tbarnouin/nixos-hypervisor
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: tbarnouin:1d126cae12397ef716cc516196f36b99b4ebae33
Branches Tags
tbarnouin:main
..
compare: tbarnouin:8b007885cd03dfac9c9284f93e8ac29c62ed4020
Branches Tags
tbarnouin:main

4 commits
1d126cae12 ... 8b007885cd

Author SHA1 Message Date
Théo Barnouin
8b007885cd Delete unused minimalConfig services (migrated to systems/) and working crowdsec config
Some checks are pending
/ Build Nix targets (push) Waiting to run
Details
2025-04-14 14:33:41 +02:00
Théo Barnouin
50f70d01aa Add specific cs key per machine (not ideal, not declarative) 2025-04-14 14:16:05 +02:00
Théo Barnouin
21cbf45c5d Add specific cs key per machine (not ideal, not declarative) 2025-04-14 14:14:59 +02:00
Théo Barnouin
5be466302d Try a working crowdsec config 2025-04-14 14:11:38 +02:00
26 changed files with 208 additions and 431 deletions
Show stats Expand all files Collapse all files

2
flake.nix
View file

@ -95,6 +95,8 @@
crowdsec.nixosModules.crowdsec-firewall-bouncer crowdsec.nixosModules.crowdsec-firewall-bouncer
"${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-image.nix" "${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-image.nix"
"${inputs.self}/systems/minimalVMConfig.nix" "${inputs.self}/systems/minimalVMConfig.nix"
"${inputs.self}/services"
"${inputs.self}/modules"
{ {
networking.hostName = "nixos"; networking.hostName = "nixos";
} }

6
secrets.nix
View file

@ -7,14 +7,16 @@ let
postgresql = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJW7qA7j1sICuu1RAfs9ifR9dmOlHq45tKu1ga7CKaob root@pgsql"; postgresql = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJW7qA7j1sICuu1RAfs9ifR9dmOlHq45tKu1ga7CKaob root@pgsql";
forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMf3Cc/S0p/LFcW+RLMEqpxOOv8q/HrKO4I9joHmRxl root@forgejo"; forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMf3Cc/S0p/LFcW+RLMEqpxOOv8q/HrKO4I9joHmRxl root@forgejo";
nginx = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKX2wkS9bpMy1+ITPtQclRkthOwksWBZOLa3bT9oLAe1 root@nixos-nginx"; nginx = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKX2wkS9bpMy1+ITPtQclRkthOwksWBZOLa3bT9oLAe1 root@nixos-nginx";
jellyfin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBiJb+U6LQ3KglTJqdUzwCVkKWqYoBuJXZ8BXXgCMqN5 root@jellyfin";
systems = [grafana onlyoffice postgresql forgejo nginx]; systems = [grafana onlyoffice postgresql forgejo nginx jellyfin];
in { in {
"secrets/initialPassword.age".publicKeys = users ++ systems; "secrets/initialPassword.age".publicKeys = users ++ systems;
"services/grafana/secrets/grafana-db.age".publicKeys = [tbarnouin grafana]; "services/grafana/secrets/grafana-db.age".publicKeys = [tbarnouin grafana];
"services/grafana/secrets/grafana-oauth_secret.age".publicKeys = [tbarnouin grafana]; "services/grafana/secrets/grafana-oauth_secret.age".publicKeys = [tbarnouin grafana];
"services/grafana/secrets/kuma-token.age".publicKeys = [tbarnouin grafana]; "services/grafana/secrets/kuma-token.age".publicKeys = [tbarnouin grafana];
"secrets/grafana-lapi-key.age".publicKeys = [tbarnouin grafana];
"services/onlyoffice/secrets/office-dbpass.age".publicKeys = [tbarnouin onlyoffice]; "services/onlyoffice/secrets/office-dbpass.age".publicKeys = [tbarnouin onlyoffice];
"services/onlyoffice/secrets/office-jwtpass.age".publicKeys = [tbarnouin onlyoffice]; "services/onlyoffice/secrets/office-jwtpass.age".publicKeys = [tbarnouin onlyoffice];
@ -30,4 +32,6 @@ in {
"services/nginx/secrets/cs-lapi-key.age".publicKeys = [tbarnouin nginx]; "services/nginx/secrets/cs-lapi-key.age".publicKeys = [tbarnouin nginx];
"services/minimalConfig/secrets/cs-lapi-key.age".publicKeys = users ++ systems; "services/minimalConfig/secrets/cs-lapi-key.age".publicKeys = users ++ systems;
"secrets/cs-lapi-key.age".publicKeys = users ++ systems; "secrets/cs-lapi-key.age".publicKeys = users ++ systems;
"secrets/jellyfin-lapi-key.age".publicKeys = [tbarnouin jellyfin];
} }

44
secrets/cs-lapi-key.age
View file

@ -1,23 +1,25 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBLZUNM YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBmVzdO
VWJ2TVRoSVp0amJaQmhpZGdKRXpHc0ErM1BoRlhNODJGa3VDWG1ZCnVycGRWQnhP Umd0L2ZLSksvK3Y3bjhUaGtQZ25iOUVwbHJ6aUdyUkZ3L3FWWGdZCklqUkEzZEcy
SU14VUpRanNUc1lzT3dXak5tMGVROVJOVXFaNjh1MUZjcFUKLT4gc3NoLWVkMjU1 cWgxaTFMclp0ZlJxUU9maVArelNkVEdqa2I2cjVSMUtIUUUKLT4gc3NoLWVkMjU1
MTkgd25FVXB3IE16anVFaFFGRmlZVkY5SDlyWW1nckxoZUd3Z1YvdStEOGNXdS9O MTkgd25FVXB3IEYwZ1JxVWVWd0thc3ovV1FFTnozL3dBd1ZJSnArT0FpNXNwZEtm
WkNlUVkKZHYrZ05QeGc5bS9UWFRLellPQnptem5TQ21NY0NXUFVJSkY0RHdsdHNy VXZBa2cKTzdGM1E0dlorMDh3d041THNxaXBjSStJUkc3Sk8yUDNvQXpQTEZJOElE
UQotPiBzc2gtZWQyNTUxOSBubUtTK0EgRkk2MWU5b0lPMEFlTXNRWWNWaTFaS0NL awotPiBzc2gtZWQyNTUxOSBubUtTK0EgWVZYOWpZa0VHYnh0Tnc4OUlwLzArKytz
RkN4eitLbnp2OTRlOHFvVVRDdwozR2p4SEJoNndobTBQeWRLYy9ONGxXcEZTZU5L V2hwS0FtV3BVTlFsRTRKdVUxawpZb2VQZzA3UGxIbWEzamRMZnV5R1IzL3hMNjYw
bW1remcyUDRqRDBGdDhjCi0+IHNzaC1lZDI1NTE5IHNpbmd2USBBQXk0b1BCTkgz U20vcFUrOFNWbk1VNUFZCi0+IHNzaC1lZDI1NTE5IHNpbmd2USAvajlPaUk1dlVG
VG1CbDB6QVBreXFIQS9wRG9nYUUxWnF4YzhGM1NFTTFJCk55UkF6NWdPeVUvL3ZC NFdLdVdxOVpvaGhTQXdTZVNHSUlDYUtjR1h4RE1GcTEwCjZkNEVlVDhDbjFoK1Z5
anFSdTFFaGJQQjJtQ0l1ZEpUQmZkS3BVc1c5aUkKLT4gc3NoLWVkMjU1MTkgeHFt TFFxelh3bFE3TEx3eW9tczVpVk5lYTl1eWY0VjAKLT4gc3NoLWVkMjU1MTkgeHFt
eWpBIDMvOGJZV1o1aE5jYWdVUDhRR3BZd2pxY1FvQVJUS1JTZktrbThjS3BRMkEK eWpBIHU4dmlwcXBLSHFFVXJLV3JLdHpuWU5FNWZNRFNicC9DbVFuMVRkWG42QVUK
R2dXcHN6MVk0UGlNZERRbHpiWFBuVkw2KzJwejJCV1FSbG5JTVg4WnVRNAotPiBz eDFZR2svdk1XVnJYQ01kTjBPZFhGUVBKVXNkRUNGWWZQVjNVaVZRTFlqbwotPiBz
c2gtZWQyNTUxOSBtdTBmbkEgaU8zcGVhK1BrUWplcVJIRGh1R0N5U1VGZTA5Tlpj c2gtZWQyNTUxOSBtdTBmbkEgUVdnWmNuMEl2WWVSYVJwS2N0cHRJcFFDNU9GdUU0
R2g4RWhBYnBNQVltNAp1Lzc1WlpSWjc1RGdCenVEQ2x2cTZtY3ZwTnFuVkR2RjRI RFlCYjN3MDZ2bm9uNApHMlg5eWd4VDFaR3FTRHNFczZ4Q0xabkd5QkZMQXg0cWVr
d0xYM25MSGFnCi0+IDdYSyV+QT5OLWdyZWFzZSBDJCdsIGxaZnsKMXZFY0x4Q0hT a0NQYlZBdzZFCi0+IHNzaC1lZDI1NTE5IHVmRGxIQSBUaFgwbU5xU3JPQmhYRmZ6
QVNXd1RHWFpJZml0ZzBsbHhNWmNORVZjUWxmQ2ltZGxFUm1WdmVsMENSMDFmRGJ5 YnM4Z0F6NW51R0dHMENhVUVFdlNpOHRZWnhNCkFXUTRNZVNGK1NOMHBMOGN0UHRJ
dVpsUDlGSwprSTA1Q0JSczloNjFuT3B2Ci0tLSBEWGFMYTU1aTJvdE53dk1qRlpu d2pQN3dCcEwwaExEN3phRmM5czVCRGsKLT4geXstZ3JlYXNlID5TLnBFMC0wIGM3
Y2tOVDVUcDRIaG52bmhMa2N5Z0xNWUI0Cjy/5eYpl5iwNd2YwC0o1lO2eTr2ggPs ZWEgXU5HCkdXT29ZSEhqNzlKL09FdkxrS2RhOXdLSVR1WjArRWJ5WnNmeVI3Zy9o
Xq2JxNg5IbFYkBqMiw68yEtMmQf243rvGn8h9jQxL1VnSi+wpueZqxgczICzcqGn dUIwVnlZZmxtdTJHTm1HQVZOV3ZBCi0tLSBtZmVwbThNenNHcnBrUThKd3JycjMr
OPOa08liEIvA+UtU4+z11c2fIiZ/BdfzF/s0wzB9uEChpOHSOf0SX8hrwlkq6fIr MVJzWU1ZWHJtYjF5alVoVXlVZ2tzCnuhBvhFuByb20r6nfVQlyM1PgxGD86x37lo
w4z9OXceDiUQ5ITlBCl+Kaeb dy3AIYpG5Z3lEqWNMomMU+8EI6hAArLwWmyi0yWirJKepsSkuSfEF8jMOUIzdhD7
fPvkvq5Mrk3T2zulRcxC4eLCpNDG7orlg3hKVmyHvdfoQadBLbe7kuwfiVEgTBh8
0KIPAP3JQ1AMGkfBe+Ii
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

15
secrets/grafana-lapi-key.age Normal file
View file

@ -0,0 +1,15 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBUancv
V2ZKVW5JN0RGSVVhZFZNaFlrVDdGWkFFQWZhVE1aUUFBcmk1ZUVjCnlsRCt0QUtx
d1Z6aFhLQVNwSFl6U08zdlBHU2FWNEVmaHRwTzdWNkZxRncKLT4gc3NoLWVkMjU1
MTkgd25FVXB3IHY5N3AvMjBxL1ZZTjNxQzhjYWN3UVVXdEZ5eHZGTUQ3NVk4QmMy
bmp4bTQKcEhiejF4cGRDRkhwdkdNL3BRN3Y2dVkwWGtKTFdVRnJ4ZktNdDJzRWND
YwotPiBiRGgtZ3JlYXNlIEh7cU13IDNhezQ/VGIKS0pXcDdQTjZYMXRwdTUrcHBU
bTZjOHVBZ095aEo1am1sM1ZLNEpKbWJxVDcwOVFMZExxdlVFSXZDc2hBcHBKVQp5
K1VpZk5MZFpiRWxtYkhrRkJTaGVmaXhkZ09sYkhod1pnN3k2cFc4bGUydzNGV0Rh
ZFBjCi0tLSBydmFoY2NXdUtEM2xSbGJQNWkyeEprZ0RpM1lTN05QQkM2QmdsenlI
YWxJCtcFRV2NtwE7vA6zkN8WsD8g3MlTGyP4IJ32yznEVOANgSUm4utbnntuP6oF
tByB3CY9pVGWphn16iB1+tvuYK8ZvegqJ2M77wJEiEwancwN9Lhkjp1RAXrHcfsj
t8petIZqKpQOpcsAT9ekPnPT7wVpCwDMrN5VQx/cL3cWPKoy+wllDYT+csFPZwQF
D96CQX7nMOwml0Em
-----END AGE ENCRYPTED FILE-----

41
secrets/initialPassword.age
View file

@ -1,21 +1,24 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyA1QzZE YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyA2K1Iz
cHhwUnk5dm8xU29CNlhlU1JsV0tYaDVHV3g2MzI1dnZsVUxVODNNCjFwanh0aUhT bUdCaXF2dGJrYjkvaGhrYXBQMnJDZ2c1bVg0MjhiS0lFVDVxTUVVCllDbWhnZENy
c016dUpONndPL0pRVUtBY2dNZCtYMk1Va2hoaUpsL3I4cjAKLT4gc3NoLWVkMjU1 anorM1g2TUo1S2RESklDTFFxN0hhd0VZaGNkcWlEa2F4a3cKLT4gc3NoLWVkMjU1
MTkgd25FVXB3IFhIVExqYlhTTWt1Q2l5T0RFRWdPN3dRdXVrbjNZTFFXV3pVZ0p5 MTkgd25FVXB3IDdSUGJuVk54bGp0bHdHTnZxb1pjYWJZMGs5b3MwNk1TY01vWjJL
TldNU0kKZXdpZ3I1MEk1VzVsNXBuMmlZZjl6YmVKTmNwMDU2VFVSYUhMeURJSjh1 VTJseVkKckNOQW9BdHpRS1ZxTTY1V2d3VjRNZkhPNEwwTXVKRWdqOUx4eEl5NlFU
NAotPiBzc2gtZWQyNTUxOSBubUtTK0EgSVpFeUpySkdsTldpamFqdGJaV3d3ZmU3 dwotPiBzc2gtZWQyNTUxOSBubUtTK0EgUUVhUkdSOHM4L3NQQUN4MWlFZDhTNzRX
S1VvU3JkTzAyZk5vRXMranIxSQpQYTFRcmlYWFFldFJKelNEVU0rQU5zNDN6bjVq RlZkV3hYOXM5dndjTmRhd3cxVQpGcHBjODZHNWd5c1BPVmxNeXdIWlFINExKQkR5
ZkxBL0E1UTNVVC9DK1hrCi0+IHNzaC1lZDI1NTE5IHNpbmd2USBsVWhhdUVxUnBB emEvZUh6dWdCMzlsUXRVCi0+IHNzaC1lZDI1NTE5IHNpbmd2USBuQ3crNjdhYlpW
Nzk0OEJrY1V4UkpMNlVvWG95Z0hlSDNIaWQzNjNReXl3Cm1RdlJxRzBNaTQvUmlP bUlGY1dFUnpTUi9rdDdEMjJSRmFrOUlDaXR4cGJmbjJzCk5zV1hYc1JVQm5qL1lG
V0hhZXNhVUJrRklNc3U4dURsYkpjdHErNUljTUkKLT4gc3NoLWVkMjU1MTkgeHFt THIzOWNRbUVZeGxHcmhaYVB6bmRRQUsrdXkraGcKLT4gc3NoLWVkMjU1MTkgeHFt
eWpBIDVKdjA5S0Z5cU5OeTMzL2crN2c4bW9VQm12SUJiMGZ2ZUI0bFB6emNyM2sK eWpBIEVwUGFJUkRWcDVoZVBseS91U0ZveVgvZHJ6eTR2U0tsanQ2N3FzMUU3UXMK
T2o4UUJBYTNzNlp2L0IwSE9yZVJQWnJJdVh4Q0c0ZlcvMSswOHJJM1VzZwotPiBz cGY5b3hlMFJnZlFKNTlEdTZDRHpiNm0vbG9iMzhiZEpzUTFwK2x4ckRCNAotPiBz
c2gtZWQyNTUxOSBtdTBmbkEgellndXoxbmRyV2YrLzZNTnBTeHF6Q2RhQnE4R0NB c2gtZWQyNTUxOSBtdTBmbkEgbERlc01iSmpENWJPazlMZURTKzMzaFlXaW0rZzIr
L0VSOGVLaDRzYlcyNAplbnNtb1JzN2hUOThQT1ZFcHNvNUlJeVZnT1dudjI1RDdC WnMrUGtlSnBaVUpEUQovZ3FiNmg0R3d5SnlYYlZSd3B2YWZjWFFicTJPL2ttVWFD
T0hSakZ5Qk1nCi0+ID40MHUtZ3JlYXNlIHcjSCwgQApBWERhZXJKbEFsN0NUdjRp bmtVMFNkalc4Ci0+IHNzaC1lZDI1NTE5IHVmRGxIQSB0aytTNHlvYUJGcEZNdUEz
M3RJbWtUV1dSZVBNQWtTbFIrZEhHZmRpVW9TckR5U0RVeDZvSWZDN0o4VTY5T3Ew UWFJM2NHUnEzbkpiQVFTUmh1Zm1NRmJlL0dNCmRmVXMvTXBLRE80WHQydHptVTlV
CjlORWpkOUhVdkFYTWpSNUdoVHA5VVAyK1dSYlc3RnhKSmcKLS0tIGlqcnAxK1da UVJvVEZLc2o4UjhiWE90ZGxqdUhyQkkKLT4gWThwSFNIPz4tZ3JlYXNlIHUqNWRO
QkFqdG0zOVgvWmhmUVNacVZnaUliSUpEeEN2U3Q1cXZHV3cK/UjHuI4IFTOckk9c IyA1JWk4dGsgbSAqdQphRk5RK01oSWtzdnBlaExmZndqUHBDOEsrQ09tWFpaRVp1
KvePereu3ontxUGl393gcI9x1Eacg0b9HZEfwnDKT4dIX2vGXx2aMLo= N01WQnlEWmpvNzMzbHJxZlhmcWtuSXFmVHh4bUpXCk4wWG9YVEsvcVpGcAotLS0g
RTc2cm5iUXVydVkzMS85U0h4Mmt4eGVnT2hnM1pIKzRkR0JkYzNIYlg2MArwHWYb
drwThiGw2mBcQQu6o8tkZWej7EeEVRhqYCIUYguwAXSkaWm3hJn6QxMDCSy9bxtq
xg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

13
secrets/jellyfin-lapi-key.age Normal file
View file

@ -0,0 +1,13 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBDeldJ
eHEzcnZqUGJhYUQ5YW9IODhnei96RW9sOGgzR2JjZUJ6Ri9WU0JJCkFFei92cGlW
aGFkT21TRmw3SEhpbXFLOW04dGRndm8xaTBSVjhXeExVL1UKLT4gc3NoLWVkMjU1
MTkgdWZEbEhBIHZ5VEhPZHI4UjVFVGpMUGFhcnMwckJLcGV5VG81aUw1NG13a3ZE
aHVyd0kKOWsrcWZwRmg0RnRRMTI4b1I5YkdrUkJ3cWxrUjh2ZmQwMVgyQUczcWlh
bwotPiBTLWdyZWFzZSBSYyNYczUrIHdmPi8KUnNocDNseDgrcUh3dklmd09Tbndn
NEI0MFh6MWgxSksKLS0tIEpXTksyN1hONXF5WlBZVUF3R3lEUWN2Z1ZMazVkMzRU
bzlKZ1dRTVdsbHMKvxu1ACFSn1ewARMkyz6gjIF+XI9mXvNgj6+b52YyFvlUE1Se
kOzvnFxjEjAXtV6sKVSMNBHhgLmwOBPi5/xuSsYsxZjwE4X3RtNCKcgScAJ49LLD
RnlwMTiwmst38zECSoArPw//C7zCDZHqmkxcP9m9+MHyF0P5vg8zM57lVlfX0zkp
BxKgqHu/yuqFhAWfu0edyuLj+AVh
-----END AGE ENCRYPTED FILE-----

20
services/forgejo/secrets/forgejoDBPass.age
View file

@ -1,12 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyB2R1B1 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBZaFRY
TXQzcHZLOVpqeXU4dE4rdks5S0tRVjlpVGF0K0w4U2hsRlBJU1VrCnNmSGdNNmxt OUhPcDZNVzJqTGNmN2Vvb283UkJTNjdwOHRnT2NNQUN0TGhJRXhRCklMMnF2bnZO
TlRhbzdWSzlnbDk4dTZPSitpT1NoU2cwWWlmd3FSSGdmek0KLT4gc3NoLWVkMjU1 WlRHY0lPaTlTMDJvTmdFVUpoOXgzUzI2dlFIQnJrenBxRm8KLT4gc3NoLWVkMjU1
MTkgeHFteWpBIDZjZU5uWWlHME1OVFAzV1QvVjdaS1I2UjNyaTFYS090TUJUaWQx MTkgeHFteWpBICsrQmZVa1JYM0pWLzkrOFc4ZTdhYjU0UmpMQzFQMWVNbm4xOHVZ
TGJZUm8KdlVNM1dKQzdKcTEwZHRvWWQvVTVXT1huYkZqalF5cWZ5dkNCU2Q2YUp4 VEFXWHcKdWpyOUpDR0w3czRvajJsTnlyQjE0Tmd3anBsbjY1Z1RrcytOYjVHZDBR
SQotPiB7VD9eMCwiXC1ncmVhc2UgIkhYIENabi1iYTogOUoKaEo2N0QvZUVzTGY0 cwotPiA1Ri1ncmVhc2UgKkggMjh4Cmg0QmVleFVmNWNkbFh2YTF5TlM1NGdNallh
eEhyTFp6QWNCQ3YxcmtacXJqZnpRYnhjRmdZdGl1ckNNSGxxU01HcDdWZ255QXFX YWF6clJoUTZyTGx6c2cvU1dCRnR1S1gvczViWU5wRlVLUzdmck8KQjZ1ZFhVZTdJ
M3YrZgpDVVVWbjlmQmY1Zk9mTXZIZ3ZTTG9aaUExZwotLS0gb3A5RUpiYkVxVzRW SklMbUQ3M3MrR0lMSXg5bitiUWgyejkyVlFYQWJXbnlhUFd1b3AvCi0tLSB2TGlI
Tm1NMkJjMW5yQ2x3MzhvQWNGbXhyVEFEN1BJUS94OAqqLC4vCYHEG5CWZjtEdAu8 QWxDSTNhamgraXV4cXYyZTBFNWRGTmxFWG5OQU5TQVo0YlVCdk1ZCkmrWfQ69I9m
ekrBlJWaVOdA1nV2rCOciHc+p0/QI74zmzQ1eA== GStHKT+fzTMRSjMN/0z2DoPkyZYLSxHQyhFywOhs0GAV2/6h
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

7
services/grafana/default.nix
View file

@ -23,6 +23,10 @@ in {
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
age.secrets = { age.secrets = {
grafana-lapi-key = {
file = ../../secrets/grafana-lapi-key.age;
owner = "crowdsec";
};
grafana-db = { grafana-db = {
file = ./secrets/grafana-db.age; file = ./secrets/grafana-db.age;
owner = "grafana"; owner = "grafana";
@ -35,6 +39,7 @@ in {
}; };
services = { services = {
crowdsec = { crowdsec = {
settings.lapi.credentialsFile = "${config.age.secrets.grafana-lapi-key.path}";
hub.collections = [ hub.collections = [
"LePresidente/grafana" "LePresidente/grafana"
]; ];
@ -44,7 +49,7 @@ in {
source = "journalctl"; source = "journalctl";
journalctl_filter = [ "_SYSTEMD_UNIT=grafana.service" ]; journalctl_filter = [ "_SYSTEMD_UNIT=grafana.service" ];
labels = { labels = {
type = "syslog"; type = "journald";
}; };
} }
]; ];

19
services/grafana/secrets/grafana-db.age
View file

@ -1,11 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBTTDNK YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyAzSlVh
K3Z0alIwY0FzQlBCeTQwTS9oQ3U4dThSUUZMSXBIcU55em1KSmdnCnBWN2FaZnhs RXNZeml2TzQzQ0tjaXBkMEpLaWdWcjQ4VGZJdSsrYzExZi9DMWdzCjJsK0c2SWh5
N1NLdk0xQ09PMTFwb1FEMjJDNzg4bzBEL0p5aGh1MEs4b0UKLT4gc3NoLWVkMjU1 SmtwcUc0TlFCYnA4eVNjdDNQNmNheG1CR3AxNlBzbzJFRWcKLT4gc3NoLWVkMjU1
MTkgd25FVXB3IEIyL2VrYlVrazJTdktJbUVOUzZySlhZbnNvNlIrY0dlckZrdlE4 MTkgd25FVXB3IGhNWGhFYk4yZ29zV3pjdzEwbEduYmJUc1hQTDM1NlU5U2FwakVk
Q2E1RFkKZFFlUUZoRmUxck5OZjZwVmZQbklzdDZ5Q0xpd3dyTTVEdjFOQ3pGMGxN K0o4eUEKWHpxRkFJYWxUcm11MSt1bTUzVlNIdXc0R1RCNzlLNDR6ak02T2kxdG1v
ZwotPiBVLWdyZWFzZSBHbiA7OApIeEE5RWx1ZjFkZ3Z6TDMwcnRJSGNFVXo2UUdT MAotPiAsMD0tZ3JlYXNlIHAmLEEgYgp2N0IvdHYxUFlMT002ejV3cmljWTArRkpt
VVdNaTJQUmllSnVWeng0SmVmaCtiUXMKLS0tIC9GVjdhQWFyK09xcmQ3OFZWUUdT c0JqTkZSdXJCdmdKL0JXVDlPVG9nZC8rZDhybWR1SXUwd2tTRk4yCnlTakVLYTEz
cG5OTWs5QU9JOHorMFhuYUkraWFVc2sKXuXtNqrwCgD4SmTo9caBnH5Ieaotok43 YjBENGFPVDczOEh0V3hXQwotLS0gZkM4ekZkZ1NNQXp2UCthUGxVRHFOZkhWMjBN
rzPGYHVRNma0rlEZpXh4K1RiC4GPDw== bXpTWm9vRTU4MThYWmhCQQqLbdyPOKCHNIXbKmcKpsdu8lt8qj0lhZwQHIfUsQmX
tNbaKGog6SYKuvB1SMN3
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

22
services/grafana/secrets/grafana-oauth_secret.age
View file

@ -1,14 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyA5K1k4 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyA4d3Fr
eTYzME9YYkVKc09uL0IwSkVoL2tXODdJSWt4MEdSR29QOXZMWkdrCnJqS1pYa3d4 V3lsc3N5UWo1dFdYNWNQSG93NU9ETndkVGlSVnVrZHlwTWcreVFVCmY5SFBRY0hh
TUJUN3d1N0tPNTN0eDd6Z1B5RXlVWFkxMk10STF1Zi9jY1kKLT4gc3NoLWVkMjU1 dVlVYWEzQ0xVVHVlTEFGWWFPaC9LSjNuOTdRRmRNTnV1bFUKLT4gc3NoLWVkMjU1
MTkgd25FVXB3IDZqVDh0YS9iWDFMbmtDamZQYjc3MGk0QXZJVnlKRmR3MmI5bGNH MTkgd25FVXB3IEhSblV0bWo4Zk9WcllLeVRjNk1IczZkcVBEcmhDNTJ6dXRGN0ZX
bEkzUWcKTkZpejZkRTcxbEw2dk8xaEFQempHekRtcnROR0FHTi9BMjhhZnZBWnlY UE1NSDgKMEM2VmFlS1BtWUJaOWpla0lIalNaWG91OW93L3lvbkd4N2lxY3l3QTNv
cwotPiA5OHYtZ3JlYXNlIEQ/IDcmIE1WICIKWEF1VC8zOXdkdlpZMEV3SlF6RDg5 QQotPiAyLWdyZWFzZQpxM2tLaGI1NWo2VDEKLS0tIHc3S1hiQXkvS3ZPN3NDQVlM
Z3k1V3lzclVVbkplYkdoTlhOL3VSUFk2a0g5TlpyTzB2WGE2QQotLS0gb1ByMTZT aCs4TlNjL1JEeTZDRmlqejdGWi9Oemt4UVUKXxAAsXEtAnN2jiLNEqxQ8s4Ny8Jo
V2NyRnJ5ZVpqc3NGbTNhTFhZK0gvTUN5YStzVXUyMmlwMDlBWQoCsJBEa8QT1b3E EyrtR9cIW8MfAjQ5861M291rKgW82aDIqkwrN7B0MT/2X3UdIS6AJtHGagcvyX+w
8uCGIuxq1OvWfq3CHSnIHtVPPPz9Dwdp2XZ9XGN1mwGOcDWvnn6xVedeHXk95vNw xORCRqnILu+w9lce2qBKhleR8qGsU7hUrgd0Tn0y00bNnu/6lPE+ahu8j/UxTldi
79Dx6bMfB9O3TmS4CyQ4UdFKt7ysjuDXw5LIe3FvpjmbRRJGKw+t8pDNFUi7MGif L9zEnRtyIkagdrJON/CY8YzsNvvn9ic+Kv5e/m6PIZpz8j+GIK1lTgIEKoM=
/y00Ss8yI9xEatUXBUCfO8pMqoBqbzA2xfsAZ+FTYOELZppZhlp6c1+b30gyzNEx
+QdkVxVX9g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

19
services/grafana/secrets/kuma-token.age
View file

@ -1,11 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBPbktx YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBmbkpK
UWlmTXJOYnFDSjBMUUZJZzN1R09ldWpHdlVONzJOR0NwODdsRzFJCkdPT1R6b1lx M2RZd1NQV3lvZlozWFIzSXA5Y0dqUW5TVnNIS2wvQS9IaTBhRlJFCmovQTlZRW9Q
dThHczN0WWJaOENiTW0wRnI0OG5PeTllVXBUWkhVVVlkeFEKLT4gc3NoLWVkMjU1 Y1ZDZkJpMFRoT3ZqTndweEhaVWdicDdpRitRVkFGY1pYMXcKLT4gc3NoLWVkMjU1
MTkgd25FVXB3IFJrV0FkUERiZkVJNmZWUUZWRytHTTM0RHN4MzczalM4VDVsMmtt MTkgd25FVXB3IDN0RFRCQmFybzhSTzBpRFJFVzl2N0QwTHhSVnl4S0lhZG9Tc1pS
S2dVVkkKdXZFRitOYSt1M1IwbXlZNDNCOEpkbDA5MzVrV3NPWHA1a3NXSXhVM0Vw a3FvZ1UKUDloaWVMdE9rSmJIMHFkdGpFaXdjSitKQ0IreG1RL2haZTJScUhQWDc5
UQotPiBgby1ncmVhc2UgRiw3Cktud3Izd21LNGJiMXVrQi9sWVB5T1VoMVhEZ1JX NAotPiA7TU05LFE0Xy1ncmVhc2UKK2JsV1ZDN1VsZ3htYmtpc2ZxZXpxQVovZEZB
bVh6eWZMWHN3Ci0tLSBId2M0T1d1ZkxQK0ZMcHJBRHRwQ2drT1RHSWhJbnd6YTR0 a3dFNXlIaGh0ckZXa0lGY29yOXB6SmRTRUhzdUNGNm9ZWWRJYwpLQ2lVa2gzT0Qz
T0tGNmtCTE44CiymjrDgkjwfLRhDCKZin3sV5je3Ho3fUyMu6vHp1ybmlYZxPXa9 citnaVUKLS0tIDJSZ2RjcWFaT1NBclFpWHVGalZIRW5vaU5YNkZOUEV4ZGQvUVV0
996BaKlD5RQWjAXyWRFVFQzVwnP8iNULxA0Uo3a5SUxQ5YlQPf+V ajR5Y3MK33Fd98LOcGOaXrgIuT7/WrhqiJF99gfbhVwQxf8v+DNOWWakVsF4YG1s
Fc5p0vdQgx+Z7S6iF1/KLV8isFKnARM1WueUjNpCluH2294=
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

5
services/jellyfin/default.nix
View file

@ -10,6 +10,10 @@ in {
enable = lib.mkEnableOption "Enable minimal config"; enable = lib.mkEnableOption "Enable minimal config";
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
age.secrets.jellyfin-lapi-key = {
file = ../../secrets/jellyfin-lapi-key.age;
owner = "crowdsec";
};
systemd.services.jellyfin.environment.LIBVA_DRIVER_NAME = "iHD"; systemd.services.jellyfin.environment.LIBVA_DRIVER_NAME = "iHD";
environment = { environment = {
sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; }; sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; };
@ -40,6 +44,7 @@ in {
hub.collections = [ hub.collections = [
"LePresidente/jellyfin" "LePresidente/jellyfin"
]; ];
settings.lapi.credentialsFile = "${config.age.secrets.jellyfin-lapi-key.path}";
localConfig = { localConfig = {
acquisitions = [ acquisitions = [
{ {

151
services/minimalConfig/default.nix
View file

@ -1,151 +0,0 @@
{
config,
pkgs,
lib,
inputs,
modulesPath,
...
}: {
imports = [
./lxc.nix
./vm.nix
];
nix = {
settings.experimental-features = ["nix-command" "flakes"];
settings.trusted-users = ["root" "@wheel"];
};
networking = {
firewall = {
enable = true;
allowedTCPPorts = [22 9002];
};
};
time.timeZone = "Europe/Paris";
console.keyMap = "fr";
i18n.defaultLocale = "fr_FR.UTF-8";
environment.sessionVariables = rec {
TERM = "xterm-256color";
};
nix.gc = {
automatic = true;
dates = "daily";
options = "--delete-old";
};
security.sudo.wheelNeedsPassword = false;
users = {
users.tbarnouin = {
isNormalUser = true;
extraGroups = ["wheel" "video" "render"];
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxccGxdfOFXeEClqz3ULl94ubzaJnk4pUus+ek18G0B tbarnouin@nixos"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICf1B0nxNMvPWSR9pStdtx2x6Iw+JUeCCt1CKWoD8dsr"
];
};
users.root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxccGxdfOFXeEClqz3ULl94ubzaJnk4pUus+ek18G0B tbarnouin@nixos"
];
};
};
programs = {
zsh = {
enable = true;
shellAliases = {
ll = "ls -l";
lla = "ls -lah";
};
ohMyZsh = {
enable = true;
plugins = ["git"];
theme = "bira";
};
};
tmux = {
enable = true;
};
};
nixpkgs.config.allowUnfree = true;
environment = {
localBinInPath = true;
systemPackages = with pkgs; [
vim
bash
wget
curl
git
htop
tree
dig
ncdu
nmap
iperf3
netcat-openbsd
];
};
age.secrets = {
cs-lapi-key = {
file = ./secrets/cs-lapi-key.age;
owner = "crowdsec";
};
};
services = {
openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "prohibit-password";
hostKeys = [
{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
};
fail2ban = {
enable = true;
};
crowdsec = {
enable = true;
package = pkgs.crowdsec;
autoUpdateService = false;
openFirewall = true;
settings = {
general = {
prometheus.listen_addr = "0.0.0.0";
};
lapi.credentialsFile = "${config.age.secrets.cs-lapi-key.path}";
};
hub.collections = [
"crowdsecurity/linux"
];
};
rsyslogd = {
enable = true;
extraConfig = "*.*@192.168.1.27:514;RSYSLOG_SyslogProtocol23Format";
};
prometheus = {
exporters = {
node = {
enable = true;
enabledCollectors = ["systemd"];
port = 9002;
};
};
};
};
system = {
stateVersion = "24.11";
activationScripts.ensure-ssh-key-dir.text = "mkdir -p /etc/ssh";
};
}

26
services/minimalConfig/lxc.nix
View file

@ -1,26 +0,0 @@
{
lib,
config,
modulesPath,
...
}: let
cfg = config.services.lxc;
in {
options.services.lxc = {
enable = lib.mkEnableOption "Enable LXC container config";
};
config = lib.mkIf cfg.enable {
boot.isContainer = true;
proxmoxLXC = {
enable = true;
privileged = false;
manageNetwork = false;
manageHostName = false;
};
systemd.suppressedSystemUnits = [
"dev-mqueue.mount"
"sys-kernel-debug.mount"
"sys-fs-fuse-connections.mount"
];
};
}

22
services/minimalConfig/secrets/cs-lapi-key.age
View file

@ -1,22 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyB3eCs0
Nk9UMzBuKzh0MHdNQW9sM2JRZUFjS3lXRm13U2F0SmxwM0szcG04CmkrMm1BRlls
bXZacTIyR3RWMWlGSUMxcytYRGUzSExYd055emNEQTVuc00KLT4gc3NoLWVkMjU1
MTkgd25FVXB3IGNuRmFFa1lYd0xsV0d2WkRhYmFEVjlkc1g4NWJURitnNzBhMHBj
WWhnWFEKSkw1K0V2WXdpT2krQ3ZtbHJZT0hGczJ3ck00SC92TFZVdWIwYmoxRDlP
NAotPiBzc2gtZWQyNTUxOSBubUtTK0EgcGJyTXpoTkF1Z212ZHUrVDFoVXFualNM
MkNyQXpNWmJReGoxWGF6N2dHMAppY0ZiVWVMNkp4eVB0VGsxUmRmaDN1RG0wRXM0
QkhyYUF1OGdPdHN4dUpJCi0+IHNzaC1lZDI1NTE5IHNpbmd2USBuSHpPaG91UXZG
YmdvQUNVQTlEeG5DTWtiSDJCQ3dzeWM3RXlCQW9kMXpFCkw0bUxuVzZlMThXUytT
Znd1MlE1WnpOQlg2bCtnT21pVGwyYTdjb2xGNlkKLT4gc3NoLWVkMjU1MTkgeHFt
eWpBIHNqUUxQM2QvSkV6Y0FucU5kSWd5SURObXN4czJiN29ISW11UTJjOTB4azQK
ekN0RUkwVWsxSHhqelNueGNGOTNoMWExNkxRd3RaVkluNmpIYnk1WXY3awotPiBz
c2gtZWQyNTUxOSBtdTBmbkEgSm50VlB2NEh5ZzBmNVpaTE5sbHZEcnE2ek43T2RH
M1hwOFRIN3ZXcmx4YwoyK3QzeU1ZT2F5MUM3blg3aytLTGsxSmtxZ3VDUkNFVjZs
eFdjMTBSeHVFCi0+IDk4cFViLWdyZWFzZSBYekczVnVnbCBpfXpGIC5HClRvVDlB
R09XcDYxQzNWOVBhU256a2MwRHlxK3VJd25teDJZMDBRCi0tLSBBZXdLcy9sVTFn
TEpESU1IWE1aOGowcjlGQW5wZEhwZjFMaWxMZmN2MC93Cic+Mcw6l7P3Pog/UL3J
M2HIcSjqjtLKtk52uNIb8b7A/fOdrUhogyYVfAt7nWhQ0CCE+cE/Z+JnI3g8skG5
4ZGF/r9Y+9orKLdskFdrkWBYX1jx3Xcwme+Kg86AO9P3Os3thXo8iDctAFFiAWvo
AgOOjmobsPfXKQfRZw84nDB1CXzFZkDngYrB
-----END AGE ENCRYPTED FILE-----

53
services/minimalConfig/vm.nix
View file

@ -1,53 +0,0 @@
{
lib,
config,
modulesPath,
...
}: let
cfg = config.services.vm;
in {
options.services.vm = {
enable = lib.mkEnableOption "Enable LXC container config";
};
config = lib.mkIf cfg.enable {
security.sudo.wheelNeedsPassword = false;
networking = {
dhcpcd.enable = false;
};
systemd.network.enable = true;
services = {
qemuGuest.enable = true;
cloud-init = {
enable = true;
network.enable = true;
config = ''
system_info:
distro: nixos
network:
renderers: [ 'networkd' ]
default_user:
name: ops
users:
- default
ssh_pwauth: false
chpasswd:
expire: false
cloud_init_modules:
- migrator
- seed_random
- growpart
- resizefs
cloud_config_modules:
- disk_setup
- mounts
- set-passwords
- ssh
cloud_final_modules: []
'';
};
};
};
}

24
services/nginx/secrets/cs-lapi-key.age
View file

@ -1,14 +1,14 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBCRlBx YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBEUUkv
TDRERktFbE1xSXNpUXd4UE5vdHJpWmRNQUdjZ3hLejlmaWVjd2lRCm10aStweldV d2dNTFhwYzJhc1M5cTJWOW5wRzJKS0tVcGZXaHlDakJKTWJpRnhzCkdyZDF2MVRL
aE5lWnJ4T3l3dTFlYWR2eUtjZHYrdTJ1VmFQMFc2UlIxUWcKLT4gc3NoLWVkMjU1 L2F5MlV1eXloenk1dFFqYzY2RWltSTBMUkJUV08zUTVMMG8KLT4gc3NoLWVkMjU1
MTkgbXUwZm5BIFh5dDY0c1hMTDE5aTFsRU5JbERvTXlWSDZwZGgzaExraitLSmQr MTkgbXUwZm5BIHNoQU9FRzVhcVp1WWxJdStvUDg3THp6T1NyYmlTbnBsSnpxVnpi
Ukp5VkEKT0ZQS1AzQTFWRGJneWVjaU5sbHVaME83RnZuQzBPNCtzb20yNWtNR0Rk Vkl2bk0KMVV2ODJtT0ZFSkt1N3R5MlFpRHF5NEtYN3lSckRpelBVaElSTmhJQWp3
ZwotPiBwdygwZ11ZLWdyZWFzZSBEXGFWV2JvCjZPenNoMVhjbHZycjhqZURQWExi OAotPiBJLXprdC1ncmVhc2UgRX57QCB1SiggLjcsKCosIG5JUS5+eW1rCmM0SDlT
NmZkZDdJaTQ5NkFCZmtmWU1zZEdrQndnSnBkNmZhY1dOeENqeTNpL3BlcXMKN0VQ Smhtb2pVWGF4SEtjL3VlK1pHMjJHeWdqRDRmOWdwYTFLODJ6dU0zOUJLaXI2Uk1N
VmgvaWdONzF2TWFuS0tTQ2Y5M0NUMGJkOFVaMi85K01vdHNRRUJ3d1VLbmxUN0cv Y1FPL3dhTEpVTXUKWDRrUEVJeTM4ZmtiL3Rvd0lIcTg1emsKLS0tIGI4bGZtSTg3
SVIvcwotLS0gOW9sZjBuUmxRK1JMZ1NYWlRiL1BMZGd1SmJML0I5SlpLMWlOakhR WTdEZlliMndyWG51SUpVYmdiK3NnbWY3L0VWNjZYbFpEelEKfQXj149IwP7mpv3o
L01DdwpzAKzZ6lqTmdlFPWlj3ElxZJhWKZI9iPpP9QW/TzrAAAmHivSmSfLrAKwE UNd2GAuTY2/vDDo6KnDYehOu2T8r3Q3qatddLRkcMjRbrn7wtX7GPo8IPQ4M+weH
uBgXo+unc+c9KUCypY8z1nMzbmijDKhMrryBsj7++IyfG5cqhX4J+Y73mdutKtfY SR6RJzU+lbBewkKxigTrbDKizYCj0K3itYv7ch98UPWp4284amz4ltvOkaSmwxYL
JzsfH7ku3cvSxl1MypQdj7+F//7hkcn5IoSKLT/AcTqqFEcoUorf5QYaD5Rnrg== RIMfrVTxGDanXIRqWXOO4Oz5l/DrNYrhcpGEFDA=
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

18
services/onlyoffice/secrets/office-dbpass.age
View file

@ -1,11 +1,11 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBlRXJL YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyAwUldC
U09lMEFhTm14UDBvK0RneU1rUEExOW1XLzBYaFVIUE11WnhXT2pnCkVSYTlxT0pC Q2hQdjJienMwRHQ0eGVKRHVSeHpuTnoxR294NWtZSkZvNjRNVXpzCmpGWTByZlVo
dEdhTlp6MnhVVGdjaU5sNkw4UEJqRDh0S2VjMXFpbVdDaE0KLT4gc3NoLWVkMjU1 UXdyT1RyamtvUjF1WEFMenZwOTdyK1ZLOFVoY1BxdGlGeUkKLT4gc3NoLWVkMjU1
MTkgbm1LUytBIFEzTldxVFNPQ0k4anI3eGtROHh5K2NDNE9vbGRKdGpZdmZONFJF MTkgbm1LUytBIE5KNUZ0bTRKa3QzejhZUUtrb3pKdno3YU5KQW1oWDNWeUJvUUY5
Z3E4aE0KeFlSTkliYldSeGkvOWJtVGNJaDIrbnFWT3kzUVh3T3pRMEFQVUptSDhs UUFNUmsKc09VUFFIRm5NRkhsNnFqZVl0RnZnL3I5S0M3cWFFaXBOUENiZHBqMWho
YwotPiBrd3ZcWDBdeC1ncmVhc2UgfApURFdhNmlIOVR0T1c5ZFhHbURNbkx3YnhS bwotPiA4XEYtZ3JlYXNlICUKd3ZCRWdFVFhkY3FrZEJZV3pzMGp0M25hVFJOOEZq
L1ZMWjg5dGlZM0FCZUJ3WVpYTU5HRjV6cTllYkxmcVNXWFJQeUlOCnlKcwotLS0g U2JoN0xyUUdhZG5ZZlFZdkRyY2UzSFV3Ci0tLSB1bmlQTC94MmxWc0F2SXkzWFh0
RUIxbW1BVW05WGlRZlVJcDNINGRQTU8zSytqZGU3aVNldkNGakdFYllRVQpyT8qx S1Ntc2twRVl4a0lBTTVNZ3Z3V3RTUFNnCmo6bFgO8jfb8wrj/r7hNTpJkafrlj+g
VmPmwWiaRIx1JjhOPLnLnK3x2h2FepWW37HPANVrD51o8x9PPzbzpe/j+DI= 7/83lr9qCVqGLk39aIKFzf0mN0M/1fP+8w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

18
services/onlyoffice/secrets/office-jwtpass.age
View file

@ -1,12 +1,10 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyB6YTZF YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyA4dE5y
SSt4bEFvY0xCT1ZTUldNSkdveG44cWZYei9DdDhRQnlId2xnM1M0Cnp1T0dlWFZz OE1LWWRUOWNoLzVvbC85QTB2VVF1SDluYUdEMDY1VkpwY1N0bFNBCkZ0ZURUVzZs
b2FBOUMwT2dKaEpxU0c4aWQvRTBaVFV5L2ZWdDYzUjQvaTQKLT4gc3NoLWVkMjU1 VmFERTlOTjdkVVdjL2lqUVQwQzFZR2krM1pNZm9vdDFyTEUKLT4gc3NoLWVkMjU1
MTkgbm1LUytBIGl1VHJLN0JOZUhuUmtQbnF5b3Q5QVF6eEFvREFSaG5VTS9yWDJP MTkgbm1LUytBIEhHK1F4a2Q5NW5QZWZiQmNQSEg1RVgwZnhJejAxSlZwdDl6ZXcw
TXdDSFUKS1k1M211ZWNLeXVHYWlzeDJwQWJBLzlZUWI3TkNzVTVyTHNWdkxlWkRN Q0pjaGsKL2tjYXF6cHpBemxSdFFyMVRDY1NuK2lidFhTT1AwNVp1SExsK0YwM2pJ
TQotPiBaP2E+MlctZ3JlYXNlIFNzYiBjKnI1fkEgO1pgIDw+CkN2aktUQ1FoMDlv NAotPiAoc3wncS1ncmVhc2UgUyEKSkEKLS0tIFREYm9USGhqNXlhMUQ1VExkcktB
VHpHSEVuaW1ORE14dWRyS0U1amY5Ny9HV3hpODVnNUY5T3lXdGdMMS8zNy9xUXVV cENBWHpZVVZJK3hNNVpTSG90SXU1aVkKPLlmlZ4esC7DLLt/mtGFFJkR9OMH9GyV
QUhXNEsKekR2SytYcWlHY0VScXZhWUw0Ty9Qd2t6VWcKLS0tIFRCWW9KTWUxNXJv v7tvQag2HtLDzdR0U8CgLqae4R0YUuYa4g==
NC9rTWpnNTdPbitqL1RtQWRxTFYyaXVzcmptdWpVaVUKHjTjNodh7Gq5bTJ0WXAo
DbfiQMUsv90ipf+og4AkLfVzSkcNrpNeREzCj7wZvPE6LA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

19
services/postgresql/secrets/authentikDBPass.age
View file

@ -1,11 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBnSGtm YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyA1STRT
R1dGQlBySDlVTy9Mb1QraTZLRFFPSmRqYUF3cTNRbmNnV2VUQlVzCkxKcjRHN0p3 ZXlpMkZHQkZ5THNJL010eHR5ZmdVRnNETGNmcWp5bDdZTHZMVFNjCmliOVBUVGdh
SUlnSUpXVXc5VURRSEVMWEF0bHZkRGQ0VHZLcnJPV3pkMVEKLT4gc3NoLWVkMjU1 S0p4bWp2ZDhiVml6Y1kxVElHZ05td0VKaGtBYnU2cEhjQUUKLT4gc3NoLWVkMjU1
MTkgc2luZ3ZRIEJGUlB4N3l1Zlc4bkNQRVBxK0QyNU1GZUQrQmw4d3NHYkNDelR3 MTkgc2luZ3ZRIDEzQkVjNUFSYUQ0amRCRnduMFppOExhb3lpWk1hL2VtNWUzTHlL
QmVGUWcKSGJ3MUZLNjZqbWUrc0l5aEpHYWNyY0p5SWpGcGxqMG4rd1BaaG8vQUlD T0JUQ1EKZkJkMkNldVdqM3NxVFhRbHpLZ0dQN0RFWWtVY3V3Y0F3RUtSRVYyUlhn
OAotPiAsOTV1LWdyZWFzZSAoU3tAUUIgIjx1IEpeIHkmXU8KNlpiUC9ZNVR0a2Uw OAotPiA0MS1XKF1KLWdyZWFzZSBAbDA7LVggPwppdndhdXdkenZ4TGsrdm5rVzZX
NHp5dC9oRUZQMWRPT2lMRHZXWUFMZjhVQW04NUlsNWd3YjRzc1h2bGQ1QmdEaDgK WmRleFhtRm1kUkhna3ZTbDVPcHlyR3VaYit3Y0t1RStFWlNQNEZQdnVWN0JpCnBZ
LS0tIGk5dXBuV3hsOEUxUWtmbjFsTVNqUXdlaSthd0VBMFh1NkFYQ0hGZXhaOEEK amc3QQotLS0ga1lYU01rc2VDZTVMY3UxeHdPM1lnUDltU0FCeGlGZDE0OG9EN2Uz
xLmozB0O+dnzu9y/M0BNrl+FrZlxFfZUTaGRpD4VhQF+xmA5JhRFDre0fflnBkZF MDdCVQpigLxsnezDdq9kcgYStrQ2jgL+f/mTTrM9KuQUWkYCzQ965bcsaMwpUwJY
cD2N/oY=
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

19
services/postgresql/secrets/giteaDBPass.age
View file

@ -1,13 +1,10 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyB6K3RY YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyB0VU5p
Qy9yU0ZkVG9mSGRvOFQ5aUozNHNGVUpMTGUvOGU4US9yeWExaWtnCnkyTDlXQUE4 ZnZqblRDNmpVeFBmRnJ3a09zdEFHK0JLOXFLWTdqaDNRSEYrVUZVCnZ4QWxJWXMy
K01scktWMTJkWldUOTQzUUZNWHQrcHlNeElwVG1vL0hDQlUKLT4gc3NoLWVkMjU1 aTRaMFNDZEViM1Z5bWZZVVdDbXc0WkhrU0FNUEFkaEhLancKLT4gc3NoLWVkMjU1
MTkgc2luZ3ZRIE1qclVJYlQ3UHhXaE5ub3JWNDVUVTB4c0Y1c2NSSno2aDNkVCts MTkgc2luZ3ZRIDhrU2NqNVIwcE9qQStWbklpellRdTNjL3J2K0lMTkdhLytXNjNG
S054RzAKclljZkJoSUhtUXp2dng2eDJlUkphMXRFbXJQdUxPYm1OTUtMQkxZaWcz bzM1QkkKWVJHRkk1YlYrdHFjdXNNSVJDUzk1TmxQaUpvb0VtMWIzT1FHNGxGZUpQ
OAotPiAmbi1ncmVhc2UgU2NUIHluCnp4TjhnVk01OWRVZUJVMnlPNmlzNWNJZk5J cwotPiAifCdTWiM/Ry1ncmVhc2UKK2xIWnZSOVMwN0VBd3pNM0VaTmZkdWV6dlcw
OHpsTnpGLzA4eE0zNitKSWF5d05BcEhjU0xCd2lRMXpLVXB1TlgKLzB2VFMzcmJo Ci0tLSB2bVJLRnIzc3JrTm9ud214N0JLbDEwSnZZaXNoL0I3Z1huWURlQVpIajFV
aThSMDQrU0JaSWNUMVZnOXRUNlhDVVoyVkRRTndUS1pnMUhhSTQwKzdXVFIwTFFi CoYOF0L2BJYmkCTDWOO8zPUgDJw2ZgvE5UcwKF5pNOlYihSNEKRkFSQ+UNCO
NkdTYkZScQpaRHp6Ci0tLSBRVFlXSGpLYzd1QXNkRlJjdDFkejdyM1ZzelRIN05o
UkR4a3JTSWhIQlN3CtTJA3S9lKiHg1j+GiDIZtbLjWlnCQG6R8XbApPIWPPNm+wt
mtCq8RC9uHH+
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

18
services/postgresql/secrets/grafanaDBPass.age
View file

@ -1,11 +1,11 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBneXc1 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBSeE1L
enhZNFEwV0xNbWhqVTl0VlUvZ1E4V3RlZElDNEFTeUh5alFqdkg0CmxjV0d6QXJm K0kyVXZrd2xmc1NieFZHdXpSZHVxbGV0YTRkV20wa3l5RlA1dWxjCnAzWWFHNFpt
cXovM25wM1VHdG5wbVJhZytMUEpSU3VvYXUvaGpJTC9ocDgKLT4gc3NoLWVkMjU1 WGVSOUU5MVpvNXZseWdXVkxEYzlJQ0V2WmpIUTBFRVg0MzAKLT4gc3NoLWVkMjU1
MTkgc2luZ3ZRIDY2OGJGUENPckxrcnNKMFlWNC8yOGgwUDJUcDMyS1VnSC93dXpw MTkgc2luZ3ZRIE04Z2VycjBYc1hLakdvWnVTR0w0MlRLSENGVTdGMGp6UWkvZFk0
UWo0U1kKbnQ1TUlZc2RrbTRuRmVhVlNwUVpBMkc3Ukl1dXR1RzNKK3ovUnR6UWln bUFSbUkKUmVpSXJLK1hudlcwRzh1bm1EeE8xdHQ1K1A5ck1LNnpRazg2RzE3dzJC
cwotPiBwSlU2ci1ncmVhc2UgPFRSdjkgKlAzUyBQYXhVN3MgQGwKMWdWOWYyRUFK YwotPiBWZGl4Kj0tZ3JlYXNlClZ6UXI3S2RpWWZTaEg1aTlsN1dOdGYzNUU4aTln
MC9ETEg0QgotLS0gZGtTdHVBbm9KeUxDYVUvQjlTb3Q5UllFb2F5YU5wUXhEc1Bs eWpBNTFZOGJCWmZFMjQKLS0tIEJudnJERVBGck10MW9JVFpQZGd4ZDVpTHgrd2Q4
RTJXaUI2RQoYkHT7kLqp50j9knk/D14UTvt0FJQO7NpmhISbCoeXQ+X9Y7td4P4J enNqdDk1enV2QXBhZlkKvGdV5BA2Rk9Nl6d/+khd+JdGvlKX2Vl5qkYI5ZAIWbSq
s8VDQLEe cjp67Qbe9UcsztFwBA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

19
services/postgresql/secrets/nextcloudDBPass.age
View file

@ -1,11 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyA4Wm9k YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBkWmxN
YlJJbUswNjcrQkVHdk0wc0g0ampYb1Mvbzd4Rk5IVW9ZS0RSTlZrCjdjK3BhYjdV UXhJVjFoVGd5LzVUdjFmaVRvRnRycEx6SmxVTHRORUVyQXVtVmx3CmV4WnlYc2xr
cWQ1NUh3bi9ZakxOajIxbDRST0FwQ0R0c3BHY1BGNXY5UHcKLT4gc3NoLWVkMjU1 R0hEdWp1RlUwNEZnUUpMRmo0MVZNNUNSR3ZmK003M3hvMEEKLT4gc3NoLWVkMjU1
MTkgc2luZ3ZRIGtDSlZkUm5DTEpPdXJsTCtQSHA2ejdtRU9WU3ZJdGtaRVdScUNj MTkgc2luZ3ZRIHl6RWhQdDFUR3VMcDU2ZW9jeDFld2pXak1LVzNpeDVWQlN0WjBF
TFg1VDAKcWs0S0s5REgreG5PZDZkM0lGQ0RBdDR3R2kwY2tmK1RmaWE0R2pJb05j em8zaGcKRmkreGl1NTlhT0h3NUNhZmt5U3piQWhPYlo5Y0FadGQ5dEVLcGw0Y1hE
UQotPiA5OVMxUkVhXy1ncmVhc2UgK0xfdnUoOgpnbVFETkc1ZS81Kyt4U1NoOWJv TQotPiA+S0hgNFtDRy1ncmVhc2UKTnhYM2xyNWdqQ2t6bEVuM1FDa0hoZklNeTJZ
L1NVM1BzeGdQRDg0Ci0tLSA3VnpKZTRBbWN6NGMxWnNobHVEdDUyRTJORTlabXRH eUIxSnFrajIvak93dE52Z0ZELzhXZUg3dC9DQmlvNVJ5L281WAp4TjJ5YjZxT0lz
UllITmVGVHlrSGlNCoMnkbrU86Cjj6jnsZjSPwKIzLpdyzxYBQDxoj9mv139Rdae MnlxUzdJQlVZCi0tLSBob085MDZSSFpNdjNvOXl1eGFyTDV1TG9sNVlyVkhSZWpZ
bFLdtG8sIabo6hNIxg== K1RrWmN2WHVrCo0WCDxqTqQBRkmUjIhRzmDopdlZevkMWiHfXcl8MGHRGYe5EYwc
Ke3xE9pvZBm+Bw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

20
services/postgresql/secrets/onlyofficeDBPass.age
View file

@ -1,12 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBvWEZM YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBDTm1X
MTJGUzQ2a3Q2SE9QeE1hWUxDRmMvODhxRVFOQlcxaVYvZEFaNFRnCnZWME02QVlH aTB5SXpwTDRHS1dlMm1LaEpKQkViYlUwZE0xNE04d0dWOVErYVFvCnAvK096M2Np
TU1lUUt4TnhabzBkNGJVS2pxaytPY0tic1NRR29Ka0k5em8KLT4gc3NoLWVkMjU1 WWxZUUZGYWZjc0ZtTktSMlFNbjBzU1A2U282VHZWdFNrMEEKLT4gc3NoLWVkMjU1
MTkgc2luZ3ZRIDAvTVFwR3VOWUVpZk5xUkJsZW9CMVhzYkd1ejhwUHhGejNQc1hG MTkgc2luZ3ZRIEpiR2FpR2ltelBwbVhKRTZpRzdLM2U4bGZwc0kvMU1rSlNwb1NR
eXVqbXcKM282Z3JlUS9yMURSa3lnaitpZ3NhMTVvamR4MGV2USttcmp1bDNEYXVP UVlKV28KV3pEblFFN3hZeEd5TG4yVXRFeHhabVJweGpWejY1eTUveTdYU1ZTRUJl
bwotPiB7MHlWLWdyZWFzZSBqW2hxWm0/SSA2Klh8OyBOOiBtbFlTJjAKVkhZcFla YwotPiBHbWZPdC1ncmVhc2UgRjJyeiYjTyBCR20hUFsqIC4gMTQqPy1zRwo0NFFS
VVdsbnRlRUI1bzdNWEJUNjNEdWpZY3JBWlduQUxrRU4xdG1kWU8zSjExbUd6UlNG Rm1HYlUwOXhNenlKcW90MEJOOEFtTjROU1JMWWEzMHJFRVUvS0phY1cxV09abG5a
clZYQTVMVkNFNAp5dlcwZmhxQTNKN1h0dUhUM1prCi0tLSB1UXlaQUd3b1JkM29K TkEKLS0tIG1EZnJGanhDUjVRUm5sRTlaVWtFQUN1Q3QrVm1GQnkvVm42eUxWSGNq
bjFJTVpzUTk1MjZIbEhmTkVXYlNtN3k0OW50TTJBCoB7YGQ+R1yzNbS9ZiTcgoZk M2sKXJmL2j6j+iA26zzQ/rLZrQTXRyIFZ3EvAgpbidiCDqefQrtlSXeQXjiaYI53
LGeyAB/x+izkhu54XzrxpjQKeXAQftnHks6lzzqZ5w== AWK6
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

8
systems/minimalLXCConfig.nix
View file

@ -99,13 +99,6 @@
]; ];
}; };
age.secrets = {
cs-lapi-key = {
file = ../secrets/cs-lapi-key.age;
owner = "crowdsec";
};
};
services = { services = {
openssh = { openssh = {
enable = true; enable = true;
@ -131,7 +124,6 @@
general = { general = {
prometheus.listen_addr = "0.0.0.0"; prometheus.listen_addr = "0.0.0.0";
}; };
lapi.credentialsFile = "${config.age.secrets.cs-lapi-key.path}";
}; };
hub.collections = [ hub.collections = [
"crowdsecurity/linux" "crowdsecurity/linux"

11
systems/minimalVMConfig.nix
View file

@ -1,6 +1,5 @@
{ {
config, config, pkgs,
pkgs,
lib, lib,
inputs, inputs,
modulesPath, modulesPath,
@ -86,13 +85,6 @@
]; ];
}; };
age.secrets = {
cs-lapi-key = {
file = ../secrets/cs-lapi-key.age;
owner = "crowdsec";
};
};
services = { services = {
cloud-init.network.enable = true; cloud-init.network.enable = true;
openssh = { openssh = {
@ -119,7 +111,6 @@
general = { general = {
prometheus.listen_addr = "0.0.0.0"; prometheus.listen_addr = "0.0.0.0";
}; };
lapi.credentialsFile = "${config.age.secrets.cs-lapi-key.path}";
}; };
hub.collections = [ hub.collections = [
"crowdsecurity/linux" "crowdsecurity/linux"