From 3bccda09dbf8295639158867f7ed26b858e3101f Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Fri, 8 Mar 2024 23:11:31 +0100 Subject: [PATCH] feat(infra): Enable recording of deployments --- modules/default.nix | 1 + modules/dgn-records/__arkheon-token_file | 42 ++++++++++++++++++++++++ modules/dgn-records/default.nix | 16 +++++++++ modules/dgn-records/secrets.nix | 1 + npins/sources.json | 6 ++-- 5 files changed, 63 insertions(+), 3 deletions(-) create mode 100644 modules/dgn-records/__arkheon-token_file create mode 100644 modules/dgn-records/default.nix create mode 100644 modules/dgn-records/secrets.nix diff --git a/modules/default.nix b/modules/default.nix index 02972a9..fd7a222 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -44,6 +44,7 @@ "dgn-fail2ban" "dgn-hardware" "dgn-network" + "dgn-records" "dgn-ssh" "dgn-web" "dgn-vm-variant" diff --git a/modules/dgn-records/__arkheon-token_file b/modules/dgn-records/__arkheon-token_file new file mode 100644 index 0000000..d10d19b --- /dev/null +++ b/modules/dgn-records/__arkheon-token_file @@ -0,0 +1,42 @@ +age-encryption.org/v1 +-> ssh-ed25519 jIXfPA tUYFIHRHhzoovCj2787gimUlzImJoDMJ+tjeyKbTaWM +4v3uHBMWy7bW42R3QuMcasrZjuCGMAlvtLZc+7Lw/JE +-> ssh-ed25519 QlRB9Q kCvthexHuAgXFERWq2TSt5B2NlgIT8+mrf9YYn19llo +aGr7qXX0SMMu6CERsrRUVlNi67XvI8B8M5mDW7TFDJI +-> ssh-ed25519 r+nK/Q ob+ELcG6qX8fcQWH7diMgezHEYwqazMck8cSBXVvjXc +LPvtCVIdX3UDWGdg9O+uDGunpl/J6FeuLVJvD2m4S7I +-> ssh-rsa krWCLQ +m7Dt57o6Oc0Bfp1goSaxo950nRr1kcsMZv2uQJ9E06oD9g1PjEnAyqW/AECCE5Si +2Do7zBXYJ+cZeFdPU/W0ZPSrdFZCuF3Q4S/BgjUG7BQabnH8EgQbKJN6TJ+mUYxM +AhCPwtEKEQwEI1J6TkCq8f1cw2VAcZkBdoWZGrtZx54ZqLXmFvxYWZoRbP+1MFsH +xmQHTE6Ihkmx6Q33PnvHkdD5MprxkIkhk/QQ0TmNgPr/Hw0PLvb9J64C1l+BpuDq +NelCAymS2p55QmwZLWGafiB/1hkJJY9vgIINzTT2p8z8hD0ADnBNU5BkN6PDHD8i +orH+z13/tqYXuGiPKUXSWQ +-> ssh-ed25519 /vwQcQ GZFfbjS7SxHv4ZViDN+KIXBrpX+i721yJd9ePS5OhzQ +HBbHTWXun/Ehk9yYHqWX+Rrw3y5qfRfe4pKCGlRvwdU +-> ssh-ed25519 0R97PA rhHVQ0ANLsmpsHnxKhOVJxRyPFnxy7zFnda9B/6oj28 +1UOkeN3At/AJoD8rO3WSHtIm62JpO1uTZfFw5okMg/4 +-> ssh-ed25519 JGx7Ng BXg2NNukqSm5q3oAYzk3Du4osxjIonX0Qks0gWGlYz4 +QbhcXti1Ql1037+IBkJdMQJ2g82u7N7uu4W1ojQJFXk +-> ssh-ed25519 5SY7Kg ubt2DTgzwjr9jFsHsESiKaq8cPBRP1hCfIIQG1mjhzE +05sIp5Pj3nj1UIgaui9a0onU8qP32GHhlMMMNGtSxa4 +-> ssh-ed25519 p/Mg4Q 7NRJtGVrvvhI96FFH0B15zmoiQ4mRHiKT+9neMhRkBQ +OPXyboQRVDGjoLc2/87rhNB44p+Dj6yrH0ux3Q0368k +-> ssh-ed25519 tDqJRg xX53lCPHRDVDpOYpas9ftBrrxsdRBUTJjwjI2fnFqT4 +jChHvbDJtheO0FTH0chTIdEXKE4kBHDENm5BEli4JZc +-> ssh-ed25519 9pVK7Q tdiuNARpFCpdU9W+3/YsVZZK8Xt/NdYjqt8kxtVFLTo +pPKF2IlFzObEu5UtZ7deSOcxh9OTSK87scsgTNop1fQ +-> ssh-ed25519 /BRpBQ YsJ5p4xcU35+q0EVsERg/vh2Z4uVzFJVm6BgipH4CVs +Yz7m7pfbj6+DHT1Pa/mhcroZG4qQaV24krBaPP9JsHY +-> ssh-ed25519 +MNHsw v4XqeQR30iMCc9EzGA8IdGLoENsXx7Mfvvx4JGVV0GA +GTR9j6nMikwUuOn4Bj2PAiqxiVDw+D7dtrrJVCsEf0Y +-> ssh-ed25519 rHotTw 0CNrOIAlpnNtQEtlm0RyOrz+0ondvqY+oqM0QtwNYU0 +J2lHzfBPueh2LKt5d7QjaiPQdh/ih5lrngUGng3qWVY +-> ssh-ed25519 +mFdtQ 365dIp+r+Yhj2o0V4YhgUgMNf3AonjzQ55nnKN1g6l8 +C0wurXGyS0aVcsCJwVSkDVN0cHGFVxdHgvfP0y/AwQQ +-> ssh-ed25519 0IVRbA GGL4OdqkjGP5eoVhWtUwQSfV2f+qmoUZo+U6uaYLr00 +loMKTjt1UDgtkEsfyooqh0tfUYsyx2VlOKWmWAwzoAU +-> ssh-ed25519 8V9fnQ dMzN/gaZxUnpSCVd4vDAWd5+0Q7y67zOpEtk6Dx7dl8 +P3FsjOmuc8E0AoAbd36vfHtd61yAvCSR0qyfLhhm+kY +--- oVEtjzZ4tPxxTCrvBBbFXC0XYp08devKq78Y7evtdak +0eš-cPF . =O6x^M4@9hM9 \ No newline at end of file diff --git a/modules/dgn-records/default.nix b/modules/dgn-records/default.nix new file mode 100644 index 0000000..ecff371 --- /dev/null +++ b/modules/dgn-records/default.nix @@ -0,0 +1,16 @@ +{ config, ... }: + +{ + services.arkheon.record = { + enable = true; + + tokenFile = config.age.secrets."__arkheon-token_file".path; + + url = "https://arkheon.dgnum.eu"; + }; + + age-secrets.sources = [ ./. ]; + + # Allow using agenix for the token file + system.activationScripts.arkheon-record.deps = [ "agenix" ]; +} diff --git a/modules/dgn-records/secrets.nix b/modules/dgn-records/secrets.nix new file mode 100644 index 0000000..deac3e6 --- /dev/null +++ b/modules/dgn-records/secrets.nix @@ -0,0 +1 @@ +{ __arkheon-token_file.publicKeys = (import ../../lib { }).machineKeys; } diff --git a/npins/sources.json b/npins/sources.json index 0403929..19f4eaa 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -22,9 +22,9 @@ "repo": "arkheon" }, "branch": "main", - "revision": "a75356f4d0c569da30698874dd07b29cd59d7d7d", - "url": "https://github.com/RaitoBezarius/arkheon/archive/a75356f4d0c569da30698874dd07b29cd59d7d7d.tar.gz", - "hash": "10xvhfhji67i0c0vcvgsx2yrdwrf6sp71vhjdwnrbxmaqv0dz94f" + "revision": "c4b1b8efde35e16f6d07dc5c0d0d8d267a04e460", + "url": "https://github.com/RaitoBezarius/arkheon/archive/c4b1b8efde35e16f6d07dc5c0d0d8d267a04e460.tar.gz", + "hash": "0ba3m9714yi3lxlydwm41ixqq0yq6qjfq86jcl2szqzh68kwvcwf" }, "attic": { "type": "Git",