diff --git a/.sops.yaml b/.sops.yaml index 909325f..9d1a86a 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -13,6 +13,7 @@ keys: - &server_jelly01 age1hchvlf3apn8g8jq2743pw53sd6v6ay6xu6lqk0qufrjeccan9vzsc7hdfq - &server_nix-cache01 age1a0477laj9sdh79wdas5v7hzk6au8fach74njg8epfw2rdht90qjsakkwd6 - &server_pgdb1 age1ha34qeksr4jeaecevqvv2afqem67eja2mvawlmrqsudch0e7fe7qtpsekv + - &server_nats1 age1cxt8kwqzx35yuldazcc49q88qvgy9ajkz30xu0h37uw3ts97jagqgmn2ga creation_rules: - path_regex: secrets/[^/]+\.(yaml|json|env|ini) key_groups: @@ -31,6 +32,7 @@ creation_rules: - *server_jelly01 - *server_nix-cache01 - *server_pgdb1 + - *server_nats1 - path_regex: secrets/ns3/[^/]+\.(yaml|json|env|ini) key_groups: - age: diff --git a/flake.nix b/flake.nix index 088209c..049285b 100644 --- a/flake.nix +++ b/flake.nix @@ -304,6 +304,22 @@ sops-nix.nixosModules.sops ]; }; + nats1 = nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { + inherit inputs self sops-nix; + }; + modules = [ + ( + { config, pkgs, ... }: + { + nixpkgs.overlays = [ overlay-unstable ]; + } + ) + ./hosts/nats1 + sops-nix.nixosModules.sops + ]; + }; }; devShells = forAllSystems ( { pkgs }: diff --git a/hosts/nats1/configuration.nix b/hosts/nats1/configuration.nix new file mode 100644 index 0000000..ea64abe --- /dev/null +++ b/hosts/nats1/configuration.nix @@ -0,0 +1,63 @@ +{ + pkgs, + ... +}: + +{ + imports = [ + ../template/hardware-configuration.nix + + ../../system + ../../common/vm + ]; + + nixpkgs.config.allowUnfree = true; + # Use the systemd-boot EFI boot loader. + boot.loader.grub = { + enable = true; + device = "/dev/sda"; + configurationLimit = 3; + }; + + networking.hostName = "nats1"; + networking.domain = "home.2rjus.net"; + networking.useNetworkd = true; + networking.useDHCP = false; + services.resolved.enable = true; + networking.nameservers = [ + "10.69.13.5" + "10.69.13.6" + ]; + + systemd.network.enable = true; + systemd.network.networks."ens18" = { + matchConfig.Name = "ens18"; + address = [ + "10.69.13.17/24" + ]; + routes = [ + { Gateway = "10.69.13.1"; } + ]; + linkConfig.RequiredForOnline = "routable"; + }; + time.timeZone = "Europe/Oslo"; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + nix.settings.tarball-ttl = 0; + environment.systemPackages = with pkgs; [ + vim + wget + git + ]; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + networking.firewall.enable = false; + + system.stateVersion = "23.11"; # Did you read the comment? +} diff --git a/hosts/nats1/default.nix b/hosts/nats1/default.nix new file mode 100644 index 0000000..9dd03a2 --- /dev/null +++ b/hosts/nats1/default.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + imports = [ + ./configuration.nix + ../../services/nats + ]; +} diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 0ba2aa6..836d476 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -10,128 +10,137 @@ sops: - recipient: age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0cHhMeU5PWmhZSFhvVjJV - OXp6NmdzaDdTeXcyeUdWWi9oZ0gxRWJUcWlBCkU5WW5aYzVCY1ZqVDBmZVd0THdW - V0J5SUcxSkdWZUg1T3F4SzRrSzlWeEkKLS0tIHBkcXhtK1h0clJVa3huR0RGZmdP - RUlOZWI0VHFLV1Q3K3hrK1NIbWNwMncKEfqME0WIDqw9uMTuiIc+F+tmiHMB1EW3 - kmSqblbjYNO+FJY1CwOkYygC8nXlxzXPb1QbsnH14w+SsDpeLhG4mg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMTVZJWFZMVC9FQmdKTVAw + bUZidVhZQ2VqMnJ2VWI4ZGVKZTF5RCtkd1dNCkxMaGZnQUQwL0pVaDNiRWxqZXZK + aUFDYkY5Z3ZJVEVYb1J3bDgzeFdWWU0KLS0tIEtlVzVJbDFPSkZ1NmltekpXdFpx + UnViT0lDYm4yaFJWOFhWdG8rUjJ6ZFUK2dOJw3inwEXLry4lPSYTvthlvaxdZrKB + YLJyJc4LKu3x7RTdunHGz4atCpq9AQIzld2WugKooOX7BbG9D7Q7wQ== -----END AGE ENCRYPTED FILE----- - recipient: age1hz2lz4k050ru3shrk5j3zk3f8azxmrp54pktw5a7nzjml4saudesx6jsl0 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3YlM1MVA0ZkNSYyt3eDlw - aUYwSTRVR1FUYWZNWGRsQ0pnMkdISS91bVVZCmFGNm9keEFSVW1SK2dDME9NTVMy - WEVPWFRWWDg2UlBYb1YrZFc3TUZlSEEKLS0tIG15TjJ6dUVWLzVkaDl1bDU0N1BV - NStjK2ZXZVZJVVU2MTFYNFZ2KzJ3ZkEKhM2Re8f3x1KxJT0oNGBnGMCC9+N6+po+ - Nu7udt9X7sPd/kdj1PMDqFDEBNvhp9nXt6r+2XYql6PjbHeg78K+Ug== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6TEtidnUyeHBDdFI4OWJR + MmduQ1F1WjhkSjRlekpNWmFvTW1SSmlqR2dzCmRZVlhiMWFLb0V0YmNmR3QwOENX + STlNeTlqaytCZFZ4TWw4V3BPN0pOcHcKLS0tIHVTMVlYcTdkYUx2eUJVSmhTbGhs + VFI2b3o5T1B0SnRpeUV5S1hyUC9QU2cKNQwXfmP2WrvH22GcyJmMR+pD/+OK2ur0 + 2jucauu0FRL2Vs2PgwClylcvHJr8bRY9ZYr00e+JBHEPCbSa/Wfibg== -----END AGE ENCRYPTED FILE----- - recipient: age1w2q4gm2lrcgdzscq8du3ssyvk6qtzm4fcszc92z9ftclq23yyydqdga5um enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwQUJVZFRFRmE0cGQ0aUs2 - RUt4WDJDSnB6aVhpaHFUazdTcldVQkFFbG5JCnB3VFNmcjRRM3lyanU2ME8wdk5K - UHN5bzRaUG9RN01KRVV2U2gzbzdqcXcKLS0tIG9mK0VicnphYm9Va2NESk5zeWxy - Y2ZFZkFwcXRZSGZSeG9xS2JtZllTc0UKY7HGgtLzbaO8tQOWDj6UUMDOGWO3cbIf - /08r45vCFX4Civ1f0ssPUyFMcY+fPBNIMwR4hq343LwJfw1vY6stAw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArQUlxZmNoNEFnZEtkYTl1 + MUdDTmVMNFhyczBpekQzUmpuWDVrNE9RbHlNCmFWZFZsazd0bHZNTk91eTRoL0pV + U09LNXNUNENxdlFPMFB6UFh0dE8wcXcKLS0tIGxlRG5lektodWhadmg1cjhmdnJh + YUhCejhlY2NYSW9CbDFVRDErREgwTzgKvbg+AB6Sy6GVKzxd8LGmdkMnVP/8o2B3 + v3DpLRNArzQlisjpTS0vcOxC/f9GpTzKWxGoqY8bA7zQZmsZ8Gkj0g== -----END AGE ENCRYPTED FILE----- - recipient: age1snmhmpavqy7xddmw4nuny0u4xusqmnqxqarjmghkm5zaluff84eq5xatrd enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPWkE3SHR1b0NUQUQ1cjh1 - MEdpZUttMnBRQ1FaanFnMEkrL0ZDVjRBRzFZClFEOFBwQnYwVmlBLytIcU13YnBB - UGRJV2JHOXlIcHRVbzFkQTYrUjhVYUUKLS0tIC8wanFQTi9JdGZWdmhmTEtWT0N2 - QlQvL1NhSnhYYkxYbDBLb2VZWjBJb3MKZJD14vDH2/UAZuiAqD97sz1crlB6wmKI - ddmnaSQBVvA/Quez4uNe64T4ScSvados82U/e4U+saCfarZ3OvrLpg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiUmhoRSt0RzFrNnF6dXI3 + ek44Rnp4OEZLYnQ5WU1KWmlJQmNiZ3UwR1dJClhEMitZMGFva0lRSkZaN1VWVktO + WlViRkxjTUhPZ2wzbjZjWWdWa21WQVkKLS0tIC9QSkxNd2NnL1RIL1QybXg3MkpE + OXhEa2dORnlYeWpUakhPakVTRll3RUkKL4P3Q5vQmT2kG4WlLhniur7PEYq1RQM6 + OI/1gROVoqfPSzDHb680USthAkQDMsp+eR/KFn0aaa+TbLfp0e5ZuA== -----END AGE ENCRYPTED FILE----- - recipient: age12a3nyvjs8jrwmpkf3tgawel3nwcklwsr35ktmytnvhpawqwzrsfqpgcy0q enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmWVp0b2tvSFlZbjdqdWgv - Q05lUVp1ZVVKczZ2UXNlcXJxbjNxYmNUT0NZCitQZlBiaEk0K0RSY1pKNU56OFNJ - MTR0dW55M3NxVTY0SjQvOU9PS0IyZUUKLS0tIDhVd3ZXU0czeHlNeEo0ek1KeXFu - dGhJakQ1cmR2MzB4Tnh5WWF4OFdSeW8KK9lU0EdYkqfLGx//hia+oaUl9InV6SKh - t6Oyp+Vlz2YHaSytz1CYuczuHl6BqOWFjzYYA2EqTTxcIEIcpcbyXQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDTmE2cXkyOVB4czhBblFu + NlVSVkVYM2FZcEFYbTVZMlE2bWxOTXJMQ0JZCldhQWJBUGxGdGFyVlVUNEZ2ZWw5 + aC9jdzRseDY3b2xaQVcyS1JiR01YOTAKLS0tIDZBemlYVkVXTzN3UFB2YVlPNGl6 + eU4wb2ZWSjExWXYxRUd4cmJvdStFWEEKc8lFqK2Yzi42ZUMy1xF1ycqohS5Zf9tL + uW6WJ9WLgGqkfDOAtuJziFnhFa6j3j6CRefFLTuVnedbmKCoDQwGjw== -----END AGE ENCRYPTED FILE----- - recipient: age1d2w5zece9647qwyq4vas9qyqegg96xwmg6c86440a6eg4uj6dd2qrq0w3l enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBucURtNVJySzgzTzdra3Y5 - clpobjVzSHB3MUw0WUJzTHpyTHhVV0t2WkdzCkNCOWhIa2VjeUVJL2N6TUc0dVNQ - bVFpQk9FYXdTSExLdGZhQVlrRFhFTEEKLS0tIHhzb3I0WGZuZ3NEN1NGVU1ieHBi - WmpNc3FiVXE0TmZSSmpBdTR5MVliMncKHPFOsTF9kZ2mRvzrWDPIe/U9djEN7JyG - 8mSFEN7H6bbA+a9iA5IH8Zvkv37WwzNhU+BU8ZtRvjkcvTjxq9tB/Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqbXkxVVhqRUlrNEtVOE5V + MGxyamlYS2dyYXNoOEpjQllpdm13SEEwYzBzCmVCOERHUHVMSUR4RnBjanpQZThl + cmtjeDdrNWsvM200WEcxbitNeVdMQjQKLS0tIEthdFlGcXNxYVp6ajFtVkxlWnF6 + VzFvU0NESHRGYkRGU0haeFdpVmpUelkKTF+xtOcnWz6KXzYmLuews/GuyFszuQ9n + aiw3Iv7XqwhYpYKn3Co9gxEAQjMYtCA+MCRA31msRzI+7fd5t3yNUw== -----END AGE ENCRYPTED FILE----- - recipient: age1gcyfkxh4fq5zdp0dh484aj82ksz66wrly7qhnpv0r0p576sn9ekse8e9ju enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXQmlOODV1N3h5Uk83TXhF - UkhFdTg4RWpndkErdFM1dmpHV2paZW9DYjFJCkpJdlhhMjhOd3RRYnJnQ2FQbmtV - ZHJIYTBQTTFKM3U4VEVBT011bkVWS3cKLS0tIE1kRzdaalpCS3g1L3Q4bUhTdU8v - YWJ5b3VCaU1yeURKMStmVnBOdzJVeGMKxJO15Fg4eDn/bpkSilze+iZ23qDAxOSz - kMEGeKGBuWONIL6jjHVO4TaYkt2gMISsM99uJgLYZCWzAUGc8OiK2Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLbEVRVEpoWGhoVWFXOFN1 + YkN0RlJuNjVKWFlidHBML28wb2Q1ejYvcUdNCnRkWVBRODZxbHovQjFOb0ljamM3 + Z2N0cXRmYS8wMXlIUjhjTlk3NlZkZGcKLS0tIGZvVGEwNWMxRGN1cmJTQWltcWdS + SEp6RnkybTloblRtNm5kVGxIY1ZEVFkKSB5Ryt+3gVenl7/EF53g8u1aMMfa6/nm + 7nKoVo/gyMeUrlhRXiZItlBeIBmLm3Wplw9z8GA7s6C+PgITPRVQTg== -----END AGE ENCRYPTED FILE----- - recipient: age1g5luz2rtel3surgzuh62rkvtey7lythrvfenyq954vmeyfpxjqkqdj3wt8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkTFF1SVpVKzA2aHBFeGJC - Tm1vU1V1SGhqR2t0cllzY3lOZzRRY1ZUc3l3Ck9oTnhUbDJTY3VpbkhOVzRQd0Vh - am93cE0ySUJPaWxnQmJFM095MU5yU3MKLS0tIHAybURnYU9oQVRzNWpDYjVqWWh4 - RysrWHl4K25WcWVIcGdQTEs2ZFY5Y1kKc4F7mRe/BB7v7I0vimQiA2K11l2mcmOi - mOjubEQUkcGtbr2eXajvKEU7Rx/EPWWAZTvOY73n9fc2MQbPt8VEPw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxT05XbFM4MUI4OGRFWWln + RFhVaHhpOVRkMXM4OFdUOUMwZ05KaWVsQkgwClhEemtqU3FmdG41dmpFNFRpUStm + cUtkd3lSeUYwREFGc09MQklzMk1Id2cKLS0tICtuWkdUUEtqK0RqWDFibjg0UjZQ + NDU3WWZyeExQSzJDd0QwaUdpVVZMdDQKTWOuLfuiVsoc2/+6Tgl7K7h9X4efkTIt + 9nLGZvgnS3cMqLJb5ilHNhSlYj3cWCr2p9oUIQUh5YumogBblQDzsg== -----END AGE ENCRYPTED FILE----- - recipient: age1gq8434ku0xekqmvnseeunv83e779cg03c06gwrusnymdsr3rpufqx6vr3m enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5amg3aWVRREFuYklaOVdz - NWZHSzJ3bGF0UGREcUZjeUwvNHBpTTdIdDFnCktUVEZTM3dEOUd1NHpITmgxSWZS - VXFqOFJMdnB2ZDU3azVmaVhIOEQ2SlEKLS0tIFZkYmFseS9VVW9GeDEvd0VaN0d1 - d1JJak1sTE5RWFBNelViRmhic1BSNncK9m0/4CLq53nA7xr7eTLhyvNhvHhTFBFE - e425OfpNYuB/qOq6PcBvRaJrEaNelf9/hXV7Ny/wBy1mzW0G4w0fVA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlZXJsSm40MVliL0tIQVFy + VjA1Z1FiUnpEVjBqK09Jd2IzK2o3QkV6d1Q0CmlMc1g5MkkxOFhZU0JyMEFxbW1w + dUF1eEpGRm5OeW14ZGFlZDMrbkswS0EKLS0tIEtVNnp0cFBLMHY3NFVTZ0VOQlIz + SFdpSm5OQmZCeFkwelJMWUFUQ3N0UEEK96d3AQcx96IDiOzCcNh9o8VqKUBsQ86/ + jfeT45ImZADR71w35FATuPRSwjXf5ncB8VhEnkglZt28DrZ64+9fiQ== -----END AGE ENCRYPTED FILE----- - recipient: age1288993th0ge00reg4zqueyvmkrsvk829cs068eekjqfdprsrkeqql7mljk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGWWk3UDdEb1hlRDgzc0lO - WkZWN3pDVmRqbEhrcXlSRkZwempFZlFIMUJjCng1cmlhOGVEYmQ3dXV1aVRNaWFv - emZWZTZTanZEcTBGRHJHWk94TGg5TUUKLS0tIHI4cXRHRmdYQ2ROWTBmbjJiTTdL - Z1I2blJsRFVvZm5xb2JQQ3RXT2xiYWcKrjLkx4USG75PyHNG+YZGGYP2hRBS3LBy - M+jKO27zg5yFEmukH+kSg1nFWyDyjIQv+FRvbRoakkyN+uprVjRVpg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFdTc1Z1FLTk5vNy9qMnAr + bkJzOXI0Z1lZWlB1SWN3T3pTOHRzQjFEM1VFCmNUSEJLKzU0SjJlcGFoT2pNVHI0 + eDlCekhJbnlJeWZKTXM0UHp4U1QrdG8KLS0tIEpkVlB1QmdGUDJ6UUJUbER5S3VW + cEExek9VTlZpVng5VFRNSUZQR2J6OEUKN9OggPgvPxwelXby04Y1P4Q6URAc/AcL + 2QOlwIHDbEs1nmo5JfXpFwj+PH/YpwmmcEJmL/SUiXdeUwli5cfhSg== -----END AGE ENCRYPTED FILE----- - recipient: age1vpns76ykll8jgdlu3h05cur4ew2t3k7u03kxdg8y6ypfhsfhq9fqyurjey enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSMWxhYml3VzRJL1lUMzZD - dGJvazBSOEtzOUpZUzl5akZMZVJhNUtVaERNCitlNll6WkdlOXoyRVNnOVRLMFFj - anE4VlBBUEdkdy9YaVZGNFVmcmIvalkKLS0tIHBwVnMwcjZvemZ2a2NHVDRtUkVs - NEM2UFFaN0JkNCtXRXFhcTRMUnQya2sK1wHKS8h8rbrKjskkfaK2RP1ar2Mf6T/s - RkuoLtdnV0Iadfxf2gfzOVzxlK2XVKmuvY4lFy0jCPU6zH9+VYq0dA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3TkdIazdLdDF5V3MvZmQ1 + cmpTVVNSdE9DZHh0VlZlNGNRc0dOekpvaEhZCktqNGFHKzNhSytEcG50Qmo4Q1Zi + UkJjd3JFUnlNVFhwOWxsVEp6RVBnK0UKLS0tIDlRamhkcWE1RUdzdVM1YlduS0d2 + SUx3anRyT0tmU1BaRkQ0SVUzQzlkWncKaDqF4889dODh5RRw8S3WI5i3dRg//hmL + rlTqo+Z6cr2sr52peQRmvKEas2bhczqn6F1rTAkHd1ZOvqrOae58vg== -----END AGE ENCRYPTED FILE----- - recipient: age1hchvlf3apn8g8jq2743pw53sd6v6ay6xu6lqk0qufrjeccan9vzsc7hdfq enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCS29UZWs3VlBBemVpaUs5 - Kzk3cmh3bThLNlhyQ0tNRzllNXVCNDNkZWlZCkNkKy9ValI4dVRraDV6SFZRckFU - R0d0S0pVNzZvVDl2dnM4VzVLR1hLVkEKLS0tIHI5czJhUSszQzQwZ2R0RVdTaUEx - M2UrMklzanIyYytSd1AreFgyM2djSVEKiDeQ0EnL6UKUGxsmvuoD4XWbXzYlvb1H - +eO+cNIQooEWUfh4W59zoa+y0Yp6MT09IpUFNk6IbwyYm8E7jHwDLA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0YkVoOVl5UFk5V3NxMWZl + WXdsbVZjMktUd0dvcGdjWmJTYUs0SHJ0NzMwCkx2NnNQVVdpZGt1anlSQjF6QnYv + Q3c0MS9HZHhnRVRmUW53alN0Z25tS2MKLS0tIFY2OC9vWThtaHR2cUJlQVVuZG9a + bDdRRk1kU2REMFBOT3ROUm9lalFRTlkKNHWalFXi5w/XLCI+weeXx0jJpquvbLA3 + idkwWwkD+nfT0kqSlrYM64msQlXhvSt6pvxNHspxOf5298aKVTwzSQ== -----END AGE ENCRYPTED FILE----- - recipient: age1a0477laj9sdh79wdas5v7hzk6au8fach74njg8epfw2rdht90qjsakkwd6 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBySk9wZzdqOWRYbUtDQ1ZO - b0t0SkovOGt5RmliMzBZRU5YSG0wZ2dwSDFjCnE0WThjbC9yd1RTS3ZjT1UvNDNL - ZndmdnZNa3JrbXZnbVlWNis0ZDZrWEkKLS0tIHJpNXJsS0l0VzhLM1pQWUtSeXN2 - SkxRTTJIQTcxbTBaVFgvRStCNi9nOEkK1EvAo6sdt0Xy4VdFn+iSfbQcePjEbqI7 - AvJ0C/TmcfbzAJumVGUjBSN82/ZnrfPBpSbBbLheX+aZn1JqsSYJjQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZcUJZVktpbDBLM3ZPbFNn + V0pZelRXMnpwVWJYNWxqMTQwbXU5U05yVEdjCkxGMjhvbWNjYzRtbjA4SzFRQTdS + eFJYUTl6cGJaVXFNOFZSeFZxY2RCOFkKLS0tIG5HTFZjdVc2TmxvdWxOWUJwNGxq + YmNObzVvMXlkZWFiYjBWOVJzalg4TVEKbp1w7WeiHb9318WfuUP/aGTahNmFXbS/ + n6KRpF/hqapFf08AkEUFwaIy56BwaXAyUNloV53bSsLsopnQ1fnWAw== -----END AGE ENCRYPTED FILE----- - recipient: age1ha34qeksr4jeaecevqvv2afqem67eja2mvawlmrqsudch0e7fe7qtpsekv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEcTliQmhZSlFSbmFWYjN0 - bURsbCtVUWsyMW1ZUmZlWTIzUXJVNGt2MEhRCis2ZnlFeHdBQmp5SStZOGhDTm1Q - akx2WjB3U2lSU0txcytucmNrT2lkOW8KLS0tIEVvRDEycE1rdmhNeXhLckZGM2hp - V0sxMkFxeVdSYjRFS2lmNGdvQTUrM00K2PzXzZsznJgA6hsyyjIqq6p90RGw7iWk - eIo9whQnbqOGTWZYmcv8s5W2DW+6PloB2U8XzTFyS9NJKI7q7jqGfA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIdktCOVkyWTFZbTB5Slcv + bFYyOW5ZRVEvUFRwN0p5cEUxVDhqc1VtZW1NCjE5V01pRml4WHhTTnB4TTMrSDdk + aitHNldWYUxqa3F5YW9DN3VJTS81VmMKLS0tIGNDL0pMeXhDZjdrM0lJQ1VzVjhZ + cndiNWp0c2YvUjQ5UjVRL3FmQ05jK2cKk2BFPsVThpFjy6bEVEm3Kn+faLL6LX1a + MXE9HRtdGJIrPLaJ5DpGhYakFx/L4v28MNchBWH2TSXpa82EETOFZA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1cxt8kwqzx35yuldazcc49q88qvgy9ajkz30xu0h37uw3ts97jagqgmn2ga + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2TkFQRzZXN1FEUkVRZ29k + Njd6ZXFpM0Yrd1ZWelF4aXFwQkp0NExyR0FRCkl5enNLOWpjVkRkSis3R1pNMXEz + V0NIaC9jZXZMbURMY1RqZi8wQ084UWMKLS0tIG9rN2JOSGY5Z0xtUE45c1hSbmEz + UWg1ZmFIMlk4STlMdzBOd1dLOW9ZY2sK8BYqBM/0YZ6fjgQAqSCYM9Cnh2IqP4QD + NQDBErJf0AQ8qU+CXjBSxTLBBJPnibdBJPCcOfnym16gFgMuHsqMdg== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-06-02T22:09:06Z" mac: ENC[AES256_GCM,data:cxJq4EMEMVEw0IUXNwtyQj4MaYIJ/Xo4OaY+3VLgIhYw6oBO9CmJxgLuXcSnGnr23oNE5OQF6ALv+vxF46D1pI0V1zhqKL6zMIs0DzPBwo7Arg166w5kGAT274jK7YWymeJ7fafWXYubLlGUthyVJS1BkvlqIhoe2BlTZ3bPyBs=,iv:Z2Uh9Oo4q/ce6DDLShs7JAX3XFNAVOGBmBPvRbGxaaU=,tag:6qZhZ4+tgtXl60b0Lx7Taw==,type:str] diff --git a/services/nats/default.nix b/services/nats/default.nix new file mode 100644 index 0000000..a27058b --- /dev/null +++ b/services/nats/default.nix @@ -0,0 +1,24 @@ +{ ... }: +{ + services.nats = { + enable = true; + jetstream = true; + serverName = "nats1"; + settings = { + accounts = { + "ADMIN" = { + users = [ + { + nkey = "UA44ZINQKUBTV7CX3RE7MVHOEQOQK2VQGCI4GL4M7XBJB4S66URHLW7A"; + } + ]; + }; + }; + system_account = "ADMIN"; + jetstream = { + max_mem = "1G"; + max_file = "1G"; + }; + }; + }; +} diff --git a/services/ns/zones-home-2rjus-net.conf b/services/ns/zones-home-2rjus-net.conf index 595865f..7847ac3 100644 --- a/services/ns/zones-home-2rjus-net.conf +++ b/services/ns/zones-home-2rjus-net.conf @@ -1,7 +1,7 @@ $ORIGIN home.2rjus.net. $TTL 1800 @ IN SOA ns1.home.2rjus.net. admin.test.2rjus.net. ( - 2050 ; serial number + 2051 ; serial number 3600 ; refresh 900 ; retry 1209600 ; expire @@ -59,6 +59,7 @@ jelly01 IN A 10.69.13.14 nix-cache01 IN A 10.69.13.15 nix-cache IN CNAME nix-cache01 pgdb1 IN A 10.69.13.16 +nats1 IN A 10.69.13.17 ; http-proxy cnames nzbget IN CNAME http-proxy