Move server!
This commit is contained in:
parent
9f8e9ddccc
commit
6eb7b95b12
GPG key ID:
7306B3D3C3AD6E51
|
|
@ -1,9 +1,18 @@
|
|||
keys:
|
||||
- &admin_macbook_m1 age169v95f5fqx0sg5mjpp63sumrj9sma9se203ra2c05qa67h2h2drs3tvdph
|
||||
- &machine_macbook_m1 age10dd4t507h3ey68l2alu7z94s5lw0kshjq9lre5sv2vehrm9hg4rqk2let7
|
||||
- &nki_pc age1hw22lrsskyvsrwgq9kl48eekwyzgnwt57pe9d9zx3q9xrwyrte4qgvft78
|
||||
- &nkagami_main age1n8tnmmgredzltzwkspag7aufhrn6034ny8ysjeulhkwdnf7vqqaqec4mg5
|
||||
- &nkagami_do age1z2h24mjt80fryqupajkh3kg5r4sjgw65uqy489xeqxhqj8u2a9fsm3ff36
|
||||
creation_rules:
|
||||
- path_regex: kagami-air-m1/secrets\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *admin_macbook_m1
|
||||
- *machine_macbook_m1
|
||||
- path_regex: nki-personal-do/secrets/secrets\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *nki_pc
|
||||
- *nkagami_main
|
||||
- *nkagami_do
|
||||
|
|
|
|||
10
flake.lock
10
flake.lock
|
|
@ -500,11 +500,11 @@
|
|||
"flake-utils": "flake-utils_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1666006086,
|
||||
"narHash": "sha256-wjrQ9ngadZwfbz2o+iiNQvOTuRYS06Ate9FCXQEv94I=",
|
||||
"ref": "master",
|
||||
"rev": "333e5e06c0f40dab2c6f9556a6ea09f44971561b",
|
||||
"revCount": 3,
|
||||
"lastModified": 1669915544,
|
||||
"narHash": "sha256-wByoZ+HWXo7L9QyUefMhe26IUUeFGtffG6v/AL31neo=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "9142ca82ec1e9a6e1314d2727cdc15db30c94c14",
|
||||
"revCount": 4,
|
||||
"type": "git",
|
||||
"url": "ssh://git@github.com/natsukagami/nix-deploy-secrets"
|
||||
},
|
||||
|
|
|
|||
|
|
@ -182,10 +182,10 @@ in
|
|||
}
|
||||
mx_auth {
|
||||
dane
|
||||
mtasts {
|
||||
cache fs
|
||||
fs_dir mtasts_cache/
|
||||
}
|
||||
# mtasts {
|
||||
# cache fs
|
||||
# fs_dir mtasts_cache/
|
||||
# }
|
||||
local_policy {
|
||||
min_tls_level encrypted
|
||||
min_mx_level none
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@
|
|||
|
||||
# Secret management
|
||||
sops.defaultSopsFile = ./secrets/secrets.yaml;
|
||||
sops.age.sshKeyPaths = [ "/root/.ssh/id_ed25519" ];
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
|
||||
# tinc
|
||||
services.my-tinc.enable = true;
|
||||
|
|
@ -75,7 +75,7 @@
|
|||
cloud.mail = {
|
||||
enable = true;
|
||||
debug = true;
|
||||
local_ip = (builtins.elemAt config.networking.interfaces.eth0.ipv4.addresses 0).address;
|
||||
# local_ip = (builtins.elemAt config.networking.interfaces.eth0.ipv4.addresses 0).address;
|
||||
tls.certFile = "${config.cloud.traefik.certsDumper.destination}/${config.cloud.mail.hostname}/certificate.crt";
|
||||
tls.keyFile = "${config.cloud.traefik.certsDumper.destination}/${config.cloud.mail.hostname}/privatekey.key";
|
||||
usersFile = config.sops.secrets.mail-users.path;
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
{ modulesPath, ... }:
|
||||
{
|
||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||
boot.loader.grub.device = "/dev/vda";
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
|
||||
boot.initrd.kernelModules = [ "nvme" ];
|
||||
fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; };
|
||||
|
||||
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
|
||||
# swap
|
||||
swapDevices = [{ device = "/var/swapfile"; }];
|
||||
swapDevices = [{ device = "/var/swapfile"; size = 2 * 1024; }];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1 +1,2 @@
|
|||
age1z2h24mjt80fryqupajkh3kg5r4sjgw65uqy489xeqxhqj8u2a9fsm3ff36
|
||||
age1n8tnmmgredzltzwkspag7aufhrn6034ny8ysjeulhkwdnf7vqqaqec4mg5
|
||||
|
|
|
|||
|
|
@ -12,14 +12,32 @@ sops:
|
|||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1hw22lrsskyvsrwgq9kl48eekwyzgnwt57pe9d9zx3q9xrwyrte4qgvft78
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3NHY2Y0lsVFViMHBTUHRp
|
||||
L2RROGV3OGhSZGVmRnJTZWlZNVJVMFJ4N2hzCllXRXg3bTBjZFBvM3FPRlhBbkRu
|
||||
VWR1UkFKUmJhT25OUWQ1aXJiRkhkV2sKLS0tIEF1Zkp0bUFsTGFaMjFYTUNNYmFx
|
||||
N2RGSHpTajRuV3JEcElkN0VZdCtrczgKbpjSE6pSDD/bIa6he0sfH9dE74Z5ZpTG
|
||||
DmPwclKkBarbCY50w1U4crHkhwICkHKNX0K1YwAdwuXBsgGEEJsPug==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1n8tnmmgredzltzwkspag7aufhrn6034ny8ysjeulhkwdnf7vqqaqec4mg5
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVWVZMm53L3ViaWhwZVFD
|
||||
bWhwUDFaVmp4VE1IanFkeUIrYmxnS3IrZ0VNCnFicjJVamxDTmJ4VWVFRmYyUmRV
|
||||
OW50RlRlN3pzK3VZbko4dkN1QklnMncKLS0tIG55Zi95dTl1akFQczNlbFY2Nmt1
|
||||
VUJWS09UMU9PS3pnL01zR05Id01wVXcK15My8g1eqxq89XxrBs5uCIxX6qTq/HEK
|
||||
pJRrUlz9VEsbvi2Lr2SfQT84ouNc0nk6/8qlzmJUNAktydw5VCyDug==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1z2h24mjt80fryqupajkh3kg5r4sjgw65uqy489xeqxhqj8u2a9fsm3ff36
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2eUo1WjJtdDhzWjFrM3Rm
|
||||
QkovcmoxdjNsMXdyaVZiNFhZZGlqOUMvcEJ3Ckk3TnJzNDVBWVFTNUd5RXhlcDU5
|
||||
Y2xmdmVjYUZRMXF1Y1RZZDZGMXM3NDgKLS0tIGdreURjTFVxSWQ5ODJPQlpySWxY
|
||||
NUovcTZlOVpyTm5WWGkyUmdLRUVpcmMK1YIwNE/5avvplxqtUFs1JZn7f2AuTzyR
|
||||
lRtXUm8InT5GwV50Ot6FLdai5aVxpicafduH/J5RSAXqL8LssQi7HA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBob0N3bk91S3JSOGxqQm5J
|
||||
YnJlMjZEL2ppamdkM2lyZXNvOEozWGJXSUVzCmxnbldrNVZLSWt4TnJveEg4ZGpO
|
||||
bENvWG5VV1FRTUtLaDV5Y3FsQmVFOGcKLS0tIFd3WTZ6bTF1WW5TRFJwckN3dERQ
|
||||
U1V2ZGozMWc3NzJMamgwbXB6dE4vME0Kxw2aeENkO0hg0bvpshoI1rMbw8T6LpXf
|
||||
n1bnkmfCSE2V5JlI7z6jvuW/6C7bo6RDbbmLOA8dbF4sVTbnymsqsw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-10-17T11:49:07Z"
|
||||
mac: ENC[AES256_GCM,data:T2fDMcgfP+CVO3UyPhE2LnwZrCjnQfyxIAYE/L3kANAf6+dW7p3NsWvV6N9K39sdDKJ1ZWa239efCcFIRwiE91vbuTZQAudfP9pDvRAo2TfWis0PhB32S3Vs2e1MGQiYyEtPzLuLOGzDldUEexQfiUCpWd1NGGvpE3Fo378QCig=,iv:fSwa5xmasrNlQkaBL0kcJK3NjhLnRH6txlzhPW8LlMc=,tag:xWuajzQ1F3HWXXRJfFS8fg==,type:str]
|
||||
|
|
|
|||
Loading…
Reference in a new issue