hosts/thunderskin: init
This commit is contained in:
parent
df0bbbc83d
commit
8be3c9084c
8 changed files with 120 additions and 2 deletions
|
@ -31,6 +31,16 @@ in
|
|||
extraRoutes = [];
|
||||
};
|
||||
};
|
||||
mesh-node-thunderskin = {
|
||||
ipv4 = getExtAddr hours.thunderskin;
|
||||
extra = {
|
||||
meshIp = "10.1.1.4";
|
||||
inherit meshNet;
|
||||
pubKey = "xvSsFvCVK8h2wThZJ7E5K0fniTBIEIYOblkKIf3Cwy0=";
|
||||
privKeyFile = ./mesh-keys/thunderskin.age;
|
||||
extraRoutes = [];
|
||||
};
|
||||
};
|
||||
mesh-node-VEGAS = {
|
||||
ipv4 = getExtAddr hours.VEGAS;
|
||||
extra = {
|
||||
|
@ -54,7 +64,7 @@ in
|
|||
};
|
||||
services.wireguard = {
|
||||
nodes = {
|
||||
mesh = [ "checkmate" "VEGAS" "prophet" ];
|
||||
mesh = [ "checkmate" "thunderskin" "VEGAS" "prophet" ];
|
||||
};
|
||||
nixos = {
|
||||
mesh = ./mesh.nix;
|
||||
|
|
12
cluster/services/wireguard/mesh-keys/thunderskin.age
Normal file
12
cluster/services/wireguard/mesh-keys/thunderskin.age
Normal file
|
@ -0,0 +1,12 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 NO562A rdUnhWrA+Y4kORXQj3EXN2g0ocT+fCgWrWUzng4H2h0
|
||||
GpDWguEAJbruVKLsyg1UrajayaBTRqV4keuXOlUN4Dw
|
||||
-> ssh-ed25519 5/zT0w XhGp6wmN3PiZtYa7z5aTbTOesYsJ0ldJ9FAydDOBHjE
|
||||
KJKLJs5W9eVgyIxWvd7PGTCKF6+GKhfjCf/sS9oghKY
|
||||
-> ssh-ed25519 FfIUuQ H1Y6kiQrhvhXMFiZ5S1aKFV/squ7NaqduuaCk3T9dms
|
||||
8zn45DGkEH+vtkCjsnOlxeiZ+cEW/71bCYyj449axW0
|
||||
-> ZxL9h,-grease h7Z
|
||||
1EWFRzEk6ikC2LnZLuB4Z3n69SHr/AoxBZHjsha2K1DYKJspfb+NCrNVkC1A9F0t
|
||||
SllAo58gJsWkKdpyoKaE2nrV3SXoREMlcQvq/Z2X9WpR+A
|
||||
--- IxR5wj2vdqY/Tcsur39cFEICvfxmo2OrcdQFR4LLJRw
|
||||
[‚{{ËÈg=<•Ùi—“dJ9‹3ïEÔ;ƒ¨=ÙFeøgAXÞX\#¯¦”.<2E>%æÂðáó§=Ö<>^HT…c>)<29>q|¿{â7Íü
|
|
@ -11,6 +11,8 @@ in with tools.dns;
|
|||
fromLight = {
|
||||
checkmate = import ./checkmate tools;
|
||||
|
||||
thunderskin = import ./thunderskin tools;
|
||||
|
||||
VEGAS = import ./VEGAS tools;
|
||||
|
||||
prophet = import ./prophet tools;
|
||||
|
|
29
hosts/thunderskin/default.nix
Normal file
29
hosts/thunderskin/default.nix
Normal file
|
@ -0,0 +1,29 @@
|
|||
tools: {
|
||||
ssh.enable = true;
|
||||
ssh.id = with tools.dns; {
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGV8TbMvGXfAp9R2I9GdR7aLlGjxh2CW1pCZjQSB4TJp";
|
||||
hostNames = subResolve "thunderskin" "node";
|
||||
};
|
||||
|
||||
interfaces = {
|
||||
primary = {
|
||||
addr = "10.0.243.121";
|
||||
addrPublic = "140.238.208.154";
|
||||
link = "ens3";
|
||||
};
|
||||
};
|
||||
|
||||
hyprspace = {
|
||||
enable = true;
|
||||
id = "12D3KooWB9AUPorFoACkWbphyargRBV9osJsYuQDumtQ85j7Aqmg";
|
||||
addr = "10.100.3.4";
|
||||
listenPort = 995;
|
||||
};
|
||||
|
||||
enterprise = {
|
||||
subdomain = "node";
|
||||
};
|
||||
|
||||
system = "x86_64-linux";
|
||||
nixos = ./system.nix;
|
||||
}
|
12
hosts/thunderskin/hardware-configuration.nix
Normal file
12
hosts/thunderskin/hardware-configuration.nix
Normal file
|
@ -0,0 +1,12 @@
|
|||
{ modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
fileSystems."/boot" = { device = "/dev/disk/by-partlabel/boot"; fsType = "vfat"; };
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
|
||||
boot.initrd.kernelModules = [ "nvme" ];
|
||||
fileSystems."/" = { device = "/dev/disk/by-partlabel/rootfs"; fsType = "xfs"; };
|
||||
swapDevices = [ { device = "/dev/disk/by-partlabel/swap"; } ];
|
||||
}
|
36
hosts/thunderskin/system.nix
Normal file
36
hosts/thunderskin/system.nix
Normal file
|
@ -0,0 +1,36 @@
|
|||
{ depot, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
# Hardware
|
||||
./hardware-configuration.nix
|
||||
|
||||
depot.inputs.agenix.nixosModules.age
|
||||
|
||||
depot.nixosModules.hyprspace
|
||||
depot.nixosModules.sss
|
||||
depot.nixosModules.serverBase
|
||||
];
|
||||
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
networking.hostName = "thunderskin";
|
||||
networking.nameservers = [ depot.config.hours.VEGAS.interfaces.vstub.addr ];
|
||||
|
||||
time.timeZone = "Europe/Zurich";
|
||||
|
||||
networking.useDHCP = false;
|
||||
networking.interfaces.ens3.useDHCP = true;
|
||||
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
|
||||
services.openssh.enable = true;
|
||||
|
||||
zramSwap.enable = true;
|
||||
zramSwap.algorithm = "zstd";
|
||||
|
||||
system.stateVersion = "22.11";
|
||||
}
|
|
@ -1,6 +1,7 @@
|
|||
let
|
||||
max = (import ./users/max/userinfo.nix null).sshKeys;
|
||||
hosts = import ./hosts;
|
||||
hosts = builtins.mapAttrs (_: v: v._module.specialArgs.depot.reflection)
|
||||
(builtins.getFlake "git+file:.").nixosConfigurations;
|
||||
systemKeys = x: x.ssh.id.publicKey or null;
|
||||
in with hosts;
|
||||
{
|
||||
|
@ -25,6 +26,7 @@ in with hosts;
|
|||
"cluster/services/patroni/passwords/rewind.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
||||
"cluster/services/patroni/passwords/superuser.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
||||
"cluster/services/wireguard/mesh-keys/checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];
|
||||
"cluster/services/wireguard/mesh-keys/thunderskin.age".publicKeys = max ++ map systemKeys [ thunderskin ];
|
||||
"cluster/services/wireguard/mesh-keys/VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
"cluster/services/wireguard/mesh-keys/prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
|
||||
"secrets/coturn-static-auth.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
|
@ -42,6 +44,7 @@ in with hosts;
|
|||
"secrets/hydra-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
"secrets/hydra-s3.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
"secrets/hyprspace-key-checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];
|
||||
"secrets/hyprspace-key-thunderskin.age".publicKeys = max ++ map systemKeys [ thunderskin ];
|
||||
"secrets/hyprspace-key-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
"secrets/hyprspace-key-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
|
||||
"secrets/keycloak-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
|
|
14
secrets/hyprspace-key-thunderskin.age
Normal file
14
secrets/hyprspace-key-thunderskin.age
Normal file
|
@ -0,0 +1,14 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 NO562A xFdhijkkXkGwJmF0ekFNV0mgPSp0CaBCz7PdaMV4Ck0
|
||||
MgsRuHirIkT6SJSaK5BOVYAdqbIP4cY/3a/mC0MmgsU
|
||||
-> ssh-ed25519 5/zT0w uAozit3cZSeov1Otr6JyPVuH/mR4i9IjCSylNA82ZH8
|
||||
jMzwI2jUjhJwf/UrI/WDgS1OEmi6jzhbK5HiZ8Osekg
|
||||
-> ssh-ed25519 FfIUuQ uTno5RRkc9uAyNorlpV6EkWhRHUaobo7gNjf6VA41Uc
|
||||
W+ZNWqC9HScYo2P6880J1YGWtYxneVZ/o0TATZJPNcc
|
||||
-> ^?yJ-grease
|
||||
3EJ2gFOTRng9qiy8wEbs6CVj1xMhr9M0vFdWMr6kiDNz5Y0zd2GRSnY9sYVlgyxe
|
||||
M+XBfn4TvG+JJvbBn3PAXqPl/vGJHCN06mZODd28qYg9lacF4uZQT2QDxS5fvwCI
|
||||
xew
|
||||
--- fqQAgulJ30Lcl3qbj6a7U4HVAKTed+kl5afz+JmUytk
|
||||
Æþ_§Mÿ2•YŠÐçÁ ÎÈoä´.÷³åcT+몴åAïµãšë„KäÂõ.´<>!Ñ»n<C2BB>·¥'àò3}Ilù23'*ñ¬õ‡€šÙ£=Ì$ôùOq³EÙ9¿Lë“hÒ©TâÁÀÂÙÝÖÉ\ÕDK
ZÊ”#ò
|
||||
v©^èÏQ¦û‘
|
Loading…
Reference in a new issue