This commit is contained in:
soraefir
parent
972cb47e3f
commit
6cb2c2bd00
GPG Key ID:
A362EA0491E2EEA0
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,3 +1,4 @@
|
|||||||
result
|
result
|
||||||
age-key.txt
|
age-key.txt
|
||||||
.decrypted~common.yaml
|
.decrypted~common.yaml
|
||||||
|
.decrypted*
|
||||||
|
|||||||
@ -61,6 +61,11 @@
|
|||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
host = "ci";
|
host = "ci";
|
||||||
};
|
};
|
||||||
|
sandbox = gen.generate {
|
||||||
|
type = "nixos";
|
||||||
|
system = "x86_64-linux";
|
||||||
|
host = "sandbox";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
darwinConfigurations = {
|
darwinConfigurations = {
|
||||||
asgard = gen.generate {
|
asgard = gen.generate {
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
let
|
let
|
||||||
isCI = builtins.elem config.syscfg.hostname [ "ci" ];
|
isCI = builtins.elem config.syscfg.hostname [ "ci" "sandbox" ];
|
||||||
keyFilePath =
|
keyFilePath =
|
||||||
(if isCI then ./mock-key.txt else "/var/lib/sops-nix/age-key.txt");
|
(if isCI then ./mock-key.txt else "/var/lib/sops-nix/age-key.txt");
|
||||||
sopsFilePath = (if isCI then ./mock.yaml else ./common.yaml);
|
sopsFilePath = (if isCI then ./mock.yaml else ./common.yaml);
|
||||||
|
|||||||
@ -2,6 +2,10 @@ ci_ssh_priv: ENC[AES256_GCM,data:3Fd7HtFzD+0Pm0qnmaNeivSrEJnH6A3CzLrSyYD4J1rpdHC
|
|||||||
ci_ssh_pub: ENC[AES256_GCM,data:6BVY3GS9lMLR/dYNxyldcBJe1DrjG/yHjqfCIw==,iv:VZOA/Q9zmbMnf9DsXN90er+tSnJ+syg3QabDuDal92Q=,tag:+xwHADgq22cV5ai9xd6ceQ==,type:str]
|
ci_ssh_pub: ENC[AES256_GCM,data:6BVY3GS9lMLR/dYNxyldcBJe1DrjG/yHjqfCIw==,iv:VZOA/Q9zmbMnf9DsXN90er+tSnJ+syg3QabDuDal92Q=,tag:+xwHADgq22cV5ai9xd6ceQ==,type:str]
|
||||||
ci_wg_priv: ENC[AES256_GCM,data:uA4eiEhQbbhLkrTyhRX4Tg==,iv:uHbrAq/mSQ6TtMqGhJez3d13u9ZK1S92w49ntXvbA3g=,tag:KwjiYrnuQxrydVKKV4xN4A==,type:str]
|
ci_wg_priv: ENC[AES256_GCM,data:uA4eiEhQbbhLkrTyhRX4Tg==,iv:uHbrAq/mSQ6TtMqGhJez3d13u9ZK1S92w49ntXvbA3g=,tag:KwjiYrnuQxrydVKKV4xN4A==,type:str]
|
||||||
ci_wg_pub: ENC[AES256_GCM,data:MBIdTEkyJBvbTtYrQYS8,iv:GD3xmJEyD9yZaV72GubGCBi8BW74zmSr2hOl123g0mM=,tag:ekUniuYPCSxwlmB1yUbo4w==,type:str]
|
ci_wg_pub: ENC[AES256_GCM,data:MBIdTEkyJBvbTtYrQYS8,iv:GD3xmJEyD9yZaV72GubGCBi8BW74zmSr2hOl123g0mM=,tag:ekUniuYPCSxwlmB1yUbo4w==,type:str]
|
||||||
|
sandbox_ssh_priv: ENC[AES256_GCM,data:OG5ZsSQFEbUKLXtHF9MAHWYwnxBM0EyVyj54sPs9XEsFaRXq3WDa+ANnpVqBLtw6cPodLQHyJ5tY/Hr1rdINNGyLPEz/Zm3K7vz6iXUeThAKDhYaCH4vccFFtQ==,iv:2NbVjpKTyyiY4rtC/A6s2nABo5p0VAWtzC6b6TrHkvI=,tag:sO+SUMws8HncC9dmeiJPSg==,type:str]
|
||||||
|
sandboxssh_pub: ENC[AES256_GCM,data:Va3S+ecfUAjdlazIvQiXZigUSdyzjveDvkLXTjI5by5T,iv:t1dZniBh5GV4kACTGgL4bmxiL0EymMRIHMYrASTWSWU=,tag:wl0yV0tNHT/JCUZ65ZB72g==,type:str]
|
||||||
|
sandbox_wg_priv: ENC[AES256_GCM,data:8d+WCtyGoEH3/4q1DZImUw==,iv:3efDzVFVCqv6yCNgBEXfQ19oh2bZLPO8my33uBgviW0=,tag:+WNPB7b6tVTzDlSVziDO2w==,type:str]
|
||||||
|
sandbox_wg_pub: ENC[AES256_GCM,data:rpxkijFKzyKx3uhEa/+j,iv:UULKRJvU0lktwmKGcIP/sRAZb0j2e0iL40o3DkSv/+U=,tag:OWHbfFPbTY6l3Bu/og78Bg==,type:str]
|
||||||
PGP_KEY: ENC[AES256_GCM,data:IVhL/l0JSPcefX1z,iv:/tOEukP7LiNhhdSw870vPeUGhN2lse2v1pZ5fJQglc0=,tag:++NUJeRhsDE9eRsbKu8Ldw==,type:str]
|
PGP_KEY: ENC[AES256_GCM,data:IVhL/l0JSPcefX1z,iv:/tOEukP7LiNhhdSw870vPeUGhN2lse2v1pZ5fJQglc0=,tag:++NUJeRhsDE9eRsbKu8Ldw==,type:str]
|
||||||
wifi: ENC[AES256_GCM,data:SV3yNB/0dBqggh0kOKU98Nodd0VS4K8kTqg7aLyeAg==,iv:w4nspNxswHl2CZ7diPUzupzotfjskzp91NIq4f0v0UM=,tag:7nUHijRlEgyliWn2ZuZo/Q==,type:str]
|
wifi: ENC[AES256_GCM,data:SV3yNB/0dBqggh0kOKU98Nodd0VS4K8kTqg7aLyeAg==,iv:w4nspNxswHl2CZ7diPUzupzotfjskzp91NIq4f0v0UM=,tag:7nUHijRlEgyliWn2ZuZo/Q==,type:str]
|
||||||
sops:
|
sops:
|
||||||
@ -19,8 +23,8 @@ sops:
|
|||||||
aFplU05pYXpPQWZRY202bVhFd3pHdHcKfauUQhzuUwpoaSlky+PlsOTrVQjyCSxi
|
aFplU05pYXpPQWZRY202bVhFd3pHdHcKfauUQhzuUwpoaSlky+PlsOTrVQjyCSxi
|
||||||
NYlJ7ScbxzJsqTqJbZnD+lbSdWK2XVKXy1Vn4hR0C0WF7g2Y7CU7tg==
|
NYlJ7ScbxzJsqTqJbZnD+lbSdWK2XVKXy1Vn4hR0C0WF7g2Y7CU7tg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-04-14T08:36:43Z"
|
lastmodified: "2024-04-14T19:21:47Z"
|
||||||
mac: ENC[AES256_GCM,data:zWO5IETnr3clHvoNABNSA6izfTHNxPXEXcjh9FQhnSVKtzlY3UHHRhfSOPI2eGJ36TQ7xNEM8Fbe23WBTxI8TDb8ZCgB2njej1XQ72b8XM4JzevxlPEaolNo9SKXncVchNWTtKqeUhx07koRNogYKOKT8vlO57WmnrqoZqPy9N4=,iv:tjt9iNFnx/4TAQfF3wdVFw+qzU18cbEiJtu9NhyujZY=,tag:9M67OPo/3JEOlXJ4nBRMiQ==,type:str]
|
mac: ENC[AES256_GCM,data:WeAH1RKpRSNQ/7oompyfKAqPPjyJnAdKec9kT9muaESDn28ecqeEZaC4EYSvA8dtr4+nfoGYPe3bB8JLrfPFa5uWLH/74zGpACxAN6JKwvGl2sFIds6rt02QWRjz285R3ZNCCzbzZQUACS3r/Ayz+4H+d+UxMD9b44Vx6i3HOqA=,iv:hSjgqneNasIZxIS+QRT4h9rgr6UDVBJ75arST5+jP0Y=,tag:Ce1HWkbqRfKKKcA/tQDBww==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|||||||
@ -45,16 +45,28 @@ in with lib; {
|
|||||||
};
|
};
|
||||||
net = {
|
net = {
|
||||||
wlp = {
|
wlp = {
|
||||||
enable = mkOption { type = types.bool; };
|
enable = mkOption {
|
||||||
nif = mkOption { type = types.str; };
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
};
|
||||||
|
nif = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
wg = {
|
wg = {
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = true;
|
default = false;
|
||||||
|
};
|
||||||
|
ip4 = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "";
|
||||||
|
};
|
||||||
|
ip6 = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "";
|
||||||
};
|
};
|
||||||
ip4 = mkOption { type = types.str; };
|
|
||||||
ip6 = mkOption { type = types.str; };
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
users = mkOption {
|
users = mkOption {
|
||||||
|
|||||||
@ -69,7 +69,7 @@ in {
|
|||||||
RESOLVE_TO_PROXY_IP = "true";
|
RESOLVE_TO_PROXY_IP = "true";
|
||||||
NETWORK_ACCESS = "internal";
|
NETWORK_ACCESS = "internal";
|
||||||
extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
|
extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
|
||||||
dictionaries = "en fr de jp no";
|
dictionaries = "en fr de jp";
|
||||||
};
|
};
|
||||||
labels = {
|
labels = {
|
||||||
"traefik.enable" = "true";
|
"traefik.enable" = "true";
|
||||||
|
|||||||
26
systems/sandbox/cfg.nix
Normal file
26
systems/sandbox/cfg.nix
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
{
|
||||||
|
syscfg = {
|
||||||
|
hostname = "sandbox";
|
||||||
|
defaultUser = "sora";
|
||||||
|
users = [{
|
||||||
|
username = "sora";
|
||||||
|
git = {
|
||||||
|
email = "soraefir+git@helcel";
|
||||||
|
username = "soraefir";
|
||||||
|
key = "4E241635F8EDD2919D2FB44CA362EA0491E2EEA0";
|
||||||
|
};
|
||||||
|
}];
|
||||||
|
make = {
|
||||||
|
gui = false;
|
||||||
|
cli = true;
|
||||||
|
virt = true;
|
||||||
|
power = false;
|
||||||
|
game = false;
|
||||||
|
develop = false;
|
||||||
|
};
|
||||||
|
net = {
|
||||||
|
wlp = { enable = false; };
|
||||||
|
wg = { enable = false; };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
2
systems/sandbox/default.nix
Normal file
2
systems/sandbox/default.nix
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
{ config, inputs, ... }: { imports = [ ./hardware.nix ]; }
|
||||||
|
|
||||||
14
systems/sandbox/hardware.nix
Normal file
14
systems/sandbox/hardware.nix
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
{ modulesPath, ... }: {
|
||||||
|
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||||
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
boot.loader.grub.device = "/dev/sda";
|
||||||
|
boot.initrd.availableKernelModules =
|
||||||
|
[ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
|
||||||
|
boot.initrd.kernelModules = [ "nvme" ];
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/sda3";
|
||||||
|
fsType = "btrfs";
|
||||||
|
};
|
||||||
|
}
|
||||||
Loading…
x
Reference in New Issue
Block a user