erwin/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Wiki Activity Actions

valkyrie: Add coredns to handle tailscale hosts

Browse source
This commit is contained in:
Erwin Boskma 2024-04-22 17:42:51 +02:00
parent 8e8678120b
commit eb403e3ee3
Signed by: erwin
SSH key fingerprint: SHA256:/Wk1WZdLg+vQHs3in9qq7PsIp8SMzwGSk/RLZ5zPuZk
4 changed files with 82 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.sops.yaml
View file

@ -12,6 +12,7 @@ keys:
- &nix-cache age1ffpkfl4ged52ym7ynyhjc40t9v2g6pgjp4ue670lxcr6mxy7mdtqt5qjlq
- &proxy age1yz7k9s5plamjq425memjh00y4sdldgdhpwxqpx9gk9wutttx9scsdg3qd5
- &saga age10advysga7fpkh7uuv9a7phs77c5khswf5c9q9txvrauxtqr4yu0sk2r75v
- &valkyrie age139zg5z02dx3j70tl6sn2l9kq0nfz2ddkffx0grlh7gg28dafhq6qd2sj6f
creation_rules:
- path_regex: machines/loki/[^/]+\.yaml$
key_groups:
@ -79,3 +80,9 @@ creation_rules:
- *erwin
- *erwin_horus
- *saga
- path_regex: machines/valkyrie/[^/]+\.ya?ml$
key_groups:
- age:
- *erwin
- *erwin_horus
- *valkyrie

10
machines/valkyrie/configuration.nix
View file

@ -7,8 +7,9 @@
../../users/root
../../users/erwin
./kea
./blocky
./coredns
./kea
./unbound
];
@ -82,5 +83,12 @@
sudo.enable = false;
};
sops = {
defaultSopsFile = ./secrets.yaml;
secrets = {
coredns-env = { };
};
};
system.stateVersion = "23.11";
}

27
machines/valkyrie/coredns/default.nix Normal file
View file

@ -0,0 +1,27 @@
{ pkgs, config, ... }:
{
services.coredns = {
enable = true;
package = pkgs.coredns.override {
externalPlugins = [
{
name = "tailscale";
repo = "github.com/damomurf/coredns-tailscale";
version = "98dc7fc4862250aad9f00d1e50ac7b8e69bd2af9";
}
];
};
config = ''
datarift.nl:5454 {
tailscale datarift.nl {
authkey {$TS_AUTHKEY}
}
log
errors
}
'';
};
systemd.services.coredns.serviceConfig.EnvironmentFile = [ config.sops.secrets.coredns-env.path ];
}

39
machines/valkyrie/secrets.yaml Normal file
View file

@ -0,0 +1,39 @@
coredns-env: ENC[AES256_GCM,data:1tkYhD2VHExWMt2y3G/eSkP5aISkPgqY5soNE6nNfCiewVWYBATqvs/GyBVM6GyXBYudl1myYU11MHheQ3w2T2kRj8PDDr31Ygs=,iv:1JeXTP8OYP990U8ctbZFxmjt92AxKoHLBmdC6P/osV4=,tag:+pN8MrjQTgkcStfwnlSU6A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQNmhVa3hSLzhOSzRtckI0
ZzF0NU5PMTZ1NXM3Y21OM3BNVE15SmlLQlVzClZsL2FnOU9hS3VoR1dJeXh5TE82
L0hMRlpUcW1NczhpVVh0R01LVVNxWDgKLS0tIHpXNEtRYTU4Y0N3aWJPUUp0WTVW
Y0FVS2dWTzlZR2RQZ05YOWhGWHQzdG8KSfliwDisp097xCNWUbxT688514YPdPg7
CvUbeyDjQOZJLjzP9kaE1lOLPZ+iM+kq0yJfK/jShhPav+lSJ3uwvQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1435gxhlpu55pp86r8pullhc6wg43nv6qm5l3g2vl5000xhn8apdqtlf8cg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoRFBBZ2pPS2xZT09ETWpH
SXlDc091RTZlc0ZuMWJMcjBvWGpwN05QQkhrCmpwNk90QmhlTHN3RVFzTGdOUjNZ
STU5V3BNQndMSHdkdUh6a1hqZzF2eEUKLS0tIGdHQVZTdDVwazRHaUt2aXFBOExO
Z3hDalpXcTlQbC9MNEh6YVp1YXdabWMKkx/MaVPRRez1TMPSncDbng4eCMFrBdxq
fasCMZh1yii9oPajnZXWQqxa8RtNpkxeYFSp3UCgPjw54K0ycEBfUQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age139zg5z02dx3j70tl6sn2l9kq0nfz2ddkffx0grlh7gg28dafhq6qd2sj6f
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwYTNFcWpXZ0FmUkdzWVFC
YTRFc0tOU0Y2cElCMmJoZkZkQUlrcm5nQ2lZCk1LYTJLTFhwSy9UNHdHcHYwemMr
WEh5Mmk2ZFdlTllLbks5VFptSWF1Vk0KLS0tIHZqcVliY1ZaY2wwd0NtbDFvcVp6
MmRsQU43UDUyQ2ZVbWxvRWdBajYwWlEKDNaV/6gjIszP31b8kT+JZxiTWILqbQdR
OKdTbC3XIiFBGpslr5QKJzj26dKsgYvmzEHuHgglZdvuX5EDmzTf5w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-22T15:38:55Z"
mac: ENC[AES256_GCM,data:M1N8u+mFB3SsQ1PxIoLjVUPyoBoziEX35YDI93MLN81iWT/1IcwR3xmggsYHfoIoFvAQ1yp8Cwp8FSyOT+uvafVJ70npxPJKPZ4PdcxAJWcySIItu0L/PRV2wOvkfeWbfBetCAjl9u+EDZrbJjaKodOkbee5fVakFN6/3q5tseM=,iv:TneZgE0AtEzijzAfSTXg2J2yXUA78OdHrmf4dVRAHUA=,tag:FcmDIvOzDJx3g91/tdYdTw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1