rpqt/flocon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: rpqt:a0bec48175c53986204fb4e91c578b5764ac48cc
Branches Tags
rpqt:main rpqt:clan
...
compare: rpqt:26600f06476f527909666c51763ce52bf7494043
Branches Tags
rpqt:main rpqt:clan

15 Commits
a0bec48175 ... 26600f0647

Author SHA1 Message Date
Romain Paquet
26600f0647 ssh: add hostnames 2025-11-24 17:39:44 +01:00
Romain Paquet
33721c639c verbena: remove default acme email 2025-11-24 17:39:44 +01:00
Romain Paquet
680def4278 genepi: open web ports to wireguard network 2025-11-24 17:39:44 +01:00
Romain Paquet
18cb4dfc1c sq 2025-11-24 17:39:44 +01:00
Romain Paquet
a81d006e64 clan: use infra output IPs for internet connector 2025-11-24 17:19:27 +01:00
Romain Paquet
6e14a60047 genepi: add terminfo 2025-11-24 17:18:01 +01:00
Romain Paquet
7f80af6b0c set adwaita as default font 2025-11-24 17:17:25 +01:00
Romain Paquet
64c00fe618 vicinae: use nixpkgs package 2025-11-24 17:15:24 +01:00
Romain Paquet
d7243cc7c3 verbena: replace IP literals with infra ouputs 2025-11-24 17:13:57 +01:00
Romain Paquet
649f58d875 home-manager: add yazi 2025-11-24 17:13:13 +01:00
Romain Paquet
c9e10e4081 update flake inputs 2025-11-24 17:12:52 +01:00
Romain Paquet
5f6ba8e29d infra: add flake module and crocus exports 2025-11-24 17:12:29 +01:00
Romain Paquet
925cf3140c Update vars via generator step-intermediate-cert for machine verbena 2025-11-22 15:02:45 +01:00
Romain Paquet
bfe95b15ef Update vars via generator step-intermediate-key for machine verbena 2025-11-22 15:02:44 +01:00
Romain Paquet
0a232abe5f Update vars via generator step-ca for machine crocus 2025-11-22 15:02:44 +01:00
20 changed files with 127 additions and 51 deletions
Expand all files Collapse all files

6
clan/network.nix
View File

@@ -1,3 +1,4 @@
{ self, ... }:
{ {
clan.inventory.instances.zerotier = { clan.inventory.instances.zerotier = {
roles.controller.machines.crocus = { }; roles.controller.machines.crocus = { };
@@ -13,9 +14,8 @@
}; };
clan.inventory.instances.internet = { clan.inventory.instances.internet = {
roles.default.machines.verbena = { roles.default.machines.verbena.settings.host = self.infra.machines.verbena.ipv4;
settings.host = "git.turifer.dev"; roles.default.machines.crocus.settings.host = self.infra.machines.crocus.ipv4;
};
}; };
clan.inventory.instances.wireguard = { clan.inventory.instances.wireguard = {

60
flake.lock generated
View File

@@ -41,11 +41,11 @@
"treefmt-nix": "treefmt-nix_2" "treefmt-nix": "treefmt-nix_2"
}, },
"locked": { "locked": {
"lastModified": 1763669555, "lastModified": 1763806343,
"narHash": "sha256-uYXZM7u2P6mAMH4JLWYrE/16tZlur+iiKTeYexobf9g=", "narHash": "sha256-dXCgpw9WgaiyymspX/v2vWOpNaSgl6kR4SBNvE5aCs0=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "edc92e561600b4f778ba1b88e357ee2305c5038a", "rev": "7fd1f6cf7e93d344baeec8c15bbf54282551b073",
"revCount": 11117, "revCount": 11125,
"type": "git", "type": "git",
"url": "https://git.clan.lol/clan/clan-core" "url": "https://git.clan.lol/clan/clan-core"
}, },
@@ -62,11 +62,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1763701643, "lastModified": 1763788986,
"narHash": "sha256-6lytTY75PO2tIbptdF6xM9QMhoRE4O94/E1teR55LAQ=", "narHash": "sha256-uYgLhTSxWs9IRpia5Hxd7AMCaE0plr0+QhWBf26h9V0=",
"owner": "AvengeMedia", "owner": "AvengeMedia",
"repo": "DankMaterialShell", "repo": "DankMaterialShell",
"rev": "dfe2f3771b10b5d042a2d7eca04361e64df6431a", "rev": "58bf1899410536c4244b9d44c243426dc1b2a2c9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -192,11 +192,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1762980239, "lastModified": 1763759067,
"narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=", "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "52a2caecc898d0b46b2b905f058ccc5081f842da", "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -205,24 +205,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"hercules-ci-effects": { "hercules-ci-effects": {
"inputs": { "inputs": {
"flake-parts": [ "flake-parts": [
@@ -255,11 +237,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1763416652, "lastModified": 1763748372,
"narHash": "sha256-8EBEEvtzQ11LCxpQHMNEBQAGtQiCu/pqP9zSovDSbNM=", "narHash": "sha256-AUc78Qv3sWir0hvbmfXoZ7Jzq9VVL97l+sP9Jgms+JU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "ea164b7c9ccdc2321379c2ff78fd4317b4c41312", "rev": "d10a9b16b2a3ee28433f3d1c603f4e9f1fecb8e1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -463,11 +445,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1763421233, "lastModified": 1763678758,
"narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", "narHash": "sha256-+hBiJ+kG5IoffUOdlANKFflTT5nO3FrrR2CA3178Y5s=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648", "rev": "117cc7f94e8072499b0a7aa4c52084fa4e11cc9b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -625,17 +607,17 @@
}, },
"vicinae": { "vicinae": {
"inputs": { "inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ],
"systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1763505293, "lastModified": 1763768455,
"narHash": "sha256-huleUPkt0iZJZy4e/KPhcHK4ueeqaqiMUu7Ft6NVDFU=", "narHash": "sha256-ZwqW2uH36vPUKrlbzDyz7NoFXKjJOT1Ijvlaz4sIp8E=",
"owner": "vicinaehq", "owner": "vicinaehq",
"repo": "vicinae", "repo": "vicinae",
"rev": "e600ffc4ad1e87f3389327adfab8bb8d2f34261e", "rev": "5c965e0777dc4bcb01808c7f214dc56f997bd9c7",
"type": "github" "type": "github"
}, },
"original": { "original": {

1
flake.nix
View File

@@ -19,6 +19,7 @@
./clanServices/flake-module.nix ./clanServices/flake-module.nix
./devShells/flake-module.nix ./devShells/flake-module.nix
./home-manager/flake-module.nix ./home-manager/flake-module.nix
./infra/flake-module.nix
./modules/flake-module.nix ./modules/flake-module.nix
./packages/flake-module.nix ./packages/flake-module.nix
]; ];

1
home-manager/cli.nix
View File

@@ -26,6 +26,7 @@
taskwarrior3 taskwarrior3
tealdeer tealdeer
vivid vivid
yazi
zoxide zoxide
]; ];

4
home-manager/desktop/fonts.nix
View File

@@ -6,4 +6,8 @@
]; ];
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;
fonts.fontconfig.defaultFonts = {
sansSerif = [ "Adwaita Sans" ];
monospace = [ "Adwaita Mono" ];
};
} }

2
home-manager/desktop/vicinae.nix
View File

@@ -1,6 +1,7 @@
{ {
config, config,
inputs, inputs,
pkgs,
lib, lib,
... ...
}: }:
@@ -12,6 +13,7 @@
services.vicinae = { services.vicinae = {
enable = true; enable = true;
autoStart = true; autoStart = true;
package = pkgs.vicinae;
}; };
xdg.configFile."vicinae/vicinae.json".source = xdg.configFile."vicinae/vicinae.json".source =

3
home/.ssh/config
View File

@@ -1,8 +1,11 @@
Host crocus Host crocus
HostName crocus.home.rpqt.fr
User root User root
Host verbena Host verbena
HostName verbena.home.rpqt.fr
User root User root
Host genepi Host genepi
HostName genepi.home.rpqt.fr
User root User root

4
infra/crocus.tf
View File

@@ -62,3 +62,7 @@ resource "hcloud_firewall" "crocus_firewall" {
source_ips = ["0.0.0.0/0", "::/0"] source_ips = ["0.0.0.0/0", "::/0"]
} }
} }
output "crocus_ipv4" {
value = hcloud_primary_ip.crocus_ipv4.ip_address
}

18
infra/flake-module.nix Normal file
View File

@@ -0,0 +1,18 @@
{
flake.infra =
let
tf_outputs = builtins.fromJSON (builtins.readFile ../infra/outputs.json);
in
{
machines = {
verbena = {
ipv4 = tf_outputs.verbena_ipv4.value;
ipv6 = tf_outputs.verbena_ipv6.value;
gateway6 = tf_outputs.verbena_gateway6.value;
};
crocus = {
ipv4 = tf_outputs.crocus_ipv4.value;
};
};
};
}

5
infra/outputs.json
View File

@@ -1,4 +1,9 @@
{ {
"crocus_ipv4": {
"sensitive": false,
"type": "string",
"value": "116.203.18.122"
},
"verbena_gateway6": { "verbena_gateway6": {
"sensitive": false, "sensitive": false,
"type": "string", "type": "string",

2
machines/genepi/configuration.nix
View File

@@ -25,6 +25,8 @@
self.nixosModules.nix-defaults self.nixosModules.nix-defaults
self.nixosModules.user-rpqt self.nixosModules.user-rpqt
self.inputs.srvos.nixosModules.mixins-terminfo
]; ];
networking.hostName = "genepi"; networking.hostName = "genepi";

4
machines/genepi/nginx.nix
View File

@@ -6,4 +6,8 @@
}; };
networking.firewall.interfaces."zts7mq7onf".allowedTCPPorts = [ 443 ]; networking.firewall.interfaces."zts7mq7onf".allowedTCPPorts = [ 443 ];
networking.firewall.interfaces."wireguard".allowedTCPPorts = [
80
443
];
} }

12
machines/verbena/configuration.nix
View File

@@ -1,7 +1,4 @@
{ self, lib, ... }: { self, lib, ... }:
let
tf_outputs = builtins.fromJSON (builtins.readFile ../../infra/outputs.json);
in
{ {
imports = [ imports = [
self.nixosModules.nix-defaults self.nixosModules.nix-defaults
@@ -20,13 +17,13 @@ in
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
networking.defaultGateway6 = { networking.defaultGateway6 = {
address = tf_outputs.verbena_gateway6.value; address = self.infra.machines.verbena.gateway6;
interface = "ens3"; interface = "ens3";
}; };
networking.interfaces."ens3" = { networking.interfaces."ens3" = {
ipv6.addresses = [ ipv6.addresses = [
{ {
address = tf_outputs.verbena_ipv6.value; address = self.infra.machines.verbena.ipv6;
prefixLength = 64; prefixLength = 64;
} }
]; ];
@@ -45,8 +42,5 @@ in
443 443
]; ];
security.acme = { security.acme.acceptTerms = true;
acceptTerms = true;
defaults.email = "admin@turifer.dev";
};
} }

11
vars/per-machine/verbena/step-intermediate-cert/intermediate.crt/value Normal file
View File

@@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBmzCCAUGgAwIBAgIRALMIUcjKX/BUO1h5k+5GU7MwCgYIKoZIzj0EAwIwFzEV
MBMGA1UEAxMMQ2xhbiBSb290IENBMB4XDTI1MTEyMjAyMDI0NVoXDTI2MTEyMjE0
MDI0NVowHzEdMBsGA1UEAxMUQ2xhbiBJbnRlcm1lZGlhdGUgQ0EwWTATBgcqhkjO
PQIBBggqhkjOPQMBBwNCAATzv2ktJtY0x2czkJDKaTucQ9xuFdgKMRXRbcdHRW5e
abKOEJ8BCWdaYQa9SKztMu5V9TTInqYo9+MqDLyyM9/To2YwZDAOBgNVHQ8BAf8E
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUkB4ETjcnhqUlXSQ1
TvLMMrFK1hwwHwYDVR0jBBgwFoAUWdZmxk+2XBZzgVucaLlY3rD0p3owCgYIKoZI
zj0EAwIDSAAwRQIhANpFk+c7h1VqH2x/zyyL82uZti6zbbYiteQ9RJ2jtqkbAiAv
vKAz5q2poLKocrMBz4N2ABBr3Y6IO7kPCIvoXBrEMA==
-----END CERTIFICATE-----

1
vars/per-machine/verbena/step-intermediate-key/intermediate.key/machines/verbena Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/machines/verbena

18
vars/per-machine/verbena/step-intermediate-key/intermediate.key/secret Normal file
View File

@@ -0,0 +1,18 @@
{
"data": "ENC[AES256_GCM,data:QviBFbMDWAFaeuBSOCTA+qnQZlOIK1KZVK/6GzlsmouLxh1rytk6EGeSQycHAhQwuddinTfU3VKGT2PZUmUhOinHrcf3RBlD+QMRUSf4Ikj4Q5dCwW3agSe7fzRutRVTA5cjBQaKnWPllYmy4+l3Am9UfOPwz8nETzvMK2IfttaQf4w6KJOvg/mxT2OM96pzRIcITLBeNpZI6Jxjds9LQVcisEwpQyxbJ7qi5QnICq5wTtlhh6fGaYM38FTLcSi7NIspP3BN8teX8oOdY01JjnXpIuMSKVQSya6RPUWTEQ36hlY=,iv:E/SCmZoEGVu1ou3Co+kEXDm6cJFrLrvSTbfdkeHrkIU=,tag:+4ACjvUtTT22r4uepTfWjg==,type:str]",
"sops": {
"age": [
{
"recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzNVA1WFN4Zzdra3N5eFgr\nYXlsV1VTREdNUXRabnc2M3BvMUc1dGtUc2hZCmxETndnMHhOZld6SlVqSjdpMmpr\nVHpUcEZNZGoyeTRRb0xuNForWFI5Qk0KLS0tIHk2bThkWnhZMkxzZGVCTnpjK1BB\ndFhqeFhtbU1BZjd6d2ppZFUreGFnMkEKI0p6y7ceUxUjoPyYh5XbsCIVlT7SPib4\nNl2cy/Lwtn9i1U0UmNTpsVYzVZqaPUIQgsnyiNdPXQhQBR+F1EUVUA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1teege0n8gf9qcheuxtpy7cltf8aczt9ugh8ztp9v4fftn3wwd4jsz0lpeh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzTUhtbExZWS8rd0t3NGZS\nRnFYdEdGdTREVEg1UC92NU5pV01ScnZndm4wCkN0ZmdqdGdqckNXWDlORlJDRjJ5\nTEhJdkhrZDdsSCt0bmRqMEpQbEJVNTgKLS0tIG5vK1kyMnFSUWY4SDlNTHpZYkVI\nK3FqMWpYTS9naVViZGwzK2NZOEpDbU0Km5/uuZUR4c7E1nnna3MkBjIswS5/M9Ct\nLDXGXjjaksqwukGjPEMvcu57f34TbLwMAZuPUc0OKbIOQtldokwugg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-11-22T14:02:44Z",
"mac": "ENC[AES256_GCM,data:9MuR8Na+/sEhfuTBrgHk2ydsUgo3UIQYzS4PMWIwCcqKTzZ4rqB2Xynq0PCsqq+3l/ZadtzDwB8gRP6m0f+wL3ZUY8lMG74lek6mBLLAaIUZSflgg24V2o0naKWCZVXWld2GKWDOxupUM5bWYE6SLwhOuepSZ4JMH59mD925v9Q=,iv:aKzJFPgfVqqpETySdFIM0+MVGr8IFcy0M2lzbWVPjAM=,tag:vZyPNmwcF5l1PgyMBjtp4g==,type:str]",
"version": "3.11.0"
}
}

1
vars/per-machine/verbena/step-intermediate-key/intermediate.key/users/rpqt Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/users/rpqt

10
vars/shared/step-ca/ca.crt/value Normal file
View File

@@ -0,0 +1,10 @@
-----BEGIN CERTIFICATE-----
MIIBcjCCARegAwIBAgIQBATaX7P9gLOPdEvyU6ulFDAKBggqhkjOPQQDAjAXMRUw
EwYDVQQDEwxDbGFuIFJvb3QgQ0EwHhcNMjUxMTIyMDIwMjQ0WhcNMjYxMTIyMTQw
MjQ0WjAXMRUwEwYDVQQDEwxDbGFuIFJvb3QgQ0EwWTATBgcqhkjOPQIBBggqhkjO
PQMBBwNCAAQ3PdFudbQHMrKLU59IeUqw1kUOwTAWco5d4fLUrz5JpaSDsq0UJT1j
wayaUeFstMGEQqOZ5nqle7UC64G7Wn1Lo0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYD
VR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUWdZmxk+2XBZzgVucaLlY3rD0p3ow
CgYIKoZIzj0EAwIDSQAwRgIhANS0Pn0MmVx3w6+h0686NBrvobqt6Tue9/WlkAW6
mJTlAiEA5j8DHm66BnmlYlCqQaz9wuAQ4q+g26XqWvvlEFkpYuo=
-----END CERTIFICATE-----

14
vars/shared/step-ca/ca.key/secret Normal file
View File

@@ -0,0 +1,14 @@
{
"data": "ENC[AES256_GCM,data:eJ0fq3tBFpJmKad1zQoY/2EczN1tnER8Mxo8erioOUBi0caiH3BRUdHQzLU9gbfbmr2CX6X0PzX1G5TknROF4d0n7pK4lLzlH+/zXX9niLkZKf4sNibUcAa6xwaUu+bQZPdrbMsxz0hFjztTHfhhcEkqTwImYcJxtmKNQTc0qJSq7C4j82QVJzN+rvAnuEBp3pXMnqbbpmmUG4D6oIvdR8f5e5E8qe/fO13s8EglU583/sTV5Jm/dMPvyQVhL2U18GiRAXCTcJ8abHU1yczMU4aZKqpQwinG1pLg267IRxvrSaM=,iv:+NWxLy+HEtZ2m8eJGk6Y6t0B96QhdLa7zBtLEMz1KRM=,tag:7ccHbUUEW+GX/TsfBHzdXw==,type:str]",
"sops": {
"age": [
{
"recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5TjB2VGZqQ3IyRStqQzNX\nbXVhT1pXei9xUTZ3MExLNDBIbkJPaWNyOFhZClBqZ2M3d1ZCcVlQTzlUbndoZ1c0\nVUNlTWdvcDI5aEJhQ21SSytVQ0lGVFUKLS0tIFd4VkphTVJxaXBhUEo5ZVM5bDcr\nTHpNSkt3QWtJbi9aVHhvTUZuK0RNeXMK29n+ztstGWzPcMeQ95Hg8m9SjrXlgjq+\nWNnky4dNUInqw5ZQrJW8ZYa7x3N0+dSw9jVxqNdfiyZBs8Cw2lkuJA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-11-22T14:02:44Z",
"mac": "ENC[AES256_GCM,data:Zua39bnqFiyDcf5aWMo/PcbjN8/EAecI/nOuQ7WwSE7KHhQ+wnYMDaeQFROYSjvlJdzn4upCeQCpid+k09ZSYE3upUdCVSiPqo+IFziE9kifs5if5LS1V39QKvHP5h2rXPrwS+bYPk8Z198HyX3SUu0yoU7DVZ+zrt4s9hbzuAA=,iv:NxsrTAhEYPvWGjG64n7mK7ABDXaLKHxYazqYfuP4giY=,tag:AbpEDuNkC3kBOtonVzdBdA==,type:str]",
"version": "3.11.0"
}
}

1
vars/shared/step-ca/ca.key/users/rpqt Symbolic link
View File

@@ -0,0 +1 @@
../../../../../sops/users/rpqt