forked from pub-solar/infra
Merge pull request 'ci: add self-hosted runner tankstelle' (#198) from feat/add-tankstelle into main
Reviewed-on: pub-solar/infra#198 Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
This commit is contained in:
commit
6d8d34123f
|
@ -1,51 +1,13 @@
|
||||||
name: Flake checks
|
name: Flake checks
|
||||||
on: [pull_request]
|
on: [pull_request]
|
||||||
env:
|
|
||||||
USER: ci
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
Check:
|
Check:
|
||||||
runs-on: ubuntu-latest
|
runs-on: self-hosted
|
||||||
steps:
|
steps:
|
||||||
- name: Check out repository code
|
- name: Check out repository code
|
||||||
uses: https://code.forgejo.org/actions/checkout@v4
|
uses: https://code.forgejo.org/actions/checkout@v4
|
||||||
|
|
||||||
- uses: https://github.com/nixbuild/nix-quick-install-action@v27
|
|
||||||
with:
|
|
||||||
load_nixConfig: false
|
|
||||||
nix_conf: |
|
|
||||||
substituters = https://cache.nixos.org/ https://nix-community.cachix.org
|
|
||||||
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=
|
|
||||||
keep-outputs = true
|
|
||||||
|
|
||||||
- name: Calculate flake.lock hash
|
|
||||||
id: flake-lock-hash
|
|
||||||
run: |
|
|
||||||
echo "hash=$(md5sum flake.lock | awk '{print $1}')" >> $GITHUB_OUTPUT
|
|
||||||
|
|
||||||
- name: Restore and cache Nix store
|
|
||||||
uses: https://github.com/nix-community/cache-nix-action@v4.0.3
|
|
||||||
id: nix-store-cache
|
|
||||||
with:
|
|
||||||
key: cache-${{ runner.os }}-nix-store-${{ steps.flake-lock-hash.outputs.hash }}
|
|
||||||
restore-keys: |
|
|
||||||
cache-${{ runner.os }}-nix-store-
|
|
||||||
|
|
||||||
gc-linux: true
|
|
||||||
gc-max-store-size-linux: 10000000000
|
|
||||||
|
|
||||||
purge-caches: true
|
|
||||||
purge-key: cache-${{ runner.os }}-nix-store-
|
|
||||||
purge-created: true
|
|
||||||
purge-created-max-age: 42
|
|
||||||
|
|
||||||
- name: Prepare cachix
|
|
||||||
uses: https://github.com/cachix/cachix-action@v14
|
|
||||||
with:
|
|
||||||
name: pub-solar
|
|
||||||
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
|
|
||||||
useDaemon: false
|
|
||||||
|
|
||||||
- name: Check formatting
|
- name: Check formatting
|
||||||
run: |
|
run: |
|
||||||
nix --accept-flake-config --access-tokens '' develop --command treefmt --fail-on-change
|
nix --accept-flake-config --access-tokens '' develop --command treefmt --fail-on-change
|
||||||
|
@ -54,6 +16,8 @@ jobs:
|
||||||
run: |
|
run: |
|
||||||
set -exuo pipefail
|
set -exuo pipefail
|
||||||
# Prevent cache garbage collection by creating GC roots
|
# Prevent cache garbage collection by creating GC roots
|
||||||
|
mkdir -p /var/lib/gitea-runner/tankstelle/.local/state/nix/results
|
||||||
|
|
||||||
for target in $(nix flake show --json --all-systems | jq '
|
for target in $(nix flake show --json --all-systems | jq '
|
||||||
.["nixosConfigurations"] |
|
.["nixosConfigurations"] |
|
||||||
to_entries[] |
|
to_entries[] |
|
||||||
|
@ -61,7 +25,7 @@ jobs:
|
||||||
' | tr -d '"'
|
' | tr -d '"'
|
||||||
); do
|
); do
|
||||||
nix --print-build-logs --verbose --accept-flake-config --access-tokens '' \
|
nix --print-build-logs --verbose --accept-flake-config --access-tokens '' \
|
||||||
build --out-link ./result-"$target" ".#nixosConfigurations.${target}.config.system.build.toplevel"
|
build --out-link /var/lib/gitea-runner/tankstelle/.local/state/nix/results/"$target" ".#nixosConfigurations.${target}.config.system.build.toplevel"
|
||||||
done
|
done
|
||||||
|
|
||||||
nix --print-build-logs --verbose --accept-flake-config --access-tokens '' flake check
|
nix --print-build-logs --verbose --accept-flake-config --access-tokens '' flake check
|
||||||
|
|
|
@ -91,6 +91,7 @@
|
||||||
jq
|
jq
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
devShells.ci = pkgs.mkShell { buildInputs = with pkgs; [ nodejs ]; };
|
||||||
};
|
};
|
||||||
|
|
||||||
flake =
|
flake =
|
||||||
|
@ -122,6 +123,10 @@
|
||||||
hostname = "10.7.6.2";
|
hostname = "10.7.6.2";
|
||||||
sshUser = username;
|
sshUser = username;
|
||||||
};
|
};
|
||||||
|
tankstelle = {
|
||||||
|
hostname = "80.244.242.5";
|
||||||
|
sshUser = username;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -58,6 +58,16 @@
|
||||||
self.nixosModules.loki
|
self.nixosModules.loki
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
tankstelle = self.nixos-flake.lib.mkLinuxSystem {
|
||||||
|
imports = [
|
||||||
|
self.inputs.agenix.nixosModules.default
|
||||||
|
self.nixosModules.home-manager
|
||||||
|
./tankstelle
|
||||||
|
self.nixosModules.overlays
|
||||||
|
self.nixosModules.core
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,6 +28,15 @@
|
||||||
"fd00:fae:fae:fae:fae:2::/96"
|
"fd00:fae:fae:fae:fae:2::/96"
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
# tankstelle.pub.solar
|
||||||
|
endpoint = "80.244.242.5:51820";
|
||||||
|
publicKey = "iRTlY1lB7nPXf2eXzX8ZZDkfMmXyGjff5/joccbP8Cg=";
|
||||||
|
allowedIPs = [
|
||||||
|
"10.7.6.4/32"
|
||||||
|
"fd00:fae:fae:fae:fae:4::/96"
|
||||||
|
];
|
||||||
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
13
hosts/tankstelle/backups.nix
Normal file
13
hosts/tankstelle/backups.nix
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{ flake, ... }:
|
||||||
|
{
|
||||||
|
age.secrets."restic-repo-droppie" = {
|
||||||
|
file = "${flake.self}/secrets/restic-repo-droppie.age";
|
||||||
|
mode = "400";
|
||||||
|
owner = "root";
|
||||||
|
};
|
||||||
|
age.secrets."restic-repo-storagebox" = {
|
||||||
|
file = "${flake.self}/secrets/restic-repo-storagebox.age";
|
||||||
|
mode = "400";
|
||||||
|
owner = "root";
|
||||||
|
};
|
||||||
|
}
|
16
hosts/tankstelle/configuration.nix
Normal file
16
hosts/tankstelle/configuration.nix
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
{
|
||||||
|
flake,
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
|
imports = [ ./hardware-configuration.nix ];
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||||
|
|
||||||
|
system.stateVersion = "23.11";
|
||||||
|
}
|
13
hosts/tankstelle/default.nix
Normal file
13
hosts/tankstelle/default.nix
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{ flake, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./hardware-configuration.nix
|
||||||
|
./configuration.nix
|
||||||
|
|
||||||
|
./networking.nix
|
||||||
|
./forgejo-actions-runner.nix
|
||||||
|
./wireguard.nix
|
||||||
|
#./backups.nix
|
||||||
|
];
|
||||||
|
}
|
62
hosts/tankstelle/forgejo-actions-runner.nix
Normal file
62
hosts/tankstelle/forgejo-actions-runner.nix
Normal file
|
@ -0,0 +1,62 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
flake,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
|
age.secrets.tankstelle-forgejo-actions-runner-token = {
|
||||||
|
file = "${flake.self}/secrets/tankstelle-forgejo-actions-runner-token.age";
|
||||||
|
mode = "440";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Trust docker bridge interface traffic
|
||||||
|
# Needed for the docker runner to communicate with the act_runner cache
|
||||||
|
networking.firewall.trustedInterfaces = [ "br-+" ];
|
||||||
|
|
||||||
|
users.users.gitea-runner = {
|
||||||
|
home = "/var/lib/gitea-runner/tankstelle";
|
||||||
|
useDefaultShell = true;
|
||||||
|
group = "gitea-runner";
|
||||||
|
# Required to interact with nix daemon
|
||||||
|
extraGroups = [ "wheel" ];
|
||||||
|
isSystemUser = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.groups.gitea-runner = { };
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [ "d '/var/lib/gitea-runner' 0750 gitea-runner gitea-runner - -" ];
|
||||||
|
|
||||||
|
systemd.services."gitea-runner-tankstelle" = {
|
||||||
|
serviceConfig.DynamicUser = lib.mkForce false;
|
||||||
|
path = with pkgs; [
|
||||||
|
coreutils
|
||||||
|
bash
|
||||||
|
coreutils
|
||||||
|
curl
|
||||||
|
gawk
|
||||||
|
gitMinimal
|
||||||
|
gnused
|
||||||
|
nodejs
|
||||||
|
wget
|
||||||
|
cachix
|
||||||
|
jq
|
||||||
|
nix
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
# forgejo actions runner
|
||||||
|
# https://forgejo.org/docs/latest/admin/actions/
|
||||||
|
# https://docs.gitea.com/usage/actions/quickstart
|
||||||
|
services.gitea-actions-runner = {
|
||||||
|
package = pkgs.forgejo-runner;
|
||||||
|
instances."tankstelle" = {
|
||||||
|
enable = true;
|
||||||
|
name = config.networking.hostName;
|
||||||
|
url = "https://git.pub.solar";
|
||||||
|
tokenFile = config.age.secrets.tankstelle-forgejo-actions-runner-token.path;
|
||||||
|
labels = [ "self-hosted:host://-self-hosted" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
41
hosts/tankstelle/hardware-configuration.nix
Normal file
41
hosts/tankstelle/hardware-configuration.nix
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
modulesPath,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [
|
||||||
|
"ahci"
|
||||||
|
"xhci_pci"
|
||||||
|
"virtio_pci"
|
||||||
|
"sr_mod"
|
||||||
|
"virtio_blk"
|
||||||
|
];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/disk/by-uuid/17531ffc-46bd-4259-8287-2dea73804b5b";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/disk/by-uuid/AF98-AA5C";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [ { device = "/dev/disk/by-uuid/7aee04b5-1ef9-43de-acb4-70ac1238b58a"; } ];
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||||
|
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
42
hosts/tankstelle/networking.nix
Normal file
42
hosts/tankstelle/networking.nix
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
flake,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
|
networking = {
|
||||||
|
hostName = "tankstelle";
|
||||||
|
domain = "pub.solar";
|
||||||
|
enableIPv6 = true;
|
||||||
|
defaultGateway = {
|
||||||
|
address = "80.244.242.1";
|
||||||
|
interface = "enp1s0";
|
||||||
|
};
|
||||||
|
defaultGateway6 = {
|
||||||
|
address = "2001:4d88:1ffa:26::1";
|
||||||
|
interface = "enp1s0";
|
||||||
|
};
|
||||||
|
nameservers = [
|
||||||
|
"95.129.51.51"
|
||||||
|
"80.244.244.244"
|
||||||
|
];
|
||||||
|
interfaces."enp1s0" = {
|
||||||
|
ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "80.244.242.5";
|
||||||
|
prefixLength = 29;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
ipv6.addresses = [
|
||||||
|
{
|
||||||
|
address = "2001:4d88:1ffa:26::5";
|
||||||
|
prefixLength = 64;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# TODO: ssh via wireguard only
|
||||||
|
services.openssh.openFirewall = true;
|
||||||
|
}
|
45
hosts/tankstelle/wireguard.nix
Normal file
45
hosts/tankstelle/wireguard.nix
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
flake,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
|
networking.firewall.allowedUDPPorts = [ 51820 ];
|
||||||
|
|
||||||
|
age.secrets.wg-private-key.file = "${flake.self}/secrets/tankstelle-wg-private-key.age";
|
||||||
|
|
||||||
|
networking.wireguard.interfaces = {
|
||||||
|
wg-ssh = {
|
||||||
|
listenPort = 51820;
|
||||||
|
mtu = 1300;
|
||||||
|
ips = [
|
||||||
|
"10.7.6.4/32"
|
||||||
|
"fd00:fae:fae:fae:fae:4::/96"
|
||||||
|
];
|
||||||
|
privateKeyFile = config.age.secrets.wg-private-key.path;
|
||||||
|
peers = flake.self.logins.admins.wireguardDevices ++ [
|
||||||
|
{
|
||||||
|
# nachtigall.pub.solar
|
||||||
|
endpoint = "138.201.80.102:51820";
|
||||||
|
publicKey = "qzNywKY9RvqTnDO8eLik75/SHveaSk9OObilDzv+xkk=";
|
||||||
|
allowedIPs = [
|
||||||
|
"10.7.6.1/32"
|
||||||
|
"fd00:fae:fae:fae:fae:1::/96"
|
||||||
|
];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
#services.openssh.listenAddresses = [
|
||||||
|
# {
|
||||||
|
# addr = "10.7.6.4";
|
||||||
|
# port = 22;
|
||||||
|
# }
|
||||||
|
# {
|
||||||
|
# addr = "[fd00:fae:fae:fae:fae:4::]";
|
||||||
|
# port = 22;
|
||||||
|
# }
|
||||||
|
#];
|
||||||
|
}
|
|
@ -3,6 +3,7 @@ let
|
||||||
|
|
||||||
nachtigall-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7G0ufi+MNvaAZLDgpieHrABPGN7e/kD5kMFwSk4ABj root@nachtigall";
|
nachtigall-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7G0ufi+MNvaAZLDgpieHrABPGN7e/kD5kMFwSk4ABj root@nachtigall";
|
||||||
flora-6-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP1InpTBN4AlF/4V8HHumAMLJzeO8DpzjUv9Co/+J09 root@flora-6";
|
flora-6-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP1InpTBN4AlF/4V8HHumAMLJzeO8DpzjUv9Co/+J09 root@flora-6";
|
||||||
|
tankstelle-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJdF6cJKPDiloWiDja1ZtqkXDdXOCHPs10HD+JMzgeU4 root@tankstelle";
|
||||||
|
|
||||||
adminKeys = builtins.foldl' (
|
adminKeys = builtins.foldl' (
|
||||||
keys: login: keys ++ (builtins.attrValues login.secretEncryptionKeys)
|
keys: login: keys ++ (builtins.attrValues login.secretEncryptionKeys)
|
||||||
|
@ -10,6 +11,8 @@ let
|
||||||
|
|
||||||
nachtigallKeys = [ nachtigall-host ];
|
nachtigallKeys = [ nachtigall-host ];
|
||||||
|
|
||||||
|
tankstelleKeys = [ tankstelle-host ];
|
||||||
|
|
||||||
flora6Keys = [ flora-6-host ];
|
flora6Keys = [ flora-6-host ];
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
@ -17,6 +20,7 @@ in
|
||||||
"nachtigall-root-ssh-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"nachtigall-root-ssh-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
|
||||||
"nachtigall-wg-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"nachtigall-wg-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
"tankstelle-wg-private-key.age".publicKeys = tankstelleKeys ++ adminKeys;
|
||||||
"flora6-wg-private-key.age".publicKeys = flora6Keys ++ adminKeys;
|
"flora6-wg-private-key.age".publicKeys = flora6Keys ++ adminKeys;
|
||||||
|
|
||||||
"mastodon-secret-key-base.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"mastodon-secret-key-base.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
@ -29,6 +33,7 @@ in
|
||||||
"keycloak-database-password.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"keycloak-database-password.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
|
||||||
"forgejo-actions-runner-token.age".publicKeys = flora6Keys ++ adminKeys;
|
"forgejo-actions-runner-token.age".publicKeys = flora6Keys ++ adminKeys;
|
||||||
|
"tankstelle-forgejo-actions-runner-token.age".publicKeys = tankstelleKeys ++ adminKeys;
|
||||||
"forgejo-database-password.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"forgejo-database-password.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
"forgejo-mailer-password.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"forgejo-mailer-password.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
"forgejo-ssh-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"forgejo-ssh-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
|
43
secrets/tankstelle-forgejo-actions-runner-token.age
Normal file
43
secrets/tankstelle-forgejo-actions-runner-token.age
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 1X0eLA g7MuhjaILdtN30lT0abiBuT2i2SxE4wzwHffPMbPaxA
|
||||||
|
5iZOxlFLUaKUhqvGSiyyVy7jrbGcN8Q4DX4xXImDDZM
|
||||||
|
-> ssh-ed25519 uYcDNw NUtdv3ykepvWklorbni0lMPb31hpHDhVktV6AkqY0Fs
|
||||||
|
anEK08Yr7WY6xmovVJjxXqy/Z47CU6sUFs/1tZHqHos
|
||||||
|
-> ssh-rsa f5THog
|
||||||
|
nCjbVlM7V+AT20HSV7Z9miLlFzVRruxIrPavIrDNLRLnjDn8dkgu2ZnymnXHf9El
|
||||||
|
GA/tmjF86OKCCOS7AjdSZ0RZIjgOfU/EseWdmaaS5iR6PjDJmuJuGtCwDKloddwO
|
||||||
|
wS2VeU3tQzF6ayGPFirWYQVOwMCVahe6DB3d+ataXSprhb9DtMxAb7FQ07zl3rrO
|
||||||
|
VXE82wA4qnwWyLAvZ96XdXYGBpO2vzxEgYzXa1gbHEY38BMUgELyhJJX0c2hEVwv
|
||||||
|
jT7h4ex4NUK3f3t2JXw/Waz5hHpRYFuzF7u4rZjXZbiW0sgcXHZKF11AEUxASsUl
|
||||||
|
yul5EEaPI34ISnwpWWuPAuDBskQzgJooeKGi9bQDed8otLy33NxyYgtR1Av4x1cC
|
||||||
|
PjtkDxuvIooGp1uKgMFdoyWMB+pyd5MOeyqKXl0drTzILBET1quLBDuyAntvGriS
|
||||||
|
c8Cj05YpLEh/gmPZ3KzLyGaKcELL8YYco+NkUwr1LNe/OEMbHcLc9q5fVfsN5BYz
|
||||||
|
w1hQ24c8JGW1/1DFG+R0+MfcF4jFVyiqk9ctRlKqoA8dnFmkMDlK6ETj191y8baZ
|
||||||
|
DtMNPTOeLDmxFc3O0vjAWFV3Is5X3EupcS4hlLpeNCW1DXF4R2+cmBQOewfeafI4
|
||||||
|
uVaMuNqTW60B+9j7c6asvSHcAVP8S6BTcrJiaLETiSU
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
ZBLNf1RAI2+dXsXR8ns3taqHIM2yqslWOvSUM93droVVN6fkq/O9QUx0f6iljQW6
|
||||||
|
wRY2iqqjzBYs6kysf21jsryGGhhVNB70QAeGDZWoeB2YmpnlvMRumqqG6S77K6kc
|
||||||
|
D0oKXkuYx9J62BBI6gJk3+yJgEK3WHBvgBzD5rqgW2kJVWFLyU7C/rJH78UKvX2r
|
||||||
|
r4PDQCEeJ4wnRyV0ox4z3f0XfLoHiwXE2oWGgrfs6/+Pw3AKdENbbNVRIyrzJci4
|
||||||
|
nhxDd1miMChsQylKnfB8C60J9rhVFfP0/G8EXqhi2KbHfPeC4fHPjUxVbi2v74Ag
|
||||||
|
NaRgxZOMpVPgGxlnHCz4ELuGn1LsMuBJCic/Z0PNMr86SC9hFnCyaWqXxKaYLj38
|
||||||
|
USJq+F9RC7529En7XT+jOifDB29DS4GL8gCvwizd8j8wfeFm4w6qXS8rS5+9BbcD
|
||||||
|
Ghf1Zzmbdm0R2lO4aV/APyCyK5NW0k068T7V710x+KvyRREvChkYEN87VvK5kYcC
|
||||||
|
uYZvbcGJgMQrEiwVN11H2oxHPpj4oB7NiSb3mpDkaniXS5ijhEl10C6OzuEk1Hm2
|
||||||
|
ybYXLspzlOZujVoGqrscoKTTzirvnO0B1YirPieTX6ym51rvnO6SPiT5bYGL5DNQ
|
||||||
|
E6PDUz5kOwD9IQyF/a88CxBg/BFqSrSlvli+bdgfM7c
|
||||||
|
-> piv-p256 vRzPNw AgAstuXfEQ+zPDSJmDRlieeY7h93S7AOX1LmWNZq8SOA
|
||||||
|
umkx7AnExb+OuxVtTnJsr0Vymhlt9PBYkRt+5FxgLA0
|
||||||
|
-> piv-p256 zqq/iw A8mFVtYM8mpj1iBqeQfvGavOahp0oNsT3j1i5YDYDfD2
|
||||||
|
dZrDkvAHopEFTQgCdUkDNHPjLVhMAO4YJJE+cLuaxd4
|
||||||
|
-> ssh-ed25519 YFSOsg 4h3HGQqPiwWUJkgZP9eMuiKxoZq9+YCDqj5L28mdIBE
|
||||||
|
ppHBGJJzaf0fJZ24MZBRQ3v561f3J+CuDX7tatfD3G4
|
||||||
|
-> ssh-ed25519 iHV63A rikUwY2DW9GQLopMcdPK8eZ1YjeKTp9z5cRqzDOs4mU
|
||||||
|
kYn3dNGNhIDr3KIPEFZZj9zsqHZn7JDT67jtdljOVyo
|
||||||
|
-> ssh-ed25519 BVsyTA 3GMMwNFuwx7ECwKWqS9GnIV5MuZY1jxi5KDKY1j3tSs
|
||||||
|
gWEkAMLnOI/7gKKfuJE3vU6+e6XpnNwQfIJQ0UFoC6w
|
||||||
|
-> ssh-ed25519 +3V2lQ YemOcrH319bbQJp+LnugOh2ed/Pwgfla+C3BU6cIaUQ
|
||||||
|
gFTDAi8TFTRCmGkcSN8lFJPQctHLUC75xl7oJOdsYuw
|
||||||
|
--- jd2QVeVcxn06ET1m3jMx8encjGlV51Vz7UO2MQq9weI
|
||||||
|
/L‡ÿµB$ž<08>&q-] îÿŽHe\niT¤Àˆ-z„‚ǵ·—v2Nl^à+äÁÁÈõWjç6
®gieUÑk!—ÚÖÁú’³ïámxWõÌ
|
45
secrets/tankstelle-wg-private-key.age
Normal file
45
secrets/tankstelle-wg-private-key.age
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 1X0eLA MwsWZb3girtAXvxgr3IBZhSthg5xzC2z88WIkG2GTDk
|
||||||
|
4yKFoIU/SbKcpSXYShUwEY6KV9o59bgIsDCJ0POOmZU
|
||||||
|
-> ssh-ed25519 uYcDNw 4CPU+vcJcXt+sVSD60ThkWWu87wEzo/TkFAfkJ7lAxU
|
||||||
|
K5ubfpowb/mBjRS9AaoEuPJEAy3jZQF9vBVK6+StrEE
|
||||||
|
-> ssh-rsa f5THog
|
||||||
|
GVZN3/Yl8OX+j8GuAp5ixsmz59HS+0z9OeGMoUl3m4S0kjpl39vY5+Fd5SXTtNLB
|
||||||
|
O5itG/nbo4lK/PVtH/s3UuzRlEvGzASkxTVGZAXBUgXlPf6hsUdxUhLn8G1DRTj9
|
||||||
|
qmZyk5ERH/uqA8LIH8kBWPE8OJ9qf5oVwttOuJLlkrmiojEvbK4Egf4pBAKxv1Vu
|
||||||
|
JUwoO2W5QxB9lOkOiGOfq6e++pWL+PN1URpGFxbvmM7N6OKNhix+HV9lBdTbS4tl
|
||||||
|
uP8n0nrM5h5yh7Waz+aAVb7Wu4YgsFCEmGlhEksM/tiHFun+9kFI3xUNTTO3PbYP
|
||||||
|
KH6KAV8mOA8tL/6PNbbLmaHp5v7//5Abgjmy1BCwNe/WfZiTVLmGDaOpW7qE0pcq
|
||||||
|
h+ooOk81MenF84FRQGEEMMBVHgckxxCGYYve7bEsWMJP+ua1BmZjQu/I2LpXN6OA
|
||||||
|
KtoPcnmCGyrZMWKLVdSjzeeEqKk7wtG6BISeLdguF4pEUN2Qoqppx33UQ0ztACf1
|
||||||
|
PHAsKbABkCG0yZz13M0bKSCP1O3HWzy2Cmw0EU+WbP6GEGCWmzZRDmjI9+CgtowH
|
||||||
|
9jz16+1k0PgO5EjV2s1Hijt0gEizl2Q07c2/BYx97951BOR9/LGVRKGtduXixf4a
|
||||||
|
qFt0Qw0JPZwP2XaXJmJ9x+4e1go5ydJFNnhcvTMUx3I
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
mM/LqZJl+5sDjDRhUZlPiFH43+BKkawgiPkQ6eNQmvS7fGjS6FWyGteiRdzxHax3
|
||||||
|
y2YE0GC0EmllMfXpjidHQHd4IBP82LrAlry2if9QYOdxtPg3577EZT1XFsR4Eegx
|
||||||
|
9xuG0+UYIYoEi4wUnnc58z/lV/iCJ4hTBsSMD69ciPdUVzeaA7RoFKImuLx3zhu4
|
||||||
|
Gc5ggAFKL9CYwMaJATB3e6+kTu3jkSUSa6vc4D0z7x7Sd2LjRN/THHlpvQQyMi4e
|
||||||
|
XREkhSNbOHp3mADLv7taFnjwUS/MltFDV8bPsemKmg+He0cVWc4JZynxaRXgdo4p
|
||||||
|
I3zkYcuWuUzWLgr6l8Aj4B7vd9tk9D0YyPmyMFWhq/IYjx62o/qTUSmBsluj2cqg
|
||||||
|
pg+45m/WTEAI7vnZXPcSlgbXyll1QE5TISqd7ugRyL3QhzR0h6TkRbMn5iCb15xy
|
||||||
|
zAgDCaN7z9Xhz9Y4zZG1zrKiF2qCNuZa6ZrgKRZLiFaVmhPvizCeYaZpRI2BfWwH
|
||||||
|
mo957eHh1//DIAbqWwRfblGZJUbuMK/vyvPoRsum3Pgft2LZLYF0U4vd8b0W5wBW
|
||||||
|
GBH3+zJBz5hhZVY96b5e70a6Uuwzub51RJlSJ07kNA/n5F1dN+8BFZlp52vCCSXQ
|
||||||
|
yzNnGZVnVF451CrsLtotzScO4r5KULpJaLK7Vkx20RE
|
||||||
|
-> piv-p256 vRzPNw AoFeX/N95u7AJHk3CEuFIf7tr0vYaGD+vFeh03kOmj2+
|
||||||
|
qBrMOjlgPdY9hDUeMBZ/oWkduTr2fyHkQWPzjU8wsKE
|
||||||
|
-> piv-p256 zqq/iw A6134rkgfZQCqdSsE4PtaAq8QfJP5h/+L9WxfvQ6nFSg
|
||||||
|
kz/3tibowB2x7akq8slScl3XW9OcOFqUaVMA5hP03CQ
|
||||||
|
-> ssh-ed25519 YFSOsg TjpLEHbKVX8eT5FJyj5OjoczjlbfE1QxrSQV7nmK3z8
|
||||||
|
+60JLcmaQEwEHkwRSD8ZxOVKfPfp+oCIxNz26h4EW4Q
|
||||||
|
-> ssh-ed25519 iHV63A /EMk1Hj4P0+VDBWneswmBE6rKRLuTBkcR42Y3NAGCxs
|
||||||
|
gFK/5AZAGptQ2GNbT25oiM1jENs70UYJVmBsH/9FRBE
|
||||||
|
-> ssh-ed25519 BVsyTA LwsnNWko4BLTMYIsW+iaagyTq1amhYfB+p0HUikzwT4
|
||||||
|
7rZengSXZzlTFh/FFVS8Jt+LMJZQ2wE7F3al1+DFe9Y
|
||||||
|
-> ssh-ed25519 +3V2lQ JGc07grd52VZSARjFBckyoA7D6686kSP/rhW6B8CiCg
|
||||||
|
R77Oha9dKKYX7YxHbeiVRwpSgxNeUQcQIld1v30xwaE
|
||||||
|
--- 8J1Hx/Cb3bTUm4llIEeQx+YUwHkX9XzTIAZm+YdJxVQ
|
||||||
|
}ÙÛKuØwˆe[ªºQ
|
||||||
|
s^p§x‘æÉ¡Éi·9a;Hݲ…ÑÃynÄÁ
|
||||||
|
QáÐÌëùóƒÈÂqöekµà;j¦ùôú7È©\„
|
|
@ -19,6 +19,11 @@ resource "namecheap_domain_records" "pub-solar" {
|
||||||
type = "A"
|
type = "A"
|
||||||
address = "80.71.153.210"
|
address = "80.71.153.210"
|
||||||
}
|
}
|
||||||
|
record {
|
||||||
|
hostname = "tankstelle"
|
||||||
|
type = "A"
|
||||||
|
address = "80.244.242.5"
|
||||||
|
}
|
||||||
record {
|
record {
|
||||||
hostname = "alerts"
|
hostname = "alerts"
|
||||||
type = "A"
|
type = "A"
|
||||||
|
|
Loading…
Reference in a new issue