From e0238fc4139d30067d4faedf4fb80ed2967dd942 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cyryl=20P=C5=82otnicki?= Date: Fri, 19 Aug 2022 20:28:58 +0100 Subject: [PATCH] make sure all servers share basic config --- flake.nix | 7 +++++-- nixos/boxes/bolty/default.nix | 1 - nixos/boxes/vpsfree1/default.nix | 2 -- nixos/boxes/vultr1/default.nix | 2 -- nixos/server-common.nix | 5 ++++- nixos/tailscale/keys.sops.yaml | 5 +++-- 6 files changed, 12 insertions(+), 10 deletions(-) diff --git a/flake.nix b/flake.nix index 98cb8e51..291ad4b5 100644 --- a/flake.nix +++ b/flake.nix @@ -8,8 +8,11 @@ mkServer = pkgs: system: hostname: pkgs.lib.nixosSystem { inherit system; - modules = - [ (./. + "/nixos/boxes/${hostname}") sops.nixosModules.sops ]; + modules = [ + (./. + "/nixos/boxes/${hostname}") + (import ./nixos/server-common.nix) + sops.nixosModules.sops + ]; specialArgs = { inherit inputs; }; }; mkRaspi = pkgs: hostname: diff --git a/nixos/boxes/bolty/default.nix b/nixos/boxes/bolty/default.nix index 7306670b..4eef2ef3 100644 --- a/nixos/boxes/bolty/default.nix +++ b/nixos/boxes/bolty/default.nix @@ -2,7 +2,6 @@ imports = [ ./bolty-boot.nix ./real-hardware.nix - ../../server-security.nix ../cli.nix ./matrix-server.nix ./nextcloud.nix diff --git a/nixos/boxes/vpsfree1/default.nix b/nixos/boxes/vpsfree1/default.nix index 6dfb5e02..81d15749 100644 --- a/nixos/boxes/vpsfree1/default.nix +++ b/nixos/boxes/vpsfree1/default.nix @@ -4,8 +4,6 @@ imports = [ ./vpsfree1-vpsadminos.nix ../cli.nix - ../../server-security.nix - ../../server-common.nix ./foundryvtt.nix ./cryptpad.nix ./syncthing-relay.nix diff --git a/nixos/boxes/vultr1/default.nix b/nixos/boxes/vultr1/default.nix index e5d65578..a2d7ad67 100644 --- a/nixos/boxes/vultr1/default.nix +++ b/nixos/boxes/vultr1/default.nix @@ -9,8 +9,6 @@ ./search.nix ./snowflake.nix ../cli.nix - ../../server-security.nix - ../../server-common.nix ]; systemd.extraConfig = '' diff --git a/nixos/server-common.nix b/nixos/server-common.nix index e62a1248..e79ed9e5 100644 --- a/nixos/server-common.nix +++ b/nixos/server-common.nix @@ -1 +1,4 @@ -{ config, pkgs, ... }: { system.stateVersion = "22.05"; } +{ config, pkgs, ... }: { + imports = [ ./server-security.nix ./tailscale ]; + system.stateVersion = "22.05"; +} diff --git a/nixos/tailscale/keys.sops.yaml b/nixos/tailscale/keys.sops.yaml index 4b50943c..ebdae2c9 100644 --- a/nixos/tailscale/keys.sops.yaml +++ b/nixos/tailscale/keys.sops.yaml @@ -1,4 +1,5 @@ tailscale-key-foureighty: ENC[AES256_GCM,data:9Yc2Bwf+WvFbz0L1UxEvFszXsfzsubDbiRbELMHUkRS8x4FJqZeGTw==,iv:sT5gbrlM3Id/XMD9S5v4tsohoRJpY3gyFVzKNQSYOYg=,tag:26+nM805hVZxYRnCtWisFg==,type:str] +tailscale-key-bolty: ENC[AES256_GCM,data:PgFzvVHQjvEkjOyWR30dC4MwVbIyMg4I/8KHj2bwWWBTmzZYYPV/b2Q=,iv:YXSqpgPaMUOe/D7i0jHJWbzRp+L8lk8kQQXdkL1/wYw=,tag:Mj8A6mP1oQweyjTikoZD6A==,type:str] sops: kms: [] gcp_kms: [] @@ -50,8 +51,8 @@ sops: eFBLY0MybzVvVFB1L0F5eE9CUXBMWXMK5Eqhb43xV4Itt+FIQeGn0iJP/a43Fk+9 d8r9mvv7ZKRCWPjJCkJnX+5r1nBKzcLqa/tCPNqT+pXDfAy6gJVtcQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-08-19T17:37:35Z" - mac: ENC[AES256_GCM,data:qnyVQpFRiLoAwFt9Ph0PHvUqWhPmqoysHXwWIZXVYUoOX3fgVEQJBk5hdenqZh7hYV7++uW3wl7c5w5XaBvM3fzFhwocy+qP4NpcVv9yP9XMNPbPAehJTSJ6SgYU0pkCl5m675cuCt4Ify+iITN2b4s4Luyn/IwnMNXQTF7FUZs=,iv:w+fr5j4l0T+hKbTTM8KR9HbhuIk3xvfv15O/xrabiAE=,tag:2MFDkmOOkt1h5K/yOXxxAg==,type:str] + lastmodified: "2022-08-19T19:26:30Z" + mac: ENC[AES256_GCM,data:qqPKhHxzolSP9sj0RSiyVU0OoGUV705Xc28c5VO351g1jEHomqkFwf+NObHBUtUl0/gr9CYOu6l8Df3TuFou+T+zn9sPetBTtbwfQfK6v9EFEU3u6q7ckc70Odhiyt1eTv3Wa5qYZtjUoC86IRBd+asbkekg5LqgI0mluhTtqPE=,iv:cadJu5M60pYu0Et/CZIo/luKvpJhpinx0wA5Z+a2h/s=,tag:Xitr1QLo2CdavdnXxmu7MA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3