feat(infra): Deploy web03

2024-10-16 11:07:40 +02:00 · 2024-10-16 11:07:40 +02:00 · b6cbf6e918
commit b6cbf6e918
parent 4b2d1cde5b
6 changed files with 94 additions and 0 deletions
--- a/keys/default.nix
+++ b/keys/default.nix
@ -23,6 +23,7 @@ rec {
    vault01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJA6VA7LENvTRlKdcrqt8DxDOPvX3bg3Gjy9mNkdFEW" ];
    web01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR+lewuJ/zhCyizJGJOH1UaAB699ItNKEaeuoK57LY5" ];
    web02 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID+QDE+GgZs6zONHvzRW15BzGJNW69k2BFZgB/Zh/tLX" ];
+    web03 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICrWsMEfK86iaO9SubMqE2UvZNtHkLY5VUod/bbqKC0L" ];

    # SSH keys of the DGNum members
    catvayor = [
--- a/machines/web03/_configuration.nix
+++ b/machines/web03/_configuration.nix
@ -0,0 +1,16 @@
+{ lib, ... }:
+
+lib.extra.mkConfig {
+  enabledModules = [
+    # List of modules to enable
+    "dgn-web"
+  ];
+
+  enabledServices = [
+    # List of services to enable
+  ];
+
+  extraConfig = { };
+
+  root = ./.;
+}
--- a/machines/web03/_hardware-configuration.nix
+++ b/machines/web03/_hardware-configuration.nix
@ -0,0 +1,45 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [
+        "ahci"
+        "xhci_pci"
+        "virtio_pci"
+        "sr_mod"
+        "virtio_blk"
+      ];
+      kernelModules = [ ];
+
+      luks.devices."main" = {
+        device = "/dev/disk/by-uuid/21a5fa9b-35d2-49c9-80f8-5161c652bdc8";
+        tryEmptyPassphrase = true;
+      };
+    };
+
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/9069a0a6-2f9f-4219-a2c4-248de932da6f";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/9826-E466";
+    fsType = "vfat";
+    options = [
+      "fmask=0022"
+      "dmask=0022"
+    ];
+  };
+
+  swapDevices = [ { device = "/dev/disk/by-uuid/a91c29b4-9b1b-477e-820f-3cf610158e2a"; } ];
+}
--- a/machines/web03/secrets/secrets.nix
+++ b/machines/web03/secrets/secrets.nix
@ -0,0 +1,3 @@
+(import ../../../keys).mkSecrets [ "web03" ] [
+  # List of secrets for web03
+]
--- a/meta/network.nix
+++ b/meta/network.nix
@ -178,6 +178,25 @@
    netbirdIp = null; # web02 is not to be connected on the VPN
  };

+  web03 = {
+    interfaces = {
+      enp1s0 = {
+        ipv4 = [
+          {
+            address = "129.199.129.223";
+            prefixLength = 24;
+          }
+        ];
+
+        gateways = [ "129.199.129.1" ];
+        enableDefaultDNS = true;
+      };
+    };
+
+    hostId = "8afc7749";
+    netbirdIp = null; # web03 is not yet connected to the VPN
+  };
+
  rescue01 = {
    interfaces = {
      ens18 = {
--- a/meta/nodes.nix
+++ b/meta/nodes.nix
@ -124,6 +124,16 @@
    vm-cluster = "Hyperviseur NPS";
  };

+  web03 = {
+    site = "rat01";
+
+    hashedPassword = "$y$j9T$Un/tcX5SPKNXG.sy/BcTa.$kyNHELjb1GAOWnauJfcjyVi5tacWcuEBKflZDCUC6x4";
+
+    stateVersion = "24.05";
+    nixpkgs = "24.05";
+    vm-cluster = "Hyperviseur NPS";
+  };
+
  rescue01 = {
    site = "luj01";