wurzel/fruitbasket
9
1
Fork 0
Code Issues 5 Pull requests Packages Projects Releases Wiki Activity

fixed typo and added test vm

Browse source
This commit is contained in:
revol-xut 2022-11-11 16:37:17 +01:00
parent 80ccf96a3a
commit ab8e827aca
No known key found for this signature in database
GPG key ID: 4F56FF7759627D07
4 changed files with 141 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
flake.nix
View file

@ -10,7 +10,8 @@
let
in {
#packages."aarch64-linux".sanddorn = self.nixosConfigurations.sanddorn.config.system.build.sdImage;
#packages."x86_64-linux".sanddorn = self.nixosConfigurations.sanddorn.config.system.build.sdImage;
packages."x86_64-linux".quitte = self.nixosConfigurations.quitte.config.system.build.vm;
packages."x86_64-linux".default = self.packages."x86_64-linux".quitte;
nixosConfigurations = {
birne = nixpkgs.lib.nixosSystem {
@ -64,6 +65,25 @@
./modules/wiki.nix
./modules/stream.nix
{
sops.defaultSopsFile = ./secrets/quitte.yaml;
}
];
};
quitte-vm = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
inputs.sops-nix.nixosModules.sops
./modules/base.nix
./modules/sops.nix
./modules/keycloak.nix
./modules/nginx.nix
./modules/hedgedoc.nix
./modules/wiki.nix
./modules/stream.nix
./modules/vm.nix
"${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix"
{
_module.args.buildVM = true;
sops.defaultSopsFile = ./secrets/durian.yaml;
}
];

41
modules/vm.nix Normal file
View file

@ -0,0 +1,41 @@
{ config, lib, pkgs, buildVM, ... }:
{
assertions = [
{ assertion = buildVM; message = "this module may only be used when building a VM!"; }
];
users.users.root.hashedPassword = "";
users.mutableUsers = false;
networking.useDHCP = lib.mkForce false;
networking.interfaces = lib.mkForce {
eth0.useDHCP = true;
};
networking.defaultGateway = lib.mkForce null;
sops.defaultSopsFile = lib.mkForce ../secrets/quitte-vm.yaml;
sops.age.sshKeyPaths = lib.mkForce [ ];
sops.gnupg.sshKeyPaths = lib.mkForce [ ];
sops.age.keyFile = lib.mkForce "${../keys/gpg/test.age}";
sops.age.generateKey = lib.mkForce false;
# don't use production endpoint for test vm, to avoid rate limiting
security.acme.defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
# Set VM disk size (in MB)
virtualisation.diskSize = 2048;
# Set VM ram amount (in MB)
virtualisation.memorySize = 2048;
virtualisation.forwardPorts = [
{ from = "host"; host.port = 2222; guest.port = 22; }
];
virtualisation.graphics = false;
# show systemd logs on console
services.journald.extraConfig = ''
ForwardToConsole=yes
'';
}

0
secrets/durian.yaml → secrets/quitte.yaml
View file

79
secrets/test.yaml Normal file
View file

@ -0,0 +1,79 @@
postgres_keycloak: ENC[AES256_GCM,data:dHuqrGcrJUE5GZhhWG5a4Ko=,iv:bvbyDXhkovtX5BQKw36WTGyUl3KR0Df2fB5qmMWbqqU=,tag:95XJCjKJjrITsHXK8ABF6A==,type:str]
postgres_hedgedoc: ENC[AES256_GCM,data:XWbf3F1b00RBFS9NXytzVkQ=,iv:dTbRUncYKsqOh0y0MTEJCpPcwfvROkIiO8v9OxZiHPU=,tag:YUxAkmbYKbGdGbIMS/8mOw==,type:str]
hedgedoc_session_secret: ENC[AES256_GCM,data:wi2hWcIAU2u2t0hJkSUBI5pp2T29V/M=,iv:Iph099lne6cH6V1gnobcGZl/mfJZiw1bFJMdSTiVsxE=,tag:xGI+S3Uygzmdnmd0l1kCaQ==,type:str]
wg-seckey: ENC[AES256_GCM,data:wuDmkZgUzzK5,iv:sa2I3qVkXWddcZlItfmKj3K5vT10WE/knoVOaA/HrIQ=,tag:SzGnDifhyol63eQKeJevcA==,type:str]
mediawiki:
postgres: ENC[AES256_GCM,data:bna6ksGVOHWor7OqVL/jgeDIxA==,iv:bgkQh+NgPE/hr4N4YOCzSCfs7vaOx4pSWlc8WxI8qMc=,tag:WIjyu1i0M7flGFFovH5jWQ==,type:str]
initial_admin: ENC[AES256_GCM,data:YRd3O5774NTmshxbQPbFjg==,iv:/Ra3WbZKcnUMf99ujN9qd/+DkOkFKv4cIEfUdmxpqMw=,tag:gj7ZbwIB1HLuPpGTgiz7Vg==,type:str]
ldapprovider: ENC[AES256_GCM,data:dVrCFVgm4BDtUhcj9rSKXwnaIKsC5GGsDUoPJH1q5F4inskuSbFigcLM/UJFNOcr5R1dL+mYUOvnmIcoWA5AsuFKs3NzSYJVtVAm0x7vYSkHnfXu93V2F8Lc1xX/kZrFfnmNUXwhv2I+hknPUApY7wpmZOdk9NLKv4tbsgVTbfmR/WM6soOurh3b6b4cknfxqSeLZLeOIKL5WL8842t5SethyCfPsCm74JCpwHmflkCyT/lzIP1Kghab+xGWWyN9OAENlDZrJE6VAdctR+MKYZnhA7dXKeQPjKii9MZsDYFYTL5YDRysam4r7Jog/fozgWkXNrCUan29efnnBwpLz5hgV1MguIpvU8ccDQLNvgJCOdp6FgH45ZRlCxx29EWzh9iTDGPqmNsctUknFdfUVfIg9ziz/97i/kGcwy5N1oOsoUf7iRj5zLyLP6OlXGNThowF4jlNdI2b+caQGz7H6ZkJfUPWULotBUrjxrZo3pSYRkpJ77xbGUZf35ysxTHpfsmhyyO9HRhhgNkilEHlcsi8u+AC0su+Htg/Io332tSX+W6Gj6R6Q23hQ0gf8on5Y2xx34ysobEh8cMS4+Kj0nwasMHjW70g3qWpKkG1LSOIgXiA7hcusGCo8xPZ1y3gIyRiTxVTPJHh63Ecd0O37P4NWVSKEpsIM5pkngMN5L5K/ymtZ0kjREX2q4qpXf2xJiTTdAkeTMcmDs9HHjOzIIynYouY7P6qdXUpXjyGwqfovmnIv5icQ6sqFA==,iv:sPRnnIEif6W1SPy5SKiUuY681HeLPcR19U4p1mdUGdc=,tag:zeMdtTRk8ULP4GYDQLIU7A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1925katzy5gws3f9hnvnlwspu6trxf488arwt6ayw3urg2mgumqhszxnmqh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4RWM5YXhXWkRCVEVFcERX
L0JVa3YwSm9qdC9jUHhpMVliOERuTTc5aERvCnJVSGR1Wmg3aW1YaU5RUE5xYkJp
aW1wY2w0ZUZYNm9zVEpjUHBkWDhlZGMKLS0tIEkxWi9rTmN4Q0NIYm0vMTdlNGFr
bEs1QzV1VFpmWFVrQkYrYmhYNVBLT0kKYgJBI1umfryFsnCUQB4JQzO/Dky7gJW8
cQVM4TbYuDKfhwAUq7Mik+bG4ZYNmfMBiJU56C6ZSRyEg7pgJ2U7Hw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-11-05T11:24:00Z"
mac: ENC[AES256_GCM,data:IgW58nKqznUoWBhsI+HZD47HjJ7qF8/lS5nQ2Qg2VE7JkQgs/+AYVyMNAckjnpDtHEnK/YaFmnTfRpdQ7BMGaJtGu6TT0PR60jme82rg+iMwspSOVsAIDf9YyrjIv0rF7xwCF65p4/3TIc1OohV2GzLsAykKApMA5kqAo+UNSAs=,iv:sWURn1jmZ7myC2gEuo5BdcZn8JNSXQsopLWeOoLEpkc=,tag:E5kldjnyElfvJyilPiCYUg==,type:str]
pgp:
- created_at: "2022-11-05T11:21:20Z"
enc: |
-----BEGIN PGP MESSAGE-----
hF4DntlvaG5T7wcSAQdAA4h5/uTB/NOngHrB0uN4oMLZ2XRtBXuXo1kT2vJ8I1sw
bxWh7NFIcbzD7sjcse5lvuFjFZKkBb41CAwIqA9/SFlSufi0D5M3bt+Mk/Ffh2jw
0lwBt1+dhvzzg2iKHR2mZAzGF0pEcbO25gAN67hLjI1rrOirLq6DMobehlyUOKRN
tkuVB2MvXNHI/P/oRCq5rll7FTwswUkN2JYqk7gU4/HBdK78D41A1Qwj99ObcA==
=N4aD
-----END PGP MESSAGE-----
fp: B8E1727497FC48AA14158BDF947F769D7B95EC2B
- created_at: "2022-11-05T11:21:20Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA/YLzOYaRIJJARAAvyI5eOmyH9t9k2kTb1Sq2GFiZixENx4jY3KIFo6285Ds
+feNjJ1nJKrS9qgX/ne8ZmRAH2ZIkMhvAbzTwiV1TWyMPSrViVpo2ZL4C16A8quR
x2AuHcPPf4Cl9Jo1dsVoxBmnSMJWWbTkZZKvhr2HuKErkHYquwOxmXvbtEr6J+aT
pvc9X9Ea3wSGrBZC+m7sItJHLP5Qvkn+gHbUsRlwg5lQ6tz/U+nrxd0L+Q7gPOen
y6NCyqcLgwrzdCmgEu4noip0JozWAYPEk3ZRCJ7iGdwshPq7KkB/t1ywzWbbsd81
f5j/eExo8IXP4MQiNxKsKZRQj49zdLoFwXmLyTSoYzUtgnwlC4EcuH28YvNn9/xJ
f2s/6brR6Y01oYfgBWBpu6VAt2MNEcjKRWC/s/78Fts5rB8RQ0E11daoBCCogypd
QOy1ym9NpuUDKvfzS7xcdM1vs4JN6c+AtbrqRxpw6m/kU6P8yI3EAB9kaRMSAbdo
vX3GKvraAdsGLz4ZiCdOS41W1KCbhc8zgSBSeR0/ik//z1C+0MNloUlgok/2dwPQ
eRP9KKNVPAxj2OLZ8C0N5l4+p7EPRFmATvLjxNUMPkxfdt++ApmZZBhaCfh+USoL
MYY+mhK4wLS+toeB6p44cqDBTZBNs+w/NHo1+esce/1RVlJAzp2qjzlgcAPe3mHS
XAFWHGkOoADXJ6hg3cOkHIVkYXT0vou0IitugbHjHtzJaElNgrkF7Ch1mUZSd+N2
RPG4+mDSsWdZQmqu8eSowmSwa8ZFhEUP5L9RAg+RvBGa0+C5OUHbvTrOjU1w
=FHpt
-----END PGP MESSAGE-----
fp: 91EBE87016391323642A6803B966009D57E69CC6
- created_at: "2022-11-05T11:21:20Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA8uqUsBLHj6XAQ/+OwyrFFRyXuoCsmamBHyT1+EWQ2iaQk8+6ds+NcdKwmxX
qL3JFwsHwgKWStNslmcoypvOmrsla+ucOe3UNo3HigoiQe89oWFexdLqedyqxDo5
4N3Y6Pn0YTBNNgRi4Ep/Foswsv6l1sPpntCJxp7KXMD2iEkwUYNmhjfcu6qZTeMk
SneXTK7DBVoflDHXqPUcxvHfVpMXfqDQuy7jK+8f1WPHt5+LSODMXU+co5jV+L2J
1BFZIO8o+oUDkPViAOcLJlv+bQU2T2bMDA2i8H5wO6Fmvl2jlG5eiJa9EUCmta6T
MNrGhhNbGuqm940kBb5n07wNE1d1bZDZ56BIPbd+/kRSiq0RPGaknb5sl8/sAWps
7TMdb9+TwDAg/POHsvNYVqzCB36i4sZi9s48JvWdCUzzZukXhxqUN3DArIvI+Msc
l0Tn2VVi7H6ZOC21EJRJAR1olD98kwytXjA4uKvfVZRhuiP4QjQRwSlN1jwYnTPM
ojIWle5XRdsbdJhktosKPuKQda17VxpkPlqRgwbZH7UtO5t+3x8Q8/pa4J7ntSs8
RiqqAkNzHPvCJ0ljU5QyDMupPY4IA4k1Yxt7bdtFVAus+WalZL/9Nec1yuxyStVh
T00GmcVr7We/i59SuJ8WY0sAVXx5dZntn+FM9Ty1Q0/iHsHCMrQbrllGV7owk1PS
XAFrQOzD0Imnsgttv/h8pvXa6PXrdN7lZGriyvtPcubcBqgbIrwfDMbpGt0fKItR
GROiPg0CVO2cTsFM+MOHY832DZjdximf53BI/A1OLm8e2MUr21ODt4ux+J6G
=0Kqy
-----END PGP MESSAGE-----
fp: F8634A1CFF7D61608503A70B24363525EA0E8A99
unencrypted_suffix: _unencrypted
version: 3.7.3