2023-04-04 09:07:58 +02:00
|
|
|
{
|
|
|
|
domain ? "dev.mydomain.com",
|
2023-04-09 07:05:10 +02:00
|
|
|
sopsKeyFile ? "",
|
2023-04-04 09:07:58 +02:00
|
|
|
}:
|
|
|
|
|
|
|
|
{
|
|
|
|
network = {
|
|
|
|
storage.legacy = {};
|
|
|
|
};
|
|
|
|
|
|
|
|
machine1 = { system, pkgs, lib, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
|
|
utils = pkgs.lib.callPackageWith pkgs ./../../../../utils.nix { };
|
|
|
|
|
|
|
|
base = ((import ./../network.nix).machine1 {
|
|
|
|
inherit system pkgs lib;
|
|
|
|
inherit domain utils;
|
|
|
|
secret = x: x;
|
|
|
|
});
|
|
|
|
|
|
|
|
vbox = (import ./../network.nix).virtualbox;
|
|
|
|
|
|
|
|
mkPortMapping = {name, host, guest, protocol ? "tcp"}:
|
|
|
|
["--natpf1" "${name},${protocol},,${toString host},,${toString guest}"];
|
|
|
|
in
|
|
|
|
recursiveUpdate base {
|
2023-04-09 07:05:10 +02:00
|
|
|
imports = [
|
|
|
|
<sops-nix/modules/sops>
|
|
|
|
];
|
2023-04-04 09:07:58 +02:00
|
|
|
deployment.targetEnv = "virtualbox";
|
|
|
|
deployment.virtualbox = {
|
|
|
|
memorySize = 1024;
|
|
|
|
vcpu = 2;
|
|
|
|
headless = true;
|
|
|
|
vmFlags = concatMap mkPortMapping vbox.portMappings;
|
|
|
|
};
|
2023-04-09 07:05:10 +02:00
|
|
|
|
|
|
|
# This will add secrets.yml to the nix store
|
|
|
|
# You can avoid this by adding a string to the full path instead, i.e.
|
|
|
|
# sops.defaultSopsFile = "/root/.sops/secrets/example.yaml";
|
|
|
|
sops.defaultSopsFile = ../secrets/linode.yaml;
|
|
|
|
# This will automatically import SSH keys as age keys
|
|
|
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
|
|
|
# This is using an age key that is expected to already be in the filesystem
|
|
|
|
sops.age.keyFile = /. + sopsKeyFile;
|
|
|
|
# This will generate a new key if the key specified above does not exist
|
|
|
|
sops.age.generateKey = true;
|
|
|
|
# This is the actual specification of the secrets.
|
|
|
|
sops.secrets.linode = {};
|
2023-04-04 09:07:58 +02:00
|
|
|
};
|
|
|
|
}
|