Maybe this sets up the exchange idk....

This commit is contained in:
Daniel Lovbrotte Olsen 2024-11-16 00:13:55 +01:00
parent 761385fe8b
commit d4d7927b54
6 changed files with 86 additions and 5 deletions

View File

@ -13,6 +13,7 @@ keys:
- &host_ildkule age1x28hmzvuv6f2n66c0jtqcca3h9rput8d7j5uek6jcpx8n9egd52sqpejq0
- &host_bekkalokk age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd
- &host_bicep age1sl43gc9cw939z5tgha2lpwf0xxxgcnlw7w4xem4sqgmt2pt264vq0dmwx2
- &host_kvernberg age19rlntxt0m27waa0n288g9wgpksa6ndlzz8eneeqya7w3zd7may0sqzhcvz
creation_rules:
# Global secrets
@ -78,3 +79,9 @@ creation_rules:
- *user_pederbs_bjarte
pgp:
- *user_oysteikt
- path_regex: secrets/kvernberg/[^/]+$
key_groups:
- age:
- *host_kvernberg
- *user_danio

8
flake.lock generated
View File

@ -119,16 +119,16 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1731663789,
"narHash": "sha256-x07g4NcqGP6mQn6AISXJaks9sQYDjZmTMBlKIvajvyc=",
"lastModified": 1731779898,
"narHash": "sha256-oxxCrYZM0WNRoaokDyVXcPIlTc8Z2yX4QjKbgXGI3IM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "035d434d48f4375ac5d3a620954cf5fda7dd7c36",
"rev": "9972661139e27eed0237df4dde34839e09028cd5",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05-small",
"ref": "refs/pull/332699/merge",
"repo": "nixpkgs",
"type": "github"
}

View File

@ -5,8 +5,9 @@
./hardware-configuration.nix
(fp /base)
(fp /misc/metrics-exporters.nix)
./disks.nix
./services/pvvvvvv
];
sops.defaultSopsFile = fp /secrets/kvernberg/kvernberg.yaml;

View File

@ -0,0 +1,11 @@
{
imports = [
./exchange.nix
];
services.taler = {
settings = {
taler.CURRENCY = "SCHPENN";
};
};
}

View File

@ -0,0 +1,38 @@
{ config, lib, fp, pkgs, ... }:
let
cfg = config.services.taler;
inherit (cfg.settings.taler) CURRENCY;
in {
sops.secrets.exchange-offline-master = {
format = "binary";
sopsFile = fp /secrets/kvernberg/exhange-offline-master.priv;
};
services.taler.exchange = {
enable = true;
debug = true;
openFierwall = true;
denominationConfig = ''
[COIN-${CURRENCY}-k1-1-0]
VALUE = ${CURRENCY}:1
DURATION_WITHDRAW = 7 days
DURATION_SPEND = 1 years
DURATION_LEGAL = 3 years
FEE_WITHDRAW = ${CURRENCY}:0
FEE_DEPOSIT = ${CURRENCY}:0
FEE_REFRESH = ${CURRENCY}:0
FEE_REFUND = ${CURRENCY}:0
RSA_KEYSIZE = 2048
CIPHER = RSA
'';
settings = {
exchange = {
MASTER_PUBLIC_KEY = "J331T37C8E58P9CVE686P1JFH11DWSRJ3RE4GVDTXKES9M24ERZG";
BASE_URL = "http://kvernberg.pvv.ntnu.no:8081/";
};
exchange-offline = {
MASTER_PRIV_FILE = config.sops.secrets.exchange-offline-master.path;
};
};
};
}

View File

@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:dhVo1B+ZG1B6s0bTLgph4ipPmi0mveaObbJAffDQbpY=,iv:P5plvu4DQYa99cQZQ6B/gEFcSffu3lTY3+Z80Cfoj94=,tag:4xcqCbn6fFSmCbYmmEgQEg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age19rlntxt0m27waa0n288g9wgpksa6ndlzz8eneeqya7w3zd7may0sqzhcvz",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5MzVHSE15Nk9MODQxc2g0\nbHlqNmFKclBYbUNKQTNUOGo0VThiaEZTVzJFCmU2YkYwMXlyeHM3ZzAxOWZpa3k4\nUUJLanVFbkNMa25RcGZmOTBsVmtzazQKLS0tIE1sTTBqT3VJMDFOYXl0T1JvcDRV\nRFpsZGNOZzFzMFc3YzcxeXdIK1d6QUUKzy0n7DJsOmrNvU03Tn6Zcj/l/kAylzzP\nhNnFLXfStdKl3A/qrzBPhTVbYD73yFkZuQ+bDr7/IMsHAmDsztuA9g==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnbEdBWjdEbmtNYWJHQnFj\nSU1yb0NYVG4xVlZkYTdUWUpDcGdmbFF6U1NrCjBlWFZkcC9FMVJLYUtDNlBTUWcw\nNHBwWFNESDBQQmJNb3NDN2tDekM4eUUKLS0tICtMVGc1L2JFQ1BqKzM3eWFPRmRQ\nWXlQUWpvdUdOUlZ1OFhtS0ErL0JKSlUKzxLKbsnXvEqnR2HVsTxNqmM7YPjWfCjG\nZ4Bf046NdseomkNuTvWuPzjzPTe4GvjudMYc4ODchkIMOo6hXyf5kw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-17T01:12:23Z",
"mac": "ENC[AES256_GCM,data:aXIM/pmgVmfNSa+PwpfK6Efh/kCWXUqZNcKLkyhRwl++vaIBQUIQgQjv09hWHOF77V3ZjRQjh2E1uNe2baBLEmrDT5Au+7VABW+j49KX/vKMd+1l4w47l3DukOVnoo50bsOQFtH+amSl2P2imxpO15sjVDu9/nUeu2qXrtbIUh8=,iv:BQVs3P9p86uzTH2BfuSOxycpE6di4ZIwSz7OTZdcQPg=,tag:mT4Ek8dDbVINGp4Odt62zw==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}