From 6fc5b2553ce52f26f8a601304bf7afb04d6c255d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Fri, 21 Apr 2023 11:20:23 +0200 Subject: [PATCH 1/3] Add concepts-and-training test infra config --- flake.lock | 60 ++++++++++++++-------------- hosts/biolimo/biolimo.nix | 4 ++ modules/devops/default.nix | 1 + secrets/.fwknoprc | 55 +++++++++++++++++++++++++ secrets/cat-test.ovpn | Bin 0 -> 8021 bytes secrets/secrets.nix | 7 ++++ users/ben/concepts-and-training.nix | 47 ++++++++++++++++++++++ users/ben/home.nix | 1 + 8 files changed, 145 insertions(+), 30 deletions(-) create mode 100644 secrets/.fwknoprc create mode 100644 secrets/cat-test.ovpn create mode 100644 users/ben/concepts-and-training.nix diff --git a/flake.lock b/flake.lock index e02ce1ac..6cdbd980 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ ] }, "locked": { - "lastModified": 1677126346, - "narHash": "sha256-4s+PPGC1M07QsPyeye5drc2JLa1lhDnCV3XAsG8+pH4=", + "lastModified": 1680281360, + "narHash": "sha256-XdLTgAzjJNDhAG2V+++0bHpSzfvArvr2pW6omiFfEJk=", "owner": "ryantm", "repo": "agenix", - "rev": "c2a71c83c70844c5e31db69347e86af080bcdad0", + "rev": "e64961977f60388dd0b49572bb0fc453b871f896", "type": "github" }, "original": { @@ -30,11 +30,11 @@ ] }, "locked": { - "lastModified": 1673295039, - "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", + "lastModified": 1680266963, + "narHash": "sha256-IW/lzbUCOcldLHWHjNSg1YoViDnZOmz0ZJL7EH9OkV8=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", + "rev": "99d4187d11be86b49baa3a1aec0530004072374f", "type": "github" }, "original": { @@ -324,11 +324,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1676257154, - "narHash": "sha256-eW3jymNLpdxS5fkp9NWKyNtgL0Gqtgg1vCTofKXDF1g=", + "lastModified": 1679738842, + "narHash": "sha256-CvqRbsyDW756EskojZptDU590rez29RcHDV3ezoze08=", "owner": "nix-community", "repo": "home-manager", - "rev": "2cb27c79117a2a75ff3416c3199a2dc57af6a527", + "rev": "83110c259889230b324bb2d35bef78bf5f214a1f", "type": "github" }, "original": { @@ -340,11 +340,11 @@ }, "latest": { "locked": { - "lastModified": 1677063315, - "narHash": "sha256-qiB4ajTeAOVnVSAwCNEEkoybrAlA+cpeiBxLobHndE8=", + "lastModified": 1680213900, + "narHash": "sha256-cIDr5WZIj3EkKyCgj/6j3HBH4Jj1W296z7HTcWj1aMA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "988cc958c57ce4350ec248d2d53087777f9e1949", + "rev": "e3652e0735fbec227f342712f180f4f21f0594f2", "type": "github" }, "original": { @@ -356,11 +356,11 @@ }, "master": { "locked": { - "lastModified": 1677244726, - "narHash": "sha256-lwzie+EgYjPianeH82eb0mEDPOmOcXqlOR5lBZ7dkkM=", + "lastModified": 1680378422, + "narHash": "sha256-TDtrSPR2vv790K11iv+RfcCQXxRFPVCYiJHOOKSLuoM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "566169a4eaca1513d4fd396c239367b869fcdb0c", + "rev": "6529d912fae122a025bdb605d2b628349c1b7bae", "type": "github" }, "original": { @@ -372,11 +372,11 @@ }, "nixlib": { "locked": { - "lastModified": 1636849918, - "narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=", + "lastModified": 1679187309, + "narHash": "sha256-H8udmkg5wppL11d/05MMzOMryiYvc403axjDNZy1/TQ=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5", + "rev": "44214417fe4595438b31bdb9469be92536a61455", "type": "github" }, "original": { @@ -387,11 +387,11 @@ }, "nixos": { "locked": { - "lastModified": 1677075010, - "narHash": "sha256-X+UmR1AkdR//lPVcShmLy8p1n857IGf7y+cyCArp8bU=", + "lastModified": 1680122840, + "narHash": "sha256-zCQ/9iFHzCW5JMYkkHMwgK1/1/kTMgCMHq4THPINpAU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c95bf18beba4290af25c60cbaaceea1110d0f727", + "rev": "a575c243c23e2851b78c00e9fa245232926ec32f", "type": "github" }, "original": { @@ -407,11 +407,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1676297861, - "narHash": "sha256-YECUmK34xzg0IERpnbCnaO6z6YgfecJlstMWX7dqOZ8=", + "lastModified": 1679464055, + "narHash": "sha256-RiZpwkbm1GeKRqrTtGGsEDieJyplMSRG1bQzOZgY378=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "1e0a05219f2a557d4622bc38f542abb360518795", + "rev": "d5cd198c80ee62a801a078ad991c99c0175971cf", "type": "github" }, "original": { @@ -422,11 +422,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1677232326, - "narHash": "sha256-rAk2/80kLvA3yIMmSV86T1B4kNvwCFMSQ1FxXndaUB0=", + "lastModified": 1680070330, + "narHash": "sha256-aoT2YZCd9LEtiEULFLIF0ykKydgE72X8gw/k9/pRS5I=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "2d44015779cced4eec9df5b8dab238b9f6312cb2", + "rev": "a6aa8174fa61e55bd7e62d35464d3092aefe0421", "type": "github" }, "original": { @@ -437,11 +437,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1637186689, - "narHash": "sha256-NU7BhgnwA/3ibmCeSzFK6xGi+Bari9mPfn+4cBmyEjw=", + "lastModified": 1679198465, + "narHash": "sha256-VfXpHpniNWgg7pBzxb20pRX7kqn80LApPDQYTReiFCw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7fad01d9d5a3f82081c00fb57918d64145dc904c", + "rev": "5a05160f7671434e1c833b1b01284b876e04eca4", "type": "github" }, "original": { diff --git a/hosts/biolimo/biolimo.nix b/hosts/biolimo/biolimo.nix index 8ccebe1d..47c961ff 100644 --- a/hosts/biolimo/biolimo.nix +++ b/hosts/biolimo/biolimo.nix @@ -23,6 +23,10 @@ in { networking.networkmanager.wifi.backend = mkForce "wpa_supplicant"; + services.printing.drivers = [ + pkgs.cups-brother-hl3140cw + ]; + home-manager = with pkgs; pkgs.lib.setAttrByPath ["users" psCfg.user.name] { xdg.configFile = mkIf psCfg.sway.enable { diff --git a/modules/devops/default.nix b/modules/devops/default.nix index 2f3425f6..500f5c11 100644 --- a/modules/devops/default.nix +++ b/modules/devops/default.nix @@ -16,6 +16,7 @@ in { home-manager = with pkgs; pkgs.lib.setAttrByPath ["users" psCfg.user.name] { home.packages = [ + fwknop croc drone-cli nmap diff --git a/secrets/.fwknoprc b/secrets/.fwknoprc new file mode 100644 index 00000000..7b0ff7f3 --- /dev/null +++ b/secrets/.fwknoprc @@ -0,0 +1,55 @@ +age-encryption.org/v1 +-> ssh-rsa kFDS0A +LOCwn3fjnFMa4uQSQ07PtaacV9m9SsIwdoFEjw5TA97x8oB6NiEtLBXDlJjmdlaa +FXAbXM8jLWKibGNdTeKZHpArHqdGDq3nsfyhnX6yBtPGFPAe1UKve05nlyttu4D5 +fthzMbAcQ64mKG6+nOKGHvI81GOMBJtRxGt5ZQLCc/xb27tE+LFobFPQY6YgdeD3 +IyOpJGkpc3xAgSO69EWJZg4Ghwha94sZEKKrqQr1fTeLS4UtwjVrVbNheYL7W1sS +jcfq8oXZXD0VARODA4k+bM1/XvLsWcXQBaIeLwgCsjuIjnbczHIiRI2+j3Ob26JQ +hslibSZCcd62zffjPHHZnOfMfZdqNlD/QHHwiI61rI64b5OMfRziN6k6e1cycl6p +Na75U+mQwFm9nl3fLJBlEXAwhlZIjlDUMxT6o6T2ship9uEb9SauKnP9f7ZeHqVF +uADkMatkE094YWfPnOVJz1eqCx3MbyLCl2JT81QrtNjO3kg8RQVH+Uyfa02fAPp/ +85AwQH+TP9zOihVjtdLXcOw0w7vZnxR63pG9M76wM9mdD3ZNrrhGE3ZGVJ2S49UP +hlXO08A1L186Laz/Gkl0e7lNJW5zi3nkoNXj83jcOF62PYlLOFEW/qX6I6wNj+M0 +yKeYpQApPXJ51eBkXPB9Bhfj8ftxeLv4fH0bsQhqU1w +-> ssh-ed25519 TnSWKQ Hk4SpOst8GGEYmTKiCCYyo2tms9h3dufpFqAhiJgpiA +1RHyW45dojLPWKNxmnSqr+zj3qSRSFkl9qGWLnEq8K0 +-> ssh-rsa 8daibg +MNcF/av+TW6ud3eQ6aVZmE2b2sY1nYoaTanxXUzPQO6PPHvnr4CgqgWxZKbt6YHY +0fAYPgJbiqqjNFQbVHryAcQeMXD+tAyuKlm26Y2ClZMIYKq8+bkIk564hTwsXrzS +kGdioExuFEksU82e/q+zofyf4W0du4VrM046WTtluX1GPsHk9aIvF7B0WHI9+hR7 +3uXHEBgSgaA7AC4hXUIXA69p4tNSnyJdifJ1hPj3Kheu8NUvn4r8wUyoKqcQuK6Q +88x2eKjtcejXRiH38AzlyPPTkU4mzPWIU8CjrYVEDTHXC0RXlNnRbeAe4ELipLBr +Yx08KrUSbY6CHJvS4AWjHEzDbzm4lOpww38psGDu50Z6eA33wjJThXfjpDnB2fEO +ru8qwbGv+kYMvWKs/5ZQeQ1hq+F5qna5M9I8fu4WdIV9k7emRD8debvlBNYXJtw5 +w2AyIYJK+IEhQkuKjVeZHzBmQ23zSS7pCM9vandZhFixkqRk3g+ZqTwGGishFED6 +SaUf9R/eQSVnVSB8skQ9En08it/XBgGuKjRWLHgU6OZkkVKXuj1Mh9Iv9QAU0fQ4 +3EibmCBZUxS9B1VPBE+cjYFY53pFRM5sHrLAehC4O1WaM8y2jz0K03lBjyVJOeSw +qIBFrLOu6Gqn1fJYrFa2LBLG/PN2uNIhZSh/yCfhfQ0 +-> ssh-rsa kFDS0A +BhxxIOUw7LuHNJPaXmlUW0mM0HnBAZgeiXWjE02BvQF1C+9EapRBbXjuhadvDr4J +VSDC6GF7BeX6J7f1tBV9go7orZJiNVPIU2nhopriT5oXrOH/ZD2/6ADA6KVLVuUU +/I/vTbnx8GDqF7N3OlZb8/mxiRMv+d/7zgO9vcDU5VVo5FuE9LB5e8JKuXrj7sTG +RPkkX9aBISs48RooFBDuDbddGZ9tq71OcCqofmOT0IoTOpPSkoZWl0EHorELh9yt +n8iy9IsGuLKpcih1ZFUWQnmLHAWYIVM7y8eg/Rs6wGUWZog2ptx+BRPlh6loO8fD +TzcsBs68TzVUq/Xr3kZ5PJIsEwLo9eWrOj4s3TEL4VyOty1KN73CF7piWd8a6fYU +qDqPuIyGho1A0uolxcj3qKG4WAofgsdSwmaOpNSSGaETsq8kJujAtjywstvrcGfh +sDjXv9aNp2833mROUzzF4AAlnCn0Kioc6MW0k0bB2lX0Msj9SzRLq49956v76c3b +zimQGZ90So/CyIVlYlMHFR1QQB106I8ZP/6Tsmb5ct3/A+X8D65oLT+FzqT+cReX +glLB7lHG49fx54ot7l6o0UgEu9KBUkMs+Ry/j4VyaKw7bsmhGJ2jLxm08L/d8t3Y +EOTPxRHCYBfeGkgLH8gcLSoaA0HX0JYXBtxJYjlPZI0 +-> ssh-ed25519 2Ca8Kg vgCvJblRQLnUuN4uV3TFABstwM8CgpWqSMydVwuF1w0 +63r7HmUw1mvnUAZCP4cJEipc1Ff+BV4ENV+iRbeC8dU +-> ssh-rsa 2ggJWw +Ch+8asbOfiFxBlO0CtfJcZmIwRRLhSYVf6a6qDXxWeXg47ifRGZNgv7VMLrM+W5N +L38EgtpXO077tUkurzU522Wbm3ZJolFHzB6+3hp7Sxy6UHutB8j15dS6liJN2FAH +5fjST+AFwg9M24OGcTiVU+lbkgXEM606WrC17HPRigJvaarfgZtm1WtpH4dboPdM +vEZYsLJkAydvZynL7WM17bwcNX6fGsKCT/pkJfNDizifsEwp35uu7JZr2rYePHRY +iZV5WfH3ZQROKcnx5R+7xEAWvFXwaWjm3fxAXegz/orjNSDtXW/ujbhglQW/hnUP +efcj8aTkxGP/jkM8cQ8A1USZ8jyR8JlurHRa7hfA3kBzlOwzUOf35oannyOztWNl +tRWmQjQBxMPyRCOq5nZXWV/qxtKqcE6qyi10f5bIMPk1znglwNS5uZbmx/uHIWju +nzrqNYIwEcYd4pFqKSAN+UIZ0/3HB9HPaVQQSNKFcWA4Y5FxDh+gBfwqVM1SVbRA + +-> _".6-grease k-v mG|Rm] FM? +Q4BYtrvYJvW5t+FeOAHASFLQN9uWC/IiwHfaQi9riQZFR/RJYPdNxkFb +--- P2DlzX4CKd3JbcQPpMuAID9XoB+f5H0EIndBWYWlSBY +30@t+5ny-u#6' ݚ %L;ak!?I ;%vm8A4{^oĝxF 5Kr@DI>G/~682~$2 \ No newline at end of file diff --git a/secrets/cat-test.ovpn b/secrets/cat-test.ovpn new file mode 100644 index 0000000000000000000000000000000000000000..58afe85fe65696f4e6caf2927454666189d653ed GIT binary patch literal 8021 zcmY+o2PmPUKfhz#p9l9}FvnWgT(32+1?V)X8mr0~u)7U5YnsiegLq+})aeN>mp;|$ z0uoFVk`Rgq2^0c^L1{>rmD}*_v zYLgZLQ@a#0Ki?=ZX#fgXEF(%_Zm9@>iftg7UIF#`0i4FILz4!*HCSWw$Y@No1WW|8ba=WC zV2I&Tw$kb68s$i|pN(Ot818_V>+|6BHjSSc)T+!}k;WVVF(^KPQsh8VFdi?A#}!JM zbgzaj!wIAcut+O1pt%w=IY6UPEH0*;p;lTsWE#w5N0IpgxtPGQfS`PQ03w8dU3jHj zLsKg(47m|0#nLG>g&7I3)GPtnOfkvzLA!&(mihc#kBOp&1&vao0PokkZ6LmhFZEzF zNvn!yTle(X@brZ{y$sYKcY)wLxGu5tnQauqjp>LyG|%0xQ+) z0aPF@j^`5u)kL0`Z?$__HYi>x@NiWcmPt+3DtRyi8bX(mpfr_J{y!gU)Nm9EhD#7x z|8$I>5MWyPG%68pb|}R*w~7Rl8qEx<8HNZdy==JC;4xw_LdqX~vlzrhBam>Bfz1p+ zk$gT*g2MzDL6nwaHeszEq8E%pxTQ{;i)<3I|EKnUQ-f6l2Bi+9v&$q1gjPspP|QLB z*-i0ifl^b0!VbEzs5Re9i4n?<<{CFI|>M?*l^dK8Ol)5F9jzl)cz(BuM*(P5F2jS?>b+zFm?t+ocxWt6pvM@* z43I{y^zfx%Ef%cOD3Js^V1*Nv7#`K<#%X9$q}l-?2oPGeM#8h;&}Il(>_ocdLY>2e z40QQxKUx znKa0CSVd@?j{^hwy+MXuiwkn)G8zht!D*NXrpeFN1ymBN%pOpRTq=%$z_%#0dV@;h z@YqlgKL)0C=s0GVo1zbZ;3z&s#()rmdYa3pp;6Tur&&j_lJI0J)2c*Bz&bY=!4+Zu z;DzLdiEi@iRU21ZA+$vg*94yWOz zLcHE%_rrr6nGVjuXlW{m#f1`(aa=B)rb7vl02ri@>%}+$pbyHOR2ug27)qn} z!U3DaD@VAELIL2R%k40gRR<;$y*vQr z6G@#IkIl;V1h4?v?9u7?N-P`)1Z-+k5MyO^H|JUA7^fjQ(%nA7B!yOAs= zg~MTxf@~H60LvT>g2+YIo0STgz=4$j4keu>P{A+(KAy;?P~`!$(qg8Aw7Q^Fj|(_h zc%@b-L|NH^fYIu4QM5cY*eJnSun2@5qI=+6uT5ZQ&~03p3#%2_K|G6} zt~Hnp7!QOfCKG*75)#A1E8!9*UB>gejBG3(4KbL!9-JC(kx7_Tz~gc`oCL7V=Cly` zD3Fl`NVGmZl;QJ;WgeZ8>{DrYW}Z%NC9_p`5k4=1iPo4TJ|YI=M*1}t1;Hg0 zL2XvA%wZDZ1t^w{LPZdWYP$^yVgXz;(qTnw6$~3v2hsTmHaA9rW0u%Fd1F1M=5<=md_QCP?!v@28wamuqH1|WOHd$9+pb45yA*=w1B20 z{K-Z(4@hiOsdTD%Vfy~T#Zgk#z{0#l@X4@0(vb6M&=N`Tm}HBp&pW4YPXtv z46wlr#sy^#15Y8Ma(y79i_Hcrqy{Yx>Ii_@JU9i8@p7b2ynw8BVAO24(h9L@)Fu?m z2k~HS4gy++WzhIWy9enfX}vTMivmb=fJ96qIFM4WSi{pv$aIK}sWchUA_b2uVafpt z*G?cS+$cL0&Z7BkT$_$eL%F=uF_s^Li)A}m4r=b4O_AjKNg z5|KO%Ovj{2j0A!T@Ur0001pFqQ_zASTZ=;SKzgKEEOrsZ8UflsH5v(YqEA7By7?xX zLWB$=+zPgk4O7ciBp#FG5eNkY4;jp5t4we+7wQ2kSs)^gXY~h>1S=SCpbNBmn#9f| z@s(;c93uM@0mv9zz=jneU_45Y=SP4Q7M+r#mBW#Gi5v{DB?!>}StIC~sFux6PSrUz zfJ>9WhcGf=3lhK?=J|{%vl3|ZsR>k?aJ>6Z#*Xp7&gk_^Y_g!-M0Mfi4x^Bz^7Az&63#4=+LUHFC?b%r z+dF!i7dvti z|M`HGx33ZsTW9}k-m)_JAykK!gwgUl2cOtW3f85-*Hpoykel=8CmsT8FfY2i?Gt-; z&e&-_vEuc1xNKN`X2tUD!_}KoMl1lsGdfEuMgRP>=xoHMWu2Vt!wcnk;H$dA`fS^q zq!&+|kOkYXtEC(pY~GYGY|nbV^WWs*?unN#uPuFX^y9Xuf^-#ouW28<#xUpY@Og&< z8P`R*UgC{U>-SYGtpIIr*PooUw`3J23B>&L!~9hH@5c^mcw+?X@~DT0$I^@TPwgFA zIdos$)d4w^FCH@-+sXnKkn(+7s*ipccxY2KqwLq5rje5TcPabVgk0r^6fFbVW=8Ui zV;4?%d}_nV{#IY}@wml721S*3bN8`-P)GzpkxsUGH%_%xydT3uccQ z#moR*9`rqnlV{k{dV1|$LS8B__#< zme)Ji?#r>24|6{NHBY%z9Ik)^2iE$xq`eY!Kj|Me-3JV^iH_#&(RY}OMkI^BXAS8) zdF?- z+E5EeY%RY1rMN~GyPNkLoj{uy^OuNEtC)8AR9xq+8Q2>ywXB?@o2iMAcc^?A@jkfo z=&diQi%;v9pjryYg*;0<88NNX2= zM9B5AUi^{1ybkv5j+Qybvf)`_T>G))aP_g_?GN9V)=mpas%jeY49K;)J__O_k3F7t4K`y+!ajl;V;%7CTi=j_VSN2_F4bYdjuKNt|3O9MTUMw zfZWZPI3(2%j6LR@y0zm-{Oammg7Tk7IxdMKrzTp?Jpr1JbfnKeaeS5RfT8kNMC(On zZO&vieA<1Q(!+x`BM;#+a$HjbsR;3=AfX%R1y}u1ipU3KiK#o7sqaqQ=;;kD@|MM3)`#ydn!dbU(EzR->DV^4f2rg#3zeIGyt8rpx6Y7Y z{)?yaN3XChvUA$P^`|aNCVjlHwe9K5RXZL%|DG7rKB6FFQ;TMZ&zhL+`F{rruYdqB?oLIKWqc1G=#0+(oeKB<}*!~{8j(sGIDEc z9nRJmQ%QewysGye;mDEPt>pb-(IssKr_iWr$0Kk2#)TAVvv#DeO^>*aiQKRm_U~-h zfXsVE-yx?CSbNUh&zJ??kTPr4r#zq4R zOSzv)selY%d&-tnfOTKxpbj(o72_WmZ{vk+@fM3H3bfKnM6W^gwj}vF+l<$b@?gDM? zpWUpyH|%IUi5mKw2br{JY3H9S(+Z4tc=fn`H+C0Z?3{i%nwA^Y}ds zMSCz%%=I06BL7S`4%^RVeVo2&h$TAd@dU&AX_l)D`FDTnx&&tkSd<#INex(+9yv3( zhg!ZBo3Yc~Y38S^_UFyYtEbMHQ~GQF4#<|loQI;DXOo)`9S`fC`8BDGrJvaxvF6H8 z!N6tje>EeP=SHC`RxR8aeW!QKOu@-_&2*A*PV%tw#oe?8+}jh*mzG}`1Ft~hd(p*n z-`I{!e&-`BDRC5BpE>GS{BiHYU4elsBA*>DT`*z>>i&Uy>tR@nJSy)^I=#=f!vijF>WaB(BLUsKX3THZF_6Qwz|`| z>v9=WuYGuGkHY|wqSS*hNhgR{X3k|dEvmw%9zp}tKs9;&sYw-;g}mgekldID+@iLZ1e6| zxr!12|7(i#)mm}<*ywb1MfZ`%(S85bm#lt2Xv)c&g5t2+94se2@S*5s^9W_#k7!W( zR_D$v%F;OOLD`KSHYWSm@`;thN5}s6`_Q?A$ijIM8~?1rQGVscuqkcE)ofX8=s@OK z#r?Eu=ljQ#dv45Fp0Ns1e?S8<3#r44V$OtkDAHIn^?Qa z*0Qm_Z%T$EThaY%*OA7v8R!((V}T&V=hQd+H#WQ>s~NQU_~|=4Gk*Ly$SBCQ;BMw) z&!4x|cyKv}bJrK|!H1=;3!?mQo5MC`f37+8ju~8E)%z88tLsEj?JbiERV&loqtrb zp?G{GZ|;UW*Tv7bh%a^SSlR|T{vi~p`_2D$vti^_*RFRNKYN+Wc6QB-S*D5q zw*K_fS6hx$gr5B5DH+vpxR;X5_|wT>PLZFe&%t#kj&1xyY56%%ql^&s%Iu`fPfz#PD(3z)Sc({q~ZU ztUC=m*Y$KnZ1svATizCaJ(u@M-Iz49XzFKBVOYb9xree?v!=8jD%m$}({}j6vZGrV zG3I%5SGJ2W=lcL*WiP;EG_gII)+%Mz%^sVn!;G&%M{Ra>MpXomMFlb0fd?$j`u@xF zdX|6t>s7RLPui?D#=PT;+WK9xd{{E-)Oa;L8~5^{zxnv;7ry)Mh!+!TEM{0gda z|Nb?>-d^wU5cTx#a}Tb?{jMv9s8q8bzN3%a{Q(G7-+mn0T}3~2HF){Yua7IJT9Z_m zTjU+m(Q^Y--m)%Z*pih!2Ynyd#Xkjq4}HCV$05V{`3DAdwvN+5r36dS?~{|$Ctkt) zy(M>1-rR=9j@humwP$jfjFyC`rK3?8b<}^O3n2#^&rDv>@`^kpdd!J6FZ`8D(Mg?u zQ_dlouM6eBtLUl%6zXQdCU{4{RiVyXBI7wfAcbOD@cH|^x;jo+uZ@ zg~XP=zBR6H$&8fl-dke)&ieAsasc$ z4xjeP>kFhA^WOBfC#LpHplx5<3i$NseQ>yBB%dw@A-5fEN5uHd6^%qhrhNg6HGgJp>+GjEyE5S9bUD^2sDq2dapfp zud3&(_wJ~XZvffjw-4eT!^eFiBn2f$B2k&Wd7ZZgXYrX6ZW_G%!-c&Ku{j*gGkWZu z?cRvfx2unDD7iPS&UyaeQp(=Kc{OoSLp$NAu0i?PKLS2zf#7S_3SSV#yeS*C?N;g(;`oE|@XLqa(6aVZu0G!I@*2_w?OMxNYC}~an&Z!$ zNE@Fr+Ium1^o&Ch9BrNV;v6OZ0*Za+w6g8O!*1;4pRznqbx^A>QIY-!|1xtROPv_MQ07LnOyyr6@ROgPgW}$P)Ets`@e&uhY3C64=0>0%i*Ot_w|UA zu%rJ)&3ZPDdMOOmTOV0I|J=^LZzoixq+6^tlZ)p%zBV0ub3II-D`K8&$lE}*wW}Ow zh)V*WDD#I_NP7D#dpN;}!{Q0`tIr3=_ur+r@YACv%u0(S-j*z{dw}?QZG7X-ji*=6 z2(P)YGOf-cOQBhuwWmbd*z@1dmGIXyg?bkFT0{viY0lG+J$>Ix*^&R+?q>W=`nI}k z7hz^slcfZ%&ETqA?z_7qt6T3UsVRr+8;ial4tF0M6pUTAfxPXnQ&S4B&CQ*CKPf~x zf<9j#_ty3Kbsq2XybJuZGDhjhar0~RH=k0G$caDv{B0o<)?-ILjreazzr8~rDHk@~ z{K`G($i58zcstm}9J5NF;G=hSZAP3pePhQz1J<9Zny_GSzoD55hKSbg%UKkAK6<3) zfQ!1Zde5yI&)h+Lz42^l_nSUbpX|>4nc5d@w5+My{jxflk@+#jjvuZ%zv#xbmIJS! zhh2|c(`4>f)$AVLb?M^PH06Qx%CzdPqzdG1J{5Cn<%ZG$6S~*+3%6Sijd?!%W?ae) zYTdc$r7srNH0E5KS1_OawC+Y!+Lcl3RVzib6+_M+enxi+_XXhSgycsvv6GKNRSV70 zrh_qrXN7Ot%7^ZJ^}g+X;L+=oTHInur^Gwp&HZ7D)(q_Y>T%P`PIP}90|@&@O>HPX z_;Y^Lw4Lb3D~e$U2LFo~8w$D<_t&7Md$w{uPM^M zM;_ZaIV;9;U7u?jdnw}l_oe;!Iu}6?XGNa7yCA0NYvTM3@dMOh&q8qVKQh1dJC=Rv L)u&%kkfHw%!WED@ literal 0 HcmV?d00001 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 72a5b529..546cd128 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -2,6 +2,9 @@ let # set ssh public keys here for your system and user bbcom = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmXpOU6vzQiVSSYCoxHYv7wDxC63Qg3dxlAMR6AOzwIABCU5PFFNcO0NWYms/YR7MOViorl+19LCLRABar9JgHU1n+uqxKV6eGph3OPeMp5sN8LAh7C9N+TZj8iJzBxQ3ch+Z/LdmLRwYNJ7KSUI+gwGK6xRS3+z1022Y4P0G0sx7IeCBl4lealQEIIF10ZOfjUdBcLQar7XTc5AxyGKnHCerXHRtccCoadLQujk0AvPXbv3Ma4JwX9X++AnCWRWakqS5UInu2tGuZ/6Hrjd2a9AKWjTaBVDcbYqCvY4XVuMj2/A2bCceFBaoi41apybSk26FSFTU4qiEUNQ6lxeOwG4+1NCXyHe2bGI4VyoxinDYa8vLLzXIRfTRA0qoGfCweXNeWPf0jMqASkUKaSOH5Ot7O5ps34r0j9pWzavDid8QeKJPyhxKuF1a5G4iBEZ0O9vuti60dPSjJPci9oTxbune2/jb7Sa0yO06DtLFJ2ncr5f70s/BDxKk4XIwQLy+KsvzlQEGdY8yA6xv28bOGxL3sQ0HE2pDTsvIbAisVOKzdJeolStL9MM5W8Hg0r/KkGj2bg0TfoRp1xHV9hjKkvJrsQ6okaPvNFeZq0HXzPhWMOVQ+/46z80uaQ1ByRLr3FTwuWJ7F/73ndfxiq6bDE4z2Ji0vOjeWJm6HCxTdGw== hello@benjaminbaedorf.com"; + yubi-main = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHx4A8rLYmFgTOp1fDGbbONN8SOT0l5wWrUSYFUcVzMPTyfdT23ZVIdVD5yZCySgi/7PSh5mVmyLIZVIXlNrZJg= @b12f Yubi Main"; + yubi-backup = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw= @b12f Yubi Backup"; + biolimo-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZzg8pfVtFonx/IvO2MKG5uVF/sMJAOt1Ifm9Vds2eA root@biolimo"; biolimo-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDoYNvXWunQYFORRjcYH1F98+zr20U79ROh+gmaC7AY/x3yf4y8uyMayF56VgQLVNwgEchT5t4dNb9qo2+1oUnjiKrKAVfQMN6WMMMEr4F4WT784uvBx5Uo6vmhgAa+xoo62c4TV2Uf49ZiPd+zAApBHW1F/whPtunPF28Wfr9g+ozSidhnAr+3nkfJh331tz9s+wgQ39AFzFWftQ60Guulpfj8SaVyxyv/yZZAuFpXNzN0Cz4fWBIWFOsib6Z8y+SlUCzSzOguZ7FygHjwlvOxoISsASAuf0OfUKHxVshiL5F5AX1ddmUgXbUKUTp/3Iunr74pfOQC8TXzZHqhrlFzYDmK5J9E6eADSpgx++bCCaHycl73BWeertCBZSHBXeb3Db9HX+mxwpfP3alVAt4ZqQb3YD/VB7XGDvHbmLn+wSfecO2qA9PxiA0yX7e2BZLN9r3G3bRNSk0GpnYM0i84FE9IipiKKnWVjj7J0UPQmz7rzAn2Lki1CnX9PDdxZneqTxgpBomHJt4H+vXMw13scA4xxEDBvfS5KkjbEJqWLbfklCoER6nV3NPLZ6CBl0Xe/VQBSkqEuUEIXih/oa8emDOGUODNF75ck5NJmKiGg6AFZoeiDa7PZMIxhhOq4vsR2Ty43rztUJ0CMX7iSIk3Eql7kqNdvrJaJ7z0GBsiw== ben@biolimo"; @@ -58,4 +61,8 @@ in { "mopidy.conf".publicKeys = allKeys; "b12f-env-secrets".publicKeys = biolimoKeys ++ chocolatebarKeys; + + ".fwknoprc".publicKeys = biolimoKeys ++ chocolatebarKeys; + + "cat-test.ovpn".publicKeys = biolimoKeys ++ chocolatebarKeys; } diff --git a/users/ben/concepts-and-training.nix b/users/ben/concepts-and-training.nix new file mode 100644 index 00000000..4a61f129 --- /dev/null +++ b/users/ben/concepts-and-training.nix @@ -0,0 +1,47 @@ +{ + config, + pkgs, + lib, + self, + ... +}: +with lib; let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; +in { + age.secrets."cat-test.ovpn" = { + file = "${self}/secrets/cat-test.ovpn"; + mode = "700"; + owner = psCfg.user.name; + }; + + age.secrets.".fwknoprc" = { + file = "${self}/secrets/.fwknoprc"; + path = "${config.users.users."${psCfg.user.name}".home}/.fwknoprc"; + mode = "600"; + owner = psCfg.user.name; + }; + + services.openvpn.servers = { + catVPN = { + config = ''config /run/agenix/cat-test.ovpn ''; + }; + }; + + home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] { + programs.ssh = { + matchBlocks = { + "salt.base.test" = { + hostname = "10.0.0.2"; + user = "bbaedorf"; + }; + + "salt.gateway.test" = { + hostname = "10.0.0.3"; + user = "root"; + proxyJump = "salt.base.test"; + }; + }; + }; + }; +} diff --git a/users/ben/home.nix b/users/ben/home.nix index a77faedc..ef5305c5 100644 --- a/users/ben/home.nix +++ b/users/ben/home.nix @@ -11,6 +11,7 @@ with lib; let in { imports = [ ./session-variables.nix + ./concepts-and-training.nix ]; home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] { From ad1a6db3a82cac9fe0eabe92a927455475bea690 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Fri, 21 Apr 2023 11:31:13 +0200 Subject: [PATCH 2/3] Only use root user for CaT infra --- users/ben/concepts-and-training.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/ben/concepts-and-training.nix b/users/ben/concepts-and-training.nix index 4a61f129..663034bc 100644 --- a/users/ben/concepts-and-training.nix +++ b/users/ben/concepts-and-training.nix @@ -39,7 +39,7 @@ in { "salt.gateway.test" = { hostname = "10.0.0.3"; user = "root"; - proxyJump = "salt.base.test"; + proxyJump = "root@salt.base.test"; }; }; }; From 5aa65b766fa2d31c89d0853a76fc4bf48aa6d663 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Fri, 5 May 2023 14:17:14 +0200 Subject: [PATCH 3/3] Include fwknop into CaT VPN config --- modules/devops/default.nix | 1 - users/ben/concepts-and-training.nix | 6 +++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/modules/devops/default.nix b/modules/devops/default.nix index 500f5c11..2f3425f6 100644 --- a/modules/devops/default.nix +++ b/modules/devops/default.nix @@ -16,7 +16,6 @@ in { home-manager = with pkgs; pkgs.lib.setAttrByPath ["users" psCfg.user.name] { home.packages = [ - fwknop croc drone-cli nmap diff --git a/users/ben/concepts-and-training.nix b/users/ben/concepts-and-training.nix index 663034bc..8d96d32f 100644 --- a/users/ben/concepts-and-training.nix +++ b/users/ben/concepts-and-training.nix @@ -17,17 +17,17 @@ in { age.secrets.".fwknoprc" = { file = "${self}/secrets/.fwknoprc"; - path = "${config.users.users."${psCfg.user.name}".home}/.fwknoprc"; mode = "600"; - owner = psCfg.user.name; }; services.openvpn.servers = { catVPN = { - config = ''config /run/agenix/cat-test.ovpn ''; + config = ''config ${config.age.secrets."cat-test.ovpn".path}''; }; }; + systemd.services.openvpn-catVPN.serviceConfig.ExecStartPre = "${pkgs.fwknop}/bin/fwknop --rc-file=${config.age.secrets.".fwknoprc".path} --no-save-args --no-home-dir --save-args-file=/dev/null -n hetzner_test_cloud --wget-cmd=${pkgs.wget}/bin/wget"; + home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] { programs.ssh = { matchBlocks = {