Add / update hosts, add secrets
This commit is contained in:
parent
8144c332d1
commit
ae0cd2e1fd
16
hosts/companion/companion.nix
Normal file
16
hosts/companion/companion.nix
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
config = {
|
||||||
|
boot.plymouth.enable = lib.mkForce false;
|
||||||
|
pub-solar.nextcloud.enable = lib.mkForce false;
|
||||||
|
};
|
||||||
|
}
|
63
hosts/companion/configuration.nix
Normal file
63
hosts/companion/configuration.nix
Normal file
|
@ -0,0 +1,63 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
./hardware-configuration.nix
|
||||||
|
./home-controller.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.loader.timeout = 0;
|
||||||
|
|
||||||
|
boot.loader.generic-extlinux-compatible.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
boot.loader.grub = {
|
||||||
|
enable = true;
|
||||||
|
efiSupport = true;
|
||||||
|
efiInstallAsRemovable = true;
|
||||||
|
device = "nodev";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Set your time zone.
|
||||||
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
|
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
||||||
|
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
||||||
|
# replicates the default behaviour.
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.interfaces.eth0.useDHCP = true;
|
||||||
|
networking.interfaces.wlan0.useDHCP = false;
|
||||||
|
networking.networkmanager.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
nix = {
|
||||||
|
extraOptions = lib.optionalString (config.nix.package == pkgs.nixFlakes) "experimental-features = nix-command flakes";
|
||||||
|
};
|
||||||
|
|
||||||
|
# List packages installed in system profile. To search, run:
|
||||||
|
# $ nix search wget
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
vim
|
||||||
|
wget
|
||||||
|
];
|
||||||
|
|
||||||
|
# Open ports in the firewall.
|
||||||
|
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||||
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||||
|
# Or disable the firewall altogether.
|
||||||
|
# networking.firewall.enable = false;
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "22.11"; # Did you read the comment?
|
||||||
|
}
|
||||||
|
|
6
hosts/companion/default.nix
Normal file
6
hosts/companion/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{ suites, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./companion.nix
|
||||||
|
] ++ suites.companion;
|
||||||
|
}
|
61
hosts/companion/hardware-configuration.nix
Normal file
61
hosts/companion/hardware-configuration.nix
Normal file
|
@ -0,0 +1,61 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "uas" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
boot.initrd.supportedFilesystems = [ "zfs" ];
|
||||||
|
boot.supportedFilesystems = [ "zfs" ];
|
||||||
|
|
||||||
|
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_5_18;
|
||||||
|
|
||||||
|
boot.initrd.luks.devices = {
|
||||||
|
cryptroot = {
|
||||||
|
device = "/dev/disk/by-uuid/3bbde916-e12a-46a7-9eea-4f5e2aef7883";
|
||||||
|
keyFile = "/dev/disk/by-id/usb-SanDisk_Cruzer_Blade_04017028021722045451-0:0-part1";
|
||||||
|
bypassWorkqueues = true;
|
||||||
|
fallbackToPassword = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{
|
||||||
|
device = "zroot/root";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/5552-1B21";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/var/lib/rancher/k3s/storage" =
|
||||||
|
{
|
||||||
|
device = "zroot/kubernetes-localstorage";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices =
|
||||||
|
[{ device = "/dev/disk/by-uuid/0545db4a-0494-44d7-927a-4c78351c4303"; }];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.interfaces.eth0.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
|
||||||
|
networking.hostId = "71f2d82a";
|
||||||
|
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||||
|
}
|
55
hosts/companion/home-controller.nix
Normal file
55
hosts/companion/home-controller.nix
Normal file
|
@ -0,0 +1,55 @@
|
||||||
|
{ self, config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
config = {
|
||||||
|
age.secrets.home_controller_k3s_token.file = "${self}/secrets/home_controller_k3s_server_token.age";
|
||||||
|
age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_companion_wireguard_key.age";
|
||||||
|
|
||||||
|
pub-solar.home-controller = {
|
||||||
|
enable = true;
|
||||||
|
role = "server";
|
||||||
|
ownIp = "10.0.1.13";
|
||||||
|
|
||||||
|
k3s = {
|
||||||
|
serverAddr = "https://api.kube:6443";
|
||||||
|
tokenFile = "/run/agenix/home_controller_k3s_token";
|
||||||
|
enableLocalStorage = true;
|
||||||
|
enableZfs = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
wireguard = {
|
||||||
|
privateKeyFile = "/run/agenix/home_controller_wireguard";
|
||||||
|
peers = [
|
||||||
|
{
|
||||||
|
# cube
|
||||||
|
publicKey = "UVzVK5FwXW/AGNVipudUDT43NgCiNpsunzkzjpTvVnk=";
|
||||||
|
allowedIPs = [ "10.0.1.5/32" ];
|
||||||
|
endpoint = "data.gssws.de:51899";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# giggles
|
||||||
|
publicKey = "i5kiTSPGR2jrdHl+s/S6D0YWb+xkbPudczG2RWmWwCg=";
|
||||||
|
allowedIPs = [ "10.0.1.11/32" ];
|
||||||
|
endpoint = "giggles.local:51899";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# cox
|
||||||
|
publicKey = "VogQYYYNdXLhPKY9/P2WAn6gfEX9ojN3VD+DKx4gl0k=";
|
||||||
|
allowedIPs = [ "10.0.1.12/32" ];
|
||||||
|
endpoint = "cox.local:51899";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# ringo
|
||||||
|
publicKey = "n4fGufXDjHitgS2HqVjKRdSNw+co1rYEV1Sw+sCCVzw=";
|
||||||
|
allowedIPs = [ "10.0.1.21/32" ];
|
||||||
|
endpoint = "ringo.local:51899";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
64
hosts/cox/configuration.nix
Normal file
64
hosts/cox/configuration.nix
Normal file
|
@ -0,0 +1,64 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
./hardware-configuration.nix
|
||||||
|
./home-controller.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.loader.timeout = 0;
|
||||||
|
|
||||||
|
boot.loader.generic-extlinux-compatible.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
boot.loader.grub = {
|
||||||
|
enable = true;
|
||||||
|
efiSupport = true;
|
||||||
|
efiInstallAsRemovable = true;
|
||||||
|
device = "nodev";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Set your time zone.
|
||||||
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
|
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
||||||
|
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
||||||
|
# replicates the default behaviour.
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.interfaces.eth0.useDHCP = true;
|
||||||
|
networking.interfaces.wlan0.useDHCP = false;
|
||||||
|
networking.networkmanager.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
nix = {
|
||||||
|
#package = pkgs.nixFlakes;
|
||||||
|
extraOptions = lib.optionalString (config.nix.package == pkgs.nixFlakes) "experimental-features = nix-command flakes";
|
||||||
|
};
|
||||||
|
|
||||||
|
# List packages installed in system profile. To search, run:
|
||||||
|
# $ nix search wget
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
vim
|
||||||
|
wget
|
||||||
|
];
|
||||||
|
|
||||||
|
# Open ports in the firewall.
|
||||||
|
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||||
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||||
|
# Or disable the firewall altogether.
|
||||||
|
# networking.firewall.enable = false;
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "22.11"; # Did you read the comment?
|
||||||
|
}
|
||||||
|
|
16
hosts/cox/cox.nix
Normal file
16
hosts/cox/cox.nix
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
config = {
|
||||||
|
boot.plymouth.enable = lib.mkForce false;
|
||||||
|
pub-solar.nextcloud.enable = lib.mkForce false;
|
||||||
|
};
|
||||||
|
}
|
6
hosts/cox/default.nix
Normal file
6
hosts/cox/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{ suites, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./cox.nix
|
||||||
|
] ++ suites.cox;
|
||||||
|
}
|
61
hosts/cox/hardware-configuration.nix
Normal file
61
hosts/cox/hardware-configuration.nix
Normal file
|
@ -0,0 +1,61 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "uas" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
boot.initrd.supportedFilesystems = [ "zfs" ];
|
||||||
|
boot.supportedFilesystems = [ "zfs" ];
|
||||||
|
|
||||||
|
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_5_18;
|
||||||
|
|
||||||
|
boot.initrd.luks.devices = {
|
||||||
|
cryptroot = {
|
||||||
|
device = "/dev/disk/by-uuid/bf333b74-875f-4187-922e-4b433fb53aa2";
|
||||||
|
keyFile = "/dev/disk/by-id/usb-SanDisk_Cruzer_Blade_03024516121421043657-0:0-part1";
|
||||||
|
bypassWorkqueues = true;
|
||||||
|
fallbackToPassword = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{
|
||||||
|
device = "zroot/root";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/6CB3-6DB8";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/var/lib/rancher/k3s/storage" =
|
||||||
|
{
|
||||||
|
device = "zroot/kubernetes-localstorage";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices =
|
||||||
|
[{ device = "/dev/disk/by-uuid/7ef4a3f8-f4a6-42f5-a57d-21f502ed3dba"; }];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.interfaces.eth0.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
|
||||||
|
networking.hostId = "71f2d82a";
|
||||||
|
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||||
|
}
|
55
hosts/cox/home-controller.nix
Normal file
55
hosts/cox/home-controller.nix
Normal file
|
@ -0,0 +1,55 @@
|
||||||
|
{ self, config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
config = {
|
||||||
|
age.secrets.home_controller_k3s_token.file = "${self}/secrets/home_controller_k3s_server_token.age";
|
||||||
|
age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_cox_wireguard_key.age";
|
||||||
|
|
||||||
|
pub-solar.home-controller = {
|
||||||
|
enable = true;
|
||||||
|
role = "server";
|
||||||
|
ownIp = "10.0.1.12";
|
||||||
|
|
||||||
|
k3s = {
|
||||||
|
serverAddr = "https://api.kube:6443";
|
||||||
|
tokenFile = "/run/agenix/home_controller_k3s_token";
|
||||||
|
enableLocalStorage = true;
|
||||||
|
enableZfs = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
wireguard = {
|
||||||
|
privateKeyFile = "/run/agenix/home_controller_wireguard";
|
||||||
|
peers = [
|
||||||
|
{
|
||||||
|
# cube
|
||||||
|
publicKey = "UVzVK5FwXW/AGNVipudUDT43NgCiNpsunzkzjpTvVnk=";
|
||||||
|
allowedIPs = [ "10.0.1.5/32" ];
|
||||||
|
endpoint = "data.gssws.de:51899";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# giggles
|
||||||
|
publicKey = "i5kiTSPGR2jrdHl+s/S6D0YWb+xkbPudczG2RWmWwCg=";
|
||||||
|
allowedIPs = [ "10.0.1.11/32" ];
|
||||||
|
endpoint = "giggles.local:51899";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# companion
|
||||||
|
publicKey = "7EUcSUckw/eLiWFHD+AzfcoKWstjr+cL70SupOJ6zC0=";
|
||||||
|
allowedIPs = [ "10.0.1.13/32" ];
|
||||||
|
endpoint = "companion.local:51899";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# ringo
|
||||||
|
publicKey = "n4fGufXDjHitgS2HqVjKRdSNw+co1rYEV1Sw+sCCVzw=";
|
||||||
|
allowedIPs = [ "10.0.1.21/32" ];
|
||||||
|
endpoint = "ringo.local:51899";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
8
hosts/cube/acme.nix
Normal file
8
hosts/cube/acme.nix
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
{ pkgs, config, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
security.acme = {
|
||||||
|
acceptTerms = true;
|
||||||
|
defaults.email = "hensoko@gssws.de";
|
||||||
|
};
|
||||||
|
}
|
42
hosts/cube/configuration.nix
Normal file
42
hosts/cube/configuration.nix
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
# Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
./home-controller.nix
|
||||||
|
./acme.nix
|
||||||
|
./home-assistant.nix
|
||||||
|
./nextcloud.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# Use the GRUB 2 boot loader.
|
||||||
|
boot.loader.grub.enable = true;
|
||||||
|
boot.loader.grub.version = 2;
|
||||||
|
boot.loader.grub.device = "/dev/disk/by-id/usb-HP_iLO_Internal_SD-CARD_000002660A01-0:0";
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
useDHCP = false;
|
||||||
|
|
||||||
|
interfaces.eno1.ipv4.addresses = [{
|
||||||
|
address = "80.244.242.2";
|
||||||
|
prefixLength = 29;
|
||||||
|
}];
|
||||||
|
|
||||||
|
defaultGateway = "80.244.242.1";
|
||||||
|
nameservers = [ "95.129.51.51" "80.244.244.244" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.openssh.ports = [ 2222 ];
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 2222 ];
|
||||||
|
networking.firewall.allowedUDPPorts = [ 51899 ];
|
||||||
|
networking.firewall.enable = lib.mkForce true;
|
||||||
|
|
||||||
|
system.stateVersion = "21.05"; # Did you read the comment?
|
||||||
|
}
|
13
hosts/cube/cube.nix
Normal file
13
hosts/cube/cube.nix
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
with lib;
|
||||||
|
with pkgs;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
|
||||||
|
}
|
6
hosts/cube/default.nix
Normal file
6
hosts/cube/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{ suites, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./cube.nix
|
||||||
|
] ++ suites.cube;
|
||||||
|
}
|
37
hosts/cube/hardware-configuration.nix
Normal file
37
hosts/cube/hardware-configuration.nix
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "uhci_hcd" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/715ef65c-6cb3-4455-99ed-fe7408935d00";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/e76a2e82-bf17-4287-967c-bd0f16d16875";
|
||||||
|
fsType = "ext2";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/mnt/internal" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/3563f624-f8ed-4664-95d0-ca8b9db1c60a";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices =
|
||||||
|
[{ device = "/dev/disk/by-uuid/4b0b445b-ae72-439a-8aeb-cbd6a3ed73b9"; }];
|
||||||
|
}
|
19
hosts/cube/home-assistant.nix
Normal file
19
hosts/cube/home-assistant.nix
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
{ self, pkgs, config, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
# HTTP
|
||||||
|
services.nginx = {
|
||||||
|
virtualHosts."ha.gssws.de" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://10.0.1.254:8123";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
extraConfig =
|
||||||
|
"proxy_ssl_server_name on;" +
|
||||||
|
"proxy_pass_header Authorization;"
|
||||||
|
;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
48
hosts/cube/home-controller.nix
Normal file
48
hosts/cube/home-controller.nix
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
{ self, config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
config = {
|
||||||
|
age.secrets.home_controller_k3s_token.file = "${self}/secrets/home_controller_k3s_server_token.age";
|
||||||
|
age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_cube_wireguard_key.age";
|
||||||
|
|
||||||
|
pub-solar.home-controller = {
|
||||||
|
enable = true;
|
||||||
|
role = "agent";
|
||||||
|
ownIp = "10.0.1.5";
|
||||||
|
|
||||||
|
k3s = {
|
||||||
|
enableLocalStorage = false;
|
||||||
|
enableZfs = false;
|
||||||
|
serverAddr = "https://api.kube:6443";
|
||||||
|
tokenFile = "/run/agenix/home_controller_k3s_token";
|
||||||
|
};
|
||||||
|
|
||||||
|
wireguard = {
|
||||||
|
privateKeyFile = "/run/agenix/home_controller_wireguard";
|
||||||
|
peers = [
|
||||||
|
{
|
||||||
|
# giggles
|
||||||
|
publicKey = "i5kiTSPGR2jrdHl+s/S6D0YWb+xkbPudczG2RWmWwCg=";
|
||||||
|
allowedIPs = [ "10.0.1.11/32" ];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# cox
|
||||||
|
publicKey = "VogQYYYNdXLhPKY9/P2WAn6gfEX9ojN3VD+DKx4gl0k=";
|
||||||
|
allowedIPs = [ "10.0.1.12/32" ];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# companion
|
||||||
|
publicKey = "7EUcSUckw/eLiWFHD+AzfcoKWstjr+cL70SupOJ6zC0=";
|
||||||
|
allowedIPs = [ "10.0.1.13/32" ];
|
||||||
|
}
|
||||||
|
|
||||||
|
{
|
||||||
|
# hsha
|
||||||
|
publicKey = "sC0wWHE/tvNaVYX3QQTHQUmSTTjZMOjkQ5x/qy6qjTc=";
|
||||||
|
allowedIPs = [ "10.0.1.254/32" ];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
72
hosts/cube/nextcloud.nix
Normal file
72
hosts/cube/nextcloud.nix
Normal file
|
@ -0,0 +1,72 @@
|
||||||
|
{ self, pkgs, config, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
age.secrets.nextcloud_db_pass = {
|
||||||
|
owner = "nextcloud";
|
||||||
|
group = "nextcloud";
|
||||||
|
file = "${self}/secrets/cube_nextcloud_db_pass.age";
|
||||||
|
};
|
||||||
|
|
||||||
|
age.secrets.nextcloud_admin_pass = {
|
||||||
|
owner = "nextcloud";
|
||||||
|
group = "nextcloud";
|
||||||
|
file = "${self}/secrets/cube_nextcloud_admin_pass.age";
|
||||||
|
};
|
||||||
|
|
||||||
|
# HTTP
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
recommendedOptimisation = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
|
||||||
|
virtualHosts."data.gssws.de" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# DATABASES
|
||||||
|
services.postgresql = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.postgresql_11;
|
||||||
|
|
||||||
|
ensureDatabases = [ "nextcloud" ];
|
||||||
|
ensureUsers = [
|
||||||
|
{
|
||||||
|
name = "nextcloud";
|
||||||
|
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
systemd.services."nextcloud-setup" = {
|
||||||
|
requires = [ "postgresql.service" ];
|
||||||
|
after = [ "postgresql.service" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
# NEXTCLOUD
|
||||||
|
services.nextcloud = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.nextcloud24;
|
||||||
|
hostName = "data.gssws.de";
|
||||||
|
https = true;
|
||||||
|
#datadir = "/mnt/internal/nextcloud";
|
||||||
|
autoUpdateApps.enable = true;
|
||||||
|
autoUpdateApps.startAt = "05:00:00";
|
||||||
|
|
||||||
|
config = {
|
||||||
|
# Further forces Nextcloud to use HTTPS
|
||||||
|
overwriteProtocol = "https";
|
||||||
|
|
||||||
|
dbtype = "pgsql";
|
||||||
|
dbuser = "nextcloud";
|
||||||
|
dbhost = "/run/postgresql";
|
||||||
|
dbname = "nextcloud";
|
||||||
|
dbpassFile = "/run/agenix/nextcloud_db_pass";
|
||||||
|
adminpassFile = "/run/agenix/nextcloud_admin_pass";
|
||||||
|
adminuser = "admin";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -9,9 +9,19 @@
|
||||||
[
|
[
|
||||||
# Include the results of the hardware scan.
|
# Include the results of the hardware scan.
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
./home-controller.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.hostName = "giggles"; # Define your hostname.
|
boot.loader.timeout = 0;
|
||||||
|
|
||||||
|
boot.loader.generic-extlinux-compatible.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
boot.loader.grub = {
|
||||||
|
enable = true;
|
||||||
|
efiSupport = true;
|
||||||
|
efiInstallAsRemovable = true;
|
||||||
|
device = "nodev";
|
||||||
|
};
|
||||||
|
|
||||||
# Set your time zone.
|
# Set your time zone.
|
||||||
time.timeZone = "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
|
@ -20,55 +30,17 @@
|
||||||
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
||||||
# replicates the default behaviour.
|
# replicates the default behaviour.
|
||||||
networking.useDHCP = false;
|
networking.useDHCP = false;
|
||||||
networking.interfaces.wlan0.useDHCP = true;
|
networking.interfaces.eth0.useDHCP = true;
|
||||||
|
networking.interfaces.wlan0.useDHCP = false;
|
||||||
networking.networkmanager.enable = lib.mkForce false;
|
networking.networkmanager.enable = lib.mkForce false;
|
||||||
|
|
||||||
#networking.wireless = {
|
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||||
# enable = true;
|
|
||||||
# networks.DinoLan.psk = "Gelbe Enten schwimmen auf dem Wasser.";
|
|
||||||
# interfaces = [ wlan0 ];
|
|
||||||
#};
|
|
||||||
|
|
||||||
# Configure network proxy if necessary
|
|
||||||
# networking.proxy.default = "http://user:password@proxy:port/";
|
|
||||||
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
#package = pkgs.nixFlakes;
|
#package = pkgs.nixFlakes;
|
||||||
extraOptions = lib.optionalString (config.nix.package == pkgs.nixFlakes) "experimental-features = nix-command flakes";
|
extraOptions = lib.optionalString (config.nix.package == pkgs.nixFlakes) "experimental-features = nix-command flakes";
|
||||||
};
|
};
|
||||||
|
|
||||||
# Select internationalisation properties.
|
|
||||||
# i18n.defaultLocale = "en_US.UTF-8";
|
|
||||||
# console = {
|
|
||||||
# font = "Lat2-Terminus16";
|
|
||||||
# keyMap = "us";
|
|
||||||
# };
|
|
||||||
|
|
||||||
# Enable the X11 windowing system.
|
|
||||||
# services.xserver.enable = true;
|
|
||||||
|
|
||||||
|
|
||||||
# Configure keymap in X11
|
|
||||||
# services.xserver.layout = "us";
|
|
||||||
# services.xserver.xkbOptions = "eurosign:e";
|
|
||||||
|
|
||||||
# Enable CUPS to print documents.
|
|
||||||
# services.printing.enable = true;
|
|
||||||
|
|
||||||
# Enable sound.
|
|
||||||
# sound.enable = true;
|
|
||||||
# hardware.pulseaudio.enable = true;
|
|
||||||
|
|
||||||
# Enable touchpad support (enabled default in most desktopManager).
|
|
||||||
# services.xserver.libinput.enable = true;
|
|
||||||
|
|
||||||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
|
||||||
# users.users.jane = {
|
|
||||||
# isNormalUser = true;
|
|
||||||
# extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
|
||||||
# };
|
|
||||||
|
|
||||||
# List packages installed in system profile. To search, run:
|
# List packages installed in system profile. To search, run:
|
||||||
# $ nix search wget
|
# $ nix search wget
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
@ -76,18 +48,8 @@
|
||||||
wget
|
wget
|
||||||
];
|
];
|
||||||
|
|
||||||
# Some programs need SUID wrappers, can be configured further or are
|
|
||||||
# started in user sessions.
|
|
||||||
# programs.mtr.enable = true;
|
|
||||||
# programs.gnupg.agent = {
|
|
||||||
# enable = true;
|
|
||||||
# enableSSHSupport = true;
|
|
||||||
# };
|
|
||||||
|
|
||||||
# List services that you want to enable:
|
|
||||||
|
|
||||||
# Open ports in the firewall.
|
# Open ports in the firewall.
|
||||||
networking.firewall.allowedTCPPorts = [ 22 ];
|
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||||
# Or disable the firewall altogether.
|
# Or disable the firewall altogether.
|
||||||
# networking.firewall.enable = false;
|
# networking.firewall.enable = false;
|
||||||
|
@ -98,6 +60,6 @@
|
||||||
# this value at the release version of the first install of this system.
|
# this value at the release version of the first install of this system.
|
||||||
# Before changing this value read the documentation for this option
|
# Before changing this value read the documentation for this option
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
system.stateVersion = "21.05"; # Did you read the comment?
|
system.stateVersion = "22.11"; # Did you read the comment?
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -9,5 +9,8 @@ in
|
||||||
./configuration.nix
|
./configuration.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
config = {
|
||||||
|
boot.plymouth.enable = lib.mkForce false;
|
||||||
pub-solar.nextcloud.enable = lib.mkForce false;
|
pub-solar.nextcloud.enable = lib.mkForce false;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,22 +4,58 @@
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports =
|
||||||
"${fetchTarball {
|
[
|
||||||
url = "https://github.com/NixOS/nixos-hardware/archive/8f1bf828d8606fe38a02df312cf14546ae200a72.tar.gz";
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
sha256 = "11milap153g3f63fcrcv4777vd64f7wlfkk9p3kpxi6dqd2sxvh4";
|
|
||||||
}
|
|
||||||
}/raspberry-pi/4"
|
|
||||||
];
|
];
|
||||||
|
|
||||||
fileSystems = {
|
boot.initrd.availableKernelModules = [ "xhci_pci" "uas" ];
|
||||||
"/" = {
|
boot.initrd.kernelModules = [ ];
|
||||||
device = "/dev/disk/by-label/NIXOS_SD";
|
boot.kernelModules = [ ];
|
||||||
fsType = "ext4";
|
boot.extraModulePackages = [ ];
|
||||||
options = [ "noatime" ];
|
boot.initrd.supportedFilesystems = [ "zfs" ];
|
||||||
|
boot.supportedFilesystems = [ "zfs" ];
|
||||||
|
|
||||||
|
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_5_18;
|
||||||
|
|
||||||
|
boot.initrd.luks.devices = {
|
||||||
|
cryptroot = {
|
||||||
|
device = "/dev/disk/by-uuid/ef5804e2-2b07-4434-8144-6ae7d9f615e2";
|
||||||
|
keyFile = "/dev/disk/by-id/usb-SanDisk_Cruzer_Blade_04020116120721075123-0:0-part1";
|
||||||
|
bypassWorkqueues = true;
|
||||||
|
fallbackToPassword = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Enable GPU acceleration
|
fileSystems."/" =
|
||||||
#hardware.raspberry-pi."4".fkms-3d.enable = true;
|
{
|
||||||
|
device = "zroot/root";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/2F05-9B4A";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/var/lib/rancher/k3s/storage" =
|
||||||
|
{
|
||||||
|
device = "zroot/kubernetes-localstorage";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices =
|
||||||
|
[{ device = "/dev/disk/by-uuid/ddad2310-57b5-4851-a7bd-280d7182bcec"; }];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.interfaces.eth0.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
|
||||||
|
networking.hostId = "71f2d82a";
|
||||||
|
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||||
}
|
}
|
||||||
|
|
53
hosts/giggles/home-controller.nix
Normal file
53
hosts/giggles/home-controller.nix
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
{ self, config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
config = {
|
||||||
|
age.secrets.home_controller_k3s_token.file = "${self}/secrets/home_controller_k3s_server_token.age";
|
||||||
|
age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_giggles_wireguard_key.age";
|
||||||
|
|
||||||
|
pub-solar.home-controller = {
|
||||||
|
enable = true;
|
||||||
|
role = "server";
|
||||||
|
ownIp = "10.0.1.11";
|
||||||
|
|
||||||
|
k3s = {
|
||||||
|
enableLocalStorage = true;
|
||||||
|
enableZfs = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
wireguard = {
|
||||||
|
privateKeyFile = "/run/agenix/home_controller_wireguard";
|
||||||
|
peers = [
|
||||||
|
{
|
||||||
|
# cube
|
||||||
|
publicKey = "UVzVK5FwXW/AGNVipudUDT43NgCiNpsunzkzjpTvVnk=";
|
||||||
|
allowedIPs = [ "10.0.1.5/32" ];
|
||||||
|
endpoint = "data.gssws.de:51899";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# cox
|
||||||
|
publicKey = "VogQYYYNdXLhPKY9/P2WAn6gfEX9ojN3VD+DKx4gl0k=";
|
||||||
|
allowedIPs = [ "10.0.1.12/32" ];
|
||||||
|
endpoint = "cox.local:51899";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# companion
|
||||||
|
publicKey = "7EUcSUckw/eLiWFHD+AzfcoKWstjr+cL70SupOJ6zC0=";
|
||||||
|
allowedIPs = [ "10.0.1.13/32" ];
|
||||||
|
endpoint = "companion.local:51899";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# ringo
|
||||||
|
publicKey = "n4fGufXDjHitgS2HqVjKRdSNw+co1rYEV1Sw+sCCVzw=";
|
||||||
|
allowedIPs = [ "10.0.1.21/32" ];
|
||||||
|
endpoint = "ringo.local:51899";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -13,6 +13,7 @@
|
||||||
|
|
||||||
# Set your time zone.
|
# Set your time zone.
|
||||||
time.timeZone = "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
|
time.hardwareClockInLocalTime = true; # easiest quirk for windows time offset feature
|
||||||
|
|
||||||
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
||||||
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
||||||
|
@ -26,6 +27,8 @@
|
||||||
};
|
};
|
||||||
networking.networkmanager.enable = lib.mkForce false;
|
networking.networkmanager.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
nixpkgs.config.allowUnsupportedSystem = true;
|
||||||
|
|
||||||
# List services that you want to enable:
|
# List services that you want to enable:
|
||||||
|
|
||||||
# Open ports in the firewall.
|
# Open ports in the firewall.
|
||||||
|
|
|
@ -21,16 +21,27 @@
|
||||||
bypassWorkqueues = true;
|
bypassWorkqueues = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.loader.grub.mirroredBoots = [
|
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||||
{
|
boot.loader.efi = {
|
||||||
devices = [ "/dev/disk/by-uuid/4B4A-B1B4" ];
|
canTouchEfiVariables = true;
|
||||||
path = "/boot";
|
efiSysMountPoint = "/boot";
|
||||||
|
};
|
||||||
|
boot.loader.grub = {
|
||||||
|
efiSupport = true;
|
||||||
|
enable = true;
|
||||||
|
extraEntries = ''
|
||||||
|
menuentry "Windows" {
|
||||||
|
insmod part_gpt
|
||||||
|
insmod fat
|
||||||
|
insmod search_fs_uuid
|
||||||
|
insmod chain
|
||||||
|
search --fs-uuid --set=root 02DB-F12C
|
||||||
|
chainloader /efi/Microsoft/Boot/bootmgfw.efi
|
||||||
}
|
}
|
||||||
{
|
'';
|
||||||
devices = [ "/dev/disk/by-uuid/4B2C-385A" ];
|
devices = [ "nodev" ];
|
||||||
path = "/boot2";
|
};
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
fileSystems = {
|
fileSystems = {
|
||||||
"/" =
|
"/" =
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
with lib;
|
with lib;
|
||||||
|
with pkgs;
|
||||||
let
|
let
|
||||||
psCfg = config.pub-solar;
|
psCfg = config.pub-solar;
|
||||||
in
|
in
|
||||||
|
@ -9,8 +10,12 @@ in
|
||||||
];
|
];
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
|
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||||
|
|
||||||
home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable {
|
home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable {
|
||||||
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
|
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.teamviewer.enable = true;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,6 +11,8 @@
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||||
|
|
||||||
# Use the GRUB 2 boot loader.
|
# Use the GRUB 2 boot loader.
|
||||||
boot.loader.grub.enable = true;
|
boot.loader.grub.enable = true;
|
||||||
boot.loader.grub.version = 2;
|
boot.loader.grub.version = 2;
|
||||||
|
|
|
@ -7,21 +7,14 @@
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
[
|
[
|
||||||
# Include the results of the hardware scan.
|
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
./home-controller.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
# Use the systemd-boot EFI boot loader.
|
# Use the systemd-boot EFI boot loader.
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
boot.initrd.luks.devices."cryptroot" = {
|
|
||||||
device = "/dev/disk/by-uuid/bd1ebf98-adc1-4868-842f-3d2c6ee04e13";
|
|
||||||
keyFile = "/dev/disk/by-partuuid/9ff6ebf7-01";
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.hostName = "ringo"; # Define your hostname.
|
|
||||||
|
|
||||||
# Set your time zone.
|
# Set your time zone.
|
||||||
time.timeZone = "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
|
@ -29,16 +22,7 @@
|
||||||
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
||||||
# replicates the default behaviour.
|
# replicates the default behaviour.
|
||||||
networking.useDHCP = false;
|
networking.useDHCP = false;
|
||||||
networking.interfaces.enp0s25 = {
|
networking.interfaces.enp0s25.useDHCP = true;
|
||||||
ipv4.addresses = [{
|
|
||||||
address = "10.9.0.2";
|
|
||||||
prefixLength = 24;
|
|
||||||
}];
|
|
||||||
wakeOnLan = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
networking.interfaces.wlp3s0.useDHCP = true;
|
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
# settings for stateful data, like file locations and database versions
|
# settings for stateful data, like file locations and database versions
|
||||||
|
|
|
@ -26,7 +26,7 @@
|
||||||
|
|
||||||
fileSystems."/boot" =
|
fileSystems."/boot" =
|
||||||
{
|
{
|
||||||
device = "/dev/disk/by-uuid/9D1D-EE08";
|
device = "/dev/disk/by-uuid/47ED-2F0B";
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
43
hosts/ringo/home-controller.nix
Normal file
43
hosts/ringo/home-controller.nix
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
{ self, config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
config = {
|
||||||
|
age.secrets.home_controller_k3s_token.file = "${self}/secrets/home_controller_k3s_server_token.age";
|
||||||
|
age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_ringo_wireguard_key.age";
|
||||||
|
|
||||||
|
pub-solar.home-controller = {
|
||||||
|
enable = true;
|
||||||
|
role = "agent";
|
||||||
|
ownIp = "10.0.1.21";
|
||||||
|
|
||||||
|
k3s = {
|
||||||
|
serverAddr = "https://api.kube:6443";
|
||||||
|
tokenFile = "/run/agenix/home_controller_k3s_token";
|
||||||
|
};
|
||||||
|
|
||||||
|
wireguard = {
|
||||||
|
privateKeyFile = "/run/agenix/home_controller_wireguard";
|
||||||
|
peers = [
|
||||||
|
{
|
||||||
|
# giggles
|
||||||
|
publicKey = "i5kiTSPGR2jrdHl+s/S6D0YWb+xkbPudczG2RWmWwCg=";
|
||||||
|
allowedIPs = [ "10.0.1.11/32" ];
|
||||||
|
endpoint = "giggles.local:51899";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# cox
|
||||||
|
publicKey = "VogQYYYNdXLhPKY9/P2WAn6gfEX9ojN3VD+DKx4gl0k=";
|
||||||
|
allowedIPs = [ "10.0.1.12/32" ];
|
||||||
|
endpoint = "cox.local:51899";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# companion
|
||||||
|
publicKey = "7EUcSUckw/eLiWFHD+AzfcoKWstjr+cL70SupOJ6zC0=";
|
||||||
|
allowedIPs = [ "10.0.1.13/32" ];
|
||||||
|
endpoint = "companion.local:51899";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
20
secrets/cube_nextcloud_admin_pass.age
Normal file
20
secrets/cube_nextcloud_admin_pass.age
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 hPyiJw wG1VH/Rd8D9VhI2nUdKN8ev8GmDTmByYojrAGXiVQ0c
|
||||||
|
Ce5LdJLYhXZxozhrFZOCCcG6DvDlzcwHUp7rsAAYMb4
|
||||||
|
-> ssh-ed25519 YFSOsg KWrIirfADk9OlVVF/SvnyE4P4JWorWhcShIWMLaYezg
|
||||||
|
kjNaCLQRKwrLKWT6H6mygsawWXas1alwf/rPbpgnIbE
|
||||||
|
-> ssh-rsa 42S2Dw
|
||||||
|
GlF0Iwkmi2IukEP4aghJLQP4QUv8Lt2qPBsysz/NIfPxtxuVgnphqmbtZ3ylKURL
|
||||||
|
iWQbDwvNG3DBQMgbFUTtLpp48yZ++ZWfVCLJxylifoo8Fk1/edOieiQxmKySFIiS
|
||||||
|
RBDjal+JFIAMQVa4i9zTJ2HolgFGioq7fsQgimjhhcTpbPWF0YgbeFlD/Bx3Uc3D
|
||||||
|
QXHkPGTWWJr8nmsBLW0erQKuT+2pTy3Yo00BmYYfaHhRSWPxaRiUvlQzqwfEJGZy
|
||||||
|
N8CWyU8JqacMQfFfMVYYNR8qHGv5p5nu9FtJPQFWz79TB0j0OaowW8VuhP70UVI1
|
||||||
|
QvZLDCv1JN4fd9TqDqgcnA
|
||||||
|
-> ssh-ed25519 iHV63A b0w5AmQtO1FWnySOYDh3JIWkiFM05WNz9M4H67GVZEM
|
||||||
|
suTrfziEta0t9iGJxx+tcvi6BzQS1NJxPmCnPBx5ViU
|
||||||
|
-> ssh-ed25519 uTVbSg rMwuqUqpr40KdbuOZnhi9Bya/Ql2F8HfZdAQvcw3JUY
|
||||||
|
vVF6J8lzQNXnHgzEMzwkcrOGSExKJmPBmuxDklQ7TGA
|
||||||
|
-> ?<GZ,~j-grease
|
||||||
|
jdlD7DImSTrtgtmVJVA+M0g9TNqUI7SSRIlpfGB8KL78WuSIvQWv2z0lpzot
|
||||||
|
--- 4h3KwWAMcJYCF/K/JGPS3cNpCbSDTC8mTerADBFy2to
|
||||||
|
æ½íÓ¤¾øë—L¸×(7ŸÉ„pÉOsTÏI³pJí2ÑkS[Ö¥/–æþ@¶pyºí-¾{øFÚ0Žõ‹“¶ÏѲ±%Ëà}º^<5E>‚Ô
|
21
secrets/cube_nextcloud_db_pass.age
Normal file
21
secrets/cube_nextcloud_db_pass.age
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 hPyiJw 4cMG8rywMIHkCJO0vbcnD46xPHZKTbUFi/bKKPLJW0c
|
||||||
|
aOmQ7lws7MIDNE7xejtcomQAtRuXjHd+VSGGy805cUk
|
||||||
|
-> ssh-ed25519 YFSOsg UnTniCyloz+bfIlKsgGvQflAOCIwdNBuKIM64ZZ7fSI
|
||||||
|
/Q6KAn80cNs38LgOxZhg9tXmAtJJKw5VpN9lfPqNuhc
|
||||||
|
-> ssh-rsa 42S2Dw
|
||||||
|
FoosAbMAGlculUJOkL+9U2Wajf80dgUY+Acd2MQDbeSR/A/hE+NOv3JtH2Sx9weD
|
||||||
|
ww2n/K5uKQhFKrTVIRn5Bp1qYnay2FIn6lz0zu1I2tqmGFCMiR+RhTnrcxFztNjQ
|
||||||
|
dYbs4F9mvCDmyn9tShTzqAxnClWCdOHkrXBuCMAg08tp5cjAPqaSMdE0wFn5Jvhg
|
||||||
|
DY5nHJWlxbZcGEhJSW2mxKb+HP4ecZ5FY0Uf4qYn/FTcKm7K80Pojg/e72XV7sq9
|
||||||
|
04dPKpa162G53BKQXCmv55L6D81YepydA0wAoeTXXfC1E+DxeWfHrsmF80qdEnBg
|
||||||
|
ZpPIRWdSBs61zqp4XavsSw
|
||||||
|
-> ssh-ed25519 iHV63A mumH3Brpcqa3t8Q495yyV9vn8AKalaf2WchgmsirN2Q
|
||||||
|
fk5iQUYBlUiq+8Nblb5H9mhJarPONiyuOG3ioknlbzk
|
||||||
|
-> ssh-ed25519 uTVbSg O5xBbchEqAsFJtU4kCZo4gqpByHNAnZO0Ik7p5fwFAM
|
||||||
|
e+adn+gDYIF2BW0N1zoHZj+/mciN60rVcCPs9OplLsE
|
||||||
|
-> ,-grease M6FrPQz + B{
|
||||||
|
QAdvJryfCY0NJ0XU5sC9D5J2KnHIxCcjBi7iFlehcB56qrdQbSPsL+ysZVqTzfQx
|
||||||
|
QjDs0lXBKqL2f0g0cWiM9Q
|
||||||
|
--- Vl5VtidJZtEk19VojwdWLaGJGsIRkvwRTjW0mdnTqiM
|
||||||
|
¾ÕT_Á‰åŸŽ%<25>Õ2ò³yÍŒWÄK¿õ²hc¤<63>eThÚ<68>ÁçX‰ºš$™õ¶å×TR9;æ$
|
20
secrets/home_controller_companion_wireguard_key.age
Normal file
20
secrets/home_controller_companion_wireguard_key.age
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 hPyiJw tQeQac/fLw4UXYx/SXj46HPeG6oPKY4U8IJJI89Fv3c
|
||||||
|
rB6bWP8ba0kAA9qwcq81rTDgmerGORN4jAE5Usrz1tY
|
||||||
|
-> ssh-ed25519 YFSOsg W1SJl0W8oRo5ApD+40puyRae+MDhsxd6Miv6vHaeXn4
|
||||||
|
Z1xqbXD5r0Lo9XvouS967LxnxEX9arLhylZJnFLG0aM
|
||||||
|
-> ssh-rsa 42S2Dw
|
||||||
|
t48CWYrVFfH1x59IYXJtfkeONo1QPnqN6VMwVzMh0c0Vm5U2OFfAml+/6Kit4QWI
|
||||||
|
u7PASBpg+GRsQmoWC9hFJsCDiikg5NIhyBO4feSS+4Cus+8Xr9cSPjYg5EKsgoOd
|
||||||
|
+HpTrPhiNG1Wy2pE4kkxSsS5pKOcdIezU+DfqookoXALLneUIUEsaHYCmdOLwE21
|
||||||
|
yRzWxiXavQKnvabxnqISYeBK+aHNGtd8hczhnoM8oR7qTaNQwfuQoVa8te0MLTIK
|
||||||
|
EXIuev6vESPFtdo3gGJUSbmlXY9hH0tumFFgug185oJwkp745rWKM4QlFEB5fNGR
|
||||||
|
LE54GOkv9sF3+Wij/ELHAA
|
||||||
|
-> ssh-ed25519 iHV63A OOf5Cx0vckL1ve6WOzL0IAhIKasXAjodubuyKbWKv1Q
|
||||||
|
1av0Vqos3YsycBFpncCvP69RunBwCQ4oSextLvR9P+Y
|
||||||
|
-> ssh-ed25519 t1M4HQ j2B7jugQZy124AM5f0JK+id4W2TN6n4C0c/HUNFfLU8
|
||||||
|
BJr18XJI/XzFgH32nXKZb5SdBbU8raRCKL6PWgad5cs
|
||||||
|
-> QwO-grease *8]/h/ 7|S
|
||||||
|
LM23rOF57rKeWQ
|
||||||
|
--- 7xz9ru8cIHt3zksF696olmLR+vEkwDfVv0tl2stfNhM
|
||||||
|
ž´e
T|,7kZ5:AdžNê<IU™èÙo«
’vÉ°ëN‡»+w„Ho<48>âö°éÄ#NŒg©(du)̱-Sð° 4è?`Þz
|
20
secrets/home_controller_cox_wireguard_key.age
Normal file
20
secrets/home_controller_cox_wireguard_key.age
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 hPyiJw ZGGRZr/HOQSZ1zREl5pqPE0sftSc0CLVHiKBrJ3X938
|
||||||
|
cO/aAeVwrQp5OSAl6JTnIPfhEJmG/1rnbJAtoplTESE
|
||||||
|
-> ssh-ed25519 YFSOsg G/XSLzhX7SSsOZNWnpdLJ+m6NXyL6F/itN76CfJZzkk
|
||||||
|
sNfdi78MFpBcoAh1xPpcvWYkTWQQ2fIL6i1myHdun/U
|
||||||
|
-> ssh-rsa 42S2Dw
|
||||||
|
RuHlOwIJJhJffpJEcIpUEOX8czKVY8c+bvae1XrCSNplNV1f3CHl/WSdKfhOCC//
|
||||||
|
u1qOEiidsDxWphJu3IHjiLgTCmlnwwaISZ2bnEOkTSDNPphARrEA7JfrSyQOlZJB
|
||||||
|
Mu1qhSi5u4uGVi4Mk7TuLxCHRnjDUjDLVh96kbjiwrnAAtI/0fK64ci8rx9P1GzD
|
||||||
|
aZR1to8+uWFx3sTtr3JUA5I+azQdYb37p5ehlCrvVybcze/16oCkreSDuW88HdoD
|
||||||
|
yIXrX3tlnjJJou7LGR/s8o74ookFMT89rlkf8DXMhkPpmiUWYxCyJZ1oS6twtee2
|
||||||
|
Gwo4twB5KIHTCmryJsZ5mA
|
||||||
|
-> ssh-ed25519 iHV63A Jun3KRgZaEfE0RmefSaa8WLdMoVLhQGH0kwK9IORaSk
|
||||||
|
IlMxqMUjdhKOciC3/KTQWIBctjyW3dVHKJpWLfVT+NI
|
||||||
|
-> ssh-ed25519 w1vtTQ 0iNKMsnq32OTGYhQNz75FszXV8ePAWTPXTSra0s/WAw
|
||||||
|
4eecaT/DX9CowOod+NRva3PiSbrgmjPerTGceN+u3mg
|
||||||
|
-> @I^"ao-grease L#%xN`Bb 6l.LN ,
|
||||||
|
h77R6GmXSVnEblcP1Kxuf7kCy8DnMtAF
|
||||||
|
--- RvWj6AeYYIavoCseUazZH1lw0LFUm0mB9Ww9HeyVRio
|
||||||
|
9Aêð7oMÐqÖ#^ÍŽ3@"£Ësõõ‚‚(/Õ<>„¡-{¯ô¯§Óº„¨™[/1AY‰:¦ÉìLZ0<5A>¹üuÄE'¡ákÔVƒ/à
|
20
secrets/home_controller_cube_wireguard_key.age
Normal file
20
secrets/home_controller_cube_wireguard_key.age
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 hPyiJw V5crsXjhEfj2BKe5uEjccio8m1hzjvZ1u3DU16SdmVs
|
||||||
|
gxC6r8tzwj3l7SW6kn4TXinZV2ZNgKpWsiKGn56CZgE
|
||||||
|
-> ssh-ed25519 YFSOsg Q1tpXI8ilmFt3JGx5ad8SCtZRbrbR8DgGNiu7vXQ7x4
|
||||||
|
geB/YeAwQqJuLG0pf27W2FhuXm9SS2RRoqe2UaV2U4o
|
||||||
|
-> ssh-rsa 42S2Dw
|
||||||
|
KWliiGsVgLgkkY1DkKNsNtBUzfKSX820nJfLLOMBgFcil78IJz+Sw5Ns6NFLR7Xe
|
||||||
|
+o+HsUxcnLOXhDYMImR9SALYL6TwLdqp1C+LAQ8HXri35IyERU2uqMXdkzYREn4f
|
||||||
|
4c4JlCbtCy6F+8nFy0OkK/VtV/yoBpnDMtjDk9wdHYBouSGX91/8QwNUu1L0m0V1
|
||||||
|
dvYVjk/tCPDsk3TYGFAR7lG328jt3khqVAV+rcvwwTPzD+jBCkbyGCFQ5N3xZBGI
|
||||||
|
Wa3xMB+P9ojv4XAfde0eK+6N0uPvoMvnmPGguJTXiaCEgw8K/ILV6PuhkSyo4Wea
|
||||||
|
EytCf4k42l7wjwG4LWFWZA
|
||||||
|
-> ssh-ed25519 iHV63A o/IPrEtX8l4ZWCcC/yJWGRUAPDPX7vMJKBvm7ngWRjE
|
||||||
|
YoXHRtVmNXlxJ4uJqs7jNW/2pBnjMroj1AlLiERLQGk
|
||||||
|
-> ssh-ed25519 uTVbSg WF+8m47L2GWewOEK36k3g+Ozv1JC20cfswQ0ksbhhzs
|
||||||
|
w5qbtYBfnrKOB4/ZTiD8Qsd42NibKcgbL9AYQKx9bnM
|
||||||
|
-> y-grease y>]"'a W "
|
||||||
|
w265AhhbaGNvdOMRX4xs+w
|
||||||
|
--- /proerdf6QHIKGNWA0vTE+ZPNuvbJBGhpMEt0DscFgQ
|
||||||
|
™m±çd¾]©ÙˆËÔG±<0F>(n˜ïÁ¨hø¹»Å‚LARR¯ä°ÎëjMÞUVÈ<56>%ÈMÐ^þ©oЋJ<E280B9>êQîÿD<C3BF>›nÁŒ
|
20
secrets/home_controller_giggles_wireguard_key.age
Normal file
20
secrets/home_controller_giggles_wireguard_key.age
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 hPyiJw gEHEUHodm0u6YauWsDFycNYfBlNEncGz6cGiFVbMSQw
|
||||||
|
eb/YlV8CeU2GZaoREi8n4CB6O+bltLjwARBh1SvPHuU
|
||||||
|
-> ssh-ed25519 YFSOsg oObR84uRNYEhcbdILnSni61pMzaNQcbMSV8CMdUFCVs
|
||||||
|
hZeKavP58fmaxjpZwHDSNf2QnUqn5GqeSx/MVbWM8w0
|
||||||
|
-> ssh-rsa 42S2Dw
|
||||||
|
W/0mcDisoN/RoEshQ0gDmmYZTfSG3BRAq/PsXT9Xt0mahAqZumfdysT9T2Wkso5O
|
||||||
|
2SKVvJvP2YAGNs+d/+lnn5/I8f7qlx6K0oQ1e72Y9ZNmoxgZmL3h2jBR3x+GfgG8
|
||||||
|
Qp57nfvoF4js2JyC2MSUm3CjOppxDN/BM2v5qOTuPB5/K3bPOP1iBdENH71f9d64
|
||||||
|
PK/7HZA1BTtn4jOWYQ52BZIcOjiA9JoVO6HFvB7d5UobasbbXDhO6ZgZ3aWdsDE4
|
||||||
|
/0S099FWbvzTk8aITl5qSphQy0Pgp+yeTobx1Hn/b6vokoNIwaMZniOVd1mS0CuU
|
||||||
|
DL8SGpuQUeOl+27sstHfUw
|
||||||
|
-> ssh-ed25519 iHV63A 34vhrBbCb4J5xzjoa9o4hWokszJER12Pfd/s8RGxfg4
|
||||||
|
2p8SUyhXdks06NJPZMkbKcdsn+YB3+/Ksaipc72mBvg
|
||||||
|
-> ssh-ed25519 AsPNJg bAYRIQICTPeVri4/qkBBedxmm08TNoBMseEauYtTkX8
|
||||||
|
ZeNmjU+oG4qYSMREtv7QdbRLf3SAmdHnX63eiHjvcOU
|
||||||
|
-> J._|'iH-grease VaQ1S' W7^S -r HJ'
|
||||||
|
KbnGq5EUW0HcQ4v7n8Gh/4R/Y55bXYOuSPNt2jXTbog
|
||||||
|
--- Bk+tEcikn4Gd90ou6llBA1nYq+mRGdfB1TaJvIOYEaw
|
||||||
|
›’×ÎML—ã7|–2žÌF'ZžoàÁZ<C381>{ÿ¯?°J,—®âµ×ÜžmíÈñ\G´†RœaaÁ<61>\tñùäŠ<Àìâë5<C3AB><35>Ú
|
31
secrets/home_controller_k3s_server_token.age
Normal file
31
secrets/home_controller_k3s_server_token.age
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 hPyiJw B7i7cir4NIqIxeuwN7lBZiHLaLDNwSD5ZJLs0iYidDo
|
||||||
|
fmj7NzNi4DT805TlhjtyMXa1dcu7rGVIllQG4ALtJdo
|
||||||
|
-> ssh-ed25519 YFSOsg SpldcBYdyAYW4W+U4JrgkcA8Y5+YnPjW78OISjviDz8
|
||||||
|
Czi1SkmtvFmko+fP2hdCanpWJKpo/KndE/MI8BcJVxQ
|
||||||
|
-> ssh-rsa 42S2Dw
|
||||||
|
EvIS2maHrEa4Qyhrp3TJ/LULJkdCixIEcvI2HS9SUhVRIJS6jpY/Z+pW+XZqxEgk
|
||||||
|
P7sp1CjRsjRZ4RZsgBUsgdO4mRnUtSkrTTLzrS84d3QG1QfjQphtF/BSt2+8t1nw
|
||||||
|
S/XVZWu/LyFb8Z3TbhVkf3vx7ujIBwjdFj+LiUmEYwB4o57MWKH9aCcvyMLZF4Ne
|
||||||
|
AltRXfkGkEVt7Yn0iKwb8yHaqMPa5CjfjDP9ybLp/my08/pZEQTVduKe/Q6p09DM
|
||||||
|
8gEF1uVM+3BxXf7yAvt8fW80Hgm21VnYUq0h6exDZaaf0wLPOh0kRnN1MDqK2tjO
|
||||||
|
uxre1sro1ZQx5CPCXD4ICQ
|
||||||
|
-> ssh-ed25519 iHV63A Toc315/VlOneCwbLzcp2fDqHZSMDNtSprquR3BOVfAg
|
||||||
|
ZeEZEdla/o/sAa7Tbh4NY5qqrNkWfHqpbvUokSofC5A
|
||||||
|
-> ssh-ed25519 AsPNJg ui5FmbBKlKQ69R38yqlFURrMBTX1n7ysQP7mBo9SSRQ
|
||||||
|
c7dp6ewRp/5rHThk/oGcaaCxNwmBWTcfVSK4IrHJh2M
|
||||||
|
-> ssh-ed25519 w1vtTQ 7ToJvl/p9DzxX0v/b7nNOIfdgyb85Ja6862Tw2HLLyo
|
||||||
|
PkEaeBdx60i9mX6t5Ue5PeabY4COffefCSt65H5hRxU
|
||||||
|
-> ssh-ed25519 t1M4HQ 14NmP2HdhTouv66lkTKPEKh7HANgEUIek8FA8wAntSU
|
||||||
|
ZZ+Mc8m/Pb16Vbxc9bOZtXJ+0ZXv/YiV30LiKra55cM
|
||||||
|
-> ssh-ed25519 uTVbSg 1151u2eVy3izoghgXS1zPukpbSiZo6Mc+JTtCNqrqxE
|
||||||
|
5NGufz7+RjYTy4gUfAHjV/g8VdF5FxPcB3GUzafotn8
|
||||||
|
-> ssh-ed25519 4eCLig NAsWZu3MFuCEgi/Fm+2kB04A8ZckvTP5ueLjB2NKZDg
|
||||||
|
5DKhLww7UKvOxPveJTtuc7jGk/9cypM9UadP1A8C6Ko
|
||||||
|
-> t-grease > 8z4 `,R~f.lb
|
||||||
|
K0DjBt5R459zTRkIA58mcIYl+Na5m+1SIXbezHjWZy2q1cIX8L331Du4SE6/UCCR
|
||||||
|
e3Q
|
||||||
|
--- ZjP/FefBuH6f+bEQpgqeiL3Uj+f9AbSCVRQni7pYyjQ
|
||||||
|
6{…Ï{;‘5%·n@~óNóÖn!EÏ·A&âí¯`v‰¶-ÃË5©Æ{œîžïP
|
||||||
|
Í8'ém7p‡â1 bàn¾¬#ö0"çí=~àÉê"—¶Ã}ç@Ô89eB Á°
|
||||||
|
/¹*´ìUo<”šî.£ñEå)t2fX¶o9FüQG)çÞù
|
21
secrets/home_controller_ringo_wireguard_key.age
Normal file
21
secrets/home_controller_ringo_wireguard_key.age
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 hPyiJw zHWVBLJi1r1M3C/3Xf1rCOOXhjihjYuF4f0ZsRo4dWI
|
||||||
|
sB14DJ0gjz2Z9+oJG/RBAl5GJ31NOjUJmpSvKwmkEVU
|
||||||
|
-> ssh-ed25519 YFSOsg RHtbqm+jWVTkXqyTWRblggdgfbp2OOJmCqieDhI4+HI
|
||||||
|
0lc7kKOQL3Abo8UyjXfRHvDcq+dOvPe0q7izfycZkj8
|
||||||
|
-> ssh-rsa 42S2Dw
|
||||||
|
QnOc7ZIigTURoIjglNY64KzZh8QbhE2TbioIP88F9OztV/1umy5hniBNYrE3grd2
|
||||||
|
+nQSdBEHsHKgyElC3VvdKQ9RvzrbrDHnNt4oBgmH70KfAQzH1wehOvofcNMlu0+B
|
||||||
|
0ddUjo9BEf5VtxKY4fdUFLoROBv/rIMCuCR69NE4KfS/Cl7I+saWUOzoRVcZKsBc
|
||||||
|
XmYYCTDezlVOT0dtoRDJT0PBimXQZ+3D9Fj7VKUOobggUiQBOH7irvpKy/JFG6+0
|
||||||
|
C5CRDZKPp4XOKfz/XAqIxbkyzxF6ZRpmXz+QJhHXTCJfWdRMfUl45YO5r/fX6ybV
|
||||||
|
vqZnYo4ytlZtIaoe0ipFJQ
|
||||||
|
-> ssh-ed25519 iHV63A WkP5FVc9iS9OEQMr2E+ewVvBS1ppHnuCWqGTvdvBY38
|
||||||
|
kxdQm6sXkGlFId0KEoMqcbyXII5G1En0g9I6WObwNpk
|
||||||
|
-> ssh-ed25519 4eCLig /lrGyo78vdS92cFFs3aS8R/BcM+QDLspab0ftIZU9WE
|
||||||
|
+rvfUcml+WEDzZ9B6WbSvfwh+ceHygGIvHsw4UME94k
|
||||||
|
-> u\-grease JD#pg \__| M\j|M
|
||||||
|
9RN98je/hB0
|
||||||
|
--- JoemHAPRRKWcsEMIOEU1Cq8AyPFTtz3qYqCgyeonyrs
|
||||||
|
|
||||||
|
"©´S¹ÐnqRÈvKRËUsF+“ÓE„ôë³}•Ý»^)ªxôx\_´S'ÔÍ Ð/í¶2ô•àbxùÃ]Srôõ‡„Ø„çï ÙñØÈ
|
|
@ -1,9 +1,33 @@
|
||||||
let
|
let
|
||||||
# set ssh public keys here for your system and user
|
# set ssh public keys here for your system and user
|
||||||
system = "";
|
user_hensoko_nitrokey_1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/58A18EtxnLYHu63c/+AyTSkJQSso/VVdHUFGp1CTk cardno:FFFE34353135";
|
||||||
user = "";
|
|
||||||
allKeys = [ system user ];
|
user_hensoko_harrison = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb hensoko@harrison";
|
||||||
|
user_hensoko_norman_1 = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+euxPp6bHXw61UeUqTGHH8Ub2L+Sy1iteupv/AGudgoVNp2GebqJy1cxQ74mgnL8eWMlaA9jZlKQ1xFFhgtolCsoAKTE9AE8X0egvmEM18fEUR3EWWchmX4MXUhUiOtwitkl4+EpSsp5rh/kIxcpQFz1dpBibroq6jDLKlrVou+2LppR8nMfFT2sqg3694Ltxz4CWMdAfitLax05ckKMAnzz+TgpXK5OyfQSBvl18Qu1SWITYa6AVNXQ7/ovWBDIUfg25GWouzWqkSUpLdCVIcXPe2X7g6X1QsHXnnhaMAhvYH54GZ4wU2kBwIJ6KvplfZdbJ09KAltPVt08evafb hendriksokolowski@hsokolowski-pc";
|
||||||
|
user_hensoko_norman_2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work";
|
||||||
|
|
||||||
|
users = [ user_hensoko_nitrokey_1 user_hensoko_harrison user_hensoko_norman_1 user_hensoko_norman_2 ];
|
||||||
|
|
||||||
|
system_giggles = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKOLyNmSzxVpVQtTWhkH48e03nFDdskE08N4L81MZcLZ root@nixos";
|
||||||
|
system_cox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFNr7q7eAkROtdvTmw96Q5tZu9W4jt31OCjc6L8uM5Uv root@nixos";
|
||||||
|
system_companion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINjIyVeAPsIpUTsB5bPEjmJeRFN8Xp3PD9a/41yPp3HM root@nixos";
|
||||||
|
|
||||||
|
system_cube = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5ok5tIuDKYpIw3KVmUnqBSDJ1QriWQJ04IVLF1Kaig root@nixos";
|
||||||
|
system_ringo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5g8CfSiMxboEJT2U92JoYdnv0nsArBPW/vfTEsUWZO root@nixos";
|
||||||
|
|
||||||
|
systems_home_controller = [ system_giggles system_cox system_companion system_cube system_ringo ];
|
||||||
|
allKeys = users ++ systems_home_controller;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
"secret.age".publicKeys = allKeys;
|
"home_controller_giggles_wireguard_key.age".publicKeys = users ++ [ system_giggles ];
|
||||||
|
"home_controller_cox_wireguard_key.age".publicKeys = users ++ [ system_cox ];
|
||||||
|
"home_controller_companion_wireguard_key.age".publicKeys = users ++ [ system_companion ];
|
||||||
|
|
||||||
|
"home_controller_cube_wireguard_key.age".publicKeys = users ++ [ system_cube ];
|
||||||
|
"cube_nextcloud_admin_pass.age".publicKeys = users ++ [ system_cube ];
|
||||||
|
"cube_nextcloud_db_pass.age".publicKeys = users ++ [ system_cube ];
|
||||||
|
|
||||||
|
"home_controller_ringo_wireguard_key.age".publicKeys = users ++ [ system_ringo ];
|
||||||
|
|
||||||
|
"home_controller_k3s_server_token.age".publicKeys = users ++ systems_home_controller;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue