diff --git a/flake.lock b/flake.lock index 9bf22e1..e90558c 100644 --- a/flake.lock +++ b/flake.lock @@ -125,6 +125,21 @@ "type": "github" } }, + "impermanence": { + "locked": { + "lastModified": 1703656108, + "narHash": "sha256-hCSUqdFJKHHbER8Cenf5JRzjMlBjIdwdftGQsO0xoJs=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "033643a45a4a920660ef91caa391fbffb14da466", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, "jovian-nixos": { "inputs": { "nix-github-actions": "nix-github-actions", @@ -258,6 +273,7 @@ "agenix": "agenix", "home-manager": "home-manager_2", "home-manager-unstable": "home-manager-unstable", + "impermanence": "impermanence", "jovian-nixos": "jovian-nixos", "microvm": "microvm", "nixos-hardware": "nixos-hardware", diff --git a/flake.nix b/flake.nix index a15bc7f..9a4f426 100644 --- a/flake.nix +++ b/flake.nix @@ -25,6 +25,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + impermanence.url = "github:nix-community/impermanence"; + home-manager = { # User Package Management url = "github:nix-community/home-manager/release-23.11"; inputs.nixpkgs.follows = "nixpkgs"; @@ -50,7 +52,7 @@ }; }; - outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, nur, agenix, jovian-nixos, microvm, ... }: # Function that tells my flake which to use and what do what to do with the dependencies. + outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, nur, agenix, jovian-nixos, microvm, impermanence, ... }: # Function that tells my flake which to use and what do what to do with the dependencies. let # Variables that can be used in the config files user = "kabbone"; userdmz = "diablo"; @@ -61,7 +63,7 @@ nixosConfigurations = ( # NixOS configurations import ./hosts { # Imports ./hosts/default.nix inherit (nixpkgs) lib; - inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable nur user userdmz userserver location agenix jovian-nixos microvm; # Also inherit home-manager so it does not need to be defined here. + inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable nur user userdmz userserver location agenix jovian-nixos microvm impermanence; # Also inherit home-manager so it does not need to be defined here. nix.allowedUsers = [ "@wheel" ]; security.sudo.execWheelOnly = true; } diff --git a/hosts/default.nix b/hosts/default.nix index 621e23d..38294d5 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -11,7 +11,7 @@ # └─ ./home.nix # -{ lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, nur, user, userdmz, userserver, location, agenix, jovian-nixos, microvm, ... }: +{ lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, nur, user, userdmz, userserver, location, agenix, jovian-nixos, microvm, impermanence, ... }: let system = "x86_64-linux"; # System architecture @@ -137,7 +137,6 @@ in nasbackup = lib.nixosSystem { # Desktop profile inherit system; - #user = "dmz-user"; specialArgs = { inherit inputs user location nixos-hardware nur agenix; }; modules = [ agenix.nixosModules.default @@ -190,7 +189,7 @@ in dmz = lib.nixosSystem { # Desktop profile inherit system; - specialArgs = { inherit inputs user location nixos-hardware nur agenix nixpkgs; }; + specialArgs = { inherit inputs user location nixos-hardware nur agenix nixpkgs impermanence; }; modules = [ agenix.nixosModules.default nur.nixosModules.nur diff --git a/hosts/dmz/default.nix b/hosts/dmz/default.nix index 5b55652..9761c4e 100644 --- a/hosts/dmz/default.nix +++ b/hosts/dmz/default.nix @@ -17,7 +17,7 @@ # └─ default.nix # -{ config, pkgs, user, agenix, ... }: +{ config, pkgs, user, agenix, impermanence, ... }: { imports = # For now, if applying to other system, swap files diff --git a/hosts/home.nix b/hosts/home.nix index 3da02c1..4e7ff30 100644 --- a/hosts/home.nix +++ b/hosts/home.nix @@ -38,6 +38,7 @@ xdg-utils steam + wakelan # dev ols gcc diff --git a/modules/services/dmz/microvm.nix b/modules/services/dmz/microvm.nix index 556737c..c673e0b 100644 --- a/modules/services/dmz/microvm.nix +++ b/modules/services/dmz/microvm.nix @@ -1,11 +1,11 @@ -{ config, microvm, nixpkgs, user, agenix, ... }: +{ config, microvm, nixpkgs, user, agenix, impermanence, ... }: let name = "gitea-runner"; in { microvm = { autostart = [ - "gitea-runnervm" + name ]; vms = { ${name} = { @@ -15,11 +15,10 @@ in config.allowUnfree = true; }; - #inherit pkgs; - config = { imports = [ agenix.nixosModules.default ] ++ + [ impermanence.nixosModules.impermanence ] ++ [( ./gitea_runner.nix )]; networking = { @@ -46,6 +45,7 @@ in users.users.${user} = { # System User isNormalUser = true; + initialPassword = "runnertest"; extraGroups = [ "wheel" ]; uid = 2000; openssh.authorizedKeys.keys = [ @@ -59,9 +59,32 @@ in openssh = { enable = true; settings.PasswordAuthentication = false; + hostKeys = [ + { + path = "/persist/etc/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + { + path = "/persist/etc/ssh/ssh_host_rsa_key"; + type = "rsa"; + bits = 4096; + }]; }; }; + fileSystems."/persist".neededForBoot = nixpkgs.lib.mkForce true; + + environment.persistence."/persist" = { + directories = [ + "/var/lib/nixos" + "/var/log" + ]; + + files = [ + "/etc/machine-id" + ]; + }; + microvm = { hypervisor = "cloud-hypervisor"; vcpu = 4; @@ -81,6 +104,12 @@ in mountPoint = "/nix/.ro-store"; tag = "ro-store"; proto = "virtiofs"; + } + { + source = "/etc/vm-persist/${name}"; + mountPoint = "/persist"; + tag = "persist"; + proto = "virtiofs"; }]; #writableStoreOverlay = "/nix/.rw-store"; #storeOnDisk = true; diff --git a/secrets/keys/nixremote.age b/secrets/keys/nixremote.age index ce339e7..494e119 100644 Binary files a/secrets/keys/nixremote.age and b/secrets/keys/nixremote.age differ diff --git a/secrets/keys/nixservepriv.age b/secrets/keys/nixservepriv.age index 1e39ec6..fb994ee 100644 Binary files a/secrets/keys/nixservepriv.age and b/secrets/keys/nixservepriv.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index d36b77f..3455b70 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -25,6 +25,7 @@ let jupiter = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDBQr9/TIeAd25h0gfOPjoHs6JMeye4V04LuFufbe1S/"; steamdeck = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINcbvtlL9xFq6kcvE6x20/Es5PVWMhbBvra8HjGUm4NB"; laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLDA3tmyCR4ogX7mgwaEhsceqALQvq9IqXhg8rF0OIi"; + runner = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP5MASizLhydfxn0AWcG6LfeC4fghLTDVsLbEHDnIAhc"; systems = [ server dmz @@ -33,12 +34,13 @@ let jupiter steamdeck laptop + runner ]; servers = [ server ]; - dmzs = [ - dmz + runners = [ + runner ]; buildClients = [ nasbak @@ -65,7 +67,7 @@ in "services/nextcloud/onlyofficedb.age".publicKeys = servers ++ users; "services/gitea/databasePassword.age".publicKeys = servers ++ users; "services/gitea/mailerPassword.age".publicKeys = servers ++ users; - "services/gitea/runner-token.age".publicKeys = dmzs ++ users; + "services/gitea/runner-token.age".publicKeys = runners ++ users; "keys/nixremote.age".publicKeys = buildClients ++ users; "keys/nixservepriv.age".publicKeys = buildServer ++ users; } diff --git a/secrets/services/coturn/static-auth.age b/secrets/services/coturn/static-auth.age index 2eba60a..133bce5 100644 Binary files a/secrets/services/coturn/static-auth.age and b/secrets/services/coturn/static-auth.age differ diff --git a/secrets/services/gitea/databasePassword.age b/secrets/services/gitea/databasePassword.age index 5e2611e..7a19502 100644 --- a/secrets/services/gitea/databasePassword.age +++ b/secrets/services/gitea/databasePassword.age @@ -1,24 +1,22 @@ age-encryption.org/v1 --> ssh-ed25519 neExcQ 0mOGgvrtAPzm9ZXtXBDBnx1xWW/Gk/L0HBOXj1Fimgs -gzXn3Nhd26sonCLMrMgPwqLcae/orfeenmM01xCcFXQ +-> ssh-ed25519 neExcQ yCMSMhaA1eUwP+voCHZSNOr0qEzqHaVWE0/x/7k6bGc +JhQX9MqVGJqBrrfDJBEc/n6uB57HVK2XLGPMpsoqNl4 -> ssh-rsa VtjGpQ -Ws4HhpSuEU7c68RXZLybria1zY4wa3Bq8nU+KufxdjItLbELo6xZhIOAmzPGUeSx -1qodHItF9vJBsMK2EUAO48VnUKOGrVBFQjlhT7iV2fJ/pQSW40HTRZmnPTiYnsDq -eM4DTxcineotO/aAPFAUe24q0SHMI4qwurp9CwdLYq0t8nsFiCj3lZKBJi5Asou4 -aQi+n2PrxQSFtq1Xuw6BfXxDuAZ7JsFfowyj1qq9EARjSN3XIi2MxuozIGK2qU0E -9AUIFHV6qB4zFmdIY0zXdwOLeLJB9rbsWJauj2IDdlQdX3aX11QmRI7LkbhoRWFU -02oE/2/dOUULPNiaY4tJIXY4/LSvT86m4EVR/Q4H1HNj9zutMf00s85G4Kx2Zjyu -lZ9ITN/+zU9ke0vBZu6oEFOQbJFoPooE8lnkBa7lsE/SwWgQwIOcnqUsVqgv16Z9 -bdz+odHf34QNQLb/le8V8YaMZdhRm85Oq9lZsUH3oBP7G5cg4WcKX7x9pNiEGn8H -RinfBp/+J5ItVpXFeDgX+HKW6TJrc5/dgKHoc4l8saZJ/pvcN9GvjWMWAL2M95P8 -qPtJUina39IfZrfizxGyrXlY6mHasuP3e4PJtYTDeNnUbAtUa5GybPpWny53X58X -9eQBv5ZIp4fovmyTMH4wSppPT4vXFFKI+3H1M84GY7g --> piv-p256 grR75w A956x4b/H1oRQev3gpthASbJQYTXq6vc/b4VO9JVNrAn -dMi4fwu7mlMQUh3z/ZNUbFc7+2VqllfFm1iiEEX+TNU --> piv-p256 RQguQQ A9gzXCoFjypFQkGGTqk/CFg6dIVRqRJh1AORiuhyVKC7 -tKQlNXnTfZUsqJjvcQDOwI0vPOjPWAxHvWmMUpmptXw --> J8*:b-grease TtK#Wa Cg6 T8pY F -lfKTjFQWfhUa7hiMSOUf/5572uL+Ag ---- s2yNb+NdxX++oSAK0Knrx2qGYxR+0DToTGEEqqL9d2M -[0:45ѩ]Cs -DG~75sb΢B \ No newline at end of file +Fzk9x/xUoTlEFjKEaSEdns1Ixi5Q/oswuOuzN86twI4jG6JacZ86T69ApvX1fZZB +d7lvBCC24HlYTX+TKNiro5tgGhc1zXKfb7o+HitdMEjXG75XJG5knVsYq+z8DxtT +qKzA8vC7j2Ki48N6KlGuE8jN4W6EMWfFyJaKlTjJFpJDt4ABYCKndk0HqWZjFo0S +sMKgnAhlEqkWE+3dIPZEbwYbaWLtUxnxWcIRz7hsEeMZfAT982CAcsxLctUvO6Rl +HdLArGZ8m3JcCF7O+AJ13LtgwbvVsO0YbkvZaTiHB7YTirjD21Mo3LmcTyqpGrfZ +8f6jncBPPbHWh7ynYnJjHt7ao8Brvc54OW6jiyXdf+P78FjzzYDkD06j56XRje5w +WQha1DlohzJQ+CgQkcn/aNFsTe64RSrBb15Wc29hDJUIk6JFH74iiW4rUKN6sHUN +upC9ElgOWSKAx3f/z+/HInxqUvcpAz6YPrP/WUZZi8hxR5LFt2K5nOnl4sxzIGUe +959MTzLK/w3gxXn/zuxniKUo6Utzyy+Bj/9J0SBZgvFLvvFmErNMt/TOOj5Gw6+5 +1jSOijo2jCbveFhGroeWxrLeQmkIV36xmOXMVPy/WLfMCF4xhDIPJezE5HuVkElh +sGV2nvPvr4ZQQgSpbBdHBQg8rqoUpyz6ms26s2p/Jy4 +-> piv-p256 grR75w Ag8Jwei06v5inyaQK+VpqPLgv3iUIhki+TDTEbBfyZrs +XX3nH3xvyMejoAlXVhFrXGtq4JXo2qDMG4s1+b4qmMk +-> piv-p256 RQguQQ AqpQBRbH53z2SLKGfwoZ6xmQ9beNhh4oHaF5+QZUa3kN +vrnTZ4nDRcR/QOSpBnvhmjFCUGj+PPlFp82Ep9nKTA4 +--- oOBpFNoLerXY3ZMSZlUR9gKOYAxGW4ybECwDN2zHjRY +䬎8٭G+1K~<۶D + ?JUPj0wPBȇJyi \ No newline at end of file diff --git a/secrets/services/gitea/mailerPassword.age b/secrets/services/gitea/mailerPassword.age index 219d7af..ae5eb7f 100644 --- a/secrets/services/gitea/mailerPassword.age +++ b/secrets/services/gitea/mailerPassword.age @@ -1,23 +1,21 @@ age-encryption.org/v1 --> ssh-ed25519 neExcQ 01DzzsJwCKFsH5NrKxihJnomu3TWPLb7feibaXgcCBU -BzuAG3oZ74EvUGsKAnHiqdpZ4tqQG9BiFxRKRYZOwCs +-> ssh-ed25519 neExcQ e47ZHp8uks6tkP3RTlDpsM1nKi8taqiTqqwLHSmmtEU +qfYNu5++RoHoL2+OnTqBhXHC4Db5boHCaulBaa/O8ao -> ssh-rsa VtjGpQ -Nt0GGggXQ1mVZ2C3wVyNUfbdj9+cDCDSlJiPCTQwa3zrlgFuQOzUThIqFB8f51mb -w3TZ8lLvIdc8N3FtMIeh8WPJ+jna0qpBbBZLB5sm6+jF6NPOQj3pMCRR/HJIATru -j+OgKbm6smPusc4DyS1EuVNhP0Lqc3L0MO6KgZsS45h6tuXj7QGBBwwtrzAs6Dmo -53pLRaGjpaQvFWwAfgBmMzlu6o7wi/G72uk/DPzayjZWXNDWrkT2Z08hQYh+rBxM -mEYeO0g0Xz6fcIZ5pg/oMBZ5FMAVbvNh4zQ7iDZ1ck5Cj8sUT42xBriVLpERI6Ph -ZIMVfPtLE+vX3jBkdoCMkjNm1j4UtTUNARI1P+wWY3YvWH9fxmybJTifkxiYiWet -xGe6a/xvob7PShajCPksI4Ag7Ief+Hb5zfU+V0zF3377fFZpf1eLrAVKvS2wlMSz -b3eKUMY+16HLXVsiR6Nx8nIVRhceClDwOBF4rXTliMbtFBL5r5VgJc3sIHEk5Utw -Uk3c6JXyNqvktXIJtojQyOLR9/bFWvSKoapDn8TuV95B0QRtZebdqKjjDWLVA+Qr -12EYIA30ujsIhg1MwwbmIk9P6wc/qWBdW/2AjCoQTnCs+yxrSoUcVXlUXPOBVHmE -w6AVOgT7gIrjkEYvnpN00xSy6VTv9AhmB0X7Kbcrwd8 --> piv-p256 grR75w AoA8SsggTDWv+dkntd9hdYohw8W7AF2qE8DdETblG2Y+ -s8LGSGx7NU9kxfPc03KPh8u4YcYHncRlj1wc3wOe/hA --> piv-p256 RQguQQ AxlFwmnbKRs3FuZwnOZwTJV/+6ryTbMhLyPd7coU9qvE -e6NHBXGNsyAs4FVcLbKX9tR284eaJ2e08BeihEXW2To --> n8l89t\!-grease z _w23iC |j&g -OwcZca01ew ---- 5473Fig2/Ca6MCjOg1nBUKrirj+UFxqpc2+3OQBFkWw -n1sHp,\GhwBn<(M?oK-9lvs;ov \ No newline at end of file +YwV5feWZ+Xn1h63X1cESemsq6Sv1c6oRXZd1VlELbx2DZkfRzAxU5BHqeSOIgA0b +dD1RCIcxnnopALxgzhwXo4Avn390sEzTp3E+Xqpl67E84UJbbLLur1KW2BnJB7FI +Eh+eYdM0CuWE0EbkgM4yiWRtMLVVDXQO39knZHi5fOBdy1tTQ+yaustbGxO7g2r0 +7FoFtMKkvSGrKG2KtXMkckhZrgHabzOxwM2EJYntcx1yUtxKSyNdezd9SFXPfZ1/ +w08Nr1XCU3qs0gukq6FvYNqFgoaYOyK5m4tFCraMAtqwk3xJO2CNF2PmyQ0IK4hI +Th3i67odalK8cob7MbhxJEE/bXbVq/ttqSzsIKlOyI9z1zAXgZDkoXJyTTi/Bscz +ZtOs5fzNFSEGRNEIpL7z7BEXTLog8P7Gw7fOCWEDPBUc+hZcNRSgOsSjw3YRSsib +HOk9mXNl2FKf6f2rOmS/kAkMcQne3FGdt++zuajJUtJMVGbZ1ZoMWIrNCuBZpmfA +FE12keX0+Sn02EBtHh9XETqCrDF6eE88fQo8grIVnEiYTJxkA393WyaNgD49P0oT +O6KTKp84ge/LQLzrelq9VOX/D8XovHoEiCKA9JCMv/zS6WSAiki0cn+B63ReRT0h +URcc/3Ocy1XrlVV8hO8/9aZvaWgA7OIFW/VvaoVDZZQ +-> piv-p256 grR75w AwgEVNA7wnkEm6sZyqCWe+HfFA+sA/vndPsq/Et8LfaC +E/8loI1LpovcjoA5eXyBfIVybxT6GzTeXpXsvd7KcBY +-> piv-p256 RQguQQ A/0wpURmpy27mHA1Pt3HYNMc307VYDdkK30XwQiRFC0P +uPIPK0AIxi1yc7IOykSyZvlMdXKTVBDhkRexmTC7YJM +--- B7eEKZj/PZv2HrptShza8YmHGNvXwYmWx1cBuuyDr3Q +EpkةCn|;ŤpAzT?0M>nB:%dI]1|T?ፈsO \ No newline at end of file diff --git a/secrets/services/gitea/runner-token.age b/secrets/services/gitea/runner-token.age index 5b65125..bbf591a 100644 Binary files a/secrets/services/gitea/runner-token.age and b/secrets/services/gitea/runner-token.age differ diff --git a/secrets/services/matrix/mautrix-signal.age b/secrets/services/matrix/mautrix-signal.age index 9926d9d..466c35a 100644 Binary files a/secrets/services/matrix/mautrix-signal.age and b/secrets/services/matrix/mautrix-signal.age differ diff --git a/secrets/services/matrix/mautrix-telegram.age b/secrets/services/matrix/mautrix-telegram.age index ecb81f3..094081a 100644 Binary files a/secrets/services/matrix/mautrix-telegram.age and b/secrets/services/matrix/mautrix-telegram.age differ diff --git a/secrets/services/matrix/mautrix-whatsapp.age b/secrets/services/matrix/mautrix-whatsapp.age index 3fdbba7..d361b72 100644 Binary files a/secrets/services/matrix/mautrix-whatsapp.age and b/secrets/services/matrix/mautrix-whatsapp.age differ diff --git a/secrets/services/matrix/signal-registration.age b/secrets/services/matrix/signal-registration.age index ec543df..e6fdd7e 100644 Binary files a/secrets/services/matrix/signal-registration.age and b/secrets/services/matrix/signal-registration.age differ diff --git a/secrets/services/matrix/synapse.age b/secrets/services/matrix/synapse.age index cd64732..570a466 100644 Binary files a/secrets/services/matrix/synapse.age and b/secrets/services/matrix/synapse.age differ diff --git a/secrets/services/matrix/telegram-registration.age b/secrets/services/matrix/telegram-registration.age index ba59612..96a1d0a 100644 Binary files a/secrets/services/matrix/telegram-registration.age and b/secrets/services/matrix/telegram-registration.age differ diff --git a/secrets/services/matrix/whatsapp-registration.age b/secrets/services/matrix/whatsapp-registration.age index 3a6d4bc..2dd93a8 100644 Binary files a/secrets/services/matrix/whatsapp-registration.age and b/secrets/services/matrix/whatsapp-registration.age differ diff --git a/secrets/services/nextcloud/adminpassFile.age b/secrets/services/nextcloud/adminpassFile.age index b65e692..986fd79 100644 --- a/secrets/services/nextcloud/adminpassFile.age +++ b/secrets/services/nextcloud/adminpassFile.age @@ -1,25 +1,21 @@ age-encryption.org/v1 --> ssh-ed25519 neExcQ s7AP+jIyudaok3q0qIHux/ByDv/kASN3rR/xmX3l+EI -suVpRzECLiMViplV1FvLAPNnU2tvm+jwEd2XWLSHV+Y +-> ssh-ed25519 neExcQ nQZ29Qx4mS20gvbC7fEFlClLSxZFpdQOni76tpk1hiw +lOeTSg21QBNIT9sbthQJpY5rERXEtqcLiX6FYy1TrcU -> ssh-rsa VtjGpQ -nBo7xt52uNd9REOOWFw0qkycNCbfOJzDLzpRLpmA96qjXJdyqE5i47vRJOqpHkTZ -e/LbzSeWz2uqkJYGIj5JOBkcdCESDaM3I3xwyzuFK0k2shf+YRNDF1RrOVyLICoA -jMnGePU/yfeiVMYP5DIogNFH2RFrYG/LN5fz50Rguwuw2Kbjr/OO4Qgoxqmdx733 -WQFAniS2cFdYxKDw889EsPTeF6H/ehirK+xW33eo5xIXOEWC3r+rC+13Ff+ptvMR -h+L/ctLnBV8sKpkJuIrjUc+jPpUcXxp5cB53HrNa494mdVuECCVX0wbAaLDKutkY -lrfgk+dcCsule6e6gWXqhKp7aGbxWfuW3iJd5JxbdzxQ4g8yk63Zfgw1zKN9UEa0 -Ql2j6XIuPny/x5anvQzPaIVM7IDAHwioSiC8gIUntz29E7RN9n9Ur7J13S6egfFC -FPlXKLvbnqKj9txREuvAjbtjwpgZyLQ5t7rZZ8q9qEWeLmTWmwN3at2Rld3Mlx2R -um8Xqkcxf1/j2Z4yjqTkV4UET0bLz8/WOtfVr0qDkAYzQsDhI3AFEAbmJbJbefT/ -o215NuAuKpF8mETcAF7CtSdWOPUV7g1s8V/jl5y3Ftrt60YYrKvuvJxF+VWySfFz -kVBdMUFiwt10dHnV55IkrKP838/8JwJe5H1BOKCd0oo --> piv-p256 grR75w Ayk0OSfzq0mAFOgObULDNJ05ElQ17CDE3zSXvokqFHPX -/lkfGdMOS6/VXeslsBW5DV2JZWn2RfP18OpkL9tqw4U --> piv-p256 RQguQQ Am2wmwN+TwwYSNjE+kC9TugxOYy61HzQXpTdvQJmwDie -olgVoRbp6DUXvk41AIJd4YTB9H9CHCEkSOL1up6+P7g --> iDp@[-grease B(tR)D F. c -2ktGwv+wl52izKLp0HUTQwTZFZ2hu25SI5k9W97qVz8bzuk ---- AL+sbb1AvUkyowiMYSjI8G0rtjEM4amy7KYuUne26ps -*j~7 Dԧp^ -X^5zLJ] -DPl>8+/x \ No newline at end of file +Yqs5OH9jfeaxYpZKvR2RpCKG9Altd4otvWFkEDVX+BPlGLKhSMeaCWoJ5vKbC4id +JpOZvzJKZ++/s3/QbbPs/Wn+PnZ8ZauNuMI3/L4MmW4SmTFzw5smt8IrGDLJiPiJ +jYXVDTYP6Hw+wVZ+BKSX7SXXuqQxRn598NJIQDP/L3V0Jiym78UulFIHjp2+ZUUo +qm0+mbNKYBwSwB7r7gt91PGjdyqMKRTj84A3V1Ty6YQGpGhqv9fIziVWexLehRRe +NUQ8CjkjEGlAvt0B8utr2AnYt+gwpS4+GUI/JWK+WHYpUmlxPRG/NY2oDatuhmqR +XQzsNe6Z35bFNSaRgStaR5W9KI7hLmHbaWG4sl9c5Y9BZ7eou7U66keUFvqmGkB2 +VV+XfuOTpQIdDz17Lu0nGfpHzKgJQvL3pM+rRYd8/iw8crKTnigY3h+JPS3Diazx +IuW9qW2GpkG8mGen4KNGBYF3QxB/6WeyE7o1ZQ2gJv6wBsMNlFb3/LBO8VI6qBu7 +keJnbaG8FrivjmrOHxcTCNW2a8jJYPLypHM3LY8pYUHmZSI9yeOvdc4h1JQrcoYD +PXjq4+7/ERtMeCjmQEGUqdfyF48nENmd05n/ZaC2R03aTfMX8OrtSXwRoLV6T9o7 +OxOlTDB0P2uPieOxA+Ra+UkwWS2HNQoEKwqH3URx1ek +-> piv-p256 grR75w AlWsuWXTh8/lSM6jW39yI8rdM39jy/5mC9/WkHDHYfon +DJEHM0jcEF5vXSok+5IDvEcBdRAjXDWP73sPg+h+VQQ +-> piv-p256 RQguQQ AgrWyP9MEu1ifuy3IN2kmaAw6nxrPdOumUaPtzRYPyv1 +zbJEDl3R8Xv3Y/kY4wfxPwxPONh4pWAOjzqDNNTR8Ik +--- iwkJ8USC9B4VYRzSy5bgJTmwAm3Mj7Bwya/vtezt9uw +<(O!%&|n,NrS \ No newline at end of file diff --git a/secrets/services/nextcloud/dbpassFile.age b/secrets/services/nextcloud/dbpassFile.age index 4ca3e11..430576d 100644 --- a/secrets/services/nextcloud/dbpassFile.age +++ b/secrets/services/nextcloud/dbpassFile.age @@ -1,24 +1,21 @@ age-encryption.org/v1 --> ssh-ed25519 neExcQ LU3Ze4D5K/YOG9H4mPXYG6EyW6f4QD09jpKvjOkOugc -4l9LkftCd662ODYjuVicr2BvLBiiGRiHwuY66gsUiKA +-> ssh-ed25519 neExcQ XVMWLZbXjelUhXJQseIhdyT6V8kIhXNArwNRNQOboQo +XIplYCaDm1jiUhHPjv35Yjaf+EujGkzyO2BWBOnNows -> ssh-rsa VtjGpQ -mkjhpAbnkosaUrbC8yK3NNd6oBN9xmKBLTqIE4tnm67EGfWbbxJJ/GGtZFL4dqKQ -+QdaaA1gS2JoyMw8E+mrkIABiwtDbQUDscgJD4kXC0TooNf9pURJrBGFinboX4H/ -eC4exeuaTtEj9U5p4Bc7JtOVMWsOPXVYD/lo8htxKblvGiDhX5aEAGbZK/QesIVQ -+vEmR86INUHuXkqtKEikF3wRpd8cALIeIVXDBlt9DD2PPnQtWlEksV4DY0Fzai8/ -leLB9u0AHG+MN2NaovO3oTVSEQUEfdPwLK0UgI3IDIGbFb9PwKON3y3q9C6x0+qo -oftM6GMRv8Mz+wnPmHTdRV75PfNNgk1M52cRgtUbGD+s7Be4L6zZW+pqey7QrADx -mpmhabthQoI2b6O3IsIyvKBUtAPLGOZ35cHSgplJOUN/yc1gh8hu3HIRC1NYF/Sz -dRzR9po+GgswRxv4EsiQcqdWqkOstF969zc9w5+NwR9CbYuTcaqpauJ88hoydb+z -JXFT25yqKpVNjKnFXoisIwvfGuIAAG/8vbj0QwqvftaVZ5ifLRhscA9Bvju61E2r -kQl9KT2IOBGJl53viSbW2iJCZ1sNTJ19vcvmHGwepymOG8JIU4iwYT11XlctKOvl -PCIzme2r9/7exrbTtHdm1w/76iiws4cAfZF/r+KVEu0 --> piv-p256 grR75w AoCHCeVnlptDdimyFa0RwKoZ1RIRB/BgtHDUE9/O/ixV -lH+qw4Vhx4ebr6DJ8c9pSX6t2ZPPa0h4uEm/MkJmZdI --> piv-p256 RQguQQ A5Ksfo/fMmovaNOIabynyEiGB8dbNQTRgMkCr0J67Ehx -1jIGrAHSgqRCf1B/8UsszC3M0kTt9k6X0mgK8biSAAQ --> Ar;HS>)-grease -ZcK7KScAQMJkO++FCzQiKlNRevg ---- z9NT4igqfqGlo34xx3Wad1GXo0dA1p+x0AD8AkqG4Ow -Rf - -VFB`,`6tXȍrpfN \ No newline at end of file +CQCpjEERmxeTF+2A5MQR8HoHZbKD6eTUrpiCogQcnpASLLW5Atbvnez30tdbMH+V +c0yOuAH4gwShtxCvgWC4LibfVng5XjbwPLLIS9ChrL5dJhypmGFSVRC9bRqRZos2 +SrxVmJJzzPb3Ytco+xR6IeE53htuEmzuJsGW7eE8VlhAljGKEG8HyiP9CADlI6Be +lBtDdYkIvzTrr3TlEl81B6wSmGI6/7/U2p2z0nEj0Adsr7j7lyE3DMQ3/zXlIviX +Ao1iBHlM57/SyMsSA3K7GR78KcJXqDGSpmOTQ48HblP4n564i3AEQ9gnC6aVPYOU +Ah/wCP7YZO3VMiy+zblc0dHTxvvgKVMqBMWswcnyICZXAEU6W4KfVg38+h9jBv44 +5dj2Et6rxaWUOHKJUWG8v1XJXERDRo1xL8PbIYhNOz+Gp7dRbk198y49asL6qMwa +19ba0ClRcF5SCo60tLdKYPJ/gS1h+ouN/SYr8/avreHjACv8FojR3BWo3kIc9gX4 +/42JLeedcE9V+g6Xkx9lOmAQx+1B07WiogVzhKsWlDPwsHwpRuzjhOc+6oo4VQkE +hQ77i+2ICn4uLfATqPz5vec1dxysNdRkqake+t8eNc7h/izQwmLMJ1uZvOTVWU5Q +EvH3Z8Tk5+6r6GrlEFT16/jUFg6YiL3LA/Sru59LNjo +-> piv-p256 grR75w ArnahCUsXVZQYVxePfnNkpzmspxFRiBpcr1Krs0ItC1j +Tgv07aMe/1SE8532rm1T0lbRwOPhpX0PDlukPlTniyI +-> piv-p256 RQguQQ A4d2sEre81qitpZv7XoxwuUnmI/JotW8h8HsFtGdmjkF +I7InD4tvMAvljng2IvELjwxf3TjHBcEdmw0p2s4znWM +--- Ij/96ona+2bEqLiDyZSbcUyXayxbHBr8UwETAWb7h10 +3C֢v2\6VXG|_XhC-xee+0 \ No newline at end of file diff --git a/secrets/services/nextcloud/onlyofficedb.age b/secrets/services/nextcloud/onlyofficedb.age index 98ed85a..4a7e74e 100644 --- a/secrets/services/nextcloud/onlyofficedb.age +++ b/secrets/services/nextcloud/onlyofficedb.age @@ -1,21 +1,21 @@ age-encryption.org/v1 --> ssh-ed25519 neExcQ ua8fTpZB6AlfOtoDVlTUPIAg8aPoi79AJVHyS6quMUM -4EC2U+h2OmwB4iQc5zA+OvQeQn/RJGgpfUl9vxB1O+o +-> ssh-ed25519 neExcQ w2S3YYmlvpJoj7+0YC+BtvZbuXucYUZ0FrjuZAnZPCA +aX8B5RErxNQqfNZ541FXute6nNf2TfVBCl412k56vqI -> ssh-rsa VtjGpQ -ioqNl02pKSYBd6jAR27FgxsPoOJy4HOcAVjzPlPF18EhHVVPkDSggeElOwJ7Kb33 -XEkFpKiSz+Chcn+KrQBW3yYwYGwIMYkrs6xfmYrD1RKxdAbIXNophQJPA6HkYj6Z -UIK4xfwGDhfEdu/9+UXI8hfQ7YidvVw+NujavBhgpZjfa1E4K1ZbpsGTqqxWkPjp -GTI+PoCqsxJNzi2CyNaHmiz3ykOTc6V9CQUA9Yr4GDyol+LkMs1EYEHZQ4yY+p/Z -ZBOFFTmHlP+xKMhjK67Lr1PNDeNgFTzIY8aJIdhC9ScY6fqJ08IftwEHrgWYr1R0 -EIkQ9hCJK49mHPMVlJFLMZI+xmoRIalf68//Q4ZTVdNaLmAHQRIQfQC/YrCddITx -3GmkLRGz4wrvuWLcgx8DhOfe5vr/Tu+SI5oVIpkScxgzU8bHYsyrVQ0TAFOOLyx+ -DQNFhd2aY0lUzZfyble5fOozeqonPf+k74vPn6CvikDdeTNhpj8Cbe9Ro7dQBO0N -0a11ZBGlm5nohGootIP/zi4ly6xpc0cUq1PbFpq3xV3rXX2VUsPfAhHqlkc/Rsi7 -/7JkG4+3+xH0vAGvPFs7Ja1snnWuWeK6s2v+KR0ijvYRaFp9KuDwoobW0tY5KaxM -2NWzltzdYJ3gINYTqDa+zmZIdZr5rEh01q43uRQ451w --> piv-p256 grR75w A6t18C3KM2Z3De6Rnzs+eGLzAe5bGUqOG7NCMa0Nsgri -Hb8o3YbHz4xjU4NZNuUa9UigU47eKh1mRo2dlgXV4FM --> piv-p256 RQguQQ A27FNpG0FCPnDskBHG7fQjZCzJQ/j5ViKbVYzRDCXJlQ -nSgHWpdnisqCHmpdtwcbr2J1AxkTW8vxO5Aillyoyig ---- gPm97DAXfRTOmb9G/Pfbty2XnFAgzqR9ldNEaflZa+8 -\oIzW+fh_Iu  ؙhj] Ӳ`WE N \ No newline at end of file +EQbQ1INPdi/uIDiT4LPHbVLVaYaaAJhTdsfehkmlWaPdieKgDwBLgNJA4kT7gPKk +/IMNc1ulG6FsvPonivBfvxi3Ecn9F81+E/gV7S0/C5RleSKPEdS9VGfV1I/KojZG +TONJd09/73leF7Kup2JIkAHza7FftXJPwfngXAqYjEXLnjwVAqaM9S7OyKn8GjBj +UXSpY1TQl2G+iwF2ezETRwlExJTQZAOl2EVeCpT71ZNWJ/J4IJvo3BtIlLT7UyZ7 +DWIEAW7Q+QAxDsVe1l0TFfwh7YBQEWNivRAMSn1TRKZCEsFJGv8beYwvtXWR5tmh +kmg5ve+HIZosfytUDxROk5lu84tCxVTT9OT8+0+SPfmVtVYvVtG5MMogXMnhXUOx +1nbJKNpljXWuOXB9zVcS3TTehszr9vE4N6Zo2yExHOS0uCR5Xc+9j6I7oakP7G5y +yFPgPUZ9n/JKIPx6a4PR4+QoskvxlhvxY9yYrVTtNH5vkENGRjDoTOIhMzHvL7Nt +v88RtYDAA89fJShNI6cShq6WZaSf17lQUMasLmyVntiKesAvMH48Y1WybkGy2pXG +uJRIn0nzW9P+wRxzy3cxE/q7qKDIEpuA+S5Y6KkYK+zzORi92jlOoXk9CTKsXSQz +d9rPeH6lQw06F26JY6MqtB8hRxPlOE2yDn47zOYMvlk +-> piv-p256 grR75w A+/yozGoFp4QYxcz1UZfPrA4AIchoKwccbQOfOWC5O4d +nixmFchrPPlzv7+mCLtrvj+CkaH0YaZw1Q1fDLkYs4U +-> piv-p256 RQguQQ ArfxxKLqjYDzB4cM//DVOjEmLQQ9DfVxRKIBdyks2G5g +7vqEVgqWCjev5nCImXaXz3pQygtRbEYmsvIxEP2+YiA +--- nMSwg/ClPmNQnJHJy6+BNMKBOw2zEAW/8dqq38Opots +} 9+gvL2eM_,U7%9兌֏!}h?҄]fV \ No newline at end of file diff --git a/secrets/services/postgresql/initScript.age b/secrets/services/postgresql/initScript.age index 905e1d3..67b006a 100644 Binary files a/secrets/services/postgresql/initScript.age and b/secrets/services/postgresql/initScript.age differ