diff --git a/flake.lock b/flake.lock index c5686b8..330df56 100644 --- a/flake.lock +++ b/flake.lock @@ -275,11 +275,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1707588924, - "narHash": "sha256-0e1ce6X5ghapv6cAF9rxLZKeNyFHHXsLbGxN2cQQE8U=", + "lastModified": 1709386671, + "narHash": "sha256-VPqfBnIJ+cfa78pd4Y5Cr6sOWVW8GYHRVucxJGmRf8Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "10b813040df67c4039086db0f6eaf65c536886c6", + "rev": "fa9a51752f1b5de583ad5213eb621be071806663", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 030356d..9a179d7 100644 --- a/flake.nix +++ b/flake.nix @@ -44,6 +44,7 @@ nixosConfigurations.pim = nixpkgs.lib.nixosSystem rec { system = "x86_64-linux"; + modules = [ { nixpkgs.overlays = [ diff --git a/home-manager/default.nix b/home-manager/default.nix index 9adc8fa..a4bc2c3 100644 --- a/home-manager/default.nix +++ b/home-manager/default.nix @@ -45,12 +45,14 @@ insomnia vorta jellyfin-media-player + jq + kubectl + file + yq + age + sops + nmap ]; - - file.k3s-pim-privkey = { - target = ".kube/config"; - source = ./kubeconfig.yml; - }; }; programs = { @@ -124,11 +126,6 @@ source = ../secrets/postgresql_client.key.age; symlinks = [ "${config.xdg.configHome}/home/postgresql_client.key" ]; }; - - file."k3s-pim-privkey" = { - source = ../secrets/k3s-pim-privkey.age; - symlinks = [ "${config.home.homeDirectory}/.kube/k3s-pim-privkey" ]; - }; }; fonts.fontconfig.enable = true; diff --git a/home-manager/kubeconfig.yml b/home-manager/kubeconfig.yml deleted file mode 100644 index 80f242e..0000000 --- a/home-manager/kubeconfig.yml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -clusters: -- cluster: - certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUzTURJMU56UXlOVGt3SGhjTk1qTXhNakUwTVRjeE56TTVXaGNOTXpNeE1qRXhNVGN4TnpNNQpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUzTURJMU56UXlOVGt3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFUMzdYdlBzUG9DeTk3Nm1zWm9qTHBlUklieVB5NWFPV0NJWXpyZVpUcVYKUlo4cDVyME1RdVViV0crNTJqQ1ZjNCtrZGN3WVkwRXRDaUpkZ21LSU5RcTRvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWx1ZGcvZWd0bUMvWkNiaTZMRkNnClhIaXFtL2t3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQUlTbHJ2TmVTc3RtVlFLVWp2STF3UlZPb0RMWEJjWDEKelpZOURUNW9WM214QWlBT2JKRThOaldOSUdSZE1FcWpXZXhUd1M5RUlGbGs2eUEwOXNjS0FmRUNXUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - server: https://jefke.hyp:6443 - name: default -contexts: -- context: - cluster: default - user: pim - name: default -current-context: default -kind: Config -preferences: {} -users: -- name: pim - user: - client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJWVENCL0tBREFnRUNBaEFWemhyQ3QwZzFQMWJXZW1IUGx2SUZNQW9HQ0NxR1NNNDlCQU1DTUNNeElUQWYKQmdOVkJBTU1HR3N6Y3kxamJHbGxiblF0WTJGQU1UY3dNalUzTkRJMU9UQWVGdzB5TXpFeU1UUXhPVEl3TURCYQpGdzB5TkRFeU1UTXhPVEl3TURCYU1BNHhEREFLQmdOVkJBTVRBM0JwYlRBcU1BVUdBeXRsY0FNaEFDYWxxaUdFCjdvcVo0SFNvLy95RGhqZXJrVVA5WWg4QXdFbHFnMXI4NGpvbG8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXcKRXdZRFZSMGxCQXd3Q2dZSUt3WUJCUVVIQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JTZQpkenA2TzVhajU4NGtML2FJM0pvTHhkOUtQakFLQmdncWhrak9QUVFEQWdOSUFEQkZBaUF3eDJISGNOcVd4bkhyCmkvRVg2SmJRVlRZYThmTzhpYTdMOXRYWS84OXlQQUloQVBSanlmMU0waWtCZU95VUVUODVLS1dNaDFhbWRNZVUKSUFBZTM2WDVUSVRDCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - client-key: k3s-pim-privkey diff --git a/home-manager/ssh/default.nix b/home-manager/ssh/default.nix index 757a754..a6a91b2 100644 --- a/home-manager/ssh/default.nix +++ b/home-manager/ssh/default.nix @@ -10,15 +10,10 @@ user = "pizzapim"; identitiesOnly = true; }; - lewis = lib.hm.dag.entryBefore [ "*" ] { hostname = "lewis.hyp"; }; - atlas = lib.hm.dag.entryBefore [ "*" ] { hostname = "atlas.hyp"; }; - jefke = lib.hm.dag.entryBefore [ "*" ] { hostname = "jefke.hyp"; }; - hermes = lib.hm.dag.entryBefore [ "*" ] { hostname = "hermes.dmz"; }; - maestro = lib.hm.dag.entryBefore [ "*" ] { hostname = "maestro.dmz"; }; - bancomart = - lib.hm.dag.entryBefore [ "*" ] { hostname = "bancomart.dmz"; }; - handjecontantje = - lib.hm.dag.entryBefore [ "*" ] { hostname = "handjecontantje.dmz"; }; + lewis = lib.hm.dag.entryBefore [ "*" ] { hostname = "lewis.dmz"; }; + atlas = lib.hm.dag.entryBefore [ "*" ] { hostname = "atlas.dmz"; }; + jefke = lib.hm.dag.entryBefore [ "*" ] { hostname = "jefke.dmz"; }; + warwick = lib.hm.dag.entryBefore [ "*" ] { hostname = "warwick.dmz"; }; }; }; diff --git a/nixos/default.nix b/nixos/default.nix index b80d3e7..ce5c252 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -68,25 +68,7 @@ ''; }; - programs.ssh = { - startAgent = true; - - knownHosts = { - dmz = { - hostNames = [ "*.dmz" ]; - publicKey = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x"; - certAuthority = true; - }; - - hypervisors = { - hostNames = [ "*.hyp" ]; - publicKey = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb"; - certAuthority = true; - }; - }; - }; + programs.ssh.startAgent = true; security.sudo.extraConfig = '' Defaults timestamp_timeout=30 @@ -123,7 +105,7 @@ home = { privateKeyFile = config.age.secrets.wg-quick-home-privkey.path; address = [ "10.225.191.4/24" "fd11:5ee:bad:c0de::4/128" ]; - dns = [ "192.168.30.8" "2a0d:6e00:1a77:30:c8fe:c0ff:feff:ee08" ]; + dns = [ "192.168.30.131" ]; autostart = false; peers = [{ presharedKeyFile = config.age.secrets.wg-quick-home-preshared-key.path; diff --git a/secrets/k3s-pim-privkey.age b/secrets/k3s-pim-privkey.age deleted file mode 100644 index 4ff8ffc..0000000 Binary files a/secrets/k3s-pim-privkey.age and /dev/null differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index b4e9698..1900029 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -19,5 +19,4 @@ in "keepassxc.ini.age".publicKeys = publicKeys; # Secret agent causes private keys in config file. "postgresql_client.key.age".publicKeys = publicKeys; - "k3s-pim-privkey.age".publicKeys = publicKeys; }