Fork 0
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Frank Waßmuth e8d4a82581 Add temperature metrics 4 months ago
common add config gor yate-dialup 4 months ago
hosts Add temperature metrics 4 months ago
modules debug(yate): make yate more verbose again because we're definitely not done with ring ring stuff 4 months ago
packages add eapol_test to radius 4 months ago
switchconfig Switch config field changes 4 months ago
users add dhcp-reservation for printer in technik-container 4 months ago
.sops.yaml router: add ppp-secrets 4 months ago
README.md add secret handling via sops, configure nerd 5 months ago
deploy.sh add nixdeploy and deployment-script 5 months ago
flake.lock add secret handling via sops, configure nerd 5 months ago
flake.nix remove pre-yate-n0emis 4 months ago


VCP Bundeslager 2022 Nixfiles

How to deploy

./deploy.sh apply switch --on vpn7

or to deploy all gateways:

./deploy.sh apply switch --on gateway

There is a special case for the nixdeploy-host:

./deploy.sh apply-local switch --sudo --node nixdeploy


Secrets are managed with sops, see https://github.com/Mic92/sops-nix

To add yourself, follow steps 2 and 4 of above mentioned README and add yourself to .sops.yaml in keys and all creation rules.

To add a new host, configure a creation rule in .sops.yaml, configure the key (e.g. fetch it with nix-shell -p ssh-to-age --run 'ssh-keyscan hostname.bula22.de | ssh-to-age' and add it to keys.

Then you can create a secrets file with nix-shell -p sops --run "sops hosts/hostname/secrets.yaml", add your secrets and then configure your secrets. Example:

sops.secrets.nerd_secret = {
  sopsFile = ./secrets.yaml;
  owner = "nerd";
  restartUnits = [ "nerd.service" ];

Your secret will then be available in /run/secrets/secret_name.