marc/samfelag
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added consul and nomad to thingvellir

Browse Source
This commit is contained in:
marc
2024-02-12 21:59:30 +01:00
parent 3f06ae0cb2
commit 360adace1e
5 changed files with 32 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/hosts.org
View File

@@ -13,6 +13,16 @@ You can decrypt it later with:
#+begin_src bash #+begin_src bash
gpg -d id_<host>.gpg > id_<host> gpg -d id_<host>.gpg > id_<host>
#+end_src #+end_src
** Deploy the ssh keypair
You can use scp:
#+begin_src bash
scp id_<host> <user>@<host>:.ssh/id_<host>
scp id_<host>.pub <user>@<host>:.ssh/id_<host>.pub
#+end_src
Create a symbolic link for the host key (so we can use uniform naming in other parts):
#+begin_src bash
ln -s ~/.ssh/id_<host> ~/.ssh/id_ed25519
#+end_src
** Add the public key to secrets.nix ** Add the public key to secrets.nix
In the [[file:../secrets/secrets.nix][agenix secrets file]] add the public key, and give access to the necessary secrets. In the [[file:../secrets/secrets.nix][agenix secrets file]] add the public key, and give access to the necessary secrets.
Remember to rekey the secrets afterwards: Remember to rekey the secrets afterwards:

8
docs/install.org
View File

@@ -102,8 +102,14 @@ sudo nixos-install --impure --root /mnt --flake '.#reykjavik'
#+begin_src bash #+begin_src bash
cp ~/.ssh/id_<hostname> /mnt/home/marc/.ssh/id_<hostname> cp ~/.ssh/id_<hostname> /mnt/home/marc/.ssh/id_<hostname>
#+end_src #+end_src
* Set up the user * Initialization
Steps after reboot
** Set up the user
You'll set the root password during the installation. You can then reboot and use the installed OS. First thing you'll have to do is log in as root and set the password for your user: You'll set the root password during the installation. You can then reboot and use the installed OS. First thing you'll have to do is log in as root and set the password for your user:
#+BEGIN_SRC bash #+BEGIN_SRC bash
passwd marc passwd marc
#+END_SRC #+END_SRC
** Log into tailscale
#+begin_src bash
sudo tailscale up
#+end_src

9
hosts/reykjavik/default.nix
View File

@@ -63,15 +63,6 @@ in
system.pass.enable = true; system.pass.enable = true;
system.sshfs.enable = true; system.sshfs.enable = true;
# - Server ----------------------------------
# server.consul = {
# enable = true;
# agent-token = config.age.secrets."consul.d/agent-token-reykjavik.json".path;
# };
# server.nomad = {
# enable = true;
# };
# - Desktop ---------------------------------- # - Desktop ----------------------------------
desktop = { desktop = {
inherit wallpaper; inherit wallpaper;

9
hosts/thingvellir/default.nix
View File

@@ -41,6 +41,15 @@ with lib;
system.ssh.enable = true; system.ssh.enable = true;
system.sshfs.enable = true; system.sshfs.enable = true;
# - Server ----------------------------------
server.consul = {
enable = true;
agent-token = config.age.secrets."consul.d/agent-token-thingvellir.json".path;
};
server.nomad = {
enable = true;
};
# - Editors and development ------------------ # - Editors and development ------------------
dev.git.userName = "marc"; dev.git.userName = "marc";
dev.git.userEmail = "marc@sastre.cat"; dev.git.userEmail = "marc@sastre.cat";

6
modules/secrets.nix
View File

@@ -27,6 +27,12 @@ in
group = "consul"; group = "consul";
mode = "644"; mode = "644";
}; };
"consul.d/agent-token-thingvellir.json" = {
file = ../secrets/consul.d/agent-token-thingvellir.json.age;
owner = "consul";
group = "consul";
mode = "644";
};
} // } //
# Nomad ------------------------------- # Nomad -------------------------------
lib.optionalAttrs nomadCfg.enable { lib.optionalAttrs nomadCfg.enable {