diff --git a/ITD_Firewall.csv b/ITD_Firewall.csv index 1bd9535..9e8dbb3 100644 --- a/ITD_Firewall.csv +++ b/ITD_Firewall.csv @@ -11,4 +11,5 @@ SKYNET00009,gir,193.1.99.76,gir/mail/imap/pop3/smtp,80/443 25/143/993/587/465,"" SKYNET00010,wheatly,193.1.99.78,wheatly,"","","",Gitlab Runner SKYNET00011,earth,193.1.99.79,earth,80/443,"",i23-06-19_525,Offical website host SKYNET00012,skynet,193.1.96.165,skynet,22 80/443,"",i23-06-30_024,Skynet server. (DMZ) -SKYNET00013,neuromancer,193.1.99.80,neuromancer,"","","",Local Backup Server \ No newline at end of file +SKYNET00013,neuromancer,193.1.99.80,neuromancer,"","","",Local Backup Server +SKYNET00014,cadie,193.1.99.77,cadie,"","80/443","","Services VM, has nextcloud to start with" \ No newline at end of file diff --git a/applications/nextcloud.nix b/applications/nextcloud.nix new file mode 100644 index 0000000..8b85073 --- /dev/null +++ b/applications/nextcloud.nix @@ -0,0 +1,97 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.services.skynet_nextcloud; + domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; +in { + imports = [ + ./acme.nix + ./dns.nix + ./nginx.nix + ]; + + options.services.skynet_nextcloud = { + enable = mkEnableOption "Skynet Nextcloud"; + + host = { + ip = mkOption { + type = types.str; + }; + + name = mkOption { + type = types.str; + }; + }; + + domain = { + tld = mkOption { + type = types.str; + default = "ie"; + }; + + base = mkOption { + type = types.str; + default = "skynet"; + }; + + sub = mkOption { + type = types.str; + default = "nextcloud"; + }; + }; + }; + + config = mkIf cfg.enable { + # shove the entire config file into secrets + + age.secrets.nextcloud_admin_pass = { + file = ../secrets/nextcloud/pw.age; + owner = "nextcloud"; + group = "nextcloud"; + }; + + skynet_acme.domains = [ + domain + ]; + + skynet_dns.records = [ + { + record = cfg.domain.sub; + r_type = "CNAME"; + value = cfg.host.name; + } + ]; + + # /var/lib/nextcloud/data + + services.nextcloud = { + enable = true; + package = pkgs.nextcloud27; + hostName = domain; + https = true; + + config = { + trustedProxies = ["193.1.99.65"]; + adminpassFile = config.age.secrets.nextcloud_admin_pass.path; + }; + + extraApps = with config.services.nextcloud.package.packages.apps; { + inherit files_markdown files_texteditor forms groupfolders mail maps news notes onlyoffice polls; + }; + + extraOptions = { + mail_smtpmode = "sendmail"; + mail_sendmailmode = "pipe"; + }; + }; + + services.nginx.virtualHosts.${domain} = { + forceSSL = true; + useACMEHost = "skynet"; + }; + }; +} diff --git a/flake.nix b/flake.nix index 9b85efa..9ee5d65 100644 --- a/flake.nix +++ b/flake.nix @@ -149,6 +149,9 @@ # Main skynet sites earth = import ./machines/earth.nix; + + # Nextcloud + cadie = import ./machines/cadie.nix; }; }; } diff --git a/machines/cadie.nix b/machines/cadie.nix new file mode 100644 index 0000000..e7c045b --- /dev/null +++ b/machines/cadie.nix @@ -0,0 +1,62 @@ +/* + +Name: https://en.wikipedia.org/wiki/List_of_Google_April_Fools%27_Day_jokes#CADIE +Why: CADIE is what google could have been, but they chickened out. +Type: VM +Hardware: - +From: 2023 +Role: Google but better +Notes: +*/ +{ + pkgs, + lib, + nodes, + ... +}: let + # name of the server, sets teh hostname and record for it + name = "cadie"; + ip_pub = "193.1.99.77"; + hostname = "${name}.skynet.ie"; +in { + imports = [ + ../applications/nextcloud.nix + ]; + + deployment = { + targetHost = hostname; + targetPort = 22; + targetUser = null; + + tags = ["active"]; + }; + + skynet_dns.records = [ + { + record = name; + r_type = "A"; + value = ip_pub; + server = true; + } + { + record = ip_pub; + r_type = "PTR"; + value = hostname; + } + ]; + + services.skynet_backup = { + host = { + ip = ip_pub; + name = name; + }; + }; + + services.skynet_nextcloud = { + enable = true; + host = { + ip = ip_pub; + name = name; + }; + }; +} diff --git a/secrets/backup/restic.age b/secrets/backup/restic.age index 9cf5b46..0800d91 100644 Binary files a/secrets/backup/restic.age and b/secrets/backup/restic.age differ diff --git a/secrets/backup/restic_pw.age b/secrets/backup/restic_pw.age index 33ed98a..17c903f 100644 Binary files a/secrets/backup/restic_pw.age and b/secrets/backup/restic_pw.age differ diff --git a/secrets/discord/ldap.age b/secrets/discord/ldap.age index 78c897d..3e8660a 100644 Binary files a/secrets/discord/ldap.age and b/secrets/discord/ldap.age differ diff --git a/secrets/discord/token.age b/secrets/discord/token.age index 44604c6..0360dfb 100644 Binary files a/secrets/discord/token.age and b/secrets/discord/token.age differ diff --git a/secrets/dns_certs.secret.age b/secrets/dns_certs.secret.age index 0f8e664..9a01683 100644 --- a/secrets/dns_certs.secret.age +++ b/secrets/dns_certs.secret.age @@ -1,30 +1,32 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA 7OinLTy3CHe0fv+wn4I4r7XTjFIgpqaF983xcKufp1Y -PNWGUW2+ydp1SJpCmZ0bYES25NyeqMd4311C+KzQY9I --> ssh-ed25519 4PzZog S3Jdr3hKEUCGd5kVmrXPzH0noDojlOLXUQztFOVKiTQ -aHvIGFTQOos0tpXydA1cK0Tl1DsZ2W4rZwmKCiGrvVo --> ssh-ed25519 5Nd93w kphOQeav7SsKFG2+41oUKTmcZHLz07AKAD3hqAA7MnM -wTQqiV4QCofagXA1SrhWPp0s4XW/ScnwKMacQ05fc98 --> ssh-ed25519 q8eJgg JDYDwG3w/WkkxLJ88jdPxCHepmG6OlKAmsT96usBgEA -1tYSoNO/j9OfuAM3wFajwx6OeQQJ9uNRUZ51f/QJ9dE --> ssh-ed25519 XSrA6w Cfgv0AMGP22ZAf9bf7Kf/5nAQIPigaiGrywmSqEKRUI -gn/LU1awTpRfVDsxgK4U0dzPAcS3ki5rHZutx4R4QiY --> ssh-ed25519 DVzSig c310oeJByvipMAsbARI/1BFbYLKnLridWioi7gPsJ2w -l8QxxrCbT9U8Tt5DqQimf9WmBGzx2BnMRHzSrEGy7bc --> ssh-ed25519 SqDBmA zwOw8Ga5zH5Odpq0V9l52NHXz9g/WDup/PzhG1rBnls -i1GDNfHfEVEhDDUgAWLjd2Wr7Lk0bpukYg5s1qGAOgg --> ssh-ed25519 UE6fcQ /E9VzRFwhzx2S09XzWde5xzrFJHjK55hCr5swCNgjHc -5H9AvVuQ028kimlAG9bFouiFeJtSpvWlbVOkhc5w/CA --> ssh-ed25519 IzAMqA MEH4kzS264SuPMxEVDppGEYPEgzZyoUBvs15aCvDi2U -ATkwVOLN3MXRff1mke0RWmhbmNZpxl9jYcMN3ot7GqY --> ssh-ed25519 uZzB3g LYsVL51QyyaZQybcKSvD64mYqojPgcFskY8wrsI7ZjU -z1Ccf37N9hqeRQHb3BPdqJ50qFjlpJ9xQ0dff/JsSJA --> ssh-ed25519 Hb0ipQ uAyvzgGdK7GwsJlGtXxAq61OibXN8d1nU8UkRRgNhgM -cD42wDJCRQHolkGM59q2ZnyKgp24xWMezgoOzcBJlII --> ssh-ed25519 uZzB3g 4UzVD85xPj54K3cr6MyfZlxJ9yc92ehlLa5h3Fiz8iE -4KEnQoNPuKIVscdj5JYt7s5yE1yicnIHgqeSg9+rztA --> ,+f+-grease -7tQ+9yqsuvFB0QCo7Kc2oujvofdv7bWEoSCjlJpC47u1yaKqNGm6L8+abMzoYIo0 -9oiXjW9Xzi3QrMio1SKQUylZtPV/LNxPLRA ---- XtEXdZjQZjat809zBeVIp9CrYi4LYuwbs1yclK5rg5U - z!|ܗ$(J ssh-ed25519 V1pwNA nG0AHa3H4vfygTEQoAHfY30CjOpmj1ffPOpCAJ3vmBk +Qut0rBmGYPJHaOdTWCOy5JML4NKCtlUIqTXmcXKSxZU +-> ssh-ed25519 4PzZog I5+i0lkVwbzG+sqGrCReuHzsU19tLi1SboqPPBD4HGY +HrdFS0QOc3lOVe7iYxsm7akT768+SaligBdmCNKGL5s +-> ssh-ed25519 5Nd93w 0R8EQvW2DzhhMETLXuC0I/b3QG4FdAojUhgCjl1veBw +BpPZd7qhqZK6ERYKGnu5NMf1nPZqM9uc3T6rQaCPuwU +-> ssh-ed25519 q8eJgg Fb8LVHNk+tqj6mI/TwfcgJndt7/L9CZoZTTGX4hCuXg +/BnYhtGfNVtrICX1Sfa2o7h8RDZm6fmL6dyNUIMLXEU +-> ssh-ed25519 XSrA6w LcEe4qfLXeWbPBHhYYhMuah0r11aviPO0tmaV/P/TzA +UlQ62w7iYlAkV2JDZdmBHuOFt/emPOb26l45RPSNKXg +-> ssh-ed25519 DVzSig nK/TTAP8vl4Q6ltd96AJoFV78jXKqEagNrrA/SDC6l4 +1lYKWXfP+LAxPRObq1VWvZqdJZi7DijikoGzjT8JEEA +-> ssh-ed25519 SqDBmA T9qOjPSZr44EdtGjz88G+qNwIwEkgKNtJm9lfMBu5Hk +7+qN1Uf/a1Bs9o5YyO6OsaC+F+odkfFnn9MYo04QxPU +-> ssh-ed25519 UE6fcQ +VsGwaWJ0QuBfSBOO9fHpYXXVJin5c/1F+ZkGN5jC0U +cUo39xNopF6goxCoSRI3C1eg6ynSOX1HmbTqH6JCzjo +-> ssh-ed25519 IzAMqA pcJ8a1soioxd/aX9a8SCyz+4ClrtUyDkQTNxUTH75U8 +iA2vSv0WroLZoRbjvwa5MxgPfFY8HTToCpLzOs1QdcQ +-> ssh-ed25519 uZzB3g srDszrjqCUdPlZR1junFInBTCcV6Pf8YZjdfI/jlymQ +ZqWkiWNCdj14yXibvJZt5kzplJYxV+FTYNSW2g/+IfM +-> ssh-ed25519 Hb0ipQ 7yV7BevtuILbQGDdzhb6xbA+1HE6gHIGBy/J5dqo2mo +vhZQ6RMeK7nmWVyrO2b5BRWA5UCLKKl/cmM8Qf4ywDo +-> ssh-ed25519 uZzB3g uZqAB7XXJORAr4SqRrtELzgsj8F5/7ZHqYjQBHtuWB0 +hN/6oT92j0jn6TWGaPQ2GHNE57YaoYQrHz6XocOmSZw +-> ssh-ed25519 YFaxCg uiXU3Fi8w3hzZ4tQD0xcijmHDXK1wIFXKwCTKlZtOHo +eW+0I5AFhJ/lutzftUFNjwBXbIT026qQh1iB2MyK0bo +-> 3-;D;-grease >yx2 }|M +iHbl8gyGfyh72AKP2rKtBbtsOWD3zfJtXUvZmgtDr1hR++RRWE6hDOOKPeWrlTfc +r80zbGItMrUtbaV6BT5g9+Ji6w +--- 0GOtCNG/Yxp0gVi4t1R7nDT6ZdAvyM9XTWmsaLYwbOo +%r!wfmmeUpN1%oj,05x̃vU_F 'NM>GD ssh-ed25519 V1pwNA FGnpjvtMlQEUSU/Yatems68P7ggyonctkHTV0KRHyh4 -HMqv4+3Gh7aQvY0t8yuQw9xIxCVjNdZKtEbkFVwrFPc --> ssh-ed25519 4PzZog sDgXstvONElzb6QVgb1elI4zYlLmnmeGPJDIvwXKuHM -6gTcns2FdeezbUZ3eju6T54avvL/XGwQ+RgO++/NL5s --> ssh-ed25519 5Nd93w p8xCIRNHB+dI/2g3D5yYaColw5xqwnPTXRiNeZ93lgs -lsuYyfyhG7AEVOvv8orux5MhtLAihN6obduWThN4vY8 --> ssh-ed25519 q8eJgg 9JTv63DlMKQ7oKGlYL/s6v0P3kXM0JwznNhrWjxmWGI -cC7wmksvARscQY5tRPoa5uU0Bhv1XvXHxnAmetglLyQ --> ssh-ed25519 IzAMqA ZfxLgzUT+lR15YHEtB5wubQ6yrfo1jCfhXrcftC4zG4 -4Me+kebp+tGcYEgoUpacJ7vc97Zx9HU3OyGJfEnOBiA --> ssh-ed25519 uZzB3g 9JjpdqrrC+I0lsTJzd85S3Ty5OzLCgk73Uy4J0W8zFI -otD/Rhl/M/wzajFsa9/Ekh4hdgFj7U4rLIOnVl38ww8 --> ssh-ed25519 Hb0ipQ KIHz+NlYyJr0123zY5KzP7DKIVKMZ96pkYszfm6ZZWw -5otxnKJG/rlbkkg7Oq5gNpsCv0N4a7/keLgVQV+/HZE --> ssh-ed25519 IzAMqA M3f4xVILPuTfWltc6MGbmNaJh3lHVrUUTJLewO6sths -VxyGTeZCIQ+YFQQDawnq5c/KZJJZ4XyBOkTe8ERAR5Q --> QPWdC\-grease 6p}<3J[x -mI1KGauviXoXmMuh5wc7XnJWczUEMpzCSt1I8Uwo0tBP1WK8/WvD8A ---- 6qiPEiJW4DZdXJWin+F0aAIEEA/FaUDfQ7Hsuvo1QKs -D!տ9{,&lk<#qԇ3)aa] lĔ$p:uI7K+-<ހȜ诳#0b{ɑbQ Gr2 y;5C5֦Z7 A \ No newline at end of file +-> ssh-ed25519 V1pwNA P02Xzq2IYlbZMvvBUjy6eM0FN1CfSyCinTJnQrZUUlg +QU9CrDYFL0KwDiH9T0zOzydeJBm4eS+Rp4m2ozA3FA0 +-> ssh-ed25519 4PzZog 0dqzbH7AY96+GFtwrkrcxYKuO/c9eBPgdxMKa1qliw0 +y0Kx5IG3CCzFcXM5MuS3eLij/l7QFKaHlr3VQty+gsA +-> ssh-ed25519 5Nd93w i9j9spcBf2ww6koxQu+802p8ua70VmQTtuLNC/v8MzY +wgYQc+JdSPd2cen/mQyL4NVn9fHtRsHX0E5lDW06yMs +-> ssh-ed25519 q8eJgg L55YurMQv+czgj6uwgHS3L2vX2A5VYRcUEXsGcj0r38 +vLRAuYLEljcVqVXs6k0hrVQNkRIpvvpCUeMP4jWVItQ +-> ssh-ed25519 IzAMqA Q1wP64lIZtvFPa0wAD+jQZtS7NwDr4rkthZEoVtuJjo +EnLKgtFFpzEKpLZMatZFNTt0rINciFUryYd0GMIUSp0 +-> ssh-ed25519 uZzB3g EwOnsGci+aqHj7XR+sVCi2pNowFbTLtQimzFNHy7LTo +jtl2RhtNayPr44rrZ1ESgR6p1hDJg1h70flu/0rDCjg +-> ssh-ed25519 Hb0ipQ Jmcvd8zOLb7qf2ZIY1HsBrMA3wETGJFUTicBb/Gf2n4 +RTiE+f1N+npbnh1M20x76MJ/uj/5SDTdWKj1uMWPThM +-> ssh-ed25519 IzAMqA cSzsukksm2E0coLmIXmd6DsEs/gHmIeGfcH/unNd1B4 +6ThlGLwm5iFG/UXoNMtAup909MVxz5JTpK45HJDeYFk +-> d7'/PSOq-grease BF, +ka0OOXHqf7TrhcdP9NFMQVGlF2x+fnC5PRZba5o +--- s5GXDMgktkfdge6Ndk1J8ooCdXVsryH9XzD2+TF6wC8 +`2S +%͋cA2 w L(q\0})D#k)Y\&X"į506|4)._vD6Nҽ*+R)59 +E} ~gC1 ea \ No newline at end of file diff --git a/secrets/gitlab/db_pw.age b/secrets/gitlab/db_pw.age index 59ded26..182cfd7 100644 Binary files a/secrets/gitlab/db_pw.age and b/secrets/gitlab/db_pw.age differ diff --git a/secrets/gitlab/ldap_pw.age b/secrets/gitlab/ldap_pw.age index 70c9060..4b1d10e 100644 --- a/secrets/gitlab/ldap_pw.age +++ b/secrets/gitlab/ldap_pw.age @@ -1,17 +1,16 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA l8bVNmtvQQYYdYbaIGbu2Zr1QIQ7foEVC+3qOjyBEBo -/+XugQWU5ZtUhYs+nUXiWszSt4f2ugyKzwx74k1L5FA --> ssh-ed25519 4PzZog uf9XS3J+yhKCUkD4OnwiWg0wyRpN/9lSc/zhbqBNYUA -/9FoDD5reZtMOQAuvN+ex5PWlC2RySqiCzv0mNwNTQw --> ssh-ed25519 5Nd93w VuooU1/tyko+EixV7mvIu4A2O5+83BvUloDJX2JTDQA -DhSj04ZvbHakIkadflpwKbqiIGea+eSBsEBdzPl9OLU --> ssh-ed25519 q8eJgg bEyYdnWO1Yvlgc7a8HtkZhUgXbiIfcADqrpnVG3f1Ug -Pb26M2XCByrWwY8WxqWF64tkAxLFach/VSZ1bs9Ira4 --> ssh-ed25519 uZzB3g YlKcfsuCsq5B7tOcQtGuTBWoSWamTLCVHJ4T1d+Gcz8 -2oNqUbegU6OkPpFTrTPUwIgcxPw3FiR1Y8TOoTrT7/A --> HvX-grease 1gEJ iS*ti w!mB 'ztJjEI9 -bWmaS0UnKig ---- rZTDxAK0aAgxkQM/d39FIL3FF2u9ig89jYjBmNvVFIY -ojnUes7`'[,}RQiv"eִ•7nEǻY8b -+A= \ No newline at end of file +-> ssh-ed25519 V1pwNA llgtj/hArsPrgXWLZ1PPjO7oxnsxTCDjiAk5t+AdmmY +UMqj4tptjYBlx+H63XV2MkjhtgwqfFoOcnO/df4Cczc +-> ssh-ed25519 4PzZog kFatYVb+uTFE6SQTyAAj6dKzMXayOGuNb0wJ5ROUwFE +rFdJqLGdWtA6Zlu1HZCLZEfkWnyQJZ1YZaqKhXX3o/8 +-> ssh-ed25519 5Nd93w 0nz87C6yz7opimMDAaDGk/MGAxL7H/EkErURJzsewCE +PosekfdTusQBT78vwUk80ifdWnwSCL1SyljKOX6Zj8c +-> ssh-ed25519 q8eJgg aduz0eqmgJCaFIziUKytibM5B4FP0Caxz6VrXOjCmS0 +mlSOKmvZe5BbMWfC5r/Px4ppONyBD2AC3B8sHquEfJ0 +-> ssh-ed25519 uZzB3g nxn8Ftq9gkOFnmLLSf0+rvgd8cLM/Hp/7oPNqmhzOhU +KKH9PUun0S0+GA8Z4APqvrNHLe/kb9DNqSqOJDDKN70 +-> gmR|-grease +VIRVW2ctDBkcCBfSpnE2zgJBoo3BTXxYvyYfrs2kEEUP9tbIFtaAPqPHsUlna0BD +o8MbAAgG3C94PjW/MLeurzGO81/+ZTJ/w+gnm1hqhgKn2UwkgXN/7fO3htEr +--- e4BEq7PzBBhOqfRTq9ydLwFdTUKKoRZy77yLIrxV2Eg +@¤@0:AeGG?_}-P~M66}5%Z/_-Ѭ<|ȿ~Ue a? y@J@9^yGn;į_% ooBR<+7ṃ;Cڦĕ!k/Js \ No newline at end of file diff --git a/secrets/gitlab/pw.age b/secrets/gitlab/pw.age index c8480cb..9052082 100644 Binary files a/secrets/gitlab/pw.age and b/secrets/gitlab/pw.age differ diff --git a/secrets/gitlab/runners/runner01.age b/secrets/gitlab/runners/runner01.age index 9a5813a..dd74df0 100644 Binary files a/secrets/gitlab/runners/runner01.age and b/secrets/gitlab/runners/runner01.age differ diff --git a/secrets/gitlab/runners/runner02.age b/secrets/gitlab/runners/runner02.age index 0c2878d..f26fdae 100644 Binary files a/secrets/gitlab/runners/runner02.age and b/secrets/gitlab/runners/runner02.age differ diff --git a/secrets/gitlab/secrets_db.age b/secrets/gitlab/secrets_db.age index 60fd957..57021de 100644 Binary files a/secrets/gitlab/secrets_db.age and b/secrets/gitlab/secrets_db.age differ diff --git a/secrets/gitlab/secrets_jws.age b/secrets/gitlab/secrets_jws.age index 2f5f22d..385f514 100644 Binary files a/secrets/gitlab/secrets_jws.age and b/secrets/gitlab/secrets_jws.age differ diff --git a/secrets/gitlab/secrets_otp.age b/secrets/gitlab/secrets_otp.age index bd6d272..502d3aa 100644 Binary files a/secrets/gitlab/secrets_otp.age and b/secrets/gitlab/secrets_otp.age differ diff --git a/secrets/gitlab/secrets_secret.age b/secrets/gitlab/secrets_secret.age index 2473179..41494e7 100644 Binary files a/secrets/gitlab/secrets_secret.age and b/secrets/gitlab/secrets_secret.age differ diff --git a/secrets/ldap/details.age b/secrets/ldap/details.age index 6198559..8dc6419 100644 Binary files a/secrets/ldap/details.age and b/secrets/ldap/details.age differ diff --git a/secrets/ldap/pw.age b/secrets/ldap/pw.age index 670e8a4..947132d 100644 Binary files a/secrets/ldap/pw.age and b/secrets/ldap/pw.age differ diff --git a/secrets/nextcloud/pw.age b/secrets/nextcloud/pw.age new file mode 100644 index 0000000..27aec7c --- /dev/null +++ b/secrets/nextcloud/pw.age @@ -0,0 +1,16 @@ +age-encryption.org/v1 +-> ssh-ed25519 V1pwNA l6kwTOi+K4xJM87fiY6U1/QMDWY/cRe1zmTjTccBC34 +H3XZahYpUPHiXe5tR7kqPvHbu1SV0SN+Do5rOJpDQSA +-> ssh-ed25519 4PzZog rh4/KzXeYjbKlQ7on+cVREYcvwOSnXcFEeIXlk0lihk +hBGFOPk77prVzRJtNGho7To/V3BQT1jU5o8w2e+ZY8Q +-> ssh-ed25519 5Nd93w wWUVmanx5i/cCAL2a6MERW923Cz4t8OnzjHTk5LUowU ++z8Wbav+YRKxQim6iE/tukoj0F+9/hzhK+R+3u89wCk +-> ssh-ed25519 q8eJgg Pzxmo6b3JOk4AwzTjEOURofRsvjGVVhQ9B8BqA910k8 +uZGgPtcWgKHq8snOZqPRiO6uMi9V6QzasJdJWRsO3U0 +-> ssh-ed25519 YFaxCg qqIABi7lvz69HJD8raa+PsvKHUdsSgPZVngmvAJISU8 +dCaLIWXsRCOqktfOSHc9jWc+OiIwfMH7SvtqgP1myeY +-> E<-grease +oF16atWxsncF3/H9K/kz73e7f1F7JtRak/DVDH52yZDzgJKXNqqB3N6PkkFATn4I +iWjxvagG8Cft80HE6xCrvjliikmLzKkPE5Aw7cn5iddQXts17NtB04f95S5Ubg +--- o5/e5NyvpgaIjUCmIuU9NH2Qc6nUloUX1zmY+6IOCh4 + pe7[Ok:GFkFg>Xըz)JrD'/^QBF3ΊKJ- \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index c161ff0..f668c85 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -23,6 +23,7 @@ let neuromancer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7NRDOGzSO4XVEezMS/9pI3chKbOH0fw2aikLRvea2P root@neuromancer"; skynet = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAIFPXJswth8H1k8+zrg8vCnPkfG1hIIa3wR9DBmjpB5 root@skynet"; earth = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMpvgQcvK7iAm0QrIp5qSvUJzDhOrSBN9MJn9JUSI31I root@earth"; + cadie = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIACcwg27wzzFVvzuTytcnzRmCfGkhULwlHJA/3BeVtgf root@cadie"; systems = [ agentjones @@ -37,6 +38,7 @@ let neuromancer skynet earth + cadie ]; dns = [ @@ -77,7 +79,8 @@ let ] # ldap servers are web facing ++ ldap - ++ gitlab; + ++ gitlab + ++ nextcloud; restic = [ neuromancer @@ -86,6 +89,10 @@ let discord = [ kitt ]; + + nextcloud = [ + cadie + ]; in { # nix run github:ryantm/agenix -- -e secret1.age @@ -120,4 +127,7 @@ in { # email stuff "email/details.age".publicKeys = users ++ ldap ++ discord; + + # nextcloud + "nextcloud/pw.age".publicKeys = users ++ nextcloud; } diff --git a/secrets/stream_ulfm.age b/secrets/stream_ulfm.age index ca34407..6db5779 100644 Binary files a/secrets/stream_ulfm.age and b/secrets/stream_ulfm.age differ