From ae7d74249b1c73569e437a856d62808fed47992c Mon Sep 17 00:00:00 2001 From: ulic-youthlic Date: Mon, 27 Jan 2025 18:35:41 +0800 Subject: [PATCH] add deploy-rs for remotely deploy nixos config --- .sops.yaml | 2 + Justfile | 6 +- flake.lock | 126 +++++++++++++++--- flake.nix | 48 +++++++ home/david/configurations/Akun/default.nix | 4 + .../configurations/Tytonidae/default.nix | 4 + home/modules/git.nix | 60 ++++----- nixos/configurations/Cape/default.nix | 1 + nixos/configurations/Cape/users/default.nix | 1 + nixos/modules/default.nix | 5 + nixos/modules/deploy/default.nix | 25 ++++ nixos/modules/deploy/id_ed25519_deploy.pub | 1 + secrets/general.yaml | 34 +++-- secrets/ssh-config.yaml | 29 ++-- secrets/transmission.yaml | 29 ++-- 15 files changed, 290 insertions(+), 85 deletions(-) create mode 100644 nixos/modules/deploy/default.nix create mode 100644 nixos/modules/deploy/id_ed25519_deploy.pub diff --git a/.sops.yaml b/.sops.yaml index 07db49c..caa6210 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,9 +1,11 @@ keys: - &master age1smmqun9h3cszaza85ty33yenyaqtat572u9r3we4l5gh85njgvws6q680g - &machine_Akun age1emhsx2l0ell6smavzaackwkk7n2u4zf6chdp9xcds3dqp7s444ds9fcaga + - &machine_Cape age1s4zml68g0ys05tv2nlpnevz37vf0uurypfsf996wj4vytgxczumqy3utck creation_rules: - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ key_groups: - age: - *master - *machine_Akun + - *machine_Cape diff --git a/Justfile b/Justfile index 0167661..aa712e1 100644 --- a/Justfile +++ b/Justfile @@ -10,9 +10,9 @@ switch specialisation=DEFAULT_SPECIALISATION: update: nix flake update | spacer -push host target: - nixos-rebuild switch --flake {{ FLAKE_HOME }}#{{ host }} --target-host {{ target }} | spacer +deploy host: + deploy {{ FLAKE_HOME }}#{{ host }} alias s := switch alias u := update -alias p := push +alias d := deploy diff --git a/flake.lock b/flake.lock index 0393d63..7a8fc52 100644 --- a/flake.lock +++ b/flake.lock @@ -116,6 +116,26 @@ "type": "github" } }, + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": "nixpkgs_2", + "utils": "utils" + }, + "locked": { + "lastModified": 1727447169, + "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -188,6 +208,22 @@ } }, "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1717312683, @@ -203,7 +239,7 @@ "type": "github" } }, - "flake-compat_3": { + "flake-compat_4": { "locked": { "lastModified": 1696426674, "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", @@ -217,7 +253,7 @@ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" } }, - "flake-compat_4": { + "flake-compat_5": { "flake": false, "locked": { "lastModified": 1733328505, @@ -307,7 +343,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1731533236, @@ -325,7 +361,7 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1705309234, @@ -343,7 +379,7 @@ }, "flake-utils_3": { "inputs": { - "systems": "systems_3" + "systems": "systems_4" }, "locked": { "lastModified": 1731533236, @@ -361,7 +397,7 @@ }, "flake-utils_4": { "inputs": { - "systems": "systems_5" + "systems": "systems_6" }, "locked": { "lastModified": 1710146030, @@ -416,7 +452,7 @@ }, "ghostty": { "inputs": { - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "nixpkgs-stable": "nixpkgs-stable", "nixpkgs-unstable": "nixpkgs-unstable", "zig": "zig" @@ -591,7 +627,7 @@ "inputs": { "niri-stable": "niri-stable", "niri-unstable": "niri-unstable", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "nixpkgs-stable": "nixpkgs-stable_2", "xwayland-satellite-stable": "xwayland-satellite-stable", "xwayland-satellite-unstable": "xwayland-satellite-unstable" @@ -655,7 +691,7 @@ "nixpkgs" ], "nixpkgs-wine": "nixpkgs-wine", - "systems": "systems_4", + "systems": "systems_5", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -741,8 +777,8 @@ }, "nixos-cosmic": { "inputs": { - "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs_3", + "flake-compat": "flake-compat_3", + "nixpkgs": "nixpkgs_4", "nixpkgs-stable": "nixpkgs-stable_3" }, "locked": { @@ -953,16 +989,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1737632463, - "narHash": "sha256-38J9QfeGSej341ouwzqf77WIHAScihAKCt8PQJ+NH28=", + "lastModified": 1702272962, + "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0aa475546ed21629c4f5bbf90e38c846a99ec9e9", + "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -1000,6 +1036,22 @@ } }, "nixpkgs_5": { + "locked": { + "lastModified": 1737632463, + "narHash": "sha256-38J9QfeGSej341ouwzqf77WIHAScihAKCt8PQJ+NH28=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0aa475546ed21629c4f5bbf90e38c846a99ec9e9", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { "locked": { "lastModified": 1736798957, "narHash": "sha256-qwpCtZhSsSNQtK4xYGzMiyEDhkNzOCz/Vfu4oL2ETsQ=", @@ -1084,6 +1136,7 @@ "inputs": { "bt-tracker": "bt-tracker", "dae": "dae", + "deploy-rs": "deploy-rs", "disko": "disko", "firefox-addons": "firefox-addons", "flake-parts": "flake-parts_2", @@ -1094,7 +1147,7 @@ "niri-flake": "niri-flake", "nixos-cosmic": "nixos-cosmic", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nur-xddxdd": "nur-xddxdd", "oskars-dotfiles": "oskars-dotfiles", "sops-nix": "sops-nix", @@ -1170,13 +1223,13 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_5", "flake-utils": "flake-utils_5", "git-hooks": "git-hooks", "gnome-shell": "gnome-shell", "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_5", - "systems": "systems_6", + "nixpkgs": "nixpkgs_6", + "systems": "systems_7", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-tmux": "tinted-tmux", @@ -1286,6 +1339,21 @@ "type": "github" } }, + "systems_7": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tinted-foot": { "flake": false, "locked": { @@ -1400,9 +1468,27 @@ "url": "https://github.com/Open-Wine-Components/umu-launcher/?dir=packaging/nix" } }, + "utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "winapps": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_4", "flake-utils": "flake-utils_4", "nixpkgs": [ "oskars-dotfiles", diff --git a/flake.nix b/flake.nix index 49ae87e..44edef2 100644 --- a/flake.nix +++ b/flake.nix @@ -75,6 +75,10 @@ url = "github:XIU2/TrackersListCollection"; flake = false; }; + + deploy-rs = { + url = "github:serokell/deploy-rs"; + }; }; outputs = { @@ -232,6 +236,50 @@ ) ); } + ) + // ( + let + mkDeployNode = + { + hostName, + unixName ? "deploy", + system ? "x86_64-linux", + sshName ? hostName, + }: + { + "${hostName}" = { + hostname = "${sshName}"; + sshUser = "${unixName}"; + interactiveSudo = true; + sshOpts = [ + "-i" + "/home/david/.ssh/id_ed25519_deploy" + ]; + profiles = { + system = { + user = "${unixName}"; + path = + inputs.deploy-rs.lib."${system}".activate.nixos + self.outputs.nixosConfigurations."${hostName}"; + }; + }; + }; + }; + in + { + deploy.nodes = nixpkgs.lib.foldr (a: b: a // b) { } ( + map + ( + hostName: + mkDeployNode { + inherit hostName; + } + ) + [ + "Cape" + ] + ); + } ); }; } diff --git a/home/david/configurations/Akun/default.nix b/home/david/configurations/Akun/default.nix index 0e1bcef..439a698 100644 --- a/home/david/configurations/Akun/default.nix +++ b/home/david/configurations/Akun/default.nix @@ -127,6 +127,10 @@ mode = "0600"; path = "${config.home.homeDirectory}/.ssh/id_ed25519_cape"; }; + "ssh-private-key/deploy" = { + mode = "0600"; + path = "${config.home.homeDirectory}/.ssh/id_ed25519_deploy"; + }; "ssh-config" = { mode = "0400"; format = "yaml"; diff --git a/home/david/configurations/Tytonidae/default.nix b/home/david/configurations/Tytonidae/default.nix index af58733..cfc345d 100644 --- a/home/david/configurations/Tytonidae/default.nix +++ b/home/david/configurations/Tytonidae/default.nix @@ -141,6 +141,10 @@ mode = "0600"; path = "${config.home.homeDirectory}/.ssh/id_ed25519_cape"; }; + "ssh-private-key/deploy" = { + mode = "0600"; + path = "${config.home.homeDirectory}/.ssh/id_ed25519_deploy"; + }; "ssh-config" = { mode = "0400"; format = "yaml"; diff --git a/home/modules/git.nix b/home/modules/git.nix index a9a99c7..85769f1 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -35,22 +35,19 @@ let cfg = config.youthlic.programs.git; in - { - programs.lazygit = { - enable = true; - }; - programs.gh = { - enable = true; - gitCredentialHelper.enable = true; - settings = { - git_protocol = "ssh"; + lib.mkMerge [ + { + programs.lazygit = { + enable = true; }; - }; - sops.secrets."git-credential" = { - mode = "0640"; - }; - programs.git = lib.mkMerge [ - { + programs.gh = { + enable = true; + gitCredentialHelper.enable = true; + settings = { + git_protocol = "ssh"; + }; + }; + programs.git = { enable = true; userEmail = cfg.email; userName = cfg.name; @@ -63,20 +60,23 @@ }; }; lfs.enable = true; - } - (lib.mkIf cfg.encrypt-credential { - extraConfig = { - credential = { - helper = "store --file=${config.sops.secrets."git-credential".path}"; - }; + }; + } + (lib.mkIf (cfg.signKey != null) { + programs.git.signing = { + signByDefault = true; + key = cfg.signKey; + }; + }) + (lib.mkIf cfg.encrypt-credential { + programs.git.extraConfig = { + credential = { + helper = "store --file=${config.sops.secrets."git-credential".path}"; }; - }) - (lib.mkIf (cfg.signKey != null) { - signing = { - signByDefault = true; - key = cfg.signKey; - }; - }) - ]; - }; + }; + sops.secrets."git-credential" = { + mode = "0640"; + }; + }) + ]; } diff --git a/nixos/configurations/Cape/default.nix b/nixos/configurations/Cape/default.nix index d113e8b..2b3c5e0 100644 --- a/nixos/configurations/Cape/default.nix +++ b/nixos/configurations/Cape/default.nix @@ -17,6 +17,7 @@ unixName = "alice"; hostName = "Cape"; }; + users.deploy.enable = true; programs = { openssh.enable = true; tailscale.enable = true; diff --git a/nixos/configurations/Cape/users/default.nix b/nixos/configurations/Cape/users/default.nix index 88007b2..5eb47ab 100644 --- a/nixos/configurations/Cape/users/default.nix +++ b/nixos/configurations/Cape/users/default.nix @@ -12,6 +12,7 @@ ]; }; + users.mutableUsers = false; programs.fish.enable = true; users.users.alice.shell = pkgs.fish; users.users.alice.openssh.authorizedKeys.keyFiles = [ diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index e45594b..47a7734 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,4 +1,5 @@ { + pkgs, inputs, outputs, ... @@ -15,6 +16,7 @@ disko.nixosModules.disko ]) ++ [ + ./deploy ./nix.nix ./home.nix ./sops.nix @@ -39,5 +41,8 @@ additions ]; }; + environment.systemPackages = with pkgs; [ + deploy-rs + ]; }; } diff --git a/nixos/modules/deploy/default.nix b/nixos/modules/deploy/default.nix new file mode 100644 index 0000000..cbc1559 --- /dev/null +++ b/nixos/modules/deploy/default.nix @@ -0,0 +1,25 @@ +{ config, lib, ... }: +let + cfg = config.youthlic.users.deploy; +in +{ + options = { + youthlic.users.deploy = { + enable = lib.mkEnableOption "deploy"; + }; + }; + config = lib.mkIf cfg.enable { + users.users.deploy = { + isNormalUser = true; + hashedPassword = "$y$j9T$B/igbpUxYMx9W4hV/Uc0/.$Z9.cTGfXQ0YD03MmfvDCd6.ijEo5L9v2CbrhN8Fvkf6"; + home = "/home/deploy"; + extraGroups = [ + "wheel" + "nix" + ]; + openssh.authorizedKeys.keyFiles = [ + ./id_ed25519_deploy.pub + ]; + }; + }; +} diff --git a/nixos/modules/deploy/id_ed25519_deploy.pub b/nixos/modules/deploy/id_ed25519_deploy.pub new file mode 100644 index 0000000..06ae204 --- /dev/null +++ b/nixos/modules/deploy/id_ed25519_deploy.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHgT+TvQDdCJXpxCvqII7sE4KR3gpCDEhIt6RdL+mIny david@Tytonidae diff --git a/secrets/general.yaml b/secrets/general.yaml index b2ffdf0..50e7a37 100644 --- a/secrets/general.yaml +++ b/secrets/general.yaml @@ -1,5 +1,6 @@ atuin-key: ENC[AES256_GCM,data:e3K7/7BaeXuR+vHJdtO79UQp3XRvROcD8ISkuCp3KGCSlBKUM3GuCwhIeFoIl0fOUqVYOzcCAcjsH2nBRqcXhtS8jhM=,iv:Mh3jsu6mdj0VOLSIoNz/0awyydVf7q3/E7iB7CJi+UA=,tag:xuHhUmK/J2stdjRrtbhQSw==,type:str] ssh-private-key: + deploy: ENC[AES256_GCM,data:tYCsym/IY7uE9is56Qvdm+PxouFPng5hY/nlk/Xsm2qOCjdD2G9PyBTSs4dSil8GYusOdSRAFluCf1awJIHV9CJbCDOBVdzJOeXt19VYm2LQOiU7uOtlhUJYMOyIJjedVpRUfUAI8rQNaANIJ+p40ApnUi3jQbXp66iLZhMs+F2vnWimrorV5if74P+wUCSQEkhWWNBebIlP/JQkmGlS7hSDX9RAUF2m5YzyeTTPEmz/F19Sobq7ws0bxo++v6FiM1Zw/uDPX/NT4h1X/qEu1treRk8eo4+j4ha4OWvM62mecvoPln+Rwp+1q/1Ky0WROFSmIQ0CGJHIwWP4TcDJJeazC/0L5WZAvbHQr6tR7zVeu81OboHfgbrWe4wTzpxGxaRHQVFz+8Q9jpuzYbRnaqUZEfeXQKmSxsmu1SZLIJx/3BFMy8WQnsI0aZJm7Ol/WMY17ikPjC9hFLdzZzDV7zfMIl4TjaFxKpRvWsqtGW55r1IuqnrEFL0M4x9yzGWwT2LQIKqM7AM04phF8Ot8GiNAUPzC5Cm2gwWm,iv:jnNrRZAOsgOiGayLj2mUgODrKMQ66dIYG56G2+1ypYQ=,tag:1jD+1NtWKZye21aTVLTqBw==,type:str] tytonidae: ENC[AES256_GCM,data:I1RF/umtOGAuSVoLfwDnN2DG+w1yWqPkhZzM61y5XRSxF2Xq5C/iUJGWeCc+1Hwbw+oEMnm2e57m79Uke0LIJJrw//kRMqNOewQtx2xHkNSscWKCIANoNiDdhlOnB0r0BfXObr0xEu/69ST11lupPGIGQiWhjT1BY7c4NhAhhzfThttQCwznfrX3SfLu4p2Akg6p8QmRcU6h9kox+PK1Im+h956W0dYVnIe4ePZ3NGitQll9hxLxM+agnxF9wDDO+4pQ3i8aadbxLr8ug/boEhBy/e+sOKqzboAiWpuDjfQRUxklz0IxBihK8z6J/AHgXusxs70EdUDKf5sH7RIi95poYqJdl6bKToSCJtuM7JQ/eNTUjHvUZlRvlXSZG4iNypUYTOxSHTFGH7rA0wNeE0sMXkaTfJHD5utZDjxibICW1+BYXam8mTKWhXMUyfAL2bLMRmshxRB81bPnik08axpzJ22oSxZ1AfPz5I98zn/o0bDlAPTRetImQtSN181WrRHCCVUMe4wZIfgQvVryFgfPU06gqztgU2DB22QphXXysHn4p3jbAF3Hqvgq0f+iNXoh6NJLaUD+i7xb,iv:nSTfnDbaS9DZL2WhVgcu8qIPkYH1Zws58yvcIeSZCzk=,tag:JJV7vJylaFOYdVjyeeOt9g==,type:str] akun: ENC[AES256_GCM,data:d04sdY1cvJuOPSq9H2lT26jrUFSA1sHz1i9jj+XtXGeagQyc4XaknTmfC3EDfvNghoizZWZ/Ma+BfIvnlWDBFqhkGhdhB7X8PnI9rySOfkMmOk2HXHtvP4GfSy2oQ4BMRfYX2N9TcViascnXA9MRsetDjD3fhiCKkZ+2H/sthxw38JgK95O74lFCze7sc4ZzK/RhXaBkLFrQpMdqnGBYpH9wuHiQSlFxBQ0jHJDUeOSxOdCanw2xfdkJnNe5dKRweoYp4Mtit2C3DRdaT3lMQ/SQjfEhUs/0TIXyunoWE7nX5tUN2F2s/FtkPMU5lpiW1x+kntMBBfY9TA+r4CyH4lkhFit+DsIkPfdUZGzSquQAHHWzDzS5vXnKTf8NFCzHIeoQzegkf4JS+CWf51Iy15FfWy+Pd6CmxLikAQnGTixGDa7LMqOV48BhZ5it/hJmrzg0FMkNFeeJW/s9YvCNMae8lMt/0K+N+pUD/Ud8VJnIxP4MmWGKRwNNFHivGuZjtKCJR9agf1N7NPBDDqV7HRDYAfxa2sPozWZ5ZGGGlsmINeymNk10aY4ovRs/6CcRWw2gPspNuxvqb9HQ7r/cQFmGhLYpkliRLpFM/skLCHA=,iv:YVPvHL4nxqJMR8PE+hraS0piboGYXqyljgGcBHqG38g=,tag:HSab+C3Xd5wMzyomF9dGMA==,type:str] cape: ENC[AES256_GCM,data:5CD6oW9IBAjf9X3waQXMSt82ykOzUZ1D2VFZvZVLRWw+6GUDkPF1jSl9bLR6igY3cQO6164Li7gDz/yImoPgPpy7mvG4iJjaILSWVr9ZwB1dmWK30ZkHB1wpPxHbrSXo6M3t610x8I1ScqSkgh2PV5+cmMH8wd+QSgKwoL7IOoXHkuqKHxI9D+dCGSHH35MvQwWQO0jyn3vjFDhBode5+7tbMPD9dgQLDmWkiSE2xkgIh/RqsJ5x6i8qferyWZeHv9fJMYpJi9SJJe+LwmHZW/JHhaHZztAAu5sHFtC8pA0UwiUMn/ND8L28J1nuMHHNZEF3rmX1cQykPYP1VeNya8Rf+aSzNtD/LjJrU5bjBNt0IEatsnBPUDNZNFrOxgWV4k84wCbDknwqmk5tYLgMF/BsXdShbMguezTgOZS2xpX35QZ3TM+mHkThtPDR+i3ZuDvj5kvAMngCIr95TtZRilGAytABF5CCE6e7jxGG5ijCa46AHDi38/Dk4ci/2s5sY/ekUDLFjhYIkLEFQWsn9VAy9MD+Bkkr+YjHQ1rL74uuqgccxRjEqzBFvVZliq7SbYQ7Bub9qFld1o4+P/YbUGdJlmd0+//pKO9ws20AjvU=,iv:VplLC/sDztaqUiHr/3aglvqxyptZLN2MV3HQzneRk9A=,tag:/hUJjB+oxCKTPk+hPgC4rQ==,type:str] @@ -15,23 +16,32 @@ sops: - recipient: age1smmqun9h3cszaza85ty33yenyaqtat572u9r3we4l5gh85njgvws6q680g enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaQ0s4QldhbzNEcGJocGtK - aEY1ZGxMSE54U3JRUGc1aXBzQXlhb2xNZGdjCjRhbWFFeXVUZ1ExT25NMi8zWGl1 - U05SOTd0OVJBZndzdkEwWEdPZnJMUlkKLS0tIFJsSUZrVSszdVozYkhTWFZpWG9s - VVBnNVNLSVkvRUJhQ1VnRXAwajFySFEKbstCqi4CmEfEEe8+NqVrEj7GWPVTC2yR - zpAX54OdHtlRBLFFOeDR8jytKOPi2yxvY49Gn1zZ82dQaqY1kvlKZg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3MHB5OXFPbGxvYWc2TVZI + TGMrY0Vqa0hWQ05SbGJ4aEMvd2RIdzc3N0dvCjQzaGc2YU5LWkVvTzJUTHZvS3RT + bkJJZGg0ejRad2dwdVVVcXZ4K1dhZW8KLS0tIHRRUDJ4cUpFU3F3VU1CY1laM0xr + OFNxUGFXVmFlKyszNlVNb3RxbGxCL0UKPeVB78sBNluUdoloyCzh97DUPwCS6yY8 + wQQrHa/RZo+dcI2+SioIheincW/lQTTKy0FvKfmx0BU+NLwyeuyPcA== -----END AGE ENCRYPTED FILE----- - recipient: age1emhsx2l0ell6smavzaackwkk7n2u4zf6chdp9xcds3dqp7s444ds9fcaga enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmRVV1WFJBdWMxNmM4VXdx - dEk2ME01dWVSWFdKTHRnVWRTZ3Z0MFNaTHc0ClN4MElGejBjZ0sxNXVxSWRBL1px - dkozMzVIQjdCMktzT2U2Tnhjd1Y4N00KLS0tIFc4T3E4V3VQdk1iMW5UT1N6RUlZ - RjdOK1RiRHRzTGd1dDlUTEVRVzBtQk0K5vtopA4dhLODrVlUnegm9f5DwSvOKuIS - bIPHM5FarLGRXTXs09vKW5LFKo3BOm9N4Zc6q4cV7Pdp5+AZEEp/0Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIc0FOOUVHSkFuNjVCVG1H + N3BFb2RIMHhLWU9UenRBSGNXYXRFTzJTOHk4CmRSdkVXblFGdjdtZXp5TFVhUDlX + MzNrMi83TWlvcXVIVGNaV2JtZ2o0NzAKLS0tIFBnR0xpeWZENmIwdWhDdmNhK1A3 + aUNnMmpMQmtoWGtmanJJTThNZ2l1bVUKDdCnNCTsea69pJkUKIOm6WdZeL1aqwbQ + xxKbyMeJDW7VzJjMQEbf0Zr2tvn6YJFWHpWGgKeeOa8HOmqCKYlAZA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-26T07:53:45Z" - mac: ENC[AES256_GCM,data:0ndToxSzjLVwdWgxq64naRilPbX9X2+0l9r8eFpKplg1ZOT3gWBQHKrp8ShWmvgmjr5LvildTjqfBC6WGh1Aj3X5xQEnAzCD5IS4bpLtCKMzShiOL2z9ExXBfNMrfs5p7BVxAYQg2pWusDRgx2x+4Z5iiEycocky295rtph3qQ4=,iv:t07So6P8Op0ylUvASIFiaaDWKPrEsRvl1UdqhEaQnDg=,tag:D0Z+aM6YjUQZ0iYX++1dtA==,type:str] + - recipient: age1s4zml68g0ys05tv2nlpnevz37vf0uurypfsf996wj4vytgxczumqy3utck + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3Q0xjeGdyWUxzdmJlaDJE + dU5ONEpDVVFpeWFJR0pLRnZuMVliamxiVXdzClFjT1JFVDlqK3Uremw0WWpVakVV + UHNFQW82V2RaZ2hYWHJsL1R3UjEzQVUKLS0tIE42VVcwNlAvOVNjcnVCUmhObXdm + a1Y1NU9CK2h1SS83VW42bzBMa01yMXMKI1DBtgNlkNCrxUQvnD6a45mQKNfg5gM4 + Zb5buo9Jofj4dn/HFwng3T3gxKTrP2Dh74CAH4L0M5yrF9fzk5TCcQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-27T08:53:59Z" + mac: ENC[AES256_GCM,data:gNlAly2qCnIbyWnZHzkz5KPxK6iY4wC/kmnoodHpn0kijUB9M8+rGxzx+ZLcj8kvthmrKkoCSWlj1ymOZLVUNW4R7/zpTlR7CMN66F2BFVVts7MFBI3Qzu+iuC59wpefCZk+kmfn0V8bcMCZ1vMYq0zLvL0UBgkE2/sB5EVIY58=,iv:ZXo2WQUs8YCgFlh+8pQckVRwL0p6hJ82+43XFVDA2iQ=,tag:KQIBj2/hCQefDv+w1WV2Vg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.3 diff --git a/secrets/ssh-config.yaml b/secrets/ssh-config.yaml index 511bc72..0d36825 100644 --- a/secrets/ssh-config.yaml +++ b/secrets/ssh-config.yaml @@ -8,20 +8,29 @@ sops: - recipient: age1smmqun9h3cszaza85ty33yenyaqtat572u9r3we4l5gh85njgvws6q680g enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzVzEwYTNNVVV6VXJUS201 - ZnU1cXJRTTdzS2pyOTBVS3hCS1ZnSzF2eERzClpXRk9DdzJPRjY4NURSSWl5TjJG - czVYUjZSS2RTT0JlSkE5NzltMzV0VTQKLS0tIGwvdE4wYjB6ZHZmV01sOXkrcUxK - ajd5bVAwYmJ6VU1XUzJwSUlrbFE3clUKANuO/gmjbzBcSJzNJbiV7hPffZ/h9Exn - KaqPaPst1oTep48OHJpqntYTTFt1TD8XidguiFTpHfKmOY7KjcOgOA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6cG9OdXUvUnlYRUJUc2dZ + NUJzWHJ1bXhkTTRPSXRDUUNVYTczWVllbVRFCksxWUZZWFFkNUtmTFp0V2ttazla + YmhtL2FpcmtoVWZFdXp4cE1aMTBTdmcKLS0tIGZXMXB4MkNNVTVWQjhZRnZqS1JS + RHZMRmpkYkJKeGlaTGhuNCtLNURkS3cK24p7POvcZTN6xVNN/3oVsCQcP5n/3Akj + YiVs7NFvHuHgqsZHdD6mDG8IuR6+7UbZcjdzm9b6muFrTvL7x6IVoQ== -----END AGE ENCRYPTED FILE----- - recipient: age1emhsx2l0ell6smavzaackwkk7n2u4zf6chdp9xcds3dqp7s444ds9fcaga enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5REhMbm1ubkplcnpySVNQ - Q3U5V0lvZkRjSzNleGk2TFZOUENqc2xKZkVFCkFrd2hPZVNkY2dWZnNuSUNiL2Yw - Z0lvc3RlMG1ma1UweElwTHlLczBFK2sKLS0tIGl0SHJBcnVoSnZITXd3amxNOE5C - Vm9nNE9aVjNtM3dUcHVMS201aEUzWVEKsRUBRWmJH+SeySfohgygVdJWy8eGB6Kh - dFvTObd4VenTVHI6/Cz2NZAYVEYWVe7d68TeGSNTPBVaFqqgqRm/Vw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWTDRBT2s1Q0dpTDVwOCtT + emJnYktnYUZ3WFRZOW1rN3VadDhYM0R4M0FnCmU1SGpIYldLNUkxRHpwc0JVRHBo + dC9INVBYQ0J0aGxUWHVxeHJrdEhUK1kKLS0tIElMVEFsMS9BTCs4bkJnak9Yc1k1 + UHVXS0RJZnhHMUZwcFhzN2pscW85Sm8KKtXsuJG6wCG8RzCHthMBDUYRMqNHpl/n + rDtduFwsn1ItxA6R5edUaPu7AJZ6+z7Aku1cf8WHGH4LgD6clR/avw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1s4zml68g0ys05tv2nlpnevz37vf0uurypfsf996wj4vytgxczumqy3utck + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwck9lZ1lVM0c1LzhiR0V4 + SDcycnd3ZGtWNStnaS94bC9RZy83QnZWd2pJCmJrMVE5cXdIaFJYL21ITTNJQ3h5 + NVgvQlVVaHJDYUZTUW1YK3p5VTNNRXMKLS0tIEtLQjZVRzJZQ2tuMStJOE9aWDJC + anNBRmFHN3VOVEhVdjd0QTA2aGd4OE0KCsaIBsMWZ+CDIck2a53vV+gnn2/Coc/o + HgQc5JMQbL4n957nqB/Gpj92z2nYteVl0fS7Umu9M2SbmF2Cvapafw== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-01-27T02:51:28Z" mac: ENC[AES256_GCM,data:JIv/R2t5adjPV4h4WMITfF9wQ4OyV1Cy8TKc9IUDX6Xu/JYSiYKhCUAzV/CkjG/FGEjeXz9dzzhR5wrZefVf2FnrTErPMpdy4yxuDL28F1zMK+Uixay0FB4Z52PmDXzzNhqOrEUhC2t4ev7/SUtxmJjgJ/Q8e8Impgsi4TLvhlo=,iv:Sx8T2Acryn4d3KhIf3Of8Fo55ma4g00wBwyOsL4gVls=,tag:OUX1313d9NW5MmTq2yT2Fg==,type:str] diff --git a/secrets/transmission.yaml b/secrets/transmission.yaml index 36d30d8..2766eb3 100644 --- a/secrets/transmission.yaml +++ b/secrets/transmission.yaml @@ -8,20 +8,29 @@ sops: - recipient: age1smmqun9h3cszaza85ty33yenyaqtat572u9r3we4l5gh85njgvws6q680g enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByNUJGTHV3Nkd3NmFkUEVm - OTJjSG00eVAwRTlQUHk3THgvczRYQlhkK1M0ClFHZDVBVWRnMytIQ1JOMDVhZWpr - QkV5YVQ1dEo1cFRBSVEySUZQNnVTQ00KLS0tIHhMTVRaY3lCL1pXL0NGbkdEVzBu - ZkVpNCtnWFdodHFYbWhFWTVsbGZ3N2cKz8+iOr5Jpg7r+fZrmEfv7GT+U9GGYFsA - uwLrJBYkyh+nS0KpgK/II3xBW+OLK//Q4qXhX2xNR3PrCEyYNepWyg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6WURqaWhmS0FiOGpncWRR + aTd3Z0NXZWhuY2I4amxEVFJ0WGN0MkpjVkdvCjFBM0NPenAvYTI4VlZnN0E2UGc4 + NjNwa0FER29yVTJxazlxalhaQjNYS0UKLS0tIG9mSEwwUFRaQTlMVFJJN0RRekxN + WmRZM0prQWc1Y08vbUtRdkY0T3lqSjgKopjxaDG1pRQpvZG4ddkwMR2puIlIOL4D + xBo4iY7eWd7b3A1ibcMLG075aSjrlYy9qs6esl7LxTjt1bEdaIwYqw== -----END AGE ENCRYPTED FILE----- - recipient: age1emhsx2l0ell6smavzaackwkk7n2u4zf6chdp9xcds3dqp7s444ds9fcaga enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUNmQxU04yYWdKdFJqaUQ1 - UkE4Ykt5UmJESVB3NnZpS1d4VmlNSjZVK2xnCmo0SEJQM28vWWd3enhDRFZxRmRZ - aEpDa05vZmthY0FHR0djaGpBc2l4cTgKLS0tIHIvRUh0aTJqdFc4eHE2ZFJCRmJY - S21ySVFCWTlPQUZXci90RjY3QnhmaVkKk5et+gjlm7m/llWru16Lomx2cSLvgFBc - mUFUECsaOgTTLoCBj7fS/tPH94kXj4+vk/2OwihOWX6lSyKfkGtuRg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzRVc0bHFJVDNWaTlsekhX + WmlnK2NheHIzSmx4WTdEK2tlVk51NktEM0Y0CkowU1p1eGdiNUxxeTIrQjFaT1NX + MCtTakpMZFN2TFdKaGt2Qzd4d09CRmsKLS0tIDllWXE3ajJ6UHMyNzFHandhMGVv + R055RDNNSUdxaXd0elJtbkpzV0hZbEEK9KSf+jd1XD/7ldvnGkLfohqbojde5VRQ + DUkvrpiKp24d6j/zBBjHC9PfRPQ5kChP0zUfmZigAIHOZTPvICf7kA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1s4zml68g0ys05tv2nlpnevz37vf0uurypfsf996wj4vytgxczumqy3utck + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNRHQ0NThLb2pGVnhOMW9D + SHo3WElEcFBSTXh5VFhNTHNTS2pnMUpKSngwCnlWZTVlWVludkY1NkwzWEdWdjZU + NmFRR203Z0QyNEp1aVE2eXRzcXJyZEEKLS0tIDM4VXJZM0ZKdGsra1VnelVzWVZr + NW0reXdaZWxrN1MwTDZQS0xESjM0L0kKaEoGiIz90xs5XThiPjNd3NouVIiNbhp8 + Z97Xc44lDvaqBInmYzLFjh5Y/uBQMoeeayoVe14whwsLzsoJ094CCQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-01-24T08:58:17Z" mac: ENC[AES256_GCM,data:YJPmgWY0U8xEauUnVIjOqwZkSFRYWCcn/HbmS4M2ZFlblM7GkMJAqrDhZIlKUlUbsDtoUKRZH/DmUNj6jB8ejabUE1psu0eOvdP5svoMhGJf7JMkEWiLikqpw9eadt8FdidKjPjTGR0G4oSq+vdbFy2TsKjhyHuab8cLCm3MfkY=,iv:SrviiLHDTjgpr5588suDbF7Pfw3yhnCmz4x0FSvzypo=,tag:2WP8wLsT/iANcbisRmp9mA==,type:str]