diff --git a/flake.lock b/flake.lock index a0c90b4..d4fe485 100755 --- a/flake.lock +++ b/flake.lock @@ -981,11 +981,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1762929110, - "narHash": "sha256-MZXAaL2gJJhFMk8eg3reeVGXcLucvQrNhwCmxIbGV3U=", + "lastModified": 1765358772, + "narHash": "sha256-H+InZPNuIJfcyvuTQRGKSPjWH9gQ/ABstAToSkeWQD8=", "ref": "refs/heads/main", - "rev": "fc1f9a7ba28370a1fcb63ed2917e9a053f9c1480", - "revCount": 56, + "rev": "49fbc3f3118dd35a8fea5569372d04fff67c1bc3", + "revCount": 59, "type": "git", "url": "ssh://git@gitlab.com/uprootnutrition/linkpage.git" }, diff --git a/modules/config/instances/config/projectSite.nix b/modules/config/instances/config/projectSite.nix deleted file mode 100755 index 485a104..0000000 --- a/modules/config/instances/config/projectSite.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ moduleFunctions }: -let - inherit (moduleFunctions.instancesFunctions) - domain0 - varPath - mntPath - ; - label = "ProjectSite"; - name = "projectsite"; -in -{ - label = label; - name = name; - short = "Project"; - tags = [ - "project" - ]; - ports = { - port0 = 1334; - }; - interfaces = { - interface0 = { - email = "noreply@${domain0}"; - microvm = { - id = "vm-project"; - mac = "02:00:00:00:52:22"; - idUser = "vmuser-project"; - macUser = "02:00:00:00:00:22"; - ip = "192.168.50.212"; - gate = "192.168.50.1"; - ssh = 2299; - }; - paths = { - varPaths = { - path0 = "${varPath}/${name}"; - path1 = "${varPath}/${name}/dist"; - }; - mntPaths = { - path0 = "${mntPath}/${name}"; - }; - }; - }; - }; -} diff --git a/modules/config/instances/config/vaultwarden.nix b/modules/config/instances/config/vaultwarden.nix index 6abbb9f..8b5ec28 100755 --- a/modules/config/instances/config/vaultwarden.nix +++ b/modules/config/instances/config/vaultwarden.nix @@ -61,5 +61,35 @@ in }; }; }; + interface1 = + let + domain = "vault.${domain0}"; + secrets = "${secretPath}/${name}"; + in + { + domain = domain; + subdomain = "vault"; + email = "noreply@${domain0}"; + microvm = { + id = "vm-${name}"; + mac = "02:00:00:00:51:01"; + idUser = "vmuser-vault"; + macUser = "02:00:00:00:00:01"; + ip = "192.168.50.111"; + gate = "192.168.50.1"; + ssh = 2201; + }; + paths = { + varPaths = { + path0 = "${varPath}/${name}"; + }; + mntPaths = { + path0 = "${mntPath}/${name}"; + }; + secretPaths = { + path0 = secrets; + }; + }; + }; }; } diff --git a/modules/config/instances/config/web.nix b/modules/config/instances/config/web.nix index 0f888d9..115e48c 100755 --- a/modules/config/instances/config/web.nix +++ b/modules/config/instances/config/web.nix @@ -23,5 +23,6 @@ in address2 = "192.168.50.1"; # Router address3 = "192.168.50.0"; # Router address4 = "192.168.1.0"; # Router + address5 = "24.76.173.0"; }; } diff --git a/modules/config/instances/config/website.nix b/modules/config/instances/config/website.nix index 7995324..0d4b6cb 100755 --- a/modules/config/instances/config/website.nix +++ b/modules/config/instances/config/website.nix @@ -2,7 +2,6 @@ let inherit (moduleFunctions.instancesFunctions) domain1 - varPath sslPath ; label = "upRootNutrition"; diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index e5b3166..d7b2d9c 100755 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -56,17 +56,19 @@ in acme caddy comfyui - forgejoCeres impermanence - jellyfinCeres lix - mastodonCeres microvm + restic + # wireguard + forgejoCeres + jellyfinCeres + linkpageCeres + mastodonCeres minecraftCeres opencloudCeres - websiteCeres qbittorrentCeres - restic + websiteCeres sambaCeres zookeeperCeres ; diff --git a/modules/nixos/homelab/caddy/config/qbittorrent/default.nix b/modules/nixos/homelab/caddy/config/qbittorrent/default.nix index d49fb64..43a9024 100644 --- a/modules/nixos/homelab/caddy/config/qbittorrent/default.nix +++ b/modules/nixos/homelab/caddy/config/qbittorrent/default.nix @@ -29,11 +29,4 @@ in }; }; }; - sops.secrets = { - "caddy/share-auth" = { - owner = "caddy"; - group = "caddy"; - mode = "0400"; - }; - }; } diff --git a/modules/nixos/homelab/caddy/config/vaultwarden/default.nix b/modules/nixos/homelab/caddy/config/vaultwarden/default.nix index b78062b..2266b87 100755 --- a/modules/nixos/homelab/caddy/config/vaultwarden/default.nix +++ b/modules/nixos/homelab/caddy/config/vaultwarden/default.nix @@ -6,29 +6,49 @@ let inherit (flake.config.services) instances; serviceCfg = instances.vaultwarden; - interfaceCfg = serviceCfg.interfaces.interface0; + interface0Cfg = serviceCfg.interfaces.interface0; + interface1Cfg = serviceCfg.interfaces.interface1; + host0 = interface0Cfg.domain; + host1 = "${interface1Cfg.subdomain}.${flake.inputs.linkpage.secrets.domains.projectsite}"; dns0 = instances.web.dns.provider0; - host = interfaceCfg.domain; dns0Path = "dns/${dns0}"; + dns1 = instances.web.dns.provider1; + dns1Path = "dns/${dns1}"; + in { - security.acme.certs."${host}" = { - dnsProvider = dns0; - environmentFile = config.sops.secrets.${dns0Path}.path; - group = "caddy"; + security.acme.certs = { + "${host0}" = { + dnsProvider = dns0; + environmentFile = config.sops.secrets.${dns0Path}.path; + group = "caddy"; + }; + "${host1}" = { + dnsProvider = dns1; + environmentFile = config.sops.secrets.${dns1Path}.path; + group = "caddy"; + }; }; services.caddy.virtualHosts = { - "${host}" = { + "${host0}" = { extraConfig = '' - reverse_proxy ${interfaceCfg.microvm.ip}:${toString serviceCfg.ports.port0} { + reverse_proxy ${interface0Cfg.microvm.ip}:${toString serviceCfg.ports.port0} { header_up X-Real-IP {remote_host} } - - tls ${interfaceCfg.ssl.cert} ${interfaceCfg.ssl.key} - + tls ${interface0Cfg.ssl.cert} ${interface0Cfg.ssl.key} encode zstd gzip ''; }; + "${host1}" = { + extraConfig = '' + reverse_proxy ${interface1Cfg.microvm.ip}:${toString serviceCfg.ports.port0} { + header_up X-Real-IP {remote_host} + } + tls /var/lib/acme/${host1}/fullchain.pem /var/lib/acme/${host1}/key.pem + encode zstd gzip + ''; + }; + }; } diff --git a/modules/nixos/homelab/caddy/default.nix b/modules/nixos/homelab/caddy/default.nix index e5e452c..763ddae 100755 --- a/modules/nixos/homelab/caddy/default.nix +++ b/modules/nixos/homelab/caddy/default.nix @@ -18,11 +18,6 @@ in enable = true; }; - systemd.tmpfiles.rules = [ - "d /run/secrets/caddy 755 caddy caddy -" - "d /var/log/caddy 755 caddy caddy -" - ]; - networking = { firewall = { allowedTCPPorts = [ diff --git a/modules/nixos/homelab/guests/jellyfin/config/default.nix b/modules/nixos/homelab/guests/jellyfin/config/default.nix index 8c46db7..eee2878 100755 --- a/modules/nixos/homelab/guests/jellyfin/config/default.nix +++ b/modules/nixos/homelab/guests/jellyfin/config/default.nix @@ -103,7 +103,7 @@ in { type = "user"; id = "vmuser-cloud"; - mac = user; + mac = userMac; } ]; forwardPorts = [ diff --git a/modules/nixos/homelab/guests/linkpage/config/default.nix b/modules/nixos/homelab/guests/linkpage/config/default.nix new file mode 100755 index 0000000..063ce0d --- /dev/null +++ b/modules/nixos/homelab/guests/linkpage/config/default.nix @@ -0,0 +1,91 @@ +{ + flake, + ... +}: +let + inherit (flake.config.people) user0; +in +{ + websiteVM = + { + user, + ip, + mac, + ssh, + userMac, + package, + }: + { + microvm.vms."${user}-website" = { + autostart = true; + config = { + system.stateVersion = "25.05"; + networking.firewall.allowedTCPPorts = [ + 22 + 80 + ]; + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + }; + + environment.etc."website".source = package; + + users.users.root.openssh.authorizedKeys.keys = flake.config.people.users.${user0}.sshKeys; + + systemd = { + network = { + enable = true; + networks."10-enp" = { + matchConfig.Name = "enp0s3"; + addresses = [ + { Address = "${ip}/24"; } + ]; + gateway = [ "192.168.50.1" ]; + }; + }; + }; + services.caddy = { + enable = true; + virtualHosts.":80".extraConfig = '' + root * /etc/website + file_server + try_files {path} /index.html + ''; + }; + microvm = { + vcpu = 1; + mem = 512; + hypervisor = "qemu"; + interfaces = [ + { + type = "tap"; + id = "vm-ws-${user}"; + mac = mac; + } + { + type = "user"; + id = "vmuser-web"; + mac = userMac; + } + ]; + forwardPorts = [ + { + from = "host"; + host.port = ssh; + guest.port = 22; + } + ]; + shares = [ + { + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + tag = "ro-store"; + proto = "virtiofs"; + } + ]; + }; + }; + }; + }; +} diff --git a/modules/nixos/homelab/guests/linkpage/default.nix b/modules/nixos/homelab/guests/linkpage/default.nix new file mode 100755 index 0000000..da65bd2 --- /dev/null +++ b/modules/nixos/homelab/guests/linkpage/default.nix @@ -0,0 +1,11 @@ +let + importList = + let + content = builtins.readDir ./.; + dirContent = builtins.filter (n: content.${n} == "directory") (builtins.attrNames content); + in + map (name: ./. + "/${name}") dirContent; +in +{ + imports = importList; +} diff --git a/modules/nixos/homelab/guests/linkpage/linkpageCeres/default.nix b/modules/nixos/homelab/guests/linkpage/linkpageCeres/default.nix new file mode 100644 index 0000000..e632405 --- /dev/null +++ b/modules/nixos/homelab/guests/linkpage/linkpageCeres/default.nix @@ -0,0 +1,25 @@ +{ + flake, + config, + pkgs, + ... +}: +let + inherit (import ../config { inherit flake; }) websiteVM; + inherit (flake.config.services) instances; + + websiteProject = + let + websitePkg = flake.inputs.linkpage.packages.${pkgs.stdenv.hostPlatform.system}.websiteFrontend; + interfaceCfg = instances.website.interfaces.interface1; + in + websiteVM { + user = "link"; + ip = interfaceCfg.microvm.ip; + mac = interfaceCfg.microvm.mac; + ssh = interfaceCfg.microvm.ssh; + userMac = interfaceCfg.microvm.macUser; + package = websitePkg; + }; +in +websiteProject diff --git a/modules/nixos/homelab/guests/mastodon/config/default.nix b/modules/nixos/homelab/guests/mastodon/config/default.nix index 3a181e1..8e54d26 100755 --- a/modules/nixos/homelab/guests/mastodon/config/default.nix +++ b/modules/nixos/homelab/guests/mastodon/config/default.nix @@ -262,7 +262,7 @@ in cp /run/secrets/${user}-database /etc/mastodon-secrets/${user}-database cp /run/secrets/${user}-redis /etc/mastodon-secrets/${user}-redis cp /run/secrets/${user}-smtp /etc/mastodon-secrets/${user}-smtp - cp /run/secrets/${user}-fedifetcher-token /etc/mastodon-secrets/${user}-fedifetcher + cp /run/secrets/${user}-fedifetcher /etc/mastodon-secrets/${user}-fedifetcher chmod 755 /etc/mastodon-secrets chmod 644 /etc/mastodon-secrets/* ''; @@ -450,7 +450,7 @@ in mountPoint = "/var/lib/${serviceCfg.name}"; proto = "virtiofs"; source = "${mnt}/${serviceCfg.name}/data"; - tag = "${serviceCfg.name}_data"; + tag = "${serviceCfg.name}_${user}_data"; } { mountPoint = "/var/lib/postgresql"; diff --git a/modules/nixos/homelab/guests/minecraft/config/default.nix b/modules/nixos/homelab/guests/minecraft/config/default.nix index 8607b37..9d516b4 100755 --- a/modules/nixos/homelab/guests/minecraft/config/default.nix +++ b/modules/nixos/homelab/guests/minecraft/config/default.nix @@ -24,7 +24,7 @@ in }: { microvm.vms = { - "${serviceCfg.name}-${user}" = { + "${serviceCfg.name}-world${worldNumber}" = { autostart = true; restartIfChanged = true; config = { diff --git a/modules/nixos/homelab/guests/qbittorrent/config/default.nix b/modules/nixos/homelab/guests/qbittorrent/config/default.nix index ecfda79..13df4dd 100755 --- a/modules/nixos/homelab/guests/qbittorrent/config/default.nix +++ b/modules/nixos/homelab/guests/qbittorrent/config/default.nix @@ -152,7 +152,7 @@ in }; Downloads = { - SavePath = "${mnt}/${serviceCfg.name}/downloads"; + SavePath = "/var/lib/${serviceCfg.name}-downloads"; TempPathEnabled = false; PreAllocation = false; }; @@ -172,15 +172,14 @@ in network = { enable = true; networks."10-enp" = { - matchConfig.Name = "enp0s5"; + matchConfig.Name = "enp0s6"; addresses = [ { Address = "${ip}/24"; } ]; gateway = [ "192.168.50.1" ]; }; }; tmpfiles.rules = [ - "d ${mnt}/${serviceCfg.name} 755 ${serviceCfg.name} ${serviceCfg.name} -" - "d ${mnt}/${serviceCfg.name}/downloads 755 ${serviceCfg.name} ${serviceCfg.name} -" + "d /var/lib/${serviceCfg.name}-downloads 755 ${serviceCfg.name} ${serviceCfg.name} -" ]; services = { @@ -366,7 +365,13 @@ in mountPoint = "/var/lib/${serviceCfg.name}"; proto = "virtiofs"; source = "${mnt}/${serviceCfg.name}"; - tag = "${serviceCfg.name}_data"; + tag = "${serviceCfg.name}_${user}_data"; + } + { + mountPoint = "/var/lib/${serviceCfg.name}-downloads"; + proto = "virtiofs"; + source = "${mnt}/${serviceCfg.name}/downloads"; + tag = "${serviceCfg.name}_${user}_downloads"; } { mountPoint = "/run/secrets"; @@ -391,6 +396,11 @@ in }; sops.secrets = { + "caddy/share-auth" = { + owner = "caddy"; + group = "caddy"; + mode = "0400"; + }; "torrent/${user}-wireguard-pass" = { owner = "root"; mode = "0400"; @@ -410,6 +420,9 @@ in tmpfiles.rules = [ "d ${mnt}/${serviceCfg.name} 0755 microvm wheel - -" + "d ${mnt}/${serviceCfg.name}/downloads 0755 microvm wheel - -" + # "d /run/secrets/qbittorrent/caddy 755 caddy caddy -" + # "d /var/log/caddy 755 caddy caddy -" ]; }; diff --git a/modules/nixos/homelab/guests/vaultwarden/vaultwardenCeres/default.nix b/modules/nixos/homelab/guests/vaultwarden/vaultwardenCeres/default.nix new file mode 100644 index 0000000..dbfd9ba --- /dev/null +++ b/modules/nixos/homelab/guests/vaultwarden/vaultwardenCeres/default.nix @@ -0,0 +1,25 @@ +{ + flake, + labHelpers, + ... +}: +let + inherit (import ../../../helpers.nix { inherit flake; }) labHelpers; + inherit (labHelpers) mntPath; + inherit (import ../config { inherit flake; }) vaultwardenVM; + inherit (flake.config.people) user0; + inherit (flake.config.services.instances) vaultwarden; + + interface0Cfg = vaultwarden.interfaces.interface1; + + vaultwardenNick = vaultwardenVM { + user = user0; + ip = interface0Cfg.microvm.ip; + mac = interface0Cfg.microvm.mac; + userMac = interface0Cfg.microvm.macUser; + ssh = interface0Cfg.microvm.ssh; + mnt = mntPath; + host = "${interface0Cfg.subdomain}.${flake.inputs.linkpage.secrets.domains.projectsite}"; + }; +in +vaultwardenNick diff --git a/modules/nixos/homelab/guests/website/config/default.nix b/modules/nixos/homelab/guests/website/config/default.nix index d057802..80fbcf6 100755 --- a/modules/nixos/homelab/guests/website/config/default.nix +++ b/modules/nixos/homelab/guests/website/config/default.nix @@ -1,7 +1,5 @@ { - config, flake, - pkgs, ... }: let @@ -15,11 +13,12 @@ in user, ip, mac, + ssh, userMac, package, }: { - microvm.vms.${serviceCfg.name} = { + microvm.vms."${serviceCfg.name}" = { autostart = true; config = { system.stateVersion = "25.05"; @@ -66,6 +65,18 @@ in id = "vm-ws-${user}"; mac = mac; } + { + type = "user"; + id = "vmuser-web"; + mac = userMac; + } + ]; + forwardPorts = [ + { + from = "host"; + host.port = ssh; + guest.port = 22; + } ]; shares = [ { diff --git a/modules/nixos/homelab/guests/website/websiteCeres/default.nix b/modules/nixos/homelab/guests/website/websiteCeres/default.nix index 5e6cfbd..a9e1303 100644 --- a/modules/nixos/homelab/guests/website/websiteCeres/default.nix +++ b/modules/nixos/homelab/guests/website/websiteCeres/default.nix @@ -5,7 +5,7 @@ ... }: let - inherit (import ../config { inherit flake config pkgs; }) websiteVM; + inherit (import ../config { inherit flake; }) websiteVM; inherit (flake.config.services) instances; websiteUpRoot = @@ -17,21 +17,10 @@ let user = "uproot"; ip = interfaceCfg.microvm.ip; mac = interfaceCfg.microvm.mac; + ssh = interfaceCfg.microvm.ssh; userMac = interfaceCfg.microvm.macUser; package = websitePkg; }; - websiteProject = - let - websitePkg = flake.inputs.linkpage.packages.${pkgs.stdenv.hostPlatform.system}.websiteFrontend; - interfaceCfg = instances.website.interfaces.interface1; - in - websiteVM { - user = "project"; - ip = interfaceCfg.microvm.ip; - mac = interfaceCfg.microvm.mac; - userMac = interfaceCfg.microvm.macUser; - package = websitePkg; - }; in -websiteProject // websiteUpRoot +websiteUpRoot diff --git a/modules/nixos/services/wireguard/default.nix b/modules/nixos/services/wireguard/default.nix index 6408a95..9b15a9e 100755 --- a/modules/nixos/services/wireguard/default.nix +++ b/modules/nixos/services/wireguard/default.nix @@ -17,9 +17,9 @@ in publicKey = "fs58+Kz+eG9qAXvvMB2NkW+wa88yP61uam4HHWaBJVw="; allowedIPs = [ "${ceres.wireguard.ip0}/32" - "${instances.web.localhost.address4}/24" + "${instances.web.addresses.address4}/24" ]; - endpoint = "${instances.web.remotehost.address0}:${builtins.toString service.ports.port1}"; + endpoint = "${instances.web.addresses.address0}:${builtins.toString service.ports.port1}"; persistentKeepalive = 25; } ]; diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 8e25e5d..471776b 100755 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -11,7 +11,7 @@ mastodon: nick-database: ENC[AES256_GCM,data:bBIjIrO0mkbg1yuLK3fP5lG/DWwwMUhqrGNTta2ejUNy,iv:HNnHryfXR+wB1f2AdY3FyDlHWDk7JPgWBRz170FKQU4=,tag:WlZdefcoWHzyPpv0bxCZ8A==,type:str] nick-redis: ENC[AES256_GCM,data:EqI1Iyy8Z00b0QzqjXsMl21zI7Bi7U8fOM+BZOiEazAE,iv:YLiiT2KLcLgS3kBKtpD/IbnEsKAuPs5XlLNH8YCEhYc=,tag:Z56WCabmtxrg4j+3eXesdQ==,type:str] nick-pass: ENC[AES256_GCM,data:WHV+iRST1H2k7muAJfp3mT0ol7l1fVDs8pG1OgBV4lKcLrMKy43wbNJ9YvK1R+CRYOh3JTbOurLAyqA50t7SvmzYKjtjXgANNx7u/mf4jgmO0TlaLxTp6Tc/YqZokUg7wgOkPRpb2+kukHIDrWPOdN0g5BFZSEvanE6ckkG0keRP,iv:XANdKTeCT4R0v7gCbuOTuXqHBN7GaiR3osW+vOt8SQ0=,tag:Ae71I4h5QweRlxoVWyJs+w==,type:str] - nick-fedifetcher-token: ENC[AES256_GCM,data:aqUQ1K2zCb1aicqiUwhJ9cniB6LCzGxkj26ZRT4NlZwki38Ktorf4Ntor7k=,iv:tSthNg5ubEXOUfqA4xCfaDx1LTheqiiV48XqtPEm0HQ=,tag:lxXt1G9ll5iVC/phSyO/BQ==,type:str] + nick-fedifetcher: ENC[AES256_GCM,data:bAKgS3gQ2qu+6woZU/vKYhWOdJDLN9HNJbfSCkTCFksUPgIE3Uq5ugtCk3U=,iv:LXC36MpeaQwbfm1rcgvVPO2WI1P0cKe+LLtCnKxIx+Y=,tag:ie34tbpUPTODrSYTmWwYEA==,type:str] peertube: smtp: ENC[AES256_GCM,data:yrx7Ovy3zmApaODk+V3k26XJDUj5sGr0YAQ168V/o0dY,iv:s2P2Rf5/QnjBeNgFTXpXKPI+y8P97RJqaXRK4b19V/w=,tag:4X830RBQFzx1Mirwd5smeA==,type:str] database: ENC[AES256_GCM,data:T7cd/jrmpzdKuE7nZ6/Zh4DI8E35J26Jn/wt3yZEf+ce,iv:wfeoQljDlp0/isxsbH04ZRG31KTY0d0mBsShjy89ddo=,tag:XrtzpyRr6wvkArg2pGObBQ==,type:str] @@ -22,10 +22,10 @@ forgejo: nick-database: ENC[AES256_GCM,data:Hzojzr1TvFFfnQO2Dm8c3+QMVejqWPqsMTR+hMCaddtu,iv:4gs+yuoqjkJWrsGKhhaeXXWE3PKOZgEcbOprbUUmP/w=,tag:ul7XkzbVLGbRfwBGvhGQbQ==,type:str] nick-smtp: ENC[AES256_GCM,data:wJ3Q86tVNS1V+lzOrV4IbnoR1FzJg4CoTPvjfKvN/me+,iv:yF4nZw4c6L1MoD9maXaZBNr9EgLHM0ij5468P/wzHxI=,tag:yz01ukHdwKWc+Ph6QSaiNg==,type:str] zookeeper: - nick-env: ENC[AES256_GCM,data:Uhnk1fbHAOOpS7od9cd88JotcCqK0dWKVVV0I56/D90+pDKJ5qLKO0AnrF8ebNd8HgKMc7bkO/fO0AHRtKcei4jk5hg5vsM4EA==,iv:WR4wnxmA0XWjSwgAnFJcTUy63WJzfWiC5/ogPStR0r4=,tag:rDE3OktnQN5xJW5WXVcOlA==,type:str] + boon-env: ENC[AES256_GCM,data:3aOlOkYHxpao4/+Ubud4LfyZ3yQonN0FtHEYvQHEPNjTcqJiltuXrRr0ZaJ7RwY+A/IunuZVhrjngCBRj+TWBZZ2i+uaf0BEuA==,iv:53H5+rcRIui2d71K3QTj5LYg/ae4TGOFe96t2zxQh2o=,tag:vR3IOm2XFmODLQZDTlY1zw==,type:str] minecraft: - nick-world0: ENC[AES256_GCM,data:r3cBMW662UaoRBy6dzIqWRlaFHopfN/t5g==,iv:Nr+lvEQTT+PDP8OMH6mUyWKo92ejRfO4fXAERMxg8sQ=,tag:2WevPfTYN4/NJNea/JwPqg==,type:str] - nick-world1: ENC[AES256_GCM,data:/npb82dKLypMDkq01F1eyb+aPiqzcgL9wUX3bMLgEYk5,iv:9JWvq9E5+Gs3T9y9YqrkXbF9kl0lAWPseVK+OBrQR/w=,tag:XziFN0BMs+Nk+54vkc4+ig==,type:str] + nick-world01: ENC[AES256_GCM,data:skiM+L/uEEnst0pCDzB5XaHnLpWrLQBXuQ==,iv:CnlXwpB4paDQSaC2W9uQRTc2rgqCo6QTGC4SsYAMw6Y=,tag:D2r2X6flowP7tjuX74KzRg==,type:str] + nick-world02: ENC[AES256_GCM,data:tEh+uThkn8VczSjviU58/vBUmyKBfiA7tnYiBsIlgjSb,iv:yfQvffZ3AlT4lpfEkBT5gVacogaQoIZSim+gpoD7LkU=,tag:E7matzOY08rapIxaW9lOdg==,type:str] vaultwarden: nick-env: ENC[AES256_GCM,data:lG7pqpLJ7OsFZhWCJcPnvDxkR4Ob78buazUeLWlRSAPYEv8KarymYduecJNWCZUjUlysoU5YrHaat8tny+Vl2rYdef8oPfqlf7fITofsdmjHhAGUBJEEVQWLyEXqrEebEyeNKZwI+u8=,iv:SNptt0CPcSCTs6AAWLcC+U0/94oQapqmT1K8ZN/bIfM=,tag:2/1A+DwuWOIr0eoJmZTnwA==,type:str] dns: @@ -88,7 +88,7 @@ sops: bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-10T02:07:35Z" - mac: ENC[AES256_GCM,data:W+q1Qy0tWuWBVQyVoyE2xnfxHEnHvBTt+HWnx/gEK4i+jgnJFGCn8EjZycBwr9jrMTCf70HpSnPIyKd8xg0n6E49Y0yHq6WBOG2K3SKFueqohljNf4QfpG4Gtrr6pyWFXDs5WKdRd9iszTs8jZ4bnOVNsMBggE5r8Sqt4Pu6Ico=,iv:1Pp2nLyjhSRnjPCBzFRll7m+NO/h7Y5l+nCXOoEGE6Q=,tag:9KPuFI0keIsVF5c6BPyQow==,type:str] + lastmodified: "2025-12-10T06:36:31Z" + mac: ENC[AES256_GCM,data:8juvjbgS2dM8KMJwRjXlf7GH5pSPkn9y+RmJ6ZNJLPeUKl7OONY/0iAKCdzLJUyT2lWszRAuL0lLahumqjT/DowwBODBv4RmkM8z/FYpY6emEe9PY8ZLs+QXGfiUavJX2Y98QIkEQCp3Ad+dmQzwHpYm2iYV2gUBtX2QH+NkfEk=,iv:ty71OQjZC0Z+G8verBOBUIKx+aZ9NDwx6sf5BbmYcW0=,tag:uAdU1a5g0elRGyCTH0PETA==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/systems/ceres/config/wireguard.nix b/systems/ceres/config/wireguard.nix index ada05f4..017e4cd 100755 --- a/systems/ceres/config/wireguard.nix +++ b/systems/ceres/config/wireguard.nix @@ -42,7 +42,7 @@ in sops = let sopsPath = secret: { - path = "${interfaceCfg.paths.secretPaths.path0}/${serviceCfg.name}-${secret}"; + # path = "${interfaceCfg.paths.secretPaths.path0}/${serviceCfg.name}-${secret}"; owner = "root"; mode = "600"; };