nixos/middleman: Real hardware config

nixos/boxes/colony/vms/shill/containers/middleman/default.nix

@@ -30,7 +30,7 @@
             server.enable = true;
 
             secrets = {
-              key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAuvP9DEsffop53Fsh7xIdeVyQSF6tSKrOUs2faq6rip";
+              key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAQM9U1e/XcUCyMJITrpAHjAGahpqkZCmtX6pJkYzuks";
               files = {
                 "dhparams.pem" = {
                   owner = "acme";
@@ -41,11 +41,11 @@
                   owner = "acme";
                   group = "acme";
                 };
-                "cloudflare-credentials.conf" = {
+                "middleman/cloudflare-credentials.conf" = {
                   owner = "acme";
                   group = "acme";
                 };
-                "nginx-sso.yaml" = {
+                "middleman/nginx-sso.yaml" = {
                   owner = "nginx-sso";
                   group = "nginx-sso";
                 };
@@ -58,7 +58,7 @@
 
             nginx-sso = {
               enable = true;
-              extraConfigFile = config.age.secrets."nginx-sso.yaml".path;
+              extraConfigFile = config.age.secrets."middleman/nginx-sso.yaml".path;
               configuration = {
                 listen = {
                   addr = "[::]";
@@ -122,7 +122,8 @@
               acceptTerms = true;
               defaults = {
                 email = "dev@nul.ie";
-                server = "https://acme-staging-v02.api.letsencrypt.org/directory";
+                #server = "https://acme-staging-v02.api.letsencrypt.org/directory";
+                server = "https://acme-v02.api.letsencrypt.org/directory";
                 reloadServices = [ "nginx" ];
                 dnsResolver = "8.8.8.8";
               };
@@ -163,7 +164,7 @@
                     "*.${lib.my.pubDomain}"
                   ];
                   dnsProvider = "cloudflare";
-                  credentialsFile = config.age.secrets."cloudflare-credentials.conf".path;
+                  credentialsFile = config.age.secrets."middleman/cloudflare-credentials.conf".path;
                 };
               };
             };

secrets/cloudflare-credentials.conf.age

@@ -1,11 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 H162lQ poUW3oUJVxTNyJxJwWAbFDCOK7Gnhk2KxPDzZs3unE4
-8veh+9Z1kVb1Y9h/rFOzRfeGkewtwVQUUB5oOPZKvqQ
--> X25519 PlDX52lXXShwQgi2sXSZM6Tu2v5g6dNVLVovyCEahAo
-p7pNdl9U5iZ9uOICs4xejtTgJ8eagkDgSUkLTBhUAB4
--> 3M-grease
-3VLKIT/v0a6RIllt791XnIBEOHvvcARqSd5UkLdR6+V3Bw4BNRV6eFUTtzxWpm9n
-O2JMeVRr9dL2MRG1+3LHqnAT1ujZyFYhn6JLTA
---- U9nB05pNnOLwbjJi2aPk87glMy0VTotDgqb/2b0zkdg
-?<3F><><EFBFBD><EFBFBD><EFBFBD>gbp<62>ç<7F>h<><68>ќ<EFBFBD>]<5D><>S<7F><1C>[<5B>f<0B>3<EFBFBD>8<EFBFBD>3<><33><EFBFBD><EFBFBD><EFBFBD>3<EFBFBD>
-j<EFBFBD><EFBFBD>kdP<EFBFBD>e<EFBFBD><EFBFBD>a<EFBFBD>/<2F><>^<1B>S<>T<EFBFBD><54>j<EFBFBD>7K<37><4B><EFBFBD><EFBFBD><11>_<EFBFBD><5F>Gc<47>0<EFBFBD>R<EFBFBD>D<><44>b`hG<68>T<1E><>

secrets/estuary/netdata/powerdns.conf.age

@@ -1,10 +1,12 @@
 age-encryption.org/v1
--> ssh-ed25519 n8CpUw gt7Z7JlRQIZctb7k44hR7rR4NwashQuA7bY580YCa10
-On55Kp+DDtZPCFJlyzcew8b/uPckX4tCPESBAFwSeAY
--> X25519 5AS2hdGqkkpoL1JiFKOnstoGh7hEKbYE3HNynP2L2U0
-flPM0IHmnwZz0tGr887MZQxg40QPrjCpnXeaTe0qqEI
--> bg7}Id-grease
-YjyZlOsYKt8kimLGg94RjHZFkxRXpFElqs7IZmmndJpFBI53ENy4J61oef/Choy/
-c6h4be2Txus+EM4QneFbnseq2Mdc
---- zKpMXNIeDiPLrb7venPzFcQwlAEU3vSJlJs8kRX8xBg
-e<EFBFBD>H<>O0<02>3F<33>Q<><51><EFBFBD>,<<3C><>4y+<2B><12><>/<2F><><EFBFBD><EFBFBD><EFBFBD>W)GL<47><4C>F<>KGf<47><66><EFBFBD><EFBFBD>9r<><72>Q<07>T8<54><38>H<EFBFBD>؉D<D889>o5<6F>>N<><1A>X<0F><>4<EFBFBD><34>n5$<24>-<2D>;
+-> ssh-ed25519 n8CpUw Oay8MPg2cdVe+Tu8lESM1FqbURj5EUEt81Q88yWErxU
+qHw6Rty0B88SFpUf15KdGtkiWfm1xp3M5rQHEhgX7FQ
+-> X25519 /aUWmwPgQxpo2Qj3B5OnKhw91t54YhkpcRcWMdAlzlA
+lqQxuIlYtDzHC9NDz3AjMAtc19F6iWLHWmvKdmKgLcM
+-> mo|25i-grease
+nRPNuLLS6yL2L9xW8DSzFktZ7Tdc1QeQmzOmlZ0QTzyMjAOoNSlJc38ApMtlykw+
+zbQA5xEIaNdgDR8etWEgv/QRqvmo
+--- E88sZZTGA332BWi/Fi2mYeTfSlcMM5VQvQOkwyijDNs
+#<17><>
<01>@<40>;<3B>
+;<3B><>N΋'u<05><><EFBFBD><M<><4D><EFBFBD>z<EFBFBD>/<2F>
)<29><>,<2C><0C>ۯk{l<><6C><EFBFBD><EFBFBD>e<EFBFBD><65>O˲5x<35><03>]<5D>IQ<49><51><EFBFBD>T<><54><EFBFBD>
+<EFBFBD><EFBFBD><EFBFBD><EFBFBD>	IRա<52>a<EFBFBD><61>i{~}<7D>T.޾<<3C><>ۚ<07><S<><53>!<21>XT5<54>E<EFBFBD>w&<26>.<2E><><EFBFBD>H)<29><><EFBFBD><EFBFBD>L}
<01><>P[M=W<07>A

secrets/estuary/pdns/auth.conf.age

@@ -1,10 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 n8CpUw fAg/7pxnqWhx4ia0NpxoZp41PXFDwNZisoadPqkWwW0
-a3yh3GSFrZIH0gxIdDKGhqdK5GV/Jw8e3k8dzCuBflA
--> X25519 C71qeEdBawNVucX5cDdwfU/3qRXO7X0CJmfb4wsjFlQ
-UJUKezoEGMt/yrUJ+ATzMi9gfKCsiyKS6mlKZhOE1Bo
--> QgpA-grease `^0T- ;[p G 4
-qfaNiUNdNFDGEJMOLoE+uVqXeoh78UH0os9DG1aPghWo3MQJ+/KGW+a/q+UHu7d1
-9V1ank9kIBWRcvtUaQ
---- BKpfFbC56c+pGNtKcyMXErMEWhu0VQHbJgTRp0BaKhM
-<EFBFBD>VPɭ<EFBFBD>cI<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?<3F><>ٿN<D9BF><4E><EFBFBD>(p<11>d<EFBFBD>nfMW1<13><>	ɗ)<29><><EFBFBD><EFBFBD>߅8<DF85>ՈN<D588>
<01><><EFBFBD>)g<12><><EFBFBD><EFBFBD><EFBFBD>K<EFBFBD><4B>q<EFBFBD>
+-> ssh-ed25519 n8CpUw vrmqoaNTgD3vR/JjMEzDtFtuJdOgOG1cAF/K4wVxpAA
+ICuTWokXdt8vKHwFO/HsAOSR4mdjP1XtG2dRpwReQe4
+-> X25519 O3v69z65PU313Q9V9OFwpIVfgffCn3AEbIRZemogMVo
+3UqbO6tA+e0kWGxgR1NyomaA9asEkUbDUvTCdHcvJ1c
+-> N-grease Y3 a[
+PBZW+W7X/tuOu1IF8spvn59M1kNAGUP7+DTbLUjlqndzGMaBJ84CJw+CAPC+Md1I
+1iqulKt6UAAFkpY
+--- DQ8K63M3As26s09GVGc/nEUm/qstY0AN5yiCQ1PXKaM
+<EFBFBD><EFBFBD><EFBFBD><EFBFBD><1C><18><><EFBFBD><EFBFBD>pf<70><66><EFBFBD><EFBFBD><EFBFBD>5.<2E>-y<><79>i<EFBFBD><69><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>a<EFBFBD>1<EFBFBD>ʕ<1D>J<EFBFBD>O<EFBFBD><4F>"<22>K<19><>Bȋ-<2D>EJ	_\_<>y<EFBFBD>={]YQ"<22><><EFBFBD>

secrets/estuary/pdns/recursor.conf.age

@@ -1,9 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 n8CpUw W+QHTbMuGCIzX5wYTMmacaDUForQckDDA/GvfUhuxxk
-P9ZXfNYVdy9ypkevlvhMHtRG7/ka/Qq0Lk/gn1GFzVU
--> X25519 TU7g0shh1jjS3vsmfYAhjfEjGCtiF1UufVnG0VTDJW0
-O4U/SRtHXw09+0AmQBNmq4X+oSiXGnM269o8fOIF19Y
--> jze-grease C,Vm1
-12L/JV+x+e41PsvoEtljoF1e
---- DNTspjhDmKO0vcOUGniMAKTZ//ysWETjz18VgBTJ9yc
-<EFBFBD>=<3D><><EFBFBD>5<EFBFBD>[v0<76><30><EFBFBD>\ċ<>c;<3B><><EFBFBD>?_=4<>R>T~
+-> ssh-ed25519 n8CpUw p36/Gp3jTdXE3AGFhHm9J2p0KuPRKq372go8Rplee34
+VV7OAGrst1gVp4oiFBMHRQzRrPYKQVOiTKJY/uxGPSQ
+-> X25519 zVxW9hWqbNkZwkxbmr+84vx/ePe6SMob8Nn3lQ5NXFY
+YwbLgoNYDYmtHfeFyBR7YwpqHrYN2AV2w7zACz4px0U
+-> R;D)YDog-grease l 5Im2tR&`
+/dg2cnvcyLH/LvhFQTukBOgqLv+nYrzyDJimzS9SqY2scN7q0V9lDrx/KYKVeeWi
+jUnKsIt9bq2gXAXKnT2GqnHWBbixMUrqLxax/nSTVOT4g0fjrBkWPg
+--- bkRusUuDjD0EzR2YvikUhjbFQ86HeGUluxSuf/kfbH0
+v<EFBFBD>!<21><><16>SL<><4C><15><><03>[<5B>^}<7D>ya+<2B>ɓ<EFBFBD>a<>I'<27><>(<28><06>+<2B>zu<7A>e<EFBFBD>#<23><>e<08>q`<60>:<0B>n<EFBFBD><0B><><EFBFBD>

secrets/jackflix-wg-privkey.txt.age

@@ -1,10 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 vf+WVg 49MlmUh4nCOHTalKhJ07Ta+BpM4jnINkSLL/imNCJEs
-g1vq+VEqTnu3cnA3c6osXyrcE0rJjaCYtyIdmHgPK2U
--> X25519 jwUC9PB+fD/Wtvyi8ngEAamyScllZZqM+vS+yVQ7fS0
-A+ZplDCAxdQpWCjEg7OxEl22a79BiBPjJNW+bB8EprY
--> E21RFxX-grease s
-l/K1CHcO1eTXcvUV61UGM7279M5xaU5jFwirI7Kc1Eb7b6LD7u8968fiQXKJy+bS
-D7A2x2SPrNXFbjI5kdIGZ2gLLBE
---- sl8/38fMzipYZL6p6yJ8LUazLDl6dVrR3Cd5ZApgy6M
-<EFBFBD>_)<29>I<EFBFBD><49><EFBFBD>Y<EFBFBD>k<EFBFBD>=<3D>̒<EFBFBD>fz_"#<23><><EFBFBD>.<2E>?<3F>IF:7<>)<29>V<1A>K<><4B><EFBFBD><EFBFBD>D<EFBFBD>&<26>o<EFBFBD><6F><EFBFBD><EFBFBD>]<5D>=<3D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><1B><>W<EFBFBD>^<5E><><EFBFBD>
+-> ssh-ed25519 vf+WVg KhusLFATFrmnujHs1WV+VR+MPktHASs+Wj82s35pfig
+IXeX1fHQ/0CbC2D22aQLY9TnaPnW0u6iMPr0aimAxvs
+-> X25519 4hQH9z/z4JF7chKf7P3L+eorQHojuEf51YukjyKaf2Q
+Ce623tTN1jGwbKnHPbnDpJMGG3KdZCd3kM1fBzC+mqI
+-> :(-grease mxbrVm>
+rZKeB2I+ThUqHOB43Icv91gDI6J+1yYknWHul0/Uv0LDSgSKBpIhYv4Gkd/mOnPS
+Ow
+--- bEHjGQBQ60BLD9cnDjg+oR0W3HOwLgADCqX3yqrwjHk
+<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>y<EFBFBD>M<EFBFBD><EFBFBD>㤁<EFBFBD>X<EFBFBD>Ϛ<EFBFBD>&u(<28><><EFBFBD>Hq<48>f<EFBFBD>dzR<7A>x(G<>t<EFBFBD>{<1D><08><>r<EFBFBD> <20>v?<3F><>3<>ɷ<EFBFBD><C9B7><EFBFBD><EFBFBD>Ղ<EFBFBD>