diff --git a/machines/.sops.yaml b/machines/.sops.yaml index 704e5fe..5ef9757 100644 --- a/machines/.sops.yaml +++ b/machines/.sops.yaml @@ -73,3 +73,12 @@ creation_rules: - *admin_kalipso_dsktp age: - *admin_atlan + + - path_regex: discourse/secrets.yaml$ + key_groups: + - pgp: + - *admin_kalipso + - *admin_kalipso_dsktp + - *machine_durruti + age: + - *admin_atlan \ No newline at end of file diff --git a/machines/configuration.nix b/machines/configuration.nix index cb6c8bd..4c0133d 100644 --- a/machines/configuration.nix +++ b/machines/configuration.nix @@ -186,4 +186,12 @@ in specialArgs.self = self; modules = defaultModules ++ [ ./testvm ]; }; + discourse = nixosSystem { + system = "x86_64-linux"; + specialArgs.inputs = inputs; + specialArgs.self = self; + modules = makeMicroVM "durruti" "10.0.0.7" [ + ./discourse/configuration.nix + ]; + }; } diff --git a/machines/discourse/configuration.nix b/machines/discourse/configuration.nix new file mode 100644 index 0000000..4208aff --- /dev/null +++ b/machines/discourse/configuration.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + sops.defaultSopsFile = ./secrets.yaml; + + networking = { + hostName = mkDefault "discourse"; + useDHCP = false; + nameservers = [ "1.1.1.1" ]; + }; + + imports = [ + ../modules/malobeo_user.nix + ../modules/sshd.nix + ../modules/minimal_tools.nix + ../modules/autoupdate.nix + ]; + + services.discourse = { + enable = true; + hostname = "forum.malobeol.org"; + admin = { + email = "admin@example.org"; + username = "admin"; + fullName = "Admin"; + passwordFile = config.sops.secrets.discourseAdminPasswordFile.path; + }; + secretKeyBaseFile = config.sops.secrets.discourseSecretKeyBaseFile.path; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + system.stateVersion = "22.11"; # Did you read the comment? +} + diff --git a/machines/discourse/secrets.yaml b/machines/discourse/secrets.yaml new file mode 100644 index 0000000..6008e86 --- /dev/null +++ b/machines/discourse/secrets.yaml @@ -0,0 +1,81 @@ +discourseSecretKeyBaseFile: ENC[AES256_GCM,data:XKjcm+sOt4HazADjcJ6MilYNZMbO5IVMGnfdUXyx+9OjmEfk/zb0dhIjpZ2t6P1UfQUFI7NT2BMKgEjb2EG+5Kjxsq4mN+zoBxZAZI0WM6/WoF3ydwuqVamr1rIXfGN/W58UAink8K4SW7B6sbb76yQOWoP/GRHEaIxNvdnsGyE=,iv:LaoFS0O1qIpL/w1Gp98Em14hRohNR/FNqir38hBbCac=,tag:2zV5XRSkL6zYxylJoJ/OLQ==,type:str] +#ENC[AES256_GCM,data:sCvaoU2W7sc=,iv:iZdeM7YEkyOhkQUrHoRFJEnWw47OmBvi5AJ3ZEXck8k=,tag:wnh19onScSBPkyZw8PLQiA==,type:comment] +discourseAdminPasswordFile: ENC[AES256_GCM,data:01pJVQ==,iv:FjU8sM0n1YDhywUoaWHnvBcsNMFeqqxp+eYyAKByT1E=,tag:LR70T8ywo80PQHNHj6aJEA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyVG1UYmZyWk8vZXJPdFBm + bHlwMUJ0ZjJQS3A0ZytLbXRCbGxyREZKajJjClI3NEt3c0RyOVZrZzh4ZGFsQ1Ft + NFdJd3hhRTNaV0ZGRHdBdEVOdm4wR0EKLS0tIDlvcFB0Z1VtRUVQVFBKRVRuN3Jn + RmI4OWI3YU5PUkFpeUROMEJHbXU1MjAKOOt7LCeH4mJtm+ngT9A2Ubzdje435RK+ + PomvgpBQ3t3ry+mBMz25DdgIYgBsnDS2ji5mavd3Zx2dbah0q4Cdrw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-26T17:23:55Z" + mac: ENC[AES256_GCM,data:axeHNSEsXZu4LCaQoy8FzDd7yBjy5nrjDmEF5pEwxmCw4bp1Gssdy2CVs0oDqU0UbOQ8D5Q8tevhdhxSTx19JF9HnaD4b3NL6+bmObx+d67zVqtyv1E0hHDgfsQBuoMQOou2ht6hhkz/VRUmbBICOZERc7o87uzXNXG2pP34vNY=,iv:jaBiGbxC62rnhotquYZ6id0f94+crve7Cnn8dFnzdC4=,tag:7lCHK6HvqDmOEfCA+wHtIg==,type:str] + pgp: + - created_at: "2024-11-26T17:23:19Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQGMA5HdvEwzh/H7AQv9EDScYMdx0QPqz9ipgvsZTBOqsrLUvGOYcwod9412bMzO + Oic5VkkiCSDPARP2JRGlS1Qvr3Oecdvo/TBpThWrWgaxS6THHPUyiaZGQhQXUnHo + d6u+OPMH4eZ3Vmn5pzbRwTg1mpKKwtvtMo+xCEaygPFGoIMMlmDr/q3agsJ07YBI + Ip9764gqBS6N+J3KN6j3XM/LHEu3e/qwp049BCslfWqVKZB7lQ7NbVkyGCM37aL9 + /GQSUvD+MU6WeIGd4Hr73pbc+MrB/KbSbufuwOVIUdZU/n6znusa1LjMuFgg9iOU + jsUmsdt7EhVpz7aQ1obFIcDVa7HFNF+Lp+78QgAInMK9QNWzH4OJumhrqovtbajg + xGfe0AJnkctYMOA3a6SHT2YZv3/iLqMkz/ioEVInlB9BAfNFK9UZWadVLEYyzJQR + 1rs54kbtm71/eTi3eadS3yRfEHoSgHrrPuRN2tzSCi1w2QK0a724v5Jtr/epzycT + oA4ha42dC4z1n66b7NAb0lYBSqZhcVm6wStypBGtCd0B08bFDzXng3PtfeVrD1jg + b37smpXoQNe6vvG6M9yr2qg6V21SZWw3a4K93qDn+mihbOsnpZj24L0fJctIZSC3 + la3aPsVYQg== + =G43o + -----END PGP MESSAGE----- + fp: c4639370c41133a738f643a591ddbc4c3387f1fb + - created_at: "2024-11-26T17:23:19Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA98TrrsQEbXUARAAlFNovLVBXXDUSMxBYsZll4UZ7+sPAdLZ+kDu49JlX4rJ + zNo3NiNrVMfUUZpWx3q5mYGUR5Ys441kwhDlUhj5Jv7X7PkTl2KU+pZZBr5DBnD0 + 8Nzm8CeI+3gphujX7CGjUcRUKjOMSa8nhIvz919TW1KCmr1xLDQw8yZGWn+VVBe1 + g3ut0OEDFHBcU4T3DcFq7UMUCPpwo1Eas2tcLg4N18YCZanL34ziVlHlzocvE4Jz + 1Y/tWvYj/OytktRDITi9/OIdS4hmSSPe8Qzb5abSCz20CzojVaDwEFGgwv9IRkBQ + C7RmPyd3u8Y/13tMORKz65LExmolhQyW4GVozDdEFQckwBYxMmaY9q7JVgKi5WD+ + 8s3r4vcIdISKlWH0E3qmJhkHxpoDmAS7NLXb8ROpCjKZKTK+XE0AEK8S3CFNgbvA + yKAnr7MVMJJBjbgxKJaoIjwNwkXQWCvm1f2s+xJTGQGHG+2hMgVoYb6dlpir08jR + yDHYxtpz/tRSXkjM7C6+r3SzZub/xowtWNUeZJqhsBhpP7cVT/dkd9cKvL+LTYM5 + nQpczoNfBSn/wt87rCV6lFRyUsqhqUfMIR4T8mpa+2weneqX8olb8CT4312E9eEw + mqVX+fGETWpUN/cEpnFFcXS/MPAJCHyedov5MgdmBL/XEVKbWAPk22CGgFv8GHTS + VgEKUaeKWKThwCYl8ylTpgO7eZ+retflRpoVUddWyAiTe/rTvrBfR9hayZPYp2Lf + vmQLDfcHAH/DmazB7CAlomaLS/1ab1zHltvSw4HFKFy9lxl692Fk + =BnOX + -----END PGP MESSAGE----- + fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4 + - created_at: "2024-11-26T17:23:19Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1kR3vWkIYVnARAAm1JETHrYuQ282GaaCLC9ZRjtskt3Tt9sAveKoltS6PgG + zDE1L5XFgWMg+IrxISqw4a6dIoJcJVlSIaojPkAENqjeHWEFdI6QoQ2P3yNgU8Fd + MzTukSmPZwP/XMLE73SIWU7+23qlnnCQrHzqNHZh6vijz6fIjQ4xfvGnV2n0MD/V + BVjPZJv3BbV+Xaf43hwEsFfn90h8wyd1Ls3Q7PlQA9lL952B9IAm3koN/LWAbYqo + oxSXb13kQuvtL6TwsHc1QGlHWaEdJRgTLnYxroqgOC6PXKqoTSmX4adeExWCMg7E + HGe/S/PG6xBJlWhZcDS2ldZjFCHojy43NsJj/0ir4onBqehvb/Bw2RiVrRW9ZCNx + Ydk1UXdk/2bFeHSTaSNEgXEsU6GQNFRKS+PkxLst5xT2GLnPAQu1vCxVsYOze8BX + AwySIEEZikqb9ycP0eJGOYRPW1Vw43xUaexClLa6zFi+o45jxbzCOChpAobjIQ4t + kOdtEnKYTg9jWuK57zCD8/EmY98kfSSRas119fJ/8eeFib2I4WT9WwAbD4+8Ld4c + GzUg00mim2Xz6LPJkqX3SNL9/ZHqlirJMoMcltIro14dT+BsgBL/8OnHXQ0SMRhg + wz+Dx7fUcP+rkN8tSG/wXQ3CAMv8lfOw1XqKzx4mMqjaVoqbhKNPUtYRUAWWPx/S + VgEmV0aoiD0ar/QxZRUZwWawTPsJOCxZptvvsW22jWq/G7VyX6OR56XmI+jPUCFm + 1WN8TkplHFtFqUTyQL8lI66iQiaYMmpjjVU6TKqNGShHSj65cB/n + =38qM + -----END PGP MESSAGE----- + fp: 4095412245b6efc14cf92ca25911def5a4218567 + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/machines/durruti/configuration.nix b/machines/durruti/configuration.nix index 7a55b94..259d50d 100644 --- a/machines/durruti/configuration.nix +++ b/machines/durruti/configuration.nix @@ -27,7 +27,6 @@ with lib; ../modules/malobeo_user.nix ../modules/sshd.nix ../modules/minimal_tools.nix - ../modules/try/discourse.nix #also wiki.js nextcloud+collective ]; services.malobeo-tasklist.enable = true; diff --git a/machines/modules/try/discourse.nix b/machines/modules/try/discourse.nix deleted file mode 100644 index a5c8ac6..0000000 --- a/machines/modules/try/discourse.nix +++ /dev/null @@ -1,13 +0,0 @@ -{}:{ - services.discourse = { - enable = true; - hostname = "forum.malobeol.org"; - admin = { - email = "admin@"; - username = "admin"; - fullName = "Admin"; - passwordFile = ""; #sops? - }; - secretKeyBaseFile = "/run/keys/secret_key_base"; - }; -} \ No newline at end of file