xengi/infra
0
1
Fork 0
Code Pull requests Activity Actions

add psql passwords; rename md

Browse source
This commit is contained in:
XenGi 2026-02-06 22:36:28 +01:00
parent 51d225e7b4
commit 1b2e45f838
Signed by: xengi
SSH key fingerprint: SHA256:dM+fLZGsDvyv6kunjE8bGduL24VsCFB4LEOSdmRHdG0
6 changed files with 80 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

4
flake.nix
View file

@ -93,14 +93,14 @@
./hosts/matrix ./hosts/matrix
]; ];
}; };
nixosConfigurations."hedgedoc" = nixpkgs.lib.nixosSystem { nixosConfigurations."md" = nixpkgs.lib.nixosSystem {
#system = "x86_64-linux"; #system = "x86_64-linux";
#pkgs = import nixpkgs { inherit system; }; #pkgs = import nixpkgs { inherit system; };
inherit system; inherit system;
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
{ environment.systemPackages = [ (agenix.packages.${system}.default) ]; } { environment.systemPackages = [ (agenix.packages.${system}.default) ]; }
./hosts/hedgedoc ./hosts/md
]; ];
}; };
nixosConfigurations."sql" = nixpkgs.lib.nixosSystem { nixosConfigurations."sql" = nixpkgs.lib.nixosSystem {

38
hosts/hedgedoc/default.nix
View file

@ -1,38 +0,0 @@
{ ... }:
{
imports = [
../common.nix
../../services/openssh.nix
../../services/hedgedoc.nix
];
networking = {
hostName = "hedgedoc";
firewall = {
allowedTCPPorts = [
80 # HTTP/1
443 # HTTP/2
];
allowedUDPPorts = [
443 # HTTP/3
];
};
};
services = {
openssh.banner = ''
__ __ __
/\ \ /\ \ /\ \
\ \ \___ __ \_\ \ __ __ \_\ \ ___ ___
\ \ _ `\ /'__`\ /'_` \ /'_ `\ /'__`\ /'_` \ / __`\ /'___\
\ \ \ \ \/\ __//\ \L\ \/\ \L\ \/\ __//\ \L\ \/\ \L\ \/\ \__/
\ \_\ \_\ \____\ \___,_\ \____ \ \____\ \___,_\ \____/\ \____\
\/_/\/_/\/____/\/__,_ /\/___L\ \/____/\/__,_ /\/___/ \/____/
/\____/
\_/__/
'';
};
system.stateVersion = "25.11";
}

36
hosts/md/default.nix Normal file
View file

@ -0,0 +1,36 @@
{ ... }:
{
imports = [
../common.nix
../../services/openssh.nix
../../services/hedgedoc.nix
];
networking = {
hostName = "md";
firewall = {
allowedTCPPorts = [
80 # HTTP/1
443 # HTTP/2
];
allowedUDPPorts = [
443 # HTTP/3
];
};
};
services = {
openssh.banner = ''
__
/\ \
___ ___ \_\ \
/' __` __`\ /'_` \
/\ \/\ \/\ \/\ \L\ \
\ \_\ \_\ \_\ \___,_\
\/_/\/_/\/_/\/__,_ /
'';
};
system.stateVersion = "25.11";
}

19
secrets/postgres-hedgedoc.age Normal file
View file

@ -0,0 +1,19 @@
age-encryption.org/v1
-> ssh-ed25519 uH+n1w GLixFnca76xHm803JN+KAIfwV20OBqEDT3FeLeSB2l8
jPB5PyXf/YYeOGDa2TzgiE16n69i5L9hQarnkWo6mmQ
-> ssh-ed25519 EvLbWw EHxXWWxMVJb351HyeCg9ZwhuHa2EsXW9ikj1LEkeyh8
rN9f1ia2ns2vC8Vc0QKcf3JORhe8OKoHwy/2ayLW6Ak
-> ssh-ed25519 dM+fLQ O2+eaJPzd2+2E5mx/zQE4wRu6HBH6u19p23/HvPXrA8
RVLocbh9fM2YvyuAAHZZMlB16xj8nlfUd4XsvBwvZhs
-> ssh-ed25519 jxWM2Q oCQINVqZDm5f7QaJw9iP40FaMjoaXOkM1Ij7N7ntzHs
U8zqYADl+KcvcvF7jmaiuUBl2J2HiMGHvlHgmsf6Ew4
-> ssh-ed25519 /yCUCg Tof5WTA5hxHqGrMgXTIV2hkyw5i+/vxTPrphaZB/JzA
5JDdTlnMTkwb0wccvlrE4OENcGaLKELgrxfbSkeqbkw
-> ssh-ed25519 FGp51g BobAb/lSMY8cTVLcdCCGLOS0iWypf/lM2AMLrcPmdCc
WU8+jDAr1mYBxN9rZvuqQU+lnj8lpvTbsb9ZF9a9/d8
-> ssh-ed25519 I2FcBQ TLJ9nqhcOEfPOOTciWo/ulKuh7GtqZSDDXI4n1JZwRI
ldBwhmJv6Pw4Fmb3C/qz/JsWDbDICaIwyMoTvkMRt0I
-> ssh-ed25519 fEJY/A Ah/JhYfb+AhxVvr/Tuph4f8jPzlD0iIkHM2izcUfNn8
I9p4tl2irCop5p14Cu2mn6QyQRJzKMjSk1bvTSf6SZ4
--- Xy4DryiHOclGL1xaVyK3N3dVLBxr0gYwwTQPZlDNet4
ォ3p<EFBFBD>?ァ€h6<68>{rツノ橇ロ{稔ャ<E7A894>w(鐘<><E99098>uツ枯k{テ]埈チヰ<EFBE81>ュNワcホ<63>YIスE%US<55>RT赧ーJat|.∋、謄\fUレ約及xE<78><45>

20
secrets/postgres-matrix-synapse.age Normal file
View file

@ -0,0 +1,20 @@
age-encryption.org/v1
-> ssh-ed25519 uH+n1w 2c8iSQLommYEwAbcdmos5NUTwxq0Syqzi33LKGheIks
69VeTwPvhySw8zAb7/wi5EjK32U4yUWlXtlhzXPo+5w
-> ssh-ed25519 EvLbWw zxAbVUac7j6ymHcR+veJj91wx6empIcESWry5SJAiSA
kQdfHgTcvwJ6cNOhTQ6n7jyfHwDECqhZKwLHA7EwI2Y
-> ssh-ed25519 dM+fLQ FjU1FmRLYxeWuc3fD1J7UEnQBjH2DkwSFTS0OfRdr0s
+nsheCYHFYSRSzn1rsVVZoywCNF4Nf9WwQQVMLXUTyE
-> ssh-ed25519 jxWM2Q 6s7G67QfhbEPc3dsePIJngE8vHK7uzjV6IqAOIAGX1A
RXz2d3Cmb/4bE+UDwamGmDTw4ITwOQdUJAKznbGV67U
-> ssh-ed25519 /yCUCg K7/3N+yqmtldaQGMwxnHbpCj46e0hQ+mlRbkr85uww8
7RIUbgdePKWI8nExPbF8b0tWbnf00iVgLiHf5gNfrj4
-> ssh-ed25519 FGp51g MAxcrUlLbxkEoAx5eb5GR1SB34f5Lo+1Bu4gB+Iuvko
04bv1ugxY1CTKzubwFrffpVGdB7BbWLGP1++NePwAo4
-> ssh-ed25519 I2FcBQ jVCB1GcCPUdGE4lqhx/tJSo6UBqvXXK/PT6MnaOC/QE
QIYELUgsFNronR2LUQz4vhyCwnUXI1CyzpTZcjGXHs0
-> ssh-ed25519 yoCmaA IGin0TzhVwNDaofpoRj5NDqkg1iyCx/CRKfjAH7exXE
jX+SCYwU4jsg8zb7hbQh1Oib1IjnKTwgtAr57RKJgck
--- sbAmUYpaAOgxptAoOv9s3V6jhC7uGq98MkV0plKRu8c
I#‘Ç %ÛOšçtk‡Ãx”錊 ¹IHOêk¼ší¸'hQ"àâ&Ôx»çÓÔ Àh
$§{œÂë9 6×È|D3¡Þ\é…1)<29><>CªûËe=5¦vMch

5
secrets/secrets.nix
View file

@ -15,8 +15,8 @@ let
]; ];
_matrix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIApAkkhHLj918co/wUGuyW8WCPYHxsNM4uo32XDEu7VV root@matrix"; _matrix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIApAkkhHLj918co/wUGuyW8WCPYHxsNM4uo32XDEu7VV root@matrix";
_md = ""; _md = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFdFkdEEDXo8+k5YZpI1O2GqZlxcpCDtxqVun35duITm root@md";
_sql = ""; _sql = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPcSXjDSyVVVdJbpheOhT0fIuOGFk+jsHhjrAVnBNLQV root@sql";
in in
{ {
"matrix_admin_password.age".publicKeys = users; "matrix_admin_password.age".publicKeys = users;
@ -30,3 +30,4 @@ in
"postgres-matrix-synapse.age".publicKeys = users ++ [ _sql _matrix ]; "postgres-matrix-synapse.age".publicKeys = users ++ [ _sql _matrix ];
"postgres-hedgedoc.age".publicKeys = users ++ [ _sql _md ]; "postgres-hedgedoc.age".publicKeys = users ++ [ _sql _md ];
} }