nixos/middleman: Real hardware config

nixos/boxes/colony/vms/shill/containers/middleman/default.nix

@@ -30,7 +30,7 @@
             server.enable = true;
 
             secrets = {
-              key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAuvP9DEsffop53Fsh7xIdeVyQSF6tSKrOUs2faq6rip";
+              key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAQM9U1e/XcUCyMJITrpAHjAGahpqkZCmtX6pJkYzuks";
               files = {
                 "dhparams.pem" = {
                   owner = "acme";
@@ -41,11 +41,11 @@
                   owner = "acme";
                   group = "acme";
                 };
-                "cloudflare-credentials.conf" = {
+                "middleman/cloudflare-credentials.conf" = {
                   owner = "acme";
                   group = "acme";
                 };
-                "nginx-sso.yaml" = {
+                "middleman/nginx-sso.yaml" = {
                   owner = "nginx-sso";
                   group = "nginx-sso";
                 };
@@ -58,7 +58,7 @@
 
             nginx-sso = {
               enable = true;
-              extraConfigFile = config.age.secrets."nginx-sso.yaml".path;
+              extraConfigFile = config.age.secrets."middleman/nginx-sso.yaml".path;
               configuration = {
                 listen = {
                   addr = "[::]";
@@ -122,7 +122,8 @@
               acceptTerms = true;
               defaults = {
                 email = "dev@nul.ie";
-                server = "https://acme-staging-v02.api.letsencrypt.org/directory";
+                #server = "https://acme-staging-v02.api.letsencrypt.org/directory";
+                server = "https://acme-v02.api.letsencrypt.org/directory";
                 reloadServices = [ "nginx" ];
                 dnsResolver = "8.8.8.8";
               };
@@ -163,7 +164,7 @@
                     "*.${lib.my.pubDomain}"
                   ];
                   dnsProvider = "cloudflare";
-                  credentialsFile = config.age.secrets."cloudflare-credentials.conf".path;
+                  credentialsFile = config.age.secrets."middleman/cloudflare-credentials.conf".path;
                 };
               };
             };

secrets/cloudflare-credentials.conf.age

@@ -1,11 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 H162lQ poUW3oUJVxTNyJxJwWAbFDCOK7Gnhk2KxPDzZs3unE4
-8veh+9Z1kVb1Y9h/rFOzRfeGkewtwVQUUB5oOPZKvqQ
--> X25519 PlDX52lXXShwQgi2sXSZM6Tu2v5g6dNVLVovyCEahAo
-p7pNdl9U5iZ9uOICs4xejtTgJ8eagkDgSUkLTBhUAB4
--> 3M-grease
-3VLKIT/v0a6RIllt791XnIBEOHvvcARqSd5UkLdR6+V3Bw4BNRV6eFUTtzxWpm9n
-O2JMeVRr9dL2MRG1+3LHqnAT1ujZyFYhn6JLTA
---- U9nB05pNnOLwbjJi2aPk87glMy0VTotDgqb/2b0zkdg
-?ÎÝò¼÷gbpÔçœhÂöÑœ¦]ŒµSçì[âf²3Ù8¼3ºãñ½š3ß
j‰àkdP¬eŒøaÞ/ÆÀ^âSˆT¡Åj×7K¶Ìý¸Ö_áàGc’0’RŒDòìb`hGøT‡‡
-y<EFBFBD>y¶‘³¶ÿÃ<EFBFBD>~&Ú‚xËÛµOL	÷»g)©
›”
÷XÞLº‚

secrets/estuary/netdata/powerdns.conf.age

@@ -1,10 +1,12 @@
 age-encryption.org/v1
--> ssh-ed25519 n8CpUw gt7Z7JlRQIZctb7k44hR7rR4NwashQuA7bY580YCa10
+-> ssh-ed25519 n8CpUw Oay8MPg2cdVe+Tu8lESM1FqbURj5EUEt81Q88yWErxU
-On55Kp+DDtZPCFJlyzcew8b/uPckX4tCPESBAFwSeAY
+qHw6Rty0B88SFpUf15KdGtkiWfm1xp3M5rQHEhgX7FQ
--> X25519 5AS2hdGqkkpoL1JiFKOnstoGh7hEKbYE3HNynP2L2U0
+-> X25519 /aUWmwPgQxpo2Qj3B5OnKhw91t54YhkpcRcWMdAlzlA
-flPM0IHmnwZz0tGr887MZQxg40QPrjCpnXeaTe0qqEI
+lqQxuIlYtDzHC9NDz3AjMAtc19F6iWLHWmvKdmKgLcM
--> bg7}Id-grease
+-> mo|25i-grease
-YjyZlOsYKt8kimLGg94RjHZFkxRXpFElqs7IZmmndJpFBI53ENy4J61oef/Choy/
+nRPNuLLS6yL2L9xW8DSzFktZ7Tdc1QeQmzOmlZ0QTzyMjAOoNSlJc38ApMtlykw+
-c6h4be2Txus+EM4QneFbnseq2Mdc
+zbQA5xEIaNdgDR8etWEgv/QRqvmo
---- zKpMXNIeDiPLrb7venPzFcQwlAEU3vSJlJs8kRX8xBg
+--- E88sZZTGA332BWi/Fi2mYeTfSlcMM5VQvQOkwyijDNs
-eêHÝO0ø3F<33>QÔÇý,<<3C>Ø4y+<2B>«ü/¦<>ö­•W)GLõŒFóKGfòãƒõ9r—‘Q<07>T8æ›HÉ؉DÂo5Ò>NÿÖXƒ—4ƒàn5$ß-Ó;
C– 8éÂÏ&÷‹‹8€tnª¸bs[Q³éèbÙ›2Æ)!ƒh½ÙÄ]å%h
+#’“
Ú@¬;«
+;–ÕN΋'u¦¾é<MôÞëz¡/Æ
)Ëç,úòÛ¯k{lƒ±÷™e´ñO˲5xК]ØIQú–ÓT®ãÓ
+šèæŒ	IRÕ¡˜aÝõi{~}óT.Þ¾<ê–ÛšØ<SúÚ!ƒXT5ÚEÉw&õ.Á˜¶H)ä¯òôL}
Á†P[M=W£A

secrets/estuary/pdns/auth.conf.age

@@ -1,10 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 n8CpUw fAg/7pxnqWhx4ia0NpxoZp41PXFDwNZisoadPqkWwW0
+-> ssh-ed25519 n8CpUw vrmqoaNTgD3vR/JjMEzDtFtuJdOgOG1cAF/K4wVxpAA
-a3yh3GSFrZIH0gxIdDKGhqdK5GV/Jw8e3k8dzCuBflA
+ICuTWokXdt8vKHwFO/HsAOSR4mdjP1XtG2dRpwReQe4
--> X25519 C71qeEdBawNVucX5cDdwfU/3qRXO7X0CJmfb4wsjFlQ
+-> X25519 O3v69z65PU313Q9V9OFwpIVfgffCn3AEbIRZemogMVo
-UJUKezoEGMt/yrUJ+ATzMi9gfKCsiyKS6mlKZhOE1Bo
+3UqbO6tA+e0kWGxgR1NyomaA9asEkUbDUvTCdHcvJ1c
--> QgpA-grease `^0T- ;[p G 4
+-> N-grease Y3 a[
-qfaNiUNdNFDGEJMOLoE+uVqXeoh78UH0os9DG1aPghWo3MQJ+/KGW+a/q+UHu7d1
+PBZW+W7X/tuOu1IF8spvn59M1kNAGUP7+DTbLUjlqndzGMaBJ84CJw+CAPC+Md1I
-9V1ank9kIBWRcvtUaQ
+1iqulKt6UAAFkpY
---- BKpfFbC56c+pGNtKcyMXErMEWhu0VQHbJgTRp0BaKhM
+--- DQ8K63M3As26s09GVGc/nEUm/qstY0AN5yiCQ1PXKaM
-žVPÉ­ËcI•<EFBFBD>ÿŸ¤©Ç?öÀÙ¿Nîôè(p dånfMW1áÀ	É—)áî¨Ûß…8íÕˆN¯
ÂÎù)g†üîîÃK€£qÕ
+ä„û†ª÷ø‘Èpf¨ó²ü¥5.×-yàÓiö¶ªúå¼ßa“1¼Ê•ÊJÖO†Ç"±KÍéBÈ‹-ÚEJ	_\_²y‚={]YQ"ì²â

secrets/estuary/pdns/recursor.conf.age

@@ -1,9 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 n8CpUw W+QHTbMuGCIzX5wYTMmacaDUForQckDDA/GvfUhuxxk
+-> ssh-ed25519 n8CpUw p36/Gp3jTdXE3AGFhHm9J2p0KuPRKq372go8Rplee34
-P9ZXfNYVdy9ypkevlvhMHtRG7/ka/Qq0Lk/gn1GFzVU
+VV7OAGrst1gVp4oiFBMHRQzRrPYKQVOiTKJY/uxGPSQ
--> X25519 TU7g0shh1jjS3vsmfYAhjfEjGCtiF1UufVnG0VTDJW0
+-> X25519 zVxW9hWqbNkZwkxbmr+84vx/ePe6SMob8Nn3lQ5NXFY
-O4U/SRtHXw09+0AmQBNmq4X+oSiXGnM269o8fOIF19Y
+YwbLgoNYDYmtHfeFyBR7YwpqHrYN2AV2w7zACz4px0U
--> jze-grease C,Vm1
+-> R;D)YDog-grease l 5Im2tR&`
-12L/JV+x+e41PsvoEtljoF1e
+/dg2cnvcyLH/LvhFQTukBOgqLv+nYrzyDJimzS9SqY2scN7q0V9lDrx/KYKVeeWi
---- DNTspjhDmKO0vcOUGniMAKTZ//ysWETjz18VgBTJ9yc
+jUnKsIt9bq2gXAXKnT2GqnHWBbixMUrqLxax/nSTVOT4g0fjrBkWPg
-Ú=óÁ<C3B3>5©[v0³<30>ê\Ä‹°c;¡úÕ?_=4éR>T~
kjáAæ48/ôwkû³ø~ûÖ*±!©
ÿ’òÂ2Ô5|3zF<7A>%üÐÛA
+--- bkRusUuDjD0EzR2YvikUhjbFQ86HeGUluxSuf/kfbH0
+vý!ô€ªSLôœÀ÷ë[²^}›ya+‰É“‘a”I'Ýþ(‡Ò+îzu³e­#‚úeÜq`Ë:Õn’èŒâ

secrets/jackflix-wg-privkey.txt.age

@@ -1,10 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 vf+WVg 49MlmUh4nCOHTalKhJ07Ta+BpM4jnINkSLL/imNCJEs
+-> ssh-ed25519 vf+WVg KhusLFATFrmnujHs1WV+VR+MPktHASs+Wj82s35pfig
-g1vq+VEqTnu3cnA3c6osXyrcE0rJjaCYtyIdmHgPK2U
+IXeX1fHQ/0CbC2D22aQLY9TnaPnW0u6iMPr0aimAxvs
--> X25519 jwUC9PB+fD/Wtvyi8ngEAamyScllZZqM+vS+yVQ7fS0
+-> X25519 4hQH9z/z4JF7chKf7P3L+eorQHojuEf51YukjyKaf2Q
-A+ZplDCAxdQpWCjEg7OxEl22a79BiBPjJNW+bB8EprY
+Ce623tTN1jGwbKnHPbnDpJMGG3KdZCd3kM1fBzC+mqI
--> E21RFxX-grease s
+-> :(-grease mxbrVm>
-l/K1CHcO1eTXcvUV61UGM7279M5xaU5jFwirI7Kc1Eb7b6LD7u8968fiQXKJy+bS
+rZKeB2I+ThUqHOB43Icv91gDI6J+1yYknWHul0/Uv0LDSgSKBpIhYv4Gkd/mOnPS
-D7A2x2SPrNXFbjI5kdIGZ2gLLBE
+Ow
---- sl8/38fMzipYZL6p6yJ8LUazLDl6dVrR3Cd5ZApgy6M
+--- bEHjGQBQ60BLD9cnDjg+oR0W3HOwLgADCqX3yqrwjHk
-ò_)”I‡©©Y÷kÂ=ùÌ’êfz_"#Á˜«.È?×IF:7Å)òV±K’èÍýDÈ&æo<C3A6>õÊí]“=£°Êåû«Èù²Wú^ì»ô
+<EFBFBD>š¸¾¯y‚M£Ëã¤<EFBFBD>ÌX«Ïš¼&u(“‘áHqˆfŽdzR¾x(G©t·{¢ô r§ Àv?–Þ3üÉ·¹½¯ÞÕ‚–
YË<59>+­