vno3-nk: secrets

This commit is contained in:
Motiejus Jakštys 2024-12-06 01:28:23 +02:00
parent c2175a2b1f
commit 4e0e52df93
26 changed files with 115 additions and 103 deletions

View File

@ -48,6 +48,10 @@ rec {
};
hosts = {
"vno3-nk.servers.jakst" = rec {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBp3QL8p4AbuijEQX/uVHj6nkJ2/8qNSciL+Glydw2yK";
system = "x86_64-linux";
};
"fra1-b.servers.jakst" = rec {
extraHostNames = [
"fra1-b.jakstys.lt"

View File

@ -14,15 +14,15 @@ in
];
age.secrets = {
#motiejus-server-passwd-hash.file = ../../secrets/motiejus_server_passwd_hash.age;
#root-server-passwd-hash.file = ../../secrets/root_server_passwd_hash.age;
#sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age;
motiejus-server-passwd-hash.file = ../../secrets/motiejus_server_passwd_hash.age;
root-server-passwd-hash.file = ../../secrets/root_server_passwd_hash.age;
sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age;
#ssh8022-server = {
# file = ../../secrets/ssh8022.age;
# owner = "spiped";
# path = "/var/lib/spiped/ssh8022.key";
#};
ssh8022-server = {
file = ../../secrets/ssh8022.age;
owner = "spiped";
path = "/var/lib/spiped/ssh8022.key";
};
};
boot = {
@ -82,10 +82,8 @@ in
base = {
users = {
enable = true;
root.initialPassword = "live";
user.initialPassword = "live";
#root.hashedPasswordFile = config.age.secrets.root-server-passwd-hash.path;
#user.hashedPasswordFile = config.age.secrets.motiejus-server-passwd-hash.path;
root.hashedPasswordFile = config.age.secrets.root-server-passwd-hash.path;
user.hashedPasswordFile = config.age.secrets.motiejus-server-passwd-hash.path;
};
unitstatus = {
@ -200,10 +198,10 @@ in
sshKey = "/etc/ssh/ssh_host_ed25519_key";
};
#postfix = {
# enable = true;
# saslPasswdPath = config.age.secrets.sasl-passwd.path;
#};
postfix = {
enable = true;
saslPasswdPath = config.age.secrets.sasl-passwd.path;
};
#friendlyport.ports = [
# {
@ -212,8 +210,6 @@ in
# tcp = with myData.ports; [
# 80
# 443
# soju
# soju-ws
# prometheus
# ];
# }
@ -243,12 +239,10 @@ in
firewall = {
rejectPackets = true;
allowedUDPPorts = [
53
80
443
];
allowedTCPPorts = [
53
80
443
];

View File

@ -7,13 +7,16 @@ let
};
fwminex = (import ./data.nix).hosts."fwminex.servers.jakst".publicKey;
mtworx = (import ./data.nix).hosts."mtworx.motiejus.jakst".publicKey;
vno3-nk = (import ./data.nix).hosts."vno3-nk.servers.jakst".publicKey;
fra1-b = (import ./data.nix).hosts."fra1-b.servers.jakst".publicKey;
mtworx = (import ./data.nix).hosts."mtworx.motiejus.jakst".publicKey;
vno1-gdrx = (import ./data.nix).hosts."vno1-gdrx.motiejus.jakst".publicKey;
systems = [
fwminex
vno3-nk
fra1-b
vno1-gdrx
fwminex
mtworx
];
@ -41,10 +44,20 @@ in
"secrets/vno1-gdrx/syncthing/key.pem.age"
"secrets/vno1-gdrx/syncthing/cert.pem.age"
]
// mk ([ fwminex ] ++ motiejus) [
//
mk
(
[
vno3-nk
fwminex
]
++ motiejus
)
[
"secrets/motiejus_server_passwd_hash.age"
"secrets/root_server_passwd_hash.age"
]
// mk ([ fwminex ] ++ motiejus) [
"secrets/headscale/oidc_client_secret2.age"
"secrets/grafana.jakstys.lt/oidc.age"
"secrets/vaultwarden/secrets.env.age"
@ -61,6 +74,7 @@ in
[
fwminex
vno1-gdrx
vno3-nk
]
++ motiejus
) [ "secrets/fwminex/borgbackup-password.age" ]

Binary file not shown.

View File

@ -1,14 +1,13 @@
age-encryption.org/v1
-> ssh-ed25519 fqSa6A vkzEjlu5SxTwc6QOXnynr63um19SMVffucFTCBKH+00
EqLxaYyoqPqjs0yPWsSSKgGDFFWAValUu5reQyCqGfU
-> X25519 itBokxotWcejFCPktgN4lrINkXwJ00bkTbVD0Iqa6C8
ZQNrZO5BInuD4dNNoKVJ1KVDoiCI3DNee4NojnmxrC8
-> X25519 AAH7TI4i4gzsd6ZPIC+0kLm0K1kYVyadcO8vOQmYEyY
UZdhO/sX8UvNKGKzDoBC7FMMEe9lyojjyUnmJTJH0CI
-> piv-p256 +y2G/w AyKX7wi9OY3mHoI9D+42thO6Pnj44fnFGIp4XNvWCoyG
UEONPpaB6SDnSB29Yp6gsY1QGDCbsIr+xtP2Yp7H8ZE
-> piv-p256 jNqd3A A3YlBGtsD6Yu3CteMTC671MdR+Fg2ZOkgSFasBo99KC0
lxAYgK3yBs9ApFK18DdHVZ/7g1Ot7QVC8J7Y5U9Vvy0
--- acJ6eThO4B/GcMY7feAKDpvoRcK1LrOaNXNMtMrnpjo
6コ<EFBFBD>。{2韲0<E99FB2>bFスメQ<EFBE92>セ*ネ鎹Lミニヘ
<EFBFBD>mTRb+gマ犢ワw<EFBE9C>轎坪sPサlメ;跚=ネ妲xユ|タ<>g玄攬CィcЮwト蝣-
-> ssh-ed25519 fqSa6A zBE91VMJiFQqtIOo9wc70kHIb+ISugITzIbtXzbnMV4
3suBck77JiCRiEzxMHoMEVgug05s8fV4gurwNS/I26A
-> X25519 WXDyIdP1lV0IaoW5okBVQphu0GHAxNhCCS/5uxgp2Cs
h5rXmCKC6tFEw8ZJ84TbKY80np0eTqjg60Sbb0waiJU
-> X25519 PpHRfpv7p9HWPFBxO42D/3//0eiQmFLwHK6OPwZsRnI
rcyeqQ0o9cqRNU/CcpxnX/gIkm5mwbI8IleQrwcW6dI
-> piv-p256 +y2G/w AqNviaDjTA/B8NAnqMkMoxTSnD9BC2BFshRWBIQc+49J
meE2k1uR3DURxfkSluCy5Qlm1TpaAggE5p6qf+Ozkzs
-> piv-p256 jNqd3A ApGmH6rAxjCU3DPPgQQf/QZZQ/BCHrSElNYM8+3GQ7bN
6DVAgICf2NHCvAJVcNZiN8Wv5CXO26m7zFN/6NVgAu0
--- rtgu3vdqhJS07cH6kotCS9Pjbs5z/JujFYcKNKbLzEc
&FäLhå<68><C3A5>å~Œ—x¾ðê=T¼Xî U4 )]¬}{zL_c"×3Œœ<C592> ,õ)~¯‡ä7BÄ'ѯÄHñÐJÎÈFt ÑŽ«=ÍI©Òûd

Binary file not shown.

Binary file not shown.

View File

@ -1,14 +1,13 @@
age-encryption.org/v1
-> ssh-ed25519 9Chcgw e6Ftaujn/2jQOgYC0zWhYYiGc8fKG4QkxNn1mlYiGmg
mNbr/AbulN81OM4o+FpS8EMnLAuOvNjoq1x5oKXrR44
-> X25519 gdB/mkq3Y4euAPjej+pDnhzt87DcgRRcHmvhhOgHrxo
b0qj3dWelcl5EPQGsbRslcMRGdaep8ir48OOCr3X7yE
-> X25519 BBhB6/vkv2yiwthgeU7+0YXYBj9whHXzmy5xwGjlpX8
cZQnd5STj3qEHWk/Wyc3ygfptqdyjhJrUD9LOt/kLWc
-> piv-p256 +y2G/w AzoPu8jl3VAT5MxhW5jyCPtcJaYsu6C9c1BQy7Vs7tzV
LDebGsA1BM8Uu5j48rCjStyk0xOW2eamRlxfYdediyU
-> piv-p256 jNqd3A AopMdDcVcBrvD4lDkCF+KVZByW15aW7qj+9pVQq5dSB1
2Tqgpdd+ZY4Bt7eZQy7TrHwGu5TEelqwaYPQb2Ciwb4
--- cPSDVYY1HLnc1epS1zs9BSGD3aHMjC7lHt1UxifGfEU
@p:8±è_¤ÐŽÖ\h¢ÿ4 ©'·’õ^ïz<C3AF>$—Ñ¢¬œ<C2AC>MJÇnr
A(¥v“æÅ+'H.Kóë<C3B3>ôÊÿ°Z+Hæ žEö Ö?˜‚æ'S;í¶X¡¶fÈ/4ô™ÚáaÖÚ!
-> ssh-ed25519 9Chcgw N3SE02LA3QLD0Ld3aNiTpAOrsw3yvUOlboJR5mMKuTg
s/CFAS63qcNuxmRf+SaSbpRfHQvD1O6/SWQ4MslMNYY
-> X25519 IW/Xb2FxepsoqxUFp3bhDVqL5HFEM6nEaPDH3ixusUQ
fsdRLmxtHz7Y5oSbDYNRmahIzgP+/NgOywG6KnHkiwY
-> X25519 jZwiQp8uxrgVAwty2pY5jCZ8Dn22NUMyoVyyYnhsEBM
2iDU88sBzSKY/RJrsEd09sHLp5ekvTAjFyrYQni4ROE
-> piv-p256 +y2G/w AnvSJUgIrY8y7VxJqn+Wi8b5ys0ACHZLSoa5G5l+u+SS
e3QDyXruLmD1WXfaekHXUT5oO3iSTsOmUksagTNsdcg
-> piv-p256 jNqd3A A0cef+7HYNKzW4lsnYfnsJUe2So/CaQ5MpF5A/zGxqkl
sd7c/EV17vmoxYvdGN5WSekN2tJCxeMX6v5tWd2zafw
--- 6cSBTUDtX9ejadbPNc/jSseoQ14XBYD9q4XK+/iKK2k
†;âŒ4ú眼?•j2@‰[„…ÊЄÉ+•«¡Zñ äzècF^‡„†V'œÉ±”T3ãÉò™ª Ûßâ —¨‹e¢ûŠ»ïµ•ž~D~N+!Šœ) ºìH˜9i8É

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -1,21 +1,22 @@
age-encryption.org/v1
-> ssh-ed25519 2jMHjA ivxxZCP0pB8P8J02Brzu8EoHRoXL3oRoCGv7m+5xX0Q
muvYIGox00sCA/WICIZmNB/RdLocS+iTs2ocAXEqXAo
-> ssh-ed25519 lDWJbA 9WpjDCVudgIbH78RPeKwvN2xkLOqAx6YbnbE8RbA8ko
YvPdopoicFf7Tfruk12y76i8xpFvUl2n/cToh45DQIc
-> ssh-ed25519 CBqt6Q d9Tpq9gyP38xJBvURoXy85cgJH++UtVwfNKUbYidsVE
WgbfETQOtUhoCdPaZ1FKgx4FSmDw7jhVlvUMZDyKHnE
-> ssh-ed25519 fqSa6A KkIdpcDOlF4CicwcTO2UkCEkGFSNRo+3p8T4l9Ss7XQ
+c4qHZyOux0i+DdDmngirhr9wE1W4AHHd2RdYy4rVB4
-> ssh-ed25519 9Chcgw +mCcOz+fcKmdMkjwa6JxJOc9xQ48IqD/NKf9F7EYgwM
O2Rc9iW0RMizH0r9oCxmkX01Hzn0AX2K5VZZ+nN4UsA
-> X25519 xZhtGrPBhEti8V+4zcCdziSNSxPiMJ6sfJ3agOd9PDU
ukKdeOUq4i/RVn0je0XnooreJ2OimtZfSxXtO8XS8qA
-> X25519 zRTFsvowgy33YiGDmDYlfryGWkTb5fwMnYRLlhZuSw8
UcbV+GctYgGLgeu995Av0uYAnZOAqBLZby8I76/V4PE
-> piv-p256 +y2G/w AnS9ssCqkdJyE1pcNcZiCpS0MPR1AXhbRuQsY7kto9xI
MaB9cYL8xGeQmOQGLvbww8jsj9RpfckeeZiegucVP8A
-> piv-p256 jNqd3A A7OQYYCAHpFbESaii/yoG2PueSNdzTSfvPJu41NPjBHg
yt7Fvh9hP0iJ3wp8sLxVrQ9qr3t92jpy02LpBS2rWk4
--- Mqu5TmDek3VavBSkmR9mLtkfO2Fm+9teDLTmf56n5Wg
<EFBFBD>2PWť¦P±öD<EFBFBD>dT@¦#ˇU'ęL×5}65;JÚDęäb©Q¬fik„]Ů<>ŕq Wt~G]y‰<Ż*÷Đn°ŐĂ?SśÍ¨_†kć$ű519q⣚śjźöŹĐźt4ň`¦ş42<05>ˇd4Ó{ňCĂWÖ×Múěĺ0¸lÎď”VňŐd\
-> ssh-ed25519 fqSa6A kCMyCIP3S8uwR1gz10N7/oNu0u6WFFaVHZFfl5f4jX0
5/JszOJJOs7zpMAehErbwdBSwTDutyuZPB1/1VJ4OPw
-> ssh-ed25519 wPuT4Q SIkWzsJ/d9G+NcG+55d/mtEnAomyaBoF4jHHsDacmwk
A49D++mbNFkOY6dP72XjGeb59MlscD9DBbzjv7Y68xY
-> ssh-ed25519 2jMHjA XvJVk8VjQFMB8PKtDYZAbzGGoyZAn/Y8BEFRZ3jwU1k
mPOATnl2Gfz5Ph5azWcF+ZiYz/L9JULWYGKKDik2+tI
-> ssh-ed25519 lDWJbA Gk0EwZnK8eF9rJT6FHHo+Gspnzxfp0jlhTq68Fxg0Q0
wc0WPgeF+0ACQtFX518mLoAUP/QtNiiOyBvhPEC6eEU
-> ssh-ed25519 9Chcgw ns7DDai0+TdVyE4k0q526SZsr2icNZo6jrJzykwAH1Q
HOrot4SbZT80uB9oSfTmAJG8oy1QzVWTn8OU/h4SY68
-> X25519 /R7nJbYYlmCkr3H/rqzC/CWzx4QMYE3WPz5E3v4752o
S7PUOwv2DYj33PyjtmSDJP0g0qLWRmK+ExHwEKd9GvY
-> X25519 1ci34pSYwVHisHUzXwtDRA9aKPdjaXO7SuXXbfnaUVs
QVzfrL7EcsgB76zrEVgdeHX/xe20m1is5UH1XL+Cufo
-> piv-p256 +y2G/w A1YGECRmTq3E7JNchjhZy6LhkG+SV5DKZEI5EEujk09x
48NnyBJghILHUmCAiL5Mno+w95GzbdXmmN2Hyu4dpko
-> piv-p256 jNqd3A ApewmfnjpS+Tx4r6f3h1cwa+9gAxlNPs//EELkTBbe47
FuJuABg5Et2vjhEV3r19kJ4oHIJ5D8iMOaHsEOE4TgA
--- r25NrLp40CZT5vX1LKeyMR8+5YLsG7wQfA4Y6FJrfoI
^7ºëmŽGqO01¤Êf.B@ ¶=(aA¬Üu pŠ£/ V¢¯ç@Ñì©Ý,0WÝx¬ ´Í
¡/Ï¿!¾³Ñ§š3e<33>ewj=¼g6k”ƒƒÎXõÿ7Xú²€<C2B2>ˆÞWÕ8Ú«Â-I»«r/)Ã<>Kžèc)¨:o¾

Binary file not shown.

Binary file not shown.

View File

@ -1,21 +1,22 @@
age-encryption.org/v1
-> ssh-ed25519 2jMHjA LwcWJJsE+Bxp8jh8SEBWP9uvCzSZmoZS4ZMl9uJMPAI
fep9NQNMXRWMzr1aMxEoyBxDrtoEseiOYIASvbwqWzE
-> ssh-ed25519 lDWJbA gTK00r+NKJ8gH95x6S1hztsfXFRSFIRY9iE4JhXO2w0
gkzvdNWKhmivbvMBXcHjK45YS5LS/to6CxavhTvdMQ8
-> ssh-ed25519 CBqt6Q 4T7LQ/OiH9TCN32Ts6R27iQUua7CZI8mSzB0Ug8vXwY
wfNRUMgA4QhBaRk1NDHxowS5xw7mdDjYGqsqMEJhNCw
-> ssh-ed25519 fqSa6A h1xUFF4cbMu0WroXtf0SHQWGb/hiqgveE0yawoPjvy4
RJLxwdrgrfyzVYYpwAiI6VH0vx+pcL57JWZwL/FttEE
-> ssh-ed25519 9Chcgw lqtnkWmVgqjQHFDakzOaJMEIY0Y3bRXTzIilNFWmSSk
nOEDJ7rFyfs2Bmt6LDAJ2ebsGuTSA4ukqgJRnSPi8yw
-> X25519 mp/GibjENvRmB/LTqx9wxAr/Ud96Ay/xebYxuJc+9Fg
iEUgyYZRWGjYc9jXLbrwpMlRn80xo2QX3uKyrs3gUb8
-> X25519 ssEKm23YzhCwEru9uAvJusZgXhzLNMBpPyOfI2dMRRw
BmFN6tRXLGPnX9STBspq6lJRU3iWCdB8G05cS51VLX4
-> piv-p256 +y2G/w A6zPbX9nW+T1aGKpcsi8dqVR6/STS4Fk9fW/AxcppdJC
AVAi2EU7Vs/2pnIjP3MmMtZaKMHMlSz6fKfa7hdMrSw
-> piv-p256 jNqd3A AibOWW5KGacF2bXaHn95WyczuWWfAu+VJS48blfTfDD8
ir1xhw2j5DUMeff2rUxmqrMWSD6ueKP2BdxB4eKCtlQ
--- EidnuJylAMuaYDBsFOkNCsLNkoTtIxuBz49EK0k3mNo
÷˜Šfe<EFBFBD>0ÛšË]ufÃq5AýÙéiO">7BÙ¾9®#É×[Œ™*cŸ÷Ô»è´CÁl‰û<E280B0>¦ó
-> ssh-ed25519 fqSa6A T8lhYerhshY1uNhR0prP5u/2JpN6TvPEjheXkXZhAlY
Sy0mxWX1/64RIspfTs9tAADl+Nsr4JBcix90JYOB6Pg
-> ssh-ed25519 wPuT4Q J2etBgJbNwPauRfV/MBtZuxp9gG1oQtMMuIg9E+aslQ
a6f+Im+zHWur/isXtJcLuA5Elr61Clpqb2Fy0UwmFt0
-> ssh-ed25519 2jMHjA z0xJyfWgmW2LPHJ9D0ApMZlAu+JUostpfQLO6q7XCgY
T20/fpon/DpE88KsY9S+ZtX+OZRbrlitgOfBQyYF2fQ
-> ssh-ed25519 lDWJbA LYIphe1na+PxjjHPy8gMKJa27+WLPh079sFPNwFJkjE
pbbrlPyiqNDulkovbrVIiFtWyniHT4F2nWPuMXSWEg8
-> ssh-ed25519 9Chcgw RbCNSVbWwm4iPo24/SLzGv5apLPd0i27F8/qAcR4oBg
IkVhn4wcPbkzE2NOb/pFFtuEU3rofhUCnU0YZbhyqcE
-> X25519 CXM1OGbLhzHwNSdHCpviDfh2AmNeg1Mu18VlaWzyCjM
GVihb+vzOFVuKluOe4Cpbsmf0Xjcsf/tYMy50VBiPDo
-> X25519 bL1zTtWYoMk7SN8I6Z6g+38vpoZBv8UZwKAoEQZEEHk
OvFd6mRUplm8KA6Oajk7Z5coGFtr95dXKaPpEUMmMq8
-> piv-p256 +y2G/w AuF+D+vJJKo79Px3824h3ZbSn7GhEpFqRWV5Ur9jzwq9
9QgnIW3wvrUjoLEepgDxQfx3mxEbJ4lfkZ39u+oQEqc
-> piv-p256 jNqd3A AwKa/LZekyL/X2oRzK9Mi8wTR+uoF/ozHe//UfbOk7nT
K2/jx9kMRKAcx1Ai9JEOGwkFQYELrGWaCOcASP8PFmQ
--- S/g6SW23ZUVCwI/ySseQ/Wg7BJXMXMw2+UMjcZ3uGhM
ðéž<>HKÜ5gÍú&
oåÄ7¨<EFBFBD>þº¯±A÷<EFBFBD>ˆhÓÿÓÅzágßïëÊkÕ<6B>8Ik¬óZ˜?HÜÁ·ãÆ<C3A3>

View File

@ -1,13 +1,13 @@
age-encryption.org/v1
-> ssh-ed25519 fqSa6A xOQfoBY8vRV7fnHmkglp5OYDdNQtlkgFycX+Zgp91mk
bdvJHNQAvh+OCw40ZwnEc9kD74Jm9MjzsaHCeR3aUCA
-> X25519 od8EqA2W47NR3ontq1tF1UG0h+Fdqn8ggl+sbNlvogs
aS1IS4+9zf2SixFiJim3I8oT6A1nw1CRxykHiqGcbq8
-> X25519 mLa/ONmX9FYnabZOAeU5ECpzPXdGoPBxa+vrVS6w8R4
L2ygjgcZh0VcwwXyFKtHv3F3sROqt66FX7tiRC+LpWI
-> piv-p256 +y2G/w A4dPtj4DXf2PDmxBP7t/V7yuKsFHd1z1LxxzgA/GG0QL
INlKZUt3T9IB6i4OhQHgpvc4mHsMhQtA+4S/eUIk8WA
-> piv-p256 jNqd3A A1BydHPL/qEUdFS1e5KhtfUnRkdTz/w5E8gduMGPZIDP
fSR70djujNO6pMNvGMSI9ElC/0X+d6/gHo4wKeToPaw
--- 2ZMYImjwt2wDxfBzhgUmyRLepUs1AZsf+5tqqwQhOsk
qAâTðª嶱<C2B6>qJ <0C>-÷oáÔÔ)š?!é-¦#¤´ÃiyL9x:˘û3(t·'¥9ó Ëuߎ& \Š£¥Ë]âJѳ³¢ÀôŸ¡Ï5 úK“õ]}ò°
-> ssh-ed25519 fqSa6A 67s9oWA8NIQYmkHa3YHB5Pu+qak6zuHGNhSEHboOGUk
Fhuqd/SYCf108tEc1OPp/kS72og6l3Jn9AxbzYWdlTs
-> X25519 m7eLXSKgoPhO1oQSBUQkk2Lij7cE7jyfHnU1GLrhvw0
zmaha0sJ/UuSN8o6ltcfmnQN/lLtyKZDwtb8Qa6Xqy0
-> X25519 QHHLK0tx+s+K9ysQAjf6yqv4xY1TQaN/N5Upt/0rDEI
yr6uD8v+QNP7fTKT2uiLVdD3BstJWH5fD7sUbaImLes
-> piv-p256 +y2G/w Ay99KiaLBfpUSxyzk0Xcj+9vcWH3y79rn0mF/y2yMgL/
3LmIU7iGTYtJinSBACqpnL3c7Ri5tjb5eMBacKC4/80
-> piv-p256 jNqd3A A0ZiveXtr4qvF8mTvR9W9qhiQ2kF9gHaFu5H+Pms3Rt0
FoCK0J2uZUKeAiwYO1AGB6p/BRYOWmAC0qbvuyMoe/c
--- ToWxQoeEexs7OvW+kKeA1k/hw4wxRpwihlddGxPkQeU
yĘDl­ÝÜyđŃĘ÷_(/H[_Ňáń>|†D<E280A0>b\ĺFľqé#<23> 3q<33>ëŹ3F‘čV}*ˇ·ö<C2B7>FÍŮźňŠ3T™Ö¤ž]'ŞÖvuÓ{<7B>w‰ĎĚ™v;\jJ

Binary file not shown.