diff --git a/flake.lock b/flake.lock index 952cc17..9fb528b 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1754493613, - "narHash": "sha256-dI4LG8519Q8xWtUR/RrjkSNYEx8fgw7VLqC8mZ7ZxnI=", - "rev": "9cad07473252d3272c359f4b12b766c6bd7534aa", + "lastModified": 1755781116, + "narHash": "sha256-ZrKyMWet3TcN9fkXNQY60z2YpGMizgYD21DkLMmqDOk=", + "rev": "1aaa157f20de4bab88282b92e85ee98d01cfdf17", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/9cad07473252d3272c359f4b12b766c6bd7534aa.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/1aaa157f20de4bab88282b92e85ee98d01cfdf17.tar.gz" }, "original": { "type": "tarball", @@ -60,11 +60,11 @@ ] }, "locked": { - "lastModified": 1753140376, - "narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=", + "lastModified": 1755519972, + "narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=", "owner": "nix-community", "repo": "disko", - "rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c", + "rev": "4073ff2f481f9ef3501678ff479ed81402caae6d", "type": "github" }, "original": { @@ -81,11 +81,11 @@ ] }, "locked": { - "lastModified": 1754420989, - "narHash": "sha256-3e4wHzNwTMg7GaeLH9A091DMaO9AfFxUjpfqbddCUeo=", + "lastModified": 1754487366, + "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "7f38f25a44023a21a504bd3fd9d4f41c4a39f55c", + "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", "type": "github" }, "original": { @@ -94,6 +94,66 @@ "type": "github" } }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flocken": { + "inputs": { + "flake-parts": "flake-parts_2", + "nixpkgs": [ + "tg-ha-door", + "nixpkgs" + ], + "systems": "systems_2" + }, + "locked": { + "lastModified": 1737581094, + "narHash": "sha256-MSjyNy4zENfngnSdXQ6ef/wwACB0jfDyhy0qkI67F9A=", + "owner": "mirkolenz", + "repo": "flocken", + "rev": "97921a2650cb3de20c2a5ee591b00a6d5099fc40", + "type": "github" + }, + "original": { + "owner": "mirkolenz", + "ref": "v2", + "repo": "flocken", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -101,11 +161,11 @@ ] }, "locked": { - "lastModified": 1753592768, - "narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=", + "lastModified": 1755776884, + "narHash": "sha256-CPM7zm6csUx7vSfKvzMDIjepEJv1u/usmaT7zydzbuI=", "owner": "nix-community", "repo": "home-manager", - "rev": "fc3add429f21450359369af74c2375cb34a2d204", + "rev": "4fb695d10890e9fc6a19deadf85ff79ffb78da86", "type": "github" }, "original": { @@ -115,6 +175,34 @@ "type": "github" } }, + "ixx": { + "inputs": { + "flake-utils": [ + "tg-ha-door", + "search", + "flake-utils" + ], + "nixpkgs": [ + "tg-ha-door", + "search", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754860581, + "narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=", + "owner": "NuschtOS", + "repo": "ixx", + "rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "ref": "v0.1.1", + "repo": "ixx", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -123,11 +211,11 @@ ] }, "locked": { - "lastModified": 1751313918, - "narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=", + "lastModified": 1755751773, + "narHash": "sha256-d1H34kko9J5fWrxCVgfa1TkIwdkGt/eDSVopAWenw24=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf", + "rev": "3a0a38a1e7ac2c4b4150ea37a491fdffdc9c92e1", "type": "github" }, "original": { @@ -151,11 +239,11 @@ }, "nixos-facter-modules": { "locked": { - "lastModified": 1750412875, - "narHash": "sha256-uP9Xxw5XcFwjX9lNoYRpybOnIIe1BHfZu5vJnnPg3Jc=", + "lastModified": 1755504238, + "narHash": "sha256-mw7q5DPdmz/1au8mY0u1DztRgVyJToGJfJszxjKSNes=", "owner": "nix-community", "repo": "nixos-facter-modules", - "rev": "14df13c84552a7d1f33c1cd18336128fbc43f920", + "rev": "354ed498c9628f32383c3bf5b6668a17cdd72a28", "type": "github" }, "original": { @@ -167,23 +255,35 @@ "nixpkgs": { "locked": { "lastModified": 315532800, - "narHash": "sha256-lUi+sPH7Kuh9uP3PyfgbENcJGReUM8Ffk9GxGBFbSN8=", - "rev": "be9e214982e20b8310878ac2baa063a961c1bdf6", + "narHash": "sha256-h8Sx4S+/0FpodZji6W9lHzwY5BcuUG85Aj3GfhvGC2o=", + "rev": "a650b5d0de99158323597f048667c4d914243224", "type": "tarball", - "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.11pre827262.be9e214982e2/nixexprs.tar.xz" + "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.11pre845298.a650b5d0de99/nixexprs.tar.xz" }, "original": { "type": "tarball", "url": "https://nixos.org/channels/nixpkgs-unstable/nixexprs.tar.xz" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1735774519, + "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" + } + }, "nixpkgs_2": { "locked": { - "lastModified": 1754689972, - "narHash": "sha256-eogqv6FqZXHgqrbZzHnq43GalnRbLTkbBbFtEfm1RSc=", + "lastModified": 1755704039, + "narHash": "sha256-gKlP0LbyJ3qX0KObfIWcp5nbuHSb5EHwIvU6UcNBg2A=", "owner": "nixos", "repo": "nixpkgs", - "rev": "fc756aa6f5d3e2e5666efcf865d190701fef150a", + "rev": "9cb344e96d5b6918e94e1bca2d9f3ea1e9615545", "type": "github" }, "original": { @@ -197,7 +297,31 @@ "inputs": { "clan-core": "clan-core", "home-manager": "home-manager", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_2", + "tg-ha-door": "tg-ha-door" + } + }, + "search": { + "inputs": { + "flake-utils": "flake-utils", + "ixx": "ixx", + "nixpkgs": [ + "tg-ha-door", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754869408, + "narHash": "sha256-G1zNuxiCDfqNQVoL9j5v+ZYfUER7AI158ev98/JC8LI=", + "owner": "NuschtOS", + "repo": "search", + "rev": "2f5478267557a0f7a70d953b6c0867a5b4282739", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "repo": "search", + "type": "github" } }, "sops-nix": { @@ -208,11 +332,11 @@ ] }, "locked": { - "lastModified": 1754328224, - "narHash": "sha256-glPK8DF329/dXtosV7YSzRlF4n35WDjaVwdOMEoEXHA=", + "lastModified": 1754988908, + "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", "owner": "Mic92", "repo": "sops-nix", - "rev": "49021900e69812ba7ddb9e40f9170218a7eca9f4", + "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", "type": "github" }, "original": { @@ -236,6 +360,58 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "tg-ha-door": { + "inputs": { + "flocken": "flocken", + "nixpkgs": [ + "nixpkgs" + ], + "search": "search" + }, + "locked": { + "lastModified": 1755008682, + "narHash": "sha256-7KRljl+Kh3CeL530LxAzTCs19zPSTd63Ats6x0d7zM8=", + "owner": "peprolinbot", + "repo": "tg-ha-door", + "rev": "8d981e2b4b047d0aca3226b2bf1a7d4eb2c3fa10", + "type": "github" + }, + "original": { + "owner": "peprolinbot", + "repo": "tg-ha-door", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -244,11 +420,11 @@ ] }, "locked": { - "lastModified": 1754492133, - "narHash": "sha256-B+3g9+76KlGe34Yk9za8AF3RL+lnbHXkLiVHLjYVOAc=", + "lastModified": 1754847726, + "narHash": "sha256-2vX8QjO5lRsDbNYvN9hVHXLU6oMl+V/PsmIiJREG4rE=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "1298185c05a56bff66383a20be0b41a307f52228", + "rev": "7d81f6fb2e19bf84f1c65135d1060d829fae2408", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 7f7bf92..6c76918 100644 --- a/flake.nix +++ b/flake.nix @@ -8,6 +8,11 @@ url = "github:nix-community/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; }; + + tg-ha-door = { + url = "github:peprolinbot/tg-ha-door"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { diff --git a/machines/aresix/configuration.nix b/machines/aresix/configuration.nix index 769905e..2bf5e14 100644 --- a/machines/aresix/configuration.nix +++ b/machines/aresix/configuration.nix @@ -1,6 +1,9 @@ {...}: { imports = [ - + ./modules/reverse-proxy.nix + ./modules/home-assistant.nix + ./modules/dyndns.nix + ./modules/network.nix ]; services.logind.lidSwitch = "ignore"; diff --git a/machines/aresix/modules/dyndns.nix b/machines/aresix/modules/dyndns.nix new file mode 100644 index 0000000..cc2343c --- /dev/null +++ b/machines/aresix/modules/dyndns.nix @@ -0,0 +1,15 @@ +{config, ...}: { + clan.core.vars.generators.duckdns = { + prompts.token = { + description = "Duck DNS token used to update the Dynamic DNS"; + type = "hidden"; + persist = true; + }; + }; + + services.duckdns = { + enable = true; + domains = ["campares.duckdns.org"]; + tokenFile = config.clan.core.vars.generators.duckdns.files.token.path; + }; +} diff --git a/machines/aresix/modules/home-assistant.nix b/machines/aresix/modules/home-assistant.nix new file mode 100644 index 0000000..439bf53 --- /dev/null +++ b/machines/aresix/modules/home-assistant.nix @@ -0,0 +1,73 @@ +{ + inputs, + config, + ... +}: { + imports = [inputs.tg-ha-door.nixosModules.tg-ha-door]; + + clan.core.vars.generators.tg-ha-door = { + prompts.telegram-bot-token = { + description = "Telegram token for the tg-ha-door bot"; + type = "hidden"; + }; + + prompts.home-assistant-auth-token = { + description = "Home Assistant token tg-ha-door will use to connect to the instance"; + type = "hidden"; + }; + + files.credentials-file.secret = true; + script = '' + { + echo "TG_BOT_TOKEN=$(<$prompts/telegram-bot-token)" + echo "HA_AUTH_TOKEN=$(<$prompts/home-assistant-auth-token)" + } > $out/credentials-file + ''; + }; + + services.tg-ha-door = { + enable = true; + credentialsFile = config.clan.core.vars.generators.tg-ha-door.files.credentials-file.path; + settings = { + TG_KEY_CHAT_ID = "-1001455284010"; + TG_LOG_CHAT_ID = "-1001359679497"; + HA_URL = "http://[::1]:8123"; + HA_DOOR_ENTITY_ID = "cover.puerta_verde"; + DOOR_OPEN_CLOSE_TIME = 60; + }; + }; + + services.esphome.enable = true; + + services.home-assistant = { + enable = true; + openFirewall = true; + extraComponents = [ + # Components required to complete the onboarding + "analytics" + "google_translate" + "met" + "radio_browser" + "shopping_list" + # Recommended for fast zlib compression + # https://www.home-assistant.io/integrations/isal + "isal" + + # Additional components + "esphome" + "mobile_app" + ]; + config = { + http = { + trusted_proxies = ["::1"]; + use_x_forwarded_for = true; + }; + + default_config = {}; + + "automation ui" = "!include automations.yaml"; + "scene ui" = "!include scenes.yaml"; + "script ui" = "!include scripts.yaml"; + }; + }; +} diff --git a/machines/aresix/modules/network.nix b/machines/aresix/modules/network.nix new file mode 100644 index 0000000..5874971 --- /dev/null +++ b/machines/aresix/modules/network.nix @@ -0,0 +1,18 @@ +{...}: { + networking = { + interfaces = { + enp1s0.ipv4.addresses = [ + { + address = "192.168.1.30"; + prefixLength = 24; + } + ]; + }; + + defaultGateway = { + address = "192.168.1.1"; + interface = "enp1s0"; + }; + nameservers = ["1.1.1.1" "8.8.8.8"]; + }; +} diff --git a/machines/aresix/modules/reverse-proxy.nix b/machines/aresix/modules/reverse-proxy.nix new file mode 100644 index 0000000..dec4250 --- /dev/null +++ b/machines/aresix/modules/reverse-proxy.nix @@ -0,0 +1,32 @@ +{...}: { + security.acme = { + acceptTerms = true; + defaults.email = "personal+letsencrypt@peprolinbot.com"; + }; + + networking.firewall.allowedTCPPorts = [80 443]; + + services.nginx = { + enable = true; + + # Use recommended settings + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + virtualHosts = { + "ha.campares.duckdns.org" = { + forceSSL = true; + enableACME = true; + extraConfig = '' + proxy_buffering off; + ''; + locations."/" = { + proxyPass = "http://[::1]:8123"; + proxyWebsockets = true; + }; + }; + }; + }; +} diff --git a/sops/secrets/duckdns-token/secret b/sops/secrets/duckdns-token/secret deleted file mode 100644 index e802e93..0000000 --- a/sops/secrets/duckdns-token/secret +++ /dev/null @@ -1,19 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:G7Yjne4hVJACbokvD7NKXfMZY30uS0nFZ9N7XspbbojMb0/Y,iv:ujUBZ6hikqw8eaT8lDaXwKQnl3zJH9tdn2d2XX9N7kU=,tag:TE12/T+UWa5jlKuMEpJ8jg==,type:str]", - "sops": { - "age": [ - { - "recipient": "age12dw69nvfyqype23gmn4cy7wccr6ct3luj05hat4g65kzwqz9rpzs7z4jpe", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5TjdOYzBLTHd0dWZMdS9V\nNnE5TWJpSVVtZWpPaU42eDdpNWlTL0RkUjFzCmJYUm5IbWNBeGRXdVFsRzdSdXN0\ncXZKYlhwV05OWW9LNC9IeHozNTFVMDQKLS0tIGtTU0pNNzZUZDhjTVJ6UnBXbm9r\nQncxRjI0NkJUYm90TWdNLzZrbGlLTGcKPZnVq/AKN1melr8J0qw1LPhFLu4W2MrJ\nGA7v/AHdttjdgttBSMXD1xqVh51wBaLmvq+uV2uyOICmpBQjAuq+qw==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1r2sw9uncvkqtklypw4rttufhw86lhhqrghed8l2kda6hdrd9ypyqm7y863", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwZGZqTzZCeXdlWGdPTHhP\nZmNZRVNVWUJiL01YQmFyVy92TUhYMkswZVZJCmdzOUs0N3h2czBlaDNINDVlVllP\nQ0x1Mk1NQ2MyV2owaDBFZ2RmZkVPTDgKLS0tIHlEVWJtK0p0WXZLZHR1WXRXbXJM\ndjJxREhJajUyRGg1YjFEMTlRVUs2cGMKKOy4TrLw/tjQFUe0xTkwn89nj42QUBov\n9Cz4eS/MBukX8PIuzSIyQKz/+IvlJDo2yIVkxZLFHrbFutYWCzoMrg==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2025-08-09T23:12:46Z", - "mac": "ENC[AES256_GCM,data:iGaV0VNShS98ibtTfMasv+Z1B6bsYQdDrwyxIJqiUpZGSXAuuU/kJKhDjIDDdXS/OX8JaHqIubAo66Ro00uLv+HDUOsyt8+5JWwUP1OzrUliR9PqtlNGLRO/3aF780Zlyy847ZdTzT6fm3K3OG720GcnXg2jFoQ4dYjwM6+BBsc=,iv:Xi/Mgsf/vHDRtDFPaiIm9kz4kSVkm28YPZ2uNA+ixGQ=,tag:hlXN0Qa1mgkODQVWtbvdmg==,type:str]", - "unencrypted_suffix": "_unencrypted", - "version": "3.10.2" - } -} diff --git a/sops/secrets/duckdns-token/machines/aresix b/sops/secrets/tg-ha-door-creds/machines/aresix similarity index 100% rename from sops/secrets/duckdns-token/machines/aresix rename to sops/secrets/tg-ha-door-creds/machines/aresix diff --git a/sops/secrets/tg-ha-door-creds/secret b/sops/secrets/tg-ha-door-creds/secret new file mode 100644 index 0000000..1707f80 --- /dev/null +++ b/sops/secrets/tg-ha-door-creds/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:nF3dqb+z1CU/RWaAZmBQItOp2fQrMGDf3qjyvVnC73ERFHGLdeO6L0rI5IT81h7QGbjPf15rXX5TlNRhafAlorH7H5ZWRZgmCkFyOr2Imf4rvBu3Cp9pi5ioe3lv4omZn0puXu1vgsh/k/JLxQl1QjRhVFcBFE6TPs7bi8+AzIlSUfhfUb8ZHzyN/dr5DaxsLXaFsvnjWWUSTLiqujRMzIp/R5w32bvUDvquTsDLE2Pb9VCcwMTxw2+uWem9mA47HUTLpPjks4X1Zghx8LcD8qLfOfmpeZBqESHjFh+iBE9CsOvhpjL8H5hLePmrbYlIIImSVX1dJrbiFRZ7GZZOdKg=,iv:Mp4u/LiIhFm3AXzGL8/l4iUsvslukywG9UyO5gfl8zs=,tag:j4nQ/lJUd0CYFssl5UK2/Q==,type:str]", + "sops": { + "age": [ + { + "recipient": "age12dw69nvfyqype23gmn4cy7wccr6ct3luj05hat4g65kzwqz9rpzs7z4jpe", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXMnVmdGU2RWUra3RvMjQx\nNzFVV1MrUkV5QWZTSFZKZDg1N1VsbVhpcVUwClgwdWdqdklnZUQ5RWJUTHRmMktz\nNVVNaUN5cjQ5cXFpc0syTTEveHF1MlEKLS0tIGVWZGNOQ010ekQyS2Mvck1pVEsv\nNjlBOWtpUnd0eE9pZEczSTlMVDNXS0UKVy8fRJjx1pbDrE4UWDC3ToE7mlRGPX6x\nklEE0V0vNF9K4VTMOPsmX5+kFeJ6BzuZ8sDcEbhrgPJiOq1iB1Jq6Q==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1r2sw9uncvkqtklypw4rttufhw86lhhqrghed8l2kda6hdrd9ypyqm7y863", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSdkl1K0ZxOXdVYVR1cmNh\neUI2MS9DVUZqdWI4dFFEZ3MybTZ3MTB5RzFjCkhMRDRxWjNFYks3K1ZRQWlpY2FD\nRnExUmNpZEE0WnpPbGhENXlQeGxXaFEKLS0tIHIvdDZvM2NwL2hIT2xqOUJKd09j\nS1ZXOTRnbjkzUUlaQk9nRFYwV0pjVncK3dDkECQGlQKzv8Vhzb0LGy2qDWvTKCrf\nECYs9phEeqY9idfilt6LxkZvPo78To154X11ai9ikizLKO/q5EeWhg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-08-14T13:07:05Z", + "mac": "ENC[AES256_GCM,data:EyZF+5pu8PeUIiIrD4j3i9IQOTSs30D8b57ygkAO1TBLCajKqjMGDT7ULv0ggRfAz0zj7v5RSQkr6VMlpEdbgA6oP41wrrBJbRn3tPCkJ20dItoyHeIGSjLuL7WWEdSjlKeK8TkP8msyK0pp7rNIoR0HX+HyC85ypEiC/PFhfSY=,iv:t59eIanDCzbta7iZQZ/mSGpYbaT0J/8r6a7EXXetoU8=,tag:twx73NwVkTcX/lgQvjtwLQ==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/sops/secrets/duckdns-token/users/pedro b/sops/secrets/tg-ha-door-creds/users/pedro similarity index 100% rename from sops/secrets/duckdns-token/users/pedro rename to sops/secrets/tg-ha-door-creds/users/pedro diff --git a/vars/per-machine/aresix/duckdns/token/machines/aresix b/vars/per-machine/aresix/duckdns/token/machines/aresix new file mode 120000 index 0000000..a7839bb --- /dev/null +++ b/vars/per-machine/aresix/duckdns/token/machines/aresix @@ -0,0 +1 @@ +../../../../../../sops/machines/aresix \ No newline at end of file diff --git a/vars/per-machine/aresix/duckdns/token/secret b/vars/per-machine/aresix/duckdns/token/secret new file mode 100644 index 0000000..52ee983 --- /dev/null +++ b/vars/per-machine/aresix/duckdns/token/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:W51pdNRamnw8GPmvaXBc4Usn2sNibH9HvgheWcdf8vs/fMhE,iv:aiVHhLbe7zVgKhg7xzE5qEHlD8NVc18aHHzd/NrzAK0=,tag:8z7ICtg8vhXk3454tVKT8g==,type:str]", + "sops": { + "age": [ + { + "recipient": "age12dw69nvfyqype23gmn4cy7wccr6ct3luj05hat4g65kzwqz9rpzs7z4jpe", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTSEJNTUMveEFkOHJGRGhJ\naUFrTmRHTFFsM1ljUmljcW53amU4Ymc3cEU0CktLNG9WRUVORkF6RDVyOWoxbkE5\nbHd2c2IybVgxNDBKa2hPcWN5K1M5MmcKLS0tIDVBUVdWTncva3VVOFNFZ3hPWkpK\nUllSM3FtRisrUFMxRFd1M0s3Sm9ORm8K5ktz+YLzsOj63lP1KWyqa6EiFLfm3miz\naib7kPYuXZ3theWsEw8hc0VzbAJurzrb9vryhQCAxuv5tobQoi5MnQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1r2sw9uncvkqtklypw4rttufhw86lhhqrghed8l2kda6hdrd9ypyqm7y863", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Zk96SnVZcXJPZkJwa0xV\nWkNGckt5RDB2RDNsNVI4MFNwRndWRXJvcFFJCmo1dllOWnhhSTNWUkkxMWhPVFRp\nazJuMHREbGFoVG0vSm1qZytEQWh4dFEKLS0tIGJWNjBTTE94cGV1M0Z6dXEvYjNV\nK08wd3JDS0VpbnpqVWRhODhENWdpVk0KYScevJZLmnQq3aj5Swh/b5saxMVuOS97\nff7KJkJc9eDTHCDNUz9dZUmtAJrlQ3Vxcjr/fNHKkbpIRX8henlgfw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-08-21T11:15:34Z", + "mac": "ENC[AES256_GCM,data:WkEIqxULjaUlcWASBN4IsrDPs4/ojvuBcSHY+7N8eM5R+fcXg5acS+Uful9L81m4lbBTVc48D+0qYmhsm9dFNLWdmaBscVLKfPc/r9lj/SaydpMNEO4qEIgdGVEbhODIlmZBEaYPjsQrjvWUsk5//zwSq+0AY3AkoeqcpofBsak=,iv:NC+PhRe14H1rp+Pw5U5IDBjKylXJxOmtjG81A9tcUi4=,tag:DGctC1Ge/KvXYFzEBIuGeQ==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/aresix/duckdns/token/users/pedro b/vars/per-machine/aresix/duckdns/token/users/pedro new file mode 120000 index 0000000..ae0c694 --- /dev/null +++ b/vars/per-machine/aresix/duckdns/token/users/pedro @@ -0,0 +1 @@ +../../../../../../sops/users/pedro \ No newline at end of file diff --git a/vars/per-machine/aresix/tg-ha-door/credentials-file/machines/aresix b/vars/per-machine/aresix/tg-ha-door/credentials-file/machines/aresix new file mode 120000 index 0000000..a7839bb --- /dev/null +++ b/vars/per-machine/aresix/tg-ha-door/credentials-file/machines/aresix @@ -0,0 +1 @@ +../../../../../../sops/machines/aresix \ No newline at end of file diff --git a/vars/per-machine/aresix/tg-ha-door/credentials-file/secret b/vars/per-machine/aresix/tg-ha-door/credentials-file/secret new file mode 100644 index 0000000..9c2c774 --- /dev/null +++ b/vars/per-machine/aresix/tg-ha-door/credentials-file/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:pgqGVVzrBFAZUrvUjmOP6/bOwiMa6rdvsrP/G/IdJLK3r1cuSNz+V8eLf7sRQFrPSRNutorO8B2Ni8YZRJ6dBojSs95i0igp49lW3gbO7qQbUaoY/0Pz16XZAhBr0o9XWd8BOQNHTcoqdxxZKYylQySZEBXL8VQO5/BE7tageeEam8x31KExT7m+KHjKO8hV0XFzvXCnIpu7wpfJWsE04PXK+oY5LYpe3cCxtg+1wyBfTp+BFP2I5XZ+Exs+ldOwjMHXJBLP7gSkxggoKRILTsazntUCkk4NxBPqvh7+K4TanRHOONOPnqHXvZfRPrrTbVJdB3Cpe4qvSSDHqry3qSQ=,iv:UinSEY6cXYEPrwHTgWkwggnp4UkfPPNrgKzD2PmpHlQ=,tag:qQmirO5/xCE0vNoTYhmz+A==,type:str]", + "sops": { + "age": [ + { + "recipient": "age12dw69nvfyqype23gmn4cy7wccr6ct3luj05hat4g65kzwqz9rpzs7z4jpe", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKTnpQRnFPRys3dC9nSm5N\ncVJPRWJtbUM0SnN5Nm1YZjAwTS8rVGliYUdJCkdjZlQrUldXaHdhOHo2cldlL0Fq\nU2hqQjNuVkF0Q2Z1MzNyTU9wODNzMGMKLS0tIERuUkZpYzN3NVhNTWRzZEhHemZl\nd01zcGdJdWxsTDNhTG93UlBxZFduaG8KtMvXaBsN9PQ2efabYkfmwpbft5uCYz1k\nqnVEIpNOSzeBhES/3goSgHIQnOU5suDq9K7g9zoK8sRFu4xA6s4esg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1r2sw9uncvkqtklypw4rttufhw86lhhqrghed8l2kda6hdrd9ypyqm7y863", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSR0Y3eldHOTBpb29jR3dX\ndkY2OHJCN0VDRFhFTlMwbTdZV2hoQ1FZMEM4CkY4U0gvV21VTFE4ZUl5KzZqT3hw\nb0RGNEV4MFF4MGExN1BHRkhVUU91VkEKLS0tIEJWNEg4TUZpLzNmTURERHhRd0tv\nTkJZK09PUVErT1h4RkFVczdWa0JTRlUK8uM4HsUeA6U35Z1eWkRs00vIWGy17qVR\n8uXh/X4jwBtoSgGhisofEoyfXK7CK6R9Jb1VCS8y9nI+sYbOCBp8AA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-08-21T13:43:46Z", + "mac": "ENC[AES256_GCM,data:LGw8L3Qq2bRD1OgY2YG5074WVFUJPS9fF5r/TQXYqSNLH4yRumKqyAWWi3wpf4hoDUa9/dkmmsOKbiBq1jVZhRGvUUo246xyd09UMXgNOkYYMkF1PYnz1NCWl1VsmIdm1aGxxpSyGVtoUG7d+bgV9WmFq8yne9VGoO6TOfKmYRY=,iv:yQlt5Q5ApmwzWoS1fdrtiwVfodqRZ3RXI6jBple/gpI=,tag:ifs7TLXvIp9mUgVuoMQV3g==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/aresix/tg-ha-door/credentials-file/users/pedro b/vars/per-machine/aresix/tg-ha-door/credentials-file/users/pedro new file mode 120000 index 0000000..ae0c694 --- /dev/null +++ b/vars/per-machine/aresix/tg-ha-door/credentials-file/users/pedro @@ -0,0 +1 @@ +../../../../../../sops/users/pedro \ No newline at end of file