l orange.r: init
This commit is contained in:
lassulus
parent
f620d8002e
commit
bf4a3fe78e
38
kartei/lass/orange.nix
Normal file
38
kartei/lass/orange.nix
Normal file
@ -0,0 +1,38 @@
|
||||
{ r6, w6, ... }:
|
||||
{
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.15";
|
||||
ip6.addr = r6 "012a";
|
||||
aliases = [
|
||||
"orange.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAlnHedIf4f3/6Wfl5PSSz+7KvdIMkygp5m/U270sdPBh46MqYa8cn
|
||||
OfPq40LcbWIZqAVex7mP+fK7vq8LTIr+sCKvzY46o3ZLbQQ7cCtQi02GFnSAPhVT
|
||||
4XEmPn9dX/nRmI8xQqzh5jRMpgeOKE+xY6QfgkERD9mflkJi5dGYCOVW1UUK7pHR
|
||||
7giCrUiLuQbUeIz+G7KOeIRHxU8dwD8it1Jk6KxdM3MW6HwFsuqZu0qjbBPKhTEe
|
||||
fgzSTDtZEGmcQw5vA/RwjxoRvKYThbK/lLoVJItFAhUCWUJA8bJuIanwzPfOF0JO
|
||||
xWkxiY3ntvn5ykbvhF6LoHE+kEfcBJzBfRFRSXV5qU5wW1FC4AQylUDrest/qXQh
|
||||
DY8boUqK/hi/MlC2ciPH+DlBOi5wduWty8F0KqNzjg1IIEOk8H+z9hgBDbdJnYHH
|
||||
MBjYOZ3MFpoNb2VCJTE7dlIarVdH1OOO2KkzX/GGW7wGQK94iqLHjBcGl15GcGOz
|
||||
EOivq+783VOtzZGS4jd8D0OcCo725FzhuWi6KR5QTljwrd5C1gGFoAW7RCsUiveZ
|
||||
0by9aB+G2DWmSRWZsmPnnbYo6yPvp+WR2yfPu1pKwjyNsmAgTYm4bkwRIvODb6Xk
|
||||
ShgawP5V8RDp+hUmr27KgJvUJnQbVeJf9SO1pT7IfNOjLwHv26iOo7UCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
tinc.pubkey_ed25519 = "dVIOgHjuKLDJ+QB+sDjL9Pk3pXs8wKo+gemGvNG3z1H";
|
||||
};
|
||||
wiregrill = {
|
||||
ip6.addr = w6 "012a";
|
||||
aliases = [
|
||||
"orange.w"
|
||||
];
|
||||
wireguard.pubkey = ''
|
||||
NP8zM9+ocwsHhY9Rn6tFqIU1FR8JidqtDs7IKpl3yU8=
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnHnTPPwMW1Oy3DBuaT4fG5ryhWmVS9Y8Sw0ezUGuLn";
|
||||
}
|
||||
21
lass/1systems/orange/config.nix
Normal file
21
lass/1systems/orange/config.nix
Normal file
@ -0,0 +1,21 @@
|
||||
with import <stockholm/lib>;
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
<stockholm/lass/2configs>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.orange;
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "acme@lassul.us";
|
||||
};
|
||||
|
||||
lass.sync-containers3.inContainer = {
|
||||
enable = true;
|
||||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQWzKuXrwQopBc1mzb2VpljmwAs7Y8bRl9a8hBXLC+l";
|
||||
};
|
||||
}
|
||||
7
lass/1systems/orange/physical.nix
Normal file
7
lass/1systems/orange/physical.nix
Normal file
@ -0,0 +1,7 @@
|
||||
{
|
||||
imports = [
|
||||
./config.nix
|
||||
];
|
||||
boot.isContainer = true;
|
||||
networking.useDHCP = true;
|
||||
}
|
||||
15
lass/2configs/orange-host.nix
Normal file
15
lass/2configs/orange-host.nix
Normal file
@ -0,0 +1,15 @@
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
lass.sync-containers3.containers.orange = {
|
||||
sshKey = "${toString <secrets>}/orange.sync.key";
|
||||
};
|
||||
services.nginx.virtualHosts."lassul.us" = {
|
||||
# enableACME = config.security;
|
||||
# forceSSL = true;
|
||||
locations."/" = {
|
||||
recommendedProxySettings = true;
|
||||
proxyWebsockets = true;
|
||||
proxyPass = "http://orange.r";
|
||||
};
|
||||
};
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user