feat(radius): Move configuration from compute01 to vaul01

2024-04-08 22:20:53 +02:00 · 2024-04-08 22:20:53 +02:00 · ccfbc4be42
commit ccfbc4be42
parent e8fde45fbf
25 changed files with 39 additions and 65 deletions
--- a/machines/compute01/_configuration.nix
+++ b/machines/compute01/_configuration.nix
@ -14,7 +14,6 @@ lib.extra.mkConfig {
    "ds-fr"
    "grafana"
    "hedgedoc"
-    "k-radius"
    "kanidm"
    "librenms"
    "mastodon"
--- a/machines/compute01/secrets/radius-auth_token_file
+++ b/machines/compute01/secrets/radius-auth_token_file
--- a/machines/compute01/secrets/radius-ca_pem_file
+++ b/machines/compute01/secrets/radius-ca_pem_file
--- a/machines/compute01/secrets/radius-cert_pem_file
+++ b/machines/compute01/secrets/radius-cert_pem_file
--- a/machines/compute01/secrets/radius-dh_pem_file
+++ b/machines/compute01/secrets/radius-dh_pem_file
@ -1,31 +0,0 @@
-age-encryption.org/v1
-> ssh-ed25519 tDqJRg R3h8Ph1ooMaR/bmz09yRzVRq1mR3L7o87wMhsysC5kU
-Go50Us/u8CgZS7Up20RH8NlRS0+ESBw30wa8SZ5dqoo
-> ssh-ed25519 jIXfPA gMaMIQvUIu5bK5mRWP6SSZQArMzhg4bDZDcjwx9dyDY
-Vv8H7oTBvogaoW4dhdm81TOe995CSGeBxB8LtFgJqwc
-> ssh-ed25519 QlRB9Q 1CxZ2F8EMykWDzrAzN6NSPtjLmMJ99zf8UWLyV3e+Ag
-ak7M8/mCeQOMKFPllTsA79glffS/vu51vHIRT3F8qLE
-> ssh-ed25519 r+nK/Q qcuIACZn+1ofDpWW1IBmY0IIj4WZNQhxtUJlHgh11ws
-OJhEfDQHkg3s5CCBcVfba9S4OG4hBjJIYkCoLAIFwOI
-> ssh-rsa krWCLQ
-1XseIDq7c94X7Dpp1sC3oBLhZSd4w7UJ7QI03SGmqVTd3VVwP5IV430vrSIFETMI
-LopkMvCtF1XpIJQ+nHoxsukG/0kefh5Iodmd6anQNp0iVU/tWkQzWbkHlVlkxJ2M
-o3fMRAaVyH5GvQkIT5ndWma34vqwydAinM2mchi0hy0ibP5lkk8K7OtafNP4eYNh
-m7necRRI8yCuE1wBRy8sBpo5mEqGj1uINxXiF6yUI05pCBXHG1qDiFkDHfw8va9k
-Qitfwv2Clkk/hQG6aEYuruoXwq4SZxSCswMpP5Nz70I+e5YkZw8G50ICaVBXxuAP
-ABByGBZ/QKLw66NpE7rbSA
-> ssh-ed25519 /vwQcQ 1P92WFx8+9DaL2dPwmX+Bva+h7Hy9qXszDTyPvd81kc
-gLVhBlE4lAMcod32/Y8xzypVCDu4vRca3aem3OHiocU
-> ssh-ed25519 0R97PA rZblJRi2bYJig4HyzOXdtpUEEkGDlHS456aKlqxwGX4
-qjIkEyHjDxzmf34bS7qWJ9lexMXu2QMmcD9RP4MpkYQ
-> ssh-ed25519 JGx7Ng IbCSvxAUY1gDTny5KurzONVaQwX/VgvNs1hAQ9iUQRE
-5ivoGkzEHAyTl3gUE+9nVYclF8/aqnyOF3a81fZfbW0
-> t|-grease (u /1\q}65 ]@
-Dd2SJgnQFUSDlS4eSkKUaGwve8Rsv/4MNEwGRJftdtTvxv80bRuNBEFe+ah4YhiV
-LA3n6c+Te9Q
--- wWhpJpx4IHeC1Qo4nH6iuEB3e9l5b8U5xOnsX8BoBgQ
-5¥t·Œ °ÒxÚ@<1E>`zÈÔgC’à	Ñ¬:4Œó¾&Â‡Spi8ñŸuæ"lÕ‚×)<29>:ìaŒÁÄ,4ÃsÌ*uÿ€ƒ±v#ÿ*ÎàÜÊ^Ý¶‚Ø«%´Ñº98¾,yB‚Ù
-"¶%Çã¤„†NÎÓ· íò¬}	[Ñ¿Ó(äØ{<11>ý0ô—f²<66>„|Šà-—&qF	kÖ¶¹µùÔÎLì,¹À„žD™áÎ©QÍ—½è<C2BD>4N}<7D>ÙÐJ´·‹ÇÓˆpç€]dUÏø¿<C3B8>I—:ÌôÑÉ
öì’°¦£‘sý¨õB#}¹
-ÞÃXzð‰N4·>ñ5iSan`‰¹.‚õÃPcHØÉAéßÈÿµH=¥ËæÂ~ö(Pçô±Š$ ,¡ã‹ù¯ZÐ¬ÆwçÚ	/×
-Á–+rC$†ýê&ØJñ ; ÉvÞjæ‰ÎY¹,š*`ºGå=ã¯M¼ƒƒeäAQö<51>\D˜ÿ@¥j¾$gö{Q´lhIoÊÏ‚IM)};@ìNü½b‰<62>k5Dgüoþ'ItW(Ïk
-ê6)ËŒä0£<30>tM¶É
Ó(Ûê¡<C3AA>n²k®Zu%m<17>¡bzÚõ–Š¿ÁìÍÿ
--- a/machines/compute01/secrets/radius-key_pem_file
+++ b/machines/compute01/secrets/radius-key_pem_file
--- a/machines/compute01/secrets/radius-private_key_password_file
+++ b/machines/compute01/secrets/radius-private_key_password_file
@ -1,26 +0,0 @@
-age-encryption.org/v1
-> ssh-ed25519 tDqJRg sTm4u+QVtvUqNgMJhufIljdH63oCmvfbRz6NRa2ZbwI
-ZYjAINMp/ds7g+7Wjg26YRpRV+nznQPB1r7NzAHGfW0
-> ssh-ed25519 jIXfPA z4LS/Igwab0moIzxG9b06T5rZiODkdJyjaFepJVcxQ8
-qNkDc+prvr1bNTSWJyygJj7yb8MOz2nR+Z8EMHUVVOs
-> ssh-ed25519 QlRB9Q 6TQ0Vp3KB5yDIEt029hIB3aCnDjTDP0JG6LN2J9gtjU
-fZXeSxb7GJOJYvCr2nVf6BKf8QjaqOOuoi0I/xXV1qc
-> ssh-ed25519 r+nK/Q eW4wTH9PNd0mzVFsxwS4mEEn5gVUCpYA/g+ifeUB+00
-kqED+vZVHn0SXTpgbaiMseI6vPCyTt5Gfu4pHxPvKp0
-> ssh-rsa krWCLQ
-axyFJ/zhMoZ1mJLzWAbXbHjlAlLj7HraHyY6ddZBVibgRSEufdXsa8ABmdR6+EuM
-ty37+/TZOBv11ew/D1C7vQ7B/1JXgej2TAAmYt4vN3lVZdgJI+tQGiOf1nsqfI64
-p4ZbMi9G0wlzb+Z7Z5SLKo6HwharYI+vDEgh3Ua9Q+6bpZeXxxJHmkACikAI4xJV
-3lLo1iTeyJy/9u/WoHmEOuqJLeZdhmPZBozxTdDTWz9wMHy+NotfXFaIFTyUpocu
-OU19N95fyVyTRwmrGFcWs34O631Ejpo3oVLDvjXrFtV4HISSweB/YbU84EveFbz5
-28gTWKdeOQcHJfmaeJV/Rg
-> ssh-ed25519 /vwQcQ cXNRE5eLKNh4lL7S7cMDfp79+TQyiJK3gTzYCuHeRHo
-4bz0al2kf/S6VEhObpLxy8tvB1t/tBVdB1Gi/7XinD4
-> ssh-ed25519 0R97PA iGdUtE7KDRBNSXv1w0dJNPQWxAeDpIAePUU8t0qURV8
-OUoeLNWl0rLt6+FNf5plNmQIgrULwIgEL/W4HFTYeB8
-> ssh-ed25519 JGx7Ng tPkAPvVDZOcP06+mrD5uK03dUJi4aMAvkoz21y9L6Ak
-tcUItLMra+EIYH6MA1ULMpr8bkUql448jnurev8N5wk
-> \<?_-grease (+d_8zF H
-
--- /CiW5jTjVkXDOdwmb4P80FswPEpgTt2GZnqT7KlOvC0
-›=þ%©»gæÆQ³-¼ffÄUC.qÅÍ˜·H<C2B7>µ—ìäÙ=Vý£žØú<C398>ŽRåN
--- a/machines/compute01/secrets/secrets.nix
+++ b/machines/compute01/secrets/secrets.nix
@ -18,12 +18,6 @@ lib.setDefault { inherit publicKeys; } [
  "outline-oidc_client_secret_file"
  "outline-smtp_password_file"
  "outline-storage_secret_key_file"
-  "radius-auth_token_file"
-  "radius-ca_pem_file"
-  "radius-cert_pem_file"
-  "radius-dh_pem_file"
-  "radius-key_pem_file"
-  "radius-private_key_password_file"
  "satosa-env_file"
  "telegraf-environment_file"
  "vaultwarden-environment_file"
--- a/machines/vault01/_configuration.nix
+++ b/machines/vault01/_configuration.nix
@ -8,6 +8,7 @@ lib.extra.mkConfig {

  enabledServices = [
    # List of services to enable
+    "k-radius"
    "networking"
  ];

--- a/machines/compute01/k-radius/default.nix
+++ b/machines/compute01/k-radius/default.nix
--- a/machines/compute01/k-radius/module.nix
+++ b/machines/compute01/k-radius/module.nix
--- a/machines/compute01/k-radius/packages/pykanidm.nix
+++ b/machines/compute01/k-radius/packages/pykanidm.nix
--- a/machines/compute01/k-radius/packages/python/01-remove-benchmark-flags.patch
+++ b/machines/compute01/k-radius/packages/python/01-remove-benchmark-flags.patch
--- a/machines/compute01/k-radius/packages/python/default.nix
+++ b/machines/compute01/k-radius/packages/python/default.nix
--- a/machines/compute01/k-radius/packages/python/pydantic-core.nix
+++ b/machines/compute01/k-radius/packages/python/pydantic-core.nix
--- a/machines/compute01/k-radius/packages/python/pydantic.nix
+++ b/machines/compute01/k-radius/packages/python/pydantic.nix
--- a/machines/compute01/k-radius/packages/python_path.patch
+++ b/machines/compute01/k-radius/packages/python_path.patch
--- a/machines/compute01/k-radius/packages/rlm_python.nix
+++ b/machines/compute01/k-radius/packages/rlm_python.nix
--- a/machines/vault01/secrets/radius-auth_token_file
+++ b/machines/vault01/secrets/radius-auth_token_file
--- a/machines/vault01/secrets/radius-ca_pem_file
+++ b/machines/vault01/secrets/radius-ca_pem_file
--- a/machines/vault01/secrets/radius-cert_pem_file
+++ b/machines/vault01/secrets/radius-cert_pem_file
--- a/machines/vault01/secrets/radius-dh_pem_file
+++ b/machines/vault01/secrets/radius-dh_pem_file
--- a/machines/vault01/secrets/radius-key_pem_file
+++ b/machines/vault01/secrets/radius-key_pem_file
--- a/machines/vault01/secrets/radius-private_key_password_file
+++ b/machines/vault01/secrets/radius-private_key_password_file
@ -0,0 +1,30 @@
+age-encryption.org/v1
+-> ssh-ed25519 jIXfPA oTG4+leUhtu+taark5+znjTzfTPBjSgtJI5zNmLrxQw
+xsiH/nNjeBckEn1bi3OVPo/vy6WGqJftfnNgrh+7eA
+-> ssh-ed25519 QlRB9Q dk3mYy/ziQL3Cx7XB+/IY8EkrEtBNZkvLf3iwAZtYFg
+42ABG0MdenXCfgeVoTvJ8XYyKd9OuH/KVZPOdpfLTkc
+-> ssh-ed25519 r+nK/Q 2nOZZkpvToMgbg66f/DYm2J4gfzhtGEAAzlqYM44V24
+GJlZ857IA1firt/6A7dTtdqGncJg4XnCBxSLlDeIUe8
+-> ssh-rsa krWCLQ
+Z2DScQA6a5+Wzl1cD6fMcWtQRM00PM24eO2bjqlSAy+wk3J+62nxYGQJEXp4y5Ws
+Rn6FENHllIoH1mXu7XbDpnmertZK1I6krf2jbC4LoUVdXf2czksqtITjwJqFEn9k
+i27LhROdQN61xnz1OWPbTaNJAEgo6A4gzRnD6SxZjNqF0EHaBgA/SlX9lFfKtp50
+yiy6rSncJbT7Kxya8Nll/YC8RC78shs6r0+JnuGdm+GstMnkEF8eOIQuNHCPWbdN
+oT2K6oWjITwQnuSzb9+fIW9Orcl3QjFJPMlVl37p3r5BBNiuaW5Jk1ky8mP6hHRX
+Hzqa0eHffbiUSTtFbNr6vA
+-> ssh-ed25519 /vwQcQ wVRPD49z8MeLNz0XGu9HWXBPdbJkegHNOY4chmgzeCU
+iABkdTWGE+ImvRA0N2mNuUdpqEWmPe0kWRf7yDGgkHs
+-> ssh-ed25519 0R97PA 79n3SCQbXkjlk/5+GLr1bjapHNhID33zieUF0X2eZgU
+5BX9Qw6hn1Ie97AaKtpkHnLD4aXEvJI29EwiuFOaDKY
+-> ssh-ed25519 JGx7Ng vTCpM2b8rMa9o/H/0jKkEf2DRyqCnOJP3+0m9LmV42k
+dyFkt3XtZDcGx4uiJni6tdXDNVEzlFZqqPHYD/A0g7k
+-> ssh-ed25519 5SY7Kg wAHGb5dG04fIBCKSOzwTagFMC0z2eGNGLbBGdqAaFH4
+RozSCdnelai3bOX+Ls2cl2go68mfQeKTlNMRiWGjJpk
+-> ssh-ed25519 p/Mg4Q zGKTV2Z6+VG1oajB9EGRe7SsDwCeSWDjuS3Wj7D333g
+7EartLedAduICpquQkN2a2dNy9u4KLm2d97heFrceqE
+-> ssh-ed25519 5rrg4g T1fAxr/RHvWf/vh2VL41tSH9Mpmq3eFyqzJf+MJIBEk
+eYJEC1pZ4xQeaXeDV5+gYtOftla9nSSnB/WQ3rLrXn0
+-> ssh-ed25519 +mFdtQ QtrOIfJz3j4US5STmAIXOS6TsckNtJ5FPO+KHomSVGM
+qWjtGdXHHNMGBP0qByAvka7YvWLYh+JPD9MqAU8Wuzs
+--- tD/2gendSlu4C9HG5VAwueB8NPCZWC63ATSB7sETutI
+›x¡Çßv+z²m<C2B2>2¶zZa>šF¿Þ=Oùøž(¤=¶ÿg
aèôx‘¡¿Ÿ#
--- a/machines/vault01/secrets/secrets.nix
+++ b/machines/vault01/secrets/secrets.nix
@ -2,4 +2,11 @@ let
  lib = import ../../../lib { };
  publicKeys = lib.getNodeKeys "vault01";
 in
-lib.setDefault { inherit publicKeys; } [ ]
+lib.setDefault { inherit publicKeys; } [
+  "radius-auth_token_file"
+  "radius-ca_pem_file"
+  "radius-cert_pem_file"
+  "radius-dh_pem_file"
+  "radius-key_pem_file"
+  "radius-private_key_password_file"
+]