torjus/nixos-servers
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Add incus servers

Browse Source
This commit is contained in:
Torjus Håkestad 2024-06-27 21:10:20 +02:00
parent 6aa5cf727f
commit 50bd8505ec
11 changed files with 352 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.sops.yaml
View File

@ -6,6 +6,7 @@ keys:
- &server_ns4 age12a3nyvjs8jrwmpkf3tgawel3nwcklwsr35ktmytnvhpawqwzrsfqpgcy0q - &server_ns4 age12a3nyvjs8jrwmpkf3tgawel3nwcklwsr35ktmytnvhpawqwzrsfqpgcy0q
- &server_ha1 age1d2w5zece9647qwyq4vas9qyqegg96xwmg6c86440a6eg4uj6dd2qrq0w3l - &server_ha1 age1d2w5zece9647qwyq4vas9qyqegg96xwmg6c86440a6eg4uj6dd2qrq0w3l
- &server_nixos-test1 age1gcyfkxh4fq5zdp0dh484aj82ksz66wrly7qhnpv0r0p576sn9ekse8e9ju - &server_nixos-test1 age1gcyfkxh4fq5zdp0dh484aj82ksz66wrly7qhnpv0r0p576sn9ekse8e9ju
- &server_inc1 age1g5luz2rtel3surgzuh62rkvtey7lythrvfenyq954vmeyfpxjqkqdj3wt8
creation_rules: creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini) - path_regex: secrets/[^/]+\.(yaml|json|env|ini)
key_groups: key_groups:
@ -17,6 +18,7 @@ creation_rules:
- *server_ns4 - *server_ns4
- *server_ha1 - *server_ha1
- *server_nixos-test1 - *server_nixos-test1
- *server_inc1
- path_regex: secrets/ns3/[^/]+\.(yaml|json|env|ini) - path_regex: secrets/ns3/[^/]+\.(yaml|json|env|ini)
key_groups: key_groups:
- age: - age:

20
flake.nix
View File

@ -76,6 +76,26 @@
backup-helper.nixosModules.backup-helper backup-helper.nixosModules.backup-helper
]; ];
}; };
inc1 = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs self sops-nix; };
modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./hosts/inc1
sops-nix.nixosModules.sops
# backup-helper.nixosModules.backup-helper
];
};
inc2 = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs self sops-nix; };
modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./hosts/inc2
sops-nix.nixosModules.sops
# backup-helper.nixosModules.backup-helper
];
};
template1 = nixpkgs.lib.nixosSystem { template1 = nixpkgs.lib.nixosSystem {
inherit system; inherit system;
specialArgs = { inherit inputs self sops-nix; }; specialArgs = { inherit inputs self sops-nix; };

96
hosts/inc1/configuration.nix Normal file
View File

@ -0,0 +1,96 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
../../system
../../services/incus
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
};
networking.hostName = "inc1";
networking.domain = "home.2rjus.net";
networking.useNetworkd = true;
networking.useDHCP = false;
networking.nftables.enable = true;
networking.firewall.trustedInterfaces = [ "vlan13" ];
services.resolved.enable = true;
networking.nameservers = [
"10.69.13.5"
"10.69.13.6"
];
systemd.network.enable = true;
# Primary interface
systemd.network.networks."enp2s0" = {
matchConfig.Name = "enp2s0";
address = [
"10.69.12.80/24"
];
networkConfig = {
VLAN = [ "enp2s0.13" ];
};
routes = [
{ routeConfig.Gateway = "10.69.12.1"; }
];
linkConfig.RequiredForOnline = "routable";
};
# VLAN 13 netdev
systemd.network.netdevs."enp2s0.13" = {
enable = true;
netdevConfig = {
Kind = "vlan";
Name = "enp2s0.13";
};
vlanConfig = {
Id = 13;
};
};
# # Bridge netdev
# systemd.network.netdevs."br13" = {
# netdevConfig = {
# Name = "br13";
# Kind = "bridge";
# };
# };
# # Bridge network
# systemd.network.networks."br13" = {
# matchConfig.Name = "enp2s0.13";
# networkConfig.Bridge = "br13";
# };
time.timeZone = "Europe/Oslo";
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.tarball-ttl = 0;
environment.systemPackages = with pkgs; [
tcpdump
vim
wget
git
];
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# services.openssh.settings.PermitRootLogin = "yes";
system.stateVersion = "24.05"; # Did you read the comment?
}

5
hosts/inc1/default.nix Normal file
View File

@ -0,0 +1,5 @@
{ ... }: {
imports = [
./configuration.nix
];
}

41
hosts/inc1/hardware-configuration.nix Normal file
View File

@ -0,0 +1,41 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/faa60038-b3a4-448a-8909-49857818c955";
fsType = "xfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/7A94-A91C";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/f7a4f85e-0b4b-492d-a611-f50d2b915c2c"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

96
hosts/inc2/configuration.nix Normal file
View File

@ -0,0 +1,96 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
../../system
../../services/incus
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
};
networking.hostName = "inc2";
networking.domain = "home.2rjus.net";
networking.useNetworkd = true;
networking.useDHCP = false;
networking.nftables.enable = true;
networking.firewall.trustedInterfaces = [ "vlan13" ];
services.resolved.enable = true;
networking.nameservers = [
"10.69.13.5"
"10.69.13.6"
];
systemd.network.enable = true;
# Primary interface
systemd.network.networks."enp2s0" = {
matchConfig.Name = "enp2s0";
address = [
"10.69.12.81/24"
];
networkConfig = {
VLAN = [ "enp2s0.13" ];
};
routes = [
{ routeConfig.Gateway = "10.69.12.1"; }
];
linkConfig.RequiredForOnline = "routable";
};
# VLAN 13 netdev
systemd.network.netdevs."enp2s0.13" = {
enable = true;
netdevConfig = {
Kind = "vlan";
Name = "enp2s0.13";
};
vlanConfig = {
Id = 13;
};
};
# # Bridge netdev
# systemd.network.netdevs."br13" = {
# netdevConfig = {
# Name = "br13";
# Kind = "bridge";
# };
# };
# # Bridge network
# systemd.network.networks."br13" = {
# matchConfig.Name = "enp2s0.13";
# networkConfig.Bridge = "br13";
# };
time.timeZone = "Europe/Oslo";
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.tarball-ttl = 0;
environment.systemPackages = with pkgs; [
tcpdump
vim
wget
git
];
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# services.openssh.settings.PermitRootLogin = "yes";
system.stateVersion = "24.05"; # Did you read the comment?
}

5
hosts/inc2/default.nix Normal file
View File

@ -0,0 +1,5 @@
{ ... }: {
imports = [
./configuration.nix
];
}

33
hosts/inc2/hardware-configuration.nix Normal file
View File

@ -0,0 +1,33 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "rtsx_usb_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/3e7c311c-b1a3-4be7-b8bf-e497cba64302";
fsType = "btrfs";
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/F0D7-E5C1";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices =
[{ device = "/dev/disk/by-uuid/1a06a36f-da61-4d36-b94e-b852836c328a"; }];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

79
secrets/secrets.yaml
View File

@ -10,65 +10,74 @@ sops:
- recipient: age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u - recipient: age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBubWtoVGhXYXRlSlFRN1R1 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5eHNpQ2NkV0Z2QldSVDBW
Zk9ER3d6ZExUeW0yV1grQkFzMks3akhuaHlVCk4rRmVTaUd6RG9NRldmNFZ0ZXMr dTN5dk1KN2tOUUZVREpzdVhPVGlERkI3TjBjCmhCMFU3WElMZGhCek5ocGlRM2hu
aUh5QTJLSkpISXRkVXJFWDZkdlVnSHMKLS0tIGRVcXRQRTVDK09JSThidTdsOHBo YVBPdkcxU0FKNk9QeXA0bDNRYU0xZEUKLS0tIDdtMjNyNkY1d21OZVdacnR0L09B
NGpxMjFhVmg2cHdNS2dTQitEQWlLYUUKgKAgXN4Bwl2A+MRcLsGFl+BDAj8Jqkg1 c3ZRYzBva1ZiV0xucWw3WEcxM01JbFUK3AmQJ3tVbYr8vmNFvssh/TGJcFM2O+hb
42aUJbVMVhQLVMSFw23AIsAiSkm0l05JVedUayr6EdL0AsZRmArRrw== BXO2VYZqNmRLKEClgRUPR8lykt1j+P1hXfxlpUEsudyyd1iV6r/7vg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1hz2lz4k050ru3shrk5j3zk3f8azxmrp54pktw5a7nzjml4saudesx6jsl0 - recipient: age1hz2lz4k050ru3shrk5j3zk3f8azxmrp54pktw5a7nzjml4saudesx6jsl0
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaVFFxK0RMU3pYVkpTeFQ3 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVcGM3UTVhMlV0TTNsMVp4
M1VzVkZnR2RWazdUSEo5dGExMDR6RXlTYlZJCk14OVFIQjF1aEh6NGRseEkyUjdG RERtRmlObHovUVdONDRWTnB6SWxxU09YKzF3Ck5qVFpiWVFUZVZYT3JwUHRBSXU0
SUNIK0N2eEVWRW9mM1E4YzExS3g4QU0KLS0tIDJ2by9wYUlEWlh5Y2cxZzZBUW9w VkFmVFZ1Nm51YlA4VDR6WVBwRnlBVncKLS0tIE9MVFBzUlpZOXRIalJtSkM0Uk52
N3BkNlBEVGl1L09nbjZXZm9seTY1NTAKtVmJ9bh/cN/q+FmZ7AhmdledAL3SKWvm MUJtREo5UlFnTDlicmZUOVB0aTNDNEUK9FHHmJs63JEucmxjlAr5GmkQ/8NUJkay
69+sx3etiIrZ8tx9hB+shULNkBWI4scopFZdoeRu75Q+Mc86s+wf4A== 9+8V+BxGtqIYAn+U++GOa0hjJYQb8FrHL1SpKB8qOwkWYM7mbENH2g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1w2q4gm2lrcgdzscq8du3ssyvk6qtzm4fcszc92z9ftclq23yyydqdga5um - recipient: age1w2q4gm2lrcgdzscq8du3ssyvk6qtzm4fcszc92z9ftclq23yyydqdga5um
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRGtVZk9nL2EwaVlDcUlM YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoRVdzemZ4UVBySytWeHZw
VUZuUHNXNnZEajdzL1RkeFFvNVFEaXVpWVRZCmpQMGoyOGNqemN4VHRzV2QxdWMv ekU1emdUU1FlZGFWK2NjUHdDS3B0ZGF5a0dvClVhVjZvZVE1dFlPak1QY0pYUU1Q
c2V0T1FiMWw1ZzR2bFZmSzVsbFphWjAKLS0tIFF3TE9OcXUzUVI1UC9LU1FJVjhM V2ttcFBLalNWQWlMVnZDOTE0YWpSUDQKLS0tIENvSGVZZ2hJS1hQZWpzT1hZWXFI
NzRoTGt6V3gyQStVbWxITUUrU0k0M1UKTGQ+9FFpFkzYYhvu4SoBYhQNh3IfErVT SXhkM2pFVmE5djRlMGhaSU9rRlcwaXMKg65Sop34XWfYiQvZGquB2U2Oh0/afz2i
orD+RecwMaZqkCh0gjs6pPG675fiWaESo/SUqG5+w38Jh/Q3fHiBnQ== PRAozkriSM+vY4n3WJlqK/rCmlOniARaci6mzfqRLhazEbmKBOYM7g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1snmhmpavqy7xddmw4nuny0u4xusqmnqxqarjmghkm5zaluff84eq5xatrd - recipient: age1snmhmpavqy7xddmw4nuny0u4xusqmnqxqarjmghkm5zaluff84eq5xatrd
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Q2tBYUVuNzNONk5Kbzho YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwUllOVVVyTVEyYkVvYXhL
SHhVUWs0MFNyblVGNDRUTStLa0NpYXdXeWxRCm0zcTlaMUZqQ0dNVXZpak1YSUZZ RUx4RE5ZaENxY1FRT1lhN1Nva3orb2RGMzIwCndZSkcyTGYxaTZnMzJCMWt5NWRK
VmNvelJiQXJlZXJIa0dncE91TU5sNTAKLS0tIFQ2Z1lSSFhiK3dZSVlxeEt2VXlU YTVHcEtndm5KbXJDNjBTdDlkTDlVODQKLS0tIEFGU3JPT295KzUwRTk2QVJ6eTNv
bk0rNjMrbWx4WVdnd0VLSWRUNGI5cVkKUIf+ilyc8N/T8jXk9X643DiASH0Yc8MU MmJRaTM1WWdwVjRrNk16dzU0ZFdBL1kK8Dp3M942e+6sLIYhV8MlkIbLh9se7IbC
eWw6vttNrIHu69s1jku59JiGGzxaSJOvRwHqu2toIpR0aFm9X87PPQ== iN+1N/6N5JUvg3FFz+V1tFlT7R0y3BJFBmemaMLJWsRelshjj26NcA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age12a3nyvjs8jrwmpkf3tgawel3nwcklwsr35ktmytnvhpawqwzrsfqpgcy0q - recipient: age12a3nyvjs8jrwmpkf3tgawel3nwcklwsr35ktmytnvhpawqwzrsfqpgcy0q
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0ZmJiek14ZUdnRkJUNDR1 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzZi9UaGM3L1BsQTRpbFZi
dkN2blJ6Ykx0TlEvVlA2UGlaT0N5WHp4eGdNCldRL0gwVmlSQ3JBaXhDZ0RHWTVZ OUdwam5JWXNDa1VWcEhCdkx4YXppV1NRem13CjBBTk9PRDVkNjBaY1dOU2txNkpK
K3BVZmczYis1cHNFbmRLK0t3MlVhQ0kKLS0tIFFMRUFXMWJIRjRWeHFsUEpDTjI0 ZXVUVTZVRUtmWjlvUEd3UDA0LzdhTlEKLS0tIEtwTUlESXdwQ1ZkTUVtWVJzK1p0
czhoVlg3NVBGK2hkK1F1cElwK3ZpZDQKVYL7UmZpDwUUCELJ85dkh4aQgiFuiP4b ZnlHNGk4bGVndUJZb1VrUWpxUHJucWsKULgyNAkFMRFgOQYIG/NC6jQxCvCrAVqS
ljk7WwMCr2KPOwlqDNSSOZgoh8RmFlKaMsNB5EQMd4loNWgMra7URA== WYS54btyjqiUYYx/nv6Ce6EZwMYEvKGRl1IVrFlNXVfjoE14GhuL7g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1d2w5zece9647qwyq4vas9qyqegg96xwmg6c86440a6eg4uj6dd2qrq0w3l - recipient: age1d2w5zece9647qwyq4vas9qyqegg96xwmg6c86440a6eg4uj6dd2qrq0w3l
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0MVEwVy94VXd2U1pCd3cv YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4ZFpFNjJIeXRxandtY24z
TFpwNDYrU01Md3pQZXlwbWFNd2xocnMrN3pJCi94alVKajk5eExhbWkwd1ZFNEQ0 WXBjMmhTRmdFVzFJU3MwT3BCSnBBUDJnTHdRCjluT3B2Y1pBNjBtODlRUXVvZlZu
VnN0VExzTEdQNGplS05nVWsxZnNYdW8KLS0tIFVTdWYzbDA0R3FpbjhjVTU3ZnRw dnZleUJQRHIvYkVlVjlFNDRwM1FCWXMKLS0tIGRUdzlrL1Q4d3NhMFlaVlF5alFx
ZHJTUXJQOUFmWEVjQ0ZHellVS2swVmsK4vyeriPn+OcSFQoaIjtErQBwDdOOBxdc T0RKZ0JRUzRQMUJ0bDFKVEhNV1cvSEkKEorAEa2nQqp1BtVfa4bj3dsKuhHAMPif
sgYKQOuqjcbDC6T8AgeR1fKz6XY2aBf4NwRje4iqFLDEW/L3WQEiYQ== RsI8t6f3UhBrC59DklJbhqD4zmxzCNtqhwHxklh3ofRThqsAs8fuSg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1gcyfkxh4fq5zdp0dh484aj82ksz66wrly7qhnpv0r0p576sn9ekse8e9ju - recipient: age1gcyfkxh4fq5zdp0dh484aj82ksz66wrly7qhnpv0r0p576sn9ekse8e9ju
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsalA0a0tNQWNHVUlNVTVP YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZejZxUUNPVnFJeWpoWU1Q
b1JONEpVSzhkK25qRE4zeFlnQmlCdzBPaFVJCnVHNklyNlVNc3lnN04yKzVWdHNy RVgySXoxTmtRQnhKRUh6K1E0dnhteTdxTlVBClBxOFlUby9pWG1vdWpjeUxYaUhn
OG51Y2pEelVjN0pYSEg0Sk9iM3RtaVUKLS0tIGlXNnZBdGxCcGZDVGNJMGJiOXBB VXdCTnl2Smt4K2VQOUlRYjhLcTlsVEEKLS0tIGZZb29iNlVmaStrdDVrelhsUDJK
V1FQQ0o4UVhEbWtFMEtFcWpQR0c2aDQKduenww5ggqovBUmU1u3xGNABx4MevBk7 R1dJcjF3TWM0R0NCVGhYN2ZNVWR1Uk0KGKPtGaT6MomJav2gyU7VbvFMxvVfEqJZ
939Mp8UtDPblCDBFi2SmxrrsFiQDOWVkz7llHTmLHYDPEejkVc8/sQ== B8DhVtjfm3DpL/KjdljuGh74PBdiX7xPUTiD6e0KnboGU96/OzESgg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1g5luz2rtel3surgzuh62rkvtey7lythrvfenyq954vmeyfpxjqkqdj3wt8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQSWs2TTV1RWR0Q0pVYW5X
ZGwxUVZqOVd5R1NnWlY3ODFyUWtGVE5jN1NFCmNMMUhUTXp1Z1dheHNFRExQbzQw
cW50MWFZay9RYkVSTytDeUgzMi9KSEEKLS0tIG9oZDdFM0EyaVd5RmZTenY3N1Ax
dlM4L0tCZWh5Ti9EUHNFWGJ0SVhodVEKfwBmqlondg8oulzrEg+AkgeDQ6CvkoS3
L+GWzo98ccpt/uE95vIuiywdTmpt7hjkJNrDh2euOvJXBdwexFW3tA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-02T22:09:06Z" lastmodified: "2024-06-02T22:09:06Z"
mac: ENC[AES256_GCM,data:cxJq4EMEMVEw0IUXNwtyQj4MaYIJ/Xo4OaY+3VLgIhYw6oBO9CmJxgLuXcSnGnr23oNE5OQF6ALv+vxF46D1pI0V1zhqKL6zMIs0DzPBwo7Arg166w5kGAT274jK7YWymeJ7fafWXYubLlGUthyVJS1BkvlqIhoe2BlTZ3bPyBs=,iv:Z2Uh9Oo4q/ce6DDLShs7JAX3XFNAVOGBmBPvRbGxaaU=,tag:6qZhZ4+tgtXl60b0Lx7Taw==,type:str] mac: ENC[AES256_GCM,data:cxJq4EMEMVEw0IUXNwtyQj4MaYIJ/Xo4OaY+3VLgIhYw6oBO9CmJxgLuXcSnGnr23oNE5OQF6ALv+vxF46D1pI0V1zhqKL6zMIs0DzPBwo7Arg166w5kGAT274jK7YWymeJ7fafWXYubLlGUthyVJS1BkvlqIhoe2BlTZ3bPyBs=,iv:Z2Uh9Oo4q/ce6DDLShs7JAX3XFNAVOGBmBPvRbGxaaU=,tag:6qZhZ4+tgtXl60b0Lx7Taw==,type:str]

7
services/incus/default.nix Normal file
View File

@ -0,0 +1,7 @@
{ pkgs, config, ... }:
{
virtualisation.incus = {
enable = true;
};
networking.firewall.allowedTCPPorts = [ 8443 ];
}

4
services/ns/zones-home-2rjus-net.conf
View File

@ -1,7 +1,7 @@
$ORIGIN home.2rjus.net. $ORIGIN home.2rjus.net.
$TTL 1800 $TTL 1800
@ IN SOA ns1.home.2rjus.net. admin.test.2rjus.net. ( @ IN SOA ns1.home.2rjus.net. admin.test.2rjus.net. (
2035 ; serial number 2037 ; serial number
3600 ; refresh 3600 ; refresh
900 ; retry 900 ; retry
1209600 ; expire 1209600 ; expire
@ -45,6 +45,8 @@ sonarr IN A 10.69.12.54
bazarr IN A 10.69.12.55 bazarr IN A 10.69.12.55
mpnzb IN A 10.69.12.57 mpnzb IN A 10.69.12.57
pve1 IN A 10.69.12.75 pve1 IN A 10.69.12.75
inc1 IN A 10.69.12.80
inc2 IN A 10.69.12.81
; 13_SVC ; 13_SVC
ns1 IN A 10.69.13.5 ns1 IN A 10.69.13.5