Add pinetab2
This commit is contained in:
parent
58fafcb748
commit
3ab62e38f3
57
flake.lock
57
flake.lock
|
@ -9,11 +9,11 @@
|
|||
"utils": "utils"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1683779844,
|
||||
"narHash": "sha256-sIeOU0GsCeQEn5TpqE/jFRN4EGsPsjqVRsPdrzIDABM=",
|
||||
"lastModified": 1685948350,
|
||||
"narHash": "sha256-1FldJ059so0X/rScdbIiOlQbjjSNCCTdj2cUr5pHU4A=",
|
||||
"owner": "serokell",
|
||||
"repo": "deploy-rs",
|
||||
"rev": "c80189917086e43d49eece2bd86f56813500a0eb",
|
||||
"rev": "65211db63ba1199f09b4c9f27e5eba5ec50d76ac",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -43,11 +43,11 @@
|
|||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1681202837,
|
||||
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
|
||||
"lastModified": 1685518550,
|
||||
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
|
||||
"rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -58,11 +58,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1685383865,
|
||||
"narHash": "sha256-3uQytfnotO6QJv3r04ajSXbEFMII0dUtw0uqYlZ4dbk=",
|
||||
"lastModified": 1686020360,
|
||||
"narHash": "sha256-Wee7lIlZ6DIZHHLiNxU5KdYZQl0iprENXa/czzI6Cj4=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "5e871d8aa6f57cc8e0dc087d1c5013f6e212b4ce",
|
||||
"rev": "4729ffac6fd12e26e5a8de002781ffc49b0e94b7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -74,11 +74,11 @@
|
|||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1685215858,
|
||||
"narHash": "sha256-IRMFoDXA6cYx3ifVw3B2JcC4JrjT5v7tRAx2vro2Ffs=",
|
||||
"lastModified": 1685758009,
|
||||
"narHash": "sha256-IT4Z5WGhafrq+xbDTyuKrRPRQ1f+kVOtE+4JU1CHFeo=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "ba6e4ddeb3e8ad3f3e3bec63dafbc9fe558729bb",
|
||||
"rev": "eaf03591711b46d21abc7082a8ebee4681f9dbeb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -90,16 +90,16 @@
|
|||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1685314633,
|
||||
"narHash": "sha256-8LXBPqTQXl5ofkjpJ18JcbmLJ/lWDoMxtUwiDYv0wro=",
|
||||
"lastModified": 1685865905,
|
||||
"narHash": "sha256-XJZ/o17eOd2sEsGif+/MQBnfa2DKmndWgJyc7CWajFc=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "c8a17ce7abc03c50cd072e9e6c9b389c5f61836b",
|
||||
"rev": "e7603eba51f2c7820c0a182c6bbb351181caa8e7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-22.11",
|
||||
"ref": "nixos-23.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
|
@ -120,15 +120,16 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1685383851,
|
||||
"narHash": "sha256-P5TztZnMefgSU5Uc/WMbt1HzYi3RihvaBtjKT8ETC9s=",
|
||||
"owner": "nabam",
|
||||
"lastModified": 1686070124,
|
||||
"narHash": "sha256-ZDJKYcIs6KhKk/cN1cbZ/Eeglj3nyEKjdgPeX6eR/P8=",
|
||||
"owner": "asonix",
|
||||
"repo": "nixos-rockchip",
|
||||
"rev": "7d78934e69139b95ae926fcf23a7773f713d5043",
|
||||
"rev": "4207133777a4ba7671810ac666c180e93def2943",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nabam",
|
||||
"owner": "asonix",
|
||||
"ref": "asonix/pinetab2",
|
||||
"repo": "nixos-rockchip",
|
||||
"type": "github"
|
||||
}
|
||||
|
@ -151,11 +152,11 @@
|
|||
"rockchip": "rockchip"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1685476309,
|
||||
"narHash": "sha256-O/soXbBGha4XTwl/kvIJi7xG0Eyz1O3CS7V2RIj+aPo=",
|
||||
"lastModified": 1686167917,
|
||||
"narHash": "sha256-yZRKsPjV1pRe4fxMI/OKd9BLkBNzx3I5TSZaPux9X9s=",
|
||||
"ref": "asonix/nabam-sd-image",
|
||||
"rev": "caefc7dc4a9fa3e32e1986ecde5b7bb4cc661e1d",
|
||||
"revCount": 30,
|
||||
"rev": "f606e4ebc4e7f4cc898b37fbc27079546ea6ea1d",
|
||||
"revCount": 39,
|
||||
"type": "git",
|
||||
"url": "https://git.asonix.dog/asonix/sd-images"
|
||||
},
|
||||
|
@ -173,11 +174,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1685434555,
|
||||
"narHash": "sha256-aZl0yeaYX3T2L3W3yXOd3S9OfpS+8YUOT2b1KwrSf6E=",
|
||||
"lastModified": 1685848844,
|
||||
"narHash": "sha256-Iury+/SVbAwLES76QJSiKFiQDzmf/8Hsq8j54WF2qyw=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "876846cde9762ae563f018c17993354875e2538e",
|
||||
"rev": "a522e12ee35e50fa7d902a164a9796e420e6e75b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
21
flake.nix
21
flake.nix
|
@ -26,6 +26,7 @@
|
|||
subvolumesModule = import ./modules/subvolumes;
|
||||
k3sModule = import ./modules/k3s;
|
||||
networkModule = import ./modules/network;
|
||||
wireguardModule = import ./modules/wireguard;
|
||||
|
||||
makeConfig = { hostname, extraModules ? [ ] }:
|
||||
nixpkgs.lib.nixosSystem {
|
||||
|
@ -885,6 +886,22 @@
|
|||
serverIp = "192.168.20.120";
|
||||
};
|
||||
|
||||
pinetab2 = makeConfig {
|
||||
hostname = "pinetab2";
|
||||
extraModules = [
|
||||
{
|
||||
sops.secrets.pinetabWireguardKey = {
|
||||
format = "binary";
|
||||
sopsFile = ./secrets/pinetabWireguardKey.bin;
|
||||
};
|
||||
}
|
||||
({ config, ... }: wireguardModule {
|
||||
address = "192.168.5.13/24";
|
||||
privateKeyFile = config.sops.secrets.pinetabWireguardKey.path;
|
||||
})
|
||||
] ++ sd-images.packages.${system}.PineTab2.modules;
|
||||
};
|
||||
|
||||
backup1 =
|
||||
let
|
||||
k3sMain = { ip, name }: {
|
||||
|
@ -1105,6 +1122,10 @@
|
|||
name = "backup1";
|
||||
ip = "192.168.20.190";
|
||||
}
|
||||
{
|
||||
name = "pinetab2";
|
||||
ip = "192.168.5.13";
|
||||
}
|
||||
];
|
||||
in
|
||||
builtins.foldl'
|
||||
|
|
23
modules/wireguard/default.nix
Normal file
23
modules/wireguard/default.nix
Normal file
|
@ -0,0 +1,23 @@
|
|||
{ address, privateKeyFile }:
|
||||
|
||||
{
|
||||
networking.firewall = {
|
||||
allowedUDPPorts = [ 51820 ];
|
||||
};
|
||||
|
||||
networking.wg-quick.interfaces = {
|
||||
wg0 = {
|
||||
inherit privateKeyFile;
|
||||
address = [ address ];
|
||||
dns = [ "192.168.5.1" ];
|
||||
peers = [
|
||||
{
|
||||
publicKey = "lQYGzNIxgUrDmU32rlnmnc72dK7TSH7hxts3tMtE+VQ=";
|
||||
allowedIPs = [ "192.168.5.0/24" "192.168.6.0/24" "192.168.20.0/24" ];
|
||||
endpoint = "wg.asonix.dog:51820";
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
24
secrets/pinetabWireguardKey.bin
Normal file
24
secrets/pinetabWireguardKey.bin
Normal file
|
@ -0,0 +1,24 @@
|
|||
{
|
||||
"data": "ENC[AES256_GCM,data:nnxo2r4z7oywpCMLCXqP2PpOhmdLGNnRnAg27puCdV8HZgcFcSdDc0oHebKS,iv:r+QXZHgMaeK1RCAboSzz9Cbmm6nKd6OyOALeBWoKqDg=,tag:ZpKhyX1Ugp415ZX7+mvhvw==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age17yhtwnhqjssghc5qqamt0fqdu27zpqms8d8ghrc0txeevywfp3ssklfy57",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkbGE3Q0hYdlo4WTM0TTJN\nSXVuNTBCV2c4SEdCcTVLTURZcXpIQUd3RHpBCnNUVG5Eam4vNnFiVks0MmMwNVVr\nQ0RtQ2FBTkRiWnRMak5WVkJFcWREaDgKLS0tIDJBMlBTZHRrU0tUb01VY3g3NEMw\nemxlUUtDcDJkcThFVDZONTkrL3ZPbTQK+DDVUgjxomdaJt21U1lsRno/BqDsx5YO\nfKQ7iStlaxtzjeTtUIDHNQiWi4v7WGV0c86OrPmSL89l0Q/OOGinIA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age145uwrexj6ffaaxy7jg3j29gtchhwy0y0nttw06zeuxkqsy8rnpds7fh7xq",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5SzNsNC9BdXk5Q0tGNTdt\nZUhXTzJMekwyUXZOZmR6cUVuTThmTTFuRjF3Cmt1UDRsd212SnJIcG1ieVRvSitN\nUVpJUURHMDZLRHQ0RHNQcGtWckxoSzQKLS0tICtCZTJyeWxNRjZQYTZyaHpwVmta\neXB3cnNrZzBUQWFMbFAvTUE5VlUvdncKiJst1DTCMAW85WNk5/w2ZL9fNsknyIoN\nzpzCTlvjyZohKddGTBud9z2PsOtYq4w6cSy67jMslhTV7BxMfims9g==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2023-06-07T17:35:25Z",
|
||||
"mac": "ENC[AES256_GCM,data:G0IDHtGaNgfgsPEm3nXU/mJMkyKMzLViHACm4BM4diAdJKrXGtgDLcWAuVxL84lwr5JdDmp42XLBYwm1K1/Rgg1n23lhEUIL9HTJXqeozHL4JcDaIChukc/aB0zliYl5WC5nL74ptrC9RFR1foLKXH//sG4MGyWnS/pY5qUef24=,iv:Et1L+ZzpwVlXx5/IANHSklFbQZOCuPihqNuFT1YGdKs=,tag:z+3LbN027PFwBSkvYLxvug==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.7.3"
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue