From f2989645d489916118a7d8149322ba2bca5fbc4c Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 4 Jun 2023 09:59:01 -0400 Subject: [PATCH] Initial pendulum config --- .sops.yaml | 7 ++ flake.nix | 11 +++- machines/pendulum/configuration.nix | 68 ++++++++++++++++++++ machines/pendulum/hardware.nix | 41 ++++++++++++ machines/pendulum/home.nix | 10 +++ secrets/all/backblaze.yaml | 99 ++++++++++++++++------------- secrets/all/tailscale.yaml | 99 ++++++++++++++++------------- secrets/pendulum/borg.yaml | 31 +++++++++ 8 files changed, 275 insertions(+), 91 deletions(-) create mode 100644 machines/pendulum/configuration.nix create mode 100644 machines/pendulum/hardware.nix create mode 100644 machines/pendulum/home.nix create mode 100644 secrets/pendulum/borg.yaml diff --git a/.sops.yaml b/.sops.yaml index 2c2eb03..d7c8c14 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -8,6 +8,7 @@ keys: - &matrix age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d - &tounge age15vjvppw2gzjwmtlptefhrhqtjyu0a07v488a9s25a3k2vtpqc9uqvw6vl6 - &fusion age1fe57fel46lk5n9t34lh5nl909gk88trwy9ttgxqk3up9d83wxsnsdmuu3a + - &pendulum age1448z8f03hgnem2qeh2020k5tyma4hv365af8fyk4t2vhefedcscsdjs53k - &productivity-vm age1n5g03x8p54kzx9nktqgasjugqjydz8u0rw9zcdx5l9c486h3me6qtnh57s creation_rules: - path_regex: secrets/all/.* @@ -21,6 +22,7 @@ creation_rules: - *matrix - *tounge - *fusion + - *pendulum - *productivity-vm - path_regex: secrets/levitation key_groups: @@ -47,6 +49,11 @@ creation_rules: - age: - *nathan - *perception + - path_regex: secrets/pendulum + key_groups: + - age: + - *nathan + - *pendulum - path_regex: secrets/tounge key_groups: - age: diff --git a/flake.nix b/flake.nix index 98c1f7d..2279963 100644 --- a/flake.nix +++ b/flake.nix @@ -145,7 +145,7 @@ }; perception = makeNixosSystem { - system = "x86_4-linux"; + system = "x86_64-linux"; hostName = "perception"; extraModules = [ ./machines/perception/configuration.nix @@ -162,6 +162,15 @@ ]; }; + pendulum = makeNixosSystem { + system = "x86_64-linux"; + hostName = "pendulum"; + extraModules = [ + ./machines/pendulum/hardware.nix + ./machines/pendulum/configuration.nix + ]; + }; + x86vm = makeNixosSystem { system = "x86_64-linux"; hostName = "x86vm"; diff --git a/machines/pendulum/configuration.nix b/machines/pendulum/configuration.nix new file mode 100644 index 0000000..370f88e --- /dev/null +++ b/machines/pendulum/configuration.nix @@ -0,0 +1,68 @@ +{ config, lib, pkgs, inputs, ... }: + +{ + # Sops setup for this machine + sops.secrets = { + "borg-ssh-key" = { + sopsFile = ../../secrets/pendulum/borg.yaml; + format = "yaml"; + }; + "borg-password" = { + sopsFile = ../../secrets/pendulum/borg.yaml; + format = "yaml"; + }; + }; + # Setup system configuration + nathan = { + services = { + borg = { + enable = true; + extraExcludes = [ + "*/.cache" + "*/.tmp" + "/var/lib/postgresql" + "/var/lib/redis" + "/var/lib/docker" + "/var/log" + ]; + passwordFile = config.sops.secrets."borg-password".path; + sshKey = config.sops.secrets."borg-ssh-key".path; + }; + # postgresql.backup = true; + }; + config = { + setupGrub = false; + nix = { + autoUpdate = true; + autoGC = true; + }; + harden = false; + virtualization = { docker = true; }; + }; + }; + # State version + system.stateVersion = "23.05"; + # Configure bootloader + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/sda"; + boot.loader.grub.useOSProber = true; + # Configure networking + networking = { + domain = "mccarty.io"; + useDHCP = false; + interfaces.enp1s0f0.ipv4.addresses = [{ + address = "45.83.129.50"; + prefixLength = 24; + }]; + defaultGateway = "45.83.129.49"; + nameservers = [ "1.1.1.1" ]; + # Open ports in firewall + firewall = { + # allowedTCPPorts = [ 25565 ]; + # allowedUDPPorts = [ 25565 ]; + }; + }; + + # Setup home manager + home-manager.users.nathan = import ./home.nix; +} diff --git a/machines/pendulum/hardware.nix b/machines/pendulum/hardware.nix new file mode 100644 index 0000000..0dbce33 --- /dev/null +++ b/machines/pendulum/hardware.nix @@ -0,0 +1,41 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot.initrd.availableKernelModules = + [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/51f11215-6c1f-4844-b0d4-e0af51e38bf9"; + fsType = "ext4"; + }; + + swapDevices = [{ + device = "/dev/disk/by-uuid/827dabe3-cf06-41fb-b4dd-889c4783ad73"; + # randomEncryption = { + # cipher = "aes-xts-plain64"; + # enable = true; + # source = "/dev/random"; + # }; + }]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0f0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0f1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = + lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/machines/pendulum/home.nix b/machines/pendulum/home.nix new file mode 100644 index 0000000..c415c88 --- /dev/null +++ b/machines/pendulum/home.nix @@ -0,0 +1,10 @@ +{ config, lib, pkgs, ... }: + +{ + nathan = { + programs = { + devel = { core = true; }; + # util = { git = { sshSign = true; }; }; + }; + }; +} diff --git a/secrets/all/backblaze.yaml b/secrets/all/backblaze.yaml index 79ed31f..8c4faed 100644 --- a/secrets/all/backblaze.yaml +++ b/secrets/all/backblaze.yaml @@ -8,83 +8,92 @@ sops: - recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkWUt2d3ZKVC9oOW9IaGlI - NWg0bFBaUHZETS9lMzBBSUdWeWd6MWdRMkNNCkFnK21OZm1waGJzdDFEcmRFdFFu - U3lQanVmc3dQc1lTb1ZlZVNoZDRsVmcKLS0tIHlZVkkzcUhieWYwdzl6Ynl1RzZT - VzRSWTFDUVFHZld1SjBUdmo0SGN2NG8Kp8U5PNG0Y3Uqmn+nvp9nJ7e38LseM05c - DwJFZc9BfS01I/WZUe5MEkhk+bYnxg7i09+4xowFh06mBSeZQPQ2lg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3TEZYTlBDYzFUUitzZU4y + V3BxNmFyUTVKZjgwTTU1R1IvNkJqKzMvZUJRCjFWc3JqY3RrNG45QXBWRUNNTVRN + b1ViUHcyb2hjb2FPRHBDVFhqT0o0dWcKLS0tIFRTMFVmbm1icTExOGF3TmEySTRM + aDVjUlJzV1RWcHEwdFNtQTRYWTlKYWsK/fEC8/g52TiGVy8hNcqIX5D1aq39141q + qw69uMchxVV5Ii6C0fPIG/KcEaAqZUOUrJyQSjpvt3fvcbFWMMZnaw== -----END AGE ENCRYPTED FILE----- - recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4ZFlOcTFVVlZrcU9ZRkVQ - d001UEFOT1NyQVBwcHduaU1iOHF5ZmMyQjFzCnNtK0RROWV4MXlBSzlkd2JvbDEv - L0FLVjM1Y1E5OStxSmhDcDNpOHpVcEUKLS0tIG9iRVd4cEllc05JWm54K0UzUVJv - QlVGbTVOZ2w5K2JtR1Q1MjBSTEsraUUKiWZOrgUdOoE1Fwu4dPUpnOyRjz12hUrV - 3xafMjF+pVYzxwmWC5MrrLKaDwzg6zgSu/eQuFLN9InVjQRw2Pe27g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMNG1Ma3c3UXAxd1hNenkr + bTBRYWtwMFpPRmZnbW9xSXU2Um1NOFhra3hnCnhVSVh1ZTNFSjNnSUVJS2s3NDhp + SWhLY2JTc1drNll0MnpiZ2lwc2ZnZHMKLS0tIGY3NXFyMys3aGp4czJaOERWeGgr + STNtYzZVQzBpcTRBZFVtMTBDbmxYNDQKyQP2mirnlsgbRFj+/w1DzHugKpU1OqjU + D7GJ/gB6WHR/7ezhR9RHDnE4FvI78HZqSF6nF0T7dtuGoVUgD5t+cg== -----END AGE ENCRYPTED FILE----- - recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOTXJwbGFFT29oMEp3MXdw - TXZFbXVHSlA3N1BINVd5aWY5SmtKaFhkNWw4Cm5MaHBXOTVRN3I3T09VYmVZYSt4 - bEpiUHdaeGJHVWRFemdxL1JMNmVuSEUKLS0tIDViRGRzRkF6RGRuNnJ4UXh5TWhr - clJuYmFXejA0UnBVekU4NzFBZWwycTAKOoXiEzvS4ghtDKzcleI3tUcF/C+QxbVE - h5tdUOo8iL7tSFxS/S9UNuLOwsAPb1Qb1GWzYwhZWFxQ7gKVRUL3/Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGSFBlbDlnV1BoZllBdWFE + dWJ0U05rNktURnRjMHpWMWh0czhJdWQ3L0RzCi9Belgyc2hEbVVpblBXS1hEbElK + bmRlZXBsQkNWdjQ3aXdaTmpyVWdwbE0KLS0tIFVyUStURWV2ZnhxQVc5MlJ6UGJG + TjNNS09oUXdTMENJcVZJdWxscGFSajAKaQF5yzZpVDGxQuG0CbtxSiWGO+qm0eNC + 55v6auPyf1D+4kX+67lm9uahqRvPauiZAYNKRo5XE1VB9j9vp4K+OA== -----END AGE ENCRYPTED FILE----- - recipient: age1rztv2778cf2dcpzcpth888cq7u3rdsl7tfuhv4sddysdnqjxaevqg72t5l enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmeXJ2Q1JlcVJVbUVoV203 - Q2pOek95Z2MraDR6MGgzZ2NldENWenNFUURRCmJoeFJBNnNEbE8xWmh3RjJvWTRq - eFViaWZTZ2RLalgwcXpMeS9YWHhwR00KLS0tIDRhWVNWRml3WmVINTUxTzYvdTRN - NHBySExhNE9nQk5ZTWZmcy9TVXdobEEK4YZ96n4Kx0SsSroo6Zvf38gQvKAoFWBL - O3UzLLHKASfwE0xMUcLWIP6mEZUzk6MXUTmD+MI2vPP5YhFP7dnlXg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBySW1hbHkrK3FkZ3ZsdlA1 + Y3k5b3pXWE5WOERDcXozMFB6dmZtVUhqSmlNCndFUU9hQ3JUSmtvRXNpNnpNQTh4 + ZHZ0R0p0M29idk5kdHUvOWM4UFNybkEKLS0tIDY1T09DZ1UxcHJWQXRIQmt6OXBi + M2tZTEU0cnd3YWNKY1ZXK0cxdk5MSDAKxCenZzmFz0idBct3GmYZDVs1Y/4GWsA+ + 6kaPHwXAyXPwSL3jnzJvFnYPXazV7A3dafQAcrMnhHBISJfxlizf+Q== -----END AGE ENCRYPTED FILE----- - recipient: age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjaUZ0Sm5DWlUxT1VzQ3Fr - UkF1eStVZEo5Y1dLMkN6WlNLV3hZWmgvT3pJCno3QjRmS3BETFJub0IyYUJ1TS9T - blppTHMwNWZ4VHBlOGVERmZqelM3YlUKLS0tIE1wV3Bab3BwdVQ1TWFpY01raWdm - TTY0dVliNjBrc2hKM3FDbGhRTS9FeEkKML7U4Tp3C+TkwtAeunAxePUcBaW5Mfdw - f1umDXxBSTMvmKcA7VAv6saqNjmFARc4iQamvt3w8vLwLuOwhqMULg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyVW9hZ3RucGtIV01sRVhP + bldxL3YwTkNwZUVnUVppWmFuYkVXa1NUT3owCkxnVjBpWDRWN0g3emJhbkd0MGxG + d3FjZVNMNHV6cEhpQ0RTZVhnNW01Y1EKLS0tIFNTRU81NGJvUGVydlNwSU9qdlIx + ckN1K29naUsxa01UV1BocFFuOUZsS2MKHXE/fRTx/pDB+w9XSUcKTz7v2Ph3s3lE + BvllpBFb3Uni+w9e8az0udstX6Qm6Xod6j8cvvKw/rdNk6uVHMyNHg== -----END AGE ENCRYPTED FILE----- - recipient: age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvbENwdVdvWXoyRXVtMmpB - cFBwOHBRZzFrZ0FSSXFwQk9jMjR0dlo3M1FzCklCdFBWWU1Xajd1VlNrOHBMNDRH - OFFHQXhISzBjTC9ZaXpaM1I1cW44azgKLS0tIGpyOGNra2h6SVFoZUt6eERMcGVN - VkRSdm1wZUJaUzRYYWdaeTRDY0U0TzQKoaT0UC3AKBQifjGo5Da+sNpArobz+8rM - q5BEKQHJ9P2G4zF2Cy8trVk8XxvxhAMz2rUedTVlWwhsjkQ3oIJF6Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvTFd0a1RzTUhlNWpHMCtC + cXJRTzRIQUZhWjhvbGphc25jbUswa050cjAwCk1ZSTZud3hjaGpPOWVicEEwSFJM + M3Y3bUw4aDNNOHZpVEt5VURqNUlJaEEKLS0tIEhaS01LVDRwbkIzbW8xRStJaXNZ + MWRTOGxyMW1lZ0RZNFJXRGtoRS9pMGMKtxPfgj2ovYJ9epPudKJvHXsi7ep7TshW + LlDIumsir/ydJ6Sb2RX5FYC6WijUgRSoRezeHC6hlxbX0AfHPLoKMA== -----END AGE ENCRYPTED FILE----- - recipient: age15vjvppw2gzjwmtlptefhrhqtjyu0a07v488a9s25a3k2vtpqc9uqvw6vl6 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDNzcvRVlnMDdIVDQzYXlI - dVNqOU5VOE9WZEdONkVjODJhZG1oZHArQVFVCjk4Y3h3cVFIakZ3empJSndGejQ3 - SVBkN2thS1NQMVkxeGFwMWppL1U5VWMKLS0tIGp4azk0UHlHdW5PSElXUWxwd1lH - RnhMOEZLbXJ5eXF5M3pySkVRN3JvVXMKr3EeHe5dLsBAjUJEnaKYt2XTrBf5RCOf - qx9vcuK1O9tT5XAlKMm+QJeudhI4yHSjNStZQSJADz6asDSseaqleQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPc3NodkllaGt2VkptN1cv + aFY2bmtKeDdjei9hRmdGUlFPZWhjMnFTZENJClpzd21VZDBXVDc4V2h1STBUb2Jk + VHZadHorVFFISHpCR1dXd1ZHLzQzQm8KLS0tIHlKcFhUYmo2bEVCeVIzVVVDR0xL + ZFRTTzd1MDhXWFM5NE9Sb0g5N0dnUDQKUlv6cQ0BYJEJ8Q/3Z5Wq9ZJl3mZRNV2y + Yjvp42Oei9YFmjhduSfJrveKB9sAHyOWYXPeYSgTLC1S/CgV5b7FPQ== -----END AGE ENCRYPTED FILE----- - recipient: age1fe57fel46lk5n9t34lh5nl909gk88trwy9ttgxqk3up9d83wxsnsdmuu3a enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsY0xJVlJvTHNkYlZxR0NZ - WisxM2V1VVhjWlR6M2ZlNEUwQU9KWTlETmdnCnhta01LbElKSnhNS09oMFBSZmV4 - NlhwbU52ZGZXSklJeDIrYmkzcEJ4TlkKLS0tIE5JVjRpaHlWd2dDTExMUU95U1NI - NFVHSE9POURpcG4rTjRSNU5iZzhrK0kKjhzBp9KoA8s0VNlAabbkcXI551FE+B9S - GFDjgltmk91pAcO754SzQFu8Xrc6e0NL+7nQAfOeSh7Q5thuv2lPoA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCZktuZlBxemxYRjZwVEFR + UTNhMEluVHZxMGp0eThMbVR6enQxU0tpTlVrCk0vY2RVT3JjTHk4dURPVXRxNysr + cnltby9uK2EvV0F1TmxBZTFRUVViSDAKLS0tIFpKZThyRHNqMEFKR2xXTFhwYm91 + a0l0L05IbWkvc2Q2NGNGYzMwVHh0Y1kKtVmy4lZqdplhyg5c2izoTPrg6tCpY4Cu + f9Ay7zhbSWKYjI0/MExOPjVHuIpnpZw3nN4uLqqs6/ZD0h2CTHg3sQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1448z8f03hgnem2qeh2020k5tyma4hv365af8fyk4t2vhefedcscsdjs53k + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEcjkwODRBaDU5VUt2THZD + MVpPNVJoVG9WZmYyMllRQUpCbEJ4N1pSaXpVCmhGN0p6UmlpR2pCak5LcklML1FH + ZWg0MktST2YxNk1IYkkxK2dJSThEQmMKLS0tIEtvVTBva0VKeVFVV0l4NE9tS1Yy + ZjBGdmpuVU5uNkwvVnU4UXN1ZlVQdTAKWXM0Mk4gEOG+mTOtQttrOgtTcAjSr3Me + VW3g97AZRk5Sk+/hEAN1m8IOANfg8AuyGqOrWAek9tVK7hdfj5a0ig== -----END AGE ENCRYPTED FILE----- - recipient: age1n5g03x8p54kzx9nktqgasjugqjydz8u0rw9zcdx5l9c486h3me6qtnh57s enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0QmJJT0VrNVRaM1RaWGNS - R3FsYitJVERIeEdiYlZPejFGZU5TckpDb0JvClhXWHhWZFEwbEhSeGFVQytKRnhU - dXp3RUVUNUQ5MWlFQnVnWDUreU5qK0EKLS0tIFV6OXBuSS95VmIxckRXNnRFVGVu - dHErR0cyMXA3cGl2SDR6dWNNUG1kdGsKjJEsCE1s4c9n9pWecUovydCnzZIBwGhg - fdpOVtJRMsusBvHyap+r5uoCnwxNloBfYaFSR6m/LYrEc2oaxjQ8qQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpSk9ISk5xOExuUy9VVFpT + MnJDRndZSHRCUElvaVdqOEV0emJQRzJyVjNVCjlhSGZ5MVlObVVKb1c0QjJCOHdS + NE1xekI2UkEwV0lhNll6N2w0eFZvMGcKLS0tIFZhT1VHdE9DWXVKalNWSjVvUFpa + QUFPMlVzK1dweXRpWWIyai91SmxLWlkKFB6DAkSj1YDrd00coLzDEMo2BnPyWWXh + mgvc1ecvfOUz1JU5Nb+UOkpL/f27YwFKeo6RO6PdE4AYWK2Au9+5jg== -----END AGE ENCRYPTED FILE----- lastmodified: "2023-04-09T03:07:03Z" mac: ENC[AES256_GCM,data:nnGvDO7znv2oxWYZqwct8WmGIibsYWAAJlAI6vkLqcodqv+ifsPjTOEj5uZPNP5/uI/DpBxj6en/OwQT/hONEy1qIqza9bXJzz8uE2LY+Gp76pWY9RG4RD7/XYlHPrCRlnlXQ4OuCtr9mUkxCjr2iM6475abe3dZ3XnciZwJ7IM=,iv:m/L2QE9/B+lWvzDvBOJwAt67Tg/OkT2kKoSifAdXM6A=,tag:neDhfjzomskfxmRhEhiDGQ==,type:str] diff --git a/secrets/all/tailscale.yaml b/secrets/all/tailscale.yaml index cdd3d3a..71f8bcf 100644 --- a/secrets/all/tailscale.yaml +++ b/secrets/all/tailscale.yaml @@ -8,83 +8,92 @@ sops: - recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOSTBXWHNpdW9zckRFdFpN - eUk5NjlPNVZ1YXlnOGsvbjBKK2R3OWZTOEhBCnBFQk53a20rN3pERjVjNHVsbEpL - cUlnTlg3QW9jSVd2d21ZWC9YSEZHcWMKLS0tIG0xSUFpdk1teUtzMjMrSTA2RTNv - TjN3dkhDaFFwZkNweDN5aVlWKzVMQUkKYgZGmaVcDNQEEVZmexSLZHy8wVNc4FP8 - 3W5qNrySQLnOzQ5KgrzpAPQyx570c8YTV/odTpa6Pa/CHITEpYQwXg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTGkvMVRaUW4wUEc0cUVm + S2lYRlU5akFaSUxUMisrY012RGJJWDc5R0RrCjJmek1BeFUzSnk2RDVvZGZBRGNH + MjA3S2ZobW1pWTFYZGloMnlVVG9DNkEKLS0tIFZjYW1NaG9GckxITVkzQ0xIWW5l + SExVN1hTdjBVcXhSK3hPUVpZM2l4K3cKZJ4rrT+YRV1DOi6HxCcuiGMZB/rM2YDR + tsdOJYjLhMtifKXYvZZdTLrVnMGj5u/PGalU/WjxT6P2ZbeKNI3lZw== -----END AGE ENCRYPTED FILE----- - recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxb2diTnhYelBwQWQ2ZFBP - UXFoN21oSC9CS1R3clA2L0tSRFRwV0NFN1hVCjd6M2JFaElmK3IwbHo4cTdsdFBy - TURMM1dWMTBVZXV3di9EdFhrR0FrQnMKLS0tIEdpTG9iZy9XR1ZKSjl4VXROVEo5 - SVVycklOWFIyZ2FCOWxIWlh4cXIyNmMKqJRkESvhofjw29zE1YbnkyXwrCa4z/yZ - 73iZWTTgoDlV7LupDt4aOHTbGOg8+tti8OS6Ny7pE0PviZhpOT/n+w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBObTFiUEttVzFPKytGcXlu + eURsbTV0QnlpcDA3MlBFaDVBQ284VUV2Y1RJClRmTkhKcEE0V1gxY3ZjbktzdmJi + TEcyU2RINHBuRU51MnVDNTQvMjlOazAKLS0tIEpSTjlzV0dXejdzbjBjanVQcWE4 + aFRiRUNIUGNORFB5V2xPeGtQcHU3Qk0K6q1ijt1EYQb8+Ik/t4U5bMDtrgrV0iqR + QcMFbTNvUkCIwgpECjhZRIryRMeSdz+5gt5R4gpIQDiwKQ1cVeGklw== -----END AGE ENCRYPTED FILE----- - recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Y1pJM1FLWmFIdkExemZH - RUxLbkROZWdjU2dKR29XZDlYazd3YUhxNENzCmxUQTl1K05Dc3BsVDc0ZjJWZUJ2 - UDQxUTJqMEFCK2YrYk1qb3BvQmNUUmcKLS0tIGlkemRQNXh6ZlhTYlpqcGxJS1Iz - U2g2UlFEQXNpSHNNVHZabTgwZkRsSkUK/mWB9CTEHyRQC+FN+u1yWkjup5VuVEvR - 0ntHVyJnBfkU/CG4E54Pyrtp0lKXbSeYf0Tfm+0IH5qwDAkCsnsHFQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJc3AzRDVhUythbG1kb0o0 + dENwWUtJY1R5ZjU4UWpNaE1jMDIxbXYrOFRzCmhPRDd0SkxMZm1FQU90YUVuTmwx + ZVN3Z2MrUlZzZUZyZDdGT0l5MzY2MTAKLS0tIGVBZjh0dk5McEF2MnpMcTlHZWNE + OTA1OFV3M1VWaXl2b3g4VHFEVWowWjQK6jMQ3IOrgKv1Mc+2K9aFS0TlRWrIUGjj + fIROoGPFX6tbhUspulPHLc/4k/a2eDSQq4Svu/1/Ey+NtaM7w5Sxgg== -----END AGE ENCRYPTED FILE----- - recipient: age1rztv2778cf2dcpzcpth888cq7u3rdsl7tfuhv4sddysdnqjxaevqg72t5l enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVUEFpN2lyeW1oTGpjVSto - S29wWXVnTHBYbUlCVGxtaG82R014WkZGZXlvCk9CckxmRU1aRGR3c1BIdlJIenQr - Q3pnZzJmTmJNWDZWMDZQR2M1UkhwblkKLS0tIEdtbzBHZ1A4dnQ3U3c3NkM2NEdw - UDhZWlRLd3dQM0VNK1FKN1J6WkxuK0kKSdcFA80V29qOd/SqIaVDVcN1QIDL9rg1 - iQ2pBxm8HAU+EkukjD+vVd5SsUjjpuIc8bucmmC7urHD9N8UCI6T5g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsRGpvaXNRWDh4b3NqN0NZ + eWhTZEtSZU42UXVOQWg0THdNWWJ1bnBvYlVrCkVhRzdUTytkRVdaYW9KWko1UmZR + elB2WisrcEZYcWdQaFhMdlU2TFBtU1kKLS0tIFlkTkoyU29FQzBEZXhlNUpicDY0 + cjJCRkVsVlRITlZzai9OSGFoMHVaUGcKDDOIPSECos83z9xr5ExfmlF8kqcp9om8 + vSeNoDt2YHFixDkaTIppf58MAP2GwDJglSSSFhh5U2yP1wftpPBB3Q== -----END AGE ENCRYPTED FILE----- - recipient: age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnZ2pHb3BuYjVEc0t0OXRi - L3RUeFJwVDI0NXdIRkhIdGg5K2VDL1c2dTBjCkJVUFdJSE13YkUvUDZWdEpuaUJN - TWpuSm51RUFSU3gyaDlLcW4yT2VNK2MKLS0tIHkwMGRvNFdNNCtQbEFIUVd2ZmZr - THlhcmVETDkwN1l5b0tidXY2Q09LUGcKwaOrZb+oSMWbAU8FJ1nFrsks7zhnV3b+ - 4iiHKtkb4UpaBve1uKHt2zi36gU4NwodaoBzwLUiPQpRHNC+ajhN/g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBucDVJTzEvcXR6czBlYi96 + NGl1OVc1OElkcWtjRmVlNXYwOGhKbEZzSGowCkY5aGxkNVhMR253dHYzVUtiU29q + WU9TQ2oxSHNLTEY4b0JhU3Qwam9UWFEKLS0tIFBBdmY1YVdPSlYrVnZxVDhXWksy + WXd2ZFpST0Rwd2hreHp1RlRlRks3emcKEXDmdzC5wXD9XUWUAaIx21gmiyL/e46P + i1Vqfmgd8aYHPH0bGEtbzTuZOb0diJGf2uxshZ2uoEdySwJNm+LDCA== -----END AGE ENCRYPTED FILE----- - recipient: age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBibUtoT0thOUNXL2I3Z2c0 - STdTTXFITlkzMnFHUVU0SDNHY082clBaa0JnClFXOXV5YkdDUUVPWWZ2MFpuSlhq - aUxldTlEaDhwK0hTcmVMUlFMN2N6NjAKLS0tIFR2SmRVM3BQeTJyV2pFaTEzc2t1 - QWFDUm9oUnlodVRVQWhIZEE4bVZzaGcKuORoaJNwmoWM8LhMBsSyGiAu+f13YZMl - xMSKHaXHjr+dtShCZVQsT81EPA2TUmfxz+u+lKjH/r7v2wSwnZwyuw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4aE5CSENFNDNDSHJzWU1B + aXozdUpZcW9yRFZLaS9CRUM4ckppak5lSEQ4CmJiQXZlL2Z6VG9GOFNXWGd1Z2M5 + OG8xNW5kYkI3RXpTSzRDTDYzdTlneHMKLS0tIFZPOUZjYTF5NTl1Z0hhd2tLTDBz + OWROVy9mdThmWHkrTHk0K2gwOE9RRmsKjhovNhSSSc7FIbLWIk12PKX83gNlpTkI + FoFvCa3viqsgyb7tM06kfsTKoH+eyQOB27TxmjGDAjUKnUhaieMslg== -----END AGE ENCRYPTED FILE----- - recipient: age15vjvppw2gzjwmtlptefhrhqtjyu0a07v488a9s25a3k2vtpqc9uqvw6vl6 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJUjh2M3BVZEROajlnMS9V - Zm0xT00rUlQ3aVgyUTM4NlJzK1UwVzQ4N2xBCjRwMkZjcFByV2ZuRHZHWHNobkho - TlE0TzRLMTFuWjE5VFlTRUZPVm5QdVUKLS0tIDBXeTNINmVBZm5RVktkckFNTGNP - VWNrNmFQcDFJQVZtSjFwR1VreWdLTlkKtwJYh5Q3csOWf1yaMT+Vt4ibKn97bWeL - ZT6Ssq8U+hkSxkEcXLMtTArw9HiD/nqS7kNumRCcfERETu8LDl7Gug== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIazNRODVyS3NwUkxVRmlp + bnhRSzB6T2k3M2NIY3NHQVNKUklCclgrc0RjCjh4cnMxdVBMVmtNNlpHdjdRb0s4 + elM1ZHcvdTMvWktrSFloUGU3VituaVEKLS0tIFhNdzFtQmdjZjZMa1hzWWRPWnNw + RlFMY0dWSm9BUGR6bkthUzhGbm9QWW8Kv/JNrYFlL7oeIRQdtxrXXOKmC4eUiSCo + vqmBkL3NzJ+M9OuUG2w5lnokQRfgDLXI9roG2zlR4/B6PlPDpGVQrQ== -----END AGE ENCRYPTED FILE----- - recipient: age1fe57fel46lk5n9t34lh5nl909gk88trwy9ttgxqk3up9d83wxsnsdmuu3a enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDbEF0bGNYV2JvSyttZ09m - QTFiYUphVVhTMjE3RTZ4RmFZTWJJNWFDeUhRCk44eHc5YWhKYlB1Tk9wd1RTZUFM - TFEyM0tRWndDYzlvenNHM0J6UWdMVVkKLS0tIENMZEhZdnNUNUhIc2JWZFJpeHFJ - V3QrZ1QxTUhCaDY3S1NEQzZkdmFqdVEKNpMHEYzP98xufi8goMpo85lkn+iEzdtF - yvQPUuy/9Cgv0Ou2a+e9pSvFdRFFe+elsfTDKSTGNshfABpCHjR0uw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1N2xycHNqTzhDUEZIMWF0 + SW4yVHk3SFEyNWlWV056R3Z0QjhWNlpGQWtrCjN2N0Zrdkg1K2xBODkxeGhUYThQ + UE0xd2pSNjBTTGRaRDExTUtnanl0N1kKLS0tIFkyekZkL2E5R2p1K2R1Ly9na3pB + WDNQdDFmU3FHQjl1UVkvemxhN0NocVUK+759BUEV9piVipNBeyh/eIYYg7ZA2oaK + VkbjRRBnQ1mrXZG2rs2tflXfnpNpohi4fL+vcT6woFTD+xNIqjnTcg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1448z8f03hgnem2qeh2020k5tyma4hv365af8fyk4t2vhefedcscsdjs53k + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxZjFLUm5od2QvL3VWSktp + UmxodlBNMnVhRXNuY1paMFg0UHh5cXkvd1RFCmJXaGRaeTAzN1RhTENFT3gwZy9C + aUEwZEdaVGFObkdVdCtIdkdKVjRBQ3MKLS0tIHdwTG1KNW52WVBORW1uREdobUpU + ay92MldtZnpqVldSb2xYQzgwZnVVcU0KfgkqqMF9mQqJ4hveIFjQnI2JNdHCUAah + N38d4h9qPj+KZk7xS4baL6UBvk71ngMTJl4oPes1Bvx2FaGsjbrMZA== -----END AGE ENCRYPTED FILE----- - recipient: age1n5g03x8p54kzx9nktqgasjugqjydz8u0rw9zcdx5l9c486h3me6qtnh57s enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxRzZXblhxcCs2dC9vbWgx - Y3NNQWJZMnRCRTVxa3E1ZFF5bk93cEV5d1JzClp5RW5KbFovU2thZmFxMUxnMXo4 - Z0pHK1pDYTlXOWpYMHl5MFRUMnJ6dEEKLS0tIHMvSTdKeDhjTXRQNFpaZWNROVNJ - bWEreFBNZ0Rvcms4OG4rNUNNT1YwdHMKqdxGBIiFVyz77mqXBOWF/BEbXfwa6ilu - dpXVgkVYWdoeegMIVjezqmUjvzJzA9aITRX5jbqHyFz5VuZbfJIhRA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxM0xaVnB4MjhGVnlCSmlJ + d0hzeFRnNElXNC9oOUIxS01EVW5lbU5pSUdVCkpSSXo2ajRsb1EvQkFyYmVqNHhv + a3Q1Y0d3SWwrNDFPaTFWSVRsUUc1Q2cKLS0tIFBReGl0cmRwYkVlRUZNRkJjRHpk + bThkdUdFU0UvY2p4OFNWQklHY2ovVW8KESs1/tCkOWCubXuBIk48ejPAbOSebtnY + POy3l1sLeCPoBAnvGrPukYAgoUGZhBUbtmhByf7cbhtcKCZm8boyQQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2023-04-09T03:43:15Z" mac: ENC[AES256_GCM,data:TUmzYlpsA+n30HEzMLlGyFoeDVHhWGq2nQSVt237wsMO+pGILH+KqEan4rdo/+UBpOZ1lk7SV/sVeS0JZpx6z/4aPe+PXNEkaeUMHef7ZsX+bbxEm+ufu+ij6w88tDHaNhLbF925ormFfnycLnURKBaogbV4f7twvo9fKs9/a0E=,iv:SuI2lBv0xIOWQ3XsZw6AJ56kiPci0AACQy5r5N9zMHk=,tag:ffPcuB4s/ybDYFXIZpVpdw==,type:str] diff --git a/secrets/pendulum/borg.yaml b/secrets/pendulum/borg.yaml new file mode 100644 index 0000000..73e72fe --- /dev/null +++ b/secrets/pendulum/borg.yaml @@ -0,0 +1,31 @@ +borg-ssh-key: ENC[AES256_GCM,data:NM3nGXqUVQLepoTeK3uBJ6jQFyePXQUW12rR4kHY7w8eJYM+V3Y3kwWdEu3CSPg9i/jrX8ere4k4GeJ1c01beeElyiUOLWKW2Wp3YJgX0rMMZootgXy0mq77Lf/86pd338PzzV39OLTM8dGqJOhzUdjcX/I1x2KGbQOATsUmjYEpLnwWDNcno8CjxZsfyf0AQb4pS6YpSbSOiTWRfRS3838I/pdJZyU8Lm0Sw9sReBYDjPq6A0UFuIidisQi8SY8waMvRiWvKllpwV+MpaYSnY3XQtkTgiOdyn0mVtxTAS299J51BwmMGT/OmIBr1NjyNwLCOpHrvDb5p+b0b0U0dd070IH4j5UOckKFHP5kMxqOGQJrg74jBnwrwDzUjulsgCVlEuH91bwXz64hbC53hWj9qbbSYsrwXNw118JxZqGORzoOdU4Tj3wAOla5DpBPVJ+/EpSa2PqIPiOyyZ29Sk/mDdjEkN3ApDn5dQjYPWxU3iDlx/BAhEwiIXV3/qC7VScpKnd75gVb0aZH2XOoA/mDxdi3YUwl4hWF,iv:ABNB7c9rBP5et08XKSe/oOzIaXVmuw08DucBNRAID58=,tag:WbT8af+ziRe47pv+q4iZJA==,type:str] +borg-password: ENC[AES256_GCM,data:ArVGD2eTL9adoI1Jgg6djRJS/1FNNfxbfLTH6qhBJta04H/jdu0dCaSUwL8LvLOjA6s=,iv:917QWd4UkClFWpqKtAVaG42X0epGyqHigeqntHMP9kw=,tag:rz+MFM0R0UCOSQsUeZll2g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0cWlIYmVYbVFQQVYyUnRX + M1JPNHJMczRkNnZOUVJNWjUxcDYzdkd5UUdVCnQ5amEzZ3o0bUNpeGMzLzVqRzU5 + VHBlREhXMkJGbHhzOHFUVTUveithV3cKLS0tIFdBNWh3UzAxdkYvSkdwVjE1eVZz + eTNRM3pMejVqeG5ZUHQvNnlsUktEa0EKb3eGJd15zEIwE0vP8k5+vvW3pEhoXRpL + JPYzaC9ErsAoZT9+2DNr5nCKwI/dlI9ZJCZ03wXco7KXC3F5rRwv+A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1448z8f03hgnem2qeh2020k5tyma4hv365af8fyk4t2vhefedcscsdjs53k + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwcU1hWlJjd2RIdFVoZ1Mw + V0dETFp6Vmd5cW9kQ3paQVhkQjI0cjAyT2pvCk9UQ1JQellBM2tZQkpVU284S1F0 + UGYwVkJCRHE2OU1pQ3oyMEdOM2U5MVEKLS0tIFhlV3Zra2wrbnFGSCtxV1hXamFk + K0VwektobG5oN3J3czNwNnQ0VG9UMDgK+rMGorZ9I2BNLrud8pEXycnyPSvkgABS + YkoykrO+Gd2OVWdPyoy/0zVTD7qPKc4vZyT8i2w08SvYlpRIhgspXA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-06-04T14:03:06Z" + mac: ENC[AES256_GCM,data:jw9IuWHPpIqoGRt91Tse551+YDTQEwDF/RWcgz6sDPR+VJTZHAXz7RllaJrFRouuLm0IA8vcA+BmZcjqYD9iOY46AgEgJAk0YPe5aNMyOz6gib9dZlJMwSut/ivPI19XzrFmB4ek3Sf6MUtVv/45VsGajwAEBk42tCXlpAhd6lU=,iv:2pM4UBdKl0x7b/SJuh2dK5lojxF/2/OJuVDIDTgrcO8=,tag:wbKGJ5bjm3oOLzQD58DBIA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3