oparl: add secrets

2022-05-28 01:25:54 +02:00 · 2022-05-28 01:25:54 +02:00 · 0b3acc3852
parent 7fcb6f7a76
commit 0b3acc3852
2 changed files with 18 additions and 11 deletions
--- a/flake.lock
+++ b/flake.lock
@ -462,11 +462,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1651866459,
-        "narHash": "sha256-3meISPND17bqm20wRKBK8ZF8AauHLJ7s3dRW2Pps2eE=",
+        "lastModified": 1653693749,
+        "narHash": "sha256-xUhR5spPie631lbhYuWaj8C/7pLyG2ECnsM+qiVSYhc=",
        "ref": "master",
-        "rev": "398eccd4ba7589ca901281ffa38ae131d35c4ae8",
-        "revCount": 125,
+        "rev": "e1070cfa48be3269e9bac87d7edd59399c1afc2b",
+        "revCount": 127,
        "type": "git",
        "url": "ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git"
      },
--- a/hosts/containers/oparl/default.nix
+++ b/hosts/containers/oparl/default.nix
@ -6,6 +6,9 @@ let
    rev = "oparl";
    sha256 = "sha256-KicEjx0WlKTyFng1WSdYmS9Wd8RVKUxCJrVi9aHa1eg=";
  }) { inherit pkgs; };
+
+  netConfig = zentralwerk.lib.config.site.net.serv;
+
 in
 {
  microvm = {
@ -34,22 +37,26 @@ in

  networking.hostName = "oparl";

+  networking.useDHCP = false;
  networking.interfaces.eth0 = {
    useDHCP = false;
-    ipv4.addresses =
-      let
-        netConfig = zentralwerk.lib.config.site.net.serv;
-      in [ {
-        address = netConfig.hosts4.${config.networking.hostName};
-        prefixLength = netConfig.subnet4Len;
-      } ];
+    ipv4.addresses = [ {
+      address = netConfig.hosts4.${config.networking.hostName};
+      prefixLength = netConfig.subnet4Len;
+    } ];
  };
+  networking.nameservers = [
+    netConfig.hosts4.dnscache "9.9.9.9"
+  ];

  users.users.oparl = {
    isNormalUser = true;
    group = "oparl";
  };
  users.groups.oparl = {};
+  systemd.tmpfiles.rules = [
+    "${config.users.users.oparl.home}/.ssh/id_ed25519 0400 oparl oparl - ${config.sops.secrets."users/oparl/id_ed25519".path}"
+  ];

  systemd.services.oparl-scraper = {
    wantedBy = [ "multi-user.target" ];