nix: update inputs

diff --git a/flake.lock b/flake.lock
index 4c190a074bce57462c3ecb8b410bcc5c8186edda..17e2a35969a97f1b4785c8e9f2a292db559cc16d 100644 (file)
--- a/flake.lock
+++ b/flake.lock
@@ -3,11 +3,11 @@
     "doom-emacs": {
       "flake": false,
       "locked": {
-        "lastModified": 1647913749,
-        "narHash": "sha256-JlPq+PAJW00rDFOSdLYCdd+nnQzNkjztK2zXAS2S2zY=",
+        "lastModified": 1656519163,
+        "narHash": "sha256-iNg3DnQJB6iIWLBsFGcloFHwwQUgrJeIQeNJHD7nwIo=",
         "owner": "hlissner",
         "repo": "doom-emacs",
-        "rev": "aed2972d7400834210759727117c50de34826db9",
+        "rev": "c2f8476c8641fcc9a1371d873ed3b5924952a059",
         "type": "github"
       },
       "original": {
@@ -50,12 +50,16 @@
       }
     },
     "emacs-overlay": {
+      "inputs": {
+        "flake-utils": "flake-utils_2",
+        "nixpkgs": "nixpkgs"
+      },
       "locked": {
-        "lastModified": 1648290468,
-        "narHash": "sha256-Mibv/7lr2QxNwydU0WP1VDC0GMu6Xn0E5Yez73xDjQE=",
+        "lastModified": 1656413262,
+        "narHash": "sha256-I8X1LaW/qoSWeBLK0N8GPOshIuXG9zyNyZUtKZYa0h4=",
         "owner": "nix-community",
         "repo": "emacs-overlay",
-        "rev": "adf05412cca0a492c2465ac5de719954834c449e",
+        "rev": "8772891c73e2809df5e5469d14535ea77e123d3e",
         "type": "github"
       },
       "original": {
@@ -160,19 +164,35 @@
         "type": "github"
       }
     },
+    "flake-utils_2": {
+      "locked": {
+        "lastModified": 1656065134,
+        "narHash": "sha256-oc6E6ByIw3oJaIyc67maaFcnjYOz1mMcOtHxbEf9NwQ=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "bee6a7250dd1b01844a2de7e02e4df7d8a0a206c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
           "julm-nix",
           "nixpkgs"
-        ]
+        ],
+        "utils": "utils"
       },
       "locked": {
-        "lastModified": 1650190514,
-        "narHash": "sha256-BoBvGT71yOfrNDTZQs7+FX0zb4yjMBETgIjtTsdJw+o=",
+        "lastModified": 1656367977,
+        "narHash": "sha256-0hV17V9Up9pnAtPJ+787FhrsPnawxoTPA/VxgjRMrjc=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "620ed197f3624dafa5f42e61d5c043f39b8df366",
+        "rev": "3bf16c0fd141c28312be52945d1543f9ce557bb1",
         "type": "github"
       },
       "original": {
@@ -195,11 +215,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1655398770,
-        "narHash": "sha256-6M3bhk7PFiQCTCwKWSq1SpLO85gUzJsgFUIC0MBYDzM=",
+        "lastModified": 1659790679,
+        "narHash": "sha256-6g6Vx+rZPINUbgzpGhH5IfCfUjzEqUAOXmx55TgIkRQ=",
         "ref": "main",
-        "rev": "71b7edf3240dd5eef4e1779baf7feaccd5445d0a",
-        "revCount": 458,
+        "rev": "94f28bdd976d68743a98035810b3973ed9851d69",
+        "revCount": 462,
         "type": "git",
         "url": "file:///home/julm/work/sourcephile/nix/julm-nix"
       },
@@ -273,17 +293,31 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1656500841,
-        "narHash": "sha256-13IRoh3uu29S4IfoVO6Sb0UPwzDhSqXoBKKQ4ssEzF0=",
+        "lastModified": 1653086549,
+        "narHash": "sha256-9Gt55P+hh70m/vx0zS5iJrMFrU4Rf0uO+nG9NFxTW1U=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "98bcd08cb1778d103bac1149621b3568014aadbd",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1657815135,
+        "narHash": "sha256-+5Jby1ayRjtSgsM5IpRNeUgdcIutCKQWR6sypRtd1RE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "be6da3774db3746e6ae94bf412dd3707e35b2800",
+        "rev": "c06d5fa9c605d143b15cafdbbb61c7c95388d76e",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "be6da3774db3746e6ae94bf412dd3707e35b2800",
+        "rev": "c06d5fa9c605d143b15cafdbbb61c7c95388d76e",
         "type": "github"
       }
     },
@@ -431,7 +465,7 @@
           "julm-nix",
           "nix-doom-emacs"
         ],
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
         "pass": "pass",
         "secrets": "secrets",
         "shell": "shell"
@@ -476,6 +510,21 @@
         "path": "./shell",
         "type": "path"
       }
+    },
+    "utils": {
+      "locked": {
+        "lastModified": 1653893745,
+        "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
     }
   },
   "root": "root",

diff --git a/flake.nix b/flake.nix
index 80ed03f98d5fc0071d1d36ee8fb52b84890033e4..22ce2c98ca37da69127144676af54179254c3da8 100644 (file)
--- a/flake.nix
+++ b/flake.nix
@@ -1,6 +1,7 @@
 {
 # Pin down nixpkgs from github, instead of using global, system or user registries.
-inputs.nixpkgs.url = "github:NixOS/nixpkgs/be6da3774db3746e6ae94bf412dd3707e35b2800";
+#inputs.nixpkgs.url = "github:NixOS/nixpkgs/168d1c578909dc143ba52dbed661c36e76b12b36";
+inputs.nixpkgs.url = "github:NixOS/nixpkgs/c06d5fa9c605d143b15cafdbbb61c7c95388d76e";
 #inputs.nixpkgs.url = "flake:nixpkgs";
 inputs.flake-utils.url = "github:numtide/flake-utils";
 inputs.home-manager.follows = "julm-nix/home-manager";

diff --git a/hosts/carotte.nix b/hosts/carotte.nix
index 355fefcd86c9dd49825af4570474ffdb0207d1c9..5cf0e3f48614ee33ee53ead20d597b8550a702bd 100644 (file)
--- a/hosts/carotte.nix
+++ b/hosts/carotte.nix
@@ -12,12 +12,14 @@ modules = [
   ../nixos/defaults.nix
   ../nixos/profiles/systems/debug.nix
   #carotte/fileSystems.nix
+
   carotte/hardware.nix
+  carotte/hostapd.nix
   carotte/networking.nix
   carotte/security.nix
   carotte/system.nix
   carotte/users.nix
   (inputs.secrets + "/hosts/${hostName}/users.nix")
-  carotte/xserver.nix
+  #carotte/xserver.nix
 ];
 }

diff --git a/hosts/losurdo/networking/openvpn/riseup.nix b/hosts/losurdo/networking/openvpn/riseup.nix
index 7e7e6ca2630716574a24ff67740568ea5f7da5ca..20c89740e4531b5796b602c992278b5cbb610b5b 100644 (file)
--- a/hosts/losurdo/networking/openvpn/riseup.nix
+++ b/hosts/losurdo/networking/openvpn/riseup.nix
@@ -55,15 +55,21 @@ services.openvpn.servers.${netns} = {
 };
 systemd.services."openvpn-${netns}" = {
   preStart = ''
-    set -e
-    ${pkgs.curl}/bin/curl -X POST --cacert ${ca} -o ${key-cert} -Ls ${apiUrl}
+    set -ex
+    ${pkgs.curl}/bin/curl -v -X POST --cacert ${ca} -o ${key-cert} -Ls ${apiUrl}
     chmod 700 ${key-cert}
   '';
+  unitConfig = {
+    StartLimitIntervalSec = 0;
+  };
   serviceConfig = {
     RuntimeDirectory = [ "openvpn-${netns}" ];
     RuntimeDirectoryMode = "0700";
   };
 };
+environment.systemPackages = [
+  pkgs.riseup-vpn
+];
 networking.nftables.ruleset = ''
   add rule inet filter fw2net meta skuid root tcp dport 443 counter accept comment "OpenVPN Riseup"
 '';

diff --git a/hosts/losurdo/networking/wireguard/extranet.nix b/hosts/losurdo/networking/wireguard/extranet.nix
index 61d5f84af2a27fad7ad8c29bea74f9e6358e124d..0ff4cbf2f218a413c05df894c9de49c0cb6e5f6a 100644 (file)
--- a/hosts/losurdo/networking/wireguard/extranet.nix
+++ b/hosts/losurdo/networking/wireguard/extranet.nix
@@ -1,4 +1,4 @@
-{ pkgs, lib, config, hosts, hostName, ... }:
+{ pkgs, lib, config, hosts, hostName, credentials, ... }:
 let
   wg = "wg-extra";
   listenPort = 16843;
@@ -26,9 +26,10 @@ networking.nftables.ruleset = ''
   add rule  inet filter output oifname "${wg}" log level warn prefix "fw2extra: " counter drop
 '';
 #boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+systemd.services."wireguard-${wg}".serviceConfig.LoadCredentialEncrypted = "privateKey:${credentials}/wireguard/${wg}/privateKey.secret";
 networking.wireguard.interfaces."${wg}" = {
   # publicKey: 1Iyq96rPHfyrt4B31NqKLgWzlglkMAWjA41aF279gjM=
-  privateKeyFile = "/root/secrets/wireguard/${wg}/privateKey";
+  privateKeyFile = "$CREDENTIALS_DIRECTORY/privateKey";
   ips = [ "192.168.43.1/32" ];
   inherit listenPort;
   socketNamespace = null;

diff --git a/hosts/losurdo/networking/wireguard/intranet.nix b/hosts/losurdo/networking/wireguard/intranet.nix
index fa0da41b8af177f02694e3cd07adfd070b4659c5..8e0d649bd5a07135ca3c997a353d2abec5712127 100644 (file)
--- a/hosts/losurdo/networking/wireguard/intranet.nix
+++ b/hosts/losurdo/networking/wireguard/intranet.nix
@@ -16,9 +16,6 @@ networking.wireguard.${iface}.peers = {
   patate.enable = true;
   carotte.enable = true;
 };
-networking.wireguard.interfaces.${iface} = {
-  privateKeyFile = "/root/secrets/wireguard/${iface}/privateKey";
-};
 systemd.services."wireguard-${iface}" = {
   unitConfig.Upholds = [ "upnpc-${toString wg.listenPort}.service" ];
 };

diff --git a/hosts/mermet.nix b/hosts/mermet.nix
index fac75616779f5a97126cb645d47ed0b5288e6a78..a87aebb9ac33ac8d8a451d34c963da663e010a38 100644 (file)
--- a/hosts/mermet.nix
+++ b/hosts/mermet.nix
@@ -12,6 +12,7 @@ modules = [
     };
   }
   ../nixos/defaults.nix
+  ../nixos/profiles/systems/debug.nix
   mermet/acme.nix
   mermet/croc.nix
   mermet/coturn.nix
@@ -34,7 +35,7 @@ modules = [
   mermet/rspamd.nix
   mermet/sanoid.nix
   mermet/security.nix
-  mermet/sourcehut.nix
+  #mermet/sourcehut.nix
   mermet/system.nix
   mermet/unbound.nix
   mermet/users.nix

diff --git a/hosts/mermet/dovecot/ldap.conf b/hosts/mermet/dovecot/ldap.conf
index 1dea192c753f79771541f3146311d22e22e3b84f..1d8061f4296e5ef6dcc967d620e6666a513b3d4c 100644 (file)
--- a/hosts/mermet/dovecot/ldap.conf
+++ b/hosts/mermet/dovecot/ldap.conf
@@ -1,7 +1,7 @@
 debug_level = 0
 
 # LDAP database
-uris = ldapi://
+uris = ldapi://%2Frun%2Fslapd%2Fsock
 base = ou=posix,dc=%Dd
 scope = subtree
 #deref = never

diff --git a/hosts/mermet/networking/wireguard.nix b/hosts/mermet/networking/wireguard.nix
index 5c3b8612bf16b31ae9ceacc4e82f627043e7de14..74e48f3f9182424c628427a8d8d7cad7db82dea1 100644 (file)
--- a/hosts/mermet/networking/wireguard.nix
+++ b/hosts/mermet/networking/wireguard.nix
@@ -15,14 +15,6 @@ networking.wireguard.${iface}.peers = {
   oignon.enable = true;
   patate.enable = true;
 };
-networking.wireguard.interfaces.${iface} = {
-  privateKeyFile = secrets."wireguard/${iface}/privateKey".path;
-};
-security.gnupg.secrets."wireguard/${iface}/privateKey" = {};
-systemd.services."wireguard-${iface}" = {
-  after    = [ secrets."wireguard/${iface}/privateKey".service ];
-  requires = [ secrets."wireguard/${iface}/privateKey".service ];
-};
 networking.nftables.ruleset = ''
   # Allow peers to initiate connection for ${iface}
   add rule inet filter net2fw udp dport ${toString wg.listenPort} counter accept comment "${iface}"

diff --git a/hosts/mermet/openldap.nix b/hosts/mermet/openldap.nix
index 04eba5e18ef03046daac3e75f39ff9b40e5d36dc..5c249f5e66b307ab0c99c43b9b7add5e0d24dddb 100644 (file)
--- a/hosts/mermet/openldap.nix
+++ b/hosts/mermet/openldap.nix
@@ -15,7 +15,9 @@ imports = [
 ];
 users.ldap = {
   enable = false;
-  server = "ldapi:///";
+  # FIXME: reset to ldapi:/// once https://nixpk.gs/pr-tracker.html?pr=179597 is included
+  #server = "ldapi:///";
+  server = "ldapi://%2Frun%2Fslapd%2Fsock";
   base = "ou=posix,${domainSuffix}";
   bind = {
     #distinguishedName = "cn=admin,${domainSuffix}";
@@ -38,7 +40,9 @@ services.openldap = {
   enable    = true;
   #dataDir   = "/var/db/ldap";
   #configDir = "/var/db/slapd";
-  urlList   = [ "ldapi:///" ]; # UNIX socket
+  # FIXME: reset to ldapi:///
+  #urlList   = [ "ldapi:///" ]; # UNIX socket
+  urlList   = [ "ldapi://%%2Frun%%2Fslapd%%2Fsock" ]; # UNIX socket
   # sudo ldapsearch -LLL -H ldapi:// -D cn=admin,cn=config -Y EXTERNAL -b "" -s base supportedControl
   settings = {
     attrs = {

diff --git a/hosts/mermet/openldap/sourcephile.fr.nix b/hosts/mermet/openldap/sourcephile.fr.nix
index 81d4c05b1f629ce9e0625a414a6ffdbd462e1f67..646762d10b236729e17874fe784dbe1004deae42 100644 (file)
--- a/hosts/mermet/openldap/sourcephile.fr.nix
+++ b/hosts/mermet/openldap/sourcephile.fr.nix
@@ -12,7 +12,7 @@ let
   posixAccount = pkgs.callPackage (import ./posixAccount.nix) { inherit domain domainSuffix domainGroup; };
 in
 {
-users.groups."${domainGroup}" = {
+users.groups.${domainGroup} = {
   gid = 20000;
   members = [
     users."julm".name
@@ -132,6 +132,17 @@ services.openldap = {
           # and the index/control on different ZFS datasets like here.
           "maildir:/home/${uid}/mail/${domain}/mail:LAYOUT=maildir++:UTF-8:CONTROL=${stateDir}/control/${domain}/${uid}:INDEX=${stateDir}/index/${domain}/${uid}";
       }
+      rec {
+        uid = "testbox";
+        cn = "Test Box";
+        sn = uid;
+        uidNumber = 21000;
+        gidNumber = groups.${domainGroup}.gid;
+        mailAlias = [ "test.box" ];
+        userPassword = builtins.readFile (inputs.secrets + "/members/mail/julm/hashedPassword");
+        #mailHomeDirectory = "/home/${uid}/mail/${domain}";
+        mailQuota = "1G";
+      }
     ];
 };
 }

diff --git a/hosts/mermet/postfix.nix b/hosts/mermet/postfix.nix
index 22b290e551aaa993b00e7b7479e7d2b1dd032b1e..df1c21027d51689c59f8246fe7dfc97aceb78718 100644 (file)
--- a/hosts/mermet/postfix.nix
+++ b/hosts/mermet/postfix.nix
@@ -39,6 +39,7 @@ services.postfix = {
   # Parse the extension in email address, eg. contact+extension@
   recipientDelimiter = "+";
   mapFiles.sender_access = inputs.secrets + "/postfix/sender_access";
+  #mapFiles.virtual_mailbox_maps = ;
   config = {
     debug_peer_level = "4";
     debug_peer_list = [
@@ -230,6 +231,7 @@ services.postfix = {
     virtual_mailbox_domains = [];
     # Completed by the postfix/*.nix
     virtual_mailbox_maps = [
+      # Is it necessary because it's already in virtual_alias_maps
       "hash:/etc/postfix/virtual"
     ];
     virtual_transport = "lmtp:unix:private/dovecot-lmtp";

diff --git a/hosts/mermet/postfix/autogeree.net.nix b/hosts/mermet/postfix/autogeree.net.nix
index cbdacfc5fbd1cc5f741a9fee2b7f19c65325fadf..866b8b04a6a6f1806cabd381abbb5de9431e5581 100644 (file)
--- a/hosts/mermet/postfix/autogeree.net.nix
+++ b/hosts/mermet/postfix/autogeree.net.nix
@@ -27,7 +27,7 @@ services.postfix = {
         domain           = ${domain}
         version          = 3
         debuglevel       = 0
-        server_host      = ldapi://
+        server_host      = ldapi://%2Frun%2Fslapd%2Fsock
         bind             = sasl
         sasl_mechs       = EXTERNAL
         search_base      = ou=posix,${domainSuffix}
@@ -44,7 +44,7 @@ services.postfix = {
         domain           = ${domain}
         version          = 3
         debuglevel       = 0
-        server_host      = ldapi://
+        server_host      = ldapi://%2Frun%2Fslapd%2Fsock
         bind             = sasl
         sasl_mechs       = EXTERNAL
         search_base      = ou=posix,${domainSuffix}

diff --git a/hosts/mermet/postfix/sourcephile.fr.nix b/hosts/mermet/postfix/sourcephile.fr.nix
index d7131a833788c9e62dd30d9c46988b9b81094ba4..52cf3227812c2eb561ec47b9808d4ab665e004e3 100644 (file)
--- a/hosts/mermet/postfix/sourcephile.fr.nix
+++ b/hosts/mermet/postfix/sourcephile.fr.nix
@@ -31,7 +31,7 @@ services.postfix = {
         domain           = ${domain}
         version          = 3
         debuglevel       = 0
-        server_host      = ldapi://
+        server_host      = ldapi://%2Frun%2Fslapd%2Fsock
         bind             = sasl
         sasl_mechs       = EXTERNAL
         search_base      = ou=posix,${domainSuffix}
@@ -48,7 +48,7 @@ services.postfix = {
         domain           = ${domain}
         version          = 3
         debuglevel       = 0
-        server_host      = ldapi://
+        server_host      = ldapi://%2Frun%2Fslapd%2Fsock
         bind             = sasl
         sasl_mechs       = EXTERNAL
         search_base      = ou=posix,${domainSuffix}

diff --git a/hosts/mermet/public-inbox.nix b/hosts/mermet/public-inbox.nix
index d1674891f2bb7c65c33ebaf97bacb5ee8b65fb54..1b966f787ed8b84d4ec2617e1aa2e0d458562239 100644 (file)
--- a/hosts/mermet/public-inbox.nix
+++ b/hosts/mermet/public-inbox.nix
@@ -71,6 +71,7 @@ services.public-inbox = {
     css = [ "href=https://mails.${domain}/style/light.css" ];
     nntpserver = [ "nntps://news.${domain}" ];
     wwwlisting = "match=domain";
+    #imapserver = [ "mails.${domain}" ];
   };
   mda = {
     enable = true;

diff --git a/hosts/mermet/sourcehut.nix b/hosts/mermet/sourcehut.nix
index c4775716f79de71c7fa5fb3ceb161dd4b7c70aa9..2ecd7588461c65df06f647e0e07d1f89ef0550f1 100644 (file)
--- a/hosts/mermet/sourcehut.nix
+++ b/hosts/mermet/sourcehut.nix
@@ -43,7 +43,7 @@ services.sourcehut = {
   };
 
   #dispatch.enable = true;
-  git.enable = true;
+  #git.enable = true;
   #hub.enable = true;
   meta.enable = true;
   meta.port = 4999;

diff --git a/hosts/mermet/switch b/hosts/mermet/switch
index 8bddce89a11ebc9a3d8602a3829ef1a4b632fb0d..0a1d5ec022a9f53be241d2f7855d82001c796dea 100755 (executable)
--- a/hosts/mermet/switch
+++ b/hosts/mermet/switch
@@ -1,3 +1,8 @@
 #!/bin/sh -eux
 cd "${0%/*}"/../..
-nix -L run .#mermet.switch "$@"
+host=mermet
+chmod -R g-rwx,o-rwx "$PWD"/private/hosts/*/root
+#ln -sfn "$PWD/private/hosts/$host/root" /root/private
+trap 'git reset private/hosts/"*"/root' EXIT
+git rm -rf --cached --ignore-unmatch private/hosts/'*'/root # prevent copying to /nix/store
+nix -L run .#$host.switch "$@"

diff --git a/nixos/profiles/systems/debug.nix b/nixos/profiles/systems/debug.nix
index 8fa3d4df6ae0ecc85c927d296910f5d28cb8008f..e9f0af1847ecdc255c7cab4905d18a9d87429630 100644 (file)
--- a/nixos/profiles/systems/debug.nix
+++ b/nixos/profiles/systems/debug.nix
@@ -11,7 +11,7 @@ systemd.coredump = {
 environment.enableDebugInfo = true;
 environment.systemPackages = [
   #pkgs.valgrind
-  #pkgs.gdb
+  pkgs.gdb
 ];
 /*
 environment.etc."sudo.conf".text = ''

diff --git a/nixpkgs/overlays.nix b/nixpkgs/overlays.nix
index 0beea42b583c0030ae59c5f9faaa0ddbad821407..b819ea4b6a4c0e8858912ed72f001709a61d7b00 100644 (file)
--- a/nixpkgs/overlays.nix
+++ b/nixpkgs/overlays.nix
@@ -8,4 +8,16 @@ map import
   #overlays/sourcehut.nix
 ] ++ [
   #(self: super: { biboumi = super.callPackage pkgs/biboumi {}; })
+  /*
+  (final: super: {
+    pythonPackages = (super.python.override {
+      packageOverrides = super.lib.const (python-super: {
+        # TODO: remove after https://github.com/NixOS/nixpkgs/pull/152698 has hit master
+        dbus-python = python-super.dbus-python.overrideAttrs (oldAttrs: rec {
+          #configureFlags = ["PYTHON=${super.python.pythonForBuild.interpreter}"];
+        });
+      });
+    }).pkgs;
+  })
+  */
 ]

diff --git a/private/.gitattributes b/private/.gitattributes
index 707e0d72d7504632575b663cff9ba12b54d2b0db..20048a5e553c76221e1634059dae5d3cce86eb50 100644 (file)
--- a/private/.gitattributes
+++ b/private/.gitattributes
@@ -1,3 +1,3 @@
 hosts/mermet/**  filter=git-crypt-mermet  diff=git-crypt-mermet
 hosts/losurdo/** filter=git-crypt-losurdo diff=git-crypt-losurdo
-shared/**        filter=git-crypt-shared diff=git-crypt-shared
+shared/**        filter=git-crypt-shared  diff=git-crypt-shared

diff --git a/private/hosts/encrypt.sh b/private/hosts/encrypt.sh
index ff676ac09f4b6771722a3552482b4da0cdbf7520..2dc1494e14d36e2dd44009a276e623b83c9763f5 100755 (executable)
--- a/private/hosts/encrypt.sh
+++ b/private/hosts/encrypt.sh
@@ -8,7 +8,8 @@ hostkey=${key#*/*/}
 mkdir -p "$dir/$host/credentials/${hostkey%/*}"
 pass "$key" |
 sudo unshare --mount sh -xc "
-  mount --bind '$dir/$host/root/credential.secret' /var/lib/systemd/credential.secret &&
+  mount --bind $dir/$host/root/credential.secret /var/lib/systemd/credential.secret &&
+  mount --bind $dir/$host/root/machine-id /etc/machine-id &&
   systemd-creds encrypt --with-key=host --name '${hostkey##*/}' - - |
   install -m 400 -o $USER -g users /dev/stdin '$dir/$host/credentials/$hostkey.secret'
 "

diff --git a/private/hosts/losurdo/credentials/wireguard/wg-extra/privateKey.secret b/private/hosts/losurdo/credentials/wireguard/wg-extra/privateKey.secret
new file mode 100644 (file)
index 0000000..6e0c810
Binary files /dev/null and b/private/hosts/losurdo/credentials/wireguard/wg-extra/privateKey.secret differ

diff --git a/private/hosts/losurdo/credentials/wireguard/wg-intra/privateKey.secret b/private/hosts/losurdo/credentials/wireguard/wg-intra/privateKey.secret
index d8a95beae5fbe5b5605c29d5ead7e25dfb46b658..eaa896a21f75e73f22cc997f5c654767fcd67bae 100644 (file)
Binary files a/private/hosts/losurdo/credentials/wireguard/wg-intra/privateKey.secret and b/private/hosts/losurdo/credentials/wireguard/wg-intra/privateKey.secret differ

diff --git a/private/hosts/losurdo/root/machine-id b/private/hosts/losurdo/root/machine-id
new file mode 100644 (file)
index 0000000..f593328
Binary files /dev/null and b/private/hosts/losurdo/root/machine-id differ

diff --git a/private/hosts/mermet/credentials/wireguard/wg-intra/privateKey.secret b/private/hosts/mermet/credentials/wireguard/wg-intra/privateKey.secret
new file mode 100644 (file)
index 0000000..7fb8231
Binary files /dev/null and b/private/hosts/mermet/credentials/wireguard/wg-intra/privateKey.secret differ

diff --git a/private/hosts/mermet/root/credential.secret b/private/hosts/mermet/root/credential.secret
new file mode 100644 (file)
index 0000000..cf535a8
Binary files /dev/null and b/private/hosts/mermet/root/credential.secret differ

diff --git a/private/hosts/mermet/root/machine-id b/private/hosts/mermet/root/machine-id
new file mode 100644 (file)
index 0000000..f6e1a75
Binary files /dev/null and b/private/hosts/mermet/root/machine-id differ