Migrate tounge

This commit is contained in:
Nathan McCarty 2022-10-02 22:37:07 -04:00
parent 1c55fda94f
commit 129931dbec
Signed by: thatonelutenist
GPG Key ID: D70DA3DD4D1E9F96
9 changed files with 351 additions and 60 deletions

View File

@ -6,6 +6,7 @@ keys:
- &perception age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd - &perception age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd
- &shadowchild age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla - &shadowchild age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla
- &matrix age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d - &matrix age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d
- &tounge age15vjvppw2gzjwmtlptefhrhqtjyu0a07v488a9s25a3k2vtpqc9uqvw6vl6
creation_rules: creation_rules:
- path_regex: secrets/all/.* - path_regex: secrets/all/.*
key_groups: key_groups:
@ -16,6 +17,7 @@ creation_rules:
- *perception - *perception
- *shadowchild - *shadowchild
- *matrix - *matrix
- *tounge
- path_regex: secrets/levitation - path_regex: secrets/levitation
key_groups: key_groups:
- age: - age:
@ -31,3 +33,8 @@ creation_rules:
- age: - age:
- *nathan - *nathan
- *matrix - *matrix
- path_regex: secrets/tounge
key_groups:
- age:
- *nathan
- *tounge

View File

@ -335,6 +335,21 @@
"type": "github" "type": "github"
} }
}, },
"nixos-hardware": {
"locked": {
"lastModified": 1664628729,
"narHash": "sha256-A1J0ZPhBfZZiWI6ipjKJ8+RpMllzOMu/An/8Tk3t4oo=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "3024c67a2e9a35450558426c42e7419ab37efd95",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1664538465, "lastModified": 1664538465,
@ -470,6 +485,7 @@
"mozilla": "mozilla", "mozilla": "mozilla",
"nix-on-droid": "nix-on-droid", "nix-on-droid": "nix-on-droid",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable_2", "nixpkgs-unstable": "nixpkgs-unstable_2",
"polymc": "polymc", "polymc": "polymc",

View File

@ -4,6 +4,7 @@
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixos-hardware.url = "github:NixOS/nixos-hardware";
fenix = { fenix = {
url = "github:nix-community/fenix"; url = "github:nix-community/fenix";
inputs.nixpgks.follows = "nixpkgs"; inputs.nixpgks.follows = "nixpkgs";
@ -65,6 +66,7 @@
{ self { self
, nixpkgs , nixpkgs
, nixpkgs-unstable , nixpkgs-unstable
, nixos-hardware
, fenix , fenix
, emacs , emacs
, mozilla , mozilla
@ -147,6 +149,14 @@
]; ];
}; };
tounge = makeNixosSystem {
system = "aarch64-linux";
hostName = "tounge";
extraModules = [
./machines/tounge/configuration.nix
];
};
x86vm = makeNixosSystem { x86vm = makeNixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
hostName = "x86vm"; hostName = "x86vm";

View File

@ -0,0 +1,182 @@
{ config, lib, pkgs, inputs, ... }:
{
# Setup hardware
imports = [ inputs.nixos-hardware.nixosModules.raspberry-pi-4 ];
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
options = [ "noatime" ];
};
};
# Sops setup for this machine
sops.secrets = {
"borg-ssh-key" = {
sopsFile = ../../secrets/tounge/borg.yaml;
format = "yaml";
};
"borg-password" = {
sopsFile = ../../secrets/tounge/borg.yaml;
format = "yaml";
};
"cloudflare-api" = {
sopsFile = ../../secrets/tounge/cloudflare-api;
format = "binary";
};
};
# Setup system configuration
nathan = {
services = {
nginx = {
enable = true;
acme = true;
};
matrix = {
enable = true;
baseDomain = "community.rs";
enableRegistration = true;
};
borg = {
enable = true;
extraExcludes = [
"/var/lib/docker"
"/var/log"
];
passwordFile = config.sops.secrets."borg-password".path;
sshKey = config.sops.secrets."borg-ssh-key".path;
};
};
config = {
setupGrub = false;
nix = {
autoUpdate = true;
autoGC = true;
};
harden = false;
virtualization = {
docker = true;
};
};
};
# Configure networking
networking = {
domain = "mccarty.io";
useDHCP = false;
interfaces.eth0 = {
ipv4.addresses = [{
address = "10.0.0.10";
prefixLength = 21;
}];
};
nameservers = [ "1.1.1.1" "1.0.0.1" ];
# Open ports in firewall
firewall = {
allowedTCPPorts = [ 3080 30443 ];
allowedUDPPorts = [ 53 ];
};
};
# Setup home manager
home-manager.users.nathan = import ./home.nix;
# Setup pi hole
virtualisation.oci-containers.containers."pihole" = {
image = "pihole/pihole:latest";
ports = [
"10.0.0.10:53:53/tcp"
"10.0.0.10:53:53/udp"
"172.23.98.121:53:53/tcp"
"172.23.98.121:53:53/udp"
"3080:80"
"30443:443"
];
volumes = [
"/var/lib/pihole/:/etc/pihole/"
"/var/lib/dnsmasq.d:/etc/dnsmasq.d/"
];
extraOptions = [
"--cap-add=NET_ADMIN"
"--dns=1.1.1.1"
];
workdir = "/var/lib/pihole/";
};
# Nginx virtual hosts
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts = {
"pihole.mccarty.io" = {
forceSSL = true;
useACMEHost = "mccarty.io";
locations."/" = {
proxyPass = "http://localhost:3080";
extraConfig = ''
allow 172.23.0.0/16;
deny all;
'';
};
};
"hub.mccarty.io" = {
forceSSL = true;
useACMEHost = "mccarty.io";
locations."/" = {
proxyPass = "http://localhost:3081";
extraConfig = ''
allow 172.23.0.0/16;
deny all;
'';
};
};
"sonarr.mccarty.io" = {
forceSSL = true;
useACMEHost = "mccarty.io";
locations."/" = {
proxyPass = "http://10.0.3.10:8989";
extraConfig = ''
allow 172.23.0.0/16;
deny all;
'';
};
};
"radarr.mccarty.io" = {
forceSSL = true;
useACMEHost = "mccarty.io";
locations."/" = {
proxyPass = "http://10.0.3.10:7878";
extraConfig = ''
allow 172.23.0.0/16;
deny all;
'';
};
};
"sabnzbd.mccarty.io" = {
forceSSL = true;
useACMEHost = "mccarty.io";
locations."/" = {
proxyPass = "http://10.0.3.10:8080";
extraConfig = ''
allow 172.23.0.0/16;
deny all;
'';
};
};
};
};
# Now we can configure ACME so we can get a star cert
security.acme.certs."mccarty.io" = {
domain = "*.mccarty.io";
group = "nginx";
extraDomainNames = [ "mccarty.io" ];
dnsProvider = "cloudflare";
credentialsFile = config.sops.secrets."cloudflare-api".path;
dnsPropagationCheck = true;
};
}

3
machines/tounge/home.nix Normal file
View File

@ -0,0 +1,3 @@
{ config, lib, pkgs, ... }:
{ }

View File

@ -8,56 +8,65 @@ sops:
- recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 - recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvQWtYK2VSL1NjV2UrYnJE YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSbzdWNXBrVlptV2UxWkZx
aFpZUWVYZXFmallsa1lXRndSeW80Ti9FcEdvCjk3YU50M1Z4ZDhFNENUT0wxaTIx MHo4dVlnUkZ5TTRldU9mQzVHdEJEMld0T2tzCktNKzNUcXBpQjE2a2NGN1htTkpG
dGorVzNMSGh6SUxOeXFlbEtRSWJlK1UKLS0tIGxTMS95OUxaeHNhclVLWUVCdnJU UkJpMDNKdHNsVDlHcEF2Sk1FM1hSTEEKLS0tIFRLSzB2bFpDbWJTWDJ2QlQzZkNT
NGRJS0xsV3JSNlRhTVMyVFZaWm9iU1kKsvP3YfIqo2ahRUrB+MvucmeaNW93je5s eFlHWTdtemNYQVk4a0hMWHJyVU5JUUkKvzL60lnq6AFPxPEfAXHNrzNfrwWMNiet
SBLmbpGl7MxHG/nnsLMh1Qgm+7r3D3KcgneN/CCkgvGEiXBi7/Z/jw== jzrCugqnu8SGqLi6rhX0K2Cg2ObiUTMTUQ+06MKKWGq/nzjfbosW3g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw - recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzdWZQN0MxZm5kVUpHdkNT YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArRmROcytaellLaWdmcm9O
b2xVYXZ1eThwWUZWTzVSdkF4WUIreWoyQUcwCmZaNkphbjdlcTNOS1dzekhseWt2 aVlsQnMwYjh5MG8vUXZrcVVSV3Z6d3V6ZWhvClhJYkFRc3Fva0l6aHI1M3Y3MHpD
dndmdGdHSWxHK1hjL2lTVVluMEJtUU0KLS0tIE00SjdIYWY2MkFNMnNDUEphU3JT WnZ1bC9SY3BHOVZUbGNyZE02cDhlNTAKLS0tIDNnL1puOUxCQ0x4bEZsTk5JM0g5
SFpEMGFvRi92UXM2dXh4WlRNVm1zV3cK49jAamvCbTbzzS0EGo7JqdmQR/SDaTuV eFRvYWtSY001aFRWSkd5WWlvZE91bHMKALOFswDwVn71/OXE/S25hkD+upPGmh8c
UpZ63mtgWmmgDLGjJWtdNOR0QNu6i/vNCcJ7uQ5NgOnvuM267pSJYg== 8LtHuKMj6Q4X9/nqPFWwhwymAJh4fD9owO6NmiYmD6+R2pEqsrUk8Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn - recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUb1l4ZzFhV3dIVHpsVFcr YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPYWJySVAwZmpsdDlpY3Vt
K2J3cXEwWUhVTVZEcmFQVWZreTdQSVZCdmdZCmcybEM1djZRK2wrQ0VETDQ2V2Jr VEp1SGd3bkVkL21PUm91ZDkyWGQxbSt6L1I0ClJTQWJVYVNCc2dlcHQ3T3pNeHFa
SUlsZWo4MWYzQzVnNlVpb2IxS0czQmcKLS0tIG9YbE1hd3lrb0E0SmQyVnBUVkdH b3BUd3IvdVRMVFd3aEg0TUh4RzdEek0KLS0tIDhpWjJ5K0I2VmZhQjJsOUdFR0M1
ZzduU2ZTQ0xYZ2NDRHZ4WkhaN1lXVlUKJepT64ruXsICQELt1OYKkiVcG7VrC8AK NXRNTjlLc0FON0E0aEk0YXN1UHYzbnMKu6RrfjEik/GrqG3kBU6OaoUgxUEj9VaZ
BU7KgpgNQ1S1izdmUsp/YtEOhT1JYFuqPZne1YBarCcxrs9yoe1qdw== EuY1MHw8S5rcszQaw7ubn2YrER46PNTylSSM2bZWQSCiVYLuDV6YeA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd - recipient: age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0dm5pdFJvdEkvQllIc25F YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUa2dGVTAxK051S25VbDJk
ZjkyT1BrU2FDUGIyK2lOK0hoc3cvekRhZDF3ClI3VGxTY0IrL1FqdHNvWndSQVFq c0hTTGIwbGQzbWNRTmZGd1dPNXdkaG9mQUU0CmdhMG9RbFlhVE4rNTdWSU93QmF2
dVQvbmlEQWMwSmg1dnV5NmVhMlpHWUUKLS0tIGdaQXBNcHNJTUUyMEFoYkN5MFhN MmZsYzhhL2x3TGFPM0xjd1B0UkxFVnMKLS0tIFFvQVlTTDM2eXlFNHp5alVESk1L
RForSlpVOXY0L3JvRlprelkrRkFnQXMK9R3qCUxOZwuFqRbjKXuy9YMiPZYy0eb0 bnRseSthZytGbmVMbUFVcmxXRVNEWUkKiv8ynRXaMyqjHAHTznNe5N7C8vi8MVGf
ckrnzCAa6kCPTK7z59Ay8/YmrtFHgeJoqSDTvHg0V1H+Ynt+Wd84cg== +OyiZB2PnU8jKvWJR9TzaGxYMKIBlIDf9rx1RcKuakWVKb2ek4SNXA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla - recipient: age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWa1ZMVjFaNGJVT3RTVnY3 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4cTBGeUpqeU1vdTVCRlFM
c25IWk11Wm5IbE1wV1JaaXNJZGI4eHhERkJJCi9zdTdEdmJQZTQ5ajJ5NHNYblVy NlVvWEtaUGN2QU5wbFNKSm1ZakoyM2xjcFhJCldJN0hZbGRwZUpzVnNzK29OdUp5
b2tFeEprOEt4V2huSzlDd0Y3c1lLOGsKLS0tIG9jczY3a1JjWDJXTkhRajI2cHhk S1Y0b2pBMlNxUHJiSGpDRDg3SnI5TXcKLS0tIHJWVDkxZVR5Q0pEcitIZ2NsRXJ6
NjFqbnE2SlZ2TGhBeGFqbVdTUVBUZ0kKjsiT5P1bPSfI1V1CIkydWzPsat2aAwBi bDhsSVRKWTZiemxnRG41aW9QRkZKcjgKLxGm07QF/mNrDhiVgujR7zeLCFj2Viuq
ANUePn2zhaFDzZsKRVGkVc8M2pw4aQC3lk6r7bPoQZ7fjFIh45wm8A== 1PwOfjwAjDwRdDahI90+kVPJeL9eAz78in1UhAQQEbveYhvMQgPsog==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d - recipient: age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTZHlxRjVCZzZkOUhMaS9V YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2cWNOblVvbC9iWkI1aFV2
WldSM0tZUzNHQ3Z3L3Myd0cvT2lxUTlyV2xjCk1ZSm94SkJodktoS0NrWFhtZTlp TVZCWGkraVdYcWxuZlh2ck1TL011ejFpTEFFCmtFZmhCaDZUTGFpSm96Q2Rnd3FF
RU1nSGRnZHlMYzdzVW9QYi92NG45TnMKLS0tIHhMSnBuMHRBUU9CTmpCcTA0NE1Y Uno0disrK2hJc1A3VTZOZExjRlpsQnMKLS0tIHQvS0VhWGdZajA1MW9GbEhMZmd6
ak4waGp0UDJaaVk1eWgvazJhaHpVMzQKnsJLuWk/jzoQ45Po9esJyR8ynBWj88w5 ZlBJaWNmZnpndE8wZnVjN2huaGY2VTgK6Qd2QJ7xU83aW225G8W6e2PsUxg6hmvL
W3vSgFbAfr/pXaitCEBADMLDA21sNjq9/hm6VddhS3mgmZWuTBHlCA== 0vfo/HqZUDsNxlZP0j1Z0VDQuX2dLwYa1fZYyYNvqtUyydgvIqEISQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age15vjvppw2gzjwmtlptefhrhqtjyu0a07v488a9s25a3k2vtpqc9uqvw6vl6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmSmNMQVlLM25MMW1xQlNl
VE1MUnl5b0xKR0dyVEJBZ0w1RC9EUTBaVmkwCnRQMnZ1a1Z1bkFDL25ScDcvbUJS
TmFYaDRvMWpHOTZBb1crZHcrN2xZY2sKLS0tIDlYWE16TkdwK1lvYjFYT1hqL1Bw
OUlrbFhxOGdtNzR4cmxVU01aSkszM0kKulcXRgb6RkxkHAfNbhuQ5LKr3UcNtqT7
wke/+R5tCxxXnBxWNfLtQgketHjY7Xgqr/9Bh+e8P3qAsH1JfqnXHg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2022-06-29T08:33:24Z" lastmodified: "2022-06-29T08:33:24Z"
mac: ENC[AES256_GCM,data:532kHcb/qLZSePtoxTwk7497UShNpmklNnMCU4WVWBAkyT5XRvIpKHJRWl1A/Ll0/w9Y9fjVxD97PjxE18LLsP7x8t6dj54Z9k2PVEd7U+GP3iy6QhJYJCwehYLiMmqf9T8wsiLyEVyXDn04pN62NQNw/F5n9kBbeWxSk3wuDtA=,iv:OaWeCvIr2mSUzVgytKcueeFN3tzfBoydyXgMxLSE/pY=,tag:bDkmi+W9cd9avpIVEJTEHw==,type:str] mac: ENC[AES256_GCM,data:532kHcb/qLZSePtoxTwk7497UShNpmklNnMCU4WVWBAkyT5XRvIpKHJRWl1A/Ll0/w9Y9fjVxD97PjxE18LLsP7x8t6dj54Z9k2PVEd7U+GP3iy6QhJYJCwehYLiMmqf9T8wsiLyEVyXDn04pN62NQNw/F5n9kBbeWxSk3wuDtA=,iv:OaWeCvIr2mSUzVgytKcueeFN3tzfBoydyXgMxLSE/pY=,tag:bDkmi+W9cd9avpIVEJTEHw==,type:str]

View File

@ -8,56 +8,65 @@ sops:
- recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 - recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwR3ZrbnhyOGlsd1FGNnlM YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMcFBSWnpENFB4MDRQYnY1
eWp2NVcydGtJL1pXSTZnYUhjY0JYNEJwUGlvCk82cnRNbFJnV2sxS2ZwVE8wWTIy ekxuNVFhYTFVT0FZcm1TamQ4TndobmxrRTNVCnZWUWpQckpZdjZVZHNqU0c5YnVV
OGlzTGRKeEo1VmQybTlody9vSjhZd2cKLS0tIE44bkg4NVkyMnhsYnZoMUhvZkhs bS9hUjAvMHRhWFB5MDFiR3NOVTBZNVkKLS0tIDF1THRvQTZncVRxcGtlK1ZLSm1v
Vk5vU2psN0FXM3YvbjZISGZnQk0zcEUK+XhL767U4VOHKtUpm0rvS2a0xZqqDPn0 L3FRYkxWRGRIRkxBbXZSdVNDMzFTaTgKmncMoZ1bbu7FOC2+p2lvLWkfHeouTecY
lzpJJ/xy3sHwUVb4iLHGigcc78mefu2oecMP8bfDuZFp6DNoK9WP1Q== /4mAXQxZ6z+wC29zBRtG81LUv1kD0XwJ9Yy7olRx9R2USqe7s6ZR7g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw - recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvZ1lNdlk5UU9xUVhRRzFt YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWUUVmUmpQU0sxL0JQMlFL
bThEbk5BUWtWSXptTmZLRjBMSjd3bzVjbXo4CjRTNUJZZ2h5ZnJTNXMwRkFMbGxs bnhDK08xcFp0ZFNwVFptZlZQMk9DTEcrV1g0CkF0aGtQTEpqSGpaOGFMbStDM2o5
S3dOZUtRbUxZSXJHb1E4QXNxSlBScEUKLS0tIFNqSVRIdXZUckVJanBTWTd3dHMv amVBS0N0WGVjSWtIQUg4WlhYUTd6SzAKLS0tIEl4NUpaQmJ3ZWF2RkF0d0lVV1VD
Z3NvcmdrcjZtK3YyR3o0Znc5cmQ2YVkKFvRIQQoxZ7WYngPHJJPCYpUuAPRjxABV UTFoRmJJVnVtWXRqTGFPZi9ZVWtWbkEK1GZQUGeaaasyODHALtoJy6e6NvC/qCeA
iD8mJ2RJ+VStQONZZyhf9ZC+TprdNC5nD4GimA/AM5f5YxRAhRhXcA== upNH/MWdobPoT/w92IoFJoGsNIrn7NOXrvjo7Pi/iBja7HIFz0cRxA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn - recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4eWZ5Mzc2QVFZazRrZk4y YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyWTYwTjBjdzBLSm5YL3VK
a214TW5EMkw3TDNGNlN4N25hekY0UGRXbzBFCnVaZU1MYThMeGRNNWY0WW5DNTFp ZTR3SGg5azBkOHlrQjlIeVhnWVpxRTRSd3pRCmNDSlgvYXBNbUk0eThKRWxJYUFh
MUZFZkxJVDVWdjd2YXlXVkxwTFFyc0EKLS0tIHY5UWZ1akxBcUY4b0E3VUJwakt3 SFdxbGxFZndJR0lmejcvVjhyeFdQczAKLS0tIC9qZzgzRkVkbmMxbG1Fd1hPT05F
UytuYTZBZlhMNFNWeDkwdDl0YzR4YU0KOQPfVIBWGFyPbCJOe4yY4i9FwGYaAQRY M281dDlHTEhFTk1wUjU5d3pMZUI1OFEK8q+tfmQstmW8nslOfYGOTLbdE5MDgr0a
aIn9RtB5q84J4KvTXo8+l0XMqzq6AktYJtvuGmKDmoDg/ZoZLj15xg== zeN3YNvQC24D4lcrFzO+WkEGjrHu2pfjTdiIg3NHJt3p8OUPh0Oplg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd - recipient: age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzREZHQ2o4UnJweXR2bHVQ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwSzduUWwxTmdZa28vejlH
R2R5VWtML2NITlNwOU5PYmZLZlRhYkNKd3pjClZCcitJSHBSdnhNVnZwVUYzY0Rn ak00S0NTVURxdnhzU29JanpOQy9IcEJYcWdNCkFoLzFvV1NpUElVWUZNeUVLWWRB
UURIdFlUVEhLSkt2NGtDZi9tMzNOR1kKLS0tIFRCbW8rYjdMblNaa2NhZW00UzBV ejZmVWZ6MTVVNGNQOHd2bENYMG9lRWMKLS0tIE51L0VEZGZ3bnQ1WmxYbU1wdXcx
ZUpXQjRPYjNVYVdlbHNlWE5hVDhJam8KyZHwn0y+KIu5J1g7oI6qsBsTWP589Lfd RWoydjZOa0s0YXdkNERiZWp6S1JrZk0K0rIkpOAmnURiB4O0DKgf/uO6yqlKOUBH
bZgh/yo9CF9/iZO74I1a4eHYBGYGh/clNjLmKk63gsfxcqY6Ck2eqQ== /7T9xqxlFYEJkQhdktgOB1jhOnfU6YpD4oLsJ113dMiMp7HHRaeM6g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla - recipient: age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVdHV1NXh1RmpPWXBGOVIw YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOWE9wZkVzdDdzMHROV3pn
U0I3NWEraWs4dUxLWXdoMTlYQ1d6blBhZ2pjCk1lY0pZM1VHaGFSZGYyeEZxOFFO NGkrTmtGdU96Yk5rZHJXbGZUZjU0SUh4cEZNCnd1Rkw0aS9mbGw2V1c1TndNaVpw
MzJwRHdTaCtZakJUNUxHeG40NnlFaHcKLS0tIDVzMzZPN3lQeUhlZ0thWWZLbkc2 Y0U4dE1FT1RCZFVqOGZ4MWVvN0ZLdXMKLS0tIDBHYlVSRnQ4Ui9NRm0yYWtOdlNC
UXNROW1Ub2VyT01jMUN4MUMrUU1mKzgKmf24d/VgivYC25yHJSdFkItt9SCtLNZb VjdRTGgrYmlIUWVBU2xDVTBVT0hYZm8KZiDQ1f6ZNMuCbQy+kXHdjHPBmNqIl8i8
0Rrh/N11pV24qWFXkFuX/ZKK5bV3JrUgS7K3KWOp4ur6dlI5rfMsUg== AdkfCVCsZZMctAM4HRLvVdZmabpNC/0+Y6ITSSaKKrZEMjW+cjJdOw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d - recipient: age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSOXdMcFJ5WVVBNEhtbkR0 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqano4L1JlUjU5by9HdWMr
a1JFczdsZDFpNnd2a0RTWjNoOXM4ZXpSQVM4Cjh0aHg2MCtMWmZPUnRpdEZoS3E2 bmZOakcwbG5pUit6REhXNGRNVkNZQjl0RUZzCk9yWjdPSEtiY1A0b3d1QWM1N2pi
NDJZZ3ZpNlh3VUQvQVZxSkJmd05TOXMKLS0tIDJwQW5nVStYSEROVnRJK0liRzR5 MGFJNnpJMUFKbXNpdUlPbjlMYVlMNzQKLS0tIGZEeFpMUzNXMForM1paaXJ5cElv
UWU2SXIyTkhRU1NCajZQUUd5MlBnT2MKMIgwTZWnrAKzqHP7EFslZ+HMD7ZtBilJ eDVsQ2J4bFlMcG0rWGcyTE5CZVJQbEUKyPmrq3VwnwaIWV3V3Vzl27bUcXkNyvLN
+FgcIllwQV9XeIyhAuAeKjP95JgCwn1oQL32fYCyyqwykeb0wjQdzA== vjG/ZwmkYNUviK/EqlY/w6aDfo/Wqp+t7zfwd9xPocqRYYA8GEyFaw==
-----END AGE ENCRYPTED FILE-----
- recipient: age15vjvppw2gzjwmtlptefhrhqtjyu0a07v488a9s25a3k2vtpqc9uqvw6vl6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3bkNVL2x0MkFvYk5yY01j
R05xTVV0cFFjWFhTT1djTnYreVl3U3NsN1d3Ck5ET3ovVkoyUjlobzdjeGYzNWJx
WkVZUXc5ZWpSZmJ6SHpUNDVrb3NRWTQKLS0tIEo0Q1RRSU8vT01zdFlDRVlSTm5y
NElDZG9WTi96VDNnMVVuNFdxSzh4alEKhDmGG1oi2+msmVB8YCT88fLUwGyOA2zo
VYND7CWX+TM6oqKjqKVYu3dS/BTQGQzfUQ3Uc1lZKquLNJK68tnWNw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2022-06-24T00:21:52Z" lastmodified: "2022-06-24T00:21:52Z"
mac: ENC[AES256_GCM,data:92ibRrMnizSQrHIJtW+2KZSeUlU2/Oi18voZKBsC2xyODDh+iHWOBBlv62YUKODRBE2Ze/OklvcYME03NAvY4/wKOqjz/cFMU8PeEkxZvzCtnP55CCYYL6QJ0DSJPP+dKQQkfTV5Xy0JPyY9lZc+g22FB+/FZeo1o3N3lz9Nd1E=,iv:dTeHpQQWcm6cAh11csxR6Lgw3pdTTFWPqR6MozFP+fU=,tag:7WFZfd1D+twItx/xC/MHfA==,type:str] mac: ENC[AES256_GCM,data:92ibRrMnizSQrHIJtW+2KZSeUlU2/Oi18voZKBsC2xyODDh+iHWOBBlv62YUKODRBE2Ze/OklvcYME03NAvY4/wKOqjz/cFMU8PeEkxZvzCtnP55CCYYL6QJ0DSJPP+dKQQkfTV5Xy0JPyY9lZc+g22FB+/FZeo1o3N3lz9Nd1E=,iv:dTeHpQQWcm6cAh11csxR6Lgw3pdTTFWPqR6MozFP+fU=,tag:7WFZfd1D+twItx/xC/MHfA==,type:str]

31
secrets/tounge/borg.yaml Normal file
View File

@ -0,0 +1,31 @@
borg-ssh-key: ENC[AES256_GCM,data:qeQOz2QgKSwRpGvej1pXAyzrzGn2mBmqTY2kk5nM6ApIUqUey0+a/9ZVCkRRQP+rgMbHr91JJ/i66u5YOcguQWYJyNny0uOb6Fl/hgo6hMsTw9xu7Q3hMTFWVhdKFiBvGh/iwSNx/f15BMEACnYZnGN8rNvaVGRZkwDQgj9JYkeDPXa3PmGzHR6LqsX1hleLJqWSnT5I/Q0mStJYZHr0QYnrNleeFOWZwmR63QWCtqmuYWH3rHP+rQU0ZefUMPr55HGk9jDC9lQpdxnaRAr2lXRQk0NYOVbInT1CVU6OCp27E9FNXD6C7KBQUf/ptv9q6+oVrbHIY+Fcnc5BIEn5MYDj0yZcPh56vmlvlehsLdlTgCrX12wUW227XfJKlrGgcd+fhnWp8wCJC8iFhUp3tc4yYKRZr60u3pHs9VdXEFYJ9ohm/R6TEi56FxrCUCIG8RCHXkllgQeMWSgGGlOkxDmB4FTcr1jdKCWfrI9t19ZTARc1Ie0toEovpjEjFBlVyUy0t3RPxI+Pi/tM4OUaQm/yh8t2Iijeir5g,iv:ofISMk1Wi5xTwz2XHe9yDLegOgtuzdOm2hSO0QGCMj4=,tag:eEU5cfj7EadiQTPAlE5IYg==,type:str]
borg-password: ENC[AES256_GCM,data:OP+KIxmhR9R/jexANk707/aTC6UlMg4+sJFaLFCNj5XSNtV3KC61z3I+UbmeApo8,iv:/ZMT60g+H6i0QX7eTrqz/0OWt48zLoaGSnXrcckD0Kw=,tag:CG4bUdyFL8QwdVSip1Q12g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHL29ZSEk0cW16U05CcnlE
SkFrZDUyZTEwemJVODZTc3IvSlZvZ3RhV21ZCjNLTXc0bDh6RWFsSmhZb1Ntdk1z
Mmx0aWZGeGhjUUJsOGhpMDNLMk1PeVEKLS0tIDNNUW1VZWV1K1NRbVlnYnZkaGM1
MkpHcE5hR0loYWFvRVo2MHFDd1B3SEEKnkGdTMf5/GyKAMQEW5eZwmtZWL2Zq/Op
Ey4tXhKlBwrbb6niOizeKeWpsdukE1r3A5kY360wZ9wZI/Yt/joa1g==
-----END AGE ENCRYPTED FILE-----
- recipient: age15vjvppw2gzjwmtlptefhrhqtjyu0a07v488a9s25a3k2vtpqc9uqvw6vl6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4c2o1Q2N2NFJQSjlOdWNZ
VHlKOTNJN2VMUnZPdUZKbmRKNWFNeFRnR3lJCmxFeVpFM3ErY3FicUs1T1A0QlRN
SVZaSnpnY3JBY0dENVRpT3ZMN2lEMVkKLS0tIE1veVhDdHFtOSttQUEwTDFBcmxR
ZzU5ZVB3dFZrZXRRTFNISzVuUmZwN2sKMsbZO1WwawVm8tu4VJJ3GJEXVgPUs+ZZ
85VX4iPOf/6+KSCmDKDcmLHidw7VPZKqxFQfPmrftwuE27YyFXEAPQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-10-03T02:36:18Z"
mac: ENC[AES256_GCM,data:PZRcz9uVt1nFwsu7x1gAK9yiYQgWbWF2Xd3uw9Lob4VweGfYXpzqbhJciJTDQAJ5ACSf0b7R/gsLpxjazA2wre89Zyn00NU2PF6skzwLBk6JydGps5tbZuvuFWkeWyE1lGBVq2NOynhtPXtiXCU5g7N7SH10NDZybJZStoCarI4=,iv:hG+Xupt/DMp4NPmCa7uCut5wPjmFmEh5XbVpMz1bZBw=,tag:u0v1a0+eeJSsCAEXZzMi5g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

View File

@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:sZQwAYkNHhbsKJ73rSnOotf47wU6rx3LIf53UYQJ2X+xRCUlpC0YUY3YflFSM2lswp+nBuOL5Qr0pf88p7f0+50J0+Hp2xXJ4h3YAeeH0/R0y12Op0/5U1imhkqosT836H3QzA/8HtUG,iv:mg8tdZE+Vb8OpnHZ0Pcsg63dwa4c6pGAaaYhaREIMGs=,tag:WW1Z/ErcQt9RzNdysWwn/Q==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzY2JYVHI5WXlnY0hXcjgy\nd2dsNWpyQk9wR2hlWGlqODkvVmZrektvc0VrCmJFYlhCcXZGMmRIVEtSeStUYVYr\nUHp4UHpmK0lKS2UzRllYb2NtVFFtYlEKLS0tIHdqVDE4OWVVb3A2WDhpc0QrNk0v\nT1pJTjRmRkRsbE9HNFZITVQrVC9jcUEKG1UXA/hIRq4IM0lS3DM4aD8pOBLAU8eU\nhzZsVuNbhMas7LG4FBV3TPgMvgmk+Iy0iMfSzGX4Ui+j5f8b0I59mA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age15vjvppw2gzjwmtlptefhrhqtjyu0a07v488a9s25a3k2vtpqc9uqvw6vl6",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkTFFBKzM3d2pCUS8raHFT\nVDhkdGszU1FEVS9YblBPeVpFRW5LR1BnTGlvCkp1eTg2UWpIa1ozdzVPeGF1Rk83\nSmZyU1VKOGlUNzZDWnBVeWo0N3RRcFUKLS0tIGttYzNBd2s0eGtxeWVJM2REUml1\nVE9kdkpnS0lsVGovNXVKTlcwVjVEdEkKN40ZJ7feBsnzHrY4YTUlLPtl7XaB18vl\nNEGZUEmauubCmvMoZtvkgc8g1w/xF9nR711v0r2To4AJvhBlAp6Fuw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2022-10-03T02:35:29Z",
"mac": "ENC[AES256_GCM,data:8H+ynSM0In3vNnM4cwAO98n1bvWtFz2pasgUCCPIbri0fZqDZa+XUWDDezHDvx3G6F3e1lXG4HwMClSx+TtgZLall226MjE+lJJwYApD+pT6/2BkHGXR/RmlzV2yFIFd4wqxO8OPAT5mBzovxpJX/PPJZZIXjuzdY40lr4VMKVE=,iv:T9NSrUUirnvLE/lorDuj9SnzKJYkzHi/YHJSEvYnjfE=,tag:WvUltVQJhtaiPCLNPnMIVQ==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"
}
}