Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

changes

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2024-10-18 15:24:20 +02:00
parent c681eb3139
commit 3eb9ce0e89
21 changed files with 356 additions and 455 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
hosts/fw-new/secrets.yaml
View File

@@ -20,32 +20,41 @@ sops:
azure_kv: []
hc_vault: []
age:
- recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6aEpEZklTYi9oakF6WTg4
RDlNV1FrWlN6Skd1V1BmRU93SGJ1RTNGc2xRCmlzRk56NnRrbkthcWhpTjNlb0VV
cE9GaU5TRjAxaGFYTlkzbGtQY092eUkKLS0tIGdncHpVdTd5ZDN0NzllVmFuN2pR
WDJzNzZKdGxzOTRBZ1BPRUgxSE5DQ1EK3t2074FilJxZDQYZew8ckEbaBnQrDOsW
f+G4AnR83inhGsJwebmwwyI5dORVuBldA0CNjvihAmhlvf7G4TZ/Vw==
-----END AGE ENCRYPTED FILE-----
- recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1YlN0a1M2cStpbUtMMWFZ
RzQrMGZmbkN2c01yOHhvbllwQUVpcWhmU3lrCkQxeHNQb2pKa3pOYnB3aEFjTGl1
c1IvSnZnTS9JMFJ1L1E0cXRybEJ6KzQKLS0tIDdPNTNwZDdMRzhyVzNzdXRESlZO
TkRXeUsxTWpodWtIT3Mza3o3SlZGdUkK/U6+p4rYGLhTWSHPOysau+iCoWseiLht
oT8a2hp9dSh1ofseyBfgeDeBN7Td9Z9FTBXBgcM911Sdq3VffQJHgw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6MVNyWE0zd1FScmpOcVNs
R2FsWGxyZ0ZiZzkrNjEyNkVybjlVbFh6WFVFCmtoWFd2bTRFUU8zL3J1Ry9uak56
ZUxKMVdha1h1ajBnb1grbTNPcjkrc3cKLS0tIHZXL25UU2Fqd2VVL0ZhNE1vVUVJ
TWtVdzIwNU1McDNtM3VMdjhZNmhENGsK1x5pbkUdFuZtxLPLHQonmJEwSlWYBwjv
50v5i8fK4CTSjKO3VLh6iCkFUq2RYwerCpK2PdrujH33ymSUOzlXWw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBheVYzaDRndjhXMmhYaGdC
ZFcyUlZNd28wbFdsUEk2OWt5aEYwSzBsWVFrCnZjOHg2bXFPNlgwa3E3NkZlOXpJ
T2llSXJLNmcwWVVYdDdJY24xV1laWmMKLS0tIFhwTFdKaHk4NG91L2Y3OUZ4eHhD
V000QkdMWUhBV3E3dklnbTgvQVFUVG8KRkTaCoXdzF6+di4o9MoZIVUtM7YCxfiF
3PP2lurWxmSmGDhD7OwIgM+EQ0sKViDbcvGs6Oo8BKClgSx7i9kvPg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1R3V0Z3ZxQSt4dnkyNS96
VGRqWUV6WllLenY2TWF2OTVWbEdUY2NDbFNvCmpwV3dwS2hwbk8zV0ZsMDYycHky
bU8zRjY1aFF2T0l3YzBaQ0l1UDFRYjAKLS0tIEgwbzF3TytRNHduYkErSTI3WXJF
STZ2NnlKaDdLeCt3RS9IRnc5dUkzZmsK5VwTv1CASmuvEvVLd67YIFx2fouXONtA
vtuVW1MCG4Z/btsQ5smRUsKWVdL+G2Cy1dk8SWZcy1tK3bDOLZ/VNg==
-----END AGE ENCRYPTED FILE-----
- recipient: age12msc2c6drsaw0yk2hjlaw0q0lyq0emjx5e8rq7qc7ql689k593kqfmhss2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKbUMxNy9VTkJkMkszcUdx
MjJlRDk4TnoxMVEzSDdIK3J5dktWWHl5MHl3CmtjS013OXlqSjNhTlNBWURTRmht
eFVLRU1Kbm5OdUtHRm5Nb3NGdzBwWHMKLS0tIE51M2tnaEUzMlRIeDEzZjhxV3RH
clE0QWFvRit2N1hsaDlUcUpDbFdhUlEKA+8ukUbm61s2B7XzbBclbmL1G+cHP9DO
XGOzmtpNm/kPKZCj9CuMBB3Ze4pEQglv66YQPafzQhmP4LMoWrOQrA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLRXBDdXhYL01jaDRkbXZP
R2hFOXpBT25CRXNvTjhoNU1JWDRpa2RlcW1zCjlBMlZabFZhMTI1U1FxalI5SlBS
SkVMVXBldHF1aUdBREFyckpYVVBzaE0KLS0tIGowV3oxU0FYRjNoTDB3SWFMZWVF
bVBNM0o0KzJRUndkSlZzeUQ2UU91N28KFfW9ID6X0IPeCnRBc6v7EGJAZ7my70Ih
wHMDCrsnvs1XUFlHCFq4a7fzbqMcBoZ3Gkq5gBeuL2Cmuqoh92slzA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-02T22:57:14Z"
mac: ENC[AES256_GCM,data:U9/pKXdqXMvjQgyTIGz0JG+88aBXVgp29Fmm0OE66KMArkX8ungcEtdnGYKhD0gFJKLrKZZY5V8oyAXEq95D+Bh8ZnfmQibYw04cPldc6kTZstsrpbzrWVfn6sqG/ih12oXdsLws+H6IeN+O2qGZHDIVjvPufAdJ3A2X+Yakahg=,iv:mG+dGv3l/PNhggvlujLxDGU5z47qVA9sOTUbU2b2dPo=,tag:Rz2av33iwa9aYR7c0cviEg==,type:str]

39
hosts/fw.cloonar.com/secrets.yaml
View File

@@ -21,32 +21,41 @@ sops:
azure_kv: []
hc_vault: []
age:
- recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsNzNjZ1o1dXFxalFiRXUx
U3NQK0gvQWVRbnAxam8yZmJTTmRTaVVZdkdrCnQ0R1ZBWEVmcE12NWNuaDFtRGlj
UFRManh2VFgwUFJaNFpVZFNqc01oSkEKLS0tIHA5UDlHY1lDWUtwTk10RHZoQWQ1
bzZ6MzhQQmYrZ3JKUDZoa1lDZXRHRDAKHtzHnt+zHgMsuyX0vP6xapvJ8796/vkn
u9U56OdFlqthTy870vMMoJWW3wAFfj/QV124bG63lJ02gAHEr/PGJw==
-----END AGE ENCRYPTED FILE-----
- recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpalJkZWNhUzRJdTdhaElh
VlNGd3AzaW5ha1d4ekVESStQSC9mTnBGRzFRCmszVHVBMjFRZjRuejRjenhvdGZl
RkMxMmowbWdndDZvcHc5RDZBNGh2THcKLS0tIFVuU0ZIOXlpZEE1alVGaXhnbWhQ
T1BiZitwUHEvRGx2ZkdTTWJZQzJpOU0KH035L5mbJ1fDjmuNbmfCGZdJ/4eE9FeI
qM5/d51C3fP1uRjeLJFxObNlu/QG9MKql80fYF0NUboVGIUzHwv9gw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLc0ZsVlNzQ0d1dGJlSzN6
bzB0bnhHTzlodWJveFBmdVVCdjJ5c2V0dkM4Cmt1cHhJa2U4NmJZSUFGYzhCQmdH
eVJDUjc0LzdIOHo4TWlCeVEvQUg1b1EKLS0tIGRpTFA4TkgvU2ZLOXM3NktMbjRP
aGM2aVdRSUpsRXRCZE02MXJ3MVpxK00KO2dZUNZ1KQFg4bnNp1PEntL2fY1h+JCK
l7CnGwotydc9NybwYtisv9XVrz3QoiD09OiLvg7VkmfzEaGmqmja/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIdm01UEx6OFZkOW5QTnp3
bUpuczZUUFdhRnhBbUxabGNFY0Rzd3pDdGp3CnRZMk9JRTV5Q1Jwa1J5Q1dtd0lM
YzZKVzVRNldEa3JEL3h6TURPcHc4MWMKLS0tIGVEQnJ3N3c1ZHJ1Nitta2JRWDZP
VFZ3Qm5SYzRyVitTV2JkN2hWNEVMSDAKwHMncahsEQTsahAXr9VJFgsahUJ4yrOD
E1x6RAAI+2q8v3hPO8Rd8i6i/sELyM+NdK81WRrGwn8FHR8yZC7zoA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjQTBxNkV2REdrRS9MaUxa
YWxNOFBKQlAwOW5qSk9hM1Q5c0tjZTdWUjBjCkM5TmtwR2RBRER3Uzc4dWtGOVM2
bjZFZVc3V0t0enhyam1DWVM3b0h5WlEKLS0tIGNPUzFJUGRYZStMRTMwV3pWTW1t
V003cnFtYVNEbERiRDV4bmVXVlBaUTAK7pLGaixTRCg5lKhN8CN95cdr7X8X1oDY
LX2t+SPvb8hqsssLf/mqVxPsgAXl0L9lfsYtRsuMWONmaJsOleVE4A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1wq82xjyj80htz33x7agxddjfumr3wkwh3r24tasagepxw7ka893sau68df
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoYWozckZEcGJRK0NoTEcr
N0JsUG9UMGV1NTNxa0RmK3QyYVp0Wm04S25vCkxsSnpWQ3NGaGZMalEreUZkZVZE
ZUk4R1M3cDdaU0NBa21Hc2lTaXFhdGcKLS0tIFcwRGJZU0hmUW5aRHZsNG1NZ25n
ejhXSmVkVjlhRDF3d1JDQlBzd2N3WncK6taU4OsyYoZc5P/2fMrSidLo2tYcH6Yw
tNJRIOqR2Iq1M4ey27jnTdw3NvYKyxjn60ZeW2xcn8CYrpf0X4gLQA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDbDA5U0xnUDNXYUtRVVN3
YW5aTFg1T0pOZWc4cXFDRDlrRmxZWWw1MUdRCjdlUVg0S0IxTXM4ZXcydGR0aldu
WnU3ZnUydUh4em02TWFVamx6a0xpQmMKLS0tIEdpWFg1UEVGNHIzY2VZZk40NlBG
WXJpUUxadERyYUExRFMzNzBXaUVET3cKG9ZwWy5YvTr/BAw/i+ZJos5trwRvaW5j
eV/SHiEteZZtCuCVFAp3iolE/mJyu97nA2yFwWaLN86h+/xkOJsdqA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-13T22:30:43Z"
mac: ENC[AES256_GCM,data:sEySfQaBevydqFBOab7RPCse8fOwiix6GIsXeR9paBCCCHOxDZDusdn0/k97wLeWzvHi0SJB/8+g8qlqXtRuJ/3mT1vJxfWwoJk3gz2WD+d8recG+KkdtkSGu04addHgBZQqGqhOfkRHYypVW3GaBfLteY08nvob4/yjaHCtGig=,iv:lsHvIovstgHmY6OrV3CO0tju2OQb1AcWgMov8klkSqA=,tag:zcvCoCwTgeZhhS1MOvH3HA==,type:str]

2
hosts/mail.cloonar.com/hardware-configuration.nix
View File

@@ -5,7 +5,7 @@
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
configurationLimit = 2;
configurationLimit = 5;
};
fileSystems."/boot" = { device = "/dev/disk/by-uuid/105A-0CC0"; fsType = "vfat"; };
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];

49
hosts/mail.cloonar.com/secrets.yaml
View File

@@ -9,41 +9,50 @@ sops:
azure_kv: []
hc_vault: []
age:
- recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAraEttTi84cGd2bkd1RENP
bm9zRmlNdWZtSzZJVElVWW5qTXlzS1lreTNBCm9BMnJ6bEJON2Y5aVZvVjFmQlJw
VVVpSEVRNDJaa2FadFh2U1gySHFXQmcKLS0tIEhjeG5Wb0FDMlBxWW9aem45aTdF
N1ZQNlE2aTl5OGhqTUVNa20yelNpcW8KoXud5IID1g/KOvM30wn2cJFWQ5En4M5H
kJ/cLDSIBqgOpjtEeEDtMsKG4yW3H91YbXjwQ0UkoPJorauVPWnTYw==
-----END AGE ENCRYPTED FILE-----
- recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPRWdBcmEvQkQrOXZ0SDJW
eFpFSlBxbjlUbFlDVEZzS3dLSXN6MnBFT3lnCkZ1RGhoQjhtcGxEY1E1QlBvNUl0
RWxnbzNldHBHUjhiZldYQm9iYWppcncKLS0tIG12WFdYSVdDYVZUaEFzUFhJS3A2
Q0I2b2h4aFlkNkV1a1BFamhyd0ZBWTgKZwxpdydc1lgs3u9gkh2Krs8PGfcKwJTv
n7BV0FNa242wOT4Tu28O9SN7VR1zZR52iOgV7gWsCnhkNDk9kwiLHA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFbVcxeTJZM1dDUFhIZ3VE
ZlBaTU9tQ0Y2V2xlZFUxUXNKcjdadVVMd2w4Ck9TK2UyVFVTVSt1dzNWWUtxYzdw
SVZ3R3VjRUxDMDNRWnpRZVBHWXdzN0UKLS0tIHQ0ZW0xZDd4bFVBV0ZjZE9Jcm9F
cVd0aW1qWHFMMjh3SXhTYjJrN1ZEZHcKi9QhittNcxnz+Zzc/pyFutXg3Z8JJjgc
j3rW5N6eNJw0W50qPw0xdI44KEkWOc4vh+QGcPY57yqjSy4+SjWhWA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoSHFtMUczc0tXaDZoQllM
eHFpYTFmcnpyYitwT1U2eGNuQm5MQms3YUdJCmpVS2hOVjFmUlVUZy9MZTZxQVlq
SU8xcmd2a0tvWlBMc2M1Wm5XV3ZQZTAKLS0tIG9qa2pQbDFIbFArejM1d1VRRVFY
VjJwdC8yQ1hweEllcGhYclNwTWFyZ1UKDKv14nnVx3FeL87FYFqZMU+niHBOvxHz
3L3hBMEgpR/uMSuPmF4/NLVJTsktOonW9NKOzm37KsY2HNRXbuHoQg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2TnNnOUtsbFBzS0E0bnFK
NGk4ZkRjUWdRdG15aTQwU2cwQXdycjhxa3dvCkUwUGdmQ3FPQnFhZC9NcE9LUG1O
S0lydjZkdCt2V3R4dWlnUlBUSkp2RXcKLS0tIFJ3UkZhSkhTMlZZSjdXbFBObXNQ
RW40cXUrdFAzb1B1VTUzOGY2RTcveUUKFxxBBioTXTZ3INRykgRPoYwwbbuDMiXH
/Oy5yWE74I9KZJr/2idzd34Dq8PUB28lDyiDdxlISyAS33D4H0cl1w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jyeppc8yl2twnv8fwcewutd5gjewnxl59lmhev6ygds9qel8zf8syt7zz4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjY2JOWTA0a3pGL0dYc2t4
aE8vTUNMNDVML2ZOSW9xeHlFRDQ5K1BLR3l3ClN4a25QZTEzaFk5bnVUYkk2dnRr
SWxNTklrZGM4enJ0WXBKaEJ6UDZUMzAKLS0tIDJudGtSVTVTV3ZrWWh6VnZFdEs3
UFVlWE9wd3hRS0d3VEg5di9kNHBIeUEKov+NZ0pt4BUd5xXX9cTFSJF355Kg0ios
Va/kbzgG2SMvxMorNFDp+yJgGXM9rOycMJ1ajemKBM3r2QMcsIiMWA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZHFvbFMrZ1dTQzBZUkw4
dkl2UUlmcEZmZUVKeHVoSytYRzZVQ3p6T2hzCnJXaUJ4SUVaZFR3dEZtQ2ttZWNN
NHo0Znk5TjZzemtmWHdkSGlIZ04zUlkKLS0tIDRvclhTMFlsdERtQUk0azJ4ZVFM
WDMva0RCTnkzT0RWeWY5V281M0hjQkEK9o9cIFOiEwFeo+77QI9lXqdxlMCNGhOY
BtowL/7wo0Tfi7+CkBuKP/Bxp2D0x3b4OHDsoCNG0nc+55F/rDtR5A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1azmxsw5llmp2nnsv3yc2l8paelmq9rfepxd8jvmswgsmax0qyyxqdnsc7t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJVVRBY1RVdmdkTGxkT3N0
YjJUdXU5blY3T1R2NFQwQ2MvUitTRjZOUGpjCkNMTUJOaCtGR0s4SGxENXRRd1lQ
cE9RbFUvL1RVZnZ1a3RlZ0YxbmFtOGsKLS0tIE8vMmE1YkZCM210SXEzRFZJeWZL
eC80bWxndE85RlZGRUFTcDdaZ2J1VE0KZ0FERlT1kdUE+WxSi57YowqDQtA9BoV1
MZoPePwGkRr27MHnPYIhoniUXC7mhQ4rqvcbFy6i1n4r1CqkRFBM3g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkMjIwT3pUcHlkc2N3eWZl
cVdtT3NGcDNyMFZ3V1lhWGdJMExyVXYwUTJFCmMrZ3dwZm1ZcVZVMnB6b1NPUDVR
UFZUaHdRVWFNKzNrdGE0ZWxUNnVOeWsKLS0tIFhnbklUMkd4ZGFrUjhUcVBKRktX
YXlwV28xR2poYnFja0xVdzRPcnZmV2sKDbM77Msos187Du6D7s1wlgEuVxqQ4cw1
Rwm64kyiQPwh1W9sPhMOZWyEvUTP4QL2Bs6aB1Javf4BDKka0PeP6A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-08T11:20:50Z"
mac: ENC[AES256_GCM,data:GPUwpSAz6fj7mRxX1ebEb2sLAMLkQLuKPXk+B3+zZmA6+D7gAKrrBGUWHqYA9DMMY0r32OZSccGRmeKqdA7sWmzdIJTcBu8EyER1nJqVFJiXcOOdTkCLdOM4xW969YE0lBKpIAQ40E7YXYYwkI1JINneIBTuXkvIBmSQ3Bt2+ak=,iv:VEPNQxDLzxyTxkn8dI6xNDe9ESk2RojSNYYEwT+Ggas=,tag:cfUEKU3arSJl+lEOa+4iRA==,type:str]

15
hosts/mail.social-grow.tech/configuration.nix
View File

@@ -4,17 +4,18 @@
./utils/bento.nix
./utils/modules/sops.nix
./utils/modules/lego/lego.nix
./utils/modules/nginx.nix
# ./modules/self-service-password.nix
./modules/rspamd.nix
./modules/openldap.nix
./modules/dovecot.nix
./modules/postfix.nix
./modules/autoconfig.nix
./utils/modules/borgbackup.nix
./utils/modules/promtail
./utils/modules/victoriametrics
./utils/modules/netdata.nix
# ./utils/modules/borgbackup.nix
# ./utils/modules/promtail
# ./utils/modules/victoriametrics
./hardware-configuration.nix
];
@@ -24,16 +25,16 @@
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
networking.hostName = "mail";
networking.domain = "cloonar.com";
networking.domain = "social-grow.tech";
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHC9YODKEKu5bOC61qkpPd8QeZxbNPCQKgfh8xUFMdV0" # dominik
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius"
];
# backups
borgbackup.repo = "u149513-sub7@u149513-sub7.your-backup.de:borg";
borgbackup.repo = "u428777-sub1@u428777.your-storagebox.de:borg";
networking.firewall = {
enable = true;

4
hosts/mail.social-grow.tech/hardware-configuration.nix
View File

@@ -5,9 +5,9 @@
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
configurationLimit = 2;
configurationLimit = 5;
};
fileSystems."/boot" = { device = "/dev/disk/by-uuid/105A-0CC0"; fsType = "vfat"; };
fileSystems."/boot" = { device = "/dev/sda15"; fsType = "vfat"; };
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };

31
hosts/mail.social-grow.tech/modules/autoconfig.nix Normal file
View File

@@ -0,0 +1,31 @@
{ pkgs, lib, config, ... }:
let
domain = config.networking.domain;
in
{
services.nginx.virtualHosts."autoconfig.${domain}" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
locations."/" = {
proxyPass = "http://localhost:1323/";
};
};
services.go-autoconfig = {
enable = true;
settings = {
service_addr = ":1323";
domain = domain;
imap = {
server = "imap.${domain}";
port = 993;
};
smtp = {
server = "mail.${domain}";
port = 587;
starttls = true;
};
};
};
}

39
hosts/mail.social-grow.tech/modules/dovecot.nix
View File

@@ -1,15 +1,19 @@
{ pkgs
, config
, ...
{
config,
lib,
pkgs,
...
}:
let
domain = config.networking.domain;
# domain = "cloonar.com";
components = lib.strings.splitString "." domain;
dcComponents = map (x: "dc=" + x) components;
ldapPath = builtins.concatStringsSep "," dcComponents;
ldapConfig = pkgs.writeText "dovecot-ldap.conf" ''
hosts = ldap.cloonar.com
hosts = ldap.${domain}
tls = yes
dn = "cn=vmail,ou=system,ou=users,dc=cloonar,dc=com"
dn = "cn=vmail,ou=system,ou=users,${ldapPath}"
dnpass = "@ldap-password@"
auth_bind = no
ldap_version = 3
@@ -36,27 +40,11 @@ let
exit 1
fi
doveadm user *@cloonar.com | while read user; do
doveadm user *@${domain} | while read user; do
doveadm -v sync -u $user $SERVER
done
doveadm user *@optiprot.eu | while read user; do
doveadm -v sync -u $user $SERVER
done
doveadm user *@superbros.tv | while read user; do
doveadm -v sync -u $user $SERVER
done
doveadm user *@ghetto.at | while read user; do
doveadm -v sync -u $user $SERVER
done
doveadm user *@szaku-consulting.at | while read user; do
doveadm -v sync -u $user $SERVER
done
doveadm user *@korean-skin.care | while read user; do
doveadm user *@ekouniversity.com | while read user; do
doveadm -v sync -u $user $SERVER
done
'';
@@ -129,7 +117,7 @@ in
}
protocol lmtp {
postmaster_address=postmaster@${domain}
hostname=mail.cloonar.com
hostname=mail.${domain}
mail_plugins = $mail_plugins sieve
}
service auth {
@@ -253,7 +241,6 @@ in
security.acme.certs."imap.${domain}" = {
extraDomainNames = [
"imap-test.${domain}"
"imap-02.${domain}"
];
postRun = "systemctl restart dovecot2.service";
};

259
hosts/mail.social-grow.tech/modules/openldap.nix
View File

@@ -1,11 +1,14 @@
{
pkgs,
config,
lib,
pkgs,
...
}:
let
domain = config.networking.domain;
# domain = "cloonar.com";
components = lib.strings.splitString "." domain;
dcComponents = map (x: "dc=" + x) components;
ldapPath = builtins.concatStringsSep "," dcComponents;
in {
services.openldap = {
enable = true;
@@ -18,10 +21,11 @@ in {
olcTLSCACertificateFile = "/var/lib/acme/ldap.${domain}/full.pem";
olcTLSCertificateFile = "/var/lib/acme/ldap.${domain}/cert.pem";
olcTLSCertificateKeyFile = "/var/lib/acme/ldap.${domain}/key.pem";
olcTLSCipherSuite = "HIGH:MEDIUM:+3DES:+RC4:+aNULL";
# olcTLSCipherSuite = "HIGH:MEDIUM:+3DES:+RC4:+aNULL";
olcTLSCipherSuite = "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4";
olcTLSCRLCheck = "none";
olcTLSVerifyClient = "never";
olcTLSProtocolMin = "3.1";
olcTLSProtocolMin = "3.3";
olcSecurity = "tls=1";
};
@@ -39,9 +43,9 @@ in {
olcDatabase = "{1}mdb";
olcDbDirectory = "/var/lib/openldap/data";
olcSuffix = "dc=cloonar,dc=com";
olcSuffix = "${ldapPath}";
olcRootDN = "cn=admin,dc=cloonar,dc=com";
olcRootDN = "cn=admin,${ldapPath}";
olcRootPW.path = config.sops.secrets.openldap-rootpw.path;
@@ -50,29 +54,29 @@ in {
{0}to attrs=userPassword
by self write
by anonymous auth
by dn="cn=owncloud,ou=system,ou=users,dc=cloonar,dc=com" write
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by dn="cn=owncloud,ou=system,ou=users,${ldapPath}" write
by dn.subtree="ou=system,ou=users,${ldapPath}" read
by group.exact="cn=Administrators,ou=groups,${ldapPath}" write
by * none
''
''
{1}to attrs=loginShell
by self write
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by dn.subtree="ou=system,ou=users,${ldapPath}" read
by group.exact="cn=Administrators,ou=groups,${ldapPath}" write
by * none
''
''
{2}to dn.subtree="ou=system,ou=users,dc=cloonar,dc=com"
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
{2}to dn.subtree="ou=system,ou=users,${ldapPath}"
by dn.subtree="ou=system,ou=users,${ldapPath}" read
by group.exact="cn=Administrators,ou=groups,${ldapPath}" write
by * none
''
''
{3}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by dn="cn=admin,dc=cloonar,dc=com" write
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by dn.subtree="ou=system,ou=users,${ldapPath}" read
by dn="cn=admin,${ldapPath}" write
by group.exact="cn=Administrators,ou=groups,${ldapPath}" write
by * none
''
];
@@ -98,7 +102,7 @@ in {
olcAccess = [
''
{0}to *
by dn.exact="cn=netdata,ou=system,ou=users,dc=cloonar,dc=com" read
by dn.exact="cn=netdata,ou=system,ou=users,${ldapPath}" read
by * none
''
];
@@ -110,23 +114,25 @@ in {
olcDatabase = "{3}mdb";
olcDbDirectory = "/var/lib/openldap/data";
olcSuffix = "dc=ghetto,dc=at";
olcSuffix = "dc=ekouniversity,dc=com";
olcAccess = [
''
{0}to attrs=userPassword
by self write
by anonymous auth
by dn="cn=owncloud,ou=system,ou=users,dc=cloonar,dc=com" write
by dn="cn=authelia,ou=system,ou=users,dc=cloonar,dc=com" write
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by dn="cn=admin,${ldapPath}" write
by dn="cn=owncloud,ou=system,ou=users,${ldapPath}" write
by dn="cn=authelia,ou=system,ou=users,${ldapPath}" write
by dn.subtree="ou=system,ou=users,${ldapPath}" read
by group.exact="cn=Administrators,ou=groups,${ldapPath}" write
by * none
''
''
{1}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by dn.subtree="ou=system,ou=users,${ldapPath}" read
by dn="cn=admin,${ldapPath}" write
by group.exact="cn=Administrators,ou=groups,${ldapPath}" write
by * read
''
];
@@ -142,155 +148,6 @@ in {
olcPPolicyHashCleartext = "TRUE";
};
"olcDatabase={4}mdb".attrs = {
objectClass = ["olcDatabaseConfig" "olcMdbConfig"];
olcDatabase = "{4}mdb";
olcDbDirectory = "/var/lib/openldap/data";
olcSuffix = "dc=superbros,dc=tv";
olcAccess = [
''
{0}to attrs=userPassword
by self write
by anonymous auth
by dn="cn=owncloud,ou=system,ou=users,dc=cloonar,dc=com" write
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * none
''
''
{1}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
''
];
};
"olcOverlay=memberof,olcDatabase={4}mdb".attrs = {
objectClass = [ "olcOverlayConfig" "olcMemberOf" ];
olcOverlay = "memberof";
olcMemberOfRefint = "TRUE";
};
"olcOverlay=ppolicy,olcDatabase={4}mdb".attrs = {
objectClass = [ "olcOverlayConfig" "olcPPolicyConfig" ];
olcOverlay = "ppolicy";
olcPPolicyHashCleartext = "TRUE";
};
"olcDatabase={6}mdb".attrs = {
objectClass = ["olcDatabaseConfig" "olcMdbConfig"];
olcDatabase = "{6}mdb";
olcDbDirectory = "/var/lib/openldap/data";
olcSuffix = "dc=szaku-consulting,dc=at";
olcAccess = [
''
{0}to attrs=userPassword
by self write
by anonymous auth
by dn="cn=owncloud,ou=system,ou=users,dc=cloonar,dc=com" write
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * none
''
''
{1}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
''
];
};
# "olcOverlay=memberof,olcDatabase={6}mdb".attrs = {
# objectClass = [ "olcOverlayConfig" "olcMemberOf" ];
# olcOverlay = "memberof";
# olcMemberOfRefint = "TRUE";
# };
# "olcOverlay=ppolicy,olcDatabase={6}mdb".attrs = {
# objectClass = [ "olcOverlayConfig" "olcPPolicyConfig" ];
# olcOverlay = "ppolicy";
# olcPPolicyHashCleartext = "TRUE";
# };
"olcDatabase={7}mdb".attrs = {
objectClass = ["olcDatabaseConfig" "olcMdbConfig"];
olcDatabase = "{7}mdb";
olcDbDirectory = "/var/lib/openldap/data";
olcSuffix = "dc=myhidden,dc=life";
olcAccess = [
''
{0}to attrs=userPassword
by self write
by anonymous auth
by dn="cn=owncloud,ou=system,ou=users,dc=cloonar,dc=com" write
by dn="cn=authelia,ou=system,ou=users,dc=cloonar,dc=com" write
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * none
''
''
{1}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
''
];
};
# "olcOverlay=memberof,olcDatabase={7}mdb".attrs = {
# objectClass = [ "olcOverlayConfig" "olcMemberOf" ];
# olcOverlay = "memberof";
# olcMemberOfRefint = "TRUE";
# };
# "olcOverlay=ppolicy,olcDatabase={7}mdb".attrs = {
# objectClass = [ "olcOverlayConfig" "olcPPolicyConfig" ];
# olcOverlay = "ppolicy";
# olcPPolicyHashCleartext = "TRUE";
# };
"olcDatabase={8}mdb".attrs = {
objectClass = ["olcDatabaseConfig" "olcMdbConfig"];
olcDatabase = "{8}mdb";
olcDbDirectory = "/var/lib/openldap/data";
olcSuffix = "dc=korean-skin,dc=care";
olcAccess = [
''
{0}to attrs=userPassword
by self write
by anonymous auth
by dn="cn=owncloud,ou=system,ou=users,dc=cloonar,dc=com" write
by dn="cn=authelia,ou=system,ou=users,dc=cloonar,dc=com" write
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * none
''
''
{1}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
''
];
};
# "cn=module{0},cn=config" = {
# attrs = {
# objectClass = "olcModuleList";
# cn = "module{0}";
# olcModuleLoad = "ppolicy.la";
# };
# };
"cn={3}cloonar,cn=schema" = {
attrs = {
cn = "{1}cloonar";
@@ -432,56 +289,6 @@ in {
''
];
};
# "cn={1}ttrss,cn=schema".attrs = {
# cn = "{1}ttrss";
# objectClass = "olcSchemaConfig";
# olcObjectClasses = [
# ''
# ( 1.3.6.1.4.1.28294.1.2.4 NAME 'ttrss'
# SUP top AUXILIARY
# DESC 'Added to an account to allow tinytinyrss access'
# MUST ( mail $ userPassword ))
# ''
# ];
# };
# "cn={1}prometheus,cn=schema".attrs = {
# cn = "{1}prometheus";
# objectClass = "olcSchemaConfig";
# olcObjectClasses = [
# ''
# ( 1.3.6.1.4.1.28296.1.2.4
# NAME 'prometheus'
# SUP uidObject AUXILIARY
# DESC 'Added to an account to allow prometheus access'
# MUST (mail))
# ''
# ];
# };
# "cn={1}loki,cn=schema".attrs = {
# cn = "{1}loki";
# objectClass = "olcSchemaConfig";
# olcObjectClasses = [
# ''
# ( 1.3.6.1.4.1.28299.1.2.4
# NAME 'loki'
# SUP uidObject AUXILIARY
# DESC 'Added to an account to allow loki access'
# MUST (mail))
# ''
# ];
# };
# "cn={1}flood,cn=schema".attrs = {
# cn = "{1}flood";
# objectClass = "olcSchemaConfig";
# olcObjectClasses = [
# ''
# (1.3.6.1.4.1.28300.1.2.4 NAME 'flood'
# SUP uidObject AUXILIARY
# DESC 'Added to an account to allow flood access'
# MUST (mail))
# ''
# ];
# };
};
};
@@ -495,10 +302,6 @@ in {
/* trigger the actual certificate generation for your hostname */
security.acme.certs."ldap.${domain}" = {
extraDomainNames = [
"ldap-test.${domain}"
"ldap-02.${domain}"
];
postRun = "systemctl restart openldap.service";
};

28
hosts/mail.social-grow.tech/modules/postfix.nix
View File

@@ -5,16 +5,18 @@
}:
let
domain = config.networking.domain;
ldapServer = "ldap.cloonar.com";
# domain = "cloonar.com";
components = lib.strings.splitString "." domain;
dcComponents = map (x: "dc=" + x) components;
ldapPath = builtins.concatStringsSep "," dcComponents;
ldapServer = "ldap.${domain}";
domains = pkgs.writeText "domains.cf" ''
server_host = ldap://${ldapServer}
search_base = ou=domains,dc=cloonar,dc=com
search_base = ou=domains,${ldapPath}
version = 3
bind = yes
start_tls = yes
bind_dn = cn=vmail,ou=system,ou=users,dc=cloonar,dc=com
bind_dn = cn=vmail,ou=system,ou=users,${ldapPath}
bind_pw = @ldap-password@
scope = one
query_filter = (&(dc=%s)(objectClass=mailDomain))
@@ -28,7 +30,7 @@ let
version = 3
bind = yes
start_tls = yes
bind_dn = cn=vmail,ou=system,ou=users,dc=cloonar,dc=com
bind_dn = cn=vmail,ou=system,ou=users,${ldapPath}
bind_pw = @ldap-password@
scope = sub
query_filter = (&(uid=%u)(objectClass=mailAccount))
@@ -42,7 +44,7 @@ let
version = 3
bind = yes
start_tls = yes
bind_dn = cn=vmail,ou=system,ou=users,dc=cloonar,dc=com
bind_dn = cn=vmail,ou=system,ou=users,${ldapPath}
bind_pw = @ldap-password@
scope = sub
query_filter = (|(&(objectClass=mailAccount)(uid=%u))(&(objectClass=mailAlias)(mail=%s)))
@@ -56,7 +58,7 @@ let
version = 3
bind = yes
start_tls = yes
bind_dn = cn=vmail,ou=system,ou=users,dc=cloonar,dc=com
bind_dn = cn=vmail,ou=system,ou=users,${ldapPath}
bind_pw = @ldap-password@
scope = sub
query_filter = (&(objectClass=mailAccount)(uid=%u))
@@ -70,7 +72,7 @@ let
version = 3
bind = yes
start_tls = yes
bind_dn = cn=vmail,ou=system,ou=users,dc=cloonar,dc=com
bind_dn = cn=vmail,ou=system,ou=users,${ldapPath}
bind_pw = @ldap-password@
scope = one
query_filter = (&(objectClass=mailAlias)(mail=%s))
@@ -80,7 +82,7 @@ let
helo_access = pkgs.writeText "helo_access" ''
/^([0-9\.]+)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (''${1})
cloonar.com REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (''${1})
${domain} REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (''${1})
ghetto.at REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (''${1})
'';
in
@@ -89,7 +91,7 @@ in
enable = true;
enableSubmission = true;
hostname = "mail.${domain}";
domain = "cloonar.com";
domain = domain;
masterConfig."465" = {
type = "inet";
@@ -147,9 +149,9 @@ in
smtp_dns_support_level = "dnssec";
smtp_tls_security_level = "dane";
smtpd_tls_cert_file = "/var/lib/acme/mail.cloonar.com/full.pem";
smtpd_tls_key_file = "/var/lib/acme/mail.cloonar.com/key.pem";
smtpd_tls_CAfile = "/var/lib/acme/mail.cloonar.com/fullchain.pem";
smtpd_tls_cert_file = "/var/lib/acme/mail.${domain}/full.pem";
smtpd_tls_key_file = "/var/lib/acme/mail.${domain}/key.pem";
smtpd_tls_CAfile = "/var/lib/acme/mail.${domain}/fullchain.pem";
smtpd_tls_dh512_param_file = config.security.dhparams.params.postfix512.path;
smtpd_tls_dh1024_param_file = config.security.dhparams.params.postfix2048.path;

63
hosts/mail.social-grow.tech/secrets.yaml
View File

@@ -1,52 +1,51 @@
borg-passphrase: ENC[AES256_GCM,data:D6+ZedxUQ7m/m0YkM5m/B4kFsNySJjFyh8Gmhn3Mpe+mqEzzMRjAbwmGzx9i9Lnr1dTjRElUOgevnnvW5J2KRA==,iv:cG4w1KsEm1SOTni9bsbSW1+ypzjjs2Q42I+4xvcCAu0=,tag:WkkNVa27Uy5nFpmXaIH6ww==,type:str]
borg-ssh-key: ENC[AES256_GCM,data:T/EPWSuY9Ocj6D8nL2pfPg7r/lN4TyS7SiAqhQhkr10Y3R2mzfgMrOZTg/MrYv3/uNCt5h9TBDxwmiAwSmBzBSms0T5qD8aSxLgbmc6MAG7FSm7cGFf6x/7fMgVn7DAlwMz+4t/PkVk1iCRG4IwzimXwBvq73yIZuAiIARq0Azin7YAoSKjxnZ8ACkyRVCecf45pk7ModRmPLSDK8MZcT7bcHpZt6gQKx72OXSCJTD5FRUX180miUaywf7SxF1goEGRSmwtFDhyVs8iThiqyz0IsElB/dPGR+vYQwlFNWOFUshfAifz5tHXkvaKt08EJKyVV2TUqEsUETfFEqQW+8YNym3wBvrlnXm05DrHnfjz9GOEeUr35d9ESNgS+J5SzWVDitK29ca7QiaQ+YfaDn4/4mOGKSbPUnqOgRBoqXhJMV4ddV0lTKgBrg9isBVPgaye2prcHGjtUkVw2Kyh1omT3RKv6y7X+jfOpeOWOiByN73PCsZF7g+FFlP0K5jcfm4y4yaD8y6NlEaozrabuCIpY2ZUdZ/aH11vzLAk+LB8XE6lJ5MKMNPjNRftErJ9iE3OaOyan1ovTzaGqzaEwGtx/MZpk5hWNUwcSrJvZDqDuKO4+OhwMedvCCRKtNFIbEZ49EJrtp326Y1EelhfWgls5nJFPXukHo/C17ybsP4uFySFz/M13RVTIRntn7WKoh0bH7na2XgVGtXmI2plqVA5zppCbVTzr9+pAAD9RvXTX7t12gA1iNmdxM8alOeoZ41JXHd6BDF4bvDLVMhFhlslDLZ3wNV/QPWcSczinpJlvEQ13/WFN/NTO25Y16p+oxY9g8QD3pNEkAVLOMYjnEUlV6+DQcZbxzU8RCfpEzfVsOqbztTihDgHD5ldWt/VpN4ncm/WCVCWBlT33iiTxufC8htY3SjXt8JULEt0049HNIbNwj1awZwqTgT4z06okf7sz0m8Y/U8D5MCu8uNpt7QJBftVHxCKSUmQ4NJRicMDhlrpEJklQYlRtsvKlL/ntnyf5ZoUnkX03AoG0zh4Dh0LydGKC9RsKfwJeU+684d3opBI9eIYL6Rp/XB60LKcUA6Q+m7BgB7Tjck2YbG8nFPLaV3PdmIejlE0agICJ8Hef8rnqdU/r6X92gCEBvGXNbuqsKJvDTYPafQP8U6rXc7Tq+g68zfCOijIuHyKjkzdtIom8KMi5MUdFBSXK22xB1q4ye+QaCaAdN/1Xe6KDxWiafPG+BkpExh7hXbqZU1MyiTYMExpilY30e+CmPXMdxAWmygOxwUk+mPbuWrF0oh16DYN0dS38gUbo2Z4fjRvYIoZea1pu8niQRfhTVgLZVpEN07pYPu2farsPCPIXPalXVcijVO/yi2Dg4uhTsjzW/aRZ6XDIoXRd59v5hG+L27l7gTIXfTx1+htwClRJjYxFy6hTL+ZjcKdNrz/jezXPrR7kRHNEEfJM/ysv8d/7Ghpt+wITgc22bdnxKJv9rWnoKDEQ/FRGm6Y/eMisOttUFFlznQi2lqShOxPXnnuOnpndklcxPM8FowlL4FMDN7QUW3kdXJ2j0GgN4o34oKhqvXjtjf9Dk5r5KB+GTeOhf3SJXgeR4llaSAQXjzGdZqk0g34YTa3qb8rVxDSBKEHOnKs+Cr/4H09k62S/3SzZfrBIaaZ6Ey1b+bFfnbJJlD/Y/1Hwd5IhNbMHj7bfOKC8VabieeHwMbWfkGdnnmdY5LLJqXAwANrCIYZrEpm38pYJiKes5GrAz8caK2rPIhAPShURwkjCsvowmadTvnEbO/KoaUIcqk40wYdM6NAlVme6dLXxeVN7Y3K6UAWFIIZtYarAog0Axncs30shIoy1CGd6dN87tuK+/twO/jr458fJInumXSMRy2X2K0MKPLONF9FcP/EWENa+H43Zcfo1y42HkoYxI70R2YqOlpbtJUk8/8PqVSlJBrbgpBZNzAMCbsIjhrBevISerf8Sa8X6WC/KjwswjfGJ7h+FEnrPutKJg/ajDywAI+RZ3H+5zWm/CZxBYT6k4w6gAWZva0Nlx6jWQExONGQfUBkrRrRfIHhWl3c+k5VrhyzwW9fmAB9XmT1iYbk9T+ZNU/O8HY1bAZWufS4G7GaHchbPIvz3edMvP+zrGBZXPPJE3abls9oUcVZ223NFU1RPMZwG7LqL0fzfHXl4zx82TEXn14dAIBBVr67RAejz5xOGf8I2MpYQ6RAxvfhc7bjWY9/FU1RU09ob7usJCZphm51oa4TR7kz0AH1HxSOGfCJKLdYjBxbylR1GxY1bUTokLVWEYHalCr6d4lyEmUHM3+1vBUQQ6aq81njW33yGvwclUvhWj4sB51WPaREcYQsPkYnftN/dRSKVQoEZckgmIvML3lUwiVMLGlXlcUViyQpktnWAWxXgw5GH6KXMqoI43jRmxTeR3KrVyZRJBlDj/AnGWOD37fndGuMdpmAIGX/1fZnUUCxNhhuou20LvOr8BnjcHP9pBjtRPxu4o9fFmnzNCt43SC2ivMDOLxL/Uq6batacYrRnLtK4XnNqzfpCqe1bkfBsmTbRGnwPIJrA7TThfHH322DLy/GueYiddIa5spqdIH2jI8nfjKq4SxLtwsNZ4GUG/z83YQEg0Z8I/CQhYh3Y8Gcjb4ZUrOg9n84iLADDOn2j9CI1QfsyJAt+qLEDPRJ9yMRefmq7BAxvGbNq+4YUbj4Fo6K2FwaO2quUVl7RpfVgT/WvXTJS4pAndPJt4PrG03X56ra3yOTtlZqPvGR+XGjp56hG5I5AtQ27JmB6S30EncH9sDLDPucNtEzn57cY90kAZSdDYjBkJ5/lC3xJOB4UiAs582UgyIiVlL/mvjXd1kajAcchfUYnjEUkgFuOoRysWDO/rq8aDFYg/jokUNOn4ent7xXzlfEXkpMZ00coZ7gi+CjKOf29+/ZE1wCfbRhBds/mCmAerWJo24vb632lTCWKImbHo36WuBAvKqofFNpVyMRQ+OKm9Bzr2jQD7W4+1CUk/ZatGVWJHCPsEGWt/L0Fj8K3NzF135c9d8aZ9HqC9XNqOKTZpNe9QSMc5S+tD1ZUxHVrDHny0fOKaWGVHtgyNkcyte0l16wet1z+xZcPCKr8ieMSqh+HgfT2/kWjpb1hlmyEDFmPnnbmhCDD2QWstX8vCa9JTdd0OLb3rTgPMlbxPPIiWQGSBc6tig7X3mZbebweRz5ktqrdMvK3ter9bVC9T2TF6EiCktxw+IdS9MONajvoGAaR2k1nGbfKDSVIKk1ialfv1FGJu1gUA8J0pvXqbrTJfSPOH4iuJrWJut0UpJeHrUuh0ODguNriBivobZeaRamUA/PPNvM5KCSUQUtefDnVINsJSoT4yXn55fkRwvb2957AfHI8yMRg9KtNIYj8i5KsEsw4gE53Lr+NU7Wq2O08+v2mUSNjP0REWgu0Dw0M4/Q9eykLV/ZRnhRcbUZyA==,iv:yA1CkRMapP1S3zMwu6Tj0/0/HHpwD1yRAm/qrZx/kPs=,tag:SYg2IoXeD9fMYb35J/AJ1Q==,type:str]
netdata-claim-token: ENC[AES256_GCM,data:ECx8zLnU/dj08vfA76oVbVzL3JG9MLBoFmxSjtjiFbSiFtdaHtG/8u5FEuyQ1bQMQntV91xj7x1kY8fAp7VNbWyC13pOEOrt6rvJYch14eM3bqNvfGeqgJsHmAaRbY6mBrxJBkiRJBLYVil4e1oDNZVnzFQ4ditXZbMGtAV2063K1MRI/48p,iv:viE84mOp5KSdj8vdK5XxR0W9A54oPxQO5ahnpPLeAdE=,tag:WjzKjGXRRAc7vlzreFHbng==,type:str]
openldap-rootpw: ENC[AES256_GCM,data:W0em1Dffg+IUoynwwPD4NjFksR38ZO4mhWFI83ALvYcwYIplxw/gDRLGCqbSt6TR5C65CKr1sOUiU+4Xq3UWmw==,iv:BHQhISTIYuwSM3KiSb0mEEo3BMNo6FXEDXoIvI3SZrU=,tag:tX8gfnk1JYnaNionk/jrLg==,type:str]
dovecot-ldap-password: ENC[AES256_GCM,data:JYAt8/WggwclNEPO9CaWfQsvQBA8DDJCU2km93HpowoVwIdvQ/0lQHeXndPYe1EmJGJ3vLErie+Zn2kDINIMqQ==,iv:HR0QJ0GgQks3NzhfXwjHupCKcPOekkiTcp5Jxbz7CxI=,tag:19m7F6TjGUPOuHQJuUq2pw==,type:str]
borg-passphrase: ENC[AES256_GCM,data:JtQ0LlFgo5xO09T4YqQtlVEBHRQFPw97qkRnDJYjz1b8PQ64cF32vpRav6YuyPHUqltN3elaaw7WyalLNLaJAg==,iv:ylgC0G7F00m9Xru+v4Q3gB3OohFX5XuSsMefRP19Llw=,tag:OAsYZSx59/pnfYrkzvQP5Q==,type:str]
borg-ssh-key: ENC[AES256_GCM,data:nY3fL73+bNhp/h//AADzrhHKmPC7zkp7FoLxW+MrYLO5uLdjIOemGyX9V0IIpV4LimrEI0tB6rfqwdW47P7zA+YGZZK9g+PAd9yGEy1I8VGuel5ZOVvBrv8BC2ysKUzziXNv33KKw4mrU5BvBYoyQClGsNkXvKlJ1XH0T8TnA4EmIKoujcMjI3K1yT8w3nn9TZ11VG9bnv9F7mXttUyXH053rz6TuENjxNdVjSsJkROpL/j5i7/RxiOwnxyIFyZmCK8/joGQhfEKuPKkZv3xAYypEg9DudKZTmcN92ooykjHUaGJ/X1vkpv2dR9vjaGHxnJtBKM4qpjS3AH+iXg4qwBOOPIIcwoYkj4v4xzAdteda7wDwchM69yrGjGA5j88trvJ/UOIJ108htSzij4+SPpa3A8zyt2zV4enNWpC0CAf2PkJyp+VbdDhP4as7NGqc7saMzZdRFOYnfmyAd47wUf4VsjZ2svxHQH+8l1Lb7kpZObhMBzuzbAKSKNwTPfhlZ78TnhUpfwO07gdK8mS,iv:06rmPl3ER3DcJvJISxnbuMzbGb/3JbNpIxNeOUCals8=,tag:ejagsOwoBWRF20q2rFpWbA==,type:str]
openldap-rootpw: ENC[AES256_GCM,data:uO5SVlPCxz+jACwdXuPowdlP5NjVu/KZ/uhAbPsBrnKQnW7eeZD+yqK189VNsQTqhq61AUZ1r5nzgMAHTclniQ==,iv:C3unIpOZh1x48RGqycqyoDFO0K41WwFkdtvlAmSEZy8=,tag:4N4tph2qvHbWSzDdTmh+VQ==,type:str]
dovecot-ldap-password: ENC[AES256_GCM,data:mygVtdK5lwsZ0YluyvJGss6Gf2Hb9zM7BtIBknJAgQBb0MT5d2U47HCoANVHQJYCidyjvqTDku6pSI11rGmRIw==,iv:HrEgWGuARYeb42g+/4bHByJOVMDc2GroKVrlixHCc1w=,tag:+vm5kMZPne0UToAMl62IWA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5SURFbHFMQVVyN0laSkR6
U1JQRXgvK1grTFdyTjhUY1JsSW9sVHROZ0ZJCjYzOGRXODZZZWxCd2xPcThOWVpo
L1RpZlZxZTZQQnozcUZ5SnIrYnJ2OEkKLS0tIFBVZHJJUzEydVd0U0lBdGdvYjlk
Wjl5aUpZbUk4ZUxwS0NLTHE1KzhaVk0Ky8nBCAUamOuwqW3Qio25jr4ye98J7Y6O
9gmNmsCyxkaZg9gKrH8LCTfjh+NwH2qVpmFSQEXcj5qW0na5xwENJA==
-----END AGE ENCRYPTED FILE-----
- recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPRWdBcmEvQkQrOXZ0SDJW
eFpFSlBxbjlUbFlDVEZzS3dLSXN6MnBFT3lnCkZ1RGhoQjhtcGxEY1E1QlBvNUl0
RWxnbzNldHBHUjhiZldYQm9iYWppcncKLS0tIG12WFdYSVdDYVZUaEFzUFhJS3A2
Q0I2b2h4aFlkNkV1a1BFamhyd0ZBWTgKZwxpdydc1lgs3u9gkh2Krs8PGfcKwJTv
n7BV0FNa242wOT4Tu28O9SN7VR1zZR52iOgV7gWsCnhkNDk9kwiLHA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRZU9FZ0I2WkpSUjBoYktK
WHlsZWovQlVEZ1lFajgwKzFJcGgvL1lUOFJrCnVNNU5LOWIza2lMVGtOcmFhQnUz
cDlGOU9ySjRMaWx6TlMvQStnNFZvNkUKLS0tIENGYXZhSWwvZmUvQTlKU2pFb1ND
WkJWMElRc3h3SmZkR2YyclVNVGhYT1kK49wmyQ/S0qQkDac+Z3UvBGWPgia6FdBZ
Rm/isGOIe0ips25Vdhl2a5jZt99u1Dlgv094Fxopxs8494xIunDeFg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoSHFtMUczc0tXaDZoQllM
eHFpYTFmcnpyYitwT1U2eGNuQm5MQms3YUdJCmpVS2hOVjFmUlVUZy9MZTZxQVlq
SU8xcmd2a0tvWlBMc2M1Wm5XV3ZQZTAKLS0tIG9qa2pQbDFIbFArejM1d1VRRVFY
VjJwdC8yQ1hweEllcGhYclNwTWFyZ1UKDKv14nnVx3FeL87FYFqZMU+niHBOvxHz
3L3hBMEgpR/uMSuPmF4/NLVJTsktOonW9NKOzm37KsY2HNRXbuHoQg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhWk1xeXhjaEpIM2pBZlJp
UXBmcDlUQVN0S0RDbW5TaEladEFRR1l2cDNFCjRoYkdwakE2U0U1SE1RK1ZjTGZu
L29SMGltM1poMU54YzF2emVxNTZINUUKLS0tIEJJcVpsK0hkc1YzaXZDV1oxVTZi
QXYwQmJYd2dtY2ZqSE5YcTk5RndvalkKDCKp+k0QYuDdUfhm/fenv/kdnPcO93Iz
b0GGoqnveCDcXX47s3DDZ/Kuu1EK4Cd71wvWyVu0sXWtt3c6l933qQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jyeppc8yl2twnv8fwcewutd5gjewnxl59lmhev6ygds9qel8zf8syt7zz4
- recipient: age1gtulvdj4aclpfhk3mmzvpz9xysccxhvu99x6ayaqlj8m44ehffgq6zuc5u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjY2JOWTA0a3pGL0dYc2t4
aE8vTUNMNDVML2ZOSW9xeHlFRDQ5K1BLR3l3ClN4a25QZTEzaFk5bnVUYkk2dnRr
SWxNTklrZGM4enJ0WXBKaEJ6UDZUMzAKLS0tIDJudGtSVTVTV3ZrWWh6VnZFdEs3
UFVlWE9wd3hRS0d3VEg5di9kNHBIeUEKov+NZ0pt4BUd5xXX9cTFSJF355Kg0ios
Va/kbzgG2SMvxMorNFDp+yJgGXM9rOycMJ1ajemKBM3r2QMcsIiMWA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSTUUrMUp0RXJHNjl0dWts
UXhnMU1kNW5lSGQ1N202WlZ2U1psUnFlMlNZCjdQVzRkTC9CcGRlVVMyQWxMOFRy
b0Ezdnc0RnpKekhUcUJlc1pWQ2VjKzAKLS0tIFdRM2Zab1pRT1VnbzlGbExmaEUy
RzVyNEdHVzZUdENlVEh4c3l3V0h1TzgKlDTvDMe67hfDd3yEepLeIhuVym3wekoy
Fk86lgIY7VIGW0Oncyj/mOg10MYQuzoTqgMKfwDN9bnV4aeSS24rKw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1azmxsw5llmp2nnsv3yc2l8paelmq9rfepxd8jvmswgsmax0qyyxqdnsc7t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJVVRBY1RVdmdkTGxkT3N0
YjJUdXU5blY3T1R2NFQwQ2MvUitTRjZOUGpjCkNMTUJOaCtGR0s4SGxENXRRd1lQ
cE9RbFUvL1RVZnZ1a3RlZ0YxbmFtOGsKLS0tIE8vMmE1YkZCM210SXEzRFZJeWZL
eC80bWxndE85RlZGRUFTcDdaZ2J1VE0KZ0FERlT1kdUE+WxSi57YowqDQtA9BoV1
MZoPePwGkRr27MHnPYIhoniUXC7mhQ4rqvcbFy6i1n4r1CqkRFBM3g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-08T11:20:50Z"
mac: ENC[AES256_GCM,data:GPUwpSAz6fj7mRxX1ebEb2sLAMLkQLuKPXk+B3+zZmA6+D7gAKrrBGUWHqYA9DMMY0r32OZSccGRmeKqdA7sWmzdIJTcBu8EyER1nJqVFJiXcOOdTkCLdOM4xW969YE0lBKpIAQ40E7YXYYwkI1JINneIBTuXkvIBmSQ3Bt2+ak=,iv:VEPNQxDLzxyTxkn8dI6xNDe9ESk2RojSNYYEwT+Ggas=,tag:cfUEKU3arSJl+lEOa+4iRA==,type:str]
lastmodified: "2024-10-18T13:21:23Z"
mac: ENC[AES256_GCM,data:uv3uz45U6dxfFkKonwCv+tfWD3g9zBGudCuXXAHgav5XY+z62Z7KEV5PUGMI74k1cRg8etIyUo17Ur/KVIrTDSt67R+70WaSOXnRtEX2F/kJWb8NLC8pfQYPVFtaaCSx0kFPZeu7vSUD5GkTJ9UzwbKUZ32N823sIXosia24x2o=,iv:7/Z6XCE/iY5TBTOdjmKwjgue2tzAB6F9HHZYjk/qrok=,tag:WhyEqM8nBID1PGaTXvz8kQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

7
hosts/nb-new.cloonar.com/modules/sway/sway.nix
View File

@@ -28,6 +28,9 @@ let
orca-slicer-pin = import (builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/67b4bf1df4ae54d6866d78ccbd1ac7e8a8db8b73.tar.gz";
}) {};
apache-ds-pin = import (builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/9aec01027f7ea2bca07bb51d5ed83e78088871c1.tar.gz";
}) {};
in {
imports = [
./social.nix
@@ -72,7 +75,7 @@ in {
environment.systemPackages = with pkgs; [
alsaUtils
audacity
apache-directory-studio
apache-ds-pin.apache-directory-studio
bitwarden
bitwarden-cli
rofi-rbw-wayland
@@ -104,7 +107,7 @@ in {
variants = ["qt5"];
})
kdePackages.neochat
# kdePackages.neochat
dbus-sway-environment
ddev

29
hosts/nb-new.cloonar.com/secrets.yaml
View File

@@ -10,23 +10,32 @@ sops:
azure_kv: []
hc_vault: []
age:
- recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGUG5oZ1BPL1hiRm5zQ3FO
Zks2RWg1ODZGYm4rY05wT2dWTHFCN1FhcEY4ClB5N29SclVxWUpGaHF1V0o1cHVK
TWtoTGFsRHVERWgxczlqdysrRmVDM3cKLS0tIFNISWhUbmV5dERHSXV3ZW5Gd0l3
bHZHdy9jUHhLSTFUWHBxUTcrT3FoaHcKpKjzC3KDD6TXpbPm/ObztJQzkNnnTnvH
uWzRhQg7lHAKiiz4szzT64WCuisxFAOJP1KrSK9qP5DLBm8aKIDcPA==
-----END AGE ENCRYPTED FILE-----
- recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUZ1ZON1FWeHhlNWVSeEIw
SDRwU3JBUEg4TXhPV0JpMUV6dlVHSHZoTlNRCkxpc3JHUVl5eUVMWHlOZVhSMFNi
c0lzUS96a3dSRDZtNkMzNnZ1RVQwTDAKLS0tIFF3V1E2eGw0Zk0xeVJjQy92SzJP
dTFFdDQrUktna2RKZ1VFbHBQWmhTNjgKL5/aqFTEE9NF/6tTe9UmrH2SWpuC4pzS
uHBh4XXMx9g34+y4L0bLZ4LkXA1G1EHukIVG98eYlsUlpT3nYLKdag==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4VU1JZ3FkQ2lPVE9KeGMw
c1lRWGlPU1BKbXlJc0lnVURNNjN4bDRNWFZ3CnQyRUE0MXllajgySHRkSTNRZ2U4
K2w3bWEzNmxrZHRybXdFdnZCTmYySW8KLS0tIFduVUdYdDdVOS83QUxveG5lMDRi
M3E3bDhrM1FvMERESmI2RTdBTVNUMlkKoKhTGUYULeQvqMjwMCanDxD4yflGURgE
ROZe6d8R5Sya+RsS4uzNMs5KkjGeC/xjbNO22uSRennIwCqBaHNmgg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWVkpwdlJMSzZ0Z2tCaUhw
cm9XOXo4Q3lGRHRCRnBMOVJxRitCUkhUOTNVCmc4TFdneDJPdlVVYm5Da0JWUDRS
em0wR2pTTUFzWVpwRnBVSHQydVFsTG8KLS0tIGxacC9ZRndUeVlCNHYreXI3U1FJ
VmFqdTBvanUwV2paRHhHSDRqVEpLWVEK7uRtiTZ+NJWP98RE2YfugHf5UjfUKJ5V
brmUHz2gODPPyKPi94EXBJF8gPC93AVpiVMU9OlkHCm7UMMl0wSxhw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMW1zeU5ubDloazBKNFR5
M0xnbXQySWptOHFEQmQ0VHdvTWVieitYK1drCmI0VW5PVUFaTFo3STF2MUxSOXhC
T1YxY2lFMitKM29rS1FKQWRweStxUlUKLS0tIEFnQTlHcFJEcTAxem5QK2xrTm8r
L21ncjlQdGVDUjI2eXFIb3U2dW13bWsKuEwATNEUWtjuLsH7DQAt6J2l4blTId1W
A1kQ+0dfUKrZ0dsbvUA5L9+haUiK8f5RvapaKW+L2JEn7gW5wJSJEw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-11-30T08:33:24Z"
mac: ENC[AES256_GCM,data:/vJdDVpv+iM66wANeLLl+CPtg2j1OCyKlGHhsQQT/RphUj4IlIsjKj+j59lmM6bRBfebTTRt1scFgz8CCPoyfSH0KrAyPLPs1SPxZT6Le87PkmO2rfH0MpNCrBDUdtpMgKs+kbxSzbqnh6X3+juXnOL3oUB3K0cdF6hAr4cP5xU=,iv:3IxaC/8y8FwKxO3mPP7f/byjYih3O6zZU6HJK2cAPvw=,tag:g8crhgnYs670wLPcC3HIhw==,type:str]

5
hosts/nb-new.cloonar.com/users/dominik.nix
View File

@@ -569,6 +569,11 @@ in
# user = "u149513-sub2"; # fw.cloonar.com
port = 23;
};
"u428777.your-storagebox.de" = {
user = "u428777";
# user = "u149513-sub2"; # fw.cloonar.com
port = 23;
};
};
};
};

1
hosts/web-arm/configuration.nix
View File

@@ -58,7 +58,6 @@
php
php83
];
services.davfs2.enable = true;
time.timeZone = "Europe/Vienna";

2
hosts/web-arm/hardware-configuration.nix
View File

@@ -5,7 +5,7 @@
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
configurationLimit = 2;
configurationLimit = 5;
};
fileSystems."/boot" = { device = "/dev/disk/by-uuid/82F0-EC7D"; fsType = "vfat"; };
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];

2
hosts/web-arm/modules/nextcloud/default.nix
View File

@@ -8,7 +8,7 @@
enable = true;
hostName = "nextcloud.cloonar.com";
https = true;
package = pkgs.nextcloud29;
package = pkgs.nextcloud30;
# Instead of using pkgs.nextcloud27Packages.apps,
# we'll reference the package version specified above
extraApps = {

39
hosts/web-arm/secrets.yaml
View File

@@ -28,32 +28,41 @@ sops:
azure_kv: []
hc_vault: []
age:
- recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZa3JUVk9UQ2xvdE82MFNZ
QU1HSktJa2RpbTNVajlES29qdnZMZjR5dlZFCmdhaHEwOXdpdFJaOWpzcHZmUWUw
czFUUjJ1aThrQzloQUs4STVJNkJqdUkKLS0tIFUybFpweWhuQ3RhWVhEZllIKy83
WUhmU0Q5L2M5MGJBb2RXRUNUanJ2UDQKxDH3kQ7PxBgHbkv7HPhSmyHIT6N8qmCf
vgRYuZWFgMas1BsS2/F9jmWxUtcqj6/LClmKvIlAmr7OiEZ8fLBTDQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4ZjFGT0N2SGZkQWx6NS9x
OWpsU2RsOG51akRUYlRoL1Rwd0NyZkl4ZTNFCmowdXl0QlplMlFhYlg4bFpwYVZm
OTRXWE5wY0JJQzlaQVRuVE40Qi9XcE0KLS0tIGJ1MmhIc3RuR0U0WWhDTjl1aFJG
aGNabFJKR216dlFETmRPMkdnT0J2bEkKDz9UCFSUgFxPHJLvs8Olm/UYowbuCEl8
wDCJFobtV7AYYB3gJmXA46DHefsC+7rbUJ2E5y50SFIeofcEK/oorQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXVDI5dFlSajl1bXkxb09C
NlRFM3dpTk5KbkZ2RGZwUUVVdGpHVzdac3dBCnVJTWVMN0t5Q1MzTzVSSjRDQnRN
NGVKa0h4K3FpZUhmcnVkajVOaEd5bjgKLS0tIHpVWTJIa2NOQXNQRXhUaHhKc3JV
TEhxV2g3N0w0K0E4cjBhK3h4R2VONk0Kqmgr6vvwyP5GUNGEJT4lGk/q+6D1/vEc
iAx10xVmtDvIuWTPwNHM5Rlx1SesloGiTSgT/MwzaUYm8lkpK6BNPQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3MWk3dEpkYkZxdjJpVDdI
RTdvSElPcG9JdjdzVGI5RTJWNUtBTEt6cFRjCnJpQjBtdUdpTHlHUXZMaVIraDdE
YlBKYWdBNzA3L09oVzRPdDEzOGJiOVUKLS0tIEpzTWhuUnR6VHpMMVhVdEpWKzBy
WGo2cHEyZFg5UnZEcUlmeHoycERCUDQKEPymfQ8YOkDtamYtyXkws5H5yuylOjtD
7C6nmKruZzFNIUs8Wf6u2TLtEPEsR2AX9k70ZjtOoygIHhvIpqY1uA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjc3p2TGRYRFV1aUg4Z1JF
MXBYUXVRTTYza3UvOTNiYVV6TWVBZDNMSkVVCjkwWkNMQzk5RVFBYkNqNmpKOGwr
SGlhYm1sVUs2S3VoNzZ4T2pvRkVkeVEKLS0tIGEyQlhQcmtKcUh2NnJLZ3BFeWdB
Q3lVNlFxbWhzeVBaMVd0ekxEVTJBc28KyCK90KW2wb9bXup9OW6J1Gnrlb9X5e8l
c+kztOq76I8NtSAnrwfkpp7iJYH4F4TEU6meFGO4Ev//duKoBT74TA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ylrpaytkm0k5kcecsxvyv5xd9ts4md0uap48g6wsmj9pwm4lf5esffu0gw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJc0FIMmwyTFpHNlNOSEhv
TmM2eW5IZlZpekNwTERuLzRLbW5ZYk8vaFVnCnlTQlNiaVFwdU9BWHFrc1VnSWc2
d0R1eHhWbTJPQjBsV0J0WjFyckZXL00KLS0tIEdwY1oyeGsxZzBLeStJSmZKVW1V
ZFBWTUhrbVJHTERMMkdDaDBkMU16VEUKi214s0sjzOR8wTK55lZelBKO+ar03lG2
Ue4Rx1utf3DDskRY6ELqSroIYEMIWDk9rxQTovIQD978mP9vpXgfPA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZREdyNFNQRkI4L3BTY2FW
K3lFcmpsQ2tIMWYyVnVDbllPcktBMmVoMlFRCmlwa3RubzFzMmRTRDJYZUgvU1hN
SmFJWXR3UjhEaUJtR3hSeGN6UnJ6WE0KLS0tIGFXQmIxYVl6Y1djQ2lrcjRUNDdt
elpYSDg2Y09Ia1VEaE9yUWRYMlk4V0UKcsiKxtTdtAT7odCCua7wV/3879QEp2YJ
iIVgZIrTg34tEGj8VbACcGINZfid3SSkUM4hnydP72ZOOfijIN21Ew==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-31T15:45:49Z"
mac: ENC[AES256_GCM,data:BjoytvHEO/mvFUdAN/jf3EnwIjmWzSbY3TgCOjIp4zlVi+QrtwLD1G6fTN6q8tWOrYUBETS93q5FsCHKqCh58TEp/JZSnw2OhODBAn8LmdNvbvXX3dNFkVvjLsLH9rl4knMD5gr2fSc+YqHsTcb1sKBom7pFEsRppnnbU6h+FZo=,iv:ipoiDA2Er9gaqKg5bbjvVSC3RTiUV+t7J72ns5IEdac=,tag:1/4KRpnUnm14jGAdS6EoxA==,type:str]