mirror of
https://github.com/dump-dvb/nix-config.git
synced 2024-06-17 05:15:30 +02:00
Compare commits
3 Commits
3bd250c79c
...
c2eab31532
Author | SHA1 | Date | |
---|---|---|---|
|
c2eab31532 | ||
|
6851b5b8e3 | ||
|
e4782abefc |
|
@ -171,6 +171,13 @@ creation_rules:
|
|||
- *admin_marenz-2
|
||||
age:
|
||||
- *tram-borzoi
|
||||
- path_regex: secrets/tetra-zw/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *admin_oxa
|
||||
- *admin_revol-xut
|
||||
- *admin_marenz-1
|
||||
- *admin_marenz-2
|
||||
- path_regex: secrets/uranus/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
|
|
21
flake.lock
21
flake.lock
|
@ -692,6 +692,26 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"private-flake-overlays": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1701110565,
|
||||
"narHash": "sha256-OcaeY/Yd26LMrdqrgV7fVGJV1C0orZk902GxqyOskM4=",
|
||||
"owner": "marenz2569",
|
||||
"repo": "private-flake-overlays",
|
||||
"rev": "bc999b4c97f7aefbb33c70fb7f926f829e2dd788",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "marenz2569",
|
||||
"repo": "private-flake-overlays",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"borzoi": "borzoi",
|
||||
|
@ -707,6 +727,7 @@
|
|||
"microvm": "microvm",
|
||||
"naersk": "naersk_4",
|
||||
"nixpkgs": "nixpkgs_6",
|
||||
"private-flake-overlays": "private-flake-overlays",
|
||||
"sops-nix": "sops-nix",
|
||||
"telegram-decoder": "telegram-decoder",
|
||||
"tlms-rs": "tlms-rs_2",
|
||||
|
|
21
flake.nix
21
flake.nix
|
@ -28,6 +28,11 @@
|
|||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
private-flake-overlays = {
|
||||
url = "github:marenz2569/private-flake-overlays";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
## TLMS stuff below
|
||||
trekkie = {
|
||||
url = "github:tlm-solutions/trekkie";
|
||||
|
@ -109,6 +114,7 @@
|
|||
|
||||
outputs =
|
||||
inputs@{ self
|
||||
, private-flake-overlays
|
||||
, borzoi
|
||||
, data-accumulator
|
||||
, datacare
|
||||
|
@ -128,6 +134,7 @@
|
|||
let
|
||||
pkgs = nixpkgs.legacyPackages."x86_64-linux";
|
||||
lib = pkgs.lib;
|
||||
overlayFlake = private-flake-overlays.lib.overlayFlake;
|
||||
|
||||
registry = import ./registry;
|
||||
|
||||
|
@ -244,6 +251,17 @@
|
|||
];
|
||||
};
|
||||
|
||||
tetra-zw = {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = { inherit inputs self; registry = registry.tetra-zw; };
|
||||
modules = [
|
||||
sops-nix.nixosModules.sops
|
||||
|
||||
./modules/TLMS
|
||||
./hosts/tetra-zw
|
||||
];
|
||||
};
|
||||
|
||||
uranus = {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = { inherit inputs self; registry = registry.uranus; };
|
||||
|
@ -257,7 +275,8 @@
|
|||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
# overlays this private flake when in impure mode
|
||||
overlayFlake "git+ssh://git@github.com/tlm-solutions/nix-config-private.git" {
|
||||
inherit unevaluatedNixosConfigurations;
|
||||
|
||||
packages."aarch64-linux".box8 = self.nixosConfigurations.traffic-stop-box-8.config.system.build.sdImage;
|
||||
|
|
|
@ -26,7 +26,7 @@ in
|
|||
let
|
||||
### Autogenerate prometheus scraper config
|
||||
# currently only wireguard-connected machines are getting scraped.
|
||||
filterWgHosts = k: v: !(builtins.isNull v._module.specialArgs.registry.wgAddr4);
|
||||
filterWgHosts = k: v: !(builtins.isNull v._module.specialArgs.registry.wgAddr4 or null);
|
||||
wgHosts = lib.filterAttrs filterWgHosts self.nixosConfigurations;
|
||||
|
||||
# collect active prometheus exporters
|
||||
|
|
27
hosts/tetra-zw/configuration.nix
Normal file
27
hosts/tetra-zw/configuration.nix
Normal file
|
@ -0,0 +1,27 @@
|
|||
{ self, pkgs, config, registry, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
"${self}/hardware/dell-wyse-3040.nix"
|
||||
];
|
||||
|
||||
boot.tmp.useTmpfs = true;
|
||||
|
||||
# reboot 60 seconds after kernel panic
|
||||
boot.kernel.sysctl."kernel.panic" = 60;
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
nix = {
|
||||
settings.build-cores = 1;
|
||||
gc = {
|
||||
automatic = true;
|
||||
dates = "daily";
|
||||
};
|
||||
};
|
||||
|
||||
services.resolved.dnssec = "false";
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
}
|
7
hosts/tetra-zw/default.nix
Normal file
7
hosts/tetra-zw/default.nix
Normal file
|
@ -0,0 +1,7 @@
|
|||
{
|
||||
imports = [
|
||||
./configuration.nix
|
||||
./secrets.nix
|
||||
./wireguard-client.nix
|
||||
];
|
||||
}
|
5
hosts/tetra-zw/secrets.nix
Normal file
5
hosts/tetra-zw/secrets.nix
Normal file
|
@ -0,0 +1,5 @@
|
|||
{ config, self, registry, ... }:
|
||||
{
|
||||
sops.defaultSopsFile = self + /secrets/${registry.hostName}/secrets.yaml;
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
}
|
14
hosts/tetra-zw/wireguard-client.nix
Normal file
14
hosts/tetra-zw/wireguard-client.nix
Normal file
|
@ -0,0 +1,14 @@
|
|||
{ config, lib, registry, ... }:
|
||||
# pubkey of the box goes to registry/default.nix!
|
||||
{
|
||||
networking.useNetworkd = lib.mkForce true;
|
||||
|
||||
sops.secrets.wg-seckey = {
|
||||
owner = config.users.users.systemd-network.name;
|
||||
};
|
||||
|
||||
deployment-TLMS.net.wg = {
|
||||
prefix4 = 24;
|
||||
privateKeyFile = lib.mkDefault config.sops.secrets.wg-seckey.path;
|
||||
};
|
||||
}
|
|
@ -45,4 +45,10 @@
|
|||
port = 8080;
|
||||
};
|
||||
};
|
||||
tetra-zw = {
|
||||
hostName = "tetra-zw";
|
||||
wgAddr4 = "10.13.37.11";
|
||||
wireguardPublicKey = "ksztvj780MFau9YH0hBOL+/PzYb/EaARCUqR+EUIL2o=";
|
||||
publicWireguardEndpoint = null;
|
||||
};
|
||||
}
|
||||
|
|
82
secrets/tetra-zw/secrets.yaml
Normal file
82
secrets/tetra-zw/secrets.yaml
Normal file
|
@ -0,0 +1,82 @@
|
|||
wg-seckey: ENC[AES256_GCM,data:92b1HSuowJkpYo8WRRACDELB+/ldei7ISNHSRpnIdVnNuhL/b+nBg6AYeSI=,iv:I+xmKBa8p6TF5i2XUkKJitOuaKC82cC6XCTYbevAnEc=,tag:NZM6s9UYwR4YqHiWlMpQcg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2023-11-27T15:03:10Z"
|
||||
mac: ENC[AES256_GCM,data:OCLKBHUxUNBZFfOReLa/MRndLTOuFWMhG5f7IiXv/lPwgQbD9Rp97hnlbYmtHeheXO8vhZsiwUe7VO/UEN17G5s2sdRLdQpn/gT1XlvqN2cfZhJ9cPRJl6QQ40cYW0GNDlu8bSPY1WI2V+9nCxoDazJvrv8U4sjTa/jGNnX51pI=,iv:Rbrd9tvodC2ON08BMaJ6IvKPXrO07VcgtkOm3XgHXwE=,tag:GtTJtHoLlTBLfR3RV3UgCw==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-11-27T15:02:48Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA7zUOKwzpAE7AQ//eU1W4XI5YQH/5LniuIF/W0gBJv3jeKlh3QxEUgnBtBRR
|
||||
yrf7tzO+4M3qhjhP2JFuyYvipyZ7hM+RFP2hFjEDjBio/GD+PEJgFZn30W7zOkDc
|
||||
CwK2jRd2t7VnHmy2oQbYMWVtFZkMW6g0nVv+7QXmVlyw+unWV/spgLGI649gvHtK
|
||||
y2QK1Np8YS11Mj6oaz7oJi5WXTRkZDwuIM8YBPNbynbFsRcyHvsVW4HqFXYd4cC7
|
||||
PccEwDIlO3nEsWVsBi5xhzANurzRv1LepBWq2ojaCuB7Mnp7G8SADJ45mbUkMswD
|
||||
CkxO8VFxembH0x815giUC/S+vB3XV74TThP8t1jUkzWWeFroMY8hqscR42yzeIUS
|
||||
5XfaaYU5qqQQyMteiij1jriOxzDiNHQnKPPQPW2spmnQ6njPTmTCmNIC1H9OjF8h
|
||||
StTKzKHILRYLO3Fn9INZrGI/ntPjKks8IjwPxcTjh6wqNsu6SgKWxXuxZUGvIbRj
|
||||
73sQn5r9uI4E/HczGiO3RF/Jcp/btUDHVeWu/nzFseH3H05yJ5ABDllx2VnoHJKT
|
||||
+9ZCb11psqPX7m0DGWNgREtgybRMJxElm8Ke9QvS6rMXmltlrl5kFbfVngcj0kx5
|
||||
zsowKHP119mCTuRfZv+YUPJD2tu1sJAq0H7anB6m6HKOEvYvRdNKk42aw414VZjS
|
||||
UQEZol48PW3DqJjzlBX9bQH0ZL8v6BfFVk6zflTHyS3WLmrUmZHi3atBl6eMrc+A
|
||||
vu8yXYvIwWaOxNUozmwbrNdYxWT4LPrCFI+9q52vqMaG3Q==
|
||||
=JfFt
|
||||
-----END PGP MESSAGE-----
|
||||
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
||||
- created_at: "2023-11-27T15:02:48Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA/YLzOYaRIJJAQ//Tp/AENqZMJjyAyp5IzAgVATmoRpB7expbKSr0JCYfcio
|
||||
aJepbsSzKyauYu53+brUYa7kj+VjduGiCaXr0DCewMpohZj54gBDDnj8/XNTjesL
|
||||
R6BgSgCm14abvvs++yR7Q8aIxeua0V+i5jYLM5U/CICFRFhKVJvkHtEabNfyG7Hu
|
||||
FDCxdqOdm78uKvDW7NMrnu7ixfRsS5my+c+NFuWYFsda8xloM5iTPHMjx0S+7acB
|
||||
F2LZCff5N6f0QvPtlrxj5nD5aQnMql93maSFsKYoKi/o6MMb75qtSYfWUeVl/fu0
|
||||
JFK+pcsJmqsHtrLSv1UniCfqe5MGN6AzS49QGgoTmYZLC2DyNNRbG+ISRs14KJAE
|
||||
wJ3rfSQuVHKYN/2P+dmAi5w4aRea0pIrLYtQNqLYNBqH45IFVgSslDA7GL56epco
|
||||
wI3Wc1uxQPWS7EODOBKPebA3u+Hxu49i/8bCYk5Pgkp8w6dTm5Ok2i4tc60pBwIA
|
||||
Yjp9GPjfF+ld0vgG1NPz+fxx/TH9zzkhg/MvDgtJvYlpG/SnB8F6WxJ7oKZrk4I8
|
||||
NuInneZjit2U2Dxk2BCYS2yUI0aitivzIS/41xuCCmCWDC3h/+6Tg/DaXElLH7Oo
|
||||
sMY4hAXYaB8TxLakHJRs9/Rl2HCi+m9cTN3ygscmVT/aFMCScuO6MkUxIPc+ZBLS
|
||||
UQFHogD3IiDvySf9Tc8kkBysIA7nUHNwUTr9Q/QKAUXnInxZANuYa5Uqapqn/W+w
|
||||
GdfL2pry3DF1hz1oBEsc2z+l0hww9hzHscJ1jrE/GwVRXA==
|
||||
=jk+v
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||
- created_at: "2023-11-27T15:02:48Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA1N/l9+zlMQzAQf/UbfrpOO9me+hJTy36IIJUoU90CKRJCf9IRfeFXVKok1F
|
||||
4zIFtYkj1ioSVYkm2cJ64pVirIEVgTPeuitc3dATfHsu0Y08hHeCQMs9DiaYzXy2
|
||||
/VTau11c87ZBoDm9pLWij/MsCFwi3WGa1UALCunKEtPV3Ljp39+NRu8y3OyOZHjN
|
||||
ktHY0MEntjCzmD8BXx5bkOQ6pOFoKPFY92150Csl73Nnn232Vsaff4ZwStt2FONP
|
||||
xcXjWdQKH24WigNG/gLa4MMT6grwGkuy08XTkr3cwPMPpekOboDdH+5GsDBkA8jU
|
||||
LCQ+bVAo/ChtqdD4OOGpxcECr2CuczWLYsyktJaIb9JeAd6KyTBugKmMEV9WxpKm
|
||||
9l33mLVTpg77qFlKf0Y/axo0eIp7EQqxlpbiQuRZu2aM4s/a3uZ3OLnrVexvSQ1X
|
||||
5PLZyfkx+TO26/YRCkMxht1Uql08wzWMqZGDglpMTw==
|
||||
=jhUj
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 069836A578F7939612DB4934F77D0F7E247A1EE4
|
||||
- created_at: "2023-11-27T15:02:48Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA1N/l9+zlMQzAQf/ZuCGHKsISv+rSeUfayaYBxCWYAIHbx5vVg0ydtq8tWar
|
||||
U6T0A3cergkfZfIX/trsWQqI/TVkc6UL8MDBnOZEYy0qd07tDL+OUlwX6UI7IO+K
|
||||
bth8nkTnVthnjCUh4a6VSt4ZeeiYCKJb+ndLDr9Z6qwCRE5cJXDX7NUOJVC7fkOP
|
||||
ae/UvFrqppH8JVw/7LZKIu+w6mp7z736cs/o+AhHRuqGnCiNPqF0d7LF8qCpFX07
|
||||
hwHCkl6CMc8MCoLQsa3mdzhaNpJWU/qkQ7h1S73W8g3wtv7Dpi9kTNhJ1lT+wZKp
|
||||
MWBvrHJgHaaSVDCNJq7PLUqoxavL0ul9G0tVYrMLttJeAZ76OKiO1i3JCU1JymOT
|
||||
sX3pVzE8MBlDcrpRDQJ4c7/LBPX6qAhnxvyZHawARUWNH2UtVA9ceCW11Jqk+Owg
|
||||
W4FcSvBnXpb0LG0i4qozXvxfAwWm6Hu57Pbqm/YOGw==
|
||||
=/DPb
|
||||
-----END PGP MESSAGE-----
|
||||
fp: ED06986DFAAE6A61B751DC2F537F97DFB394C433
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
Loading…
Reference in New Issue
Block a user