fix: dns01 firewall (#35)
* feat: add overlays * Auto lint/format * feat: fix dns01 firewall ports --------- Co-authored-by: Truxnell <9149206+truxnell@users.noreply.github.com> Co-authored-by: truxnell <truxnell@users.noreply.github.com>
This commit is contained in:
Truxnell
GitHub
parent
89431bdfdb
commit
2f472230fd
8 changed files with 95 additions and 91 deletions
|
|
@ -11,7 +11,7 @@
|
||||||
keys:
|
keys:
|
||||||
- &nixosvm age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
|
- &nixosvm age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
|
||||||
- &nixosvm2 age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
|
- &nixosvm2 age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
|
||||||
- &dns01 age1k3u3yn3adntn36cpnsqdze7gd029utgkndcw0zwck03ms3wegusshuav6y
|
- &dns01 age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||||
- &citadel age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
- &citadel age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||||
- &rickenbacker age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
- &rickenbacker age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -12,6 +12,8 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
mySystem.services = {
|
mySystem.services = {
|
||||||
|
|
||||||
|
openssh.enable = true;
|
||||||
maddy.enable = true;
|
maddy.enable = true;
|
||||||
dnscrypt-proxy.enable = true;
|
dnscrypt-proxy.enable = true;
|
||||||
cfDdns.enable = true;
|
cfDdns.enable = true;
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,8 @@
|
||||||
system:
|
system:
|
||||||
networking:
|
networking:
|
||||||
#ENC[AES256_GCM,data:WxRtq7uNi6m6b4GMGqvt+qkj1X4BZaynNDeEWMOH2u09x+IuYMiXXTJEGeKkf70eKjLZo0cD3HIzXNUr54SPP8jPmLqyRoS3Z+ggJg==,iv:EJPZQ9YSgs1JTKsZG1P6oMgxqNp2T7yha7UZwqAwzB4=,tag:toctJWuRe2viNF2crW1n4w==,type:comment]
|
#ENC[AES256_GCM,data:bHeRWJyZgBuMalt5K3j4xtffim6aSCq+/c4+t1pxIlr2JAI+i+PO3S09GVahSGlUpn4buJbkE1H80/w0UrdPWtR/ZAn1ZMoXCuKnXg==,iv:f1MerFEkn76dNWwYNVGotKfDbaSy2ndvt8q4ul53HGw=,tag:eNjmJtRMxbu5j2rssXHYHA==,type:comment]
|
||||||
cloudflare-dyndns:
|
cloudflare-dyndns:
|
||||||
apiTokenFile: ENC[AES256_GCM,data:yTuSA7Zteaq4ufbLq0Ri+JDosNtVHudtRGSnLXzX2IFtGlzPNfrU0shIHpbicFZ+JS9x71a37sNt7gab1AZ5dJLxe2YVNVeJ3GFCFf7QNSI4GjOjzIUFSdHHhV+xGhtrL6h4SZTnh6iKqdU2iY1pAGT9Kw==,iv:gns8r/UhIXRIO+x08ZcrpuCFtwcUcC8HWjPfdJbkfRg=,tag:FAhAsUXzNOhEix+VBSu0Dg==,type:str]
|
apiTokenFile: ENC[AES256_GCM,data:t2SR+EyOzBW3+5bZE/4Kpa4kpyZi7IErHDkjyC6r6su8thstVynSpfWDCi4Xj4Th11kU0YO3h8RBqAmss1wHTPGti+1ha3LlSJfemKWIN2qtYfJLeZ5ZBoC+xctW8u5+ahur/3tjUjsXgERCUuQiuMe5Tw==,iv:CTWKFyIi/mYu6eW6WMFWsF2ds3lkqqcQcE/5xy9qQac=,tag:muZ1RC2M3fB7vjissXCPtQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
|
@ -12,50 +12,50 @@ sops:
|
||||||
- recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
|
- recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3YlEvN1JNa01odlZTeDhB
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPbVFkcXJoWjJweUowdDU5
|
||||||
Y3ZEdlIvbUlFZm96NDZBeWc2MnRMMzlRYmxvCkh0L2NsNUdFbnM2OW8xSUlpQmwz
|
bTdTSVBDK041MVFoclRiRk1tYjBvVGFCTUhjCkhZbXB0ZURua0Yvb0EyV3ZzWEJ6
|
||||||
NjAyRnRLV1JRRkhyL2xLNXExS25MUGsKLS0tIDVwYmhkNXp3WVhNVkhkaTk1UDZn
|
NU1LaUgwZ1NjWEd3K3VWNEY0d1dkc2cKLS0tIDRHMDk5TFdCRk5jNVNPd2srT1ZY
|
||||||
UFNhQXJ5akZIY0ZiRmdDMUJGZXdCMlkKf3zA9MkZ/J2CUURvzZdtn4vSeYwiIAR9
|
VVBMZFJzVGcweUErRGpyWm5JU2M0YmsKiqThEaJubMZalyA/7nhh0L1IK0Ro0y5X
|
||||||
SLWB6O7ykkjZyhe40lJMdVb7OVqXUnAf4Ic0VpYVwLeAXjPEi2anBA==
|
8mgZh6rx8BzZJodiuRjGeCgsVnUREX4Mr1IKaFtG9GFyzc0yeTStjQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
|
- recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMSXBZZzBkdWFVT2tYZTZh
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0aE92YzM2WmlRK01qZ3RC
|
||||||
cVhIOUgzeUZ5QWQ4d0oxMGdxb2c0ZGpITVFBCkdRV00zSU1QYy9heHk2VlA1YjZI
|
dHBhc1dvSG1ReGdrZzkyUUtPRVYraGFScHpnCjRGaTM2KzRxTGFkN05mc0xFSGxO
|
||||||
VEFlTHhZN3VKTExEQmRJYmJleDNIY28KLS0tIFpjM0lIdDdIaTJoemNvUlEyWjFI
|
MkVrYVZkWlFoWmEzSWhQTTZZK0dwREUKLS0tIGRhenlKV29WbkJVVVlEaUkrNUpl
|
||||||
cDNuaXc0QXgrNGpaV1kvWXpBL2pwZWcKkde/Ka84e6AVbzxr9zY0zVIYotZEofei
|
c1hEMnBuVFBKUjl2ZHM0OXAwcnFJZzAK+Pf1YDIbiqsKGsA3geTbP9alkBG2uomZ
|
||||||
rPzQMsJ8x2+PLKRnOtny+He18E3AXN4G2KdbkkAaulFtPnodaXCWvw==
|
KeY+goK6MwNcZwKkSd83Lf6j6Fezv9C+gR2lTdZ4EFITlRWaxt6nmA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1k3u3yn3adntn36cpnsqdze7gd029utgkndcw0zwck03ms3wegusshuav6y
|
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsN1l4MWE3Wm9qZzN5TWNJ
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0MGhXMS9FbUdqckdqcUhs
|
||||||
MG9QN1J6SW1GNHFxSW4rdHFTWG40emthL1RRCmFiaGU3dVJTNzhaL0dabExRWVB2
|
aE1qL1lydy9VVWMwYlNrZTJrVVNxOW5hTWhvCkVGbjZ1RHJLc05HaFJkWm9VNzB0
|
||||||
V0tLd1kzZjVIWDFrdURtRTJDck41SVEKLS0tIHJvRmg3Uk1BWmRMcnFMTDRoM0Fq
|
T3dzbTU5YysvclQ5OHVaNU00bmRSWEUKLS0tIFF1cnVqVndtYXNrWWt5OU1IYjd5
|
||||||
aWE3ZVRqczl6NklQMEZpTnpvbzhMYWsKzTdBC6weGhLESyrGZXbaFclG0lo3aqoi
|
bUhRTVFad0pCSFhweUNkSElVSUI5SGsKccyy6u6aJagRn7OYlBpbfnzkaD/qYRt+
|
||||||
NHD2vuWcJexro3FPsBEce8yTCKi6VIBYQqntst0K4rE/7SLuMaqJVg==
|
oct41POm3gi8QQ6TYMT/xa0UlOCS9CnvjE4ZV8W5cWyvEEyPEez+Qg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTGxCNmhYRnQ5elRMV0Nt
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYbWtjd3o3anJqRHI2cWx1
|
||||||
bG1aZ255Y0pyYXhXWllVbDR0dWErUmRWWWlFCllRQm1jUU81MkhpdHdSdGhEWWpK
|
NFp4dnF4UzdxODRLek8yeWc3NXMvYXg3Y2pZCmZ1bkg4Y2htRUQ5Kzd1ZlFSRlNv
|
||||||
Zm5JaVE4LzJrRmVRR0ZQR0VuYmpLYlUKLS0tIEVIVVg2WVRnVEFQbXBGZDVLWTY0
|
dHJ6UTRUVGlzL0VQRXpLQjJMSGtQT1kKLS0tIElxcGRHUTZxdzd6U0J2cHVad2Z6
|
||||||
NXpWZHc1NzVoWEN3cWlPZmRtdW9MWkkKi6DbXhf5+zZH4rdnksT8swUHF9ZHu5Gp
|
d0I5T1prNkJtU3dOK2dLU0FQYWl6Y3MKWtTVfqZqwO1DWcqCX3zQKJw+Iru9uYLL
|
||||||
jWbed3DahkwWAyMFD9SufGlgndRjqxHuyRa5EbBA4kyjYXvF5KjeCQ==
|
oaDFNp7BkyHGAgUGlnryhpHqk/Mfiaz9F3+7E7yxPGmBL5/XGcfYzg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtajM2QjlyMzlHMDh0WjZP
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGZC9xSVVuV1QyaWxQN09F
|
||||||
eTBIWGpFVzl1MHpkWUUxMnovaHhGZnNPK3hRCm1NamVabWY0RjZ6Tm5Lbjg3eXBn
|
YVplRmZFOFJ2dGJPeS9iTVZpU3lqZk9Pc3kwCmdTV3B3WllwN3Z2dDI5aVl1OUtJ
|
||||||
ZWVSMVUyRm1kc3dTbDl5YWx6ZnNhVlEKLS0tIFA0UU43ZnBMdDUyYXV1dlZNRVJZ
|
Z0IxRHgxRjROdHE4RmpvOThuZmx4VHMKLS0tIFNJRXRsQ2lRRjB5ZTByczg0ZWg5
|
||||||
VE1jekkrU0FEVWVSaHI0OUtMRk9Za0EKZWiqeBmuKDQK4mSUWptPoMIYNQdTtxoy
|
elVTbm96S2tpb3hPNHc1OU0yZ2FUNVUKCikEO6z7kpDmFlc9JldOSlGXv4JhFh/u
|
||||||
/6Wr7QlnduC9Z+8OQuNNx5EC47DUSLmT8Zt2aP1wuolbEcQQkpNm2g==
|
8sQSl3jF58lCBllOfM5T0crwbDHGlKI7JQ2H8vhZKk8TfiH3hGWxpg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-03-29T12:22:04Z"
|
lastmodified: "2024-03-29T22:45:28Z"
|
||||||
mac: ENC[AES256_GCM,data:kPlrDIly/XpIlocuyviHIhtts6GZaslNH5F5Pnm0fiwXm/cDGxDftkpIE1eEEVxkhkOd5Vml5ppfhngMu1pJgoyEgZnW+Ej0yGc7wa1cM3Iu5yqzDy60V/D638S58wiyi4wP+MN/hXbKjC/jh05hh3vDH1b6OH3YRCRIS4R+ZSE=,iv:cy2Hgnww4u/4FqlnoYa/E1vbmx+spIRgkiSfCdIqie4=,tag:iugVVWzxDxbR0tIRnjzD3g==,type:str]
|
mac: ENC[AES256_GCM,data:tPhORuf+63E68CdAdSsA/NgdBG9GrnmpVKVLo0O1ibaUDk6WblcmMoFROIo8BuciaUZsEf30NF9lVC/QgsZ35sHc/WcX4Ze80LyhBVgf0wgpy5xSjWLnYHCgFMA/TuYX7lJBLJVFZ3VAdwWp4XznGdlBHulQFM6jBEHz8wW749A=,iv:3aHdxUNfZinz13HRTtb7376era8Hont39C6pa0jnRAk=,tag:zza2Dy6I9R3C+xqEehgRfQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,8 @@ in
|
||||||
# causing a risk of no dns if service fails.
|
# causing a risk of no dns if service fails.
|
||||||
networking = {
|
networking = {
|
||||||
nameservers = [ "10.8.10.1" ]; # TODO make varible IP
|
nameservers = [ "10.8.10.1" ]; # TODO make varible IP
|
||||||
|
firewall.allowedTCPPorts = [ 53 ];
|
||||||
|
firewall.allowedUDPPorts = [ 53 ];
|
||||||
|
|
||||||
dhcpcd.extraConfig = "nohook resolv.conf";
|
dhcpcd.extraConfig = "nohook resolv.conf";
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
system:
|
system:
|
||||||
networking:
|
networking:
|
||||||
dnscrypt-proxy2:
|
dnscrypt-proxy2:
|
||||||
forwarding-rules: ENC[AES256_GCM,data:7TUg3UiXZG25FhvxS8Mkg2ZlvLpMx05u+8yqQ3EyBXwFtXrVUvI3TM3L0NJr8c1MmimslpK7w+Xs9GphJfr4UaNV6m5A2kipA1v85AbL/rrEAvi9xRty3yqX1+vYtN1xa5Il3p0PeWkR3Q/LMW1ZfWXLu7FHyuitJaOIfySwyeK5njcHHsBtjQGNZcyg6oWxs6XdTLhrPwYMQvxrZ/l7mhxFOLIwuq9rlyVTw+SenKaZisW7TjksQtGvi3NmFARCPYSmyCH2/X/1OfPIomoUFTOAXC56mTFXrAf3TytkyOyysJsl/8S2mx6xrgbT+J09SRL9JTtQHi4iZaXS6tPFiCL6JtOzPMBdMrWdqWC/gI4Av8EemNVYu37oP5BUYsCOGOoKFMwuHSxiJCqNmR/im+cnP2tXwYwOhHmDxRNeVA6Wxt/4AktKhTHWkm/TLHshceOm+3liS+D0t+Q2/ybdy28=,iv:ejTYzQ/6qjX77GJmUKz/L/8/66fh0P7ORNqeKK4sgdE=,tag:fWugmMTlzLwdtx0sOrcv5Q==,type:str]
|
forwarding-rules: ENC[AES256_GCM,data:ZoVm64ORJw1H7fglwN/d9juRkmpblAFT3uoBh3TI//2iZ8Al3mlqdXaC72Rn4FVQh6MZA/xYXMsh3rfgZF45gb9b8YwmDA+8F3vaHo13FkwKcAsx0IMcdKJdPkOVrWXsLmvppli/z5IfyZqamLVvexqNM3QwDC5Zfi1YBQGinygYLW6ayFjWEEbW3T4pdeehhhDZW9MSutvGu+lCpQ+w2qzlqMnYCoo+k9Y+9oOBDGWwzXjfg9ry0AOhOokrQuSqTx7i8s5ERZIJ3SvG89q2O4E9PCdj9HbZfXoQwEoknfPtm/+cDcaOOxcd7FvYKH6wlOjH2ow/E6pUjiS9/BS5ht7vlBjl8sk/hSswL0EQllb6ggjH2JVp7UgHxL8moLusixHDLzCt5asIhuCqn+E2QEs1nCEdXvoLNL/ytJwP51BVQolA7KRFVYb4vA16Egz/ttjqxIAASSdGFfQesB6T6Aw=,iv:uy5lYl1kN4LXT81hx1OsrCkRgYVg6QyjAofDowXCeb0=,tag:b5PoXYgkyIiru9cDB4irBw==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
|
@ -11,50 +11,50 @@ sops:
|
||||||
- recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
|
- recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxWm9iUWwvbWZNSCs2SUVw
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVWGR5YzNVbWw5eEUyNE02
|
||||||
ZUxDNFFoQXRPVUg0bmN3dDlnNzBBRUNUNWp3CnhheUloZzFOZzc5S3pmaDQybGlX
|
d2xkR0dlbGVrdEk0VG9HNU9zS0FNazFWczNzCng1b25sdFhBZ1p0S3Q2Vys4Mnlu
|
||||||
TnEyMi9XbGgyRkdpditQVkdMb2RMMk0KLS0tIFpveHp6STZWc0NRK3JlRm01NE8z
|
RDdUQnY5amRUNng5TzlEZUhEakw2akUKLS0tIEFXVHBUcnY4RnlSbERRcUFMK2JZ
|
||||||
R1dRdnNmeDBRVmMwMzNnMHZBNE54T1UKEMjcJFqKoBvw5PA4HkGrhMXDG3RABwNI
|
U3ZrSXVURnh2ZHg0eC9UcnZjZ2txeE0KHRyC65nWKwuSMroEyDMKBXSg9q+yAzhe
|
||||||
S084C00I8qvLn769vsaaSMYm5He31CQ9qDGhDhMXFTIsBbI+jegWKA==
|
kBBUkasGdSAESM8cvMVbLoyn7RTRcMbuAFeZPkwcJu3pUc6IdWARdw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
|
- recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRdUlWK3A5TjhOUW1mbm5X
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwYWhtUXZDSCtVWTFIZy8v
|
||||||
SVFac2o3eU5NUTVkVVBqcjgvTVdlU2N0U1hBCjRrY1dGNU1UOVpWN2gzdXBUejdR
|
WFJTZ29jU1pHSURkSmU4M3FvWVBHeXJFcjJJCkVYTzM1bXJnVjZmalZYUTlTaCtH
|
||||||
VmF6VUIxdnBEODI1dnVVQ0FXaE4rcXMKLS0tIDg0NmVyYTg2bFozcjQvMWoyU0FK
|
M2FaYUhodU5ZdWdNT0ZXaDJIcS8vYWcKLS0tIGg0MjdqaG5VcElYaVNodXgyZkty
|
||||||
QmtYTHUrL3RxOEQ4aE5vNi9IVWRvbmcKZEP7E8756mvvZOdhCstv2DzUsmEeZcp6
|
Y1Nxa3JkVVZxcVNucEdQdjdsTUovRFkKk4PMs41Wlw3vvrcR0kREyZiP4TIDRYQm
|
||||||
Ts88FAsQHsF4RZLfFodKx+C1QGfA/O50MGTE5e4c2tpIuMjmCuPRLg==
|
FfVPJ1CV3oZcDuDQMJmU0zh5uFJRB5INXXNnB2ULjnqq/PNnKuHXtA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1k3u3yn3adntn36cpnsqdze7gd029utgkndcw0zwck03ms3wegusshuav6y
|
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLL1NkWkd0L29WbnNpQTh1
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSEFMOGJtSXBCUEdGWHRy
|
||||||
Rkp1MmRqTkN4WGNMMHJhR0YvL2Y0eEtIWGgwCmlQZTAxei9aa3FPTWZLTXAvK3VF
|
d1E3MGRkUG5sUnJzNktwUnZMLzdMU3NOeUNJCkVvNDhDSE1wZWpycTVwbkxWRmww
|
||||||
WXk3NzMzd0hHNlJvd1dmckcvRm5rZGMKLS0tIHQ2bVRrRkJrV2E5MXc5Vm1tVWxj
|
VmFVQklLWFZSaTJlUFdLWFZIditpelUKLS0tIFdVRnpwK0RLR0E4d0xzN04yWlp4
|
||||||
RWhoMkVhVzdyaEtZVk9Ncll4S0VqOVkKwmcv1yi15ZUIUuamKXX9Ye76jGb3UMYY
|
YkNQVkpUeDdDaUo3OGFibnZUcW5pSWMKzHh01qkxst4+3HUaqZaPAQqLV95mrUs7
|
||||||
tM0dcX49n4jCzexhU5wu2Fax4EADpiJzGVK0iZ+8+oWedbBHyVudJA==
|
cToOnz8gj4gPUxz7mKFkkHeIev/D/1kc0aDx5KPRQc7VGsLPaKkUtA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtU1A0OTFYSUVPV3R3b0N4
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRYTRpYnhZWENyM3RQdDdj
|
||||||
aE00UEZRTE1wN1NGdzhkdkJEQ2NuYzN3VDNRCldQTEN4Umw1ZnlhV1k3dVBjamxK
|
TzF0UUJsOU4yQVhLeUhzT0R2a3hjWnBMV3prCkN4NVRDbjdIZ1BtS3VpSXZlTkFC
|
||||||
Qk9qenlsZDQ5dVdjenU0cHVlVXkzTjQKLS0tIDhaMHRuZWhrWlMrMDRuY2xnTDNy
|
MlA3dDExRytDSlpFQmFyS2NtUVJZVm8KLS0tIGhlRXZBQ0tEbHFnQlRkTmVzSnlZ
|
||||||
M0Z0SHJZTi9tYXU3cEdrc2Y1NUtrY0UKt4y5CrmBbhTqB4Ksdf4fO69aukVUlz19
|
M0UwN3lTbFBiV3NjZnpUeHEzVnQ1SjAK+z6YMA4SKGcmrL77FEPAEGQeCPeLnWwy
|
||||||
9yFqWtsnt97jldYKXG8WH9koyJvW6ZLIX+he89s0JCue518tf00bJA==
|
ubU4c+wRqNYkPlKnt/qy5Fj0qlA9wIDo54kqEuqehnn8XzgLCBZVyg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwNXloZlZ6ak40ckdCZjV1
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmckhLaVorclNudHNJVU1w
|
||||||
OWlhaHp5M2tpMTEyN05DcHJvZGlLbXFBaHdzCnZ4ZHROZkRUMGplNmpQa1ZiUC9w
|
VEpRWWFYL2JGUktCaXk5TXlSQjhCd0ZhQ1FrClU3R0ZuN0NoZ0cwYXZORkZ2OTll
|
||||||
RVNIVWRqSTZFUHNFQ3JDdXd4dStPdDQKLS0tIEhqamZ5cm9aak1OV2lwTW9MMnZw
|
akM3YjhtZHFNeHNEUkNmZVhLUVJDSmMKLS0tIEg0UnRBQTdPRnNOMnRack8vS1RT
|
||||||
dFNyUENxTUQrUWI5ZHZhekp6d1o5T3cKDxaiMjGDb1EbdobP2E9WDn7YfO6J7BMU
|
WFBhZmwzQWhLVm9CaUtpVDdnOHdCemMKUV3IpFvZdm42PbL/kOLQKpFe4bld6S/q
|
||||||
sFAh+u38crXiEG24wxNl/Ps7z3oMPtmM7KRQ3hM753lBenuL7vXvMA==
|
b5sIdEDAp98aNAcvAjnJJWgIcWqhFFvM2UT7QFpCcvLg3njOfJo0IQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-03-29T12:22:04Z"
|
lastmodified: "2024-03-29T22:45:28Z"
|
||||||
mac: ENC[AES256_GCM,data:hsDY1SO1nIe7J3mpMNJsxG2R+3N7AgUxoqqfvs2V4pO8SZnx5SvBqyIdGKcUOFgY66jtvAxwXULkl0J/TFj8A+MG5BkH/IAjDrWD0czYuUogtxik4DstyUXLSSM5zFP9niOmowsvK+1u/VpBrb+OlZNYiEHYKtY7+DhVJqDnQVc=,iv:iBxfpElahoJTXld45hpZXblTStQjm0WQpYmmv5wlpNg=,tag:caPwVlvCmRzm2as7ECbXgA==,type:str]
|
mac: ENC[AES256_GCM,data:ZmLhNLQvLG6foHvCadUTw0Ws3TrVkSv93/8sS5UmC0DxwHl9s8IieTS/Otk/tu89twgLv/hI+gMWZf+L8WkaMYU0dGq0d/NSB5+Pyd1hEyHOHkUQImBz+EKj2qk9m8f5+HDnb+RpUnpMJLpjv4Fayzg9A7Ox4MfPyaPUSHUNsDQ=,iv:55ao8R/DONq6JUQLoMr/7g4qhDpOVDBP0VpwGZKkteM=,tag:DDmIi2F0L//eahBuxlVWLQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
||||||
|
|
@ -22,9 +22,9 @@ in
|
||||||
|
|
||||||
services.maddy = {
|
services.maddy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
openFirewall = true;
|
||||||
secrets = [ config.sops.secrets."system/mail/maddy/envFile".path ];
|
secrets = [ config.sops.secrets."system/mail/maddy/envFile".path ];
|
||||||
config = builtins.readFile ./maddy.conf;
|
config = builtins.readFile ./maddy.conf;
|
||||||
openFirewall = true;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
system:
|
system:
|
||||||
mail:
|
mail:
|
||||||
maddy:
|
maddy:
|
||||||
envFile: ENC[AES256_GCM,data:pGs56ZvCfX42FcmOSQvg/hXIWDs/HrLrto50lP8DxWHBBrE1Mm/BJ1GWlz8CHrwTIwDOTZCbxfbZlQhr0ofuusf3AIYdTX3dtckCK+K0FVPIXenc/b0QotKeCWCbQj4mMZJCmlu3Yot2yP+SnxXQsl41yUEQsjiXmUVnbiXGlTnvLg4=,iv:V8sOvvt2lqXRpzbL6UilZE4PdwEOnX+LPJygVy0wmk0=,tag:1EEjTETv7ADYx8H2suxM6Q==,type:str]
|
envFile: ENC[AES256_GCM,data:fSlitO+c4atrjmTJwqQQ1MgSJXUQ8taaGxhw8sATuYVXnmFTFe5nfGGu183RXOP5ZobyTydDgxl3FA4yGVAUdH55oAiikO6H2+n8BAUQdtkzdUR4jOtl5cukn01PoTbAuAj0OX1s3rCf7INPDqCydb5IuuUrW81mS7CCH/eoNyUSRFo=,iv:0CVGfwu8GJTR5QoAfSd6tLbGtkzwNb6fB+gHwiZiiws=,tag:0VrK08F/Fmx1WeqkdldBCA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
|
@ -11,50 +11,50 @@ sops:
|
||||||
- recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
|
- recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpTEx5K29rV2Z3TmFZNG1h
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwNitqWUlhK2tLSHYzZndT
|
||||||
NnR5UFJjWnFNMkYzN05WaVhsUmxHZkVwMURZCjVCMFRFcGJyMmlsVDNKL0FhSmFG
|
R2MyVEcwc01JWEY0MWMzblNqcEszeDFjdmxFCmpjWnRoM1BrU0lHWTQrbWZvVnlG
|
||||||
RHh4NVlNQWJzTGxLTkRrTkZWdll3blUKLS0tIGxqckF0cWlhMGpyanhPM29YMDVr
|
QzlvOG9uQjRBZGE1OVgzRWFET2ROWFkKLS0tIDROUnlTYS83SGdkaVV1SWJpcGVB
|
||||||
Zi9ZRXZiUVZzOUlwU094eDNTaC80UVUKNovl0feqw/7Yv8TjKdj8tCXkWvUqC76/
|
c0RiMmVNaW9XMWtBT3IydmNRcnFabzQKKshKR6aVRlDfj+AWYJAd/x+3b9JcMhEm
|
||||||
VX64fgAiC+BGbygPJ5wEVkQKH8OWSmgOIvqfvSYrga8AHsLgYPMm3A==
|
uTFP003ENqVR0Mxozz7rOWToaUid5kvLKqiEWwenXu9RQmwNINl9dA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
|
- recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRURSNjVydlVRdGFEcDFL
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5aCtOS3lvM0pHU05oMnFU
|
||||||
U2lLWW0xNkhTR3NtRUN0OUE3UjViYW9RNVRnCmo4Tks1NWgzTHV2QXlZVmJESU9i
|
VUZFaHNid2RESDhOVFFRR0dZQ2NsU1NvaVRrCkRHZ2lWZjBoa0Q4TWpaR0dFb3Jz
|
||||||
cVZ0ekJCTHdhVWVyTTRFMEJJa080MDAKLS0tIG5CVE84K1dQMTg2WHhnYnBMdDZT
|
NjZMcFdRNThtTDJrWERVa0lSQlUwODAKLS0tIC9nSkdXRU40Vm9QMldYRUdFS095
|
||||||
dloxME9lajd3YW9Bbk9qUzVVa2UrYVEKUMlgxX2REGuvkpXwFhClOllkuUf/8E3v
|
YWxmTEE4RktDakJGTHVsOURUUDExZjgK5ML6rKmO4rRcV6mFVhA3mjtXne9luTAi
|
||||||
9QpcjUSWmExHTJcxvSUkEYL5C6lODL4172PfnQLt9QkdX7sYQUOFuw==
|
6lmVdYKIvKz5mQT2TqickgEDAdLcziz5e9xxwq5Nojf5V5obtCJs/g==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1k3u3yn3adntn36cpnsqdze7gd029utgkndcw0zwck03ms3wegusshuav6y
|
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqMTZRRlRUOVowT01vUVVm
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEbjhvcDAzU0Y4Mkc3Z1JP
|
||||||
aGNUQVllVVNKcVVoVXIyWmRLUEd5bzFVSjEwCm5iUUo3WWtEdHA4Wm1kSk8vcmRM
|
QWI2ZCtJRHhzNTM0Zm5Gb0lCeng2bE1nOG4wCkFVTXZPcm5yS3FOQkVqN0NYTFZB
|
||||||
ZzJGSk51UnU5d2pjVzZiZGt3dlZETHMKLS0tIGw3cDdnNWxiZXdtMmhuRUpwV1Y4
|
QmJIVTNSNDBRaDduUmJTbFVQV2R2eWMKLS0tIFlzbS8xcDhrb2pFc1dPaUorc1U1
|
||||||
RXRvL2F0TkxGNm1LejR1bHFCYjkyU2cKn7QMPuwZ8ermG59uK3rHrJkuDZ2US0JG
|
YWg4dDE2UzY1b1VldzBaSHc0dDgxemMKuQ7RXTLwKwrcNDv2tNmCTYcTnzOY1jO5
|
||||||
Oj/ts8DXuu71TpTiiCXumThs+IjKQgARyv5P/jP/Souq9LppDtEDnQ==
|
2m9CUSqeDRgMDfxO24Pt7Zk0YuGDdFONNMsBX8nm2RhCUhVM0nVmVQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLSlVlMG14cUxUcDRseDBC
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwMlpYOXZIcUdHU20yTzRG
|
||||||
YXBtRk5oRlJ3dS83TDFicFM4WVZMT1VwelZrCkl5V01BbzRVa3RLWTF4U0ExRmR3
|
ajcwTk9HT3lxM3JxbG1GMitQQnVHenFQRFdFCnFhK1RxT3lUVE55M09HOTZQTzJF
|
||||||
cU9XMFZRQ2l6V0k1aFlucjlGL0d3V3cKLS0tIDJGWlE1Y1hhcjhUT1BsTXBtQTFH
|
QlpWOXBtOGNWamxDdVRFcHlGRm5DeXMKLS0tIEkyK2Y5S2h5d0JBS3pJaXBVb0ow
|
||||||
bEJka0pvUUM0OTV3QWdNWWRhcldTSEkK/yRrMYy2YC7NTzir/LL97PV9LxvW/fm1
|
dUhCRVh6eTkxMy95MjlkVlFVZVZGazgK6HewYdcLC1q/NY6ysanj2pQogpxQVWxh
|
||||||
2YQIlSs6amPT32U46tnpqytVs0iR9Jobd153oAJjfhrAsGGP/msgsQ==
|
+LrDzvjMeYOrQD2bC3rVBEnM4IFIur9RKg1JLPkrNI/bONX+Tsk52g==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzUTJvUnE5V3NYNmZ0dERi
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrTWtEYnVJdWkyTVFSQkMz
|
||||||
emh0ell0N0xBMkhjL3kxdkIyRWs4UWpYTVFNCnlqaVhiWUNXa0l1Qk1peHlxdDdQ
|
ZWVKeE1hdlF5bXZHaWxJUVVWbzlnZ2JYVWp3ClpJc3JOZjZ0bktTdUlNZHcxNm5y
|
||||||
aEdkdFdFWW5zUlVBT1F0aERVQndheTgKLS0tIE83UXA1V21qbzFiQ3NFRnRiaS9i
|
TDBJcTUvSG5mcyt1KytlQmViR0FXdVUKLS0tIGR3M3BhdkJqdElEN09QTXJVbFpS
|
||||||
TXEvWDRXMTZuellnT1BKRWs4a1VkaFkK8Sls0BOhgCj36HhFIlRclBltqXrcR7cU
|
eUZCVlh3YlRVTzU1YjZZaVd1U0ZLZW8Kr5wh1mo7P9dhUcQWGSDtY09uqC+aEYAF
|
||||||
POkvvHVfEXzZ8GzKOx3tyZZ7fnksNM9XFbofZ9/apGR9FP9mepnrdA==
|
Fo+1RM0vaZJ90MUygERU+tZsjoZuD+XL+ckdCquPLRypuidZvfeh0g==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-03-29T12:22:04Z"
|
lastmodified: "2024-03-29T22:45:28Z"
|
||||||
mac: ENC[AES256_GCM,data:XncWerMNxizmY29/ktbk6qyENQ75RJ11x7STemdtds9+0g24pyRpuHV0oocetDRLmUN6Cg6qXwCkJ2cgR5MMzjUYsYRP2VlzGPwQpr+L6dmvYp+j+70X9Qk7bRfj0cRJn+gHhfkWSxpAvows0/9+wJcsFhowS/vihVoz2xjLoZU=,iv:yH0wEYRX0uuJeyf9+5E9qpwr8S5lUXpB9K5aWnHJShY=,tag:6aIhVuQOtfbWggdnF7zw2g==,type:str]
|
mac: ENC[AES256_GCM,data:oU8t0LUz/gSpABrHfQi6uazu0hen7Z1Bu+LlBPWxc2hGOV+Et1YF2VZY11uA0th0aZ6t1sFA+DvBDuKKBv/S70qhz1KB5MYTmGfcHMWmLNTzoO35u5FSVRbrcWDX8Simj2Mfpxksphr9xzqlbCaMKiCj6ZrUFDKAfPPe+KPjJwg=,iv:8AKTtwoTHQbfjXwrozBiytUn4jGWKbBJLTzkod2Cdlw=,tag:XqBX+pA9x+m4Cl+NVZx0Lw==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.mySystem.services.openssh = {
|
options.mySystem.services.openssh = {
|
||||||
enable = mkEnableOption "openssh";
|
enable = mkEnableOption "openssh" // { default = true; };
|
||||||
passwordAuthentication = mkOption
|
passwordAuthentication = mkOption
|
||||||
{
|
{
|
||||||
type = lib.types.bool;
|
type = lib.types.bool;
|
||||||
|
|
|
||||||
Reference in a new issue