Noratrieb/vps
1
0
Fork 0
mirror of https://github.com/Noratrieb/vps.git synced 2026-01-14 16:55:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

move

Browse source
This commit is contained in:
nora 2025-08-03 00:41:37 +02:00
parent f456a5c626
commit 0949cba7be
92 changed files with 19 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
nix/secrets/backup_s3_secret.age Normal file
View file

Binary file not shown.

BIN
nix/secrets/caddy_s3_key_secret.age Normal file
View file

Binary file not shown.

5
nix/secrets/docker_registry_password.age Normal file
View file

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 qM6TYg UtoSFhZQ2PW1y3ifXgSdQQswoi5kdRg2gvczlEateC4
ir2FpFkYo17MGBy+C4thM4lit7vn2CiBi09DcTb6ubs
--- YvRhsfFzedjeKssmOTzHvKkvIG0zXVVCIJsRNc/LTVg
 €KîÞ$é†Prm;Û·ûÎªæ ¹Œö+é ÚqE@<40>Àv]¢Ôòm =Í™'Sm

12
nix/secrets/encrypt.sh Executable file
View file

@ -0,0 +1,12 @@
#!/usr/bin/env bash
set -euxo pipefail
dir=$(realpath "$(dirname "$0")")
cd "$dir"
for secret in ../../secrets-git-crypt/*; do
agename="$(basename "$secret" | sed 's/\./_/').age"
rm -f "$agename"
agenix -e "$agename" < "$secret"
done

7
nix/secrets/forgejo_s3_key_secret.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 qM6TYg GNYf0FjEDEqCe09mS9Hl7OIIjvhKTu8urwUPtY+yyB0
xmAtm4n3s0rfq3S5OKFEG2k/noXFTKMt8hiW5QrD9SU
--- HGBYxXQGM254m2YP5twgjgDme80f0uOL2m4uKy19ZBs
ÖÂ(
Õ×åÇÄT
‚®à±Öì{ÙõF“ü-\ƒ6{mítÏæÊMÑ-óX{‡%bQd]E³Éàü]i¸úãË}F»2¸$7¤ö#k4“;8ZžGþ_oÛ –¼

13
nix/secrets/garage_secrets.age Normal file
View file

@ -0,0 +1,13 @@
age-encryption.org/v1
-> ssh-ed25519 qM6TYg F9aj1EmsmRSXt1m3a41zpuwFmDBOuuaIrHkqP7PTVno
tVs8Oxa9gV/HdUf0hN/JLuWhbrXI9BXIrsh5HnsKBQI
-> ssh-ed25519 pP9cdg dQdPm3OfbWl5Y8kJxmsUZ4rwpUo8w3+P3CHCiXw9VCw
9yWbGgzgBz9GICAgYiOyPtMjDk/tBb4vsOveTuYP9bw
-> ssh-ed25519 XzACZQ 4lldtotM16DN/75dRX3QEmOzfIEySHcNOlFWqymI+Rs
oOaD7dZu0xC0R7CrVpfwoBU7eSgaWyJmAZ4WptCQdes
-> ssh-ed25519 51bcvA k9eq2Tc3A9MztsdTvt3sDYUj/usYBJMp9IJQZAR67Ac
ezccfIhPZaHKsVcUrxJL7u3jSA/kCTqLmWuQfxrFQBo
-> ssh-ed25519 vT7ExA BOCylq1RqaburnXxfsl3xqAmGSJnIxVhXK8H2xeFynk
OWhqsbJgHWlo3hsRZVQgEaArK32OI25N4Poi2qJ9wQs
--- bBQkNfDI0onJOyxOJIN3Yl2jkK5iRgYbK67RWsipXOE
3‡ýåA9â¯ÒAÕînÛ¯t•y®ßÚCj-îž{ÏŇâ)ô6¬DfØOÆQ¹Ü}'_n†øÈã‡>UPêNæDRŸÀÁª¨ûÊÆþ-<2D>¾„…éÂ"‡´úÛâšÙ?À>)E0<7F>‡v(~7 C¾O\UJJüŽ$SÂ8èá`€F«˜ÄíšQ§0uÙ3õmH•Ž~P÷Ž£ŒÅLqfõ~ºi¸Æn]=rSre#²wGŒ ³¥@ß|X#éØ÷’Â

5
nix/secrets/grafana_admin_password.age Normal file
View file

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 XzACZQ g3qlnIBoRdlhvAhDd1oLC7sdWAYGw5FobFAbOp0Eamo
FGoPMBeNp63zkvTml9cnXspAS65/G2+3hzaeMu/ack8
--- /cGmX9i8KBgLSiv0HC7QGJoF5+C6wBHbBOhoIw5iRIE
í?Þ³¸[%N+ueeá8YÀЕFÞÇkM<6B>¯x&k+jŒì­ö¹œƒfW*U4½Ìß&“d˜ymNb¬úÀ?AcœiÝ€‡„á:n}<$]˜Ã‰Œ•0E¤má=/U6-j½

5
nix/secrets/hugochat_db_password.age Normal file
View file

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 qM6TYg ZIBHuyNI3wIg1GaFtgZM+ubYEM2yoaM0cbG+Pei+chY
Bp4xfIz7PzmFADD+w8fnZ73KwAojT22WADuUA3kQc8Q
--- HvjuHpMC7XvjiM/y0zgOyg080PO3BbwnSWNgbZSIUWc
Í!„C¸¼›Y>coŒ+5\‘ëÇãÚµÍjG1sF ÎPÌÝ·°Óߊ*3Ö³³œ,,ý«U¾(^;Ãøbg€egÓtÐ:–³¨Ý®`áûa_>"eù=hC¡<43>ÛËÃ_ @¹ÖÓÚ³\SCoŒ[£Ì4x&êÄÿ9€Y Œæ<C592>ÅÏ @í­Ûƒ'Kd#aä ˆ¹^Öt°Ä…

7
nix/secrets/killua_env.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 qM6TYg i9WKTDnkYrTPkHzEDzbpwE0UzYvsHGNdezC43k9N6xA
mQdIAyNO+1spsyKXdu4VxF18Dlh6ORkIn8qQVew6b0E
--- JA923cG0dvBxGC7zsjdKFKZLcHvTj3PgyISIFpEsKBE
;:Á
¸â^}cÌÖÎËuœî«öd£
»Ú•LmÂTzzM0RÝa=õi Íí!Uiþíö=I%@ÙÄ…pŠ÷¬ú܉KûÑÄ[­ÖFÐm<C390>/ajx^¨cDÁ0,Ü…Ûu,Ù<>Qþßž-ϼVë

5
nix/secrets/loki_env.age Normal file
View file

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 XzACZQ 4ra1tOKgtlquGn8NV4e5WVP9/x3hfV86Bq7xSv3bFmI
6aPQO3Sc++l2NpmmRhPo4RcdL3bsRLcbqHF4bWfYqJg
--- b739OmteTR/Z3J3HZqcmqKYvMucyNSbTabqopToJHpY
0¤¾C¦üŠŠ€,‡]Àwj¶£ŒÕÞ<4jŠsï@ÌeW9j¸¾w|¦Y2ÛJ{ƒÕ« “»­Té3„ƒ÷<C692>ëN”áŒý6ž)Ò $&;pÑtôC9&òÓy$÷JŸ°A—Îc†I½éáGéh:ÈO±ÇÊ<C387>HøVn%Ș}r3H¸‡®§a8ÐÀ9©p5

7
nix/secrets/minio_env_file.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 qM6TYg FPuST3lWjHKcylkh0mlRbQm8lM28wce4Bb2/rp1zu2k
cmA9aRF8zDe6YYmBCH7pOtl1FflKxwAiHtMYTQ0OWMk
-> ssh-ed25519 XzACZQ 2M5O5Rj2LAS1T9UXRYeUZrq3iBiJu/0TPOtz5yC+nyE
A1JFvr1iVj2Mc4F7/yjGxikmdAbofTuOMvI8QtyzTr4
--- 7JakO0Kuuskiup7D+cYP7OKQtld7h7salUMRoOGa88Q
´ük·5 <20> »JçOU/<2F>St!ôûk2v§òm]ß o¾ü5V Å Ò·BE!×QtÂJ!|[ÉçÀÅ5(FxÁ<zk.‰Õ;.} eѨ=˜ |,$IƒÒšÈ[ᩨ‰dªªY,

5
nix/secrets/openolat_db_password.age Normal file
View file

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 qM6TYg 0lWcSdSricBNu8i0oMnNe0gOsoDrY9DfPvmCIS63ohc
fY0M+k7xXU5nlLTSbJQF7iDevujQVxZ2lLca9CiBTaI
--- 5ObZSaeWsTlkqKq5D8vWKsrY8WCku2ndSlrjBKRtQE8
ÕóˆI™þye$Q˜÷|<7C>îÂÏÂ<C38F>h'Q1Q¥·1éCõÕòÞ€mQ:ØQ.¿ýÎS¼îžE¨=cm… ¥äŠ@ß-¤9Öj®Œó7fǺFÚTÜ"<22>oâù"|¼0€Dξ‰å™‘ÊöWÅm*ß̬õ~5â'ç›{ jÝlu„¿Á”u Òßy+„¢ö

BIN
nix/secrets/registry_htpasswd.age Normal file
View file

Binary file not shown.

BIN
nix/secrets/registry_s3_key_secret.age Normal file
View file

Binary file not shown.

BIN
nix/secrets/s3_mc_admin_client.age Normal file
View file

Binary file not shown.

35
nix/secrets/secrets.nix Normal file
View file

@ -0,0 +1,35 @@
let
dns1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBKoyDczFntyQyWj47Z8JeewKcCobksd415WM1W56eS";
dns2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINZ1yLdDhI2Vou/9qrPIUP8RU8Sg0WxLI2njtP5hkdL7";
vps1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII4Xj3TsDPStoHquTfOlyxShbA/kgMfQskKN8jpfiY4R";
vps2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzt3OZAOG2sih8T9Bhoqg8ANBP5ZX60z0xmUW4cBWvX";
vps3 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvupo7d9YMZw56qhjB+tZPijxiG1dKChLpkOWZN0Y7C";
vps4 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMpoLgBTWj1BcNxXVdM26jDBZl+BCtUTj20Wv4sZdCHz";
vps5 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBWbIznvWQSqRF1E9Gv9y7JXMy3LZxMAWj6K0Nq91kyZ";
in
{
"widetom_bot_token.age".publicKeys = [ vps1 ];
"widetom_config_toml.age".publicKeys = [ vps1 ];
"docker_registry_password.age".publicKeys = [ vps1 ];
"hugochat_db_password.age".publicKeys = [ vps1 ];
"openolat_db_password.age".publicKeys = [ vps1 ];
"minio_env_file.age".publicKeys = [ vps1 vps3 ];
"garage_secrets.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ];
"caddy_s3_key_secret.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ];
"registry_htpasswd.age".publicKeys = [ vps1 ];
"registry_s3_key_secret.age".publicKeys = [ vps1 ];
"grafana_admin_password.age".publicKeys = [ vps3 ];
"loki_env.age".publicKeys = [ vps3 ];
"backup_s3_secret.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ];
"s3_mc_admin_client.age".publicKeys = [ vps1 vps2 vps3 vps4 vps5 ];
"killua_env.age".publicKeys = [ vps1 ];
"forgejo_s3_key_secret.age".publicKeys = [ vps1 ];
"upload_files_s3_secret.age".publicKeys = [ vps1 ];
"wg_private_dns1.age".publicKeys = [ dns1 ];
"wg_private_dns2.age".publicKeys = [ dns2 ];
"wg_private_vps1.age".publicKeys = [ vps1 ];
"wg_private_vps2.age".publicKeys = [ vps2 ];
"wg_private_vps3.age".publicKeys = [ vps3 ];
"wg_private_vps4.age".publicKeys = [ vps4 ];
"wg_private_vps5.age".publicKeys = [ vps5 ];
}

5
nix/secrets/upload_files_s3_secret.age Normal file
View file

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 qM6TYg Tq8qyikECRKhPhMbKFDd+YZIGkx9uj3vOWk7QRHEkn8
wDbkM7KZWGDF3mECEa1MPPTC5F7uxe8nGtIZZkVCWU0
--- hpRMWveZaPAIS44Jr6rRGHMOQfRi7nFpN0nxHU6fPOQ
t4¼`Æò³:,P»ùÊ<C3B9>µN„?‘ij\¬È±éµ¿­uAH_Ä?PgÎ#¨ ³T+¯êRÁ-ëȺXÆ,!YeZF m»d¢À“ºø¥\4ÍbDAk×Lžk¤1RzÊÜõ˜6xo(Â8ÄgzVÍ+s|³‚ .ÃT;<3B>O¶¨M6 <0B>z¶A¨Qƒ¥öV®™¡Ÿ~„ôª§mÛN«ŠXÐI qk²ËtÔ#óÄJyºrSðuÊ?ÉîÚN Õˆbø!KsyÜ Ï, AyfWÄÑÀ##"Ë`¢™ænPÎX,$z1ðŽ (PÈÍ <0A> Ä"yû€<C3BB>|Èsð<73>TŸÂýxåBFtl!6Û‰¤ìÔ0Ùos*.H/Üoëä5<C3A4>Û­ÐlçÀ

5
nix/secrets/wg_private_dns1.age Normal file
View file

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 LZU5Eg C3IfbvL4t0pOHEb3Bc54+r6DZESgN6K6zPDhBlDumXk
UwOtrqp8I90Vux6L7CsV5K+2SDFB8LBiyLO8ud7IsQU
--- 2tIecoG70broXFTtgjCUMcvk2RdKqpe5tihO6meI8DY
泓、kユレウ& ミ`!ヘ藪_致`<60>マ-。ヤEp^<5E>ザ#:ゥ壌]ム優mサヒy<EFBE8B>厥^O†+t8ァ€<EFBDA7>.コ鉷奘; ョ

6
nix/secrets/wg_private_dns2.age Normal file
View file

@ -0,0 +1,6 @@
age-encryption.org/v1
-> ssh-ed25519 5bWSnQ wqkRMdob+7G2mTNKySF2kiGhOKt4GLN/ne+4lM3pIwA
Iz2Brik6I6YHjVxQcoDL0UTJOWcjuiErf5kCeWpnaV0
--- 1ZkP0GiP78eGKl8te1w+o5I5kEbyPaiJFq7WGH4k1LE
á61zIìTÂU/ò5ã'|Œ½ûÊÌþìhÕ>z±ñ¶Ýr^Éwanog´lùX„º,kܶG
cÊõ¸æPÇ!Rh×»fW¥éhä §

BIN
nix/secrets/wg_private_vps1.age Normal file
View file

Binary file not shown.

5
nix/secrets/wg_private_vps2.age Normal file
View file

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 pP9cdg GI2CXAYTJWUqmab/Fnl/cFZVCCBxYZX/snQ+w0aPjSk
8D6TxN4VYH14GQJ/XhUqyfKNLjM8f3LDmykLAvtl+IM
--- 6ru8v60LKlJjpy2PnmcwBdV09KMEh+neITYyuFscSIQ
F Й¿y#<ﯗÖmàߘžº¦¼Q2Õ^T2Lâ9µ]LÄžµhž[b¼rߤ!ï³jEnS?¾ìjCRà%„ÓsŸ;mœƒ\R

5
nix/secrets/wg_private_vps3.age Normal file
View file

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 XzACZQ pOD3jNWIufLkEVtkFJu6W0QjdzPJTK+t1MwgACv1zXU
EJQ+9xPw6MnB6nJW6nDBUlzfHyY9XlfBIQlgje+FVE4
--- BmTwJED+mJ/Qr0WFDELozwR2BgGDkHDcR2I9eSxuVn8
KêÃ~alNh.€½ù «kiAÛF*Ã/MY±ñ¡Zd†¬p”AÉ+-²Ù¬A<C2AC>¹Ü¢*S¥Z¶ï„ Nê­F­fˆbô3tª×rûÇy

6
nix/secrets/wg_private_vps4.age Normal file
View file

@ -0,0 +1,6 @@
age-encryption.org/v1
-> ssh-ed25519 51bcvA mzB9FcwUgPczK4/Rd2DZvCYoQfjT4qE+Z7HE9yHjgGU
sPDlr+YNhvbjYagyJb/kua9dWeG9tSt6KNjKh+/p+ps
--- uZVoWpqKjapTtWRGpc7cUoifwOVFfd5DU+9pQpwruuo
Fv6¾œÚËï,ø»K¶¶Ó†(ÍÝèkÙ~Y4Á.`z(]w2²MV "¼%À³JUÚ$ô•È«ÁǸCïG
_:F¸Ý§ S

5
nix/secrets/wg_private_vps5.age Normal file
View file

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 vT7ExA WsT1cFerSGwOnhrLBTN62zydQVC1oPQxXtwQxGUSY1w
Je1zd3NJ16yaOHQD8iPX7eaPJV3WH6Z3eiDkFip/2FY
--- J6ZhIFcXF12n+pV4JEaAut/QB2c5ycYSIGo6j3nLICQ
SńOĆŤ<EFBFBD>žsIµ˝öüÜLJăŢ i—=Ům|,gőnYÖDv·ćA âd{Á·á q)~Ă3Ó!ó8¶ ·«ŢěńxPçÚńL7™"

5
nix/secrets/widetom_bot_token.age Normal file
View file

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 qM6TYg n/6/3HfVk0IWfGRbgBB7qLkEXylLgYDxNzbLTaJWyhs
jNP6viJqbOgpNke072hDeaGmApVc51wAN/O+8Gc58U4
--- WoF4XMNOMMwKJ16Q7QrH97cGdyJ4nB4Dw04dyznfmL8
þÿ#ÙÖõ"ØLËÆi"W€µ<E282AC><>AEŒèû-?Ø•´ìæ´~Z¿\±éÞðgO¨&Ùõ¥´õÊx¤»³vÈç —¼þ¹¢&w]ý"¢¿S2VɯÁ/”É

BIN
nix/secrets/widetom_config_toml.age Normal file
View file

Binary file not shown.