fic/server
Archived
1
0
Fork 0
Code Issues Pull requests 10 Releases Wiki Activity

nixos: backend server

Browse source
This commit is contained in:
Antoine Thouvenin 2022-08-06 22:31:18 +02:00 committed by Pierre-Olivier Mercier
parent 83be5595ba
commit 643ecb1e14
24 changed files with 542 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

8
.gitignore vendored
View file

@ -32,3 +32,11 @@ fickit-update-kernel
fickit-update-squashfs.img fickit-update-squashfs.img
result result
started started
# Standalone binaries
fic-admin
fic-backend
fic-dashboard
fic-frontend
fic-qa
fic-repochecker

8
configs/synchro.sh Normal file → Executable file
View file

@ -4,19 +4,19 @@
# retrieves submissions # retrieves submissions
BASEDIR="/srv" BASEDIR="/srv"
FRONTEND_HOSTNAME="deimos" FRONTEND_HOSTNAME="synchro@deimos"
SSH_OPTS="/usr/bin/ssh -p 22 -i ~/.ssh/id_ed25519 -o ControlMaster=auto -o ControlPath=/root/.ssh/%r@%h:%p -o ControlPersist=2 -o PasswordAuthentication=no -o StrictHostKeyChecking=no" SSH_OPTS="ssh -p 22 -i ~/.ssh/id_ed25519 -o ControlMaster=auto -o ControlPath=/root/.ssh/%r@%h:%p -o ControlPersist=2 -o PasswordAuthentication=no -o StrictHostKeyChecking=no"
cd "${BASEDIR}" cd "${BASEDIR}"
touch /tmp/stop touch /tmp/stop
# Establish first ssh connection for controlpersist socket, to avoid delay during time synchronization # Establish first ssh connection for controlpersist socket, to avoid delay during time synchronization
${SSH_OPTS} ls > /dev/null ${SSH_OPTS} ${FRONTEND_HOSTNAME} ls > /dev/null
# Synchronize the date one time # Synchronize the date one time
${SSH_OPTS} date -s @"$(date +%s)" ${SSH_OPTS} ${FRONTEND_HOSTNAME} date -s @"$(date +%s)"
# Synchronize static files in a separate loop (to avoid submissions delays during file synchronization) # Synchronize static files in a separate loop (to avoid submissions delays during file synchronization)
while ! [ -f SETTINGS/stop ] || [ /tmp/stop -nt SETTINGS/stop ] while ! [ -f SETTINGS/stop ] || [ /tmp/stop -nt SETTINGS/stop ]

16
flake.nix
View file

@ -13,7 +13,7 @@
# Generate a version based on date # Generate a version based on date
version = builtins.substring 0 12 self.lastModifiedDate; version = builtins.substring 0 12 self.lastModifiedDate;
vendorSha256 = "sha256-n271oFjC13gelSNV1bZdr/KH724ewoOF1NZ6U7il56I="; vendorSha256 = "sha256-itCvN/Z8DkUUdtx6At+4DyeJK8PgFJ/5A3G03VT4I2k";
overrideModAttrs = _ : { name = "fic-./.-${version}-go-modules"; }; overrideModAttrs = _ : { name = "fic-./.-${version}-go-modules"; };
# System types to support. # System types to support.
@ -56,6 +56,20 @@
subPackages = [ "dashboard" ]; subPackages = [ "dashboard" ];
}; };
fic-synchro = pkgs.writeShellApplication {
name = "synchro";
runtimeInputs = [ pkgs.rsync pkgs.openssh pkgs.coreutils ];
text = ''
${(builtins.readFile ./configs/synchro.sh)}
'';
};
fic-configs = pkgs.stdenv.mkDerivation {
name = "configs";
src = ./.;
installPhase = "mkdir -p $out/; cp -r configs/ $out/";
};
fic-frontend = pkgs.buildGoModule { fic-frontend = pkgs.buildGoModule {
pname = "frontend"; pname = "frontend";
inherit version vendorSha256 overrideModAttrs; inherit version vendorSha256 overrideModAttrs;

17
nixos/.sops.yaml Normal file
View file

@ -0,0 +1,17 @@
keys:
# Add key signature below
- &admin_antoine C8CEBB1753433CCCD2AF0638BD721F0A3BAE578C
# Update this signature with phobos'
# Run the following line to get the fingerprint and the public key of Phobos
# ```
# ssh root@phobos "cat /etc/ssh/ssh_host_rsa_key" | nix-shell -p ssh-to-pgp --run "ssh-to-pgp -o phobos.asc"
# ```
# You have to import the key afterward using `gpg --import phobos.asc`
- &srv_phobos 9cb1fda8a56fa7ab852f666fc3592125321adf42 # replace this fingerprint with the new one `gpg --list-keys`
creation_rules:
- path: secrets/phobos.yaml
key_groups:
- pgp:
- *admin_antoine
- *srv_phobos

10
nixos/README.md Normal file
View file

@ -0,0 +1,10 @@
# NixOS configuration
## Building
```bash
# For backend (Phobos)
nixos-rebuild switch --flake /path/to/flake.nix/directory/#phobos
# For frontend (Deimos)
nixos-rebuild switch --flake /path/to/flake.nix/directory/#deimos
```

59
nixos/backend/backend.nix Normal file
View file

@ -0,0 +1,59 @@
{ config, lib, pkgs, ... }:
{
imports = [
./db.nix
./fic-admin.nix
./fic-backend.nix
./fic-dashboard.nix
./fic-evdist.nix
./fic-synchro.nix
];
config.sops = {
defaultSopsFile = ../secrets/phobos.yml; # We are currently in /nix/store/...-source/backend/
secrets.phobos_ssh = { mode = "0400"; };
# You may need to manualy remove `/run/secrets` if modified
};
config.system.activationScripts = {
# Create /var/lib/fic/** directories
makeFicDirs = lib.stringAfter [ "var" ] ''
mkdir -p /var/lib/fic/dashboard;
mkdir -p /var/lib/fic/files;
mkdir -p /var/lib/fic/pki;
mkdir -p /var/lib/fic/raw_files;
mkdir -p /var/lib/fic/settings;
mkdir -p /var/lib/fic/settingsdist;
mkdir -p /var/lib/fic/ssh;
mkdir -p /var/lib/fic/submissions;
mkdir -p /var/lib/fic/sync;
mkdir -p /var/lib/fic/teams;
mkdir -p /var/log/frontend;
'';
# Create docker network
createDockerNetworkPhobos =
let
docker = config.virtualisation.oci-containers.backend;
dockerBin = "${pkgs.${docker}}/bin/${docker}";
in
''
${dockerBin} network inspect phobos-lan >/dev/null 2>&1 \
|| ${dockerBin} network create phobos-lan --subnet 172.18.0.0/24
'';
};
config = {
networking.hostName = "phobos";
# This is needed to install fic related pkgs
nixpkgs.config.allowUnfree = true;
# To switch, remove `phobos-lan` from the networks before running nixos-rebuild
# ```
# ${dockerBin} network rm phobos-lan
# ```
virtualisation.docker.enable = true;
virtualisation.podman.enable = false;
virtualisation.oci-containers.backend = "docker";
};
}

24
nixos/backend/db.nix Normal file
View file

@ -0,0 +1,24 @@
{ config, ... }:
{
config.virtualisation.oci-containers.containers.mariadb = {
image = "mariadb:latest";
cmd = [
"/bin/bash"
"/usr/local/bin/docker-entrypoint.sh"
"mysqld"
];
ports = [ "3306:3306" ];
extraOptions = [ "--network=phobos-lan" "--ip=172.18.0.42" ];
environment = {
MYSQL_DATABASE = "fic";
MYSQL_USER = "fic";
MYSQL_PASSWORD = "fic";
MYSQL_RANDOM_ROOT_PASSWORD = "yes";
};
volumes = [
"/etc/hosts:/etc/hosts:ro"
"/etc/mysql/conf.d:/etc/mysql/conf.d:ro"
"/var/lib/fic/mysql:/var/lib/mysql"
];
};
}

40
nixos/backend/fic-admin.nix Normal file
View file

@ -0,0 +1,40 @@
{ config, inputs, pkgs, ... }:
{
config.virtualisation.oci-containers.containers.fic-admin = {
image = "fic-admin:latest";
imageFile = pkgs.dockerTools.buildImage {
name = "fic-admin";
tag = "latest";
created = "now";
config = {
Cmd = [ "${inputs.ficpkgs.packages.x86_64-linux.fic-admin}/bin/admin" ];
};
};
autoStart = true;
cmd = [
"${inputs.ficpkgs.packages.x86_64-linux.fic-admin}/bin/admin"
"-4real"
"-bind=0.0.0.0:8081"
"-baseurl=/admin/"
"-localimport=/mnt/fic"
"-timestampCheck=/srv/submissions"
];
ports = [ "8081:8081" ];
extraOptions = [ "--network=phobos-lan" "--ip=172.18.0.40" ];
environment = {
MYSQL_HOST = "db";
FICCA_PASS = "jee8AhloAith1aesCeQu5ahgIegaeM4K";
};
volumes = [
"/etc/hosts:/etc/hosts:ro"
"/var/lib/fic/raw_files:/mnt/fic"
"/var/lib/fic/dashboard:/srv/DASHBOARD"
"/var/lib/fic/files:/srv/FILES"
"/var/lib/fic/pki:/srv/PKI"
"/var/lib/fic/teams:/srv/TEAMS"
"/var/lib/fic/settings:/srv/SETTINGS"
"/var/lib/fic/sync:/srv/SYNC"
"/var/lib/fic/submissions:/srv/submissions:ro"
];
};
}

26
nixos/backend/fic-backend.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, inputs, pkgs, ... }:
{
config.virtualisation.oci-containers.containers.fic-backend = {
image = "fic-backend:latest";
imageFile = pkgs.dockerTools.buildImage {
name = "fic-backend";
tag = "latest";
created = "now";
config = {
Cmd = [ "${inputs.ficpkgs.packages.x86_64-linux.fic-backend}/bin/backend" ];
};
};
autoStart = true;
environment = {
MYSQL_HOST = "db";
};
workdir = "/srv";
extraOptions = [ "--network=phobos-lan" "--ip=172.18.0.41" ];
volumes = [
"/etc/hosts:/etc/hosts:ro"
"/var/lib/fic/teams:/srv/TEAMS"
"/var/lib/fic/settingsdist:/srv/SETTINGSDIST:ro"
"/var/lib/fic/submissions:/srv/submissions"
];
};
}

28
nixos/backend/fic-dashboard.nix Normal file
View file

@ -0,0 +1,28 @@
{ config, inputs, pkgs, ... }:
{
config.virtualisation.oci-containers.containers.fic-dashboard = {
image = "fic-dashboard:latest";
imageFile = pkgs.dockerTools.buildImage {
name = "fic-dashboard";
tag = "latest";
created = "now";
config = {
Cmd = [ "${inputs.ficpkgs.packages.x86_64-linux.fic-dashboard}/bin/dashboard" ];
};
};
autoStart = true;
cmd = [
"${inputs.ficpkgs.packages.x86_64-linux.fic-dashboard}/bin/dashboard"
"-bind=:8082"
"-restrict-to-ips=/srv/DASHBOARD/restricted-ips.json"
];
ports = [ "8082:8082" ];
volumes = [
"/etc/hosts:/etc/hosts:ro"
"/var/lib/fic/dashboard:/srv/DASHBOARD:ro"
"/var/lib/fic/files:/srv/FILES:ro"
"/var/lib/fic/teams:/srv/TEAMS:ro"
"/var/lib/fic/settingsdist:/srv/SETTINGSDIST:ro"
];
};
}

21
nixos/backend/fic-evdist.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, inputs, pkgs, ... }:
{
config.virtualisation.oci-containers.containers.fic-evdist = {
image = "fic-evdist:latest";
imageFile = pkgs.dockerTools.buildImage {
name = "fic-evdist";
tag = "latest";
created = "now";
config = {
Cmd = [ "${inputs.ficpkgs.packages.x86_64-linux.fic-evdist}/bin/evdist" ];
};
};
autoStart = true;
workdir = "/srv";
volumes = [
"/etc/hosts:/etc/hosts:ro"
"/var/lib/fic/settings:/srv/SETTINGS"
"/var/lib/fic/settingsdist:/srv/SETTINGSDIST"
];
};
}

39
nixos/backend/fic-synchro.nix Normal file
View file

@ -0,0 +1,39 @@
{ config, inputs, pkgs, ... }:
{
config.virtualisation.oci-containers.containers.fic-synchro =
{
image = "fic-synchro:latest";
imageFile = pkgs.dockerTools.buildImage {
name = "fic-synchro";
tag = "latest";
created = "now";
copyToRoot = pkgs.buildEnv {
name = "packagelist";
paths = [ pkgs.coreutils pkgs.openssh pkgs.rsync ];
};
config = {
Cmd = [ "${inputs.ficpkgs.packages.x86_64-linux.fic-synchro}/bin/synchro" ];
};
runAsRoot = ''
#!${pkgs.runtimeShell}
${pkgs.dockerTools.shadowSetup}
mkdir -p /tmp/
chmod a+rwx /tmp/
'';
};
autoStart = true;
extraOptions = [ "--network=phobos-lan" "--ip=172.18.0.43" ];
volumes = [
"/etc/hosts:/etc/hosts:ro"
"/var/lib/fic/ssh:/etc/ssh:ro"
"${config.sops.secrets.phobos_ssh.path}:/root/.ssh/id_ed25519:ro"
"/var/lib/fic/files:/srv/FILES:ro"
#"/var/lib/fic/pki/ca.key:/srv/PKI/ca.key:ro"
"/var/lib/fic/pki/shared:/srv/PKI/shared:ro"
"/var/lib/fic/settingsdist:/srv/SETTINGSDIST:ro"
"/var/lib/fic/submissions:/srv/submissions"
"/var/lib/fic/teams:/srv/TEAMS:ro"
"/var/log/frontend:/var/log/frontend"
];
};
}

6
nixos/bios.nix Normal file
View file

@ -0,0 +1,6 @@
{}:
{
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
}

8
nixos/config-var.nix Normal file
View file

@ -0,0 +1,8 @@
{
efi = false;
prod = false;
ip = {
deimos = "10.10.10.2";
phobos = "10.10.10.1";
};
}

13
nixos/configuration.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
./locale.nix
./network.nix
./packages.nix
./registry.nix
./users.nix
] ++ (if (import ../config-var.nix).efi then [ ./efi.nix ] else [ ./bios.nix ]);
system.stateVersion = "22.05";
}

5
nixos/efi.nix Normal file
View file

@ -0,0 +1,5 @@
{}:
{
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
}

45
nixos/flake.nix Normal file
View file

@ -0,0 +1,45 @@
{
description = "Fic Servers Nix Configuration";
inputs = {
nixpkgs = { url = "github:nixos/nixpkgs/nixos-unstable"; };
ficpkgs = {
# Vendor hash of fic-server's flake.nix must be up to date
#url = "git+https://git.nemunai.re/fic/server";
# For local testing only
url = "/root/fic-server";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:thouveninantoine/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs: {
nixosConfigurations =
let
common_modules = [
./configuration.nix
inputs.sops-nix.nixosModules.sops
"${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-base.nix"
];
in
{
phobos = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./backend/backend.nix
] ++ common_modules;
specialArgs = { inherit inputs; };
};
deimos = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
] ++ common_modules;
specialArgs = { inherit inputs; };
};
};
};
}

9
nixos/locale.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
time.timeZone = "Europe/Paris";
i18n.defaultLocale = "fr_FR.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "fr";
};
}

40
nixos/network.nix Normal file
View file

@ -0,0 +1,40 @@
{ ... }:
{
networking.useDHCP = false;
networking.interfaces.eno1.useDHCP = true;
networking.interfaces.enp1s0.useDHCP = true;
networking.extraHosts = ''
${(import ./config-var.nix).ip.phobos} phobos
172.18.0.40 admin
172.18.0.41 backend
172.18.0.42 db
172.18.0.43 synchro
${(import ./config-var.nix).ip.deimos} deimos
172.18.1.2 nginx
172.18.1.3 frontend
172.18.1.4 auth
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
'';
services.openssh = {
enable = true;
passwordAuthentication = false;
listenAddresses = [
{ addr = "0.0.0.0"; port = 2222; }
];
};
networking.firewall.allowedTCPPorts = [ 22 2222 ];
systemd.services.sshd.after = [ "network-interfaces.target" ];
}

14
nixos/packages.nix Normal file
View file

@ -0,0 +1,14 @@
{ pkgs, ... }:
{
nix = {
package = pkgs.nixFlakes;
extraOptions = ''
experimental-features = nix-command flakes
'';
};
environment.systemPackages = with pkgs; [
btop
git
neovim
];
}

7
nixos/registry.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }:
{
services.dockerRegistry = {
enable = true;
listenAddress = "127.0.0.1";
};
}

44
nixos/secrets/deimos.yml Normal file
View file

@ -0,0 +1,44 @@
phobos_ssh_pub: ENC[AES256_GCM,data:tDmHLPJMuELIU9kU1pCLFL+F6r5YBnkoYqut2RmFmsih4VrSEyfhn8tP+0rnR6k5d/GLhqHkzBuniXhyEGbQ0G/IYmBnJBUpyQFBdnOzCVhrNzQtM2s5zwu5ges=,iv:Ymnw+2BIh7YaoM+8iepOQpUs4heISCwuMdkrS8OWiJg=,tag:IsyoQKp7i+8q9OgH8Dkf5Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2022-09-05T13:14:03Z"
mac: ENC[AES256_GCM,data:NOoNbhyfEmB2aSQrxltZsxt1NQhl+pT9N9hdW/8a/s3VSgEQGt2teRFrqLg5hYOjlDvd4mYoeAOcG7LCkSjzOUdXj8BZYFmxbkEQGKf5n2s8ile8Qr0WofbaMP9nYCBq7R0qL4KPnhoGY6DAzGUULER13mLJKnC6wBueBr0nuio=,iv:e00tosd8DMkuSGLl4Y/SHHSWpqc+ibX2XALglN5sG2s=,tag:xK2Sk+hp77PHU++ew7IXUA==,type:str]
pgp:
- created_at: "2022-08-27T22:15:58Z"
enc: |
-----BEGIN PGP MESSAGE-----
hF4DhKTlqbJ4OtgSAQdApKk6z/OCHK0Rkaqxd2F27AabN365lxZ2ms8MUGcOVHQw
//9xS2VQqUb2uRT4eEblZuJpNRntFWRHt63AKa31U3cnooysfm+zT4/VdbFF3oqL
1GgBCQIQ0qDqs10qB+l7uNJJQm7cMecKWsHkDgP9Zj5P0zBR2A81FfZPApC9Jofl
442PMWoi5GS7CVu4P3WiqGOR+XSX7I6Ih4S/EYsAD338JM4Pll5qps175njNbzqj
wvJf/ONbQR+QYQ==
=7Rq0
-----END PGP MESSAGE-----
fp: 93A4B95A3623ED8F03CCEBD21ADC2C80A1289824
- created_at: "2022-08-27T22:15:58Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA8NZISUyGt9CAQ//d/OZBqdnhWrnF2SPCAp68KJuHgYuE/TitOhG2rNWo+UZ
+n8dzvGdzPmWRXQIIonWw1aVkuFd9I0jvJ7qSN+kYcq9sOAswdMwj6RyGSOyarfK
/XjdGnYRUvTcKKVz2M3Xq15flk5juxlYSmcGpGnDJpyeR3tXRHNRqxWCNFXKQwxR
FIJmCo3LQr87zuuOKl1QEhQ6n67edT7IKK3AQrVlLniNDKaWh6lgI3Q/OVJdJ2BU
yEDCVizRYCuBjQYM+rR9sdcaiK2P+44nw2sL5QNyyqHPnUCi38Cghb2g9EjYo+w1
KH1335wgqATIiDjae+jGffnNQvxPMz8ZgxebMsqcOWs6NELF7yvHFwTv7sA0Dvkx
dyLraXNK3SUdz1ZLwEDPnYx/tsRMgUMTv80NA8FL4sFnNtBRlJ6mOc74YItFHzBi
errADMOllhFuPVl3yuC1j99HyxUeTNFnoukSi1kNs0dGr7N8+jvWQqIcJgMkv6Mo
P75retb3De5Bcx8XkRpxsN8In3fUUO0xyI2HQykf0ECEHRc7HdZn+2oD3yqk4fME
sp97lW448JslS9Rn4WGWA11TWrz8kUSv+1NOHan/bEkR5HWku8ETyKZTqAWRmwh5
pCyEmMnjbNUNXA02PuxtNjTLZP2E4agdSs9oQ8MM4xOBIFdNkSLc72PjzcZ/uJjS
WAHdCpTZC393/TbeBdN8A2gmbctMRxdQF6Bilph665eUMml/07zndKF0nZYvlM4b
OkbPsz1zZ46xJRESmj5Ef3bbm7ANLrPzWJNPCKRpFdCBaUtuXMKT2T8=
=M7js
-----END PGP MESSAGE-----
fp: 9cb1fda8a56fa7ab852f666fc3592125321adf42
unencrypted_suffix: _unencrypted
version: 3.7.3

45
nixos/secrets/phobos.yml Normal file
View file

@ -0,0 +1,45 @@
phobos_ssh: ENC[AES256_GCM,data:M9bJJRMwEODCkwpBijCkjCd/2Km/zUj1kSs/buHsuWeGi2qnv+cNq2AmE5T1yK4auawsZgQvvytFReUqpgCFPIkU7cWH5IuUm2gGZOS1bWpfR7HwoOQVMdkU/whqRi+Gj5PPzyS3RHLlDfUenVZVPoN7GHiRWf71PyVhlhKulIe1ZiaitF5msUIblSHW2flZgRePmnqBUULrfxK2ZkmDl5bnfQY2HNsyaNo9Qj372sQwDiComuMLmJBYIXBhrbucnjJIXNkAOmox7GGcM8rZy7QKhXloTNJM1SMbZJnLPSksRqOO/enM4Tda81GV9dJetFaxSMjgSoKhLDK2hDdUwpX4iGGpsl8S37O3VRmOXi/QlWApMpRWfanC3NFApFzIqOy+GoRtWysrKBJ6S7W/NDMdlBxZmeZHxxhVmwIkMG5mfIBrdiErHUX4xlawEdbwKnRT4zz3x1e+1Xm2CpKBSrE1FkUzRRtMnsLb5pw/WNJL9ueRsKG9Wf73VZvfKGdDeu4grGr2L6cRHwF2+JAj,iv:0pwaq3zOzdXJ89N9y1G0tjAtR/sYaI+rMMixPHQcSyA=,tag:yJkJ1wg3lUTEeSkZge0xZA==,type:str]
phobos_ssh.pub: ENC[AES256_GCM,data:YRMndy7eIL2YPbf2JEfT+KRIsZrazbuJHp6vRbJ0VEU+Bg/h1CSzJpYedls/+uCmkVpoxBvdjYHeCKtneyJCzkaDzJsUz+RcfrIGQEhake76X9omur9rTK/MJyI=,iv:OtacGQQUaIgDKLkTunOsqFfdh982T9yYH1RoYdvT7vo=,tag:/nNj/xjhnvgDUalOeY+4vA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2022-08-27T22:46:21Z"
mac: ENC[AES256_GCM,data:zwp5TcQFOJEG22qrQrJR/zCnLNw31Eeb7pI60fJRT/8rDYIqKguMcYbj+44fn3rRnLOQlvL0Pek2f41UlIb7LosNnoaTzTxoYBbgFRiliyII/epFXRINHrbyBEOp4Anc5445YoY/xmO9y3MLJYF9b31PVOFaAq1CJtbtfZXHCG8=,iv:OsnA+1KgwPwVacbjIbzAhKtap/lgEPpzS/i4NJGP0Qs=,tag:/Jvk62zVKHApNhBpgcH5sg==,type:str]
pgp:
- created_at: "2022-08-27T22:15:58Z"
enc: |
-----BEGIN PGP MESSAGE-----
hF4DhKTlqbJ4OtgSAQdApKk6z/OCHK0Rkaqxd2F27AabN365lxZ2ms8MUGcOVHQw
//9xS2VQqUb2uRT4eEblZuJpNRntFWRHt63AKa31U3cnooysfm+zT4/VdbFF3oqL
1GgBCQIQ0qDqs10qB+l7uNJJQm7cMecKWsHkDgP9Zj5P0zBR2A81FfZPApC9Jofl
442PMWoi5GS7CVu4P3WiqGOR+XSX7I6Ih4S/EYsAD338JM4Pll5qps175njNbzqj
wvJf/ONbQR+QYQ==
=7Rq0
-----END PGP MESSAGE-----
fp: 93A4B95A3623ED8F03CCEBD21ADC2C80A1289824
- created_at: "2022-08-27T22:15:58Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA8NZISUyGt9CAQ//d/OZBqdnhWrnF2SPCAp68KJuHgYuE/TitOhG2rNWo+UZ
+n8dzvGdzPmWRXQIIonWw1aVkuFd9I0jvJ7qSN+kYcq9sOAswdMwj6RyGSOyarfK
/XjdGnYRUvTcKKVz2M3Xq15flk5juxlYSmcGpGnDJpyeR3tXRHNRqxWCNFXKQwxR
FIJmCo3LQr87zuuOKl1QEhQ6n67edT7IKK3AQrVlLniNDKaWh6lgI3Q/OVJdJ2BU
yEDCVizRYCuBjQYM+rR9sdcaiK2P+44nw2sL5QNyyqHPnUCi38Cghb2g9EjYo+w1
KH1335wgqATIiDjae+jGffnNQvxPMz8ZgxebMsqcOWs6NELF7yvHFwTv7sA0Dvkx
dyLraXNK3SUdz1ZLwEDPnYx/tsRMgUMTv80NA8FL4sFnNtBRlJ6mOc74YItFHzBi
errADMOllhFuPVl3yuC1j99HyxUeTNFnoukSi1kNs0dGr7N8+jvWQqIcJgMkv6Mo
P75retb3De5Bcx8XkRpxsN8In3fUUO0xyI2HQykf0ECEHRc7HdZn+2oD3yqk4fME
sp97lW448JslS9Rn4WGWA11TWrz8kUSv+1NOHan/bEkR5HWku8ETyKZTqAWRmwh5
pCyEmMnjbNUNXA02PuxtNjTLZP2E4agdSs9oQ8MM4xOBIFdNkSLc72PjzcZ/uJjS
WAHdCpTZC393/TbeBdN8A2gmbctMRxdQF6Bilph665eUMml/07zndKF0nZYvlM4b
OkbPsz1zZ46xJRESmj5Ef3bbm7ANLrPzWJNPCKRpFdCBaUtuXMKT2T8=
=M7js
-----END PGP MESSAGE-----
fp: 9cb1fda8a56fa7ab852f666fc3592125321adf42
unencrypted_suffix: _unencrypted
version: 3.7.3

15
nixos/users.nix Normal file
View file

@ -0,0 +1,15 @@
{ ... }:
{
users = {
mutableUsers = false;
users.fic = {
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILBoJRKGvhpJGYQfq+Ocp83nJixk8zz3cmzHOvLIW2C9 antoine.thouvenin"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJdjG/+FTghcl+sgsAFM7kdBTbGIR9JycgpWeLGJt2ZV elie.brami"
];
hashedPassword = "$6$CuDkmaet$ZWh.KlzZe2EF2c23GErwdbsa1naByrNe15j7Jy3SuJZfEwGUV16QEkz9bcfzHtMteTjGRr8ixOtKYn.wV8e10.";
};
};
}