dump-dvb/nix-config
dump-dvb
/
nix-config
mirror of https://github.com/dump-dvb/nix-config.git
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

remove data-hoarder-borken

This commit is contained in:
Markus Schmidl 2023-11-24 16:00:45 +01:00
parent c3dc8f2b0c
commit 067b632288
4 changed files with 0 additions and 210 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.sops.yaml
View File

@ -9,7 +9,6 @@ keys:
- &data-hoarder age1djp5hk6vpm5glzqy9h2e2cgam5xydx888glgs85kvs57spaf8v0sfm0pa2
- &data-hoarder-staging age1m4g4y5ga2m8xdvs7rarda3tyk4gtkyta6pfyq2n3xmy47z20kfxq73m8r8
- &data-hoarder-borken age10wj28zkuy3ewmv6hmup7849667qmevgdv4gxa8vyljye7mpu7shsjt4jeh
- &notice-me-senpai age1wxewmzwlzgtsmr29tnu76n30kv29ra5p0ptvr2e3f3ymkqh569kqm07fv4
- &tram-borzoi age10sedt7xftzu383y8g4pxsj0hazht8tnnxhcngedcsl93s4v9uvvsk99er4
- &uranus age1xnaw8ssrq2hpsntnt8kdu4dlqh4lz3dcq5lzwn490cskz886te6sreuale
@ -76,16 +75,6 @@ creation_rules:
age:
- *data-hoarder
- *data-hoarder-staging
- path_regex: secrets/data-hoarder-borken/[^/]+\.yaml$
key_groups:
- pgp:
- *admin_oxa
- *admin_revol-xut
- *admin_marenz-1
- *admin_marenz-2
age:
- *data-hoarder
- *data-hoarder-borken
- path_regex: secrets/notice-me-senpai/[^/]+\.yaml$
key_groups:
- pgp:

10
flake.nix
View File

@ -236,7 +236,6 @@
packages = {
staging-microvm = self.nixosConfigurations.staging-data-hoarder.config.microvm.declaredRunner;
borken-microvm = self.nixosConfigurations.borken-data-hoarder.config.microvm.declaredRunner;
data-hoarder-microvm = self.nixosConfigurations.data-hoarder.config.microvm.declaredRunner;
}
// (import ./pkgs/deployment.nix { inherit self pkgs lib; })
@ -269,15 +268,6 @@
] ++ data-hoarder-modules;
};
borken-data-hoarder = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs self; };
modules = [
./hosts/borken-data-hoarder
microvm.nixosModules.microvm
] ++ data-hoarder-modules;
};
notice-me-senpai = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs self; };

86
hosts/borken-data-hoarder/default.nix
View File

@ -1,86 +0,0 @@
{ config, self, ... }:
let
mac_addr = "00:de:5b:f9:e2:3e";
in
{
microvm = {
vcpu = 4;
mem = 4096;
hypervisor = "qemu";
socket = "${config.networking.hostName}.socket";
interfaces = [{
type = "tap";
id = "serv-dvb-bork";
mac = mac_addr;
}];
shares = [{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "store";
proto = "virtiofs";
socket = "store.socket";
}
{
source = "/var/lib/microvms/borken-data-hoarder/etc";
mountPoint = "/etc";
tag = "etc";
proto = "virtiofs";
socket = "etc.socket";
}
{
source = "/var/lib/microvms/borken-data-hoarder/var";
mountPoint = "/var";
tag = "var";
proto = "virtiofs";
socket = "var.socket";
}];
};
networking.hostName = "borken-data-hoarder";
time.timeZone = "Europe/Berlin";
networking.useNetworkd = true;
sops.defaultSopsFile = self + /secrets/data-hoarder-borken/secrets.yaml;
deployment-TLMS.net = {
iface.uplink = {
name = "ens3";
mac = mac_addr;
matchOn = "mac";
useDHCP = false;
addr4 = "172.20.73.39/25";
dns = [ "172.20.73.8" "9.9.9.9" ];
routes = [
{
routeConfig = {
Gateway = "172.20.73.1";
GatewayOnLink = true;
Destination = "0.0.0.0/0";
};
}
];
};
wg = {
addr4 = "10.13.37.7";
prefix4 = 24;
privateKeyFile = config.sops.secrets.wg-seckey.path;
publicKey = "jUQxEav0M5pmkcdCri7R4mryB5Q3ksnn276FYeGCHQ0=";
};
};
deployment-TLMS.domain = "borken.tlm.solutions";
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

103
secrets/data-hoarder-borken/secrets.yaml
View File

@ -1,103 +0,0 @@
wg-seckey: ENC[AES256_GCM,data:b0QcY/9TKPG8lyxUrIHU3Re8r4X9PM+hewPTEvVteKQq2t71zrR49OlYoO4=,iv:ufxvGhjk01FcgERZtp8C2U351LOoSrIiH8LmiQLdFuU=,tag:XnOHL2um0C14OmNL32di7A==,type:str]
postgres_password: ENC[AES256_GCM,data:7lEBJLa1BQ7Y,iv:keUinQS68xGcKb10jjQDSDcbVsagoVJhJ9//AC8enBI=,tag:+h8ltz+PMZMhl6O0SxFlhw==,type:str]
postgres_password_grafana: ENC[AES256_GCM,data:7UmDdje0/guR,iv:bvAt/6mnPS4q663teBzJn7+TLxZVbKmHIJKK4TX7BGY=,tag:+GSZy4OWMHp5WqATle5VEQ==,type:str]
postgres_password_hash_salt: ENC[AES256_GCM,data:WALvYBu6UwaP3kk=,iv:m5G08JoBy3IPzJzZL/OxE3nmDlVuCP755Am2nojTl4Q=,tag:TvQDSDafcHgSwtQPyEZEMg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1djp5hk6vpm5glzqy9h2e2cgam5xydx888glgs85kvs57spaf8v0sfm0pa2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0dFRYQVBJaWFMSkdRN1h5
QjZXajQwdEpWcDhnUzhNbFhwSzgycmttZWtnCjhBNko1WUZuZm8rRVV4ai9sWHRT
aE5pN1Q5U2llZEhzV082OUs4WEIxblUKLS0tIEhuQkFjSDNEb0psVHB4NVVUZjUv
eVZQNyswY1diOS9CN2R0bTUvajhIYVkKA+7ffa20N/IW3wIiQpX6WsfV17OVXEE/
XUvkn/7wuHrGASosuIXNzUtoqnFgBDdhWHa3MSUURMQ3W4NEYrRmIA==
-----END AGE ENCRYPTED FILE-----
- recipient: age10wj28zkuy3ewmv6hmup7849667qmevgdv4gxa8vyljye7mpu7shsjt4jeh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDNjJiSXNXeDlhc3V4bllW
QUFJbXZLb2RCQjA1Y1R4bnpWWktXbFUzQnhvCmhHQjB6eDV3bVJ0U3dWM082cVdk
cGY2QnU1TUZFVWJkR3J5cUJIUjJZOHcKLS0tIEJSczNidnVINUZtM1IxbE5RV0tl
Nzk0SnJzNmlaRmVlTDRjckZrdkdXQjQK1Qow+N3XCITfUeFbLunUVxgcAwWI9UUq
Tc29hy4VzIppR5KqrQ7vbOQPut9/JPovGINyl1wrqbo0z1P4RVJAcg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-05-01T02:15:23Z"
mac: ENC[AES256_GCM,data:z7/83Sch5rrtdy/b1gTxhRFLnZtNsJYtAOGjPVxbk07btKnwz24gflkoYcyDYzNLsAfxBI8ht4S7ZBTHbi/6PkF7QCvWFR8WuHDc9pKYLf4UmkKA+98sGsoIe0y9oDamb7Bh1a3J4SW4/7wPiCzMQHqeohDTzwQ5OxX14GSKQoU=,iv:+ujuMkU1pzP3oop6JlCkLbpWSUr7HK7oEw4/4+PIw04=,tag:DOcGlEV2qFgFjMWS/5ACoQ==,type:str]
pgp:
- created_at: "2023-05-01T04:55:48Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA7zUOKwzpAE7ARAAhakYMsv72V4qZs6ulA3dFlteJhAS3T3p13rooTpYNAiQ
BWhqZR36REaauKtuA7TxhM+QHHEf4sYQ1Oks664kp1e7N1IwSe3TkmrJzhBpfJ3/
f0s80jBTdIx3ZUVivV9E6G8ly3L/PoQyKvER/p/D82fHpbCWcRLidph4DOKpXCcR
eW1FMXAw5vgxSvvOwTeS0WRUD4djjjnjBp1ikgZAjb74hXB5p/hS/lmIYZ45CtTR
FONmwJOSWL0ssXe558yJ3AeL9Ut7gK0UvR6ccR+Xi6Yb5YrvkM3mzJyZZEgb4/IK
tQKAmpWXD3YYMcjpmDlzVHcQArfoXr0rM1KFUBfycRkAxl8E0OvkJRh8pzCZTHbk
4hglDs+fTd2qTrTCcrYwSQ1TlX9EmzUna7QIdPhpO17uXCvLWfr5bk6Y1DbpZA7a
xExTPcrIVwXr8cR77LIC5/onKylKK94zNlpDWG9bXS7iGc7fnm8pT9VM45yNFdS3
2A3NTbKPniou5Lu+kCd4IKf4jBDu87OqoMidYI7iviS7Ya0E/8uowFFWVBdlty++
p1oKghOUIDgnxEGGdN+0nDJ1+K51CqGtk3a5F2RdJ5F8PRVGHbaS0HSqftT0TBnY
LSXTaIYxjv3S4adsYLcy54sLTRuPrHHsVPEB0bHK1EhMxLV2BFGXTMELFHc+31PS
UQFoCL64dI+aD8XhQTNJq4ZeaZmEK08lWdGpZWf+6k1uVi4n/j/HTm9S+nYOvv5l
mIM4f5Lt+OVpXwTVoEc338wEGOKNsRTVKp8GgRrWayS4Dw==
=eSbT
-----END PGP MESSAGE-----
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
- created_at: "2023-05-01T04:55:48Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA/YLzOYaRIJJAQ/+P9VQnRpo7qEfb8ONxAJ3SMQOv0KsIO/O6Jt+C0ad5W4h
cy5kN0YzfLg+fnBLhwnsQuVuhpt8YJkl6LQl7TysMUsc8B2opfJMhrXkG6sapY9z
v4DF+D0sPO1gnu1VJ4a+q66CpEdkHuS3vDss25xT9RomtRc5yM2B29+qZSCmitj/
VkufiDOOndBYByVzJ6BXiIHpTdQxDZfrL40k8cY09+fHW+O5550+6TX8pvpwKB0p
SdtDcQAENosYjCgTgZk0Nf6X28ssWs1vwzsq/IssjEluOnRqOjlvwC3YcfvYhizN
kO2lFAxTdgbPwnqcRW5/oSC8uHs2MgWa2axAG841xr1Szlyk0SRM3gjUSMq8AscT
GSdVwWIPH9lky7ZFWiLxizZzfIOHad+Xwt78gAHBQEpggNqThoiXs081q7s7wzHE
DHThYkOJKWEi2xvOaSUKA6cTZSm8epWVBT+MWtibp+Qqzpruqj3qIsCNYw5D0Zl2
HaAU7I7Al+tIuItB6laWXXPp9QMwmCn28PbU9rGpYVtJEJ5n8oZKzg1xAmmkkOSD
UUA0e5++DfZAZHsgCaiGDvwQM/5vKJixGDNP2+JOEu+NFL/0fmGuDI2ISC07GUe+
7HAAT7CH7cBweO3P9K4+aO7+GGBnBIGIeYrW+027wdy11GhL+ODBw9ZynhFHQC3S
XgEwR96tHyGiIPhGKT9PxcK+2asuDTxSgw2YV8DdOaVskL/xhuG6jG7/19f/h+AD
iiMjm+OL1kzHrS/PktmOgxmwg0Hu9Q0j5A7PPqMrd/xY61Cnaj7HcKdNWD3pYwA=
=Lmii
-----END PGP MESSAGE-----
fp: 91EBE87016391323642A6803B966009D57E69CC6
- created_at: "2023-05-01T04:55:48Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQEMA1N/l9+zlMQzAQgAp5lpYqMolYFOJtiIPxHdMbkUXZf9X9OMP2Bm/90TO25o
J52eYn4NagTbGBpl4nqndMtZKAs2AmJeeX2eR3c7Q51eE+D9LijonA0T3x7q9HN+
OXXDTGyX/RvIroWhzCCiftXvzZHhHYXCqcpcQ2CzSCOflMbSTh21ZUVEt97u29HL
V7LRILU3BaQ4Z/i1S8abFoBF/qBjVljoiKvWb5mySulrH33D1L/v6mwqYN1VKMiD
TbYPOuD7ou5i74wwwjGn3Y+Klq/oGZorskVHH/rfEQExXHeeC4zCzYBLhohvmJxW
7azPF28DXLra/FjdtWy97Bh++9gf7BX0PC3OEuM7adJeAU7t0bJaKc4Ww7xFCHj2
YcYrXcCctHMfDtpMs4sgZ8j4Quxk9/+9JJn6jD5q1p5DFP9Pbm8OJuEgBraxFLZH
SM1US3+TA+5ZzxJTPuHVONNaRy94rtJJRRZpgZlKfw==
=GP7Z
-----END PGP MESSAGE-----
fp: 069836A578F7939612DB4934F77D0F7E247A1EE4
- created_at: "2023-05-01T04:55:48Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQEMA1N/l9+zlMQzAQf+O12zDC/pFf1H5kie/Uyty712QZxlWmnWRkoiAVk/J3j9
Pq5VBnlmNzaNDtD5UOQEUPf2669QrzkAVs4NjnQrRwImX9q3/Z6fS2TPZ2LTbZp3
1dS1H/jhWfdTAFc9C2GEU/5hrVZ46TwsrGbo47dg8vofcG0vCWg6IxfF1RFhDdtI
C2ZqCF+/IyNigvL8nNejIz9fRqi3BWHWIOV9H8XXzL+E1OBcO90mkcRZg6NPRy/u
o1J8D+PK22chskDwfoNkN5DKl6pd6nlE4iyYGaIRUz4ftcCC8iqZLhzJ8evTd6KN
tB2VX20VaZRcYBaq/VOmKYpDpHkXMKgHM2Fmuq5ZSdJeAd3n6xfulH5m8rw1gwCQ
wL5nYALACdvHZglQ6yiIZZ++qWLXT86FZqyOXWOXhjIG/+mUkoKTCZg6ZDGJMfbf
oNTYVdIKdgyIAlLubGW4SgoComjHiBBxbH2KZQouYA==
=T06/
-----END PGP MESSAGE-----
fp: ED06986DFAAE6A61B751DC2F537F97DFB394C433
unencrypted_suffix: _unencrypted
version: 3.7.3