7 files changed, 12 insertions(+), 28 deletions(-)
D hosts/proxy/default.nix
M lxc/hosts/default.nix
R systems/hosts/proxy/default.nix => lxc/hosts/proxy/default.nix
R systems/hosts/proxy/domainstobackends.map => lxc/hosts/proxy/domainstobackends.map
R systems/hosts/proxy/haproxy.conf => lxc/hosts/proxy/haproxy.conf
M secrets/proxy/secrets.yaml
M systems/hosts/default.nix
D hosts/proxy/default.nix => hosts/proxy/default.nix +0 -17
@@ 1,17 0,0 @@
-{config, ...}: {
- sops.secrets.rootPwd.neededForUsers = true;
- sops.secrets.liljamoPwd.neededForUsers = true;
-
- roles.base = {
- root.hashedPasswordFile = config.sops.secrets.rootPwd.path;
- primaryUser = {
- username = "liljamo";
- hashedPasswordFile = config.sops.secrets.liljamoPwd.path;
- };
- };
-
- roles.tailscale = {
- enable = true;
- enableSSH = true;
- };
-}
M lxc/hosts/default.nix => lxc/hosts/default.nix +5 -0
@@ 24,6 24,11 @@ profiles: {
profile = profiles.generic;
modules = [];
};
+ proxy = {
+ system = "x86_64-linux";
+ profile = profiles.generic;
+ modules = [];
+ };
social = {
system = "x86_64-linux";
profile = profiles.generic;
R systems/hosts/proxy/default.nix => lxc/hosts/proxy/default.nix +4 -0
@@ 5,6 5,10 @@
}: let
promtailPort = 3100;
in {
+ sops.secrets.rootPwd.neededForUsers = true;
+
+ roles.base.root.hashedPasswordFile = config.sops.secrets.rootPwd.path;
+
sops.secrets.wg0PrivateKey = {};
sops.secrets.wg0PresharedKey = {};
R systems/hosts/proxy/domainstobackends.map => lxc/hosts/proxy/domainstobackends.map +0 -0
R systems/hosts/proxy/haproxy.conf => lxc/hosts/proxy/haproxy.conf +0 -0
M secrets/proxy/secrets.yaml => secrets/proxy/secrets.yaml +3 -4
@@ 1,5 1,4 @@
-rootPwd: ENC[AES256_GCM,data:qoKUOPPB4uuK8Wykn+OI+DZdFg/IQOO354MiQUzwWeP8FEGJzY75lHPOB/fGXq9OqjmAHoFQLRa8XjNaHmpGBQpU2v737z+w3I4fHLA4fBOtDykFTKqCXXL5yccj1LKRmZ+yewvU18LAag==,iv:XhFEFxYrhCXqb01xzIoPEYfhwcZaQ+TOABgpLh+kI4E=,tag:qZSp+UAlGaIWjR377nRJxA==,type:str]
-liljamoPwd: ENC[AES256_GCM,data:xdTpyxoELOTVxSqkKiR62fVsykfhpKLAfBsJKzILkNbCiPLSHKpGl/VWO5+nxv+eM8UNIMSDjf5P55BRfKc+b/1IPrkY65Va33KIcJGlvE+e9wkCdDiBcCLj3v9+Q1kIjPtptsBMm1o1DQ==,iv:Ay0JWUBH+hrnSubaaJFlqvYYLz3+fAizaR92O2J1NBw=,tag:doaRHFx68JO5zEygrCyOAg==,type:str]
+rootPwd: ENC[AES256_GCM,data:oPPh80HC4K+C/74ytXMRjvNalbeWsNvjAumBsRkDOQ/R1BypMzbogM6ONfBkk4NJn/fGry+scA0KyTiM1dMO5/yvwGH7cdxXiPUcuORZA0sQbZhcLHZWEx8QW5BGFDG33lHYuccji1BZcg==,iv:r1dX8rJZVMHM0+Jy9VDqZ4mGqNaqoX96cE1SzySMS8M=,tag:iNBRxQQ8MXgt51aGy2WHxg==,type:str]
wg0PrivateKey: ENC[AES256_GCM,data:0GXueiosfoS0MUVpvL7Pb3qXhVoLchC2ZgelQ64MRWnQhiawMZp3JJ24Elc=,iv:wwcbySleh/ST/Dm1qBYe9dHjC573LslkFdReyZj1K6w=,tag:d6c59m4QPBMlZtFP+toFAw==,type:str]
wg0PresharedKey: ENC[AES256_GCM,data:isNyNSjJwpvWpCBCE19PE+VL/pqD6K5ho5TPPNCEdizAjxBDBFdWUlRTnaY=,iv:twOcys1cliE5hV8cUGqYh+EPOOiyvmnsbKbsWUZgZsY=,tag:H5G9Rh+OI/SWSPoGLCEciQ==,type:str]
sops:
@@ 17,8 16,8 @@ sops:
L1ZCL0FpRnh6d0VldjAvOTlLb0tjUXcKMrvDltAuOVNF7w4CDot4wuRsLzlsgoDG
DZj/utJB/2lbNn+1dlIcAGPG9QYR7peoI3vooer+FWA2bX2JvUnifA==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2024-10-03T07:09:21Z"
- mac: ENC[AES256_GCM,data:bc7/QJxVYpZZ/pd8MmI7uU/XUeSG0Km6hTDs31RU/1PaW3qUEU28jAxP8hzihxBpmjJ9/auWFLJ45R4zV3K+xoO2Dda9KlXlh+hmAnxr43czLpNDsAinbAkDoHjczJCTUSb6DKbkALVlzCVPtGIHtEb9eC4zZI+XtMhXczrbKkE=,iv:JguBTpSnMlm793at7Qwvd/M89KJ9xTkrCpulRpX/VOU=,tag:qDPSU83aTr8Op5FSNhZo+Q==,type:str]
+ lastmodified: "2024-11-13T16:27:09Z"
+ mac: ENC[AES256_GCM,data:IPysfjfPGRYTXUUPhCGUsSfmSDFMtSEk+kcDyZgUIh17VPlX5BwT3aN8XdCZnEArNtPD+/qp6RJkL/dgKiA2Ocb1lBxA+RYqG0U43JoHAKc1aKdPBvW/3ztHhPDR+ZjcC3uAhGRLFDXYECIXGMK7dFEMxD5d2+Yr9nAJ381F7jw=,iv:os9FUjmzyiWVRcK9o2Wp0/40T7kitpfzn55p0qETYDE=,tag:J9XiNjWSYTSgEGtRHm/8Fg==,type:str]
pgp:
- created_at: "2024-09-14T08:14:09Z"
enc: |-
M systems/hosts/default.nix => systems/hosts/default.nix +0 -7
@@ 15,11 15,4 @@
profile = laptop;
modules = [];
};
-
- # LXCs
- proxy = {
- system = "x86_64-linux";
- profile = lxc;
- modules = [];
- };
}