gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: add syncthing, freepbx

Browse source
This commit is contained in:
Kat Inskip 2024-02-28 13:40:41 -08:00
parent 19c5462037
commit cc990d1d9a
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
5 changed files with 125 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

8
.sops.yaml
View file

@ -8,6 +8,7 @@ keys:
- &tewi_osh age172nhlv3py990k2rgw64hy27hffmnpv6ssxyu9fepww7zxfgg347qna4gzt
- &tei_osh age1a2quf2ekkj94ygu7wgvhrvh44fwn32c0l2cwvgvjh23wst90s54szdsvgr
- &mediabox_osh age16klpkaut5759dut8mdm3jn0rnp8w6kxyvs9n6ntqrdsayjtd7upqlvw489
- &litterbox_osh age13qgddr326g5je0fpq2r3k940vsr3fh9nlvl9xtcxk3xg2x0k3vsq7pvzaj
- &kuwubernetes_osh age1q2yjpxlqkfhsfxumtmax6zsyt669vlr9ffjks3dpkjf3cqdakcwqt2nt66
- &kuwubernetes_cluster age1nmdv4q8hcyj3s6qevrmc9w2vhd4a8tsj5j5e0cry5utex7vqeprslyjvxz
creation_rules:
@ -23,6 +24,7 @@ creation_rules:
- *aya_osh
- *tei_osh
- *mediabox_osh
- *litterbox_osh
- path_regex: 'systems/hakurei/secrets\.yaml$'
shamir_threshold: 1
key_groups:
@ -60,6 +62,12 @@ creation_rules:
- pgp: *pgp_common
age:
- *mediabox_osh
- path_regex: 'systems/litterbox/secrets\.yaml$'
shamir_threshold: 1
key_groups:
- pgp: *pgp_common
age:
- *litterbox_osh
- path_regex: 'systems/kuwubernetes/secrets\.yaml$'
shamir_threshold: 1
key_groups:

6
nixos/syncthing-kat/syncthing.nix
View file

@ -2,11 +2,5 @@
services.syncthing = {
enable = true;
relay.enable = true;
settings = {
options = {
};
folders = {
};
};
};
}

4
systems/litterbox/nixos.nix
View file

@ -2,14 +2,14 @@
imports = let
inherit (meta) nixos;
in [
#nixos.sops
nixos.sops
nixos.base
nixos.reisen-ct
nixos.tailscale
nixos.syncthing-kat
];
#sops.defaultSopsFile = ./secrets.yaml;
sops.defaultSopsFile = ./secrets.yaml;
systemd.network.networks.eth0 = {
name = "eth0";

57
systems/litterbox/secrets.yaml Normal file
View file

@ -0,0 +1,57 @@
tailscale-key: ENC[AES256_GCM,data:fJ+Eikbocenx5EbQR8CN4wclrxbf+Y/0tI4GSPrrt38QPt3Lw8DhY4s=,iv:LDK8zO7tWzU7+YYfC83GnOawNwXkikYJKN97sV+S6zc=,tag:7AFJPd8pRD0R2rvy5aAdeg==,type:str]
sops:
shamir_threshold: 1
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age13qgddr326g5je0fpq2r3k940vsr3fh9nlvl9xtcxk3xg2x0k3vsq7pvzaj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCdEk0eDVHN2N0R3ZjaVhs
WHVkMmxtTW91WHByQ014RGF4alBYL0Nub0ZjCk1tRElkdFFPakJ3S011bWVndkl3
V3VCRGRQUy94RzFXdHJrQVJhT211ZVEKLS0tIFpxbjB3bnNLbi9zWUlNazJ3bkcw
YUVtek41eFdhUGNUUUN4cmJVSmVCS0kKJuR692ubqxlx/QQms4LYE1LWoaBDiTR1
VSYqy8NM4T+1nVlLy5xNk0fjrO18VU0W1vGPm6hVYy5XArvXsDAbtQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-23T00:08:06Z"
mac: ENC[AES256_GCM,data:KRSoHWTux2BTJ7KH16xyJkyZnynPYIO+C6rM3WhbdphIx5WtfpSO6pX8juTDmYCob3n3jJdFEfy28M2UjSRJhC/CLcdvUx5vV7J8WVldXox8YN5uyQG5cyW2TkO1qwTov1mj4f2FWQsTgKSyXgn/yyzbA9tcfQ4qBHrUj8XiPHc=,iv:bw7UVnVOT6PN6I8iySrCxh1UIqbRQl5RMgnG5WqIPWA=,tag:NV2NTnsYwIjWJdQoTmhECg==,type:str]
pgp:
- created_at: "2024-02-23T00:05:05Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA82M54yws73UAQ//TX+tHe5+9ak83y7y2GbRBWJzrmpBaMUjzoMjez90PbTR
GaW2S6GxTSzxzU463IKfN8va52YJUuRCp3SAPVigN15VSqf9c22KHMKBrAFunNNa
vZ/VRc3LotY9BBok1zp/ryT/LScV2CA6DYiewxq7D+qYuyuXSyV4hQpFNu2Wv+MV
nqkBkAawEDzyB2zOp0HbZAEOQmytNydhuhNyRlapKxtm1hZe22qb2FfqfN+i0l/D
lDCdAi7HkRjQlN+vTC44BmUN7eYWpXi4yHYVeMU+tu8DCrHoTjwGxK/7HsDFMytN
4iVZtXSYQA5Fy2WExnLMKE7aGkI+OJQijm35oGjbMs0z1rAlXWFJplI8anr/B/Nu
VAMZjPAkRrhAVOVpT0eChZN+sdiVJbSqiwdTYLIovAHfUFkXVK0IhQfRAAI1TCN2
0EbBqWQ8+TIwtfKsQpyBPK9c7ch8SR+Wv9IrchkQQeTSv90BrIquVFV65bMOeNoG
/N5jxMTX/QzLLoqbS19H1q8Bs8wsTdvg+WKL79iLexMZl6qw5WM7utzlwYk8S7z+
pN/m5q4HMSWra7cgXWDAtviHFvVZm6mdQqFk7xUPyFXqpTLclfW1ywiMBH62zLrH
pui2THDFN2IqDOUF/fMYHlpVT+WcaqU4qe+ksdi8wTgNQEfxhDvYYvFPo/cK2HrS
XgHLjbcq47Swi9wnOmnq6jZ1NY9jbHcD6Z61mgjvWYga7ioPf2XMNYZosn1Wmhs5
8u8WUdvA/hkc3opAIPGem0HKyNfbv6G/wTfTq/a8pSMb0nEIrMVtX+YwHrOe5Bw=
=+Na6
-----END PGP MESSAGE-----
fp: CD8CE78CB0B3BDD4
- created_at: "2024-02-23T00:05:05Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQEMA2W9MER3HLb7AQf+Nem3ugtOpY8NPgktO+fqraGQjDjMpFDryhvLwh7uuAWg
Z997gb3wY4BVrl0E2omo11vGxzDcjWagLdrVsSpiawyLHZ8JH+WI13zWGXcr4i0H
rnA5kXYy+KC9cWUBP3Vb3kg4t2OczVlgvn67H4+41qYO+uxSh+67tFBF7U0LPFOI
JrUyMvollSTzRyIQmKGgu32/0HxcxZparhIRn3DkxuRElFGubmpQ72N6GCAs9MGB
xosvIwnmHoKjtEbg2y5EJYxnqF8nINlCPTkYpzcre5yCLtxx7fWkvqJUr+kw3GPY
v7SH2g+/dhMpTaV1HG8inf18W1YBDni8qZHV5HZfdNJeAdLzVXK7KOu4C3uoy+EK
WXk0eDttvt5bkPiqJX1aGF/02mPbcqrgZBAVWl+Emte4qzmXr/tySvWeUQSj9X2O
E6GfrzNS97jlQ1N6Lwcx9rE1jqijX8H9I5L2p/GwgA==
=6/ik
-----END PGP MESSAGE-----
fp: 65BD3044771CB6FB
unencrypted_suffix: _unencrypted
version: 3.8.1

58
tf/proxmox_vms.tf
View file

@ -18,6 +18,7 @@ locals {
proxmox_mediabox_config = jsondecode(file("${path.root}/../systems/mediabox/lxc.json"))
proxmox_kubernetes_vm_id = 201
proxmox_freeipa_vm_id = 202
proxmox_freepbx_vm_id = 203
}
data "proxmox_virtual_environment_vm" "kubernetes" {
@ -451,3 +452,60 @@ module "litterbox_config" {
container = proxmox_virtual_environment_container.litterbox
config = local.proxmox_litterbox_config.lxc
}
resource "proxmox_virtual_environment_vm" "freepbx" {
name = "freepbx"
tags = ["tf"]
description = <<EOT
FreePBX, our phone system
EOT
node_name = "reisen"
vm_id = local.proxmox_freepbx_vm_id
agent {
# read 'Qemu guest agent' section, change to true only when ready
enabled = false
}
startup {
order = 8
up_delay = 0
down_delay = 2
}
cdrom {
enabled = true
file_id = "local:iso/SNG7-PBX16-64bit-2302-1.iso"
}
memory {
dedicated = 2048
}
disk {
datastore_id = "local-zfs"
file_format = "raw"
interface = "scsi0"
size = 32
}
network_device {
bridge = "vmbr0"
}
operating_system {
type = "l26"
}
tpm_state {
datastore_id = "local-zfs"
version = "v2.0"
}
serial_device {}
lifecycle {
ignore_changes = [started, description, operating_system[0], cdrom[0].enabled, cdrom[0].file_id]
}
}