diff --git a/.sops.yaml b/.sops.yaml index 31d016a..528d294 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -13,6 +13,7 @@ keys: - &host_ildkule age1x28hmzvuv6f2n66c0jtqcca3h9rput8d7j5uek6jcpx8n9egd52sqpejq0 - &host_bekkalokk age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd - &host_bicep age1sl43gc9cw939z5tgha2lpwf0xxxgcnlw7w4xem4sqgmt2pt264vq0dmwx2 + - &host_kvernberg age19rlntxt0m27waa0n288g9wgpksa6ndlzz8eneeqya7w3zd7may0sqzhcvz creation_rules: # Global secrets @@ -78,3 +79,9 @@ creation_rules: - *user_pederbs_bjarte pgp: - *user_oysteikt + + - path_regex: secrets/kvernberg/[^/]+$ + key_groups: + - age: + - *host_kvernberg + - *user_danio diff --git a/flake.lock b/flake.lock index ff70982..a9b2f64 100644 --- a/flake.lock +++ b/flake.lock @@ -119,16 +119,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1731663789, - "narHash": "sha256-x07g4NcqGP6mQn6AISXJaks9sQYDjZmTMBlKIvajvyc=", + "lastModified": 1731779898, + "narHash": "sha256-oxxCrYZM0WNRoaokDyVXcPIlTc8Z2yX4QjKbgXGI3IM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "035d434d48f4375ac5d3a620954cf5fda7dd7c36", + "rev": "9972661139e27eed0237df4dde34839e09028cd5", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.05-small", + "ref": "refs/pull/332699/merge", "repo": "nixpkgs", "type": "github" } diff --git a/hosts/kvernberg/configuration.nix b/hosts/kvernberg/configuration.nix index 446b4a4..c665517 100644 --- a/hosts/kvernberg/configuration.nix +++ b/hosts/kvernberg/configuration.nix @@ -5,8 +5,9 @@ ./hardware-configuration.nix (fp /base) (fp /misc/metrics-exporters.nix) - ./disks.nix + + ./services/pvvvvvv ]; sops.defaultSopsFile = fp /secrets/kvernberg/kvernberg.yaml; diff --git a/hosts/kvernberg/services/pvvvvvv/default.nix b/hosts/kvernberg/services/pvvvvvv/default.nix new file mode 100644 index 0000000..ddb1f36 --- /dev/null +++ b/hosts/kvernberg/services/pvvvvvv/default.nix @@ -0,0 +1,11 @@ +{ + imports = [ + ./exchange.nix + ]; + + services.taler = { + settings = { + taler.CURRENCY = "SCHPENN"; + }; + }; +} diff --git a/hosts/kvernberg/services/pvvvvvv/exchange.nix b/hosts/kvernberg/services/pvvvvvv/exchange.nix new file mode 100644 index 0000000..eee2a33 --- /dev/null +++ b/hosts/kvernberg/services/pvvvvvv/exchange.nix @@ -0,0 +1,38 @@ +{ config, lib, fp, pkgs, ... }: +let + cfg = config.services.taler; + inherit (cfg.settings.taler) CURRENCY; +in { + sops.secrets.exchange-offline-master = { + format = "binary"; + sopsFile = fp /secrets/kvernberg/exhange-offline-master.priv; + }; + + services.taler.exchange = { + enable = true; + debug = true; + openFirewall = true; + denominationConfig = '' + [COIN-${CURRENCY}-k1-1-0] + VALUE = ${CURRENCY}:1 + DURATION_WITHDRAW = 7 days + DURATION_SPEND = 1 years + DURATION_LEGAL = 3 years + FEE_WITHDRAW = ${CURRENCY}:0 + FEE_DEPOSIT = ${CURRENCY}:0 + FEE_REFRESH = ${CURRENCY}:0 + FEE_REFUND = ${CURRENCY}:0 + RSA_KEYSIZE = 2048 + CIPHER = RSA + ''; + settings = { + exchange = { + MASTER_PUBLIC_KEY = "J331T37C8E58P9CVE686P1JFH11DWSRJ3RE4GVDTXKES9M24ERZG"; + BASE_URL = "http://kvernberg.pvv.ntnu.no:8081/"; + }; + exchange-offline = { + MASTER_PRIV_FILE = config.sops.secrets.exchange-offline-master.path; + }; + }; + }; +} diff --git a/secrets/kvernberg/exhange-offline-master.priv b/secrets/kvernberg/exhange-offline-master.priv new file mode 100644 index 0000000..25d3197 --- /dev/null +++ b/secrets/kvernberg/exhange-offline-master.priv @@ -0,0 +1,24 @@ +{ + "data": "ENC[AES256_GCM,data:dhVo1B+ZG1B6s0bTLgph4ipPmi0mveaObbJAffDQbpY=,iv:P5plvu4DQYa99cQZQ6B/gEFcSffu3lTY3+Z80Cfoj94=,tag:4xcqCbn6fFSmCbYmmEgQEg==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age19rlntxt0m27waa0n288g9wgpksa6ndlzz8eneeqya7w3zd7may0sqzhcvz", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5MzVHSE15Nk9MODQxc2g0\nbHlqNmFKclBYbUNKQTNUOGo0VThiaEZTVzJFCmU2YkYwMXlyeHM3ZzAxOWZpa3k4\nUUJLanVFbkNMa25RcGZmOTBsVmtzazQKLS0tIE1sTTBqT3VJMDFOYXl0T1JvcDRV\nRFpsZGNOZzFzMFc3YzcxeXdIK1d6QUUKzy0n7DJsOmrNvU03Tn6Zcj/l/kAylzzP\nhNnFLXfStdKl3A/qrzBPhTVbYD73yFkZuQ+bDr7/IMsHAmDsztuA9g==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnbEdBWjdEbmtNYWJHQnFj\nSU1yb0NYVG4xVlZkYTdUWUpDcGdmbFF6U1NrCjBlWFZkcC9FMVJLYUtDNlBTUWcw\nNHBwWFNESDBQQmJNb3NDN2tDekM4eUUKLS0tICtMVGc1L2JFQ1BqKzM3eWFPRmRQ\nWXlQUWpvdUdOUlZ1OFhtS0ErL0JKSlUKzxLKbsnXvEqnR2HVsTxNqmM7YPjWfCjG\nZ4Bf046NdseomkNuTvWuPzjzPTe4GvjudMYc4ODchkIMOo6hXyf5kw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-11-17T01:12:23Z", + "mac": "ENC[AES256_GCM,data:aXIM/pmgVmfNSa+PwpfK6Efh/kCWXUqZNcKLkyhRwl++vaIBQUIQgQjv09hWHOF77V3ZjRQjh2E1uNe2baBLEmrDT5Au+7VABW+j49KX/vKMd+1l4w47l3DukOVnoo50bsOQFtH+amSl2P2imxpO15sjVDu9/nUeu2qXrtbIUh8=,iv:BQVs3P9p86uzTH2BfuSOxycpE6di4ZIwSz7OTZdcQPg=,tag:mT4Ek8dDbVINGp4Odt62zw==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.1" + } +} \ No newline at end of file