forked from Drift/pvv-nixos-config
Add host ildkule
This commit is contained in:
parent
44f2b6d8d8
commit
6b1f0eb090
|
@ -1,5 +1,6 @@
|
||||||
keys:
|
keys:
|
||||||
- &user_danio age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
|
- &user_danio age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
|
||||||
|
- &user_felixalb age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
|
||||||
- &host_jokum age1n4vc3dhv8puqz6ntwrkkpdfj0q002hexqee48wzahll8cmce2ezssrq608
|
- &host_jokum age1n4vc3dhv8puqz6ntwrkkpdfj0q002hexqee48wzahll8cmce2ezssrq608
|
||||||
creation_rules:
|
creation_rules:
|
||||||
# Global secrets
|
# Global secrets
|
||||||
|
@ -15,3 +16,9 @@ creation_rules:
|
||||||
- age:
|
- age:
|
||||||
- *user_danio
|
- *user_danio
|
||||||
- *host_jokum
|
- *host_jokum
|
||||||
|
|
||||||
|
- path_regex: secrets/ildkule/[^/]+\.yaml$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *user_felixalb
|
||||||
|
- *user_danio
|
||||||
|
|
|
@ -30,6 +30,14 @@
|
||||||
inputs.matrix-next.nixosModules.synapse
|
inputs.matrix-next.nixosModules.synapse
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
ildkule = nixpkgs.lib.nixosSystem {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
specialArgs = { inherit unstable inputs; };
|
||||||
|
modules = [
|
||||||
|
./hosts/ildkule/configuration.nix
|
||||||
|
sops-nix.nixosModules.sops
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
devShells = forAllSystems (system: {
|
devShells = forAllSystems (system: {
|
||||||
default = nixpkgs.legacyPackages.${system}.callPackage ./shell.nix { };
|
default = nixpkgs.legacyPackages.${system}.callPackage ./shell.nix { };
|
||||||
|
|
|
@ -0,0 +1,56 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
# Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
|
||||||
|
../../base.nix
|
||||||
|
# Users can just import any configuration they want even for non-user things. Improve the users/default.nix to just load some specific attributes if this isn't wanted
|
||||||
|
];
|
||||||
|
|
||||||
|
sops.defaultSopsFile = ../../secrets/ildkule/ildkule.yaml;
|
||||||
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
||||||
|
sops.age.generateKey = true;
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
networking.hostName = "ildkule"; # Define your hostname.
|
||||||
|
|
||||||
|
networking.interfaces.ens18.useDHCP = false;
|
||||||
|
|
||||||
|
networking.defaultGateway = "129.241.210.129";
|
||||||
|
networking.interfaces.ens18.ipv4 = {
|
||||||
|
addresses = [
|
||||||
|
{
|
||||||
|
address = "129.241.210.187";
|
||||||
|
prefixLength = 25;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
networking.interfaces.ens18.ipv6 = {
|
||||||
|
addresses = [
|
||||||
|
{
|
||||||
|
address = "2001:700:300:1900::187";
|
||||||
|
prefixLength = 64;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
networking.nameservers = [ "129.241.0.200" "129.241.0.201" ];
|
||||||
|
|
||||||
|
# List packages installed in system profile
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
];
|
||||||
|
|
||||||
|
# List services that you want to enable:
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "21.11"; # Did you read the comment?
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,22 @@
|
||||||
|
{config, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
|
||||||
|
security.acme = {
|
||||||
|
acceptTerms = true;
|
||||||
|
defaults.email = "danio@pvv.ntnu.no";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
defaultListenAddresses = [ "129.241.210.187" "127.0.0.1" "127.0.0.2" "[2001:700:300:1900::187]" "[::1]" ];
|
||||||
|
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
recommendedOptimisation = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
}
|
|
@ -0,0 +1,39 @@
|
||||||
|
hello: ENC[AES256_GCM,data:MmbRxfMJf9sbqseEeSWnlGI1/4zmAdlb8ZxWCvOttJ3OlYe4Nng46SCtcSDOQA==,iv:KiD5smLGdIbMg62Q+h/9Gz7ROMdOe2CA02na/f081FM=,tag:tjdO1AzwvQWFR+JGuy4PQg==,type:str]
|
||||||
|
example_key: ENC[AES256_GCM,data:yAaiu+Rpb4377U8YIQ==,iv:OE4cpTlEVNE73y6bc5TGQvAnYU8P2c2hqnMFxzL0PHI=,tag:G7D5TJdEA+F9UwaIFKC0KA==,type:str]
|
||||||
|
#ENC[AES256_GCM,data:sGYwXL05D45kmWboJUPzjg==,iv:4nOP8F7kGGl6HhuV5Jxjol12pc3f6UO+pp+IcgUrjGU=,tag:tIf9ozHCOBeDprjEv98F1Q==,type:comment]
|
||||||
|
example_array:
|
||||||
|
- ENC[AES256_GCM,data:UQ5w4scNH8E49iQo7gM=,iv:dLT/JlTWvscnYre9g9s3YgznNuvdWDyOFozxW50zdWI=,tag:jqtV8Ebfm4Y4ayIIuYGoeg==,type:str]
|
||||||
|
- ENC[AES256_GCM,data:Zfm0FeuICoe4mrSoMRM=,iv:I/IakhKYtIclPQBA8nuAouuGylzCR/RbQLSWNWBQZYs=,tag:V1/WomLShKX0yaXkBQW0rQ==,type:str]
|
||||||
|
example_number: ENC[AES256_GCM,data:9wZEFB7/jOt11Q==,iv:5RVyKZe3D9BgRDDMsxUsMMKdVA5B3Ekm2G4WWt/1EuY=,tag:MSIbensfrWKU1d/XbcNtvg==,type:float]
|
||||||
|
example_booleans:
|
||||||
|
- ENC[AES256_GCM,data:LLg+sA==,iv:WQSKdlEaQCjdrsSYz0P+pdRD/pl3QMa01d8XV/EZUzY=,tag:QIH98LcUyPXDvs36XPbyxA==,type:bool]
|
||||||
|
- ENC[AES256_GCM,data:9ZQqdg==,iv:wWRmZ0nQg76sAKiPfGUX0KG/p41VnTc1wmANv4Wt2+w=,tag:3vmvuMDTZSEeZBpAE2soAA==,type:bool]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDM2RidW9wYUVHWHhFTmM1
|
||||||
|
c1BIazd5MTRMU3dRNEFyWHIxMzhNL21VNURZCnkzKzNNbXgrcmJtNFZjSHQyWHN1
|
||||||
|
aEpjV1dQVmJTb2F5YXJWazMxTmJUYTAKLS0tIDNRUVlTR1p3eEtRYkVMcjlYS3Ir
|
||||||
|
bWhUaDA1eTJRTGpEb3FmSTlPTFY4c3cKrrQcomMURB9dqT+aAkWbFMzMqB3AIvEl
|
||||||
|
t9Fd5puhhto5/SInssCxpH1p4kbqQZWMfDqE+eFFs2whDVuoiM/Tlg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHNkllWlY4L251Z29qOEVX
|
||||||
|
Vmh2YU5BNVhwbXhDaEpYcXoxY0hCOHhPYXdNCjROQ2piWFQ2MWYwbnF4cFdKS0tv
|
||||||
|
dFUveEsrQVRpT1REQ0hib1pla2R5RkUKLS0tIFJOSXNaZitxbWk1cHNGc1k0Zk9m
|
||||||
|
NHU1elF3L2ZRZlVJZTdZU01qNER4a1EK+pvM24FDok4lbbailCspaA1vsZrtsumH
|
||||||
|
c8uHITgStobUmdqsdv9ta8gpar0nZ66N0kztyhW15sJh1vZY8Guxxg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2022-12-17T20:25:20Z"
|
||||||
|
mac: ENC[AES256_GCM,data:KKo9xz6vQHKH6tIiU9cTA4ngwbyqeX33QwvJq5dDCJlEDm5CA+akD5Wsqyp+rGuIjiIDi01eRUONA0YRG4DcmmcRWlnmA9hrBfRWJKtV/0gR+yeYCuY95J9twu3pbOODCyMdcLJqB0tLmyqWGHowNk+mIhEw/a+kxZX+kiB8ilY=,iv:3uHmBVnuaTvnNbdtii++8FzFS7SrsO2inTBtzXmhBhU=,tag:OqpHlELdpn6mlUB544HdmA==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.7.3
|
Loading…
Reference in New Issue