diff --git a/hosts/dumpyourvms/dumpyourvms.nix b/hosts/dumpyourvms/dumpyourvms.nix index 3b1e4ab3..17b7597f 100644 --- a/hosts/dumpyourvms/dumpyourvms.nix +++ b/hosts/dumpyourvms/dumpyourvms.nix @@ -71,21 +71,11 @@ in { services.mozillavpn.enable = true; networking = import ./networking.nix; services.tailscale.enable = true; - services.openvpn.servers = { - catVPN = {config = ''config /home/teutat3s/.local/share/openvpn/catVPN.conf '';}; - }; security.pki.certificateFiles = [./consul-agent-ca.pem]; services.unbound = import ./unbound.nix; - environment = { - systemPackages = with pkgs; [ - networkmanager-fortisslvpn - openfortivpn - ]; - }; - # Set default brightness to 50% # https://ubuntuforums.org/showthread.php?t=2409856 services.cron.systemCronJobs = [ diff --git a/modules/crypto/default.nix b/modules/crypto/default.nix index 9b4a91e5..8dad1d70 100644 --- a/modules/crypto/default.nix +++ b/modules/crypto/default.nix @@ -39,7 +39,6 @@ in { libsecret qMasterPassword restic - fwknop ]; }; }; diff --git a/modules/devops/default.nix b/modules/devops/default.nix index 0212ce43..0f966ddd 100644 --- a/modules/devops/default.nix +++ b/modules/devops/default.nix @@ -16,6 +16,8 @@ in { home-manager = with pkgs; pkgs.lib.setAttrByPath ["users" psCfg.user.name] { home.packages = [ + fwknop + croc drone-cli nmap pgcli diff --git a/secrets/cat-testenv.ovpn.age b/secrets/cat-testenv.ovpn.age new file mode 100644 index 00000000..3de814e2 Binary files /dev/null and b/secrets/cat-testenv.ovpn.age differ diff --git a/secrets/fwknoprc.age b/secrets/fwknoprc.age new file mode 100644 index 00000000..dd079b9e Binary files /dev/null and b/secrets/fwknoprc.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 2332bb39..044bd9da 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -12,6 +12,8 @@ let in { "example-secret.age".publicKeys = allKeys; "environment-secrets.age".publicKeys = allKeys; + "fwknoprc.age".publicKeys = allKeys; + "cat-testenv.ovpn.age".publicKeys = allKeys; "docker-ci-runner-secrets.age".publicKeys = allKeys; "test-secret.age".publicKeys = [users.teutat3s-5-nfc]; } diff --git a/users/teutat3s/concepts-and-training.nix b/users/teutat3s/concepts-and-training.nix new file mode 100644 index 00000000..a12d355b --- /dev/null +++ b/users/teutat3s/concepts-and-training.nix @@ -0,0 +1,48 @@ +{ + config, + pkgs, + lib, + self, + ... +}: +with lib; let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; +in { + age.secrets."cat-testenv.ovpn" = { + file = "${self}/secrets/cat-testenv.ovpn.age"; + mode = "600"; + owner = psCfg.user.name; + }; + + age.secrets."fwknoprc" = { + file = "${self}/secrets/fwknoprc.age"; + path = "${config.users.users."${psCfg.user.name}".home}/.fwknoprc"; + mode = "600"; + owner = psCfg.user.name; + }; + + services.openvpn.servers = { + catVPN = { + config = ''config ${config.age.secrets."cat-testenv.ovpn".path}''; + autoStart = false; + }; + }; + + #home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] { + # programs.ssh = { + # matchBlocks = { + # "salt.base.test" = { + # hostname = "10.0.0.2"; + # user = "bbaedorf"; + # }; + + # "salt.gateway.test" = { + # hostname = "10.0.0.3"; + # user = "root"; + # proxyJump = "salt.base.test"; + # }; + # }; + # }; + #}; +} diff --git a/users/teutat3s/home.nix b/users/teutat3s/home.nix index 9a897fa6..31be8b27 100644 --- a/users/teutat3s/home.nix +++ b/users/teutat3s/home.nix @@ -13,6 +13,8 @@ with lib; let in { imports = [ ./session-variables.nix + ./concepts-and-training.nix + ./mnx.nix ]; config = { diff --git a/users/teutat3s/mnx.nix b/users/teutat3s/mnx.nix new file mode 100644 index 00000000..4bf69b46 --- /dev/null +++ b/users/teutat3s/mnx.nix @@ -0,0 +1,18 @@ +{ + config, + pkgs, + lib, + self, + ... +}: +with lib; let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; +in { + environment = { + systemPackages = with pkgs; [ + networkmanager-fortisslvpn + openfortivpn + ]; + }; +}