ctucx.git: nixfiles

secrets: add agenix

diff --git a/configurations/common.nix b/configurations/common.nix
@@ -3,6 +3,7 @@
 {
   imports = [
     <home-manager/nixos>
+    <agenix/modules/age.nix>
     ../helpers/make-nixpkgs.nix
     ./programs/cli/bash.nix
     ./programs/cli/git.nix

@@ -67,6 +68,7 @@
 
   environment.systemPackages = with pkgs; [
     alacritty.terminfo
+    (pkgs.callPackage <agenix/pkgs/agenix.nix> {})
  ];
 
   users.users = {

diff --git a/nix/sources.json b/nix/sources.json
@@ -1,4 +1,16 @@
 {
+    "agenix": {
+        "branch": "main",
+        "description": "age-encrypted secrets for NixOS",
+        "homepage": "",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "08b9c96878b2f9974fc8bde048273265ad632357",
+        "sha256": "14iryh8na513xzn6mbiv194b4cy9c7s8psax9fjfsxk19vvbg18v",
+        "type": "tarball",
+        "url": "https://github.com/ryantm/agenix/archive/08b9c96878b2f9974fc8bde048273265ad632357.tar.gz",
+        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+    },
     "home-manager": {
         "branch": "release-21.11",
         "description": "Manage a user environment using Nix  [maintainer=@rycee] ",

diff --git a/secrets/desastro/restic-server-htpasswd.age b/secrets/desastro/restic-server-htpasswd.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> X25519 zVlo+bnGEDR1JWSNfANI6OQ5WsyFMDi+eNy/kPgHjW4
+rbHd5SLOsWu/ESJcW2Lug0Z4U8eChg4wjByClxgj+z0
+-> ssh-ed25519 VgQ62A jMIGROXdT3zkUWVMFQ7rt0K3uJm9ZABXGoT1+N6pUFk
+y3vB/kvexSUEgT+LPuHAvJm5J8KAsJUofK0O6EzhDRE
+-> VTrt|cpV-grease ( W(PWn=G;
+TAg6K0npaG9u6Y+sTp7T+czKcQ7cwWZtZTc2frxXY5l17ggRV1a5iqatrVqswCxG
+I/m+x4tOspXmAyQdKSHKQeAFFUu7k9H8derHmcgSgTYb3+R36w
+--- MZQ3Q53EpperC1/mjbIfftEZ+jjExlorI6BrIgnvf3I
+{X��
���0#gT������X��p��w��N̯:N_�3�
J�eY5�}�Bh�5�R?��
���<|�T�9U+
\ No newline at end of file

diff --git a/secrets/desastro/wireguard-privkey.age b/secrets/desastro/wireguard-privkey.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 /iSaCxJgWh9JeDOsq1xjbF50NUKmlWtOqRKFc8yxt2c
+O10ZbUinsXQ67hpZsginZsKG0f3SbtWIjdWTy8xWcsg
+-> ssh-ed25519 VgQ62A TIg+U0g6h1RYQpyO+Lcj0+Jl4pHTKfwCW+zLIq9hbDo
+j6ietbyMzknx5LPv6ScbiqdFCZYD+QOrUTKkWtgPIoY
+-> ]-grease ix PrZB @|W
+OSPfUA8wuYg0tGRkfTzgSuDehZIq28hn
+--- yKIG7udGo1PpieIUOZLc8Oj/0AEDiLcGuuGrCruMp7o
+�g�n�Nz�G���>��U�J�rڋ�y��Q������1p���6\��� ��*����c'��<Vt�k��i�GxE+
\ No newline at end of file

diff --git a/secrets/lollo/restic-server-htpasswd.age b/secrets/lollo/restic-server-htpasswd.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 4Rl3p6M0RjbQaboC/zZVH4/C4MG/FkZ1dMdjMUYLLk0
+JLFrsi/T8NUP71IchxZDAYFUMi5oKl2WEuLDn84CZ8Y
+-> ssh-ed25519 2LuoZg RiUxLGI4aEILPIsoCXgDcHs86ghju6Qk4kf8K0GXRW8
+Y93KLwwStbep3NUBeFDX/lPTs9R1NnE1GBXBV30X17I
+-> 1H>J-grease
+O1sXhbHnFBkFAkbKeVG6tSAur13MsxxL8A
+--- y4DRSOLIf8e5PMeVSz7uv2Pi2DSf5m1KhEGphKifMno
+
V��N"v
���<Q@�.�t�#_b��
�w�̢��$��g�����,Ӹ�w�ꉴ������,�R��+
\ No newline at end of file

diff --git a/secrets/lollo/wireguard-privkey.age b/secrets/lollo/wireguard-privkey.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> X25519 XZS1cXN0WfaWFq8RODjglJfbGW4oqbB2EAfq1nfYNW8
+7MBMcPu9H6cmUIHrCVNUnsUfrtxh2fOEJCNfbpx/YlA
+-> ssh-ed25519 2LuoZg O/2cqawp/VTaWwIwqljcQvp2hwd8O4v6eTI0eyPrfwM
+ANDG4A/as0zR1VYrbX5RWv53fTOGzOshoxl5rC/b36U
+-> x4N<-grease /u0IUe#2 OD xlx3g>wr
+inJA7/TRlSTjArO1
+--- +D4kxEwNxS0bKaFARa4o0owDEnROJVNL8OvwzDrrDZA
+z�K�K�Ԯ�9�a�����R�~�'�������.� ѷs��T3�A��'ׁ�
+�q���?M�"F*���&i+
\ No newline at end of file

diff --git a/secrets/osterei/radicale-users.age b/secrets/osterei/radicale-users.age  Binary files differ.

diff --git a/secrets/osterei/restic/gitolite.age b/secrets/osterei/restic/gitolite.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 ZvFYeGuS9ZWA4JQr5ay1YhlSqR0nO/SYZ7ne9zhvfjM
+PW9dJ//TgqInK2Dntnp2cTjKbFQVG7eEhSuByShDxM4
+-> ssh-ed25519 YtLkIw oaBb7jSjaBaid43h1dAPZudXtuS4pa9ni09F9p+m4Wg
+1k2onQybhzTfyKVb8+BiapPQ1MbZdb4rX3OpntRavGI
+-> p'-grease
+6NQXOlE2ZNyMucjmgPsulUYhm5RJP9wxCQIIAJZLBLVp
+--- +XXgCDrLrAQOSRbVKdqSkDpE5JoHuinC23+Fs22tzXQ
+N�em
�b������|��j����^A
�F��� Tj+	���<�6�=�4���+
\ No newline at end of file

diff --git a/secrets/osterei/restic/maddy.age b/secrets/osterei/restic/maddy.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> X25519 8iGBgE4JZrbZfL9kUQGd6QuYluEfq5WRnPt74RvUnU0
+xdUdYbj7EaHRRbdJBC604C9qBXhpIJv+yjYS1CFce58
+-> ssh-ed25519 YtLkIw hZ4L+B0NopEK4lT4DBpvl0zYU4N+K2VsWxZkosLUaFY
+h4HIaiiszWbY/XZE7aLcUBu6+Yt7OxgYDsG7q6MxssA
+-> igV_gu-grease MFIN@o3U RIi&6 @J
+Ze0PTFyt9F0GynbhlGINSj2a2vopD+EwHJpOaybYBsRlBYuMSERnpNCe7+4K8IsF
+HnLzz4/x959DV3FhaoVePA/ZPk4
+--- wRp6OFXz3CzjHUNL7EB9CpD6krMEQ87a6vdWhpDmRJo
+�*Ml��![� aN([��$<X��
+�\ȃS�ha������j�rٔ�|�IL�9)oM+
\ No newline at end of file

diff --git a/secrets/osterei/restic/matrix-synapse.age b/secrets/osterei/restic/matrix-synapse.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 vEhC7JRyaNmdHWKvYE8EXva3IARKGLrvpXRomcOpkDY
+2hkSe2YCorPJmqoVYsScFTVLHaQef+x+HjAJlIJc6R4
+-> ssh-ed25519 YtLkIw qtq/0SyrMyX8/97aSYu679ACgR+9VthgupRFXZ/Wol0
++sCWLtJi9l8M89T1sKnmndc/gLytqeBM/o9Z0POARTE
+-> d-;-grease
+C6U
+--- 0zkenUVy5jznAyhJTLhCEcAXdITXQCUPCRRSQFD8eik
+C��3��9�_�*�[-�f8��␡�����8�s����I=�t;�R1��$�H+
\ No newline at end of file

diff --git a/secrets/osterei/restic/oeffisearch.age b/secrets/osterei/restic/oeffisearch.age  Binary files differ.

diff --git a/secrets/osterei/restic/pleroma.age b/secrets/osterei/restic/pleroma.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> X25519 gXbUgZAQr5ogXZ6AKm+bHtec5lyfJB8kF3Iho7P3xVU
+NHYtPHTl5VVzhYxcywzQwjrsQZHBgQ0rT00chd5SRi8
+-> ssh-ed25519 YtLkIw oLyLxU7+B3Qq9TVdArCcDvWUmQYCqK85hwUXnAeqSwc
+p/SbVCZYOboIYYpX34k/vITurdgj3XcIs1qrYz66aUE
+-> >L7r-grease
+x5J/QsrLTOlxo0Q
+--- N0D3eUZ6e0qRnORKcSzJ7/TZvE1o3GwgBja/EntNRWA
+��2��[��OA�+���
+���&ةM�Nb$�Tֺs�4�XFt�3�)ݯ@w�<�u4+
\ No newline at end of file

diff --git a/secrets/osterei/restic/radicale.age b/secrets/osterei/restic/radicale.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> X25519 +OIlolllR165vw9i7FTcHihgaYuiVwsmgk+R5pl0qyA
+/aMC9QMm40Ck+/6WrEU6JkXr3lcMG9w8DdImnm2lAwE
+-> ssh-ed25519 YtLkIw XXGQUflhu52HvS3GLPborfMnyN9ZdvA6KFYR1ODex0Q
+rL30l8xrb7gwjJ0ludrn/TNCtl7g7L2FYALAuj9WopI
+-> Q-grease 0{3 NKSj ua_~ Vevv=
+r70LzDQlVGI3pAPLOqhgs3DVsqGWpUj1IDEyeTlP0uJREh+tpu1pm17mCFArJ4yS
+lKAurHTvYeMV16+z6PZLSeMwWr7RFQ
+--- 4ZZO/Upho3fDGNVyv2lKzb70789OJcZP/sZnXBj8Mq4
+����A�z��jz�!����d�4��d�
A�m^Y�N#��֟I�qO���G �Y��+
\ No newline at end of file

diff --git a/secrets/passwords/leah-at-f2k1-de.age b/secrets/passwords/leah-at-f2k1-de.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> X25519 5tf/hLJqYiwD6nHje0Y8yc02MVxbmeEDIDrJulfjAko
+S0R3p9C9lkUObXVDy4+Z3vu01ctYy/rLJYVvGyBskeE
+-> ssh-ed25519 YtLkIw Gsw1IGVOgqeCVOmq1O8AeCU/E/n31ypY8d8s6EAWpW8
+o6WASsYe00wyx2HDJHjMNCeTqXHQWFHzx3+Tmw32Fio
+-> ?DiO-grease U
+tosSvBjo9v9QVN4C1BCMxbGfon3I9YFwWMDqT9b15awjDtDaTzlWpDOAk27peUuV
+lECmgwdGwdh/cEI203DA
+--- DuUeZzfI/h3Ydkx0DVcq2fttJfPGRa1Ybqg0H6dYiWM
+��O��FƼ�ܨ�m��1�f�,|H��T�ygI�3+��Ҥ
�.��À��+
\ No newline at end of file

diff --git a/secrets/restic-server/desastro.age b/secrets/restic-server/desastro.age  Binary files differ.

diff --git a/secrets/restic-server/lollo.age b/secrets/restic-server/lollo.age  Binary files differ.

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
@@ -0,0 +1,38 @@
+let
+  leah    = "age1mn57hntgx775kwcwx4jrrd7rfl7z4wl54kqtgq8w2kzg7agz7alsv5eesw";
+
+  #servers
+  lollo    = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPNCdn6aHCgxG1tq5f0XPvQ+lIgsQ/3gzT6FNvokOIgX";
+  osterei  = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPrsl0Ele8PvhVrLj0OnpP8GCuwNCZ0e8+P4FQnoGnmQ";
+  desastro = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEniZFbgj9w7fQ+MhTnE83MatgcuDI7c7qqx05DTQcun";
+
+in {
+  "passwords/leah-at-f2k1-de.age".publicKeys       = [ leah osterei ];
+
+
+  "spotify/username.age".publicKeys                = [ leah lollo ];
+  "spotify/password.age".publicKeys                = [ leah lollo ];
+
+
+  "restic-server/lollo.age".publicKeys             = [ leah osterei ];
+  "restic-server/desastro.age".publicKeys          = [ leah osterei ];
+
+
+  "lollo/restic-server-htpasswd.age".publicKeys    = [ leah lollo ];
+  "lollo/wireguard-privkey.age".publicKeys         = [ leah lollo ];
+
+
+  "desastro/restic-server-htpasswd.age".publicKeys = [ leah desastro ];
+  "desastro/wireguard-privkey.age".publicKeys      = [ leah desastro ];
+
+
+  "osterei/radicale-users.age".publicKeys        = [ leah osterei ];
+
+  "osterei/restic/gitolite.age".publicKeys       = [ leah osterei ];
+  "osterei/restic/pleroma.age".publicKeys        = [ leah osterei ];
+  "osterei/restic/radicale.age".publicKeys       = [ leah osterei ];
+  "osterei/restic/matrix-synapse.age".publicKeys = [ leah osterei ];
+  "osterei/restic/maddy.age".publicKeys          = [ leah osterei ];
+  "osterei/restic/oeffisearch.age".publicKeys    = [ leah osterei ];
+
+}

diff --git a/secrets/spotify/password.age b/secrets/spotify/password.age
@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> X25519 YZ1KUKysoB7gK75bhU1eEd2vIYN/1/bDdMPTJSXzlRQ
+YvfHc0yf7cNKimrZXJMEVSLef8x4NTh3MLOCckgUIjc
+-> ssh-ed25519 2LuoZg MNCff74K08P73BjWlQvPv8BFnpP9KkAo0cvQuBLVBwQ
+wE9NzQMlOS4m2L62iLvvgNLYIA7nChfgtBHmfA+nOj4
+-> ))-grease KUe$@_a
+P6W6Ub1ANFjh6fMDN1ug6B106Q8Mk0zCiYrkQtbyVcnR29kyL+IjXMaeqOMD1McI
+Upcfc3rlRxh2aXx7/wkq7FnJr8k44Lr0pYoTxXjLcFnchEC1C8uwBeY/Avyr9qnW
+z5I
+--- 4RKqfrcBlI06JO3unhfRUCFhmgdeK63ap0iuQwVx2MM
+9JYi$�G�(���
+�
+��� X��ב_�1�oKO�4��B��w=�*�6G+
\ No newline at end of file

diff --git a/secrets/spotify/username.age b/secrets/spotify/username.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> X25519 6D160j7+Gc0T3XtqNcYdkzD9V4VjsTSopBieWaX6BDk
+PTPd/1bk4vA5geg2/LjvkSvbfUsfLXSa0Z55RDCCSbE
+-> ssh-ed25519 2LuoZg /cleVR/nEHekyVrAN/2VmNfH/CM9cDIIsywDZZjwAG8
+3aleiCNAFoEmx57mhBFlQiR1+xA/kD7ILL4fr8jNDv8
+-> g,=|PPZ-grease
+M/HQ1g+TEwN6GWjlKlRtZiDcQ8U4pycWW7uveSu8J7wyIfRWlcxz0TVBQZA1hqrv
+xRB6h5QibHgIYezkyZ7svNAr4APXG1+tODAO0qPzTcDLm8GsAFdzXQ
+--- oB4sLRUpoUoQ0jULSTFgNakgHnrmQhnFVthbgEo84Uc
+��P���}l{��ޏ�z�0)�$dj|\���1����,��@nh\++�m<�'�_�<�+
\ No newline at end of file