oparl: add secrets

flake.lock

@@ -462,11 +462,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1651866459,
+        "lastModified": 1653693749,
-        "narHash": "sha256-3meISPND17bqm20wRKBK8ZF8AauHLJ7s3dRW2Pps2eE=",
+        "narHash": "sha256-xUhR5spPie631lbhYuWaj8C/7pLyG2ECnsM+qiVSYhc=",
         "ref": "master",
-        "rev": "398eccd4ba7589ca901281ffa38ae131d35c4ae8",
+        "rev": "e1070cfa48be3269e9bac87d7edd59399c1afc2b",
-        "revCount": 125,
+        "revCount": 127,
         "type": "git",
         "url": "ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git"
       },

hosts/containers/oparl/default.nix

@@ -6,6 +6,9 @@ let
     rev = "oparl";
     sha256 = "sha256-KicEjx0WlKTyFng1WSdYmS9Wd8RVKUxCJrVi9aHa1eg=";
   }) { inherit pkgs; };
+
+  netConfig = zentralwerk.lib.config.site.net.serv;
+
 in
 {
   microvm = {
@@ -34,22 +37,26 @@ in
 
   networking.hostName = "oparl";
 
+  networking.useDHCP = false;
   networking.interfaces.eth0 = {
     useDHCP = false;
-    ipv4.addresses =
+    ipv4.addresses = [ {
-      let
+      address = netConfig.hosts4.${config.networking.hostName};
-        netConfig = zentralwerk.lib.config.site.net.serv;
+      prefixLength = netConfig.subnet4Len;
-      in [ {
+    } ];
-        address = netConfig.hosts4.${config.networking.hostName};
-        prefixLength = netConfig.subnet4Len;
-      } ];
   };
+  networking.nameservers = [
+    netConfig.hosts4.dnscache "9.9.9.9"
+  ];
 
   users.users.oparl = {
     isNormalUser = true;
     group = "oparl";
   };
   users.groups.oparl = {};
+  systemd.tmpfiles.rules = [
+    "${config.users.users.oparl.home}/.ssh/id_ed25519 0400 oparl oparl - ${config.sops.secrets."users/oparl/id_ed25519".path}"
+  ];
 
   systemd.services.oparl-scraper = {
     wantedBy = [ "multi-user.target" ];