diff --git a/keys/machines/krz01.keys b/keys/machines/krz01.keys new file mode 100644 index 0000000..fc5ba52 --- /dev/null +++ b/keys/machines/krz01.keys @@ -0,0 +1,2 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP4o65gWOgNrxbSd3kiQIGZUM+YD6kuZOQtblvzUGsfB root@krz01 + diff --git a/machines/krz01/_configuration.nix b/machines/krz01/_configuration.nix new file mode 100644 index 0000000..3cb2df6 --- /dev/null +++ b/machines/krz01/_configuration.nix @@ -0,0 +1,26 @@ +{ lib, ... }: + +lib.extra.mkConfig { + enabledModules = [ + # INFO: This list needs to stay sorted alphabetically + ]; + + enabledServices = [ + # INFO: This list needs to stay sorted alphabetically + # "proxmox" + ]; + + extraConfig = { + dgn-hardware = { + useZfs = true; + zfsPools = [ + "dpool" + "ppool0" + ]; + }; + + #services.netbird.enable = true; + }; + + root = ./.; +} diff --git a/machines/krz01/_hardware-configuration.nix b/machines/krz01/_hardware-configuration.nix new file mode 100644 index 0000000..6b39e1a --- /dev/null +++ b/machines/krz01/_hardware-configuration.nix @@ -0,0 +1,50 @@ +{ + config, + lib, + modulesPath, + ... +}: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot = { + initrd = { + availableKernelModules = [ + "ehci_pci" + "ahci" + "mpt3sas" + "usbhid" + "sd_mod" + ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + }; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/92bf4d66-2693-4eca-9b26-f86ae09d468d"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."mainfs" = { + device = "/dev/disk/by-uuid/26f9737b-28aa-4c3f-bd3b-b028283cef88"; + keyFileSize = 1; + keyFile = "/dev/zero"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/280C-8844"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; + + swapDevices = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/machines/krz01/proxmox.nix b/machines/krz01/proxmox.nix new file mode 100644 index 0000000..47c17b7 --- /dev/null +++ b/machines/krz01/proxmox.nix @@ -0,0 +1,9 @@ +{ sources, ... }: +let + proxmox-nixos = import sources.proxmox-nixos; +in +{ + imports = [ proxmox-nixos.nixosModules.proxmox-ve ]; + services.proxmox-ve.enable = true; + nixpkgs.overlays = [ proxmox-nixos.overlays.x86_64-linux ]; +} diff --git a/machines/krz01/secrets/secrets.nix b/machines/krz01/secrets/secrets.nix new file mode 100644 index 0000000..057ed28 --- /dev/null +++ b/machines/krz01/secrets/secrets.nix @@ -0,0 +1,5 @@ +let + lib = import ../../../lib { }; +in + +lib.setDefault { publicKeys = lib.getNodeKeys "krz01"; } [ ] diff --git a/meta/network.nix b/meta/network.nix index 946b802..ee002df 100644 --- a/meta/network.nix +++ b/meta/network.nix @@ -29,6 +29,28 @@ netbirdIp = "100.80.75.197"; }; + krz01 = { + interfaces = { + eno1 = { + ipv4 = [ + { + address = "129.199.146.21"; + prefixLength = 24; + } + { + address = "192.168.1.145"; + prefixLength = 24; + } + ]; + + gateways = [ "129.199.146.254" ]; + enableDefaultDNS = true; + }; + }; + + hostId = "bd11e8fc"; + }; + geo01 = { interfaces = { eno1 = { diff --git a/meta/nodes.nix b/meta/nodes.nix index 2d7af2c..ce34fbc 100644 --- a/meta/nodes.nix +++ b/meta/nodes.nix @@ -70,6 +70,15 @@ nixpkgs = "24.05"; }; + krz01 = { + site = "pav01"; + + stateVersion = "24.05"; + nixpkgs = "24.05"; + + deployment.targetHost = "192.168.1.145"; + }; + storage01 = { site = "pav01"; stateVersion = "23.11"; diff --git a/modules/dgn-netbox-agent/netbox-agent b/modules/dgn-netbox-agent/netbox-agent index aa49dc0..6e3014b 100644 Binary files a/modules/dgn-netbox-agent/netbox-agent and b/modules/dgn-netbox-agent/netbox-agent differ diff --git a/modules/dgn-notify/mail b/modules/dgn-notify/mail index 47e86ec..a56ae44 100644 Binary files a/modules/dgn-notify/mail and b/modules/dgn-notify/mail differ diff --git a/modules/dgn-records/__arkheon-token_file b/modules/dgn-records/__arkheon-token_file index 20ed02d..8bdcba9 100644 --- a/modules/dgn-records/__arkheon-token_file +++ b/modules/dgn-records/__arkheon-token_file @@ -1,44 +1,46 @@ age-encryption.org/v1 --> ssh-ed25519 jIXfPA FhSZKBAccqBqfeayNqY3fhYSi+0NMxsxS3WsdvuVu2M -xT37RUaShiHdPBUnjWntSY43LqXsR8Pgz5kUZ/mgz2w --> ssh-ed25519 QlRB9Q xwok3cJ6SlGxlGi/UesKHVf+O4q9mn7btLweXJzeknI -LrigakDhwhHCHEaJ0eQx6TIke9vYLqXwwaUjusWOvSk --> ssh-ed25519 r+nK/Q DS8/iUfczVGxB/Hl6EkweNAGSM0ZhWqrFy4xn82QNH8 -0Z8KOLZtxh2c0JTeiPbz3ZDF3CYrDs7bmwKjjemTs0o +-> ssh-ed25519 jIXfPA sHMGZvBA3KQ+vgyPRvthm7RrZv+cpA8rVaLMG11tWzc +wb74jb8YFbu4hTaKECNpaCV5besptdBoXXstKd+eLTI +-> ssh-ed25519 QlRB9Q RILFFiLngUvfSPOmw6ZLmFLVyIIQqzib7LTV8hZP/w4 +na6S3iWEs3cxff30X59wD0SUNEP0/9LcuCyCUi7wgxg +-> ssh-ed25519 r+nK/Q Mtrr3NKJG1MBw150IZK1ZTKCglktIK8mV2M7FiLz9EQ +zEEJwKeucMsZePFTZF/Cxfcuqn7KiSoBmBnNVKX1jAY -> ssh-rsa krWCLQ -CDqVAHHD/1keQdgJZX5/hkiYMpZae1MocI5LjtWWg+QDkw1Bp6bNZLou8Uc2RG0H -xZIB+z1XSXf7iMla5l7RWbW+g61T38QKWoAwvAGFz+XOstBTDY4bWgSv1g6vm+6x -XuQLxCkj4cmy3dUsvaiiQXsstuMGOWSUbp2OQWfErzoVegHVCr/XKSAI1vMwQOWN -9tJUJCKEo2DTr5OmIL7kSWguVZYy77ta7JxmGbPrNQ7LJuRoZkUgX4V37SFgDKN4 -QgpupxXP/3oDhDSzZYbS6Fw+b7U01BwPyziY1kOYztv2qSoBJFMVtZS3oJEu4ChU -7MRHaN15cGZRsC5zIQAg9w --> ssh-ed25519 /vwQcQ ZPWBCoQ7imVFfTkUYrp4NGRnz3vskNtMgbV41F1s8BE -oTrgDNisd8Sqmxo0ZDpVSO5iURWNLrIlKABjys+gHhw --> ssh-ed25519 0R97PA CgUUW9m8+M1rpsCPAPyRC8VKvilDKMA8VkDqqDfbpAs -qJ/pa3VLh6650lDN5YPyYtxsDYMiRyTtK1yu+JeF3ww --> ssh-ed25519 JGx7Ng r8OMU9Grvd8yxzzUzeEH4iCPp8NBHVcQKQe13AJOKjE -eYC+/VMsoetiVFTGdlAL3xDDe6WziBYU4Fr6XN/HlJI --> ssh-ed25519 5SY7Kg 4T4xlrNW8yqI23A3GH7dRDyhbUA62ldS2/R7YCsHz0U -ukewT84UtQcAQNNSNogi3WOjoNeA7p50D1JHJ+39lYs --> ssh-ed25519 p/Mg4Q EBlu4oYIa4hX5mGExy2xwyHbnDli9xY7MebUOr+hTzw -TqmNgHL1xxyI+i4h3KgskVsWrlYUnuT5MJWcYj2crps --> ssh-ed25519 DqHxWQ KiCWC6eJOUScSlPNpC2G2FbfD/fQ2b14KHhuw+QKNTI -Un89T6OXiXWTBZqwdXPvyckxcBIhp2wmC4A5723b/5g --> ssh-ed25519 tDqJRg k5YZwwURv21NC/0tt2r3CBuUPDhfO/Y7c3ISVhMGQkA -sdm+SpychoEekD6JK6Wz2CCcfDpwPD6rlLyB3RJES08 --> ssh-ed25519 9pVK7Q 2kUnZCmNsAu90KA+st/ZFnez8rg4zqIZ3AZQsqHW0y8 -YlCXQ5g8vnNboPVHdSKyrdwRNvjwp9VHP+RV2WP7z00 --> ssh-ed25519 /BRpBQ w+kqiukijvXdlvKdTfVvNYv6pLTifaZeagzU1VWQLwE -RKNPvu971viqMHBXpgE9D8L9ievWxIS5ANU8QADqwRY --> ssh-ed25519 +MNHsw m+K/VIApzxBfYxc4/dPod+9TwBBTrtGa/B28QhawAD8 -gwJLtE5zIiNtKZ/YdroneSLLuZzvoAXaJYsqPzPkyLc --> ssh-ed25519 rHotTw NSgFCgFQxKc7DSrNq/77PAnAKxSG055gutF2aUUDLzA -uL3QhQHmtQrrUPllFtVf7QiLIMWkT0EYIokxUVkLMrc --> ssh-ed25519 +mFdtQ otE9brZku3sOSb9IvvTW/eioWDFvMJlsxSUvOcPNwiU -7vV6u7zLv2EfSz3qmY9Sboj2Z5LBwSTxrl4FWm3mYAs --> ssh-ed25519 0IVRbA kwQNIVhpFtgIlJAAoqk1fqUP9OHN9YGWcYXbT+/bHE0 -gDOPJMeDI2eDx+emxUNSb/MW7IRPj8ni3mOLgZV9F0Y --> ssh-ed25519 IY5FSQ gtGe4X/Vx4oWn0IIUwv6qpWZ250slvT/QMdwVQQrsAQ -yeJ8+BibBiwq2944ruZdek/4tpAqyMnG0RsyzkXQpRg ---- QhDkZSHLpgsvAUk5YhkhD8MNNX6Vlj7CWeQfJ6oEmk0 -|`P!+g&i;lNn 4kW#胍w \ No newline at end of file +r3OX+AaSGO0zLoEAvAo3UrtWwU/Vjyfdp+qy4haB3tpl305I6Y6O6n2iHnc1PFgw +qQ7Sa0GekbxNcwD7MzAmKbsm9wmnrF2hX03gFDI5isEPxaLC6ha207Ykauc2q1JC +/SOZ/OUiizBUuO5OjywYz2AJUfEabmd+X1fw5QxAPSfp57KBZDJCGSpEDeJigU7M +1n1XsT6eCyNDIIozRzIIyxLZU+tDDswjvjCaDJ/t2BE76LienwMRZK4P4tSn8DQP +Jbm7bb5T2P1VAK4qIMP04DXQ861Kr2DvpLA/aPtHd9yMcZn5wQWMCVDgsL3ko0fU +VThQwBW4qe59CCxA68TUcQ +-> ssh-ed25519 /vwQcQ KYM+4CPxNwxwh3liBBJYIqlWzpDO3h/dl54rEKQXGHU +uteNJEqwLKUC3Gjm0BiRmb3uLb3bzRfpf3c1Da3vGjY +-> ssh-ed25519 0R97PA Sc9QAI4UNY6x0fZAoQOpUjzFzwev196x+7fjeIry3AU +puUi8W0jCbMW3cN7PjoDM+vXnHjdQ2RLfX0kdpsaWhI +-> ssh-ed25519 JGx7Ng LzO5qvnVWhF3+cR4J3nJv9IB55/FYKillkJ2jKadfQA +r3F+FKdpoKTB0/e5Vz5JFh9u8BKBOjn9XXE4dJEriuw +-> ssh-ed25519 5SY7Kg Uz/EgMgi0ACJStIvz06efUQpeU6VAuXVj+Veki0LkXA +ukCkNIQMYbZBCBfd5R5dKWJwOcIKHzS9HN9CNk5iSF4 +-> ssh-ed25519 p/Mg4Q 9+IsF8fUNcQhRxRddI6WQyKP8Ky0HV4jAUvS0ySDDwM +7WamT/OA2Os6uE/hKzWkfjlwOKQpZ6j+fcgkvsk6wCY +-> ssh-ed25519 DqHxWQ WndaDm+ApRfFj+KL5cJgJqwaZXUYrXHpQ6AxDtGb5FY +u5RHgWaY28QfA3jsD54PLR50Jl5KQyVpPv4CFhLPiYI +-> ssh-ed25519 tDqJRg Wgx7QpoPeendwBsWB+jAN5K+1uhxPsEHMugOPeC+Ono +CRWVWTQB2eCVSKAwIzNNaWefAmniVtF5hu8xYeTGF0Q +-> ssh-ed25519 9pVK7Q kB5gWwwNNcCnjN5+1j7alWzqEgYMDQ3IvA8/0ltfLwo +Tp7n6v/s4swKjOqEDKEKhM8agghKEvaz+zymG+b72f8 +-> ssh-ed25519 /BRpBQ 6B5ODsRsRx8EIOrzBnAAw1bYsAQMvssSC1xxbAh+bGE +Xmhe74XTMwfcGvk620XixhR/6GtOt2fynSMdJ7riZxs +-> ssh-ed25519 /x+F2Q /idVQW3v18G3e++zLmmcpZTvSW6YTfYKYX0xalx3DTU +ybNKGMgW5ChQU2HXHfM0Od6GWC+HRKDemibhzi+NCA4 +-> ssh-ed25519 +MNHsw +5EkjYR0CD0tF3jazvyz6WtzIG+84czuEsGzPmucOVI +AqBXlugxP84nJ9jK1dPWWRJAAAzZjKl0RKd1+aXeIJg +-> ssh-ed25519 rHotTw IzGcfj5jNooeVt7+iJwnxUfka95NVEtE9dStQUt+gCE ++lrjFHAgNOxI4JS6tGXcDSnbdn6/qwt2tI2WdVX2tO4 +-> ssh-ed25519 +mFdtQ AieFjWmv27LvUbZXCBEqmvfTQM7SLXL12qIOzZLxdi8 +s0qzhUO2FDqr/w8B4cbnX8NuXfZM+nv4gj6SF0DreCY +-> ssh-ed25519 0IVRbA +S10pCaLByp+UrfbZXIIhMvUW79NPSSr5qHbm8Q8nxY +fLU4Shu/luX9gLrJDM8rY+HRpHuuLKJAz0BSiLfXkj8 +-> ssh-ed25519 IY5FSQ FJGXPcN7XjZTl3zc8iLSmc2IfhHx/xqIqnNz7j0dXGg +D99jvNKh7yzafKB9qzOX6xNjhf3WS4bYBcc91dVX6Ow +--- USWnD/9XEj6tW0aHMZiVK1Guf43b/8wWcsafnVT0+h4 +RqH,XHs8tAbAGIΤ,ݥ: