rQ0bweVNFPoI6a7w4CMk8iKdObSnrK5mzU+OtAls -fEO5kDvRF049alg3AMxTwJ+KiFoh+o/6gRYxFUEdIRI --> X25519 rGiyMZnRwYcvcoFkBXfwxDy71/F7RC4xL2ILY/3KAHE -9thFbnnBvOJsopicp366uU3bJGJ2Tu4ETkhKFRWFU6A --> piv-p256 +y2G/w An1oipHxaTcuwMJtW2C+J7fiE4rafB19fCxouyW6k8Ml -/JsGUuNknM1K9PEfrwOPr2r07sChEgy80GFytvH+1Tw --> piv-p256 jNqd3A A77/PWu+DQbUNVjv6CeDB98nSZPojVXlSmk8Ed8cW0Ya -WPseJycaWCvC15+RvjJSpfyMR2kB8+jK4JIsE6fz2ws --> +WA-grease Z[ q+* -p2PdS7tDHpBr3/2EQbUXqFs5H9hAkgvMy2hiYJR5gGgLjXXFdteza2DHAP4knXfZ -iBXIy54 ---- H4QPWaIOL3GIPmPeRirGJ3W9zqjryG/cb4f+tMdJ8do -OU"D1s+& ^ )ĎI]J)"|ba2dcRﰅ )sxs*s¦iHLemm1r2 \ No newline at end of file +-> ssh-ed25519 gJrHQg wew/aQ8cC6zokYR5ysGTKl6Hlk5+FkMHGm9tPlnOBHc +3Gv9k+wQ/1+J6N0SwYkPBQzIY30dUm9vRT70pQE3kRM +-> X25519 v+zcnSwoOYbvuJ2lJqR8omrYWHLuTOWGIeIHEnPOCWY +VlUlnwWtlAze04CIjgxU5Hxhg/aKEza9FaB59yTwPh8 +-> piv-p256 +y2G/w Axb188Nt8Hgg1ld9G9WRmua32quiozY137fOJTJ3U5o2 +Czw71F+TZK+xrqlZWLbT4ZXRhOjTqxMWbHa47BPxnSQ +-> piv-p256 jNqd3A ApkWxW24HNtvrh9FTHoTdL5Slg+egLPM8B4SsCasg6H2 +EQsZGRWQeHZ+MyNH1JLnp7Ivaep8ndGdEaHvCs58reg +-> ':zBd6BO-grease k )9bGRs +`I+}e=y 1+2f +EtDLRcOK7FZPcIMAPvdG3Lm/gcZ6BhxVDpwWGaS/5Xbz/l/vCvlxpBKZhDJbLO2v +pRrCHgwzZ1F4beoEsoUMbetgu+RWeuN20PoRqYcF/bqaEw +--- Y44uyHqYhyONGZwhugfiL15SYPwNa1Hnc0uWTC/K47I +%%ʹ1٠%sy,Z?|5`~rUpTE ^~ĩ͟q$qm \ No newline at end of file diff --git a/secrets/hel1-a/borgbackup/password.age b/secrets/hel1-a/borgbackup/password.age index bbbc6d7..ce03de9 100644 --- a/secrets/hel1-a/borgbackup/password.age +++ b/secrets/hel1-a/borgbackup/password.age @@ -1,14 +1,13 @@ age-encryption.org/v1 --> ssh-ed25519 vDjOfg uZsTUwEu/YMai2awdIq/BQFWY3abjsVwkMEmdXnGdRE -Qb2875RKIevWlZLFI6p8nzYHJZWWBEaneJN3O3av9Nk --> X25519 w4QdhZ6T83yEtmMmHYxuM6OzvfxKYnDRSrFNnT/DUEU -0/wyhwb9l+apT4f3yLycoNdc8KAGD7jN01MP+rIQSQw --> piv-p256 +y2G/w A9zY1wzeRZns4KLJw9atZ3yeht6C3hn6ZX5/U6/gKsZj -WDgCACCvTzWvrGEnyxH/5m8IYF2L+V0Oju+Bpc207oA --> piv-p256 jNqd3A Aup30eQTR+vsmv1cax857STTmDcLZt/LYGr04A1b+gvN -EfrHZNnE0kVYs5pFPjMEJBGGvQWQMCduBYcLimR/5uM --> 8J-grease -Ke8pF2bIDFLnG7x3WE0nVjs0/b7uiUCWsKkiMGfmGWweEPKp12WzW0I3nbY0W+RG -mkg2tLP/e3f3Bg1ojHGLAxviPNarGMLHggHfqA ---- OpZ8utdErw6Y+ft54h+M8U7RqSpiMrVLmF5CeVgsOXA -0S=PF%)tHGPWD^QA##e%A~UA> \ No newline at end of file +-> ssh-ed25519 vDjOfg qE1m5wfe6EDznGY1+wSOpjQUKqtTxIDdchhCI9k5XDk +QYY1XoNgPSKG7FviZ/eKd1JRnzgxqJ1Qk1N4Mef2VgU +-> X25519 w7kjkHTAfCa/BBR9UIt5Ot5J3E3/5eeEq5UYzeI5kyA +muOd5sJ7ltp+Qoa/4u2JK6nDKDznOGIdXdW97EJd5kw +-> piv-p256 +y2G/w AgL2mVamTDtUpdh0aP1uEh50rHRIuKd+2lwx+bJ+lzXJ +YHrtfcMdVwVRaDlO2w4mRFl/a9B7EUzCChVRk7dZvFk +-> piv-p256 jNqd3A Al5XgSsapW+fByHbnzuHrf4EOigaCPcddad5uT8IamSw +7opGoEQkyNwmQpiKg2Cv1iD+QoJciE/ge6cfvY1CGj4 +-> +-grease *T {@-1U qK wp +A+n+ZsIvo09wWd52WR+ALEPHTcFm5Eg +--- LJnZrv1AE60TX+PQl1cGayCh4Y337S/Kb48FgTgNDuI +kq|ۘ[h]>u1j"qofΆoac>.ȴAЮ' \ No newline at end of file diff --git a/secrets/hel1-a/zfs-passphrase.age b/secrets/hel1-a/zfs-passphrase.age index 5bd3c7c..a44935a 100644 --- a/secrets/hel1-a/zfs-passphrase.age +++ b/secrets/hel1-a/zfs-passphrase.age @@ -1,14 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 gJrHQg FWA1lK+TeNBOpcRkyTlg1RR1PWcq998uQzNJBJDjIUE -5Nu5BQE1qjJ9xIqFGVMUCyx/QyHO2r4Ix0oVggUdj/M --> X25519 5s5tQfEM12E80k9ijUtHJ3reh/eBySGKy8dsdtOuT28 -U3MheuBJ2M9qtBTAE5Vlbx/1sOrr2/MgJo65Sxv9Vs8 --> piv-p256 +y2G/w A24qVT5zeyEx0ZnsoBDUJuT4yNttPQZSuy0cvP5dBuXp -+ofdTddNA2DULyNCh1G/Sz+AcvIGXjoiecN8Lc5MQuE --> piv-p256 jNqd3A ApCoXMRihIMxiMRCMyfHWlFCli4RWxi+B4OZbb5rXFBh -YZkECC647AFW13wUw0//jsoQUoBcjzk/FDVzGdZ8bEU --> 3GN™#Y*6wɹ \ No newline at end of file +-> ssh-ed25519 gJrHQg I/eHDEwq5k+VUaw7K9NZMi8QAJB9oRYh++h+MmIwHgI +aNJrHNG344QJ3Gu5aOglIApuJ/81q+zwzPdn8vxlz1U +-> X25519 OacNJ2QUbzyCLA14VaFV7iDbvnvxcHGhrbb3W+U9n2o +gI/gTlOG1Bf6VtnywvbK/sBw7qifccYN//ewzAiqOXg +-> piv-p256 +y2G/w AzTSWUxWmA2PfCuSHwnvvpptSbuXlJUvcb06wC2NUR9I +rQk5jOiOaAUY2K/3cOU85Ybc2CQE9D2w7OKEtjQjpJg +-> piv-p256 jNqd3A AtbxvFxcX2p9rI4nGtO6I+fQpcjOE/VY4zfM0HPZMyuN +3WzZpLoD7EGUnhVYWtu+RUA6hQlYMZht5I/7XfuiREE +-> 3;W'_6-grease QPW Lo bMh +H7kK9Mv1FebKetEpM7OCh88zHZosr2O+knlIUySwcOLyuYuG7YKX7kn6EewLOECe +k08/HrRocSDsM+xf7TLS6daHq+DtdTM8u18Kt+l8spdIzPdpRBqs9DSp +--- 4MS301cyK8LfYfi8+rypmOAl5cf8a+BB5JFm6uP4aX0 +U̯Neƭ0pr}3f\¹ꈞql|"Ԣȏ+f!z8F7 \ No newline at end of file diff --git a/secrets/letsencrypt/account.key.age b/secrets/letsencrypt/account.key.age index 6253de3..f043fb0 100644 Binary files a/secrets/letsencrypt/account.key.age and b/secrets/letsencrypt/account.key.age differ diff --git a/secrets/motiejus_passwd_hash.age b/secrets/motiejus_passwd_hash.age index b486733..4e75b0f 100644 Binary files a/secrets/motiejus_passwd_hash.age and b/secrets/motiejus_passwd_hash.age differ diff --git a/secrets/postfix_sasl_passwd.age b/secrets/postfix_sasl_passwd.age index 30e657b..00afa14 100644 --- a/secrets/postfix_sasl_passwd.age +++ b/secrets/postfix_sasl_passwd.age @@ -1,17 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 vDjOfg 6fa6kHvbSkI6F9S54u7FMduv+YmuHUGTIZz0CiQhhnQ -sb9iRMQeU8w8GIh4/iczLHfq4HmFEEClyeVq0cTQ7rc --> ssh-ed25519 gJrHQg 5Vne+RdTULf2Pqq2X9h2uu0Q4hGX9/FjfWcNkTJa0D8 -+Uv7KvCDlAhPhS3vVwzH+SLFMkP2fIiuwvAETksdasc --> ssh-ed25519 CBqt6Q +gmJpUrMj+6ximFLkdW67k8TKfOQR1YAz20aPsixXxk -pM4H8b70EF/Ga4y77BPobxuUF/FawBcrLjVBxEdtvsM --> X25519 qbNRcP9+m4kubmSsRYE6vIU0F3x5D5hilQ27CP1O+GA -BRiup/KQxlqX5JoWy7aJjon14Mruxv1JvftFshuyZKc --> piv-p256 +y2G/w ArRtqE+8sVRYvK8r6yj8UhYhCJeqzH1fYGo4yK6y/Mpa -iJRdwpx5glVPzuI60f1tSbBsWfECWIkUIY6wiIeF+yk --> piv-p256 jNqd3A A22i9InHF96PSCvrPWLmgS42MLwJwtMJAVYr9u4qjmD1 -iqV25lJ5k+Xg8L+Q7Xc9EFQV+QnSJZgUJDy/eD8PKn4 --> DcZ0C-grease -auoi ---- XTP2L0fnjBcOJuu3VkZeGvO2QSVngpBuNtvQsqnXRDY -M(2[oӂD}5$$*RZƃ}TA/H%w)o$37CetZ7ޮ/֩'9U>S]E NjkV˕lKu \ No newline at end of file +-> ssh-ed25519 vDjOfg AfQkw1UeTbbmmLpQDUREbymEhksQcuuew5CVvUm96l8 +MGHzsuUSGxylTki4RiweGpy6qkfNDV6FZWFq0HYqcVA +-> ssh-ed25519 qDkIVA ae13qzkkd7MOF+K3c9hboyLgIKtyCvIwnwTaJPUptGQ +NqgLmlyRH1xS8DPLf6K2TkVXyLPq7JoVQIrJR/ZiQok +-> ssh-ed25519 gJrHQg XPvoFk3rmcR+LUqhEe4lPRRaJX15Aly2Bog1yupGcXk +8dhK7AkVeBRzHxyeuR4A2aDCEQD1MX6cJ9IjJwEINE0 +-> ssh-ed25519 CBqt6Q +KdvDUniNHGTo0jBFWItMmyNxE0r5xLPGAFxV9VFNhc +K4Lu5yzchnoCrvxzjR9xCxSgYZvKry+drpjwiKVQ8J8 +-> X25519 88HnH2v3YYipPYB9qk8pmVtMIYN/1vmW43f55HCUyjo +AThm3DxL6sbDlBnN0YwJBee7X+79QwGRJTwWjBaNTqc +-> piv-p256 +y2G/w AmxWHRvDHpWeP14zX4osgk6J86rhgwZ0zGu/Tsi1B6Q7 +yyBXrNYjobXhtZJXb7agK8Qv9+FJ5PaJSvC0CZ9Gedg +-> piv-p256 jNqd3A Am53IYYfiB4zdUsAgBHWSZYGOhjS19U4j3DlgzY0EnwU +F3CcfTCcsujUhVIBVUbu3umE3Tta+gMQmYzQZBpdGf4 +-> ?FGn:n?-grease Vx sa, pC +3O61kvJv/TGOMRyjDAFXBA64FQLjL1CyAUi0GrxJ5nBarL8w6iaaWRcRUBBkw1rb +pY1R +--- I/iGZ9cuID9D/KMFMMqRDd/ole/MNPygPYks57FHprU +?'a8ߵrig90cN(hgRIQ#JIudXdH;@;dh o905T$j0fgrcWynI{6q&d=)+uT-^ߪ \ No newline at end of file diff --git a/secrets/root_passwd_hash.age b/secrets/root_passwd_hash.age index dee1b87..7f376f1 100644 --- a/secrets/root_passwd_hash.age +++ b/secrets/root_passwd_hash.age @@ -1,18 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 vDjOfg +T2+c6s8yRI3DmcMCELDCu9bH5jwkGmWcOe0BT9e504 -ilH6f5UfROVu9UNEG3bwKDVCW9TBez/1tctCo7GqW3o --> ssh-ed25519 gJrHQg Rj+QeoWpjZzwBD3zRVRA0TbYBKtlZnLIXjza5xb1oXc -2KJxVI1VCvD7IuO8nQ2V9TjMK0+ybfOh6t2/7dRw9dg --> ssh-ed25519 CBqt6Q A1VXR8o6Xyt1jzbDhmvAtuUzvjDqeVxIbWObGV/Fe20 -o5o42d6SVooI67lg4nKfx1u+HY/TGL2ys0J/V5lzn+0 --> X25519 uMqXsxlaJlX5WDy/0m4LTGQwqy4+gouKIOzjAQMpzA4 -eYaegTrmE+n7zdet2oSixttbd+zA2hssdg6NoyS04vY --> piv-p256 +y2G/w A2HUb9rvWY/Wehzh7luAt3Z3bJftC1eSgV6D2G/sivuf -7g3BjfSbfI97gzpeUpgVyCNc94Cx9j9coc/7huEKxl8 --> piv-p256 jNqd3A AyuHpDNY37NNMFsC5e9RRSh6Ii1WvNhK2JwCgLzxBgdG -fumXWMKQd3cdCzGhGSrKl0v7AYkUwOXL4iPLQamHFnE --> %i4-grease -uHEF74/F+pbG8QNel8l7uqFLqmN7uw4gd0zd5SPidB8IXjzc ---- vuYEQoi+VbObu7O6lokSpYmKLn1H6lOuc+C9Q5FZD1U -PR -@B=sKNhE=ҍ[vypڔU3*b o.dqՊסl=ˇ󴵎d۬MM#J 3|U|&Yde00ZY^ \ No newline at end of file +-> ssh-ed25519 vDjOfg ccN/cS4ZAfiOx9C6wFErEjvOqPbKy6h893jYT/z2T18 +9ChhXfz2dV5T0D06TzW255LB76g16ifZmQbPVDqD5Do +-> ssh-ed25519 qDkIVA Fac/jOHkXu8NPiZlb3hk2BqB8BhadPjqfn1zc108ll8 +N9AY1CqLGwtfYiFsJGV/IQ9mJTDSqM54X6fnA7NnXNQ +-> ssh-ed25519 gJrHQg VF4G1Q4oeb3JVfHQhjh4yJvUlTN1PTEyrhKSBrOcvgg +8ceAf/cu7cuhTXVzB7nOi2he/ktrlpVkr21i1Z4XqIQ +-> ssh-ed25519 CBqt6Q bzv7fF4OAU7GKJiJGrihvDev4M6Qsr7+W8JQ9QNHUjo +Hy9ZIS04J4VMfuNQiTTB7sW2CzoROdoyhIbLldndfvI +-> X25519 PrY0KyZTE7eXHRGlVSpYzBoT73pBHWQvTRO9eeJCWwg +L/ukKZtZScR3WkeX8bMNXxGW2PFV9kLnPKFSb+t001E +-> piv-p256 +y2G/w AxDz+bV/IPQCzwPUt6+am/IRtijuRkf3vTuufzGiyO6Y +knF13FZXnMLOEF9Q7dOKJZE/2QQg83PqGFpO0kyWFBw +-> piv-p256 jNqd3A AtRxeHPEitdL4wic71ulRVgM2QbO/sOuNxilHnstQA6P +Gbrsiq00AnBjMR25PPYxeix3RaUvub/6F02JP6W9AJg +-> wIqU6'R-grease 33MjIB)v TohZ +Dsa2LmHh0qb+8Vmzr73952TK7Fy6DdNQTlbsyixrjKy18my/Q40kfKfipM0+ +--- 2tU902KSTImP9fQArgBYHy2yEnPkrlR/LMrSOuaLwdE +tD;8"8e=( 2_#I7QXKw=_(r bwD:t"7u\DlM`e ' +@]wj[<؈p \ No newline at end of file diff --git a/secrets/synapse/jakstys_lt_signing_key.age b/secrets/synapse/jakstys_lt_signing_key.age index 0eab883..ed9e7f8 100644 Binary files a/secrets/synapse/jakstys_lt_signing_key.age and b/secrets/synapse/jakstys_lt_signing_key.age differ diff --git a/secrets/synapse/macaroon_secret_key.age b/secrets/synapse/macaroon_secret_key.age index 0aa407d..cead95f 100644 Binary files a/secrets/synapse/macaroon_secret_key.age and b/secrets/synapse/macaroon_secret_key.age differ diff --git a/secrets/synapse/registration_shared_secret.age b/secrets/synapse/registration_shared_secret.age index c117844..caa7d82 100644 --- a/secrets/synapse/registration_shared_secret.age +++ b/secrets/synapse/registration_shared_secret.age @@ -1,15 +1,13 @@ age-encryption.org/v1 --> ssh-ed25519 gJrHQg ffxdmFgRbbThAPsXCqrmqlJeaKj50YS+hM0GYGLTQkU -MxEkjQzTlJ9GGLpohAoVa7w1AJKaxCJRca7dYGLtBzA --> X25519 8OTgARYYgWi1PeFLEDUndJ9xSs/W9Z6p2hETrWaurkk -D4DvfXCZ7TrloVYbXx/DLIrW5yW5PhhEUzOrte3RPac --> piv-p256 +y2G/w A4iElwc6M+dTz/LVi0l/vO73zSf3bE0t8gT0/zGF9dWq -mKdyh0I/8Dmv4DRpcE+RhPjp8tTuV3UI0uI/LYt0noQ --> piv-p256 jNqd3A Ai4ZOf+hB30/3IkpLVzeDBbBkoAbsSP+/esY3SACYt4G -Z/DYBsb8TVt75Nvt9KNPqGuGhLRtT+KJcNsgTjRDsBE --> p-grease %V0%NL0/ Jqtp61!y 4 %*ii3\% -3CEt8jshnha3CaS3g1/gsHuNonR/Nn17C+aOmMUt7+HTvoVZpsSWMb+y5q4LR1S0 -vHsquuywbw257q4E+foJPlKXtK/nbRATvKXpHAC5sSPwbw+aye4zSLWU8rv+yA ---- 0O9vjzCZYCyhj+Wpf9n8JTUqHmXNLifflFBpYvLFL80 - -?lt7-R{Bf8@Wt4K UI&wU˘mO"yOlJI&WB=2e{?# \ No newline at end of file +-> ssh-ed25519 gJrHQg 41GyF7UMrtsuI0z2WZgsZf/bmyAcAa74RfLp1AicLjg +ytXT4+8r0ffudmZ4ZlkICx+ddRm3b+T73IkLfOrJrWs +-> X25519 guLncWEl3J7IqltGm9TuhN/8O3hrnQ1Prh0Jsxy7PFo +RR0x9AkSjAM6TNyNWZA1LOG3uZAxqGIjq0t714Msn/c +-> piv-p256 +y2G/w A+S8K3QVsjfGVFpIyCA3uXV2ZE2CcitAWFs1wdTb/bec +MboWcsjnwwhggY67m9qmDwY7hmHsdew9fktbmTI0fWU +-> piv-p256 jNqd3A A+fH2xUnVmcgQxREYgT4v1PaAmPAG9uoC8UrBPucMVxP +XU3VOt8BsN8hka0XbJ1zLG+1asmfv2qslSirlLlA4VU +-> =s-grease +BH6aufY +--- oSZP5kASZECqlU7b8N7+WSFtstI4u6Vc49QUZl+SIg8 +ΥE !hΒ3 uPvL VK22i*qޖ2Giדoi4[3#c1"v)> \ No newline at end of file diff --git a/secrets/vno1-oh2/borgbackup/password.age b/secrets/vno1-oh2/borgbackup/password.age index bef1ca6..e900444 100644 --- a/secrets/vno1-oh2/borgbackup/password.age +++ b/secrets/vno1-oh2/borgbackup/password.age @@ -1,14 +1,13 @@ age-encryption.org/v1 --> ssh-ed25519 gJrHQg ESiJkK+AbUYnpPzWzJwT2vXCekr8JFKVHAluKgYj+lQ -Y1dVxVehvXp982Uv8yFkQMd8bDxmtK6q/vwAV41B6ao --> X25519 QNnqg1/Bi911Y7W2fD5oTgfbeuhknXHkoBLjTLOH6RU -upXY8JVRjSTfw3kGQIVl3B+HP3l5mIug5KJCSQfnPgg --> piv-p256 +y2G/w AyXKFigaApuL9nF/3hO5+KYg+I6dEZ8jt8MdTLQ1Uo2s -lkncgwZebVAQi8IfoqFdfwBU9Im5z6t95fUxalY85uc --> piv-p256 jNqd3A AxkBvH1D4M0SKXUcU0xLkVlOGs5N5chQibVBqFyBqATn -DiSN52dtvrtigH7Ab3WKNUh04b72KT0oTprIDRVZAVI --> 6jYgXN-grease -GEvhMWqEB2ERO1F0rOxJacf5QQ ---- ZXufptBo8uDjjxBH5szEVCV0mttzfhra2D0jMijKcFo -X T(ܥΩ$,[ִ;zm`3kJ&E"ԫ9 - \ No newline at end of file +-> ssh-ed25519 gJrHQg Nn62/m3DrF4YxjI0ycPFaKriGrkE3ixVVJz+tFYCsVs +sDa69aqWlf75k/hWgx8OuuPWvvWuDYZlStaWzW3kq70 +-> X25519 3ebH/jOO/SjKrdcPcYc24mYXg5nn4HyvRCxlIJVVZUI +TujCwZHodT5adBPpKuZ12e2g8ONVI+Zf7ba95FKNFAs +-> piv-p256 +y2G/w AjBaqeL3p8bjNPGn+uI+MCsF1UiiXLxiRGh44BavzOpH +96+gVz3oxd4b4fvT0VgVvIt6ppq1Yav4H1rGZgVqUsE +-> piv-p256 jNqd3A A8peXvU8dS8RxQxEw5+vcPto5aLGVvXKAaAo15x0giVa +aqZo+JsD02ONfovyNw9y4iRvNFYh6VryNETfZja4elE +-> 5-grease =2CO W +u74 +--- YeeJl5cn6iA2PxOVw9NmuvBE9hkwYt8+nA8S4OsGqss +ں^ٞ`;ιf}U?ggy_Dnr \ No newline at end of file diff --git a/secrets/vno1-oh2/zfs-passphrase.age b/secrets/vno1-oh2/zfs-passphrase.age index eb0bd66..99d339d 100644 --- a/secrets/vno1-oh2/zfs-passphrase.age +++ b/secrets/vno1-oh2/zfs-passphrase.age @@ -1,14 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 vDjOfg Q1sECRy7lkHYa3bFIQQNNbaIfEjdZShkdGjPqTipWEU -OzCOnN56ti6HmLFwYOKCZ81qnhCTGNoMtdaOrSPDsRA --> X25519 gIWhWpUrehSyghn/Eok2Fg2bKo0/28n01+bB3DXaPDA -i71PJ/nJAgvZuwDwnTeqvxXsQr09VCOlpkCZ3V3NQ+U --> piv-p256 +y2G/w A2rC4hbY48aKDwZ08hMZPAXTMP6dtUxVboG5ow3bDXPq -wK9Co8sWTygN+Mp+3ZSy+JLV5TRpA/ZgXoCoqSqtipw --> piv-p256 jNqd3A A8eWt9X0EyPCwST/tutbEjUcyJ3Id9cL7fFkm75SeWKI -caMp+o0ziLQLpJukTSEqnwkhE84bXIL76wTu3JAEpKo --> G`=je-grease z hi^@N@ -Q+3IMD7GELrAEPoCeL0i ---- IOqB7rGBpsOYcNf81wMJfwAox7zL0+lyKVzh6ZhuJH0 -=ѹo -x$DGC12'ըVLP]UT \ No newline at end of file +-> ssh-ed25519 vDjOfg hQz/8dKNzISetnpTQAqSGyAzlxJxVKiTMc4iA38yXyE +2TEo7UV6EyASIByWwliiLTqP0smmfKDi/UkDi8PMwwY +-> X25519 KlnATfXI6zqAaVTSNO78la8rmyWMtVRww9BlF8/h7nc +O5Digx7rg+JsCTncY6/aNVPNQeYHKpCf1EYwHIWdnvQ +-> piv-p256 +y2G/w AgbNt1GusrDSgdy5tFoRrfga6alFvEph85HuU9NQ6lJE +csay3X8DFRj3VEBrCGDz1ItIcL8lmZUEIQC7VMXExA4 +-> piv-p256 jNqd3A A1kYMKCBVoNt1a7ntDlxB75zZLEpkK+B2S/oEVtLb3L4 +Eim5jOLs+LeFtBW6Mx3Qum1ush7hLc5xm5sskPxkF9c +-> czlN+-grease Ixf +B8uHZdeLS17u6pLgeHiCCjNTvctel5Tby+GatAEssp9SzxZYZEKr2w42KpJe0k/F +iKao +--- w4iT5CdobRQzEKBiGyU60DIHxAn9SsJ++X0vYrECmuM +_ W+@#|3:; U`2ebcgTU \ No newline at end of file