D hosts/cloud/default.nix => hosts/cloud/default.nix +0 -20
@@ 1,20 0,0 @@
-{config, ...}: {
- sops.secrets.rootPwd.neededForUsers = true;
- sops.secrets.liljamoPwd.neededForUsers = true;
-
- # Outline is under BSL1.1.
- arta.unfree.allow = ["outline"];
-
- roles.base = {
- root.hashedPasswordFile = config.sops.secrets.rootPwd.path;
- primaryUser = {
- username = "liljamo";
- hashedPasswordFile = config.sops.secrets.liljamoPwd.path;
- };
- };
-
- roles.tailscale = {
- enable = true;
- enableSSH = true;
- };
-}
R systems/hosts/cloud/default.nix => lxc/hosts/cloud/default.nix +6 -0
@@ 10,6 10,12 @@ in {
./miniflux.nix
./vikunja.nix
];
+ sops.secrets.rootPwd.neededForUsers = true;
+
+ roles.base.root.hashedPasswordFile = config.sops.secrets.rootPwd.path;
+
+ # Outline is under BSL1.1.
+ roles.unfree.allow = ["outline"];
networking.firewall.allowedTCPPorts = [80 config.services.outline.port];
R systems/hosts/cloud/miniflux.nix => lxc/hosts/cloud/miniflux.nix +0 -0
R systems/hosts/cloud/vikunja.nix => lxc/hosts/cloud/vikunja.nix +0 -0
M lxc/hosts/default.nix => lxc/hosts/default.nix +5 -0
@@ 4,6 4,11 @@ profiles: {
profile = profiles.generic;
modules = [];
};
+ cloud = {
+ system = "x86_64-linux";
+ profile = profiles.generic;
+ modules = [];
+ };
dns = {
system = "x86_64-linux";
profile = profiles.generic;
M lxc/roles/default.nix => lxc/roles/default.nix +1 -0
@@ 5,5 5,6 @@
./cadvisor.nix
./prometheus.nix
./tailscale.nix
+ ./unfree.nix
];
}
A lxc/roles/unfree.nix => lxc/roles/unfree.nix +19 -0
@@ 0,0 1,19 @@
+{
+ config,
+ lib,
+ ...
+}: let
+ cfg = config.roles.unfree;
+in {
+ options.roles.unfree = {
+ allow = lib.mkOption {
+ type = lib.types.listOf lib.types.str;
+ default = [];
+ };
+ };
+
+ config = {
+ nixpkgs.config.allowUnfreePredicate = pkg:
+ builtins.elem (lib.getName pkg) cfg.allow;
+ };
+}
M secrets/cloud/secrets.yaml => secrets/cloud/secrets.yaml +3 -4
@@ 1,5 1,4 @@
-rootPwd: ENC[AES256_GCM,data:XwfHY6qCxwYOtoKxYp+3gbx2JQpVDrq/KpFdLuSy0Mb026+ixrncicEw4E3R9iq9MnRZJpoauGxw1XQlBcvF2kx2sXZAnQxpHWGPZTunntTiDij/n6ahKbIuGqQHDAzc8KKlnRdCIebgEw==,iv:oAicqT0VJqjWI/Al/aLRDF0rEqCANmUuaml9aR1vKko=,tag:DDzOKvnsKSxZqosJM/gYnw==,type:str]
-liljamoPwd: ENC[AES256_GCM,data:kp7QlA523jH3b5QyDqYAehd4vc01HqIqbbZwdVKY0mA6uiqFeUk7PMDwuH7NRnCGD8msaC3gyUUglBtWs3XGWukDA8H+lw5ZqCDaRD+KESURc3/s+LABiUf8Zwm6Dj5zWRmLctot85BWsA==,iv:VevfwnY1YpIRsSFd39cfuioPkGC3PSLlDbCXNmOuwXI=,tag:/e5L2CRWRHeppbyjAmf6gw==,type:str]
+rootPwd: ENC[AES256_GCM,data:rwoj/TaJw8vtYw6/B4fS27jye7cD6ExKcyAzVcHTsmcsM13T8DbQvzfJUo3t4LE+NyJZQOVl8RiKcRbqBGQDCzm4Q6zP9PODs04PrT3eXCvKAdCkngx7PDH3qBWopPd1F/VuXw4TGaBRtg==,iv:Xx9CN8kSCq7UKtN24zFmibpvaeYjCU45OdSmXb4i/tU=,tag:vSBfyD/9OxhOW31afqYNyA==,type:str]
outline:
secretKey: ENC[AES256_GCM,data:POFzIrLEWmOAu2+53nD8KIJQ0q6oeDKdzpikfuNwxvjXfORwcG7QXjSU8wWfCXORbrT5knh7rcU9yvvBZXVObQ==,iv:f8dULXac9C6vnXZRvKhIc6WyVYl5eF/nrUs7ZCNdPYQ=,tag:boO+R3ny01WZfHT4WyEJ6A==,type:str]
utilsSecret: ENC[AES256_GCM,data:MUluti1wd8x0z5eIVcPi4n5cmOLBBanM9pRQYPonxbJVAGuPrrfDLGJ8OrqNJGzrN4LmdW57Mhn0kAYf6Jl4Gw==,iv:pM6QdHK1xnYdu+zIoYlBirdhWaZbgud/2IqRO22jHbM=,tag:XOfeAO8DS60Ei8Rq2VofaA==,type:str]
@@ 28,8 27,8 @@ sops:
TjduMkxMazUveTlUdStwRGJaRDlpaTAKW7P6B3W1tih2S81TRY7m/Me9Gr6CwZLi
Wymq21dT+Or2FR8F2LZDHG8WiUOu/8bvSZ0ZYZpfs5mCvufdRhPFaA==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2024-09-28T15:18:05Z"
- mac: ENC[AES256_GCM,data:KXEj88VPXYLbM0v4bTkAFaIuEMI9/FPu/yS0QRoORq2c71Sm3uSsfZLRRYzfxQm1Q+6hjnyYiqRbpxjYDGDmUn7Oyfo3hESpAJguhUPi4Xbw60rB2ZryKhc/+DmGu4uR391grovlbgYXorfjlo0n0QpVlCyO0OlAiM1qqNhGPl0=,iv:/HuVsqL8J1WOFv22tQb+0NSp2VdmPkgFs4GFfF8DaVU=,tag:lzgxj4IPhTtOSWviefI81A==,type:str]
+ lastmodified: "2024-11-13T16:09:35Z"
+ mac: ENC[AES256_GCM,data:XisL3vvjuWNuaLSwJJZFn1r46iPON8KVv9HcLV7ax5C9BFywKWPFw4pN1J72pWisJLQ2WNCFZ21M4vjtN42TKs4HkTjPDRn6Gevi+zpLI4ghyw8EGiaQg1Hr8756vhFgQ7jzgxIiWzMy+YorcmFgJdKe0VG1iFD5FgwQz+b5JfY=,iv:RGj+SVTIxZ2aia7n6a5S6XGPfGDsXdPxmi8kpclvAG8=,tag:NwDPtJTnY6ARfX3udvE5oA==,type:str]
pgp:
- created_at: "2024-09-09T17:25:01Z"
enc: |-
M systems/hosts/default.nix => systems/hosts/default.nix +0 -5
@@ 17,11 17,6 @@
};
# LXCs
- cloud = {
- system = "x86_64-linux";
- profile = lxc;
- modules = [];
- };
oci = {
system = "x86_64-linux";
profile = lxc;