feat(tower01): Init

.forgejo/workflows/eval-nodes.yaml

@@ -120,6 +120,17 @@ jobs:
         STORE_USER: admin
       name: Build and cache storage01
       run: nix-shell -A eval-nodes --run cache-node
+  tower01:
+    runs-on: nix
+    steps:
+    - uses: actions/checkout@v3
+    - env:
+        BUILD_NODE: tower01
+        STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/
+        STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
+        STORE_USER: admin
+      name: Build and cache tower01
+      run: nix-shell -A eval-nodes --run cache-node
   vault01:
     runs-on: nix
     steps:

keys/default.nix

@@ -32,6 +32,7 @@ rec {
     ];
     rescue01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJa02Annu8o7ggPjTH/9ttotdNGyghlWfU9E8pnuLUf" ];
     storage01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA0s+rPcEcfWCqZ4B2oJiWT/60awOI8ijL1rtDM2glXZ" ];
+    tower01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICVpR+TMRLGAfhn7Q0C3tKOydYYjfoC/e1ZYbKpby01Z" ];
     vault01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJA6VA7LENvTRlKdcrqt8DxDOPvX3bg3Gjy9mNkdFEW" ];
     web01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR+lewuJ/zhCyizJGJOH1UaAB699ItNKEaeuoK57LY5" ];
     web02 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID+QDE+GgZs6zONHvzRW15BzGJNW69k2BFZgB/Zh/tLX" ];

machines/nixos/tower01/_configuration.nix

@@ -0,0 +1,17 @@
+# SPDX-FileCopyrightText: 2024 Elias Coppens <elias@dgnum.eu>
+#
+# SPDX-License-Identifier: EUPL-1.2
+
+{ lib, ... }:
+
+lib.extra.mkConfig {
+  enabledModules = [ ];
+
+  enabledServices = [ ];
+
+  extraConfig = {
+    services.netbird.enable = true;
+  };
+
+  root = ./.;
+}

machines/nixos/tower01/_hardware-configuration.nix

@@ -0,0 +1,122 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  networking.hostId = "7874d06e";
+
+  boot = {
+    initrd = {
+      availableKernelModules = [
+        "ehci_pci"
+        "ahci"
+        "mpt3sas"
+        "usbhid"
+        "usb_storage"
+        "sd_mod"
+      ];
+      kernelModules = [ ];
+
+      luks.devices = {
+        rootfs01 = {
+          device = "/dev/disk/by-label/rootfs01";
+          keyFile = "/dev/zero";
+          keyFileSize = 1;
+        };
+        rootfs02 = {
+          device = "/dev/disk/by-label/rootfs02";
+          keyFile = "/dev/zero";
+          keyFileSize = 1;
+        };
+        slow0101 = {
+          device = "/dev/disk/by-label/slow0101";
+          keyFile = "/dev/zero";
+          keyFileSize = 1;
+        };
+        slow0102 = {
+          device = "/dev/disk/by-label/slow0102";
+          keyFile = "/dev/zero";
+          keyFileSize = 1;
+        };
+        slow0201 = {
+          device = "/dev/disk/by-label/slow0201";
+          keyFile = "/dev/zero";
+          keyFileSize = 1;
+        };
+        slow0202 = {
+          device = "/dev/disk/by-label/slow0202";
+          keyFile = "/dev/zero";
+          keyFileSize = 1;
+        };
+        slow0301 = {
+          device = "/dev/disk/by-label/slow0301";
+          keyFile = "/dev/zero";
+          keyFileSize = 1;
+        };
+        slow0302 = {
+          device = "/dev/disk/by-label/slow0302";
+          keyFile = "/dev/zero";
+          keyFileSize = 1;
+        };
+      };
+    };
+
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "rootfs";
+      fsType = "zfs";
+    };
+
+    # boot1 = boot partition (primary)
+    # boot2 = boot partition (backup)
+
+    "/boot1" = {
+      device = "/dev/disk/by-uuid/1965-5D59";
+      fsType = "vfat";
+      options = [
+        "fmask=0022"
+        "dmask=0022"
+      ];
+    };
+
+    "/boot2" = {
+      device = "/dev/disk/by-uuid/19C4-49E1";
+      fsType = "vfat";
+      options = [
+        "fmask=0022"
+        "dmask=0022"
+      ];
+    };
+
+    "/nix" = {
+      device = "rootfs/nix";
+      fsType = "zfs";
+    };
+
+    "/var" = {
+      device = "rootfs/var";
+      fsType = "zfs";
+    };
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/7614fa12-c6a7-456e-9620-eb9c0e025140"; }
+    { device = "/dev/disk/by-uuid/eb0aef44-b264-4f94-b847-3ad5dcc19ffd"; }
+  ];
+
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

machines/nixos/tower01/secrets/secrets.nix

@@ -0,0 +1,7 @@
+# SPDX-FileCopyrightText: 2024 La Délégation Générale Numérique <context@dgnum.eu>
+#
+# SPDX-License-Identifer: EUPL-1.2
+
+(import ../../../../keys).mkSecrets [ "tower01" ] [
+
+]

meta/network.nix

@@ -189,6 +189,29 @@
     netbirdIp = "100.80.156.154";
   };
 
+  tower01 = {
+    interfaces = {
+      eno2 = {
+        ipv4 = [
+          {
+            address = "129.199.210.119";
+            prefixLength = 24;
+          }
+        ];
+
+        gateways = [ "129.199.210.254" ];
+
+        dns = [
+          "129.199.96.11"
+          "129.199.72.99"
+        ];
+      };
+    };
+
+    hostId = "7874d06e";
+    netbirdIp = "100.80.185.124";
+  };
+
   vault01 = {
     interfaces = {
       vlan-uplink-cri = {

meta/nodes/nixos.nix

@@ -182,6 +182,21 @@
     ];
   };
 
+  tower01 = {
+    site = "oik01";
+
+    hashedPassword = "$y$j9T$axihKDa.CrYcyoamJWxBq1$bl4TfropTrwLqMy6XK0DKkWRyx9b74kyI/ukE8X5iiD";
+
+    stateVersion = "24.11";
+
+    nixpkgs = {
+      version = "24.11";
+      system = "nixos";
+    };
+
+    admins = [ "ecoppens" ];
+  };
+
   vault01 = {
     site = "hyp01";
     deployment.targetHost = "vault01.hyp01.infra.dgnum.eu";