From ee5b5bd7e14f90c20af97c7a432650b6e2bf5463 Mon Sep 17 00:00:00 2001 From: Erwin Boskma Date: Fri, 10 Dec 2021 20:11:36 +0100 Subject: [PATCH] Added dropbox, drone config, updated flake.lock --- .sops.yaml | 6 +++ flake.lock | 38 ++++++++--------- flake.nix | 4 +- home-manager/modules/dropbox/default.nix | 12 ++++++ krops.nix | 2 +- machines/drone/configuration.nix | 11 ++++- machines/drone/secrets.yaml | 53 ++++++++++++++++++++++++ machines/loki/configuration.nix | 12 +++++- machines/loki/secrets.yaml | 5 ++- modules/desktop/default.nix | 7 +++- modules/drone/default.nix | 38 +++++++++++++++++ modules/networking/default.nix | 5 +++ 12 files changed, 165 insertions(+), 28 deletions(-) create mode 100644 home-manager/modules/dropbox/default.nix create mode 100644 machines/drone/secrets.yaml create mode 100644 modules/drone/default.nix diff --git a/.sops.yaml b/.sops.yaml index 94f51fb..5d16008 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,9 +1,15 @@ keys: - &erwin b785a9688947edabb9ec8933ee7adefe1d943c7b - &loki a6e31f5ab2bf34ca3f614d81ed9d6ae54dbcb9f7 + - &drone 8eefb1f8c85704ca47aa226a692372b1fc4bb9bf creation_rules: - path_regex: machines/loki/[^/]+\.yaml$ key_groups: - pgp: - *erwin - *loki + - path_regex: machines/drone/[^/]+\.yaml$ + key_groups: + - pgp: + - *erwin + - *drone diff --git a/flake.lock b/flake.lock index 9d9b057..4fe8cfb 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "flake-utils": { "locked": { - "lastModified": 1637014545, - "narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=", + "lastModified": 1638122382, + "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", "owner": "numtide", "repo": "flake-utils", - "rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4", + "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", "type": "github" }, "original": { @@ -34,12 +34,12 @@ "rev": "1cc03904328e4c9414fa67d99370a338cba55219", "revCount": 11, "type": "git", - "url": "ssh://git@git.datarift.nl/erwin/ha-now-playing.git" + "url": "https://@git.datarift.nl/erwin/ha-now-playing.git" }, "original": { "ref": "main", "type": "git", - "url": "ssh://git@git.datarift.nl/erwin/ha-now-playing.git" + "url": "https://@git.datarift.nl/erwin/ha-now-playing.git" } }, "home-manager": { @@ -49,11 +49,11 @@ ] }, "locked": { - "lastModified": 1637875789, - "narHash": "sha256-kwW26kGhqNsWpTz+prw/pAfqz673GojbxZuB0boc1eM=", + "lastModified": 1638959036, + "narHash": "sha256-d75Ow/rV3nq4penfTJz9H3/OlIHttoKoJUDEfink/8k=", "owner": "nix-community", "repo": "home-manager", - "rev": "579f2e8bebb954a103a96b905c27b10f15ef38c7", + "rev": "829e89a16f4f96428d1b94e68d4c06107b5491c0", "type": "github" }, "original": { @@ -69,11 +69,11 @@ ] }, "locked": { - "lastModified": 1637576998, - "narHash": "sha256-bGQ66hh4Dl78T9bd1pqdp6fprHMCkrkeKqED6sDUYqo=", + "lastModified": 1639051343, + "narHash": "sha256-62qARP+5Q0GmudcpuQHJP3/yXIgmUVoHR4orD/+FAC4=", "owner": "nix-community", "repo": "naersk", - "rev": "b043f2447a4a761529254f4983cacd94b034a122", + "rev": "ebde51ec0eec82dc71eaca03bc24cf8eb44a3d74", "type": "github" }, "original": { @@ -84,11 +84,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1637841632, - "narHash": "sha256-QYqiKHdda0EOnLGQCHE+GluD/Lq2EJj4hVTooPM55Ic=", + "lastModified": 1638986258, + "narHash": "sha256-OceRdctKZRSgqQxVRvvNB0MaEnFMzQqjUffecoDE9eI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "73369f8d0864854d1acfa7f1e6217f7d6b6e3fa1", + "rev": "581d2d6c9cd5c289002203581d8aa0861963a933", "type": "github" }, "original": { @@ -117,12 +117,12 @@ "rev": "7c037fef4cdc5933a70694d8c743b5439c8354ea", "revCount": 4, "type": "git", - "url": "ssh://git@git.datarift.nl/erwin/pamedia-rs.git" + "url": "https://git.datarift.nl/erwin/pamedia-rs.git" }, "original": { "ref": "main", "type": "git", - "url": "ssh://git@git.datarift.nl/erwin/pamedia-rs.git" + "url": "https://git.datarift.nl/erwin/pamedia-rs.git" } }, "root": { @@ -143,11 +143,11 @@ ] }, "locked": { - "lastModified": 1637735079, - "narHash": "sha256-VC6FEfYHkNMrCd9+0nATtUQAtkWOrkH4gzwGHNG4TTQ=", + "lastModified": 1638821683, + "narHash": "sha256-oyqALhGijy2ZQxFSACrcC+Z8MzYLiomKCr9FQXVZ47U=", "owner": "Mic92", "repo": "sops-nix", - "rev": "871408582627f43d0ecc5e4595dcf20cfe2ee227", + "rev": "afe00100b16648c1d79e62926caacac561df93a5", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 4d21770..1b52cd7 100644 --- a/flake.nix +++ b/flake.nix @@ -22,14 +22,14 @@ }; ha-now-playing = { - url = "git+ssh://git@git.datarift.nl/erwin/ha-now-playing.git?ref=main"; + url = "git+https://@git.datarift.nl/erwin/ha-now-playing.git?ref=main"; inputs.nixpkgs.follows = "nixpkgs"; inputs.utils.follows = "flake-utils"; inputs.naersk.follows = "naersk"; }; pamedia = { - url = "git+ssh://git@git.datarift.nl/erwin/pamedia-rs.git?ref=main"; + url = "git+https://git.datarift.nl/erwin/pamedia-rs.git?ref=main"; inputs.nixpkgs.follows = "nixpkgs"; inputs.utils.follows = "flake-utils"; inputs.naersk.follows = "naersk"; diff --git a/home-manager/modules/dropbox/default.nix b/home-manager/modules/dropbox/default.nix new file mode 100644 index 0000000..6e69e56 --- /dev/null +++ b/home-manager/modules/dropbox/default.nix @@ -0,0 +1,12 @@ +{ lib, pkgs, config, ... }: +with lib; +let + cfg = config.eboskma.programs.dropbox; +in +{ + options.eboskma.programs.dropbox = { enable = mkEnableOption "activate dropbox"; }; + + config = mkIf cfg.enable { + services.dropbox.enable = true; + }; +} diff --git a/krops.nix b/krops.nix index df588e5..7febd16 100644 --- a/krops.nix +++ b/krops.nix @@ -32,5 +32,5 @@ rec { # nix-build ./krops.nix -A loki && ./result loki = createHost "loki" "root@loki"; - drone = createHost "drone" "root@10.0.0.185"; + drone = createHost "drone" "root@10.0.0.202"; } diff --git a/machines/drone/configuration.nix b/machines/drone/configuration.nix index 8cf7ec9..480cff9 100644 --- a/machines/drone/configuration.nix +++ b/machines/drone/configuration.nix @@ -8,6 +8,7 @@ eboskma = { docker.enable = true; + drone.enable = true; nix-common.enable = true; }; @@ -25,7 +26,7 @@ eth0 = { ipv4.addresses = [{ address = "10.0.0.202"; - prefixLength = "24"; + prefixLength = 24; }]; }; }; @@ -34,7 +35,15 @@ nameservers = [ "10.0.0.254" ]; }; + environment.noXlibs = true; + services.openssh.enable = true; + sops.defaultSopsFile = ./secrets.yaml; + sops.secrets = { + drone = { }; + drone-runner = { }; + }; + system.stateVersion = "21.11"; } diff --git a/machines/drone/secrets.yaml b/machines/drone/secrets.yaml new file mode 100644 index 0000000..34c262c --- /dev/null +++ b/machines/drone/secrets.yaml @@ -0,0 +1,53 @@ +drone: ENC[AES256_GCM,data:QjRQzIrT9sqFmG4anJpbKl/p8IzazUjddjm9s3Szf5eVzD4Mq4xu3a+0jCDnBV8Ya8+s2o5+pEtqZCfU933NvJ/wSB7vF0ZF+JUfiZPDLwOCJfKG5szi25c7TkPi96yga/sClbIoaip0L4smY0ynKz3HhZAUCoUz33Gfc8mpWjA5LL15xT0heOAWHlR6qVy9FlmZzTH+Jwhkbxmf/3WK6RAsvHqhqVmuXmIaWteI8Q32zWjMerDgeTjjYuL3hxf9MxlQUHTtwiBeaFTT5mNWW7uw45bEP0YQCQYNRTzOy0qcw6hIiNWKYjkt13Mv3UIl6R9Qo9m/3uUXUXSJdoYjECfv61ZaoIFg37KMFwU2TcEYnOTZptF3oF+Gs5PLpJTum1wOxCYMsot4ZOHSzPb+bEiEtW6LFY9dKANVsTh5Iz+TcH5wz2iAXbV3qk6U,iv:xclLVEEYec2o0QCxq8DbLzpCgkapaEM8THEsBcC/nqs=,tag:gJwxJanQ6KsUcfmEAE0OyQ==,type:str] +drone-runner: ENC[AES256_GCM,data:nEvrhniOtJVsyhZwefm9B6L74fkx5tn0QUdUF0f0Jqlp/oC5b1Yw1uuQL7TjwKCYoBi68d//0IdMBKsZpbR/DA5N0PYNRqtiD743bEYTfFfQohWfEBVOQ3Ht2w/IUT07ZnEAmqTqTc4jBWwX+MqgSjk8XExTNiwOaj/VbYGZn9dAhUKm6srt+s9gAeG4IkhG1aACfajdtDaMyfwaLIVNAr46TxDtHbg=,iv:XcR6XsSYpPX2jfVxd6hWfa7921rvYCVbgnHLGmim3XY=,tag:idc7HxwT+U6QKM5zlmx5gA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2021-12-10T15:40:53Z" + mac: ENC[AES256_GCM,data:vZjdQm1GMCnvdSwdGqZb0VoIrHA51XDka5/hoGSzUv6WYPZangxJMD+yj3IJVFm929X6d1o0qqrEyjnHKHa3pSOcpAFMMelzs6sBUlcHwkU7dOIGprYPYKwgf8p/mtSpoCD1DwP1/PYztOvh39SG8pXw4QS78x3CsD0/hf17SJU=,iv:TnkXJVJmbyUBj0SqR2LF7R7gq18tf9n/KEx+i8hoZxo=,tag:s8/Gy+rldiDWfG6kFYE7Fg==,type:str] + pgp: + - created_at: "2021-12-10T15:35:15Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA6BoiFpcAxNSAQ/+OSwvGygGaNXlXdgWAcPC0QsYdYx2qGEfK0V0J68XNdvJ + 3dDc72fWz0w/aGW/tmAGMCcOLjhbl5lveVEmSdBETngVyQYG4xyv0WNs3104IqK1 + XxZO5ZOTuzrHJBmdQUdLu6Ig/ciEKJlhY314HxAb6oelNGCJX58ZhjwkxJSwJRc4 + /5lAlYe7b6MX039EWxl1NpSpSE6IWq3OeOKmMQfO60OTmSGKiV8HF84PmG0WzCRn + TJ34n/fO4fS017H7YSi5VGo+MQ0GSutSyPK8UrO1UovePupfyuOIz9W8vCFMo8Qz + Uef/MrN38sEl4UVsK7GQ0DbXaLXfbNSioAZORk0Lnpwrf8OHt4IGc94Vu63Bn4Xu + KJ/Lq0IjCcw0givEfplkdCtnEHADuTK4n8Qk/gAxjZUvqAUTkS68MxMc1ApzMMGt + IcOgKJors+J8pGfm0WKzKLl+KseP3Ek2l6pTHztjK/hTvr92xoCn0jQkTaS4ZrKw + pO6AO3s+EF2bzdVA3iw46Fl4vL0pCc27L+7m0PwEFKcQVtpoy4AATkqBSYCIgGgH + 48dW/tSM8F679bt798CUOkrzG0+4c381nZQS76dioNa7zNDWiLXhrYIEwlgooXdN + m98xpFFEu5zOnCTen4yct5qmFXzYauqCqvoeqr+4/h6dwG8E169cbjPYyLU5v9DS + XgHsFJMx8eWn0fXHkcVOzyFgRGBNdgn5PXoSYokJiLCT0ubZwoSM3NE0ZlIoXFU5 + ElfMHKSV1hhU99TJ29uTIqmjrH/vs8usHRg9isi75yHjH53Hq53RuYSNnheoP0c= + =SRmn + -----END PGP MESSAGE----- + fp: b785a9688947edabb9ec8933ee7adefe1d943c7b + - created_at: "2021-12-10T15:35:15Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA2kjcrH8S7m/ARAAsq89iB59zGF5kk+t0zUWaTYxJzqee0lug949a32YMQyp + t1ECn1dmQyxEI2uVb+F0KqrLYIscR/ASKcW7QQ3MSld04YmNElFZ7IPUHeZMDu8e + KswRoPNB6qJBwgHswLrqxzYf29RJumP0HB1vh9rVh5hvr/RrtewTOCz6Glfk5Zr2 + tm3xfWfEJWo1E4IgCJSn8xV2y8AsXJOKob4dyhpwGts9VBSvlSnhm5NpXpZqKscW + TPwIO0gWqioISv92mmr67pVwy4fb8QXQpdcbpAe5PY4csAfvLq+n5ARNJkNS/ImL + VKnSg1XIM7veLqik8ixi3DvpAoQZdywxxv8lH8oqsAp7UBFT+zc186z8axua+KBJ + zXbIcSfNmthiixItVLLts40r7CopPv7eK36QO0od9BikRjMvyzfmRo7tMJ6eQPeh + 6ASfhcwpHlQWK2w8v06921/iXXKrRpKb1rITHoj7I3enyQjFFJ5p63V22/B/UnqZ + g1pV4Gs+ekfFz02juYOeai2Q55MysrY+ytIbPj92TdCLPg58kvjFWjyIxqOSCGAI + YzeD2IeKrq4ii54Qafx8Gnq+a/1t5jT2sYi9eem7n3u9gB5ymHEZriQ9p+jDFmQ0 + NOqj9s6cqvqDOOzeoMYNUVXfcuNfjWJB3/as9paAalypV00w0tZHfqwajYeXkcDS + UAFo872CqsByrH64v/9ihvis4/8VoAsGBenGJylorRI2dyIC4DYUB+u3zAgU/v52 + XD4fcleIym+icxCi6ZCRLS8DDXLLI9qurXbHiptQO4pK + =wCQo + -----END PGP MESSAGE----- + fp: 8eefb1f8c85704ca47aa226a692372b1fc4bb9bf + unencrypted_suffix: _unencrypted + version: 3.7.1 diff --git a/machines/loki/configuration.nix b/machines/loki/configuration.nix index 7fea566..350cfa2 100644 --- a/machines/loki/configuration.nix +++ b/machines/loki/configuration.nix @@ -56,8 +56,16 @@ services.openssh.enable = true; sops.defaultSopsFile = ./secrets.yaml; - sops.secrets.ha_now_playing_token = { - owner = "erwin"; + sops.secrets = { + ha_now_playing_token = { + owner = "erwin"; + }; + gh_token = { + owner = "erwin"; + }; + renovate_env = { + owner = "erwin"; + }; }; # This value determines the NixOS release from which the default diff --git a/machines/loki/secrets.yaml b/machines/loki/secrets.yaml index e98da6b..5167a53 100644 --- a/machines/loki/secrets.yaml +++ b/machines/loki/secrets.yaml @@ -1,13 +1,14 @@ ha_now_playing_token: ENC[AES256_GCM,data:2NKdfEn0tQx+DTE6HBVo79Ico8+afqJ2XFaBVOgIikaL4eMa34CqHwhX91T64VVdmWyjvhaC1kRzxsALoJvw1ZHEnSG2va6lX0vN36j/n8R3ulcX23ZJetMHYQQE6ss7A+gvnBHTnTBG+F9XyrPFT7xnfQ363lWHQ3nRFiGAZJjj6eYqLxSuG7KMWHtfSozy5gSy2JKoxyV4KnqpDs39PhBmNA7OSh3FRYZPIaq+i4qhdCfHRET+,iv:Znl6IW36aqhL/KBr0cRgPBPtqkhuc1GtoqCQEQJ/cXI=,tag:ubvLck9m9qiutU2zcQtdDw==,type:str] gh_token: ENC[AES256_GCM,data:7DBVEdZLReJQsyUoO9fITtHhE0UFcHr7XWod5XiaQ5iiwcI01tUdRA==,iv:HY82pn2rp9zf+xHWRg6Zwbl5V2qgp+67LghxHRQjiMI=,tag:OrkwDDYpJLXnsWZvqBtY9g==,type:str] +renovate_env: ENC[AES256_GCM,data:LZ1cCywgO4lqT18nM85oYCwtAgm0fDBlZdZUXYyCXcA6mOcDw0lvj0KqF/Y3+NKjvyl3qKMqhEw=,iv:xqjI0Vgl95WafQwg1Rs/+c6TyN96pBMXtlcusqX/QEM=,tag:VFmCukB36LDUFON0H40RPg==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: [] - lastmodified: "2021-11-29T09:10:11Z" - mac: ENC[AES256_GCM,data:TLXP58YOqyrHx3u//bK64yOsgmzaP8GPyCSMdABeQKMeejVwavNtQS+b2zuq8/58T/AYPajhmmPznoChpSrzqUk51pLclAG/jWAZ5Z/tv7sOv7q4zak4+HZx38zfuKNqr7U4cuo5n/vWhnXiJRNN9vz4OzXNBn4gUm+FTGX98Gg=,iv:iCY+pFC4JNtMPwtqeBLdJ2t6fxgVJrqU3LLhLgXT/xY=,tag:gIz59GuqjSul4CPsUYPT2g==,type:str] + lastmodified: "2021-12-10T18:54:00Z" + mac: ENC[AES256_GCM,data:30K4XFb/WaIoJDtfFL4AJWjP8xu7PbRGkNIyTOUTBQMW0PkNHkSKPLLqtv9AEP04zAYGdJ/9jFBn0d3VJYSVuO0wgec/35AMEo5JA07Jd7miC4cPUp5LX0sjEm9bh9i7dLa6U/83xoDJpQ0+MeUs2DUlFumlhtGvGP9S/6JppO8=,iv:TtPjqB2nXkNjR/jGXkGNvZRN1MXhBZRPGp2FZBoKU8o=,tag:GOytAKkjcg0ozLjDerR7bw==,type:str] pgp: - created_at: "2021-11-25T22:00:17Z" enc: | diff --git a/modules/desktop/default.nix b/modules/desktop/default.nix index 95ea40d..c1d84a4 100644 --- a/modules/desktop/default.nix +++ b/modules/desktop/default.nix @@ -41,6 +41,7 @@ in programs = { alacritty.enable = true; bat.enable = true; + dropbox.enable = true; dunst.enable = true; electron = { enable = true; @@ -73,7 +74,9 @@ in git gnome.nautilus imagemagick + imv (jetbrains.clion.override { jdk = pkgs.jetbrains.jdk; }) + mpv neovim nomachine-client pamedia @@ -87,7 +90,8 @@ in tdesktop unzip wl-clipboard - ]; + ] ++ + (with gst_all_1; [ gstreamer gst-plugins-base gst-plugins-good gst-plugins-bad gst-plugins-ugly gst-libav gst-vaapi ]); xdg = { enable = true; @@ -120,6 +124,7 @@ in } ../../home-manager/modules/alacritty ../../home-manager/modules/bat + ../../home-manager/modules/dropbox ../../home-manager/modules/dunst ../../home-manager/modules/electron ../../home-manager/modules/firefox diff --git a/modules/drone/default.nix b/modules/drone/default.nix new file mode 100644 index 0000000..0bfb97b --- /dev/null +++ b/modules/drone/default.nix @@ -0,0 +1,38 @@ +{ pkgs, config, lib, ... }: +with lib; +let + cfg = config.eboskma.drone; +in +{ + options.eboskma.drone = { + enable = mkEnableOption "activate drone CI"; + }; + + config = mkIf cfg.enable { + eboskma.docker.enable = true; + + virtualisation.oci-containers.containers = { + drone = { + autoStart = true; + image = "drone/drone:2"; + ports = [ "8100:80" ]; + volumes = [ "drone_data:/data" ]; + environmentFiles = [ + /var/run/secrets/drone + ]; + }; + + drone-runner-docker = { + autoStart = true; + image = "drone/drone-runner-docker:1"; + ports = [ "3000:3000" ]; + volumes = [ + "/var/run/docker.sock:/var/run/docker.sock" + ]; + environmentFiles = [ + /var/run/secrets/drone-runner + ]; + }; + }; + }; +} diff --git a/modules/networking/default.nix b/modules/networking/default.nix index 3d37d61..5875668 100644 --- a/modules/networking/default.nix +++ b/modules/networking/default.nix @@ -47,6 +47,11 @@ in }; users.extraUsers.${config.eboskma.var.mainUser}.extraGroups = [ "networkmanager" ]; + environment.systemPackages = with pkgs; [ + nmap + nmap-formatter + ]; + services.avahi = { enable = true; nssmdns = true;