steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

feat: init srv0-dmz0

Browse source
This commit is contained in:
steveej 2023-07-06 22:42:24 +02:00
parent b481126ae2
commit 4cb8e6df29
16 changed files with 447 additions and 91 deletions
Download patch file Download diff file Expand all files Collapse all files

22
nix/os/devices/steveej-t14/system.nix
View file

@ -24,22 +24,6 @@ in {
};
networking.extraHosts = ''
# qemu box
172.24.40.13 steveej-qemu.infra.holochain.org
172.24.40.13 steveej-qemu.d.dweb.city
# bare metal
192.168.14.117 steveej-hw1.infra.holochain.org
192.168.14.117 steveej-hw1.d.dweb.city
192.168.14.117 steveej-hw2.infra.holochain.org
192.168.14.117 steveej-hw2.d.dweb.city
192.168.14.117 steveej-hw3.infra.holochain.org
192.168.14.117 steveej-hw3.d.dweb.city
192.168.14.117 steveej-hw4.infra.holochain.org
192.168.14.117 steveej-hw4.d.dweb.city
172.24.135.11 emerge3.d.dweb.city
172.24.74.194 emerge4.d.dweb.city
'';
networking.bridges."virbr1".interfaces = [];
@ -150,17 +134,17 @@ in {
};
sops.secrets.nomad-holochain-agent-ca = {
sopsFile = ../../../../secrets/steveej-t14/nomad-holochain-infra.yaml;
sopsFile = ../../../../secrets/holochain-infra/nomad.yaml;
owner = config.users.extraUsers.steveej.name;
};
sops.secrets.nomad-holochain-cli-cert = {
sopsFile = ../../../../secrets/steveej-t14/nomad-holochain-infra.yaml;
sopsFile = ../../../../secrets/holochain-infra/nomad.yaml;
owner = config.users.extraUsers.steveej.name;
};
sops.secrets.nomad-holochain-cli-key = {
sopsFile = ../../../../secrets/steveej-t14/nomad-holochain-infra.yaml;
sopsFile = ../../../../secrets/holochain-infra/nomad.yaml;
owner = config.users.extraUsers.steveej.name;
};
}

5
nix/os/devices/steveej-t14/user.nix
View file

@ -5,7 +5,7 @@
...
}: let
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix {inherit (pkgs) lib;}) mkUser;
inherit (pkgs.callPackage ../../lib/default.nix {}) mkUser;
in {
users.extraUsers.steveej2 = mkUser {
uid = 1001;
@ -14,4 +14,7 @@ in {
};
nix.settings.trusted-users = ["steveej"];
security.pam.u2f.enable = true;
security.pam.services.steveej.u2fAuth = true;
}