Move server!
This commit is contained in:
parent
9f8e9ddccc
commit
6eb7b95b12
GPG key ID:
7306B3D3C3AD6E51
|
|
@ -1,9 +1,18 @@
|
||||||
keys:
|
keys:
|
||||||
- &admin_macbook_m1 age169v95f5fqx0sg5mjpp63sumrj9sma9se203ra2c05qa67h2h2drs3tvdph
|
- &admin_macbook_m1 age169v95f5fqx0sg5mjpp63sumrj9sma9se203ra2c05qa67h2h2drs3tvdph
|
||||||
- &machine_macbook_m1 age10dd4t507h3ey68l2alu7z94s5lw0kshjq9lre5sv2vehrm9hg4rqk2let7
|
- &machine_macbook_m1 age10dd4t507h3ey68l2alu7z94s5lw0kshjq9lre5sv2vehrm9hg4rqk2let7
|
||||||
|
- &nki_pc age1hw22lrsskyvsrwgq9kl48eekwyzgnwt57pe9d9zx3q9xrwyrte4qgvft78
|
||||||
|
- &nkagami_main age1n8tnmmgredzltzwkspag7aufhrn6034ny8ysjeulhkwdnf7vqqaqec4mg5
|
||||||
|
- &nkagami_do age1z2h24mjt80fryqupajkh3kg5r4sjgw65uqy489xeqxhqj8u2a9fsm3ff36
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: kagami-air-m1/secrets\.yaml$
|
- path_regex: kagami-air-m1/secrets\.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *admin_macbook_m1
|
- *admin_macbook_m1
|
||||||
- *machine_macbook_m1
|
- *machine_macbook_m1
|
||||||
|
- path_regex: nki-personal-do/secrets/secrets\.yaml$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *nki_pc
|
||||||
|
- *nkagami_main
|
||||||
|
- *nkagami_do
|
||||||
|
|
|
||||||
10
flake.lock
10
flake.lock
|
|
@ -500,11 +500,11 @@
|
||||||
"flake-utils": "flake-utils_3"
|
"flake-utils": "flake-utils_3"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1666006086,
|
"lastModified": 1669915544,
|
||||||
"narHash": "sha256-wjrQ9ngadZwfbz2o+iiNQvOTuRYS06Ate9FCXQEv94I=",
|
"narHash": "sha256-wByoZ+HWXo7L9QyUefMhe26IUUeFGtffG6v/AL31neo=",
|
||||||
"ref": "master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "333e5e06c0f40dab2c6f9556a6ea09f44971561b",
|
"rev": "9142ca82ec1e9a6e1314d2727cdc15db30c94c14",
|
||||||
"revCount": 3,
|
"revCount": 4,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "ssh://git@github.com/natsukagami/nix-deploy-secrets"
|
"url": "ssh://git@github.com/natsukagami/nix-deploy-secrets"
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -182,10 +182,10 @@ in
|
||||||
}
|
}
|
||||||
mx_auth {
|
mx_auth {
|
||||||
dane
|
dane
|
||||||
mtasts {
|
# mtasts {
|
||||||
cache fs
|
# cache fs
|
||||||
fs_dir mtasts_cache/
|
# fs_dir mtasts_cache/
|
||||||
}
|
# }
|
||||||
local_policy {
|
local_policy {
|
||||||
min_tls_level encrypted
|
min_tls_level encrypted
|
||||||
min_mx_level none
|
min_mx_level none
|
||||||
|
|
|
||||||
|
|
@ -41,7 +41,7 @@
|
||||||
|
|
||||||
# Secret management
|
# Secret management
|
||||||
sops.defaultSopsFile = ./secrets/secrets.yaml;
|
sops.defaultSopsFile = ./secrets/secrets.yaml;
|
||||||
sops.age.sshKeyPaths = [ "/root/.ssh/id_ed25519" ];
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
|
||||||
# tinc
|
# tinc
|
||||||
services.my-tinc.enable = true;
|
services.my-tinc.enable = true;
|
||||||
|
|
@ -75,7 +75,7 @@
|
||||||
cloud.mail = {
|
cloud.mail = {
|
||||||
enable = true;
|
enable = true;
|
||||||
debug = true;
|
debug = true;
|
||||||
local_ip = (builtins.elemAt config.networking.interfaces.eth0.ipv4.addresses 0).address;
|
# local_ip = (builtins.elemAt config.networking.interfaces.eth0.ipv4.addresses 0).address;
|
||||||
tls.certFile = "${config.cloud.traefik.certsDumper.destination}/${config.cloud.mail.hostname}/certificate.crt";
|
tls.certFile = "${config.cloud.traefik.certsDumper.destination}/${config.cloud.mail.hostname}/certificate.crt";
|
||||||
tls.keyFile = "${config.cloud.traefik.certsDumper.destination}/${config.cloud.mail.hostname}/privatekey.key";
|
tls.keyFile = "${config.cloud.traefik.certsDumper.destination}/${config.cloud.mail.hostname}/privatekey.key";
|
||||||
usersFile = config.sops.secrets.mail-users.path;
|
usersFile = config.sops.secrets.mail-users.path;
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,10 @@
|
||||||
{ modulesPath, ... }:
|
{ modulesPath, ... }:
|
||||||
{
|
{
|
||||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||||
boot.loader.grub.device = "/dev/vda";
|
boot.loader.grub.device = "/dev/sda";
|
||||||
|
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
|
||||||
boot.initrd.kernelModules = [ "nvme" ];
|
boot.initrd.kernelModules = [ "nvme" ];
|
||||||
fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; };
|
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
|
||||||
|
|
||||||
# swap
|
# swap
|
||||||
swapDevices = [{ device = "/var/swapfile"; }];
|
swapDevices = [{ device = "/var/swapfile"; size = 2 * 1024; }];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1 +1,2 @@
|
||||||
age1z2h24mjt80fryqupajkh3kg5r4sjgw65uqy489xeqxhqj8u2a9fsm3ff36
|
age1z2h24mjt80fryqupajkh3kg5r4sjgw65uqy489xeqxhqj8u2a9fsm3ff36
|
||||||
|
age1n8tnmmgredzltzwkspag7aufhrn6034ny8ysjeulhkwdnf7vqqaqec4mg5
|
||||||
|
|
|
||||||
|
|
@ -12,14 +12,32 @@ sops:
|
||||||
azure_kv: []
|
azure_kv: []
|
||||||
hc_vault: []
|
hc_vault: []
|
||||||
age:
|
age:
|
||||||
|
- recipient: age1hw22lrsskyvsrwgq9kl48eekwyzgnwt57pe9d9zx3q9xrwyrte4qgvft78
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3NHY2Y0lsVFViMHBTUHRp
|
||||||
|
L2RROGV3OGhSZGVmRnJTZWlZNVJVMFJ4N2hzCllXRXg3bTBjZFBvM3FPRlhBbkRu
|
||||||
|
VWR1UkFKUmJhT25OUWQ1aXJiRkhkV2sKLS0tIEF1Zkp0bUFsTGFaMjFYTUNNYmFx
|
||||||
|
N2RGSHpTajRuV3JEcElkN0VZdCtrczgKbpjSE6pSDD/bIa6he0sfH9dE74Z5ZpTG
|
||||||
|
DmPwclKkBarbCY50w1U4crHkhwICkHKNX0K1YwAdwuXBsgGEEJsPug==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1n8tnmmgredzltzwkspag7aufhrn6034ny8ysjeulhkwdnf7vqqaqec4mg5
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVWVZMm53L3ViaWhwZVFD
|
||||||
|
bWhwUDFaVmp4VE1IanFkeUIrYmxnS3IrZ0VNCnFicjJVamxDTmJ4VWVFRmYyUmRV
|
||||||
|
OW50RlRlN3pzK3VZbko4dkN1QklnMncKLS0tIG55Zi95dTl1akFQczNlbFY2Nmt1
|
||||||
|
VUJWS09UMU9PS3pnL01zR05Id01wVXcK15My8g1eqxq89XxrBs5uCIxX6qTq/HEK
|
||||||
|
pJRrUlz9VEsbvi2Lr2SfQT84ouNc0nk6/8qlzmJUNAktydw5VCyDug==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1z2h24mjt80fryqupajkh3kg5r4sjgw65uqy489xeqxhqj8u2a9fsm3ff36
|
- recipient: age1z2h24mjt80fryqupajkh3kg5r4sjgw65uqy489xeqxhqj8u2a9fsm3ff36
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2eUo1WjJtdDhzWjFrM3Rm
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBob0N3bk91S3JSOGxqQm5J
|
||||||
QkovcmoxdjNsMXdyaVZiNFhZZGlqOUMvcEJ3Ckk3TnJzNDVBWVFTNUd5RXhlcDU5
|
YnJlMjZEL2ppamdkM2lyZXNvOEozWGJXSUVzCmxnbldrNVZLSWt4TnJveEg4ZGpO
|
||||||
Y2xmdmVjYUZRMXF1Y1RZZDZGMXM3NDgKLS0tIGdreURjTFVxSWQ5ODJPQlpySWxY
|
bENvWG5VV1FRTUtLaDV5Y3FsQmVFOGcKLS0tIFd3WTZ6bTF1WW5TRFJwckN3dERQ
|
||||||
NUovcTZlOVpyTm5WWGkyUmdLRUVpcmMK1YIwNE/5avvplxqtUFs1JZn7f2AuTzyR
|
U1V2ZGozMWc3NzJMamgwbXB6dE4vME0Kxw2aeENkO0hg0bvpshoI1rMbw8T6LpXf
|
||||||
lRtXUm8InT5GwV50Ot6FLdai5aVxpicafduH/J5RSAXqL8LssQi7HA==
|
n1bnkmfCSE2V5JlI7z6jvuW/6C7bo6RDbbmLOA8dbF4sVTbnymsqsw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2022-10-17T11:49:07Z"
|
lastmodified: "2022-10-17T11:49:07Z"
|
||||||
mac: ENC[AES256_GCM,data:T2fDMcgfP+CVO3UyPhE2LnwZrCjnQfyxIAYE/L3kANAf6+dW7p3NsWvV6N9K39sdDKJ1ZWa239efCcFIRwiE91vbuTZQAudfP9pDvRAo2TfWis0PhB32S3Vs2e1MGQiYyEtPzLuLOGzDldUEexQfiUCpWd1NGGvpE3Fo378QCig=,iv:fSwa5xmasrNlQkaBL0kcJK3NjhLnRH6txlzhPW8LlMc=,tag:xWuajzQ1F3HWXXRJfFS8fg==,type:str]
|
mac: ENC[AES256_GCM,data:T2fDMcgfP+CVO3UyPhE2LnwZrCjnQfyxIAYE/L3kANAf6+dW7p3NsWvV6N9K39sdDKJ1ZWa239efCcFIRwiE91vbuTZQAudfP9pDvRAo2TfWis0PhB32S3Vs2e1MGQiYyEtPzLuLOGzDldUEexQfiUCpWd1NGGvpE3Fo378QCig=,iv:fSwa5xmasrNlQkaBL0kcJK3NjhLnRH6txlzhPW8LlMc=,tag:xWuajzQ1F3HWXXRJfFS8fg==,type:str]
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue