aciceri/nixfleet
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Compare commits

base: aciceri:92aad6ff318d9bb302288f492c2e7ca2b9b7a1c5
Branches Tags
aciceri:master
aciceri:update-flake-lock
aciceri:aaa
aciceri:wip
aciceri:test
..
compare: aciceri:1fc860ac11e63d57120de9ec7a0bd29fb7d2bdc8
Branches Tags
aciceri:master
aciceri:update-flake-lock
aciceri:aaa
aciceri:wip
aciceri:test

2 commits
92aad6ff31 ... 1fc860ac11

Author SHA1 Message Date
Seven of Nine
1fc860ac11 flake.lock: Update
All checks were successful
/ test (push) Successful in 3m51s
Details 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/786965e1b1ed3fd2018d78399984f461e2a44689' (2024-07-11)
  → 'github:nix-community/disko/2f5df5dcceb8473dd5715c4ae92f9b0d5f87fff9' (2024-07-22)
• Updated input 'dream2nix':
    'github:nix-community/dream2nix/0c6b5c8ab796f6dfb2aef1133f5b7bb25ce57cb9' (2024-07-10)
  → 'github:nix-community/dream2nix/4e9fd61a1201f4b3800d6946810a6b4c2ecdcde8' (2024-07-18)
• Updated input 'homeManager':
    'github:nix-community/home-manager/c085b984ff2808bf322f375b10fea5a415a9c43d' (2024-07-10)
  → 'github:nix-community/home-manager/635563f245309ef5320f80c7ebcb89b2398d2949' (2024-07-21)
• Updated input 'lix':
    'git+https://git@git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=014410cbf0bda9c0fcdaf5f894120883cdc805ce' (2024-07-10)
  → 'git+https://git@git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=2d4aca25468184fdd2f6be034ab9aa9c28d2839e' (2024-07-21)
• Updated input 'lix-module':
    'git+https://git.lix.systems/lix-project/nixos-module?ref=refs/heads/main&rev=5d9d94089fb1ca96222a34bfe245ef5c5ebefd37' (2024-06-25)
  → 'git+https://git.lix.systems/lix-project/nixos-module?ref=refs/heads/main&rev=d70318fb946a0e720dfdd1fb10b0645c14e2a02a' (2024-07-11)
• Updated input 'mobile-nixos':
    'github:NixOS/mobile-nixos/31704f8a55f5773c9b4e7adb7408a142d142e1f2' (2024-07-11)
  → 'github:NixOS/mobile-nixos/472073a51745cca03257cf625582252cdd04ec21' (2024-07-17)
• Updated input 'nix-on-droid':
    'github:nix-community/nix-on-droid/8bcadcef69dcb5ca177bfb6ea3dc6b092cda2b06' (2024-07-10)
  → 'github:nix-community/nix-on-droid/c00333ee42aa2b4d4825e0388a1049fdeeded6c6' (2024-07-14)
• Updated input 'nix-on-droid/nix-formatter-pack/nmd':
    'gitlab:rycee/nmd/b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169' (2022-10-19)
  → follows 'nix-on-droid/nmd'
• Updated input 'nixDarwin':
    'github:LnL7/nix-darwin/cf297a8d248db6a455b60133f6c0029c04ebe50e' (2024-07-10)
  → 'github:LnL7/nix-darwin/33bf7df5bbfcbbb49e6559b0c96c9e3b26d14e58' (2024-07-21)
• Updated input 'nixd':
    'github:nix-community/nixd/60a925008bc353136ba5babce437f42819c1645c' (2024-06-26)
  → 'github:nix-community/nixd/87135e0dfb3d56262e39de123d5741d2d892dd5e' (2024-07-21)
• Updated input 'nixosHardware':
    'github:NixOS/nixos-hardware/a111ce6b537df12a39874aa9672caa87f8677eda' (2024-07-09)
  → 'github:NixOS/nixos-hardware/ab165a8a6cd12781d76fe9cbccb9e975d0fb634f' (2024-07-19)
• Updated input 'nixpkgsStable':
    'github:NixOS/nixpkgs/7144d6241f02d171d25fba3edeaf15e0f2592105' (2024-07-02)
  → 'github:NixOS/nixpkgs/205fd4226592cc83fd4c0885a3e4c9c400efabb5' (2024-07-09)
• Updated input 'pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/8d6a17d0cdf411c55f12602624df6368ad86fac1' (2024-07-09)
  → 'github:cachix/pre-commit-hooks.nix/f451c19376071a90d8c58ab1a953c6e9840527fd' (2024-07-15)
• Updated input 'treefmt-nix':
    'github:numtide/treefmt-nix/750dfb555b5abdab4d3266b3f9a05dec6d205c04' (2024-07-10)
  → 'github:numtide/treefmt-nix/888bfb10a9b091d9ed2f5f8064de8d488f7b7c97' (2024-07-20)
 2024-07-22 13:02:03 +00:00
Andrea Ciceri
7f52ad42cd
Enable Prometheus/Grafana/Loki
All checks were successful
/ test (push) Successful in 1m35s
Details
2024-07-21 18:18:24 +02:00
15 changed files with 300 additions and 12 deletions
Show stats Expand all files Collapse all files

20
flake.lock generated
View file

@ -104,11 +104,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1721417620, "lastModified": 1721612107,
"narHash": "sha256-6q9b1h8fI3hXg2DG6/vrKWCeG8c5Wj2Kvv22RCgedzg=", "narHash": "sha256-1F2N90WqHV14oIn5RpDfzINj4zMi5gBQOt1BAc34gGM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "bec6e3cde912b8acb915fecdc509eda7c973fb42", "rev": "2f5df5dcceb8473dd5715c4ae92f9b0d5f87fff9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -887,11 +887,11 @@
"lix": { "lix": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1721558553, "lastModified": 1721559271,
"narHash": "sha256-9t5I5t+vKBWaERUi4PMNj9BaPBe6zqr8EWOaC//dlvQ=", "narHash": "sha256-eUvPvpDLRl6553EsoUmzgNYES8X4CYYoWIJ64hhvfGg=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "94a8e5fe0dcee9b079c7f0658680098a989affa1", "rev": "2d4aca25468184fdd2f6be034ab9aa9c28d2839e",
"revCount": 16000, "revCount": 16001,
"type": "git", "type": "git",
"url": "https://git@git.lix.systems/lix-project/lix" "url": "https://git@git.lix.systems/lix-project/lix"
}, },
@ -1063,11 +1063,11 @@
"nixpkgs": "nixpkgs_10" "nixpkgs": "nixpkgs_10"
}, },
"locked": { "locked": {
"lastModified": 1721541664, "lastModified": 1721581528,
"narHash": "sha256-hk9g7kuGqDz8TYAbX9R6IvLUDnE5UpxwLR41MZ5uTDU=", "narHash": "sha256-3esP3cMdqotokFJYxcu680r2VaSA78T03A2VwCZuWEw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixd", "repo": "nixd",
"rev": "963dd36863e18f942e90c66b2c76e7c161b61ff9", "rev": "87135e0dfb3d56262e39de123d5741d2d892dd5e",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
hosts/default.nix
View file

@ -172,6 +172,8 @@
"hercules-ci-secrets-json".owner = "hercules-ci-agent"; "hercules-ci-secrets-json".owner = "hercules-ci-agent";
"cachix-personal-token".owner = "ccr"; "cachix-personal-token".owner = "ccr";
"home-planimetry".owner = "hass"; "home-planimetry".owner = "hass";
"home-assistant-token".owner = "prometheus";
"grafana-password".owner = "grafana";
"cloudflare-dyndns-api-token" = {}; "cloudflare-dyndns-api-token" = {};
"restic-hetzner-password" = {}; "restic-hetzner-password" = {};
# "minio-credentials".owner = "minio"; # "minio-credentials".owner = "minio";

1
hosts/picard/default.nix
View file

@ -41,6 +41,7 @@
"mount-rock5b" "mount-rock5b"
"adb" "adb"
"guix" "guix"
"prometheus-exporters"
] ]
++ [ ++ [
./disko.nix ./disko.nix

8
hosts/sisko/default.nix
View file

@ -29,13 +29,16 @@
"forgejo" "forgejo"
# # "jellyfin" # # "jellyfin"
# "immich" # "immich"
"prometheus"
"grafana"
"prometheus-exporters"
"loki"
"promtail"
] ]
++ [ ++ [
./disko.nix ./disko.nix
]; ];
# FIXME why is this needed?
nixpkgs.config.permittedInsecurePackages = ["openssl-1.1.1w"];
# boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_8; # boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_8;
# boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_testing; # boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_testing;
boot.kernelPackages = let boot.kernelPackages = let
@ -94,6 +97,7 @@
"/var/log" "/var/log"
"/var/lib/containers" "/var/lib/containers"
"/var/lib/postgresql" "/var/lib/postgresql"
"/home/${config.ccr.username}/.ssh"
]; ];
files = [ files = [
"/etc/machine-id" "/etc/machine-id"

1
modules/cloudflare-dyndns/default.nix
View file

@ -16,6 +16,7 @@
"syncv3.matrix.aciceri.dev" "syncv3.matrix.aciceri.dev"
"jellyfin.aciceri.dev" "jellyfin.aciceri.dev"
"photos.aciceri.dev" "photos.aciceri.dev"
"status.aciceri.dev"
]; ];
apiTokenFile = config.age.secrets.cloudflare-dyndns-api-token.path; apiTokenFile = config.age.secrets.cloudflare-dyndns-api-token.path;
}; };

30
modules/grafana/default.nix Normal file
View file

@ -0,0 +1,30 @@
{config, ...}: let
cfg = config.services.grafana;
in {
services.grafana = {
enable = true;
settings = {
server = {
domain = "status.aciceri.dev";
http_addr = "127.0.0.1";
http_port = 2342;
root_url = "https://${config.services.grafana.settings.server.domain}:443/";
};
security = {
admin_user = "andrea";
admin_password = "$__file{${config.age.secrets.grafana-password.path}}";
};
};
};
environment.persistence."/persist".directories = [
cfg.dataDir
];
services.nginx.virtualHosts = {
"status.aciceri.dev" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://127.0.0.1:${builtins.toString cfg.settings.server.http_port}";
};
};
}

4
modules/home-assistant/default.nix
View file

@ -94,6 +94,7 @@ in {
"media_player" "media_player"
"wyoming" "wyoming"
"wake_on_lan" "wake_on_lan"
"prometheus"
]; ];
extraPackages = python3Packages: extraPackages = python3Packages:
with python3Packages; [ with python3Packages; [
@ -148,6 +149,9 @@ in {
]; ];
shell_command.turn_off_picard = ''${pkgs.openssh}/bin/ssh -i /var/lib/hass/.ssh/id_ed25519 -o StrictHostKeyChecking=no hass@picard.fleet "exec sudo \$(readlink \$(which systemctl)) poweroff"''; shell_command.turn_off_picard = ''${pkgs.openssh}/bin/ssh -i /var/lib/hass/.ssh/id_ed25519 -o StrictHostKeyChecking=no hass@picard.fleet "exec sudo \$(readlink \$(which systemctl)) poweroff"'';
# shell_command.turn_off_picard = ''whoami''; # shell_command.turn_off_picard = ''whoami'';
prometheus = {
namespace = "hass";
};
}; };
}; };

67
modules/loki/default.nix Normal file
View file

@ -0,0 +1,67 @@
{config, ...}: let
cfg = config.services.loki;
in {
services.loki = {
enable = true;
configuration = {
# Basic stuff
auth_enabled = false;
server = {
http_listen_port = 3100;
log_level = "warn";
};
common = {
path_prefix = config.services.loki.dataDir;
storage.filesystem = {
chunks_directory = "${cfg.dataDir}/chunks";
rules_directory = "${cfg.dataDir}/rules";
};
replication_factor = 1;
ring.kvstore.store = "inmemory";
ring.instance_addr = "127.0.0.1";
};
ingester.chunk_encoding = "snappy";
limits_config = {
retention_period = "120h";
ingestion_burst_size_mb = 16;
reject_old_samples = true;
reject_old_samples_max_age = "12h";
};
table_manager = {
retention_deletes_enabled = true;
retention_period = "120h";
};
compactor = {
retention_enabled = true;
compaction_interval = "10m";
working_directory = "${cfg.dataDir}/compactor";
delete_request_cancel_period = "10m"; # don't wait 24h before processing the delete_request
retention_delete_delay = "2h";
retention_delete_worker_count = 150;
delete_request_store = "filesystem";
};
schema_config.configs = [
{
from = "2020-11-08";
store = "tsdb";
object_store = "filesystem";
schema = "v13";
index.prefix = "index_";
index.period = "24h";
}
];
query_range.cache_results = true;
limits_config.split_queries_by_interval = "24h";
};
};
environment.persistence."/persist".directories = [
cfg.dataDir
];
}

32
modules/prometheus-exporters/default.nix Normal file
View file

@ -0,0 +1,32 @@
{
config,
pkgs,
...
}: {
services.prometheus.exporters.node = {
enable = true;
enabledCollectors = [
"cpu"
"conntrack"
"diskstats"
"entropy"
"filefd"
"filesystem"
"loadavg"
"mdadm"
"meminfo"
"netdev"
"netstat"
"stat"
"time"
"vmstat"
"systemd"
"logind"
"interrupts"
"ksmd"
"textfile"
"pressure"
];
extraFlags = ["--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" "--collector.wifi"];
};
}

33
modules/prometheus/default.nix Normal file
View file

@ -0,0 +1,33 @@
{config, ...}: let
cfg = config.services.prometheus;
in {
services.prometheus = {
enable = true;
checkConfig = false; # Otherwise it will fail because it cannot access bearer_token_file
webExternalUrl = "https://status.aciceri.dev";
globalConfig.scrape_interval = "10s";
scrapeConfigs = [
{
job_name = "hass";
metrics_path = "/api/prometheus";
bearer_token_file = config.age.secrets.home-assistant-token.path;
static_configs = [
{
targets = ["sisko.fleet:${builtins.toString config.services.home-assistant.config.http.server_port}"];
}
];
}
{
job_name = "node";
static_configs = [
{
targets = builtins.map (host: "${host}.fleet:9100") ["sisko" "picard"];
}
];
}
];
};
environment.persistence."/persist".directories = [
"/var/lib/${cfg.stateDir}"
];
}

54
modules/promtail/default.nix Normal file
View file

@ -0,0 +1,54 @@
{
pkgs,
lib,
config,
...
}: let
conf = {
server = {
http_listen_port = 28183;
grpc_listen_port = 0;
};
clients = [
{
url = "http://sisko.fleet:${builtins.toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
}
];
positions = {
filename = "/tmp/positions.yaml";
};
scrape_configs = [
{
job_name = "journal";
journal = {
max_age = "12h";
labels = {
job = "systemd-journal";
host = config.networking.hostName;
};
};
relabel_configs = [
{
source_labels = ["__journal__systemd_unit"];
target_label = "unit";
}
];
}
];
};
configFile = pkgs.writeTextFile {
name = "promtail.yaml";
text = lib.generators.toYAML {} conf;
};
in {
systemd.services.promtail = {
description = "Promtail service for Loki";
wantedBy = ["multi-user.target"];
serviceConfig = {
ExecStart = ''
${pkgs.grafana-loki}/bin/promtail --config.file ${configFile}
'';
};
};
}

0
modules/promtail/protmail.yaml Normal file
View file

29
secrets/grafana-password.age Normal file
View file

@ -0,0 +1,29 @@
age-encryption.org/v1
-> ssh-rsa /AagBw
TevAEnbonePC8z7uK+0ywO2fOZ2wqerIuF3jS3dGSNJLG3xn+92lHiBbVxc0uza7
LcetZrcEkqoAqo1CGWnUlvmxm/MYF+bGKsM7wgXoi54XIBXTzcSFiK8Il+htNQsH
l11yN4OfCLlG8YT7Yr/1oZHd/k1sSaDW//3tpM4yftZhjZub/Q5m9LAUYZ3fWbPO
lS7AcDwgYPx0wERlfms9t+n9z62qev3leSuQLvTYwktfgAB7XFEIBI2DHZYIZ7IM
gUVXkBHZbMCrxS08b5IP2R7ajiV4RUz8c36TbZY4WWXId3eUkiV1HERzSDmzxtCH
LqZ+GCQRA33g5kXP/5Lxwknr9J4bdk6sBrFl28nawaUyKz7yCBZBZ7hwrvxXJkjS
zOZ+DLSHKqJXYWD1Juq5QtPhsimTr1FhA9ibm6OtjmtMg+TaJpVwXIR0wWrKXSfs
u+kKUWQMFRB07iA+ho86BRvIkhOt8EsrrwXtAjKXCUVm0D9HPfj6R6tzAMT/5Obb
6SmRmlhiJlNB2eqocaTuZEtiHPVyFNFWlYUqaw4wncogVS+Tc8hEuSuZB6kX9nCt
B473PEsqAl5cjkJOFy6VFIdce0S3gflcRceKd7v6Yzvu+UXZbwCOQC75jidsDoJj
6aBfGDhNtTt5zyvuiktlHXpamOKFd1LJPqMfjzM7ka0
-> ssh-rsa QHr3/A
J5pKmu/0IK971olnG7abbezq3wC/izp9i1+TRwwRdMIWdJEXIeNDkWbZa8IzOFwM
1Dz+g4PiIJf1Rmfij+8fXodoTIkh0oF3Nr3bx+3IkGmUfV56SRlLXZQBJsT1qQQ6
ejPhJwvtcOZbbRNECkLeaRErAS6rfNWXc0dn6q9WzBOG8pIXUgFjvP3ak7LpCBz9
yuJvFF1uExydOf4xM9B17ar72qEdMksWSiCsld8wpAPyxkMeaJpDSXc50sYFt2P9
tqT8LGS/cHwhlKMzywbYRClp6tXmV5lit+MEucodOQLgFVk/tOySOPeMfjgud++F
yWcYGVZxuine00trnSwuUHTJVvRWJ7xUUdX1Gi/ZPb6SeJaIcWB/VA0e3OvST5J3
0Zpma/ZqD61ivL6yaj49xiz+sT74tHN8+duPcbiaHMb3DkmjNmptI5x1fJx/k7Dp
WC4Sy4s86tSbrebRrJU3oDGEaXPeJS40QDRhhNTvhOPOOR6K724IWAAFABiHVWOd
o4lXaL3wUaLrgbKIX8f7gwKsGjziMW43HicpnaLOH30OeU4mDtRPRVEboJ5kbsFj
uup5YILnAuhtVjrt+vL0hVbQf0Ll2678jneuu9p816nYj1W58kG6jyGd5n+8jPPi
4g/COiYemaD/qnOvNc51E4vKieV99reaAwZtFV2HwQM
-> ssh-ed25519 +vdRnA yYxNN5g4AFwd+KobTSE6f+ROdXqwBRl9dmq6ZpilmA8
oEKqsUekQMziv74yx5Y9M5MYy85LoFMFYM5rwUgdcSI
--- sKSqHbosmsAkMN3OUyVWcKMsqAmKkn9fcAi5kdNqDWY
9WVr<56>n<EFBFBD>Ρト&ム弱「ケ浩・|Q[CWYリー<EFBE98>

29
secrets/home-assistant-token.age Normal file
View file

@ -0,0 +1,29 @@
age-encryption.org/v1
-> ssh-rsa /AagBw
Q2vgJ5hIP92ny8yk2gih/ZbmUpz+CdGMeQnX2ekORZAkWSuCQvGnBM9gAvRyhoa2
2pmPOjP72HaL8fapcdZlcKHZ7IiQuT+3VWekQmIrrMSlSIwVnvasnOBInxA9f91k
hPR4Np6szQJjMLY7jsgwC0FrrUbgkZIVJp+y+zW+Vk09jdVb84vnBX0QFu/T01Qe
B0GfAmyZnWnxaKkNyNZb3afd+dpWZiZ79jnA4qOkjfXhhmiW2Ng23XdkHfjS8ekN
UptlWH8zbBwhzcFCGDkLEMs6/IewozqvzyS4eqmDfwj8saO78ue2R5pE2skNwq/q
EOneH592KqEIWNFgQPS6P4gjmyWtMnJsWm5SvEcg6mDaE1e6acJ7kb/kYI5zyK6y
PF7lzqsoge/+ptvbQxTwlvhhJIGob3Wqf2/soep+o6C4Vh87Wt2zhHmKR7Mt4Nrl
IIs94GU9SDTz1zDOjaBW/msPDagskVpQnu7z3p9iTnBKdxs4WEpugbPZTUVioChA
c3T8PxLy4pzhm88Rz1KNK9h++uTCPIooGOHVQj+WQpUf+ifWEWiwYEdeTbeutjgF
jz3Ntl9YOzm/w1JCzOVdOge7dvfx0J6qAFbf4OkcLhf8bv2ljSL429NH1lp3DCHY
qwN4wlKpOMGThw3pS2SVd6GqINwehrbS4OVobE/kVH8
-> ssh-rsa QHr3/A
OjdbkVy7w5q3kxFm/4uMbjuIMyVuLSqSWQDvfE1T3vEwkIRJ1w8DOIwahO1qP6CL
oZOH9A5xnS+UcJOSdTqiN4hHC03uuxx1unh/CHPm6zsSksCDHkLvVVhHMaVINvQz
YtV/bek9AWdgT6zMke0pv+zzuCqFGLT7Og1k+aCHtECkF3mB6Etm2P7knggJ2BX3
L9YzsxSO4jj0PBFGX6nHR71dfq2bctik+mKW8LjS1cQ6plOdEsNHUR7s0bwoslrA
KdD6WOHoEOlxfTLiJmNB0A5pZb+iXJOP+ygrpC6WfJHU8nEWZzglNaVqrv14pieH
uez3nji2ZRsfkeXZI4vQJJ8EQ4LJtNhqki9+AcDYxX8pPUQs3e77ytcMYUMkhZmf
p8rC8eXPP69vS+Ia1xyL2nGqPmggZh7iT1VKOC8kXcHX0UB9WZXcJqPeDtQUO6l9
cbGFSF9GkWfuVya7tl7rnRQVQs0Ko6XjOAFiOF8WA0YFNACV/2wVawH4rJ6Km48z
Gv+65Zk3yCXP231saE/Ztv3W43XLiJVDuw2RlUFXpJarGqAAZBhSC4qtDAgzHYLU
CxPrRtoIzOMv4iTzQmjJQFpArOBXU0yWZkaVwn57w6jEzk9NyqTZ02Oxb7DwK528
F/fQOyw1b3GYJY7igv8+KbB+Bup9QQuvHxuxpRaqnek
-> ssh-ed25519 +vdRnA 2bZe+2cbP6T+Aa1g4lWhnOLkJdT7YqfCxTLKZ6wOKhw
i0+UOKIioQz01GfATEmNZVdGeIM2QRIiaUyRdqTgXCM
--- +1qA7qnzAo1u6/yQytQoq7MsZ7owcIa5uAqdg8UQ3tY
•q¨|þÇTë¦iòŽ'Ú«˜¼›^ì%£ø»<C3B8>;^4Ç<34>æÂ}+Ô%¯Ï¡ Ç ü~ÄÈØ¢žÏâæ¦E²¦Îª>ÔÑ€ýÒ0ß%gÆE<C386>õMßgÁ.þFPð<50>ÙWÞÇ­ €\±¦$Y;2^‘ô‰ò¼;—¡LiØXM@%Áßç\V¤”ࢼsà¶ö¼®‘$s¼X´Ô¬±½Ì¢|å°¹¹¦\ÃJܾÉÞ3°®À€«¿!ûNžCŸ)ÏáÏÆ¿rýQùûˆ¾ÆŸÙAQþO0 Ù©‹ÆÄã(

2
secrets/secrets.nix
View file

@ -17,10 +17,12 @@ in
"aws-credentials.age".publicKeys = [ccr-ssh ccr-gpg picard sisko]; "aws-credentials.age".publicKeys = [ccr-ssh ccr-gpg picard sisko];
"nextcloud-admin-pass.age".publicKeys = [ccr-ssh ccr-gpg sisko]; "nextcloud-admin-pass.age".publicKeys = [ccr-ssh ccr-gpg sisko];
"home-planimetry.age".publicKeys = [ccr-ssh ccr-gpg sisko]; "home-planimetry.age".publicKeys = [ccr-ssh ccr-gpg sisko];
"home-assistant-token.age".publicKeys = [ccr-ssh ccr-gpg sisko];
"chatgpt-token.age".publicKeys = [ccr-ssh ccr-gpg kirk mothership picard deltaflyer]; "chatgpt-token.age".publicKeys = [ccr-ssh ccr-gpg kirk mothership picard deltaflyer];
"cloudflare-dyndns-api-token.age".publicKeys = [ccr-ssh ccr-gpg sisko]; "cloudflare-dyndns-api-token.age".publicKeys = [ccr-ssh ccr-gpg sisko];
"restic-hetzner-password.age".publicKeys = [ccr-ssh ccr-gpg picard sisko kirk]; "restic-hetzner-password.age".publicKeys = [ccr-ssh ccr-gpg picard sisko kirk];
"hass-ssh-key.age".publicKeys = [ccr-ssh ccr-gpg sisko]; "hass-ssh-key.age".publicKeys = [ccr-ssh ccr-gpg sisko];
"grafana-password.age".publicKeys = [ccr-ssh ccr-gpg sisko];
"matrix-registration-shared-secret.age".publicKeys = [ccr-ssh ccr-gpg sisko]; "matrix-registration-shared-secret.age".publicKeys = [ccr-ssh ccr-gpg sisko];
"matrix-sliding-sync-secret.age".publicKeys = [ccr-ssh ccr-gpg sisko]; "matrix-sliding-sync-secret.age".publicKeys = [ccr-ssh ccr-gpg sisko];
"forgejo-runners-token.age".publicKeys = [ccr-ssh ccr-gpg picard]; "forgejo-runners-token.age".publicKeys = [ccr-ssh ccr-gpg picard];