diff --git a/.sops.yaml b/.sops.yaml index 19ae9cc..27a1222 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -5,6 +5,7 @@ keys: - &vueko BB046D773F54739757553A053CB9B8EFD7FED749 - &fuuko 2372651C56E22972C2D9F3F569C8187C9C43754E - &mayushii 23EEDF49AAF1B41DCD1CD10F44A37FA8C15053B3 + - &yuzuru F4B5F6971A1FAEA1216FCE1C6745A652A31186DB creation_rules: - path_regex: machines/nunotaba/secrets\.yaml$ key_groups: @@ -31,6 +32,11 @@ creation_rules: - pgp: - *simon - *mayushii + - path_regex: machines/yuzuru/secrets\.yaml$ + key_groups: + - pgp: + - *simon + - *yuzuru - path_regex: secrets\.yaml$ key_groups: - pgp: diff --git a/keys/machines/yuzuru.asc b/keys/machines/yuzuru.asc new file mode 100644 index 0000000..6f18a44 --- /dev/null +++ b/keys/machines/yuzuru.asc @@ -0,0 +1,28 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +xsFNBAAAAAABEADlgmSvdnFWue1i5dS1qA9df+cRQDA1NDBHYm5dGpsTe7xghvde +9B1aAzWxbxeppwr2IHvLo1boWyH0ODC5HFxvleaYd6R9oLljQvxZEPq8ANWMyxDx +T4MyRlLClegMrUaCoQTFxoO7LFujrhKPC1+r/JVBBehJrpw31WAUQV2SLDTPFRMJ +GVAJXR1vplafbftlkI9K3t12T1RrD1D5QxPtFPPEdwdfPQ8CDE7cCado9iv+P3e+ +9gA3fE0HJzS1ZRySF0sZ5lP3RX3ZBoY7z/8s3ZHGCYfD9ssGwZS5ByjMk2eJiPY2 +tX0ZwffBdzAwyq64e1/ddubGTIhKNPd5Iy2GCnOEgPMC8TCke5Zz5IeInUE3ANyS +zkuwpCbqT8Vu541yqhs8+dOnH3srgks9OH2Ar2ctMWx3gmICDoCLHrWfbvlkqUwB +cxnGxAeNzOXiem1Fu5IJwVC5JR1+5b4dqa3k+f/nuWRizvrU26OP/1S+NTz3T7/W +TEF6KyE7+dy3K4IO95SDYwVp6mF/0fh4FTahNi6B1BDEAZKZjaVXyd2TOk77Y7si +Tc98E4SUTUlRRCLh8SmUmxalI168LLgGMwUWhDvRw6EP7uh9FBEi1kLXnN6am0kP +q1jgQL798DzFwcgEYTx7rTDHZLkbwrxWA32Lpu3T6twtaZiQE+o7wuXMTQARAQAB +zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT +AQgAFgUCAAAAAAkQZ0WmUqMRhtsCGw8CGQEAAIyAEAA89dyQvXx4sS7I1nRlMw9q +Agbi4h1lrCifEH6srlInbg3kZNgnlsDY+cVCIiy8m/Oyupn0U4uduMI8P7R5kgWQ +g9+FKFXoLK8P1kO5gani+tWNmBW49leSN8un9YAviKele5wDM/Dg+rNbWDaYHKu5 +SspZV/SiP0JkxXOgxkMgOOl97kNmvv6O3qYHPG5rz5P/YV0pdDSi1cfhdREvTPAl +eNqzMrdEuE/GUrYJYeF8kN+TswBubTgy4WBqQdMlS+Go1B/7HQd56pl5BHiHM8HZ +l01ljbgqdYdggmXt7CI90Txe3RRduzKS4ncEQ1VVQiXEmOzU7emu+DFwknGnSgTW +gW6Nps3u2XhcsJNczf2PdEzDAv0oNAp4So7JdTGetkJ1Yw4quS0l1XWWBm+cf376 +nanAGkENvuBbS36kgHNjNT1EnUnyJoMDMnc1AmSSlTf/ORc+JrzM4PtMonhWJTAU +eM66tozyJ3qYWApiI2doYwMDuh/u3jvqpTddxklaNFUOxIA2VITP0EgCFkVjW2u3 +0gPY2tV6AtcxcUn1NnhS92xf0//O4fcGOwlTvNaPqDuF0mk9OazAPQ5L37mfNZzb +XUc3AyZXRZNhlE+aNfeJSKtzFCpGUJfstPmkdOwPxK29G4GDbjzWevpYF9Rv6Xpq +Ky38rXnis6Hpih/z6/7HOg== +=5Ki8 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/machines/default.nix b/machines/default.nix index df5048b..81e5de0 100644 --- a/machines/default.nix +++ b/machines/default.nix @@ -36,4 +36,10 @@ in hardware.common-pc-ssd ]; }; + yuzuru = { + system = "x86_64-linux"; + nixpkgs = inputs.nixpkgs-unstable; + + targetHost = "yuzuru.sbruder.xyz"; + }; } diff --git a/machines/fuuko/services/prometheus.nix b/machines/fuuko/services/prometheus.nix index 7feedfe..0835369 100644 --- a/machines/fuuko/services/prometheus.nix +++ b/machines/fuuko/services/prometheus.nix @@ -75,6 +75,7 @@ in "mayushii.vpn.sbruder.de:9100" "sayuri.vpn.sbruder.de:9100" "vueko.vpn.sbruder.de:9100" + "yuzuru.vpn.sbruder.de:9100" ]; } { diff --git a/machines/yuzuru/README.md b/machines/yuzuru/README.md new file mode 100644 index 0000000..c71ebd8 --- /dev/null +++ b/machines/yuzuru/README.md @@ -0,0 +1,18 @@ +# yuzuru + +## Hardware + +[Hetzner Cloud](https://hetzner.com/cloud) CX11 (1 vCPU, 2 GB RAM, 20 GB SSD). +It has no swap, since the disk is already small enough. + +## Purpose + +It provides privacy-friendly proxies/alternatives to popular web services: + + * Invidious + * Libreddit + * Nitter + +## Name + +Yuzuru Nishimiya is a character from *A Silent Voice* diff --git a/machines/yuzuru/configuration.nix b/machines/yuzuru/configuration.nix new file mode 100644 index 0000000..cf78039 --- /dev/null +++ b/machines/yuzuru/configuration.nix @@ -0,0 +1,39 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ../../modules + + ./services/invidious + ./services/libreddit.nix + ./services/nitter.nix + ./services/sbruder.xyz + ]; + + sbruder = { + nginx.hardening.enable = true; + wireguard.home.enable = true; + full = false; + trusted = false; + }; + + networking.hostName = "yuzuru"; + + system.stateVersion = "21.05"; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + services.nginx = { + enable = true; + + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + }; + + services.journald.extraConfig = '' + MaxRetentionSec=1week + ''; +} diff --git a/machines/yuzuru/hardware-configuration.nix b/machines/yuzuru/hardware-configuration.nix new file mode 100644 index 0000000..1fae7f2 --- /dev/null +++ b/machines/yuzuru/hardware-configuration.nix @@ -0,0 +1,39 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot = { + initrd.kernelModules = [ "nvme" ]; + loader.grub.device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/b8ceb0bf-1a67-484b-bf57-c16653c23716"; + fsType = "btrfs"; + options = [ "discard=async" "noatime" "compress=zstd" ]; + }; + }; + + networking = { + useDHCP = false; + usePredictableInterfaceNames = false; + interfaces.eth0 = { + useDHCP = true; + ipv6.addresses = lib.singleton { + address = "2a01:4f9:c010:e4a7::"; + prefixLength = 64; + }; + }; + defaultGateway6 = { + address = "fe80::1"; + interface = "eth0"; + }; + }; + + # no smart on qemu disk + services.smartd.enable = false; +} diff --git a/machines/yuzuru/secrets.yaml b/machines/yuzuru/secrets.yaml new file mode 100644 index 0000000..d61a5ca --- /dev/null +++ b/machines/yuzuru/secrets.yaml @@ -0,0 +1,53 @@ +invidious-extra-settings: ENC[AES256_GCM,data:sWvf8ASNUTmdRj9HTsXCkPDg0yQ+Hc+ddnHst72pGBKq0403o5erMzudPm5TVvTEzHeeNDB5d+lTt760s6S2diUMc8l/k3G8Z9loYf0Dpx7o,iv:vqyzZ2B4WQB7AmGDp64nu+Xi+6Jxm6m7D3SUfYq0DZs=,tag:aeQQLerfBEjkpi1NW1x2jw==,type:str] +wg-home-private-key: ENC[AES256_GCM,data:KIUvsIhz2Rc4uHRQla714xfOxL9ke1WzRAbXVTDd6UyNkYQkuYIxIpmXQw4=,iv:usnONR35DtIVH2CV4tGSBz5FsZyMlEDzSQiYLDQLRnw=,tag:M1V4HhtByXogMacjajl1iw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2021-09-08T16:21:04Z" + mac: ENC[AES256_GCM,data:8Q52a8+6mO/LCjNR7yo4olqz8fJIqus7XUZ6FtRzzlEGeYvkBD6zFuz0QJBUl8gRtmj04tQWUn4fEKz8LApSluHXHoBv4/WVBNm/vL9T2k7SiAJmxhbU5wZmNt+Hg++Kvn8yZ6KXgpG6KVl5qu+/CHuJu2m39AvpTj9NJ+ThCUc=,iv:r037pF9rVUqe87+D7pVjxqgFM/hFALSWHFx8kB/fXFk=,tag:GsA95+KyajrKb5XMpVOB2g==,type:str] + pgp: + - created_at: "2021-09-08T16:11:14Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMAwDgSONkM+d4ARAAhB2PfDQ+KeTI22tc2i4Bc5mVUMDHVpUFn81GzEubwrL0 + xKqhDgCYfOogahJ7nvor/kLo0YSQuNs8mSJEgnBVnC4GnzeTQucJ5y8Ke/erBV0P + xscrZSINv4XtUllGFKc6LcKC+J9sbEcjDUMLwTiMBMcnhjm6mjOkT46ldIwXfnVq + vbKaVvUj0U/6awt0f/mqmce8PNfHzJ6rubcEEplBTLG/Qu+tmYFNVcWtsmP21SCt + u3Va9JeKmkIa83MY1khtnpSA2rnUa/acZL7vTRTcpCh8qvShtfoMrn9BKTjFhV6i + ggrkZKf4StJ+A1wgqw2IbwTH+M+5FM5loI4/9xQnkPkyiJIQByZXwQP2/EmuFpPE + sF5UByFTrpC/d7kN7R/xXFcGDIf384RM7Ia4W4XleyKUJ4XHWDkecFU1oT1kLcsA + kIYNgjEq4TSAVJMCKa4q3fQilaJ0K27Bvs3p90brzVEnM128k6eavpkrcjojs0JU + mV3ixEcS9OBwFfmQolekEt9TJebGNVmzg89TAQ3xn3DAJJPtBsmgM1LliJ39/ev3 + SeO1rQPBWaxurKksWsDoqcqUtB0r+yR/flfh+Lr+iAgi+fS4W67WwcPm/9SENlUV + 8OJ/YEkFxhBGiwJEudIGXQ965Z7+wSbpn1ILUaEvGvWvuOg1L6KjCUVbIbH92fjS + XAETVqe2zqU2IENVIY/HiMfUQG58M+CVytaWr4zyQ9X4Fc9BmvmjUgSn/4d/LdU3 + kDT/tDL1fvdX1prXIGUseScSQGPxOamWFB3TPqzWdjhvbkEtT8wp8FqKP/Es + =rPPP + -----END PGP MESSAGE----- + fp: 47E7559E037A35652DBBF8AA8D3C82F9F309F8EC + - created_at: "2021-09-08T16:11:14Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA2dFplKjEYbbARAAyvcLSp8ktZ/dqVROfa+xeeIFt9J5EGREnAgES2h9wy8m + 21tsQWPajIwD3H52XW6Z1s0nxG8qUe1bz9RWvd51sonmZZobezagr9YfDMTMji8Z + Hmj+fQ0OdhQdJgaUc8JObvmTNeJyjodKS4TbOZqT/SCheS7DhnzcucqlN0uiVuHT + DIUzhM1uzHKcU8IOSclz4LPWLrKvn1yuRGKOplBuvwvd5g2I4QA5obq9Je4WYKEv + XL9quQfWW2OBV5XMK132Ttv6aXSJcrxDiI5CsvKivOcB+Rw9wjEesMJ9wBe8Od0L + jP/ehkGBsxq107M9srbn2WKjkvXFwpdDzpaQG2w1ZSIwHnsNunlDiU95oIDUcW3Y + p0JeL9Nn7uBvsnOKkBMCgXNH1VOBSLxRUDHlDVJIHWNl7TCqPfzKCc8ttq+lbmOf + dbATPhXh9wXQ1GgduexFGK4DSKteqSC8bgKC5JnmLx2ijOSgLGxaL4snAs3oqD2Q + gQptmLgiuFlof98l3TVJDN1yc6ononyIA72gvQ7e+zme6Q7UkkXU7gJHnd9k9YAL + 7GQcxn9kTCz/iXxC3+ac/IMZae9b5bz8UGZdsI47RoovZ3dJlGj8jkjPJ7QTfZml + 9EVuGkO0qWyPDzy14VTaCtKjtTOGm5iZwd8G63BPbaAlfyd6412QbisyC5ClICLS + TgF/ABxdrd/GbBzs3w7/8bAjR13EAVJWzqUQgKxluP0UxIthZn5od2f3pPaEyvfd + 30eBLqpclcaQNIbGtv0qr5Ehjs26uKbAOXmNX+GbdA== + =h33S + -----END PGP MESSAGE----- + fp: F4B5F6971A1FAEA1216FCE1C6745A652A31186DB + unencrypted_suffix: _unencrypted + version: 3.7.1 diff --git a/machines/yuzuru/services/invidious/0001-Prefer-opus-audio-streams-in-listen-mode.patch b/machines/yuzuru/services/invidious/0001-Prefer-opus-audio-streams-in-listen-mode.patch new file mode 100644 index 0000000..a96a910 --- /dev/null +++ b/machines/yuzuru/services/invidious/0001-Prefer-opus-audio-streams-in-listen-mode.patch @@ -0,0 +1,33 @@ +From 3c692fc4fd5ea7faefc6b6ef63c9b6b20205a1cb Mon Sep 17 00:00:00 2001 +From: Simon Bruder +Date: Thu, 9 Sep 2021 16:56:57 +0200 +Subject: [PATCH] Prefer opus audio streams in listen mode + +--- + src/invidious/views/components/player.ecr | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/invidious/views/components/player.ecr b/src/invidious/views/components/player.ecr +index 6418f66b..73524cfd 100644 +--- a/src/invidious/views/components/player.ecr ++++ b/src/invidious/views/components/player.ecr +@@ -7,6 +7,16 @@ + + <% else %> + <% if params.listen %> ++ <% ++ opus_streams = audio_streams.select { |fmt| ++ metadata = itag_to_metadata?(fmt["itag"]) ++ metadata ? metadata["acodec"] == "opus" : false ++ }.reverse! ++ if opus_streams.size > 0 ++ audio_streams = opus_streams ++ end ++ audio_streams.sort_by! { |fmt| fmt["bitrate"].as_i }.reverse! ++ %> + <% audio_streams.each_with_index do |fmt, i| %> + <% if params.local %>&local=true<% end %>" type='<%= fmt["mimeType"] %>' label="<%= fmt["bitrate"] %>k" selected="<%= i == 0 ? true : false %>"> + <% end %> +-- +2.31.1 + diff --git a/machines/yuzuru/services/invidious/default.nix b/machines/yuzuru/services/invidious/default.nix new file mode 100644 index 0000000..9191bf0 --- /dev/null +++ b/machines/yuzuru/services/invidious/default.nix @@ -0,0 +1,49 @@ +{ config, pkgs, ... }: + +{ + sops.secrets.invidious-extra-settings = { + sopsFile = ../../secrets.yaml; + group = "keys"; # not ideal, but required since the invidious user is dynamic + mode = "440"; + }; + systemd.services.invidious.serviceConfig.SupplementaryGroups = [ "keys" ]; + + services.invidious = { + enable = true; + package = pkgs.invidious.overrideAttrs (o: o // { + patches = (o.patches or [ ]) ++ [ + ./0001-Prefer-opus-audio-streams-in-listen-mode.patch + ]; + }); + nginx.enable = true; + domain = "iv.sbruder.xyz"; + settings = { + host_binding = "127.0.0.1"; + log_level = "Warn"; + default_user_preferences = { + # allow higher qualities + quality = "dash"; + quality_dash = "auto"; + + # humane volume + volume = 50; + + # no “popular” content + feed_menu = [ "Subscriptions" "Playlists" ]; + default_home = ""; # search on / + }; + disable_proxy = [ "downloads" ]; # legal precaution + local = true; # no external requests + use_pubsub_feeds = true; + modified_source_code_url = "https://github.com/sbruder/invidious/tree/patches"; + }; + extraSettingsFile = config.sops.secrets.invidious-extra-settings.path; + }; + + services.nginx.virtualHosts."iv.sbruder.xyz" = { + locations = { + "/robots.txt".return = "200 'User-agent: *\\nDisallow: /'"; + "/privacy".return = "301 'https://sbruder.xyz/#privacy'"; + }; + }; +} diff --git a/machines/yuzuru/services/libreddit.nix b/machines/yuzuru/services/libreddit.nix new file mode 100644 index 0000000..0813bf5 --- /dev/null +++ b/machines/yuzuru/services/libreddit.nix @@ -0,0 +1,19 @@ +{ config, ... }: +let + cfg = config.services.libreddit; +in +{ + services.libreddit = { + enable = true; + address = "127.0.0.1"; + }; + + services.nginx.virtualHosts."libreddit.sbruder.xyz" = { + forceSSL = true; + enableACME = true; + locations = { + "/robots.txt".return = "200 'User-agent: *\\nDisallow: /'"; + "/".proxyPass = "http://${cfg.address}:${toString cfg.port}"; + }; + }; +} diff --git a/machines/yuzuru/services/nitter.nix b/machines/yuzuru/services/nitter.nix new file mode 100644 index 0000000..f04a5d4 --- /dev/null +++ b/machines/yuzuru/services/nitter.nix @@ -0,0 +1,44 @@ +{ config, lib, ... }: +let + cfg = config.services.nitter; +in +{ + services.nitter = { + enable = true; + server = { + port = 8081; + hostname = "nitter.sbruder.xyz"; + address = "127.0.0.1"; + }; + preferences = { + theme = "Auto"; + replaceTwitter = "${cfg.server.hostname}"; + muteVideos = true; + hlsPlayback = true; + replaceYouTube = "${config.services.invidious.domain}"; + }; + }; + + services.nginx.virtualHosts.${cfg.server.hostname} = { + forceSSL = true; + enableACME = true; + locations = { + "/robots.txt".return = "200 'User-agent: *\\nDisallow: /'"; + "/" = { + proxyPass = "http://${cfg.server.address}:${toString cfg.server.port}"; + extraConfig = + let + # workaround for nginx dropping parent headers + # see https://github.com/yandex/gixy/blob/master/docs/en/plugins/addheaderredefinition.md + parentHeaders = lib.concatStringsSep "\n" (lib.filter + (lib.hasPrefix "add_header ") + (lib.splitString "\n" config.services.nginx.commonHttpConfig)); + in + '' + ${parentHeaders} + add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'"; + ''; + }; + }; + }; +} diff --git a/machines/yuzuru/services/sbruder.xyz/.gitignore b/machines/yuzuru/services/sbruder.xyz/.gitignore new file mode 100644 index 0000000..dcaf716 --- /dev/null +++ b/machines/yuzuru/services/sbruder.xyz/.gitignore @@ -0,0 +1 @@ +index.html diff --git a/machines/yuzuru/services/sbruder.xyz/default.nix b/machines/yuzuru/services/sbruder.xyz/default.nix new file mode 100644 index 0000000..27be34e --- /dev/null +++ b/machines/yuzuru/services/sbruder.xyz/default.nix @@ -0,0 +1,40 @@ +{ pkgs, ... }: + +{ + services.nginx.virtualHosts."sbruder.xyz" = { + forceSSL = true; + enableACME = true; + + root = pkgs.stdenvNoCC.mkDerivation { + name = "sbruder.xyz"; + + src = ./.; + + nativeBuildInputs = with pkgs; [ pandoc ]; + + buildPhase = '' + runHook preBuild + + pandoc \ + -s \ + --metadata-file metadata.yaml \ + -f commonmark_x \ + -t html5 \ + -o index.html \ + index.md + + runHook postBuild + ''; + + installPhase = '' + runHook preInstall + install -D index.html $out/index.html + runHook postInstall + ''; + }; + + locations = { + "/imprint/".alias = "${pkgs.sbruder.imprint}/"; + }; + }; +} diff --git a/machines/yuzuru/services/sbruder.xyz/index.md b/machines/yuzuru/services/sbruder.xyz/index.md new file mode 100644 index 0000000..c56134c --- /dev/null +++ b/machines/yuzuru/services/sbruder.xyz/index.md @@ -0,0 +1,64 @@ +On this domain, the following services are currently available: + + * [Invidious](https://iv.sbruder.xyz) + * [Libreddit](https://libreddit.sbruder.xyz) + * [Nitter](https://nitter.sbruder.xyz) + +They are all semi-public instances. +That means, they are not included in lists of public instances, +but feel free to use them for personal purposes. + +You can do so by using a browser plugin like [Privacy Redirect](https://github.com/SimonBrazell/privacy-redirect) +and configuring the addresses to point to this server. + +However, please note the following if you want to use them: + + * These services are provided as-is without any guarantees. + * You must not use these services for any activities illegal under Finnish or German law. + * You must not use these services to interfere with the operation of the services + or the sites that originally provide the data. + * Please don’t over/abuse these services. + They run on a tiny VPS and won’t be able to handle high workloads. + +Also note the following service-specific things: + + * **Invidious**: There are no backups, so you are responsible for using the data export feature to back up important data. + +The VPS providing the services is running NixOS. +The configuration is available [here](https://git.sbruder.de/simon/nixos-config/src/branch/master/machines/yuzuru). + +If you have any questions, please [contact me](https://sbruder.de). + +## A Note to Copyright Holders + +The services are only relaying content that is otherwise already available on the Internet. +If your rights are infringed by content available from this site, +please report this to the site originally making it available. +Otherwise the content will still be available on the Internet. + +If you still want to report illegal content to me instead of the original site, +send me an Email to the address stated in the imprint. +This is the fastest way to resolve the issue, +so please use that if you care about it. + +## Imprint + +See [Imprint](/imprint/). + +## Privacy + +The Libreddit and Nitter services do not store your personally identifiable information. +If you log in to an Invidious account, +the data you provide to the service will be stored. +You can export or delete that data by using its built-in data control feature. + +In the case of an error, details of the problematic request might be stored on the server +and used strictly for debugging and fixing the error. +Those logs will be deleted after one week. + +#### Fine Print + + +This site and the services provided by it are not associated with YouTube, Reddit and/or Twitter. +Trademarks are property of their respective owners. + diff --git a/machines/yuzuru/services/sbruder.xyz/metadata.yaml b/machines/yuzuru/services/sbruder.xyz/metadata.yaml new file mode 100644 index 0000000..b8826dc --- /dev/null +++ b/machines/yuzuru/services/sbruder.xyz/metadata.yaml @@ -0,0 +1,3 @@ +title: sbruder.xyz + +mainfont: Roboto, Helvetica, Arial, sans-serif diff --git a/modules/wireguard/home.nix b/modules/wireguard/home.nix index cb17381..a9759d1 100644 --- a/modules/wireguard/home.nix +++ b/modules/wireguard/home.nix @@ -18,6 +18,11 @@ let address = "10.80.0.9"; publicKey = "nnLdgywXmDg8HWH6I0G28Z2zb4OmmyFDpnvvEBzKJTg="; }; + yuzuru = { + address = "10.80.0.8"; + publicKey = "2pQ2r0q+960dq7wXr1c5Shcz6K+rdhIA8fKAu2Lnhl0="; + public = true; + }; }; cfg = config.sbruder.wireguard.home;