Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

hosts: *: sign remote builds and serve cache

Browse Source
This commit is contained in:
Kabbone
2023-10-02 16:56:03 +02:00
parent 9d3d9d9a16
commit 501f70f730
19 changed files with 90 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/hardware/remoteBuilder.nix
+9 -1
View File
@@ -1,4 +1,4 @@
{ pkgs, ... }: { pkgs, config, ... }:
{ {
users.users.nixremote = { # System User users.users.nixremote = { # System User
@@ -11,7 +11,15 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILczsj4W1kFQaalFwaY+RJ4LEzNeFKD+itXB40Q2O59M nixremote@hades" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILczsj4W1kFQaalFwaY+RJ4LEzNeFKD+itXB40Q2O59M nixremote@hades"
]; ];
}; };
nix.settings.trusted-users = [ nix.settings.trusted-users = [
"nixremote" "nixremote"
]; ];
services.nix-serve.secretKeyFile = config.age.secrets."keys/nixservepriv".path;
age.secrets."keys/nixservepriv" = {
file = ../../secrets/keys/nixservepriv.age;
owner = "nixremote";
};
} }
modules/hardware/remoteClient.nix
+8
View File
@@ -15,6 +15,14 @@
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUVnbld5UVVVYSt2Y0hBS3g2ZWRiVGdxVzhwaCtNQ2lTNmZVd1lqWWNTK28gcm9vdEBoYWRlcwo=%"; publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUVnbld5UVVVYSt2Y0hBS3g2ZWRiVGdxVzhwaCtNQ2lTNmZVd1lqWWNTK28gcm9vdEBoYWRlcwo=%";
protocol = "ssh-ng"; protocol = "ssh-ng";
} ]; } ];
settings = {
trusted-public-keys = [
"hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII="
];
substituters = [
"ssh-ng://hades"
];
};
}; };
age.secrets."keys/nixremote" = { age.secrets."keys/nixremote" = {
secrets/keys/nixremote.age
BIN
View File
Binary file not shown.
secrets/keys/nixservepriv.age
+27
View File
@@ -0,0 +1,27 @@
age-encryption.org/v1
-> ssh-ed25519 Xp6AuQ 6zWeAuAxt6YI5JdPep5QqfWfTRWJi3T49vb75URi8SY
IjcXC5MKPYGErpGhpeHMcgaugrVHyFg3z6TN0vhvGH8
-> ssh-rsa VtjGpQ
Ii3fw9b5i1T5fJL+3PXczo5EW1iE/Jp/pEQ8qpCUc+9dX6n/x6uz8IblSVYWNQnc
0TPAmvZlXN9zAL9yL9fIsZDK0ZF9GoSlHVYt+OM+NMeNBqqkpue8jgSLd6RFO5vH
ReSO605+latKouNHS/g4qg0XPE5AZrRRGL/UFRS890ZrMFvQfyB5NARrWrtl6O9C
jugBjgVXRJvp62Ky1qfTYHSSs9C7Ckxl84DlMHfVMx4i00VA7JA8dg2wUJE00VZW
LmYNQ0EOfO+BBeBrY1rFg+phBmnpZKGoIV1GVio0dA5cOAVYslSwin+jeGAvsqz7
+7rJtSx/4IlRFfAy47jrT6tIaBW04iVAJN3UXqKcIR4ULUUL5295jNHzgUzzcBCC
q52pzFsT3VcTvzOfcHBMxkHIeWXznqWe06qrtPnzz2PknBJ4VSlw6kObX25VZqn6
tsKFB7qXON9zKH5iB80N1KkG7fc+8geMJP8ZG3rk/49Bj4gczVwUuMDaGKqAZ0rH
hGYTuQPxE0xS38maxMl+KH3hwYACJYWhpLqSEDFmNFhmK2QgMeCryZGn8+j+qmr6
TTuSFym1cSnlhA9e8B3WmLqoibkOl17N0dj6D/nUPdZQ9BHujDPnt9Ghjm1Y9Jg1
yE4Fk6Jg8aS3+pwQMOLgEY9x3jTWdouco4Kgy+f7yoM
-> piv-p256 grR75w A/5q4DtKLFiSs1sURKgDw9rnUetNPyjIKefB/VZN9tcD
xsd3JeqDR8GiH/dBe/zkobnhCQFZ5vxuRVf+fgWavt4
-> piv-p256 RQguQQ Au3E8BcyQy9WvSwo89K/y1mQNu1YR+aXa/om3rYzyYoe
ka0MIRZiyEwhEGlF4dRUyU/lUkz1yJLzi4gla+6T6i4
-> 93`-grease uYKu~(\x b ,k k`N
eu7veI1qvOSizB6N8yf4G4YK1qwo8R4+j/JZrKK9EGndICKyJ0r7VX4jzfZuxPfz
EIUoI5j1Ze6JGz4Sveq2+TARFXFjOiVyhNR0JXBJ60TEtjj7sddZgEluuJSQqODv
--- JbSd2VGwQKDJil/9g4vfQonVymxogwnOeKY6I/55RfE
ÈNx¡¤GÛ5_ùFÆ!§˜kFÍ×·Óá
QÿV(í¦ƒ‰nù[ñthI®Ä'% ΑœÞÔoSQÑë†]ô±DD'Zâ᯹/i1éø./'¹ámžüˆ
lÖÚ¾mY|”fÙ†OÃé݃šÎèq?̬¾“°Ãa¶äò€SCÿt^†™Ó•
secrets/secrets.nix
+4
View File
@@ -38,6 +38,9 @@ let
jupiter jupiter
steamdeck steamdeck
]; ];
buildServer = [
hades
];
in in
{ {
"services/postgresql/initScript.age".publicKeys = servers ++ users; "services/postgresql/initScript.age".publicKeys = servers ++ users;
@@ -55,4 +58,5 @@ in
"services/gitea/mailerPassword.age".publicKeys = servers ++ users; "services/gitea/mailerPassword.age".publicKeys = servers ++ users;
"services/woodpecker/environment.age".publicKeys = servers ++ users; "services/woodpecker/environment.age".publicKeys = servers ++ users;
"keys/nixremote.age".publicKeys = buildClients ++ users; "keys/nixremote.age".publicKeys = buildClients ++ users;
"keys/nixservepriv.age".publicKeys = buildServer ++ users;
} }
secrets/services/coturn/static-auth.age
BIN
View File
Binary file not shown.
secrets/services/gitea/databasePassword.age
BIN
View File
Binary file not shown.
secrets/services/gitea/mailerPassword.age
BIN
View File
Binary file not shown.
secrets/services/matrix/mautrix-signal.age
BIN
View File
Binary file not shown.
secrets/services/matrix/mautrix-telegram.age
BIN
View File
Binary file not shown.
secrets/services/matrix/mautrix-whatsapp.age
BIN
View File
Binary file not shown.
secrets/services/matrix/signal-registration.age
BIN
View File
Binary file not shown.
secrets/services/matrix/synapse.age
BIN
View File
Binary file not shown.
secrets/services/matrix/telegram-registration.age
BIN
View File
Binary file not shown.
secrets/services/matrix/whatsapp-registration.age
BIN
View File
Binary file not shown.
secrets/services/nextcloud/adminpassFile.age
+21 -22
View File
@@ -1,24 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ uxF7XBZs30Y7MnsPqgqZK8U0RypsU3ZSkEGPs3z6MWo -> ssh-ed25519 neExcQ WtmJzAU0LpM3+meYwlydkBJ9+GEOrT3aD2fKZuTIdWI
U38OQUsd4+JAhSoNlm8Bq4vYjLIlxbtEPRNryTId7qw 5Bt3tu+IF3646Vp3No5vOqCJfqpTL1SO2AUNLSAeapc
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
WX552pdtAV7QTsG5PP1r+EPsao0Q+sBUFOVsGCI2zLQJM5m8UGjIJqsNu3xQMsbL F/OrwpSkP/jCHEmodbTFC8KCklgjl8CJ8R2xbtdEofrs24vf8s5ELRvj3fwNb2B8
f67taemm3FVuSlfZ4+O0NP2T16FH6lVF5gLidCTyvvY1r1LJ3bUKrkvgVsdH4TYZ qv3h5ZV09Xe/eifPYyE63/U7bUqnZ/ub+CNv3A24Jn1VSiXRxok9MLFaNfmrLxNO
5rCYggrAIQP7TEjs+/QsSdN079vxmmGAYKJXfcYVSF34CS0ZX+0MxW9n58E16aHP 72hKvKQmg8DSEoxLnYwM5dPBxC8X2Q+yJ8o/9yGWpRBpSxLA9NESvllen37cJ3PS
ByNMm3K4uCnhvy8lX21/kZvlIIHtTfrjpY4pKET5vrpqYvNi5S9FH0fG1F7UmRmq 5bcIPVm32xVHWbJ9WRqOOwZRLQCJvuNUFoYQgWxc1CYhbSSlGi8wPhV5tn+TEfyS
+qNYX2MSoOK0IkxMbG8dsbYRBDITqgpdqGaT8b2yPdyOlUNu2P/Ao892hRiRdGqU KnfuhAUUhOmx9a/GjBJQLn5xJyYrghAg2pfVcog9wsJzozeU+FnkwEjlg51lS0o2
bplIotAPid63+6rfX6pRw+zx/7QATDp+AZsBw+KHjpboF6smRcohH+BKVatr5sxC WkfyYVASJFylKbFLyLx8datN9UA4H8QDAqyCfuKWHOLZVxctl0ebxSf/1HN0zi0i
6fNQIkZZ0AGkXvfP4cbBX2JK/WxM37VUhsuXnLgamRu9dsZtfLxMNxuL5EBYhPM1 jNY312WQ8vxAp1qU29FznHch0+lVsIO405ZQVA/hUV3evG3GsM6oprQALRaVLNi5
3VSzpzR3dKuxXZA9VllxJOVaMWl2mOFlAlJsXMcM2AkxTPUdHym7RntiWhz3UQ1H DCZb2JbJTZS5RUVOsickdM3Nrn6Ney5e7N1oup/QIZBYrx3tamgrrH93SIsSCXh8
/tp/LddV6DqSVff0Q3qopZVuocQm1YDl6omFxfrGhoY7vxmGZrGZ79SC+TXmKKxn MTJCUclQVWZTVmtDqIC0Qqig6dK8mIoMCYKWk23sduDS8/O7SsynmPbtygoI0bIK
uxzM2s+uAzrmeZcPV4h6FrOMPMtIypUnXqUKMdtJXHlP7dw2DynxOeidAM5XHVGD QVE+ktNbbD8ow4yBms/gGWJz0brM95TDoXsE5me6lbkhkRZwdYnJJP074cbZmOQi
LUKZyeL/U1PFAWxhxJhbZqGWK22oT94DQGl2wYDR7WU IpEt1H7vLxvQH/ucqlVTinSIyg9IS2Cws/FLKSmOY6g
-> piv-p256 grR75w AjdWi5E2CDMoTeXhua6CDa1T69jZYCZtDVzYqIip8SPG -> piv-p256 grR75w Ar7XlPFZhFXD7EGVV1qpgatYzXtxv+iW4K7j+j51A4Ff
VxA4E27nD9omkx33BcdnC7CFUIKjYJhYcn3+ZhXoYgc BgL570FWX3jzf1IMQtETYbdy6GSipYv7nFugSO8OypM
-> piv-p256 RQguQQ A66b5yIOS6X1KpBwwSIt6/0kscRCijqp7C5OdZzyVFC0 -> piv-p256 RQguQQ AxSpkZbv//1jfTX6M2IlSpLJTmmdkzUOBAvC3RjGIfWr
G3EuJyFbhulryG3e5mtdjcYH8rRWOezcItF9Cy+IL+s qJrDWnxNsrdgJ5WEIEjUAxZavktd6OB14d75fAARC/c
-> V-grease !w -> ;2:g1-grease ^fnN2 ^dvdl ]6Q^`
oBULpqmsbh+nnxtU7v1Iqj9RSLvwVgGau5ZHTN0daUOqcMLOHJ1L4FNUqLS8Gq8s
yABHEWs+qsE6mfRikZEkVfVxRhHT/sfBuEDAmE7Y+W273SA --- iHDyRW0hc6S1eq54cBN1MrDJEKzVKl9PEMtw+v1kIgI
--- XeiNeiAn+Szcr8/NGWxhBJ7HUU5lWPdcKBo4+7/hTqY Û’CÆ®_;hÁ0‡•@”.Bðdð¡"¿ûˆ*Ûbt}S'V
モセM#ミ澀lァ U43Bl /<6i9Srマ88
secrets/services/nextcloud/dbpassFile.age
+21 -21
View File
@@ -1,23 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ QSnzAUi67z3/qQsAHp9fPxbuFDv6aZCG1z7tYlTCcBI -> ssh-ed25519 neExcQ eRTtVIiKoO9AZQ9yRD4q9T/lVGSbdfS6ZgA51Ml6qXc
Yqcvkenx+0FsPJaKbIL3kMrXhelekH5PndA8QUVofR4 w4f14e0CznYvbSUV9wH9WE4we2ZaThM1PwFrcG+6HkE
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
S8z2t5QES+GiaY+aC09IpA4gyQddLLa8kY6zG9Yda9TECTAYkND05QwA+QwAS/QF mZxOedvPF5L7aw7JjqAAUNfvjcHrl6w/75qkOgCXzcZh3EzcG+IuIUE8kYwBt/I/
O6cr4/jXaAFddz1PtGrVX6eL1nZKZHweSt9zmH7zjnKmtJN9ltPyzrmt7TYAkm1J GxCb3/97fPt1sJfvosytyD0tlv2+Jw+N+PHHroYaoWEGnYbG1YFDuvnRu4viJXyi
Shw4O6PNGggRpsHx8YGnUZZzAhVKY9GmGR/dYg67uDEoPqcRJLCInRoDV42Pgsx9 1DEVT50mn9SrBW3fKGRqajoSkeCMCn6QmVC07/ULB5GnxU2Pn8LspgV7CLOuCPOK
G0z+qJkzOn6WH/pQHHSWklJlLe3co7dKE0IFu81UMV60XyDxYhdSWCHQroLNrEM+ PtBYJFOmP/HqgX6YNo3hQ2YzQMeqXepRhD/ph/o53j5FdVBznR1LCcjKm7/XyyCp
aBD7CruvgfyXRvDcdlCQMHMz/9jbvPRQ1tYrooN8dnrHM7Eht8M45Q1/zn6YkEgw VLp+J+7tjlIDoby/3OoDTEs5hq0+TXa/GbR4Lka80YJOeHcmR/YTD4ZZTo+Ia1cV
TmoRlD1ymoAh6Taxxb2CEcFar8mQPGlxDI7b8/QN6dyTDaJevt+fCpUc10AAAQEs /DZU08WqvF22Cl3hIpeEH6pzmsQOrMhuKrAOHb0pZV5WdToL9BAHqMljSdVWRnjs
5aV86DUX4fYZDTP2JUmGmd026nLfWLxstoAOThmOSAvcS+dFEmUaHCTYq9vyfbds 6w1eLs1zaFTMuW0p+1oWsENrnP3ZrmTZFgBt2Mh6caz8J8gIcVnwoHiNnb7YqHL+
/blAV6Nco9th23YWlEUlJSzcjtUX8fhBZqCm8RIOWsFeIuK+xzfqJ+HX3KERyZ4s 3eljflFx0RFuZT0ElRChleex4CpVaYMyJK4A48w7ZCyozZU5Bw3zB75zBhC175RU
5a1oXVEXJ0J2fzAMPwK1/fXFGezuIE+J4ck0mlPAGKdsqEK2I1PmzhG91/2k9pVV mk+nYdgZk9N3RaGq1LPmvQyT+MlPm7mNm8i890waKAt5/aHRJWm93rR8U6pdDvoo
6QtUQ5weOC4lppaB72ClYnWjslPlnkmLO2y5QlHQGRPIpKPrl8BEa/e1QssPuvoH m/Tvy2GUsijPKf0aslQbythORklVbd8oCdAEriVytTvMBgVVFILELZgfkC1Xshus
vMkhjERtrcolB41YPmTQ5yAARbDUEXfX4DegCNAGBVY fOshVaW6SzzjFo05bMag+Jy0xvssNsAtYXASNpppU1Y
-> piv-p256 grR75w AnIgXEWvwFlTTBSbhr6JgitRNbxbD8KgVY3pIECu/OV/ -> piv-p256 grR75w AplHuSHuZrF5Css3ni2ERR1BzgwXyRJvx6IYTfGlyqwN
su+kmQmrHfE6oDDLb66mSqyhOfdaQ9sdCFCMQN+PT/Y cSdgdziCAqF0g+md3SccEYdXr2ToWjkgFsgELD1+9ok
-> piv-p256 RQguQQ AiQNSkHb9OUEjyzsixyr8bcL2BldWZqhBHArs8V4MW/m -> piv-p256 RQguQQ ArMD6UvO+SpTynXaYhu0/R3wv9vr+H9ItjJ6745tCldl
Q6M/F9EnaQvw7U37gw74WEWKz8zTum6ItzRkWYJibrs V1+uCejnDgUA6Nul0Ep6p9ZfmxTWxPQI+FCAXpjvDoQ
-> 2#!RA#-grease ; <K &L M%?]C=k -> )-grease
VDGyfy7y8i12A2hs8fSKKIs GkM9VaOPQsWVdWXolVrlPay6CQ
--- tY/xBbBKiJ07CvmaqLL4twwTHLB3kDKk4aE5O/qdAQI --- 73KeTR/c+AeTO+DQo7gjDD0QIen4hYCcnPG6b3hlUQg
Òžj WšuµeKpç”éŽ>•f©·Õ–âåÇMÒ iAZ”Õ£/¾:…â·Ï«Axm2¶ Òœ)²©S…B
secrets/services/postgresql/initScript.age
BIN
View File
Binary file not shown.
secrets/services/woodpecker/environment.age
BIN
View File
Binary file not shown.