From c1e09364bb412f1e09d1a680e5200d375a61694f Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Thu, 2 Jan 2025 15:35:05 +0000 Subject: [PATCH] remove obsolete infra --- .sops.yaml | 35 ------ hosts/cirrus/configuration.nix | 64 ---------- hosts/cirrus/default.nix | 9 -- hosts/cirrus/hardware-configuration.nix | 39 ------ hosts/cirrus/irc.nix | 46 ------- hosts/cirrus/nextcloud-proxy.nix | 64 ---------- hosts/cirrus/secrets.nix | 14 --- hosts/cirrus/wireguard-server.nix | 123 ------------------- hosts/dishwasher/configuration.nix | 88 ------------- hosts/dishwasher/default.nix | 10 -- hosts/dishwasher/hardware-configuration.nix | 112 ----------------- hosts/dishwasher/mcvm-network.nix | 55 --------- hosts/dishwasher/microvms.nix | 16 --- hosts/dishwasher/oxalab.nix | 33 ----- hosts/dishwasher/secrets.nix | 11 -- hosts/noctilucent/default.nix | 55 --------- hosts/noctilucent/hardware-configuration.nix | 25 ---- secrets/cirrus/secrets.yaml | 43 ------- secrets/dishwasher/secrets.yaml | 42 ------- secrets/music/secrets.yaml | 42 ------- secrets/news/secrets.yaml | 42 ------- secrets/nextcloud/secrets.yaml | 44 ------- 22 files changed, 1012 deletions(-) delete mode 100644 hosts/cirrus/configuration.nix delete mode 100644 hosts/cirrus/default.nix delete mode 100644 hosts/cirrus/hardware-configuration.nix delete mode 100644 hosts/cirrus/irc.nix delete mode 100644 hosts/cirrus/nextcloud-proxy.nix delete mode 100644 hosts/cirrus/secrets.nix delete mode 100644 hosts/cirrus/wireguard-server.nix delete mode 100644 hosts/dishwasher/configuration.nix delete mode 100644 hosts/dishwasher/default.nix delete mode 100644 hosts/dishwasher/hardware-configuration.nix delete mode 100644 hosts/dishwasher/mcvm-network.nix delete mode 100644 hosts/dishwasher/microvms.nix delete mode 100644 hosts/dishwasher/oxalab.nix delete mode 100644 hosts/dishwasher/secrets.nix delete mode 100644 hosts/noctilucent/default.nix delete mode 100644 hosts/noctilucent/hardware-configuration.nix delete mode 100644 secrets/cirrus/secrets.yaml delete mode 100644 secrets/dishwasher/secrets.yaml delete mode 100644 secrets/music/secrets.yaml delete mode 100644 secrets/news/secrets.yaml delete mode 100644 secrets/nextcloud/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml index 2a071ce..0e61173 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,45 +1,10 @@ keys: - &admin_oxa DD0998E6CDF294537FC604F991FA5E5BF9AA901C - - &cirrus age1qm70jkg7us4ft4x3nh7kwxlul022kteescjj83ywvjhysj6nsq5sw7l6p8 - - &dishwasher age18t2dc53m7a53996fwcmuanwjtxxvvgkntpmdvd3q42pnkch6rajqnm4up8 - - &nextcloud age1ds7zgenz9a664jqx5308m6q5mgtavzmelg239xsj8mdh64pmqa9qtkffmk - &toaster age1qyj95tsntreefqeetawqy5pf26456s9c0v3tzz8yzs706c0jsg6qv56jzk - - &music age1aj7mgq8jxv0n5rnpqtgu4l56ymqyq86qacn3jp7ve2emk0eheuaqgm4rtt - - &news age1dwem3slsm04jpmje2ru5n7fujkmz2kvhdat5htx2xnc2yqtyefeqchwx7f creation_rules: - - path_regex: secrets/cirrus/[^/]+\.yaml$ - key_groups: - - pgp: - - *admin_oxa - age: - - *cirrus - - path_regex: secrets/dishwasher/[^/]+\.yaml$ - key_groups: - - pgp: - - *admin_oxa - age: - - *dishwasher - - path_regex: secrets/nextcloud/[^/]+\.yaml$ - key_groups: - - pgp: - - *admin_oxa - age: - - *nextcloud - path_regex: secrets/toaster/[^/]+\.yaml$ key_groups: - pgp: - *admin_oxa age: - *toaster - - path_regex: secrets/music/[^/]+\.yaml$ - key_groups: - - pgp: - - *admin_oxa - age: - - *music - - path_regex: secrets/news/[^/]+\.yaml$ - key_groups: - - pgp: - - *admin_oxa - age: - - *news diff --git a/hosts/cirrus/configuration.nix b/hosts/cirrus/configuration.nix deleted file mode 100644 index bfdf7f5..0000000 --- a/hosts/cirrus/configuration.nix +++ /dev/null @@ -1,64 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.efiSupport = true; - boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only - - zramSwap = { enable = true; algorithm = "zstd"; }; - - networking = { - hostName = "cirrus"; # Define your hostname. - }; - - systemd.network = { - enable = true; - networks."uplink" = { - matchConfig = { Name = "enp1s0"; }; - networkConfig = { - Address = "95.216.166.21/32"; - DNS = "9.9.9.9"; - }; - routes = [ - { - routeConfig = { - Gateway = "172.31.1.1"; - GatewayOnLink = true; - Destination = "0.0.0.0/0"; - }; - } - ]; - }; - }; - - - # Set your time zone. - time.timeZone = "Europe/Amsterdam"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - # Open ports in the firewall. - networking.firewall.enable = true; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.05"; # Did you read the comment? - -} - diff --git a/hosts/cirrus/default.nix b/hosts/cirrus/default.nix deleted file mode 100644 index d205721..0000000 --- a/hosts/cirrus/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - imports = [ - ./configuration.nix - ./hardware-configuration.nix - ./nextcloud-proxy.nix - ./secrets.nix - ./wireguard-server.nix - ]; -} diff --git a/hosts/cirrus/hardware-configuration.nix b/hosts/cirrus/hardware-configuration.nix deleted file mode 100644 index 0bd3907..0000000 --- a/hosts/cirrus/hardware-configuration.nix +++ /dev/null @@ -1,39 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { - device = "/dev/disk/by-uuid/627952eb-107a-43c3-8223-bfea9af92837"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/5CA6-CCE4"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault false; - networking.interfaces.enp1s0.useDHCP = lib.mkDefault false; - - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/cirrus/irc.nix b/hosts/cirrus/irc.nix deleted file mode 100644 index 6bda646..0000000 --- a/hosts/cirrus/irc.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ pkgs, config, ... }: { - services.nginx = { - # reverse-proxy irc traffic on 7000 - streamConfig = '' - upstream soju { - server 127.0.0.1:6667; - } - - server { - listen 7000 ssl; - listen [::]:7000 ssl; - - ssl_certificate /var/lib/acme/mrbouncy.oxapentane.com/fullchain.pem; - ssl_certificate_key /var/lib/acme/mrbouncy.oxapentane.com/key.pem; - ssl_trusted_certificate /var/lib/acme/mrbouncy.oxapentane.com/chain.pem; - - proxy_pass soju; - } - ''; - # just here to get the cert for irc reverse proxy - virtualHosts = { - "mrbouncy.oxapentane.com" = { - enableACME = true; - forceSSL = true; - locations = { - "/" = { - # no content for now, here just for no-boilerplate cert - return = "204"; - }; - }; - }; - }; - }; - - services.soju = { - hostName = "mrbouncy.oxapentane.com"; - listen = [ "irc+insecure://127.0.0.1:6667" ]; - enable = true; - enableMessageLogging = true; - acceptProxyIP = [ "localhost" ]; - }; - - environment.systemPackages = [ pkgs.soju ]; # expose soju mgmt commands - - networking.firewall.allowedTCPPorts = [ 7000 ]; -} diff --git a/hosts/cirrus/nextcloud-proxy.nix b/hosts/cirrus/nextcloud-proxy.nix deleted file mode 100644 index 3b5166a..0000000 --- a/hosts/cirrus/nextcloud-proxy.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ config, pkgs, ... }: { - security.acme = { - defaults.email = "acme@oxapentane.com"; - acceptTerms = true; - }; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - - services.nginx = { - enable = true; - recommendedProxySettings = true; - recommendedGzipSettings = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - - sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; - }; - - services.nginx.virtualHosts = { - "nc.oxapentane.com" = { - enableACME = true; - forceSSL = true; - extraConfig = '' - client_max_body_size 512M; - ''; - locations = { - "/" = { - proxyPass = "http://10.34.45.100:8080"; - }; - "/well-known/carddav" = { - return = "301 $scheme://$host/remote.php/dav"; - }; - "/well-known/caldav" = { - return = "301 $scheme://$host/remote.php/dav"; - }; - }; - }; - - "music.oxapentane.com" = { - enableACME = true; - forceSSL = true; - extraConfig = '' - client_max_body_size 32M; - ''; - locations = { - "/" = { - proxyPass = "http://10.34.45.101:4533"; - }; - }; - }; - "news.oxapentane.com" = { - enableACME = true; - forceSSL = true; - extraConfig = '' - client_max_body_size 32M; - ''; - locations = { - "/" = { - proxyPass = "http://10.34.45.102:8080"; - }; - }; - }; - }; -} diff --git a/hosts/cirrus/secrets.nix b/hosts/cirrus/secrets.nix deleted file mode 100644 index df095a7..0000000 --- a/hosts/cirrus/secrets.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, ... }: -{ - sops.defaultSopsFile = ../../secrets/cirrus/secrets.yaml; - sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - - sops.secrets = { - "wg/oxalab-seckey" = { - owner = config.users.users.systemd-network.name; - }; - "wg/oxaproxy-seckey" = { - owner = config.users.users.systemd-network.name; - }; - }; -} diff --git a/hosts/cirrus/wireguard-server.nix b/hosts/cirrus/wireguard-server.nix deleted file mode 100644 index 74e6091..0000000 --- a/hosts/cirrus/wireguard-server.nix +++ /dev/null @@ -1,123 +0,0 @@ -{ config, ... }: -{ - networking.firewall = { - allowedUDPPorts = [ - # wireguards - 51820 - 51821 - 34197 - ]; - allowedTCPPorts = [ - # port forward ssh to music - 2020 - ]; - # port-forward ssh to the music machine - extraCommands = '' - iptables -t nat -I PREROUTING -p tcp --dport 2020 -j DNAT --to-destination 10.34.45.101:22 - iptables -t nat -I PREROUTING -p udp --dport 34197 -j DNAT --to-destination 10.34.45.111:34197 - iptables ! -o lo -t nat -A POSTROUTING -j MASQUERADE - ''; - extraStopCommands = '' - iptables -t nat -D PREROUTING -p tcp --dport 2020 -j DNAT --to-destination 10.34.45.101:22 || true - iptables -t nat -D PREROUTING -p udp --dport 34197 -j DNAT --to-destination 10.34.45.111:34197 || true - ''; - }; - - - networking.wireguard.enable = true; - - systemd.network = { - # oxalab - netdevs."oxalab" = { - netdevConfig = { - Kind = "wireguard"; - Name = "oxalab"; - Description = "oxa's enterprise network"; - }; - wireguardConfig = { - PrivateKeyFile = config.sops.secrets."wg/oxalab-seckey".path; - ListenPort = 51820; - # own pubkey: 5nCVC21BL+1r70OGwA4Q6Z/gcPLC3+ZF8sTurdn7N0E= - }; - wireguardPeers = [ - { - # microwave - wireguardPeerConfig = { - PublicKey = "0zpfcNrmbsNwwbnDDX4SMl4BVTB0zuhGKixT9TJQoHc="; - AllowedIPs = [ "10.66.66.10/32" ]; - PersistentKeepalive = 25; - }; - } - { - # Dishwasher - wireguardPeerConfig = { - PublicKey = "AdWUBbyeRkxdP9HUu25PpISoxbgQ8oeCw3BmV93xtAw="; - AllowedIPs = [ "10.66.66.100/32" ]; - PersistentKeepalive = 25; - }; - } - ]; - }; - networks."oxalab" = { - matchConfig.Name = "oxalab"; - networkConfig = { - Address = "10.66.66.1/24"; - IPForward = "ipv4"; - }; - }; - - - # oxaproxy - netdevs."oxaproxy" = { - netdevConfig = { - Kind = "wireguard"; - Name = "oxaproxy"; - Description = "oxa's enterprise reverse-proxy network"; - }; - wireguardConfig = { - PrivateKeyFile = config.sops.secrets."wg/oxaproxy-seckey".path; - #own pubkey 0KMtL2fQOrrCH6c2a2l4FKiM73G86sUuyaNj4FarzVM= - ListenPort = 51821; - }; - wireguardPeers = [ - # nextcloud - { - wireguardPeerConfig = { - PublicKey = "KCYoGx7TGei4X79EZo2NONCcmQjPzBUN1Ds6I9lQbz0="; - AllowedIPs = [ "10.34.45.100/32" ]; - PersistentKeepalive = 25; - }; - } - # music - { - wireguardPeerConfig = { - PublicKey = "vQNkp51S9qLsu97dLPj0/EqFwvVtRFZpMHufgKhxum0="; - AllowedIPs = [ "10.34.45.101/32" ]; - PersistentKeepalive = 25; - }; - } - # news - { - wireguardPeerConfig = { - PublicKey = "guzNmsPcQw4EGSLU3X0SP+WPKAcoMc+xv9SLWdHV1V0="; - AllowedIPs = [ "10.34.45.102/32" ]; - PersistentKeepalive = 25; - }; - } - { - wireguardPeerConfig = { - PublicKey = "6rwSThPEfTyYvMVSnHNcNPRntCHEQFyscF2SodI8A34="; - AllowedIPs = [ "10.34.45.111/32" ]; - PersistentKeepalive = 25; - }; - } - ]; - }; - networks."oxaproxy" = { - matchConfig.Name = "oxaproxy"; - networkConfig = { - Address = "10.34.45.1/24"; - }; - }; - }; -} diff --git a/hosts/dishwasher/configuration.nix b/hosts/dishwasher/configuration.nix deleted file mode 100644 index 2f8fad0..0000000 --- a/hosts/dishwasher/configuration.nix +++ /dev/null @@ -1,88 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - imports = - [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking = { - hostName = "dishwasher"; # Define your hostname. - useNetworkd = true; - firewall.enable = true; - }; - - time.timeZone = "Europe/Amsterdam"; - - # fix wait-online target - systemd.services.systemd-networkd-wait-online.serviceConfig.ExecStart = [ - "" # clear old command - "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online --any" - ]; - - systemd.network = { - - enable = true; - - networks."ether" = { - matchConfig = { - Name = "enp53s0"; - }; - networkConfig = { - DHCP = "yes"; - LinkLocalAddressing = "ipv6"; - IPv6AcceptRA = "yes"; - }; - dhcpV6Config = { - WithoutRA = "solicit"; - }; - ipv6AcceptRAConfig = { - DHCPv6Client = "yes"; - }; - }; - networks."aer" = { - matchConfig.Name = "wlan0"; - networkConfig = { - DHCP = "yes"; - }; - }; - }; - - services.resolved = { - enable = true; - fallbackDns = [ - "8.8.8.8" - "2001:4860:4860::8844" - ]; - }; - - - i18n = { - defaultLocale = "en_US.UTF-8"; - supportedLocales = [ "all" ]; - }; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.05"; # Did you read the comment? - -} - diff --git a/hosts/dishwasher/default.nix b/hosts/dishwasher/default.nix deleted file mode 100644 index f6e7a79..0000000 --- a/hosts/dishwasher/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - imports = [ - ./configuration.nix - ./hardware-configuration.nix - ./secrets.nix - ./oxalab.nix - ./mcvm-network.nix - ./microvms.nix - ]; -} diff --git a/hosts/dishwasher/hardware-configuration.nix b/hosts/dishwasher/hardware-configuration.nix deleted file mode 100644 index 653c31c..0000000 --- a/hosts/dishwasher/hardware-configuration.nix +++ /dev/null @@ -1,112 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" "r8169" ]; - boot.initrd.kernelModules = [ "r8169" ]; - boot.kernelModules = [ "kvm-intel" "r8169" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { - device = "rpool/nixos"; - fsType = "zfs"; - options = [ "zfsutil" ]; - }; - - fileSystems."/nix" = - { - device = "rpool/nixos/nix"; - fsType = "zfs"; - options = [ "zfsutil" ]; - }; - - fileSystems."/home" = - { - device = "rpool/userdata/home"; - fsType = "zfs"; - options = [ "zfsutil" ]; - }; - - fileSystems."/var/lib" = - { - device = "rpool/userdata/var-lib"; - fsType = "zfs"; - options = [ "zfsutil" ]; - }; - - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/A8AA-1CC4"; - fsType = "vfat"; - options = [ "X-mount.mkdir" ]; - }; - - swapDevices = - [{ - device = "/dev/disk/by-partuuid/f9712640-96a5-46e1-b07d-53b0cba19057"; - randomEncryption = true; - }]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - networking.interfaces.enp53s0.useDHCP = lib.mkDefault true; - networking.interfaces.wlan0.useDHCP = lib.mkDefault true; - - # hostId for zfs - networking.hostId = "7da4f1e6"; - - # extra zfs settings - boot = { - loader = { - efi.canTouchEfiVariables = true; - systemd-boot.enable = true; - }; - supportedFilesystems = [ "zfs" ]; - kernelPackages = pkgs.zfs.latestCompatibleLinuxPackages; - kernelParams = [ "nohibernate" ]; - zfs.devNodes = "/dev/"; - plymouth.enable = false; - tmp.useTmpfs = true; - }; - - # remote unlock - boot.initrd.network = { - enable = true; - ssh = { - enable = true; - port = 2222; - hostKeys = [ "/etc/initrd-ssh/key" ]; - authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP6xE2ey0C8XXfvniiiHiqXsCC277jKI9RXEA+s2LQLUI5zl7v350i3Oa8H3NCcPj39lfMreqE6ncxcOhqYyzahPrrMkOqgbPAoRvq8H3ophLK+56O3xdHoKwLBwRD1yoGACjqG4UTiTrmnN2ateENgYcnTEY1e4vDw1qMj1drUXCsZ/6mkBBmHJiFfCaR4yCMt1r4gGi/dAC7ifnBP3oSyV/lJEwPxYYkGlbOBIvX/7Ar98pJS6xYPB3jHs9gwyNNON63d0fNYrwBojXPPCnGGaRZNOkBTzex3zZYp12ThINQ2xl8tRp9D8qpZ7vrLjhTD6AXkOBRzmDj+NsCeEaeTuWajqUM93iKncYUI+JxR1t7q8gA2pBMFzLesMXnx7R+5Kw7QDtSJM7a4GMIfsocPwf64BH6rzxEz68rXFE3P+J77PPM9CuaYw90JXHo3z220zYw2nMQ/1qjATVZw/hiVrLmQMVfmFJIufnGjTBs2sy3IoNyzvYm/oDeNNg1cdSV9gyyRKZhK08fxjXN5GSf9vZkfZa9tHtqaZ99HI40GQBHUVx1K2/NQJY8TVTSA+v16SFnJK8BIbmp/WFCuvDcMkgLIbqiYtDASe7P2mKIib86uOENT+P820egeLiTQ06kFw/gfUa8t69d5qEcjiQZ+lxCeYIs/E9KrEXHvRUWew== cardno:16 811 34" ]; - }; - }; - - services.zfs = { - trim.enable = true; - autoScrub = { - enable = true; - pools = [ "rpool" ]; - }; - autoSnapshot.enable = true; - }; - - # update the microcode - hardware.cpu.intel.updateMicrocode = true; - nixpkgs.config.allowUnfree = true; - hardware.enableAllFirmware = true; - - services.logind.lidSwitch = "ignore"; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; - } diff --git a/hosts/dishwasher/mcvm-network.nix b/hosts/dishwasher/mcvm-network.nix deleted file mode 100644 index a45699a..0000000 --- a/hosts/dishwasher/mcvm-network.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ ... }: -{ - systemd.network = { - netdevs."microvm-bridge".netdevConfig = { - Kind = "bridge"; - Name = "microvm-bridge"; - }; - - networks."0-microvm-bridge" = { - matchConfig.Name = "microvm-bridge"; - networkConfig = { - DHCPServer = false; - IPv6SendRA = true; - }; - addresses = [ - { - addressConfig.Address = "10.99.99.1/24"; - } - { - addressConfig.Address = "fd12:3456:789a::1/64"; - } - ]; - ipv6Prefixes = [{ - ipv6PrefixConfig.Prefix = "fd12:3456:789a::/64"; - }]; - # networkConfig = { - # Address = "10.99.99.1/24"; - # IPForward = "ipv4"; - # }; - # routes = [{ - # routeConfig = { - # GatewayOnLink = true; - # };}]; - # IPForward = "ipv4"; - # DHCPServer = true; - # IPv6SendRA = true; - # addresses = [{ - # addressConfig.Address = "10.99.99.1/24"; - # }]; - }; - - networks."1-microvm-bridge" = { - matchConfig.Name = "vm-*"; - networkConfig.Bridge = "microvm-bridge"; - }; - }; - - networking.nat = { - enable = true; - enableIPv6 = true; - externalInterface = "enp53s0"; - internalInterfaces = [ "microvm-bridge" ]; - }; - -} diff --git a/hosts/dishwasher/microvms.nix b/hosts/dishwasher/microvms.nix deleted file mode 100644 index e5cc7c8..0000000 --- a/hosts/dishwasher/microvms.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ inputs, ... }: { - microvm.vms = { - nextcloud = { - flake = inputs.self; - updateFlake = "github:oxapentane/nix-config/master"; - }; - music = { - flake = inputs.self; - updateFlake = "github:oxapentane/nix-config/master"; - }; - news = { - flake = inputs.self; - updateFlake = "github:oxapentane/nix-config/master"; - }; - }; -} diff --git a/hosts/dishwasher/oxalab.nix b/hosts/dishwasher/oxalab.nix deleted file mode 100644 index 7e79971..0000000 --- a/hosts/dishwasher/oxalab.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, ... }: -{ - networking.wireguard.enable = true; - systemd.network = { - netdevs."oxalab" = { - netdevConfig = { - Kind = "wireguard"; - Name = "oxalab"; - Description = "oxa's enterprise network"; - }; - wireguardConfig = { - PrivateKeyFile = config.sops.secrets."wg/oxalab-seckey".path; - }; - wireguardPeers = [ - { - # cirrus - wireguardPeerConfig = { - PublicKey = "5nCVC21BL+1r70OGwA4Q6Z/gcPLC3+ZF8sTurdn7N0E="; - AllowedIPs = [ "10.66.66.0/24" ]; - Endpoint = [ "95.216.166.21:51820" ]; - PersistentKeepalive = 25; - }; - } - ]; - }; - networks."oxalab" = { - matchConfig.Name = "oxalab"; - networkConfig = { - Address = "10.66.66.100/24"; - }; - }; - }; -} diff --git a/hosts/dishwasher/secrets.nix b/hosts/dishwasher/secrets.nix deleted file mode 100644 index be33eaf..0000000 --- a/hosts/dishwasher/secrets.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, ... }: -{ - sops.defaultSopsFile = ../../secrets/dishwasher/secrets.yaml; - sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - - sops.secrets = { - "wg/oxalab-seckey" = { - owner = config.users.users.systemd-network.name; - }; - }; -} diff --git a/hosts/noctilucent/default.nix b/hosts/noctilucent/default.nix deleted file mode 100644 index 89f04ef..0000000 --- a/hosts/noctilucent/default.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ config, pkgs, ... }: - -{ - - imports = [ - ./hardware-configuration.nix - ]; - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.efiSupport = true; - boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only - - zramSwap = { enable = true; algorithm = "zstd"; }; - - networking = { - hostName = "noctilucent"; # Define your hostname. - }; - - systemd.network = { - enable = true; - networks."uplink" = { - matchConfig = { Name = "enp1s0"; }; - networkConfig = { - Address = "91.107.193.99/32"; - DNS = "9.9.9.9"; - }; - routes = [ - { - routeConfig = { - Gateway = "172.31.1.1"; - GatewayOnLink = true; - Destination = "0.0.0.0/0"; - }; - } - ]; - }; - }; - - - time.timeZone = "Europe/Amsterdam"; - - i18n.defaultLocale = "en_US.UTF-8"; - - networking.firewall.enable = true; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.05"; # Did you read the comment? - -} - diff --git a/hosts/noctilucent/hardware-configuration.nix b/hosts/noctilucent/hardware-configuration.nix deleted file mode 100644 index 8c35b3c..0000000 --- a/hosts/noctilucent/hardware-configuration.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ modulesPath, lib, ... }: -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.loader.grub.device = "/dev/sda"; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; - boot.initrd.kernelModules = [ "nvme" ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/e9356185-9812-4873-8822-13c8aef59948"; - fsType = "ext4"; - }; - fileSystems."/boot" = { - device = "dev/disk/by-uuid/6F78-D438"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault false; - networking.interfaces.enp1s0.useDHCP = lib.mkDefault false; -} diff --git a/secrets/cirrus/secrets.yaml b/secrets/cirrus/secrets.yaml deleted file mode 100644 index 4a8b09c..0000000 --- a/secrets/cirrus/secrets.yaml +++ /dev/null @@ -1,43 +0,0 @@ -wg: - oxalab-seckey: ENC[AES256_GCM,data:XOBmfM82l686jvqjiqy+VdIollpaX+h1j609j+70CE7thA3CJki2W0neDC0=,iv:6/lsg7r/GHasNWV8lOheEMpoW5HWuRgHtdlGEqK0Dbo=,tag:I1PJC99omIfygb9T1cN1hg==,type:str] - oxaproxy-seckey: ENC[AES256_GCM,data:CpFezqXTvt8kpfgkGOY8B0PAMpllSME6UnQ6LsboBJIchbJdeDh7kNOWM5I=,iv:nDHeXMgljendSFprl61Eg5U0YYNP8DAhX10QCyjDDm0=,tag:0FatosVdGl93op5fZl41nA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1qm70jkg7us4ft4x3nh7kwxlul022kteescjj83ywvjhysj6nsq5sw7l6p8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtM0Z0M3JWR0s0RDVmbjlV - RDJ5OU8zVXh5RW4wbmM1TmNhWVBjK0lxVWswCmhyRHlKQUxNNXpFSmlhNUVpclo3 - UHhDSWhNUXdwamJRaVhTelI2cldGd0UKLS0tIEpsUStSSmliWVMzVkNhRVVQOExT - dkFwVkVHR3hsMUlpRzY4Wm5LYXZlYzgKZC8dlewbtxo0KIQWQ6sy2Kv/qRgNJY3H - XGfb11bFdmmfiTY98KsfuhY9nRQRUlRMfjc7pHztUk2hVMEIN8WkXg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-06-19T20:06:54Z" - mac: ENC[AES256_GCM,data:cbgablJmCln1886/QiYWx767ZEMTHlSCIdlK2mtXGveRW0+cOoRopuSii2xalCWDxfX7Q4PYBlb2f47tyAP+1S2gJa1WkI8HR5uAXn1ktVJWs25GStKwKW2oZdfCLKW19059W3r4WaCgx2asdeBW5nzF0wXN7J8Cmc3tO9wQ7W0=,iv:zfiK7LCMOTZEwJmySEjRBgVfU4TkJl7xRG+Jn0ykyTw=,tag:ANA6Dkt8dLA9BUmnQPjwAQ==,type:str] - pgp: - - created_at: "2022-06-17T11:46:30Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - wcFMA7zUOKwzpAE7ARAAdBKiWQEPLFxr1zskS2nnr10yA7rKWzKTCx9AIpLk9g8k - VkzOz5qGznFkPCp+mBecIb71MnjzyHNM8j83AqqjYAQDOxQwO1tgipVxk4cNab/J - cFtdZorqt3klkoDUAbvRl2+qB+93m6V7Hrx6BggDU6Xg+eKM/NIHHhy3LLyssuuO - bpkO/jNVfRfP98FzkSY23cqT4tnbjbH2vCY9ZpNoiJrhr/S3shWz44vpk+u+dTc/ - /0Z4N6zj9Hll3uxf4dxaoafsmX9FcqLvtye1BxK8fAxF+gDudkYbCurdl0ZC036C - semcLdTlCJVubLiRcxItpeP81zVgxiwm40i+o57R3QLhjzjpckEd2VYGy7TdQDcY - /8DRGHlro/OlJFun2qA+8GJix2VPM1CiJWfKTUb2D4dNp2DrmA+CdY0cWNSegS/K - 0toMtIWGVFCdWjSVWTS8ETXPexyGykA5meIdjNFpcaA4LJVB0Ixi+DqsdDSWQKK4 - k/khNSA/iUvWGi31+JaJikQDSVMu5iqLL2/cWI9L4JvgKSppRFjruUfu8HxJ8YW4 - jFPGxrt5aRHe752PaGU93/B4UirZbkNOAjnP/+MyO4ANy6yrQNq8YUJDOEOwe4Mo - bYbrzmyWRlv9WR88RUFnciCKQUyffJ26ekVACWUv9Ka84CpuaJuT1hQLKR3Uy23S - 5gE0mX8xH4vwSv2qiMpACUCKNT1gk8oxjBad82dhaowCaSQNtQhUaLTp0x3M63Ow - 8iuuwh9VVygSYJuoO5GmxUXkLROCvQO6ZdSBltFNIT86BOIROL+TAA== - =oDss - -----END PGP MESSAGE----- - fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C - unencrypted_suffix: _unencrypted - version: 3.7.2 diff --git a/secrets/dishwasher/secrets.yaml b/secrets/dishwasher/secrets.yaml deleted file mode 100644 index 33f1510..0000000 --- a/secrets/dishwasher/secrets.yaml +++ /dev/null @@ -1,42 +0,0 @@ -wg: - oxalab-seckey: ENC[AES256_GCM,data:CEUuCAiWBWk/Elxx9B/SerbwYUrQ8Eai0/TGr+yOf6YWBrbOwEJROFrFmrQ=,iv:g5gjJtWYRnxZ9WOwaj0xHV9Zz0E1hFdPZxLhL4ctxnE=,tag:vXkUzWxCI4AnKCauFEyCaA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age18t2dc53m7a53996fwcmuanwjtxxvvgkntpmdvd3q42pnkch6rajqnm4up8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUGJESnVNc09IaTVjVUNa - ZElDNlZ5eFZiUHRJSmllYjVIK3Vmc2dvY204CjRwZU16Tmw2cGVDUGNYVGtoVnpw - VVBPZnB4S0VXQmZYRTZsUzZWblZtYW8KLS0tICthMjRNQitoYmpmcFhiUjhoSFB2 - c1l0cE1aaWJqS2QvdGNkTThoQTNud1kKnGyInIU9qq/XAgAP5ZQUdq8s8Ia7ohkw - jZsrpUg5NdKwHuk+bq7RC02gZfxIUOU0gwWameIt5VHE1xRm3w2HLQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-06-18T09:32:06Z" - mac: ENC[AES256_GCM,data:CkFQvw8s16Z6XDDiJKZftxImoVLcTlEQWfebpjy+zkuyps+AU7B7sFQmbTJkmDrjCc/rYYJz+ktrwBRxIApOyYGiG9kW5FxhgViBX+F8cTxbITp/Z2Pv/51/v+x/expF3OO6dTXqZHzlnx9Zl++5RZwvejHfakkHgsABdJlXs+w=,iv:WKIuAK/fuh7uyVxuRVtoum4H+8Ludl12wqy48ni0D7c=,tag:IC7F/sqghYnOgy/xeHTtGw==,type:str] - pgp: - - created_at: "2023-07-11T21:04:52Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - wcFMA7zUOKwzpAE7ARAAgZdLnYaPRdOjldK1OjvTJxYR4Kpusz8CMSWgwWxZ1oaL - 9A6DDpF7A/MH8/vZTyyyBjbe2++nf2+1qHaDQ6kfiLLgJD4+EI+zOGC2nYG+O+Ob - vnfEX9bMvRytLxo9Q5TvRlgngTtj07inXAnPLG4nJ1c4GZZJYNQ0QOD6jfvl68cL - h5Pp1R2RPVqv/hAVO7LX3B9QLLStXpKEy6ObWxVusydsztRR7qpjV2tHl7fw7iXP - ohpiicJGgVLaM2WNCzAsqcWxlqi4iejfXDNia0LwNAUTN+sVv0cWUky76r9tKABJ - 1epkI6F7h4WcKXF5JBPa7kGjHO1QEG8+RX9zhlpTBfPMjeGJbEt9KLS8im3J4Ztu - jAvH0zH1v5W690JfqvLxIaVX5xW7g6FQYWLChos9X4UkAQEFUYftWkodtphN3T3j - iLfMkyudMLHY5IGTPD/JJ799ZX1+VNA0eBin11GRmgU77nyD3pTsRYsEtfx4zzRX - 0p1YXutTyFXLxgdQUcBk1COg/S+UyEEQT8XK3ioiI5ZSIxXjv5UgyvefmO3JHUz/ - i1X8W2aMuyMPGyjjsv5+ZvQnlC38zUvrBNhg5JJYBEUlPpuCCPgSXpHhibL5dgXd - /HuzCzYiSqGDl3mr/eYiQ4aiELpUpB6cd5MESXzxrkEjCpZF2H9EDr3xKPb8EVzS - UQG6eL5B6ElqxWEHe+VDn5m23vmgEUICHGBw17mqKLW7CrsNh9M7Lfu+FS+BS9WB - H6vxBS17Ry3RZPS2JJ5e+ACq5a6SJIalMkoUn5jfniF7cQ== - =Qa6R - -----END PGP MESSAGE----- - fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C - unencrypted_suffix: _unencrypted - version: 3.7.2 diff --git a/secrets/music/secrets.yaml b/secrets/music/secrets.yaml deleted file mode 100644 index e8c779e..0000000 --- a/secrets/music/secrets.yaml +++ /dev/null @@ -1,42 +0,0 @@ -wg: - oxaproxy-seckey: ENC[AES256_GCM,data:8gBeqbtQ3mA3dKlidBOMfxZJZEkR/aVhawW9MJ8t/uDx+f2ciZIlrl/ggLw=,iv:w+gbINc5ORmPO9QZfeR3nzMa6QE3ISqBsIBywplij3w=,tag:oNecMKIuySepT0LiShJ29w==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1aj7mgq8jxv0n5rnpqtgu4l56ymqyq86qacn3jp7ve2emk0eheuaqgm4rtt - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVN0dMNE9aNE1LSkJ4MUhx - R1AreTU3Q0ZydTY5azBTWEVGeHZONVpRU1dnCmZYbytWMHZ3SjB1ZUJOcUViM0du - WUtqVHZGeDh1dEpBNkhIdTh5UHJDVk0KLS0tIHFwM3VGdTBta3gvb0lMMGd0cVhn - aWxpUlNNamxhbTVWc3lDWUVPV1NJbDQKcMLpYKhJu017OtUFDVzUTxyqd1hY0T0C - KZjh9NW7TRZGEqImzxAYkma9naFgpCgktyfrJfxODziC/XCtq2JO3g== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-01-24T19:36:01Z" - mac: ENC[AES256_GCM,data:SGRS/Xp0bc4omUq2WHKFx5F55rZvh2bo0KmxxZ73srImkF+65GAFeVaWJVxH8ie01N2jYDtVbe6NOfapRvcPFaXEIwJItTcMgUmqPr8fLI9WAzZpAWS1LeaNKkLAOcYHIoCEFgJbxtm3Ngj1NGxlam2/Cbwo1ONNNnulwvWDASo=,iv:ClDkkpsZHn4z9d1cnuN0zgqtxWijqjyhUCPDzrWCW8g=,tag:g65C9RazwWiI1jjap+/TnQ==,type:str] - pgp: - - created_at: "2023-01-24T20:36:41Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - wcFMA7zUOKwzpAE7ARAAic0uBG9/9XvP2R/vs9a6vPKfWMOgWbgkj7ET8N4fVucO - WDtRNcF018Z+VWfbZ9uJMc/t8yJAz2oNiFzbASJbJH2bFvayGdUxlNGQ9NhpLBqX - t84Bfq+J43RmEegvbyozBZbDO/Ux3WAWUIJo+ekgHET/fyvLJkUp7aFs7ieXaehP - qV1OpuYZUdz8xAboFwWmNg3pT8z+ISC0S3dfCoHiucVDAD7AHMWYXXC56rxrdgtX - m8Q3To3GIspoOt38xvKgfgI4ovN9kxaffF62Ykc+vnOcPcAdslymjJtyKo+/c9W8 - LFajg7HNMy0ge2MwyTbeAzLN+7Wd775H8tHb8mQCwtzlewuCOGgMBlGDY+3tIt57 - ygPx48jbfOg62aYEfr4MO16jwHm5NWxlZc3AyGkmVqRDtUCXh99/fwDUvx4DlOLE - +R8tHqYpxeUwkVMAHHNaGj0ahZ2+lhgdODqc/OCnc5Y6H992zgjBok3ckBViRyKE - 4E024JUnJf9AWo/w8BC/az0yy7AIZ3sLzZjRBAzAKgviupoCm7ORYlAIEtZXdII3 - eYbRBP0+dMjhRgT9mHCpY6TAkfGJ9lcIw49SXwmRZFyTcrbICB+VDvzoQQLwtGGk - qEEnBNcx21XlJUd+TZj4seZkwLxapg+H4VSkYqBX7BQFAuAVoITtUghUO8703afS - UQEYh5H9/T+AKIeGWsmHAq/TVKvLO4GKL7P7ccQx7AHz0UoNioWPJu2es/D09BhX - UbiVhIyxOIUT3Gp7xKEyhw2Q+Zb3YZiZuFc0W52iGrWhuA== - =lOeC - -----END PGP MESSAGE----- - fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/secrets/news/secrets.yaml b/secrets/news/secrets.yaml deleted file mode 100644 index 5257065..0000000 --- a/secrets/news/secrets.yaml +++ /dev/null @@ -1,42 +0,0 @@ -oxaproxy-seckey: ENC[AES256_GCM,data:NqyjByJof6wzi4xZqCjpJ02wLAkcsV+vJXqg9DjqQUMOlnrMUJkAdJowPCY=,iv:jy/2oMeTXRiUJNS3nPYUOWOIxualfLzJuBM4jA9XSAM=,tag:RbhH2H0HPWEuHjXgqMwhkQ==,type:str] -miniflux-admin: ENC[AES256_GCM,data:D6wOaC6pWS+4PD/KIT1MCPNkV4/mnjO88rSvmIwKkqj2dC641cnP3psfMb1/6QpI/C+pURcgzFaNUuHWoqwqQWq5i6eWTz1Y/wha,iv:FfjaVjlFLzSj9YHamJNAWOv1LA2fz4v5vG7IRU6OIuo=,tag:f3iPWs/1btzAFl2aneetXA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1dwem3slsm04jpmje2ru5n7fujkmz2kvhdat5htx2xnc2yqtyefeqchwx7f - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArVVk5TUR2OVdxNmJlK3ZW - V29rZngvMVdOT044dzZvWllSd3RNMDR3QVFBCjFrM0ZrMDEzRGlZcG55aVd5bG1a - SjM3R0tOSXFBWTRQb0FDMkdIeVYvYlkKLS0tIGNUN2hyaXlIQkI3UCtYR1JiSVNa - MlprS3o4cWtONEsyeHlKdXRjQTVoSncKBEfl80lMdLNvDUmV7YcLCTMBWjoaa3Ip - VA+LJhEShZUIjCcMKRPVmBn/zBRGJHn7SCn/Tm4DNro35RBaMmMDBg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-05-15T14:53:27Z" - mac: ENC[AES256_GCM,data:vLlfqFQeV3ppNlpvLjewXnRsa1SHtGK/swhoRFoqyWXFDtFw7+M0Gr7E+7zCBH2r48z8yVm12DhotYGFfYwqM5whwlyrA3NR94OTxQI6Y/aoyKXkSoJS7AlyIkcoCTX4hS1zEcq4BRYR4Oz50LRz+2GFtHsPf4fuD8ne5duBFIU=,iv:HnkYK12rkYHqaWTL27ufbhvMwUzBqk9IY9gQx0I0TEw=,tag:H5pCZJmTuFaKsOepfVGAQw==,type:str] - pgp: - - created_at: "2023-05-15T14:55:52Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - wcFMA7zUOKwzpAE7AQ//dP/NacWvkfNSGIg4neAUvvJx1YfC3NuTpAcDZh96vLzN - USe2lgEnmSuC3iHLVuMix0sLoHNvobkDP49E2MkhpZuM8iFVnhVXiBE4uy5vB+7L - I32cuQT00q4V/BCKDICe0kv2eS0iB+9jVah1H9tpPYYtFe5OEOGCW/uoujjTIR8Z - mfAvCmJjR1Ae+iCacPbITPLvgCE/v+sCLU4d8FhG7VBE1PxURU5XH+PjCt3RaqUc - h5ex80XAuhGeGnlOwrU7ojpr8sB75KCIFCVE91K/qIRZTqny8UtGRiiXSDNQNqJM - eBvUL+60L1EZ6zFMu8mIk2Sbw1gpi338zW0qdSRot0CDQPMgLKWOF1TjsMexeaKa - ngsOl04MzXXUvSB4zmT2qL4td72MTOG6+rWl24PpaOCYIVtcJAmUj78DxBST4GP3 - MMOnWyEpt3x9pH5CnLztVQvWsy2yZ3o/UJCrYrsYhnVyLVZwS9OBLV2ItqzzMhoT - v5yUcteKBS32sMcpNg1Qg+MCkt5RXf01VA5LRnG92Wi6G4cQBYII2CLC8CnAFIg9 - 923H7RTwKvkIBGVSdtqyZH73P+KpKgJXEfUj3K40/m7rLChCD6H9d99uqFmZnFpe - rF2BKvMHY/pNXpR9yCR27ihCY5TDxfh6qI1++9uCa5z9dxTEoqr+uougQmGnOQfS - UQFgmJmpUSlzvzdJsuvAOFL4qkGRwpr/iy1Lb7gsWIs2F/m3fKy94vojVrxJHNdP - jX5+SOT+JltE2qVja/Wp3eDYYCJpyoVciIlodWUptkYsUQ== - =fLL3 - -----END PGP MESSAGE----- - fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/secrets/nextcloud/secrets.yaml b/secrets/nextcloud/secrets.yaml deleted file mode 100644 index 4b5107f..0000000 --- a/secrets/nextcloud/secrets.yaml +++ /dev/null @@ -1,44 +0,0 @@ -wg: - oxaproxy-seckey: ENC[AES256_GCM,data:aiom4K+5aJx+XH5ufd1fjgYa8YyqdTBiet6XKdzvtVC8ctVvuBfK34vVIXg=,iv:EXqxbNr9bxOvYjrKR59sp+XP8tPhqnBleaWsLSO6igk=,tag:0/oTWYuzna9OGriSg0vIEg==,type:str] -nextcloud: - adminpass: ENC[AES256_GCM,data:N2lw8ckPuZTlR+7NSCizUajxtXdmdmKFfQY6Rr1WAYw=,iv:xCNnHNyN7Zk/9V07u7HF+j/lD8JkYR1x1pEitNUEckQ=,tag:QD4j6RuAZiYkbe+XVDN0Gw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1ds7zgenz9a664jqx5308m6q5mgtavzmelg239xsj8mdh64pmqa9qtkffmk - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2UUVBZDF4bEk1Zm4yTXhW - eDhlQkdVQnRCWTRRVVpJbUNLTWdjT094WmpJCmJkdzB2ZnB6V2FXSHcyZWNsaEFN - NDZnaU5kRWxOZ3d4amU2bDZOc1VmUmsKLS0tIGNJTFVsckpkakdwMC9YcWJpSjlG - RTJUTm9QMlFDZE4weE9Neno2Z3o5RVUKfb5zgVlTLpWnNkd4anToCB/V43b8q82q - c2qcFP7ZDiu/QmLEPS/925oboC0bWjBSRUS+4neQdoteZkoJ6MZKnQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-06-26T14:27:14Z" - mac: ENC[AES256_GCM,data:eKM6PQc64jj3bJ6GoWiUV5Ze3WEGObiwXjjRn/wYrvdQAEuOJ4LD4sARwXYM2hN0Mv/1f1qos2+C9GHXiL3vaZOggliQFESJ0KOPnE/Nx+X9IqEcC69Fp42yYjqJNCMq31hdNzBYujB8t5cwFvkWke94EuOYnwT0gqVMiTmCcOw=,iv:tdQwi1Sgt0E5qDD8jPEvWQEDk7s9yrVthapATJRd7D0=,tag:plLTlUFVEGLKrt4uYzRL+g==,type:str] - pgp: - - created_at: "2022-06-25T15:47:30Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - wcFMA7zUOKwzpAE7ARAAR3jy6ZeiDg2zye68Ri3wz20HdSMi+IZN8sgqDEM4JvcD - 7iL33aSb2tuEEILsj5xprTNtJwdXOZ7kwtnxc7bDllU5xyq6QFwzGH+uBZ+oUkP6 - /RWkkoIrRIj6iPbm2rEFCccm0ytya/UuT8E6PPMi1MtmS+icNKVKreUZa8qQSTtm - bj3dEY1upLKl8KWjc5BLFSmJBm/ppnEn/AWD9MIccpa7FOPP+PAtG9JpiQQ9yp56 - H63Rob90ITc1XNJFHdD+QSN1i84Aa363owHOlQWDpD+2KC0P/W3MQJXEEDayZHwU - HMx/fC1MZ0GVmuXzam8CUBCXQAQ3jWLoe20f+vuGSo4HzZS+1cHdkUpg4cCRLA39 - UdHw+D/osU9PJrHhAbrYYVEeOYoIKgml174OgzoheCKPvdzccI7WBmAF4H1mjdgl - vJ2g86LblMyekbDtDtdpl3LY/KCdlsC0aUmO7/znmhvhKRLuXejK+jMQ4O/VFwGR - IfrQaOyPPIFTOjfLc896+FOLBfY1FFoXFX7+wWVeQtDLbAlxe7cbOPt8vcfP5tIK - vQkZqpS+tkggSPyZjtzc4sPKvqEyW4FvIwh4UaKvF7o3pEPTujNq2EwFpnWHRpdy - oZa2lMEnPRetzVc8vrmOCisVq5RSXKTc/5Mm1lix6kCYUX4QqyYVudaMXN3/vXfS - 5gGZdaCHqWiM63pVGoRkgKE5W0HTJG9+bas7V7FPE+oFeu3icYDcKvMkoPsbIUf5 - NsS8IOthqHIGFAV6NPSR5LvkgqT47j85jaqDw7FyRlIVIuIcn7bYAA== - =ULCr - -----END PGP MESSAGE----- - fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C - unencrypted_suffix: _unencrypted - version: 3.7.2