From 1310c4cb610af2b778e94250af8b177ed6badc8c Mon Sep 17 00:00:00 2001 From: Administrator Date: Sat, 8 Nov 2025 13:36:16 +0000 Subject: [PATCH] many changes, hopefully 100% pure now --- secrets/bind_pw | Bin 334 -> 710 bytes secrets/hidden_service/akkoma | Bin 418 -> 694 bytes secrets/hidden_service/forgejo | 20 +++++++++++++------- secrets/hidden_service/lldap | 21 ++++++++++++++------- secrets/hidden_service/microbin | 20 +++++++++++++------- secrets/hidden_service/nextcloud | Bin 418 -> 832 bytes secrets/hidden_service/site | Bin 418 -> 824 bytes secrets/hidden_service/vaultwarden | 20 +++++++++++++------- secrets/nextcloud-admin-pass | 18 +++++++++++------- secrets/prosody.env | 12 ++++++++++++ secrets/secrets.nix | 1 + secrets/vaultwarden.env | 18 +++++++++++------- services/mailserver.nix | 2 ++ services/prosody.nix | 11 ++++------- system/configuration.nix | 2 +- 15 files changed, 95 insertions(+), 50 deletions(-) create mode 100644 secrets/prosody.env diff --git a/secrets/bind_pw b/secrets/bind_pw index 125388f17d4ab98eb378ea92861e9e508d1a9e54..0024892162aa8c74cce30e7be291d0ccdbbfc915 100644 GIT binary patch literal 710 zcmdM|0Vh{?Pd^1mcUJ{hKj)yxfDl&~1vgJ0SCE`8S7dlfj!$@4X{522X|hL9L6VV4 zX_B#5o{w>4g>$BXwx@?*Rid+DPLzwMpx?ndPR`CpGSCTMR8(CSW!}rlY3%VL2zPrMxJwSib0UE zUtnTZR3cYmc#4x>R=RPjyK7arOHNdni=S&`n3G3RR#cU*M^I*BxL>AUSX4<^R#aYa zZn3vdh)H^~v0uJVcv!Y?R;VGDZ%B4}WT-_&lC!0gr+Y>~N<>PTue+CTSdNovVrW!U zq)||IQdO9DuzOg3WVmHfN?4SiU$|vSvWru2qI+N!m%p2ndzeeQcSx0^QHVi_Utok^ zU{XjRC2CYAXj2}en~*4 zQ&4Jdg=a)IC_qyxqr%;)qJo|BQ*$azQjC4`Jl)bu)7-t%Jv~AV65S2W{KCq;!#w=L zQ(XNLxe~K8vVF7NDpPY!Orye5DuQwXO~SLif}=dVynOQtqLM=k3R1H|jgvz&0>VQ5 zLV{ePT>OlqyaGd`41%03tGGf!lZ^w7ox+lHGb(+{3tU26!b}rAq6&iC!`wr|-HaoR z!V3J10*m|%JdJ}Q+_Dl~QrweWqWn@F^Gke!4br&+gDnlhs&dTya&nwfbNoDm4g5S) zjB`SKLnBSXvqFoKjNM8?LUK$~oh`~zL(5H4-Ae*eLftBS9SbX5{4#^N3Vq!iLrXo1 ze9Zg|vP%7Yl8rK5N<&IB3)3PE{L@Ob%ku)0Eqqe5y_|!~g0sp?Omoe{f_z+Uxxner K)z1ZI5(NO5qvXB- literal 334 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUl4+y9TFIPxUk0_}u z3o}mhNs7pF@hP)R@r)`C4+;thb$532$Z_Z%W%@J zaLzCf(GN=TaxE_naIQ2l2+g)I*3JtxGYAa{vOu>j(cdsf-%-ISJt@LhJHjNx$TuS} z*CRYt+ta1Es4UsnB0Vt5w4%_(!au_+rKDWj$dM~2DZ((xHLN(fJlWGSKRi3dqMYmVCl^u2bGz5DTw(ZH@Xy`#;{3>mhfHT&U%_sEGS;;> Se(Cii%*PE6&#rkN5&{79+jI>8 diff --git a/secrets/hidden_service/akkoma b/secrets/hidden_service/akkoma index ce1fd1a2b5b4e2f8ed51db284513efdce300902e..dcc0c39fbc9e2cb3b54ee2462ad3cdd5f439fc46 100644 GIT binary patch literal 694 zcmdM|0Vh{?Pd^1mcUJ{hKj)yxfDl&~1vgJ0SCE`8S7dlfj!$@4X{522X|hL9L6VV4 zX_B#5o{w>4g>$BXwx@?*Rid+DPLzwMpN^xqI zS6-4^PB>SvOOR=>v7?c1j$c?LVNh9eXn|8$mRDw? zYpAzRh)H^~v0uJVcv!Y?R;VGDZ%B4}WT-_&lC!0gr)zP!uYqNOw^3M8SXGc`Vx@&) zP?(=ds;ir^Z;q>pZ&px5Vpfo!e`s-Kuz^=-aCn9vS8}$SSy)w|cd~Jce_~!xSW9OMN@Y~ITUAuBV_8^^Yr2nXia}teW0rTOMY@l3xus8NXjx)nuv2!Ddzgz~o?CdLi&tc1PDW62c8Zr@j#ELBK|x?tctu!Lre$eJh+A1m zc#ug*c!i;#LAil%u4}n-NpL7vsz+(DUrs?pWJsEcd$4b$k$GfgK$MH6zo}bvTs3omAP3^c4bItabdZWMOjcto=JskZc?B}NL6xFQKfN3g??$i7nfnBcdDyz vfMZc$NKQm>WJO+jscBfUnUhhjvtMd)u2+PYZ?-MRX?;7pPLNfhBy literal 418 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUl4+y9TFINc9C`&8z zaMd>S4RKG+%gf8jEXs4%E(+F9@d=DFN=Z)12=a??DyRsr@a1yM%kXyh4E4{+wn)=2 zF|P7Ra|-qG%MLH~v?#L3NDD|Y4ay3QEYPkh$w#*>(cdsf-%%kT)6h51$JEp~z)9cT z-5|`u-znd%#MGlQ)h{B&C%HVysiHW~%csOW%a<$LqAOdoCpaw4 zB+$>mDcv%}xHv1>BstAH+0ez&Bb!TCS63m^(mf@&&@{xuH#opGGTqG3Ah_J$Fv46v zs8T;SBf>i%-#^W?NZ-XY$dfDg)cF;XUS>ycMovssyi&Pu@wz3pG8bpxjq+M&G3m=5 zwn?|8{dvsI5^FwOvic|Wpt8^T{LTHB0y>wcIsZOVJZ0nCl?UCo|IK(Q$fIX|D)zqJ zio}@_pQZ-5UN;Hm*35X*#o+z?&U69yJw}T^8C}ZesBbzau}f=OMv3O!wh6j&y;cCa C37n(= diff --git a/secrets/hidden_service/forgejo b/secrets/hidden_service/forgejo index 40fa20f..5a5c22a 100644 --- a/secrets/hidden_service/forgejo +++ b/secrets/hidden_service/forgejo @@ -1,7 +1,13 @@ -age-encryption.org/v1 --> ssh-ed25519 OPPxWw EI6x+qUDXzqxQSlCYUbP+7QPZMnjXpltYZtqKGTC0mA -CRKukPnjX7UkoUhvbRqp9R7okrCXSdFOKQ6NqOJOQPM --> ssh-ed25519 aO1l/A yYtKmIaqYqE1GtbpZ57LSOvIk3ShAKRxwLhF28+kX04 -G3LaXN/I2MQsibGKQFhaN9fozZc3WTDfduVNpSs8c6c ---- l669kOCRaI4AYjSfEnh3ipLsLClXVtsZ7XeCVtYe76A -S'`Gh6mխ 8&#r%@w`o"BXegNfPd!C@ ssh-ed25519 OPPxWw uTCw+F+4qeg9cwzmqutlo73TKh+3gHLlKiNnGtH0pBg -/z43V3RLple7a9DQryhGlIuyr4zEkb1VeiP5a/Wj1uE --> ssh-ed25519 aO1l/A 6taX73uwY+2dvd4urZsYuzdz+nCeT1esrgwVK061/Hc -hijoJqXSWN2yWwm8wJAzn0rxYFVKboov6auJMWJiQoE ---- on7Z0/l1J9q8zvDBrcLV4vDvfuSpEIuuAAOaMCywwF8 -khԐLJ8rs1/}9gSΏ-zU/$lHYtq`C25U tK >dqqpnyx"4D~"ڃeLAqzW %V}kS. \ No newline at end of file +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyBJempn +ZG8rcUt1Q3JlTm5qV2RheHpkL25LdTFCZkVkaWlwRjRPbzhjMHpnCmMwSVBMeXls +Rlh1cnorUHdQaCtMUXlGQlovZ3FYWWV4T1JEcEo5bHVzaWcKLT4gc3NoLWVkMjU1 +MTkgYU8xbC9BIDcxL1dQampPaytxZU1SZ2JBNXE3VVZ1QXhvVTZaZW5jK25hOGcv +MTJHQmsKd2ozSVVnVzBZVVphNjRFdVRkVHlzSDYreUFUWS9mWWsxak1weEo3QzlQ +QQotPiB2b3R0dH05XC1ncmVhc2UgXnA7USByIyxWCm1LcGZyNnlVNW5IRE1iZHds +RUpsNytsWHo3dDZ4TnA3b2pWS29ITHJBdzBJNFdGSS9obzFzNEJWRm93NXo5eEUK +Wm5reUZBMG5YdnJDYSswMWpZelpGTjVRUllIbU5QMzZPZW1EZmhVcXQ5YXgKLS0t +IFpaOWIxdFcwTVcwSGhQeHAyLzZjRUlNSm9yTkVYY0RNaWxWdXdVakhPQzAKM0rz +5LPzYYJWhkfR5swizeoTsgQ2RFztCCQjbehBAdjjy8a3FS7YNSNXDbl4vHPscM1D ++XyoKyAZFoSVF0bda9FPpSVUH6+rxddh42mZPW45DiPO/ukMyx415dJjAtQipwxk +RnZ2pT2GLTQ+HVPDGEefWTzjUxH5dOt3awRJEto= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/hidden_service/microbin b/secrets/hidden_service/microbin index 026272e..9a5efec 100644 --- a/secrets/hidden_service/microbin +++ b/secrets/hidden_service/microbin @@ -1,7 +1,13 @@ -age-encryption.org/v1 --> ssh-ed25519 OPPxWw iecDZG4hirn38+rgldEWI2+8/8rq71uWNT+SHlfAiDY -qx6clYF4hxRBJYYu0KKB7hRfPZwCbHcQpjLL941Z83c --> ssh-ed25519 aO1l/A l5cKreKOle24HArdayk83bPWXfXsRJ+Ra+hQJ/wIbxg -so31JolmVJl3EFNBMY0+iFnt68e8IE21hPgywlgKEIA ---- hde73O1LCWGqO/2nrIg8SefxAzPp8ZY1lJFzEOCkNEs -9Q~={XCϧq$4Nlkh 5W5bQkjۺ2q/}B%+uw6 -0_;3nd\l> чC* \ No newline at end of file +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyBRclQ5 +QXg1NlNOUEkvZkFFd1BCNHZ4M3B2bmtiNEVpNkgwM3B3WU13SEVJClFpR0E3Ty90 +VjRTbTB2V2dxT1lPN0diREVBcXVGOWh4azdBNGpmNlpVZFkKLT4gc3NoLWVkMjU1 +MTkgYU8xbC9BIE1yYkFuSFV0L3U3elJ6cEhFRWJlYUNRUkk3bGUvRlNKdG54alJr +bDRXV1kKa0JmN3pJVys4TElvNHdvM1I4S2FaRDNiRStnbnhFQURIS3BDNzd6ZWRT +MAotPiBSbC1ncmVhc2UgVD13UW4KOG1COUJ5UTA2bnpaOFpQWnJQNFNKVktLN3V2 +Y3ljaFVRNGwrakswcWhjdDZQUXBSdjA1NTBvZzhrV2dVZ0YvcApOMmU5Ci0tLSBv +Y1gxSGRyU0JhNEV6RUpxTUJyZjRibEwrSjRzQ3BTYUU1OGpwa2RHQm8wCmL6Q80l +OQmbq0bY2VRYSg8pPhonpz5YWk0LtUwJEvjBeBvCC6wGEV9S66m/cqjzgQo82fbf +Ig72HM0gukgAbTRlchamCMm6TGPG8idpNFH82xj4o4t/9zGaMd0IEGJkVofEwJ+K +SvDbd1f3MBdAJdeOmNl4XEWgKo3SNfVqIxtm +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/hidden_service/nextcloud b/secrets/hidden_service/nextcloud index 8da8effd8818a92a86005c8324b7aaed2dd2d645..9ac6be7c57a022f0eb679776bd52698dd66f526a 100644 GIT binary patch literal 832 zcmdM|0Vh{?Pd^1mcUJ{hKj)yxfDl&~1vgJ0SCE`8S7dlfj!$@4X{522X|hL9L6VV4 zX_B#5o{w>4g>$BXwx@?*Rid+DPLzwMpj zyM?z;h)H^~v0uJVcv!Y?R;VGDZ%B4}WT-_&lC!0gr+a>RpkZJ|lwnk1h(|$wlxu!f zn0r(}uu+s-NQ7UcuX|3Ze@KQ`NO-v}KAy-gfen~*4 zQ?O5XN@Y~ITUAuBQ;DZrxlwYar+HYOYr1!OetEJ-kg<4al&ha_YHoUYQckF0WR{n6V5MbgaIS@MYKU89 zSh!bWkgJw@qSbADokYBN*b9su3he=v^ zc4S(FnORm&NS1y@m`QG!g}W1%iMMO2Z+NLiPI`cAq^V0~cvzmfUy@-`WJXw`L6&)X dxIy` zJ0&E^*gVz9Bs8$nxgx;R(8<>+F_24FS69Kyv$8zP+&{?J)vqKs(<9H-$So?%EXd5u z$T%u7$98e_igltZ8$3 zfVbc8y*KjuBbUs|VD8o9vb&M2syng3JD5%HrN5j?rTsqlZ~JylxjVVnWks(3YXDK2 Bmzn?o diff --git a/secrets/hidden_service/site b/secrets/hidden_service/site index 3128e869578799710139f6795ef016bfcba2a845..0c68a0d92e2f5da791685381e6f61e3ac5c82700 100644 GIT binary patch literal 824 zcmdM|0Vh{?Pd^1mcUJ{hKj)yxfDl&~1vgJ0SCE`8S7dlfj!$@4X{522X|hL9L6VV4 zX_B#5o{w>4g>$BXwx@?*Rid+DPLzwMpoqS3z({ib=9Tg<(`~PDW@%n3Hc-WLdInL7-o-Wmd3ThHIj$SC(_0S3q*E zX>e+2zA0CdL5W#vSb0ILN@Y~ITUAuBV?}_QZ+e(}g{Mzmpm&IouSr;_ms4s^P)SIZQ+}jDfuDDkmuZq~ zV0l!CR}NQXwnQ#szPVYld%8(@K#-HEM}e7TWqC6)F&{^tFqjr%9qP2DAUa+F)uwo!_zg#Jju;C!_vaA zFw-QhJj^0D$;T-?yuh@yq|DXRJDW>aS63m$Feu+6Ak{IY(zB?{)u1%9DA%koJUHJq zIMP2`+uOq_EYB~cG}osvFP*FY)+6a72FANP%a3fsHoY%7u4 z)Xcj}`s>X_7sS3v8h+%D4$9qpLG%0e1>d)CF13!Ud+i}?^+Hg0K~U!Z(mduiV*uE| Bo5%nF diff --git a/secrets/hidden_service/vaultwarden b/secrets/hidden_service/vaultwarden index 1118341..a68dac4 100644 --- a/secrets/hidden_service/vaultwarden +++ b/secrets/hidden_service/vaultwarden @@ -1,7 +1,13 @@ -age-encryption.org/v1 --> ssh-ed25519 OPPxWw yYJgjjH8GaBc+bDIPHIyyG5tBqDjIe7P/9gNhnNcCGw -SomRbtpu4TqEa16yGBImEXWKNIUGNs5RIw1AT2YrEQg --> ssh-ed25519 aO1l/A 1qypu4ZiyZTqEEVEo9Rj8BO3SlPgoPHzn5gMA8SaajU -zPPbrM6mWhhtAuU/3h8/ess31XjHf4kct9HRslv/pwM ---- rF+OjMZvtrB5BSHs89xn8i+UitXqqmmDf+UFliwOxgI -)ݏBZ׫JB1dφCFI'  &nb`i ^)@Qu͊0'f8g0gIAذ4} uY՛v,}jC5Ԯ \ No newline at end of file +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyArMUcr +U0U5Qk81RFBxNElGZFp0Z2hmZkZXY0w4bEM1dkhhdmhBNElYWVdnCkRudm5ONm9E +c3lxSXhteHZwUGc0aFNvR2NrV2pWdFZLcmV1dVYrSEJqWjAKLT4gc3NoLWVkMjU1 +MTkgYU8xbC9BIEpPWURndjBRSUYrQjlqVWR1eTlQcG9ldXlQY0NITi9iVktSMVlE +SmxlQmcKbjUrUTcxNzJnL3ducjJmWlNrQzAvdW9RVWtVNGxTWHhSQWFRdS9xZ1NY +MAotPiAvcmheLWdyZWFzZSBYQUF4XUFuSgplNmRGclRWZFpZT0h5aE0rcGdZam0v +dnl1VXZvZHJBNTJETWVxVEQ1Z2trTmIwN2krMDJRMFRmMk1DYjViOE4xCjBESE1N +OExzTGxWc0lCaGw4Nk1xCi0tLSArdWx6c1QzTjdsbmF4Z2k5N2dTVGl3QXZneTZn +R0NYQUxsSXpRL042ZmRVCuA+WqySyT1dVc48In1Lb8U9CKs91CR1Sg5kr6uy9lY/ +ZbcElyNb+1OKtFxvibUkr0ATRhvtszTMUBy7pQnZxSAk2R2T276t3rTMZnou62+g +9wIKULSqCqSTFiibOUYkVWKSp6fZkO8aQZaPLe/tbZXuJnS8XmRL9IRhrkalfzlw +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/nextcloud-admin-pass b/secrets/nextcloud-admin-pass index 8332c19..9418c3e 100644 --- a/secrets/nextcloud-admin-pass +++ b/secrets/nextcloud-admin-pass @@ -1,7 +1,11 @@ -age-encryption.org/v1 --> ssh-ed25519 OPPxWw j1t4iDbd4Vi+cbtcpysshdhjZkXxw3z9Pt3qsfdxeVE -TfYpAStRQENusrVFzX2K1W5SlAKFum7izz6OuZ8BNw0 --> ssh-ed25519 aO1l/A Gzmig1OCbFrgMB/lBGnlt6ja+9RQGvr7Fvx0dunuhjY -XnlgWGq/5x8GXlpc5E0vg/SahlQ1xQHkGs6T5XNtPhQ ---- sVqR0QBMPSv3pfDQa9xbrWy0+wgvOB/AOVPdPC6fdmI -˕dNUf򖤱I/z){q \ No newline at end of file +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyBldVpP +c3dtRkp0SHdYdklIeFVBY25TSXJNZEUrTDFTa2g5eXFIRDF2YTNjCmo3RVYzTFVo +REFVQUVNNWVFc2x1eFR3QXNEMkhBa3lLY0E0Z2VHUkIrTmMKLT4gc3NoLWVkMjU1 +MTkgYU8xbC9BIE1aQ3pIVHFhR01nNjFlRlltbmRlSjluVGt2YlQ1NjFoWndNN2Mz +a2V1QU0KakVBNEJmR0tnUytZcks0Z2hNcjE5Q3JhdnhnQ3N2Z2ZSZWxxem9wc3JX +SQotPiBvOnskLDNjLWdyZWFzZSA5JEc4VE4gOkwqayJ8LyA8cW8gLDgvCm4zSS82 +ZHpNV1Y3aWtLaHNFQQotLS0gUXBBL1I2TU9sdlY0T1prL0tVSjVmblNSZEJZRlA0 +anhGd1k2UnRSZzVyRQqBRICQ8Gh1EN2BTOjAQpWcgLeUOzkAr/hIDnOQVxxsJUCi +UzA= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/prosody.env b/secrets/prosody.env new file mode 100644 index 0000000..343006b --- /dev/null +++ b/secrets/prosody.env @@ -0,0 +1,12 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyBoVmdv +cUd4cTkzd2l3ZldNYUEvd2szMHB1OWc2Ri9iZ1ZBYmdrMUNvY0VFCldiWXlQR3or +SkxGUkpJV3hVa3dQQ3Y4aHVZNnFvMUc2WDF3TTI0ZlBvNE0KLT4gc3NoLWVkMjU1 +MTkgYU8xbC9BIFpNNXZFL3BGUktpcFNuK1ZncFFzVU5TOGxBVGFCREhuV254NDJl +UStFWFkKV0pYUCs5a1cwZ0lFVnQwYWxuSWRUOTdkbFVXRVJFS2EyV0lNcWpUTFBH +dwotPiA/YVg7US1ncmVhc2UgMyA0cSkwMT9eCnhraGV1TGpvSUt3cmlpa2hQK0Fr +c0tJaHNUSU8yZGcrZkFGSGkxZitWdXNFcHltcVNyTldhS2cKLS0tIFhUV0VTVVdv +RThrbEtoa2hhclZUR2RtdE9zZlNuTWhvUS84eWZvMk91M0kK1H/r33EJ/8dbaEnA +QEX1qV/QUfMNhyvMB77UV99qs7REvL7bwM/wryqa7F3gk6Iw+qQFtSLSnWSzW2l2 +7HNj5goQ +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 4b0adfa..d263d88 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -9,6 +9,7 @@ let in { "bind_pw".publicKeys = all; "nextcloud-admin-pass".publicKeys = all; + "prosody.env".publicKeys = all; "vaultwarden.env".publicKeys = all; "hidden_service/akkoma".publicKeys = all; diff --git a/secrets/vaultwarden.env b/secrets/vaultwarden.env index df5e539..bb00787 100644 --- a/secrets/vaultwarden.env +++ b/secrets/vaultwarden.env @@ -1,7 +1,11 @@ -age-encryption.org/v1 --> ssh-ed25519 OPPxWw 61YZPCkKWrN9HtuXp3Pp8FPn5ZHSMS+Uwj11jAo08lI -Jf5ZST19jmOEo03+9n+5TWdoY9zP7p82/a/7uYWLl5s --> ssh-ed25519 aO1l/A RoOPm2ZU1FnqdSMXN7u6DCFmdm0uBrvC5iD448oJOW0 -TRSOf1Rb267GKvcpri3UVxk1dfDTT3uscvrG5kUOKy8 ---- u6D/Na2naOy7BiTcW1P9U01cb1O0QMWruExMpCevxG8 -] dP; @p혂v1myYS\ **CΆgbҒ te k#ħ'(܏ \ No newline at end of file +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyBSb2kr +QkY5NkJmOTczWFJReDZYYUhTNG1ZdWsvYXhhcDBzcVphZ2V3d24wClFWZVl0NjA2 +QXBRSDljZEFEOFZ4RDRaRi80RVh3VmZWQko1cXJjdDhZbnMKLT4gc3NoLWVkMjU1 +MTkgYU8xbC9BIHFEeVlCaGxjWHQ4UkpHUlcrMEc1dmRLNXB2cDVYWFp4dWNpdnFa +UjloM00KVUlhc0VYVFpLTlFvQVpBZ2VtdlozeGVKM2RTMmdiaTdmUTdiQ1A2KzYw +TQotPiBwIV0tZ3JlYXNlIDozRiA1KnxSdwplQQotLS0geW9sOHBiVlQ2ck50R3lQ +T1U0M3k0K0lJVnJMWkYzcWROUDhvVUEvQWk4awr9RgWpAJ3q1gB4FmrukNJ1XTRG +q1Dpa6WxaY8lhOmXg0JIVxcp59zHTTZmSL5bisx5F0OtGDxnXcB3ssNbcvIqSx2c +/pZzFkrTk/HQjmK0kzC/QoxOEwMTCD3hdimyWJUxXq868WrigoSRWerQ +-----END AGE ENCRYPTED FILE----- diff --git a/services/mailserver.nix b/services/mailserver.nix index 50bdc09..1fbc383 100644 --- a/services/mailserver.nix +++ b/services/mailserver.nix @@ -1,4 +1,6 @@ {config, ...}: { + age.secrets."bind_pw".file = ../secrets/bind_pw; + mailserver = { stateVersion = 3; enable = true; diff --git a/services/prosody.nix b/services/prosody.nix index 5981dad..cc671eb 100644 --- a/services/prosody.nix +++ b/services/prosody.nix @@ -3,7 +3,7 @@ config, ... }: { - age.secrets."bind_pw".file = ../secrets/bind_pw; + age.secrets."prosody.env".file = ../secrets/prosody.env; services = { prosody = { @@ -30,7 +30,7 @@ ldap_base = "ou=people,dc=distrust,dc=network" ldap_server = "localhost:3890" ldap_rootdn = "uid=bind,ou=people,dc=distrust,dc=network" - ldap_password = "${builtins.readFile config.age.secrets."bind_pw".path}" + ldap_password = os.getenv("LDAP_BIND_PASSWORD") ''; }; caddy.virtualHosts."distrust.network".extraConfig = '' @@ -72,9 +72,6 @@ networking.firewall.allowedTCPPorts = [5222 5269 5281 5000]; systemd.services.caddy.serviceConfig.SupplementaryGroups = ["acme"]; - systemd.services.prosody = { - # requires = [ "acme-order-renew-chat.distrust.network.service" ]; - # after = [ "acme-order-renew-chat.distrust.network.service" ]; - serviceConfig.SupplementaryGroups = ["acme"]; - }; + systemd.services.prosody.serviceConfig.SupplementaryGroups = ["acme"]; + systemd.services.prosody.serviceConfig.EnvironmentFile = config.age.secrets."prosody.env".path; } diff --git a/system/configuration.nix b/system/configuration.nix index 27a89c7..f8f758c 100644 --- a/system/configuration.nix +++ b/system/configuration.nix @@ -1,7 +1,7 @@ {pkgs, ...}: let updateScript = pkgs.writeShellScriptBin "rebuild" '' #!/bin/sh - nixos-rebuild switch --flake /etc/nixos#distrust --impure + nixos-rebuild switch --flake git+https://git.distrust.network/root/flake#distrust ''; tor-hostname = import ../helpers/tor-hostname.nix {inherit pkgs;}; in {