commit c3cd8bf7c353b38c8aa4c460e9e4fcb2b73feca9
parent 73a21185270784bb1a1b0c4c0705d8bb7e2863e8
Author: Katja (ctucx) <git@ctu.cx>
Date: Tue, 3 Dec 2024 12:02:53 +0100
parent 73a21185270784bb1a1b0c4c0705d8bb7e2863e8
Author: Katja (ctucx) <git@ctu.cx>
Date: Tue, 3 Dec 2024 12:02:53 +0100
machines/trabbi: move `mail` to `hector`
15 files changed, 235 insertions(+), 257 deletions(-)
A
|
179
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
D
|
188
-------------------------------------------------------------------------------
diff --git a/machines/hector/default.nix b/machines/hector/default.nix @@ -24,6 +24,7 @@ # communication ./fedi ./matrix + ./mail ./syncthing.nix
diff --git a/machines/hector/mail/default.nix b/machines/hector/mail/default.nix @@ -0,0 +1,179 @@ +{ inputs, pkgs, config, ... }: + +let + mailAutoConfig = '' + <?xml version="1.0" encoding="UTF-8"?> + <clientConfig version="1.1"> + <emailProvider id="ctu.cx"> + <domain>ctu.cx</domain> + <displayName>${config.networking.fqdn}</displayName> + <displayShortName>${config.networking.domain}</displayShortName> + <incomingServer type="imap"> + <hostname>${config.networking.fqdn}</hostname> + <port>993</port> + <socketType>SSL</socketType> + <authentication>password-cleartext</authentication> + <username>%EMAILADDRESS%</username> + </incomingServer> + <outgoingServer type="smtp"> + <hostname>${config.networking.fqdn}</hostname> + <port>465</port> + <socketType>SSL</socketType> + <authentication>password-cleartext</authentication> + <username>%EMAILADDRESS%</username> + </outgoingServer> + </emailProvider> + </clientConfig> + ''; + +in { + + imports = [ + inputs.simple-nixos-mailserver.nixosModule + ]; + + age.secrets.restic-mail.file = ./. + "/../../../secrets/${config.networking.hostName}/restic/mail.age"; + age.secrets.mail-password-katja.file = ./. + "/../../../secrets/${config.networking.hostName}/mail/password-katja-ctu.cx.age"; + age.secrets.mail-password-gts.file = ./. + "/../../../secrets/${config.networking.hostName}/mail/password-gts-ctu.cx.age"; + age.secrets.mail-password-vaultwarden.file = ./. + "/../../../secrets/${config.networking.hostName}/mail/password-vaultwarden-ctu.cx.age"; + + dns.zones = with pkgs.dns.lib.combinators; let + TXT = [ "v=spf1 a mx ip4:${config.networking.primaryIP4} +ip6:${config.networking.primaryIP} ~all" ]; + DMARC = "v=DMARC1; p=none"; + MX = with mx; [ (mx 10 "${config.networking.fqdn}.") ]; + in { + "ctu.cx" = { + inherit MX TXT; + + SRV = [ + { proto = "tcp"; service = "imaps"; priority = 0; weight = 1; port = 993; target = "${config.networking.fqdn}."; } + { proto = "tcp"; service = "imap"; priority = 0; weight = 1; port = 143; target = "${config.networking.fqdn}."; } + { proto = "tcp"; service = "submission"; priority = 0; weight = 1; port = 587; target = "${config.networking.fqdn}."; } + ]; + + subdomains = { + autoconfig.CNAME = [ config.networking.hostName ]; + _dmarc.TXT = [ DMARC ]; + "mail._domainkey".TXT = [ "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKryfX99NkcU5Xe4AmG+kO/sfuYSXk5RqJhzxS4uMqERE8UszgEGdteXcD8pqON2MfDmA3G6cA+Oa+N4tIWdIYNwTISVXXMGdHvjFIsVUEW0turM104tXESELaPRntkCvDBk/yOgsBDRZQHSx5MdGwpzeRC8TLdCbalh3W0jp5PQIDAQAB" ]; + }; + }; + + "ctucx.de" = { + inherit MX TXT; + + subdomains = { + _dmarc.TXT = [ DMARC ]; + "mail._domainkey".TXT = [ "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5fu690bKYCZLPAFfQQK+nl+aAmtetaWBKCWzGj6pt7HjpFjystgtgnQ6+DZLFXWUp8GRfMEycySB5kQULtYtSMUmx0gQBnTTLsRj+e55/CYUllLV6YXb5uca7LuVhlWPpH3sCr6TvC2VFWe4t0UC3uIXhYPrCm6p8OE7g+TdHHwIDAQAB" ]; + }; + }; + + "thein.ovh" = { + inherit MX TXT; + + subdomains = { + _dmarc.TXT = [ DMARC ]; + "mail._domainkey".TXT = [ "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8oumqNkHboF/S4dnKue+hEC3V226ToMmL/fmXqbAhsW88m+jUuLgZE8Nl7kc/lzD9yY7JmCXcWFzoLJWE8xusfmT1yMOW9sQmee7g0tHsm1fVqFMUetmC4+QuqAdvjIGU5QndjdWHP/gssIoLPT7lCNUL4/lkaPmFiiDyvaMpkQIDAQAB" ]; + }; + }; + + "flauschehorn.sexy" = { + inherit MX TXT; + + subdomains = { + _dmarc.TXT = [ DMARC ]; + "mail._domainkey".TXT = [ "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvEPR8068KtlsiWiexSPWqagKmd07ggGvDcYICzOvhxVB0MDrn+/VYIXEbVX0Y9z60oT1ynjkhFjDWEofk11EoXwrg7xjkqZuszDrhdYqUnoLrzlugmnK4jXO3cAD0qeblX0rDmu30cmPP1Aj21tLTU6loYpORY+y4VaVfwtHswwIDAQAB" ]; + }; + }; + }; + + security.acme.certs."${config.networking.fqdn}".reloadServices = [ + "postfix.service" + "dovecot2.service" + ]; + + services.nginx = { + enable = true; + virtualHosts = { + "${config.networking.fqdn}" = { + enableACME = true; + forceSSL = true; + }; + + "autoconfig.ctu.cx" = { + enableACME = true; + forceSSL = true; + locations."= /mail/config-v1.1.xml".return = "200 '${mailAutoConfig}'"; + }; + }; + }; + + services.redis.servers.rspamd.bind = "::1"; + + services.dovecot2.sieve.extensions = [ + "editheader" + ]; + + mailserver = { + enable = true; + fqdn = config.networking.fqdn; + + openFirewall = true; + localDnsResolver = false; + virusScanning = false; + + redis.address = "[::1]"; + + certificateScheme = "manual"; + certificateFile = "${config.security.acme.certs.${config.networking.fqdn}.directory}/fullchain.pem"; + keyFile = "${config.security.acme.certs.${config.networking.fqdn}.directory}/key.pem"; + + enableManageSieve = true; + enableSubmission = true; + enableSubmissionSsl = true; + enableImap = true; + enableImapSsl = true; + enablePop3 = false; + enablePop3Ssl = false; + + mailDirectory = "/var/lib/mailboxes"; + sieveDirectory = "/var/lib/sieve"; + dkimKeyDirectory = "/var/lib/dkimKeys"; + + domains = [ + "ctu.cx" + "ctucx.de" + "thein.ovh" + "flauschehorn.sexy" + ]; + + loginAccounts = { + "katja@ctu.cx" = { + hashedPasswordFile = config.age.secrets.mail-password-katja.path; + sieveScript = builtins.readFile ./rules-katja.sieve; + aliases = [ + "@ctu.cx" + "@ctucx.de" + "@thein.ovh" + ]; + }; + + "vaultwarden@ctu.cx" = { + hashedPasswordFile = config.age.secrets.mail-password-vaultwarden.path; + }; + + "gts@ctu.cx" = { + hashedPasswordFile = config.age.secrets.mail-password-gts.path; + }; + }; + }; + + restic-backups.mail = { + passwordFile = config.age.secrets.restic-mail.path; + paths = [ + "/var/lib/mailboxes" + "/var/lib/dkimKeys" + "/var/lib/sieve" + ]; + }; + +}
diff --git a/machines/trabbi/default.nix b/machines/trabbi/default.nix @@ -8,9 +8,6 @@ imports = [ ./hardware-configuration.nix - # communication - ./mail - ./travelynx2fedi.nix ];
diff --git a/machines/trabbi/mail/default.nix b/machines/trabbi/mail/default.nix @@ -1,188 +0,0 @@ -{ inputs, pkgs, config, ... }: - -let - mailAutoConfig = '' - <?xml version="1.0" encoding="UTF-8"?> - <clientConfig version="1.1"> - <emailProvider id="ctu.cx"> - <domain>ctu.cx</domain> - <displayName>${config.networking.fqdn}</displayName> - <displayShortName>${config.networking.domain}</displayShortName> - <incomingServer type="imap"> - <hostname>${config.networking.fqdn}</hostname> - <port>993</port> - <socketType>SSL</socketType> - <authentication>password-cleartext</authentication> - <username>%EMAILADDRESS%</username> - </incomingServer> - <outgoingServer type="smtp"> - <hostname>${config.networking.fqdn}</hostname> - <port>465</port> - <socketType>SSL</socketType> - <authentication>password-cleartext</authentication> - <username>%EMAILADDRESS%</username> - </outgoingServer> - </emailProvider> - </clientConfig> - ''; - -in { - - imports = [ - inputs.simple-nixos-mailserver.nixosModule - ]; - - age.secrets.restic-mail.file = ./. + "/../../../secrets/${config.networking.hostName}/restic/mail.age"; - age.secrets.mail-password-katja.file = ./. + "/../../../secrets/${config.networking.hostName}/mail/password-katja-ctu.cx.age"; - age.secrets.mail-password-gts.file = ./. + "/../../../secrets/${config.networking.hostName}/mail/password-gts-ctu.cx.age"; - age.secrets.mail-password-vaultwarden.file = ./. + "/../../../secrets/${config.networking.hostName}/mail/password-vaultwarden-ctu.cx.age"; - age.secrets.mail-password-zugnetwork.file = ./. + "/../../../secrets/${config.networking.hostName}/mail/password-mail-zug.network.age"; - - dns.zones = with pkgs.dns.lib.combinators; let - TXT = [ "v=spf1 a mx ip4:${config.networking.primaryIP4} +ip6:${config.networking.primaryIP} ~all" ]; - DMARC = "v=DMARC1; p=none"; - MX = with mx; [ (mx 10 "${config.networking.fqdn}.") ]; - in { - "ctu.cx" = { - inherit MX TXT; - - SRV = [ - { proto = "tcp"; service = "imaps"; priority = 0; weight = 1; port = 993; target = "${config.networking.fqdn}."; } - { proto = "tcp"; service = "imap"; priority = 0; weight = 1; port = 143; target = "${config.networking.fqdn}."; } - { proto = "tcp"; service = "submission"; priority = 0; weight = 1; port = 587; target = "${config.networking.fqdn}."; } - ]; - - subdomains = { - autoconfig.CNAME = [ config.networking.hostName ]; - _dmarc.TXT = [ DMARC ]; - "mail._domainkey".TXT = [ "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKryfX99NkcU5Xe4AmG+kO/sfuYSXk5RqJhzxS4uMqERE8UszgEGdteXcD8pqON2MfDmA3G6cA+Oa+N4tIWdIYNwTISVXXMGdHvjFIsVUEW0turM104tXESELaPRntkCvDBk/yOgsBDRZQHSx5MdGwpzeRC8TLdCbalh3W0jp5PQIDAQAB" ]; - }; - }; - - "ctucx.de" = { - inherit MX TXT; - - subdomains = { - _dmarc.TXT = [ DMARC ]; - "mail._domainkey".TXT = [ "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5fu690bKYCZLPAFfQQK+nl+aAmtetaWBKCWzGj6pt7HjpFjystgtgnQ6+DZLFXWUp8GRfMEycySB5kQULtYtSMUmx0gQBnTTLsRj+e55/CYUllLV6YXb5uca7LuVhlWPpH3sCr6TvC2VFWe4t0UC3uIXhYPrCm6p8OE7g+TdHHwIDAQAB" ]; - }; - }; - - "thein.ovh" = { - inherit MX TXT; - - subdomains = { - _dmarc.TXT = [ DMARC ]; - "mail._domainkey".TXT = [ "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8oumqNkHboF/S4dnKue+hEC3V226ToMmL/fmXqbAhsW88m+jUuLgZE8Nl7kc/lzD9yY7JmCXcWFzoLJWE8xusfmT1yMOW9sQmee7g0tHsm1fVqFMUetmC4+QuqAdvjIGU5QndjdWHP/gssIoLPT7lCNUL4/lkaPmFiiDyvaMpkQIDAQAB" ]; - }; - }; - - "flauschehorn.sexy" = { - inherit MX TXT; - - subdomains = { - _dmarc.TXT = [ DMARC ]; - "mail._domainkey".TXT = [ "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvEPR8068KtlsiWiexSPWqagKmd07ggGvDcYICzOvhxVB0MDrn+/VYIXEbVX0Y9z60oT1ynjkhFjDWEofk11EoXwrg7xjkqZuszDrhdYqUnoLrzlugmnK4jXO3cAD0qeblX0rDmu30cmPP1Aj21tLTU6loYpORY+y4VaVfwtHswwIDAQAB" ]; - }; - }; - }; - - security.acme.certs."${config.networking.fqdn}".reloadServices = [ - "postfix.service" - "dovecot2.service" - ]; - - services.nginx = { - enable = true; - virtualHosts = { - "${config.networking.fqdn}" = { - enableACME = true; - forceSSL = true; - }; - - "autoconfig.ctu.cx" = { - enableACME = true; - forceSSL = true; - locations."= /mail/config-v1.1.xml".return = "200 '${mailAutoConfig}'"; - }; - }; - }; - - services.redis.servers.rspamd.bind = "::1"; - - services.dovecot2.sieve.extensions = [ - "editheader" - ]; - - mailserver = { - enable = true; - fqdn = config.networking.fqdn; - - openFirewall = true; - localDnsResolver = false; - virusScanning = false; - - redis.address = "[::1]"; - - certificateScheme = "manual"; - certificateFile = "${config.security.acme.certs.${config.networking.fqdn}.directory}/fullchain.pem"; - keyFile = "${config.security.acme.certs.${config.networking.fqdn}.directory}/key.pem"; - - enableManageSieve = true; - enableSubmission = true; - enableSubmissionSsl = true; - enableImap = true; - enableImapSsl = true; - enablePop3 = false; - enablePop3Ssl = false; - - mailDirectory = "/var/lib/mailboxes"; - sieveDirectory = "/var/lib/sieve"; - dkimKeyDirectory = "/var/lib/dkimKeys"; - - domains = [ - "ctu.cx" - "ctucx.de" - "thein.ovh" - "zug.network" - "flauschehorn.sexy" - ]; - - loginAccounts = { - "katja@ctu.cx" = { - hashedPasswordFile = config.age.secrets.mail-password-katja.path; - sieveScript = builtins.readFile ./rules-katja.sieve; - aliases = [ - "@ctu.cx" - "@ctucx.de" - "@thein.ovh" - ]; - }; - - "vaultwarden@ctu.cx" = { - hashedPasswordFile = config.age.secrets.mail-password-vaultwarden.path; - }; - - "gts@ctu.cx" = { - hashedPasswordFile = config.age.secrets.mail-password-gts.path; - }; - - "mail@zug.network" = { - hashedPasswordFile = config.age.secrets.mail-password-zugnetwork.path; - aliases = [ - "@zug.network" - ]; - }; - }; - }; - - restic-backups.mail = { - passwordFile = config.age.secrets.restic-mail.path; - paths = [ - "/var/lib/mailboxes" - "/var/lib/dkimKeys" - "/var/lib/sieve" - ]; - }; - -}
diff --git a/secrets/hector/mail/password-gts-ctu.cx.age b/secrets/hector/mail/password-gts-ctu.cx.age @@ -0,0 +1,13 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1TFdOVzlhc1RiVlNTTnRK +alNySy9KNHE1ekFLQ0huN0w1N3NtSGdoZkUwCkxKYjVBVTdJWDdSUXIvVXcxc0hV +MUluQTlaOHhnMTRUeDZuazRYTVBnV2sKLT4gc3NoLWVkMjU1MTkgeWFMSFNRIGRm +TTRtOUxjdVNUV1B3cXFadTd1MHZyeHF4MDlFWFB6MTk4Y2RRL2R3Z0UKM3d0SEQ1 +cWxZL3NCQzliKzhHdEJGRWlLT1NHNks0YU9rOEp2S1lCQWhqTQotPiB5fHwwLWdy +ZWFzZSB7PXoxMUVPCnFHbGJWbWFJOE5TcHZLTWIycGpxZVVtTjI0Sy9hd0ZoNWE1 +SS9vbU9KTERTMkV0aUlxWkQyUisxUzgvSnFYZnkKMEc4cmJLbnlCQy9CTkVoeERO +emo3N3BmYUdiNDYrYVVVWEVxQkdKdAotLS0gOS9TNVJHdXByMk8vWDBFcUNUTnZO +ZHd1OFAwMUhjOFhueStBT0hDNXlMVQpsftaRblQ1LwF/9vRqTFnY6pjFV3Dawooh +YBH5kTAnArfXstEZw0/D2QG3LmRVJ8eJuSq6ph4GUPd+yZgHAX0yztZ+zI2otnw+ +FUEGZLa9bp0FJMKQI3R7i32J8Q== +-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/hector/mail/password-katja-ctu.cx.age b/secrets/hector/mail/password-katja-ctu.cx.age @@ -0,0 +1,12 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1TlVUemU4V1EzMUZWbGYx +Y0dUVnpSQnQvZjc2Tm9Cb3FtZUc1N3VlTms0CnNLbWJtMHcyMkE2QlRJVnZmWnZW +a2RvNEN3MXYxdmlKR0ZyVUt1cnBEZGsKLT4gc3NoLWVkMjU1MTkgeWFMSFNRICtE +M2s3WHAwUXlEcWxaOW4yblAvREo4NU8vVE5PSG1JSHJoaWdHYTF2MVUKSFN1MUh3 +VlEvU1RtU1lDY0I0Q3RnN2xZempuZEJFWERjM1BlYkk1YXpvMAotPiBgOC1ncmVh +c2UgLWJWU1MlICk3Q2toW0kKQ24zNHNxWGV6YTh1cDFKblRFeWtYT1BlcUhSbHVQ +cXlTVnpSUkIzYXFONAotLS0gRzBnUnVWcDBPc1Y0bVRQYXJNTFVGYWI0MW04eWov +K2hBNlRNZ0RyMzFkbwpNMv/TrvIDXiRcnEC8VdGlg9EreubYvMXKXxGshnKd9X7q +yitoBnEW9zWdOm9QTOZOPA9JibrUdUkCRIpqc6Iwd4nfRUZmvSg2p69UXLiqDeFj +/ieFPlbPkuguip0= +-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/hector/mail/password-vaultwarden-ctu.cx.age b/secrets/hector/mail/password-vaultwarden-ctu.cx.age @@ -0,0 +1,13 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOc2Qrc3RnRHVwZ0xONGZ2 +VHpaWGQ3cEd0NEpmMHd0NjNORjNvM3ZQcjB3CmZrWkhrektUSkxNOEYwWUd0TTBV +OGVvZEpiMnJVOUZUVlFxY091VUdUYkkKLT4gc3NoLWVkMjU1MTkgeWFMSFNRIHNS +VVFiRDN0Z3NHMkdGbjNIVHRBRUhhaXpPVUFKdkFkQXVRWHVSQnBoZ3cKM0ZmR2ha +YzAxMm9haDRISVJkK3dhMmZjM2RNTGV4K2s1em92eUxoaGYxSQotPiBuLWdyZWFz +ZSAtQSBDO1ZuYklKQSByJiAzCnl5QTFDaEttNTVsTUl1K1Bhc1YxcGQwZlM4c3Ri +Z1FxZHRDMURKczJsMUIwdE41cUlaaEt3VXA0eUVSbXB6aUIKclZINUF3bEdtdGVr +TlF1YWJNclVpY3Npdmo0U01ZVUFyWE90V0lOR01qMAotLS0gV083RFdIY3hsbC94 +Ym9pN2ovMHIwYzcvT2c1d1haeEMxb0lBOUJENmM0bwrRovMShR3Aubv6bih+chjy +QMK+BZXolpwf8Lq/B+/a8Xnptc/YpQXDOcWBQ338hUzs3u3FY+xmuG8WPoKUvzeL +iuGkV6oE7Ibe1+72iAgWWEH3h1a0Iu/dhNZrPw== +-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/hector/restic/mail.age b/secrets/hector/restic/mail.age @@ -0,0 +1,11 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpU0VLVzFMYnozYVJLNGFI +ZE9IU2w2RXRZNDFnai8yYis5UnliV0N1eWxJCkY5a3BVYWUyRVVMZ2tqd0MyY0JE +SmJyY2FTditrR0dKR3ViNTZkTDFKWTQKLT4gc3NoLWVkMjU1MTkgeWFMSFNRIGJV +bVN4UU5oN3JKNVZWVVdDWEE5VUtJeTRuZ0g0enVuNDBwbGFiUlFuMjQKRkFJcldi +U1J4TEUrUTBVemt1cmdnUUhkL3RPOXdYUEpjSTdvaUpaYWNTTQotPiBWImZfeHFR +aS1ncmVhc2UKRGJ2SkcyK2xGL2xraE1Tc1RoVE5pQTRWcmsxbEpuMmxINmdJQnkz +YllsUnN1dy9GZUpEbzVXZ3d4UWtBeHBMMwpoQQotLS0gZjZEdmRwNnduM2pSSVFK +QnhUbDJKWTljcHBXaDVQSVdmZGhLc2dZZzRISQpwLsX9aJGiuAlj7LJq0fqNaWMP +PjBTxajmpCTbLnnLEvICiNLxnDJ79ZIxqXFSali/CDVUCLcMFfob9MsPbW7zFA== +-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/secrets.nix b/secrets/secrets.nix @@ -67,15 +67,8 @@ in { "briefkasten/restic/syncthing-wiki.age".publicKeys = [ main-key briefkasten ]; - "trabbi/restic/mail.age".publicKeys = [ main-key trabbi ]; - "trabbi/travelynx2fedi-env.age".publicKeys = [ main-key trabbi ]; - "trabbi/mail/password-katja-ctu.cx.age".publicKeys = [ main-key trabbi ]; - "trabbi/mail/password-gts-ctu.cx.age".publicKeys = [ main-key trabbi ]; - "trabbi/mail/password-vaultwarden-ctu.cx.age".publicKeys = [ main-key trabbi ]; - "trabbi/mail/password-mail-zug.network.age".publicKeys = [ main-key trabbi ]; - "wanderduene/syncthing/key.age".publicKeys = [ main-key wanderduene ]; "wanderduene/syncthing/cert.age".publicKeys = [ main-key wanderduene ]; @@ -87,10 +80,16 @@ in { "hector/restic/gitolite.age".publicKeys = [ main-key hector ]; "hector/restic/gotosocial.age".publicKeys = [ main-key hector ]; "hector/restic/matrix-synapse.age".publicKeys = [ main-key hector ]; + "hector/restic/mail.age".publicKeys = [ main-key hector ]; "hector/syncthing/key.age".publicKeys = [ main-key hector ]; "hector/syncthing/cert.age".publicKeys = [ main-key hector ]; + "hector/mail/password-katja-ctu.cx.age".publicKeys = [ main-key hector ]; + "hector/mail/password-gts-ctu.cx.age".publicKeys = [ main-key hector ]; + "hector/mail/password-vaultwarden-ctu.cx.age".publicKeys = [ main-key hector ]; + "hector/mail/password-mail-zug.network.age".publicKeys = [ main-key hector ]; + "hector/radicale-users.age".publicKeys = [ main-key hector ]; "hector/vaultwarden-secrets.age".publicKeys = [ main-key hector ]; "hector/gotosocial-env.age".publicKeys = [ main-key hector ];
diff --git a/secrets/trabbi/mail/password-gts-ctu.cx.age b/secrets/trabbi/mail/password-gts-ctu.cx.age @@ -1,11 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNQS9mY29IUzVvWnRITTh0 -ZUNtWVNPM0NZR29HYlVJcUdJT212SVZkRVJVCnlFODVEcUZ0UnczOE9XK2ZxUmVJ -QjYxb3ZiWVF5WHFPRGI1bTZPUEwrRncKLT4gc3NoLWVkMjU1MTkgcThvY3pnIEdR -cFplVjBkbjdDNHA3UVFLUmFDWGZRTmJyM2tDYldobU93eEFEWmY5RVUKSkpzS0VS -K3ZjNEJ5WVpBTUJ5UXhKTXRKM0N6VHc2Q0NBTG52d0dpQ1RSMAotPiBFKC1ncmVh -c2UgTlR1Uis2diBnYGkgKXNqIFVcVGArUnwKQlYxdWhMZEFER1AveEx6OUNZaFp5 -NUEKLS0tIDBnVTExRVlpbUV5aFU5TWt0TFErTE5ZUEFKSlRialhqd2hybzZqZlVR -ZHMKMl84zfSd+d5KyOWR1nrvy9Dd5pdxemQhRibSZ4qZpcZgait6JD60IA7sQsF3 -jXcOHX5+jP49Mmzzgloy/uUYJ/nupA4Ymxbih4tOgLORCUttzW+ypvSpuRIT1jI= ------END AGE ENCRYPTED FILE-----
diff --git a/secrets/trabbi/mail/password-katja-ctu.cx.age b/secrets/trabbi/mail/password-katja-ctu.cx.age @@ -1,11 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkWjBVVVJtQVhwK1hFYW5s -NjYrTUhPMlMzMDhqYW9QRFhjTVZMQ2RCSlYwCmFFSVVpbUgzVG9tRVBZOElwNzZQ -V0JnM0RwSXF3bGZzRGhQTElTNkFEaDQKLT4gc3NoLWVkMjU1MTkgcThvY3pnIEtp -ZFFUMnFYd214eER1MzFUd20zQWpHcU5CQjkwYk94RzErQ3F0dHB0SDQKb0VMKzhi -SXVWMlF6Nk05Z3hMNmk3clZKSm1IaFBqTUk3S0JGazQraDRQcwotPiBCVC1ncmVh -c2UgVHJFTDJaIGs0XF9OR2cKTDNvCi0tLSBaYlc2TWhxRDRIdWhaVW92MGFHZ3B4 -cVRNNXE1V3V2MWlsbUxrSHJJNWZBCm3luiXKMkvRHtzAwFfXhOFmsTq/+113C5fS -YcITBCNjIJd4wYBHjp+heiiMM0ESTmuMmDb2P1oFyTC3jekvDTiXfo/RNN6ufUtC -SbxzSY3kI6HstTLdxKbpmw6HdQ== ------END AGE ENCRYPTED FILE-----
diff --git a/secrets/trabbi/mail/password-mail-zug.network.age b/secrets/trabbi/mail/password-mail-zug.network.age @@ -1,13 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnSm9MeVR0TWx1R1Z4V1l3 -aWZlWldPZEhzbDRmYjcxcmV0dmt6MVBMU1ZJClBVOTBrR1ZwVUUyTXNkWFVabGhL -cXBOd1Rsc2ptQkszZnprckcxeEhjbTQKLT4gc3NoLWVkMjU1MTkgcThvY3pnIDJU -empYQTRXUWM0SFBNOUE2MW1Xa25zNGw0MVdMWWw5U0pIeVZJbjBCU00KTEpWUEtP -WVRLcDZtVlZibFVtVCtuSnBGM3hzcE1ZeVY0RVZHZ2JFcm9wcwotPiBbOD5dIXkt -Z3JlYXNlCjJXaWpIU0VIcC8zei9NbXhvd0UvSWNpc3lnb1E2ekI0dkdQeUNVVlZn -cGM0L25SSzFKbHZUbEJmMGpBektBQlAKdVlZZTcwUjFkQkxFU3gxK1BwVFNJK1h0 -dGFyeXZKV2NSaDFXUjdiRDl4ckRxL1lORnIyTkIyOE9PbFhmN0xZCi0tLSBDN1ZK -V2JLL0hETmdKQU9GU2tYRGt1VHd2dUdjRHhWOW1nY1JEdEFmcEJ3ClzB8iIUYXsm -mM5OwAb1ofJkCAIZar+ul8MNgdBTAanCEh1ToN9f1P68zWq83UjzpPIZRrfCPnH5 -3AIhVrJeQE1d3sITUYfILoR6t/b19r3NlSbQa18+ozrfQYhFlA== ------END AGE ENCRYPTED FILE-----
diff --git a/secrets/trabbi/mail/password-vaultwarden-ctu.cx.age b/secrets/trabbi/mail/password-vaultwarden-ctu.cx.age @@ -1,11 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1dCtzaFdjRlVKZnZUQS9v -VDdFVWQ1QldCYkFsUHpOcFJpL0pKb1M4dm1RClN2RWVlbEIwbXJCOXdUV1duZjQr -YUpxNVJ1Z0JqaXpCRUdvV2taOEJVVUEKLT4gc3NoLWVkMjU1MTkgcThvY3pnIC9n -d0pwL1cwUEJsWDBHSjVPZHFmVCtNNlM0bkl2RlJWWmorV2VQSEozVVEKNmpwQ0la -c3hyT2ZXa2tVMVZZKzhnckVXRWF4WjhPOGc3OGpJVGZhZURHbwotPiAsYEs8dC1n -cmVhc2UgYlE6CjM0RFE1dFMwOVgzYWFOOEhpcjlQCi0tLSB2am1KUzhvUzBtU3VB -N1NHSnA5MC94azA4Zm1OcmRGd29FWHJBTHNpRU93CkDUvBzbMctpZbWnn3cZJm96 -bsgw49b2WmKGy59sAVCQoQhf5mcKgB8ZeqgZw1+moPmYGhNtSzEVewJfWz/eXLwR -9F9X5rjE+emBZxnLzAbWXSo5S6FZLE7Cf7nM ------END AGE ENCRYPTED FILE-----
diff --git a/secrets/trabbi/restic/mail.age b/secrets/trabbi/restic/mail.age @@ -1,13 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtdGlXaGR6NG9VRkp1ak43 -a1g4bVUvdlNKdmxqRUZzWnZRUlBVWFZuT3owClhhdVVXcHpXYUtEQUVVOXZaWVRo -R2lMUUtlOCt0OXBTOHk4OU0vdDVaSlkKLT4gc3NoLWVkMjU1MTkgcThvY3pnIEYx -MGVWLytUOFJEUjFFbm5raXNFcGp0N0o3TDJBVURGY0pCTVo4TlF1VVEKNUNYNkRt -T2dYS1Y5WGxjMFJ4OUdmTytLcmFPUVVySlV5N0cyTm9NbXg5TQotPiBTbnBqJ24i -LWdyZWFzZSA7RmNnIE5CTjxzSSBNQCUiakEKQyt6SEZOZ3NHcEp1OHRQbXc5NlFx -T3BsWlZXRzFMN1FvNGNJaDlhVDdGYXQwZDJ3WkV6YmR1ZjA2TXVGZUx6bgpMWXBD -czUrb1BieFFnK0FqUFJCQU02LzdScktjZlhJdHlHR1FZRHUyT2c5RwotLS0gWTRk -eHpHSEZra1UrS0tnRDlJOGhzQmdrUVcyWHpCbWE3QU9XT2pqQ253SQqoe//e4Y0O -iHgzTbZXyr8Nw8eYReSzeSTX8IzWtlONoSV7fZwZOm4FrPTV9yxgwe6tjPYPm6kD -L6j9b+c84bO+uA== ------END AGE ENCRYPTED FILE-----