update keys

This commit is contained in:
albert 2024-03-26 09:00:46 +09:00
parent d3818a4909
commit eb240268e4
No known key found for this signature in database
GPG key ID: 64F6C4EB46C4543A
5 changed files with 72 additions and 28 deletions

View file

@ -39,6 +39,7 @@
type ? "default", type ? "default",
repo ? "nixpkgs", repo ? "nixpkgs",
unfree ? false, unfree ? false,
ip ? null,
pkgs ? import inputs.${repo} pkgs ? import inputs.${repo}
{ inherit system; config.allowUnfree = unfree; hostPlatform = system; }, { inherit system; config.allowUnfree = unfree; hostPlatform = system; },
pkgs-unstable ? import inputs.nixpkgs-unstable pkgs-unstable ? import inputs.nixpkgs-unstable
@ -49,16 +50,21 @@
( import ../nixos/containers/${hostname}/mounts.nix ) ( import ../nixos/containers/${hostname}/mounts.nix )
]; ];
autoStart = true; autoStart = true;
privateNetwork = false; privateNetwork = true;
localAddress = "192.168.2.${ip}/32";
hostAddress = "192.168.2.1";
restartIfChanged = true; restartIfChanged = true;
enableTun = true;
additionalCapabilities = [ "CAP_NET_ADMIN" "CAP_NET_RAW" ];
specialArgs = { inherit pkgs-unstable hostname username desktop theme system repo unfree stateVersion; }; specialArgs = { inherit pkgs-unstable hostname username desktop theme system repo unfree stateVersion; };
config = { lib, config, pkgs-unstable, hostname, username, desktop, theme, system, repo, stateVersion, ... }: { config = { lib, config, pkgs-unstable, hostname, username, desktop, theme, system, repo, stateVersion, ... }: {
# Choose whether to pull from stable or unstable # Choose whether to pull from stable or unstable
nixpkgs.pkgs = import inputs.${repo} { nixpkgs.pkgs = import inputs.${repo} {
inherit system; inherit system;
config.allowUnfree = unfree; config.allowUnfree = unfree;
hostPlatform = system; hostPlatform = system;
}; };
imports = [ imports = [
../nixos/containers ../nixos/containers
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops

View file

@ -1,4 +1,4 @@
{ hostname, username, ... }: { { stateVersion, hostname, username, ... }: {
imports = [ imports = [
./${hostname} ./${hostname}
../users/${username} ../users/${username}
@ -20,6 +20,10 @@
"tailscaled-autoconnect.service" "tailscaled-autoconnect.service"
]; ];
}; };
boot.isContainer = true;
services.tailscale.authKeyFile = "/run/secrets/tailscale_key"; services.tailscale.authKeyFile = "/run/secrets/tailscale_key";
networking.hostName = "${hostname}"; networking.hostName = "${hostname}";
networking.interfaces."eth0".useDHCP = true;
system.stateVersion = stateVersion;
} }

View file

@ -1,7 +1,8 @@
{ lib, desktop, ... }: { { ... }: {
imports = [ imports = [
../../common/software/packages.nix ../../common/software/packages.nix
] ++ lib.optional (builtins.isString desktop) ../../common/desktops/${desktop}; ../../common/desktops/xfce
];
networking.firewall.allowedTCPPorts = [ 3389 ]; networking.firewall.allowedTCPPorts = [ 3389 ];
services.xrdp.enable = true; services.xrdp.enable = true;

View file

@ -1,9 +1,22 @@
{ lib, self, inputs, outputs, stateVersion, hmStateVersion, pkgs, pkgs-unstable, ... }: { lib, self, inputs, outputs, stateVersion, hmStateVersion, ... }:
let let
libx = import ../../../lib { inherit lib self inputs outputs stateVersion hmStateVersion; }; libx = import ../../../lib { inherit lib self inputs outputs stateVersion hmStateVersion; };
in { in {
# Secrets
containers = { containers = {
rdesktop = libx.mkContainer { hostname = "rdesktop"; unfree = true; repo = "nixpkgs-unstable"; desktop = "xfce"; }; rdesktop = libx.mkContainer { hostname = "rdesktop"; };
}; };
networking = {
bridges.br0.interfaces = "enp0s13f0u4";
interfaces.bro.ipv4.addresses = [{ address = "192.168.2.1"; prefixLength = 24; }];
};
# networking.nat = {
# enable = true;
# internalInterfaces = [
# "ve-rdesktop"
# ];
# externalInterface = "enp0s13f0u4";
# };
} }

View file

@ -8,25 +8,45 @@ sops:
lastmodified: "2024-03-25T03:46:39Z" lastmodified: "2024-03-25T03:46:39Z"
mac: ENC[AES256_GCM,data:R7SWM8rB0j97ax0hCRlw/CNLwnv43DmeDBQe5UuoQfAiELn3849+mW4jGDVt/aQiJ7BF4j0LHuYXIMSQYbUJalx08SsA+deWCl2kANLHZCPbvASkmnVvDSYYRMgnBVc4Bl9/qX8wW2LhsASYUE+mXavIF5vFw2Bnz7Fyrv/KJ24=,iv:QhisO42F3fXKh3yoaVhuh4nRJG7kg/OHN8noUViMYPg=,tag:TQ6D0DlRPQJtpvOsvv6b6Q==,type:str] mac: ENC[AES256_GCM,data:R7SWM8rB0j97ax0hCRlw/CNLwnv43DmeDBQe5UuoQfAiELn3849+mW4jGDVt/aQiJ7BF4j0LHuYXIMSQYbUJalx08SsA+deWCl2kANLHZCPbvASkmnVvDSYYRMgnBVc4Bl9/qX8wW2LhsASYUE+mXavIF5vFw2Bnz7Fyrv/KJ24=,iv:QhisO42F3fXKh3yoaVhuh4nRJG7kg/OHN8noUViMYPg=,tag:TQ6D0DlRPQJtpvOsvv6b6Q==,type:str]
pgp: pgp:
- created_at: "2024-03-25T02:57:12Z" - created_at: "2024-03-26T00:00:33Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMAx+imH9kwOLOARAAl+SEO7uBSKVXN9iKrHYBBohaNB5M89cgj94W8DsPNWfs hQIMAx+imH9kwOLOARAAiwdTa55CLbwuweRV0oxe+YK8XtX0cBQW25syfyHOlvMg
A7lqpkJJfQGmE4GnmAuMp38UHMOu906LSleAcecCxPUDOaKwz8Lbfs8awxk+jJ5H gYDw4ADlu9sOQ4MZnoQXZiNOSBraNwInbadHeQDWBBUfoSukDK0TOXlVtKiSw2gL
OuqFkWo1ErqDZxZYQmeM0KG2+oc45gXVbIg3/B/rS26TLpOUxOrzwKIXu+4dw2ME N9JhmRfiKchxJL5LX3qmqjw0I0cPiCtIxFfDBqClMO90Im5qHFvjRz24XkukARCK
v90AXEW4uRrItdm7EOU/fyzuC4sm/gsEwRyW6NMHuWQxwpLi3d/KLEyxB00Akiwg AmVbn3GjESx8kiLCT6JlOwBhZPMO9N1YZaeEPbBCdkLde85CShIFW1g9BKq1kJLY
ct8UfyenG7XUyKRpdyo0sFvB2xxYKsjvX0In75o81AA6A5mLoyabItJSzTcIK/rr IyO+x1yPVswPGZKS9BiX3S2QqU7ALK2JP0YRGd+7UjT+oxZY33WMkY7ajbwfkiNv
IsBsp2YAd2bCEwMAU9QCexgSicvh2jpczvIryAYdMIp/vVOf6+X6/z4Iyju5mfSQ afGMRehZ2vXCvlDPMvGDXU2R1TGHe6C66kO4kBHawivOci8qwTXeeQx26YeyQJMK
JsNhs7tLQOQ4bjyLYZqtx7YaZjHjXWpSwBW24IfQRQ1BUjrmzZjPXuftAr2mT5fd sMKK2Oe+IXxGO+AuGgMwQpsHTJj+B7bLbWiU401ft7W50LsFspGKfeCUBsnFfmyw
KJlWfnN0yKaRgh8vtqE1RmqX15eid/0h3VJ6gGl+1juLOv4/CLtAcNkhZS2hN1wP 0w3lafS/oCpBuAAQ8OgDSQDhb3UrkKfvv5zEvCj8QfspBgWiSoCEcZruMRsJkb2d
SBJqZMzNIVrkj/WSnXFXIJbkvfxbX12elyvvLSChBNjpE77JddQcFLareNDLr3k1 DyNM6okmU6z+Iqh7J2awwtkbMnUDEpxc9lBDfUBwBWv3mlj17PEJZj9/c4N6Vi+/
W+t456Ql7AGlfz1lZE7s07Nuu1XofTR/VqcN/xsgCnXl+cDUUBHox7L0C4IRneF0 Y7JK7qcGoIpLbAc8VtmyfXOOKZlwn7xIBOjnQCzbqV0Iag+d0Z1fxzJMdMYAsdwL
vLC+neAjGecR3oAIZuyBfFcXPxaebXBblWCw4XafiU+ppziG8TSIBy9Q3pv6KjfS 1/euYMJhGt195YH5/Qd+mYTIhQ9UT20yQduJoqfwwo/+c3PRDVcXKOZD9Ce/bdfS
VgE7MciCKsl3JeKKTn7rugsMcBDY54l8AKgKElKU2cg6ExAey8hINCamUj5RoF82 VgHm+ON76WFr7GEOXQxPFV/rGQ2xrlQ+jCa1iGlvZz8XGYUjGEG+pyrIbypDvKOx
r9JE7H+RAWVU4wP+VqaF7JNMyPxbfHfjv2ybwR+Bm9IFqzD01Oxl FrZH8Rr9z2xVoSf06ziV/dm+g/Uut/I+byZyAynuIeS+5EDHYJQU
=xeiz =+uVi
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: D98BBC6C9A27324654C2D8C464F6C4EB46C4543A fp: D98BBC6C9A27324654C2D8C464F6C4EB46C4543A
- created_at: "2024-03-26T00:00:33Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA6d9aNxyfPUrARAAhov6FXAFSZCSYSDplJp5A1a7CpWDXv4+WbeZP2qVPjHc
fyc9jJCocbH9dL0dcrMubBil82o+ZfS5GLU4S9jir2TQ52e+wfX6VOcJ7a9TI1Vn
KllSLLKcjHCe02zDoqWv5OZei/vwTOA1H1cq9vDdAACJ1ySmsq2HaEGggSk1StZB
Tzj6Jm9Dqe4+S4Tot65hZwADUGA80+XL42Bq+hqYCS8na1I1Slmi/p3fkyAs/3S3
Okhb7C2uTLnSvLCThjy3sG8YtAgsJlA39zgvbTQGj2+IlK25wD1rKBvMTJlt852D
jX3CYgM5DYx0/El0jFItCU0RcIHoga4hS/s8x4Dnnz+6IkYK4wSk7a76ErW8nf/S
srRpILBhUNS36FCnN9m76v2HewAf0Z2ExV6lm/Tw8AgViyAtSTAFxxkADoApl10n
J/SorOTf/b1APPrAk3b+l9UnlDf8vgxRBjzXFbJlfEQfLWr0DoOc9zGsVdIt18zz
Erz5WJmgILjoaj6oMX9EobsInxXRc49rbcsIMH3ghi1yT/S4CsOuSx9N42+wkWPY
bSTs4RBwohc7b6EZf5WsTOqcktjl7zOrTOqz6Kl2nwYHWlYC5fYS0d4fMkjJoJCk
D4t2QvjQtuGSejeiXZjhUW41V/f/gsbTrg/xw/6JJ94DYlUGLti0Phr6xDZAT0vS
VgGxBz12bfS03iXtu0SM7LmNy/U3hYzJq8NXbk0uN0RYuxIiHoWwdWWBVlLjxttH
s2hZE7x/qThF2lqP+CqaAjeQZ827ZdPYO9gVZAQFMO/eGwrTRNP8
=V6sY
-----END PGP MESSAGE-----
fp: dfd3a496aba156fa521e82ada77d68dc727cf52b
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1