privatevoid.net/depot
1
1
Fork 0
Code Issues 23 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

hosts/thunderskin: init

Browse source
This commit is contained in:
Max Headroom 2023-03-20 19:52:07 +01:00
parent df0bbbc83d
commit 8be3c9084c
8 changed files with 120 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
cluster/services/wireguard/default.nix
View file

@ -31,6 +31,16 @@ in
extraRoutes = []; extraRoutes = [];
}; };
}; };
mesh-node-thunderskin = {
ipv4 = getExtAddr hours.thunderskin;
extra = {
meshIp = "10.1.1.4";
inherit meshNet;
pubKey = "xvSsFvCVK8h2wThZJ7E5K0fniTBIEIYOblkKIf3Cwy0=";
privKeyFile = ./mesh-keys/thunderskin.age;
extraRoutes = [];
};
};
mesh-node-VEGAS = { mesh-node-VEGAS = {
ipv4 = getExtAddr hours.VEGAS; ipv4 = getExtAddr hours.VEGAS;
extra = { extra = {
@ -54,7 +64,7 @@ in
}; };
services.wireguard = { services.wireguard = {
nodes = { nodes = {
mesh = [ "checkmate" "VEGAS" "prophet" ]; mesh = [ "checkmate" "thunderskin" "VEGAS" "prophet" ];
}; };
nixos = { nixos = {
mesh = ./mesh.nix; mesh = ./mesh.nix;

12
cluster/services/wireguard/mesh-keys/thunderskin.age Normal file
View file

@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 NO562A rdUnhWrA+Y4kORXQj3EXN2g0ocT+fCgWrWUzng4H2h0
GpDWguEAJbruVKLsyg1UrajayaBTRqV4keuXOlUN4Dw
-> ssh-ed25519 5/zT0w XhGp6wmN3PiZtYa7z5aTbTOesYsJ0ldJ9FAydDOBHjE
KJKLJs5W9eVgyIxWvd7PGTCKF6+GKhfjCf/sS9oghKY
-> ssh-ed25519 FfIUuQ H1Y6kiQrhvhXMFiZ5S1aKFV/squ7NaqduuaCk3T9dms
8zn45DGkEH+vtkCjsnOlxeiZ+cEW/71bCYyj449axW0
-> ZxL9h,-grease h7Z
1EWFRzEk6ikC2LnZLuB4Z3n69SHr/AoxBZHjsha2K1DYKJspfb+NCrNVkC1A9F0t
SllAo58gJsWkKdpyoKaE2nrV3SXoREMlcQvq/Z2X9WpR+A
--- IxR5wj2vdqY/Tcsur39cFEICvfxmo2OrcdQFR4LLJRw
[{{ËÈg=<•Ùi—“dJ93ïEÔ;ƒ¨=ÙFeøgAXÞX\#¯¦”.<2E>%æÂðáó§=Ö<>^HT…c>)<29>q|¿{â 7Íü

2
hosts/part.nix
View file

@ -11,6 +11,8 @@ in with tools.dns;
fromLight = { fromLight = {
checkmate = import ./checkmate tools; checkmate = import ./checkmate tools;
thunderskin = import ./thunderskin tools;
VEGAS = import ./VEGAS tools; VEGAS = import ./VEGAS tools;
prophet = import ./prophet tools; prophet = import ./prophet tools;

29
hosts/thunderskin/default.nix Normal file
View file

@ -0,0 +1,29 @@
tools: {
ssh.enable = true;
ssh.id = with tools.dns; {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGV8TbMvGXfAp9R2I9GdR7aLlGjxh2CW1pCZjQSB4TJp";
hostNames = subResolve "thunderskin" "node";
};
interfaces = {
primary = {
addr = "10.0.243.121";
addrPublic = "140.238.208.154";
link = "ens3";
};
};
hyprspace = {
enable = true;
id = "12D3KooWB9AUPorFoACkWbphyargRBV9osJsYuQDumtQ85j7Aqmg";
addr = "10.100.3.4";
listenPort = 995;
};
enterprise = {
subdomain = "node";
};
system = "x86_64-linux";
nixos = ./system.nix;
}

12
hosts/thunderskin/hardware-configuration.nix Normal file
View file

@ -0,0 +1,12 @@
{ modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
fileSystems."/boot" = { device = "/dev/disk/by-partlabel/boot"; fsType = "vfat"; };
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/disk/by-partlabel/rootfs"; fsType = "xfs"; };
swapDevices = [ { device = "/dev/disk/by-partlabel/swap"; } ];
}

36
hosts/thunderskin/system.nix Normal file
View file

@ -0,0 +1,36 @@
{ depot, ... }:
{
imports =
[
# Hardware
./hardware-configuration.nix
depot.inputs.agenix.nixosModules.age
depot.nixosModules.hyprspace
depot.nixosModules.sss
depot.nixosModules.serverBase
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "thunderskin";
networking.nameservers = [ depot.config.hours.VEGAS.interfaces.vstub.addr ];
time.timeZone = "Europe/Zurich";
networking.useDHCP = false;
networking.interfaces.ens3.useDHCP = true;
i18n.defaultLocale = "en_US.UTF-8";
services.openssh.enable = true;
zramSwap.enable = true;
zramSwap.algorithm = "zstd";
system.stateVersion = "22.11";
}

5
secrets.nix
View file

@ -1,6 +1,7 @@
let let
max = (import ./users/max/userinfo.nix null).sshKeys; max = (import ./users/max/userinfo.nix null).sshKeys;
hosts = import ./hosts; hosts = builtins.mapAttrs (_: v: v._module.specialArgs.depot.reflection)
(builtins.getFlake "git+file:.").nixosConfigurations;
systemKeys = x: x.ssh.id.publicKey or null; systemKeys = x: x.ssh.id.publicKey or null;
in with hosts; in with hosts;
{ {
@ -25,6 +26,7 @@ in with hosts;
"cluster/services/patroni/passwords/rewind.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ]; "cluster/services/patroni/passwords/rewind.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
"cluster/services/patroni/passwords/superuser.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ]; "cluster/services/patroni/passwords/superuser.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
"cluster/services/wireguard/mesh-keys/checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ]; "cluster/services/wireguard/mesh-keys/checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];
"cluster/services/wireguard/mesh-keys/thunderskin.age".publicKeys = max ++ map systemKeys [ thunderskin ];
"cluster/services/wireguard/mesh-keys/VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "cluster/services/wireguard/mesh-keys/VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/wireguard/mesh-keys/prophet.age".publicKeys = max ++ map systemKeys [ prophet ]; "cluster/services/wireguard/mesh-keys/prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"secrets/coturn-static-auth.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "secrets/coturn-static-auth.age".publicKeys = max ++ map systemKeys [ VEGAS ];
@ -42,6 +44,7 @@ in with hosts;
"secrets/hydra-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "secrets/hydra-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/hydra-s3.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "secrets/hydra-s3.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/hyprspace-key-checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ]; "secrets/hyprspace-key-checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];
"secrets/hyprspace-key-thunderskin.age".publicKeys = max ++ map systemKeys [ thunderskin ];
"secrets/hyprspace-key-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "secrets/hyprspace-key-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/hyprspace-key-prophet.age".publicKeys = max ++ map systemKeys [ prophet ]; "secrets/hyprspace-key-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"secrets/keycloak-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "secrets/keycloak-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];

14
secrets/hyprspace-key-thunderskin.age Normal file
View file

@ -0,0 +1,14 @@
age-encryption.org/v1
-> ssh-ed25519 NO562A xFdhijkkXkGwJmF0ekFNV0mgPSp0CaBCz7PdaMV4Ck0
MgsRuHirIkT6SJSaK5BOVYAdqbIP4cY/3a/mC0MmgsU
-> ssh-ed25519 5/zT0w uAozit3cZSeov1Otr6JyPVuH/mR4i9IjCSylNA82ZH8
jMzwI2jUjhJwf/UrI/WDgS1OEmi6jzhbK5HiZ8Osekg
-> ssh-ed25519 FfIUuQ uTno5RRkc9uAyNorlpV6EkWhRHUaobo7gNjf6VA41Uc
W+ZNWqC9HScYo2P6880J1YGWtYxneVZ/o0TATZJPNcc
-> ^?yJ-grease
3EJ2gFOTRng9qiy8wEbs6CVj1xMhr9M0vFdWMr6kiDNz5Y0zd2GRSnY9sYVlgyxe
M+XBfn4TvG+JJvbBn3PAXqPl/vGJHCN06mZODd28qYg9lacF4uZQT2QDxS5fvwCI
xew
--- fqQAgulJ30Lcl3qbj6a7U4HVAKTed+kl5afz+JmUytk
Æþ_§Mÿ2­•YŠÐçÁ ÎÈoä´.÷³åcT+몴åAïµãšë„KäÂõ.´<>!Ñ»n<C2BB>·¥'àò3}Ilù23'*ñ¬õ‡€šÙ£=Ì$ôùOq³EÙ9¿Lë“hÒ©TâÁÀÂÙÝÖÉ\ÕDK ZÊ ”#ò
v©^èÏQ¦û