diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 00000000..c028012f --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +variables/secrets/** filter=git-crypt diff=git-crypt diff --git a/flake.lock b/flake.lock index 4db0589f..5f4ee5f6 100644 --- a/flake.lock +++ b/flake.lock @@ -1,29 +1,8 @@ { "nodes": { - "agenix": { - "inputs": { - "darwin": "darwin", - "home-manager": "home-manager", - "nixpkgs": "nixpkgs", - "systems": "systems" - }, - "locked": { - "lastModified": 1723293904, - "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", - "owner": "ryantm", - "repo": "agenix", - "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", - "type": "github" - }, - "original": { - "owner": "ryantm", - "repo": "agenix", - "type": "github" - } - }, "blender-bin": { "inputs": { - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs" }, "locked": { "lastModified": 1727370305, @@ -57,7 +36,7 @@ "chaotic": { "inputs": { "flake-schemas": "flake-schemas", - "home-manager": "home-manager_2", + "home-manager": "home-manager", "jovian": "jovian", "nixpkgs": [ "unstable" @@ -99,28 +78,6 @@ "type": "github" } }, - "darwin": { - "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1700795494, - "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", - "owner": "lnl7", - "repo": "nix-darwin", - "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", - "type": "github" - }, - "original": { - "owner": "lnl7", - "ref": "master", - "repo": "nix-darwin", - "type": "github" - } - }, "flake-compat": { "flake": false, "locked": { @@ -206,7 +163,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_2" + "systems": "systems" }, "locked": { "lastModified": 1710146030, @@ -224,7 +181,7 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_4" + "systems": "systems_3" }, "locked": { "lastModified": 1681202837, @@ -279,27 +236,6 @@ } }, "home-manager": { - "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1703113217, - "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { "inputs": { "nixpkgs": [ "chaotic", @@ -320,7 +256,7 @@ "type": "github" } }, - "home-manager_3": { + "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -394,7 +330,7 @@ "inputs": { "blobs": "blobs", "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "nixpkgs-24_05": "nixpkgs-24_05", "utils": "utils" }, @@ -417,7 +353,7 @@ "inputs": { "flake-compat": "flake-compat_3", "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1729993975, @@ -458,18 +394,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1703013332, - "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", + "lastModified": 1722221733, "owner": "NixOS", "repo": "nixpkgs", - "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", + "rev": "12bf09802d77264e441f48e25459c10c93eada2e", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" + "id": "nixpkgs", + "ref": "nixos-24.05", + "type": "indirect" } }, "nixpkgs-24_05": { @@ -504,20 +438,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1722221733, - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "12bf09802d77264e441f48e25459c10c93eada2e", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-24.05", - "type": "indirect" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1717602782, "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", @@ -532,7 +452,7 @@ "type": "indirect" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1715266358, "narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=", @@ -548,7 +468,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { "lastModified": 1729973466, "narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=", @@ -607,15 +527,14 @@ }, "root": { "inputs": { - "agenix": "agenix", "blender-bin": "blender-bin", "chaotic": "chaotic", "hardware": "hardware", - "home-manager": "home-manager_3", + "home-manager": "home-manager_2", "lanzaboote": "lanzaboote", "mailserver": "mailserver", "minecraft": "minecraft", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "nur": "nur", "unstable": "unstable" } @@ -690,21 +609,6 @@ "type": "github" } }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "unstable": { "locked": { "lastModified": 1729880355, @@ -722,7 +626,7 @@ }, "utils": { "inputs": { - "systems": "systems_3" + "systems": "systems_2" }, "locked": { "lastModified": 1709126324, diff --git a/flake.nix b/flake.nix index f00e2bd8..68673c6d 100644 --- a/flake.nix +++ b/flake.nix @@ -24,8 +24,6 @@ mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; minecraft.url = "github:Infinidoge/nix-minecraft"; - - agenix.url = "github:ryantm/agenix"; }; outputs = { @@ -39,7 +37,6 @@ lanzaboote, mailserver, minecraft, - agenix, ... }: let @@ -53,7 +50,6 @@ lanzaboote mailserver minecraft - agenix ; }; }; diff --git a/hosts/bomberman/system/default.nix b/hosts/bomberman/system/default.nix index 0a153d44..fbe62ad3 100644 --- a/hosts/bomberman/system/default.nix +++ b/hosts/bomberman/system/default.nix @@ -1,4 +1,4 @@ -{ config, agenix, ... }: +{ config, ... }: { imports = [ ./hardware @@ -21,13 +21,6 @@ # Misc ../../../overlays ../../../variables - - # Secrets - ../../../variables/secrets/common - ../../../variables/secrets/server - - # Imports - agenix.nixosModules.default ]; networking.hostName = "bomberman"; diff --git a/hosts/cyberspark/system/default.nix b/hosts/cyberspark/system/default.nix index 49a4d8b1..5979d3b6 100644 --- a/hosts/cyberspark/system/default.nix +++ b/hosts/cyberspark/system/default.nix @@ -1,4 +1,4 @@ -{ agenix, ... }: +{ ... }: { imports = [ ./hardware @@ -19,13 +19,6 @@ # Misc ../../../overlays ../../../variables - - # Secrets - ../../../variables/secrets/common - ../../../variables/secrets/server - - # Imports - agenix.nixosModules.default ]; networking.hostName = "cyberspark"; diff --git a/hosts/detritus/system/default.nix b/hosts/detritus/system/default.nix index 02d17c14..f5cad983 100644 --- a/hosts/detritus/system/default.nix +++ b/hosts/detritus/system/default.nix @@ -1,4 +1,4 @@ -{ agenix, ... }: +{ ... }: { imports = [ ./hardware @@ -20,13 +20,6 @@ # Extras ../../../overlays ../../../variables - - # Secrets - ../../../variables/secrets/common - ../../../variables/secrets/pc - - # Imports - agenix.nixosModules.default ]; networking.hostName = "detritus"; diff --git a/hosts/firefly/system/default.nix b/hosts/firefly/system/default.nix index a4b01d23..6511ff1f 100644 --- a/hosts/firefly/system/default.nix +++ b/hosts/firefly/system/default.nix @@ -1,4 +1,4 @@ -{ pkgs, agenix, chaotic, ... }: +{ chaotic, pkgs, ... }: { imports = [ ./hardware @@ -24,12 +24,7 @@ ../../../overlays ../../../variables - # Secrets - ../../../variables/secrets/common - ../../../variables/secrets/pc - # Imports - agenix.nixosModules.default chaotic.homeManagerModules.default ]; diff --git a/hosts/lacros/system/default.nix b/hosts/lacros/system/default.nix index 56b01145..5e8628fc 100644 --- a/hosts/lacros/system/default.nix +++ b/hosts/lacros/system/default.nix @@ -1,4 +1,4 @@ -{ config, lib, agenix, ... }: +{ config, lib, ... }: { imports = [ ./hardware @@ -21,13 +21,6 @@ # Extras ../../../overlays ../../../variables - - # Secrets - ../../../variables/secrets/common - ../../../variables/secrets/pc - - # Imports - agenix.nixosModules.default ]; services.keyd.keyboards.default.settings.main = { diff --git a/hosts/redmond/system/default.nix b/hosts/redmond/system/default.nix index 501ef9f1..d1a1cd8a 100644 --- a/hosts/redmond/system/default.nix +++ b/hosts/redmond/system/default.nix @@ -1,4 +1,4 @@ -{ config, agenix, ... }: +{ config, ... }: { imports = [ ./hardware @@ -21,13 +21,6 @@ # Extras ../../../overlays ../../../variables - - # Secrets - ../../../variables/secrets/common - ../../../variables/secrets/pc - - # Imports - agenix.nixosModules.default ]; networking.hostName = "redmond"; diff --git a/hosts/shuttle/system/default.nix b/hosts/shuttle/system/default.nix index 1b06a3e6..29a3ed13 100644 --- a/hosts/shuttle/system/default.nix +++ b/hosts/shuttle/system/default.nix @@ -1,4 +1,4 @@ -{ config, lib, agenix, hardware, ... }: +{ config, lib, hardware, ... }: { imports = [ ./hardware @@ -22,13 +22,7 @@ ../../../overlays ../../../variables - - # Secrets - ../../../variables/secrets/common - ../../../variables/secrets/pc - # Imports - agenix.nixosModules.default hardware.nixosModules.pine64-pinebook-pro ]; diff --git a/hosts/treefruit/system/default.nix b/hosts/treefruit/system/default.nix index 0f902554..db774c64 100644 --- a/hosts/treefruit/system/default.nix +++ b/hosts/treefruit/system/default.nix @@ -1,4 +1,4 @@ -{ config, lib, agenix, hardware, ... }: +{ config, lib, hardware, ... }: { imports = [ ./hardware @@ -22,12 +22,7 @@ ../../../overlays ../../../variables - # Secrets - ../../../variables/secrets/common - ../../../variables/secrets/pc - # Imports - agenix.nixosModules.default hardware.nixosModules.apple-macbook-pro-14-1 ]; diff --git a/local.key.asc b/local.key.asc new file mode 100644 index 00000000..e6524b11 --- /dev/null +++ b/local.key.asc @@ -0,0 +1,9 @@ +-----BEGIN PGP MESSAGE----- + +jA0ECQMIFZHLadz4mp//0r0BjVmDdxrt6Nz93QEoc32Gjs1AjGN7B1hkVNT+wvMe +dZbkk6QM13UIq7pf5VglpK7pKzqAb5/AHhxvsnjdHNgbcorkehFV0i1sKxCQDuJd +q4BGTSqg+FIaVGwXUz7OO1iosVpA6jLCNw/g1Os+jhrbMjIvhpQvtZkNbimqC7ut +mK1Qcp4D16ai+0rTBFeMddrreO7UnJPK+z386wEH0Ik341xWJvDvxyiLUJKun5lT +D7X7ATtX2tmLE69EN7M= +=3RYs +-----END PGP MESSAGE----- diff --git a/modules/system/accounts/users/jimbo/default.nix b/modules/system/accounts/users/jimbo/default.nix index 92ce0c29..dbf7f8fb 100644 --- a/modules/system/accounts/users/jimbo/default.nix +++ b/modules/system/accounts/users/jimbo/default.nix @@ -3,7 +3,7 @@ users.users = { jimbo = { description = "Jimbo"; - hashedPasswordFile = config.age.secrets.jimboAccPass.path; + hashedPassword = config.secrets.jimboAccPass; isNormalUser = true; openssh.authorizedKeys.keys = [ (builtins.readFile ../../../../../hosts/firefly/id_ed25519.pub) @@ -17,7 +17,7 @@ (builtins.readFile ../../../../../hosts/cyberspark/id_ed25519.pub) (builtins.readFile ../../../../../hosts/bomberman/id_ed25519.pub) - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9" ]; extraGroups = [ "wheel" diff --git a/modules/system/devices/networking/firewall/server/default.nix b/modules/system/devices/networking/firewall/server/default.nix index 647fcfe5..8c0a376d 100644 --- a/modules/system/devices/networking/firewall/server/default.nix +++ b/modules/system/devices/networking/firewall/server/default.nix @@ -9,7 +9,7 @@ allowPing = false; extraInputRules = '' ip saddr { ${config.ips.localSpan}.0/24, ${config.ips.wgSpan}.0/24 } tcp dport 2049 accept comment "Accept NFS" - ip saddr ${config.ips.pc} tcp dport { 1935, 1945 } accept comment "Accept RTMP" + ip saddr { ${config.ips.pc}, ${config.secrets.lunaIP}, ${config.secrets.cornIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP" ''; }; @@ -34,8 +34,8 @@ udp dport { 7790, 7791, 7792 } dnat to ${config.ips.hx} comment "Deus Ex" - ip saddr ${builtins.readFile config.age.secrets.cornIP.path} tcp dport { 9943, 9944 } dnat to ${config.ips.vm} comment "VM ALVR TCP" - ip saddr ${builtins.readFile config.age.secrets.cornIP.path} udp dport { 9943, 9944 } dnat to ${config.ips.vm} comment "VM ALVR UDP" + ip saddr ${config.secrets.cornIP} tcp dport { 9943, 9944 } dnat to ${config.ips.vm} comment "VM ALVR TCP" + ip saddr ${config.secrets.cornIP} udp dport { 9943, 9944 } dnat to ${config.ips.vm} comment "VM ALVR UDP" } chain POSTROUTING { diff --git a/modules/system/devices/networking/wireguard/pc/default.nix b/modules/system/devices/networking/wireguard/pc/default.nix index c9f44d69..5a4e5310 100644 --- a/modules/system/devices/networking/wireguard/pc/default.nix +++ b/modules/system/devices/networking/wireguard/pc/default.nix @@ -8,12 +8,12 @@ "${config.ips.wgInt}" = { # Define IP of client in per device config listenPort = 51820; - privateKeyFile = config.age.secrets.wgClientPriv.path; + privateKey = config.secrets.wgClientPriv; peers = [ { - publicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0="; + publicKey = config.secrets.wgServerPub; allowedIPs = [ "${config.ips.wgSpan}.0/24" ]; - endpoint = "sv.${config.domains.jim1}:51820"; + endpoint = "sv.${config.secrets.jimDomain}:51820"; persistentKeepalive = 25; } ]; diff --git a/modules/system/devices/networking/wireguard/server/default.nix b/modules/system/devices/networking/wireguard/server/default.nix index 26c5a40e..89ac7462 100644 --- a/modules/system/devices/networking/wireguard/server/default.nix +++ b/modules/system/devices/networking/wireguard/server/default.nix @@ -15,16 +15,16 @@ "${config.ips.wgInt}" = { ips = [ "${config.ips.wgSpan}.1/24" ]; listenPort = 51820; - privateKeyFile = config.age.secrets.wgServerPriv.path; + privateKey = config.secrets.wgServerPriv; peers = [ - { # General Nix - publicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0="; - allowedIPs = [ "${config.ips.wgSpan}.16/28" ]; - } { # Jimbo Pixel 9 - publicKey = "dPCtjm67adMZCnyL1O2L+uUOk0RbjA9T/tht1r+qcE4="; + publicKey = config.secrets.wgPixel9Pub; allowedIPs = [ "${config.ips.wgSpan}.2/32" ]; } + { # General Nix + publicKey = config.secrets.wgClientPub; + allowedIPs = [ "${config.ips.wgSpan}.16/28" ]; + } ]; }; }; diff --git a/modules/system/programs/agenix/default.nix b/modules/system/programs/agenix/default.nix deleted file mode 100644 index a890a255..00000000 --- a/modules/system/programs/agenix/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: -{ - programs.appimage = { - enable = true; - binfmt = true; - }; -} diff --git a/modules/system/services/server/ddclient/default.nix b/modules/system/services/server/ddclient/default.nix index 763c43bf..ab66c912 100644 --- a/modules/system/services/server/ddclient/default.nix +++ b/modules/system/services/server/ddclient/default.nix @@ -6,7 +6,7 @@ use = "web, web=https://ipinfo.io/ip"; zone = "${config.domains.jim1}"; username = "token"; - passwordFile = config.age.secrets.cloudflareKey.path; + passwordFile = "${pkgs.writeText "cloudflareapikey" config.secrets.flareApiKey}"; domains = [ "${config.domains.jim1}" "*.${config.domains.jim1}" diff --git a/modules/system/services/server/fileserver/public/nextcloud/default.nix b/modules/system/services/server/fileserver/public/nextcloud/default.nix index d5300b54..7c2129ea 100644 --- a/modules/system/services/server/fileserver/public/nextcloud/default.nix +++ b/modules/system/services/server/fileserver/public/nextcloud/default.nix @@ -1,9 +1,5 @@ { pkgs, config, ... }: { - imports = [ - ./nginx - ]; - services = { nextcloud = { enable = true; @@ -24,7 +20,7 @@ mail_from_address = "noreply"; mail_smtpauth = "true"; mail_smtpname = "noreply@${config.domains.jim1}"; - mail_smtppassword = "${builtins.readFile config.age.secrets.noreplyMailPass.path}"; + mail_smtppassword = config.secrets.noreplyPassword; mail_smtpmode = "smtp"; mail_smtpport = 587; }; diff --git a/modules/system/services/server/fileserver/public/nextcloud/nginx/default.nix b/modules/system/services/server/fileserver/public/nextcloud/nginx/default.nix deleted file mode 100644 index 4350dfdd..00000000 --- a/modules/system/services/server/fileserver/public/nextcloud/nginx/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ pkgs, config, ... }: -{ - services.nginx.virtualHosts."cloud.${config.domains.jim1}" = { - enableACME = true; - addSSL = true; - locations."/" = { - proxyWebsockets = true; - extraConfig = " - location /.well-known/carddav { - return 301 $scheme://$host/remote.php/dav; - } - location /.well-known/caldav { - return 301 $scheme://$host/remote.php/dav; - } - "; - }; - }; -} diff --git a/modules/system/services/server/fileserver/public/photoprism/default.nix b/modules/system/services/server/fileserver/public/photoprism/default.nix index 765170f0..59b01efa 100644 --- a/modules/system/services/server/fileserver/public/photoprism/default.nix +++ b/modules/system/services/server/fileserver/public/photoprism/default.nix @@ -1,24 +1,30 @@ { config, ... }: { - imports = [ - ./nginx - ]; - - services.photoprism = { - enable = true; - port = 2342; - originalsPath = "/var/lib/private/photoprism/originals"; - address = "0.0.0.0"; - settings = { - PHOTOPRISM_ADMIN_USER = "jimbo"; - PHOTOPRISM_ADMIN_PASSWORD = "${builtins.readFile config.age.secrets.prismAdminPass.path}"; - PHOTOPRISM_DEFAULT_LOCALE = "en"; - PHOTOPRISM_DATABASE_DRIVER = "mysql"; - PHOTOPRISM_DATABASE_NAME = "photoprism"; - PHOTOPRISM_DATABASE_SERVER = "/run/mysqld/mysqld.sock"; - PHOTOPRISM_DATABASE_USER = "photoprism"; - PHOTOPRISM_SITE_URL = "https://gallery.${config.domains.jim1}"; - PHOTOPRISM_SITE_TITLE = "Jimbo's PhotoPrism"; + services = { + photoprism = { + enable = true; + port = 2342; + originalsPath = "/var/lib/private/photoprism/originals"; + address = "0.0.0.0"; + settings = { + PHOTOPRISM_ADMIN_USER = "jimbo"; + PHOTOPRISM_ADMIN_PASSWORD = "${config.secrets.prismAdminPass}"; + PHOTOPRISM_DEFAULT_LOCALE = "en"; + PHOTOPRISM_DATABASE_DRIVER = "mysql"; + PHOTOPRISM_DATABASE_NAME = "photoprism"; + PHOTOPRISM_DATABASE_SERVER = "/run/mysqld/mysqld.sock"; + PHOTOPRISM_DATABASE_USER = "photoprism"; + PHOTOPRISM_SITE_URL = "https://gallery.${config.domains.jim1}"; + PHOTOPRISM_SITE_TITLE = "Jimbo's PhotoPrism"; + }; + }; + nginx.virtualHosts."gallery.${config.domains.jim1}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:2342"; + proxyWebsockets = true; + }; }; }; } diff --git a/modules/system/services/server/fileserver/public/photoprism/nginx/default.nix b/modules/system/services/server/fileserver/public/photoprism/nginx/default.nix deleted file mode 100644 index 169d9539..00000000 --- a/modules/system/services/server/fileserver/public/photoprism/nginx/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, ... }: -{ - services.nginx.virtualHosts."gallery.${config.domains.jim1}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:2342"; - proxyWebsockets = true; - }; - }; -} diff --git a/modules/system/services/server/forgejo/default.nix b/modules/system/services/server/forgejo/default.nix index b67f4198..e03ca36a 100644 --- a/modules/system/services/server/forgejo/default.nix +++ b/modules/system/services/server/forgejo/default.nix @@ -23,7 +23,7 @@ SMTP_ADDR = "mx.${config.domains.jim1}"; FROM = "Jimbo's Git "; USER = "noreply@${config.domains.jim1}"; - PASSWD = "${builtins.readFile config.age.secrets.noreplyMailPass.path}"; + PASSWD = config.secrets.noreplyPassword; PROTOCOL = "smtps"; }; service = { diff --git a/modules/system/services/server/icecast/default.nix b/modules/system/services/server/icecast/default.nix index 826887c0..f2aff00d 100644 --- a/modules/system/services/server/icecast/default.nix +++ b/modules/system/services/server/icecast/default.nix @@ -2,34 +2,64 @@ { imports = [ ./nginx - ./liquidsoap ]; - services.icecast = { - enable = true; - listen.port = 265; - hostname = "icecast.${config.domains.jim1}"; - admin = { - user = "jimbo"; - password = "${builtins.readFile config.age.secrets.icecastAdminPass.path}"; + services = { + icecast = { + enable = true; + listen.port = 265; + hostname = "icecast.${config.domains.jim1}"; + admin = { + user = "jimbo"; + password = "${config.secrets.castAdminPass}"; + }; + extraConf = '' + + ${config.secrets.castSourcePass} + + + Canada + jimbo@${config.domains.jim2} + + + /jimbops.opus + JimBops Radio + Music gathered by me, Jimbo. + https://icecast.jimbosfiles.com/jimbops.opus + Anything + application/ogg + vorbis + + ''; + }; + + # The audio stream + liquidsoap.streams = { + jimbops = pkgs.writeText "liquidjim" '' + settings.log.stdout.set(true) + settings.init.allow_root.set(true) + settings.scheduler.fast_queues.set(2) + settings.decoder.file_extensions.mp4.set(["m4a", "m4b", "m4p", "m4v", "m4r", "3gp", "mp4"]) + + # Define the source with random playlist + jimbops = mksafe(playlist(mode='randomize', reload=1, reload_mode="rounds", "/export/JimboNFS/Music/")) + + # Ensure the stream never stops + jimbops_fallback = fallback([jimbops, jimbops]) + + # Output configuration to Icecast + output.icecast( + %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)), + host="127.0.0.1", + port=265, + password="${config.secrets.castSourcePass}", + public=true, + icy_metadata=["artist", "title"], + mount="jimbops.opus", + encoding = "UTF-8", + jimbops_fallback + ) + ''; }; - extraConf = '' - - "${builtins.readFile config.age.secrets.icecastSourcePass.path}" - - - Canada - jimbo@${config.domains.jim2} - - - /jimbops.opus - JimBops Radio - Music gathered by me, Jimbo. - https://icecast.jimbosfiles.com/jimbops.opus - Anything - application/ogg - vorbis - - ''; }; } diff --git a/modules/system/services/server/icecast/liquidsoap/default.nix b/modules/system/services/server/icecast/liquidsoap/default.nix deleted file mode 100644 index 843f95ec..00000000 --- a/modules/system/services/server/icecast/liquidsoap/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ pkgs, config, ... }: -{ - services.liquidsoap.streams = { - jimbops = pkgs.writeText "liquidjim" '' - settings.log.stdout.set(true) - settings.init.allow_root.set(true) - settings.scheduler.fast_queues.set(2) - settings.decoder.file_extensions.mp4.set(["m4a", "m4b", "m4p", "m4v", "m4r", "3gp", "mp4"]) - - # Define the source with random playlist - jimbops = mksafe(playlist(mode='randomize', reload=1, reload_mode="rounds", "/export/JimboNFS/Music/Synced")) - - # Ensure the stream never stops - jimbops_fallback = fallback([jimbops, jimbops]) - - # Output configuration to Icecast - output.icecast( - %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)), - host="127.0.0.1", - port=265, - password="${builtins.readFile config.age.secrets.icecastSourcePass.path}", - public=true, - icy_metadata=["artist", "title"], - mount="jimbops.opus", - encoding = "UTF-8", - jimbops_fallback - ) - ''; - }; -} diff --git a/modules/system/services/server/mailserver/simplenix/default.nix b/modules/system/services/server/mailserver/simplenix/default.nix index ce122f08..69c425bf 100644 --- a/modules/system/services/server/mailserver/simplenix/default.nix +++ b/modules/system/services/server/mailserver/simplenix/default.nix @@ -28,11 +28,11 @@ # A list of accounts, passwords generated with nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' loginAccounts = { "noreply@${config.domains.jim1}" = { - hashedPasswordFile = config.age.secrets.noreplyMailHash.path; + hashedPasswordFile = pkgs.writeText "noreply" config.secrets.noreplyMailHash; sendOnly = true; }; "jimbo@${config.domains.jim2}" = { - hashedPasswordFile = config.age.secrets.jimboMailHash.path; + hashedPasswordFile = pkgs.writeText "jimbo" config.secrets.jimboMailHash; aliases = [ "jimbo@${config.domains.jim1}" "james@${config.domains.jim1}" @@ -42,13 +42,13 @@ ]; }; "luna@${config.domains.luna}" = { - hashedPasswordFile = config.age.secrets.lunaMailHash.path; + hashedPasswordFile = pkgs.writeText "luna" config.secrets.lunaMailHash; }; "corn@${config.domains.corn}" = { - hashedPasswordFile = config.age.secrets.cornMailHash.path; + hashedPasswordFile = pkgs.writeText "corn" config.secrets.cornMailHash; }; "tiny@${config.domains.corn}" = { - hashedPasswordFile = config.age.secrets.tinyMailHash.path; + hashedPasswordFile = pkgs.writeText "tiny" config.secrets.tinyMailHash; }; }; }; diff --git a/modules/system/services/server/social/lemmy/default.nix b/modules/system/services/server/social/lemmy/default.nix index d0349fcd..17041653 100644 --- a/modules/system/services/server/social/lemmy/default.nix +++ b/modules/system/services/server/social/lemmy/default.nix @@ -14,7 +14,7 @@ smtp_server = "mx.${config.domains.jim1}:587"; smtp_login = "noreply@${config.domains.jim1}"; smtp_from_address = "Jimbo's Lemmy "; - smtp_password = "${builtins.readFile config.age.secrets.noreplyMailPass.path}"; + smtp_password = config.secrets.noreplyPassword; tls_type = "starttls"; }; }; diff --git a/modules/system/services/server/social/mastodon/default.nix b/modules/system/services/server/social/mastodon/default.nix index 5245f636..eedc2905 100644 --- a/modules/system/services/server/social/mastodon/default.nix +++ b/modules/system/services/server/social/mastodon/default.nix @@ -12,7 +12,7 @@ authenticate = true; fromAddress = "Jimbo's Mastodon "; user = "noreply@${config.domains.jim1}"; - passwordFile = config.age.secrets.noreplyMailPass.path; + passwordFile = pkgs.writeText "smtp_pass.txt" config.secrets.noreplyPassword; }; }; } diff --git a/modules/system/services/server/social/matrix/synapse/default.nix b/modules/system/services/server/social/matrix/synapse/default.nix index b8f46fff..d889c869 100644 --- a/modules/system/services/server/social/matrix/synapse/default.nix +++ b/modules/system/services/server/social/matrix/synapse/default.nix @@ -26,7 +26,7 @@ notif_from = "Jimbo's Matrix "; smtp_host = "mx.${config.domains.jim1}"; smtp_user = "noreply@${config.domains.jim1}"; - smtp_pass = "${builtins.readFile config.age.secrets.noreplyMailPass.path}"; + smtp_pass = config.secrets.noreplyPassword; enable_tls = true; smtp_port = 587; require_transport_security = true; diff --git a/modules/system/services/server/social/matrix/synapse/slidingsync/default.nix b/modules/system/services/server/social/matrix/synapse/slidingsync/default.nix index 6ac7b616..bad4f598 100644 --- a/modules/system/services/server/social/matrix/synapse/slidingsync/default.nix +++ b/modules/system/services/server/social/matrix/synapse/slidingsync/default.nix @@ -7,7 +7,7 @@ SYNCV3_BINDADDR = "0.0.0.0:8009"; }; environmentFile = "${pkgs.writeText "matrixsecret" '' - SYNCV3_SECRET="${builtins.readFile config.age.secrets.matrixSecret.path}" + SYNCV3_SECRET=${config.secrets.matrixSecret} ''}"; }; } diff --git a/modules/system/services/server/social/pixelfed/default.nix b/modules/system/services/server/social/pixelfed/default.nix index 23c5bf69..742fb376 100644 --- a/modules/system/services/server/social/pixelfed/default.nix +++ b/modules/system/services/server/social/pixelfed/default.nix @@ -3,7 +3,7 @@ services.pixelfed = { enable = true; domain = "pics.${config.domains.jim1}"; - secretFile = config.age.secrets.pixelfedKey.path; + secretFile = pkgs.writeText "appkey" config.secrets.pixelfedKey; settings = { APP_NAME = ''"Jimbo's Pixelfed"''; INSTANCE_DESCRIPTION = ''"The Jimbosfiles Pixelfed Instance"''; @@ -22,7 +22,7 @@ MAIL_HOST = "mx.${config.domains.jim1}"; MAIL_PORT = 587; MAIL_USERNAME = "noreply@${config.domains.jim1}"; - MAIL_PASSWORD = "${builtins.readFile config.age.secrets.noreplyMailPass.path}"; + MAIL_PASSWORD = "${config.secrets.noreplyPassword}"; }; nginx = { enableACME = true; diff --git a/modules/system/services/server/transmission/default.nix b/modules/system/services/server/transmission/default.nix index 82951eff..b8d7b052 100644 --- a/modules/system/services/server/transmission/default.nix +++ b/modules/system/services/server/transmission/default.nix @@ -6,7 +6,7 @@ services.transmission = { enable = true; - credentialsFile = config.age.secrets.transmissionPass.path; + credentialsFile = pkgs.writeText "credentials" config.secrets.transmissionCredFile; openPeerPorts = true; settings = { rpc-authentication-required = true; diff --git a/variables/default.nix b/variables/default.nix index 65bd9c90..0c75a334 100644 --- a/variables/default.nix +++ b/variables/default.nix @@ -5,6 +5,7 @@ ./domains ./ips ./look + ./secrets ./workspaces ]; } diff --git a/variables/secrets/agenix/cloudflareKey.age b/variables/secrets/agenix/cloudflareKey.age deleted file mode 100644 index fc9f4a79..00000000 --- a/variables/secrets/agenix/cloudflareKey.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 e3smYA khyW35trVIvCZHYB5J5vAdzNParttdbTb+Ycl6SaW2s -0W7fSM1qoI2BbnbOuN9OHk3hcXwWZ2cgi6sme0TBx9Y --> ssh-ed25519 JvNkLw wdflnJ12VIbRRNbEGFW0LE6WaB/D5/G2pTEs3AGhgQU -N6KU0GMf1wIGRBJLVU5e1WcLvUEWk63Lr3GzpaojNgs ---- 6u2vl9lBq+MGbFb39wRyoeMyBOxCPGyO0iXeV0wwaJw -@oYپbIw8ܭԳ?- }RT/Z3ѸkZR=ˮ+z*Xf0b \ No newline at end of file diff --git a/variables/secrets/agenix/cornIP.age b/variables/secrets/agenix/cornIP.age deleted file mode 100644 index 95740198..00000000 --- a/variables/secrets/agenix/cornIP.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 e3smYA CDmBLx1/+kPZXI3LqmJvAQOXskG/t40avr+hiqyQzhA -Q/5PDnyjxUQbCxHjluTETYTAi/zO7G0NvfSF3XEYinA --> ssh-ed25519 JvNkLw V5FGN/1W9CEf3RT/nsnGiiJdOTsvDexEef+72f+Z0Ug -u1hSg+t4qO/N1Sw4t85/9qGt2TqlPDmujZoGOyMgUxY ---- 9NdLKkW30o1WRVCA0dI0vU1kNnvO2uEC36rOIbJ0wlI -FSRR}<"w{p@IvJ|v}1 \ No newline at end of file diff --git a/variables/secrets/agenix/cornMailHash.age b/variables/secrets/agenix/cornMailHash.age deleted file mode 100644 index 26b43ee8..00000000 Binary files a/variables/secrets/agenix/cornMailHash.age and /dev/null differ diff --git a/variables/secrets/agenix/icecastAdminPass.age b/variables/secrets/agenix/icecastAdminPass.age deleted file mode 100644 index 8db83782..00000000 --- a/variables/secrets/agenix/icecastAdminPass.age +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 e3smYA fPD79NPMvwiL+hHk82IieajJa9yvH649bDMGmYREExM -Ju4a1ciZS7J/OSW9puFKnLX/oXjkOg+PwJoEjRLKlYA --> ssh-ed25519 JvNkLw Pd7sCRAL6tmDvqEmuEcu0ciduOWqgD4/Ov3EwEneWxc -9/w5dGjJOMeT624ppz8UPX74McDNuOrr1siu5DR8S/g ---- b/FkQytFLY9xK+oyqe1Cw60y24oL9Z9w7F1OusI52o0 -D+v rh| -vk(yw+BSݞLkAF3y$Tlp$ \ No newline at end of file diff --git a/variables/secrets/agenix/icecastSourcePass.age b/variables/secrets/agenix/icecastSourcePass.age deleted file mode 100644 index c6ad2c04..00000000 --- a/variables/secrets/agenix/icecastSourcePass.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 e3smYA PBcCxs6ilNvC/GpVaduXRioMk/XaZtvwkTtBhILLhH0 -k7LzI2vYBumEKSQ4D08nNv254ffhsJv5bp491ViWN3o --> ssh-ed25519 JvNkLw M3al6LP872JEtRZABFRUDAq2lVsGjjRueDSchC0s1ms -01N62bVOVqq5YHQSsBO0bCcaBgN155AZ05vp+19Hrvc ---- CVPFAJml7cINyE9tisp0eHsZgCSfHbMVpQV49knXiRs -zHRZ՜734&u 5r>}jh=Ak=CkBil(`+, \ No newline at end of file diff --git a/variables/secrets/agenix/jimboAccPass.age b/variables/secrets/agenix/jimboAccPass.age deleted file mode 100644 index cdfd114a..00000000 Binary files a/variables/secrets/agenix/jimboAccPass.age and /dev/null differ diff --git a/variables/secrets/agenix/jimboMailHash.age b/variables/secrets/agenix/jimboMailHash.age deleted file mode 100644 index c33a9a78..00000000 --- a/variables/secrets/agenix/jimboMailHash.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 e3smYA nIhCitDd4goQvfnvggVnnP4bPrnxgEMVhwJNPd3hZnw -hCLbjL4kL+f1TobXASLRAPsHweXy+6vBvpUyP7RnURw --> ssh-ed25519 JvNkLw HFjvkJMgtN6ul3N4bIfNwWC6PeNFgeNHILSpDzbF/ig -Z5EdHAr46sF4bSR5S4HmQZz/hHX84qxnxYRr7cO7dog ---- F7kG/ZHu+w9Gnnp8Nw6g49+LI4/2tvt8BKXO/mzQcWY -N,ilZ1˾g`eL%e-%?G4ȺdK3e>d}t*)$Fz \ No newline at end of file diff --git a/variables/secrets/agenix/lunaMailHash.age b/variables/secrets/agenix/lunaMailHash.age deleted file mode 100644 index 6e74515c..00000000 --- a/variables/secrets/agenix/lunaMailHash.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 e3smYA 4s2R+OGOvJpMnquk2lWYOwLM4lyfyjKKfBMAR/DQWUM -l/ZbXrLnMy76ReqFdgbXb4UyGmPTf1zK5yHccFabTqs --> ssh-ed25519 JvNkLw gNXQz/QABqMnaHrgSqqzhxZ73TSpzBXkPRyuvWjVN18 -XVx2GT7wrE4yclT8Ana9fBMT1dd1eMCVAZB8e8ibX74 ---- Y9piO/cFEvSLbO4ZaRrNLP7R9Ep5pRAfP/fUSgTqrRs -7BGi8e'̋ڜ)6+jb] Tb0ʕ AV͡)Xw=Sgv^[/ Śa8ʡg \ No newline at end of file diff --git a/variables/secrets/agenix/matrixSecret.age b/variables/secrets/agenix/matrixSecret.age deleted file mode 100644 index 35a75bbc..00000000 Binary files a/variables/secrets/agenix/matrixSecret.age and /dev/null differ diff --git a/variables/secrets/agenix/noreplyMailHash.age b/variables/secrets/agenix/noreplyMailHash.age deleted file mode 100644 index 3c8d0e8f..00000000 --- a/variables/secrets/agenix/noreplyMailHash.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 e3smYA 83WwnK1TjVZv5/YQfvHBZk6nZIGA+m1U078+Y+MKUGw -Oq7LOdyHnUdYb6P/9PI/D2q9XrEaYTBNPfaAS3xK9jw --> ssh-ed25519 JvNkLw b/lUmtQXSBYgMc6YHHD7vwBdAHnLcv/WRdZudxmhrzw -1rxu0ZZ5lqPUd7acjPv8z0cxJOPSgVp9PaC5w25MRoE ---- RVHHph3SEe1dlHCHDVnjmnuBEqNeQXuXA82TAikh1AQ -/ d~wg~8"ZwWlV+ꎨ3(Kg%?#Q$=H GH:(|_s7L0٤(_{qv& \ No newline at end of file diff --git a/variables/secrets/agenix/noreplyMailPass.age b/variables/secrets/agenix/noreplyMailPass.age deleted file mode 100644 index 99ff42c6..00000000 --- a/variables/secrets/agenix/noreplyMailPass.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 e3smYA 8Hp6x3Kv9dAdm8xoYfg2J2EVrZcUMZth2Db+OCOHrW0 -byOSmkKkT2204RfTNVAzv70ojTmU2nhsDRYCl6dGpuw --> ssh-ed25519 JvNkLw oTZ7j76JP6WjEUMFqXTY4SaELWIT7CgrToebhuoLUAA -0SY4EH9UpxRAWDEHVoGcIux//t6K6CrW/Y/jp+T1xHE ---- 7YjhlVqRia++HUg7tRcGjMGMvAY3b26ygh5DgGjTR/w -eé=_`RUNjVHUgnkMƄ)JS@iv \ No newline at end of file diff --git a/variables/secrets/agenix/pixelfedKey.age b/variables/secrets/agenix/pixelfedKey.age deleted file mode 100644 index 84e3c171..00000000 --- a/variables/secrets/agenix/pixelfedKey.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 e3smYA NdClQEJBUiVogrX42OHzaM1Mb4rUS0MKfUvYoG4Y7Rk -LY1AQc18I2jYRBGDD27M6OBVswYbdozYl0EIQ+R7r6E --> ssh-ed25519 JvNkLw xVrNR1PmTJZqmZEUeb1pF9rAaeIz6ZTB6PeSNk6yA2Q -cbMa7O7HlGNa6//6D1Mk/2g0nIJlAzi04fR8CfgFX/g ---- +KZYx3ghNsfMKJf+UiHrzWwDJnUXJ0bas3bVtN23Vm4 -U(ˑ٩zZjVM~2^ M;lIuΨ\7eB[Rn58? (7Rj \ No newline at end of file diff --git a/variables/secrets/agenix/prismAdminPass.age b/variables/secrets/agenix/prismAdminPass.age deleted file mode 100644 index f618634c..00000000 --- a/variables/secrets/agenix/prismAdminPass.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 e3smYA vRsXOqDJKLJnJ1PDFKUmW1x4GSj5ATHsNpondJgb6lY -l6hkimymlfKDo5GEXcqtWaUAPN0nNwZP/SBJ7Pqq4aA --> ssh-ed25519 JvNkLw CmwQ9XCLaBqRTrUxkUsVb/j0anoA20DJAfyjhWhbuW8 -u4C+LxF9hLBUdMBmBexk9jbNrFM7c9kjg5jxh45ARco ---- z7DgZANbdh8CM7HWb4mNnLNnkDFIpPrR60rf5vTtTZc -y'pMI6܇ʣ9f:V IMV>9X;}ݹK" \ No newline at end of file diff --git a/variables/secrets/agenix/secrets.nix b/variables/secrets/agenix/secrets.nix deleted file mode 100644 index e2f9412d..00000000 --- a/variables/secrets/agenix/secrets.nix +++ /dev/null @@ -1,44 +0,0 @@ -let - pcs = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL5gkx+aHESLl7w2LOR/LgzhC/WnXv/mz499LADnZ8/Q" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnWS8gkno+ZIDNDfvux7eXWhtfnz4fqpf6PNLyrITOW" - - (builtins.readFile ../../../hosts/shuttle/id_ed25519.pub) - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF7Pnts6n70XTNp6qHxQg5KID6LcUEsz48gOMgPoBe/t" - (builtins.readFile ../../../hosts/redmond/id_ed25519.pub) - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM9HJATd+rgl0GD4/lZeidqIpQkZ6ED+03MkSKAlaDDv" - ]; - - servers = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwQhs/J6d2U8ZhwdGEV6Cj59u0Wpi4Bek98R2t1PyJf" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEqszkKZQ2GsvTM0R7DSUEehm4G12K6OsZrcRE0vysJ3" - ]; -in -{ - # User passwords 'mkpasswd -m sha-512' - "jimboAccPass.age".publicKeys = pcs ++ servers; - - # Wireguard - "wgServerPriv.age".publicKeys = servers; - "wgClientPriv.age".publicKeys = pcs; - - # Passwords and keys - "matrixSecret.age".publicKeys = servers; - "pixelfedKey.age".publicKeys = servers; - "prismAdminPass.age".publicKeys = servers; - "icecastAdminPass.age".publicKeys = servers; - "icecastSourcePass.age".publicKeys = servers; - "cloudflareKey.age".publicKeys = servers; - "transmissionPass.age".publicKeys = servers; - - # Email, 'mkpasswd -m bcrypt' - "noreplyMailPass.age".publicKeys = servers; - "noreplyMailHash.age".publicKeys = servers; - "jimboMailHash.age".publicKeys = servers; - "lunaMailHash.age".publicKeys = servers; - "cornMailHash.age".publicKeys = servers; - "tinyMailHash.age".publicKeys = servers; - - # IPs - "cornIP.age".publicKeys = servers; -} diff --git a/variables/secrets/agenix/tinyMailHash.age b/variables/secrets/agenix/tinyMailHash.age deleted file mode 100644 index 5c9d8c05..00000000 --- a/variables/secrets/agenix/tinyMailHash.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 e3smYA 1Jq7nzdZPvhw6McGTrOOZOtQ/LjOpdXTfxPHwxvoW1k -PmyyuWtzXOAVsZoZzx+s3s9PuN86b/NZx/SLO9Cu+iw --> ssh-ed25519 JvNkLw 6C5UjHQPGJuwn63IOX5YmIuHwGU3n/Cs9BPqzgzykmw -xE9TsPfuRH4Xvd2uyhDyuJY9ajNq9FbYmCTWzTddFE8 ---- G9oWTI+bBQf/Bn95G3C4CEV2bAO/S4fZGyGYnaDaEEM -3FQ,<H$}rkԸ6:ii4T0Z1Cw 4G8g-ieY2?;KJOd|3OI+w) \ No newline at end of file diff --git a/variables/secrets/agenix/transmissionPass.age b/variables/secrets/agenix/transmissionPass.age deleted file mode 100644 index 783a396b..00000000 --- a/variables/secrets/agenix/transmissionPass.age +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 e3smYA DjFkxMzBbXups07bIJzK4ODIsAk/bfP8DEV2mFgQEkI -6i2ofona2MwxuCKozsX48X8Ea+Yd/kaIJCJEYdXSvj8 --> ssh-ed25519 JvNkLw NmD7NAzm67c5Ads+nA8n7aNeWBhSppmTG+iTMdQ/4Wc -1XV+cdFOhGkhM9iz6eK2unElDCMz63SCDkG0thN150E ---- OXUzxk3bvjEQpdIQNbf4oPrPUbY7KQBs9K8QdMvpRhU - = $j7GgI_54c4ZcymF"y%K!~c|ufX$Gv -+ּUJ P7-%s \ No newline at end of file diff --git a/variables/secrets/agenix/wgClientPriv.age b/variables/secrets/agenix/wgClientPriv.age deleted file mode 100644 index 666a91e8..00000000 --- a/variables/secrets/agenix/wgClientPriv.age +++ /dev/null @@ -1,16 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 /ZcDag zl9Hh/03ChyHbNPUg5Ggn7LWvG2QVQmigSdBiAHdrxw -i9LUKzWmkdBn0VD5tq7lNg2GPVbvV1LMHOqDeBijS/I --> ssh-ed25519 GKCTHQ wShLKgnCwo3+jmjqDX1u4bAbTP3AJVSm4P0SrVsSsUI -ufAyoYVnzNka44tww/6Miqk+9LwqwLT8GP2m8VLHpxY --> ssh-ed25519 BctzVQ sIlr4byLpFH9Qo96gxOKqhhXp8A0wP5WPjMJXTFeYFE -HSX5mL4+PeSvXX+LwxC3WvSw1EfZFCWazwq4QSKOcYY --> ssh-ed25519 ft2jqg Y0SiMwU2T2WhwD8EBLQNHhbWp3ltYKZOgpSwyMbDtF0 -Yjfu+/CtJ+ybyoq+pueoY5Np/SiD7lJHJoBLmTnsAUI --> ssh-ed25519 m6WZAA 01h6eDQ6lrpZnaof4DbxMEde8aDEbDkIV86I2cyzQGc -dv401nIANBXWzEA2/MgMZpbagAys5nJPxJqdbv98v10 --> ssh-ed25519 ZUFK4A J0C4YC9eXtMh/wnUY/OfNlyhIi6oMltBWkaMP2ECT3k -a4SL4cbI3oJpmILt1vN2E7yy8PBhvk88pYuhsHRx9b4 ---- 1uXOqr769IAt4zPnAWiy6r1oh9bf/MKwZUJn0Mfzb/I -|S4ci< ->v@~,+w[Y>,QfR/e| OL\+q \ No newline at end of file diff --git a/variables/secrets/agenix/wgClientPub.age b/variables/secrets/agenix/wgClientPub.age deleted file mode 100644 index d4035b77..00000000 --- a/variables/secrets/agenix/wgClientPub.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 e3smYA mRlVqaa50qM+f9Nhoy4wRumpweW/YnTXm1Q4T//ELVI -EmH08n178gsOdur6TwLnwx+YAYfq1zesGrI3/tQut70 --> ssh-ed25519 JvNkLw r7bS24QCTg+QN8mDEc+fBkH5G19eYYaHQzNZLekM3U8 -+imhQJJdwJmEIDABvkazDT/khxmADfmuDaz6zi4SxJw ---- ZDa/qnfp6naVMNo+xCNQgeVT4te78T6dkYPUVTacvpc -ƙٔ%^Z澩`E~-!FҊ fǀ͠Iuh9CZ\^|ѶOOD*ak.[ \ No newline at end of file diff --git a/variables/secrets/agenix/wgServerPriv.age b/variables/secrets/agenix/wgServerPriv.age deleted file mode 100644 index 9e4a347f..00000000 Binary files a/variables/secrets/agenix/wgServerPriv.age and /dev/null differ diff --git a/variables/secrets/agenix/wgServerPub.age b/variables/secrets/agenix/wgServerPub.age deleted file mode 100644 index 9a0a8246..00000000 --- a/variables/secrets/agenix/wgServerPub.age +++ /dev/null @@ -1,16 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 /ZcDag 7KYEycha4k8XapsUdObvvuDRJ0NFhuQD9mIStgcGUmU -CVBQlNhrviAUVZbLQdFwTgX/kw28P4kic1hbfGTNGHs --> ssh-ed25519 GKCTHQ ZFT60A8kpAGl97DOHvEDpe50eLlL4POSuGD+Rjjma2w -VMG0fmwRecJTRnKo6DIrAiXheHPonDeX1upsehtf9y4 --> ssh-ed25519 BctzVQ WlxIEZPFAKi1nD2wxyZ0i2uuMOqFQStDaA/qPsRabHc -rkU3dmMyMQXbDfrmUimCVSFRWTtgfsq6GlCOzzE5q4U --> ssh-ed25519 ft2jqg EnTAY36wZTE5CYMS/O9KZB7QL2r444F2a+KZ70CEJXc -U54qJTJMNFd70qPO/YRcB/I+LqiFYnv7qJ3DujH6xwk --> ssh-ed25519 m6WZAA t11cOv2J2xPYCiFuwS/WAAR9sq/K9Yj6+I8eRyQM6g4 -o3382vvwCnrIWyXFFaNDnFtEpbYJ7k6myfrM+aoyUnU --> ssh-ed25519 ZUFK4A SBejT9+GAMNaps+Q7Bupo0FehBAsRDAGz5nimJ6QvxA -WqZvPqm1+TgKK8Mrbh9w9I4RUyyy5l36AKGPeQXaBlo ---- wekIr1ZsI+b61xeK+ueUfs9e+D2wF0ewltiHJWaLKzA -A^uJ+-P/e -|/K'"87tn9|V Kw֦ċjjZWR \ No newline at end of file diff --git a/variables/secrets/common/default.nix b/variables/secrets/common/default.nix deleted file mode 100644 index 12a2a517..00000000 --- a/variables/secrets/common/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: -{ - age.secrets = { - # User passwords - jimboAccPass.file = ../agenix/jimboAccPass.age; - }; -} diff --git a/variables/secrets/default.nix b/variables/secrets/default.nix new file mode 100644 index 00000000..7452a13f Binary files /dev/null and b/variables/secrets/default.nix differ diff --git a/variables/secrets/pc/default.nix b/variables/secrets/pc/default.nix deleted file mode 100644 index 8f6daf3a..00000000 --- a/variables/secrets/pc/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: -{ - age.secrets = { - # Wireguard - wgClientPriv.file = ../agenix/wgClientPriv.age; - }; -} diff --git a/variables/secrets/server/default.nix b/variables/secrets/server/default.nix deleted file mode 100644 index 2a3fc050..00000000 --- a/variables/secrets/server/default.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ ... }: -{ - age.secrets = { - # Wireguard - wgServerPriv.file = ../agenix/wgServerPriv.age; - - # Passwords and keys - matrixSecret.file = ../agenix/matrixSecret.age; - pixelfedKey.file = ../agenix/pixelfedKey.age; - prismAdminPass.file = ../agenix/prismAdminPass.age; - icecastAdminPass.file = ../agenix/icecastAdminPass.age; - icecastSourcePass.file = ../agenix/icecastSourcePass.age; - cloudflareKey.file = ../agenix/cloudflareKey.age; - transmissionPass.file = ../agenix/transmissionPass.age; - - # Email - noreplyMailPass.file = ../agenix/noreplyMailPass.age; - noreplyMailHash.file = ../agenix/noreplyMailHash.age; - jimboMailHash.file = ../agenix/jimboMailHash.age; - lunaMailHash.file = ../agenix/lunaMailHash.age; - cornMailHash.file = ../agenix/cornMailHash.age; - tinyMailHash.file = ../agenix/tinyMailHash.age; - - # IPs - cornIP.file = ../agenix/cornIP.age; - }; -}