xin/configs/manager.nix

{ config
, lib
, pkgs
, inputs
, ...
}:
let
  microcaBin = "${pkgs.microca}/bin/microca";
  microca = pkgs.writeScriptBin "microca" ''
    #!/usr/bin/env sh
    ${microcaBin} -ca-key /run/secrets/ca_key -ca-cert /run/secrets/ca_cert $@
  '';
in
with lib; {
  options = {
    nixManager = {
      enable = mkEnableOption "Configure host as nix-conf manager.";
      user = mkOption {
        type = types.str;
        default = "root";
        description = ''
          User who will own the private key.
        '';
      };
    };
  };

  imports = [ ./tailnet.nix ];

  config = mkIf config.nixManager.enable {
    sops.defaultSopsFile = config.xin-secrets.manager;
    sops.secrets = {
      xin_status_key = { owner = config.nixManager.user; };
      xin_status_pubkey = { owner = config.nixManager.user; };
      manager_key = { owner = config.nixManager.user; };
      manager_pubkey = { owner = config.nixManager.user; };
      ca_key = { owner = config.nixManager.user; };
      ca_cert = { owner = config.nixManager.user; };
    };

    environment.systemPackages = [
      microca
      inputs.xintray.packages.${pkgs.system}.xintray
      inputs.po.packages.${pkgs.system}.po
    ];

    networking = {
      hosts = {
        "66.135.2.235" = [ "ns1" ];
        "142.171.43.82" = [ "ns2" ];
        "46.23.94.18" = [ "ns3" ];
        "198.23.149.18" = [ "ns4" ];
      };
    };
  };
}
all: switch to nixpkgs-fmt 2023-09-12 08:44:05 -06:00			`{ config`
			`, lib`
			`, pkgs`
			`, inputs`
			`, ...`
			`}:`
			`let`
manager: add the ability to manages the CA 2022-09-06 11:08:12 -06:00			`microcaBin = "${pkgs.microca}/bin/microca";`
			`microca = pkgs.writeScriptBin "microca" ''`
			`#!/usr/bin/env sh`
			`${microcaBin} -ca-key /run/secrets/ca_key -ca-cert /run/secrets/ca_cert $@`
			`'';`
all: format with alejandra 2023-07-11 09:12:50 -06:00			`in`
all: switch to nixpkgs-fmt 2023-09-12 08:44:05 -06:00			`with lib; {`
			`options = {`
			`nixManager = {`
			`enable = mkEnableOption "Configure host as nix-conf manager.";`
			`user = mkOption {`
			`type = types.str;`
			`default = "root";`
			`description = ''`
			`User who will own the private key.`
			`'';`
hello world! 2022-08-25 12:21:35 -06:00			`};`
			`};`
all: switch to nixpkgs-fmt 2023-09-12 08:44:05 -06:00			`};`
hello world! 2022-08-25 12:21:35 -06:00
configs/tailnet: re-enable 2024-04-25 15:21:47 -06:00			`imports = [ ./tailnet.nix ];`
configs/tailnet: start managing tailnet ACLs 2023-07-27 09:51:55 -06:00
all: switch to nixpkgs-fmt 2023-09-12 08:44:05 -06:00			`config = mkIf config.nixManager.enable {`
			`sops.defaultSopsFile = config.xin-secrets.manager;`
			`sops.secrets = {`
			`xin_status_key = { owner = config.nixManager.user; };`
			`xin_status_pubkey = { owner = config.nixManager.user; };`
			`manager_key = { owner = config.nixManager.user; };`
			`manager_pubkey = { owner = config.nixManager.user; };`
			`ca_key = { owner = config.nixManager.user; };`
			`ca_cert = { owner = config.nixManager.user; };`
			`};`
configs/tailnet: start managing tailnet ACLs 2023-07-27 09:51:55 -06:00
all: switch to nixpkgs-fmt 2023-09-12 08:44:05 -06:00			`environment.systemPackages = [`
			`microca`
			`inputs.xintray.packages.${pkgs.system}.xintray`
			`inputs.po.packages.${pkgs.system}.po`
			`];`
configs/tailnet: start managing tailnet ACLs 2023-07-27 09:51:55 -06:00
all: switch to nixpkgs-fmt 2023-09-12 08:44:05 -06:00			`networking = {`
			`hosts = {`
			`"66.135.2.235" = [ "ns1" ];`
configs/manager: ns2 lives at a new ip 2023-10-19 13:27:46 -06:00			`"142.171.43.82" = [ "ns2" ];`
all: switch to nixpkgs-fmt 2023-09-12 08:44:05 -06:00			`"46.23.94.18" = [ "ns3" ];`
			`"198.23.149.18" = [ "ns4" ];`
manager: add fallback dns entries for nameservers 2023-02-28 10:45:23 -07:00			`};`
			`};`
all: switch to nixpkgs-fmt 2023-09-12 08:44:05 -06:00			`};`
			`}`