pub-solar/os
5
0
Fork 2
Code Issues 4 Pull requests Packages Projects 1 Releases Wiki Activity

Add concepts-and-training test infra config
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse source
This commit is contained in:
Benjamin Bädorf 2023-04-21 11:20:23 +02:00
parent 1918a3fd6e
commit 6fc5b2553c
No known key found for this signature in database
GPG key ID: 4406E80E13CD656C
8 changed files with 145 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

60
flake.lock
View file

@ -10,11 +10,11 @@
]
},
"locked": {
"lastModified": 1677126346,
"narHash": "sha256-4s+PPGC1M07QsPyeye5drc2JLa1lhDnCV3XAsG8+pH4=",
"lastModified": 1680281360,
"narHash": "sha256-XdLTgAzjJNDhAG2V+++0bHpSzfvArvr2pW6omiFfEJk=",
"owner": "ryantm",
"repo": "agenix",
"rev": "c2a71c83c70844c5e31db69347e86af080bcdad0",
"rev": "e64961977f60388dd0b49572bb0fc453b871f896",
"type": "github"
},
"original": {
@ -30,11 +30,11 @@
]
},
"locked": {
"lastModified": 1673295039,
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"lastModified": 1680266963,
"narHash": "sha256-IW/lzbUCOcldLHWHjNSg1YoViDnZOmz0ZJL7EH9OkV8=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"rev": "99d4187d11be86b49baa3a1aec0530004072374f",
"type": "github"
},
"original": {
@ -324,11 +324,11 @@
"utils": "utils_2"
},
"locked": {
"lastModified": 1676257154,
"narHash": "sha256-eW3jymNLpdxS5fkp9NWKyNtgL0Gqtgg1vCTofKXDF1g=",
"lastModified": 1679738842,
"narHash": "sha256-CvqRbsyDW756EskojZptDU590rez29RcHDV3ezoze08=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2cb27c79117a2a75ff3416c3199a2dc57af6a527",
"rev": "83110c259889230b324bb2d35bef78bf5f214a1f",
"type": "github"
},
"original": {
@ -340,11 +340,11 @@
},
"latest": {
"locked": {
"lastModified": 1677063315,
"narHash": "sha256-qiB4ajTeAOVnVSAwCNEEkoybrAlA+cpeiBxLobHndE8=",
"lastModified": 1680213900,
"narHash": "sha256-cIDr5WZIj3EkKyCgj/6j3HBH4Jj1W296z7HTcWj1aMA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "988cc958c57ce4350ec248d2d53087777f9e1949",
"rev": "e3652e0735fbec227f342712f180f4f21f0594f2",
"type": "github"
},
"original": {
@ -356,11 +356,11 @@
},
"master": {
"locked": {
"lastModified": 1677244726,
"narHash": "sha256-lwzie+EgYjPianeH82eb0mEDPOmOcXqlOR5lBZ7dkkM=",
"lastModified": 1680378422,
"narHash": "sha256-TDtrSPR2vv790K11iv+RfcCQXxRFPVCYiJHOOKSLuoM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "566169a4eaca1513d4fd396c239367b869fcdb0c",
"rev": "6529d912fae122a025bdb605d2b628349c1b7bae",
"type": "github"
},
"original": {
@ -372,11 +372,11 @@
},
"nixlib": {
"locked": {
"lastModified": 1636849918,
"narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=",
"lastModified": 1679187309,
"narHash": "sha256-H8udmkg5wppL11d/05MMzOMryiYvc403axjDNZy1/TQ=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5",
"rev": "44214417fe4595438b31bdb9469be92536a61455",
"type": "github"
},
"original": {
@ -387,11 +387,11 @@
},
"nixos": {
"locked": {
"lastModified": 1677075010,
"narHash": "sha256-X+UmR1AkdR//lPVcShmLy8p1n857IGf7y+cyCArp8bU=",
"lastModified": 1680122840,
"narHash": "sha256-zCQ/9iFHzCW5JMYkkHMwgK1/1/kTMgCMHq4THPINpAU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c95bf18beba4290af25c60cbaaceea1110d0f727",
"rev": "a575c243c23e2851b78c00e9fa245232926ec32f",
"type": "github"
},
"original": {
@ -407,11 +407,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1676297861,
"narHash": "sha256-YECUmK34xzg0IERpnbCnaO6z6YgfecJlstMWX7dqOZ8=",
"lastModified": 1679464055,
"narHash": "sha256-RiZpwkbm1GeKRqrTtGGsEDieJyplMSRG1bQzOZgY378=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "1e0a05219f2a557d4622bc38f542abb360518795",
"rev": "d5cd198c80ee62a801a078ad991c99c0175971cf",
"type": "github"
},
"original": {
@ -422,11 +422,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1677232326,
"narHash": "sha256-rAk2/80kLvA3yIMmSV86T1B4kNvwCFMSQ1FxXndaUB0=",
"lastModified": 1680070330,
"narHash": "sha256-aoT2YZCd9LEtiEULFLIF0ykKydgE72X8gw/k9/pRS5I=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "2d44015779cced4eec9df5b8dab238b9f6312cb2",
"rev": "a6aa8174fa61e55bd7e62d35464d3092aefe0421",
"type": "github"
},
"original": {
@ -437,11 +437,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1637186689,
"narHash": "sha256-NU7BhgnwA/3ibmCeSzFK6xGi+Bari9mPfn+4cBmyEjw=",
"lastModified": 1679198465,
"narHash": "sha256-VfXpHpniNWgg7pBzxb20pRX7kqn80LApPDQYTReiFCw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7fad01d9d5a3f82081c00fb57918d64145dc904c",
"rev": "5a05160f7671434e1c833b1b01284b876e04eca4",
"type": "github"
},
"original": {

4
hosts/biolimo/biolimo.nix
View file

@ -23,6 +23,10 @@ in {
networking.networkmanager.wifi.backend = mkForce "wpa_supplicant";
services.printing.drivers = [
pkgs.cups-brother-hl3140cw
];
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
xdg.configFile = mkIf psCfg.sway.enable {

1
modules/devops/default.nix
View file

@ -16,6 +16,7 @@ in {
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
home.packages = [
fwknop
croc
drone-cli
nmap

55
secrets/.fwknoprc Normal file
View file

@ -0,0 +1,55 @@
age-encryption.org/v1
-> ssh-rsa kFDS0A
LOCwn3fjnFMa4uQSQ07PtaacV9m9SsIwdoFEjw5TA97x8oB6NiEtLBXDlJjmdlaa
FXAbXM8jLWKibGNdTeKZHpArHqdGDq3nsfyhnX6yBtPGFPAe1UKve05nlyttu4D5
fthzMbAcQ64mKG6+nOKGHvI81GOMBJtRxGt5ZQLCc/xb27tE+LFobFPQY6YgdeD3
IyOpJGkpc3xAgSO69EWJZg4Ghwha94sZEKKrqQr1fTeLS4UtwjVrVbNheYL7W1sS
jcfq8oXZXD0VARODA4k+bM1/XvLsWcXQBaIeLwgCsjuIjnbczHIiRI2+j3Ob26JQ
hslibSZCcd62zffjPHHZnOfMfZdqNlD/QHHwiI61rI64b5OMfRziN6k6e1cycl6p
Na75U+mQwFm9nl3fLJBlEXAwhlZIjlDUMxT6o6T2ship9uEb9SauKnP9f7ZeHqVF
uADkMatkE094YWfPnOVJz1eqCx3MbyLCl2JT81QrtNjO3kg8RQVH+Uyfa02fAPp/
85AwQH+TP9zOihVjtdLXcOw0w7vZnxR63pG9M76wM9mdD3ZNrrhGE3ZGVJ2S49UP
hlXO08A1L186Laz/Gkl0e7lNJW5zi3nkoNXj83jcOF62PYlLOFEW/qX6I6wNj+M0
yKeYpQApPXJ51eBkXPB9Bhfj8ftxeLv4fH0bsQhqU1w
-> ssh-ed25519 TnSWKQ Hk4SpOst8GGEYmTKiCCYyo2tms9h3dufpFqAhiJgpiA
1RHyW45dojLPWKNxmnSqr+zj3qSRSFkl9qGWLnEq8K0
-> ssh-rsa 8daibg
MNcF/av+TW6ud3eQ6aVZmE2b2sY1nYoaTanxXUzPQO6PPHvnr4CgqgWxZKbt6YHY
0fAYPgJbiqqjNFQbVHryAcQeMXD+tAyuKlm26Y2ClZMIYKq8+bkIk564hTwsXrzS
kGdioExuFEksU82e/q+zofyf4W0du4VrM046WTtluX1GPsHk9aIvF7B0WHI9+hR7
3uXHEBgSgaA7AC4hXUIXA69p4tNSnyJdifJ1hPj3Kheu8NUvn4r8wUyoKqcQuK6Q
88x2eKjtcejXRiH38AzlyPPTkU4mzPWIU8CjrYVEDTHXC0RXlNnRbeAe4ELipLBr
Yx08KrUSbY6CHJvS4AWjHEzDbzm4lOpww38psGDu50Z6eA33wjJThXfjpDnB2fEO
ru8qwbGv+kYMvWKs/5ZQeQ1hq+F5qna5M9I8fu4WdIV9k7emRD8debvlBNYXJtw5
w2AyIYJK+IEhQkuKjVeZHzBmQ23zSS7pCM9vandZhFixkqRk3g+ZqTwGGishFED6
SaUf9R/eQSVnVSB8skQ9En08it/XBgGuKjRWLHgU6OZkkVKXuj1Mh9Iv9QAU0fQ4
3EibmCBZUxS9B1VPBE+cjYFY53pFRM5sHrLAehC4O1WaM8y2jz0K03lBjyVJOeSw
qIBFrLOu6Gqn1fJYrFa2LBLG/PN2uNIhZSh/yCfhfQ0
-> ssh-rsa kFDS0A
BhxxIOUw7LuHNJPaXmlUW0mM0HnBAZgeiXWjE02BvQF1C+9EapRBbXjuhadvDr4J
VSDC6GF7BeX6J7f1tBV9go7orZJiNVPIU2nhopriT5oXrOH/ZD2/6ADA6KVLVuUU
/I/vTbnx8GDqF7N3OlZb8/mxiRMv+d/7zgO9vcDU5VVo5FuE9LB5e8JKuXrj7sTG
RPkkX9aBISs48RooFBDuDbddGZ9tq71OcCqofmOT0IoTOpPSkoZWl0EHorELh9yt
n8iy9IsGuLKpcih1ZFUWQnmLHAWYIVM7y8eg/Rs6wGUWZog2ptx+BRPlh6loO8fD
TzcsBs68TzVUq/Xr3kZ5PJIsEwLo9eWrOj4s3TEL4VyOty1KN73CF7piWd8a6fYU
qDqPuIyGho1A0uolxcj3qKG4WAofgsdSwmaOpNSSGaETsq8kJujAtjywstvrcGfh
sDjXv9aNp2833mROUzzF4AAlnCn0Kioc6MW0k0bB2lX0Msj9SzRLq49956v76c3b
zimQGZ90So/CyIVlYlMHFR1QQB106I8ZP/6Tsmb5ct3/A+X8D65oLT+FzqT+cReX
glLB7lHG49fx54ot7l6o0UgEu9KBUkMs+Ry/j4VyaKw7bsmhGJ2jLxm08L/d8t3Y
EOTPxRHCYBfeGkgLH8gcLSoaA0HX0JYXBtxJYjlPZI0
-> ssh-ed25519 2Ca8Kg vgCvJblRQLnUuN4uV3TFABstwM8CgpWqSMydVwuF1w0
63r7HmUw1mvnUAZCP4cJEipc1Ff+BV4ENV+iRbeC8dU
-> ssh-rsa 2ggJWw
Ch+8asbOfiFxBlO0CtfJcZmIwRRLhSYVf6a6qDXxWeXg47ifRGZNgv7VMLrM+W5N
L38EgtpXO077tUkurzU522Wbm3ZJolFHzB6+3hp7Sxy6UHutB8j15dS6liJN2FAH
5fjST+AFwg9M24OGcTiVU+lbkgXEM606WrC17HPRigJvaarfgZtm1WtpH4dboPdM
vEZYsLJkAydvZynL7WM17bwcNX6fGsKCT/pkJfNDizifsEwp35uu7JZr2rYePHRY
iZV5WfH3ZQROKcnx5R+7xEAWvFXwaWjm3fxAXegz/orjNSDtXW/ujbhglQW/hnUP
efcj8aTkxGP/jkM8cQ8A1USZ8jyR8JlurHRa7hfA3kBzlOwzUOf35oannyOztWNl
tRWmQjQBxMPyRCOq5nZXWV/qxtKqcE6qyi10f5bIMPk1znglwNS5uZbmx/uHIWju
nzrqNYIwEcYd4pFqKSAN+UIZ0/3HB9HPaVQQSNKFcWA4Y5FxDh+gBfwqVM1SVbRA
-> _".6-grease k-v mG|Rm] FM?
Q4BYtrvYJvW5t+FeOAHASFLQN9uWC/IiwHfaQi9riQZFR/RJYPdNxkFb
--- P2DlzX4CKd3JbcQPpMuAID9XoB+f5H0EIndBWYWlSBY
«0@ýÜt+Þ5n¦yÞ-u¾#Ž6Ó'¹ Ýš %LòÁù‰Ì;ãÅak!”?I Âö;%²vm8AÞ4Ë{¨‹ªŸÕàÖ^oÌÄ<C38C>ôÔáÍxFª ì5Kìó¸r¹Øâ¿“@D¡IŸ><3E>…ÂG»”/²ôó~§î¶682~$ï…Á2<C381>ª

BIN
secrets/cat-test.ovpn Normal file
View file

Binary file not shown.

7
secrets/secrets.nix
View file

@ -2,6 +2,9 @@ let
# set ssh public keys here for your system and user
bbcom = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmXpOU6vzQiVSSYCoxHYv7wDxC63Qg3dxlAMR6AOzwIABCU5PFFNcO0NWYms/YR7MOViorl+19LCLRABar9JgHU1n+uqxKV6eGph3OPeMp5sN8LAh7C9N+TZj8iJzBxQ3ch+Z/LdmLRwYNJ7KSUI+gwGK6xRS3+z1022Y4P0G0sx7IeCBl4lealQEIIF10ZOfjUdBcLQar7XTc5AxyGKnHCerXHRtccCoadLQujk0AvPXbv3Ma4JwX9X++AnCWRWakqS5UInu2tGuZ/6Hrjd2a9AKWjTaBVDcbYqCvY4XVuMj2/A2bCceFBaoi41apybSk26FSFTU4qiEUNQ6lxeOwG4+1NCXyHe2bGI4VyoxinDYa8vLLzXIRfTRA0qoGfCweXNeWPf0jMqASkUKaSOH5Ot7O5ps34r0j9pWzavDid8QeKJPyhxKuF1a5G4iBEZ0O9vuti60dPSjJPci9oTxbune2/jb7Sa0yO06DtLFJ2ncr5f70s/BDxKk4XIwQLy+KsvzlQEGdY8yA6xv28bOGxL3sQ0HE2pDTsvIbAisVOKzdJeolStL9MM5W8Hg0r/KkGj2bg0TfoRp1xHV9hjKkvJrsQ6okaPvNFeZq0HXzPhWMOVQ+/46z80uaQ1ByRLr3FTwuWJ7F/73ndfxiq6bDE4z2Ji0vOjeWJm6HCxTdGw== hello@benjaminbaedorf.com";
yubi-main = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHx4A8rLYmFgTOp1fDGbbONN8SOT0l5wWrUSYFUcVzMPTyfdT23ZVIdVD5yZCySgi/7PSh5mVmyLIZVIXlNrZJg= @b12f Yubi Main";
yubi-backup = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw= @b12f Yubi Backup";
biolimo-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZzg8pfVtFonx/IvO2MKG5uVF/sMJAOt1Ifm9Vds2eA root@biolimo";
biolimo-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDoYNvXWunQYFORRjcYH1F98+zr20U79ROh+gmaC7AY/x3yf4y8uyMayF56VgQLVNwgEchT5t4dNb9qo2+1oUnjiKrKAVfQMN6WMMMEr4F4WT784uvBx5Uo6vmhgAa+xoo62c4TV2Uf49ZiPd+zAApBHW1F/whPtunPF28Wfr9g+ozSidhnAr+3nkfJh331tz9s+wgQ39AFzFWftQ60Guulpfj8SaVyxyv/yZZAuFpXNzN0Cz4fWBIWFOsib6Z8y+SlUCzSzOguZ7FygHjwlvOxoISsASAuf0OfUKHxVshiL5F5AX1ddmUgXbUKUTp/3Iunr74pfOQC8TXzZHqhrlFzYDmK5J9E6eADSpgx++bCCaHycl73BWeertCBZSHBXeb3Db9HX+mxwpfP3alVAt4ZqQb3YD/VB7XGDvHbmLn+wSfecO2qA9PxiA0yX7e2BZLN9r3G3bRNSk0GpnYM0i84FE9IipiKKnWVjj7J0UPQmz7rzAn2Lki1CnX9PDdxZneqTxgpBomHJt4H+vXMw13scA4xxEDBvfS5KkjbEJqWLbfklCoER6nV3NPLZ6CBl0Xe/VQBSkqEuUEIXih/oa8emDOGUODNF75ck5NJmKiGg6AFZoeiDa7PZMIxhhOq4vsR2Ty43rztUJ0CMX7iSIk3Eql7kqNdvrJaJ7z0GBsiw== ben@biolimo";
@ -58,4 +61,8 @@ in {
"mopidy.conf".publicKeys = allKeys;
"b12f-env-secrets".publicKeys = biolimoKeys ++ chocolatebarKeys;
".fwknoprc".publicKeys = biolimoKeys ++ chocolatebarKeys;
"cat-test.ovpn".publicKeys = biolimoKeys ++ chocolatebarKeys;
}

47
users/ben/concepts-and-training.nix Normal file
View file

@ -0,0 +1,47 @@
{
config,
pkgs,
lib,
self,
...
}:
with lib; let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in {
age.secrets."cat-test.ovpn" = {
file = "${self}/secrets/cat-test.ovpn";
mode = "700";
owner = psCfg.user.name;
};
age.secrets.".fwknoprc" = {
file = "${self}/secrets/.fwknoprc";
path = "${config.users.users."${psCfg.user.name}".home}/.fwknoprc";
mode = "600";
owner = psCfg.user.name;
};
services.openvpn.servers = {
catVPN = {
config = ''config /run/agenix/cat-test.ovpn '';
};
};
home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
programs.ssh = {
matchBlocks = {
"salt.base.test" = {
hostname = "10.0.0.2";
user = "bbaedorf";
};
"salt.gateway.test" = {
hostname = "10.0.0.3";
user = "root";
proxyJump = "salt.base.test";
};
};
};
};
}

1
users/ben/home.nix
View file

@ -11,6 +11,7 @@ with lib; let
in {
imports = [
./session-variables.nix
./concepts-and-training.nix
];
home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] {