peprolinbot/frues-clan
1
0
Fork 0
Code Issues Pull requests 1 Wiki Activity Actions

Compare commits

base: peprolinbot:29b55380d1d6ba38ac2de3c2ea2aa60f9ed9e7f6
Branches Tags
peprolinbot:main
peprolinbot:flake-update
...
compare: peprolinbot:feba5d2ae8896e5fd1970363546a8badd6ad6424
Branches Tags
peprolinbot:flake-update
peprolinbot:main

7 commits
29b55380d1 ... feba5d2ae8

Author SHA1 Message Date
Pedro Rey Anca
feba5d2ae8
Add juan user pubkey
All checks were successful
Flake check / check (push) Successful in 13m13s
Details
Update `flake.lock` / update_lockfile (push) Successful in 11m35s
Details
2025-08-29 16:43:51 +02:00
Pedro Rey Anca
b614dcf1ec
Add wg-access-server 2025-08-29 16:43:36 +02:00
Pedro Rey Anca
0ebf24af44
Use ESPHome container instead of service (less errors) 2025-08-29 16:42:50 +02:00
Pedro Rey Anca
79b3a0ad4d
Update vars via generator state-version for machine aresix 2025-08-28 11:33:35 +02:00
Pedro Rey Anca
39117c4a8a
Change tg-ha-door vars generation script 2025-08-28 11:28:11 +02:00
Pedro Rey Anca
9281d05fc2
Update vars via generator tg-ha-door for machine aresix 2025-08-28 11:28:07 +02:00
Pedro Rey Anca
f14c230c1a
Update vars via generator wg-access-server for machine aresix 2025-08-28 11:28:02 +02:00
10 changed files with 98 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

2
machines/aresix/configuration.nix
View file

@ -4,6 +4,8 @@
./modules/home-assistant
./modules/dyndns.nix
./modules/network.nix
./modules/wireguard.nix
./modules/users.nix
];
services.logind.lidSwitch = "ignore";

24
machines/aresix/modules/home-assistant/default.nix
View file

@ -19,10 +19,10 @@
files.credentials-file.secret = true;
script = ''
{
echo "TG_BOT_TOKEN=$(<$prompts/telegram-bot-token)"
echo "HA_AUTH_TOKEN=$(<$prompts/home-assistant-auth-token)"
} > $out/credentials-file
cat <<EOL > $out/credentials-file
TG_BOT_TOKEN=$(<$prompts/telegram-bot-token)
HA_AUTH_TOKEN=$(<$prompts/home-assistant-auth-token)
EOL
'';
};
@ -38,9 +38,19 @@
};
};
services.esphome = {
enable = true;
address = "::1"; # Proxied trough home assistant
virtualisation.oci-containers.containers.esphome = {
image = "ghcr.io/esphome/esphome:2025.6.3";
volumes = [
"/var/lib/esphome:/config"
];
privileged = true;
extraOptions = ["--network=host"]; # Host networking mode is required for online status indicators
cmd = [
"dashboard"
"--address"
"::1"
"/config"
];
};
services.home-assistant = {

11
machines/aresix/modules/reverse-proxy.nix
View file

@ -27,6 +27,17 @@
proxyWebsockets = true;
};
};
"wg.campares.duckdns.org" = {
forceSSL = true;
enableACME = true;
extraConfig = ''
proxy_buffering off;
'';
locations."/" = {
proxyPass = "http://[::1]:8000";
proxyWebsockets = true;
};
};
};
};
}

8
machines/aresix/modules/users.nix Normal file
View file

@ -0,0 +1,8 @@
{...}: {
users.users.juan = {
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFpkZoYCFS6jQyaLgRkG8WlOj8ybpwsJkCWTuKkGB5oA Juan Rey"
];
};
}

33
machines/aresix/modules/wireguard.nix Normal file
View file

@ -0,0 +1,33 @@
{config, ...}: {
clan.core.vars.generators.wg-access-server = {
prompts.admin-password = {
description = "Password for the wg-access-server admin user";
type = "hidden";
};
prompts.wireguard-private-key = {
description = "Wireguard private key wg-access-server will use";
type = "hidden";
};
files.secrets-file.secret = true;
script = ''
cat <<EOL > $out/secrets-file
adminPassword: $(<$prompts/admin-password)
wireguard:
privateKey: $(<$prompts/wireguard-private-key)
EOL
'';
};
services.wg-access-server = {
enable = true;
settings = {
httpHost = "::1";
};
secretsFile = config.clan.core.vars.generators.wg-access-server.files.secrets-file.path;
};
networking.firewall.allowedUDPPorts = [51820 53];
}

1
vars/per-machine/aresix/state-version/version/value Normal file
View file

@ -0,0 +1 @@
25.05

10
vars/per-machine/aresix/tg-ha-door/credentials-file/secret
View file

@ -1,18 +1,18 @@
{
"data": "ENC[AES256_GCM,data:pgqGVVzrBFAZUrvUjmOP6/bOwiMa6rdvsrP/G/IdJLK3r1cuSNz+V8eLf7sRQFrPSRNutorO8B2Ni8YZRJ6dBojSs95i0igp49lW3gbO7qQbUaoY/0Pz16XZAhBr0o9XWd8BOQNHTcoqdxxZKYylQySZEBXL8VQO5/BE7tageeEam8x31KExT7m+KHjKO8hV0XFzvXCnIpu7wpfJWsE04PXK+oY5LYpe3cCxtg+1wyBfTp+BFP2I5XZ+Exs+ldOwjMHXJBLP7gSkxggoKRILTsazntUCkk4NxBPqvh7+K4TanRHOONOPnqHXvZfRPrrTbVJdB3Cpe4qvSSDHqry3qSQ=,iv:UinSEY6cXYEPrwHTgWkwggnp4UkfPPNrgKzD2PmpHlQ=,tag:qQmirO5/xCE0vNoTYhmz+A==,type:str]",
"data": "ENC[AES256_GCM,data:u8Qp6QJ65xRl9qaOeN4ubFitmmWejYHum0i3/B2IOvobJQFFHkS6kjDOzlP22oj1uTBzXfG4NhktujyeTXz5KdDNSiUsL0IGJ78W8hBYrEUXK/cF4CkqajW1e4OWaxYECbIHOJpFpHVxSNnr1iREHzxrxBkUbVGTxTKCfrYUMihP86HuEEiQSE/CIkdnOiXtHxgBmI4zHC00EdmZSwUv+SH/u0wz/F0uDLknuxdmrJzERSuBzadry6o7BQ/2A3gIQpU/1+CL9gxhV1bWwOK4yb5zSyTIVYCHn+PWUJUNUzrY1UUPb16TC9kG40e8xn8n/f2/0rpK39Mw65hLKInhv5A=,iv:iYcjJqCp2FVqDDynDesenQ+19lSHPOj4PGnbWt8471g=,tag:bgCVCOofqPv5cE+1yqoPSQ==,type:str]",
"sops": {
"age": [
{
"recipient": "age12dw69nvfyqype23gmn4cy7wccr6ct3luj05hat4g65kzwqz9rpzs7z4jpe",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKTnpQRnFPRys3dC9nSm5N\ncVJPRWJtbUM0SnN5Nm1YZjAwTS8rVGliYUdJCkdjZlQrUldXaHdhOHo2cldlL0Fq\nU2hqQjNuVkF0Q2Z1MzNyTU9wODNzMGMKLS0tIERuUkZpYzN3NVhNTWRzZEhHemZl\nd01zcGdJdWxsTDNhTG93UlBxZFduaG8KtMvXaBsN9PQ2efabYkfmwpbft5uCYz1k\nqnVEIpNOSzeBhES/3goSgHIQnOU5suDq9K7g9zoK8sRFu4xA6s4esg==\n-----END AGE ENCRYPTED FILE-----\n"
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZUlaYlVWUHY0alZSOXow\nY1Axai9NYXl4KzVXeW1Hc1drdFIwL1hDelI4CmVSeHQxckNLRFlWWXAydWM0NXpr\nOGZGOHBSZ08zYXI2a1pWVE54aEpVcEEKLS0tIFdvenFKL2N3MVpYd1B4RGl0eWFZ\nWlRTemNyYklnV0duaVpLNTVycnlVMkUKqRUlWiG1WZ3frvEpzrFpJKAX7SYhqBaJ\nYVPZarzqMJ6zYz3rvsx/u9kQlnlS4mhBRzH34bFgmy9rJu9VFl2W1w==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1r2sw9uncvkqtklypw4rttufhw86lhhqrghed8l2kda6hdrd9ypyqm7y863",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSR0Y3eldHOTBpb29jR3dX\ndkY2OHJCN0VDRFhFTlMwbTdZV2hoQ1FZMEM4CkY4U0gvV21VTFE4ZUl5KzZqT3hw\nb0RGNEV4MFF4MGExN1BHRkhVUU91VkEKLS0tIEJWNEg4TUZpLzNmTURERHhRd0tv\nTkJZK09PUVErT1h4RkFVczdWa0JTRlUK8uM4HsUeA6U35Z1eWkRs00vIWGy17qVR\n8uXh/X4jwBtoSgGhisofEoyfXK7CK6R9Jb1VCS8y9nI+sYbOCBp8AA==\n-----END AGE ENCRYPTED FILE-----\n"
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXcWdaOFdCMXNjZG90Q1Rh\nTHhYY2dDc1RlS3R3ek13d0dleDVZZ2pONlZFCklkQWUrWmNOYU50bnIyL1lRQWpG\na0dTeXAwZUVLOFNGR1p0MTIySkVVQXcKLS0tIDRDNTNyZERqN29nWmxoWHFiaEhY\nWkRieEVMb1pnL1hHWjBtVmoxRU9FVm8KfsOw1InaJLLXagSibhJ5accgV+k2Lz9v\nFPXchmZ4h3hY6JrSG88ihaO48Fvw0R0ic675aP0HUZhqAiDBHQItjQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-08-21T13:43:46Z",
"mac": "ENC[AES256_GCM,data:LGw8L3Qq2bRD1OgY2YG5074WVFUJPS9fF5r/TQXYqSNLH4yRumKqyAWWi3wpf4hoDUa9/dkmmsOKbiBq1jVZhRGvUUo246xyd09UMXgNOkYYMkF1PYnz1NCWl1VsmIdm1aGxxpSyGVtoUG7d+bgV9WmFq8yne9VGoO6TOfKmYRY=,iv:yQlt5Q5ApmwzWoS1fdrtiwVfodqRZ3RXI6jBple/gpI=,tag:ifs7TLXvIp9mUgVuoMQV3g==,type:str]",
"lastmodified": "2025-08-28T09:17:44Z",
"mac": "ENC[AES256_GCM,data:648PFpMAE/k5AOv5sMd6zMccl7RAoXjCoi3h7OpIjdaQEhP2nJxqHAfykGYHQM64cfoAw+QP5bGsyO5Fmkgyo/1Se2PB0gY7juAu5T1wgEzb0IUIrvV5BshUsdBi+IsKcnD4I0oHQmJhD7sFgJMTK1rb4VcpeHCwYgabYSuOW7E=,iv:07aMb3x+iK1TxW7vsu/4vPnOTZ6NIIgDeU6+Gnt24oA=,tag:5TxAmp5gSGRzmYAqeZ7Tog==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}

1
vars/per-machine/aresix/wg-access-server/secrets-file/machines/aresix Symbolic link
View file

@ -0,0 +1 @@
../../../../../../sops/machines/aresix

19
vars/per-machine/aresix/wg-access-server/secrets-file/secret Normal file
View file

@ -0,0 +1,19 @@
{
"data": "ENC[AES256_GCM,data:xWim7rJWQoBmobM7XTH6RkHNHlu3LBvm+V5Y5BU+lCc79/UtENMqHl6Q+xec6VNQTPcOEo+Nq9nLN50YmKn9P8DH/EeT7do7Om90BY22X8BbMdrg0ibt99LuQgmXKcWE7+YQug==,iv:ScD/Ij+u1294JSXglLep3V41TCz61VQnmH10Sq3R3HM=,tag:6KIgpIA0bzIwOJaNn2+6wg==,type:str]",
"sops": {
"age": [
{
"recipient": "age12dw69nvfyqype23gmn4cy7wccr6ct3luj05hat4g65kzwqz9rpzs7z4jpe",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZ0hyMmRxMDZVcmtQaTl0\nVHJGdmFXcVFSYVJ6VFI4UUU5VDBMSjNMVVNBCkRZNk9LTjZ5R3J1MXBTdEc4bXFl\ncXdSdUJicllic1FVN0lpVkFqK2kvdkkKLS0tIFdUQU44UGU3a2x4QTl5ZjkwVExC\nWGJVNHVsdkQ0MlpRNnRBckYyWFFyOU0K1sXvQXdHc8U+Djwj/N6h0Wn0z3qPkA4n\nPTnA5Uwlx9LKOBOfPl3cvIPVUXbP0w9q1Q3iCt6z2kcpeqEN6tginQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1r2sw9uncvkqtklypw4rttufhw86lhhqrghed8l2kda6hdrd9ypyqm7y863",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVSDZwZVdWZWRLZ1lYQVJv\nU3pNSmc5SW5wbGN1bnlVTVRGZkVDWUNRc1FFCnZuTWEzZWhrUnI4TnY1ZFk2WDB1\ndmtZYVh0Uk5sOG1PKzZKWVNQQWZNZWsKLS0tIDU4bm90VThZYVBPdmVVbzlsMkc4\neStVNTRObHcydnRhV2lBai9JcVVXRGcKnRCjk+S4+xp4eZ14NEOEYRhQ+Ed6JYmw\nOsB4bFMcGJyKHXXp7eYeb64yft/hS87r4koMq6QiYlgTCTZJGQXgTg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-08-28T09:13:53Z",
"mac": "ENC[AES256_GCM,data:NRq2Qhu3Q36l11u0YX3qmHoEkff0NMAA86TwCAzk6EqsCRes3IiHoeECMriVMo3nqbIUqaXp+QwsZDNPnSGfyT3lVjr10HZglOs4E1IhkPfeTJTyAC7X5Y/EqICgKNNPVlhFjXETxa6bm1RDY9ZjkqJaD1205ujkm6uw/NuGCSA=,iv:vMULfjndHkpYzgXDMJXAiBNt/RLFxd1+PJgLaWSla7A=,tag:0h+LBx5jgCv6hqWqK29Ozg==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}

1
vars/per-machine/aresix/wg-access-server/secrets-file/users/pedro Symbolic link
View file

@ -0,0 +1 @@
../../../../../../sops/users/pedro