steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

feat(bm-hostkey0): set up mycelium

Browse source
This commit is contained in:
steveej 2024-05-25 11:35:26 +02:00
parent 698e269b13
commit 94c64eb05a
5 changed files with 66 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.sops.yaml
View file

@ -105,3 +105,9 @@ creation_rules:
age:
- *steveej-x13s
- *sj-bm-hostkey0
- path_regex: ^secrets/sj-bm-hostkey0/.+$
key_groups:
- pgp:
- *steveej
age:
- *sj-bm-hostkey0

2
nix/os/devices/sj-bm-hostkey0/configuration.nix
View file

@ -93,6 +93,8 @@ in {
users.defaultUserShell = pkgs.zsh;
environment.pathsToLink = ["/share/zsh"];
}
../../snippets/mycelium.nix
];
services.openssh.enable = true;

22
nix/os/devices/steveej-x13s/configuration.nix
View file

@ -59,8 +59,6 @@
};
imports = [
"${nodeFlake.inputs.nixpkgs-unstable}/nixos/modules/services/networking/mycelium.nix"
nodeFlake.inputs.nixos-x13s.nixosModules.default
repoFlake.inputs.sops-nix.nixosModules.sops
@ -69,6 +67,7 @@
../../snippets/nix-settings.nix
../../snippets/nix-settings-holo-chain.nix
../../snippets/mycelium.nix
../../profiles/common/user.nix
{
@ -220,25 +219,6 @@
"nixos-x13s.cachix.org-1:SzroHbidolBD3Sf6UusXp12YZ+a5ynWv0RtYF0btFos="
];
sops.secrets.mycelium-key = {
format = "binary";
sopsFile = repoFlake + "/secrets/steveej-x13s/mycelium_priv_key.bin.enc";
};
services.mycelium = {
enable = true;
package = nodeFlake.inputs.mycelium.packages.${system}.mycelium;
keyFile = config.sops.secrets.mycelium-key.path;
addHostedPublicNodes = true;
peers = [
];
# tunName = "mycelium-pub";
extraArgs = [
];
};
steveej.holo-zerotier = {
enable = true;
autostart = false;

31
nix/os/snippets/mycelium.nix Normal file
View file

@ -0,0 +1,31 @@
{
repoFlake,
nodeFlake,
nodeName,
config,
system,
...
}: {
imports = [
"${nodeFlake.inputs.nixpkgs-unstable}/nixos/modules/services/networking/mycelium.nix"
];
sops.secrets.mycelium-key = {
format = "binary";
sopsFile = repoFlake + "/secrets/${nodeName}/mycelium_priv_key.bin.enc";
};
services.mycelium = {
enable = true;
package = nodeFlake.inputs.mycelium.packages.${system}.mycelium;
keyFile = config.sops.secrets.mycelium-key.path;
addHostedPublicNodes = true;
peers = [
];
# tunName = "mycelium-pub";
extraArgs = [
];
};
}

26
secrets/sj-bm-hostkey0/mycelium_priv_key.bin.enc Normal file
View file

@ -0,0 +1,26 @@
{
"data": "ENC[AES256_GCM,data:2DcYHv5RCSoM3olKYZhn4BTwEROwC4+JZ/PQxF4SV7I=,iv:B27a2XnhgiHW3HAh/MnTUonmhkWvaZkmG2c2JPWV05A=,tag:TKZ/rFzQH0uvbOFoeas3Ag==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwenVpMFlQbC9PR1NDTWIy\nYi93VHlTZHg1NHJ0UXNIcFFGV08zRzlyTm00Cnp2RlpuMVBsc3dWOVZVODVBQ09H\nby9GWm1pSVlya0I3b0o2T2RhZGFrc0UKLS0tIGRQK1hPQjlkWjBFb3pSRXE5MnFY\nNFkvdTg3T0FZWVZWK2thRU55a0hWYUkKPHaAqvnyaP0sG47rJD40d4r6vjMjNEif\nq0X+BT3vR1Wd2vFKhWkcrS531jX3JUX5wEPFfbqWY3SEeunkbx43Ew==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-05-17T14:49:38Z",
"mac": "ENC[AES256_GCM,data:HqeOxzTlr6tyDWmSpvAthf/puD1wdv3a3Nv8qdt9GcR2UqmByreFPRktTwRL53NvCW+8QGSrUjah7fB2GWsuSVXowSSkY5h8W5s0O+YkFLXo9K67hhtEk+4QwYKQk5w4ZdlAEFrgDAzCFr27Mron53VLhVo0DA6GesgywTLf/B4=,iv:uV/dpuhxXl39MTzystHafirJH0mVnLsT+0h9jh4Epm8=,tag:s5uRzLtcfyNuWau9RteyvA==,type:str]",
"pgp": [
{
"created_at": "2024-05-17T14:49:38Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQEMA0SHG/zF3227AQf/XROsC15JsLhhO8or+6hYHYVig4cEiazJeo+lAm83WdYj\nQ/rAgQg4hSR6i84UOfPKCGS5Rv3TTkt1VsUgibwAvLdT65SB32pe5SCT68L0yHL1\nXabvMmmREbJW+zwhEz3G2ggzBrnoDE4l3npTYjrhsjEPmRJNBO3g7rigWtRL1iDR\nYl6IrBYB/NGEkfJ0lNWoY6K911Gb0TCVQXO/CMT0xbp9GTIhry9WUX1eWK/fiymP\nnJH3XSGmL2GAZnBIosFkrQlBDxHXC2Xi7kktFnzCgwrZBGYXn9ftC7toHPvn48cV\nuTzcFc2VHXxFLbDwSY/EOsfjSGjaaYXodCr2xHbkR9JcAZvLvs76by2wCzXKM8CR\nueuvS31Ah02r0JD1z8ZXWX3+etMvJEkEk3Nsngbo/r70/qtRTp/eLkTuYjzcUFMU\nXv40Izg+PiFxAOo2RK7RLRdD+YTXuddG/jxSXQY=\n=zrcf\n-----END PGP MESSAGE-----",
"fp": "6F7069FE6B96E894E60EC45C6EEFA706CB17E89B"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}