From 57f2094c446d16e2214e89f8feb8d4cc3cf4a6ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20B=C3=B6hme?= Date: Tue, 16 May 2023 12:13:20 +0200 Subject: [PATCH] feat: add webis module --- hosts/nixos-laptop/default.nix | 1 + modules/profiles/personal.nix | 2 +- modules/profiles/webis.nix | 28 ++++++++++++++++++++++++++++ secrets/secrets.nix | 5 ++++- secrets/webis-ssh.age | Bin 0 -> 669 bytes secrets/webis.age | Bin 0 -> 8187 bytes 6 files changed, 34 insertions(+), 2 deletions(-) create mode 100644 modules/profiles/webis.nix create mode 100644 secrets/webis-ssh.age create mode 100644 secrets/webis.age diff --git a/hosts/nixos-laptop/default.nix b/hosts/nixos-laptop/default.nix index dedaf80..e682ab2 100644 --- a/hosts/nixos-laptop/default.nix +++ b/hosts/nixos-laptop/default.nix @@ -15,6 +15,7 @@ profiles = { desktop.enable = true; personal.enable = true; + webis.enable = true; }; }; diff --git a/modules/profiles/personal.nix b/modules/profiles/personal.nix index 37cca50..e1cb308 100644 --- a/modules/profiles/personal.nix +++ b/modules/profiles/personal.nix @@ -18,7 +18,7 @@ in synology-drive.enable = true; }; programs = { - ssh.includeSecrets = mkDefault [ ../../secrets/ssh-home.age ]; + ssh.includeSecrets = [ ../../secrets/ssh-home.age ]; git.signing = mkDefault true; hub.enable = mkDefault true; firefox.arkenfox = { diff --git a/modules/profiles/webis.nix b/modules/profiles/webis.nix new file mode 100644 index 0000000..bded073 --- /dev/null +++ b/modules/profiles/webis.nix @@ -0,0 +1,28 @@ +{ lib +, config +, ... +}: + +with lib; +let + cfg = config.my.profiles.webis; +in + +{ + options.my.profiles.webis.enable = mkEnableOption "webis profile"; + + config = mkIf cfg.enable { + my.programs.ssh.includeSecrets = [ ../../secrets/webis-ssh.age ]; + age.secrets.webis = { + file = ../../secrets/webis.age; + name = "webis.ovpn"; + }; + services.openvpn.servers = { + webis = { + config = "config /run/agenix/webis.ovpn"; + autoStart = false; + updateResolvConf = true; + }; + }; + }; +} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 179ef3a..723b0a8 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -6,7 +6,8 @@ let nixos-laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhtwHDGAZshiQWKkCcPWV9tC83b+bKBgjDcjP/N2CKO"; nixos-desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKl8gMhwSf1NsP5gp14xbbyjqQLZzcHLb/XKRMoHdXgI"; nixos-work = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGQdruRBgcS3JbX+8DP4GE+28M/ZnxqxhoaMM5EVUkrD"; - hosts = [ nixos-laptop nixos-desktop nixos-work ]; + hosts-personal = [ nixos-laptop nixos-desktop ]; + hosts = hosts-personal ++ [ nixos-work ]; all = users ++ hosts; in @@ -18,4 +19,6 @@ in "uni-vpn.age".publicKeys = all; "wireguard-preshared-key.age".publicKeys = all; "wireguard-private-key.age".publicKeys = all; + "webis.age".publicKeys = hosts-personal ++ [ moritz ]; + "webis-ssh.age".publicKeys = hosts-personal ++ [ moritz ]; } diff --git a/secrets/webis-ssh.age b/secrets/webis-ssh.age new file mode 100644 index 0000000000000000000000000000000000000000..f5ddae0f4df351f04fc32af8a65e3c423d9c2af1 GIT binary patch literal 669 zcmZ9_OKZ~r007_}HZ}sA)te{7MA(S2N!K)u;3Q4jq;1moBh6s0OVgxvYx+u)6zX9o zk%0(1OvVNi@xj=t_+UCjL3HX#VRKILpm^CX^E8JC6|ejLz?W5IST0Fbt6VQ=r88Pp zu{Tfv9tLYQ6_#@j3_}UfU|d{A0ckE?55`hdMNq;E{`#_^cv=pzNQ9IhH^<{AaCkA7cEe9K%f-B1G&A1!6b`0EyrU~(v#ukpx+bX zC57Qlo@HE6qY$z%kyQ?FR8gh2 ziV#*40bm#gRUwEX5kf14IUWgwRy`>@BweHhHk0uJp+&whmZv!S!-+V71Hr_}Rl( z`|FRUfA?=BcCM`kyS6)zy={GObbfu3Jtxlh*pCj5^mgm}pI7=EBeyn}PV_oP9z_54 XQ3JIO+wRKU_U!m|pj#!Dm-7Dr4xRH* literal 0 HcmV?d00001 diff --git a/secrets/webis.age b/secrets/webis.age new file mode 100644 index 0000000000000000000000000000000000000000..c7e921afba7309debff07c1c4a4e443c3f5c9e7b GIT binary patch literal 8187 zcmVniW@|-3S~hi8HgI`bYH>GXS951&I5k;LZc1ZBD^Yl7aZ+-6QZI2#XGsbzJ|Jp5 zEoX9NVRK~)FLqHjV@X(NdU9%GWJz#DYDZ0VRY6o@STAl^b4gWkV@Y>LGEhb|V`Fbg zZ!}{HEiEk|K~HTtVMa<-c49+%Rc26nR9Hf8LRM^XWlUp3HZ^8bRdjG+bWvnxRWnHn zq*(i|a`4;%%#(Vm%@=ktcUpH|N{HJ6WYLs_hy;esS3KaU$aNa3HlnBHOmjM&%r1Rs zGAMEl7Qd&kKq#EZ`Uz>p4&F)Y>t{!Gop-;ju`hHR$UGFh0>4cCPhE1mo3s*fiz^=| zNr!k3GB32mA(@I#Y>HT_M`P!l!S9o#nPrma8U5-$j3rFO1MqvJV}VRN_GhgSJW3cX zDP)MrJ%o8CHXRt?Dyl9j6eAQtUM7PJ$?ve8a$1v%5+mm*f}B?M08|H8qa2CwNa`z- z#d*tUrH!(hFTSM*8}nj3)$bIQM1(?TyKlDUuDHdnM(tv5>E+Ka3K`ER+V2u{#EeMq z3R?suP!XKaS#HleS`QU-m+!=4W2m<(eS~B60?#>icTe8s;d-ZuRD~9+S4NO;;*(?8 zguOzowtJ7`6wiEtVjGD_Ghmshx}Mrg&Sc73QRz`IANsm%vXcNflKwjOJAxzX1J~K`QQry ziOKoZXd!;b(cKRyC71f;^tXe%_)kLlpVp>ohzaszGiQAu|1c_F6d(>#Y#)dIHwi#I z0Df(C{et+P+UQ_PD$ytB1Ic!_AdPS%7QY=ddlLLLPcb-Qg3qnYwpr*o3=4n)!0xcDHwrBx{Qot=l@CC<>UYoKI zQBP5NBei6$Mm$2+5;$ZXuilw0V&ll1bkTbv;+481CmXaM2UzIa6C*K|(o(qqfbYR8 z9zUI;q9Q^FYQ`o1GcnI8T8er!GL7rCW^zC8WlFe-v#CW4kNrHMIWR!Ej|5#V>bu-u zKQrGvTC?s_j~nPtUv55(xOlL*yp*oQ`Ih^DZ;?+fF>C=K#1Aodww;aAeK(H$?Wa0~ zDOX}JDRVdN?S~qR@+h-l^y>12oYVRhk2lvMX`NZk9F;S;zs|9ngAbij{xRUmt7$2< z!SOqu535ZV-Q5-wb0@p#;+WlfR7B22$_(zb9`Ly zIOAW68D)EE1z8qzy3$oQ84A~kSw;gNLBr^~xJ^0i57G6IZx4LKxP;#~?6x3iEdFU7=aZ?D2I0w-Y-PsK z?N^ni*Of3G8XIYC)5A%rny~SIuq4c&Y!U+KxuqQOm=V3jd$xY#1KVqQaeD>GyeuTD&Z49XLPX6+vhR}X-pr3`rf-arIPHuQs zMceXQEXsowzoDbMxzfP0*q8r`JvtHqG~h>Ps8A0`Z(a)21y`@g7Q-PY2 zxOiMf&*c!{-tr7tWR2p1`O3u5G^ixrQ|u3W^wKYo<>deU3ZzIUT)w6TXeOOf9bc>nRN9tg&}O1U6EdIq6ZeicEFl=y;%o;6WCfQ zhlc^ZI=Z+E_f6^fH`xa}uTkfm-ozix)pMkYzNZ|O%QShcxgb#XD>3Y8ft*;4GWiB; zgp}t)ENkF5?GR!u--qD#uat5I!67$Kp4Ca%#}!->(j1(b>1bnweErl7bcKnO_D4lOUz5op95*gL@&02soK{$l zgKCr%04N))b(v6mN!f65#hyenN+l8~pc)R$Z9kd?L|eQjQBo?u0d+BRgmE|0`K=&~ zE&aILrf4$0`?AB5lMI00Mwcg2(i!T+wXmv1#K84K@wJzosz~&3uM#%mmhc5iumS50 zgPs-c$V`g=;DR+Nd{YE1e%dj0{6S~-nee;05|B`seB1`ulC170Wz3w|38Z)9PotZ0 zPb87(o$;BF_ZnzRZ;9^4&dW)>XugeqNABnzf-2p|C)J)LcHf z?$ycV7!7xwOxj=Yu+c=KVw_X>LUU@q^8T!K5H{xih|EBwR|X>iI|$NI>N)?PQ2J#f z`sKB$@A^*=?0eT=t%cYHS4QmvWaBY!p$&|new$ZBg6Q2l7;%f^g*Z&y3Pp}2ILr9N zyXZm}N3_00*TY`0kM(}w|7XDV{hl1fi%5Pu9Cy`ibk#;rSchY9*A{Sp%1R(M)GKw3 zoB>${sj$`Trl(_&wSK&JMRq|Kq{r4_S}nq}={^TlNRy!B`m#+qqG)P0tMxh69LgzK z=c9B!3PbFiyNKGlFR=hBx_tjM0l(JLBinsgh^kSNgmx-lP#Yy7=@za}#oyFG>Y7%P z(k(7As^1tgr>+yZ_g9-aELTVlK@t`cBgu>H$MwTk^EV1pNdCPkc9~r*MWyi5qF8<@ z8(9^sHibFoMKLe6wNugTV=Ua1+*$WAWqW1zoWNU;c0F*c#I&ooOh9CQ1_8kPG@}xL z)s>`5`m<+QoZIr`d*ZhX4oyQbjj3M*)NIqgk`fWq)mqI`hV5AC&@u;wryqfuv?uBz z5xW0-(JJ4$S5ln4fGS?9(QR~dNe~80qrLkdN%0PUMhm(&+V(>~-*ijkg>juRU~}}Y zv7z55%2`$iyGGK9!XhlfC7XztyJR=U4?wg^D!15NSl+A|amTfSXET`FUi6T7xf(|c zPiP4&+K5rGU@-n0R4B`O%DNoJ5VdM2qf{Uwu78Chw;8(Nj=@1h!8oPJYsN`%oMhH4 zV|N29u7P|<^B#wX8hHDt4SOHPVgx3SAp&z#oF15D?*KAB7oWQ-dT&cK?igCkYStGT zW+e2~Qz|y}lgkGN9Z0D-PFAX z584O-EkCRc&30PGhzY@8`6X0CBKOpmJm-xi9|s<6=3|}K&uK^1LsLD6XqgKGVHp6di-wn; z$B>@u$Q6dMQNUF*GNR@q>BBVOn35QJP0L)60!2BO9q4F2~Of0YrO>? z$-*n9WCt%`Y*N}jMnNWwc`7>7H35dSRWH2`gd)>jeriS`{RS!zFzxQIuj(!zM_Ger zRNxbEoshPbgJ2ct*DR|`TR@u}f9tv}L#a<-&N-q?!>dlN$o$zv#Yc{%GaLo$++lB+ zv75*XysPMc3KNr5yAk~wh$ohK5`byrr0_8(x_cbjL2hYnlUIt>Qz%--N6z-OBucpADZ zr4CF0A8K92gxekjAtXKtlWrCsN5J2LZ+FO^o9?jOAu^D7H~ibLOc}JuRH6T{#75hw z3u)bB)8oxD!;=Plv08vPrJd(RsfGRCiZ7&?r*r>&aNsH0?rzXZUg5L)w`6joXED2_< zk$RamLE@_h=>96KzdxIF7rOoc#C>$)Z?-yjU4=??7Yb{0Yk8aIc(TCiR98g%dCfOX z2S?gnPZ?|KG{XhX*m%7kz28^g^(8JsKs7P9G5o|lK73nWct)l;3I6oP^v1@>6|OI% z1mi*qO;lA!EgYCm^j38`wZ9j>Hr$-e@0OcifaWd3C0r_cE${58Ga0qVU=XW0Lw9!m z_h9e=iUDp*$7gqH3KyM0^!=>uSMs9w^f0rJU!-C}mLV;X~#;4ft*>Y;MeWoJ6<(c@yqqpERvZXAT zANPSa1?7+%@6rGa7PTkC+j2unGE})=b~~-J%2i-TnVCoPZ>>R4y^O#m!ru!5s8&}(a%OyUB|zRqsOVZB@G zW01b9%o)>&1CdRxwUk(MS;^;KRfMmvODI6ql3$WjJK0)`P(R@TT}6xlUm6_{J>5VTm&28cU|5!l$Z(Q9lkNBrUOOfEWbCf+kB%Cx7DJ4lnz~ zY&)b!d|WxX+^&kdR_*_`=plp3Yhu9mS_wI`K57crYI|hPhaUxx-dmxzK|zkL}u${)TH`jv#iHW3G0jF99;? zt>iZT-r8dc;+Z`}uY$G8Pdc)EL#ti2!}6{F|2qclD5PMc`genp&!8@_&4Y#xzNIpR z$z*27AgzET^3UmlYk$FN6OJYsz04>@LD$Y5CBUgPBe8xl>;Pw+iK>`*jt}pV2Q24l z@#aB_)I{E0m(8rvC?Um;xyoG2YCicJ=o%8H8D(RNJRR_*T)s9HqB{%Qfe-bNR7wb~ zSOvHzKO;#>St`E*UHC=Br@_)>OSkQHfBpTk8d03I11v`F4F&@fwLaUU?SPC`7@A%l zw~EMkSAQqX;sQ3`%L`B->3y@r$M3`Pv2~P#g?)j4&OUBiP}1B6IZ&vwxr)z2a4_eS zw{-)^Wz(>$TXau&`k;2S-=rC!lfYC+Pf^qg-aN-Qfx4`)uah z`Y(5_C*_zPrcHCwpopqY#DmV^Jt8|IO_QdHv+7LY2^E2XUn4`wLC)_OKg-2|ooHxA z0XA_nSQ(k_;$p?MkO&{j=7?-yuV!lP)euf0-_!_tR#)Z|9ek9Pvq(~3>wyNqjlS>} z`H?grj~}%Wjk{R~8Zw#9Y_yV`lgDSFp@$`dhUj6GvHyA|1dcGb)t6SIKv8uxNA_dY zYI)a%2I#V|hy`*R-A^szK#hy)2#C^*OPetXwhiQ@&3UM^q{ndb`j-WOEW~VDUd{Ct z76TqJ5dwzS8U7yu~#HVm|f{$$n6T)A4QcuTy6&Ns}03o`(Ctn}h;KH1tCKY6Z}*zDYN zG*yo2Lw}!5(Kp3auv+OM=xqjIh`+?CY;1s+U}WrjXGQQ#f>G=I<+(-MTPE`0Zw~!T zs}J{R8{d9S`97M!0U`u1%Jib)jIrFP1m1c9=V@5zT~cQgAI3Q}R#4z`Wzjc=3758d z`ned8zb}ob&b+sx!P;cub*JcB(j&Nan6e9$n>^6oX73< z1f~%$x#)2#J^b`5i3zw<^0cQi__d@~R2=ng(RSxA>gJ9phoZ z=B#*#MU8FEu1vq1@d@cCzft4SyF6#j3m&TnF;jEF6UBqXXBJ%-0jq8%aaMF~i4oj+ zYy5~e1^*6CoYkc1mE`p3793H0Z7aJo$f#EP!woj!JoVr~W{UoJ5rS0TQ)vgu49#`k zpMeN$UTwhg50ZWr7sZ&r5+RfllmC=-s6FNljj+5dWDqXH7d$+E=7^MNt!dz0el<*twU~fYeGrx^&o-kD}ftNIBqq9sc zZ;rq`UDGf9>o*}5K|k3c&u+J~Gx*p!)&wtiPECj_k*^3#iA0+e9M+-Fwj;xm`+hUQ_^8Yp|8jF_c0Nj*PR zMMkP^L`xyGGl1F+v*)?&ABIu8)VK)=N`Gzi z>r^{ZnzgPHqR6BQM2FUTq((Alo|2!xQ#z0}m%{K>s96yvh}>QS_9B`aL9JK!Q}F+& zzaZ-j;9>FUy9d+bho`IooFLy9_Uxu!E6W!g9Vrl61z2~?74e*OWn~kQX5Iy!kg8dI zMhu~c5oVx+JS%Ds>B{`FWX#v*{!R`o%Eu}S!S0r}@v}~>=5-~*KbY40%qhO#UI@M1 zA!fBqLAss&n}|6|s@s3~#M5-pt+z-s%uOrC0~|g4e-2>=|7463@zdXLj8;veY#ur+ z8TsSZx|lv+WkWI1{+nngYS?U^4bi)TFJ<*x|DeX8mMbbN9=ePMr269~@W&8tI-I;- zX4cEbelqjsbl4^4WxzxrV5hkQ7RYKJQ)H;RhD_amEgMq_U)-6#@ZS%O@%7~qFJX?N zH$%{u(!xn^q!cMk-S}t;Xu#@gu#i!>Z5Nna? zJ?|)Ga1h44-lAf?M25ZtpP?f_rEd%QZVy6aoA|g_Y96`fX#HQG2R%OLZ(%JlZoeIl zZ-$6DDYzRT@gVgk8N+v-WRxxF{fG}~GcuSWI~;W#b2i^CpV+QoCiNmE6Z~08H;JmN zBd+G&KQL)^k`L6QOY;Prct=&|pvV|&Kp3EjmzYj5{u3^@5ClRa2@h)rAo4e2Uq<^9 z=y~VVx8^8$gtMOLoFi}i{PhP8SH}>~6Tu(h&?YjmC9SZ6bG7Mq`o&cgq#k2u;}UOfNy4paKOp`FdqzqwZ9uhDZEo0pJ~C^%KT#Fo72)j3 zbeSPfCe!V87_9bKQlb+ju*+yO)go;~R$AI9cPJZ4PR)TO!U8Y)^&G^{tJzH6@Gwqy zx6f09Rtz6vm24!j){@G6cJ-(+YCDxGXZ-kr3=u;Hr8@CHiIVaOU(viPK$OD)C?R(5 z0z!n-ie78~gBtj|cI+@7Pr>Jd48m2h)2BH>ub?htW-3$W1oCO#6!Ee-`_o7!0dQU} z2;i@xXG6RL!z8;Clv}er`@UxD_d!$!ToZqi&MqD$Xx0D)_h*hu&%1K50gUa3zX@&8 z9SgaH?r{}o_tT^5p2|zGScJSmnPfVL%p>lQ>r!|udQ7ycsr z-qSC_#F&ezuH;|N#}G#z{1eqIosFB~h;RE~jf1n&yt{sTFckxKAeXxhrq`z1&rc%o z=q?1g4UQHwG8n*9!@-+n$dX@7zDj+^4w#|K7`;TiJZs8QA^N^z=M|ngl4JVFPy~Yj z3z}X_-bP>R3K~KMNr41geEwD&2u}-yc(5BkrgXUw9x`0L1r{hADHXzFen`N>X@?Sg`#jX9`#%k!Q(Mo5PP2HlOcY52&X2wQ zIE3FCkIgQ-qK%uZIA85YQLS-KWE&vC`d)<;I=(}LSU;*a6==W05aA#6}DBk+Re1AngEDxMW5WnY3>zXXFuarl) zch>~E`#yGPD8p8588GrwaqyygLDGw|%gsa0xhg1ZWu?`KTS}TSh{lcjZWnZgiAXL;?Te*Z**Zb=VpC64{l6%&c^H|ZP zJA|2qw?(&Q^}ivIVt5@e4_G`;t*5C5P=XR!kJVIR)>TX-?fa8V7p* zO=vi4~~$7gPM^SATcs zhA~ad{}si6Fu73rFiwIL9T%^jt|7KXnCJXry!wH0;aJMDKwUBXaRQ^_Fbzw*6n&fL zPdOYzy>~7fotdDxvV%A0+0}uB{c)M}ii#;4J0dP9fk*+ARd3+$r{a8VFCjZJF^$)K zh<=rm!lj2B_C{#CRMI@4m~Z6$V>9KMoh0ACrucj?kNGtVv7cPCVSpWw*200((sx=h zvIET7=Gl9I-f(-WlQWsfDHiwJLTJt)A1t@snEsVENiLn!fwT@Wd?|F;l6A_Kl7ZgN z0Ee>J!6Zg4u$9mUKxQG874{$MOqbUC{zuS^ zg!R;@SiqS^w5zUN_Hn7geDa)@AWnb6G<^J~()L|%g|eq_dwxn%H@*;RwdAWyH!=?k zs{r<`dU$0g-H-)^xw3smoML7i*y)<4;T+6ss4CWf&>@IL$!bGYZ4r@_x>0GJk3I&X zbxSe5%@xQFF`F}K4--i~g1fzl++kkXlu0zd41Ac^oaSM0Mn_3USRe=muhkb9u6@Wg hX4!8@;l1@qaEQN$t@4N@cAi*9uq6@&2y