diff --git a/.sops.yaml b/.sops.yaml index 930d112..9958945 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -19,6 +19,8 @@ keys: - &traffic-stop-box-6 age1sgd9lvwgda2rgmhfxkve5u3ljdgjcrs79a2juq766jkvz23v34usgt039z # aachen - &traffic-stop-box-7 age1z5n0seu0qpt3y86gmz92mnmts0x8jd0a646e9ld2x5dqvvu5kgzsu93um4 + # C3H + - &traffic-stop-box-8 age1z5n0seu0qpt3y86gmz92mnmts0x8jd0a646e9ld2x5dqvvu5kgzsu93um4 creation_rules: - path_regex: secrets/[^/]+\.yaml$ key_groups: @@ -125,5 +127,14 @@ creation_rules: - *admin_revol-xut - *admin_marenz-1 - *admin_marenz-2 - - age: + age: - *traffic-stop-box-7 + - path_regex: secrets/traffic-stop-box-8/[^/]+\.yaml$ + key_groups: + - pgp: + - *admin_oxa + - *admin_revol-xut + - *admin_marenz-1 + - *admin_marenz-2 + age: + - *traffic-stop-box-8 diff --git a/flake.nix b/flake.nix index 5686896..ed4da46 100644 --- a/flake.nix +++ b/flake.nix @@ -121,6 +121,10 @@ id = 7; arch = "x86_64-linux"; } + { + id = 8; + arch = "aarch64-linux"; + } ]; # attribute set of all traffic stop boxes diff --git a/hosts/traffic-stop-box/7/config_7.json b/hosts/traffic-stop-box/7/config_7.json index c571de1..25768ed 100644 --- a/hosts/traffic-stop-box/7/config_7.json +++ b/hosts/traffic-stop-box/7/config_7.json @@ -3,5 +3,5 @@ "lat": 51.027105, "lon": 13.723606, "id": "", - "region": 0 + "region": 9 } diff --git a/hosts/traffic-stop-box/8/config_8.json b/hosts/traffic-stop-box/8/config_8.json new file mode 100644 index 0000000..8bc17cb --- /dev/null +++ b/hosts/traffic-stop-box/8/config_8.json @@ -0,0 +1,7 @@ +{ + "name": "C3H", + "lat": 52.388032, + "lon": 9.717867, + "id": "", + "region": 4 +} diff --git a/hosts/traffic-stop-box/8/default.nix b/hosts/traffic-stop-box/8/default.nix new file mode 100644 index 0000000..dcd2af3 --- /dev/null +++ b/hosts/traffic-stop-box/8/default.nix @@ -0,0 +1,13 @@ +{ self, ... }: { + imports = [ + "${self}/hardware/dell-wyse-3040.nix" + ]; + + services.openssh.extraConfig = '' + PubkeyAcceptedKeyTypes sk-ecdsa-sha2-nistp256@openssh.com,sk-ssh-ed25519@openssh.com,ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512 + ''; + users.users.root.openssh.authorizedKeys.keys = [ + ]; + + deployment-dvb.net.wg.publicKey = "dL9JGsBhaTOmXgGEH/N/GCHbQgVHEjBvIMaRtCsHBHw="; +} diff --git a/modules/traffic-stop-box/radio-config.nix b/modules/traffic-stop-box/radio-config.nix index 0497757..5dffbb0 100644 --- a/modules/traffic-stop-box/radio-config.nix +++ b/modules/traffic-stop-box/radio-config.nix @@ -11,6 +11,7 @@ let { frequency = 170790000; offset = 20000; device = ""; RF = 14; IF = 32; BB = 42; } # dresden test box { frequency = 150827500; offset = 19550; device = ""; RF = 14; IF = 32; BB = 42; } # warpzone münster { frequency = 150827500; offset = 19550; device = ""; RF = 14; IF = 32; BB = 42; } # drehturm aachen + { frequency = 150827500; offset = 20000; device = ""; RF = 14; IF = 32; BB = 42; } # C3H ]; receiver_config = lib.elemAt receiver_configs config.deployment-dvb.systemNumber; diff --git a/secrets/traffic-stop-box-8/secrets.yaml b/secrets/traffic-stop-box-8/secrets.yaml new file mode 100644 index 0000000..935fd56 --- /dev/null +++ b/secrets/traffic-stop-box-8/secrets.yaml @@ -0,0 +1,92 @@ +wg-seckey: ENC[AES256_GCM,data:QxgwFE8QTSpre+4VWouCSIvU0No52doTscXCSrD74AnFA/MnDhMGsvZ6YBw=,iv:VSJnUkvtgG4wn90viJNIJyCy2kcCFNCZ8Dnm93uEeeU=,tag:I0KjPS4Oo4wkDJcn6lXz3Q==,type:str] +telegram-decoder-token: ENC[AES256_GCM,data:GJQ3YigHtkxtmCZB1Ea72rauIzkoJfIFqiIshgvvuNw=,iv:d5LZTi2/RHtrGmUe1ksVJQynpyLaum8RDyROpMAyZaQ=,tag:mTjjvhYLGBN4C5UfzYcIrA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1z5n0seu0qpt3y86gmz92mnmts0x8jd0a646e9ld2x5dqvvu5kgzsu93um4 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwS0lkWUFHcVlGNU55bHpt + V2k3R25uYis3dTg3ZmpZM0xUUUJGV0RlTEhFCnBCdXZ4ZnM0Q0lHMVB2THpRVnRG + RlAyc1U1LzNNQm5oZ1FhTTdQaVBJOHMKLS0tIEFUU09rZi9aMVk3MkN0bmJzVXA2 + NTVnZTRpVnRXQ0I4eXk5R1I1YU5vQ1EKt/Z9ZNS5E8/CBbA1ITGyGEapcPGtkatk + xVlJCDh5MsAPgmT47GSPNgGOUZEXV0fKrCNHKZ4AfIye7Bn3MwvxOA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-11-28T18:15:34Z" + mac: ENC[AES256_GCM,data:DYYhTAdxOt7qwWNLsl2urAqAIez+359Z3r+ZMOcs6wuD6Q6OLuyV8E7zzWhpt+hrAcRICzkRSzVMRatHckKZz5/Ej7AkYeKUML3QfWJ2dQDhmijLayYXXXeH0HrZh4DqD8xOhIFVIWxNQtIRboUMvMkz0+ao7nvMqLGaRaqiIT8=,iv:S5zQE6YOTo+Tx65Z6q7xhb/niC0ZbxqWD6jji3Ody1A=,tag:n/MfLMBi1yeXeUY3riVYPA==,type:str] + pgp: + - created_at: "2022-11-28T17:54:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA7zUOKwzpAE7AQ//XYgAcYT/w8u4x3K8wRCFhBA1pZQPi/dMaw+rPIL6/dO9 + 3CWwT54k3nDLKdi8DFpJNpCpsbcjlehFhlMfiakY5OjLcWVg30lJ22N9pGe7J76/ + yDACgpRSsqQ7S0oA6EjMO2NtiQXIv4lWcpm1HQDTn8VPqNvnPvZk/YlMzMk7Xoj/ + IiYsSU/uMHga1NWTLRzJrQIS+DkgbJgH+/3O/v4dX2bf8ntghQhnp0pwP+DOWUeo + 6hfzA32Dk7sryyekVS8Q2ckTDgcGX1REcOfm7CPteufR3KaBx++BDSueUYwoziew + uumErjHVm8f1RXimMpA8KoRzORWNe4y6nX1oKcf9f4pgR1wJ7P0vIO+4mH9Pemvh + XDYoWMyNFvfCuWkT8RQOkN+MR5qIG9jYiEgY9iBiDHi0R/pchyeofTrmQhxres4k + 8ZN2xKtI3YkJu1/D/IpOqKQfhx8V7YfesqiAziYDNV2yAWM1pbw84580rc5Qf8Q9 + 5fYV3EWx1Rp4Cbo3Vd93FXuDp4mVHjQEXtfL6AcjnOCfvGfH4Dph+04U40urw2UF + 9PWEUzAnB5dHTb9RRn8puuEpO8orGEX7rQ0lGkiHsTthQToOGv9Acif4x9rl6Cqz + zbWFgREVDv4c5R8htekegkhFQefqLXvic6pXLCElO5aZxGlJXuZG1gX1gmsu4v7S + UQFB9IGjIyY0pLUhsBfcCgRd4o0cqsNsm8LUALKu/6IIPASpoh7+f/MnZfmRBYoA + mAUxxuvsNM1LZ+QtXL/m89KbCfX6KxtqHcczOtRuQZgfqQ== + =AyOq + -----END PGP MESSAGE----- + fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C + - created_at: "2022-11-28T17:54:02Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA/YLzOYaRIJJARAA2A38A2MYlbHjNbVdZcfwMJdKe7y5xo0eoNt4zCXCGGmz + LQRh5J2dWkxSeic+20n7HTbIMC3e2LqaoTICw/zFyXVB5n4wTiP3gEHDU+hRDPsI + qr88lF5CJC4RD75w/uSGEKIEQ+Mj1xnMJM3J4DNPXvv4NVbE1o0k7ZaJwJlTdC50 + z/9OIzQXCEfrO2QBh1qQTZM80auVYy+K89TYCSdp38lmO4C5w867CEqOhnwQgUK3 + NzgXKcP9IZnouEJWJJbofjL528S+D24GoFAe6QDIz/vlC52qlNNrve89zG0g7IqD + 79f9XKI8HXY7/JCuViKT+jJS+j8G1tBsPtm+xSYUCtFk2lCsr6VV7JkLMxxpcu3K + autBRzQGgB1maJd3HN33UY2K1KivMZoAZOgSVKUF+aGBgXf/s59WEarlpDdak4zS + KpL9WnbieNltK9RfMmspVSeHLZRjiC9G4x8DUhf+bns8pP3XR4EilQGE8BI3UU8D + MNPRQWE7gGhJNevjfbyF1oR6yLEQky4aJqMD1siHFoTU0B4HBCwbbqxHcUv+ygjN + PrwLURVPmyHnc/KAX6vQWWT2xeMDarRle4DwUWBfnud8uNeCIN1LM/f4dQtFuwoW + OqGxCC2WMsNOL85erv9gpNFB2lwbwYhRh563XThXvcESqgq6yYSDD1fNrpGnvlnS + XgELJDqbYEIBLKkQyxZzg9ck1L51eacFRgZDllVBirTOcl+wm7Q6eOMsV3RaYX+c + U3yA4o2hgoBny4DW1j03ItoabAEljPqtYqzHvreNSuMI/WCMnQV3hZFUoILE/lU= + =u2Zh + -----END PGP MESSAGE----- + fp: 91EBE87016391323642A6803B966009D57E69CC6 + - created_at: "2022-11-28T17:54:02Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQEMA1N/l9+zlMQzAQf/WDqdb3bYwCt/0RCQJByrjl+oSW/yU8WAKMgJal8ZBkX/ + VyyVIjF0PB5MaE/2b8rrBKB++ZSqT1ig0gVM+vbDXondJsqi1JnlM5xpqJntwtFo + iPuXZhOmJe20wFuHD3l/lzZlpZqI4lBqeVRR3KVXIQVp8wKiFCax4YzNppLcWtRy + ARnzWu2XJyNDX60VsIC5vMYTps9unB8cwQYSUdLACzQRANy9JgxKNqZ/cEfg8hk2 + hFVTNOqKh4HhFMJvWEuIOjywTPLY8MjvuN2QTxx1W+YLqrMofThM+W/JAL+BcSz3 + 6WekTYcdvh+ogsbVErWxlUaXeumuH2qnhJAWMs5qdtJeARWaK4s8msvks2c7cSny + ss5OHlaIyT1LVpk+rWfupxyPRCDtHfDFQWPFDVircgG6a1nPV+q3AiAzYaNdI53O + cGqxZLgNk5jb34i3hUMtwt4T90BcxtG8wTuFzYRQNA== + =dI4h + -----END PGP MESSAGE----- + fp: 069836A578F7939612DB4934F77D0F7E247A1EE4 + - created_at: "2022-11-28T17:54:02Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQEMA1N/l9+zlMQzAQf5AenNmhmU81r6eWfmf1MxjvOhdxyca2xXyGKqbaG5ec5L + P/h65iUEEcCW7UN7yuxKx6YesjnAsnRdPYwmUTTNF4uYe/4zDMUJOvIDPlWWfJRT + oe5pRBASdRbWMinTlGLk9te96G3dpUsknbNCK5x7q9gzmlPm6qHFobHrJ0o8gvkh + VuJ1cIqYbx55YTrFYHjbzjFP9BkMseVqoSQKemckGzekeCKR24QfHhYt5ruynJXt + 9CP+F0UIRIZmKBVrS2/wZbiezgg4pINtuq8r2Hpos4kgc0KvHjgy6G0oHPpdCAjj + dSMvPemasl34B4pg3JPlNpvhxT1Ssrp7wRBN+CPPH9JeAVrzYrJ3/tIEieDwlO4y + gGDFHi4D+vQA9B14efK7RqLN3mFuZ0ndmBt2cOyMRwb5PFoxZ/HPEmTmVW7ezbya + vMjoLdRtsZqR+TB/JKGSYkjqNH83Gapb6iMU0+brBg== + =x3UT + -----END PGP MESSAGE----- + fp: ED06986DFAAE6A61B751DC2F537F97DFB394C433 + unencrypted_suffix: _unencrypted + version: 3.7.3