feat(tazjin/koptevo): deploy tgsa
The main instance is still running on polyanka, but things are moving in this direction. Change-Id: Idfa9e508023c05148003ac4621ae01dceb284c66 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8827 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
This commit is contained in:
Vincent Ambo
tazjin
parent
332a821100
commit
507cd85264
2 changed files with 16 additions and 2 deletions
|
|
@ -13,6 +13,8 @@ in
|
|||
(mod "www/base.nix")
|
||||
(mod "www/tazj.in.nix")
|
||||
(usermod "predlozhnik.nix")
|
||||
(usermod "tgsa.nix")
|
||||
(depot.third_party.agenix.src + "/modules/age.nix")
|
||||
];
|
||||
|
||||
boot = {
|
||||
|
|
@ -79,6 +81,14 @@ in
|
|||
openssh.authorizedKeys.keys = depot.users.tazjin.keys.all;
|
||||
};
|
||||
|
||||
age.secrets =
|
||||
let
|
||||
secretFile = name: depot.users.tazjin.secrets."${name}.age";
|
||||
in
|
||||
{
|
||||
tgsa-yandex.file = secretFile "tgsa-yandex";
|
||||
};
|
||||
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
|
||||
services.openssh.enable = true;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue