natto1784/dotfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Satori:added vault-agent, changed hardware config

Browse Source
This commit is contained in:
Amneesh Singh
2021-06-07 10:05:51 +05:30
parent b9b297ae0f
commit 7602cbf16a
6 changed files with 60 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
hosts/personal/satori/hardware.nix
View File

@@ -7,42 +7,41 @@
];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/4c02ddf5-d00e-4d84-856f-c327ae44d047";
{
device = "/dev/disk/by-uuid/4c02ddf5-d00e-4d84-856f-c327ae44d047";
fsType = "btrfs";
options = ["compress-force=zstd:2"];
};
fileSystems."/boot/efi" =
{ device = "/dev/disk/by-uuid/58B1-4631";
{
device = "/dev/disk/by-uuid/58B1-4631";
fsType = "vfat";
};
fileSystems."/home" =
{ device = "/dev/nvme0n1p6";
fsType = "ext4";
};
fileSystems."/mnt/Stuff" =
{ device = "/dev/sda2";
fsType = "ntfs";
options = ["uid=natto" "gid=users" "umask=0022" "rw"];
};
fileSystems."/mnt/Games" =
{ device = "/dev/sda4";
{
device = "/dev/disk/by-uuid/843E68573E6843F0";
fsType = "ntfs";
options = ["uid=natto" "gid=users" "umask=0022" "rw"];
};
fileSystems."/mnt/Extra" =
{ device = "/dev/sda3";
{
device = "/dev/disk/by-uuid/32EE9F63EE9F1DE3";
fsType = "ntfs";
options = ["uid=natto" "gid=users" "umask=0022" "rw"];
};
fileSystems."/mnt/LinuxGames" =
{ device = "/dev/sda5";
fsType = "btrfs";
options = ["rw" "compress-force=zstd:2"];
fileSystems."/mnt/Games" =
{
device = "/dev/disk/by-uuid/A4CC66B6CC668282";
fsType = "ntfs";
options = ["uid=natto" "gid=users" "umask=0022" "rw"];
};
fileSystems."/mnt/Stuff2" =
{
device = "/dev/disk/by-uuid/e5be3621-8608-4ffe-bd33-5e6d22fef4ff";
fsType = "btrfs";
options = ["compress-force=zstd:1"];
};
swapDevices = [ {device = "/dev/nvme0n1p7";} ];
powerManagement = {
enable = true;

2
hosts/personal/satori/networking.nix
View File

@@ -21,7 +21,7 @@
wireguard.interfaces.wg0 = {
ips = [ "10.55.0.3/32" ];
listenPort = 17840;
privateKeyFile = "/var/secrets/wg";
privateKeyFile = "/var/secrets/wg.key";
peers = [
{
#Oracle VM1

32
hosts/personal/satori/services.nix
View File

@@ -24,11 +24,34 @@
enable = true;
permitRootLogin = "yes";
};
/* vault = {
vault-agent = {
enable = true;
storageBackend = "mysql";
storagePath = "/var/db";
};*/
settings = {
vault = {
address = "https://10.55.0.2:8800";
client_cert = "/var/vault/cert.pem";
client_key = "/var/vault/key.pem";
};
auto_auth = {
method = [
{
"cert" = {
name = "Satori";
};
}
];
};
template = [
{
source = pkgs.writeText "wg.tpl" ''
{{ with secret "kv/systems/Satori/wg" }}{{ .Data.data.private }}{{ end }}
'';
destination = "/var/secrets/wg.key";
}
];
};
};
};
systemd.services = {
tor.wantedBy = lib.mkForce [];
@@ -38,4 +61,5 @@
#printing.wantedBy = lib.mkForce [];
#vault.wantedBy = lib.mkForce [];
};
security.pki.certificateFiles = [ ../../../cert.pem ];
}