l orange.r: init

4 files changed, 81 insertions, 0 deletions

diff --git a/kartei/lass/orange.nix b/kartei/lass/orange.nix
new file mode 100644
index 00000000..7f656c26
--- /dev/null
+++ b/kartei/lass/orange.nix
@@ -0,0 +1,38 @@
+{ r6, w6, ... }:
+{
+  nets = {
+    retiolum = {
+      ip4.addr = "10.243.0.15";
+      ip6.addr = r6 "012a";
+      aliases = [
+        "orange.r"
+      ];
+      tinc.pubkey = ''
+        -----BEGIN RSA PUBLIC KEY-----
+        MIICCgKCAgEAlnHedIf4f3/6Wfl5PSSz+7KvdIMkygp5m/U270sdPBh46MqYa8cn
+        OfPq40LcbWIZqAVex7mP+fK7vq8LTIr+sCKvzY46o3ZLbQQ7cCtQi02GFnSAPhVT
+        4XEmPn9dX/nRmI8xQqzh5jRMpgeOKE+xY6QfgkERD9mflkJi5dGYCOVW1UUK7pHR
+        7giCrUiLuQbUeIz+G7KOeIRHxU8dwD8it1Jk6KxdM3MW6HwFsuqZu0qjbBPKhTEe
+        fgzSTDtZEGmcQw5vA/RwjxoRvKYThbK/lLoVJItFAhUCWUJA8bJuIanwzPfOF0JO
+        xWkxiY3ntvn5ykbvhF6LoHE+kEfcBJzBfRFRSXV5qU5wW1FC4AQylUDrest/qXQh
+        DY8boUqK/hi/MlC2ciPH+DlBOi5wduWty8F0KqNzjg1IIEOk8H+z9hgBDbdJnYHH
+        MBjYOZ3MFpoNb2VCJTE7dlIarVdH1OOO2KkzX/GGW7wGQK94iqLHjBcGl15GcGOz
+        EOivq+783VOtzZGS4jd8D0OcCo725FzhuWi6KR5QTljwrd5C1gGFoAW7RCsUiveZ
+        0by9aB+G2DWmSRWZsmPnnbYo6yPvp+WR2yfPu1pKwjyNsmAgTYm4bkwRIvODb6Xk
+        ShgawP5V8RDp+hUmr27KgJvUJnQbVeJf9SO1pT7IfNOjLwHv26iOo7UCAwEAAQ==
+        -----END RSA PUBLIC KEY-----
+      '';
+      tinc.pubkey_ed25519 = "dVIOgHjuKLDJ+QB+sDjL9Pk3pXs8wKo+gemGvNG3z1H";
+    };
+    wiregrill = {
+      ip6.addr = w6 "012a";
+      aliases = [
+        "orange.w"
+      ];
+      wireguard.pubkey = ''
+        NP8zM9+ocwsHhY9Rn6tFqIU1FR8JidqtDs7IKpl3yU8=
+      '';
+    };
+  };
+  ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnHnTPPwMW1Oy3DBuaT4fG5ryhWmVS9Y8Sw0ezUGuLn";
+}
diff --git a/lass/1systems/orange/config.nix b/lass/1systems/orange/config.nix
new file mode 100644
index 00000000..3c13ebe8
--- /dev/null
+++ b/lass/1systems/orange/config.nix
@@ -0,0 +1,21 @@
+with import <stockholm/lib>;
+{ config, lib, pkgs, ... }:
+{
+  imports = [
+    <stockholm/lass>
+    <stockholm/lass/2configs>
+    <stockholm/lass/2configs/retiolum.nix>
+  ];
+
+  krebs.build.host = config.krebs.hosts.orange;
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "acme@lassul.us";
+  };
+
+  lass.sync-containers3.inContainer = {
+    enable = true;
+    pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQWzKuXrwQopBc1mzb2VpljmwAs7Y8bRl9a8hBXLC+l";
+  };
+}
diff --git a/lass/1systems/orange/physical.nix b/lass/1systems/orange/physical.nix
new file mode 100644
index 00000000..8577daf3
--- /dev/null
+++ b/lass/1systems/orange/physical.nix
@@ -0,0 +1,7 @@
+{
+  imports = [
+    ./config.nix
+  ];
+  boot.isContainer = true;
+  networking.useDHCP = true;
+}
diff --git a/lass/2configs/orange-host.nix b/lass/2configs/orange-host.nix
new file mode 100644
index 00000000..3fbf417a
--- /dev/null
+++ b/lass/2configs/orange-host.nix
@@ -0,0 +1,15 @@
+{ config, pkgs, ... }:
+{
+  lass.sync-containers3.containers.orange = {
+    sshKey = "${toString <secrets>}/orange.sync.key";
+  };
+  services.nginx.virtualHosts."lassul.us" = {
+    # enableACME = config.security;
+    # forceSSL = true;
+    locations."/" = {
+      recommendedProxySettings = true;
+      proxyWebsockets = true;
+      proxyPass = "http://orange.r";
+    };
+  };
+}