Maybe this sets up the exchange idk....
This commit is contained in:
parent
761385fe8b
commit
0ade509686
|
@ -13,6 +13,7 @@ keys:
|
||||||
- &host_ildkule age1x28hmzvuv6f2n66c0jtqcca3h9rput8d7j5uek6jcpx8n9egd52sqpejq0
|
- &host_ildkule age1x28hmzvuv6f2n66c0jtqcca3h9rput8d7j5uek6jcpx8n9egd52sqpejq0
|
||||||
- &host_bekkalokk age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd
|
- &host_bekkalokk age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd
|
||||||
- &host_bicep age1sl43gc9cw939z5tgha2lpwf0xxxgcnlw7w4xem4sqgmt2pt264vq0dmwx2
|
- &host_bicep age1sl43gc9cw939z5tgha2lpwf0xxxgcnlw7w4xem4sqgmt2pt264vq0dmwx2
|
||||||
|
- &host_kvernberg age19rlntxt0m27waa0n288g9wgpksa6ndlzz8eneeqya7w3zd7may0sqzhcvz
|
||||||
|
|
||||||
creation_rules:
|
creation_rules:
|
||||||
# Global secrets
|
# Global secrets
|
||||||
|
@ -78,3 +79,9 @@ creation_rules:
|
||||||
- *user_pederbs_bjarte
|
- *user_pederbs_bjarte
|
||||||
pgp:
|
pgp:
|
||||||
- *user_oysteikt
|
- *user_oysteikt
|
||||||
|
|
||||||
|
- path_regex: secrets/kvernberg/[^/]+$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *host_kvernberg
|
||||||
|
- *user_danio
|
||||||
|
|
|
@ -119,16 +119,16 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731663789,
|
"lastModified": 1731779898,
|
||||||
"narHash": "sha256-x07g4NcqGP6mQn6AISXJaks9sQYDjZmTMBlKIvajvyc=",
|
"narHash": "sha256-oxxCrYZM0WNRoaokDyVXcPIlTc8Z2yX4QjKbgXGI3IM=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "035d434d48f4375ac5d3a620954cf5fda7dd7c36",
|
"rev": "9972661139e27eed0237df4dde34839e09028cd5",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"ref": "nixos-24.05-small",
|
"ref": "refs/pull/332699/merge",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,8 +5,9 @@
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
(fp /base)
|
(fp /base)
|
||||||
(fp /misc/metrics-exporters.nix)
|
(fp /misc/metrics-exporters.nix)
|
||||||
|
|
||||||
./disks.nix
|
./disks.nix
|
||||||
|
|
||||||
|
./services/pvvvvvv
|
||||||
];
|
];
|
||||||
|
|
||||||
sops.defaultSopsFile = fp /secrets/kvernberg/kvernberg.yaml;
|
sops.defaultSopsFile = fp /secrets/kvernberg/kvernberg.yaml;
|
||||||
|
|
|
@ -0,0 +1,11 @@
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./exchange.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
services.taler = {
|
||||||
|
settings = {
|
||||||
|
taler.CURRENCY = "SCHPENN";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,38 @@
|
||||||
|
{ config, lib, fp, pkgs, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.services.taler;
|
||||||
|
inherit (cfg.settings.taler) CURRENCY;
|
||||||
|
in {
|
||||||
|
sops.secrets.exchange-offline-master = {
|
||||||
|
format = "binary";
|
||||||
|
sopsFile = fp /secrets/kvernberg/exhange-offline-master.priv;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.taler.exchange = {
|
||||||
|
enable = true;
|
||||||
|
debug = true;
|
||||||
|
openFirewall = true;
|
||||||
|
denominationConfig = ''
|
||||||
|
[COIN-${CURRENCY}-k1-1-0]
|
||||||
|
VALUE = ${CURRENCY}:1
|
||||||
|
DURATION_WITHDRAW = 7 days
|
||||||
|
DURATION_SPEND = 1 years
|
||||||
|
DURATION_LEGAL = 3 years
|
||||||
|
FEE_WITHDRAW = ${CURRENCY}:0
|
||||||
|
FEE_DEPOSIT = ${CURRENCY}:0
|
||||||
|
FEE_REFRESH = ${CURRENCY}:0
|
||||||
|
FEE_REFUND = ${CURRENCY}:0
|
||||||
|
RSA_KEYSIZE = 2048
|
||||||
|
CIPHER = RSA
|
||||||
|
'';
|
||||||
|
settings = {
|
||||||
|
exchange = {
|
||||||
|
MASTER_PUBLIC_KEY = "J331T37C8E58P9CVE686P1JFH11DWSRJ3RE4GVDTXKES9M24ERZG";
|
||||||
|
BASE_URL = "http://kvernberg.pvv.ntnu.no:8081/";
|
||||||
|
};
|
||||||
|
exchange-offline = {
|
||||||
|
MASTER_PRIV_FILE = config.sops.secrets.exchange-offline-master.path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,24 @@
|
||||||
|
{
|
||||||
|
"data": "ENC[AES256_GCM,data:dhVo1B+ZG1B6s0bTLgph4ipPmi0mveaObbJAffDQbpY=,iv:P5plvu4DQYa99cQZQ6B/gEFcSffu3lTY3+Z80Cfoj94=,tag:4xcqCbn6fFSmCbYmmEgQEg==,type:str]",
|
||||||
|
"sops": {
|
||||||
|
"kms": null,
|
||||||
|
"gcp_kms": null,
|
||||||
|
"azure_kv": null,
|
||||||
|
"hc_vault": null,
|
||||||
|
"age": [
|
||||||
|
{
|
||||||
|
"recipient": "age19rlntxt0m27waa0n288g9wgpksa6ndlzz8eneeqya7w3zd7may0sqzhcvz",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5MzVHSE15Nk9MODQxc2g0\nbHlqNmFKclBYbUNKQTNUOGo0VThiaEZTVzJFCmU2YkYwMXlyeHM3ZzAxOWZpa3k4\nUUJLanVFbkNMa25RcGZmOTBsVmtzazQKLS0tIE1sTTBqT3VJMDFOYXl0T1JvcDRV\nRFpsZGNOZzFzMFc3YzcxeXdIK1d6QUUKzy0n7DJsOmrNvU03Tn6Zcj/l/kAylzzP\nhNnFLXfStdKl3A/qrzBPhTVbYD73yFkZuQ+bDr7/IMsHAmDsztuA9g==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnbEdBWjdEbmtNYWJHQnFj\nSU1yb0NYVG4xVlZkYTdUWUpDcGdmbFF6U1NrCjBlWFZkcC9FMVJLYUtDNlBTUWcw\nNHBwWFNESDBQQmJNb3NDN2tDekM4eUUKLS0tICtMVGc1L2JFQ1BqKzM3eWFPRmRQ\nWXlQUWpvdUdOUlZ1OFhtS0ErL0JKSlUKzxLKbsnXvEqnR2HVsTxNqmM7YPjWfCjG\nZ4Bf046NdseomkNuTvWuPzjzPTe4GvjudMYc4ODchkIMOo6hXyf5kw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"lastmodified": "2024-11-17T01:12:23Z",
|
||||||
|
"mac": "ENC[AES256_GCM,data:aXIM/pmgVmfNSa+PwpfK6Efh/kCWXUqZNcKLkyhRwl++vaIBQUIQgQjv09hWHOF77V3ZjRQjh2E1uNe2baBLEmrDT5Au+7VABW+j49KX/vKMd+1l4w47l3DukOVnoo50bsOQFtH+amSl2P2imxpO15sjVDu9/nUeu2qXrtbIUh8=,iv:BQVs3P9p86uzTH2BfuSOxycpE6di4ZIwSz7OTZdcQPg=,tag:mT4Ek8dDbVINGp4Odt62zw==,type:str]",
|
||||||
|
"pgp": null,
|
||||||
|
"unencrypted_suffix": "_unencrypted",
|
||||||
|
"version": "3.9.1"
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue