newedge/infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: newedge:mob/vega-backup
Branches Tags
newedge:main newedge:mob/phonebox-multi-clients newedge:phonebox-multi-clients newedge:buna-machine newedge:mob/phonebook newedge:phonebook newedge:mob/inventree-test newedge:inventree-test newedge:whitehouse-router newedge:mob/vega-backup newedge:mob/router-device newedge:router-device newedge:vega-backup newedge:mob/noreply-mailer newedge:noreply-mailer newedge:mob/vega-ups newedge:b4l-vpn newedge:vega-ups newedge:mob/gitea newedge:gitea
...
compare: newedge:162707546cc263c143042c7db6cc8444a9a46934
Branches Tags
newedge:mob/phonebox-multi-clients newedge:main newedge:phonebox-multi-clients newedge:buna-machine newedge:mob/phonebook newedge:phonebook newedge:mob/inventree-test newedge:inventree-test newedge:whitehouse-router newedge:mob/vega-backup newedge:mob/router-device newedge:router-device newedge:vega-backup newedge:mob/noreply-mailer newedge:noreply-mailer newedge:mob/vega-ups newedge:b4l-vpn newedge:vega-ups newedge:mob/gitea newedge:gitea

12 Commits
mob/vega-b ... 162707546c

Author SHA1 Message Date
kurogeek
162707546c whitehouse router: add vlan on wan interface 2025-11-07 15:04:26 +07:00
kurogeek
2c9592c542 more packages on common 2025-11-06 15:57:01 +07:00
kurogeek
0bb6314a03 Update vars via generator state-version for machine vega 2025-11-05 16:22:09 +07:00
kurogeek
13df0a8421 common nixos module 2025-11-05 16:21:50 +07:00
kurogeek
4259d8014e use upstream clan testModule 2025-10-31 13:53:16 +07:00
kurogeek
71a3ca375f nixpkgs go back to rev d7f52a7a640bc54c7bb414cca603835bf8dd4b10 since the new one has issue with clan tests 2025-10-31 13:52:52 +07:00
kurogeek
891504f173 rename checks services 2025-10-30 12:03:24 +07:00
kurogeek
5ffbe0ed9b bump clan-core, nixpkgs 2025-10-30 11:59:22 +07:00
kurogeek
7115a93a0b clanService asterisk 2025-10-22 16:40:59 +07:00
kurogeek
b5f3adacd8 clanService yggdrasil add vars yggdrasil/yggdrasil-subnet 2025-10-21 15:55:18 +07:00
kurogeek
2eb52251cc clanService yggdrasil 2025-10-17 16:58:43 +07:00
kurogeek
be25560858 WhiteHouse router configuration 2025-10-16 14:53:41 +07:00
41 changed files with 600 additions and 45 deletions
Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -2,4 +2,4 @@
# Ignore build outputs from performing a nix-build or `nix build` command # Ignore build outputs from performing a nix-build or `nix build` command
result result
result-* result-*
run-vm-*

73
flake.lock generated
View File

@@ -20,11 +20,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1754535625, "lastModified": 1761768376,
"narHash": "sha256-RdT3/DskBjwx74cvHJHb/mLSO2XeSHitSYViNmYGU/k=", "narHash": "sha256-AZL8SPJ520NRnLft9Xz4trTECBB510YPRXJnE1OUeXw=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "f69e28a1333527cdbadb233966a7e19d4b35a1a3", "rev": "bbc9486f0e6306f68e11f8aefa243da9f1c8c56f",
"revCount": 8886, "revCount": 10924,
"type": "git", "type": "git",
"url": "https://git.clan.lol/clan/clan-core" "url": "https://git.clan.lol/clan/clan-core"
}, },
@@ -49,11 +49,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753067306, "lastModified": 1760612273,
"narHash": "sha256-jyoEbaXa8/MwVQ+PajUdT63y3gYhgD9o7snO/SLaikw=", "narHash": "sha256-pP/bSqUHubxAOTI7IHD5ZBQ2Qm11Nb4pXXTPv334UEM=",
"rev": "18dfd42bdb2cfff510b8c74206005f733e38d8b9", "rev": "0099739c78be750b215cbdefafc9ba1533609393",
"type": "tarball", "type": "tarball",
"url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/18dfd42bdb2cfff510b8c74206005f733e38d8b9.tar.gz" "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/0099739c78be750b215cbdefafc9ba1533609393.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
@@ -88,11 +88,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753140376, "lastModified": 1760701190,
"narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=", "narHash": "sha256-y7UhnWlER8r776JsySqsbTUh2Txf7K30smfHlqdaIQw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c", "rev": "3a9450b26e69dcb6f8de6e2b07b3fc1c288d85f5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -136,6 +136,24 @@
"type": "github" "type": "github"
} }
}, },
"liminix": {
"flake": false,
"locked": {
"lastModified": 1760426231,
"narHash": "sha256-r8c5PKtsxAvtQ/k17GH+WNvP47Lr+AbExLMPdLtvAKE=",
"ref": "refs/heads/fix-gl-ar750",
"rev": "3f1f7c08d440130cce9262a93ce78ed7969d93cd",
"revCount": 1574,
"type": "git",
"url": "https://git.b4l.co.th/newedge/liminix"
},
"original": {
"ref": "refs/heads/fix-gl-ar750",
"rev": "3f1f7c08d440130cce9262a93ce78ed7969d93cd",
"type": "git",
"url": "https://git.b4l.co.th/newedge/liminix"
}
},
"nix-darwin": { "nix-darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -144,11 +162,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1751313918, "lastModified": 1761339987,
"narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=", "narHash": "sha256-IUaawVwItZKi64IA6kF6wQCLCzpXbk2R46dHn8sHkig=",
"owner": "nix-darwin", "owner": "nix-darwin",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf", "rev": "7cd9aac79ee2924a85c211d21fafd394b06a38de",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -159,11 +177,11 @@
}, },
"nix-select": { "nix-select": {
"locked": { "locked": {
"lastModified": 1745005516, "lastModified": 1755887746,
"narHash": "sha256-IVaoOGDIvAa/8I0sdiiZuKptDldrkDWUNf/+ezIRhyc=", "narHash": "sha256-lzWbpHKX0WAn/jJDoCijIDss3rqYIPawe46GDaE6U3g=",
"rev": "69d8bf596194c5c35a4e90dd02c52aa530caddf8", "rev": "92c2574c5e113281591be01e89bb9ddb31d19156",
"type": "tarball", "type": "tarball",
"url": "https://git.clan.lol/api/v1/repos/clan/nix-select/archive/69d8bf596194c5c35a4e90dd02c52aa530caddf8.tar.gz" "url": "https://git.clan.lol/api/v1/repos/clan/nix-select/archive/92c2574c5e113281591be01e89bb9ddb31d19156.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
@@ -172,11 +190,11 @@
}, },
"nixos-facter-modules": { "nixos-facter-modules": {
"locked": { "locked": {
"lastModified": 1750412875, "lastModified": 1761137276,
"narHash": "sha256-uP9Xxw5XcFwjX9lNoYRpybOnIIe1BHfZu5vJnnPg3Jc=", "narHash": "sha256-4lDjGnWRBLwqKQ4UWSUq6Mvxu9r8DSqCCydodW/Jsi8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-facter-modules", "repo": "nixos-facter-modules",
"rev": "14df13c84552a7d1f33c1cd18336128fbc43f920", "rev": "70bcd64225d167c7af9b475c4df7b5abba5c7de8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -187,11 +205,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1754278406, "lastModified": 1761656231,
"narHash": "sha256-jvIQTMN5EzoOP5RaGztpVese8a3wqy0M/h6tNzycW28=", "narHash": "sha256-krgZxGAIIIKFJS+UB0l8do3sYUDWJc75M72tepmVMzE=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6a489c9482ca676ce23c0bcd7f2e1795383325fa", "rev": "d7f52a7a640bc54c7bb414cca603835bf8dd4b10",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -207,6 +225,7 @@
"devshell": "devshell", "devshell": "devshell",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"import-tree": "import-tree", "import-tree": "import-tree",
"liminix": "liminix",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
} }
@@ -219,11 +238,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1754328224, "lastModified": 1760998189,
"narHash": "sha256-glPK8DF329/dXtosV7YSzRlF4n35WDjaVwdOMEoEXHA=", "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "49021900e69812ba7ddb9e40f9170218a7eca9f4", "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3",
"type": "github" "type": "github"
}, },
"original": { "original": {

6
flake.nix
View File

@@ -21,6 +21,10 @@
url = "github:numtide/treefmt-nix"; url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
liminix = {
url = "git+https://git.b4l.co.th/newedge/liminix?ref=refs/heads/fix-gl-ar750&rev=3f1f7c08d440130cce9262a93ce78ed7969d93cd";
flake = false;
};
}; };
outputs = outputs =
{ {
@@ -38,8 +42,10 @@
./shell.nix ./shell.nix
./machines ./machines
./routers
./inventories ./inventories
./modules/clan/flake-module.nix ./modules/clan/flake-module.nix
./modules/nixos/flake-module.nix
]; ];
} }
); );

16
inventories/default.nix
View File

@@ -5,6 +5,7 @@
tags = { tags = {
glom = [ "vega" ]; glom = [ "vega" ];
b4l = [ "rigel" ]; b4l = [ "rigel" ];
fax-bridge = [ ];
}; };
instances = { instances = {
@@ -48,6 +49,21 @@
roles.peer.tags.b4l = { }; roles.peer.tags.b4l = { };
}; };
yggdrasil = {
module = {
name = "yggdrasil";
input = "self";
};
roles.default.tags."fax-bridge" = { };
};
asterisk = {
module = {
name = "asterisk";
input = "self";
};
};
pocket-id = { pocket-id = {
module = { module = {
name = "pocket-id"; name = "pocket-id";

3
machines/vega/configuration.nix
View File

@@ -1,10 +1,13 @@
{ {
inputs, inputs,
config, config,
self,
... ...
}: }:
{ {
imports = [ imports = [
self.nixosModules.common
(inputs.import-tree ./services) (inputs.import-tree ./services)
(import ../../lib/auto-accept-zerotier-members.nix { (import ../../lib/auto-accept-zerotier-members.nix {

2
modules/clan/actual-budget/flake-module.nix
View File

@@ -10,7 +10,7 @@ in
perSystem = perSystem =
{ ... }: { ... }:
{ {
clan.nixosTests.actual-budget = { clan.nixosTests.service-actual-budget = {
imports = [ ./tests/vm/default.nix ]; imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/actual-budget" = module; clan.modules."@clan/actual-budget" = module;

69
modules/clan/asterisk/default.nix Normal file
View File

@@ -0,0 +1,69 @@
{ ... }:
{
_class = "clan.service";
manifest.name = "asterisk";
manifest.description = "Asterisk PBX server";
manifest.categories = [ "System" ];
roles.default = {
perInstance.nixosModule =
{
lib,
...
}:
{
services.asterisk = {
enable = lib.mkDefault true;
confFiles = {
# Dial plan config
"extensions.conf" = ''
exten => 1001,1,Dial(PJSIP/user1,20)
exten => 1002,1,Dial(PJSIP/user2,20)
exten => 100,1,Answer()
same => n,Wait(1)
same => n,Playback(hello-world)
same => n,Hangup()
'';
"pjsip.conf" = ''
[transport-udp]
type=transport
protocol=udp
bind=0.0.0.0,[::]
[endpoint_internal](!)
type=endpoint
context=from-internal
disallow=all
allow=ulaw
[auth_userpass](!)
type=auth
auth_type=userpass
[aor_dynamic](!)
type=aor
max_contacts=1
[user1](endpoint_internal)
auth=user1
aors=user1
[user1](auth_userpass)
password=user1
username=user1
[user1](aor_dynamic)
[user2](endpoint_internal)
auth=user2
aors=user2
[user2](auth_userpass)
password=user2
username=user2
[user2](aor_dynamic)
'';
};
};
};
};
}

18
modules/clan/asterisk/flake-module.nix Normal file
View File

@@ -0,0 +1,18 @@
{ lib, ... }:
let
module = lib.modules.importApply ./default.nix { };
in
{
clan.modules = {
asterisk = module;
};
perSystem =
{ ... }:
{
clan.nixosTests.asterisk = {
imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/asterisk" = module;
};
};
}

39
modules/clan/asterisk/tests/vm/default.nix Normal file
View File

@@ -0,0 +1,39 @@
{
pkgs,
...
}:
{
name = "service-asterisk";
clan = {
directory = ./.;
inventory = {
machines.server = { };
instances = {
asterisk-test = {
module.name = "@clan/asterisk";
module.input = "self";
roles.default.machines."server".settings = { };
};
};
};
};
nodes = {
server = {
services.asterisk = {
};
};
};
testScript = ''
start_all()
server.wait_for_unit("asterisk")
# Check that garage is running
server.succeed("systemctl status asterisk")
'';
}

12
modules/clan/flake-module.nix
View File

@@ -1,4 +1,7 @@
{ inputs, lib, ... }: {
inputs,
...
}:
{ {
imports = imports =
let let
@@ -16,12 +19,7 @@
# Create import paths for each valid directory # Create import paths for each valid directory
imports = (map (name: ./. + "/${name}/flake-module.nix") validModuleDirs) ++ [ imports = (map (name: ./. + "/${name}/flake-module.nix") validModuleDirs) ++ [
(import (inputs.clan-core + "/lib/flake-parts/clan-nixos-test.nix") { inputs.clan-core.flakeModules.testModule
inherit lib;
flake-parts-lib = inputs.flake-parts.lib;
self = inputs.clan-core;
inputs = inputs.clan-core.clan.self.inputs;
})
]; ];
in in
imports; imports;

2
modules/clan/grafana/flake-module.nix
View File

@@ -9,7 +9,7 @@ in
perSystem = perSystem =
{ ... }: { ... }:
{ {
clan.nixosTests.grafana = { clan.nixosTests.service-grafana = {
imports = [ ./tests/vm/default.nix ]; imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/grafana" = module; clan.modules."@clan/grafana" = module;

2
modules/clan/nextcloud/flake-module.nix
View File

@@ -10,7 +10,7 @@ in
perSystem = perSystem =
{ ... }: { ... }:
{ {
clan.nixosTests.nextcloud = { clan.nixosTests.service-nextcloud = {
imports = [ ./tests/vm/default.nix ]; imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/nextcloud" = module; clan.modules."@clan/nextcloud" = module;

2
modules/clan/paperless/flake-module.nix
View File

@@ -10,7 +10,7 @@ in
perSystem = perSystem =
{ ... }: { ... }:
{ {
clan.nixosTests.paperless = { clan.nixosTests.service-paperless = {
imports = [ ./tests/vm/default.nix ]; imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/paperless" = module; clan.modules."@clan/paperless" = module;

2
modules/clan/pingvin/flake-module.nix
View File

@@ -10,7 +10,7 @@ in
perSystem = perSystem =
{ ... }: { ... }:
{ {
clan.nixosTests.pingvin = { clan.nixosTests.service-pingvin = {
imports = [ ./tests/vm/default.nix ]; imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/pingvin" = module; clan.modules."@clan/pingvin" = module;

2
modules/clan/pocket-id/flake-module.nix
View File

@@ -10,7 +10,7 @@ in
perSystem = perSystem =
{ ... }: { ... }:
{ {
clan.nixosTests.pocket-id = { clan.nixosTests.service-pocket-id = {
imports = [ ./tests/vm/default.nix ]; imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/pocket-id" = module; clan.modules."@clan/pocket-id" = module;

2
modules/clan/stirling-pdf/flake-module.nix
View File

@@ -10,7 +10,7 @@ in
perSystem = perSystem =
{ ... }: { ... }:
{ {
clan.nixosTests.stirling-pdf = { clan.nixosTests.service-stirling-pdf = {
imports = [ ./tests/vm/default.nix ]; imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/stirling-pdf" = module; clan.modules."@clan/stirling-pdf" = module;

2
modules/clan/victoriametrics/flake-module.nix
View File

@@ -10,7 +10,7 @@ in
perSystem = perSystem =
{ ... }: { ... }:
{ {
clan.nixosTests.victoriametrics = { clan.nixosTests.service-victoriametrics = {
imports = [ ./tests/vm/default.nix ]; imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/victoriametrics" = module; clan.modules."@clan/victoriametrics" = module;

2
modules/clan/vikunja/flake-module.nix
View File

@@ -9,7 +9,7 @@ in
perSystem = perSystem =
{ ... }: { ... }:
{ {
clan.nixosTests.vikunja = { clan.nixosTests.service-vikunja = {
imports = [ ./tests/vm/default.nix ]; imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/vikunja" = module; clan.modules."@clan/vikunja" = module;

53
modules/clan/yggdrasil/default.nix Normal file
View File

@@ -0,0 +1,53 @@
{ ... }:
{
_class = "clan.service";
manifest.name = "yggdrasil";
manifest.description = "An in scalable routing as an encrypted IPv6 overlay network";
manifest.categories = [ "System" ];
roles.default = {
perInstance.nixosModule =
{
lib,
config,
pkgs,
...
}:
{
clan.core.vars.generators.yggdrasil = {
files = {
yggdrasil-secret = {
secret = true;
};
yggdrasil-ip = {
secret = false;
};
yggdrasil-subnet.secret = false;
};
runtimeInputs = with pkgs; [
yggdrasil
jq
];
script = ''
yggdrasil -genconf -json | jq {PrivateKey} > $out/yggdrasil-secret
cat $out/yggdrasil-secret | yggdrasil -useconf -address | tr -d "\n" > $out/yggdrasil-ip
yggdrasil -useconffile $out/yggdrasil-secret -subnet | tr -d "\n" > $out/yggdrasil-subnet
'';
};
services.yggdrasil = {
enable = lib.mkDefault true;
configFile = config.clan.core.vars.generators.yggdrasil.files.yggdrasil-secret.path;
settings = {
Peers = [
# US Peers
"tls://ygg.jjolly.dev:3443"
"tls://[2602:fc24:18:7a42::1]:993"
"tcp://leo.node.3dt.net:9002"
"tcp://ygg-kcmo.incognet.io:8883"
];
};
};
};
};
}

23
modules/clan/yggdrasil/flake-module.nix Normal file
View File

@@ -0,0 +1,23 @@
{
lib,
inputs,
self,
...
}:
let
module = lib.modules.importApply ./default.nix { };
in
{
clan.modules = {
yggdrasil = module;
};
perSystem =
{ ... }:
{
# clan.nixosTests.service-yggdrasil = {
# imports = [ ./tests/vm/default.nix ];
#
# clan.modules."@clan/yggdrasil" = module;
# };
};
}

37
modules/clan/yggdrasil/tests/vm/default.nix Normal file
View File

@@ -0,0 +1,37 @@
{
...
}:
{
name = "service-yggdrasil";
clan = {
directory = ./.;
inventory = {
machines.server = { };
instances = {
yggdrasil-test = {
module.name = "@clan/yggdrasil";
module.input = "self";
roles.default.machines."server".settings = { };
};
};
};
};
nodes = {
server = {
services.yggdrasil = {
};
};
};
testScript = ''
start_all()
server.wait_for_unit("yggdrasil")
# Check that garage is running
server.succeed("systemctl status yggdrasil")
'';
}

6
modules/clan/yggdrasil/tests/vm/sops/machines/server/key.json Executable file
View File

@@ -0,0 +1,6 @@
[
{
"publickey": "age12ldrhhffl0jeteh8f0rzhezs0ulggg5jyqph6xzrgjw2dv40pqwq49lej9",
"type": "age"
}
]

15
modules/clan/yggdrasil/tests/vm/sops/secrets/server-age.key/secret Normal file
View File

@@ -0,0 +1,15 @@
{
"data": "ENC[AES256_GCM,data:pGMobS67sLp2GN2Xw7A/trcLYnQdVZCUbjtlwS/AShXxyXgHXzkqRee6R765GZyCpDwM8A1IuMZYctrqWxVXrpIAiJpwvwy7vDM=,iv:ysRf5xAXN+dFSx+sFHNDt1GcVQx7RLej4c12v60iSI0=,tag:yXYpWhWLdsz9BOOoKpZU4g==,type:str]",
"sops": {
"age": [
{
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2UmhPdzcrSnFhVUxRNDBL\ncXlGRzdMdWxCWmFlUkE4RnJRQ3psMlBqV0Q0CkRjTXFoQitQbjRhMlVjaDc3UDN1\nR1hBeXlCeWxvdnZoVWI1ZkcweHF5VncKLS0tIHE4YVFhYTZTNko1MnJINjFPYXh4\ndlJJZThGZ0JIaDJWRTNXbXk3alNZTnMKgd+0535zoTu6xW2778uNReu4Z7LStN6d\n1O9SXAB+s1iOZ3xGEICiQTVF/6p8RE6lheV2oXgoMiXXrFNH6INLsw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-10-17T05:34:34Z",
"mac": "ENC[AES256_GCM,data:YIpKJlOI6ASgOYqv9ipu+T3c+PlM5HwvdFVH8gh8hVeSbmxD1baPPmVSWlLv+u61Q1/C9PK4mczaASopaGiLoswep+Hc1Gn7sSeP9wO6Djx6fEIEyE1VUhUbTqi/nHYiB21yB/wegfpqzNYIn1nO0oFCmDmSS5qIowcT1fhYIjM=,iv:lzxll5oC7poLvC/hZPexUGAcAdf67xZGRXUpj6O3p6Y=,tag:9xu17Y5MtW5XNzGBsWwA3g==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}

1
modules/clan/yggdrasil/tests/vm/sops/secrets/server-age.key/users/admin Symbolic link
View File

@@ -0,0 +1 @@
../../../users/admin

4
modules/clan/yggdrasil/tests/vm/sops/users/admin/key.json Normal file
View File

@@ -0,0 +1,4 @@
{
"publickey": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
"type": "age"
}

1
modules/clan/yggdrasil/tests/vm/vars/per-machine/server/yggdrasil/yggdrasil-ip/value Normal file
View File

@@ -0,0 +1 @@
204:5ce7:aa27:579b:ec90:6907:4ddc:177

1
modules/clan/yggdrasil/tests/vm/vars/per-machine/server/yggdrasil/yggdrasil-secret/machines/server Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/machines/server

19
modules/clan/yggdrasil/tests/vm/vars/per-machine/server/yggdrasil/yggdrasil-secret/secret Normal file
View File

@@ -0,0 +1,19 @@
{
"data": "ENC[AES256_GCM,data:I6yalWQ2u5hI84lJTUmh07JxUBp4EZukJrSGSN7wsGiUGlFa1v/RT1XkTiXuRjDtUVYCLmQmfSCAp/OqFscxF8KL+s24iTDrG4e3S6AeKLa3oZrNJIt1EJ06gWrPNoh1ttmwXSd4Y4Bsk4Lg8vIjH4qw3Bx+KrufxYTqe+anfMdoXKnW8wOWud5O7HMvCh+sf4dNcf6PIQ==,iv:SF5qExXNPyif+LIcNhHP0PKELUBXaFsPj9B3wvUkEp0=,tag:QEkZXDrIdcpNiZ6l2ljOPw==,type:str]",
"sops": {
"age": [
{
"recipient": "age12ldrhhffl0jeteh8f0rzhezs0ulggg5jyqph6xzrgjw2dv40pqwq49lej9",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBENDhrWVRuYjRnZktROU4v\nSHNtODFGMWl0NDRHazIwcWl0WGtNY2dYMXhnCmZQQ0doS3BTaU5hRHVsVTB5THl1\nWUNDQUNiMVJFeFZnQ1ptYmFQdTJQc28KLS0tIEtJdUQ5Y1VqSThkSVVNcVNVNEFr\nMzBCRjM1L1V5TngrZG5rR0VHY3Z6TDAKPQ6P96upDeh8xwQDrX4Zcf71Dah5zkOJ\n/F5eODEBadzQSRmJuyp3+uRMFf47eR6Q5bVah3NsVxFquXOL3CtNlw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHb0EwT2tuMVE5SE5XaWdQ\ncGR0bFFhOUQvM2dGUzdlUEFFbzRnTHBWWUVnCjFGTXcrWW1vR0x5dXBUamtkS0dF\neG9weUVwQzhhNHhPRUdqV1VnWXJyNFEKLS0tIC80b1ZqRGFOenpENDN1Vk5vRUhY\nVnJzZ1Q5VzZ6ZEZtZE13YjQ0VVhrTTAK5y0BjKBRg2AXuO416JWLMLyM/pCQChKn\nVKZMXcT6cc5hHDuqbp9qUofknF68XnzlH6nOyLB1ZtnELyeZuf29fw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-10-17T05:34:35Z",
"mac": "ENC[AES256_GCM,data:Y3k83RaeX64LA3rsIkQxyKw+LLUgXVsqr3F2UHkv9h73gkyChc6k1oE/FLR4CsZZWsfLNjCkPMuenqToA2mKqQK0aADwPDYo0aVm0hr1PGX5j3Py6EmP56NFvxlAQsExRWo32eqdkeCkY23hfcmUYlaB+bo/fsrRVj67zag9GYA=,iv:p18i8cV6jKXpuZ1Xd7KYCl8BMe1/8CW9YnCuVrTAqy0=,tag:IJnLzdZOn8Clu+lCKT6zvA==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}

1
modules/clan/yggdrasil/tests/vm/vars/per-machine/server/yggdrasil/yggdrasil-secret/users/admin Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/users/admin

10
modules/nixos/common.nix Normal file
View File

@@ -0,0 +1,10 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
screen
ncdu
vim
lshw
pciutils
];
}

7
modules/nixos/flake-module.nix Normal file
View File

@@ -0,0 +1,7 @@
{
flake.nixosModules = {
common = {
imports = [ ./common.nix ];
};
};
}

9
routers/default.nix Normal file
View File

@@ -0,0 +1,9 @@
{ inputs, ... }:
{
flake.legacyPackages = {
whitehouse-router = import "${inputs.liminix}/default.nix" {
device = (import "${inputs.liminix}/devices/gl-ar750");
liminix-config = import ./white-house/configuration.nix { inherit inputs; };
};
};
}

129
routers/white-house/configuration.nix Normal file
View File

@@ -0,0 +1,129 @@
{ inputs }:
{
config,
pkgs,
modulesPath,
lib,
...
}:
let
secrets = {
firewallRules = { };
}
// (import ./secrets.nix);
wirelessConfig = {
country_code = "TH";
inherit (secrets) wpa_passphrase;
wmm_enabled = 1;
};
svc = config.system.service;
in
{
imports = [
"${inputs.liminix}/modules/wlan.nix"
"${inputs.liminix}/modules/network"
"${inputs.liminix}/modules/vlan"
"${inputs.liminix}/modules/ssh"
"${inputs.liminix}/modules/bridge"
"${modulesPath}/profiles/gateway.nix"
];
hostname = "whitehouse";
boot = {
tftp = {
freeSpaceBytes = 3 * 1024 * 1024;
serverip = "${secrets.lan.prefix}.148";
ipaddr = "${secrets.lan.prefix}.251";
};
};
services.sshd = svc.ssh.build {
authorizedKeys.root = secrets.root.openssh.authorizedKeys.keys;
};
users.root = secrets.root;
services.resolvconf = lib.mkForce (
pkgs.liminix.services.oneshot rec {
name = "resolvconf";
up = ''
( in_outputs ${name}
echo "nameserver $(output ${config.services.wan} ns1)" > resolv.conf
echo "nameserver $(output ${config.services.wan} ns2)" >> resolv.conf
chmod 0444 resolv.conf
)
'';
}
);
profile.gateway = {
lan = {
interfaces = with config.hardware.networkInterfaces; [
wlan
wlan5
lan
];
inherit (secrets.lan) prefix;
address = {
family = "inet";
address = "${secrets.lan.prefix}.1";
prefixLength = 24;
};
dhcp = {
start = 10;
end = 240;
hosts = { };
localDomain = "lan";
};
};
wan =
let
inherit (config.system.service) vlan;
wan-vlan = vlan.build {
ifname = "wan-vlan";
primary = config.hardware.networkInterfaces.wan;
vid = "10";
};
in
{
interface = svc.pppoe.build {
interface = wan-vlan;
username = secrets.l2tp.name;
password = secrets.l2tp.password;
};
dhcp6.enable = true;
};
firewall = {
enable = true;
rules = secrets.firewallRules;
};
wireless.networks = {
"${secrets.ssid}" = {
interface = config.hardware.networkInterfaces.wlan;
hw_mode = "g";
channel = "2";
ieee80211n = 1;
}
// wirelessConfig;
"${secrets.ssid}-5" = rec {
interface = config.hardware.networkInterfaces.wlan5;
hw_mode = "a";
channel = 36;
ht_capab = "[HT40+]";
vht_oper_chwidth = 1;
vht_oper_centr_freq_seg0_idx = channel + 6;
ieee80211n = 1;
ieee80211ac = 1;
}
// wirelessConfig;
};
};
defaultProfile.packages = with pkgs; [
busybox
iw
iptables
];
}

20
routers/white-house/secrets.nix Normal file
View File

@@ -0,0 +1,20 @@
{
wpa_passphrase = "";
ssid = "WhiteHouse";
l2tp = {
name = "";
password = "";
};
root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcZ/p1Ofa9liwIzPWzNtONhJ7+FUWd2lCz33r81t8+w kurogeek@kurogeek"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAB/raxJR8gASmquP63weHelbi+da2WBJR1DgzHPNz/f"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuhpzDHBPvn8nv8RH1MRomDOaXyP4GziQm7r3MZ1Syk"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAmgyEGuY/r7SDlJgrzYmQqpcWS5W+fCzRi3OS59ne4W openpgp:0xFF687387"
];
};
lan = {
prefix = "192.168.1";
};
}

1
shell.nix
View File

@@ -10,7 +10,6 @@
devshell = { devshell = {
packages = [ packages = [
inputs.clan-core.packages.${system}.clan-cli inputs.clan-core.packages.${system}.clan-cli
inputs.clan-core.packages.${system}.generate-test-vars
]; ];
}; };
}; };

1
vars/per-machine/b4l/yggdrasil/yggdrasil-ip/value Normal file
View File

@@ -0,0 +1 @@
200:ada9:8363:202b:faf:be:92ab:e46d

1
vars/per-machine/b4l/yggdrasil/yggdrasil-secret/groups/admins Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/groups/admins

1
vars/per-machine/b4l/yggdrasil/yggdrasil-secret/machines/b4l Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/machines/b4l

47
vars/per-machine/b4l/yggdrasil/yggdrasil-secret/secret Normal file
View File

@@ -0,0 +1,47 @@
{
"data": "ENC[AES256_GCM,data:NSyWVWXMxoTR07uaLUYX6rHB17wsIB53FZHSsPxgDKJQ2wHBPFNaHSYh+BiSo+IrX+YcdUUqJFhEkjWDyG+vXaNZHrMbg/pzZ/cwTK/lPbYISkwtOhgr3zCA0H6DmQcHVmvR6fsdRDkFwl7pHtn1RMjEORQdbBINtscZfzZFcAF2L1t+WPFxgRKQDNT/9l3f4SoBcuakyg==,iv:/5JbEZ/vj/4I+eEElOY0cnhiYzqqPw2ZKLv2M/xkstw=,tag:23exDL72g56bP7ZbMsK4mA==,type:str]",
"sops": {
"age": [
{
"recipient": "age134vt63pjqpd0m7702fyn8vhdlzyj2deqc2q78sp9uw9052kxsgwq6d25ez",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTYUFSZGpmd2tmdzB6bkp5\naytPd1RhVWFqeXF3SDZia3QzUmRNNGpzcjBFCnl3VElLdXFvV0tFSEFlV3hRMzFH\nbnBnWVZ2QkRHZ1BoTEZxdFg4QWE4ckkKLS0tIHhSMlBKakxmM0xyeUphKytLTmpk\nVW90V05hTUEyTVNMQzZHN2xhYTBZRGcK/nJOIM4m56TE7KKmn/QH89g053mmuKKG\nQYs/86SWdLPqwL35FstQg2xDIHSxkDcoMSGc+C+/xdOjWV3qLil/DQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age17d4qt0n9edq57tgcqyk8eu5mrendl59yt6z2y3a4vkq7el8krqtq6lq28g",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYaU9idi9RZzhNeXhTb0pp\nUkZ3UVpsZlBka2kvZDBqcVhiRVdMNVFZbEJNCkhvdmFaVTBGcVAvalJPSlFuZHhi\nTE9qeTBMMjk2djhFUEdJbWZmTnN3WnMKLS0tIDludThMRDFDUHhCZVV3bUtVdVBZ\neGg4TzdqVjJPeUxYbnBWNURRSWRrMkEKBCACDZgHG5eVKcSdjHDITJZqgR7cHdHq\n9y8qS3YjaFZ37Ui6Lmb9vJEzDCEy3wEupBy4sbAX4okVapGPJ4fmwg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fido2-hmac1qqpf43tgcfjm048lsqskvq34w2t4uvrm5qy6m2eg6zjj82ctca8wctgpczxvj0q4y6337uhvsxdh5j86k9h9ymautpvv2759ucwnef75ez7pa7fpkddklp40mxk2tedsp74359g0kefn5rsq0x0yss6cu4yd0h06up0rp08t6yc4l0hfa9y8jn5fkx6nk0hjhz06ykwv0fyxe7z42q683jy0",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIHJtSTZrY29X\nVTZNQm9XS3JsbEZCNDFUR1gxZXpObDdKRmQzUnRZMytOaFEgQVEgd0l6SlBCVW1v\neDl5N0lHYmVrajZzVzVTYjd4WVdNVjZoZVlkUEtmVXlMdyBIdmtoczF0dmhxL1py\nS1hsc0ErckdoVVB0bE02RGdCNW5raERXT1ZJMTkzNjRGNHd2T3ZSTVYrKzZlbEll\nVTZKc2JVN1B2SzRuNkpaekhwSWJQaFZVQQpYN2xlOFVDZFlEOHhTMGZTVDNjdjdU\ndWlqd2ROamdmelp4UjAyVitnYVQwCi0tLSBZWmVWc2J4YVhLN3VyMTQwamtYRW5K\nWVovUEp3YlN5WjA1VE10MElWMllvCiLrLLekRkmSL5ekLIcFMoqgeEPXSrn15JDd\neKT9sbYtwhB7vt2L57fDRfaF/+7wNb9y6cv2oi+EdDoDXp/EyB4=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fido2-hmac1qqprw0vfpc8wzsu78quc777kmee54ln6nnsjrnrhl7nr33eh4kvkksqp05qqxj4kgfzrmrugrsvg7skx6ghh3q9xc0x0agthtkvy25d9eq7eklta5wf7s30hexkuyl5546rdz9ffa5tawlp5yweqkgccntw0ny540n2am3cqw3luhxkfmrp63kwr6mwplhr9u26wll48x0n3k5f60c7hg9a3",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIGxiRWYyUmwv\nVjlEdS9LOVV2K1NwdDFhYWM5RS9LcTZFNkNaMWViMkl5bmMgQVEgZlFBRFNyWkNS\nRDJQaUJ3WWowTEcwaTk0Z0tiRHpQNmhkMTJZUlZHbHlEMCBtMzE5bzVQb1JmZkpy\nY0orbEs2RzBSVXA3UmZYZkRRanNnc2pHSnJjK1pLVmZOWGR4d0IwZjh1YXlkakRx\nTm5EMXR3ZjNHWGl0Ty8rcHpQbkcxRTZmZwpUQkk4NGZPVWRTbG5MNk9CTStSUXFi\nbXlGemlJR2o2dTB6QUE2Q2JKSnE4Ci0tLSBzZjRva2NtNHlRamNvQWpoZW1UWFMr\nQVdNYXBpOFVhaEVxWm1KNFM4UHJvCnebMj6d/+e0vp00Gb02qJtUp2+mEpF/jUpD\n25cxeoSAWPAhfnBgE+oLzQqnQSq5dCxsWteE/1eOXC68koeT9FY=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fido2-hmac1qqpyewum3q8dfcumfgec8nn958aec9f4q9aqy0k06kw5kq27d6fdqdgp0p7y4ru3n5xk90u747xevxa2af3v37e85j9g3axrmw5hdwdfh0wz22hut5vrafxsx26a7vh8fjwkymz3ramfgvvu4detztu075kmpr8l9ydqda0rnjwatdwmfgswg849p37astvld98s3nleeq575azlwc2hhpuh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIC9udm9sRDBJ\nNFM4dFA2ZDdJMlBXeXYvakM5RHVzNlcrRitzUHF6dnBvMVkgQVEgZUh4S2o1R2RE\nV0svbnErTmxodXE2bUxJK3lla2lvajB3OXVwZHJtcHU5dyBKU3I4WFJnK3BOQXl0\nZDh5NTB5ZFlteFJIM2FVTVp5cmNyRXZqL1V0c0l6L0tSb0c5ZU9jbmRXMTIwb2c1\nQjZsREgzWUxaOXBUd2pQK2NncDZuUmZkZwpKZnBka3YzK0tUQ1hXTHVheE45Mzkw\ncE04aVVPQWM1eURmb1JaNlBwVlFFCi0tLSBHTlY4UW5FQXExK2cvMUJDZE9NaURy\nOFUxN0dvczJtWlVRc29QWlZ1bGg0CvUoAmTgDVSF7SPpqnkFhkCUn3N/Yr4Tzodw\nyCiD7U/KYFavEIxGIeg+ClhLF9o4fYq9kk8ld0vU8qUADXBdRDE=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTUEyUndkSk1iQTB3eUpp\nb0ljaXpwdi9QYmdNV1J3L0NhWElRVzlnNTFVCnZ6Q01ESWRNMHRxdWZKM0lYTXBX\ncko5VitPdWk0UHpwWDhGNzFVZk4yYzgKLS0tIGVRdG5rWkYwOFlCQWNIWFBRalVE\nMmFtOHBvbUw5YXAvMG93MjBrRjdmMGMKlopySr6HS6vfFHiRcwlJz/qy7jzyS1Nf\nw4lw7QnOrvOkoutiK3HiIia5N6V0jd0TV7nJqIu7tz/zYksbzps7QQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1sg0rvgyetdcqw7j2x983fh69kdkvqsngpe5x36e5920qa7fze3cqhj4wgx",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzVTZNTUM5UXowWTlPRDFW\nVUJTbStFcldHbTVDUVRJYjNiaklWRmowTHdnCkJNbUtmdk1jS3kyaVNWVFlOTytX\nKzBwTmxoZi9NdmJuRFNMNTUyRThNUDQKLS0tIENSMHZ5TGwxQ0xuZkZFQ3RJdGEv\nSXIvYW9WY243cTdzZEtra292K0JFVlEKMWhG/7R00uqLb5l5lU3p9Vt4pre6J85r\nIFWtg1G/54KaFt8aiWcD5RUSSARGZ3r4qVtO+9eWP+gA4DUpSNkWNw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1swlyyk2rzvevqawyeekv75nx2dz34zpe3xqhkqme26gcgeavy4dqrfpcd8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5WVlWMHJNbERKUGx0elgx\nUEF1Sms4VCtNRVRraWdvUkFEaTRzYTJ0TTFZCnl0aTIxR1QyQ1VsU0RFNnN1NzBr\neTVQbHJHQjAvYklFVkZkUDRXRGxvSkEKLS0tIHdINHFyQVE2V1V1R1ZxWEFuMm5x\nUVRjSVp6NStGSkQyQ05JVHlXejBEbWsKBlMvtw9MCReN1eSHKMwwsWaEF8kq1Pns\nLNSYEeWABZ5bbPB1xBvmIIlVFThJqgy5mBVJLzQMUwqb0IvixAgFxQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1vphy2sr6uw4ptsua3gh9khrm2cqyt65t46tusmt44z98qa7q6ymq6prrdl",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaSmNiVWlRSy91Mm5qSWJ5\nd2Z4WnEydE9ncWwzUVVCMDVoek1wRTFyOFJjCkZjOVZrVHY5d3FKRmMvaXJQWUtU\neGpSZkZITkJaOERkdWZpelA5dTJQOEkKLS0tIEtZOUNJSytYTFpSTWNuY3JjcnJv\nbFZpTXQxc29Pd1FIN0xrcEJYc3ZlV0kKyO/PLn2WNdVtTqM8cG1XFqV/5YdSqPAY\nvroStGVsLliV7W4T2MAmACeyjoMde9/gVosKfGc6awE+Bi2BUxrqpw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-10-17T07:22:09Z",
"mac": "ENC[AES256_GCM,data:OxeLto6aeiTOX8OffRsQzxyluSdva7y3j4j67c+MI1ost+QCZyGAW/5pr2mMaoU2XrwYqUjZTKBhJ9p1FY6C29/EhyzrNhGUTjC5iTcXO1lbLUTgoSDN8KPmVea97sTa+easVHoSgnPLxisG2yCALv95k9/eQ7vF9FRjBBNTaIU=,iv:FQeojhtnKOlqWuQNJo1TmI/PhjYbgwtvK24gZMjbbpM=,tag:Vwum5bSSZRNNDQ3Yudw4hQ==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}

1
vars/per-machine/b4l/yggdrasil/yggdrasil-secret/users/kurogeek Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/users/kurogeek

1
vars/per-machine/vega/state-version/version/value Normal file
View File

@@ -0,0 +1 @@
25.11