jet/noisebell
jet/noisebell
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add digitalocean noisebell host

Browse source
This commit is contained in:
Jet 2026-05-21 12:06:10 -07:00
parent adb929227b
commit b57927a395
No known key found for this signature in database
16 changed files with 318 additions and 92 deletions
Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -20,15 +20,17 @@ Pi (door sensor) ──webhook──> Cache ──webhook──> Discord / Zulip
|-----------|------------|
| [`pi/`](pi/) | Raspberry Pi OS base with laptop-built Noisebell deploy |
| [`remote/`](remote/) | Server-side services (cache, RSS, Discord, Zulip) |
| [`hosts/noisebell-do/`](hosts/noisebell-do/) | Standalone DigitalOcean NixOS host for the remote services |
| [`secrets/`](secrets/) | Shared agenix-encrypted secrets and recipient rules |
Each directory has its own README with setup and configuration details.
For hosted deployment, another repo such as `../extremist-software` imports `noisebell.nixosModules.default`. That host repo provides deployment-specific values like domains, ports, and the Pi address, while the Noisebell module itself points `agenix` at the encrypted files in `secrets/` and consumes the decrypted runtime files on the target machine.
For hosted deployment, this repo exports `nixosConfigurations.noisebell-do`, a small DigitalOcean NixOS host that imports `noisebell.nixosModules.default`. The host provides deployment-specific values like domains and the Pi address, while the Noisebell module itself points `agenix` at the encrypted files in `secrets/` and consumes the decrypted runtime files on the target machine.
Useful commands:
- `./scripts/nhs` redeploys the remote cache host using the local checkout as the flake input
- `./scripts/deploy-do [jet@noisebell-do]` redeploys the DigitalOcean remote host
- `./scripts/nhs` redeploys the old Hetzner host using the local checkout as the flake input
- `scripts/deploy-pios-pi.sh pi@100.66.45.36` redeploys the Raspberry Pi OS machine
The full Home Assistant relay workflow is documented in `pi/README.md`.

17
flake.nix
View file

@ -435,7 +435,8 @@
};
};
nixosConfigurations.pi = nixos-raspberrypi.lib.nixosSystem {
nixosConfigurations = {
pi = nixos-raspberrypi.lib.nixosSystem {
specialArgs = {
inherit nixos-raspberrypi;
};
@ -451,15 +452,29 @@
];
};
noisebell-do = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
self.nixosModules.default
./hosts/noisebell-do/configuration.nix
];
};
};
devShells.${system}.default = craneLib.devShell {
packages = [
agenix.packages.${system}.default
pkgs.curl
pkgs.doctl
flash-pi-sd
pkgs.jq
pi-serial
pkgs.nix
pkgs.parted
pkgs.rust-analyzer
pkgs.openssh
pkgs.tio
pkgs.wrangler
pkgs.zstd
];
};

167
hosts/noisebell-do/configuration.nix Normal file
View file

@ -0,0 +1,167 @@
{
config,
lib,
modulesPath,
pkgs,
...
}:
{
imports = [ (modulesPath + "/virtualisation/digital-ocean-config.nix") ];
system.stateVersion = "26.05";
boot.kernelParams = [
"net.ifnames=0"
"biosdevname=0"
];
networking.hostName = "noisebell-do";
networking.useDHCP = false;
networking.usePredictableInterfaceNames = false;
networking.nameservers = [
"67.207.67.3"
"67.207.67.2"
];
networking.defaultGateway = "143.198.128.1";
networking.interfaces = {
eth0.ipv4.addresses = [
{
address = "143.198.141.161";
prefixLength = 20;
}
{
address = "10.48.0.5";
prefixLength = 16;
}
];
eth1.ipv4.addresses = [
{
address = "10.124.0.2";
prefixLength = 20;
}
];
};
networking.firewall = {
allowedTCPPorts = [
22
80
443
];
allowedUDPPorts = [ config.services.tailscale.port ];
trustedInterfaces = [ "tailscale0" ];
checkReversePath = "loose";
allowPing = true;
};
virtualisation.digitalOcean.rebuildFromUserData = false;
services.do-agent.enable = false;
boot.kernelPackages = pkgs.linuxPackages_6_12;
boot.loader.grub = {
enable = true;
devices = lib.mkForce [ "/dev/vda" ];
};
fileSystems."/" = {
device = "/dev/vda1";
fsType = "ext4";
autoResize = true;
};
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
PermitRootLogin = "prohibit-password";
};
hostKeys = [
{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE40ISu3ydCqfdpb26JYD5cIN0Fu0id/FDS+xjB5zpqu"
];
users.users.jet = {
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
};
security.sudo.wheelNeedsPassword = false;
age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
services.tailscale.enable = true;
services.caddy = {
enable = true;
email = "postmaster@extremist.software";
};
services.noisebell-cache = {
enable = true;
domain = "noisebell.extremist.software";
piAddress = "http://noisebell-pi";
outboundWebhooks = [
{
url = "http://127.0.0.1:${toString config.services.noisebell-discord.port}/webhook";
secretFile = config.age.secrets.noisebell-discord-webhook-secret.path;
}
{
url = "http://noisebell-pi:8090/webhook";
secretFile = config.age.secrets.noisebell-relay-webhook-secret.path;
}
];
};
services.noisebell-discord = {
enable = true;
domain = "discord.noisebell.extremist.software";
channelId = "1034916379486322718";
};
services.noisebell-rss = {
enable = true;
domain = "rss.noisebell.extremist.software";
};
zramSwap = {
enable = true;
memoryPercent = 100;
};
nix.settings = {
experimental-features = [
"nix-command"
"flakes"
];
trusted-users = [
"root"
"jet"
];
max-jobs = 1;
cores = 1;
auto-optimise-store = true;
};
nix.gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 7d";
};
services.journald.extraConfig = ''
SystemMaxUse=100M
'';
environment.systemPackages = [
pkgs.curl
pkgs.jq
pkgs.tailscale
];
}

20
remote/README.md
View file

@ -29,7 +29,7 @@ nix build .#noisebell-zulip
## NixOS deployment
The flake exports a NixOS module for the hosted remote machine. It imports `agenix`, declares the Noisebell secrets from `secrets/*.age`, and wires the cache and Discord services together with sensible defaults. Each service runs as a hardened systemd unit behind Caddy.
The flake exports a NixOS module for hosted remote machines and a complete `nixosConfigurations.noisebell-do` host for the small DigitalOcean droplet. The module imports `agenix`, declares the Noisebell secrets from `secrets/*.age`, and wires the cache and Discord services together with sensible defaults. Each service runs as a hardened systemd unit behind Caddy.
```nix
{
@ -62,6 +62,24 @@ The flake exports a NixOS module for the hosted remote machine. It imports `agen
}
```
The production DigitalOcean host in this repo enables the cache, Discord, and RSS services on the existing public domains:
- `noisebell.extremist.software`
- `discord.noisebell.extremist.software`
- `rss.noisebell.extremist.software`
After installation, authenticate Tailscale interactively on the host with:
```sh
sudo tailscale up --hostname=noisebell-do
```
Redeploy later with:
```sh
scripts/deploy-do jet@noisebell-do
```
`nixosModules.default` handles these secrets automatically:
| Secret file | Deployed on | Used for |

16
scripts/deploy-do Executable file
View file

@ -0,0 +1,16 @@
#!/usr/bin/env bash
set -euo pipefail
target=${1:-jet@noisebell-do}
if [ "$#" -gt 0 ]; then
shift
fi
SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)
REPO_ROOT=$(cd -- "$SCRIPT_DIR/.." && pwd)
exec nixos-rebuild switch \
--flake "$REPO_ROOT#noisebell-do" \
--target-host "$target" \
--sudo \
"$@"

9
secrets/bootstrap-identity.age
View file

@ -1,6 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 Ziw7aw HhAAwL59eDWhqjnkhN134gANCHnfzZWKUKze1G4FlwE
hIz028hPGQZTQLePmiEnvAgam01U8w1LV6gjwcr9oEI
--- KERP4zeE7cbDbEcD1LLqWvSqEU92i16y3inUL8U5640
¤úümîDûá{¾(ùΤO1æÙ þ‘%Ô²•C4}’ŽðèÄ'B±Mád¼u®Co{ÒÙÁyyWÓˆkºÐ¡cjŠIÒ]pyÒå@X“uützc¨4]<5D>ðy¾B¤*ì5=Òñ™8ºÚµò?¨¼~xÄìϨ<>Ìì‰J®³ˆöéÊÇéiÚîð®EŠa9j rïbóI.óRT€Ç…ÍBB·RR¢Žmbìä©G'k'EÑZ¥ªÓFn»/ÏSÖ¬Mo¢xÞ ¦
<sâCi½¢ü<05>×±
-> ssh-ed25519 Ziw7aw UN1o36xuqmTT5yEU0VbvmlXjy5Vi2ap3f2P8a0VYzQM
o/vBWDo78U1Ryxw6YH8Ucs9NaODpwBbhjKsnX3qnqRA
--- 6acvZXBUKhTMv3FYXiaom59plFQ8504JFiuefo17XvQ
´gE+jûƒþÌì‹&Ä5`¸á<>e,t]*œwÌCP¿îû^Ý-+¬wäCž…Ù7ÐúhÉÒ¤8½K Ñ&€UÍR.ûŽ§•®ÞИ£Øè-_·×ž¢ )CGyPúcS±kéØB¬¬CývÐÑ"­¹'w¬òŸí¬"ÆÂÏe(5[ øYRc¥žxmõäF¼àl~<7E>­n=Õýq¼Šx0ëy¤@M9Ùé~” $,<2C>Ïá:Ù"¼·ß”Éý ‡šÇÏ_¼öÔT …™C:¾Š`P…€Ð¤3

BIN
secrets/cache-to-pi-key.age
View file

Binary file not shown.

14
secrets/discord-token.age
View file

@ -1,7 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 Ziw7aw 756HU1sPe5g3sa0YYfzMnXiToT5K+nfAPhfABEetgRI
E8dqhn7hN77qM0PhHMEAsZySd1hfk0w1tlsiWj4aEOQ
-> ssh-ed25519 uKftJg eGfmzvHseauAFPOR1QXfdmaQy5TjpNsoBWq27mbO50w
KRuGUW65uQ5+IdREyg6X1oj0P5IkuuxFEl1WylGpAHc
--- 2Ya08payqNiMCEqBXrbKEA53ETupxwgUNRcMNu9IP6k
&°‰¢ÏvÄ<76>tBšL˜.¬HéÚ“Y P®Sç3Tó¹•4䱟D¬ s,9Ñeã4TpåÌ,Gë?KtJmwF' ®0³ÉXy»<á÷<E28099>î>½\Áç^þ°m»ÜrÊÏùµŸÏü
-> ssh-ed25519 Ziw7aw 0xkRcZAenJ0AtyrZhXvhNtW71BYphs4kEFgoXxieE1o
J/WUXCDNeNB5kBWvBVGfGnyNl9nNhDcPnuLY4USwSD8
-> ssh-ed25519 uKftJg zLZMo3cOHmtJL3YzUd4BWRIpbRAFL7MU2jnpcrsEUWk
qqeTIlJikW57D9tTmh7dDpYeNiZAAJn0QBfPcMuX4Uw
-> ssh-ed25519 l4GuVg Db8aGfZ1kOQNJo/aN0S6R6aVqCKL+1iTC3xMATGapGU
lqiz9Ck6UqiXyI16yLDHG5rZjIu+8jXV7INm/YnJM4w
--- wRrLhnRAiJJ4rzfeE4wCAGCwAXfoExTcNNnIItOTVXA
æøti£Êýgݹ¡Ž 7Ò¶”Øïrs5 ²N,Lµ+mt³_{À:ºË$«V·ïg Sþ¿µ,¬‹†*PÇ`?#11/tMï¸È}åƒ$¦TNV@;ÇQý<51>á1zµ“Š”

15
secrets/discord-webhook-secret.age
View file

@ -1,8 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 Ziw7aw rZ/ka797yEKkW7xRwxbSJK9NBym4/D2BuC8jQvofwDE
tj9Bjlz4LHH08T4TWbsdyND1jUVPMgOZ0FH0YwBqQ/U
-> ssh-ed25519 uKftJg dBonrYNHmF+jvS6/bBLhPoB6t3pu8A/77YOxG1NRE18
fKe4h8fWURBeSd16fiGGh2fyOO5pAzpwn13bYtnNHwo
--- NssWFWKEXWgN7U1HUo3UlW1vhYKUeRuyQPVqnWVXyEY
X-“Þô¥oÇËÑ­îJ%>#ã?ØO¹š/ÜɈE*7·ø/
œ¸J“ù´nEª½Yÿ Oynüï6¤yË(oÏž2Í…còõ‰ÚBOR,Í¿˜
-> ssh-ed25519 Ziw7aw iAMwtlZYTaco91cAKjOWMeHxOyStgNpsn2H+9ITaIiI
5+nCUM1pD5kGNQfAtJmBVVxsQTqOP0JOGUDSxq3cdAk
-> ssh-ed25519 uKftJg ohDuFQgByMxfagkHkLNn2oGavfAcDo1m95fXLY4XUSM
tjji67gI3nxhgwSszBxAriCuPwgjPLy3iu+usT16Vic
-> ssh-ed25519 l4GuVg 6vtnUc22qj6MPfDCBPCWsYkNeaOwcrpGDX8cuUCdu0w
yvwpA+kIsxEuCQHkng5kGswDyxTeZGKlgxeCQ7xymrQ
--- 4Te4wdjCTn2UF6lPs+p0lGhiWtrcaMPUuAfpuEmPzFM
î6SÞ~üÄÈ_$†µ¬ÚÇ¢ˆ«ÝFò¾¨h{ô<>;è ¶ïÊö®8agKëñæõü¸9(-VÔ sä§<>¦ñÜïæ÷¾RE

20
secrets/homeassistant-webhook-id.age
View file

@ -1,13 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 Ziw7aw v3z9Oh1DYMesxOG184H6mSS7NYqhdvjo8iYlJ5kQYzM
O+OWaXU7uwy8krNNjUdyUWjvEdb62cVt1+tSaEwfHkc
-> ssh-ed25519 NFB4qA k6ZSOTL5p6Ek3Dkw5sWnjdwwKWwMJEbXXq8vWosz1QI
vooc7eaB5s4ib9gzKdK9u/Cqyeud2h7BhMaxCZGbFWI
-> X25519 RmqIi6m7+iE8ACgfTRl7oiOdfCEMv7u2o0m/5wr87jY
8gUgzgjbVKhW6NagnFqUv849nD6UaUxZoRsEaPmS+SQ
-> 0\[*-grease ]^ Q< Ejv ndNP1G`
MVT8TeupnrxLy09AluP8AflxxORyLJSXclKVaqFjLKik20VE9Q0NvwhDPgcv24aS
zQTuJpmKDsTJV0I/WofypfV0hZFIbDBTuVTxCWqwtzU4IsfEIXHXUVdoyseL4FS6
--- eMEg3OcfDfdlEKSy688XEXQAXJ8xydvzWrkQwdrvIPg
§nŽÉ¹€,êÀ26o#¦cϬVàÑ-s[$¯>¶Ã7-,D,º²ZZ¶æ% mºg°O‰
-> ssh-ed25519 Ziw7aw H8kYx+1tkUTWGNcqrZRTplNKVJ0mNJEZJZmGaRYP2mo
sCr5MTCG7NkM5l8K17zvinnmSSGei0hGSy4aqp1EAG8
-> ssh-ed25519 NFB4qA jEpRgq7/FG6BWYWDkfXUvrU5Hgrq1YXrSty+kkw5AgU
MMeYvJelH2aKke4VagZCizOt1jntLI8WjstRx5r9Qxw
-> X25519 QWrkAXUKDeRLgkkkQ1ocQK/bJFlB+M3wntjt8BEKgRs
fqih2zeA3okdBfphDPkdbxaSnadR5UbdvdXd9aHlBDs
--- MnXm0lW6bZFXkl4VLuc2brMiSPrXzGMAPnSs/ekvcAY
wr<EFBFBD>·â@¶pl<þʇ+ƒð>­ßNpYK8É4H䦋Ìû)EÝ3ËÅÆŠ§H¨"y>sî<73>'Ã.z

23
secrets/pi-to-cache-key.age
View file

@ -1,12 +1,13 @@
age-encryption.org/v1
-> ssh-ed25519 Ziw7aw ZaLRvgj6V9ukim0lfxHftVUvCXi7tIXPn5O/2nzQqCE
cem5AxKMkYOs8iifYP80hkbr5km7bFOdjCt7Ym6lQcs
-> ssh-ed25519 NFB4qA ssMeOzGjehzTeppIGHpzPViIKObSwnXw6OZ1DfXs6Ew
Y813udN4YGDMszEC8FVZz7Na6XQigVNFTdusLomMusg
-> X25519 qmoLWSdRljn6daPlUyqk9TOOvBaUx42CvqcpXe/xUCE
7xMN5RbYnpgw3+/pHyCiEyEhyUmQOwa1zSlAbuVwlQo
-> ssh-ed25519 uKftJg Fv8M0RogkcYWd46bJY3OJCoCFAW8QMjzLueDZowylSA
R3w6E2RvDmgaKKhxqWHjEeIQxNSCHzX7+nLb3Ls+iHs
--- 13dp1N6I6pPdDx+FrxsT+ZS5rsFfrK3x0F7Rs6vN6/I
ÖBI¬8Ż
9”<39>úŠ/ěšÂÚqXžŕÄÇ[𮠼™Í ;ž§Ž†*Ć·¨»ńJ2|ŃS(đ‚$Ó©ŘÎ<>SÁ*m
-> ssh-ed25519 Ziw7aw soxQRZjcwuFkOqFS6x2Cw/1YtOD4CkTnsWpY4K2Moiw
KxdY3gJTKxj6YqiMK+Oh+26qzbFEkcsZEpzb5HDE0T0
-> ssh-ed25519 NFB4qA xYDzW2Qxw8nLi5wLJ2SWeuVwRfi673PqgMzBEg+WT3I
SxngK4GNmLIeqGggWTqSVaaOBNyDqtC93xK82rX7sVQ
-> X25519 TQIdaqxCpOfSnOKiNqjE+IIpw076cdKCUAMLay2xqSg
V+IgmEjW/3Jj0Rv3EJRCbi6KyDa+Vr4MiYquV2YgY0Q
-> ssh-ed25519 uKftJg WE6KAFY2s2e3sAY9lW/Fqs8pEVziif7119vv2WL9tUM
4u3LlOECC+IO+x8uD3gr0LZBg48nuDD+2iiXh1MCLxU
-> ssh-ed25519 l4GuVg huZR6w6uZIs6nlPFda5A29Tm+YQNP7ZDc53/RnlcRDA
nZ3dWTIJDChrfQSGUvI3/3g7JmFZ0pmCzFRuzkLcLkQ
--- +mkAGvbKXfMqdgTSfV4t36anO8Nqn0F/EsBBvtuAkQ4
GW.§®¼´›~å©×êaÑNÕxº`ÒqŒ%bÄ&ÞñülSÙ2~Zs4Õöâq×öνAÌÀÂÆ¥“?BTlÞl™„†7ØÌ­ˆçœ

26
secrets/relay-webhook-secret.age
View file

@ -1,15 +1,13 @@
age-encryption.org/v1
-> ssh-ed25519 Ziw7aw LgNC5vZwo/fdnY9FzszAmVBb6E6BkDsy302kU6psElE
AWMlR/lsYKT3d2i8af7bD98tBYLM9HIbMugcrzaKuPM
-> ssh-ed25519 NFB4qA 7SDpxJZHHr52Mv3MVxJj1hVc/ZiMSSo4tzmsh62/jHg
4qne6NwF53k/Ib03T/qlRvzrLdn0RSMxmzoD2c7b4po
-> X25519 Ps/z3IuGnygYRf6YAYa/TFpvHrNjx2BdplT9zswz/hY
Bjgas+BRm/1fi/S7i3NOEB703sYg5DFrEwWixYqGaeo
-> ssh-ed25519 uKftJg AMV3loJMEW6B+nW/IPxcJc2xqJubOlGXGJkWlMWoLEU
54zihHrr1sgdderBh/fyj3sifPQc+A/M8ca6vlq1/XE
-> 9.gStO-grease ]H[$m[ax Elz_qFV )#FNFqG b~mv$n8
JKxci4Ph7xZCVBr4dX5Gh7Q1GMRxFM2lPcJfGL0iFhwvSGxec+QD0VkZ9+zLVCMD
bZvSQ0LJCh5XucekWtR66ZlVSrURWjxdJQh3YhBTUMEezLdZIbe/Rg
--- w6fTJ89HtOUIGgw1jUdITJwcahPHxxHKqR0KPi0Zphs
šÉ Þ3¨û¯ºâ<C2BA>ൺ»O`˜ë=ýÎ^ÓW«Nœx<nÅ
åh—û4î'r<0F>$­à¹šõ ~¶-ƒR¨çPøÍ-.<> JãŸØY4Žä¶¢bL}¥ü¥œ
-> ssh-ed25519 Ziw7aw fhKhnBldih6kd4HdQdFS/T7Wf3Evg0EPbcEl5W6vNx0
K8ax57mGEp69FCVF3UiGUBDMmT95pbij3+yDB1N9WCw
-> ssh-ed25519 NFB4qA ttL1cUZWVlZwTZiFDYCsqxb+LpOESuI1a6JF1jCTuEI
E0hheZeqVU6rZ9DuRDDybTLPrXwQJEqpmwLoKsw6cIk
-> X25519 999iufykXmRVaC/UVxNlV5xNn72Aj2N56995k2rx1Hg
KB8fl3kzo8LTC3uroZvGG3FIep6V2ZXIlBq9T50I5ig
-> ssh-ed25519 uKftJg ADJl5ur5o1pbaaQGNyuni16Vm7kqJKx+m3Zezx3ETBc
Pf6SQ1JzwZkfwK8wZxSZ9Vd14o+q+bS/vA6iB1milD8
-> ssh-ed25519 l4GuVg tPSh2Ww/Id+zgNtXUVocbCpw8zNY7AWkPSnXVzjkGyk
/jijxdK9CFpVXR/M7ir1NSXWhR4iMbCIymSQ946/OQg
--- +5H40eoLK4HvSDwR+mKpLiDpVJYzHjQ9qjmqoiOaHDM
×vqŒú>üßasgC£}%&åš<C3A5>·6·ðÝëøçcu¼3݈°nGQ9XjÂ<6A>{²2h³;jÈM©(äqfiŠÝXÄe¨E%|ÿn ¥Èþ±èy¼*ÔûÙýw´H

8
secrets/secrets.nix
View file

@ -2,6 +2,7 @@ let
jet = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE40ISu3ydCqfdpb26JYD5cIN0Fu0id/FDS+xjB5zpqu";
pi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEfZfAQEFy8QU5P7deC2vWPN76YpUKcBF8fiWwuANumG";
server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAING219cDKTDLaZefmqvOHfXvYloA/ErsCGE0pM022vlB";
noisebellDo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKSxn7Fz4FYf9cwVgjPICdS07S6pHLoet9iOKKHIBR2g";
piBootstrap = "age1sfqn46dgztr35dtyhpzyzzam5m6kcqu495qs7fcsdxtac56pc4dsj3t862";
in
{
@ -11,12 +12,14 @@ in
pi
piBootstrap
server
noisebellDo
];
"cache-to-pi-key.age".publicKeys = [
jet
pi
piBootstrap
server
noisebellDo
];
"tailscale-auth-key.age".publicKeys = [
jet
@ -26,14 +29,17 @@ in
"discord-token.age".publicKeys = [
jet
server
noisebellDo
];
"zulip-api-key.age".publicKeys = [
jet
server
noisebellDo
];
"discord-webhook-secret.age".publicKeys = [
jet
server
noisebellDo
];
"homeassistant-webhook-id.age".publicKeys = [
jet
@ -45,9 +51,11 @@ in
pi
piBootstrap
server
noisebellDo
];
"zulip-webhook-secret.age".publicKeys = [
jet
server
noisebellDo
];
}

17
secrets/tailscale-auth-key.age
View file

@ -1,10 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 Ziw7aw Wx6m6fWrZstI1M3mFySXEtCEeiYOK3EB8xUVLKe8my4
T0Evdcs7+hsWYU0M2AEWbGCtdOwHNHgk/bBXZ0jpPg4
-> ssh-ed25519 NFB4qA KlrsRc4Us/7WCoCk3hYNVvmeNYvfMH4hOuXAkLFipkw
y/rCNHka6HDr5HdfMazlqaebcBO0K50rzcb3igcMxpw
-> X25519 XTXs2qhJK1noZZtCHCol6IlN48s3nDOqIHX86PmQo2o
eHxpTg3QsTd3EzLUQAecNtGI7+NvP3zxFhUd8zHTuvQ
--- mFSpkYW6U5vQaH+a3fqVW5/ODOZwounsybqkLQoLqY0
yqÙ¶GŠŒ
ƵM“V=ÙÚXI£cÕò<C395>|³,ìÊQQÁð|×É<C397>±ÅÄŽ×y= ¶¬÷ê +.·x«·“úRlÉÔóË4´Yï_N©é Á&—0TVƒß,X@½4ª7
-> ssh-ed25519 Ziw7aw K8xQD89TLP/kHNcC5JrkXH0hyI2cHRUdwJbys+Ph5l4
p2VjT1xtbFONoUoxkKZ9hd6I4EkCZkduYXGEUwDP+jo
-> ssh-ed25519 NFB4qA t4EM6KhJ83LYWFI8xD1HhACoSi+lDaYvvU5Y79IyIxQ
lKm+T/vHSRMOXRwVP8hupyPhZ4RbqEg9p4YyoIRE9FQ
-> X25519 fLnnms5u3DLhpjl8rYAavGGiFnTc/5AMkNpN5kjpVzc
F2slc8rpxaNSbRnJ0COvSdZBBrfHI/FqbAUGmL9CigE
--- p96hcRVjtMIwOMFyL4mbLMtD/0jqkyIS2W/THaJPh2E
ƒõ~,<2C>Aâ[\ú‰¥÷FhGà? q49ာ2Ûj5Nß}Ä2z´Htðþ×)“Üu†)øC<C3B8>Èx‡_}ì8y»Ü0pÀå¼@<40>=¹+šùêΘvnkûÈxÕ˼

14
secrets/zulip-api-key.age
View file

@ -1,7 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 Ziw7aw 6YAV0osp6aSWIIPCsP2kxAMkrDU28P1zBmUBwQ+p8zg
AfON2WAv+DlE6huU1/A16RAcYvs/HTmbST7gtOcn4HA
-> ssh-ed25519 uKftJg r9Ci+Heth7AyRm2ZXNH1Sa/jpnepEPfyYfT2uf9q9jc
NQI11W4r8JRkoSsJUnGPc97DFfJy0Gqj83IlRShXgcU
--- ZY8XqiGC40WiD9RRAYWC5nQ+ymXdMsTdt1G+YohJxxk
‘”+…¦qžm€DZ÷ÉÙ¹ROߣF[ThÊ<13>ˆöš\";WðÁ‹5‡{v„°¥ùšötügWCb,Ñ»:b9
-> ssh-ed25519 Ziw7aw mlvpnohGOe65UnuqKk7yK7iIXxokhsI7+Wj99L5rkAY
NMe3hGW6SSu241yv5QLFzUnJNLtlMCcx09GPuNUTBYs
-> ssh-ed25519 uKftJg 1JmAexX9Yl4kKKMmgUjdRWy9L1ryu4Yq7JGlECRn4nQ
RUHrVZcDW9Uqe9v/WqtBfJk93WtK6tiYI74VHslsLng
-> ssh-ed25519 l4GuVg Cju7F4S2BPdPsBT2DzRJt6vt4pss2Xpmvqys//troz8
sBCKhFu9R1ju/Tcoe2OkYCHt5IeSmq3nXA92ZGiIScg
--- LXuVK8LF5PO0wdILxDZFWas9GG4edScLr2Zpp6OOU0M
©†J}°ê³f,|¼›ÔͶͼ*» ÆF¡”¢.<2E>¼k((HU$|aÉrkJh¾'…ØݽÔ"yÇÿ¨í

14
secrets/zulip-webhook-secret.age
View file

@ -1,7 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 Ziw7aw 9Da19useHIZG/q7hc3+FcMTfV0hsS4A3E/e16TTNgCU
y4/UsjxFSbAgdC1ADa/Mz3NxTutPayOPHE2Kczu69Yg
-> ssh-ed25519 uKftJg Sr4MInGNiNaL9LleBT9i7vbI5VrVkOr//h5Jm7ktwCA
lI3v7oSGgtnR78+hKEFft1O1B1JPlJTx2JB66NFGYdQ
--- 72Wb0XrPWRaPWxh6hmgB+BAEC1CI+oI0EsDIQRNZP4M
BÀ;Ê“€²úŸ(ùäó8_FžÈ#Z£m­êFÄ™îJô_j¤novyYË2JfJœ&úŠ„aMÁ¬9—33©[ ¿rÿ Ó(+t
-> ssh-ed25519 Ziw7aw Pu31idlsUcfsOWNF4ynRoIXsy+PsDW9opMcZiPHxtRs
stEIbEP7AS5HnWPV9A538J5CYsqGWi7ZyiUtFCygqto
-> ssh-ed25519 uKftJg TvJ6E08Ae0gfsyuZT7CVSPXTdmCGjKVj6y2Lvnds3hg
KwX0gfyFPAUOoEXjMlgfPw69HbSqDCty2dwWW0J8Z1I
-> ssh-ed25519 l4GuVg PubeSLY7DALHmWGvOfxaHKe2rbdopfrNtHh3uUCzTCI
XEybAIvk1r5jLP9TMr5ckERf4qDnzBosatALZpsP6HM
--- vLCQqr/Wg4hD/HNTi5b+qblUh4DFbD2zrud90z7Bycw
@<>[¡ï:…â'6ž1Ñ.þÒ,U rÜ»¥Àïf&3<>C””­ú$¬…r„¬4p@N"bf>Äd—Iå<49>Å„ëÃöçy+jK#~½<>y