update keys
This commit is contained in:
parent
d3818a4909
commit
eb240268e4
5 changed files with 72 additions and 28 deletions
|
@ -39,6 +39,7 @@
|
||||||
type ? "default",
|
type ? "default",
|
||||||
repo ? "nixpkgs",
|
repo ? "nixpkgs",
|
||||||
unfree ? false,
|
unfree ? false,
|
||||||
|
ip ? null,
|
||||||
pkgs ? import inputs.${repo}
|
pkgs ? import inputs.${repo}
|
||||||
{ inherit system; config.allowUnfree = unfree; hostPlatform = system; },
|
{ inherit system; config.allowUnfree = unfree; hostPlatform = system; },
|
||||||
pkgs-unstable ? import inputs.nixpkgs-unstable
|
pkgs-unstable ? import inputs.nixpkgs-unstable
|
||||||
|
@ -49,16 +50,21 @@
|
||||||
( import ../nixos/containers/${hostname}/mounts.nix )
|
( import ../nixos/containers/${hostname}/mounts.nix )
|
||||||
];
|
];
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
privateNetwork = false;
|
privateNetwork = true;
|
||||||
|
localAddress = "192.168.2.${ip}/32";
|
||||||
|
hostAddress = "192.168.2.1";
|
||||||
restartIfChanged = true;
|
restartIfChanged = true;
|
||||||
|
enableTun = true;
|
||||||
|
additionalCapabilities = [ "CAP_NET_ADMIN" "CAP_NET_RAW" ];
|
||||||
specialArgs = { inherit pkgs-unstable hostname username desktop theme system repo unfree stateVersion; };
|
specialArgs = { inherit pkgs-unstable hostname username desktop theme system repo unfree stateVersion; };
|
||||||
config = { lib, config, pkgs-unstable, hostname, username, desktop, theme, system, repo, stateVersion, ... }: {
|
config = { lib, config, pkgs-unstable, hostname, username, desktop, theme, system, repo, stateVersion, ... }: {
|
||||||
# Choose whether to pull from stable or unstable
|
# Choose whether to pull from stable or unstable
|
||||||
nixpkgs.pkgs = import inputs.${repo} {
|
nixpkgs.pkgs = import inputs.${repo} {
|
||||||
inherit system;
|
inherit system;
|
||||||
config.allowUnfree = unfree;
|
config.allowUnfree = unfree;
|
||||||
hostPlatform = system;
|
hostPlatform = system;
|
||||||
};
|
};
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
../nixos/containers
|
../nixos/containers
|
||||||
inputs.sops-nix.nixosModules.sops
|
inputs.sops-nix.nixosModules.sops
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ hostname, username, ... }: {
|
{ stateVersion, hostname, username, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
./${hostname}
|
./${hostname}
|
||||||
../users/${username}
|
../users/${username}
|
||||||
|
@ -20,6 +20,10 @@
|
||||||
"tailscaled-autoconnect.service"
|
"tailscaled-autoconnect.service"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
boot.isContainer = true;
|
||||||
services.tailscale.authKeyFile = "/run/secrets/tailscale_key";
|
services.tailscale.authKeyFile = "/run/secrets/tailscale_key";
|
||||||
networking.hostName = "${hostname}";
|
networking.hostName = "${hostname}";
|
||||||
|
networking.interfaces."eth0".useDHCP = true;
|
||||||
|
system.stateVersion = stateVersion;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
{ lib, desktop, ... }: {
|
{ ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
../../common/software/packages.nix
|
../../common/software/packages.nix
|
||||||
] ++ lib.optional (builtins.isString desktop) ../../common/desktops/${desktop};
|
../../common/desktops/xfce
|
||||||
|
];
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 3389 ];
|
networking.firewall.allowedTCPPorts = [ 3389 ];
|
||||||
services.xrdp.enable = true;
|
services.xrdp.enable = true;
|
||||||
|
|
|
@ -1,9 +1,22 @@
|
||||||
{ lib, self, inputs, outputs, stateVersion, hmStateVersion, pkgs, pkgs-unstable, ... }:
|
{ lib, self, inputs, outputs, stateVersion, hmStateVersion, ... }:
|
||||||
let
|
let
|
||||||
libx = import ../../../lib { inherit lib self inputs outputs stateVersion hmStateVersion; };
|
libx = import ../../../lib { inherit lib self inputs outputs stateVersion hmStateVersion; };
|
||||||
in {
|
in {
|
||||||
# Secrets
|
|
||||||
containers = {
|
containers = {
|
||||||
rdesktop = libx.mkContainer { hostname = "rdesktop"; unfree = true; repo = "nixpkgs-unstable"; desktop = "xfce"; };
|
rdesktop = libx.mkContainer { hostname = "rdesktop"; };
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
bridges.br0.interfaces = "enp0s13f0u4";
|
||||||
|
interfaces.bro.ipv4.addresses = [{ address = "192.168.2.1"; prefixLength = 24; }];
|
||||||
|
};
|
||||||
|
|
||||||
|
# networking.nat = {
|
||||||
|
# enable = true;
|
||||||
|
# internalInterfaces = [
|
||||||
|
# "ve-rdesktop"
|
||||||
|
# ];
|
||||||
|
# externalInterface = "enp0s13f0u4";
|
||||||
|
# };
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,25 +8,45 @@ sops:
|
||||||
lastmodified: "2024-03-25T03:46:39Z"
|
lastmodified: "2024-03-25T03:46:39Z"
|
||||||
mac: ENC[AES256_GCM,data:R7SWM8rB0j97ax0hCRlw/CNLwnv43DmeDBQe5UuoQfAiELn3849+mW4jGDVt/aQiJ7BF4j0LHuYXIMSQYbUJalx08SsA+deWCl2kANLHZCPbvASkmnVvDSYYRMgnBVc4Bl9/qX8wW2LhsASYUE+mXavIF5vFw2Bnz7Fyrv/KJ24=,iv:QhisO42F3fXKh3yoaVhuh4nRJG7kg/OHN8noUViMYPg=,tag:TQ6D0DlRPQJtpvOsvv6b6Q==,type:str]
|
mac: ENC[AES256_GCM,data:R7SWM8rB0j97ax0hCRlw/CNLwnv43DmeDBQe5UuoQfAiELn3849+mW4jGDVt/aQiJ7BF4j0LHuYXIMSQYbUJalx08SsA+deWCl2kANLHZCPbvASkmnVvDSYYRMgnBVc4Bl9/qX8wW2LhsASYUE+mXavIF5vFw2Bnz7Fyrv/KJ24=,iv:QhisO42F3fXKh3yoaVhuh4nRJG7kg/OHN8noUViMYPg=,tag:TQ6D0DlRPQJtpvOsvv6b6Q==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2024-03-25T02:57:12Z"
|
- created_at: "2024-03-26T00:00:33Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
hQIMAx+imH9kwOLOARAAl+SEO7uBSKVXN9iKrHYBBohaNB5M89cgj94W8DsPNWfs
|
hQIMAx+imH9kwOLOARAAiwdTa55CLbwuweRV0oxe+YK8XtX0cBQW25syfyHOlvMg
|
||||||
A7lqpkJJfQGmE4GnmAuMp38UHMOu906LSleAcecCxPUDOaKwz8Lbfs8awxk+jJ5H
|
gYDw4ADlu9sOQ4MZnoQXZiNOSBraNwInbadHeQDWBBUfoSukDK0TOXlVtKiSw2gL
|
||||||
OuqFkWo1ErqDZxZYQmeM0KG2+oc45gXVbIg3/B/rS26TLpOUxOrzwKIXu+4dw2ME
|
N9JhmRfiKchxJL5LX3qmqjw0I0cPiCtIxFfDBqClMO90Im5qHFvjRz24XkukARCK
|
||||||
v90AXEW4uRrItdm7EOU/fyzuC4sm/gsEwRyW6NMHuWQxwpLi3d/KLEyxB00Akiwg
|
AmVbn3GjESx8kiLCT6JlOwBhZPMO9N1YZaeEPbBCdkLde85CShIFW1g9BKq1kJLY
|
||||||
ct8UfyenG7XUyKRpdyo0sFvB2xxYKsjvX0In75o81AA6A5mLoyabItJSzTcIK/rr
|
IyO+x1yPVswPGZKS9BiX3S2QqU7ALK2JP0YRGd+7UjT+oxZY33WMkY7ajbwfkiNv
|
||||||
IsBsp2YAd2bCEwMAU9QCexgSicvh2jpczvIryAYdMIp/vVOf6+X6/z4Iyju5mfSQ
|
afGMRehZ2vXCvlDPMvGDXU2R1TGHe6C66kO4kBHawivOci8qwTXeeQx26YeyQJMK
|
||||||
JsNhs7tLQOQ4bjyLYZqtx7YaZjHjXWpSwBW24IfQRQ1BUjrmzZjPXuftAr2mT5fd
|
sMKK2Oe+IXxGO+AuGgMwQpsHTJj+B7bLbWiU401ft7W50LsFspGKfeCUBsnFfmyw
|
||||||
KJlWfnN0yKaRgh8vtqE1RmqX15eid/0h3VJ6gGl+1juLOv4/CLtAcNkhZS2hN1wP
|
0w3lafS/oCpBuAAQ8OgDSQDhb3UrkKfvv5zEvCj8QfspBgWiSoCEcZruMRsJkb2d
|
||||||
SBJqZMzNIVrkj/WSnXFXIJbkvfxbX12elyvvLSChBNjpE77JddQcFLareNDLr3k1
|
DyNM6okmU6z+Iqh7J2awwtkbMnUDEpxc9lBDfUBwBWv3mlj17PEJZj9/c4N6Vi+/
|
||||||
W+t456Ql7AGlfz1lZE7s07Nuu1XofTR/VqcN/xsgCnXl+cDUUBHox7L0C4IRneF0
|
Y7JK7qcGoIpLbAc8VtmyfXOOKZlwn7xIBOjnQCzbqV0Iag+d0Z1fxzJMdMYAsdwL
|
||||||
vLC+neAjGecR3oAIZuyBfFcXPxaebXBblWCw4XafiU+ppziG8TSIBy9Q3pv6KjfS
|
1/euYMJhGt195YH5/Qd+mYTIhQ9UT20yQduJoqfwwo/+c3PRDVcXKOZD9Ce/bdfS
|
||||||
VgE7MciCKsl3JeKKTn7rugsMcBDY54l8AKgKElKU2cg6ExAey8hINCamUj5RoF82
|
VgHm+ON76WFr7GEOXQxPFV/rGQ2xrlQ+jCa1iGlvZz8XGYUjGEG+pyrIbypDvKOx
|
||||||
r9JE7H+RAWVU4wP+VqaF7JNMyPxbfHfjv2ybwR+Bm9IFqzD01Oxl
|
FrZH8Rr9z2xVoSf06ziV/dm+g/Uut/I+byZyAynuIeS+5EDHYJQU
|
||||||
=xeiz
|
=+uVi
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: D98BBC6C9A27324654C2D8C464F6C4EB46C4543A
|
fp: D98BBC6C9A27324654C2D8C464F6C4EB46C4543A
|
||||||
|
- created_at: "2024-03-26T00:00:33Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA6d9aNxyfPUrARAAhov6FXAFSZCSYSDplJp5A1a7CpWDXv4+WbeZP2qVPjHc
|
||||||
|
fyc9jJCocbH9dL0dcrMubBil82o+ZfS5GLU4S9jir2TQ52e+wfX6VOcJ7a9TI1Vn
|
||||||
|
KllSLLKcjHCe02zDoqWv5OZei/vwTOA1H1cq9vDdAACJ1ySmsq2HaEGggSk1StZB
|
||||||
|
Tzj6Jm9Dqe4+S4Tot65hZwADUGA80+XL42Bq+hqYCS8na1I1Slmi/p3fkyAs/3S3
|
||||||
|
Okhb7C2uTLnSvLCThjy3sG8YtAgsJlA39zgvbTQGj2+IlK25wD1rKBvMTJlt852D
|
||||||
|
jX3CYgM5DYx0/El0jFItCU0RcIHoga4hS/s8x4Dnnz+6IkYK4wSk7a76ErW8nf/S
|
||||||
|
srRpILBhUNS36FCnN9m76v2HewAf0Z2ExV6lm/Tw8AgViyAtSTAFxxkADoApl10n
|
||||||
|
J/SorOTf/b1APPrAk3b+l9UnlDf8vgxRBjzXFbJlfEQfLWr0DoOc9zGsVdIt18zz
|
||||||
|
Erz5WJmgILjoaj6oMX9EobsInxXRc49rbcsIMH3ghi1yT/S4CsOuSx9N42+wkWPY
|
||||||
|
bSTs4RBwohc7b6EZf5WsTOqcktjl7zOrTOqz6Kl2nwYHWlYC5fYS0d4fMkjJoJCk
|
||||||
|
D4t2QvjQtuGSejeiXZjhUW41V/f/gsbTrg/xw/6JJ94DYlUGLti0Phr6xDZAT0vS
|
||||||
|
VgGxBz12bfS03iXtu0SM7LmNy/U3hYzJq8NXbk0uN0RYuxIiHoWwdWWBVlLjxttH
|
||||||
|
s2hZE7x/qThF2lqP+CqaAjeQZ827ZdPYO9gVZAQFMO/eGwrTRNP8
|
||||||
|
=V6sY
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: dfd3a496aba156fa521e82ada77d68dc727cf52b
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
Loading…
Reference in a new issue