feat(axol): Add headscale module #13

Merged
minion merged 1 commit from push-rqkrwtstruvr into main 2024-08-08 22:37:18 +00:00
6 changed files with 525 additions and 16 deletions

View file

@ -44,6 +44,97 @@
"type": "github"
}
},
"agenix-rekey_2": {
"inputs": {
"devshell": "devshell_2",
"flake-utils": "flake-utils_3",
"nixpkgs": [
"clicks",
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks_2"
},
"locked": {
"lastModified": 1722597419,
"narHash": "sha256-YbMzll0Dh2ln/TryDP+S3IGm8nRHkzcSQIubI4ZEOAw=",
"owner": "oddlama",
"repo": "agenix-rekey",
"rev": "126b4a5133eb361cbf5bf90e44c71b6f830845ec",
"type": "github"
},
"original": {
"owner": "oddlama",
"repo": "agenix-rekey",
"type": "github"
}
},
"agenix_2": {
"inputs": {
"darwin": "darwin_2",
"home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_3",
"systems": "systems_5"
},
"locked": {
"lastModified": 1722339003,
"narHash": "sha256-ZeS51uJI30ehNkcZ4uKqT4ZDARPyqrHADSKAwv5vVCU=",
"owner": "ryantm",
"repo": "agenix",
"rev": "3f1dae074a12feb7327b4bf43cbac0d124488bb7",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"aux--docs-site": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": [
"clicks",
"nixpkgs"
],
"snowfall-lib": [
"clicks",
"snowfall-lib"
],
"wiki": [
"clicks",
"aux--wiki"
]
},
"locked": {
"lastModified": 1716650000,
"narHash": "sha256-JmR6GR0gzSvtz4BdcfickEqU2m9jBIzzP0XDWA1llZA=",
"ref": "refs/heads/main",
"rev": "c403a8151b87654a0cb24ad28fb23edc3f78906e",
"revCount": 14,
"type": "git",
"url": "https://git.auxolotl.org/auxolotl/docs-site"
},
"original": {
"type": "git",
"url": "https://git.auxolotl.org/auxolotl/docs-site"
}
},
"aux--wiki": {
"flake": false,
"locked": {
"lastModified": 1722641105,
"narHash": "sha256-jdDGNg/qcsFmacZQX2RoEILoRLeMRWtA7OEre1ZRDxc=",
"ref": "refs/heads/main",
"rev": "9269687c6d49976d904516120dcf84bbe659900c",
"revCount": 210,
"type": "git",
"url": "https://git.auxolotl.org/auxolotl/wiki"
},
"original": {
"type": "git",
"url": "https://git.auxolotl.org/auxolotl/wiki"
}
},
"auxolotl-website": {
"inputs": {
"nixpkgs": [
@ -85,6 +176,42 @@
"url": "https://git.auxolotl.org/auxolotl/buildbot-nix.git"
}
},
"clicks": {
"inputs": {
"agenix": "agenix_2",
"agenix-rekey": "agenix-rekey_2",
"aux--docs-site": "aux--docs-site",
"aux--wiki": "aux--wiki",
"deploy-rs": [
"deploy-rs"
],
"flake-utils": "flake-utils_5",
"home-manager": "home-manager_3",
"impermanence": "impermanence",
"nixpkgs": [
"nixpkgs"
],
"snowfall-lib": [
"snowfall-lib"
],
"unstable": [
"unstable"
]
},
"locked": {
"lastModified": 1723155917,
"narHash": "sha256-wCGcBVZs6VuE/8K0tniJk+heyeZpdpNUxBDGFk1sPvo=",
"ref": "refs/heads/main",
"rev": "4123759130ad663a3409048bbc93f3c47ae7af35",
"revCount": 51,
"type": "git",
"url": "https://git.clicks.codes/Infra/NixFiles.git"
},
"original": {
"type": "git",
"url": "https://git.clicks.codes/Infra/NixFiles.git"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@ -107,9 +234,32 @@
"type": "github"
}
},
"darwin_2": {
"inputs": {
"nixpkgs": [
"clicks",
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_4",
"nixpkgs": [
"nixpkgs"
],
@ -151,6 +301,29 @@
"type": "github"
}
},
"devshell_2": {
"inputs": {
"nixpkgs": [
"clicks",
"agenix-rekey",
"nixpkgs"
],
"systems": "systems_6"
},
"locked": {
"lastModified": 1695195896,
"narHash": "sha256-pq9q7YsGXnQzJFkR5284TmxrLNFc0wo4NQ/a5E93CQU=",
"owner": "numtide",
"repo": "devshell",
"rev": "05d40d17bf3459606316e3e9ec683b784ff28f16",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
@ -184,6 +357,22 @@
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1696426674,
@ -199,7 +388,7 @@
"type": "github"
}
},
"flake-compat_4": {
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1650374568,
@ -274,7 +463,7 @@
},
"flake-utils-plus_2": {
"inputs": {
"flake-utils": "flake-utils_3"
"flake-utils": "flake-utils_6"
},
"locked": {
"lastModified": 1715533576,
@ -311,7 +500,61 @@
},
"flake-utils_3": {
"inputs": {
"systems": "systems_6"
"systems": "systems_7"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"inputs": {
"systems": "systems_8"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_5": {
"inputs": {
"systems": "systems_9"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_6": {
"inputs": {
"systems": "systems_11"
},
"locked": {
"lastModified": 1694529238,
@ -349,6 +592,29 @@
"type": "github"
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"clicks",
"agenix-rekey",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1660459072,
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -370,6 +636,64 @@
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"clicks",
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_3": {
"inputs": {
"nixpkgs": [
"clicks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722630065,
"narHash": "sha256-QfM/9BMRkCmgWzrPDK+KbgJOUlSJnfX4OvsUupEUZvA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "afc892db74d65042031a093adb6010c4c3378422",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1719091691,
"narHash": "sha256-AxaLX5cBEcGtE02PeGsfscSb/fWMnyS7zMWBXQWDKbE=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "23c1f06316b67cb5dabdfe2973da3785cfe9c34a",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "impermanence",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1703013332,
@ -402,6 +726,22 @@
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1685801374,
"narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c37ca420157f4abc31e26f436c1145f8951ff373",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1721838734,
@ -419,6 +759,22 @@
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1703013332,
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1721743106,
"narHash": "sha256-adRZhFpBTnHiK3XIELA3IBaApz70HwCYfv7xNrHjebA=",
@ -462,14 +818,45 @@
"type": "github"
}
},
"pre-commit-hooks_2": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-utils": [
"clicks",
"agenix-rekey",
"flake-utils"
],
"gitignore": "gitignore_2",
"nixpkgs": [
"clicks",
"agenix-rekey",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1694364351,
"narHash": "sha256-oadhSCqopYXxURwIA6/Anpe5IAG11q2LhvTJNP5zE6o=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "4f883a76282bc28eb952570afc3d8a1bf6f481d7",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"agenix-rekey": "agenix-rekey",
"auxolotl-website": "auxolotl-website",
"buildbot-nix": "buildbot-nix",
"clicks": "clicks",
"deploy-rs": "deploy-rs",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_4",
"snowfall-lib": "snowfall-lib_2",
"unstable": "unstable"
}
@ -499,23 +886,22 @@
},
"snowfall-lib_2": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-compat": "flake-compat_5",
"flake-utils-plus": "flake-utils-plus_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1717625599,
"narHash": "sha256-qX9VJizFEoiRWDEiVs5+2w4FclQNQVVPvGPESsZ1F8k=",
"lastModified": 1719005984,
"narHash": "sha256-mpFl3Jv4fKnn+5znYXG6SsBjfXHJdRG5FEqNSPx0GLA=",
"owner": "snowfallorg",
"repo": "lib",
"rev": "5a10d2e37b6c6223763fa7c00b974875e49f93cc",
"rev": "c6238c83de101729c5de3a29586ba166a9a65622",
"type": "github"
},
"original": {
"owner": "snowfallorg",
"ref": "dev",
"repo": "lib",
"type": "github"
}
@ -535,6 +921,36 @@
"type": "github"
}
},
"systems_10": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_11": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
@ -610,6 +1026,51 @@
"type": "github"
}
},
"systems_7": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_8": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_9": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
@ -649,7 +1110,7 @@
},
"utils": {
"inputs": {
"systems": "systems_5"
"systems": "systems_10"
},
"locked": {
"lastModified": 1701680307,

View file

@ -9,7 +9,7 @@
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
unstable.url = "github:nixos/nixpkgs/nixos-unstable";
snowfall-lib = {
url = "github:snowfallorg/lib/dev";
url = "github:snowfallorg/lib";
inputs.nixpkgs.follows = "nixpkgs";
};
@ -28,6 +28,16 @@
buildbot-nix.url = "git+https://git.auxolotl.org/auxolotl/buildbot-nix.git";
# Do not override nixpkgs in buildbot-nix (see https://github.com/nix-community/buildbot-nix)
clicks = {
url = "git+https://git.clicks.codes/Infra/NixFiles.git";
inputs = {
deploy-rs.follows = "deploy-rs";
nixpkgs.follows = "nixpkgs";
snowfall-lib.follows = "snowfall-lib";
unstable.follows = "unstable";
};
};
deploy-rs = {
url = "github:serokell/deploy-rs";
inputs.nixpkgs.follows = "nixpkgs";
@ -56,7 +66,7 @@
inputs.agenix-rekey.nixosModules.default
inputs.buildbot-nix.nixosModules.buildbot-master
inputs.buildbot-nix.nixosModules.buildbot-worker
];
] ++ (lib.attrsets.attrValues inputs.clicks.nixosModules);
deploy = lib.mkDeploy {
inherit (inputs) self;
@ -67,7 +77,10 @@
};
agenix-rekey = inputs.agenix-rekey.configure {
userFlake = inputs.self;
userFlake = inputs.self // { outPath = lib.pipe "" [
lib.snowfall.fs.get-snowfall-file
(lib.strings.removeSuffix "/")
]; };
nodes = inputs.self.nixosConfigurations;
};

View file

@ -12,7 +12,7 @@
"${inputs.self}/secrets/keys/minion/iyubikey.pub"
];
storageMode = "local";
generatedSecretsDir = "${inputs.self}/secrets/generated/${config.networking.hostName}";
localStorageDir = "${inputs.self}/secrets/rekeyed/${config.networking.hostName}";
generatedSecretsDir = lib.snowfall.fs.get-snowfall-file "secrets/generated/${config.networking.hostName}";
localStorageDir = lib.snowfall.fs.get-snowfall-file "secrets/rekeyed/${config.networking.hostName}";
};
}

View file

@ -0,0 +1,11 @@
age-encryption.org/v1
-> piv-p256 xE4ypg AotC1OcKc0ti5K6mtsUMYAqbatTWQDKp/2FrnOlzkjdO
0rQChKMRXxIcSYDstypsXuielQrocv4BA5A1sl13OI4
-> piv-p256 Hpt/+Q ApUzYGw2STuEvWzD9ApOVYZt6chkddNNUqMdFrHVLfob
fuEK2OPd+RZ6NyTGDkT9XDqKoRM3PKIH+7uXT2vloeQ
-> piv-p256 zfskmQ A6tQg5bZLRhR6P7Ch1OYGB+8epuYWVgY8NHVt2/duCX4
UZ/siP1+Ee5fOucjCuy9OdJdYr2+HA4UElUJKfR/Z+w
-> :98mk-F1-grease . NZ)[K^Y dH
lNVgE+LU+g
--- jnqRYlJ+O2Gyyq3F+Bg6wbeWnr+BrvnyS7yZJSBVdMA
¾2<ž½úG<7F>²öw;Á•¨É2}æAmw˜Y6ºa©5Éd<EÍ„Ñ×0Î9]µÍpŒ}„ÄçÆ7.À¤™¤Ë¨. ‹äé\FN¢)@µ

View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 JMblKQ K3PuGxokm5IVyWvKINebQ78IludSXmPQ6TszMlJ+y2Y
gSIZJVDNkGEwKqMoqnVWQnZlCtquX8OiY+zokAE3qCs
-> y`qQqQ*-grease K-
uoC/
--- psxc2ttdWjZPh1yijDIrFPs4Mc7naugmqC58dH2UKD4
4¥S0íRî)x´¬ÚbÚð¤hì˜W±Záö•·?U|ì÷é!qéK¶Œ±ÙŽsö³Û Ÿßù·^‰]‡ºå)ïªð1§Á®A˜

View file

@ -6,13 +6,17 @@
# 137.184.177.239
{
pkgs,
lib,
modulesPath,
config,
...
}: {
imports = [
(modulesPath + "/virtualisation/digital-ocean-config.nix")
];
age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG+vSEiWVIn53Jyhs0QmVa7d7qkoArCWVbP1yKv46FDX";
boot.loader.grub.enable = true;
virtualisation.digitalOcean.rebuildFromUserData = false;
@ -47,5 +51,18 @@
};
};
clicks.services.headscale = {
enable = true;
domain = "vpn.auxolotl.org";
database_password_path = config.age.secrets."clicks.services.headscale.database_password_path".path;
};
age.secrets."clicks.services.headscale.database_password_path" = {
generator.script = "alnum";
group = "headscale";
mode = "0440"; # Needed to allow headscale group to read
unstableName = true; # Clicks option to base the name on a hash of the contents ... helps with autorestarting services
};
system.stateVersion = "23.11";
}