shelvacu/nix-stuff
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

stuff

Browse Source
This commit is contained in:
Shelvacu
2025-01-31 20:58:43 -08:00
committed by Shelvacu on fw
parent 7e8f498348
commit e992fc8637
7 changed files with 142 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
common/sops.nix
View File

@@ -15,6 +15,8 @@ let
userKeysAge = map sshToAge userKeys;
liamKey = config.vacu.ssh.knownHosts.liam.publicKey;
liamKeyAge = sshToAge liamKey;
tripKey = config.vacu.ssh.knownHosts.trip.publicKey;
tripKeyAge = sshToAge tripKey;
singleGroup = keys: [ { age = keys; } ];
testAgeSecret = "AGE-SECRET-KEY-1QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQPQQ94XCHF";
testAgePublic = vaculib.outputOf {
@@ -31,6 +33,10 @@ let
path_regex = "/secrets/liam/[^/]+$";
key_groups = singleGroup (userKeysAge ++ [ liamKeyAge ]);
}
{
path_regex = "/secrets/trip/[^/]+$";
key_groups = singleGroup (userKeysAge ++ [ tripKeyAge ]);
}
{
path_regex = "/secrets/radicle-private.key$";
key_groups = singleGroup (userKeysAge ++ [ (sshToAge config.vacu.ssh.knownHosts.fw.publicKey) ]);

10
secrets/liam/main.yaml
View File

@@ -1,7 +1,7 @@
dovecot-passwd: ENC[AES256_GCM,data:pcj7T1AKqZfMBGiHiihW0WxVKzAiy6xsGGlOhOV4IeHPEn+SXNoQjTQQVhZoNxYsENptH54SgWwlMETCcQrQzq6prrktlT3iZCnwlwvzaNRXrMe1mk/WT+OiTpaQ0PWGfrhVkQXj4bxWKCRc2i3NJxm1AtYfE0nNL/1dUk9rzwYTH6zjiQFYmZHbwzjtxiE3YbZCwYnpNR3Ql08S4kNf5TtsecFtTY1VOPFRycjEfIIIUbVLUM06DZ5savKVNRdgaVMUuXyPoOxy65YbkwZ9vkoBleRShY0v6FOgG1YLmQmr7f8QtiHlFbA0NJ0vUkg8bgSTsw27jC/JQU0qTSNVrMHgzfApw6GUQgGTYZK24tFCVNBJ3sxvTbuVOcShy01yJA==,iv:5gTo8ySgq//ZaY88F7AcAa2CEe2hXR415EqqSsYIbF8=,tag:DOf4yEXW5kzYAL89KQOAdQ==,type:str]
dovecot-passwd: ENC[AES256_GCM,data:vl/0KAYXa/cD27Zc9MXGD0dBL8moO/3E8/sV8/NOjJLwKPPpbscyUUQK445k65Usb+0tjWm97tToY+0cpUNZRBhaKCLOgIC5dCZMG1ksdN3frJfbREfHYcm9QZHI65uaXDD0Bxlb3yj5WdiyWfkucYNfECCH6HmAZ7SL9EGWFI/qzJnQDFLmXLFa7IK5tdo1j1aZOYW0ZtqgtR3i88QyxEah8alEQr3kJgucwcEHp7xf9vItlB4/Itr1oXP+DjFgO4hB4fvDuUta//H/i2J3LX+nlKJG+AP3DDKtBnQew91lCLX26KVPXwVkxcHWcoOXZmGnRjms92WbitXm+mubWJQpfR+GKTgMx2rGFNrvm9tfh2SoKQZf+MG+wQt6J21pP6vb9T+zK+zIxgm92Vpw8vQD5fXAZGQb2fCDuChwmEro,iv:8XxopTXYdaBm3A4ZpLvzCyEHQWhDo1Ai9Uuvvb/2l40=,tag:cOeJJCI4byvPV7waRZRC6w==,type:str]
dkim_key: ENC[AES256_GCM,data:CZC/1U1cJUIyNhXAWp+YFJd0pZZKvZClJxOh3uZ3YyfEQBiK9nEQryAJHirpFXAmZTcGhsuotkAuJvVQtoh/pM9YGkrncCKlw+P96hiafHGoSOnqd77DazcVERwGEGYBPK7fIZfhpAaYiIvjwq6FbMzkkZ4vLcYRNRj+LCtrXu4K5cy5ZJaRFkLCiaIVHhrOfjyhDFCkFBd3pZ/oCGH57teisjFl+LWFqGOQFyGs3Vkv0bY1fUTUtFvpYcTdrRe6A7yI3OGveX3Q9JnDKD+PBqHhd/a/OjBF0Xme6BeipRnv6/Md2F5LNDfUWugOtDy0xigtWAp/mbVel8GYgTXEQYv+sxVu0kFM7bX8fa/A/BHNx98HFoScwLCt8VmCc26asfGvGFfADrJMBIk2IbmqjQ2NV7/ejB6Zym7tjLLpYI24LBAyZDH/Rtw7CqGPmpHXCQ9xILFxLMdqMSmgPPJtF/75qFICCQH2p3CHj7b/TmTpu8RLIVu2pxG48u4VnUgJE1zPBeaY5EY1uS7L5sF37CI+vMy1mY/3m5ZsWeOu9YigZouYy/Y6OrdtOzaEVaipQ2cYirD00MOYqO57izmjuUdw47OJ5zK7XInR4MHoLX0PfdJiw5Oq8OVir6KJf9UWPSXBbSZlj6PMkqbvQ+7VWJmDT0jKTbRg2M1eZCbcRrJAnE/YenMqYFXiVY1dOGjcrrxUn0zcnJ51UJmfDU2+UQc7urBVtqm7jfegudQ+Em735ynclMfYRWvRXQGQUm2YCUFXTwd6RhY4hHb32j6x00hi6iLjt1gjlMx8pHAcVbqcOdHFoLvNe1DlBsl/7jmL7otyY5m1VF3+H0tksDTSYfil5oudMEECTPypsZfp8iLU4xgjuh/+fXjZf4hQJMiA6OaGMw7R2cwvfiuSaHL/iz57ZtlHFW6TMWK77UBU2xZACVfylnqEaaIgzhYX0/wAsVQI+gqt03EsUx/AqlCFOCrOSwjov06k2bTDzSDcITayLkf9UjwOo/lmRz+7fCfvCaw26wZCEsEtRBfLrZc+Ibwq9uvNDsrV1hthi0qh1ngZonQOA1Y2NURDom3VMKkfu++nFIV+CGrAI5n0CVlVLkJn4RbPCDcmNGd9Kr8pYv7rU4MnMmD2n2M1OzAJbScrbb+f4Z8hEOIUk0dMVxOr/clrg+7F3vqceZC8VTzBbBAH4QuBAf67VwmZTpDB5bobFv/UwEC8pJ4HWmKcBN+s1QihtD7x+WYz+8pSNucr+oN56fiY8xAyvFFyTE7/zNWlXVi94E0is30q3/ZB/Gog5eOQT21tOI4Ak0N4y+ElfNIXSqtEUGhck2DIjfegygpvwiuu8ktEZwje9Q4SAYK8/0THT8ANyzDunwSocMdztL1zF6/ZhDub8hmOuaRJWotXzmL/zCXSGR0nEPXVSmyXKwHt/4MMGkasXOXetrENKIwDqYdm1eZBMCl8EGnyAbAo21LAfVTI0GLrNoFWNTPkpBIo3dKoBofmdRei/jHtQmBtvaILUv6UsIAyjJ+x2cpARW+yMIrv/0g8MnDMj4cCiIFk+AIXI279BvMrkVP1cOA7ESJkLe1hsL6+b7lmrhAWK1cpDnIWTXJG+v9aKlc0jz9D47gr7kD/ePC8sMaI95aQBbA93ftzYhKzsU9hINsU/IKGmT0rXS4j/BPZ0o8uC1HRaMjdE5Z0KHsebS9tn8lXfHFgX5wTDMaES9h+usUJrjc6F1lj2zYP5oTOjM8YmN6YQedo3wmi/PnA/8YMXz0tRFAZvg8VAYYtsfdV/2GLtjfD2YRK3iHsg5+GSEwqFafmWGgr+uhsl4JmKiASWJvx0Ron8RwdEzK2MC6WD1JERLU4UojOfx2xy5v15eveNnEufb7o1MJSAbjuRbVYiABqNFjIwe9hquIyTYVsiqiXi6fLeIV4fsTtiI5LLKx/6dOw31nFg/WfFWzvzLiLJ6b0NZowECP+Rsvzl3U0Qo/LbePyY/o8UYOo7u1zLpzxIOPyTqdKh64WqGYnqXmWy1ga57vnyl9mWhzr9ZlEuhM+0U8bVelIXmLTZp1Nredrs8E5ERdVnKmThbrLr8GvJAl4B7g5BIrGhSBB841wMm9h/SheKdq8SN9gUDRNgW0QNFkflBhX5ZsAHlPiJxddePbbAxfChv+ClG0oDuFDoSwSElCRR9GRayLRiws6CCDhviU8ub5JApSPTI9p/UjSJePSj+GqyqljTge0J/wgxRL2pAHk1HDQyOnv4kFZ5UhMFjU6GvbuPl2W2lqICJOcK9UuKdvivGsYkSSrOfke3mZMh52/f+03ciZ4xlwjDGV91kGONq5GME8dFEPD093xg0KbScfWanRWSoV3fOxitPWpcJ+xuNnDDOHjzLOYgt07u1QQs62rg/6BII+1XKBowLwG9Z5aWexZ3yCzrOR70pLRWPbOJNCAggEIaTkIa0ukOlaPbGzSZ6LuIyup7ex0Uabd2cOuvmAdMqGwnIB7fhtkdR7G4iDbnUqu7hbFurJn/3IZalJvbyZUuvC5X4oGU/CTWzDtdSgv5jQQ9qnr9ehCNCWjdg9T05v65XsW/OwHnRUN8A+1vxBIZ884lvFoOhJYeKXMufdAg4bCzUE/kdctRPwAVt3OjLnykXYcJV/3Ch+YIwv2vNA4pXqsMw8wgxX7DCvrCrVpkZAC1JIE32aKCXrN4tRUMrc0mnqUXa9M1rc6HCGa/vFCMj5ZW8xP9mOG+HEJFiJaV6ydxvhI7NMyXW2YDSxVh5RMMjXHUBq/bKMHPrLN57qmzvtcKUNcmS+VTvjS64wZlUsA1PEVwaJ/EQVAaY6ZeZi0CJ2A3YpklXYJpNqYhv8ICtFK2Uf6STfNYGaLTW2bgfZpWhic1y/V4wAWKa5A/XALXec+ioFr0foQR2ADiUycQYhMLZPSKPnWhcmwUPY+KPrjP11raVSM4ehtKdDlrbL3vmw6SlwowveyC3aqiceYzISWAw9o+ccvLs/bedEBeC2af2V53/vIuN4XYWjtZArRyqpzeeqlnTOb7vhpI84plXJdGHlmw0bml0yV3r3ucgB50wbAMRvQtJQ6ePPfOLOYLpDYFLPZJci8Vc3vRInskPOF39m9tSTT1noUSRZ3IxGi4LiUT76nAgI8BeTp3bqNuA6Of6I4yYS4Jmmby5C5eel0Ozl3gkMk1xuM5UTwcE7EDkr9rnzxs6rbx3CpQB3y6QB3tAe00zPpMm5YKJq1AKqvSzPco58g1vVu06e3l+tcGyt85t5wQTco3OX2kgBBxsiA629yAWcSIqKFZ+o7nTpA+zZmQrjVganWflbOhVNkvRSkLpThkYVlnkqBU9ixzQa79xVOF3WmNYBhdWfnO9VxFwE4MqgpOyL7sz0PsV5/ZsOy8m7DadM3GCS2mFtWZiM1RnGCayZvyY2KFNj3I8qM1HGMMfeF+3KXjyCBSyBkD25in85M0QaPlMzBxFZupSoleJLLwqd4BfsLk+POiZjLQQseSDVSqrjqWyE6d+baiy+m6d+z6sx4ojRf+q9wlMjZ2oRa+wsLnhbCrdHsZi6Q9eZawU6Vlsy3/KjarJABnapJsMbHYTlwPHlPYU6Du9T3lO2aJuTewOzA42Aoqm2Tlm4xh0GRV6Rx7najkMjc3cex1DAu0PNaFzWVBD7yPuv9FS+DzdEneEj9Tx81v245I9U8Oc6yacu72Ry2CG03ONld70oEU2BHrIgswoyMNg72hnhot9jfDutjJrB10b65pP5WZOAUGtwDh2a2KrdnYG/TGId+ehnkkwS2Sd87/CM4aaSYlsVneId6bXYpUcxSLroXUAHsigA3rjMpNpvR8XRiQZUfLWRQ+d8gyL5PVLp1H7R6LEDO4sZP8IuDJfxDzlP0Rh6GOQgu+dlkcxWGVHQxcexBThMURJYVMhTDoYopEfUqo3j+q7Fla4Q3HdypKg17VyVfEA/J7Nie+eDZvTEuvX0jWQmGAFdC9GbkVuT7hlzYx4kZ6/B81kVyQi8e3L3ZBAYHQXbHeK4GhSWQDwHG6ZBU16KrD6dhjIvn4HlXaGYaPMvv0Rp+yjeiur/n0NOWyvx0R1RrksbsyeaLIEDhOS19wXP4kiDrTR2qJN4LHcWu3m/hYuB4Fj72qyr2K7osXvbC/up2bSpY0IOcei8Nc/hIhqoe7uM4Jg3cpXt0hTpcDZ74HNIsd/6f592BqpoXIy5Cr1ZOxmnpkHdgZIyJ3KqwZEhYa7pSkOIIEAY9EnTPm3ViBHQdqjUpghYNzntO8EomNNw0sXUFFrwlGAY+ntLYUty0kREWt4l8Iot+XblCc8FX1gKYSqhnJOGjHHjOHO22Cr6NPJdcHfgkIBCknwwFWWMRPwZOomE=,iv:7LF3l52m6YRKGd/8rxDady3AbSEcXuVRsIaLlgNfKOs=,tag:UCjMRgFZFHQyXY5NfbZRcg==,type:str]
dkim_pub: ENC[AES256_GCM,data:XLYRTAviK+r6DnRU4+lc58elI3FJ+FPsB1A5sQOk+pb+fNu7zFCiZdz/MwTVkE9izDP1Onv+VhV8sRgmxacTv4nW5GcukCrm3FmCp2jm6QF1/40/WRv6Lkbek0tV1bMOQPy9Zj8wdO9M05XCXUVXk4x17rj+lw8ApwJS2pJMoultMFx34tx2pNEnmO3MFtuBOxzeU2yP+NhF2sJNA62to78AiH5EblkoF0a6sUYk553U+sv3Ob0lo1nSv6c8zwl7y1WSNQnLK+/3WxSVGfePHVsVM8Zze1KFTVLQQggIzWTdcr7AgcTGbk3kaYCeucfQ60pVlqOyPnkJoUJ8HR1RSajFk6Ylzw0xBpY85qAXNT2YIRiq0HTUc1s5lD0luXLQEP+g+XUwZfzFRZgt1nWBlPmpbj2Ylj1FfrA7EXsIK9nyo+rf0qRn/4HusJATr9ddYmZdxwazl1FXkOKLHPyu1NlzwoTNSQQgMHlzxzUvrrv7+mI2nQvXRx82TSRytqrMvoBTF1NFX+pRjhNg9fcq0oPJ2ORqOVQsxzhLhB+tw7Cg+UHGWlnKnkqaKH1JDmOFyJDB96aPUnSQT2J8qkyb+hMBXz9mme8rZopkHrA4WyDXv3zpEi0P5Sj0DDwdRxKMdDdZ4hw79YQIrd63cIorN8XG6Icevb25LfekLEq/C2FS8+kADagyOM0uzCw2p/qacNz37ZNGqPK6gYkjnyoAfSm14zbgoLX/5dnf7eCuMatevTm4AcE53RawQfzz0YNJuEv5uqD/WUy+UIKHIwxPYY9FWBBPmH+8eaPC1mMPh54I444b39FwpnPU8GwxEPsjRg8TSnohawNmmhEWEpmlawEKw+C+BE6A2DmVJzyeBvVRwe/W6CPgyYxgSGWUuvfZFm1GrzwZDjCOEMRn7qMwMBxh1nr2BOAiNxA38UtsymaZO5ZOknClWlKIkIFl8NJdVITNNsI48KMuSY20o1puzkxMaAUH3OrGEhtoHrEOeIq+KCFzH2gZo6L5hbv9CHM7QgCYsbtVIMwL+cRZZaSNubS3K48OmWJnHNuqkcrSI4lqfjLhz1DbnQ==,iv:/cNMmlpq9LSOk0MwVq8NaWvp47q68lKWTx4s5nkwF5c=,tag:ZNX+yZsSxdhFsavDpX380g==,type:str]
relay_creds: ENC[AES256_GCM,data:yWG53NaiA2s5aUudZWecDS1+fOURTHd0D0rNxZ9Tud9TsTO2F/6+5i3vRz/4qP4FoBexEVoW5Xhkqo8o8OaGOpZHh/Nla7TJTnaSCgJw9QPfFoRNiE9f46LytXYThiCGBdy3Z3gtNmSX5BQk1zNI1TiHBFG4IYfauq7e6jJ4Bp/9z3LRknDITdlLjzAPjIO5kUG95IrQQCl3SeAjS+LwxPFRuV1+zWNdOXJLmSeWv1JcAcyhkwutMhQYRGMaS09bbXp29N8DX3lsAK9pYZLr5F3gXwOrZN7nG4+K0KOqfMI4UcLpIOlCPdj9XjgAYcWC+LL5bA0W53e7je3IDVebevDheKPowKK/A6le2TfqXKfhOVi4qXaEsjOBIJzLylOqXoAb1ZCM3nTHCC3M/r3/il+6RnFgISOCHezTiEYM,iv:0kAJzoV/HEIRuEAxzWAaQqwlzWlBSwklipWquF9WeoY=,tag:SCQOQCXm6kmLSYhkT6dubQ==,type:str]
relay_creds: ENC[AES256_GCM,data:o0FIKyqYHo1mndY+TC6TopipDlZMoyePPPRF62+WVegWjnz+dG83WTzIduJ6qdzlkBH0tgYfau7aIzYaDWZAd935efxvwTMl8lot0xTa8SqAYxQKDkTcpUhaHtu9wlpaqv31vzPdGUJbI17e9ZPdMEPRNaEYQkYqP2YoagO17WRbzIOax+XTP08pyVJChDG++aYlkuScOXQyM830hDy2xCYA9OHN4BeyU5mh6W0BiXLYIp9oOh0y1We59CUKeo0S,iv:JHgLeQO6XE5VYsoPU4YrI+LIaWSETvfnnwjrlTc1n0g=,tag:cWafuECJy2Gv5BMGKG1NOw==,type:str]
sops:
kms: []
gcp_kms: []
@@ -98,8 +98,8 @@ sops:
bXpqNkVobzgwMHJIdHBFZ0xDZ2RzcmcK0m4awMUrdwYvXO14L1hvhcaGgLOW3FCq
UU1Vc/vX32Lsu1BN4aXlTZ1jHD6R6CnV5TbUTcM/jxFRKoRzDwdJig==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-10T20:44:49Z"
mac: ENC[AES256_GCM,data:tSTKCP7HUUCSCrbeiLutPghjfbL9TsxuCmbARUqwQBH8pyeOsyFHyPCqmqjCDSu2ha0QTldNGM9baiIQa/05DV5KNmFfVuoWy6dd4/3L5yNd3FPkzR2SvBua1g09YZpC1G2IaGrOcqBEOY9baILeBGgXfxRtcpMVAR2C3bOqJyQ=,iv:4phBdZ/4u5DAbUn4Z7pdrJym+iG9oxZSsIPZqoDEqco=,tag:RJn0416yl+0FV9bTu5tA5w==,type:str]
lastmodified: "2025-02-01T04:58:08Z"
mac: ENC[AES256_GCM,data:mHRij14Mgi9R2q8AzD8Pwu5HZ/hEXaLwVCtzUFyhnZ5kCcJCvVlSvcqbr1zaZW8uaN4WMeE87EdKW95uo7pNuRQF2j2n4y52t/kNAodO5+T0kqx41wVno1z+tGhZC1MbwX1K3Vri7McFxbWLguSV3KUl5LFA0+xc8VkuVa5VMNc=,iv:rJKgHvpNU42WvHzFRGJkIFGAtnJK2nVOVylKrCgaS8U=,tag:IRO4Aefa0Bz1rZgbPjS+jQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.9.3

102
secrets/trip/main.yaml Normal file
View File

@@ -0,0 +1,102 @@
theres_nothing: ENC[AES256_GCM,data:yU0XYQ==,iv:7KHLXMCHt1vhYn/3dYEk3u8uBT9FNjwj5KbMSoRn/K4=,tag:1zPWrIb16c0Bb6iAJsD3eA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1dzdf4rgep3ctk3dnrmrqtdgrchaa8nszfc4dp29gqwsst3z6jyrq57vfsj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwRTAvUkUvUkMxZ0NFR1Nu
VWxmM1RIQ1V5Y2J3c2xjbUY0a2YzOWZrN0R3CjdoYmJIYnA5MDZ6RFlXNnZaeVpS
M1pUeU9sekdqM0ZsZzd4aVJxemNPSlkKLS0tIE9FZWZ0WTZYYnNaSmZHc1AwT1ZU
Q0w4QTN5Y3dNMTJENkE2RWlWQVBaS3cK/1ZsmvL1SDgxbP/mtju5GzGeyDFYVGlk
08Xd0xLOszBZYrtgHv10aY7UnNdj5jHZNM5wFyXEnzkzg+qAIRtZSw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rz75dqzfd6gulwh270ukmt5amcau6j8dpxgzx8fm6u8sjkyx9usq69y4s2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGNGwrMjF6eEQrQ2prcDIw
VUozR0hYTm9NZEp1b2tsayt3SVFPdEJyN0NnCm9oNjRVL3QvcjB5Y3E0MzRFSHZG
Z2MvNVBZNC9YY3pVNG1uNXRIeDlHTlEKLS0tIDk0Z2o0U3VnWEhjMUk0ekhtWm9h
RHRjVHIvbnV0VTRoMmVzYW1Cbi9rRHMKlaXxRini7/7/Do8eM/xo+6GYUrcJl/dB
zyYymQ4nmyGmdZIl7420bl9jKEt0aKKj0IAFSHYVSuhptK6MsdV59A==
-----END AGE ENCRYPTED FILE-----
- recipient: age13x0f3glnz4jvqty2v92cxrrnjcna6ed4qegrhulw9jjy08zuy3aqzvrfc6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvL2Z4SVFoWDNVOUNnMlVV
Y0xwL1RRakJ0aFR5TXhnZHJqeXRtdDR5VURRClJOZ3RHVkpFTHl0dGhET1ZmUnZG
WTBxTjhiZFc3aFdqM25jYTB1SlR5em8KLS0tIGJJSHVsV3R6MmV3d2c0NVhkNTM4
MXJ1cU16TCtWRnpBWGhnc0F2VE9rUXMKOAWEBi4+fUfqtNF7DIIpla004YHQEgDC
mS0c1ylC662y46/iuwvbCWb56JAQsg5Z5VWQY30d4jG3j1WYhoVroA==
-----END AGE ENCRYPTED FILE-----
- recipient: age13j6l33g0ghk4vezn0qwfal2qmcgqwkv89ejwezpe3n47mw8yxyuslj6y7d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvcGVTVzl3U3lTTVEyT1Vr
RGY3dzQvUmhvSWNjZm5XaGNMQXRHc2Q1SG1VCmdLdmJNQXJFZkt0TGtWUWM2eUFu
OTN5dlRubmg0MUpITStuL2dqdXBlU0EKLS0tIE9Md1JMZ2hvNTFxVDRtekNHUmRu
bGRlUWI5RkZXRkJpemxRTEJ0cHlSaVkK6TkhPO+Ai3kM/SK42dwsnHo9z1Qva2n2
6QZKZuTmDEQ0NMpoKqCaysTPEuLImpAg+1uppP2VXIjzsmq44g6lTw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vla9w33lsp03s46p9p6gc2mvr844vthdqhc2hzau2ph6h60gmyqqh9sf57
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyc01CSGppU0tWUmgrSmJF
Wkk1elBCUG5mcE1UOVJDQmk1RVZWWERTREVRCkZvc09qN0NIWjlibjRJUDJvK2E5
aXdoRFRka2xNa3RIeHdQZ1M4OU9MZncKLS0tIGp2cUU2ZnN6Y2JkWmt2dEcvc2Vz
RlFCeWo3dGE0UDI4K1FlZmxPclBHVGcK7EH+aGzfMkdLO15zGyVGVb0LirI/3Zy1
SDvBE2HamT6ZrRLiSeWUSgyZEoT0OiF+VdrSYDBQGwDMOQGKTz/0MQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jy8mxcndkw6zd6q99tjgz3gsynn78x2lwtrff85u6ud9g9y9z5mspvhufl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqWVVWM1EwMTA5Rm9pK0R0
d3VXdkpNTElxQ2F0STNIUnlhaTYyaTlYb0EwCk15eGxlV3FrYW1HVU1UTnpEalZP
NmNVY25ycCtOMlRSTXlFMGRWbC9xOWMKLS0tIFJETDNxMTlnRHJkMEQ1Y2VWOHBa
TEtkT05IZ3hKSzBKL2hScEJvaUVYYXcKJxyH9NKX9jNXPfmVzJ2iy0gPPm4oDH0E
hrZb15BGDSSTt78hPbD72SErZp0HMx0+iNXMdtWivHar42EwaNC72w==
-----END AGE ENCRYPTED FILE-----
- recipient: age148huz6rc3q9xx5t873ncx75sja2sazlescwspxl7lsmxsqkz0apsy8cldp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzMjR4MitETHgrVm4wMldv
WldFOWpPVktwMmNQalEvb2IwRFZTR1pzanpFCnhIbUtXWXJ0eU9kVVdJY1NBTmRn
WU5GcTBqVVYzcEIvaWdkZlM2WnN1eUUKLS0tIDQ4WE1XRCtVd2NjanYrbHFMQjJ1
czdEQlFkRTRNMG5BN2xVaXJwRnZGb1UK66x5rIk51s8ODrQjb21VtXBHoCq77MvJ
wogUPYmb9Z9gAu7VY1v+7exxVR5div5jOfnP/ZS1bm7cag9QkrwRKw==
-----END AGE ENCRYPTED FILE-----
- recipient: age197a33mlf5294amjx59hycctu6wm4l3cu3w7n9rv3fs9340ql64rqjzpr7s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2d01IaHNMQThtK1FzSzFS
SmhaVmwxRjI2Z2hPZklwSUc1TzlHMTVzRTJnCnRNRXd4WlVkNy9hN0I4T0NFaEd2
YVlyZFNBZFlHWmVqMGVxVHRnSG1XZnMKLS0tIFRVaGsrRWk1c0M4SEJOQm5Yc2pH
NjZTOWZiSnZya0N0R2hqOWVMbjcvKzQKZThtpBPRtQ1/Avl0oP+SuUjk/3indo7F
r0ujmmWyhMYLpN/rmrx92PaZmZiVhd5i24t1J6YHFH/sVJHS3pO1sw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1sqj8z3feqm2dk3gj8mxpfn5dpqnsmus862e8ayd0d4cdresqffdswcf9ru
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1T1Z3OXMrZjA1dlJLS2ZL
QmVwRnpvdzh4SHpHbVRiVUdsbkI1c05wSlZRCkV4OEVPdjVvMHRZR0h3ZU93czlK
eE03UUNyMzlUN0U5a3JlUHowdkY0amMKLS0tIENkMlhrOC9FUkwzTVU1RXVDbTNl
Z0c2aFVmTGIwb1FBNGhyT3NNcFpDaVkKgxAa5nRN9UbnOsayzA4QYo8nVBvIrB1X
6NfNOREgqeVFteSLiWIJqrJdVzm4GIONawZ08cMZ2O1IYgqgi7pUMw==
-----END AGE ENCRYPTED FILE-----
- recipient: age10lv32k2guszr5y69sez3z5xj92wzmdxvfejd6hm8xr0pmclw2cvq0hk6pe
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGZGlNYjlzVjNlRnludk9O
MVd3NHFTbXJzKzVxRzN5cGZKQWpsMWNDMUNzCjVTS1ZzSkZrMTBXSVVQQ3E4cEJv
OG1LVER2VWgrSzl6WEh2OVV0UldOQTQKLS0tIHlPQk92MlVDbE4wSmlpMG5RNkty
ejJsSnNURTUrbm1RcmlhK28rMDhwZkUKR5y6B3rSdJqqb4KNhLeHvhIUgbAg878g
jSKi0GD9Vw3Wi5TsD8IyY317u582Q7Zidt6bxLyhG+3tYQMBuz3MZA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-01T04:46:06Z"
mac: ENC[AES256_GCM,data:OKH0/iitwr+Qvv4tGR6WVe0yi0EBIOlatvDFDCWwPDkTVvLjsgHHBHIdpoV5CjnhjF8jJTrVEgSMQU9nvnahkVCqXg8cvf48GJVkYoSnY/gmSjUbfOuEXonNuo1rZ0KrRvMaD3lwuTyHLQyzLieub1b+0HPFTvV4F4myKhzAQyQ=,iv:kQsMPDyuxN6EFqyotpBZZVbtFrzD1a5SmEbzRuI3HRs=,tag:LktiTWPcJw5EDHkMiy55MA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.3

7
tests/liam.nix
View File

@@ -35,6 +35,7 @@ let
map (name: "${name}:{plain}${name}::::::") [
"shelvacu"
"julie"
"vacustore"
]
))
+ "\nbackup:::::::";
@@ -249,8 +250,6 @@ in
--rcptto julie@shelvacu.com --username julie --imap-dir INBOX
--rcptto julie+stuff@shelvacu.com --username julie --imap-dir INBOX
--rcptto shelvacu@shelvacu.com --username shelvacu
--rcptto julie@shelvacu.com --username julie
--rcptto foobar@shelvacu.com --username shelvacu
@@ -258,6 +257,10 @@ in
--rcptto superwow@shop.theviolincase.com --username julie
--rcptto roboman@vacu.store --username shelvacu
--submission --mailfrom robot@vacu.store --username vacustore --expect-mailpit-received --mailpit-url http://${nodes.relay.networking.primaryIPAddress}:8025
--submission --mailfrom foobar@vacu.store --username vacustore --expect-refused
--submission --mailfrom abc@shelvacu.com --username vacustore --expect-refused
--mailfrom bob@vacu.store --expect-refused
--mailfrom shelvacu@shelvacu.com --expect-refused
--mailfrom julie@shelvacu.com --expect-refused

1
triple-dezert/default.nix
View File

@@ -10,6 +10,7 @@
./yt-archiver.nix
./proxied
./gallerygrab.nix
./sops.nix
];
boot.loader.systemd-boot.enable = true;

30
triple-dezert/proxied/services/vacustore.nix
View File

@@ -28,6 +28,8 @@
isReadOnly = false;
};
# bindMounts."${config.sops.secrets.vacustore.path}" = { isReadOnly = true; };
config =
let
outer_config = config;
@@ -70,13 +72,6 @@
tasks
contacts
;
# appointments = pkgs.fetchNextcloudApp {
# appName = "appointments";
# url = "https://github.com/SergeyMosin/Appointments/raw/v2.1.4/build/artifacts/appstore/appointments.tar.gz";
# sha256 = "sha256-LKxTF6yF7n6t34KzRRRqsf1doqS7DaKPmqscmNmtzAg=";
# appVersion = "2.1.4";
# license = "gpl3";
# };
gpoddersync = pkgs.fetchNextcloudApp {
appName = "gpoddersync";
url = "https://github.com/thrillfall/nextcloud-gpodder/releases/download/3.11.0/gpoddersync.tar.gz";
@@ -84,27 +79,6 @@
appVersion = "3.9.0";
license = "gpl3";
};
# webapppassword = pkgs.fetchNextcloudApp {
# appName = "webapppassword";
# url = "https://github.com/digital-blueprint/webapppassword/releases/download/v24.6.0/webapppassword.tar.gz";
# sha256 = "sha256-x9uARo/VtkFLabif2/GZhs4cG6qmhAJs93dzhFFmhB0=";
# appVersion = "24.6.0";
# license = "gpl3";
# };
# oidc_login = pkgs.fetchNextcloudApp {
# appName = "oidc_login";
# url = "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.0.2/oidc_login.tar.gz";
# sha256 = "sha256-cN5azlThKPKRVip14yfUNR85of5z+N6NVI7sg6pSGQI=";
# appVersion = "3.0.2";
# license = "gpl3";
# };
# sociallogin = pkgs.fetchNextcloudApp {
# appName = "sociallogin";
# url = "https://github.com/zorn-v/nextcloud-social-login/releases/download/v5.6.3/release.tar.gz";
# sha256 = "sha256-XHHD87InU9P5uq9zCJnFliHhWh5tpSpSnMMOfNgJKRw=";
# appVersion = "5.6.3";
# license = "gpl3";
# };
};
phpOptions."opcache.interned_strings_buffer" = "32";

21
triple-dezert/sops.nix Normal file
View File

@@ -0,0 +1,21 @@
{
inputs,
lib,
config,
...
}:
{
imports = [ inputs.sops-nix.nixosModules.sops ];
options.vacu.secretsFolder = lib.mkOption {
type = lib.types.path;
default = ../secrets;
};
config = {
sops.defaultSopsFile = config.vacu.secretsFolder + "/trip/main.yaml";
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# sops.secrets.wireguard_key = {};
# sops.secrets.vacustore_smtp_key = {};
};
}