chore: further refactor
parent
e4058e1c6b
commit
ad18c8fa95
9
meta.nix
9
meta.nix
|
@ -1,5 +1,12 @@
|
|||
{
|
||||
let
|
||||
ar_khas =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfIRe1nH6vwjQTjqHNnkKAdr1VYqGEeQnqInmf3A6UN ar@khas";
|
||||
ar_microlith =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO6rEwERSm/Fj4KO4SxFIo0BUvi9YNyf8PSL1FteMcMt ar@microlith";
|
||||
in {
|
||||
hosts = builtins.mapAttrs (name: value:
|
||||
builtins.fromJSON (builtins.readFile (./nixos/. + "/${name}/meta.json")))
|
||||
(builtins.readDir ./nixos);
|
||||
|
||||
users.ar = [ ar_khas ar_microlith ];
|
||||
}
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
let
|
||||
gitea-runner-directory = "/var/lib/gitea-runner";
|
||||
secrets = import ../secrets.nix;
|
||||
meta = import ../meta.nix;
|
||||
in {
|
||||
age.secrets = {
|
||||
gitea-runner-token.file =
|
||||
|
@ -56,6 +56,6 @@ in {
|
|||
protocol = "ssh";
|
||||
keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILeC/Nr7STpYEZ50p7X+XrFdeaIfib60tt2QN4Kvxscr"
|
||||
] ++ secrets.ar;
|
||||
] ++ meta.users.ar;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ config, lib, pkgs, inputs, ... }:
|
||||
|
||||
let secrets = import ../secrets.nix;
|
||||
let meta = import ../meta.nix;
|
||||
in {
|
||||
imports = with inputs; [
|
||||
nix-index-database.nixosModules.nix-index
|
||||
|
@ -52,13 +52,13 @@ in {
|
|||
ssh.knownHosts = builtins.mapAttrs (name: value: {
|
||||
inherit (value) publicKey;
|
||||
extraHostNames = [ value.targetHost ];
|
||||
}) secrets.hosts;
|
||||
}) meta.hosts;
|
||||
bash.enableCompletion = true;
|
||||
mosh.enable = true;
|
||||
};
|
||||
|
||||
deployment.targetHost =
|
||||
lib.mkDefault secrets.hosts.${config.networking.hostName}.targetHost;
|
||||
lib.mkDefault meta.hosts.${config.networking.hostName}.targetHost;
|
||||
|
||||
nix = {
|
||||
package = pkgs.nixUnstable;
|
||||
|
@ -127,7 +127,7 @@ in {
|
|||
nixos.enable = true;
|
||||
};
|
||||
|
||||
users.users.root.openssh.authorizedKeys.keys = secrets.ar;
|
||||
users.users.root.openssh.authorizedKeys.keys = meta.users.ar;
|
||||
|
||||
users.mutableUsers = false;
|
||||
|
||||
|
@ -154,7 +154,7 @@ in {
|
|||
"networkmanager"
|
||||
];
|
||||
hashedPassword = lib.mkDefault null;
|
||||
openssh.authorizedKeys.keys = secrets.ar;
|
||||
openssh.authorizedKeys.keys = meta.users.ar;
|
||||
};
|
||||
|
||||
console.keyMap = "us";
|
||||
|
|
137
secrets.nix
137
secrets.nix
|
@ -1,28 +1,24 @@
|
|||
let
|
||||
ar_khas =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfIRe1nH6vwjQTjqHNnkKAdr1VYqGEeQnqInmf3A6UN ar@khas";
|
||||
ar_microlith =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO6rEwERSm/Fj4KO4SxFIo0BUvi9YNyf8PSL1FteMcMt ar@microlith";
|
||||
ar = [ ar_khas ar_microlith ];
|
||||
|
||||
inherit (import ./meta.nix) hosts;
|
||||
let meta = import ./meta.nix;
|
||||
in {
|
||||
|
||||
"secrets/secureboot-key.age".publicKeys = ar ++ (with hosts; [
|
||||
"secrets/secureboot-key.age".publicKeys = meta.users.ar ++ (with meta.hosts; [
|
||||
khas.publicKey
|
||||
microlith.publicKey
|
||||
zorigami.publicKey
|
||||
scylla.publicKey
|
||||
]);
|
||||
"secrets/secureboot-cert.age".publicKeys = ar ++ (with hosts; [
|
||||
khas.publicKey
|
||||
microlith.publicKey
|
||||
zorigami.publicKey
|
||||
scylla.publicKey
|
||||
]);
|
||||
"secrets/khas-ar.age".publicKeys = ar ++ [ hosts.khas.publicKey ];
|
||||
"secrets/microlith-ar.age".publicKeys = ar ++ [ hosts.microlith.publicKey ];
|
||||
"secrets/nix-store.age".publicKeys = ar ++ (with hosts; [
|
||||
"secrets/secureboot-cert.age".publicKeys = meta.users.ar
|
||||
++ (with meta.hosts; [
|
||||
khas.publicKey
|
||||
microlith.publicKey
|
||||
zorigami.publicKey
|
||||
scylla.publicKey
|
||||
]);
|
||||
"secrets/khas-ar.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.khas.publicKey ];
|
||||
"secrets/microlith-ar.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.microlith.publicKey ];
|
||||
"secrets/nix-store.age".publicKeys = meta.users.ar ++ (with meta.hosts; [
|
||||
zorigami.publicKey
|
||||
scylla.publicKey
|
||||
stereolith.publicKey
|
||||
|
@ -30,55 +26,64 @@ in {
|
|||
microlith.publicKey
|
||||
akamanto.publicKey
|
||||
]);
|
||||
"secrets/wg/nibylandia_scylla.age".publicKeys = ar
|
||||
++ [ hosts.scylla.publicKey ];
|
||||
"secrets/wg/dn42_w1kl4s_scylla.age".publicKeys = ar
|
||||
++ [ hosts.scylla.publicKey ];
|
||||
"secrets/lan/nibylandia-ddns-kea.age".publicKeys = ar
|
||||
++ [ hosts.scylla.publicKey ];
|
||||
"secrets/lan/nibylandia-ddns-bind.age".publicKeys = ar
|
||||
++ [ hosts.scylla.publicKey ];
|
||||
"secrets/notbotEnvironment.age".publicKeys = ar
|
||||
++ [ hosts.zorigami.publicKey ];
|
||||
"secrets/nextCloudAdmin.age".publicKeys = ar ++ [ hosts.zorigami.publicKey ];
|
||||
"secrets/nextCloudExporter.age".publicKeys = ar
|
||||
++ [ hosts.zorigami.publicKey ];
|
||||
"secrets/norkclubMinecraftRestic.age".publicKeys = ar
|
||||
++ [ hosts.zorigami.publicKey ];
|
||||
"secrets/cassAuth.age".publicKeys = ar ++ [ hosts.zorigami.publicKey ];
|
||||
"secrets/miniflux.age".publicKeys = ar ++ [ hosts.zorigami.publicKey ];
|
||||
"secrets/stuffAuth.age".publicKeys = ar ++ [ hosts.stereolith.publicKey ];
|
||||
"secrets/wg/nibylandia_zorigami.age".publicKeys = ar
|
||||
++ [ hosts.zorigami.publicKey ];
|
||||
"secrets/mail/ar.age".publicKeys = ar ++ [ hosts.zorigami.publicKey ];
|
||||
"secrets/mail/apo.age".publicKeys = ar ++ [ hosts.zorigami.publicKey ];
|
||||
"secrets/mail/amie.age".publicKeys = ar ++ [ hosts.zorigami.publicKey ];
|
||||
"secrets/mail/mastodon.age".publicKeys = ar ++ [ hosts.zorigami.publicKey ];
|
||||
"secrets/mail/mastodonPlain.age".publicKeys = ar
|
||||
++ [ hosts.zorigami.publicKey ];
|
||||
"secrets/mail/madargon.age".publicKeys = ar ++ [ hosts.zorigami.publicKey ];
|
||||
"secrets/mail/enki.age".publicKeys = ar ++ [ hosts.zorigami.publicKey ];
|
||||
"secrets/mail/matrix.age".publicKeys = ar ++ [ hosts.zorigami.publicKey ];
|
||||
"secrets/mail/vaultwarden.age".publicKeys = ar
|
||||
++ [ hosts.zorigami.publicKey ];
|
||||
"secrets/mail/vaultwardenPlain.age".publicKeys = ar
|
||||
++ [ hosts.zorigami.publicKey ];
|
||||
"secrets/mail/keycloak.age".publicKeys = ar ++ [ hosts.zorigami.publicKey ];
|
||||
"secrets/mail/keycloakPlain.age".publicKeys = ar
|
||||
++ [ hosts.zorigami.publicKey ];
|
||||
"secrets/keycloakDatabase.age".publicKeys = ar
|
||||
++ [ hosts.zorigami.publicKey ];
|
||||
"secrets/synapseExtraConfig.age".publicKeys = ar
|
||||
++ [ hosts.zorigami.publicKey ];
|
||||
"secrets/gitea-runner-token-zorigami.age".publicKeys = ar
|
||||
++ [ hosts.zorigami.publicKey ];
|
||||
"secrets/gitea-runner-token-scylla.age".publicKeys = ar
|
||||
++ [ hosts.scylla.publicKey ];
|
||||
"secrets/ci-secrets.age".publicKeys = ar ++ (with hosts; [
|
||||
"secrets/wg/nibylandia_scylla.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.scylla.publicKey ];
|
||||
"secrets/wg/dn42_w1kl4s_scylla.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.scylla.publicKey ];
|
||||
"secrets/lan/nibylandia-ddns-kea.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.scylla.publicKey ];
|
||||
"secrets/lan/nibylandia-ddns-bind.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.scylla.publicKey ];
|
||||
"secrets/notbotEnvironment.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/nextCloudAdmin.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/nextCloudExporter.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/norkclubMinecraftRestic.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/cassAuth.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/miniflux.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/stuffAuth.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.stereolith.publicKey ];
|
||||
"secrets/wg/nibylandia_zorigami.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/mail/ar.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/mail/apo.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/mail/amie.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/mail/mastodon.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/mail/mastodonPlain.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/mail/madargon.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/mail/enki.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/mail/matrix.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/mail/vaultwarden.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/mail/vaultwardenPlain.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/mail/keycloak.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/mail/keycloakPlain.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/keycloakDatabase.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/synapseExtraConfig.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/gitea-runner-token-zorigami.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/gitea-runner-token-scylla.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.scylla.publicKey ];
|
||||
"secrets/ci-secrets.age".publicKeys = meta.users.ar ++ (with meta.hosts; [
|
||||
scylla.publicKey
|
||||
zorigami.publicKey
|
||||
]); # TODO: we're not getting ssh keys for the generated disk image, so we need to embed it at disk image build time
|
||||
|
||||
inherit ar;
|
||||
inherit hosts;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue