summary refs log tree commit diff stats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.gitignore1
-rw-r--r--flake.nix1
-rw-r--r--secrets/acme.age11
-rw-r--r--secrets/binarycache.agebin435 -> 435 bytes
-rw-r--r--secrets/dex.agebin509 -> 509 bytes
-rw-r--r--secrets/dyndns.agebin476 -> 476 bytes
-rw-r--r--secrets/golink.age14
-rw-r--r--secrets/identities/se.txt4
-rw-r--r--secrets/paperless.agebin449 -> 449 bytes
-rw-r--r--secrets/powerdns.agebin393 -> 393 bytes
-rw-r--r--secrets/secrets.nix4
-rw-r--r--secrets/syncthing.agebin608 -> 608 bytes
-rw-r--r--system/linde.nix3
-rwxr-xr-xsystem/nanopi.nix1
-rw-r--r--user/settings/nix.nix2
15 files changed, 28 insertions, 13 deletions
diff --git a/.gitignore b/.gitignore
index c4a847d9..06dad061 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 /result
+/secrets/key.txt
diff --git a/flake.nix b/flake.nix
index 07188f43..d0853ec4 100644
--- a/flake.nix
+++ b/flake.nix
@@ -65,6 +65,7 @@
         pkgs = import nixpkgs {
           inherit system;
           overlays = readOverlays (toString ./overlays) ++ [
+            agenix.overlays.default
             (self: super: {
               personal = personal.packages.${system};
               enchant = super.enchant.override {
diff --git a/secrets/acme.age b/secrets/acme.age
new file mode 100644
index 00000000..d46debdb
--- /dev/null
+++ b/secrets/acme.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 cvV2sw W2syE6GPwiBO94YVuVVhd+Hk7JP+PF7JlrBMcco8jFc
+Mqs61ORyMiLHr7vu4BYqQf3x2fcwMkFx+4/XUzQ38lY
+-> ssh-ed25519 hzg5VQ x4TB7HXyMfWCCWGB48iNZsaY76PzVNqkqZgNfee9fUc
+jXrBqHQrfb6kfCA5Sxvw8lplQAOvwDCg7L8RfKL0odo
+-> piv-p256 VBDKjg AlNkpcPjmcQtBjZzQDMIZzqtgREsdtRc3EVym/06iydB
+mHIlsnAIq2nre3Xp0mZ4y4uWap+K3OOP+7ywEQtKZvE
+--- 0KRi0uNgUuxIElVi7ReWlozrxREIPNKAXQeuhMGs7hE
+Rѻh[9o8QtKzEUÛFz3,?~'دRRP
0
+$8T6TCn꾣$},SScP?W.2!Ɛ7;ą`LAi\:_EeC,ѽjr*?~^۴cmI-7"CA4O]sD=lJp5d}AܰUIH0XX9g
+!yW"wƒ_?=%=K[WNE@3cfBP*dw;T2e
\ No newline at end of file
diff --git a/secrets/binarycache.age b/secrets/binarycache.age
index fae59d4d..70e5b3a9 100644
--- a/secrets/binarycache.age
+++ b/secrets/binarycache.age
Binary files differdiff --git a/secrets/dex.age b/secrets/dex.age
index 99d463b4..b88721ea 100644
--- a/secrets/dex.age
+++ b/secrets/dex.age
Binary files differdiff --git a/secrets/dyndns.age b/secrets/dyndns.age
index cd1668f1..bee83fca 100644
--- a/secrets/dyndns.age
+++ b/secrets/dyndns.age
Binary files differdiff --git a/secrets/golink.age b/secrets/golink.age
index c7039771..53855e7a 100644
--- a/secrets/golink.age
+++ b/secrets/golink.age
@@ -1,8 +1,8 @@
 age-encryption.org/v1
--> ssh-ed25519 cvV2sw Afv1D+MaopWkuWEKI0t0zp4qlcam7bBUtWHq7CwABg8
-T49GUjm0yIB8L93giMNNQm56goIlyUKw81Awem7LGBE
--> piv-p256 u9NeZg Aym6b0XVHJFxEaH1bi82HjDGpbId6LjDzeANPlP1q75N
-euudxSXIVs2mTeP8DKe6+8ixQb5doTwp3HR7eyfCsCk
---- c0wvkDM428LPfxbK7xL22xMmUh9OaEXM+gEImi6FVJg
-

-h׃U߅?/3
;!ǻP'.rt\싩:	u9Yy_x9	.O#פ=%#,MP?
\ No newline at end of file
+-> ssh-ed25519 cvV2sw sKOQF184MHp+13KvA7JJRnzkvvIeRZhKYHSz+43/YQo
+Lv69lCDhhJPMt87ZV4m8jf9p70mJ/thgO60Wxjmhe4U
+-> piv-p256 VBDKjg AyF9lzorXDLEr1g3wG/jm3AnqyXc/aewIyfIkEozmT8y
+KSAOa4Vat8gyrfSd+RtPkWuhxPQy6GkBruCW+qh7Ghg
+--- An2Se6RNs1BNB3AR8ATrMeLkKpUXTZC09XYr94Cx/Qg
+gI loNZSs8'#Dh{br~
+c4}Abu.:>9X뒯f"CA"}o䊶0`G
\ No newline at end of file
diff --git a/secrets/identities/se.txt b/secrets/identities/se.txt
deleted file mode 100644
index e1c6b851..00000000
--- a/secrets/identities/se.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-# created: 2024-04-10T12:44:17Z
-# access control: any biometry or passcode
-# public key: age1se1qdx3wrvaxevk3g40ngqreqc9n4gl0rwcjdvnptz5vw96jjjuf2rv2wp8c5m
-AGE-PLUGIN-SE-1QJPQZ7P3SGQHGVYP75XQYUNTXXQ7UVQTPSPKY6TYQSZ85T758GCYSRQRWP6KYPZPQ3X3WRVAXEVK3G40NGQREQC9N4GL0RWCJDVNPTZ5VW96JJJUF2RV2XR0REV8SUYMVLR9LK9VWDZGRRTNSKQL0ATZYYWS9NAZZACW5QMMXQYQCQMJDDHSYQGQXQRSCQNTWSPQZPPS9CXQYAMTQS599D2V5HHZE0VLL5MW9EW28X23MP9NRSULQL3GAHD0RU0M5EG3F38XWDKEJM6LPWTNQPCVQF3XXQSPPYCQWRQZDDMQYQGZXQTSCQMTD9JQGY8R2D8H498GF5PMR8WYFNAUD7L8XQNSCQMJDDKSGGYSRXZGXMRKCX08VHSJTFQWK28KT7SX2TYS6HLC3CQQUE303RKEEUC85RQZV4JRZAPSWGXQXCTRDSCKKVPFPSPK7CMTXY3RQGQVQD3HQMCVR9ZX2ANFVDJ57AMWV4EYZAT5DPJKUARFVDSHG6T0DCCQJRQYDAJX2MQPQYQNQ2SVQ3HHXEMWXY3RQGQVQD3HQMCVR9ZX2ANFVDJ57AMWV4EYZAT5DPJKUARFVDSHG6T0DCCQWRQZDASSZQGP9T2Q6F
\ No newline at end of file
diff --git a/secrets/paperless.age b/secrets/paperless.age
index 5fe24928..679b5623 100644
--- a/secrets/paperless.age
+++ b/secrets/paperless.age
Binary files differdiff --git a/secrets/powerdns.age b/secrets/powerdns.age
index b4a3de03..c7d62dd3 100644
--- a/secrets/powerdns.age
+++ b/secrets/powerdns.age
Binary files differdiff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 1d2ea414..be2acf14 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,7 +1,7 @@
 let
   users = {
     alan = [
-      "age1se1qdx3wrvaxevk3g40ngqreqc9n4gl0rwcjdvnptz5vw96jjjuf2rv2wp8c5m" # mba age-plugin-se
+      "age1se1qwz9tsr7fq6m7rh3fj44fh6vcth53x9lcff9jeangg43v66vznxus3vp5mz" # marvin age-plugin-se
     ];
   };
 
@@ -11,6 +11,8 @@ let
   };
 
   secrets = with machines; {
+    acme = [ linde nanopi ];
+
     binarycache = [ linde ];
     paperless = [ linde ];
     powerdns = [ linde ];
diff --git a/secrets/syncthing.age b/secrets/syncthing.age
index 680dd1ce..8aaceefb 100644
--- a/secrets/syncthing.age
+++ b/secrets/syncthing.age
Binary files differdiff --git a/system/linde.nix b/system/linde.nix
index 8e6635b6..6e5e54ed 100644
--- a/system/linde.nix
+++ b/system/linde.nix
@@ -39,6 +39,7 @@ in
         mode = "400";
         symlink = false;
       };
+    acme.file = ../secrets/acme.age;
     binarycache.file = ../secrets/binarycache.age;
     dex.file = ../secrets/dex.age;
     powerdns.file = ../secrets/powerdns.age;
@@ -614,7 +615,7 @@ in
       email = "alan@alanpearce.eu";
       dnsProvider = "pdns";
       dnsResolver = "1.1.1.1:53";
-      credentialsFile = config.age.secrets.powerdns.path;
+      credentialsFile = config.age.secrets.acme.path;
       reloadServices = [ "caddy" ];
       validMinDays = 32;
     };
diff --git a/system/nanopi.nix b/system/nanopi.nix
index c3f36134..3a95ebfc 100755
--- a/system/nanopi.nix
+++ b/system/nanopi.nix
@@ -18,6 +18,7 @@ in
 
   age.secrets = {
     dyndns.file = ../secrets/dyndns.age;
+    acme.file = ../secrets/acme.age;
     syncthing.file = ../secrets/syncthing.age;
   };
 
diff --git a/user/settings/nix.nix b/user/settings/nix.nix
index 87db3d56..6eabeae8 100644
--- a/user/settings/nix.nix
+++ b/user/settings/nix.nix
@@ -15,6 +15,8 @@ in
   };
 
   home.packages = with pkgs; [
+    age
+    agenix
     cached-nix-shell
     nil
     nix-prefetch-scripts
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-27 16:49:36 +0000