From 3eef152463b8643fd759cb1d093cf4d53bbd4863 Mon Sep 17 00:00:00 2001 From: Astro Date: Tue, 6 Sep 2022 21:55:54 +0200 Subject: [PATCH] modules/c3d2: add c3d2.hq.journalToMqtt --- .sops.yaml | 20 +++ config/mqtt.yaml | 299 +++++++++++++++++++++++++++++++++++++++ hosts/mucbot/default.nix | 3 +- modules/c3d2.nix | 70 +++++++++ 4 files changed, 391 insertions(+), 1 deletion(-) create mode 100644 config/mqtt.yaml diff --git a/.sops.yaml b/.sops.yaml index 7d800f6d..fe04ece2 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -29,11 +29,31 @@ keys: - &hydra age1px8sjpcmnz27ayczzu883n0p5ad34vnzj6rl9y2eyye546v0m3dqfqx459 - &mailtngbert age1lgjvtszpds9flpwsstxdht00c7zlk3mz7nlc5qftyt8rhfdm330qqmhl72 - &mediawiki age1xjvep7hsnfefgxvuwall8nq0486qu8yknhzwhf0cskw5xlpm8qws9txc56 + - &mucbot age1cqeh03zq0hvz5l78r678q93ey5mlw49lqy4whvgqxgenudth7g6skee6kh - &oparl age14aq8fscrwkgmu5yv86vj7p7kmxclzs6dp7fpvdhvrnmce83ztphqc4mr9q - &radiobert age1lga6hjmxa95fmtdn3frlmy64ej3hyswxrcuz25qvw0kfsxkqeugs8gjw8q - &storage-ng age1qjvds58pedjdk9rj0yqfvad4xhpteapr9chvfucwcgwrsr8n7axqyhg2vu creation_rules: + - path_regex: config/[^/]+\.yaml$ + key_groups: + - pgp: *admins + age: + - *polygon-snowflake + - *auth + - *blogs + - *broker + - *dn42 + - *freifunk + - *glotzbert + - *hedgedoc + - *hydra + - *mailtngbert + - *mediawiki + - *mucbot + - *oparl + - *radiobert + - *storage-ng - path_regex: hosts/auth/[^/]+\.yaml$ key_groups: - pgp: *admins diff --git a/config/mqtt.yaml b/config/mqtt.yaml new file mode 100644 index 00000000..0df8cdb1 --- /dev/null +++ b/config/mqtt.yaml @@ -0,0 +1,299 @@ +mqtt: + user: ENC[AES256_GCM,data:tN88DsFC/u8=,iv:SkKjc7cHytT1sZnG02tOUJJgxrY0goFdMVE+O6PW3xU=,tag:bUcTPuXkSPIlzDLln7IpsA==,type:str] + password: ENC[AES256_GCM,data:6pgfAAcqnlcsAwboim8ejQ==,iv:L1baU5PsKa8oT3Q3Ym1FuX3Xe6JIqGi54+Dgs8NxgRo=,tag:V0+W58JSxF8hnoD7xlThTA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhenN1NGRpalBtcGVzdXNU + Z3ZURUNaZDNMSTZhcWo0M0NrTnAxUEp2L25BCklRRVlnbGhpWE1KMkdvdXgrRExm + UnhDSmE1dzY0R3ZVTlh1dEtxVUQ1UGcKLS0tIFNuOGpXYlJqV3YyRjAxZ3VxUVVW + K00rWklKbVEvdG53eldkRDQyQ09VNG8K6QHYwE+27kXkZ3D/T/Lrm7rXP/B/B0ER + 0wX+rYTSujue627y3Yq8KwJzlcXU7K/oJJlYiCJhMXMUR6iGFDocDw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1y7lxpxskqclwqluft2ct2c3u8weehus6t8evwk7cdnpakxzgcquspn827x + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLTjJwd2NmT3ovaEtJZnFL + K1NZU0EwVFo1ZElWNXdwWTUwSm5UVEttS0EwCnBEZDY5VTY4THN4OXZnRldQUUs5 + TDZwMlBncmZ3SDN3T2JENmZzT0N2eWMKLS0tIGdtUllUQTZhUlBEQ01CMU03eUR0 + aDVxMVE5cUpHYlhUNlBkNEx6eW5ZQ1UKh73alea56cK4Atm9HCBb24xXb6+i93io + 3sSvGXIO3CrLgPMBlAaHmuXYqDJMP45SzBDDqs163OY1Qk/2d5LGIA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1lccjvj9z8de4hfrdeumm9eu7awef4d9jygv3w7zdash3fhv6e53quy53wz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHVWtoQ3pNUW1SRGZVWDEv + K28vVFdtNnVQdEIrdXFTczJ0Uko2TGNtYXhJCllNRWZiQ1VxLzVVT2w2a2pBakty + MC9DWVU4V3RUQXQvNVhWVExJWGxEN2cKLS0tIEN3Y1pxY1JoOE1lSDgzZkpCNVN3 + cWxkUytSZG8wRFdnQlQ2MURNS2d1bUUKzkZItumV/cEQ3os/sxaQUau63YeQLBv4 + eC4f97+g/ucUqwKF3h5X4N3PStnUJVvIM665Gxm23I7R4jPDK938Og== + -----END AGE ENCRYPTED FILE----- + - recipient: age1dj0d0339f4law7qvuzcv2fs6sf8why63s3l8tja0f8vsj7wefcds9drvte + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFZ2tIb21jTnpBQk13ellu + ZktFeVI3MWhRN3hxV3FQQUQ2REpydnZzUUM4CmlHUVBjL3AwVEZyZFMrWVo1eEZB + cWtRQnlENUFRVHNoRGxGOWc4WFo0eUUKLS0tIDdBUEtmWEZka0k1VnZwdW9Pdzdn + K2tpSjkzOCsxVnF5VWVlMFhqWmgraU0KlLhrivPQQSXVYXz/lEI3sW1LU9aiKGXR + r5nGCoxN/rv9EomYPw+iYb+SmftWef2+8PJ2D9VR1JtCOsv9imumVw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1726t33dl7pv3xrxxlafj2sexh7c0jm8pza84yu6l3wpz3fw5dauqxlass3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnMzdsQkZMb0pXNWtSL25y + N25OdUJ1clpkSTNZWXRTUkxKWnZlVmNVTzB3Ck8xU2tXckpnQVUveG9VQ3d4MXRy + dlQ1NU5BeWZleDFQejB2YTZWZ1M1M28KLS0tIGVBVVZieHJKMU14QjJubS94K2xF + THB4UDJRUzA2OEN4TFBzOGVYVWQ5VmMKnIdVro5KfsAVmz9x+019T4rTFoMsMLbF + UBMGEMP0IchQteo5+D40MdPrRdkHlpRT0e/R1cQ0TkotTdiG280w8w== + -----END AGE ENCRYPTED FILE----- + - recipient: age172fqj4agvdnh379n2ysarxy2pq9lupu5d7d0g2v5fw33fkqkte3spae2hu + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJZmZRa2p1bnVIUUdnUXRH + QjZ3LzBRNTgrTlhLZkVFc3RSSnB5UlhiZEQ4ClVGbWlKQnRFSkJMT05NUS9UaEMy + TFpGazh4c3VYTWgyY3RwUk1PdmMxY2sKLS0tIDJ0YnJKYmdPKzdJQUQxMzllWWVs + M1Jrcm5PVGtqWnk3KzNvQnBnZHdVQXcKmIeeRnvW//ySs102oCT70Wo48NYMDh1U + WfGaIQqd7zMSrKTCdg3T5U92+96fHrg86xZd1T0ljSUy8J5MFuPcpQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1zqpep2vgfqeyvtj2jpxczfgrpjffwda429rnuztfp0vpqsrqdq8s8f4yua + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvdTVXM3hVR0tTNlpFZjNs + THVtU05GZzF5aTRPeDlMWDI2UTJBQWt1aTJVCnZiWFVZekp2bG5oRDhLWkVoTzJ1 + bUpHMFBTUVVEU0VITmxXeWJVckRMYU0KLS0tIHBSZllNMjVLZVNETWNFYm1ON3Iy + NnpNbDFyRUFWZ1Y4MHZwek0zTlYreG8Kjwfm5EyuFLud0D7UmYvty+C5N+cFyd/d + Fkr37ZPusThcT+bG/kqizVn+6sGBbLyOrunURKY/PzTmiloKIw4gUA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1jt5pj0c0fvmzg7quaucq4n2rzcx9ajzstp8ruwc8ewjpay5vqfqsdjaal8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmcHRFMDFOaEJDaVB6aWdG + d3lXZmp5aFhOZCt4SG9waHhsK0xIQVJEODJRCnpQeEhuSTZJeE5Bb09mbzJMQjlJ + NlBPdnVCekhWSlJsemFVWHhSbEN5dHMKLS0tIGN1OUNRYnJ4dExCQkFKNVRycGt6 + NHpnbXZXWnhxNzBYbVpiZHY2ckRCV1kKwWP3aPeP2dMcTXvr6bkgeX0sUGFO0R7k + VvRV5eMtheBbkrE09ue1IruBljdy/PVhfdWJ7eFJM4Q+O92yuc0i1Q== + -----END AGE ENCRYPTED FILE----- + - recipient: age1px8sjpcmnz27ayczzu883n0p5ad34vnzj6rl9y2eyye546v0m3dqfqx459 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1empiVmN5elhmZ0VlWWN6 + VDExdGNqNHpxMitQTDcxUmFUVVVxMnNxMVhvCmhUSjhwcG00ZTladnlZS1VXY3Va + TC9GL1BPdnU5OHVJQmttYUFKVTAwN3cKLS0tIFQvMnVsYmg2MHVrRW1KRGRhcFRk + dmFqSTJ3c3Q0VWhKZzMyQ2JmbUU3anMK6DynDGmdlo9p+lvQmCDMyQhszsPXlZbB + mcoJcSydKuEunzPniY9mDivwLe0ckZEFAPrEdTCpMINGibVFrKUUEw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1lgjvtszpds9flpwsstxdht00c7zlk3mz7nlc5qftyt8rhfdm330qqmhl72 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0TkhrcDFaS0dMcHFQMTFm + cm4rNys3T0JyVUpOUWFFRm1iZTd1ZTdWRzFVCk14c2RocHgzSmVFRHJFSm11cUJz + SWtDdlZDMjRZTzM1N2dPMjFScU10ZXcKLS0tIDhwYlNBUkRDMGRKSWpjWFcwZlRW + alNNR1BySlF0N1ptNlJnVE1kRlBSaFkKjwHbTWXqotLlpC0xVV97t4EXSKr5LIRm + PevjihiFiGT7d9t/e/dcCUHLs/+NoIuavnQFxnaJXfJl4yw0JXVjsw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1xjvep7hsnfefgxvuwall8nq0486qu8yknhzwhf0cskw5xlpm8qws9txc56 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3OUJDR0ZiZjRDMTFNbklF + Q1hNd3ZYb1Y5RHh5SFY4M3M5WmhMQTNIeENBCmU2SVUvSFJIL1JveFIwVXdmUnJi + TEVaLzlpQWVRTVBweHRZYkJ5eHV2cGMKLS0tIE1QNDJYajdEZ1ZmdW9lZVVQdTMx + UWxBU0tCQkEvV2Q1ZTk0WEhvUHFFSm8KnmEkMm8gTCOCQArKpOeTFRGQ+i9DwKC9 + bIVfM+z7iA/jUfhnQJ3xvD7PYroVGNYr88ZZJgngVwXE/9Cjcn7USQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1cqeh03zq0hvz5l78r678q93ey5mlw49lqy4whvgqxgenudth7g6skee6kh + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMUWJBOXNxcDVhb3ZBOTAz + Vm5BV1hSblcrc053MVp6VlQwMDAyN0lsZldNCkpsVjY2NGR1QmNQWmdiSU9jYVBr + NmYrNXhLZjRMVGNsbkRxSWx3ZGw0Qk0KLS0tIFZTQXFjQ2VzaEpWMThWb1grWFVp + U0dONkxEdHlRWWhYQit6eklGNVN4OWsKel8H72OLU2VkgYQr/lGBOpDpOw6rWxVr + 56D/VkoXJI68uhhB6LVOu8RThfYZxqpPF/lBBR1Xc1pdMYaAUMWlIg== + -----END AGE ENCRYPTED FILE----- + - recipient: age14aq8fscrwkgmu5yv86vj7p7kmxclzs6dp7fpvdhvrnmce83ztphqc4mr9q + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2d01OOFM1UFU2RTFkTGtO + aHhTSzlHbVJLU2JDT3JjU1ozYzY2cnRsZVhjCkFBY0tmNFVibm95SjRDWHdaYlNB + QnlkQnZpVXptMjl4Q1I2YnNvK0JhZkkKLS0tIG5vLy9rVXB2N0lnWDlSY20rL3Vz + S1hocnZmUUhVbW5Jem9PekxZSytCd00KXknkKzg3B0trGdj9P7pHPaNai+CbGzP4 + czLDzhriyMi+QGjMxWqw8tvUQObxKA0KVVXTkw+PIcoBD1lfTETmtQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1lga6hjmxa95fmtdn3frlmy64ej3hyswxrcuz25qvw0kfsxkqeugs8gjw8q + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBVURIV3R1clFFMWQ3NUIw + U3Bkdzd4ZGlZOWdvd1p5QjgzSUJ0cG5TVGs0CkxPRTR2a2x2TC9EQVRCb1Q4RXlU + MTZDS3NjTUVlV1B1REZkSnZGUXdSMjgKLS0tIHFua2FaRURGWEVIbWQwNmd5NVln + amQ4RWEyVFo3UTI3UFpZdDF5ZTlsSkEKH+cT/xCb5luy71Jo9APIPT/he5iP1A3s + eUi5giE/tqa4s2FzmyG6kCYjntSpn/br/rFq8QO4CfJDnbptRgcK5A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1qjvds58pedjdk9rj0yqfvad4xhpteapr9chvfucwcgwrsr8n7axqyhg2vu + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBteHNHbmZsK3M4QW50MlBT + VkxYeTFlOEVrUm4vRGxlOFRCQXJCUU1VWlJFCi9CY01hcnNhZ3o3L3FKOUJQcGFU + M0d5MzJRNDE0akdFVERUR3BKc1dWelkKLS0tIE5PRkJrYmhpTElsNFZ6NVdFeDNQ + ODZ0czUxRDV1N3p4VXpmU20rejFrbDQKKtqL3pabX/45uRlZ2e1wSPVLCgh2/TYS + uSgIdyEG9bIpa0Es1EP6A8TzaIewXOnYj9d/VZT8hg+wEPmoXjqyHQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-09-07T14:48:45Z" + mac: ENC[AES256_GCM,data:RAvgrEqXyT5wfktm0CxUpxMbXD1ick//B9HTjGsL6Th201oJB38wx+aF2YVFY+S3aAwT0JuG/mm3PPYfFGXfRCiRzxdWuNoW7/GbshNZDZtZUX42QnzowQXVmqcvogiXnZhyuQkRaqd5zZJSTflOR/29Cx/1cWtpAYSBBxZWPWI=,iv:blg1uLE6EKXxTKi90VW0biKhYaCSNup3iEBtVamsfkE=,tag:aG+ZIcsMWHn/8z0TRuEW9A==,type:str] + pgp: + - created_at: "2022-09-07T15:46:40Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA6j84+xkv3y7AQ/+OZxNQfoMiTluj4a5QBWjUkZSwcU2ysZVOdgUt+EjA41l + /TnpF3CC84xLXUzlLlxQybp2vB3wsZB25K+idrpGmeoMXUdj4AH9KvbxVsH+aHGV + QgJ2BEXW5ZnzBz7pozFQZJyO7+hEVZUgIsVTPkGdCHrB9dw1SOD35aQ6PYUTbHv0 + +r6SQYJOu0ZIk0hzatFylVVvnbdFgxaSBSyf/OE9rRRyozhYbFuEedi0pgxHW+gU + EsFOxjw2CGl9E+CUeKrDF7ckPCjzXqhG1I4drX03z6CtDdJepPokg6e+Iwdy2xNZ + 6nh5fE2j3yK6+NYqFAyoOfYO1xuTRyZZvM7wf9AiGPkhkQFpajfKmCTgjvUrB33D + sRCrpm9Hjtv7F3EJw4viKiPhNXFVGc0Ksly9eFf71vebCohpIW3qJ76s2ialQ4jL + xw2fLAY2LjWcmSst5dei6BcUtYxR0P+k3YG87i6EBeJrZpYx1g3AkQDAYYSKj/n/ + p5OYNzxqWh/C6t9sWPY+5Q+nf6eWWa6RUJovo517ArYTXy3fuPndGZivz+fdVG+I + GBCAuYEHCQCx9BttYJErCWZRIqq+qYX5cBBfKmIXTwMs1me3VYlEm7tvkE7Z/m7h + BXkllqPNY7fLcHr95dBQFV0b/AZx8Lo2F1CH5i9uFc8+6tUZ0DZ1ODc1fcYKnjDS + UQGpT9k2LU3KkWEIWuW+THvxEDYSZktyB5W4hv/dUZJ3UFL0y6VVnzuZKAoABRCu + RHD9YtJGDk2Dd4lGGzV2v7ONVB4OAQP7Gz1DanigrKvptA== + =uT0g + -----END PGP MESSAGE----- + fp: A5EE826D645DBE35F9B0993358512AE87A69900F + - created_at: "2022-09-07T15:46:40Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA8zMZ+ak7y/zARAAkxM2cQBMw2V+16lUJ/bvp83ql7Fnj+IaXWu1TFobLg42 + T0AapeoJZLUzg+VPeZBrwGPTxyY3m4p9hWcMKBDJ+Axj9cg3iJ8KxiByCV/G6C45 + ReyvA0ACc8bDDQmLalVYrgMUH+utn9RSFTwvkI3LOO4YLS2anYqm1X9uHCklNoH9 + EDgg5wmBWfEk0tYiVyQLuhII02Rn9/ERJtgfuuk96Fah5jQhcGDTdL/fu+B78p7M + 1yaoPVO+PeBjD0bU3nxgkkyS7S0MMTEIa6TnsI0r0hfYEnJtRCWbC8o/3MIewdWd + IlZZAS4SopZguWUXBi0009i9J9Qh/1ZQMbyg4qRiG3EZOfwhKa2zz00JAtXe67xS + YVGkspKc4c6aFypPCV/6/fwSFijg0EPc05/BeQaO9n/5AGYZK4h7G3rxdrN0zyTU + RETLF6I0uTyfUVL8zAnmu0hmZi96LVwRPul669jCX6ZKvS8TS3PMiEBqH39KlOPA + q1KQqAKyuaz5RkPvbXTAS7IV+u2KyJnRqcQykk9XmwNOOu5zTeMo5HmoIuKhglZ3 + 78ty4pNH4EwAneEooF86Us3u/KmONKHe9oU7O/5BanwbGcEKQJlHVM/GBcgpWjmB + Tv7hV7EgACk0ygWk0YyNwuFl2pfS7AACWEIWVIgUU58aUlrCKGwqZ80XUilcZr/S + UQH88hFqJU/dvONovc039Pt2OVB/Ozq6Uc+LmeHDwYbHk921qMfk5DMEZgGz6zam + tKySb1EIO5UxunpWzKqpZGWICYo+BLwN5uFtgSu1pwBo6A== + =GyVa + -----END PGP MESSAGE----- + fp: D4E89C6A0A58EE803EF708EFA9B23715F7AA3F1A + - created_at: "2022-09-07T15:46:40Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcBMA45bZkLXmBFpAQgAh/jBwGgS1BFIn6IWB5TWGGioptNRyA6lYmYLCxvgk4yo + XV2eZHoDGClh8IRTFlX4Nj+xsRF1g/VJoXEicEhZQvib0JqlYQgMcdodI/nMXWUE + zhx4eyx3nZ+JoVMor36YCm5jWD14ISlUgTduPgUh90feM3Ha3JgE5WB79crAWpGI + RRgFplMvTbvi7Kl78/9Ivhmju23aVFQTmqHdSED2jeeRNMbLneaTW0P/cfalw7JD + PdZyK/P7XnDMAKS5Uw3IWIY1POI/50MrGnlBhojTqYgLZ+LUu1uILuPz6S05ZsuF + Tl9jWlXZ7rsd5tbBFqIOQFgid2neAaS/sSc90POEldJRAcYi019nJNAr8GybymIY + Mu3AtQnA35hL6A9I6b+/ramKwmfPBmn6Ny+pyWVFIPjgN1G82ITP1MQe/yij4Ttc + JXgpCQnmofC7mTChbrwyoxLp + =p8ow + -----END PGP MESSAGE----- + fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9 + - created_at: "2022-09-07T15:46:40Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMAwMCBBrc/JA6ARAAhR65mns5o3tGmJwm1h1iiv04p5c0OPFxNntC0sWrpOi+ + QqrrLd2HbcFtNxZG9s6tRxPRZzj2T3IlurT9mJhz2fiQBLKA96UhVZ3hjpM3lLcy + 8jwSQpF17LLffJxpXa4qpTfOv/75HlmVv9UarlFtNwoKX/PlabIxZbw+Rby+f9LD + OphG3OOefKrUm8qY0sYVwwLx+nO68kdzbDQ3jODfcTGAIk23w70Kofj4Ir/FcHYQ + GpkIX6AdIcFLDe1GHEMpI2bjEaUYawKwBx4z2QjVQp/gy/6KzWeYcP12ZeAeZPyF + IaH4NTpw1uuT/MgZsch4KWLivoREauxY3nY5IojBmOoqIGV8hpsZfjteMOqIRwwa + 4XSQhl9v5NHlKCankWvx7n/84uNYOYybFYu9v9aLBZbx7B81vsZUpSE6Pw+f9CUY + CmGtJeyRDcNv89fkzzxp0E7E5SD/a2l4pBi6dAQ0V+s3dnPxBMg01Lp+AfO1VYBZ + EfK3COn2BaaMFzzdHo1Cj1QmggyD37LS46cietyLIxomsyMvr/iGtyX86tB6+VuS + nv1OIrLOSLQe97HdZFKpMv2UFs5WgZ9xraQ6sgvT5VOjWKngs2f7R9K8VnvpRmF8 + TGDkPEV+YIMHd6pyTuYAd2OzVUWWhRIg9CgVL4MuQwEK6fmJng5OznhRuHNRGEjS + UQFmK79JlN2UcxUA22MSqOqinjaf/3QCzpI6TCeqCmR4xwvpTkYPbNhUvly/RKKm + jWKgotfjqeaS+WJX/1crq83a2HeoCf7RsstoqBesU9iA4w== + =NXwm + -----END PGP MESSAGE----- + fp: 4F9F44A64CC2E438979329E1F122F05437696FCE + - created_at: "2022-09-07T15:46:40Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA9XEenRNYVGHARAAxIP6T8ElinaAGvfAZJGErnrDT7fueBVN2kr8VxD2VW5M + Qp6/mJgoA8lpZQD7AfFCU/iQxP3FMQySB5Gd4nIJEQ9hfqMRToNWSS8Agjtdgk8i + zKeHGr3LIIeBsiFFL7U8pnfL2Eu0UgEaUZDt1MX+HfgccFiHI4tvzZdjj7zK0wCm + 4AH+Ijng+14RFF2XWKJ/uY1PaLNknL/8rXk3tbI5FzgTwylQiqDEPAWskqJGc/4p + 1UunyX9gRGnSiIc40b/wTAVraEJXBv7uJSq2D06UmdphnukJngBSIMbnZ/O8eLSk + 0UmHJd4+SIQ8+wWzViz0F7z4vVe/6TOqv/UtMxBgj9xYz/Z8jwD7yft9vOcTbL4r + dIJ569t5DxVn5Z5tQWv9FWnb3FhOI1zO3Sz8r6ByJOCHWhAyjKX4ue3lntTCgCF9 + g2LWgg0jQDr97x5UBSFKga32KhFcQCI8UGtNVgkJNyRlnrVY+LT0zMk/FqMNOpnp + TANLi1PE1eOsdCiGM6V6TMcpCnl3QJEye1rJITTQeTMb/TPWewrY447pGCH0sgJ5 + RqOWNTagY/2P5wEJxY3mLMbXXlnJm7IOEVEiMp3/J0vgkDiceG9ir9v6Bvl9ENH9 + Wgpv4OfjTwbfAO4pVO2dTirSpYtlVIr+etpaczdbZdtNYuCj2zjOQIwurTuzvg3S + UQEYM050IHmrpDtte/kisHCDSLgLBpUWM/CVvA5X+fJdy+I6GZXcuwb8+W7+RZ59 + 6oohlP2+sgJIl2E0Z2F/tnqUNwqUOYFH8xUl7mjmljO1jw== + =KruZ + -----END PGP MESSAGE----- + fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA + - created_at: "2022-09-07T15:46:40Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcBMA/Z87ylQaotQAQf+I6tN5xUAtPVguDNYcRnc1OSP0UbM4RrIhRf4gep5hY2H + /29mJ/IQUG/RXegMK7t47IGrDUnHB/MJ6Dml22rdimj83Etr5r0EMA+u+flolOMw + ZXuzs+Vi24Qjd0OxIVhoDMl4TAMIrX0rhqh3kO8XIHjtKVXGvBwCQs/0pmSmkjDl + zDrs74npPfofKfLHk7u1sdrdED/EyPRd7secI4SdyfyY+RZspzIDkG/svy9JCR4r + BADETkqvU6t+QGWywMeOy4laaJTigfXyqBKaa/x7LsZoX8+kHQmIF1WejOelvFO7 + 3EpziYlrpm++tGJwylFYQq+mzVI8fWDDxrmgXRJpZdJRASvAqXaIM5mgHWBGvOU+ + B3UMwLhFWN0oBJ8nwvBbD0/iJW1aiUkcgAHLzdYtap2EG2fA3TUUmSdmylE/gzFO + IrWGikmCtP7SLcbzw5Lj1Mgj + =QXQg + -----END PGP MESSAGE----- + fp: 9EA68B7F21204979645182E4287B083353C3241C + - created_at: "2022-09-07T15:46:40Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA9qJIVK2WMV7ARAAkEdKTp8/vk96fJQ4JmiI46G8i4BUIEdZ9JM0ouUgLrGh + a/l7G6Ldscrl8qOCmptpLeMLm8GII6Yf+hYKRJwAbL5zPCLEhGCVJStnM9pJeDKG + mmrRA3EFiGHOEDFqAnz/JgYe2d9oc9W2hDoKHiky23Faeain0bp3Bwte90eBfILL + fwXcbvPj6TpLx7MN9FZ6NciPcAxMUv3pnutk53TXyvJg/nCnPMo1B8pxK98JIlUV + MWdtA0nZU97HTv82dj8usWMq+IaGYJqG7YBaEeK1OTvdPHLhJmQHHAJ16lRZjn+R + Goy0Cse2Vv3aVF6W8DEC1yw1FB/9dnuTYkTNFrrW9jtLQovDUqcbfAgTVy4fvXs1 + fmopVh2JB7Wexq3r4QJR3AmttVl9rnj5uUQSNyeWlr69WjkxmLjY+hgDp/C40HAe + 4H6UHPii7JJJUYloLcZa/mf5EiVYXgqErAgNoU3eCO06Un2p53T2uwkfQBiw0st0 + j8SaTVNfC4Ly1tOAYx8eNO43WhG1fCis6p1j5ZlM6QLz9F1owupFBj4eHb2VIR9F + Z8u6DWfxJIGGLbLj3jfvVjgkvtbYvN+90ejCcWVv2WX6aVv8CA4jgDiZxotqS7y9 + +bGJx1hfjDiNgCmvmZXuOJVICId4Xb5vf7vr8Xwa1UD5F+i5x7xVrHedU7rh+6vS + UQGwrYU0N3queLIXGv/T9YXi/O7saNpvgShykSr4ydi/KeTOf6Modx5kW7e/2mgf + Mxe8OeVFLvmHlxH6iAEJcDY4P6ZRUVVLI2eD1+U/BhQ2Lw== + =08J9 + -----END PGP MESSAGE----- + fp: 53B26AEDC08246715E15504B236B6291555E8401 + - created_at: "2022-09-07T15:46:40Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA/YLzOYaRIJJARAAmFn1MMFezPEkGqLauKPs7HDimCzMIRmAxCwas/VmyS2W + A4UFOrKvSifmq+uJ0ITKqUS5fp1HIbdyZs3dq8MNbbwRpYCF559K2htemrTJCsMj + eKM+nGgzZpnK+5DFbya/Tr8GtVzUkZpnC8oKv5k8jywJKDZS6qBTlqZcHlz6TtF/ + rbo8mH53RDpSIgqaMeapwMo7rgtu2jjM3ydtDyJotHLdayK/ZHN+D7yiqOTr2orq + 7F85vwjY/NFTNIqxBKfw/uegDQ4ewS0rd13gFnZLe13ZKQnkSaZDFQj5ipdYq+t9 + ypMO0uEAdEr/HXWtAUQzSDi+JnNs/rB7Lxad2bJIM5kCqzOI4Hjv1d2rB6iAhOt/ + Y2EwQAo4BXdXrjB2AyafbITrUjApY2ZQErGAGhWW1pWCUX1o4Ittzt+zHF//KqYd + lDbMjq7+2D0ch6xajmyT136HL8Bj6ONIiES5ghpVoubU1kNLH44q9651KejdbNsr + Ts3OMozDkGDIXhkOBT0a0jsuteWalDPa/1ry6WrCnzdF/RgTgyAHsiNnGB9UnIVp + Qhhp3E3CWOZOgFs4H46oe6tqiXw9RuYgl6GgwOn/h3tBHz1ZemLIlbzlR4pHikME + lgP3okM12NC/U96GQyBg5H/j/+YqO9qeW8EXCO3qVQ9eD3ak8lPZnc6u92SqQdbS + UQFPvfD5vXMoTdDNpS9pHh2KJZuI/sokS6As3V1gp0GON5Op0taimmX3stKUNqfi + MjP3QoPUopKti3Z5hpRyBFkXF3nNFQhKCKn6kd+Q9mk2Ow== + =DaV/ + -----END PGP MESSAGE----- + fp: 91EBE87016391323642A6803B966009D57E69CC6 + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/hosts/mucbot/default.nix b/hosts/mucbot/default.nix index 75c78cb7..4f997650 100644 --- a/hosts/mucbot/default.nix +++ b/hosts/mucbot/default.nix @@ -3,7 +3,8 @@ { c3d2.deployment = { server = "nomad"; - mounts = []; + # needs to keep just its ssh key for sops-nix + mounts = [ "etc" "var" ]; mountBase = "/glusterfs/fast/microvms/${config.networking.hostName}"; }; diff --git a/modules/c3d2.nix b/modules/c3d2.nix index 7a80531b..ba4b04b5 100644 --- a/modules/c3d2.nix +++ b/modules/c3d2.nix @@ -89,6 +89,11 @@ in description = "Whether to proxy the local MPD database"; }; + journalToMqtt = mkOption { + type = bool; + default = true; + }; + }; hosts = @@ -199,5 +204,70 @@ in root.openssh.authorizedKeys.keys = lib.mkIf cfg.allUsersCanSshRoot adminKeys; }; }; + + services.vector = lib.mkIf config.c3d2.hq.journalToMqtt { + enable = true; + journaldAccess = true; + settings = { + sources.journal = { + type = "journald"; + current_boot_only = true; + }; + transforms.parsed = { + type = "remap"; + inputs = ["journal"]; + source = if true then "" else '' + . |= parse_syslog!(.message) + ''; + }; + sinks.mqtt = { + inputs = ["parsed"]; + type = "mqtt"; + host = "broker.serv.zentralwerk.org"; + # port = 8883; + user = "SECRET[mqtt.user]"; + password = "SECRET[mqtt.password]"; + encoding.codec = "json"; + topic = "journal/{{ host }}/{{ SYSLOG_IDENTIFIER }}/{{ PRIORITY }}"; + # tls.enabled = true; + # tls.ca_file = "/etc/ssl/certs/ca-certificates.crt"; + }; + secret.mqtt = + let + catSecrets = with pkgs; writeScript "cat-vector-secrets" '' + #!${runtimeShell} -e + echo '{' + COMMA=n + for F in $@; do + if [ $COMMA = y ]; then + echo ' ,' + else + COMMA=y + fi + + echo ' "'$(basename $F)'": {"value": "'$(cat $F)'", "error": null }' + done + echo '}' + ''; + in { + type = "exec"; + command = [ + catSecrets + config.sops.secrets."mqtt/user".path + config.sops.secrets."mqtt/password".path + ]; + }; + }; + }; + sops.secrets = lib.mkIf config.c3d2.hq.journalToMqtt { + "mqtt/user" = { + sopsFile = ../config/mqtt.yaml; + owner = config.systemd.services.vector.serviceConfig.User; + }; + "mqtt/password" = { + sopsFile = ../config/mqtt.yaml; + owner = config.systemd.services.vector.serviceConfig.User; + }; + }; }; }