diff --git a/keys/default.nix b/keys/default.nix index 49c11b7..d0c1cf9 100644 --- a/keys/default.nix +++ b/keys/default.nix @@ -23,6 +23,7 @@ rec { vault01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJA6VA7LENvTRlKdcrqt8DxDOPvX3bg3Gjy9mNkdFEW" ]; web01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR+lewuJ/zhCyizJGJOH1UaAB699ItNKEaeuoK57LY5" ]; web02 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID+QDE+GgZs6zONHvzRW15BzGJNW69k2BFZgB/Zh/tLX" ]; + web03 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICrWsMEfK86iaO9SubMqE2UvZNtHkLY5VUod/bbqKC0L" ]; # SSH keys of the DGNum members catvayor = [ diff --git a/machines/web03/_configuration.nix b/machines/web03/_configuration.nix new file mode 100644 index 0000000..3704d52 --- /dev/null +++ b/machines/web03/_configuration.nix @@ -0,0 +1,16 @@ +{ lib, ... }: + +lib.extra.mkConfig { + enabledModules = [ + # List of modules to enable + "dgn-web" + ]; + + enabledServices = [ + # List of services to enable + ]; + + extraConfig = { }; + + root = ./.; +} diff --git a/machines/web03/_hardware-configuration.nix b/machines/web03/_hardware-configuration.nix new file mode 100644 index 0000000..1b9ddbe --- /dev/null +++ b/machines/web03/_hardware-configuration.nix @@ -0,0 +1,45 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ modulesPath, ... }: + +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + boot = { + initrd = { + availableKernelModules = [ + "ahci" + "xhci_pci" + "virtio_pci" + "sr_mod" + "virtio_blk" + ]; + kernelModules = [ ]; + + luks.devices."main" = { + device = "/dev/disk/by-uuid/21a5fa9b-35d2-49c9-80f8-5161c652bdc8"; + tryEmptyPassphrase = true; + }; + }; + + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + }; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/9069a0a6-2f9f-4219-a2c4-248de932da6f"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/9826-E466"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; + + swapDevices = [ { device = "/dev/disk/by-uuid/a91c29b4-9b1b-477e-820f-3cf610158e2a"; } ]; +} diff --git a/machines/web03/secrets/secrets.nix b/machines/web03/secrets/secrets.nix new file mode 100644 index 0000000..a970876 --- /dev/null +++ b/machines/web03/secrets/secrets.nix @@ -0,0 +1,3 @@ +(import ../../../keys).mkSecrets [ "web03" ] [ + # List of secrets for web03 +] diff --git a/meta/network.nix b/meta/network.nix index 6216bf2..29da555 100644 --- a/meta/network.nix +++ b/meta/network.nix @@ -178,6 +178,25 @@ netbirdIp = null; # web02 is not to be connected on the VPN }; + web03 = { + interfaces = { + enp1s0 = { + ipv4 = [ + { + address = "129.199.129.223"; + prefixLength = 24; + } + ]; + + gateways = [ "129.199.129.1" ]; + enableDefaultDNS = true; + }; + }; + + hostId = "8afc7749"; + netbirdIp = null; # web03 is not yet connected to the VPN + }; + rescue01 = { interfaces = { ens18 = { diff --git a/meta/nodes.nix b/meta/nodes.nix index 884cf71..ad6d53f 100644 --- a/meta/nodes.nix +++ b/meta/nodes.nix @@ -124,6 +124,16 @@ vm-cluster = "Hyperviseur NPS"; }; + web03 = { + site = "rat01"; + + hashedPassword = "$y$j9T$Un/tcX5SPKNXG.sy/BcTa.$kyNHELjb1GAOWnauJfcjyVi5tacWcuEBKflZDCUC6x4"; + + stateVersion = "24.05"; + nixpkgs = "24.05"; + vm-cluster = "Hyperviseur NPS"; + }; + rescue01 = { site = "luj01";