oparl: add secrets
This commit is contained in:
parent
7fcb6f7a76
commit
0b3acc3852
|
@ -462,11 +462,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1651866459,
|
"lastModified": 1653693749,
|
||||||
"narHash": "sha256-3meISPND17bqm20wRKBK8ZF8AauHLJ7s3dRW2Pps2eE=",
|
"narHash": "sha256-xUhR5spPie631lbhYuWaj8C/7pLyG2ECnsM+qiVSYhc=",
|
||||||
"ref": "master",
|
"ref": "master",
|
||||||
"rev": "398eccd4ba7589ca901281ffa38ae131d35c4ae8",
|
"rev": "e1070cfa48be3269e9bac87d7edd59399c1afc2b",
|
||||||
"revCount": 125,
|
"revCount": 127,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git"
|
"url": "ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git"
|
||||||
},
|
},
|
||||||
|
|
|
@ -6,6 +6,9 @@ let
|
||||||
rev = "oparl";
|
rev = "oparl";
|
||||||
sha256 = "sha256-KicEjx0WlKTyFng1WSdYmS9Wd8RVKUxCJrVi9aHa1eg=";
|
sha256 = "sha256-KicEjx0WlKTyFng1WSdYmS9Wd8RVKUxCJrVi9aHa1eg=";
|
||||||
}) { inherit pkgs; };
|
}) { inherit pkgs; };
|
||||||
|
|
||||||
|
netConfig = zentralwerk.lib.config.site.net.serv;
|
||||||
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
microvm = {
|
microvm = {
|
||||||
|
@ -34,22 +37,26 @@ in
|
||||||
|
|
||||||
networking.hostName = "oparl";
|
networking.hostName = "oparl";
|
||||||
|
|
||||||
|
networking.useDHCP = false;
|
||||||
networking.interfaces.eth0 = {
|
networking.interfaces.eth0 = {
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
ipv4.addresses =
|
ipv4.addresses = [ {
|
||||||
let
|
address = netConfig.hosts4.${config.networking.hostName};
|
||||||
netConfig = zentralwerk.lib.config.site.net.serv;
|
prefixLength = netConfig.subnet4Len;
|
||||||
in [ {
|
} ];
|
||||||
address = netConfig.hosts4.${config.networking.hostName};
|
|
||||||
prefixLength = netConfig.subnet4Len;
|
|
||||||
} ];
|
|
||||||
};
|
};
|
||||||
|
networking.nameservers = [
|
||||||
|
netConfig.hosts4.dnscache "9.9.9.9"
|
||||||
|
];
|
||||||
|
|
||||||
users.users.oparl = {
|
users.users.oparl = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
group = "oparl";
|
group = "oparl";
|
||||||
};
|
};
|
||||||
users.groups.oparl = {};
|
users.groups.oparl = {};
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"${config.users.users.oparl.home}/.ssh/id_ed25519 0400 oparl oparl - ${config.sops.secrets."users/oparl/id_ed25519".path}"
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.oparl-scraper = {
|
systemd.services.oparl-scraper = {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
Loading…
Reference in New Issue
Block a user