diff --git a/machines/compute01/arkheon.nix b/machines/compute01/arkheon.nix new file mode 100644 index 0000000..ad8cba9 --- /dev/null +++ b/machines/compute01/arkheon.nix @@ -0,0 +1,18 @@ +{ config, sources, ... }: + +{ + nixpkgs.overlays = [ (import (sources.arkheon.outPath + "/overlays.nix")) ]; + + services.arkheon = { + enable = true; + + domain = "arkheon.dgnum.eu"; + + nginx = { + enableACME = true; + forceSSL = true; + }; + + envFile = config.age.secrets."arkheon-env_file".path; + }; +} diff --git a/machines/compute01/secrets/arkheon-env_file b/machines/compute01/secrets/arkheon-env_file new file mode 100644 index 0000000..2de3ea6 --- /dev/null +++ b/machines/compute01/secrets/arkheon-env_file @@ -0,0 +1,28 @@ +age-encryption.org/v1 +-> ssh-ed25519 jIXfPA INJzAF2iK+5q2ufGJwu7jFCOapcwVZgp2UBjwczhXlo +WTEipfD+89IGS2oloBPzdFpPho/KiDt+5doJ/1R3wjM +-> ssh-ed25519 QlRB9Q Lcm2nsgtJGBwRl6nF8RaeclKbZCQJ9w/8iLitvFH9QI +apOCP+FzmN1g04qCQK7F7ucTh3VkVVJYZ+EMAMbG0yI +-> ssh-ed25519 r+nK/Q 0y2gnaEP/81ZoboFVg7giE2XfiPablPcGJvYrOTUkA0 +g4dNyB3wa3Sz+8TMbs2xpNNqO7qa0JauR6NrSrzSRHA +-> ssh-rsa krWCLQ +Pexl83s20owXZuiaf5zpo8t3JXMYJVMncL3GKJ7snO9YpBIWdww9idI/p0QtG6Jf +Per9dBRpL9gFPL9jygeikG6gA9MHWBQ9bqT7m+PVdn62nHZUN9UbtuseZv6BORMY +InMhbUycEAGp1B5+YP3bu0XavbniK9rBeAwExpyLUO7h9tK3uLwKHv3VQFww/Slg +YJWqBzBbrnrCGLAWEWjU8JzZQiZdH683ib9nS3xd0Q8NG6o48lT3suLPr5WttL5V +lL3oYoC/21LcgTuxdU9yEhQVApl6Y6hYcVLKq8VP8tw36NzZU/O2ECHq7JVtGtcd +mqP3TP2seMNCNkuBZfUALw +-> ssh-ed25519 /vwQcQ o6llLr/WJ2cppJWALTwiyteZxBCSKFwYLkmmxayiYC4 +oIQd1p9N+ouRxLEpuk3WBU7U6GtchDx90jm0Jkmd/iA +-> ssh-ed25519 0R97PA YDYdpzlGJUQDN+xiwfNhMr+WLzN2tkdZzGgpuAne5B4 +a3034MRbCl0vSF8dUvWjPbpKYBgMhP3VRTYG7GeKMF4 +-> ssh-ed25519 JGx7Ng uICtGdW0RHsbiSRezanT+wIOKTCnZeUaZEGv4RbDQlI +T3FGYrh9NeESFmn8OXbzQ1Cr8iW1wmZ+pRcGFPmeII4 +-> ssh-ed25519 5SY7Kg F1OXxgKW06BDK9zqOk1ldMRGh4RAftKKICRrLOjwbQM +N9ZaDbt4LJSXZJLWHGWcc4H3kb2/Fi1Jh8EuZGjQLBo +-> ssh-ed25519 p/Mg4Q 7ROCB4WeZuruIZNso4VKNSQset1BNtVqhPOVvS84/0g +dLSKYwTOL5CBboisVEppBU2VuMVjLX+QOulhZr5Or2I +-> ssh-ed25519 tDqJRg jVcjqu8WdeNclYFjWNjhUHnYnlZKNyolYu1PAoxafw0 +hu7SQxF8DhoaJGANAU8GAyxpNwfHiIc5y1whcyN7hIs +--- Uv6PnEA1RLC43xH4qf575aZUI5cDjCFVZIS3lg42Wa0 +gx% Z4r RUBnۖQ \ No newline at end of file diff --git a/machines/compute01/secrets/secrets.nix b/machines/compute01/secrets/secrets.nix index 2b057cc..dee41e0 100644 --- a/machines/compute01/secrets/secrets.nix +++ b/machines/compute01/secrets/secrets.nix @@ -4,6 +4,7 @@ let in lib.setDefault { inherit publicKeys; } [ + "arkheon-env_file" "bupstash-put_key" "ds-fr-secret_file" "grafana-smtp_password_file" diff --git a/modules/default.nix b/modules/default.nix index df7b033..02972a9 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -51,6 +51,7 @@ ++ [ "${sources.agenix}/modules/age.nix" "${sources.attic}/nixos/atticd.nix" + "${sources.arkheon}/module.nix" ] ++ ((import sources.nix-modules { inherit lib; }).importModules [ "age-secrets" diff --git a/npins/sources.json b/npins/sources.json index 3e1f4cd..7886f7c 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -14,6 +14,18 @@ "url": "https://api.github.com/repos/ryantm/agenix/tarball/0.15.0", "hash": "01dhrghwa7zw93cybvx4gnrskqk97b004nfxgsys0736823956la" }, + "arkheon": { + "type": "Git", + "repository": { + "type": "GitHub", + "owner": "RaitoBezarius", + "repo": "arkheon" + }, + "branch": "main", + "revision": "6a3f25752d44c911569727e9d7f6c81c4c1e2b78", + "url": "https://github.com/RaitoBezarius/arkheon/archive/6a3f25752d44c911569727e9d7f6c81c4c1e2b78.tar.gz", + "hash": "1wpvc5j1rwwwpv3vy6lfmc7xd6rhpqz4wr441ala4dizpial1sqv" + }, "attic": { "type": "Git", "repository": {