feat(tower01): Init

This commit is contained in:
Elias Coppens 2024-12-21 23:38:36 +01:00 committed by sinavir
parent 383911d619
commit b4ad078882
No known key found for this signature in database
7 changed files with 194 additions and 0 deletions

View file

@ -120,6 +120,17 @@ jobs:
STORE_USER: admin
name: Build and cache storage01
run: nix-shell -A eval-nodes --run cache-node
tower01:
runs-on: nix
steps:
- uses: actions/checkout@v3
- env:
BUILD_NODE: tower01
STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
STORE_USER: admin
name: Build and cache tower01
run: nix-shell -A eval-nodes --run cache-node
vault01:
runs-on: nix
steps:

View file

@ -32,6 +32,7 @@ rec {
];
rescue01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJa02Annu8o7ggPjTH/9ttotdNGyghlWfU9E8pnuLUf" ];
storage01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA0s+rPcEcfWCqZ4B2oJiWT/60awOI8ijL1rtDM2glXZ" ];
tower01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICVpR+TMRLGAfhn7Q0C3tKOydYYjfoC/e1ZYbKpby01Z" ];
vault01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJA6VA7LENvTRlKdcrqt8DxDOPvX3bg3Gjy9mNkdFEW" ];
web01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR+lewuJ/zhCyizJGJOH1UaAB699ItNKEaeuoK57LY5" ];
web02 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID+QDE+GgZs6zONHvzRW15BzGJNW69k2BFZgB/Zh/tLX" ];

View file

@ -0,0 +1,17 @@
# SPDX-FileCopyrightText: 2024 Elias Coppens <elias@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{ lib, ... }:
lib.extra.mkConfig {
enabledModules = [ ];
enabledServices = [ ];
extraConfig = {
services.netbird.enable = true;
};
root = ./.;
}

View file

@ -0,0 +1,120 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd = {
availableKernelModules = [
"ehci_pci"
"ahci"
"mpt3sas"
"usbhid"
"usb_storage"
"sd_mod"
];
kernelModules = [ ];
luks.devices = {
rootfs01 = {
device = "/dev/disk/by-label/rootfs01";
keyFile = "/dev/zero";
keyFileSize = 1;
};
rootfs02 = {
device = "/dev/disk/by-label/rootfs02";
keyFile = "/dev/zero";
keyFileSize = 1;
};
slow0101 = {
device = "/dev/disk/by-label/slow0101";
keyFile = "/dev/zero";
keyFileSize = 1;
};
slow0102 = {
device = "/dev/disk/by-label/slow0102";
keyFile = "/dev/zero";
keyFileSize = 1;
};
slow0201 = {
device = "/dev/disk/by-label/slow0201";
keyFile = "/dev/zero";
keyFileSize = 1;
};
slow0202 = {
device = "/dev/disk/by-label/slow0202";
keyFile = "/dev/zero";
keyFileSize = 1;
};
slow0301 = {
device = "/dev/disk/by-label/slow0301";
keyFile = "/dev/zero";
keyFileSize = 1;
};
slow0302 = {
device = "/dev/disk/by-label/slow0302";
keyFile = "/dev/zero";
keyFileSize = 1;
};
};
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems = {
"/" = {
device = "rootfs";
fsType = "zfs";
};
# boot1 = boot partition (primary)
# boot2 = boot partition (backup)
"/boot1" = {
device = "/dev/disk/by-uuid/1965-5D59";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
"/boot2" = {
device = "/dev/disk/by-uuid/19C4-49E1";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
"/nix" = {
device = "rootfs/nix";
fsType = "zfs";
};
"/var" = {
device = "rootfs/var";
fsType = "zfs";
};
};
swapDevices = [
{ device = "/dev/disk/by-uuid/7614fa12-c6a7-456e-9620-eb9c0e025140"; }
{ device = "/dev/disk/by-uuid/eb0aef44-b264-4f94-b847-3ad5dcc19ffd"; }
];
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View file

@ -0,0 +1,7 @@
# SPDX-FileCopyrightText: 2024 La Délégation Générale Numérique <context@dgnum.eu>
#
# SPDX-License-Identifer: EUPL-1.2
(import ../../../../keys).mkSecrets [ "tower01" ] [
]

View file

@ -189,6 +189,29 @@
netbirdIp = "100.80.156.154";
};
tower01 = {
interfaces = {
eno2 = {
ipv4 = [
{
address = "129.199.210.119";
prefixLength = 24;
}
];
gateways = [ "129.199.210.254" ];
dns = [
"129.199.96.11"
"129.199.72.99"
];
};
};
hostId = "7874d06e";
netbirdIp = "100.80.185.124";
};
vault01 = {
interfaces = {
vlan-uplink-cri = {

View file

@ -182,6 +182,21 @@
];
};
tower01 = {
site = "oik01";
hashedPassword = "$y$j9T$axihKDa.CrYcyoamJWxBq1$bl4TfropTrwLqMy6XK0DKkWRyx9b74kyI/ukE8X5iiD";
stateVersion = "24.11";
nixpkgs = {
version = "24.11";
system = "nixos";
};
admins = [ "ecoppens" ];
};
vault01 = {
site = "hyp01";
deployment.targetHost = "vault01.hyp01.infra.dgnum.eu";