nftable-migration
1_: {
2 ssh = {
3 vincent = [
4 # Yubikeys
5 "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFT5Rx+4Wuvd8lMBkcHxb4oHdRhm/OTg+p5tvPzoIN9enSmgRw5Inm/SlS8ZzV87G1NESTgzDRi6hREvqDlKvxs="
6 "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGHMa4rHuBbQQYv+8jvlkFCD2VYRGA4+5fnZAhLx8iDirzfEPqHB60UJWcDeixnJCUlpJjzFbS4crNOXhfCTCTE="
7 "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBFzxC16VqwTgWDQfw2YCiOw2JzpH3z9XgHtKoHhBdHi2i9m9XUc7fIUeEIIf7P8ARRNd8q5bjvl8JY7LtPkNCU="
8 # AOMI (only "trusted" one)
9 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJmTdMKYdgqpbQWBif58VBuwX+GqMGsMfB1ey1TKrM3 vincent@aomi"
10 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGThdcaPfIaB7d+K5uODqEusLKGI5ZCye0aNOCaMoInO Kyushu's ssh key"
11 ];
12 };
13 syncthingFolders = {
14 sync = {
15 id = "7dshg-r8zr6";
16 path = "/home/vincent/sync";
17 };
18 documents = {
19 id = "oftdb-t5anv";
20 path = "/home/vincent/desktop/documents";
21 };
22 org = {
23 id = "sjpsr-xfwdu";
24 path = "/home/vincent/desktop/org";
25 };
26 screenshots = {
27 id = "prpsz-azlz9";
28 path = "/home/vincent/desktop/pictures/screenshots";
29 };
30 wallpapers = {
31 id = "wpiah-ydwwx";
32 path = "/home/vincent/desktop/pictures/wallpapers";
33 };
34 photos = {
35 id = "uetya-ypa3d";
36 path = "/home/vincent/desktop/pictures/photos";
37 };
38 music = {
39 id = "kcyrf-mugzt";
40 path = "/home/vincent/desktop/music";
41 };
42 };
43 net = {
44 dns = {
45 # TODO: https://discourse.nixos.org/t/dynamic-dns-on-bind/21361
46 # TODO: https://github.com/nix-community/dns.nix
47 # Maybe switch to nsd
48 cacheNetworks = [
49 "192.168.1.0/24"
50 "10.100.0.0/24"
51 ];
52 zones = [
53 {
54 # sbr
55 name = "sbr.pm";
56 master = true;
57 slaves = [ ];
58 file = ./secrets/db.sbr.pm;
59 }
60 {
61 # home
62 name = "home";
63 master = true;
64 slaves = [ ];
65 file = ./secrets/db.home;
66 }
67 {
68 # home.reverse
69 name = "192.168.1.in-addr.arpa";
70 master = true;
71 slaves = [ ];
72 file = ./secrets/db.192.168.1;
73 }
74 {
75 # vpn
76 name = "vpn";
77 master = true;
78 slaves = [ ];
79 file = ./secrets/db.vpn;
80 }
81 {
82 # vpn.reverse
83 name = "10.100.0.in-addr.arpa";
84 master = true;
85 slaves = [ ];
86 file = ./secrets/db.10.100.0;
87 }
88 ];
89 };
90 vpn = {
91 endpoint = "167.99.17.238";
92 };
93 };
94 machines = {
95 athena = {
96 net = {
97 ips = [ "192.168.1.183" ];
98 vpn = {
99 pubkey = "RWqH7RdIXg+YE9U1nlsNiOC7jH8eWjWQmikqBVDGSXU=";
100 ips = [ "10.100.0.83" ];
101 };
102 names = [
103 "athena.home"
104 "athena.vpn"
105 "athena.sbr.pm"
106 ];
107 };
108 ssh = {
109 hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/4KRP1rzOwyA2zP1Nf1WlLRHqAGutLtOHYWfH732xh";
110 # root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQVlSrUKU0xlM9E+sJ8qgdgqCW6ePctEBD2Yf+OnyME root@aomiy";
111 # vincent = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJmTdMKYdgqpbQWBif58VBuwX+GqMGsMfB1ey1TKrM3 vincent@aomi";
112 };
113 syncthing = {
114 id = "N3AMUVI-FM2BAOD-U3OMZDJ-UHMQE6J-ACMM5B7-S7BTK6P-PSM36NR-DVZHLQF";
115 folders = {
116 sync = {
117 type = "receiveonly";
118 };
119 };
120 };
121 };
122 demeter = {
123 net = {
124 ips = [ "192.168.1.182" ];
125 vpn = {
126 pubkey = "/bBh4gvDty/AA2qIiHc7K0OHoOXWmj2SFFXdDq8nsUU=";
127 ips = [ "10.100.0.82" ];
128 };
129 names = [
130 "demeter.home"
131 "demeter.vpn"
132 "demeter.sbr.pm"
133 ];
134 };
135 ssh = {
136 hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGqQfEyHyjIGglayB9FtCqL7bnYfNSQlBXks2IuyCPmd";
137 };
138 syncthing = {
139 id = "TXCV3TS-TUEOTH6-ETB3LBV-KCIHT4L-RCCOIE3-VPBCNJB-VHQEAYI-WOXK5A5";
140 folders = {
141 sync = {
142 type = "receiveonly";
143 };
144 };
145 };
146 };
147 nagoya = {
148 net = {
149 ips = [ "192.168.1.80" ];
150 vpn = {
151 pubkey = "NCj5pwShre/xyRCK800ybjso1zIYUZ08YvFA2qGzhAI=";
152 ips = [ "10.100.0.80" ];
153 };
154 names = [
155 "nagoya.home"
156 "nagoya.vpn"
157 "nagoya.sbr.pm"
158 ];
159 };
160 ssh = {
161 hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIfep1SkMsAPHggXFLfEJNzZb7eoihtkqDeQruG+TbhF";
162 };
163 syncthing = {
164 id = "HZDLS5A-LKCEIYQ-DDMDYDF-DBTSRYH-HUNQSII-TVCDACT-DIYIO7V-G4K2EQV";
165 folders = {
166 sync = {
167 type = "receiveonly";
168 };
169 };
170 };
171 };
172 aix = {
173 net = {
174 vpn = {
175 pubkey = "D1HoBqrqBchHOOi8mjKpVg5vZtt+iFy8wj4o3kGYwkc=";
176 ips = [ "10.100.0.89" ];
177 };
178 names = [
179 "aix.vpn"
180 "aix.sbr.pm"
181 ];
182 };
183 syncthing = {
184 id = "GHE6XF4-YCKEMZS-JEZYXA6-ETJI3SS-BQFFOCS-ZJAWN4D-Q33IQ46-OYL7BQM";
185 folders = {
186 sync = {
187 type = "receiveonly";
188 };
189 };
190 };
191 ssh = {
192 hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEoUicDySCGETPAgmI0P3UrgZEXXw3zNsyCIylUP0bML";
193 };
194 };
195 kyushu = {
196 net = {
197 ips = [
198 "192.168.1.36"
199 "192.168.1.68"
200 ];
201 vpn = {
202 pubkey = "KVRzoPUw8UTQblYtbs/NLYLIVmtQehrc4Hacbpf5Ugs=";
203 ips = [ "10.100.0.19" ];
204 };
205 names = [
206 "kyushu.home"
207 "kyushu.vpn"
208 "kyushu.sbr.pm"
209 ];
210 };
211 ssh = {
212 hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd795m+P54GlGJdMaGci9pQ9N942VUz8ri2F14+LWxg";
213 };
214 syncthing = {
215 id = "SBLRZF4-NOMC7QO-S6UW7OH-VK7KHQS-LZCESY6-USBJ5Z5-RIVIRII-XS7DGQS";
216 folders = {
217 org = { };
218 documents = { };
219 sync = { };
220 screenshots = { };
221 wallpapers = { };
222 # TODO: implement paused or filter theses
223 # photos = {
224 # type = "receiveonly";
225 # paused = true; # TODO: implement this, start as paused
226 # };
227 # music = {
228 # type = "receiveonly";
229 # paused = true; # TODO: implement this, start as paused
230 # };
231 };
232 };
233 };
234 aomi = {
235 net = {
236 ips = [ "192.168.1.23" ];
237 vpn = {
238 pubkey = "XT4D9YLeVHwMb9R4mhBLSWHYF8iBO/UOT86MQL1jnA4=";
239 ips = [ "10.100.0.17" ];
240 };
241 names = [
242 "aomi.home"
243 "aomi.vpn"
244 "aomi.sbr.pm"
245 ];
246 };
247 ssh = {
248 hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQVlSrUKU0xlM9E+sJ8qgdgqCW6ePctEBD2Yf+OnyME";
249 };
250 syncthing = {
251 id = "CN5P3MV-EJ65J4I-OHB7OBI-LD7JBWT-7SZCZD3-Z6NAASI-UCMKOAU-X2TNNAP";
252 folders = {
253 org = { };
254 documents = { };
255 sync = { };
256 screenshots = { };
257 wallpapers = { };
258 # photos = {
259 # type = "receiveonly";
260 # paused = true; # TODO: implement this, start as paused
261 # };
262 };
263 };
264 };
265 shikoku = {
266 net = {
267 ips = [ "192.168.1.24" ];
268 vpn = {
269 pubkey = "foUoAvJXGyFV4pfEE6ISwivAgXpmYmHwpGq6X+HN+yA=";
270 ips = [ "10.100.0.2" ];
271 };
272 names = [
273 "shikoku.home"
274 "shikoku.vpn"
275 "shikoku.sbr.pm"
276 ];
277 };
278 ssh = {
279 hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH18c6kcorVbK2TwCgdewL6nQf29Cd5BVTeq8nRYUigm";
280 };
281 syncthing = {
282 id = "ZKUNKBI-N2K2LTG-AWLDAEX-NE6NALQ-DLFO6YV-FU4A7IE-KCF5ZCD-IEYSKAH";
283 folders = {
284 org = { };
285 documents = { };
286 sync = { };
287 screenshots = { };
288 wallpapers = { };
289 };
290 };
291 ssh = {
292 vincent = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku";
293 };
294 };
295 kerkouane = {
296 net = {
297 vpn = {
298 pubkey = "+H3fxErP9HoFUrPgU19ra9+GDLQw+VwvLWx3lMct7QI=";
299 ips = [ "10.100.0.1" ];
300 };
301 names = [
302 "kerkouane.vpn"
303 "kerkouane.sbr.pm"
304 ];
305 };
306 ssh = {
307 hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJguVoQYObRLyNxELFc3ai2yDJ25+naiM3tKrBGuxwwA";
308 };
309 syncthing = {
310 id = "QGD6ICB-EPSGCEN-IQWKN77-BCRWE67-56HX5IA-E4IDBCI-WE46DK3-EC63DQ7";
311 folders = {
312 sync = { };
313 };
314 };
315 };
316 sakhalin = {
317 net = {
318 ips = [ "192.168.1.70" ];
319 vpn = {
320 pubkey = "OAjw1l0z56F8kj++tqoasNHEMIWBEwis6iaWNAh1jlk=";
321 ips = [ "10.100.0.16" ];
322 };
323 names = [
324 "sakhalin.home"
325 "sakhalin.vpn"
326 "sakhalin.sbr.pm"
327 ];
328 };
329 ssh = {
330 hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN/PMBThi4DhgZR8VywbRDzzMVh2Qp3T6NJAcPubfXz6";
331 };
332 syncthing = {
333 id = "3L2KCXM-D75XCVU-5JLMV6V-FKQID2K-LJA6GFB-R2G77LD-5WXFHJT-BB4B7Q5";
334 folders = {
335 org = { };
336 documents = { };
337 sync = { };
338 screenshots = { };
339 wallpapers = { };
340 # photos = {
341 # type = "receiveonly";
342 # paused = true; # TODO: implement this, start as paused
343 # };
344 };
345 };
346 };
347 kobe = {
348 net = {
349 ips = [ "192.168.1.77" ];
350 vpn = {
351 pubkey = "B9jLGtXGZEfvBrgyEKrFRrsCsTsarfpFeyXqqq1NOWg=";
352 ips = [ "10.100.0.77" ];
353 };
354 names = [
355 "kobe.home"
356 "kobe.vpn"
357 "kobe.sbr.pm"
358 ];
359 };
360 ssh = {
361 # hostKey = "";
362 };
363 syncthing = {
364 id = "";
365 folders = {
366 org = { };
367 documents = { };
368 sync = { };
369 };
370 };
371 };
372 rhea = {
373 net = {
374 ips = [ "192.168.1.50" ];
375 vpn = {
376 pubkey = "QBGdlPgtaLIh+WDLbuIWPL+Nr08mtfIqs6RwgVDAGjA=";
377 ips = [ "10.100.0.50" ];
378 };
379 names = [
380 "rhea.home"
381 "rhea.vpn"
382 "rhea.sbr.pm"
383 ];
384 };
385 ssh = {
386 hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFH3Lk4bRgNyFRK/Hzg1PvVbL/dpyI1SmLJFkb6VQDw";
387 };
388 syncthing = {
389 id = "YORNSGU-UC4IAG5-IWJCD7T-MVPIU7O-AYM36UK-LEHF7AP-CBC4L6C-ZWKUYQF";
390 folders = {
391 org = { };
392 documents = { };
393 sync = { };
394 screenshots = { };
395 wallpapers = { };
396 photos = {
397 path = "/neo/pictures/photos";
398 # paused = true; # TODO: implement this, start as paused
399 };
400 music = {
401 path = "/neo/music";
402 # paused = true; # TODO: implement this, start as paused
403 };
404 };
405 };
406 };
407 aion = {
408 net = {
409 ips = [ "192.168.1.49" ];
410 vpn = {
411 pubkey = "T8qfsBiOcZNxUeRHFg+2FPdGj4AuGloJ4b+0uI2jM2w=";
412 ips = [ "10.100.0.49" ];
413 };
414 names = [
415 "aion.home"
416 "aion.vpn"
417 "aion.sbr.pm"
418 ];
419 };
420 ssh = {
421 hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMs2o62unBFN/LHRg3q2N4QyZW0+DC/gjw3yzRbWdzx5";
422 };
423 syncthing = {
424 id = "YORNSGU-UC4IAG5-IWJCD7T-MVPIU7O-AYM36UK-LEHF7AP-CBC4L6C-ZWKUYQF";
425 folders = {
426 org = { };
427 documents = { };
428 sync = { };
429 screenshots = { };
430 wallpapers = { };
431 # photos = {
432 # paused = true; # TODO: implement this, start as paused
433 # };
434 # music = {
435 # paused = true; # TODO: implement this, start as paused
436 # };
437 };
438 };
439 };
440 synodine = {
441 net = {
442 ips = [ "192.168.1.20" ];
443 names = [
444 "synodine.home"
445 "synodine.sbr.pm"
446 ];
447 };
448 ssh = {
449 hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWdnPJg0Y4kd4lHPAGE4xgMAK2qvMg3oBxh0t+xO+7O";
450 };
451 };
452 wakasu = {
453 net = {
454 vpn = {
455 ips = [ "10.100.0.8" ];
456 };
457 names = [
458 "wakasu.vpn"
459 "wakasu.sbr.pm"
460 ];
461 };
462 syncthing = {
463 id = "WM23THJ-ECXRLXA-HE5TIKO-VPLSMRY-Y2EWZI7-Q7JMLPX-5Q5UNEN-QMB7ZQJ";
464 folders = {
465 org = { };
466 documents = { };
467 sync = { };
468 screenshots = { };
469 wallpapers = { };
470 };
471 };
472 };
473 # Home Assistant
474 hass = {
475 net = {
476 ips = [ "192.168.1.181" ];
477 vpn = {
478 ips = [ "10.100.0.81" ];
479 };
480 names = [
481 "hass.home"
482 "hass.vpn"
483 "hass.sbr.pm"
484 ];
485 };
486 };
487 okinawa = {
488 net = {
489 ips = [ "192.168.1.19" ];
490 vpn = {
491 # pubkey = "";
492 ips = [ "10.100.0.14" ];
493 };
494 names = [
495 "okinawa.home"
496 "okinawa.vpn"
497 "okinawa.sbr.pm"
498 ];
499 };
500 syncthing = {
501 id = "2RWT47Z-UGSH4QO-G4W6XN7-3XY722R-ZKGDN5U-4MDGHMA-6SM26QM-7VCQIAZ";
502 folders = {
503 sync = { };
504 org = { };
505 };
506 };
507 };
508 # iPhone
509 hokkaido = {
510 net = {
511 ips = [ "192.168.1.115" ];
512 vpn = {
513 pubkey = "1wzFG60hlrAoSYcRKApsH+WK3Zyz8ljdLglb/8JbuW0=";
514 ips = [ "10.100.0.5" ];
515 };
516 names = [
517 "hokkaido.home"
518 "hokkaido.vpn"
519 "hokkaido.sbr.pm"
520 ];
521 };
522 syncthing = {
523 id = "XD4XYNZ-DT3PJEY-UJYBHWX-6OQPPUI-HTW752L-FYTX3TW-GVHDTKW-PT336QV";
524 folders = {
525 documents = { };
526 sync = { };
527 org = { };
528 };
529 };
530 };
531 # Light Phone
532 suzu = {
533 net = {
534 vpn = {
535 ips = [ "10.100.0.65" ];
536 pubkey = "ufKLXzLkmYx1z7/VZJs9Ix6aXL3rYzP5B73QQP2WNx8=";
537 };
538 names = [
539 # "suzu.home"
540 "suzu.vpn"
541 "suzu.sbr.pm"
542 ];
543 };
544 };
545 # Boox tablet
546 osaka = {
547 net = {
548 vpn = {
549 ips = [ "10.100.0.64" ];
550 pubkey = "C12Ch3LasZ9Dvc1+X+IMSmKdip0l1n/aNNPvmQzzPFY=";
551 };
552 names = [
553 # "oksaka.home"
554 "osaka.vpn"
555 "osaka.sbr.pm"
556 ];
557 };
558 };
559 };
560 services = {
561 # Media services on rhea
562 immich.host = "rhea";
563 jellyfin.host = "rhea";
564 jellyseerr.host = "rhea";
565 sonarr.host = "rhea";
566 radarr.host = "rhea";
567 lidarr.host = "rhea";
568 bazarr.host = "rhea";
569 transmission = {
570 host = "rhea";
571 aliases = [ "t" ];
572 };
573 syncthing = {
574 host = "rhea";
575 aliases = [ "s" ];
576 };
577 # MQTT on demeter (routed through rhea/traefik)
578 mqtt.host = "rhea";
579 # Services on sakhalin (routed through rhea/traefik)
580 kiwix.host = "rhea";
581 n8n.host = "rhea";
582 paperless.host = "rhea";
583 grafana.host = "rhea";
584 };
585}