diff options
-rw-r--r-- | kartei/lass/orange.nix | 38 | ||||
-rw-r--r-- | lass/1systems/orange/config.nix | 21 | ||||
-rw-r--r-- | lass/1systems/orange/physical.nix | 7 | ||||
-rw-r--r-- | lass/2configs/orange-host.nix | 15 |
4 files changed, 81 insertions, 0 deletions
diff --git a/kartei/lass/orange.nix b/kartei/lass/orange.nix new file mode 100644 index 000000000..7f656c260 --- /dev/null +++ b/kartei/lass/orange.nix @@ -0,0 +1,38 @@ +{ r6, w6, ... }: +{ + nets = { + retiolum = { + ip4.addr = "10.243.0.15"; + ip6.addr = r6 "012a"; + aliases = [ + "orange.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAlnHedIf4f3/6Wfl5PSSz+7KvdIMkygp5m/U270sdPBh46MqYa8cn + OfPq40LcbWIZqAVex7mP+fK7vq8LTIr+sCKvzY46o3ZLbQQ7cCtQi02GFnSAPhVT + 4XEmPn9dX/nRmI8xQqzh5jRMpgeOKE+xY6QfgkERD9mflkJi5dGYCOVW1UUK7pHR + 7giCrUiLuQbUeIz+G7KOeIRHxU8dwD8it1Jk6KxdM3MW6HwFsuqZu0qjbBPKhTEe + fgzSTDtZEGmcQw5vA/RwjxoRvKYThbK/lLoVJItFAhUCWUJA8bJuIanwzPfOF0JO + xWkxiY3ntvn5ykbvhF6LoHE+kEfcBJzBfRFRSXV5qU5wW1FC4AQylUDrest/qXQh + DY8boUqK/hi/MlC2ciPH+DlBOi5wduWty8F0KqNzjg1IIEOk8H+z9hgBDbdJnYHH + MBjYOZ3MFpoNb2VCJTE7dlIarVdH1OOO2KkzX/GGW7wGQK94iqLHjBcGl15GcGOz + EOivq+783VOtzZGS4jd8D0OcCo725FzhuWi6KR5QTljwrd5C1gGFoAW7RCsUiveZ + 0by9aB+G2DWmSRWZsmPnnbYo6yPvp+WR2yfPu1pKwjyNsmAgTYm4bkwRIvODb6Xk + ShgawP5V8RDp+hUmr27KgJvUJnQbVeJf9SO1pT7IfNOjLwHv26iOo7UCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "dVIOgHjuKLDJ+QB+sDjL9Pk3pXs8wKo+gemGvNG3z1H"; + }; + wiregrill = { + ip6.addr = w6 "012a"; + aliases = [ + "orange.w" + ]; + wireguard.pubkey = '' + NP8zM9+ocwsHhY9Rn6tFqIU1FR8JidqtDs7IKpl3yU8= + ''; + }; + }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnHnTPPwMW1Oy3DBuaT4fG5ryhWmVS9Y8Sw0ezUGuLn"; +} diff --git a/lass/1systems/orange/config.nix b/lass/1systems/orange/config.nix new file mode 100644 index 000000000..3c13ebe85 --- /dev/null +++ b/lass/1systems/orange/config.nix @@ -0,0 +1,21 @@ +with import <stockholm/lib>; +{ config, lib, pkgs, ... }: +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs> + <stockholm/lass/2configs/retiolum.nix> + ]; + + krebs.build.host = config.krebs.hosts.orange; + + security.acme = { + acceptTerms = true; + defaults.email = "acme@lassul.us"; + }; + + lass.sync-containers3.inContainer = { + enable = true; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQWzKuXrwQopBc1mzb2VpljmwAs7Y8bRl9a8hBXLC+l"; + }; +} diff --git a/lass/1systems/orange/physical.nix b/lass/1systems/orange/physical.nix new file mode 100644 index 000000000..8577daf34 --- /dev/null +++ b/lass/1systems/orange/physical.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./config.nix + ]; + boot.isContainer = true; + networking.useDHCP = true; +} diff --git a/lass/2configs/orange-host.nix b/lass/2configs/orange-host.nix new file mode 100644 index 000000000..3fbf417a7 --- /dev/null +++ b/lass/2configs/orange-host.nix @@ -0,0 +1,15 @@ +{ config, pkgs, ... }: +{ + lass.sync-containers3.containers.orange = { + sshKey = "${toString <secrets>}/orange.sync.key"; + }; + services.nginx.virtualHosts."lassul.us" = { + # enableACME = config.security; + # forceSSL = true; + locations."/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://orange.r"; + }; + }; +} |