fixed typo and added test vm
This commit is contained in:
parent
80ccf96a3a
commit
ab8e827aca
22
flake.nix
22
flake.nix
|
@ -10,7 +10,8 @@
|
||||||
let
|
let
|
||||||
in {
|
in {
|
||||||
#packages."aarch64-linux".sanddorn = self.nixosConfigurations.sanddorn.config.system.build.sdImage;
|
#packages."aarch64-linux".sanddorn = self.nixosConfigurations.sanddorn.config.system.build.sdImage;
|
||||||
#packages."x86_64-linux".sanddorn = self.nixosConfigurations.sanddorn.config.system.build.sdImage;
|
packages."x86_64-linux".quitte = self.nixosConfigurations.quitte.config.system.build.vm;
|
||||||
|
packages."x86_64-linux".default = self.packages."x86_64-linux".quitte;
|
||||||
|
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
birne = nixpkgs.lib.nixosSystem {
|
birne = nixpkgs.lib.nixosSystem {
|
||||||
|
@ -64,6 +65,25 @@
|
||||||
./modules/wiki.nix
|
./modules/wiki.nix
|
||||||
./modules/stream.nix
|
./modules/stream.nix
|
||||||
{
|
{
|
||||||
|
sops.defaultSopsFile = ./secrets/quitte.yaml;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
quitte-vm = nixpkgs.lib.nixosSystem {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
modules = [
|
||||||
|
inputs.sops-nix.nixosModules.sops
|
||||||
|
./modules/base.nix
|
||||||
|
./modules/sops.nix
|
||||||
|
./modules/keycloak.nix
|
||||||
|
./modules/nginx.nix
|
||||||
|
./modules/hedgedoc.nix
|
||||||
|
./modules/wiki.nix
|
||||||
|
./modules/stream.nix
|
||||||
|
./modules/vm.nix
|
||||||
|
"${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix"
|
||||||
|
{
|
||||||
|
_module.args.buildVM = true;
|
||||||
sops.defaultSopsFile = ./secrets/durian.yaml;
|
sops.defaultSopsFile = ./secrets/durian.yaml;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
41
modules/vm.nix
Normal file
41
modules/vm.nix
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
{ config, lib, pkgs, buildVM, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
assertions = [
|
||||||
|
{ assertion = buildVM; message = "this module may only be used when building a VM!"; }
|
||||||
|
];
|
||||||
|
|
||||||
|
users.users.root.hashedPassword = "";
|
||||||
|
users.mutableUsers = false;
|
||||||
|
|
||||||
|
networking.useDHCP = lib.mkForce false;
|
||||||
|
networking.interfaces = lib.mkForce {
|
||||||
|
eth0.useDHCP = true;
|
||||||
|
};
|
||||||
|
networking.defaultGateway = lib.mkForce null;
|
||||||
|
|
||||||
|
sops.defaultSopsFile = lib.mkForce ../secrets/quitte-vm.yaml;
|
||||||
|
sops.age.sshKeyPaths = lib.mkForce [ ];
|
||||||
|
sops.gnupg.sshKeyPaths = lib.mkForce [ ];
|
||||||
|
sops.age.keyFile = lib.mkForce "${../keys/gpg/test.age}";
|
||||||
|
sops.age.generateKey = lib.mkForce false;
|
||||||
|
|
||||||
|
# don't use production endpoint for test vm, to avoid rate limiting
|
||||||
|
security.acme.defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
||||||
|
|
||||||
|
# Set VM disk size (in MB)
|
||||||
|
virtualisation.diskSize = 2048;
|
||||||
|
|
||||||
|
# Set VM ram amount (in MB)
|
||||||
|
virtualisation.memorySize = 2048;
|
||||||
|
|
||||||
|
virtualisation.forwardPorts = [
|
||||||
|
{ from = "host"; host.port = 2222; guest.port = 22; }
|
||||||
|
];
|
||||||
|
virtualisation.graphics = false;
|
||||||
|
|
||||||
|
# show systemd logs on console
|
||||||
|
services.journald.extraConfig = ''
|
||||||
|
ForwardToConsole=yes
|
||||||
|
'';
|
||||||
|
}
|
79
secrets/test.yaml
Normal file
79
secrets/test.yaml
Normal file
|
@ -0,0 +1,79 @@
|
||||||
|
postgres_keycloak: ENC[AES256_GCM,data:dHuqrGcrJUE5GZhhWG5a4Ko=,iv:bvbyDXhkovtX5BQKw36WTGyUl3KR0Df2fB5qmMWbqqU=,tag:95XJCjKJjrITsHXK8ABF6A==,type:str]
|
||||||
|
postgres_hedgedoc: ENC[AES256_GCM,data:XWbf3F1b00RBFS9NXytzVkQ=,iv:dTbRUncYKsqOh0y0MTEJCpPcwfvROkIiO8v9OxZiHPU=,tag:YUxAkmbYKbGdGbIMS/8mOw==,type:str]
|
||||||
|
hedgedoc_session_secret: ENC[AES256_GCM,data:wi2hWcIAU2u2t0hJkSUBI5pp2T29V/M=,iv:Iph099lne6cH6V1gnobcGZl/mfJZiw1bFJMdSTiVsxE=,tag:xGI+S3Uygzmdnmd0l1kCaQ==,type:str]
|
||||||
|
wg-seckey: ENC[AES256_GCM,data:wuDmkZgUzzK5,iv:sa2I3qVkXWddcZlItfmKj3K5vT10WE/knoVOaA/HrIQ=,tag:SzGnDifhyol63eQKeJevcA==,type:str]
|
||||||
|
mediawiki:
|
||||||
|
postgres: ENC[AES256_GCM,data:bna6ksGVOHWor7OqVL/jgeDIxA==,iv:bgkQh+NgPE/hr4N4YOCzSCfs7vaOx4pSWlc8WxI8qMc=,tag:WIjyu1i0M7flGFFovH5jWQ==,type:str]
|
||||||
|
initial_admin: ENC[AES256_GCM,data:YRd3O5774NTmshxbQPbFjg==,iv:/Ra3WbZKcnUMf99ujN9qd/+DkOkFKv4cIEfUdmxpqMw=,tag:gj7ZbwIB1HLuPpGTgiz7Vg==,type:str]
|
||||||
|
ldapprovider: ENC[AES256_GCM,data:dVrCFVgm4BDtUhcj9rSKXwnaIKsC5GGsDUoPJH1q5F4inskuSbFigcLM/UJFNOcr5R1dL+mYUOvnmIcoWA5AsuFKs3NzSYJVtVAm0x7vYSkHnfXu93V2F8Lc1xX/kZrFfnmNUXwhv2I+hknPUApY7wpmZOdk9NLKv4tbsgVTbfmR/WM6soOurh3b6b4cknfxqSeLZLeOIKL5WL8842t5SethyCfPsCm74JCpwHmflkCyT/lzIP1Kghab+xGWWyN9OAENlDZrJE6VAdctR+MKYZnhA7dXKeQPjKii9MZsDYFYTL5YDRysam4r7Jog/fozgWkXNrCUan29efnnBwpLz5hgV1MguIpvU8ccDQLNvgJCOdp6FgH45ZRlCxx29EWzh9iTDGPqmNsctUknFdfUVfIg9ziz/97i/kGcwy5N1oOsoUf7iRj5zLyLP6OlXGNThowF4jlNdI2b+caQGz7H6ZkJfUPWULotBUrjxrZo3pSYRkpJ77xbGUZf35ysxTHpfsmhyyO9HRhhgNkilEHlcsi8u+AC0su+Htg/Io332tSX+W6Gj6R6Q23hQ0gf8on5Y2xx34ysobEh8cMS4+Kj0nwasMHjW70g3qWpKkG1LSOIgXiA7hcusGCo8xPZ1y3gIyRiTxVTPJHh63Ecd0O37P4NWVSKEpsIM5pkngMN5L5K/ymtZ0kjREX2q4qpXf2xJiTTdAkeTMcmDs9HHjOzIIynYouY7P6qdXUpXjyGwqfovmnIv5icQ6sqFA==,iv:sPRnnIEif6W1SPy5SKiUuY681HeLPcR19U4p1mdUGdc=,tag:zeMdtTRk8ULP4GYDQLIU7A==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1925katzy5gws3f9hnvnlwspu6trxf488arwt6ayw3urg2mgumqhszxnmqh
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4RWM5YXhXWkRCVEVFcERX
|
||||||
|
L0JVa3YwSm9qdC9jUHhpMVliOERuTTc5aERvCnJVSGR1Wmg3aW1YaU5RUE5xYkJp
|
||||||
|
aW1wY2w0ZUZYNm9zVEpjUHBkWDhlZGMKLS0tIEkxWi9rTmN4Q0NIYm0vMTdlNGFr
|
||||||
|
bEs1QzV1VFpmWFVrQkYrYmhYNVBLT0kKYgJBI1umfryFsnCUQB4JQzO/Dky7gJW8
|
||||||
|
cQVM4TbYuDKfhwAUq7Mik+bG4ZYNmfMBiJU56C6ZSRyEg7pgJ2U7Hw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2022-11-05T11:24:00Z"
|
||||||
|
mac: ENC[AES256_GCM,data:IgW58nKqznUoWBhsI+HZD47HjJ7qF8/lS5nQ2Qg2VE7JkQgs/+AYVyMNAckjnpDtHEnK/YaFmnTfRpdQ7BMGaJtGu6TT0PR60jme82rg+iMwspSOVsAIDf9YyrjIv0rF7xwCF65p4/3TIc1OohV2GzLsAykKApMA5kqAo+UNSAs=,iv:sWURn1jmZ7myC2gEuo5BdcZn8JNSXQsopLWeOoLEpkc=,tag:E5kldjnyElfvJyilPiCYUg==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2022-11-05T11:21:20Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hF4DntlvaG5T7wcSAQdAA4h5/uTB/NOngHrB0uN4oMLZ2XRtBXuXo1kT2vJ8I1sw
|
||||||
|
bxWh7NFIcbzD7sjcse5lvuFjFZKkBb41CAwIqA9/SFlSufi0D5M3bt+Mk/Ffh2jw
|
||||||
|
0lwBt1+dhvzzg2iKHR2mZAzGF0pEcbO25gAN67hLjI1rrOirLq6DMobehlyUOKRN
|
||||||
|
tkuVB2MvXNHI/P/oRCq5rll7FTwswUkN2JYqk7gU4/HBdK78D41A1Qwj99ObcA==
|
||||||
|
=N4aD
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: B8E1727497FC48AA14158BDF947F769D7B95EC2B
|
||||||
|
- created_at: "2022-11-05T11:21:20Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA/YLzOYaRIJJARAAvyI5eOmyH9t9k2kTb1Sq2GFiZixENx4jY3KIFo6285Ds
|
||||||
|
+feNjJ1nJKrS9qgX/ne8ZmRAH2ZIkMhvAbzTwiV1TWyMPSrViVpo2ZL4C16A8quR
|
||||||
|
x2AuHcPPf4Cl9Jo1dsVoxBmnSMJWWbTkZZKvhr2HuKErkHYquwOxmXvbtEr6J+aT
|
||||||
|
pvc9X9Ea3wSGrBZC+m7sItJHLP5Qvkn+gHbUsRlwg5lQ6tz/U+nrxd0L+Q7gPOen
|
||||||
|
y6NCyqcLgwrzdCmgEu4noip0JozWAYPEk3ZRCJ7iGdwshPq7KkB/t1ywzWbbsd81
|
||||||
|
f5j/eExo8IXP4MQiNxKsKZRQj49zdLoFwXmLyTSoYzUtgnwlC4EcuH28YvNn9/xJ
|
||||||
|
f2s/6brR6Y01oYfgBWBpu6VAt2MNEcjKRWC/s/78Fts5rB8RQ0E11daoBCCogypd
|
||||||
|
QOy1ym9NpuUDKvfzS7xcdM1vs4JN6c+AtbrqRxpw6m/kU6P8yI3EAB9kaRMSAbdo
|
||||||
|
vX3GKvraAdsGLz4ZiCdOS41W1KCbhc8zgSBSeR0/ik//z1C+0MNloUlgok/2dwPQ
|
||||||
|
eRP9KKNVPAxj2OLZ8C0N5l4+p7EPRFmATvLjxNUMPkxfdt++ApmZZBhaCfh+USoL
|
||||||
|
MYY+mhK4wLS+toeB6p44cqDBTZBNs+w/NHo1+esce/1RVlJAzp2qjzlgcAPe3mHS
|
||||||
|
XAFWHGkOoADXJ6hg3cOkHIVkYXT0vou0IitugbHjHtzJaElNgrkF7Ch1mUZSd+N2
|
||||||
|
RPG4+mDSsWdZQmqu8eSowmSwa8ZFhEUP5L9RAg+RvBGa0+C5OUHbvTrOjU1w
|
||||||
|
=FHpt
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||||
|
- created_at: "2022-11-05T11:21:20Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA8uqUsBLHj6XAQ/+OwyrFFRyXuoCsmamBHyT1+EWQ2iaQk8+6ds+NcdKwmxX
|
||||||
|
qL3JFwsHwgKWStNslmcoypvOmrsla+ucOe3UNo3HigoiQe89oWFexdLqedyqxDo5
|
||||||
|
4N3Y6Pn0YTBNNgRi4Ep/Foswsv6l1sPpntCJxp7KXMD2iEkwUYNmhjfcu6qZTeMk
|
||||||
|
SneXTK7DBVoflDHXqPUcxvHfVpMXfqDQuy7jK+8f1WPHt5+LSODMXU+co5jV+L2J
|
||||||
|
1BFZIO8o+oUDkPViAOcLJlv+bQU2T2bMDA2i8H5wO6Fmvl2jlG5eiJa9EUCmta6T
|
||||||
|
MNrGhhNbGuqm940kBb5n07wNE1d1bZDZ56BIPbd+/kRSiq0RPGaknb5sl8/sAWps
|
||||||
|
7TMdb9+TwDAg/POHsvNYVqzCB36i4sZi9s48JvWdCUzzZukXhxqUN3DArIvI+Msc
|
||||||
|
l0Tn2VVi7H6ZOC21EJRJAR1olD98kwytXjA4uKvfVZRhuiP4QjQRwSlN1jwYnTPM
|
||||||
|
ojIWle5XRdsbdJhktosKPuKQda17VxpkPlqRgwbZH7UtO5t+3x8Q8/pa4J7ntSs8
|
||||||
|
RiqqAkNzHPvCJ0ljU5QyDMupPY4IA4k1Yxt7bdtFVAus+WalZL/9Nec1yuxyStVh
|
||||||
|
T00GmcVr7We/i59SuJ8WY0sAVXx5dZntn+FM9Ty1Q0/iHsHCMrQbrllGV7owk1PS
|
||||||
|
XAFrQOzD0Imnsgttv/h8pvXa6PXrdN7lZGriyvtPcubcBqgbIrwfDMbpGt0fKItR
|
||||||
|
GROiPg0CVO2cTsFM+MOHY832DZjdximf53BI/A1OLm8e2MUr21ODt4ux+J6G
|
||||||
|
=0Kqy
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: F8634A1CFF7D61608503A70B24363525EA0E8A99
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.7.3
|
Loading…
Reference in a new issue