some marisa changes
changed marisa services (consul and vault)
This commit is contained in:
@@ -1,9 +1,9 @@
|
||||
{config, pkgs, ...}:
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
networking = {
|
||||
hostName = "Marisa";
|
||||
firewall = {
|
||||
allowedTCPPorts = [ 22 80 6060 5001 8800 8888 ];
|
||||
allowedTCPPorts = [ 22 80 6060 5001 8800 8888 4444 4445 ];
|
||||
allowedUDPPorts = [ 17840 ];
|
||||
};
|
||||
wireless = {
|
||||
@@ -13,10 +13,10 @@
|
||||
interfaces = {
|
||||
wlan0 = {
|
||||
useDHCP = false;
|
||||
ipv4.addresses = [ {
|
||||
ipv4.addresses = [{
|
||||
prefixLength = 24;
|
||||
address = "192.168.0.159";
|
||||
} ];
|
||||
}];
|
||||
};
|
||||
};
|
||||
wireguard.interfaces.wg0 = {
|
||||
|
||||
@@ -1,22 +1,68 @@
|
||||
{lib, config, pkgs, ...}:
|
||||
{ lib, config, pkgs, ... }:
|
||||
{
|
||||
services = {
|
||||
openssh = {
|
||||
enable = true;
|
||||
permitRootLogin = "yes";
|
||||
};
|
||||
/* nomad = {
|
||||
enable = true;
|
||||
enableDocker = true;
|
||||
settings = {
|
||||
data_dir = "/var/lib/nomad";
|
||||
server = {
|
||||
enable = true;
|
||||
bootstrap_expect = 1;
|
||||
};
|
||||
vault = {
|
||||
enabled = true;
|
||||
address = "https://10.55.0.2:6060";
|
||||
ca_path = "../../cert.pem";
|
||||
cert_file = "/var/vault/cert.pem";
|
||||
key_file = "/var/vault/key.pem";
|
||||
# allow_unauthenticated = true;
|
||||
create_from_role = "nomad-cluster";
|
||||
};
|
||||
|
||||
};
|
||||
};*/
|
||||
vault = {
|
||||
package = pkgs.vault-bin; enable = true;
|
||||
package = pkgs.vault-bin;
|
||||
enable = true;
|
||||
tlsCertFile = "/var/certs/cert.pem";
|
||||
tlsKeyFile = "/var/certs/key.pem";
|
||||
address = "0.0.0.0:8800";
|
||||
extraSettingsPaths = [ /var/vault/vault.hcl ];
|
||||
storageBackend = "postgresql";
|
||||
storageBackend = "file";
|
||||
storagePath = "/var/lib/vault";
|
||||
extraConfig = ''
|
||||
api_addr = "https://127.0.0.1:8800"
|
||||
ui = true
|
||||
'';
|
||||
};
|
||||
consul = {
|
||||
enable = true;
|
||||
webUi = true;
|
||||
extraConfig = rec {
|
||||
bootstrap = true;
|
||||
log_level = "DEBUG";
|
||||
enable_syslog = true;
|
||||
datacenter = "d1";
|
||||
bind_addr = "10.55.0.2";
|
||||
client_addr = bind_addr;
|
||||
primary_datacenter = "d1";
|
||||
node_name = "Marisa";
|
||||
server = true;
|
||||
connect = {
|
||||
enabled = true;
|
||||
};
|
||||
encrypt = "zdlcIl2Z4D01SdNQMv6fSfBN6OkQU10LAyPvwdQDwn4=";
|
||||
ca_file = "../../cert.pem";
|
||||
ports = {
|
||||
http = 4444;
|
||||
grpc = 4445;
|
||||
};
|
||||
};
|
||||
};
|
||||
vault-agent = {
|
||||
enable = true;
|
||||
settings = {
|
||||
@@ -58,10 +104,10 @@
|
||||
local gitea all ident map=gitea-map
|
||||
host vault all 10.55.0.2/32 md5
|
||||
host all all 192.168.0.110/32 md5
|
||||
'';
|
||||
'';
|
||||
identMap = ''
|
||||
gitea-map gitea gitea
|
||||
'';
|
||||
'';
|
||||
};
|
||||
gitea = {
|
||||
enable = true;
|
||||
@@ -79,22 +125,26 @@
|
||||
};
|
||||
settings = {
|
||||
oauth2_client = {
|
||||
ENABLE_AUTO_REGISTRATION = true;
|
||||
UPDATE_AVATAR = true;
|
||||
UPDATE_AVATAR = true;
|
||||
};
|
||||
ui = {
|
||||
DEFAULT_THEME="arc-green";
|
||||
DEFAULT_THEME = "arc-green";
|
||||
};
|
||||
security = {
|
||||
LOGIN_REMEMBER_DAYS = 50;
|
||||
};
|
||||
server = {
|
||||
SSH_PORT = lib.mkForce 22001;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
# systemd.services.consul.serviceConfig.Type = "notify";
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHingN2Aho+KGgEvBMjtoez+W1svl9uVoa4vG0d646j"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPX1HDzWpoaOcU8GDEGuDzXgxkCpyeqxRR6gLs/8JgHw"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK06ZUa9BKmZ6m+xapBjOAm10OCLzxIm8ais20wQC47m"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSQnDNrNP69tIK7U2D7qaMjycfIjpgx0at4U2D5Ufib"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK5V/hdkTTQSkDLXaEwY8xb/T8+sWtw5c6UjYOPaTrO8"
|
||||
];
|
||||
security.pki.certificateFiles = [ ../../cert.pem ];
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user