jahanson/nix-config-tn
Archived
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

fix: dns01 firewall (#35)

Browse source 
* feat: add overlays

* Auto lint/format

* feat: fix dns01 firewall ports

---------

Co-authored-by: Truxnell <9149206+truxnell@users.noreply.github.com>
Co-authored-by: truxnell <truxnell@users.noreply.github.com>
This commit is contained in:
Truxnell 2024-03-30 09:50:30 +11:00 committed by GitHub
parent 89431bdfdb
commit 2f472230fd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 95 additions and 91 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.sops.yaml
View file

@ -11,7 +11,7 @@
keys:
- &nixosvm age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
- &nixosvm2 age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
- &dns01 age1k3u3yn3adntn36cpnsqdze7gd029utgkndcw0zwck03ms3wegusshuav6y
- &dns01 age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
- &citadel age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
- &rickenbacker age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc

2
nixos/hosts/dns01/default.nix
View file

@ -12,6 +12,8 @@
];
mySystem.services = {
openssh.enable = true;
maddy.enable = true;
dnscrypt-proxy.enable = true;
cfDdns.enable = true;

60
nixos/modules/nixos/services/cloudflare-dyndns/cloudflare-dyndns.sops.yaml
View file

@ -1,8 +1,8 @@
system:
networking:
#ENC[AES256_GCM,data:WxRtq7uNi6m6b4GMGqvt+qkj1X4BZaynNDeEWMOH2u09x+IuYMiXXTJEGeKkf70eKjLZo0cD3HIzXNUr54SPP8jPmLqyRoS3Z+ggJg==,iv:EJPZQ9YSgs1JTKsZG1P6oMgxqNp2T7yha7UZwqAwzB4=,tag:toctJWuRe2viNF2crW1n4w==,type:comment]
#ENC[AES256_GCM,data:bHeRWJyZgBuMalt5K3j4xtffim6aSCq+/c4+t1pxIlr2JAI+i+PO3S09GVahSGlUpn4buJbkE1H80/w0UrdPWtR/ZAn1ZMoXCuKnXg==,iv:f1MerFEkn76dNWwYNVGotKfDbaSy2ndvt8q4ul53HGw=,tag:eNjmJtRMxbu5j2rssXHYHA==,type:comment]
cloudflare-dyndns:
apiTokenFile: ENC[AES256_GCM,data:yTuSA7Zteaq4ufbLq0Ri+JDosNtVHudtRGSnLXzX2IFtGlzPNfrU0shIHpbicFZ+JS9x71a37sNt7gab1AZ5dJLxe2YVNVeJ3GFCFf7QNSI4GjOjzIUFSdHHhV+xGhtrL6h4SZTnh6iKqdU2iY1pAGT9Kw==,iv:gns8r/UhIXRIO+x08ZcrpuCFtwcUcC8HWjPfdJbkfRg=,tag:FAhAsUXzNOhEix+VBSu0Dg==,type:str]
apiTokenFile: ENC[AES256_GCM,data:t2SR+EyOzBW3+5bZE/4Kpa4kpyZi7IErHDkjyC6r6su8thstVynSpfWDCi4Xj4Th11kU0YO3h8RBqAmss1wHTPGti+1ha3LlSJfemKWIN2qtYfJLeZ5ZBoC+xctW8u5+ahur/3tjUjsXgERCUuQiuMe5Tw==,iv:CTWKFyIi/mYu6eW6WMFWsF2ds3lkqqcQcE/5xy9qQac=,tag:muZ1RC2M3fB7vjissXCPtQ==,type:str]
sops:
kms: []
gcp_kms: []
@ -12,50 +12,50 @@ sops:
- recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3YlEvN1JNa01odlZTeDhB
Y3ZEdlIvbUlFZm96NDZBeWc2MnRMMzlRYmxvCkh0L2NsNUdFbnM2OW8xSUlpQmwz
NjAyRnRLV1JRRkhyL2xLNXExS25MUGsKLS0tIDVwYmhkNXp3WVhNVkhkaTk1UDZn
UFNhQXJ5akZIY0ZiRmdDMUJGZXdCMlkKf3zA9MkZ/J2CUURvzZdtn4vSeYwiIAR9
SLWB6O7ykkjZyhe40lJMdVb7OVqXUnAf4Ic0VpYVwLeAXjPEi2anBA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPbVFkcXJoWjJweUowdDU5
bTdTSVBDK041MVFoclRiRk1tYjBvVGFCTUhjCkhZbXB0ZURua0Yvb0EyV3ZzWEJ6
NU1LaUgwZ1NjWEd3K3VWNEY0d1dkc2cKLS0tIDRHMDk5TFdCRk5jNVNPd2srT1ZY
VVBMZFJzVGcweUErRGpyWm5JU2M0YmsKiqThEaJubMZalyA/7nhh0L1IK0Ro0y5X
8mgZh6rx8BzZJodiuRjGeCgsVnUREX4Mr1IKaFtG9GFyzc0yeTStjQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMSXBZZzBkdWFVT2tYZTZh
cVhIOUgzeUZ5QWQ4d0oxMGdxb2c0ZGpITVFBCkdRV00zSU1QYy9heHk2VlA1YjZI
VEFlTHhZN3VKTExEQmRJYmJleDNIY28KLS0tIFpjM0lIdDdIaTJoemNvUlEyWjFI
cDNuaXc0QXgrNGpaV1kvWXpBL2pwZWcKkde/Ka84e6AVbzxr9zY0zVIYotZEofei
rPzQMsJ8x2+PLKRnOtny+He18E3AXN4G2KdbkkAaulFtPnodaXCWvw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0aE92YzM2WmlRK01qZ3RC
dHBhc1dvSG1ReGdrZzkyUUtPRVYraGFScHpnCjRGaTM2KzRxTGFkN05mc0xFSGxO
MkVrYVZkWlFoWmEzSWhQTTZZK0dwREUKLS0tIGRhenlKV29WbkJVVVlEaUkrNUpl
c1hEMnBuVFBKUjl2ZHM0OXAwcnFJZzAK+Pf1YDIbiqsKGsA3geTbP9alkBG2uomZ
KeY+goK6MwNcZwKkSd83Lf6j6Fezv9C+gR2lTdZ4EFITlRWaxt6nmA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k3u3yn3adntn36cpnsqdze7gd029utgkndcw0zwck03ms3wegusshuav6y
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsN1l4MWE3Wm9qZzN5TWNJ
MG9QN1J6SW1GNHFxSW4rdHFTWG40emthL1RRCmFiaGU3dVJTNzhaL0dabExRWVB2
V0tLd1kzZjVIWDFrdURtRTJDck41SVEKLS0tIHJvRmg3Uk1BWmRMcnFMTDRoM0Fq
aWE3ZVRqczl6NklQMEZpTnpvbzhMYWsKzTdBC6weGhLESyrGZXbaFclG0lo3aqoi
NHD2vuWcJexro3FPsBEce8yTCKi6VIBYQqntst0K4rE/7SLuMaqJVg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0MGhXMS9FbUdqckdqcUhs
aE1qL1lydy9VVWMwYlNrZTJrVVNxOW5hTWhvCkVGbjZ1RHJLc05HaFJkWm9VNzB0
T3dzbTU5YysvclQ5OHVaNU00bmRSWEUKLS0tIFF1cnVqVndtYXNrWWt5OU1IYjd5
bUhRTVFad0pCSFhweUNkSElVSUI5SGsKccyy6u6aJagRn7OYlBpbfnzkaD/qYRt+
oct41POm3gi8QQ6TYMT/xa0UlOCS9CnvjE4ZV8W5cWyvEEyPEez+Qg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTGxCNmhYRnQ5elRMV0Nt
bG1aZ255Y0pyYXhXWllVbDR0dWErUmRWWWlFCllRQm1jUU81MkhpdHdSdGhEWWpK
Zm5JaVE4LzJrRmVRR0ZQR0VuYmpLYlUKLS0tIEVIVVg2WVRnVEFQbXBGZDVLWTY0
NXpWZHc1NzVoWEN3cWlPZmRtdW9MWkkKi6DbXhf5+zZH4rdnksT8swUHF9ZHu5Gp
jWbed3DahkwWAyMFD9SufGlgndRjqxHuyRa5EbBA4kyjYXvF5KjeCQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYbWtjd3o3anJqRHI2cWx1
NFp4dnF4UzdxODRLek8yeWc3NXMvYXg3Y2pZCmZ1bkg4Y2htRUQ5Kzd1ZlFSRlNv
dHJ6UTRUVGlzL0VQRXpLQjJMSGtQT1kKLS0tIElxcGRHUTZxdzd6U0J2cHVad2Z6
d0I5T1prNkJtU3dOK2dLU0FQYWl6Y3MKWtTVfqZqwO1DWcqCX3zQKJw+Iru9uYLL
oaDFNp7BkyHGAgUGlnryhpHqk/Mfiaz9F3+7E7yxPGmBL5/XGcfYzg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtajM2QjlyMzlHMDh0WjZP
eTBIWGpFVzl1MHpkWUUxMnovaHhGZnNPK3hRCm1NamVabWY0RjZ6Tm5Lbjg3eXBn
ZWVSMVUyRm1kc3dTbDl5YWx6ZnNhVlEKLS0tIFA0UU43ZnBMdDUyYXV1dlZNRVJZ
VE1jekkrU0FEVWVSaHI0OUtMRk9Za0EKZWiqeBmuKDQK4mSUWptPoMIYNQdTtxoy
/6Wr7QlnduC9Z+8OQuNNx5EC47DUSLmT8Zt2aP1wuolbEcQQkpNm2g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGZC9xSVVuV1QyaWxQN09F
YVplRmZFOFJ2dGJPeS9iTVZpU3lqZk9Pc3kwCmdTV3B3WllwN3Z2dDI5aVl1OUtJ
Z0IxRHgxRjROdHE4RmpvOThuZmx4VHMKLS0tIFNJRXRsQ2lRRjB5ZTByczg0ZWg5
elVTbm96S2tpb3hPNHc1OU0yZ2FUNVUKCikEO6z7kpDmFlc9JldOSlGXv4JhFh/u
8sQSl3jF58lCBllOfM5T0crwbDHGlKI7JQ2H8vhZKk8TfiH3hGWxpg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-29T12:22:04Z"
mac: ENC[AES256_GCM,data:kPlrDIly/XpIlocuyviHIhtts6GZaslNH5F5Pnm0fiwXm/cDGxDftkpIE1eEEVxkhkOd5Vml5ppfhngMu1pJgoyEgZnW+Ej0yGc7wa1cM3Iu5yqzDy60V/D638S58wiyi4wP+MN/hXbKjC/jh05hh3vDH1b6OH3YRCRIS4R+ZSE=,iv:cy2Hgnww4u/4FqlnoYa/E1vbmx+spIRgkiSfCdIqie4=,tag:iugVVWzxDxbR0tIRnjzD3g==,type:str]
lastmodified: "2024-03-29T22:45:28Z"
mac: ENC[AES256_GCM,data:tPhORuf+63E68CdAdSsA/NgdBG9GrnmpVKVLo0O1ibaUDk6WblcmMoFROIo8BuciaUZsEf30NF9lVC/QgsZ35sHc/WcX4Ze80LyhBVgf0wgpy5xSjWLnYHCgFMA/TuYX7lJBLJVFZ3VAdwWp4XznGdlBHulQFM6jBEHz8wW749A=,iv:3aHdxUNfZinz13HRTtb7376era8Hont39C6pa0jnRAk=,tag:zza2Dy6I9R3C+xqEehgRfQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

2
nixos/modules/nixos/services/dnscrypt-proxy2/default.nix
View file

@ -18,6 +18,8 @@ in
# causing a risk of no dns if service fails.
networking = {
nameservers = [ "10.8.10.1" ]; # TODO make varible IP
firewall.allowedTCPPorts = [ 53 ];
firewall.allowedUDPPorts = [ 53 ];
dhcpcd.extraConfig = "nohook resolv.conf";
};

58
nixos/modules/nixos/services/dnscrypt-proxy2/dnscrypt-proxy2.sops.yaml
View file

@ -1,7 +1,7 @@
system:
networking:
dnscrypt-proxy2:
forwarding-rules: ENC[AES256_GCM,data:7TUg3UiXZG25FhvxS8Mkg2ZlvLpMx05u+8yqQ3EyBXwFtXrVUvI3TM3L0NJr8c1MmimslpK7w+Xs9GphJfr4UaNV6m5A2kipA1v85AbL/rrEAvi9xRty3yqX1+vYtN1xa5Il3p0PeWkR3Q/LMW1ZfWXLu7FHyuitJaOIfySwyeK5njcHHsBtjQGNZcyg6oWxs6XdTLhrPwYMQvxrZ/l7mhxFOLIwuq9rlyVTw+SenKaZisW7TjksQtGvi3NmFARCPYSmyCH2/X/1OfPIomoUFTOAXC56mTFXrAf3TytkyOyysJsl/8S2mx6xrgbT+J09SRL9JTtQHi4iZaXS6tPFiCL6JtOzPMBdMrWdqWC/gI4Av8EemNVYu37oP5BUYsCOGOoKFMwuHSxiJCqNmR/im+cnP2tXwYwOhHmDxRNeVA6Wxt/4AktKhTHWkm/TLHshceOm+3liS+D0t+Q2/ybdy28=,iv:ejTYzQ/6qjX77GJmUKz/L/8/66fh0P7ORNqeKK4sgdE=,tag:fWugmMTlzLwdtx0sOrcv5Q==,type:str]
forwarding-rules: ENC[AES256_GCM,data:ZoVm64ORJw1H7fglwN/d9juRkmpblAFT3uoBh3TI//2iZ8Al3mlqdXaC72Rn4FVQh6MZA/xYXMsh3rfgZF45gb9b8YwmDA+8F3vaHo13FkwKcAsx0IMcdKJdPkOVrWXsLmvppli/z5IfyZqamLVvexqNM3QwDC5Zfi1YBQGinygYLW6ayFjWEEbW3T4pdeehhhDZW9MSutvGu+lCpQ+w2qzlqMnYCoo+k9Y+9oOBDGWwzXjfg9ry0AOhOokrQuSqTx7i8s5ERZIJ3SvG89q2O4E9PCdj9HbZfXoQwEoknfPtm/+cDcaOOxcd7FvYKH6wlOjH2ow/E6pUjiS9/BS5ht7vlBjl8sk/hSswL0EQllb6ggjH2JVp7UgHxL8moLusixHDLzCt5asIhuCqn+E2QEs1nCEdXvoLNL/ytJwP51BVQolA7KRFVYb4vA16Egz/ttjqxIAASSdGFfQesB6T6Aw=,iv:uy5lYl1kN4LXT81hx1OsrCkRgYVg6QyjAofDowXCeb0=,tag:b5PoXYgkyIiru9cDB4irBw==,type:str]
sops:
kms: []
gcp_kms: []
@ -11,50 +11,50 @@ sops:
- recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxWm9iUWwvbWZNSCs2SUVw
ZUxDNFFoQXRPVUg0bmN3dDlnNzBBRUNUNWp3CnhheUloZzFOZzc5S3pmaDQybGlX
TnEyMi9XbGgyRkdpditQVkdMb2RMMk0KLS0tIFpveHp6STZWc0NRK3JlRm01NE8z
R1dRdnNmeDBRVmMwMzNnMHZBNE54T1UKEMjcJFqKoBvw5PA4HkGrhMXDG3RABwNI
S084C00I8qvLn769vsaaSMYm5He31CQ9qDGhDhMXFTIsBbI+jegWKA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVWGR5YzNVbWw5eEUyNE02
d2xkR0dlbGVrdEk0VG9HNU9zS0FNazFWczNzCng1b25sdFhBZ1p0S3Q2Vys4Mnlu
RDdUQnY5amRUNng5TzlEZUhEakw2akUKLS0tIEFXVHBUcnY4RnlSbERRcUFMK2JZ
U3ZrSXVURnh2ZHg0eC9UcnZjZ2txeE0KHRyC65nWKwuSMroEyDMKBXSg9q+yAzhe
kBBUkasGdSAESM8cvMVbLoyn7RTRcMbuAFeZPkwcJu3pUc6IdWARdw==
-----END AGE ENCRYPTED FILE-----
- recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRdUlWK3A5TjhOUW1mbm5X
SVFac2o3eU5NUTVkVVBqcjgvTVdlU2N0U1hBCjRrY1dGNU1UOVpWN2gzdXBUejdR
VmF6VUIxdnBEODI1dnVVQ0FXaE4rcXMKLS0tIDg0NmVyYTg2bFozcjQvMWoyU0FK
QmtYTHUrL3RxOEQ4aE5vNi9IVWRvbmcKZEP7E8756mvvZOdhCstv2DzUsmEeZcp6
Ts88FAsQHsF4RZLfFodKx+C1QGfA/O50MGTE5e4c2tpIuMjmCuPRLg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwYWhtUXZDSCtVWTFIZy8v
WFJTZ29jU1pHSURkSmU4M3FvWVBHeXJFcjJJCkVYTzM1bXJnVjZmalZYUTlTaCtH
M2FaYUhodU5ZdWdNT0ZXaDJIcS8vYWcKLS0tIGg0MjdqaG5VcElYaVNodXgyZkty
Y1Nxa3JkVVZxcVNucEdQdjdsTUovRFkKk4PMs41Wlw3vvrcR0kREyZiP4TIDRYQm
FfVPJ1CV3oZcDuDQMJmU0zh5uFJRB5INXXNnB2ULjnqq/PNnKuHXtA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k3u3yn3adntn36cpnsqdze7gd029utgkndcw0zwck03ms3wegusshuav6y
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLL1NkWkd0L29WbnNpQTh1
Rkp1MmRqTkN4WGNMMHJhR0YvL2Y0eEtIWGgwCmlQZTAxei9aa3FPTWZLTXAvK3VF
WXk3NzMzd0hHNlJvd1dmckcvRm5rZGMKLS0tIHQ2bVRrRkJrV2E5MXc5Vm1tVWxj
RWhoMkVhVzdyaEtZVk9Ncll4S0VqOVkKwmcv1yi15ZUIUuamKXX9Ye76jGb3UMYY
tM0dcX49n4jCzexhU5wu2Fax4EADpiJzGVK0iZ+8+oWedbBHyVudJA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSEFMOGJtSXBCUEdGWHRy
d1E3MGRkUG5sUnJzNktwUnZMLzdMU3NOeUNJCkVvNDhDSE1wZWpycTVwbkxWRmww
VmFVQklLWFZSaTJlUFdLWFZIditpelUKLS0tIFdVRnpwK0RLR0E4d0xzN04yWlp4
YkNQVkpUeDdDaUo3OGFibnZUcW5pSWMKzHh01qkxst4+3HUaqZaPAQqLV95mrUs7
cToOnz8gj4gPUxz7mKFkkHeIev/D/1kc0aDx5KPRQc7VGsLPaKkUtA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtU1A0OTFYSUVPV3R3b0N4
aE00UEZRTE1wN1NGdzhkdkJEQ2NuYzN3VDNRCldQTEN4Umw1ZnlhV1k3dVBjamxK
Qk9qenlsZDQ5dVdjenU0cHVlVXkzTjQKLS0tIDhaMHRuZWhrWlMrMDRuY2xnTDNy
M0Z0SHJZTi9tYXU3cEdrc2Y1NUtrY0UKt4y5CrmBbhTqB4Ksdf4fO69aukVUlz19
9yFqWtsnt97jldYKXG8WH9koyJvW6ZLIX+he89s0JCue518tf00bJA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRYTRpYnhZWENyM3RQdDdj
TzF0UUJsOU4yQVhLeUhzT0R2a3hjWnBMV3prCkN4NVRDbjdIZ1BtS3VpSXZlTkFC
MlA3dDExRytDSlpFQmFyS2NtUVJZVm8KLS0tIGhlRXZBQ0tEbHFnQlRkTmVzSnlZ
M0UwN3lTbFBiV3NjZnpUeHEzVnQ1SjAK+z6YMA4SKGcmrL77FEPAEGQeCPeLnWwy
ubU4c+wRqNYkPlKnt/qy5Fj0qlA9wIDo54kqEuqehnn8XzgLCBZVyg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwNXloZlZ6ak40ckdCZjV1
OWlhaHp5M2tpMTEyN05DcHJvZGlLbXFBaHdzCnZ4ZHROZkRUMGplNmpQa1ZiUC9w
RVNIVWRqSTZFUHNFQ3JDdXd4dStPdDQKLS0tIEhqamZ5cm9aak1OV2lwTW9MMnZw
dFNyUENxTUQrUWI5ZHZhekp6d1o5T3cKDxaiMjGDb1EbdobP2E9WDn7YfO6J7BMU
sFAh+u38crXiEG24wxNl/Ps7z3oMPtmM7KRQ3hM753lBenuL7vXvMA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmckhLaVorclNudHNJVU1w
VEpRWWFYL2JGUktCaXk5TXlSQjhCd0ZhQ1FrClU3R0ZuN0NoZ0cwYXZORkZ2OTll
akM3YjhtZHFNeHNEUkNmZVhLUVJDSmMKLS0tIEg0UnRBQTdPRnNOMnRack8vS1RT
WFBhZmwzQWhLVm9CaUtpVDdnOHdCemMKUV3IpFvZdm42PbL/kOLQKpFe4bld6S/q
b5sIdEDAp98aNAcvAjnJJWgIcWqhFFvM2UT7QFpCcvLg3njOfJo0IQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-29T12:22:04Z"
mac: ENC[AES256_GCM,data:hsDY1SO1nIe7J3mpMNJsxG2R+3N7AgUxoqqfvs2V4pO8SZnx5SvBqyIdGKcUOFgY66jtvAxwXULkl0J/TFj8A+MG5BkH/IAjDrWD0czYuUogtxik4DstyUXLSSM5zFP9niOmowsvK+1u/VpBrb+OlZNYiEHYKtY7+DhVJqDnQVc=,iv:iBxfpElahoJTXld45hpZXblTStQjm0WQpYmmv5wlpNg=,tag:caPwVlvCmRzm2as7ECbXgA==,type:str]
lastmodified: "2024-03-29T22:45:28Z"
mac: ENC[AES256_GCM,data:ZmLhNLQvLG6foHvCadUTw0Ws3TrVkSv93/8sS5UmC0DxwHl9s8IieTS/Otk/tu89twgLv/hI+gMWZf+L8WkaMYU0dGq0d/NSB5+Pyd1hEyHOHkUQImBz+EKj2qk9m8f5+HDnb+RpUnpMJLpjv4Fayzg9A7Ox4MfPyaPUSHUNsDQ=,iv:55ao8R/DONq6JUQLoMr/7g4qhDpOVDBP0VpwGZKkteM=,tag:DDmIi2F0L//eahBuxlVWLQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

2
nixos/modules/nixos/services/maddy/default.nix
View file

@ -22,9 +22,9 @@ in
services.maddy = {
enable = true;
openFirewall = true;
secrets = [ config.sops.secrets."system/mail/maddy/envFile".path ];
config = builtins.readFile ./maddy.conf;
openFirewall = true;
};
};

58
nixos/modules/nixos/services/maddy/maddy.sops.yaml
View file

@ -1,7 +1,7 @@
system:
mail:
maddy:
envFile: ENC[AES256_GCM,data:pGs56ZvCfX42FcmOSQvg/hXIWDs/HrLrto50lP8DxWHBBrE1Mm/BJ1GWlz8CHrwTIwDOTZCbxfbZlQhr0ofuusf3AIYdTX3dtckCK+K0FVPIXenc/b0QotKeCWCbQj4mMZJCmlu3Yot2yP+SnxXQsl41yUEQsjiXmUVnbiXGlTnvLg4=,iv:V8sOvvt2lqXRpzbL6UilZE4PdwEOnX+LPJygVy0wmk0=,tag:1EEjTETv7ADYx8H2suxM6Q==,type:str]
envFile: ENC[AES256_GCM,data:fSlitO+c4atrjmTJwqQQ1MgSJXUQ8taaGxhw8sATuYVXnmFTFe5nfGGu183RXOP5ZobyTydDgxl3FA4yGVAUdH55oAiikO6H2+n8BAUQdtkzdUR4jOtl5cukn01PoTbAuAj0OX1s3rCf7INPDqCydb5IuuUrW81mS7CCH/eoNyUSRFo=,iv:0CVGfwu8GJTR5QoAfSd6tLbGtkzwNb6fB+gHwiZiiws=,tag:0VrK08F/Fmx1WeqkdldBCA==,type:str]
sops:
kms: []
gcp_kms: []
@ -11,50 +11,50 @@ sops:
- recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpTEx5K29rV2Z3TmFZNG1h
NnR5UFJjWnFNMkYzN05WaVhsUmxHZkVwMURZCjVCMFRFcGJyMmlsVDNKL0FhSmFG
RHh4NVlNQWJzTGxLTkRrTkZWdll3blUKLS0tIGxqckF0cWlhMGpyanhPM29YMDVr
Zi9ZRXZiUVZzOUlwU094eDNTaC80UVUKNovl0feqw/7Yv8TjKdj8tCXkWvUqC76/
VX64fgAiC+BGbygPJ5wEVkQKH8OWSmgOIvqfvSYrga8AHsLgYPMm3A==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwNitqWUlhK2tLSHYzZndT
R2MyVEcwc01JWEY0MWMzblNqcEszeDFjdmxFCmpjWnRoM1BrU0lHWTQrbWZvVnlG
QzlvOG9uQjRBZGE1OVgzRWFET2ROWFkKLS0tIDROUnlTYS83SGdkaVV1SWJpcGVB
c0RiMmVNaW9XMWtBT3IydmNRcnFabzQKKshKR6aVRlDfj+AWYJAd/x+3b9JcMhEm
uTFP003ENqVR0Mxozz7rOWToaUid5kvLKqiEWwenXu9RQmwNINl9dA==
-----END AGE ENCRYPTED FILE-----
- recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRURSNjVydlVRdGFEcDFL
U2lLWW0xNkhTR3NtRUN0OUE3UjViYW9RNVRnCmo4Tks1NWgzTHV2QXlZVmJESU9i
cVZ0ekJCTHdhVWVyTTRFMEJJa080MDAKLS0tIG5CVE84K1dQMTg2WHhnYnBMdDZT
dloxME9lajd3YW9Bbk9qUzVVa2UrYVEKUMlgxX2REGuvkpXwFhClOllkuUf/8E3v
9QpcjUSWmExHTJcxvSUkEYL5C6lODL4172PfnQLt9QkdX7sYQUOFuw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5aCtOS3lvM0pHU05oMnFU
VUZFaHNid2RESDhOVFFRR0dZQ2NsU1NvaVRrCkRHZ2lWZjBoa0Q4TWpaR0dFb3Jz
NjZMcFdRNThtTDJrWERVa0lSQlUwODAKLS0tIC9nSkdXRU40Vm9QMldYRUdFS095
YWxmTEE4RktDakJGTHVsOURUUDExZjgK5ML6rKmO4rRcV6mFVhA3mjtXne9luTAi
6lmVdYKIvKz5mQT2TqickgEDAdLcziz5e9xxwq5Nojf5V5obtCJs/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k3u3yn3adntn36cpnsqdze7gd029utgkndcw0zwck03ms3wegusshuav6y
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqMTZRRlRUOVowT01vUVVm
aGNUQVllVVNKcVVoVXIyWmRLUEd5bzFVSjEwCm5iUUo3WWtEdHA4Wm1kSk8vcmRM
ZzJGSk51UnU5d2pjVzZiZGt3dlZETHMKLS0tIGw3cDdnNWxiZXdtMmhuRUpwV1Y4
RXRvL2F0TkxGNm1LejR1bHFCYjkyU2cKn7QMPuwZ8ermG59uK3rHrJkuDZ2US0JG
Oj/ts8DXuu71TpTiiCXumThs+IjKQgARyv5P/jP/Souq9LppDtEDnQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEbjhvcDAzU0Y4Mkc3Z1JP
QWI2ZCtJRHhzNTM0Zm5Gb0lCeng2bE1nOG4wCkFVTXZPcm5yS3FOQkVqN0NYTFZB
QmJIVTNSNDBRaDduUmJTbFVQV2R2eWMKLS0tIFlzbS8xcDhrb2pFc1dPaUorc1U1
YWg4dDE2UzY1b1VldzBaSHc0dDgxemMKuQ7RXTLwKwrcNDv2tNmCTYcTnzOY1jO5
2m9CUSqeDRgMDfxO24Pt7Zk0YuGDdFONNMsBX8nm2RhCUhVM0nVmVQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLSlVlMG14cUxUcDRseDBC
YXBtRk5oRlJ3dS83TDFicFM4WVZMT1VwelZrCkl5V01BbzRVa3RLWTF4U0ExRmR3
cU9XMFZRQ2l6V0k1aFlucjlGL0d3V3cKLS0tIDJGWlE1Y1hhcjhUT1BsTXBtQTFH
bEJka0pvUUM0OTV3QWdNWWRhcldTSEkK/yRrMYy2YC7NTzir/LL97PV9LxvW/fm1
2YQIlSs6amPT32U46tnpqytVs0iR9Jobd153oAJjfhrAsGGP/msgsQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwMlpYOXZIcUdHU20yTzRG
ajcwTk9HT3lxM3JxbG1GMitQQnVHenFQRFdFCnFhK1RxT3lUVE55M09HOTZQTzJF
QlpWOXBtOGNWamxDdVRFcHlGRm5DeXMKLS0tIEkyK2Y5S2h5d0JBS3pJaXBVb0ow
dUhCRVh6eTkxMy95MjlkVlFVZVZGazgK6HewYdcLC1q/NY6ysanj2pQogpxQVWxh
+LrDzvjMeYOrQD2bC3rVBEnM4IFIur9RKg1JLPkrNI/bONX+Tsk52g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzUTJvUnE5V3NYNmZ0dERi
emh0ell0N0xBMkhjL3kxdkIyRWs4UWpYTVFNCnlqaVhiWUNXa0l1Qk1peHlxdDdQ
aEdkdFdFWW5zUlVBT1F0aERVQndheTgKLS0tIE83UXA1V21qbzFiQ3NFRnRiaS9i
TXEvWDRXMTZuellnT1BKRWs4a1VkaFkK8Sls0BOhgCj36HhFIlRclBltqXrcR7cU
POkvvHVfEXzZ8GzKOx3tyZZ7fnksNM9XFbofZ9/apGR9FP9mepnrdA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrTWtEYnVJdWkyTVFSQkMz
ZWVKeE1hdlF5bXZHaWxJUVVWbzlnZ2JYVWp3ClpJc3JOZjZ0bktTdUlNZHcxNm5y
TDBJcTUvSG5mcyt1KytlQmViR0FXdVUKLS0tIGR3M3BhdkJqdElEN09QTXJVbFpS
eUZCVlh3YlRVTzU1YjZZaVd1U0ZLZW8Kr5wh1mo7P9dhUcQWGSDtY09uqC+aEYAF
Fo+1RM0vaZJ90MUygERU+tZsjoZuD+XL+ckdCquPLRypuidZvfeh0g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-29T12:22:04Z"
mac: ENC[AES256_GCM,data:XncWerMNxizmY29/ktbk6qyENQ75RJ11x7STemdtds9+0g24pyRpuHV0oocetDRLmUN6Cg6qXwCkJ2cgR5MMzjUYsYRP2VlzGPwQpr+L6dmvYp+j+70X9Qk7bRfj0cRJn+gHhfkWSxpAvows0/9+wJcsFhowS/vihVoz2xjLoZU=,iv:yH0wEYRX0uuJeyf9+5E9qpwr8S5lUXpB9K5aWnHJShY=,tag:6aIhVuQOtfbWggdnF7zw2g==,type:str]
lastmodified: "2024-03-29T22:45:28Z"
mac: ENC[AES256_GCM,data:oU8t0LUz/gSpABrHfQi6uazu0hen7Z1Bu+LlBPWxc2hGOV+Et1YF2VZY11uA0th0aZ6t1sFA+DvBDuKKBv/S70qhz1KB5MYTmGfcHMWmLNTzoO35u5FSVRbrcWDX8Simj2Mfpxksphr9xzqlbCaMKiCj6ZrUFDKAfPPe+KPjJwg=,iv:8AKTtwoTHQbfjXwrozBiytUn4jGWKbBJLTzkod2Cdlw=,tag:XqBX+pA9x+m4Cl+NVZx0Lw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

2
nixos/modules/nixos/system/openssh.nix
View file

@ -9,7 +9,7 @@ let
in
{
options.mySystem.services.openssh = {
enable = mkEnableOption "openssh";
enable = mkEnableOption "openssh" // { default = true; };
passwordAuthentication = mkOption
{
type = lib.types.bool;