Migrate Lewis to this repo
This commit is contained in:
parent
9d96798518
commit
52a4563192
13 changed files with 5873 additions and 55 deletions
16
.sops.yaml
16
.sops.yaml
|
@ -8,6 +8,7 @@ keys:
|
|||
- &niels age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga
|
||||
- &atlas_root age1unkshctcpucc298kmw9a0qzvtjzgdnjytrxr5p750dv0z95feymqpn68qf
|
||||
- &jefke_root age1upnqu4rpxppdw9zmqu8x3rnaqq2r6m82y25zvry5cec63vjsd9gqtl9e02
|
||||
- &lewis_root age108fn93z2c55g9dm9cv5v4w47pykf3khz7e3dmnpv5dhchwnaau0qs20stq
|
||||
|
||||
creation_rules:
|
||||
- path_regex: secrets/sue/colmena.yaml
|
||||
|
@ -40,6 +41,7 @@ creation_rules:
|
|||
- *warwick_root
|
||||
- *atlas_root
|
||||
- *jefke_root
|
||||
- *lewis_root
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *niels
|
||||
|
@ -54,6 +56,7 @@ creation_rules:
|
|||
- age:
|
||||
- *atlas_root
|
||||
- *jefke_root
|
||||
- *lewis_root
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *niels
|
||||
|
@ -63,3 +66,16 @@ creation_rules:
|
|||
- *sue_pim
|
||||
- *sue_root
|
||||
- *niels
|
||||
- path_regex: secrets/lewis/colmena.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *niels
|
||||
- path_regex: secrets/lewis/nixos.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *lewis_root
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *niels
|
||||
|
|
|
@ -49,6 +49,13 @@ inputs @ {
|
|||
./nixos
|
||||
];
|
||||
};
|
||||
|
||||
lewis = {
|
||||
imports = [
|
||||
(import ./machines).lewis.nixosModule
|
||||
./nixos
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
colmenaHive = colmena.lib.makeHive self.outputs.colmena;
|
||||
|
|
|
@ -23,4 +23,9 @@
|
|||
system = "x86_64-linux";
|
||||
nixosModule = import ./jefke/configuration.nix;
|
||||
};
|
||||
|
||||
lewis = {
|
||||
system = "x86_64-linux";
|
||||
nixosModule = import ./lewis/configuration.nix;
|
||||
};
|
||||
}
|
||||
|
|
31
machines/lewis/configuration.nix
Normal file
31
machines/lewis/configuration.nix
Normal file
|
@ -0,0 +1,31 @@
|
|||
{
|
||||
self,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
config = {
|
||||
facter.reportPath = ./facter.json;
|
||||
networking.hostName = "lewis";
|
||||
system.stateVersion = "23.05";
|
||||
users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
|
||||
|
||||
sops = {
|
||||
age.keyFile = "/root/.config/sops/age/keys.txt";
|
||||
defaultSopsFile = "${self}/secrets/lewis/nixos.yaml";
|
||||
};
|
||||
|
||||
deployment = {
|
||||
targetHost = "lewis";
|
||||
targetUser = "root";
|
||||
tags = ["server" "kubernetes"];
|
||||
};
|
||||
|
||||
pim = {
|
||||
sops-nix.usersWithSopsKeys = ["root"];
|
||||
# TODO: this should be dynamically set using Colmena tags
|
||||
k3s.serverAddr = "https://jefke.dmz:6443";
|
||||
data-sharing.enable = true;
|
||||
backups.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
5507
machines/lewis/facter.json
Normal file
5507
machines/lewis/facter.json
Normal file
File diff suppressed because it is too large
Load diff
|
@ -75,6 +75,7 @@
|
|||
|
||||
boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494";
|
||||
|
||||
# TODO: create option for this instead of commenting out
|
||||
# specialisation.cosmic.configuration = {
|
||||
# imports = [
|
||||
# inputs.nixos-cosmic.nixosModules.default
|
||||
|
|
94
nixos/backups.nix
Normal file
94
nixos/backups.nix
Normal file
|
@ -0,0 +1,94 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
cfg = config.pim.backups;
|
||||
|
||||
borgmaticConfig = pkgs.writeTextFile {
|
||||
name = "borgmatic-config.yaml";
|
||||
|
||||
text = lib.generators.toYAML {} {
|
||||
source_directories = ["/mnt/longhorn/persistent/longhorn-backup"];
|
||||
|
||||
repositories = [
|
||||
{
|
||||
path = cfg.repoLocation;
|
||||
label = "nfs";
|
||||
}
|
||||
{
|
||||
path = "ssh://s6969ym3@s6969ym3.repo.borgbase.com/./repo";
|
||||
label = "borgbase";
|
||||
}
|
||||
];
|
||||
|
||||
ssh_command = "${pkgs.openssh}/bin/ssh -i ${config.sops.secrets."borg/borgbasePrivateKey".path} -o StrictHostKeychecking=no";
|
||||
keep_daily = 7;
|
||||
keep_weekly = 4;
|
||||
keep_monthly = 12;
|
||||
keep_yearly = -1;
|
||||
encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.sops.secrets."borg/borgPassphrase".path}";
|
||||
};
|
||||
};
|
||||
in {
|
||||
options.pim.backups = {
|
||||
enable = lib.mkOption {
|
||||
default = false;
|
||||
type = lib.types.bool;
|
||||
description = ''
|
||||
Whether to enable backups of persistent data on this machine.
|
||||
'';
|
||||
};
|
||||
|
||||
repoLocation = lib.mkOption {
|
||||
default = "/mnt/longhorn/persistent/nfs.borg";
|
||||
type = lib.types.str;
|
||||
description = ''
|
||||
Location of the Borg repository to back up to.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = with pkgs; [borgbackup];
|
||||
# Converted from:
|
||||
# https://github.com/borgmatic-collective/borgmatic/tree/84823dfb912db650936e3492f6ead7e0e0d32a0f/sample/systemd
|
||||
systemd.services.borgmatic = {
|
||||
description = "borgmatic backup";
|
||||
wants = ["network-online.target"];
|
||||
after = ["network-online.target"];
|
||||
unitConfig.ConditionACPower = true;
|
||||
preStart = "${pkgs.coreutils}/bin/sleep 10s";
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
Nice = 19;
|
||||
CPUSchedulingPolicy = "batch";
|
||||
IOSchedulingClass = "best-effort";
|
||||
IOSchedulingPriority = 7;
|
||||
IOWeight = 100;
|
||||
Restart = "no";
|
||||
LogRateLimitIntervalSec = 0;
|
||||
Environment = "BORG_PASSPHRASE_FILE=${config.sops.secrets."borg/borgPassphrase".path}";
|
||||
};
|
||||
|
||||
script = "${pkgs.systemd}/bin/systemd-inhibit --who=\"borgmatic\" --what=\"sleep:shutdown\" --why=\"Prevent interrupting scheduled backup\" ${pkgs.borgmatic}/bin/borgmatic --verbosity -2 --syslog-verbosity 1 -c ${borgmaticConfig}";
|
||||
};
|
||||
|
||||
systemd.timers.borgmatic = {
|
||||
description = "Run borgmatic backup";
|
||||
wantedBy = ["timers.target"];
|
||||
timerConfig = {
|
||||
OnCalendar = "*-*-* 3:00:00";
|
||||
Persistent = true;
|
||||
RandomizedDelaySec = "1h";
|
||||
};
|
||||
};
|
||||
|
||||
sops.secrets = {
|
||||
"borg/borgPassphrase" = {};
|
||||
"borg/borgbasePrivateKey" = {};
|
||||
};
|
||||
};
|
||||
}
|
47
nixos/data-sharing.nix
Normal file
47
nixos/data-sharing.nix
Normal file
|
@ -0,0 +1,47 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
cfg = config.pim.data-sharing;
|
||||
|
||||
nfsShares = [
|
||||
"/mnt/longhorn/persistent/media"
|
||||
"/mnt/longhorn/persistent/media/books"
|
||||
"/mnt/longhorn/persistent/media/movies"
|
||||
"/mnt/longhorn/persistent/media/music"
|
||||
"/mnt/longhorn/persistent/media/shows"
|
||||
"/mnt/longhorn/persistent/longhorn-backup"
|
||||
];
|
||||
|
||||
nfsExports = lib.strings.concatLines (
|
||||
builtins.map
|
||||
(
|
||||
share: "${share} 192.168.30.0/16(rw,sync,no_subtree_check,no_root_squash) 127.0.0.1/8(rw,sync,no_subtree_check,no_root_squash) 10.0.0.0/8(rw,sync,no_subtree_check,no_root_squash)"
|
||||
)
|
||||
nfsShares
|
||||
);
|
||||
in {
|
||||
options.pim.data-sharing = {
|
||||
enable = lib.mkOption {
|
||||
default = false;
|
||||
type = lib.types.bool;
|
||||
description = ''
|
||||
Configure this server to serve our data using NFS.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
2049 # NFS
|
||||
111 # NFS
|
||||
20048 # NFS
|
||||
];
|
||||
|
||||
services.nfs.server = {
|
||||
enable = true;
|
||||
exports = nfsExports;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -25,6 +25,8 @@
|
|||
./server.nix
|
||||
./prometheus.nix
|
||||
./kubernetes
|
||||
./data-sharing.nix
|
||||
./backups.nix
|
||||
];
|
||||
|
||||
options = {
|
||||
|
|
|
@ -17,47 +17,56 @@ sops:
|
|||
- recipient: age1unkshctcpucc298kmw9a0qzvtjzgdnjytrxr5p750dv0z95feymqpn68qf
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3MjVLaFAyTEQ4cEF2Wit6
|
||||
Rk1ZaFhuRlduMkNBVi9UWFEwd0pNK3NHcUR3CjdqRisrNVRPQkFEMTQrblMzQUho
|
||||
WVBjWll0RnFlTHBSMEFyblBDTTdhOTQKLS0tIGFBL0Y5dlVUaVR1VkRBUkM2dTlL
|
||||
YVAyQTEzVWI3eStiUjlaNGhKZHRHVzQKDvbBgGzw8Q5Nb4qBc5Z9ee15D65R+tXr
|
||||
g0BuD0DI4RPReKbTfD3J2yxm5tI9QMiUUEsgJNQvJXcYXH/yXZnu1A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2anAraGp2YlNWZnNENWMw
|
||||
WVFqMW4zQUl6UWNRK0lSVnNZMVl0SjJGdFJFCndyVnQwejFFWUxTQ0pmRnNDbUJK
|
||||
VjM1ajl5cHhHN1A1cjdhdFhtcnVEcWMKLS0tIHNUQWx2endUUFNMUENUNjhvdDZl
|
||||
Qk9yY0N5N05UZG4rcG5iS3NkR2hVaVUKxRS9Mf17cG8WyDdCLwpqPiMObbKCTz/4
|
||||
iejyULwJNOBcl3Tvzgc9FANNZpC4UrO51HTCzQvmw9tBboVkEkLA0Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1upnqu4rpxppdw9zmqu8x3rnaqq2r6m82y25zvry5cec63vjsd9gqtl9e02
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKeUxkQUlhS2JUaDJiZjdW
|
||||
SUs5Z0N6Wnc4alNwOWhhKzl4M2pxZi9TR0hFCkxkcFdNZjJvS3kvQmUvYmo3N1R6
|
||||
NDU0VmRBbVZ0QnFXdnI5Mjltd2I3YTgKLS0tIG91T05wQTN2c2ZVUitIYi96TlZW
|
||||
UkdpRmpmY3dWMVNWR0hRVDNoTS8ya1EKYxYJB5SN4f2QAF5i8RYybJLeNCiFw5KN
|
||||
2Ky5HbqJ7U38wMxjpdM/QcgrL70fVkf1zME0QF8wQ9wnUniHoL7yYA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpY1lJQ3BKSFhia0RUZFdV
|
||||
dldKbmoxN1pwY2Z4V1VXNlY3cWE4cnJOYm5BCkNMc3hZbzF3RHlUMmdSRndMWDBy
|
||||
eUFjOCtMaXZQY2R6N2RsRDNDNDhOZkkKLS0tIFVSRzFySG00VktGa1ZmYkx6Um1W
|
||||
V25mbkcxQjhqb1cxa0hkTWlFNkVsS2sKbP1bqNh0DRiZtK3fXaZ4J1d2b+nYwFqQ
|
||||
knwond7pkN9YBRsU4/HHtFCp1XPxRiNQCXXfzWy0X365VzON32huqQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age108fn93z2c55g9dm9cv5v4w47pykf3khz7e3dmnpv5dhchwnaau0qs20stq
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLL0xwbXNENzQ2N1BIZGZC
|
||||
YzhMdFdyREpMQlRHaTZmRTllUnhEUm1lcm40Cmc3MzRheDYrQjgvaWVaZE1tNUp5
|
||||
RTFZbXltV05lRDNBdVJ3VFEyeFlxQTgKLS0tIEx1ZG1IMHF5a25LZGlzWjNrZTJ1
|
||||
c3VCWjRmKytyVzE1SzBlMXQvblptNmsKNnl6VQIBn2Gfkrlatf23kOMWW+1Ej2wv
|
||||
O9Q8twttjPoTPx/9pWHOCNHmbnkabwi94lRujbXgIAQXUAL00n3M7Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRb0gza2VkOG5XK3NNZTNh
|
||||
bnovdmZFM2dPblZ1M1JNU0tJK0Q2LzJaZEVVCnBaeHZBMUpNZ0h0R3MyTk56ZUl3
|
||||
ZnhxQnJNdUlDMjFmVjFXcFduT0JnWkEKLS0tIDIwUzlhaUwzWTMrVnJIbFNYazN2
|
||||
OFdlY1pXUnRNdHNZaDhvN3VlajVnVDQKnmpUo96Ua6AhLpHcdemMYKDvptRwpcUR
|
||||
eHT3OCCqe1UVy+e8ibcavYsDDIn6oSyoZg+94nfLqqMAqU5ARq10LA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPTGdrWlE2SER5OUNjQWEw
|
||||
MUdEZ3VJbCtwTytZU3ZWM3lNclJBUXhBdm5VCmRpQXNxVVV1cGxlMUJNa1lEcUdx
|
||||
Qkt4clg1cVpOV0FhdEd6aEQ2ZkdlUTgKLS0tIGl3YWxjRlM0MHFncm5wdlpSeEdj
|
||||
TkRSZmJyQmg2QnpYanZLVFRlWnowY3MKvM9kUm/F0vtQcwdnIKff3HWUtGbR2vmH
|
||||
eOKnbOE5WMAWIi8oSR/uBMzE9lK2kyisby19XZUf5JcG4wS4YRlC1Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsVUg3a3Zra05hK2tBS2Q4
|
||||
RE1rR3hQdGRoVkpjdUxCb3RHbEZjbXNiRjNFCkZjaXFrR1F3WWlGVTlid09pRWRx
|
||||
SUpwYmxkb1pXWXBBVU91emMrZVZBSHMKLS0tIEZ2bC9IVU44NUt6YmM0RDZZdEEw
|
||||
dlB5bFgzeE1QRHpHSWhOSm5KZEZqK0EKZ6o7plwu7EMBroGG87ppyMtMH40PNoFs
|
||||
PrbL0Hvy4DGq4J2MLyUG+i7lCKf2NL5eS2HeZOcR5vjoQvc6DVHvOA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCZDhSMEw3RVcyQ2NmZkpD
|
||||
bVp6SFpMckZmNGdoeCtzQVo0VDFEWkZ0dVUwClA2WVd5NG90MkVRZEUyeW9JaW1r
|
||||
YVpJbEpDV0VCREFVMy9taFJBODlGWkUKLS0tIHN0eCtrNUM2K3VTaHNMWTRXUFA4
|
||||
WEhTSHNtdE9qSVJVay93R2ZxeXI5SEkK7ZjIfQevnd1yyz8Ra9kBJb2DvlajgNEn
|
||||
88JXgtSrxtiVfrCFUKEIsEV6v/fT7BECOGCYaoxskwgLgCZ9mL6sTA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKNFNZcmx4M3VlQ0dCY3hZ
|
||||
ZVFXK1YyV2Myb0wyM0tRdUFzaWZZdU0zMGprClBiZVpVNzZtMEJDRzZTQy9iblRx
|
||||
SGVRZTV0Ri91elI0bVZsWEhYRHNDcVkKLS0tIDZtUlFMNVdOZWNPbEpiVWFaZkJu
|
||||
MkF4Qi9XYjArYVBabDl2MXI3VmdzYncKNNTcTyvOVQfzqcJsscgwQXbzsxNNts92
|
||||
aa6+WetMwl1IKo8iw0bbmkIqJ5+7DFSQc0AhS5DWhiGISQ/GrTfFLg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyR2xBS291Q1lHc3UrT293
|
||||
TlUvVnRxcUFHT01iNWJ5NFJtcVYyd3dLVFdnCjVqQlVLVzBEMlRFbjdDZkV2VWJa
|
||||
c1RyKzh0S25VTk1wQ04xdEFCOHVySkEKLS0tIHkxMXJUbWxZNDU2VmFuRVpobUpF
|
||||
djd1d01oTzh3WGNVaml1RWJ6alllQ3MKfiUTGCuQ0+6CbkRPFAKnIh2icOScNSVq
|
||||
qbhQZVbF1zkTAACtJYRsw9LYhjK0QlT52fcLVuyWL9GRI5ZL6n3GRg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-12-01T11:24:36Z"
|
||||
mac: ENC[AES256_GCM,data:aQQPjSLHgvBPU0eZA95qFoRsklw3Jaj2N42DpKSheDoSJ5SwWV1GK0IJqkis71eBpMG9Mjn2wWj/1IdU1upRqfZU5dwNPdVXFb2+qPZyTkz1jhvBVTRGUNedd/L3t2a2nsaj5frZyzUPBELMs7n335pB9I36e+xOgTmA8OW3XAE=,iv:UI82ZmzcXtjO9fv2bSBZVVzNs7uvlopyxKXW+wBmNf8=,tag:HySaRX4Ihpnx+a8lASHicw==,type:str]
|
||||
|
|
40
secrets/lewis/colmena.yaml
Normal file
40
secrets/lewis/colmena.yaml
Normal file
|
@ -0,0 +1,40 @@
|
|||
sops_nix_keys:
|
||||
root: ENC[AES256_GCM,data:S2tVrvJU4jpkl2GmiwUO++OQuDbgt9ResyAtivEnSpRD82i+7g298ujzmFSdKNzOQSVpLuinIhXF0eJeiYF4vh55ywe321aTysg=,iv:PILjXRmdx07o3Pw7JIuq2xIZKuEZnujD7TVWZ+mIZos=,tag:8/iaTqW1vF/LXz2XSb8MkA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWTE5PN2NuZ0psei9CR1li
|
||||
N2NIQURZWVpXVUpKT0ZwR0hzNlZKbGRQUEM0CnJzajJkVDQwSlVEVWxLZEtCT05C
|
||||
Q1pUblgyTG52eTNYODBTRC9ETUhsU2sKLS0tIC83cXEvTWV6N2pwcm91S2pmK1NG
|
||||
OHEyOWhXVTM5ZE9qazdtZzVhNFpseWcK0AVMxP0DvwO0uBmgXrhxHsU+i7kWfpeR
|
||||
nA4fHrdePwXsGXDGBgw3B7LBcl3vinYEKhINQgDTXN7DNNXurWUYWQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByTDg5aVhvYkdyUDIwam5m
|
||||
Y1FVbklxekt2TmpGSFBrTzJjRlhEUUlHbnhzClRsWEQ2b3daMG9POFFuTzl0NGhv
|
||||
ekxNeit0a0hoUWJsdWNGem5lYmVNQ00KLS0tIDZFQnVYTXFPZzlud3FWQ1c2bXNh
|
||||
allpQmNjVHFucU5CeEZTM0I5TnVRNjgKgCM0Cu87AJvABQ+X9JD7NAukhXDpk9he
|
||||
4x84RdRXaCPZ3t9ED3iKGjT4x95mkOPtaSEUHwNzBesFZ3mVWxbLlw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLTHhJelQxK0phRzRWQVNS
|
||||
ZmxIZTlOUk01aHIxRHYvbHZydUZFOVhFa1VrCkxoN0pROXhEaFJXZWdSWGFQZlNp
|
||||
WnhaRXFVbXBFeEN4TEFneFgzaEVyZU0KLS0tIEI4QW9nNmxHd2VqN3VmZkJlZTBx
|
||||
NkJ1V1hVZmhCWTlDWjY0Y0kyU3RITkUKy4zH4fz+5GDQCGQGRaaAOrbZFq3RJead
|
||||
vTLccZQa6+IU1EL/12onkSWklvNVaOMJJp5re6mZEdCiybYOPZmGEg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-12-01T15:13:20Z"
|
||||
mac: ENC[AES256_GCM,data:z6CikTBFzpgHqbCTWEMdePE3DIIYivZgtqmVLglJrOq65BRYz7ED5+74lOftcUdHGsBhcgTgZKYEGvgW6r7B3AAV5RiJ1oCg+xWjfj64dyYjMf0kkO1h/4KC61qfpyd4Wj61lAFyw7jwZ5011YYZ7Ox3GxNGJP/ilZwfguAnnIY=,iv:mJ+jRqfJBs2izRR3t/ixt45R9FXD2PxknCcu4DRqK5M=,tag:m7LpFr1qesSBjnzP1Xy/Cg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
50
secrets/lewis/nixos.yaml
Normal file
50
secrets/lewis/nixos.yaml
Normal file
|
@ -0,0 +1,50 @@
|
|||
borg:
|
||||
borgPassphrase: ENC[AES256_GCM,data:yIWgAwYj4JKAKFynYArW7dDEiVY=,iv:fADZUXEGGSgM1IPitDZX9vVErC+ub/KnCpHx1/9h4s4=,tag:UBcfpjSHiMj5FwVMr0XdBw==,type:str]
|
||||
borgbasePrivateKey: ENC[AES256_GCM,data:9FOFCLfwGlgYQXgcg8TyOFoY/abdxTKcTT93JrfanPjlCA+D8Z5loShFTxXKFxKAgJZSMH5ts5PY0d/7EnNvTG7B8DQexaUhlU/kfAyXKHCehpDMwY7UuoS0h3qGU/IgqQIfWDc8pX5vIZuDP0a7KHd3iPFL7ETHbNoCTYQvJZEXYcLIoS6L6I8Wm5yxJJ2QlyvyW1NtnXspcBym1KzZlN+7plJazznX2MbFv3EZLZC2Z4WnixKXKeYBCSutat1fa+1nhswvPqCq/N4cJQgtpRFcQnMqnU1Yg1g1F+i64PqGSB3OgOvO5macn2pWNQqcLlNuAH55KEX5cHF9nSFObJsrDDxmjYZmT1lu/fBGHNW17O4k85BUflQSpsEDHRWc1O3W/W8xJs0weujFEqlBkVLV/nGNAXJKr7rIvbWnF67E1FgUO/dhePWrwpQRr77lES7hat9eiv9XlNlyO9GBGOp/HeFvykZmtwRqBhGWzKcmUNO3zr2FupddPBU9g3BUmeKm,iv:AdqojS3Ri2s2jEkOD7SfyFMlWeUn11OetLk+TlemSd4=,tag:6Fn/WpLzgNyEJDVbY4LyRA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age108fn93z2c55g9dm9cv5v4w47pykf3khz7e3dmnpv5dhchwnaau0qs20stq
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjS1BaQ1RwVXZZTk9vMGpi
|
||||
RjNIRWFIcitCVG9xL3JPNUl2N25QU0taMnpvClRGS0VxZFZYYXcrVDhURjlCQ1Bv
|
||||
aFlIR2xXRVdyRzlRL1V5YTFFczdkQWMKLS0tIE1lMjBqNFBDd0JHQzdvT01DV2lG
|
||||
ZXJyZVgwQ1hzVnJ2STlIUnBxbGFEV00KIR9mZ9TenQuYoi5epC9BJGLBpn8cirO0
|
||||
d3Nch2GJpcEPwKeUjTsr1tPPKqua5GfbqrTsCdBYv8ItE1vB3qfvPg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDbThPWGc1TXp5dnpZbVgz
|
||||
emx3ZmlnYlM5bWtyc2I1YklmWWx1QU05VWtvCnRGTWs5aUNqZFdDU0xCSXpNM21U
|
||||
OGZ5MEdxTXFMKzRwT0lGRHdJZmwvQ3cKLS0tIEtQOFp0VjdxMXJKUERhN003bVpl
|
||||
YmNUd0E2M0QwcEpVa1dPVGZjb1hnR2MKK6d1LvSTa2Ku8xLO+eXxSO0nuX4bC6pp
|
||||
JzS00ym6w/F9m6JRchSB2R2zswoIQmk/sWWB4f6llvI1+B636L1FFw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5c2E4V3pYTmtIOFpLbTR3
|
||||
b3M4M1kxODhCTExqbnh3dzhYZ2NKK210OFdrCi9PV3h3T0NXaDFPUHJaWWhIY2pT
|
||||
SGpXNElvN2pLaGp4YVIzdlhyRlowMlEKLS0tIHljQjBHbWpFbXdOU3l3aWs4b0ZH
|
||||
WkQvZXMyNG5qZFpTUjBFTVNPMzBUZUkKyygGqHyNTxUVEfadY1PG1/GF1ouvaJmr
|
||||
swJa95Sdvo2wsVk/47XJynSfNraOhnGd+0zlctoh9UfcB4CpHQzyww==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDOXl4QXM0Y3NyQndFSkdw
|
||||
OXNqN21Jd0o1aVY3U2YvbXQ2c1ZhYk1UUWxRCjBSMHlzT3JNcm9VLzcxRmdONTNW
|
||||
amg0YlpvaDBWV2ZzODl0a3FkZE5udWcKLS0tIDdvRytKeFFQZk00Q1BzbnZFalVw
|
||||
elNYMnlOZDcrRVI2a0VTcml6UjQzcG8K9qrjkFXq7w7kmCdmUUvb9EeZ9I65dBVM
|
||||
Yc9SvR2pcGNbCJ9JFTeU1H/UTE1quwjMDeyJH5UrOc3Jl3aJ74X61Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-12-01T15:24:20Z"
|
||||
mac: ENC[AES256_GCM,data:PcDrhvYKjQj8C47DQyTb+8QnBdZYpUmVZ4QMo2OOg7esc2DeeLwxQ2oDEcbUtIGY0s8mXuIZbh1XnDnLDWc+XX/cCe6lVNqkZO7zYhrGFRVqcC/l7ebYklEcgM+/+HK+JkouUb+Mka0NOBONuoN6HAYlaDAk7GU8GZCUfn+o6/c=,iv:74GdlT7DfXeJE8+kCL6B81nczwb2on+IgxekrYtIFnc=,tag:Afffe7vOP3IL7mz44rEzEQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
|
@ -9,56 +9,65 @@ sops:
|
|||
- recipient: age1th8rdw4fs3vmgy9gzc0k9xy88tddjj4vasepckfx9h4nlzsg3q3q4cjgwu
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzdlVLS2VWeVdhV01CSEMy
|
||||
NFhEamE2cFM0V0l0R3ppdWgvWHdNNHpPL0ZvCll4VGRMRDQ0OXQvNFRDWHZSWU13
|
||||
VWoyWFJBZXMybVVPa0F2QWUzT3dFVzQKLS0tIHNEUXFaemlRU29PNC9oMWlsRkho
|
||||
MTlqZWFMMjh4QXNoVmhqR09yRWJJLzQKphBhMCKiB9kNe/Z2CuYYbRFdjzrOGJHy
|
||||
OPSwMzoy1k8Lz+KIY0u5f36gt3ws7+OeJZYBISlEwqfAqoe8VAydAQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBielJoNjNXQW9SRDY1dE9y
|
||||
akw5M2hTSkgvbWJxaGZqZnNsdGVhVWFlRnkwCmN6bDRYclJNY2d5NVJvcllCdjhu
|
||||
UkJxMDRyMmFMc3hQVUp3Q2RKRDJaN3cKLS0tIHlFV21zZ3RNYW10UTQ0SmdBbVpG
|
||||
TFI2eVorL3BCYUZpcGNCU21mcHpBNXMK0JBvnhT2fNNWfLcXFYbelee5OlkCrRyv
|
||||
ZHKawtyH60g1nUB+AQqneUJhiYH0UJ40Ttz06rVyzOYUCV8M6tghsQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1unkshctcpucc298kmw9a0qzvtjzgdnjytrxr5p750dv0z95feymqpn68qf
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2aVpHNkJYWmNES2xrbGJp
|
||||
Z3hNR3ljeTZTd09pWFptRHlDMDZLM2N2UlNzClN2ZFljdFBLWUhpRUpiblJla1J0
|
||||
cWRERU9tYjNjMStJaTBmajdnRHV0UFkKLS0tIG9sTWE4b0ZIdUtnaU9ZZHYzN1Y0
|
||||
Q2VwdzlOMW1QS3hHaUNXVTQrYlJwdDAKWlMMF7sb3TzJ2se17aO2CTVeUU3gGUsA
|
||||
l+qzhEaYOwQbkeL054fCI36ySrrYyeWnyg/vf7O66zFJUGa2w9Gn/g==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyc29QQ1FoT1RIbE9neG56
|
||||
T1MrQzdHWEFORnF3ZlRBMUVvdVRtWjRxYUFzCjd5aDBISHlVdUFSQ3dySmFRZ284
|
||||
SHNjdjlBeVFjbW5kSmVKM2doTHczS2cKLS0tIDkrOVpHUVIwSUl4Zno3cENoTDJu
|
||||
V3krQU1VUjFaY0pFbVJkQ0E2STF1N00KrqqxZo8CzJLwiE/uibJMA6V/g4vlRFhB
|
||||
mj/lWkEAek7MhncNKFPgoNON+5rU1bqmEHufhpLaBV8NYEWMTM5/XQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1upnqu4rpxppdw9zmqu8x3rnaqq2r6m82y25zvry5cec63vjsd9gqtl9e02
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoOFZmbEtWc0QzeTd2QnBT
|
||||
dUJHUTh6ZkcrcFkzOU5qT3hHY1JGd2g0SVFJCmJJY2VsNVY2VWpLNjhLeERnTFRI
|
||||
UWtzQmZHbVYwUkpqMnA3c0pyY0NNeFkKLS0tIEMxZVFyMGdNVndCUmVOeUhQY2pG
|
||||
MWF4RTdsRnptellVZndMdDVYaFR1VW8KJHzwUNhWjw7Xzm5wTt7ioLsBRBGCO6l9
|
||||
WqmtoN6laVta1QgvI7h1rZHsZ5za7wZ23i98CWhM1dqEKgSNV5G51g==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByZVJCblJHZGo3bFA3NitQ
|
||||
OXMvakVVOUdISUlCYW9SL0xIZEluUzZENEVNCmNqMGg0azVac3pRVW9obzVOUEpz
|
||||
RFZTYnhIU0E3c2h5aS9mL3NvK1lGMkkKLS0tIGdZOUlhbjMxTUcrdHN0VTFqK0lj
|
||||
bzFiakFNNUE4RllrdkR4WW4rN1hJTE0KnIrPDg9U2eXrQU20hpFBULFv4AQZn18J
|
||||
TGrgn5CzRHEjWrDBxQfN5u0tNu/07KJN5xRvd3MroH1KVe2Z0pQn4g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age108fn93z2c55g9dm9cv5v4w47pykf3khz7e3dmnpv5dhchwnaau0qs20stq
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiS2lpSWQ4R3U4QVhRcU8y
|
||||
OXVKcVNWTzJ1L3k1a2lIUE1FeE50VzcwOXlnCm1na1JiSmVPUHlVVFdGVzkwZzNB
|
||||
b3ZlN2R5NExBeU9YZlhBRHY5VThrb1kKLS0tIC93bEFLdWxZaDRpanJDV3V5VXVM
|
||||
ZGExZXl1ZWtTMExLalhMUlJqWk01MUkKhCweI+hyY3qCf+XA5XP/QiMG57LQ98/i
|
||||
msKrrNp6yX5FX32n0mPiVehb/6xY2/mTAtGtIt17MxdMY6QwXjQmEg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJcFhqMjBIMjlhOWhMUStr
|
||||
R2xOclVWWVFQTy9wYjE0YWd4YTVISS9GZGp3CnVBb2J1VHBEY0FzNy8xM2hhWWc0
|
||||
UDRsVDU4bForeFZnemNja28rQ2RIOHcKLS0tIFMrbGx2VVdjbzduMXpveFd1bXdm
|
||||
ZjdUQTZtVFRrZ1RmRHc1V0gyRjRWYmcKy/CmhxGi/pP4fzL8sWwZ9uIhTZ6C4xyn
|
||||
uNTAAzrJUGKVSJdKLHVzXinuOcsBRFwu7ZfEMu7pp5K36OI09VRqDQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyU1Nnc2taYWIyVVhEZXVE
|
||||
MTJLSjhNcG13S2Nqa0E4YnU2ZklZUS9QVUNJCkVUdWRWMGNnRTNSYjNvMjA1YTIx
|
||||
UXZhTkNwY0Z6VXI1b09yRHl4aUVpYmsKLS0tIE5CZ0VmVHFZTlZJSzB3OTRKeUlz
|
||||
L2gzMDdySit6VWd4RzBMcENobTJLVGcKMYhRprFglCN5gUpcZ2ZKV8YgwdcRNuOs
|
||||
h+rEUaHuMlPSGe/t29hU6FfRGJ3vbPAKJpYDWANC6QTF+/TnFokzew==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlNFJILzJTdWxYaDAycjhk
|
||||
a1Y2Q29HQkFXazZrbjlPakpFSit0R3VXTld3Ckl5MW1KaUJDZlRRcE9Sb01YU21j
|
||||
TVBvSWl3dFFJaXZNWHRRYUFWM2V4QkEKLS0tIG80amVJd3VEVEVFYTRzTUJVa0xl
|
||||
VEtFaGVxMVVCTlZXeWVhOXAzaUZ0OFEKl5g7lFkDivGruD2mhne/kc+F7qvYFkI2
|
||||
bEe/vlIKqwRuHaJLq2eN/Q0x8wTF9cIfD9zK47Ku75AgdTm1uJ++lw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGQktCL0QrRGNpVkI5UXQx
|
||||
bUNQZnc0ZUI0Q3lHQkNnbTk2VGZ1ZDYwY0NnCi9OZkhUc3hSTWhiejZPWVhhdHc1
|
||||
d2llWjBKNTVNS21LODIwTlVLNTFUVFEKLS0tIGJLWEZaUGR5YXYvVHIvQUpBU2Jr
|
||||
QjF6SDZhWktHR1BwdVdBRWIvVTFpT1kK4id9BOXza/HPySMgGi+kjLuQvokUZNlf
|
||||
0+vleCcyAIT/9sv/RHm7ctAxsGp/NkdUBr//ED0hhYVd2zszejXHFw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0U0l6MjRWVDBzMndKcmdU
|
||||
UDdMTkRleXRUZ2cxQmovS1poYTluTW5uQ1c4ClRqUFpwZ3p3bHFldUlNK2RFbmZU
|
||||
aHNzeVhMZDV5cDFqbXdNOHhocXhXNzAKLS0tIHJ0bG4vRENDZ1FEMEQwTkhGUFBG
|
||||
MHpWNGt2VUNKVnhjWHVpQU9sN3orK28KVNBCGvHMRgXB9k8sTvG6A4/RNPg+joME
|
||||
kVBqsRGs9zfKA01tGjlwJRGRb0sPzZ9e8OFUeAuQRUunh/EyxO32nA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGd2tSVmR5SjhmR3BSTCtH
|
||||
NzJLNEYvSVVvaytZOEM0NnJsRjdoL3d2VDJJCi9nbVZzdlJZS2plUjlKWEt3SWxm
|
||||
WEVrVlpqRUIzYjJTOGFveWR4UjIyWTAKLS0tIEFFajNrLzdXT1JXSXN3eXhGd1Vr
|
||||
Y2cwK05uWXFhbndyRlhrSFNjYUlmZ1UKZ1vFRu1QhGGf7BIP8TxK2BIlMZlP3muA
|
||||
R3qLr1lEQmob4O0ilwn65nSCEd1/9W6dUWqeSlJ6CavjG59AvSHfIA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-11-30T18:44:29Z"
|
||||
mac: ENC[AES256_GCM,data:SG6a5pWa3gMaSz9d9fOchUXtXbRTpMOXmbOjZo5Fdx8Es1MEDwezwscQaj9p1dzmGa+7U8UUUzMYxlg2SmGgGdPgCs0a5RQVYvQFNdgpRiuknflFMcdgXLv7XFsTqsqSmbN0O662YDvCcz4DWRKjNCZAimlLym8pwDihj1D8dcU=,iv:JmCbcazDK2KPyYsoVy39sr4IbfiGfmGoopit5ojVADk=,tag:6tKYfMkJBjsThaa4qLqobw==,type:str]
|
||||
|
|
Loading…
Reference in a new issue