diff --git a/.gitmodules b/.gitmodules deleted file mode 100644 index e393ddc..0000000 --- a/.gitmodules +++ /dev/null @@ -1,3 +0,0 @@ -[submodule "private"] - path = private - url = ssh://forgejo@git.luj.fr/luj/snowfield-private.git diff --git a/home-manager-modules/mails/default.nix b/home-manager-modules/mails/default.nix index 51adb38..0a1a8e0 100644 --- a/home-manager-modules/mails/default.nix +++ b/home-manager-modules/mails/default.nix @@ -16,19 +16,19 @@ with lib; config = mkIf cfg.enable { age.secrets.work-mail-pw = { - file = ../../private/secrets/work-mail-pw.age; + file = ../../secrets/work-mail-pw.age; }; age.secrets.dgnum-mail-pw = { - file = ../../private/secrets/dgnum-mail-pw.age; + file = ../../secrets/dgnum-mail-pw.age; }; age.secrets.telecom-mail-pw = { - file = ../../private/secrets/telecom-mail-pw.age; + file = ../../secrets/telecom-mail-pw.age; }; age.secrets.ens-mail-pw = { - file = ../../private/secrets/ens-mail-pw.age; + file = ../../secrets/ens-mail-pw.age; }; programs.mbsync = { diff --git a/lon.lock b/lon.lock index 7e5b850..3b2063b 100644 --- a/lon.lock +++ b/lon.lock @@ -7,9 +7,9 @@ "owner": "ryantm", "repo": "agenix", "branch": "main", - "revision": "531beac616433bac6f9e2a19feb8e99a22a66baf", - "url": "https://github.com/ryantm/agenix/archive/531beac616433bac6f9e2a19feb8e99a22a66baf.tar.gz", - "hash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=" + "revision": "4835b1dc898959d8547a871ef484930675cb47f1", + "url": "https://github.com/ryantm/agenix/archive/4835b1dc898959d8547a871ef484930675cb47f1.tar.gz", + "hash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=" }, "artiflakery": { "type": "GitHub", @@ -67,9 +67,9 @@ "owner": "nix-community", "repo": "emacs-overlay", "branch": "master", - "revision": "90856b1b570da027a768a8b8c11d49be723a7856", - "url": "https://github.com/nix-community/emacs-overlay/archive/90856b1b570da027a768a8b8c11d49be723a7856.tar.gz", - "hash": "sha256-2CmtuWDAxP/o14TeKXQa0BtHMALKjFAmoU4DaWX78zk=" + "revision": "cff16fc129c76889ddfb0ebb17b53b6633c77ba5", + "url": "https://github.com/nix-community/emacs-overlay/archive/cff16fc129c76889ddfb0ebb17b53b6633c77ba5.tar.gz", + "hash": "sha256-EtSUmvOKU7mfocPNsBSmgjOcqPBKWshSN/jsxmHZqfI=" }, "git-hooks": { "type": "GitHub", @@ -167,9 +167,9 @@ "owner": "nixos", "repo": "nixpkgs", "branch": "nixos-25.05", - "revision": "36ab78dab7da2e4e27911007033713bab534187b", - "url": "https://github.com/nixos/nixpkgs/archive/36ab78dab7da2e4e27911007033713bab534187b.tar.gz", - "hash": "sha256-urV51uWH7fVnhIvsZIELIYalMYsyr2FCalvlRTzqWRw=" + "revision": "6c64dabd3aa85e0c02ef1cdcb6e1213de64baee3", + "url": "https://github.com/nixos/nixpkgs/archive/6c64dabd3aa85e0c02ef1cdcb6e1213de64baee3.tar.gz", + "hash": "sha256-h/aac1dGLhS3qpaD2aZt25NdKY7b+JT0ZIP2WuGsJMU=" }, "proxmox": { "type": "GitHub", @@ -196,9 +196,9 @@ "owner": "nixos", "repo": "nixpkgs", "branch": "nixos-unstable", - "revision": "9e83b64f727c88a7711a2c463a7b16eedb69a84c", - "url": "https://github.com/nixos/nixpkgs/archive/9e83b64f727c88a7711a2c463a7b16eedb69a84c.tar.gz", - "hash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=" + "revision": "ee930f9755f58096ac6e8ca94a1887e0534e2d81", + "url": "https://github.com/nixos/nixpkgs/archive/ee930f9755f58096ac6e8ca94a1887e0534e2d81.tar.gz", + "hash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=" } } } diff --git a/machines/akhaten/stalwart.nix b/machines/akhaten/stalwart.nix index 7d702ad..11db346 100644 --- a/machines/akhaten/stalwart.nix +++ b/machines/akhaten/stalwart.nix @@ -1,23 +1,12 @@ { config, lib, - pkgs, ... }: -let - stalwart-private-settings = import ../../private/pkgs/stalwart/settings.nix; -in { services.stalwart-mail = { enable = true; - package = pkgs.callPackage ../../private/pkgs/stalwart { }; settings = { - metrics.history = { - enable = true; - store = "rocksdb"; - retention = "90d"; - interval = "0 * *"; - }; authentication.fallback-admin = { user = "admin"; secret = "%{file:/var/lib/stalwart-mail/admin-hash}%"; @@ -68,13 +57,14 @@ in }; }; }; - } // stalwart-private-settings; + + }; }; services.backup.includes = [ "/var/lib/stalwart-mail/db" ]; age.secrets.stalwart-admin-hash = { - file = ../../private/secrets/stalwart-admin.age; + file = ../../secrets/stalwart-admin.age; path = "/var/lib/stalwart-mail/admin-hash"; owner = "stalwart-mail"; group = "stalwart-mail"; diff --git a/machines/arcadia/default.nix b/machines/arcadia/default.nix index b353e76..66295c1 100644 --- a/machines/arcadia/default.nix +++ b/machines/arcadia/default.nix @@ -80,6 +80,8 @@ security.pam.services.swaylock = { }; + programs.ssh.startAgent = true; + services.xserver.displayManager.lightdm.enable = true; services.xserver.desktopManager.xterm.enable = true; services.xserver.enable = true; diff --git a/machines/arcadia/syncthing.nix b/machines/arcadia/syncthing.nix index 772af12..c3abffc 100644 --- a/machines/arcadia/syncthing.nix +++ b/machines/arcadia/syncthing.nix @@ -12,7 +12,7 @@ listenAddresses = [ "tcp://${config.machine.meta.ips.vpn.ipv4}" ]; }; - settings.devices = { + devices = { "gustave" = { id = "6APF3EP-TIV7ZBK-5WB5SA4-Y2K37CR-AMIB2TM-6T2VORK-UYNQO2X-TO6V2QH"; addresses = [ @@ -28,10 +28,10 @@ }; }; - settings.folders = { + folders = { "dev" = { path = "/home/julien/dev"; - settings.devices = [ + devices = [ "gustave" "fischer" ]; diff --git a/machines/biblios/garage.nix b/machines/biblios/garage.nix index 7d7e06c..afe2feb 100644 --- a/machines/biblios/garage.nix +++ b/machines/biblios/garage.nix @@ -10,7 +10,7 @@ in { services.garage = { enable = true; - package = pkgs.garage_1_x; + package = pkgs.garage_1_1_0; settings = { replication_factor = 1; @@ -36,17 +36,17 @@ in environmentFile = config.age.secrets."garage-env-file".path; }; - age.secrets."garage-env-file".file = ../../private/secrets/garage-env-file.age; + age.secrets."garage-env-file".file = ../../secrets/garage-env-file.age; age.secrets."book-auth" = { - file = ../../private/secrets/book-auth.age; + file = ../../secrets/book-auth.age; owner = "nginx"; }; age.secrets."notes-phd-auth" = { - file = ../../private/secrets/notes-phd-auth.age; + file = ../../secrets/notes-phd-auth.age; owner = "nginx"; }; age.secrets."notes-perso-auth" = { - file = ../../private/secrets/notes-perso-auth.age; + file = ../../secrets/notes-perso-auth.age; owner = "nginx"; }; diff --git a/machines/core-security/default.nix b/machines/core-security/default.nix index 01184a6..11d956b 100644 --- a/machines/core-security/default.nix +++ b/machines/core-security/default.nix @@ -90,7 +90,7 @@ }; }; - age.secrets.keycloak-db.file = ../../private/secrets/keycloak-db.age; + age.secrets.keycloak-db.file = ../../secrets/keycloak-db.age; services.openssh.extraConfig = '' HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub diff --git a/machines/core-security/kanidm.nix b/machines/core-security/kanidm.nix index 0d94a7b..cd5ea57 100644 --- a/machines/core-security/kanidm.nix +++ b/machines/core-security/kanidm.nix @@ -1,7 +1,7 @@ { pkgs, config, ... }: let certificate = config.security.acme.certs."auth.luj.fr"; - kanidm = pkgs.kanidm_1_6; + kanidm = pkgs.kanidm_1_5; in { services.kanidm = { diff --git a/machines/fischer/default.nix b/machines/fischer/default.nix index 76d95cd..1ec72e4 100644 --- a/machines/fischer/default.nix +++ b/machines/fischer/default.nix @@ -311,6 +311,8 @@ in security.pam.services.swaylock = { }; + programs.ssh.startAgent = true; + services.gnome.gnome-keyring.enable = true; services.openssh.extraConfig = '' diff --git a/machines/fischer/syncthing.nix b/machines/fischer/syncthing.nix index fa8d696..b933e17 100644 --- a/machines/fischer/syncthing.nix +++ b/machines/fischer/syncthing.nix @@ -12,7 +12,7 @@ listenAddresses = [ "tcp://${config.machine.meta.ips.vpn.ipv4}" ]; }; - settings.devices = { + devices = { "gustave" = { id = "6APF3EP-TIV7ZBK-5WB5SA4-Y2K37CR-AMIB2TM-6T2VORK-UYNQO2X-TO6V2QH"; addresses = [ @@ -35,10 +35,10 @@ }; }; - settings.folders = { + folders = { "dev" = { path = "/home/julien/dev"; - settings.devices = [ + devices = [ "gustave" "gallifrey" "arcadia" diff --git a/machines/gallifrey/default.nix b/machines/gallifrey/default.nix index 9a94ba0..6586462 100644 --- a/machines/gallifrey/default.nix +++ b/machines/gallifrey/default.nix @@ -73,11 +73,10 @@ services.xserver = { enable = true; videoDrivers = [ "nvidia" ]; + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; }; - services.desktopManager.gnome.enable = true; - services.displayManager.gdm.enable = true; - hardware.graphics.enable = true; hardware.nvidia = { modesetting.enable = true; @@ -122,6 +121,7 @@ }; networking.networkmanager.plugins = [ pkgs.networkmanager-openvpn ]; + programs.ssh.startAgent = true; environment.systemPackages = with pkgs; [ tailscale diff --git a/machines/gallifrey/syncthing.nix b/machines/gallifrey/syncthing.nix index 772af12..c3abffc 100644 --- a/machines/gallifrey/syncthing.nix +++ b/machines/gallifrey/syncthing.nix @@ -12,7 +12,7 @@ listenAddresses = [ "tcp://${config.machine.meta.ips.vpn.ipv4}" ]; }; - settings.devices = { + devices = { "gustave" = { id = "6APF3EP-TIV7ZBK-5WB5SA4-Y2K37CR-AMIB2TM-6T2VORK-UYNQO2X-TO6V2QH"; addresses = [ @@ -28,10 +28,10 @@ }; }; - settings.folders = { + folders = { "dev" = { path = "/home/julien/dev"; - settings.devices = [ + devices = [ "gustave" "fischer" ]; diff --git a/machines/gustave/artiflakery.nix b/machines/gustave/artiflakery.nix index afb8f19..1a8790c 100644 --- a/machines/gustave/artiflakery.nix +++ b/machines/gustave/artiflakery.nix @@ -2,7 +2,7 @@ { age.secrets."artiflakery-auth" = { - file = ../../private/secrets/artiflakery-auth.age; + file = ../../secrets/artiflakery-auth.age; owner = "artiflakery"; }; diff --git a/machines/gustave/nextcloud.nix b/machines/gustave/nextcloud.nix index 893ca83..1e62a66 100644 --- a/machines/gustave/nextcloud.nix +++ b/machines/gustave/nextcloud.nix @@ -5,13 +5,13 @@ environment.systemPackages = [ config.services.nextcloud.occ ]; age.secrets."nextcloud-admin-password" = { - file = ../../private/secrets/nextcloud-admin-password.age; + file = ../../secrets/nextcloud-admin-password.age; owner = "nextcloud"; group = "nextcloud"; }; age.secrets."nextcloud-s3-token" = { - file = ../../private/secrets/nextcloud-s3-token.age; + file = ../../secrets/nextcloud-s3-token.age; owner = "nextcloud"; group = "nextcloud"; }; @@ -38,7 +38,7 @@ bucket = "nextcloud-bucket"; key = "GK5e980f5f3c7e2780b931ccd0"; secretFile = config.age.secrets."nextcloud-s3-token".path; - verify_bucket_exists = false; + autocreate = false; }; }; diff --git a/machines/gustave/pages.nix b/machines/gustave/pages.nix index 1f63104..7c99d37 100644 --- a/machines/gustave/pages.nix +++ b/machines/gustave/pages.nix @@ -8,7 +8,7 @@ let allowedUpstream = "2a01:e0a:de4:a0e1:4bb5:9275:6010:e9b5/128"; in { - age.secrets."pages-settings-file".file = ../../private/secrets/pages-settings-file.age; + age.secrets."pages-settings-file".file = ../../secrets/pages-settings-file.age; services.codeberg-pages = { enable = true; @@ -97,7 +97,7 @@ in ]; # Listen to ipv6 packets coming from the internet, check the SNI - # If they are one of the declared virtualHosts, forward them to the proxy protocol listener + # If they are one of the declared virtualHosts, forward them to the proxy protocol listener # for that virtualHost, else forward them to the page server streamConfig = '' map $ssl_preread_server_name $sni_upstream { diff --git a/machines/gustave/plausible.nix b/machines/gustave/plausible.nix index 308b6b1..c5911f3 100644 --- a/machines/gustave/plausible.nix +++ b/machines/gustave/plausible.nix @@ -21,7 +21,7 @@ }; age.secrets = { - plausible-admin-password.file = ../../private/secrets/plausible-password.age; - plausible-secret-key-base.file = ../../private/secrets/plausible-keybase-secret.age; + plausible-admin-password.file = ../../secrets/plausible-password.age; + plausible-secret-key-base.file = ../../secrets/plausible-keybase-secret.age; }; } diff --git a/machines/gustave/readeck.nix b/machines/gustave/readeck.nix index cc30d8c..8bac7a0 100644 --- a/machines/gustave/readeck.nix +++ b/machines/gustave/readeck.nix @@ -1,7 +1,7 @@ { config, ... }: { - age.secrets."readeck-config".file = ../../private/secrets/readeck-config.age; + age.secrets."readeck-config".file = ../../secrets/readeck-config.age; services.nginx.virtualHosts."read.luj" = { forceSSL = true; diff --git a/machines/gustave/syncthing.nix b/machines/gustave/syncthing.nix index 8e80600..4f6644e 100644 --- a/machines/gustave/syncthing.nix +++ b/machines/gustave/syncthing.nix @@ -12,7 +12,7 @@ listenAddresses = [ "tcp://${config.machine.meta.ips.vpn.ipv4}" ]; }; - settings.devices = { + devices = { "fischer" = { id = "PLIMD3Z-L4DYKDB-MY4PFTS-3RMQUNF-GFWFOBB-SELW6MB-WIQJ2LM-QAC45QQ"; addresses = [ @@ -26,10 +26,10 @@ ]; }; }; - settings.folders = { + folders = { "dev" = { path = "/home/julien/dev"; - settings.devices = [ + devices = [ "fischer" "gallifrey" ]; diff --git a/machines/lambda/uptime-kuma.nix b/machines/lambda/uptime-kuma.nix index e82da2a..745dec4 100644 --- a/machines/lambda/uptime-kuma.nix +++ b/machines/lambda/uptime-kuma.nix @@ -37,7 +37,7 @@ in }; age.secrets."stateless-uptime-kuma-password".file = - ../../private/secrets/stateless-uptime-kuma-password.age; + ../../secrets/stateless-uptime-kuma-password.age; nixpkgs.overlays = [ (import "${inputs.stateless-uptime-kuma}/overlay.nix") ]; diff --git a/machines/tower/forgejo-runner.nix b/machines/tower/forgejo-runner.nix index 9723288..f30cd01 100644 --- a/machines/tower/forgejo-runner.nix +++ b/machines/tower/forgejo-runner.nix @@ -1,6 +1,6 @@ { pkgs, config, ... }: { - age.secrets.forgejo_runners-token_file.file = ../../private/secrets/forgejo_runners-token_file.age; + age.secrets.forgejo_runners-token_file.file = ../../secrets/forgejo_runners-token_file.age; nix.settings.allowed-users = [ "gitea-runner" ]; nix.settings.trusted-users = [ "gitea-runner" ]; diff --git a/modules/backup/default.nix b/modules/backup/default.nix index 7417be0..8b2a6a5 100644 --- a/modules/backup/default.nix +++ b/modules/backup/default.nix @@ -72,12 +72,12 @@ in config = lib.mkIf (cfg.includes != [ ]) { age.secrets."borg-ssh-key" = { - file = ../../private/secrets/borg-ssh-priv.age; + file = ../../secrets/borg-ssh-priv.age; owner = "root"; mode = "0600"; }; - age.secrets."borg-encryption-secret".file = ../../private/secrets/borg-encryption-secret.age; + age.secrets."borg-encryption-secret".file = ../../secrets/borg-encryption-secret.age; programs.ssh.knownHosts."${if port != 22 then "[${host}]:${port}" else host}" = { publicKey = "${hostPublicKey}"; diff --git a/modules/buildbot/default.nix b/modules/buildbot/default.nix index c9e1503..4746ca0 100644 --- a/modules/buildbot/default.nix +++ b/modules/buildbot/default.nix @@ -55,12 +55,12 @@ in }; age.secrets = { - github-token.file = ../../private/secrets/github-token-secret.age; - github-webhook-secret.file = ../../private/secrets/github-webhook-secret.age; - github-oauth-secret.file = ../../private/secrets/github-oauth-secret.age; - buildbot-nix-workers.file = ../../private/secrets/buildbot-nix-workers.age; + github-token.file = ../../secrets/github-token-secret.age; + github-webhook-secret.file = ../../secrets/github-webhook-secret.age; + github-oauth-secret.file = ../../secrets/github-oauth-secret.age; + buildbot-nix-workers.file = ../../secrets/buildbot-nix-workers.age; buildbot-nix-worker-password = { - file = ../../private/secrets/buildbot-nix-worker-password.age; + file = ../../secrets/buildbot-nix-worker-password.age; owner = "buildbot-worker"; }; }; diff --git a/modules/deluge/default.nix b/modules/deluge/default.nix index 0d24bcc..d8208c3 100644 --- a/modules/deluge/default.nix +++ b/modules/deluge/default.nix @@ -35,7 +35,7 @@ in age.secrets.deluge-webui-password = { owner = cfg.user; - file = ../../private/secrets/deluge-webui-password.age; + file = ../../secrets/deluge-webui-password.age; }; services.deluge = { diff --git a/modules/nginx/default.nix b/modules/nginx/default.nix index 1f320d3..afafcbf 100644 --- a/modules/nginx/default.nix +++ b/modules/nginx/default.nix @@ -147,7 +147,7 @@ in security.acme.acceptTerms = true; age.secrets.nginx-cert = { - file = ../../private/secrets/404-ssl-certificate-cert.age; + file = ../../secrets/404-ssl-certificate-cert.age; path = "/var/lib/acme/default/cert.pem"; owner = "acme"; group = "nginx"; @@ -156,7 +156,7 @@ in }; age.secrets.nginx-key = { - file = ../../private/secrets/404-ssl-certificate-key.age; + file = ../../secrets/404-ssl-certificate-key.age; path = "/var/lib/acme/default/key.pem"; owner = "acme"; group = "nginx"; diff --git a/modules/secrets/default.nix b/modules/secrets/default.nix index c713a12..cb7a316 100644 --- a/modules/secrets/default.nix +++ b/modules/secrets/default.nix @@ -11,7 +11,7 @@ with lib; config = mkIf cfg.enable { age.secrets.git-gpg-private-key = { - file = ../../private/secrets/git-gpg-private-key.age; + file = ../../secrets/git-gpg-private-key.age; owner = "julien"; mode = "0440"; group = config.users.groups.keys.name; diff --git a/private b/private deleted file mode 160000 index 8cb3528..0000000 --- a/private +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 8cb35282ab0d38c63f757653bab144cfc348c08c diff --git a/profiles/base.nix b/profiles/base.nix index f29c75e..85d560f 100644 --- a/profiles/base.nix +++ b/profiles/base.nix @@ -55,7 +55,6 @@ step-cli comma-with-db nixos-firewall-tool - attic-client ]; environment.variables.EDITOR = "nvim"; diff --git a/secrets/404-ssl-certificate-cert.age b/secrets/404-ssl-certificate-cert.age new file mode 100644 index 0000000..1aea2f2 Binary files /dev/null and b/secrets/404-ssl-certificate-cert.age differ diff --git a/secrets/404-ssl-certificate-key.age b/secrets/404-ssl-certificate-key.age new file mode 100644 index 0000000..d551a3b Binary files /dev/null and b/secrets/404-ssl-certificate-key.age differ diff --git a/secrets/arkheon-env.age b/secrets/arkheon-env.age new file mode 100644 index 0000000..2a24bf0 --- /dev/null +++ b/secrets/arkheon-env.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 xaddyw zad7rIPt7YmMINK+6AJeBg0QLKjXRBpi1I686XJFjRc +6wIwquKdRSrHEw5M3TpFOiBs2ujO1IuwHjoxSzQYxOI +-> ssh-ed25519 AqX2tg /JXc+SICUiwgheJuUsi3Jf1NqA+Fk7nZooQ+MJB0kAU +CEjcUhpMoKP2EXyz5Jy8Jg8ME9sEBXAVjvVj0bfH540 +--- 3IOLgCrvtGC7wjwR5X2Cn5z8O2wO4vt26/FrRuDIHus +=ld45R*-׊!2;>Snβ5U|KnQsO6g, K +s \ No newline at end of file diff --git a/secrets/arkheon-token.age b/secrets/arkheon-token.age new file mode 100644 index 0000000..2ff4e86 --- /dev/null +++ b/secrets/arkheon-token.age @@ -0,0 +1,21 @@ +age-encryption.org/v1 +-> ssh-ed25519 IRHAkA 7lsX23PbejDfz2Qsw1Z79VpIKeE+OG0UBEIy6Z13TCE +DAqsFt8tdbTK8Juyi6EbE0dP8uYK7dysbi62RltzAoo +-> ssh-ed25519 AqX2tg Iuvw+AN1xrpvc1BLS6wZDqkKlbZTXL7XjfhN0batS0E +cpeBQ48U6hEq6yGtQIdSIdCSAUFBz3+Tf+FJw4iPNxU +-> ssh-ed25519 bD9h7A 9H7zGcs4s14Ow0mQtTcMYAZA/tKvNo1bZtX0Phr1nQo +mV31iQtkqs6p/TjaRYvb+2ATkKOHvlCKKrWtN4Rlluw +-> ssh-ed25519 2Wt2Kw JFIQfq65TaiWWchy9ew36+2fnn8/DJb12+Ked6HHiU8 +TyZ9wqh/uvfaE9z0U+uuXXSDPgd8OL/p/7jFjeclFhk +-> ssh-ed25519 xaddyw eiE9Cv3eBwWCkf79RIB+ktclTAldqd2tk2x8n0a0h04 +Rx1F/dx8vLzl1PkupfjsaoM4LeHFO3kT2pDLwT3pjUI +-> ssh-ed25519 6rkyTg j7b41KnYdY7IGuszX/N0n0z0ZQ3IZ7oFqQ9oj2WHLTE +LVOR+L3BUJ4mXUqaLCoopVZeHbUaUySmxA7yzDlXMI8 +-> ssh-ed25519 d3M2Dw VcD2TfG9Z6ZE62Xavr58F/MjXCLAJTvLZTd+y9/PMyc +hijMC0lVABN7nWWa23TgowZE3NFjc2mKS7QdJSf25UQ +-> ssh-ed25519 81O5Zw wZ/35O/yVaI4bw5AdZho6K67BvioXiITjHNBak31AwQ +gaE9BLdnVwPh8z30/BINUIDgu8zn4g6RSVsnc1G57B0 +-> ssh-ed25519 Ye6ufg cc6XtPVZUfmuewSB9EzjxcK41l26UQAlJnJZZW5zc3s +SiRKfBc01ompb9HsyLS2wJhlXuAWHJqvu9gBcLG0GAs +--- l4BP9E5c9FdRgFTreUPT9Ek1XK3zwAlPFQQD2ggLYzk +Vb[xUR ?>_s6Edo -=B~AƄ9sbۍ \ No newline at end of file diff --git a/secrets/artiflakery-auth.age b/secrets/artiflakery-auth.age new file mode 100644 index 0000000..d1c7e4a --- /dev/null +++ b/secrets/artiflakery-auth.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 AqX2tg aExOPwN8B9iOjx+NGzMRxdMZlVg94D6Y2zXzNL49dyI +Rgu7H8Us8uo/2YkSuC/FpFMePlT85a3nHwgVfkEx6/Q +-> ssh-ed25519 u3yXZQ 6C2UDX+hfcM4LPrgFjT/ccl1BH+8Q1fJkiPpp0mMWDU +P2erE/Hmpb2l20V9C2p5m/v3wb+OWtBh+NPSgdPg+o4 +-> ssh-ed25519 IRHAkA lyQLBcU23LQVbfaw+L+HAmY3ctDL4pMudvkwmN0dslY +P170WaIrgH/qSuhPJ8lzRXaLRvJw52TtrX1kJ187GeU +--- eOcQXq+qpuvGAYxvCzuug/kCS0262Q89NpYtpSpU2uw +պlyETs̔F&. JA@" +*=jb jB+K'ՄI&ڶ7wkA/|F3n'+v +ueWz;ﶉ \ No newline at end of file diff --git a/secrets/book-auth.age b/secrets/book-auth.age new file mode 100644 index 0000000..7913eab --- /dev/null +++ b/secrets/book-auth.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 AqX2tg zDqh2PvGIPYp0KY5vkk0/PvwpVui2I0D2PcADIqjJ2g +nAbsleFGQ6m2GP3U/awi/PSAaG9CoCNhtRCqzhWtNUM +-> ssh-ed25519 u3yXZQ N8lqAInc0PEju+3A8a01Hw4SiHBIt0fGGwUfeQ4SU0I +sGmDrRk/EAxXq+Zuh+xBVihB993dP3gsUptC6MfRYoE +-> ssh-ed25519 IRHAkA CeDM5bpCNDO6FnDAFlvNN47uUs6fC7J9S82cLOEfm0k +LKxbADvWMSyVs4L/GkPhFGtss+QRtdwg1LCwV3CSdGI +-> ssh-ed25519 Ye6ufg SCi2vaZqmkqhldcGY3V6AOguPoImlJCjYRQORf9D50c +BDfKtBKf13j6d6vUU0Uzk0kQWk+JzqYHb+G9XeKxwCk +--- Nk8GC8ujrTpDzFpJwm1VfypxEl5PfxWup9bEaTkdRwc +B@^2uW-5@i4f L|L"|gdO>2I5C|^/iyK 0$ʨ?_pJz0vιs| \ No newline at end of file diff --git a/secrets/borg-encryption-secret.age b/secrets/borg-encryption-secret.age new file mode 100644 index 0000000..908459b --- /dev/null +++ b/secrets/borg-encryption-secret.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 IRHAkA d308MOWZ2BLYYo18G9Lonml4dTpMuChxFLwqghEAnCg +k95+cWyJL2JDMSEVDrXftefjkyyF6iyDz9k/NKjs30k +-> ssh-ed25519 81O5Zw lpirBSHV8rLxAY3IMcdtduXo508ULmv0Jsw+OQbv11c +o3DXf3jcVI4o6F4kLOV6b6+QWaEobQIBzyTSLiz4khA +-> ssh-ed25519 AqX2tg Y5PfzmnIqIOzYs2DSYbBFpoWt/lopoMqxCerZfmFbAg +vNfXVvbyA2bWY0yyVu12FGo8HpaFtYVorlZ5PiTtRvo +--- J23yDhldnxVjK4S5MZ4vzwm2wIn76Nx/ZGLSaypoud0 +ǫmNcCf-WpF5W{+kW4E@G2f!u^ \ No newline at end of file diff --git a/secrets/borg-ssh-priv.age b/secrets/borg-ssh-priv.age new file mode 100644 index 0000000..b328974 --- /dev/null +++ b/secrets/borg-ssh-priv.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 IRHAkA hRATri1yOb2vg7FiYrFaUXV8arxHqAREOyxP5GVt3kI +dhpsKq48qyLwx+wn6BVoGzlaEHSXjBEF82RzhYgKKdw +-> ssh-ed25519 81O5Zw 9CS0EBF1JBc8SIWnLShfoUsj27Htcx+iIOx/77uvngU +CRnvoFEHOuWqbha+tQzkR5WS8pU5aCCPADTBpEQNSPw +-> ssh-ed25519 AqX2tg VoiT3Lo7Bt+Boy/Qbqk9Jy+cgySoM7R62TjnAJ1mwjg +OUNuWSwx1uMgLG1RRBeqKNjrfwVufmQk3pcwHzzVA28 +--- Ln/V6PWu99lene9SmxapMZGAO9RHoJw+R/AchrTLVZo +U-5q +|ԭ\<^/ÀڷoJDAx^2;tC!^O +Č)5Y/f ] .M|PqK֞Mʡ˛R,w+Z?`>D9*S]fW\uExŇ/WLƔ,z*RB'QN@}id,wkM g^/T EHVd/QT(2^|)hX;XmY!qUdsll^Qw0YԘEͰ[r a֫( 7d|Hyl~@1M#⬙5-CLNN9 ͍+Mu=A:)*_QC A46zea;خNI"WwX!%+q$d'|rHf6W% \ No newline at end of file diff --git a/secrets/buildbot-nix-worker-password.age b/secrets/buildbot-nix-worker-password.age new file mode 100644 index 0000000..b076ca6 --- /dev/null +++ b/secrets/buildbot-nix-worker-password.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 AqX2tg lt9JpQbAw+VDMuZJxJMEDttSGc67ZpTbUIznI+CQvkA +rRDMuTbGe9ebamKGEuy3bI73K7IY1J5qQO87R9sFlH8 +--- dfHwjj/IywWQfUN7vpo1wmySkEKMKb22EQuvADgzo8E +&nfh\VhwaJgضWgLI Sַou(:rɤ{ \ No newline at end of file diff --git a/secrets/buildbot-nix-workers.age b/secrets/buildbot-nix-workers.age new file mode 100644 index 0000000..1d247f5 --- /dev/null +++ b/secrets/buildbot-nix-workers.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 AqX2tg qYgZ2QJlmWAaWcYzJbn9MpqeykIh6O08XTib39xJyHQ +Ghu/VPtgcZJ/vSmmz/fThOLKbWpudGTF9q5/s7xoytA +--- PdmbhMJvon3rdeWqy3cVk38AemHB45YOchb3t/2HkGE +NnU+Y!4(ub;1 N9X_L+ lTyъiܖ# ۙ%bk‡B)h55v \ No newline at end of file diff --git a/secrets/deluge-webui-password.age b/secrets/deluge-webui-password.age new file mode 100644 index 0000000..effc7ff --- /dev/null +++ b/secrets/deluge-webui-password.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 IRHAkA ui0eCIFLxo0QDCLCvluv7/rE5inuMPuULWwwb0nbRmA +nca6oVHNi3dYWGN7NBPRIT12Yqcw0HfIm544hVyoqfA +-> ssh-ed25519 AqX2tg QBIXX6hV/UhsTZhE5pfaopnOSyLbMg9gK4ZtzpSQYUc +D4MOqKVAwbnOhR6cl9R+YYL9mGo2x6zs/fLCLBCyA8k +--- EMoeNyxRFsUdrQmmRV+SKuufm77Ma2pqndVjS7CczKc + +nr64ת76lu D;+h-Maj0ap%(b]^ojJ \ No newline at end of file diff --git a/secrets/dgnum-mail-pw.age b/secrets/dgnum-mail-pw.age new file mode 100644 index 0000000..92961e3 --- /dev/null +++ b/secrets/dgnum-mail-pw.age @@ -0,0 +1,19 @@ +age-encryption.org/v1 +-> ssh-ed25519 u3yXZQ +wH1AooNvcLP949JQM1drPuyN2IRs21zHr+Vczcbakw +wYmZ73l6Qd+ri4xVgqN4QKXgnBNP9Cjj1dBOBwc7l1Y +-> ssh-ed25519 AqX2tg Lv2TWT4cVkyDhdgkzFxEU1jCcgJQsuJV3LjMo0WRXjE +eb6HyZlcml7My8OYzOA+a9V3KD8h/3yOFsFJ/k4ow1M +-> ssh-ed25519 eySVIw QFG2KornBLk3k8i/GKCySCosPKytoiwse0xhSey0g20 +Fi730f8eF1Ct6P2GcIiJAgBkaPfW1nAZ+xJ3z317G/o +-> ssh-ed25519 ThuR9A rHzocWJhWyCdQ2QuEnkufWY8hVwRbzN3Mm+GyXjxTis +L9JUezAd87zW6YSwSuH+znD8G3lWmYGiwc3KHmDVwiE +-> ssh-ed25519 7MARBg 3NeaybBa2LN4qNMcw2GqQWeDTsHqr6/GZjSxoR4vhzk +4JoRSUfT9DJY348/paCSYCqJ/puWZTIiaOZj3ylhohg +-> ssh-ed25519 LFAtBQ iqeFnRf/cDzFQ6ebFvUOzdPkGoIvJNO9ZdMYFOwn3W4 +XyCP91Fb1uj85/8gbTCbRbUgyXYNXogDOR2jCzE5TFY +-> ssh-ed25519 pgfKjQ uTPCP/1L22cYUxRbjGT6hImXnzEg6jM+vx5vU6aptH4 +gCXk8Caa1sQKdx2Y/1PZ4X4yuJ7w2R+5lhFNJ8OO0cg +--- 8dHSuYgjlL+F/JwbkhJzgVEokGtk4V3ozIjh7QAnwsU +d\ p0FI''55C_ [ +.kAB +P/n,]fBv;;+hP2d{% \ No newline at end of file diff --git a/secrets/ens-mail-password.age b/secrets/ens-mail-password.age new file mode 100644 index 0000000..69256b1 --- /dev/null +++ b/secrets/ens-mail-password.age @@ -0,0 +1,23 @@ +age-encryption.org/v1 +-> ssh-ed25519 IRHAkA KKmIYYgr7RoHaFarMUu2MQxtfq7s6LFlkxWE2AiliUM +aoThCXX1Mwpeic5cKqpIYH66K6dnir3xZcUAVlFVm6w +-> ssh-ed25519 AqX2tg ukfeBi25gPQfJSCTgK6XzYAtdtu74WNTcDa4HWgiED0 +ATEWFoGWuNCw5JsHlJgOgmO2x7QUEWJGsJhQcfonj08 +-> ssh-ed25519 bD9h7A 4ecAGa7aX8QnxyBDcl8quzom3v6l4TCRZtQGzZT8KhQ +mtWdD8tM1YYo1MoQTENAZJYCSPYD7x2kCmUPc1uPHmw +-> ssh-ed25519 2Wt2Kw rWJcOrA4j1X3ygTkFjImKuS4bAyOlrBRqq98syTFuxU +FINJkFVzbSd3TkXh+l69TMwN3b9ZINknRYR6VzIGej0 +-> ssh-ed25519 xaddyw UiKM/eka9EJozle5zuEqfhZvES3OR9XnGb+c84I9tHc +S8gbIpi+SMw9PclFTa+zoiTmzE3XPmCIeTvzlCAGKCo +-> ssh-ed25519 6rkyTg QnPd4yP1q3y95CZD7CvOsQF9hHVc3OQQNTh6S6jleAs +tBTrboe1nRB1BpwCzSz+7CQ6CBpDCkWrJyR7x3HW0Ww +-> ssh-ed25519 d3M2Dw F4Ox/wYLCMaM5xsJQi7mMhDg3tOET7deQdofbfDi3gM +LsJjGUxMnV11JLxU9sdEvYFKV1lXgYiDypDXSfqyeYk +-> ssh-ed25519 81O5Zw zDQE7eCBtRBxqP8KJtgH2CQUWofLE8A7rW05SAQEuGU +Y+ff0hh/OoqEYQHCefl/KRpuO5g/wRwx+kL7BkLMweI +-> ssh-ed25519 Ye6ufg ca6dUiJfWehBpcOBPryk2cXnaI3MkYPBAbMwNXMi4Eo +pG3Baepk7wswiWn+3tvL2P5egckOrTvG9yZrXH4bpjs +-> ssh-ed25519 eySVIw pwAaiREYDhFnShx270t1GjAQ/xBbHrf3Qqrg/nXfcFU +fOMTE6eaqRmlAf/aAp9pSmxXernBMTeH6Gr63j8uMSA +--- 65+++rjiLS5eEDZbqQoR0li2H/VVq7NJvwNixCLUTUo +ւ@W;מ^{Cx*'ßwZ*ÏBlF;z \ No newline at end of file diff --git a/secrets/ens-mail-pw.age b/secrets/ens-mail-pw.age new file mode 100644 index 0000000..f5de799 --- /dev/null +++ b/secrets/ens-mail-pw.age @@ -0,0 +1,17 @@ +age-encryption.org/v1 +-> ssh-ed25519 u3yXZQ plTrCNAxnkMZ/+M8TD6umNkufSkUjSoAdJaiRVlx6Aw +qLg+wHa2gv9sgnRGXOVnzqlkKFznsC5P8ev2qYvN+No +-> ssh-ed25519 AqX2tg fil8vo0f6HUhW8xoIo/qoGECekBM3uU3aBlU/z53+Xc +lw19zCnPJWv79z+mICQFeQY4pQ6Bnu2rVmdXKOv2hqo +-> ssh-ed25519 eySVIw /MpShOP+mCDqqG68SezyB1FpO9M5Z1OvYjoiDRMgb00 +WZ6kK1hNSoEZUI3A8bxx+svn6OuqreDY+kTlqK1A9yQ +-> ssh-ed25519 ThuR9A Z5TfVJ7s/OPEkEELX8/z9S7IvrGu+KajPXSc6162zX4 +OygoKGN932ignRf8Y79qFECPt7x+WBmW896U7i9MHvM +-> ssh-ed25519 7MARBg hEI80P1lLpnaUCPgCf7zMdxK7Gidw9PhSZQiIaCNWUY +MNLlWs3DNS418h7YVWhbhreUb3Ub248kQX1KQVcWL24 +-> ssh-ed25519 pgfKjQ 2RS+GPy+NwseE+UWV9NAiPyHpnxHpkaeguOUm25Juh4 +NZQvLvom7jFNC9384LC8pQc/nO14qq0FZVWxCSB8gIc +-> ssh-ed25519 LFAtBQ R+eHawl+RRFDJarA22oZgq1bJvVg5dbDU8Rmp97fY30 +Db1hATY6aIN6ZKvtheFtrLnrqyzUFBPU2lwjATrY+HM +--- NvSg63mxMKTVXW3QF6cWDdbLmPPZPj+Uw711kCQSxWs +~d4Xs^BC-GҬܼ*.H \ No newline at end of file diff --git a/secrets/forgejo_runners-token_file.age b/secrets/forgejo_runners-token_file.age new file mode 100644 index 0000000..8598457 --- /dev/null +++ b/secrets/forgejo_runners-token_file.age @@ -0,0 +1,6 @@ +age-encryption.org/v1 +-> ssh-ed25519 AqX2tg X36nT0FkTjPcz0Lx14yHmHTYEv8clqHFui2OqmVOYQY +lUCstPKuatwdqCwInbjziQvp3c7sicp/NTHAhFrZGao +--- lOcAy9JVNLqK55W0dALAq6TDzme6svs30MFrTHyuR0s +7BF< ++yIʝO4Tt{}tȶ[R77}]pwj#^#& \ No newline at end of file diff --git a/secrets/garage-env-file.age b/secrets/garage-env-file.age new file mode 100644 index 0000000..6152a15 --- /dev/null +++ b/secrets/garage-env-file.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 AqX2tg QW7N0vYH/1rsU/EIiN+tLNYerZ28Hw2yZ/HCGeNp+V4 +/M3zririuCOkpdZ0RuHdFNDX9cPtGPX96/YQO+po4po +-> ssh-ed25519 u3yXZQ PxYh0IE7L+wXZ4SWH86CjCHaakwZLoVCFuekP2ZYtX4 +BGgHJRXkpoGwBEfz+FkWc5qkl37y436O65wEANMLfBg +-> ssh-ed25519 Ye6ufg X0MrbwY1GyFK1KRkM1Ohfd83JDR3Zpto1k/R0+ax314 +YpQ3vC+hqYiqOLD+JCI7g0x7N+IvOge4eRFLQEXzfIU +--- NX92hTxO3HS7t7FZ/7mi2s/WwWzy+0n7eJKCpiY2rlI +շ/NN$BUZLQcLoƏNTtfL$aMbsS'7UBԎ6eӗGJS4E$R4v|$n \ No newline at end of file diff --git a/secrets/git-gpg-private-key.age b/secrets/git-gpg-private-key.age new file mode 100644 index 0000000..065ba07 Binary files /dev/null and b/secrets/git-gpg-private-key.age differ diff --git a/secrets/github-oauth-secret.age b/secrets/github-oauth-secret.age new file mode 100644 index 0000000..f8f282c Binary files /dev/null and b/secrets/github-oauth-secret.age differ diff --git a/secrets/github-token-secret.age b/secrets/github-token-secret.age new file mode 100644 index 0000000..163d0e5 Binary files /dev/null and b/secrets/github-token-secret.age differ diff --git a/secrets/github-webhook-secret.age b/secrets/github-webhook-secret.age new file mode 100644 index 0000000..468abed --- /dev/null +++ b/secrets/github-webhook-secret.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 AqX2tg HUfPk3uqwIEcRrUwz96wzUZQ+MlAitVArONK0kVtxCo +EP5yxZ7TyNm6DW4aiWijgEEzTK+QBe7Brm9xadcGvZU +--- K6kwz37dqA38tUuMhSxvcjHq3h8sS/4uRUj1vjHEFBs +VR+W_V>(<F%\c{ CǩmQ-tm&~[k5^Dn; \ No newline at end of file diff --git a/secrets/julien-malka-sh-mail-password.age b/secrets/julien-malka-sh-mail-password.age new file mode 100644 index 0000000..a5da33f Binary files /dev/null and b/secrets/julien-malka-sh-mail-password.age differ diff --git a/secrets/keycloak-db.age b/secrets/keycloak-db.age new file mode 100644 index 0000000..d743baf --- /dev/null +++ b/secrets/keycloak-db.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 2Wt2Kw Jgmgn5lNDji8jNIJ8OnPYQ3kFe7wHsneh7KLZQ+ZuXM +7LNF9mkKgZSb5awzp2yIzV95DGcMU28kZLQ7h6K74go +-> ssh-ed25519 AqX2tg kfoTwBiLuW1arGWUMHcVcm0kQ8a9VDGWHnEiPu+otnE +eY0l0Ts5aj1A6WfT3xl8m6SmR3gjV6A6zZdpFU9a1aI +--- +ZqlVdQiXBcKWgwmckLeHuxgsKwmNulPzzdej7E8XxY +ܸt? +mP!ѴGl_%;ϑ˖8ƭ:%֍V<'*)w,M> ܾ@P5`t2V) \ No newline at end of file diff --git a/secrets/malka-ens-school-mail-password.age b/secrets/malka-ens-school-mail-password.age new file mode 100644 index 0000000..48e47b0 Binary files /dev/null and b/secrets/malka-ens-school-mail-password.age differ diff --git a/secrets/mastodon-env.age b/secrets/mastodon-env.age new file mode 100644 index 0000000..7b0a32a --- /dev/null +++ b/secrets/mastodon-env.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 AqX2tg be5eRJlqzg6ikUTpQzSYQhJmqGm2MhBS6QSLJMzkelw +KuiDK1N2189avFHNlMVaDhY/w+Nw3YUqQwDqtFldMIE +-> ssh-ed25519 u3yXZQ E+IZ2j7PHkKLFPQ6bLPptR66/auyikOJyyPdjOI89Cw +uYg+Vm1AxfAI6GfLJRRdjb9gdo9v8nOkeve+JNQpQos +-> ssh-ed25519 IRHAkA Zzbuh7KdHEXE/9YByaNCFrO0kcMsrKn+8jYFwZQjaQw +yVlmEA+Ae3jbrPDVPVYMbbR0txCbYFgwfSQybAPwvA4 +--- LzJd06KI5xKx1aiEn67JFbQcq2CeIXcr+wPzanx+SGo +¸Q`YҜ0F ]!v:g|} wɿ +Z覟埪/v_)8',_H\E"J Y@~ɦ7 ^x|ɇE8~$U)?}l;&Ӳ*mPzѰ1b1OgݐnR(1V¯ݑ% 0oq]zW-M΅V%r!iݲoׂO'"g؁ sB +fWD2.3uz`S휢ċBQ&3u;K/ \ No newline at end of file diff --git a/secrets/mondon-ens-school-mail-password.age b/secrets/mondon-ens-school-mail-password.age new file mode 100644 index 0000000..4de8c10 --- /dev/null +++ b/secrets/mondon-ens-school-mail-password.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 bD9h7A qF5Z8CLaqNVlW9MNvkMqJER3Vy32xxDntp3vy0KZJ2M +1k7WMxLN9Mfax66f9AzIZmJELrFTmuN/WJ5vnWnB8qg +-> ssh-ed25519 AqX2tg +26A9G8InpOHmkIA5syXP5jaOAK3g3Yiv9Ey8gDduRw +INSSJA2u/EIw7B1DWokfHICQP1mTSqRCiKk6cPFeYVw +--- G8cd0BgWQRAmEQENg1Vv7Io0I4uwxFvxVQNL+bEJFu4 +ѠML\'>9 ck(J(LH.i;gCز +/OL"dRP]`?j۵yUT˘\ٵ \ No newline at end of file diff --git a/secrets/nextcloud-admin-password.age b/secrets/nextcloud-admin-password.age new file mode 100644 index 0000000..cbcd5c8 --- /dev/null +++ b/secrets/nextcloud-admin-password.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 AqX2tg 4/c0gbNhOQMBlkk0M2M6CV5FShMdy6HhZptpL0WOBFI +uCqMKdDaInUMLlwCrG51d6AM7byg4a8EHLou5bQGzkE +-> ssh-ed25519 u3yXZQ HF3wgBxfE+Hmz9a5QB3+H03F9R/QFMk39vobB7QNglM +1ZMXLG6jpsM+NCYlOMEcx+wIxfA/4iHZCfRVQPtgLAI +-> ssh-ed25519 IRHAkA nTp3Yc7vypZ1bSie1lFuFpMUZFg67UdhKpSvvsA3Dhw +3aeOSI1R9IkaK5bjHkxMaK+/IruhKQkBxLOatyA4hME +--- h7OURmu2BfnFUklxRAwdGkJdy/vSFUobfVC4fz1H2lU +uH\xN ,w;]Cqv5U4t\NN|<7eb[E-g="u.F$ \ No newline at end of file diff --git a/secrets/nextcloud-s3-token.age b/secrets/nextcloud-s3-token.age new file mode 100644 index 0000000..5ac5a4a Binary files /dev/null and b/secrets/nextcloud-s3-token.age differ diff --git a/secrets/notes-perso-auth.age b/secrets/notes-perso-auth.age new file mode 100644 index 0000000..8fe059b Binary files /dev/null and b/secrets/notes-perso-auth.age differ diff --git a/secrets/notes-phd-auth.age b/secrets/notes-phd-auth.age new file mode 100644 index 0000000..8761c20 --- /dev/null +++ b/secrets/notes-phd-auth.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 AqX2tg WaB2KyF5Pn7bctfQPoQeYxLVrgJWOTJWEzy1idXbDH8 +6tMd9pXqlgE9c3WVZXpGhs+BI7u2/O28X2NRWRaDHe4 +-> ssh-ed25519 u3yXZQ pnv6mKrWs9TdDRgpK4KH8M50adnWhTOwEVBzA7O9Lhs +S7BHn26/5gw7pfix3Rzb3dKmPUdpWY/o6ujiogbKgTs +-> ssh-ed25519 IRHAkA f0vpRxGKTuowWFCAvlOCwxBEFGzua21QS0+n1xzGo0U +IhdHiySCsexbw/942wJPpiI3UspJY66AqGwJ4YuOPsM +-> ssh-ed25519 Ye6ufg YKi+IgVF9I4Qd9BWO9H+ZmR7dxTvfkroq4K+02GXQWw +YTRVYDiWcPsX4O5cllk7+BCslcBReHdw+jRitsqP43A +--- qhUlxjLo+pbiv23NWc2Vt83pa4DjHN9MFDAUv+XzuIE +YUϺ4qoqeNx[&:0A8 D nM:iC?P9 #عX?dqv4ڑ}o+ \ No newline at end of file diff --git a/secrets/pages-settings-file.age b/secrets/pages-settings-file.age new file mode 100644 index 0000000..dcd2cca Binary files /dev/null and b/secrets/pages-settings-file.age differ diff --git a/secrets/plausible-keybase-secret.age b/secrets/plausible-keybase-secret.age new file mode 100644 index 0000000..e1071a0 --- /dev/null +++ b/secrets/plausible-keybase-secret.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 AqX2tg ckWqS2AjXeQPrrA0NKeBJk+0WMe1o66bYjhDrk/N7w8 +Ab8w1oZtNKQATH4+t5TnlVN2ZJvMEI290HNn+hdRnys +-> ssh-ed25519 u3yXZQ mvHzT1GtRJysnrKLMaimIBZiN7TlfHbYqImE/zwPf1Y +kO/WdnbOvBD4YvFp+f0+ndkpdRpAhLIfpaeNsV58Zr8 +-> ssh-ed25519 IRHAkA jBEbSOiw1H8HyrQ8ItarIr2LAYxkCQKpTvSPIljMbgk +kllR6d6W2CzeErhmMpTWpsRzPER3p3XmzEwBMzs7vcQ +--- zpBIErWXERbFzcUw/JKSwRIOUSfhdVDsk5KQ+GU704M +ȠBŗo^6 |rwr\(ՏN^* \ No newline at end of file diff --git a/secrets/plausible-password.age b/secrets/plausible-password.age new file mode 100644 index 0000000..4ea62b7 --- /dev/null +++ b/secrets/plausible-password.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 AqX2tg /uwZbh6tiF8xjpEuaKeQhQMfMHXbFSmF1qwKZDea0W8 +WTGydvGAob58NkZGU/8kBytKWCVJBSwTMcjsBlxCetY +-> ssh-ed25519 u3yXZQ 3VpfVvCeMj23gF5R+dhOFJuiBWtN1NvdUzIZGit/1HM +kNQZzD3zgIKAeikdnl2xRrjLssyvpFqOm0vU6gD8DLI +-> ssh-ed25519 IRHAkA oa0nwwtyB3oMrJJ294oo9LZXkfFkApqi9uO+oCLjCmA +TT2SmDck2CQta2mFanNVptASuebbMeKEaY7em6r77uU +--- Un9n8WwXJOMDaVn6eyqacJxOqfV7z8N3nTwJ7D3AWKY +/ޞĻHE0j:6'B2Gt\Ȝ` >o I \ No newline at end of file diff --git a/secrets/readeck-config.age b/secrets/readeck-config.age new file mode 100644 index 0000000..2503c56 --- /dev/null +++ b/secrets/readeck-config.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 u3yXZQ jTuPs5Lzit/TMUS8ZjQSOmghJvXZIolT+cVA95owFTA +BGClI5JknoL1CAuPYyuLv9dHNodDUQDBkDYrp8RnkfU +-> ssh-ed25519 AqX2tg 84YCm2M1scsnBPG+EVgWRlS3Eo0BPwI8fKQ2HA9kjS8 +XepdbDkxbXk6YqtchdtJ7DWHF8RY8sNvuA1m2vpD+zQ +-> ssh-ed25519 IRHAkA J9/JjHJ/em87NGLFTh8Gr7z0KLfyPuaXBOTr/lJNtjM +E9ECDhKGevsyUR3Omw4/p4GaX0TrYDVpL6yATuN+rnA +--- zQWNfPYkzPgQkTZtgcfILUK+wrjrvLZ7LTmwgkUw9NQ +ݴerO KҚ(UL КozV%SCK@,MKx;Mg K/oƾDŠE7|鐹d㇅Φ 8}s-jBtKۃd(X:0ͨ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 0000000..4fd1a32 --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,215 @@ +let + gustave = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDJrHUzjPX0v2FX5gJALCjEJaUJ4sbfkv8CBWc6zm0Oe"; + gustave_home = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII10x1bM8LQ0KI0eY9uvDhJW9Ic58OH/6uugR1a6OLRE julien@gustave"; + tower = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA9QGKzHJ5/PR/il8REaTxJKB4G2LEEts0BlcVz789lt"; + lisa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4kSscukEEoW/QiLgyZQluhsYK4wF+lFphlCakKYC2q"; + core-security = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLnOINGYOFb+bLUUTV9sjwi2qbpwcaQlmGmWfy1PeGR"; + arcadia = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBR6TATH7NrekBiRk8mMnxNw0LcDzMHgHh/JtpPUCfqT julien@arcadia"; + arcadia_home = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHH2mPgov6t7oFfEjtZr/DdJW5qSQYqbw+4uYitOCf9n julien@arcadia"; + fischer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPeKDFxgdZlhNXEUx8ex0Fj2Re+tDBvUr52SS4Wh3V9n"; + core-data = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAcIdJ3gr17bvDZ8NAcDBkEmOPTEhpg2yq3p1NNQB0f"; + lambda = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKluGTi+vGRLU2emYBhTJuEy7Qw0xq1e0Ey7wvU9xYHz"; + nuage = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEtPoZXJKPfSPGYb/H9eWL0tNSpAKM6V/AgeE1Uf2Is6"; + gallifrey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEr9QRD7QTNsAFmuJoX1mFzQ5A2ik1/ogMrvW54JMXeQ"; + gallifrey_home = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMAa0wll9ildhgPiV0DhgJXXtw3TQr5VkNxxxPspHSbX julien@gallifrey"; + fisher_home = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIADCpuBL/kSZShtXD6p/Nq9ok4w1DnlSoxToYgdOvUqo julien@telecom"; + akhaten = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII5W1rr+VW2TLLytoTExWg4T14lrdLFkSM4YLfbEIb2g"; + biblios = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5//9IlSSuES0xVsqqOwpotfcajgXL0AtcySpoZ8OLJ"; + servers = [ + gustave + tower + lisa + core-security + lambda + core-data + nuage + akhaten + biblios + ]; + all = servers ++ [ + arcadia + fischer + gallifrey + ]; +in +{ + "deluge-webui-password.age".publicKeys = [ + gustave + tower + ]; + "keycloak-db.age".publicKeys = [ + core-security + tower + ]; + "github-oauth-secret.age".publicKeys = [ tower ]; + "github-webhook-secret.age".publicKeys = [ tower ]; + "github-token-secret.age".publicKeys = [ tower ]; + "buildbot-nix-worker-password.age".publicKeys = [ tower ]; + "buildbot-nix-workers.age".publicKeys = [ tower ]; + "ssh-lisa-pub.age".publicKeys = [ + lisa + tower + ]; + "ssh-lisa-priv.age".publicKeys = [ + lisa + tower + ]; + "git-gpg-private-key.age".publicKeys = servers ++ [ + arcadia + fischer + gallifrey + ]; + "user-julien-password.age".publicKeys = all; + "user-root-password.age".publicKeys = all; + "ens-mail-password.age".publicKeys = servers ++ [ + fischer + ]; + "julien-malka-sh-mail-password.age".publicKeys = [ + lisa + tower + ]; + "malka-ens-school-mail-password.age".publicKeys = [ + lisa + tower + ]; + "mondon-ens-school-mail-password.age".publicKeys = [ + lisa + tower + ]; + "forgejo_runners-token_file.age".publicKeys = [ tower ]; + "stalwart-admin.age".publicKeys = [ + tower + akhaten + ]; + "arkheon-env.age".publicKeys = [ + lambda + tower + ]; + "arkheon-token.age".publicKeys = servers; + "borg-ssh-priv.age".publicKeys = [ + gustave + akhaten + tower + ]; + "borg-encryption-secret.age".publicKeys = [ + gustave + akhaten + tower + ]; + + "pages-settings-file.age".publicKeys = [ + gustave + tower + ]; + "404-ssl-certificate-cert.age".publicKeys = all; + "404-ssl-certificate-key.age".publicKeys = all; + "readeck-config.age".publicKeys = [ + gallifrey + tower + gustave + ]; + "stateless-uptime-kuma-password.age".publicKeys = [ + gallifrey + tower + lambda + ]; + "dgnum-mail-pw.age".publicKeys = [ + gallifrey + tower + fischer + gallifrey_home + gustave_home + fisher_home + arcadia_home + ]; + "work-mail-pw.age".publicKeys = [ + gallifrey + tower + fischer + gallifrey_home + gustave_home + fisher_home + arcadia_home + ]; + "telecom-mail-pw.age".publicKeys = [ + gallifrey + tower + fischer + gallifrey_home + gustave_home + fisher_home + arcadia_home + ]; + "ens-mail-pw.age".publicKeys = [ + gallifrey + tower + fischer + gallifrey_home + gustave_home + arcadia_home + fisher_home + ]; + + "plausible-keybase-secret.age".publicKeys = [ + tower + gallifrey + gustave + ]; + "plausible-password.age".publicKeys = [ + tower + gallifrey + gustave + ]; + + "garage-env-file.age".publicKeys = [ + tower + gallifrey + biblios + ]; + + "nextcloud-admin-password.age".publicKeys = [ + tower + gallifrey + gustave + ]; + + "nextcloud-s3-token.age".publicKeys = [ + tower + gallifrey + gustave + ]; + + "mastodon-env.age".publicKeys = [ + tower + gallifrey + gustave + ]; + + "artiflakery-auth.age".publicKeys = [ + tower + gallifrey + gustave + ]; + + "notes-perso-auth.age".publicKeys = [ + tower + gallifrey + gustave + biblios + ]; + + "notes-phd-auth.age".publicKeys = [ + tower + gallifrey + gustave + biblios + ]; + + "book-auth.age".publicKeys = [ + tower + gallifrey + gustave + biblios + ]; + +} diff --git a/secrets/ssh-lisa-priv.age b/secrets/ssh-lisa-priv.age new file mode 100644 index 0000000..8293671 --- /dev/null +++ b/secrets/ssh-lisa-priv.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 bD9h7A o0SqUDdE6f7PB5bng04YPEgoHzEHtLWquwE/+KSiBmI +KXVTGibUHq9FdH27jLmgkxqnKRkkyMEqBNYF0bEyaoo +-> ssh-ed25519 AqX2tg qORbiGOOXuryIaDQ0mF3vS5zshXWMzLqyMF8/VIWt2w +/H9y886QiNWwDj3WlF4EUrR3a3FLWyOVEKPs4KIFOLs +--- +mASKbXkS8UBB30ub55UfMLNk3Pz9XQyIdpXLzY4x5k +wu ;l@Qf։έG&)φn{<V/8N/v5^EO08|m'̹S"0F8.#qvu/a +Y>:c@b"r|\)ΗF!z?}Cn.a<$Ӿ.V&$,7I{R?&3cفsnI%y~r1dao/"Z(~^xP!Jƀ3`"{"޼[z-!|n)+gZS0`60IJVW,^>R:CB_)s߁gN"M'F-;[0tԦaKl<;y2Og9vtт(sbޓ8JsuS:SԚ4akWFC.Zi/Rn +G)+F: +@ \ No newline at end of file diff --git a/secrets/ssh-lisa-pub.age b/secrets/ssh-lisa-pub.age new file mode 100644 index 0000000..bf5a208 Binary files /dev/null and b/secrets/ssh-lisa-pub.age differ diff --git a/secrets/stalwart-admin.age b/secrets/stalwart-admin.age new file mode 100644 index 0000000..5296a2a Binary files /dev/null and b/secrets/stalwart-admin.age differ diff --git a/secrets/stateless-uptime-kuma-password.age b/secrets/stateless-uptime-kuma-password.age new file mode 100644 index 0000000..3ae6e07 --- /dev/null +++ b/secrets/stateless-uptime-kuma-password.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 u3yXZQ 1x5UeuazhHgklICvQndvZ27Rfqs02j9elCkk0EW6iUQ +zbBwzSdCjuxPjIKqZOoL2RYs9OJzR1lZCzN2htdqLgI +-> ssh-ed25519 AqX2tg afqPcqgi6Efk7XGrd81q62PXm2rspPrikVJa9TS9EAA +4swXMpm8QYqEQQDfDzMROVdMU7tqBucYtEQSiWlTCbQ +-> ssh-ed25519 xaddyw RfeAJwFJsMbjWn7EG/xvuW8fZnP2MmbSnVJwRxRaqSo +AJ9yFv0yhTLctokYF8klXfFYddCPwp0EYVlVbhRZ7I0 +--- YNjU8tYiN8L3Dq1RahW0l5g56nRLEGpVTMtlGZMNXHQ +\F#"j*`)5dueG5X>II#FޫFwvӼn]4s \ No newline at end of file diff --git a/secrets/telecom-mail-pw.age b/secrets/telecom-mail-pw.age new file mode 100644 index 0000000..0a6a6bd Binary files /dev/null and b/secrets/telecom-mail-pw.age differ diff --git a/secrets/user-julien-password.age b/secrets/user-julien-password.age new file mode 100644 index 0000000..eec7973 Binary files /dev/null and b/secrets/user-julien-password.age differ diff --git a/secrets/user-root-password.age b/secrets/user-root-password.age new file mode 100644 index 0000000..91b6cf1 Binary files /dev/null and b/secrets/user-root-password.age differ diff --git a/secrets/work-mail-pw.age b/secrets/work-mail-pw.age new file mode 100644 index 0000000..18fa505 Binary files /dev/null and b/secrets/work-mail-pw.age differ diff --git a/users/default.nix b/users/default.nix index 583cbd1..0319dce 100644 --- a/users/default.nix +++ b/users/default.nix @@ -11,7 +11,7 @@ programs.fish.enable = true; - age.secrets.user-root-password.file = ../private/secrets/user-root-password.age; + age.secrets.user-root-password.file = ../secrets/user-root-password.age; users.users.root = { uid = config.ids.uids.root; diff --git a/users/julien.nix b/users/julien.nix index b37966a..89d7195 100644 --- a/users/julien.nix +++ b/users/julien.nix @@ -29,5 +29,5 @@ nix.settings.allowed-users = [ "julien" ]; nix.settings.trusted-users = [ "julien" ]; - age.secrets.julien-password.file = ../private/secrets/user-julien-password.age; + age.secrets.julien-password.file = ../secrets/user-julien-password.age; }