commit
9b71a51959
8 changed files with 178 additions and 56 deletions
|
@ -8,6 +8,7 @@ keys:
|
||||||
# Servers
|
# Servers
|
||||||
- &shirley age14ysl953378r2vvy7ft3gwce9xp83pr6wypf5lgx2yjwx2lxra5qs6j8eqe
|
- &shirley age14ysl953378r2vvy7ft3gwce9xp83pr6wypf5lgx2yjwx2lxra5qs6j8eqe
|
||||||
- &goldberg age1w3wqxt5t00hjv43dcxlr5rjec5mvuzz9ajc8k04azq0gfx0ncgysu6mdmm
|
- &goldberg age1w3wqxt5t00hjv43dcxlr5rjec5mvuzz9ajc8k04azq0gfx0ncgysu6mdmm
|
||||||
|
- &hamilton age1uw83n25fx9th2q5y2yedeyzmtzk5yjtwx0kh054v5r2mxc0utuwqacdf77
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: secrets\/all\/*
|
- path_regex: secrets\/all\/*
|
||||||
key_groups:
|
key_groups:
|
||||||
|
@ -15,6 +16,7 @@ creation_rules:
|
||||||
age:
|
age:
|
||||||
- *shirley
|
- *shirley
|
||||||
- *goldberg
|
- *goldberg
|
||||||
|
- *hamilton
|
||||||
- path_regex: secrets\/shirley\/*
|
- path_regex: secrets\/shirley\/*
|
||||||
key_groups:
|
key_groups:
|
||||||
- pgp: [ *e1mo, *adb, *momme ]
|
- pgp: [ *e1mo, *adb, *momme ]
|
||||||
|
@ -25,3 +27,8 @@ creation_rules:
|
||||||
- pgp: [ *e1mo, *adb, *momme ]
|
- pgp: [ *e1mo, *adb, *momme ]
|
||||||
age:
|
age:
|
||||||
- *goldberg
|
- *goldberg
|
||||||
|
- path_regex: secrets\/hamilton\/*
|
||||||
|
key_groups:
|
||||||
|
- pgp: [ *e1mo, *adb, *momme ]
|
||||||
|
age:
|
||||||
|
- *hamilton
|
||||||
|
|
|
@ -42,6 +42,12 @@
|
||||||
./hosts/shirley/configuration.nix
|
./hosts/shirley/configuration.nix
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
hamilton = nixpkgs.lib.nixosSystem {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
modules = defaultModules ++ [
|
||||||
|
./hosts/hamilton/configuration.nix
|
||||||
|
];
|
||||||
|
};
|
||||||
goldberg = nixpkgs.lib.nixosSystem {
|
goldberg = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
modules = defaultModules ++ [
|
modules = defaultModules ++ [
|
||||||
|
|
31
hosts/hamilton/configuration.nix
Normal file
31
hosts/hamilton/configuration.nix
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
{ pkgs, baseDomain, ... }: {
|
||||||
|
cj.deployment.environment = "prod";
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
./hardware-config.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
system.stateVersion = "23.05";
|
||||||
|
networking.hostName = "hamilton";
|
||||||
|
# Added by default by nixos-infect. It seems sensible to keep this
|
||||||
|
# For reference: https://wiki.archlinux.org/title/Zram
|
||||||
|
zramSwap = {
|
||||||
|
enable = true;
|
||||||
|
# But limiting to 25% at start to see how high usage will be and to limit the impact on "fast" normal RAM
|
||||||
|
memoryPercent = 25;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
# Fallback / for the monitoring v(x)lan
|
||||||
|
useDHCP = true;
|
||||||
|
defaultGateway = { address = "172.31.1.1"; interface = "ens3"; };
|
||||||
|
defaultGateway6 = { address = "fe80::1"; interface = "ens3"; };
|
||||||
|
nameservers = [ "213.133.98.98" "213.133.99.99" "213.133.100.100" ];
|
||||||
|
|
||||||
|
interfaces.ens3 = {
|
||||||
|
useDHCP = false;
|
||||||
|
ipv4.addresses = [ { address = "128.140.1.30"; prefixLength = 32; } ];
|
||||||
|
ipv6.addresses = [ { address = "2a01:4f8:1c1e:b564::1"; prefixLength = 64; } ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
8
hosts/hamilton/hardware-config.nix
Normal file
8
hosts/hamilton/hardware-config.nix
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
{ modulesPath, ... }:
|
||||||
|
{
|
||||||
|
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||||
|
boot.loader.grub.device = "/dev/sda";
|
||||||
|
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
|
||||||
|
boot.initrd.kernelModules = [ "nvme" ];
|
||||||
|
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
|
||||||
|
}
|
|
@ -8,29 +8,33 @@
|
||||||
"age": [
|
"age": [
|
||||||
{
|
{
|
||||||
"recipient": "age14ysl953378r2vvy7ft3gwce9xp83pr6wypf5lgx2yjwx2lxra5qs6j8eqe",
|
"recipient": "age14ysl953378r2vvy7ft3gwce9xp83pr6wypf5lgx2yjwx2lxra5qs6j8eqe",
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZVYvSzhUSjJMRWJYemdH\nRHFUTFVQTEdvbUgvRGpMNEFwUUFZOHdzMHg4CjFrS3JPb3ptVlY5YlY5ZkYxYXZ2\nM1RwN2N1b3UxRUpsQUUvem5RRHFGWVkKLS0tIEJNRmU4anQrVlo4dXJsWUZBN0xZ\nb1RGMVVWUFFteWpsajIvUHAwM0kvTm8KF4PVO81/7DnM5mH47ZXDQHaatGhnPGa4\n9KXj1oIWsw35YKoCg/zCukOZt5uoftfvcoSgKwUO30z5FXu53gFGgA==\n-----END AGE ENCRYPTED FILE-----\n"
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmR21TejMwVXltZXlUdEFK\nZkF3V3gxSDBaS3d2UFNza2hmU29Jeks4TURVClV1bnZPTWZJT3A0cURyUzFMNVR1\nQjRTWUlPZ2t3TUMzbWxTZlZHU2lJajQKLS0tIDQ3VXp5cWpjWkdRZmwyR2FmUFNl\nMGMzaFY5VWlMdWcxWTZpNWxLYUU1bmsKwqKaRYTa+R08HIDx4jks2+Df6ny6xJgx\n3M7y7AfUeJXt4EK2nemGt885x8+RvPvsH+R3HtbhpCA9/dSXMlVD1Q==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"recipient": "age1w3wqxt5t00hjv43dcxlr5rjec5mvuzz9ajc8k04azq0gfx0ncgysu6mdmm",
|
"recipient": "age1w3wqxt5t00hjv43dcxlr5rjec5mvuzz9ajc8k04azq0gfx0ncgysu6mdmm",
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5ZUJUYStUc3UxU1BSd3cr\nbzg4MWoycVRJMUx2NEJNU3JjYTBCaXA3aTM0CnFJN2o4MWRpa2x1Z2NmUTBHVE9F\ndzFCOTdUZ2NHUEwrRUFhYmNIREtnbFUKLS0tIDF6a0VITU0vS1lIOElzNFNibVp6\ncnB5SXVES3ZWRGNZZ1VZT0FzaDdLWGsKcEFPaLy/6vTlfLUwnjHbnLBMFgUVCTvv\nQHVGJMtYhdcNjTOuErR7ho1P2CjpSCY3Sl48PgrCbPgHZJrH+v+p9Q==\n-----END AGE ENCRYPTED FILE-----\n"
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIYW9Gb3pPTTAwRC96a3Vp\nbFZyem8yQjZYemtYS2o4eDM5U252OVd1OVFjClFBam9pVjN5SFFQWFRIT3RhM1pV\nYkdxWGVhVjR0MklNMlpuSVFOWUVTZmMKLS0tIExPbGVRZUhIQ3Y5WDZtMityd3Vm\nSTlRODlTaGxTZkx2YUt0bUt5RmxiajgKww2Y2nKuZDlPyqwUIhbrxAXKnQhD7ymV\nQPz3yEKSnug2Z4UJzxigARKjOC5udJV0/OC+Pg+7EjaMViPheZKPkA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age1uw83n25fx9th2q5y2yedeyzmtzk5yjtwx0kh054v5r2mxc0utuwqacdf77",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtb3diZVRiZmgra2JaeERP\nbnBhSHJqU01pK1Z1WFFwSW9EeFpFMXdTdGdNCjNoT0gwM1l4RGdCNFI1bmRLeHkx\nL05CWXpaeUYweVk5ekZQUFdSTHhrR3cKLS0tIG9IQlhxMEdSYitaUGczelNrK2JJ\nWkRZMFkyc0dxWVF6bzl4cVRPbU1lRU0KxNOmERyKlVhe0TmSwaWQccBFA+wstGjT\nTjRbBISfhiSrsET6sEdZtd4nzk2U1ovGNjMMQVig6f5HiIHrjHQq5Q==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"lastmodified": "2023-01-03T15:04:58Z",
|
"lastmodified": "2023-01-03T15:04:58Z",
|
||||||
"mac": "ENC[AES256_GCM,data:4PTqDajceBpa2P/FCojNHIKbIDWpktIfID8x+M6cCCDm78yUcORnQhayQh6jnqx8BICD2tEtLZnaK/dkSgP15rlzPVeigkbLK7mcscJCPQKiVkAz7NghUvHK2humyd2ERsHd+vE8+lJ9TnLWap+nVamc0kTdWqgxJtm4w7MPP6s=,iv:PyfROMfOTP74hVlsVZIARe+0rlnFVyNEn4cmT1+Do44=,tag:MvUuLXDV5DkoY50FC5ELEg==,type:str]",
|
"mac": "ENC[AES256_GCM,data:4PTqDajceBpa2P/FCojNHIKbIDWpktIfID8x+M6cCCDm78yUcORnQhayQh6jnqx8BICD2tEtLZnaK/dkSgP15rlzPVeigkbLK7mcscJCPQKiVkAz7NghUvHK2humyd2ERsHd+vE8+lJ9TnLWap+nVamc0kTdWqgxJtm4w7MPP6s=,iv:PyfROMfOTP74hVlsVZIARe+0rlnFVyNEn4cmT1+Do44=,tag:MvUuLXDV5DkoY50FC5ELEg==,type:str]",
|
||||||
"pgp": [
|
"pgp": [
|
||||||
{
|
{
|
||||||
"created_at": "2023-07-23T14:01:50Z",
|
"created_at": "2023-08-12T09:40:00Z",
|
||||||
"enc": "-----BEGIN PGP MESSAGE-----\n\nwV4DOnsoj685gdcSAQdA2Iq55ou8udmveRjfbun2dDyL7Pq77TfluaRDkNi3eU4w\nYFi7rICoN9DEAP2XbGculIVBSbudCWh+uvX336Py48ZV76GLKOD3dG+HADbK800S\n0lEBGScx9xIwPiakOz+BIrxaYecn8g6LpBN5CggmQ9lEFUb9M23vIBivJGB1cl+q\neataWLxdxYE87d/aEPCCfTz5WXZ4wi0LU8TQFsQYs7z5GqE=\n=HlHl\n-----END PGP MESSAGE-----",
|
"enc": "-----BEGIN PGP MESSAGE-----\n\nwV4DOnsoj685gdcSAQdA1Ybc+5QxMtgirLjmBTsKh2qARuDxT/bbwsmwIsLC5i0w\nEJeP/A/uM+xQyidCNhGQTn5ummw2b6tEkbgsj0W+lw7rvpXmVv/fsmRUAd6Xle40\n0lEBygugsLr8Mxx2VtU0Q1zbUoAIE2Fmd4etqBQoDKUVsWzT4PQIrXxa1AO2psDK\nYRZ+urojM1PIviKHxUSTdx5iq1877QkMh1q6MwNdzd3bC7M=\n=0HCi\n-----END PGP MESSAGE-----",
|
||||||
"fp": "67BEE56343B6420D550EDF2A6D617FD0A85BAADA"
|
"fp": "67BEE56343B6420D550EDF2A6D617FD0A85BAADA"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"created_at": "2023-07-23T14:01:50Z",
|
"created_at": "2023-08-12T09:40:00Z",
|
||||||
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAxFMPvz46t7rARAAjrlZXCzbwqER2r8wNecAovEEfDqZBoE4j5UTIsqiH9yT\ncjHN8E9Xvsq4Hru9/0ZQkBSYfawrn9+5bEb673XuCjUkwwCq4fnY/LjFNNtXaSEQ\n9fEqKQPXp0FoxwTuzBxMsJi/MYl7jYJEagVp9+LhrNoWGVMrv08NNM1ClCDKlpFn\n+S0JEZ6LfJobjBy2UGs5JDoV0lRjUyN7cgHd5KKRpzdjk+4yvCiNFoQZchT0Rxrr\nADhNj3vD628L8+ssve+Sb2XlAErMR6atFw4h4vdvemNoTkdZTeH2woDWLSND+mNi\nf32sHhaQ57Urv39VkJn7/8fIxYEk6nAEP/Y+7EdUhmgevYSeSMsXpnBIg2HghlPI\njURnjtG+PUmLgMO1iYYEqK0iCtqZhNGUPA87fkjzbfScpaekt+NEFO4D611MMEJs\n9wqkMeqUI1rkjKok1EyDiauRgdBiggZGVmk7oFF9W7De+vAxi+DJmc5WkQ/Ho6bA\nvQtndHdiqoP4aDwPVmwaHKlQFfdpyXZN5wHR9zfAoNqyAckNxFZxd8U5kXTk4+Oi\nZYqlYfd/iRltVe/qRdpNokK5eRgdNt/LfHSNFKdZtLLKcY7vU6u5XkZ3gg/frKbS\nnQeZzF3RydvJXmULb7UF/dBKYrrcpHyzVvHkf6rVoZz7uiya/HZy1LXjFarATPbS\nXgFXJ8V5C3/PdWgv3vgAQMPYQqLWP1obma6gRXagHlRGbNCxL41OJYxW9vgqd/U9\ngWvExE5MD3dSki0t4MMRSdkHcMuP9pHR8NWCtNZA6cmZsQy6h6nVoCCvVwDcpkM=\n=f/zT\n-----END PGP MESSAGE-----\n",
|
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAxFMPvz46t7rAQ//d4UF77U2quxmZKgoCT/6I9qfO0EVPLklX9dvV9hWE3DS\niHDXBhbQEUiMWbHQMEM5xZOmayx95ljow3SQsB2ydPAmh/u56vN2Vi1iKj8dYZ90\nEc3OPJe6jx0uXN61h3jTA4Zd5fM6WfS4162YJE4qyCc+id6H9C4oQZUEKY9Yg1Lq\n7hXoVCYWz7E7fxc4hLyXXeK9PQNfzPkAZPA/nm5yc8fv6UNpmUdA1/TJapdjRYq5\n9krsPTksTyuiEu77HhL0MKXL2ohzN9nXbCSUSRMtVxUZLtcQ44NpW35RO26h3Vpi\ngmrT+mrpxW3oTBa+g9jiivQMHnn0o1xDPckMs3p4nSuSAJj6sNYIG5C0q3U+avRl\nSXbryfXebP0GezDFPduavOcJZ9XlGV3Oyrg7m2VZURK45muIcl0TFmSfr8FUE6dN\nul62w1qQXtVchh2xm1tu0a8nXI/1X9c1ciPbL8CZ88CQAFf9PLKHouef+bQnUdHU\n5qSleIehMKLI08PXDLvSgQW51boUJ3sqF97pPkWZIOFwzT6D2skN6Lflhdpugsbw\nc5qdDqSh+VpPJrlpaDgyCruCsypSFHb3NWOLW9wHL1mvFHCnNTbTX9rJz9/N/iFE\npQPjoEkYivayZ/VWW5oPAQ6YEnX4Mb30Je/Mj/piSBZSrdBMBEBYxh5ggME5GvbS\nXgFV/rYbKpW+KNtNZuwP9Z0bsocUfC96hnEAPRLLmhNIpAaUzU50lJD8XA7fZBOd\nlHe5c07iPyCqsiVrs4m+RVNmB7IULwr/L3gjTjAMxE4Z438nkrF4lrgO3wRzMV8=\n=mlBS\n-----END PGP MESSAGE-----\n",
|
||||||
"fp": "B1480CFF9BBE8E2648A26A640B2E7C171E3AD6D7"
|
"fp": "B1480CFF9BBE8E2648A26A640B2E7C171E3AD6D7"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"created_at": "2023-07-23T14:01:50Z",
|
"created_at": "2023-08-12T09:40:00Z",
|
||||||
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyBlv2iMmB8kSAQdA4/evVT3haDIHvX9lPsK8nwKhQTAr2Vo7KObMvWV2zHQw\n6QHatxbZNsiZtt+dEizbt4TOiPN4q8FRfUSY5DjWxgas2GFkWLC6OhlzKzuPNpZv\n1GgBCQIQEdrM53JXp8afqk4ZOgEujLrsYvPB7fhojQFED+6wODYg4NgjtyjlN3tP\nhAc2cDHsntBeKAk8NpJ97hutnLNyBOXPGV0sucrm1D9ghW5NMAL9+4PBIUNjt7D8\nvn3PcHmhzOD1rg==\n=7sm9\n-----END PGP MESSAGE-----\n",
|
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyBlv2iMmB8kSAQdA6svYhM1VtUlzZZBD2CUt7RpLMu/gEI7bvWuZZFMGlEUw\nEvg9ODjP9LqscGaE6Fg1XMRiseseuW2xLDfZ8cVI3DG90xmh9l85JqQV7QnZMjco\n1GgBCQIQXQfLSY7ASniqfJZvSIeEnOlig0thXhaRpkKXASS2Kjqt32rY5snFsVXi\nEt/j3h5Aay8MgSPE3yx3Jy4/43pMTuDbPfsaa5yE+4VmfKAHquJBQttrMU2QK5C2\nJTpLt9dwBvQFjg==\n=XsfZ\n-----END PGP MESSAGE-----\n",
|
||||||
"fp": "5D22C6EC4A6E52469819B56D5EBCCEF2F33F7661"
|
"fp": "5D22C6EC4A6E52469819B56D5EBCCEF2F33F7661"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
|
|
|
@ -17,65 +17,74 @@ sops:
|
||||||
- recipient: age14ysl953378r2vvy7ft3gwce9xp83pr6wypf5lgx2yjwx2lxra5qs6j8eqe
|
- recipient: age14ysl953378r2vvy7ft3gwce9xp83pr6wypf5lgx2yjwx2lxra5qs6j8eqe
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaSVNDN2QzV1poc0VnWnJt
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFMTZBN1FpalRYNk51QTd0
|
||||||
YVlCb09yczFUQzQrdEtGcllFMmhlZU1oYXk4CkMzV1hOTE92ekhHdUZ0ZW9iN3Bv
|
NWFvNkRINllNNVlSNE4xTGJKbUVXWlpDR0ZZCloyUklLMG9LOGhseER4SXRpSy96
|
||||||
RFZ3eU5tM0pPcjVEUGtES1MvNkpQcjAKLS0tIEYydlRaN2ZxQ0h0aUtUeWhlTWNZ
|
S2FGTXl6bnRxdDUyZDZJTzEyLy9CYk0KLS0tIGd2aVRGQUFZbldjY3BMQ21XaitF
|
||||||
YXJIcXA5VUlWWEVnQnAwb0FETmdpeW8KFNrvvr5BsDpM/7CirEf9N8NY8A38f4P2
|
RE5aQmtMRzVZSVFFUG9RMlV6WEFuckUK5KRZWrf2EXa6XHcono2XfX0Z10qsPzo+
|
||||||
nZ5FIdwXc+7lRAoLeft7ekpAJHb51lMk5h/SuSFFs1w/xHBGEXXubA==
|
3g/EAX9dBqC+ZUAhYNqtkgoOPcgW1G34Ab+YsFSxOddL8OCMLczw6Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1w3wqxt5t00hjv43dcxlr5rjec5mvuzz9ajc8k04azq0gfx0ncgysu6mdmm
|
- recipient: age1w3wqxt5t00hjv43dcxlr5rjec5mvuzz9ajc8k04azq0gfx0ncgysu6mdmm
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwY1huR0FPWGJpam9BbFpK
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYYjR4ejY2K3c1clV1TnlX
|
||||||
VlY3T0puZEEvOExhZTczWndhMmV5Uzd0ZWdNClE1akJDb1pSblUyMWlZekV3VHZs
|
NVRjTEZCcytQZXVEYkpaSHFtRGZkN1gyaVFjCmlXbTRhMzllNVRnQ3BpbTlvQXpt
|
||||||
VktGcGQrM2ZiOFNQVFZnemZzT1llUk0KLS0tIElLYTY3RE1ucDRBVGFYZkFLSU5o
|
d1FwaUw5M3FVL0RnSzFIUEdoZDZWTmsKLS0tIHBRRmQvTEtMUnNJeklDYmlyUFgy
|
||||||
eXZ0QUw4YlU0OURBbm91N21XQ2tWRzgKSbq+We0JpdsLLalXdKFEezH6l7GuvvT9
|
eEx2RGw2WXprcko1eG5DUVljNis5Y28Kh2fWZOyErmxGjcyXY51xLJBUS6sa6dyL
|
||||||
xuwXEtJ+hi6jCedafROuzuEOsxwELkCUU0y/80CAf33BV0Wk1l3Jjg==
|
8fXOgDhV/kd2gldwK0po3m083rVziuADBsuD7A8WOmR01YcRyODJZQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1uw83n25fx9th2q5y2yedeyzmtzk5yjtwx0kh054v5r2mxc0utuwqacdf77
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJTk5DdHhqTEtvMEdRVXJO
|
||||||
|
azVudUhhSVV3Z05VVmNsUThsenBrN285Z2dVCmtWYVVqYjZRT0xWMG84YVNiRG82
|
||||||
|
T0hxMlpsZUlTRk9ZdGR2VHJmaXgxYmcKLS0tIHF3VDZUcWF0YmpadE5mYzZYUUQz
|
||||||
|
ZFo4UnJjRjRZUE1VSHZFSFRYaEdqbTAKxFzA8SwentyIhEbhdwCw75VrevuRuYGI
|
||||||
|
eFQzNf4MyFV1SZM6mgSNr8LEjhzyTIntTVMo0jq+8k9m2iRzE0LSEg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-01-06T15:51:57Z"
|
lastmodified: "2023-01-06T15:51:57Z"
|
||||||
mac: ENC[AES256_GCM,data:PPS3MV1tZJMtb1ITMhXTnseIBonpanjISFiUAV46LesJLDH7ag8UM8Vwgdrl5WOI3SIZcTiwvYGjRctLx69kWnbEJPFzg22EZSzvQJAIzdxHe1aac6th++5z2hPCFUp04/CYrB5zqIirku/pw7gLGzOlwVCvUJEvLf0V0mjn93A=,iv:v4RHMFHY/sADWv324thv8ZVTX41I3faRtXIyaB7QVWo=,tag:VXduStNDEPkFGPa9RyKSrw==,type:str]
|
mac: ENC[AES256_GCM,data:PPS3MV1tZJMtb1ITMhXTnseIBonpanjISFiUAV46LesJLDH7ag8UM8Vwgdrl5WOI3SIZcTiwvYGjRctLx69kWnbEJPFzg22EZSzvQJAIzdxHe1aac6th++5z2hPCFUp04/CYrB5zqIirku/pw7gLGzOlwVCvUJEvLf0V0mjn93A=,iv:v4RHMFHY/sADWv324thv8ZVTX41I3faRtXIyaB7QVWo=,tag:VXduStNDEPkFGPa9RyKSrw==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2023-07-23T14:01:53Z"
|
- created_at: "2023-08-12T09:40:01Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
wV4DOnsoj685gdcSAQdAVOb1xVaaCsEM1wfaEhfD0phkdkHb7gI7EmOKIANyUwEw
|
wV4DOnsoj685gdcSAQdAi5kbjF9H4WB/BxgLT2LfOOv0FSQQeCRbmlwwm5jM6Wgw
|
||||||
s4ayKjTl08RcxuGKNdZWe5/OZ8kekT1BL6yhPfURZXeYXfDM/bcLCwsTaQpzN7IP
|
9RhEZzHhaPTuq/sgPOtT9Af666OuOPyu6g2gNttMeg2vzn0vbHFLfFVXKuaBomJF
|
||||||
0lEBU2Yy/gKUN486dIZG/y4hJZhrJuxv2JJbox9dALSHxsyOUpeQMaCWd+TDqEss
|
0lEBkqVifjuIhBDw97BnwVUGO4xsBQ2KCNfRLAEHEB2jLXfI0f0KyzbvopwukDpA
|
||||||
if6q70lHgtDnWFA8FtHqq5qYEVLB3JwZUyNXq3CX1RtR3g4=
|
tith8z5+gfRBum2tnWqB1PRXHy5vpZhCXifW10+3OqaIWhw=
|
||||||
=lJyK
|
=8ehQ
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: 67BEE56343B6420D550EDF2A6D617FD0A85BAADA
|
fp: 67BEE56343B6420D550EDF2A6D617FD0A85BAADA
|
||||||
- created_at: "2023-07-23T14:01:53Z"
|
- created_at: "2023-08-12T09:40:01Z"
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
hQIMAxFMPvz46t7rAQ//WRLRAtPXfn6v4tsMdqs2/XuPqYgEbYs2iJ8bKMfRDyra
|
hQIMAxFMPvz46t7rAQ/9GKUFfk0R14JVwQlkwjUlGo6m2TAx5K57tqIQ7QPkNR4y
|
||||||
mciYOKAb8O1dj0C5kzxLE0pUiT1WJSJJ/sFrAmfdPLgiYT1agNhDDw+gJXB5I0XU
|
ml/XdmMz19zo0iadrQJ+KhLXP2U7nsyXCjf9nkAXsYDGRCtBewkfuPaRWtu0O1vh
|
||||||
O3nBCc15Di4cYdjF/tK8cHvIU6ip28BOEbtIK7w4IktpVQj4+Z9wuTW5S5Urj3xx
|
HpBY4yKWIj2uXYXkOAsDMU4IAnexYjvkRJkL2KF/j7ksQs/6UKB0GulZfo5CQCXj
|
||||||
OeJrifErMCgcb3dq/b1GugHOeeDVp0QpHpzrPec/NWvQATnuemvQ3eNDpe9hq94H
|
XNB8HiuuJxddsSPBPu7UXouTKo4TAHEE83AhzJTIID6nb0sKcLpgivj9ixMf0qZ2
|
||||||
PScKu47IoF0l85j84OHFf5WEPU8UjZY/ULXBInUlmLLGRUuWY3/JixqxSc0TfWHY
|
tMoKoeLXZ43amzILH6cWeuBr9X0J0Up4+vcvfPfqdtu5U/RsyOJa2vlaGKchNFRe
|
||||||
a16kzonLisKhqpJw5XeXaZpu+SgYHOVR0522+mSPMeB/5oTIA/lRDPT2XxIv86KI
|
5KhYcNV1C3AdJLpXXH1wF0gyj0FE/W6FTsP7Tz68/4rmzlGFOWHbci0KITkaG6da
|
||||||
i2MWS6duhU/4aGBJXQ/Elrf0I2D3dYdWokzSkQWg2oNKWGftb8x/AFTHHvwvH6wz
|
/JgAyxAcBbPRR2IUw72uSpATEhXhY7EnSYdV/9ythHw6BqC/1uOxaNHormTyVu7O
|
||||||
95fR/c3prHrTt9BRD4dFYOZTZ0JJzvk2htrc4P0yjU/julkG0zIGaMzdHPg2P3J3
|
mLNBEo0s/6Lzl2/+WR/F7fRiUxZ0CKUJgsdQEyvwCF4p6OWBeYU4YcNGZmz2vQHO
|
||||||
OIUoaFCqab1QI8hBlkBadpIRiNFWupcDwN7acgD/KGMurqAuRxLdQl6UIsTQryMl
|
+Sj6fBWLzIvhMkCI2evaGbCduv1L53reban2GYUO9teEDMUe5hoEe7E6DmccSFvl
|
||||||
RQiVkjoe55R1LXmfRzBiDtsgNZxTBk6tui0kh4k3pWpXMc3t4eQGflQ+WRuntEbW
|
rew7R4uAlH23BmHrp5lLAnTZeaeG9gML5qbWqt+9PVagNFCncgfHU7lwcUqv5hKx
|
||||||
NqU7nIaPBiP6Fs8CzFfx9FGlk11sbXEa/IHPkz89YHFaoabACMCjUzt/jJk6JxPS
|
pZI+5SJSE8+hxM7U40AJYwk+CnQc4ydN7lt/oWfPLxkHchKJ8WO+GOn1XtNDOuvS
|
||||||
XgGX6NEoubA78wkxCrejMawxzwoSMR74sEgmQ31WOI9f5FL8QXFdM1z9QRSeekYl
|
XgF8qbKudvWbEYY9J1ZkJhuCyfA+JBnWs1Go9dHqbBaDXjajGiJ+l/QSJ1vUNV6E
|
||||||
Zx8wAjq15n4TGaZ30b3lASzAfjjFFU99hq28YoboyyKiruGugS23ELsS84ZiRZs=
|
ywvYIQ3Hm9Afzh7N3yYB01e9yY+cEh6OmzCpCwHY2CqiDKFlZoPOqQrbYuRJkNw=
|
||||||
=fmTi
|
=7iXC
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: B1480CFF9BBE8E2648A26A640B2E7C171E3AD6D7
|
fp: B1480CFF9BBE8E2648A26A640B2E7C171E3AD6D7
|
||||||
- created_at: "2023-07-23T14:01:53Z"
|
- created_at: "2023-08-12T09:40:01Z"
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
hF4DyBlv2iMmB8kSAQdAt+l2hn9Mb6JjjmyjAbVhpT/YPkTHkfFOHH6GHGhU+F8w
|
hF4DyBlv2iMmB8kSAQdACDjorLuJYZsj3AeJffiI7uL2NJ+8PzMzGqcg4Kp3whYw
|
||||||
Hbj+A8tWlRGoHStY2MPZCDftdYHz67Vzax/UNw8yJeNIq9ClDD5Kic9XLF7S3KS2
|
z2WigwqP+QnzrLinEG3Z9zHluMsVtVKfV9uhkPHIfCHq19Thl9sR3TuZq4GSJLRP
|
||||||
1GgBCQIQrrCMG2VzvQYMiFxJwYNOzcwNgPolpXVRHT9j3o+hgILlR8cYFGgJm2Vp
|
1GgBCQIQdmUR3Ui7Aeu5CUXn/I3sDwtY1JzYFCrK2HNYmsoqoQ34hmlNRfQcno7/
|
||||||
wvIsjvZen3gq7NX+kv/wYEUbwzcoChk/ZpIWTtRJuX/5fpgTblwImx2d6eGgVW7S
|
3tRE6ZNodNEJM23u+alU2gF6wfn644aiApT4dCXy/2gM2tLXvmdWT1HWwZQY55h7
|
||||||
L4G5Yz1L5H402w==
|
XkJsqxqRiGnPmg==
|
||||||
=QJLH
|
=udOd
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: 5D22C6EC4A6E52469819B56D5EBCCEF2F33F7661
|
fp: 5D22C6EC4A6E52469819B56D5EBCCEF2F33F7661
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
|
|
64
secrets/hamilton/secrets.yaml
Normal file
64
secrets/hamilton/secrets.yaml
Normal file
|
@ -0,0 +1,64 @@
|
||||||
|
placeholder: ENC[AES256_GCM,data:rzHtxg==,iv:cCQcC7FZJkGC1YIKNdqiTU+7W6YJ8hJlwT5XwdTyu/k=,tag:AfZlrP54Yh6U8l7bwCT3Bg==,type:bool]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1uw83n25fx9th2q5y2yedeyzmtzk5yjtwx0kh054v5r2mxc0utuwqacdf77
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLN2R3Nm1TUER6QWhPVVE0
|
||||||
|
cW1Ubmd0SmtoWFdURkEwcFZ0NUNRcXcrQ2lNCnROM0plQ0RwejZrU0VoY0ZMTFhl
|
||||||
|
VDlxOFFMMWhPWFB5OFp4NmZ3V2VQbTAKLS0tIFRLZ2doSVpxMzF5NzRjSCtkVEh3
|
||||||
|
aWQ2QW05a1lrbTZZci9VMldpVzNCZFkKCJwEd5TkZaIb2M1E149/NEUB1E5E8gLu
|
||||||
|
YSDnb7eKfx8auWCEVCMiHx6POdpVvwxKnxUWHEnUBIMHhx+Y1MSclg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2023-08-12T08:45:36Z"
|
||||||
|
mac: ENC[AES256_GCM,data:pjGhTGsY7I7AF2Pd2fINT0PzJOWSF6TvE26NTC6xNwJ2fnL+opANJnLkdRpZFw7rXVqGdjvZmtYV/Z4MZTH3n5NRM9cg/sQ1kRLS6LIgGFd0xqxhCE26gArquOSqbWb7BU9vyq9A4XFqi9Jx0yjP9+ywYOjrIuVN7OHDyWsN4sU=,iv:3nSB6qNHq9HRa1YCHDGRopiArXPWob10/ON8Y7rMeKc=,tag:2FElWlRUskM+Z/DlfeAs1w==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2023-08-12T09:39:58Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wV4DOnsoj685gdcSAQdAoB+nuYO7vGHr2cWga/fMP4+qFWlxBcFu9kA/qi09Vz4w
|
||||||
|
ZrUfL7KpT1d2c6QGUGcdxUGpJTZcgg8eir695HwbYZY4PJBYrz8VmyllJoNPnBw7
|
||||||
|
0lEBCn2B3ukwTFCvns4Go+dnm/4FZ+tqZSUrLUcfPUWuniM4rsAo5yBidU+QYg6+
|
||||||
|
jnur+ISLjxpLUz8QFC7Z+fk6ScwGzv0lG8p3gQbNfRILXrQ=
|
||||||
|
=LjgW
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 67BEE56343B6420D550EDF2A6D617FD0A85BAADA
|
||||||
|
- created_at: "2023-08-12T09:39:58Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAxFMPvz46t7rAQ/9EBWtA0TMbi9bpfFfWYjs+8Gu7o12u//lnHB8bo/QCn0x
|
||||||
|
wOJf7ZziMgaXRnpepkU4nPY0MAMYl/wLZEBT0WGw+MlZqACeypEAXOcnfJo7aY8/
|
||||||
|
ELb3qpG3K60OLgs2TTH8ZNtj6GUJ4BkpDVyOOFZqrNCtiTE/2RH8ZQfKVzdMScMo
|
||||||
|
mIPLjhkJGF14pH2MoAFxBDtyejm1o58s0q1e8H2LF9s8mheSWZivd3t4vyD64NiU
|
||||||
|
GGSnqxfZuGR7JFi3zRjcOJHC1anofux17vX21IIoncPRpdIaDjYl2QabzSLQ5CUR
|
||||||
|
l1p0OBh8M1s+iQSVLDP+GVacAy1RQDI6IgQuMWZY50DqTVSjRYcmF5DamgBDbXoR
|
||||||
|
MVJZ8KLSIDZ3U8yKV3A7cbYd7qxsAIS60ej0c4JX0AcwwhYTb7tAliEn7Nx02yzG
|
||||||
|
3b+P9Mov0OVQJsXFlJar0nLlXU0ohitAEksFTn61ZTJV6PHALKamkRaH2jEv7ra8
|
||||||
|
8oxQG5mocuNUJtdkIzKLEDseALXImkQDlyAu/hj75bzQ3y6zlwVgSxRpeGLT+BHM
|
||||||
|
cySKYrPADLGYrRS1Ik95gAjo4y8PTrw1k/jZZmT7ISW6v5gjU/+7PBECgEg3Y4z6
|
||||||
|
3sv7A4lAhys3gH6hXVvFD6UJgQNa2fJOwV73stb5G3NsqSIhk6UMKSbnGnVptsHS
|
||||||
|
XAF8fw5kiO4o+grocMTFE+s879jOuhn+AqHlzqR1RpLDuOZarfdLuTGIKkOcDRB3
|
||||||
|
5WutQCRqWD/J5y2NMrlxKKo+ojLlbbFd5AlbxYuF7mBVwgYMvdgCSyJJ/ou7
|
||||||
|
=eTdo
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: B1480CFF9BBE8E2648A26A640B2E7C171E3AD6D7
|
||||||
|
- created_at: "2023-08-12T09:39:58Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hF4DyBlv2iMmB8kSAQdA6EyjnHd/2OSBpXwzIbak2ZFSs+yoK/cnQ3knqxEHxmww
|
||||||
|
TAENHwoQDzo+0w04p36d7YZkFo2EBl2c8J+3DdkH+SwDw5pFVUAQCKhwVoMx7A0j
|
||||||
|
1GYBCQIQnI5zbMif/y2gGAn9uN/fgosQtlpuCjcsNraL/gCxoJQ/6X5BC++bi+y4
|
||||||
|
As7y/Y9/vxqLHGR049OjorjH3cdDpzPOfFURl5Ew2T65Jx2DK2yqfTNC4xT1Slwk
|
||||||
|
cGhvygtLBfY=
|
||||||
|
=Web8
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 5D22C6EC4A6E52469819B56D5EBCCEF2F33F7661
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.7.3
|
|
@ -39,18 +39,10 @@
|
||||||
|
|
||||||
monDomain = "mon.${config.networking.domain}";
|
monDomain = "mon.${config.networking.domain}";
|
||||||
|
|
||||||
# deadnix: skip # Will be used as soon as we have two non-dev hosts
|
|
||||||
isMe = host: host.config.networking.fqdn == fqdn;
|
isMe = host: host.config.networking.fqdn == fqdn;
|
||||||
# deadnix: skip # Will be used as soon as we have two non-dev hosts
|
|
||||||
isDev_ = getAttrFromPath [ "_module" "args" "isDev" ];
|
isDev_ = getAttrFromPath [ "_module" "args" "isDev" ];
|
||||||
allHosts = outputs.nixosConfigurations // externalTargets;
|
allHosts = outputs.nixosConfigurations // externalTargets;
|
||||||
/*
|
allTargets = filterAttrs (_: c: (isMe c) || !(isDev_ c)) allHosts;
|
||||||
Right now we only have one non-dev host in our NixOS setup (the ansible hosts don't monitor the NixOS hosts).
|
|
||||||
That's why we currently add all hosts to our little monitoring "cluster". As soon as we have two or more production hosts,
|
|
||||||
the dev host can be taken out of the equation
|
|
||||||
*/
|
|
||||||
# allTargets = filterAttrs (_: c: (isMe c) || !(isDev_ c)) allHosts;
|
|
||||||
allTargets = allHosts;
|
|
||||||
|
|
||||||
monTarget = service: config: "${config.networking.hostName}.${monDomain}:${toString service.port}";
|
monTarget = service: config: "${config.networking.hostName}.${monDomain}:${toString service.port}";
|
||||||
targetAllHosts = servicePath: let
|
targetAllHosts = servicePath: let
|
||||||
|
@ -97,7 +89,8 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts."${fqdn}" = let
|
services.nginx.enable = lib.mkDefault true;
|
||||||
|
services.nginx.virtualHosts."${fqdn}" = let
|
||||||
monitoring_htpasswd = config.sops.secrets."monitoring.htpasswd".path;
|
monitoring_htpasswd = config.sops.secrets."monitoring.htpasswd".path;
|
||||||
in {
|
in {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
|
Loading…
Reference in a new issue