Merge remote-tracking branch 'refs/remotes/origin/main'

Add sops attribute to config.boot (vyos config file)
WIP shell.nix
Add encrypted config.boot for vyos config
Build workflow components for vyos development and deployment
Add metallb to nix-lab helmfile

.gitattributes

@@ -2,3 +2,4 @@ secrets.env filter=sops diff=sops
 *.secrets filter=sops diff=sops
 *.token filter=sops diff=sops
 *.passwd filter=sops diff=sops
+config.boot filter=sops diff=sops

homelab/vyos/get_config.sh

@@ -0,0 +1,5 @@
+#!/bin/vbash
+
+source /opt/vyatta/etc/functions/script-template
+
+show 

homelab/vyos/load_config.sh

@@ -0,0 +1,9 @@
+#!/bin/vbash
+
+source /opt/vyatta/etc/functions/script-template
+
+configure
+load /home/vyos/config.boot
+
+echo "Running commit && exit"
+commit && exit || exit discard

homelab/vyos/op.sh

@@ -0,0 +1,7 @@
+#!/bin/vbash
+
+command="$@"
+
+source /opt/vyatta/etc/functions/script-template
+
+run $command

homelab/vyos/save_config.sh

@@ -0,0 +1,8 @@
+#!/bin/vbash
+
+source /opt/vyatta/etc/functions/script-template
+
+configure
+
+
+save || exit discard

homelab/vyos/vyos.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+
+SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+
+# Change this to the user, host, (and optionally port) of your VyOS target.
+VYOS_TARGET="vyos@192.168.1.1"
+
+# Returns saved config file
+function get_config_saved () {
+  ssh $VYOS_TARGET 'cat /config/config.boot'
+}
+
+# Returns active config file
+function get_config_active () {
+  scp -q ./get_config.sh $VYOS_TARGET:/home/vyos/get_config.sh
+  ssh $VYOS_TARGET 'chmod +x /home/vyos/get_config.sh; /home/vyos/get_config.sh; rm /home/vyos/get_config.sh'
+}
+
+# Push local ./config.boot to remote /home/vyos/config.boot
+function post_config () {
+  scp -q ./config.boot    :/home/vyos/config.boot
+}
+
+function load_config () {
+  scp -q ./load_config.sh $VYOS_TARGET:/home/vyos/load_config.sh
+  ssh $VYOS_TARGET 'chmod +x /home/vyos/load_config.sh; /home/vyos/load_config.sh; rm /home/vyos/load_config.sh'
+}
+
+function save_config () {
+  scp -q ./save_config.sh $VYOS_TARGET:/home/vyos/save_config.sh
+  ssh $VYOS_TARGET 'chmod +x /home/vyos/save_config.sh; /home/vyos/save_config.sh; rm /home/vyos/save_config.sh'
+}
+
+function get_dhcp_leases () {
+  scp -q ./op.sh $VYOS_TARGET:/home/vyos/op.sh
+  ssh $VYOS_TARGET 'chmod +x /home/vyos/op.sh; /home/vyos/op.sh "show dhcp server leases"; rm /home/vyos/op.sh'
+}
+
+function op () {
+  command="$@"
+  scp -q ./op.sh $VYOS_TARGET:/home/vyos/op.sh
+  ssh $VYOS_TARGET "chmod +x /home/vyos/op.sh; /home/vyos/op.sh $command; rm /home/vyos/op.sh"
+}
+
+function pull () {
+  get_config_saved > config.boot
+}
+
+function push () {
+  post_config
+  load_config
+  save_config
+}
+
+function edit () {
+  get_config_saved > $SCRIPT_DIR/config.boot
+  vim $SCRIPT_DIR/config.boot
+  push
+}
+
+"$@"
+
+# Fair warning, this script is trash.

nix/nix-lab/helm/helmfile.yaml

@@ -3,6 +3,8 @@ repositories:
     url: https://charts.longhorn.io
   - name: kyverno
     url: https://kyverno.github.io/kyverno
+  - name: metallb
+    url: https://metallb.github.io/metallb
 ---
 releases:
   # Distributed storage
@@ -15,3 +17,8 @@ releases:
     namespace: kyverno
     chart: kyverno/kyverno
     version: 3.2.7
+  - name: metallb
+    namespace: metallb-system
+    chart: metallb/metallb
+    version: 0.14.5
+  

shell.nix

@@ -1,9 +1,62 @@
-# Install git, sops, Docker, bash, 
+# Install core packages, configure toolkits
+let
+  nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/tarball/nixos-24.05";
+  pkgs = import nixpkgs { config = {}; overlays = []; };
+in
 
-{ pkgs ? import <nixpkgs> {} }: pkgs.mkShell { 
+  pkgs.mkShellNoCC {
     packages = with pkgs; [
-    git sops docker 
+      ssh git sops docker
+      vim
       tree btop
       bat fd eza fzf
+      ssh-to-age
     ];
-}
+    shellHook = ''
+      # Configure env
+      USER="joey"
+      HOSTNAME="dungeon-master"
+      NAME="Joey Hafner"
+      EMAIL="joey@jafner.net"
+
+      # Configure SSH. Expects existing key at ~/.ssh/$USER@$HOSTNAME.key
+      SSH_KEY="~/.ssh/$USER@$HOSTNAME.key"
+      SSH_PUBKEY="~/.ssh/$USER@$HOSTNAME.pub"
+      alias ssh="ssh -i $SSH_KEY"
+
+      # Configure Git
+      # global
+      git config core.sshcommand "ssh -i $SSH_KEY"
+      git config user.name "$NAME"
+      git config user.email "$EMAIL"
+      git config user.signingkey "$SSH_PUBKEY"
+      git config init.defaultbranch "main"
+      git config gpg.format "ssh"
+      git config commit.gpgsign "true"
+      git config credential.helper "manager"
+      git config core.pager "delta"
+      git config delta.side-by-side "true"
+      git config interactive.difffilter "delta --color-only"
+      
+      # repo
+      git config core.repositoryformatversion "0"
+      git config core.filemode "true"
+      git config core.bare "false"
+      git config core.logallrefupdates "true"
+      git config remote.origin.url "ssh://git@gitea.jafner.tools:2225/Jafner/Jafner.net.git"
+      git config remote.origin.fetch "+refs/heads/*:refs/remotes/origin/*"
+      git config branch.main.remote "origin"
+      git config branch.main.merge "refs/heads/main"
+      git config submodule.sites/Jafner.dev/themes/hello-friend-ng.active "true"
+      git config submodule.sites/Jafner.dev/themes/hello-friend-ng.url "https://github.com/rhazdon/hugo-theme-hello-friend-ng.git"
+      
+      # Configure sops
+      ssh-2-age -p -i $SSH_KEY $HOME/.age/key 
+      git config filter.sops.smudge '.sops/decrypt-filter.sh %f'
+      git config filter.sops.clean '.sops/encrypt-filter.sh %f'
+      git config filter.sops.required "true"
+
+    '';
+
+};
+