parent
852a3150b2
commit
daf15aa5be
|
@ -372,6 +372,13 @@ creation_rules:
|
||||||
- *radiobert
|
- *radiobert
|
||||||
- *polygon-snowflake
|
- *polygon-snowflake
|
||||||
|
|
||||||
|
- path_regex: hosts/scrape/secrets\.yaml$
|
||||||
|
key_groups:
|
||||||
|
- pgp: *admins
|
||||||
|
age:
|
||||||
|
- *scrape
|
||||||
|
- *polygon-snowflake
|
||||||
|
|
||||||
- path_regex: hosts/server8/secrets\.yaml$
|
- path_regex: hosts/server8/secrets\.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- pgp: *admins
|
- pgp: *admins
|
||||||
|
|
16
flake.lock
16
flake.lock
|
@ -543,7 +543,6 @@
|
||||||
"openwrt-imagebuilder": "openwrt-imagebuilder",
|
"openwrt-imagebuilder": "openwrt-imagebuilder",
|
||||||
"rust-overlay": "rust-overlay",
|
"rust-overlay": "rust-overlay",
|
||||||
"scrapers": "scrapers",
|
"scrapers": "scrapers",
|
||||||
"secrets": "secrets",
|
|
||||||
"simple-nixos-mailserver": "simple-nixos-mailserver",
|
"simple-nixos-mailserver": "simple-nixos-mailserver",
|
||||||
"skyflake": "skyflake",
|
"skyflake": "skyflake",
|
||||||
"sops-nix": "sops-nix",
|
"sops-nix": "sops-nix",
|
||||||
|
@ -613,21 +612,6 @@
|
||||||
"url": "https://gitea.c3d2.de/astro/scrapers.git"
|
"url": "https://gitea.c3d2.de/astro/scrapers.git"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"secrets": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1713190267,
|
|
||||||
"narHash": "sha256-JuK9t9ax6iNJka99MuEHBigggURtuOldIuO3wRIqrJI=",
|
|
||||||
"ref": "refs/heads/master",
|
|
||||||
"rev": "3ebb2eed7868e62215a5d620ca903286850a8229",
|
|
||||||
"revCount": 167,
|
|
||||||
"type": "git",
|
|
||||||
"url": "ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"type": "git",
|
|
||||||
"url": "ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"simple-nixos-mailserver": {
|
"simple-nixos-mailserver": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"blobs": "blobs",
|
"blobs": "blobs",
|
||||||
|
|
|
@ -165,8 +165,6 @@
|
||||||
fenix.follows = "fenix";
|
fenix.follows = "fenix";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
# deprecated
|
|
||||||
secrets.url = "git+ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git";
|
|
||||||
simple-nixos-mailserver = {
|
simple-nixos-mailserver = {
|
||||||
# url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11";
|
# url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11";
|
||||||
url = "gitlab:SuperSandro2000/nixos-mailserver/quote-ldap-password";
|
url = "gitlab:SuperSandro2000/nixos-mailserver/quote-ldap-password";
|
||||||
|
@ -221,7 +219,7 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = inputs@{ self, alert2muc, c3d2-user-module, deployment, disko, fenix, heliwatch, microvm, naersk, nixos, nixos-hardware, nixos-modules, buzzrelay, caveman, oparl-scraper, simple-nixos-mailserver, scrapers, secrets, skyflake, sshlogd, sops-nix, spacemsg, ticker, tigger, yammat, zentralwerk, ... }:
|
outputs = inputs@{ self, alert2muc, c3d2-user-module, deployment, disko, fenix, heliwatch, microvm, naersk, nixos, nixos-hardware, nixos-modules, buzzrelay, caveman, oparl-scraper, simple-nixos-mailserver, scrapers, skyflake, sshlogd, sops-nix, spacemsg, ticker, tigger, yammat, zentralwerk, ... }:
|
||||||
let
|
let
|
||||||
inherit (nixos) lib;
|
inherit (nixos) lib;
|
||||||
|
|
||||||
|
@ -630,9 +628,6 @@
|
||||||
./hosts/scrape
|
./hosts/scrape
|
||||||
{
|
{
|
||||||
_module.args = { inherit scrapers; };
|
_module.args = { inherit scrapers; };
|
||||||
|
|
||||||
# TODO: migrate to sops
|
|
||||||
nixpkgs.overlays = [ secrets.overlays.scrape ];
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, config, scrapers, ... }:
|
{ lib, config, pkgs, scrapers, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
freifunkNodes = {
|
freifunkNodes = {
|
||||||
|
@ -37,14 +37,29 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sops = {
|
||||||
|
defaultSopsFile = ./secrets.yaml;
|
||||||
|
secrets = {
|
||||||
|
"scrape/matemat/user".owner = config.users.users.scrape.name;
|
||||||
|
"scrape/matemat/password".owner = config.users.users.scrape.name;
|
||||||
|
"scrape/xeri/user".owner = config.users.users.scrape.name;
|
||||||
|
"scrape/xeri/password".owner = config.users.users.scrape.name;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
systemd.services = let
|
systemd.services = let
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
User = config.users.users.scrape.name;
|
User = config.users.users.scrape.name;
|
||||||
Group = config.users.users.scrape.group;
|
Group = config.users.users.scrape.group;
|
||||||
};
|
};
|
||||||
scraperPkgs = import scrapers { inherit pkgs; };
|
scraperPkgs = import scrapers { inherit pkgs; };
|
||||||
makeService = { script, host ? "", user ? "", password ? "" }: {
|
makeService = {
|
||||||
script = "${scraperPkgs."${script}"}/bin/${script} ${host} ${user} ${password}";
|
script,
|
||||||
|
host ? "",
|
||||||
|
userFile ? "",
|
||||||
|
passwordFile ? ""
|
||||||
|
}: {
|
||||||
|
script = "${lib.getExe scraperPkgs."${script}"} ${host} ${lib.optionalString (userFile != "") ''"$(cat ${userFile})"''} ${lib.optionalString (passwordFile != "") ''"$(cat ${passwordFile})"''}";
|
||||||
inherit serviceConfig;
|
inherit serviceConfig;
|
||||||
};
|
};
|
||||||
makeNodeScraper = nodeId: {
|
makeNodeScraper = nodeId: {
|
||||||
|
@ -67,7 +82,8 @@ in {
|
||||||
scrape-xeri = makeService {
|
scrape-xeri = makeService {
|
||||||
script = "xerox";
|
script = "xerox";
|
||||||
host = "xeri.hq.c3d2.de";
|
host = "xeri.hq.c3d2.de";
|
||||||
inherit (pkgs.scrape-xeri-login) user password;
|
userFile = config.sops.secrets."scrape/xeri/user".path;
|
||||||
|
passwordFile = config.sops.secrets."scrape/xeri/user".path;
|
||||||
};
|
};
|
||||||
scrape-roxi = makeService {
|
scrape-roxi = makeService {
|
||||||
script = "xerox";
|
script = "xerox";
|
||||||
|
@ -76,7 +92,8 @@ in {
|
||||||
scrape-matemat = makeService {
|
scrape-matemat = makeService {
|
||||||
script = "matemat";
|
script = "matemat";
|
||||||
host = "matemat.hq.c3d2.de";
|
host = "matemat.hq.c3d2.de";
|
||||||
inherit (pkgs.scrape-matemat-login) user password;
|
userFile = config.sops.secrets."scrape/matemat/user".path;
|
||||||
|
passwordFile = config.sops.secrets."scrape/matemat/user".path;
|
||||||
};
|
};
|
||||||
scrape-impfee = makeService {
|
scrape-impfee = makeService {
|
||||||
script = "impfee";
|
script = "impfee";
|
||||||
|
|
Loading…
Reference in New Issue