simono41/chaos-jetzt-nixfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Initial goldberg (dev server) version

Browse source
This commit is contained in:
Moritz 'e1mo' Fromm 2022-12-11 16:53:35 +01:00
parent 690ea06e1c
commit 57f77543b4
No known key found for this signature in database
GPG key ID: 1D5D79A439E787F1
6 changed files with 164 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
.sops.yaml
View file

@ -6,14 +6,22 @@ keys:
# Servers
- &shirley age14ysl953378r2vvy7ft3gwce9xp83pr6wypf5lgx2yjwx2lxra5qs6j8eqe
- &goldberg age1w3wqxt5t00hjv43dcxlr5rjec5mvuzz9ajc8k04azq0gfx0ncgysu6mdmm
creation_rules:
- path_regex: secrets\/all\/*
key_groups:
- pgp: [ *e1mo, *n0emis ]
age:
- *shirley
- *goldberg
- path_regex: secrets\/shirley\/*
key_groups:
- pgp: [ *e1mo, *n0emis ]
age:
- *shirley
- path_regex: secrets\/goldberg\/*
key_groups:
- pgp: [ *e1mo, *n0emis ]
age:
- *shirley
- *goldberg

6
flake.nix
View file

@ -31,6 +31,12 @@
./hosts/shirley/configuration.nix
];
};
goldberg = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = defaultModules ++ [
./hosts/goldberg/configuration.nix
];
};
};
colmena = {

27
hosts/goldberg/configuration.nix Normal file
View file

@ -0,0 +1,27 @@
{ lib, pkgs, baseDomain, ... }: {
_module.args.baseDomain = "dev.chaos.jetzt";
imports = [
./hardware-config.nix
../../services/mumble.nix
../../services/website.nix
];
system.stateVersion = "23.05";
networking.hostName = "goldberg";
# Fallback / for the monitoring v(x)lan
networking.useDHCP = true;
# We need to configure IPv6 statically, and if we start with that we can just also do it for IPv4
networking.interfaces.ens3.useDHCP = false;
networking.interfaces.ens3.ipv4.addresses = [ { address = "5.75.181.252"; prefixLength = 32; } ];
networking.interfaces.ens3.ipv6.addresses = [ { address = "2a01:4f8:1c1e:9e75::1"; prefixLength = 64; } ];
networking.defaultGateway = { address = "172.31.1.1"; interface = "ens3"; };
networking.defaultGateway6 = { address = "fe80::1"; interface = "ens3"; };
networking.nameservers = [ "213.133.98.98" "213.133.99.99" "213.133.100.100" ];
services.murmur = {
registerPassword = lib.mkForce "";
environmentFile = lib.mkForce null;
};
}

43
hosts/goldberg/hardware-config.nix Normal file
View file

@ -0,0 +1,43 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/a2ddb17b-a6cc-416e-8033-45790a6f4012";
fsType = "ext4";
};
swapDevices = [ ];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens10.useDHCP = lib.mkDefault true;
# networking.interfaces.ens3.useDHCP = lib.mkDefault true;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

43
secrets/all/secrets.yaml
View file

@ -9,35 +9,44 @@ sops:
- recipient: age14ysl953378r2vvy7ft3gwce9xp83pr6wypf5lgx2yjwx2lxra5qs6j8eqe
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBia0lkeWRnRGxpNmpRdzh5
NGZDYkh1RDNGMXF6UGxMMXo1TFhmQytndUEwCm5YalBFZHF5MDV6WTFNWWEvaGxK
YVVoL2JUaTVrVTNMSURIcGF0Uno2SDQKLS0tIE95SzYrMEpCeFQ3bVI5ckRNVXcw
K0Z4RGdWakQwb01iek51ek5JNkc1b0kKK+lyOKzhkRLgKG9XtnNqdnsAPbEShAF3
GQDhanhdVKmhyythXz+a0B6FrJmCppy7ZuNSucewqIx2ZCnLaSuUXw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGLzhsU0FEYTNwS3VQZ2lw
VWN6cVEvSzBsQ2J5aG5NbXI1SHFZM3JRSmxRCnd6TkFRb3ByRGV1b2V0czlLTzBp
WDBhQzFEUjhVOTd2aUQ2WjQwY0ZmYWcKLS0tIFBHK1Ztd1I3ZDlPdU1Nam4rRWdv
M1hKMjJhZjR1Z285Q3VvQVl4MlZMSkEKeFTZdkt74RbG5FTg/MesJF/+WOvZJMvI
djjlEYfdL9bDaXpxpFUK5i+v5QL/2i+IZaxjQLymSk1TLpP5xZXhQA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1w3wqxt5t00hjv43dcxlr5rjec5mvuzz9ajc8k04azq0gfx0ncgysu6mdmm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkbWtRbW5Rb3RFMHMxbisz
UGd5bUROTnEzc0VJOEFtbllyUHRHQnYyTTBzCkx0b3h5WUEyQVd2N0liU05CaDB0
dGhyR2lWNy9nNXp1L25wWEd5UjM0c1kKLS0tIEtFdXVsRUlQaGRWL3V2bTlySVpz
NHNGaGtwcWE0RnFOdEcyY1VOQytTN2cKEAOBHsCuhtGO6OJElLD4AACfyeGGFYMs
or79LXMXaLaNXdmhHpbl9kNt8UdBEVe2RcgZa+jZDMBinlABNmNc9w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-11-27T21:53:46Z"
mac: ENC[AES256_GCM,data:8rzaM8lDGLwwMbgcqaB3zj73l3mV0OFeshrHGRVw+akk9ipz0WKnhKHPGbGcaktWd61cg52/F2Fz573PWHthqoI/v0NJc7bpOKG3HreKyJyJ5AbZ+eFYrSLSNKaOXvKmwWHRMnFASOd97QaSYxQaHCDhQObf0XBXEnRktX9NtXs=,iv:j5E/YS1yI/Tgqq9Dio/b7EKrPwcJFBnVDtry91suym0=,tag:Hev9lYgsMxKFxcfozX+VdA==,type:str]
pgp:
- created_at: "2022-12-11T10:48:10Z"
- created_at: "2022-12-11T15:31:51Z"
enc: |
-----BEGIN PGP MESSAGE-----
hF4DOnsoj685gdcSAQdAbaU5s15Yn2pvSi74qur3WF9+1GeQCN4jXeDH8iSLrmAw
nup2BZX10Kk+xeX9s0W+1HBE5kCLecbkWx/VJPplajHrz296Kb5Z7/9etbDo/ij3
0l4Bab4RQ4tD/xfJblCSp+pjTRKoyHptZTFK3MYg1TWEP7BlXkNfkvbtG4soq38O
iJZJGIo/pdkfTSxUz0vAXkKQO46XHW26eNVkOVTkpGHCfIBTMudR1cE/AwoXS96T
=27WM
hF4DOnsoj685gdcSAQdAQsDa5qj1XAnVKEiE6Zc8QbFyfDpKcAvbA+bf4aWp420w
7Vfh4T4epxnxOPaJ0IVs1uJT6TCB9AjbvdDbmnfPdJnXOYzTRkSDhLsjFa2QnJ67
0l4B9J56nHh7soMtSDVmhmfj4gp2qrjJf3/8Xw+gEP1oRC0cis785cQi2mHxgTNe
SiAUshN8ZzICXD77eJfcLxIDt1z1qS08c2mhIsjdjXKy6A7uNK+rZksRN+bwHr6x
=5t5x
-----END PGP MESSAGE-----
fp: "0x6D617FD0A85BAADA"
- created_at: "2022-12-11T10:48:10Z"
- created_at: "2022-12-11T15:31:51Z"
enc: |
-----BEGIN PGP MESSAGE-----
hF4D6iFd6webPCUSAQdAcYhXFsMoghf0Hg6FP1DslsjmbaXJrBdnQhDbuLUpx2cw
HWvyvqwyqKTLY1tPudoNQlkMjD/SiIy8vmQXMSsw0IicV+5hmigKKv1U3PkG9qbB
0l4BRBmuJIn/zaGKxOHa/oxSvuLXOd8sCBh/gU7jv9MhWecfnz83SAIcv5zsMWs3
bEoq5SiRJsdiw7/EtfSvDpsDCXvOvNt3T4wFWknVX0TjO6u65frWLVYdHTTCWKU3
=WjCa
hF4D6iFd6webPCUSAQdArOIgsg/cp2TKAhUpZ/RSqpx5kXhpS2PIqLb4gY555m4w
H9PJDMfztLVWnXYwqaQcCNnMP9bjyTGPQzd5hOGP4ob/f3Ajat6neKU4YEPWKOQX
0l4BkYcL+GCoEW0COSPQxIJHSK9rJZfpDavPTXOJ1oToVKLf/tiURQYtSCT419h6
FWqlAkZKp78Xpy3ZIvefqCiohOtV0IoS5UhVHCKIiMOcngoSYbB1zVNcORYpDUgg
=OCMo
-----END PGP MESSAGE-----
fp: "0xE0262A773B824745"
unencrypted_suffix: _unencrypted

54
secrets/goldberg/secrets.yaml Normal file
View file

@ -0,0 +1,54 @@
murmur:
#ENC[AES256_GCM,data:ionYo3rz6G1ZhOmwBDleXPO7/reeF6tpgA==,iv:4iQ1FYTvxyyNaQDPxHErV0fevsnU5p55wT27nOwMStM=,tag:ynCgbQsvX5ow4+vc2Qz8MQ==,type:comment]
registry_password: ""
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14ysl953378r2vvy7ft3gwce9xp83pr6wypf5lgx2yjwx2lxra5qs6j8eqe
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBud3M4T05FWjZSODhhOFFU
RFhrcVVoQ3M1S1Z6WlZkK0g5bGVhODBoRWhBCjBMNHJ0dEJWQlNVaEorSjNtZk9s
Q2Z4UVEwWHFWUDZIM2FNTEFEOFdIZUUKLS0tIExRbzhYK040SWM3YXMvUHFYcTJy
L2ZkU3ZIWndnZk1jRllTWHNLNitjNDgKwbgsoy3xXj6jp7dm5asdTTTHi2fO3vwH
Q6mOl7pZQLX+pFduw1KTKgqMkQkp+jAlJL6t0ElRUkuBVMq2i3vNQg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1w3wqxt5t00hjv43dcxlr5rjec5mvuzz9ajc8k04azq0gfx0ncgysu6mdmm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkK2UxMkJZbW8wOUR4OHBs
WFIraTczOW9LVlMzdm10dStRejdwQ1BtY1JRClFUdE1FZnBacTFrb000VHpQc01L
RkxCWHdtUmhJbXNPUG0rWlFSQ3dlQVEKLS0tIEhxQzFuZ09hNkFrMXZlbVNNU1dP
RHZYN0JXMElFanc5UWNtN2JSZmhYTE0KaHYt1EviNbs/BcvHs5j3bg1gZHPJgajW
GUHkdEhz/WEpZmd5uUxWpKyRIyNF6/hl/57P9MUhWSlu+3kt7nwJ4w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-12-11T15:34:06Z"
mac: ENC[AES256_GCM,data:iAy2NLUrdxfMzfP0A29kvk2gKVfmOkAHbtfynOwdqXo5y4qEVqNCnNr7Lmkcw7rQyqX+cRUWrUy+k5dtmGa1iasm9VjGykZu2YtTyhESDKm3/UY+EVxhzAXXa6cnbZpmX2GcY7FldcQYS+zSOisO4kYnewoROgFAKQUwVeWR0ak=,iv:ufbF+DBJdas+XrrAW8zeb/ZhhJQihxv2hWc7nf3fYug=,tag:/sSxVKv9YtjsefMC/4/Y9g==,type:str]
pgp:
- created_at: "2022-12-11T15:33:54Z"
enc: |
-----BEGIN PGP MESSAGE-----
hF4DOnsoj685gdcSAQdA9JjUfb4wCKwVzIl/7ljRvwdCPf8+SDX3DVWt5vY4pX8w
bnJ3hAuhNdO4dqeJ4GmT0xMsLFDAopxxJPQob4thHZ6FeMS0I3XEzZ4A7Si0JtHP
0l4B4O95Bnr1FGSQf3Vt378U13Jqr5qIMB67Y2d9phlyiJHJ9wNJjp17gKb7rWix
HCpfj4x0Kgx6FgmmNK0JC/UyQAKhPzD0f7uVAMA1tyC7c/fWgcsNpeo2D9tbaWoO
=YdzC
-----END PGP MESSAGE-----
fp: "0x6D617FD0A85BAADA"
- created_at: "2022-12-11T15:33:54Z"
enc: |
-----BEGIN PGP MESSAGE-----
hF4D6iFd6webPCUSAQdAij89mphU4WUZ8XS4mp6w9kmsKXRBkaxk1Rxsh3QqrFgw
Qyxwnv3ujYbphtXsUwh2oYVA9HBFE0vJlaFR8FWPkJwiwDklS+TilxUAa2V2F97n
0l4B1OyxeOLxZG3/WcpL6BpBjcDL0UzhxmOU5uS5KAWDbkF1leVh2rahJL3A1uCC
9lgRhPiA/PqHGREiN2EI0fEIvt2MS3A9K7qHQUxdRKgANR9r/M/EoU4scKcxmUn5
=TjUy
-----END PGP MESSAGE-----
fp: "0xE0262A773B824745"
unencrypted_suffix: _unencrypted
version: 3.7.3