You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
![]() |
2 weeks ago | |
---|---|---|
common | 1 month ago | |
hosts | 2 weeks ago | |
modules | 4 weeks ago | |
packages | 4 weeks ago | |
switchconfig | 3 weeks ago | |
users | 4 weeks ago | |
.sops.yaml | 4 weeks ago | |
README.md | 1 month ago | |
deploy.sh | 1 month ago | |
flake.lock | 1 month ago | |
flake.nix | 4 weeks ago |
README.md
VCP Bundeslager 2022 Nixfiles
How to deploy
./deploy.sh apply switch --on vpn7
or to deploy all gateways:
./deploy.sh apply switch --on gateway
There is a special case for the nixdeploy-host:
./deploy.sh apply-local switch --sudo --node nixdeploy
Secrets
Secrets are managed with sops, see https://github.com/Mic92/sops-nix
To add yourself, follow steps 2 and 4 of above mentioned README and add yourself to .sops.yaml
in keys
and all creation rules.
To add a new host, configure a creation rule in .sops.yaml
,
configure the key (e.g. fetch it with nix-shell -p ssh-to-age --run 'ssh-keyscan hostname.bula22.de | ssh-to-age'
and add it to keys
.
Then you can create a secrets file with nix-shell -p sops --run "sops hosts/hostname/secrets.yaml"
, add your secrets and then configure your secrets. Example:
sops.secrets.nerd_secret = {
sopsFile = ./secrets.yaml;
owner = "nerd";
restartUnits = [ "nerd.service" ];
};
Your secret will then be available in /run/secrets/secret_name
.