nixos: backend server
This commit is contained in:
parent
83be5595ba
commit
643ecb1e14
|
@ -32,3 +32,11 @@ fickit-update-kernel
|
|||
fickit-update-squashfs.img
|
||||
result
|
||||
started
|
||||
|
||||
# Standalone binaries
|
||||
fic-admin
|
||||
fic-backend
|
||||
fic-dashboard
|
||||
fic-frontend
|
||||
fic-qa
|
||||
fic-repochecker
|
||||
|
|
|
@ -4,19 +4,19 @@
|
|||
# retrieves submissions
|
||||
|
||||
BASEDIR="/srv"
|
||||
FRONTEND_HOSTNAME="deimos"
|
||||
FRONTEND_HOSTNAME="synchro@deimos"
|
||||
|
||||
SSH_OPTS="/usr/bin/ssh -p 22 -i ~/.ssh/id_ed25519 -o ControlMaster=auto -o ControlPath=/root/.ssh/%r@%h:%p -o ControlPersist=2 -o PasswordAuthentication=no -o StrictHostKeyChecking=no"
|
||||
SSH_OPTS="ssh -p 22 -i ~/.ssh/id_ed25519 -o ControlMaster=auto -o ControlPath=/root/.ssh/%r@%h:%p -o ControlPersist=2 -o PasswordAuthentication=no -o StrictHostKeyChecking=no"
|
||||
|
||||
cd "${BASEDIR}"
|
||||
|
||||
touch /tmp/stop
|
||||
|
||||
# Establish first ssh connection for controlpersist socket, to avoid delay during time synchronization
|
||||
${SSH_OPTS} ls > /dev/null
|
||||
${SSH_OPTS} ${FRONTEND_HOSTNAME} ls > /dev/null
|
||||
|
||||
# Synchronize the date one time
|
||||
${SSH_OPTS} date -s @"$(date +%s)"
|
||||
${SSH_OPTS} ${FRONTEND_HOSTNAME} date -s @"$(date +%s)"
|
||||
|
||||
# Synchronize static files in a separate loop (to avoid submissions delays during file synchronization)
|
||||
while ! [ -f SETTINGS/stop ] || [ /tmp/stop -nt SETTINGS/stop ]
|
||||
|
|
16
flake.nix
16
flake.nix
|
@ -13,7 +13,7 @@
|
|||
|
||||
# Generate a version based on date
|
||||
version = builtins.substring 0 12 self.lastModifiedDate;
|
||||
vendorSha256 = "sha256-n271oFjC13gelSNV1bZdr/KH724ewoOF1NZ6U7il56I=";
|
||||
vendorSha256 = "sha256-itCvN/Z8DkUUdtx6At+4DyeJK8PgFJ/5A3G03VT4I2k";
|
||||
overrideModAttrs = _ : { name = "fic-./.-${version}-go-modules"; };
|
||||
|
||||
# System types to support.
|
||||
|
@ -56,6 +56,20 @@
|
|||
subPackages = [ "dashboard" ];
|
||||
};
|
||||
|
||||
fic-synchro = pkgs.writeShellApplication {
|
||||
name = "synchro";
|
||||
runtimeInputs = [ pkgs.rsync pkgs.openssh pkgs.coreutils ];
|
||||
text = ''
|
||||
${(builtins.readFile ./configs/synchro.sh)}
|
||||
'';
|
||||
};
|
||||
|
||||
fic-configs = pkgs.stdenv.mkDerivation {
|
||||
name = "configs";
|
||||
src = ./.;
|
||||
installPhase = "mkdir -p $out/; cp -r configs/ $out/";
|
||||
};
|
||||
|
||||
fic-frontend = pkgs.buildGoModule {
|
||||
pname = "frontend";
|
||||
inherit version vendorSha256 overrideModAttrs;
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
keys:
|
||||
# Add key signature below
|
||||
- &admin_antoine C8CEBB1753433CCCD2AF0638BD721F0A3BAE578C
|
||||
|
||||
# Update this signature with phobos'
|
||||
# Run the following line to get the fingerprint and the public key of Phobos
|
||||
# ```
|
||||
# ssh root@phobos "cat /etc/ssh/ssh_host_rsa_key" | nix-shell -p ssh-to-pgp --run "ssh-to-pgp -o phobos.asc"
|
||||
# ```
|
||||
# You have to import the key afterward using `gpg --import phobos.asc`
|
||||
- &srv_phobos 9cb1fda8a56fa7ab852f666fc3592125321adf42 # replace this fingerprint with the new one `gpg --list-keys`
|
||||
creation_rules:
|
||||
- path: secrets/phobos.yaml
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *admin_antoine
|
||||
- *srv_phobos
|
|
@ -0,0 +1,10 @@
|
|||
# NixOS configuration
|
||||
|
||||
## Building
|
||||
|
||||
```bash
|
||||
# For backend (Phobos)
|
||||
nixos-rebuild switch --flake /path/to/flake.nix/directory/#phobos
|
||||
# For frontend (Deimos)
|
||||
nixos-rebuild switch --flake /path/to/flake.nix/directory/#deimos
|
||||
```
|
|
@ -0,0 +1,59 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
./db.nix
|
||||
./fic-admin.nix
|
||||
./fic-backend.nix
|
||||
./fic-dashboard.nix
|
||||
./fic-evdist.nix
|
||||
./fic-synchro.nix
|
||||
];
|
||||
|
||||
config.sops = {
|
||||
defaultSopsFile = ../secrets/phobos.yml; # We are currently in /nix/store/...-source/backend/
|
||||
secrets.phobos_ssh = { mode = "0400"; };
|
||||
# You may need to manualy remove `/run/secrets` if modified
|
||||
};
|
||||
|
||||
config.system.activationScripts = {
|
||||
# Create /var/lib/fic/** directories
|
||||
makeFicDirs = lib.stringAfter [ "var" ] ''
|
||||
mkdir -p /var/lib/fic/dashboard;
|
||||
mkdir -p /var/lib/fic/files;
|
||||
mkdir -p /var/lib/fic/pki;
|
||||
mkdir -p /var/lib/fic/raw_files;
|
||||
mkdir -p /var/lib/fic/settings;
|
||||
mkdir -p /var/lib/fic/settingsdist;
|
||||
mkdir -p /var/lib/fic/ssh;
|
||||
mkdir -p /var/lib/fic/submissions;
|
||||
mkdir -p /var/lib/fic/sync;
|
||||
mkdir -p /var/lib/fic/teams;
|
||||
mkdir -p /var/log/frontend;
|
||||
'';
|
||||
# Create docker network
|
||||
createDockerNetworkPhobos =
|
||||
let
|
||||
docker = config.virtualisation.oci-containers.backend;
|
||||
dockerBin = "${pkgs.${docker}}/bin/${docker}";
|
||||
in
|
||||
''
|
||||
${dockerBin} network inspect phobos-lan >/dev/null 2>&1 \
|
||||
|| ${dockerBin} network create phobos-lan --subnet 172.18.0.0/24
|
||||
'';
|
||||
};
|
||||
|
||||
config = {
|
||||
networking.hostName = "phobos";
|
||||
|
||||
# This is needed to install fic related pkgs
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
# To switch, remove `phobos-lan` from the networks before running nixos-rebuild
|
||||
# ```
|
||||
# ${dockerBin} network rm phobos-lan
|
||||
# ```
|
||||
virtualisation.docker.enable = true;
|
||||
virtualisation.podman.enable = false;
|
||||
virtualisation.oci-containers.backend = "docker";
|
||||
};
|
||||
}
|
|
@ -0,0 +1,24 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
config.virtualisation.oci-containers.containers.mariadb = {
|
||||
image = "mariadb:latest";
|
||||
cmd = [
|
||||
"/bin/bash"
|
||||
"/usr/local/bin/docker-entrypoint.sh"
|
||||
"mysqld"
|
||||
];
|
||||
ports = [ "3306:3306" ];
|
||||
extraOptions = [ "--network=phobos-lan" "--ip=172.18.0.42" ];
|
||||
environment = {
|
||||
MYSQL_DATABASE = "fic";
|
||||
MYSQL_USER = "fic";
|
||||
MYSQL_PASSWORD = "fic";
|
||||
MYSQL_RANDOM_ROOT_PASSWORD = "yes";
|
||||
};
|
||||
volumes = [
|
||||
"/etc/hosts:/etc/hosts:ro"
|
||||
"/etc/mysql/conf.d:/etc/mysql/conf.d:ro"
|
||||
"/var/lib/fic/mysql:/var/lib/mysql"
|
||||
];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,40 @@
|
|||
{ config, inputs, pkgs, ... }:
|
||||
{
|
||||
config.virtualisation.oci-containers.containers.fic-admin = {
|
||||
image = "fic-admin:latest";
|
||||
imageFile = pkgs.dockerTools.buildImage {
|
||||
name = "fic-admin";
|
||||
tag = "latest";
|
||||
created = "now";
|
||||
config = {
|
||||
Cmd = [ "${inputs.ficpkgs.packages.x86_64-linux.fic-admin}/bin/admin" ];
|
||||
};
|
||||
};
|
||||
autoStart = true;
|
||||
cmd = [
|
||||
"${inputs.ficpkgs.packages.x86_64-linux.fic-admin}/bin/admin"
|
||||
"-4real"
|
||||
"-bind=0.0.0.0:8081"
|
||||
"-baseurl=/admin/"
|
||||
"-localimport=/mnt/fic"
|
||||
"-timestampCheck=/srv/submissions"
|
||||
];
|
||||
ports = [ "8081:8081" ];
|
||||
extraOptions = [ "--network=phobos-lan" "--ip=172.18.0.40" ];
|
||||
environment = {
|
||||
MYSQL_HOST = "db";
|
||||
FICCA_PASS = "jee8AhloAith1aesCeQu5ahgIegaeM4K";
|
||||
};
|
||||
volumes = [
|
||||
"/etc/hosts:/etc/hosts:ro"
|
||||
"/var/lib/fic/raw_files:/mnt/fic"
|
||||
"/var/lib/fic/dashboard:/srv/DASHBOARD"
|
||||
"/var/lib/fic/files:/srv/FILES"
|
||||
"/var/lib/fic/pki:/srv/PKI"
|
||||
"/var/lib/fic/teams:/srv/TEAMS"
|
||||
"/var/lib/fic/settings:/srv/SETTINGS"
|
||||
"/var/lib/fic/sync:/srv/SYNC"
|
||||
"/var/lib/fic/submissions:/srv/submissions:ro"
|
||||
];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,26 @@
|
|||
{ config, inputs, pkgs, ... }:
|
||||
{
|
||||
config.virtualisation.oci-containers.containers.fic-backend = {
|
||||
image = "fic-backend:latest";
|
||||
imageFile = pkgs.dockerTools.buildImage {
|
||||
name = "fic-backend";
|
||||
tag = "latest";
|
||||
created = "now";
|
||||
config = {
|
||||
Cmd = [ "${inputs.ficpkgs.packages.x86_64-linux.fic-backend}/bin/backend" ];
|
||||
};
|
||||
};
|
||||
autoStart = true;
|
||||
environment = {
|
||||
MYSQL_HOST = "db";
|
||||
};
|
||||
workdir = "/srv";
|
||||
extraOptions = [ "--network=phobos-lan" "--ip=172.18.0.41" ];
|
||||
volumes = [
|
||||
"/etc/hosts:/etc/hosts:ro"
|
||||
"/var/lib/fic/teams:/srv/TEAMS"
|
||||
"/var/lib/fic/settingsdist:/srv/SETTINGSDIST:ro"
|
||||
"/var/lib/fic/submissions:/srv/submissions"
|
||||
];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,28 @@
|
|||
{ config, inputs, pkgs, ... }:
|
||||
{
|
||||
config.virtualisation.oci-containers.containers.fic-dashboard = {
|
||||
image = "fic-dashboard:latest";
|
||||
imageFile = pkgs.dockerTools.buildImage {
|
||||
name = "fic-dashboard";
|
||||
tag = "latest";
|
||||
created = "now";
|
||||
config = {
|
||||
Cmd = [ "${inputs.ficpkgs.packages.x86_64-linux.fic-dashboard}/bin/dashboard" ];
|
||||
};
|
||||
};
|
||||
autoStart = true;
|
||||
cmd = [
|
||||
"${inputs.ficpkgs.packages.x86_64-linux.fic-dashboard}/bin/dashboard"
|
||||
"-bind=:8082"
|
||||
"-restrict-to-ips=/srv/DASHBOARD/restricted-ips.json"
|
||||
];
|
||||
ports = [ "8082:8082" ];
|
||||
volumes = [
|
||||
"/etc/hosts:/etc/hosts:ro"
|
||||
"/var/lib/fic/dashboard:/srv/DASHBOARD:ro"
|
||||
"/var/lib/fic/files:/srv/FILES:ro"
|
||||
"/var/lib/fic/teams:/srv/TEAMS:ro"
|
||||
"/var/lib/fic/settingsdist:/srv/SETTINGSDIST:ro"
|
||||
];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,21 @@
|
|||
{ config, inputs, pkgs, ... }:
|
||||
{
|
||||
config.virtualisation.oci-containers.containers.fic-evdist = {
|
||||
image = "fic-evdist:latest";
|
||||
imageFile = pkgs.dockerTools.buildImage {
|
||||
name = "fic-evdist";
|
||||
tag = "latest";
|
||||
created = "now";
|
||||
config = {
|
||||
Cmd = [ "${inputs.ficpkgs.packages.x86_64-linux.fic-evdist}/bin/evdist" ];
|
||||
};
|
||||
};
|
||||
autoStart = true;
|
||||
workdir = "/srv";
|
||||
volumes = [
|
||||
"/etc/hosts:/etc/hosts:ro"
|
||||
"/var/lib/fic/settings:/srv/SETTINGS"
|
||||
"/var/lib/fic/settingsdist:/srv/SETTINGSDIST"
|
||||
];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,39 @@
|
|||
{ config, inputs, pkgs, ... }:
|
||||
{
|
||||
config.virtualisation.oci-containers.containers.fic-synchro =
|
||||
{
|
||||
image = "fic-synchro:latest";
|
||||
imageFile = pkgs.dockerTools.buildImage {
|
||||
name = "fic-synchro";
|
||||
tag = "latest";
|
||||
created = "now";
|
||||
copyToRoot = pkgs.buildEnv {
|
||||
name = "packagelist";
|
||||
paths = [ pkgs.coreutils pkgs.openssh pkgs.rsync ];
|
||||
};
|
||||
config = {
|
||||
Cmd = [ "${inputs.ficpkgs.packages.x86_64-linux.fic-synchro}/bin/synchro" ];
|
||||
};
|
||||
runAsRoot = ''
|
||||
#!${pkgs.runtimeShell}
|
||||
${pkgs.dockerTools.shadowSetup}
|
||||
mkdir -p /tmp/
|
||||
chmod a+rwx /tmp/
|
||||
'';
|
||||
};
|
||||
autoStart = true;
|
||||
extraOptions = [ "--network=phobos-lan" "--ip=172.18.0.43" ];
|
||||
volumes = [
|
||||
"/etc/hosts:/etc/hosts:ro"
|
||||
"/var/lib/fic/ssh:/etc/ssh:ro"
|
||||
"${config.sops.secrets.phobos_ssh.path}:/root/.ssh/id_ed25519:ro"
|
||||
"/var/lib/fic/files:/srv/FILES:ro"
|
||||
#"/var/lib/fic/pki/ca.key:/srv/PKI/ca.key:ro"
|
||||
"/var/lib/fic/pki/shared:/srv/PKI/shared:ro"
|
||||
"/var/lib/fic/settingsdist:/srv/SETTINGSDIST:ro"
|
||||
"/var/lib/fic/submissions:/srv/submissions"
|
||||
"/var/lib/fic/teams:/srv/TEAMS:ro"
|
||||
"/var/log/frontend:/var/log/frontend"
|
||||
];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,6 @@
|
|||
{}:
|
||||
{
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
boot.loader.grub.device = "/dev/vda";
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
{
|
||||
efi = false;
|
||||
prod = false;
|
||||
ip = {
|
||||
deimos = "10.10.10.2";
|
||||
phobos = "10.10.10.1";
|
||||
};
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
./locale.nix
|
||||
./network.nix
|
||||
./packages.nix
|
||||
./registry.nix
|
||||
./users.nix
|
||||
] ++ (if (import ../config-var.nix).efi then [ ./efi.nix ] else [ ./bios.nix ]);
|
||||
|
||||
system.stateVersion = "22.05";
|
||||
}
|
|
@ -0,0 +1,5 @@
|
|||
{}:
|
||||
{
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
}
|
|
@ -0,0 +1,45 @@
|
|||
{
|
||||
description = "Fic Servers Nix Configuration";
|
||||
|
||||
inputs = {
|
||||
nixpkgs = { url = "github:nixos/nixpkgs/nixos-unstable"; };
|
||||
ficpkgs = {
|
||||
# Vendor hash of fic-server's flake.nix must be up to date
|
||||
#url = "git+https://git.nemunai.re/fic/server";
|
||||
# For local testing only
|
||||
url = "/root/fic-server";
|
||||
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
sops-nix = {
|
||||
url = "github:thouveninantoine/sops-nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = inputs: {
|
||||
nixosConfigurations =
|
||||
let
|
||||
common_modules = [
|
||||
./configuration.nix
|
||||
inputs.sops-nix.nixosModules.sops
|
||||
"${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-base.nix"
|
||||
];
|
||||
in
|
||||
{
|
||||
phobos = inputs.nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
./backend/backend.nix
|
||||
] ++ common_modules;
|
||||
specialArgs = { inherit inputs; };
|
||||
};
|
||||
deimos = inputs.nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
] ++ common_modules;
|
||||
specialArgs = { inherit inputs; };
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
{ ... }:
|
||||
{
|
||||
time.timeZone = "Europe/Paris";
|
||||
i18n.defaultLocale = "fr_FR.UTF-8";
|
||||
console = {
|
||||
font = "Lat2-Terminus16";
|
||||
keyMap = "fr";
|
||||
};
|
||||
}
|
|
@ -0,0 +1,40 @@
|
|||
{ ... }:
|
||||
{
|
||||
networking.useDHCP = false;
|
||||
networking.interfaces.eno1.useDHCP = true;
|
||||
networking.interfaces.enp1s0.useDHCP = true;
|
||||
|
||||
networking.extraHosts = ''
|
||||
${(import ./config-var.nix).ip.phobos} phobos
|
||||
|
||||
172.18.0.40 admin
|
||||
172.18.0.41 backend
|
||||
172.18.0.42 db
|
||||
172.18.0.43 synchro
|
||||
|
||||
${(import ./config-var.nix).ip.deimos} deimos
|
||||
|
||||
172.18.1.2 nginx
|
||||
172.18.1.3 frontend
|
||||
172.18.1.4 auth
|
||||
|
||||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
fe00::0 ip6-localnet
|
||||
ff00::0 ip6-mcastprefix
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
'';
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
passwordAuthentication = false;
|
||||
listenAddresses = [
|
||||
{ addr = "0.0.0.0"; port = 2222; }
|
||||
];
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 22 2222 ];
|
||||
|
||||
systemd.services.sshd.after = [ "network-interfaces.target" ];
|
||||
}
|
|
@ -0,0 +1,14 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
nix = {
|
||||
package = pkgs.nixFlakes;
|
||||
extraOptions = ''
|
||||
experimental-features = nix-command flakes
|
||||
'';
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
btop
|
||||
git
|
||||
neovim
|
||||
];
|
||||
}
|
|
@ -0,0 +1,7 @@
|
|||
{ ... }:
|
||||
{
|
||||
services.dockerRegistry = {
|
||||
enable = true;
|
||||
listenAddress = "127.0.0.1";
|
||||
};
|
||||
}
|
|
@ -0,0 +1,44 @@
|
|||
phobos_ssh_pub: ENC[AES256_GCM,data:tDmHLPJMuELIU9kU1pCLFL+F6r5YBnkoYqut2RmFmsih4VrSEyfhn8tP+0rnR6k5d/GLhqHkzBuniXhyEGbQ0G/IYmBnJBUpyQFBdnOzCVhrNzQtM2s5zwu5ges=,iv:Ymnw+2BIh7YaoM+8iepOQpUs4heISCwuMdkrS8OWiJg=,tag:IsyoQKp7i+8q9OgH8Dkf5Q==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2022-09-05T13:14:03Z"
|
||||
mac: ENC[AES256_GCM,data:NOoNbhyfEmB2aSQrxltZsxt1NQhl+pT9N9hdW/8a/s3VSgEQGt2teRFrqLg5hYOjlDvd4mYoeAOcG7LCkSjzOUdXj8BZYFmxbkEQGKf5n2s8ile8Qr0WofbaMP9nYCBq7R0qL4KPnhoGY6DAzGUULER13mLJKnC6wBueBr0nuio=,iv:e00tosd8DMkuSGLl4Y/SHHSWpqc+ibX2XALglN5sG2s=,tag:xK2Sk+hp77PHU++ew7IXUA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2022-08-27T22:15:58Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4DhKTlqbJ4OtgSAQdApKk6z/OCHK0Rkaqxd2F27AabN365lxZ2ms8MUGcOVHQw
|
||||
//9xS2VQqUb2uRT4eEblZuJpNRntFWRHt63AKa31U3cnooysfm+zT4/VdbFF3oqL
|
||||
1GgBCQIQ0qDqs10qB+l7uNJJQm7cMecKWsHkDgP9Zj5P0zBR2A81FfZPApC9Jofl
|
||||
442PMWoi5GS7CVu4P3WiqGOR+XSX7I6Ih4S/EYsAD338JM4Pll5qps175njNbzqj
|
||||
wvJf/ONbQR+QYQ==
|
||||
=7Rq0
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 93A4B95A3623ED8F03CCEBD21ADC2C80A1289824
|
||||
- created_at: "2022-08-27T22:15:58Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA8NZISUyGt9CAQ//d/OZBqdnhWrnF2SPCAp68KJuHgYuE/TitOhG2rNWo+UZ
|
||||
+n8dzvGdzPmWRXQIIonWw1aVkuFd9I0jvJ7qSN+kYcq9sOAswdMwj6RyGSOyarfK
|
||||
/XjdGnYRUvTcKKVz2M3Xq15flk5juxlYSmcGpGnDJpyeR3tXRHNRqxWCNFXKQwxR
|
||||
FIJmCo3LQr87zuuOKl1QEhQ6n67edT7IKK3AQrVlLniNDKaWh6lgI3Q/OVJdJ2BU
|
||||
yEDCVizRYCuBjQYM+rR9sdcaiK2P+44nw2sL5QNyyqHPnUCi38Cghb2g9EjYo+w1
|
||||
KH1335wgqATIiDjae+jGffnNQvxPMz8ZgxebMsqcOWs6NELF7yvHFwTv7sA0Dvkx
|
||||
dyLraXNK3SUdz1ZLwEDPnYx/tsRMgUMTv80NA8FL4sFnNtBRlJ6mOc74YItFHzBi
|
||||
errADMOllhFuPVl3yuC1j99HyxUeTNFnoukSi1kNs0dGr7N8+jvWQqIcJgMkv6Mo
|
||||
P75retb3De5Bcx8XkRpxsN8In3fUUO0xyI2HQykf0ECEHRc7HdZn+2oD3yqk4fME
|
||||
sp97lW448JslS9Rn4WGWA11TWrz8kUSv+1NOHan/bEkR5HWku8ETyKZTqAWRmwh5
|
||||
pCyEmMnjbNUNXA02PuxtNjTLZP2E4agdSs9oQ8MM4xOBIFdNkSLc72PjzcZ/uJjS
|
||||
WAHdCpTZC393/TbeBdN8A2gmbctMRxdQF6Bilph665eUMml/07zndKF0nZYvlM4b
|
||||
OkbPsz1zZ46xJRESmj5Ef3bbm7ANLrPzWJNPCKRpFdCBaUtuXMKT2T8=
|
||||
=M7js
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 9cb1fda8a56fa7ab852f666fc3592125321adf42
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
|
@ -0,0 +1,45 @@
|
|||
phobos_ssh: ENC[AES256_GCM,data:M9bJJRMwEODCkwpBijCkjCd/2Km/zUj1kSs/buHsuWeGi2qnv+cNq2AmE5T1yK4auawsZgQvvytFReUqpgCFPIkU7cWH5IuUm2gGZOS1bWpfR7HwoOQVMdkU/whqRi+Gj5PPzyS3RHLlDfUenVZVPoN7GHiRWf71PyVhlhKulIe1ZiaitF5msUIblSHW2flZgRePmnqBUULrfxK2ZkmDl5bnfQY2HNsyaNo9Qj372sQwDiComuMLmJBYIXBhrbucnjJIXNkAOmox7GGcM8rZy7QKhXloTNJM1SMbZJnLPSksRqOO/enM4Tda81GV9dJetFaxSMjgSoKhLDK2hDdUwpX4iGGpsl8S37O3VRmOXi/QlWApMpRWfanC3NFApFzIqOy+GoRtWysrKBJ6S7W/NDMdlBxZmeZHxxhVmwIkMG5mfIBrdiErHUX4xlawEdbwKnRT4zz3x1e+1Xm2CpKBSrE1FkUzRRtMnsLb5pw/WNJL9ueRsKG9Wf73VZvfKGdDeu4grGr2L6cRHwF2+JAj,iv:0pwaq3zOzdXJ89N9y1G0tjAtR/sYaI+rMMixPHQcSyA=,tag:yJkJ1wg3lUTEeSkZge0xZA==,type:str]
|
||||
phobos_ssh.pub: ENC[AES256_GCM,data:YRMndy7eIL2YPbf2JEfT+KRIsZrazbuJHp6vRbJ0VEU+Bg/h1CSzJpYedls/+uCmkVpoxBvdjYHeCKtneyJCzkaDzJsUz+RcfrIGQEhake76X9omur9rTK/MJyI=,iv:OtacGQQUaIgDKLkTunOsqFfdh982T9yYH1RoYdvT7vo=,tag:/nNj/xjhnvgDUalOeY+4vA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2022-08-27T22:46:21Z"
|
||||
mac: ENC[AES256_GCM,data:zwp5TcQFOJEG22qrQrJR/zCnLNw31Eeb7pI60fJRT/8rDYIqKguMcYbj+44fn3rRnLOQlvL0Pek2f41UlIb7LosNnoaTzTxoYBbgFRiliyII/epFXRINHrbyBEOp4Anc5445YoY/xmO9y3MLJYF9b31PVOFaAq1CJtbtfZXHCG8=,iv:OsnA+1KgwPwVacbjIbzAhKtap/lgEPpzS/i4NJGP0Qs=,tag:/Jvk62zVKHApNhBpgcH5sg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2022-08-27T22:15:58Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4DhKTlqbJ4OtgSAQdApKk6z/OCHK0Rkaqxd2F27AabN365lxZ2ms8MUGcOVHQw
|
||||
//9xS2VQqUb2uRT4eEblZuJpNRntFWRHt63AKa31U3cnooysfm+zT4/VdbFF3oqL
|
||||
1GgBCQIQ0qDqs10qB+l7uNJJQm7cMecKWsHkDgP9Zj5P0zBR2A81FfZPApC9Jofl
|
||||
442PMWoi5GS7CVu4P3WiqGOR+XSX7I6Ih4S/EYsAD338JM4Pll5qps175njNbzqj
|
||||
wvJf/ONbQR+QYQ==
|
||||
=7Rq0
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 93A4B95A3623ED8F03CCEBD21ADC2C80A1289824
|
||||
- created_at: "2022-08-27T22:15:58Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA8NZISUyGt9CAQ//d/OZBqdnhWrnF2SPCAp68KJuHgYuE/TitOhG2rNWo+UZ
|
||||
+n8dzvGdzPmWRXQIIonWw1aVkuFd9I0jvJ7qSN+kYcq9sOAswdMwj6RyGSOyarfK
|
||||
/XjdGnYRUvTcKKVz2M3Xq15flk5juxlYSmcGpGnDJpyeR3tXRHNRqxWCNFXKQwxR
|
||||
FIJmCo3LQr87zuuOKl1QEhQ6n67edT7IKK3AQrVlLniNDKaWh6lgI3Q/OVJdJ2BU
|
||||
yEDCVizRYCuBjQYM+rR9sdcaiK2P+44nw2sL5QNyyqHPnUCi38Cghb2g9EjYo+w1
|
||||
KH1335wgqATIiDjae+jGffnNQvxPMz8ZgxebMsqcOWs6NELF7yvHFwTv7sA0Dvkx
|
||||
dyLraXNK3SUdz1ZLwEDPnYx/tsRMgUMTv80NA8FL4sFnNtBRlJ6mOc74YItFHzBi
|
||||
errADMOllhFuPVl3yuC1j99HyxUeTNFnoukSi1kNs0dGr7N8+jvWQqIcJgMkv6Mo
|
||||
P75retb3De5Bcx8XkRpxsN8In3fUUO0xyI2HQykf0ECEHRc7HdZn+2oD3yqk4fME
|
||||
sp97lW448JslS9Rn4WGWA11TWrz8kUSv+1NOHan/bEkR5HWku8ETyKZTqAWRmwh5
|
||||
pCyEmMnjbNUNXA02PuxtNjTLZP2E4agdSs9oQ8MM4xOBIFdNkSLc72PjzcZ/uJjS
|
||||
WAHdCpTZC393/TbeBdN8A2gmbctMRxdQF6Bilph665eUMml/07zndKF0nZYvlM4b
|
||||
OkbPsz1zZ46xJRESmj5Ef3bbm7ANLrPzWJNPCKRpFdCBaUtuXMKT2T8=
|
||||
=M7js
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 9cb1fda8a56fa7ab852f666fc3592125321adf42
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
|
@ -0,0 +1,15 @@
|
|||
{ ... }:
|
||||
{
|
||||
users = {
|
||||
mutableUsers = false;
|
||||
users.fic = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" ];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILBoJRKGvhpJGYQfq+Ocp83nJixk8zz3cmzHOvLIW2C9 antoine.thouvenin"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJdjG/+FTghcl+sgsAFM7kdBTbGIR9JycgpWeLGJt2ZV elie.brami"
|
||||
];
|
||||
hashedPassword = "$6$CuDkmaet$ZWh.KlzZe2EF2c23GErwdbsa1naByrNe15j7Jy3SuJZfEwGUV16QEkz9bcfzHtMteTjGRr8ixOtKYn.wV8e10.";
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue