From 129931dbec1a02bfd02b9bfcab07eabf6cb37dd9 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 2 Oct 2022 22:37:07 -0400 Subject: [PATCH] Migrate tounge --- .sops.yaml | 7 ++ flake.lock | 16 +++ flake.nix | 10 ++ machines/tounge/configuration.nix | 182 ++++++++++++++++++++++++++++++ machines/tounge/home.nix | 3 + secrets/all/backblaze.yaml | 69 ++++++----- secrets/all/tailscale.yaml | 69 ++++++----- secrets/tounge/borg.yaml | 31 +++++ secrets/tounge/cloudflare-api | 24 ++++ 9 files changed, 351 insertions(+), 60 deletions(-) create mode 100644 machines/tounge/configuration.nix create mode 100644 machines/tounge/home.nix create mode 100644 secrets/tounge/borg.yaml create mode 100644 secrets/tounge/cloudflare-api diff --git a/.sops.yaml b/.sops.yaml index 0e5368f..a620903 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -6,6 +6,7 @@ keys: - &perception age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd - &shadowchild age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla - &matrix age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d + - &tounge age15vjvppw2gzjwmtlptefhrhqtjyu0a07v488a9s25a3k2vtpqc9uqvw6vl6 creation_rules: - path_regex: secrets/all/.* key_groups: @@ -16,6 +17,7 @@ creation_rules: - *perception - *shadowchild - *matrix + - *tounge - path_regex: secrets/levitation key_groups: - age: @@ -31,3 +33,8 @@ creation_rules: - age: - *nathan - *matrix + - path_regex: secrets/tounge + key_groups: + - age: + - *nathan + - *tounge diff --git a/flake.lock b/flake.lock index 8cc84e5..037f718 100644 --- a/flake.lock +++ b/flake.lock @@ -335,6 +335,21 @@ "type": "github" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1664628729, + "narHash": "sha256-A1J0ZPhBfZZiWI6ipjKJ8+RpMllzOMu/An/8Tk3t4oo=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "3024c67a2e9a35450558426c42e7419ab37efd95", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1664538465, @@ -470,6 +485,7 @@ "mozilla": "mozilla", "nix-on-droid": "nix-on-droid", "nixos-generators": "nixos-generators", + "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", "nixpkgs-unstable": "nixpkgs-unstable_2", "polymc": "polymc", diff --git a/flake.nix b/flake.nix index 4fe0748..e9f1403 100644 --- a/flake.nix +++ b/flake.nix @@ -4,6 +4,7 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; + nixos-hardware.url = "github:NixOS/nixos-hardware"; fenix = { url = "github:nix-community/fenix"; inputs.nixpgks.follows = "nixpkgs"; @@ -65,6 +66,7 @@ { self , nixpkgs , nixpkgs-unstable + , nixos-hardware , fenix , emacs , mozilla @@ -147,6 +149,14 @@ ]; }; + tounge = makeNixosSystem { + system = "aarch64-linux"; + hostName = "tounge"; + extraModules = [ + ./machines/tounge/configuration.nix + ]; + }; + x86vm = makeNixosSystem { system = "x86_64-linux"; hostName = "x86vm"; diff --git a/machines/tounge/configuration.nix b/machines/tounge/configuration.nix new file mode 100644 index 0000000..c44f87a --- /dev/null +++ b/machines/tounge/configuration.nix @@ -0,0 +1,182 @@ +{ config, lib, pkgs, inputs, ... }: + +{ + # Setup hardware + imports = [ inputs.nixos-hardware.nixosModules.raspberry-pi-4 ]; + fileSystems = { + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + }; + # Sops setup for this machine + sops.secrets = { + "borg-ssh-key" = { + sopsFile = ../../secrets/tounge/borg.yaml; + format = "yaml"; + }; + "borg-password" = { + sopsFile = ../../secrets/tounge/borg.yaml; + format = "yaml"; + }; + "cloudflare-api" = { + sopsFile = ../../secrets/tounge/cloudflare-api; + format = "binary"; + }; + }; + # Setup system configuration + nathan = { + services = { + nginx = { + enable = true; + acme = true; + }; + matrix = { + enable = true; + baseDomain = "community.rs"; + enableRegistration = true; + }; + borg = { + enable = true; + extraExcludes = [ + "/var/lib/docker" + "/var/log" + ]; + passwordFile = config.sops.secrets."borg-password".path; + sshKey = config.sops.secrets."borg-ssh-key".path; + }; + }; + config = { + setupGrub = false; + nix = { + autoUpdate = true; + autoGC = true; + }; + harden = false; + virtualization = { + docker = true; + }; + }; + }; + # Configure networking + networking = { + domain = "mccarty.io"; + useDHCP = false; + interfaces.eth0 = { + ipv4.addresses = [{ + address = "10.0.0.10"; + prefixLength = 21; + }]; + }; + + nameservers = [ "1.1.1.1" "1.0.0.1" ]; + # Open ports in firewall + firewall = { + allowedTCPPorts = [ 3080 30443 ]; + allowedUDPPorts = [ 53 ]; + }; + }; + + # Setup home manager + home-manager.users.nathan = import ./home.nix; + + # Setup pi hole + virtualisation.oci-containers.containers."pihole" = { + image = "pihole/pihole:latest"; + ports = [ + "10.0.0.10:53:53/tcp" + "10.0.0.10:53:53/udp" + "172.23.98.121:53:53/tcp" + "172.23.98.121:53:53/udp" + "3080:80" + "30443:443" + ]; + volumes = [ + "/var/lib/pihole/:/etc/pihole/" + "/var/lib/dnsmasq.d:/etc/dnsmasq.d/" + ]; + extraOptions = [ + "--cap-add=NET_ADMIN" + "--dns=1.1.1.1" + ]; + workdir = "/var/lib/pihole/"; + }; + + # Nginx virtual hosts + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + + virtualHosts = { + "pihole.mccarty.io" = { + forceSSL = true; + useACMEHost = "mccarty.io"; + locations."/" = { + proxyPass = "http://localhost:3080"; + extraConfig = '' + allow 172.23.0.0/16; + deny all; + ''; + }; + }; + "hub.mccarty.io" = { + forceSSL = true; + useACMEHost = "mccarty.io"; + locations."/" = { + proxyPass = "http://localhost:3081"; + extraConfig = '' + allow 172.23.0.0/16; + deny all; + ''; + }; + }; + "sonarr.mccarty.io" = { + forceSSL = true; + useACMEHost = "mccarty.io"; + locations."/" = { + proxyPass = "http://10.0.3.10:8989"; + extraConfig = '' + allow 172.23.0.0/16; + deny all; + ''; + }; + }; + "radarr.mccarty.io" = { + forceSSL = true; + useACMEHost = "mccarty.io"; + locations."/" = { + proxyPass = "http://10.0.3.10:7878"; + extraConfig = '' + allow 172.23.0.0/16; + deny all; + ''; + }; + }; + "sabnzbd.mccarty.io" = { + forceSSL = true; + useACMEHost = "mccarty.io"; + locations."/" = { + proxyPass = "http://10.0.3.10:8080"; + extraConfig = '' + allow 172.23.0.0/16; + deny all; + ''; + }; + }; + + }; + }; + # Now we can configure ACME so we can get a star cert + security.acme.certs."mccarty.io" = { + domain = "*.mccarty.io"; + group = "nginx"; + extraDomainNames = [ "mccarty.io" ]; + dnsProvider = "cloudflare"; + credentialsFile = config.sops.secrets."cloudflare-api".path; + dnsPropagationCheck = true; + }; +} diff --git a/machines/tounge/home.nix b/machines/tounge/home.nix new file mode 100644 index 0000000..88d8a3b --- /dev/null +++ b/machines/tounge/home.nix @@ -0,0 +1,3 @@ +{ config, lib, pkgs, ... }: + +{ } diff --git a/secrets/all/backblaze.yaml b/secrets/all/backblaze.yaml index 7fe46a0..0ef4e3a 100644 --- a/secrets/all/backblaze.yaml +++ b/secrets/all/backblaze.yaml @@ -8,56 +8,65 @@ sops: - recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvQWtYK2VSL1NjV2UrYnJE - aFpZUWVYZXFmallsa1lXRndSeW80Ti9FcEdvCjk3YU50M1Z4ZDhFNENUT0wxaTIx - dGorVzNMSGh6SUxOeXFlbEtRSWJlK1UKLS0tIGxTMS95OUxaeHNhclVLWUVCdnJU - NGRJS0xsV3JSNlRhTVMyVFZaWm9iU1kKsvP3YfIqo2ahRUrB+MvucmeaNW93je5s - SBLmbpGl7MxHG/nnsLMh1Qgm+7r3D3KcgneN/CCkgvGEiXBi7/Z/jw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSbzdWNXBrVlptV2UxWkZx + MHo4dVlnUkZ5TTRldU9mQzVHdEJEMld0T2tzCktNKzNUcXBpQjE2a2NGN1htTkpG + UkJpMDNKdHNsVDlHcEF2Sk1FM1hSTEEKLS0tIFRLSzB2bFpDbWJTWDJ2QlQzZkNT + eFlHWTdtemNYQVk4a0hMWHJyVU5JUUkKvzL60lnq6AFPxPEfAXHNrzNfrwWMNiet + jzrCugqnu8SGqLi6rhX0K2Cg2ObiUTMTUQ+06MKKWGq/nzjfbosW3g== -----END AGE ENCRYPTED FILE----- - recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzdWZQN0MxZm5kVUpHdkNT - b2xVYXZ1eThwWUZWTzVSdkF4WUIreWoyQUcwCmZaNkphbjdlcTNOS1dzekhseWt2 - dndmdGdHSWxHK1hjL2lTVVluMEJtUU0KLS0tIE00SjdIYWY2MkFNMnNDUEphU3JT - SFpEMGFvRi92UXM2dXh4WlRNVm1zV3cK49jAamvCbTbzzS0EGo7JqdmQR/SDaTuV - UpZ63mtgWmmgDLGjJWtdNOR0QNu6i/vNCcJ7uQ5NgOnvuM267pSJYg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArRmROcytaellLaWdmcm9O + aVlsQnMwYjh5MG8vUXZrcVVSV3Z6d3V6ZWhvClhJYkFRc3Fva0l6aHI1M3Y3MHpD + WnZ1bC9SY3BHOVZUbGNyZE02cDhlNTAKLS0tIDNnL1puOUxCQ0x4bEZsTk5JM0g5 + eFRvYWtSY001aFRWSkd5WWlvZE91bHMKALOFswDwVn71/OXE/S25hkD+upPGmh8c + 8LtHuKMj6Q4X9/nqPFWwhwymAJh4fD9owO6NmiYmD6+R2pEqsrUk8Q== -----END AGE ENCRYPTED FILE----- - recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUb1l4ZzFhV3dIVHpsVFcr - K2J3cXEwWUhVTVZEcmFQVWZreTdQSVZCdmdZCmcybEM1djZRK2wrQ0VETDQ2V2Jr - SUlsZWo4MWYzQzVnNlVpb2IxS0czQmcKLS0tIG9YbE1hd3lrb0E0SmQyVnBUVkdH - ZzduU2ZTQ0xYZ2NDRHZ4WkhaN1lXVlUKJepT64ruXsICQELt1OYKkiVcG7VrC8AK - BU7KgpgNQ1S1izdmUsp/YtEOhT1JYFuqPZne1YBarCcxrs9yoe1qdw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPYWJySVAwZmpsdDlpY3Vt + VEp1SGd3bkVkL21PUm91ZDkyWGQxbSt6L1I0ClJTQWJVYVNCc2dlcHQ3T3pNeHFa + b3BUd3IvdVRMVFd3aEg0TUh4RzdEek0KLS0tIDhpWjJ5K0I2VmZhQjJsOUdFR0M1 + NXRNTjlLc0FON0E0aEk0YXN1UHYzbnMKu6RrfjEik/GrqG3kBU6OaoUgxUEj9VaZ + EuY1MHw8S5rcszQaw7ubn2YrER46PNTylSSM2bZWQSCiVYLuDV6YeA== -----END AGE ENCRYPTED FILE----- - recipient: age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0dm5pdFJvdEkvQllIc25F - ZjkyT1BrU2FDUGIyK2lOK0hoc3cvekRhZDF3ClI3VGxTY0IrL1FqdHNvWndSQVFq - dVQvbmlEQWMwSmg1dnV5NmVhMlpHWUUKLS0tIGdaQXBNcHNJTUUyMEFoYkN5MFhN - RForSlpVOXY0L3JvRlprelkrRkFnQXMK9R3qCUxOZwuFqRbjKXuy9YMiPZYy0eb0 - ckrnzCAa6kCPTK7z59Ay8/YmrtFHgeJoqSDTvHg0V1H+Ynt+Wd84cg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUa2dGVTAxK051S25VbDJk + c0hTTGIwbGQzbWNRTmZGd1dPNXdkaG9mQUU0CmdhMG9RbFlhVE4rNTdWSU93QmF2 + MmZsYzhhL2x3TGFPM0xjd1B0UkxFVnMKLS0tIFFvQVlTTDM2eXlFNHp5alVESk1L + bnRseSthZytGbmVMbUFVcmxXRVNEWUkKiv8ynRXaMyqjHAHTznNe5N7C8vi8MVGf + +OyiZB2PnU8jKvWJR9TzaGxYMKIBlIDf9rx1RcKuakWVKb2ek4SNXA== -----END AGE ENCRYPTED FILE----- - recipient: age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWa1ZMVjFaNGJVT3RTVnY3 - c25IWk11Wm5IbE1wV1JaaXNJZGI4eHhERkJJCi9zdTdEdmJQZTQ5ajJ5NHNYblVy - b2tFeEprOEt4V2huSzlDd0Y3c1lLOGsKLS0tIG9jczY3a1JjWDJXTkhRajI2cHhk - NjFqbnE2SlZ2TGhBeGFqbVdTUVBUZ0kKjsiT5P1bPSfI1V1CIkydWzPsat2aAwBi - ANUePn2zhaFDzZsKRVGkVc8M2pw4aQC3lk6r7bPoQZ7fjFIh45wm8A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4cTBGeUpqeU1vdTVCRlFM + NlVvWEtaUGN2QU5wbFNKSm1ZakoyM2xjcFhJCldJN0hZbGRwZUpzVnNzK29OdUp5 + S1Y0b2pBMlNxUHJiSGpDRDg3SnI5TXcKLS0tIHJWVDkxZVR5Q0pEcitIZ2NsRXJ6 + bDhsSVRKWTZiemxnRG41aW9QRkZKcjgKLxGm07QF/mNrDhiVgujR7zeLCFj2Viuq + 1PwOfjwAjDwRdDahI90+kVPJeL9eAz78in1UhAQQEbveYhvMQgPsog== -----END AGE ENCRYPTED FILE----- - recipient: age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTZHlxRjVCZzZkOUhMaS9V - WldSM0tZUzNHQ3Z3L3Myd0cvT2lxUTlyV2xjCk1ZSm94SkJodktoS0NrWFhtZTlp - RU1nSGRnZHlMYzdzVW9QYi92NG45TnMKLS0tIHhMSnBuMHRBUU9CTmpCcTA0NE1Y - ak4waGp0UDJaaVk1eWgvazJhaHpVMzQKnsJLuWk/jzoQ45Po9esJyR8ynBWj88w5 - W3vSgFbAfr/pXaitCEBADMLDA21sNjq9/hm6VddhS3mgmZWuTBHlCA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2cWNOblVvbC9iWkI1aFV2 + TVZCWGkraVdYcWxuZlh2ck1TL011ejFpTEFFCmtFZmhCaDZUTGFpSm96Q2Rnd3FF + Uno0disrK2hJc1A3VTZOZExjRlpsQnMKLS0tIHQvS0VhWGdZajA1MW9GbEhMZmd6 + ZlBJaWNmZnpndE8wZnVjN2huaGY2VTgK6Qd2QJ7xU83aW225G8W6e2PsUxg6hmvL + 0vfo/HqZUDsNxlZP0j1Z0VDQuX2dLwYa1fZYyYNvqtUyydgvIqEISQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age15vjvppw2gzjwmtlptefhrhqtjyu0a07v488a9s25a3k2vtpqc9uqvw6vl6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmSmNMQVlLM25MMW1xQlNl + VE1MUnl5b0xKR0dyVEJBZ0w1RC9EUTBaVmkwCnRQMnZ1a1Z1bkFDL25ScDcvbUJS + TmFYaDRvMWpHOTZBb1crZHcrN2xZY2sKLS0tIDlYWE16TkdwK1lvYjFYT1hqL1Bw + OUlrbFhxOGdtNzR4cmxVU01aSkszM0kKulcXRgb6RkxkHAfNbhuQ5LKr3UcNtqT7 + wke/+R5tCxxXnBxWNfLtQgketHjY7Xgqr/9Bh+e8P3qAsH1JfqnXHg== -----END AGE ENCRYPTED FILE----- lastmodified: "2022-06-29T08:33:24Z" mac: ENC[AES256_GCM,data:532kHcb/qLZSePtoxTwk7497UShNpmklNnMCU4WVWBAkyT5XRvIpKHJRWl1A/Ll0/w9Y9fjVxD97PjxE18LLsP7x8t6dj54Z9k2PVEd7U+GP3iy6QhJYJCwehYLiMmqf9T8wsiLyEVyXDn04pN62NQNw/F5n9kBbeWxSk3wuDtA=,iv:OaWeCvIr2mSUzVgytKcueeFN3tzfBoydyXgMxLSE/pY=,tag:bDkmi+W9cd9avpIVEJTEHw==,type:str] diff --git a/secrets/all/tailscale.yaml b/secrets/all/tailscale.yaml index 01b9495..bea5491 100644 --- a/secrets/all/tailscale.yaml +++ b/secrets/all/tailscale.yaml @@ -8,56 +8,65 @@ sops: - recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwR3ZrbnhyOGlsd1FGNnlM - eWp2NVcydGtJL1pXSTZnYUhjY0JYNEJwUGlvCk82cnRNbFJnV2sxS2ZwVE8wWTIy - OGlzTGRKeEo1VmQybTlody9vSjhZd2cKLS0tIE44bkg4NVkyMnhsYnZoMUhvZkhs - Vk5vU2psN0FXM3YvbjZISGZnQk0zcEUK+XhL767U4VOHKtUpm0rvS2a0xZqqDPn0 - lzpJJ/xy3sHwUVb4iLHGigcc78mefu2oecMP8bfDuZFp6DNoK9WP1Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMcFBSWnpENFB4MDRQYnY1 + ekxuNVFhYTFVT0FZcm1TamQ4TndobmxrRTNVCnZWUWpQckpZdjZVZHNqU0c5YnVV + bS9hUjAvMHRhWFB5MDFiR3NOVTBZNVkKLS0tIDF1THRvQTZncVRxcGtlK1ZLSm1v + L3FRYkxWRGRIRkxBbXZSdVNDMzFTaTgKmncMoZ1bbu7FOC2+p2lvLWkfHeouTecY + /4mAXQxZ6z+wC29zBRtG81LUv1kD0XwJ9Yy7olRx9R2USqe7s6ZR7g== -----END AGE ENCRYPTED FILE----- - recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvZ1lNdlk5UU9xUVhRRzFt - bThEbk5BUWtWSXptTmZLRjBMSjd3bzVjbXo4CjRTNUJZZ2h5ZnJTNXMwRkFMbGxs - S3dOZUtRbUxZSXJHb1E4QXNxSlBScEUKLS0tIFNqSVRIdXZUckVJanBTWTd3dHMv - Z3NvcmdrcjZtK3YyR3o0Znc5cmQ2YVkKFvRIQQoxZ7WYngPHJJPCYpUuAPRjxABV - iD8mJ2RJ+VStQONZZyhf9ZC+TprdNC5nD4GimA/AM5f5YxRAhRhXcA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWUUVmUmpQU0sxL0JQMlFL + bnhDK08xcFp0ZFNwVFptZlZQMk9DTEcrV1g0CkF0aGtQTEpqSGpaOGFMbStDM2o5 + amVBS0N0WGVjSWtIQUg4WlhYUTd6SzAKLS0tIEl4NUpaQmJ3ZWF2RkF0d0lVV1VD + UTFoRmJJVnVtWXRqTGFPZi9ZVWtWbkEK1GZQUGeaaasyODHALtoJy6e6NvC/qCeA + upNH/MWdobPoT/w92IoFJoGsNIrn7NOXrvjo7Pi/iBja7HIFz0cRxA== -----END AGE ENCRYPTED FILE----- - recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4eWZ5Mzc2QVFZazRrZk4y - a214TW5EMkw3TDNGNlN4N25hekY0UGRXbzBFCnVaZU1MYThMeGRNNWY0WW5DNTFp - MUZFZkxJVDVWdjd2YXlXVkxwTFFyc0EKLS0tIHY5UWZ1akxBcUY4b0E3VUJwakt3 - UytuYTZBZlhMNFNWeDkwdDl0YzR4YU0KOQPfVIBWGFyPbCJOe4yY4i9FwGYaAQRY - aIn9RtB5q84J4KvTXo8+l0XMqzq6AktYJtvuGmKDmoDg/ZoZLj15xg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyWTYwTjBjdzBLSm5YL3VK + ZTR3SGg5azBkOHlrQjlIeVhnWVpxRTRSd3pRCmNDSlgvYXBNbUk0eThKRWxJYUFh + SFdxbGxFZndJR0lmejcvVjhyeFdQczAKLS0tIC9qZzgzRkVkbmMxbG1Fd1hPT05F + M281dDlHTEhFTk1wUjU5d3pMZUI1OFEK8q+tfmQstmW8nslOfYGOTLbdE5MDgr0a + zeN3YNvQC24D4lcrFzO+WkEGjrHu2pfjTdiIg3NHJt3p8OUPh0Oplg== -----END AGE ENCRYPTED FILE----- - recipient: age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzREZHQ2o4UnJweXR2bHVQ - R2R5VWtML2NITlNwOU5PYmZLZlRhYkNKd3pjClZCcitJSHBSdnhNVnZwVUYzY0Rn - UURIdFlUVEhLSkt2NGtDZi9tMzNOR1kKLS0tIFRCbW8rYjdMblNaa2NhZW00UzBV - ZUpXQjRPYjNVYVdlbHNlWE5hVDhJam8KyZHwn0y+KIu5J1g7oI6qsBsTWP589Lfd - bZgh/yo9CF9/iZO74I1a4eHYBGYGh/clNjLmKk63gsfxcqY6Ck2eqQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwSzduUWwxTmdZa28vejlH + ak00S0NTVURxdnhzU29JanpOQy9IcEJYcWdNCkFoLzFvV1NpUElVWUZNeUVLWWRB + ejZmVWZ6MTVVNGNQOHd2bENYMG9lRWMKLS0tIE51L0VEZGZ3bnQ1WmxYbU1wdXcx + RWoydjZOa0s0YXdkNERiZWp6S1JrZk0K0rIkpOAmnURiB4O0DKgf/uO6yqlKOUBH + /7T9xqxlFYEJkQhdktgOB1jhOnfU6YpD4oLsJ113dMiMp7HHRaeM6g== -----END AGE ENCRYPTED FILE----- - recipient: age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVdHV1NXh1RmpPWXBGOVIw - U0I3NWEraWs4dUxLWXdoMTlYQ1d6blBhZ2pjCk1lY0pZM1VHaGFSZGYyeEZxOFFO - MzJwRHdTaCtZakJUNUxHeG40NnlFaHcKLS0tIDVzMzZPN3lQeUhlZ0thWWZLbkc2 - UXNROW1Ub2VyT01jMUN4MUMrUU1mKzgKmf24d/VgivYC25yHJSdFkItt9SCtLNZb - 0Rrh/N11pV24qWFXkFuX/ZKK5bV3JrUgS7K3KWOp4ur6dlI5rfMsUg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOWE9wZkVzdDdzMHROV3pn + NGkrTmtGdU96Yk5rZHJXbGZUZjU0SUh4cEZNCnd1Rkw0aS9mbGw2V1c1TndNaVpw + Y0U4dE1FT1RCZFVqOGZ4MWVvN0ZLdXMKLS0tIDBHYlVSRnQ4Ui9NRm0yYWtOdlNC + VjdRTGgrYmlIUWVBU2xDVTBVT0hYZm8KZiDQ1f6ZNMuCbQy+kXHdjHPBmNqIl8i8 + AdkfCVCsZZMctAM4HRLvVdZmabpNC/0+Y6ITSSaKKrZEMjW+cjJdOw== -----END AGE ENCRYPTED FILE----- - recipient: age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSOXdMcFJ5WVVBNEhtbkR0 - a1JFczdsZDFpNnd2a0RTWjNoOXM4ZXpSQVM4Cjh0aHg2MCtMWmZPUnRpdEZoS3E2 - NDJZZ3ZpNlh3VUQvQVZxSkJmd05TOXMKLS0tIDJwQW5nVStYSEROVnRJK0liRzR5 - UWU2SXIyTkhRU1NCajZQUUd5MlBnT2MKMIgwTZWnrAKzqHP7EFslZ+HMD7ZtBilJ - +FgcIllwQV9XeIyhAuAeKjP95JgCwn1oQL32fYCyyqwykeb0wjQdzA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqano4L1JlUjU5by9HdWMr + bmZOakcwbG5pUit6REhXNGRNVkNZQjl0RUZzCk9yWjdPSEtiY1A0b3d1QWM1N2pi + MGFJNnpJMUFKbXNpdUlPbjlMYVlMNzQKLS0tIGZEeFpMUzNXMForM1paaXJ5cElv + eDVsQ2J4bFlMcG0rWGcyTE5CZVJQbEUKyPmrq3VwnwaIWV3V3Vzl27bUcXkNyvLN + vjG/ZwmkYNUviK/EqlY/w6aDfo/Wqp+t7zfwd9xPocqRYYA8GEyFaw== + -----END AGE ENCRYPTED FILE----- + - recipient: age15vjvppw2gzjwmtlptefhrhqtjyu0a07v488a9s25a3k2vtpqc9uqvw6vl6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3bkNVL2x0MkFvYk5yY01j + R05xTVV0cFFjWFhTT1djTnYreVl3U3NsN1d3Ck5ET3ovVkoyUjlobzdjeGYzNWJx + WkVZUXc5ZWpSZmJ6SHpUNDVrb3NRWTQKLS0tIEo0Q1RRSU8vT01zdFlDRVlSTm5y + NElDZG9WTi96VDNnMVVuNFdxSzh4alEKhDmGG1oi2+msmVB8YCT88fLUwGyOA2zo + VYND7CWX+TM6oqKjqKVYu3dS/BTQGQzfUQ3Uc1lZKquLNJK68tnWNw== -----END AGE ENCRYPTED FILE----- lastmodified: "2022-06-24T00:21:52Z" mac: ENC[AES256_GCM,data:92ibRrMnizSQrHIJtW+2KZSeUlU2/Oi18voZKBsC2xyODDh+iHWOBBlv62YUKODRBE2Ze/OklvcYME03NAvY4/wKOqjz/cFMU8PeEkxZvzCtnP55CCYYL6QJ0DSJPP+dKQQkfTV5Xy0JPyY9lZc+g22FB+/FZeo1o3N3lz9Nd1E=,iv:dTeHpQQWcm6cAh11csxR6Lgw3pdTTFWPqR6MozFP+fU=,tag:7WFZfd1D+twItx/xC/MHfA==,type:str] diff --git a/secrets/tounge/borg.yaml b/secrets/tounge/borg.yaml new file mode 100644 index 0000000..37ca4ff --- /dev/null +++ b/secrets/tounge/borg.yaml @@ -0,0 +1,31 @@ +borg-ssh-key: ENC[AES256_GCM,data:qeQOz2QgKSwRpGvej1pXAyzrzGn2mBmqTY2kk5nM6ApIUqUey0+a/9ZVCkRRQP+rgMbHr91JJ/i66u5YOcguQWYJyNny0uOb6Fl/hgo6hMsTw9xu7Q3hMTFWVhdKFiBvGh/iwSNx/f15BMEACnYZnGN8rNvaVGRZkwDQgj9JYkeDPXa3PmGzHR6LqsX1hleLJqWSnT5I/Q0mStJYZHr0QYnrNleeFOWZwmR63QWCtqmuYWH3rHP+rQU0ZefUMPr55HGk9jDC9lQpdxnaRAr2lXRQk0NYOVbInT1CVU6OCp27E9FNXD6C7KBQUf/ptv9q6+oVrbHIY+Fcnc5BIEn5MYDj0yZcPh56vmlvlehsLdlTgCrX12wUW227XfJKlrGgcd+fhnWp8wCJC8iFhUp3tc4yYKRZr60u3pHs9VdXEFYJ9ohm/R6TEi56FxrCUCIG8RCHXkllgQeMWSgGGlOkxDmB4FTcr1jdKCWfrI9t19ZTARc1Ie0toEovpjEjFBlVyUy0t3RPxI+Pi/tM4OUaQm/yh8t2Iijeir5g,iv:ofISMk1Wi5xTwz2XHe9yDLegOgtuzdOm2hSO0QGCMj4=,tag:eEU5cfj7EadiQTPAlE5IYg==,type:str] +borg-password: ENC[AES256_GCM,data:OP+KIxmhR9R/jexANk707/aTC6UlMg4+sJFaLFCNj5XSNtV3KC61z3I+UbmeApo8,iv:/ZMT60g+H6i0QX7eTrqz/0OWt48zLoaGSnXrcckD0Kw=,tag:CG4bUdyFL8QwdVSip1Q12g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHL29ZSEk0cW16U05CcnlE + SkFrZDUyZTEwemJVODZTc3IvSlZvZ3RhV21ZCjNLTXc0bDh6RWFsSmhZb1Ntdk1z + Mmx0aWZGeGhjUUJsOGhpMDNLMk1PeVEKLS0tIDNNUW1VZWV1K1NRbVlnYnZkaGM1 + MkpHcE5hR0loYWFvRVo2MHFDd1B3SEEKnkGdTMf5/GyKAMQEW5eZwmtZWL2Zq/Op + Ey4tXhKlBwrbb6niOizeKeWpsdukE1r3A5kY360wZ9wZI/Yt/joa1g== + -----END AGE ENCRYPTED FILE----- + - recipient: age15vjvppw2gzjwmtlptefhrhqtjyu0a07v488a9s25a3k2vtpqc9uqvw6vl6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4c2o1Q2N2NFJQSjlOdWNZ + VHlKOTNJN2VMUnZPdUZKbmRKNWFNeFRnR3lJCmxFeVpFM3ErY3FicUs1T1A0QlRN + SVZaSnpnY3JBY0dENVRpT3ZMN2lEMVkKLS0tIE1veVhDdHFtOSttQUEwTDFBcmxR + ZzU5ZVB3dFZrZXRRTFNISzVuUmZwN2sKMsbZO1WwawVm8tu4VJJ3GJEXVgPUs+ZZ + 85VX4iPOf/6+KSCmDKDcmLHidw7VPZKqxFQfPmrftwuE27YyFXEAPQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-10-03T02:36:18Z" + mac: ENC[AES256_GCM,data:PZRcz9uVt1nFwsu7x1gAK9yiYQgWbWF2Xd3uw9Lob4VweGfYXpzqbhJciJTDQAJ5ACSf0b7R/gsLpxjazA2wre89Zyn00NU2PF6skzwLBk6JydGps5tbZuvuFWkeWyE1lGBVq2NOynhtPXtiXCU5g7N7SH10NDZybJZStoCarI4=,iv:hG+Xupt/DMp4NPmCa7uCut5wPjmFmEh5XbVpMz1bZBw=,tag:u0v1a0+eeJSsCAEXZzMi5g==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/secrets/tounge/cloudflare-api b/secrets/tounge/cloudflare-api new file mode 100644 index 0000000..a51b0ea --- /dev/null +++ b/secrets/tounge/cloudflare-api @@ -0,0 +1,24 @@ +{ + "data": "ENC[AES256_GCM,data:sZQwAYkNHhbsKJ73rSnOotf47wU6rx3LIf53UYQJ2X+xRCUlpC0YUY3YflFSM2lswp+nBuOL5Qr0pf88p7f0+50J0+Hp2xXJ4h3YAeeH0/R0y12Op0/5U1imhkqosT836H3QzA/8HtUG,iv:mg8tdZE+Vb8OpnHZ0Pcsg63dwa4c6pGAaaYhaREIMGs=,tag:WW1Z/ErcQt9RzNdysWwn/Q==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzY2JYVHI5WXlnY0hXcjgy\nd2dsNWpyQk9wR2hlWGlqODkvVmZrektvc0VrCmJFYlhCcXZGMmRIVEtSeStUYVYr\nUHp4UHpmK0lKS2UzRllYb2NtVFFtYlEKLS0tIHdqVDE4OWVVb3A2WDhpc0QrNk0v\nT1pJTjRmRkRsbE9HNFZITVQrVC9jcUEKG1UXA/hIRq4IM0lS3DM4aD8pOBLAU8eU\nhzZsVuNbhMas7LG4FBV3TPgMvgmk+Iy0iMfSzGX4Ui+j5f8b0I59mA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age15vjvppw2gzjwmtlptefhrhqtjyu0a07v488a9s25a3k2vtpqc9uqvw6vl6", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkTFFBKzM3d2pCUS8raHFT\nVDhkdGszU1FEVS9YblBPeVpFRW5LR1BnTGlvCkp1eTg2UWpIa1ozdzVPeGF1Rk83\nSmZyU1VKOGlUNzZDWnBVeWo0N3RRcFUKLS0tIGttYzNBd2s0eGtxeWVJM2REUml1\nVE9kdkpnS0lsVGovNXVKTlcwVjVEdEkKN40ZJ7feBsnzHrY4YTUlLPtl7XaB18vl\nNEGZUEmauubCmvMoZtvkgc8g1w/xF9nR711v0r2To4AJvhBlAp6Fuw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2022-10-03T02:35:29Z", + "mac": "ENC[AES256_GCM,data:8H+ynSM0In3vNnM4cwAO98n1bvWtFz2pasgUCCPIbri0fZqDZa+XUWDDezHDvx3G6F3e1lXG4HwMClSx+TtgZLall226MjE+lJJwYApD+pT6/2BkHGXR/RmlzV2yFIFd4wqxO8OPAT5mBzovxpJX/PPJZZIXjuzdY40lr4VMKVE=,iv:T9NSrUUirnvLE/lorDuj9SnzKJYkzHi/YHJSEvYnjfE=,tag:WvUltVQJhtaiPCLNPnMIVQ==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +} \ No newline at end of file