clerie

vcp-bula-nixfiles

Frank Waßmuth e8d4a82581 Add temperature metrics		4 months ago
common	add config gor yate-dialup	4 months ago
hosts	Add temperature metrics	4 months ago
modules	debug(yate): make yate more verbose again because we're definitely not done with ring ring stuff	4 months ago
packages	add eapol_test to radius	4 months ago
switchconfig	Switch config field changes	4 months ago
users	add dhcp-reservation for printer in technik-container	4 months ago
.sops.yaml	router: add ppp-secrets	4 months ago
README.md	add secret handling via sops, configure nerd	5 months ago
deploy.sh	add nixdeploy and deployment-script	5 months ago
flake.lock	add secret handling via sops, configure nerd	5 months ago
flake.nix	remove pre-yate-n0emis	4 months ago

README.md

VCP Bundeslager 2022 Nixfiles

How to deploy

./deploy.sh apply switch --on vpn7

or to deploy all gateways:

./deploy.sh apply switch --on gateway

There is a special case for the nixdeploy-host:

./deploy.sh apply-local switch --sudo --node nixdeploy

Secrets

Secrets are managed with sops, see https://github.com/Mic92/sops-nix

To add yourself, follow steps 2 and 4 of above mentioned README and add yourself to .sops.yaml in keys and all creation rules.

To add a new host, configure a creation rule in .sops.yaml, configure the key (e.g. fetch it with nix-shell -p ssh-to-age --run 'ssh-keyscan hostname.bula22.de | ssh-to-age' and add it to keys.

Then you can create a secrets file with nix-shell -p sops --run "sops hosts/hostname/secrets.yaml", add your secrets and then configure your secrets. Example:

sops.secrets.nerd_secret = {
  sopsFile = ./secrets.yaml;
  owner = "nerd";
  restartUnits = [ "nerd.service" ];
};

Your secret will then be available in /run/secrets/secret_name.