dump-dvb/nix-config
dump-dvb
/
nix-config
mirror of https://github.com/dump-dvb/nix-config.git
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

add private-flakes-overlay. start to add tetra-zw

This commit is contained in:
Markus Schmidl 2023-11-27 16:08:17 +01:00
parent 3bd250c79c
commit e4782abefc
9 changed files with 189 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.sops.yaml
View File

@ -171,6 +171,13 @@ creation_rules:
- *admin_marenz-2
age:
- *tram-borzoi
- path_regex: secrets/tetra-zw/[^/]+\.yaml$
key_groups:
- pgp:
- *admin_oxa
- *admin_revol-xut
- *admin_marenz-1
- *admin_marenz-2
- path_regex: secrets/uranus/[^/]+\.yaml$
key_groups:
- pgp:

21
flake.lock
View File

@ -692,6 +692,26 @@
"type": "github"
}
},
"private-flake-overlays": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1701088629,
"narHash": "sha256-Xgb2lX35f+XILc++Y4fmTgZttPTi5MKQBMbOIAjWX4Y=",
"owner": "marenz2569",
"repo": "private-flake-overlays",
"rev": "316f9c9f3d79ccc52f8148b616789c38348cb58e",
"type": "github"
},
"original": {
"owner": "marenz2569",
"repo": "private-flake-overlays",
"type": "github"
}
},
"root": {
"inputs": {
"borzoi": "borzoi",
@ -707,6 +727,7 @@
"microvm": "microvm",
"naersk": "naersk_4",
"nixpkgs": "nixpkgs_6",
"private-flake-overlays": "private-flake-overlays",
"sops-nix": "sops-nix",
"telegram-decoder": "telegram-decoder",
"tlms-rs": "tlms-rs_2",

21
flake.nix
View File

@ -28,6 +28,11 @@
inputs.nixpkgs.follows = "nixpkgs";
};
private-flake-overlays = {
url = "github:marenz2569/private-flake-overlays";
inputs.nixpkgs.follows = "nixpkgs";
};
## TLMS stuff below
trekkie = {
url = "github:tlm-solutions/trekkie";
@ -109,6 +114,7 @@
outputs =
inputs@{ self
, private-flake-overlays
, borzoi
, data-accumulator
, datacare
@ -128,6 +134,7 @@
let
pkgs = nixpkgs.legacyPackages."x86_64-linux";
lib = pkgs.lib;
overlayFlake = private-flake-overlays.lib.overlayFlake;
registry = import ./registry;
@ -244,6 +251,17 @@
];
};
tetra-zw = {
system = "x86_64-linux";
specialArgs = { inherit inputs self; registry = registry.tetra-zw; };
modules = [
sops-nix.nixosModules.sops
./modules/TLMS
./hosts/tetra-zw
];
};
uranus = {
system = "x86_64-linux";
specialArgs = { inherit inputs self; registry = registry.uranus; };
@ -257,7 +275,8 @@
};
};
in
{
# overlays this private flake when in impure mode
overlayFlake "git+ssh://git@github.com/tlm-solutions/nix-config-private.git" {
inherit unevaluatedNixosConfigurations;
packages."aarch64-linux".box8 = self.nixosConfigurations.traffic-stop-box-8.config.system.build.sdImage;

27
hosts/tetra-zw/configuration.nix Normal file
View File

@ -0,0 +1,27 @@
{ self, pkgs, config, registry, ... }:
{
imports = [
"${self}/hardware/dell-wyse-3040.nix"
];
boot.tmp.useTmpfs = true;
# reboot 60 seconds after kernel panic
boot.kernel.sysctl."kernel.panic" = 60;
# Set your time zone.
time.timeZone = "Europe/Berlin";
nix = {
settings.build-cores = 1;
gc = {
automatic = true;
dates = "daily";
};
};
services.resolved.dnssec = "false";
system.stateVersion = "23.05";
}

7
hosts/tetra-zw/default.nix Normal file
View File

@ -0,0 +1,7 @@
{
imports = [
./configuration.nix
./secrets.nix
./wireguard-client.nix
];
}

5
hosts/tetra-zw/secrets.nix Normal file
View File

@ -0,0 +1,5 @@
{ config, self, registry, ... }:
{
sops.defaultSopsFile = self + /secrets/${registry.hostName}/secrets.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
}

14
hosts/tetra-zw/wireguard-client.nix Normal file
View File

@ -0,0 +1,14 @@
{ config, lib, registry, ... }:
# pubkey of the box goes to registry/default.nix!
{
networking.useNetworkd = lib.mkForce true;
sops.secrets.wg-seckey = {
owner = config.users.users.systemd-network.name;
};
deployment-TLMS.net.wg = {
prefix4 = 24;
privateKeyFile = lib.mkDefault config.sops.secrets.wg-seckey.path;
};
}

6
registry/default.nix
View File

@ -45,4 +45,10 @@
port = 8080;
};
};
tetra-zw = {
hostName = "tetra-zw";
wgAddr4 = "10.13.37.11";
wireguardPublicKey = "ksztvj780MFau9YH0hBOL+/PzYb/EaARCUqR+EUIL2o=";
publicWireguardEndpoint = null;
};
}

82
secrets/tetra-zw/secrets.yaml Normal file
View File

@ -0,0 +1,82 @@
wg-seckey: ENC[AES256_GCM,data:92b1HSuowJkpYo8WRRACDELB+/ldei7ISNHSRpnIdVnNuhL/b+nBg6AYeSI=,iv:I+xmKBa8p6TF5i2XUkKJitOuaKC82cC6XCTYbevAnEc=,tag:NZM6s9UYwR4YqHiWlMpQcg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2023-11-27T15:03:10Z"
mac: ENC[AES256_GCM,data:OCLKBHUxUNBZFfOReLa/MRndLTOuFWMhG5f7IiXv/lPwgQbD9Rp97hnlbYmtHeheXO8vhZsiwUe7VO/UEN17G5s2sdRLdQpn/gT1XlvqN2cfZhJ9cPRJl6QQ40cYW0GNDlu8bSPY1WI2V+9nCxoDazJvrv8U4sjTa/jGNnX51pI=,iv:Rbrd9tvodC2ON08BMaJ6IvKPXrO07VcgtkOm3XgHXwE=,tag:GtTJtHoLlTBLfR3RV3UgCw==,type:str]
pgp:
- created_at: "2023-11-27T15:02:48Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA7zUOKwzpAE7AQ//eU1W4XI5YQH/5LniuIF/W0gBJv3jeKlh3QxEUgnBtBRR
yrf7tzO+4M3qhjhP2JFuyYvipyZ7hM+RFP2hFjEDjBio/GD+PEJgFZn30W7zOkDc
CwK2jRd2t7VnHmy2oQbYMWVtFZkMW6g0nVv+7QXmVlyw+unWV/spgLGI649gvHtK
y2QK1Np8YS11Mj6oaz7oJi5WXTRkZDwuIM8YBPNbynbFsRcyHvsVW4HqFXYd4cC7
PccEwDIlO3nEsWVsBi5xhzANurzRv1LepBWq2ojaCuB7Mnp7G8SADJ45mbUkMswD
CkxO8VFxembH0x815giUC/S+vB3XV74TThP8t1jUkzWWeFroMY8hqscR42yzeIUS
5XfaaYU5qqQQyMteiij1jriOxzDiNHQnKPPQPW2spmnQ6njPTmTCmNIC1H9OjF8h
StTKzKHILRYLO3Fn9INZrGI/ntPjKks8IjwPxcTjh6wqNsu6SgKWxXuxZUGvIbRj
73sQn5r9uI4E/HczGiO3RF/Jcp/btUDHVeWu/nzFseH3H05yJ5ABDllx2VnoHJKT
+9ZCb11psqPX7m0DGWNgREtgybRMJxElm8Ke9QvS6rMXmltlrl5kFbfVngcj0kx5
zsowKHP119mCTuRfZv+YUPJD2tu1sJAq0H7anB6m6HKOEvYvRdNKk42aw414VZjS
UQEZol48PW3DqJjzlBX9bQH0ZL8v6BfFVk6zflTHyS3WLmrUmZHi3atBl6eMrc+A
vu8yXYvIwWaOxNUozmwbrNdYxWT4LPrCFI+9q52vqMaG3Q==
=JfFt
-----END PGP MESSAGE-----
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
- created_at: "2023-11-27T15:02:48Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA/YLzOYaRIJJAQ//Tp/AENqZMJjyAyp5IzAgVATmoRpB7expbKSr0JCYfcio
aJepbsSzKyauYu53+brUYa7kj+VjduGiCaXr0DCewMpohZj54gBDDnj8/XNTjesL
R6BgSgCm14abvvs++yR7Q8aIxeua0V+i5jYLM5U/CICFRFhKVJvkHtEabNfyG7Hu
FDCxdqOdm78uKvDW7NMrnu7ixfRsS5my+c+NFuWYFsda8xloM5iTPHMjx0S+7acB
F2LZCff5N6f0QvPtlrxj5nD5aQnMql93maSFsKYoKi/o6MMb75qtSYfWUeVl/fu0
JFK+pcsJmqsHtrLSv1UniCfqe5MGN6AzS49QGgoTmYZLC2DyNNRbG+ISRs14KJAE
wJ3rfSQuVHKYN/2P+dmAi5w4aRea0pIrLYtQNqLYNBqH45IFVgSslDA7GL56epco
wI3Wc1uxQPWS7EODOBKPebA3u+Hxu49i/8bCYk5Pgkp8w6dTm5Ok2i4tc60pBwIA
Yjp9GPjfF+ld0vgG1NPz+fxx/TH9zzkhg/MvDgtJvYlpG/SnB8F6WxJ7oKZrk4I8
NuInneZjit2U2Dxk2BCYS2yUI0aitivzIS/41xuCCmCWDC3h/+6Tg/DaXElLH7Oo
sMY4hAXYaB8TxLakHJRs9/Rl2HCi+m9cTN3ygscmVT/aFMCScuO6MkUxIPc+ZBLS
UQFHogD3IiDvySf9Tc8kkBysIA7nUHNwUTr9Q/QKAUXnInxZANuYa5Uqapqn/W+w
GdfL2pry3DF1hz1oBEsc2z+l0hww9hzHscJ1jrE/GwVRXA==
=jk+v
-----END PGP MESSAGE-----
fp: 91EBE87016391323642A6803B966009D57E69CC6
- created_at: "2023-11-27T15:02:48Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQEMA1N/l9+zlMQzAQf/UbfrpOO9me+hJTy36IIJUoU90CKRJCf9IRfeFXVKok1F
4zIFtYkj1ioSVYkm2cJ64pVirIEVgTPeuitc3dATfHsu0Y08hHeCQMs9DiaYzXy2
/VTau11c87ZBoDm9pLWij/MsCFwi3WGa1UALCunKEtPV3Ljp39+NRu8y3OyOZHjN
ktHY0MEntjCzmD8BXx5bkOQ6pOFoKPFY92150Csl73Nnn232Vsaff4ZwStt2FONP
xcXjWdQKH24WigNG/gLa4MMT6grwGkuy08XTkr3cwPMPpekOboDdH+5GsDBkA8jU
LCQ+bVAo/ChtqdD4OOGpxcECr2CuczWLYsyktJaIb9JeAd6KyTBugKmMEV9WxpKm
9l33mLVTpg77qFlKf0Y/axo0eIp7EQqxlpbiQuRZu2aM4s/a3uZ3OLnrVexvSQ1X
5PLZyfkx+TO26/YRCkMxht1Uql08wzWMqZGDglpMTw==
=jhUj
-----END PGP MESSAGE-----
fp: 069836A578F7939612DB4934F77D0F7E247A1EE4
- created_at: "2023-11-27T15:02:48Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQEMA1N/l9+zlMQzAQf/ZuCGHKsISv+rSeUfayaYBxCWYAIHbx5vVg0ydtq8tWar
U6T0A3cergkfZfIX/trsWQqI/TVkc6UL8MDBnOZEYy0qd07tDL+OUlwX6UI7IO+K
bth8nkTnVthnjCUh4a6VSt4ZeeiYCKJb+ndLDr9Z6qwCRE5cJXDX7NUOJVC7fkOP
ae/UvFrqppH8JVw/7LZKIu+w6mp7z736cs/o+AhHRuqGnCiNPqF0d7LF8qCpFX07
hwHCkl6CMc8MCoLQsa3mdzhaNpJWU/qkQ7h1S73W8g3wtv7Dpi9kTNhJ1lT+wZKp
MWBvrHJgHaaSVDCNJq7PLUqoxavL0ul9G0tVYrMLttJeAZ76OKiO1i3JCU1JymOT
sX3pVzE8MBlDcrpRDQJ4c7/LBPX6qAhnxvyZHawARUWNH2UtVA9ceCW11Jqk+Owg
W4FcSvBnXpb0LG0i4qozXvxfAwWm6Hu57Pbqm/YOGw==
=/DPb
-----END PGP MESSAGE-----
fp: ED06986DFAAE6A61B751DC2F537F97DFB394C433
unencrypted_suffix: _unencrypted
version: 3.7.3