remove vno1-oh2
This commit is contained in:
parent
0a7f58d4ed
commit
2a1e055aff
|
@ -3,14 +3,14 @@ Config
|
|||
|
||||
Flakes:
|
||||
|
||||
$ deploy --interactive '#vno1-oh2'
|
||||
$ deploy --interactive '#fwminex'
|
||||
|
||||
$ nix build .#deploy.nodes.fra1-b.profiles.system.path
|
||||
|
||||
Other:
|
||||
|
||||
$ nix build .#nixosConfigurations.vno3-rp3b.config.system.build.toplevel
|
||||
$ nix eval .#nixosConfigurations.vno1-oh2.config.services.nsd
|
||||
$ nix eval .#nixosConfigurations.fwminex.config.services.nsd
|
||||
|
||||
Encoding host-only secrets
|
||||
--------------------------
|
||||
|
|
25
data.nix
25
data.nix
|
@ -43,21 +43,6 @@ rec {
|
|||
};
|
||||
|
||||
hosts = {
|
||||
"vno1-oh2.servers.jakst" = rec {
|
||||
extraHostNames = [
|
||||
"dl.jakstys.lt"
|
||||
"irc.jakstys.lt"
|
||||
"vno1-oh2.jakstys.lt"
|
||||
"www.jakstys.lt"
|
||||
"vpn.jakstys.lt"
|
||||
publicIP
|
||||
jakstIP
|
||||
];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHtYsaht57g2sp6UmLHqsCK+fHjiiZ0rmGceFmFt88pY";
|
||||
initrdPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKns3+EIPqKeoB5OIxANIkppb5ICOmkW8X1DOKJPeRWr";
|
||||
publicIP = "88.223.107.21";
|
||||
jakstIP = "100.89.176.4";
|
||||
};
|
||||
"vno3-rp3b.servers.jakst" = rec {
|
||||
extraHostNames = [ jakstIP ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBudUFFEBpUVdr26vLJup8Hk6wj1iDbOPPQnJbv6GUGC";
|
||||
|
@ -85,10 +70,16 @@ rec {
|
|||
extraHostNames = [
|
||||
"jakstys.lt"
|
||||
"git.jakstys.lt"
|
||||
"dl.jakstys.lt"
|
||||
"irc.jakstys.lt"
|
||||
"www.jakstys.lt"
|
||||
"vpn.jakstys.lt"
|
||||
jakstIP
|
||||
vno1IP
|
||||
publicIP
|
||||
];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHlWSZ/H6DR5i5aCrlrEQLVF9MXNvls/pjlLPLaav3f+";
|
||||
publicIP = "88.223.107.21";
|
||||
jakstIP = "100.89.176.6";
|
||||
vno1IP = "192.168.189.10";
|
||||
};
|
||||
|
@ -146,7 +137,7 @@ rec {
|
|||
e11syncZone =
|
||||
let
|
||||
fra1b = hosts."fra1-b.servers.jakst".publicIP;
|
||||
vno1 = hosts."vno1-oh2.servers.jakst".publicIP;
|
||||
vno1 = hosts."fwminex.servers.jakst".publicIP;
|
||||
in
|
||||
''
|
||||
$ORIGIN 11sync.net.
|
||||
|
@ -178,7 +169,7 @@ rec {
|
|||
jakstysLTZone =
|
||||
let
|
||||
fra1b = hosts."fra1-b.servers.jakst".publicIP;
|
||||
vno1 = hosts."vno1-oh2.servers.jakst".publicIP;
|
||||
vno1 = hosts."fwminex.servers.jakst".publicIP;
|
||||
in
|
||||
''
|
||||
$ORIGIN jakstys.lt.
|
||||
|
|
41
flake.nix
41
flake.nix
|
@ -155,36 +155,6 @@
|
|||
} // inputs;
|
||||
};
|
||||
|
||||
vno1-oh2 = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
{ nixpkgs.overlays = overlays; }
|
||||
./hosts/vno1-oh2/configuration.nix
|
||||
./modules
|
||||
|
||||
agenix.nixosModules.default
|
||||
home-manager.nixosModules.home-manager
|
||||
|
||||
{
|
||||
age.secrets = {
|
||||
motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
|
||||
root-passwd-hash.file = ./secrets/root_passwd_hash.age;
|
||||
|
||||
sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
|
||||
borgbackup-password.file = ./secrets/vno1-oh2/borgbackup/password.age;
|
||||
letsencrypt-account-key.file = ./secrets/letsencrypt/account.key.age;
|
||||
|
||||
syncthing-key.file = ./secrets/vno1-oh2/syncthing/key.pem.age;
|
||||
syncthing-cert.file = ./secrets/vno1-oh2/syncthing/cert.pem.age;
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
specialArgs = {
|
||||
inherit myData;
|
||||
} // inputs;
|
||||
};
|
||||
|
||||
fwminex = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
|
@ -270,17 +240,6 @@
|
|||
};
|
||||
|
||||
deploy.nodes = {
|
||||
vno1-oh2 = {
|
||||
hostname = myData.hosts."vno1-oh2.servers.jakst".jakstIP;
|
||||
profiles = {
|
||||
system = {
|
||||
sshUser = "motiejus";
|
||||
path = self.nixosConfigurations.vno1-oh2.pkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.vno1-oh2;
|
||||
user = "root";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
fwminex = {
|
||||
hostname = myData.hosts."fwminex.servers.jakst".jakstIP;
|
||||
profiles = {
|
||||
|
|
|
@ -72,7 +72,6 @@ in
|
|||
uidgid = myData.uidgid.remote-builder;
|
||||
sshAllowSubnet = myData.subnets.tailscale.sshPattern;
|
||||
publicKeys = map (h: myData.hosts.${h}.publicKey) [
|
||||
"vno1-oh2.servers.jakst"
|
||||
"fwminex.servers.jakst"
|
||||
"mtworx.motiejus.jakst"
|
||||
];
|
||||
|
|
|
@ -316,10 +316,6 @@ in
|
|||
job_name = "vno3-rp3b.servers.jakst";
|
||||
static_configs = [ { targets = [ "${myData.hosts."vno3-rp3b.servers.jakst".jakstIP}:${port}" ]; } ];
|
||||
}
|
||||
{
|
||||
job_name = "vno1-oh2.servers.jakst";
|
||||
static_configs = [ { targets = [ "${myData.hosts."vno1-oh2.servers.jakst".jakstIP}:${port}" ]; } ];
|
||||
}
|
||||
{
|
||||
job_name = "mtworx.motiejus.jakst";
|
||||
static_configs = [ { targets = [ "${myData.hosts."mtworx.motiejus.jakst".jakstIP}:${port}" ]; } ];
|
||||
|
@ -510,7 +506,6 @@ in
|
|||
repo = "git@git.jakstys.lt:motiejus/config";
|
||||
deployDerivations = [
|
||||
".#fwminex"
|
||||
".#vno1-oh2"
|
||||
".#fra1-b"
|
||||
".#vno3-rp3b"
|
||||
];
|
||||
|
|
|
@ -1,214 +0,0 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
myData,
|
||||
...
|
||||
}:
|
||||
{
|
||||
zfs-root = {
|
||||
boot = {
|
||||
enable = true;
|
||||
devNodes = "/dev/disk/by-id/";
|
||||
bootDevices = [ "nvme-Samsung_SSD_970_EVO_Plus_2TB_S6P1NX0TA00913P" ];
|
||||
immutable = false;
|
||||
availableKernelModules = [
|
||||
"ahci"
|
||||
"xhci_pci"
|
||||
"nvme"
|
||||
"usbhid"
|
||||
"sdhci_pci"
|
||||
"r8169" # builtin non working
|
||||
"r8152" # startech usb-ethernet adapter
|
||||
];
|
||||
removableEfi = true;
|
||||
kernelParams = [
|
||||
"ip=192.168.189.1::192.168.189.4:255.255.255.0:vno1-oh2.jakstys.lt:enp0s21f0u2:off"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||
|
||||
mj = {
|
||||
stateVersion = "23.05";
|
||||
timeZone = "Europe/Vilnius";
|
||||
username = "motiejus";
|
||||
|
||||
base = {
|
||||
zfs.enable = true;
|
||||
users = {
|
||||
enable = true;
|
||||
root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
|
||||
user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
|
||||
};
|
||||
|
||||
snapshot = {
|
||||
enable = true;
|
||||
mountpoints = [
|
||||
"/home"
|
||||
"/var/lib"
|
||||
"/var/log"
|
||||
];
|
||||
};
|
||||
|
||||
zfsborg = {
|
||||
enable = true;
|
||||
passwordPath = config.age.secrets.borgbackup-password.path;
|
||||
sshKeyPath = "/etc/ssh/ssh_host_ed25519_key";
|
||||
dirs = [
|
||||
# TODO merge
|
||||
{
|
||||
mountpoint = "/var/lib";
|
||||
repo = "zh2769@zh2769.rsync.net:${config.networking.hostName}.${config.networking.domain}-var_lib";
|
||||
paths = [ "tailscale" ];
|
||||
backup_at = "*-*-* 01:00:00 UTC";
|
||||
prune.keep = {
|
||||
within = "1d";
|
||||
daily = 1;
|
||||
weekly = 0;
|
||||
monthly = 0;
|
||||
};
|
||||
}
|
||||
{
|
||||
mountpoint = "/var/lib";
|
||||
repo = "borgstor@${
|
||||
myData.hosts."vno3-rp3b.servers.jakst".jakstIP
|
||||
}:${config.networking.hostName}.${config.networking.domain}-var_lib";
|
||||
paths = [ "tailscale" ];
|
||||
backup_at = "*-*-* 01:00:00 UTC";
|
||||
}
|
||||
|
||||
];
|
||||
};
|
||||
|
||||
unitstatus = {
|
||||
enable = true;
|
||||
email = "motiejus+alerts@jakstys.lt";
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
friendlyport.ports = [
|
||||
{
|
||||
subnets = [ myData.subnets.tailscale.cidr ];
|
||||
tcp = with myData.ports; [
|
||||
80
|
||||
443
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
tailscale.enable = true;
|
||||
node_exporter.enable = true;
|
||||
sshguard.enable = true;
|
||||
|
||||
nsd-acme =
|
||||
let
|
||||
accountKey = config.age.secrets.letsencrypt-account-key.path;
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
zones = {
|
||||
"irc.jakstys.lt".accountKey = accountKey;
|
||||
"hdd.jakstys.lt".accountKey = accountKey;
|
||||
"grafana.jakstys.lt".accountKey = accountKey;
|
||||
"bitwarden.jakstys.lt".accountKey = accountKey;
|
||||
};
|
||||
};
|
||||
|
||||
deployerbot = {
|
||||
follower = {
|
||||
publicKeys = [ myData.hosts."fwminex.servers.jakst".publicKey ];
|
||||
|
||||
enable = true;
|
||||
sshAllowSubnets = [ myData.subnets.tailscale.sshPattern ];
|
||||
uidgid = myData.uidgid.updaterbot-deployee;
|
||||
};
|
||||
};
|
||||
|
||||
postfix = {
|
||||
enable = true;
|
||||
saslPasswdPath = config.age.secrets.sasl-passwd.path;
|
||||
};
|
||||
|
||||
syncthing = {
|
||||
enable = true;
|
||||
dataDir = "/home/motiejus/";
|
||||
user = "motiejus";
|
||||
group = "users";
|
||||
};
|
||||
|
||||
remote-builder.client =
|
||||
let
|
||||
host = myData.hosts."fra1-b.servers.jakst";
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
inherit (host) system supportedFeatures;
|
||||
hostName = host.jakstIP;
|
||||
sshKey = "/etc/ssh/ssh_host_ed25519_key";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
|
||||
nsd = {
|
||||
enable = true;
|
||||
interfaces = [
|
||||
"0.0.0.0"
|
||||
"::"
|
||||
];
|
||||
zones = {
|
||||
"jakstys.lt.".data = myData.jakstysLTZone;
|
||||
"11sync.net.".data = myData.e11syncZone;
|
||||
};
|
||||
};
|
||||
|
||||
#syncthing.relay = {
|
||||
# enable = true;
|
||||
# providedBy = "11sync.net";
|
||||
#};
|
||||
};
|
||||
|
||||
systemd.services = {
|
||||
syncthing-relay.restartIfChanged = false;
|
||||
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
yt-dlp
|
||||
ffmpeg
|
||||
imapsync
|
||||
geoipWithDatabase
|
||||
];
|
||||
|
||||
networking = {
|
||||
hostId = "f9117e1b";
|
||||
hostName = "vno1-oh2";
|
||||
domain = "servers.jakst";
|
||||
defaultGateway = "192.168.189.4";
|
||||
nameservers = [ "192.168.189.4" ];
|
||||
interfaces.enp0s21f0u2.ipv4.addresses = [
|
||||
{
|
||||
address = "192.168.189.1";
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
firewall = {
|
||||
allowedUDPPorts = [
|
||||
53
|
||||
80
|
||||
443
|
||||
];
|
||||
allowedTCPPorts = [
|
||||
53
|
||||
80
|
||||
443
|
||||
config.services.syncthing.relay.port
|
||||
config.services.syncthing.relay.statusPort
|
||||
];
|
||||
rejectPackets = true;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -84,7 +84,6 @@
|
|||
enable = true;
|
||||
dataDir = "/data/borg";
|
||||
sshKeys = with myData; [
|
||||
hosts."vno1-oh2.servers.jakst".publicKey
|
||||
hosts."fwminex.servers.jakst".publicKey
|
||||
people_pubkeys.motiejus
|
||||
];
|
||||
|
|
|
@ -42,10 +42,7 @@ in
|
|||
|
||||
http = {
|
||||
use_x_forwarded_for = true;
|
||||
trusted_proxies = [
|
||||
"127.0.0.1"
|
||||
"${myData.hosts."vno1-oh2.servers.jakst".jakstIP}"
|
||||
];
|
||||
trusted_proxies = [ "127.0.0.1" ];
|
||||
};
|
||||
#homeassistant = {
|
||||
# auth_providers = [
|
||||
|
|
|
@ -10,7 +10,6 @@ let
|
|||
devices = {
|
||||
"fwminex".id = "GKSUKZE-AOBQOWY-CNLZ2ZI-WNKATYE-MV4Y452-J3VCJ5C-EAANXRX-2P6EHA6";
|
||||
"mtworx".id = "C72YA2S-PE5IGDZ-DCNFV7Y-I72BGZM-5L2OO7Y-4K5OTGZ-NILAS2V-BGSAUQW";
|
||||
"vno1-oh2".id = "W45ROUW-CHKI3I6-C4VCOCU-NJYQ3ZS-MJDHH23-YYCDXTI-HTJSBZJ-KZMWTAF";
|
||||
"mxp10".id = "LO54QZZ-5J3G62P-WUVM3MW-7J3VWHD-BG76TOQ-5S7PZSY-JU45K3I-X3ZL4AN";
|
||||
"rzj-744P2PE".id = "UW6ISH2-NW6X6AW-BJR76TV-TV3BIGZ-PA5QH2M-YEF567T-IWMHKD5-P3XHHAH";
|
||||
"sqq1-desk".id = "WJ5KGRS-AGDZ7SW-INIVWHR-Q4E5QX4-Y4TT2AK-QRJTOTL-2UHXX6O-5MUPGA2";
|
||||
|
@ -23,17 +22,13 @@ let
|
|||
Books = {
|
||||
devices = [
|
||||
"fwminex"
|
||||
"vno1-oh2"
|
||||
"mxp10"
|
||||
];
|
||||
id = "8lk0n-mm63y";
|
||||
label = "Books";
|
||||
};
|
||||
Mail = {
|
||||
devices = [
|
||||
"fwminex"
|
||||
"vno1-oh2"
|
||||
];
|
||||
devices = [ "fwminex" ];
|
||||
id = "66fmz-x6f1a";
|
||||
label = "Mail";
|
||||
};
|
||||
|
@ -42,7 +37,6 @@ let
|
|||
"mxp10"
|
||||
"fwminex"
|
||||
"mtworx"
|
||||
"vno1-oh2"
|
||||
];
|
||||
id = "f6fma-unkxq";
|
||||
label = "M-Active";
|
||||
|
@ -55,10 +49,7 @@ let
|
|||
};
|
||||
};
|
||||
M-Documents = {
|
||||
devices = [
|
||||
"fwminex"
|
||||
"vno1-oh2"
|
||||
];
|
||||
devices = [ "fwminex" ];
|
||||
id = "4fu7z-z6es2";
|
||||
label = "M-Documents";
|
||||
};
|
||||
|
@ -68,7 +59,6 @@ let
|
|||
"sqq1-desk"
|
||||
"fwminex"
|
||||
"mtworx"
|
||||
"vno1-oh2"
|
||||
"v-kfire"
|
||||
"rzj-744P2PE"
|
||||
"mxp10"
|
||||
|
@ -82,24 +72,17 @@ let
|
|||
"mxp10"
|
||||
"fwminex"
|
||||
"mtworx"
|
||||
"vno1-oh2"
|
||||
];
|
||||
id = "pixel_xl_dtm3-photos";
|
||||
label = "M-Camera";
|
||||
};
|
||||
R-Documents = {
|
||||
devices = [
|
||||
"rzj-744P2PE"
|
||||
"vno1-oh2"
|
||||
];
|
||||
devices = [ "rzj-744P2PE" ];
|
||||
id = "nm23h-aog6k";
|
||||
label = "R-Documents";
|
||||
};
|
||||
Pictures = {
|
||||
devices = [
|
||||
"fwminex"
|
||||
"vno1-oh2"
|
||||
];
|
||||
devices = [ "fwminex" ];
|
||||
id = "d3hur-cbzyw";
|
||||
label = "Pictures";
|
||||
};
|
||||
|
@ -108,7 +91,6 @@ let
|
|||
"fwminex"
|
||||
"mtworx"
|
||||
"mxp10"
|
||||
"vno1-oh2"
|
||||
];
|
||||
id = "tg94v-cqcwr";
|
||||
label = "music";
|
||||
|
@ -118,16 +100,12 @@ let
|
|||
"mxp10"
|
||||
"mtworx"
|
||||
"fwminex"
|
||||
"vno1-oh2"
|
||||
];
|
||||
id = "byzmw-f6zhg";
|
||||
label = "video-shared";
|
||||
};
|
||||
stud-cache = {
|
||||
devices = [
|
||||
"fwminex"
|
||||
"vno1-oh2"
|
||||
];
|
||||
devices = [ "fwminex" ];
|
||||
id = "2kq7n-jqzxj";
|
||||
label = "stud-cache";
|
||||
};
|
||||
|
@ -136,7 +114,6 @@ let
|
|||
"fwminex"
|
||||
"rzj-744P2PE"
|
||||
"mxp10"
|
||||
"vno1-oh2"
|
||||
"mtworx"
|
||||
];
|
||||
id = "evgn9-ahngz";
|
||||
|
@ -145,33 +122,23 @@ let
|
|||
Irenos = {
|
||||
devices = [
|
||||
"sqq1-desk"
|
||||
"vno1-oh2"
|
||||
"vno2-irena"
|
||||
];
|
||||
id = "wuwai-qkcqj";
|
||||
label = "Irenos";
|
||||
};
|
||||
www-fwminex = {
|
||||
devices = [
|
||||
"fwminex"
|
||||
"vno1-oh2"
|
||||
];
|
||||
devices = [ "fwminex" ];
|
||||
id = "7z9sw-2nubh";
|
||||
label = "www-fwminex";
|
||||
};
|
||||
www-mtworx = {
|
||||
devices = [
|
||||
"mtworx"
|
||||
"vno1-oh2"
|
||||
];
|
||||
devices = [ "mtworx" ];
|
||||
id = "7z9sw-aaaa";
|
||||
label = "www-mtworx";
|
||||
};
|
||||
www-mxp10 = {
|
||||
devices = [
|
||||
"mxp10"
|
||||
"vno1-oh2"
|
||||
];
|
||||
devices = [ "mxp10" ];
|
||||
id = "gqrtz-prx9h";
|
||||
label = "www-mxp10";
|
||||
};
|
||||
|
@ -212,28 +179,23 @@ in
|
|||
settings = {
|
||||
devices =
|
||||
{ }
|
||||
// (lib.optionalAttrs
|
||||
(config.networking.hostName == "vno1-oh2" || config.networking.hostName == "fwminex")
|
||||
{
|
||||
inherit (devices)
|
||||
fwminex
|
||||
mtworx
|
||||
vno1-oh2
|
||||
mxp10
|
||||
rzj-744P2PE
|
||||
sqq1-desk
|
||||
vno1-vinc
|
||||
vno2-irena
|
||||
v-kfire
|
||||
a-kfire
|
||||
;
|
||||
}
|
||||
)
|
||||
// (lib.optionalAttrs (config.networking.hostName == "fwminex") {
|
||||
inherit (devices)
|
||||
fwminex
|
||||
mtworx
|
||||
mxp10
|
||||
rzj-744P2PE
|
||||
sqq1-desk
|
||||
vno1-vinc
|
||||
vno2-irena
|
||||
v-kfire
|
||||
a-kfire
|
||||
;
|
||||
})
|
||||
// (lib.optionalAttrs (config.networking.hostName == "mtworx") {
|
||||
inherit (devices)
|
||||
mtworx
|
||||
fwminex
|
||||
vno1-oh2
|
||||
vno1-vinc
|
||||
sqq1-desk
|
||||
rzj-744P2PE
|
||||
|
@ -246,28 +208,25 @@ in
|
|||
folders =
|
||||
with folders;
|
||||
{ }
|
||||
// (lib.optionalAttrs
|
||||
(config.networking.hostName == "vno1-oh2" || config.networking.hostName == "fwminex")
|
||||
{
|
||||
"/var/www/dl/tel" = www-mxp10;
|
||||
"/var/www/dl/fwminex" = www-fwminex;
|
||||
"/var/www/dl/mtworx" = www-mtworx;
|
||||
"/var/www/dl/mykolo" = mykolo;
|
||||
"${cfg.dataDir}/annex2/Books" = Books;
|
||||
"${cfg.dataDir}/annex2/Mail" = Mail;
|
||||
"${cfg.dataDir}/annex2/M-Active" = M-Active;
|
||||
"${cfg.dataDir}/annex2/M-Camera" = M-Camera;
|
||||
"${cfg.dataDir}/annex2/M-Documents" = M-Documents;
|
||||
"${cfg.dataDir}/annex2/R-Documents" = R-Documents;
|
||||
"${cfg.dataDir}/annex2/Pictures" = Pictures;
|
||||
"${cfg.dataDir}/annex2/M-R" = M-R;
|
||||
"${cfg.dataDir}/stud-cache" = stud-cache;
|
||||
"${cfg.dataDir}/video/shared" = video-shared;
|
||||
"${cfg.dataDir}/video/Vaikai" = Vaikai;
|
||||
"${cfg.dataDir}/music" = Music;
|
||||
"${cfg.dataDir}/irenos" = Irenos;
|
||||
}
|
||||
)
|
||||
// (lib.optionalAttrs (config.networking.hostName == "fwminex") {
|
||||
"/var/www/dl/tel" = www-mxp10;
|
||||
"/var/www/dl/fwminex" = www-fwminex;
|
||||
"/var/www/dl/mtworx" = www-mtworx;
|
||||
"/var/www/dl/mykolo" = mykolo;
|
||||
"${cfg.dataDir}/annex2/Books" = Books;
|
||||
"${cfg.dataDir}/annex2/Mail" = Mail;
|
||||
"${cfg.dataDir}/annex2/M-Active" = M-Active;
|
||||
"${cfg.dataDir}/annex2/M-Camera" = M-Camera;
|
||||
"${cfg.dataDir}/annex2/M-Documents" = M-Documents;
|
||||
"${cfg.dataDir}/annex2/R-Documents" = R-Documents;
|
||||
"${cfg.dataDir}/annex2/Pictures" = Pictures;
|
||||
"${cfg.dataDir}/annex2/M-R" = M-R;
|
||||
"${cfg.dataDir}/stud-cache" = stud-cache;
|
||||
"${cfg.dataDir}/video/shared" = video-shared;
|
||||
"${cfg.dataDir}/video/Vaikai" = Vaikai;
|
||||
"${cfg.dataDir}/music" = Music;
|
||||
"${cfg.dataDir}/irenos" = Irenos;
|
||||
})
|
||||
// (lib.optionalAttrs (config.networking.hostName == "mtworx") {
|
||||
"${cfg.dataDir}/M-Active" = M-Active;
|
||||
"${cfg.dataDir}/M-Camera" = M-Camera;
|
||||
|
|
25
secrets.nix
25
secrets.nix
|
@ -9,11 +9,9 @@ let
|
|||
fwminex = (import ./data.nix).hosts."fwminex.servers.jakst".publicKey;
|
||||
mtworx = (import ./data.nix).hosts."mtworx.motiejus.jakst".publicKey;
|
||||
fra1-b = (import ./data.nix).hosts."fra1-b.servers.jakst".publicKey;
|
||||
vno1-oh2 = (import ./data.nix).hosts."vno1-oh2.servers.jakst".publicKey;
|
||||
vno3-rp3b = (import ./data.nix).hosts."vno3-rp3b.servers.jakst".publicKey;
|
||||
systems = [
|
||||
fra1-b
|
||||
vno1-oh2
|
||||
vno3-rp3b
|
||||
fwminex
|
||||
];
|
||||
|
@ -30,12 +28,6 @@ let
|
|||
);
|
||||
in
|
||||
{ }
|
||||
// mk ([ vno1-oh2 ] ++ motiejus) [
|
||||
"secrets/vno1-oh2/borgbackup/password.age"
|
||||
|
||||
"secrets/vno1-oh2/syncthing/key.pem.age"
|
||||
"secrets/vno1-oh2/syncthing/cert.pem.age"
|
||||
]
|
||||
// mk ([ vno3-rp3b ] ++ motiejus) [ "secrets/vno3-rp3b/datapool-passphrase.age" ]
|
||||
// mk ([ mtworx ] ++ motiejus) [
|
||||
"secrets/motiejus_work_passwd_hash.age"
|
||||
|
@ -44,26 +36,15 @@ in
|
|||
"secrets/mtworx/syncthing/key.pem.age"
|
||||
"secrets/mtworx/syncthing/cert.pem.age"
|
||||
]
|
||||
//
|
||||
mk
|
||||
(
|
||||
[
|
||||
fwminex
|
||||
vno1-oh2
|
||||
]
|
||||
++ motiejus
|
||||
)
|
||||
[
|
||||
"secrets/grafana.jakstys.lt/oidc.age"
|
||||
"secrets/vaultwarden/secrets.env.age"
|
||||
"secrets/letsencrypt/account.key.age"
|
||||
]
|
||||
// mk ([ fwminex ] ++ motiejus) [
|
||||
"secrets/motiejus_server_passwd_hash.age"
|
||||
"secrets/root_server_passwd_hash.age"
|
||||
|
||||
"secrets/headscale/oidc_client_secret2.age"
|
||||
"secrets/photoprism/admin_password.age"
|
||||
"secrets/grafana.jakstys.lt/oidc.age"
|
||||
"secrets/vaultwarden/secrets.env.age"
|
||||
"secrets/letsencrypt/account.key.age"
|
||||
|
||||
"secrets/fwminex/borgbackup-password.age"
|
||||
"secrets/fwminex/syncthing/key.pem.age"
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 gJrHQg OR/fAZgjLBSN431/gUSxn1A+vA6E0ETTkR4ydwAaLzE
|
||||
VjzeetIVmyrwU+YzhDnEGvM0wYbse9Em7ZabcLsN8FI
|
||||
-> X25519 mRknPEvsNr1Q10H22hsxgvWBO4hTCU3RId3E5fzhY2g
|
||||
vHOZePTZKkS+rARJTbJSinoUzh1oPRJ4MDtMQTHBBDM
|
||||
-> X25519 1wlwrYlzli8F2TojRJeDdom+XuQgyDQhfcur+Ocj1WY
|
||||
mDdCtwWY8bmd6U6p706cmie88q8rKhSapK8dgi5PrIc
|
||||
-> piv-p256 +y2G/w AmaR/iIFpnoB3QCdiH1NtTt1hfFMXqSnTe+k0Q0+lJhB
|
||||
KYiNyqj+DnZgYRUQanPl/qhamTpUtmPIeDdPKrP77gg
|
||||
-> piv-p256 jNqd3A A/SCCpfw4/4EXOHQHzJ2rE1COAEF7ggBhhNmP+Ef9Bpv
|
||||
4otVnd0JGgd0jMYyWNm1mKYXW/espDLI0iEZBK5+P6k
|
||||
--- 8alVQ7Pl+jAqvLgl0MKWdvq4UikUsCd1w9sB7UlFuNs
|
||||
°&T†ùiHÉÍçJ”q¢§Åïšõô§rYÖ<59>¤«ö¶.œÃ`àÑÅf‹¸<E280B9>”p
|
Binary file not shown.
|
@ -1,14 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 gJrHQg EmNriTVvK9aEEebsFyeTdPZA2dKmddYvK8H5Z6TKgz0
|
||||
3Iik4NW7bgpO2C/Q6AfdeRJmeNt5aM7Zj/se5MpvHWc
|
||||
-> X25519 BiqMfIg1Zc24uxSQ82PNeRwbLwJCDmFcOUQMq+TotSQ
|
||||
Ji1nhFBn3piy/H7U03FI8oCWvOeNjDxL4fjeDuzu2Do
|
||||
-> X25519 9AOm6hjGuzpcoNzfYpYgg3RgElmFVYprD/HYLAkRago
|
||||
6qFA8O2W0fV3mrhuEoP6jzYseRDIMhJsh6OgUT6isnc
|
||||
-> piv-p256 +y2G/w Ax/GV2Nbf/yDD51+7hW/jQ0xlBRSQHX1h58qJUwGs4nP
|
||||
RWBh6WzpIFcmgMek45RrigxyGSvG5Z6INJdnRtHCVDQ
|
||||
-> piv-p256 jNqd3A A5qj3xV0iP+u+e8gZdNx0Tfy5Bny89SiVEaYfIZDWl0k
|
||||
D6Q5RyYfXRXjT8zM5ai0f/Sh3Vw4lu22oPNjtJojSiM
|
||||
--- 0hTMU93cGLgFgjh07LhXL/JiBPU0W6hHROioDbzbQX4
|
||||
ä<EFBFBD>-Ù—Æ wOÆÀøþbŠ.^—$k!ŒyY{Їh´÷ˆãø;0(K¢[ôIrÇšè²ðíýœJÔˆùZqØV‚òŒÀ
|
||||
@½›Ò·Gˆ˜¶H,4Ë»dÞ€k<Î}Á<>Î&#W×Â>‰/8R †¹—3Ž¯fì<66>¡R1K(0@FWÈúŸîd]{b{Tqo¹c«áL[SÁši]jã±c¾¸hã» —¯dÄŸW–/@ó¢ñí^<S¥ˆuëÒ;Ì-ÕPåáÃ=6‡¯WýÙÞáJ3ÊDù黑ãç˜nÖ<>…œÉÑF±´àENd<06>pÚ¾E²4FZb¡F0$TÖµ¶ÚÚFº–çѲâdâŸp§{¦’ aº©ñT2Q‘*Ê£µÉ¬úOð¿tŽ/ÈC#UÖ{Ï¿™¼Î»hóñ
|
|
@ -1,13 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 qDkIVA 7DNpmO8sQI91v6Cyl9v9noicqH7gdfLEZcFTi2TlCGI
|
||||
rEMatBeq0gx+ZGX7Er+thAG6PcsRef8VO/caX7oufmQ
|
||||
-> X25519 aLdoDjolaCziXnKY+oFNhV5dIMaSxrpx0vWsS2XgU0o
|
||||
A4UWh9htKzj0aQr0rnKXVvRuV1RpwcZ+J/VFQFTD1oI
|
||||
-> X25519 3hlyOEWokr+bdPAUAq/8WT2dl0aXTQfFvuevlBQBcyo
|
||||
N5/Ueo7B9GehLgAAoIji2vHnRpxg5MpVSctr9axAgxI
|
||||
-> piv-p256 +y2G/w A4OgotQmfvTd9U6JSVjbXf9vAgTIY58jWCweiDKwYkVc
|
||||
i5D63wD6NROF9JNSVg3N/k5ZpDMDFOw0JVPkznrA1co
|
||||
-> piv-p256 jNqd3A A8veoJ7CB3dwytPd0zD0MqbonklZp2TKivgVTsCDRgUu
|
||||
A/bGFiUF4YR8iGjYiIznH9M0dgSnp7fK8nSX+B+U4gs
|
||||
--- csPiWaVdex21mvLxxNkvkg0zbILohsUJ3NaOcfjcj6c
|
||||
SR^ážØª:ù|ÏX{ÞP>o8<6F>D¯LØF}¡æÉ[žô]ëánS…%ú¿<–Þbà
|
Loading…
Reference in New Issue