M .sops.yaml => .sops.yaml +7 -0
@@ 3,6 3,7 @@ keys:
- &arwen age15hcszwfk0d6cu9ua6g4udj9tdq63jm8lja66ktxu0fjfuczczcwsm5kcxn
- &alice age1pqjj62u9u3x658a5u47nf7uf0cfek2ht09ztqamjfl7j8s2xeduqx5cfnn
- &dns age1m5ktjargxxu04dn9c2uhvaw79z74mxsc4vdrkalxjn4aa8c86plqg0hyyw
+ - &sqbuilds age1wgzza5upq4tcpanmx3p9tg9swltz58ycufcapq9s45wpq8mtvepsr0lnzk
creation_rules:
- path_regex: secrets/arwen/[^/]+\.yaml$
key_groups:
@@ 22,3 23,9 @@ creation_rules:
- *liljamo_gpg
age:
- *dns
+ - path_regex: secrets/sqbuilds/[^/]+\.yaml$
+ key_groups:
+ - pgp:
+ - *liljamo_gpg
+ age:
+ - *sqbuilds
A hosts/sqbuilds/default.nix => hosts/sqbuilds/default.nix +17 -0
@@ 0,0 1,17 @@
+{config, ...}: {
+ sops.secrets.rootPwd.neededForUsers = true;
+ sops.secrets.liljamoPwd.neededForUsers = true;
+
+ roles.base = {
+ root.hashedPasswordFile = config.sops.secrets.rootPwd.path;
+ primaryUser = {
+ username = "liljamo";
+ hashedPasswordFile = config.sops.secrets.liljamoPwd.path;
+ };
+ };
+
+ roles.tailscale = {
+ enable = true;
+ enableSSH = true;
+ };
+}
M lib/util.nix => lib/util.nix +1 -0
@@ 1,5 1,6 @@
{...}: let
hostNameToIPv4 = {
+ "sqbuilds" = "10.1.1.50";
"dns" = "10.1.2.3";
"metrics" = "10.1.2.5";
"proxy" = "10.1.2.10";
A secrets/sqbuilds/secrets.yaml => secrets/sqbuilds/secrets.yaml +34 -0
@@ 0,0 1,34 @@
+rootPwd: ENC[AES256_GCM,data:MQZkunxuLZc0vBOj+vXj3EQgabppTr3+SLcdzr7wCTP6JHm/XIQIVYZJj/BbZiJLSg8x5CKmoQQo7/duKYjELqaHjVUq371h6Leu//xwMunArS1Od663Me3rvPVf84/IfCjRKH1uxZVi/A==,iv:GY3zXrxpINlW4UcHPTmCs2mDvlm3IXtyRrzH4AKnTHI=,tag:84rTfWmJ0tmxkdoHtXj4BA==,type:str]
+liljamoPwd: ENC[AES256_GCM,data:y3f+cofbh27klaRoHgxLiPa6iZuIGkSqL9/9HJ5cv8Eq4iRupmvg6l1GezodxpYilh3fkoZX+QjxcMxw9+3yb+ou3sw/tDicOtR1Ly6oBrYaNZWSs8JukMsAZx49g+fGNcmf6E8cd6Qv/w==,iv:mn5mPRhxOAleaSNx2vR5f9vHqC3i1kru1Emfvj9vymQ=,tag:dMGPsrr9AyRzb8GuwfrclA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1wgzza5upq4tcpanmx3p9tg9swltz58ycufcapq9s45wpq8mtvepsr0lnzk
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUU1p0MVlqN3RpMTh0UGc1
+ WHAyaVdYck5mdjBzNnpCU0lqRFBDOGpydUc0CmpvNDZ1a1JyU1FabnEyTHplWHB1
+ a2x1aWpwdHpGcEZiSC9ScmxoMWhIaEUKLS0tIGRZS1JCM3NxTGNFaEpVc2NZZ1FS
+ VmkrdmhMNThtQXFXTlJ0bDhmMUhFSlEKkzfSaOjBiGrs0ts1TT23UluOFV9lASlz
+ 8d4SoUSNwP+Nq6XZcp29qbdUL+Mfs3qJEL6Ii6F/jKoGuDno4MGJ5w==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2024-08-25T15:54:44Z"
+ mac: ENC[AES256_GCM,data:CQUsMXPcqErOvtr9N8UovbcNfM2qBIpANP989Kryd6urcznupAVcyIY/je/8o56Y/yUT+STridiaPHC68FfS0SG1KtuhgU5ejNr4VJudCpWgsGmkjH89xAKl9/WzFxDaMMAbKa2y+M0xN2yAqy85LavoWXNYfrII2IYwJBFJYeg=,iv:tYVkPYHnd0OZz4NUUIauTqyJZceNpiquB4WwJuSTsW8=,tag:EPLGDBB3JZZNjzg0PX37iw==,type:str]
+ pgp:
+ - created_at: "2024-08-25T18:37:14Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4D8ab0ENzkR4wSAQdA0QXgYyn86xCBPX9MzXQsaPItFJ7bjn2SyREHsZBewS0w
+ k6RrfI3tzEtNiffJNYzQtDfNlE1BnPV7sK05gHWpRZfYBBMnTVaGtZfZ0F7ZldUv
+ 1GgBCQIQt/RD1G0XEq5ZnrTWd6MW9lp9keKchzErsbUpVZcyw3bBsq34jV9OqMhf
+ b7wON/e8yeW7g0kVoRUCOawxi//82apGJ0CMVAM2SP60/ZHvSrAI+JI4q39tisQ7
+ CnO4/RLH07/bMA==
+ =9D0Z
+ -----END PGP MESSAGE-----
+ fp: 848EEBCEE9F0D29D25C321A658577946A65EB712
+ unencrypted_suffix: _unencrypted
+ version: 3.8.1
M systems/hosts/default.nix => systems/hosts/default.nix +8 -0
@@ 2,6 2,7 @@
desktop,
laptop,
lxc,
+ vm,
...
}: {
alice = {
@@ 21,4 22,11 @@
profile = lxc;
modules = [];
};
+
+ # VMs
+ sqbuilds = {
+ system = "x86_64-linux";
+ profile = vm;
+ modules = [];
+ };
}
A systems/hosts/sqbuilds/default.nix => systems/hosts/sqbuilds/default.nix +7 -0
@@ 0,0 1,7 @@
+{...}: {
+ imports = [
+ ./hardware-configuration.nix
+ ];
+
+ system.stateVersion = "24.05";
+}
A systems/hosts/sqbuilds/hardware-configuration.nix => systems/hosts/sqbuilds/hardware-configuration.nix +30 -0
@@ 0,0 1,30 @@
+{
+ config,
+ lib,
+ pkgs,
+ modulesPath,
+ ...
+}: {
+ imports = [
+ (modulesPath + "/profiles/qemu-guest.nix")
+ ];
+
+ boot.loader.grub.enable = true;
+ boot.loader.grub.device = "/dev/vda";
+
+ boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "sr_mod" "virtio_blk"];
+ boot.initrd.kernelModules = [];
+ boot.kernelModules = [];
+ boot.extraModulePackages = [];
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/a557b22c-baff-4444-856e-e032c616f921";
+ fsType = "ext4";
+ };
+
+ swapDevices = [];
+
+ networking.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}