diff --git a/.sops.yaml b/.sops.yaml index ca04545..52c8692 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -15,6 +15,7 @@ keys: - &host_bicep age1sl43gc9cw939z5tgha2lpwf0xxxgcnlw7w4xem4sqgmt2pt264vq0dmwx2 - &host_ustetind age1hffjafs4slznksefmtqrlj7rdaqgzqncn4un938rhr053237ry8s3rs0v8 - &host_kommode age1mt4d0hg5g76qp7j0884llemy0k2ymr5up8vfudz6vzvsflk5nptqqd32ly + - &host_kvernberg age19rlntxt0m27waa0n288g9wgpksa6ndlzz8eneeqya7w3zd7may0sqzhcvz creation_rules: # Global secrets @@ -104,3 +105,9 @@ creation_rules: - *user_pederbs_bjarte pgp: - *user_oysteikt + + - path_regex: secrets/kvernberg/[^/]+$ + key_groups: + - age: + - *host_kvernberg + - *user_danio diff --git a/flake.lock b/flake.lock index 6e5828d..a9b2f64 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1745502102, - "narHash": "sha256-LqhRwzvIVPEjH0TaPgwzqpyhW6DtCrvz7FnUJDoUZh8=", + "lastModified": 1731746438, + "narHash": "sha256-f3SSp1axoOk0NAI7oFdRzbxG2XPBSIXC+/DaAXnvS1A=", "owner": "nix-community", "repo": "disko", - "rev": "ca27b88c88948d96feeee9ed814cbd34f53d0d70", + "rev": "cb64993826fa7a477490be6ccb38ba1fa1e18fa8", "type": "github" }, "original": { @@ -20,26 +20,6 @@ "type": "github" } }, - "gergle": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1736621371, - "narHash": "sha256-45UIQSQA7R5iU4YWvilo7mQbhY1Liql9bHBvYa3qRI0=", - "ref": "refs/heads/main", - "rev": "3729796c1213fe76e568ac28f1df8de4e596950b", - "revCount": 20, - "type": "git", - "url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git" - }, - "original": { - "type": "git", - "url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git" - } - }, "greg-ng": { "inputs": { "nixpkgs": [ @@ -48,17 +28,17 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1746563623, - "narHash": "sha256-5DxgNFpSgxft/sWraZnHIUlb4S3Io73SVS7FZCbWSUY=", + "lastModified": 1730249639, + "narHash": "sha256-G3URSlqCcb+GIvGyki+HHrDM5ZanX/dP9BtppD/SdfI=", "ref": "refs/heads/main", - "rev": "4e0408887f80e61a90286ff630a7855b828ae421", - "revCount": 45, + "rev": "80e0447bcb79adad4f459ada5610f3eae987b4e3", + "revCount": 34, "type": "git", - "url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git" + "url": "https://git.pvv.ntnu.no/Projects/greg-ng.git" }, "original": { "type": "git", - "url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git" + "url": "https://git.pvv.ntnu.no/Projects/greg-ng.git" } }, "grzegorz-clients": { @@ -68,17 +48,17 @@ ] }, "locked": { - "lastModified": 1736178795, - "narHash": "sha256-mPdi8cgvIDYcgG3FRG7A4BOIMu2Jef96TPMnV00uXlM=", + "lastModified": 1726861934, + "narHash": "sha256-lOzPDwktd+pwszUTbpUdQg6iCzInS11fHLfkjmnvJrM=", "ref": "refs/heads/master", - "rev": "fde738910de1fd8293535a6382c2f0c2749dd7c1", - "revCount": 79, + "rev": "546d921ec46735dbf876e36f4af8df1064d09432", + "revCount": 78, "type": "git", - "url": "https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git" + "url": "https://git.pvv.ntnu.no/Projects/grzegorz-clients.git" }, "original": { "type": "git", - "url": "https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git" + "url": "https://git.pvv.ntnu.no/Projects/grzegorz-clients.git" } }, "matrix-next": { @@ -88,16 +68,16 @@ ] }, "locked": { - "lastModified": 1735857245, - "narHash": "sha256-AKLLPrgXTxgzll3DqVUMa4QlPlRN3QceutgFBmEf8Nk=", + "lastModified": 1727410897, + "narHash": "sha256-tWsyxvf421ieWUJYgjV7m1eTdr2ZkO3vId7vmtvfFpQ=", "owner": "dali99", "repo": "nixos-matrix-modules", - "rev": "da9dc0479ffe22362793c87dc089035facf6ec4d", + "rev": "ff787d410cba17882cd7b6e2e22cc88d4064193c", "type": "github" }, "original": { "owner": "dali99", - "ref": "0.7.0", + "ref": "v0.6.1", "repo": "nixos-matrix-modules", "type": "github" } @@ -110,11 +90,11 @@ "rev": "1b4087bd3322a2e2ba84271c8fcc013e6b641a58", "revCount": 2, "type": "git", - "url": "https://git.pvv.ntnu.no/Projects/minecraft-kartverket.git" + "url": "https://git.pvv.ntnu.no/Drift/minecraft-data.git" }, "original": { "type": "git", - "url": "https://git.pvv.ntnu.no/Projects/minecraft-kartverket.git" + "url": "https://git.pvv.ntnu.no/Drift/minecraft-data.git" } }, "nix-gitea-themes": { @@ -124,42 +104,58 @@ ] }, "locked": { - "lastModified": 1743881366, - "narHash": "sha256-ScGA2IHPk9ugf9bqEZnp+YB/OJgrkZblnG/XLEKvJAo=", + "lastModified": 1714416973, + "narHash": "sha256-aZUcvXjdETUC6wVQpWDVjLUzwpDAEca8yR0ITDeK39o=", "ref": "refs/heads/main", - "rev": "db2e4becf1b11e5dfd33de12a90a7d089fcf68ec", - "revCount": 11, + "rev": "2b23c0ba8aae68d3cb6789f0f6e4891cef26cc6d", + "revCount": 6, "type": "git", - "url": "https://git.pvv.ntnu.no/Drift/nix-gitea-themes.git" + "url": "https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git" }, "original": { "type": "git", - "url": "https://git.pvv.ntnu.no/Drift/nix-gitea-themes.git" + "url": "https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git" } }, "nixpkgs": { "locked": { - "lastModified": 1745526780, - "narHash": "sha256-LXXYBmFPMQU2lTb6alKWfjgQs08BKn+txMNcgbu00hI=", + "lastModified": 1731779898, + "narHash": "sha256-oxxCrYZM0WNRoaokDyVXcPIlTc8Z2yX4QjKbgXGI3IM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9204750b34cae1a8347ab4b5588115edfeebc6d7", + "rev": "9972661139e27eed0237df4dde34839e09028cd5", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.11-small", + "ref": "refs/pull/332699/merge", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1730602179, + "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-24.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1745688173, - "narHash": "sha256-fgvG1O5JvSSjeQx+ea0DJ3GfMbLPVhAQta/DqQ2y6jc=", + "lastModified": 1731745710, + "narHash": "sha256-SVeiClbgqL071JpAspOu0gCkPSAL51kSIRwo4C/pghA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6a2957c7978b189202e03721aab901c0a9dc1e1a", + "rev": "dfaa4cb76c2d450d8f396bb6b9f43cede3ade129", "type": "github" }, "original": { @@ -196,11 +192,11 @@ ] }, "locked": { - "lastModified": 1741738148, - "narHash": "sha256-cJo6nbcJEOjkazkZ194NDnlsZe0W0wpxeUh2/886uC8=", - "ref": "refs/heads/main", - "rev": "c1802e7cf27c7cf8b4890354c982a4eef5b11593", - "revCount": 486, + "lastModified": 1725212759, + "narHash": "sha256-yZBsefIarFUEhFRj+rCGMp9Zvag3MCafqV/JfGVRVwc=", + "ref": "refs/heads/master", + "rev": "e7b66b4bc6a89bab74bac45b87e9434f5165355f", + "revCount": 473, "type": "git", "url": "https://git.pvv.ntnu.no/Projects/nettsiden.git" }, @@ -212,7 +208,6 @@ "root": { "inputs": { "disko": "disko", - "gergle": "gergle", "greg-ng": "greg-ng", "grzegorz-clients": "grzegorz-clients", "matrix-next": "matrix-next", @@ -233,11 +228,11 @@ ] }, "locked": { - "lastModified": 1746498961, - "narHash": "sha256-rp+oh/N88JKHu7ySPuGiA3lBUVIsrOtHbN2eWJdYCgk=", + "lastModified": 1729391507, + "narHash": "sha256-as0I9xieJUHf7kiK2a9znDsVZQTFWhM1pLivII43Gi0=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "24b00064cdd1d7ba25200c4a8565dc455dc732ba", + "rev": "784981a9feeba406de38c1c9a3decf966d853cca", "type": "github" }, "original": { @@ -250,14 +245,15 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ] + ], + "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1745310711, - "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=", + "lastModified": 1731748189, + "narHash": "sha256-Zd/Uukvpcu26M6YGhpbsgqm6LUSLz+Q8mDZ5LOEGdiE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c", + "rev": "d2bd7f433b28db6bc7ae03d5eca43564da0af054", "type": "github" }, "original": { diff --git a/hosts/kvernberg/configuration.nix b/hosts/kvernberg/configuration.nix index 446b4a4..c665517 100644 --- a/hosts/kvernberg/configuration.nix +++ b/hosts/kvernberg/configuration.nix @@ -5,8 +5,9 @@ ./hardware-configuration.nix (fp /base) (fp /misc/metrics-exporters.nix) - ./disks.nix + + ./services/pvvvvvv ]; sops.defaultSopsFile = fp /secrets/kvernberg/kvernberg.yaml; diff --git a/hosts/kvernberg/services/pvvvvvv/default.nix b/hosts/kvernberg/services/pvvvvvv/default.nix new file mode 100644 index 0000000..ddb1f36 --- /dev/null +++ b/hosts/kvernberg/services/pvvvvvv/default.nix @@ -0,0 +1,11 @@ +{ + imports = [ + ./exchange.nix + ]; + + services.taler = { + settings = { + taler.CURRENCY = "SCHPENN"; + }; + }; +} diff --git a/hosts/kvernberg/services/pvvvvvv/exchange.nix b/hosts/kvernberg/services/pvvvvvv/exchange.nix new file mode 100644 index 0000000..eee2a33 --- /dev/null +++ b/hosts/kvernberg/services/pvvvvvv/exchange.nix @@ -0,0 +1,38 @@ +{ config, lib, fp, pkgs, ... }: +let + cfg = config.services.taler; + inherit (cfg.settings.taler) CURRENCY; +in { + sops.secrets.exchange-offline-master = { + format = "binary"; + sopsFile = fp /secrets/kvernberg/exhange-offline-master.priv; + }; + + services.taler.exchange = { + enable = true; + debug = true; + openFirewall = true; + denominationConfig = '' + [COIN-${CURRENCY}-k1-1-0] + VALUE = ${CURRENCY}:1 + DURATION_WITHDRAW = 7 days + DURATION_SPEND = 1 years + DURATION_LEGAL = 3 years + FEE_WITHDRAW = ${CURRENCY}:0 + FEE_DEPOSIT = ${CURRENCY}:0 + FEE_REFRESH = ${CURRENCY}:0 + FEE_REFUND = ${CURRENCY}:0 + RSA_KEYSIZE = 2048 + CIPHER = RSA + ''; + settings = { + exchange = { + MASTER_PUBLIC_KEY = "J331T37C8E58P9CVE686P1JFH11DWSRJ3RE4GVDTXKES9M24ERZG"; + BASE_URL = "http://kvernberg.pvv.ntnu.no:8081/"; + }; + exchange-offline = { + MASTER_PRIV_FILE = config.sops.secrets.exchange-offline-master.path; + }; + }; + }; +} diff --git a/secrets/kvernberg/exhange-offline-master.priv b/secrets/kvernberg/exhange-offline-master.priv new file mode 100644 index 0000000..25d3197 --- /dev/null +++ b/secrets/kvernberg/exhange-offline-master.priv @@ -0,0 +1,24 @@ +{ + "data": "ENC[AES256_GCM,data:dhVo1B+ZG1B6s0bTLgph4ipPmi0mveaObbJAffDQbpY=,iv:P5plvu4DQYa99cQZQ6B/gEFcSffu3lTY3+Z80Cfoj94=,tag:4xcqCbn6fFSmCbYmmEgQEg==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age19rlntxt0m27waa0n288g9wgpksa6ndlzz8eneeqya7w3zd7may0sqzhcvz", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5MzVHSE15Nk9MODQxc2g0\nbHlqNmFKclBYbUNKQTNUOGo0VThiaEZTVzJFCmU2YkYwMXlyeHM3ZzAxOWZpa3k4\nUUJLanVFbkNMa25RcGZmOTBsVmtzazQKLS0tIE1sTTBqT3VJMDFOYXl0T1JvcDRV\nRFpsZGNOZzFzMFc3YzcxeXdIK1d6QUUKzy0n7DJsOmrNvU03Tn6Zcj/l/kAylzzP\nhNnFLXfStdKl3A/qrzBPhTVbYD73yFkZuQ+bDr7/IMsHAmDsztuA9g==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnbEdBWjdEbmtNYWJHQnFj\nSU1yb0NYVG4xVlZkYTdUWUpDcGdmbFF6U1NrCjBlWFZkcC9FMVJLYUtDNlBTUWcw\nNHBwWFNESDBQQmJNb3NDN2tDekM4eUUKLS0tICtMVGc1L2JFQ1BqKzM3eWFPRmRQ\nWXlQUWpvdUdOUlZ1OFhtS0ErL0JKSlUKzxLKbsnXvEqnR2HVsTxNqmM7YPjWfCjG\nZ4Bf046NdseomkNuTvWuPzjzPTe4GvjudMYc4ODchkIMOo6hXyf5kw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-11-17T01:12:23Z", + "mac": "ENC[AES256_GCM,data:aXIM/pmgVmfNSa+PwpfK6Efh/kCWXUqZNcKLkyhRwl++vaIBQUIQgQjv09hWHOF77V3ZjRQjh2E1uNe2baBLEmrDT5Au+7VABW+j49KX/vKMd+1l4w47l3DukOVnoo50bsOQFtH+amSl2P2imxpO15sjVDu9/nUeu2qXrtbIUh8=,iv:BQVs3P9p86uzTH2BfuSOxycpE6di4ZIwSz7OTZdcQPg=,tag:mT4Ek8dDbVINGp4Odt62zw==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.1" + } +} \ No newline at end of file