copy nb configuration and modules

2023-07-12 16:13:10 +02:00
parent 1af70a3095
commit 127eab91d5
114 changed files with 9070 additions and 0 deletions
--- a/utils/modules/lego/lego.nix
+++ b/utils/modules/lego/lego.nix
@@ -0,0 +1,16 @@
+{ config, ... }:
+
+{
+  sops.secrets.lego-credentials = {
+    sopsFile = ./secrets.yaml;
+  };
+
+  security.acme.acceptTerms = true;
+  security.acme.defaults.email = "admin+acme@cloonar.com";
+  security.acme.defaults = {
+    dnsProvider = "hetzner";
+    credentialsFile = config.sops.secrets.lego-credentials.path;
+    # We don't need to wait for propagation since this is a local DNS server
+    dnsPropagationCheck = true;
+  };
+}
--- a/utils/modules/lego/secrets.yaml
+++ b/utils/modules/lego/secrets.yaml
@@ -0,0 +1,84 @@
+lego-credentials: ENC[AES256_GCM,data:cn7n1jOammEdvzYzBKJ086c1bHc77GN74uncg35ClaTBvb5w3F0lQazJqBJoIf365Q==,iv:FLrr7WwGgzjuENOEi/Sf8Ti6wcQLPnBkJ+/DxyCUM54=,tag:yQnDsDz+btx3MQu/4w2ixg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBocUx0b1VtSlF4SVpvMXpr
+            NjZSSHdkaDVoeDRCTC9LRFI1bkJRQTMyUFdJCjJvN2NyY1JLMkVtUTF2eGN3Lzh5
+            R3M4NUk2WUpFMTM4MHQxM2k0dkdxUWcKLS0tIFkrMUVSaHVCaEYydERacFBtQVVt
+            dXFENTFldVFWN3RQWTBKZHVtc0tza1kKeKGChclZahfDACUJxPsTn+4XomqifXP4
+            VH+BxqmwkhgryRDoRrVy+vQnyK95WaDo3S/UIR2zgUR+cezt1DzR2A==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age106n5n3rrrss45eqqzz8pq90la3kqdtnw63uw0sfa2mahk5xpe30sxs5x58
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnckpCQVZaOE9NT084d0Zk
+            TUtXN3EvcFZoOCs1aFloK2RSTVFyT2RWUzBVCjdCQzNGaWpqejhNdUtnZTl6RHpY
+            b2dvMjZIV2ZGYkwyNVpxaHRPUmt3bmsKLS0tIHJReVpvTzBqYS9PVThmRzZzZUtI
+            WjZmMXIxOWFScGlNSFdwbXdQcXB3d1UKHAkThsJ2unza8Yz/l0umryT8li74LKre
+            dQuP41RQOQBHisUUZhWeYkM+wJzayXr426IK19zAHPuNeutqcewYcA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1y6lvl5jkwc47p5ae9yz9j9kuwhy7rtttua5xhygrgmr7ehd49svsszyt42
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaSGhiSkFKbHpGcjljZ3Uw
+            ZWZ5MS82Wk9YRnZlQVk2V2laMzRkK3dBdWg4CjJ5Wkd0bnNXbVpMYVUxSVR1Nnpn
+            dkFnbTV4eTYwWmdzWU9PZlozNytBWk0KLS0tIGVTL1RFbzBBM25nbFVtOEVQMmVm
+            bmQvemhIeU8wTGswTEN2ZjA2RjdaTW8KlorFf+agQuSwbN3Fkr5bUC2Ca6Sz8hHy
+            Faq+uNlMWHCrvE1DBP34D41LxCLDaDMYIJyUG7A4MZE2WUrJZ9c0vQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1ezq2j34qngky22enhnslx6hzh4ekwk8dtmn6c9us0uqxqpn7hgpsspjz58
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnT2VQd2VKeTFsQ3BPbXNq
+            cWRTREx0UE54RmNDSlBwK082azRZalQ0aUhVCk1HV0Y3RnFYbS83NXcvY3IwSGVG
+            ZElxcm1ETlFvVkhjR3RVNnNJQmR2dzAKLS0tIGpoYytWL25nQkFSMm5hQ29yYUd3
+            UEp1cndyMG9Ba0RnT3NRdHAzRzBjdDAKIHXX0rnPkEz6Smw3sH8RgDdS92yOoFxz
+            6uFUrqbxAW1+6EpgSPCi4GioAZyFayHdeuXQ5J9vApCDhHdsd6jMzw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1jyeppc8yl2twnv8fwcewutd5gjewnxl59lmhev6ygds9qel8zf8syt7zz4
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBRVEyK3M2aXdwV3RTMGJy
+            NlBUaWFKemJDRHB3ck5xVG1BWW1CUjc1OEdZCnUzSktiUkRmcTNwOWZXTFhnUCtD
+            bHFCZ1ZhKytGc1hoOVQ0SFFyUkpmOHMKLS0tIGNWV3Vrd2J2TTYrUUhaSW0yak5W
+            UTRGd0FaZUk1RVFqS3NXWHZ6SFQ4MTAKsIWMYxczPfDg7G/H5Rcm7sD/2zPXWJfl
+            c2PiNSeZAfuCqAU/a9/2rz0kk3LdAW7d+foBOPeMkWnKs2pFJxNMXw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1azmxsw5llmp2nnsv3yc2l8paelmq9rfepxd8jvmswgsmax0qyyxqdnsc7t
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTUTZKRGdzSHgybnB6ZExx
+            UVRCNTROS3QyOFBYSFc5blFEQythTndRSHhrCjJxcTNqejUxQWxRZzhhZVhNcjlR
+            MFY4LzdicGUwMm13R1k2ZUdDc0VrY2MKLS0tIFVyNGlJU3NyQnkzZEg4SEM1T1NZ
+            RHNUd053UUJyMnprbi9DR0JnSEQ5YjQKeXRdvnQRtkLs6yqVKlul4wp4PXQTpktZ
+            cUUWEaajUmXoEeHjFkfNqtsJkVG6ixnzs9tu/GeOCbTCZ9eFokUg2g==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1zkzpnfeakyvg3fqtyay32sushjx2hqe28y6hs6ss7plemzqjqa5s6s5yu3
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGNHJFa0ltM0JiQ1hOa0pQ
+            K3FndzhxaTBwZWgzNWg4RXBQdDV0WlZNZ1g4CkVhUlA2d0JjanorSlpyYVBUaEli
+            Mnl2VmJTNG9DcnZsSXZpUFZXTDZQRVUKLS0tIEtDZ2J3L0RtV1BybEJDZ0k2bGZV
+            YWY5QjlZZ1J2OEw2U0luZHNWQVFmRjQKZ9A54c5AXSm2aNasBinaWPDIo/xDXFqZ
+            7+ZTJ82QiWBXpaLIpmPim3e9JHVzZ8NKdN0Y7imsYdR2gXRsxyv1SQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age14uarclad0ty5supc8ep09793xrnwkv8a4h9j0fq8d8lc92n2dadqkf64vw
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1K1RSTVZOYmFxalFxc1g1
+            OHpaUXNLOHF2WnQ1VUxLUENwclJoQXl2b20wCnJnOUs0cXlMTDRXdktJZ2x6bjNJ
+            UWJjYkZwR2ZKNnpsaVN0bzBWODZNL3MKLS0tIEUraytIc1d6dVVqa0VaSWJpcWRn
+            UWswVG5PaTdDZHlybGxpZ2tKb1liOWsKOuMm2+kofwGqC95KhfEecjwzjNCHPRRk
+            /61zp39+U6PeqP0gTbcy959aSDhfucrZKhBKP2VsTgP0BLDfZR2K4Q==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2022-11-09T07:12:13Z"
+    mac: ENC[AES256_GCM,data:gqsD5gTtE5ZqWzWKAAIscecvIsGSC9j4Cnbik6Yk7Jf7Z5/NIxbkInzDsLmlU3ObbLZAhGAlOAKIrUVy37rCcEZ+I04ICXK1dmUdsVud6E4SvTdDjh9qlXTbEkcDCY2YqXlTuQl6IZyveaPuF6fRe1FMh8JEpDv/foZTl8+AuQQ=,iv:+nV6YW9m1B0qo7xbB1lw9dgiQ877GQ6OxMqjk7lei10=,tag:NmeSwBWRKpqlwZxYYC7trg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3