ar
/
nibylandia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

scaffolding

main
Robert Gerus 2023-09-03 13:35:16 +02:00
commit 065bc4f683
30 changed files with 1330 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
result*
.*swp

343
flake.lock Normal file
View File

@ -0,0 +1,343 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": [],
"home-manager": "home-manager",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1694793763,
"narHash": "sha256-y6gTE1C9mIoSkymRYyzCmv62PFgy+hbZ5j8fuiQK5KI=",
"owner": "ryantm",
"repo": "agenix",
"rev": "572baca9b0c592f71982fca0790db4ce311e3c75",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"base16-schemes": {
"flake": false,
"locked": {
"lastModified": 1680729003,
"narHash": "sha256-M9LHTL24/W4oqgbYRkz0B2qpNrkefTs98pfj3MxIXnU=",
"owner": "tinted-theming",
"repo": "base16-schemes",
"rev": "dc048afa066287a719ddbab62b3e19e4b5110cf0",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-schemes",
"type": "github"
}
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_2",
"utils": "utils"
},
"locked": {
"lastModified": 1694513707,
"narHash": "sha256-wE5kHco3+FQjc+MwTPwLVqYz4hM7uno2CgXDXUFMCpc=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "31c32fb2959103a796e07bbe47e0a5e287c343a8",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1682203081,
"narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1694643239,
"narHash": "sha256-pv2k/5FvyirDE8g4TNehzwZ0T4UOMMmqWSQnM/luRtE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "d9b88b43524db1591fb3d9410a21428198d75d49",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nix-colors": {
"inputs": {
"base16-schemes": "base16-schemes",
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1682108218,
"narHash": "sha256-tMr7BbxualFQlN+XopS8rMMgf2XR9ZfRuwIZtjsWmfI=",
"owner": "misterio77",
"repo": "nix-colors",
"rev": "b92df8f5eb1fa20d8e09810c03c9dc0d94ef2820",
"type": "github"
},
"original": {
"owner": "misterio77",
"repo": "nix-colors",
"type": "github"
}
},
"nix-formatter-pack": {
"inputs": {
"nixpkgs": "nixpkgs_4",
"nmd": "nmd",
"nmt": "nmt"
},
"locked": {
"lastModified": 1689022371,
"narHash": "sha256-+jxvMYzmzKaGFh7VDgKBmdP1ZBaGhdzL5WZaspdKpTA=",
"owner": "Gerschtli",
"repo": "nix-formatter-pack",
"rev": "d974547b3d7c7ce2975dc120ef3bc53f9dd61127",
"type": "github"
},
"original": {
"owner": "Gerschtli",
"repo": "nix-formatter-pack",
"type": "github"
}
},
"nix-index-database": {
"inputs": {
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1694921880,
"narHash": "sha256-yU36cs5UdzhTwsM9bUWUz43N//ELzQ1ro69C07pU/8E=",
"owner": "Mic92",
"repo": "nix-index-database",
"rev": "9d2bcc47110b3b6217dfebd6761ba20bc78aedf2",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "nix-index-database",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1677676435,
"narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1680397293,
"narHash": "sha256-wBpJ73+tJ8fZSWb4tzNbAVahC4HSo2QG3nICDy4ExBQ=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "b18d328214ca3c627d3cc3f51fd9d1397fdbcd7a",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1671417167,
"narHash": "sha256-JkHam6WQOwZN1t2C2sbp1TqMv3TVRjzrdoejqfefwrM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bb31220cca6d044baa6dc2715b07497a2a7c4bc7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1694422566,
"narHash": "sha256-lHJ+A9esOz9vln/3CJG23FV6Wd2OoOFbDeEs4cMGMqc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3a2786eea085f040a66ecde1bc3ddc7099f6dbeb",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1669933672,
"narHash": "sha256-9nzaATSTmEMpTrx+7j3vVwQkcpu9JMkQ1M08iPtu7m4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "da12bb299b2941299b1de24fbd92c5dd35de40e9",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1694767346,
"narHash": "sha256-5uH27SiVFUwsTsqC5rs3kS7pBoNhtoy9QfTP9BmknGk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ace5093e36ab1e95cb9463863491bee90d5a4183",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1694972439,
"narHash": "sha256-LXkr3gvhm9u+h+RqZB51XQeZQww/wD5QRnDDMq91QZM=",
"owner": "arachnist",
"repo": "nixpkgs",
"rev": "3a369a4140123299311eb6e4a5b430fc52d4ce9e",
"type": "github"
},
"original": {
"owner": "arachnist",
"ref": "kea-json-includes",
"repo": "nixpkgs",
"type": "github"
}
},
"nmd": {
"flake": false,
"locked": {
"lastModified": 1666190571,
"narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=",
"owner": "rycee",
"repo": "nmd",
"rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169",
"type": "gitlab"
},
"original": {
"owner": "rycee",
"repo": "nmd",
"type": "gitlab"
}
},
"nmt": {
"flake": false,
"locked": {
"lastModified": 1648075362,
"narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=",
"owner": "rycee",
"repo": "nmt",
"rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae",
"type": "gitlab"
},
"original": {
"owner": "rycee",
"repo": "nmt",
"type": "gitlab"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"deploy-rs": "deploy-rs",
"home-manager": "home-manager_2",
"nix-colors": "nix-colors",
"nix-formatter-pack": "nix-formatter-pack",
"nix-index-database": "nix-index-database",
"nixpkgs": "nixpkgs_6"
}
},
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

65
flake.nix Normal file
View File

@ -0,0 +1,65 @@
{
description = "Nibylandia configurations";
inputs = {
nixpkgs.url = "github:arachnist/nixpkgs/kea-json-includes";
home-manager.url = "github:nix-community/home-manager";
nix-colors.url = "github:misterio77/nix-colors";
nix-formatter-pack.url = "github:Gerschtli/nix-formatter-pack";
nix-index-database.url = "github:Mic92/nix-index-database";
deploy-rs.url = "github:serokell/deploy-rs";
agenix = {
url = "github:ryantm/agenix";
inputs.darwin.follows = "";
};
};
outputs = { self, nixpkgs, nix-formatter-pack, nix-index-database, deploy-rs
, agenix, ... }:
let forAllSystems = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ];
in {
# forAllSystems (system: nixpkgs.legacyPackages.${system}.nixfmt);
formatter = forAllSystems (system:
nix-formatter-pack.lib.mkFormatter {
inherit nixpkgs system;
config = {
tools = {
deadnix = {
enable = true;
noLambdaPatternNames = true;
noLambdaArg = true;
};
statix.enable = true;
nixfmt.enable = true;
};
};
});
nixosConfigurations = {
scylla = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
nix-index-database.nixosModules.nix-index
agenix.nixosModules.default
./nixos/scylla/configuration.nix
];
};
};
deploy.nodes.scylla = {
fastConnection = false;
remoteBuild = true;
hostname = "i.am-a.cat";
profiles.system = {
user = "root";
sshUser = "root";
path = deploy-rs.lib.aarch64-linux.activate.nixos
self.nixosConfigurations.scylla;
};
};
checks = builtins.mapAttrs
(system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
};
}

595
nixos/scylla/configuration.nix Normal file
View File

@ -0,0 +1,595 @@
{ config, pkgs, ... }:
{
imports = [ ./hardware-configuration.nix ];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot = {
kernelPackages = pkgs.linuxPackages_latest;
kernelParams =
[ "arm-smmu.disable_bypass=0" "pci=pcie_bus_perf" "iommu.passthrough=1" ];
# Setup SFP+ network interfaces early so systemd can pick everything up.
initrd.extraUtilsCommands = ''
copy_bin_and_libs ${pkgs.restool}/bin/restool
copy_bin_and_libs ${pkgs.restool}/bin/ls-main
copy_bin_and_libs ${pkgs.restool}/bin/ls-addni
# Patch paths
sed -i "1i #!$out/bin/sh" $out/bin/ls-main
'';
initrd.postDeviceCommands = ''
ls-addni dpmac.7
ls-addni dpmac.8
ls-addni dpmac.9
ls-addni dpmac.10
'';
kernel.sysctl = {
"net.ipv4.conf.all.forwarding" = true;
"net.ipv6.conf.all.accept_ra" = 0;
"net.ipv6.conf.all.autoconf" = 0;
"net.ipv6.conf.all.use_tempaddr" = 0;
};
};
age.secrets = {
wgNibylandiaScylla.file = ../../secrets/wg/nibylandia_scylla.age;
wgDN42Scylla.file = ../../secrets/wg/dn42_w1kl4s_scylla.age;
ddnsKeyKea = {
file = ../../secrets/lan/nibylandia-ddns-kea.age;
mode = "444";
};
ddnsKeyBind = {
file = ../../secrets/lan/nibylandia-ddns-bind.age;
mode = "400";
owner = "named";
group = "named";
};
};
networking.hostName = "scylla";
networking.wireless.enable = false;
time.timeZone = "Europe/Warsaw";
systemd.network.enable = true;
networking.useNetworkd = true;
networking.useDHCP = false;
networking.interfaces = {
eth0 = {
useDHCP = true;
macAddress = "50:7b:9d:b5:fa:e8";
};
lan = {
ipv4.addresses = [{
address = "192.168.24.1";
prefixLength = 24;
}];
};
eth1 = {
ipv4.addresses = [{
address = "192.168.20.1";
prefixLength = 24;
}];
};
};
networking.nameservers = [ "192.168.20.1" ];
networking.vlans = {
lan = {
id = 10;
interface = "eth1";
};
};
networking.wireguard.interfaces = {
wg-nibylandia = {
ips = [ "10.255.255.2/24" ];
privateKeyFile = config.age.secrets.wgNibylandiaScylla.path;
listenPort = 51315;
allowedIPsAsRoutes = true;
peers = [{
publicKey = "xwTYtejNZCtOyPMNcZVlsBIGYae6aUQczh7UwujLxXg=";
allowedIPs = [ "10.255.255.0/24" ];
endpoint = "zorigami.is-a.cat:51315";
persistentKeepalive = 15;
}];
};
dn42_w1kl4s_1 = {
ips = [ "fd25:af2d:1f51:255::1/64" "fe80::255:acab/64" ];
privateKeyFile = config.age.secrets.wgDN42Scylla.path;
listenPort = 51516;
allowedIPsAsRoutes = false;
peers = [{
publicKey = "zNP632K1qrezFIl8NQK1tR3XEdYHat/YgzdCXnFIWDE=";
allowedIPs = [ "0.0.0.0/0" "::/0" ];
endpoint = "193.31.26.15:53137";
}];
postSetup = ''
${pkgs.iproute}/bin/ip addr add dev dn42_w1kl4s_1 172.20.148.161/32 peer 172.23.193.2/32
'';
};
};
networking.firewall.enable = true;
networking.firewall.logRefusedConnections = false;
networking.nat = {
enable = true;
externalInterface = "eth0";
internalInterfaces = [ "lan" "eth1" "virbr1" "virbr2" ];
forwardPorts = [
{
loopbackIPs = [ "185.102.189.133" ];
destination = "192.168.101.2:22";
sourcePort = 11520;
proto = "tcp";
} # sdomi's vm
{
loopbackIPs = [ "185.102.189.133" ];
destination = "192.168.20.31:22";
sourcePort = 23;
proto = "tcp";
}
{
loopbackIPs = [ "185.102.189.133" ];
destination = "192.168.20.32:22";
sourcePort = 32;
proto = "tcp";
}
{
destination = "192.168.20.31";
sourcePort = 2582;
proto = "tcp";
}
{
destination = "192.168.20.31";
sourcePort = "51411:51423";
proto = "tcp";
}
{
loopbackIPs = [ "185.102.189.133" ];
destination = "192.168.20.31:80";
sourcePort = 80;
proto = "tcp";
}
{
loopbackIPs = [ "185.102.189.133" ];
destination = "192.168.20.31:443";
sourcePort = 443;
proto = "tcp";
}
{
loopbackIPs = [ "185.102.189.133" ];
destination = "192.168.20.31:2005";
sourcePort = 2005;
proto = "tcp";
}
{
destination = "192.168.20.31";
sourcePort = "51411:51423";
proto = "udp";
}
{
loopbackIPs = [ "185.102.189.133" ];
destination = "192.168.20.31:80";
sourcePort = 80;
proto = "udp";
}
{
loopbackIPs = [ "185.102.189.133" ];
destination = "192.168.20.31:443";
sourcePort = 443;
proto = "udp";
}
{
loopbackIPs = [ "185.102.189.133" ];
destination = "192.168.20.31:2005";
sourcePort = 2005;
proto = "udp";
}
];
};
networking.firewall.allowedTCPPorts = [
179 # bgp
53
5201
6443 # k3s
];
networking.firewall.allowedUDPPorts = [
179 # bgp
53
51315
51516 # dn42-w1kl4s
];
networking.firewall.interfaces."eth1".allowedTCPPorts = [ 8123 ];
networking.firewall.interfaces."lan".allowedTCPPorts = [ 8123 ];
systemd.network.wait-online.extraArgs = [ "--any" ];
services.k3s = {
enable = false;
role = "server";
};
services.kea = {
dhcp4 = {
enable = true;
settings = {
interfaces-config = {
interfaces = [ "lan/192.168.24.1" "eth1/192.168.20.1" ];
};
lease-database = {
name = "/var/lib/kea/dhcp4.leases";
persist = true;
type = "memfile";
};
rebind-timer = 2000;
renew-timer = 1000;
valid-lifetime = 4000;
dhcp-ddns = {
enable-updates = true;
ncr-protocol = "UDP";
ncr-format = "JSON";
server-ip = "127.0.0.1";
server-port = 53001;
};
ddns-send-updates = true;
ddns-replace-client-name = "when-not-present";
ddns-update-on-renew = true;
ddns-override-client-update = true;
ddns-override-no-update = true;
subnet4 = [
{
subnet = "192.168.24.0/24";
pools = [{ pool = "192.168.24.40 - 192.168.24.240"; }];
reservations-out-of-pool = true;
reservations-in-subnet = true;
ddns-qualifying-suffix = "nibylandia.lan.";
option-data = [
{
name = "routers";
data = "192.168.24.1";
}
{
name = "domain-name-servers";
data = "192.168.24.1";
}
];
reservations = [{
hw-address = "34:15:13:b6:2a:e7";
hostname = "yamaha";
ip-address = "192.168.24.11";
}];
}
{
subnet = "192.168.20.0/24";
pools = [{ pool = "192.168.20.40 - 192.168.20.240"; }];
reservations-out-of-pool = true;
reservations-in-subnet = true;
ddns-qualifying-suffix = "nibylandia.lan.";
option-data = [
{
name = "routers";
data = "192.168.20.1";
}
{
name = "domain-name-servers";
data = "192.168.20.1";
}
];
reservations = [
{
hw-address = "00:02:c9:53:9a:c2";
hostname = "stereolith";
ip-address = "192.168.20.31";
}
{
hw-address = "00:30:93:12:0f:bf";
hostname = "microlith";
ip-address = "192.168.20.32";
}
];
}
];
};
};
dhcp-ddns = {
enable = true;
settings = {
dns-server-timeout = 100;
ip-address = "127.0.0.1";
ncr-format = "JSON";
ncr-protocol = "UDP";
forward-ddns = {
ddns-domains = [{
key-name = "bind-key-2021-12-27";
dns-servers = [{ ip-address = "192.168.20.1"; }];
name = "nibylandia.lan.";
}];
};
reverse-ddns = {
ddns-domains = [
{
key-name = "bind-key-2021-12-27";
dns-servers = [{ ip-address = "192.168.20.1"; }];
name = "20.168.192.in-addr.arpa.";
}
{
key-name = "bind-key-2021-12-27";
dns-servers = [{ ip-address = "192.168.20.1"; }];
name = "24.168.192.in-addr.arpa.";
}
];
};
tsig-keys = [{
name = "bind-key-2021-12-27";
algorithm = "HMAC-SHA512";
secret = "__keaInclude ${config.age.secrets.ddnsKeyKea.path}";
}];
};
};
};
services.bind = {
enable = true;
listenOn = [ "192.168.20.1" "192.168.24.1" ];
forwarders = [ "8.8.8.8" "1.1.1.1" "8.8.4.4" "1.0.0.1" ];
cacheNetworks = [ "192.168.20.0/24" "192.168.24.0/24" ];
zones = {
"nibylandia.lan" = {
master = true;
file = "/var/lib/bind/nibylandia.lan.zone";
extraConfig = ''
allow-update { key "bind-key-2021-12-27"; };
'';
};
"20.168.192.in-addr.arpa" = {
master = true;
file = "/var/lib/bind/20.168.192.in-addr.arpa.zone";
extraConfig = ''
allow-update { key "bind-key-2021-12-27"; };
'';
};
"24.168.192.in-addr.arpa" = {
master = true;
file = "/var/lib/bind/24.168.192.in-addr.arpa.zone";
extraConfig = ''
allow-update { key "bind-key-2021-12-27"; };
'';
};
};
extraConfig = ''
key "bind-key-2021-12-27" {
algorithm hmac-sha512;
include "${config.age.secrets.ddnsKeyBind.path}";
};
'';
extraOptions = ''
dnssec-validation no;
'';
};
services.bird2 = {
enable = true;
checkConfig = false;
config = ''
define OWNAS = 4242423137;
define OWNIP = 172.20.148.161;
define OWNIPv6 = fd25:af2d:1f51:255::1;
define OWNNET = 172.20.148.160/27;
define OWNNETv6 = fdc0:b038:c31e::/48;
define OWNNETSET = [ 172.20.148.160/27+ ];
define OWNNETSETv6 = [ fdc0:b038:c31e::/48+ ];
router id OWNIP;
protocol device {
scan time 10;
}
/*
* Utility functions
*/
function is_self_net() {
return net ~ OWNNETSET;
}
function is_self_net_v6() {
return net ~ OWNNETSETv6;
}
function is_valid_network() {
return net ~ [
172.20.0.0/14{21,29}, # dn42
172.20.0.0/24{28,32}, # dn42 Anycast
172.21.0.0/24{28,32}, # dn42 Anycast
172.22.0.0/24{28,32}, # dn42 Anycast
172.23.0.0/24{28,32}, # dn42 Anycast
172.31.0.0/16+, # ChaosVPN
10.100.0.0/14+, # ChaosVPN
10.127.0.0/16{16,32}, # neonetwork
10.0.0.0/8{15,24} # Freifunk.net
];
}
roa4 table dn42_roa;
roa6 table dn42_roa_v6;
protocol static {
roa4 { table dn42_roa; };
include "/etc/bird/roa_dn42.conf";
};
protocol static {
roa6 { table dn42_roa_v6; };
include "/etc/bird/roa_dn42_v6.conf";
};
function is_valid_network_v6() {
return net ~ [
fd00::/8{44,64} # ULA address space as per RFC 4193
];
}
protocol kernel {
scan time 20;
ipv6 {
import none;
export filter {
if source = RTS_STATIC then reject;
krt_prefsrc = OWNIPv6;
accept;
};
};
};
protocol kernel {
scan time 20;
ipv4 {
import none;
export filter {
if source = RTS_STATIC then reject;
krt_prefsrc = OWNIP;
accept;
};
};
}
protocol static {
route OWNNET reject;
ipv4 {
import all;
export none;
};
}
protocol static {
route OWNNETv6 reject;
ipv6 {
import all;
export none;
};
}
template bgp dnpeers {
local as OWNAS;
path metric 1;
ipv4 {
import filter {
if is_valid_network() && !is_self_net() then {
if (roa_check(dn42_roa, net, bgp_path.last) != ROA_VALID) then {
print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;
reject;
} else accept;
} else reject;
};
export filter { if is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
import limit 1000 action block;
};
ipv6 {
import filter {
if is_valid_network_v6() && !is_self_net_v6() then {
if (roa_check(dn42_roa_v6, net, bgp_path.last) != ROA_VALID) then {
print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;
reject;
} else accept;
} else reject;
};
export filter { if is_valid_network_v6() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
import limit 1000 action block;
};
}
include "/etc/bird/peers/*";
'';
};
security.polkit.enable = true;
virtualisation.libvirtd.enable = true;
services.avahi = {
enable = true;
reflector = true;
allowInterfaces = [ "lan" "eth1" ];
};
nixpkgs.config.allowUnfree = true;
nixpkgs.overlays =
[ (self: super: { restool = self.callPackage ./pkgs/restool { }; }) ];
environment.systemPackages = with pkgs; [
pv
libarchive
lshw
zip
file
tcpdump
lsof
restool
ethtool
pciutils
usbutils
dig
dstat
wget
bind
nmap
iperf
config.boot.kernelPackages.perf
];
programs = {
mtr.enable = true;
mosh.enable = true;
neovim = {
enable = true;
defaultEditor = true;
viAlias = true;
vimAlias = true;
};
zsh = {
enable = true;
enableBashCompletion = true;
autosuggestions.enable = true;
syntaxHighlighting.enable = true;
};
command-not-found.enable = false;
};
nix = {
package = pkgs.nixUnstable;
extraOptions = ''
experimental-features = nix-command flakes
'';
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfIRe1nH6vwjQTjqHNnkKAdr1VYqGEeQnqInmf3A6UN ar@khas"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO6rEwERSm/Fj4KO4SxFIo0BUvi9YNyf8PSL1FteMcMt arachnist@monolith"
];
services.openssh.enable = true;
system.stateVersion = "22.05";
}

26
nixos/scylla/hardware-configuration.nix Normal file
View File

@ -0,0 +1,26 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "nvme" "usb_storage" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/9804a5ca-c647-4581-904e-4d784c8c0024";
fsType = "xfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/65A6-F9A5";
fsType = "vfat";
};
swapDevices = [ ];
}

56
nixos/scylla/pkgs/restool/default.nix Normal file
View File

@ -0,0 +1,56 @@
{ stdenv, lib, fetchgit, bash, coreutils, dtc, file, gawk, gnugrep, gnused
, pandoc, which }:
stdenv.mkDerivation rec {
pname = "restool";
version = "20.12";
src = fetchgit {
url =
"https://source.codeaurora.org/external/qoriq/qoriq-components/restool";
rev = "LSDK-${version}";
sha256 = "137xvvms3n4wwb5v2sv70vsib52s3s314306qa0mqpgxf9fb19zl";
};
nativeBuildInputs = [ file pandoc ];
buildInputs = [ bash coreutils dtc gawk gnugrep gnused which ];
enableParallelBuilding = true;
makeFlags = [
"prefix="
"bindir_completion=/share/bash-completion/completions"
"DESTDIR=$(out)"
"VERSION=${version}"
];
postPatch = ''
# -Werror makes this derivation fragile on compiler version upgrades, patch
# it out.
sed -i /-Werror/d Makefile
'';
preFixup = ''
# wrapProgram interacts badly with the ls-main tool, which relies on the
# shell's $0 argument to figure out which operation to run (busybox-style
# symlinks). Instead, inject the environment directly into the shell
# scripts we need to wrap.
for tool in ls-append-dpl ls-debug ls-main; do
sed -i "1 a export PATH=\"$out/bin:${
lib.makeBinPath buildInputs
}:\$PATH\"" $out/bin/$tool
done
'';
meta = with lib; {
description = "DPAA2 Resource Management Tool";
longDescription = ''
restool is a user space application providing the ability to dynamically
create and manage DPAA2 containers and objects from Linux.
'';
homepage =
"https://source.codeaurora.org/external/qoriq/qoriq-components/restool/about/";
license = licenses.bsd3;
platforms = platforms.linux;
maintainers = with maintainers; [ delroth ];
};
}

39
secrets.nix Normal file
View File

@ -0,0 +1,39 @@
let
ar_khas =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfIRe1nH6vwjQTjqHNnkKAdr1VYqGEeQnqInmf3A6UN ar@khas";
ar_microlith =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO6rEwERSm/Fj4KO4SxFIo0BUvi9YNyf8PSL1FteMcMt ar@microlith";
ar = [ ar_khas ar_microlith ];
scylla =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1X7EaPNfLhWH32IAyaZj2dhJz+QLnyGuXPCZUYRTjg";
zorigami =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/7CsIWlJH2F0VQpgsGgZOQeAd7Zh98WpCvmTyXCTty";
stereolith =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEVuDOcKE8ANKGjd6kfFH1qLLzLwg91o0exJ0isIEw4O";
in {
"secrets/wg/nibylandia_scylla.age".publicKeys = ar ++ [ scylla ];
"secrets/wg/dn42_w1kl4s_scylla.age".publicKeys = ar ++ [ scylla ];
"secrets/lan/nibylandia-ddns-kea.age".publicKeys = ar ++ [ scylla ];
"secrets/lan/nibylandia-ddns-bind.age".publicKeys = ar ++ [ scylla ];
"secrets/nextCloudAdmin.age".publicKeys = ar ++ [ zorigami ];
"secrets/nextCloudExporter.age".publicKeys = ar ++ [ zorigami ];
"secrets/norkclubMinecraftRestic.age".publicKeys = ar ++ [ zorigami ];
"secrets/cassAuth.age".publicKeys = ar ++ [ zorigami ];
"secrets/miniflux.age".publicKeys = ar ++ [ zorigami ];
"secrets/stuffAuth.age".publicKeys = ar ++ [ stereolith ];
"secrets/wg/nibylandia_zorigami.age".publicKeys = ar ++ [ zorigami ];
"secrets/mail/ar.age".publicKeys = ar ++ [ zorigami ];
"secrets/mail/apo.age".publicKeys = ar ++ [ zorigami ];
"secrets/mail/mastodon.age".publicKeys = ar ++ [ zorigami ];
"secrets/mail/mastodonPlain.age".publicKeys = ar ++ [ zorigami ];
"secrets/mail/madargon.age".publicKeys = ar ++ [ zorigami ];
"secrets/mail/enki.age".publicKeys = ar ++ [ zorigami ];
"secrets/mail/matrix.age".publicKeys = ar ++ [ zorigami ];
"secrets/mail/vaultwarden.age".publicKeys = ar ++ [ zorigami ];
"secrets/mail/vaultwardenPlain.age".publicKeys = ar ++ [ zorigami ];
"secrets/mail/keycloak.age".publicKeys = ar ++ [ zorigami ];
"secrets/mail/keycloakPlain.age".publicKeys = ar ++ [ zorigami ];
"secrets/keycloakDatabase.age".publicKeys = ar ++ [ zorigami ];
}

14
secrets/cassAuth.age Normal file
View File

@ -0,0 +1,14 @@
age-encryption.org/v1
-> ssh-ed25519 kY4Rgg 1T37a0MucAEFYMGcdyS+Nxcbkp027j3JxXy2teCwHRg
3khC9F+CVUToHWx22Cs0b+1dm0/nUwG7/nu4nFqRijY
-> ssh-ed25519 grc4Uw NW49Rzlxh92jldZPNq3mkeJHi460dIA80B3bGqhVrm0
9j3PAPk/C1DsGUMTHq1PzQMYId2rNoHRtwYBTViJ/A4
-> ssh-ed25519 DLT88w b/3j37sDUOtFD0TbPl0Gvyd/73MNlmKT4EhXn48ANQI
eHqL7WDztCzYyvb+K+bkZI0514Z2QyWDwvotmpFHI6M
-> ,se-grease U<o] ~4 Yci -R
R3H3gWM+BWWFB5qvnpwT0ZHZjihotvCUjaC98pTmtxcqHdHm6bmqNXSBUIIKaOD0
79M
--- NdVSXnmGsA82Wmu9fVBnsKRn5g6qFhzGLO2v1NE8FXc
<>upÅÎün|zÖÂÃ>z¬ËYÒ[u)e5usC'Ÿ‡®‘\ÏeÐt']°44Ýh/\›¡-0Ÿ n©ðX÷ëTÚ
]³ÒwÏ
¾6ú÷Ø{U`o<>ïJ\C£`ð+Ynס©ÎqdïÓµ¸˜«ßŽWÞ

11
secrets/keycloakDatabase.age Normal file
View File

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 kY4Rgg kesf+SaZD83McqpA9DixWtFIrEmRPxXkJ0GwzlUxWmE
fget0ABRpLa1ILPy+j8qB60R2XOBZUkADYHIqShetLM
-> ssh-ed25519 grc4Uw M6nvJkxP3YiZ9HQegvcReYpkLcyhpF2YiAV0Pr6FuiQ
gPV7IhypqI8C655+ef69PbvTBcCEK3ChpVKcckU2hQk
-> ssh-ed25519 DLT88w 8Cvg6k8zYawUgvMf8RQdA3pxxywIhCn7nPNGrMK4Q0o
Kc58s9qkYHVS9pf+MYghheQXLxtImbny+W0zQ6j9eKE
-> $mU5]|V-grease 3;xw\jc
+Fl1I+CYc0AGj429YbhVaz3i/HvkLrHX0Jt2OIhN4xqp/oJNqw
--- IfmaR6Z1bL8wgwgv1A+kuvxTq+xqKb6VD4iKdi0K8mk
:Imià[Äo|Ú/ÄøR27?ãK"Êæfí¼&{å Î[7ˆÌe&1¡“¹ 9…I)uù\Zæ >UÔ_yß

13
secrets/lan/nibylandia-ddns-bind.age Normal file
View File

@ -0,0 +1,13 @@
age-encryption.org/v1
-> ssh-ed25519 kY4Rgg mk+AfUGcuTUyGVr8Y9eEgL75VA4JEThLGSd7nw9QJSs
edbiwW5zV/j/sr+ynflHv97QnXCLHxoPJqnQnxMLl0E
-> ssh-ed25519 grc4Uw b9BxvDAFU9tIHoujY/scPVQ4uwrj+5eEDmxXNmzOHjg
fRy3YJk+l/2khO3U/38bF+M+c41W1mQUlRJ85D4e8DY
-> ssh-ed25519 CJl5MQ 2C+ipkjQkLzpypr40L8G2H1qgQCNm9jYTTAUR/+m4Uo
zbnzsLEZg1NMV63V66RbyKmPo37Ud8djb1074t77wc8
-> [-grease Ihg*p WU.7s?UM R,Iyuqy}
yj4NDfJn0E8kP0XdnIiTkmiA3NGcvZoYFM/uXOOIKCdajq3vY7gdgxyn9RiMQZoi
jgdoEbXrgRdEaxt9h31flQRFa72BIvi8ha8hxaCEAarwGQ
--- kjXO5aCKHjk2+BSSFvNdB/b9Avpw6z/KNA51Zs7kZ7Y
…3Æn_Ÿ`Ÿ€~â|ì͵xÎoú80Xá¾BRÃÙ ã!|\r;@_ÁÀ¹T«†U“6!˜Ýq/)7“
<EFBFBD>þHr2ÀÓÉ&‡DPŒxJê0Ò§·j°ít.*ôüR5~ŒÎT=qúÒÔˆm«þ죴r8Vg<56>®=3h

11
secrets/lan/nibylandia-ddns-kea.age Normal file
View File

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 kY4Rgg zF0Gy00g+A652+c4MKe5GFlewtlUMjpLLzODkT1HNBw
KoG7CzBBLuTYaPc42+cx/IwDe0WHEwdW7BZD950qx9k
-> ssh-ed25519 grc4Uw oi34sgBlxzAvBNvRnPoNys03fYlQPtGaN521dHQKlyA
AEclTFw+LElZMNng0+ezmB06vmqlIxrhZ5Ug7lO0K2Y
-> ssh-ed25519 CJl5MQ IGMoyGOVqyoczmGdDUrHcQF3zqbKQXESlrg2HkJklls
iH0PiadiTgwEtjf2L1Ry2MCFFxhvb9LFr/eFKJA+M+4
-> YCy8T-grease 2K|TYGy| ?++k:
jzDT2sSDmnozZA0Prkr6cYgVou+09UwXc9H4KBNOlQ
--- SjezupwORSDfiv2pPCKzoNGfolICCAd7eLNOmCRuuq4
øß.3~M%4`©7 ?ùjòdzÁ¹ç­l†f˜%byÉŽ&Øž…[–—ûÅãa˜<77>dž¿òV;,»Ç´5[SM¬Q™âu…¸:VÖÓg—Œبoz ýsb_[–Ø;UÚ…$´}¥´‚%

13
secrets/mail/apo.age Normal file
View File

@ -0,0 +1,13 @@
age-encryption.org/v1
-> ssh-ed25519 kY4Rgg N+m6p/zttdGnIbdBfTRIEBuQvAquREmfs8RwDTnROAY
Q5ROKDJmForW63J5UVu4Qf2TagKisGX4PcMaIVx1K7w
-> ssh-ed25519 grc4Uw aSbKCbiCwnipGPVt5dcbCNNBeILtEnAB6Vkfq9LvdEY
biHvwNpy7waPMuOQ4TE2mI+iOzROupSqkZINBi7l5/w
-> ssh-ed25519 DLT88w Qa4VLSyBQRboqa68kVtqnGb7wEH9oyulEheaYXzl2ws
jyDSxSQbzNVJIWsoJIoO3zVpPHy6RWNzPC5IhB5z0tk
-> z-TKn-grease DO*%z p1C
LUYpx4GSo0pNIT9gW8id1xBZWsJ3iJxhwHxSLg/kQS3KBAJO5uqgd8jnTg4TwGeM
NSP31qORZHU
--- AbYdv5y7vwe3ONItmV9Fb73/NeTpZd2kBxpu/msW+50
X3ó€ÍMť;Á6h·ŠµQŢŽ<C5A2>ńĐ=´;<3B>ú#šŰu3WÍPÜw§Ľ˘Ś
?gYÍ4⯨uu<75>`[ťHű8ś°˝—ű7ĘZţ$Ť>ĘĽx»Očre

BIN
secrets/mail/ar.age Normal file
View File

Binary file not shown.

BIN
secrets/mail/enki.age Normal file
View File

Binary file not shown.

11
secrets/mail/keycloak.age Normal file
View File

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 kY4Rgg jevSd+xpTihquLhBQlcSodrwCYiqqYykFtZsfx/MUXE
RdgFHkHiuO/jrEwVijQeRgGPOFMd2cm4YUonkmBaGBQ
-> ssh-ed25519 grc4Uw YaLvY+KF1YTLADjqJIyCavdSO6c/gvg3q8CXPOW4d3g
63dNEGm9HJcg535UmRJSRimPtXttLct0Zs+DRIBO3Io
-> ssh-ed25519 DLT88w efd8g7rCIcAPeukRiVnILPb0zFEznT2Nv8Cnc1VO+Wo
WTSoEuZFsZ0DgefTGievPY2SLshaqCeb6kCGUtiMx/g
-> }&NC]H8U-grease {r]Y~F0 -_ .
5MS38QETyaJdLuwR6FB08TJXIwnw7OdRn/31H4BDU0x7
--- dtnnxW2bXOIVUhSjC0j/1mkEfaMqbv3Nz/9Trpx0Xbc
ѳhuÄG¶^PœÌx”…²NæíÉEkRê+õöÑA†[ŒgÄ õsTÉO<C389>Ž\vü¨ûÒ¦½BÄÂÞŽ÷jbd¾ë— ŠÅϖ̹.ËrÙyˆ—=öÆdS4ùÆ

BIN
secrets/mail/keycloakPlain.age Normal file
View File

Binary file not shown.

13
secrets/mail/madargon.age Normal file
View File

@ -0,0 +1,13 @@
age-encryption.org/v1
-> ssh-ed25519 kY4Rgg zc5A1eT8+ifTb1n4gpadYq6+aMypeBuzeJFH7n8GNFg
czVB29wtzF3exwjggcEDPRSEYtRlK7CPhumLqfsKZhM
-> ssh-ed25519 grc4Uw /t8+HAAwOJltUG6vS0lSrFavTfODeBZdxdj9sqIP6WI
W4qQblzB//Ecwx1EIAYiBxQ2MXfqinN5ho8KO1J2Exw
-> ssh-ed25519 DLT88w 3kNAE5a8AlH49YoNk/yA/64vtQb5Mr4v9wjQYv22Ehs
gP/nL9QGVCYjj0tvJ4peysdTq1CBIpLhMn0R4q74IqU
-> s6-grease &\RtW e6.Ke,J9
fNZ0mgTK73JZDkZs5+oEQTFgptk7WNY+EwBSLOHe7iyPUsKUR76+P58vKFrcfMSw
vNpqP7fm0OI/fHYMTtyx8w8E+Y7t0URG
--- 4Xe1V66nBtt7+j2hOmmVCL3UHT58oie44PjssufEKws
ÄÛ Æ:Êgz|žNJ<i".|U ÿŒ<C3BF>…•Ö
ç¦~œ$P Œ¼%R¸èþè•}ë„q,p& <09>¡j¸]¢b €Í’~ÿ}¿Ênú³K¿³IJŽvƒ<76>ªØ

11
secrets/mail/mastodon.age Normal file
View File

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 kY4Rgg nmFe1Q8A/S76A5Z9vrh4K5dJM890o2mwEEBfSqG8dCw
7LmDmA/ANLSXC6VKc4LDQS99vv9i6wCP1OVANGCo/sI
-> ssh-ed25519 grc4Uw bz2beS+8USpFvN/Re4H/DYgwtsBW3NYHM3jGS0zu0Wk
Al6tJld1jEXh82DEKvyab9ocA8Dbfm+QYmPniwN9gCw
-> ssh-ed25519 DLT88w JRFKPOnkZZcubjOI/IPjfOGxI2cjZ589c8IdKz7Ehz0
UbIgpFdzvIHSAyrIxCeTNn9vQ1De81rywseR09Fo2f8
-> ,I}P,-grease Ym 45hJJc j9wn3;kp
GesmMGltPhQ/oM6ViCWYxB4+ULTCP4WNQXlv
--- hQh4YEIVtBGHOtZjk77kAlggMFmh5Si2u5C3OviDDPw
ü¦%:c<>ƒFÆzO 1ìˆaŽ„~§˜Òʇê_*$[~Ù„Ü“}pàß¼op˜8»“ì4#uÅ éî¡~÷$éäY¿Ð´¹ñÜÝè¯ämKøYÆg“Ïe¸

12
secrets/mail/mastodonPlain.age Normal file
View File

@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 kY4Rgg EaXiOW4rgkC/TDg8dxvY4BcmVF4tMDzk5oXr3N7JJQU
aNOtg/ny/x5SR5DAUBmM7T+nzdxV1wBbgF2vXICm8ys
-> ssh-ed25519 grc4Uw Q6K4N8fRAZrG6jAHM6GRKUOdgv2nA2iyp+m7D7v3S3w
u3lvKekoO1TNdd3p1dS+BLvOrOvUGRvSNORPcPsy/EY
-> ssh-ed25519 DLT88w x7yNe8dYkHlMMXGO/dty3LK5gGahvIHPW2olVB3sSlw
AnNgJLJPfxkzcZGwjrtW4F60z9Jc2ei/gNScaEx4mng
-> (Z1-grease Seh@;cP
zBeGZGCFTkA0DlMEGfbxntjVqP6HJEaWD3Gjf1mxOIcKuBb23FrBcgL1U/0dsXSE
h1hsT6NMskKdLcDulprc96tuGve/gAoifQ
--- WB8mYOcUNKQd4ALi7FhazPbYHS5OjTTyTGmE1BuKGxE
¶Øƒî–!“öôÀ˜ ÎÉÉClðzÃ~…µÙÑaéx :2û<08>˜ kø`˜Ò7â²?l>ÕÒõ\©

11
secrets/mail/matrix.age Normal file
View File

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 kY4Rgg ztEokBJ3yjBiGZI8gPi95D7Ktr3JGkLLt0KTDrnZJ0Q
8N/TnwM/JYzO0JX5etl0K9irG3BdbhVdiEQ6XpUmESI
-> ssh-ed25519 grc4Uw vGO9wZ5nQ7n72H5JLfzBqt58KYPcyOA+4dGiY4U1ay8
S+ItwCRDrbtt3iC4JtcrkxDaWK1QY8PknMUgm5v1NaM
-> ssh-ed25519 DLT88w sJg7S7AFrQm0oNQJ8dDq0ZbqGL4SL3nVtGvNt+Gx/1A
Rzf0vMw05PVvktceCPRZFqCaPUdM4mXJknLKaZiU7K4
-> NLrA~@-grease :(KZ28
b/ap2+msrvg8ST0+OEBSGwnqvP450HaiH+yRhEJz/k69fyM7QM4
--- VLf28ysvKqN1YemvsQRYz18oEBWUtsBRhIkprFTZaC4
ûÚ(ÙkÝf9ØeãtÜîòŠy0:îeYm‰|=lC_G «‚÷hjzåŸÓ bXù‰0wæþâd¹ýKÕ·ß!SÅ¡Ë<C2A1>Ãò˜4Sˆ‰ÂкP©ÿÝw#n

12
secrets/mail/vaultwarden.age Normal file
View File

@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 kY4Rgg /xLFl1s1QHYOBtXbG+pAD3kdljp6PYyZ4ZeiB55Rqz4
BjESbqD4WEmoj+nLwXrtHI12LXOPt1Paa4ZNkzSi5/M
-> ssh-ed25519 grc4Uw PSzuUvFw+kfU+LXm5JTttX5d4STQ5NbGjoNFR/8FYHo
/i+5AI59JJ4n427NN+yZ1OqFbF6XZFps6IdD7280gUE
-> ssh-ed25519 DLT88w cVgmgyXx7HyMf8FsVUQH2FRABEFVgnm1P6ITIYeOnEw
2l2Pr0Rtp/ohPaTH/V5RR1jwr/j9MmL7svwMjJIndXk
-> Dm-grease `NL%8ot
Jqvm4DqVlRcsExeXS8fhRo/1Zgza/AqcQH21nAjty4/AFEhjkl44Zsx8K0Nooagf
nPEMN8TdDaAZOlhAsnI+spYh7qIIMLssqC9UgfTbXHtjBhc
--- TlY/OpjrwdXQzNIRkNzEcy6Rftd4+LDDN7VedCrJs6w
¦Ã<EFBFBD>ÚO¨C¿=UêûЊTmÉ3Þ½Ò€@A©.b\×P<C397>¾Ÿ7`§G81>⊀º•³€Ü<01>Ä”,™Ÿ»Åȃ¯4%a­<7F>{:ð±É6Í/v†üÆlÍ2›Ï<j

12
secrets/mail/vaultwardenPlain.age Normal file
View File

@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 kY4Rgg H2bRjZgBqNjr/lB7nGhttRS5+TDqQDdCEMzaUAB+CnA
eLhUYk3iJbqTd+MDUyIAr4hHQsyA95mQhNVabonGvrE
-> ssh-ed25519 grc4Uw yoE0H5dPlzyNu8Fysxf/aw9eCRWtTBxN4U72KCwfvRI
NM8BvnqwnOblcwByE8P8jvXt4DQ9blhzRNn39ZD4jCc
-> ssh-ed25519 DLT88w C6yHb30SPUKVfnBWEBqT1qZuomYNftZrkRH2dyXPjlg
1KGDzd7kvBCAjrO/cw7cIgao5psDJKHol5eH5rzriHU
-> Pcg-grease T5Dl'6?) 4|[; .M]\z(7Y
WbkBRL0MdYxfj25Dzn9ZBAKhfR2QZs8RpMlEv+lg6RW4H3P7zp2xRcuyVwE8kyVB
nRp/qqW+PiHZJqfy
--- cAcFa0wjnhP70bLXBFHMsxhOfm+q3i+Vl5ZoBjEqMPo
”àª@G½Û%ìZÑ{Dèî¿Ý“ÒúÌŸ÷% ¬°Ô:!l‡<§HVQ?eK(ú—¡$Ûô×xxÞözôÚ˜9œÊ^y(/ÈÿÍÈŽ‹>§

BIN
secrets/miniflux.age Normal file
View File

Binary file not shown.

BIN
secrets/nextCloudAdmin.age Normal file
View File

Binary file not shown.

11
secrets/nextCloudExporter.age Normal file
View File

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 kY4Rgg JBaQTCttZJeeO5xNkeImjNgnlaG4F3SBVGfeywU+HhU
M2ySbFs6kIIoh9hT6lWVjwmVSdrxUZzncfoupqY5o3E
-> ssh-ed25519 grc4Uw 5fsEOZeC3S4oW2YkGWDMIvzysjrwtie3N1p4z8EyWgo
SNEzpOPR6FEs6jnqjMSnmKsQx01lLeMDMIqjazWBX+M
-> ssh-ed25519 DLT88w lNu1jhfhq1i+rWI8XzNUFvBYnRRDtBDwh5GbsHr8wGY
9czhGyr0F90mIac7KkGp5ZUbkDExFYKNuSvd+M2uM7E
-> (-grease 5_}HQ2\ <^\ JqmV&2! 8c8V^&
JxnyTg
--- xkMLA4q/tdFFoJbKDPEt0+FPcGMr67A7GJhVyi0IyRU
Yˆ 84 ç)•í:4‰Ý9+6¾%]õåH·rÖ\®?ÀÉé©<ßRD>kÙËÍ3”ŸhÌu>`:O`¢Uß

11
secrets/norkclubMinecraftRestic.age Normal file
View File

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 kY4Rgg 1NxvcBpgpuRaIUgr0tRxKI2FjckkZ3TpuW8wtgJvFCQ
B+tlhpt6KX01Rvr1UdyXCsPQac29VJmtJcMjDtkaLH8
-> ssh-ed25519 grc4Uw J3YduQ6qneo5ps+XIRCdz130l9WYse4pKv7mLR3qXVo
waXFEcqG2bz3tDw52sAcX2a3iysAIA4BdJhgmAXFfFs
-> ssh-ed25519 DLT88w /+O7Ee5XB+J/XljNecHYrofBT/146xgN30se+5n9kiI
B1bCf+qp5erlqhJZwVSdJmnS7FWDzqn5QzuSSNaKUZY
-> C)-grease ^)h86 sg +|53Up|
hw
--- rAcNSK2oDkJTGy90pmTlPoHPlPqsdRBN7mjCvBBMyDE
²e$ù ¯Î«^R÷yÉ(—.¯$Ʀ+Îhc.„Zó¸ Î_ˆ©ÉÆ) £v<C2A3>¸Œm!61ƪ€„º3Vó4÷Œéîs{7HJ<4A>2ûs™

15
secrets/stuffAuth.age Normal file
View File

@ -0,0 +1,15 @@
age-encryption.org/v1
-> ssh-ed25519 kY4Rgg 1+JwdUharfaJD1nJpaHA//Dg1gEaRBHV57hE72aq3Eg
VajdnXMIjwBT9gvCMriDweLpXxWp2RHSYkAR/E+6cq4
-> ssh-ed25519 grc4Uw Uy3lVLmSn8Oq3opvluhVFCTZ9uJaE5s+jfC49fORnmc
GHp26W1qINiS49EEwi9qnSVidmymB3qoKivrwAbTWho
-> ssh-ed25519 yqUwfA 6qRcvIAjTmR9XdFIBSZrvWpdnKt2rRyJDdT7vj9lH1g
xzuXNuuexvwKDR04nu7+2spb9aTBZgeZ78Wg4Pmp8ig
-> w9fNc-grease Q
6h4uQx5MvCiJ2jK/xbsuuZ5uv1QcmhsKX5vKozRrNmeV1dZ3hZ1cT2tikIwqnvgd
7V23AA
--- oS+cT6EMUSIfciyC6aQI4ztRG45pX4XumZwMPMyjGAA
ŽÃu
,µ~èŠìq8Y<38>³Ú\><u_ïÄwçô[¿§HkäÚ(Ë<>ªV°á¢Ÿš´¾ì¤ë—/ØøBv5— g]І9±õ¦·t3=æ wž¶™¸K«ÙŒ ™WbŽÆ«Ø•H^óÒ1Àõ'ÈÂÀ-#ÿU>X‡}ûƒ
úoxV
ÅlÍ^me©ùzÑœc<C593>×½æIUZÒ®ÍÛ¾€@æ${q

BIN
secrets/wg/dn42_w1kl4s_scylla.age Normal file
View File

Binary file not shown.

12
secrets/wg/nibylandia_scylla.age Normal file
View File

@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 kY4Rgg bR8KafskOapw+hVVL7cvGL+Yo4/LVRjkxreOuk0+x3M
+nkeESR6bxupeM0SzArzxZHNDfU/Wk0Iwa+3D+YUiP8
-> ssh-ed25519 grc4Uw zvAs9zeYbmcOpny5BF5LxZbJyKp8YLwX7rJHpJl5V04
U4E31RGk0GVokms55vNWj+09PJ13F1LYe1fMRN0Dw6Q
-> ssh-ed25519 CJl5MQ Y4WWqfVPc7U0msy8sfj2YItiHN+SiknYCVtHaDGm0Vs
yfbQffAiurHXti+aBWLda/Llpif/xESQ+ErOHUod/RI
-> OTC@(-grease 1kqN
vmMUj1jYd+fNxtmco5Wzgwtp/3nY3EUBZaJvcSfPFNmdwyojA1dhcOWBrwb+nDRo
b4w
--- yZsbIumupuUO9M8dKNKNctu+Jfk/uWyitKgGHbZ3YYU
Ok}¦UîM¢òá]»Ïm.rØÌÝÇŽj}äà5ë‰èæ§y iÿ{/ÇÏd_”<E2809D>²ºQx´>d̓6;hƒ5׳ÆWy-

11
secrets/wg/nibylandia_zorigami.age Normal file
View File

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 kY4Rgg 0QeKtNrwnKpIUmW9iDmuB6IUpgB6soQdFtcKqzaqVmQ
qIS4THj372+x9weQ5Eg1Ny86rCQdX59dRt8gbT7Dikc
-> ssh-ed25519 grc4Uw qAQm3nt/EJFC3bBWu9TJr4fw/Hz9rJ5M0XqkPkOVbTQ
8fXxdfaQL0w5fHqXBjwQn2TH0d6gi22tpfnEGg9Wy/g
-> ssh-ed25519 DLT88w zj9Bz1zV62qR2BO06vqWiRsrFo0ZHFQG0GFeOd+LtEo
uaoeX9B49FM0e+PeCuQCwyEELS77Wgh0UCjF/LvvdvU
-> iM$1zll-grease Ci QSha %&W$S4ht
n7C4vau7H0ImU0fL5wzMPt7xkBaugRw2DuWtQG+eHRd86xGVmUw
--- I8S0mavxA+OhtttjAfJSxGD5dzoOqrd0aTqxt0RUJXg
Æd&ø8¹Ò'²Úí®Ý­Æu¸Ê×béÞ=ì]ê·ó¡óœ;i¡âÆçð'”2- Ý<>©)Ƹ„,Ž)bºÐÅÐ<C385>ã£Âƒ