diff --git a/.sops.yaml b/.sops.yaml index e0dc72b6..af64cde0 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -5,6 +5,7 @@ keys: - &thinkrac age15c2dquc22epmmndpmd8pa3077fdl8nyr5qehr7y0c9uvavrledsq326ak9 - &nas age1c7y687sxh428wk34s8ws6kemu62mggafpt40rmanevgkuj5xa59q6f7tlc - &instance-20221213-1915 age1elra3uklw8rmwkevqms2l4tsd06d5utqda9d2w4qvqpz898uzuesugxkhc + - &vf2 age1j67v2az4egf38qaj9c6p5d38eataxtg9xee8vw527c5hnz9u744q3mr033 creation_rules: - path_regex: secrets/shared\.yaml$ key_groups: @@ -14,6 +15,7 @@ creation_rules: - *thinkrac - *nas - *instance-20221213-1915 + - *vf2 pgp: - *lotte - path_regex: secrets/nixos-8gb-fsn1-1\.yaml$ @@ -57,3 +59,9 @@ creation_rules: - *instance-20221213-1915 pgp: - *lotte + - path_regex: secrets/vf2\.yaml$ + key_groups: + - age: + - *vf2 + pgp: + - *lotte diff --git a/config/vf2.nix b/config/vf2.nix new file mode 100644 index 00000000..3117264f --- /dev/null +++ b/config/vf2.nix @@ -0,0 +1,79 @@ +{ + lib, + nix-packages, + config, + pkgs, + ... +}: { + networking.hostName = "vf2"; + networking.hostId = "ad325df9"; + imports = [ + ./services/caddy + ./services/acme.nix + ./services/fail2ban.nix + ]; + environment.systemPackages = with pkgs; [ + pinentry-curses + ]; + programs.gnupg.agent.pinentryFlavor = "curses"; + + nixpkgs.overlays = [ + (import ../overlays/riscv.nix) + ]; + + boot = { + supportedFilesystems = lib.mkForce ["vfat" "ext4"]; + kernelPackages = nix-packages.packages.riscv64-linux.vf2KernelPackages; + kernelParams = [ + "console=tty0" + "console=ttyS0,115200" + "earlycon=sbi" + "boot.shell_on_fail" + ]; + blacklistedKernelModules = [ + # Last thing to log before crash... + "axp15060-regulator" + # Also sus + "at24" + # Also also sus + "jh7110-vin" + # Maybe?? + "starfive-jh7110-regulator" + + # This one stopped the crashing + "starfivecamss" + ]; + + initrd.includeDefaultModules = false; + initrd.availableKernelModules = [ + "dw_mmc-pltfm" + "dw_mmc-starfive" + "dwmac-starfive-plat" + "spi-dw-mmio" + "mmc_block" + "nvme" + "sdhci" #? + "sdhci-pci" #? + "sdhci-of-dwcmshc" + ]; + + loader = { + grub.enable = false; + generic-extlinux-compatible.enable = true; + }; + }; + + fileSystems = { + "/boot/firmware" = { + device = "/dev/disk/by-label/FIRMWARE"; + fsType = "vfat"; + options = ["nofail" "noauto"]; + }; + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + }; + }; + hardware.deviceTree.name = "starfive/jh7110-visionfive-v2.dtb"; + system.stateVersion = "22.11"; +} diff --git a/flake.lock b/flake.lock index 341b4ab3..9f83b3ef 100644 --- a/flake.lock +++ b/flake.lock @@ -527,7 +527,7 @@ "nixos-config-for-netboot", "nixpkgs" ], - "systems": "systems_3", + "systems": "systems_2", "treefmt-nix": "treefmt-nix_2" }, "locked": { @@ -744,26 +744,23 @@ } }, "flake-utils": { - "inputs": { - "systems": "systems_2" - }, "locked": { - "lastModified": 1685518550, - "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", - "owner": "numtide", + "lastModified": 1677835344, + "narHash": "sha256-+SF1dfj02xAizhtY2/pEPyA0DP0pMvZZjC2aMyprYhA=", + "owner": "DarkKirb", "repo": "flake-utils", - "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef", + "rev": "17cffe5284b6da6b50cc82f4d2b4c3ff8185f83c", "type": "github" }, "original": { - "owner": "numtide", + "owner": "DarkKirb", "repo": "flake-utils", "type": "github" } }, "flake-utils_2": { "inputs": { - "systems": "systems_4" + "systems": "systems_3" }, "locked": { "lastModified": 1681202837, @@ -1556,11 +1553,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1686573579, - "narHash": "sha256-8ClBqtO08EvkhucwrkQpYJVaH9WendCHsZKViHItWpw=", + "lastModified": 1686581843, + "narHash": "sha256-X5w0bmTgU/F1Jpcz9dIn6cRNyM0Tsij2LezHnctE9Sc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "deaae54adcb431bcb333ca6485b025ed17fe877d", + "rev": "bbc050eaabbbd041a3fead67cb265ce56a999519", "type": "github" }, "original": { @@ -1586,11 +1583,11 @@ }, "nur_2": { "locked": { - "lastModified": 1686573251, - "narHash": "sha256-ppp1eHsFjibaO/Hjas4mw2cOUaISWvGywpMsNi5o3hg=", + "lastModified": 1686577492, + "narHash": "sha256-fxIk399m+GWz9ztCgBY/xVeNvGNUmO13RJixMCAaiT8=", "owner": "nix-community", "repo": "NUR", - "rev": "d3e28dec6aba3f8a406b846445636ad4c242778a", + "rev": "6ad25ba83c8ffa16a274980571f79d3e368a1940", "type": "github" }, "original": { @@ -1767,21 +1764,6 @@ "type": "github" } }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "tomlplusplus": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 525e276c..7e34863e 100644 --- a/flake.nix +++ b/flake.nix @@ -51,7 +51,7 @@ rec { url = "github:hercules-ci/flake-parts"; inputs.nixpkgs-lib.follows = "nixpkgs"; }; - flake-utils.url = "github:numtide/flake-utils"; + flake-utils.url = "github:DarkKirb/flake-utils"; haskell-flake.url = "github:srid/haskell-flake"; home-manager = { url = "github:nix-community/home-manager"; @@ -136,6 +136,10 @@ rec { name = "instance-20221213-1915"; # Oracle server system = "aarch64-linux"; } + { + name = "vf2"; # VisionFive 2 + system = "riscv64-linux"; + } ]; in rec { nixosConfigurations = builtins.listToAttrs (map @@ -173,6 +177,7 @@ rec { overlays = { x86_64-linux = import ./overlays args "x86_64-linux"; aarch64-linux = import ./overlays args "aarch64-linux"; + riscv64-linux = import ./overlays args "riscv64-linux"; }; devShell.x86_64-linux = let pkgs = import nixpkgs { diff --git a/overlays/riscv.nix b/overlays/riscv.nix new file mode 100644 index 00000000..4efbd24b --- /dev/null +++ b/overlays/riscv.nix @@ -0,0 +1,3 @@ +self: prev: { + pandoc = prev.writeScriptBin "pandoc" "true"; +} diff --git a/secrets/shared.yaml b/secrets/shared.yaml index b9fb95ea..b3044a2f 100644 --- a/secrets/shared.yaml +++ b/secrets/shared.yaml @@ -1,10 +1,10 @@ aws: - credentials: ENC[AES256_GCM,data:g5ikxNA3ta0G8VbMzDwIecmq1eoRtvpr0LstpnY+uDK2xTEcOuvQtt6kip3wgxg5Zuu1P3K/JW0ZsXmqg2NUM+636bDWdB5xRvpxA2ykij7e34/f4kSZlNn4xLkkw3udKCuvUC4TJhA/H4v8M/YbQg==,iv:5VaIfB94Jm3/z8RB+4+kGuRco/WncJ7Uo1qS/Xi3+BE=,tag:C+/UD7zznP09JGarHThbjQ==,type:str] + credentials: ENC[AES256_GCM,data:7JuQbRQeDoltDhF8udu9QPb0Hueobmn8hvK8GkTWKDSz7Nl2FfDDGRVEwUxePVfxo2uyWdGnrgN56vuoByDVffjhDqJeIuSqGqhXwGLEeDpfTyskb4h8kdwkOZ50EQlIBSX9DGCiZPoGtEnLx3VA/A==,iv:5VaIfB94Jm3/z8RB+4+kGuRco/WncJ7Uo1qS/Xi3+BE=,tag:DiGC5kEiAck1JRxqNbxR9g==,type:str] ssh: - builder_id_ed25519: ENC[AES256_GCM,data:VXzI0bSo68jt/lo8aq2iR89b/cnLDRWUQhf0BQAhViirugNA7gkQZPz3IU1JGH6iU1jtoDzFCje3vRXA/EtmRD7S2bKHg7jj4TaQOB80yrWWmGlL3rRmPvjKoAh8+geWKKU7vuoZpR2YbQZidcAFFZ5n8DpYyhcCwYTBgpcIW6/yWD2ZNi2S0BxN1b9SdThrqbq8KRU3ngXHWnWkp99cVMuOL4VPHrJDL84vdkIPP/6q9oTUDwdYERpYuhvuKBkMW4iB9eeL5527B/CqBSI1qJfwpcGDi2yh8RuRfK81p1utFKT5PNwR1ONM5Xy24bYxc/YX3DPgEsvThYqZ/UJXP6kZ3VVhPgYQ1qhz4Sg59HX8v+d0NXjfoMg2zF7bZ8qiMOo6jYtb15scgtZAFmHIh02cUShmk/YB1qZeZdXXdBcTvANW54XOYrnMNAzsPvMVvWVfbusU/38v1csEryf7GICRSvhaJ95m7pBWA9v3f+gXjsQtycUSBoWKR7Vy/Dmf//GRylUesBoBNc3wJLVgJ/YwF09O5/sgrQB8,iv:6YG9KmaDnwHEe14Rx9SlkFxg+u1w7F98yN17rg3ebe4=,tag:40sjADcJc6CAixDUlCw64g==,type:str] + builder_id_ed25519: ENC[AES256_GCM,data:A2fJMsrPr6qihmQOKMLREQCRkrPjj7e3honqyTl8tCKUmft5P6zc0/RLfHF5FiR6EUQoRTovjgu/AkN5dZo1GuOCGo15w5E1LIe3SWe1rm2qcbCfFXADHrJTPmW22sNbNXHkHEEUR9AodMWJngnbBOVrUx8pL0SY3BfD1xEfcHPTJD3kzS+DAXVvlxUWWobDIeseOprIZ6cBtG9I/yBEkXh4ErFP6VHRR83827Lvnwvm/iuZwCamj2k2iFV6LC70AxPCFgsxFX+aMK41/uurZtkS7LG0Q+/na6cj+MUtGIOTLnqEForR+3ZxeXxLwgWZarbuJm+qHfYOsVISvJjia3So38602LJINegyexayLflD4p0emIkmCDjT5NixB8cEX7sB+4rqAep/pzks9Tvhhi9sHtlj9EtCLNGXylrhkr/G+n6jV2S53G36fR35VgweIsZbW3Xwz3qunG9Aowj7n1EiyqM/Nx103yiq3AcLuY51eoWHt9PXoYgJSMngHXMl693qgEv2pQ0JqKMSSZFi02ucztROy1bwj+Iz,iv:6YG9KmaDnwHEe14Rx9SlkFxg+u1w7F98yN17rg3ebe4=,tag:CEEmiqGE3TephIFCH1JaZA==,type:str] attic: - config.toml: ENC[AES256_GCM,data:XLGu78jtFxmItlobW0m4aUdQRkOVubAohFCJD5213Mi7TtmoKe9HXgbhypLQzZHURLTwwJWgnQBSS1hf0xVyCuM2gLUEXE3MeNdZuP5tIxVJGyrSY1MIB702H6fxt1yCR5q2CXfEsGDtB08/pE1S01WZ2XKFvcGoFSDz4+8zfvk4CyTeMr0jCg7Ejj/UfywCQY6tjvgZBkynaZKDJog1xyuEIYx/TyITMoz0ge0vcdzKE2b6xbMC4ToDqTTVeG+AUCfYA9d2JzPnSHY8yDSDw2sK6yB9tMR25btUGAChn2nEejSIUxKbNm/jPp8OUugdOlwT+o6q/OFuWZLZ2sZKuU69i4kNO5+UIujkJ3AmGdHshurHQ5F6fZWlSutT+YbGoSzm1h1jrcCf3XesXReGJ6P1+zfjl0FH7GA7VbG+Q3IdJW/ZvqmMnrujfg==,iv:Frmb79vIYN09+sw84ETTGiAuC45kssUFk2ecnZt+YqQ=,tag:JZPpNPncKfxZ3JUOiGPcsg==,type:str] -tailscale: ENC[AES256_GCM,data:qGwgnZVUNWFmAR48xBzwGGrTxph9oiB/0RjaW7B9/lWpdlngg5RfffoRQdweP3Q8XhvdqhXXWx8=,iv:zXbZ0RI2h/1eMMNM4kxft1K6OQT1NvLPY/ktpiI684w=,tag:8EEtsRPShrWjDzJEG3rJbA==,type:str] + config.toml: ENC[AES256_GCM,data:4CErcVy6NQAzfTPZDjzQtRnpQm/A3hBfMYtCCOngSEcwaLmU2A6YZTcmosukEjTlfYHQfwQV2lSP8GjePe7UZ5Qowoqu3MmqJGt/1BpoExmJNuLAebr1fLG+zzCBM3HODCxACzvAkbaxuAZnUpBb7WmybSMnk/mF47vK//W3a5pIOrwuTllMOpCfpVKUB2sp7171prVujPR5l2mgQc6x/lUzN1g34ZN5dCWjcvpd5kmbVa5C6/H7oPFQIOk+XJLtWskfX2KuVlSOD0o87jcIdsitrLCjsOSZxF5HzQIa5PZDaW8rr8qHqHr6bef0lnqJfGFvHtQlV9cgFAUPLfCkurN0B5SRcYMHx2JPeFQHu2VhPXFvpPFWfOci3qt6f2Pw0duDwI28wqWmeCVHkhbym2UnoDtYTaXC2ez287D0bPgICThgZ/AuN4NEcA==,iv:Frmb79vIYN09+sw84ETTGiAuC45kssUFk2ecnZt+YqQ=,tag:WAwmcxSskskdTWh1MNrKjg==,type:str] +tailscale: ENC[AES256_GCM,data:ldpBZ8gZutQtkEMQk4vtIm3gVFw7b7Mj4qIvjVsJwbdnqT/AVaGCgAoL2OzhCsuwC2em9CphGCg=,iv:zXbZ0RI2h/1eMMNM4kxft1K6OQT1NvLPY/ktpiI684w=,tag:iesh8lUQXSg0MaHEGYCRGg==,type:str] sops: kms: [] gcp_kms: [] @@ -14,69 +14,78 @@ sops: - recipient: age1273ps5thcy70ckdt0270s2nysqgu48t38pq3wq975v3y7mf4eavsw38wsl enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLdjRzSGsrWnVwWWNSTk85 - NklWRHVhclBxNUhRQTIza1g3TkErWnNMR0YwCnRlN0gyNTRpTS85cDNNeThKSzl3 - NWtHVVhUL3JiU010dWJ5ak9KT3VyZzAKLS0tIHl6cUhNQmRGL09QbFcvUnFkdHN6 - VGthTVpsNEhkZ2JDRXRjVTRNVFoyVk0Kf7gwfWzsMf09uwljqhIUWy/xYKKboPdD - pcYxlHIETmoo95TopOzr3EDY0l2QSQ/KJ1fh6wDh+hO7BgWb/wh5hQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBobWIvdUkvNSsxYXFuZEFX + VXpvVGVZRndtajh4M1F5NnNIdloxdGd4bTBFCnI3YXNnNTJGNlVzNjdTOEdma09l + QVBKcDZpSlVyWkwxdXloUHNMT3dJaEEKLS0tIHd3Q1Yvd1k0QkxkTm56c0YwNmlZ + MXZWVlZPUHZ6Y1ZEb0Ftenp0Y1VnZFUKWLz+lAcLHAwzP7Iw22nl3Ber9SaFrDYW + 8yrCX74oHpFftGgsas9tFq7dUDi6HSm8Oc63NwwCdoLflF3zfLqVzw== -----END AGE ENCRYPTED FILE----- - recipient: age1py6eyelfttya52wc2v2ar7fx5htr5jw6snl4shx98sw8nuaw2pesyhseul enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYVzdxaEhKZmFHdzBydzJi - b01DTG1RM3VZcjZkeFVBMktBV0Z4ZHpyMldBCk0rUU42MktrN2VPZjZBTTZzQjVr - ZkRSemNCZDZCNGNySnBQY1cwYWZWaUkKLS0tIGd4dS9UUEpXb25oSE5KbGw3dThS - V3lVYUR0RnZLS2dKMjRJWCttanpJM2cKbasf4nKlo0fmgZRu2oonuAxL5RC6UeYb - A5VhlFX+IC9sMdGbIobnFG+LyeFwaNhna76vLVmaMqpWNOiPJffMnQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJV1RVQWVKUldSQzFYeW9P + OHE3WUdoU1E5T29TMjJSc3h4d0JKd01rV0hZCmcrZ1NXODZMREpxcFlDL055VDlo + QkdVZ0M5ZjhscWpjdUdtTlpFT09zZ1kKLS0tIGtXbVJUODJ0WS9sdVZ5d0lheXVF + OEt2NzNqaWd1QnQydjVQK2lESHdXcEUK00HOoJ0XmGItqVplNXU+PZQm3kUVLQHT + KV/vqpX2uMT6bgFjpu9edtQ+4aQaaSgJyUJbdGWQAc0FqpOoSzD7Jg== -----END AGE ENCRYPTED FILE----- - recipient: age15c2dquc22epmmndpmd8pa3077fdl8nyr5qehr7y0c9uvavrledsq326ak9 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmYzFHRVRmNzdlbmRhejFN - WjVBTXRhVmJDOXRWeWZtUFN2SENZU0JDRGpZCjI4akhUS05SaEZyU3lsUENQeTdM - S3VlSTU1ZTJiVkhERWtKNlBHZ05xWlEKLS0tIGI3REp4VEFnMVd6anBBZFZPWkta - RXJ0RUw4MEtvZ0w1dkN1d1h3Qng0TFEK5vqr/4e1uTxjVSI41YjkyTQbWddupcKG - VBmxMuw0l+R42paVBNkaeZS6at74Yyl/wYncZ5AEnmc4G36nNKQBsg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVVURSaFpTUm5YUS94Vkd3 + NVFJRGxyUTZNTWdZYTVHM2xXY2xCRlNVZ0VJCkg2akpEdVJCSDhlQXY4TUFZbmNV + ZGhzVWNmbUJUMllBeFVCMEU2cVZEemsKLS0tIGhXSCttVVltSmxrUEVnQWovZWFQ + M0liSUNSN1JBR2U5QlhYZFRGUWNLRXMKebDnYW3PEwmsWw8KWjCVXvnymdhepRaI + Zd0Fchugg0pFexkfJuQuyJG2R5smi/sy2ZiEU1biMtF/zA7b/GzxOg== -----END AGE ENCRYPTED FILE----- - recipient: age1c7y687sxh428wk34s8ws6kemu62mggafpt40rmanevgkuj5xa59q6f7tlc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBY0kra0hrZ3dzdjJTU3hr - aDNZYVVPNFpIZ0NXWDlaK2NrNDZRMXQvT1dnCnZpQkY0OHNaZG9UWEZyUit6V21r - elEvYit0UmVXQ04zektySFYyeUlPVWMKLS0tIGhTN29kZXpnK1R3N29YL0dzZzc2 - RXdKWlFjUjllVTJrZ2N3L1hlZkE3NTAKB/NWeAOtZbFtB0BdArHnhqwP+D4JelQm - VIARZnxi/TieprbnEYKcv8y2IT2DWCICU0EpokYSMxAP9rpnBlZcmw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvZ1B0VlhSb3B2Z2NXSHV2 + cG1OQnRHRnZkS3Fnd0p4UVF0U2FmR0ZNbmdzCkZGM2RDaGRuRlV2SXBqVG1NcTFN + dzBDRmphMkQrMTB6UGJRSGVza09FQkEKLS0tIFduZ0JsekJrTWlsekVVdjJMRW1Y + VTlXc1NEQms4K2RTcVBRdjgzWHZ3OUkKOrv/15XDnYok2ejUkI0izOr+tKOQwPcv + hd9viDdTxp6DiD+L6J9eSzn0nPyNtMQticJRyrnPQ4vv0QhfzUgscw== -----END AGE ENCRYPTED FILE----- - recipient: age1elra3uklw8rmwkevqms2l4tsd06d5utqda9d2w4qvqpz898uzuesugxkhc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiWGdlSVlxazFsS1ZpSWhq - ZFFmY2hwSWpDUUk3U0RUcUtTbzN6RzhzK1djCmxBRHJybEl6dzZJQ3ZOd1ZuWHls - WXl4M1ltb1NDN0lUUndmWVpPa1cwSEkKLS0tIGNMOHYrd0o2UWxCSmYreGZwK1ln - WXVEcFcxM2pWTEdJcG1NOUVrYUJOd0EK24SCC0BXjc4x47QlvLdNOz1LnurfIP5L - eieUM0cT1psKL8pHLYsAaRR/CWJgF5Bv4gXR0LFwSRugnLGUBnnqlQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoSzdPU3A4d1hxRjkwK0N5 + ZWN5YlNLSDJPc2tjQVdqWWl3MDVwbUtmRUI0CnZnZG1CdkhHNVFObjVpZ2lzV1RY + YUlsbTNzOHlrSDhHbVBqSTYrMlRZUkEKLS0tIDBvNTdwT2o4UmVvdmQrVzZCbURX + QmRMSGpuS1QyVnhScjNsUnNPeWJScG8KEdHaG+l01sJGLwNFkkx4E3/sGuQAR907 + aiO0yd2Ukb7rnXPZ0suzTd2eMdljFtR9qKo88JisxcE/z50XvBD5Eg== -----END AGE ENCRYPTED FILE----- - recipient: age1z5ryq3pehydapv0s90ljak3yct3qwwtt43wjp9kv48q2235s252s6fq4kc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBycWR5dWJURVQvY3dEaW5w - akIyTmNCR05iYUNhZkVGOGFLSmphUjZFL3k4CmpmeGZUQTJWdm9IbjdWM1JNQzV5 - aUxBMUp4ekJFMGNEMG84bkVIaWt4UVEKLS0tIE95akM0aVhJZ0NlTHhwdlpwcW5Q - a1RYNy84R05BTHkycXdYTFFOdTNKaUUK7MrR3ZmV7eTKbSBtUoBaYHWmVnMwOA1o - +/EuiwkKx48EslpuxhYPmoETyhhw2f1jyCr0JSWjJMlZiumCj4MTZA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLdE93SGdWM0RLME9YdThH + NWw5aFVxNTlGeGdaUC9EWjcySXJtUUNZU3lvCm8wTjdFOW1Jd3J1TG04aGM5aHF5 + YUlFdHN2M1RWNDdGM2dKUTcxMktyKzAKLS0tIEYzRXpQRldkbHorNU1sRkYreFNC + STBMcXlEMS9IVHkyMC9hUzFCdEttMXcKNquBVvFFmQtCpCxsM2LqsPRyh0Hp9TRX + msrcoAOXGs5UY0xk13cEpbnthuz9GUzffBPFfSV9lKXg/8Sz7BQzVQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-03-27T16:02:55Z" - mac: ENC[AES256_GCM,data:zzuROqswcLzVo7QFAmwJ5za3M40xOt5Jfa9aLauXjFl5Pj+cu4bFrB1GqOGYrInp6djUtwBKYGcfqu2Bw5KDk+3iiYWVp/81RQliXyef3mMKIRF/3cSkGjo82vSnnfZHjVMmapic5phiyqhMYfhWBYRr9c3gK0rrw8ai9V5w608=,iv:d8ahcsfZFyeNDO24ZGX3gwOlwEoa7XpIscgEQFUJrC0=,tag:CIN7u7gRGEY1/8kHvIz5PA==,type:str] + - recipient: age1j67v2az4egf38qaj9c6p5d38eataxtg9xee8vw527c5hnz9u744q3mr033 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEWmxNbTdBbFdyTS9IU0Jj + UHl5U3Y5SGc4dGZsanVzV3dtNHpPY0tEMVRNCjl5K1pTZFVYcGdIVzIvUE45RTJ0 + RGsxZkhmU1RMd3VKLzlwdTdWNERiSkkKLS0tIEFXeDFNZGFuMWFIRFNoSDNuRkkz + anFKQk42bXNrdTBaYmlkOURGaDJqL3cK8I7ZVNu1upyrtcpVpkQSwskJRhTo3A4D + xluIGnfce9e0WXDRamEu+2fGCa4XvgGXrAKJIu9XMdpPFzb6I0wBdA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-06-11T14:17:47Z" + mac: ENC[AES256_GCM,data:KuMT3icfjqU00T+fI//npf278ScSbBmZpPFWFQvbXrgcndFfeK9/RXMOBrAdd4Fc6JcjN4mpFmsI7BaI8C9aG9SbTgoL0l4ERIUX24uVdsI3n7+t1b1OfA0Gg5ZKZopQjCXZxny7gUSFnOWYpjSLcgxMkLi8hu8uAIKxIZAp08c=,iv:DYGCsZD3P158P03WdOcdK+L3wuZaOvpYq/dCMCObFkI=,tag:WlHQ9H9fJwjRUqacqOM4uQ==,type:str] pgp: - created_at: "2023-03-27T16:00:59Z" enc: | -----BEGIN PGP MESSAGE----- - hF4DAAAAAAAAAAASAQdALYQaKfS0Q03/fJ142bC5/iOTJ8ptTBAeD6nRdPyW2Sww - gh8tLWgoohymzDBjTDbOAF6BPFEdISUPKP5GXcpxvbVpOUYmiIEuVoNl889qqlBS - 0l4Bjw/sWX6CtWTKFKJwCS0Ur2TDAsnhvpCeG9kVQCiw36wDgZiWOT3rcg/BCudg - K48m8a+Ysd6PQa5znrAL17TTe4f+l1VQeXlWM3iaYLGFRSvHk9S57Tk3CfqwyCEI - =f+vw + hF4DAAAAAAAAAAASAQdAG8Djebj79d/OWzBjYsGlTdAN6EvZcGVKLdQ/97DNQmcw + 2sOTpvIQLR8VyHwwauT4bEm0JDchURiGSjAPxr5yci41S5fHOHTmCTmasOO6Vxqx + 0l4BYj/myKkDkctmYWcJI5T7EY0VCcpGwT7zrClMre8pf5l9gpx7/I7XTVGvZ4qV + LY74GEPjezKLw6RxlOgaWk6GxF3mEhiQqANTHcBuJUJoQPT69mceaSMqXCGhegfo + =3Kmc -----END PGP MESSAGE----- fp: 46C6A7E14BC7812E86C2700737FE303AAC2D06CD unencrypted_suffix: _unencrypted diff --git a/secrets/vf2.yaml b/secrets/vf2.yaml new file mode 100644 index 00000000..c77aca36 --- /dev/null +++ b/secrets/vf2.yaml @@ -0,0 +1,49 @@ +network: + wireguard: + privkey: ENC[AES256_GCM,data:B32Oct1yIkaD8XC8GBLRdAbLVGajY7CTMcsBN68N3JiKr49XTqG71FYbZIw=,iv:xQ7mX+xHnk353v94x2hDvjxfS5fsuSkl69cXvXiPmIk=,tag:O8YBDozzb9FiK7joDeKo0A==,type:str] +security: + acme: + dns: ENC[AES256_GCM,data:NqNi+ESPeOvg8glZRHlIS6jZTi2Rbu4QBdACI+92lTO+x0BAZsyZL1hztDWhJ+fciPAxxSZ6m+40R/4AlsauRZomzGQB+olb40qErVLwaPH/H/kBYldNxsOoDfbeHihIBB2oWPB6G956xsmjDOK/BlEElKMz8/4JDRIlukBg0pTYTwlCWsDsrnN0adTyh0ijGAWOhWcLMjscmtmd7PqzmnrP7PdM6l7jZJtcaV49abWt2Gfs0qubNnfe6YQCcjQLKvjswyYmxGUoW9sg9KIcJHXaAYuB,iv:Ye1mFPrOff+86NF32plcscrIr54PlaptoQ/l6R/WUgA=,tag:RkwZAx+EE2asVPR7Z+sEHw==,type:str] + cloudflare: ENC[AES256_GCM,data:ZXEaj2o1z7EIY5F7f5LE2LgSDsVg2I9QK1Zk9KT+gKknM8aidy7/aMQJLrSMBNbCfunb6U8PGRsxEe1aMA1aC9r040pFxJPCEOCZhdue6x0Zwh2mEuzyZkjinobfClNzLd/YzkskI+/LQK7C6j7JwSbBmf1dCUbiqKp0HNim6oNSVVM011hUTi1lneq/dpehj3iP26kPOkRg0lyybbY5P+fclMV0GTnkIVr1XLmi/hXYipowIsQWNVM=,iv:mg3iMyTVnGmzFeMSDq1pAxtL5WU7gtvv/MNlmSiU7Ng=,tag:oJIAgUItmHmKAEgeiXarCg==,type:str] + restic: + password: ENC[AES256_GCM,data:Sb4Az9BjByxzcwLGtM27AWyoBWI=,iv:AVDPKAlWxnLR6gBdpbu8tUh0bg7azVQ/ngu8xa+wCz0=,tag:v1cHJPRJNhK/D2c2Ycht6A==,type:str] +email: + lotte@chir.rs: ENC[AES256_GCM,data:jiR9Ut9rgSTAaCWJKYQFbObklw==,iv:BckTfCL+oYFGGqYbafDEmuVRl0/OEjt2oS7QPzhEGkQ=,tag:Qq39ioYA8aLOqIsOJK8HqA==,type:str] + mdelenk@hs-mittweida.de: ENC[AES256_GCM,data:RaluoRTAGUr7ohd+NVZcf/YCVjI48Lfkb3Nwuyto5GxlCrT2VKg7tGMF7qpt+A23r2rXxFJ5tbRKpIDpMgF4gg==,iv:MfYQXNw6xYpzTnftfTwjWKdLSFzuycJ+aalQ+eREQxk=,tag:pm8Z4WtgMFVnODq55FxgAg==,type:str] +root: + .ssh: + id_ed25519: ENC[AES256_GCM,data:3XmLlWopxvn2aAiqHofNdnhAew6UVxDckYxY7jLn04oQA8Vpmq57G5NV3PNlVNJCu1XWzR12vs0OHgy0EQ6T57E8fUFaKcu8lf+HVeM91N2cnSwQHq2QbYQbDaIju6OkNr0mqdu7ebPNLKoVAkyTo1p4zmoKIOvvViVkxDffGSX4J+7qE6U3wrL2MPqfI6QRUWdsdhx8Ly0qeRRpTaUwS+jnIgYQ+AE1oBzWoFGanIXko6+JqlPNltiWcnrXxhtkDUjDNkncSQABZbgkBGiNHq08mxhBIxYpW4AjlrD8TtiBn3ARphrTbyRkinB8BeH9v1Zo+K+qpbXikGm/YIgznxtZf5bYL52IvvVLWqMt2usRmIAn9jybKkG/UfjcRMB8avdMS6XzIuNg3qkPHYSvwg0vIa+gyyij4EfOn382xCEsQt/9vhWuc60b30ESW8F82KAbOqhsaJBLYAd87E8VSt0qhm33EWqa7Gf6l67kOEek5WOMWnoUFrM1ZJVmRWY6TwrMWO71AunSqtOdrZx9fsOWQ4MarCXHjP8s,iv:s60IPG8S23sP4c8uRkoqeqIQbKb/4LzCWtLzZhmiC9I=,tag:pza+gaIXV6qhvQ2JRltNcg==,type:str] +password: + root: ENC[AES256_GCM,data:8fQZUaBwU3uAdCWmv5GlEQjacduiDi0XqxOSsZZ4X8gN+C8WyXg2UNBUycBhlWl5YsVHKsnAxBS78bKTqJY5jolR9qT/4wo1VkiORyh6Yz01xIkABmUVxL21WHkyDCJVWaCbkfasNM4Mhw==,iv:nVZ0A/jzMG13tUyYGE8421hWdyF5vG6FOnFRbnlJilI=,tag:KSFAIwenM0K51p3hYLknqQ==,type:str] + darkkirb: ENC[AES256_GCM,data:vDUM2PCh0B30rE3niA81TYENspJCG2YbZe1k4/KD6grYcfGHZ/Fy15yiBzOW9efe6arz3zRTafSPYutsHEEbMXj2frq+fswl79L0Eqa3zJ1squjveJTXF37NRWPJMzfvh/tSwUFJGPVESg==,iv:REJiZl/ebqy8FosjhGox2mewSgOH8rWP33Tawl/N0IY=,tag:q0Kd3887CsjBene3dfEfAQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1j67v2az4egf38qaj9c6p5d38eataxtg9xee8vw527c5hnz9u744q3mr033 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5L0F3Vk9UTUpiazdwa2Z2 + ekZWaG1nRnVPdnh2UXBsSTJTbWxVSUNvcUZRCkt5TFJOTFFaQ21aSkRRMkY1OGZ0 + OTNTYmpLbEMxLzF2VlRjRHRLNmMvaVEKLS0tIFhKVUlKQnpwdzduN1N3b0w3ZnV6 + cDBTOVphTW9sNXBFYXZJVUVjbFVjZzAK3EyxI3keAMeO5VKe5korQWkyEedOv6iI + rbujYG4BPZUqvPyiKOcB5cLJH/24Bvs6rJAfVh+T7bu1Vsm7vxOgUA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-03-02T08:18:35Z" + mac: ENC[AES256_GCM,data:93srISz0fZVZjVHH2S+5mvxwOYBXvdqM9j/p7rlfxrqVKjpj+ClM21WzYpkCv0wzLQykts0kqMrZzZmWW5LfkaM0mJgQBJ2ysU4po78YHh44ejv/uZL/h/PoR7V+cdVDEjo/QvtBxGhuFe08diPP8dzXoknGaQ584leYGH9fcJw=,iv:jE1Y3C7bxlXIOxtlaZDkpm9j3sSoLwjuctyN34CDJ/w=,tag:RcT+LyGHuWjU+6bez2LHUA==,type:str] + pgp: + - created_at: "2023-03-02T08:18:35Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hF4DAAAAAAAAAAASAQdAMbTmCiJEar8vy7k1n5HTKDky8ZV3iXADg00Vcajr8kkw + S0SY+PBSszXbd+Yw4R4xEXuBqUi6h2FAXV9yjNUct7hvyN0vNXuBfkAc6qUqNX2z + 0lwBVfZ1zJwSbkVSnmj9FaNsgDgr4WRASrwo0Cpk1+Ge3aLE/8nDsjJxRmRG/LFM + +DnW9GLi5+sEir8b8/duI7AEdICvq93TYmzsKbhaj+VsPMtzlBmP6UeU5hvgrg== + =Vd2u + -----END PGP MESSAGE----- + fp: 46C6A7E14BC7812E86C2700737FE303AAC2D06CD + unencrypted_suffix: _unencrypted + version: 3.7.3