forked from c3d2/nix-config
dn42: flakify
This commit is contained in:
parent
7285b458cc
commit
4633b71ca9
|
@ -57,11 +57,11 @@
|
||||||
},
|
},
|
||||||
"secrets": {
|
"secrets": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1615329773,
|
"lastModified": 1615474462,
|
||||||
"narHash": "sha256-AxW1lvjEkBoLmJECdZEb+EAUOq/iAQGx/B0gkxUiY4c=",
|
"narHash": "sha256-fuRO3+iHXzU8Gqjui+BO2Abx9PttTrXh7XtHAkMX6aA=",
|
||||||
"ref": "master",
|
"ref": "master",
|
||||||
"rev": "07639fa938722fbf7f74dce5e08efa3bcfe2e465",
|
"rev": "7047060f6a79ec6a4c1b2046ba476512aad63667",
|
||||||
"revCount": 85,
|
"revCount": 89,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git"
|
"url": "ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git"
|
||||||
},
|
},
|
||||||
|
|
13
flake.nix
13
flake.nix
|
@ -71,6 +71,8 @@
|
||||||
matemat-nixos-rebuild = mkDeploy "matemat" hostRegistry.hosts.matemat.ip4;
|
matemat-nixos-rebuild = mkDeploy "matemat" hostRegistry.hosts.matemat.ip4;
|
||||||
|
|
||||||
scrape-nixos-rebuild = mkDeploy "scrape" hostRegistry.hosts.scrape.ip4;
|
scrape-nixos-rebuild = mkDeploy "scrape" hostRegistry.hosts.scrape.ip4;
|
||||||
|
|
||||||
|
dn42-nixos-rebuild = mkDeploy "dn42" hostRegistry.hosts.dn42.ip4;
|
||||||
});
|
});
|
||||||
|
|
||||||
nixosConfigurations = let
|
nixosConfigurations = let
|
||||||
|
@ -166,6 +168,17 @@
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
dn42 = nixosSystem' {
|
||||||
|
modules = [
|
||||||
|
./lib/lxc-container.nix
|
||||||
|
./hosts/containers/dn42
|
||||||
|
({ ... }: {
|
||||||
|
nixpkgs.overlays = [ secrets.overlays.dn42 ];
|
||||||
|
})
|
||||||
|
];
|
||||||
|
system = "x86_64-linux";
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
nixosModules.c3d2 = import ./lib;
|
nixosModules.c3d2 = import ./lib;
|
||||||
|
|
|
@ -92,6 +92,10 @@ rec {
|
||||||
publicKey =
|
publicKey =
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGxPgg6nswoij1fBzDPDu6h4+d458XL2+dBxAx9KVOh";
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGxPgg6nswoij1fBzDPDu6h4+d458XL2+dBxAx9KVOh";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
dn42 = {
|
||||||
|
ip4 = "172.22.99.253";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
hqGlobal = builtins.attrNames hosts;
|
hqGlobal = builtins.attrNames hosts;
|
||||||
|
|
|
@ -3,14 +3,8 @@
|
||||||
let
|
let
|
||||||
address4 = "172.22.99.253";
|
address4 = "172.22.99.253";
|
||||||
address6 = "fe80::deca:fbad";
|
address6 = "fe80::deca:fbad";
|
||||||
neighbors = import ../../../secrets/hosts/dn42/neighbors.nix;
|
neighbors = pkgs.neighbors;
|
||||||
in {
|
in {
|
||||||
imports = [
|
|
||||||
../../../lib/lxc-container.nix
|
|
||||||
../../../lib/shared.nix
|
|
||||||
../../../lib/admins.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
networking.hostName = "dn42";
|
networking.hostName = "dn42";
|
||||||
# networking.defaultGateway6 = {
|
# networking.defaultGateway6 = {
|
||||||
# address = "2a02:8106:208:5201::c3d2:4";
|
# address = "2a02:8106:208:5201::c3d2:4";
|
||||||
|
@ -44,9 +38,6 @@ in {
|
||||||
'';
|
'';
|
||||||
services.openvpn = let
|
services.openvpn = let
|
||||||
openvpnNeighbors = lib.filterAttrs (_: conf: conf ? openvpn) neighbors;
|
openvpnNeighbors = lib.filterAttrs (_: conf: conf ? openvpn) neighbors;
|
||||||
keyfile = name:
|
|
||||||
builtins.toFile "${name}.key" (builtins.readFile
|
|
||||||
(../../../secrets/hosts/dn42/openvpn + "/${name}.key"));
|
|
||||||
mkServer = name: conf: {
|
mkServer = name: conf: {
|
||||||
config = ''
|
config = ''
|
||||||
dev ${name}
|
dev ${name}
|
||||||
|
@ -60,7 +51,7 @@ in {
|
||||||
ping-restart 45
|
ping-restart 45
|
||||||
verb 1
|
verb 1
|
||||||
${conf.openvpn}
|
${conf.openvpn}
|
||||||
secret ${keyfile name}
|
secret ${pkgs.openvpn-keyfile name}
|
||||||
'';
|
'';
|
||||||
up = ''
|
up = ''
|
||||||
${pkgs.iproute}/bin/ip addr flush dev $1
|
${pkgs.iproute}/bin/ip addr flush dev $1
|
Loading…
Reference in New Issue
Block a user