diff --git a/newinfra/nix/hive.nix b/newinfra/nix/hive.nix index 0ed67e4..ff3e1e0 100644 --- a/newinfra/nix/hive.nix +++ b/newinfra/nix/hive.nix @@ -32,16 +32,25 @@ wg = { privateIP = "10.0.0.3"; publicKey = "pdUxG1vhmYraKzIIEFxTRAMhGwGztBL/Ly5icJUV3g0="; - peers = [ "vps1" "vps4" ]; + peers = [ "vps1" "vps4" "vps5" ]; }; }; vps4 = { publicIPv4 = "195.201.147.17"; publicIPv6 = "2a01:4f8:1c1c:cb18::"; wg = { - privateIP = "10.0.0.5"; + privateIP = "10.0.0.4"; publicKey = "+n2XKKaSFdCanEGRd41cvnuwJ0URY0HsnpBl6ZrSBRs="; - peers = [ "vps1" "vps3" ]; + peers = [ "vps1" "vps3" "vps5" ]; + }; + }; + vps5 = { + publicIPv4 = "45.94.209.30"; + publicIPv6 = null; + wg = { + privateIP = "10.0.0.5"; + publicKey = "r1cwt63fcOR+FTqMTUpZdK4/MxpalkDYRHXyy7osWUk="; + peers = [ "vps1" "vps3" "vps4" ]; }; }; }; @@ -71,7 +80,7 @@ # The name and nodes parameters are supported in Colmena, # allowing you to reference configurations in other nodes. - deployment.tags = [ "dns" "us" "contabo" ]; + deployment.tags = [ "dns" "us" ]; system.stateVersion = "23.11"; }; dns2 = { name, nodes, modulesPath, lib, ... }: { @@ -132,7 +141,7 @@ age.secrets.docker_registry_password.file = ./secrets/docker_registry_password.age; - deployment.tags = [ "ingress" "eu" "apps" "wg" "contabo" ]; + deployment.tags = [ "ingress" "eu" "apps" "wg" ]; system.stateVersion = "23.11"; }; vps3 = { name, nodes, modulesPath, config, ... }: { @@ -194,14 +203,15 @@ ''; }; - /*vps5 = { name, nodes, modulesPath, config, ... }: { + vps5 = { name, nodes, modulesPath, config, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ./modules/contabo ./modules/ingress + ./modules/wg-mesh ]; deployment.tags = [ "eu" "apps" "wg" ]; system.stateVersion = "23.11"; - };*/ + }; } diff --git a/newinfra/nix/modules/contabo/default.nix b/newinfra/nix/modules/contabo/default.nix index 5b2d8c5..03ff4d4 100644 --- a/newinfra/nix/modules/contabo/default.nix +++ b/newinfra/nix/modules/contabo/default.nix @@ -4,4 +4,6 @@ boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; boot.initrd.kernelModules = [ "nvme" ]; fileSystems."/" = { device = "/dev/sda3"; fsType = "ext4"; }; + + deployment.tags = [ "contabo" ]; } diff --git a/newinfra/nix/modules/ingress/default.nix b/newinfra/nix/modules/ingress/default.nix index 399c802..68fed21 100644 --- a/newinfra/nix/modules/ingress/default.nix +++ b/newinfra/nix/modules/ingress/default.nix @@ -1,4 +1,4 @@ -{ pkgs, config, ... }: { +{ pkgs, config, name, ... }: { networking.firewall.allowedTCPPorts = [ 443 ]; @@ -14,9 +14,14 @@ file_server } - noratrieb.dev { - root * ${./nora} - file_server + ${ + if name == "vps1" then + '' + noratrieb.dev { + root * ${./nora} + file_server + } + '' else "" } '' ); diff --git a/newinfra/nix/modules/ingress/nora/index.html b/newinfra/nix/modules/ingress/nora/index.html index 9d4dcbe..45e10a0 100644 --- a/newinfra/nix/modules/ingress/nora/index.html +++ b/newinfra/nix/modules/ingress/nora/index.html @@ -12,13 +12,7 @@

nora's website

hey, I'm nora (she/her?)! i think. maybe. who knows, really

-

this website is work in progress. just like me fr.

-

all of this is very complicated.

-

it's very empty for now.

-

i hope it will be fuller in the future. worth visiting. for now, it just exists.

-

i expect to visit it quite often.

-

not that i expect anyone to want to do that, but this site is not exactly intended for sharing.

-

..for now. in the future it will be. maybe.

+

this is here because i still havent managed move over nilstrieb.dev, lol.

diff --git a/newinfra/nix/modules/wg-mesh/default.nix b/newinfra/nix/modules/wg-mesh/default.nix index c3677b9..aad75b8 100644 --- a/newinfra/nix/modules/wg-mesh/default.nix +++ b/newinfra/nix/modules/wg-mesh/default.nix @@ -44,4 +44,6 @@ in wgSettings.peers; }; }; + + deployment.tags = [ "wg-mesh" ]; } diff --git a/newinfra/nix/secrets/docker_registry_password.age b/newinfra/nix/secrets/docker_registry_password.age index 0f0beef..98217bb 100644 --- a/newinfra/nix/secrets/docker_registry_password.age +++ b/newinfra/nix/secrets/docker_registry_password.age @@ -1,5 +1,6 @@ age-encryption.org/v1 --> ssh-ed25519 qM6TYg YI3rrnP9953xk8JnzhJSZR+tKaD6C3sCXJBiX0+KCHE -CIfSlpyqhS66umh4/nv7v6qH5mqz2xh2AeDW19CGbYs ---- 889zGO43+oX2nau25zROguc37dsi38Bnyzw/shG1x5g -o]̗yNd_Ɨ+wBi sE 5 y^`[5 \ No newline at end of file +-> ssh-ed25519 qM6TYg 6TlkoQ0YMB4Cg0VqY8ec1RgRpfiRLh2YQpoc4D49uRg +BbqDPWQGmGrcDSdNNajm0GJJRlPiazgeF2/MRsyDZkw +--- OUif9tz9JRMMZEA1LTwPipE/Hezj5nVaN/qgiwoi3ws +"՝7l10I?Cjg3L +O8kI+h< \ No newline at end of file diff --git a/newinfra/nix/secrets/hugochat_db_password.age b/newinfra/nix/secrets/hugochat_db_password.age index dc61b07..855e776 100644 --- a/newinfra/nix/secrets/hugochat_db_password.age +++ b/newinfra/nix/secrets/hugochat_db_password.age @@ -1,5 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 qM6TYg vcUglH0m/mdME6tSzfZy3orW55ks1wZZAVqPe01ln0I -Pbei2lMfgS+6N148qggu3DYUTnusItfVDqXGFqD9l8g ---- qnH/lD17esiKbMH5M1wwJiq7cMmXXh4SQneeRNDiMPk -t8i~ !ެs?t/1+4:07R2wohQB4pt!9#Gd#d)3ňШZﳢHyK \ No newline at end of file +-> ssh-ed25519 qM6TYg AP0dV7U8/42OGcDtBv5eq3jSLdmXP3fMfTnd9o86EVM +e5ftZHvKL6uqhInQgFSclzvnExxwYnFu0/ANTpa9bBI +--- Zyyydt+U1p6UR2BP+s3ynm2Q2MmzWWUSrhlBn5kZdCI +W{e8,?nr4KX{'2٭h 9<fP,U_NgTD4Z$Kz & \ No newline at end of file diff --git a/newinfra/nix/secrets/minio_env_file.age b/newinfra/nix/secrets/minio_env_file.age index 13d69b4..0eca6a2 100644 Binary files a/newinfra/nix/secrets/minio_env_file.age and b/newinfra/nix/secrets/minio_env_file.age differ diff --git a/newinfra/nix/secrets/secrets.nix b/newinfra/nix/secrets/secrets.nix index 1fad625..355ed1d 100644 --- a/newinfra/nix/secrets/secrets.nix +++ b/newinfra/nix/secrets/secrets.nix @@ -2,6 +2,7 @@ let vps1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII4Xj3TsDPStoHquTfOlyxShbA/kgMfQskKN8jpfiY4R"; vps3 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvupo7d9YMZw56qhjB+tZPijxiG1dKChLpkOWZN0Y7C"; vps4 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMpoLgBTWj1BcNxXVdM26jDBZl+BCtUTj20Wv4sZdCHz"; + vps5 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBWbIznvWQSqRF1E9Gv9y7JXMy3LZxMAWj6K0Nq91kyZ"; in { "widetom_bot_token.age".publicKeys = [ vps1 ]; @@ -12,4 +13,5 @@ in "wg_private_vps1.age".publicKeys = [ vps1 ]; "wg_private_vps3.age".publicKeys = [ vps3 ]; "wg_private_vps4.age".publicKeys = [ vps4 ]; + "wg_private_vps5.age".publicKeys = [ vps5 ]; } diff --git a/newinfra/nix/secrets/wg_private_vps1.age b/newinfra/nix/secrets/wg_private_vps1.age index 527a63f..44caeed 100644 Binary files a/newinfra/nix/secrets/wg_private_vps1.age and b/newinfra/nix/secrets/wg_private_vps1.age differ diff --git a/newinfra/nix/secrets/wg_private_vps3.age b/newinfra/nix/secrets/wg_private_vps3.age index 603303c..01e7b93 100644 Binary files a/newinfra/nix/secrets/wg_private_vps3.age and b/newinfra/nix/secrets/wg_private_vps3.age differ diff --git a/newinfra/nix/secrets/wg_private_vps4.age b/newinfra/nix/secrets/wg_private_vps4.age index 33c4f44..b374081 100644 Binary files a/newinfra/nix/secrets/wg_private_vps4.age and b/newinfra/nix/secrets/wg_private_vps4.age differ diff --git a/newinfra/nix/secrets/wg_private_vps5.age b/newinfra/nix/secrets/wg_private_vps5.age new file mode 100644 index 0000000..8c23103 Binary files /dev/null and b/newinfra/nix/secrets/wg_private_vps5.age differ diff --git a/newinfra/nix/secrets/widetom_bot_token.age b/newinfra/nix/secrets/widetom_bot_token.age index ba8eb5c..774c72a 100644 Binary files a/newinfra/nix/secrets/widetom_bot_token.age and b/newinfra/nix/secrets/widetom_bot_token.age differ diff --git a/newinfra/nix/secrets/widetom_config_toml.age b/newinfra/nix/secrets/widetom_config_toml.age index 28adf58..1ef149d 100644 Binary files a/newinfra/nix/secrets/widetom_config_toml.age and b/newinfra/nix/secrets/widetom_config_toml.age differ diff --git a/newinfra/secrets-git-crypt/wg_private_vps5 b/newinfra/secrets-git-crypt/wg_private_vps5 new file mode 100644 index 0000000..b93813e Binary files /dev/null and b/newinfra/secrets-git-crypt/wg_private_vps5 differ