pub-solar/os
5
0
Fork 2
Code Issues 4 Pull requests Packages Projects 1 Releases Wiki Activity

feat: add nougat-2 to pub.solar/infra branch #251

Closed
b12f wants to merge 3 commits from pub.solar/nougat-2 into infra
pull from: pub.solar/nougat-2
merge into: pub-solar:infra
Conversation 0 Commits 3 Files changed 22 +79 -29
8 changed files with 79 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit fd07ef9a84 - Show all commits

5
flake.nix
View file

@ -188,11 +188,16 @@
path = self.pkgs.x86_64-linux.nixos.deploy-rs.lib.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.barkeeper; path = self.pkgs.x86_64-linux.nixos.deploy-rs.lib.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.barkeeper;
}; };
}; };
nougat-2 = { nougat-2 = {
sshUser = "yule"; sshUser = "yule";
hostname = "nougat-2.b12f.io"; hostname = "nougat-2.b12f.io";
fastConnect = true; fastConnect = true;
profilesOrder = ["system" "direnv"]; profilesOrder = ["system" "direnv"];
profiles.direnv = {
user = "barkeeper";
path = self.pkgs.x86_64-linux.nixos.deploy-rs.lib.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.barkeeper;
};
}; };
#example = { #example = {
# hostname = "example.com:22"; # hostname = "example.com:22";

8
hosts/nougat-2/acme.nix
View file

@ -15,8 +15,8 @@
''}"; ''}";
}; };
in { in {
age.secrets."hosting.de-api.key" = { age.secrets."hosting.de-api-key.age" = {
file = "${self}/secrets/hosting.de-api.key"; file = "${self}/secrets/hosting.de-api-key.age";
mode = "440"; mode = "440";
group = "acme"; group = "acme";
}; };
@ -43,8 +43,8 @@ in {
isReadOnly = false; isReadOnly = false;
}; };
"${config.age.secrets."hosting.de-api.key".path}" = { "${config.age.secrets."hosting.de-api-key.age".path}" = {
hostPath = "${config.age.secrets."hosting.de-api.key".path}"; hostPath = "${config.age.secrets."hosting.de-api-key.age".path}";
isReadOnly = true; isReadOnly = true;
}; };
}; };

10
hosts/nougat-2/default.nix
View file

@ -1,7 +1,5 @@
{suites, ...}: { {...}: {
imports = imports = [
[ ./nougat-2.nix
./nougat-2.nix ];
]
++ suites.nougat-2;
} }

6
hosts/nougat-2/nougat-2.nix
View file

@ -3,6 +3,7 @@
pkgs, pkgs,
lib, lib,
self, self,
profiles,
fix-atomic-container-restartsModulesPath, fix-atomic-container-restartsModulesPath,
... ...
}: }:
@ -13,6 +14,11 @@ in {
imports = [ imports = [
./configuration.nix ./configuration.nix
profiles.base-user
profiles.users.root # make sure to configure ssh keys
profiles.users.barkeeper
./acme.nix ./acme.nix
./caddy.nix ./caddy.nix
./keycloak.nix ./keycloak.nix

21
secrets/hosting.de-api-key.age Normal file
View file

@ -0,0 +1,21 @@
age-encryption.org/v1
-> ssh-ed25519 Y0ZZaw mpeEJ0Pmd9BR/HQ6tcY4H38pCNrel+8L6WgnPj77ByQ
UdF11WoYedaNjDwLhGplUlHYtAW9wSTLrf6BMSQGXa8
-> ssh-ed25519 BVsyTA V8CrvHHBOPuJE6xqdQlC+dLoc5CU625aysWOk8oS6Sw
jJtQYWFVhCwwBGpQph8WNKPNLWrXiJVJj05EY0PZFzw
-> ssh-rsa kFDS0A
QXSYUXN04FSQofXobqNcPEApTKsDcUJV6eXYpS+9HffRE1PDt5JKRXWMk+3RMw0Z
fBlWPBMmS4M/letqH3PHG1gFv6MFrGaddfJbZo4FYUzMNeT+Fh5ZWM2bQO6iczd9
WUYYKonOzgRd8Nwg3DAHxJ8zXzocHp6F+cAqnw4y1ou50erVDMEIQ+wc16R8yT3t
OEKfz2Vr8FadAsCw2JBqouwyvdM6bd/+AjnJZbFrIq/gKlgIe0KuSZK1lr08v2aL
Nbk0bykb83N22kIG7kecYuY9Tz/Jh0geotkti7MIcsLez6OQW0+IC9bDZ/Swl/Cb
oXJdrjRCZipD1PKGdxzyb+bXZHmk778kc9WHB8NRas8ICFcOS0Pu0JMjhEfU2rER
QQoYAmk1mmJGDW1DVv90VUb2RokpF6QuzgIjfJUi7R7JLPcahBvfJRa8gytC33OP
Nr733zR5NP06b3LMdjjUyiYyf0cyZG9Qxra8aN2kAlT/mHZe+v9m4piHrJ1b+j73
pyZPNa9w5AXl942fV5DbERRpXtP1kc3bO776All8X7ARy5GaHpHmvmEE1ooDhicS
iSvEm5c/BvgTBijXqsXk/SkIoFiLrGQ4wkTjNpeTsX25ghZc1W5gHrcDY7QtdDLz
RotNg5klu2XZR5mB7hFPUoXwGhwYc5l1mf05/2tEkVs
-> E>o)tKn-grease T9%P;\g
y6At0SwlBQ5jKI7Rj9ceRCqW3gH+b+7K0rLp0w
--- ABiFxl1ZHUSZJPkagpG0QNgvWeWrJsBtCvDImCQHULQ
a$£ÑÖ t/³\“h”åÙP¸AëÑy¦]ö¯p÷ÛF#HŒM%<25>gÝ3p)^ˆc~]ÚªPKÕÝ4:õ‚ê,cœF Ó5éƉÀ

20
secrets/hosting.de-api.key Normal file
View file

@ -0,0 +1,20 @@
age-encryption.org/v1
-> ssh-rsa kFDS0A
MLbUT2OZ5uLq2uC4GdBNhQqrN8BjF3FibWT5NpfcL+ryr5wI1HfHnTINQR1SfcP6
e7YF2+lJXiI+Clp+V3/eG5mDMXo358lr1usQPo3AJp0L/F+ZXuYgXIYgp/H6CpX7
ztVM3BavlwvKibiFzpJVESIQW/aMp+fotTG5BBCzQ9P5ejpRCyBnw023VXG4bul6
kSBbjaclmXAB/kErB/CBrQX8khYzy/sPWMeyKfNpQNRebwHfwifSKtwvl9CrII0S
6UAK6oKhi+5heqCtn0t2ToY+Jo9ccMjf1tKuQkUkT9gxJqalYakK9Z/Cn1YjteS1
/QBE+pVNJYtqeND2kWoh7GDgHMN3RpSOZTTfLYWMatfwdZn78y5Qnri6GxKMMpcH
HJjFR3/u08sa5Z6QJN5ajMCze5QEVCfkbP7OUvdD77JagoR2TGphJXHWuHBBjNT0
67GnaVjtjBSkPc2wHaB9jXCLcpkYtx2JwvcYIBmyzu+uw3dVXekT54dXMckW04B9
2A+zH35yNX7cG1BdAaqXsj0q8XHLi+ZyyZBB/OSXFaz07JI8Uo7V17MU6N+yFCbn
UeIh82gingQU1+OBRSi1Qbee76RqRGOB9oJywxWYoj0tfCb5j+CW0UH18rKRCy1p
nbyIY2mp1pVMVnkv+UH5HDJZYTVt6H8HllKZcqy8tUQ
-> ssh-ed25519 cakP9w r7YM3I761Ly8mdPE5Aue4piOtU2WuBCX/ZkuODcC11E
+FGBvDNQiChuuYWGzo9lKiFGWtkGpd+h+zbi0fjR610
-> f(eo)$--grease = zT<uk K? Ijd3$!v
H/OGi9ibCTdNA59VlE4PWHH0sxeAehnSHPboQdGqc+mRBWhmyhuN0flH0lSc+Psq
NM0a5Cwz6j3FYrQDi2H20oFCLCaHNm4UDkzMhhL/0UYvgQ
--- OBqMSFnHs3uuRccjWbid3GxwdVDy+5rbWohAFal4HGM
¿Àä]y÷=¡0µÑYÒ†¢•÷jQ˜ZŸÓ€^þåÊBåò-$'mÄ…þÖ<C3BE>ݵ•ö:Rš/M{^–ƬDdzlFGo]ß`£î¤D”î

37
secrets/keycloak-database-password.age
View file

@ -1,21 +1,20 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 Y0ZZaw 6Ab765r1KhdPSNomPyArPOa9EpOK1gJH1O/2ImGovDE
AbIsUHJvTypKJbOE3LuLFXYkIzfTXxRmiLFy91HzaUE
-> ssh-ed25519 BVsyTA tCs+TlkHQMbqgeN28U2aLo3luZNHRemLKbsqX8gOSWU
PU1JXT1JjKeSZ5cybTuq+WOipWWmqhHGLtEVHi1/8pg
-> ssh-rsa kFDS0A -> ssh-rsa kFDS0A
TQbtZUL6l+DJxir6AVNUWMNPXrzJ6Ns3xb2C9s+lXsvlTlm834H8nt/JxJBCeRoH DWQcu9+8Tt6PbnhhtjaEh4JwKckPzGp8T886OitKmT36ONeX1xm4rxUV1BlZJESH
ymH0PcXKHCk54iPypW5KqFRIwoDYBTi3t3fSqjyLQk4eFNBjByGy+IVAaF6dcS5y bBUorgCjlVeNadhrvMH6f79iq84Itz3wFsRn3wtXTHPjyOjXKq3mBFCZchkNQXrQ
+pYwpZxgshv8u6iSEiRgLvqp0bIs/g/tPHowZ6ezlpyKOzh3+KRYK7e82dJFznwb kAlHVSU4KxArWdDgxZlSDDjqVKUO2otOax0jQIrATyoyXxydv3IrY+I/QJNXyMVV
Q9V+PdWZJLqobbo4bmz7nT3qNlS75tpcVk2FAwsNB1pk3Q4ucbQb33eslSny93s9 TWWur2MjLfRtXf8pKhKHhZMGthOtnYRYJplR638hw4TQ0j4/7J34qcZZgNoo4pUY
DjGCQFOMCkSZwKk98jV8aV01Liu4+tgMty5Sb6+Ei/tt+4TvjlX3t6hl9kvCVQNn FHO1xLqxdRzMiE5Kn7drhJ667QeEANZUr1sPjejXahMx/oYatpZ7YxDk2l8P4bcO
gXjc1y2FxfuwN7hTnFYM6QAwB4ETUPwsyqoOAzfFWzpQNpit+ZOtRMw42gcSkhA7 qAiQ5Z3h1wfhfhHJWLCXac9jBifZeMXXsi43lB7/A+8OCPPZbJam6ng9Nqi6q52S
RcyHeYGtQCeK+MKU9YaWZrDZjFjwpA7oxVkBGk6Xd6drVfw0tMurXpruuIzswo2Q nCwY54c50mDp1iS8b8coBnVqr4JPA+mipy31KGmbysxjKRV7SovYuPq6xzGzL9gO
iwdSGNsyAmMAKIoAWrjyxuXodgAwii8JgLr93IfkEuOQ/izQQ5sJCFP4Q4pB/Svk nAxpvwGuPShuKQMQ373u0NL5Fx3gnSwBpDax9Q8ZIvkn/iGIjntQj8IaDDXUtOUg
8yG62fflaJ6epTn2uEBD9EDqlNCGpDwNwdBnASdpcSCeooCqcqDIHpk0VJly+HiQ 6r3wQD8m8C54q8hdOeb8dvDTb8YkXJGumikOwx04KhhX/MJbIMpwSmhZGHdCY44v
VyxpD+3ZfaguUkiVC44oxAkQocitj8ypNmuGqphG+1ReN4ew8xi74f0WWq4lxkY4 qhTQcnudnPUskTZsenY4pw9LOdzuVeLqGL2359qvw8w8KTNtZfeif0xCpWBKMOw8
DieriNG+NG4JS7SgUTz5ZStYbOuIJJ/n82TcejWkJGM F3wdYRaowGp0Hqi1wb+mKtiz4Tyx93crkflrpxs5hT8
-> dqJ?-grease .CNJ%TkE -> ssh-ed25519 cakP9w m4+f1g38ZLRWqO1eKOSnu/0wJ+ou4j/4VgR8IJhh9Bc
D6Hq2UnwetlWfmLWLcijubdNB2uJNjRRIw 1MkqVLAk5hZyyvjVSU7ScIitGkIiQlCl7oxJCBw7xmE
--- +wyqgdU3ahUepcqy53z01275bJE6CadK4+yXH0bSvuI -> Bp=k^MJA-grease
ò¡ˆœÃ¿ÆV-j^/u˜»¼y{ŽÊ”Ášj¾Éø 7@¡øâhõ´©$†p«·íÜQ˜Ý'k œ£äz<>š#ö:¦<>àˆ·,¿4v}1š<C5A1>Ðr¥ÁüjeV iP4iWQsV1F2QEiShf0j9AhCUq+SXOxQ
--- d1wE82sM45YxhJkxchil/8TFhZMjyDVSySvgS6BQCck
dV¿­ÏQ“rJ8¿ýörøg(¤âì‡
êiàŽfï6O¸#ßãõWj,ÌÛd q—<xŸòOÑŒ^}-p9<70>`B

1
secrets/secrets.nix
View file

@ -23,4 +23,5 @@ in {
"mailman-core-secrets.age".publicKeys = deployKeys; "mailman-core-secrets.age".publicKeys = deployKeys;
"mailman-web-secrets.age".publicKeys = deployKeys; "mailman-web-secrets.age".publicKeys = deployKeys;
"mailman-db-secrets.age".publicKeys = deployKeys; "mailman-db-secrets.age".publicKeys = deployKeys;
"hosting.de-api-key.age".publicKeys = deployKeys;
} }