From 7514ada131867ce78dfa9038940816e58cbf1942 Mon Sep 17 00:00:00 2001 From: Daniel Olsen Date: Sat, 16 Nov 2024 00:13:55 +0100 Subject: [PATCH] Maybe this sets up the exchange idk.... --- .sops.yaml | 7 ++ flake.lock | 96 +++++++++---------- hosts/kvernberg/configuration.nix | 3 +- hosts/kvernberg/services/pvvvvvv/default.nix | 11 +++ hosts/kvernberg/services/pvvvvvv/exchange.nix | 38 ++++++++ secrets/kvernberg/exhange-offline-master.priv | 24 +++++ 6 files changed, 128 insertions(+), 51 deletions(-) create mode 100644 hosts/kvernberg/services/pvvvvvv/default.nix create mode 100644 hosts/kvernberg/services/pvvvvvv/exchange.nix create mode 100644 secrets/kvernberg/exhange-offline-master.priv diff --git a/.sops.yaml b/.sops.yaml index 5139b36..30614ac 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -14,6 +14,7 @@ keys: - &host_bekkalokk age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd - &host_bicep age1sl43gc9cw939z5tgha2lpwf0xxxgcnlw7w4xem4sqgmt2pt264vq0dmwx2 - &host_ustetind age1hffjafs4slznksefmtqrlj7rdaqgzqncn4un938rhr053237ry8s3rs0v8 + - &host_kvernberg age19rlntxt0m27waa0n288g9wgpksa6ndlzz8eneeqya7w3zd7may0sqzhcvz creation_rules: # Global secrets @@ -91,3 +92,9 @@ creation_rules: - *user_pederbs_bjarte pgp: - *user_oysteikt + + - path_regex: secrets/kvernberg/[^/]+$ + key_groups: + - age: + - *host_kvernberg + - *user_danio diff --git a/flake.lock b/flake.lock index f5f92fe..a9b2f64 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1733168902, - "narHash": "sha256-8dupm9GfK+BowGdQd7EHK5V61nneLfr9xR6sc5vtDi0=", + "lastModified": 1731746438, + "narHash": "sha256-f3SSp1axoOk0NAI7oFdRzbxG2XPBSIXC+/DaAXnvS1A=", "owner": "nix-community", "repo": "disko", - "rev": "785c1e02c7e465375df971949b8dcbde9ec362e5", + "rev": "cb64993826fa7a477490be6ccb38ba1fa1e18fa8", "type": "github" }, "original": { @@ -20,26 +20,6 @@ "type": "github" } }, - "gergle": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1736621371, - "narHash": "sha256-45UIQSQA7R5iU4YWvilo7mQbhY1Liql9bHBvYa3qRI0=", - "ref": "refs/heads/main", - "rev": "3729796c1213fe76e568ac28f1df8de4e596950b", - "revCount": 20, - "type": "git", - "url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git" - }, - "original": { - "type": "git", - "url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git" - } - }, "greg-ng": { "inputs": { "nixpkgs": [ @@ -48,17 +28,17 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1736545379, - "narHash": "sha256-PeTTmGumdOX3rd6OKI7QMCrZovCDkrckZbcHr+znxWA=", + "lastModified": 1730249639, + "narHash": "sha256-G3URSlqCcb+GIvGyki+HHrDM5ZanX/dP9BtppD/SdfI=", "ref": "refs/heads/main", - "rev": "74f5316121776db2769385927ec0d0c2cc2b23e4", - "revCount": 42, + "rev": "80e0447bcb79adad4f459ada5610f3eae987b4e3", + "revCount": 34, "type": "git", - "url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git" + "url": "https://git.pvv.ntnu.no/Projects/greg-ng.git" }, "original": { "type": "git", - "url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git" + "url": "https://git.pvv.ntnu.no/Projects/greg-ng.git" } }, "grzegorz-clients": { @@ -74,11 +54,11 @@ "rev": "546d921ec46735dbf876e36f4af8df1064d09432", "revCount": 78, "type": "git", - "url": "https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git" + "url": "https://git.pvv.ntnu.no/Projects/grzegorz-clients.git" }, "original": { "type": "git", - "url": "https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git" + "url": "https://git.pvv.ntnu.no/Projects/grzegorz-clients.git" } }, "matrix-next": { @@ -124,11 +104,11 @@ ] }, "locked": { - "lastModified": 1736531400, - "narHash": "sha256-+X/HVI1AwoPcud28wI35XRrc1kDgkYdDUGABJBAkxDI=", + "lastModified": 1714416973, + "narHash": "sha256-aZUcvXjdETUC6wVQpWDVjLUzwpDAEca8yR0ITDeK39o=", "ref": "refs/heads/main", - "rev": "e4dafd06b3d7e9e6e07617766e9c3743134571b7", - "revCount": 7, + "rev": "2b23c0ba8aae68d3cb6789f0f6e4891cef26cc6d", + "revCount": 6, "type": "git", "url": "https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git" }, @@ -139,27 +119,43 @@ }, "nixpkgs": { "locked": { - "lastModified": 1733466147, - "narHash": "sha256-1QAch5UZXGDc8Kh3PvdIKfVNeebjZFWiIKn8lAr1ZBM=", + "lastModified": 1731779898, + "narHash": "sha256-oxxCrYZM0WNRoaokDyVXcPIlTc8Z2yX4QjKbgXGI3IM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "66dddf2c2aae34272f117ea95a06efe376edbe27", + "rev": "9972661139e27eed0237df4dde34839e09028cd5", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.11-small", + "ref": "refs/pull/332699/merge", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1730602179, + "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-24.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1733603762, - "narHash": "sha256-E+cuaL8s1oHCumWD/Zkw0gkLOOQcz848pVyLfvqWDVw=", + "lastModified": 1731745710, + "narHash": "sha256-SVeiClbgqL071JpAspOu0gCkPSAL51kSIRwo4C/pghA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b1dd465e8139748a8e26037fdd4c5ffe79457cbd", + "rev": "dfaa4cb76c2d450d8f396bb6b9f43cede3ade129", "type": "github" }, "original": { @@ -196,11 +192,11 @@ ] }, "locked": { - "lastModified": 1737151758, + "lastModified": 1725212759, "narHash": "sha256-yZBsefIarFUEhFRj+rCGMp9Zvag3MCafqV/JfGVRVwc=", "ref": "refs/heads/master", - "rev": "a4ebe6ded0c8c124561a41cb329ff30891914b5e", - "revCount": 475, + "rev": "e7b66b4bc6a89bab74bac45b87e9434f5165355f", + "revCount": 473, "type": "git", "url": "https://git.pvv.ntnu.no/Projects/nettsiden.git" }, @@ -212,7 +208,6 @@ "root": { "inputs": { "disko": "disko", - "gergle": "gergle", "greg-ng": "greg-ng", "grzegorz-clients": "grzegorz-clients", "matrix-next": "matrix-next", @@ -250,14 +245,15 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ] + ], + "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1733128155, - "narHash": "sha256-m6/qwJAJYcidGMEdLqjKzRIjapK4nUfMq7rDCTmZajc=", + "lastModified": 1731748189, + "narHash": "sha256-Zd/Uukvpcu26M6YGhpbsgqm6LUSLz+Q8mDZ5LOEGdiE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c6134b6fff6bda95a1ac872a2a9d5f32e3c37856", + "rev": "d2bd7f433b28db6bc7ae03d5eca43564da0af054", "type": "github" }, "original": { diff --git a/hosts/kvernberg/configuration.nix b/hosts/kvernberg/configuration.nix index 446b4a4..c665517 100644 --- a/hosts/kvernberg/configuration.nix +++ b/hosts/kvernberg/configuration.nix @@ -5,8 +5,9 @@ ./hardware-configuration.nix (fp /base) (fp /misc/metrics-exporters.nix) - ./disks.nix + + ./services/pvvvvvv ]; sops.defaultSopsFile = fp /secrets/kvernberg/kvernberg.yaml; diff --git a/hosts/kvernberg/services/pvvvvvv/default.nix b/hosts/kvernberg/services/pvvvvvv/default.nix new file mode 100644 index 0000000..ddb1f36 --- /dev/null +++ b/hosts/kvernberg/services/pvvvvvv/default.nix @@ -0,0 +1,11 @@ +{ + imports = [ + ./exchange.nix + ]; + + services.taler = { + settings = { + taler.CURRENCY = "SCHPENN"; + }; + }; +} diff --git a/hosts/kvernberg/services/pvvvvvv/exchange.nix b/hosts/kvernberg/services/pvvvvvv/exchange.nix new file mode 100644 index 0000000..eee2a33 --- /dev/null +++ b/hosts/kvernberg/services/pvvvvvv/exchange.nix @@ -0,0 +1,38 @@ +{ config, lib, fp, pkgs, ... }: +let + cfg = config.services.taler; + inherit (cfg.settings.taler) CURRENCY; +in { + sops.secrets.exchange-offline-master = { + format = "binary"; + sopsFile = fp /secrets/kvernberg/exhange-offline-master.priv; + }; + + services.taler.exchange = { + enable = true; + debug = true; + openFirewall = true; + denominationConfig = '' + [COIN-${CURRENCY}-k1-1-0] + VALUE = ${CURRENCY}:1 + DURATION_WITHDRAW = 7 days + DURATION_SPEND = 1 years + DURATION_LEGAL = 3 years + FEE_WITHDRAW = ${CURRENCY}:0 + FEE_DEPOSIT = ${CURRENCY}:0 + FEE_REFRESH = ${CURRENCY}:0 + FEE_REFUND = ${CURRENCY}:0 + RSA_KEYSIZE = 2048 + CIPHER = RSA + ''; + settings = { + exchange = { + MASTER_PUBLIC_KEY = "J331T37C8E58P9CVE686P1JFH11DWSRJ3RE4GVDTXKES9M24ERZG"; + BASE_URL = "http://kvernberg.pvv.ntnu.no:8081/"; + }; + exchange-offline = { + MASTER_PRIV_FILE = config.sops.secrets.exchange-offline-master.path; + }; + }; + }; +} diff --git a/secrets/kvernberg/exhange-offline-master.priv b/secrets/kvernberg/exhange-offline-master.priv new file mode 100644 index 0000000..25d3197 --- /dev/null +++ b/secrets/kvernberg/exhange-offline-master.priv @@ -0,0 +1,24 @@ +{ + "data": "ENC[AES256_GCM,data:dhVo1B+ZG1B6s0bTLgph4ipPmi0mveaObbJAffDQbpY=,iv:P5plvu4DQYa99cQZQ6B/gEFcSffu3lTY3+Z80Cfoj94=,tag:4xcqCbn6fFSmCbYmmEgQEg==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age19rlntxt0m27waa0n288g9wgpksa6ndlzz8eneeqya7w3zd7may0sqzhcvz", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5MzVHSE15Nk9MODQxc2g0\nbHlqNmFKclBYbUNKQTNUOGo0VThiaEZTVzJFCmU2YkYwMXlyeHM3ZzAxOWZpa3k4\nUUJLanVFbkNMa25RcGZmOTBsVmtzazQKLS0tIE1sTTBqT3VJMDFOYXl0T1JvcDRV\nRFpsZGNOZzFzMFc3YzcxeXdIK1d6QUUKzy0n7DJsOmrNvU03Tn6Zcj/l/kAylzzP\nhNnFLXfStdKl3A/qrzBPhTVbYD73yFkZuQ+bDr7/IMsHAmDsztuA9g==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnbEdBWjdEbmtNYWJHQnFj\nSU1yb0NYVG4xVlZkYTdUWUpDcGdmbFF6U1NrCjBlWFZkcC9FMVJLYUtDNlBTUWcw\nNHBwWFNESDBQQmJNb3NDN2tDekM4eUUKLS0tICtMVGc1L2JFQ1BqKzM3eWFPRmRQ\nWXlQUWpvdUdOUlZ1OFhtS0ErL0JKSlUKzxLKbsnXvEqnR2HVsTxNqmM7YPjWfCjG\nZ4Bf046NdseomkNuTvWuPzjzPTe4GvjudMYc4ODchkIMOo6hXyf5kw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-11-17T01:12:23Z", + "mac": "ENC[AES256_GCM,data:aXIM/pmgVmfNSa+PwpfK6Efh/kCWXUqZNcKLkyhRwl++vaIBQUIQgQjv09hWHOF77V3ZjRQjh2E1uNe2baBLEmrDT5Au+7VABW+j49KX/vKMd+1l4w47l3DukOVnoo50bsOQFtH+amSl2P2imxpO15sjVDu9/nUeu2qXrtbIUh8=,iv:BQVs3P9p86uzTH2BfuSOxycpE6di4ZIwSz7OTZdcQPg=,tag:mT4Ek8dDbVINGp4Odt62zw==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.1" + } +} \ No newline at end of file