5 Commits

Author SHA1 Message Date
Shelvacu
d03b383a30 stuff 2024-06-28 14:29:14 -07:00
Shelvacu
3d478c8d37 wip commands 2024-06-22 17:03:25 -07:00
Shelvacu
e052a165ec wip commands 2024-06-22 17:00:44 -07:00
Shelvacu
5a9e975723 Merge branch 'master' of git.uninsane.org:shelvacu/nix-stuff 2024-06-22 16:50:31 -07:00
Shelvacu
91d9098ae2 remove (unnecssary) common-packages 2024-06-22 16:49:44 -07:00
14 changed files with 233 additions and 356 deletions

View File

@@ -1,15 +1,8 @@
shel_keys: &shel_keys
- &a age1y4zp4ddq6xyffd8fgmn2jkl78qfh4m94gcls2cu6vvjnwwznx5uqywjekm
- &b age1g9sh8u6s344569d3cg8h30g9h7thld5pexcwzc4549jc84jvceqqjt9cfh
- &c age1t5s3txyj403rfecdhq5q2z3cnavy6m543gzyhkl2nu5t8fz0zctqtvm2tj
- &d age1dzdf4rgep3ctk3dnrmrqtdgrchaa8nszfc4dp29gqwsst3z6jyrq57vfsj
- &e age197a33mlf5294amjx59hycctu6wm4l3cu3w7n9rv3fs9340ql64rqjzpr7s
- &f age1sqj8z3feqm2dk3gj8mxpfn5dpqnsmus862e8ayd0d4cdresqffdswcf9ru
- &g age1rz75dqzfd6gulwh270ukmt5amcau6j8dpxgzx8fm6u8sjkyx9usq69y4s2
- &h age148huz6rc3q9xx5t873ncx75sja2sazlescwspxl7lsmxsqkz0apsy8cldp
- &i age1ck6lhd8thjcrdcnkn2epc8npztg0sfswahunjkwcf57rr0xaevys8fh0x6
- &j age13j6l33g0ghk4vezn0qwfal2qmcgqwkv89ejwezpe3n47mw8yxyuslj6y7d
- &k age13x0f3glnz4jvqty2v92cxrrnjcna6ed4qegrhulw9jjy08zuy3aqzvrfc6
- &pixel-termux age1y4zp4ddq6xyffd8fgmn2jkl78qfh4m94gcls2cu6vvjnwwznx5uqywjekm
- &t460s age1g9sh8u6s344569d3cg8h30g9h7thld5pexcwzc4549jc84jvceqqjt9cfh
- &pixel-nix age1t5s3txyj403rfecdhq5q2z3cnavy6m543gzyhkl2nu5t8fz0zctqtvm2tj
- &compute-deck-user age1dzdf4rgep3ctk3dnrmrqtdgrchaa8nszfc4dp29gqwsst3z6jyrq57vfsj
machine_host_keys:
- &trip age10lv32k2guszr5y69sez3z5xj92wzmdxvfejd6hm8xr0pmclw2cvq0hk6pe
- &compute-deck-host age1hcqem868xhjdj3lzsvgf0duylwrdp9nqs06a9d0043cpsuhms4as7cqnv4
@@ -22,17 +15,10 @@ creation_rules:
- path_regex: ^secrets/liam/
key_groups:
- age:
- *a
- *b
- *c
- *d
- *e
- *f
- *g
- *h
- *i
- *j
- *k
- *pixel-termux
- *t460s
- *pixel-nix
- *compute-deck-user
- *liam
- path_regex: ^tests/test_secrets/
key_groups:

View File

@@ -1,37 +0,0 @@
{ pkgs, inputs }: (with pkgs; [
inputs.nix-search-cli.packages.${pkgs.system}.default
inputs.nix-inspect.packages.${pkgs.system}.default
nixos-rebuild
nano
vim
wget
screen
tmux
lsof
htop
mosh
dnsutils
iperf3
nmap
rsync
ethtool
sshfs
ddrescue
pciutils
ncdu
nix-index
git
pv
unzip
file
ripgrep
jq
units
tree
rclone
iputils
ssh-to-age
sops
inetutils
neovim
])

29
common/commands.nix Normal file
View File

@@ -0,0 +1,29 @@
{ config, lib, ... }: let
inherit (lib) mkOption types;
in {
options = {
vacu.commands = mkOption {
default = {};
type = types.attrsOf (types.submodule ({ name, config, options, ... }: {
options = {
content = mkOption {
type = types.str;
default = "";
};
enable = mkOption {
type = types.bool;
default = config.content != "";
defaultText = ''${name}.content != ""'';
};
kind = mkOption {
type = types.enum [ "alias" "function" ];
default = "alias";
};
};
}));
};
};
config = {
#todo
};
}

View File

@@ -2,13 +2,8 @@
inherit (lib) mkOption types flip concatMapStringsSep optionalString concatStringsSep readFile mapAttrsToList literalExpression;
inherit (builtins) attrValues;
cfg = config.vacu;
knownHosts = attrValues cfg.ssh.knownHosts;
knownHostsText = (flip (concatMapStringsSep "\n") knownHosts
(h: assert h.hostNames != [];
optionalString h.certAuthority "@cert-authority " + concatStringsSep "," h.hostNames + " "
+ (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile)
)) + "\n";
packageNames = lib.splitString "\n" ''
ruby_3_3
nixos-rebuild
nano
vim
@@ -59,7 +54,6 @@
openssh
dig
bash
termscp
git'';
plainPackageOpts = map (name: { name = name; value = { enable = lib.mkDefault true; }; }) packageNames;
packageOpts = lib.recursiveUpdate (builtins.listToAttrs plainPackageOpts) {
@@ -69,100 +63,8 @@
nix-inspect.enable = lib.mkDefault true;
};
in {
imports = [ ./package-set.nix ];
imports = [ ./package-set.nix ./ssh.nix ./commands.nix ];
options = {
vacu.ssh.authorizedKeys = mkOption {
type = types.listOf types.str;
};
vacu.ssh.config = mkOption {
type = types.lines;
};
# Straight copied from nixpkgs
# https://github.com/NixOS/nixpkgs/blob/46397778ef1f73414b03ed553a3368f0e7e33c2f/nixos/modules/programs/ssh.nix
vacu.ssh.knownHosts = mkOption {
default = {};
type = types.attrsOf (types.submodule ({ name, config, options, ... }: {
options = {
certAuthority = mkOption {
type = types.bool;
default = false;
description = ''
This public key is an SSH certificate authority, rather than an
individual host's key.
'';
};
hostNames = mkOption {
type = types.listOf types.str;
default = [ name ] ++ config.extraHostNames;
defaultText = literalExpression "[ ${name} ] ++ config.${options.extraHostNames}";
description = ''
A list of host names and/or IP numbers used for accessing
the host's ssh service. This list includes the name of the
containing `knownHosts` attribute by default
for convenience. If you wish to configure multiple host keys
for the same host use multiple `knownHosts`
entries with different attribute names and the same
`hostNames` list.
'';
};
extraHostNames = mkOption {
type = types.listOf types.str;
default = [];
description = ''
A list of additional host names and/or IP numbers used for
accessing the host's ssh service. This list is ignored if
`hostNames` is set explicitly.
'';
};
publicKey = mkOption {
default = null;
type = types.nullOr types.str;
example = "ecdsa-sha2-nistp521 AAAAE2VjZHN...UEPg==";
description = ''
The public key data for the host. You can fetch a public key
from a running SSH server with the {command}`ssh-keyscan`
command. The public key should not include any host names, only
the key type and the key itself.
'';
};
publicKeyFile = mkOption {
default = null;
type = types.nullOr types.path;
description = ''
The path to the public key file for the host. The public
key file is read at build time and saved in the Nix store.
You can fetch a public key file from a running SSH server
with the {command}`ssh-keyscan` command. The content
of the file should follow the same format as described for
the `publicKey` option. Only a single key
is supported. If a host has multiple keys, use
{option}`programs.ssh.knownHostsFiles` instead.
'';
};
};
}));
description = ''
The set of system-wide known SSH hosts. To make simple setups more
convenient the name of an attribute in this set is used as a host name
for the entry. This behaviour can be disabled by setting
`hostNames` explicitly. You can use
`extraHostNames` to add additional host names without
disabling this default.
'';
example = literalExpression ''
{
myhost = {
extraHostNames = [ "myhost.mydomain.com" "10.10.1.4" ];
publicKeyFile = ./pubkeys/myhost_ssh_host_dsa_key.pub;
};
"myhost2.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIRuJ8p1Fi+m6WkHV0KWnRfpM1WxoW8XAS+XvsSKsTK";
"myhost2.net/dsa" = {
hostNames = [ "myhost2.net" ];
publicKeyFile = ./pubkeys/myhost2_ssh_host_dsa_key.pub;
};
}
'';
};
vacu.nix.extraSubstituters = mkOption { type = types.listOf types.str; };
vacu.nix.extraTrustedKeys = mkOption { type = types.listOf types.str; };
};
@@ -176,11 +78,6 @@ in {
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixcache.shelvacu.com:73u5ZGBpPRoVZfgNJQKYYBt9K9Io/jPwgUfuOLsJbsM="
];
assertions = flip mapAttrsToList cfg.ssh.knownHosts (name: data: {
assertion = (data.publicKey == null && data.publicKeyFile != null) ||
(data.publicKey != null && data.publicKeyFile == null);
message = "knownHost ${name} must contain either a publicKey or publicKeyFile";
});
vacu.ssh.authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4LYvUe9dsQb9OaTDFI4QKPtMmOHOGLwWsXsEmcJW86" # Termux on pixel6pro
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcYwYy9/0Gu/GsqS72Nkz6OkId+zevqXA/aTIcvqflp" # t460s windows

View File

@@ -1,6 +1,6 @@
{ lib, pkgs, config, inputs, utils, ... }:
{
imports = [ ./common-config.nix ];
imports = [ ./generic.nix ];
options.vacu.acmeCertDependencies = lib.mkOption {
default = {};
example = ''

113
common/ssh.nix Normal file
View File

@@ -0,0 +1,113 @@
{ config, pkgs, lib, inputs, ... }: let
inherit (lib) mkOption types flip concatMapStringsSep optionalString concatStringsSep readFile mapAttrsToList literalExpression;
inherit (builtins) attrValues;
cfg = config.vacu;
knownHosts = attrValues cfg.ssh.knownHosts;
knownHostsText = (flip (concatMapStringsSep "\n") knownHosts
(h: assert h.hostNames != [];
optionalString h.certAuthority "@cert-authority " + concatStringsSep "," h.hostNames + " "
+ (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile)
)) + "\n";
in {
options = {
vacu.ssh.authorizedKeys = mkOption {
type = types.listOf types.str;
};
vacu.ssh.config = mkOption {
type = types.lines;
};
# Straight copied from nixpkgs
# https://github.com/NixOS/nixpkgs/blob/46397778ef1f73414b03ed553a3368f0e7e33c2f/nixos/modules/programs/ssh.nix
vacu.ssh.knownHosts = mkOption {
default = {};
type = types.attrsOf (types.submodule ({ name, config, options, ... }: {
options = {
certAuthority = mkOption {
type = types.bool;
default = false;
description = ''
This public key is an SSH certificate authority, rather than an
individual host's key.
'';
};
hostNames = mkOption {
type = types.listOf types.str;
default = [ name ] ++ config.extraHostNames;
defaultText = literalExpression "[ ${name} ] ++ config.${options.extraHostNames}";
description = ''
A list of host names and/or IP numbers used for accessing
the host's ssh service. This list includes the name of the
containing `knownHosts` attribute by default
for convenience. If you wish to configure multiple host keys
for the same host use multiple `knownHosts`
entries with different attribute names and the same
`hostNames` list.
'';
};
extraHostNames = mkOption {
type = types.listOf types.str;
default = [];
description = ''
A list of additional host names and/or IP numbers used for
accessing the host's ssh service. This list is ignored if
`hostNames` is set explicitly.
'';
};
publicKey = mkOption {
default = null;
type = types.nullOr types.str;
example = "ecdsa-sha2-nistp521 AAAAE2VjZHN...UEPg==";
description = ''
The public key data for the host. You can fetch a public key
from a running SSH server with the {command}`ssh-keyscan`
command. The public key should not include any host names, only
the key type and the key itself.
'';
};
publicKeyFile = mkOption {
default = null;
type = types.nullOr types.path;
description = ''
The path to the public key file for the host. The public
key file is read at build time and saved in the Nix store.
You can fetch a public key file from a running SSH server
with the {command}`ssh-keyscan` command. The content
of the file should follow the same format as described for
the `publicKey` option. Only a single key
is supported. If a host has multiple keys, use
{option}`programs.ssh.knownHostsFiles` instead.
'';
};
};
}));
description = ''
The set of system-wide known SSH hosts. To make simple setups more
convenient the name of an attribute in this set is used as a host name
for the entry. This behaviour can be disabled by setting
`hostNames` explicitly. You can use
`extraHostNames` to add additional host names without
disabling this default.
'';
example = literalExpression ''
{
myhost = {
extraHostNames = [ "myhost.mydomain.com" "10.10.1.4" ];
publicKeyFile = ./pubkeys/myhost_ssh_host_dsa_key.pub;
};
"myhost2.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIRuJ8p1Fi+m6WkHV0KWnRfpM1WxoW8XAS+XvsSKsTK";
"myhost2.net/dsa" = {
hostNames = [ "myhost2.net" ];
publicKeyFile = ./pubkeys/myhost2_ssh_host_dsa_key.pub;
};
}
'';
};
};
config = {
assertions = flip mapAttrsToList cfg.ssh.knownHosts (name: data: {
assertion = (data.publicKey == null && data.publicKeyFile != null) ||
(data.publicKey != null && data.publicKeyFile == null);
message = "knownHost ${name} must contain either a publicKey or publicKeyFile";
});
};
};

76
flake.lock generated
View File

@@ -24,11 +24,11 @@
]
},
"locked": {
"lastModified": 1719451710,
"narHash": "sha256-h+bFEQHQ46pBkEsOXbxmmY6QNPPGrgpDbNlHtAKG49M=",
"lastModified": 1717915259,
"narHash": "sha256-VsGPboaleIlPELHY5cNTrXK4jHVmgUra8uC6h7KVC5c=",
"owner": "nix-community",
"repo": "disko",
"rev": "8767dbf5d723b1b6834f4d09b217da7c31580d58",
"rev": "1bbdb06f14e2621290b250e631cf3d8948e4d19b",
"type": "github"
},
"original": {
@@ -182,11 +182,11 @@
]
},
"locked": {
"lastModified": 1719438532,
"narHash": "sha256-/Vmso2ZMoFE3M7d1MRsQ2K5sR8CVKnrM6t1ys9Xjpz4=",
"lastModified": 1717931644,
"narHash": "sha256-Sz8Wh9cAiD5FhL8UWvZxBfnvxETSCVZlqWSYWaCPyu0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "1a4f12ae0bda877ec4099b429cf439aad897d7e9",
"rev": "3d65009effd77cb0d6e7520b68b039836a7606cf",
"type": "github"
},
"original": {
@@ -204,11 +204,11 @@
]
},
"locked": {
"lastModified": 1719380852,
"narHash": "sha256-Li7zNOomyu0FVtm3TyyeUUCZex6L8QpGAJtiFQKGZGw=",
"lastModified": 1717685136,
"narHash": "sha256-S+C/DX5HOhlhJAmcGxbB+Tv6oqZOkr3z/WzPuydXI14=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "fd232b7d5d328619b21b867199b31ce799ae29f3",
"rev": "fd13986ede9b94c50e84aecb2c88863e297bbb52",
"type": "github"
},
"original": {
@@ -226,11 +226,11 @@
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1719438498,
"narHash": "sha256-3mCM5TukK0y2ss7dPHyiOEfs6Ik8HEqcfzjyd1xOnIQ=",
"lastModified": 1717441449,
"narHash": "sha256-juxjgmLnFbl+/hhIO2cVtIa6caCO4pLKlZWUMwAOznM=",
"owner": "astro",
"repo": "microvm.nix",
"rev": "a2dbaa247175e044992b99692007b1fe5a490f39",
"rev": "e3a4dd5b381fb580804105594cc9c71dc45abdb5",
"type": "github"
},
"original": {
@@ -395,28 +395,13 @@
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1719487696,
"narHash": "sha256-pCsl9qFCuIuhIfGH03CiBOsy1LNwITC6VMb6/5tz+Qc=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "14aadcba1a26c8c142453839f888afd0db8b2041",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1709961763,
"narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=",
"lastModified": 1717786204,
"narHash": "sha256-4q0s6m0GUcN7q+Y2DqD27iLvbcd1G50T2lv08kKxkSI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34",
"rev": "051f920625ab5aabe37c920346e3e69d7d34400e",
"type": "github"
},
"original": {
@@ -444,11 +429,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1719099622,
"narHash": "sha256-YzJECAxFt+U5LPYf/pCwW/e1iUd2PF21WITHY9B/BAs=",
"lastModified": 1717880976,
"narHash": "sha256-BRvSCsKtDUr83NEtbGfHLUOdDK0Cgbezj2PtcHnz+sQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5e8e3b89adbd0be63192f6e645e0a54080004924",
"rev": "4913a7c3d8b8d00cb9476a6bd730ff57777f740c",
"type": "github"
},
"original": {
@@ -460,11 +445,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1719254875,
"narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=",
"lastModified": 1717786204,
"narHash": "sha256-4q0s6m0GUcN7q+Y2DqD27iLvbcd1G50T2lv08kKxkSI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60",
"rev": "051f920625ab5aabe37c920346e3e69d7d34400e",
"type": "github"
},
"original": {
@@ -475,11 +460,11 @@
},
"nixpkgs2405": {
"locked": {
"lastModified": 1719427942,
"narHash": "sha256-4CgRCP45WNisjKNOduxcdAQUnNCZ9zgPgsMtDFtC/yM=",
"lastModified": 1718810994,
"narHash": "sha256-qrHSG34MeJdbK7WO3+NCehOf2p8ptW50UiMTAcs9wHU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "66f253e5b2d6b03a67dfbf68a3b3be99db5f517f",
"rev": "79f152a46bd42ba3a9fe96513e0fd9ac88190079",
"type": "github"
},
"original": {
@@ -490,11 +475,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1719360816,
"narHash": "sha256-M+Y8bpqGFpQ6lqyEanI6n3PQyof0C10PtwFFnVKX5u8=",
"lastModified": 1717861563,
"narHash": "sha256-qekkLNkKoTJkk9IUJ1wizquB1d1FHWaZP3NQTLorFdI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8f1ca02fb2097f3e724f8cf6057ddbbdefa7c6cc",
"rev": "a6c3bf2daa3bf17c0e76597c36e221ed7dcb2413",
"type": "github"
},
"original": {
@@ -664,7 +649,6 @@
"nix-inspect": "nix-inspect",
"nix-on-droid": "nix-on-droid",
"nix-search-cli": "nix-search-cli",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable",
"nixpkgs2405": "nixpkgs2405",
@@ -721,11 +705,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1719268571,
"narHash": "sha256-pcUk2Fg5vPXLUEnFI97qaB8hto/IToRfqskFqsjvjb8=",
"lastModified": 1717902109,
"narHash": "sha256-OQTjaEZcByyVmHwJlKp/8SE9ikC4w+mFd3X0jJs6wiA=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "c2ea1186c0cbfa4d06d406ae50f3e4b085ddc9b3",
"rev": "f0922ad001829b400f0160ba85b47d252fa3d925",
"type": "github"
},
"original": {

View File

@@ -45,7 +45,6 @@
url = "github:astro/microvm.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware.url = "github:nixos/nixos-hardware";
};
outputs = { self, nixpkgs, nix-on-droid, ... }@inputs: {
@@ -97,6 +96,8 @@
extraSpecialArgs = { inherit inputs; };
};
diskoConfigurations.compute-deck = import ./compute-deck/partitioning.nix;
checks = nixpkgs.lib.genAttrs [ "x86_64-linux" ] (system:
let
pkgs = nixpkgs.legacyPackages.${system};
@@ -116,39 +117,25 @@
hostPkgs = pkgs;
imports = [ config ./tests/triple-dezert.nix ];
};
# trip_haproxy_config = let
# hacfg = self.nixosConfigurations.triple-dezert.config.containers.frontproxy.config.services.haproxy;
# in pkgs.stdenvNoCC.mkDerivation {
# name = "trip-haproxy-config-check";
# script = ''
# mkdir -p certs/shelvacu.com/
# touch certs/shelvacu.com/full.pem
# ${hacfg.package}/bin/haproxy \
# -f ${pkgs.writeText "haproxy-config" hacfg.config} \
# -c \
# -dW \
# -dD \
# -C $PWD
# '';
# };
}
);
nixosModules.common = import ./common-config.nix;
packages.x86_64-linux.digitalOceanImage = import ./generic-digitalocean-nixos.nix { inherit inputs; };
qb = /* qb is "quick build" */ let
toplevelOf = name: self.nixosConfigurations.${name}.config.system.build.toplevel;
in rec {
# nix-on-droid is impure >:(
# nod = self.nixOnDroidConfigurations.default.activationPackage;
fw = toplevelOf "fw";
triple-dezert = toplevelOf "triple-dezert";
trip = triple-dezert;
compute-deck = toplevelOf "compute-deck";
cd = compute-deck;
liam = toplevelOf "liam";
lp0 = toplevelOf "lp0";
devver = toplevelOf "devver";
shel-installer = toplevelOf "shel-installer";
iso = self.nixosConfigurations.shel-installer.config.system.build.isoImage;
do = self.packages.x86_64-linux.digitalOceanImage;
check-triple-dezert = self.checks.x86_64-linux.trip.driver;
check-trip = check-triple-dezert;
check-liam = self.checks.x86_64-linux.liam.driver;
};
all = let
pkgs = nixpkgs.legacyPackages.x86_64-linux;
symlinkCommands = pkgs.lib.mapAttrsToList (name: pkg: "ln -s ${pkg} ${name}") self.qb;
in pkgs.runCommand "nix-stuff-all" {} ''
mkdir $out
cd $out
${pkgs.lib.concatStringsSep "\n" symlinkCommands}
'';
};
}

View File

@@ -1,12 +1,10 @@
{ config, inputs, pkgs, lib, ... }: {
imports = [
../common-nixos-config.nix
inputs.nixos-hardware.nixosModules.framework-16-7040-amd
];
system.nixos.tags = [ "host-${config.networking.hostName}" ];
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
networking.networkmanager.enable = true;
# boot.kernelParams = [ "nvme.noacpi=1" ]; # DONT DO IT: breaks shit even more
vacu.packages.bitwarden-desktop.enable = true;
vacu.packages.nheko.enable = true;
@@ -21,11 +19,6 @@
vacu.packages.iio-sensor-proxy.enable = true;
vacu.packages.power-profiles-daemon.enable = true;
vacu.packages.acpi.enable = true;
vacu.packages.jellyfin-media-player.enable = true;
vacu.packages.vlc.enable = true;
vacu.packages.dmidecode.enable = true;
vacu.packages.prismlauncher.enable = true;
vacu.packages.ffmpeg_7-full.enable = true;
services.xserver.enable = true;
services.displayManager.sddm.enable = true;

View File

@@ -16,14 +16,12 @@ in {
virtual = ''
julie@shelvacu.com julie
mom@shelvacu.com julie
mar@shelvacu.com mar
psv@shelvacu.com psv
'' + (lib.concatMapStringsSep "\n" (d: "@${d} shelvacu") shel_domains) + "\n"
+ (lib.concatMapStringsSep "\n" (d: "@${d} julie") julie_domains);
transport = ''
shelvacu@${fqdn} ${dovecot_transport}
mar@${fqdn} ${dovecot_transport}
julie@${fqdn} ${dovecot_transport}
psv@${fqdn} ${dovecot_transport}
backup@${fqdn} ${dovecot_transport}
@@ -48,7 +46,6 @@ in {
header_checks = pcre:/etc/postfix/header_checks
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access
smtpd_recipient_restrictions = check_recipient_access pcre:/etc/postfix/add_envelope_to
recipient_delimiter = +
#we should never use these transport methods unless thru transport map
# RFC3463:
@@ -104,4 +101,4 @@ in {
};
}
}

View File

@@ -1,4 +1,4 @@
dovecot-passwd: ENC[AES256_GCM,data:8tu5q45q9FGhTjALtXtcklbRUnJQ9GvmVVKqsNdMNaFtsz/g/REY312K3nNc2nmDTlehIzopc86fW9z/HXfpeT433Yyi5s/4ulbN/lIpsQJK8WNNslzHOnSlUrPBETQKxuLIA1nsr8DKFOfvFIqTtD7ohpvKNp+rySGnyBYze6EIkwnTTnik59ESUnI6IBi3gxYN7vuw9ZraHZsCdp7PY4EJav077gLOSimgCMF2CYnVJ6D7ibKUC4SJ6mCq/DkqUtJwi7BlQMyvn3FpKSHhUAFwTJ2/ryvqX9zKVycVCRUqsaGUo360bWRs+TCLsvvz3Kih6O2RVqsSqjKq3U3kcb9w4Tt+jvpKGSVfW8Ig/BnOctfO0qDikwz5eqq+8qYCasWTP6hmyrM2+ydPRR6kqA0q77XxTRX1CrOSSP7GDd200LVY36NXVE/6wWv1aOMRbSi1XI7rcX2g8EmQNSNTS9hZRJvnjizgsLFX4U1/06hCLGfGoU+xkMuUtOrZ2MxL9sFUjPy/xq2XcpOZatfsKiaJzV8P1w==,iv:6Fv8DJPZsci4B0BqQTVjGt3KxR0mRThS025iR997nyE=,tag:k2tCEssV5NLswWFNiRz7Cw==,type:str]
dovecot-passwd: ENC[AES256_GCM,data:cZt43pgPNbORpqX6KyXvzVt1Q8tNz1cMF9YVUyL7saZyFqA5XA+uywU5yVerjdsTXfx4QeoYbA+bDE7qwdjTQBpEoEMm99WBb77rac652VGXXCas4nrbwMmZbUY2Z57PKd4GPN/i57VAD6eHiTV8HCd5OwiX7AlpmHXImgL9jr4P9skyTPIEnLF3NUVxktmAjn+X7IwmBH1mtn5Gesc5Q+6hoTQMwLn7ilYWfcOvaf5UOsHS6zvuTlGPuISaLPEvx2CLBccu7I38kKafCLTc1FOhdrFRu2n9/6gD1yIxUnbCkDWpcIV1e/3FlU5aQM7c7duQFVuIW9KpY2U0R2Y5Miv0ciU2D1GaJWMud7S/HCxPrQo=,iv:Arppozvg9+bjNCIJl7kRwbwGm2fuf7CjBfEfDT45+MQ=,tag:+PeAznYRW9S0Ok5uEn/qpQ==,type:str]
dkim_key: ENC[AES256_GCM,data:CZC/1U1cJUIyNhXAWp+YFJd0pZZKvZClJxOh3uZ3YyfEQBiK9nEQryAJHirpFXAmZTcGhsuotkAuJvVQtoh/pM9YGkrncCKlw+P96hiafHGoSOnqd77DazcVERwGEGYBPK7fIZfhpAaYiIvjwq6FbMzkkZ4vLcYRNRj+LCtrXu4K5cy5ZJaRFkLCiaIVHhrOfjyhDFCkFBd3pZ/oCGH57teisjFl+LWFqGOQFyGs3Vkv0bY1fUTUtFvpYcTdrRe6A7yI3OGveX3Q9JnDKD+PBqHhd/a/OjBF0Xme6BeipRnv6/Md2F5LNDfUWugOtDy0xigtWAp/mbVel8GYgTXEQYv+sxVu0kFM7bX8fa/A/BHNx98HFoScwLCt8VmCc26asfGvGFfADrJMBIk2IbmqjQ2NV7/ejB6Zym7tjLLpYI24LBAyZDH/Rtw7CqGPmpHXCQ9xILFxLMdqMSmgPPJtF/75qFICCQH2p3CHj7b/TmTpu8RLIVu2pxG48u4VnUgJE1zPBeaY5EY1uS7L5sF37CI+vMy1mY/3m5ZsWeOu9YigZouYy/Y6OrdtOzaEVaipQ2cYirD00MOYqO57izmjuUdw47OJ5zK7XInR4MHoLX0PfdJiw5Oq8OVir6KJf9UWPSXBbSZlj6PMkqbvQ+7VWJmDT0jKTbRg2M1eZCbcRrJAnE/YenMqYFXiVY1dOGjcrrxUn0zcnJ51UJmfDU2+UQc7urBVtqm7jfegudQ+Em735ynclMfYRWvRXQGQUm2YCUFXTwd6RhY4hHb32j6x00hi6iLjt1gjlMx8pHAcVbqcOdHFoLvNe1DlBsl/7jmL7otyY5m1VF3+H0tksDTSYfil5oudMEECTPypsZfp8iLU4xgjuh/+fXjZf4hQJMiA6OaGMw7R2cwvfiuSaHL/iz57ZtlHFW6TMWK77UBU2xZACVfylnqEaaIgzhYX0/wAsVQI+gqt03EsUx/AqlCFOCrOSwjov06k2bTDzSDcITayLkf9UjwOo/lmRz+7fCfvCaw26wZCEsEtRBfLrZc+Ibwq9uvNDsrV1hthi0qh1ngZonQOA1Y2NURDom3VMKkfu++nFIV+CGrAI5n0CVlVLkJn4RbPCDcmNGd9Kr8pYv7rU4MnMmD2n2M1OzAJbScrbb+f4Z8hEOIUk0dMVxOr/clrg+7F3vqceZC8VTzBbBAH4QuBAf67VwmZTpDB5bobFv/UwEC8pJ4HWmKcBN+s1QihtD7x+WYz+8pSNucr+oN56fiY8xAyvFFyTE7/zNWlXVi94E0is30q3/ZB/Gog5eOQT21tOI4Ak0N4y+ElfNIXSqtEUGhck2DIjfegygpvwiuu8ktEZwje9Q4SAYK8/0THT8ANyzDunwSocMdztL1zF6/ZhDub8hmOuaRJWotXzmL/zCXSGR0nEPXVSmyXKwHt/4MMGkasXOXetrENKIwDqYdm1eZBMCl8EGnyAbAo21LAfVTI0GLrNoFWNTPkpBIo3dKoBofmdRei/jHtQmBtvaILUv6UsIAyjJ+x2cpARW+yMIrv/0g8MnDMj4cCiIFk+AIXI279BvMrkVP1cOA7ESJkLe1hsL6+b7lmrhAWK1cpDnIWTXJG+v9aKlc0jz9D47gr7kD/ePC8sMaI95aQBbA93ftzYhKzsU9hINsU/IKGmT0rXS4j/BPZ0o8uC1HRaMjdE5Z0KHsebS9tn8lXfHFgX5wTDMaES9h+usUJrjc6F1lj2zYP5oTOjM8YmN6YQedo3wmi/PnA/8YMXz0tRFAZvg8VAYYtsfdV/2GLtjfD2YRK3iHsg5+GSEwqFafmWGgr+uhsl4JmKiASWJvx0Ron8RwdEzK2MC6WD1JERLU4UojOfx2xy5v15eveNnEufb7o1MJSAbjuRbVYiABqNFjIwe9hquIyTYVsiqiXi6fLeIV4fsTtiI5LLKx/6dOw31nFg/WfFWzvzLiLJ6b0NZowECP+Rsvzl3U0Qo/LbePyY/o8UYOo7u1zLpzxIOPyTqdKh64WqGYnqXmWy1ga57vnyl9mWhzr9ZlEuhM+0U8bVelIXmLTZp1Nredrs8E5ERdVnKmThbrLr8GvJAl4B7g5BIrGhSBB841wMm9h/SheKdq8SN9gUDRNgW0QNFkflBhX5ZsAHlPiJxddePbbAxfChv+ClG0oDuFDoSwSElCRR9GRayLRiws6CCDhviU8ub5JApSPTI9p/UjSJePSj+GqyqljTge0J/wgxRL2pAHk1HDQyOnv4kFZ5UhMFjU6GvbuPl2W2lqICJOcK9UuKdvivGsYkSSrOfke3mZMh52/f+03ciZ4xlwjDGV91kGONq5GME8dFEPD093xg0KbScfWanRWSoV3fOxitPWpcJ+xuNnDDOHjzLOYgt07u1QQs62rg/6BII+1XKBowLwG9Z5aWexZ3yCzrOR70pLRWPbOJNCAggEIaTkIa0ukOlaPbGzSZ6LuIyup7ex0Uabd2cOuvmAdMqGwnIB7fhtkdR7G4iDbnUqu7hbFurJn/3IZalJvbyZUuvC5X4oGU/CTWzDtdSgv5jQQ9qnr9ehCNCWjdg9T05v65XsW/OwHnRUN8A+1vxBIZ884lvFoOhJYeKXMufdAg4bCzUE/kdctRPwAVt3OjLnykXYcJV/3Ch+YIwv2vNA4pXqsMw8wgxX7DCvrCrVpkZAC1JIE32aKCXrN4tRUMrc0mnqUXa9M1rc6HCGa/vFCMj5ZW8xP9mOG+HEJFiJaV6ydxvhI7NMyXW2YDSxVh5RMMjXHUBq/bKMHPrLN57qmzvtcKUNcmS+VTvjS64wZlUsA1PEVwaJ/EQVAaY6ZeZi0CJ2A3YpklXYJpNqYhv8ICtFK2Uf6STfNYGaLTW2bgfZpWhic1y/V4wAWKa5A/XALXec+ioFr0foQR2ADiUycQYhMLZPSKPnWhcmwUPY+KPrjP11raVSM4ehtKdDlrbL3vmw6SlwowveyC3aqiceYzISWAw9o+ccvLs/bedEBeC2af2V53/vIuN4XYWjtZArRyqpzeeqlnTOb7vhpI84plXJdGHlmw0bml0yV3r3ucgB50wbAMRvQtJQ6ePPfOLOYLpDYFLPZJci8Vc3vRInskPOF39m9tSTT1noUSRZ3IxGi4LiUT76nAgI8BeTp3bqNuA6Of6I4yYS4Jmmby5C5eel0Ozl3gkMk1xuM5UTwcE7EDkr9rnzxs6rbx3CpQB3y6QB3tAe00zPpMm5YKJq1AKqvSzPco58g1vVu06e3l+tcGyt85t5wQTco3OX2kgBBxsiA629yAWcSIqKFZ+o7nTpA+zZmQrjVganWflbOhVNkvRSkLpThkYVlnkqBU9ixzQa79xVOF3WmNYBhdWfnO9VxFwE4MqgpOyL7sz0PsV5/ZsOy8m7DadM3GCS2mFtWZiM1RnGCayZvyY2KFNj3I8qM1HGMMfeF+3KXjyCBSyBkD25in85M0QaPlMzBxFZupSoleJLLwqd4BfsLk+POiZjLQQseSDVSqrjqWyE6d+baiy+m6d+z6sx4ojRf+q9wlMjZ2oRa+wsLnhbCrdHsZi6Q9eZawU6Vlsy3/KjarJABnapJsMbHYTlwPHlPYU6Du9T3lO2aJuTewOzA42Aoqm2Tlm4xh0GRV6Rx7najkMjc3cex1DAu0PNaFzWVBD7yPuv9FS+DzdEneEj9Tx81v245I9U8Oc6yacu72Ry2CG03ONld70oEU2BHrIgswoyMNg72hnhot9jfDutjJrB10b65pP5WZOAUGtwDh2a2KrdnYG/TGId+ehnkkwS2Sd87/CM4aaSYlsVneId6bXYpUcxSLroXUAHsigA3rjMpNpvR8XRiQZUfLWRQ+d8gyL5PVLp1H7R6LEDO4sZP8IuDJfxDzlP0Rh6GOQgu+dlkcxWGVHQxcexBThMURJYVMhTDoYopEfUqo3j+q7Fla4Q3HdypKg17VyVfEA/J7Nie+eDZvTEuvX0jWQmGAFdC9GbkVuT7hlzYx4kZ6/B81kVyQi8e3L3ZBAYHQXbHeK4GhSWQDwHG6ZBU16KrD6dhjIvn4HlXaGYaPMvv0Rp+yjeiur/n0NOWyvx0R1RrksbsyeaLIEDhOS19wXP4kiDrTR2qJN4LHcWu3m/hYuB4Fj72qyr2K7osXvbC/up2bSpY0IOcei8Nc/hIhqoe7uM4Jg3cpXt0hTpcDZ74HNIsd/6f592BqpoXIy5Cr1ZOxmnpkHdgZIyJ3KqwZEhYa7pSkOIIEAY9EnTPm3ViBHQdqjUpghYNzntO8EomNNw0sXUFFrwlGAY+ntLYUty0kREWt4l8Iot+XblCc8FX1gKYSqhnJOGjHHjOHO22Cr6NPJdcHfgkIBCknwwFWWMRPwZOomE=,iv:7LF3l52m6YRKGd/8rxDady3AbSEcXuVRsIaLlgNfKOs=,tag:UCjMRgFZFHQyXY5NfbZRcg==,type:str]
dkim_pub: ENC[AES256_GCM,data:XLYRTAviK+r6DnRU4+lc58elI3FJ+FPsB1A5sQOk+pb+fNu7zFCiZdz/MwTVkE9izDP1Onv+VhV8sRgmxacTv4nW5GcukCrm3FmCp2jm6QF1/40/WRv6Lkbek0tV1bMOQPy9Zj8wdO9M05XCXUVXk4x17rj+lw8ApwJS2pJMoultMFx34tx2pNEnmO3MFtuBOxzeU2yP+NhF2sJNA62to78AiH5EblkoF0a6sUYk553U+sv3Ob0lo1nSv6c8zwl7y1WSNQnLK+/3WxSVGfePHVsVM8Zze1KFTVLQQggIzWTdcr7AgcTGbk3kaYCeucfQ60pVlqOyPnkJoUJ8HR1RSajFk6Ylzw0xBpY85qAXNT2YIRiq0HTUc1s5lD0luXLQEP+g+XUwZfzFRZgt1nWBlPmpbj2Ylj1FfrA7EXsIK9nyo+rf0qRn/4HusJATr9ddYmZdxwazl1FXkOKLHPyu1NlzwoTNSQQgMHlzxzUvrrv7+mI2nQvXRx82TSRytqrMvoBTF1NFX+pRjhNg9fcq0oPJ2ORqOVQsxzhLhB+tw7Cg+UHGWlnKnkqaKH1JDmOFyJDB96aPUnSQT2J8qkyb+hMBXz9mme8rZopkHrA4WyDXv3zpEi0P5Sj0DDwdRxKMdDdZ4hw79YQIrd63cIorN8XG6Icevb25LfekLEq/C2FS8+kADagyOM0uzCw2p/qacNz37ZNGqPK6gYkjnyoAfSm14zbgoLX/5dnf7eCuMatevTm4AcE53RawQfzz0YNJuEv5uqD/WUy+UIKHIwxPYY9FWBBPmH+8eaPC1mMPh54I444b39FwpnPU8GwxEPsjRg8TSnohawNmmhEWEpmlawEKw+C+BE6A2DmVJzyeBvVRwe/W6CPgyYxgSGWUuvfZFm1GrzwZDjCOEMRn7qMwMBxh1nr2BOAiNxA38UtsymaZO5ZOknClWlKIkIFl8NJdVITNNsI48KMuSY20o1puzkxMaAUH3OrGEhtoHrEOeIq+KCFzH2gZo6L5hbv9CHM7QgCYsbtVIMwL+cRZZaSNubS3K48OmWJnHNuqkcrSI4lqfjLhz1DbnQ==,iv:/cNMmlpq9LSOk0MwVq8NaWvp47q68lKWTx4s5nkwF5c=,tag:ZNX+yZsSxdhFsavDpX380g==,type:str]
sops:
@@ -10,113 +10,50 @@ sops:
- recipient: age1y4zp4ddq6xyffd8fgmn2jkl78qfh4m94gcls2cu6vvjnwwznx5uqywjekm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZREpDaXVwSjBPZEtaUFU1
d1FTYnV1STlUdW5oeis4RStVckcvUFhPcndRCnNUdndTenhxN1M1STNlZmtqcWtI
amkxZitGZ2p1ZlNTRFVaYkNvWWdnRkUKLS0tIExLYm5PYVI4aFViaER2L1dUOGMy
d05BTDlqanFMQ1hjazRLUUVlaXpHL2cK+kXvv9khiwYlBK+lmqgYmHNNjMXHU5FZ
x5dpXndIiTRJ0cGtEgK78efbQmVNsHAae2X0E0IxbvrSe26S5PIbMQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3S0FqZWxDYmxHYU5FZVQz
V2FZMFFSVXJubVRaNDZORDJPSXhHMnludmpRCjJrendscEdqU0p6K1R6eE9FUGtj
RVB4Z3dlNHlBSHRhZ0ZMODdDRkN6ZFEKLS0tIFlzUStVWmhlYWExV1JscHE0KzhG
Vm1uUmhQRzAvL1YzTWVVbllRUlE2Z0EKwg6SBat+CG8E7/j7K0sakqGSyJYNzXqt
b0DMsGq9GnHE1Ph6gGVVWO+pos/FGuunSDyL0lcXk9xJE02FErnw+w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1g9sh8u6s344569d3cg8h30g9h7thld5pexcwzc4549jc84jvceqqjt9cfh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONXlpMm5KTmZuKysybU0z
OUJCMmdrZ0V4amI4NTNtOEFqSXVtbW92cjFVCmlCZGF4bXMycXhJS3h6OWVpV000
SjZuQUFxelVpT3BXOVh5eU1vYnNKMjAKLS0tIG1KYjZJU1dMd1Y3bmxWaDhOSEJn
SUp1akQ2bUU0VmQvVkhheXZ4Zk5jWVkKqJ12/g0H8l6WwpiHxA0K3g3Ry4dpPb/h
2m84IYzpQA28BRCSHeIEeH1hQ1jU33/625XlNE1iJncPqu9YH5mXug==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwNVl3ZTNGWGdMT280MnhQ
R2RHTGRWVFpjMWltMDVIWk1YSUc2eEhjbWwwCnNiTjA4dUZuOU1tNTZtd240VXpU
c0FKY3VoR1dYUVo1MDZjMEJ5MmhjeEEKLS0tIGhuT3k2VlFpTWpJdFJYM0JhZWtS
dzNFb0FDcERGTFVUOTgxN3czTmRUME0KihoqiXkph3sNWTwn6tFi29z9jnht6JRT
zOMNiaWjMHQ7GiR+Yv1JMWrEvKRrEjNaFXt89z0Ebx4llTtyH8W2fw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1t5s3txyj403rfecdhq5q2z3cnavy6m543gzyhkl2nu5t8fz0zctqtvm2tj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLM3NCcGVPTS9hWHQvMCsv
RlJ5M0tVQWZIUm1tWSt2NlFVRGtHaTN1Rmd3CndVUHpEcU15S2lmbHpIY0h6WW1B
aEpRZVgzN0puRmlMNWNQNW94TXh6UUkKLS0tIEVXSVVVL2JaMGRFcldoVnZ1TFZz
bzJ3UGl1aGpsa0FGSVkzeGRHZDJWdmMKZgg4UtokzNDBuVZYoyYirTI1NEC3QGmm
ilOukMvpTZFYtKbwWVOuB8kyeudlkupavzlnHYAGBbpMVccpPeZHAw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzWE91QUFmTzdEUjJ3TTFX
Y2o0Yy9BZjdkc2VVcis4a3FlcDVScDF5eGwwCkZocDFIN3B5dHdNTDNaVXI2WHBF
dDVXMDdvOXVBM3V1NW01YngzclJ1RXMKLS0tIDV5M2JURHkvWWFlbGtUNEhxZ2ZE
RVlDMDgvNVFOamlFR1BZMUtrMzJ4N1UK6r7QbX3nEBu+S8e7oqCk3ys6hqXHkyW4
z4hWz1rr/23JpGR2ENRS+DpHRCRo4KKRhUx2hLc6C2XijNgD4YsUCA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1dzdf4rgep3ctk3dnrmrqtdgrchaa8nszfc4dp29gqwsst3z6jyrq57vfsj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOZ0tyczJoVzZxUmhIZG14
WDZjSlM0Q2F6VE9Yb1hRV0d5dGVoVmErVkJFCi9HbXdxZE9NZ0pLaFo1Nlk5QjRV
TSsrMlFqV2Z0OVlWVjRnYXpyTlNWdUUKLS0tIGZ5M2ZEWFR0NDNQUFQxMW1tTXlP
dDRaYnFZajR2S3ZoZ1FFWURYVFVpSFkK8YuczSfs+j3dL1OT4sr2/kfdAxPRstJj
SeDlvg4C0e2wKrqj0QwjN5oz8t21ELerXska7yZ3cod5gaQcFxB44w==
-----END AGE ENCRYPTED FILE-----
- recipient: age197a33mlf5294amjx59hycctu6wm4l3cu3w7n9rv3fs9340ql64rqjzpr7s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBNWlKeHh6UjNIRTAycEJ1
UVhJMi9CUVBsVld3YlBEYjVwaWE0T2V0cFJzCnpEb2ZxNkNwMDBDQ3JsQXVjY1lS
eFhqSkcvenkvOHNOclI3dkc5NytmQjAKLS0tIHkrc3ZEQjhJVVZlZWVJMVE0b0x5
QkxVMkhOK2hUS0lQVGlXYXUrVm1LVFkKyFIvkGHeykZBib8gNln1mEHtU5+Xr9rC
RpphkvAU9AA4J5/LXQs3To/WzTg9gt2fSxtrwk9TLheheRfUcHDuRQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1sqj8z3feqm2dk3gj8mxpfn5dpqnsmus862e8ayd0d4cdresqffdswcf9ru
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6aENxNUpXUUxTcEZobkpW
SFo1UWlUSXRWbzF2bWp6WU9Idi93OWQvdGl3Ck1rdlNYZFR5dThKa3NaVFU4NWY4
dTdUNUdEQ1hkWkRsT0dNbVVqMytnTXcKLS0tIExXZlgydnhXTktyeDNrZmg0RFlt
QXAzNGk3MmRCSng2SlN5bGdiSTlJRTQKXy5hTxS47WVjw1ILaaNfMaW7YMIS3FGP
hvYeGGL2WHstUapyYb/Rgn46KJgk1gfDchYyHq+06SkpZRaUzCBDUw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rz75dqzfd6gulwh270ukmt5amcau6j8dpxgzx8fm6u8sjkyx9usq69y4s2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUYWl1NUQzMElhbFBrbVBu
eURzOGFJSW85dFMzLzR4M3UvOVhQUGYvS0ZRCm1qYXJTUnpUcUVWUTFtRWQ2OHBO
UVg2UC9OSDJkL21vV3VNV0l1Z3ZHcHcKLS0tIDhVaGpFZ1djSnFaRnVKckxtQU0z
YlAyNGxsYno2U1NIMDVtVXJwcFA0ZWsKdNW5iANSWOGdSRYeBf/+/gtk7b+IN/ir
lo1HtaIT1a5tA28JfAo6ixIKdF5nnSIunM6Z0JlF9zKuJbBOmdVbHw==
-----END AGE ENCRYPTED FILE-----
- recipient: age148huz6rc3q9xx5t873ncx75sja2sazlescwspxl7lsmxsqkz0apsy8cldp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIWDd5Yk1pNGZ0UHRrc3lu
WWlPZTd5bFIvNVBqTWplR3NzdS8rQ0gyZVdVCkUvMEg5eWxCWHNyYTcvMFd6ek9y
Z0RudTRHanlTTVhYZDBuMkpsYTcwWjAKLS0tIGtDemJabDRVakJxMUdVUWQ2VjIv
NTBabFVLNENzWlNoUmZSUXU2eEJtdEEKuOXBlsIBsgjQvRZ4fKdoLfs1gqZYa4og
9o/mo+ciXYU3xPPOhnd/OTar/8pBpCBBCO0Ag+1Me/dVYbA0s8Jvvw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ck6lhd8thjcrdcnkn2epc8npztg0sfswahunjkwcf57rr0xaevys8fh0x6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCUnNZSEtpb0JVOTVjazFB
NHdXSnVxRm4vaXN6VE5leGU1Z1JGOHFEUUNVCnNwdUxweTVlanR2ODdvTzlDWkZR
NWVsY0k3WmFOWktsUVJGT1p6QUlKbGsKLS0tIEtnRVdxeWVYd29XZHVQWmZCNnhE
OElkbHNtUG1ncXdQWEpOcDNMeUg1d0EKF9OjITJDrkfZA2wI6Gm+0+MTDw4OPkQt
SDbNe5Gllo8BC1jTRM3H+uxsQ5L0TRrwnrSxNYjNdDIRHMrIxi3qcg==
-----END AGE ENCRYPTED FILE-----
- recipient: age13j6l33g0ghk4vezn0qwfal2qmcgqwkv89ejwezpe3n47mw8yxyuslj6y7d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqVk12WUxKdWdDVWRCU1dk
VkhNZWhNeWJ6OWJJaWdXNFZwRlZMT0lOTFdJClRyYkQvank0cGlZSzJGaE1LVVpO
VURjMnBIY3VvMkVnbzlJVGF0dU1FR2MKLS0tIHZlV0U4azN4aEVRU1YzWDN6U3Nz
YlIzbFBDd1pqMTVQa0diYnZjRmRRa2MKcPAvAB0B/zNj+mcavMkJdksWl8o1j8oQ
gGG8xdIEPT9wjfbL75IvHOy/7TKJR0uVomD8IB4QuVi1MxJh6jNJQw==
-----END AGE ENCRYPTED FILE-----
- recipient: age13x0f3glnz4jvqty2v92cxrrnjcna6ed4qegrhulw9jjy08zuy3aqzvrfc6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpbmxpNlZvV2JWYmRJS3lq
Um5GVDQ0ampMTDdzZHB1RFFqZ012bFZMd3g4CjdoMzdOUXhtSEF4Tjk1UTJlNGNG
TzAwSDAvK3VCL3ZheW1HOHFCclU0OEkKLS0tIDY5anhYeTQ5RGxNUlZNRXg5Rm1o
QVk5dm5RaWpocUZrWk02Slg3N2lONjAKxWKAmAHt9x2T/9bh2mnQIF03ufffO9wF
79jffMh/3GyX5Pk0IbjMWwOn7ahQWOEgD58C1Lja2wpixLdwb0wgfA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqelVSdDFFcVZxODBiVkEv
QUhYUzM5SDZLVWQ4YlB2UGorZWlidUhIa1N3Ck96TXFGTXBtSVFLdFY1b3BKK3g5
ejZFTkZOTDdqdHFsWmRKNEcyaUZZWW8KLS0tIDJtL2JaRE5XaHNvYW9HMFYrbTFP
NUFlUTVvQVdiTlBZOVZqSjA1ODNhUHcK8hnqUuHjUgjF8nbZgY4BTkk58BbRCYWV
NOPw/jUdEZBRoTJqoEdOLAtW/x1h7Xo+mpVuDW0K7h07LiaU7FL8xQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hkve3khk7fthyrwxjqdf4r37lrqpmnkz6mke7psuphvu2ykynqaq9g6ja5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhcUJUTFRrZmxiN1MrZkZB
V2FjSlM5ZUxyUFZMKzRoYzY1M0plcmhjckJ3CjBhY0VRT2VMRUR2N01YZWZVRkJk
VEdqSTNvLzNBOElZVVUxZ0VBekx6RnMKLS0tIHNtVlA4V1R2bkFBaVJMYkk3eUNm
TjhQY0VoNU91Zi96VzZGaitsWHptT0UKZ3Vx/iqilkHrFkAbaSeJZNmSOzXvMDX6
HhcXrrq+sVjnq0XhOqWVY72h8Hp3d0JWA9VOxNQRyM9hdVENXur8YA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3UDNVSG9Fb01YSWJTdXRD
UFB1dWhpRUFhWmMwTzdHeTNRdlg2YXd1ZnlnCndBRXBpMTJWdFRsMVNYeDBBY2g2
ZEZKTEw4dHpHSlFNT1BsSXQvaCs4MDQKLS0tIDg3YUlJYU1nUjRTTGtIeTJBVEhR
SjZLWG4xNmxoSmtaTFZweEd3TDJ2QUkKcI4MdgglGFJT58ugHebiE6YQUehEomnH
qPZdH0SZAtJxBPqt78wJqvndR5INt5HBmLtXMDLLEk8o43lqfIkK5Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-28T22:46:43Z"
mac: ENC[AES256_GCM,data:2W8TPIx7sowGBhSP63SHCiA+zvY1tKM6Ki5wBrbg5O8cYqf1UzaK7BOfU63aPq+ev+7n68B09A+MccCuRSRFIWNO/3H+I/jHrgQL2bYe5xwwqFQ8KYp3qeuxTgV5GlgVRNbBnXsxqbC5Cb+FnaisQc8bwm4wCED1+AtB2gm+XMo=,iv:XhchcixL9EwkjQJELC2IfvtGEEzUV4nK9v/Dbckh3SA=,tag:jaGdZaTVx0eq3CljcHuc4A==,type:str]
lastmodified: "2024-03-21T22:00:22Z"
mac: ENC[AES256_GCM,data:wnRif4PVGh1P29ZXv1XPF4GdFFhrsRkYmdlun4WsLDFs0Y3xIjPQRScAbDzPnhY6vaiGKZfx0+RZHHMMFyVCz4bmo85MzGuF9H2QECBfWBNgCNCKXqz7pLQHA4c0u9jiatuc9PVc42RokJ+rITn1cWV9tLGot98ealpYkJbN91w=,iv:EL2Y5WZtWB6IRwnrGmWV5QO3XiPOB8IJkATbZTY1/oY=,tag:/z3ULuFshOw/ed+G3W8OmQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View File

@@ -90,8 +90,6 @@
--rcptto shelvacu@shelvacu.com --username shelvacu --smtp-starttls
--rcptto mar@shelvacu.com --username mar
--rcptto mar+stuff@shelvacu.com --username mar
--rcptto shelvacu@shelvacu.com --username shelvacu
--rcptto julie@shelvacu.com --username julie
--rcptto foobar@shelvacu.com --username shelvacu
@@ -104,14 +102,9 @@
--mailfrom julie@shelvacu.com --expect-recipient-refused
--mailfrom @vacu.store --expect-recipient-refused
--submission --expect-recipient-refused --mailfrom julie@shelvacu.com --username shelvacu
--submission --expect-recipient-refused --mailfrom fubar@theviolincase.com --username shelvacu
--submission --expect-recipient-refused --mailfrom fubar@vacu.store --username julie
--submission --expect-recipient-refused --mailfrom shelvacu@shelvacu.com --username mar
--submission --expect-recipient-refused --mailfrom me@shelvacu.com --username mar
--submission --expect-recipient-refused --mailfrom shelvacu+foo@shelvacu.com --username mar
--submission --expect-recipient-refused --mailfrom me+foo@shelvacu.com --username mar
--submission --mailfrom shelvacu@shelvacu.com --rcptto foo@example.com --username shelvacu --password shelvacu --expect-sent
--submission --mailfrom shelvacu@shelvacu.com --rcptto foo@example.com --username shelvacu@shelvacu.com --password shelvacu --expect-sent
@@ -119,8 +112,6 @@
--submission --mailfrom foo@vacu.store --rcptto foo@example.com --username shelvacu@shelvacu.com --password shelvacu --expect-sent
--submission --mailfrom foo@violingifts.com --rcptto foo@example.com --username julie --password julie --expect-sent
--submission --mailfrom foo@violingifts.com --rcptto foo@example.com --username julie@shelvacu.com --password julie --expect-sent
--submission --mailfrom mar@shelvacu.com --rcptto foo@example.com --username mar --password mar --expect-sent
--submission --mailfrom mar+stuff@shelvacu.com --rcptto foo@example.com --username mar --password mar --expect-sent
"""
for check in checks.split("\n"):
check = check.strip()
@@ -129,4 +120,4 @@
res = checker.succeed("mailtest " + check.strip())
print(res)
'';
}
}

View File

@@ -1,4 +1,4 @@
dovecot-passwd: ENC[AES256_GCM,data:Ji41+n/7D90/O/LVM+3FDNACZ6jJPT6QYVIGWLujCheIY8m6vaRmMXzPCTgbK+njDOfIv7O2Sko15U4CYqWXAi3P43Np8GKRcv5+4NE=,iv:o6+tYBHSB3reRIqvFGB39wHk3G1L5VKmkj9Fiinnvnw=,tag:wggoNMvAYyJzkh73C3bMHw==,type:str]
dovecot-passwd: ENC[AES256_GCM,data:OPlQGFnkklEQvFpQM3jrdHB1p1zM+n76TCCaLmM/DOYlJ6W3+8bGt4i1JJq+FbA05RiX0Yhpv5s=,iv:R47TNT306RVrAPSRpK5TjUoWJF4nXnBvpDpIhwpdxWg=,tag:iKTUIoano0Bcxjkb2VQeuA==,type:str]
dkim_key: ENC[AES256_GCM,data:nzujLrGttOL38d8mxglUcAQ9EO+sL2Gh75E4Wyt6siviFEpx5ZIpXkaC9XXmD2f6Ax4BHF8FTOB1cX0dLrRYp9gNOV007CsVUWpYf34H/J5bOUo1j+urYtbtA5Idu8FoUC3ENg5Ap4CId7jTtxQ9PlS9vTKQ2T2tIqmvXGE0t0aowUdJJdPfJLN1lMENY+/m9NxwArF06K/75BAX9LaxhNDzUHNwV9PK+htD9M1g0r7McbLtZpPut8tdkzOWGiUHIisPpXSTUk8LjrFY36DNngcXAyiRZtp6WrhINVABRKMVf92dYUQixpf6r7BkCkyRT60rAHz5UbWHI/saYHgXlH2OGK5hyZZ4JueAHU2Y7Hpvbw3UIG9jumdDcRda5W0WycJyGS4a5YZST907eDP4PuZayHOmp288Cuyc+kXOxvuCGjqiuZswokj4Ba4hIUUNJU1Ys4THYrf+j+iX0nKclGS+LXvqQI1cKUE3gBecxE2SW3BNzIOGh/ywO1kg2uZlUPpfGBr+Aupke/nULcGi2HVwX5EV47jpDyoqIEiVCy3OYSeQ2gkocIQ/y74fNMoud4kWmye8bAhprxVUHHes2TBjBb6QxQdmazjhAiCvgSI3p43QlSG2fqtQMcXMiANra1heRHHsOS8GKWk/ti9/k3/0YWycXcawYE8lpg/efpBPWkgWQ+NDUxcJBbWCKbkvA2DEfoSluwcGuxUjWGa27SKaCVX/LNAUDvXcw82F61XsTpoK2i0pme7pIZeF1bfbKyPxDnpWKoLoL2i2HchD1B5AEemr+eKh3kPGqpY3SNfqPFyUYN34Fea/gg/eM1Jw/ORWGNxMwg882a/NQLRzjjseQsPEI0r0o8Xba1KqGP1mMhursrOFVRz9xXG7l5oXhx0+GsscKDnP40CXJBMf6r2tEZobrR8NagV4/Mh4r2+zYw12KwwYZ5drmS1b0ftrLZLSugJopgLaQqYC3OAnmdW1MOkNoQSWv9Y5NaPERpMQ9BJcPcGM3W3+AyEz3zRSlFQFnjZO6kk37dFz1KVbbXkrFTXhDpGw/Z/RCMdzv6eyhPqcSSccisaOxDtlLQXy95G6tOcpJV7u7qu1LzQDehyZnBjasqMQVpCJw1Q9GRxnSBjpVKzN07dEkzXqcZHh67kPR/aoH8jzbfNq5YDQ6nxK0INcSyCzJe4w18JbY5Wq0F5U0OeYwYAwHoIV/nbMdptyyw==,iv:ol3dz4SomkwyN2s4tPWDCJEYdnMuZTvHppUA95Nz3+8=,tag:IlZBYvM8e3COjxZ/dxJT7Q==,type:str]
dkim_pub: ENC[AES256_GCM,data:tigMKTZ5XiDViSez2WKfUPBkw9OtLKrEBrbp/I3tUk+mu7RR2YIaQEWfTH0EOzPMpDEIJ32pwlqicGQZdTf7WdpELcJZgbxKpWPWgTzjwHasgs38aJh2JIIoIuFwa1YgEuRGtSl7YT47WDhTTGbFFdvaKBlIe7vipgkFSxNX1NKGNgdkkcVczvlVgWKqbp05zzUlav1XEwBhd+3eTgPQFptYyvQbIFasiunrHBT8cbm+CQ/O8q90lUkoVrmQUu3XG6njDMa4pNULUJqsUogCyYgm/aDMdx7AN29daCbgj99g/hjnQrBFajJCzNyG36XrzQdZJGiG0AgG1oWAq98boNFxC5ux4eBDmT946FyxXFNwyZpu1p2naHkBlE01duCBS4PUuQFlw9tsCYOuL+xGR3paBafTcL6X67w=,iv:lXFMxiePwivoyQxuQu+hEHeuU0z85fJk9y7296oJNl8=,tag:0QknKaFPpNHo2v0feR+jAQ==,type:str]
sops:
@@ -16,8 +16,8 @@ sops:
T3dqdEJxRmkvSStuK1NmRWJkN1psWWsKuNdc6DHXXEcn63CZv/5lE30MAagPfHO0
GDOLTLCLDzNvKmd5i9dNuYBrD1JeyotNId6E4w/3oYxCFJ56SsH32Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-28T22:08:15Z"
mac: ENC[AES256_GCM,data:G7ceHgkxOv1xinx2Oc5kWCDs5njnf/uUyHlOddzM8RBZTcBp4RVB6NJb3ERFpHlEBXtO5EXnXm2ggK9cfxH9BKL/4tZeFQDqT9QcwFvtynQbCcOmBi3ffrkt4uXKwOIpVZyT8bz8GYueLq/fu2fIHwjZ7Ll43Gn2Sp6gQuvFSuo=,iv:wg88Qpn5cIIr9tXUkc/WxfMDt/SHbA09CRCCv/FwUVU=,tag:QiG5ERsym5kl2g11LK0onw==,type:str]
lastmodified: "2024-03-21T22:00:58Z"
mac: ENC[AES256_GCM,data:147XZroz5psp5Q5zGz19FZNPFr01wPGM0ivxbNVu9IcuUPw5dhnSaFQTvdYKfZPLSW2dwMJ2sPA5NAxxW0zQTh3d4vjirJ7GVj07Fn+ipL/X+wZKM42HjNSEw9IdAD5OIArZ8XjZcC+AGu7C4wHHf43uOEu7ZbWYx9Kbq+cJGbk=,iv:V9GHCN0NPWaRZOmoWhKA5fHwfKfrdays3ODfiTBrbo8=,tag:JwiHjHEjTDc6XRqtn0Aqwg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1