asonix/sbc-deploys
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Add pinetab2

Browse source
This commit is contained in:
asonix 2023-06-07 15:04:46 -05:00
parent 58fafcb748
commit 3ab62e38f3
4 changed files with 97 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
flake.lock
View file

@ -9,11 +9,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1683779844,
"narHash": "sha256-sIeOU0GsCeQEn5TpqE/jFRN4EGsPsjqVRsPdrzIDABM=",
"lastModified": 1685948350,
"narHash": "sha256-1FldJ059so0X/rScdbIiOlQbjjSNCCTdj2cUr5pHU4A=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "c80189917086e43d49eece2bd86f56813500a0eb",
"rev": "65211db63ba1199f09b4c9f27e5eba5ec50d76ac",
"type": "github"
},
"original": {
@ -43,11 +43,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"lastModified": 1685518550,
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
"type": "github"
},
"original": {
@ -58,11 +58,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1685383865,
"narHash": "sha256-3uQytfnotO6QJv3r04ajSXbEFMII0dUtw0uqYlZ4dbk=",
"lastModified": 1686020360,
"narHash": "sha256-Wee7lIlZ6DIZHHLiNxU5KdYZQl0iprENXa/czzI6Cj4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5e871d8aa6f57cc8e0dc087d1c5013f6e212b4ce",
"rev": "4729ffac6fd12e26e5a8de002781ffc49b0e94b7",
"type": "github"
},
"original": {
@ -74,11 +74,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1685215858,
"narHash": "sha256-IRMFoDXA6cYx3ifVw3B2JcC4JrjT5v7tRAx2vro2Ffs=",
"lastModified": 1685758009,
"narHash": "sha256-IT4Z5WGhafrq+xbDTyuKrRPRQ1f+kVOtE+4JU1CHFeo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ba6e4ddeb3e8ad3f3e3bec63dafbc9fe558729bb",
"rev": "eaf03591711b46d21abc7082a8ebee4681f9dbeb",
"type": "github"
},
"original": {
@ -90,16 +90,16 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1685314633,
"narHash": "sha256-8LXBPqTQXl5ofkjpJ18JcbmLJ/lWDoMxtUwiDYv0wro=",
"lastModified": 1685865905,
"narHash": "sha256-XJZ/o17eOd2sEsGif+/MQBnfa2DKmndWgJyc7CWajFc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c8a17ce7abc03c50cd072e9e6c9b389c5f61836b",
"rev": "e7603eba51f2c7820c0a182c6bbb351181caa8e7",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-22.11",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
@ -120,15 +120,16 @@
]
},
"locked": {
"lastModified": 1685383851,
"narHash": "sha256-P5TztZnMefgSU5Uc/WMbt1HzYi3RihvaBtjKT8ETC9s=",
"owner": "nabam",
"lastModified": 1686070124,
"narHash": "sha256-ZDJKYcIs6KhKk/cN1cbZ/Eeglj3nyEKjdgPeX6eR/P8=",
"owner": "asonix",
"repo": "nixos-rockchip",
"rev": "7d78934e69139b95ae926fcf23a7773f713d5043",
"rev": "4207133777a4ba7671810ac666c180e93def2943",
"type": "github"
},
"original": {
"owner": "nabam",
"owner": "asonix",
"ref": "asonix/pinetab2",
"repo": "nixos-rockchip",
"type": "github"
}
@ -151,11 +152,11 @@
"rockchip": "rockchip"
},
"locked": {
"lastModified": 1685476309,
"narHash": "sha256-O/soXbBGha4XTwl/kvIJi7xG0Eyz1O3CS7V2RIj+aPo=",
"lastModified": 1686167917,
"narHash": "sha256-yZRKsPjV1pRe4fxMI/OKd9BLkBNzx3I5TSZaPux9X9s=",
"ref": "asonix/nabam-sd-image",
"rev": "caefc7dc4a9fa3e32e1986ecde5b7bb4cc661e1d",
"revCount": 30,
"rev": "f606e4ebc4e7f4cc898b37fbc27079546ea6ea1d",
"revCount": 39,
"type": "git",
"url": "https://git.asonix.dog/asonix/sd-images"
},
@ -173,11 +174,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1685434555,
"narHash": "sha256-aZl0yeaYX3T2L3W3yXOd3S9OfpS+8YUOT2b1KwrSf6E=",
"lastModified": 1685848844,
"narHash": "sha256-Iury+/SVbAwLES76QJSiKFiQDzmf/8Hsq8j54WF2qyw=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "876846cde9762ae563f018c17993354875e2538e",
"rev": "a522e12ee35e50fa7d902a164a9796e420e6e75b",
"type": "github"
},
"original": {

21
flake.nix
View file

@ -26,6 +26,7 @@
subvolumesModule = import ./modules/subvolumes;
k3sModule = import ./modules/k3s;
networkModule = import ./modules/network;
wireguardModule = import ./modules/wireguard;
makeConfig = { hostname, extraModules ? [ ] }:
nixpkgs.lib.nixosSystem {
@ -885,6 +886,22 @@
serverIp = "192.168.20.120";
};
pinetab2 = makeConfig {
hostname = "pinetab2";
extraModules = [
{
sops.secrets.pinetabWireguardKey = {
format = "binary";
sopsFile = ./secrets/pinetabWireguardKey.bin;
};
}
({ config, ... }: wireguardModule {
address = "192.168.5.13/24";
privateKeyFile = config.sops.secrets.pinetabWireguardKey.path;
})
] ++ sd-images.packages.${system}.PineTab2.modules;
};
backup1 =
let
k3sMain = { ip, name }: {
@ -1105,6 +1122,10 @@
name = "backup1";
ip = "192.168.20.190";
}
{
name = "pinetab2";
ip = "192.168.5.13";
}
];
in
builtins.foldl'

23
modules/wireguard/default.nix Normal file
View file

@ -0,0 +1,23 @@
{ address, privateKeyFile }:
{
networking.firewall = {
allowedUDPPorts = [ 51820 ];
};
networking.wg-quick.interfaces = {
wg0 = {
inherit privateKeyFile;
address = [ address ];
dns = [ "192.168.5.1" ];
peers = [
{
publicKey = "lQYGzNIxgUrDmU32rlnmnc72dK7TSH7hxts3tMtE+VQ=";
allowedIPs = [ "192.168.5.0/24" "192.168.6.0/24" "192.168.20.0/24" ];
endpoint = "wg.asonix.dog:51820";
persistentKeepalive = 25;
}
];
};
};
}

24
secrets/pinetabWireguardKey.bin Normal file
View file

@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:nnxo2r4z7oywpCMLCXqP2PpOhmdLGNnRnAg27puCdV8HZgcFcSdDc0oHebKS,iv:r+QXZHgMaeK1RCAboSzz9Cbmm6nKd6OyOALeBWoKqDg=,tag:ZpKhyX1Ugp415ZX7+mvhvw==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age17yhtwnhqjssghc5qqamt0fqdu27zpqms8d8ghrc0txeevywfp3ssklfy57",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkbGE3Q0hYdlo4WTM0TTJN\nSXVuNTBCV2c4SEdCcTVLTURZcXpIQUd3RHpBCnNUVG5Eam4vNnFiVks0MmMwNVVr\nQ0RtQ2FBTkRiWnRMak5WVkJFcWREaDgKLS0tIDJBMlBTZHRrU0tUb01VY3g3NEMw\nemxlUUtDcDJkcThFVDZONTkrL3ZPbTQK+DDVUgjxomdaJt21U1lsRno/BqDsx5YO\nfKQ7iStlaxtzjeTtUIDHNQiWi4v7WGV0c86OrPmSL89l0Q/OOGinIA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age145uwrexj6ffaaxy7jg3j29gtchhwy0y0nttw06zeuxkqsy8rnpds7fh7xq",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5SzNsNC9BdXk5Q0tGNTdt\nZUhXTzJMekwyUXZOZmR6cUVuTThmTTFuRjF3Cmt1UDRsd212SnJIcG1ieVRvSitN\nUVpJUURHMDZLRHQ0RHNQcGtWckxoSzQKLS0tICtCZTJyeWxNRjZQYTZyaHpwVmta\neXB3cnNrZzBUQWFMbFAvTUE5VlUvdncKiJst1DTCMAW85WNk5/w2ZL9fNsknyIoN\nzpzCTlvjyZohKddGTBud9z2PsOtYq4w6cSy67jMslhTV7BxMfims9g==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2023-06-07T17:35:25Z",
"mac": "ENC[AES256_GCM,data:G0IDHtGaNgfgsPEm3nXU/mJMkyKMzLViHACm4BM4diAdJKrXGtgDLcWAuVxL84lwr5JdDmp42XLBYwm1K1/Rgg1n23lhEUIL9HTJXqeozHL4JcDaIChukc/aB0zliYl5WC5nL74ptrC9RFR1foLKXH//sG4MGyWnS/pY5qUef24=,iv:Et1L+ZzpwVlXx5/IANHSklFbQZOCuPihqNuFT1YGdKs=,tag:z+3LbN027PFwBSkvYLxvug==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"
}
}