steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

rename sj-bm-hostkey0 -> hstk0

Browse source
This commit is contained in:
steveej 2024-07-26 13:47:57 +02:00
parent 92be66cbb5
commit b30596b3a6
14 changed files with 348 additions and 577 deletions
Download patch file Download diff file Expand all files Collapse all files

15
.sops.yaml
View file

@ -18,7 +18,7 @@ keys:
- &router0-dmz0 age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86 - &router0-dmz0 age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86
- &router0-ifog age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00 - &router0-ifog age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00
- &router0-hosthatch age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4 - &router0-hosthatch age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4
- &sj-bm-hostkey0 age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44 - &hstk0 age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0
creation_rules: creation_rules:
- path_regex: ^(.+/|)secrets/[^/]+$ - path_regex: ^(.+/|)secrets/[^/]+$
@ -36,7 +36,7 @@ creation_rules:
- *sj-vps-htz0 - *sj-vps-htz0
- *sj-srv1 - *sj-srv1
- *sj-bm-hostkey0 - *hstk0
- *router0-ifog - *router0-ifog
- *router0-hosthatch - *router0-hosthatch
- path_regex: ^secrets/steveej-t14/.+$ - path_regex: ^secrets/steveej-t14/.+$
@ -102,12 +102,12 @@ creation_rules:
- *steveej - *steveej
age: age:
- *sj-srv1 - *sj-srv1
- path_regex: ^secrets/sj-bm-hostkey0/.+$ - path_regex: ^secrets/hstk0/.+$
key_groups: key_groups:
- pgp: - pgp:
- *steveej - *steveej
age: age:
- *sj-bm-hostkey0 - *hstk0
- path_regex: ^secrets/steveej-x13s/.+$ - path_regex: ^secrets/steveej-x13s/.+$
key_groups: key_groups:
- pgp: - pgp:
@ -120,10 +120,3 @@ creation_rules:
- *steveej - *steveej
age: age:
- *steveej-x13s - *steveej-x13s
- *sj-bm-hostkey0
- path_regex: ^secrets/sj-bm-hostkey0/.+$
key_groups:
- pgp:
- *steveej
age:
- *sj-bm-hostkey0

3
flake.nix
View file

@ -166,7 +166,8 @@
"router0-hosthatch" "router0-hosthatch"
"sj-srv1" "sj-srv1"
"sj-bm-hostkey0"
"hstk0"
# "retro" # "retro"
]); ]);

0
nix/os/devices/sj-bm-hostkey0/.gitignore → nix/os/devices/hstk0/.gitignore vendored
View file

0
nix/os/devices/sj-bm-hostkey0/README.md → nix/os/devices/hstk0/README.md
View file

155
nix/os/devices/hstk0/configuration.nix Normal file
View file

@ -0,0 +1,155 @@
{
modulesPath,
repoFlake,
packages',
pkgs,
lib,
config,
nodeFlake,
nodeName,
system,
...
}: {
disabledModules = [
];
imports = [
nodeFlake.inputs.disko.nixosModules.disko
repoFlake.inputs.sops-nix.nixosModules.sops
nodeFlake.inputs.srvos.nixosModules.roles-nix-remote-builder
{
roles.nix-remote-builder.schedulerPublicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQ22z5rDdCLYH+MEoEt+tXJXTJqoeZNqvJl2n4aB+Kn steveej@steveej-x13s"
# TODO: make this a reference to the private key's secret
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8FHuK0k86iBWq41+NAhVwJqH1ZpGJe+q01m7iLviz6 root@steveej-t14"
];
}
../../snippets/nix-settings.nix
{
nix.settings.sandbox = lib.mkForce "relaxed";
}
../../snippets/mycelium.nix
# user config
../../profiles/common/user.nix
{
users.commonUsers = {
enable = true;
enableNonRoot = true;
};
}
../../snippets/home-manager-with-zsh.nix
# {
# home-manager.users.steveej = {pkgs, ...}: {
# imports = [
# ../../../home-manager/programs/pass.nix
# ../../../home-manager/programs/openvscode-server.nix
# ];
# };
# }
];
services.openssh = {
enable = true;
openFirewall = true;
settings.PermitRootLogin = "yes";
extraConfig = ''
StreamLocalBindUnlink yes
'';
};
boot = {
kernel = {
sysctl = {
"net.ipv4.conf.all.forwarding" = true;
"net.ipv6.conf.all.forwarding" = true;
};
};
};
networking = {
hostName = nodeName;
useNetworkd = true;
useDHCP = true;
nat.enable = true;
firewall.enable = true;
firewall.allowedTCPPorts = [
5201
];
firewall.allowedUDPPorts = [
5201
];
};
disko.devices = let
disk = id: {
type = "disk";
device = "/dev/${id}";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
mdadm = {
size = "100%";
content = {
type = "mdraid";
name = "raid0";
};
};
};
};
};
in {
disk = {
sda = disk "sda";
sdb = disk "sdb";
};
mdadm = {
raid0 = {
type = "mdadm";
level = 0;
content = {
type = "gpt";
partitions = {
primary = {
size = "100%";
content = {
type = "filesystem";
format = "btrfs";
mountpoint = "/";
};
};
};
};
};
};
};
system.stateVersion = "24.05";
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.initrd.includeDefaultModules = true;
boot.initrd.kernelModules = [
"dm-raid"
"dm-integrity"
"xhci_pci_renesas"
];
hardware.enableRedistributableFirmware = true;
virtualisation.libvirtd.enable = true;
boot.binfmt.emulatedSystems = [
"aarch64-linux"
];
}

0
nix/os/devices/sj-bm-hostkey0/default.nix → nix/os/devices/hstk0/default.nix
View file

124
nix/os/devices/hstk0/flake.lock generated Normal file
View file

@ -0,0 +1,124 @@
{
"nodes": {
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1719401812,
"narHash": "sha256-QONBQ/arBsKZNJuSd3sMIkSYFlBoRJpvf1jGlMfcOuI=",
"owner": "nix-community",
"repo": "disko",
"rev": "b6a1262796b2990ec3cc60bb2ec23583f35b2f43",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"get-flake": {
"locked": {
"lastModified": 1714237590,
"narHash": "sha256-9gtHdGbzFHaR20xORN8IYd67ROWS+1nqQ5CsPf9MD8I=",
"owner": "ursi",
"repo": "get-flake",
"rev": "a6c57417d1b857b8be53aba4095869a0f438c502",
"type": "github"
},
"original": {
"owner": "ursi",
"repo": "get-flake",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1718530513,
"narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "a1fddf0967c33754271761d91a3d921772b30d0e",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.05",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1719253556,
"narHash": "sha256-A/76RFUVxZ/7Y8+OMVL1Lc8LRhBxZ8ZE2bpMnvZ1VpY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "fc07dc3bdf2956ddd64f24612ea7fc894933eb2e",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1719254875,
"narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"disko": "disko",
"get-flake": "get-flake",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable",
"srvos": "srvos"
}
},
"srvos": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1719189969,
"narHash": "sha256-6MSZrWvXSvUKIr0iC9eSbQ09NSm+j1Oh4o9Gentu1CU=",
"owner": "numtide",
"repo": "srvos",
"rev": "4f314be1307c8d5f1fb3d882a67e09dbdf285850",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "srvos",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

15
nix/os/devices/sj-bm-hostkey0/flake.nix → nix/os/devices/hstk0/flake.nix
View file

@ -12,8 +12,6 @@
disko.inputs.nixpkgs.follows = "nixpkgs"; disko.inputs.nixpkgs.follows = "nixpkgs";
srvos.url = "github:numtide/srvos"; srvos.url = "github:numtide/srvos";
srvos.inputs.nixpkgs.follows = "nixpkgs"; srvos.inputs.nixpkgs.follows = "nixpkgs";
mycelium.url = "github:threefoldtech/mycelium";
}; };
# outputs = _: {}; # outputs = _: {};
@ -25,7 +23,7 @@
... ...
} @ attrs: let } @ attrs: let
system = "x86_64-linux"; system = "x86_64-linux";
nodeName = "sj-bm-hostkey0"; nodeName = "hostkey-0";
mkNixosConfiguration = {extraModules ? [], ...} @ attrs: mkNixosConfiguration = {extraModules ? [], ...} @ attrs:
nixpkgs.lib.nixosSystem ( nixpkgs.lib.nixosSystem (
@ -41,17 +39,6 @@
modules = modules =
[ [
./configuration.nix ./configuration.nix
# flake registry
{
nix.registry.nixpkgs.flake = nixpkgs;
}
({lib, ...}: {
nixpkgs.overlays = [
(final: previous: {})
];
})
] ]
++ extraModules; ++ extraModules;
} }

244
nix/os/devices/sj-bm-hostkey0/configuration.nix
View file

@ -1,244 +0,0 @@
{
modulesPath,
repoFlake,
packages',
pkgs,
lib,
config,
nodeFlake,
nodeName,
system,
...
}: let
pkgsUnstable = import nodeFlake.inputs.nixpkgs-unstable {inherit (pkgs) system config;};
pkgsVscodium = import repoFlake.inputs.nixpkgs-vscodium {inherit (pkgs) system config;};
in {
disabledModules = [
];
imports = [
nodeFlake.inputs.disko.nixosModules.disko
repoFlake.inputs.sops-nix.nixosModules.sops
nodeFlake.inputs.srvos.nixosModules.roles-nix-remote-builder
{
roles.nix-remote-builder.schedulerPublicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQ22z5rDdCLYH+MEoEt+tXJXTJqoeZNqvJl2n4aB+Kn steveej@steveej-x13s"
# TODO: make this a reference to the private key's secret
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8FHuK0k86iBWq41+NAhVwJqH1ZpGJe+q01m7iLviz6 root@steveej-t14"
];
}
../../profiles/common/user.nix
../../snippets/nix-settings.nix
../../snippets/nix-settings-holo-chain.nix
{
nix.settings.sandbox = lib.mkForce "relaxed";
}
../../snippets/holo-zerotier.nix
# TODO
# ./network.nix
# ./monitoring.nix
# user config
../../snippets/home-manager-with-zsh.nix
{
users.commonUsers = {
enable = true;
enableNonRoot = true;
};
home-manager.users.steveej = {pkgs, ...}: {
imports = [
../../../home-manager/programs/pass.nix
];
home.packages = [
pkgs.nil
pkgs.nixd
pkgs.nixpkgs-fmt
pkgs.alejandra
pkgs.nixfmt
repoFlake.packages.${system}.rperf
# TODO: automate linking this
# 1. get the commit with: `codium --version`
# 2. create the binary directory: `mkdir -p /home/steveej/.vscodium-server/bin/c8ce3ba4bc6b30b3b10edc61481cb85b1d2396bc/bin/`
# 3. link the binary. this relies on the client-side setting `"remote.SSH.experimental.serverBinaryName": "openvscode-server"` : ln -s $(which openvscode-server) /home/steveej/.vscodium-server/bin/c8ce3ba4bc6b30b3b10edc61481cb85b1d2396bc/bin/
/*
e.g.:
```
(
set -e
export COMMIT=$(codium --version | rg '^[0-9a-f]{40}$')
ssh bm-hostkey0 "pkill -9 openvscode; rm -rf /home/steveej/.vscodium-server/bin/$COMMIT; mkdir -p /home/steveej/.vscodium-server/bin/$COMMIT/bin/; ln -s \$(which openvscode-server) /home/steveej/.vscodium-server/bin/$COMMIT/bin/"
)
```
*/
(pkgsVscodium.openvscode-server.overrideAttrs (attrs: {
src = repoFlake.inputs.openvscode-server;
version = "1.88.1";
yarnCache = attrs.yarnCache.overrideAttrs (_: {outputHash = "sha256-89c6GYLT2RzHqwxBKegYqB6g5rEJ6/nH53cnfV7b0Ts=";});
}))
pkgs.waypipe
];
};
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
environment.pathsToLink = ["/share/zsh"];
}
../../snippets/mycelium.nix
];
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "yes";
services.openssh.extraConfig = ''
StreamLocalBindUnlink yes
'';
boot = {
kernel = {
sysctl = {
"net.ipv4.conf.all.forwarding" = true;
"net.ipv6.conf.all.forwarding" = true;
};
};
};
networking = {
hostName = nodeName;
useNetworkd = true;
useDHCP = true;
# No local firewall.
nat.enable = true;
firewall.enable = false;
firewall.allowedTCPPorts = [
5201
];
firewall.allowedUDPPorts = [
5201
];
};
disko.devices = let
disk = id: {
type = "disk";
device = "/dev/${id}";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
mdadm = {
size = "100%";
content = {
type = "mdraid";
name = "raid0";
};
};
};
};
};
in {
disk = {
sda = disk "sda";
sdb = disk "sdb";
};
mdadm = {
raid0 = {
type = "mdadm";
level = 0;
content = {
type = "gpt";
partitions = {
primary = {
size = "100%";
content = {
type = "filesystem";
format = "btrfs";
mountpoint = "/";
};
};
};
};
};
};
};
system.stateVersion = "23.11";
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.initrd.includeDefaultModules = true;
boot.initrd.kernelModules = [
"dm-raid"
"dm-integrity"
"xhci_pci_renesas"
];
hardware.enableRedistributableFirmware = true;
environment.systemPackages = [
pkgs.hdparm
pkgs.fuse
];
programs.fuse.userAllowOther = true;
services.caddy.enable = true;
services.caddy.email = "mail@stefanjunker.de";
services.caddy.globalConfig = ''
auto_https disable_redirects
'';
services.caddy.virtualHosts = let
holochainDomain = "dev.infra.holochain.org";
in {
"${nodeName}.${holochainDomain}" = {
extraConfig = ''
handle_path /s3/* {
reverse_proxy http://127.0.0.1:9000
}
'';
};
};
# home-manager.users.steveej = _: {
# imports = [
# ../../../home-manager/configuration/text-minimal.nix
# ];
# home.sessionVariables = {
# };
# home.packages = with pkgs; [
# ];
# };
virtualisation.libvirtd.enable = true;
virtualisation.docker.enable = true;
virtualisation.podman.enable = true;
virtualisation.podman.autoPrune.enable = true;
# virtualisation.podman.dockerSocket.enable = true;
boot.binfmt.emulatedSystems = [
"aarch64-linux"
];
steveej.holo-zerotier = {
enable = true;
autostart = false;
};
}

245
nix/os/devices/sj-bm-hostkey0/flake.lock generated
View file

@ -1,245 +0,0 @@
{
"nodes": {
"crane": {
"inputs": {
"nixpkgs": [
"mycelium",
"nixpkgs"
]
},
"locked": {
"lastModified": 1716745752,
"narHash": "sha256-8K1R9Yg4r08rYk86Yq+lu3E9L3uRUb4xMqYHgl0VGS0=",
"owner": "ipetkov",
"repo": "crane",
"rev": "19ca94ec2d288de334ae932107816b4a97736cd8",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1717415925,
"narHash": "sha256-KhclrqEQFrDr6Z8WqtvCdqtR7Fg35aMyfk7ANtx34Ys=",
"owner": "nix-community",
"repo": "disko",
"rev": "b106b5df3654d83197aff4826e3e34a5a5335b1c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"id": "flake-utils",
"type": "indirect"
}
},
"get-flake": {
"locked": {
"lastModified": 1714237590,
"narHash": "sha256-9gtHdGbzFHaR20xORN8IYd67ROWS+1nqQ5CsPf9MD8I=",
"owner": "ursi",
"repo": "get-flake",
"rev": "a6c57417d1b857b8be53aba4095869a0f438c502",
"type": "github"
},
"original": {
"owner": "ursi",
"repo": "get-flake",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1716736833,
"narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.05",
"repo": "home-manager",
"type": "github"
}
},
"mycelium": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nix-filter": "nix-filter",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1717421726,
"narHash": "sha256-51B13+DTS+ZzbGPWIMMA9VwxJ34gVpbzQb0YxlzI96s=",
"owner": "threefoldtech",
"repo": "mycelium",
"rev": "c2c1243876382b8ed987f820864c66323ee33cb9",
"type": "github"
},
"original": {
"owner": "threefoldtech",
"repo": "mycelium",
"type": "github"
}
},
"nix-filter": {
"locked": {
"lastModified": 1710156097,
"narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=",
"owner": "numtide",
"repo": "nix-filter",
"rev": "3342559a24e85fc164b295c3444e8a139924675b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "nix-filter",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1716509168,
"narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bfb7a882678e518398ce9a31a881538679f6f092",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1717196966,
"narHash": "sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "57610d2f8f0937f39dbd72251e9614b1561942d8",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1717144377,
"narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "805a384895c696f802a9bf5bf4720f37385df547",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"disko": "disko",
"get-flake": "get-flake",
"home-manager": "home-manager",
"mycelium": "mycelium",
"nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable",
"srvos": "srvos"
}
},
"srvos": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1717376170,
"narHash": "sha256-603uKDAsg8KKVvMzNxIgTrHvXu6vRYx32NO3tuQCIg4=",
"owner": "numtide",
"repo": "srvos",
"rev": "96998137e26a92debda49fc2a32d4852d754abb4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "srvos",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

26
secrets/hstk0/mycelium_priv_key.bin.enc Normal file
View file

@ -0,0 +1,26 @@
{
"data": "ENC[AES256_GCM,data:2DcYHv5RCSoM3olKYZhn4BTwEROwC4+JZ/PQxF4SV7I=,iv:B27a2XnhgiHW3HAh/MnTUonmhkWvaZkmG2c2JPWV05A=,tag:TKZ/rFzQH0uvbOFoeas3Ag==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwKzZsYytMYkd0WTF1TW5a\nZGpQcUYyUjYzY2UrQVp2bHhJTHRSR013Z1h3CmtjSEFaOGE5WDNDZElkM0c2N0Nh\nQTFRU2hvdlpGYlhsUlZoUGZSaWg1UTgKLS0tIHNNWUw0YytRTm5pRTFXTndBamVL\nbTJUNGNSdTloZXM4OWhrN1dlVFpHUGcKq+owmJktDTqpOgtD/makczGkRTphCtb/\nKnL1ig8xdnG+DdyhVCDmtjC7tAFgSUJBZnQi8ervh+yXOXvTJfGglg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-05-17T14:49:38Z",
"mac": "ENC[AES256_GCM,data:HqeOxzTlr6tyDWmSpvAthf/puD1wdv3a3Nv8qdt9GcR2UqmByreFPRktTwRL53NvCW+8QGSrUjah7fB2GWsuSVXowSSkY5h8W5s0O+YkFLXo9K67hhtEk+4QwYKQk5w4ZdlAEFrgDAzCFr27Mron53VLhVo0DA6GesgywTLf/B4=,iv:uV/dpuhxXl39MTzystHafirJH0mVnLsT+0h9jh4Epm8=,tag:s5uRzLtcfyNuWau9RteyvA==,type:str]",
"pgp": [
{
"created_at": "2024-06-26T19:27:08Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQEMA0SHG/zF3227AQf+NduNIJaTv/DNmY3dGucui5Ud/ONikEdt/8q3M/iSNeQy\njdHjDbHu0UDBwKqD0Pmhs3StWSv2cs4UDvxPtaPV2sN8/WjeAUZJ1Sf2+k1Duy3n\ns40TpaHAf66JuDRkkFaYt5114AE1ypbMp29S0nv9OTpvAFy7FWtw1dsgKskQOWxW\nTnkxfttpaMoCVoUTjPZFbfPE3WJrp+r20QzwzelX5xl3SGmYvdPVDCPp1S54q+gY\n4l3b5R2wvGv3IAA0l7tKtmFe6XqzYlATOSUaP3+qHTKnXFmT1GAr3o+mLRJOG5/R\ny2CJS0wR9JKowAk23ubc1gYxcc/gIUzi5BGMvM4GlNJcAb3Q/nBs5WtjnHrk7zPK\nzzhV758th72GKhzJko6qUFwcfjaIB6h3o0NQAAlVCMXKUWk4KFY1TCgpLbd0Z6Gm\nv8tE1CFUViT/8Ys+2x7UYeWqN53ZWsioGzrk2F4=\n=sXbx\n-----END PGP MESSAGE-----",
"fp": "6F7069FE6B96E894E60EC45C6EEFA706CB17E89B"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

36
secrets/hstk0/secrets.yaml Normal file
View file

@ -0,0 +1,36 @@
tf-eval-minio-root: ENC[AES256_GCM,data:83SacYkxLHU2fHbHNiLG9owDgakOY/nrZBnlDgltRlQDTSW9HkKejVrKtTaixjbxKCgsy9sgJBv8LZtqwthgZ6MI942YU2pJHL8le1wBsuY=,iv:uXbOw/9ljYjWCdafhupVJA7tIvcL801xszI8lrQnQIA=,tag:yolnZdYD1KZJFnH2gs8zzw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuVXBDSTgwVWtpN01ldjdv
UWIxNEZFVVowbFk4bnRNSEl6M1pHcUdIelFFClVHK211enBkODljWHVYNmFYM0gx
L01hVFFSeExtQmFXbytzSEMrbVMxYTAKLS0tIG9lMnBTMXJMMUZUcTRFcThrd1Ny
bEhlUzFqU2hkbXBZaldzeTdCbnhOdTgKsCcLlqcl+fnvZ8EGKNWlbSbLQvzx099E
fC/QlagRvdmVfsFpOQnd0cFzQ1X0EDAx6XcGF8mHBrAKqCS9GCAIyA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-08T16:59:30Z"
mac: ENC[AES256_GCM,data:VIA7UaP1c2kli+BuppPl4LH1jiU9qAfqvfejZ0Mv0E8CxQ0eLAMJVkZIzSygLCx00cPbqAkESrniCeLYagyEP4tS/cff2ngplzig4uFbZzniYMXcYF9VIAyBhGgQGEZlZPgh4r4wmBdUFfhc0CPzmYt0obJ1LXElGdAoeM4OcPs=,iv:KPFJX2qJaxMwvrw/R8xrw5Fk5FRyTQdxq7DnszToy88=,tag:/H7iPZlWk2qMrWbwZdeF5w==,type:str]
pgp:
- created_at: "2024-06-26T19:27:08Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQEMA0SHG/zF3227AQgA1qnWMAoXFJsx0A9dX2qFhRUHOlO+VKOi678pGQu4Pwld
wUdqAylrtaLDsr+kFwLvsGUKKHzfvaQH/EfEChQb2L9njzQjwNwmgZPAq6NqZAmB
EhudaY7R12Lb507Fsh/k7dgOFTuH0/ceKtW+QKF3SVVa+DwgOx8VRP3LJwGW4PQq
mRmPkyjnuFmepziTULe0ZPvO6PaH8FvLISBvMkBH+IGXat98OVgqGFzxHkpA3pey
8w7mKDEi6i6g72GrrjuWFuh5JjSSb3og1ziO4O8XQ7mHqbUYwc4NfeVTYD7thdyh
OsijkXHvvHkRidTjTn4ZEzxFaNgTvzRB0V7r/jEu3tJcASfyDt4sXkKv84xu29Pp
BYZLj9xUrS30bmI8NOP77sy/3++ppX96oKhi91S7F0HZcznJPOhS+YtomXCCGvS9
qaN8kkDXt5k5dkLd2+eft7CCF8+lwf6XX/qEjPw=
=+0h1
-----END PGP MESSAGE-----
fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
unencrypted_suffix: _unencrypted
version: 3.8.1

26
secrets/sj-bm-hostkey0/mycelium_priv_key.bin.enc
View file

@ -1,26 +0,0 @@
{
"data": "ENC[AES256_GCM,data:2DcYHv5RCSoM3olKYZhn4BTwEROwC4+JZ/PQxF4SV7I=,iv:B27a2XnhgiHW3HAh/MnTUonmhkWvaZkmG2c2JPWV05A=,tag:TKZ/rFzQH0uvbOFoeas3Ag==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwenVpMFlQbC9PR1NDTWIy\nYi93VHlTZHg1NHJ0UXNIcFFGV08zRzlyTm00Cnp2RlpuMVBsc3dWOVZVODVBQ09H\nby9GWm1pSVlya0I3b0o2T2RhZGFrc0UKLS0tIGRQK1hPQjlkWjBFb3pSRXE5MnFY\nNFkvdTg3T0FZWVZWK2thRU55a0hWYUkKPHaAqvnyaP0sG47rJD40d4r6vjMjNEif\nq0X+BT3vR1Wd2vFKhWkcrS531jX3JUX5wEPFfbqWY3SEeunkbx43Ew==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-05-17T14:49:38Z",
"mac": "ENC[AES256_GCM,data:HqeOxzTlr6tyDWmSpvAthf/puD1wdv3a3Nv8qdt9GcR2UqmByreFPRktTwRL53NvCW+8QGSrUjah7fB2GWsuSVXowSSkY5h8W5s0O+YkFLXo9K67hhtEk+4QwYKQk5w4ZdlAEFrgDAzCFr27Mron53VLhVo0DA6GesgywTLf/B4=,iv:uV/dpuhxXl39MTzystHafirJH0mVnLsT+0h9jh4Epm8=,tag:s5uRzLtcfyNuWau9RteyvA==,type:str]",
"pgp": [
{
"created_at": "2024-05-17T14:49:38Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQEMA0SHG/zF3227AQf/XROsC15JsLhhO8or+6hYHYVig4cEiazJeo+lAm83WdYj\nQ/rAgQg4hSR6i84UOfPKCGS5Rv3TTkt1VsUgibwAvLdT65SB32pe5SCT68L0yHL1\nXabvMmmREbJW+zwhEz3G2ggzBrnoDE4l3npTYjrhsjEPmRJNBO3g7rigWtRL1iDR\nYl6IrBYB/NGEkfJ0lNWoY6K911Gb0TCVQXO/CMT0xbp9GTIhry9WUX1eWK/fiymP\nnJH3XSGmL2GAZnBIosFkrQlBDxHXC2Xi7kktFnzCgwrZBGYXn9ftC7toHPvn48cV\nuTzcFc2VHXxFLbDwSY/EOsfjSGjaaYXodCr2xHbkR9JcAZvLvs76by2wCzXKM8CR\nueuvS31Ah02r0JD1z8ZXWX3+etMvJEkEk3Nsngbo/r70/qtRTp/eLkTuYjzcUFMU\nXv40Izg+PiFxAOo2RK7RLRdD+YTXuddG/jxSXQY=\n=zrcf\n-----END PGP MESSAGE-----",
"fp": "6F7069FE6B96E894E60EC45C6EEFA706CB17E89B"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

36
secrets/sj-bm-hostkey0/secrets.yaml
View file

@ -1,36 +0,0 @@
tf-eval-minio-root: ENC[AES256_GCM,data:83SacYkxLHU2fHbHNiLG9owDgakOY/nrZBnlDgltRlQDTSW9HkKejVrKtTaixjbxKCgsy9sgJBv8LZtqwthgZ6MI942YU2pJHL8le1wBsuY=,iv:uXbOw/9ljYjWCdafhupVJA7tIvcL801xszI8lrQnQIA=,tag:yolnZdYD1KZJFnH2gs8zzw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBa2YwTDAyWUZqRjFPWnc3
R2FySXZ4d2RxRjlLTkZFblZIOUNPUS9kM1EwCjUrNTE2cmx6bGVTOXljZVllQzJG
clBPa1BjcC9GQ3Z6N0xYSFMvZ0J2c0EKLS0tIFQzQ2NHdmJBTFdNck53NVVyejRN
Y0xhYnI3MlhnbjhTS1dFMUdNZFdnSjgK4cl3R943LNMxA3dODf8nsSdmINkKIjB+
fgp2whfSacWQchsWgpzdiayQoZ9XlWoklmTAX+yN0J8Q3j3CBb3S5g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-08T16:59:30Z"
mac: ENC[AES256_GCM,data:VIA7UaP1c2kli+BuppPl4LH1jiU9qAfqvfejZ0Mv0E8CxQ0eLAMJVkZIzSygLCx00cPbqAkESrniCeLYagyEP4tS/cff2ngplzig4uFbZzniYMXcYF9VIAyBhGgQGEZlZPgh4r4wmBdUFfhc0CPzmYt0obJ1LXElGdAoeM4OcPs=,iv:KPFJX2qJaxMwvrw/R8xrw5Fk5FRyTQdxq7DnszToy88=,tag:/H7iPZlWk2qMrWbwZdeF5w==,type:str]
pgp:
- created_at: "2023-11-23T20:47:08Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcBMA0SHG/zF3227AQf/VZ3eNZsb6emw7b5N9rgkRqTW3QvHe/w2QJcjCjp4Hk2M
Es2jYS6EaMLvduiSf6Xl5qHoQNS+HfM3GBKyRdgP/AcrjXXqj5CzmmbMYk5MY2oU
qseV4VFvvk9i9gbHaGbbntixYHBDeBSEHb/k7jWfUxz4wPhSWxpsEW/UQ1UabDgU
C54m3l9NoJw8oseDHOW7gTPW1mm1KFVBqaJ9zeZX5FHSJ0OBDj015wuGwTxkR7pv
/NL1Xg3wtpYHEhRKh1qxqwijW6EkTK9aAJFutkkYE9nI4x48cLCHjDg1GbXgYQkn
5rPRZPPmWhJPJIyCZIX1RkrVSXSIkI2Vjr3iKpEfltJRAY1KD6PSI3rWRHPDbM7B
oFIdVwLKvV1tBrdVk+3M+nDrXwEshBJUt7r9GTdsWVxjdFgCteTkgkSnzM2y5mbG
AUodj6a/Fvni4sYQka1QbRLn
=YLrT
-----END PGP MESSAGE-----
fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
unencrypted_suffix: _unencrypted
version: 3.8.1