This commit is contained in:
Motiejus Jakštys 2024-01-17 13:17:19 +02:00
parent 50c8a718db
commit e4870a2a24
5 changed files with 109 additions and 15 deletions

53
flake.lock generated
View File

@ -51,6 +51,39 @@
"type": "github"
}
},
"e11sync": {
"inputs": {
"flake-compat": [
"flake-compat"
],
"flake-utils": [
"flake-utils"
],
"geoip2-tarball": "geoip2-tarball",
"gitignore": [
"gitignore"
],
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": [
"pre-commit-hooks"
]
},
"locked": {
"lastModified": 1705498237,
"narHash": "sha256-FFKNlobtEjtdR+PpbarW3D2xWLTXS0jipSOPWCBh2ug=",
"ref": "refs/heads/main",
"rev": "bf0d2452ce39c2665214cd2e869dec4117eafc25",
"revCount": 113,
"type": "git",
"url": "https://git.jakstys.lt/motiejus/e11sync"
},
"original": {
"type": "git",
"url": "https://git.jakstys.lt/motiejus/e11sync"
}
},
"flake-compat": {
"locked": {
"lastModified": 1688025799,
@ -84,6 +117,19 @@
"type": "github"
}
},
"geoip2-tarball": {
"flake": false,
"locked": {
"lastModified": 1705308463,
"narHash": "sha256-Q+t6LnGy8R6QLugw25iC0WdVPU2C3eqZPlbvVQ9EpwE=",
"type": "tarball",
"url": "https://dl.jakstys.lt/_/2024.01.13.tar.zst"
},
"original": {
"type": "tarball",
"url": "https://dl.jakstys.lt/_/2024.01.13.tar.zst"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
@ -202,11 +248,11 @@
},
"nur": {
"locked": {
"lastModified": 1705490880,
"narHash": "sha256-JfC6ZMF/BWWIzzqYNswF/WTtIbjaF8MKkpdhl1YPyN8=",
"lastModified": 1705498134,
"narHash": "sha256-JWz7O2RDOAiWvndH/Gd84XvZgsFuvHhDnr4MFbCjLLA=",
"owner": "nix-community",
"repo": "NUR",
"rev": "8d1c62baf47e465e0732ebf7336d2443add7e3ec",
"rev": "2afd51ec110a41d646272a548fe5a2913f33a918",
"type": "github"
},
"original": {
@ -251,6 +297,7 @@
"inputs": {
"agenix": "agenix",
"deploy-rs": "deploy-rs",
"e11sync": "e11sync",
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"gitignore": "gitignore",

View File

@ -53,6 +53,17 @@
gitignore.follows = "gitignore";
};
};
e11sync = {
url = "git+https://git.jakstys.lt/motiejus/e11sync";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
flake-compat.follows = "flake-compat";
gitignore.follows = "gitignore";
pre-commit-hooks.follows = "pre-commit-hooks";
};
};
};
nixConfig = {
@ -73,6 +84,7 @@
pre-commit-hooks,
nur,
nixgl,
e11sync,
...
} @ inputs: let
myData = import ./data.nix;
@ -201,16 +213,18 @@
system = "aarch64-linux";
modules = [
{nixpkgs.overlays = mkOverlays system;}
./hosts/fra1-a/configuration.nix
./modules
# TODO: remove `${system}` from here
e11sync.nixosModules.${system}.e11sync
agenix.nixosModules.default
home-manager.nixosModules.home-manager
./hosts/fra1-a/configuration.nix
./modules
{
age.secrets = {
zfs-passphrase-vno1-oh2.file = ./secrets/vno1-oh2/zfs-passphrase.age;
e11sync-secret-key.file = ./secrets/e11sync/secret-key.age;
motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
root-passwd-hash.file = ./secrets/root_passwd_hash.age;
sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;

View File

@ -75,12 +75,31 @@
};
};
services.nsd = {
e11sync = {
enable = true;
interfaces = ["0.0.0.0" "::"];
zones = {
"jakstys.lt.".data = myData.jakstysLTZone;
"11sync.net.".data = myData.e11syncZone;
migrateOnStart = true;
secretKeyPath = config.age.secrets.e11sync-secret-key.path;
vhost = "11sync.net";
};
services = {
caddy = {
enable = true;
email = "motiejus+acme@jakstys.lt";
globalConfig = ''
servers {
metrics
}
'';
};
nsd = {
enable = true;
interfaces = ["0.0.0.0" "::"];
zones = {
"jakstys.lt.".data = myData.jakstysLTZone;
"11sync.net.".data = myData.e11syncZone;
};
};
};
@ -90,8 +109,8 @@
domain = "servers.jakst";
useDHCP = true;
firewall = {
allowedUDPPorts = [53];
allowedTCPPorts = [22 53];
allowedUDPPorts = [53 443];
allowedTCPPorts = [22 53 80 443];
};
};

View File

@ -35,9 +35,9 @@ in
"secrets/synapse/registration_shared_secret.age"
"secrets/synapse/macaroon_secret_key.age"
]
# TODO make sure secrets don't repeat here.
// mk ([fra1-a] ++ motiejus) [
"secrets/vno1-oh2/zfs-passphrase.age"
"secrets/e11sync/secret-key.age"
]
// mk ([vno3-rp3b] ++ motiejus) [
"secrets/vno3-rp3b/datapool-passphrase.age"

View File

@ -0,0 +1,14 @@
age-encryption.org/v1
-> ssh-ed25519 qDkIVA EcrOFGh2er0Hl7xxWct2cUX4heduWCqm2+JqSH81iTY
7oeP2PFS5nDo1QY8hVA7JtqhXg9tVoUaJmuf/ZRjs/Q
-> X25519 ljxQYvPkqvKEYOxDlBf8gj6U8Nd6b93STFg7VvX7kTk
bQluMiLgv37c0lK7Qcywuk76EvM6aWQ1e5jMu+b/wyQ
-> X25519 mVpBCxyKGYxQjUIbx7saDTn5G23ytVA/cbKu09f0bmU
ZJWx4ynxcjH+b2I/t65YcBeSWc42bbLj0GPOEmQRthY
-> piv-p256 +y2G/w A4MZ+jL9BvSPTXcqnhumP19jMLpGHiReoMKKF18Y8c0l
34dg3Nf0M5seK9dUHH+6mCBuRNbrCcO3Nn3133q9L8c
-> piv-p256 jNqd3A As9f0NzBBLhHw+raFyA1MXpudE0t4g5X621nlBKyOL7g
Ttf8gKYskH00eVYSca+el8Q7eL2SUmxAIfeUTiRYTS4
--- OeIgN68dHKyT9/DFyr90D56ioNKYxAmartgfrDUoDG4
œ±öASÌ4­ÆÉøÄþX«ã2ɹcnãÎ{ßM
¨¬`î©^¥¼ŒñÀw<>cE¼.í?½› k@òlOЊ0YÂîÓÞ§NkNë