Initial goldberg (dev server) version
This commit is contained in:
Moritz 'e1mo' Fromm
parent
690ea06e1c
commit
57f77543b4
6 changed files with 164 additions and 17 deletions
|
|
@ -6,14 +6,22 @@ keys:
|
||||||
|
|
||||||
# Servers
|
# Servers
|
||||||
- &shirley age14ysl953378r2vvy7ft3gwce9xp83pr6wypf5lgx2yjwx2lxra5qs6j8eqe
|
- &shirley age14ysl953378r2vvy7ft3gwce9xp83pr6wypf5lgx2yjwx2lxra5qs6j8eqe
|
||||||
|
- &goldberg age1w3wqxt5t00hjv43dcxlr5rjec5mvuzz9ajc8k04azq0gfx0ncgysu6mdmm
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: secrets\/all\/*
|
- path_regex: secrets\/all\/*
|
||||||
key_groups:
|
key_groups:
|
||||||
- pgp: [ *e1mo, *n0emis ]
|
- pgp: [ *e1mo, *n0emis ]
|
||||||
age:
|
age:
|
||||||
- *shirley
|
- *shirley
|
||||||
|
- *goldberg
|
||||||
- path_regex: secrets\/shirley\/*
|
- path_regex: secrets\/shirley\/*
|
||||||
key_groups:
|
key_groups:
|
||||||
- pgp: [ *e1mo, *n0emis ]
|
- pgp: [ *e1mo, *n0emis ]
|
||||||
age:
|
age:
|
||||||
- *shirley
|
- *shirley
|
||||||
|
- path_regex: secrets\/goldberg\/*
|
||||||
|
key_groups:
|
||||||
|
- pgp: [ *e1mo, *n0emis ]
|
||||||
|
age:
|
||||||
|
- *shirley
|
||||||
|
- *goldberg
|
||||||
|
|
@ -31,6 +31,12 @@
|
||||||
./hosts/shirley/configuration.nix
|
./hosts/shirley/configuration.nix
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
goldberg = nixpkgs.lib.nixosSystem {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
modules = defaultModules ++ [
|
||||||
|
./hosts/goldberg/configuration.nix
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
colmena = {
|
colmena = {
|
||||||
|
|
|
||||||
27
hosts/goldberg/configuration.nix
Normal file
27
hosts/goldberg/configuration.nix
Normal file
|
|
@ -0,0 +1,27 @@
|
||||||
|
{ lib, pkgs, baseDomain, ... }: {
|
||||||
|
_module.args.baseDomain = "dev.chaos.jetzt";
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
./hardware-config.nix
|
||||||
|
../../services/mumble.nix
|
||||||
|
../../services/website.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
system.stateVersion = "23.05";
|
||||||
|
networking.hostName = "goldberg";
|
||||||
|
# Fallback / for the monitoring v(x)lan
|
||||||
|
networking.useDHCP = true;
|
||||||
|
|
||||||
|
# We need to configure IPv6 statically, and if we start with that we can just also do it for IPv4
|
||||||
|
networking.interfaces.ens3.useDHCP = false;
|
||||||
|
networking.interfaces.ens3.ipv4.addresses = [ { address = "5.75.181.252"; prefixLength = 32; } ];
|
||||||
|
networking.interfaces.ens3.ipv6.addresses = [ { address = "2a01:4f8:1c1e:9e75::1"; prefixLength = 64; } ];
|
||||||
|
networking.defaultGateway = { address = "172.31.1.1"; interface = "ens3"; };
|
||||||
|
networking.defaultGateway6 = { address = "fe80::1"; interface = "ens3"; };
|
||||||
|
networking.nameservers = [ "213.133.98.98" "213.133.99.99" "213.133.100.100" ];
|
||||||
|
|
||||||
|
services.murmur = {
|
||||||
|
registerPassword = lib.mkForce "";
|
||||||
|
environmentFile = lib.mkForce null;
|
||||||
|
};
|
||||||
|
}
|
||||||
43
hosts/goldberg/hardware-config.nix
Normal file
43
hosts/goldberg/hardware-config.nix
Normal file
|
|
@ -0,0 +1,43 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ (modulesPath + "/profiles/qemu-guest.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sd_mod" "sr_mod" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{ device = "/dev/disk/by-uuid/a2ddb17b-a6cc-416e-8033-45790a6f4012";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [ ];
|
||||||
|
|
||||||
|
# Use the GRUB 2 boot loader.
|
||||||
|
boot.loader.grub.enable = true;
|
||||||
|
boot.loader.grub.version = 2;
|
||||||
|
# boot.loader.grub.efiSupport = true;
|
||||||
|
# boot.loader.grub.efiInstallAsRemovable = true;
|
||||||
|
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
|
||||||
|
# Define on which hard drive you want to install Grub.
|
||||||
|
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
|
||||||
|
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
# networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.ens10.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.ens3.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
||||||
|
|
@ -9,35 +9,44 @@ sops:
|
||||||
- recipient: age14ysl953378r2vvy7ft3gwce9xp83pr6wypf5lgx2yjwx2lxra5qs6j8eqe
|
- recipient: age14ysl953378r2vvy7ft3gwce9xp83pr6wypf5lgx2yjwx2lxra5qs6j8eqe
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBia0lkeWRnRGxpNmpRdzh5
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGLzhsU0FEYTNwS3VQZ2lw
|
||||||
NGZDYkh1RDNGMXF6UGxMMXo1TFhmQytndUEwCm5YalBFZHF5MDV6WTFNWWEvaGxK
|
VWN6cVEvSzBsQ2J5aG5NbXI1SHFZM3JRSmxRCnd6TkFRb3ByRGV1b2V0czlLTzBp
|
||||||
YVVoL2JUaTVrVTNMSURIcGF0Uno2SDQKLS0tIE95SzYrMEpCeFQ3bVI5ckRNVXcw
|
WDBhQzFEUjhVOTd2aUQ2WjQwY0ZmYWcKLS0tIFBHK1Ztd1I3ZDlPdU1Nam4rRWdv
|
||||||
K0Z4RGdWakQwb01iek51ek5JNkc1b0kKK+lyOKzhkRLgKG9XtnNqdnsAPbEShAF3
|
M1hKMjJhZjR1Z285Q3VvQVl4MlZMSkEKeFTZdkt74RbG5FTg/MesJF/+WOvZJMvI
|
||||||
GQDhanhdVKmhyythXz+a0B6FrJmCppy7ZuNSucewqIx2ZCnLaSuUXw==
|
djjlEYfdL9bDaXpxpFUK5i+v5QL/2i+IZaxjQLymSk1TLpP5xZXhQA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1w3wqxt5t00hjv43dcxlr5rjec5mvuzz9ajc8k04azq0gfx0ncgysu6mdmm
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkbWtRbW5Rb3RFMHMxbisz
|
||||||
|
UGd5bUROTnEzc0VJOEFtbllyUHRHQnYyTTBzCkx0b3h5WUEyQVd2N0liU05CaDB0
|
||||||
|
dGhyR2lWNy9nNXp1L25wWEd5UjM0c1kKLS0tIEtFdXVsRUlQaGRWL3V2bTlySVpz
|
||||||
|
NHNGaGtwcWE0RnFOdEcyY1VOQytTN2cKEAOBHsCuhtGO6OJElLD4AACfyeGGFYMs
|
||||||
|
or79LXMXaLaNXdmhHpbl9kNt8UdBEVe2RcgZa+jZDMBinlABNmNc9w==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2022-11-27T21:53:46Z"
|
lastmodified: "2022-11-27T21:53:46Z"
|
||||||
mac: ENC[AES256_GCM,data:8rzaM8lDGLwwMbgcqaB3zj73l3mV0OFeshrHGRVw+akk9ipz0WKnhKHPGbGcaktWd61cg52/F2Fz573PWHthqoI/v0NJc7bpOKG3HreKyJyJ5AbZ+eFYrSLSNKaOXvKmwWHRMnFASOd97QaSYxQaHCDhQObf0XBXEnRktX9NtXs=,iv:j5E/YS1yI/Tgqq9Dio/b7EKrPwcJFBnVDtry91suym0=,tag:Hev9lYgsMxKFxcfozX+VdA==,type:str]
|
mac: ENC[AES256_GCM,data:8rzaM8lDGLwwMbgcqaB3zj73l3mV0OFeshrHGRVw+akk9ipz0WKnhKHPGbGcaktWd61cg52/F2Fz573PWHthqoI/v0NJc7bpOKG3HreKyJyJ5AbZ+eFYrSLSNKaOXvKmwWHRMnFASOd97QaSYxQaHCDhQObf0XBXEnRktX9NtXs=,iv:j5E/YS1yI/Tgqq9Dio/b7EKrPwcJFBnVDtry91suym0=,tag:Hev9lYgsMxKFxcfozX+VdA==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2022-12-11T10:48:10Z"
|
- created_at: "2022-12-11T15:31:51Z"
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
hF4DOnsoj685gdcSAQdAbaU5s15Yn2pvSi74qur3WF9+1GeQCN4jXeDH8iSLrmAw
|
hF4DOnsoj685gdcSAQdAQsDa5qj1XAnVKEiE6Zc8QbFyfDpKcAvbA+bf4aWp420w
|
||||||
nup2BZX10Kk+xeX9s0W+1HBE5kCLecbkWx/VJPplajHrz296Kb5Z7/9etbDo/ij3
|
7Vfh4T4epxnxOPaJ0IVs1uJT6TCB9AjbvdDbmnfPdJnXOYzTRkSDhLsjFa2QnJ67
|
||||||
0l4Bab4RQ4tD/xfJblCSp+pjTRKoyHptZTFK3MYg1TWEP7BlXkNfkvbtG4soq38O
|
0l4B9J56nHh7soMtSDVmhmfj4gp2qrjJf3/8Xw+gEP1oRC0cis785cQi2mHxgTNe
|
||||||
iJZJGIo/pdkfTSxUz0vAXkKQO46XHW26eNVkOVTkpGHCfIBTMudR1cE/AwoXS96T
|
SiAUshN8ZzICXD77eJfcLxIDt1z1qS08c2mhIsjdjXKy6A7uNK+rZksRN+bwHr6x
|
||||||
=27WM
|
=5t5x
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: "0x6D617FD0A85BAADA"
|
fp: "0x6D617FD0A85BAADA"
|
||||||
- created_at: "2022-12-11T10:48:10Z"
|
- created_at: "2022-12-11T15:31:51Z"
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
hF4D6iFd6webPCUSAQdAcYhXFsMoghf0Hg6FP1DslsjmbaXJrBdnQhDbuLUpx2cw
|
hF4D6iFd6webPCUSAQdArOIgsg/cp2TKAhUpZ/RSqpx5kXhpS2PIqLb4gY555m4w
|
||||||
HWvyvqwyqKTLY1tPudoNQlkMjD/SiIy8vmQXMSsw0IicV+5hmigKKv1U3PkG9qbB
|
H9PJDMfztLVWnXYwqaQcCNnMP9bjyTGPQzd5hOGP4ob/f3Ajat6neKU4YEPWKOQX
|
||||||
0l4BRBmuJIn/zaGKxOHa/oxSvuLXOd8sCBh/gU7jv9MhWecfnz83SAIcv5zsMWs3
|
0l4BkYcL+GCoEW0COSPQxIJHSK9rJZfpDavPTXOJ1oToVKLf/tiURQYtSCT419h6
|
||||||
bEoq5SiRJsdiw7/EtfSvDpsDCXvOvNt3T4wFWknVX0TjO6u65frWLVYdHTTCWKU3
|
FWqlAkZKp78Xpy3ZIvefqCiohOtV0IoS5UhVHCKIiMOcngoSYbB1zVNcORYpDUgg
|
||||||
=WjCa
|
=OCMo
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: "0xE0262A773B824745"
|
fp: "0xE0262A773B824745"
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
|
|
|
||||||
54
secrets/goldberg/secrets.yaml
Normal file
54
secrets/goldberg/secrets.yaml
Normal file
|
|
@ -0,0 +1,54 @@
|
||||||
|
murmur:
|
||||||
|
#ENC[AES256_GCM,data:ionYo3rz6G1ZhOmwBDleXPO7/reeF6tpgA==,iv:4iQ1FYTvxyyNaQDPxHErV0fevsnU5p55wT27nOwMStM=,tag:ynCgbQsvX5ow4+vc2Qz8MQ==,type:comment]
|
||||||
|
registry_password: ""
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age14ysl953378r2vvy7ft3gwce9xp83pr6wypf5lgx2yjwx2lxra5qs6j8eqe
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBud3M4T05FWjZSODhhOFFU
|
||||||
|
RFhrcVVoQ3M1S1Z6WlZkK0g5bGVhODBoRWhBCjBMNHJ0dEJWQlNVaEorSjNtZk9s
|
||||||
|
Q2Z4UVEwWHFWUDZIM2FNTEFEOFdIZUUKLS0tIExRbzhYK040SWM3YXMvUHFYcTJy
|
||||||
|
L2ZkU3ZIWndnZk1jRllTWHNLNitjNDgKwbgsoy3xXj6jp7dm5asdTTTHi2fO3vwH
|
||||||
|
Q6mOl7pZQLX+pFduw1KTKgqMkQkp+jAlJL6t0ElRUkuBVMq2i3vNQg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1w3wqxt5t00hjv43dcxlr5rjec5mvuzz9ajc8k04azq0gfx0ncgysu6mdmm
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkK2UxMkJZbW8wOUR4OHBs
|
||||||
|
WFIraTczOW9LVlMzdm10dStRejdwQ1BtY1JRClFUdE1FZnBacTFrb000VHpQc01L
|
||||||
|
RkxCWHdtUmhJbXNPUG0rWlFSQ3dlQVEKLS0tIEhxQzFuZ09hNkFrMXZlbVNNU1dP
|
||||||
|
RHZYN0JXMElFanc5UWNtN2JSZmhYTE0KaHYt1EviNbs/BcvHs5j3bg1gZHPJgajW
|
||||||
|
GUHkdEhz/WEpZmd5uUxWpKyRIyNF6/hl/57P9MUhWSlu+3kt7nwJ4w==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2022-12-11T15:34:06Z"
|
||||||
|
mac: ENC[AES256_GCM,data:iAy2NLUrdxfMzfP0A29kvk2gKVfmOkAHbtfynOwdqXo5y4qEVqNCnNr7Lmkcw7rQyqX+cRUWrUy+k5dtmGa1iasm9VjGykZu2YtTyhESDKm3/UY+EVxhzAXXa6cnbZpmX2GcY7FldcQYS+zSOisO4kYnewoROgFAKQUwVeWR0ak=,iv:ufbF+DBJdas+XrrAW8zeb/ZhhJQihxv2hWc7nf3fYug=,tag:/sSxVKv9YtjsefMC/4/Y9g==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2022-12-11T15:33:54Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hF4DOnsoj685gdcSAQdA9JjUfb4wCKwVzIl/7ljRvwdCPf8+SDX3DVWt5vY4pX8w
|
||||||
|
bnJ3hAuhNdO4dqeJ4GmT0xMsLFDAopxxJPQob4thHZ6FeMS0I3XEzZ4A7Si0JtHP
|
||||||
|
0l4B4O95Bnr1FGSQf3Vt378U13Jqr5qIMB67Y2d9phlyiJHJ9wNJjp17gKb7rWix
|
||||||
|
HCpfj4x0Kgx6FgmmNK0JC/UyQAKhPzD0f7uVAMA1tyC7c/fWgcsNpeo2D9tbaWoO
|
||||||
|
=YdzC
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: "0x6D617FD0A85BAADA"
|
||||||
|
- created_at: "2022-12-11T15:33:54Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hF4D6iFd6webPCUSAQdAij89mphU4WUZ8XS4mp6w9kmsKXRBkaxk1Rxsh3QqrFgw
|
||||||
|
Qyxwnv3ujYbphtXsUwh2oYVA9HBFE0vJlaFR8FWPkJwiwDklS+TilxUAa2V2F97n
|
||||||
|
0l4B1OyxeOLxZG3/WcpL6BpBjcDL0UzhxmOU5uS5KAWDbkF1leVh2rahJL3A1uCC
|
||||||
|
9lgRhPiA/PqHGREiN2EI0fEIvt2MS3A9K7qHQUxdRKgANR9r/M/EoU4scKcxmUn5
|
||||||
|
=TjUy
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: "0xE0262A773B824745"
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.7.3
|
||||||
Loading…
Reference in a new issue