From 6cc1c98f75d03be14d4dc1906e17ca837e32170e Mon Sep 17 00:00:00 2001 From: Doloro1978 Date: Sat, 14 Feb 2026 00:52:39 +0000 Subject: [PATCH] guh --- .sops.yaml | 3 +- config/hosts/aspects/servers/rpi5.nix | 1 + config/modules/secrets/content/secrets.yaml | 56 +++++++++++++++++++++ config/modules/secrets/content/server.yaml | 53 +++++++++++++++++++ config/modules/secrets/secrets.yaml | 46 ----------------- config/modules/secrets/server.nix | 24 +++++++++ config/modules/secrets/server.yaml | 43 ---------------- config/modules/secrets/sops.nix | 4 +- config/modules/services/ddns.nix | 10 +--- config/modules/services/home-assistant.nix | 6 +-- key.txt | 0 11 files changed, 143 insertions(+), 103 deletions(-) create mode 100644 config/modules/secrets/content/secrets.yaml create mode 100644 config/modules/secrets/content/server.yaml delete mode 100644 config/modules/secrets/secrets.yaml create mode 100644 config/modules/secrets/server.nix delete mode 100644 config/modules/secrets/server.yaml create mode 100644 key.txt diff --git a/.sops.yaml b/.sops.yaml index 85c05c5..124d41a 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -2,9 +2,10 @@ creation_rules: # Rule to encrypt YAML secret files in a specific directory - encrypted_regex: '^(data|stringData)$' # Encrypt data and stringData by default (useful for Kubernetes secrets) - path_regex: secrets/.*\.yaml$ # Applies to all files in the secrets/ directory + path_regex: config/modules/secrets/content/*.*\.yaml$ # Applies to all files in the secrets/ directory age: - "age1ykcy2r4kk729e7adqxu8s24ujc60z5eux7ma0ca4ruzydwgm5p6qmdp838" # pc-user-doloro - "age1e6vws55p0g23qzthm4qa93hpt6lqmck6670gkygph0sc0j7my4uq5wqjfh" # pc-system - "age1x3lahhkefkap67cdmdjcqaxan9hp62er78akr79v9m73nvgugpeqk0y32a" # laptop-user-doloro - "age1exzngtk4d9vcsmcq6ap5xx3ca9qacqjkrv86ymged7msx9z6vfyqsf5sjq" # laptop-system + - "age1fw4xnh2q52juce94ffn54js708cr6umfwpv0mykuddkea7kr4f0q7a9h05" # rpi5 diff --git a/config/hosts/aspects/servers/rpi5.nix b/config/hosts/aspects/servers/rpi5.nix index 987de2b..2aa019f 100644 --- a/config/hosts/aspects/servers/rpi5.nix +++ b/config/hosts/aspects/servers/rpi5.nix @@ -11,6 +11,7 @@ # + ]; nixos = { networking.hostName = "nixos-001-rp5"; diff --git a/config/modules/secrets/content/secrets.yaml b/config/modules/secrets/content/secrets.yaml new file mode 100644 index 0000000..b600f90 --- /dev/null +++ b/config/modules/secrets/content/secrets.yaml @@ -0,0 +1,56 @@ +doloro-hashed_password: ENC[AES256_GCM,data:RYB/bSNTz1TeGucdFHrxxhOqvqQYvQS3lm44I1Lf3LIEVMXL5s41zxIw0S+JVdlq8I3oHDY4C3o5V4lu+8qAWMyIZYp/6Xp4cw==,iv:yOuKk95skNZ5z805vtoJwvyOdsh08BuyBSgXN+M4Ybo=,tag:QAFhUYuqHT6Spw/l4feY4g==,type:str] +root-hashed_password: ENC[AES256_GCM,data:vzVtz1Ht4XD+omdKjU/Zvoaftq8jKE4kxOjAGZTvoYI07hjItR2TSsYrLw0lwsxyJosfoyF3bVsZSFCuuN7njdchGMSSujZJhg==,iv:0av3n4fcGOHYQB4zidt/qn+blBSiDQ29LN15sVufLLs=,tag:nKKVDbCGxB7wDrMPAyJOaw==,type:str] +wakatime-scug-io-api-key: ENC[AES256_GCM,data:XQUccNW4210U8ZpHSGVcsdbAirzyTvmcy4y6emk7n4N6MO/W,iv:9/f9ceLshA7l8hJB+IDIPvEwYwSkFlPOLmpvtYXLTpU=,tag:x7hESZCouzYVNef2C+iCSA==,type:str] +meow: ENC[AES256_GCM,data:JVzenw==,iv:oCOo9//r5s2K4pSeH5UNEj0LL+9h2yq0G0DPOfwjmyQ=,tag:0gu9FNOrjQ8fpB+B+RbGSg==,type:str] +meoww: ENC[AES256_GCM,data:WPeszDfMWxY=,iv:JJMOror5wj7cTNKfrUj2LDXlO3WCKzb7jk4AeZ0oD+Q=,tag:qs3oyM7K1FGy5cXvS6OHpQ==,type:str] +sops: + age: + - recipient: age1ykcy2r4kk729e7adqxu8s24ujc60z5eux7ma0ca4ruzydwgm5p6qmdp838 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzdGQ5ZHUxUHE4YXF0bllY + dTRsYWc4cllmWEgveGVTLzUvRzJuc0FtUEdvCkNURmxmMnhkaExZcVVNRmRNU1p6 + UitMYUxNMXgzZC84S3J0SHR4aFV5TGcKLS0tIFB3Skx6UlFDcVJFSlhTd1NRbUl2 + VGQ3OUpDY0JVaEUyYStHQU83Q1hDYTAKeRgXVA8iWGO8cMMlvBFWGMVIZnaLCpsZ + hBjWlxG6oUlCNnO+cyckU3jSTecc+z+EIuseFt710nN5uRJeKs2MlA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1e6vws55p0g23qzthm4qa93hpt6lqmck6670gkygph0sc0j7my4uq5wqjfh + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtM0wvV3pHTUZYdlhPWnU0 + VElBbDI2bUJhQUVCMlBPNjNzOE9tTXJGelI0CjBEdmhWTGlyc2VhODRnbHE3ZGdC + WUoyWU0zcU5BbXhGdm5sVEZHdS80bkkKLS0tIHhpcFZQdkl6eHRUTGhZYmVOSCtz + RE8zeFl2ZVgyWVBsRmhlUElybXEwSEEKEhvMUClOOoN3RdzVOFBIPt7rMrukla1t + bVWGKX5e3p/EtK7aYzdBxYYvml+TNUD1n5TpTFhcnH2Jwpey8thz2Q== + -----END AGE ENCRYPTED FILE----- + - recipient: age1x3lahhkefkap67cdmdjcqaxan9hp62er78akr79v9m73nvgugpeqk0y32a + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0ODRGRkE3a09MS3Z0QXNm + OTBlb2JEV28vTmxhcjM5aFpYbVhYM0wyZkd3CmszblZWVEFkVlMwQ1FMZitBd0Rp + MkZpZGViSHlHSko4Tk9rZGNHaWpGWncKLS0tIC9xY1dBSncvQnhHTlhhaEpUK3ZI + Tjgwd0VuVGtjaTdaSE5ERmRIa1dVNEkKkN0vp7xDWCnu4aq8VQu5y8Q/6xsFKhCQ + ivMqQsqoOBvXSynu7hbNpcGvAsmDHDGcC2b/C9Mkt42OclSYM077bw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1exzngtk4d9vcsmcq6ap5xx3ca9qacqjkrv86ymged7msx9z6vfyqsf5sjq + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYTmhiUmFWaDFzcnRXcWFp + VjJ1b3VRSk8xN0FQMk13UDY1a2FEV3ZQY2l3Cnd0SmMvM0JDOFhZdmtOL3g0dmNj + UGZleDV1MU1DMXFiYUNmR2htWXZXQnMKLS0tIFBLa3lPL0VieG9ZWFBOU25vZTJ1 + VVVDclBGZTRSVDZOanRwOGNaK3VVUW8KCvt/rcP0rJD5aCNdGaJeABuGZ7huRbGw + 7FBvo6TvIRh0MCyvfbzfUon2m9d4yU8ddFejpSEK1vucxbXgV7KD8g== + -----END AGE ENCRYPTED FILE----- + - recipient: age1fw4xnh2q52juce94ffn54js708cr6umfwpv0mykuddkea7kr4f0q7a9h05 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLU21oQnlTQ3RQWmNzR3Y4 + aWhhdFZ6RFEwVm5ITWluS2xZM0QyUHI5SEdvCmFjdDU2YlhlYTJ6Y2pPaGJkNW01 + WUVVN0xIRXZ3djdVVkYzRThLSzlCVzAKLS0tIFhISmlJcXB2UHNsb2VQS2tnYVUy + aW5ERENRS2JWbGZhaGhNSGtqNVRNTncK0uI8n2L5uP3to/sByeO7y17h3ZrcmnOf + e3CwdzP4/WcSwbFk0CRnS6Cq8J0esUqweSJxvpt2eNBEYvDZ77SSMw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-02-14T00:08:39Z" + mac: ENC[AES256_GCM,data:lp9ZeDxt5gkOkDmYk+F0VQrVhkR0tQiQlYXbygoA8Dcq+gV0IIKKLwRqr5CVfgfRlo3239IwmKLsGaS6zYC1xX4toZ8oqw3Ic2UvP2CiWt6M7HTrlL+3Y2+PKOUvGl7RAqQxQAw7QaoxB4esqdIiWnMDueVHk5BTKrkay+afhno=,iv:NAMaZ9SMBAtROTBSQtU0RJDB60MAuE82AFoPtDqVHVM=,tag:RGBUTQC1pM+LcBweSJbc6w==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/config/modules/secrets/content/server.yaml b/config/modules/secrets/content/server.yaml new file mode 100644 index 0000000..0c0b16d --- /dev/null +++ b/config/modules/secrets/content/server.yaml @@ -0,0 +1,53 @@ +namedotcom_api__key: fbf0bc2133da020b64bbe9c884f616afe59dfdf7 +test: test +sops: + age: + - recipient: age1ykcy2r4kk729e7adqxu8s24ujc60z5eux7ma0ca4ruzydwgm5p6qmdp838 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSYm92cVo0Ykg2R3hTUWpW + UlNOTXF2cFI4Y29uRTh2aXIySFNSTFhZZ0RFCnR4YmRrQTVrY0hkUloxMGgzdFFa + ejFST0FESytnN3NIZW45blhmWDRMSlkKLS0tIE1MNWlHWWd1WEhNUGtiUm5GZ2pn + QUR3aGtVczZYV1FSUFdMRGw4a2lGU2MKh/56SL7neNFXN70dzwtwTHBaECoMvArR + TicJhSPV5S/vUrC9oDmSE3MMYtdzXSZkcRHYPI8fy5LcPOxXVPRARQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1e6vws55p0g23qzthm4qa93hpt6lqmck6670gkygph0sc0j7my4uq5wqjfh + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3K3ZxKzdvdVFMYnZLS0Nv + bDBkRWRNMkRMS09UWlZlcFYvZ1pEd09VVmlJCk9uMGJyNzd5QnZtWkdxOE40TVdG + YkJiaGZMaEFlNXljcnFvODVSL3Q2d3cKLS0tIFg5UFFPVElyR0xlbXEvMDNDQmpW + TGo3cUJVQ2NETkhWdmNCazNYSVpyUWcKr4EUvbK28WCiymL1BgYk6N6J27ZnadK8 + kQ8tzwVS7iI1frBoHOVzXhCRt2CEg+O3EnXMRJDrahhxwmpqlx6cRA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1x3lahhkefkap67cdmdjcqaxan9hp62er78akr79v9m73nvgugpeqk0y32a + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRWGVsRmkwZGxId0hXQlEv + czdmclRXYWNrL0t4bGpEQ0lmNE0vb1RuZEhjCkhEaGlxY3JKS3l4WGxHS0Uya2tM + Zm1Lb3RpY2h0K2lKaHR1bjdFL25yQ0UKLS0tIFYvNmkrUWNFekVoMFVLck81bXhl + WHNSbHpCTTZSS3lkUiszeEE0RGw4QncKTr1ZzIHtkv8aJNKT1v0m+QMJyht43+XJ + 0CRxdoZ/HXoymMQ7oZvT8vf6Ehz41aLe1gZHl8ZJPexDHrSl28NCtg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1exzngtk4d9vcsmcq6ap5xx3ca9qacqjkrv86ymged7msx9z6vfyqsf5sjq + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlc0tUVjVGVS85YUZOSmJq + a0pvcGV4UDBEc0N0Zk0xVEhUc1l1ZUFFTGxnClNocURmTE5ZaUorSVdWcE1kbW81 + U3doQm9ZbHVrdVlsSVhFaEFoSHo5NU0KLS0tIGgvd05PY2tlbnRwbTRrdXpsT0ho + Zm1jbTlSMnA1WDUrZUVCOHNDWWJ2RFUK+cvqFK49rIVj3FITF/4HtCELvZhvkCZ9 + 8Ss77uE6qtGyhuGWXB0HwnO3fsCpXA62uUt/zv08o9LmIgRi7o7adg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1fw4xnh2q52juce94ffn54js708cr6umfwpv0mykuddkea7kr4f0q7a9h05 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuN0dkcExkR2pyaUxhbUlz + NkR2WTNWRUpHSWdRTFdUY05jcm4ybDdEbW4wCmR1TTV5VlFudHN1cC8yRG5Nd2ts + K3duNEE1dit0Ym9PdmNaM1pEWjlZZU0KLS0tIHBXaXhzQ0VuTWFxdDQrczQ4YTBM + VlhpZ0N2ZmVkSC90NlowUkNuYWZUclEKzQUfWDETV5lPgrtCxYTLtVP8y7R8RFJj + 4J1bei0nJHlsap8V88u+QiYRgFsEthd++hzkYmUDvYPsA48PnzMupw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-02-14T00:09:32Z" + mac: ENC[AES256_GCM,data:nYWQYK5QOA0u3DYGTozSGFMYhx2uMqkAWoqhthgagRFRnKA/j852fVKqRFcwn+fPSQ4e8i4WpcvoM7FVwuFDC+ixNp7xtz16pnswiNS4N/mNEYXfajkon7wIoUYNtrHahUeYlAnID0vYSQFA3XKgV7ZDD9b4V8X5N+yMlVXex4c=,iv:IW7276v0nnmFBe9Z7HIn6Tl9vX4sDoqWdDfJ1uwKoAY=,tag:YC8OiTcoL+nYV4x8rkivbg==,type:str] + encrypted_regex: ^(data|stringData)$ + version: 3.11.0 diff --git a/config/modules/secrets/secrets.yaml b/config/modules/secrets/secrets.yaml deleted file mode 100644 index 6356f97..0000000 --- a/config/modules/secrets/secrets.yaml +++ /dev/null @@ -1,46 +0,0 @@ -doloro-hashed_password: ENC[AES256_GCM,data:RYB/bSNTz1TeGucdFHrxxhOqvqQYvQS3lm44I1Lf3LIEVMXL5s41zxIw0S+JVdlq8I3oHDY4C3o5V4lu+8qAWMyIZYp/6Xp4cw==,iv:yOuKk95skNZ5z805vtoJwvyOdsh08BuyBSgXN+M4Ybo=,tag:QAFhUYuqHT6Spw/l4feY4g==,type:str] -root-hashed_password: ENC[AES256_GCM,data:vzVtz1Ht4XD+omdKjU/Zvoaftq8jKE4kxOjAGZTvoYI07hjItR2TSsYrLw0lwsxyJosfoyF3bVsZSFCuuN7njdchGMSSujZJhg==,iv:0av3n4fcGOHYQB4zidt/qn+blBSiDQ29LN15sVufLLs=,tag:nKKVDbCGxB7wDrMPAyJOaw==,type:str] -wakatime-scug-io-api-key: ENC[AES256_GCM,data:XQUccNW4210U8ZpHSGVcsdbAirzyTvmcy4y6emk7n4N6MO/W,iv:9/f9ceLshA7l8hJB+IDIPvEwYwSkFlPOLmpvtYXLTpU=,tag:x7hESZCouzYVNef2C+iCSA==,type:str] -meow: ENC[AES256_GCM,data:JVzenw==,iv:oCOo9//r5s2K4pSeH5UNEj0LL+9h2yq0G0DPOfwjmyQ=,tag:0gu9FNOrjQ8fpB+B+RbGSg==,type:str] -sops: - age: - - recipient: age1ykcy2r4kk729e7adqxu8s24ujc60z5eux7ma0ca4ruzydwgm5p6qmdp838 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIYVcvRFNGOUwyTllMSWtX - WGdEeWVBa0U5MXROTXEwSzVJZms5MWZmM1RzCk9ra1FmT2tlbkp4ZW5tYW90SEhK - Y25TNmFrMEg4TzJIT0wwaGRQMlYrZXMKLS0tIEpKaEMvdHB6aVBodmN1OERXZ2da - SUh3TjIreHJBL0VEUXJkOGpseVphYlkKnhM3XxcBXG4Y+OedQzcngNACsFoASPTp - Ik5COr5AVsinTS+uOpNDKIY+y0mwkZq50NSIBMy0drhDjd3i+h5dmA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1e6vws55p0g23qzthm4qa93hpt6lqmck6670gkygph0sc0j7my4uq5wqjfh - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwWmZGZWUwZUk5UEk2Ujgz - S0RHd0VSUWNEbWtoTlRkOWphS0IzeE8vT0FFCjlxaFVESGdpeVFCUlRCaGo0U0pZ - Y1NFQXRNVm52SXgxMGtkc2NVTTRzMGcKLS0tIER5bHZLV0lsczh6dXdJQWpjakpX - Zms5MnphZ09UZWVNdFcrREx5U1Y0UGMKE9KkY+8lbZ7to2aGhsJ4iSmboyfekOJi - giQ1GWdOs/MJAPN/xgcHzfNj7hzEUJxgj5z0kd0q2GzZCOvGfO16NA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1x3lahhkefkap67cdmdjcqaxan9hp62er78akr79v9m73nvgugpeqk0y32a - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3cnhuNDh3SEFxZUpXTHdv - RWRHNVFTcm1xbjdiN3FRRjFVR2JPRkdCcXd3Cm51VHptYXVlYnQzY0pJSGt1anZn - QTZ3YTgwSFJUUUxsMEYrdk9RRUFyN0UKLS0tIFJKNDNKY0lnQVdlM1gycm1sRkJ2 - cHJTV1FZbDZ0M3NpS2w1YW01ZGhIWDAKef6765U4ew5QPmbHhDuufAjq0bS/qhJh - 9N7g+a4vqTvv5TaOYQ98JBgfVclOZYIx9WO6xPJnb495gPyhWxEjuQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1exzngtk4d9vcsmcq6ap5xx3ca9qacqjkrv86ymged7msx9z6vfyqsf5sjq - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBheUI4VzZUN3NSTGc3U1kv - YzJqRk1mNjBUVTdFNzRNTTZQSmcvUW5zcnowCjI4WlRoL2pPeDZWRy9TaEZUQ1po - YUl1emFGL29qYW9iZXExUVBZai9GN2sKLS0tIEZ1ZEM2N05zYzU4OFdUVUtDaHRu - a3Y2V1I5TjFnVUNiWEZlZkVMekFZelEKXZc7W3mZcj/rypQ+Wm2Iqvd/4Ry/n507 - FcYa+F2LT32D43AoaPZxEHIyJCYUeGpD7Z9rcI822u4pOpCvuoKiRg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-28T17:02:38Z" - mac: ENC[AES256_GCM,data:uWBbdr10CpCUsn6TcaqewwqnXlICizTGW+arCLZz5S0b+Nc8iznq98Ev/G4M9mg4f79JRSwXnL6KgtVyf0Hd5LJuEhmViv2wTNfOTBffN3AV/Bvz2qCuwhD14GzPGUH3oYijfx+EB1LaGLniE2rx85h+q1hasRUlUY8UE/ndzus=,iv:rIM5T3PkzTsJYRjvWWbJyEcKu3evRcYJhVNeGCtOlms=,tag:pCYvDaI0qLIvJJzwT08nwQ==,type:str] - unencrypted_suffix: _unencrypted - version: 3.11.0 diff --git a/config/modules/secrets/server.nix b/config/modules/secrets/server.nix new file mode 100644 index 0000000..f01452d --- /dev/null +++ b/config/modules/secrets/server.nix @@ -0,0 +1,24 @@ +{ inputs, modules, ... }: +{ + modules.sops = { + nixos = + { ... }: + { + imports = [ + inputs.sops-nix.nixosModules.sops + ]; + sops = { + # age.keyFile = "/etc/ssh/ssh_host_ed25519_key"; + defaultSopsFile = ./server.yaml; + secrets = { + root-hashed_password = { + neededForUsers = true; + }; + doloro-hashed_password = { + neededForUsers = true; + }; + }; + }; + }; + }; +} diff --git a/config/modules/secrets/server.yaml b/config/modules/secrets/server.yaml deleted file mode 100644 index 8f379a8..0000000 --- a/config/modules/secrets/server.yaml +++ /dev/null @@ -1,43 +0,0 @@ -namedotcom_api_key: fbf0bc2133da020b64bbe9c884f616afe59dfdf7 -sops: - age: - - recipient: age1ykcy2r4kk729e7adqxu8s24ujc60z5eux7ma0ca4ruzydwgm5p6qmdp838 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOY0JYbStoeWR0VHV4UXNo - Y3c5d1BUZk5tZm1tc1dXczlCTlBoVHd6R1JjCklXbmNUdU13VWVBT3hwcW9HNHE3 - YjhBWGhZRW5Cc0cyV0hjYXFaY1l2cWsKLS0tIGcxd05BTmVoRjc2dVdNQ1J4M2dx - YUFiaHE1MVQ0NnJZbGsxQ014c0ZieXMK0GD+VeFpYrEGTc0CSYMOftJOTsKJVWvL - DmkxM5fz60j2v0aVAjBp6dRjScWkueKGYtITMHHzjj8QIFJPOR5RVw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1e6vws55p0g23qzthm4qa93hpt6lqmck6670gkygph0sc0j7my4uq5wqjfh - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNTzVUeUg5Tm9sNmt6MDQ2 - Mm1pMTNKeDJ1OU1qS2tqZFdtTm9lcUhOUVVzCitEYzJNOHIrOHFuTUdXdXFPaXhX - M21DSEVGejJsRXNXVSs1WFJqWFMyMFUKLS0tIGkzVzlMNWorTUZsajlWTzBFSlNk - WGJYRWRlYXUrTm5LWWxIUG9MTzNGb2sK8iMaTbdZjqDSJkhsobnilBRsTXkP0lgl - hbHWEX8w2LNvO9IJxbs9wxMwJ4h7vRDLwqDmba7EVFRMb6E9PDyLZg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1x3lahhkefkap67cdmdjcqaxan9hp62er78akr79v9m73nvgugpeqk0y32a - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZUZTdWNOa2w0ZU1mSTli - Tm5YYWw5aXVGY1BnQ1hySkFYQ3Q4NUhCR0djCjBHWDljQ1lid2ZFTXRTS0tUUzRM - N0w1N0JkRENXaEwvbE1BM2dEa1Q4TE0KLS0tIEZwYmxleldMbytkcXF0Z0xEcUxU - bGVzUTZkR0JseVRLWFdZUVljZ2VFT0EK2bN6iL20Drd1+eSdXsMRI347wZjZds4a - I8jb7vPiKbHAPp/7zZ5Go7jNIh+UkscOf5YGMja82ts7M81QC0K5+Q== - -----END AGE ENCRYPTED FILE----- - - recipient: age1exzngtk4d9vcsmcq6ap5xx3ca9qacqjkrv86ymged7msx9z6vfyqsf5sjq - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUWNJNXNnQjZ4a0NsK2dS - ZkpCUkJSUzZhd2NiNWhiNHh5ajQvazZlcUdrCkJDYkJTVXVrVG5Ia3VWVEZRajVi - VGkyZExJdkNxY2JMbXlqd2JMTkNram8KLS0tIDRqTUJDcjR6dUttaWlOS3lpU0s2 - ejV5MytJMXgzNkM1SHN4dXo3eE05WXMKCLGPFGaQa542A1Oqqrq6NtjRBl2rDycB - 6YQjCKReLfT1QA/Q3C3B0eDZm8ZWMV2re55kDCDr7CIIf4mpu1zghw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-02-12T09:29:35Z" - mac: ENC[AES256_GCM,data:5tYqDg30iM0VVSA/K+XkSF3IarRHvjLVSuEdcemKgfBXCzf6Eny3x2Q32FhfgwGQ4SrgPK69YgZjTAOVeeVPGArTRO01SWzeHpcOkejhscZp39Sc+uWRiMMrjeCrvP6dUWrScwYk0naOi4n4rEn1WiwRougfevvsWJXGrwD13I4=,iv:Xo/OMkbr25zQcSgSZgwmruC5YQFrphK78LbBsGcVozs=,tag:4NlviKbACQkT9BT9NCJBXg==,type:str] - encrypted_regex: ^(data|stringData)$ - version: 3.11.0 diff --git a/config/modules/secrets/sops.nix b/config/modules/secrets/sops.nix index 1ae3615..6324268 100644 --- a/config/modules/secrets/sops.nix +++ b/config/modules/secrets/sops.nix @@ -16,7 +16,7 @@ ]; sops = { age.keyFile = "/home/doloro/.config/sops/age/key.txt"; # must have no password! - defaultSopsFile = ./secrets.yaml; + defaultSopsFile = ./content/secrets.yaml; }; }; nixos = @@ -27,7 +27,7 @@ ]; sops = { # age.keyFile = "/etc/ssh/ssh_host_ed25519_key"; - defaultSopsFile = ./secrets.yaml; + defaultSopsFile = ./content/secrets.yaml; secrets = { root-hashed_password = { neededForUsers = true; diff --git a/config/modules/services/ddns.nix b/config/modules/services/ddns.nix index 1b0bf58..c6216dc 100644 --- a/config/modules/services/ddns.nix +++ b/config/modules/services/ddns.nix @@ -25,19 +25,13 @@ image = "qmcgaw/ddns-updater"; imageFile = ddnsImg; volumes = [ - "/run/dbus:/run/dbus:ro" + "/data/ddns:/updater/data" "/etc/localtime:/etc/localtime:ro" ]; - ports = [ "0.0.0.0:8123:8123" ]; + # ports = [ "0.0.0.0:8123:8123" ]; # networks = [ "meow" ]; }; }; - networking.firewall = { - allowedTCPPorts = [ - 8123 - ]; - allowedUDPPortRanges = [ ]; - }; }; }; } diff --git a/config/modules/services/home-assistant.nix b/config/modules/services/home-assistant.nix index 91ae77b..bcb87f2 100644 --- a/config/modules/services/home-assistant.nix +++ b/config/modules/services/home-assistant.nix @@ -39,9 +39,9 @@ ]; allowedUDPPortRanges = [ ]; }; - services.caddy.settings = pkgs.lib.mkIf config.services.caddy.enable { - virtualHosts."ha.home.doloro.co.uk".extraConfig = '' - reverse_proxy 127.0.0.1:8123 + services.caddy = pkgs.lib.mkIf config.services.caddy.enable { + virtualHosts."ha.h.doloro.co.uk".extraConfig = '' + reverse_proxy :8123 ''; }; }; diff --git a/key.txt b/key.txt new file mode 100644 index 0000000..e69de29