Migrate gateway

2026-05-01 17:31:09 +02:00
parent 60bf451310
commit a7ce1dc7ea
12 changed files with 168 additions and 78 deletions
--- a/systems/avalon/cfg.nix
+++ b/systems/avalon/cfg.nix
@@ -23,16 +23,8 @@
      }
    ];
    make = {
-      gui = false;
      cli = true;
      virt = true;
-      power = false;
-      game = false;
-      develop = false;
-    };
-    wlp = {
-      enable = false;
-      nif = "";
    };
    wg = {
      enable = true;
--- a/systems/avalon/server/docker/secrets.txt
+++ b/systems/avalon/server/docker/secrets.txt
@@ -0,0 +1,14 @@
+
+
+AUTHENTIK_DB_PASSWORD=NTQRO0rhPCd4L3HLNK4AT09Npz+ks1jyRC6AOyo5u+k=
+AUTHENTIK_SECRET_KEY=9Zw8Sy8257iJmRdBhUKGiq3d7uYAkhC9smuDUClE8aR1iPdpHHds+K2D1Zy3lwj2Hjnasu5jnopkhwnABWDu8A==
+
+
+AUTHENTIK_EMAIL_PASSWORD=w+g:cPU+e.<q,f<mj3DFPxXxo4h2SVS9.;,T<!Sra>y!mNcAsiAp4jPCLTmjte2d
+
+
+ETHERPAD_DB_PASSWORD=d43352c3906516bf4c34d63316509cb4b1621167af84c81b60689779a62b2348
+ETHERPAD_ADMIN_PASSWORD=Hackme55#
+
+COLLABORA_USER=...
+COLLABORA_PASSWORD=...
--- a/systems/gateway/cfg.nix
+++ b/systems/gateway/cfg.nix
@@ -0,0 +1,32 @@
+{
+  syscfg = {
+    hostname = "gateway";
+    type = "nixos";
+    system = "x86_64-linux";
+    defaultUser = "sora";
+    users = [{
+      username = "sora";
+      wm = "-";
+      git = {
+        email = "soraefir+git@helcel";
+        username = "soraefir";
+        key = "4E241635F8EDD2919D2FB44CA362EA0491E2EEA0";
+      };
+    }];
+    make = {
+      cli = true;
+    };
+    net = {
+      wlp = { enable = false; };
+      wg = {
+        enable = true;
+        ip4 = "10.10.1.1/32";
+        ip6 = "fd10:10:10::1/128";
+        server = {
+            enable = true;
+            peers = ["avalon" "asguard" "iriy" "valinor" ];
+        };
+      };
+    };
+  };
+}
--- a/systems/gateway/default.nix
+++ b/systems/gateway/default.nix
@@ -0,0 +1,13 @@
+{ config, inputs, ... }: {
+  imports = [ ./hardware.nix ];
+
+  services.openssh.enable = true;
+  services.openssh.authorizedKeysFiles = [
+    config.sops.secrets."iriy_ssh_pub".path
+    config.sops.secrets."valinor_ssh_pub".path
+  ];
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0GpKd62XMlO410/iYkNG8MHdGGaeMG3Gmsf3Pv3u2BllUzR9Dpym1ZOz2lwo3iK0FimcQpOiJqSIahO59HJl8jQ9BoQrJMXH7l2kuq1T09cMNWGjlzowg0LWKWOzoBzOwcheyW68OJGgkSfvk9BdshkUYTLVBXjiI9jo/8Qkcv1WLJJvJmDBDwnbYDQpODXCEDQ/t3YVubb+ocLmh40sDUffJLWZQXN6OFW9N5XxnvY7K5x9ci9GU4Reei40K8yDw2Hgi0njzijRdzie3MJlKPPawJ2TATu9LsGuxfx8bJXVx+mNxP0lhO8dOOhP7p0ozTxlJJY9ZWaKgOz3SzYNCgJ1gH7NtTBtSruXd6pfmErUmuJEAeMD6+QF3yJ5tnVFNPoSHqjP+oL3CgSRpmuvn7ChSSI3J3UVhLux165VtwIL7UhosO2mCqmn0Yk2mSBkB/L4ZiWFmO3vYdagYNQX7xZHzCJ5my8vomiT+DUGb2h/o1NetKwIZJiFAuHxKt3k= sora@valinor"
+  ];
+}
+
--- a/systems/gateway/hardware.nix
+++ b/systems/gateway/hardware.nix
@@ -0,0 +1,13 @@
+{ config, lib, pkgs, modulesPath, ... }: {
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  boot.loader.grub.device = "/dev/sda";
+  boot.initrd.availableKernelModules =
+    [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+  boot.initrd.kernelModules = [ "nvme" ];
+
+  fileSystems."/" = {
+    device = "/dev/sda3";
+    fsType = "btrfs";
+  };
+}
--- a/systems/iriy/cfg.nix
+++ b/systems/iriy/cfg.nix
@@ -17,7 +17,6 @@
      gui = true;
      cli = true;
      virt = true;
-      power = false;
      game = true;
      develop = true;
    };