Added consul and nomad to thingvellir

2024-02-12 21:59:30 +01:00
parent 3f06ae0cb2
commit 360adace1e
5 changed files with 32 additions and 10 deletions
--- a/docs/hosts.org
+++ b/docs/hosts.org
@@ -13,6 +13,16 @@ You can decrypt it later with:
 #+begin_src bash
 gpg -d id_<host>.gpg > id_<host>
 #+end_src
+** Deploy the ssh keypair
+You can use scp:
+#+begin_src bash
+scp id_<host> <user>@<host>:.ssh/id_<host>
+scp id_<host>.pub <user>@<host>:.ssh/id_<host>.pub
+#+end_src
+Create a symbolic link for the host key (so we can use uniform naming in other parts):
+#+begin_src bash
+ln -s ~/.ssh/id_<host> ~/.ssh/id_ed25519
+#+end_src
 ** Add the public key to secrets.nix
 In the [[file:../secrets/secrets.nix][agenix secrets file]] add the public key, and give access to the necessary secrets.
 Remember to rekey the secrets afterwards:
--- a/docs/install.org
+++ b/docs/install.org
@@ -102,8 +102,14 @@ sudo nixos-install --impure --root /mnt --flake '.#reykjavik'
 #+begin_src bash
 cp ~/.ssh/id_<hostname> /mnt/home/marc/.ssh/id_<hostname>
 #+end_src
-* Set up the user
+* Initialization
+Steps after reboot
+** Set up the user
 You'll set the root password during the installation. You can then reboot and use the installed OS. First thing you'll have to do is log in as root and set the password for your user:
 #+BEGIN_SRC bash
 passwd marc
 #+END_SRC
+** Log into tailscale
+#+begin_src bash
+sudo tailscale up
+#+end_src
--- a/hosts/reykjavik/default.nix
+++ b/hosts/reykjavik/default.nix
@@ -63,15 +63,6 @@ in
    system.pass.enable = true;
    system.sshfs.enable = true;

-    # - Server ----------------------------------
-    # server.consul = {
-    #   enable = true;
-    #   agent-token = config.age.secrets."consul.d/agent-token-reykjavik.json".path;
-    # };
-    # server.nomad = {
-    #   enable = true;
-    # };
-
    # - Desktop ----------------------------------
    desktop = {
      inherit wallpaper;
--- a/hosts/thingvellir/default.nix
+++ b/hosts/thingvellir/default.nix
@@ -41,6 +41,15 @@ with lib;
    system.ssh.enable = true;
    system.sshfs.enable = true;

+    # - Server ----------------------------------
+    server.consul = {
+      enable = true;
+      agent-token = config.age.secrets."consul.d/agent-token-thingvellir.json".path;
+    };
+    server.nomad = {
+      enable = true;
+    };
+
    # - Editors and development ------------------
    dev.git.userName = "marc";
    dev.git.userEmail = "marc@sastre.cat";
--- a/modules/secrets.nix
+++ b/modules/secrets.nix
@@ -27,6 +27,12 @@ in
        group = "consul";
        mode = "644";
      };
+      "consul.d/agent-token-thingvellir.json" = {
+        file = ../secrets/consul.d/agent-token-thingvellir.json.age;
+        owner = "consul";
+        group = "consul";
+        mode = "644";
+      };
    } //
    # Nomad -------------------------------
    lib.optionalAttrs nomadCfg.enable {