diff --git a/.sops.yaml b/.sops.yaml index 8e2ba1ce..263a152c 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -21,4 +21,14 @@ creation_rules: - pgp: - *kat age: - - *yukari \ No newline at end of file + - *yukari +- path_regex: cluster/cluster.tfvars.sops$ + shamir_threshold: 1 + key_groups: + - pgp: + - *kat +- path_regex: tf/tf.tfvars.sops$ + shamir_threshold: 1 + key_groups: + - pgp: + - *kat \ No newline at end of file diff --git a/cluster/.envrc b/cluster/.envrc new file mode 100644 index 00000000..44b9ff28 --- /dev/null +++ b/cluster/.envrc @@ -0,0 +1,2 @@ +sops -d ./cluster.tfvars.sops > cluster.tfvars +export TF_CLI_ARGS="--var-file=cluster.tfvars" \ No newline at end of file diff --git a/cluster/.gitignore b/cluster/.gitignore new file mode 100644 index 00000000..c303cd7c --- /dev/null +++ b/cluster/.gitignore @@ -0,0 +1 @@ +cluster.tfvars \ No newline at end of file diff --git a/cluster/authentik.tf b/cluster/authentik.tf new file mode 100644 index 00000000..99756342 --- /dev/null +++ b/cluster/authentik.tf @@ -0,0 +1,75 @@ +variable "authentik_postgresql_password" { + type = string +} + +variable "authentik_secret_key" { + type = string +} + +resource "helm_release" "authentik" { + depends_on = [ + helm_release.local_path_provisioner + ] + + name = "authentik" + repository = "https://charts.goauthentik.io" + chart = "authentik" + create_namespace = true + namespace = "authentik" + + timeout = var.helm_timeout + cleanup_on_fail = true + force_update = true + + values = [ + yamlencode({ + authentik = { + secret_key = var.authentik_secret_key + error_reporting = { + enabled = true + } + postgresql = { + password = var.authentik_postgresql_password + } + } + redis = { + enabled = true + master = { + persistence = { + enabled = true + storageClass = "local-path" + accessModes = [ + "ReadWriteOnce" + ] + } + } + } + postgresql = { + enabled = true + password = var.authentik_postgresql_password + postgresqlPassword = var.authentik_postgresql_password + persistence = { + enabled = true + storageClass = "local-path" + accessModes = [ + "ReadWriteOnce" + ] + } + } + ingress = { + enabled = true + hosts = [ + { + host = "auth.inskip.me" + paths = [ + { + path = "/" + pathType = "Prefix" + } + ] + } + ] + } + }) + ] +} \ No newline at end of file diff --git a/cluster/backend.tf b/cluster/backend.tf new file mode 100644 index 00000000..49de2520 --- /dev/null +++ b/cluster/backend.tf @@ -0,0 +1,10 @@ +terraform { + backend "remote" { + hostname = "app.terraform.io" + organization = "kittywitch" + + workspaces { + name = "infrastructure-cluster" + } + } +} diff --git a/cluster/cluster.tfvars.sops b/cluster/cluster.tfvars.sops new file mode 100644 index 00000000..32f596cd --- /dev/null +++ b/cluster/cluster.tfvars.sops @@ -0,0 +1,22 @@ +{ + "data": "ENC[AES256_GCM,data:4wGtNK/YGmMc9p4RatBpCQ3zB0MAOgCKFpzbSMNBKhxg5rIO701lt3z6o3pFNtSRVqdGte/5PBaAem/aUaVWB15/yUOq4QiSNT+dYUJeRj+7mQ0/h5/9RtyIZujIQg4B94mgQEkLnXYaMikZWAZd2mMxVRZP1j2ndFfS1cjdodAfWNwGPEjApNVn6UXg2DLwRI9wuHTV1SEHwriHnqd4EChvekwCuzWZc7HuheUzjopJjvXgEU1tSC21v8gQ7IW8wyrgM+vwVc4e9pTgM5xk3tYwDjVRjP5YPSSIB1IcRo0H1KrTHLwEDYVZnIoJC0t1rZsBi1hC4+946y9fVBB+xUMUn14J/vXatdQgumudmJeh7FEms8gtNCJqXLvNlCsVVllDNPDWgM6y55+PQIbShHgblPhs4IeximwzA2NxEnIifWqRFfgXvT9KlI+PhOes8bjAfczYeQz+oe2R/YjfM1ALSDykI84zMuoakL4x1F4NkVm/n4OMNng+kitWLpDxVAMn4iM1EEE4oLPttWfVXR9BpZxO3dgyXy6FjMrJXuD70T5DjiReOwNK15/+k+1a3EuO5pJZDocM+anCJr0pbJSujDKUWsohojM5eJzBkNCKS1TsqMKs2AxQ5pZGxosQhcmKd4ymHzt5nAyxTq2lHYBhB/LPIIRfZyuhcIa90W4TSzcbbvrbpRJv61pTSo15nLi+GHjQ92ulUyLPnm8mzArYO3VVctPbnCAAcCKuEQ89sogyv/FZPnBfQudErciqAiSp3f45TsNyU94/w39QUNRh/Psc1LfAY08QaMyf4/d/QLt3hYms7eQsdlc3VsUJ+0AImbsAuS8+6BlNIFIGpNaa0Jni+Fg6Ffnob3XGdYNHz97U8aYG6st4iHjdOzTRoyG9ci91Ur2jNAYLX/bSnhz8KkEXImKgySS1+z2AkJvSDIgml8mY+d9iICsHnjNOquIQ2/KFz1Pr6lF0q7TnKhxC9nAlYF0QaF3WE2yuYPh1WWVpy8apwCVItXb0U7VySXBFRgO1REITBkepGCWIrVx2B+we9eJwh91GOPA07tNuFZOE6cG4u6BQEQFb5T2oB8fB4OcqeuzxgbHkeMKwy3wt+Pw6XQ6BOZ+Haq/IriMIHaGMAfpPhW0vRnBSgzI8nQccr2Jk+pZk/Q1NEobsgL7Yqd2gWQnvAwuzNLc8CWLL11dD8tqgYQLfFCU8KQkOKe1WI2WgubyAXaa1jILPk5kt6WFp8TpK8w/8RfFZ2mTm4CUgc3nRkKDGB4X5xu97wfixsRSlMwVvZwRDfm/KCoq2+KABmxKSsDC70ytpY89lVluYTj1TPcz/OTBSmrHfvn79r5ksl6DwW9h9Z3exHqCAe9XDcgK4EJfT+aYtD5cYgtaEyJltwfEaEoHZ08RtnCcnLELR10BVcK98kpcivRv8kUhn292itGZORcoenUGFaW7npmrM19u/+peWD9uEavrLhctQgE4Iny7UTUWMysE3UpKMaCBlLceiKFO0V2BKI/DcLCLYe1PdSwlMFHqPGYb+ivZdxHhfcybplvr/AbOeIgrW5iLrL+Q7N++QFnvshBCqiEfrWfb8JeYWnetvHy/adcWfqd4Wxx8LriGM+PPRrAYsLj9HpCthxU5Te5JccER91aX5fjKN/BfGSEcPX5sBg0fCQqbgzAcaumCfZhuUH3p74MPPf5fVzja4plTWKGGNTdV3R60Eg3o3q+CrB6vwwrowqXdPGqppu40Va2pDRTo93o9XekS7tE92bi/rwngkqi76YTB7wZs31d3k1CIhjBRHbm4a2YCyRNIB7ZNY6NRn/tiKe5l65j8JV6Otp42Lk/sTq2gD/TRbnc8ztvRE0PFiU/lq1ImckBi4/wjL2PI9/u+b2THIyJbiyq83jbmxUVhqU1Tzh3NFFV5YjHsHXvy01H5vIXs0DgawSQtgK3sKYpFvVyD5ff2adcan5Ce/70fIsrwDv3htBMYXsgg8y+HVaB4/HEWMGjDmI2RJBtMYwlV/bXNy0kIaFTrfq1mSwAjb9NpNgyvmU9GAIPBwOsAXrNq+mNzqc1IAmLuk3EJ+Ib1duEpbHVCnbo7eUNme4Iv7zp8afK6A6lyapU2RPXiczCoemaWYM5mDORApGi3hv12iGF6sfMf8Uxn+bNpbnhWSAgUPtOmwQG1MONfkFRskLxS6/+KDPG3DeyokZI7tMKMcmPz3TmG4MK+pLKf+o6VAyrz/6Rx/0rQN8kA75MDmaYkuO6t1tyJS5Jp5dujNg/8yBHBcL1/DSDzFglqp79VXfTmOHbhu26nbBH88a4PsRD7nprA5srN5ojxc5cxa6OF2GslbT2oY9r7ZuSo80WxfhYL78IbjLpavjD9wGi1TXy8GcPxwq7AyDBlmjrgmgGf1mvlSs6yFYs4lu9fysCR9Q0knQgC4D0AHJlzZVOrJ3r9wxGIGa8VV6agikqVXTAwP53PgWEd9j4jHC8Sv7e0TNjOFwegNMKtZ8ZO/clAAZUvYYovSQNAkVvWi+CILN4jwRpLgNLBjpzrCbYS3ypX+TiWApEeepX8OdPmwpyp8jXR8ef2+hMtQsn37ioEu0k+doZxbOudvKCkGIwsgSv8OQWaPlpMi4fZJkm3waJ6foO9BqFpRwBpnOyFF5b8ttgsLgBVMF1gPxXaErs93jPF1mCkbTQ4TlhP4/twP0+gIf7VT501GTH5jVNhVLVIvY7Yw0LYH7yL0McrdlsIrQaz6P/497eNT+QJ42qnCcATU3dNzLHZSNRMKtHUl78WR8eEk7dGOQglyrvqoaGAeEvlHkRhodEv9OusJYfOQL2jvZNcjsRHlpJNiRGj6eaQ3QevvMDeQSZttQJSGt9bUkHXI/zOArAi5FGAl2+B6yl7uTYIJN6HIvSRTnLuVaYB11+EABJ8jZWYDlgVFfJXu22Dd0teoTEFSBI6mu/NuNK4K0ajH2Q6xyWUTaTkMMqkvU0accjvcMqeV2lxSZKGvnquTaxzrBY2vWslIjXOGhOSSb3fJI23HC6i4WJGth/uKaXUhUGj3qvTXjbnNtJA9vKBTxSq+rtEVEhn4+EdbVs0UtsUhAhA32CltLI2HdOBLLQOBONQ3q7Ye6RWkiRFYCZkdrOoJUGtuwbT0bz6AQTQ5FHhnCfBHAaVb017+cWb1rL8RX5WkSEZ5L6tE8zewIjts9tgxypkmHBTLAQjOvyMaVIUYEXGnM7gA13C9PAO2SybtpSLoEvGqrO7Qr/CxzfpCxMj9Kg+GYscAlQM5Q6/gi43zvZcdTjhWM5q7ycjEPkB85Qsgxs0e7TBSqIANxyTi25hadCjRYFEW4cf2nsue6ZcgLeVZUlskqmH7llcd8gH0IcjpRVD6tNP5ICv6NCUulsyuaJ3nekHjp7TiucdsVhqO9z/nWpgGsKVtLa6XQXjvjtqCXIqLImDa/g/SBngU6gWCeWRhvtZpj3f+Dl/ARoNptAnFDWGvcu8Eeld6i8l+M71ox4kdHxqdkZPRL5M+gVDCP1zyxOq7YWx+iC83GS8+M5nSss9r1Bly1lGoNARPBJdgPgq4fwgzWkHtB8bT08Shsp2OY4cFEVNfs1ZshOd6P1wHhFJWdfrfRKOdzwMtQG7mBRfZEHu7hfAgezz4XvfdR5BFd+lQjj3myQmD/qOXA9sAf5v7dNEUsSy/7GfHFE0wCxOE4CHsYsKxl/rUmFtSZvkczL5HySkr4eVrODnSrWgLo2bCSwKcYLo8e7Z0SBPfHE+pD50fPEvfLCn3K9BmPBR0HdDNmq9y82rMPbQHVUFcH5B1j/JF91NLw7HCMrkCkQlTqz9ceGZxPmuQ1pjGYgDS3+JKw2RRIn3sX3q627WbpNLaHxHkxV1gyxKrMJayQIqWppW8KYdjtjZBYDMamM8KHBADpmZo15vt9D7CR5lvDqZgIW/Y4WRJ7ETo7jodabwp3FjlwSjKLBH0TlaSu+o3x+dPzyp293GfuHAvfM/ncZjdVvAumzC4WFj0QBYbJ8XJBGhkVmDrdE0XxcupACeZQSFx/hlPZKRyjfXLthpVxgv6S5SwQ+vc/RcfDFYQCeVjfJjtIq4/Z7pmqF7D1QmrVb4AL8ZBpMF9N6UZVU2xmargcpDmCQTxgHdysq2vfujOCIlM1mj+np/I6qcCCIfbfu78oVxCkf+FPGs7d+oV6AIiDvHF5D7/HLJTUlW89BZyzbfHVKN6iG6K1ZwlKEvbM3NUdhBuxoLnvHQssudycIjmyt5X1aOtaToQnDWiCTSWWVfae/SintehMIW9VFmyZga+M2bpJr1LBaWgbeEPmt3jGzvqx2mUbZVDID0bHby9iEwW9riCCQSkSPxG3gfjrx83+Oe8UsauDq0rpNRYPs96Syuvkr5dghSeDPoVAerJuFb14LLE3X69a5jvfZb7qx0LpVtbaEX8o1TgNZ/KRJJCpBf/zJaoDY1a9pPUZAFByvy2JR8Z+1Wp6FIw0dBJAqZpQDeQuKdrLwAYSTGHfxO8SFn+EqFeMvRbvcfAu6rBNl1RRPg3v9DN0DAdmzXwo3YwFfTH4IvrIFuIkXtiYb2XI6W8GCmAwE1m6xr1A4kJyi5KWwoKdusQDiFbyXxuykrT4p1+jDNWskQOep5bvyI9dOsZA5CfXuKBlHHBBKeQ1FiQkNJ8jrBUp7L3K5zyATu86UZ6Yi/4Py2JfWNnBaNygBHMdWSSxXOtbZ8gAHzGwx7A/RmwsuXNUrcrOfuIPamhqC1T4HVyemfm1I2/s/9YRdhe7csK/xSle1fv9m/ZdTI1hEFFG16LiK9oDZT8sXewWm0M1+pgfAOgLmK+I3Rgr/swMI15if89yoeVWMJSr1ezmhCjrDQyTsN5FVdFBu5ZPT6qcuW0z+W788iJiz395/dNItkA2sKMVYFzp3NWAG7RFNdcmQwwOjjjTCV7vzdteZUpybSHaKUXfmvQGAiEv9d1VMxNp0P0Yef9QDvxVxKKrG4gH1g+aJ3h4UXajkKH5ojlnkCPIqQkrt4VxmYKDJASN5u3EbwAxxoYTnzTjKU2aznoAV7gqI6MzuAQRKE1TSqN0rmOFgK5JW1NfZRwGq8u9xnOPzVCVxp9wZC9RJ3rduYbDs78T7dVGXrIgce725598t74BG8kPcLQpio7w8COYz8yE0ClprGopT3I2BML6YJif93ZdkA6o9pxnNE2zikF8yYiTAIpDpl5Yv4vMXvwGF+NMSBKvzeXqUZRqwsoataflTJKlIkcG85NqSU4IT7hSPo90bPmoNh0LLmhMhKmCQdOmY23TuwHLd5cCg7bvfeHx9WSdDPuFSjXD173nmPrI0DQyqK0e7vI3C6YFzJEBBl+L0A6A+KzOJukBpqzlNTMNxipJs09qyz5F96tl0dsH8+1WQyiatGutpxhtFz700CslFFkTJOv7Z1qvOuuHmNAi4MQPlLIKije2h/mT15zKZXaKrEg/M6jiZ6Y/T67FC/lBLw0BIo1l08QVKr87je26qoRG5JRe71cFldkLwbXIfh88iqfS0t/kwy0HKqDyEAZfaA2/mKvV3RVlpw+E3PAuVm/E5xmVf9hkKAFBcWL4iDSDNM3D+PxXPFKlhTDB0mIjCEJBBxbxa64Z1QW4oP9gnfaTOg+oNMtCumNxoeX8TByWNZii6JJJqYHvc9Dz8sNcwqmu2oHFyXai+js8JjdCel5KDtt2a+/HSgxVsXUuEuO303AOy0VPKFAOiJd1uo4Gnget+JbjOQAKsbelU5TjNkXycT5fqU+Z3XOnEwXZV/0A1aoX/ZMb3VbvpGSELBMmRlzg/ud6kx8Lb5C7iPC5PKwkCD07TDQu7IWuURR/kXs2Txl6z4iu+vAUh60mVcqchZKkj8pAF3WLQbjf/09fhgiMAbIkc7q5+ySmPOqpX6DTuWYzpZy9sWGD7cCc0eq3xTuEZqxH0d8h24DcI3mO8CP6lY+MX8KbdzJchMar+xl896dcWrFQNE+UtYO4cFXusCGU1s3OMoFZBNBMgNfYe4wR5DWU27ZIRZunBYNXQoH7Obvp2C6780556arTwl3R6RzitU63u+x+6Jlww1cSpe4NWeQwrtUYwMYslmUJ3kvlqqniNG6zVyPQBaImBsXGqRjhbkMfqtOmlbIMsoRQvBcU2IIYJMNx7qjyMbJ3IQMBepxeQd6G2Kqh6XcSUIQzE6FbL6SioZZRIcgILgeLaKK1K46GtUyxujgoBQO147N9cww4IPM33L2ee87eIsTqMNFzM6pfd87nzBbwnv58xIaf0PqIBTE6Mek7OVgqFb3CqtW6ls=,iv:4hxx0wPmGAEaKMiC0wntnvWwIgtUmkOKkzpQ8uoy32c=,tag:04Y4XqQXrLh42Z7S/qvxvw==,type:str]", + "sops": { + "shamir_threshold": 1, + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2023-05-10T15:58:33Z", + "mac": "ENC[AES256_GCM,data:fYScPUfARcdee8tr2VUhNMfk7aHncyRbQ3Lp4R2qcznSgxFKCRr0+WYDIZE6v0VRyYDAkiJefzXpyVeyWP+zddXaVXbO0YLECS7t1/bOewvWCtY/5YKk9t5UtlcpWXRT1Mts8yzcJkqjy62tYgWxzJEU5kD+RPBHd8xN0n6Oh4s=,iv:dW4ufvS+y0FCvrWSwftx1ktTDRqnINjznd90GWYgyLI=,tag:pHKVgUtRrUDCabviBkQNiQ==,type:str]", + "pgp": [ + { + "created_at": "2023-05-10T15:21:15Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA82M54yws73UAQ/+Nfucm1ugEaw6+nkQDQ6bP6eXSb2U8wktyFvhVTg1gzxY\n9MyN2KK0Htj8OjOsyfEOSxGtdzpDj4nnkN3Q6DqxRNruV1JevzZUHaXXJbm/48FZ\nMPpV/przXixEzHxc1QdDBf1FnKSXqqOAc4y1Dia1VHXtAlhV74lo9/1QENBNQzGx\nnSu4i0FrmfKmivlkBGtJIDto3DGo08KpcRp+LZtzHDyNM6iPegKgRlj6posNGhyk\nYjeuEeAwMHp3BkUI5yAUuqWIee/TiW7Uvh3apkzP8pNn0rjyxuNGInjRqwDi54eM\n7swiTDFUqUXvhba1rYAydG2f6nqDpcitog04vweCBS6C2IW4HGbvnPFyZ3ujCQc7\nFS0JosM6aXty+P+7QGtevjM1Tg9XDbUUI1U3LHUJ9KxSBiJwTTZ3E52QHtebDdst\nhSc2ymj4f9uyC5MCbiHEVOETega/SYOuqZ20CQqde2RmJ6vCdho6577fR6sJI0tw\n1ZHOLGlR/hiM6FvYfOqOsZj1tLZ2PwPxT6JvdVCL884ThPKVZ8u9wevrCzwk3hVT\nxn4JUfxjBJPJg/+hxoZ76U6BSbEF190dYX7ekmnbO/iaJURGrACiHzsWpcKjGvbJ\ncKSSUuT1f5OdfNeaO36tX2eq8BHP065e1bO7pwZvmp49dEo1sv/527e0HgO4MSjS\nXgHSoQJhxCnJL8iGkuiZVVXK/HJ0clv8lTAw920bsprkyRmQU1jxSUuZn7xchGIf\nKH/AJmVRGHJF0GEqOTNaF6qxWYdkEQo7+LQ+cHj7kvMFsADCYdxuhITb4AGHh94=\n=dxHZ\n-----END PGP MESSAGE-----\n", + "fp": "CD8CE78CB0B3BDD4" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +} \ No newline at end of file diff --git a/cluster/local-path-provisioner.tf b/cluster/local-path-provisioner.tf index 9acf469a..7bf9f51e 100644 --- a/cluster/local-path-provisioner.tf +++ b/cluster/local-path-provisioner.tf @@ -1,5 +1,5 @@ resource "helm_release" "local_path_provisioner" { - name = "local-path-provisioner" + name = "local-path-storage" repository = "${path.module}/lpp/deploy/chart" chart = "local-path-provisioner" create_namespace = true @@ -8,4 +8,10 @@ resource "helm_release" "local_path_provisioner" { timeout = var.helm_timeout cleanup_on_fail = true force_update = true + + values = [yamlencode({ + storageClass = { + defaultClass = true + } + })] } \ No newline at end of file diff --git a/cluster/pihole-deployment.tf b/cluster/pihole-deployment.tf index a9508c25..20342c28 100644 --- a/cluster/pihole-deployment.tf +++ b/cluster/pihole-deployment.tf @@ -131,8 +131,8 @@ resource "kubernetes_deployment" "pihole" { initial_delay_seconds = 60 period_seconds = 15 } - } */ + } container { image = "ghcr.io/tailscale/tailscale:latest" diff --git a/cluster/postgres.tf b/cluster/postgres.tf deleted file mode 100644 index 97dae112..00000000 --- a/cluster/postgres.tf +++ /dev/null @@ -1,49 +0,0 @@ -variable "postgres_password" { - type = string -} - -resource "kubernetes_namespace" "postgres_namespace" { - metadata { - name = "postgresql" - } -} - -resource "kubernetes_secret" "postgres_auth_secret" { - depends_on = [ - kubernetes_namespace.postgres_namespace - ] - - metadata { - name = "postgres-auth-secret" - namespace = "postgresql" - } - data = { - postgres-password = var.postgres_password - } - type = "Opaque" -} - -resource "helm_release" "postgresql" { - depends_on = [ - kubernetes_namespace.postgres_namespace, - kubernetes_secret.postgres_auth_secret - ] - - name = "postgresql" - repository = "https://charts.bitnami.com/bitnami" - chart = "postgresql" - namespace = "postgresql" - - timeout = var.helm_timeout - cleanup_on_fail = true - force_update = true - - set { - name = "global.storageClass" - value = "local-path" - } - set { - name = "global.postgresql.existingSecret" - value = "postgres-auth-secret" - } -} \ No newline at end of file diff --git a/cluster/prometheus.tf b/cluster/prometheus.tf new file mode 100644 index 00000000..e69de29b diff --git a/cluster/tailscale.tf b/cluster/tailscale.tf index 71418c7f..3c0a98fa 100644 --- a/cluster/tailscale.tf +++ b/cluster/tailscale.tf @@ -1,11 +1,15 @@ - variable "tailscale_api_key" { type = string } +variable "tailnet" { + type = string +} + + provider "tailscale" { api_key = var.tailscale_api_key - tailnet = "inskip.me" + tailnet = var.tailnet } resource "tailscale_tailnet_key" "cluster_reusable" { diff --git a/flake.lock b/flake.lock index f47218e3..7b7518c8 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "arcexprs": { "flake": false, "locked": { - "lastModified": 1682009296, - "narHash": "sha256-7KboTstta5M1fk0aGAj3WaFOTIKQXrg52Ck4WGT8CsE=", + "lastModified": 1686151686, + "narHash": "sha256-/YY+9A2Wgq9+IJHHsXQ5k6V1xVyKhvO50yWmbdp4f1E=", "owner": "arcnmx", "repo": "nixexprs", - "rev": "e8bbb166d899d6fb0777317a390c5abfa20286da", + "rev": "4899d9c123fc2c6570ce755344e08bf007a35ce8", "type": "github" }, "original": { @@ -24,11 +24,11 @@ ] }, "locked": { - "lastModified": 1682009832, - "narHash": "sha256-QdNOeFE7sI+0ddqVfn9vQDCUs7OdxhJ7evo9sdyP82Y=", + "lastModified": 1686307493, + "narHash": "sha256-R4VEFnDn7nRmNxAu1LwNbjns5DPM8IBsvnrWmZ8ymPs=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "a1ee4d333b092bc055655fb06229eb3013755812", + "rev": "7c16d31383a90e0e72ace0c35d2d66a18f90fb4f", "type": "github" }, "original": { @@ -51,11 +51,11 @@ ] }, "locked": { - "lastModified": 1682063650, - "narHash": "sha256-VaDHh2z6xlnTHaONlNVHP7qEMcK5rZ8Js3sT6mKb2XY=", + "lastModified": 1686747123, + "narHash": "sha256-XUQK9kwHpTeilHoad7L4LjMCCyY13Oq383CoFADecRE=", "owner": "serokell", "repo": "deploy-rs", - "rev": "c2ea4e642dc50fd44b537e9860ec95867af30d39", + "rev": "724463b5a94daa810abfc64a4f87faef4e00f984", "type": "github" }, "original": { @@ -102,11 +102,11 @@ ] }, "locked": { - "lastModified": 1682273416, - "narHash": "sha256-YvRc5TOyf92Fcvt6cYfsqxfjqalAUME3Klv4IbdhkBE=", + "lastModified": 1686922395, + "narHash": "sha256-ysevinohPxdKp0RXyhDRsz1/vh1eXazg4AWp0n5X/U4=", "owner": "nix-community", "repo": "home-manager", - "rev": "a5a294a622a7d3a837aaa145334e4d813c1bc5b1", + "rev": "9ba7b3990eb1f4782ea3f5fe7ac4f3c88dd7a32c", "type": "github" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1681591833, - "narHash": "sha256-lW+xOELafAs29yw56FG4MzNOFkh8VHC/X/tRs1wsGn8=", + "lastModified": 1686740472, + "narHash": "sha256-b668DY2qGdBCUwIkk6Z32bcpCsUISQJrEEvhtn1gGgY=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "68ec961c51f48768f72d2bbdb396ce65a316677e", + "rev": "e11c61073b777e025993c5ef63ddbf776a9cca15", "type": "github" }, "original": { @@ -164,11 +164,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1680876084, - "narHash": "sha256-eP9yxP0wc7XuVaODugh+ajgbFGaile2O1ihxiLxOuvU=", + "lastModified": 1686838567, + "narHash": "sha256-aqKCUD126dRlVSKV6vWuDCitfjFrZlkwNuvj5LtjRRU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "3006d2860a6ed5e01b0c3e7ffb730e9b293116e2", + "rev": "429f232fe1dc398c5afea19a51aad6931ee0fb89", "type": "github" }, "original": { @@ -179,11 +179,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1682181988, - "narHash": "sha256-CYWhlNi16cjGzMby9h57gpYE59quBcsHPXiFgX4Sw5k=", + "lastModified": 1686776226, + "narHash": "sha256-o6WbKvENj98QJz9Mco6T6SZGrjPewMDAFyKg0Lp8avU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6c43a3495a11e261e5f41e5d7eda2d71dae1b2fe", + "rev": "0d2cf7fe5fa05d5271a15a8933414ee0a1570648", "type": "github" }, "original": { @@ -195,16 +195,16 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1682173319, - "narHash": "sha256-tPhOpJJ+wrWIusvGgIB2+x6ILfDkEgQMX0BTtM5vd/4=", + "lastModified": 1686885751, + "narHash": "sha256-KcbYp2KuKbXgNaYVziwKUc6AKRhgJ1G8Qq5gjAbQ3uw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ee7ec1c71adc47d2e3c2d5eb0d6b8fbbd42a8d1c", + "rev": "aa4b53f79d961a7cbba0b24f791401a34c18011a", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-22.11", + "ref": "release-23.05", "repo": "nixpkgs", "type": "github" } @@ -212,11 +212,11 @@ "pypi-deps-db": { "flake": false, "locked": { - "lastModified": 1682242634, - "narHash": "sha256-tfadLvdK3CahWIf90V3XpFZqdpOvDxeORk+XAkTn4cU=", + "lastModified": 1685526402, + "narHash": "sha256-V0SXx0dWlUBL3E/wHWTszrkK2dOnuYYnBc7n6e0+NQU=", "owner": "DavHau", "repo": "pypi-deps-db", - "rev": "9832a8f9d545d59b1bf6e06e28ea9f0a65b6a01c", + "rev": "ba35683c35218acb5258b69a9916994979dc73a9", "type": "github" }, "original": { @@ -278,11 +278,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1682218555, - "narHash": "sha256-kojMklCNBnPe8KtRvJvBtFGU/gPAqRKYpZEqyehHfn4=", + "lastModified": 1686902322, + "narHash": "sha256-Vogj2MsipA+Uzr0M3d8300JeKQDHhPy6NEuTQXVdWu0=", "owner": "Mic92", "repo": "sops-nix", - "rev": "8a95e6f8cd160a05c2b560e66f702432a53b59ac", + "rev": "1e2bae54870a06aa9364f8d33a5b9a0869d792fc", "type": "github" }, "original": { @@ -317,11 +317,11 @@ }, "std": { "locked": { - "lastModified": 1682196479, - "narHash": "sha256-YChXEQO0zKauEi3+fpzPZovCaQEc4QeI00sP3IUtU14=", + "lastModified": 1685917625, + "narHash": "sha256-2manVKofCZrCToVDnDYNvtYUFBYOM5JhdDoNGVY4fq4=", "owner": "chessai", "repo": "nix-std", - "rev": "2acf4573376f8d6170aee46efe0a669f5d78a642", + "rev": "e20af8822b5739434b875643bfc61fe0195ea2fb", "type": "github" }, "original": { @@ -373,11 +373,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1681202837, - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "lastModified": 1685518550, + "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", "owner": "numtide", "repo": "flake-utils", - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef", "type": "github" }, "original": { @@ -399,11 +399,11 @@ ] }, "locked": { - "lastModified": 1681581389, - "narHash": "sha256-+ygySqlQy0ejwE1aOF6i6Tiu63V0jxXik0aLlvmqioo=", + "lastModified": 1686480427, + "narHash": "sha256-cs2cg+x21jM3e7gOX9zYRh/19i8DFInBDLtUWMEAdvA=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "f3b6f6b04728416c64fc5ef52199fd9b9843c47d", + "rev": "c192f97d59acb878fd1f2f6f362c8632d1e8426e", "type": "github" }, "original": { diff --git a/kat/shell/packages.nix b/kat/shell/packages.nix index bd1d6637..e6430e40 100644 --- a/kat/shell/packages.nix +++ b/kat/shell/packages.nix @@ -17,6 +17,8 @@ exa # sed replacement sd + # sops + sops # find replacement fd # ripgrep / grep replacement diff --git a/nixos/roles/irc-client.nix b/nixos/roles/irc-client.nix new file mode 100644 index 00000000..3bc148df --- /dev/null +++ b/nixos/roles/irc-client.nix @@ -0,0 +1,12 @@ +_: { + services.thelounge = { + enable = true; + extraConfig = { + reverseProxy = true; + public = false; + fileUpload = { + enable = true; + }; + }; + }; +} diff --git a/systems/yukari.nix b/systems/yukari.nix index e3d28f81..ced1c5a4 100644 --- a/systems/yukari.nix +++ b/systems/yukari.nix @@ -15,6 +15,7 @@ _: let postgres-server matrix-homeserver vaultwarden-server + irc-client ]); boot = { diff --git a/tf/.envrc b/tf/.envrc new file mode 100644 index 00000000..709fc1b6 --- /dev/null +++ b/tf/.envrc @@ -0,0 +1,2 @@ +sops -d ./tf.tfvars.sops > tf.tfvars +export TF_CLI_ARGS="--var-file=tf.tfvars" \ No newline at end of file diff --git a/tf/.gitignore b/tf/.gitignore new file mode 100644 index 00000000..dc541e68 --- /dev/null +++ b/tf/.gitignore @@ -0,0 +1 @@ +tf.tfvars \ No newline at end of file diff --git a/tf/backend.tf b/tf/backend.tf new file mode 100644 index 00000000..de820c7d --- /dev/null +++ b/tf/backend.tf @@ -0,0 +1,10 @@ +terraform { + backend "remote" { + hostname = "app.terraform.io" + organization = "kittywitch" + + workspaces { + name = "infrastructure-tf" + } + } +} diff --git a/tf/tf.tfvars.sops b/tf/tf.tfvars.sops new file mode 100644 index 00000000..63039330 --- /dev/null +++ b/tf/tf.tfvars.sops @@ -0,0 +1,22 @@ +{ + "data": "ENC[AES256_GCM,data:5NizSWBLOaigdBsgLyFRmjka6EnojDthw8+Z79QXz/Up1b5Mw60RuWV4kJlJpu+Vy7V1rm9xSJrOh4cTQiiStDbeJ+wCUx2ijp3XPvNlJ6V4UXGefbHMV/oC3amhurRcDogDCldELqce8ZObps5Z+A9VuvzsTxb3CdSaf7C544krRr20+JZLpM55CrAJ+o8pbHF2I5GXIlHqoGbLQIOm+Y/iun9Vi4Ut/XDvbGREBOSp6lTC6D/3VbyZ6jaBH7AI2wR486TPbVRT+GLrVB+u7WJaOAMor9rstLqtMrykAuxknXuFSDo1e1AYsTmKkGlo4D/KX+nYcTarksB7gyYLk8PrBIb8JI1OaKL7XAMZUM2RjKljPb3DalN+8+qa9YCO57BVUeudEQuuv7gh4stdbNSTQ/kWfZuImgQNdDItlJ9XabM0UG3SqzQibggeXvA8cehG4ixrC/acLsMxu00MOLHzwqGhWolHvCAmnp0XEG+dEF7//+W3K5knel5HoAoLbgmENghmp1Vp28abFOagU2Hn2asPDIjjZv8MhocyMCUjBK/f1JrDVOVHZRhWIXjGyeWhJPd8+7P1XJeXlGLh2G9Echgpkpt3lnNShQ==,iv:RjDCMMgME6GrPUQ/xqq6N9pynS6mwd0SKydpBctYlZ8=,tag:8ANoqNcJGpj9NRKgfa8cOg==,type:str]", + "sops": { + "shamir_threshold": 1, + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2023-05-10T15:46:17Z", + "mac": "ENC[AES256_GCM,data:VX3ZsDKja639NKEO1DvBDMh/Ho9EMqNQyDlbYo79nVfomMvHvNcSURullNehy1Usmdmk/Hr6wUjuOcira571F5k95xNby6yp/qgWFBSKDFcvduRqu4YqUzB5XvXqmWGHX+Q7d6U6MAA6PirqBgQC4A5U51OfFhPalTuJWY4V8jA=,iv:BsqyLwGgcqjIITuHnYo2jzC8Vk4DgyxkBGD6eaa+TsE=,tag:j67JoaOgQhbtNDk70i1hKA==,type:str]", + "pgp": [ + { + "created_at": "2023-05-10T15:43:03Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA82M54yws73UARAApQ2ZwB0usOsmNHzhVKbp0usviukLvU8FXl3HjaH49d0o\nzlY/h/A5isen9oVmTe8fr2h/Et/k7QtOyEQg3a+BDxbSmeHWPENdxxmJzgFdAMx0\n91b/puuIL3RpDRzZD0MxbqGk5A3pZZuoHm1PMYgRW7M+xfHzMlOAREqxC3J+2NGX\nBk9Q6iYGem/h4l660ObWdFkkkdyfGba7vz5hUl1het/DlOA73Hdy/VN5mrc+H+KN\nOtOzBYcBsNkhjWHfoK7G666yLNsADcViKZiLHvmAvAlgQly+dUq9kO4kiQwyFI+V\nLfR+/TY73yOjk+St3MS78K4rm2ywsAPNOKUnQGcSM+Vw7/n+0z22dKmZqJmu749K\noHvhE2pIlCC/6Xt3Ft8bjlKlo+4tQo1Jtb89YQ6G8nnoFr/HvAwk01qziIvD3TTJ\nM4nhQt5pArW5i/V/7oJ7iUqKPgda2O0tl0Tmen6u/sPWU3F9CuN0I+bZae8d53Zs\nPIfSGFTsfP1ChX2mxeGJ3BR6fVskvWr88lJmILtgFEo+BjvfWT6D25rIuId5ZqKQ\ngU4MnC7JK+PH/jykT+6s21v5JXnQ4M6WvSZK1J4bs0wR0yN3JbB7pki0zlh/2a8J\nFnWBB/gCaBgyGK7CHwncM/cn6NyFUAn3r2SFjElpInGHd7dqvl9dXHJ5YzyHWEbS\nXgHDOWzI8EpfVrhIKak6ZrKEJIvhodyP7qIgBexAU4zA4CdvmuuyiqIzlRawN4J8\nRwwFHRibkIe5q3xFa/QrOuBj5pfUqdBLDkJhLHkYH756m/25Fg9kqB2tou14qDU=\n=Mfyl\n-----END PGP MESSAGE-----\n", + "fp": "CD8CE78CB0B3BDD4" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +} \ No newline at end of file