diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..e393ddc --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "private"] + path = private + url = ssh://forgejo@git.luj.fr/luj/snowfield-private.git diff --git a/home-manager-modules/mails/default.nix b/home-manager-modules/mails/default.nix index 0a1a8e0..51adb38 100644 --- a/home-manager-modules/mails/default.nix +++ b/home-manager-modules/mails/default.nix @@ -16,19 +16,19 @@ with lib; config = mkIf cfg.enable { age.secrets.work-mail-pw = { - file = ../../secrets/work-mail-pw.age; + file = ../../private/secrets/work-mail-pw.age; }; age.secrets.dgnum-mail-pw = { - file = ../../secrets/dgnum-mail-pw.age; + file = ../../private/secrets/dgnum-mail-pw.age; }; age.secrets.telecom-mail-pw = { - file = ../../secrets/telecom-mail-pw.age; + file = ../../private/secrets/telecom-mail-pw.age; }; age.secrets.ens-mail-pw = { - file = ../../secrets/ens-mail-pw.age; + file = ../../private/secrets/ens-mail-pw.age; }; programs.mbsync = { diff --git a/lon.lock b/lon.lock index 3b2063b..7e5b850 100644 --- a/lon.lock +++ b/lon.lock @@ -7,9 +7,9 @@ "owner": "ryantm", "repo": "agenix", "branch": "main", - "revision": "4835b1dc898959d8547a871ef484930675cb47f1", - "url": "https://github.com/ryantm/agenix/archive/4835b1dc898959d8547a871ef484930675cb47f1.tar.gz", - "hash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=" + "revision": "531beac616433bac6f9e2a19feb8e99a22a66baf", + "url": "https://github.com/ryantm/agenix/archive/531beac616433bac6f9e2a19feb8e99a22a66baf.tar.gz", + "hash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=" }, "artiflakery": { "type": "GitHub", @@ -67,9 +67,9 @@ "owner": "nix-community", "repo": "emacs-overlay", "branch": "master", - "revision": "cff16fc129c76889ddfb0ebb17b53b6633c77ba5", - "url": "https://github.com/nix-community/emacs-overlay/archive/cff16fc129c76889ddfb0ebb17b53b6633c77ba5.tar.gz", - "hash": "sha256-EtSUmvOKU7mfocPNsBSmgjOcqPBKWshSN/jsxmHZqfI=" + "revision": "90856b1b570da027a768a8b8c11d49be723a7856", + "url": "https://github.com/nix-community/emacs-overlay/archive/90856b1b570da027a768a8b8c11d49be723a7856.tar.gz", + "hash": "sha256-2CmtuWDAxP/o14TeKXQa0BtHMALKjFAmoU4DaWX78zk=" }, "git-hooks": { "type": "GitHub", @@ -167,9 +167,9 @@ "owner": "nixos", "repo": "nixpkgs", "branch": "nixos-25.05", - "revision": "6c64dabd3aa85e0c02ef1cdcb6e1213de64baee3", - "url": "https://github.com/nixos/nixpkgs/archive/6c64dabd3aa85e0c02ef1cdcb6e1213de64baee3.tar.gz", - "hash": "sha256-h/aac1dGLhS3qpaD2aZt25NdKY7b+JT0ZIP2WuGsJMU=" + "revision": "36ab78dab7da2e4e27911007033713bab534187b", + "url": "https://github.com/nixos/nixpkgs/archive/36ab78dab7da2e4e27911007033713bab534187b.tar.gz", + "hash": "sha256-urV51uWH7fVnhIvsZIELIYalMYsyr2FCalvlRTzqWRw=" }, "proxmox": { "type": "GitHub", @@ -196,9 +196,9 @@ "owner": "nixos", "repo": "nixpkgs", "branch": "nixos-unstable", - "revision": "ee930f9755f58096ac6e8ca94a1887e0534e2d81", - "url": "https://github.com/nixos/nixpkgs/archive/ee930f9755f58096ac6e8ca94a1887e0534e2d81.tar.gz", - "hash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=" + "revision": "9e83b64f727c88a7711a2c463a7b16eedb69a84c", + "url": "https://github.com/nixos/nixpkgs/archive/9e83b64f727c88a7711a2c463a7b16eedb69a84c.tar.gz", + "hash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=" } } } diff --git a/machines/akhaten/stalwart.nix b/machines/akhaten/stalwart.nix index 11db346..7d702ad 100644 --- a/machines/akhaten/stalwart.nix +++ b/machines/akhaten/stalwart.nix @@ -1,12 +1,23 @@ { config, lib, + pkgs, ... }: +let + stalwart-private-settings = import ../../private/pkgs/stalwart/settings.nix; +in { services.stalwart-mail = { enable = true; + package = pkgs.callPackage ../../private/pkgs/stalwart { }; settings = { + metrics.history = { + enable = true; + store = "rocksdb"; + retention = "90d"; + interval = "0 * *"; + }; authentication.fallback-admin = { user = "admin"; secret = "%{file:/var/lib/stalwart-mail/admin-hash}%"; @@ -57,14 +68,13 @@ }; }; }; - - }; + } // stalwart-private-settings; }; services.backup.includes = [ "/var/lib/stalwart-mail/db" ]; age.secrets.stalwart-admin-hash = { - file = ../../secrets/stalwart-admin.age; + file = ../../private/secrets/stalwart-admin.age; path = "/var/lib/stalwart-mail/admin-hash"; owner = "stalwart-mail"; group = "stalwart-mail"; diff --git a/machines/arcadia/default.nix b/machines/arcadia/default.nix index 66295c1..b353e76 100644 --- a/machines/arcadia/default.nix +++ b/machines/arcadia/default.nix @@ -80,8 +80,6 @@ security.pam.services.swaylock = { }; - programs.ssh.startAgent = true; - services.xserver.displayManager.lightdm.enable = true; services.xserver.desktopManager.xterm.enable = true; services.xserver.enable = true; diff --git a/machines/arcadia/syncthing.nix b/machines/arcadia/syncthing.nix index c3abffc..772af12 100644 --- a/machines/arcadia/syncthing.nix +++ b/machines/arcadia/syncthing.nix @@ -12,7 +12,7 @@ listenAddresses = [ "tcp://${config.machine.meta.ips.vpn.ipv4}" ]; }; - devices = { + settings.devices = { "gustave" = { id = "6APF3EP-TIV7ZBK-5WB5SA4-Y2K37CR-AMIB2TM-6T2VORK-UYNQO2X-TO6V2QH"; addresses = [ @@ -28,10 +28,10 @@ }; }; - folders = { + settings.folders = { "dev" = { path = "/home/julien/dev"; - devices = [ + settings.devices = [ "gustave" "fischer" ]; diff --git a/machines/biblios/garage.nix b/machines/biblios/garage.nix index afe2feb..7d7e06c 100644 --- a/machines/biblios/garage.nix +++ b/machines/biblios/garage.nix @@ -10,7 +10,7 @@ in { services.garage = { enable = true; - package = pkgs.garage_1_1_0; + package = pkgs.garage_1_x; settings = { replication_factor = 1; @@ -36,17 +36,17 @@ in environmentFile = config.age.secrets."garage-env-file".path; }; - age.secrets."garage-env-file".file = ../../secrets/garage-env-file.age; + age.secrets."garage-env-file".file = ../../private/secrets/garage-env-file.age; age.secrets."book-auth" = { - file = ../../secrets/book-auth.age; + file = ../../private/secrets/book-auth.age; owner = "nginx"; }; age.secrets."notes-phd-auth" = { - file = ../../secrets/notes-phd-auth.age; + file = ../../private/secrets/notes-phd-auth.age; owner = "nginx"; }; age.secrets."notes-perso-auth" = { - file = ../../secrets/notes-perso-auth.age; + file = ../../private/secrets/notes-perso-auth.age; owner = "nginx"; }; diff --git a/machines/core-security/default.nix b/machines/core-security/default.nix index 11d956b..01184a6 100644 --- a/machines/core-security/default.nix +++ b/machines/core-security/default.nix @@ -90,7 +90,7 @@ }; }; - age.secrets.keycloak-db.file = ../../secrets/keycloak-db.age; + age.secrets.keycloak-db.file = ../../private/secrets/keycloak-db.age; services.openssh.extraConfig = '' HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub diff --git a/machines/core-security/kanidm.nix b/machines/core-security/kanidm.nix index cd5ea57..0d94a7b 100644 --- a/machines/core-security/kanidm.nix +++ b/machines/core-security/kanidm.nix @@ -1,7 +1,7 @@ { pkgs, config, ... }: let certificate = config.security.acme.certs."auth.luj.fr"; - kanidm = pkgs.kanidm_1_5; + kanidm = pkgs.kanidm_1_6; in { services.kanidm = { diff --git a/machines/fischer/default.nix b/machines/fischer/default.nix index 1ec72e4..76d95cd 100644 --- a/machines/fischer/default.nix +++ b/machines/fischer/default.nix @@ -311,8 +311,6 @@ in security.pam.services.swaylock = { }; - programs.ssh.startAgent = true; - services.gnome.gnome-keyring.enable = true; services.openssh.extraConfig = '' diff --git a/machines/fischer/syncthing.nix b/machines/fischer/syncthing.nix index b933e17..fa8d696 100644 --- a/machines/fischer/syncthing.nix +++ b/machines/fischer/syncthing.nix @@ -12,7 +12,7 @@ listenAddresses = [ "tcp://${config.machine.meta.ips.vpn.ipv4}" ]; }; - devices = { + settings.devices = { "gustave" = { id = "6APF3EP-TIV7ZBK-5WB5SA4-Y2K37CR-AMIB2TM-6T2VORK-UYNQO2X-TO6V2QH"; addresses = [ @@ -35,10 +35,10 @@ }; }; - folders = { + settings.folders = { "dev" = { path = "/home/julien/dev"; - devices = [ + settings.devices = [ "gustave" "gallifrey" "arcadia" diff --git a/machines/gallifrey/default.nix b/machines/gallifrey/default.nix index 6586462..9a94ba0 100644 --- a/machines/gallifrey/default.nix +++ b/machines/gallifrey/default.nix @@ -73,10 +73,11 @@ services.xserver = { enable = true; videoDrivers = [ "nvidia" ]; - displayManager.gdm.enable = true; - desktopManager.gnome.enable = true; }; + services.desktopManager.gnome.enable = true; + services.displayManager.gdm.enable = true; + hardware.graphics.enable = true; hardware.nvidia = { modesetting.enable = true; @@ -121,7 +122,6 @@ }; networking.networkmanager.plugins = [ pkgs.networkmanager-openvpn ]; - programs.ssh.startAgent = true; environment.systemPackages = with pkgs; [ tailscale diff --git a/machines/gallifrey/syncthing.nix b/machines/gallifrey/syncthing.nix index c3abffc..772af12 100644 --- a/machines/gallifrey/syncthing.nix +++ b/machines/gallifrey/syncthing.nix @@ -12,7 +12,7 @@ listenAddresses = [ "tcp://${config.machine.meta.ips.vpn.ipv4}" ]; }; - devices = { + settings.devices = { "gustave" = { id = "6APF3EP-TIV7ZBK-5WB5SA4-Y2K37CR-AMIB2TM-6T2VORK-UYNQO2X-TO6V2QH"; addresses = [ @@ -28,10 +28,10 @@ }; }; - folders = { + settings.folders = { "dev" = { path = "/home/julien/dev"; - devices = [ + settings.devices = [ "gustave" "fischer" ]; diff --git a/machines/gustave/artiflakery.nix b/machines/gustave/artiflakery.nix index 1a8790c..afb8f19 100644 --- a/machines/gustave/artiflakery.nix +++ b/machines/gustave/artiflakery.nix @@ -2,7 +2,7 @@ { age.secrets."artiflakery-auth" = { - file = ../../secrets/artiflakery-auth.age; + file = ../../private/secrets/artiflakery-auth.age; owner = "artiflakery"; }; diff --git a/machines/gustave/nextcloud.nix b/machines/gustave/nextcloud.nix index 1e62a66..893ca83 100644 --- a/machines/gustave/nextcloud.nix +++ b/machines/gustave/nextcloud.nix @@ -5,13 +5,13 @@ environment.systemPackages = [ config.services.nextcloud.occ ]; age.secrets."nextcloud-admin-password" = { - file = ../../secrets/nextcloud-admin-password.age; + file = ../../private/secrets/nextcloud-admin-password.age; owner = "nextcloud"; group = "nextcloud"; }; age.secrets."nextcloud-s3-token" = { - file = ../../secrets/nextcloud-s3-token.age; + file = ../../private/secrets/nextcloud-s3-token.age; owner = "nextcloud"; group = "nextcloud"; }; @@ -38,7 +38,7 @@ bucket = "nextcloud-bucket"; key = "GK5e980f5f3c7e2780b931ccd0"; secretFile = config.age.secrets."nextcloud-s3-token".path; - autocreate = false; + verify_bucket_exists = false; }; }; diff --git a/machines/gustave/pages.nix b/machines/gustave/pages.nix index 7c99d37..1f63104 100644 --- a/machines/gustave/pages.nix +++ b/machines/gustave/pages.nix @@ -8,7 +8,7 @@ let allowedUpstream = "2a01:e0a:de4:a0e1:4bb5:9275:6010:e9b5/128"; in { - age.secrets."pages-settings-file".file = ../../secrets/pages-settings-file.age; + age.secrets."pages-settings-file".file = ../../private/secrets/pages-settings-file.age; services.codeberg-pages = { enable = true; @@ -97,7 +97,7 @@ in ]; # Listen to ipv6 packets coming from the internet, check the SNI - # If they are one of the declared virtualHosts, forward them to the proxy protocol listener + # If they are one of the declared virtualHosts, forward them to the proxy protocol listener # for that virtualHost, else forward them to the page server streamConfig = '' map $ssl_preread_server_name $sni_upstream { diff --git a/machines/gustave/plausible.nix b/machines/gustave/plausible.nix index c5911f3..308b6b1 100644 --- a/machines/gustave/plausible.nix +++ b/machines/gustave/plausible.nix @@ -21,7 +21,7 @@ }; age.secrets = { - plausible-admin-password.file = ../../secrets/plausible-password.age; - plausible-secret-key-base.file = ../../secrets/plausible-keybase-secret.age; + plausible-admin-password.file = ../../private/secrets/plausible-password.age; + plausible-secret-key-base.file = ../../private/secrets/plausible-keybase-secret.age; }; } diff --git a/machines/gustave/readeck.nix b/machines/gustave/readeck.nix index 8bac7a0..cc30d8c 100644 --- a/machines/gustave/readeck.nix +++ b/machines/gustave/readeck.nix @@ -1,7 +1,7 @@ { config, ... }: { - age.secrets."readeck-config".file = ../../secrets/readeck-config.age; + age.secrets."readeck-config".file = ../../private/secrets/readeck-config.age; services.nginx.virtualHosts."read.luj" = { forceSSL = true; diff --git a/machines/gustave/syncthing.nix b/machines/gustave/syncthing.nix index 4f6644e..8e80600 100644 --- a/machines/gustave/syncthing.nix +++ b/machines/gustave/syncthing.nix @@ -12,7 +12,7 @@ listenAddresses = [ "tcp://${config.machine.meta.ips.vpn.ipv4}" ]; }; - devices = { + settings.devices = { "fischer" = { id = "PLIMD3Z-L4DYKDB-MY4PFTS-3RMQUNF-GFWFOBB-SELW6MB-WIQJ2LM-QAC45QQ"; addresses = [ @@ -26,10 +26,10 @@ ]; }; }; - folders = { + settings.folders = { "dev" = { path = "/home/julien/dev"; - devices = [ + settings.devices = [ "fischer" "gallifrey" ]; diff --git a/machines/lambda/uptime-kuma.nix b/machines/lambda/uptime-kuma.nix index 745dec4..e82da2a 100644 --- a/machines/lambda/uptime-kuma.nix +++ b/machines/lambda/uptime-kuma.nix @@ -37,7 +37,7 @@ in }; age.secrets."stateless-uptime-kuma-password".file = - ../../secrets/stateless-uptime-kuma-password.age; + ../../private/secrets/stateless-uptime-kuma-password.age; nixpkgs.overlays = [ (import "${inputs.stateless-uptime-kuma}/overlay.nix") ]; diff --git a/machines/tower/forgejo-runner.nix b/machines/tower/forgejo-runner.nix index f30cd01..9723288 100644 --- a/machines/tower/forgejo-runner.nix +++ b/machines/tower/forgejo-runner.nix @@ -1,6 +1,6 @@ { pkgs, config, ... }: { - age.secrets.forgejo_runners-token_file.file = ../../secrets/forgejo_runners-token_file.age; + age.secrets.forgejo_runners-token_file.file = ../../private/secrets/forgejo_runners-token_file.age; nix.settings.allowed-users = [ "gitea-runner" ]; nix.settings.trusted-users = [ "gitea-runner" ]; diff --git a/modules/backup/default.nix b/modules/backup/default.nix index 8b2a6a5..7417be0 100644 --- a/modules/backup/default.nix +++ b/modules/backup/default.nix @@ -72,12 +72,12 @@ in config = lib.mkIf (cfg.includes != [ ]) { age.secrets."borg-ssh-key" = { - file = ../../secrets/borg-ssh-priv.age; + file = ../../private/secrets/borg-ssh-priv.age; owner = "root"; mode = "0600"; }; - age.secrets."borg-encryption-secret".file = ../../secrets/borg-encryption-secret.age; + age.secrets."borg-encryption-secret".file = ../../private/secrets/borg-encryption-secret.age; programs.ssh.knownHosts."${if port != 22 then "[${host}]:${port}" else host}" = { publicKey = "${hostPublicKey}"; diff --git a/modules/buildbot/default.nix b/modules/buildbot/default.nix index 4746ca0..c9e1503 100644 --- a/modules/buildbot/default.nix +++ b/modules/buildbot/default.nix @@ -55,12 +55,12 @@ in }; age.secrets = { - github-token.file = ../../secrets/github-token-secret.age; - github-webhook-secret.file = ../../secrets/github-webhook-secret.age; - github-oauth-secret.file = ../../secrets/github-oauth-secret.age; - buildbot-nix-workers.file = ../../secrets/buildbot-nix-workers.age; + github-token.file = ../../private/secrets/github-token-secret.age; + github-webhook-secret.file = ../../private/secrets/github-webhook-secret.age; + github-oauth-secret.file = ../../private/secrets/github-oauth-secret.age; + buildbot-nix-workers.file = ../../private/secrets/buildbot-nix-workers.age; buildbot-nix-worker-password = { - file = ../../secrets/buildbot-nix-worker-password.age; + file = ../../private/secrets/buildbot-nix-worker-password.age; owner = "buildbot-worker"; }; }; diff --git a/modules/deluge/default.nix b/modules/deluge/default.nix index d8208c3..0d24bcc 100644 --- a/modules/deluge/default.nix +++ b/modules/deluge/default.nix @@ -35,7 +35,7 @@ in age.secrets.deluge-webui-password = { owner = cfg.user; - file = ../../secrets/deluge-webui-password.age; + file = ../../private/secrets/deluge-webui-password.age; }; services.deluge = { diff --git a/modules/nginx/default.nix b/modules/nginx/default.nix index afafcbf..1f320d3 100644 --- a/modules/nginx/default.nix +++ b/modules/nginx/default.nix @@ -147,7 +147,7 @@ in security.acme.acceptTerms = true; age.secrets.nginx-cert = { - file = ../../secrets/404-ssl-certificate-cert.age; + file = ../../private/secrets/404-ssl-certificate-cert.age; path = "/var/lib/acme/default/cert.pem"; owner = "acme"; group = "nginx"; @@ -156,7 +156,7 @@ in }; age.secrets.nginx-key = { - file = ../../secrets/404-ssl-certificate-key.age; + file = ../../private/secrets/404-ssl-certificate-key.age; path = "/var/lib/acme/default/key.pem"; owner = "acme"; group = "nginx"; diff --git a/modules/secrets/default.nix b/modules/secrets/default.nix index cb7a316..c713a12 100644 --- a/modules/secrets/default.nix +++ b/modules/secrets/default.nix @@ -11,7 +11,7 @@ with lib; config = mkIf cfg.enable { age.secrets.git-gpg-private-key = { - file = ../../secrets/git-gpg-private-key.age; + file = ../../private/secrets/git-gpg-private-key.age; owner = "julien"; mode = "0440"; group = config.users.groups.keys.name; diff --git a/private b/private new file mode 160000 index 0000000..8cb3528 --- /dev/null +++ b/private @@ -0,0 +1 @@ +Subproject commit 8cb35282ab0d38c63f757653bab144cfc348c08c diff --git a/profiles/base.nix b/profiles/base.nix index 85d560f..f29c75e 100644 --- a/profiles/base.nix +++ b/profiles/base.nix @@ -55,6 +55,7 @@ step-cli comma-with-db nixos-firewall-tool + attic-client ]; environment.variables.EDITOR = "nvim"; diff --git a/secrets/404-ssl-certificate-cert.age b/secrets/404-ssl-certificate-cert.age deleted file mode 100644 index 1aea2f2..0000000 Binary files a/secrets/404-ssl-certificate-cert.age and /dev/null differ diff --git a/secrets/404-ssl-certificate-key.age b/secrets/404-ssl-certificate-key.age deleted file mode 100644 index d551a3b..0000000 Binary files a/secrets/404-ssl-certificate-key.age and /dev/null differ diff --git a/secrets/arkheon-env.age b/secrets/arkheon-env.age deleted file mode 100644 index 2a24bf0..0000000 --- a/secrets/arkheon-env.age +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 xaddyw zad7rIPt7YmMINK+6AJeBg0QLKjXRBpi1I686XJFjRc -6wIwquKdRSrHEw5M3TpFOiBs2ujO1IuwHjoxSzQYxOI --> ssh-ed25519 AqX2tg /JXc+SICUiwgheJuUsi3Jf1NqA+Fk7nZooQ+MJB0kAU -CEjcUhpMoKP2EXyz5Jy8Jg8ME9sEBXAVjvVj0bfH540 ---- 3IOLgCrvtGC7wjwR5X2Cn5z8O2wO4vt26/FrRuDIHus -=ld45R*-׊!2;>Snβ5U|KnQsO6g, K -s \ No newline at end of file diff --git a/secrets/arkheon-token.age b/secrets/arkheon-token.age deleted file mode 100644 index 2ff4e86..0000000 --- a/secrets/arkheon-token.age +++ /dev/null @@ -1,21 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 IRHAkA 7lsX23PbejDfz2Qsw1Z79VpIKeE+OG0UBEIy6Z13TCE -DAqsFt8tdbTK8Juyi6EbE0dP8uYK7dysbi62RltzAoo --> ssh-ed25519 AqX2tg Iuvw+AN1xrpvc1BLS6wZDqkKlbZTXL7XjfhN0batS0E -cpeBQ48U6hEq6yGtQIdSIdCSAUFBz3+Tf+FJw4iPNxU --> ssh-ed25519 bD9h7A 9H7zGcs4s14Ow0mQtTcMYAZA/tKvNo1bZtX0Phr1nQo -mV31iQtkqs6p/TjaRYvb+2ATkKOHvlCKKrWtN4Rlluw --> ssh-ed25519 2Wt2Kw JFIQfq65TaiWWchy9ew36+2fnn8/DJb12+Ked6HHiU8 -TyZ9wqh/uvfaE9z0U+uuXXSDPgd8OL/p/7jFjeclFhk --> ssh-ed25519 xaddyw eiE9Cv3eBwWCkf79RIB+ktclTAldqd2tk2x8n0a0h04 -Rx1F/dx8vLzl1PkupfjsaoM4LeHFO3kT2pDLwT3pjUI --> ssh-ed25519 6rkyTg j7b41KnYdY7IGuszX/N0n0z0ZQ3IZ7oFqQ9oj2WHLTE -LVOR+L3BUJ4mXUqaLCoopVZeHbUaUySmxA7yzDlXMI8 --> ssh-ed25519 d3M2Dw VcD2TfG9Z6ZE62Xavr58F/MjXCLAJTvLZTd+y9/PMyc -hijMC0lVABN7nWWa23TgowZE3NFjc2mKS7QdJSf25UQ --> ssh-ed25519 81O5Zw wZ/35O/yVaI4bw5AdZho6K67BvioXiITjHNBak31AwQ -gaE9BLdnVwPh8z30/BINUIDgu8zn4g6RSVsnc1G57B0 --> ssh-ed25519 Ye6ufg cc6XtPVZUfmuewSB9EzjxcK41l26UQAlJnJZZW5zc3s -SiRKfBc01ompb9HsyLS2wJhlXuAWHJqvu9gBcLG0GAs ---- l4BP9E5c9FdRgFTreUPT9Ek1XK3zwAlPFQQD2ggLYzk -Vb[xUR ?>_s6Edo -=B~AƄ9sbۍ \ No newline at end of file diff --git a/secrets/artiflakery-auth.age b/secrets/artiflakery-auth.age deleted file mode 100644 index d1c7e4a..0000000 --- a/secrets/artiflakery-auth.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 AqX2tg aExOPwN8B9iOjx+NGzMRxdMZlVg94D6Y2zXzNL49dyI -Rgu7H8Us8uo/2YkSuC/FpFMePlT85a3nHwgVfkEx6/Q --> ssh-ed25519 u3yXZQ 6C2UDX+hfcM4LPrgFjT/ccl1BH+8Q1fJkiPpp0mMWDU -P2erE/Hmpb2l20V9C2p5m/v3wb+OWtBh+NPSgdPg+o4 --> ssh-ed25519 IRHAkA lyQLBcU23LQVbfaw+L+HAmY3ctDL4pMudvkwmN0dslY -P170WaIrgH/qSuhPJ8lzRXaLRvJw52TtrX1kJ187GeU ---- eOcQXq+qpuvGAYxvCzuug/kCS0262Q89NpYtpSpU2uw -պlyETs̔F&. JA@" +*=jb jB+K'ՄI&ڶ7wkA/|F3n'+v -ueWz;ﶉ \ No newline at end of file diff --git a/secrets/book-auth.age b/secrets/book-auth.age deleted file mode 100644 index 7913eab..0000000 --- a/secrets/book-auth.age +++ /dev/null @@ -1,11 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 AqX2tg zDqh2PvGIPYp0KY5vkk0/PvwpVui2I0D2PcADIqjJ2g -nAbsleFGQ6m2GP3U/awi/PSAaG9CoCNhtRCqzhWtNUM --> ssh-ed25519 u3yXZQ N8lqAInc0PEju+3A8a01Hw4SiHBIt0fGGwUfeQ4SU0I -sGmDrRk/EAxXq+Zuh+xBVihB993dP3gsUptC6MfRYoE --> ssh-ed25519 IRHAkA CeDM5bpCNDO6FnDAFlvNN47uUs6fC7J9S82cLOEfm0k -LKxbADvWMSyVs4L/GkPhFGtss+QRtdwg1LCwV3CSdGI --> ssh-ed25519 Ye6ufg SCi2vaZqmkqhldcGY3V6AOguPoImlJCjYRQORf9D50c -BDfKtBKf13j6d6vUU0Uzk0kQWk+JzqYHb+G9XeKxwCk ---- Nk8GC8ujrTpDzFpJwm1VfypxEl5PfxWup9bEaTkdRwc -B@^2uW-5@i4f L|L"|gdO>2I5C|^/iyK 0$ʨ?_pJz0vιs| \ No newline at end of file diff --git a/secrets/borg-encryption-secret.age b/secrets/borg-encryption-secret.age deleted file mode 100644 index 908459b..0000000 --- a/secrets/borg-encryption-secret.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 IRHAkA d308MOWZ2BLYYo18G9Lonml4dTpMuChxFLwqghEAnCg -k95+cWyJL2JDMSEVDrXftefjkyyF6iyDz9k/NKjs30k --> ssh-ed25519 81O5Zw lpirBSHV8rLxAY3IMcdtduXo508ULmv0Jsw+OQbv11c -o3DXf3jcVI4o6F4kLOV6b6+QWaEobQIBzyTSLiz4khA --> ssh-ed25519 AqX2tg Y5PfzmnIqIOzYs2DSYbBFpoWt/lopoMqxCerZfmFbAg -vNfXVvbyA2bWY0yyVu12FGo8HpaFtYVorlZ5PiTtRvo ---- J23yDhldnxVjK4S5MZ4vzwm2wIn76Nx/ZGLSaypoud0 -ǫmNcCf-WpF5W{+kW4E@G2f!u^ \ No newline at end of file diff --git a/secrets/borg-ssh-priv.age b/secrets/borg-ssh-priv.age deleted file mode 100644 index b328974..0000000 --- a/secrets/borg-ssh-priv.age +++ /dev/null @@ -1,11 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 IRHAkA hRATri1yOb2vg7FiYrFaUXV8arxHqAREOyxP5GVt3kI -dhpsKq48qyLwx+wn6BVoGzlaEHSXjBEF82RzhYgKKdw --> ssh-ed25519 81O5Zw 9CS0EBF1JBc8SIWnLShfoUsj27Htcx+iIOx/77uvngU -CRnvoFEHOuWqbha+tQzkR5WS8pU5aCCPADTBpEQNSPw --> ssh-ed25519 AqX2tg VoiT3Lo7Bt+Boy/Qbqk9Jy+cgySoM7R62TjnAJ1mwjg -OUNuWSwx1uMgLG1RRBeqKNjrfwVufmQk3pcwHzzVA28 ---- Ln/V6PWu99lene9SmxapMZGAO9RHoJw+R/AchrTLVZo -U-5q -|ԭ\<^/ÀڷoJDAx^2;tC!^O -Č)5Y/f ] .M|PqK֞Mʡ˛R,w+Z?`>D9*S]fW\uExŇ/WLƔ,z*RB'QN@}id,wkM g^/T EHVd/QT(2^|)hX;XmY!qUdsll^Qw0YԘEͰ[r a֫( 7d|Hyl~@1M#⬙5-CLNN9 ͍+Mu=A:)*_QC A46zea;خNI"WwX!%+q$d'|rHf6W% \ No newline at end of file diff --git a/secrets/buildbot-nix-worker-password.age b/secrets/buildbot-nix-worker-password.age deleted file mode 100644 index b076ca6..0000000 --- a/secrets/buildbot-nix-worker-password.age +++ /dev/null @@ -1,5 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 AqX2tg lt9JpQbAw+VDMuZJxJMEDttSGc67ZpTbUIznI+CQvkA -rRDMuTbGe9ebamKGEuy3bI73K7IY1J5qQO87R9sFlH8 ---- dfHwjj/IywWQfUN7vpo1wmySkEKMKb22EQuvADgzo8E -&nfh\VhwaJgضWgLI Sַou(:rɤ{ \ No newline at end of file diff --git a/secrets/buildbot-nix-workers.age b/secrets/buildbot-nix-workers.age deleted file mode 100644 index 1d247f5..0000000 --- a/secrets/buildbot-nix-workers.age +++ /dev/null @@ -1,5 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 AqX2tg qYgZ2QJlmWAaWcYzJbn9MpqeykIh6O08XTib39xJyHQ -Ghu/VPtgcZJ/vSmmz/fThOLKbWpudGTF9q5/s7xoytA ---- PdmbhMJvon3rdeWqy3cVk38AemHB45YOchb3t/2HkGE -NnU+Y!4(ub;1 N9X_L+ lTyъiܖ# ۙ%bk‡B)h55v \ No newline at end of file diff --git a/secrets/deluge-webui-password.age b/secrets/deluge-webui-password.age deleted file mode 100644 index effc7ff..0000000 --- a/secrets/deluge-webui-password.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 IRHAkA ui0eCIFLxo0QDCLCvluv7/rE5inuMPuULWwwb0nbRmA -nca6oVHNi3dYWGN7NBPRIT12Yqcw0HfIm544hVyoqfA --> ssh-ed25519 AqX2tg QBIXX6hV/UhsTZhE5pfaopnOSyLbMg9gK4ZtzpSQYUc -D4MOqKVAwbnOhR6cl9R+YYL9mGo2x6zs/fLCLBCyA8k ---- EMoeNyxRFsUdrQmmRV+SKuufm77Ma2pqndVjS7CczKc - +nr64ת76lu D;+h-Maj0ap%(b]^ojJ \ No newline at end of file diff --git a/secrets/dgnum-mail-pw.age b/secrets/dgnum-mail-pw.age deleted file mode 100644 index 92961e3..0000000 --- a/secrets/dgnum-mail-pw.age +++ /dev/null @@ -1,19 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 u3yXZQ +wH1AooNvcLP949JQM1drPuyN2IRs21zHr+Vczcbakw -wYmZ73l6Qd+ri4xVgqN4QKXgnBNP9Cjj1dBOBwc7l1Y --> ssh-ed25519 AqX2tg Lv2TWT4cVkyDhdgkzFxEU1jCcgJQsuJV3LjMo0WRXjE -eb6HyZlcml7My8OYzOA+a9V3KD8h/3yOFsFJ/k4ow1M --> ssh-ed25519 eySVIw QFG2KornBLk3k8i/GKCySCosPKytoiwse0xhSey0g20 -Fi730f8eF1Ct6P2GcIiJAgBkaPfW1nAZ+xJ3z317G/o --> ssh-ed25519 ThuR9A rHzocWJhWyCdQ2QuEnkufWY8hVwRbzN3Mm+GyXjxTis -L9JUezAd87zW6YSwSuH+znD8G3lWmYGiwc3KHmDVwiE --> ssh-ed25519 7MARBg 3NeaybBa2LN4qNMcw2GqQWeDTsHqr6/GZjSxoR4vhzk -4JoRSUfT9DJY348/paCSYCqJ/puWZTIiaOZj3ylhohg --> ssh-ed25519 LFAtBQ iqeFnRf/cDzFQ6ebFvUOzdPkGoIvJNO9ZdMYFOwn3W4 -XyCP91Fb1uj85/8gbTCbRbUgyXYNXogDOR2jCzE5TFY --> ssh-ed25519 pgfKjQ uTPCP/1L22cYUxRbjGT6hImXnzEg6jM+vx5vU6aptH4 -gCXk8Caa1sQKdx2Y/1PZ4X4yuJ7w2R+5lhFNJ8OO0cg ---- 8dHSuYgjlL+F/JwbkhJzgVEokGtk4V3ozIjh7QAnwsU -d\ p0FI''55C_ [ -.kAB -P/n,]fBv;;+hP2d{% \ No newline at end of file diff --git a/secrets/ens-mail-password.age b/secrets/ens-mail-password.age deleted file mode 100644 index 69256b1..0000000 --- a/secrets/ens-mail-password.age +++ /dev/null @@ -1,23 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 IRHAkA KKmIYYgr7RoHaFarMUu2MQxtfq7s6LFlkxWE2AiliUM -aoThCXX1Mwpeic5cKqpIYH66K6dnir3xZcUAVlFVm6w --> ssh-ed25519 AqX2tg ukfeBi25gPQfJSCTgK6XzYAtdtu74WNTcDa4HWgiED0 -ATEWFoGWuNCw5JsHlJgOgmO2x7QUEWJGsJhQcfonj08 --> ssh-ed25519 bD9h7A 4ecAGa7aX8QnxyBDcl8quzom3v6l4TCRZtQGzZT8KhQ -mtWdD8tM1YYo1MoQTENAZJYCSPYD7x2kCmUPc1uPHmw --> ssh-ed25519 2Wt2Kw rWJcOrA4j1X3ygTkFjImKuS4bAyOlrBRqq98syTFuxU -FINJkFVzbSd3TkXh+l69TMwN3b9ZINknRYR6VzIGej0 --> ssh-ed25519 xaddyw UiKM/eka9EJozle5zuEqfhZvES3OR9XnGb+c84I9tHc -S8gbIpi+SMw9PclFTa+zoiTmzE3XPmCIeTvzlCAGKCo --> ssh-ed25519 6rkyTg QnPd4yP1q3y95CZD7CvOsQF9hHVc3OQQNTh6S6jleAs -tBTrboe1nRB1BpwCzSz+7CQ6CBpDCkWrJyR7x3HW0Ww --> ssh-ed25519 d3M2Dw F4Ox/wYLCMaM5xsJQi7mMhDg3tOET7deQdofbfDi3gM -LsJjGUxMnV11JLxU9sdEvYFKV1lXgYiDypDXSfqyeYk --> ssh-ed25519 81O5Zw zDQE7eCBtRBxqP8KJtgH2CQUWofLE8A7rW05SAQEuGU -Y+ff0hh/OoqEYQHCefl/KRpuO5g/wRwx+kL7BkLMweI --> ssh-ed25519 Ye6ufg ca6dUiJfWehBpcOBPryk2cXnaI3MkYPBAbMwNXMi4Eo -pG3Baepk7wswiWn+3tvL2P5egckOrTvG9yZrXH4bpjs --> ssh-ed25519 eySVIw pwAaiREYDhFnShx270t1GjAQ/xBbHrf3Qqrg/nXfcFU -fOMTE6eaqRmlAf/aAp9pSmxXernBMTeH6Gr63j8uMSA ---- 65+++rjiLS5eEDZbqQoR0li2H/VVq7NJvwNixCLUTUo -ւ@W;מ^{Cx*'ßwZ*ÏBlF;z \ No newline at end of file diff --git a/secrets/ens-mail-pw.age b/secrets/ens-mail-pw.age deleted file mode 100644 index f5de799..0000000 --- a/secrets/ens-mail-pw.age +++ /dev/null @@ -1,17 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 u3yXZQ plTrCNAxnkMZ/+M8TD6umNkufSkUjSoAdJaiRVlx6Aw -qLg+wHa2gv9sgnRGXOVnzqlkKFznsC5P8ev2qYvN+No --> ssh-ed25519 AqX2tg fil8vo0f6HUhW8xoIo/qoGECekBM3uU3aBlU/z53+Xc -lw19zCnPJWv79z+mICQFeQY4pQ6Bnu2rVmdXKOv2hqo --> ssh-ed25519 eySVIw /MpShOP+mCDqqG68SezyB1FpO9M5Z1OvYjoiDRMgb00 -WZ6kK1hNSoEZUI3A8bxx+svn6OuqreDY+kTlqK1A9yQ --> ssh-ed25519 ThuR9A Z5TfVJ7s/OPEkEELX8/z9S7IvrGu+KajPXSc6162zX4 -OygoKGN932ignRf8Y79qFECPt7x+WBmW896U7i9MHvM --> ssh-ed25519 7MARBg hEI80P1lLpnaUCPgCf7zMdxK7Gidw9PhSZQiIaCNWUY -MNLlWs3DNS418h7YVWhbhreUb3Ub248kQX1KQVcWL24 --> ssh-ed25519 pgfKjQ 2RS+GPy+NwseE+UWV9NAiPyHpnxHpkaeguOUm25Juh4 -NZQvLvom7jFNC9384LC8pQc/nO14qq0FZVWxCSB8gIc --> ssh-ed25519 LFAtBQ R+eHawl+RRFDJarA22oZgq1bJvVg5dbDU8Rmp97fY30 -Db1hATY6aIN6ZKvtheFtrLnrqyzUFBPU2lwjATrY+HM ---- NvSg63mxMKTVXW3QF6cWDdbLmPPZPj+Uw711kCQSxWs -~d4Xs^BC-GҬܼ*.H \ No newline at end of file diff --git a/secrets/forgejo_runners-token_file.age b/secrets/forgejo_runners-token_file.age deleted file mode 100644 index 8598457..0000000 --- a/secrets/forgejo_runners-token_file.age +++ /dev/null @@ -1,6 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 AqX2tg X36nT0FkTjPcz0Lx14yHmHTYEv8clqHFui2OqmVOYQY -lUCstPKuatwdqCwInbjziQvp3c7sicp/NTHAhFrZGao ---- lOcAy9JVNLqK55W0dALAq6TDzme6svs30MFrTHyuR0s -7BF< -+yIʝO4Tt{}tȶ[R77}]pwj#^#& \ No newline at end of file diff --git a/secrets/garage-env-file.age b/secrets/garage-env-file.age deleted file mode 100644 index 6152a15..0000000 --- a/secrets/garage-env-file.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 AqX2tg QW7N0vYH/1rsU/EIiN+tLNYerZ28Hw2yZ/HCGeNp+V4 -/M3zririuCOkpdZ0RuHdFNDX9cPtGPX96/YQO+po4po --> ssh-ed25519 u3yXZQ PxYh0IE7L+wXZ4SWH86CjCHaakwZLoVCFuekP2ZYtX4 -BGgHJRXkpoGwBEfz+FkWc5qkl37y436O65wEANMLfBg --> ssh-ed25519 Ye6ufg X0MrbwY1GyFK1KRkM1Ohfd83JDR3Zpto1k/R0+ax314 -YpQ3vC+hqYiqOLD+JCI7g0x7N+IvOge4eRFLQEXzfIU ---- NX92hTxO3HS7t7FZ/7mi2s/WwWzy+0n7eJKCpiY2rlI -շ/NN$BUZLQcLoƏNTtfL$aMbsS'7UBԎ6eӗGJS4E$R4v|$n \ No newline at end of file diff --git a/secrets/git-gpg-private-key.age b/secrets/git-gpg-private-key.age deleted file mode 100644 index 065ba07..0000000 Binary files a/secrets/git-gpg-private-key.age and /dev/null differ diff --git a/secrets/github-oauth-secret.age b/secrets/github-oauth-secret.age deleted file mode 100644 index f8f282c..0000000 Binary files a/secrets/github-oauth-secret.age and /dev/null differ diff --git a/secrets/github-token-secret.age b/secrets/github-token-secret.age deleted file mode 100644 index 163d0e5..0000000 Binary files a/secrets/github-token-secret.age and /dev/null differ diff --git a/secrets/github-webhook-secret.age b/secrets/github-webhook-secret.age deleted file mode 100644 index 468abed..0000000 --- a/secrets/github-webhook-secret.age +++ /dev/null @@ -1,5 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 AqX2tg HUfPk3uqwIEcRrUwz96wzUZQ+MlAitVArONK0kVtxCo -EP5yxZ7TyNm6DW4aiWijgEEzTK+QBe7Brm9xadcGvZU ---- K6kwz37dqA38tUuMhSxvcjHq3h8sS/4uRUj1vjHEFBs -VR+W_V>(<F%\c{ CǩmQ-tm&~[k5^Dn; \ No newline at end of file diff --git a/secrets/julien-malka-sh-mail-password.age b/secrets/julien-malka-sh-mail-password.age deleted file mode 100644 index a5da33f..0000000 Binary files a/secrets/julien-malka-sh-mail-password.age and /dev/null differ diff --git a/secrets/keycloak-db.age b/secrets/keycloak-db.age deleted file mode 100644 index d743baf..0000000 --- a/secrets/keycloak-db.age +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 2Wt2Kw Jgmgn5lNDji8jNIJ8OnPYQ3kFe7wHsneh7KLZQ+ZuXM -7LNF9mkKgZSb5awzp2yIzV95DGcMU28kZLQ7h6K74go --> ssh-ed25519 AqX2tg kfoTwBiLuW1arGWUMHcVcm0kQ8a9VDGWHnEiPu+otnE -eY0l0Ts5aj1A6WfT3xl8m6SmR3gjV6A6zZdpFU9a1aI ---- +ZqlVdQiXBcKWgwmckLeHuxgsKwmNulPzzdej7E8XxY -ܸt? -mP!ѴGl_%;ϑ˖8ƭ:%֍V<'*)w,M> ܾ@P5`t2V) \ No newline at end of file diff --git a/secrets/malka-ens-school-mail-password.age b/secrets/malka-ens-school-mail-password.age deleted file mode 100644 index 48e47b0..0000000 Binary files a/secrets/malka-ens-school-mail-password.age and /dev/null differ diff --git a/secrets/mastodon-env.age b/secrets/mastodon-env.age deleted file mode 100644 index 7b0a32a..0000000 --- a/secrets/mastodon-env.age +++ /dev/null @@ -1,11 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 AqX2tg be5eRJlqzg6ikUTpQzSYQhJmqGm2MhBS6QSLJMzkelw -KuiDK1N2189avFHNlMVaDhY/w+Nw3YUqQwDqtFldMIE --> ssh-ed25519 u3yXZQ E+IZ2j7PHkKLFPQ6bLPptR66/auyikOJyyPdjOI89Cw -uYg+Vm1AxfAI6GfLJRRdjb9gdo9v8nOkeve+JNQpQos --> ssh-ed25519 IRHAkA Zzbuh7KdHEXE/9YByaNCFrO0kcMsrKn+8jYFwZQjaQw -yVlmEA+Ae3jbrPDVPVYMbbR0txCbYFgwfSQybAPwvA4 ---- LzJd06KI5xKx1aiEn67JFbQcq2CeIXcr+wPzanx+SGo -¸Q`YҜ0F ]!v:g|} wɿ -Z覟埪/v_)8',_H\E"J Y@~ɦ7 ^x|ɇE8~$U)?}l;&Ӳ*mPzѰ1b1OgݐnR(1V¯ݑ% 0oq]zW-M΅V%r!iݲoׂO'"g؁ sB -fWD2.3uz`S휢ċBQ&3u;K/ \ No newline at end of file diff --git a/secrets/mondon-ens-school-mail-password.age b/secrets/mondon-ens-school-mail-password.age deleted file mode 100644 index 4de8c10..0000000 --- a/secrets/mondon-ens-school-mail-password.age +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 bD9h7A qF5Z8CLaqNVlW9MNvkMqJER3Vy32xxDntp3vy0KZJ2M -1k7WMxLN9Mfax66f9AzIZmJELrFTmuN/WJ5vnWnB8qg --> ssh-ed25519 AqX2tg +26A9G8InpOHmkIA5syXP5jaOAK3g3Yiv9Ey8gDduRw -INSSJA2u/EIw7B1DWokfHICQP1mTSqRCiKk6cPFeYVw ---- G8cd0BgWQRAmEQENg1Vv7Io0I4uwxFvxVQNL+bEJFu4 -ѠML\'>9 ck(J(LH.i;gCز -/OL"dRP]`?j۵yUT˘\ٵ \ No newline at end of file diff --git a/secrets/nextcloud-admin-password.age b/secrets/nextcloud-admin-password.age deleted file mode 100644 index cbcd5c8..0000000 --- a/secrets/nextcloud-admin-password.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 AqX2tg 4/c0gbNhOQMBlkk0M2M6CV5FShMdy6HhZptpL0WOBFI -uCqMKdDaInUMLlwCrG51d6AM7byg4a8EHLou5bQGzkE --> ssh-ed25519 u3yXZQ HF3wgBxfE+Hmz9a5QB3+H03F9R/QFMk39vobB7QNglM -1ZMXLG6jpsM+NCYlOMEcx+wIxfA/4iHZCfRVQPtgLAI --> ssh-ed25519 IRHAkA nTp3Yc7vypZ1bSie1lFuFpMUZFg67UdhKpSvvsA3Dhw -3aeOSI1R9IkaK5bjHkxMaK+/IruhKQkBxLOatyA4hME ---- h7OURmu2BfnFUklxRAwdGkJdy/vSFUobfVC4fz1H2lU -uH\xN ,w;]Cqv5U4t\NN|<7eb[E-g="u.F$ \ No newline at end of file diff --git a/secrets/nextcloud-s3-token.age b/secrets/nextcloud-s3-token.age deleted file mode 100644 index 5ac5a4a..0000000 Binary files a/secrets/nextcloud-s3-token.age and /dev/null differ diff --git a/secrets/notes-perso-auth.age b/secrets/notes-perso-auth.age deleted file mode 100644 index 8fe059b..0000000 Binary files a/secrets/notes-perso-auth.age and /dev/null differ diff --git a/secrets/notes-phd-auth.age b/secrets/notes-phd-auth.age deleted file mode 100644 index 8761c20..0000000 --- a/secrets/notes-phd-auth.age +++ /dev/null @@ -1,11 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 AqX2tg WaB2KyF5Pn7bctfQPoQeYxLVrgJWOTJWEzy1idXbDH8 -6tMd9pXqlgE9c3WVZXpGhs+BI7u2/O28X2NRWRaDHe4 --> ssh-ed25519 u3yXZQ pnv6mKrWs9TdDRgpK4KH8M50adnWhTOwEVBzA7O9Lhs -S7BHn26/5gw7pfix3Rzb3dKmPUdpWY/o6ujiogbKgTs --> ssh-ed25519 IRHAkA f0vpRxGKTuowWFCAvlOCwxBEFGzua21QS0+n1xzGo0U -IhdHiySCsexbw/942wJPpiI3UspJY66AqGwJ4YuOPsM --> ssh-ed25519 Ye6ufg YKi+IgVF9I4Qd9BWO9H+ZmR7dxTvfkroq4K+02GXQWw -YTRVYDiWcPsX4O5cllk7+BCslcBReHdw+jRitsqP43A ---- qhUlxjLo+pbiv23NWc2Vt83pa4DjHN9MFDAUv+XzuIE -YUϺ4qoqeNx[&:0A8 D nM:iC?P9 #عX?dqv4ڑ}o+ \ No newline at end of file diff --git a/secrets/pages-settings-file.age b/secrets/pages-settings-file.age deleted file mode 100644 index dcd2cca..0000000 Binary files a/secrets/pages-settings-file.age and /dev/null differ diff --git a/secrets/plausible-keybase-secret.age b/secrets/plausible-keybase-secret.age deleted file mode 100644 index e1071a0..0000000 --- a/secrets/plausible-keybase-secret.age +++ /dev/null @@ -1,11 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 AqX2tg ckWqS2AjXeQPrrA0NKeBJk+0WMe1o66bYjhDrk/N7w8 -Ab8w1oZtNKQATH4+t5TnlVN2ZJvMEI290HNn+hdRnys --> ssh-ed25519 u3yXZQ mvHzT1GtRJysnrKLMaimIBZiN7TlfHbYqImE/zwPf1Y -kO/WdnbOvBD4YvFp+f0+ndkpdRpAhLIfpaeNsV58Zr8 --> ssh-ed25519 IRHAkA jBEbSOiw1H8HyrQ8ItarIr2LAYxkCQKpTvSPIljMbgk -kllR6d6W2CzeErhmMpTWpsRzPER3p3XmzEwBMzs7vcQ ---- zpBIErWXERbFzcUw/JKSwRIOUSfhdVDsk5KQ+GU704M -ȠBŗo^6 |rwr\(ՏN^* \ No newline at end of file diff --git a/secrets/plausible-password.age b/secrets/plausible-password.age deleted file mode 100644 index 4ea62b7..0000000 --- a/secrets/plausible-password.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 AqX2tg /uwZbh6tiF8xjpEuaKeQhQMfMHXbFSmF1qwKZDea0W8 -WTGydvGAob58NkZGU/8kBytKWCVJBSwTMcjsBlxCetY --> ssh-ed25519 u3yXZQ 3VpfVvCeMj23gF5R+dhOFJuiBWtN1NvdUzIZGit/1HM -kNQZzD3zgIKAeikdnl2xRrjLssyvpFqOm0vU6gD8DLI --> ssh-ed25519 IRHAkA oa0nwwtyB3oMrJJ294oo9LZXkfFkApqi9uO+oCLjCmA -TT2SmDck2CQta2mFanNVptASuebbMeKEaY7em6r77uU ---- Un9n8WwXJOMDaVn6eyqacJxOqfV7z8N3nTwJ7D3AWKY -/ޞĻHE0j:6'B2Gt\Ȝ` >o I \ No newline at end of file diff --git a/secrets/readeck-config.age b/secrets/readeck-config.age deleted file mode 100644 index 2503c56..0000000 --- a/secrets/readeck-config.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 u3yXZQ jTuPs5Lzit/TMUS8ZjQSOmghJvXZIolT+cVA95owFTA -BGClI5JknoL1CAuPYyuLv9dHNodDUQDBkDYrp8RnkfU --> ssh-ed25519 AqX2tg 84YCm2M1scsnBPG+EVgWRlS3Eo0BPwI8fKQ2HA9kjS8 -XepdbDkxbXk6YqtchdtJ7DWHF8RY8sNvuA1m2vpD+zQ --> ssh-ed25519 IRHAkA J9/JjHJ/em87NGLFTh8Gr7z0KLfyPuaXBOTr/lJNtjM -E9ECDhKGevsyUR3Omw4/p4GaX0TrYDVpL6yATuN+rnA ---- zQWNfPYkzPgQkTZtgcfILUK+wrjrvLZ7LTmwgkUw9NQ -ݴerO KҚ(UL КozV%SCK@,MKx;Mg K/oƾDŠE7|鐹d㇅Φ 8}s-jBtKۃd(X:0ͨ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix deleted file mode 100644 index 4fd1a32..0000000 --- a/secrets/secrets.nix +++ /dev/null @@ -1,215 +0,0 @@ -let - gustave = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDJrHUzjPX0v2FX5gJALCjEJaUJ4sbfkv8CBWc6zm0Oe"; - gustave_home = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII10x1bM8LQ0KI0eY9uvDhJW9Ic58OH/6uugR1a6OLRE julien@gustave"; - tower = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA9QGKzHJ5/PR/il8REaTxJKB4G2LEEts0BlcVz789lt"; - lisa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4kSscukEEoW/QiLgyZQluhsYK4wF+lFphlCakKYC2q"; - core-security = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLnOINGYOFb+bLUUTV9sjwi2qbpwcaQlmGmWfy1PeGR"; - arcadia = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBR6TATH7NrekBiRk8mMnxNw0LcDzMHgHh/JtpPUCfqT julien@arcadia"; - arcadia_home = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHH2mPgov6t7oFfEjtZr/DdJW5qSQYqbw+4uYitOCf9n julien@arcadia"; - fischer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPeKDFxgdZlhNXEUx8ex0Fj2Re+tDBvUr52SS4Wh3V9n"; - core-data = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAcIdJ3gr17bvDZ8NAcDBkEmOPTEhpg2yq3p1NNQB0f"; - lambda = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKluGTi+vGRLU2emYBhTJuEy7Qw0xq1e0Ey7wvU9xYHz"; - nuage = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEtPoZXJKPfSPGYb/H9eWL0tNSpAKM6V/AgeE1Uf2Is6"; - gallifrey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEr9QRD7QTNsAFmuJoX1mFzQ5A2ik1/ogMrvW54JMXeQ"; - gallifrey_home = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMAa0wll9ildhgPiV0DhgJXXtw3TQr5VkNxxxPspHSbX julien@gallifrey"; - fisher_home = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIADCpuBL/kSZShtXD6p/Nq9ok4w1DnlSoxToYgdOvUqo julien@telecom"; - akhaten = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII5W1rr+VW2TLLytoTExWg4T14lrdLFkSM4YLfbEIb2g"; - biblios = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5//9IlSSuES0xVsqqOwpotfcajgXL0AtcySpoZ8OLJ"; - servers = [ - gustave - tower - lisa - core-security - lambda - core-data - nuage - akhaten - biblios - ]; - all = servers ++ [ - arcadia - fischer - gallifrey - ]; -in -{ - "deluge-webui-password.age".publicKeys = [ - gustave - tower - ]; - "keycloak-db.age".publicKeys = [ - core-security - tower - ]; - "github-oauth-secret.age".publicKeys = [ tower ]; - "github-webhook-secret.age".publicKeys = [ tower ]; - "github-token-secret.age".publicKeys = [ tower ]; - "buildbot-nix-worker-password.age".publicKeys = [ tower ]; - "buildbot-nix-workers.age".publicKeys = [ tower ]; - "ssh-lisa-pub.age".publicKeys = [ - lisa - tower - ]; - "ssh-lisa-priv.age".publicKeys = [ - lisa - tower - ]; - "git-gpg-private-key.age".publicKeys = servers ++ [ - arcadia - fischer - gallifrey - ]; - "user-julien-password.age".publicKeys = all; - "user-root-password.age".publicKeys = all; - "ens-mail-password.age".publicKeys = servers ++ [ - fischer - ]; - "julien-malka-sh-mail-password.age".publicKeys = [ - lisa - tower - ]; - "malka-ens-school-mail-password.age".publicKeys = [ - lisa - tower - ]; - "mondon-ens-school-mail-password.age".publicKeys = [ - lisa - tower - ]; - "forgejo_runners-token_file.age".publicKeys = [ tower ]; - "stalwart-admin.age".publicKeys = [ - tower - akhaten - ]; - "arkheon-env.age".publicKeys = [ - lambda - tower - ]; - "arkheon-token.age".publicKeys = servers; - "borg-ssh-priv.age".publicKeys = [ - gustave - akhaten - tower - ]; - "borg-encryption-secret.age".publicKeys = [ - gustave - akhaten - tower - ]; - - "pages-settings-file.age".publicKeys = [ - gustave - tower - ]; - "404-ssl-certificate-cert.age".publicKeys = all; - "404-ssl-certificate-key.age".publicKeys = all; - "readeck-config.age".publicKeys = [ - gallifrey - tower - gustave - ]; - "stateless-uptime-kuma-password.age".publicKeys = [ - gallifrey - tower - lambda - ]; - "dgnum-mail-pw.age".publicKeys = [ - gallifrey - tower - fischer - gallifrey_home - gustave_home - fisher_home - arcadia_home - ]; - "work-mail-pw.age".publicKeys = [ - gallifrey - tower - fischer - gallifrey_home - gustave_home - fisher_home - arcadia_home - ]; - "telecom-mail-pw.age".publicKeys = [ - gallifrey - tower - fischer - gallifrey_home - gustave_home - fisher_home - arcadia_home - ]; - "ens-mail-pw.age".publicKeys = [ - gallifrey - tower - fischer - gallifrey_home - gustave_home - arcadia_home - fisher_home - ]; - - "plausible-keybase-secret.age".publicKeys = [ - tower - gallifrey - gustave - ]; - "plausible-password.age".publicKeys = [ - tower - gallifrey - gustave - ]; - - "garage-env-file.age".publicKeys = [ - tower - gallifrey - biblios - ]; - - "nextcloud-admin-password.age".publicKeys = [ - tower - gallifrey - gustave - ]; - - "nextcloud-s3-token.age".publicKeys = [ - tower - gallifrey - gustave - ]; - - "mastodon-env.age".publicKeys = [ - tower - gallifrey - gustave - ]; - - "artiflakery-auth.age".publicKeys = [ - tower - gallifrey - gustave - ]; - - "notes-perso-auth.age".publicKeys = [ - tower - gallifrey - gustave - biblios - ]; - - "notes-phd-auth.age".publicKeys = [ - tower - gallifrey - gustave - biblios - ]; - - "book-auth.age".publicKeys = [ - tower - gallifrey - gustave - biblios - ]; - -} diff --git a/secrets/ssh-lisa-priv.age b/secrets/ssh-lisa-priv.age deleted file mode 100644 index 8293671..0000000 --- a/secrets/ssh-lisa-priv.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 bD9h7A o0SqUDdE6f7PB5bng04YPEgoHzEHtLWquwE/+KSiBmI -KXVTGibUHq9FdH27jLmgkxqnKRkkyMEqBNYF0bEyaoo --> ssh-ed25519 AqX2tg qORbiGOOXuryIaDQ0mF3vS5zshXWMzLqyMF8/VIWt2w -/H9y886QiNWwDj3WlF4EUrR3a3FLWyOVEKPs4KIFOLs ---- +mASKbXkS8UBB30ub55UfMLNk3Pz9XQyIdpXLzY4x5k -wu ;l@Qf։έG&)φn{<V/8N/v5^EO08|m'̹S"0F8.#qvu/a -Y>:c@b"r|\)ΗF!z?}Cn.a<$Ӿ.V&$,7I{R?&3cفsnI%y~r1dao/"Z(~^xP!Jƀ3`"{"޼[z-!|n)+gZS0`60IJVW,^>R:CB_)s߁gN"M'F-;[0tԦaKl<;y2Og9vtт(sbޓ8JsuS:SԚ4akWFC.Zi/Rn -G)+F: -@ \ No newline at end of file diff --git a/secrets/ssh-lisa-pub.age b/secrets/ssh-lisa-pub.age deleted file mode 100644 index bf5a208..0000000 Binary files a/secrets/ssh-lisa-pub.age and /dev/null differ diff --git a/secrets/stalwart-admin.age b/secrets/stalwart-admin.age deleted file mode 100644 index 5296a2a..0000000 Binary files a/secrets/stalwart-admin.age and /dev/null differ diff --git a/secrets/stateless-uptime-kuma-password.age b/secrets/stateless-uptime-kuma-password.age deleted file mode 100644 index 3ae6e07..0000000 --- a/secrets/stateless-uptime-kuma-password.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 u3yXZQ 1x5UeuazhHgklICvQndvZ27Rfqs02j9elCkk0EW6iUQ -zbBwzSdCjuxPjIKqZOoL2RYs9OJzR1lZCzN2htdqLgI --> ssh-ed25519 AqX2tg afqPcqgi6Efk7XGrd81q62PXm2rspPrikVJa9TS9EAA -4swXMpm8QYqEQQDfDzMROVdMU7tqBucYtEQSiWlTCbQ --> ssh-ed25519 xaddyw RfeAJwFJsMbjWn7EG/xvuW8fZnP2MmbSnVJwRxRaqSo -AJ9yFv0yhTLctokYF8klXfFYddCPwp0EYVlVbhRZ7I0 ---- YNjU8tYiN8L3Dq1RahW0l5g56nRLEGpVTMtlGZMNXHQ -\F#"j*`)5dueG5X>II#FޫFwvӼn]4s \ No newline at end of file diff --git a/secrets/telecom-mail-pw.age b/secrets/telecom-mail-pw.age deleted file mode 100644 index 0a6a6bd..0000000 Binary files a/secrets/telecom-mail-pw.age and /dev/null differ diff --git a/secrets/user-julien-password.age b/secrets/user-julien-password.age deleted file mode 100644 index eec7973..0000000 Binary files a/secrets/user-julien-password.age and /dev/null differ diff --git a/secrets/user-root-password.age b/secrets/user-root-password.age deleted file mode 100644 index 91b6cf1..0000000 Binary files a/secrets/user-root-password.age and /dev/null differ diff --git a/secrets/work-mail-pw.age b/secrets/work-mail-pw.age deleted file mode 100644 index 18fa505..0000000 Binary files a/secrets/work-mail-pw.age and /dev/null differ diff --git a/users/default.nix b/users/default.nix index 0319dce..583cbd1 100644 --- a/users/default.nix +++ b/users/default.nix @@ -11,7 +11,7 @@ programs.fish.enable = true; - age.secrets.user-root-password.file = ../secrets/user-root-password.age; + age.secrets.user-root-password.file = ../private/secrets/user-root-password.age; users.users.root = { uid = config.ids.uids.root; diff --git a/users/julien.nix b/users/julien.nix index 89d7195..b37966a 100644 --- a/users/julien.nix +++ b/users/julien.nix @@ -29,5 +29,5 @@ nix.settings.allowed-users = [ "julien" ]; nix.settings.trusted-users = [ "julien" ]; - age.secrets.julien-password.file = ../secrets/user-julien-password.age; + age.secrets.julien-password.file = ../private/secrets/user-julien-password.age; }