Rascal tailscale and beefcake connection declarative
This commit is contained in:
parent
abd60eceef
commit
61ab5f0f58
4 changed files with 19 additions and 5 deletions
|
@ -1,5 +1,5 @@
|
||||||
{lib, ...}: let
|
{lib, ...}: let
|
||||||
inherit (lib.attrSets) mapAttrs' filterAttrs;
|
inherit (lib.attrsets) mapAttrs' filterAttrs;
|
||||||
in {
|
in {
|
||||||
standardWithHibernateSwap = {
|
standardWithHibernateSwap = {
|
||||||
disks ? ["/dev/sda"],
|
disks ? ["/dev/sda"],
|
||||||
|
@ -191,7 +191,7 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
beefcake = {disks, ...}: let
|
beefcake = let
|
||||||
zpools = {
|
zpools = {
|
||||||
zroot = {
|
zroot = {
|
||||||
name = "zroot";
|
name = "zroot";
|
||||||
|
@ -344,6 +344,7 @@ in {
|
||||||
name = "m";
|
name = "m";
|
||||||
};
|
};
|
||||||
"/dev/sdn" = {
|
"/dev/sdn" = {
|
||||||
|
# TODO: this is my holding cell for random stuff right now
|
||||||
enable = false;
|
enable = false;
|
||||||
name = "n";
|
name = "n";
|
||||||
};
|
};
|
||||||
|
@ -368,7 +369,7 @@ in {
|
||||||
}) (filterAttrs (_: {enable, ...}: enable) storageDisks);
|
}) (filterAttrs (_: {enable, ...}: enable) storageDisks);
|
||||||
in {
|
in {
|
||||||
disko.devices = {
|
disko.devices = {
|
||||||
disk = diskoBoot / diskoStorage;
|
disk = diskoBoot // diskoStorage;
|
||||||
zpool = {
|
zpool = {
|
||||||
zroot = zpools.zroot.config;
|
zroot = zpools.zroot.config;
|
||||||
};
|
};
|
||||||
|
|
|
@ -115,6 +115,12 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
|
||||||
# };
|
# };
|
||||||
# nextcloud-admin-password.path = "/var/lib/nextcloud/admin-password";
|
# nextcloud-admin-password.path = "/var/lib/nextcloud/admin-password";
|
||||||
"forgejo-runner.env" = {mode = "0400";};
|
"forgejo-runner.env" = {mode = "0400";};
|
||||||
|
restic-rascal-passphrase = {
|
||||||
|
mode = "0400";
|
||||||
|
};
|
||||||
|
restic-rascal-ssh-private-key = {
|
||||||
|
mode = "0400";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
systemd.services.gitea-runner-beefcake.after = ["sops-nix.service"];
|
systemd.services.gitea-runner-beefcake.after = ["sops-nix.service"];
|
||||||
|
@ -1348,6 +1354,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
|
||||||
# };
|
# };
|
||||||
};
|
};
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
restic
|
||||||
btrfs-progs
|
btrfs-progs
|
||||||
zfs
|
zfs
|
||||||
smartmontools
|
smartmontools
|
||||||
|
|
|
@ -28,11 +28,13 @@
|
||||||
users.users = {
|
users.users = {
|
||||||
beefcake = {
|
beefcake = {
|
||||||
# used for restic backups
|
# used for restic backups
|
||||||
|
# TODO: can this be a system user?
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
openssh.authorizedKeys.keys =
|
openssh.authorizedKeys.keys =
|
||||||
config.users.users.daniel.openssh.authorizedKeys.keys
|
config.users.users.daniel.openssh.authorizedKeys.keys
|
||||||
++ [
|
++ [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7HrojwoyHED+A/FzRjYmIL0hzofwBd9IYHH6yV0oPO root@beefcake"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7HrojwoyHED+A/FzRjYmIL0hzofwBd9IYHH6yV0oPO root@beefcake"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOEI82VdbyR1RYqSnFtlffHBtHFdXO0v9RmQH7GkfXo restic@beefcake"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -60,5 +62,7 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.tailscale.useRoutingFeatures = "server";
|
||||||
|
|
||||||
system.stateVersion = "24.05";
|
system.stateVersion = "24.05";
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,6 +18,8 @@ forgejo-runner.env: ENC[AES256_GCM,data:10wKRImXKS7ezcWnkwz7ak194snQ4wG8GBePeHXN
|
||||||
jland.env: ENC[AES256_GCM,data:u+QKwKWG9NFduuofhe3aatof3KoC0N4ZpNOD8E/7l0BTSoTe5Tqmz5/33EOcBUw99+YLFR4kTJwdUmLWHk4UD87aGsJ4liPCtXnBsToAzBGg0I3mhGQ/QM8iKXMW9oKb3ciapitQBuJa1WIp5/bHNtCXWQ==,iv:iZDET5EWM4DnAoQqLP9+Ll4S+mFHt2wZ3ENtN79Dbqw=,tag:qVpocN3FxlHfte2hAmtGPA==,type:str]
|
jland.env: ENC[AES256_GCM,data:u+QKwKWG9NFduuofhe3aatof3KoC0N4ZpNOD8E/7l0BTSoTe5Tqmz5/33EOcBUw99+YLFR4kTJwdUmLWHk4UD87aGsJ4liPCtXnBsToAzBGg0I3mhGQ/QM8iKXMW9oKb3ciapitQBuJa1WIp5/bHNtCXWQ==,iv:iZDET5EWM4DnAoQqLP9+Ll4S+mFHt2wZ3ENtN79Dbqw=,tag:qVpocN3FxlHfte2hAmtGPA==,type:str]
|
||||||
dawncraft.env: ENC[AES256_GCM,data:8n1ymQZpMeVwTyoHhccV+W5diMLcsZw5zZQy4Z4eaMcLFk8ey3SeXkCf9+GnqpIU5xIZfCP1ZqeSxR03kJx3TPbQeBLZeN/QAYBxHOg/tjXIE6jdIGv0INkVLkExKPlvGN8F+ijwYkwgfqlhKPBf+Q==,iv:EMGlqUxcfvxqn1G1NohrAtJP/fLdolP++zcvaxIvVR4=,tag:1+ueIDCJTxmM586Z7i0aUA==,type:str]
|
dawncraft.env: ENC[AES256_GCM,data:8n1ymQZpMeVwTyoHhccV+W5diMLcsZw5zZQy4Z4eaMcLFk8ey3SeXkCf9+GnqpIU5xIZfCP1ZqeSxR03kJx3TPbQeBLZeN/QAYBxHOg/tjXIE6jdIGv0INkVLkExKPlvGN8F+ijwYkwgfqlhKPBf+Q==,iv:EMGlqUxcfvxqn1G1NohrAtJP/fLdolP++zcvaxIvVR4=,tag:1+ueIDCJTxmM586Z7i0aUA==,type:str]
|
||||||
api.lyte.dev: ENC[AES256_GCM,data:14C5GQ41m/g7qHPzxlYoWjKWDOcm7MEDkuSofiuLfRNc/nji61t1eDbKX3d+SQL1UBchJFoBrWrUxnf0mUERhED1196z8vUq2jKEkcqKCAUS3soECInlb8zcxTcxaTFjYSjp1vUBdAn05AqLsF+hh9Bsm4fMQYjnHEZke9EmPZhuTlUdZa4eLv3+L3xAPHk2QIHQhdsjcTjGAZRMZOgTEcCvtGlb5pQuo11XmR2JzwzOXMC51WFDeOIWMAdO80yQBAdILso7rp1Nts/lwF0Bc9t7bNdHyoVTOA==,iv:jWGqUpXOTb/O972qXOqeX0EMFQLDKwaNHBqlpuGrZOk=,tag:uwB/jlAgESkLZ+vJ/OeV0A==,type:str]
|
api.lyte.dev: ENC[AES256_GCM,data:14C5GQ41m/g7qHPzxlYoWjKWDOcm7MEDkuSofiuLfRNc/nji61t1eDbKX3d+SQL1UBchJFoBrWrUxnf0mUERhED1196z8vUq2jKEkcqKCAUS3soECInlb8zcxTcxaTFjYSjp1vUBdAn05AqLsF+hh9Bsm4fMQYjnHEZke9EmPZhuTlUdZa4eLv3+L3xAPHk2QIHQhdsjcTjGAZRMZOgTEcCvtGlb5pQuo11XmR2JzwzOXMC51WFDeOIWMAdO80yQBAdILso7rp1Nts/lwF0Bc9t7bNdHyoVTOA==,iv:jWGqUpXOTb/O972qXOqeX0EMFQLDKwaNHBqlpuGrZOk=,tag:uwB/jlAgESkLZ+vJ/OeV0A==,type:str]
|
||||||
|
restic-rascal-passphrase: ENC[AES256_GCM,data:yonKbBh4riGwxc/qcj8F/qrgAtA1sWhYejw9rdOTdCNW3a7zL/Ny1+XCI/P3bMOsY6UTmg/gxA2itp4cSbvqjg==,iv:5GwaEExn7b3dIkCVehLxaBXW+nUuSexY/bcqfCUwF5Q=,tag:dinyyw2XeVoSnw/IsYfK0w==,type:str]
|
||||||
|
restic-rascal-ssh-private-key: ENC[AES256_GCM,data:ddsOs0XsayyQI9qc6LzwQpdDnfwNpbj8PbBJ5fyuqtlVNYndeLxaYcbZI2ULSUhgR1tN0FS+ggGTHQhVvjwksNvpskUGHNKkSLKH3D/mn5N9tsoeAblN4gZsloZdqXBVzEehumcQMdhh6iy6NkNbuinKrVKDhLV25PrFKuSBEYw9VHU7HAMW5Tfop3RzBXjZWETCDAR2OQa7d1dXsJ0Kw6b9RFmRe5MGQ0J7YhjdTg26JGMMVSeHvr5UbiUJkGA5RvOLEDM2Dfai7Lf8yRPZVxUl+rdRsNvNYEoYGu5rGLUFcuqIbQ+s40dP2uXwWauwkIvHUjEahkbP0httj4Kg3qIJBRPg7OuS+MOwAnLEAs3hl5zeBV396yA9qjWW8nhnbml58/uFFbfXbJWTM3r8cMpFbHKD+Ojo/99fm5Vy3pAMzNzEsHOaT+iyDYyNkV5OH1GyKK9n7kIRLdqmWe7GmaKXlwVvNUPi3RvLX9VXq83a4BuupFyTmaNfPGMs/17830aleV674+QVgKh3VyFtuJy6KBpMXDv16wFo,iv:S2I3h6pmKLxEc29E0zn2b8lscqA//5/ZMTV9q+/tdvs=,tag:ALeCT+nrVPDfS21xC555sA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -42,8 +44,8 @@ sops:
|
||||||
bGpacHFRSkJYUUMwOEh4cVBXZ1NESmsKa5EhZ7148ojCqZldukLcPLr93HqnpNgq
|
bGpacHFRSkJYUUMwOEh4cVBXZ1NESmsKa5EhZ7148ojCqZldukLcPLr93HqnpNgq
|
||||||
rMI0Nyz4Z4lkTVMRpA94zyNTkNwJ02/CYcKi8EJi6jGZnNPUTcnTwg==
|
rMI0Nyz4Z4lkTVMRpA94zyNTkNwJ02/CYcKi8EJi6jGZnNPUTcnTwg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-09-04T01:56:45Z"
|
lastmodified: "2024-09-04T15:59:57Z"
|
||||||
mac: ENC[AES256_GCM,data:Fya3eyW0EhWFNi0IWJUoFpZh0AGB9jCMrAx0wAuiZr1+gRWHk5RmLiw/bBCQjtYSF9EpI7joeOzTeIQcheL/oJChUHBTfdj3ZOzPZgUmMBXylV5XblIJrnub6ZSLdaSfsot29VRhobE8Mh3NfaJF5/+FAl3gHCUpNoEJE7R4WLg=,iv:di1j8BV24LxoQaL+dga7OeKlEsUhLobfO+z5nhoXCgk=,tag:e5RQeUzcv7bPk06Ger1u9w==,type:str]
|
mac: ENC[AES256_GCM,data:QDjNbqIMvZ+8hRd2jdywNiEoUrS3DXoLqmvgCTSWOjc4oT3zzhiS/4+fziPEK/eYDwi1XgA5+tZaINsZI8j9DCCq2R/I65Thv0WMaD3yUERsyf0zef3XcdhmxP4jkbeQ1NoIvd9G0uBtGWNn3cvjf4SuBK5ulmLLzGf92dTdd9g=,iv:Z0pcPzYpQLc+q3XDxEcb0g0lls7iWW5XZfkjl1tKhHU=,tag:rI+o0I/NHSYhIbEBJ7/c4g==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.0
|
version: 3.9.0
|
||||||
|
|
Loading…
Reference in a new issue