move web01-new to web01 and web01 to web01-old
All checks were successful
build / test (push) Successful in 5s
All checks were successful
build / test (push) Successful in 5s
This commit is contained in:
parent
4ee484294f
commit
a34b168bee
|
|
@ -1,20 +0,0 @@
|
|||
{ self, config, ... }:
|
||||
let
|
||||
admins = builtins.fromJSON (builtins.readFile ../admins/users.json);
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
self.nixosModules.web01
|
||||
self.nixosModules.hetzner-ex101
|
||||
];
|
||||
networking.hostName = "web01";
|
||||
systemd.network.networks."10-uplink".networkConfig.Address = "2a01:4f9:3080:282a::1";
|
||||
sops.defaultSopsFile = ./secrets.yaml;
|
||||
users.users.root.openssh.authorizedKeys.keys = builtins.attrValues admins;
|
||||
|
||||
clan.networking.ipv4.address = "65.109.103.5";
|
||||
clan.networking.ipv4.gateway = "65.109.103.1";
|
||||
clan.networking.ipv6.address = config.systemd.network.networks."10-uplink".networkConfig.Address;
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
}
|
||||
|
|
@ -1 +0,0 @@
|
|||
{"ipv6_address":"2a01:4f9:3080:282a::1"}
|
||||
|
|
@ -1,48 +0,0 @@
|
|||
cryptsetup_key: ENC[AES256_GCM,data:79qOTOi4ftTmIWuc/7bFf3NXaa2Fs6mTUfji,iv:xq9HM2uB4rr75qeZEAh2pFvEDAtXdFhsrT/manI7RqM=,tag:iELo+UHSplsQWIK9aQ+uMw==,type:str]
|
||||
initrd_ssh_key: ENC[AES256_GCM,data:SpSX6RgnpgVkd3sL+mJx0Lk6RnagfxwO1cUKtbj4wxlJHpSsBnI6+tGJjssoCp38jHOPYZ4U0IE960ojjtXyBL/sF37Sw0E8uDGr0rL/wuuQmzhF3AC9VfuDOQNbe0pYTr7HldzIvbDRowIShxqbKfBVizkR1bxZkmHfDpMKE1gGivFLYeHC+gSVgTBtPEgDCx361+I103K2kCczu2VGnfmfc9ExrTO6/7ruj2DRjFLOaVmkXe896KjN+YpTTjT85gjEZJ75AGEUNKCNppQRkM0RpJBJyRunHmKqxh5VnFnlbiklsX2S5ev07G9oqIu0kZI6XduQjj/okB/4SeoY9QE6FOj6dRi2WSBNGpT9fBnV4i6bv2Z612ISXwO0GGfXQeWE4mA8QSaJ9oa/fnVFb7WolU9DISq8sYPc85VXVJGCFZ17DDVGK/capjveGErXnk6lJieBwArN5xEZfr/tPL15Q1DNdyYOJwiL1bODQwxYExpFu32XJ/ZMDiucWDXnEwJJf7WpThh0FiAZFzGAJ0b3SeJpuQvK6xXD,iv:w+YuoZMUswV9sw31PXFLKHbinRit9twPDqofeojVdZo=,tag:eCYSUX5EA/NTD3yIdTC7PA==,type:str]
|
||||
ssh_host_ed25519_key: ENC[AES256_GCM,data:68nXUeyy7xh/KKdd4ajdrkuzc54ZpnXhMpPjaDYtwMLlHja/O/t7g4IlVgLTKWwgMbr5/lAj04cEI99dAuoARaE+p4ldQeQNzPb7ZOPyRmSnBgO/qgtZoKNLaIX7q+Mwl+vsa2d2ZSHG8Fu7hzNIELWHQoaIFi782U+yKt2LHhahdVyY/FUPcymi0EtrwCqBHKSlEu+SXiwDXT4f+PCBtyaCJT4T4Mo2+TbERur9r9YOnKG2GEg46lDwTrr6FMya5K2WBks7AQwQ+rpoHCEy05tTg3GTJd8DypLhemrHMD7HeYzRf+HnVCyTngxmoquCD5/g9OM+fu63GIsnbGItWxREfjfzvODKuPaVCOat4mWQr1pLch1lcIkxQhU4EXg4LgHUMXFnQFrR8rvRT++YK1nRLB3w/lyvU4PAoocYlNR3G9JEClRnu4GH615ILEjXhyUZyAHIGx1+W7M6j4aGFhm3NOJWCTctaFd5r6uUeTqDpV757UzgHIR5lhtlfjeL41r3mmN09os/HpKt9EZ0,iv:+T4xz2xvyerO/ffW/YAKUkf5B/UVL8cUOl/ifWKIIx4=,tag:NTJklV5yqMT7uq0TvclhIA==,type:str]
|
||||
ssh_host_ed25519_key.pub: ENC[AES256_GCM,data:k5T5CX56wSm1DADOH47sGb1h65aPk3NSvQR6Rgu7ZzRrq4pF84ofaRMEJU5d9MHnb+Eg92jnibRNwKUH36e5c9PJXtU14aY2f7HzOCyVk7WXd8H0eOuOfzG5ICQ=,iv:CcqwTYnk1NkJpn9q1Rnz4ERxhhnn60h3sXqMd3ILTk4=,tag:LhAIzkeozvT4L7+vJ9ojnQ==,type:str]
|
||||
ssh_host_rsa_key: ENC[AES256_GCM,data:/f0EkmRbX9vSlhUmuJIAEJLs5R4ryxrtTN0hqcJlxTU9B0woh3pFK0GrXBbL1l5uvEQo2Vw2p7yeCqFch7ypfhBTRxD8IhWoc2l7trawhKa0bhhiQ8oQU47AW96ZCQHQx4h329PZBmFwjK31gtHoY3nkj862vWoFLucJs0yRkCVQJEgkjehO1KQbPU7PlYgUECPnpOgQW0wtGLSND20QyJyEQFSg0Vk7fWY6ycSiu+Piejg5MZVgdVofqEw/fEWyp0Za0P2SEyf0lyO8Ob/amObS1oHmLrb++bcOXl/BBqLPow+zx79juwmuFvhk/vZfeO1P04J83eg3f40s0HPP3g7SKjJTf0pYgdu3k3uXN3WsDWX0Tg3YfAxhKzIScM8gyrkCY4ju8fORGCRSzCddA1p1DvtsMAK5RmT6rSob3yS9nEYIlVUXeDsYGMtspoOd9vts0nS2QQ3VHIg27OYieixevzOtpCtyfogMIqMYgvwLlEzHt9Xi4uzFPxb5MQh0vt4PTy97pooCx0HHKYueMGeByZk2EMIVZzIBq1t3GEtj2bIiFIuAxPdU5odBCM29eJwBbwDw8Mngo/dF/HnDvx/AJ89wlbv1AtAqaIPPfQDUwdUJBhKW2rnKmef9E3oDiikhmDOq1UEAaf31NgrDL9nDrZ9nhHbkuL6Piets+jQ0yBCXVzP1ymHGqPAshlnYDSukAuZ8ByCPJr2p5LT09zYLyhtMMO04Qqcu7x8AMJ7Ha2iVgKDzukNcWEtNF5k2XmZ/lUidb7GZvdUsymkRxqAyZeWmP8DzjP7L+8LQhJhY4WixYsXQkVD8eTQyo+hHwQpM/j2XYwIaEOM/fEBvSVwR91U9J4ONqOD0SxIV/i9BoS472q3vjGbzQ1PyaNznvqBuL0WFfWVoUHNw+62LuOF57x6dhzy+et17xk5A4qmsQ2hScDLg6Ha4ygsGKbkLbFz+HQt7IUpIGAmN31ybtrkGR7Z973866njx7yLMFW4gR6bLgz/uNO55FNDLJ20YPSGtt6xoS2dDFfvJD9CTWaw7Z/kfGwjI/IEJgnFDNIEm3mIiM3f4O19m9EJy/ySXTYpTyGnRaEjz2DFIQiStNB+CmDuGgG4fTymFArGt2ieF+aB10E0pLJsZrV/62fRE37BXBuZWhCUshu1HfO9wkkooPunjqVN+5OqN+zgmi6nHzadlbnATK/dPcuBF6nA1wCQd/Y/qpFiYhy2NY1G3lG80/fUdwlTCYP+FFY4x+fxw4qh9J6XhNf1FFTcRpmrmhzjyjb6OvWCgdSRybBxzifTGaAWUde3UEpLHyZzd8Ag+etLwCcLBLeKPfVtfceqWYgkMp62zIXPZ5KZsDDQ8BN9JTMOEk93lL/vGmdXQhxioZ1NmA+Pi1dkSgDEDoUqZLL/FVrbsJ4v9WbpAexjcmKdVxJLCuzxzZKNfc8YeGc/xPgFRAC0BfTxGNkvKONIt6FGc7IF+lJze9HwDR5OLx+cFRhnGJjiw5OoguxRmMl5nzwFggmBCB1IZT4m6ADL8DaCw9RDjErmyz4wU5kROnGBLNgX6tWvYNStUFdIgSoXDAZxr5ArX4kpj93ls8rI+azvRHOATb5kLCS+N8JlyBQRjs22OGf/rjP5Tb7u857MSEy8TWtLwbt8PpL0Zg4h9pAzSgdZHPdVFMc/fZFOT8psVZn03jcsDETeya6uzMUHyBdGnbvbHrJ2y6MCbcWn8suacfBSANoicuhHXW1Kj8dNSpNYrD3xfHfU0s8ajR4HuG92GEGqV4NAb/IXXU5h14OH3bkt46dDABg3vV0bcunmtO8ReWcL4FKrehJU1ycfcgFMVGzxhOQObqWhCbWk3qS2YvUbK7ODzBFCqHUAwfJFNd1wnI+Ml7AjHdG+boFI07C6D0NX3mu1y9Mnns+9Ghr0kh30qeBux2hyz3jGjAy1qrhgbkyR6rBGEQoFz2iSueT867r4D5XPgIKeh8CR0ZkVMME2Z2DKpv3nfbKYZhXzAvQ8TYEueOvKT8f1zuDjcmo3x+GvVPYz1KntNKRrSN5pgPoQLiF1fHommEUAAXM90ysijUGw9K3w5FGrzd05ipcGRaUGb4bOglEezfzt3ODOoe5oW4P8LbnEu1I9GkoU7fDeNZJZ2ZrtL9zNpELo77daupcHt8Ytt6JwQaQcQXNmUcAgIg7sCet+063WES5jwDbR8UgZ5MYNC3Kca4zdI5Ki3ncWHecCtGKCNLeOTbSPb+iGzZI0Grb1pZXs2LfkU4Q2/GIPFF5lkDjPlXATuGh9SjR2xM8YQdYKBDjkMYITSdarjLPR51vGS+RgexJjFNNh3gY/qv8C0j1TUZ5C+FaT4H6A4KCJgo8Pb9hZsJ+hRM+yLDZeK3JUno1IckkLdBkB0E4s5l92ABg87AiTwHeYalQIJIb5mCaMOt4cu/0szWLvd32lmVHN08Xs9AapfG5StpAqSssx0/bbaPPdJW4D0ystMTit+SVvhwVqeGX+8LI0zVsJTzuJCUtfZosdOdThg9zjtYfQFChpogNUBu+4XD6ere02ihY4JvL8Souc2Rel9b/lB9bVAc9Vvq6YrqFsM0w1L1tkqG3TCZ2Mga3at04CP7wItDejmzkLPVEHm7OjuWtBEAl4vqUkV2bfkEzICQPwC6ugiTOQraJqXhlgWLPkBWsQBTxrMT5bnhPg5KvwjRbUXEHL5txqH8C/0EFsaU48Dg/y9CLq8ADIuTRE9R4tR63eOZ017ObkkQeNt76mq+S3DCTrvU+6qUNczLmi0BX5RWqNXJzD46KIEdjkQxr+NBCMC/QdVBdbt/orqNXpPqzVkgmLB4Uze6ppZ+64qWO/Ana7hVtb7cFv8MABIAFxII1y6DZAftA9kfZl1aL7JD4KLZVo9+PfKkH5Z4ZngRaNt2YAruqn0WmgwdPYoZTTCDgqxRfxsfh33LWYJQMV55Tc5UdDol1OpomUoKrNI+zOSeIvMO1C9tUupNjkWNlCEbwVSOqWh5tjMAtH1FSpZgAsqbxVvsYOsF8S/5TgdzMz7N9N4MoIdU2PEwLtOZAhMbTQR2iGIBGJQinFJvjPZGuYQF8+e29gDjRvEzOIuamwmuWtELfqmsFz346a8d/emZkMX8pyprt1afaX4xFfI8qFqm8Vj3Tx6Cd4ll7fQaWkNraPPetZBEKuuHnDfPAHzuYhgYKsIhxaMxkRfT+q7ihVdj6SgcLZRWxF2VyqwLKH6oKJljUso+FxQoY3SdF2bTSCGbIzKeLpej9NMq1rb8jLb1lI1weKY5Hg6cglt8UGSGvNY4qouh/9//Ab6dkEuEBwRvDgwC5a0y/wkGR8VQlsw0+17oudVhjbyv//8cPU8q+VSYrJ3QYJ63MjHAsu+5uukP0s2UuArzszROg2SdHGDdff5svZoG2hVptUgyGh8GlvTst7QDMIM+Wp/+Daer/7YUrqdIoOX+Por9u9++R+FLmnX/MGI3cV/TaeLEHVT6N/A8XtliicE1nWCcqvc+fwOg1WJIVkyyKRI1hPzVJudONOd54m5YKGxOIHNKNGSCu5i/K2Ft01tQMd7g3DcTGHiGys6cC+CkZvAFFXiOCvfhtAVqGKgbZxyJBzdUnkf6uqtP8TSP2+Ea8xUY2tq4Hg2FnC6sk6wuk9v5nE4e8XMyrYNWuZAiBeQ228ko6GOZyKaGxTqh2DQaFSvjNabtUbu5byiqdTySTvhTqV0HhruH1geb6VHNFiYAvV3dP5rIkCwIfRLyqHcNauOtgS+r+hKCg9vH7dFiQJugGzOvxM2yqi7762QCeMhaWAUxRR0m/x2dOymd8HKHUBY4fP7f6qExYE2l+yFbzms/KMaUyX9Ppspyhnw89b85fT1OsFhdphc4vzhN138YfXcOUQa4SjrCIO2D4/jrc46TlEh5byAucNSeX9da8PBE24vDl1vbMft9z/KK5dIRqbhb5TaSUgxUjfimbSaim9dh1jL94XPYmACy6EqYBIcKFNj9Ghw/J1e2xAnDs8S9HCCMiJHUUOCGTHFjpjq585iqasQvxPzccZfteXxObmOVrL7CjiiCY/+IuPnSoBvynPAW86Z7YLCYzx1yEgKcVbK0Q5qXJBjCQdqZ9/ySN0R9HSDW3m2+I6Q58sAMiU4hhzkIm/64GWAoJHqwZFX3aoJd4kYx0sgbWwvItn00UEmU6Q0AW2ZugV+95J3GRMuusq2IKdYOHFR+b538HWN8sk4nMKIRKaJDdFChBWmIF/ASDXwd29tM+nTHU/UNYTQTLp8J4JNtbbUbTADQ5Fy7xCiO0/UVZQju5iReJi0aqFZAHR6gSqMfWFEfISGjliCdt1Eo93YbBL+A66GgSgKX7vGWw0Q46yFzc0uQhfAIcwvT+wa5ZI6L50wJSr/TY1NF4prV/sTKRbeUGtOcO0MOpC1ToRxC+LTfmLYsxFBTg7uYFPDWOkHxwGkUTBCpDD5gs1PgAPekdJ5fiWVt1TdYqIuFexoe9+V,iv:zW+4q1dRbz8WYtDWoHXZMrdyBS+lbmgc/kLvaxluOKU=,tag:lg7uOWcUPXK1BCl6jVV7dg==,type:str]
|
||||
ssh_host_rsa_key.pub: ENC[AES256_GCM,data:Gqk5+cDBsYg84d5Y5vowhnPyGncW3bycpeZAsuclUbiET5z9nVzK2CT06ktQb+MHN8jytc7RfME0c2uk3lQxtFRqxmSYcE0fhM8Lg047eEIswRTYpW+54m2WQL4WYsfZorMRPiWEdt0m7l5dZAC7tOmplGo/ZJxtkhPmf8M142yYjoCgk5Fv24GQkuYh4tKwVYYfoVem1ALE64tl1PXT20uVzvq7kVUJ0Ge3UyEY1zLpg61O2N/3tQQ2FqlstulKHtXjwFkeERUhju7sIuL9VskHKwYbG2JJxlTY5XWMDFPU3Ey3VECsBwjxfcGspp8bP9KdNICsL8pSxkT/clKqkDY6AwW4/C8QXLsrijLbe4M9f9QK1KwunBBRj3nk0DXYySYrn++GyZJRPASyhALyBGf2cMNcbHhB+ARGqhxixUyCmXx+vDqvFe8SzuVGKXGm16uP02ZKgdUVwPByWFydqOISibtJiZxyEyWNCLKpYCiZMoZchZv5PZ/jdZe4kv5YBtK3SfNeyWxPijR5ye+JORPPhjBQJLtX5xtknWF/z2SmJu6iMIw4cjQvkNREVtGj/C2xsRPNhNeP+gpk0iy/VEWj6Mk/I2lI+23jbX1m/JElsj4ig/vnUOhZnI5FNvGjfavnTvVeKaXVAjnWk04rxF2zsxm5H91xSh6qUWe1fFBdgzG2KW4d69Kmi3I9zPo9p6GwqkKEHJdXd6KmLbSoPmfP22Gv6vYbFWl5NKKfPiimw+IXLAGyzz8gWHk7cLA4J9vGSiaxbdLkvbAbvdZJ9K97LmyYsFVzAuz75UbLqyGZysn18OceoSo3nTEiy/WCIjfXsKu95/lYOd6fycfDF+gpkp8ejw3C0JRiZ939CFpG/MrUpCQrgzz9xgKpcTy5w0yWt30naZGlVZ0kcAjv/Bd2X0ON/eEdBrq/MnJHaMDOuuVe9iA+lNVqhFMqEsemOUSJm7R1Ttug4PFdiaMYUg==,iv:9DD76j3rDz+KFw6BmC4mVfhfgadjCR1DXytfV6dKeHY=,tag:Z7Akx72UnALXIcdUIrYWpw==,type:str]
|
||||
harmonia-key: ENC[AES256_GCM,data:pZObqfbLogp0DYs47Tg2STKT9HptPSiP4sgcf31FD68PKSWhkgJbdY3gO/pfa0zsnvZTrAiljR8Ugh/x9z70T/XhjgZ/dIKqtcrGw0or9WPDmVzD4UHYm6iWR30MZLa9EBK0GFInlcSa/g==,iv:9HRnOaqP1iKMyyRX7evl6woZgfw9h4t7mBD98v/iBng=,tag:MQDio//aEOAOTVWlgADYDQ==,type:str]
|
||||
matrix-server-key: ENC[AES256_GCM,data:0148ezOFk8jX5KPQPCG0jQK9ajSfe/iOdUqlvys5/M8DrIwPXH9GzrkknwH+l8kF9ViTRDC/q5md8J2bj3/FBR/RW4rwjDrYx9cBEFm8wjHrywUlwON8kNKtj9ycJmXgtRyCrVGv7sBmODy0ZC5ZfWbhIQh6xWBkX2/rsSh4zwi/1PoHLpOO3u4=,iv:IwHPDi1E3R9LAY/seGpvx1U+N8mB9NMrUjLg4KMA1UA=,tag:pwRJ/CqkFN2eedrnMAaj2w==,type:str]
|
||||
registration-secret: ENC[AES256_GCM,data:EvPearZAxxb2irZFYgvy/tFA72h+IABuzwCbvy94IYR0eoHjuYw6GBde8CNUWG4SUiwyXJr4v438o/YThDhehsZ/cZFjg2o=,iv:ogN4/Iia5Zl95a3HP1KZoy86K8LyBFYw50cZUpkDNQo=,tag:5wU2OrNi7b5gWPfFZcGLjg==,type:str]
|
||||
gitea-actions-runner: ENC[AES256_GCM,data:JKXAa7J1V3GH8lp3UtHTBmiezJlqxX1ItHLE7UcaIeNFQH8We2imaOMVftMpVCeXTpRX,iv:W9+4wH4asw3+w28i5om0OcJFHrABC85bhjhbgGWEs8E=,tag:Rf9XBeiEoJ1Pt8Z1TDIyJA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrVTJrY2hIdis5eGJYQkdM
|
||||
MUdGTmVkc2pxN1NjbkR2NVF6Uk11SnBSSUNrCnY0dXlTMnpTbnNJdjNJZHZtYWE4
|
||||
YmlUWFpkUXdtbFh6R1BvTjd1UEZTRFUKLS0tIEdTMEozMFltVWJ0Q1BZS201eE50
|
||||
UHcwNW5nNkdHL0w2d3g0RzBQZ1RrY3MKCDNdsobZ7wZOjBWOy0FmBR0i0afpHM/x
|
||||
uDax1cdEXnh710TTI0Ck99KGthFRWBIeJH1xioC6TTsgmrgE4VPkNA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1eq0e6uhjj2tja8v338tkdz8ema2aw5anpuyaq2uru7rt4lq7msyqqut6m2
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwRWp6R3B2T3N0aE1GaU8r
|
||||
cUppT0ZrNGJTTXhsZi9EU3dRZTNTR09tYVdvCmVBUFRVWkFTeHZVMDFhSDNQY1dL
|
||||
T09zMjN4ZkZpNFRqZjVqWVRZOGdIaGcKLS0tIGNJbnBFNDAvMS9pdndVRklTNHZ2
|
||||
UjRPRXB5RkxYUDN2TVE2ZTlzV0I5NGsK8tIxBNl0UFkAw1u8Jn7QjnDJ6dcr4+6P
|
||||
iHXTDyxadZAljV5ZXlmzM1dm5p+v86jJ/KvYbA0dkga+CBEOUDt3Yw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17xuvz0fqtynzdmf8rfh4g3e46tx8w3mc6zgytrmuj5v9dhnldgxs7ue7ct
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZRDh2OWxJdjcwK0o1M3Nt
|
||||
RXV4UTlnbFphR0JISG9ZcGorb1ppMzd4SVR3CnZTOW9YeHBKR3drTHdGb3pEZVI3
|
||||
S3NtbDFHL2dlZlRKK3FIc0lwMGt1SzQKLS0tIEZrMWNLOEtuTXB5eE93Uy9nalhD
|
||||
Q2J3VHNZZm13RlFwekJ6MHpPTmpZek0KiOqGozDqC5QQop5y+Scq+QHhVSXX43Ix
|
||||
KS496VWzRCdXYdgMk9gleA0AjaOGdAZOzdxsMQrWo+XfHrCy/1fU/w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-07-18T12:55:47Z"
|
||||
mac: ENC[AES256_GCM,data:suFEE3xr2EZtidjH2Qpp1TvcYIn7dBorWcRUqef82TCf0o8/zQmd02g4eqSXKSl+SQ8/cUm72EuEVqZtvzo+pqw6cJht1pkeRMHJGPMjlz7MelUZwQpb0PoUy5he6neA9BfLi455DTuFIpi7fQi/c9E0B9IfR3ocsDdOQzf8Le0=,iv:wh8MeQbQ/Azf1eSQk/XWT3vv0KNh+QBL++ob5aKZaC0=,tag:U/lQvBtvuZKqgm5bVdqAxQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
terraform {
|
||||
backend "local" {}
|
||||
}
|
||||
|
||||
variable "hetznerdns_token" {}
|
||||
|
||||
module "web01" {
|
||||
source = "../../terraform/web01-new"
|
||||
hostname = "new.clan.lol"
|
||||
dns_zone = "new.clan.lol"
|
||||
nixos_flake_attr = ".#web01-new"
|
||||
nixos_vars_file = "${path.module}/nixos-vars.json"
|
||||
hetznerdns_token = var.hetznerdns_token
|
||||
ipv4_address = "65.109.103.5"
|
||||
ipv6_address = "2a01:4f9:3080:282a::1"
|
||||
sops_secrets_file = "${abspath(path.module)}/secrets.yaml"
|
||||
tags = {
|
||||
Terraform = "true"
|
||||
Target = "web01-new"
|
||||
}
|
||||
}
|
||||
|
|
@ -1,28 +0,0 @@
|
|||
{
|
||||
"data": "ENC[AES256_GCM,data:caaRZCrdJGMdmmMY+9uaCh7ic+K45o4h3rtIPgScELj9HHyntHQHjQeOClyHsJraQywJE1pavrY0ngSN/81QPV+4qjrJ48r5wx2H2M80Al3rhCi/E7Puw+ueODdDIwxixAscaORO/SUF1NAJEqy6pK3CiR1qSXkzqrpx2UMyMO1cmeqYlWZ0b5A/Sk06yV+6aJ8Fto95cCpG+ByxSDi/dvQjC0JF/Ls3mk2NaBi4q10W0aH2UJKlwBt8dvnUB0eo8GPFGvfUMdRzOS6ZH3pT2NNgYJ0qlKwEUu8ldtkuUCi05yxmMfhAA8Nbw3HKUU4glqg1d5ILL3B1ubf2oBykJP4wyiRwIOLmHD4OLaKvrB4/zQdmkO7zULoVArb3haLxTY20racOk8oNEdhsSIjlr7E+7JNpZniwtvC8uryJ6Wi8lGOeUbLgzrkHeBKLckWKIX/Xi80aCQsapgFw/+ys19voXjbZrK2YzO0FIDc4kbMny9+r5LCs+pL6qtsa4NVsXZLpCtO3VxhCAnGtaKENsDPOlYC6SpyOvwaaOua0y3ApqJyQuCNWVHUWBYLMW+yL7pE3Aejx9SvDj0yBqLH71lHFYDtjKhbmP0cv6A2sNVdhgXsaxFu4KKPZJ0+ipG3mQFnZv2Z6/fXNBgqiqzJG6dJxdAX/LWbXe56wCZfkGlC/7MrTt/VRp+Ga08rQYUOotU+y6BK6OYmvjrchrTYQN02GQVni5sQqs2B6nM+NEAOx83rIl3wqRHzvCZ4tKI8sP+EGnSEhT7UGOFU7DuW+t+d07G8Etu71gPx86VaXYL7bPX5H+w3f1wx3oqaM72nW7DqJSf0liNkedSZpsHxPw5gMgBJYIAEBcqVBW3TAJ7rqduxf1mKIyyZavm+TeXMqwTswS2XLn8t0O5grfNMHSHuXA7nFcxsDDZy08VwL8ItoxCHEPKJfiI0HJhZTGWQWOGJEMG/SPRw5Kyxu5W/SQO1rqKNzx8VdMQMpZVeEfB1FRNLNwY0eP80hWsZXVpIv83bpeS5DCiN69vBxU8cywJqIjOoZxI4+SyzF+F+ddQ7RX+YfyQr0GnylGO5rJL4h9sj9luwBM2zMv9hFiiJByUfMqaFF3E1P4cUuRh/E3tH+/p6NJDfQ0alfdod02ic5OkGaKstxiH/qe5fFRGXb+NGPUR0i2Uz6M0EZ7h49Ar0EVK9MuRk7S+Ed+gnxD0v6EzJ02ytjxuuNw5SX2UPK46vUPqnaMMMngj+IWaK2iYoHJDtXcF5CzxCSyq2bBpmKU+P3usBEglpWCREw7T/kz24z66NiL11XAXiNQnoRGv4ck9OBpJlOOGQKe6fE2Z8gwl6Dyef7g7o0+cSPDAzgyPJuP5/QBNGFE+SkPIGczu6DXjlcSoXBht48NVTYnDSgZlypG7AnGJsKTtyKdsgnwPcIpjPm0iNo6/Y/l11ijK50ijn2X78lttkICPsXHDlHfvYravT8fg0+DiyL9kTLwJ9ow0X11uxP922+2xU2T7g7v3YE1cMGTc7cD4lhouol7P9mK65DbCzC8PdNZQ186nUAsDMYBhBlMZYzV/emAFoqbHhlkH1JAWTSvywhiLBQJ3cStSs3fwwzXXU/YmfDigbsjIpBvtFtfOk/jGz8aHPGWsrtQhoBefcdZYPyCYOtyV+QFJ//4bbE4TkoZbM3Xy8y5hctr89E05ylsq4hRjRXk2Nj0xxTvSgroG1ZR8xFplw6gD9NZ622vxHyVNJXJZe60NELoYN86PbnWZ0h7ilHIFnRK7RPnYlRaXE36CtD/9IMGmqysSnc5f3/5T0sdk0+QTIaeFCBnyYezQI5E5q0XHuDF8tifUM7shqvprFC0sDE/PM7EYBmoN/DCd3sDwIkGQ9khiUTW6DQrEvdSNgDA4KelsRKa6Otfva9/gqjB41mMwk9u36kfMunD4dnVAig80ZBsRHInx0+0Xh9cX+PWoVZB+2EsFKnraxIRWuz9h6n734noaxX2Na+hIzSFN/98uOKm40UZus7qBkjnL6nbxHitB8yGV0xjHeknbB+EhtONNstIbKspMDjsmhkWqOMmhDF8TJ0uPnIDd+cPbV0gxkzSgj+3ludm4iFpSrkHbllOAwq1e2YXKVeTtj0OmXiLEqPp5AqqZdCJbfzKKTDNLCOXZjxpCNWkXgPyIjZYQtjJJuVBu1MaDFZDaKqLhjilUePb7jKjmUHoMFfPHUDWeqq0nh5SvuBVAMhxSbGAyYQbv5MUr2lUPfrgOvv+tcoLqQcX3grBvgjBLkTtZ6WT8/W/cSssEcr0ets8SU4AIzXrndDiNZHbaeUQUt7czCeAfodyyx1sobFBuEDfbAYECc9CWG1CY+Q911CkZ4T5H6zhgXXNMTkgkgTsxE+6M7mbFZMPVcY7Hiu6pneuKIyINC5J1Bbys9B2pV6fqO3NUDEqe6RUfm/F/tjkPlz1pIIOTXBaGrCWuWEFkRrCAf5UgbfTNSnSbxnoW8+fEqFG+14urF5yo0SM9Jy7rkLlTQU0HRUuliZ3a/vnF6hERYP7EiRpdVL41nz5V8vRmD1ZuPnhxFAQxko89mcMvJcof2V0sAV3jkS0OgUb5kVuL8Rl9rTqsL4L0Oh37du4tW0+T0Iq4vk6ZlZqPH8TR+iqMiuUYN09jrS,iv:zCxJDmdLPlVOzuXXqgszYIQ17A5rsJkyTi03SzhKWao=,tag:QzqemDqiHKsx6sHPZuSCYA==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwYXFrSHZLU3BidTAyb0ky\nK21KQkdIZk1LWk9JM2hwVE5iMmR4QnEzRW0wCjdVeVl3VGFZM2hDZkpoZjBQaWhn\nWUdPTWgybVd0OFhyMkhocmlFTVYzOXcKLS0tIFRUN1BPQ1FxcUtlL1NXcTR1VFdM\nSWU2VGtiZEIzN09iSU9aalN0cWREd0kKW/YZLXvITLBxM5RwEvKMbzgfk2pXmQ0j\ng+o6u+Ga1PdlE8PhFuhCjbgVmkIZARB5AuBXGzRlu0wqUwpErTg9wQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1eq0e6uhjj2tja8v338tkdz8ema2aw5anpuyaq2uru7rt4lq7msyqqut6m2",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCcjFkcWFqaWRBTVRSaGsr\nMWxTa2V2T2paNXhrNHc1bHFUQytja3I2aGpJCkYyRTVPTTFTSnBtNEh1Y3pWWXFO\ndEZBMnBIN2hVMU9vQlovQi82UENlUU0KLS0tIEZCSFN2QlEzaVZBNGpoa2xDM3Vm\ndnQ0V1BXaTRwZzV0Vm4yNXVWYU0ySlUK6R+9lTWUUk81dhhffVZ6CUxCUpsigZj9\n3sHLtXGz8Y1jjqHRyInYRl2nJa6YNATOAfDgmewpqlfjzR/4X6Haow==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1vphy2sr6uw4ptsua3gh9khrm2cqyt65t46tusmt44z98qa7q6ymq6prrdl",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSldvZnZJZUR1NXJwcjgz\nS2M2M0hlc3JFbUZQODZLS09ycTlUS2tRMlYwCkdGczA1WUtYYmQ5Z1JJWExGYU1N\nV2F6bE9CNmZUL1d2Y1E4czZuRG44RTQKLS0tIFhKZW0rWXpKWGRDVGNUSUw2RktG\nSDFKdm9kTVBJQWhhTnhrVGZmUk5wb3cK3rRG2lgJ8NaEcHzqTkSjJAhXVha0p8Wz\n7KWo+uMEyuHmN2UqDv3HVSIxa/3Xt8hddzeNm1CuVtl+6qC6obg3RA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2023-07-18T14:10:51Z",
|
||||
"mac": "ENC[AES256_GCM,data:nPkXwnKUCSMmkWQpIb3gg08NN2ARLqJi03HzFxLY2ArL8BnXn5OpaJrEND15IIQ0vGokNOSvZESgQphRSk4x1nspGi/9JZ0Km4R0YwzN1wUNIreVcIYNP5JsBshT74g4fi6xNrrU3UWd07p8H9vjzV/djz7oNqDGIZ+Uqmqrrlk=,iv:R/BDTLiMDA+gFSNCDkHYBHQPxQddUoiQwa1y+QGnTMk=,tag:9KvcbdRIkXFHAw/x8WYnIA==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.7.3"
|
||||
}
|
||||
}
|
||||
13
targets/web01-old/configuration.nix
Normal file
13
targets/web01-old/configuration.nix
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
{ self, ... }:
|
||||
let
|
||||
nixosVars = builtins.fromJSON (builtins.readFile ./nixos-vars.json);
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
self.nixosModules.web01
|
||||
self.nixosModules.hcloud
|
||||
];
|
||||
sops.defaultSopsFile = ./secrets.yaml;
|
||||
users.users.root.openssh.authorizedKeys.keys = nixosVars.ssh_keys;
|
||||
system.stateVersion = "23.05";
|
||||
}
|
||||
1
targets/web01-old/nixos-vars.json
Normal file
1
targets/web01-old/nixos-vars.json
Normal file
|
|
@ -0,0 +1 @@
|
|||
{"ipv6_address":"2a01:4f9:c010:ab77::1","ssh_keys":["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIb3uuMqE/xSJ7WL/XpJ6QOj4aSmh0Ga+GtmJl3CDvljGuIeGCKh7YAoqZAi051k5j6ZWowDrcWYHIOU+h0eZCesgCf+CvunlXeUz6XShVMjyZo87f2JPs2Hpb+u/ieLx4wGQvo/Zw89pOly/vqpaX9ZwyIR+U81IAVrHIhqmrTitp+2FwggtaY4FtD6WIyf1hPtrrDecX8iDhnHHuGhATr8etMLwdwQ2kIBx5BBgCoiuW7wXnLUBBVYeO3II957XP/yU82c+DjSVJtejODmRAM/3rk+B7pdF5ShRVVFyB6JJR+Qd1g8iSH+2QXLUy3NM2LN5u5p2oTjUOzoEPWZo7lykZzmIWd/5hjTW9YiHC+A8xsCxQqs87D9HK9hLA6udZ6CGkq4hG/6wFwNjSMnv30IcHZzx6IBihNGbrisrJhLxEiKWpMKYgeemhIirefXA6UxVfiwHg3gJ8BlEBsj0tl/HVARifR2y336YINEn8AsHGhwrPTBFOnBTmfA/VnP1NlWHzXCfVimP6YVvdoGCCnAwvFuJ+ZuxmZ3UzBb2TenZZOzwzV0sUzZk0D1CaSBFJUU3oZNOkDIM6z5lIZgzsyKwb38S8Vs3HYE+Dqpkfsl4yeU5ldc6DwrlVwuSIa4vVus4eWD3gDGFrx98yaqOx17pc4CC9KXk/2TjtJY5xmQ==","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuhpzDHBPvn8nv8RH1MRomDOaXyP4GziQm7r3MZ1Syk"]}
|
||||
52
targets/web01-old/secrets.yaml
Normal file
52
targets/web01-old/secrets.yaml
Normal file
|
|
@ -0,0 +1,52 @@
|
|||
ssh_host_ed25519_key: ENC[AES256_GCM,data:68nXUeyy7xh/KKdd4ajdrkuzc54ZpnXhMpPjaDYtwMLlHja/O/t7g4IlVgLTKWwgMbr5/lAj04cEI99dAuoARaE+p4ldQeQNzPb7ZOPyRmSnBgO/qgtZoKNLaIX7q+Mwl+vsa2d2ZSHG8Fu7hzNIELWHQoaIFi782U+yKt2LHhahdVyY/FUPcymi0EtrwCqBHKSlEu+SXiwDXT4f+PCBtyaCJT4T4Mo2+TbERur9r9YOnKG2GEg46lDwTrr6FMya5K2WBks7AQwQ+rpoHCEy05tTg3GTJd8DypLhemrHMD7HeYzRf+HnVCyTngxmoquCD5/g9OM+fu63GIsnbGItWxREfjfzvODKuPaVCOat4mWQr1pLch1lcIkxQhU4EXg4LgHUMXFnQFrR8rvRT++YK1nRLB3w/lyvU4PAoocYlNR3G9JEClRnu4GH615ILEjXhyUZyAHIGx1+W7M6j4aGFhm3NOJWCTctaFd5r6uUeTqDpV757UzgHIR5lhtlfjeL41r3mmN09os/HpKt9EZ0,iv:+T4xz2xvyerO/ffW/YAKUkf5B/UVL8cUOl/ifWKIIx4=,tag:NTJklV5yqMT7uq0TvclhIA==,type:str]
|
||||
harmonia-key: ENC[AES256_GCM,data:pZObqfbLogp0DYs47Tg2STKT9HptPSiP4sgcf31FD68PKSWhkgJbdY3gO/pfa0zsnvZTrAiljR8Ugh/x9z70T/XhjgZ/dIKqtcrGw0or9WPDmVzD4UHYm6iWR30MZLa9EBK0GFInlcSa/g==,iv:9HRnOaqP1iKMyyRX7evl6woZgfw9h4t7mBD98v/iBng=,tag:MQDio//aEOAOTVWlgADYDQ==,type:str]
|
||||
matrix-server-key: ENC[AES256_GCM,data:0148ezOFk8jX5KPQPCG0jQK9ajSfe/iOdUqlvys5/M8DrIwPXH9GzrkknwH+l8kF9ViTRDC/q5md8J2bj3/FBR/RW4rwjDrYx9cBEFm8wjHrywUlwON8kNKtj9ycJmXgtRyCrVGv7sBmODy0ZC5ZfWbhIQh6xWBkX2/rsSh4zwi/1PoHLpOO3u4=,iv:IwHPDi1E3R9LAY/seGpvx1U+N8mB9NMrUjLg4KMA1UA=,tag:pwRJ/CqkFN2eedrnMAaj2w==,type:str]
|
||||
registration-secret: ENC[AES256_GCM,data:EvPearZAxxb2irZFYgvy/tFA72h+IABuzwCbvy94IYR0eoHjuYw6GBde8CNUWG4SUiwyXJr4v438o/YThDhehsZ/cZFjg2o=,iv:ogN4/Iia5Zl95a3HP1KZoy86K8LyBFYw50cZUpkDNQo=,tag:5wU2OrNi7b5gWPfFZcGLjg==,type:str]
|
||||
gitea-actions-runner: ENC[AES256_GCM,data:JKXAa7J1V3GH8lp3UtHTBmiezJlqxX1ItHLE7UcaIeNFQH8We2imaOMVftMpVCeXTpRX,iv:W9+4wH4asw3+w28i5om0OcJFHrABC85bhjhbgGWEs8E=,tag:Rf9XBeiEoJ1Pt8Z1TDIyJA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWQjQzUUx2cGtkdEZUUkhq
|
||||
VGNlZTZzWVhYVmo3d1VGaDNkNHJNSDdkdkdjCmV4L0N5dHdDZVN2Sys2cVBqdXg2
|
||||
bDZ2cDdnaGd5WnJaU21Fd0MxV1JGNEEKLS0tIE04ejBWeDRHeWJ1RGpTOWRvQWpt
|
||||
V0wxNW4xQUdldEgzR0xKSERtRXdRdkEKWVDjODXiCfMm4TfmnURJAsX47rz+TC9d
|
||||
T6a5mlGrMOrB9Vlpmw9ZlaXN6aUKLGKw2r3siq8I7RW4HJAYw2aZGA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1eq0e6uhjj2tja8v338tkdz8ema2aw5anpuyaq2uru7rt4lq7msyqqut6m2
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUTWdKNElYcU4rNzFTQjVq
|
||||
c0ZjUjZGay9RMjFGNGFDWm5JaENRQVdoNm1JClZTRXIrTmttNGJLOW5XbnFtRnFM
|
||||
QzFqeVhNQzRHL2xpVm5kNXRRaytpYlkKLS0tIHFmMTZQMWVaV010UVd4a25mTFdX
|
||||
MXVDNGRUd2VsbWhwN25LMFV0a0YrZWcKTQSOjn4l+va5u+8CUrZgD2JlW/pSAgRz
|
||||
RkOoOe1IHNgyG3Z5veZAtWdMtcq63JwkduC5Vf2aIuRlXnZP74wB8w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1vphy2sr6uw4ptsua3gh9khrm2cqyt65t46tusmt44z98qa7q6ymq6prrdl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4SStJbWNsVFN0cUMvMnp4
|
||||
VCs1ai92MnBkRzd2Qko5NDZMZG15TytoNG5FClRPZEhYTzJ5ZkU3cTBwdjVrdHpF
|
||||
RjZOeGczc08xWE1jUWYxeVUwclJINE0KLS0tIGM1bi9UWmxQelhxSWlMRmRNamFF
|
||||
ci9xdEtzS0ZCUHN6SG1sUUh6aHA4bUUKraj2gMOPis4rQjT3D4qYqScaix4WGgFn
|
||||
reMrrG8bM4XpwuwzY6rQIbb7tj93w0Mn0G2i+qfg1R6LmsqCPruK1w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17xuvz0fqtynzdmf8rfh4g3e46tx8w3mc6zgytrmuj5v9dhnldgxs7ue7ct
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhY1YvVTViWmFQYUlvMHBF
|
||||
aXVPNnltb2RkL3hJYjF6RjNUbVBjaEtHUDN3CjRsQmMyNzY2cDF0RWJ0NGVLUE14
|
||||
SkxYUExTUVZhWk9mOUdPYUNlYWRuY0UKLS0tIGNFV2krZU1PT0RUQ1AvalVwTDRD
|
||||
YzRRV3VqL2V1WU5qOHlveEZERGMwVWcKi+XRZK28XMVKu0GVsKixBlExiGZ85pI2
|
||||
LkM2KzNKMVcUtC6luRxI/hkY5UzAVnzzaMrRHY03rs5wkWJM74Tjlg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-07-13T14:38:59Z"
|
||||
mac: ENC[AES256_GCM,data:jUKdCKb0Lw2+C+P5GfTt8zBw/LcAsBiyw/ShsJcpBmuokYgnkREJVokbeiVCql06a5IGnV3GBEzZvd+SnhRzKD9cgsu+ekwSzLGdVSv2j8B7il2M+L7IpBbUe/SnBKkQezKHaQ+mN2nJiCNtyjvPJKX16jmHVUx9yGee8tTi2sg=,iv:DwrfwR8BZDfBnG8CVPXZPSCMlBJbT1WFslGm6MM/j5E=,tag:Hqjp+qdhxXfM7O+ASQAcOw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
17
targets/web01-old/terraform.tf
Normal file
17
targets/web01-old/terraform.tf
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
terraform {
|
||||
backend "local" {}
|
||||
}
|
||||
|
||||
variable "hetznerdns_token" {}
|
||||
|
||||
module "web01" {
|
||||
source = "../../terraform/web01-old"
|
||||
domain = "clan.lol"
|
||||
nixos_flake_attr = "web01-old"
|
||||
nixos_vars_file = "${path.module}/nixos-vars.json"
|
||||
hetznerdns_token = var.hetznerdns_token
|
||||
tags = {
|
||||
Terraform = "true"
|
||||
Target = "web01-old"
|
||||
}
|
||||
}
|
||||
28
targets/web01-old/terraform.tfstate
Normal file
28
targets/web01-old/terraform.tfstate
Normal file
File diff suppressed because one or more lines are too long
|
|
@ -1,13 +1,20 @@
|
|||
{ self, ... }:
|
||||
{ self, config, ... }:
|
||||
let
|
||||
nixosVars = builtins.fromJSON (builtins.readFile ./nixos-vars.json);
|
||||
admins = builtins.fromJSON (builtins.readFile ../admins/users.json);
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
self.nixosModules.web01
|
||||
self.nixosModules.hcloud
|
||||
self.nixosModules.hetzner-ex101
|
||||
];
|
||||
networking.hostName = "web01";
|
||||
systemd.network.networks."10-uplink".networkConfig.Address = "2a01:4f9:3080:282a::1";
|
||||
sops.defaultSopsFile = ./secrets.yaml;
|
||||
users.users.root.openssh.authorizedKeys.keys = nixosVars.ssh_keys;
|
||||
users.users.root.openssh.authorizedKeys.keys = builtins.attrValues admins;
|
||||
|
||||
clan.networking.ipv4.address = "65.109.103.5";
|
||||
clan.networking.ipv4.gateway = "65.109.103.1";
|
||||
clan.networking.ipv6.address = config.systemd.network.networks."10-uplink".networkConfig.Address;
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
{"ipv6_address":"2a01:4f9:c010:ab77::1","ssh_keys":["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIb3uuMqE/xSJ7WL/XpJ6QOj4aSmh0Ga+GtmJl3CDvljGuIeGCKh7YAoqZAi051k5j6ZWowDrcWYHIOU+h0eZCesgCf+CvunlXeUz6XShVMjyZo87f2JPs2Hpb+u/ieLx4wGQvo/Zw89pOly/vqpaX9ZwyIR+U81IAVrHIhqmrTitp+2FwggtaY4FtD6WIyf1hPtrrDecX8iDhnHHuGhATr8etMLwdwQ2kIBx5BBgCoiuW7wXnLUBBVYeO3II957XP/yU82c+DjSVJtejODmRAM/3rk+B7pdF5ShRVVFyB6JJR+Qd1g8iSH+2QXLUy3NM2LN5u5p2oTjUOzoEPWZo7lykZzmIWd/5hjTW9YiHC+A8xsCxQqs87D9HK9hLA6udZ6CGkq4hG/6wFwNjSMnv30IcHZzx6IBihNGbrisrJhLxEiKWpMKYgeemhIirefXA6UxVfiwHg3gJ8BlEBsj0tl/HVARifR2y336YINEn8AsHGhwrPTBFOnBTmfA/VnP1NlWHzXCfVimP6YVvdoGCCnAwvFuJ+ZuxmZ3UzBb2TenZZOzwzV0sUzZk0D1CaSBFJUU3oZNOkDIM6z5lIZgzsyKwb38S8Vs3HYE+Dqpkfsl4yeU5ldc6DwrlVwuSIa4vVus4eWD3gDGFrx98yaqOx17pc4CC9KXk/2TjtJY5xmQ==","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuhpzDHBPvn8nv8RH1MRomDOaXyP4GziQm7r3MZ1Syk"]}
|
||||
{"ipv6_address":"2a01:4f9:3080:282a::1"}
|
||||
|
|
@ -1,4 +1,9 @@
|
|||
cryptsetup_key: ENC[AES256_GCM,data:79qOTOi4ftTmIWuc/7bFf3NXaa2Fs6mTUfji,iv:xq9HM2uB4rr75qeZEAh2pFvEDAtXdFhsrT/manI7RqM=,tag:iELo+UHSplsQWIK9aQ+uMw==,type:str]
|
||||
initrd_ssh_key: ENC[AES256_GCM,data:SpSX6RgnpgVkd3sL+mJx0Lk6RnagfxwO1cUKtbj4wxlJHpSsBnI6+tGJjssoCp38jHOPYZ4U0IE960ojjtXyBL/sF37Sw0E8uDGr0rL/wuuQmzhF3AC9VfuDOQNbe0pYTr7HldzIvbDRowIShxqbKfBVizkR1bxZkmHfDpMKE1gGivFLYeHC+gSVgTBtPEgDCx361+I103K2kCczu2VGnfmfc9ExrTO6/7ruj2DRjFLOaVmkXe896KjN+YpTTjT85gjEZJ75AGEUNKCNppQRkM0RpJBJyRunHmKqxh5VnFnlbiklsX2S5ev07G9oqIu0kZI6XduQjj/okB/4SeoY9QE6FOj6dRi2WSBNGpT9fBnV4i6bv2Z612ISXwO0GGfXQeWE4mA8QSaJ9oa/fnVFb7WolU9DISq8sYPc85VXVJGCFZ17DDVGK/capjveGErXnk6lJieBwArN5xEZfr/tPL15Q1DNdyYOJwiL1bODQwxYExpFu32XJ/ZMDiucWDXnEwJJf7WpThh0FiAZFzGAJ0b3SeJpuQvK6xXD,iv:w+YuoZMUswV9sw31PXFLKHbinRit9twPDqofeojVdZo=,tag:eCYSUX5EA/NTD3yIdTC7PA==,type:str]
|
||||
ssh_host_ed25519_key: ENC[AES256_GCM,data:68nXUeyy7xh/KKdd4ajdrkuzc54ZpnXhMpPjaDYtwMLlHja/O/t7g4IlVgLTKWwgMbr5/lAj04cEI99dAuoARaE+p4ldQeQNzPb7ZOPyRmSnBgO/qgtZoKNLaIX7q+Mwl+vsa2d2ZSHG8Fu7hzNIELWHQoaIFi782U+yKt2LHhahdVyY/FUPcymi0EtrwCqBHKSlEu+SXiwDXT4f+PCBtyaCJT4T4Mo2+TbERur9r9YOnKG2GEg46lDwTrr6FMya5K2WBks7AQwQ+rpoHCEy05tTg3GTJd8DypLhemrHMD7HeYzRf+HnVCyTngxmoquCD5/g9OM+fu63GIsnbGItWxREfjfzvODKuPaVCOat4mWQr1pLch1lcIkxQhU4EXg4LgHUMXFnQFrR8rvRT++YK1nRLB3w/lyvU4PAoocYlNR3G9JEClRnu4GH615ILEjXhyUZyAHIGx1+W7M6j4aGFhm3NOJWCTctaFd5r6uUeTqDpV757UzgHIR5lhtlfjeL41r3mmN09os/HpKt9EZ0,iv:+T4xz2xvyerO/ffW/YAKUkf5B/UVL8cUOl/ifWKIIx4=,tag:NTJklV5yqMT7uq0TvclhIA==,type:str]
|
||||
ssh_host_ed25519_key.pub: ENC[AES256_GCM,data:k5T5CX56wSm1DADOH47sGb1h65aPk3NSvQR6Rgu7ZzRrq4pF84ofaRMEJU5d9MHnb+Eg92jnibRNwKUH36e5c9PJXtU14aY2f7HzOCyVk7WXd8H0eOuOfzG5ICQ=,iv:CcqwTYnk1NkJpn9q1Rnz4ERxhhnn60h3sXqMd3ILTk4=,tag:LhAIzkeozvT4L7+vJ9ojnQ==,type:str]
|
||||
ssh_host_rsa_key: ENC[AES256_GCM,data:/f0EkmRbX9vSlhUmuJIAEJLs5R4ryxrtTN0hqcJlxTU9B0woh3pFK0GrXBbL1l5uvEQo2Vw2p7yeCqFch7ypfhBTRxD8IhWoc2l7trawhKa0bhhiQ8oQU47AW96ZCQHQx4h329PZBmFwjK31gtHoY3nkj862vWoFLucJs0yRkCVQJEgkjehO1KQbPU7PlYgUECPnpOgQW0wtGLSND20QyJyEQFSg0Vk7fWY6ycSiu+Piejg5MZVgdVofqEw/fEWyp0Za0P2SEyf0lyO8Ob/amObS1oHmLrb++bcOXl/BBqLPow+zx79juwmuFvhk/vZfeO1P04J83eg3f40s0HPP3g7SKjJTf0pYgdu3k3uXN3WsDWX0Tg3YfAxhKzIScM8gyrkCY4ju8fORGCRSzCddA1p1DvtsMAK5RmT6rSob3yS9nEYIlVUXeDsYGMtspoOd9vts0nS2QQ3VHIg27OYieixevzOtpCtyfogMIqMYgvwLlEzHt9Xi4uzFPxb5MQh0vt4PTy97pooCx0HHKYueMGeByZk2EMIVZzIBq1t3GEtj2bIiFIuAxPdU5odBCM29eJwBbwDw8Mngo/dF/HnDvx/AJ89wlbv1AtAqaIPPfQDUwdUJBhKW2rnKmef9E3oDiikhmDOq1UEAaf31NgrDL9nDrZ9nhHbkuL6Piets+jQ0yBCXVzP1ymHGqPAshlnYDSukAuZ8ByCPJr2p5LT09zYLyhtMMO04Qqcu7x8AMJ7Ha2iVgKDzukNcWEtNF5k2XmZ/lUidb7GZvdUsymkRxqAyZeWmP8DzjP7L+8LQhJhY4WixYsXQkVD8eTQyo+hHwQpM/j2XYwIaEOM/fEBvSVwR91U9J4ONqOD0SxIV/i9BoS472q3vjGbzQ1PyaNznvqBuL0WFfWVoUHNw+62LuOF57x6dhzy+et17xk5A4qmsQ2hScDLg6Ha4ygsGKbkLbFz+HQt7IUpIGAmN31ybtrkGR7Z973866njx7yLMFW4gR6bLgz/uNO55FNDLJ20YPSGtt6xoS2dDFfvJD9CTWaw7Z/kfGwjI/IEJgnFDNIEm3mIiM3f4O19m9EJy/ySXTYpTyGnRaEjz2DFIQiStNB+CmDuGgG4fTymFArGt2ieF+aB10E0pLJsZrV/62fRE37BXBuZWhCUshu1HfO9wkkooPunjqVN+5OqN+zgmi6nHzadlbnATK/dPcuBF6nA1wCQd/Y/qpFiYhy2NY1G3lG80/fUdwlTCYP+FFY4x+fxw4qh9J6XhNf1FFTcRpmrmhzjyjb6OvWCgdSRybBxzifTGaAWUde3UEpLHyZzd8Ag+etLwCcLBLeKPfVtfceqWYgkMp62zIXPZ5KZsDDQ8BN9JTMOEk93lL/vGmdXQhxioZ1NmA+Pi1dkSgDEDoUqZLL/FVrbsJ4v9WbpAexjcmKdVxJLCuzxzZKNfc8YeGc/xPgFRAC0BfTxGNkvKONIt6FGc7IF+lJze9HwDR5OLx+cFRhnGJjiw5OoguxRmMl5nzwFggmBCB1IZT4m6ADL8DaCw9RDjErmyz4wU5kROnGBLNgX6tWvYNStUFdIgSoXDAZxr5ArX4kpj93ls8rI+azvRHOATb5kLCS+N8JlyBQRjs22OGf/rjP5Tb7u857MSEy8TWtLwbt8PpL0Zg4h9pAzSgdZHPdVFMc/fZFOT8psVZn03jcsDETeya6uzMUHyBdGnbvbHrJ2y6MCbcWn8suacfBSANoicuhHXW1Kj8dNSpNYrD3xfHfU0s8ajR4HuG92GEGqV4NAb/IXXU5h14OH3bkt46dDABg3vV0bcunmtO8ReWcL4FKrehJU1ycfcgFMVGzxhOQObqWhCbWk3qS2YvUbK7ODzBFCqHUAwfJFNd1wnI+Ml7AjHdG+boFI07C6D0NX3mu1y9Mnns+9Ghr0kh30qeBux2hyz3jGjAy1qrhgbkyR6rBGEQoFz2iSueT867r4D5XPgIKeh8CR0ZkVMME2Z2DKpv3nfbKYZhXzAvQ8TYEueOvKT8f1zuDjcmo3x+GvVPYz1KntNKRrSN5pgPoQLiF1fHommEUAAXM90ysijUGw9K3w5FGrzd05ipcGRaUGb4bOglEezfzt3ODOoe5oW4P8LbnEu1I9GkoU7fDeNZJZ2ZrtL9zNpELo77daupcHt8Ytt6JwQaQcQXNmUcAgIg7sCet+063WES5jwDbR8UgZ5MYNC3Kca4zdI5Ki3ncWHecCtGKCNLeOTbSPb+iGzZI0Grb1pZXs2LfkU4Q2/GIPFF5lkDjPlXATuGh9SjR2xM8YQdYKBDjkMYITSdarjLPR51vGS+RgexJjFNNh3gY/qv8C0j1TUZ5C+FaT4H6A4KCJgo8Pb9hZsJ+hRM+yLDZeK3JUno1IckkLdBkB0E4s5l92ABg87AiTwHeYalQIJIb5mCaMOt4cu/0szWLvd32lmVHN08Xs9AapfG5StpAqSssx0/bbaPPdJW4D0ystMTit+SVvhwVqeGX+8LI0zVsJTzuJCUtfZosdOdThg9zjtYfQFChpogNUBu+4XD6ere02ihY4JvL8Souc2Rel9b/lB9bVAc9Vvq6YrqFsM0w1L1tkqG3TCZ2Mga3at04CP7wItDejmzkLPVEHm7OjuWtBEAl4vqUkV2bfkEzICQPwC6ugiTOQraJqXhlgWLPkBWsQBTxrMT5bnhPg5KvwjRbUXEHL5txqH8C/0EFsaU48Dg/y9CLq8ADIuTRE9R4tR63eOZ017ObkkQeNt76mq+S3DCTrvU+6qUNczLmi0BX5RWqNXJzD46KIEdjkQxr+NBCMC/QdVBdbt/orqNXpPqzVkgmLB4Uze6ppZ+64qWO/Ana7hVtb7cFv8MABIAFxII1y6DZAftA9kfZl1aL7JD4KLZVo9+PfKkH5Z4ZngRaNt2YAruqn0WmgwdPYoZTTCDgqxRfxsfh33LWYJQMV55Tc5UdDol1OpomUoKrNI+zOSeIvMO1C9tUupNjkWNlCEbwVSOqWh5tjMAtH1FSpZgAsqbxVvsYOsF8S/5TgdzMz7N9N4MoIdU2PEwLtOZAhMbTQR2iGIBGJQinFJvjPZGuYQF8+e29gDjRvEzOIuamwmuWtELfqmsFz346a8d/emZkMX8pyprt1afaX4xFfI8qFqm8Vj3Tx6Cd4ll7fQaWkNraPPetZBEKuuHnDfPAHzuYhgYKsIhxaMxkRfT+q7ihVdj6SgcLZRWxF2VyqwLKH6oKJljUso+FxQoY3SdF2bTSCGbIzKeLpej9NMq1rb8jLb1lI1weKY5Hg6cglt8UGSGvNY4qouh/9//Ab6dkEuEBwRvDgwC5a0y/wkGR8VQlsw0+17oudVhjbyv//8cPU8q+VSYrJ3QYJ63MjHAsu+5uukP0s2UuArzszROg2SdHGDdff5svZoG2hVptUgyGh8GlvTst7QDMIM+Wp/+Daer/7YUrqdIoOX+Por9u9++R+FLmnX/MGI3cV/TaeLEHVT6N/A8XtliicE1nWCcqvc+fwOg1WJIVkyyKRI1hPzVJudONOd54m5YKGxOIHNKNGSCu5i/K2Ft01tQMd7g3DcTGHiGys6cC+CkZvAFFXiOCvfhtAVqGKgbZxyJBzdUnkf6uqtP8TSP2+Ea8xUY2tq4Hg2FnC6sk6wuk9v5nE4e8XMyrYNWuZAiBeQ228ko6GOZyKaGxTqh2DQaFSvjNabtUbu5byiqdTySTvhTqV0HhruH1geb6VHNFiYAvV3dP5rIkCwIfRLyqHcNauOtgS+r+hKCg9vH7dFiQJugGzOvxM2yqi7762QCeMhaWAUxRR0m/x2dOymd8HKHUBY4fP7f6qExYE2l+yFbzms/KMaUyX9Ppspyhnw89b85fT1OsFhdphc4vzhN138YfXcOUQa4SjrCIO2D4/jrc46TlEh5byAucNSeX9da8PBE24vDl1vbMft9z/KK5dIRqbhb5TaSUgxUjfimbSaim9dh1jL94XPYmACy6EqYBIcKFNj9Ghw/J1e2xAnDs8S9HCCMiJHUUOCGTHFjpjq585iqasQvxPzccZfteXxObmOVrL7CjiiCY/+IuPnSoBvynPAW86Z7YLCYzx1yEgKcVbK0Q5qXJBjCQdqZ9/ySN0R9HSDW3m2+I6Q58sAMiU4hhzkIm/64GWAoJHqwZFX3aoJd4kYx0sgbWwvItn00UEmU6Q0AW2ZugV+95J3GRMuusq2IKdYOHFR+b538HWN8sk4nMKIRKaJDdFChBWmIF/ASDXwd29tM+nTHU/UNYTQTLp8J4JNtbbUbTADQ5Fy7xCiO0/UVZQju5iReJi0aqFZAHR6gSqMfWFEfISGjliCdt1Eo93YbBL+A66GgSgKX7vGWw0Q46yFzc0uQhfAIcwvT+wa5ZI6L50wJSr/TY1NF4prV/sTKRbeUGtOcO0MOpC1ToRxC+LTfmLYsxFBTg7uYFPDWOkHxwGkUTBCpDD5gs1PgAPekdJ5fiWVt1TdYqIuFexoe9+V,iv:zW+4q1dRbz8WYtDWoHXZMrdyBS+lbmgc/kLvaxluOKU=,tag:lg7uOWcUPXK1BCl6jVV7dg==,type:str]
|
||||
ssh_host_rsa_key.pub: ENC[AES256_GCM,data:Gqk5+cDBsYg84d5Y5vowhnPyGncW3bycpeZAsuclUbiET5z9nVzK2CT06ktQb+MHN8jytc7RfME0c2uk3lQxtFRqxmSYcE0fhM8Lg047eEIswRTYpW+54m2WQL4WYsfZorMRPiWEdt0m7l5dZAC7tOmplGo/ZJxtkhPmf8M142yYjoCgk5Fv24GQkuYh4tKwVYYfoVem1ALE64tl1PXT20uVzvq7kVUJ0Ge3UyEY1zLpg61O2N/3tQQ2FqlstulKHtXjwFkeERUhju7sIuL9VskHKwYbG2JJxlTY5XWMDFPU3Ey3VECsBwjxfcGspp8bP9KdNICsL8pSxkT/clKqkDY6AwW4/C8QXLsrijLbe4M9f9QK1KwunBBRj3nk0DXYySYrn++GyZJRPASyhALyBGf2cMNcbHhB+ARGqhxixUyCmXx+vDqvFe8SzuVGKXGm16uP02ZKgdUVwPByWFydqOISibtJiZxyEyWNCLKpYCiZMoZchZv5PZ/jdZe4kv5YBtK3SfNeyWxPijR5ye+JORPPhjBQJLtX5xtknWF/z2SmJu6iMIw4cjQvkNREVtGj/C2xsRPNhNeP+gpk0iy/VEWj6Mk/I2lI+23jbX1m/JElsj4ig/vnUOhZnI5FNvGjfavnTvVeKaXVAjnWk04rxF2zsxm5H91xSh6qUWe1fFBdgzG2KW4d69Kmi3I9zPo9p6GwqkKEHJdXd6KmLbSoPmfP22Gv6vYbFWl5NKKfPiimw+IXLAGyzz8gWHk7cLA4J9vGSiaxbdLkvbAbvdZJ9K97LmyYsFVzAuz75UbLqyGZysn18OceoSo3nTEiy/WCIjfXsKu95/lYOd6fycfDF+gpkp8ejw3C0JRiZ939CFpG/MrUpCQrgzz9xgKpcTy5w0yWt30naZGlVZ0kcAjv/Bd2X0ON/eEdBrq/MnJHaMDOuuVe9iA+lNVqhFMqEsemOUSJm7R1Ttug4PFdiaMYUg==,iv:9DD76j3rDz+KFw6BmC4mVfhfgadjCR1DXytfV6dKeHY=,tag:Z7Akx72UnALXIcdUIrYWpw==,type:str]
|
||||
harmonia-key: ENC[AES256_GCM,data:pZObqfbLogp0DYs47Tg2STKT9HptPSiP4sgcf31FD68PKSWhkgJbdY3gO/pfa0zsnvZTrAiljR8Ugh/x9z70T/XhjgZ/dIKqtcrGw0or9WPDmVzD4UHYm6iWR30MZLa9EBK0GFInlcSa/g==,iv:9HRnOaqP1iKMyyRX7evl6woZgfw9h4t7mBD98v/iBng=,tag:MQDio//aEOAOTVWlgADYDQ==,type:str]
|
||||
matrix-server-key: ENC[AES256_GCM,data:0148ezOFk8jX5KPQPCG0jQK9ajSfe/iOdUqlvys5/M8DrIwPXH9GzrkknwH+l8kF9ViTRDC/q5md8J2bj3/FBR/RW4rwjDrYx9cBEFm8wjHrywUlwON8kNKtj9ycJmXgtRyCrVGv7sBmODy0ZC5ZfWbhIQh6xWBkX2/rsSh4zwi/1PoHLpOO3u4=,iv:IwHPDi1E3R9LAY/seGpvx1U+N8mB9NMrUjLg4KMA1UA=,tag:pwRJ/CqkFN2eedrnMAaj2w==,type:str]
|
||||
registration-secret: ENC[AES256_GCM,data:EvPearZAxxb2irZFYgvy/tFA72h+IABuzwCbvy94IYR0eoHjuYw6GBde8CNUWG4SUiwyXJr4v438o/YThDhehsZ/cZFjg2o=,iv:ogN4/Iia5Zl95a3HP1KZoy86K8LyBFYw50cZUpkDNQo=,tag:5wU2OrNi7b5gWPfFZcGLjg==,type:str]
|
||||
|
|
@ -12,41 +17,32 @@ sops:
|
|||
- recipient: age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWQjQzUUx2cGtkdEZUUkhq
|
||||
VGNlZTZzWVhYVmo3d1VGaDNkNHJNSDdkdkdjCmV4L0N5dHdDZVN2Sys2cVBqdXg2
|
||||
bDZ2cDdnaGd5WnJaU21Fd0MxV1JGNEEKLS0tIE04ejBWeDRHeWJ1RGpTOWRvQWpt
|
||||
V0wxNW4xQUdldEgzR0xKSERtRXdRdkEKWVDjODXiCfMm4TfmnURJAsX47rz+TC9d
|
||||
T6a5mlGrMOrB9Vlpmw9ZlaXN6aUKLGKw2r3siq8I7RW4HJAYw2aZGA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrVTJrY2hIdis5eGJYQkdM
|
||||
MUdGTmVkc2pxN1NjbkR2NVF6Uk11SnBSSUNrCnY0dXlTMnpTbnNJdjNJZHZtYWE4
|
||||
YmlUWFpkUXdtbFh6R1BvTjd1UEZTRFUKLS0tIEdTMEozMFltVWJ0Q1BZS201eE50
|
||||
UHcwNW5nNkdHL0w2d3g0RzBQZ1RrY3MKCDNdsobZ7wZOjBWOy0FmBR0i0afpHM/x
|
||||
uDax1cdEXnh710TTI0Ck99KGthFRWBIeJH1xioC6TTsgmrgE4VPkNA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1eq0e6uhjj2tja8v338tkdz8ema2aw5anpuyaq2uru7rt4lq7msyqqut6m2
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUTWdKNElYcU4rNzFTQjVq
|
||||
c0ZjUjZGay9RMjFGNGFDWm5JaENRQVdoNm1JClZTRXIrTmttNGJLOW5XbnFtRnFM
|
||||
QzFqeVhNQzRHL2xpVm5kNXRRaytpYlkKLS0tIHFmMTZQMWVaV010UVd4a25mTFdX
|
||||
MXVDNGRUd2VsbWhwN25LMFV0a0YrZWcKTQSOjn4l+va5u+8CUrZgD2JlW/pSAgRz
|
||||
RkOoOe1IHNgyG3Z5veZAtWdMtcq63JwkduC5Vf2aIuRlXnZP74wB8w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1vphy2sr6uw4ptsua3gh9khrm2cqyt65t46tusmt44z98qa7q6ymq6prrdl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4SStJbWNsVFN0cUMvMnp4
|
||||
VCs1ai92MnBkRzd2Qko5NDZMZG15TytoNG5FClRPZEhYTzJ5ZkU3cTBwdjVrdHpF
|
||||
RjZOeGczc08xWE1jUWYxeVUwclJINE0KLS0tIGM1bi9UWmxQelhxSWlMRmRNamFF
|
||||
ci9xdEtzS0ZCUHN6SG1sUUh6aHA4bUUKraj2gMOPis4rQjT3D4qYqScaix4WGgFn
|
||||
reMrrG8bM4XpwuwzY6rQIbb7tj93w0Mn0G2i+qfg1R6LmsqCPruK1w==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwRWp6R3B2T3N0aE1GaU8r
|
||||
cUppT0ZrNGJTTXhsZi9EU3dRZTNTR09tYVdvCmVBUFRVWkFTeHZVMDFhSDNQY1dL
|
||||
T09zMjN4ZkZpNFRqZjVqWVRZOGdIaGcKLS0tIGNJbnBFNDAvMS9pdndVRklTNHZ2
|
||||
UjRPRXB5RkxYUDN2TVE2ZTlzV0I5NGsK8tIxBNl0UFkAw1u8Jn7QjnDJ6dcr4+6P
|
||||
iHXTDyxadZAljV5ZXlmzM1dm5p+v86jJ/KvYbA0dkga+CBEOUDt3Yw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17xuvz0fqtynzdmf8rfh4g3e46tx8w3mc6zgytrmuj5v9dhnldgxs7ue7ct
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhY1YvVTViWmFQYUlvMHBF
|
||||
aXVPNnltb2RkL3hJYjF6RjNUbVBjaEtHUDN3CjRsQmMyNzY2cDF0RWJ0NGVLUE14
|
||||
SkxYUExTUVZhWk9mOUdPYUNlYWRuY0UKLS0tIGNFV2krZU1PT0RUQ1AvalVwTDRD
|
||||
YzRRV3VqL2V1WU5qOHlveEZERGMwVWcKi+XRZK28XMVKu0GVsKixBlExiGZ85pI2
|
||||
LkM2KzNKMVcUtC6luRxI/hkY5UzAVnzzaMrRHY03rs5wkWJM74Tjlg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZRDh2OWxJdjcwK0o1M3Nt
|
||||
RXV4UTlnbFphR0JISG9ZcGorb1ppMzd4SVR3CnZTOW9YeHBKR3drTHdGb3pEZVI3
|
||||
S3NtbDFHL2dlZlRKK3FIc0lwMGt1SzQKLS0tIEZrMWNLOEtuTXB5eE93Uy9nalhD
|
||||
Q2J3VHNZZm13RlFwekJ6MHpPTmpZek0KiOqGozDqC5QQop5y+Scq+QHhVSXX43Ix
|
||||
KS496VWzRCdXYdgMk9gleA0AjaOGdAZOzdxsMQrWo+XfHrCy/1fU/w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-07-13T14:38:59Z"
|
||||
mac: ENC[AES256_GCM,data:jUKdCKb0Lw2+C+P5GfTt8zBw/LcAsBiyw/ShsJcpBmuokYgnkREJVokbeiVCql06a5IGnV3GBEzZvd+SnhRzKD9cgsu+ekwSzLGdVSv2j8B7il2M+L7IpBbUe/SnBKkQezKHaQ+mN2nJiCNtyjvPJKX16jmHVUx9yGee8tTi2sg=,iv:DwrfwR8BZDfBnG8CVPXZPSCMlBJbT1WFslGm6MM/j5E=,tag:Hqjp+qdhxXfM7O+ASQAcOw==,type:str]
|
||||
lastmodified: "2023-07-18T12:55:47Z"
|
||||
mac: ENC[AES256_GCM,data:suFEE3xr2EZtidjH2Qpp1TvcYIn7dBorWcRUqef82TCf0o8/zQmd02g4eqSXKSl+SQ8/cUm72EuEVqZtvzo+pqw6cJht1pkeRMHJGPMjlz7MelUZwQpb0PoUy5he6neA9BfLi455DTuFIpi7fQi/c9E0B9IfR3ocsDdOQzf8Le0=,iv:wh8MeQbQ/Azf1eSQk/XWT3vv0KNh+QBL++ob5aKZaC0=,tag:U/lQvBtvuZKqgm5bVdqAxQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
|
|
|||
|
|
@ -5,11 +5,15 @@ terraform {
|
|||
variable "hetznerdns_token" {}
|
||||
|
||||
module "web01" {
|
||||
source = "../../terraform/web01"
|
||||
domain = "clan.lol"
|
||||
nixos_flake_attr = "web01"
|
||||
nixos_vars_file = "${path.module}/nixos-vars.json"
|
||||
hetznerdns_token = var.hetznerdns_token
|
||||
source = "../../terraform/web01"
|
||||
hostname = "clan.lol"
|
||||
dns_zone = "clan.lol"
|
||||
nixos_flake_attr = ".#web01"
|
||||
nixos_vars_file = "${path.module}/nixos-vars.json"
|
||||
hetznerdns_token = var.hetznerdns_token
|
||||
ipv4_address = "65.109.103.5"
|
||||
ipv6_address = "2a01:4f9:3080:282a::1"
|
||||
sops_secrets_file = "${abspath(path.module)}/secrets.yaml"
|
||||
tags = {
|
||||
Terraform = "true"
|
||||
Target = "web01"
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
|
|
@ -1,76 +0,0 @@
|
|||
locals {
|
||||
subhostnames = [
|
||||
"@",
|
||||
"git",
|
||||
"mail",
|
||||
"cache",
|
||||
"matrix",
|
||||
"www"
|
||||
]
|
||||
hostnames = [
|
||||
var.hostname,
|
||||
"www.${var.hostname}",
|
||||
"git.${var.hostname}",
|
||||
"mail.${var.hostname}",
|
||||
"cache.${var.hostname}",
|
||||
"matrix.${var.hostname}",
|
||||
]
|
||||
}
|
||||
|
||||
resource "hetznerdns_zone" "server" {
|
||||
name = var.dns_zone
|
||||
ttl = 3600
|
||||
}
|
||||
|
||||
resource "hetznerdns_record" "server_a" {
|
||||
for_each = toset(local.subhostnames)
|
||||
zone_id = hetznerdns_zone.server.id
|
||||
name = each.value
|
||||
type = "A"
|
||||
value = var.ipv4_address
|
||||
}
|
||||
|
||||
resource "hetznerdns_record" "server_aaaa" {
|
||||
for_each = toset(local.subhostnames)
|
||||
zone_id = hetznerdns_zone.server.id
|
||||
name = each.value
|
||||
type = "AAAA"
|
||||
value = var.ipv6_address
|
||||
}
|
||||
|
||||
# for sending emails
|
||||
resource "hetznerdns_record" "spf" {
|
||||
zone_id = hetznerdns_zone.server.id
|
||||
name = "@"
|
||||
type = "TXT"
|
||||
value = "\"v=spf1 ip4:${var.ipv4_address} ip6:${var.ipv6_address} ~all\""
|
||||
}
|
||||
|
||||
resource "hetznerdns_record" "dkim" {
|
||||
zone_id = hetznerdns_zone.server.id
|
||||
name = "v1._hostnamekey"
|
||||
type = "TXT"
|
||||
# take from `systemctl status opendkim`
|
||||
value = "\"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTFSkQcM0v6mC4kiWEoF/EgK/hPVgOBJlHesLVIe+8BmidylaUowKlyC2gECipXhoVX9++OfMFAKNtGrIJcCTVNH/DRGkhbHLSxzzXijCbJ7G/fjpHRifpxMydEmybQDKdidR44YMR74Aj0OwUEgu+N/yJZ2+ubOlstW0fZJaJwQIDAQAB\""
|
||||
}
|
||||
|
||||
resource "hetznerdns_record" "adsp" {
|
||||
zone_id = hetznerdns_zone.server.id
|
||||
name = "_adsp._hostnamekey"
|
||||
type = "TXT"
|
||||
value = "\"dkim=all;\""
|
||||
}
|
||||
|
||||
resource "hetznerdns_record" "matrix" {
|
||||
zone_id = hetznerdns_zone.server.id
|
||||
name = "_matrix._tcp"
|
||||
type = "SRV"
|
||||
value = "0 5 443 matrix"
|
||||
}
|
||||
|
||||
resource "hetznerdns_record" "dmarc" {
|
||||
zone_id = hetznerdns_zone.server.id
|
||||
name = "_dmarc"
|
||||
type = "TXT"
|
||||
value = "\"v=DMARC1; p=none; adkim=r; aspf=r; rua=mailto:joerc.dmarc@thalheim.io; ruf=mailto:joerg.dmarc@thalheim.io; pct=100\""
|
||||
}
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
locals {
|
||||
}
|
||||
|
||||
resource "null_resource" "nixos-anywhere" {
|
||||
triggers = {
|
||||
instance_id = var.ipv4_address
|
||||
}
|
||||
connection {
|
||||
type = "ssh"
|
||||
user = "root"
|
||||
host = var.ipv4_address
|
||||
}
|
||||
provisioner "remote-exec" {
|
||||
# needed because kexec is broken
|
||||
# https://github.com/numtide/nixos-anywhere/issues/136
|
||||
script = "${path.module}/nixosify.sh"
|
||||
}
|
||||
provisioner "local-exec" {
|
||||
environment = {
|
||||
HOST = var.ipv4_address
|
||||
FLAKE_ATTR = var.nixos_flake_attr
|
||||
SOPS_SECRETS_FILE = var.sops_secrets_file
|
||||
}
|
||||
command = "bash -x ${path.module}/install.sh"
|
||||
}
|
||||
}
|
||||
|
||||
locals {
|
||||
nixos_vars = {
|
||||
ipv6_address = var.ipv6_address
|
||||
}
|
||||
}
|
||||
|
|
@ -1,40 +0,0 @@
|
|||
variable "ipv4_address" {
|
||||
type = string
|
||||
description = "IPv4 address of the machine"
|
||||
}
|
||||
|
||||
variable "ipv6_address" {
|
||||
type = string
|
||||
description = "IPv6 address of the machine"
|
||||
}
|
||||
|
||||
variable "nixos_vars_file" {
|
||||
type = string
|
||||
description = "File to write NixOS configuration variables to"
|
||||
}
|
||||
|
||||
variable "nixos_flake_attr" {
|
||||
type = string
|
||||
description = "NixOS configuration flake attribute"
|
||||
}
|
||||
|
||||
variable "sops_secrets_file" {
|
||||
type = string
|
||||
description = "Path to SOPS secrets file storing the secrets for ssh keys and cryptsetup keys"
|
||||
}
|
||||
|
||||
variable "hostname" {
|
||||
type = string
|
||||
description = "Zone name of the machine"
|
||||
}
|
||||
|
||||
variable "dns_zone" {
|
||||
type = string
|
||||
description = "DNS zone to add the machine to"
|
||||
}
|
||||
|
||||
variable "tags" {
|
||||
type = map(string)
|
||||
default = {}
|
||||
description = "Tags to add to the server"
|
||||
}
|
||||
88
terraform/web01-old/dns.tf
Normal file
88
terraform/web01-old/dns.tf
Normal file
|
|
@ -0,0 +1,88 @@
|
|||
locals {
|
||||
subdomains = [
|
||||
"@",
|
||||
"git",
|
||||
"mail",
|
||||
"cache",
|
||||
"matrix",
|
||||
"www"
|
||||
]
|
||||
domains = [
|
||||
var.domain,
|
||||
"www.${var.domain}",
|
||||
"git.${var.domain}",
|
||||
"mail.${var.domain}",
|
||||
"cache.${var.domain}",
|
||||
"matrix.${var.domain}",
|
||||
]
|
||||
}
|
||||
|
||||
#resource "hetznerdns_zone" "server" {
|
||||
# name = var.domain
|
||||
# ttl = 3600
|
||||
#}
|
||||
#
|
||||
#resource "hetznerdns_record" "server_a" {
|
||||
# for_each = toset(local.subdomains)
|
||||
# zone_id = hetznerdns_zone.server.id
|
||||
# name = each.value
|
||||
# type = "A"
|
||||
# value = hcloud_server.server.ipv4_address
|
||||
#}
|
||||
#
|
||||
#resource "hetznerdns_record" "server_aaaa" {
|
||||
# for_each = toset(local.subdomains)
|
||||
# zone_id = hetznerdns_zone.server.id
|
||||
# name = each.value
|
||||
# type = "AAAA"
|
||||
# value = hcloud_server.server.ipv6_address
|
||||
#}
|
||||
#
|
||||
## for sending emails
|
||||
#resource "hetznerdns_record" "spf" {
|
||||
# zone_id = hetznerdns_zone.server.id
|
||||
# name = "@"
|
||||
# type = "TXT"
|
||||
# value = "\"v=spf1 ip4:${hcloud_server.server.ipv4_address} ip6:${hcloud_server.server.ipv6_address} ~all\""
|
||||
#}
|
||||
#
|
||||
#resource "hetznerdns_record" "dkim" {
|
||||
# zone_id = hetznerdns_zone.server.id
|
||||
# name = "v1._domainkey"
|
||||
# type = "TXT"
|
||||
# # take from `systemctl status opendkim`
|
||||
# value = "\"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTFSkQcM0v6mC4kiWEoF/EgK/hPVgOBJlHesLVIe+8BmidylaUowKlyC2gECipXhoVX9++OfMFAKNtGrIJcCTVNH/DRGkhbHLSxzzXijCbJ7G/fjpHRifpxMydEmybQDKdidR44YMR74Aj0OwUEgu+N/yJZ2+ubOlstW0fZJaJwQIDAQAB\""
|
||||
#}
|
||||
#
|
||||
#resource "hetznerdns_record" "adsp" {
|
||||
# zone_id = hetznerdns_zone.server.id
|
||||
# name = "_adsp._domainkey"
|
||||
# type = "TXT"
|
||||
# value = "\"dkim=all;\""
|
||||
#}
|
||||
#
|
||||
#resource "hetznerdns_record" "matrix" {
|
||||
# zone_id = hetznerdns_zone.server.id
|
||||
# name = "_matrix._tcp"
|
||||
# type = "SRV"
|
||||
# value = "0 5 443 matrix"
|
||||
#}
|
||||
#
|
||||
#resource "hetznerdns_record" "dmarc" {
|
||||
# zone_id = hetznerdns_zone.server.id
|
||||
# name = "_dmarc"
|
||||
# type = "TXT"
|
||||
# value = "\"v=DMARC1; p=none; adkim=r; aspf=r; rua=mailto:joerc.dmarc@thalheim.io; ruf=mailto:joerg.dmarc@thalheim.io; pct=100\""
|
||||
#}
|
||||
|
||||
resource "hcloud_rdns" "master_a" {
|
||||
server_id = hcloud_server.server.id
|
||||
ip_address = hcloud_server.server.ipv4_address
|
||||
dns_ptr = "mail.${var.domain}"
|
||||
}
|
||||
|
||||
resource "hcloud_rdns" "master_aaaa" {
|
||||
server_id = hcloud_server.server.id
|
||||
ip_address = hcloud_server.server.ipv6_address
|
||||
dns_ptr = "mail.${var.domain}"
|
||||
}
|
||||
39
terraform/web01-old/main.tf
Normal file
39
terraform/web01-old/main.tf
Normal file
|
|
@ -0,0 +1,39 @@
|
|||
# Record the SSH public key into Hetzner Cloud
|
||||
data "hcloud_ssh_keys" "server" {
|
||||
with_selector = "web01=true"
|
||||
}
|
||||
|
||||
resource "hcloud_server" "server" {
|
||||
image = "debian-10"
|
||||
keep_disk = true
|
||||
name = "web01"
|
||||
server_type = var.server_type
|
||||
ssh_keys = data.hcloud_ssh_keys.server.ssh_keys.*.name
|
||||
backups = false
|
||||
labels = var.tags
|
||||
|
||||
location = var.server_location
|
||||
|
||||
lifecycle {
|
||||
# Don't destroy server instance if ssh keys changes.
|
||||
ignore_changes = [ssh_keys]
|
||||
prevent_destroy = false
|
||||
}
|
||||
}
|
||||
|
||||
module "deploy" {
|
||||
depends_on = [local_file.nixos_vars]
|
||||
source = "github.com/numtide/nixos-anywhere//terraform/all-in-one"
|
||||
nixos_system_attr = ".#nixosConfigurations.${var.nixos_flake_attr}.config.system.build.toplevel"
|
||||
nixos_partitioner_attr = ".#nixosConfigurations.${var.nixos_flake_attr}.config.system.build.diskoNoDeps"
|
||||
target_host = hcloud_server.server.ipv4_address
|
||||
instance_id = hcloud_server.server.id
|
||||
debug_logging = true
|
||||
}
|
||||
|
||||
locals {
|
||||
nixos_vars = {
|
||||
ipv6_address = hcloud_server.server.ipv6_address
|
||||
ssh_keys = data.hcloud_ssh_keys.server.ssh_keys.*.public_key
|
||||
}
|
||||
}
|
||||
32
terraform/web01-old/variables.tf
Normal file
32
terraform/web01-old/variables.tf
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
variable "server_type" {
|
||||
type = string
|
||||
default = "cpx41"
|
||||
description = "Hetzner cloud server type"
|
||||
}
|
||||
|
||||
variable "server_location" {
|
||||
type = string
|
||||
default = "hel1"
|
||||
description = "Hetzner cloud server location"
|
||||
}
|
||||
|
||||
variable "nixos_vars_file" {
|
||||
type = string
|
||||
description = "File to write NixOS configuration variables to"
|
||||
}
|
||||
|
||||
variable "nixos_flake_attr" {
|
||||
type = string
|
||||
description = "NixOS configuration flake attribute"
|
||||
}
|
||||
|
||||
variable "domain" {
|
||||
type = string
|
||||
description = "Domain name"
|
||||
}
|
||||
|
||||
variable "tags" {
|
||||
type = map(string)
|
||||
default = {}
|
||||
description = "Tags to add to the server"
|
||||
}
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
locals {
|
||||
subdomains = [
|
||||
subhostnames = [
|
||||
"@",
|
||||
"git",
|
||||
"mail",
|
||||
|
|
@ -7,35 +7,35 @@ locals {
|
|||
"matrix",
|
||||
"www"
|
||||
]
|
||||
domains = [
|
||||
var.domain,
|
||||
"www.${var.domain}",
|
||||
"git.${var.domain}",
|
||||
"mail.${var.domain}",
|
||||
"cache.${var.domain}",
|
||||
"matrix.${var.domain}",
|
||||
hostnames = [
|
||||
var.hostname,
|
||||
"www.${var.hostname}",
|
||||
"git.${var.hostname}",
|
||||
"mail.${var.hostname}",
|
||||
"cache.${var.hostname}",
|
||||
"matrix.${var.hostname}",
|
||||
]
|
||||
}
|
||||
|
||||
resource "hetznerdns_zone" "server" {
|
||||
name = var.domain
|
||||
name = var.dns_zone
|
||||
ttl = 3600
|
||||
}
|
||||
|
||||
resource "hetznerdns_record" "server_a" {
|
||||
for_each = toset(local.subdomains)
|
||||
for_each = toset(local.subhostnames)
|
||||
zone_id = hetznerdns_zone.server.id
|
||||
name = each.value
|
||||
type = "A"
|
||||
value = hcloud_server.server.ipv4_address
|
||||
value = var.ipv4_address
|
||||
}
|
||||
|
||||
resource "hetznerdns_record" "server_aaaa" {
|
||||
for_each = toset(local.subdomains)
|
||||
for_each = toset(local.subhostnames)
|
||||
zone_id = hetznerdns_zone.server.id
|
||||
name = each.value
|
||||
type = "AAAA"
|
||||
value = hcloud_server.server.ipv6_address
|
||||
value = var.ipv6_address
|
||||
}
|
||||
|
||||
# for sending emails
|
||||
|
|
@ -43,20 +43,20 @@ resource "hetznerdns_record" "spf" {
|
|||
zone_id = hetznerdns_zone.server.id
|
||||
name = "@"
|
||||
type = "TXT"
|
||||
value = "\"v=spf1 ip4:${hcloud_server.server.ipv4_address} ip6:${hcloud_server.server.ipv6_address} ~all\""
|
||||
value = "\"v=spf1 ip4:${var.ipv4_address} ip6:${var.ipv6_address} ~all\""
|
||||
}
|
||||
|
||||
resource "hetznerdns_record" "dkim" {
|
||||
zone_id = hetznerdns_zone.server.id
|
||||
name = "v1._domainkey"
|
||||
name = "v1._hostnamekey"
|
||||
type = "TXT"
|
||||
# take from `systemctl status opendkim`
|
||||
value = "\"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTFSkQcM0v6mC4kiWEoF/EgK/hPVgOBJlHesLVIe+8BmidylaUowKlyC2gECipXhoVX9++OfMFAKNtGrIJcCTVNH/DRGkhbHLSxzzXijCbJ7G/fjpHRifpxMydEmybQDKdidR44YMR74Aj0OwUEgu+N/yJZ2+ubOlstW0fZJaJwQIDAQAB\""
|
||||
value = "\"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpQeJirqh8VFGHRQBemqF5CeicC/5qHJn3vqKkVIOQNqkgp7IE+EZDg+MXoxMQZEJ0RbO0JpZZgYpOf3jf8o5w56WbE4dbpbi+9112R57k5w41R16Q0EUjf7MbrLJqcF6mtf+3bPklF9ngdcWhgN024YfhR9SlebCOapCVYqVt8QIDAQAB\""
|
||||
}
|
||||
|
||||
resource "hetznerdns_record" "adsp" {
|
||||
zone_id = hetznerdns_zone.server.id
|
||||
name = "_adsp._domainkey"
|
||||
name = "_adsp._hostnamekey"
|
||||
type = "TXT"
|
||||
value = "\"dkim=all;\""
|
||||
}
|
||||
|
|
@ -74,15 +74,3 @@ resource "hetznerdns_record" "dmarc" {
|
|||
type = "TXT"
|
||||
value = "\"v=DMARC1; p=none; adkim=r; aspf=r; rua=mailto:joerc.dmarc@thalheim.io; ruf=mailto:joerg.dmarc@thalheim.io; pct=100\""
|
||||
}
|
||||
|
||||
resource "hcloud_rdns" "master_a" {
|
||||
server_id = hcloud_server.server.id
|
||||
ip_address = hcloud_server.server.ipv4_address
|
||||
dns_ptr = "mail.${var.domain}"
|
||||
}
|
||||
|
||||
resource "hcloud_rdns" "master_aaaa" {
|
||||
server_id = hcloud_server.server.id
|
||||
ip_address = hcloud_server.server.ipv6_address
|
||||
dns_ptr = "mail.${var.domain}"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,39 +1,32 @@
|
|||
# Record the SSH public key into Hetzner Cloud
|
||||
data "hcloud_ssh_keys" "server" {
|
||||
with_selector = "web01=true"
|
||||
locals {
|
||||
}
|
||||
|
||||
resource "hcloud_server" "server" {
|
||||
image = "debian-10"
|
||||
keep_disk = true
|
||||
name = "web01"
|
||||
server_type = var.server_type
|
||||
ssh_keys = data.hcloud_ssh_keys.server.ssh_keys.*.name
|
||||
backups = false
|
||||
labels = var.tags
|
||||
|
||||
location = var.server_location
|
||||
|
||||
lifecycle {
|
||||
# Don't destroy server instance if ssh keys changes.
|
||||
ignore_changes = [ssh_keys]
|
||||
prevent_destroy = false
|
||||
resource "null_resource" "nixos-anywhere" {
|
||||
triggers = {
|
||||
instance_id = var.ipv4_address
|
||||
}
|
||||
connection {
|
||||
type = "ssh"
|
||||
user = "root"
|
||||
host = var.ipv4_address
|
||||
}
|
||||
provisioner "remote-exec" {
|
||||
# needed because kexec is broken
|
||||
# https://github.com/numtide/nixos-anywhere/issues/136
|
||||
script = "${path.module}/nixosify.sh"
|
||||
}
|
||||
provisioner "local-exec" {
|
||||
environment = {
|
||||
HOST = var.ipv4_address
|
||||
FLAKE_ATTR = var.nixos_flake_attr
|
||||
SOPS_SECRETS_FILE = var.sops_secrets_file
|
||||
}
|
||||
command = "bash -x ${path.module}/install.sh"
|
||||
}
|
||||
}
|
||||
|
||||
module "deploy" {
|
||||
depends_on = [local_file.nixos_vars]
|
||||
source = "github.com/numtide/nixos-anywhere//terraform/all-in-one"
|
||||
nixos_system_attr = ".#nixosConfigurations.${var.nixos_flake_attr}.config.system.build.toplevel"
|
||||
nixos_partitioner_attr = ".#nixosConfigurations.${var.nixos_flake_attr}.config.system.build.diskoNoDeps"
|
||||
target_host = hcloud_server.server.ipv4_address
|
||||
instance_id = hcloud_server.server.id
|
||||
debug_logging = true
|
||||
}
|
||||
|
||||
locals {
|
||||
nixos_vars = {
|
||||
ipv6_address = hcloud_server.server.ipv6_address
|
||||
ssh_keys = data.hcloud_ssh_keys.server.ssh_keys.*.public_key
|
||||
ipv6_address = var.ipv6_address
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,13 +1,11 @@
|
|||
variable "server_type" {
|
||||
variable "ipv4_address" {
|
||||
type = string
|
||||
default = "cpx41"
|
||||
description = "Hetzner cloud server type"
|
||||
description = "IPv4 address of the machine"
|
||||
}
|
||||
|
||||
variable "server_location" {
|
||||
variable "ipv6_address" {
|
||||
type = string
|
||||
default = "hel1"
|
||||
description = "Hetzner cloud server location"
|
||||
description = "IPv6 address of the machine"
|
||||
}
|
||||
|
||||
variable "nixos_vars_file" {
|
||||
|
|
@ -20,9 +18,19 @@ variable "nixos_flake_attr" {
|
|||
description = "NixOS configuration flake attribute"
|
||||
}
|
||||
|
||||
variable "domain" {
|
||||
variable "sops_secrets_file" {
|
||||
type = string
|
||||
description = "Domain name"
|
||||
description = "Path to SOPS secrets file storing the secrets for ssh keys and cryptsetup keys"
|
||||
}
|
||||
|
||||
variable "hostname" {
|
||||
type = string
|
||||
description = "Zone name of the machine"
|
||||
}
|
||||
|
||||
variable "dns_zone" {
|
||||
type = string
|
||||
description = "DNS zone to add the machine to"
|
||||
}
|
||||
|
||||
variable "tags" {
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user