diff --git a/.sops.yaml b/.sops.yaml index 8fdefb7..aa4eb59 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -15,7 +15,7 @@ keys: - &mayushii 23EEDF49AAF1B41DCD1CD10F44A37FA8C15053B3 - &renge 06a917fc4a2a1b6b0f69a830285075cac85b7035 - &nunotaba 3176be14f468c6d43ab2206b4f273abccd49806b - - &okarin 868497ac4266a4d137e0718ae5fc3caa3b8107aa + - &okarin e7370b48016c961ef8ad792fda66b19d845b3156 - &shinobu 28677f2e3584b39f528a779caf445ebb39c882b7 - &nazuna 0b8be5d87a10a0e68dda97212c4befad1f9e915c - &yuzuru a1ee5bc0249163a047440ef2649e770ec6ea16e4 diff --git a/keys/machines/okarin.asc b/keys/machines/okarin.asc index 92c8d37..fbeebd4 100644 --- a/keys/machines/okarin.asc +++ b/keys/machines/okarin.asc @@ -1,28 +1,28 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -xsFNBAAAAAABEACgnoiAZQChPJOD9Bh4VxtX+/KWZXBrw9HhK1aufLH2Q4bS+mrg -Te5SgFrfsiiYOvo8O2rESmMIWAHRSGxcdcT09+ZZtZxlxW7dmoUXLaPY+Xft0oDT -ekLBs/g3N9qAXYq8XC/YNw0R1FzhComq/enQT2OTcaWES3b2OlFAkn8SVSTTdKgG -jfmPPjDuTTYWPDPPmVRhaRkT/AcByyRcEcYxw4Zn+62iY9ZuV8FG0O0UcR2I/vEw -KwYxHBC4IiqWvCmeJ3mEcf2NBbLwp2hB79dyo9RN8zxbu2mwrCNNO0hbkJGsxom1 -NjKh7KZz0eaIpb/WAesimHCaAXcB9ovGiyyHjECmZkvKlAXMttrPkF5QJZW2Iao7 -jcdcT0CNhC9fUwdBPIVRVjQQPyCWrqZEas+zG0tU8nbMy+uI/rT8ALC0zSgQMVyr -YDIM7tYHbuBjgHja8gvwAa116L+uTXzkCTuH3OQHowtuvDjorXDKNs5akqJpAPHF -a/fhXzjtY6RfLVp0Hj1+fnwrzMs0D1YdlJEjsBxvpieMTGPXH0YA5ondK/OsHsQD -uzUgKzgGpq8Kp7hXhxi8gevHmNgVN1F4CNlTy0qOkFgD8U11Fk9O4svI+OtzslPr -/EXRC/faJeFdT20M0BIqhQVWZFiRRMMsHJgZ04mWG40Wysm8esZ3dwS53QARAQAB +xsFNBAAAAAABEADJ6iuUnKyoNZU26YWhsIHwTIkhxnNCNDHrq42wSqDgBFU8QyzC +Nd8c34QghVGeqCFr/Md5xXMtgCmoNzFCMullb6PwDIYZ+9SP03B2seoqhnRwp1WG +twejt/dP3QgOBP3G4Tr8uxcdHFnLDvkzN66QyV+LcnzrEf0Dw/9y31Nuo5TlG7UT +cUCg36a3l+1tTlc3VnGwjt5jc59teD619h1s5tU5zMlcgjhFMMVKHXH1oc8zK0Q4 +va2YyfW+yWZx9Fm9BWF3VLuBdVlPuHVSCZ/Qf/ykDs8nm7Jvwi/I2TQiAeFN7ln9 +vPAYy4z0SQP/w44kVLCe5Mkw4H53LRocPBgxSflzqnJuuEQGroq0xgbP8+xJ8R0h +5WPqLuy86PhslFsuIfKJgzVsNsz3svBxHO6G5bIsVgIjdfT4QPGxVQSvXG0RpdV0 +HzhUKojENcS2MEB7MJOLu200Ce3tjuaZD+nPUyH9LilNVgEJXMN0+9SfXmzyH1mE +ENW6JWUC+oDgweodltJJ2z3kiaXf0GUNWFEv5P0uxkky3nsed4lDmEs0j0nT3YoS +0hemgdK8X3ZRMuLAxGLCL0SykmsbOdTTzZ/QCak8/0jI8iko9eDrmJ4rNkrQYT4+ +TM0JEpI3wA4ksl5WcB2cpM/G8buw/zNTycgbjcKoYL+E2K+L7JeR9F1DgQARAQAB zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT -AQgAFgUCAAAAAAkQ5fw8qjuBB6oCGw8CGQEAAOyUEAAHW0hbAjCKylnIaezMqNiG -yDwfM+MpNXaqB4sG0UUiIdgSUTk06PN5dlQ0Jfvh1I7P9y8CxqamlqCUXiqqWEOR -Am3Q7oxQKQdSDz//2ijWLdNFcT7bxZvNKQ/T78UYka/qmuLHx2jSuakAX2pAUrOf -K7mbElSu8LD0y8hIDEyxuzB/aL13sHh1LkOUCSEgZ977EEfIEgPidPwEtGJvEbhN -DaP94cLNapv/lWux8+O5dzKi4R7ghXl6IvrP2LPXQSPF7C3mMZ1ZSX1nFxRjALXi -xiFbrJFkwEQQmVro/3wX9BZSmt6VnFRKkXnsCLlf9eT0aTmTirtqHgfet0PHqTNt -CxrlLKTZFN3ZFropGZ070ESs4i6WZUBpTdsYh/htyo5bWMcHO8J+K+Ttd1M8btM4 -RtpAc/2UXa4+dVpLOGqdqkmUEJLVLyGnj9wZZgkx3tWGhjnSohCW3YqffQYlXUFn -xuiQQ8jKM6luuunMXLt6D9dzOch70z9bnjOm1Z6q/S3PIzn++awzA6N3VTKNuUBP -Phs6hlcAeqdQ6Q2EiS5iXKqPdK1nd9cPKzHOJf1fwlaRPSKeCtXUgkjAClu+heEn -rst1nggIhCBs+rHc518BVZvISLNVlj5LVwN0mKOk9YPuZItBCGX96WWJZdMHeZk0 -MsxjN+we2woCXG5SJGYOyA== -=UTw1 +AQgAFgUCAAAAAAkQ2maxnYRbMVYCGw8CGQEAAMkCEAClRHcH4fUUpdXroevY9qpR +O6op26pqBZ839HoD9f4kaZXerhURWVGPcV81uUapR5/B8Pk/OK9LskBetDvoc+J1 ++B3vM34cRIzbSs55BVrx/Mk6Vn9utPoyutlaJ/b5VMCmz4f2zU/XwPbXOzouvVrn +uy/bqY7aNz0eoeU7lKXrXc9as+VoJgc3Ty9Tt1vPi8lfTeQfmxUDtoer47dhn89C +3fL9R5/4utKt5nRtweOh6+z9T36jNodeHy3VhpuMnUBKsWSQn6Op2sLoeb6FJbh0 +t5Tz1AZhqjT4HY8bGWK8v2i916BmGseFjge7CECYg9M5MydznHl9z87sBUiruGs4 +fQTZi8IQySaQ8jCqCx+PB1PYUAsZj4j3o74mx2/erAw8gxBlrme44CuikVdbEKMV +qYzW/jVJ6EPobtmq+XN8UzU/arf5/BelcU73sQK9fbvCqi47ZMyjC/3UqZ0O12xt +uUjf2IcDl8TyWZ3nSSUV7npXrrT05kC6WMK46TwO9wv8F3v3/35UmonAJt8qp/lw +2PNR5W8Sqxr2s+yhkOsh2xwuqBQkdxhqRKeqTv4+kdGAk6ZUmuHmGa1Qni6VsaKT +TuNRRTEBfQ0QiqF8+lleT2dP4cKI2vAbI0zvyjX6KvNGRb1VlJw3D6Pa0nXW/YQU +NxR1Jvm5bnGfUcnNlzoB4Q== +=6o0h -----END PGP PUBLIC KEY BLOCK----- diff --git a/machines/okarin/README.md b/machines/okarin/README.md index b9eea31..decac96 100644 --- a/machines/okarin/README.md +++ b/machines/okarin/README.md @@ -1,5 +1,5 @@ @@ -8,7 +8,7 @@ SPDX-License-Identifier: CC-BY-SA-4.0 ## Hardware -[Ionos Cloud VPS](https://cloud.ionos.de/server/vps) S (1 Xeon Gold Gold 5120 vCPU, “512 MB” = 443 MiB RAM, 10 GB SSD). +[Ionos VPS Linux XS](https://www.ionos.de/server/vps) S (1 Xeon Skylake vCPU, 1 GiB RAM, 10 GB SSD). ## Purpose @@ -22,32 +22,50 @@ Okabe Rintaro is a mad scientist from *Steins;Gate* Much like the namesake, this server requires a “mad scientist” approach to set up. +However, it is much easier than setting up its predecessor, +which had just above 400 MiB usable memory. Ionos does not offer any NixOS installation media. -I could only choose between a Debian installation media, Knoppix and GParted. -Also, installing with a very low amount of memory is quite hard. +I could only choose between various installation media and rescue systems. +Also, installing NixOS with a low amount of memory is problematic. I therefore created a VM locally with a disk image exactly 10737418240 Bytes in size. On there, I installed NixOS. -Because encryption with `argon2id` as PBKDF is quite memory intensive, I had to tune the parameters some. -What I settled on was -`cryptsetup luksFormat --pbkdf argon2id --iter-time 10000 --pbkdf-memory 250000 /dev/sda3`. +Because encryption with `argon2id` as PBKDF is quite memory intensive, +I had to tune the parameters to ensure decryption was still possible on the target. +This can be done quite easily by interactively running the following command on the build VM: -To make btrfs use its SSD optimizations, -I had to force the kernel to see the device as non-rotational: -`echo 0 > /sys/block/dm-0/queue/rotational` + cryptsetup luksChangeKey --pbkdf-memory 100747 --pbkdf-parallel 1 --pbkdf-force-iterations 29 /dev/vda3 -Another problem was the usage of VMware by Ionos. -The VM I set this up with was obviously using KVM/QEMU, -so it needed different kernel modules at boot. -What worked was setting it up in the local VM with both libvirt and vmware modules, -and then removing the libvirt modules once it was installed on the target. +The memory size was obtained by a successful run of `cryptsetup benchmark` inside the initrd on the target. + +However, since those parameters are not ideal, +the following should later be run on the target host itself: + + cryptsetup luksChangeKey --pbkdf-parallel 1 -i 10000 /dev/vda3 + +This will determine the memory usage automatically, +use one thread +and set the parameters so that decryption takes 10 seconds (10000 ms). +The memory usage will not be as high as it could, +but it will be better. Getting the disk image onto the server was done by first `rsync`ing the image to another server (to allow for incremental iterations), which then provided it via HTTP. -Using the Knoppix live image (booted with `knoppix 2` to avoid starting the gui), -it was possible to just `curl http://server/okarin.img > /dev/sda`. +Using the Debian installation media in rescue mode +(as for some reason most other options tried to cache the file in memory and became very slow) +it was possible to write the image to disk with `wget -O /dev/sda http://server/okarin.img`. Because of all the pitfalls of this, you probably need more than one try. +To make debugging easier on the target, the following option can be set: +```nix +{ pkgs, ... }: + +{ + boot.initrd.preLVMCommands = '' + ${pkgs.bashInteractive}/bin/bash + ''; +} +``` diff --git a/machines/okarin/configuration.nix b/machines/okarin/configuration.nix index 3624de1..c2075df 100644 --- a/machines/okarin/configuration.nix +++ b/machines/okarin/configuration.nix @@ -21,7 +21,7 @@ networking.hostName = "okarin"; - system.stateVersion = "22.11"; + system.stateVersion = "23.11"; networking.firewall.allowedTCPPorts = [ 80 diff --git a/machines/okarin/hardware-configuration.nix b/machines/okarin/hardware-configuration.nix index 1715572..6179035 100644 --- a/machines/okarin/hardware-configuration.nix +++ b/machines/okarin/hardware-configuration.nix @@ -5,6 +5,10 @@ { lib, modulesPath, ... }: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + sbruder.machine.isVm = true; boot = { @@ -12,41 +16,34 @@ extraModulePackages = [ ]; kernelParams = [ "ip=dhcp" ]; initrd = { - availableKernelModules = [ "aesni_intel" "ahci" "sd_mod" "vmxnet3" "vmw_pvscsi" "vmw_vmci" ]; - kernelModules = [ "dm-snapshot" "vmw_balloon" ]; + availableKernelModules = [ "aesni_intel" "ahci" "sd_mod" "sr_mod" "virtio_net" "virtio_pci" "xhci_pci" ]; + kernelModules = [ ]; network = { enable = true; # remote unlocking # for some reason, the DHCP server does not transmit the static route to the gateway in a form udhcpc understands # this works around this, but is arguably quite hacky postCommands = '' - ip route add 10.255.255.1 dev eth0 - ip route add default via 10.255.255.1 dev eth0 + ip route add 85.215.165.1 dev eth0 + ip route add default via 85.215.165.1 dev eth0 ''; }; - luks.devices."root".device = "/dev/disk/by-uuid/67f2990c-636a-4d80-9f6d-7096fec9e267"; + luks.devices."root".device = "/dev/disk/by-uuid/1dcb9ee1-5594-4174-98a7-a362da09f131"; }; - loader.grub.device = "/dev/sda"; + loader.grub.device = "/dev/vda"; }; fileSystems = { "/" = { - device = "/dev/disk/by-uuid/8e3082d1-4af3-4d5d-9fde-d30dc7552d41"; + device = "/dev/disk/by-uuid/3ab8f4a7-952c-4b6c-93c6-7b307d5bb88b"; fsType = "btrfs"; - options = [ "compress=zstd" "discard" "noatime" ]; + options = [ "compress=zstd" "discard" "noatime" "ssd" ]; # for some reason, the kernel assumes rotational }; "/boot" = { - device = "/dev/disk/by-uuid/883c77e8-53bf-4330-bd9e-89ef71ad9518"; + device = "/dev/disk/by-uuid/97aec56b-5fea-4445-83dc-4a20dcf482ce"; fsType = "ext2"; }; }; - swapDevices = [ - { - device = "/dev/disk/by-partuuid/d9cf5716-25c8-4f72-80e3-696e0dfe1079"; - randomEncryption.enable = true; - } - ]; - zramSwap = { enable = true; memoryPercent = 150; @@ -63,11 +60,6 @@ name = "eth0"; DHCP = "yes"; domains = [ "sbruder.de" ]; - address = [ "2001:8d8:1800:8627::1/64" ]; - gateway = [ "fe80::1" ]; - networkConfig = { - IPv6AcceptRA = "no"; - }; }; }; }; diff --git a/machines/okarin/secrets.yaml b/machines/okarin/secrets.yaml index dcd40c2..60f8a19 100644 --- a/machines/okarin/secrets.yaml +++ b/machines/okarin/secrets.yaml @@ -1,80 +1,80 @@ -wg-home-private-key: ENC[AES256_GCM,data:4L8aIvgFi+mBjnyVy5IkPaeJRadJ5NCKZprSkBPwMNiVaIscjAdp2yinBSk=,iv:6pBo+6M4EkEjz184XvisWXEoomqJXa4M8Qa4nJHI65U=,tag:3DEsmA2xxAlx/PSbD3HOIA==,type:str] +wg-home-private-key: ENC[AES256_GCM,data:RkdgneGhH7prr/tkvHJeChQku2eXve9pV/SvtwsOjeinYO9veHw0rimdonY=,iv:vK6zNpu8F+TSLDTaif686Awjhs8WS2XJHzMtlvqlsIM=,tag:aKhV+kspVu+0CgPmYersxw==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: [] - lastmodified: "2023-05-06T08:49:32Z" - mac: ENC[AES256_GCM,data:B7e3sh96p2DlqM2SgHWoJ7RZ2q5tnZ6lohNc7UKmwG1HTkrPKW/6jobW2InQnbZn1bPmCERoJIF9QyUz+OxotTiKIXxSL7BJkkfpIkWy9IgjIeADjevHkplm2rXONiXaM2sD46bPKbuRzuhbCZtNwUH74gTVfKPVLVrzpnPRC74=,iv:TTXlBGhO7xLCC3Ad+xiQKmy4b0n0vuQRaCdoe7vpzSE=,tag:dZCharRGK//w48ePu7d2eQ==,type:str] + lastmodified: "2023-12-25T22:06:33Z" + mac: ENC[AES256_GCM,data:VbjyqrqDLCBDD9vGOHxSzsr9a5ZFFBJUkBRxJYBLereMDvInPFZnTwplHHkS5TdDFFAsjrcCgpCuPsUIbDdxFUNNtjdIe5JJwFMwT8XEFrgcswMGSKD6mIH2VBWop5pqoAV0eQ3YfKtDyhNHwixR8a+Z+hbGAY01Z19yteo51ZM=,iv:69EeBag+iUEoa18I0w1HeJKRwSQVCMRqUdV2CzUzMnY=,tag:WViKXJExL33jQAIWHUS8xw==,type:str] pgp: - - created_at: "2024-01-22T00:20:17Z" + - created_at: "2024-01-24T12:19:03Z" enc: |- -----BEGIN PGP MESSAGE----- - hF4DLHeEFiC484ASAQdALOHWjRYEy+oURe+ERyiQYDjFPDniV0awCBMahhaLzCMw - faMYpJTpirKixpFnPQ1W0aIiQ2/grcEJ4qYyXYG7GrqLcFMQfZOV8humZOLnZNB6 - hF4Dub78fMESoMASAQdAhpmpD8cyJSauuTHM/RTjLybR1VUGcIY7kLqrB33QLG8w - aLu7q0wjY0Rs+7PtJiSKd6O4VOBRrsBmLc7QuBZ4cgBwUfE38g8LuXayuOLZQNb1 - hF4DM6AcvgVUx2MSAQdARr9S5DSGRJOcv2IgYMzko8fkMHlIR9uIJdJLMdcJER4w - RjcC/s5+P0b7wy9bIaAv3vk3FX4hw56QzhqAXcA1zU1kyjEHPnv3qsiiQbcKDjb0 - 1GYBCQIQG5VczwWUidoTYkHgZveZhkVyYIiZc/YQrY6n71OrVnUKaH5kZn1XrMKE - zRzcc4XCiu8CaSkQp68eqKeHwI8U5N/LAtjHbACxAq6GHatf/+LvJx4CbUrPZxw2 - PWZwSFBCZEg= - =r7sK + hF4DLHeEFiC484ASAQdA4PdmtZTlpcdfuYKSuKN6X4EGjh/l2D8Jxt7dg1y/Z0kw + ScG/nWs9hVMFTBeqSM0eHgFfcZhBB/L85eNf9thktTUbcWq0GEUcz5mwUqILtkfA + hF4Dub78fMESoMASAQdAMcVZokes0YKtbUZp7b9zq303WXPga5yn8LbhnaRrHycw + +ECn4t8y8SXFICpAZ5n+xj5U8MdmdKOzhNQLleFKIHtWdyeUlwFi0qYYP8MRCLTB + hF4DM6AcvgVUx2MSAQdAIzXqgZ8WiIxIV05BumWLsyZUChwvDQc47NMd5ehhBEQw + I1LY11LTNENypr5q0mhy615kIbsdhpzAVLf4Bkf921zABsfFzuY5zJHqi8SKVm7/ + 1GYBCQIQHPC99/GrpHG703gozt2I0P2XMhlRpzj359qStWaQZ8NBL5Ugo5BLvphf + 1/WYAlvnH4Uov2TxKdQs65IJSadQgs7lBWB5gqHklZ76E4Q+00oMQxwGjzMdddA/ + hRlLbnUDE1Q= + =ol1Y -----END PGP MESSAGE----- fp: 6CD375BD0741F67E5A289BC333A01CBE0554C763 - - created_at: "2024-01-22T00:20:17Z" + - created_at: "2024-01-24T12:19:03Z" enc: |- -----BEGIN PGP MESSAGE----- - hF4DLHeEFiC484ASAQdAGdRYvRfki1zKA2YHnPprf1ld5kJkai4fzxuuH1D3DRQw - zt5XhSFMx5ii7C3LIVjGgKnn6A6KTe1Tj314OYtrLeCGV8Eli+eOiSgi4c0nL709 - hF4Dub78fMESoMASAQdAb38j/KxQlLRJLrtE5mS1XVCmaEIvyJU1uVcSVU3Bdhgw - f3iepOZgggHOCiHOCs+UWRmiudwoYqMzXF8G9pb6ESsy01cc1y6mXPh6sftKc6Iz - hF4DM6AcvgVUx2MSAQdAhq0ynXfS/eYrDAYdxj/qyEg8c2lHFYSaUVtr6v3B/Rcw - Su08ppwK9wSbVaEL6p4NPJ0q9mt/36OsvZNaEWL2i7kkrD6q+2yvaGwh/fPcokWI - 1GYBCQIQRzg0YDKpmBGZY0sC37nIkUC4blEpFTgl+lma0ZQ9PUfbRP3ijRrxyPv/ - aNkUpVAVxjh3VnV/NEm2s03x62iO4uiGoU0BUeI8Jjy4Tvuuodvmfpd4wZw7Mq+V - B8h2L/JR7Yo= - =/wMt + hF4DLHeEFiC484ASAQdAaXq+nn0DDx+RAkEC+x+yeP5xbCIdXkR9tQCgWx1s0jkw + VRgFkiBa6IsS0vmYknobXkizETtNjEhJ8vNw9nP0zPdjuUZBId2/bJZa7aFdIFRU + hF4Dub78fMESoMASAQdAMLbBcLnc+5UVDsx50SgCVjQoHO4JGE53DE6Q+frDEiow + rVFbLxWlJ/aw9baRdKUMkIUJftnImUQgolXvEfUjdS/oOdY69r4psLlHLQX11Ow1 + hF4DM6AcvgVUx2MSAQdAUZV3q/IXwUbRv9EokTe+4o83XzeS1h4GK3/3wjnKDHkw + xHFJR2clEMDlaq7Rx3FTr2a7MlzSnzBLtIwdw5b9ytuRvHjD5q7zCf5bihYnvdjV + 1GYBCQIQFt+CYziUXtEHjJFC1t+S3qkyPRAsVgZL8WlxbKzteW0NOdIZofHx6skG + Ebn8aadKcGg534DkwEt5DpIosXKUx4LN5xsCNoU9dHFYMSFE2nzJE4KNFJ8tzRQk + G+tyNMgCYhM= + =2QnY -----END PGP MESSAGE----- fp: 0C8AF4B4320A511384DF6B5BB9BEFC7CC112A0C0 - - created_at: "2024-01-22T00:20:17Z" + - created_at: "2024-01-24T12:19:03Z" enc: |- -----BEGIN PGP MESSAGE----- - hF4DLHeEFiC484ASAQdAoM3SQYYUQq6OGImJaecw42BZOwOec75IWS00ZorR31ww - uaRdi54liGiKpjaebhPcLkX+0TKcW0h11kw6X1wrru1JWi3YLbjohv0qCtfa4wpc - hF4Dub78fMESoMASAQdASH4+jxa7Qr9AkJpHHPmMx9cj3XyPXLpfzXJ7Yb40pHMw - zBiVmQApa4K+ZOVw/vpcSNaN6FufFoDb5IguwHIq+9vILvjvku6YFgAJ4gC76LOP - hF4DM6AcvgVUx2MSAQdAZGNp/j1sF0rmHhImhnuhgpn9NgRuFtL+BH5dorvrPwIw - mK5LsWHvyBFyC+SDNe4mrRkdia/xPECmcWrbvptGVjqlZnjmUbtrYhG+j5O6/817 - 1GYBCQIQ/du7No+ULrBrjWc3q826ju8AqekySHtteKZclRmcHSNP4UEXcmTEMRNL - 8lMJYK0G3uA9FXO9+2E39k/nIatBGuoaukW7zCouB3bLARZE00Oqh6qHCWVyFJ/S - Gzwk8dC0wdc= - =BWUr + hF4DLHeEFiC484ASAQdA6ojEbZ8HccTtorNbyw9aVKO73AJy6jTGV/qLt+FWoRgw + SsOLiL0UmF1OV7zmXE0ihkWivPqLHtp1U89aYucpAA69DIh4+6M7GUk1xDMxFfRo + hF4Dub78fMESoMASAQdAV2z2DgUz2xWopnDzXywdpHb9eMe9ZxdABxpOJ0ECeBww + wOC1x+IKIbIRZBDL7jbVUOk1G+GzCL4M7/G7XFSTFYMKvMKkc0Rh69pywFuGaqG8 + hF4DM6AcvgVUx2MSAQdA7bKGjcW81bzf58FlGGVDy/HjNyuEPNSVZXy0M+/WZAcw + 3iXR9MecA97bKKKhLyNSdYmYlAjZJVIdwd6vjNWjxaB7BIWTYhudTjHesLMxB0vc + 1GYBCQIQlp1TDaBVxalDkeCEjDMRFatgJ3CwulzzW9B8qywOooS0BNtNbtTKGwEh + AxDL+wdeqkPABQ0wQ8hYGOw5z665jEOC2JbqbQ7N6LPQZRx/MowO2dGT/kKh2U9H + VOK1Bc67BzU= + =3z3V -----END PGP MESSAGE----- fp: 403215E0F99D2582C7055C512C77841620B8F380 - - created_at: "2024-01-22T00:20:17Z" + - created_at: "2024-01-24T12:19:03Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA+X8PKo7gQeqARAAhtUvR20r2NV8SNWVuVSopTfCGwaJV99+PEp/l0UjHX6B - lpHgQNHegP6YEsAj5HNFEcV3vM+nbC0hbTtcERBZoxTkyDPOaRAyJpNfGniZVxxp - jxSr/unCN6aJCbdqJZZZlitq84brMQWUE373Rb9B4cNdTYONabZbzZmwTDyzkVR0 - ctjmkdBG0upqNn7vukSIg7DM7D9pFolS9142reF7e5jTlxBFWR1Jt+O9A1zypfvq - tK2z9C1pM9LDRmUrKJ/HOKwu6P6USeTKFrp7Gfjr1UkmbgNunxgsdI6gwKY38SpJ - T+tELs68oC5pGFpZufnYkrGL313HC7Vp/+2+m+W5qXbyNqhDS6uVQHjqz/ROqByb - YwJw+x7810nL8+SleXst8oZpxDNDm+TnvWQAH6WiRBSpgVwy945SMvGG+1FLYps2 - qOsRMjr+titLZAaUpmIh/oDHG/XOpKPQflcc4/V7t2HK6vLX+xvPIQU8Y5TJkr1T - nIIh7sMZBUldnUGUfFE3ksP5Gje5OHqK8xoFwYHFGK4QQzXFjPFN2QNvni2z9Y4R - LLMvyEavqgIa6AeseqMnLuB2hz6wy/JNU/EPUalNca6RleoVA0DjKgjgDTlhQ5Al - a6sRTy+KmXFfzdO97MJJEkNgA1Hbi1/IpREeA50lYtrDqUvhxw+l1V8N7jw+ZWTS - VgHYyLUxdmOUsqEgQPVA7jiqWePwFEuEDEDVE+d6CcuvFuHFNV1jJEjit3R0wJOd - QpqnfxW4QTD+JFNJgrD7bj4y1Gu9Z6Lg1IBnHnOwDIoCJoAHp0y6 - =sy/X + hQIMA9pmsZ2EWzFWAQ/9Gl4dO83SmvGHyhEfile6G9ZUmhxwU2RFpPwEmjh4CV/v + z1k2zgdF200a6tj96977VhjhIG/LZioEi41M1QdIqgkGsKy89DluCY9RDTqMmqzo + w65JhI+PQqdQuKlsbUh2VLql7LijoIUxuBPowWG1lULZtEvRuCchM5rLFiBSC2YO + DA0T73kC2P89CNZlOllZNnVRCRrxm7IsEO6Mo1yOeJL16mYqC9qGGKnvYEbsSm4n + 7ZZJvxXGnNzaXisyyjcJNgtsJAUX4TTlPH+Y2jpkhdHUvOkiwVQEokmnqTIKUp0e + 7Dc6ZXApFQ1DlMMsjLwy+5AQJQZbY4p4jo9rvmON5i5DLPy4rN5yf8W7zwkuy2gN + Id53gxDZxHw0+mRsfYRrdOvmfUqqz79TyWVV8bvHR2Mo3shdL1fsWOzTlm66Y9Vt + 4coJxgUsJEFdnsnXAFep2V18Ypg36b9wQXtZDXWtTg36UliZZ95sUAG2vHQDS50b + 5XG07m1w8YgQSeiCObteAt4PqxEs1GYWmtRUmr4jvRQQzmVXCQP6+o0QJ5WK9bKl + auwT+H7POBJ3l+h9ykvmOidkAzeN7EWIirzvhDHsxvCklGCyo+Y3W5ZaLaFGfc/3 + pdj1G/REVT6aQMtSuYUsD7QoZeiNNBNJXAtUuUS6mWxch8RnkW718wxYZLvi03jS + VgHaVWepbw/q0COmjyofCt1qZH+WMKSAguiQ6PHWAdP3hnzGgd7Qo84W54Fb3m1R + da72FFnILc3IYImbJI6QgJxAeS2K95nIWKdSix07c+m0zzFkemnB + =F0pC -----END PGP MESSAGE----- - fp: 868497ac4266a4d137e0718ae5fc3caa3b8107aa + fp: e7370b48016c961ef8ad792fda66b19d845b3156 unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 diff --git a/modules/authoritative-dns.nix b/modules/authoritative-dns.nix index ff756e3..238488c 100644 --- a/modules/authoritative-dns.nix +++ b/modules/authoritative-dns.nix @@ -15,7 +15,7 @@ let addresses = { vueko = [ "168.119.176.53" "2a01:4f8:c012:2f4::1" ]; renge = [ "152.53.13.113" "2a03:4000:6b:d2::1" ]; - okarin = [ "82.165.242.252" "2001:8d8:1800:8627::1" ]; + okarin = [ "85.215.165.213" "2a01:239:24b:1c00::1" ]; yuzuru = [ "85.215.73.203" "2a02:247a:272:1600::1" ]; }; in diff --git a/modules/ssh.nix b/modules/ssh.nix index e643930..c1de1d4 100644 --- a/modules/ssh.nix +++ b/modules/ssh.nix @@ -60,12 +60,12 @@ publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHUEVBJcEibRdQzp0bDXpPqLGQ8vtQTKTcpGZU07W4eo"; }; okarin = { - hostNames = [ "okarin" "okarin.sbruder.xyz" "okarin.vpn.sbruder.de" ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaev8K5KhRovW75IdZ0HYlzvxxo0haeCM0xCVEOuDSa"; + hostNames = [ "okarin" "okarin.sbruder.de" "okarin.vpn.sbruder.de" ]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJvRAiEAV0Oulii0w3xcHCb0/oHqpA0hz3bn//BQnR8T"; }; okarin-initrd = { hostNames = [ "[okarin.sbruder.de]:2222" ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINJbp0kZJEXf1gSVcBsef1Bihd5iCzhzSbjgyrC1SXXT"; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKOV+azRrT1zICmDe9D7bm3pOaFzaT+cVXCvxgY1bAbP"; }; shinobu = { hostNames = [ "shinobu" "shinobu.lan.shinonome-lab.de" "shinobu.vpn.sbruder.de" ]; diff --git a/modules/wireguard/home.nix b/modules/wireguard/home.nix index bb81b53..8da9798 100644 --- a/modules/wireguard/home.nix +++ b/modules/wireguard/home.nix @@ -33,8 +33,8 @@ let publicKey = "LscDAJR0IjOzNuwX3geYgcvxyvaNhAOc/ojgvGyunT8="; }; okarin = { - address = "10.80.0.10"; - publicKey = "KjDdTOVZ9RadDrNjJ11BWsY8SNBmDbuNoKm72wh9uCk="; + address = "10.80.0.14"; + publicKey = "QOxkngtrkuXVMZyqWeGKh2ozn3x7GJsxwrlKje7jDmA="; }; shinobu = { address = "10.80.0.12";