diff options
| author | seth <[email protected]> | 2023-09-06 17:50:53 -0400 |
|---|---|---|
| committer | seth <[email protected]> | 2023-09-07 13:52:26 -0400 |
| commit | e41f98de313f81a74a6ebb1131b3bd92817c4acb (patch) | |
| tree | 02272b37a7ce9650bdfc47f73be64a0a7b2f8800 | |
| parent | 5d0fdf984a2708ad746669814ac874d6f7ad44b4 (diff) | |
hosts: remove p-body
25 files changed, 91 insertions, 517 deletions
@@ -2,28 +2,10 @@ [](https://neovim.io/) [](https://nixos.org/) -[](https://hercules-ci.com/) +[](https://garnix.io) -greasy taco i love - -## cool stuff in here - -i like to have a few services, including: -- [grafana](https://grafana.com/) -- [hercules-ci](https://hercules-ci.com/) -- [miniflux](https://miniflux.app/) -- [victoria metrics](https://victoriametrics.com/) - -there are also some amazing tools i use to make/manage this flake that i would highly recommend checking out: - -- [home-manager](https://github.com/nix-community/home-manager) -- [deploy-rs](https://github.com/serokell/deploy-rs) -- [lanzaboote](https://github.com/nix-community/lanzaboote) -- [nixos-wsl](https://github.com/nix-community/nixos-wsl) -- [nix-openwrt-imagebuilder](https://github.com/astro/nix-openwrt-imagebuilder) -- [flake-parts](https://github.com/hercules-ci/flake-parts) -- [ragenix](https://github.com/yaxitech/ragenix) +greasy taco i love ## my machines @@ -49,9 +31,19 @@ my netgear wac104 router, using [nix-openwrt-imagebuilder](https://github.com/as my ampere arm server from oracle, services my miniflux instance. -### p-body +## special thanks + +there are some amazing tools i use to make/manage this flake that i would highly recommend checking out: + +- [garnix](https://garnix.io) +- [home-manager](https://github.com/nix-community/home-manager) +- [deploy-rs](https://github.com/serokell/deploy-rs) +- [lanzaboote](https://github.com/nix-community/lanzaboote) +- [nixos-wsl](https://github.com/nix-community/nixos-wsl) +- [nix-openwrt-imagebuilder](https://github.com/astro/nix-openwrt-imagebuilder) +- [flake-parts](https://github.com/hercules-ci/flake-parts) +- [ragenix](https://github.com/yaxitech/ragenix) -my amd64 server from hetzner, general service runner. ## fun screenshots @@ -90,7 +90,7 @@ }, "crane_2": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_3", "flake-utils": [ "ragenix", "flake-utils" @@ -166,13 +166,13 @@ }, "effects": { "inputs": { - "flake-parts": [ - "parts" - ], + "flake-parts": "flake-parts", "hercules-ci-agent": [ + "getchoo", "hercules-ci-agent" ], "nixpkgs": [ + "getchoo", "nixpkgs" ] }, @@ -222,6 +222,39 @@ "type": "github" } }, + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1688466019, + "narHash": "sha256-VeM2akYrBYMsb4W/MmBo1zmaMfgbL4cH3Pu8PGyIwJ0=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "8e8d955c22df93dbe24f19ea04f47a74adbdc5ec", + "type": "github" + }, + "original": { + "id": "flake-parts", + "type": "indirect" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -242,15 +275,9 @@ }, "getchoo": { "inputs": { - "effects": [ - "effects" - ], - "flake-compat": [ - "flake-compat" - ], - "hercules-ci-agent": [ - "hercules-ci-agent" - ], + "effects": "effects", + "flake-compat": "flake-compat_2", + "hercules-ci-agent": "hercules-ci-agent", "nixpkgs": [ "nixpkgs" ], @@ -335,10 +362,12 @@ "hercules-ci-agent": { "inputs": { "flake-parts": [ + "getchoo", "parts" ], "haskell-flake": "haskell-flake", "nixpkgs": [ + "getchoo", "nixpkgs" ] }, @@ -471,6 +500,24 @@ "type": "indirect" } }, + "nixpkgs-lib": { + "locked": { + "dir": "lib", + "lastModified": 1688049487, + "narHash": "sha256-100g4iaKC9MalDjUW9iN6Jl/OocTDtXdeAj7pEGIRh4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4bc72cae107788bf3f24f30db2e2f685c9298dc9", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1693953029, @@ -605,12 +652,10 @@ "arkenfox": "arkenfox", "darwin": "darwin", "deploy": "deploy", - "effects": "effects", "flake-compat": "flake-compat", "flake-utils": "flake-utils", "getchoo": "getchoo", "guzzle_api": "guzzle_api", - "hercules-ci-agent": "hercules-ci-agent", "hm": "hm", "lanzaboote": "lanzaboote", "nix-index-database": "nix-index-database", @@ -2,14 +2,8 @@ description = "getchoo's flake for system configurations"; nixConfig = { - extra-substituters = [ - "https://getchoo.cachix.org" - "https://nix-community.cachix.org" - ]; - extra-trusted-public-keys = [ - "getchoo.cachix.org-1:ftdbAUJVNaFonM0obRGgR5+nUmdLMM+AOvDOSx0z5tE=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; + extra-substituters = ["https://cache.garnix.io"]; + extra-trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="]; }; inputs = { @@ -60,10 +54,7 @@ getchoo = { url = "github:getchoo/nix-exprs"; inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-compat.follows = "flake-compat"; - inputs.effects.follows = "effects"; inputs.parts.follows = "parts"; - inputs.hercules-ci-agent.follows = "hercules-ci-agent"; }; guzzle_api = { @@ -72,20 +63,6 @@ inputs.pre-commit-hooks.follows = "pre-commit"; }; - # ditto - hercules-ci-agent = { - url = "github:hercules-ci/hercules-ci-agent"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-parts.follows = "parts"; - }; - - effects = { - url = "github:hercules-ci/hercules-ci-effects"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.hercules-ci-agent.follows = "hercules-ci-agent"; - inputs.flake-parts.follows = "parts"; - }; - hm = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/hosts/atlas/default.nix b/hosts/atlas/default.nix index d42ae99..3f01ed7 100644 --- a/hosts/atlas/default.nix +++ b/hosts/atlas/default.nix @@ -1,6 +1,7 @@ { config, pkgs, + guzzle_api, ... }: { imports = [ @@ -18,22 +19,21 @@ networking = { domain = "mydadleft.me"; hostName = "atlas"; - firewall.allowedTCPPorts = [config.services.prometheus.exporters.node.port]; }; - nix.settings.allowed-users = ["bob"]; - - users.users = { - atlas = { - isNormalUser = true; - shell = pkgs.bash; - passwordFile = config.age.secrets.userPassword.path; + services = { + guzzle-api = { + enable = true; + url = "https://api." + config.networking.domain; + port = "8080"; + package = guzzle_api.packages.x86_64-linux.guzzle-api-server; }; + }; - bob = { - isNormalUser = true; - shell = pkgs.bash; - }; + users.users.atlas = { + isNormalUser = true; + shell = pkgs.bash; + passwordFile = config.age.secrets.userPassword.path; }; zramSwap.enable = true; diff --git a/hosts/default.nix b/hosts/default.nix index 7ec2742..42a4f35 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -29,13 +29,8 @@ }; atlas = { - system = "aarch64-linux"; - profile = profiles.server; - }; - - p-body = { modules = [inputs.guzzle_api.nixosModules.guzzle_api]; - system = "x86_64-linux"; + system = "aarch64-linux"; profile = profiles.server; }; }; diff --git a/hosts/p-body/buildMachines.nix b/hosts/p-body/buildMachines.nix deleted file mode 100644 index 07f1cd1..0000000 --- a/hosts/p-body/buildMachines.nix +++ /dev/null @@ -1,15 +0,0 @@ -_: { - nix = { - buildMachines = [ - { - hostName = "atlas"; - maxJobs = 4; - sshUser = "bob"; - supportedFeatures = ["benchmark" "big-parallel" "gccarch-armv8-a" "kvm" "nixos-test"]; - systems = ["aarch64-linux"]; - } - ]; - - settings.builders-use-substitutes = true; - }; -} diff --git a/hosts/p-body/default.nix b/hosts/p-body/default.nix deleted file mode 100644 index 299a237..0000000 --- a/hosts/p-body/default.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ - config, - guzzle_api, - pkgs, - ... -}: { - imports = [ - ./buildMachines.nix - ./grafana.nix - ./hardware-configuration.nix - ./loki.nix - ./nginx.nix - ./victoriametrics.nix - ]; - - boot = { - loader.grub = { - enable = true; - device = "/dev/sda"; - }; - - supportedFilesystems = ["btrfs"]; - }; - - networking = { - domain = "mydadleft.me"; - hostName = "p-body"; - }; - - services = { - guzzle-api = { - enable = true; - url = "https://api." + config.networking.domain; - port = "8080"; - package = guzzle_api.packages.x86_64-linux.guzzle-api-server; - }; - }; - - systemd.network = { - enable = true; - networks."10-wan" = { - matchConfig.Name = "enp1s0"; - networkConfig.DHCP = "ipv4"; - address = [ - "2a01:4ff:f0:eb52::1/64" - ]; - routes = [ - {routeConfig.Gateway = "fe80::1";} - ]; - }; - }; - - swapDevices = [ - { - device = "/swapfile"; - size = 8192; - } - ]; - - users.users.p-body = { - isNormalUser = true; - shell = pkgs.bash; - passwordFile = config.age.secrets.userPassword.path; - }; - - zramSwap.enable = true; -} diff --git a/hosts/p-body/grafana.nix b/hosts/p-body/grafana.nix deleted file mode 100644 index dcc97d1..0000000 --- a/hosts/p-body/grafana.nix +++ /dev/null @@ -1,25 +0,0 @@ -{config, ...}: let - inherit (config.networking) domain; -in { - services.grafana = { - enable = true; - settings = { - "auth.anonymous" = { - enabled = true; - hide_version = true; - org_name = "getchoosystems"; - org_role = "Viewer"; - }; - - server = { - http_addr = "127.0.0.1"; - http_port = 4000; - domain = "grafana.${domain}"; - }; - - feature_toggles = { - publicDashboards = true; - }; - }; - }; -} diff --git a/hosts/p-body/hardware-configuration.nix b/hosts/p-body/hardware-configuration.nix deleted file mode 100644 index 850ec8f..0000000 --- a/hosts/p-body/hardware-configuration.nix +++ /dev/null @@ -1,52 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - lib, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = []; - boot.extraModulePackages = []; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/ab44c979-e1b4-4af2-bdc6-2b2f2ee608bf"; - fsType = "btrfs"; - options = ["subvol=root" "noatime" "compress=zstd"]; - }; - - fileSystems."/home" = { - device = "/dev/disk/by-uuid/ab44c979-e1b4-4af2-bdc6-2b2f2ee608bf"; - fsType = "btrfs"; - options = ["subvol=home" "noatime" "compress=zstd"]; - }; - - fileSystems."/var/log" = { - device = "/dev/disk/by-uuid/ab44c979-e1b4-4af2-bdc6-2b2f2ee608bf"; - fsType = "btrfs"; - options = ["subvol=var_log" "noatime" "compress=zstd"]; - }; - - fileSystems."/nix" = { - device = "/dev/disk/by-uuid/ab44c979-e1b4-4af2-bdc6-2b2f2ee608bf"; - fsType = "btrfs"; - options = ["subvol=nix" "noatime" "compress=zstd"]; - }; - - swapDevices = []; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/hosts/p-body/loki.nix b/hosts/p-body/loki.nix deleted file mode 100644 index 84bb887..0000000 --- a/hosts/p-body/loki.nix +++ /dev/null @@ -1,80 +0,0 @@ -{config, ...}: { - networking.firewall.allowedTCPPorts = [config.services.loki.configuration.server.http_listen_port]; - - services.loki = { - enable = true; - configuration = { - server.http_listen_port = 3030; - auth_enabled = false; - - ingester = { - lifecycler = { - address = "127.0.0.1"; - ring = { - kvstore = { - store = "inmemory"; - }; - replication_factor = 1; - }; - }; - chunk_idle_period = "1h"; - max_chunk_age = "1h"; - chunk_target_size = 999999; - chunk_retain_period = "30s"; - max_transfer_retries = 0; - }; - - schema_config = { - configs = [ - { - from = "2022-06-06"; - store = "boltdb-shipper"; - object_store = "filesystem"; - schema = "v11"; - index = { - prefix = "index_"; - period = "24h"; - }; - } - ]; - }; - - storage_config = { - boltdb_shipper = { - active_index_directory = "/var/lib/loki/boltdb-shipper-active"; - cache_location = "/var/lib/loki/boltdb-shipper-cache"; - cache_ttl = "24h"; - shared_store = "filesystem"; - }; - - filesystem = { - directory = "/var/lib/loki/chunks"; - }; - }; - - limits_config = { - reject_old_samples = true; - reject_old_samples_max_age = "168h"; - }; - - chunk_store_config = { - max_look_back_period = "0s"; - }; - - table_manager = { - retention_deletes_enabled = false; - retention_period = "0s"; - }; - - compactor = { - working_directory = "/var/lib/loki"; - shared_store = "filesystem"; - compactor_ring = { - kvstore = { - store = "inmemory"; - }; - }; - }; - }; - }; -} diff --git a/hosts/p-body/nginx.nix b/hosts/p-body/nginx.nix deleted file mode 100644 index d52473c..0000000 --- a/hosts/p-body/nginx.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - config, - self, - ... -}: let - inherit (config.networking) domain; - inherit (self.lib.utils.nginx) mkProxy mkVHosts; -in { - server = { - acme.enable = true; - services.cloudflared.enable = true; - }; - - services.nginx = { - enable = true; - - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - virtualHosts = mkVHosts { - "api.${domain}" = { - locations = mkProxy "/" "8080"; - }; - - "grafana.${domain}" = { - locations = mkProxy "/" "4000"; - }; - }; - }; -} diff --git a/hosts/p-body/p-body2atlas.pub b/hosts/p-body/p-body2atlas.pub deleted file mode 100644 index 100f9ab..0000000 --- a/hosts/p-body/p-body2atlas.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtbxHjDADxqsG+AgCoiDq0uCsgcnJCIH+9rB6K5pIi9 p-body@p-body diff --git a/hosts/p-body/victoriametrics.nix b/hosts/p-body/victoriametrics.nix deleted file mode 100644 index dec893e..0000000 --- a/hosts/p-body/victoriametrics.nix +++ /dev/null @@ -1,26 +0,0 @@ -{config, ...}: let - mkScrapes = let - mkConfig = client: { - job_name = "${client}"; - static_configs = [ - { - targets = [ - "${client}:${toString config.services.prometheus.exporters.node.port}" - ]; - } - ]; - }; - in - builtins.map mkConfig; -in { - services = { - victoriametrics.enable = true; - - vmagent = { - enable = true; - prometheusConfig = { - scrape_configs = mkScrapes ["p-body" "atlas"]; - }; - }; - }; -} diff --git a/parts/deploy.nix b/parts/deploy.nix index 3bc4795..4c84379 100644 --- a/parts/deploy.nix +++ b/parts/deploy.nix @@ -7,7 +7,7 @@ inherit (lib) filterAttrs; inherit (self) darwinConfigurations nixosConfigurations; - targets = ["atlas" "p-body"]; + targets = ["atlas"]; targets' = filterAttrs (n: _: elem n targets) (nixosConfigurations // darwinConfigurations); in { diff --git a/secrets/shared/cloudflareApiKey.age b/secrets/hosts/atlas/cloudflareApiKey.age index e26a8a1..e26a8a1 100644 --- a/secrets/shared/cloudflareApiKey.age +++ b/secrets/hosts/atlas/cloudflareApiKey.age diff --git a/secrets/hosts/p-body/binaryCache.age b/secrets/hosts/p-body/binaryCache.age deleted file mode 100644 index 4571456..0000000 --- a/secrets/hosts/p-body/binaryCache.age +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGo3TElVQSB5aHho -aGJkR2dpczBYandOUXU1RFdFWGZLd2E5aUt4em81V1pZRERRaW1JClNHRnYrSUtp -NUU4YUZiNHNNcmQzT1huY2NiTmlYUTB5L3k3MnlGazhtL1kKLT4gc3NoLWVkMjU1 -MTkgSTkyQTNRIDBpRFNEYzNMRWlFcUdNNzRORlFHTlAraHN2SGhQUDBURmVHUkw4 -U2lvWEUKZ0dvY2VDTWRVb012V0ZLUTg5Wnk3VGVRandSVUY1ZHpocGFLak5wVkVz -bwotPiBFNWI7ekQtZ3JlYXNlCnR0ZlBSRUNjemU5YW9QMWhsVkd6T3JKWVBySjVk -bmlkRXRxdUZDUDZkVC81ZVl4aE8rRXAvdzhxUGxGZExWa3YKMG0xeW91T0dOMENU -V2JhdkkySEdNV2Z4WGV3Ci0tLSBNQTdCK0dXcWRwVXhoVFZTNUZjV3hocE9DQkcz -TWlLdUN0Y2JTd2p6UVQwClWPaAENl5joYyoe4btLCMPVGkvZ0sJwnghpH6PNtsGU -nQTNaiwIULrRmTTF1nXYErE9D8ydL8XRRhZy4JW2WSddXvQEZzIqeyolMWaDNtOi -0piiA6aQWbpjESPDEj2LuDZ5n2pwdjQjAzKuRjfolkZcjCSxdL0sjGM5cklRgBpB -+a1X2SAhki3ISDSNXi3nfvoMOH+djC/+qoKnpC9i+Pnvx7bCD/MY3jpV1Aj8/i6Y -r6HByrUjpMsicGxSyfTy3K/aykgMhFYsdCJ/LaRbmblsO68N4/xw3O4TCG6KP/kz -cli2gS5veEre78enYe6IsSCACgC0ry8Oe9K0C+jm8NNmGlzC2h2MPHhn5E6fgIK3 -N3vBDquy5cKZw5flE4JG/BL8gV8Ihfiu47RZZXQ+VEpCec1XoxJqFp4jR4WXc6p9 -zqw5/ljfJGf6po3wrs2cbOspuj9GocAbTu/vsw== ------END AGE ENCRYPTED FILE----- diff --git a/secrets/hosts/p-body/cloudflaredCreds.age b/secrets/hosts/p-body/cloudflaredCreds.age deleted file mode 100644 index 05da183..0000000 --- a/secrets/hosts/p-body/cloudflaredCreds.age +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGo3TElVQSBvbDdO -VXBPTUlpNmRzNXVhdnNFVDBJM3hkcm5XWDNzNENXcGlvOWxUVGl3Cjk0SFMweXZa -OG42R1F1RnFaemc0Zm1LME1ub3loNmNBV1huZndJeVl6c2MKLT4gc3NoLWVkMjU1 -MTkgSTkyQTNRIGsxWmRMTFN3aWtFdVFZQVBaQnlXbTNiUjUzSjJybTMwQXV0b0Nm -YjFWQlUKdU14MVY3WVc0Y05FSGtrVVkvZnlOVlRBUE1IZ0svRUZqTzZXbC9hb1pv -SQotPiA8RnctZ3JlYXNlIEYpcm0gJSBPaSBYMyFzcn4nCnVEWWhZV2loRVhaSnlW -TGNFYVhxc2xCRmk3R1F2QmNwb0tHY0RoQzQ4QXBncTlDZzNnUU9UbGNwQ0RwOS9E -QXEKZDJMUGx3Ci0tLSBzR0lJT1VENGVkVUs4T29TVGkyVzBrTU5TSmRlUmNoRmZE -cVo4aG50bzlBCmcGbpgJLwdn7BzpeAO1uehIao+Irzv1qKpg3pFRepcwlbV3DvTE -LHN5UdldEnm86sgY4uEMBodipyW7hkwWH9ldsIpaQv27v+zD+n1tN5bA4Cab0L9Z -L9O68tKs9jQyZAdjf3u53aS8Mht06G0vZ7FsacY+qzoE7Y3B27IS1P3BHPoqrt9c -ZVfcakmi1PcplCFp2hjwjhK2SY/JDuMBl15/fNE33W09wRQ7ZcwTR9WKya3wK0sH -oj9BJqVhZUh3vavC ------END AGE ENCRYPTED FILE----- diff --git a/secrets/hosts/p-body/clusterToken.age b/secrets/hosts/p-body/clusterToken.age deleted file mode 100644 index f4351a1..0000000 --- a/secrets/hosts/p-body/clusterToken.age +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGo3TElVQSA0dXFZ -N3luU3BPbnJsN3JPSWdQMjNrSFNkSkJhMWNGbndMdnlsbDArQjIwCllTVE53ck9u -cG9OZW1FK3hid3YyS3BMMnE5Q2pwbUlMREFPdWNSVmNuWmcKLT4gc3NoLWVkMjU1 -MTkgSTkyQTNRIFFiRUhCLzlEUGd0L1JwaGk4aGVQQnVKcG8vT214SFNncGN2OWFE -NmJXU1UKL2ljODN0MHFIcHgybmZsRk1iY1ovTStPRkJrL1F1WFJRa292MGZLSi84 -dwotPiBZXistZ3JlYXNlIDJoOTkrZS9xCkI0awotLS0gS1JublQ3eXB3UmJOTkZG -MlNzdm5CUWpOZnR1WHZRTEM1YmI2NVB2cTl5TQpszlMvOoIaGTMUzWEHeEMd2kpP -CcK0Ql0w8QKUOuFhExDblPsg07V3H31y0RSPPW+qW6VYo7M0peVMXeVfv27j4Wnj -1bnnyUJ3JKPIy8hGo49DwbG3HL+gfgdBgNEYXV1H/J7LFKonoyAYIw+TN1g4kU6U -2ho7P0COoOHBSBHBRqWGBWhNOa/wpAxRbx1eeW7PILIvansbIVat6nWSl0Igm1N/ -7iPeSbnmsXCnwrvH9jYd0NJmgXCUN+mJAWril+BAk2Ol3oG/SRR9z2KZtVJ4KA6P -wbgb2CAB1V2FX+xkLh3LAnyZzq4JxulAQd922wutRgN0n4ZqQqPibfPIWxRnSrYO -8nmbu+yvKBKE ------END AGE ENCRYPTED FILE----- diff --git a/secrets/hosts/p-body/p-body2atlas.age b/secrets/hosts/p-body/p-body2atlas.age deleted file mode 100644 index ab69df3..0000000 --- a/secrets/hosts/p-body/p-body2atlas.age +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGo3TElVQSB6WGo4 -Uy9XL2Y5cVlRL0hmRXA2SDNlQkNhNVlhYU1uU0ZLMVp6WERsT0ZrCk0yZzFESS9k -UmtYVTgrMG15S011UHRtZ3lmcGRwS2VHTjJnQmxhWXV5SVUKLT4gc3NoLWVkMjU1 -MTkgSTkyQTNRIGtPUXEwemRSLzBzT0Z4RWxLdFlPVGlCNjdHc1NZUWNVWkN6UDlR -T2lwU3MKSjlESU1EK1NLKzB3NStXdUZnM2NRalp5Z2tXZGxUZSs3M3lhTVF3WnZh -RQotPiAvc1IjLWdyZWFzZSBASSo6aWhYfgpiNU9YMGRqZlR6S2N4a2VFd1lzCi0t -LSBPZEtaWEpvRXBZckNBNUg1NzJYRER6K3BLTmJ6NSt1V3pVTGkrV0pMcEQ4CkYd -M7ogUVUupBwfjYONSHdPmfGAh767gSBvi9Mt6R/Tk6TZgTRUaogNa+QDwsYQpXio -SFpMRiAJ6UDPJ9uz/3rAAhi0p1YuIDmqSev9CEZvOMuEpHTzdYmAEsN98G5SX/91 -Pre2rEv6ey4WOzFR8K+HdZuWL57i+JuQ77us2tkfbln3H8ss2FWOAEP5kBgXYJeE -gDqdFaySFtAA3+O2C6dQwTYfl+gLwCfTryKxN6VUxbbq1DjOxZrEVuKBEP3aNJKd -TGVnw5g2FUnpgSt4f7Yn2pd8jQfT8vvUbCOWOw3b73yxTRDy3vScBR4TSmavNt/l -LEBr4QfS5khH2fFwMMq9DF+lX10FbBS0Wm7MajcwHjZn4ELszO3oJ28yyS5MR4ii -YRgRQTlNl95hdpSml8zpRfiVp7njCztyddM0RZwEOfiH4j2AfK2wFy7ffMXc2NeY -wsa83/kSgIruFZZTeJT5Etde5keAeMln6RiVLbY69hYOhOtmuxd82XRmIULOneFR -/XlFnVmii0rxtnbZHGvPlS+gILWTLtyo52vf8aRpKHCN+EFPvEObm234nhuQ ------END AGE ENCRYPTED FILE----- diff --git a/secrets/hosts/p-body/rootPassword.age b/secrets/hosts/p-body/rootPassword.age deleted file mode 100644 index 61a242e..0000000 --- a/secrets/hosts/p-body/rootPassword.age +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGo3TElVQSB5N2lZ -OTA2c2VoRGVzLzRtUmtsMHBGVlhtWWpvc3U1eTNvY2o4NGh5aVNnCjcvRnlvd1JB -eTVKSW1lQkROM01acWUxTS9RekY1NFk4SVpVaDZ0YmVEY0kKLT4gc3NoLWVkMjU1 -MTkgSTkyQTNRIHdVQnhMeCtwZCtySmNWQnV5NU1jNUphZ1E5VncwcW9MRUtkeXFr -NHd2akEKS1o5bC9SckJ3SnNZc0pnNTUrZ3lLWS9kK3VUbDVJbFZld3dsRFBJa1NK -QQotPiBVXFY3cS1ncmVhc2UgZ08gai0tbkwuIFslQiA0CnpYc3V0N2o2cXdValQx -RHlkSzdzQ2xvaTdjQjR6a3YrZXVCMksydEtvaXp0aU9KUGlqUTkKLS0tIEsrN01s -am82L20vZGdEanhlbk4yVXY0SkQyK0ZvdDVLTE54QWxPZVpiZncKtzZho1SWpGnb -ljDK7lp2tFr7eWruCeHsrgkBkc6cyraIb0LEFg3nQtYk1aE+M69twyp/oh5igykx -m9z/I0tKx0qV67kBp7Fzi+9aX9OwgmYgEjVvO+8Sh77T7Kt4iL+S8R3LxZRPTf4s -9WJqV9DCfoKLQ+YyeEQlZNAeAzr0QD6T+1Du9wzMoLPClg== ------END AGE ENCRYPTED FILE----- diff --git a/secrets/hosts/p-body/secretsJson.age b/secrets/hosts/p-body/secretsJson.age deleted file mode 100644 index 69fa08f..0000000 --- a/secrets/hosts/p-body/secretsJson.age +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGo3TElVQSBxZXhm -NDR1dXcwZTFLU05PNFE0Ym1hRisvOWJJTkxsRFpOT3AwYWFESEhrCk41VGduSGpm -bDFNOGRjRTlKMlBIKzJ5L2VBd2FwWDhQK0JyOHhURFExVWMKLT4gc3NoLWVkMjU1 -MTkgSTkyQTNRIFpXN2JmU0YwMmtWQjJRaXM1MXpZcHA5U1RHcWo3UGJ1YndtYTI2 -OHo2RHcKWVdzSU5pVTVXTFVmUE93cDJYL2hSdXYxRDA1NGFKK1RURkI2ekRSeWZC -YwotPiBvSlooLWdyZWFzZSAic31uIHNEZng3ISdBICErMmIhL1olIEY+c34KbWtS -MkJ3SlBkNkU1Y3R6RmJDL3VDOWpTS2pyRnZsbExpc3UvMUZqbVBaWWN0UjExOWlL -cW02LzUraTlicUdJUgorVVY3bkkzMkJlaVZKM2dTYjdkbVhtaFhnWGY5L1NsUFUw -NGM4dwotLS0gVEZwQWFKK3gzVHRyeFlPT3ZiLzUxRk1Kd05qNU0rY3dOQ1RyOEZE -TzRaUQqPZbnS2F+xPSQ6zeIwl7T2uF+EoLsTvHALCxJjfM/T8FovpZolIbud31se -stoaR1mb7zgBsj508uN62n4ZQ0WaMJjVYOZiiUPflFfbqmRQTNKpQMCb0+pNjxiP -AgycAb0ux6vAYhSD7Lw04rt+eTrLLbb9R+kWlXR5n6OP2M/qX1RtopSATEm3Slun -NQ8IDEvUrYERDUD2LqNB7ZMyqPPDZw+IB2l+a31OwrGrCNWogI9F246GOUPU+ymr -RhX0UyG7vK0z4ojqhAGTviB++5HQE0xF7FtAsafg4vM0dPi38UlZXTs9yZ36c1GC -6xUr4a1zaItcMr5KGx41fwS70gP/Em5FOIRmBxXh+tb7qCUraaE3jKgrTw7GokyN -FVwEFNHBovu8RuOGwPxa7bPOimBMqOx15NegRIiaL7Lvf9nn/uQKKDUCg06SLObW -3ZnW81hsB0Qwg2KvPgF/al3JYUIvpFH3iQ== ------END AGE ENCRYPTED FILE----- diff --git a/secrets/hosts/p-body/tailscaleAuthKey.age b/secrets/hosts/p-body/tailscaleAuthKey.age deleted file mode 100644 index d038d2e..0000000 --- a/secrets/hosts/p-body/tailscaleAuthKey.age +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGo3TElVQSBXciti -Z0JjWFNXakFUeVd1bitlMVNZR1NWLy8wL3pMbEFEbXhpSFFwTFZFCmMxWWcxbGc3 -OS9lTWJkSkZKUFhrTm5aQVhFbmJraU5uR2t1MHhjRXpXOWcKLT4gc3NoLWVkMjU1 -MTkgSTkyQTNRIDVTS1RtWlFCUStkSjJSenArRVhCWkgybHhlNG5VdDhOYlphSlNH -cFF5MWMKYXEzMjBaNHBPeEpweEttZlF6THlaSTRDVzdhaHAzZDdIMkxvOXFjSVZH -ZwotPiBERDw8X30hMi1ncmVhc2UKc0trUExmTlhtY2Y4YzNZdXI3N3grMStrSy9F -T3prdHBxY2hEQ3M4K2Z6L1BwYlNWdHhMM0xiV2cKLS0tIEVuODExeU4ydWw1TTBS -dTJXZnNiUnB1am1BQTh2V290VW13ZGFKVnd2TkEKKJKaX7b58sicJkLK2Hqu6l7V -C+1AhJxwPkU/IdX2NK/eifVRygJOaVooSdgXg+HLjGzXBb4nfLiw+HlOplQmCU1r -kR4bwOyQlcRCRZFXvlUBvA9dv8D3SFo= ------END AGE ENCRYPTED FILE----- diff --git a/secrets/hosts/p-body/userPassword.age b/secrets/hosts/p-body/userPassword.age deleted file mode 100644 index 8ac3935..0000000 --- a/secrets/hosts/p-body/userPassword.age +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGo3TElVQSBvWnhr -UW5ISGtxQjIvYVhxRU1Tck5wMXFQNW84bFNKb2RxeksyUmtBdmswCi9tSUFMSTJl -QUVqWjVUcHZwZ3NXbVZIZjZaUHc2aGdnQkZpTEdYazVNUWMKLT4gc3NoLWVkMjU1 -MTkgSTkyQTNRIEZZSjk2SisrMmRQSzJOQ3U5RFRkMHJRRXF0WUJ0VkFtTjk4eUpi -VGJQSE0Kc2oyV1F5b1VtSjdmU1dGcUhYRC92bmZkNGpJdDhEbkRGV2JvQyswREs2 -RQotPiBQW3dzRnFwci1ncmVhc2UgNkFdTTJbICFIID1cXFBMXywgewo2Rm5mWTJT -NUNRUUxtZjVQN2trCi0tLSB3Qisyb2MzTEZVY0ljZWRJak9ES25tMGlVUTJhK210 -MjRETW92N0s1MmNFCl/IjRsMQhWQt6M8Rd9d7UxtoxcCnpVrJ3krOMDIGfNNrGbz -b146CJwyzNx3WSzooKAKMlPNwfysBg1vK5ILySJG9XmwbYGJtWV9OxWJJh8GknSt -Lkh8jmF8coSLKdgW/RyhvpjJ2BT00sWlnWdTmK38JDMs3R+jpZwZkpmI1Xvm8xUQ -V6H1CtCbSbA= ------END AGE ENCRYPTED FILE----- diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 4dfe583..7c02845 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -4,27 +4,14 @@ let ]; atlas = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBA861lnShM2ejpzn9arzhpw33I4XdtULfZWhMp/plvL root@atlas"] ++ main; - p-body = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKkwHacWg/H62hF2XrqdkICtR4ClDMH6v4fe9/ilHkSQ root@nixos"] ++ main; in { "shared/rootPassword.age".publicKeys = main; "shared/sethPassword.age".publicKeys = main; - "shared/cloudflareApiKey.age".publicKeys = atlas ++ (builtins.filter (v: !(builtins.elem v main)) p-body); "hosts/atlas/rootPassword.age".publicKeys = atlas; "hosts/atlas/userPassword.age".publicKeys = atlas; - "hosts/atlas/binaryCache.age".publicKeys = atlas; - "hosts/atlas/clusterToken.age".publicKeys = atlas; - "hosts/atlas/secretsJson.age".publicKeys = atlas; "hosts/atlas/miniflux.age".publicKeys = atlas; "hosts/atlas/tailscaleAuthKey.age".publicKeys = atlas; "hosts/atlas/cloudflaredCreds.age".publicKeys = atlas; - - "hosts/p-body/rootPassword.age".publicKeys = p-body; - "hosts/p-body/userPassword.age".publicKeys = p-body; - "hosts/p-body/p-body2atlas.age".publicKeys = p-body; - "hosts/p-body/binaryCache.age".publicKeys = p-body; - "hosts/p-body/clusterToken.age".publicKeys = p-body; - "hosts/p-body/secretsJson.age".publicKeys = p-body; - "hosts/p-body/tailscaleAuthKey.age".publicKeys = p-body; - "hosts/p-body/cloudflaredCreds.age".publicKeys = p-body; + "hosts/atlas/cloudflareApiKey.age".publicKeys = atlas; } diff --git a/users/seth/programs/ssh.nix b/users/seth/programs/ssh.nix index 7be5f0e..ad87477 100644 --- a/users/seth/programs/ssh.nix +++ b/users/seth/programs/ssh.nix @@ -47,7 +47,6 @@ in { # servers "atlas".user = "atlas"; - "p-body".user = "p-body"; }; }; |