From aff8abfd8f88965bd17703fea98ac5848ad5320d Mon Sep 17 00:00:00 2001 From: pigeonmoelleux Date: Tue, 9 Jul 2024 19:19:45 +0200 Subject: [PATCH] Suppression chene (passage sur debian) --- .sops.yaml | 12 ---- flake.nix | 5 -- hosts/vm/chene/default.nix | 16 ----- hosts/vm/chene/hardware-configuration.nix | 32 ---------- hosts/vm/chene/networking.nix | 53 ---------------- modules/services/onlyoffice.nix | 76 ----------------------- secrets/chene.yaml | 61 ------------------ 7 files changed, 255 deletions(-) delete mode 100644 hosts/vm/chene/default.nix delete mode 100644 hosts/vm/chene/hardware-configuration.nix delete mode 100644 hosts/vm/chene/networking.nix delete mode 100644 modules/services/onlyoffice.nix delete mode 100644 secrets/chene.yaml diff --git a/.sops.yaml b/.sops.yaml index eac8359..f01b054 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,6 +1,5 @@ keys: # Hosts keys are age keys derived from the host ssh key. - - &chene age1p9h7wl3j2fl40gacknt4y95rqkaat8gntrqesx05xcg6yav8tuuqxrqv7h - &neo age1ed9esfstrdhfl3650mv4j3mjyum70245f903ye6g0f5t2ept73nqyksh3g - &redite age1utlywxylme0z3jenv4uz8ftcwteg9877y3zf46fu7zwjjwa05g7q88w8t0 - &two age1zlpu6qum5xcl07hnsndp78tllqph5jz7q8fr5ntxr88202xq9u9s9r2y7x @@ -18,7 +17,6 @@ creation_rules: - *_aeltheos - *_pigeonmoelleux age : - - *chene - *neo - *redite - *two @@ -29,13 +27,3 @@ creation_rules: - pgp: - *_aeltheos - *_pigeonmoelleux - - # Secrets for chene. - - path_regex: secrets/chene.yaml - key_groups: - - pgp: - - *_aeltheos - - *_pigeonmoelleux - - *_korenstin - age : - - *chene diff --git a/flake.nix b/flake.nix index 793338d..4d36ff8 100644 --- a/flake.nix +++ b/flake.nix @@ -28,11 +28,6 @@ flake = with nixpkgs.lib; { nixosConfigurations = { - chene = nixosSystem { - specialArgs = inputs; - modules = [ ./hosts/vm/chene ]; - }; - neo = nixosSystem { specialArgs = inputs; modules = [ ./hosts/vm/neo ]; diff --git a/hosts/vm/chene/default.nix b/hosts/vm/chene/default.nix deleted file mode 100644 index 0a92bfd..0000000 --- a/hosts/vm/chene/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ ... }: - -{ - imports = [ - ./hardware-configuration.nix - ./networking.nix - - ../../../modules - ../../../modules/services/onlyoffice.nix - ]; - - networking.hostName = "chene"; - boot.loader.grub.devices = [ "/dev/sda" ]; - - system.stateVersion = "23.11"; -} diff --git a/hosts/vm/chene/hardware-configuration.nix b/hosts/vm/chene/hardware-configuration.nix deleted file mode 100644 index 9e5a5f1..0000000 --- a/hosts/vm/chene/hardware-configuration.nix +++ /dev/null @@ -1,32 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/2f28760d-08fe-4614-8e58-1f6fb4482545"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens18.useDHCP = lib.mkDefault true; - # networking.interfaces.ens19.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/hosts/vm/chene/networking.nix b/hosts/vm/chene/networking.nix deleted file mode 100644 index adb331c..0000000 --- a/hosts/vm/chene/networking.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ ... }: - -{ - networking = { - interfaces = { - ens18 = { - - ipv4 = { - addresses = [{ - address = "172.16.10.148"; - prefixLength = 24; - }]; - }; - - ipv6 = { - addresses = [{ - address = "fd00::10:0:ff:fe01:4810"; - prefixLength = 64; - }]; - }; - - }; - - ens19 = { - - ipv4 = { - addresses = [{ - address = "172.16.3.148"; - prefixLength = 24; - }]; - routes = [{ - address = "0.0.0.0"; - via = "172.16.3.99"; - prefixLength = 0; - }]; - }; - - ipv6 = { - addresses = [{ - address = "2a0c:700:3::ff:fe01:4803"; - prefixLength = 64; - }]; - routes = [{ - address = "::"; - via = "2a0c:700:3::ff:fe00:9903"; - prefixLength = 0; - }]; - }; - - }; - }; - }; -} diff --git a/modules/services/onlyoffice.nix b/modules/services/onlyoffice.nix deleted file mode 100644 index 6084160..0000000 --- a/modules/services/onlyoffice.nix +++ /dev/null @@ -1,76 +0,0 @@ -{ config, pkgs, ... }: - -let - format = pkgs.formats.json { }; - - jwtSecretFileTemplate = format.generate "local.json" { - services = { - CoAuthoring = { - token = { - enable = { - request = { - inbox = true; - outbox = true; - }; - browser = true; - }; - }; - secret = { - inbox = { - string = "$ONLYOFFICE_PASS"; - }; - outbox = { - string = "$ONLYOFFICE_PASS"; - }; - session = { - string = "$ONLYOFFICE_PASS"; - }; - }; - }; - }; - }; - jwtSecretFile = "/var/lib/onlyoffice/local.json"; -in -{ - sops.secrets = { - onlyoffice-pass = { - sopsFile = ../../secrets/chene.yaml; - owner = "onlyoffice"; - }; - }; - - services.onlyoffice = { - enable = true; - - port = 8000; - - hostname = "onlyoffice.crans.org"; - postgresHost = "tealc.adm.crans.org"; - postgresName = "onlyoffice"; - postgresUser = "onlyoffice"; - postgresPasswordFile = config.sops.secrets.onlyoffice-pass.path; - - jwtSecretFile = jwtSecretFile; - }; - - systemd.services.onlyoffice-docservice-secret = { - description = "Écriture du JWT Secret File pour OnlyOffice"; - - wantedBy = [ "onlyoffice-docservice.service" ]; - before = [ "onlyoffice-docservice.service" ]; - - path = [ pkgs.envsubst ]; - script = '' - ONLYOFFICE_PASS="$(<${config.sops.secrets.onlyoffice-pass.path})"; - "envsubst -i ${jwtSecretFileTemplate} -o ${jwtSecretFile}" - ''; - - serviceConfig = { - User = "onlyoffice"; - Group = "onlyoffice"; - - Type = "simple"; - StateDirectory = "onlyoffice"; - }; - }; -} diff --git a/secrets/chene.yaml b/secrets/chene.yaml deleted file mode 100644 index f079a34..0000000 --- a/secrets/chene.yaml +++ /dev/null @@ -1,61 +0,0 @@ -onlyoffice-pass: ENC[AES256_GCM,data:+BoxNQR+dunewcQJFpJCNPcOfcjaz5JS+A==,iv:/NYnwZrPWkzNSFAlMw1tAKSHcdzRCYuNjNqKcoieyYs=,tag:g90i7FneDpN/lM27hXFnjg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1p9h7wl3j2fl40gacknt4y95rqkaat8gntrqesx05xcg6yav8tuuqxrqv7h - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQOVNlMzJVWGk2TDNzQ0RB - SnRRanVuc29YWS9ub2JBTGFXaE9pYWJXU0ZJCko3WCtwRVQ1V2JYTmM1RC9vQWl4 - TXBwM1ZoK1lyTUlmTkd5WjhVVE5uYUkKLS0tIENhRmR3NTZNT1NZT3EvaHhpcDds - R0t6N3Rud2tkUWdTS0drMHdNOWNXWVkKq7wZ+ipcmbgQbriC7tvk6zADOreIMtMN - eWZWmxRL5aI7zeWe0/AbryatgurmYSoat4sTRembZkUOELmNPcwUlw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-21T18:07:38Z" - mac: ENC[AES256_GCM,data:7LBKELXBVj4iyTjp5lpRjLew80TurDMcu5Dv6gpnKedDxijqTtO/WEwXii1ySllRVwoErfDedpN2hervGEGii7a3+rQazHYxc9lQNdGouHEBI60bJpkeozLsdF1ePkQYrCxCZCIQnXj6rb3ib4Uxh9rkaojw3dIENmfKgFaGUFI=,iv:m0Hktx/XOJXh8vqt+M1XsRCUNtqFN7F+r/RusNg1wbs=,tag:nu+W4JzbYDCaAeBfSyGtQQ==,type:str] - pgp: - - created_at: "2024-06-21T18:07:20Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMAwEdD9k5IbiyAQ/9GIzyP4luwkNoZ5RXFCruzqmM15H+Lq5rpKsXB31j6aW0 - xzA7SMyH3qTNBANJrFpmrAXxdAz5Vy7+VbaGPG74jDSe228xbzwGjY6olxuxAoR3 - MtFaIpySNtW4jXXrL7XwJre1NtIndxaJncw4pObrYGORXMhyXYchEscPRumgX+Rf - pPiYOnyhExZQvhGPumzJlcBypiCVlfJnvMtg4ACmyMIZFSe62kPyrpYZCHJYE3T1 - oSdkK94eV1LlqwcQiB0Fib2rWA8Mj7tU4LTfrTcYXTH87Gd68xo5M8Mnbj13+MLz - juFR5vjWwKVHA29hzI7JJQm4r/8othFJdFel4rn0z+aPI4ladlL+l5o+FQ2hoMWg - TsPXBE5S7nMNDQuDUCAWYcydJ3wuNcbh8yKusLN2KeDo/ShjuzHMrlzYtz7hxW4K - 0NEVflqnginHtndjDPHj4C+K8074LP7uQ/W+ikSWLkIAX9h2JW3Q/0IOrEN2nggJ - NuLMCqf5o54dcO7AWBVXvDbik/ADcbXrsINUTsvpv2TAQ/ID4sYVvJTVbluXqnwx - 9lRGO1mZvahvZN+DQ0keF3TV8G1ocHCVWUPRXQDXcWB9rMOh3xF1tKDMYhAZOJlg - ah812H1gPrHyF04Ohi5lc0cO2aUMBSey1rqhue2VjwwBdSIrFrpoYq3Vkt+UnkPS - XAGIWm+RXjwzI1QYYafFXN35FAScb1O9o9hOJT/tT3FEKuEWItTKt4boPrP6qfeY - ngbHQ1F76diVOGFHqsMdU+dioJpwELBuT6+/OxR3YAc1Wa5XMdJSQlhsjfRH - =2kF0 - -----END PGP MESSAGE----- - fp: "0xDF6D6CE9E95E26E8" - - created_at: "2024-06-21T18:07:20Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMA/HTIsSK0VBlARAAqMcFp7WL19VRmhZHXS6mmbABRuiPRLQ+Of+LpA7hRrlw - YI7qPcTqNHUgOl9uwuv3mSustX370mWBNaT7B8S/5URZCnvdtxqrVH/rGJUOk79x - sMkiyEHCJmkm/iykef1XF6tCZUoAMjuTNQbn1dn+bcj1AKdR9pVZcKvjmR90J2Ho - pfoSRxYcFI2zN8SN7EesMUJ59mOw3q8fLQAHlPi/QQI3fN09HG4PiV2q26QrlNTM - aru+y95kOBpsA/mFyjTG4axNG4cuKFMmq0mp1RJMeXpYB5MGBnKAhkP7jGAcDK9o - SUk5t+vRLD/KKj8ozDcjrM/YIGLZ+LNdfKO/eJL3yXSBZ7yZ2VWO4FlEXzEACusx - 8H+EXVy3++0zFUQlcLgYrulwtJfEV0GhtB86pKsu5QQwvHz3EvK3sTLSQXNpkp8r - Z/0+Ja6ZMWT9wIfD34+HRvKScUSRm2SwcFnQx+Wp15pCA8lY/Vr39KkVolCNFB5O - gJ9pVQM02IH1Oc0x37/dOyDFQ0wvCx7lmxzyeuOrhq2i+Q8r4s9VU6MTbU/b/pZg - rbVwz0aiuOB54Q9IuXPyR0EGvkWjWvjrRseBOtHOkeqnH7Ri+swNBww07fYiqR76 - EHvdLUuGWxz2TvDHgq/TnhDjA6VYv23x+Ip9Unlp3Et6ry0yLyia3Fb2HuRXJFvS - XAF2YtYgA2Hz7RjaL3Pm96LsTg6cDWdf5d1wtVG5nubrs44eKB+pJ2UlWWLKFrf3 - 48fkhzzWZ5DftwBI3hKiy1kZPvbOhydCCGS6t5ZqkEmWSHkyRX2TXOu+WqOh - =cmCK - -----END PGP MESSAGE----- - fp: "0xFA47BDA260489ADA" - unencrypted_suffix: _unencrypted - version: 3.8.1