Fixes
This commit is contained in:
parent
537087c4c8
commit
c28f6adcc2
SSH Key Fingerprint:
SHA256:UD/wIBTyCGmuqRq6a1PsiwTehUPikHbuClpnk0U1mdo
|
|
@ -181,11 +181,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1747862697,
|
||||
"narHash": "sha256-U4HaNZ1W26cbOVm0Eb5OdGSnfQVWQKbLSPrSSa78KC0=",
|
||||
"lastModified": 1748037224,
|
||||
"narHash": "sha256-92vihpZr6dwEMV6g98M5kHZIttrWahb9iRPBm1atcPk=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "2baa12ff69913392faf0ace833bc54bba297ea95",
|
||||
"rev": "f09dede81861f3a83f7f06641ead34f02f37597f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
|||
|
|
@ -46,6 +46,7 @@
|
|||
inputs'.nixpkgs-unstable.legacyPackages.sops
|
||||
ssh-to-age
|
||||
openssl
|
||||
inputs'.nixpkgs-unstable.legacyPackages.nebula
|
||||
# not included: age, age-plugin-yubikey, pcscd
|
||||
|
||||
wireguard-tools
|
||||
|
|
|
|||
|
|
@ -1,10 +1,11 @@
|
|||
{config, ...}: let
|
||||
inherit (import ../../modules/nebula/shared.nix) userGroup;
|
||||
inherit (import ../../modules/nebula/shared.nix) userGroup service;
|
||||
in {
|
||||
sops.secrets."nebula-key" = {
|
||||
mode = "0440";
|
||||
owner = userGroup;
|
||||
group = userGroup;
|
||||
restartUnits = [service];
|
||||
};
|
||||
|
||||
# TODO: why?
|
||||
|
|
|
|||
|
|
@ -1,10 +1,11 @@
|
|||
{config, ...}: let
|
||||
inherit (import ../../../modules/nebula/shared.nix) userGroup;
|
||||
inherit (import ../../../modules/nebula/shared.nix) userGroup service;
|
||||
in {
|
||||
sops.secrets."svc-nebula-key" = {
|
||||
mode = "0440";
|
||||
owner = userGroup;
|
||||
group = userGroup;
|
||||
restartUnits = [service];
|
||||
};
|
||||
|
||||
networking.firewall.allowedUDPPorts = [4242];
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
-----BEGIN NEBULA CERTIFICATE-----
|
||||
CjkKB20uaW5mcmEorIy3uAYwrPO7xwY6ILUb5mS0HBCYrAhWPXwqvtnBmmqz1lKc
|
||||
NOG84dEk3/biQAESQAEi7CVxFVDlG7ihV3nuosvEpodNZqS/RJ8GGKUBuLMz1BfE
|
||||
XdnMkMj44YQ2owDKYKgvZFc3nQGsrq5/4cWAdgs=
|
||||
CjgKBm1pbmZyYSj8vdjBBjD88ubuBjogzzw7qn0fU8HJtJpdr49EKLgMhTLFCbgA
|
||||
HK1WJ8LZDN9AARJAYFxxJPsQfUI+bNDOb3HMwegSpSoWpyZp0FpDI14BcnuTbasO
|
||||
DalRbIntnfs0485zdHVEEETeBBRr3rCmziY/DA==
|
||||
-----END NEBULA CERTIFICATE-----
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
-----BEGIN NEBULA CERTIFICATE-----
|
||||
CnAKCWxoLXNpbHZlchIJgYC0UICA/P8PIghpbnRlcm5hbCjGoru4BjCr87vHBjog
|
||||
c8vXd3esFyA3adiEHolGzUyi3u4IztrRCVl3T8uzmztKIC9yiWnXjCJT2HfiClMu
|
||||
+en3Out6l4ReySH/GXaXDNbjEkChm/cVEgVeg86Q9Qipm+bAJ2tKYwwmdxQMMRAz
|
||||
fT+XLQ+jKzGLeOIRiDW6ZLyL/mHv4iqQBCNyUIjVqQcTD38D
|
||||
CnAKCWxoLXNpbHZlchIJgYC0UICA/P8PIghpbnRlcm5hbCjvvtjBBjD78ubuBjog
|
||||
5jO2THNsXEv59VasXZnNpZh6s2b3mo1WlvHC3jrCHW5KICkUiAsYMUJqlkZMvhPb
|
||||
Zcs48ZEdpMaH8ZQR+/YrCR94EkB6OOguIBOxqcmfuGbNDPZap6euF+oiYT5QhfPh
|
||||
6HyEIZ1eRZkW0Q9v4QUKFdDbxKQfK0moxor6KlkLGLp9E2cL
|
||||
-----END NEBULA CERTIFICATE-----
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
-----BEGIN NEBULA CERTIFICATE-----
|
||||
CnMKDG4tc3J2LWVpZG9sYRIJgYK0UICA/P8PIghpbnRlcm5hbCj8mbe4BjCr87vH
|
||||
BjogwyipoSTT04BJ0zVCsdR8eNanj8hcyHeNabRtfq8M+QRKIC9yiWnXjCJT2Hfi
|
||||
ClMu+en3Out6l4ReySH/GXaXDNbjEkDvzr+71yUMW3GzCIMy9j2Z1ov8zw8h0s52
|
||||
FDIyYijYWK8jc7cJBqbdaRhE39zv0vrpfTpH4byWKVOFgVqeViMB
|
||||
CnMKDG4tc3J2LWVpZG9sYRIJgYK0UICA/P8PIghpbnRlcm5hbCidv9jBBjD78ubu
|
||||
Bjoga6Kii9Vqn9bB4mQnBUPHfQwvvJlUrKCTzbMZNsvDDTBKICkUiAsYMUJqlkZM
|
||||
vhPbZcs48ZEdpMaH8ZQR+/YrCR94EkDQbthaT5aNgviM2RQH7/J3rMtRCcW8bWVW
|
||||
anDTFdvSW8BLRTet38jrRT9TBiyB2AokYuHxCLcmePMmwGbh6yoO
|
||||
-----END NEBULA CERTIFICATE-----
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
rec {
|
||||
netName = "m-infra";
|
||||
netName = "minfra";
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/networking/nebula.nix
|
||||
interface = "nebula.${netName}";
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
root-pw: ENC[AES256_GCM,data:g/dIT5d5w+FCAbxgGRJoMISgVTySEqXoBCV/jopu9Cgm4db9zAFWzZ7kUqOr8IQpEpCXyguYClIGExt0SztbRze8YPu9NilcUmYH7QmI+8oaEanYkvwpT5jyBU/M2eG0U9pMzcGI6hl2Ew==,iv:2HmGvFkRrnwYi5gjB4Na/ZayGoCFEsM4TDoqKlzhZUg=,tag:NLuval5PJ6AnDLvPGVvm7w==,type:str]
|
||||
user-pw: ENC[AES256_GCM,data:gr+Dis3c5NWLWnfJG4eJUxwt574R3n40djeK68hukMNPx0qwGRAT5a7UQ5doxtDBgafcH1uCgqrsWwEmy9H5dS6WfLMivE5Uy213EcEk3YNUwI9d5vbdcbCcXWvPsyCu6sxS3x731EVVYA==,iv:4AHzVLoJD95d2UwwEAwxWP0G2gekHahBt4hDDA9ZSx0=,tag:03L3Ql070mt3oDV5YdrETg==,type:str]
|
||||
nebula-key: ENC[AES256_GCM,data:YnGtqqWXbwkMYFJAKcBXmbRE+lsW9DwRnsseocTAVVIAqw84o3Qny2LO1vzoErtP7Fx9vPaI2bzvJTICNSTBw2jH4thzLR71XpHZI7mo+FSXzpZx8pxv6pfVcCW4tNK7KXx/PyvzCU21npsPDoVlM1rE/LKPxu2PLoGBd6u+,iv:g5BIpHXXrHZovSWnLURhJzTCaZC6fjVNS1QXwnSlxVs=,tag:9D/wTzaJOd5Vls/l33jZSg==,type:str]
|
||||
nebula-key: ENC[AES256_GCM,data:kJeN4hkXIAqxszpsCznGn1ZCz/crVQL6oNVu0hKQ/Nrp6c6vSUE8zmjdhKGp26sNtSOwhz4nCXCSkUkGClfrnz+WtnI1S+nKxaXgCg1tcyGX90/NqiSsgjVUNMIFBOg/2eurJYoTLCv2bLGH2ED+BtqPky1rqYGkhllwq9Mu,iv:jgcdrQ815vyVdRRBYMa4vpRq5HQ9kK54Oi1AGXohYz0=,tag:fBysvfkA77pN4zcnYgeGLA==,type:str]
|
||||
terra-key: ENC[AES256_GCM,data:pQRlvltiRr83ndfSjX/I8n1WekS9jY2K1QyLTTcYn14TRupRVgvX47rsus1QA9QAbpT/9f0ZYld3aCrR5J0rxg==,iv:mkiu/+uLKOHG9gDjv72T7JGz6/3oaimDawAOqGs3Koo=,tag:c9Ubj3i5rDj5vaLBRpAUkQ==,type:str]
|
||||
wireguard-key: ENC[AES256_GCM,data:aM76YT/0gbfw87x3ThrwFMuf9DxC0IJ5aCeEFDtL+JWPGsZk3XtrN+kxW6w=,iv:ssh+sGPxMU55ubNZlWcWh+3fXvhjhJ6cNJhPZJVXEyw=,tag:2PdoFb2CyeTkV0EKfcpZiQ==,type:str]
|
||||
wireguard-psk: ENC[AES256_GCM,data:fEDfzuZVvEC8/HHbV4k0fSZHucRk3PLc/jaf/wl5Np+4OB1SiK6VnSyoW2o=,iv:2QnunJjHxt8V/DBG2KAuzwGQsJnmrspj6x01ufiJteY=,tag:teEVG+TuRg+QsY4jMg2DzQ==,type:str]
|
||||
|
|
@ -35,7 +35,7 @@ sops:
|
|||
eWRoSXlMamNjTHVaenpMR3dEOXNuWDAKSmbC+fGeKYcKy0eQdWPVVMpyBVYtogur
|
||||
A0fYIBLXi+HMN+/7LXFb80vSnXN3v42KGQ/tzsWJo0ed3Q16wJ4eUA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-05-14T05:49:08Z"
|
||||
mac: ENC[AES256_GCM,data:1xtfOswfQGA1MdTNq0i1gamyC9G6FabJ7ek/i9UgdWFxfJEtnomje3mJ0WvLJiZAMsit155x0517lhPosJlXnxoJRi84/fKTz3+92MiEbRUySKTFg8ZUBmgvekeiMp7oYsOG8B5Ltyj/kYTsf1l9/Ej571ZMeHlosHqNKTbjDH0=,iv:VqhdbpdzqcjTAIocGbC/zaRf31UJx2dlSNZ3qmzAFQA=,tag:yBLeiz+vxvfaITmqwOeL9w==,type:str]
|
||||
lastmodified: "2025-05-27T20:27:35Z"
|
||||
mac: ENC[AES256_GCM,data:cM953KDX815uNvRr7LnoVhXdfLi3UY1F6yoaibCqRg7c8Ai0rBcrXyKqa7ny6u+ltH3wzlaFfIhYtrVRhFwpfL1X4jz/WKKejaxT+PRX/ow1ht8CwMGPLcEF68gVje0Cs6BqTF/WPmXRdCwladjbetF/LyFal9LCgrfrhIgIdAM=,iv:VC5cdEVb/WONMzpoTdTZB2qLnnl7leVL38v9gcckM0Q=,tag:PMYghtOP7RTV/d/Qh+f0kg==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ svc-breeze-deletion_secret: ENC[AES256_GCM,data:foilGTV7493fl7f/ZnN1bO7f4YLGapXl
|
|||
svc-sim-breeze-upload_key: ENC[AES256_GCM,data:qm93iBzGhqp7IuZ01uZ6PyL5bL45+W0oOeDyQRGEzZw=,iv:5F7BV5Sg6GUxIGQychaEZSeG7xDFF+JdRL83PJULWJA=,tag:W/Q8vGaPoLNnj1Wyvc9Cnw==,type:str]
|
||||
svc-synapse-synapse-config: ENC[AES256_GCM,data:r8ZYi67CfftGheassCFiLOVcFUho+sNNe0XCkyQETHT6Q/w2jqO9eAVA2EDJyK4Vk3S4MP6ppcGxwocMmTYzkAjmtwf6a7GzUyh14+Lj5VTybvIKOze0wuLlsEUUYgU=,iv:HTnPaS5/ZvdJIMKiTfPffZmemp5IGTo/mIWrpafk/Fk=,tag:2HusbhzmxqsTMz5/78WCRA==,type:str]
|
||||
svc-gitea-runner-env: ENC[AES256_GCM,data:M2hV8YM03dcBcgpJqbpiW6RGlhDvkfF/ExF+J1GF+39GnOsBWwPKteM5EAUB2Wrl/zRFifgfNLLdYgSEWhJsT1cBLhI3vwE5,iv:9/nvC3sS6XcLxgeKrEg/AaFhptXCm3uvGgSUMAz4p5Y=,tag:A1MnoJP6aekXuWHhlONnkw==,type:str]
|
||||
svc-nebula-key: ENC[AES256_GCM,data:FV5KD4pMAXN1VBh93M3sDN5qb/B2SCGXKnfi+IMLcCKLyoUeQXfie79xv/XVzgFGGUcDgnxCsVEkMiraOlqeLWaiYRMBI6DF7Q+xtpNDqPTmUeq92njmbabruMBpp83FkcgF1jr8vaS7d8HnPgoQEBHGISAE2e8iAtMPGew=,iv:CZsHcvYPGqouKnOgraP4dhI7zK7POgnuvxYiZjYnwKs=,tag:8d9APnFVR1yvBvIG56OETg==,type:str]
|
||||
svc-nebula-key: ENC[AES256_GCM,data:utJO5t4mq4tmAkAv9A2tcClM3nxLxMSWiz/bUoq8PkbnDxbNjzvdoqD7ehQfpZtK7lQlySXePEcUkQJw2JREfYx8cexOvTyxlwiuxmx2QikTOVO/MALuTG54j9hUSvPeLYnhFNF88vIlFrrjwl0ox/DVjmlrXJbxZWRq/six,iv:C/ZQ2U/brbfrzHXt4nrxfjKIorlUcuBXp0kk5ObuyYE=,tag:/BSjrGcGNuTVVBi89mUwkw==,type:str]
|
||||
svc-wireguard-key: ENC[AES256_GCM,data:dmxJ07UnQAtet4RtlVXEMFLVKxOU44XQcUW7h7UPbLG9chiQeXGkZkkTihs=,iv:bEA9+DYDBLo1dgrCSrIpa1ig9JJEtXeJF5ZmtdsAO3s=,tag:tyLB5Dd9uolalSzddC608A==,type:str]
|
||||
svc-wireguard-psk-0-2: ENC[AES256_GCM,data:0sTGYa3HUe70hYJZnPy9w0iG37aRDTplmdvGdc5C8KN8Dg5XbVc2CmVS1r4=,iv:9Dnr3BYhzKKOZ7S565HY4CkhgPv1JEd3Zk7662/cd9s=,tag:Dd0BLrIjfX0F2lBan59jUg==,type:str]
|
||||
svc-wireguard-psk-1-1: ENC[AES256_GCM,data:YbxjRleUWTr1+rZyzZ+5vB9Po/V0T1mYhH+H8igjascGV/Oo4lPn1xoYqLg=,iv:+fcWdpRqR7GU5UXug+6GCX9Be5DoE944T5PIm0csgEU=,tag:3mGEL3KYjfSJ9uM+i6Wirg==,type:str]
|
||||
|
|
@ -43,7 +43,7 @@ sops:
|
|||
NVREcHJGWWIvY0Z1OGt4cGN6am1RaXMKAnlb8FOJ1wO5qtcmej57s7rhWjv5wqIn
|
||||
nCUJX0R7s0/KH3aj98bX/4hQg2ZAw1l+xViOOIfwfRnzLWeyaAnk5A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-05-24T05:13:41Z"
|
||||
mac: ENC[AES256_GCM,data:V/auwfPc7vKI1A2H3D9ik7AhYddpIf4yQoFiaAfhUKQOe7TJNEen4/5pu8Tsy6yHb6k7O4yVYyHv8E8ZiSHAKtn07IbkoMTJRjkTm0XSNbQVXf/QORGiA1TPtd031YFtbm93EkN8U7/1WVo9v6KquSuFkHCVzlH+baeuAQsjiLw=,iv:AfDrztgtNG4KCr7WsrE2qeKiKziuCMygMLggequVhgE=,tag:53QakoBlomaR9Ex2ROJ3+w==,type:str]
|
||||
lastmodified: "2025-05-27T20:27:04Z"
|
||||
mac: ENC[AES256_GCM,data:fUiMamMjX8LeSlBfAFMNfKct47gWeSdUOKhLHiIfQ+9WqjoypELkJUrgvfS6KzBFf/Hs5vb9hfHP3CNhrFspQvUJ2GbcK1OoaFQG5nN98k9LWmU3EY46YKQkIpHX0408B5EAubtVka7S2Tc3LxYiJqDn8nqKNkNZiaeuk5n4scY=,iv:/Od64mA8S3I1d665Uxs8mxjKqThdm/IaBWZPTtV2lUQ=,tag:ko7tTXbc58vVsfVcYGIp1g==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
|
|
|
|||
Loading…
Reference in New Issue