newedge/infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: newedge:gitea
Branches Tags
newedge:main newedge:mob/fax-machine-relay newedge:fax-machine-relay newedge:whitehouse-router newedge:mob/vega-backup newedge:mob/router-device newedge:router-device newedge:vega-backup newedge:mob/inventree-test newedge:inventree-test newedge:mob/noreply-mailer newedge:noreply-mailer newedge:mob/vega-ups newedge:b4l-vpn newedge:vega-ups newedge:mob/gitea newedge:gitea
...
compare: newedge:1ad1dd82ea84edae10b1e8e56a9166aca9661a90
Branches Tags
newedge:mob/fax-machine-relay newedge:fax-machine-relay newedge:main newedge:whitehouse-router newedge:mob/vega-backup newedge:mob/router-device newedge:router-device newedge:vega-backup newedge:mob/inventree-test newedge:inventree-test newedge:mob/noreply-mailer newedge:noreply-mailer newedge:mob/vega-ups newedge:b4l-vpn newedge:vega-ups newedge:mob/gitea newedge:gitea

22 Commits
gitea ... 1ad1dd82ea

Author SHA1 Message Date
kurogeek
1ad1dd82ea rigel machines sops.defaultGroups is admins 2025-09-24 09:23:36 +07:00
kurogeek
45e4389f78 b4l machines sops.defaultGroups is admins 2025-09-24 09:23:24 +07:00
kurogeek
aa2eb91339 Add user matthewcroughan to group admins 2025-09-23 16:03:13 +07:00
kurogeek
99c24c0b10 Add user vi to group admins 2025-09-23 16:03:06 +07:00
kurogeek
8d31f56092 Add user davhau to group admins 2025-09-23 16:03:03 +07:00
kurogeek
950d34a7fe Add user berwn to group admins 2025-09-23 16:02:57 +07:00
kurogeek
7cb1b483f0 Add user kurogeek to group admins 2025-09-23 16:02:53 +07:00
kurogeek
6c806c1e70 Add machine rigel to group admins 2025-09-23 16:01:59 +07:00
kurogeek
921629216e Add machine b4l to group admins 2025-09-23 16:01:46 +07:00
kurogeek
83ebe8933f Add vi to secret 2025-09-23 15:53:02 +07:00
kurogeek
f9ba5260ab Add user matthewcroughan to secrets 2025-09-23 15:34:08 +07:00
kurogeek
4cf19ff4aa Add user matthewcroughan to secrets 2025-09-23 15:25:38 +07:00
kurogeek
a3a776722f Add berwn to secret 2025-09-22 16:11:51 +07:00
kurogeek
e182dcb248 Add berwn to secret 2025-09-22 16:11:34 +07:00
kurogeek
db5e0e55ce age-plugin-yubikey 2025-09-22 14:37:02 +07:00
kurogeek
aa19ffa9ba add matthewcroughan to admin 2025-09-22 14:36:45 +07:00
kurogeek
d344790bfe add vi to admin 2025-09-22 11:59:50 +07:00
kurogeek
3937ce27db Add user vi to secrets 2025-09-22 11:59:35 +07:00
kurogeek
c78048d53a add davhau to admin 2025-09-22 11:11:59 +07:00
kurogeek
0fb4199965 add berwn to admin 2025-09-22 11:11:16 +07:00
kurogeek
4dd06992e0 Add user davhau to secrets 2025-09-22 10:29:57 +07:00
kurogeek
dbdaa8ae22 Add user berwn to secrets 2025-09-22 10:27:37 +07:00
20 changed files with 69 additions and 2 deletions
Expand all files Collapse all files

10
inventories/default.nix
View File

@@ -21,8 +21,18 @@
};
roles.default.tags."all" = { };
roles.default.settings.allowedKeys = {
"berwn" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAB/raxJR8gASmquP63weHelbi+da2WBJR1DgzHPNz/f";
"davhau" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuhpzDHBPvn8nv8RH1MRomDOaXyP4GziQm7r3MZ1Syk";
"vi" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAmgyEGuY/r7SDlJgrzYmQqpcWS5W+fCzRi3OS59ne4W openpgp:0xFF687387";
"kurogeek" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcZ/p1Ofa9liwIzPWzNtONhJ7+FUWd2lCz33r81t8+w kurogeek@kurogeek";
"matthewcroughan" =
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOJDRQfb1+7VK5tOe8W40iryfBWYRO6Uf1r2viDjmsJtAAAABHNzaDo=";
"matthewcroughan-1" =
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDgsWq+G/tcr6eUQYT7+sJeBtRmOMabgFiIgIV44XNc6AAAABHNzaDo=";
"matthewcroughan-2" =
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJMi3TAuwDtIeO4MsORlBZ31HzaV5bji1fFBPcC9/tWuAAAABHNzaDo=";
};
};

1
machines/b4l/configuration.nix
View File

@@ -12,6 +12,7 @@
};
networking.fqdn = "b4l.co.th";
system.stateVersion = "25.11";
clan.core.sops.defaultGroups = [ "admins" ];
security.acme.defaults.email = "admin@b4l.co.th";
security.acme.acceptTerms = true;

1
machines/default.nix
View File

@@ -6,6 +6,7 @@
clan = {
meta.name = "NewEdgeClan";
machines = { };
secrets.age.plugins = [ "age-plugin-yubikey" ];
specialArgs = { inherit inputs self; };
inherit self;
};

1
machines/rigel/configuration.nix
View File

@@ -1,3 +1,4 @@
{
system.stateVersion = "25.11";
clan.core.sops.defaultGroups = [ "admins" ];
}

1
sops/groups/admins/machines/b4l Symbolic link
View File

@@ -0,0 +1 @@
../../../machines/b4l

1
sops/groups/admins/machines/rigel Symbolic link
View File

@@ -0,0 +1 @@
../../../machines/rigel

1
sops/groups/admins/users/berwn Symbolic link
View File

@@ -0,0 +1 @@
../../../users/berwn

1
sops/groups/admins/users/davhau Symbolic link
View File

@@ -0,0 +1 @@
../../../users/davhau

1
sops/groups/admins/users/kurogeek Symbolic link
View File

@@ -0,0 +1 @@
../../../users/kurogeek

1
sops/groups/admins/users/matthewcroughan Symbolic link
View File

@@ -0,0 +1 @@
../../../users/matthewcroughan

1
sops/groups/admins/users/vi Symbolic link
View File

@@ -0,0 +1 @@
../../../users/vi

10
sops/secrets/b4l-age.key/secret
View File

@@ -2,9 +2,17 @@
"data": "ENC[AES256_GCM,data:wcR+EaC64JexQCShFc1I6mncHGQ+bMfjAOMnoTq3/bOa0T+NCqcDmrxoHGdR2q/TV453uMiokeAm+uggpZNQ9/1Kf5mX2KQsJtE=,iv:FcyIA1uAOISu/+mfTtdQ8lgyieoCObbZ6BMvkmIVoto=,tag:ew7jg+oXP0JUBBfDJoir7A==,type:str]",
"sops": {
"age": [
{
"recipient": "age134vt63pjqpd0m7702fyn8vhdlzyj2deqc2q78sp9uw9052kxsgwq6d25ez",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsdnlFYjVtdGhHSmczV0Nk\nN0IwL0dLVTdkTWhIK2tmV1E5bE1wZjcyZkVnCkV4VEhlL2lyVkxXMzFQVTZ5dHBY\nSUJWRUh2MjgwZ2RmaVRFVHdmQm00ck0KLS0tIG1oTlE1alJDK0FuNGhDQmcrKzZk\nWDhZNEJIWmd1QkVJc0pLemVOSjhqQ2cKMDYUbT8wQ89mNBJFYp2igHB2aQtxBFtM\nilUU83E0stiVKWHrCnBlmQng4UDr0rPxOWa+JpbR4bSbLPXyKIPtrw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1swlyyk2rzvevqawyeekv75nx2dz34zpe3xqhkqme26gcgeavy4dqrfpcd8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZmVHaWRsa3Y0TGNIM0dx\ncThRc09ZdU5YVkpWdTdzTlRXa3pjMTRVd3lNCk4waktab2lzNDJhZ0hiOTh5MFVu\nTzR4clA5Mko4Y0o3cFMra0IyTUUydU0KLS0tIC9RWXUvMEduUkp1VXpSdjNUUkQ1\nN1NuTFY4ei9TdkVjK1lUQldOVG9sc1EKFwRbPZyd7TARXkvHD74DGqwvxOjIty+X\nBHFw8H5CWp2FCCQ+9bebMamG3ShzhM21Hju9uVbMXA/WACU/9dAJhg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWQ1JCN01wWHVETDM5Q3Y0\nUDNPanFKY2pjeXZJTlFMQWtIYVluMWZCZ1U0CjNwSmEvTkNZbWdmNlRBbXE5Vzhs\nbFdxMDNUclZETlNDeFlZeHBDV0xoR0UKLS0tIGF6ZlpsRWRJajk2dlFKR25RRkdG\nL1FOQWRIcE1XNkJSWkhLSFBIRHhuWVUKEOkLKs2OFUwGMXeo9Fn/3cEZGgMLbXnO\nthqX0FRS22BE092jx2EuxK1HQYo/iTojPwg0LP692R9DZMZ1bKfqQw==\n-----END AGE ENCRYPTED FILE-----\n"
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOekRKMG5VdWpmcm96WEdK\nTnoyL3piaCtxVnN5b1E2RXh1SzZ1cGU3OFdrCjNNMGUxMDF6NzFUNFpPb0VNa2Q1\nL1VacitPRzU3MHh3dXpTNWxYeGFxeFkKLS0tIHV3TUkxTG5mQ3haZVRSTTB2bFBk\nU0dDaGQ0ZjhEOGdqZTFEQXlPczZWdm8KiDHBQQRL4qTnStFr8nmdhet+7gBELCvd\noRvky46oEsS36L9o477ZH134wrSqAcD0NCOO06hA/jEXNvLFig9yHw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-07-14T03:23:25Z",

1
sops/secrets/b4l-age.key/users/berwn Symbolic link
View File

@@ -0,0 +1 @@
../../../users/berwn

1
sops/secrets/b4l-age.key/users/vi Symbolic link
View File

@@ -0,0 +1 @@
../../../users/vi

6
sops/secrets/rigel-age.key/secret
View File

@@ -4,7 +4,11 @@
"age": [
{
"recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyQzVPVHBBb3l6RzFtNUwv\nSGVkQ1BuMnFiREVjY0lJbnppUjRxNnNBQlZVCkdqN2lGMmp1OFZUNG1tbmFZRklk\nL0xzMEdvemtSQnNGOVNjOXEyM21NYlkKLS0tIEdwWEZpY3JZK1phRU8rSmExVENR\nWkZnRjhKZ2duNDZkVnpHQU1FakpGYzAK/wnN9n5MMUnzDJC7PWrOcO+TbiuTbSPX\n5BKJbuBLw3Qokbh8fT9VUX8UsExw+UaaPnXPcbYX4xhBhiZ0RTmyMw==\n-----END AGE ENCRYPTED FILE-----\n"
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWWk9KTEJHR0d1WTRDWGFS\naW16L3E1WEFBNFpwSVZ3T0xUMEZBcXBrSGs0Cllua20yVHV2djEzOE55Qk5zKzlp\nQmo3UVMreVFKVTJTVGl4ajdVZ0FZNk0KLS0tIGF0VWVJNGU0M05ZajF1Q1NscHpC\naG1vblk4NmY2KzIzN1V6bWVrYW01OUUKAfMKTPzIhVd0W8yfob9No53RnaNC67Fy\nMohQHZ38caz8LhqFfDzm1vm8xi1F8kcaW6ugcPH532fdDxkS6dfnoQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1swlyyk2rzvevqawyeekv75nx2dz34zpe3xqhkqme26gcgeavy4dqrfpcd8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6YnFMZ3F5cjJDa1poTGpD\nRURZYVZNLzByMzgwZytWZDhBaVFIbndmbldzCjlvYnRVTnNwRWVKRG40MWJrQXJz\naENEWWh3TFE4Uit2ODhncWJHZ1hvdk0KLS0tIFlIUmlqVWRlQzRxcFZHMFlzVmJh\nYkdBSzJlT0pnYlRacmhINFRyZzVIdVEKJJL7XFqZafNQmfzwwjVDMw/cPob830oI\nsVQe1HaUK7IujWTCbD8l0uoqsODdaWOMDVwxuiKr+yHY4iwar+rI6w==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-07-25T02:12:20Z",

1
sops/secrets/rigel-age.key/users/berwn Symbolic link
View File

@@ -0,0 +1 @@
../../../users/berwn

6
sops/users/berwn/key.json Executable file
View File

@@ -0,0 +1,6 @@
[
{
"publickey": "age1swlyyk2rzvevqawyeekv75nx2dz34zpe3xqhkqme26gcgeavy4dqrfpcd8",
"type": "age"
}
]

6
sops/users/davhau/key.json Executable file
View File

@@ -0,0 +1,6 @@
[
{
"publickey": "age1vphy2sr6uw4ptsua3gh9khrm2cqyt65t46tusmt44z98qa7q6ymq6prrdl",
"type": "age"
}
]

14
sops/users/matthewcroughan/key.json Executable file
View File

@@ -0,0 +1,14 @@
[
{
"publickey": "age1fido2-hmac1qqpf43tgcfjm048lsqskvq34w2t4uvrm5qy6m2eg6zjj82ctca8wctgpczxvj0q4y6337uhvsxdh5j86k9h9ymautpvv2759ucwnef75ez7pa7fpkddklp40mxk2tedsp74359g0kefn5rsq0x0yss6cu4yd0h06up0rp08t6yc4l0hfa9y8jn5fkx6nk0hjhz06ykwv0fyxe7z42q683jy0",
"type": "age"
},
{
"publickey": "age1fido2-hmac1qqprw0vfpc8wzsu78quc777kmee54ln6nnsjrnrhl7nr33eh4kvkksqp05qqxj4kgfzrmrugrsvg7skx6ghh3q9xc0x0agthtkvy25d9eq7eklta5wf7s30hexkuyl5546rdz9ffa5tawlp5yweqkgccntw0ny540n2am3cqw3luhxkfmrp63kwr6mwplhr9u26wll48x0n3k5f60c7hg9a3",
"type": "age"
},
{
"publickey": "age1fido2-hmac1qqpyewum3q8dfcumfgec8nn958aec9f4q9aqy0k06kw5kq27d6fdqdgp0p7y4ru3n5xk90u747xevxa2af3v37e85j9g3axrmw5hdwdfh0wz22hut5vrafxsx26a7vh8fjwkymz3ramfgvvu4detztu075kmpr8l9ydqda0rnjwatdwmfgswg849p37astvld98s3nleeq575azlwc2hhpuh",
"type": "age"
}
]

6
sops/users/vi/key.json Executable file
View File

@@ -0,0 +1,6 @@
[
{
"publickey": "age134vt63pjqpd0m7702fyn8vhdlzyj2deqc2q78sp9uw9052kxsgwq6d25ez",
"type": "age"
}
]