natto1784/dotfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

hosts/marisa: random changes

Browse Source 
Signed-off-by: natto1784 <natto@weirdnatto.in>
This commit is contained in:
Amneesh Singh
2022-10-27 01:33:17 +05:30
parent e8120c9a57
commit 661910f8d6
12 changed files with 144 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
consul-agent-ca.pem
View File

@@ -1,18 +1,18 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIC7TCCApSgAwIBAgIRALFjjI2cjNlictQWYya1oKkwCgYIKoZIzj0EAwIwgbkx MIIC7jCCApSgAwIBAgIRAMFIx6TUVrRAUeIXb57HF3gwCgYIKoZIzj0EAwIwgbkx
CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj
bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw
FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB
IDIzNTc5MDI0MzM5OTg5MDQyMDkwMDc4NzE2NTg4MzY1NjQxMzM1MzAeFw0yMjAx IDI1NjkxODg5NzgxODk0ODY5MDk5NjUyNTU0MzM3NjIzMzYzMzY1NjAeFw0yMjEw
MjIwNTM3MTNaFw0yNzAxMjEwNTM3MTNaMIG5MQswCQYDVQQGEwJVUzELMAkGA1UE MjMxMjUxMDRaFw0yNzEwMjIxMjUxMDRaMIG5MQswCQYDVQQGEwJVUzELMAkGA1UE
CBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGjAYBgNVBAkTETEwMSBTZWNv CBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGjAYBgNVBAkTETEwMSBTZWNv
bmQgU3RyZWV0MQ4wDAYDVQQREwU5NDEwNTEXMBUGA1UEChMOSGFzaGlDb3JwIElu bmQgU3RyZWV0MQ4wDAYDVQQREwU5NDEwNTEXMBUGA1UEChMOSGFzaGlDb3JwIElu
Yy4xQDA+BgNVBAMTN0NvbnN1bCBBZ2VudCBDQSAyMzU3OTAyNDMzOTk4OTA0MjA5 Yy4xQDA+BgNVBAMTN0NvbnN1bCBBZ2VudCBDQSAyNTY5MTg4OTc4MTg5NDg2OTA5
MDA3ODcxNjU4ODM2NTY0MTMzNTMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7 OTY1MjU1NDMzNzYyMzM2MzM2NTYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQv
/XOebThO8wdSVCE42mrvl5emMofZkzlRJ81BJacp9ZsenkW66U2QWhCJ/o8iXFcI tcFGqOowIT/b5BefJv01uQaRCnaGnFJVC1TXe9WEyA4Lw1/+N8LQwiPSv4jp+IUF
O7hCQVOqSKHV800q1j95o3sweTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUw ec8n6fHbX0XgHxQYgeMYo3sweTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUw
AwEB/zApBgNVHQ4EIgQgp5evx9TUR9LT7R8sm+OhNWTLPqwwADMIeY8Th59ICX0w AwEB/zApBgNVHQ4EIgQgNli2bO4+L+2+K/cSffjSKMGowla+pq5nW2ygI94ies8w
KwYDVR0jBCQwIoAgp5evx9TUR9LT7R8sm+OhNWTLPqwwADMIeY8Th59ICX0wCgYI KwYDVR0jBCQwIoAgNli2bO4+L+2+K/cSffjSKMGowla+pq5nW2ygI94ies8wCgYI
KoZIzj0EAwIDRwAwRAIgF7XqHjWG7MlzHfPkkonfn/WyzD2HNg3y/hvnjlPY6q4C KoZIzj0EAwIDSAAwRQIhAO9CkARtyOsZnTNgTUOwKX28UV0YEYus12iv/rDVpK0y
ICQS82jw2Rw9qhd3lsOL5xiJV0aC+NzOPAZ1MbFf+h9z AiBgmfIEzC+Lkitst6O3pahAneltSKid65Racp8lGKrRhg==
-----END CERTIFICATE----- -----END CERTIFICATE-----

110
flake.lock generated
View File

@@ -22,11 +22,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1663268366, "lastModified": 1666471010,
"narHash": "sha256-nQL25OVRJNxT5xdNjuz0W0HCZ4abd9gn96nJEYq1Fl8=", "narHash": "sha256-Ehq7DB68ue5YHJ8sUNJXZhhW4fcT1oc2NkpQPVvrB2c=",
"owner": "nix-community", "owner": "nix-community",
"repo": "emacs-overlay", "repo": "emacs-overlay",
"rev": "19952866828a8d8a08e0e264ad1842e585eadc23", "rev": "ef5d67c561a8b6ce001dbc555814fdb21c7bd5dd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -83,11 +83,11 @@
}, },
"flake-utils_3": { "flake-utils_3": {
"locked": { "locked": {
"lastModified": 1656928814, "lastModified": 1659877975,
"narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -102,11 +102,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1663227421, "lastModified": 1666463764,
"narHash": "sha256-8M2ZQPLQw0CUylKbF8pgDMQ5vxOH4i0rxwUhtPIsf7Q=", "narHash": "sha256-NmayV9S0s7CgNEA2QbIxDU0VCIiX6bIHu8PCQPnYHDM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "5408e27961599b1350b651f88715daf6e67244a7", "rev": "69d19b9839638fc487b370e0600a03577a559081",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -157,11 +157,11 @@
}, },
"master": { "master": {
"locked": { "locked": {
"lastModified": 1663270227, "lastModified": 1666486259,
"narHash": "sha256-HWnPdlG+48f5Vgmco2Iij/20AjQuKjaNUJhh/VgbV5Q=", "narHash": "sha256-9G1mE2tz9BRpO7rdkDtnkLYUQ0H2fhWWNdJ2EIXDDt8=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c2e7745b08a303b468fcaced4bf0774900aba9bc", "rev": "e14c21ee3c0ee09f805b30fe17d39fced6e81fba",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -177,11 +177,11 @@
"utils": "utils_3" "utils": "utils_3"
}, },
"locked": { "locked": {
"lastModified": 1662138272, "lastModified": 1663533210,
"narHash": "sha256-qklVL7qFzyiIIm00AKRLE+uCYppTQ/S5C6exg0j2fSY=", "narHash": "sha256-it24pt41yHYhcpfqnEaws7utoNxFFrH/HwBCD/9omkY=",
"owner": "nbfc-linux", "owner": "nbfc-linux",
"repo": "nbfc-linux", "repo": "nbfc-linux",
"rev": "c6abef1b9f4ec4bb8a2eb4d7e70c1fccbb320677", "rev": "0396c35b2afc02a705bb53c2fadb7b4f54915d97",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -200,11 +200,11 @@
}, },
"locked": { "locked": {
"dir": "contrib", "dir": "contrib",
"lastModified": 1663212973, "lastModified": 1666396419,
"narHash": "sha256-d0dhVnwoWZEsEdtRIZiiadOcCNcddkdk4QHKg2Vnt9E=", "narHash": "sha256-jCFc/dTsDfyyenzmtOm9u3MSZQHsHo46xZ7T+2HiY7c=",
"owner": "neovim", "owner": "neovim",
"repo": "neovim", "repo": "neovim",
"rev": "89b9eab638d5e6467156c25f0d54df48d861ca16", "rev": "2f9b94a26836ecb081c717e23913f5b6576cce99",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -219,11 +219,11 @@
"nixpkgs": "nixpkgs_6" "nixpkgs": "nixpkgs_6"
}, },
"locked": { "locked": {
"lastModified": 1662742160, "lastModified": 1665951041,
"narHash": "sha256-zamqdHF0Pp0AkgfDnZdLnAZTfgrTV11dYO9rDsfqfW8=", "narHash": "sha256-YK4cWVHsP/OhMWhO/n9s7QkziAVetPkNHtIEhwlBmGc=",
"owner": "fufexan", "owner": "fufexan",
"repo": "nix-gaming", "repo": "nix-gaming",
"rev": "a37f98a7a81d5ffac328fac06c3f6ad17f90c7d7", "rev": "05534322548e7bd6b2318bad0fbf2ae904a30c11",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -234,11 +234,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1663235518, "lastModified": 1650970888,
"narHash": "sha256-q8zLK6rK/CLXEguaPgm9yQJcY0VQtOBhAT9EV2UFK/A=", "narHash": "sha256-K0Qk6YbkyxBbszkBKCxsLA+jrQpaecf0X8iIO8frS48=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2277e4c9010b0f27585eb0bed0a86d7cbc079354", "rev": "27a62a9c603d0d832141682cb4f34964d7b48ebb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -279,11 +279,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1663235518, "lastModified": 1650970888,
"narHash": "sha256-q8zLK6rK/CLXEguaPgm9yQJcY0VQtOBhAT9EV2UFK/A=", "narHash": "sha256-K0Qk6YbkyxBbszkBKCxsLA+jrQpaecf0X8iIO8frS48=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2277e4c9010b0f27585eb0bed0a86d7cbc079354", "rev": "27a62a9c603d0d832141682cb4f34964d7b48ebb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -323,11 +323,11 @@
}, },
"nixpkgs_6": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1656401090, "lastModified": 1663491030,
"narHash": "sha256-bUS2nfQsvTQW2z8SK7oEFSElbmoBahOPtbXPm0AL3I4=", "narHash": "sha256-MVsfBhE9US5DvLtBAaTRjwYdv1tLO8xjahM8qLXTgTo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "16de63fcc54e88b9a106a603038dd5dd2feb21eb", "rev": "767542707d394ff15ac1981e903e005ba69528b5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -339,11 +339,11 @@
}, },
"nixpkgs_7": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1663235518, "lastModified": 1666424192,
"narHash": "sha256-q8zLK6rK/CLXEguaPgm9yQJcY0VQtOBhAT9EV2UFK/A=", "narHash": "sha256-rb/a7Kg9s31jqkvdOQHFrUc5ig5kB+O2ZKB8mjU2kW8=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2277e4c9010b0f27585eb0bed0a86d7cbc079354", "rev": "4f8287f3d597c73b0d706cfad028c2d51821f64d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -355,27 +355,27 @@
}, },
"nixpkgs_8": { "nixpkgs_8": {
"locked": { "locked": {
"lastModified": 1663087123, "lastModified": 1666333455,
"narHash": "sha256-cNIRkF/J4mRxDtNYw+9/fBNq/NOA2nCuPOa3EdIyeDs=", "narHash": "sha256-oHXIeLB/sPWxKNcSdV1DQi1ddNVoJ17T1yDiMMeygL4=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9608ace7009ce5bc3aeb940095e01553e635cbc7", "rev": "93e0ac196106dce51878469c9a763c6233af5c57",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-unstable", "ref": "nixpkgs-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_9": { "nixpkgs_9": {
"locked": { "locked": {
"lastModified": 1659102345, "lastModified": 1665296151,
"narHash": "sha256-Vbzlz254EMZvn28BhpN8JOi5EuKqnHZ3ujFYgFcSGvk=", "narHash": "sha256-uOB0oxqxN9K7XGF1hcnY+PQnlQJ+3bP2vCn/+Ru/bbc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "11b60e4f80d87794a2a4a8a256391b37c59a1ea7", "rev": "14ccaaedd95a488dd7ae142757884d8e125b3363",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -387,11 +387,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1663266400, "lastModified": 1666483270,
"narHash": "sha256-6A/5qljK1pauDxSrHS8IR8ZS0raFB4UFwL7e+TjM3qU=", "narHash": "sha256-eqrah9Jf+Wk28mpT2OsqwkWcnxKHltmRt/N3U4gUx1I=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "e77ed0cd9190592525937030c68fa487ce79e0e0", "rev": "1970f883e139b06ae109ad2ca2c45b7fa987afb9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -407,11 +407,11 @@
"nixpkgs": "nixpkgs_8" "nixpkgs": "nixpkgs_8"
}, },
"locked": { "locked": {
"lastModified": 1663230013, "lastModified": 1666426819,
"narHash": "sha256-te3ZzGAWGoWhbUmk8KTO+Tidn5nShRVcStpDAV167Fg=", "narHash": "sha256-28rlBhbY+ZX2uUze5HVR4a5y6fVuyPuU9+NWtxmg6dk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "neovim-nightly-overlay", "repo": "neovim-nightly-overlay",
"rev": "a11980308a32ec895bdc8a2ea3d6ed022d7a615d", "rev": "72ceb9a0def71a405c97a2b86bc08096c3c49157",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -461,11 +461,11 @@
"nixpkgs": "nixpkgs_9" "nixpkgs": "nixpkgs_9"
}, },
"locked": { "locked": {
"lastModified": 1663210994, "lastModified": 1666407365,
"narHash": "sha256-CvuR+v3FClg/En4LDdLOhLQApAZ9xZZaxeDadfwIBkw=", "narHash": "sha256-eD1hN+Uez7oOKl9BgvfBydQOCEqfoLuezoGfR6t0nzI=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "f34d44aef4ca7c11e66ed30ef46a93058a578c0f", "rev": "8ffc63427df1dc7e53fb96cb13b130028c258202",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -476,11 +476,11 @@
}, },
"stable": { "stable": {
"locked": { "locked": {
"lastModified": 1663067291, "lastModified": 1666401273,
"narHash": "sha256-1BTrqhLMamWf53sJobtMiUDI91PEw6xF8YEwg2VE8w4=", "narHash": "sha256-AG3MoIjcWwz1SPjJ2nymWu4NmeVj9P40OpB1lsmxFtg=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d86a4619b7e80bddb6c01bc01a954f368c56d1df", "rev": "3933d8bb9120573c0d8d49dc5e890cb211681490",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -492,11 +492,11 @@
}, },
"stable-small": { "stable-small": {
"locked": { "locked": {
"lastModified": 1663209136, "lastModified": 1666401273,
"narHash": "sha256-camNbaOhv/AD6vDr51H9xNjA7ytPvo8uKVlH5Bc+ZWQ=", "narHash": "sha256-AG3MoIjcWwz1SPjJ2nymWu4NmeVj9P40OpB1lsmxFtg=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "01ec6cc8e9064f51f538428fdb7311bcc44927ea", "rev": "3933d8bb9120573c0d8d49dc5e890cb211681490",
"type": "github" "type": "github"
}, },
"original": { "original": {

7
flake.nix
View File

@@ -68,6 +68,7 @@
commonModules = [ commonModules = [
./modules/nvim ./modules/nvim
./modules/vault-agent.nix ./modules/vault-agent.nix
./modules/cachix.nix
]; ];
serverModules = [ serverModules = [
./modules/min-pkgs.nix ./modules/min-pkgs.nix
@@ -101,7 +102,7 @@
nixosConfigurations = { nixosConfigurations = {
#Home laptop #Home laptop
Satori = nixpkgs.lib.nixosSystem rec { satori = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
./hosts/satori ./hosts/satori
@@ -114,7 +115,7 @@
}; };
#Home server (RPi4) #Home server (RPi4)
Marisa = nixpkgs.lib.nixosSystem rec { marisa = nixpkgs.lib.nixosSystem rec {
system = "aarch64-linux"; system = "aarch64-linux";
modules = [ modules = [
./hosts/marisa ./hosts/marisa
@@ -128,7 +129,7 @@
}; };
#Oracle Cloud VM #Oracle Cloud VM
Remilia = nixpkgs.lib.nixosSystem rec { remilia = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
./hosts/remilia ./hosts/remilia

BIN
hosts/marisa/.boot.nix.swp
View File

Binary file not shown.

7
hosts/marisa/boot.nix
View File

@@ -1,17 +1,18 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
boot = { boot = {
kernelParams = [ "console=ttyS0,115200n8" "console=ttyAMA0,115200" "console=tty0" "boot.shell_on_fail" ]; consoleLogLevel = 7;
kernelParams = [ "console=ttyS0,115200n8" "console=ttyAMA0,115200n8" "console=tty0" ];
kernelPackages = pkgs.linuxPackages_5_10; kernelPackages = pkgs.linuxPackages_5_10;
initrd.availableKernelModules = [ "xhci_pci" "usb_storage" "usbhid" "uas" "pcie-brcmstb" "vc4" ]; initrd.availableKernelModules = [ "xhci_pci" "usb_storage" "usbhid" "uas" "pcie-brcmstb" "vc4" ];
loader = { loader = {
grub.enable = false; grub.enable = false;
generic-extlinux-compatible.enable = true; generic-extlinux-compatible.enable = true;
/*raspberryPi= { /* raspberryPi= {
version = 4; version = 4;
firmwareConfig = "dtparam=sd_poll_once=on"; firmwareConfig = "dtparam=sd_poll_once=on";
enable = true; enable = true;
};*/ #conflicts with generic-extlinux-comaptible }; */
}; };
/* kernelPatches = [ /* kernelPatches = [
{ {

16
hosts/marisa/networking.nix
View File

@@ -1,21 +1,29 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
networking = { networking = {
hostName = "Marisa"; hostName = "marisa";
firewall = { firewall = {
allowedTCPPorts = [ 22 80 6060 5000 8800 6666 4444 4646 8500 222 5454 8080 ]; allowedTCPPorts = [ 22 80 6060 5001 8800 6666 4444 4646 8500 202 5454 8080 ];
allowedUDPPorts = [ 17840 ]; allowedUDPPorts = [ 17840 ];
}; };
wireless = { wireless = {
enable = false; enable = false;
iwd.enable = true; iwd.enable = true;
}; };
interfaces = { interfaces = {
eth0 = {
useDHCP = false;
ipv4.addresses = [{
prefixLength = 24;
address = "192.168.1.159";
}];
};
wlan0 = { wlan0 = {
useDHCP = false; useDHCP = false;
ipv4.addresses = [{ ipv4.addresses = [{
prefixLength = 24; prefixLength = 24;
address = "192.168.0.159"; address = "192.168.1.159";
}]; }];
}; };
}; };
@@ -33,7 +41,7 @@
} }
]; ];
}; };
defaultGateway = "192.168.0.1"; defaultGateway = "192.168.1.1";
nameservers = [ "1.1.1.1" "8.8.8.8" ]; nameservers = [ "1.1.1.1" "8.8.8.8" ];
}; };
} }

65
hosts/marisa/services.nix
View File

@@ -50,16 +50,13 @@
}; };
}; };
server = true; server = true;
connect = {
enabled = true;
};
ports = { ports = {
grpc = 8502; grpc = 8502;
}; };
connect = {
enabled = true;
};
encrypt = "+++consul_encryption+++"; encrypt = "+++consul_encryption+++";
ca_file = "/var/consul-certs/consul-agent-ca.pem";
cert_file = "/var/consul-certs/dc1-server-consul-0.pem";
key_file = "/var/consul-certs/dc1-server-consul-0-key.pem";
}); });
in in
lib.mkForce '' lib.mkForce ''
@@ -83,6 +80,7 @@
server = { server = {
enabled = true; enabled = true;
encrypt = "+++nomad_encryption+++"; encrypt = "+++nomad_encryption+++";
bootstrap_expect = 1;
}; };
plugin."docker" = { plugin."docker" = {
config = { config = {
@@ -98,9 +96,7 @@
}; };
}; };
client = { client = {
meta = { meta."connect.sidecar_image" = "envoyproxy/envoy:v1.21.5";
"connect.sidecar_image" = "envoyproxy/envoy:v1.20.1";
};
options = { options = {
"docker.privileged.enabled" = true; "docker.privileged.enabled" = true;
"docker.volumes.enabled" = true; "docker.volumes.enabled" = true;
@@ -111,6 +107,7 @@
vault = { vault = {
enabled = true; enabled = true;
token = "+++nomad_vault+++"; token = "+++nomad_vault+++";
task_token_ttl = "1h";
address = "https://10.55.0.2:8800"; address = "https://10.55.0.2:8800";
ca_file = "/var/rootcert/cert.pem"; ca_file = "/var/rootcert/cert.pem";
cert_file = "/var/certs/cert.pem"; cert_file = "/var/certs/cert.pem";
@@ -123,9 +120,6 @@
token = "+++nomad_consul+++"; token = "+++nomad_consul+++";
ssl = false; ssl = false;
allow_unauthenticated = false; allow_unauthenticated = false;
ca_file = "/var/consul-certs/consul-agent-ca.pem";
cert_file = "/var/consul-certs/dc1-server-consul-0.pem";
key_file = "/var/consul-certs/dc1-server-consul-0-key.pem";
auto_advertise = true; auto_advertise = true;
server_auto_join = true; server_auto_join = true;
client_auto_join = true; client_auto_join = true;
@@ -148,7 +142,6 @@
permitRootLogin = "yes"; permitRootLogin = "yes";
}; };
nomad = { nomad = {
package = pkgs.master.nomad;
enable = true; enable = true;
enableDocker = true; enableDocker = true;
dropPrivileges = false; dropPrivileges = false;
@@ -171,49 +164,13 @@
package = pkgs.master.consul; package = pkgs.master.consul;
extraConfigFiles = lib.singleton "/run/consul/consul.json"; extraConfigFiles = lib.singleton "/run/consul/consul.json";
}; };
vault-agent = { create_ap = {
enable = true; enable = true;
settings = { settings = {
vault = { INTERNET_IFACE = "eth0";
address = "https://10.55.0.2:8800"; PASSPHRASE = "agnishwar";
client_cert = "/var/certs/cert.pem"; SSID = "Marisa";
client_key = "/var/certs/key.pem"; WIFI_IFACE = "wlan0";
};
auto_auth = {
method = [
{
"cert" = {
name = "Marisa";
};
}
];
};
template = [
{
source = pkgs.writeText "wg.tpl" ''
{{ with secret "kv/systems/Marisa/wg" }}{{ .Data.data.private }}{{ end }}
'';
destination = "/var/secrets/wg.key";
}
{
source = pkgs.writeText "nomad_vault.tpl" ''
{{ with secret "kv/nomad" }}{{ .Data.data.vaultToken }}{{ end }}
'';
destination = "/var/secrets/nomad_vault.token";
}
{
source = pkgs.writeText "nomad_vault.tpl" ''
{{ with secret "kv/nomad" }}{{ .Data.data.consulToken }}{{ end }}
'';
destination = "/var/secrets/nomad_consul.token";
}
{
source = pkgs.writeText "nomad_encryption.tpl" ''
{{ with secret "kv/nomad" }}{{ .Data.data.encryptionKey }}{{ end }}
'';
destination = "/var/secrets/nomad_encryption.key";
}
];
}; };
}; };
}; };

13
modules/cachix.nix Normal file
View File

@@ -0,0 +1,13 @@
# WARN: this file will get overwritten by $ cachix use <name>
{ pkgs, lib, ... }:
let
folder = ./cachix;
toImport = name: value: folder + ("/" + name);
filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key;
imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder));
in {
inherit imports;
nix.binaryCaches = ["https://cache.nixos.org/"];
}

11
modules/cachix/natto1784.nix Normal file
View File

@@ -0,0 +1,11 @@
{
nix = {
binaryCaches = [
"https://natto1784.cachix.org"
];
binaryCachePublicKeys = [
"natto1784.cachix.org-1:DbCN+AvnAVEm2N1RDDv0vzLheX6U6gfzoCzNOYrZ3NQ="
];
};
}

11
modules/cachix/pain.nix Normal file
View File

@@ -0,0 +1,11 @@
{
nix = {
binaryCaches = [
"https://pain.cachix.org"
];
binaryCachePublicKeys = [
"pain.cachix.org-1:PDnZmOIBtBz8Z3a8t6TyOOUfnrlk0O6e7C8bnkKaK70="
];
};
}

11
modules/cachix/rpi4.nix Normal file
View File

@@ -0,0 +1,11 @@
{
nix = {
binaryCaches = [
"https://rpi4.cachix.org"
];
binaryCachePublicKeys = [
"rpi4.cachix.org-1:fMaYBuIlj/Sa9YTXnXMXoXnVZEoVhnFxOkxseKKlku8="
];
};
}

2
modules/x86builder.nix
View File

@@ -1,7 +1,7 @@
{config, ...}: {config, ...}:
{ {
nix.buildMachines = [ { nix.buildMachines = [ {
hostName = "Satori"; hostName = "satori";
systems = ["x86_64-linux" "aarch64-linux"]; systems = ["x86_64-linux" "aarch64-linux"];
maxJobs = 4; maxJobs = 4;
speedFactor = 2; speedFactor = 2;