e11sync
This commit is contained in:
parent
50c8a718db
commit
e4870a2a24
53
flake.lock
generated
53
flake.lock
generated
@ -51,6 +51,39 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"e11sync": {
|
||||
"inputs": {
|
||||
"flake-compat": [
|
||||
"flake-compat"
|
||||
],
|
||||
"flake-utils": [
|
||||
"flake-utils"
|
||||
],
|
||||
"geoip2-tarball": "geoip2-tarball",
|
||||
"gitignore": [
|
||||
"gitignore"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"pre-commit-hooks": [
|
||||
"pre-commit-hooks"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1705498237,
|
||||
"narHash": "sha256-FFKNlobtEjtdR+PpbarW3D2xWLTXS0jipSOPWCBh2ug=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "bf0d2452ce39c2665214cd2e869dec4117eafc25",
|
||||
"revCount": 113,
|
||||
"type": "git",
|
||||
"url": "https://git.jakstys.lt/motiejus/e11sync"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://git.jakstys.lt/motiejus/e11sync"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"locked": {
|
||||
"lastModified": 1688025799,
|
||||
@ -84,6 +117,19 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"geoip2-tarball": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1705308463,
|
||||
"narHash": "sha256-Q+t6LnGy8R6QLugw25iC0WdVPU2C3eqZPlbvVQ9EpwE=",
|
||||
"type": "tarball",
|
||||
"url": "https://dl.jakstys.lt/_/2024.01.13.tar.zst"
|
||||
},
|
||||
"original": {
|
||||
"type": "tarball",
|
||||
"url": "https://dl.jakstys.lt/_/2024.01.13.tar.zst"
|
||||
}
|
||||
},
|
||||
"gitignore": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
@ -202,11 +248,11 @@
|
||||
},
|
||||
"nur": {
|
||||
"locked": {
|
||||
"lastModified": 1705490880,
|
||||
"narHash": "sha256-JfC6ZMF/BWWIzzqYNswF/WTtIbjaF8MKkpdhl1YPyN8=",
|
||||
"lastModified": 1705498134,
|
||||
"narHash": "sha256-JWz7O2RDOAiWvndH/Gd84XvZgsFuvHhDnr4MFbCjLLA=",
|
||||
"owner": "nix-community",
|
||||
"repo": "NUR",
|
||||
"rev": "8d1c62baf47e465e0732ebf7336d2443add7e3ec",
|
||||
"rev": "2afd51ec110a41d646272a548fe5a2913f33a918",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -251,6 +297,7 @@
|
||||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"deploy-rs": "deploy-rs",
|
||||
"e11sync": "e11sync",
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-utils": "flake-utils",
|
||||
"gitignore": "gitignore",
|
||||
|
22
flake.nix
22
flake.nix
@ -53,6 +53,17 @@
|
||||
gitignore.follows = "gitignore";
|
||||
};
|
||||
};
|
||||
|
||||
e11sync = {
|
||||
url = "git+https://git.jakstys.lt/motiejus/e11sync";
|
||||
inputs = {
|
||||
nixpkgs.follows = "nixpkgs";
|
||||
flake-utils.follows = "flake-utils";
|
||||
flake-compat.follows = "flake-compat";
|
||||
gitignore.follows = "gitignore";
|
||||
pre-commit-hooks.follows = "pre-commit-hooks";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
nixConfig = {
|
||||
@ -73,6 +84,7 @@
|
||||
pre-commit-hooks,
|
||||
nur,
|
||||
nixgl,
|
||||
e11sync,
|
||||
...
|
||||
} @ inputs: let
|
||||
myData = import ./data.nix;
|
||||
@ -201,16 +213,18 @@
|
||||
system = "aarch64-linux";
|
||||
modules = [
|
||||
{nixpkgs.overlays = mkOverlays system;}
|
||||
./hosts/fra1-a/configuration.nix
|
||||
|
||||
./modules
|
||||
|
||||
# TODO: remove `${system}` from here
|
||||
e11sync.nixosModules.${system}.e11sync
|
||||
agenix.nixosModules.default
|
||||
home-manager.nixosModules.home-manager
|
||||
|
||||
./hosts/fra1-a/configuration.nix
|
||||
./modules
|
||||
|
||||
{
|
||||
age.secrets = {
|
||||
zfs-passphrase-vno1-oh2.file = ./secrets/vno1-oh2/zfs-passphrase.age;
|
||||
e11sync-secret-key.file = ./secrets/e11sync/secret-key.age;
|
||||
motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
|
||||
root-passwd-hash.file = ./secrets/root_passwd_hash.age;
|
||||
sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
|
||||
|
@ -75,12 +75,31 @@
|
||||
};
|
||||
};
|
||||
|
||||
services.nsd = {
|
||||
e11sync = {
|
||||
enable = true;
|
||||
interfaces = ["0.0.0.0" "::"];
|
||||
zones = {
|
||||
"jakstys.lt.".data = myData.jakstysLTZone;
|
||||
"11sync.net.".data = myData.e11syncZone;
|
||||
migrateOnStart = true;
|
||||
secretKeyPath = config.age.secrets.e11sync-secret-key.path;
|
||||
vhost = "11sync.net";
|
||||
};
|
||||
|
||||
services = {
|
||||
caddy = {
|
||||
enable = true;
|
||||
email = "motiejus+acme@jakstys.lt";
|
||||
globalConfig = ''
|
||||
servers {
|
||||
metrics
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
nsd = {
|
||||
enable = true;
|
||||
interfaces = ["0.0.0.0" "::"];
|
||||
zones = {
|
||||
"jakstys.lt.".data = myData.jakstysLTZone;
|
||||
"11sync.net.".data = myData.e11syncZone;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@ -90,8 +109,8 @@
|
||||
domain = "servers.jakst";
|
||||
useDHCP = true;
|
||||
firewall = {
|
||||
allowedUDPPorts = [53];
|
||||
allowedTCPPorts = [22 53];
|
||||
allowedUDPPorts = [53 443];
|
||||
allowedTCPPorts = [22 53 80 443];
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -35,9 +35,9 @@ in
|
||||
"secrets/synapse/registration_shared_secret.age"
|
||||
"secrets/synapse/macaroon_secret_key.age"
|
||||
]
|
||||
# TODO make sure secrets don't repeat here.
|
||||
// mk ([fra1-a] ++ motiejus) [
|
||||
"secrets/vno1-oh2/zfs-passphrase.age"
|
||||
"secrets/e11sync/secret-key.age"
|
||||
]
|
||||
// mk ([vno3-rp3b] ++ motiejus) [
|
||||
"secrets/vno3-rp3b/datapool-passphrase.age"
|
||||
|
14
secrets/e11sync/secret-key.age
Normal file
14
secrets/e11sync/secret-key.age
Normal file
@ -0,0 +1,14 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 qDkIVA EcrOFGh2er0Hl7xxWct2cUX4heduWCqm2+JqSH81iTY
|
||||
7oeP2PFS5nDo1QY8hVA7JtqhXg9tVoUaJmuf/ZRjs/Q
|
||||
-> X25519 ljxQYvPkqvKEYOxDlBf8gj6U8Nd6b93STFg7VvX7kTk
|
||||
bQluMiLgv37c0lK7Qcywuk76EvM6aWQ1e5jMu+b/wyQ
|
||||
-> X25519 mVpBCxyKGYxQjUIbx7saDTn5G23ytVA/cbKu09f0bmU
|
||||
ZJWx4ynxcjH+b2I/t65YcBeSWc42bbLj0GPOEmQRthY
|
||||
-> piv-p256 +y2G/w A4MZ+jL9BvSPTXcqnhumP19jMLpGHiReoMKKF18Y8c0l
|
||||
34dg3Nf0M5seK9dUHH+6mCBuRNbrCcO3Nn3133q9L8c
|
||||
-> piv-p256 jNqd3A As9f0NzBBLhHw+raFyA1MXpudE0t4g5X621nlBKyOL7g
|
||||
Ttf8gKYskH00eVYSca+el8Q7eL2SUmxAIfeUTiRYTS4
|
||||
--- OeIgN68dHKyT9/DFyr90D56ioNKYxAmartgfrDUoDG4
|
||||
œ±öASÌ4ÆÉ›ø”ÄþX«ã2ɹcnãaôÎ{ßM
|
||||
¨¬`î©^¥¼ŒñÀw<>cE¼.í?½›
k@òlOЊ0YÂîÓÞ§NkNë
|
Loading…
Reference in New Issue
Block a user