infra: init opentofu
This commit is contained in:
parent
4b8df9fa2b
commit
49b607129d
24 changed files with 507 additions and 102 deletions
3
.envrc
3
.envrc
|
@ -1 +1,4 @@
|
||||||
use flake
|
use flake
|
||||||
|
if has sops; then
|
||||||
|
export TF_ENCRYPTION=$(sops --extract '["tofu"]["encryption"]' -d infra/secrets.yaml)
|
||||||
|
fi
|
||||||
|
|
16
.sops.yaml
16
.sops.yaml
|
@ -4,33 +4,39 @@ keys:
|
||||||
# ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub
|
# ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub
|
||||||
- &dust age193x79xx8snu82w3t3hax6nruuw57g7pduwnkpvzkzmd7fs5jvfrquqa3sl
|
- &dust age193x79xx8snu82w3t3hax6nruuw57g7pduwnkpvzkzmd7fs5jvfrquqa3sl
|
||||||
- &pek0 age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk
|
- &pek0 age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk
|
||||||
|
- &sin0 age1u7srtfpgf83hesmsvtqdqftl8xrjmmp33mlg0aze6ken866ad55qxmzdqd
|
||||||
- &tyo0 age1vw4kf5v8cfnhfhvl0eyvqzpvy9hpfv9enffvzyt95tx5mu7s5dxqjqw0fa
|
- &tyo0 age1vw4kf5v8cfnhfhvl0eyvqzpvy9hpfv9enffvzyt95tx5mu7s5dxqjqw0fa
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: hosts/pek0/secrets.yaml$
|
- path_regex: ^hosts/pek0/secrets.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *guanranwang
|
- *guanranwang
|
||||||
- *pek0
|
- *pek0
|
||||||
- path_regex: hosts/tyo0/secrets.yaml$
|
- path_regex: ^hosts/tyo0/secrets.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *guanranwang
|
- *guanranwang
|
||||||
- *tyo0
|
- *tyo0
|
||||||
- path_regex: nixos/profiles/sing-box/secrets.yaml$
|
- path_regex: ^nixos/profiles/sing-box/secrets.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *guanranwang
|
- *guanranwang
|
||||||
- *dust
|
- *dust
|
||||||
- *pek0
|
- *pek0
|
||||||
- path_regex: nixos/profiles/wireless/secrets.yaml$
|
- path_regex: ^nixos/profiles/wireless/secrets.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *guanranwang
|
- *guanranwang
|
||||||
- *dust
|
- *dust
|
||||||
- path_regex: secrets.yaml$
|
- path_regex: ^secrets.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *guanranwang
|
- *guanranwang
|
||||||
- *dust
|
- *dust
|
||||||
- *pek0
|
- *pek0
|
||||||
|
- *sin0
|
||||||
- *tyo0
|
- *tyo0
|
||||||
|
- path_regex: ^infra/secrets.yaml$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *guanranwang
|
||||||
|
|
54
flake.lock
54
flake.lock
|
@ -51,11 +51,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1726396892,
|
"lastModified": 1726842196,
|
||||||
"narHash": "sha256-KRGuT5nGRAOT3heigRWg41tbYpTpapGhsWc+XjnIx0w=",
|
"narHash": "sha256-u9h03JQUuQJ607xmti9F9Eh6E96kKUAGP+aXWgwm70o=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "51e3a7e51279fedfb6669a00d21dc5936c78a6ce",
|
"rev": "51994df8ba24d5db5459ccf17b6494643301ad28",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -106,11 +106,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1710146030,
|
"lastModified": 1726560853,
|
||||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -146,11 +146,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1726357542,
|
"lastModified": 1726902823,
|
||||||
"narHash": "sha256-p4OrJL2weh0TRtaeu1fmNYP6+TOp/W2qdaIJxxQay4c=",
|
"narHash": "sha256-Gkc7pwTVLKj4HSvRt8tXNvosl8RS9hrBAEhOjAE0Tt4=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "e524c57b1fa55d6ca9d8354c6ce1e538d2a1f47f",
|
"rev": "14929f7089268481d86b83ed31ffd88713dcd415",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -225,11 +225,11 @@
|
||||||
},
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1725885300,
|
"lastModified": 1726905744,
|
||||||
"narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=",
|
"narHash": "sha256-xyNtG5C+xvfsnOVEamFe9zCCnuNwk93K/TlFC/4DmCI=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e",
|
"rev": "b493dfd4a8cf9552932179e56ff3b5819a9b8381",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -240,11 +240,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1726365531,
|
"lastModified": 1726871744,
|
||||||
"narHash": "sha256-luAKNxWZ+ZN0kaHchx1OdLQ71n81Y31ryNPWP1YRDZc=",
|
"narHash": "sha256-V5LpfdHyQkUF7RfOaDPrZDP+oqz88lTJrMT1+stXNwo=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "9299cdf978e15f448cf82667b0ffdd480b44ee48",
|
"rev": "a1d92660c6b3b7c26fb883500a80ea9d33321be2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -270,11 +270,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1725513492,
|
"lastModified": 1726745158,
|
||||||
"narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=",
|
"narHash": "sha256-D5AegvGoEjt4rkKedmxlSEmC+nNLMBPWFxvmYnVLhjk=",
|
||||||
"owner": "cachix",
|
"owner": "cachix",
|
||||||
"repo": "pre-commit-hooks.nix",
|
"repo": "pre-commit-hooks.nix",
|
||||||
"rev": "7570de7b9b504cfe92025dd1be797bf546f66528",
|
"rev": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -327,11 +327,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1726382494,
|
"lastModified": 1726885519,
|
||||||
"narHash": "sha256-T7W+ohiXe1IY0yf/PpS4wQItZ0SyRO+/v8kqNpMXlI4=",
|
"narHash": "sha256-wrXknshJMRLv91KQD5d7ovUqJ70FlDM7XeG/upSsKgM=",
|
||||||
"owner": "oxalica",
|
"owner": "oxalica",
|
||||||
"repo": "rust-overlay",
|
"repo": "rust-overlay",
|
||||||
"rev": "ff13821613ffe5dbfeb4fe353b1f4bf291d831db",
|
"rev": "a66e16cb21e4428224925dbf1b66238c727dda0a",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -350,11 +350,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1726218807,
|
"lastModified": 1726524647,
|
||||||
"narHash": "sha256-z7CoWbSOtsOz8TmRKDnobURkKfv6nPZCo3ayolNuQGc=",
|
"narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "f30b1bac192e2dc252107ac8a59a03ad25e1b96e",
|
"rev": "e2d404a7ea599a013189aa42947f66cede0645c8",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -385,11 +385,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1725271838,
|
"lastModified": 1726734507,
|
||||||
"narHash": "sha256-VcqxWT0O/gMaeWTTjf1r4MOyG49NaNxW4GHTO3xuThE=",
|
"narHash": "sha256-VUH5O5AcOSxb0uL/m34dDkxFKP6WLQ6y4I1B4+N3L2w=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "treefmt-nix",
|
"repo": "treefmt-nix",
|
||||||
"rev": "9fb342d14b69aefdf46187f6bb80a4a0d97007cd",
|
"rev": "ee41a466c2255a3abe6bc50fc6be927cdee57a9f",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
43
flake.nix
43
flake.nix
|
@ -93,6 +93,13 @@
|
||||||
|
|
||||||
outputs =
|
outputs =
|
||||||
inputs:
|
inputs:
|
||||||
|
let
|
||||||
|
data = builtins.fromJSON (builtins.readFile ./infra/data.json);
|
||||||
|
specialArgs = {
|
||||||
|
inherit inputs;
|
||||||
|
nodes = data.nodes.value;
|
||||||
|
};
|
||||||
|
in
|
||||||
inputs.flake-utils.lib.eachDefaultSystem (
|
inputs.flake-utils.lib.eachDefaultSystem (
|
||||||
system:
|
system:
|
||||||
let
|
let
|
||||||
|
@ -112,6 +119,12 @@
|
||||||
# nix develop
|
# nix develop
|
||||||
devShells.default = pkgs.mkShellNoCC {
|
devShells.default = pkgs.mkShellNoCC {
|
||||||
packages = with pkgs; [
|
packages = with pkgs; [
|
||||||
|
(opentofu.withPlugins (
|
||||||
|
ps: with ps; [
|
||||||
|
vultr
|
||||||
|
sops
|
||||||
|
]
|
||||||
|
))
|
||||||
colmena
|
colmena
|
||||||
sops
|
sops
|
||||||
];
|
];
|
||||||
|
@ -124,22 +137,19 @@
|
||||||
|
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
"dust" = inputs.nixpkgs.lib.nixosSystem {
|
"dust" = inputs.nixpkgs.lib.nixosSystem {
|
||||||
|
inherit specialArgs;
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
modules = [
|
modules = [
|
||||||
./nixos/profiles/core
|
./nixos/profiles/core
|
||||||
./hosts/dust
|
./hosts/dust
|
||||||
];
|
];
|
||||||
specialArgs = {
|
|
||||||
inherit inputs;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
} // inputs.self.colmenaHive.nodes;
|
} // inputs.self.colmenaHive.nodes;
|
||||||
|
|
||||||
colmenaHive = inputs.colmena.lib.makeHive {
|
colmenaHive = inputs.colmena.lib.makeHive (
|
||||||
|
{
|
||||||
meta = {
|
meta = {
|
||||||
specialArgs = {
|
inherit specialArgs;
|
||||||
inherit inputs;
|
|
||||||
};
|
|
||||||
nixpkgs = import inputs.nixpkgs {
|
nixpkgs = import inputs.nixpkgs {
|
||||||
system = "x86_64-linux"; # How does this work?
|
system = "x86_64-linux"; # How does this work?
|
||||||
};
|
};
|
||||||
|
@ -159,6 +169,25 @@
|
||||||
imports = [ ./hosts/pek0 ];
|
imports = [ ./hosts/pek0 ];
|
||||||
deployment.targetHost = "blacksteel"; # thru tailscale
|
deployment.targetHost = "blacksteel"; # thru tailscale
|
||||||
};
|
};
|
||||||
|
}
|
||||||
|
// (builtins.mapAttrs (n: v: {
|
||||||
|
deployment = {
|
||||||
|
inherit (v) tags;
|
||||||
|
targetHost = v.fqdn;
|
||||||
};
|
};
|
||||||
|
imports =
|
||||||
|
if (builtins.elem "vultr" v.tags) then
|
||||||
|
[
|
||||||
|
./hosts/vultr/${n}
|
||||||
|
./hosts/vultr/common
|
||||||
|
{ networking.hostName = n; }
|
||||||
|
]
|
||||||
|
# TODO: import aws
|
||||||
|
else if (builtins.elem "amazon" v.tags) then
|
||||||
|
[ ./hosts/amazon/${n} ]
|
||||||
|
else
|
||||||
|
[ ./hosts/${n} ];
|
||||||
|
}) data.nodes.value)
|
||||||
|
);
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,19 +2,12 @@
|
||||||
{
|
{
|
||||||
programs.ssh = {
|
programs.ssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
matchBlocks =
|
matchBlocks = {
|
||||||
let
|
"*.ny4.dev" = {
|
||||||
inherit (config.home) homeDirectory;
|
identityFile = "${config.home.homeDirectory}/.ssh/id_github_signing";
|
||||||
serverConfig = {
|
|
||||||
identityFile = "${homeDirectory}/.ssh/id_github_signing";
|
|
||||||
user = "root";
|
user = "root";
|
||||||
};
|
};
|
||||||
in
|
"pek0.ny4.dev".hostname = "blacksteel";
|
||||||
{
|
|
||||||
"tyo0.ny4.dev" = serverConfig;
|
|
||||||
"pek0.ny4.dev" = serverConfig // {
|
|
||||||
hostname = "blacksteel";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
{ lib, ... }:
|
{ lib, ... }:
|
||||||
{
|
{
|
||||||
nixpkgs.config = {
|
nixpkgs.config = {
|
||||||
allowNonSource = false;
|
allowNonSource = true;
|
||||||
allowNonSourcePredicate =
|
allowNonSourcePredicate =
|
||||||
pkg:
|
pkg:
|
||||||
lib.elem (lib.getName pkg) [
|
(lib.elem (lib.getName pkg) [
|
||||||
"cargo-bootstrap"
|
"cargo-bootstrap"
|
||||||
"go"
|
"go"
|
||||||
"minecraft-server"
|
"minecraft-server"
|
||||||
|
@ -12,7 +12,7 @@
|
||||||
"rustc-bootstrap-wrapper"
|
"rustc-bootstrap-wrapper"
|
||||||
"sof-firmware"
|
"sof-firmware"
|
||||||
"temurin-bin"
|
"temurin-bin"
|
||||||
];
|
]);
|
||||||
|
|
||||||
allowUnfree = false;
|
allowUnfree = false;
|
||||||
allowUnfreePredicate =
|
allowUnfreePredicate =
|
||||||
|
|
|
@ -17,8 +17,8 @@
|
||||||
allowUnfreePredicate = pkg: lib.elem (lib.getName pkg) [ ];
|
allowUnfreePredicate = pkg: lib.elem (lib.getName pkg) [ ];
|
||||||
|
|
||||||
permittedInsecurePackages = [
|
permittedInsecurePackages = [
|
||||||
"cinny-4.1.0"
|
"cinny-4.2.1"
|
||||||
"cinny-unwrapped-4.1.0"
|
"cinny-unwrapped-4.2.1"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -35,6 +35,9 @@
|
||||||
# WORKAROUND:
|
# WORKAROUND:
|
||||||
systemd.services."print-host-key".enable = false;
|
systemd.services."print-host-key".enable = false;
|
||||||
|
|
||||||
|
# FIXME: error: builder for '/nix/store/...-ena-2.12.3-6.11.drv' failed with exit code 2
|
||||||
|
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_6_10;
|
||||||
|
|
||||||
### Secrets
|
### Secrets
|
||||||
sops.secrets = lib.mapAttrs (_name: value: value // { sopsFile = ./secrets.yaml; }) {
|
sops.secrets = lib.mapAttrs (_name: value: value // { sopsFile = ./secrets.yaml; }) {
|
||||||
"sing-box/auth" = {
|
"sing-box/auth" = {
|
||||||
|
|
|
@ -2,10 +2,12 @@
|
||||||
lib,
|
lib,
|
||||||
pkgs,
|
pkgs,
|
||||||
config,
|
config,
|
||||||
|
nodes,
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
inherit (config.lib) ports;
|
inherit (config.lib) ports;
|
||||||
|
targets = lib.mapAttrsToList (_name: node: node.fqdn) nodes;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
services.prometheus = {
|
services.prometheus = {
|
||||||
|
@ -36,9 +38,9 @@ in
|
||||||
};
|
};
|
||||||
static_configs = lib.singleton {
|
static_configs = lib.singleton {
|
||||||
targets = [
|
targets = [
|
||||||
"tyo0.ny4.dev"
|
|
||||||
"pek0.ny4.dev"
|
"pek0.ny4.dev"
|
||||||
];
|
"tyo0.ny4.dev"
|
||||||
|
] ++ targets;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
@ -52,7 +54,7 @@ in
|
||||||
targets = [
|
targets = [
|
||||||
"tyo0.ny4.dev"
|
"tyo0.ny4.dev"
|
||||||
"pek0.ny4.dev"
|
"pek0.ny4.dev"
|
||||||
];
|
] ++ targets;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
|
39
hosts/vultr/common/default.nix
Normal file
39
hosts/vultr/common/default.nix
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
{
|
||||||
|
inputs,
|
||||||
|
modulesPath,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
"${modulesPath}/installer/scan/not-detected.nix"
|
||||||
|
"${modulesPath}/profiles/qemu-guest.nix"
|
||||||
|
|
||||||
|
./disko.nix
|
||||||
|
./preservation.nix
|
||||||
|
]
|
||||||
|
++ (with inputs; [
|
||||||
|
disko.nixosModules.disko
|
||||||
|
preservation.nixosModules.preservation
|
||||||
|
]);
|
||||||
|
|
||||||
|
# vnc
|
||||||
|
services.getty.autologinUser = "root";
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
useNetworkd = true;
|
||||||
|
useDHCP = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.network.networks.ethernet = {
|
||||||
|
matchConfig.Name = [
|
||||||
|
"en*"
|
||||||
|
"eth*"
|
||||||
|
];
|
||||||
|
DHCP = "yes";
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.loader.grub.enable = true;
|
||||||
|
boot.loader.grub.devices = lib.mkDefault [ "/dev/vda" ];
|
||||||
|
}
|
59
hosts/vultr/common/disko.nix
Normal file
59
hosts/vultr/common/disko.nix
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
{ inputs, ... }:
|
||||||
|
let
|
||||||
|
mountOptions = [
|
||||||
|
"compress-force=zstd"
|
||||||
|
"noatime"
|
||||||
|
];
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [ inputs.disko.nixosModules.disko ];
|
||||||
|
|
||||||
|
disko.devices = {
|
||||||
|
disk.vda = {
|
||||||
|
type = "disk";
|
||||||
|
device = "/dev/vda";
|
||||||
|
content = {
|
||||||
|
type = "gpt";
|
||||||
|
partitions = {
|
||||||
|
boot = {
|
||||||
|
type = "EF02";
|
||||||
|
start = "0";
|
||||||
|
end = "+1M";
|
||||||
|
};
|
||||||
|
root = {
|
||||||
|
end = "-0";
|
||||||
|
content = {
|
||||||
|
type = "btrfs";
|
||||||
|
extraArgs = [ "-f" ];
|
||||||
|
subvolumes = {
|
||||||
|
"/@boot" = {
|
||||||
|
mountpoint = "/boot";
|
||||||
|
inherit mountOptions;
|
||||||
|
};
|
||||||
|
"/@nix" = {
|
||||||
|
mountpoint = "/nix";
|
||||||
|
inherit mountOptions;
|
||||||
|
};
|
||||||
|
"/@persist" = {
|
||||||
|
mountpoint = "/persist";
|
||||||
|
inherit mountOptions;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
nodev = {
|
||||||
|
"/" = {
|
||||||
|
fsType = "tmpfs";
|
||||||
|
mountOptions = [
|
||||||
|
"defaults"
|
||||||
|
"mode=755"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/persist".neededForBoot = true;
|
||||||
|
}
|
15
hosts/vultr/common/preservation.nix
Normal file
15
hosts/vultr/common/preservation.nix
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
{ lib, ... }:
|
||||||
|
{
|
||||||
|
sops.age.sshKeyPaths = lib.mkForce [ "/persist/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
|
||||||
|
preservation.enable = true;
|
||||||
|
preservation.preserveAt."/persist" = {
|
||||||
|
directories = [ "/var" ];
|
||||||
|
files = [
|
||||||
|
"/etc/ssh/ssh_host_ed25519_key"
|
||||||
|
"/etc/ssh/ssh_host_ed25519_key.pub"
|
||||||
|
"/etc/ssh/ssh_host_rsa_key"
|
||||||
|
"/etc/ssh/ssh_host_rsa_key.pub"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
14
hosts/vultr/sin0/default.nix
Normal file
14
hosts/vultr/sin0/default.nix
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
system.stateVersion = "24.05";
|
||||||
|
|
||||||
|
networking.firewall.allowedUDPPorts = [ 443 ];
|
||||||
|
networking.firewall.allowedTCPPorts = [
|
||||||
|
80
|
||||||
|
443
|
||||||
|
];
|
||||||
|
|
||||||
|
services.caddy.enable = true;
|
||||||
|
services.caddy.settings.apps.http.servers.srv0 = {
|
||||||
|
listen = [ ":443" ];
|
||||||
|
};
|
||||||
|
}
|
3
infra/.gitignore
vendored
Normal file
3
infra/.gitignore
vendored
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
/.terraform
|
||||||
|
/terraform.tfstate.*
|
||||||
|
/.terraform.lock.hcl
|
45
infra/data.json
Normal file
45
infra/data.json
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
{
|
||||||
|
"nodes": {
|
||||||
|
"sensitive": false,
|
||||||
|
"type": [
|
||||||
|
"object",
|
||||||
|
{
|
||||||
|
"sin0": [
|
||||||
|
"object",
|
||||||
|
{
|
||||||
|
"fqdn": "string",
|
||||||
|
"ipv4": "string",
|
||||||
|
"ipv6": "string",
|
||||||
|
"remarks": [
|
||||||
|
"object",
|
||||||
|
{
|
||||||
|
"city": "string",
|
||||||
|
"continent": "string",
|
||||||
|
"country": "string"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"tags": [
|
||||||
|
"list",
|
||||||
|
"string"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"value": {
|
||||||
|
"sin0": {
|
||||||
|
"fqdn": "sin0.ny4.dev",
|
||||||
|
"ipv4": "149.28.143.116",
|
||||||
|
"ipv6": "2001:19f0:4400:7041:5400:05ff:fe1b:042d",
|
||||||
|
"remarks": {
|
||||||
|
"city": "Singapore",
|
||||||
|
"continent": "Asia",
|
||||||
|
"country": "SG"
|
||||||
|
},
|
||||||
|
"tags": [
|
||||||
|
"vultr"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
90
infra/modules/vultr/main.tf
Normal file
90
infra/modules/vultr/main.tf
Normal file
|
@ -0,0 +1,90 @@
|
||||||
|
variable "hostname" {
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "fqdn" {
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "region" {
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "plan" {
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "tags" {
|
||||||
|
type = list(string)
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "script" {
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
|
||||||
|
terraform {
|
||||||
|
required_providers {
|
||||||
|
vultr = {
|
||||||
|
source = "registry.terraform.io/vultr/vultr"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "vultr_instance" "server" {
|
||||||
|
region = var.region
|
||||||
|
plan = var.plan
|
||||||
|
hostname = var.fqdn
|
||||||
|
tags = var.tags
|
||||||
|
label = var.hostname
|
||||||
|
|
||||||
|
os_id = 159
|
||||||
|
script_id = var.script
|
||||||
|
|
||||||
|
activation_email = false
|
||||||
|
ddos_protection = false
|
||||||
|
enable_ipv6 = true
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "vultr_reverse_ipv4" "reverse_ipv4" {
|
||||||
|
instance_id = vultr_instance.server.id
|
||||||
|
ip = vultr_instance.server.main_ip
|
||||||
|
reverse = var.fqdn
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "vultr_reverse_ipv6" "reverse_ipv6" {
|
||||||
|
instance_id = vultr_instance.server.id
|
||||||
|
ip = vultr_instance.server.v6_main_ip
|
||||||
|
reverse = var.fqdn
|
||||||
|
}
|
||||||
|
|
||||||
|
data "vultr_region" "region" {
|
||||||
|
filter {
|
||||||
|
name = "id"
|
||||||
|
values = [vultr_instance.server.region]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
output "ipv4" {
|
||||||
|
value = vultr_reverse_ipv4.reverse_ipv4.ip
|
||||||
|
}
|
||||||
|
|
||||||
|
output "ipv6" {
|
||||||
|
value = vultr_reverse_ipv6.reverse_ipv6.ip
|
||||||
|
}
|
||||||
|
|
||||||
|
output "fqdn" {
|
||||||
|
value = var.fqdn
|
||||||
|
}
|
||||||
|
|
||||||
|
output "tags" {
|
||||||
|
value = var.tags
|
||||||
|
}
|
||||||
|
|
||||||
|
output "remarks" {
|
||||||
|
value = {
|
||||||
|
continent = data.vultr_region.region.continent
|
||||||
|
country = data.vultr_region.region.country
|
||||||
|
city = data.vultr_region.region.city
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
3
infra/outputs.tf
Normal file
3
infra/outputs.tf
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
output "nodes" {
|
||||||
|
value = module.vultr
|
||||||
|
}
|
11
infra/secrets.tf
Normal file
11
infra/secrets.tf
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
data "sops_file" "secrets" {
|
||||||
|
source_file = "secrets.yaml"
|
||||||
|
}
|
||||||
|
|
||||||
|
locals {
|
||||||
|
secrets = yamldecode(data.sops_file.secrets.raw)
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "vultr" {
|
||||||
|
api_key = local.secrets.vultr.api_key
|
||||||
|
}
|
24
infra/secrets.yaml
Normal file
24
infra/secrets.yaml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
vultr:
|
||||||
|
api_key: ENC[AES256_GCM,data:e3ZTVPp/k673qjoHx/ls4HrEv+rYNUsK93DvLbDZwQqZtyrx,iv:jbsJFFV6B+vNXq9AvNWFFnyWoAI+EpZ7olDofFDmd5M=,tag:dCaidJtn1CJka/4lwoVe8g==,type:str]
|
||||||
|
tofu:
|
||||||
|
encryption: ENC[AES256_GCM,data:7+K0SYGOURiEbZ4IrOMJYYVWcSlLqxLv+9lZRUH/cH34qZ7CUt8vsSYP7VyRgCVqFr7sETGj1LPliPjJT2yge9HNbbuUnJ0U3RpLytl7z63nOLeSvUU=,iv:WGrozRmPerQ7iPJAqWmBy9XQ6SnOLrcLLwxdoa1ZIWQ=,tag:rcfNqW57WyVc4U0Iy2MHKA==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTaG5JdXdVVjdNNXlpSVAr
|
||||||
|
aUlxM3ROaWI3TmhMQVJ2OTB6djUwc2QrYVMwCnZrYVJxdGRFV05TRVlMN2M2NDJS
|
||||||
|
dkRZbllpQ1JGY1pJeE95TTkxYThpeG8KLS0tIC9TZkdzTFR1ZnArUWhSbUZYUTRE
|
||||||
|
WmJlc0piL0s1c3dQd25ibFFZUVRjTzAKNh71/iOviUisewtjmAXmJJdq8KfI4S8X
|
||||||
|
pzEyAoajZIjUfqAnCNxVjxett2bKb2liM/mpO1McOpSRnFe8cOXWMg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-09-21T16:15:27Z"
|
||||||
|
mac: ENC[AES256_GCM,data:VNoPXECkdYjeig1Aq3MdILIpzlZS8pZrkiMyY5ay6nsmM6XdtwPGjE+veAGcw/qJ/1PHq8N8Wx5hmgFo0pdX2RQSvou+iWeWq26h33iAxUQ10YPA3tgUTlA6aFeTvmiu4YBR9inuKZ48NIk52vJ64PJXVIoKCyFi525y704Mc9g=,iv:YKTKifp6o1AzmzVCFT3PCaVpkBKUR+Q0w0m09IoeRp0=,tag:lOvBJmJy41NjcvkIJADh3Q==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.9.0
|
1
infra/terraform.tfstate
Normal file
1
infra/terraform.tfstate
Normal file
File diff suppressed because one or more lines are too long
21
infra/version.tf
Normal file
21
infra/version.tf
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
terraform {
|
||||||
|
required_providers {
|
||||||
|
vultr = {
|
||||||
|
source = "registry.terraform.io/vultr/vultr"
|
||||||
|
}
|
||||||
|
sops = {
|
||||||
|
source = "registry.terraform.io/carlpett/sops"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
encryption {
|
||||||
|
method "aes_gcm" "default" {
|
||||||
|
keys = key_provider.pbkdf2.default
|
||||||
|
}
|
||||||
|
|
||||||
|
state {
|
||||||
|
method = method.aes_gcm.default
|
||||||
|
enforced = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
32
infra/vultr.tf
Normal file
32
infra/vultr.tf
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
locals {
|
||||||
|
nodes = {
|
||||||
|
sin0 = {
|
||||||
|
region = "sgp"
|
||||||
|
plan = "vhp-1c-1gb-amd"
|
||||||
|
tags = ["vultr"]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "vultr_startup_script" "script" {
|
||||||
|
name = "nixos"
|
||||||
|
type = "pxe"
|
||||||
|
script = base64encode(<<EOT
|
||||||
|
#!ipxe
|
||||||
|
set cmdline sshkey="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMmd/uqiBahzKcKMJ+gT3dkUIdrWQgudspsDchDlx1E/"
|
||||||
|
chain https://github.com/NickCao/netboot/releases/download/latest/ipxe
|
||||||
|
EOT
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
module "vultr" {
|
||||||
|
source = "./modules/vultr"
|
||||||
|
for_each = local.nodes
|
||||||
|
hostname = each.key
|
||||||
|
fqdn = "${each.key}.ny4.dev"
|
||||||
|
region = each.value.region
|
||||||
|
plan = each.value.plan
|
||||||
|
tags = each.value.tags
|
||||||
|
script = vultr_startup_script.script.id
|
||||||
|
}
|
||||||
|
|
57
secrets.yaml
57
secrets.yaml
|
@ -9,38 +9,47 @@ sops:
|
||||||
- recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
|
- recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvcFVFTDVuYlQxV1k1Yzl5
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoc0l1c2U1ZDZhTEVKNG84
|
||||||
OW1EWXFwM1lrNEtUZGdNNVR4YzZRTVlKd3hvCnJ3V0pnME9DVFNnbzF6aWdrUDdB
|
VFFZQWJ5WXJKZ1J0N1Z2TjB5WUg3VEo4QzN3CjcySXllZTBmUVRWVnRET2NzTjMw
|
||||||
OXV6ei9vOUxuNTZLS3A5RkFUTEpXRTQKLS0tIEljcml5cFlDME41TTFsaW5NZm1M
|
N2ZhYS9Rb2VDeUk0RUM3NWVta21YTW8KLS0tIE9Ca2dRN2R2VFVzNitPUHZ0YmVZ
|
||||||
aEF4N3ZSenVaUllHejd6OHNuOHhLZlkKHOAb/KwhXyY+nHuLtiqJyscdxlbI54yf
|
dGp0RjY0cmczZnI5RFlHRDE0bkExK0UKGgia9rCsoiMuGzWum8TWcPAHf4v1N/pj
|
||||||
MqhSx62mDd7PVSnOF0a/BQF8HV5vOfjFJrQKYcy8sUDXhw5c7oZAfw==
|
t8eTf/Du2KYbULhPgUKQdGiB/5/07D4AvFGA/cz2tzmqGoBNOfMXmg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpeUlJVDBhVXNCUW9RYUJ0
|
|
||||||
TFozZ3FZenVYcUVyMC9tbVpzTHErYzRsSGpRCnVJY1h6NkZDeWdZVVRSM25TOTk2
|
|
||||||
Y2xaK3NlNThpRkFkc0Jza0lGNllwOE0KLS0tIDZZbjRNckR6akNoSVZNRGVxK3FE
|
|
||||||
aHhrK3FlQVR2VnNwS1FDSlR4NnZyM1EK9nA+UMSD8pzhUJQvsmA0Tg3MBj0FkSrV
|
|
||||||
kpT171pjoi8UFYaiaGB8ZucVfVTrcQ8YA6s+5B5PJ/0VaDcku54bTA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age193x79xx8snu82w3t3hax6nruuw57g7pduwnkpvzkzmd7fs5jvfrquqa3sl
|
- recipient: age193x79xx8snu82w3t3hax6nruuw57g7pduwnkpvzkzmd7fs5jvfrquqa3sl
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMElHNVVCQ3I3bWdYL3k2
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHSXd5ak5ueTJWczVFYnNR
|
||||||
NzNkUWczVEV4STl2RHVwbEZ0RFRZWTIrcEdNCmQ4Y3JFenYzTkh3MTlRdkVlNlhR
|
clJTdUUzTTlXWTFocWZJOTBZa2J5NFJjTlZjCktKRjBiWnFMdjhIT1MrTG0wV1Vj
|
||||||
Q211YXlmcGF4aGJHUjVIRGlMTDBycjAKLS0tIGMvU2dNMHBkVzlyN2J6UGErQmdH
|
enpmN1VuSE1FZ0krc29oYUhNOHByTWsKLS0tIERjNGRlVEZ4T1ZXRGg2ajNYZnhZ
|
||||||
N1c4M2dOQUdOWkxFdG5aMzdyTDRwREEKaHFRZTdoiDKdL4Y+81L3EM7WNC5gCSe0
|
V2VmZ2hxS0E2ekNlK2ZrYWxqSVhZaFEK+OpXvvuqRQuoTVYPMhYcNvCPJ+J64lKg
|
||||||
73ZIY5+L5AqfEXSsg1LPPFIkx7gnVE9xpam22MXsaDkoRlBjgZBo3Q==
|
yIrUWv+nunSYzi9KfwNMuext0CeWFw5DcjJTy1Oowrnlv9SkgFSc6w==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzdWxDblFnTGFMRE8zckEx
|
||||||
|
MmxCbWpRQzZOZDJMY0ZPQXlVRkVRUUpoeDBVCmo0TEtjVmVwUEMzcDMrRVNjcGt5
|
||||||
|
MDJKeU12RmpLRi9pT005WXMzN2kyTE0KLS0tIGE0ZTkwQjdYUWx5UVdmZnUreXIx
|
||||||
|
WUJNR0FWSlhwU0kzL0Fsb0ZtUWI5UzgKK51QBzkTK2Ctg6Pa5ZfchJgHEZz+aUht
|
||||||
|
WVLk/IE7e3ihZY8nTn5vB1WnfT+v1WUAGfhYeYyooAmJt6s0c+VgaQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1u7srtfpgf83hesmsvtqdqftl8xrjmmp33mlg0aze6ken866ad55qxmzdqd
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4dmlubnMzaEJEcG9jdHZQ
|
||||||
|
YjNVRTlTRFdqbkI5d0pURVU2cWNwSE8rZkUwCkZwTmxhN3R2S0RKeWZHLzN0NDJQ
|
||||||
|
UkZkdXZEOXZRV09NOENxa21NSFgvaUkKLS0tIEFxUlgrakk5QmRETHZEWnVTY05m
|
||||||
|
M25HWXlaR2JEbVA0V0ljMklad2dCZU0KfR9LG8tglre5zoL7m9CgJn6ocyXls3De
|
||||||
|
5xDPaVtqp7ECVVt5sdks8ca40LPtSJ8nf6ytp815nuCreX8gVgkyDA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1vw4kf5v8cfnhfhvl0eyvqzpvy9hpfv9enffvzyt95tx5mu7s5dxqjqw0fa
|
- recipient: age1vw4kf5v8cfnhfhvl0eyvqzpvy9hpfv9enffvzyt95tx5mu7s5dxqjqw0fa
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmcWh4cUtwN0hXWEw5TEFY
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUY1NYUjJINVp0SGlhamRz
|
||||||
UEpOQ3ZLWkY3N1NIQ2xIeTZyYVdkemQweVdVCmQ1MlFFcDJaRUJTUytibHF2ck5H
|
MzFjZWdIV3IxYWoycnV2MG5WaW1KcjQxTERZCkRnejRmQm93dUw0N2IwVnd6MU9o
|
||||||
ZWYvR2FLSXNVOVB2MzhtVnVObGg1clUKLS0tIHZKNVVsbVpXdmI3SXpQL1MzVk1r
|
QVRPdGRQRDlCTzJHbHBUL1E5cENNSXMKLS0tIEt1OG9KZ3BxdDlMY3VqVDNhRWdS
|
||||||
aEtqL3RBYzFWeDZlZThQY2thd3A5VWsKLZUHV3nBuDGSHjx+4ju3457aL1Oh/3EI
|
elg4MmtDbkdhVWJ6OEtqU1BHMEhnd00KoLeUmsw66nzraADSyVN3WW8GfMMmDOoG
|
||||||
E7iHIC/Wd2w4UkYtb9u5arRDgwP7avZDfPxio3HCEgzyBcZ2bLJ6kQ==
|
FKWMn+mIskI11065Bn/zkpP6ud1+KLptndip5c749OBdBfDwBtZhzw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-07-09T22:04:25Z"
|
lastmodified: "2024-07-09T22:04:25Z"
|
||||||
mac: ENC[AES256_GCM,data:d8ml8uokaSlD/nJQVM732OoEXZB0a7dpq5Koq1/Nz8iW9xDmwvrWONRmI6EPHMHJ+vFXKS09iLBtaWRo83H1KPIEfN6slVY8wrVYychz38A/jXx3TWd1oh00otJpkmjzWfEbhYYB6K0D2lTP/rfu009b29OzBNbqcIfVrJRz4vQ=,iv:/PBfFIf+SZ4zmRdOba8NKV29JRWHzCGwK5Oo2EGq/90=,tag:5eHt2FPi+5uSNEd3GlFkcQ==,type:str]
|
mac: ENC[AES256_GCM,data:d8ml8uokaSlD/nJQVM732OoEXZB0a7dpq5Koq1/Nz8iW9xDmwvrWONRmI6EPHMHJ+vFXKS09iLBtaWRo83H1KPIEfN6slVY8wrVYychz38A/jXx3TWd1oh00otJpkmjzWfEbhYYB6K0D2lTP/rfu009b29OzBNbqcIfVrJRz4vQ=,iv:/PBfFIf+SZ4zmRdOba8NKV29JRWHzCGwK5Oo2EGq/90=,tag:5eHt2FPi+5uSNEd3GlFkcQ==,type:str]
|
||||||
|
|
|
@ -6,6 +6,7 @@
|
||||||
nixfmt.enable = true;
|
nixfmt.enable = true;
|
||||||
prettier.enable = true;
|
prettier.enable = true;
|
||||||
statix.enable = true;
|
statix.enable = true;
|
||||||
|
terraform.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
settings.formatter.nixfmt.options = [ "--strict" ];
|
settings.formatter.nixfmt.options = [ "--strict" ];
|
||||||
|
@ -13,6 +14,8 @@
|
||||||
settings.formatter.prettier.excludes = [
|
settings.formatter.prettier.excludes = [
|
||||||
"hosts/pek0/secrets.yaml"
|
"hosts/pek0/secrets.yaml"
|
||||||
"hosts/tyo0/secrets.yaml"
|
"hosts/tyo0/secrets.yaml"
|
||||||
|
"infra/secrets.yaml"
|
||||||
|
"infra/data.json"
|
||||||
"nixos/profiles/sing-box/secrets.yaml"
|
"nixos/profiles/sing-box/secrets.yaml"
|
||||||
"nixos/profiles/wireless/secrets.yaml"
|
"nixos/profiles/wireless/secrets.yaml"
|
||||||
"secrets.yaml"
|
"secrets.yaml"
|
||||||
|
|
Loading…
Reference in a new issue