Compare commits
No commits in common. "5895a66911100b5f997f78bb63729abcb44dda66" and "3a25d68226261f18e7d8c8ae49c92f5245ed6a95" have entirely different histories.
5895a66911
...
3a25d68226
|
@ -5,7 +5,7 @@
|
|||
Laureηt's Infrastructure <br>
|
||||
<img src="https://raw.githubusercontent.com/catppuccin/catppuccin/main/assets/palette/macchiato.png" width="600px">
|
||||
|
||||
<a href="https://github.com/ryantm/agenix">
|
||||
<a href="https://github.com/yaxitech/ragenix/">
|
||||
<img src="https://img.shields.io/static/v1.svg?style=for-the-badge&label=Secrets&message=age&color=ea999c&labelColor=303446">
|
||||
</a>
|
||||
<a href="https://git.fainsin.bzh/Laurent/infrastructure/src/branch/master/LICENSE">
|
||||
|
|
178
flake.lock
178
flake.lock
|
@ -54,23 +54,42 @@
|
|||
},
|
||||
"agenix": {
|
||||
"inputs": {
|
||||
"darwin": "darwin",
|
||||
"home-manager": [
|
||||
"home-manager"
|
||||
],
|
||||
"agenix": "agenix_2",
|
||||
"crane": "crane",
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"systems": [
|
||||
"systems"
|
||||
"rust-overlay": "rust-overlay"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1682237245,
|
||||
"narHash": "sha256-xbBR7LNK+d5Yi/D6FXQGc1R6u2VV2nwr/Df5iaEbOEQ=",
|
||||
"owner": "yaxitech",
|
||||
"repo": "ragenix",
|
||||
"rev": "281f68c3d477904f79ff1cd5807a8c226cd80a50",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "yaxitech",
|
||||
"repo": "ragenix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"agenix_2": {
|
||||
"inputs": {
|
||||
"darwin": "darwin",
|
||||
"nixpkgs": [
|
||||
"agenix",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1703433843,
|
||||
"narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=",
|
||||
"lastModified": 1682101079,
|
||||
"narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "417caa847f9383e111d1397039c9d4337d024bf0",
|
||||
"rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -144,6 +163,36 @@
|
|||
}
|
||||
},
|
||||
"crane": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-utils": [
|
||||
"agenix",
|
||||
"flake-utils"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"agenix",
|
||||
"nixpkgs"
|
||||
],
|
||||
"rust-overlay": [
|
||||
"agenix",
|
||||
"rust-overlay"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1681680516,
|
||||
"narHash": "sha256-EB8Adaeg4zgcYDJn9sR6UMjN/OHdIiMMK19+3LmmXQY=",
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"rev": "54b63c8eae4c50172cb50b612946ff1d2bc1c75c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"crane_2": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"lanzaboote",
|
||||
|
@ -167,16 +216,17 @@
|
|||
"darwin": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"agenix",
|
||||
"agenix",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1700795494,
|
||||
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
|
||||
"lastModified": 1673295039,
|
||||
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
|
||||
"owner": "lnl7",
|
||||
"repo": "nix-darwin",
|
||||
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
|
||||
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -193,11 +243,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1705075138,
|
||||
"narHash": "sha256-0slYsXoR1Sd5FwTfFZLYxAsI015+J4lvgvo55u4Gw1A=",
|
||||
"lastModified": 1705017253,
|
||||
"narHash": "sha256-/ysUOnF/dYJXDTxi/fi4MNN7uYKRji5CKp3EIamXB+0=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "f78b6498f69e04514cb84393e5daba669198c1c1",
|
||||
"rev": "fa5db12d76f9e8ee11e572cdbe021230e48b6afa",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -229,6 +279,22 @@
|
|||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1673956053,
|
||||
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_2": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696426674,
|
||||
|
@ -287,7 +353,25 @@
|
|||
},
|
||||
"flake-utils": {
|
||||
"inputs": {
|
||||
"systems": "systems_2"
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1681202837,
|
||||
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_2": {
|
||||
"inputs": {
|
||||
"systems": "systems_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694529238,
|
||||
|
@ -348,11 +432,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1705104164,
|
||||
"narHash": "sha256-pllCu3Hcm1wP/B0SUxgUXvHeEd4w8s2aVrEQRdIL1yo=",
|
||||
"lastModified": 1704980804,
|
||||
"narHash": "sha256-lPNNKdPqIYcjhhYIVwlajNt/HqVWbMOoSdNnwCvOP04=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "0912d26b30332ae6a90e1b321ff88e80492127dd",
|
||||
"rev": "93e804e7f8a1eb88bde6117cd5046501e66aa4bd",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -365,7 +449,7 @@
|
|||
"inputs": {
|
||||
"hyprland-protocols": "hyprland-protocols",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"systems": "systems",
|
||||
"systems": "systems_2",
|
||||
"wlroots": "wlroots",
|
||||
"xdph": "xdph"
|
||||
},
|
||||
|
@ -443,13 +527,13 @@
|
|||
},
|
||||
"lanzaboote": {
|
||||
"inputs": {
|
||||
"crane": "crane",
|
||||
"flake-compat": "flake-compat",
|
||||
"crane": "crane_2",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"flake-parts": "flake-parts_2",
|
||||
"flake-utils": "flake-utils",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs": "nixpkgs_3",
|
||||
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
|
||||
"rust-overlay": "rust-overlay"
|
||||
"rust-overlay": "rust-overlay_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1704813398,
|
||||
|
@ -867,12 +951,37 @@
|
|||
"projet-oral-japonais": "projet-oral-japonais",
|
||||
"projet-systemes-algorithmes-repartis": "projet-systemes-algorithmes-repartis",
|
||||
"resume": "resume",
|
||||
"systems": "systems_3",
|
||||
"systems": "systems_4",
|
||||
"treefmt-nix": "treefmt-nix_2",
|
||||
"wallpaper": "wallpaper"
|
||||
}
|
||||
},
|
||||
"rust-overlay": {
|
||||
"inputs": {
|
||||
"flake-utils": [
|
||||
"agenix",
|
||||
"flake-utils"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"agenix",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1682129965,
|
||||
"narHash": "sha256-1KRPIorEL6pLpJR04FwAqqnt4Tzcm4MqD84yhlD+XSk=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "2c417c0460b788328220120c698630947547ee83",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"rust-overlay_2": {
|
||||
"inputs": {
|
||||
"flake-utils": [
|
||||
"lanzaboote",
|
||||
|
@ -898,6 +1007,21 @@
|
|||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_2": {
|
||||
"locked": {
|
||||
"lastModified": 1689347949,
|
||||
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
|
||||
|
@ -912,7 +1036,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_2": {
|
||||
"systems_3": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
|
@ -927,7 +1051,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_3": {
|
||||
"systems_4": {
|
||||
"locked": {
|
||||
"lastModified": 1689347949,
|
||||
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{
|
||||
description = "Laureηt's infrastructure";
|
||||
|
||||
# TODO: rekey les secrets + changer la key de cesium
|
||||
# TODO: luks encrypt cesium (dropbear ?)
|
||||
# TODO: setup disko sur silicium
|
||||
|
||||
|
@ -24,10 +25,9 @@
|
|||
inputs.nixpkgs-lib.follows = "nixpkgs";
|
||||
};
|
||||
agenix = {
|
||||
url = "github:ryantm/agenix";
|
||||
# TODO: replace by classic agenix
|
||||
url = "github:yaxitech/ragenix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
inputs.home-manager.follows = "home-manager";
|
||||
inputs.systems.follows = "systems";
|
||||
};
|
||||
disko = {
|
||||
url = "github:nix-community/disko";
|
||||
|
@ -180,7 +180,7 @@
|
|||
packages = [
|
||||
formatter # defined above
|
||||
pkgs.git # version control
|
||||
agenix.packages.${system}.agenix # secrets
|
||||
agenix.packages.${system}.ragenix # secrets
|
||||
pkgs.sbctl # secure boot utils
|
||||
];
|
||||
};
|
||||
|
|
|
@ -4,4 +4,5 @@
|
|||
owner = "gitea";
|
||||
group = "gitea";
|
||||
};
|
||||
age.identityPaths = ["/root/.ssh/id_ed25519"];
|
||||
}
|
||||
|
|
|
@ -1,5 +1,12 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kZEpWw GRcmqKupwo/EZ5c28pu4Te0ODGmWU0rL+3HIbg7qgFE
|
||||
dfnJzw6kZGgZQFoXjCNAOTnoLf4TO7ZTNT0ob0Q0qO4
|
||||
--- G6vG/80pcxtFNhbMacVxv393O4U9cpQEA8t0b4KMUzk
|
||||
bØeãÝ$Çc•`.k#Ç^ºýƒ:ª"Κüh8]·÷î—d$j"òaŸM»Åu@iZק^e½Ïi ¶ÉÝ¢eìá‘ô&¶¥åÒe÷,åçú–-¶yäFŽm,„¤åÁ"‰ÊC¨ã[™Ï*\ÈôŒ7Õƒù•(jc‘ÇCVf‚Jñ
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtaRXBXdyBCSFps
|
||||
YjhJT3l2NVMwUlc1L3laWmRoaHRjZUpzbFZyMXA2K3diZ1VuZWdzCktYa0V5Ujk5
|
||||
M2JndmxSMkZpZFZCN25uaVFDMk1aNDJhbmo4YlU1MVVMTkkKLT4gTGo+Ti1ncmVh
|
||||
c2UgWFVaL0cKTTJ6ZGpRNzVkQTdBL00rd1NIVFpwQkV5WmVPWWJLMWNlaE51cDVy
|
||||
ajVJd3VOL1pUSkxJVGJiejFQR3UwWFdQQwpqN2tTZzhWem85TGhEYmtRM3lKNHpz
|
||||
azlreEFvbFgwYWxJK0JxMGV1MUFlUHQ4dVppYUtScjZ5Vjl2N1VQa21hCgotLS0g
|
||||
bXA2YUxBNEc4NThjKzNKSXlNcEE5TE1DbWxoVUcxZTRLYXZrY1Rrb2cyTQqFtX6u
|
||||
I6xKT4GsVsZONMHURFyBrwC6f9nyDcZv7w7i+0WjpalP3k26D3pLbB4I3g5p3X8U
|
||||
A60vagUy20vBPYYh9P2dGsLDieGq6GRxQfwIXHkxZ+d7akAi3n+p5ltfJ2h9Zuti
|
||||
RRBKtnxVIaHp6TZjausCKVfvIXW540gQogiUjadPm7xt
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
|
|
|
@ -1,7 +1,13 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kZEpWw wwRzGnuU1emv5/dIg1nmg6gsFIq+b/JBdML9nlZ54V8
|
||||
uw2/wrycilU5m0QH/JHVADH41mAqcl7udmfpKAwMQAY
|
||||
-> ssh-ed25519 mQMqbw OnupY43Uc/RGdHHUj9ItT5QBiASqwMpyih4Xnq1JSRU
|
||||
1PEkalnMjdgObz6euu0PbuutOyly/F5AGYEzYWcWpgg
|
||||
--- /KSY8DngUMetAF2hSb/scg2ZcV2I2bGu6B1JsdWHH+k
|
||||
§ƒEêŠvR1/$~XJѹ Ì#õ¶<tÙb–C¼ÎQ5(y¬¾BÁoüõ(ÁiÙÂg.ÉØ‘yt{tJW¡™A¸c7D\tž#Û¥\§îR×p¥±Ÿ({"’¼¨864Å<34>Ó|úm}S÷§°ÚXPÇöªJ£¨~{>ÑWÈÅ0c%
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtaRXBXdyBaTENK
|
||||
NGt2K1pRRll2cStROFJDT0hMVzVSWEJQRmErUHpVVndyQzBDUmlvCnhlREd3YWc5
|
||||
c09LdldNeXZwMmg2SlNLRXhrelVwNnRua3BHN2JLYWlyZE0KLT4gc3NoLWVkMjU1
|
||||
MTkgdjhFOVV3IE1acEhiTElpTzVQc3ExdkNVaG41SlQ2TXUrcTZJVE9Oc1hqRVNt
|
||||
clhMMGsKZ1Z1THRhZzZ3MkNHODV3RWllbzJUSk4xTk1DcGl2MzV3UFlGZXdZRldz
|
||||
VQotPiA8ODZhZjAtZ3JlYXNlCjJidUIrVmZ3MHdYVUlzdDl2VHIzK3BUWUQxOGVG
|
||||
OXFGMDNuY3VDTnNldEZjdlFQV2N2SUk1dkc2SnJ4b1ZXb3YKVzIrTVFxb1d0SE1X
|
||||
Z3hSK0x2MWMKLS0tIHFwemhyYmxDSEhCUk90TW1nSmMxYVE2ajJYOUpNVG54SHBS
|
||||
MWk2L01qMWcKhPYyts5zbaAtGuGVJpwReTxAj0iCR9Fqa3TwMzogeSEEZhyp3j3w
|
||||
Vc+RiCM/ykf4DqFg/Xiulb2H+3TN0lT40UF2VEHbSnZFvJDDR9ltVwubI7fq8C5r
|
||||
feA1+W0uQ7FDY4a+q1yjHcf47oirK6Q1+95hAn+Iq+koiEDP6TquTAWCaOIpMg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
let
|
||||
silicium = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTvwXCT99s1EwOCeGQ28jyCAH/RBoLZza9k5I7wWdEu laurent@silicium";
|
||||
cesium = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDVxpWbNJl+OXe6YImMpsJprfuTd+9UJVTiteiuyx6oP root@cesium";
|
||||
cesium = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxh42mMYqftTU7WtfktZbkdMI07VuH7mhUv3m2Ca3fV root@cesium";
|
||||
in {
|
||||
"borgbackup.age".publicKeys = [silicium];
|
||||
"gitea.age".publicKeys = [silicium cesium];
|
||||
|
|
Loading…
Reference in a new issue