From ef58d25c049170835531f9e8f85fedd79b0c659c Mon Sep 17 00:00:00 2001
From: Julien Moutinho <julm+sourcephile-nix@sourcephile.fr>
Date: Sun, 9 Feb 2025 01:06:55 +0100
Subject: [PATCH] nix: update julm-nix
---
domains/sourcephile.fr/.gitattributes | 7 +++++
domains/sourcephile.fr/nebula/aubergine.crt | Bin 0 -> 371 bytes
domains/sourcephile.fr/nebula/aubergine.pub | Bin 0 -> 147 bytes
domains/sourcephile.fr/nebula/blackberry.crt | Bin 0 -> 371 bytes
domains/sourcephile.fr/nebula/blackberry.pub | Bin 0 -> 147 bytes
domains/sourcephile.fr/nebula/ca.crt | Bin 0 -> 269 bytes
domains/sourcephile.fr/nebula/carotte.crt | Bin 0 -> 367 bytes
domains/sourcephile.fr/nebula/carotte.pub | Bin 0 -> 147 bytes
domains/sourcephile.fr/nebula/courge.crt | Bin 0 -> 367 bytes
domains/sourcephile.fr/nebula/courge.pub | Bin 0 -> 147 bytes
domains/sourcephile.fr/nebula/keygen.sh | 11 +++++++
domains/sourcephile.fr/nebula/losurdo.pub | Bin 0 -> 147 bytes
domains/sourcephile.fr/nebula/mermet.crt | Bin 0 -> 367 bytes
domains/sourcephile.fr/nebula/mermet.pub | Bin 0 -> 147 bytes
domains/sourcephile.fr/nebula/oignon.crt | Bin 0 -> 367 bytes
domains/sourcephile.fr/nebula/oignon.pub | Bin 0 -> 147 bytes
domains/sourcephile.fr/nebula/patate.crt | Bin 0 -> 367 bytes
domains/sourcephile.fr/nebula/patate.pub | Bin 0 -> 147 bytes
.../sourcephile.fr/nebula}/sign.sh | 0
hosts/carotte/nebula.nix | 29 ++++++++++++++----
hosts/losurdo/nebula.nix | 29 ++++++++++++++----
hosts/losurdo/nebula/losurdo.key.gpg | Bin 764 -> 0 bytes
.../losurdo/nebula/sourcephile.fr/losurdo.crt | Bin 0 -> 367 bytes
.../{ => sourcephile.fr}/losurdo.key.cred | Bin
hosts/mermet/nebula.nix | 29 ++++++++++++++----
julm-nix | 2 +-
share/.gitattributes | 7 -----
share/nebula/sourcephile.fr/ca.crt | Bin 269 -> 0 bytes
share/nebula/sourcephile.fr/ca.key.gpg | Bin 753 -> 0 bytes
share/nebula/sourcephile.fr/carotte.crt | 7 -----
share/nebula/sourcephile.fr/losurdo.crt | Bin 367 -> 0 bytes
share/nebula/sourcephile.fr/losurdo.pub | Bin 147 -> 0 bytes
share/nebula/sourcephile.fr/mermet.crt | Bin 367 -> 0 bytes
share/nebula/sourcephile.fr/mermet.pub | Bin 147 -> 0 bytes
share/nebula/sourcephile.fr/oignon.crt | Bin 367 -> 0 bytes
share/nebula/sourcephile.fr/oignon.pub | Bin 147 -> 0 bytes
36 files changed, 88 insertions(+), 33 deletions(-)
create mode 100644 domains/sourcephile.fr/.gitattributes
create mode 100644 domains/sourcephile.fr/nebula/aubergine.crt
create mode 100644 domains/sourcephile.fr/nebula/aubergine.pub
create mode 100644 domains/sourcephile.fr/nebula/blackberry.crt
create mode 100644 domains/sourcephile.fr/nebula/blackberry.pub
create mode 100644 domains/sourcephile.fr/nebula/ca.crt
create mode 100644 domains/sourcephile.fr/nebula/carotte.crt
create mode 100644 domains/sourcephile.fr/nebula/carotte.pub
create mode 100644 domains/sourcephile.fr/nebula/courge.crt
create mode 100644 domains/sourcephile.fr/nebula/courge.pub
create mode 100644 domains/sourcephile.fr/nebula/keygen.sh
create mode 100644 domains/sourcephile.fr/nebula/losurdo.pub
create mode 100644 domains/sourcephile.fr/nebula/mermet.crt
create mode 100644 domains/sourcephile.fr/nebula/mermet.pub
create mode 100644 domains/sourcephile.fr/nebula/oignon.crt
create mode 100644 domains/sourcephile.fr/nebula/oignon.pub
create mode 100644 domains/sourcephile.fr/nebula/patate.crt
create mode 100644 domains/sourcephile.fr/nebula/patate.pub
rename {share/nebula/sourcephile.fr => domains/sourcephile.fr/nebula}/sign.sh (100%)
delete mode 100644 hosts/losurdo/nebula/losurdo.key.gpg
create mode 100644 hosts/losurdo/nebula/sourcephile.fr/losurdo.crt
rename hosts/losurdo/nebula/{ => sourcephile.fr}/losurdo.key.cred (100%)
delete mode 100644 share/.gitattributes
delete mode 100644 share/nebula/sourcephile.fr/ca.crt
delete mode 100644 share/nebula/sourcephile.fr/ca.key.gpg
delete mode 100644 share/nebula/sourcephile.fr/carotte.crt
delete mode 100644 share/nebula/sourcephile.fr/losurdo.crt
delete mode 100644 share/nebula/sourcephile.fr/losurdo.pub
delete mode 100644 share/nebula/sourcephile.fr/mermet.crt
delete mode 100644 share/nebula/sourcephile.fr/mermet.pub
delete mode 100644 share/nebula/sourcephile.fr/oignon.crt
delete mode 100644 share/nebula/sourcephile.fr/oignon.pub
diff --git a/domains/sourcephile.fr/.gitattributes b/domains/sourcephile.fr/.gitattributes
new file mode 100644
index 0000000..4aa27b7
--- /dev/null
+++ b/domains/sourcephile.fr/.gitattributes
@@ -0,0 +1,7 @@
+*.clear filter=git-crypt-sourcephile diff=git-crypt-sourcephile
+*.cred filter=git-crypt-sourcephile diff=git-crypt-sourcephile
+*.gpg filter=git-crypt-sourcephile diff=git-crypt-sourcephile
+*.pem filter=git-crypt-sourcephile diff=git-crypt-sourcephile
+*.pub filter=git-crypt-sourcephile diff=git-crypt-sourcephile
+*.crt filter=git-crypt-sourcephile diff=git-crypt-sourcephile
+.gpg-id filter=git-crypt-sourcephile diff=git-crypt-sourcephile
diff --git a/domains/sourcephile.fr/nebula/aubergine.crt b/domains/sourcephile.fr/nebula/aubergine.crt
new file mode 100644
index 0000000000000000000000000000000000000000..87b72b2a34c21366414259c617a08d8f97d57f38
GIT binary patch
literal 371
zcmV-(0gV0tM@dveQdv+`03EPJpONdZzW&Pm!4Oej>vfrnIHBw5$)`iz@|7%B�H&
zb5G<a<dgv`%jnUz+hXXk1H|V(`N0d~Kq$!0gNegm%)@9~kr9~N?-gw`3I7IbCc@36
zQR^31>&WWB?xOe+;yl-}d6VuCYa%TKzTOzbkT9G@LV)o%Ioe(lJ2y=0fJ2<y`4}>D
z{8RZfRe^>5M|x#{dhDq)sQ=6X{|Q1mgZW7&9I^w}R-%=;uLh4`VB2bxRj)!`Z((-a
z-g2vbkFB<6aF4X!VnTC%vCC+}T4$y%r5Sq?zs=~ET43Q4Jlo@?#521ew+`THzyv?B
z3>!=iUGbF5Z`y<Dj;(w<g!Ul(820u)Lh7zdf~>Mxm@D^P&IGE73vDJFewI$Xh=b$W
ziu0$~+VL+Co^Rb`iFb(dS;zO+PVY?6mZYr4T`Pc3c~RM{=?lUY#`O=qyK_9bCJ98x
Raf<)&-6-5|D!aMEEqt&h#0&rc
literal 0
HcmV?d00001
diff --git a/domains/sourcephile.fr/nebula/aubergine.pub b/domains/sourcephile.fr/nebula/aubergine.pub
new file mode 100644
index 0000000000000000000000000000000000000000..42f5096658efa137a18aabd70b760a7353485d3b
GIT binary patch
literal 147
zcmV;E0BrvNM@dveQdv+`0NL5zKRPgbV1m_9!izob+x@3&%dAtYC8yvZ?zo10lYux)
zH>yCrjiE#ZQX=qwtsnJ`b0bYy6!S?2Kk!K;d(kVAw2$$ouyFf}>r84-==Y7l82c&j
zKX~##p-dJMpP)j?n%~av?hpbm`cS(-thBPcx~~?LeazM$yOfg^6>870P@daCDH+<3
BN$3Co
literal 0
HcmV?d00001
diff --git a/domains/sourcephile.fr/nebula/blackberry.crt b/domains/sourcephile.fr/nebula/blackberry.crt
new file mode 100644
index 0000000000000000000000000000000000000000..fbc2da7e0a299e17f1b66a948e029adfff386944
GIT binary patch
literal 371
zcmV-(0gV0tM@dveQdv+`0A9QHhH&~(ST-9(oH;3?-SPC(#kD@t?>c;B&ek-Q10!@W
z7!%#ZxK98BW@XE<Z;L4^(&{2%6QY9CK8(IG`neXRYdoppA<<jk$(57VRqW@^It%s3
zAKwSm9XtBe289h~P-ND3)8m7arLNgiCT6a8e7Irl*MwGx6iO*<Hth2scl@I%{r=z$
z%+Zrs;IZX>y`E`azKWH+xC|oYYOl{W-U|D>&lLOk7Um>d4AlLgx<rZZM0Z}4`upFC
z3k}Jw4UgdvOu8CBn^tR+(--<HaLa21lH056xff_b9tKw?PsiDgsTOMlwlE;zK^DU>
z4^7;MsbvbTsw=+|(Lh42_{7^ecsV?b2-MWygft+<*MJaahLPOa#5?LS)AL5J4o#P$
zOJo0F!@ETOT!{7RZGCjhs+8$&YTq)|lGI46ga0tJ57w7~{Sy{6%KEo#sD$@Of>c+N
RDL!fHo?iDmXIm4AANhA#zL)?2
literal 0
HcmV?d00001
diff --git a/domains/sourcephile.fr/nebula/blackberry.pub b/domains/sourcephile.fr/nebula/blackberry.pub
new file mode 100644
index 0000000000000000000000000000000000000000..9ee993065bf014355c26d2a3d617c429a30a2084
GIT binary patch
literal 147
zcmV;E0BrvNM@dveQdv+`0Ox)hLUfoX5->3G&Ws*XDYZ%xDTLg93Sum-J8P{M5yqaw
zkZPES{=~AMyM&hzEDB!t*{PzHvSQz|Ld2FgeU0S5#*diQzuG2*XEY`^u!=Xb;hEA=
zsEGeKu%SiLhzkVQCrSTjvjf6ANDJOle4)?r18n~fhII}EnH)@C*}%Ur_C2DT!012n
BMymh-
literal 0
HcmV?d00001
diff --git a/domains/sourcephile.fr/nebula/ca.crt b/domains/sourcephile.fr/nebula/ca.crt
new file mode 100644
index 0000000000000000000000000000000000000000..d8738e300af039bb32282fbb6109208ed66763b8
GIT binary patch
literal 269
zcmV+o0rLI;M@dveQdv+`063a*TpZg39x$79FYn0K$b}emrk~T#y5A)^>zl6WMc1>t
zu9QCmq`<V<fnArUK~v8S^c<*U0lJ&ENQnqxg2uZO<;VQD`OlwKl$0DxNQW&FP5$!>
zDpd3*lp&npK_f+W8s@2Jd`<k>=nvv3L!ff_y=EOo?9AV$*bu@6`Flyc@l!8>ku&q9
zH=g_mr?5JBEjg1iRd<n>g1;T4D5~~S118czcO}S@Dv&#mz;ND03W5OFt)aE=rdl2W
ziuT({a^85FXb!BQcN*!A8N&#ltZ)zJG``8@rYvmFd>T=tFgpv#nc#eEfpYsxtRV$+
TumgowAJpWKs`4fJ6aW6AzcGc{
literal 0
HcmV?d00001
diff --git a/domains/sourcephile.fr/nebula/carotte.crt b/domains/sourcephile.fr/nebula/carotte.crt
new file mode 100644
index 0000000000000000000000000000000000000000..fb79cbad910265c3310353d44b965b8641480034
GIT binary patch
literal 367
zcmV-#0g(OxM@dveQdv+`02fXjQ|?9$b620tIGy5!g`4TLvv4WRD%#HGx~PI7^OVO7
zEsO+B#dtz&IueFYGgZohW6lRwHvb;pN7rk#=SdAp!stp6R&i1h_&l<;X33ZyariU0
ze^kD~Rgg2@&TxPS)~?{2v>g}m4PZI(0MEAWEt#v)S4mPciSHoALSXV{1i9(%bp{>p
zmO3QNr9ogU6&cT)x)rZ=tbRTQ#87YW^;tKR8DcMIqJV*vxC(S#-^EW}F8!v=WI0R*
zoXu|Ct`Aa}&CR+VmmL=N<K9=~>cdAgSOhnuw8|@eS-3@?#2e`<ix51u>8SW^bXWyN
z?8<AsAhV2EU5iu|6w)yPm*5e3?;V67$TX1X)&JxcuMo$Uh^^(DK@JL8`)3DPG|tms
zODd<!8ECac5Xrr`t0xm$_)#>6W75&1Id6mwhO7y9dY9ZsQ-9&HfHdQu(|JxH8Rhlv
N7z0Ub7)HRBbhs?tuq6Nh
literal 0
HcmV?d00001
diff --git a/domains/sourcephile.fr/nebula/carotte.pub b/domains/sourcephile.fr/nebula/carotte.pub
new file mode 100644
index 0000000000000000000000000000000000000000..3ad89bef3560af66928aa3522d2f88c98fce0897
GIT binary patch
literal 147
zcmV;E0BrvNM@dveQdv+`0N@#gmD_#`i9y<hhq_#ObAHH~7FLdj-f<Jiv_1FH;iXnD
z9!&^o4z4786RR|Z!pqY3J{S^XK|SpqKbN5lk!csRGg+D~N)4YAk|#5Uy0Pb9u6#Vc
zSyZ}$`%SA&b|G50##h!_7dSZrJD<(u_5Jd6wnRcLQ=k^Aa|HoQMOskE)`Zo6&c&Pr
BLX!Xh
literal 0
HcmV?d00001
diff --git a/domains/sourcephile.fr/nebula/courge.crt b/domains/sourcephile.fr/nebula/courge.crt
new file mode 100644
index 0000000000000000000000000000000000000000..baefecaf5f2738d9048b3946dbc76fd92127cef0
GIT binary patch
literal 367
zcmV-#0g(OxM@dveQdv+`06&TkS_hf#a8Y)JOOKxfZ6{6ha5+Ui6p{VXZX_e5pj#4`
zQP~Pz1f;Tn(t!ci_F3?~Z&Hcf#??qS>u@*&&d8E>*8DM2R(zPm!fI(o8uN=3riiCy
ztPwS|^7P|no4SB8T}pA-&m;{cu7n2n8U6}`YH9oj*fWany-g5~bp7S^Fx%+_L8pIn
z`De|b52&I!xC~@$;hKSuiB5M!SRXV(>PnE#J3FDK9S;i+u#A)cDa>SW>a@~BnTN&y
z{HwJRg5E+7D^IuJn)8cH0sgPOxUk*mWNS#+Wd9*rl<b)vDf}on#<4i}?Au73VH0@J
zZ=U&d@;(jbtLBe5b}G}T%BDbRb}2z{p_!mNU^A*2gmIi$st0?FBz+Pk{y0z6R;jPq
zwExlopMq2=oSsq~HYY(ed^g2rp+&4!L$lEXh+6>b?$-WgBXKqhnn!DdR_xOloCDE+
N{|N1U_nfxED{@jvw8Q`a
literal 0
HcmV?d00001
diff --git a/domains/sourcephile.fr/nebula/courge.pub b/domains/sourcephile.fr/nebula/courge.pub
new file mode 100644
index 0000000000000000000000000000000000000000..54bd11c69263e78fe38f94f8130ebbc117d9e9f9
GIT binary patch
literal 147
zcmV;E0BrvNM@dveQdv+`0DY-v4!ZTLyftQS>J_vtyZ{P!ixBe#Y}3h<R46q|F`o7t
zXx?o)wSfu#QR5fp&b9uzW;VuJ|Mu@Aa#IANrR*zY(1^rhQS7=SbjI%Xz9pp1JCrc%
zfd2UU^q&Fu$Sv&!S`NPeY;;T6`z~2($^Ls_l)U_;Fw5XdDR$QyFUp-8dC<U{Z|t5!
BOdtRN
literal 0
HcmV?d00001
diff --git a/domains/sourcephile.fr/nebula/keygen.sh b/domains/sourcephile.fr/nebula/keygen.sh
new file mode 100644
index 0000000..54755ad
--- /dev/null
+++ b/domains/sourcephile.fr/nebula/keygen.sh
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+# shellcheck disable=SC2046
+dir=${0%/*}
+set -eux
+host=$1
+
+nebula-cert keygen -out-key "$dir/$host".key -out-pub "$dir/$host".pub
+gpg --encrypt $(printf '-r %s' $(cat hosts/"$host"/.gpg-id)) \
+ -o hosts/"$host"/nebula/sourcephile.fr/"$host".key.gpg \
+ "$dir/$host".key
+shred -fu "$dir/$host".key
diff --git a/domains/sourcephile.fr/nebula/losurdo.pub b/domains/sourcephile.fr/nebula/losurdo.pub
new file mode 100644
index 0000000000000000000000000000000000000000..d6738d1d34273075fff7574fe79ef1070f203b75
GIT binary patch
literal 147
zcmV;E0BrvNM@dveQdv+`0H%I6NSuQv$C(L<Of1xIf`KWEmi^q@;qc3TuG&g@E-V1f
zRt?;76+6vG;G*5=)YuQg4k$NE&AjiO!ET_c&CRjTg}*GG*58-4TFvi_6=+3SUD_}h
zD9gX8y=848VJkh7aHoh3+|I-;0Z3OYY*-(&w1}yCx}Ys2nGc4$so$c#`90QMXYZ^0
BNyPvF
literal 0
HcmV?d00001
diff --git a/domains/sourcephile.fr/nebula/mermet.crt b/domains/sourcephile.fr/nebula/mermet.crt
new file mode 100644
index 0000000000000000000000000000000000000000..c289916a8204dda3c4fde0f2a23ead3a8150ceeb
GIT binary patch
literal 367
zcmV-#0g(OxM@dveQdv+`0Bo0Mt%v#~&(JVME&a<=-TaRr2rI~Y;iab~_g@(D7CmiU
z1fSI4H1~E1%a@t*J#S}|D$>NMbQnS`udDcy(cnSQ$n+JcTJ%5`In-s1D^68|wBica
zjgiH96$fWfNp*^!b|Z%BFS`Uz(<Jn=M(0pvO3xCshsbXJ%N${Z!dB^km7@qo=vJor
zhm};%c8gn2Ln0DAt#^ZQU!in*eOno8_QUzK`yC}ViHa;!V3Sx$J+_E9)uH`o=kd0Z
z+jE4k-aaH>`c&a&4%qF|Dzh8`HPztO@QAp(I*qiLe^$Agi`BU%uDSn~jurTF95iD@
zCL`_lmGt7$@Z;Z#E=VMOt`9saQmRt-Z#=~VDYaY<0{Zb_iwBk^Nvq=>`7A^>20ugs
z+3qUF>Vw(%Wc1-7_*;2=uz;1}C2XI~s+U*(ZGB!P7Hm=(Wc@C}qAT{oz$Rgk!+|Ug
N3Zk+<f(3N_dw{=OxS{|6
literal 0
HcmV?d00001
diff --git a/domains/sourcephile.fr/nebula/mermet.pub b/domains/sourcephile.fr/nebula/mermet.pub
new file mode 100644
index 0000000000000000000000000000000000000000..c2081e601098a1651b7a590de8a3d903d92cfc88
GIT binary patch
literal 147
zcmV;E0BrvNM@dveQdv+`0MT=vhxAjH5Qcz4UM{5{p!Vr<x47Un1=I&zT!)-r>xsY>
zUMIu6lS>SoLO5I3iP(WT%-#27U8*AzLow=Mim5QvD-+G&S{ieM!j&y-auN+n5?*|<
zQamHW#HrdfsHsBxxa~wW7A3xq@QQeF57Uz*z+(e5Ka?(@DZwH<^3mD@0D2po(~&uT
BLl*!5
literal 0
HcmV?d00001
diff --git a/domains/sourcephile.fr/nebula/oignon.crt b/domains/sourcephile.fr/nebula/oignon.crt
new file mode 100644
index 0000000000000000000000000000000000000000..5aeb0455dc853a4558a8172cf401a0ada5d0f132
GIT binary patch
literal 367
zcmV-#0g(OxM@dveQdv+`08z2t`0Q;oDa_%W>K#~&nMFRaeeEwB(mveq1$1VxIC!Qn
zzf;_6(A(2`$!+#k&eE*lvpR*f-|w<Yig)^RWltj@v0(_VI(RT^8EV+aZl`Y9>Xg7X
ztRd;aIYS@%xsjE(=*0c_%KhtDsnkg~s~^RAm4_#x26!cn*8hwsJeiTNYS1wixW;3v
z&vDq!vjRZpPC5N{r7EW0iI6_J*$Gf!)o$MivopSBC=;X|#P!pB$j++RQ>0*qyJ&u7
z7Y$SAh_opLQl3`v^D+!gi%;|R=w@72qZM0Co-W({IbPKCN4UX@3-wuv^ZEnmGciSC
zy`yj*@gu<y13YI!)Tl`_Hir#qvJzugYqy^@8aH8Nwk3EUuJ|R71VtlI2Pkx8zTiqc
zo&Xq>OZ3AJ(8yB900r}q7wsK>oHl{mr2^i6SO9P=F8ElGEuT@*?Cd~5ds`uuPmTiP
NYrM`3j4U6kO($Z;w7>uW
literal 0
HcmV?d00001
diff --git a/domains/sourcephile.fr/nebula/oignon.pub b/domains/sourcephile.fr/nebula/oignon.pub
new file mode 100644
index 0000000000000000000000000000000000000000..f260f0baba22b2ac5ee133c3c10e8567967dda8e
GIT binary patch
literal 147
zcmV;E0BrvNM@dveQdv+`01s;As3xyx<O_R~Bddz&w&b~N*%OI0Bd6%ld3!3C-2sg+
ze5*?o;1KF!=re{Tv{^F7Mpe@0(8#Afb3j*ZE;&%R9+h8p(n;a0=oTGmz=tIl-UWgK
zmWU||UGZi$jka2+PYXi5hd>>>>{CQJE(@nR$#m0?PxJ|@twflIjc|rUA#6uRaQqtZ
BLQMbw
literal 0
HcmV?d00001
diff --git a/domains/sourcephile.fr/nebula/patate.crt b/domains/sourcephile.fr/nebula/patate.crt
new file mode 100644
index 0000000000000000000000000000000000000000..76d6d6433735402a0f79c73a8985d0777f2c0e30
GIT binary patch
literal 367
zcmV-#0g(OxM@dveQdv+`04gcS@P>2oGbnwS$6AhfnA;`nzCXm*w~6vg+8*oh%SX^6
zoRyQh&(w~1J@4+D`&&ca=?sOd#OnMJo00%mseilG@OG_|#0(+lp@p`HFjk}}EZ71T
zOZb0Eq;N|avG0J?)QRFGF(`rsF=(<uKgZM#05%s9{Mwpw^+r7Fb&fS2Ck#18-ONBI
z++auLhOeIW-}#uAp7b$T&v3K3W$Yi|cqa!T(vJc!AsHr;uOqS3*mY445Iuqt3S#r}
zeTiIVzJ%8B4yZDQeObvL((wA?($Fc#XW|1hbtrxHbBPZb6pJzPdOSyKR$g^ghI6xN
z5cGsNq{RUtpS{{SQ_0}|7kTr9di%Hg*V#~FMa9mXWnLe-^Wc{|v--o*+Lf7)+ViXn
zkP;jRA}Ex2c9x;WYr5+Jq1o)73z22w&%lz7xGvk{b@2j>gNPw5DTdr)-6T<}*xdg~
NnWw7|^JHP&<;DKCz8nAm
literal 0
HcmV?d00001
diff --git a/domains/sourcephile.fr/nebula/patate.pub b/domains/sourcephile.fr/nebula/patate.pub
new file mode 100644
index 0000000000000000000000000000000000000000..32373b554e6445e94b8ab2316d17ef76a9b7096d
GIT binary patch
literal 147
zcmV;E0BrvNM@dveQdv+`0P1+b<<jUQB~X|dh5Yg^<+f*d9-^Qi3H^V$a3{`78m67^
zN1imB#i)}kDgW!_241s+Ben;VgAl9?jLO+Mw94ea@C2PeH{77pY*{`Q0!78Ge^Wem
z0;aK9#~B1xcZINqW@xTT0As|K)ttD(<P{dtoFBhXSoDV$SWAF_aRb=?SobS_F`+}%
BMw0*l
literal 0
HcmV?d00001
diff --git a/share/nebula/sourcephile.fr/sign.sh b/domains/sourcephile.fr/nebula/sign.sh
similarity index 100%
rename from share/nebula/sourcephile.fr/sign.sh
rename to domains/sourcephile.fr/nebula/sign.sh
diff --git a/hosts/carotte/nebula.nix b/hosts/carotte/nebula.nix
index 74dcae8..a5a6902 100644
--- a/hosts/carotte/nebula.nix
+++ b/hosts/carotte/nebula.nix
@@ -1,4 +1,10 @@
-{ pkgs, lib, config, inputs, ... }:
+{
+ pkgs,
+ lib,
+ config,
+ inputs,
+ ...
+}:
let
domain = "sourcephile.fr";
port = 10005;
@@ -6,7 +12,7 @@ let
in
{
imports = [
- (inputs.julm-nix + "/share/nebula/sourcephile.fr.nix")
+ (inputs.julm-nix + "/domains/sourcephile.fr/nebula.nix")
];
services.nebula.networks.${domain} = {
enable = true;
@@ -14,12 +20,23 @@ in
isLighthouse = false;
isRelay = false;
firewall = {
- outbound = [{ port = "any"; proto = "any"; host = "any"; }];
- inbound = [{ port = "any"; proto = "any"; host = "any"; }];
+ outbound = [
+ {
+ port = "any";
+ proto = "any";
+ host = "any";
+ }
+ ];
+ inbound = [
+ {
+ port = "any";
+ proto = "any";
+ host = "any";
+ }
+ ];
};
};
- networking.nftables.ruleset = ''
- '';
+ networking.nftables.ruleset = '''';
networking.networkmanager.unmanaged = [ config.services.nebula.networks.${domain}.tun.device ];
#boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
}
diff --git a/hosts/losurdo/nebula.nix b/hosts/losurdo/nebula.nix
index 6ad5e22..153cecc 100644
--- a/hosts/losurdo/nebula.nix
+++ b/hosts/losurdo/nebula.nix
@@ -1,4 +1,10 @@
-{ pkgs, lib, config, inputs, ... }:
+{
+ pkgs,
+ lib,
+ config,
+ inputs,
+ ...
+}:
let
domain = "sourcephile.fr";
port = 10002;
@@ -6,7 +12,7 @@ let
in
{
imports = [
- (inputs.julm-nix + "/share/nebula/sourcephile.fr.nix")
+ (inputs.julm-nix + "/domains/sourcephile.fr/nebula.nix")
];
services.nebula.networks.${domain} = {
enable = true;
@@ -14,12 +20,23 @@ in
isLighthouse = true;
isRelay = false;
firewall = {
- outbound = [{ port = "any"; proto = "any"; host = "any"; }];
- inbound = [{ port = "any"; proto = "any"; host = "any"; }];
+ outbound = [
+ {
+ port = "any";
+ proto = "any";
+ host = "any";
+ }
+ ];
+ inbound = [
+ {
+ port = "any";
+ proto = "any";
+ host = "any";
+ }
+ ];
};
};
- networking.nftables.ruleset = ''
- '';
+ networking.nftables.ruleset = '''';
services.fail2ban.ignoreIP = [
"${ipv4Prefix}.1/24"
];
diff --git a/hosts/losurdo/nebula/losurdo.key.gpg b/hosts/losurdo/nebula/losurdo.key.gpg
deleted file mode 100644
index 32702260461cb5b611e2aea7215103600b17daab..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 764
zcmV<Y0t5X3M@dveQdv+`0L#EnD4X;^f`wa`knkt$I8MvJmkOW!BmJ+>isdezid#8H
z)HlZ~30<(1Y6UrdC6WxeROT~ohX8Z(pck3F$~aZWL3%8q_EN1d9$K45X>&j;?e_9+
z$Q^wb(JbkC&X)mmtYZ!)4W|zn!Uc~F2?Ss#2V9I|JdKd5u=u=QK-S~i{5Ub(s9o_x
zOnkLUcAH3$a}9f3aMx*6bax}_$l-d3=DKV>mMT>XUk4Au!R-%S9p5L16RXmXul`dV
z<VN9#eLTGQHl91|!2F*BC{qg$XA+a-Weqg~5$0!&*_+$?`vB3vc^Frmy<+7INGM`d
zCRcTs_rh<o!M6A-au4&57=P@~ae{+>zcR@e%6@lc5^u`d>FZ=OwhfU!)a83%+rBf}
zD#j1w8>0NQd<6X*wRY~RHz$(^<Ze30O^*Q*4Xr5VO5><Qj?=P}u&J-3y<i_JOqQM8
zWXZru9V%})qg5+y2eDIV4X8x{BCZ9fQp!LxEAJbOqd1!nKl!JUV4AGK8%_@yN+%W0
zXaa>hc;=nEn#T;)H2KNKoB+O_=O(Rioc#_4OTY?+$z^)Fp_Hxn>$n?TGv0mALhyMI
zC|2*7x;qU69Xz9ovo<Yx6sgZAS1&RPEHSWM?a1Ho<Ce7#gnHr=LyGZ^;dI_|iu%>`
zsKim$2&xxK_Q_moA6c&$KHK=ZP%3!*8hqf)_K7J@{$I06PFRl2(%x&DYr?AZ_9$92
zHDxay0IAWiiu54I3e#>ICLkU~MdHM-d^TVMOMwF^H&D7cx^lT~On4gK3swDcM+fqp
z*bN6osKoSLAp)vb>;fZERA$7vLyIjzhSOHC><E~%uIgrZ>ye93P(c+}zBzQ42kYJ?
zkfm5>VJT6U-htJj5V&LFWAxtl9q-Q$W8G$?OCdy_quL$*Dc+@8=95aQ-9(D)MT4Y-
ueU_Q<d2{|UL@)W;DcY)`JP%)>+pyteC<QpCI1!1I#is4=qGGImH-XOck8;%j
diff --git a/hosts/losurdo/nebula/sourcephile.fr/losurdo.crt b/hosts/losurdo/nebula/sourcephile.fr/losurdo.crt
new file mode 100644
index 0000000000000000000000000000000000000000..12dfa56d47ce847ffbf73caf6f7d4a8ebbc05b44
GIT binary patch
literal 367
zcmV-#0g(OxM@dveQdv+`0IFbL|1cI^f;fwc#U~6$M=6NnLwXhEH0hx4<sg^3Aa6uB
zyZvox*?ZVsuUJh#RC1~0m%D%t@z1m`kA?4bvV?<BRRNHz2US&}#C1<4CJ@A&CZz|!
zgaVG7zr)^OXnfE@_ChaiHv4l^|M7txfkpyuUF3k7C0sg~8Ox<=BDbr7YebqeQF?Jf
zD=w!S3$mF`M4YOVL=P!L1-`MOPHLii@_d?YX9W56gwEx{AeO+Z=p}OH4)?b%9%ZXM
z#wNYuXHU+p^N$CKrEczdUO%986;;b7=MfM;Qz$=vv*`?bJ5h*l)WRJ>j;f1Vq5u2n
zIMMs+>Gd@lV#h1OWye7XF*(VXTE4m6UEwUgOxQ2rl=DdNV&L1-B(eF0w#;ee>%Lc_
z43cYHQFaf==#bp|)OHG9#UkUkV4nHyt%478hllMskqN97Z@AFnfAG^5_j#>~GKe5Y
NrPlX8b+hM5^dp_AxLW`K
literal 0
HcmV?d00001
diff --git a/hosts/losurdo/nebula/losurdo.key.cred b/hosts/losurdo/nebula/sourcephile.fr/losurdo.key.cred
similarity index 100%
rename from hosts/losurdo/nebula/losurdo.key.cred
rename to hosts/losurdo/nebula/sourcephile.fr/losurdo.key.cred
diff --git a/hosts/mermet/nebula.nix b/hosts/mermet/nebula.nix
index 0e0be8a..5298cf9 100644
--- a/hosts/mermet/nebula.nix
+++ b/hosts/mermet/nebula.nix
@@ -1,4 +1,10 @@
-{ pkgs, lib, config, inputs, ... }:
+{
+ pkgs,
+ lib,
+ config,
+ inputs,
+ ...
+}:
let
domain = "sourcephile.fr";
port = 10001;
@@ -6,7 +12,7 @@ let
in
{
imports = [
- (inputs.julm-nix + "/share/nebula/sourcephile.fr.nix")
+ (inputs.julm-nix + "/domains/sourcephile.fr/nebula.nix")
];
services.nebula.networks.${domain} = {
enable = true;
@@ -14,12 +20,23 @@ in
isLighthouse = true;
isRelay = true;
firewall = {
- outbound = [{ port = "any"; proto = "any"; host = "any"; }];
- inbound = [{ port = "any"; proto = "any"; host = "any"; }];
+ outbound = [
+ {
+ port = "any";
+ proto = "any";
+ host = "any";
+ }
+ ];
+ inbound = [
+ {
+ port = "any";
+ proto = "any";
+ host = "any";
+ }
+ ];
};
};
- networking.nftables.ruleset = ''
- '';
+ networking.nftables.ruleset = '''';
services.fail2ban.ignoreIP = [
"${ipv4Prefix}.1/24"
];
diff --git a/julm-nix b/julm-nix
index 1252ba7..87c0ccd 160000
--- a/julm-nix
+++ b/julm-nix
@@ -1 +1 @@
-Subproject commit 1252ba764c73d02d76404b4e44537e10cecf1a0a
+Subproject commit 87c0ccd2bb36673ef7394642e90e7dd62641873a
diff --git a/share/.gitattributes b/share/.gitattributes
deleted file mode 100644
index 0632387..0000000
--- a/share/.gitattributes
+++ /dev/null
@@ -1,7 +0,0 @@
-*.clear filter=git-crypt-share diff=git-crypt-share
-*.cred filter=git-crypt-share diff=git-crypt-share
-*.crt filter=git-crypt-share diff=git-crypt-share
-*.gpg filter=git-crypt-share diff=git-crypt-share
-*.pem filter=git-crypt-share diff=git-crypt-share
-*.pub filter=git-crypt-share diff=git-crypt-share
-.gpg-id filter=git-crypt-share diff=git-crypt-share
diff --git a/share/nebula/sourcephile.fr/ca.crt b/share/nebula/sourcephile.fr/ca.crt
deleted file mode 100644
index 496f468cadbb4522e03df34d6ae2382a237090c1..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 269
zcmV+o0rLI;M@dveQdv+`0L--m<JUe6pYixo4*F;Ir8X8VUx%F}xHh>f-#yJrQCW9S
zUOnwARwXW>X)xG{i-qsXJQq`iDG5&+6cpuO7jZc*9Ie6-U0fwMy)?|L9719)=P4%b
zIU7oylI&sl_C8Aq^LnW_r!uBY2{dZH5ZK?j@|bg;1=NyKV=_{}0H#w)1O2?=jd_vZ
z{3x#2Atv>l%ym$i;G$2nCx++pk`_o`flpvMUb@2h7}EVuh^~=M`$RylA{u3Z`llQ>
z@2^B_f!;nKrtt!wc3;p9oMWZB+q=U(gIi;WUczx?$+j>-Oj++@G^6E?&UzhDt`WY)
T3I~Arh4^)EVFI`T0uDRNydZri
diff --git a/share/nebula/sourcephile.fr/ca.key.gpg b/share/nebula/sourcephile.fr/ca.key.gpg
deleted file mode 100644
index e9dba8686897cd66b857f122d9ef0a44877e24d8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 753
zcmV<N0uKF!0t^F#J(Qk$YHB?J5BUM-d%-?Uo~D}8dlObyIt&vc{9&8d0f-5WS9HFd
z6uKGB6Xqz&EJslb1^ied2Fu<{=v}I&55rt`5xm*?#v6+NGFEG>UlWPY>o@-b(G>%!
zUo`)x4-=ESv2X8VcL}@(xg~sej}cq=Wz<N^gJiw%F%Of!)^04y!0II?8?BGre9s49
z&+zY@<xIa@zy(Aek?si8T@5u%%)r}fE3B00wIF}c(eOmc)qIi1{;O(5le=KH^DloJ
zoyXO2<%t-&YXC`K|ARn@@l0eerXuDY>{Qd-VwX``faoDRGS$izJL7hGl|FSYNT~)0
z$&-=t1k%=ph^egMbqA|Kppi94i(&!&&c)y6^l}f&kp-1N$o5K>Of4OH0;q6M129>r
zi&Ui@eDZ22iQyC=+SDrruXtUv!ht_Z867}8nx&yE70ft<=6Lps+k8VwM)jdy95uPq
z<g|-ONh{xE9=&K#PLQHCkL>!bouZmpP{B+!?U~lwb7kB;pqkWpSEipGsR}%2Uu-;`
z|K};c*}~`dl=m@ZEQwa!8>{?<X$J@rxSxIc+7sB(6WoGPlQX3nX`D!Y=^PpodGYd{
z@C$pm@pstqtfCxjo@fqTXBv86>bB@|oJ@%OF&KGE+6C|~Z0?vsyl>~TmmMSo=qBc3
z#7r?x$YUq@aTuuN8W+;Q9|3$%_Auttlk8$Nn+|J+9GYQ)XQI8BqAA0eHSB>dH**@A
z8pfw@e9o<mUU!0TmQV!%YxhFUj9SALDzpoL1*3#JUw_|${OEA<EEtR8_iYO;PYJe#
zT@Of%$-+GfHK}zxa8Vj~i3N)9rA32m=c{}16Xh%gGF}7X^F2oVC0D3S{t2ea=SjR*
zG&0Kclyq#%xTUu^SFYy6IFYrdh$}=#2PV%o2*1brzxKKHuXAB_(fHyMH{Vo%M}aXk
jyE77k&TR^(M#FO{#-RuE(&^6m_JAge6oR?7%Y+~OiqCV|
diff --git a/share/nebula/sourcephile.fr/carotte.crt b/share/nebula/sourcephile.fr/carotte.crt
deleted file mode 100644
index 51ee30d..0000000
--- a/share/nebula/sourcephile.fr/carotte.crt
+++ /dev/null
@@ -1,7 +0,0 @@
------BEGIN NEBULA CERTIFICATE-----
-CocBChZjYXJvdHRlLnNvdXJjZXBoaWxlLmZyEgmFgIBQgID8/w8iC3NvdXJjZXBo
-aWxlIgVpbnRyYSibuvqwBjDv6LiPEjogBqHW9E7dnlVGHpyxpRT2eHtzvdPfGZ+G
-N/o5r7dtuWVKIE9dl0LRpqNSmBSZXfX8iNjgyTTlOdxVRrnE5DrL+MPjEkDRDiox
-0c7Rg42m2xAqE4NECnHSroPnq/f58gb7Pbf1Cuf+dx60IU9LEIqPZ2JCbD/jPmxS
-OSWI7Blcuwrm+tYJ
------END NEBULA CERTIFICATE-----
diff --git a/share/nebula/sourcephile.fr/losurdo.crt b/share/nebula/sourcephile.fr/losurdo.crt
deleted file mode 100644
index 5ad72f9a054899f3168ae58c8eeaa30d95693d52..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 367
zcmV-#0g(OxM@dveQdv+`0G)}YchCAC(g!Jlamco--`F1v=I3M*f^_WG1Xf)zNVSLE
zZHtY|2-~i!a_rg`=gd(xluc3Rg-vGJo6DcAvBc<@vTW41JumF2mE@s-cES)3!Qb?Y
zO#Nx<z~{zn8d{o0l>tF8kVPH<A?>BQ$+`66@*)@Tbeb>4`<cxEj!?tU!nsZaEh{E4
zgDun9dB^K(sxv`%n&Qeb|2&dbpLf}~reLRE#aoxO><uBhF(sqq*x76nj(pZdGkmQ)
zO$F~>KgDdg>`rs<6TUXzlBjHvr{!Sm`N3+Ne*mt14JG{m)cQ1}>fk{L_eAaYg*?dC
z_ui8Q|BHm0IM|K9z=xcWl$h@<oQ#+?Orn@kcYI6>(e;K}#O*t2T{MR$-34{e1Vmqk
z1wNa<m4+=!>ro>MryW=eD`yTfrC>65YhptW=W$*g2cMvKTPlOaSzN0O!b=`~<-pdZ
Na7}j&IJP42M5wI)x?%tT
diff --git a/share/nebula/sourcephile.fr/losurdo.pub b/share/nebula/sourcephile.fr/losurdo.pub
deleted file mode 100644
index b7f0c2b830f0648e9ab90d97c8ceedad0714061f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 147
zcmV;E0BrvNM@dveQdv+`0B;%HSh*O>9GnU-{kuSb^*B!_&osvt-^a_uu~{-$mYBJA
zg4-*54`;j7L`Gp)vHeiwiLXvhPB9Aw4AmBCxx%ha;QR!Kw0jyUik=cNe+GKIfY?&i
z8aFGX1ICS8gr08@N$aIB)c&Tg;IO$~u~P6PBJe2G6+mkP_Ytt%nWU$~1!Kh0j2;Kf
BMB4xW
diff --git a/share/nebula/sourcephile.fr/mermet.crt b/share/nebula/sourcephile.fr/mermet.crt
deleted file mode 100644
index 0cec7b6c3ca4310a2e099f15be5b0f68fef2313c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 367
zcmV-#0g(OxM@dveQdv+`0L0xihKyX8{4T(&bM7j7?!2Lz5JLYtL3j7^yY6bZ&GM3T
zp3@bn304msK7jFg3+#%%QNCAgk5L6d?-0_3`RMPW&7S_OH*E{lYO)6d#WMVrd>wmf
z`CsCsyWP>y`wsXkO(&q?{C-N_kMCbbSpv)3#D6SOvRl(FOU8ZX@>o#er@Jt~qxZ|W
z;Qfd=0MZP}+44FWJuq|iDd_`PB|(H4S>ZyFC|G`zJU#=$?6|6e(%ghruwQ^p)kK4S
zuk#G4Cl3GIsicprl}Iynhz<I24o|9CeH)ihZ%6WG-aE9?Tpj0^&`1F<t{V7EwvoQS
z$vmC+paj$3)bKCgnED!`s8f{HCxziK1{aTpMaU9iTIIu%=?XgtSaO;#bI+h?;$@fU
z5Lwpr@ov8xb+u~RaWo==`Gud~S&IM=@J>Z_=w=v~7T_>2!PYO$%^Uo~M;DK`3fp&o
N1PijU<OetFNzFD0y*K~>
diff --git a/share/nebula/sourcephile.fr/mermet.pub b/share/nebula/sourcephile.fr/mermet.pub
deleted file mode 100644
index 32e052d68749ffa33d17ff6f50d2021539416efc..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 147
zcmV;E0BrvNM@dveQdv+`0Q0tXo;$8*5Z%5O{g4u*cb(dTfO*Q$k>lnD_}kBDdZ~`F
z=c|vPr!uu}_pYp!`>^-~pi>i(Eu8+Q<{R5iQ9J%O8)%B=-W6_a$o&jS9TzZM@tI<G
z&@d4Ufm-10DvfX?;4W>b8tkv=FboEy8Sv^2_|#uR*l_JZt6d4__E|Wg)%l8Z5c1r;
BOcVeB
diff --git a/share/nebula/sourcephile.fr/oignon.crt b/share/nebula/sourcephile.fr/oignon.crt
deleted file mode 100644
index f4d5bc144e51a4f0588500a78ac906d46861e5c1..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 367
zcmV-#0g(OxM@dveQdv+`0N=nYmpIiZ^R$<EpqPWpDmqleB~EgPAy)9%EJ8XODaY(T
z+x`j@79wlDW@7v#^v2QC-kHu_<l|_u;`>A&bK*^A87Nl_{r8uCj2+-Sn!k#s5sWS3
zOK79~*RRHhz1ut@iKd<9X$ojZRQ7$7B@u2}**43e1h~ixu=kee_lH8g0q3B0WGfnZ
zkO0Mb+-+={rK!3rjh+*Hs&=`y)6>1d6^JmM07CATEqn(eS#qEGa3P%gvqDRo<bY(u
zr$Qe?0c6Pp(_K5JP=*-Cf8ejS@I1v;#~RtWUXJ=2xk-H3Y0{%;yi0@{zmigk_W<r`
zbPtT1%VZi^%5&Y2Q!SWZ*-+dfj}I%E6{ft6Z9A)x9BvwrWLNmCwe#d7g^d_NH62+2
zm?1Br8cN8-<t<JlMiNfgCRET0xh!|GZ`j}Gm)T6?-5^S<Ey%w<)0H)xCC#lPO@+^Q
NMyCSKz|yGX^OmV<wzB{L
diff --git a/share/nebula/sourcephile.fr/oignon.pub b/share/nebula/sourcephile.fr/oignon.pub
deleted file mode 100644
index f115e135badd18ca8f71479365e7111ba4a659ff..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 147
zcmV;E0BrvNM@dveQdv+`02lCfmc_d1!(K<-!0tELh9vWYB?uAoLldK+>hGDc*Rzrn
z8?|d;4y0(a_m=BkM6|D{YLg`@hb?8>oZr@0oGGn8We$;FSD0tPj&wGagmDS?%qXKD
zRvUvTnUIqo4xxy~N&QyzqKq^u+J>2N8vcRV&mb`RkG(@`w!<}a5>jWoh*hS6u`ii^
BN7MiS
--
2.47.2