1
0
Go to file
2022-08-04 10:27:59 +02:00
common add config gor yate-dialup 2022-07-20 09:07:32 +02:00
hosts Add temperature metrics 2022-08-04 10:27:59 +02:00
modules debug(yate): make yate more verbose again because we're definitely not done with ring ring stuff 2022-07-25 11:37:56 +02:00
packages add eapol_test to radius 2022-07-25 15:29:16 +02:00
switchconfig Switch config field changes 2022-07-31 16:31:07 +02:00
users add dhcp-reservation for printer in technik-container 2022-07-23 22:19:06 +02:00
.sops.yaml router: add ppp-secrets 2022-07-23 16:46:03 +02:00
deploy.sh add nixdeploy and deployment-script 2022-07-07 20:07:53 +02:00
flake.lock add secret handling via sops, configure nerd 2022-07-13 21:40:27 +02:00
flake.nix remove pre-yate-n0emis 2022-07-21 09:31:43 +02:00
README.md add secret handling via sops, configure nerd 2022-07-13 21:40:27 +02:00

VCP Bundeslager 2022 Nixfiles

How to deploy

./deploy.sh apply switch --on vpn7

or to deploy all gateways:

./deploy.sh apply switch --on gateway

There is a special case for the nixdeploy-host:

./deploy.sh apply-local switch --sudo --node nixdeploy

Secrets

Secrets are managed with sops, see https://github.com/Mic92/sops-nix

To add yourself, follow steps 2 and 4 of above mentioned README and add yourself to .sops.yaml in keys and all creation rules.

To add a new host, configure a creation rule in .sops.yaml, configure the key (e.g. fetch it with nix-shell -p ssh-to-age --run 'ssh-keyscan hostname.bula22.de | ssh-to-age' and add it to keys.

Then you can create a secrets file with nix-shell -p sops --run "sops hosts/hostname/secrets.yaml", add your secrets and then configure your secrets. Example:

sops.secrets.nerd_secret = {
  sopsFile = ./secrets.yaml;
  owner = "nerd";
  restartUnits = [ "nerd.service" ];
};

Your secret will then be available in /run/secrets/secret_name.