dump-dvb/nix-config
dump-dvb
/
nix-config
mirror of https://github.com/dump-dvb/nix-config.git
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

starting the testbet

This commit is contained in:
Tassilo - 2023-04-18 19:17:19 +02:00
parent 2a1a657c2c
commit 941875ca3e
Signed by: revol-xut
GPG Key ID: 4F56FF7759627D07
7 changed files with 125 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
.sops.yaml
View File

@ -3,7 +3,10 @@ keys:
- &admin_revol-xut 91EBE87016391323642A6803B966009D57E69CC6
- &admin_marenz-1 069836A578F7939612DB4934F77D0F7E247A1EE4
- &admin_marenz-2 ED06986DFAAE6A61B751DC2F537F97DFB394C433
# - &admin_astro
# test key
- &test age1925katzy5gws3f9hnvnlwspu6trxf488arwt6ayw3urg2mgumqhszxnmqh
- &data-hoarder age1djp5hk6vpm5glzqy9h2e2cgam5xydx888glgs85kvs57spaf8v0sfm0pa2
- &data-hoarder-staging age1m4g4y5ga2m8xdvs7rarda3tyk4gtkyta6pfyq2n3xmy47z20kfxq73m8r8
- &watch-me-senpai age18q907v2706qxmjewqan7xng2su3z6zyz9a2q444jew22apd46y7q8wjjku
@ -50,6 +53,15 @@ creation_rules:
age:
- *data-hoarder
- *data-hoarder-staging
- path_regex: secrets/mctest/[^/]+\.yaml$
key_groups:
- pgp:
- *admin_oxa
- *admin_revol-xut
- *admin_marenz-1
- *admin_marenz-2
age:
- *test
- path_regex: secrets/data-hoarder-staging/[^/]+\.yaml$
key_groups:
- pgp:

18
flake.lock
View File

@ -338,11 +338,11 @@
]
},
"locked": {
"lastModified": 1681675448,
"narHash": "sha256-MZROMuhBDdkkR1Zg+L1kXQ1dzopdUH9uNGqFdO+hEUs=",
"lastModified": 1681762509,
"narHash": "sha256-IzAZeVZpuLZX2rsxVVVHhnd8lKJ3bXWXEx5S+uzELlw=",
"owner": "tlm-solutions",
"repo": "kindergarten",
"rev": "102c0c7b2f74c8e82384acf9bbe02aa5b92950fe",
"rev": "70a9116b0fc09335feecca63b4e2c9034692a6ee",
"type": "github"
},
"original": {
@ -420,11 +420,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1681696129,
"narHash": "sha256-Ba2y1lmsWmmAOAoTD5G9UnTS/UqV0ZFyzysgdfu7qag=",
"lastModified": 1681759395,
"narHash": "sha256-7aaRtLxLAy8qFVIA26ulB+Q5nDVzuQ71qi0s0wMjAws=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "de66115c552acc4e0c0f92c5a5efb32e37dfa216",
"rev": "cd749f58ba83f7155b7062dd49d08e5e47e44d50",
"type": "github"
},
"original": {
@ -578,11 +578,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1681721408,
"narHash": "sha256-NWCbZKOQEXz1hA2YDFxdd+fVrrw9edbG1DvbbLf7KUY=",
"lastModified": 1681821695,
"narHash": "sha256-uwyBGo/9IALi97AfMuzkJroQQhV6hkybaZVdw6pRNG4=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "de6514f8fe1b3c2b57307569a0898bc4be9ae1c5",
"rev": "5698b06b0731a2c15ff8c2351644427f8ad33993",
"type": "github"
},
"original": {

6
flake.nix
View File

@ -265,7 +265,7 @@
packages = {
staging-microvm = self.nixosConfigurations.staging-data-hoarder.config.microvm.declaredRunner;
data-hoarder-microvm = self.nixosConfigurations.data-hoarder.config.microvm.declaredRunner;
fuck-microvm = self.nixosConfigurations.fuck.config.microvm.declaredRunner;
fuck-microvm = self.nixosConfigurations.fuck.config.system.build.vm;
docs = pkgs.callPackage ./pkgs/documentation.nix {
inherit documentation-src;
options-docs = (pkgs.nixosOptionsDoc {
@ -288,9 +288,9 @@
echo
set -x
export QEMU_NET_OPTS="hostfwd=tcp::2223-:22,hostfwd=tcp::8050-:${toString cfg.TLMS.trekkie.port},hostfwd=tcp::8060-:${toString cfg.TLMS.datacare.port},hostfwd=tcp::8070-:${toString cfg.TLMS.dataAccumulator.port},hostfwd=tcp::8070-:${toString cfg.TLMS.funnel.defaultWebsocket.port}"
export QEMU_NET_OPTS="hostfwd=tcp::2223-:22,hostfwd=tcp::8050-:${toString cfg.TLMS.trekkie.port},hostfwd=tcp::8060-:${toString cfg.TLMS.datacare.port},hostfwd=tcp::8070-:${toString cfg.TLMS.dataAccumulator.port},hostfwd=tcp::8080-:${toString cfg.TLMS.funnel.defaultWebsocket.port}"
echo "running the vm now..."
${self.packages."x86_64-linux".fuck-microvm}/bin/run-nixos-vm
${self.packages."x86_64-linux".fuck-microvm}/bin/run-staging-data-hoarder-vm
'');
}
// (import ./pkgs/deployment.nix { inherit self pkgs; systems = stop_boxes; })

4
hosts/fuck/default.nix
View File

@ -1,4 +1,4 @@
{ inputs, lib, modulesPath, ... }:
{self, inputs, lib, modulesPath, ... }:
{
imports = [
"${modulesPath}/virtualisation/qemu-vm.nix"
@ -41,7 +41,7 @@
have fun!
'';
sops.defaultSopsFile = (lib.mkForce (self + /secrets/mctest/secrets.yaml));
networking.firewall.enable = false;

3
keys/gpg/test.age Normal file
View File

@ -0,0 +1,3 @@
# created: 2021-10-15T12:49:19+02:00
# public key: age1925katzy5gws3f9hnvnlwspu6trxf488arwt6ayw3urg2mgumqhszxnmqh
AGE-SECRET-KEY-185C2AV5M0U2FAUL3LYQXDU7N5ZE226GRFRUY2976GNKGEXLQC3DQ539JDN

1
modules/data-hoarder/postgres.nix
View File

@ -44,6 +44,7 @@
# Get graphana to SELECT from tables that might be interesting for it
$PSQL -c "GRANT CONNECT ON DATABASE tlms TO grafana;"
$PSQL -c "GRANT SELECT ON r09_transmission_locations TO grafana;"
$PSQL -d tlms -c "GRANT SELECT ON r09_telegrams, raw_telegrams, gps_points, trekkie_runs, regions TO grafana;"
unset DATABASE_URL

94
secrets/mctest/secrets.yaml Normal file
View File

@ -0,0 +1,94 @@
postgres_password: ENC[AES256_GCM,data:IR2dKubCkEk=,iv:5a5t4XEgR9f6g2mErhAiNrJQ8FNIcRYp6a8vy3r9wNs=,tag:hTW/6XRL3H/J5PiOqw7hhg==,type:str]
postgres_password_grafana: ENC[AES256_GCM,data:CQV5bJcd8HI=,iv:kzz3Zao1v4tPlen3fgZ38B4/gbcYmq7g3p79g1TrLmA=,tag:gnI2TgXftH+W3aldezspnA==,type:str]
postgres_password_hash_salt: ENC[AES256_GCM,data:Z478jkpCIEk=,iv:IIQVTYyotc1Vd0yqfF/mwZLhREslKs4K/PCRFU9GNfs=,tag:TeRWb8pt9wVvEVbwIouqWg==,type:str]
wg-seckey: ENC[AES256_GCM,data:NRdydeVJW1KOlrldOcgyHEsVzTtBqehsFhpRZ21b9TDuV5Yms9lxQ2oY56M=,iv:+DQNVmAM2PkGeTjEAPHYSSvvkonpGlidDzVQJsmoGD0=,tag:ootw8XWc+1jWcNY5zSDLgg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1925katzy5gws3f9hnvnlwspu6trxf488arwt6ayw3urg2mgumqhszxnmqh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnMGdyb1I0VkRnWGFpZ3Ni
b0x6T2hRclhSZENTdUJkVUNFNVJXaTdrR0I4CkRQRUxCeHBTZnI0OEY4L0dJNDZM
eE9YT0htbENOU2o2aUlPTjlFQ2ZNVkEKLS0tIFBCQzhISFFWZUl0WDk0K3ZxdjRO
ZFhMTm5SbjA4U05jbHJvRVVOUTRXTHcKltNcBvmyccoUU8pOBI0cmbw76XjEoHri
DgAiJvPLupe9Rd+ShKwVsvMoQB0m9ZlczpFsPXaSmOZksOn+lpqP4A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-04-18T10:14:14Z"
mac: ENC[AES256_GCM,data:3++jurmkbfeCG+xVdEB4zKHGRrIKuzWg0Mo9L2r/laNe6yIziQCP+rrcZX+YMT7wkw9JiM25nICD46aDiz7D2PkVLxiLY9artHPiaWdyZ0dUR5ZLyB/9vXM46ujtCekyDr0lOsL3rpTblTFn0XWivmHRZlbYrnrRrud7opIoTvk=,iv:E+/PhQGIjTzWu/WHytRXx/2m3ASGDUcurAS+ikW5S90=,tag:WT1rSlm6BqEgLPMKyNiINA==,type:str]
pgp:
- created_at: "2023-04-18T10:12:34Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA7zUOKwzpAE7AQ//ajDN7xTx3YN2Qnd/Z5ih0Kvv4H75aJDB5Nw3ri6dmULR
/pFKa8XFKMcO930OnkEiYDc4hTR+5PqRCHo9miR02j2WLfGd348mVv/PHeuMMQMV
M9Naw50ZOdM87KUfE3EH6GO/6CPtGG3Dz7k1KpMoyg3g3T3jK+OJ1kJdHfxnG2h7
+RhrZJxk9A75qPPgEusR54Uqq1DzvMzSX+GT39vkhhdMQ0iuqZBj0tsqXKFBpJEL
p60bKCQOT4NUUQcLna1LuFZNP3HckTIZdsjNGTUqsfCVL9QpAl/v+gmNA0ZGxyWT
r3al8p3LBwlGTrYGZmzNXXkUlJDKuo+N/7YBhx6KICa+Mx90gp0DgGoWXFGRqe1w
Yt/dyptP41O4OWmYNS8fz5nckYqXJTal31bJQ0i9fPiEYD1m/sV5tzKICU74aWR2
ZggIVJ7KqjKPrfmikKWjxQu4aXMg2HzbEqYg9xS9g3N7GAIAODs04YP7vmJDfx9j
+Wx/nLvVERx232ulSlgtbFzxNtf5GrZXr85eEse+xEkNFC6YhgT8tVWSWmFWQZfJ
CRHeyfjg9x91TqrCaNfPTorQiXbsE9MuHGSyqgcIXfxH6RNBQb/uo7tN8SjfkAje
3n/6Tmoj/ICtxLS1WIBmpKPbiSuBgQEBXnRw0UbhH2B7XVxsStnT0fjFAq2YOevS
UQEToGtLTApL1Ajc+j2wLDYyjyDa97Ac3cycCASrHEstSl0S0KpF8zwoFNh9vZZM
F7fX1503UkEfXrZpRVwkdwK2vUErEn3BvSpxz/aZTYiAQw==
=r8TU
-----END PGP MESSAGE-----
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
- created_at: "2023-04-18T10:12:34Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA/YLzOYaRIJJARAAyKKgYY/frzgwzvuI+dgoBvJ+YZ5gQJ0EvhlMuCIAz5wE
0a63iupLo+JkLYg1FHFtAkgRBT3rxFWehIfOnp6k8HlJp8UmPziLsr+290AgSKI4
zfjNixyBHgmycwKwzGW1SYnxMBLOU5i6psbjxtw99VLXlfassYKgdz3ORXbADqu8
dhVdaMZsWaGHJ1wsU1HjLDbRgLyQZD7Oa5YYmiB+9uXraHkGX4t2ikRIR84Itsrh
q5Tu6+8QlANJ7Fyd+8PugRTuN+DxOUXKOZvi1dWQE0kVU8z/LdbsMh8V/JdhmjFM
NpuHEhrJctgwqmJP9UTMF0zR6vSXMPoj/0kejELNYkd7CNi1YHfidr+tFNDOvHcH
8vDQhZx+pJA7p4GeP4iOpro21hAlu7Ee6ybHF9fqI9up6XmRyYy4AHbxudANAXyI
lTQ02nCeef18m9UchqFOR7BQ9qea6XLTny+8GZ5kQCLRzlvoJvxydZJ/3k8CdOjQ
+Qi81rogMTKVO3Dc3jvEKXfb7pRO/W+IZnrMWBmCGdkFZVox0KHtt/ktgw1FfdKU
3pAbHTjetgYNpqid3K5QgUfps12nKyAt9B8E4+myJT//OTirbR3jfobhbS7PQh1Z
bHy+NGUiaH+2+6mJ5n4c9uFyWufn3VXTzgNczxtoXZLuiwT/7JF+Dw8Y0K5slEfS
XAFArk3WKptYG6WF80+kzCn83qengHx6rNbDvQk/ju8UEH3UQzOhnXk0HTVLLgno
7PDVEFOCBLPQN3SM43urVrNoEkFqlVQGilAIA3mw84X9hm0bEY2wWCxkD6QM
=5+wv
-----END PGP MESSAGE-----
fp: 91EBE87016391323642A6803B966009D57E69CC6
- created_at: "2023-04-18T10:12:34Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQEMA1N/l9+zlMQzAQf/UwrquoJ1BEhvB4cbtQDoyL/vLD59KmQAJAXM3hFp+SQ1
wafomilIkuqGNjy/r9BRJIRrMmSyy3AV9SYkCQWsABcFGYjWL+voF9JE0XB5T4++
jqkGVLrWfT2L9O1k9MtDCGVjGiDA1CZN1aZvbugOp6bcOTgJeB9Qt337ejJyjFFu
qYG6BKmOK/GnZ9IWL0zAw6bMvMB5vnALe6Z0q8x/7ZlqoySFGvW96o4GXNToV1DI
5B4QbF3r3W0oqtxLJrFF8G9IfKpWXNYU79Ks8KrDqDLh9hatVRKRm8eHAqCPVEpZ
yczRv8/9ZN3xt2IoBKHvXfmxWrD4Yy4A7SiPUtXlwdJcAUUdhPFN2Q7YVSQCraHP
vWt8GYvAlfjzKdjOcwh0nGrUhzG9w35cFo+iPfJ64dcw84nU++CbcgnBe04aNVnB
5DPXM7Rj7ztLhP85OGcfvSXTrxFsnw7CVGYYf7Q=
=Jviq
-----END PGP MESSAGE-----
fp: 069836A578F7939612DB4934F77D0F7E247A1EE4
- created_at: "2023-04-18T10:12:34Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQEMA1N/l9+zlMQzAQgAk26yI6WdDYeH+AH+QBNF/lGVq3u9ZnKbcl9FPUaQMy1h
Xubt1k9HSiFvwX6P/hs0FnVA1qpg+Hcv/MG+fHAlraxwMMj3UT36HhpryxeMvGNv
g8H0PIbZCqAz51Fd2OndvL9qsYR5DD/SSWqsKti10ANwKXE+4x+La2KmMyRM6JJE
U7AigEW81yvyScJ2CNGrUhPBpNfI2XK+5ChQliNGPs7KdBagwfO3DkVYfyG7azo/
1/MC4GhzF8SoSjYBw2mgEwlem4Ls+JIZCDaGGH7hASMIDfxKHXcr8uejmEa+hTyO
mk32OO6WIGglpARpd+g6T3SQEN45sv522D39orXihdJcAWwfK604jy7W5xlLpT2z
/60aKCs/59a31oqcdwte5NMYJ8fwENLIgvoKenBS5GZ1/IPH+VtYbfDu4TQTOcfn
UbK4LYB++IHJQ+u/QuwcPwGzrli529JeQwK8JAg=
=Qd0p
-----END PGP MESSAGE-----
fp: ED06986DFAAE6A61B751DC2F537F97DFB394C433
unencrypted_suffix: _unencrypted
version: 3.7.3