Add yoga to tinc
This commit is contained in:
parent
38c7afa96f
commit
8cfd8520b7
GPG key ID:
55A032EB38B49ADB
|
|
@ -4,6 +4,7 @@ keys:
|
||||||
- &nki_pc age1tt0peqg8zdfh74m5sdgwsczcqh036nhgmwvkqnvywll88uvmm9xs433rhm
|
- &nki_pc age1tt0peqg8zdfh74m5sdgwsczcqh036nhgmwvkqnvywll88uvmm9xs433rhm
|
||||||
- &nkagami_main age1n8tnmmgredzltzwkspag7aufhrn6034ny8ysjeulhkwdnf7vqqaqec4mg5
|
- &nkagami_main age1n8tnmmgredzltzwkspag7aufhrn6034ny8ysjeulhkwdnf7vqqaqec4mg5
|
||||||
- &nkagami_do age1z2h24mjt80fryqupajkh3kg5r4sjgw65uqy489xeqxhqj8u2a9fsm3ff36
|
- &nkagami_do age1z2h24mjt80fryqupajkh3kg5r4sjgw65uqy489xeqxhqj8u2a9fsm3ff36
|
||||||
|
- &nki_yoga age1vhjhmxura35apu5zdwg5ur5r40xay45ld9szh07dy0ph9chgsu7shfm4h9
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: kagami-air-m1/secrets\.yaml$
|
- path_regex: kagami-air-m1/secrets\.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
|
|
@ -22,3 +23,8 @@ creation_rules:
|
||||||
- *nki_pc
|
- *nki_pc
|
||||||
- *nkagami_main
|
- *nkagami_main
|
||||||
- *nkagami_do
|
- *nkagami_do
|
||||||
|
- path_regex: nki-yoga-g8/secrets\.yaml$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *nki_yoga
|
||||||
|
- age1axvjllyv2gutngwmp3pvp4xtq2gqneldaq2c4nrzmaye0uwmk9lqsealdv # The machine itself
|
||||||
|
|
|
||||||
|
|
@ -34,11 +34,6 @@ in
|
||||||
default = 655;
|
default = 655;
|
||||||
description = "The port to listen on";
|
description = "The port to listen on";
|
||||||
};
|
};
|
||||||
|
|
||||||
meshIp = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
description = "The mesh ip to be assigned by hostname";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable (builtins.seq
|
config = mkIf cfg.enable (builtins.seq
|
||||||
|
|
@ -51,7 +46,6 @@ in
|
||||||
myMeshIp = myHost.subnetAddr;
|
myMeshIp = myHost.subnetAddr;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
services.my-tinc.meshIp = myMeshIp;
|
|
||||||
# Scripts that set up the tinc services
|
# Scripts that set up the tinc services
|
||||||
environment.etc = {
|
environment.etc = {
|
||||||
"tinc/${networkName}/tinc-up".source = pkgs.writeScript "tinc-up-${networkName}" ''
|
"tinc/${networkName}/tinc-up".source = pkgs.writeScript "tinc-up-${networkName}" ''
|
||||||
|
|
|
||||||
|
|
@ -22,4 +22,9 @@
|
||||||
subnetAddr = "11.0.0.4";
|
subnetAddr = "11.0.0.4";
|
||||||
ed25519PublicKey = "6MN5LVE4juavv8qJW2dTN4t/haKCADWquAQj/ADF7iN";
|
ed25519PublicKey = "6MN5LVE4juavv8qJW2dTN4t/haKCADWquAQj/ADF7iN";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
yoga = {
|
||||||
|
subnetAddr = "11.0.0.5";
|
||||||
|
ed25519PublicKey = "n+gIZjuuTPxi0OBqw2oOcmXd3loOHG+GQHBMXNlgyqI";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
1
modules/my-tinc/hosts/yoga-g8.pub
Normal file
1
modules/my-tinc/hosts/yoga-g8.pub
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
Ed25519PublicKey = n+gIZjuuTPxi0OBqw2oOcmXd3loOHG+GQHBMXNlgyqI
|
||||||
|
|
@ -15,6 +15,18 @@
|
||||||
../modules/services/edns
|
../modules/services/edns
|
||||||
];
|
];
|
||||||
|
|
||||||
|
# Secrets
|
||||||
|
sops.defaultSopsFile = ./secrets.yaml;
|
||||||
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
|
||||||
|
## tinc
|
||||||
|
sops.secrets."tinc-private-key" = { };
|
||||||
|
services.my-tinc = {
|
||||||
|
enable = true;
|
||||||
|
hostName = "yoga";
|
||||||
|
ed25519PrivateKey = config.sops.secrets."tinc-private-key".path;
|
||||||
|
};
|
||||||
|
|
||||||
services.xserver.desktopManager.plasma6.enable = true;
|
services.xserver.desktopManager.plasma6.enable = true;
|
||||||
|
|
||||||
# Power Management
|
# Power Management
|
||||||
|
|
|
||||||
30
nki-yoga-g8/secrets.yaml
Normal file
30
nki-yoga-g8/secrets.yaml
Normal file
|
|
@ -0,0 +1,30 @@
|
||||||
|
tinc-private-key: ENC[AES256_GCM,data:lzmisexQPfRlIMGqbmb+uqGtOPceQ3CJGlVOeOC6nbP/IDwkufSWtxugYmUwi9IJKwO0mldijiKWuG3p9005H++8567hhPy/bU7fA4vyVC+3UVGW6l0mE+yKQXTyI7kzxkXMCK5a4Q4rUJj544vU6pt75/mytfg+Cox2woGZAHZvJ/pRuHDe2t3R6w3EYYTu6x1w5azGnFvCOVdR6XPsGJA2p3oRnEpz64L7KD2QOdtm0YsfMnorH9FbvkZgNr927VbRnBRJ1QM=,iv:4K4w6ruQxtRGjmFnWszlXZKp36TuTTnrB0sDEE/tmrM=,tag:NBP897Sw84bvZTvo/+fVfA==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1vhjhmxura35apu5zdwg5ur5r40xay45ld9szh07dy0ph9chgsu7shfm4h9
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBseVN3ODV1YkZnNms0Y09l
|
||||||
|
dUFBK1EyOTEydWg5KzAwcjZVSG8yYlRDWlhRCklLS2ZJNlBvSlEyOGF2ZFg2UGVW
|
||||||
|
UC9LN0hxdmtGN3JlOWJaTU5hbGwvc2MKLS0tIGM1NGZxd1NoTXNacEJqMVlsbTdi
|
||||||
|
MytuNUNydmJYWFYyQk9DaHVuVk85cjAKScucMPO8pyMlSxFw09NqzqVmDYVEh5xT
|
||||||
|
4fSTAsMwIiuOyV7jvHYORxKWNMLr5t6fnj8+OFq5qUc//jNWf9pVuA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1axvjllyv2gutngwmp3pvp4xtq2gqneldaq2c4nrzmaye0uwmk9lqsealdv
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYNXp6MWZGb2dGdW1ML2xq
|
||||||
|
ZWMvSVdWalQ5Z2NzTWd3Z1AweXlXZnRwUWtRCkY1VFhPS0NtbFZKU0VCMlAvSmhG
|
||||||
|
N2NmdWxTUEpMb05Ld3p6MzhhRkdBc3cKLS0tIGQ0TmFxdk1GV205azRzZ0hUWitj
|
||||||
|
eitNc1E2SzY5bkUxNWtNczRsWWJaU2MKUIu9GT7zu0MvvnXxiQfLW9pQcxFKOwPm
|
||||||
|
VRU2k3XQkYjSDZX29DxrOzaPS/L3OYNyBYMyOW8GyMa2V12lMH6lPQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-07-23T16:24:43Z"
|
||||||
|
mac: ENC[AES256_GCM,data:YTPZCX2Nkws0EJB/+PJVCYlKN0BoWqDRIH5QfhB7ayQ42tkUlz60Bt1ksbEMNtz2RS4sJSp4dlihTBLO4gRHbeMZf40f+j42Td4Dj0etqOkaspR5q5mE1XR8ml7QRzALEq5SHRi13szfO4BHaaFsSHTyFgKxA4uDzZ4JnBoxjAQ=,iv:KuO4rhO9vH+HqcgqTvOYBayitFzLhm4CQRTyzIplKnM=,tag:G/qgcxZoc89etzkUnkw02Q==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
||||||
Loading…
Reference in a new issue