commit 871f508815e4be9dac0d520200a45f20b3e532da Author: Crony Akatsuki Date: Sun Feb 1 14:29:14 2026 +0100 first commit. diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..03bb5ed --- /dev/null +++ b/.envrc @@ -0,0 +1,2 @@ +watch_file flake.nix +use flake diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f9a759c --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.direnv +.pre-commit-config.yaml diff --git a/README.md b/README.md new file mode 100644 index 0000000..67019b5 --- /dev/null +++ b/README.md @@ -0,0 +1,7 @@ +# Secrets + +My repo that contains all the secrets I use in my nixos configuration. + +## Why? + +Much easier to actually get the secret file in the configuration where insted of doing `../../../../secrets/secret.age` you do `${inputs.secrets}/secrets/secret.age` diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..c8a21be --- /dev/null +++ b/flake.lock @@ -0,0 +1,157 @@ +{ + "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "systems": "systems" + }, + "locked": { + "lastModified": 1762618334, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "owner": "ryantm", + "repo": "agenix", + "rev": "fcdea223397448d35d9b31f798479227e80183f6", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1754028485, + "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "59e69648d345d6e8fef86158c555730fa12af9de", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1769789167, + "narHash": "sha256-kKB3bqYJU5nzYeIROI82Ef9VtTbu4uA3YydSk/Bioa8=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "62c8382960464ceb98ea593cb8321a2cf8f9e3e5", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "agenix": "agenix", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_2" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..d8e7a44 --- /dev/null +++ b/flake.nix @@ -0,0 +1,24 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + flake-utils.url = "github:numtide/flake-utils"; + agenix.url = "github:ryantm/agenix"; + }; + + outputs = { + self, + nixpkgs, + flake-utils, + ... + } @ inputs: let + overlays = [inputs.agenix.overlays.default]; + in + flake-utils.lib.eachDefaultSystem (system: let + pkgs = import nixpkgs {inherit system overlays;}; + in { + devShells = { + default = pkgs.mkShell {buildInputs = with pkgs; [agenix];}; + }; + secrets = ./secrets; + }); +} diff --git a/secrets/attic-env.age b/secrets/attic-env.age new file mode 100644 index 0000000..dc07492 Binary files /dev/null and b/secrets/attic-env.age differ diff --git a/secrets/conduit.age b/secrets/conduit.age new file mode 100644 index 0000000..3895034 --- /dev/null +++ b/secrets/conduit.age @@ -0,0 +1,23 @@ +age-encryption.org/v1 +-> ssh-ed25519 2P4nKw Z+Apdx6h22115Dbru1N/qDRgGoaMVaQFUMJcps6dJTQ +dwpekSgQ32re2vCcbnJgWxv3tv2BMujmhvggdXir78g +-> ssh-ed25519 l/ODWA eCEcbXiovG1Au+Y54bKi0c0ObmtkZZgCq+XaMo+LlzA +VBcL2SpwCbEgYRP6cagNi7F1ru0IN1wb9RP80wGd+/Y +-> ssh-ed25519 7+5K3Q GfqTNmAqh1z00z+5sQXXGz9pChuC0mA4XRczvg/P7xg +BnYI4Ac5VunTRRkUNqagBdKoHyIwiPzv/sCqoOGQZl0 +-> ssh-ed25519 Ow0TGw NDRthtRozQBYeneL8O9BWSi7r3YSRHM926JWitV3kyw +ByyMfPouXYV7UIWWXZTyKTvgEXVCVJhBOwcjrKGEu44 +-> ssh-ed25519 cEINMA SIK029rR0tlIG64I2Ig+h6w8hyzeKVzCMvvhyVEzpTk +ijVkkaVX2/klshjxv8MPyW3xfG5TJvsjCambVEGilCw +-> ssh-ed25519 qbMKrQ DOe1kQxaGJNLytI9nbbDoqO8tHHdsQFg4wh9MQTaLwM +du/In13yHjiBZBx++xnMd0kwi8voDwaf+A6ONTfxr9I +-> ssh-ed25519 Z0mAzw ZNZqZ828veO9khWs1W+JffAQwQ4iTZMYOg2uWn1pvzM +dvPZR+bTyRP+zdcKp9/8uKH9427+0GUmiHcLKnq5bQk +-> ssh-ed25519 GNZYRg XbuGe5ccN05DLd2YF8Upva0Qzav+HvkX9EAYGxz88A0 +EgEwSzqAp3s7RlD5R+AGLDtvnyXrmIKHS1eTamaJ9GU +-> ssh-ed25519 fd/ZLQ feOhi2mUSvmbvcAdpYWR5XRgNijsuDsh1V6MwXPrzCg +tVTs7iHZ5WXsM7yXxOAjZbsDbFLHvn3yhw3RP0C4LFE +-> ssh-ed25519 zQBiZw HmwaOoMtCb6b/OV5rPf1OvenQLVJKjYNVWWmxXoRH3I +wUTmviNahnNBtQXDPyQ1oPkZaemw/UqCW++eswiMwGs +--- vy2FOQPJjdblLXYQ0D1jOSswEBEP7gUusGKi8omPo7k +zsj~bV>v=΀X'=F @`*ǘmTV.Rxbd$wp arim/ǵƝ0*a(jS^O"0wd NQ{g07po)w%QO ~Ri-H[U& `#~nq%vؒa \ No newline at end of file diff --git a/secrets/crony-passwd-desktop.age b/secrets/crony-passwd-desktop.age new file mode 100644 index 0000000..8b5811a Binary files /dev/null and b/secrets/crony-passwd-desktop.age differ diff --git a/secrets/crony-passwd-servers.age b/secrets/crony-passwd-servers.age new file mode 100644 index 0000000..36f84db --- /dev/null +++ b/secrets/crony-passwd-servers.age @@ -0,0 +1,24 @@ +age-encryption.org/v1 +-> ssh-ed25519 2P4nKw bB3uW64hmUPWpuceGs/Ffk10ftMqw4PoIRyzc5lCtS4 +arC1fVgFmtkIHZZ/GcFJAxNvnyNRcFgCv4usueqrnA4 +-> ssh-ed25519 l/ODWA Si3XUEeIepvDSF2Te8DwRNl4NPisjHgNiimoNGy/q3s +mFqS2Dm1Zk21BPVpqzXJ93yH3x8zHXLu/1c/YTiEYh8 +-> ssh-ed25519 7+5K3Q XHfLzu2DtJ5hnQNdwqJAA35XAGdxPiT/QAoJknMnd1s +dTRwO1hazouHOANl/Rw1oEe+vHeCV1a6TCwCJq7LG2U +-> ssh-ed25519 Ow0TGw xPXJgqk/Pg2cmAHUln3Pzv2n/ddzPbFtTWC3zDMrdUY +bUvtIIRshv/agznm+rvcHVy9wzWwQQd92wi0xyzTnHQ +-> ssh-ed25519 cEINMA q2JLxVLzKcodYyA4l2XEro6pJBV8lhpcZe0JXcu0nQo +oiw5x+Lg5CGxi/gIPfsKtqfdNeq3JaBIL09Cr7v/UaM +-> ssh-ed25519 qbMKrQ hWe3kXBIVj6WaY44dwKWlh/gdl2zZDCMmuOtqIEFPB8 +OomidJ/oUGFgi5xzQ5PK3CmVuD6bZm6uyme5hlwqoq8 +-> ssh-ed25519 Z0mAzw 24akymcFEiC2dWf79+qLqqEOy9JtKa2zmtHUZLCF11M +idPFxgLEvmQf7hQ76YQ53ypJPryYzOtiyFu842BTTYM +-> ssh-ed25519 GNZYRg VLzdHC5cm+YAynspvoRuMdmyRXAjwy4ZQPcGpluM73E +np4C+r9auk5JTyKYYVS4tiayFHW9atbWzgk51iVBSoU +-> ssh-ed25519 fd/ZLQ MoVuj9uc8imIZAODHZH8LVOzQx58riwJgBZDTbXMRVc +JH9BASv5+Jwl8i30xRD7tsYt6VM8rDNXeR17WeFZjN4 +-> ssh-ed25519 zQBiZw dYei/25K6EgewQAte1R42S6h/4TWZkbbPvp8NqlqK3A +KwjrKaevacAbtxyDxvuKsno3/NCAlM/ai1awNk8BANg +--- jRlrvwC0KSdu9tqzeb92Gf9IcdFPXNXOMJOrqzJSiWs +rP{=pcgcBx9\RREaѡdz̴O`u]<ޣhA? nw#;v, +rDz +k(< bUkBS۩V* \ No newline at end of file diff --git a/secrets/ddns.age b/secrets/ddns.age new file mode 100644 index 0000000..d7c33be Binary files /dev/null and b/secrets/ddns.age differ diff --git a/secrets/duckdns.age b/secrets/duckdns.age new file mode 100644 index 0000000..1f2c9a3 --- /dev/null +++ b/secrets/duckdns.age @@ -0,0 +1,23 @@ +age-encryption.org/v1 +-> ssh-ed25519 2P4nKw 4ItGvk3XMo3m7QBYy/Sgvlmvab3FGQaYn9nEIhXWgRE +TERFmi7jSIwu/ZDn96nhYJWiXNbC4qoYv4fpdsv5CqQ +-> ssh-ed25519 l/ODWA rTq4UkxRgg/ewM3a6QftTVcETgcEx3smxt6+UlCneEA +pLPAyPXwv5tUnqEcZ3QWGNRqT7S8WpIQD+JUI7DG9Zg +-> ssh-ed25519 7+5K3Q XIHMw/MM2CjmLx3e+7UA06j2WkAHvHmXX1f9mrpD4Bc +DYxP3jc20wGikICMIH1oRtcmDsMk8Gi4lKydhnHTq1o +-> ssh-ed25519 Ow0TGw He9WSvIoeoy5fJWr1L0EqwMnb43Il5giXtFCz13acUg +kfJWo9ABDecSJtpUFlYULT3BBPr95YSZPtWa8dE/XWc +-> ssh-ed25519 cEINMA p1YpaU7W2dNy/Bu3Tps5hpi4Q0q11VnnKowL720gijo +QbJD5FV1cl04eiSIVozpuKvn4s4LfiRQj8eHtXRuo7s +-> ssh-ed25519 qbMKrQ iNjOGh23K3xb2q6g6pb8FPPHoTtaLUvvYq56KnWueXk +kjUil8y5wnmsn367a0tYp8G98VwPRwesH8apgZdJrWo +-> ssh-ed25519 Z0mAzw VhdGnvDRxqeBU+DT0BgACWeWSyJP+sKMAHX9NhU6lT0 +U7k9PMeQKrWTU3CCh391U0zTu3Vzgrt3j+ByErYALbQ +-> ssh-ed25519 GNZYRg gKV/rcwTnXH8DH8yd0vuEKa7fE6vrr4EfliWS3UyE3c +isyZatX2BsROXxR7QYpyAa3LtcPWC0FMNh9NOaR4qH0 +-> ssh-ed25519 fd/ZLQ xaVT2F1QsOkPfCFgcfsGhOfoMcQlOwQ+dFxDKnTMP3A +u4dG9HHoSiCqe6PF7RIYfRpHMuuPiXtvrhexOYRxeJI +-> ssh-ed25519 zQBiZw BRDrwtdagA/lACP4oVYjNa/JoGSePPw+BAj5JXvtSlc +x6dxfDIulDbWg4YZ2JudsIjqe4l8L53VQjCcesGJNcE +--- 128xM8a4qqwi834Vqf7R6YvHSU0ITVrgxQJqIKkw2+k +60'Vr~5o&CW8WHkĚ;ȵŊRB1%(&W e9Lwc9Xd \ No newline at end of file diff --git a/secrets/forgejo-db.age b/secrets/forgejo-db.age new file mode 100644 index 0000000..1400756 Binary files /dev/null and b/secrets/forgejo-db.age differ diff --git a/secrets/forgejo-runner-token.age b/secrets/forgejo-runner-token.age new file mode 100644 index 0000000..106326e --- /dev/null +++ b/secrets/forgejo-runner-token.age @@ -0,0 +1,23 @@ +age-encryption.org/v1 +-> ssh-ed25519 2P4nKw 6CXlYKfRELtM9lE3HPwyX8paUEqdq1F/YxB/rHtv/Hw +MGDd7G/xGGEEJ4FLbfsZJIaUsznwRZZoQ7giVoafKEY +-> ssh-ed25519 l/ODWA xEpu4YLSwnb7bp6hLLlBHjmAs9GAFE01kcyhpD4ooWA +mqYAWi0HKyvgtseJ2f7g4rW0G+LHBVH31RG86UMoolI +-> ssh-ed25519 7+5K3Q S7AJuGnSUO/TZ40fWnmSJN02oR1c84UnZ0cRPLT62Hc +0IKCOawbLeXBHsdVDk9KSDUT3AwB/0vsRitLn7RJ6Es +-> ssh-ed25519 Ow0TGw 2stE3ES2jl9n6t86+nyuqZ2Yeh0C2XWmXr5+HNZ5H2Y +3C3FZ6jVUyJ1Af6P6kZZYmWiXJ4Gd4V/Az8dKk1IbAg +-> ssh-ed25519 cEINMA AF8fxir8WyhwNPkcjILCeQkrpcMG0oXEF0u15RpSFF0 +F9MlXYcPuoidHLrQzCOkgeQVc40h8t2aCP0qdYWuVpc +-> ssh-ed25519 qbMKrQ JzQh1uPdITf0VdsgCH4UYkavfoncOmobgEp3N2IehG4 +7vh/sGnFBIxckxHTnjNaTAAXINH/xPeb7fKX0R2wgPg +-> ssh-ed25519 Z0mAzw TVO8g5CaaJS+/sn/fxgDPbMy9JNMUrgHhW3TgzyfKhg +QmfjgU10CJebV1evV5myZHZ3v0J6Qf6Vp2Iv1OkNg7c +-> ssh-ed25519 GNZYRg b5FwNS2yEFYTP6XshP3w3h7ofiRRuVAHJJGqUxWy8Xo +g+/1/e6CAhA96qK55jF3poCUuKV0BbecSb6bcKE9FD4 +-> ssh-ed25519 fd/ZLQ STF8rS7Kb3ZXHVteSEl5HDKceqgIgKDbSOYU7sA2bzw +YxWXgCdzSvgBShTUMH1CZnxKAG1kzNoObW80cXyfNq0 +-> ssh-ed25519 zQBiZw +iRG/N5bBSGflrb5Zi4wzNmq7GTt/O/A9xHwGs12L1I +p12J0VmSTit+yPq0AUjF0+6laCSeHte5MTNBqhIkYW8 +--- heq+uzmYk2bdNLlLN1sqdH1Odjch/EYHk07ZZmFVtZE +C{{߸ϴ{ h8'nZt9/.kpkWf< ssh-ed25519 2P4nKw LAG9N+gKMlkEIIIWVOmSqZB2BWMtF/FghReGmPNFxhY +2oKU1gQYIUVAB+P67FOT6BRaLi5jGPLnzOWZ9IU4xl0 +-> ssh-ed25519 l/ODWA Jln+2+SxwuW6V74CYfeTwH5svYeNlYnW5Fh2saLUeEM +ckWBbHxnhnbztU6zez/vmTNYyQ80P4/oqfaMHSe3DLY +-> ssh-ed25519 7+5K3Q /PylnaNBPbBDJywedCtS5yfQ9M6i8aw7lHKuRL3NwU8 +91EjdCrxTwhY2vLjj3N5Y+jLHHN2mZR2gs5u66iuUSU +-> ssh-ed25519 Ow0TGw ji2cRzza1QfMU4NjxLvs/FoWdOjA5zC2Two95QkBdgg +jms7qW3IRRCZBRx1JOxJai2yendpq7a5tkGKB5Xz3NA +-> ssh-ed25519 cEINMA O8qtM8rt2GtD61npXT4Uo0MTqL7WFkfAFTcNoMuG/mo +iqoqGZC3kQIm04UbB4sC0x1uAMBVL51ZZgpKdt72lkE +-> ssh-ed25519 qbMKrQ bfX7xlujcdA936Z850CEWRAp4kpwkp3TE2/eP1PXLTQ +Z/j7TN7KsZP0tDdXX4+Hn3mZPlYPvJI6ptqLfrdr+Xc +-> ssh-ed25519 Z0mAzw c0P6bG+Ofk7J+b9GPcltXY9/D0irg08JsBTYZytSj0w +goQkgQcF/dgU66yHSbpthUF8Wzxsyhuh/BWd4C5tjQw +-> ssh-ed25519 GNZYRg bCJ4Pi804hgNsS4kP0inQHCH8OO7R/rANIli7o+eNjE +k4jsFHVNQf3/bC5Ng6MQrqfHnF5EISpxPjBL7kVBJ4g +-> ssh-ed25519 fd/ZLQ 9HDKRyNfup005bDSfuNbpmLYA9KhLXQxTCKIg8SNn2Y +s+unIILVjge/bDi8p3uTp2INzFE6Yu0KZRx+A8iqUWQ +-> ssh-ed25519 zQBiZw bZs+bzLZMwTKpeSX1Krw+26LkdZWtgoYSY1idImRPBE +Ln+ScG3Umts5TPbG62SnPXsp38TcUeJIW1euKEpEczQ +--- 9CooKM8lZCPs8gU7MK1tHdKq9eP4VFByOrfu2vBLdlM +y4S`at|T==Mhͤ3&I"jKq֧!> Ȥ _wU}Cxzh`yz~oY \ No newline at end of file diff --git a/secrets/linkwarden.age b/secrets/linkwarden.age new file mode 100644 index 0000000..ee15e8c --- /dev/null +++ b/secrets/linkwarden.age @@ -0,0 +1,23 @@ +age-encryption.org/v1 +-> ssh-ed25519 2P4nKw pqHv6tVgg4NGbvJBqpIFtwydgvxhXcbjUayauscAjAM +7ndxrnbhRYFLBNkcq20M3sGk2iYTqFcUGITt2ohC3ZE +-> ssh-ed25519 l/ODWA 8CfNI/TYGc1ZEMobpMkPJPhlSPDR01g+ID+LGwFP7Ho +JNi6J2XF4AdTln0qQyazjaY20GafpZTR8WObsFbx32k +-> ssh-ed25519 7+5K3Q cl0qQz/Ka4EfCxFvS4qW/4YRtdl9xOmf+rASUD2DfEA +VbNwkI/7d7q5TG7hu5oTegoYlWM+hBrjjoserfW0cPc +-> ssh-ed25519 Ow0TGw uOqLfWmgN4qOrD8tmTvCwnWwDfG39Ah9GM4L16uqIyg +08vRLkwJDzHbVBzQLsG0UZaFshulsRmWG/3g5cgsKjE +-> ssh-ed25519 cEINMA ha346dMkU6GsPNiaM6MvNQsIjUxNt1oamBPmdp9G2HQ +VN7fuSOHj8Uq475R0CjDLUw7HmWlxJsDqXAZQydCH80 +-> ssh-ed25519 qbMKrQ LKuX+RHA/EDHYcJLRIp/R4L5vNceRH0OhwFdslDaQlI +ObAyhd9asKCy1h9c8p+RjXG1OO/HBecBR7j3Jn4IU6s +-> ssh-ed25519 Z0mAzw GIBK8Iu8f3VUVQRejIMvgxMN62Bb6+5WeUE6TOzPIHg +/peHXAP56g3H9S+LcOBSd3RsgfSXxa5KnRICCcW59tY +-> ssh-ed25519 GNZYRg E2bifEpa7bTJ+jKJ1m4hgIS4HuzhIXe2Y8pL3MlJa2M +f3Zjanf4LC4xrCO1cRP5EodxSH0qmmro10XEWerGeW0 +-> ssh-ed25519 fd/ZLQ a6y9qazlK3YPjaGFVOK14c188tULG5JwzYH9FipC/Fs +tIjxSBavgTrCMfs8YoclpAz+isvUfiU6Ow4DtONp+hU +-> ssh-ed25519 zQBiZw 1BjropucF9WfJYGaBoywU/HS7kU+wFktRqyp6liSkmM +12PJmiPbtJTZ/FC4dSDIWQfwfJqpAwsbLqF52Fqzl2Q +--- DAw1DPxqX2HWwewc56B7PLoFy15WEzSLoQKRMxHRzhw +Dp[\Տ\jlf?m1jg n3nR3#mzJĿ} `[2ȹRy=œƭtόZ6Ƈ \ No newline at end of file diff --git a/secrets/miniflux.age b/secrets/miniflux.age new file mode 100644 index 0000000..f5ed543 Binary files /dev/null and b/secrets/miniflux.age differ diff --git a/secrets/navidrome.age b/secrets/navidrome.age new file mode 100644 index 0000000..08d94ea Binary files /dev/null and b/secrets/navidrome.age differ diff --git a/secrets/paperless-ngx.age b/secrets/paperless-ngx.age new file mode 100644 index 0000000..967e851 Binary files /dev/null and b/secrets/paperless-ngx.age differ diff --git a/secrets/plausible.age b/secrets/plausible.age new file mode 100644 index 0000000..a3c0d38 Binary files /dev/null and b/secrets/plausible.age differ diff --git a/secrets/rclone.age b/secrets/rclone.age new file mode 100644 index 0000000..1ffce06 --- /dev/null +++ b/secrets/rclone.age @@ -0,0 +1,25 @@ +age-encryption.org/v1 +-> ssh-ed25519 2P4nKw 1TAM1WxLGxgRkzs/4ZlrvDlWFxtdYbzE8OV/ewro3Q4 +HJaaIiH+kH/1pRiUOj8bdJSkt5XlBMhLGpt6jYHEkDY +-> ssh-ed25519 l/ODWA Z3qG+urDk25E6aatTsSYsonguphVPw52tsyGZx/C6lM +50wS1MVuiVD07Gal8PqLCEUo5flmdsZ95YKMvMv8AWo +-> ssh-ed25519 7+5K3Q rNIKYAmgCMD/lBt/p8WAOO/hbuk+/qhXHSdiGKhRlxM +f0YVoPbhgi1bvEn2UtKGfw6rhuEZ0GmV6PkktuqYTek +-> ssh-ed25519 Ow0TGw 6RgxdoBKFC1Qi79/ZN38uxMuuO340tDkJ0MciqmDzTA +sARQlkVEF0VHXzYCIFdfLhVZFah082Q0Fs4fr5Ayvz4 +-> ssh-ed25519 cEINMA Lexu3zrc7SKObUFCpUVa3wjLwbiBk30QGE+Vlb0BJXY +CXJlhj4kT4Ki1cv9BMztN+uSTWqFhtuFK624NK1DxNY +-> ssh-ed25519 qbMKrQ yT2Pc9lnSL/PQ06wQczoQ4PGgHK2JmlQ4rZrfg+uDFI +Metpfpjqsf76ZhtFu/UmYxGtgAI8Ce5V9N3hrro0IAM +-> ssh-ed25519 Z0mAzw s8VjSYwcLo0yQyWT79W6WZNxYxgh9PP+iwvMBWpyZUA +Sgs9Uuwr3Ly1mD7epBFoDngJXds2/4moSysAtCMezyU +-> ssh-ed25519 GNZYRg o/unKEjDRfMCqr/TtfxnPIo6GGpZADvg7XaUzJMbwF4 +M+2nE71+70Hwb8K0Ovxx13iwnhSoYfypQATIUHoa7kM +-> ssh-ed25519 fd/ZLQ 07nS24WyliH2XioAwQ9sPONNouPBPaXVZ1cCPQyQlCE +6TI8N4bcxMka5Q4xaYP1xRT6dnHMf/zA1up8wHDz+UY +-> ssh-ed25519 zQBiZw HChSHlmjMHYWHXbXZ20b3A8tFpcsmiDvWkVH4ecujlE +Qr/ndHEtEqBVXVUZs5raG5ZHu3E4WLszCteNNKuUQHo +--- ZXdamxftHswmipXsNEViDxZK2lrnj9FiamIQ0nWEe7I +/tm̽3hB2]bԹ) +Y#i %V[òS>& =r +L['2tf`.M|^p,= gbJsi92 ssh-ed25519 2P4nKw yJr4HnZevHjSQV5j20IAK5yqqLzVYTQJHvFuZJHh5Xc +oopYvOdBI/ey7b83EbkYvsLwk8qrvGZsV9ArPzWThKY +-> ssh-ed25519 l/ODWA fHsIduHEPCqMfb9isehJLR8Qw8VfoG+PvCvNZDoHQxc +yJzWQv7N612eBaEGyYiBiJ0Y03jjl5lZ/xemoq85g+E +-> ssh-ed25519 7+5K3Q iAwT5J3wMzjynMIir9MEbxy6YkoESrEjVbGMN/uyVXM +98zYeLPVNEa/UvbqQKQvrQzERRU/Cn5gkRa3P8N6o5s +-> ssh-ed25519 Ow0TGw pRhbWdPOktburWw1azGe/APxCHod0ltpVaUgin5+LwY +jkMnaKL36mr/5BNolPiBjrtcBBortjWkUHSOq6fwMZ4 +-> ssh-ed25519 cEINMA XDnVhwm62uGvi0XWAR0m3RRVFROAy6H1y6j5JPrq7k4 +sGtm86rbDWdkjV9pD8zz+C0cxsaQUS5QozTGF8XUA7I +-> ssh-ed25519 qbMKrQ A2NxNVevmN2dwGhIs8QF2wjA09O9pAcXJpJHYtK19yQ +TaHRWLuziZPbAHuk+NdhnJHLqT/c8FHJYrHNZWQ5RK8 +-> ssh-ed25519 Z0mAzw BqIGjkO/1byh5yVDClTmQdyJDACg6GsKwWrhLspOC2k +ejvh3p4qJIKZdpPtyqp2naKqDt1u2VZ5mqYomC5JGNg +-> ssh-ed25519 GNZYRg U4czcyCY8ONI2Y16og5GNAaH6E0o5VzUlnljYUEjO30 +mCQD+I+GJ2gUdwJXfMWcN6OBOxL/a5vQXip3lPubQDY +-> ssh-ed25519 fd/ZLQ +dqjvH4DNnAd+eVS3ETXhRiTYyAZMAXsi5wSGIDpA1Y +yaKnv+djVoHOv5E5z32ppq9H7wg/N+Sw39NFgozuapQ +-> ssh-ed25519 zQBiZw abIjii3OU/1FUL7sNgF/ulPUynGUA4jLbnbODn0nPyA +LyUAIaJnl18hnNoNj+s5APlP5DDMxF5RjYyGARjM8LI +--- N56WwSa5RbpdsDuD1tNGdD8gKUmOXCJQUjmAI1h0nGo +*Bz>[JwKd6F4x)U~Gq_`4/>\ :ʆC֊?0V dU4{+%1g"u"&Sj +4Cy8P?ZX >r\o[eVKYa/ +09<> {: |ǃH:l]վ!Cg g5>BꇁA= +Q>5 N]e$8Yt \ No newline at end of file diff --git a/secrets/restic-backblaze-repo.age b/secrets/restic-backblaze-repo.age new file mode 100644 index 0000000..c1b2477 Binary files /dev/null and b/secrets/restic-backblaze-repo.age differ diff --git a/secrets/restic-local-pass.age b/secrets/restic-local-pass.age new file mode 100644 index 0000000..b4b8fed --- /dev/null +++ b/secrets/restic-local-pass.age @@ -0,0 +1,25 @@ +age-encryption.org/v1 +-> ssh-ed25519 2P4nKw uwNQP6l5XHTDC35nhzZvObJ576IjnTQmxW3b21MN7jc +//+9MujZV3ZZa0ZjqlVka3ec5stH0i2txfgdfGIgfqg +-> ssh-ed25519 l/ODWA dk2JWA5aWUGNtCZAOTw5CULouE1xpHZITMfrbsfCRSQ +Z07EE5qH9NfaffWJqJdAz0Bxv/POxPPcfaQv9eRwPT8 +-> ssh-ed25519 7+5K3Q BWeEEChSIx8c/p0XnUq4ZjeGuCgJ8sAg1f2/i30ARE4 +RLFkwtK/jfz06YkqDUlnxg6jYJOZqgJoUXqmDiYfxGk +-> ssh-ed25519 Ow0TGw Zc+H451NI9iWz6LeNPtQgKEZ3ShUARAoM2nO/6azXQ0 +1WKl8AXQ2kSN4UXaJYItCMCsy+bYnBSXjv8apAtSQpM +-> ssh-ed25519 cEINMA asjQEnzI+4SWCKbW8Rg5/19WCTtID75YKrPnwmoWSyo +WYcwzDB6Rs4eQdDO8iu9jBXidjzugylh01r/+trsYDc +-> ssh-ed25519 qbMKrQ WDh3GWdeonBN9zmFply5FzbhsNAtzCX0qVI68FmeAj4 +nZBx/vUre0iiwByQJNHvEw3iM7csspT52Mkm/DVDKyk +-> ssh-ed25519 Z0mAzw /rUC6sjHOidTQv5Usr3t5cfvRitdPM4NMKuPHFLBYDY +xr80hR7y5pPf0+rmAZ8Q+kKeq79nhbC1ynQdOZ9tzq0 +-> ssh-ed25519 GNZYRg vxCkDS3NxPrtxNJnFL1SKHsSpuGJZZ5gErpUWCNLgEg +XeMBLKXuf743SZZTayInD6/1ka9uNe6Put7MNLNfgq8 +-> ssh-ed25519 fd/ZLQ M+d0LC7LccrQAQpqfJ4Y5e5Prtd9SPwwq+mRwxqy7Vw +ETtR0FvVC3CC7BFwuO2l/aJkTFGElj5lHSJI59V6ItM +-> ssh-ed25519 zQBiZw lGjGDWA09CyIWbCDR8FCM05McgAG85ubUTa9IdWKNjo +hzV1OPAIEF8ER+yjA8oB5U2HCcRgWftYBgl7ZC/z5Mw +--- sa+FEjM94W7ZdtTeG6pwoTF9Jy/i69XWJuVtL2FAlxc +oy"+> w NS{ŪqYհ6i@grey%+ %ìGl?*߃ܟ8X\O +j6*0!k/9y&C?ȟE)(2AGo%CKK )XnQc{ +RjFn)Z^џd &aRgevD 6[ ?,&ZC^oXQ&w"-:-i_YR],+ \ No newline at end of file diff --git a/secrets/restic-server-env.age b/secrets/restic-server-env.age new file mode 100644 index 0000000..db9e356 Binary files /dev/null and b/secrets/restic-server-env.age differ diff --git a/secrets/restic-server-local-pass.age b/secrets/restic-server-local-pass.age new file mode 100644 index 0000000..43e3c26 Binary files /dev/null and b/secrets/restic-server-local-pass.age differ diff --git a/secrets/restic-server-pass.age b/secrets/restic-server-pass.age new file mode 100644 index 0000000..c60cb14 Binary files /dev/null and b/secrets/restic-server-pass.age differ diff --git a/secrets/restic-server-repo.age b/secrets/restic-server-repo.age new file mode 100644 index 0000000..f5662e3 Binary files /dev/null and b/secrets/restic-server-repo.age differ diff --git a/secrets/root-passwd.age b/secrets/root-passwd.age new file mode 100644 index 0000000..34ab584 --- /dev/null +++ b/secrets/root-passwd.age @@ -0,0 +1,24 @@ +age-encryption.org/v1 +-> ssh-ed25519 2P4nKw 4iaVWuEpu0Pnx/Q31EnHdOCscMKLRfAJIUcX4hku4BU +OSFvYQ2NAXaCvsgSrMtJfDCZiH/jFMSVHsgUwSuHAWM +-> ssh-ed25519 l/ODWA g5idZb4njYd6ee9gpSUx1j3jWe/qzXjpYj0INI0triY +3c4pn/mocpcFChQmB5vOEbrss4Nhnw8zrToWnc9cOqo +-> ssh-ed25519 7+5K3Q A3R0GNa3D/PegWfttruGjXTaeTRHA6KW7MdpRplaohw +DJp9QX/kQEkcdxJpQHrsHZ1yeYAWjCXmPgQFrGcmfFo +-> ssh-ed25519 Ow0TGw Evztw1rRR+lSEMfh24wDBrD1O91cWw2AwzQNCEY8IVo +hM6GMuu3dHPI2Rx9YZDbqc+QLsnc4Ktc6D/6BpnLIqQ +-> ssh-ed25519 cEINMA g+Ngu2YHrwmmKIhAD486YJoIBaZ+WMosObt/jdHQnSQ +4FD32rTVNVh2iQ52G+Cn3Q//HSxnXs5AMRMCtSkxScU +-> ssh-ed25519 qbMKrQ Y1xkKgBXPwEuf5yHDxjmOnkjwBpZzueQtC7UfX9G31A +8sHKSsGvUnJa2J2iR036wuE233t9ScuLrP+qeGUs7Yg +-> ssh-ed25519 Z0mAzw zw5L/2jxAOy9jrcNNdT7PaeTbbZbUpPgP2yBb+QZm0c +ElNflob6IQYU8RNs1qxei0yjmKjFvnRZOHPbV/Eyqjc +-> ssh-ed25519 GNZYRg uZfk77Vg2yr5lJg6t1Sa8YQWtEYdbQgC/NVMq0FaKT0 +1X8F67PehT58Xr/pKA2su2VmNYXz4se1RmFkLXq4big +-> ssh-ed25519 fd/ZLQ LFYTVjWoIsv8ZXyf31XbtXt3tDdH+symyGWuws9FRmA ++hL+3qdfl/tyKFXMT/mNQ/lE/QAxDiK7y5xEc4OjfMw +-> ssh-ed25519 zQBiZw NTeGOoA0we2RrZPQpO9NxG6gL9L2V0zkccAzT3VLZXE +PAS77+yTTbqBgAZWVk1G6m/5z3UmeXEFunxsm+uoxr8 +--- qfUl7pRMoJn4f02380FBp3RhI8qa7CtHngYTNDDPGdQ +m +@ƤN`I)/շOPYoxҀ/h0R}[YB-OffƤ.D#BڮY[?̹[m,P \ No newline at end of file diff --git a/secrets/searx.age b/secrets/searx.age new file mode 100644 index 0000000..9f340ea Binary files /dev/null and b/secrets/searx.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 0000000..39582c4 --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,53 @@ +let + # SYSTEMS + heimdall = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBs+qYjpeAEHPFUQeatNkhKbXz8+A1VAl21jgifDYJK8"; + baldur = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvZ7Z8GS4+1+9D6u/BDit4Eij5Ubbii2dzJ/+ecT8iR"; + bragi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBKMV2vqlDvIkUefl5oEuVjVtjgFLEXyDKX2LWhVQsWT"; + thor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHZGQLUhyLwmkTYhSccqO8umQJN0QHk6YaD863x7lcGv"; + odin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBGfwv4CzZlPGsBukfoq5wBTlVfWJo7UHH7DP3ILP6/Z"; + freyja = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIODW4kBme9Vhx93AkPBwiTvcA7ad+rqLaEAhasMMhNzH"; + tyr = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB3McoNRZkk0hJXHv1MWSx/UklEmr2iZ26C7ctaNK/Ww"; + + # USERS + root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID2HeOFYaGmjP3OQzPuA+DSjkqfyYH4axoDPWKVP/jdU root@ymir"; + crony = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJLduAXHWJiglmfRfkBGKffzVWkJP6porxIzw6+Zz3W crony@cronyakatsuki.xyz"; + root-skadi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJ85a6FAJqM8QhtGcrT3BGDs2G8m7DFtWNDh2Vvkr0V root@skadi"; + + users = [root crony root-skadi]; + systems = [heimdall baldur bragi thor odin freyja tyr]; +in { + "traefik.age".publicKeys = systems ++ users; + "wg-heimdall.age".publicKeys = systems ++ users; + "wg-desktop.age".publicKeys = systems ++ users; + "rclone.age".publicKeys = systems ++ users; + "navidrome.age".publicKeys = systems ++ users; + "forgejo-db.age".publicKeys = systems ++ users; + "plausible.age".publicKeys = systems ++ users; + "conduit.age".publicKeys = systems ++ users; + "searx.age".publicKeys = systems ++ users; + "miniflux.age".publicKeys = systems ++ users; + "crony-passwd-desktop.age".publicKeys = systems ++ users; + "crony-passwd-servers.age".publicKeys = systems ++ users; + "root-passwd.age".publicKeys = systems ++ users; + "restic-local-pass.age".publicKeys = systems ++ users; + "restic-backblaze-pass.age".publicKeys = systems ++ users; + "restic-backblaze-repo.age".publicKeys = systems ++ users; + "restic-backblaze-env.age".publicKeys = systems ++ users; + "restic-server-local-pass.age".publicKeys = systems ++ users; + "restic-server-pass.age".publicKeys = systems ++ users; + "restic-server-repo.age".publicKeys = systems ++ users; + "restic-server-env.age".publicKeys = systems ++ users; + "lemmy.env.age".publicKeys = systems ++ users; + "wg-ymir-home.age".publicKeys = systems ++ users; + "wg-tyr.age".publicKeys = systems ++ users; + "duckdns.age".publicKeys = systems ++ users; + "glance.age".publicKeys = systems ++ users; + "ddns.age".publicKeys = systems ++ users; + "linkwarden.age".publicKeys = systems ++ users; + "linkwarden-db.age".publicKeys = systems ++ users; + "paperless-ngx.age".publicKeys = systems ++ users; + "forgejo-runner-token.age".publicKeys = systems ++ users; + "attic-env.age".publicKeys = systems ++ users; + "wg-wireproxy.age".publicKeys = systems ++ users; + "wireproxy.age".publicKeys = systems ++ users; +} diff --git a/secrets/traefik.age b/secrets/traefik.age new file mode 100644 index 0000000..aa977ba Binary files /dev/null and b/secrets/traefik.age differ diff --git a/secrets/wg-desktop.age b/secrets/wg-desktop.age new file mode 100644 index 0000000..bb5f5f2 Binary files /dev/null and b/secrets/wg-desktop.age differ diff --git a/secrets/wg-heimdall.age b/secrets/wg-heimdall.age new file mode 100644 index 0000000..d33d265 Binary files /dev/null and b/secrets/wg-heimdall.age differ diff --git a/secrets/wg-tyr.age b/secrets/wg-tyr.age new file mode 100644 index 0000000..36040c9 Binary files /dev/null and b/secrets/wg-tyr.age differ diff --git a/secrets/wg-wireproxy.age b/secrets/wg-wireproxy.age new file mode 100644 index 0000000..adf1cf0 Binary files /dev/null and b/secrets/wg-wireproxy.age differ diff --git a/secrets/wg-ymir-home.age b/secrets/wg-ymir-home.age new file mode 100644 index 0000000..28bbead Binary files /dev/null and b/secrets/wg-ymir-home.age differ diff --git a/secrets/wireproxy.age b/secrets/wireproxy.age new file mode 100644 index 0000000..5c70004 --- /dev/null +++ b/secrets/wireproxy.age @@ -0,0 +1,23 @@ +age-encryption.org/v1 +-> ssh-ed25519 2P4nKw NCoqAJ+IdYnRedKv23voGjEeXJ2IKnn1ru8rEegSCmM +RAf5hshay9kyTUBSFhEerpaEdJquufIn61mj4G+2VU8 +-> ssh-ed25519 l/ODWA jZhbqHZpw4UYbmKcVaNLhmXHSkqQhYKDYOV+hiLydlI +mentg+0q55+4gwLFbzveXzPyGEmcFyQhaGdWBHrNPDk +-> ssh-ed25519 7+5K3Q MZA2Dc28X17/JQf01DuONHHttL9mfINFUpi6Ei4osTM +q/vfUr0H1grVFm/7lnwDCAD7athyXZTrwzZ7WLGMlOk +-> ssh-ed25519 Ow0TGw EMNg0QgRrIWtortkoHV5y3W8G2luAszGdJP6J5WFCQI +L8vDx4lkA9KP8wx1ycrmjdiU7cOyJMUzmBhJGJsqg1U +-> ssh-ed25519 cEINMA MxmgQmJQrjuzrpf6U3CCsu/ZHWlnItCs8PiuIt6SQ3k +ina1R2HbexQfWe/zpWGrpVa5dP6ZpTWyjztKtfV8YXw +-> ssh-ed25519 qbMKrQ fMOzVMLvy4tKtITfAiWwnPVnCMCH5Ocv7P7yVK3+0zM +S3MMdVcyL66pTEjTN9iYwW6QBMlZuvzKVa7TlS6Q/kA +-> ssh-ed25519 Z0mAzw y6INKLu8L3pwLdPRk1ukRGIoJksmUJkxXcZsA/h8BWc +p3mItFuMW+t2vQPfvhd6mlalJNad40+0+zVOm6TzJuE +-> ssh-ed25519 GNZYRg pEPVDnyXksxjYfJL/TzwxaMhU6V+/BbzUmhdlNRMHyE +yyZjjlPH5PwHnnnlAW186DwPbvPccQrFHkoN5m/rKn8 +-> ssh-ed25519 fd/ZLQ H5dx53Qv3Vi9d1LBQwrgCVpGDPw67xmq0yVpNyeYY0E +V2XZTH0gzAHvWBtm2njsj2LHu41i0MMv3pvqajgDU1w +-> ssh-ed25519 zQBiZw ejAkmQMJfIHOn04Wd3wB2HE/VvhUnBHhyOrDXlE11ig +cDSDnV2wSMnhIgwMrFnHhfrmL8D38NlCmyJ8QEyBG2E +--- 2jtmzQVCWGlDs+u3BYILcsEs6TSPCuA3A65pb8j8MDA +B^ MW݄[yb@ [p&W:B>$q:HwIFZ,.*gשgVbC0t6݌Z}F߬^`0M7Bi \ No newline at end of file