crans
/
nixos
mirror of https://gitlab.crans.org/nounous/nixos
19
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Suppression chene (passage sur debian)

cephiroth
pigeonmoelleux 2024-07-09 19:19:45 +02:00
parent 58c435f98b
commit aff8abfd8f
No known key found for this signature in database
GPG Key ID: B3BE02E379E6E8E2
7 changed files with 0 additions and 255 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.sops.yaml
View File

@ -1,6 +1,5 @@
keys:
# Hosts keys are age keys derived from the host ssh key.
- &chene age1p9h7wl3j2fl40gacknt4y95rqkaat8gntrqesx05xcg6yav8tuuqxrqv7h
- &neo age1ed9esfstrdhfl3650mv4j3mjyum70245f903ye6g0f5t2ept73nqyksh3g
- &redite age1utlywxylme0z3jenv4uz8ftcwteg9877y3zf46fu7zwjjwa05g7q88w8t0
- &two age1zlpu6qum5xcl07hnsndp78tllqph5jz7q8fr5ntxr88202xq9u9s9r2y7x
@ -18,7 +17,6 @@ creation_rules:
- *_aeltheos
- *_pigeonmoelleux
age :
- *chene
- *neo
- *redite
- *two
@ -29,13 +27,3 @@ creation_rules:
- pgp:
- *_aeltheos
- *_pigeonmoelleux
# Secrets for chene.
- path_regex: secrets/chene.yaml
key_groups:
- pgp:
- *_aeltheos
- *_pigeonmoelleux
- *_korenstin
age :
- *chene

5
flake.nix
View File

@ -28,11 +28,6 @@
flake = with nixpkgs.lib; {
nixosConfigurations = {
chene = nixosSystem {
specialArgs = inputs;
modules = [ ./hosts/vm/chene ];
};
neo = nixosSystem {
specialArgs = inputs;
modules = [ ./hosts/vm/neo ];

16
hosts/vm/chene/default.nix
View File

@ -1,16 +0,0 @@
{ ... }:
{
imports = [
./hardware-configuration.nix
./networking.nix
../../../modules
../../../modules/services/onlyoffice.nix
];
networking.hostName = "chene";
boot.loader.grub.devices = [ "/dev/sda" ];
system.stateVersion = "23.11";
}

32
hosts/vm/chene/hardware-configuration.nix
View File

@ -1,32 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/2f28760d-08fe-4614-8e58-1f6fb4482545";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
# networking.interfaces.ens19.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

53
hosts/vm/chene/networking.nix
View File

@ -1,53 +0,0 @@
{ ... }:
{
networking = {
interfaces = {
ens18 = {
ipv4 = {
addresses = [{
address = "172.16.10.148";
prefixLength = 24;
}];
};
ipv6 = {
addresses = [{
address = "fd00::10:0:ff:fe01:4810";
prefixLength = 64;
}];
};
};
ens19 = {
ipv4 = {
addresses = [{
address = "172.16.3.148";
prefixLength = 24;
}];
routes = [{
address = "0.0.0.0";
via = "172.16.3.99";
prefixLength = 0;
}];
};
ipv6 = {
addresses = [{
address = "2a0c:700:3::ff:fe01:4803";
prefixLength = 64;
}];
routes = [{
address = "::";
via = "2a0c:700:3::ff:fe00:9903";
prefixLength = 0;
}];
};
};
};
};
}

76
modules/services/onlyoffice.nix
View File

@ -1,76 +0,0 @@
{ config, pkgs, ... }:
let
format = pkgs.formats.json { };
jwtSecretFileTemplate = format.generate "local.json" {
services = {
CoAuthoring = {
token = {
enable = {
request = {
inbox = true;
outbox = true;
};
browser = true;
};
};
secret = {
inbox = {
string = "$ONLYOFFICE_PASS";
};
outbox = {
string = "$ONLYOFFICE_PASS";
};
session = {
string = "$ONLYOFFICE_PASS";
};
};
};
};
};
jwtSecretFile = "/var/lib/onlyoffice/local.json";
in
{
sops.secrets = {
onlyoffice-pass = {
sopsFile = ../../secrets/chene.yaml;
owner = "onlyoffice";
};
};
services.onlyoffice = {
enable = true;
port = 8000;
hostname = "onlyoffice.crans.org";
postgresHost = "tealc.adm.crans.org";
postgresName = "onlyoffice";
postgresUser = "onlyoffice";
postgresPasswordFile = config.sops.secrets.onlyoffice-pass.path;
jwtSecretFile = jwtSecretFile;
};
systemd.services.onlyoffice-docservice-secret = {
description = "Écriture du JWT Secret File pour OnlyOffice";
wantedBy = [ "onlyoffice-docservice.service" ];
before = [ "onlyoffice-docservice.service" ];
path = [ pkgs.envsubst ];
script = ''
ONLYOFFICE_PASS="$(<${config.sops.secrets.onlyoffice-pass.path})";
"envsubst -i ${jwtSecretFileTemplate} -o ${jwtSecretFile}"
'';
serviceConfig = {
User = "onlyoffice";
Group = "onlyoffice";
Type = "simple";
StateDirectory = "onlyoffice";
};
};
}

61
secrets/chene.yaml
View File

@ -1,61 +0,0 @@
onlyoffice-pass: ENC[AES256_GCM,data:+BoxNQR+dunewcQJFpJCNPcOfcjaz5JS+A==,iv:/NYnwZrPWkzNSFAlMw1tAKSHcdzRCYuNjNqKcoieyYs=,tag:g90i7FneDpN/lM27hXFnjg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1p9h7wl3j2fl40gacknt4y95rqkaat8gntrqesx05xcg6yav8tuuqxrqv7h
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQOVNlMzJVWGk2TDNzQ0RB
SnRRanVuc29YWS9ub2JBTGFXaE9pYWJXU0ZJCko3WCtwRVQ1V2JYTmM1RC9vQWl4
TXBwM1ZoK1lyTUlmTkd5WjhVVE5uYUkKLS0tIENhRmR3NTZNT1NZT3EvaHhpcDds
R0t6N3Rud2tkUWdTS0drMHdNOWNXWVkKq7wZ+ipcmbgQbriC7tvk6zADOreIMtMN
eWZWmxRL5aI7zeWe0/AbryatgurmYSoat4sTRembZkUOELmNPcwUlw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-21T18:07:38Z"
mac: ENC[AES256_GCM,data:7LBKELXBVj4iyTjp5lpRjLew80TurDMcu5Dv6gpnKedDxijqTtO/WEwXii1ySllRVwoErfDedpN2hervGEGii7a3+rQazHYxc9lQNdGouHEBI60bJpkeozLsdF1ePkQYrCxCZCIQnXj6rb3ib4Uxh9rkaojw3dIENmfKgFaGUFI=,iv:m0Hktx/XOJXh8vqt+M1XsRCUNtqFN7F+r/RusNg1wbs=,tag:nu+W4JzbYDCaAeBfSyGtQQ==,type:str]
pgp:
- created_at: "2024-06-21T18:07:20Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwEdD9k5IbiyAQ/9GIzyP4luwkNoZ5RXFCruzqmM15H+Lq5rpKsXB31j6aW0
xzA7SMyH3qTNBANJrFpmrAXxdAz5Vy7+VbaGPG74jDSe228xbzwGjY6olxuxAoR3
MtFaIpySNtW4jXXrL7XwJre1NtIndxaJncw4pObrYGORXMhyXYchEscPRumgX+Rf
pPiYOnyhExZQvhGPumzJlcBypiCVlfJnvMtg4ACmyMIZFSe62kPyrpYZCHJYE3T1
oSdkK94eV1LlqwcQiB0Fib2rWA8Mj7tU4LTfrTcYXTH87Gd68xo5M8Mnbj13+MLz
juFR5vjWwKVHA29hzI7JJQm4r/8othFJdFel4rn0z+aPI4ladlL+l5o+FQ2hoMWg
TsPXBE5S7nMNDQuDUCAWYcydJ3wuNcbh8yKusLN2KeDo/ShjuzHMrlzYtz7hxW4K
0NEVflqnginHtndjDPHj4C+K8074LP7uQ/W+ikSWLkIAX9h2JW3Q/0IOrEN2nggJ
NuLMCqf5o54dcO7AWBVXvDbik/ADcbXrsINUTsvpv2TAQ/ID4sYVvJTVbluXqnwx
9lRGO1mZvahvZN+DQ0keF3TV8G1ocHCVWUPRXQDXcWB9rMOh3xF1tKDMYhAZOJlg
ah812H1gPrHyF04Ohi5lc0cO2aUMBSey1rqhue2VjwwBdSIrFrpoYq3Vkt+UnkPS
XAGIWm+RXjwzI1QYYafFXN35FAScb1O9o9hOJT/tT3FEKuEWItTKt4boPrP6qfeY
ngbHQ1F76diVOGFHqsMdU+dioJpwELBuT6+/OxR3YAc1Wa5XMdJSQlhsjfRH
=2kF0
-----END PGP MESSAGE-----
fp: "0xDF6D6CE9E95E26E8"
- created_at: "2024-06-21T18:07:20Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA/HTIsSK0VBlARAAqMcFp7WL19VRmhZHXS6mmbABRuiPRLQ+Of+LpA7hRrlw
YI7qPcTqNHUgOl9uwuv3mSustX370mWBNaT7B8S/5URZCnvdtxqrVH/rGJUOk79x
sMkiyEHCJmkm/iykef1XF6tCZUoAMjuTNQbn1dn+bcj1AKdR9pVZcKvjmR90J2Ho
pfoSRxYcFI2zN8SN7EesMUJ59mOw3q8fLQAHlPi/QQI3fN09HG4PiV2q26QrlNTM
aru+y95kOBpsA/mFyjTG4axNG4cuKFMmq0mp1RJMeXpYB5MGBnKAhkP7jGAcDK9o
SUk5t+vRLD/KKj8ozDcjrM/YIGLZ+LNdfKO/eJL3yXSBZ7yZ2VWO4FlEXzEACusx
8H+EXVy3++0zFUQlcLgYrulwtJfEV0GhtB86pKsu5QQwvHz3EvK3sTLSQXNpkp8r
Z/0+Ja6ZMWT9wIfD34+HRvKScUSRm2SwcFnQx+Wp15pCA8lY/Vr39KkVolCNFB5O
gJ9pVQM02IH1Oc0x37/dOyDFQ0wvCx7lmxzyeuOrhq2i+Q8r4s9VU6MTbU/b/pZg
rbVwz0aiuOB54Q9IuXPyR0EGvkWjWvjrRseBOtHOkeqnH7Ri+swNBww07fYiqR76
EHvdLUuGWxz2TvDHgq/TnhDjA6VYv23x+Ip9Unlp3Et6ry0yLyia3Fb2HuRXJFvS
XAF2YtYgA2Hz7RjaL3Pm96LsTg6cDWdf5d1wtVG5nubrs44eKB+pJ2UlWWLKFrf3
48fkhzzWZ5DftwBI3hKiy1kZPvbOhydCCGS6t5ZqkEmWSHkyRX2TXOu+WqOh
=cmCK
-----END PGP MESSAGE-----
fp: "0xFA47BDA260489ADA"
unencrypted_suffix: _unencrypted
version: 3.8.1