add "more" host to awful.systems cluster
authorself <self@awful.systems>
Sun, 2 Jul 2023 07:24:38 +0000 (00:24 -0700)
committerself <self@awful.systems>
Sun, 2 Jul 2023 07:24:38 +0000 (00:24 -0700)
.sops.yaml
hardware/hetzner-cloud/cpx31.nix [new file with mode: 0644]
hardware/hetzner-cloud/cx21.nix [moved from hardware/hetzner-cloud.nix with 84% similarity]
hardware/hostnames.nix [new file with mode: 0644]
hardware/shared.nix
hosts/more/configuration.nix [new file with mode: 0644]
secrets/keys/default.nix
secrets/keys/git.nix [new file with mode: 0644]
secrets/secrets.yaml

index f900e95177cdecb1a88933d3d147ba0b33f02026..4aba98f707fb1390b7fc04a27da2eed6b6c12394 100644 (file)
@@ -1,9 +1,11 @@
 keys:
     - &admin_self age1ykfwuq666clqzxk4vjyjhtk29h7s3ztcu4ewfwgrq9kaxrmeapdqw0ec85
     - &host_these age1qwdxl2jdwu2feee4ttlhr06682026gftt9n6cw9n6yxjsr2vzy7se389re
+    - &host_more age19us4npj5aw2wcfglxzt5l2aemc8n79k6chfflmfjk2h40y37p9aspwmumc
 creation_rules:
     - path_regex: secrets/[^/]+.yaml$
       key_groups:
       - age:
         - *admin_self
         - *host_these
+        - *host_more
diff --git a/hardware/hetzner-cloud/cpx31.nix b/hardware/hetzner-cloud/cpx31.nix
new file mode 100644 (file)
index 0000000..ce00fc0
--- /dev/null
@@ -0,0 +1,28 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ../shared.nix ];
+
+  boot.initrd.availableKernelModules =
+    [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+  boot.loader.grub.enable = true;
+  boot.loader.grub.devices = [ "/dev/sda" ];
+
+  # boot off an LVM pool named NixOS and lv named System
+  fileSystems."/" = {
+    device = "/dev/NixOS/System";
+    fsType = "ext4";
+  };
+
+  swapDevices = [ ];
+
+  networking.useDHCP = false;
+  networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; # public IP
+  networking.interfaces.enp7s0.useDHCP =
+    lib.mkDefault true; # first internal network
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
similarity index 84%
rename from hardware/hetzner-cloud.nix
rename to hardware/hetzner-cloud/cx21.nix
index e4c3bd34e04ba27811bc36d79d2d67d95f96e0a1..a777c08e243cec86e31e16e2d31e584a42129504 100644 (file)
@@ -1,7 +1,7 @@
 { config, lib, pkgs, modulesPath, ... }:
 
 {
-  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ./shared.nix ];
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ../shared.nix ];
 
   boot.initrd.availableKernelModules =
     [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ];
@@ -15,8 +15,6 @@
 
   swapDevices = [ ];
 
-  time.timeZone = "America/Los_Angeles";
-
   networking.useDHCP = false;
   networking.interfaces.ens3.useDHCP = true; # public IP
   networking.interfaces.ens10.useDHCP = true; # first internal network
diff --git a/hardware/hostnames.nix b/hardware/hostnames.nix
new file mode 100644 (file)
index 0000000..8acc5de
--- /dev/null
@@ -0,0 +1,8 @@
+{ config, lib, pkgs, ... }:
+
+{
+  networking.hosts = {
+    "10.0.0.2" = [ "these" ];
+    "10.0.0.4" = [ "more" ];
+  };
+}
index ecf8de3e23dfac46d849a4442cdf2a4c5d853564..96bd48f27a7d50a8907a08cf0c8c171222fe8b74 100644 (file)
@@ -1,20 +1,25 @@
 { config, lib, pkgs, ... }:
 
 {
-  imports = [
-    ../secrets/keys
-  ];
+  imports = [ ../secrets/keys ./hostnames.nix ];
   # Initial empty root password for easy login:
   users.users.root.initialHashedPassword = "";
   services.openssh.settings.PermitRootLogin = "prohibit-password";
 
   services.openssh.enable = true;
 
+  time.timeZone = "America/Los_Angeles";
+
   nix.gc = {
     automatic = true;
     options = "--delete-older-than 5d";
   };
 
+  swapDevices = [{
+    device = "/var/lib/swapfile";
+    size = 4 * 1024;
+  }];
+
   environment.systemPackages = [ pkgs.ssh-to-age ];
 
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
diff --git a/hosts/more/configuration.nix b/hosts/more/configuration.nix
new file mode 100644 (file)
index 0000000..9913903
--- /dev/null
@@ -0,0 +1,11 @@
+{ pkgs, ... }:
+
+{
+  imports = [
+    ../../hardware/hetzner-cloud/cpx31.nix
+    ../../secrets
+    ../../maint-mode
+  ];
+
+  networking.hostName = "more";
+}
index e8d6c33d0767fa760b9a012643a33e14f7be8306..a0adb78068da50b5e31ef338f8b276bac1348252 100644 (file)
@@ -3,6 +3,5 @@
 {
   users.users = {
     root.openssh.authorizedKeys.keyFiles = [ ./self_id_ed25519.pub ];
-    git.openssh.authorizedKeys.keyFiles = [ ./self_id_ed25519.pub ];
   };
 }
diff --git a/secrets/keys/git.nix b/secrets/keys/git.nix
new file mode 100644 (file)
index 0000000..93190b5
--- /dev/null
@@ -0,0 +1,7 @@
+{ config, lib, pkgs, ... }:
+
+{
+  users.users = {
+    git.openssh.authorizedKeys.keyFiles = [ ./self_id_ed25519.pub ];
+  };
+}
index 043dc8dc3e9f045d0e00b9def04d0a0765861e18..4e2432e4191e33ac4a5aa29a2912bf221a6115e9 100644 (file)
@@ -13,20 +13,29 @@ sops:
         - recipient: age1ykfwuq666clqzxk4vjyjhtk29h7s3ztcu4ewfwgrq9kaxrmeapdqw0ec85
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLYnNxSFMwUFY5ZmtYSk1k
-            ZVFLcVNQYXZYbFl0VDhBam1aeGtVTzUrdkhBCjFlTHpQU2ZiRjVhU2dTRmZJZVZL
-            Z094ZEFzTEFyYlA0eU9GSXFCYWdRckEKLS0tIFpjdHlBMlFYLzZzTVdoekE5eXdU
-            L3RYL0ZRKzdOMjJLVnJUTVlHaDBEUUkKyvlJ3mcJZ3U9iWIL4YLJDEtUCkz2Kmh2
-            2SF8Tz0gshOL8xBXeaoleXN2sHvnC5PqePvzu6Q8hs8iX81WxY+Nyw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhbmdEeEJUakRzY1dLSEFB
+            Nlh5QlRTdzlCamhLNDZ4bUl4Wm9kUEVrbkNZCmhPSTBsUTk0SHJ5bWhpZktNb2NF
+            bE83d2UvSk1BZ1JaemlCVkx1UFdTbkEKLS0tIDZMOTZDSWwzWlROWDdhM1hJUE41
+            QnVWQUFyVDhNWG5zZUV2Zmg3OHFBSm8Kv//fBjk+O5kH9FlYSB5Sk8nx7rFtcSqN
+            MSTATQzF+ZqXhS2Ssi6u2eeZDU0INr5u6QoOQO8dD8u98288z0XxXQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1qwdxl2jdwu2feee4ttlhr06682026gftt9n6cw9n6yxjsr2vzy7se389re
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhenJvaCszWHpoeUdJWWtY
-            bTFSY2kxU0dCL2JvMXJQWHdpMGdaT0J4Z0hFCkJUNHVSd1A3MytJb1p3aVE2T0JF
-            MkgzaDluVXdJV2ZJb2pITVBGTFlNOUkKLS0tIFdCU0V4MFh1elN0ZWEzVS9OcVNI
-            NlNKT3g5dWlZckM0MTVwNVAzajU0YkEKyY98VzxcSz9NqaBsKV89Wegr+d0ZuzJH
-            Yt5R1uCjeBHBNW3++qVRf2koWouPpMYa69eDrlRUkL0SkJXVC4QzqQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0eXZLOWgvL1daK1hMMTl2
+            ZUxrb1RzRlhNU2tUcEN5NDlwLzArRVFZalVjClEybkZaNmlDVS93TG1HN0o3Szdh
+            ODJFWVd0MjZISFd6TEhsU1NwY283NzAKLS0tIGxhczE1aEtPcFFleHA2aDBKSVdM
+            OFJWQUJ0bFJ2dEdaK0c1Mkl0Si9RbzAK9uFXgbK1kVTPUP3LcTa0C6oAjHe22HeO
+            +ng7/moK/4cp+RZojBUl/s7auQ3E9pcj7qp8BFpdplM0ur7+qT/Xcw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age19us4npj5aw2wcfglxzt5l2aemc8n79k6chfflmfjk2h40y37p9aspwmumc
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCWUtpMGtPVUJZZEQ0bEpX
+            OCtycmlIYWlhOHByR2pvdzNORFpQVGNqd1dVCnhhdEtKWlJrTGNvR3UzZTIyVUZr
+            WW5jdUVLaUJFdTFPU3pvdTMvcytxckUKLS0tIHAxdTEyZXNOY0dqQWhYYVl2RzJ5
+            RW13UEl1NEtza2NnTXY4YnFOY1d1QmsKxs+hTpa+s1jaG8T1tPo7FUtkEQA0WZpj
+            qjgrYGhFpg6dicovfkY6Ksyx4WXgw52GTMQZjyEo6FJObUvSF6TmGg==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2023-06-29T10:57:55Z"
     mac: ENC[AES256_GCM,data:cV3/ptlgCPM0G62bfxVJCW5xgx0rBsiaClifdFhPdqLbaJ2MpMCbujgw8RbX7RSKpq7tNMIrPaCvAmp5RQETd08FWnQbMjaKy2dDoQefYFspaDrv0atXU5ObXM37EEc2NMUgg/7U/JJPoeqUIBAOTyPA/Uf77HrY02LTxpW2Pwk=,iv:2C3RpLOo1ghkpygw9bWWX3JuSMJy2YHJZbLYJ1yLrmw=,tag:ZoLdrFEmM/ZFXLH1lV9vJA==,type:str]