chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 04:39:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

Revert "devices.vps4: drop"

Browse Source 
This reverts commit 0030a7f35c.
This commit is contained in:
陈浩南
2025-05-16 10:44:44 +08:00
parent cc28a59bb7
commit 32202a3ec1
10 changed files with 177 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.sops.yaml
View File

@@ -1,6 +1,7 @@
keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
- &chn age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
- &pc age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
- &vps4 age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
- &vps6 age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
- &nas age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
- &one age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp
@@ -15,6 +16,8 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
creation_rules:
- path_regex: devices/pc/.*$
key_groups: [{ age: [ *chn, *pc ] }]
- path_regex: devices/vps4/.*$
key_groups: [{ age: [ *chn, *vps4 ] }]
- path_regex: devices/vps6/.*$
key_groups: [{ age: [ *chn, *vps6 ] }]
- path_regex: devices/nas/.*$
@@ -43,7 +46,7 @@ creation_rules:
key_groups: [{ age: [ *chn, *test-pc ] }]
- path_regex: devices/cross/secrets/default.yaml$
key_groups:
- age: [ *chn, *pc, *vps6, *nas, *one, *srv1-node0, *srv1-node1, *srv1-node2, *srv2-node0, *srv2-node1,
- age: [ *chn, *pc, *vps4, *vps6, *nas, *one, *srv1-node0, *srv1-node1, *srv1-node2, *srv2-node0, *srv2-node1,
*srv3, *test, *test-pc ]
- path_regex: devices/cross/secrets/chn.yaml$
key_groups:

1
devices/cross/luks-manual/default.nix
View File

@@ -7,6 +7,7 @@ let devices =
"/dev/disk/by-partlabel/nas-root4".mapper = "root4";
"/dev/disk/by-partlabel/nas-swap" = { mapper = "swap"; ssd = true; };
};
vps4."/dev/disk/by-uuid/bf7646f9-496c-484e-ada0-30335da57068" = { mapper = "root"; ssd = true; };
vps6."/dev/disk/by-uuid/961d75f0-b4ad-4591-a225-37b385131060" = { mapper = "root"; ssd = true; };
srv3 =
{

BIN
devices/cross/luks-manual/vps4.key Normal file
View File

Binary file not shown.

144
devices/cross/secrets/default.yaml
View File

@@ -38,130 +38,134 @@ acme:
nginx:
maxmind-license: ENC[AES256_GCM,data:MtmNo6hHlU75N6PvzF7P5i6Q+myV4Keb1JRXVeHxTennNpKfAndsKg==,iv:DqM91JX+1WX8Zqzha2Tm3ztFaSzKYQg+b9NvUm+6jxY=,tag:XnDTBL9MA/B8XfPZqdk7Eg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNYXJaRi9tSUZNQ0hUek9U
L3lEcHRDZVMwanB0WGlZbVBOU24vQyttZms0ClZ0Z0N4TXZWbnZpQVQzT2pGV2Ny
ZG5RcDlWb0lub1k2aGRXQTQ0UExZczQKLS0tIEQ1eTdXa0hkcCtzUEpCUm9oc3NJ
UktFMXVBVXBKQWdLUGd6b0h3THRhNlEKWN0TS7ob/IJdzhY5IRXOK90fHmL81BJu
o9P58YL70gB96iF187DHgfhLvidqKMiENLK3vZ3yi0vrriko2x5zWg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBybzlLejVkdDRmK3o1SHdN
QnI0OU1INXNIWnVJSWpyV2Y0bFJqVnNwbVZ3CllGSWN3NXFoaEVkR0xyejFnOVZn
QkFMc05tOVNOQmZGbXh5dUUrNWdWVWcKLS0tIHlQeHV5Wm42RXhKRG4ycFVUSXhn
TkZiVHo4a1U2ZGtwN1VJM2t4dC9ZQncKhJU0qM3frLFMT2BbYuYpbr29N/Hmw3Te
vcE1DQ4VKAyOOURYsVJNBf4C+otLzzZipPhXvBXC3V8TyKw/ziG+nA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxOVNoTjFTcWFxWnA2NFJz
S3ZOM1kxL1ZxRStZaDZleW1ZNjdnR2F4d25JCnhFdk52cnFWU0FFWTJaT21odHpH
NkxnbjZac21VNFhKM2llVEhZL1VEK3cKLS0tIEhIOUVwdjFyeFlST0tsNVVycWdh
alJWRWNpNGNWY3QrNEFKZVVPY0kyTEkKVLuMgMPU+I/66A1s1SGRar4W2ehPd3bS
Cowc/CrwwXvMDmKlRDY6qNLOOgelsjSHe/UoF+sAy20pvW+xa2Q/IQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyY2lxUUloNW5jQk5NWkQr
Z3pSNTVHQWVUaXFEdk1jdlpmSDR5ck9UZTJjClJkZFdyWWpUbjFKbTVROStiTWxt
Yk5DN3lkUEdqeEd1OGE0bGdyNjJJMkkKLS0tIE4zYkllUzh2Ymx6cnNxbGZvazZt
bXo3NkwwNmpCc3F0blViQjNsak03M1UKvuE06KjzK0YIMBbxq9JjszpWjKqhjxph
LGAMjPrWz8EfPVtdISPt2tIXM67TxnGqC+nCNlLO9IIg3DskFfsVtA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDZ2VYZ3dpS2NSeTR1cGd0
RU9hSkJFQlpHQ0VyalFnSWdTK294NURPQ2dVCkZVcTlKb1F4Qmx6ZElMV2lDdTFC
YU9Vc1dLN25sR1hReFUxdEpDQys1VFEKLS0tIG1zbytXWm9SZFNPM2dINXprK0dT
QmppSDRpQllMOU9aNVhoZlloNGMwaU0K0ZLD7dOrHlMElcCBduYkhe4lYn0WI4Jn
viDg/sZs46QuQnNy9CJ7SAHFgf28Uz43ZaTlMgVbbECu/sHIZH+V3g==
-----END AGE ENCRYPTED FILE-----
- recipient: age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZ0E5R095VUh3aGNrdzRU
Y0dkSGY3bXlWbXhpdGJvSko1YkFwSlorcFhnCnB0bnFZM1R2ZjBVTnM1MXdCOEpZ
cks1a2s0cENWVERVeFhUR29FenRhZlkKLS0tIENXajFBQUluTlEyQkhFdkZIdVI3
TThrWVFaQUpTWnJKVlF6Nm1IY1pCajQKB25pFTnTKXemB3PNV8F/bBtgxZaxRd6G
LaLbVXy3nmWM6El8MTSLPiSPrLugSqDL1ZAhoDYr+LvonMkoH7pPgw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyNUJxOHNnbjV0ZTJRd0R1
d3J3dEpyckVaeUYwd3BvZkk0UjNiY25MQ2tvCmV1dzdtWGxmRDkybWtRcGViM3lu
UDV1Nm92dEtvQXFNbkVveVQ3bXdlejgKLS0tICt2cnFQajR2U3BIL1ZDUlU5elc3
SUd0MmIybnBQdHVvWDhlQmpxSStCQ0kKbwFP6SM3d/wLcJBm1Qq0wZXeIJfk84ru
we7QvS49Hfegz90cW28idwHfGdexEt0+aqrIdgMXUkxZ4LsIYc8/Og==
-----END AGE ENCRYPTED FILE-----
- recipient: age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFY05ZdDBueC8zQWlrN255
Vnp2OExsbGRNeTN5ZnNmWEV1QjROdTkyTEhjCjluUGZQWXFlOUJlS1NCdkR2L2RU
aTJUS2dkQ1lRdWpRQUpUbk1XSWh0ZlEKLS0tIEQ3bEg0QjkwK2ZVVmFOazk1S0Zz
QzRLeUp1V2s5ZnJ6S2FEUGMwUjNWcGcKP+fwZLtssap41gs7sEls0QKsG6xarXMM
h7RccOMFeuYJWzugLB6dfxrxZmrF8+9JRTO6QIdDJqenRuTdNpEukg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2VmJBQStqczlGV2xxbXBT
aG95N1VkSWp5MVVzUG1TdWdXTGtmaUhPVUdrCmFmSUtqTVZVOGt6M0s1T3lYNE9h
czNtczVUOXRJalZGVi95emJIalRWRTQKLS0tIEhiWWJLaTd4dmlaRFRKM2gvQUIx
UlBjVll4YVZXTFJGbldwT2dSZmlzNUkKZ2q9hNi8jmcvYHsqSUBP8P23luC/EIGf
8zIDUXsoUIf4vtaOY4DDj3TLLAeaNu4EvGPcW7aibcoPzKNpnSrHOg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUMVlyWWlWaEF4QmFGUmE3
VlR3TXBXWGJUZ2FvU2JrTUFXNmVkbXF4a2k4ClRVTElPR0F6ZDlTSWpyV0YrTXhZ
dDRDUVhJeHBhb0VITVJoZ2RBNGh0UkkKLS0tIFhFUGRnNTFkcm9xRXA2U3BFdVF1
Nm5JUHorM2NkdFAzSzJiL0NkSHA5QVEKTTVb2XW1xAQG8uLR4DCyiAMvA6/rMi6Y
hxV6I5r8yD/SxD07oF91IiPdfWpmzYvfELkDWUEc9Hd8VfGrORZw4g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3RVMyY2Y1Sm5hWTZ6WTht
MHMwS2xvR3JmKzZRTVBvazdSOHN3YUVaRjAwClNLeTRSV1FFVGFkV0dXa0VNRGZW
QTl0MVR3Wm5VanRyRVdWWEM2U3ArencKLS0tIEI4NnRJUG8xMVQzTWJ0Y0lZZ09l
emdCYVF4TmU4cTZPNTJVUHhuaXFKL3MKz2iCih3zmWOiScBhgquWuQvjEObEcBKl
2557vNlCPJygacSY+BB5qzNeHnUl7IuXMzebvfGbO+ofdW/K0yv4+Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSdmlnbG13UElzZ05IVFY3
MEFva2FUNEVHVVVoVXdzeWhDSnZkZk1FZ1R3CmxBbHJkYXVTSzlkZTZOVGRsbWpl
UERGTWFGSFhORC93aWpKNFg1Mjd0RUUKLS0tIGlna3ppRFhkbmx2RWVOTUNxa0Mz
UzUwd1FHNTkxQ29MRS9nVU9zOWwxckUKixy2RZLXbKXWU9LKwBb82skr4xVYeFEu
4nYobIXomHGs/mlt9SvdtBtGLU7V29NN9ERH/5QPzRWHLIS8q5T1pg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrcjNiUUgzVkhUUDd5RlZ3
UGQzNDV3b1hhclJIdU1Xc2VicTdLWXFCMG5RCjI4Z3phTHZQY1hSSUlIcFpOTm53
bUM5d3BhNEptSisxM0F2VWlPakRYOGcKLS0tIG5iUFh1RU5GTGpBcGsvVWFFdUhV
bXlNVmVobElJbW0rMk9heHBsazN2RzQKen6AE4HWILY9JCY5/MsRiTBTCauFoQi8
7lidalMX0cJ4KUzTZ0jeSvW1tBUZoaOoKwHamVFpCsiRy3nHxvOpLQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrNGJQYUdhZE1VZHRZc2c5
TmIzTkpaZ21oMDFDTU11Rk9lbW1tRElSS2c0CmFPOFR1ZC9JeE0ySW1xOU5rQmtx
SzlNT0lET3VsYWpoUk5RMDF5bVVMV0kKLS0tIE5Md0xhZFphMm03VU9CY2RiZ2Qv
R2JzTSswWWxaV1hiUmxLVkcwQ0RYcnMKLuxZpqaev2JPz/YDcjqZztnwGKvVQ64/
WZ8bsG6n+7tD2g+QOcbKQgG+I/G4NDvCjd6T7yZAmsDDpNP7Ghpn/Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXcjlzeU9IMGU3clE0VUFw
UTB4RzVCdlJzS0lPRVp3Z21Gc1JSNnRiNlQ0CnVmbnovNVpzQ2dqVFVpdHdvdTMr
N0g2TUZVYUROOWVBUFhoVDJtYXVXeXMKLS0tIG0zdmlLQnZrUDBwV1owZytiRHhK
cTY2UDhnNXJFMUhpOEp2cXpwQVpmSmcK/JO2ZeWd21DQidNpIMdTEa7diyYwVQLu
3umyD4vC6X0XvvxOL5kb1zfy3vm3VQdvtiROtF8Eh+J8+HjNKZh/Bg==
-----END AGE ENCRYPTED FILE-----
- recipient: age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNM0lDdFZVTkZFRVp0aXE5
UlU2YzhkMTRGLy9ORitSWW80eS90eUdQc1ZNCklPMktDaS9ucW0rK2RZeXBpcHpk
TlpZWlpWSTNQbE5xL2hwakhlcjlBYlEKLS0tIHZ4KzUvSHR1RkVJcmxVVUYwUzJi
bS9aUEhxdDlYRXhLMUtYa0ltWEZFa3cKa4A68uNCKGWIrDHQo4CBduiwbsvgFmjo
OGnZ+eEJZikbr+i1KvI+l/zSv4Yef3b1WEJFjhZiaWDHxHLLkj5hAQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtamZoR1h1cElXbGFXSStO
TGNBSTgreFBReU1wZFRBZzlEbFUvdDZ1MzF3ClZaSVlQa1NkRlAyWkJkd25vYUlr
Y2EwREhobmtNcnF1b3ExZEYxQi9Tc28KLS0tIENBNTZUbTNQbGRKUllZWE9aVEor
blJlamxRb0xBbHBIUXQ3L0RDNU9lQkUKVO6SZ3KlIhzCFnNC8cN3K/SUzlxJuPez
TkqPF9CIn0Tt7BaHD/NFPPAde04WBQoqoKDk0dsJ4uOFco0PZKThPA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLdEdpQmc0eFNTOHBUM0pz
WEJJVW9WaVYwRWoyQkNtNjNxYUpRUSsvT2dnClUvWDAzRmhXTFVxbThvYm1yWkFr
YzJFMEIwM21UUkNzVFlHQ1YzRG1TSE0KLS0tIGFWY2pXSENwejEvUFFiR2pXTk01
bXBad1FqWVNaYlR6cHJHSmZ2U3FuQnMKqHys3BmHmeRnbjzYbbTC1sGWKNRvxqXq
Ly342Jz9iFTlyAu7ykD/pXQwd8ZOUsPX+cVvEMfUeMIH9r6jrruLBQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5Y3RXSUZka2haSWlZUkxF
eTVrZmk2OFltOTNDUVVQQ044TXJ4dFRMeFJFCkQ3anNCUWZTckw4Yk01S2M2ZVJJ
R08rZldiaU5NZjhyUEhzL0V1NzlncVEKLS0tIGNaNEhRY3NQRTAxdDdMSmRnMENy
TStoVnNoTWhYNEY5NFBzWTFqaytrT1UKLcG8kYw0yVxT9SV8mbJOyC5NCTFKQL/1
rmZMWBS/BlDDO2PonS9N44VU/6KwcGq1+D70TtYgVvoB3N8G3CHM6Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUL1hFakNYdFBmbkNURmxm
OTF4OVB1Y0FhOUR0MmVRKzRFKzBEVm5ZK1VjCkhGY0tYV1h4SHM0UXRmdVE2ZVhQ
bzFoNExrM1hXZ1lqMW92VStVN1pVUVEKLS0tIE5nRkhjVVZQT21CNnZOaG1sS3h1
WFgxUXZUNDJUc1R3ekxRQjZQQnRhM1kKTEgtNk7CdrDiBK7P1c7pTuJG/2UhcYCS
cVfnIUpP3rqR/K/X/IbyKnQ+imJLEoh50bn0jS1bwWzKqwzBKvGjSQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3bDB6M0QyVDNuVzZYbmhp
MVFBQzZDSlNUVGQzQXVRd2I4RmZMYVJjWVUwCnBueGlHYUd1cll0OXpGRkhDeDRz
Q2hLTTB0Qk9LaXlNeHlRMzVZT3A3VXMKLS0tIDU0ZlpHTnhFZS9ISnZXTFpDUWI4
VFBFV3NqcWVZNWk0TWVVRmtaSldmUk0KAjEe3hvPjgI4SDzQQvtLIpxpnoSTy4Or
UaKcn5rDsgUpsJsi9P1yiOJcmZpUH3RHP4xkBBro8HWV3hvvFJgSaA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1n4lhfwv7g0vhx54exmwx9yv2z04m3h2lunzpa5zdzgtcvjjuf5nqc36g8a
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdktOQit4ZkJGaWh4cFNJ
ZTJuREp1cXZjY2tZMkVTV2RVR00zd25ueVdNClN0VDdJS2xHZFBob3FJSUd5VDdI
Ylk3YTF4eS9JcFphOWFxeTNTeFVuOUEKLS0tIGtFd2lTVW0yNkpnOU9uUEIrSEM3
WXpiWDRZM0M5MTNxSTJsc1phRmdPQzgKS4ydTZkwu14LPZSWBA6wqyaxMV5X7Vgl
DfegWoqSvR1SUE0/CxFB1jNtPQzPEJh3HkuZTY2fm9RxzFbOEvL/aQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhWGUzUDBzcVJTczkraDN4
cDdxODZrL1NGZ0tLVDZXYWJ6NFNnd0lET0FJCklhempFd1pxQVBkdkQxaDlWeG5r
RDVIVUhsRmRwUzlYeUpOY1diY3dRSVUKLS0tIE50Q0JjUmwvcWRocXJpTjZZR1pL
ZjNkWHBaTGgvd2Zma01SakNqWC9jSEkKIcBo12Kzi55jcVFOuQK8SzTwzrWyc/48
5LG5hN2+afFQIzKW5adcsba6Es6iJQJdyMtHrPE1wqMPnl6pyQP7Yg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vgqvdqqe3mn0gvh0hydvu9c5f9yn5vek08cagyvwjhyta6utpvuq00g9c2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4WndOVUVvUnkvMWtvSFJ2
dWpwZWVIT1RyMy9XNXgyeFNMQjcyUGRqVVNJCnAzR3YyUkpqRWRFS0dYcllKL0Z0
ZlpsV1UxNHJhbm1aVkhpRk9aSWZDdncKLS0tIHc1M0dLbGl6alFNbCtOcmtoQ1RK
c0ErVloxNzU3SWU1bzJuUGZSd2lNK3MKwc9byCoeGk8/DJ8wC19BHhq1LesdwSFw
7loCiTa9kCG6rR5GySjgHw3epwqTPDdt35k2RMgVYIi3CKDv3UBkNg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqZVh3MXNBNWFPTUdWMmhH
cFZUOEFyajJoKzNDUXpxNkJWdno5RGg3UUIwCkoxeERPNFprc3RjRWw0U2FBN1dI
ZHhBNXVTZ3ZQWENGWkJTR05QeXRvTzQKLS0tIHVRakdXUnZrb0YzM2d3U1pXN1Ax
bFB1a2xJTmNwWUF1VWpYY0xhSUl5RFUK/xzuiiUY3DoUq+lO6FLXGV9gtU+WIxsf
6h9IuaavMojnHKvKtzuj6u+4ATtHd0hMo+dqvv9qCkljQ10Mo8nD4w==
-----END AGE ENCRYPTED FILE-----
- recipient: age17a8y4yr2ckuek67rt786ujuf7705gvj3vv6ezktxxmgayea9zcyqet7hgc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxU1VCUEdNM0dwQnYvNk1y
NHlBUnA1VEZ2NnZpaGNJZXlGbHJJWis1aUFBCkt1emt6eHlxcWpjYWlUdlp3UVox
RlRjKy9aR1h0K1VQbTAxbHFCbnVDTTgKLS0tIFkwY0ZyQ09JQmtEeEwvTEczQkM3
bTU5NmQzTy9FdDQ4NG1MOE96cXo2ancKObGsPfNkyEkaH5LgPOZvdRXKZOd9PRu+
8l52keSjxQhQe05ILeV5ZaysufpoHpADOXijRkfO5gFhaPtZzJADEA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArTW9rZHlpVDkrTEtzTGt4
ZFpudzZMclRyRVI1T292QzVLUW5YdldTQ2lnCkZzanZPZTVzK0tzdXFtV1R6L3Q1
RGMxYnlWOVZmSFY3Z3NSMjBZckd3c0UKLS0tICtDcVpSdjV3VmVvbU1OU1F1VnVW
aEtWN3JHSmVVYmpCNXVOQWJVR2ZqR1EKH9IL1zzT1zdZAQ/eIbxF+4WoVWT2unEE
evMXZkfy050h/pFiTXDDENJfKtuCVn8dnCaYjeqO+6bNkOnaJjoebg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-14T01:17:28Z"
mac: ENC[AES256_GCM,data:r1FWYKz9aJtmhH7MLPqwZjG0W7LULScGd63CnIqsm2AbFIs6DgW33zDsgwrl1oblx/zYGda3irB5s1+otR38DU0VE7jqLYzHpb3eLsE986ZTwe9Tujy6BJm2Pyng60BJTTBwKU8awS2WpbTUivK1aVivNfBffQIL5Scv/qkyH3U=,iv:1USu0hh8IM2T/w1Fm/udGswPJcxKmvcG6XwlS2ku6iY=,tag:F/rZiGc3KTaNA0YtrWF3+w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

5
devices/cross/ssh.nix
View File

@@ -2,6 +2,11 @@ inputs:
let
devices =
{
vps4 =
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIF7Y0tjt1XLPjqJ8HEB26W9jVfJafRQ3pv5AbPaxEc/Z";
initrdPublicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIJkOPTFvX9f+Fn/KHOIvUgoRiJfq02T42lVGQhpMUGJq";
};
vps6 =
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIO5ZcvyRyOnUCuRtqrM/Qf+AdUe3a5bhbnfyhw2FSLDZ";

38
devices/vps4/default.nix Normal file
View File

@@ -0,0 +1,38 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
btrfs =
{
"/dev/disk/by-uuid/403fe853-8648-4c16-b2b5-3dfa88aee351"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
nixpkgs.march = "znver2";
nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
initrd.sshd = {};
networking = {};
};
services =
{
snapper.enable = true;
sshd = {};
fail2ban = {};
beesd."/".hashTableSizeMB = 64;
xray.server.serverName = "xserver.vps4.chn.moe";
};
};
};
}

51
devices/vps4/secrets.yaml Normal file
View File

@@ -0,0 +1,51 @@
xray-server:
clients:
#ENC[AES256_GCM,data:d7cv,iv:RHzGIDLuuKejCTQ5YlNNITkCS3VoprsqH/kHckdpAv0=,tag:3cYw7uyUmXALo3v7SiqLJA==,type:comment]
user0: ENC[AES256_GCM,data:o2wxpSzoqsPxs6grgYRLtPutMVwSqtzUWBrj7+7QuWWd1a1z,iv:2/5SxXq8Iw4J/LzBeclHbkrZXHitguip0WN+MINym8s=,tag:v/3oly53ORM9XAwbOzp06g==,type:str]
#ENC[AES256_GCM,data:0nHZmEPPaw==,iv:BtOZ8/U0yg3fthHrwerNQX3+KD/H9+fcUylYGnZqiIM=,tag:DkFGSFfq//LmWfg6DGm1aA==,type:comment]
user1: ENC[AES256_GCM,data:7ev7GuKLeJbPReMy0FnX02fLv5nNCpxdzfnQyAA+/IviwDMQ,iv:YbESsyIAiEAyvrHnj9A4lITX7NtRkuRhCrTv6hoG9Qs=,tag:8uledxLXqpXXLBh+cczm4g==,type:str]
#ENC[AES256_GCM,data:3KN/1hzeR2I=,iv:iaqJJD6iURTUlIL8e8P7fsAzJYo+y3NGZXgWmPX+4ao=,tag:e8g/JgVrMrWJamUMpiv2pQ==,type:comment]
user2: ENC[AES256_GCM,data:58PnLCwDayOYinsPCYPeMvuKiF7b4tZtbmEJFWEl+2Nu6HL2,iv:hSv3jCtkLm4rrm/4+ot10CBhobGwtnK5db5wR1S/XrU=,tag:SQbynYp8pDSqj4tAK6JBMQ==,type:str]
#ENC[AES256_GCM,data:uTZDsA==,iv:6cxvQycfji/x+DW1CnO45r+yNTLwkhYkiJwDaSpUCwo=,tag:8pMw+sYeOyZBN1idHoM9+g==,type:comment]
user3: ENC[AES256_GCM,data:WCVr0ylGm2SHtOGulb8TD/cI2xJXrbvY1d6+STXGxf0d0izb,iv:vhNshb38AVpwKCFRwUVruCQ0SxhHrOmwQ+IoQZeUj1k=,tag:OfdIjRrTAuVZBOEXTtnrQQ==,type:str]
private-key: ENC[AES256_GCM,data:akNIeVp2bfKvnzlS6KLAdqAo7qsGfPatzCZpN1tNRLhRVXmJCcUDVSmVoA==,iv:2Rny8ioDJ2x+NR+n7/Aluv7JZ+Om3MuJKsXiwONYntg=,tag:a3xubIr7hpVjRiHjFL/q5Q==,type:str]
acme:
token: ENC[AES256_GCM,data:JBeN7SVxKGOe6er0eS7/v8YrXdv0nCK/KZc8Ygq0G7FIGu4hO662kg==,iv:rf59MgUCYlAA5h18wtdWoUyb2VPB13OPuJjz1VsI2dU=,tag:ViPrwduD8aWf8i8vmBG78A==,type:str]
nginx:
detectAuth:
chn: ENC[AES256_GCM,data:lQHDpv8/Yl5/nycHoeTnCw==,iv:ernNxRpcTOSAllDpqRFVFg3qEw/slEEPPXDFq1AhNL0=,tag:2AVALUf9cDyOgCqI9wwgQQ==,type:str]
led: ENC[AES256_GCM,data:zyCiiH21,iv:iEYyNClDsCpWE2oNjt2NqQZ88xOOlMr0yycjKTPdmlw=,tag:kQfbshXfTBA5PtUAgpgCcA==,type:str]
chat: ENC[AES256_GCM,data:pXu0WPWmvUzvl2expDpQPqWwi1A4abg72npsaYXDXRcg6aVU0Ec+tgM2+uz2hT9rh3mNoBxadYXDc/zeOL1UCg==,iv:iln5UGGBK2s5pGS03PtolWTkx6KrnYBAWCFnI0V2Bag=,tag:EahTDoPIBkgWnp4MOoTCmw==,type:str]
maxmind-license: ENC[AES256_GCM,data:8OioibcXQ9IZ0OQhJ/zHSBQjfdHzkoqwUx5zR8Zq0atNw6SSf7vKrg==,iv:z6WTI2yeqP0h7EqKG114nRQpFVJlNzZspgS6gIFtpt4=,tag:a0dBt9pXJnncBiSKt9dsAQ==,type:str]
telegram:
token: ENC[AES256_GCM,data:Si6yTh48HpA8OkkkvgHwtJYFhF8tW3oaQbldjwBc09QJxp9AoKgASMnZtbDZYA==,iv:GrNyZXjaZMviSjy/LGHHrYTr5PFvDkCXmT3MU4+SLpc=,tag:YifB1tKFLqsgXB/YLqYK4w==,type:str]
chat: ENC[AES256_GCM,data:ydPky0W4ZWqn,iv:uWQrZDz2GCxiKRaijM89Npt0fQeSNHbQzDefkZCkUAE=,tag:OJQwV/889Vp2/4wjbN41JA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNamN1TytweDd3blJsR2ZH
ZmlocFZjT3ZaUjlVbG1vVSt4a2s2SjJIaGtRCjRneDV6cHYwdGJOY1BDVS9DeDVC
cDdNbUdtSGRHNU1yZFpPc1MzRS92ME0KLS0tIFpmamNmTFYrRGRqbTFVSzBhUlNa
VllXdzZ3bEc3UFY0YjZRKzBUcGgyVkUKqI1ojiLbF87alAkEwyrm8wuW2fLbmj8d
YBIpoDCZ7AwR5uHWQAtl7BWJV1zab+rA3zvaf2BsrVA1A+RWOtYT/Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWWitsSnRVSzJDZG9ZSE5I
bmt2NEFDanR3aFJyYVNnU1NlUldRb2RUVXhNClQrTkgzR1dPNWp3endZTUl5SmRs
dEtkSWk4aWJEc2hhbWlXZkxpNGhacFUKLS0tIGZNSG43R0NKYmdFMzdXbmJjSExJ
Ri9hM3NRTkM4Q1lDdmdPemEweEFBUmcKNLL5qH+JeFWX0GovkPFVVAnz+4tmfG6/
1jN8YqbMIxf5/L8tauXPf0iIiHa6pUcjtDZPr/OEmeXebmF6Bh9u9Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-25T03:19:55Z"
mac: ENC[AES256_GCM,data:v6yb7ZYcnPw/8SqEJnSWzmlE17PenjnBH2X8HZp+kIDXzNFyNvD19FcbCBZjwyjBLvN1ZF4M9FS7Y4+CvvMrN/4JcFufcY/V1NrOd8IZisfAT5N3WuopPee4IN9WEyPVOsbFnesZo6/wJKuqlV1UR8UZxCd3/wHXob9Lkz45cBw=,iv:XKIUiRfP0lj8V/Z1HbvhBankdcAjQqM8Way6TWjJJMY=,tag:PLYsVj6BmR132oWsxEKnfg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

2
flake/dns/config/chn.moe.nix
View File

@@ -5,6 +5,7 @@ let
autoroute = [ "api" "git" "grafana" "matrix" "peertube" "send" "synapse" "vikunja" "" ];
nas = [ "initrd.nas" ];
office = [ "srv2-node0" ];
vps4 = [ "initrd.vps4" "xserver.vps4" ];
vps6 =
[
"blog" "catalog" "coturn" "element" "frp" "initrd.vps6" "misskey" "sticker" "synapse-admin" "tgapi"
@@ -29,6 +30,7 @@ let
one = "192.168.1.4";
office = "210.34.16.60";
srv1-node0 = "59.77.36.250";
vps4 = "104.234.37.61";
vps6 = "144.34.225.59";
search = "127.0.0.1";
srv3 = "23.135.236.216";

1
flake/dns/config/wireguard.nix
View File

@@ -2,6 +2,7 @@
net = { wg0 = 83; wg1 = 84; };
peer =
{
vps4 = 2;
vps6 = 1;
pc = 3;
nas = 4;

2
flake/nixos.nix
View File

@@ -1,6 +1,6 @@
{ inputs, localLib }:
let
singles = [ "nas" "pc" "vps6" "one" "srv3" "test" "test-pc" ];
singles = [ "nas" "pc" "vps4" "vps6" "one" "srv3" "test" "test-pc" ];
cluster = { srv1 = 3; srv2 = 2; };
deviceModules = builtins.listToAttrs
(