added lego-auto
This commit is contained in:
parent
ec567d2c03
commit
ac37c82298
3 changed files with 31 additions and 6 deletions
|
@ -67,7 +67,7 @@
|
||||||
users.users.jahanson = {
|
users.users.jahanson = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
description = "Joseph Hanson";
|
description = "Joseph Hanson";
|
||||||
extraGroups = [ "networkmanager" "wheel" ];
|
extraGroups = [ "networkmanager" "wheel" "kah" ];
|
||||||
shell = pkgs.fish;
|
shell = pkgs.fish;
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w"
|
||||||
|
@ -79,6 +79,13 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# extra user for containers
|
||||||
|
users.users.kah = {
|
||||||
|
uid = 568;
|
||||||
|
group = "kah";
|
||||||
|
};
|
||||||
|
users.groups.kah = {};
|
||||||
|
|
||||||
# Default editor
|
# Default editor
|
||||||
environment.variables.EDITOR = "vim";
|
environment.variables.EDITOR = "vim";
|
||||||
# Time zone.
|
# Time zone.
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
# your system. Help is available in the configuration.nix(5) man page, on
|
# your system. Help is available in the configuration.nix(5) man page, on
|
||||||
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
||||||
|
|
||||||
{ pkgs, inputs, ... }:
|
{ pkgs, inputs, config, ... }:
|
||||||
let
|
let
|
||||||
upsPassword = "illgettoiteventually";
|
upsPassword = "illgettoiteventually";
|
||||||
vendorid = "0764";
|
vendorid = "0764";
|
||||||
|
@ -15,6 +15,15 @@ in
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
inputs.nixvirt-git.nixosModules.default
|
inputs.nixvirt-git.nixosModules.default
|
||||||
];
|
];
|
||||||
|
sops = {
|
||||||
|
# Mounts unencrypted sops values at /run/secrets/rndc_keys accessible by root only by default.
|
||||||
|
secrets = {
|
||||||
|
"lego/dnsimple/token" = {
|
||||||
|
owner = config.users.users.kah;
|
||||||
|
inherit (config.users.users.kah) group;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# Use the systemd-boot EFI boot loader.
|
# Use the systemd-boot EFI boot loader.
|
||||||
boot = {
|
boot = {
|
||||||
|
@ -260,15 +269,22 @@ in
|
||||||
PGID = "102";
|
PGID = "102";
|
||||||
PUID = "999";
|
PUID = "999";
|
||||||
};
|
};
|
||||||
|
};
|
||||||
lego-auto = {
|
lego-auto = {
|
||||||
image = "ghcr.io/bjw-s/lego-auto:v0.3.0";
|
image = "ghcr.io/bjw-s/lego-auto:v0.3.0";
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
volumes = [
|
volumes = [
|
||||||
"/eru/containers/volumes/unifi/cert:/certs"
|
"/eru/containers/volumes/unifi/cert:/certs"
|
||||||
];
|
];
|
||||||
|
user = "102:999";
|
||||||
environment = {
|
environment = {
|
||||||
TZ = "America/Chicago";
|
TZ = "America/Chicago";
|
||||||
EMAIL = "";
|
LA_DATADIR="/certs";
|
||||||
|
LA_CACHEDIR="/certs/.cache";
|
||||||
|
LA_EMAIL = "joe@veri.dev";
|
||||||
|
LA_DOMAINS = "gandalf.jahanson.tech";
|
||||||
|
LA_PROVIDER = "dnsimple";
|
||||||
|
DNSIMPLE_OAUTH_TOKEN_FILE = "${config.sops.secrets."lego/dnsimple/token".path}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
# # Xen-orchestra container
|
# # Xen-orchestra container
|
||||||
|
@ -294,7 +310,6 @@ in
|
||||||
# };
|
# };
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
|
||||||
|
|
||||||
# ZFS automated snapshots
|
# ZFS automated snapshots
|
||||||
services.sanoid = {
|
services.sanoid = {
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
lego:
|
||||||
|
dnsimple:
|
||||||
|
token: ENC[AES256_GCM,data:yWXPbSwj3Y1gAuUCF1eK9q2WSPJmv1ZtRB/2gfvH3V58lc67MfDdN960wg==,iv:h/0Yv1oqeFVwRfi40hG3/twYNPO/MLshhgrJCPWMUMA=,tag:M5W1csc+Rsuor8lp1P4+7Q==,type:str]
|
||||||
1password-credentials.json: ENC[AES256_GCM,data:WBFSyiq30df5D2A3jAvYHLHz1b7nnk4MR0W4E8qDblIo2gug3uBbugR0Dcg2XQRSKfTDpk1kc9KPMrqYPsPtAgKjqQzL1XzuAL9i0C/xBO4+VzFoG8Puwm43791bVjFcG4hxdoMiKY28Pi2MnKlQZEivZUatSNHJqouYfTM/pIuLhRkng6YmUIzT2w47bl0K3Sdu+lh+aGxFsL+k1zepMALq+GZO7IHC9xBq32HwhpWd8UDpgCNqdICaJJ6G8iJxjSqUHjoijkU9QUS+WwWFpVGJ8f1WkmQZ6/gcKudMNg8msMrcyobPw/JgeigxDzF3SpujShRJN6O8QdtE8TBnxb2RZSxC5uNojvqgJVcR4ZvQH5wEZZ9PmNbhpS2vo5nb2/b5fmSFvkIsugOveZ/92O6ffA3rSqT7Eb+nPIH9H1BAu7cUxu0RPXBmM72ohMtFoMpPNXJBkJHODcYNxCYrzWaMfa3673jS5QElzJYeKn0Ir45MFIwWArttq2EVW38Vuwx2YA6qqTrpIiNmhOvKalnVW5f678lwIIzpHDP+1XfiK2MhIXTXst3nV3t/7z4wop4mRLAclS6nmnHMEZ8QrbvK4vVQLUgLDw8r2wRcYa8v8BcdqXdLbkrrHVoPUTn4XHZ0tgO+dfAR5KwkESI/l4B0gxNAlIbYs7edfapphZdbWsyUSbURxt+u70fXovXvgISf9EPT/FcUribInzf4V2PM++x7R72VRARilSXysEouNdeAqreFER/fuMKnXO+7+ywSMwMPLPk2q/J3/u1F+MXTVq4wWJD4UKHek+csAE3qk847/u/XTCJmtVzRLEjJMG5ShNxLI1HuH4Pvf5ebB4MQIeO2gZhiXP2fWNtWt1w+A47FL1GcdXx+Oyl3Mjhze+/762vwVODu9fsY5ySqa86TT96xH67RiVfDp+iTRQYKirwui69LsRACpB6LnKt4yNX3QlS0mawFZhWSuzy6EUqhufQI0I/Pzf2DatyYXtLwHrw/8AYf+J2ouDpew6tghsdSy4s0BnypSL6UmP8OitpDmD+IHSom/eeOCG/vXtUD2KOzzmCR7FFRXrqyYtyQ10djq4jUKO43bzKkWINm/NDVzfQf8NQdXTAR6eneyXJ6Zt+FzMtmbHVjfdrCfLNdXROSfhRFX/YZHVwF+HwtK33RK0DOwpFZGOnW1bceQ2BhgEQbv06IPK6mS9WGx6ymDJ6C/nldTBXLbc5LV/S5sKnnIi8stkd47e3olJSp3xs9ri/ZSFrT3JxVIU2mUL8PGjuOuHDknv8VTZlx1WFp1xqj0l3kgz40SzpWcvSyavHFnPs/+W5UN0N4xBZo7Wuf21u1gqAagypDzoUCnWakjHXQK2LsREFcN72FXHRihpcJLQOjWnZEuQDpH+1Dk5RpUjIZl3M0VQFb0XPwHlnK0pBaBn9eiKZU17gyElXKAz8=,iv:YqHHD0nHnil9s2rG7nmaTjCSvH1TtiiOEi6uqcZKdMM=,tag:/bRmXUnt25SJBJMu6IywTA==,type:str]
|
1password-credentials.json: ENC[AES256_GCM,data:WBFSyiq30df5D2A3jAvYHLHz1b7nnk4MR0W4E8qDblIo2gug3uBbugR0Dcg2XQRSKfTDpk1kc9KPMrqYPsPtAgKjqQzL1XzuAL9i0C/xBO4+VzFoG8Puwm43791bVjFcG4hxdoMiKY28Pi2MnKlQZEivZUatSNHJqouYfTM/pIuLhRkng6YmUIzT2w47bl0K3Sdu+lh+aGxFsL+k1zepMALq+GZO7IHC9xBq32HwhpWd8UDpgCNqdICaJJ6G8iJxjSqUHjoijkU9QUS+WwWFpVGJ8f1WkmQZ6/gcKudMNg8msMrcyobPw/JgeigxDzF3SpujShRJN6O8QdtE8TBnxb2RZSxC5uNojvqgJVcR4ZvQH5wEZZ9PmNbhpS2vo5nb2/b5fmSFvkIsugOveZ/92O6ffA3rSqT7Eb+nPIH9H1BAu7cUxu0RPXBmM72ohMtFoMpPNXJBkJHODcYNxCYrzWaMfa3673jS5QElzJYeKn0Ir45MFIwWArttq2EVW38Vuwx2YA6qqTrpIiNmhOvKalnVW5f678lwIIzpHDP+1XfiK2MhIXTXst3nV3t/7z4wop4mRLAclS6nmnHMEZ8QrbvK4vVQLUgLDw8r2wRcYa8v8BcdqXdLbkrrHVoPUTn4XHZ0tgO+dfAR5KwkESI/l4B0gxNAlIbYs7edfapphZdbWsyUSbURxt+u70fXovXvgISf9EPT/FcUribInzf4V2PM++x7R72VRARilSXysEouNdeAqreFER/fuMKnXO+7+ywSMwMPLPk2q/J3/u1F+MXTVq4wWJD4UKHek+csAE3qk847/u/XTCJmtVzRLEjJMG5ShNxLI1HuH4Pvf5ebB4MQIeO2gZhiXP2fWNtWt1w+A47FL1GcdXx+Oyl3Mjhze+/762vwVODu9fsY5ySqa86TT96xH67RiVfDp+iTRQYKirwui69LsRACpB6LnKt4yNX3QlS0mawFZhWSuzy6EUqhufQI0I/Pzf2DatyYXtLwHrw/8AYf+J2ouDpew6tghsdSy4s0BnypSL6UmP8OitpDmD+IHSom/eeOCG/vXtUD2KOzzmCR7FFRXrqyYtyQ10djq4jUKO43bzKkWINm/NDVzfQf8NQdXTAR6eneyXJ6Zt+FzMtmbHVjfdrCfLNdXROSfhRFX/YZHVwF+HwtK33RK0DOwpFZGOnW1bceQ2BhgEQbv06IPK6mS9WGx6ymDJ6C/nldTBXLbc5LV/S5sKnnIi8stkd47e3olJSp3xs9ri/ZSFrT3JxVIU2mUL8PGjuOuHDknv8VTZlx1WFp1xqj0l3kgz40SzpWcvSyavHFnPs/+W5UN0N4xBZo7Wuf21u1gqAagypDzoUCnWakjHXQK2LsREFcN72FXHRihpcJLQOjWnZEuQDpH+1Dk5RpUjIZl3M0VQFb0XPwHlnK0pBaBn9eiKZU17gyElXKAz8=,iv:YqHHD0nHnil9s2rG7nmaTjCSvH1TtiiOEi6uqcZKdMM=,tag:/bRmXUnt25SJBJMu6IywTA==,type:str]
|
||||||
bind:
|
bind:
|
||||||
rndc-keys:
|
rndc-keys:
|
||||||
|
@ -38,8 +41,8 @@ sops:
|
||||||
L3I3c1VHZTNUQUNjVjFYaXZXMHlsUTgKplXR6ZN5+Z25n5IlC7jGDHYLH/6g8dWI
|
L3I3c1VHZTNUQUNjVjFYaXZXMHlsUTgKplXR6ZN5+Z25n5IlC7jGDHYLH/6g8dWI
|
||||||
MtkYR0606ZC+b4w8PmsHyf6SBfocb8kP9uZKhJAHCtgzn1IQakPN+A==
|
MtkYR0606ZC+b4w8PmsHyf6SBfocb8kP9uZKhJAHCtgzn1IQakPN+A==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-05-28T21:41:30Z"
|
lastmodified: "2024-05-28T21:57:17Z"
|
||||||
mac: ENC[AES256_GCM,data:wuPcfauGrw67p071Sjr+9TXrFRC/0DOsKbr+t5wM9j3rASN1KOLRCxkyVIkvST02Q62IrjbYJhs3A6Iwl+H0e1VD55ZgR5u5nMZjpxRu+sH9Vl3KZVgKbKgeA+tVvsaK3KNPLUp6rHPVb9f9c0aUAfOD8q4RHE57esdGA5pY0yI=,iv:mL4RMh5LgWO6O03uuoeo6VfCyH9IUQTpk2GXd7VWzqo=,tag:dVqRHlA4P4FIueWg6eVgzw==,type:str]
|
mac: ENC[AES256_GCM,data:etYudHElbqYn9o5FZLtTIt7ZGXk1bvk6+mSF07kqgaM+6H05gNMv9w9KhVd3dpfRvjjWNOvOerp+oa0UwWNU+nYJ2nOjYlkbVGpzIpHlAHSdJKN0AXlrjiSQM3fHpcyEdKX2DyEADUGQWAV5HWBUClgBC48Wzkrrt8nGPm4R0tQ=,iv:OeidHvWz5S64GPHFCtA/v/npwaWiamufQnYFaXAYJDw=,tag:gGCSeL2XxWixKzXgkkSFEA==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
Reference in a new issue