Import server configurations

8 files changed, 59 insertions, 0 deletions

diff --git a/secrets/acme.age b/secrets/acme.age
new file mode 100644
index 00000000..0a7be3b7
--- /dev/null
+++ b/secrets/acme.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 cvV2sw 9M8YWkJtggtWDra9rnc3iaf9qbXF+pdRaVtQbSMOQkY
+/jxEwLo3+qmuyWIpQD65O2Kp0qEKJwydM4tFnXdvRfU
+-> ssh-ed25519 hzg5VQ BLUqRuSfJXtSc/M1H1jTBwCWnkSZqm5SC+LrxIXNn34
+D1A2DDFQ7FK3bOPUvJJpumQM7MeESMHqhwZXxug6b34
+-> piv-p256 u9NeZg AkXH20bJj+m6TgPzvsPltDyOIPRAB9YR0MXx/b8DFFD2
+kGH6MvfeDaKgXf5Ba92PF4PwTRotSZglGQZO2impo1Q
+--- wYsP2oTEuD/C40pKjx0LAYuoE9/w2LgxuDRGqsmcnCo
+5��ZPs�e�!��$�
����lI��}4޻�o!6��W�1�[c����͆7���;����I�O ��h
n_�����"�Ɗ�[�㉪��}��Q�ܭ�R@:�M����lw_c�l��]l��k:�����mߊ��b}���#�
�W��kUV;�NY���h������a!e��:���8����T��C�8l�5[qc��]U�}���}���`�N��xdX1����D#
+��ck
\ No newline at end of file
diff --git a/secrets/binarycache.age b/secrets/binarycache.age
new file mode 100644
index 00000000..fae59d4d
--- /dev/null
+++ b/secrets/binarycache.age
Binary files differdiff --git a/secrets/dyndns.age b/secrets/dyndns.age
new file mode 100644
index 00000000..cd1668f1
--- /dev/null
+++ b/secrets/dyndns.age
Binary files differdiff --git a/secrets/identities/se.txt b/secrets/identities/se.txt
new file mode 100644
index 00000000..e1c6b851
--- /dev/null
+++ b/secrets/identities/se.txt
@@ -0,0 +1,4 @@
+# created: 2024-04-10T12:44:17Z
+# access control: any biometry or passcode
+# public key: age1se1qdx3wrvaxevk3g40ngqreqc9n4gl0rwcjdvnptz5vw96jjjuf2rv2wp8c5m
+AGE-PLUGIN-SE-1QJPQZ7P3SGQHGVYP75XQYUNTXXQ7UVQTPSPKY6TYQSZ85T758GCYSRQRWP6KYPZPQ3X3WRVAXEVK3G40NGQREQC9N4GL0RWCJDVNPTZ5VW96JJJUF2RV2XR0REV8SUYMVLR9LK9VWDZGRRTNSKQL0ATZYYWS9NAZZACW5QMMXQYQCQMJDDHSYQGQXQRSCQNTWSPQZPPS9CXQYAMTQS599D2V5HHZE0VLL5MW9EW28X23MP9NRSULQL3GAHD0RU0M5EG3F38XWDKEJM6LPWTNQPCVQF3XXQSPPYCQWRQZDDMQYQGZXQTSCQMTD9JQGY8R2D8H498GF5PMR8WYFNAUD7L8XQNSCQMJDDKSGGYSRXZGXMRKCX08VHSJTFQWK28KT7SX2TYS6HLC3CQQUE303RKEEUC85RQZV4JRZAPSWGXQXCTRDSCKKVPFPSPK7CMTXY3RQGQVQD3HQMCVR9ZX2ANFVDJ57AMWV4EYZAT5DPJKUARFVDSHG6T0DCCQJRQYDAJX2MQPQYQNQ2SVQ3HHXEMWXY3RQGQVQD3HQMCVR9ZX2ANFVDJ57AMWV4EYZAT5DPJKUARFVDSHG6T0DCCQWRQZDASSZQGP9T2Q6F
\ No newline at end of file
diff --git a/secrets/paperless.age b/secrets/paperless.age
new file mode 100644
index 00000000..5fe24928
--- /dev/null
+++ b/secrets/paperless.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 cvV2sw ytN6X4qbcYAEijPOcZ3CV0BQOU5Osocy5Zv3ebnekF0
+WNzH2Gr0L1qKENdRalb44Xg0Ay4tD38+CED6crF3Nd4
+-> piv-p256 u9NeZg A4sl4hcJrAyDZxWkPn84u3gNXLZBj3guVya3vP60X3WT
+8uVbdrw6ZNvpaYc056vqTMDraJYLMWviXt+LnhGQDn4
+--- m1ofHvgDQvjWZV9iU5ran6oG1pK+jfMKKiouQc9SYfo
+c&$�I�נX8�pcPo�b�����or��„VE�.,.Z����*�������"��-	`�wL�eӊ���x�l�	f�-�4��%�9�-v�C9��0Y���P��!n
f��sV�O?����C��f
ӉCd_i�W����,�l�Z>����J`�9�
\ No newline at end of file
diff --git a/secrets/powerdns.age b/secrets/powerdns.age
new file mode 100644
index 00000000..b4a3de03
--- /dev/null
+++ b/secrets/powerdns.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 cvV2sw 8XNRgmCnrZX7Gug5WDA9uBUPjXW+hz+NxGbpAfI5nBY
+5DvhP919xM/ccBaRHjd+JnsiWNSbz3118p5iHUoDf8E
+-> piv-p256 u9NeZg AlR0PR5A+mSyaT8wStnNKuWnO28YwUEwV/UPXK2JvlEi
+xBtUPfZehUkzTeNTVk6FBZt4R/XfvKwzrkWipVJbHMY
+--- mdXzr4rVzRNBekbnenHAXzr8SFYhHRJIO0/HaeL7QVI
+��$�G��A���C����[b��m�t�t�y$�Oc�:�<��'`V�<���'���/�	X���J*�!@լ�!|��g8�ņ4��Ǟ�E��`Cp��mAK��-
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 00000000..86d1062c
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,31 @@
+let
+  users = {
+    alan = [
+      "age1se1qdx3wrvaxevk3g40ngqreqc9n4gl0rwcjdvnptz5vw96jjjuf2rv2wp8c5m" # mba age-plugin-se
+    ];
+  };
+
+  machines = {
+    linde = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHHdh3J7dEmh9G+CVmzFEC8/ont35ZXpCFcpLUO863vC";
+    nanopi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/KOwhb4pyuw4U8hnkPAbRNk6o41Fmvsa67cY6MHA9k";
+  };
+
+  secrets = with machines; {
+    acme = [ linde nanopi ];
+
+    binarycache = [ linde ];
+    paperless = [ linde ];
+    powerdns = [ linde ];
+
+    dyndns = [ nanopi ];
+    syncthing = [ nanopi ];
+  };
+in
+builtins.listToAttrs (
+  map
+    (secretName: {
+      name = "${secretName}.age";
+      value.publicKeys = secrets.${secretName} ++ users.alan;
+    })
+    (builtins.attrNames secrets)
+)
diff --git a/secrets/syncthing.age b/secrets/syncthing.age
new file mode 100644
index 00000000..680dd1ce
--- /dev/null
+++ b/secrets/syncthing.age
Binary files differ