Added Thingvellir

2024-02-11 22:06:54 +01:00
parent e716f7cb7d
commit 5cce9461c1
13 changed files with 131 additions and 17 deletions
--- a/docs/hosts.org
+++ b/docs/hosts.org
@@ -1,7 +1,5 @@
 #+title: Hosts
-* [[file:../hosts/reykjavik/README.org][Reykjavik]]
-* [[file:../hosts/kopavogur/README.org][Kopavogur]]
-* <<new_host>> Setting up a new host
+* Setting up a new host
 ** Generate a host ssh key pair
 Generate the key pair (we'll use the name `id_<host>`)
 #+BEGIN_SRC bash
@@ -37,3 +35,6 @@ Host remotehost
  IdentitiesOnly yes
  IdentityFile ~/.ssh/remotehost
 #+END_SRC
+* List of hosts
+** [[file:../hosts/reykjavik/README.org][Reykjavik]]
+** [[file:../hosts/kopavogur/README.org][Kopavogur]]
--- a/docs/install.org
+++ b/docs/install.org
@@ -1,9 +1,9 @@
 #+title: Installing
 * Set up
-** If new host, follow [[new_host][Setting up a new host]]
+** If new host, follow [[file:hosts.org][Setting up a new host]]
 ** Open a nix-shell with dependencies
 #+BEGIN_SRC bash
-nix shell nixpkgs#git
+nix-shell -p git
 #+END_SRC
 ** Obtain the flake
 + Via git clone
--- a/hosts/thingvellir/README.org
+++ b/hosts/thingvellir/README.org
@@ -0,0 +1,2 @@
+* Thingvellir
+Servidor a Vultr
--- a/hosts/thingvellir/default.nix
+++ b/hosts/thingvellir/default.nix
@@ -0,0 +1,45 @@
+{ config, pkgs, lib, inputs, ... }:
+
+with lib;
+{
+  imports = [
+    ./hardware.nix
+  ];
+
+  # - Basic --------------------------------------
+
+  user.name = "marc";
+  user.shell = pkgs.zsh;
+  networking.hostName = "thingvellir";
+  networking.firewall = {
+    enable = true;
+  };
+
+  # - Bootloader ---------------------------------
+
+  boot.loader.grub = {
+    enable = true;
+    device = "/dev/vda";
+  };
+
+  # - Modules ------------------------------------
+
+  samfelag.modules = {
+    # - Common -----------------------------------
+    # See modules/common.nix for common packages installed
+
+    # - System -----------------------------------
+    system.utils.enable = true;
+    system.gpg.enable = true;
+    system.pass.enable = true;
+    system.ssh.enable = true;
+    system.sshfs.enable = true;
+
+    # - Editors and development ------------------
+    dev.git.userName = "marc";
+    dev.git.userEmail = "marc@sastre.cat";
+
+    dev.docker.enable = true;
+    dev.docker.users = ["marc"];
+  };
+}
--- a/hosts/thingvellir/hardware.nix
+++ b/hosts/thingvellir/hardware.nix
@@ -0,0 +1,36 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [  ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
+      kernelModules = [ ];
+    };
+    kernelModules = [ ];
+    extraModulePackages = [ ];
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-label/nixos";
+      fsType = "ext4";
+    };
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-label/swap"; }
+  ];
+
+  networking = {
+    useDHCP = lib.mkDefault true;
+    interfaces = {
+      ens3.useDHCP = lib.mkDefault true;
+    };
+    nameservers = [ "108.61.10.10" ];
+  };
+
+  virtualisation.hypervGuest.enable = true;
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
--- a/secrets/consul.d/agent-token-reykjavik.json.age
+++ b/secrets/consul.d/agent-token-reykjavik.json.age
--- a/secrets/consul.d/agent-token-thingvellir.json.age
+++ b/secrets/consul.d/agent-token-thingvellir.json.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 GWuf0Q mCQbETRLULM4/f70NUKHvn9iSDdfnM1a1PDRGVnS9ys
+CNFbhSDNq3cOmyrc56w75ZUZXPfVgT29F5+fFoP5Kmk
+-> ssh-ed25519 kNjiNQ jSJAUXcGPZiKvLqab9BBfjCsSrM1FhYfbKgHg81L7E8
+xcbPJUR3TvY0PiBrY62+UxUeZ/dfVLt0uTj2+giwtkM
+--- roH7F9Fb3B1lcvSiDoM/e1vCmFRbUupKGF+pRUO7gek
+Óã–1°œ¨è§X"
--- a/secrets/consul.d/consul-agent-ca.pem.age
+++ b/secrets/consul.d/consul-agent-ca.pem.age
--- a/secrets/consul.d/gossip.json.age
+++ b/secrets/consul.d/gossip.json.age
@@ -1,5 +1,9 @@
 age-encryption.org/v1
-> ssh-ed25519 GWuf0Q PZ9afqz3THF8vuV1bBzKU2QQ5j0cA7TriznFu1/eF1Q
-sk8JAVRjCyhjjkebWtqJaxoacxiYSdir7w9Ep9ch0/4
--- lBViOk0i5qkicV2kqyGSI/fiEjtyrGqKAoUIzz3V9lQ
-Ã8"ŸVô
+-> ssh-ed25519 GWuf0Q Mr94MtZjrZxrlA7IoiyDQmup8YiALGJqmf0A4JTUNUo
+y3Y+XaXPyGgAR0a48s0IKvAugOdeEIuRpWv7pacJxWw
+-> ssh-ed25519 zhVGHw MhDh4XhG85MU4J8VmR4/mhQOPF9KQFGcytrH0CFaYTQ
+9F5HgLtxP8fB7kQYjRxjFnoGL6+Hpa+/+QAiByJuPg0
+-> ssh-ed25519 kNjiNQ CnJ2jD2dbyixR0mBPu1ZjX3Ms/jDxkPQs03O222PN0U
+MkcCN9OVhcdI5ReVAR/uW+bX3kNNBBPR7YI0DygNr1I
+--- KzWsU/aTm7iuKmC9P5al90irn7+yvJSC6Z4jPd9uzhI
+<EFBFBD>RlëIëW§{>I×Vl€ï§uaãäÞ;hDŸ4½J.¥Ü•;¬¿UÎ‡v£~>EÛjY{ÄoÇû¬ùÍXá¡Ýn¬V(ÜUa’×¸&œ<02> ›Oiö—ª<E28094>Š›4+IÇò|¡ˆ
--- a/secrets/nomad.d/consul-token.json.age
+++ b/secrets/nomad.d/consul-token.json.age
@@ -1,5 +1,9 @@
 age-encryption.org/v1
-> ssh-ed25519 GWuf0Q BbOx6cx+uu2ortgM+FKdQ58Mq/88oiilwQG4H9omY0c
-yfQ092ZhIXDUfRK/1McsaKo3RnGvbmjtZcU1k769GX0
--- ddjUdGmBLlYX2jY3FuEr11FudpoSP+gI+0PxIsJ1BZo
-Ø‰>_ÿüF¹$j?.<2E>Eœ´g·%kmÇ‘—ˆ9‘/zf…ù&g*VG^.ôÈ–T^¬ýHÛ·‰>ªp$Í+•–ÑEýqPù&mu ïÇ‡óÔÚè½ÀqËÊ¢f…µæÉvOnŒÑúHªèîÿW¿<57>Áî±c8Mn¥Ólßpú<0B>¾ª°Õj'ô©ö’½xIŽ»ó'|
+-> ssh-ed25519 GWuf0Q xVuLRTTmTLzFJKyh9RIdq0ZEgoIc6lQs4TlQ9ypb6As
+TtblfYeBV1RpE8717ShUFh2wLmM5K5PviOVr0EyG4Qk
+-> ssh-ed25519 zhVGHw hD2BDVwJMT1nQKvqFU04ih71pFhweIXK9+gk5KzbfGY
+KmyxI4yLdlnbvAbENN9bLHFNpB8Hz6EVCLeQNsaHEho
+-> ssh-ed25519 kNjiNQ 0WpE6n5Cu0F/r0LOpWV8DKtx90xssu6rA706/D0I+Q0
+nCSLiH6A5jsne2Z4tLq05EA3FDYThPvavJqtn4LfO5I
+--- qtwiXJDiyOdy3XRMZLdwEWdDkpHVn+COhqmHR86cDJM
+ž3…ô<EFBFBD>0Üàâl½¹Çë’ëÞ¨UÈ»Ç’¥-B<>©²fuÇZ#.´ñµ^q¢™<C2A2>ÒåTyi8Ç=ÂÈð\ße'ðY„¤ôKÐ¯®É¸)g ´<1E>SvýÅ7ÇÔ[®Ì"&ó.H“éÝ·ÖÉþ8ôò]í	¨˜‚xµg_þßÐjÆ
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,14 +1,28 @@
 let
  id-reykjavik = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFwwpKfxNmUyBoPZqz1jYc6arCdHPvJrEsBN49m/P3By";
  id-hvannadal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICy1ocZywBvFHpIj+FvaC7QspRWuLXjy6fwakq9t+0Ev";
+  id-thingvellir = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEIvWEwYayFK8iRb4g2+cnQXlqiMBu3aWxTahXkaCNG7";
+
+  # --- Host lists ---
+  # Since we want to be able to manage/edit all secrets from reykjavik, we create helper lists that
+  # always contain reykjavik
+  reykjavik = [id-reykjavik];
+  thingvellir = [id-reykjavik id-thingvellir];
+
+  samfelag-hosts = [
+    id-reykjavik
+    id-hvannadal
+    id-thingvellir
+  ];
 in
 {
  # -- Consul -------------------------------
-  "consul.d/gossip.json.age".publicKeys = [id-reykjavik];
-  "consul.d/consul-agent-ca.pem.age".publicKeys = [id-reykjavik];
+  "consul.d/gossip.json.age".publicKeys = samfelag-hosts;
+  "consul.d/consul-agent-ca.pem.age".publicKeys = samfelag-hosts;
  # Agent tokens
-  "consul.d/agent-token-reykjavik.json.age".publicKeys = [id-reykjavik];
+  "consul.d/agent-token-reykjavik.json.age".publicKeys = reykjavik;
+  "consul.d/agent-token-thingvellir.json.age".publicKeys = thingvellir;

  # -- Nomad -------------------------------
-  "nomad.d/consul-token.json.age".publicKeys = [id-reykjavik];
+  "nomad.d/consul-token.json.age".publicKeys = samfelag-hosts;
 }
--- a/secrets/ssh-keys/id_thingvellir.gpg
+++ b/secrets/ssh-keys/id_thingvellir.gpg
--- a/secrets/ssh-keys/id_thingvellir.pub
+++ b/secrets/ssh-keys/id_thingvellir.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEIvWEwYayFK8iRb4g2+cnQXlqiMBu3aWxTahXkaCNG7 marc@reykjavik
				`@@ -0,0 +1 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEIvWEwYayFK8iRb4g2+cnQXlqiMBu3aWxTahXkaCNG7 marc@reykjavik`