diff --git a/.sops.yaml b/.sops.yaml index 6ed1353..6cfa9a9 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -11,7 +11,8 @@ keys: - &nixosvm age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn - &nixosvm2 age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz - - &dns01 age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c + - &dns01 age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u + - &dns02 age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - &citadel age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - &rickenbacker age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc @@ -22,5 +23,6 @@ creation_rules: - *nixosvm - *nixosvm2 - *dns01 + - *dns02 - *citadel - *rickenbacker diff --git a/flake.nix b/flake.nix index 403f585..6e5fccf 100644 --- a/flake.nix +++ b/flake.nix @@ -142,6 +142,19 @@ ]; }; + "dns02" = mkNixosConfig { + # Rpi for DNS and misc services + + hostname = "dns02"; + system = "aarch64-linux"; + hardwareModules = [ + ./nixos/profiles/hw-rpi4.nix + inputs.nixos-hardware.nixosModules.raspberry-pi-4 + ]; + profileModules = [ + ./nixos/profiles/role-server.nix + ]; + }; # # nix build .#images.rpi4 # rpi4 = nixpkgs.lib.nixosSystem { @@ -189,8 +202,10 @@ }; in { - dns01 = mkDeployConfig "10.8.10.11" self.nixosConfigurations.dns01; rickenbacker = mkDeployConfig "rickenbacker" self.nixosConfigurations.rickenbacker; + dns01 = mkDeployConfig "10.8.10.11" self.nixosConfigurations.dns01; + dns02 = mkDeployConfig "10.8.10.10" self.nixosConfigurations.dns02; + # dns02 = mkDeployConfig "dns02.natallan.com" self.nixosConfigurations.dns02; }; diff --git a/nixos/hosts/dns01/default.nix b/nixos/hosts/dns01/default.nix index d463b1e..44d698f 100644 --- a/nixos/hosts/dns01/default.nix +++ b/nixos/hosts/dns01/default.nix @@ -24,7 +24,7 @@ fileSystems."/" = { - device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; + device = "/dev/disk/by-label/NIXOS_SD"; fsType = "ext4"; }; diff --git a/nixos/hosts/dns02/default.nix b/nixos/hosts/dns02/default.nix index 6b55b0a..8bd8199 100644 --- a/nixos/hosts/dns02/default.nix +++ b/nixos/hosts/dns02/default.nix @@ -7,96 +7,28 @@ , ... }: { imports = [ - # Host-specific - ./hardware-configuration.nix - # Common imports - ../common/nixos - ../common/nixos/users/truxnell - ../common/optional/fish.nix - ../common/optional/monitoring.nix - ../common/optional/reboot-required.nix - ../common/optional/sops-nix.nix - ../common/optional/dnscrypt-proxy2.nix - ../common/optional/cloudflare-dyndns.nix - ../common/optional/maddy.nix ]; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; + mySystem.services = { - networking.hostName = "dns01"; # Define your hostname. + openssh.enable = true; + dnscrypt-proxy.enable = true; + cfDdns.enable = true; + }; - # Pick only one of the below networking options. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + networking.hostName = "dns02"; # Define your hostname. + networking.useDHCP = lib.mkDefault true; - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + fileSystems."/" = + { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + }; - # Select internationalisation properties. - # i18n.defaultLocale = "en_US.UTF-8"; - # console = { - # font = "Lat2-Terminus16"; - # keyMap = "us"; - # useXkbConfig = true; # use xkb.options in tty. - # }; + swapDevices = [ ]; - # Enable the X11 windowing system. - # services.xserver.enable = true; - # Configure keymap in X11 - # services.xserver.xkb.layout = "us"; - # services.xserver.xkb.options = "eurosign:e,caps:escape"; - # Enable CUPS to print documents. - # services.printing.enable = true; - - # Enable sound. - # sound.enable = true; - # hardware.pulseaudio.enable = true; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system. - # - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.stateVersion = "23.11"; # Did you read the comment? } diff --git a/nixos/modules/nixos/services/cloudflare-dyndns/cloudflare-dyndns.sops.yaml b/nixos/modules/nixos/services/cloudflare-dyndns/cloudflare-dyndns.sops.yaml index c38c011..0116550 100644 --- a/nixos/modules/nixos/services/cloudflare-dyndns/cloudflare-dyndns.sops.yaml +++ b/nixos/modules/nixos/services/cloudflare-dyndns/cloudflare-dyndns.sops.yaml @@ -1,8 +1,8 @@ system: networking: - #ENC[AES256_GCM,data:bHeRWJyZgBuMalt5K3j4xtffim6aSCq+/c4+t1pxIlr2JAI+i+PO3S09GVahSGlUpn4buJbkE1H80/w0UrdPWtR/ZAn1ZMoXCuKnXg==,iv:f1MerFEkn76dNWwYNVGotKfDbaSy2ndvt8q4ul53HGw=,tag:eNjmJtRMxbu5j2rssXHYHA==,type:comment] + #ENC[AES256_GCM,data:y2k8WKDdMW/+lCc7OnJTPd21DZFkjXqRSDRuIHTvN3p8AZ0KB0ERjf5/Fzpgq9wRjktcGMfFRzl9AaLN0DNXLseV5hoeX8pzXrZddA==,iv:hMuTiccA2PSUKGK5bZ9YCGHYgj58+TMbid7/FOXqK6A=,tag:B9A3H4ssQsi3aD/bUvh8IA==,type:comment] cloudflare-dyndns: - apiTokenFile: ENC[AES256_GCM,data:t2SR+EyOzBW3+5bZE/4Kpa4kpyZi7IErHDkjyC6r6su8thstVynSpfWDCi4Xj4Th11kU0YO3h8RBqAmss1wHTPGti+1ha3LlSJfemKWIN2qtYfJLeZ5ZBoC+xctW8u5+ahur/3tjUjsXgERCUuQiuMe5Tw==,iv:CTWKFyIi/mYu6eW6WMFWsF2ds3lkqqcQcE/5xy9qQac=,tag:muZ1RC2M3fB7vjissXCPtQ==,type:str] + apiTokenFile: ENC[AES256_GCM,data:AQA6X+GoPgudn+qwGpNnX3PmWNfgYFuvYGbthoOXPTiAs54oPrH6XGyFjGS5skqe9vypjPbl/Zj+z8q4rLGKrZt9cgF5JywoS2pyjscDW9QI74mAS6bcH8eJ/PMLopDYybKEMS8w1cMeGP5J46Uhg2HLJA==,iv:vjzMXBt9NbFcoqzpew/s/h1OXNWEnDLY0JuyASvbojM=,tag:8Ca+0ieZUZ9Wk9Q2UigF0A==,type:str] sops: kms: [] gcp_kms: [] @@ -12,50 +12,59 @@ sops: - recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPbVFkcXJoWjJweUowdDU5 - bTdTSVBDK041MVFoclRiRk1tYjBvVGFCTUhjCkhZbXB0ZURua0Yvb0EyV3ZzWEJ6 - NU1LaUgwZ1NjWEd3K3VWNEY0d1dkc2cKLS0tIDRHMDk5TFdCRk5jNVNPd2srT1ZY - VVBMZFJzVGcweUErRGpyWm5JU2M0YmsKiqThEaJubMZalyA/7nhh0L1IK0Ro0y5X - 8mgZh6rx8BzZJodiuRjGeCgsVnUREX4Mr1IKaFtG9GFyzc0yeTStjQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3eHR0VlFlL21SNzJJQ2F0 + UUJ3Vy9mem0veTJlV3FKbVNGd1htRHNOQkI4Ckd3QXk5bVR0WmNkaXZUZXBZY0px + NTJJZ3NKRDBLZTRJd2xOZ0pBazk2SFEKLS0tIG1zQTlCcUFSUUthaUxLeHlyZWpQ + NXBYeUx6bmYwSXFrZlNmZitYM1ZlK28KvKU5iig3qg1tGOX8jDsXjXJ9ly8cP+4y + tcsCDuQWxiJ2v2U4FD47iRs2IfxZadYGJM2nOToOKHnuTTSpvNXAVQ== -----END AGE ENCRYPTED FILE----- - recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0aE92YzM2WmlRK01qZ3RC - dHBhc1dvSG1ReGdrZzkyUUtPRVYraGFScHpnCjRGaTM2KzRxTGFkN05mc0xFSGxO - MkVrYVZkWlFoWmEzSWhQTTZZK0dwREUKLS0tIGRhenlKV29WbkJVVVlEaUkrNUpl - c1hEMnBuVFBKUjl2ZHM0OXAwcnFJZzAK+Pf1YDIbiqsKGsA3geTbP9alkBG2uomZ - KeY+goK6MwNcZwKkSd83Lf6j6Fezv9C+gR2lTdZ4EFITlRWaxt6nmA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyZzEyRkZZbTcvOVRLU3JH + bWZ4eXdUZlAxQjNkN2c1SzNiQVdkWU1FR24wClYwVjdGYm1xditOYWxIMGNmVDFr + cXZLdHhqOS9yNHEzQ29aKzVCNU5uMWMKLS0tIHoveWJmcS80MENxSnVXNlpJN0lx + bFNWU3dUTXFkMDZaWjUxWVlVd2x6dkUKKEBaUX/euYu9VEzhudWs4PUb+xVvpjQQ + GoOcFJvp+A60X2pK5mDxzgyWWudr+ZjiQNn3A/6XE4KfLhzmmI5Bsg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVSkNCTFZaSTYyYjRwN0lP + Qzd4R3krZVJlREtueHlqUTBPRTNhcU5ORVNzCmdkYWFUQWRNajB4UEc3bzA2anIr + cm92alRQUWI0UDR2T0c5OTVhZ1hRQ0UKLS0tIFkxUHl1c3psYU1CTUI2NEpmL1hR + VnVacXZDQ3UyR1VoVGVQUzdteDRXRUUKkK9LP5sCjS2t2M+tftUqBh8jqwjmfKU6 + HsIaMzELohiV5/91iq5FlIArQe7F5KFQfY3vRfYuh26I6zgqvVUlrA== -----END AGE ENCRYPTED FILE----- - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0MGhXMS9FbUdqckdqcUhs - aE1qL1lydy9VVWMwYlNrZTJrVVNxOW5hTWhvCkVGbjZ1RHJLc05HaFJkWm9VNzB0 - T3dzbTU5YysvclQ5OHVaNU00bmRSWEUKLS0tIFF1cnVqVndtYXNrWWt5OU1IYjd5 - bUhRTVFad0pCSFhweUNkSElVSUI5SGsKccyy6u6aJagRn7OYlBpbfnzkaD/qYRt+ - oct41POm3gi8QQ6TYMT/xa0UlOCS9CnvjE4ZV8W5cWyvEEyPEez+Qg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6NEJjblpGK2dGMmJ6OHBu + bnc0dUg0dXJROUMvQW1mOEcyWlpqb3BzUGc4CjdmT1FkaTdsRndGUXlod1cwSnpm + OFNLcjc3NlpPY2ZOMm55Y0ZFSjVpelkKLS0tIDVZV2hmMG1Qd0g1dXFEY0x0ZmhC + Y3NleUZ2azM0amdHRlplSGtvcWowd1kK+PNq8czpnC5zfwET60aQkNdcUwQopZ9W + nUX+QutTCdFoWoCKGsoQK42uXWQheHNtoPT258s2+8SBtdwLIckHgQ== -----END AGE ENCRYPTED FILE----- - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYbWtjd3o3anJqRHI2cWx1 - NFp4dnF4UzdxODRLek8yeWc3NXMvYXg3Y2pZCmZ1bkg4Y2htRUQ5Kzd1ZlFSRlNv - dHJ6UTRUVGlzL0VQRXpLQjJMSGtQT1kKLS0tIElxcGRHUTZxdzd6U0J2cHVad2Z6 - d0I5T1prNkJtU3dOK2dLU0FQYWl6Y3MKWtTVfqZqwO1DWcqCX3zQKJw+Iru9uYLL - oaDFNp7BkyHGAgUGlnryhpHqk/Mfiaz9F3+7E7yxPGmBL5/XGcfYzg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0T25vdlB1VGFBVGdYd3k4 + em42STFmdU9tZW9vVCtTZlBqOFZnUzFHYlZJCnJuSGk0cGlOSkQ1VzlRZ0ZONmlx + bXNkQ0hCaFBrMmt3dXZ2dXZzN09UVGsKLS0tIHo5bnVxcWEyQ2JkMk9qK1pxVW1S + ZnJ0R0hDVDU4WDFVS1Jka0h3b0R4bjAKcJ88Yzxn2HTqEEu0ujVMZGXJpc9jbypI + hlsDzMESTAlrZx7ZmI+nJw36RolDPRTfteHJFGI8LEx6zGXLcBp3LQ== -----END AGE ENCRYPTED FILE----- - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGZC9xSVVuV1QyaWxQN09F - YVplRmZFOFJ2dGJPeS9iTVZpU3lqZk9Pc3kwCmdTV3B3WllwN3Z2dDI5aVl1OUtJ - Z0IxRHgxRjROdHE4RmpvOThuZmx4VHMKLS0tIFNJRXRsQ2lRRjB5ZTByczg0ZWg5 - elVTbm96S2tpb3hPNHc1OU0yZ2FUNVUKCikEO6z7kpDmFlc9JldOSlGXv4JhFh/u - 8sQSl3jF58lCBllOfM5T0crwbDHGlKI7JQ2H8vhZKk8TfiH3hGWxpg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCbmdMeGUxaGN1cTFXVlFV + dElYSkVMTm9DMGFLTDRLYzRGQ1dGaUFHSzNRCjk0bkprSHpsUjRRdnNaeWpTbG0y + T3BKK1h6VWNCMC96Y3lyQ1ZRcW9mL0kKLS0tIG5GaTI5MVkwMkNEWWcvbmZGanYz + VWIybGRha1dWWUdsaWIxOXRLZkVFNlUKLEQI3HO/7Ia7GoOJOKJVbYkDrevqh7m7 + hjMjnl4RnrcFwq46NuYyruTartHqRPBUHyXdoiMfeHNQQ7QP8A5ZHA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-29T22:45:28Z" - mac: ENC[AES256_GCM,data:tPhORuf+63E68CdAdSsA/NgdBG9GrnmpVKVLo0O1ibaUDk6WblcmMoFROIo8BuciaUZsEf30NF9lVC/QgsZ35sHc/WcX4Ze80LyhBVgf0wgpy5xSjWLnYHCgFMA/TuYX7lJBLJVFZ3VAdwWp4XznGdlBHulQFM6jBEHz8wW749A=,iv:3aHdxUNfZinz13HRTtb7376era8Hont39C6pa0jnRAk=,tag:zza2Dy6I9R3C+xqEehgRfQ==,type:str] + lastmodified: "2024-03-30T01:29:21Z" + mac: ENC[AES256_GCM,data:8Z5udmxrut2IxaP9kjP7px8CoQYNBIwIhafCWC8y1+LzOJWdITIfL3S/gW8O3xIH27gS0y2CsBSFf3fB9kF0JPapnCMLwNtA/oqNdSqx4p0Jev3mdtfaboF1kGShuDiYUIhMRVk/eiDtNojakVJiMxZzEtdo5YbgRXlfbYw6gTQ=,iv:UHOH6pAVf3VBtVvGn0HijmhbPWv6d64EESMRJkXC48o=,tag:EJfBjV6qZfGNxyCU9XzuHA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/nixos/modules/nixos/services/dnscrypt-proxy2/dnscrypt-proxy2.sops.yaml b/nixos/modules/nixos/services/dnscrypt-proxy2/dnscrypt-proxy2.sops.yaml index abf9780..67436a2 100644 --- a/nixos/modules/nixos/services/dnscrypt-proxy2/dnscrypt-proxy2.sops.yaml +++ b/nixos/modules/nixos/services/dnscrypt-proxy2/dnscrypt-proxy2.sops.yaml @@ -1,7 +1,7 @@ system: networking: dnscrypt-proxy2: - forwarding-rules: ENC[AES256_GCM,data:ZoVm64ORJw1H7fglwN/d9juRkmpblAFT3uoBh3TI//2iZ8Al3mlqdXaC72Rn4FVQh6MZA/xYXMsh3rfgZF45gb9b8YwmDA+8F3vaHo13FkwKcAsx0IMcdKJdPkOVrWXsLmvppli/z5IfyZqamLVvexqNM3QwDC5Zfi1YBQGinygYLW6ayFjWEEbW3T4pdeehhhDZW9MSutvGu+lCpQ+w2qzlqMnYCoo+k9Y+9oOBDGWwzXjfg9ry0AOhOokrQuSqTx7i8s5ERZIJ3SvG89q2O4E9PCdj9HbZfXoQwEoknfPtm/+cDcaOOxcd7FvYKH6wlOjH2ow/E6pUjiS9/BS5ht7vlBjl8sk/hSswL0EQllb6ggjH2JVp7UgHxL8moLusixHDLzCt5asIhuCqn+E2QEs1nCEdXvoLNL/ytJwP51BVQolA7KRFVYb4vA16Egz/ttjqxIAASSdGFfQesB6T6Aw=,iv:uy5lYl1kN4LXT81hx1OsrCkRgYVg6QyjAofDowXCeb0=,tag:b5PoXYgkyIiru9cDB4irBw==,type:str] + forwarding-rules: ENC[AES256_GCM,data:qM6Y19pynqVruwgV7KhRfS1klhsZChZqpVxx0mV1PXSAyTf+9uiVCmpst7ZYIOzOeri4DnG2Pi1L2aOs93tsH7UnbLyKMs0qHO0y5T30clzBclw+VmjGUXJ3iwX0vL9o3fYXZ/WEfZd1vclgKqJmjwNIhqXdf+iYwm/Vlhe6Ib1cb8qUh3H0QqSARwmPw+5ffPjTBRdp+MAu8ZH+9s0lbXipk1l/YoBsd0qs6ID1D8ahTXLaUKabuE4a462Qjat0cx7b88Psam/AxqQXTbujCxAbO9t6rzPgTW79GURoIVddoURPEfWUX+7125RH4bHHZd4dQWPee1d89ikmPIG65x6mGRlI073gGP07x+uNXyvcQVG4GabiJ1xOzlnzT5obySYuH/JKhYMR8meTCQGQKJyCaFjPfOWQYkEHt8xd4/hg3zlC8H+a44th9tNadif0rys3LSx+ltyyEbYyqU6U5vs=,iv:ApcoDgN5uLjqFmWbYZoL21GlKkUwkqRcVxXm20/q8GI=,tag:TxYTmEGcf+183CyzH5cfiQ==,type:str] sops: kms: [] gcp_kms: [] @@ -11,50 +11,59 @@ sops: - recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVWGR5YzNVbWw5eEUyNE02 - d2xkR0dlbGVrdEk0VG9HNU9zS0FNazFWczNzCng1b25sdFhBZ1p0S3Q2Vys4Mnlu - RDdUQnY5amRUNng5TzlEZUhEakw2akUKLS0tIEFXVHBUcnY4RnlSbERRcUFMK2JZ - U3ZrSXVURnh2ZHg0eC9UcnZjZ2txeE0KHRyC65nWKwuSMroEyDMKBXSg9q+yAzhe - kBBUkasGdSAESM8cvMVbLoyn7RTRcMbuAFeZPkwcJu3pUc6IdWARdw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2c2dSOEIrUUtpbFNUb3Rj + TlIyOU9EQlJCVTB4WFNjWDAwVGVpMUluV25vCnpvaXVqckIrUit6Q2NGb3Q5bnF0 + ZG9JRy9VdVRLS0J3Vys4UEFZcndRU28KLS0tIGlIcFpMYXIzOEVBZ3cvbVJ2MFBl + cWtPNHRmSDNUVXJ3NUVPN3crYUVRREEKQxhNUNBYizl6qNo/JKdHeOLAn6/V2xfA + sHtn9fq0lhpWQ5oaSUOP9GHZVhEkP+fRJfK+QULEiR52zr2pYj8jMA== -----END AGE ENCRYPTED FILE----- - recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwYWhtUXZDSCtVWTFIZy8v - WFJTZ29jU1pHSURkSmU4M3FvWVBHeXJFcjJJCkVYTzM1bXJnVjZmalZYUTlTaCtH - M2FaYUhodU5ZdWdNT0ZXaDJIcS8vYWcKLS0tIGg0MjdqaG5VcElYaVNodXgyZkty - Y1Nxa3JkVVZxcVNucEdQdjdsTUovRFkKk4PMs41Wlw3vvrcR0kREyZiP4TIDRYQm - FfVPJ1CV3oZcDuDQMJmU0zh5uFJRB5INXXNnB2ULjnqq/PNnKuHXtA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrajZoNzE4VWhCK0E3aHNq + RUZ0TFFMejNjUmhSS2lZQnR0RHhZUzAwcERNCndUYnFPZnhuelptVUNaUWdkTWFk + R05mcXE3REcrNEJndGphTXhESW8vam8KLS0tIFMzSXFBUEY4N0d5eWN3b3IvQnFV + K21tS3FnbWZsRHVyZHI5d1NyN3c0b0kKfHq1QUZwgmIA/3cHOJuTWN99hwm2kI1p + emBoeNukVvjOgqUCEBG/O4GMHlc6BmmimnSiULg65eIyFEAdLOsBOA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmZVExakR2VUVCODVoZ0tm + WnBsNXdjTXVRejFBUzVLN0s3aGgzV2pJb2pzCmpTdnhpb2h0c25TdDBSemxHS2xh + ekR0QlJLUk9JY3VqTzJVSWdZa0UrYW8KLS0tIGFjVmxDbjdXdHptK1RxZCtxcDFR + NUxNNUtkQzlvTHhadS9JelFOSWI4ODQKdFjY8uyoOrRXa37M3d6qqY5zsB6UxOLv + d/hfiFATBbGGdj5B3AyQV8yIWTBt+k9og7wh8GVhzrkje5eJx3qMqA== -----END AGE ENCRYPTED FILE----- - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSEFMOGJtSXBCUEdGWHRy - d1E3MGRkUG5sUnJzNktwUnZMLzdMU3NOeUNJCkVvNDhDSE1wZWpycTVwbkxWRmww - VmFVQklLWFZSaTJlUFdLWFZIditpelUKLS0tIFdVRnpwK0RLR0E4d0xzN04yWlp4 - YkNQVkpUeDdDaUo3OGFibnZUcW5pSWMKzHh01qkxst4+3HUaqZaPAQqLV95mrUs7 - cToOnz8gj4gPUxz7mKFkkHeIev/D/1kc0aDx5KPRQc7VGsLPaKkUtA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1OGxhc054cTh1VU55eUtE + aklYUVI3RUhYdy9WdzhMV2dkU0FYZi9uakEwCkFPQ2lVeDNEcXVvRUV2czI5M1dS + d3g2R29YRHJpMXRWMlZxT25JazBab2cKLS0tIExPYWhZUktycmtNMndXVFlHcnNH + U2RXdlk0VThxb0hYOTR6U3dTZW5RNHcKy4iJe/O5O00Otvf7bh48+cCbhEhctu69 + zzrNyHgd7T1cCTd1YdgR+cuwqBLDW1br8ATh8w6Fj41gtvB8mrzXVw== -----END AGE ENCRYPTED FILE----- - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRYTRpYnhZWENyM3RQdDdj - TzF0UUJsOU4yQVhLeUhzT0R2a3hjWnBMV3prCkN4NVRDbjdIZ1BtS3VpSXZlTkFC - MlA3dDExRytDSlpFQmFyS2NtUVJZVm8KLS0tIGhlRXZBQ0tEbHFnQlRkTmVzSnlZ - M0UwN3lTbFBiV3NjZnpUeHEzVnQ1SjAK+z6YMA4SKGcmrL77FEPAEGQeCPeLnWwy - ubU4c+wRqNYkPlKnt/qy5Fj0qlA9wIDo54kqEuqehnn8XzgLCBZVyg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwNVFaYU1jZDhHbGRndWtZ + aS9wNnpWanBxc3Jtc1lsNXZRVGR5bDhyRXprCkVhWEIzT3JHcjFueDM0emlobFVD + dTBqUXNnaTBMUk1sZlJ2a09SWHhQbzAKLS0tIHV0WS9TcmYxR043S1ExZHhsc3pl + ZFRDOWhGbmlwR2hqT0swVm5RQWdxZjQK/kWd22+oqeZ3jVgpFiJYJbdbhnOTVTSg + lBw1CGoxXlHgXMjjbAQVdFk7n8uLxIjhcV3WZyFVAYdEQ+QQUmXUyw== -----END AGE ENCRYPTED FILE----- - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmckhLaVorclNudHNJVU1w - VEpRWWFYL2JGUktCaXk5TXlSQjhCd0ZhQ1FrClU3R0ZuN0NoZ0cwYXZORkZ2OTll - akM3YjhtZHFNeHNEUkNmZVhLUVJDSmMKLS0tIEg0UnRBQTdPRnNOMnRack8vS1RT - WFBhZmwzQWhLVm9CaUtpVDdnOHdCemMKUV3IpFvZdm42PbL/kOLQKpFe4bld6S/q - b5sIdEDAp98aNAcvAjnJJWgIcWqhFFvM2UT7QFpCcvLg3njOfJo0IQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPZ2lWY0FiYytiM1YvRmox + NDIwVlpNWWx4L0p5MTA4N214a0lqTGhjaHg0CmtwSGZxWTRrcDBiaEVNUUZNMmM4 + VFd2Tm95Z2dTemtkLzY1WmdSUllBRjAKLS0tIFpqTDhXTW1mZ1FwYVZxbEZNdjRL + YTNLREliQjJudW4rZCt3VzZYMGhoUFUKvMQEXnUNDd/RBv/zo+05d/znEZqaWONj + BjisOFvPYDodU/hUYGCxrdiKx4CxMhrtOjZjVxF25BMbH7m+XeNLHw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-29T22:45:28Z" - mac: ENC[AES256_GCM,data:ZmLhNLQvLG6foHvCadUTw0Ws3TrVkSv93/8sS5UmC0DxwHl9s8IieTS/Otk/tu89twgLv/hI+gMWZf+L8WkaMYU0dGq0d/NSB5+Pyd1hEyHOHkUQImBz+EKj2qk9m8f5+HDnb+RpUnpMJLpjv4Fayzg9A7Ox4MfPyaPUSHUNsDQ=,iv:55ao8R/DONq6JUQLoMr/7g4qhDpOVDBP0VpwGZKkteM=,tag:DDmIi2F0L//eahBuxlVWLQ==,type:str] + lastmodified: "2024-03-30T01:29:21Z" + mac: ENC[AES256_GCM,data:j/ofDZ5Ky8xGkQU5ciGDPWDO8WchRl7ii4aWKhLZsPRojCYDEq7uQEKVeXl8QRjeDpFiFsGVlapKpLKbdCnANxHFgwPDR4sM+cBgqP5IRagTYo+4PyXNz7gjeVDnboB0rI80TrSd9uWcBU+1mkSuzLlUiXZQ2Uo00Tnkf7xIcBk=,iv:HX4//Q5uNbLfUePXGQOjt+zuFqPL3iTl9zRD8tGZXWU=,tag:cQccCSJ2QRQA5hy/LQFgTQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/nixos/modules/nixos/services/maddy/maddy.sops.yaml b/nixos/modules/nixos/services/maddy/maddy.sops.yaml index 79f948e..0eff13f 100644 --- a/nixos/modules/nixos/services/maddy/maddy.sops.yaml +++ b/nixos/modules/nixos/services/maddy/maddy.sops.yaml @@ -1,7 +1,7 @@ system: mail: maddy: - envFile: ENC[AES256_GCM,data:fSlitO+c4atrjmTJwqQQ1MgSJXUQ8taaGxhw8sATuYVXnmFTFe5nfGGu183RXOP5ZobyTydDgxl3FA4yGVAUdH55oAiikO6H2+n8BAUQdtkzdUR4jOtl5cukn01PoTbAuAj0OX1s3rCf7INPDqCydb5IuuUrW81mS7CCH/eoNyUSRFo=,iv:0CVGfwu8GJTR5QoAfSd6tLbGtkzwNb6fB+gHwiZiiws=,tag:0VrK08F/Fmx1WeqkdldBCA==,type:str] + envFile: ENC[AES256_GCM,data:Wo+iP0IzT71mtQwTX8u4klf+Jw126+ovm3neZKlRKDxXt2GT1TR7DTXzdUIskhfVyXSS5K8VbHb/+vZgDJ8jqoIGRxd3CSnH/f5zevHzPgz8LOpXc+4pVDqQzuTqS2XFI9JPLZpiXmcrJ0aSGeupTK1vkS+KvezJNbtRCar+uRVH0Cw=,iv:qK0mHWnpnDrYl+Ovc8HlmfWgLUvhHaTEXRqvkeWuMSk=,tag:Yh9jIlt2IxK68Mi2xOa0oA==,type:str] sops: kms: [] gcp_kms: [] @@ -11,50 +11,59 @@ sops: - recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwNitqWUlhK2tLSHYzZndT - R2MyVEcwc01JWEY0MWMzblNqcEszeDFjdmxFCmpjWnRoM1BrU0lHWTQrbWZvVnlG - QzlvOG9uQjRBZGE1OVgzRWFET2ROWFkKLS0tIDROUnlTYS83SGdkaVV1SWJpcGVB - c0RiMmVNaW9XMWtBT3IydmNRcnFabzQKKshKR6aVRlDfj+AWYJAd/x+3b9JcMhEm - uTFP003ENqVR0Mxozz7rOWToaUid5kvLKqiEWwenXu9RQmwNINl9dA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxUGhnSDc3N3M0MjY4TGsv + MkFtUGpGWGFZN1JiZ2VKTC8vUnlOd0s3bzFFCktCTDdmekhpUm1ZNzVYaUN6c1ht + czVtVXdGSGU3T0FLNGJ2Y0cwY2cyWDgKLS0tIGZTRHBBeU1DN0xtYXpzcE5aczJr + QVhRSXZOTHUvOWh0cGFOcTR5R2ZsK2cKD5fNP6Oa6W/OJck3FbYn6R5nYS2UoF8I + aOUIN98e15BaSFaOc8kmqkNZC4mKMHKaBJH2NqpbwyDP4iwLbRtP4Q== -----END AGE ENCRYPTED FILE----- - recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5aCtOS3lvM0pHU05oMnFU - VUZFaHNid2RESDhOVFFRR0dZQ2NsU1NvaVRrCkRHZ2lWZjBoa0Q4TWpaR0dFb3Jz - NjZMcFdRNThtTDJrWERVa0lSQlUwODAKLS0tIC9nSkdXRU40Vm9QMldYRUdFS095 - YWxmTEE4RktDakJGTHVsOURUUDExZjgK5ML6rKmO4rRcV6mFVhA3mjtXne9luTAi - 6lmVdYKIvKz5mQT2TqickgEDAdLcziz5e9xxwq5Nojf5V5obtCJs/g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhMUluUk41a25heEkyUm1U + TDdPbHpvUi9hMG03RDBKTjVZSUY4K1p2ZkJNCmRqRWFDKzg0QVU0dGJtWUYzZThJ + RCtNYWtyNEJyNHMybVlTc2FoMWtmMWsKLS0tIFEzVDQySmNLTlNONHJZVWlSbm5G + cWE5bVZBN1ZmV0JkVXJXbzdldXU3ZnMK7EV7u1lewpEsurScWTKVscYMo9dmSoUl + O0kLRmRR4NEzuYzCFJ3JVaxTrPlMJM9C3Mwo3LsSDLCXSQ71JWiOZQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXd1ZFcjhkNnJXRjZPY3FO + UFVmT05CTWt1dXhjSit6QmlabHJOMTMyQW1VCjY3RTR2UGVJMFBYWlZnK29yejNw + WjRXT2NpMC9ZL1pldHRhRGk4TlAyK3cKLS0tIFgyVUhxRVh5UFdPOTRHQ0ZMMjVy + aUwyczEydHNnTG9KZEk2cjFNaFBOTmsKqd5MtgAJ1aKqk9Miq9ot2garqMxtFjdJ + 1IvxprhYiPCgvhYtEbPlyCKtM/kdEGCplX3BwVOvhAU8CbyNb8zyug== -----END AGE ENCRYPTED FILE----- - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEbjhvcDAzU0Y4Mkc3Z1JP - QWI2ZCtJRHhzNTM0Zm5Gb0lCeng2bE1nOG4wCkFVTXZPcm5yS3FOQkVqN0NYTFZB - QmJIVTNSNDBRaDduUmJTbFVQV2R2eWMKLS0tIFlzbS8xcDhrb2pFc1dPaUorc1U1 - YWg4dDE2UzY1b1VldzBaSHc0dDgxemMKuQ7RXTLwKwrcNDv2tNmCTYcTnzOY1jO5 - 2m9CUSqeDRgMDfxO24Pt7Zk0YuGDdFONNMsBX8nm2RhCUhVM0nVmVQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArSHp1K3UzMXRXV3ZMRDRI + dllLWGF3NG5JOExac3BXamc3ZjRzWkFobGprCloxUzRZNU1kZ29GUWhZa2pXbUtl + MDZpL3NPL1hpdGtsSjBqQWpHUndpMDAKLS0tIHJBYmJPTGRxV0V6TWJiSG9iNjNZ + SWNQSkV2SHJHSHNFc1BIMGpabXlwLzAKQSI0Yo71Rt1eUHUKZZHsrTJenq3ooB3i + 7aLQqN6jp2ZwfOPh0/HBB1HWy6AWJoWkJZb+zKXTn0v+kx9NHU43ow== -----END AGE ENCRYPTED FILE----- - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwMlpYOXZIcUdHU20yTzRG - ajcwTk9HT3lxM3JxbG1GMitQQnVHenFQRFdFCnFhK1RxT3lUVE55M09HOTZQTzJF - QlpWOXBtOGNWamxDdVRFcHlGRm5DeXMKLS0tIEkyK2Y5S2h5d0JBS3pJaXBVb0ow - dUhCRVh6eTkxMy95MjlkVlFVZVZGazgK6HewYdcLC1q/NY6ysanj2pQogpxQVWxh - +LrDzvjMeYOrQD2bC3rVBEnM4IFIur9RKg1JLPkrNI/bONX+Tsk52g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZZ2ZaQU5waXFMRW9oOFZ4 + SHZwSzBVK3lGR3czUTJKbStWSTQvVjd1NVZzClF3L2ZDTDViQXhsZThKUXA0M0ZB + SmZaYU1iTVJ3b1ZkekM0STdWZmlGSzgKLS0tIFY2a3lCUUlZM3pnRGdxSzVOSGdE + bWRpL0lvMXRRNC93eFZEaEt3TE9vTnMKhzXsQiwzuxRLKAwsgn0GMyxNQHHJQpnJ + R3dnLC5FjDnr2u4LFeMlgWVWb6sd08GlBTgBCzGujNFo+qgvTsyNUQ== -----END AGE ENCRYPTED FILE----- - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrTWtEYnVJdWkyTVFSQkMz - ZWVKeE1hdlF5bXZHaWxJUVVWbzlnZ2JYVWp3ClpJc3JOZjZ0bktTdUlNZHcxNm5y - TDBJcTUvSG5mcyt1KytlQmViR0FXdVUKLS0tIGR3M3BhdkJqdElEN09QTXJVbFpS - eUZCVlh3YlRVTzU1YjZZaVd1U0ZLZW8Kr5wh1mo7P9dhUcQWGSDtY09uqC+aEYAF - Fo+1RM0vaZJ90MUygERU+tZsjoZuD+XL+ckdCquPLRypuidZvfeh0g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHcEd4OWJGVjkzWVJLNGQw + ZDkzNFd3a3VrQW9uMnIvS3ZwUmx5TGp2b0FrCkdjaEJRNVo3ZDM3TnFvRDlPRFph + V2dkUUhvYUdlSDY1TG91dlZNeCtPYmMKLS0tIG1JOWRmbFd0b2xaQkJaNjlXcjJK + KzNZbGVUVXdweTFmYXdxWm9Oa05GbDAKGB7SVhd13AukH44aGPMNx3aXxXI0iQNI + UtAwlxSakIZ2OSb6A+BJNG68Joy8dEBp23JY+l5wGnKkPNbWIYSqbg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-29T22:45:28Z" - mac: ENC[AES256_GCM,data:oU8t0LUz/gSpABrHfQi6uazu0hen7Z1Bu+LlBPWxc2hGOV+Et1YF2VZY11uA0th0aZ6t1sFA+DvBDuKKBv/S70qhz1KB5MYTmGfcHMWmLNTzoO35u5FSVRbrcWDX8Simj2Mfpxksphr9xzqlbCaMKiCj6ZrUFDKAfPPe+KPjJwg=,iv:8AKTtwoTHQbfjXwrozBiytUn4jGWKbBJLTzkod2Cdlw=,tag:XqBX+pA9x+m4Cl+NVZx0Lw==,type:str] + lastmodified: "2024-03-30T01:29:20Z" + mac: ENC[AES256_GCM,data:P7huPF/xSFJdbsM58kPaZqwA5LufakR9rHPQk7I4+WfKocJDxLDKknsTXvKqsEi/hnii2uFkahp+J8nTAGBjqENAdFx2ux+j++Z5dfOf/Ipl1PWZxjUKnB6SaflSja6PTsULLUl8ZiR0b6O0fitgyvaUdYsdQqVsi/VdCTTUxe8=,iv:BVmTyDkhYDW4hu5ebcytaLqAtau91KRjSg+jsHOwD5I=,tag:5sOALgUX8z0DqD0yRESerQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/nixos/profiles/global/nix.nix b/nixos/profiles/global/nix.nix index 15095c6..3ae9b70 100644 --- a/nixos/profiles/global/nix.nix +++ b/nixos/profiles/global/nix.nix @@ -27,7 +27,7 @@ ]; # Substitutions - trusted-substituters = [ + substituters = [ "https://cache.garnix.io" "https://nix-community.cachix.org" "https://numtide.cachix.org" @@ -40,7 +40,7 @@ ]; # Fallback quickly if substituters are not available. - connect-timeout = 5; + connect-timeout = 25; # Avoid copying unnecessary stuff over SSH builders-use-substitutes = true; diff --git a/nixos/profiles/role-server.nix b/nixos/profiles/role-server.nix index e0c3f56..8698875 100644 --- a/nixos/profiles/role-server.nix +++ b/nixos/profiles/role-server.nix @@ -32,12 +32,12 @@ with lib; programs.command-not-found.enable = mkDefault false; services.udisks2.enable = mkDefault false; - xdg = { - autostart.enable = mkDefault false; - icons.enable = mkDefault false; - mime.enable = mkDefault true; - sounds.enable = mkDefault false; - }; + # xdg = { + # autostart.enable = mkDefault false; + # icons.enable = mkDefault false; + # mime.enable = mkDefault true; + # sounds.enable = mkDefault false; + # }; }; }