diff --git a/helpers/services.nix b/helpers/services.nix index a1e4f5a..34a4f02 100644 --- a/helpers/services.nix +++ b/helpers/services.nix @@ -16,6 +16,10 @@ in { description = "Clearnet URL"; type = lib.types.str; }; + dataDir = lib.mkOption { + description = "Path to stateful storage for service"; + type = lib.types.nullOr lib.types.path; + }; onion = lib.mkOption { description = "Onion service settings"; type = lib.types.submodule { diff --git a/homepage/template.html b/homepage/template.html index 8e0e81d..d720f91 100644 --- a/homepage/template.html +++ b/homepage/template.html @@ -36,7 +36,7 @@ transform: none; width: 100vw; height: 100vh; - padding: 1rem; + padding: 2rem; box-sizing: border-box; font-size: 18px; } @@ -83,6 +83,7 @@ .dimmed { color: gray; text-align: center; + image-rendering: pixelated; } .logo { width: 75px; diff --git a/secrets/bind_pw b/secrets/bind_pw index 0024892..b79f07d 100644 --- a/secrets/bind_pw +++ b/secrets/bind_pw @@ -1,12 +1,12 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyBiNkNh -Y0N3NVJVM1lMbks2RjZZTVRlNTgxRGNHWUxsaTVrblBGaVpSakhnCmd0R3NQajZa -aWdBNjg3eGEzWDlZVDNEYVBHbjZzMHRiaWNiNVZtVjZnSmsKLT4gc3NoLWVkMjU1 -MTkgYU8xbC9BIGhPdXdvMGJMVlB5aUZZY2RkbzVKSGVoYW9rdVZNNW9tcDBSaGQz -OFBGVDgKTzA2T0tNQXNQbTlubU11UVk5TFd6RmhESytmSytRaGExVWJZSDRZcmJQ -awotPiBRemxIXkdlLWdyZWFzZSBoelx4d3MnIFgufGJgIHU0aG16NVwKVHNWdENa -akhkMkFyem45ZVdxRlQ4WkJSZHJJMnpZcUppejU3cUhPVUNTRDZDN3ZJQUZ0RC9z -TUc3Q3BVcmhyMwpDTDV5aHZpRGVGUWF3Y2VpN2QrN0I3RXFjaDdGcDZNeAotLS0g -QS90Vzl6NllBelNIS0NId3lTMUY4WjUrb3FtTTl5eC8veUw4eGtPdUFxMAqxDNiS -qMFAUuHrL6N0juNLc2iDuTuiqfY0Oft+wnQc8LekJCSvSjwt5m7VRLE= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyBWdmJ6 +ak9wSFZFVEpaMXV4R3dkY2dXRW9FVnBqTGd1STJCRzBvTXl0MUFVCmZPMTJQakkz +OHA4NlQ3eGNnbUc1WlFMMDhaMkR1VEFiMXhyVzNQeWdJaFUKLT4gc3NoLWVkMjU1 +MTkgYU8xbC9BIFdDR3dFK0hGSTdRMkp6TlJDTXB3YnVHd1lLdnNQMUkyOWI4NHN6 +dkVOd1UKVGVUUnBOeituOUZ1VFM4RStjMXYwcDJtU1JKdzJxcE1UU1d0bzFldHgv +VQotPiBgVl8tZ3JlYXNlCnhOTFVhM3hlVkJiQjh3bTF1bHlCTy9Waitudnc5NDdn +NjVEU01ES0tXL3NYSFZZTHZ4Y0FDNUZOU2ZIdlJGR3gKS2YzelRXcmR1K25SNlA0 +VmN2U3JWZwotLS0gS1dkMEZQREpCR29MM2Y5OVdOWkxINERsVWhwLytSbHhGVFlH +cW9kR2dzbwoLRnmhINENJyEo4JC/+LvAvsRnm3DimBYr6xk0BSfRnMR9gh5VDSK6 +78jkj2U= -----END AGE ENCRYPTED FILE----- diff --git a/secrets/borg_ed25519 b/secrets/borg_ed25519 new file mode 100644 index 0000000..701901b --- /dev/null +++ b/secrets/borg_ed25519 @@ -0,0 +1,20 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyAwYUNs +clhPYWJPSGhYQzgyWmxncHJtM041MXlNTnhjeDFrYm42cWpncFJVCjNwdXd4OWdK +Nmo2VWx5ZVI5YTVjZnBJRGRoRUUvWTFlWlFzRS9BYjRSMVUKLT4gc3NoLWVkMjU1 +MTkgYU8xbC9BIGsyODR4S1NOK1NDZ1Z3VUlEWnpxTHJXblh1WkpBaFFqc3E4ZGVx +eXNZbEkKMnVjd2UzVXZLUUp0SkN4T1IvWndTY1BYTW9oVEIvWDJ5bUxsckFjTlBY +SQotPiBOZi1ncmVhc2UgeWVcWnQgXFBwZUZZcz8gRCV4aig4fQpXekg3RTZLcVA0 +em9rNmNhYXJ3RVJqNlF6YmZoOTBSY3dmZjZWVmtUWVZ5cWg1dlhFM0Vqc3RzdllU +ZUVYcGltCjlIakEyZwotLS0gcFlhTmJmdmNnZ1N2SmY0ZCtiUEdJa1RVMGMwTnFt +bDB2aGt6blRTejZqWQpzal2kwjRr8ax4p8LwcdPM8FXTSk/0DH37KPcFutewXOqp +5Bs+kbSOtiVGLaTgHqjjC8ABLr70FK9qh29MpS7LNPgeNQEAw0jL6JsoQX3ihWAF +iwjmU1ssKknfhJEgG6RwmJGEoboyXW40sl/wIlo4VoLVn37M9C/AqoGpaKBkhIHo +3YJi+bgMQuxEgyGVmIuoLH94TM8ECPvBP7Zi1dq96zlfr54m5FxvuEU1aCNZ0nNc +/n/xCf39oglDknhEJl3NyQsUaBujHrlw1MC/oQORVMpXVC0Ai4a6U/ZoP7ya0PX3 +fszkRJQHjlGxaERhq5W9uQQ0O/QVKYaFWbcYQRGBM7gFJRUO6EJf2BsReJAANsOL +eWefDFGq89UytfshUsf7vo2FBx+peSA7lMLqtR8yOeu3Rvc69hpUtIx6x/fgG8Zp +A621onI3YzhwGwoLrK8xiSlJxHLDJCXbJGERk2a9FKBivtmB3maDWFYpkhkqfzzO +s7MFyPNGGf9O+GvHuLTGs9ZSQ3OkvqHg8MGRKMArTknhGO4TuZ8+BGsWL/CTOklb +B/EuBekyoDOzRc0dFg== +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/hidden_service/akkoma b/secrets/hidden_service/akkoma index dcc0c39..e6ee750 100644 --- a/secrets/hidden_service/akkoma +++ b/secrets/hidden_service/akkoma @@ -1,12 +1,12 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyBjWmpO -MjZ1cENsaHZIc3hHWEhoUjdXSy9nUXlEbjkwZlJPWFZjUWJFRXpzCjdsejJnbFlW -SDR5S3A2MlNVVlZvUkJYaUx4YVIyVHF4U1RvcUpBVjJiaEUKLT4gc3NoLWVkMjU1 -MTkgYU8xbC9BIEswM09pK2VrVzRIay81RVN4eEF3MlE4MjRXajRNOUsyS0JUSWhN -ckF6VzQKc3dOanRVbWdkVXIySFRyZlFnU1Nsd1pqbXh6UXoyVjROWDc1dk9ORTdS -QQotPiByLWdyZWFzZSAvVlEgLEd0QiAjKi8gLCw9LUUvagprVkpUZi9nbDlRCi0t -LSBkbGVDNnFWaDJYYlhRckdJNlBpb0pQZWxVZi9uTTFvTWR4TWx1N0w0MmEwCtSU -eHusNlpXYTf4GSMY27YyPZD9O5FXB88ur1C6q5l4wlslcYrT8DjRMD/H95grmeHV -OlVie0w+wbwGlwtKEA58rAicMpwz76RkyTUsqwB8vRTn4xEmbQHTzcZry3xx/uoJ -1yKeEMPArQTlXSYxngu5Vc6B2mCNesmJXJMk9lHd +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyBQdDdq +UzhEejRTZHFSbUp6TStNVTJMeUh3NTE2aDZSYVRZL21jN0pWMldzCnluREkxT1I4 +U0FYZ1FScHNtTkVBc1BZck5OWkRZS1hjTy9WdWVHUDdGTVEKLT4gc3NoLWVkMjU1 +MTkgYU8xbC9BIDdTODJqN0p2SnFaMWpoZ0lsRUdqNTdZU2RjQWNIQTlUcjJHZEQ4 +N1pYQTQKSTNyNjM1aVMvSE5VeWlubDJwK1R6Ty9DZVloUG1UKzJ0YTU3bTdpY2Jw +UQotPiBNX2NQWC1ncmVhc2UgQ3sjWEQzKCBeJWNeIDFMSgpwS2JKc3FiQ2tieVgz +SG1Sb2xUeW05NUVSakdqCi0tLSBKRFd1MU4yUXZXWlMra1NYTnlxb1JOZm0wTXRl +K0dIN1NNWitmRlVXSFV3Ck++95L0HJ5FUAe1FMMInpBNY/DVkzjoRYp1LU2s+o6n +TZ4KrmpkoN7sHmrw2G+xOOBHQlLvUCqt/Vg2tGCni8AOKNnU441dAm5R+zfrZ/f2 +5Dc9HfEJ5gIqf6CwCcQLd0cf7yI+RElu/+RLyH96bW22EnoRnl23tKebPEMiR9QP -----END AGE ENCRYPTED FILE----- diff --git a/secrets/hidden_service/forgejo b/secrets/hidden_service/forgejo index 5a5c22a..870b475 100644 --- a/secrets/hidden_service/forgejo +++ b/secrets/hidden_service/forgejo @@ -1,13 +1,12 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyAyck1y -VVB6NkJCRm03TEFlZDJlejVXUC8wM1JEVktrNVZweXllV1J3bVZFCjdGZmdaYTNu -QjYyM2F6Y1NuVVpEM0dEYnhzQlpPNUtUeXNJMThiUXIyRTAKLT4gc3NoLWVkMjU1 -MTkgYU8xbC9BIGxTT1E1czg5MUNHWDBZSVFlOXJhbUllaWJBcXBRbDdBN2paSzls -aFpmUVkKTFRWOHBKQ1oyaGhBcUJMb0hoY0E0QzVJWnhyMDU1N0JVbngvdzhsaVRn -SQotPiB7LWdyZWFzZQpJZmFVS3RuRnVoaytGNTJ6WEhyY3F4R2xzUldzY2RwcitY -NE5CSlM3Tjl1bk9Zek81UE5QN1U0dWcyYXE5elZJCndnCi0tLSBpZjdqVE9md25y -NU8wbWthSGF3WW1zUitUS1lHV3R6S1M0endKVGVFMmFNClu7vY4vYnmMwdE8G8mj -oWlGFTWrbKCDb+FWCdcRn8rcMlBiXSoxQ1bV6vqBl4dBnyNxxgnwxqP+axCzFSTf -9K3tFVMIfIck1/j4GDe6V81bATCT4ZEfTgAiEppXA9jCzR2MULdNmqnZTUV9M/d6 -4lyHd3PEzKimsIMgOWJ9Ds7c +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyBSYVhT +K3M5UExBLzIwckJUVytmclBUSUhIQzg4Y2dDdTJlNkJnQ3I0MkRZCk9QeUxiR01U +UXYzZkdGaG5UQURHNlZteUZWZUJOaldTT3RVUGUwa2dzZDgKLT4gc3NoLWVkMjU1 +MTkgYU8xbC9BIGhqVkFpbHZBRmZnY1NLQUk5NzVPOXIvamxnTDI5TzF0REpHK01m +MThiaDQKVVA0WGg4VTJ6aWVUNmdmaG8zS3VrZi9UWE4rVWFlMnB1YTZJNURjYm1s +VQotPiA5LWdyZWFzZSB8KHdqeH4gcEsyTyBKIFVNRTAnLDVTCnlpaloKLS0tIGpp +dVp0T05UaFJjSFJ2aHhHSUVxNXgrWGtyWjd4R0s4TlUvdUwya0tBTTgKwBVx/CFS +O8lpkNcrDmCQGLdZRFRqg7yvFQzCtEPK9kZnC3HtHBqvCREwMIRDEOt+HxKPLt3L +XDETswsaN6gdsQN+FOy0A+fQvA9ab8I+MODBoYlexzUllrqyGDr7JdMKIoxVi0bA +9LAwdTBSjxNc7GwIE5dj3cDZwQpqbO8fSpQ= -----END AGE ENCRYPTED FILE----- diff --git a/secrets/hidden_service/lldap b/secrets/hidden_service/lldap index 556cdd7..9f466b2 100644 --- a/secrets/hidden_service/lldap +++ b/secrets/hidden_service/lldap @@ -1,14 +1,12 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyBJempn -ZG8rcUt1Q3JlTm5qV2RheHpkL25LdTFCZkVkaWlwRjRPbzhjMHpnCmMwSVBMeXls -Rlh1cnorUHdQaCtMUXlGQlovZ3FYWWV4T1JEcEo5bHVzaWcKLT4gc3NoLWVkMjU1 -MTkgYU8xbC9BIDcxL1dQampPaytxZU1SZ2JBNXE3VVZ1QXhvVTZaZW5jK25hOGcv -MTJHQmsKd2ozSVVnVzBZVVphNjRFdVRkVHlzSDYreUFUWS9mWWsxak1weEo3QzlQ -QQotPiB2b3R0dH05XC1ncmVhc2UgXnA7USByIyxWCm1LcGZyNnlVNW5IRE1iZHds -RUpsNytsWHo3dDZ4TnA3b2pWS29ITHJBdzBJNFdGSS9obzFzNEJWRm93NXo5eEUK -Wm5reUZBMG5YdnJDYSswMWpZelpGTjVRUllIbU5QMzZPZW1EZmhVcXQ5YXgKLS0t -IFpaOWIxdFcwTVcwSGhQeHAyLzZjRUlNSm9yTkVYY0RNaWxWdXdVakhPQzAKM0rz -5LPzYYJWhkfR5swizeoTsgQ2RFztCCQjbehBAdjjy8a3FS7YNSNXDbl4vHPscM1D -+XyoKyAZFoSVF0bda9FPpSVUH6+rxddh42mZPW45DiPO/ukMyx415dJjAtQipwxk -RnZ2pT2GLTQ+HVPDGEefWTzjUxH5dOt3awRJEto= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyBiSTcr +NGZ3TnRkbDFXcnUwd05PWWowWVV0YnVPaXV1VXhCM1R2VlNwbmxFCkNYbzBHWW1y +M1h5UkV4bmRUaWRKd0l1Z0FEYnZNQnAvbi9jaThtbkNjTU0KLT4gc3NoLWVkMjU1 +MTkgYU8xbC9BIC9jL1oxOHgvTFl2eFA2SVd0VlJFSVAwNVNPVFgwOVVlTy9uNU5q +TjBBVDgKcDBTQWxZYVFZSEppVVZqVm1vRHJ1cUZVSzZub3BYdnRYSVZvSHUwMUdm +NAotPiAqPipYRjJoYi1ncmVhc2UgPFQvVXhJfC0KRVdKcStnCi0tLSB5N0dabi9a +N01QYlRqblo0bHJmQWU2YW01b1FvNWcyZVFxY3NaaW1JL0dzCsVA4MeNO1t8sMvW +DX1St7ef/oOGwj0hG9kjiM1fbD2pDbry3TzKB74J5elEiMu0JV8gcSSpiXTk1t3/ +93s2Y9wRwWr+Gn7PleCab3roV5eS2xDra62RW9MXAoFPNekcSAy9k25+4d/BgxtX +mwbVVsL4SKV2j24iedcZGAW4UMM1 -----END AGE ENCRYPTED FILE----- diff --git a/secrets/hidden_service/microbin b/secrets/hidden_service/microbin index 9a5efec..b3baebb 100644 --- a/secrets/hidden_service/microbin +++ b/secrets/hidden_service/microbin @@ -1,13 +1,13 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyBRclQ5 -QXg1NlNOUEkvZkFFd1BCNHZ4M3B2bmtiNEVpNkgwM3B3WU13SEVJClFpR0E3Ty90 -VjRTbTB2V2dxT1lPN0diREVBcXVGOWh4azdBNGpmNlpVZFkKLT4gc3NoLWVkMjU1 -MTkgYU8xbC9BIE1yYkFuSFV0L3U3elJ6cEhFRWJlYUNRUkk3bGUvRlNKdG54alJr -bDRXV1kKa0JmN3pJVys4TElvNHdvM1I4S2FaRDNiRStnbnhFQURIS3BDNzd6ZWRT -MAotPiBSbC1ncmVhc2UgVD13UW4KOG1COUJ5UTA2bnpaOFpQWnJQNFNKVktLN3V2 -Y3ljaFVRNGwrakswcWhjdDZQUXBSdjA1NTBvZzhrV2dVZ0YvcApOMmU5Ci0tLSBv -Y1gxSGRyU0JhNEV6RUpxTUJyZjRibEwrSjRzQ3BTYUU1OGpwa2RHQm8wCmL6Q80l -OQmbq0bY2VRYSg8pPhonpz5YWk0LtUwJEvjBeBvCC6wGEV9S66m/cqjzgQo82fbf -Ig72HM0gukgAbTRlchamCMm6TGPG8idpNFH82xj4o4t/9zGaMd0IEGJkVofEwJ+K -SvDbd1f3MBdAJdeOmNl4XEWgKo3SNfVqIxtm +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyBDaWgr +VEwrMGs5RmZoc29SMld4S2oyZHgzUDNjSmtIVEtOUXJRSjFLcVRBCm1UK0NoWjRJ +aUQva1ZQVUpIbTJPVmtpakpLOUtOR3ZYRmZtQUpTbllrck0KLT4gc3NoLWVkMjU1 +MTkgYU8xbC9BIG8yMGs5OGdndkFUS2hKYUpzWEh0Q1dReW9SNTR4MnF0TXVsNzJE +Nmx0SDgKVThrNnNxcEtnRkhNR2ZYdW1iRjdxeEFyZ1I0UjJwNHFtd21OMHZWMGFS +OAotPiBcSC1ncmVhc2UKbThBZllEQ1k3NU9EclJ4OU1BemNEYThPMW9HTkt3c3BW +M1BxWktZT2p4S2VBNDBHWHRydnRFc0c5bVQ2Wng0SApvM05kMU1vb24zZzRMZwot +LS0gODd6aUZxdU1nUHdwMTZsVG5YbGdNa2RWUENJTTgzVFBFSTdjSnNGZHlYTQoR +pW5dpblJ25a/dtFtGz5cqYwk6ZdAi4PX8RzOXTLXu2ohHSm1LO1r4udsYvKlm4UH +SPfjdlTUq3Go15kvUJRVCuDI12zFNVN5j2KahE0WJ+bewiOg+367pUu2qEG6YutF +xBhQA+KV5piCekyrAT8axDDn/5kCWLU1+jmQx73Xxw== -----END AGE ENCRYPTED FILE----- diff --git a/secrets/hidden_service/nextcloud b/secrets/hidden_service/nextcloud index 9ac6be7..bd80670 100644 --- a/secrets/hidden_service/nextcloud +++ b/secrets/hidden_service/nextcloud @@ -1,14 +1,13 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyBjdXRJ -NFpKbk56YmNUUk9rN1YyV2xnZCtwOVVlVVQ1dmxGMDlvbjI0NkQ0CjZ4S3V0VzFp -dXFaYkhGMndSMHYxVE85UG1OZTRucUgrM2tDM05aUWsvZG8KLT4gc3NoLWVkMjU1 -MTkgYU8xbC9BIGowQ1QxZ1ZqTHpoZEozVGZPS2ZFTXNYMGluOThJTWo4Unh5M2Fh -ZVhPaWcKcWRpaDBYUHVlQWJtUU9DelpBSXNENTZXRFRYRnU0dTRZOGJuYVFuclZ1 -RQotPiBSLWdyZWFzZSBtIFw2ciI7VnEgKgowcHR3L0dKS2NFOUZiTmNHSnZ4bTcx -aW5FWDJrK3hDQ0xuK1E2cElRRGFpb3liOEJsZVQ2OGx4NlphSTI1VlZkClF6d1B2 -SUY2ZENMemgwblU1YjJCQy9uSm83eTFyVWJaREFHSUdnbE51SEVjazJlOGprYWFs -YjAKLS0tIFcvaXZvKzFEdzg3cmNMZVErMHBNL1RJK2drdkpFTXE1emxwblBsNzBi -Z2cKFmwTG7Z/lKUXIhF9hQuCoAS26F0XGWTkc1/VC4qDNzZPVq5i1Ui/g9ULDhNj -Q94Vmm2femcIPu8xJNL2OoQIlsBZ8VgffRNsACwdDH4fWkYfX66jlTj/xV4mV8GB -4KEeMWu8lgPEY5DyWVn7Nb1bYhVa0j7gg8pX6GOpiV8CPss= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyBSQlBC +bTcxMnVxU0RHcU04VW9uWHA3SGZMLzB1Q3ZOSHdKbW1zTTRLQmdNCjltMkhRNmVM +eTNGVHJaajA0WFVueUV2Q2p0T0xaVnVPSFlLeENBdWxoUmcKLT4gc3NoLWVkMjU1 +MTkgYU8xbC9BIEp0Q29rYlY1ZkJaaUh3QzZydlYzanJNazhrVjI4anVSY2pHNVhk +cWZxRU0KYnlkdmliTzFIVUVvZ21nODhSLzNtd1IybU9XVkorTzdrME81U29VZHNU +dwotPiBoLWdyZWFzZSAhOTU3ekZRNCBLZVkgLWElOngKajdqZTB1RWNrM2h5alRn +THJFOFBjL3phcCtNdUZ1dXBVQlF1UGI5eXdHckFoQ0NSeU14MmQ4c2I2UQotLS0g +UzZocTdhaHdBUU9zVUYvSC92N24wY3pQeVBENi8zWUtVWWZnTnNrS2FpYwo+KNvC ++EHKTRkZq4CY3QEoyWYpz5TO6FoMLE39eX/GV5Dxs2LZ0pvdbv7CV6CDvqmXdaBE +O3BuISGBE0ZLBMM6f35yjVrUB1bWin7IQz9MGGnb30Tq+sSjVICM+qZ4Jl6vsVZ4 +Elv7a2nOUL2quEyPM0fIVQzuj/jhuKYJ/Ax7eQ== -----END AGE ENCRYPTED FILE----- diff --git a/secrets/hidden_service/site b/secrets/hidden_service/site index 0c68a0d..7d6ce95 100644 --- a/secrets/hidden_service/site +++ b/secrets/hidden_service/site @@ -1,14 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyBsajRl -NVdvemJjVElSVHJpSTd4c0x1ZmlhUXVBMjYvcEpQNS9jSFhEaEJjCnJPcm5SeUo5 -b0t6eVpDa2xjSU80ZmdMSVRrNU9Gdzd5bWNFNiswaTNZSzgKLT4gc3NoLWVkMjU1 -MTkgYU8xbC9BIG15aU1VV1JuYUdFMmY3c09menZLOHJEWUs4U0NYZU43MVF4SnBw -RGE3QVUKaVlCNTdSUzJMYStERmQvdWdROUU1TUdlSjZHSlhyMk5qdTlLUXkrWWN3 -SQotPiBYLWdyZWFzZSAxPFMgVGxILnQKT2M4VUJBelRtTjBoY0pNKzJ5bEQwZTJl -Yk4zVW5ZY0NwODlLTzFiM2dhRkpoME5udkZPbnVmODQzYzdBY1NGawpQOWZ3Y0xK -Y2dSQUsrdUJubkNoeW1KUDExNkEvTUVDeGdiU2kvMnZ3Q25VRkdqSXJCQkUKLS0t -IHRxQzFCNThnUzVJZndrMUZ4b0J1QUd5NmtXN1I1RUVBaU5ndjh4SUUwYUEKUhBk -9ORXrjIGLyKukh0Fhv4cs1w4WEu0CaW0tC3gj7ad7/lsTx65e2BQ0R9wJKRnx5M1 -QdSop4MDwcV+MtRjCtc8WaVk6QJLjkWtPHKNnUVktmAg54T8aw7W+jItTX/ww/FR -z2FZeJxcdrm0o76cGg4WPRB5Hp69ywterC0UCYs= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyBPU0ZK +TS9NRlRRSG1iSlFQbzJYZit2ZmxuN04wQjM0SFlvZWduWHEyaXlnCmlsaFZicjk2 +bVY5bUtJZWZXUnliVFZRMHJHTktaZ2IwT3NZVFZQbGRoQ1UKLT4gc3NoLWVkMjU1 +MTkgYU8xbC9BIHFMekZjelZlcUY4c2hPRFVsQTFuZmljZkg5Uk5LOVVma3VOSHRq +ajBOeTgKT05yR0oxMG03bzBrQ2loZTN4TFhhSXlnaXk5cko0Y0lBN01aTGJLOFVq +NAotPiBcX2MtLWdyZWFzZSAmIDogRAplRlkwZGN5U1NxdkVrUDMvelRzUU0yRzdB +Nm5DVkNMR3F2dTNtOXBrTzdiZHZMUlU0MTZzNEcvWDhHNzFJQnFYCkIrMjNueSt6 +N1FWQkJDaUsyQXQ1UnBla3Nib3kKLS0tIG0yZzJmSUlaSUpOVjJlQ3FGWVllWFho +UDYwQTE0MU1GRTBsS2xCcGdrcmsKErYJZSR89DjZxH7mJi3msOtqpzlcz5HPFjba +B9qwNoKnXRcd521X76j7gbtLQFonNOIV9xjQ1E7FCIGSoEqhVGL4JpEBz/cvGlkH +QoYzWsPzXoNd18pV5bErA4wpP/Q2jIB81Ct8ylSUJync+9sFK0ku7msCbI7nD3uZ +xg++wV8= -----END AGE ENCRYPTED FILE----- diff --git a/secrets/hidden_service/vaultwarden b/secrets/hidden_service/vaultwarden index a68dac4..12215f8 100644 --- a/secrets/hidden_service/vaultwarden +++ b/secrets/hidden_service/vaultwarden @@ -1,13 +1,13 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyArMUcr -U0U5Qk81RFBxNElGZFp0Z2hmZkZXY0w4bEM1dkhhdmhBNElYWVdnCkRudm5ONm9E -c3lxSXhteHZwUGc0aFNvR2NrV2pWdFZLcmV1dVYrSEJqWjAKLT4gc3NoLWVkMjU1 -MTkgYU8xbC9BIEpPWURndjBRSUYrQjlqVWR1eTlQcG9ldXlQY0NITi9iVktSMVlE -SmxlQmcKbjUrUTcxNzJnL3ducjJmWlNrQzAvdW9RVWtVNGxTWHhSQWFRdS9xZ1NY -MAotPiAvcmheLWdyZWFzZSBYQUF4XUFuSgplNmRGclRWZFpZT0h5aE0rcGdZam0v -dnl1VXZvZHJBNTJETWVxVEQ1Z2trTmIwN2krMDJRMFRmMk1DYjViOE4xCjBESE1N -OExzTGxWc0lCaGw4Nk1xCi0tLSArdWx6c1QzTjdsbmF4Z2k5N2dTVGl3QXZneTZn -R0NYQUxsSXpRL042ZmRVCuA+WqySyT1dVc48In1Lb8U9CKs91CR1Sg5kr6uy9lY/ -ZbcElyNb+1OKtFxvibUkr0ATRhvtszTMUBy7pQnZxSAk2R2T276t3rTMZnou62+g -9wIKULSqCqSTFiibOUYkVWKSp6fZkO8aQZaPLe/tbZXuJnS8XmRL9IRhrkalfzlw +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyA1a0o1 +b2lFNjBDUitTdGgzRDFNcjF6bnRXNGRxcTl5VHgyMWtycTl6R0NFCnNYQTFQVlZa +QWwvSUl5UEJNb3RuUlhHbU05VmZ1eS9YeE9RR0xNeG01eWcKLT4gc3NoLWVkMjU1 +MTkgYU8xbC9BIEtCQklncXNWMTdmVmtzU3I0RUlUa09XakhQOFZUOVRaR2EwNGlV +UWd4amsKa041alNTWmpjSnQyZG9QSzg2WmdjZEZBM2lJcU5BS0o1SzkxUTBXRHJs +SQotPiBKNl0tZ3JlYXNlIGw9fnJWIDwgeAp6YWNKcTlGdWNYQ1BVc3FUTkhudXcr +TXpsWWE4endVTFNadVd6M1ByOFdxeGZ1WkRObWN6M3cKLS0tIGdIbmMxdzUwUzYr +emROTU0zTUdXS1RoSDVib2FnM3QwRmE3dG1GeEppb2sK2hK1SL0zHOzEBa+fG7Hf +/6FW6QxX+j7+ohu8xYsMqZIvqBHDtxCMUpTEbFdrkjy1n6u+KATFCM0cJO9KdDrJ +9NlyxXrRA8TzkSZnkHoJJ39U6b/fZvaocXEiLfcpTQ/w22IWjxvuv4KpqgCjzpAN +kDqNepGxraAzVgJOn83qKT4= -----END AGE ENCRYPTED FILE----- diff --git a/secrets/nextcloud-admin-pass b/secrets/nextcloud-admin-pass index 9418c3e..76171e8 100644 --- a/secrets/nextcloud-admin-pass +++ b/secrets/nextcloud-admin-pass @@ -1,11 +1,10 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyBldVpP -c3dtRkp0SHdYdklIeFVBY25TSXJNZEUrTDFTa2g5eXFIRDF2YTNjCmo3RVYzTFVo -REFVQUVNNWVFc2x1eFR3QXNEMkhBa3lLY0E0Z2VHUkIrTmMKLT4gc3NoLWVkMjU1 -MTkgYU8xbC9BIE1aQ3pIVHFhR01nNjFlRlltbmRlSjluVGt2YlQ1NjFoWndNN2Mz -a2V1QU0KakVBNEJmR0tnUytZcks0Z2hNcjE5Q3JhdnhnQ3N2Z2ZSZWxxem9wc3JX -SQotPiBvOnskLDNjLWdyZWFzZSA5JEc4VE4gOkwqayJ8LyA8cW8gLDgvCm4zSS82 -ZHpNV1Y3aWtLaHNFQQotLS0gUXBBL1I2TU9sdlY0T1prL0tVSjVmblNSZEJZRlA0 -anhGd1k2UnRSZzVyRQqBRICQ8Gh1EN2BTOjAQpWcgLeUOzkAr/hIDnOQVxxsJUCi -UzA= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyB2aXFO +YlVRdnJNcVdEUUxUanFIRUlnYXptcTBCeElaMFY4MlR5NXA3dTNVCnA2T2pjZ0t3 +bVB6dmh0algxMVNLYm0xelJ0SEg4anhwK3o3UVgyOTdTR00KLT4gc3NoLWVkMjU1 +MTkgYU8xbC9BIElJeXN4cERpMTFQUVRsYldLSEVHWXRtNXl4QlFOM0FITTlkVXJU +bmhIZ0kKWUFVTVJVdUF0QUdOVmgvaFpRSC9MYW5WUUpIVTZzdHQrM2hJcFBSNlMw +OAotPiBJaGUtZ3JlYXNlIHVRKiIKeVd5Mk4wb2tzWFZjZklmblB1YnhhUQotLS0g +MXU1YnBDaUtDMXVtWkl2ZGZhZE0zM0ZNbEJycHIzZzhrdEtVbGtJSEVvNAo7Bu89 +csVu8M2I5kuvY+jXDpHet0O5SfR604903Asa2IT05Qk= -----END AGE ENCRYPTED FILE----- diff --git a/secrets/prosody.env b/secrets/prosody.env index 343006b..33ff090 100644 --- a/secrets/prosody.env +++ b/secrets/prosody.env @@ -1,12 +1,13 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyBoVmdv -cUd4cTkzd2l3ZldNYUEvd2szMHB1OWc2Ri9iZ1ZBYmdrMUNvY0VFCldiWXlQR3or -SkxGUkpJV3hVa3dQQ3Y4aHVZNnFvMUc2WDF3TTI0ZlBvNE0KLT4gc3NoLWVkMjU1 -MTkgYU8xbC9BIFpNNXZFL3BGUktpcFNuK1ZncFFzVU5TOGxBVGFCREhuV254NDJl -UStFWFkKV0pYUCs5a1cwZ0lFVnQwYWxuSWRUOTdkbFVXRVJFS2EyV0lNcWpUTFBH -dwotPiA/YVg7US1ncmVhc2UgMyA0cSkwMT9eCnhraGV1TGpvSUt3cmlpa2hQK0Fr -c0tJaHNUSU8yZGcrZkFGSGkxZitWdXNFcHltcVNyTldhS2cKLS0tIFhUV0VTVVdv -RThrbEtoa2hhclZUR2RtdE9zZlNuTWhvUS84eWZvMk91M0kK1H/r33EJ/8dbaEnA -QEX1qV/QUfMNhyvMB77UV99qs7REvL7bwM/wryqa7F3gk6Iw+qQFtSLSnWSzW2l2 -7HNj5goQ +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyByc2Yx +TkQxS1BQU1dlcXFNSCtpWFVVVzlvV1ZxTUdScWJvTUIzMFh3RGt3ClRXUEZ1VmRW +NTFNNmFkb2RkVVYveDBibzI3Z2Jpb1lmTE1IRG0yY0FBa2sKLT4gc3NoLWVkMjU1 +MTkgYU8xbC9BIG9MYXVDKzB4VTgveVhCWnpQV0VyMExKSDl4NmlQblNyZFpwQjNC +dXdVaGMKSUVsclp3NG41bzdVbUh6MDFsMEtGbUNnVGxKZDBaRm1Wdi9pSGJ4R05E +dwotPiA1ejotZ3JlYXNlIDlgTTBLIEJrVipZCnJueEl4ZTBVOVRxZ2hhaE1oMGky +K2NacXV4dVp1OTBFaHNiVERDaW1PNjY4d3NQTU9SVU4rTWEra1IxTEN6NWwKazJs +TFluL2xzM0VKN3ZuVm5xKzlTWFBWemlaVTBlODF5d0ZVMFEKLS0tIHVPN21TLzhE +dTlhV3pKS1dxYjRTV3VPVVh4aVc2YXZwMlB5TXhuMnlrYlUKmrPsytC5J9hA7VYZ +ky6Wo40kg3B74sb5jfxSrxlpOUAUxIDFJb7qan6KPxschp4thJzhLCutDnuPbOdY +68RPZsuV -----END AGE ENCRYPTED FILE----- diff --git a/secrets/secrets.nix b/secrets/secrets.nix index d263d88..e464c94 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -11,6 +11,7 @@ in { "nextcloud-admin-pass".publicKeys = all; "prosody.env".publicKeys = all; "vaultwarden.env".publicKeys = all; + "borg_ed25519".publicKeys = all; "hidden_service/akkoma".publicKeys = all; "hidden_service/forgejo".publicKeys = all; diff --git a/secrets/vaultwarden.env b/secrets/vaultwarden.env index bb00787..ffb19d5 100644 --- a/secrets/vaultwarden.env +++ b/secrets/vaultwarden.env @@ -1,11 +1,12 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyBSb2kr -QkY5NkJmOTczWFJReDZYYUhTNG1ZdWsvYXhhcDBzcVphZ2V3d24wClFWZVl0NjA2 -QXBRSDljZEFEOFZ4RDRaRi80RVh3VmZWQko1cXJjdDhZbnMKLT4gc3NoLWVkMjU1 -MTkgYU8xbC9BIHFEeVlCaGxjWHQ4UkpHUlcrMEc1dmRLNXB2cDVYWFp4dWNpdnFa -UjloM00KVUlhc0VYVFpLTlFvQVpBZ2VtdlozeGVKM2RTMmdiaTdmUTdiQ1A2KzYw -TQotPiBwIV0tZ3JlYXNlIDozRiA1KnxSdwplQQotLS0geW9sOHBiVlQ2ck50R3lQ -T1U0M3k0K0lJVnJMWkYzcWROUDhvVUEvQWk4awr9RgWpAJ3q1gB4FmrukNJ1XTRG -q1Dpa6WxaY8lhOmXg0JIVxcp59zHTTZmSL5bisx5F0OtGDxnXcB3ssNbcvIqSx2c -/pZzFkrTk/HQjmK0kzC/QoxOEwMTCD3hdimyWJUxXq868WrigoSRWerQ +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9QUHhXdyBKcUdI +M2JBb1dPQWZScFA1N242bEw3bzBkd1hsUGdwaEEyaWVyaWF6eWdnCitMUDJ3NVQ5 +VzJWTmEyZGw3RWRmYWZFZE9TQndmRnorWlNhTmh4cXY4RVUKLT4gc3NoLWVkMjU1 +MTkgYU8xbC9BIHNCMUhDakVSdHIwSmdEVHpyMXAzeFlnYUhxeVdYVWxERExHNXVJ +VHVxM1UKUjJlQjZKY2RtWUdXZkgzSEx3UE85STlNRXhINTA3V0xOOE9HbUR4TWFp +MAotPiAlXnZALC1ncmVhc2UgVyBGW15LWSBkYDUyb31KIEsycFgKWWFocVlQQUUK +LS0tIDF2cHV6ZTNNVHRpSi84UU9vSXVzVFllN1dzQ2JiNjY0Y0s1UVM5dzlzRWMK +mDbF1WvvbM1GxYR00bBVvmHmmVvbxmUZ/VaC3h1Y1OLTP2gkPcHvfqDnCkpPa7eT +aSWbivcQJWlECuYu14wRMKDJDB08jHi6BQ8DPtbm1c7tmTiLvC1h3iE/Oy/UaLtk +vgwUfgR2cs3Sg743Fw== -----END AGE ENCRYPTED FILE----- diff --git a/services/akkoma.nix b/services/akkoma.nix index 9e2860f..d511c69 100644 --- a/services/akkoma.nix +++ b/services/akkoma.nix @@ -40,6 +40,33 @@ in { }; }; }; + borgbackup.jobs."akkoma" = { + repo = "ssh://n65yc7ze@n65yc7ze.repo.borgbase.com/./repo"; + environment = { + BORG_RSH = "ssh -i ${config.age.secrets."borg_ed25519".path} -o 'StrictHostKeyChecking=no'"; + }; + paths = [ + "/var/lib/akkoma" + ]; + encryption.mode = "none"; + compression = "auto,lzma"; + startAt = "daily"; + prune.keep = { + daily = 7; + weekly = 4; + monthly = -1; + }; + readWritePaths = [ + "/var/backup/postgres" + ]; + preHook = '' + mkdir -p /var/backup/postgres + ${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump akkoma > /var/backup/postgres/akkoma.sql + ''; + postHook = '' + rm -f /var/backup/postgres/akkoma.sql + ''; + }; }; distrust.services."akkoma" = { diff --git a/services/borg.nix b/services/borg.nix new file mode 100644 index 0000000..715ae37 --- /dev/null +++ b/services/borg.nix @@ -0,0 +1,3 @@ +{ + age.secrets."borg_ed25519".file = ../secrets/borg_ed25519; +} diff --git a/services/default.nix b/services/default.nix index 7515fd5..bb21095 100644 --- a/services/default.nix +++ b/services/default.nix @@ -1,16 +1,22 @@ { imports = [ + # Core System ./caddy.nix + ./borg.nix + + # Non-Stateful ./site.nix - ./nextcloud.nix - ./forgejo.nix - ./akkoma.nix - ./prosody.nix - ./lldap.nix - ./paste.nix ./crypto.nix - ./vaultwarden.nix - ./mailserver.nix ./tor.nix + + # Stateful + ./akkoma.nix + ./forgejo.nix + ./lldap.nix + ./mailserver.nix + ./nextcloud.nix + ./prosody.nix + ./paste.nix + ./vaultwarden.nix ]; } diff --git a/services/forgejo.nix b/services/forgejo.nix index 6039d03..0456fea 100644 --- a/services/forgejo.nix +++ b/services/forgejo.nix @@ -5,14 +5,33 @@ in { file = ../secrets/hidden_service/forgejo; }; - services.forgejo = { - enable = true; - lfs.enable = false; - settings.server = { - DOMAIN = "git.distrust.network"; - HTTP_PORT = forgejoPort; - ROOT_URL = "https://git.distrust.network/"; - SSH_PORT = builtins.head config.services.openssh.ports; + services = { + forgejo = { + enable = true; + lfs.enable = false; + settings.server = { + DOMAIN = "git.distrust.network"; + HTTP_PORT = forgejoPort; + ROOT_URL = "https://git.distrust.network/"; + SSH_PORT = builtins.head config.services.openssh.ports; + }; + }; + borgbackup.jobs."forgejo" = { + repo = "ssh://v4379v0z@v4379v0z.repo.borgbase.com/./repo"; + environment = { + BORG_RSH = "ssh -i ${config.age.secrets."borg_ed25519".path} -o 'StrictHostKeyChecking=no'"; + }; + paths = [ + "/var/lib/forgejo" + ]; + encryption.mode = "none"; + compression = "auto,lzma"; + startAt = "daily"; + prune.keep = { + daily = 7; + weekly = 4; + monthly = -1; + }; }; };