change ipv6 address for wake onlan

add talos utilities
2026-04-02 13:13:47 +02:00 · 2026-03-02 00:24:34 +01:00 · 2026-03-02 00:22:41 +01:00 · 2026-02-10 18:19:23 +01:00 · 2026-02-10 18:18:12 +01:00
10 changed files with 98 additions and 77 deletions
--- a/modules/core/default.nix
+++ b/modules/core/default.nix
@@ -5,6 +5,7 @@
  imports = [
    ./grub.nix
    ./packages.nix
+    ./sops.nix
    ./ssh.nix
    ./system.nix
    ./tty.nix
--- a/modules/core/packages.nix
+++ b/modules/core/packages.nix
@@ -15,6 +15,7 @@
    pkgs.unzip
    pkgs.sops
    pkgs.ssh-to-age
+    pkgs.age
    pkgs.nixos-anywhere
    pkgs.nixos-generators
    pkgs.efibootmgr
@@ -25,8 +26,7 @@
    pkgs.fzf
    pkgs.bc
    pkgs.wakeonlan
-    pkgs.samba
-    pkgs.openldap
+    pkgs.openssl
  ];
  services = {
    locate = {
--- a/modules/core/sops.nix
+++ b/modules/core/sops.nix
@@ -0,0 +1,19 @@
+{
+  inputs,
+  ...
+}:
+let
+  secretsPath = builtins.toString inputs.mysecrets;
+in
+{
+  sops = {
+    defaultSopsFile = "${secretsPath}/secrets.yaml";
+    age = {
+      sshKeyPaths = [
+        "/etc/ssh/ssh_host_ed25519_key"
+      ];
+      keyFile = "/var/lib/sops-nix/key.txt";
+      generateKey = true;
+    };
+  };
+}
--- a/modules/core/users.nix
+++ b/modules/core/users.nix
@@ -5,6 +5,11 @@
  ...
 }:
 {
+  sops.secrets = {
+    "users_password/beastie" = {
+      neededForUsers = true;
+    };
+  };
  users = {
    users = {
      ${username} = {
@@ -18,7 +23,7 @@
          "video"
        ];
        openssh.authorizedKeys.keys = [
-          config.sops.secrets."ssh_keys/beastie_priv".path
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAKMJ3TkEmRQcX7RQijNa2km6a2xXJk6M6FERh7C9nTJ"
        ];
        shell = pkgs.zsh;
      };
--- a/modules/optionnals/desktop/packages.nix
+++ b/modules/optionnals/desktop/packages.nix
@@ -26,6 +26,11 @@
    pkgs.catppuccin-cursors
    pkgs.catppuccin-gtk
    pkgs.postman
+    pkgs.samba
+    pkgs.openldap
+    pkgs.argocd
+    pkgs.talosctl
+    pkgs.talhelper
  ];
  fonts.packages = [
    pkgs.nerd-fonts.dejavu-sans-mono
--- a/modules/optionnals/hosts/home-nix.nix
+++ b/modules/optionnals/hosts/home-nix.nix
@@ -82,6 +82,7 @@
      #172.18.20.229  auth.grandbesancon.fr
      #172.18.20.181  traefikauth.grandbesancon.fr
      172.18.21.174     test-patchmon.grandbesancon.fr
+      172.18.229.240    test-mycarto-autonome.grandbesancon.fr
    '';
    wireguard = {
      interfaces = {
--- a/modules/optionnals/libvirt.nix
+++ b/modules/optionnals/libvirt.nix
@@ -4,6 +4,9 @@
  ...
 }:
 {
+  users.users.${username} = {
+    extraGroups = [ "libvirtd" ];
+  };
  virtualisation = {
    libvirtd = {
      enable = true;
@@ -12,11 +15,13 @@
        #package = pkgs.qemu;
        runAsRoot = true;
        swtpm.enable = true;
+        vhostUserPackages = [
+          pkgs.virtiofsd
+        ];
      };
    };
-
-  };
-  users.users.${username} = {
-    extraGroups = [ "libvirtd" ];
  };
+  environment.systemPackages = with pkgs; [
+    virtiofsd
+  ];
 }
--- a/modules/optionnals/sops-desktop.nix
+++ b/modules/optionnals/sops-desktop.nix
@@ -1,76 +1,61 @@
 {
-  inputs,
  username,
  ...
 }:
-let
-  secretsPath = builtins.toString inputs.mysecrets;
-in
 {
-  sops = {
-    defaultSopsFile = "${secretsPath}/secrets.yaml";
-    age = {
-      sshKeyPaths = [
-        "/etc/ssh/ssh_host_ed25519_key"
-      ];
-      keyFile = "/var/lib/sops-nix/key.txt";
-      generateKey = true;
+  sops.secrets = {
+    "users_password/beastie" = {
+      neededForUsers = true;
    };
-
-    secrets = {
-      "users_password/beastie" = {
-        neededForUsers = true;
-      };
-      "ssh_keys/default_pub" = {
-        owner = "${username}";
-        mode = "0644";
-        path = "/home/${username}/.ssh/id_ed25519.pub";
-      };
-      "ssh_keys/default_priv" = {
-        owner = "${username}";
-        mode = "0600";
-        path = "/home/${username}/.ssh/id_ed25519";
-      };
-      "ssh_keys/ansible_pub" = {
-        owner = "${username}";
-        mode = "0644";
-        path = "/home/${username}/.ssh/id_ed25519_ansible.pub";
-      };
-      "ssh_keys/ansible_priv" = {
-        owner = "${username}";
-        mode = "0600";
-        path = "/home/${username}/.ssh/id_ed25519_ansible";
-      };
-      "ssh_keys/beastie_pub" = {
-        owner = "${username}";
-        mode = "0644";
-        path = "/home/${username}/.ssh/id_ed25519_beastie.pub";
-      };
-      "ssh_keys/beastie_priv" = {
-        owner = "${username}";
-        mode = "0600";
-        path = "/home/${username}/.ssh/id_ed25519_beastie";
-      };
-      "ssh_keys/gitea_semaphore_pub" = {
-        owner = "${username}";
-        mode = "0644";
-        path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore.pub";
-      };
-      "ssh_keys/gitea_semaphore_priv" = {
-        owner = "${username}";
-        mode = "0600";
-        path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore";
-      };
-      "ssh_keys/wol_pub" = {
-        owner = "${username}";
-        mode = "0644";
-        path = "/home/${username}/.ssh/id_ed25519_wol";
-      };
-      "ssh_keys/wol_priv" = {
-        owner = "${username}";
-        mode = "0600";
-        path = "/home/${username}/.ssh/id_ed25519_wol.priv";
-      };
+    "ssh_keys/default_pub" = {
+      owner = "${username}";
+      mode = "0644";
+      path = "/home/${username}/.ssh/id_ed25519.pub";
+    };
+    "ssh_keys/default_priv" = {
+      owner = "${username}";
+      mode = "0600";
+      path = "/home/${username}/.ssh/id_ed25519";
+    };
+    "ssh_keys/ansible_pub" = {
+      owner = "${username}";
+      mode = "0644";
+      path = "/home/${username}/.ssh/id_ed25519_ansible.pub";
+    };
+    "ssh_keys/ansible_priv" = {
+      owner = "${username}";
+      mode = "0600";
+      path = "/home/${username}/.ssh/id_ed25519_ansible";
+    };
+    "ssh_keys/beastie_pub" = {
+      owner = "${username}";
+      mode = "0644";
+      path = "/home/${username}/.ssh/id_ed25519_beastie.pub";
+    };
+    "ssh_keys/beastie_priv" = {
+      owner = "${username}";
+      mode = "0600";
+      path = "/home/${username}/.ssh/id_ed25519_beastie";
+    };
+    "ssh_keys/gitea_semaphore_pub" = {
+      owner = "${username}";
+      mode = "0644";
+      path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore.pub";
+    };
+    "ssh_keys/gitea_semaphore_priv" = {
+      owner = "${username}";
+      mode = "0600";
+      path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore";
+    };
+    "ssh_keys/wol_pub" = {
+      owner = "${username}";
+      mode = "0644";
+      path = "/home/${username}/.ssh/id_ed25519_wol";
+    };
+    "ssh_keys/wol_priv" = {
+      owner = "${username}";
+      mode = "0600";
+      path = "/home/${username}/.ssh/id_ed25519_wol.priv";
    };
  };
 }
--- a/modules/optionnals/wakeonlan.nix
+++ b/modules/optionnals/wakeonlan.nix
@@ -17,7 +17,7 @@
  };
  environment.systemPackages = [ pkgs.ethtool ];

-  my.wolipv6address = "2a01:e0a:9cc:99d0:8f3a:6b2c:41d7:e9f5";
+  my.wolipv6address = "2a01:e0a:f5d:3400:6b2c:41d7:e9f5";

  boot.initrd = {
    network = {
@@ -32,7 +32,7 @@
      };
      postCommands = ''
        ip -6 addr add ${config.my.wolipv6address}/64 dev ${config.my.laninterface}
-        ip -6 route add default via fe80::224:d4ff:fea5:65bd dev ${config.my.laninterface}
+        ip -6 route add default via fe80::3a07:16ff:fe11:45a8 dev ${config.my.laninterface}
      '';
    };
    availableKernelModules = [ "r8169" ];
Author	SHA1	Message	Date
Jérémie SALVI	4abb2bf1eb	change ipv6 address for wake onlan	2026-04-02 13:13:47 +02:00
Jérémie SALVI	9a336f76dc	add talos utilities	2026-03-02 00:24:34 +01:00
Jérémie SALVI	b0d8309d65	add talos utilities	2026-03-02 00:22:41 +01:00
Jérémie SALVI	d319db25bb	Merge branch 'main' of git.unixyourbrain.org:beastie/dev	2026-02-10 18:19:23 +01:00
Jérémie SALVI	961e9c475e	Reorganise sops.	2026-02-10 18:18:12 +01:00