pub-solar/os
5
0
Fork 2
Code Issues 4 Pull requests Packages Projects 1 Releases Wiki Activity

Enable terraform infrastructure management for pub.solar

Browse source
This commit is contained in:
Benjamin Bädorf 2023-01-28 22:11:05 +01:00
parent 5ad8c1b30f
commit bd7b864927
No known key found for this signature in database
GPG key ID: 4406E80E13CD656C
6 changed files with 73 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
modules/devops/default.nix
View file

@ -20,7 +20,7 @@ in
ansible-lint ansible-lint
restic restic
shellcheck shellcheck
terraform_0_15 terraform
tea tea
]; ];
}; };

55
secrets/b12f-env-secrets Normal file
View file

@ -0,0 +1,55 @@
age-encryption.org/v1
-> ssh-rsa kFDS0A
A5s6AqsL5vXDpDDaSM8wylfV/ULMuLU0mTkOvSvaI/XtLp1DfH6+hjL1ca5ET+yh
pgaCDlv/ITXOSGDawbK3PTLkVoTEVAIgbFTy2d3yP1o91n77d3dqdFMkflxar7wS
AnbIYOE0hL9q3BBgO3n00AjojeF0hiV9kdyYMNF3je3zcQPML9poP+QWghX4rpH2
W8dRb0LsowtUxREwEZ2i8UDIQ0nM/cwxyxHJ/jcT3VeasXDuXZEpFS/SwJHzFvJT
5Ez/+ByOCaJ8E4ShHX8BOuZasikwI9EuiWHCj/eTJXytmFezCWY3ZI3MHjaUXHhL
j3v3h1PQ2UxQApuhkG40zF6fhAGK7VFNEgAoF68V2eTB3ugm9qT4SiK392v5EnoU
nOKY0PHCCnOgZGOM3Zx1mvZpDdWEpqI5in6bHMWpRjqzTeYwi6P5l/aItqGBm0D5
erxwsLQMJLm9EbcSjFw9VYmwFky4jZOFSN9kSc/GiZM6ThZOVa7Dey4wicbU9YVf
Ye6eiWjsFCPqXhylgRqFd/gf0MNyp7QNIOlbDmLenWVO/QLB9z0ANiQbz9PEMIng
o74CsQeQcfO0hMcggHHMp2LILiNn9S1U429pCEtDGVpojnbtME1n2RMHbHfXpgVM
qCf8bzcjgQrZBZrZ438qXiXObUV2R7yrG8AA4ilmKBw
-> ssh-ed25519 TnSWKQ ZMWSfg5/Xhz58jMDmucQevWJMx9CR/pvGdcxY9nE9Es
n1QCG5p74ScQyFQx6lX2gTU+GLoULlNjjAunp2e6Hjc
-> ssh-rsa 8daibg
aXyfsNZx2LEnm1ij2KJSyukYwxrPPYxc03xdoFMiPj2KMfdOdVcSRYQeyX3mym/Q
mj7SCEZQPmAocvU8KOKphG7+MOvLhgyTdwkf+CBjCiU28pkuDrYjI1j5md9MK4ln
auJ/XUJypBmpEp7eduRluk5Mxc82NjPXrGFARjatKj+d2/9PO+1FGawjj+er2FS9
BpK9op0mLX0/BXl764Luqsh3pG+p5cSjTAqpfXuO1Dzp1Q3EcOCj2x3sT24elGAf
8zOe6yBD+Uo027LAovqUf72Kzg/Fc+YfZbuLp65ybhIY0uF1arg4p+3grzWWBdI0
3howkDSudgA9QBkyMsP0mQ6bwyfpYUKFFWpxwaGaVWY/WUXI5K1J2olSgZc60FvW
BzQj0TTm8XeKo1i8PBV/er1mrJGwvwvb1VWFBYp/w3hDA/du0cFlfsPIX8WuhORX
vRZJQZ5sVHU1qYHBTtwlan5D18AUpMUNZf1XVZb08NMOsez1YSlKHia26CTQurG1
KxSxNIe76DEa3q5sLgRDEIvP4JtfKEdKuzPsUYR148ADZSPxVpWpUaYXedsO+JDt
JYcsOEJxG1uEvEg2S1heTgpJVK0wK3tp5qODUil0ZyIPo7YXG9frMcOXIkEmxZSm
/tzJ0voYzCeCNbrYuv7GsAcPUfXo2zIPJ3b7NkQ01uw
-> ssh-rsa kFDS0A
Au7S8JypcYKfb01y7hh85V84zhM5JMTF2KN2PGV2l+DsSuTqW5HzrzPOK7gXFfTU
Um1tU2SeezORYpbtaCSpNbrkVdOdvcXG+ItJvLIwfAnlsRPNdWYtco18erEiQxkw
DrlSqWb+UFHUhoUyaEj7ub2IzFkYxMIabX2PQL+bRY0b9+Bk5wV8LhWVr0OPl6zv
TSoZUxMts9JsALAK7AIR7hfA9F9qSRgc5ivPnJddVhxb85bZsg2PPfmLbg2flOmY
H8ZH/q7JvZ0D4RVxk3+V1jDDZCYv4eGsqCAqklDPRAnBq7KrDC04XExIXpy/OYhf
GDmGrEFfT24ZOIMOJoRDsyECpTD3E81FuDJyn5+hHmTu0qmy6sWaJteOSqbJ46D8
vPUhYeLB9b4sSvn0v1viUkRcfJZO6J5Ndh2TMg7SoJ3bOC2gK/sKbUi6w00gfjKg
PqdBs+nNaTerKNuEVQnpEwk1jiEbqYAjlcSn40zjXQ84lLXvGVlmoKmV6tAhJsH/
W2zfqSzqFRnYky3pCsFEogaUCeIendpb+oR1rVvbHntIPk2x/rEe1fb5NJ2ipPaI
UE3R5bRdnZbqgVTXp8oQpHGIysDWMOp05hXlV1yi5L1cfa+av0kufWGh9SxzJ0Hb
JHu4gJ3kEDrhSoHaG8+9s0Uhpr6fWNjcK+h3jQELJzI
-> ssh-ed25519 2Ca8Kg 7zqdy50BjjvIGcvmaeM0bkSwivSmrkge7ppnHWPMcwg
XEjHTeULveua7OsuKHnUSDwDaLBSpjfKzOH5MX6oBbA
-> ssh-rsa 2ggJWw
A2jGJC1GKUr5hHb4yeluJwYPuslSMBzmR6LehAyCJ17iTkIyO6Km5tfyq6ee0Q+H
0wcxiXexzyn1QJhTovpbPSe+fBcBWCnhmyfFCxzPk3cq9ip64ngPmAbim0dLP7PC
WUB1B8Ly2nhbT+j5UcZNQt2Q+83SFkqzNIjl+pJbq8Iau3iwWFntbhe0TDqcHsOf
Uw+E8UUSsGinYPcXZXrW5ZWNovVgXgr5KCSdX4QfcH7r5qNQMSjNpeT6kOMPg5Qj
ad3zTwMusbpDZxQdk6LcKZqlHSUBJxE4GKqtbHQ+JnF8DwolBWpjQUSS/Hz4c/de
9YLYYxK0H1IgZpv49alRpexnRuHVUhl1HixJRIpFaNm9tj0ezkt0AK7Y+e5J+x2Y
vyitzuuJezG75hBC3fFQLUosJm8kJ0YtqIfQsu/8OjDnZJhjCq0QijxHZexAF+9X
HBsMvj+XjGwNj045dN0PQzRPeTT2JAZDNIE/piwUdy9HgAAWdZzFONG2lp3fCl8+
-> d-grease "9JT y*PWo L yF
7Ig0w+Lz7Z8us57rZ/h9hZLNL7KQjcfNQt4jPBG2Qg
--- MLI+SiGgDJp5XLYzfpZpXdSgMc9y1+Ufs+NsiVYKp3o
>Ïl¾Ÿ€á,ÞJŽ[Ê”àü}fT{Ñ¥Þµ<a's;$…°Å.À~k®œ‰)˜¡L\Å6"‡…ß«‚ dó$ÿ.ƒ? Y)‰…“úJÅ÷Â)‹¼þ;¥Q—6±„Ów&‡A…?SŸt°^©òzƒG* tÓ«OŠXlˆÁ<14>ˆÍ{ÞI£û¶Ç½­ž²ÓäO±»øûUŒýGuø

2
secrets/secrets.nix
View file

@ -57,4 +57,6 @@ in
"dyndns-droppie.key".publicKeys = droppieKeys; "dyndns-droppie.key".publicKeys = droppieKeys;
"mopidy.conf".publicKeys = allKeys; "mopidy.conf".publicKeys = allKeys;
"b12f-env-secrets".publicKeys = biolimoKeys ++ chocolatebarKeys;
} }

8
users/ben/default.nix
View file

@ -1,4 +1,4 @@
{ config, hmUsers, pkgs, lib, ... }: { self, config, hmUsers, pkgs, lib, ... }:
let let
psCfg = config.pub-solar; psCfg = config.pub-solar;
in in
@ -12,6 +12,12 @@ in
services.yubikey-agent.enable = true; services.yubikey-agent.enable = true;
age.secrets.b12f-env-secrets = {
file = "${self}/secrets/b12f-env-secrets";
mode = "400";
owner = psCfg.user.name;
};
pub-solar = { pub-solar = {
# These are your personal settings # These are your personal settings
# The only required settings are `name` and `password`, # The only required settings are `name` and `password`,

4
users/ben/home.nix
View file

@ -103,6 +103,10 @@ in
xdg.configFile."offlineimap/config".source = ./.config/offlineimap/config; xdg.configFile."offlineimap/config".source = ./.config/offlineimap/config;
xdg.configFile."msmtp/config".source = ./.config/msmtp/config; xdg.configFile."msmtp/config".source = ./.config/msmtp/config;
# xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg; # xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg;
programs.zsh = {
initExtra = import ./zshrc.nix { inherit config; };
};
}; };
age.secrets."mopidy.conf" = { age.secrets."mopidy.conf" = {

4
users/ben/zshrc.nix Normal file
View file

@ -0,0 +1,4 @@
{ config, ... }:
''
source ${config.age.secrets.b12f-env-secrets.path}
''