clerie

Go to file

Jannik dce2d5483d debug(yate): make yate more verbose again because we're definitely not done with ring ring stuff		2022-07-25 11:37:56 +02:00
common	add config gor yate-dialup	2022-07-20 09:07:32 +02:00
hosts	radius: open firewall	2022-07-25 09:33:15 +02:00
modules	debug(yate): make yate more verbose again because we're definitely not done with ring ring stuff	2022-07-25 11:37:56 +02:00
packages	nerd: update	2022-07-21 11:27:38 +02:00
switchconfig	add wlan/dect-ports on sw-hospital	2022-07-25 09:31:27 +02:00
users	add dhcp-reservation for printer in technik-container	2022-07-23 22:19:06 +02:00
.sops.yaml	router: add ppp-secrets	2022-07-23 16:46:03 +02:00
README.md	add secret handling via sops, configure nerd	2022-07-13 21:40:27 +02:00
deploy.sh	add nixdeploy and deployment-script	2022-07-07 20:07:53 +02:00
flake.lock	add secret handling via sops, configure nerd	2022-07-13 21:40:27 +02:00
flake.nix	remove pre-yate-n0emis	2022-07-21 09:31:43 +02:00

README.md

VCP Bundeslager 2022 Nixfiles

How to deploy

./deploy.sh apply switch --on vpn7

or to deploy all gateways:

./deploy.sh apply switch --on gateway

There is a special case for the nixdeploy-host:

./deploy.sh apply-local switch --sudo --node nixdeploy

Secrets

Secrets are managed with sops, see https://github.com/Mic92/sops-nix

To add yourself, follow steps 2 and 4 of above mentioned README and add yourself to .sops.yaml in keys and all creation rules.

To add a new host, configure a creation rule in .sops.yaml, configure the key (e.g. fetch it with nix-shell -p ssh-to-age --run 'ssh-keyscan hostname.bula22.de | ssh-to-age' and add it to keys.

Then you can create a secrets file with nix-shell -p sops --run "sops hosts/hostname/secrets.yaml", add your secrets and then configure your secrets. Example:

sops.secrets.nerd_secret = {
  sopsFile = ./secrets.yaml;
  owner = "nerd";
  restartUnits = [ "nerd.service" ];
};

Your secret will then be available in /run/secrets/secret_name.