From b30596b3a6be3846c482686bb9afed4eaab8eafb Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 26 Jul 2024 13:47:57 +0200 Subject: [PATCH] rename sj-bm-hostkey0 -> hstk0 --- .sops.yaml | 15 +- flake.nix | 3 +- .../{sj-bm-hostkey0 => hstk0}/.gitignore | 0 .../{sj-bm-hostkey0 => hstk0}/README.md | 0 nix/os/devices/hstk0/configuration.nix | 155 +++++++++++ .../{sj-bm-hostkey0 => hstk0}/default.nix | 0 nix/os/devices/hstk0/flake.lock | 124 +++++++++ .../{sj-bm-hostkey0 => hstk0}/flake.nix | 15 +- .../devices/sj-bm-hostkey0/configuration.nix | 244 ----------------- nix/os/devices/sj-bm-hostkey0/flake.lock | 245 ------------------ secrets/hstk0/mycelium_priv_key.bin.enc | 26 ++ secrets/hstk0/secrets.yaml | 36 +++ .../sj-bm-hostkey0/mycelium_priv_key.bin.enc | 26 -- secrets/sj-bm-hostkey0/secrets.yaml | 36 --- 14 files changed, 348 insertions(+), 577 deletions(-) rename nix/os/devices/{sj-bm-hostkey0 => hstk0}/.gitignore (100%) rename nix/os/devices/{sj-bm-hostkey0 => hstk0}/README.md (100%) create mode 100644 nix/os/devices/hstk0/configuration.nix rename nix/os/devices/{sj-bm-hostkey0 => hstk0}/default.nix (100%) create mode 100644 nix/os/devices/hstk0/flake.lock rename nix/os/devices/{sj-bm-hostkey0 => hstk0}/flake.nix (77%) delete mode 100644 nix/os/devices/sj-bm-hostkey0/configuration.nix delete mode 100644 nix/os/devices/sj-bm-hostkey0/flake.lock create mode 100644 secrets/hstk0/mycelium_priv_key.bin.enc create mode 100644 secrets/hstk0/secrets.yaml delete mode 100644 secrets/sj-bm-hostkey0/mycelium_priv_key.bin.enc delete mode 100644 secrets/sj-bm-hostkey0/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml index 69bfd81..8f66652 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -18,7 +18,7 @@ keys: - &router0-dmz0 age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86 - &router0-ifog age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00 - &router0-hosthatch age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4 - - &sj-bm-hostkey0 age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44 + - &hstk0 age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0 creation_rules: - path_regex: ^(.+/|)secrets/[^/]+$ @@ -36,7 +36,7 @@ creation_rules: - *sj-vps-htz0 - *sj-srv1 - - *sj-bm-hostkey0 + - *hstk0 - *router0-ifog - *router0-hosthatch - path_regex: ^secrets/steveej-t14/.+$ @@ -102,12 +102,12 @@ creation_rules: - *steveej age: - *sj-srv1 - - path_regex: ^secrets/sj-bm-hostkey0/.+$ + - path_regex: ^secrets/hstk0/.+$ key_groups: - pgp: - *steveej age: - - *sj-bm-hostkey0 + - *hstk0 - path_regex: ^secrets/steveej-x13s/.+$ key_groups: - pgp: @@ -120,10 +120,3 @@ creation_rules: - *steveej age: - *steveej-x13s - - *sj-bm-hostkey0 - - path_regex: ^secrets/sj-bm-hostkey0/.+$ - key_groups: - - pgp: - - *steveej - age: - - *sj-bm-hostkey0 diff --git a/flake.nix b/flake.nix index 8405916..22b036b 100644 --- a/flake.nix +++ b/flake.nix @@ -166,7 +166,8 @@ "router0-hosthatch" "sj-srv1" - "sj-bm-hostkey0" + + "hstk0" # "retro" ]); diff --git a/nix/os/devices/sj-bm-hostkey0/.gitignore b/nix/os/devices/hstk0/.gitignore similarity index 100% rename from nix/os/devices/sj-bm-hostkey0/.gitignore rename to nix/os/devices/hstk0/.gitignore diff --git a/nix/os/devices/sj-bm-hostkey0/README.md b/nix/os/devices/hstk0/README.md similarity index 100% rename from nix/os/devices/sj-bm-hostkey0/README.md rename to nix/os/devices/hstk0/README.md diff --git a/nix/os/devices/hstk0/configuration.nix b/nix/os/devices/hstk0/configuration.nix new file mode 100644 index 0000000..ea3c795 --- /dev/null +++ b/nix/os/devices/hstk0/configuration.nix @@ -0,0 +1,155 @@ +{ + modulesPath, + repoFlake, + packages', + pkgs, + lib, + config, + nodeFlake, + nodeName, + system, + ... +}: { + disabledModules = [ + ]; + + imports = [ + nodeFlake.inputs.disko.nixosModules.disko + repoFlake.inputs.sops-nix.nixosModules.sops + + nodeFlake.inputs.srvos.nixosModules.roles-nix-remote-builder + { + roles.nix-remote-builder.schedulerPublicKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQ22z5rDdCLYH+MEoEt+tXJXTJqoeZNqvJl2n4aB+Kn steveej@steveej-x13s" + + # TODO: make this a reference to the private key's secret + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8FHuK0k86iBWq41+NAhVwJqH1ZpGJe+q01m7iLviz6 root@steveej-t14" + ]; + } + + ../../snippets/nix-settings.nix + { + nix.settings.sandbox = lib.mkForce "relaxed"; + } + + ../../snippets/mycelium.nix + + # user config + ../../profiles/common/user.nix + { + users.commonUsers = { + enable = true; + enableNonRoot = true; + }; + } + + ../../snippets/home-manager-with-zsh.nix + # { + # home-manager.users.steveej = {pkgs, ...}: { + # imports = [ + # ../../../home-manager/programs/pass.nix + # ../../../home-manager/programs/openvscode-server.nix + # ]; + # }; + # } + ]; + + services.openssh = { + enable = true; + openFirewall = true; + settings.PermitRootLogin = "yes"; + extraConfig = '' + StreamLocalBindUnlink yes + ''; + }; + + boot = { + kernel = { + sysctl = { + "net.ipv4.conf.all.forwarding" = true; + "net.ipv6.conf.all.forwarding" = true; + }; + }; + }; + + networking = { + hostName = nodeName; + useNetworkd = true; + useDHCP = true; + + nat.enable = true; + firewall.enable = true; + + firewall.allowedTCPPorts = [ + 5201 + ]; + firewall.allowedUDPPorts = [ + 5201 + ]; + }; + + disko.devices = let + disk = id: { + type = "disk"; + device = "/dev/${id}"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + mdadm = { + size = "100%"; + content = { + type = "mdraid"; + name = "raid0"; + }; + }; + }; + }; + }; + in { + disk = { + sda = disk "sda"; + sdb = disk "sdb"; + }; + mdadm = { + raid0 = { + type = "mdadm"; + level = 0; + content = { + type = "gpt"; + partitions = { + primary = { + size = "100%"; + content = { + type = "filesystem"; + format = "btrfs"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; + + system.stateVersion = "24.05"; + + boot.kernelPackages = pkgs.linuxPackages_latest; + boot.initrd.includeDefaultModules = true; + boot.initrd.kernelModules = [ + "dm-raid" + "dm-integrity" + "xhci_pci_renesas" + ]; + + hardware.enableRedistributableFirmware = true; + + virtualisation.libvirtd.enable = true; + + boot.binfmt.emulatedSystems = [ + "aarch64-linux" + ]; +} diff --git a/nix/os/devices/sj-bm-hostkey0/default.nix b/nix/os/devices/hstk0/default.nix similarity index 100% rename from nix/os/devices/sj-bm-hostkey0/default.nix rename to nix/os/devices/hstk0/default.nix diff --git a/nix/os/devices/hstk0/flake.lock b/nix/os/devices/hstk0/flake.lock new file mode 100644 index 0000000..8389a6a --- /dev/null +++ b/nix/os/devices/hstk0/flake.lock @@ -0,0 +1,124 @@ +{ + "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1719401812, + "narHash": "sha256-QONBQ/arBsKZNJuSd3sMIkSYFlBoRJpvf1jGlMfcOuI=", + "owner": "nix-community", + "repo": "disko", + "rev": "b6a1262796b2990ec3cc60bb2ec23583f35b2f43", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "get-flake": { + "locked": { + "lastModified": 1714237590, + "narHash": "sha256-9gtHdGbzFHaR20xORN8IYd67ROWS+1nqQ5CsPf9MD8I=", + "owner": "ursi", + "repo": "get-flake", + "rev": "a6c57417d1b857b8be53aba4095869a0f438c502", + "type": "github" + }, + "original": { + "owner": "ursi", + "repo": "get-flake", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1718530513, + "narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "a1fddf0967c33754271761d91a3d921772b30d0e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.05", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1719253556, + "narHash": "sha256-A/76RFUVxZ/7Y8+OMVL1Lc8LRhBxZ8ZE2bpMnvZ1VpY=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "fc07dc3bdf2956ddd64f24612ea7fc894933eb2e", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1719254875, + "narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "disko": "disko", + "get-flake": "get-flake", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "nixpkgs-unstable": "nixpkgs-unstable", + "srvos": "srvos" + } + }, + "srvos": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1719189969, + "narHash": "sha256-6MSZrWvXSvUKIr0iC9eSbQ09NSm+j1Oh4o9Gentu1CU=", + "owner": "numtide", + "repo": "srvos", + "rev": "4f314be1307c8d5f1fb3d882a67e09dbdf285850", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "srvos", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/nix/os/devices/sj-bm-hostkey0/flake.nix b/nix/os/devices/hstk0/flake.nix similarity index 77% rename from nix/os/devices/sj-bm-hostkey0/flake.nix rename to nix/os/devices/hstk0/flake.nix index aee0abd..8f0a7f4 100644 --- a/nix/os/devices/sj-bm-hostkey0/flake.nix +++ b/nix/os/devices/hstk0/flake.nix @@ -12,8 +12,6 @@ disko.inputs.nixpkgs.follows = "nixpkgs"; srvos.url = "github:numtide/srvos"; srvos.inputs.nixpkgs.follows = "nixpkgs"; - - mycelium.url = "github:threefoldtech/mycelium"; }; # outputs = _: {}; @@ -25,7 +23,7 @@ ... } @ attrs: let system = "x86_64-linux"; - nodeName = "sj-bm-hostkey0"; + nodeName = "hostkey-0"; mkNixosConfiguration = {extraModules ? [], ...} @ attrs: nixpkgs.lib.nixosSystem ( @@ -41,17 +39,6 @@ modules = [ ./configuration.nix - - # flake registry - { - nix.registry.nixpkgs.flake = nixpkgs; - } - - ({lib, ...}: { - nixpkgs.overlays = [ - (final: previous: {}) - ]; - }) ] ++ extraModules; } diff --git a/nix/os/devices/sj-bm-hostkey0/configuration.nix b/nix/os/devices/sj-bm-hostkey0/configuration.nix deleted file mode 100644 index 90219c2..0000000 --- a/nix/os/devices/sj-bm-hostkey0/configuration.nix +++ /dev/null @@ -1,244 +0,0 @@ -{ - modulesPath, - repoFlake, - packages', - pkgs, - lib, - config, - nodeFlake, - nodeName, - system, - ... -}: let - pkgsUnstable = import nodeFlake.inputs.nixpkgs-unstable {inherit (pkgs) system config;}; - pkgsVscodium = import repoFlake.inputs.nixpkgs-vscodium {inherit (pkgs) system config;}; -in { - disabledModules = [ - ]; - - imports = [ - nodeFlake.inputs.disko.nixosModules.disko - repoFlake.inputs.sops-nix.nixosModules.sops - - nodeFlake.inputs.srvos.nixosModules.roles-nix-remote-builder - { - roles.nix-remote-builder.schedulerPublicKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQ22z5rDdCLYH+MEoEt+tXJXTJqoeZNqvJl2n4aB+Kn steveej@steveej-x13s" - - # TODO: make this a reference to the private key's secret - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8FHuK0k86iBWq41+NAhVwJqH1ZpGJe+q01m7iLviz6 root@steveej-t14" - ]; - } - - ../../profiles/common/user.nix - ../../snippets/nix-settings.nix - ../../snippets/nix-settings-holo-chain.nix - { - nix.settings.sandbox = lib.mkForce "relaxed"; - } - - ../../snippets/holo-zerotier.nix - - # TODO - # ./network.nix - # ./monitoring.nix - - # user config - ../../snippets/home-manager-with-zsh.nix - { - users.commonUsers = { - enable = true; - enableNonRoot = true; - }; - - home-manager.users.steveej = {pkgs, ...}: { - imports = [ - ../../../home-manager/programs/pass.nix - ]; - - home.packages = [ - pkgs.nil - pkgs.nixd - pkgs.nixpkgs-fmt - pkgs.alejandra - pkgs.nixfmt - - repoFlake.packages.${system}.rperf - - # TODO: automate linking this - # 1. get the commit with: `codium --version` - # 2. create the binary directory: `mkdir -p /home/steveej/.vscodium-server/bin/c8ce3ba4bc6b30b3b10edc61481cb85b1d2396bc/bin/` - # 3. link the binary. this relies on the client-side setting `"remote.SSH.experimental.serverBinaryName": "openvscode-server"` : ln -s $(which openvscode-server) /home/steveej/.vscodium-server/bin/c8ce3ba4bc6b30b3b10edc61481cb85b1d2396bc/bin/ - - /* - e.g.: - ``` - ( - set -e - export COMMIT=$(codium --version | rg '^[0-9a-f]{40}$') - ssh bm-hostkey0 "pkill -9 openvscode; rm -rf /home/steveej/.vscodium-server/bin/$COMMIT; mkdir -p /home/steveej/.vscodium-server/bin/$COMMIT/bin/; ln -s \$(which openvscode-server) /home/steveej/.vscodium-server/bin/$COMMIT/bin/" - ) - ``` - */ - (pkgsVscodium.openvscode-server.overrideAttrs (attrs: { - src = repoFlake.inputs.openvscode-server; - version = "1.88.1"; - yarnCache = attrs.yarnCache.overrideAttrs (_: {outputHash = "sha256-89c6GYLT2RzHqwxBKegYqB6g5rEJ6/nH53cnfV7b0Ts=";}); - })) - - pkgs.waypipe - - ]; - }; - - programs.zsh.enable = true; - users.defaultUserShell = pkgs.zsh; - environment.pathsToLink = ["/share/zsh"]; - } - - ../../snippets/mycelium.nix - ]; - - services.openssh.enable = true; - services.openssh.settings.PermitRootLogin = "yes"; - services.openssh.extraConfig = '' - StreamLocalBindUnlink yes - ''; - - boot = { - kernel = { - sysctl = { - "net.ipv4.conf.all.forwarding" = true; - "net.ipv6.conf.all.forwarding" = true; - }; - }; - }; - - networking = { - hostName = nodeName; - useNetworkd = true; - useDHCP = true; - - # No local firewall. - nat.enable = true; - firewall.enable = false; - - firewall.allowedTCPPorts = [ - 5201 - ]; - firewall.allowedUDPPorts = [ - 5201 - ]; - }; - - disko.devices = let - disk = id: { - type = "disk"; - device = "/dev/${id}"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1M"; - type = "EF02"; # for grub MBR - }; - mdadm = { - size = "100%"; - content = { - type = "mdraid"; - name = "raid0"; - }; - }; - }; - }; - }; - in { - disk = { - sda = disk "sda"; - sdb = disk "sdb"; - }; - mdadm = { - raid0 = { - type = "mdadm"; - level = 0; - content = { - type = "gpt"; - partitions = { - primary = { - size = "100%"; - content = { - type = "filesystem"; - format = "btrfs"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; - - system.stateVersion = "23.11"; - - boot.kernelPackages = pkgs.linuxPackages_latest; - boot.initrd.includeDefaultModules = true; - boot.initrd.kernelModules = [ - "dm-raid" - "dm-integrity" - "xhci_pci_renesas" - ]; - - hardware.enableRedistributableFirmware = true; - - environment.systemPackages = [ - pkgs.hdparm - pkgs.fuse - ]; - - programs.fuse.userAllowOther = true; - - services.caddy.enable = true; - services.caddy.email = "mail@stefanjunker.de"; - services.caddy.globalConfig = '' - auto_https disable_redirects - ''; - services.caddy.virtualHosts = let - holochainDomain = "dev.infra.holochain.org"; - in { - "${nodeName}.${holochainDomain}" = { - extraConfig = '' - handle_path /s3/* { - reverse_proxy http://127.0.0.1:9000 - } - ''; - }; - }; - - # home-manager.users.steveej = _: { - # imports = [ - # ../../../home-manager/configuration/text-minimal.nix - # ]; - - # home.sessionVariables = { - # }; - - # home.packages = with pkgs; [ - # ]; - # }; - - virtualisation.libvirtd.enable = true; - virtualisation.docker.enable = true; - - virtualisation.podman.enable = true; - virtualisation.podman.autoPrune.enable = true; - # virtualisation.podman.dockerSocket.enable = true; - - boot.binfmt.emulatedSystems = [ - "aarch64-linux" - ]; - - steveej.holo-zerotier = { - enable = true; - autostart = false; - }; -} diff --git a/nix/os/devices/sj-bm-hostkey0/flake.lock b/nix/os/devices/sj-bm-hostkey0/flake.lock deleted file mode 100644 index 5ede153..0000000 --- a/nix/os/devices/sj-bm-hostkey0/flake.lock +++ /dev/null @@ -1,245 +0,0 @@ -{ - "nodes": { - "crane": { - "inputs": { - "nixpkgs": [ - "mycelium", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1716745752, - "narHash": "sha256-8K1R9Yg4r08rYk86Yq+lu3E9L3uRUb4xMqYHgl0VGS0=", - "owner": "ipetkov", - "repo": "crane", - "rev": "19ca94ec2d288de334ae932107816b4a97736cd8", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, - "disko": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1717415925, - "narHash": "sha256-KhclrqEQFrDr6Z8WqtvCdqtR7Fg35aMyfk7ANtx34Ys=", - "owner": "nix-community", - "repo": "disko", - "rev": "b106b5df3654d83197aff4826e3e34a5a5335b1c", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "disko", - "type": "github" - } - }, - "flake-compat": { - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "revCount": 57, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" - } - }, - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "id": "flake-utils", - "type": "indirect" - } - }, - "get-flake": { - "locked": { - "lastModified": 1714237590, - "narHash": "sha256-9gtHdGbzFHaR20xORN8IYd67ROWS+1nqQ5CsPf9MD8I=", - "owner": "ursi", - "repo": "get-flake", - "rev": "a6c57417d1b857b8be53aba4095869a0f438c502", - "type": "github" - }, - "original": { - "owner": "ursi", - "repo": "get-flake", - "type": "github" - } - }, - "home-manager": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1716736833, - "narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-24.05", - "repo": "home-manager", - "type": "github" - } - }, - "mycelium": { - "inputs": { - "crane": "crane", - "flake-compat": "flake-compat", - "flake-utils": "flake-utils", - "nix-filter": "nix-filter", - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1717421726, - "narHash": "sha256-51B13+DTS+ZzbGPWIMMA9VwxJ34gVpbzQb0YxlzI96s=", - "owner": "threefoldtech", - "repo": "mycelium", - "rev": "c2c1243876382b8ed987f820864c66323ee33cb9", - "type": "github" - }, - "original": { - "owner": "threefoldtech", - "repo": "mycelium", - "type": "github" - } - }, - "nix-filter": { - "locked": { - "lastModified": 1710156097, - "narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=", - "owner": "numtide", - "repo": "nix-filter", - "rev": "3342559a24e85fc164b295c3444e8a139924675b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "nix-filter", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1716509168, - "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "bfb7a882678e518398ce9a31a881538679f6f092", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1717196966, - "narHash": "sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "57610d2f8f0937f39dbd72251e9614b1561942d8", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1717144377, - "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "805a384895c696f802a9bf5bf4720f37385df547", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "root": { - "inputs": { - "disko": "disko", - "get-flake": "get-flake", - "home-manager": "home-manager", - "mycelium": "mycelium", - "nixpkgs": "nixpkgs_2", - "nixpkgs-unstable": "nixpkgs-unstable", - "srvos": "srvos" - } - }, - "srvos": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1717376170, - "narHash": "sha256-603uKDAsg8KKVvMzNxIgTrHvXu6vRYx32NO3tuQCIg4=", - "owner": "numtide", - "repo": "srvos", - "rev": "96998137e26a92debda49fc2a32d4852d754abb4", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "srvos", - "type": "github" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/secrets/hstk0/mycelium_priv_key.bin.enc b/secrets/hstk0/mycelium_priv_key.bin.enc new file mode 100644 index 0000000..49f69ca --- /dev/null +++ b/secrets/hstk0/mycelium_priv_key.bin.enc @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:2DcYHv5RCSoM3olKYZhn4BTwEROwC4+JZ/PQxF4SV7I=,iv:B27a2XnhgiHW3HAh/MnTUonmhkWvaZkmG2c2JPWV05A=,tag:TKZ/rFzQH0uvbOFoeas3Ag==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwKzZsYytMYkd0WTF1TW5a\nZGpQcUYyUjYzY2UrQVp2bHhJTHRSR013Z1h3CmtjSEFaOGE5WDNDZElkM0c2N0Nh\nQTFRU2hvdlpGYlhsUlZoUGZSaWg1UTgKLS0tIHNNWUw0YytRTm5pRTFXTndBamVL\nbTJUNGNSdTloZXM4OWhrN1dlVFpHUGcKq+owmJktDTqpOgtD/makczGkRTphCtb/\nKnL1ig8xdnG+DdyhVCDmtjC7tAFgSUJBZnQi8ervh+yXOXvTJfGglg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-05-17T14:49:38Z", + "mac": "ENC[AES256_GCM,data:HqeOxzTlr6tyDWmSpvAthf/puD1wdv3a3Nv8qdt9GcR2UqmByreFPRktTwRL53NvCW+8QGSrUjah7fB2GWsuSVXowSSkY5h8W5s0O+YkFLXo9K67hhtEk+4QwYKQk5w4ZdlAEFrgDAzCFr27Mron53VLhVo0DA6GesgywTLf/B4=,iv:uV/dpuhxXl39MTzystHafirJH0mVnLsT+0h9jh4Epm8=,tag:s5uRzLtcfyNuWau9RteyvA==,type:str]", + "pgp": [ + { + "created_at": "2024-06-26T19:27:08Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQEMA0SHG/zF3227AQf+NduNIJaTv/DNmY3dGucui5Ud/ONikEdt/8q3M/iSNeQy\njdHjDbHu0UDBwKqD0Pmhs3StWSv2cs4UDvxPtaPV2sN8/WjeAUZJ1Sf2+k1Duy3n\ns40TpaHAf66JuDRkkFaYt5114AE1ypbMp29S0nv9OTpvAFy7FWtw1dsgKskQOWxW\nTnkxfttpaMoCVoUTjPZFbfPE3WJrp+r20QzwzelX5xl3SGmYvdPVDCPp1S54q+gY\n4l3b5R2wvGv3IAA0l7tKtmFe6XqzYlATOSUaP3+qHTKnXFmT1GAr3o+mLRJOG5/R\ny2CJS0wR9JKowAk23ubc1gYxcc/gIUzi5BGMvM4GlNJcAb3Q/nBs5WtjnHrk7zPK\nzzhV758th72GKhzJko6qUFwcfjaIB6h3o0NQAAlVCMXKUWk4KFY1TCgpLbd0Z6Gm\nv8tE1CFUViT/8Ys+2x7UYeWqN53ZWsioGzrk2F4=\n=sXbx\n-----END PGP MESSAGE-----", + "fp": "6F7069FE6B96E894E60EC45C6EEFA706CB17E89B" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/secrets/hstk0/secrets.yaml b/secrets/hstk0/secrets.yaml new file mode 100644 index 0000000..7b6c7fe --- /dev/null +++ b/secrets/hstk0/secrets.yaml @@ -0,0 +1,36 @@ +tf-eval-minio-root: ENC[AES256_GCM,data:83SacYkxLHU2fHbHNiLG9owDgakOY/nrZBnlDgltRlQDTSW9HkKejVrKtTaixjbxKCgsy9sgJBv8LZtqwthgZ6MI942YU2pJHL8le1wBsuY=,iv:uXbOw/9ljYjWCdafhupVJA7tIvcL801xszI8lrQnQIA=,tag:yolnZdYD1KZJFnH2gs8zzw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuVXBDSTgwVWtpN01ldjdv + UWIxNEZFVVowbFk4bnRNSEl6M1pHcUdIelFFClVHK211enBkODljWHVYNmFYM0gx + L01hVFFSeExtQmFXbytzSEMrbVMxYTAKLS0tIG9lMnBTMXJMMUZUcTRFcThrd1Ny + bEhlUzFqU2hkbXBZaldzeTdCbnhOdTgKsCcLlqcl+fnvZ8EGKNWlbSbLQvzx099E + fC/QlagRvdmVfsFpOQnd0cFzQ1X0EDAx6XcGF8mHBrAKqCS9GCAIyA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-08T16:59:30Z" + mac: ENC[AES256_GCM,data:VIA7UaP1c2kli+BuppPl4LH1jiU9qAfqvfejZ0Mv0E8CxQ0eLAMJVkZIzSygLCx00cPbqAkESrniCeLYagyEP4tS/cff2ngplzig4uFbZzniYMXcYF9VIAyBhGgQGEZlZPgh4r4wmBdUFfhc0CPzmYt0obJ1LXElGdAoeM4OcPs=,iv:KPFJX2qJaxMwvrw/R8xrw5Fk5FRyTQdxq7DnszToy88=,tag:/H7iPZlWk2qMrWbwZdeF5w==,type:str] + pgp: + - created_at: "2024-06-26T19:27:08Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQEMA0SHG/zF3227AQgA1qnWMAoXFJsx0A9dX2qFhRUHOlO+VKOi678pGQu4Pwld + wUdqAylrtaLDsr+kFwLvsGUKKHzfvaQH/EfEChQb2L9njzQjwNwmgZPAq6NqZAmB + EhudaY7R12Lb507Fsh/k7dgOFTuH0/ceKtW+QKF3SVVa+DwgOx8VRP3LJwGW4PQq + mRmPkyjnuFmepziTULe0ZPvO6PaH8FvLISBvMkBH+IGXat98OVgqGFzxHkpA3pey + 8w7mKDEi6i6g72GrrjuWFuh5JjSSb3og1ziO4O8XQ7mHqbUYwc4NfeVTYD7thdyh + OsijkXHvvHkRidTjTn4ZEzxFaNgTvzRB0V7r/jEu3tJcASfyDt4sXkKv84xu29Pp + BYZLj9xUrS30bmI8NOP77sy/3++ppX96oKhi91S7F0HZcznJPOhS+YtomXCCGvS9 + qaN8kkDXt5k5dkLd2+eft7CCF8+lwf6XX/qEjPw= + =+0h1 + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/secrets/sj-bm-hostkey0/mycelium_priv_key.bin.enc b/secrets/sj-bm-hostkey0/mycelium_priv_key.bin.enc deleted file mode 100644 index 77036fc..0000000 --- a/secrets/sj-bm-hostkey0/mycelium_priv_key.bin.enc +++ /dev/null @@ -1,26 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:2DcYHv5RCSoM3olKYZhn4BTwEROwC4+JZ/PQxF4SV7I=,iv:B27a2XnhgiHW3HAh/MnTUonmhkWvaZkmG2c2JPWV05A=,tag:TKZ/rFzQH0uvbOFoeas3Ag==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwenVpMFlQbC9PR1NDTWIy\nYi93VHlTZHg1NHJ0UXNIcFFGV08zRzlyTm00Cnp2RlpuMVBsc3dWOVZVODVBQ09H\nby9GWm1pSVlya0I3b0o2T2RhZGFrc0UKLS0tIGRQK1hPQjlkWjBFb3pSRXE5MnFY\nNFkvdTg3T0FZWVZWK2thRU55a0hWYUkKPHaAqvnyaP0sG47rJD40d4r6vjMjNEif\nq0X+BT3vR1Wd2vFKhWkcrS531jX3JUX5wEPFfbqWY3SEeunkbx43Ew==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2024-05-17T14:49:38Z", - "mac": "ENC[AES256_GCM,data:HqeOxzTlr6tyDWmSpvAthf/puD1wdv3a3Nv8qdt9GcR2UqmByreFPRktTwRL53NvCW+8QGSrUjah7fB2GWsuSVXowSSkY5h8W5s0O+YkFLXo9K67hhtEk+4QwYKQk5w4ZdlAEFrgDAzCFr27Mron53VLhVo0DA6GesgywTLf/B4=,iv:uV/dpuhxXl39MTzystHafirJH0mVnLsT+0h9jh4Epm8=,tag:s5uRzLtcfyNuWau9RteyvA==,type:str]", - "pgp": [ - { - "created_at": "2024-05-17T14:49:38Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQEMA0SHG/zF3227AQf/XROsC15JsLhhO8or+6hYHYVig4cEiazJeo+lAm83WdYj\nQ/rAgQg4hSR6i84UOfPKCGS5Rv3TTkt1VsUgibwAvLdT65SB32pe5SCT68L0yHL1\nXabvMmmREbJW+zwhEz3G2ggzBrnoDE4l3npTYjrhsjEPmRJNBO3g7rigWtRL1iDR\nYl6IrBYB/NGEkfJ0lNWoY6K911Gb0TCVQXO/CMT0xbp9GTIhry9WUX1eWK/fiymP\nnJH3XSGmL2GAZnBIosFkrQlBDxHXC2Xi7kktFnzCgwrZBGYXn9ftC7toHPvn48cV\nuTzcFc2VHXxFLbDwSY/EOsfjSGjaaYXodCr2xHbkR9JcAZvLvs76by2wCzXKM8CR\nueuvS31Ah02r0JD1z8ZXWX3+etMvJEkEk3Nsngbo/r70/qtRTp/eLkTuYjzcUFMU\nXv40Izg+PiFxAOo2RK7RLRdD+YTXuddG/jxSXQY=\n=zrcf\n-----END PGP MESSAGE-----", - "fp": "6F7069FE6B96E894E60EC45C6EEFA706CB17E89B" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.8.1" - } -} \ No newline at end of file diff --git a/secrets/sj-bm-hostkey0/secrets.yaml b/secrets/sj-bm-hostkey0/secrets.yaml deleted file mode 100644 index b98d798..0000000 --- a/secrets/sj-bm-hostkey0/secrets.yaml +++ /dev/null @@ -1,36 +0,0 @@ -tf-eval-minio-root: ENC[AES256_GCM,data:83SacYkxLHU2fHbHNiLG9owDgakOY/nrZBnlDgltRlQDTSW9HkKejVrKtTaixjbxKCgsy9sgJBv8LZtqwthgZ6MI942YU2pJHL8le1wBsuY=,iv:uXbOw/9ljYjWCdafhupVJA7tIvcL801xszI8lrQnQIA=,tag:yolnZdYD1KZJFnH2gs8zzw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBa2YwTDAyWUZqRjFPWnc3 - R2FySXZ4d2RxRjlLTkZFblZIOUNPUS9kM1EwCjUrNTE2cmx6bGVTOXljZVllQzJG - clBPa1BjcC9GQ3Z6N0xYSFMvZ0J2c0EKLS0tIFQzQ2NHdmJBTFdNck53NVVyejRN - Y0xhYnI3MlhnbjhTS1dFMUdNZFdnSjgK4cl3R943LNMxA3dODf8nsSdmINkKIjB+ - fgp2whfSacWQchsWgpzdiayQoZ9XlWoklmTAX+yN0J8Q3j3CBb3S5g== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-08T16:59:30Z" - mac: ENC[AES256_GCM,data:VIA7UaP1c2kli+BuppPl4LH1jiU9qAfqvfejZ0Mv0E8CxQ0eLAMJVkZIzSygLCx00cPbqAkESrniCeLYagyEP4tS/cff2ngplzig4uFbZzniYMXcYF9VIAyBhGgQGEZlZPgh4r4wmBdUFfhc0CPzmYt0obJ1LXElGdAoeM4OcPs=,iv:KPFJX2qJaxMwvrw/R8xrw5Fk5FRyTQdxq7DnszToy88=,tag:/H7iPZlWk2qMrWbwZdeF5w==,type:str] - pgp: - - created_at: "2023-11-23T20:47:08Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - wcBMA0SHG/zF3227AQf/VZ3eNZsb6emw7b5N9rgkRqTW3QvHe/w2QJcjCjp4Hk2M - Es2jYS6EaMLvduiSf6Xl5qHoQNS+HfM3GBKyRdgP/AcrjXXqj5CzmmbMYk5MY2oU - qseV4VFvvk9i9gbHaGbbntixYHBDeBSEHb/k7jWfUxz4wPhSWxpsEW/UQ1UabDgU - C54m3l9NoJw8oseDHOW7gTPW1mm1KFVBqaJ9zeZX5FHSJ0OBDj015wuGwTxkR7pv - /NL1Xg3wtpYHEhRKh1qxqwijW6EkTK9aAJFutkkYE9nI4x48cLCHjDg1GbXgYQkn - 5rPRZPPmWhJPJIyCZIX1RkrVSXSIkI2Vjr3iKpEfltJRAY1KD6PSI3rWRHPDbM7B - oFIdVwLKvV1tBrdVk+3M+nDrXwEshBJUt7r9GTdsWVxjdFgCteTkgkSnzM2y5mbG - AUodj6a/Fvni4sYQka1QbRLn - =YLrT - -----END PGP MESSAGE----- - fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B - unencrypted_suffix: _unencrypted - version: 3.8.1