Compare commits
7 commits
29b55380d1
...
feba5d2ae8
| Author | SHA1 | Date | |
|---|---|---|---|
feba5d2ae8
|
|||
|
b614dcf1ec
|
|||
|
0ebf24af44
|
|||
|
79b3a0ad4d
|
|||
|
39117c4a8a
|
|||
|
9281d05fc2
|
|||
|
f14c230c1a
|
10 changed files with 98 additions and 12 deletions
|
|
@ -4,6 +4,8 @@
|
|||
./modules/home-assistant
|
||||
./modules/dyndns.nix
|
||||
./modules/network.nix
|
||||
./modules/wireguard.nix
|
||||
./modules/users.nix
|
||||
];
|
||||
|
||||
services.logind.lidSwitch = "ignore";
|
||||
|
|
|
|||
|
|
@ -19,10 +19,10 @@
|
|||
|
||||
files.credentials-file.secret = true;
|
||||
script = ''
|
||||
{
|
||||
echo "TG_BOT_TOKEN=$(<$prompts/telegram-bot-token)"
|
||||
echo "HA_AUTH_TOKEN=$(<$prompts/home-assistant-auth-token)"
|
||||
} > $out/credentials-file
|
||||
cat <<EOL > $out/credentials-file
|
||||
TG_BOT_TOKEN=$(<$prompts/telegram-bot-token)
|
||||
HA_AUTH_TOKEN=$(<$prompts/home-assistant-auth-token)
|
||||
EOL
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
@ -38,9 +38,19 @@
|
|||
};
|
||||
};
|
||||
|
||||
services.esphome = {
|
||||
enable = true;
|
||||
address = "::1"; # Proxied trough home assistant
|
||||
virtualisation.oci-containers.containers.esphome = {
|
||||
image = "ghcr.io/esphome/esphome:2025.6.3";
|
||||
volumes = [
|
||||
"/var/lib/esphome:/config"
|
||||
];
|
||||
privileged = true;
|
||||
extraOptions = ["--network=host"]; # Host networking mode is required for online status indicators
|
||||
cmd = [
|
||||
"dashboard"
|
||||
"--address"
|
||||
"::1"
|
||||
"/config"
|
||||
];
|
||||
};
|
||||
|
||||
services.home-assistant = {
|
||||
|
|
|
|||
|
|
@ -27,6 +27,17 @@
|
|||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
"wg.campares.duckdns.org" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
extraConfig = ''
|
||||
proxy_buffering off;
|
||||
'';
|
||||
locations."/" = {
|
||||
proxyPass = "http://[::1]:8000";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
8
machines/aresix/modules/users.nix
Normal file
8
machines/aresix/modules/users.nix
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
{...}: {
|
||||
users.users.juan = {
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFpkZoYCFS6jQyaLgRkG8WlOj8ybpwsJkCWTuKkGB5oA Juan Rey"
|
||||
];
|
||||
};
|
||||
}
|
||||
33
machines/aresix/modules/wireguard.nix
Normal file
33
machines/aresix/modules/wireguard.nix
Normal file
|
|
@ -0,0 +1,33 @@
|
|||
{config, ...}: {
|
||||
clan.core.vars.generators.wg-access-server = {
|
||||
prompts.admin-password = {
|
||||
description = "Password for the wg-access-server admin user";
|
||||
type = "hidden";
|
||||
};
|
||||
|
||||
prompts.wireguard-private-key = {
|
||||
description = "Wireguard private key wg-access-server will use";
|
||||
type = "hidden";
|
||||
};
|
||||
|
||||
files.secrets-file.secret = true;
|
||||
script = ''
|
||||
cat <<EOL > $out/secrets-file
|
||||
adminPassword: $(<$prompts/admin-password)
|
||||
wireguard:
|
||||
privateKey: $(<$prompts/wireguard-private-key)
|
||||
EOL
|
||||
'';
|
||||
};
|
||||
|
||||
services.wg-access-server = {
|
||||
enable = true;
|
||||
|
||||
settings = {
|
||||
httpHost = "::1";
|
||||
};
|
||||
|
||||
secretsFile = config.clan.core.vars.generators.wg-access-server.files.secrets-file.path;
|
||||
};
|
||||
networking.firewall.allowedUDPPorts = [51820 53];
|
||||
}
|
||||
1
vars/per-machine/aresix/state-version/version/value
Normal file
1
vars/per-machine/aresix/state-version/version/value
Normal file
|
|
@ -0,0 +1 @@
|
|||
25.05
|
||||
|
|
@ -1,18 +1,18 @@
|
|||
{
|
||||
"data": "ENC[AES256_GCM,data:pgqGVVzrBFAZUrvUjmOP6/bOwiMa6rdvsrP/G/IdJLK3r1cuSNz+V8eLf7sRQFrPSRNutorO8B2Ni8YZRJ6dBojSs95i0igp49lW3gbO7qQbUaoY/0Pz16XZAhBr0o9XWd8BOQNHTcoqdxxZKYylQySZEBXL8VQO5/BE7tageeEam8x31KExT7m+KHjKO8hV0XFzvXCnIpu7wpfJWsE04PXK+oY5LYpe3cCxtg+1wyBfTp+BFP2I5XZ+Exs+ldOwjMHXJBLP7gSkxggoKRILTsazntUCkk4NxBPqvh7+K4TanRHOONOPnqHXvZfRPrrTbVJdB3Cpe4qvSSDHqry3qSQ=,iv:UinSEY6cXYEPrwHTgWkwggnp4UkfPPNrgKzD2PmpHlQ=,tag:qQmirO5/xCE0vNoTYhmz+A==,type:str]",
|
||||
"data": "ENC[AES256_GCM,data:u8Qp6QJ65xRl9qaOeN4ubFitmmWejYHum0i3/B2IOvobJQFFHkS6kjDOzlP22oj1uTBzXfG4NhktujyeTXz5KdDNSiUsL0IGJ78W8hBYrEUXK/cF4CkqajW1e4OWaxYECbIHOJpFpHVxSNnr1iREHzxrxBkUbVGTxTKCfrYUMihP86HuEEiQSE/CIkdnOiXtHxgBmI4zHC00EdmZSwUv+SH/u0wz/F0uDLknuxdmrJzERSuBzadry6o7BQ/2A3gIQpU/1+CL9gxhV1bWwOK4yb5zSyTIVYCHn+PWUJUNUzrY1UUPb16TC9kG40e8xn8n/f2/0rpK39Mw65hLKInhv5A=,iv:iYcjJqCp2FVqDDynDesenQ+19lSHPOj4PGnbWt8471g=,tag:bgCVCOofqPv5cE+1yqoPSQ==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age12dw69nvfyqype23gmn4cy7wccr6ct3luj05hat4g65kzwqz9rpzs7z4jpe",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKTnpQRnFPRys3dC9nSm5N\ncVJPRWJtbUM0SnN5Nm1YZjAwTS8rVGliYUdJCkdjZlQrUldXaHdhOHo2cldlL0Fq\nU2hqQjNuVkF0Q2Z1MzNyTU9wODNzMGMKLS0tIERuUkZpYzN3NVhNTWRzZEhHemZl\nd01zcGdJdWxsTDNhTG93UlBxZFduaG8KtMvXaBsN9PQ2efabYkfmwpbft5uCYz1k\nqnVEIpNOSzeBhES/3goSgHIQnOU5suDq9K7g9zoK8sRFu4xA6s4esg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZUlaYlVWUHY0alZSOXow\nY1Axai9NYXl4KzVXeW1Hc1drdFIwL1hDelI4CmVSeHQxckNLRFlWWXAydWM0NXpr\nOGZGOHBSZ08zYXI2a1pWVE54aEpVcEEKLS0tIFdvenFKL2N3MVpYd1B4RGl0eWFZ\nWlRTemNyYklnV0duaVpLNTVycnlVMkUKqRUlWiG1WZ3frvEpzrFpJKAX7SYhqBaJ\nYVPZarzqMJ6zYz3rvsx/u9kQlnlS4mhBRzH34bFgmy9rJu9VFl2W1w==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1r2sw9uncvkqtklypw4rttufhw86lhhqrghed8l2kda6hdrd9ypyqm7y863",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSR0Y3eldHOTBpb29jR3dX\ndkY2OHJCN0VDRFhFTlMwbTdZV2hoQ1FZMEM4CkY4U0gvV21VTFE4ZUl5KzZqT3hw\nb0RGNEV4MFF4MGExN1BHRkhVUU91VkEKLS0tIEJWNEg4TUZpLzNmTURERHhRd0tv\nTkJZK09PUVErT1h4RkFVczdWa0JTRlUK8uM4HsUeA6U35Z1eWkRs00vIWGy17qVR\n8uXh/X4jwBtoSgGhisofEoyfXK7CK6R9Jb1VCS8y9nI+sYbOCBp8AA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXcWdaOFdCMXNjZG90Q1Rh\nTHhYY2dDc1RlS3R3ek13d0dleDVZZ2pONlZFCklkQWUrWmNOYU50bnIyL1lRQWpG\na0dTeXAwZUVLOFNGR1p0MTIySkVVQXcKLS0tIDRDNTNyZERqN29nWmxoWHFiaEhY\nWkRieEVMb1pnL1hHWjBtVmoxRU9FVm8KfsOw1InaJLLXagSibhJ5accgV+k2Lz9v\nFPXchmZ4h3hY6JrSG88ihaO48Fvw0R0ic675aP0HUZhqAiDBHQItjQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-08-21T13:43:46Z",
|
||||
"mac": "ENC[AES256_GCM,data:LGw8L3Qq2bRD1OgY2YG5074WVFUJPS9fF5r/TQXYqSNLH4yRumKqyAWWi3wpf4hoDUa9/dkmmsOKbiBq1jVZhRGvUUo246xyd09UMXgNOkYYMkF1PYnz1NCWl1VsmIdm1aGxxpSyGVtoUG7d+bgV9WmFq8yne9VGoO6TOfKmYRY=,iv:yQlt5Q5ApmwzWoS1fdrtiwVfodqRZ3RXI6jBple/gpI=,tag:ifs7TLXvIp9mUgVuoMQV3g==,type:str]",
|
||||
"lastmodified": "2025-08-28T09:17:44Z",
|
||||
"mac": "ENC[AES256_GCM,data:648PFpMAE/k5AOv5sMd6zMccl7RAoXjCoi3h7OpIjdaQEhP2nJxqHAfykGYHQM64cfoAw+QP5bGsyO5Fmkgyo/1Se2PB0gY7juAu5T1wgEzb0IUIrvV5BshUsdBi+IsKcnD4I0oHQmJhD7sFgJMTK1rb4VcpeHCwYgabYSuOW7E=,iv:07aMb3x+iK1TxW7vsu/4vPnOTZ6NIIgDeU6+Gnt24oA=,tag:5TxAmp5gSGRzmYAqeZ7Tog==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.10.2"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1 @@
|
|||
../../../../../../sops/machines/aresix
|
||||
19
vars/per-machine/aresix/wg-access-server/secrets-file/secret
Normal file
19
vars/per-machine/aresix/wg-access-server/secrets-file/secret
Normal file
|
|
@ -0,0 +1,19 @@
|
|||
{
|
||||
"data": "ENC[AES256_GCM,data:xWim7rJWQoBmobM7XTH6RkHNHlu3LBvm+V5Y5BU+lCc79/UtENMqHl6Q+xec6VNQTPcOEo+Nq9nLN50YmKn9P8DH/EeT7do7Om90BY22X8BbMdrg0ibt99LuQgmXKcWE7+YQug==,iv:ScD/Ij+u1294JSXglLep3V41TCz61VQnmH10Sq3R3HM=,tag:6KIgpIA0bzIwOJaNn2+6wg==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age12dw69nvfyqype23gmn4cy7wccr6ct3luj05hat4g65kzwqz9rpzs7z4jpe",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZ0hyMmRxMDZVcmtQaTl0\nVHJGdmFXcVFSYVJ6VFI4UUU5VDBMSjNMVVNBCkRZNk9LTjZ5R3J1MXBTdEc4bXFl\ncXdSdUJicllic1FVN0lpVkFqK2kvdkkKLS0tIFdUQU44UGU3a2x4QTl5ZjkwVExC\nWGJVNHVsdkQ0MlpRNnRBckYyWFFyOU0K1sXvQXdHc8U+Djwj/N6h0Wn0z3qPkA4n\nPTnA5Uwlx9LKOBOfPl3cvIPVUXbP0w9q1Q3iCt6z2kcpeqEN6tginQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1r2sw9uncvkqtklypw4rttufhw86lhhqrghed8l2kda6hdrd9ypyqm7y863",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVSDZwZVdWZWRLZ1lYQVJv\nU3pNSmc5SW5wbGN1bnlVTVRGZkVDWUNRc1FFCnZuTWEzZWhrUnI4TnY1ZFk2WDB1\ndmtZYVh0Uk5sOG1PKzZKWVNQQWZNZWsKLS0tIDU4bm90VThZYVBPdmVVbzlsMkc4\neStVNTRObHcydnRhV2lBai9JcVVXRGcKnRCjk+S4+xp4eZ14NEOEYRhQ+Ed6JYmw\nOsB4bFMcGJyKHXXp7eYeb64yft/hS87r4koMq6QiYlgTCTZJGQXgTg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-08-28T09:13:53Z",
|
||||
"mac": "ENC[AES256_GCM,data:NRq2Qhu3Q36l11u0YX3qmHoEkff0NMAA86TwCAzk6EqsCRes3IiHoeECMriVMo3nqbIUqaXp+QwsZDNPnSGfyT3lVjr10HZglOs4E1IhkPfeTJTyAC7X5Y/EqICgKNNPVlhFjXETxa6bm1RDY9ZjkqJaD1205ujkm6uw/NuGCSA=,iv:vMULfjndHkpYzgXDMJXAiBNt/RLFxd1+PJgLaWSla7A=,tag:0h+LBx5jgCv6hqWqK29Ozg==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.10.2"
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../../../../../sops/users/pedro
|
||||
Loading…
Add table
Add a link
Reference in a new issue