diff --git a/config/_ids.nix b/config/_ids.nix index c2aa540..2fe6985 100644 --- a/config/_ids.nix +++ b/config/_ids.nix @@ -18,5 +18,6 @@ music = 1031; dns = 1042; z2m = 1016; + papers = 1032; }; } diff --git a/config/dns-adguardhome.nix b/config/dns-adguardhome.nix index ee6b4ff..d3e5db5 100644 --- a/config/dns-adguardhome.nix +++ b/config/dns-adguardhome.nix @@ -58,7 +58,7 @@ in }; systemd.services.adguardhome.preStart = '' cp /etc/AdGuardHome/data/leases.json /var/lib/AdGuardHome/data/leases.json - chown adguardhome:adguardhome /var/lib/AdGuardHome/data/leases.json + # chown adguardhome:adguardhome /var/lib/AdGuardHome/data/leases.json ''; services.adguardhome = { enable = true; diff --git a/config/papers-paperless.nix b/config/papers-paperless.nix new file mode 100644 index 0000000..66b1f09 --- /dev/null +++ b/config/papers-paperless.nix @@ -0,0 +1,16 @@ +{ + config, + tools, + pkgs, + ... +}: +{ + services.paperless = { + enable = true; + configureTika = true; + domain = tools.build_hostname "papers"; + environmentFile = config.age.secrets.papers-environment-file.path; + passwordFile = config.age.secrets.papers-password-file.path; + port = 80; + }; +} diff --git a/containers/auth.nix b/containers/auth.nix index e48c6ec..112e723 100644 --- a/containers/auth.nix +++ b/containers/auth.nix @@ -5,6 +5,7 @@ in { my-lxc.auth = { container = { + enable = true; cores = 2; memory = 1024; disk = "8G"; diff --git a/containers/papers.nix b/containers/papers.nix new file mode 100644 index 0000000..9a4d5bb --- /dev/null +++ b/containers/papers.nix @@ -0,0 +1,30 @@ +{ ... }: +let + db_pass = import ../config/_passwords.nix; +in +{ + my-lxc.papers = { + container = { + cores = 1; + memory = 512; + disk = "6G"; + swap = 512; + }; + db = { + enable = true; + password = db_pass.papers; + }; + system = { + port = 80; # open in firewall + expose on proxy + importConfig = [ + ../config/papers-paperless.nix + ]; + }; + logging = { + enable = true; + metricsEnable = true; + }; + private = true; # available only on private lan + auth = false; # true; # auth overlay + }; +} diff --git a/containers/vault.nix b/containers/vault.nix index 80fbaba..3b29113 100644 --- a/containers/vault.nix +++ b/containers/vault.nix @@ -7,7 +7,7 @@ in container = { cores = 1; memory = 512; - disk = "4G"; + disk = "5G"; swap = 512; }; db = { diff --git a/flake.lock b/flake.lock index a5b1600..9217831 100644 --- a/flake.lock +++ b/flake.lock @@ -26,11 +26,11 @@ "authentik-go": { "flake": false, "locked": { - "lastModified": 1770333754, - "narHash": "sha256-Yyna75Nd6485tZP9IpdEa5QNomswe9hRfM+w3MuET9E=", + "lastModified": 1771856219, + "narHash": "sha256-zTEmvxe+BpfWYvAl675PnhXCH4jV4GUTFb1MrQ1Eyno=", "owner": "goauthentik", "repo": "client-go", - "rev": "280022b0a8de5c8f4b2965d1147a1c4fa846ba64", + "rev": "4c1444ee54d945fbcc5ae107b4f191ca0352023d", "type": "github" }, "original": { @@ -56,15 +56,16 @@ "uv2nix": "uv2nix" }, "locked": { - "lastModified": 1770931530, - "narHash": "sha256-g6FXanv0FlUc7eWFJ9C5g9ZbMtWA8dSNGwx0mia3uyA=", + "lastModified": 1772909021, + "narHash": "sha256-hcstQ1Z9aQSJM3AVCLb0/OPTicbME9nhP01GiPrOjZM=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "0487b4db05bddbd8d163f3fd85eef9c9413dca11", + "rev": "7e4730351fb6df479c46a1bf7e23d46a0b0c5d46", "type": "github" }, "original": { "owner": "nix-community", + "ref": "version/2026.2.1", "repo": "authentik-nix", "type": "github" } @@ -72,16 +73,16 @@ "authentik-src": { "flake": false, "locked": { - "lastModified": 1770911230, - "narHash": "sha256-alTyrMBbjZbw4jhEna8saabf93sqSrZCu+Z5xH3pZ7M=", + "lastModified": 1772567399, + "narHash": "sha256-0Vpf1hj9C8r+rhrCgwoNazpQ+mwgjdjDhuoKCxYQFWw=", "owner": "goauthentik", "repo": "authentik", - "rev": "19ad8d3ae3f266ec1096bc4461fdf6bcda1aa079", + "rev": "0dccbd4193c45c581e9fb7cd89df0c1487510f1f", "type": "github" }, "original": { "owner": "goauthentik", - "ref": "version/2025.12.4", + "ref": "version/2026.2.1", "repo": "authentik", "type": "github" } @@ -105,11 +106,11 @@ ] }, "locked": { - "lastModified": 1760971495, - "narHash": "sha256-IwnNtbNVrlZIHh7h4Wz6VP0Furxg9Hh0ycighvL5cZc=", + "lastModified": 1767714506, + "narHash": "sha256-WaTs0t1CxhgxbIuvQ97OFhDTVUGd1HA+KzLZUZBhe0s=", "owner": "cachix", "repo": "cachix", - "rev": "c5bfd933d1033672f51a863c47303fc0e093c2d2", + "rev": "894c649f0daaa38bbcfb21de64be47dfa7cd0ec9", "type": "github" }, "original": { @@ -119,24 +120,142 @@ "type": "github" } }, + "cachix_2": { + "inputs": { + "devenv": [ + "devenv", + "crate2nix" + ], + "flake-compat": [ + "devenv", + "crate2nix" + ], + "git-hooks": "git-hooks", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1767714506, + "narHash": "sha256-WaTs0t1CxhgxbIuvQ97OFhDTVUGd1HA+KzLZUZBhe0s=", + "owner": "cachix", + "repo": "cachix", + "rev": "894c649f0daaa38bbcfb21de64be47dfa7cd0ec9", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "latest", + "repo": "cachix", + "type": "github" + } + }, + "cachix_3": { + "inputs": { + "devenv": [ + "devenv", + "crate2nix", + "crate2nix_stable" + ], + "flake-compat": [ + "devenv", + "crate2nix", + "crate2nix_stable" + ], + "git-hooks": "git-hooks_2", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1767714506, + "narHash": "sha256-WaTs0t1CxhgxbIuvQ97OFhDTVUGd1HA+KzLZUZBhe0s=", + "owner": "cachix", + "repo": "cachix", + "rev": "894c649f0daaa38bbcfb21de64be47dfa7cd0ec9", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "latest", + "repo": "cachix", + "type": "github" + } + }, + "crate2nix": { + "inputs": { + "cachix": "cachix_2", + "crate2nix_stable": "crate2nix_stable", + "devshell": "devshell_2", + "flake-compat": "flake-compat_3", + "flake-parts": "flake-parts_3", + "nix-test-runner": "nix-test-runner_2", + "nixpkgs": [ + "devenv", + "nixpkgs" + ], + "pre-commit-hooks": "pre-commit-hooks_2" + }, + "locked": { + "lastModified": 1773440526, + "narHash": "sha256-OcX1MYqUdoalY3/vU67PEx8m6RvqGxX0LwKonjzXn7I=", + "owner": "nix-community", + "repo": "crate2nix", + "rev": "e697d3049c909580128caa856ab8eb709556a97b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "crate2nix", + "type": "github" + } + }, + "crate2nix_stable": { + "inputs": { + "cachix": "cachix_3", + "crate2nix_stable": [ + "devenv", + "crate2nix", + "crate2nix_stable" + ], + "devshell": "devshell", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts_2", + "nix-test-runner": "nix-test-runner", + "nixpkgs": "nixpkgs_3", + "pre-commit-hooks": "pre-commit-hooks" + }, + "locked": { + "lastModified": 1769627083, + "narHash": "sha256-SUuruvw1/moNzCZosHaa60QMTL+L9huWdsCBN6XZIic=", + "owner": "nix-community", + "repo": "crate2nix", + "rev": "7c33e664668faecf7655fa53861d7a80c9e464a2", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "0.15.0", + "repo": "crate2nix", + "type": "github" + } + }, "devenv": { "inputs": { "cachix": "cachix", - "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts_2", - "git-hooks": "git-hooks", + "crate2nix": "crate2nix", + "flake-compat": "flake-compat_4", + "flake-parts": "flake-parts_4", + "git-hooks": "git-hooks_3", "nix": "nix", "nixd": "nixd", "nixpkgs": [ "nixpkgs" - ] + ], + "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1771610023, - "narHash": "sha256-GfaUN+8Eg0ShJljq5ZIf/ateO/ry9CL0b7wpI+5e/6U=", + "lastModified": 1774428097, + "narHash": "sha256-yQAutPgbsVHsN/SygZDyzMRxQn6Im53PJkrI377N8Sg=", "owner": "cachix", "repo": "devenv", - "rev": "3631489b8b3b8a7b4948824b621d02a420b58cc7", + "rev": "957d63f663f230dc8ac3b85f950690e56fe8b1e0", "type": "github" }, "original": { @@ -145,14 +264,59 @@ "type": "github" } }, + "devshell": { + "inputs": { + "nixpkgs": [ + "devenv", + "crate2nix", + "crate2nix_stable", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768818222, + "narHash": "sha256-460jc0+CZfyaO8+w8JNtlClB2n4ui1RbHfPTLkpwhU8=", + "owner": "numtide", + "repo": "devshell", + "rev": "255a2b1725a20d060f566e4755dbf571bbbb5f76", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_2": { + "inputs": { + "nixpkgs": [ + "devenv", + "crate2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768818222, + "narHash": "sha256-460jc0+CZfyaO8+w8JNtlClB2n4ui1RbHfPTLkpwhU8=", + "owner": "numtide", + "repo": "devshell", + "rev": "255a2b1725a20d060f566e4755dbf571bbbb5f76", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { - "lastModified": 1765121682, - "narHash": "sha256-4VBOP18BFeiPkyhy9o4ssBNQEvfvv1kXkasAYd0+rrA=", + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", "owner": "edolstra", "repo": "flake-compat", - "rev": "65f23138d8d09a92e30f1e5c87611b23ef451bf3", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "type": "github" }, "original": { @@ -162,13 +326,41 @@ } }, "flake-compat_2": { + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "revCount": 69, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, + "flake-compat_3": { + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "revCount": 69, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, + "flake-compat_4": { "flake": false, "locked": { - "lastModified": 1761588595, - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", "owner": "edolstra", "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "type": "github" }, "original": { @@ -182,11 +374,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1765835352, - "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "a34fae9c08a15ad73f295041fec82323541400a9", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "type": "github" }, "original": { @@ -199,15 +391,17 @@ "inputs": { "nixpkgs-lib": [ "devenv", + "crate2nix", + "crate2nix_stable", "nixpkgs" ] }, "locked": { - "lastModified": 1760948891, - "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", "type": "github" }, "original": { @@ -217,6 +411,49 @@ } }, "flake-parts_3": { + "inputs": { + "nixpkgs-lib": [ + "devenv", + "crate2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_4": { + "inputs": { + "nixpkgs-lib": [ + "devenv", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1772408722, + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_5": { "inputs": { "nixpkgs-lib": [ "terranix", @@ -237,21 +474,6 @@ "type": "github" } }, - "flake-root": { - "locked": { - "lastModified": 1723604017, - "narHash": "sha256-rBtQ8gg+Dn4Sx/s+pvjdq3CB2wQNzx9XGFq/JVGCB6k=", - "owner": "srid", - "repo": "flake-root", - "rev": "b759a56851e10cb13f6b8e5698af7b59c44be26e", - "type": "github" - }, - "original": { - "owner": "srid", - "repo": "flake-root", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": [ @@ -316,20 +538,82 @@ "inputs": { "flake-compat": [ "devenv", + "crate2nix", + "cachix", "flake-compat" ], "gitignore": "gitignore", + "nixpkgs": [ + "devenv", + "crate2nix", + "cachix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1765404074, + "narHash": "sha256-+ZDU2d+vzWkEJiqprvV5PR26DVFN2vgddwG5SnPZcUM=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "2d6f58930fbcd82f6f9fd59fb6d13e37684ca529", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "git-hooks_2": { + "inputs": { + "flake-compat": [ + "devenv", + "crate2nix", + "crate2nix_stable", + "cachix", + "flake-compat" + ], + "gitignore": "gitignore_2", + "nixpkgs": [ + "devenv", + "crate2nix", + "crate2nix_stable", + "cachix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1765404074, + "narHash": "sha256-+ZDU2d+vzWkEJiqprvV5PR26DVFN2vgddwG5SnPZcUM=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "2d6f58930fbcd82f6f9fd59fb6d13e37684ca529", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "git-hooks_3": { + "inputs": { + "flake-compat": [ + "devenv", + "flake-compat" + ], + "gitignore": "gitignore_5", "nixpkgs": [ "devenv", "nixpkgs" ] }, "locked": { - "lastModified": 1760663237, - "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=", + "lastModified": 1772893680, + "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37", + "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9", "type": "github" }, "original": { @@ -339,6 +623,102 @@ } }, "gitignore": { + "inputs": { + "nixpkgs": [ + "devenv", + "crate2nix", + "cachix", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_2": { + "inputs": { + "nixpkgs": [ + "devenv", + "crate2nix", + "crate2nix_stable", + "cachix", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_3": { + "inputs": { + "nixpkgs": [ + "devenv", + "crate2nix", + "crate2nix_stable", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_4": { + "inputs": { + "nixpkgs": [ + "devenv", + "crate2nix", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_5": { "inputs": { "nixpkgs": [ "devenv", @@ -433,11 +813,11 @@ ] }, "locked": { - "lastModified": 1771532737, - "narHash": "sha256-H26FQmOyvIGnedfAioparJQD8Oe+/byD6OpUpnI/hkE=", + "lastModified": 1774103430, + "narHash": "sha256-MRNVInSmvhKIg3y0UdogQJXe+omvKijGszFtYpd5r9k=", "owner": "cachix", "repo": "nix", - "rev": "7eb6c427c7a86fdc3ebf9e6cbf2a84e80e8974fd", + "rev": "e127c1c94cefe02d8ca4cca79ef66be4c527510e", "type": "github" }, "original": { @@ -447,13 +827,44 @@ "type": "github" } }, + "nix-test-runner": { + "flake": false, + "locked": { + "lastModified": 1588761593, + "narHash": "sha256-FKJykltAN/g3eIceJl4SfDnnyuH2jHImhMrXS2KvGIs=", + "owner": "stoeffel", + "repo": "nix-test-runner", + "rev": "c45d45b11ecef3eb9d834c3b6304c05c49b06ca2", + "type": "github" + }, + "original": { + "owner": "stoeffel", + "repo": "nix-test-runner", + "type": "github" + } + }, + "nix-test-runner_2": { + "flake": false, + "locked": { + "lastModified": 1588761593, + "narHash": "sha256-FKJykltAN/g3eIceJl4SfDnnyuH2jHImhMrXS2KvGIs=", + "owner": "stoeffel", + "repo": "nix-test-runner", + "rev": "c45d45b11ecef3eb9d834c3b6304c05c49b06ca2", + "type": "github" + }, + "original": { + "owner": "stoeffel", + "repo": "nix-test-runner", + "type": "github" + } + }, "nixd": { "inputs": { "flake-parts": [ "devenv", "flake-parts" ], - "flake-root": "flake-root", "nixpkgs": [ "devenv", "nixpkgs" @@ -461,11 +872,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1763964548, - "narHash": "sha256-JTRoaEWvPsVIMFJWeS4G2isPo15wqXY/otsiHPN0zww=", + "lastModified": 1773634079, + "narHash": "sha256-49qb4QNMv77VOeEux+sMd0uBhPvvHgVc0r938Bulvbo=", "owner": "nix-community", "repo": "nixd", - "rev": "d4bf15e56540422e2acc7bc26b20b0a0934e3f5e", + "rev": "8ecf93d4d93745e05ea53534e8b94f5e9506e6bd", "type": "github" }, "original": { @@ -491,11 +902,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1771369470, - "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=", + "lastModified": 1765186076, + "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0182a361324364ae3f436a63005877674cf45efb", + "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8", "type": "github" }, "original": { @@ -507,11 +918,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1765674936, - "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", + "lastModified": 1769909678, + "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", + "rev": "72716169fe93074c333e8d0173151350670b824c", "type": "github" }, "original": { @@ -520,6 +931,112 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1765186076, + "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1769433173, + "narHash": "sha256-Gf1dFYgD344WZ3q0LPlRoWaNdNQq8kSBDLEWulRQSEs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "13b0f9e6ac78abbbb736c635d87845c4f4bee51b", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1774106199, + "narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": [ + "devenv", + "crate2nix", + "crate2nix_stable", + "flake-compat" + ], + "gitignore": "gitignore_3", + "nixpkgs": [ + "devenv", + "crate2nix", + "crate2nix_stable", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1769069492, + "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_2": { + "inputs": { + "flake-compat": [ + "devenv", + "crate2nix", + "flake-compat" + ], + "gitignore": "gitignore_4", + "nixpkgs": [ + "devenv", + "crate2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1769069492, + "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "pyproject-build-systems": { "inputs": { "nixpkgs": [ @@ -536,11 +1053,11 @@ ] }, "locked": { - "lastModified": 1763662255, - "narHash": "sha256-4bocaOyLa3AfiS8KrWjZQYu+IAta05u3gYZzZ6zXbT0=", + "lastModified": 1771423342, + "narHash": "sha256-7uXPiWB0YQ4HNaAqRvVndYL34FEp1ZTwVQHgZmyMtC8=", "owner": "pyproject-nix", "repo": "build-system-pkgs", - "rev": "042904167604c681a090c07eb6967b4dd4dae88c", + "rev": "04e9c186e01f0830dad3739088070e4c551191a4", "type": "github" }, "original": { @@ -557,11 +1074,11 @@ ] }, "locked": { - "lastModified": 1764134915, - "narHash": "sha256-xaKvtPx6YAnA3HQVp5LwyYG1MaN4LLehpQI8xEdBvBY=", + "lastModified": 1771518446, + "narHash": "sha256-nFJSfD89vWTu92KyuJWDoTQJuoDuddkJV3TlOl1cOic=", "owner": "pyproject-nix", "repo": "pyproject.nix", - "rev": "2c8df1383b32e5443c921f61224b198a2282a657", + "rev": "eb204c6b3335698dec6c7fc1da0ebc3c6df05937", "type": "github" }, "original": { @@ -577,10 +1094,31 @@ "devenv": "devenv", "flake-utils": "flake-utils_2", "generators": "generators", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_4", "terranix": "terranix" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "devenv", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1773630837, + "narHash": "sha256-zJhgAGnbVKeBMJOb9ctZm4BGS/Rnrz+5lfSXTVah4HQ=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "f600ea449c7b5bb596fa1cf21c871cc5b9e31316", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -643,18 +1181,18 @@ }, "terranix": { "inputs": { - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_5", "nixpkgs": [ "nixpkgs" ], "systems": "systems_4" }, "locked": { - "lastModified": 1771504637, - "narHash": "sha256-qPYBCcvws0cqVf4blYyxQ6JNxOdvUPK41s2sfqk6wL0=", + "lastModified": 1773700838, + "narHash": "sha256-6KFxpxyXjcqhOexc7ZeaXVWdDtGb6zO8HtjBEci9DfU=", "owner": "terranix", "repo": "terranix", - "rev": "f3d77064bd135823a30916a1e63b90b7fe4453ac", + "rev": "306ce146bf0324dc3b3c45c095036b6f0e26bf35", "type": "github" }, "original": { @@ -672,11 +1210,11 @@ ] }, "locked": { - "lastModified": 1734704479, - "narHash": "sha256-MMi74+WckoyEWBRcg/oaGRvXC9BVVxDZNRMpL+72wBI=", + "lastModified": 1772660329, + "narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "65712f5af67234dad91a5a4baee986a8b62dbf8f", + "rev": "3710e0e1218041bbad640352a0440114b1e10428", "type": "github" }, "original": { @@ -697,11 +1235,11 @@ ] }, "locked": { - "lastModified": 1765631794, - "narHash": "sha256-90d//IZ4GXipNsngO4sb2SAPbIC/a2P+IAdAWOwpcOM=", + "lastModified": 1772187362, + "narHash": "sha256-gCojeIlQ/rfWMe3adif3akyHsT95wiMkLURpxTeqmPc=", "owner": "pyproject-nix", "repo": "uv2nix", - "rev": "4cca323a547a1aaa9b94929c4901bed5343eafe8", + "rev": "abe65de114300de41614002fe9dce2152ac2ac23", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 7560b1b..501e76a 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,6 @@ nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; flake-utils = { url = "github:numtide/flake-utils"; - inputs.nixpkgs.follows = "nixpkgs"; }; generators = { url = "github:nix-community/nixos-generators"; @@ -20,7 +19,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; authentik-nix = { - url = "github:nix-community/authentik-nix"; + url = "github:nix-community/authentik-nix/version/2026.2.1"; inputs.nixpkgs.follows = "nixpkgs"; }; agenix = { diff --git a/modules/containers-terraform-authentik.nix b/modules/containers-terraform-authentik.nix index c0d1988..4377737 100644 --- a/modules/containers-terraform-authentik.nix +++ b/modules/containers-terraform-authentik.nix @@ -4,5 +4,47 @@ lib, ... }: +let + cfg = config.my-lxc; +in { + authentik_provider_proxy = lib.filterAttrs (_: v: v != { }) ( + lib.mapAttrs ( + containerName: def: + lib.optionalAttrs (def.auth) { + name = containerName; + authorization_flow = "\${data.authentik_flow.default-authorization-flow.id}"; + invalidation_flow = "\${data.authentik_flow.default-invalidation-flow.id}"; + external_host = "https://${tools.build_hostname containerName}/"; + mode = "forward_single"; + } + ) cfg + ); + + # dns_provider = { + # name = "dns"; + # authorization_flow = "\${data.authentik_flow.default-authorization-flow.id}"; + # invalidation_flow = "\${data.authentik_flow.default-invalidation-flow.id}"; + # external_host = "https://dns.plg.m0rel.eu/"; + # mode = "forward_single"; + # }; + authentik_application = lib.filterAttrs (_: v: v != { }) ( + lib.mapAttrs ( + containerName: def: + lib.optionalAttrs (def.auth) { + name = containerName; + slug = containerName; + protocol_provider = "\${resource.authentik_provider_proxy.${containerName}.id}"; + } + ) cfg + ); + authentik_outpost_provider_attachment = lib.filterAttrs (_: v: v != { }) ( + lib.mapAttrs ( + containerName: def: + lib.optionalAttrs (def.auth) { + outpost = "\${data.authentik_outpost.embedded.id}"; + protocol_provider = "\${authentik_provider_proxy.${containerName}.id}"; + } + ) cfg + ); } diff --git a/modules/containers.nix b/modules/containers.nix index 837df2e..4128c45 100644 --- a/modules/containers.nix +++ b/modules/containers.nix @@ -314,6 +314,15 @@ in (import ./containers-terraform-proxmox.nix { inherit config tools lib; }) (import ./containers-terraform-authentik.nix { inherit config tools lib; }) ]; + tf.data.authentik_outpost.embedded = { + name = "authentik Embedded Outpost"; + }; + tf.data.authentik_flow.default-authorization-flow = { + slug = "default-provider-authorization-implicit-consent"; + }; + tf.data.authentik_flow.default-invalidation-flow = { + slug = "default-provider-invalidation-flow"; + }; nixosModule = lib.mapAttrs ( container: def: diff --git a/modules/terraform-base.nix b/modules/terraform-base.nix index fdf23f5..097b647 100644 --- a/modules/terraform-base.nix +++ b/modules/terraform-base.nix @@ -10,8 +10,21 @@ source = "cyrilgdn/postgresql"; version = "~> 1.26.0"; }; + + authentik = { + source = "goauthentik/authentik"; + version = "~> 2025.12.1"; + }; }; + provider.authentik = { + url = "\${var.ak_url}"; + token = "\${var.ak_token}"; + }; + + variable.ak_url.type = "string"; + variable.ak_token.type = "string"; + provider.proxmox = { pm_api_url = "\${var.pm_api_url}"; pm_api_token_id = "\${var.pm_api_token_id}"; diff --git a/secrets/auth-authentik-ldap-secrets.age b/secrets/auth-authentik-ldap-secrets.age index 206d611..9199f4d 100644 Binary files a/secrets/auth-authentik-ldap-secrets.age and b/secrets/auth-authentik-ldap-secrets.age differ diff --git a/secrets/auth-authentik-proxy-secrets.age b/secrets/auth-authentik-proxy-secrets.age index 136b5e7..8e238be 100644 --- a/secrets/auth-authentik-proxy-secrets.age +++ b/secrets/auth-authentik-proxy-secrets.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 jxhkLg muZOUzcVx96uiYp0jOWq5CR0m6CVSRi96rEaPFdgrzQ -HbDEF9+XRu6kd5iuWINTwxtPuLus7E18ymj1gI5S+cU --> ssh-ed25519 tqMvRA 2i2ChgxFnDNyG03YDuu0sWlIo6wQsssEJDY4fj9X2SQ -L0taheT33bLlVtfe4e1V0lH2JvnNusRClCEU2OCgA1A --> ssh-ed25519 erDtZQ Xs0aSLQ9Pu3sNvYfYBhoL8uIfSKz+izO46PNFlNtqHE -SHjUEBeW8sByazFvfvH3JmYVQBM2DvAgwSG4JtfL0u8 ---- j/UZqF1rwUa5keVrgyONkEhdoYnXNAo1AnMHrnqAw7U -y4l;}i;!P8fr: =X w@}Dÿ;cDbbQk-,Z0cjo? NlVFfL\l*g3d^v!GU \ No newline at end of file +-> ssh-ed25519 jxhkLg y+ZvVestQQBHkFaxhXGku+mCAXO06tmuhMyvk0X5OEg +yY+ZoEnnTw8jBBMn/LowuLju49p5T9jCyR9Vyfq161M +-> ssh-ed25519 tqMvRA +VF5ophQfPfQ6EtL6G7e8eVX8z9asKYPQ5klOXYVD2c +pwgP+tcsowrOWu6iOqJgGo/j7fuSRKg8cWoHRmJbqXk +-> ssh-ed25519 j3ZkdA YVApUGVportZXaXudzsfm9kkO1OO7eckgTMqRIUtZ0w +PHTcAsc0j0ehEwfaR9wsgVSZCvwhhCMODJjwEclcjnw +--- Qsewyjk8CeQrZq9EUi83rZ5oAon58p7kKHVpbivrZKY +L\Ghun\dD>q{ğ=6MGW>1N-{BgB{ٹDBGgAJ"92Id޳EB>c &a(h1 \ No newline at end of file diff --git a/secrets/auth-authentik-secrets.age b/secrets/auth-authentik-secrets.age index 79f3ceb..72f58b6 100644 Binary files a/secrets/auth-authentik-secrets.age and b/secrets/auth-authentik-secrets.age differ diff --git a/secrets/db-postgres-initscript.age b/secrets/db-postgres-initscript.age index 04af41d..bcb620f 100644 Binary files a/secrets/db-postgres-initscript.age and b/secrets/db-postgres-initscript.age differ diff --git a/secrets/finances-app-key.age b/secrets/finances-app-key.age index 04e396d..36a308c 100644 --- a/secrets/finances-app-key.age +++ b/secrets/finances-app-key.age @@ -1,9 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 jxhkLg siu1onWEkn06ZdVB5qkuOrlk+Fsr2SQ10s0ud2HsP3w -UYkuj+XhDYUQWuMClqdc26n6xNLphhtpC1iNjigkb6U --> ssh-ed25519 tqMvRA aR3BkyZt48dG6yl726hO1JmaYkazCOXR+QXnCH0GFFs -qMQG5Z69K3H5mY5V/IW+HnsUV4b34p/qFv0b+UFzOog --> ssh-ed25519 UJuwpQ 7juQeBBVw4rudAhL7tpw8hGp7TIbwMpy7QNLA5zUYFw -Eycs/SIKthKAu64fPIuDhecrPo1txnivIyogcKcshT4 ---- LhRKIUY4H5qQXnROC06jy/K1eS3q4+6H0NQhI03WFwM -W2Uʺ;Lp1n',dkU;YQmǁʔt֐1ڙ됢?/}W}ϗl _?ט"B7 \ No newline at end of file +-> ssh-ed25519 jxhkLg HBNoBPj18v5a5MSdCP4/VnU4a607zLDkprsZtX3EBh0 +0xJhdvf7jRUMpec3Njs0DLip497Suabp54LU0IVdusw +-> ssh-ed25519 tqMvRA St0z5SIZ8qf3eKCa7wl4Ql+IhN37ouq3gUEh7+JIeHI +nWeLvYz4roV1Y6cRl7rUeryrv0al5sfdd1+KWepFvB4 +-> ssh-ed25519 UJuwpQ E8EVqw0Kwl3dGXDO+qaoupO4R4/Ka9M474JkC3CfV0s +6G7rfv+TbefAHj1mJdQEmBcjRcBRPWsyEky6luR3bD4 +--- itaJw967vN/bfUNP5/Uhz3nnbTGXBxy8cuJJK5CBEco +3aJ%y_vbӌp-.4a} ssh-ed25519 jxhkLg uJnDmE99mLaYH9pL+eHhoY8U0PHOz5ISj2fF8N0HCwY -+Nuk+39ZVdDVfypo5zPItI51Ep0ztYBVGEshYe4oJJk --> ssh-ed25519 tqMvRA 9A79nIinxtnfDR5IqU1DpFMLEmgD1ukquSQwy9xrgQw -HvytTNHUPMCF/SrLu1GIMqAihmSnKGeXWU3XQbOEVTo --> ssh-ed25519 hKRBdw 1the4xRyYnb/JkSwhgx3ToUNfHdDJ529oBJQD/h2+wI -newJdp5+Q8ktGgCM4ismTRzAM9Fb8pbiIM6CmHcFZ4U ---- EGRZ1p0FNtLwNsUz4HMmqVwg8RTvJGxRyTMlyraVubQ -۲r72ϓ;km"xxRQ;%ZID*W߯o PH޿ϵvuS)BڐNXtB [2} -5q#᷐/ sXD҆ ?]J \ No newline at end of file +-> ssh-ed25519 jxhkLg lDvEBof8Z8NdYv0+TUdhcQIHX1mSTZNYfOnIkV4WnC0 +OQBTDRK8D063oFBQxKOE3nH0wGVukxQe5HFOqwZAmIw +-> ssh-ed25519 tqMvRA 0tqaXft6QOaUTztqC149AyyLnBU2LGyGDXV2Bgcan2I +ap1NbbkiULXhgWgCBXt5+oZ/kq/ccDyt8Ftzc1DGXso +-> ssh-ed25519 hKRBdw OpDyUUjQc8QpDQYnzrZa0xpon3Xdf8Q6iCJLypxc6BA +l15CtxwEHKYWTvRyn+A1op+/eeZIIJQ5kdVz4kw4Fhk +--- Ib1OF9MqqSb7+oBIj6Fa1HW+LPWw3Ah/HY0t6HJp78U +ŞweP=7wrռ +,xv-1 ssh-ed25519 jxhkLg FSTFFz4Mm+x7AxDxwbxj+/lMb4Fkv+iZsyH2OEzSFUk -SSjo0GgqU6pvGHc0x1pF4SmYhsU6U2oPd7Y5gzJ0ymQ --> ssh-ed25519 tqMvRA GAnhEWv/rQUTFEkXpB6SwdTrDRYC2Qt779bOgmbgGH0 -SYQNpeGfl2Tm3BMujTa7zSldKy2KgEtwERa4LPS6Yz0 --> ssh-ed25519 5VK9ng ODLHF2pTlRAxAbenhcu8DOMek585/+DELiQLNbS5rxE -LGrDab6vZUfN3aKtLGPEI9xtY97i2PDu8w0J+jMaMOQ ---- 6zu2BQaxC/wqbqVYThd47VBVTCbhn8/3CobsymC/4tY -+Qo,nTr hu^HG3W}î}VZΒbE=X \ No newline at end of file +-> ssh-ed25519 jxhkLg dH0UPIVd7ReJiXMcuVbF13858MZMgPGdXbVpbY00oTg +sJCnzd37uMjFRXsHRKDHCi2d4olDaPxcekmhfjSBNyk +-> ssh-ed25519 tqMvRA 0F7r6MNH8PvrMKg7HO92LF3xDCWHnLMQVpOwwgyTjQY +/PoytzE04AyqsuYDpIOeA0Q2YwHArrzXphgeEHTQ/VE +-> ssh-ed25519 5VK9ng 137e4+ZYfM4514YetVLhhYcAonNQivG3V15q9OmekCE +JOltFBnXVQOIB24LMy5OZX9m3DG9IRC+eF3/vKs7U+s +--- NuraArpkhHrHGoNHCbd7HO/Fs9Wjm1MxSzs8gic5h7M +~/Xk#giRp~qDL +51۷1T +HBH z ė \ No newline at end of file diff --git a/secrets/mqtt-password-frigate.age b/secrets/mqtt-password-frigate.age index cff0608..4070ca9 100644 --- a/secrets/mqtt-password-frigate.age +++ b/secrets/mqtt-password-frigate.age @@ -1,9 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 jxhkLg RWH08YdNHhsdgZ9YZrAWqu5huQgj14jkeqVjpuN+lyQ -lMFUOLayKFT/CFJObzv+iBCNtD50Zkut3V613VpAZlw --> ssh-ed25519 tqMvRA bw7k2SUQgI/0VuBLFb9DCcIhkMOkfi6y/F48VmioR2c -J13aDSFG4MsSbws6fvOgw1yMj1SKPCtwhDGCJuqM9G8 --> ssh-ed25519 5VK9ng fy3OVO8F4TtYtht0S3V6OFeqsVgC/0g21VrNDrYJSUk -ahlR/jiWB/M4ZIoVkuyByM9Z6v9ILv4a7d7NnY2Sb+0 ---- q3dyXg0DIpWfmLsEeAtwvp7rjZ221mO9yU5jwiu9+FQ -%/7oK5%͙0 x[vdWNsjU?/ \ No newline at end of file +-> ssh-ed25519 jxhkLg MXKjE1qU4ALP35d0MnCpun5JCRqcoIS6m3j1Dd00LX8 +20T+vxTYHwsH+1R/UDZ72MNUVYy0h1BcvTDn2yXgrzc +-> ssh-ed25519 tqMvRA 2JXuTbsqDbV/y6ST7mZsrbWe55bRnqhOs9JMDMDLvkE +31lxz0EvusDT201zD15LnpiJ2Gz+cAnCN9RgglIJs7M +-> ssh-ed25519 5VK9ng 62Be1rbyO3L1ZdWQFc++i3RScPNqQu+qUxkHxL+nYDk +kBZqnCmx67zkKLNys8/JqeXYKC/NJA1M19EcEHK0nZM +--- u3uc7HWvt2BRK1b9BqBTtNxjkjwpfH/wkc6qK7N0T2s +ʰל:3v,#('A2;w{ + \ No newline at end of file diff --git a/secrets/mqtt-password-ha.age b/secrets/mqtt-password-ha.age index 3141be6..cbf79c8 100644 Binary files a/secrets/mqtt-password-ha.age and b/secrets/mqtt-password-ha.age differ diff --git a/secrets/mqtt-password-mqtt.age b/secrets/mqtt-password-mqtt.age index 520c1c6..ea7a586 100644 Binary files a/secrets/mqtt-password-mqtt.age and b/secrets/mqtt-password-mqtt.age differ diff --git a/secrets/mqtt-password-z2m.age b/secrets/mqtt-password-z2m.age index e585f50..6a766eb 100644 --- a/secrets/mqtt-password-z2m.age +++ b/secrets/mqtt-password-z2m.age @@ -1,10 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 jxhkLg vh8sd9xV/Q806xIXK6cYV79dGcCYhS1AopbQHyOH30I -AfuLD7D5vwEaC3v7t5qtQ8EsYvRuDWqz9wjkJGydE8E --> ssh-ed25519 tqMvRA JJHGREWSqoATkr6vEkUk7dGvLvc2ElNa6KWBfJcIWQE -0mJazOmYK8K2sMmpXf8u0PujNFNVOry3xXZu8rHnMJ8 --> ssh-ed25519 5VK9ng w0rWKarqUMgE6PBNL9wKTuCRRxyR9b0oUFtGPsPzkmQ -4wsCPHpcvTl3GfRaU2HNZxHWAdMl212GpVOsClPVyJo ---- LIZN/jw180wunsNYZqxoUV+jSFQHV8Jh/MZMxSRE0uQ -Fmgj -g>J̓[6+fڮyt \ No newline at end of file +-> ssh-ed25519 jxhkLg HoHPdMhlcF85hfUtrKuGlbkcxygcyZDZCn0EhhIirHM +12KyYrP2wmHs1/CE635MzKv5qRo0xK+WLawM1hd1DvU +-> ssh-ed25519 tqMvRA Fxxbhpg8TrBIfUvcY0JNfTIuw+4Om6gM+yoeOFZxOxE +sjj9lvAURU6JB/j/5p3hTVt+67rT/GVmWXb0MWre89Y +-> ssh-ed25519 5VK9ng pOgq9aQdsXmc7ICVr0OyjTAclV7BtYGzYrbPItnV3yc +mR3WBTVyGcsfMVTq7o/EiByhE/9I+lhQGXxrK4SIHF0 +--- Y8ucZIjnHoNU6tXzAclggxVzXc2S0PGnkMYhpZUrUpY +{_iPJPS,߾mRmQcn$a,pKb fF4 \ No newline at end of file diff --git a/secrets/papers-environment-file.age b/secrets/papers-environment-file.age new file mode 100644 index 0000000..32b0cd0 --- /dev/null +++ b/secrets/papers-environment-file.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 jxhkLg O8bzJm7lVjxAcL/PJl5qAVSiHuQI2vsvRJRepG21C0k ++kqMyy2KzhyFiBbNf64be+28zGcRQHDYZGixvokCxgc +-> ssh-ed25519 tqMvRA +MYKh8PVUOfMGTVUvk2QOj4adCkcMyNqd5UAa5A2dlE +8qm63tCIB172dHnjUkQyCAlq6tstulm3dDzFgTH9uWg +-> ssh-ed25519 KkzjXA Dd+uUaDF0mFr+ZPBdgnxuEQbvN13eKWWYDqpofaH0XY +sBFqWVkJ6+1eBIrGq8Z5gobEOFxnDZSqyJBHeJCLc5s +--- PRZMGeyoL1d7Dw3RaTis7zGm8m/mFm0qeh0id9U9o+Y +^#"ZvJf~ gŠsIÎ!Z]H+7cCO ʿML`N *21{@xs?a"Cu߸cH0x.PǕ~$*x"8]JNB_]23mt|ݾ4'2lF瑚7 + \ No newline at end of file diff --git a/secrets/papers-password-file.age b/secrets/papers-password-file.age new file mode 100644 index 0000000..6bda619 --- /dev/null +++ b/secrets/papers-password-file.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 jxhkLg FWZgI9vn+GpipSpJAkZXojtMeXQoAxOKWJaOao8S1EU +3waHB+6cP4CgaawnxyEZLqFO5NWPEz1qFBvzK3Mz6lk +-> ssh-ed25519 tqMvRA ylmjCPtXDh2VmTWQ3rDVXbHvKQhjL28HpxYG+iuFPF8 +6rBaRbTrOTlpRtD725Eir5NmMGK0Hw784PKRoBdmh5g +-> ssh-ed25519 KkzjXA ixLUMjsVw+bxCXT3ZVIgXaPLbMf+a6sbjXsbfnz14gA +MUs8/LcCNhxbOx1+gTKsld6FrdeZVrs9dBR0dvjp++U +--- 2Z9NM3b428PQUuNaS9uyWWmOKmu44/fJ0VPov3wtAXY +"\9.z`WĠ!y5ꌷKs[k<1e \ No newline at end of file diff --git a/secrets/power-password-file.age b/secrets/power-password-file.age index b44b378..2519941 100644 --- a/secrets/power-password-file.age +++ b/secrets/power-password-file.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 jxhkLg qQcbA0bt9+M+B9Ve47SNPHr1uPX+m9HOE2vfI339eVQ -5hx8LMyklnVrDJVqW42+UNvwQrwFuLvIfMvQYqbbB1U --> ssh-ed25519 tqMvRA s1/g5UQ4VOr2ZCVFjtFM6sk4xblYNJ+aJNRXfkeECS4 -cknku8Vrpfwrnfluaky2CXY8ICgCm8taS92nfUNoUkM --> ssh-ed25519 DVDL4g DYSwyQBH/o+vCDpm5AJ2IBQoCZjABtGSJxEH67uPXHw -cT7jG7jy8z71GvxJFA7B2yRK/vofWvmdr6CIju7D+34 ---- 5lOmaEiAcyK1Mmwfy0c22ygTnaJVio9CRiavktGFj28 -GN?WAba0x S'H]nlIonOt \ No newline at end of file +-> ssh-ed25519 jxhkLg ARlKAdvnmzIEQudKKY9wbDKuyYCK5VhATQt625Dp/lY +HHf0zpaxSX+NZgiX1Q0gh6Y4GCLtSsPkkhFmKSxWB38 +-> ssh-ed25519 tqMvRA /L3+1t5XzOSFpK5CHHEe2fdrSeQfDTUJb6A6CFDd2Qs +nw+Xfs1nLed8axWSXxeHShOdagau23IrnqBIvrGwGMA +-> ssh-ed25519 DVDL4g tVL54fCFcCpdtKa3LVBLTTovogAJX/Z4mbwB/4hHeyE +47q48scCmnJUFV7Ie9z9KP9UTF4yipas1i9oFdQdhiE +--- Y9C2Z5eq4oNpJwHgPtGajhb/cMaczl3Z75D7annBdtA +׮8 E8Nw@z9d qm>O369 \ No newline at end of file diff --git a/secrets/proxy-dns-provider-config.age b/secrets/proxy-dns-provider-config.age index 8fbcd98..b491db3 100644 Binary files a/secrets/proxy-dns-provider-config.age and b/secrets/proxy-dns-provider-config.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 81dcfdb..1e3fd1f 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -52,6 +52,12 @@ in "mqtt-password-z2m.age".publicKeys = users ++ [ keys.mqtt ]; + "papers-environment-file.age".publicKeys = users ++ [ + keys.papers + ]; + "papers-password-file.age".publicKeys = users ++ [ + keys.papers + ]; "power-password-file.age".publicKeys = users ++ [ keys.power ]; diff --git a/secrets/yarrr-env.age b/secrets/yarrr-env.age index 96ef17e..1a5f284 100644 Binary files a/secrets/yarrr-env.age and b/secrets/yarrr-env.age differ