newedge/infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: newedge:main
Branches Tags
newedge:main newedge:mob/asterisk newedge:mob/fax-machine-relay newedge:asterisk newedge:fax-machine-relay newedge:whitehouse-router newedge:mob/vega-backup newedge:mob/router-device newedge:router-device newedge:vega-backup newedge:mob/inventree-test newedge:inventree-test newedge:mob/noreply-mailer newedge:noreply-mailer newedge:mob/vega-ups newedge:b4l-vpn newedge:vega-ups newedge:mob/gitea newedge:gitea
...
compare: newedge:2ab9fc4ad89cfab197b88febed035351b3c713e5
Branches Tags
newedge:mob/asterisk newedge:mob/fax-machine-relay newedge:asterisk newedge:fax-machine-relay newedge:main newedge:whitehouse-router newedge:mob/vega-backup newedge:mob/router-device newedge:router-device newedge:vega-backup newedge:mob/inventree-test newedge:inventree-test newedge:mob/noreply-mailer newedge:noreply-mailer newedge:mob/vega-ups newedge:b4l-vpn newedge:vega-ups newedge:mob/gitea newedge:gitea

6 Commits
main ... 2ab9fc4ad8

Author SHA1 Message Date
kurogeek
2ab9fc4ad8 mob next [ci-skip] [ci skip] [skip ci] 
lastFile:modules/clan/yggdrasil/default.nix
 2025-10-17 11:25:54 +07:00
kurogeek
16a2fa0526 Update vars via generator yggdrasil for machine b4l 2025-10-17 11:25:02 +07:00
kurogeek
b8dc4757ed mob next [ci-skip] [ci skip] [skip ci] 
lastFile:modules/clan/yggdrasil/default.nix
 2025-10-16 19:07:45 +07:00
kurogeek
79fa8eef01 mob next [ci-skip] [ci skip] [skip ci] 
lastFile:modules/clan/yggdrasil/tests/vm/default.nix
 2025-10-16 18:01:00 +07:00
kurogeek
ac731c2f38 mob next [ci-skip] [ci skip] [skip ci] 
lastFile:modules/clan/yggdrasil/tests/vm/default.nix
 2025-10-16 17:22:45 +07:00
kurogeek
c9f23f4c0a mob next [ci-skip] [ci skip] [skip ci] 
lastFile:modules/clan/yggdrasil/default.nix
 2025-10-16 17:19:09 +07:00
9 changed files with 169 additions and 10 deletions
Expand all files Collapse all files

19
inventories/default.nix
View File

@@ -5,6 +5,8 @@
tags = {
glom = [ "vega" ];
b4l = [ "rigel" ];
fax-bridge = [ "b4l" ];
};
instances = {
@@ -48,68 +50,67 @@
roles.peer.tags.b4l = { };
};
yggdrasil = {
module = {
name = "yggdrasil";
input = "self";
};
roles.default.tags."fax-bridge" = { };
};
pocket-id = {
module = {
name = "pocket-id";
input = "self";
};
roles.default.machines.b4l = { };
};
nextcloud = {
module = {
name = "nextcloud";
input = "self";
};
roles.default.machines.b4l = { };
};
stirling-pdf = {
module = {
name = "stirling-pdf";
input = "self";
};
roles.default.machines.b4l = { };
};
actual-budget = {
module = {
name = "actual-budget";
input = "self";
};
roles.default.machines.b4l = { };
};
victoriametrics = {
module = {
name = "victoriametrics";
input = "self";
};
roles.default.machines.b4l = { };
};
vikunja = {
module = {
name = "vikunja";
input = "self";
};
roles.default.machines.b4l = { };
};
grafana = {
module = {
name = "grafana";
input = "self";
};
roles.default.machines.b4l = { };
};
pingvin = {
module = {
name = "pingvin";
input = "self";
};
roles.default.machines.b4l = { };
};
paperless = {
module = {
name = "paperless";
input = "self";
};
roles.default.machines.b4l = { };
};
};
};

2
machines/b4l/configuration.nix
View File

@@ -1,7 +1,7 @@
{ inputs, config, ... }:
{
imports = [
(inputs.import-tree ./services)
# (inputs.import-tree ./services)
];
nixpkgs.hostPlatform = {
system = "x86_64-linux";

51
modules/clan/yggdrasil/default.nix Normal file
View File

@@ -0,0 +1,51 @@
{ ... }:
{
_class = "clan.service";
manifest.name = "yggdrasil";
manifest.description = "An in scalable routing as an encrypted IPv6 overlay network";
manifest.categories = [ "System" ];
roles.default = {
perInstance.nixosModule =
{
lib,
config,
pkgs,
...
}:
let
user = "yggdrasil";
in
{
clan.core.vars.generators.yggdrasil = {
files.yggdrasil-secret = {
secret = true;
owner = user;
group = user;
};
files.yggdrasil-ip.secret = false;
runtimeInputs = with pkgs; [
yggdrasil
jq
];
script = ''
yggdrasil -genconf -json | jq {PrivateKey} > $out/yggdrasil-secret
'';
};
services.yggdrasil = {
enable = lib.mkDefault true;
configFile = config.clan.core.vars.generators.yggdrasil.files.yggdrasil-secret.path;
settings = {
Peers = [
# US Peers
"tls://ygg.jjolly.dev:3443"
"tls://[2602:fc24:18:7a42::1]:993"
"tcp://leo.node.3dt.net:9002"
"tcp://ygg-kcmo.incognet.io:8883"
];
};
};
};
};
}

18
modules/clan/yggdrasil/flake-module.nix Normal file
View File

@@ -0,0 +1,18 @@
{ lib, ... }:
let
module = lib.modules.importApply ./default.nix { };
in
{
clan.modules = {
yggdrasil = module;
};
perSystem =
{ ... }:
{
clan.nixosTests.yggdrasil = {
imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/yggdrasil" = module;
};
};
}

39
modules/clan/yggdrasil/tests/vm/default.nix Normal file
View File

@@ -0,0 +1,39 @@
{
pkgs,
...
}:
{
name = "service-yggdrasil";
clan = {
directory = ./.;
inventory = {
machines.server = { };
instances = {
yggdrasil-test = {
module.name = "@clan/yggdrasil";
module.input = "self";
roles.default.machines."server".settings = { };
};
};
};
};
nodes = {
server = {
services.yggdrasil = {
};
};
};
testScript = ''
start_all()
server.wait_for_unit("yggdrasil")
# Check that garage is running
server.succeed("systemctl status yggdrasil")
'';
}

1
vars/per-machine/b4l/yggdrasil/yggdrasil-secret/groups/admins Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/groups/admins

1
vars/per-machine/b4l/yggdrasil/yggdrasil-secret/machines/b4l Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/machines/b4l

47
vars/per-machine/b4l/yggdrasil/yggdrasil-secret/secret Normal file
View File

@@ -0,0 +1,47 @@
{
"data": "ENC[AES256_GCM,data:lNmIq4wetGu/+3tEpICazLpORWOdhZ66Wa2qc9uThGNmlx9xjMH1Rzpeyl8O6y5aNQxFO4Dh3bncXygaHlWWG/Q4q0vmpvOYDmAbxLwYeXOg5CAfwRdfgl1yCedUW688JjYa5NXv9bmJA9t3ve9Y+2KYEZH71Cj6fFnVIE2En3DWpOfXITpCPiklTZsiVlwDfGW/BqZnnw==,iv:2NQ0SlvFXHaVxHYq0+ulhnDrPDJJ3bk64Ur9luwwyT0=,tag:dopEjRq4RaCdIpnnLLV5JQ==,type:str]",
"sops": {
"age": [
{
"recipient": "age134vt63pjqpd0m7702fyn8vhdlzyj2deqc2q78sp9uw9052kxsgwq6d25ez",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpNU1uZDgvQnR0d2JDMk9r\nNDV4djEzeENaNGt0dDhGNW44R041SVRlWUFFClc2dUxuUytsTjM0ZkV5TVluV1NB\ncGhTVExIemUxc2Y5bDVCY2hsclFLLzQKLS0tIDIyL1NxbFM3T3A2VGk5R2RNR2ZZ\nTk1URnVGMzZ4UDhpbUxKeS9QODJlelUK6HXrJwE3fvhnY4B9ni4a6goHXA9PO56M\n386eA25lOP9ECmiXSGkdkajG1MzJPuiQoMm9wbBn8zStHBuVj33E6Q==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age17d4qt0n9edq57tgcqyk8eu5mrendl59yt6z2y3a4vkq7el8krqtq6lq28g",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1d2FmZ1dIUlhGcG9iSS9H\nVDJVNUZXQi93SkFnUkRBYzArTEhuUEtzNHpBCmF2Z0N1M0xoaG5hN3kzK1NFdFBC\nR2lRZjhSeVFsSzd4ZlliNjZzNHV4UlEKLS0tIEpYL21wd1BLeG1NQU0vMWYzNXlJ\nOVlqYUVQYmhqaXdzK3N6eUtOcHNXVlUKW/0GpseQBMG7js6nZ0YKy50nuBvAANIn\nt19TssKDEVIjGGK5hKo9JBUCvugFTZNf4IogMVMQ+9j4kW3LZ0+O6g==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fido2-hmac1qqpf43tgcfjm048lsqskvq34w2t4uvrm5qy6m2eg6zjj82ctca8wctgpczxvj0q4y6337uhvsxdh5j86k9h9ymautpvv2759ucwnef75ez7pa7fpkddklp40mxk2tedsp74359g0kefn5rsq0x0yss6cu4yd0h06up0rp08t6yc4l0hfa9y8jn5fkx6nk0hjhz06ykwv0fyxe7z42q683jy0",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIEdJSTQ5Y3Uv\nTFRIZmoycHVNT3NIcElWeDByVGNpc1dKTE95RWFoelZEd0kgQVEgd0l6SlBCVW1v\neDl5N0lHYmVrajZzVzVTYjd4WVdNVjZoZVlkUEtmVXlMdyBIdmtoczF0dmhxL1py\nS1hsc0ErckdoVVB0bE02RGdCNW5raERXT1ZJMTkzNjRGNHd2T3ZSTVYrKzZlbEll\nVTZKc2JVN1B2SzRuNkpaekhwSWJQaFZVQQpENkdzTk1NRFI2cUlXZDByL2gweVJI\neUdWQVE4eUNFOGJybFFjZlEzUTJNCi0tLSBVMzgwOWU0SC9tUUREMG5nWG1QV1cx\nUS80ekhlVlF6V2piVHJ3aDFSZkZJCqtA9FsZG/HZbxgeJ2pagFjjj3kXOtIxH2oN\nWl8ivKfL1lFxbdT3xHTgKdFSSVOKxmAuMi503Gk6AdIS/sBbhfQ=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fido2-hmac1qqprw0vfpc8wzsu78quc777kmee54ln6nnsjrnrhl7nr33eh4kvkksqp05qqxj4kgfzrmrugrsvg7skx6ghh3q9xc0x0agthtkvy25d9eq7eklta5wf7s30hexkuyl5546rdz9ffa5tawlp5yweqkgccntw0ny540n2am3cqw3luhxkfmrp63kwr6mwplhr9u26wll48x0n3k5f60c7hg9a3",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIHBCL25JTFJW\nQzR3UE5McDdmSkszL3NNWk9JVVpESjMvOENBTzl4OWllRXMgQVEgZlFBRFNyWkNS\nRDJQaUJ3WWowTEcwaTk0Z0tiRHpQNmhkMTJZUlZHbHlEMCBtMzE5bzVQb1JmZkpy\nY0orbEs2RzBSVXA3UmZYZkRRanNnc2pHSnJjK1pLVmZOWGR4d0IwZjh1YXlkakRx\nTm5EMXR3ZjNHWGl0Ty8rcHpQbkcxRTZmZwpZQVNvU0l2dVl3TldTV2xBeTNnbTgv\ndWw3NFdOcm1WR0l5aWtUNWVyaWVvCi0tLSAwSGhOSGFtTVg2Rjg1QXF6NGNwRks2\nSDIrUVVkOTNrTGpkTG55L3Y1bnc0CjjUlP8WqX/t4EhzHxLwCTJs9qkso9SrBstI\nb9A4A9M1w5t+eHuIZA0Q5FjRLKswMOlOIl4fPnaprsJmTDut92s=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fido2-hmac1qqpyewum3q8dfcumfgec8nn958aec9f4q9aqy0k06kw5kq27d6fdqdgp0p7y4ru3n5xk90u747xevxa2af3v37e85j9g3axrmw5hdwdfh0wz22hut5vrafxsx26a7vh8fjwkymz3ramfgvvu4detztu075kmpr8l9ydqda0rnjwatdwmfgswg849p37astvld98s3nleeq575azlwc2hhpuh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIDZycWk5aGVq\neEdMZThBOENGV0l5cHpwYXJrc09HejNvUFBiOWFLY04ra2MgQVEgZUh4S2o1R2RE\nV0svbnErTmxodXE2bUxJK3lla2lvajB3OXVwZHJtcHU5dyBKU3I4WFJnK3BOQXl0\nZDh5NTB5ZFlteFJIM2FVTVp5cmNyRXZqL1V0c0l6L0tSb0c5ZU9jbmRXMTIwb2c1\nQjZsREgzWUxaOXBUd2pQK2NncDZuUmZkZwoyY25JcDR2eHZsZFZkSmhEcHVvN1d0\nakRqK3pEQ3NHT0U5RWpvSzcvOU9nCi0tLSBkSWQ4TGdRYTJQTTVpSzZmbERkMUps\nN0ZaM3FuaFZSd05xcHpDZkx3Zkh3Co7ug59h8ucvgspX27IbPQdX1gJXzutFpMGI\niK7Y7s/30iWTvulBRBAJKbzbDJnOq0UTLGAKU0sSEFKtz1pwprs=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0bzBCejZTRzVjWUhtQ0hu\nTGduK293SmV4ZXBkbWEyV2V4Sk53ayswakRVCjBQK3BjSGhjWUxvaHlacGhiZ3NK\nVXplLzhoc1h4a1ZxR3hxL3VibVhwRFkKLS0tIERDbVliT0FOTEhoekthaGlDaVBx\nWDZkcVFtSitINHFGdXRsRTlkU29zZ3cKAjl9obQBJcRIeG4P6jsQ7aJNwf6ltun9\nxxYpDAGuBbRm5FmrC+PeCqfZVaFmd+TTbz0Wr3vjDcez7AuBrHNfbA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1sg0rvgyetdcqw7j2x983fh69kdkvqsngpe5x36e5920qa7fze3cqhj4wgx",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuNTF3RUpKb3dIbzFyaSs2\nMm01UC9YWEVZZTFNckx5djlrR3ZiVHczQnhzCldzR3ljenFId3ZkOEFXcDA2RTdU\nZW1jajJrWUNBcFVvZ29Ka1czYUJKSG8KLS0tIDVTWnUrMUxkYjJrZDdQMmo1Y25i\nMmQ3aWVia2xpdHE4TkdkVzNBUitmSUEKrgE6rls8IwjYT90tADTDqq2w8dIc4kK2\nd+HWPidIVXtdo5vlqNXMf/lKkCcj70QI9gPMkdxT/m+f2ri3lsH5Kw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1swlyyk2rzvevqawyeekv75nx2dz34zpe3xqhkqme26gcgeavy4dqrfpcd8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYU056ZHE3L2c4TytvRmw2\nT2h6cHNyQktKckxEN0lFNmtnVGtjcFJsR0hFClEyd011WExPTnNnN2drZzVicldx\naWsybGx0OXQrWm5pcUZOTS9RSkxpT1EKLS0tIHhkSmJPS3VDbnhaYmtnWjJvcDVZ\nTVMvbE8rcCt2YW83SktZb1V5MzdsQk0KSYbhDQ1VCu1OiwHTkQ+vs1KEe/Pd5mb4\n7w7zwql0baW2qTXSjS4ksFPV3ZXOz8KYnua2+l4LewqKldd4R0Bo6Q==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1vphy2sr6uw4ptsua3gh9khrm2cqyt65t46tusmt44z98qa7q6ymq6prrdl",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtQTV1aThTdlVReG1yZ2d5\nMHJFdmo5cjN3SDhRNUM4dXFaVnVIb2FxQmo4CjNEU0UwRWJqM1RseFhjdUxjTUdM\ncTBDNHE2UkFBL1lxUlA0bUg4WDNodVEKLS0tIHB5Z2hxRTZ2OUJ4NmhpMjI3RXFC\nZ2o2Tjc4RCtRRHAyUURZMzdyazBaeVEKekfBZ6h7vlVDyNKEXXWpSdX2xuD+ZY0p\n7vc77AZJFVkNTIZ3vQI34bpuXyt9LZpFpTUJ7Lp7lJmyAiGjmBRotg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-10-17T04:25:02Z",
"mac": "ENC[AES256_GCM,data:KIeqZsHRJDxEFnquBpnjNvoCYCpYvd6gFhk6jyjEdemhhhySHXXXWy9ShcLe3ckUV8/baHfUZgU6ptKqVhgq/76PU/cOdpNBaHMoOzmGut0+EfNCTaAy2PQTzMOdSgjsXY428KrApWaqePpQoYOFEcRPYHnwpAMfTj/sy7xrZno=,iv:nKkDejBrJHv/E9XSnfW99OqBJDi5Q6/hdIdCaYJyXHU=,tag:tcUKsUWNo8/9GOydbbB6Vg==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}

1
vars/per-machine/b4l/yggdrasil/yggdrasil-secret/users/kurogeek Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/users/kurogeek