scaffolding
This commit is contained in:
commit
065bc4f683
30 changed files with 1330 additions and 0 deletions
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
|
@ -0,0 +1,2 @@
|
|||
result*
|
||||
.*swp
|
343
flake.lock
generated
Normal file
343
flake.lock
generated
Normal file
|
@ -0,0 +1,343 @@
|
|||
{
|
||||
"nodes": {
|
||||
"agenix": {
|
||||
"inputs": {
|
||||
"darwin": [],
|
||||
"home-manager": "home-manager",
|
||||
"nixpkgs": "nixpkgs"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694793763,
|
||||
"narHash": "sha256-y6gTE1C9mIoSkymRYyzCmv62PFgy+hbZ5j8fuiQK5KI=",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "572baca9b0c592f71982fca0790db4ce311e3c75",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"base16-schemes": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1680729003,
|
||||
"narHash": "sha256-M9LHTL24/W4oqgbYRkz0B2qpNrkefTs98pfj3MxIXnU=",
|
||||
"owner": "tinted-theming",
|
||||
"repo": "base16-schemes",
|
||||
"rev": "dc048afa066287a719ddbab62b3e19e4b5110cf0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "tinted-theming",
|
||||
"repo": "base16-schemes",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"deploy-rs": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"utils": "utils"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694513707,
|
||||
"narHash": "sha256-wE5kHco3+FQjc+MwTPwLVqYz4hM7uno2CgXDXUFMCpc=",
|
||||
"owner": "serokell",
|
||||
"repo": "deploy-rs",
|
||||
"rev": "31c32fb2959103a796e07bbe47e0a5e287c343a8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "serokell",
|
||||
"repo": "deploy-rs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1668681692,
|
||||
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"home-manager": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"agenix",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1682203081,
|
||||
"narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"home-manager_2": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694643239,
|
||||
"narHash": "sha256-pv2k/5FvyirDE8g4TNehzwZ0T4UOMMmqWSQnM/luRtE=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "d9b88b43524db1591fb3d9410a21428198d75d49",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-colors": {
|
||||
"inputs": {
|
||||
"base16-schemes": "base16-schemes",
|
||||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1682108218,
|
||||
"narHash": "sha256-tMr7BbxualFQlN+XopS8rMMgf2XR9ZfRuwIZtjsWmfI=",
|
||||
"owner": "misterio77",
|
||||
"repo": "nix-colors",
|
||||
"rev": "b92df8f5eb1fa20d8e09810c03c9dc0d94ef2820",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "misterio77",
|
||||
"repo": "nix-colors",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-formatter-pack": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs_4",
|
||||
"nmd": "nmd",
|
||||
"nmt": "nmt"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1689022371,
|
||||
"narHash": "sha256-+jxvMYzmzKaGFh7VDgKBmdP1ZBaGhdzL5WZaspdKpTA=",
|
||||
"owner": "Gerschtli",
|
||||
"repo": "nix-formatter-pack",
|
||||
"rev": "d974547b3d7c7ce2975dc120ef3bc53f9dd61127",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "Gerschtli",
|
||||
"repo": "nix-formatter-pack",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-index-database": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs_5"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694921880,
|
||||
"narHash": "sha256-yU36cs5UdzhTwsM9bUWUz43N//ELzQ1ro69C07pU/8E=",
|
||||
"owner": "Mic92",
|
||||
"repo": "nix-index-database",
|
||||
"rev": "9d2bcc47110b3b6217dfebd6761ba20bc78aedf2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "Mic92",
|
||||
"repo": "nix-index-database",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1677676435,
|
||||
"narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-lib": {
|
||||
"locked": {
|
||||
"lastModified": 1680397293,
|
||||
"narHash": "sha256-wBpJ73+tJ8fZSWb4tzNbAVahC4HSo2QG3nICDy4ExBQ=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "b18d328214ca3c627d3cc3f51fd9d1397fdbcd7a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1671417167,
|
||||
"narHash": "sha256-JkHam6WQOwZN1t2C2sbp1TqMv3TVRjzrdoejqfefwrM=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "bb31220cca6d044baa6dc2715b07497a2a7c4bc7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1694422566,
|
||||
"narHash": "sha256-lHJ+A9esOz9vln/3CJG23FV6Wd2OoOFbDeEs4cMGMqc=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "3a2786eea085f040a66ecde1bc3ddc7099f6dbeb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 1669933672,
|
||||
"narHash": "sha256-9nzaATSTmEMpTrx+7j3vVwQkcpu9JMkQ1M08iPtu7m4=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "da12bb299b2941299b1de24fbd92c5dd35de40e9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "release-22.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_5": {
|
||||
"locked": {
|
||||
"lastModified": 1694767346,
|
||||
"narHash": "sha256-5uH27SiVFUwsTsqC5rs3kS7pBoNhtoy9QfTP9BmknGk=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "ace5093e36ab1e95cb9463863491bee90d5a4183",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_6": {
|
||||
"locked": {
|
||||
"lastModified": 1694972439,
|
||||
"narHash": "sha256-LXkr3gvhm9u+h+RqZB51XQeZQww/wD5QRnDDMq91QZM=",
|
||||
"owner": "arachnist",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "3a369a4140123299311eb6e4a5b430fc52d4ce9e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "arachnist",
|
||||
"ref": "kea-json-includes",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nmd": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1666190571,
|
||||
"narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=",
|
||||
"owner": "rycee",
|
||||
"repo": "nmd",
|
||||
"rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169",
|
||||
"type": "gitlab"
|
||||
},
|
||||
"original": {
|
||||
"owner": "rycee",
|
||||
"repo": "nmd",
|
||||
"type": "gitlab"
|
||||
}
|
||||
},
|
||||
"nmt": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1648075362,
|
||||
"narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=",
|
||||
"owner": "rycee",
|
||||
"repo": "nmt",
|
||||
"rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae",
|
||||
"type": "gitlab"
|
||||
},
|
||||
"original": {
|
||||
"owner": "rycee",
|
||||
"repo": "nmt",
|
||||
"type": "gitlab"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"deploy-rs": "deploy-rs",
|
||||
"home-manager": "home-manager_2",
|
||||
"nix-colors": "nix-colors",
|
||||
"nix-formatter-pack": "nix-formatter-pack",
|
||||
"nix-index-database": "nix-index-database",
|
||||
"nixpkgs": "nixpkgs_6"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"locked": {
|
||||
"lastModified": 1667395993,
|
||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
"version": 7
|
||||
}
|
65
flake.nix
Normal file
65
flake.nix
Normal file
|
@ -0,0 +1,65 @@
|
|||
{
|
||||
description = "Nibylandia configurations";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:arachnist/nixpkgs/kea-json-includes";
|
||||
home-manager.url = "github:nix-community/home-manager";
|
||||
nix-colors.url = "github:misterio77/nix-colors";
|
||||
nix-formatter-pack.url = "github:Gerschtli/nix-formatter-pack";
|
||||
nix-index-database.url = "github:Mic92/nix-index-database";
|
||||
deploy-rs.url = "github:serokell/deploy-rs";
|
||||
agenix = {
|
||||
url = "github:ryantm/agenix";
|
||||
inputs.darwin.follows = "";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, nix-formatter-pack, nix-index-database, deploy-rs
|
||||
, agenix, ... }:
|
||||
let forAllSystems = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ];
|
||||
in {
|
||||
# forAllSystems (system: nixpkgs.legacyPackages.${system}.nixfmt);
|
||||
formatter = forAllSystems (system:
|
||||
nix-formatter-pack.lib.mkFormatter {
|
||||
inherit nixpkgs system;
|
||||
|
||||
config = {
|
||||
tools = {
|
||||
deadnix = {
|
||||
enable = true;
|
||||
noLambdaPatternNames = true;
|
||||
noLambdaArg = true;
|
||||
};
|
||||
statix.enable = true;
|
||||
nixfmt.enable = true;
|
||||
};
|
||||
};
|
||||
});
|
||||
|
||||
nixosConfigurations = {
|
||||
scylla = nixpkgs.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
modules = [
|
||||
nix-index-database.nixosModules.nix-index
|
||||
agenix.nixosModules.default
|
||||
./nixos/scylla/configuration.nix
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
deploy.nodes.scylla = {
|
||||
fastConnection = false;
|
||||
remoteBuild = true;
|
||||
hostname = "i.am-a.cat";
|
||||
profiles.system = {
|
||||
user = "root";
|
||||
sshUser = "root";
|
||||
path = deploy-rs.lib.aarch64-linux.activate.nixos
|
||||
self.nixosConfigurations.scylla;
|
||||
};
|
||||
};
|
||||
|
||||
checks = builtins.mapAttrs
|
||||
(system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
|
||||
};
|
||||
}
|
595
nixos/scylla/configuration.nix
Normal file
595
nixos/scylla/configuration.nix
Normal file
|
@ -0,0 +1,595 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [ ./hardware-configuration.nix ];
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
boot = {
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
kernelParams =
|
||||
[ "arm-smmu.disable_bypass=0" "pci=pcie_bus_perf" "iommu.passthrough=1" ];
|
||||
# Setup SFP+ network interfaces early so systemd can pick everything up.
|
||||
initrd.extraUtilsCommands = ''
|
||||
copy_bin_and_libs ${pkgs.restool}/bin/restool
|
||||
copy_bin_and_libs ${pkgs.restool}/bin/ls-main
|
||||
copy_bin_and_libs ${pkgs.restool}/bin/ls-addni
|
||||
# Patch paths
|
||||
sed -i "1i #!$out/bin/sh" $out/bin/ls-main
|
||||
'';
|
||||
initrd.postDeviceCommands = ''
|
||||
ls-addni dpmac.7
|
||||
ls-addni dpmac.8
|
||||
ls-addni dpmac.9
|
||||
ls-addni dpmac.10
|
||||
'';
|
||||
kernel.sysctl = {
|
||||
"net.ipv4.conf.all.forwarding" = true;
|
||||
|
||||
"net.ipv6.conf.all.accept_ra" = 0;
|
||||
"net.ipv6.conf.all.autoconf" = 0;
|
||||
"net.ipv6.conf.all.use_tempaddr" = 0;
|
||||
};
|
||||
};
|
||||
|
||||
age.secrets = {
|
||||
wgNibylandiaScylla.file = ../../secrets/wg/nibylandia_scylla.age;
|
||||
wgDN42Scylla.file = ../../secrets/wg/dn42_w1kl4s_scylla.age;
|
||||
ddnsKeyKea = {
|
||||
file = ../../secrets/lan/nibylandia-ddns-kea.age;
|
||||
mode = "444";
|
||||
};
|
||||
ddnsKeyBind = {
|
||||
file = ../../secrets/lan/nibylandia-ddns-bind.age;
|
||||
mode = "400";
|
||||
owner = "named";
|
||||
group = "named";
|
||||
};
|
||||
};
|
||||
|
||||
networking.hostName = "scylla";
|
||||
networking.wireless.enable = false;
|
||||
|
||||
time.timeZone = "Europe/Warsaw";
|
||||
|
||||
systemd.network.enable = true;
|
||||
networking.useNetworkd = true;
|
||||
networking.useDHCP = false;
|
||||
networking.interfaces = {
|
||||
eth0 = {
|
||||
useDHCP = true;
|
||||
macAddress = "50:7b:9d:b5:fa:e8";
|
||||
};
|
||||
lan = {
|
||||
ipv4.addresses = [{
|
||||
address = "192.168.24.1";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
eth1 = {
|
||||
ipv4.addresses = [{
|
||||
address = "192.168.20.1";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
};
|
||||
networking.nameservers = [ "192.168.20.1" ];
|
||||
networking.vlans = {
|
||||
lan = {
|
||||
id = 10;
|
||||
interface = "eth1";
|
||||
};
|
||||
};
|
||||
networking.wireguard.interfaces = {
|
||||
wg-nibylandia = {
|
||||
ips = [ "10.255.255.2/24" ];
|
||||
privateKeyFile = config.age.secrets.wgNibylandiaScylla.path;
|
||||
listenPort = 51315;
|
||||
allowedIPsAsRoutes = true;
|
||||
|
||||
peers = [{
|
||||
publicKey = "xwTYtejNZCtOyPMNcZVlsBIGYae6aUQczh7UwujLxXg=";
|
||||
allowedIPs = [ "10.255.255.0/24" ];
|
||||
endpoint = "zorigami.is-a.cat:51315";
|
||||
persistentKeepalive = 15;
|
||||
}];
|
||||
};
|
||||
dn42_w1kl4s_1 = {
|
||||
ips = [ "fd25:af2d:1f51:255::1/64" "fe80::255:acab/64" ];
|
||||
privateKeyFile = config.age.secrets.wgDN42Scylla.path;
|
||||
listenPort = 51516;
|
||||
allowedIPsAsRoutes = false;
|
||||
|
||||
peers = [{
|
||||
publicKey = "zNP632K1qrezFIl8NQK1tR3XEdYHat/YgzdCXnFIWDE=";
|
||||
allowedIPs = [ "0.0.0.0/0" "::/0" ];
|
||||
endpoint = "193.31.26.15:53137";
|
||||
}];
|
||||
|
||||
postSetup = ''
|
||||
${pkgs.iproute}/bin/ip addr add dev dn42_w1kl4s_1 172.20.148.161/32 peer 172.23.193.2/32
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.enable = true;
|
||||
networking.firewall.logRefusedConnections = false;
|
||||
networking.nat = {
|
||||
enable = true;
|
||||
externalInterface = "eth0";
|
||||
internalInterfaces = [ "lan" "eth1" "virbr1" "virbr2" ];
|
||||
forwardPorts = [
|
||||
{
|
||||
loopbackIPs = [ "185.102.189.133" ];
|
||||
destination = "192.168.101.2:22";
|
||||
sourcePort = 11520;
|
||||
proto = "tcp";
|
||||
} # sdomi's vm
|
||||
|
||||
{
|
||||
loopbackIPs = [ "185.102.189.133" ];
|
||||
destination = "192.168.20.31:22";
|
||||
sourcePort = 23;
|
||||
proto = "tcp";
|
||||
}
|
||||
{
|
||||
loopbackIPs = [ "185.102.189.133" ];
|
||||
destination = "192.168.20.32:22";
|
||||
sourcePort = 32;
|
||||
proto = "tcp";
|
||||
}
|
||||
{
|
||||
destination = "192.168.20.31";
|
||||
sourcePort = 2582;
|
||||
proto = "tcp";
|
||||
}
|
||||
|
||||
{
|
||||
destination = "192.168.20.31";
|
||||
sourcePort = "51411:51423";
|
||||
proto = "tcp";
|
||||
}
|
||||
{
|
||||
loopbackIPs = [ "185.102.189.133" ];
|
||||
destination = "192.168.20.31:80";
|
||||
sourcePort = 80;
|
||||
proto = "tcp";
|
||||
}
|
||||
{
|
||||
loopbackIPs = [ "185.102.189.133" ];
|
||||
destination = "192.168.20.31:443";
|
||||
sourcePort = 443;
|
||||
proto = "tcp";
|
||||
}
|
||||
{
|
||||
loopbackIPs = [ "185.102.189.133" ];
|
||||
destination = "192.168.20.31:2005";
|
||||
sourcePort = 2005;
|
||||
proto = "tcp";
|
||||
}
|
||||
|
||||
{
|
||||
destination = "192.168.20.31";
|
||||
sourcePort = "51411:51423";
|
||||
proto = "udp";
|
||||
}
|
||||
{
|
||||
loopbackIPs = [ "185.102.189.133" ];
|
||||
destination = "192.168.20.31:80";
|
||||
sourcePort = 80;
|
||||
proto = "udp";
|
||||
}
|
||||
{
|
||||
loopbackIPs = [ "185.102.189.133" ];
|
||||
destination = "192.168.20.31:443";
|
||||
sourcePort = 443;
|
||||
proto = "udp";
|
||||
}
|
||||
{
|
||||
loopbackIPs = [ "185.102.189.133" ];
|
||||
destination = "192.168.20.31:2005";
|
||||
sourcePort = 2005;
|
||||
proto = "udp";
|
||||
}
|
||||
];
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
179 # bgp
|
||||
53
|
||||
5201
|
||||
6443 # k3s
|
||||
];
|
||||
networking.firewall.allowedUDPPorts = [
|
||||
179 # bgp
|
||||
53
|
||||
51315
|
||||
51516 # dn42-w1kl4s
|
||||
];
|
||||
networking.firewall.interfaces."eth1".allowedTCPPorts = [ 8123 ];
|
||||
networking.firewall.interfaces."lan".allowedTCPPorts = [ 8123 ];
|
||||
systemd.network.wait-online.extraArgs = [ "--any" ];
|
||||
|
||||
services.k3s = {
|
||||
enable = false;
|
||||
role = "server";
|
||||
};
|
||||
|
||||
services.kea = {
|
||||
dhcp4 = {
|
||||
enable = true;
|
||||
settings = {
|
||||
interfaces-config = {
|
||||
interfaces = [ "lan/192.168.24.1" "eth1/192.168.20.1" ];
|
||||
};
|
||||
|
||||
lease-database = {
|
||||
name = "/var/lib/kea/dhcp4.leases";
|
||||
persist = true;
|
||||
type = "memfile";
|
||||
};
|
||||
|
||||
rebind-timer = 2000;
|
||||
renew-timer = 1000;
|
||||
valid-lifetime = 4000;
|
||||
|
||||
dhcp-ddns = {
|
||||
enable-updates = true;
|
||||
ncr-protocol = "UDP";
|
||||
ncr-format = "JSON";
|
||||
server-ip = "127.0.0.1";
|
||||
server-port = 53001;
|
||||
};
|
||||
|
||||
ddns-send-updates = true;
|
||||
ddns-replace-client-name = "when-not-present";
|
||||
ddns-update-on-renew = true;
|
||||
ddns-override-client-update = true;
|
||||
ddns-override-no-update = true;
|
||||
|
||||
subnet4 = [
|
||||
{
|
||||
subnet = "192.168.24.0/24";
|
||||
pools = [{ pool = "192.168.24.40 - 192.168.24.240"; }];
|
||||
reservations-out-of-pool = true;
|
||||
reservations-in-subnet = true;
|
||||
ddns-qualifying-suffix = "nibylandia.lan.";
|
||||
option-data = [
|
||||
{
|
||||
name = "routers";
|
||||
data = "192.168.24.1";
|
||||
}
|
||||
{
|
||||
name = "domain-name-servers";
|
||||
data = "192.168.24.1";
|
||||
}
|
||||
];
|
||||
|
||||
reservations = [{
|
||||
hw-address = "34:15:13:b6:2a:e7";
|
||||
hostname = "yamaha";
|
||||
ip-address = "192.168.24.11";
|
||||
}];
|
||||
}
|
||||
{
|
||||
subnet = "192.168.20.0/24";
|
||||
pools = [{ pool = "192.168.20.40 - 192.168.20.240"; }];
|
||||
reservations-out-of-pool = true;
|
||||
reservations-in-subnet = true;
|
||||
ddns-qualifying-suffix = "nibylandia.lan.";
|
||||
|
||||
option-data = [
|
||||
{
|
||||
name = "routers";
|
||||
data = "192.168.20.1";
|
||||
}
|
||||
{
|
||||
name = "domain-name-servers";
|
||||
data = "192.168.20.1";
|
||||
}
|
||||
];
|
||||
|
||||
reservations = [
|
||||
{
|
||||
hw-address = "00:02:c9:53:9a:c2";
|
||||
hostname = "stereolith";
|
||||
ip-address = "192.168.20.31";
|
||||
}
|
||||
{
|
||||
hw-address = "00:30:93:12:0f:bf";
|
||||
hostname = "microlith";
|
||||
ip-address = "192.168.20.32";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
dhcp-ddns = {
|
||||
enable = true;
|
||||
settings = {
|
||||
dns-server-timeout = 100;
|
||||
ip-address = "127.0.0.1";
|
||||
ncr-format = "JSON";
|
||||
ncr-protocol = "UDP";
|
||||
forward-ddns = {
|
||||
ddns-domains = [{
|
||||
key-name = "bind-key-2021-12-27";
|
||||
dns-servers = [{ ip-address = "192.168.20.1"; }];
|
||||
name = "nibylandia.lan.";
|
||||
}];
|
||||
};
|
||||
reverse-ddns = {
|
||||
ddns-domains = [
|
||||
{
|
||||
key-name = "bind-key-2021-12-27";
|
||||
dns-servers = [{ ip-address = "192.168.20.1"; }];
|
||||
name = "20.168.192.in-addr.arpa.";
|
||||
}
|
||||
{
|
||||
key-name = "bind-key-2021-12-27";
|
||||
dns-servers = [{ ip-address = "192.168.20.1"; }];
|
||||
name = "24.168.192.in-addr.arpa.";
|
||||
}
|
||||
];
|
||||
};
|
||||
tsig-keys = [{
|
||||
name = "bind-key-2021-12-27";
|
||||
algorithm = "HMAC-SHA512";
|
||||
secret = "__keaInclude ${config.age.secrets.ddnsKeyKea.path}";
|
||||
}];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.bind = {
|
||||
enable = true;
|
||||
listenOn = [ "192.168.20.1" "192.168.24.1" ];
|
||||
forwarders = [ "8.8.8.8" "1.1.1.1" "8.8.4.4" "1.0.0.1" ];
|
||||
cacheNetworks = [ "192.168.20.0/24" "192.168.24.0/24" ];
|
||||
zones = {
|
||||
"nibylandia.lan" = {
|
||||
master = true;
|
||||
file = "/var/lib/bind/nibylandia.lan.zone";
|
||||
extraConfig = ''
|
||||
allow-update { key "bind-key-2021-12-27"; };
|
||||
'';
|
||||
};
|
||||
"20.168.192.in-addr.arpa" = {
|
||||
master = true;
|
||||
file = "/var/lib/bind/20.168.192.in-addr.arpa.zone";
|
||||
extraConfig = ''
|
||||
allow-update { key "bind-key-2021-12-27"; };
|
||||
'';
|
||||
};
|
||||
"24.168.192.in-addr.arpa" = {
|
||||
master = true;
|
||||
file = "/var/lib/bind/24.168.192.in-addr.arpa.zone";
|
||||
extraConfig = ''
|
||||
allow-update { key "bind-key-2021-12-27"; };
|
||||
'';
|
||||
};
|
||||
};
|
||||
extraConfig = ''
|
||||
key "bind-key-2021-12-27" {
|
||||
algorithm hmac-sha512;
|
||||
include "${config.age.secrets.ddnsKeyBind.path}";
|
||||
};
|
||||
'';
|
||||
extraOptions = ''
|
||||
dnssec-validation no;
|
||||
'';
|
||||
};
|
||||
|
||||
services.bird2 = {
|
||||
enable = true;
|
||||
checkConfig = false;
|
||||
config = ''
|
||||
define OWNAS = 4242423137;
|
||||
define OWNIP = 172.20.148.161;
|
||||
define OWNIPv6 = fd25:af2d:1f51:255::1;
|
||||
define OWNNET = 172.20.148.160/27;
|
||||
define OWNNETv6 = fdc0:b038:c31e::/48;
|
||||
define OWNNETSET = [ 172.20.148.160/27+ ];
|
||||
define OWNNETSETv6 = [ fdc0:b038:c31e::/48+ ];
|
||||
|
||||
router id OWNIP;
|
||||
|
||||
protocol device {
|
||||
scan time 10;
|
||||
}
|
||||
|
||||
/*
|
||||
* Utility functions
|
||||
*/
|
||||
|
||||
function is_self_net() {
|
||||
return net ~ OWNNETSET;
|
||||
}
|
||||
|
||||
function is_self_net_v6() {
|
||||
return net ~ OWNNETSETv6;
|
||||
}
|
||||
|
||||
function is_valid_network() {
|
||||
return net ~ [
|
||||
172.20.0.0/14{21,29}, # dn42
|
||||
172.20.0.0/24{28,32}, # dn42 Anycast
|
||||
172.21.0.0/24{28,32}, # dn42 Anycast
|
||||
172.22.0.0/24{28,32}, # dn42 Anycast
|
||||
172.23.0.0/24{28,32}, # dn42 Anycast
|
||||
172.31.0.0/16+, # ChaosVPN
|
||||
10.100.0.0/14+, # ChaosVPN
|
||||
10.127.0.0/16{16,32}, # neonetwork
|
||||
10.0.0.0/8{15,24} # Freifunk.net
|
||||
];
|
||||
}
|
||||
|
||||
roa4 table dn42_roa;
|
||||
roa6 table dn42_roa_v6;
|
||||
|
||||
protocol static {
|
||||
roa4 { table dn42_roa; };
|
||||
include "/etc/bird/roa_dn42.conf";
|
||||
};
|
||||
|
||||
protocol static {
|
||||
roa6 { table dn42_roa_v6; };
|
||||
include "/etc/bird/roa_dn42_v6.conf";
|
||||
};
|
||||
|
||||
function is_valid_network_v6() {
|
||||
return net ~ [
|
||||
fd00::/8{44,64} # ULA address space as per RFC 4193
|
||||
];
|
||||
}
|
||||
|
||||
protocol kernel {
|
||||
scan time 20;
|
||||
|
||||
ipv6 {
|
||||
import none;
|
||||
export filter {
|
||||
if source = RTS_STATIC then reject;
|
||||
krt_prefsrc = OWNIPv6;
|
||||
accept;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
protocol kernel {
|
||||
scan time 20;
|
||||
|
||||
ipv4 {
|
||||
import none;
|
||||
export filter {
|
||||
if source = RTS_STATIC then reject;
|
||||
krt_prefsrc = OWNIP;
|
||||
accept;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
protocol static {
|
||||
route OWNNET reject;
|
||||
|
||||
ipv4 {
|
||||
import all;
|
||||
export none;
|
||||
};
|
||||
}
|
||||
|
||||
protocol static {
|
||||
route OWNNETv6 reject;
|
||||
|
||||
ipv6 {
|
||||
import all;
|
||||
export none;
|
||||
};
|
||||
}
|
||||
|
||||
template bgp dnpeers {
|
||||
local as OWNAS;
|
||||
path metric 1;
|
||||
|
||||
ipv4 {
|
||||
import filter {
|
||||
if is_valid_network() && !is_self_net() then {
|
||||
if (roa_check(dn42_roa, net, bgp_path.last) != ROA_VALID) then {
|
||||
print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;
|
||||
reject;
|
||||
} else accept;
|
||||
} else reject;
|
||||
};
|
||||
|
||||
export filter { if is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
|
||||
import limit 1000 action block;
|
||||
};
|
||||
|
||||
ipv6 {
|
||||
import filter {
|
||||
if is_valid_network_v6() && !is_self_net_v6() then {
|
||||
if (roa_check(dn42_roa_v6, net, bgp_path.last) != ROA_VALID) then {
|
||||
print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;
|
||||
reject;
|
||||
} else accept;
|
||||
} else reject;
|
||||
};
|
||||
export filter { if is_valid_network_v6() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
|
||||
import limit 1000 action block;
|
||||
};
|
||||
}
|
||||
|
||||
include "/etc/bird/peers/*";
|
||||
'';
|
||||
};
|
||||
|
||||
security.polkit.enable = true;
|
||||
virtualisation.libvirtd.enable = true;
|
||||
|
||||
services.avahi = {
|
||||
enable = true;
|
||||
reflector = true;
|
||||
allowInterfaces = [ "lan" "eth1" ];
|
||||
};
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
nixpkgs.overlays =
|
||||
[ (self: super: { restool = self.callPackage ./pkgs/restool { }; }) ];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
pv
|
||||
libarchive
|
||||
lshw
|
||||
zip
|
||||
file
|
||||
tcpdump
|
||||
lsof
|
||||
restool
|
||||
ethtool
|
||||
pciutils
|
||||
usbutils
|
||||
dig
|
||||
dstat
|
||||
wget
|
||||
bind
|
||||
nmap
|
||||
iperf
|
||||
config.boot.kernelPackages.perf
|
||||
];
|
||||
|
||||
programs = {
|
||||
mtr.enable = true;
|
||||
mosh.enable = true;
|
||||
neovim = {
|
||||
enable = true;
|
||||
defaultEditor = true;
|
||||
viAlias = true;
|
||||
vimAlias = true;
|
||||
};
|
||||
zsh = {
|
||||
enable = true;
|
||||
enableBashCompletion = true;
|
||||
autosuggestions.enable = true;
|
||||
syntaxHighlighting.enable = true;
|
||||
};
|
||||
command-not-found.enable = false;
|
||||
};
|
||||
|
||||
nix = {
|
||||
package = pkgs.nixUnstable;
|
||||
extraOptions = ''
|
||||
experimental-features = nix-command flakes
|
||||
'';
|
||||
};
|
||||
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfIRe1nH6vwjQTjqHNnkKAdr1VYqGEeQnqInmf3A6UN ar@khas"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO6rEwERSm/Fj4KO4SxFIo0BUvi9YNyf8PSL1FteMcMt arachnist@monolith"
|
||||
];
|
||||
|
||||
services.openssh.enable = true;
|
||||
system.stateVersion = "22.05";
|
||||
}
|
26
nixos/scylla/hardware-configuration.nix
Normal file
26
nixos/scylla/hardware-configuration.nix
Normal file
|
@ -0,0 +1,26 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "nvme" "usb_storage" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/9804a5ca-c647-4581-904e-4d784c8c0024";
|
||||
fsType = "xfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/65A6-F9A5";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
}
|
56
nixos/scylla/pkgs/restool/default.nix
Normal file
56
nixos/scylla/pkgs/restool/default.nix
Normal file
|
@ -0,0 +1,56 @@
|
|||
{ stdenv, lib, fetchgit, bash, coreutils, dtc, file, gawk, gnugrep, gnused
|
||||
, pandoc, which }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "restool";
|
||||
version = "20.12";
|
||||
|
||||
src = fetchgit {
|
||||
url =
|
||||
"https://source.codeaurora.org/external/qoriq/qoriq-components/restool";
|
||||
rev = "LSDK-${version}";
|
||||
sha256 = "137xvvms3n4wwb5v2sv70vsib52s3s314306qa0mqpgxf9fb19zl";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ file pandoc ];
|
||||
buildInputs = [ bash coreutils dtc gawk gnugrep gnused which ];
|
||||
|
||||
enableParallelBuilding = true;
|
||||
makeFlags = [
|
||||
"prefix="
|
||||
"bindir_completion=/share/bash-completion/completions"
|
||||
"DESTDIR=$(out)"
|
||||
"VERSION=${version}"
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
# -Werror makes this derivation fragile on compiler version upgrades, patch
|
||||
# it out.
|
||||
sed -i /-Werror/d Makefile
|
||||
'';
|
||||
|
||||
preFixup = ''
|
||||
# wrapProgram interacts badly with the ls-main tool, which relies on the
|
||||
# shell's $0 argument to figure out which operation to run (busybox-style
|
||||
# symlinks). Instead, inject the environment directly into the shell
|
||||
# scripts we need to wrap.
|
||||
for tool in ls-append-dpl ls-debug ls-main; do
|
||||
sed -i "1 a export PATH=\"$out/bin:${
|
||||
lib.makeBinPath buildInputs
|
||||
}:\$PATH\"" $out/bin/$tool
|
||||
done
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "DPAA2 Resource Management Tool";
|
||||
longDescription = ''
|
||||
restool is a user space application providing the ability to dynamically
|
||||
create and manage DPAA2 containers and objects from Linux.
|
||||
'';
|
||||
homepage =
|
||||
"https://source.codeaurora.org/external/qoriq/qoriq-components/restool/about/";
|
||||
license = licenses.bsd3;
|
||||
platforms = platforms.linux;
|
||||
maintainers = with maintainers; [ delroth ];
|
||||
};
|
||||
}
|
39
secrets.nix
Normal file
39
secrets.nix
Normal file
|
@ -0,0 +1,39 @@
|
|||
let
|
||||
ar_khas =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfIRe1nH6vwjQTjqHNnkKAdr1VYqGEeQnqInmf3A6UN ar@khas";
|
||||
ar_microlith =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO6rEwERSm/Fj4KO4SxFIo0BUvi9YNyf8PSL1FteMcMt ar@microlith";
|
||||
ar = [ ar_khas ar_microlith ];
|
||||
|
||||
scylla =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1X7EaPNfLhWH32IAyaZj2dhJz+QLnyGuXPCZUYRTjg";
|
||||
zorigami =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/7CsIWlJH2F0VQpgsGgZOQeAd7Zh98WpCvmTyXCTty";
|
||||
stereolith =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEVuDOcKE8ANKGjd6kfFH1qLLzLwg91o0exJ0isIEw4O";
|
||||
in {
|
||||
|
||||
"secrets/wg/nibylandia_scylla.age".publicKeys = ar ++ [ scylla ];
|
||||
"secrets/wg/dn42_w1kl4s_scylla.age".publicKeys = ar ++ [ scylla ];
|
||||
"secrets/lan/nibylandia-ddns-kea.age".publicKeys = ar ++ [ scylla ];
|
||||
"secrets/lan/nibylandia-ddns-bind.age".publicKeys = ar ++ [ scylla ];
|
||||
"secrets/nextCloudAdmin.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/nextCloudExporter.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/norkclubMinecraftRestic.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/cassAuth.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/miniflux.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/stuffAuth.age".publicKeys = ar ++ [ stereolith ];
|
||||
"secrets/wg/nibylandia_zorigami.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/mail/ar.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/mail/apo.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/mail/mastodon.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/mail/mastodonPlain.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/mail/madargon.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/mail/enki.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/mail/matrix.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/mail/vaultwarden.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/mail/vaultwardenPlain.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/mail/keycloak.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/mail/keycloakPlain.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/keycloakDatabase.age".publicKeys = ar ++ [ zorigami ];
|
||||
}
|
14
secrets/cassAuth.age
Normal file
14
secrets/cassAuth.age
Normal file
|
@ -0,0 +1,14 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg 1T37a0MucAEFYMGcdyS+Nxcbkp027j3JxXy2teCwHRg
|
||||
3khC9F+CVUToHWx22Cs0b+1dm0/nUwG7/nu4nFqRijY
|
||||
-> ssh-ed25519 grc4Uw NW49Rzlxh92jldZPNq3mkeJHi460dIA80B3bGqhVrm0
|
||||
9j3PAPk/C1DsGUMTHq1PzQMYId2rNoHRtwYBTViJ/A4
|
||||
-> ssh-ed25519 DLT88w b/3j37sDUOtFD0TbPl0Gvyd/73MNlmKT4EhXn48ANQI
|
||||
eHqL7WDztCzYyvb+K+bkZI0514Z2QyWDwvotmpFHI6M
|
||||
-> ,se-grease U<o] ~4 Yci -R
|
||||
R3H3gWM+BWWFB5qvnpwT0ZHZjihotvCUjaC98pTmtxcqHdHm6bmqNXSBUIIKaOD0
|
||||
79M
|
||||
--- NdVSXnmGsA82Wmu9fVBnsKRn5g6qFhzGLO2v1NE8FXc
|
||||
.½<>„upÅÎün|zÖÂÃ>z¬ËY‹Ò[u)e5u‘sC'Ÿ‡®‘\ÏeЂt']°44Ýh/\›¡-0Ÿ n©ðX÷ëTÚ
|
||||
]³ÒwÏ
|
||||
¾6ú÷Ø{U`o<>ï‚J\C£`ð+Ynס©ÎqdïÓµ¸˜«›ßŽWÞ
|
11
secrets/keycloakDatabase.age
Normal file
11
secrets/keycloakDatabase.age
Normal file
|
@ -0,0 +1,11 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg kesf+SaZD83McqpA9DixWtFIrEmRPxXkJ0GwzlUxWmE
|
||||
fget0ABRpLa1ILPy+j8qB60R2XOBZUkADYHIqShetLM
|
||||
-> ssh-ed25519 grc4Uw M6nvJkxP3YiZ9HQegvcReYpkLcyhpF2YiAV0Pr6FuiQ
|
||||
gPV7IhypqI8C655+ef69PbvTBcCEK3ChpVKcckU2hQk
|
||||
-> ssh-ed25519 DLT88w 8Cvg6k8zYawUgvMf8RQdA3pxxywIhCn7nPNGrMK4Q0o
|
||||
Kc58s9qkYHVS9pf+MYghheQXLxtImbny+W0zQ6j9eKE
|
||||
-> $mU5]|V-grease 3;xw\jc
|
||||
+Fl1I+CYc0AGj429YbhVaz3i/HvkLrHX0Jt2OIhN4xqp/oJNqw
|
||||
--- IfmaR6Z1bL8wgwgv1A+kuvxTq+xqKb6VD4iKdi0K8mk
|
||||
:‚Imià[Äo|Ú/ÄøR27?ãK"Êæfí¼&{å
Î[7ˆÌe&1¡“¹9…I)uù\Zæ >UÔ_yß
|
13
secrets/lan/nibylandia-ddns-bind.age
Normal file
13
secrets/lan/nibylandia-ddns-bind.age
Normal file
|
@ -0,0 +1,13 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg mk+AfUGcuTUyGVr8Y9eEgL75VA4JEThLGSd7nw9QJSs
|
||||
edbiwW5zV/j/sr+ynflHv97QnXCLHxoPJqnQnxMLl0E
|
||||
-> ssh-ed25519 grc4Uw b9BxvDAFU9tIHoujY/scPVQ4uwrj+5eEDmxXNmzOHjg
|
||||
fRy3YJk+l/2khO3U/38bF+M+c41W1mQUlRJ85D4e8DY
|
||||
-> ssh-ed25519 CJl5MQ 2C+ipkjQkLzpypr40L8G2H1qgQCNm9jYTTAUR/+m4Uo
|
||||
zbnzsLEZg1NMV63V66RbyKmPo37Ud8djb1074t77wc8
|
||||
-> [-grease Ihg*p WU.7s?UM R,Iyuqy}
|
||||
yj4NDfJn0E8kP0XdnIiTkmiA3NGcvZoYFM/uXOOIKCdajq3vY7gdgxyn9RiMQZoi
|
||||
jgdoEbXrgRdEaxt9h31flQRFa72BIvi8ha8hxaCEAarwGQ
|
||||
--- kjXO5aCKHjk2+BSSFvNdB/b9Avpw6z/KNA51Zs7kZ7Y
|
||||
‚…3Æn_Ÿ`Ÿ€~â|ì͵xÎoú80Xá¾BRÃÙ ã!|\r;@_ÁÀ¹T«†“’U“6!˜Ýq/)7“
|
||||
<EFBFBD>þHr2ÀÓÉ&‡DPŒxJê0Ò§·j°’ít.*ôüR5~ŒÎT=qúÒÔˆm«þ–죴r8Vg<56>®=3h
|
11
secrets/lan/nibylandia-ddns-kea.age
Normal file
11
secrets/lan/nibylandia-ddns-kea.age
Normal file
|
@ -0,0 +1,11 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg zF0Gy00g+A652+c4MKe5GFlewtlUMjpLLzODkT1HNBw
|
||||
KoG7CzBBLuTYaPc42+cx/IwDe0WHEwdW7BZD950qx9k
|
||||
-> ssh-ed25519 grc4Uw oi34sgBlxzAvBNvRnPoNys03fYlQPtGaN521dHQKlyA
|
||||
AEclTFw+LElZMNng0+ezmB06vmqlIxrhZ5Ug7lO0K2Y
|
||||
-> ssh-ed25519 CJl5MQ IGMoyGOVqyoczmGdDUrHcQF3zqbKQXESlrg2HkJklls
|
||||
iH0PiadiTgwEtjf2L1Ry2MCFFxhvb9LFr/eFKJA+M+4
|
||||
-> YCy8T-grease 2K|TYGy| ?++k:
|
||||
jzDT2sSDmnozZA0Prkr6cYgVou+09UwXc9H4KBNOlQ
|
||||
--- SjezupwORSDfiv2pPCKzoNGfolICCAd7eLNOmCRuuq4
|
||||
øß.3~M%4`©7?ùjòdzÁ¹–çl†f˜y¡%byÉŽ&Øž…[–—ûÅãa[¶˜wØ<77>dž¿òV;,‚»Ç´5[SM¬wëQ™âu…¸:VÖÓg—ŒØ¨ozýs‘b_[–Ø;UÚ…$´}¥´‚%
|
13
secrets/mail/apo.age
Normal file
13
secrets/mail/apo.age
Normal file
|
@ -0,0 +1,13 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg N+m6p/zttdGnIbdBfTRIEBuQvAquREmfs8RwDTnROAY
|
||||
Q5ROKDJmForW63J5UVu4Qf2TagKisGX4PcMaIVx1K7w
|
||||
-> ssh-ed25519 grc4Uw aSbKCbiCwnipGPVt5dcbCNNBeILtEnAB6Vkfq9LvdEY
|
||||
biHvwNpy7waPMuOQ4TE2mI+iOzROupSqkZINBi7l5/w
|
||||
-> ssh-ed25519 DLT88w Qa4VLSyBQRboqa68kVtqnGb7wEH9oyulEheaYXzl2ws
|
||||
jyDSxSQbzNVJIWsoJIoO3zVpPHy6RWNzPC5IhB5z0tk
|
||||
-> z-TKn-grease DO*%z p1C
|
||||
LUYpx4GSo0pNIT9gW8id1xBZWsJ3iJxhwHxSLg/kQS3KBAJO5uqgd8jnTg4TwGeM
|
||||
NSP31qORZHU
|
||||
--- AbYdv5y7vwe3ONItmV9Fb73/NeTpZd2kBxpu/msW+50
|
||||
X3ó€ÍMť;Á6h·ŠµQŢŽ<C5A2>ńĐ=´;<3B>ú#šŰ‘u3WÍPÜw§Ľ˘Ś
|
||||
?–gYÍ4⯨uu<75>`[ťHű8ś°˝—ű7ĘZţ$Ť>ĘĽx»Očre‹
|
BIN
secrets/mail/ar.age
Normal file
BIN
secrets/mail/ar.age
Normal file
Binary file not shown.
BIN
secrets/mail/enki.age
Normal file
BIN
secrets/mail/enki.age
Normal file
Binary file not shown.
11
secrets/mail/keycloak.age
Normal file
11
secrets/mail/keycloak.age
Normal file
|
@ -0,0 +1,11 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg jevSd+xpTihquLhBQlcSodrwCYiqqYykFtZsfx/MUXE
|
||||
RdgFHkHiuO/jrEwVijQeRgGPOFMd2cm4YUonkmBaGBQ
|
||||
-> ssh-ed25519 grc4Uw YaLvY+KF1YTLADjqJIyCavdSO6c/gvg3q8CXPOW4d3g
|
||||
63dNEGm9HJcg535UmRJSRimPtXttLct0Zs+DRIBO3Io
|
||||
-> ssh-ed25519 DLT88w efd8g7rCIcAPeukRiVnILPb0zFEznT2Nv8Cnc1VO+Wo
|
||||
WTSoEuZFsZ0DgefTGievPY2SLshaqCeb6kCGUtiMx/g
|
||||
-> }&NC]H8U-grease {r]Y~F0 -_ .
|
||||
5MS38QETyaJdLuwR6FB08TJXIwnw7OdRn/31H4BDU0x7
|
||||
--- dtnnxW2bXOIVUhSjC0j/1mkEfaMqbv3Nz/9Trpx0Xbc
|
||||
ѳhuÄ’G¶^PœÌx”…²NæíÉEkRê+õöÑA†[ŒgÄ õsTÉO<C389>Ž\vü¨ûÒ¦½BÄÂÞŽ÷jbd¾ë—ŠÅϖ̹.ËrÙyˆ—=öÆdS4ùÆ
|
BIN
secrets/mail/keycloakPlain.age
Normal file
BIN
secrets/mail/keycloakPlain.age
Normal file
Binary file not shown.
13
secrets/mail/madargon.age
Normal file
13
secrets/mail/madargon.age
Normal file
|
@ -0,0 +1,13 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg zc5A1eT8+ifTb1n4gpadYq6+aMypeBuzeJFH7n8GNFg
|
||||
czVB29wtzF3exwjggcEDPRSEYtRlK7CPhumLqfsKZhM
|
||||
-> ssh-ed25519 grc4Uw /t8+HAAwOJltUG6vS0lSrFavTfODeBZdxdj9sqIP6WI
|
||||
W4qQblzB//Ecwx1EIAYiBxQ2MXfqinN5ho8KO1J2Exw
|
||||
-> ssh-ed25519 DLT88w 3kNAE5a8AlH49YoNk/yA/64vtQb5Mr4v9wjQYv22Ehs
|
||||
gP/nL9QGVCYjj0tvJ4peysdTq1CBIpLhMn0R4q74IqU
|
||||
-> s6-grease &\RtW e6.Ke,J9
|
||||
fNZ0mgTK73JZDkZs5+oEQTFgptk7WNY+EwBSLOHe7iyPUsKUR76+P58vKFrcfMSw
|
||||
vNpqP7fm0OI/fHYMTtyx8w8E+Y7t0URG
|
||||
--- 4Xe1V66nBtt7+j2hOmmVCL3UHT58oie44PjssufEKws
|
||||
ÄÛ Æ:Ê‹gz|žNJ<i".|U ÿŒ<C3BF>…•Ö
|
||||
ç¦~œ$PŒ¼%R¸èþè•}ë„q,p& <09>¡j¸]¢b €Í’~ÿ}¿Ênú³K¿³IJŽvƒ<76>ªØ
|
11
secrets/mail/mastodon.age
Normal file
11
secrets/mail/mastodon.age
Normal file
|
@ -0,0 +1,11 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg nmFe1Q8A/S76A5Z9vrh4K5dJM890o2mwEEBfSqG8dCw
|
||||
7LmDmA/ANLSXC6VKc4LDQS99vv9i6wCP1OVANGCo/sI
|
||||
-> ssh-ed25519 grc4Uw bz2beS+8USpFvN/Re4H/DYgwtsBW3NYHM3jGS0zu0Wk
|
||||
Al6tJld1jEXh82DEKvyab9ocA8Dbfm+QYmPniwN9gCw
|
||||
-> ssh-ed25519 DLT88w JRFKPOnkZZcubjOI/IPjfOGxI2cjZ589c8IdKz7Ehz0
|
||||
UbIgpFdzvIHSAyrIxCeTNn9vQ1De81rywseR09Fo2f8
|
||||
-> ,I}P,-grease Ym 45hJJc j9wn3;kp
|
||||
GesmMGltPhQ/oM6ViCWYxB4+ULTCP4WNQXlv
|
||||
--- hQh4YEIVtBGHOtZjk77kAlggMFmh5Si2u5C3OviDDPw
|
||||
ü¦%:c<>ƒFÆ›z›‚O 1ìˆaŽ„~§˜Ò‹Ê‡ê_*$[~Ù„Ü“}pàß¼op˜8»“ì4›#uÅ éî¡~÷$éäY¿Ð´¹ñÜÝè¯ämKø‘YÆg“Ïe¸
|
12
secrets/mail/mastodonPlain.age
Normal file
12
secrets/mail/mastodonPlain.age
Normal file
|
@ -0,0 +1,12 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg EaXiOW4rgkC/TDg8dxvY4BcmVF4tMDzk5oXr3N7JJQU
|
||||
aNOtg/ny/x5SR5DAUBmM7T+nzdxV1wBbgF2vXICm8ys
|
||||
-> ssh-ed25519 grc4Uw Q6K4N8fRAZrG6jAHM6GRKUOdgv2nA2iyp+m7D7v3S3w
|
||||
u3lvKekoO1TNdd3p1dS+BLvOrOvUGRvSNORPcPsy/EY
|
||||
-> ssh-ed25519 DLT88w x7yNe8dYkHlMMXGO/dty3LK5gGahvIHPW2olVB3sSlw
|
||||
AnNgJLJPfxkzcZGwjrtW4F60z9Jc2ei/gNScaEx4mng
|
||||
-> (Z1-grease Seh@;cP
|
||||
zBeGZGCFTkA0DlMEGfbxntjVqP6HJEaWD3Gjf1mxOIcKuBb23FrBcgL1U/0dsXSE
|
||||
h1hsT6NMskKdLcDulprc96tuGve/gAoifQ
|
||||
--- WB8mYOcUNKQd4ALi7FhazPbYHS5OjTTyTGmE1BuKGxE
|
||||
¶Øƒî–!“öôÀ˜
ÎÉÉClðzÃ~…µÙÑaéx
:2û<08>˜dÝkø`˜Ò7â²?l>ÕÒõ\©
|
11
secrets/mail/matrix.age
Normal file
11
secrets/mail/matrix.age
Normal file
|
@ -0,0 +1,11 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg ztEokBJ3yjBiGZI8gPi95D7Ktr3JGkLLt0KTDrnZJ0Q
|
||||
8N/TnwM/JYzO0JX5etl0K9irG3BdbhVdiEQ6XpUmESI
|
||||
-> ssh-ed25519 grc4Uw vGO9wZ5nQ7n72H5JLfzBqt58KYPcyOA+4dGiY4U1ay8
|
||||
S+ItwCRDrbtt3iC4JtcrkxDaWK1QY8PknMUgm5v1NaM
|
||||
-> ssh-ed25519 DLT88w sJg7S7AFrQm0oNQJ8dDq0ZbqGL4SL3nVtGvNt+Gx/1A
|
||||
Rzf0vMw05PVvktceCPRZFqCaPUdM4mXJknLKaZiU7K4
|
||||
-> NLrA~@-grease :(KZ28
|
||||
b/ap2+msrvg8ST0+OEBSGwnqvP450HaiH+yRhEJz/k69fyM7QM4
|
||||
--- VLf28ysvKqN1YemvsQRYz18oEBWUtsBRhIkprFTZaC4
|
||||
ûÚ(ÙkÝf}Ú‹9ØeãtÜîò–Šy’0:îeYm‰|=lC_G«‚÷hjzåŸÓ bXù‰0wæþâd¹ýKÕ·ß!SÅ¡Ë<C2A1>Ãò˜4Sˆ‰ÂкP©ÿÝw#n
|
12
secrets/mail/vaultwarden.age
Normal file
12
secrets/mail/vaultwarden.age
Normal file
|
@ -0,0 +1,12 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg /xLFl1s1QHYOBtXbG+pAD3kdljp6PYyZ4ZeiB55Rqz4
|
||||
BjESbqD4WEmoj+nLwXrtHI12LXOPt1Paa4ZNkzSi5/M
|
||||
-> ssh-ed25519 grc4Uw PSzuUvFw+kfU+LXm5JTttX5d4STQ5NbGjoNFR/8FYHo
|
||||
/i+5AI59JJ4n427NN+yZ1OqFbF6XZFps6IdD7280gUE
|
||||
-> ssh-ed25519 DLT88w cVgmgyXx7HyMf8FsVUQH2FRABEFVgnm1P6ITIYeOnEw
|
||||
2l2Pr0Rtp/ohPaTH/V5RR1jwr/j9MmL7svwMjJIndXk
|
||||
-> Dm-grease `NL%8ot
|
||||
Jqvm4DqVlRcsExeXS8fhRo/1Zgza/AqcQH21nAjty4/AFEhjkl44Zsx8K0Nooagf
|
||||
nPEMN8TdDaAZOlhAsnI+spYh7qIIMLssqC9UgfTbXHtjBhc
|
||||
--- TlY/OpjrwdXQzNIRkNzEcy6Rftd4+LDDN7VedCrJs6w
|
||||
¦Ã<EFBFBD>ÚO¨C¿=UêûЊTmÉ3kæ–Þ½Ò€@A©.b\×P<C397>¾Ÿ7`§G81>⊀º•³€Ü<01>Ä”,™Ÿ»Åȃ¯4%a<7F>{:ð±É6Í/v†üÆlÍ2›Ï<j
|
12
secrets/mail/vaultwardenPlain.age
Normal file
12
secrets/mail/vaultwardenPlain.age
Normal file
|
@ -0,0 +1,12 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg H2bRjZgBqNjr/lB7nGhttRS5+TDqQDdCEMzaUAB+CnA
|
||||
eLhUYk3iJbqTd+MDUyIAr4hHQsyA95mQhNVabonGvrE
|
||||
-> ssh-ed25519 grc4Uw yoE0H5dPlzyNu8Fysxf/aw9eCRWtTBxN4U72KCwfvRI
|
||||
NM8BvnqwnOblcwByE8P8jvXt4DQ9blhzRNn39ZD4jCc
|
||||
-> ssh-ed25519 DLT88w C6yHb30SPUKVfnBWEBqT1qZuomYNftZrkRH2dyXPjlg
|
||||
1KGDzd7kvBCAjrO/cw7cIgao5psDJKHol5eH5rzriHU
|
||||
-> Pcg-grease T5Dl'6?) 4|[; .M]\z(7Y
|
||||
WbkBRL0MdYxfj25Dzn9ZBAKhfR2QZs8RpMlEv+lg6RW4H3P7zp2xRcuyVwE8kyVB
|
||||
nRp/qqW+PiHZJqfy
|
||||
--- cAcFa0wjnhP70bLXBFHMsxhOfm+q3i+Vl5ZoBjEqMPo
|
||||
”àª@G½Û%ìZÑ{Dèî¿Ý“ÒúÌŸ÷%¬°Ô:!l‡<§HVQ?eK(ú—¡$Ûô×xxÞözôÚ˜9œÊ^y(/ÈÿÍÈŽ‹>§
|
BIN
secrets/miniflux.age
Normal file
BIN
secrets/miniflux.age
Normal file
Binary file not shown.
BIN
secrets/nextCloudAdmin.age
Normal file
BIN
secrets/nextCloudAdmin.age
Normal file
Binary file not shown.
11
secrets/nextCloudExporter.age
Normal file
11
secrets/nextCloudExporter.age
Normal file
|
@ -0,0 +1,11 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg JBaQTCttZJeeO5xNkeImjNgnlaG4F3SBVGfeywU+HhU
|
||||
M2ySbFs6kIIoh9hT6lWVjwmVSdrxUZzncfoupqY5o3E
|
||||
-> ssh-ed25519 grc4Uw 5fsEOZeC3S4oW2YkGWDMIvzysjrwtie3N1p4z8EyWgo
|
||||
SNEzpOPR6FEs6jnqjMSnmKsQx01lLeMDMIqjazWBX+M
|
||||
-> ssh-ed25519 DLT88w lNu1jhfhq1i+rWI8XzNUFvBYnRRDtBDwh5GbsHr8wGY
|
||||
9czhGyr0F90mIac7KkGp5ZUbkDExFYKNuSvd+M2uM7E
|
||||
-> (-grease 5_}HQ2\ <^\ JqmV&2! 8c8V^&
|
||||
JxnyTg
|
||||
--- xkMLA4q/tdFFoJbKDPEt0+FPcGMr67A7GJhVyi0IyRU
|
||||
Yˆ84 ç)•í:4‰Ý9+6¾%]õåH·rÖ\®?ÀÉé©<ß‘RD>kÙË–Í3”ŸhÌu>`:O`¢Uß
|
11
secrets/norkclubMinecraftRestic.age
Normal file
11
secrets/norkclubMinecraftRestic.age
Normal file
|
@ -0,0 +1,11 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg 1NxvcBpgpuRaIUgr0tRxKI2FjckkZ3TpuW8wtgJvFCQ
|
||||
B+tlhpt6KX01Rvr1UdyXCsPQac29VJmtJcMjDtkaLH8
|
||||
-> ssh-ed25519 grc4Uw J3YduQ6qneo5ps+XIRCdz130l9WYse4pKv7mLR3qXVo
|
||||
waXFEcqG2bz3tDw52sAcX2a3iysAIA4BdJhgmAXFfFs
|
||||
-> ssh-ed25519 DLT88w /+O7Ee5XB+J/XljNecHYrofBT/146xgN30se+5n9kiI
|
||||
B1bCf+qp5erlqhJZwVSdJmnS7FWDzqn5QzuSSNaKUZY
|
||||
-> C)-grease ^)h86 sg +|53Up|
|
||||
hw
|
||||
--- rAcNSK2oDkJTGy90pmTlPoHPlPqsdRBN7mjCvBBMyDE
|
||||
²e$ù ¯Î«^‚R÷yÉ(—.¯$Ʀ+Îhc.„Zó›W¦¸
Î_ˆ©ÉÆ)£v<C2A3>¸Œm!61ƪ€„º3Vó4÷Œéîs{7HJ›<4A>2ûs™
|
15
secrets/stuffAuth.age
Normal file
15
secrets/stuffAuth.age
Normal file
|
@ -0,0 +1,15 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg 1+JwdUharfaJD1nJpaHA//Dg1gEaRBHV57hE72aq3Eg
|
||||
VajdnXMIjwBT9gvCMriDweLpXxWp2RHSYkAR/E+6cq4
|
||||
-> ssh-ed25519 grc4Uw Uy3lVLmSn8Oq3opvluhVFCTZ9uJaE5s+jfC49fORnmc
|
||||
GHp26W1qINiS49EEwi9qnSVidmymB3qoKivrwAbTWho
|
||||
-> ssh-ed25519 yqUwfA 6qRcvIAjTmR9XdFIBSZrvWpdnKt2rRyJDdT7vj9lH1g
|
||||
xzuXNuuexvwKDR04nu7+2spb9aTBZgeZ78Wg4Pmp8ig
|
||||
-> w9fNc-grease Q
|
||||
6h4uQx5MvCiJ2jK/xbsuuZ5uv1QcmhsKX5vKozRrNmeV1dZ3hZ1cT2tikIwqnvgd
|
||||
7V23AA
|
||||
--- oS+cT6EMUSIfciyC6aQI4ztRG45pX4XumZwMPMyjGAA
|
||||
ŽÃu
|
||||
,µ~èŠìq8Y<38>³Ú\><u_ïÄwçô[¿§H’käÚ(Ë<>ªV°á¢Ÿš´¾ì¤ë—/ØøBv5— g]І9±õ‘¦·t3=æwž¶™¸K«ÙŒ™WbŽÆ«Ø•H^óÒ1Àõ'ÈÂÀ-#ÿU>X‡}ûƒ
|
||||
úoxV
|
||||
ÅlÍ^me©ùzÑœc<C593>×½æIUZÒ®ÍÛ¾€@æ${q
|
BIN
secrets/wg/dn42_w1kl4s_scylla.age
Normal file
BIN
secrets/wg/dn42_w1kl4s_scylla.age
Normal file
Binary file not shown.
12
secrets/wg/nibylandia_scylla.age
Normal file
12
secrets/wg/nibylandia_scylla.age
Normal file