marc/samfelag
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added Thingvellir

Browse Source
This commit is contained in:
marc
2024-02-11 22:06:54 +01:00
parent e716f7cb7d
commit 5cce9461c1
13 changed files with 131 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/hosts.org
View File

@@ -1,7 +1,5 @@
#+title: Hosts #+title: Hosts
* [[file:../hosts/reykjavik/README.org][Reykjavik]] * Setting up a new host
* [[file:../hosts/kopavogur/README.org][Kopavogur]]
* <<new_host>> Setting up a new host
** Generate a host ssh key pair ** Generate a host ssh key pair
Generate the key pair (we'll use the name `id_<host>`) Generate the key pair (we'll use the name `id_<host>`)
#+BEGIN_SRC bash #+BEGIN_SRC bash
@@ -37,3 +35,6 @@ Host remotehost
IdentitiesOnly yes IdentitiesOnly yes
IdentityFile ~/.ssh/remotehost IdentityFile ~/.ssh/remotehost
#+END_SRC #+END_SRC
* List of hosts
** [[file:../hosts/reykjavik/README.org][Reykjavik]]
** [[file:../hosts/kopavogur/README.org][Kopavogur]]

4
docs/install.org
View File

@@ -1,9 +1,9 @@
#+title: Installing #+title: Installing
* Set up * Set up
** If new host, follow [[new_host][Setting up a new host]] ** If new host, follow [[file:hosts.org][Setting up a new host]]
** Open a nix-shell with dependencies ** Open a nix-shell with dependencies
#+BEGIN_SRC bash #+BEGIN_SRC bash
nix shell nixpkgs#git nix-shell -p git
#+END_SRC #+END_SRC
** Obtain the flake ** Obtain the flake
+ Via git clone + Via git clone

2
hosts/thingvellir/README.org Normal file
View File

@@ -0,0 +1,2 @@
* Thingvellir
Servidor a Vultr

45
hosts/thingvellir/default.nix Normal file
View File

@@ -0,0 +1,45 @@
{ config, pkgs, lib, inputs, ... }:
with lib;
{
imports = [
./hardware.nix
];
# - Basic --------------------------------------
user.name = "marc";
user.shell = pkgs.zsh;
networking.hostName = "thingvellir";
networking.firewall = {
enable = true;
};
# - Bootloader ---------------------------------
boot.loader.grub = {
enable = true;
device = "/dev/vda";
};
# - Modules ------------------------------------
samfelag.modules = {
# - Common -----------------------------------
# See modules/common.nix for common packages installed
# - System -----------------------------------
system.utils.enable = true;
system.gpg.enable = true;
system.pass.enable = true;
system.ssh.enable = true;
system.sshfs.enable = true;
# - Editors and development ------------------
dev.git.userName = "marc";
dev.git.userEmail = "marc@sastre.cat";
dev.docker.enable = true;
dev.docker.users = ["marc"];
};
}

36
hosts/thingvellir/hardware.nix Normal file
View File

@@ -0,0 +1,36 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
boot = {
initrd = {
availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
kernelModules = [ ];
};
kernelModules = [ ];
extraModulePackages = [ ];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
};
swapDevices = [
{ device = "/dev/disk/by-label/swap"; }
];
networking = {
useDHCP = lib.mkDefault true;
interfaces = {
ens3.useDHCP = lib.mkDefault true;
};
nameservers = [ "108.61.10.10" ];
};
virtualisation.hypervGuest.enable = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

BIN
secrets/consul.d/agent-token-reykjavik.json.age
View File

Binary file not shown.

7
secrets/consul.d/agent-token-thingvellir.json.age Normal file
View File

@@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 GWuf0Q mCQbETRLULM4/f70NUKHvn9iSDdfnM1a1PDRGVnS9ys
CNFbhSDNq3cOmyrc56w75ZUZXPfVgT29F5+fFoP5Kmk
-> ssh-ed25519 kNjiNQ jSJAUXcGPZiKvLqab9BBfjCsSrM1FhYfbKgHg81L7E8
xcbPJUR3TvY0PiBrY62+UxUeZ/dfVLt0uTj2+giwtkM
--- roH7F9Fb3B1lcvSiDoM/e1vCmFRbUupKGF+pRUO7gek
Óã1°œ¨è§X"

BIN
secrets/consul.d/consul-agent-ca.pem.age
View File

Binary file not shown.

12
secrets/consul.d/gossip.json.age
View File

@@ -1,5 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 GWuf0Q PZ9afqz3THF8vuV1bBzKU2QQ5j0cA7TriznFu1/eF1Q -> ssh-ed25519 GWuf0Q Mr94MtZjrZxrlA7IoiyDQmup8YiALGJqmf0A4JTUNUo
sk8JAVRjCyhjjkebWtqJaxoacxiYSdir7w9Ep9ch0/4 y3Y+XaXPyGgAR0a48s0IKvAugOdeEIuRpWv7pacJxWw
--- lBViOk0i5qkicV2kqyGSI/fiEjtyrGqKAoUIzz3V9lQ -> ssh-ed25519 zhVGHw MhDh4XhG85MU4J8VmR4/mhQOPF9KQFGcytrH0CFaYTQ
Ã8"ŸVô 9F5HgLtxP8fB7kQYjRxjFnoGL6+Hpa+/+QAiByJuPg0
-> ssh-ed25519 kNjiNQ CnJ2jD2dbyixR0mBPu1ZjX3Ms/jDxkPQs03O222PN0U
MkcCN9OVhcdI5ReVAR/uW+bX3kNNBBPR7YI0DygNr1I
--- KzWsU/aTm7iuKmC9P5al90irn7+yvJSC6Z4jPd9uzhI
<EFBFBD>RlëIëW§{>I×Vl€ï§uaãäÞ;hDŸ4 ½J.¥Ü•;¬¿U·v£~>EÛjY {ÄoÇû¬ùÍXá¡Ýn¬V(ÜUa׸<02> Oiö—ª<E28094>Š4+IÇò|¡ˆ

12
secrets/nomad.d/consul-token.json.age
View File

@@ -1,5 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 GWuf0Q BbOx6cx+uu2ortgM+FKdQ58Mq/88oiilwQG4H9omY0c -> ssh-ed25519 GWuf0Q xVuLRTTmTLzFJKyh9RIdq0ZEgoIc6lQs4TlQ9ypb6As
yfQ092ZhIXDUfRK/1McsaKo3RnGvbmjtZcU1k769GX0 TtblfYeBV1RpE8717ShUFh2wLmM5K5PviOVr0EyG4Qk
--- ddjUdGmBLlYX2jY3FuEr11FudpoSP+gI+0PxIsJ1BZo -> ssh-ed25519 zhVGHw hD2BDVwJMT1nQKvqFU04ih71pFhweIXK9+gk5KzbfGY
؉>_ÿüF¹$j?.<2E>´ %kmLj9/zf…ù&g*VG^.ôÈT^¬ýHÛ·‰>ªp$Í+•ÑEýqPù&mu ïLJóÔÚè½ÀqËÊ¢f…µæÉvOnŒÑúHªèîÿW¿<57>Áî±c8Mn¥Ólßpú <0B>¾ª°Õj'ô©ö½xIŽ»ó'| KmyxI4yLdlnbvAbENN9bLHFNpB8Hz6EVCLeQNsaHEho
-> ssh-ed25519 kNjiNQ 0WpE6n5Cu0F/r0LOpWV8DKtx90xssu6rA706/D0I+Q0
nCSLiH6A5jsne2Z4tLq05EA3FDYThPvavJqtn4LfO5I
--- qtwiXJDiyOdy3XRMZLdwEWdDkpHVn+COhqmHR86cDJM
ž3…ô<EFBFBD>0Üàâl½¹ÇëëÞ¨UȻǥ-B<>©²fuÇZ#.´ñµ^q¢™<C2A2>ÒåTyi8Ç=ÂÈð\ße'ðY„¤ôKЯ®É¸)g ´<1E>SvýÅ7ÇÔ[®Ì"&ó.H“éÝ·ÖÉþ8ôò]í ¨˜xµg_þßÐjÆ

22
secrets/secrets.nix
View File

@@ -1,14 +1,28 @@
let let
id-reykjavik = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFwwpKfxNmUyBoPZqz1jYc6arCdHPvJrEsBN49m/P3By"; id-reykjavik = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFwwpKfxNmUyBoPZqz1jYc6arCdHPvJrEsBN49m/P3By";
id-hvannadal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICy1ocZywBvFHpIj+FvaC7QspRWuLXjy6fwakq9t+0Ev"; id-hvannadal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICy1ocZywBvFHpIj+FvaC7QspRWuLXjy6fwakq9t+0Ev";
id-thingvellir = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEIvWEwYayFK8iRb4g2+cnQXlqiMBu3aWxTahXkaCNG7";
# --- Host lists ---
# Since we want to be able to manage/edit all secrets from reykjavik, we create helper lists that
# always contain reykjavik
reykjavik = [id-reykjavik];
thingvellir = [id-reykjavik id-thingvellir];
samfelag-hosts = [
id-reykjavik
id-hvannadal
id-thingvellir
];
in in
{ {
# -- Consul ------------------------------- # -- Consul -------------------------------
"consul.d/gossip.json.age".publicKeys = [id-reykjavik]; "consul.d/gossip.json.age".publicKeys = samfelag-hosts;
"consul.d/consul-agent-ca.pem.age".publicKeys = [id-reykjavik]; "consul.d/consul-agent-ca.pem.age".publicKeys = samfelag-hosts;
# Agent tokens # Agent tokens
"consul.d/agent-token-reykjavik.json.age".publicKeys = [id-reykjavik]; "consul.d/agent-token-reykjavik.json.age".publicKeys = reykjavik;
"consul.d/agent-token-thingvellir.json.age".publicKeys = thingvellir;
# -- Nomad ------------------------------- # -- Nomad -------------------------------
"nomad.d/consul-token.json.age".publicKeys = [id-reykjavik]; "nomad.d/consul-token.json.age".publicKeys = samfelag-hosts;
} }

BIN
secrets/ssh-keys/id_thingvellir.gpg Normal file
View File

Binary file not shown.

1
secrets/ssh-keys/id_thingvellir.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEIvWEwYayFK8iRb4g2+cnQXlqiMBu3aWxTahXkaCNG7 marc@reykjavik