feat(hypervisors): Init

keys/default.nix

@@ -27,6 +27,15 @@ rec {
     web01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR+lewuJ/zhCyizJGJOH1UaAB699ItNKEaeuoK57LY5" ];
     web02 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID+QDE+GgZs6zONHvzRW15BzGJNW69k2BFZgB/Zh/tLX" ];
     web03 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICrWsMEfK86iaO9SubMqE2UvZNtHkLY5VUod/bbqKC0L" ];
+    hypervisor01 = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINPE0typcnvSioMfdLUloIfR5zcf/X0k6201xMHoQBCr"
+    ];
+    hypervisor02 = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPETkWlOfESXQic+HgfGLV/T4Nqg0WjdDbEqtgDwkH+S"
+    ];
+    hypervisor03 = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLF0mxSGitsDE3/YXfrHNjtOMUt4HT2MbryyUKPLSBI"
+    ];
 
     # SSH keys of the DGNum members
     agroudiev = [

machines/nixos/hypervisor01/_configuration.nix

@@ -0,0 +1,17 @@
+# SPDX-FileCopyrightText: 2024 Elias Coppens <elias@dgnum.eu>
+#
+# SPDX-License-Identifier: EUPL-1.2
+
+{ lib, ... }:
+
+lib.extra.mkConfig {
+  enabledModules = [ ];
+
+  enabledServices = [ ];
+
+  extraConfig = {
+    services.netbird.enable = true;
+  };
+
+  root = ./.;
+}

machines/nixos/hypervisor01/_hardware-configuration.nix

@@ -0,0 +1,76 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [
+        "ehci_pci"
+        "ahci"
+        "mpt3sas"
+        "usbhid"
+        "sd_mod"
+      ];
+      kernelModules = [ ];
+    };
+
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "rootfs";
+      fsType = "zfs";
+    };
+
+    "/nix" = {
+      device = "rootfs/nix";
+      fsType = "zfs";
+    };
+
+    "/var" = {
+      device = "rootfs/var";
+      fsType = "zfs";
+    };
+
+    "/boot1" = {
+      device = "/dev/disk/by-label/BOOT1";
+      fsType = "vfat";
+      options = [
+        "fmask=0022"
+        "dmask=0022"
+      ];
+    };
+
+    "/boot2" = {
+      device = "/dev/disk/by-label/BOOT2";
+      fsType = "vfat";
+      options = [
+        "fmask=0022"
+        "dmask=0022"
+      ];
+    };
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/759f1573-7593-400e-b310-c384fc6124c3"; }
+    { device = "/dev/disk/by-uuid/73f94cd3-3f0f-4a32-9e5b-abd6c2a9b219"; }
+  ];
+
+  networking.useDHCP = lib.mkDefault true;
+  networking.interfaces.eno4.useDHCP = lib.mkDefault true;
+
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

machines/nixos/hypervisor01/secrets/secrets.nix

@@ -0,0 +1,7 @@
+# SPDX-FileCopyrightText: 2024 La Délégation Générale Numérique <context@dgnum.eu>
+#
+# SPDX-License-Identifer: EUPL-1.2
+
+(import ../../../../keys).mkSecrets [ "hypervisor01" ] [
+
+]

machines/nixos/hypervisor02/_configuration.nix

@@ -0,0 +1,17 @@
+# SPDX-FileCopyrightText: 2024 Elias Coppens <elias@dgnum.eu>
+#
+# SPDX-License-Identifier: EUPL-1.2
+
+{ lib, ... }:
+
+lib.extra.mkConfig {
+  enabledModules = [ ];
+
+  enabledServices = [ ];
+
+  extraConfig = {
+    services.netbird.enable = true;
+  };
+
+  root = ./.;
+}

machines/nixos/hypervisor02/_hardware-configuration.nix

@@ -0,0 +1,78 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [
+        "ehci_pci"
+        "ahci"
+        "mpt3sas"
+        "usbhid"
+        "usb_storage"
+        "sd_mod"
+        "sr_mod"
+      ];
+      kernelModules = [ ];
+    };
+
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "rootfs";
+      fsType = "zfs";
+    };
+
+    "/boot1" = {
+      device = "/dev/disk/by-label/BOOT1";
+      fsType = "vfat";
+      options = [
+        "fmask=0022"
+        "dmask=0022"
+      ];
+    };
+
+    "/boot2" = {
+      device = "/dev/disk/by-label/BOOT2";
+      fsType = "vfat";
+      options = [
+        "fmask=0022"
+        "dmask=0022"
+      ];
+    };
+
+    "/nix" = {
+      device = "rootfs/nix";
+      fsType = "zfs";
+    };
+
+    "/var" = {
+      device = "rootfs/var";
+      fsType = "zfs";
+    };
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/46e20dc0-01bc-4f26-904a-1d23cb96bdb6"; }
+    { device = "/dev/disk/by-uuid/a8938e0f-3a00-45e7-bc6f-4bd9e2b1db6c"; }
+  ];
+
+  networking.useDHCP = lib.mkDefault true;
+  networking.interfaces.eno4.useDHCP = lib.mkDefault true;
+
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

machines/nixos/hypervisor02/secrets/secrets.nix

@@ -0,0 +1,7 @@
+# SPDX-FileCopyrightText: 2024 La Délégation Générale Numérique <context@dgnum.eu>
+#
+# SPDX-License-Identifer: EUPL-1.2
+
+(import ../../../../keys).mkSecrets [ "hypervisor02" ] [
+
+]

machines/nixos/hypervisor03/_configuration.nix

@@ -0,0 +1,17 @@
+# SPDX-FileCopyrightText: 2024 Elias Coppens <elias@dgnum.eu>
+#
+# SPDX-License-Identifier: EUPL-1.2
+
+{ lib, ... }:
+
+lib.extra.mkConfig {
+  enabledModules = [ ];
+
+  enabledServices = [ ];
+
+  extraConfig = {
+    services.netbird.enable = true;
+  };
+
+  root = ./.;
+}

machines/nixos/hypervisor03/_hardware-configuration.nix

@@ -0,0 +1,78 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [
+        "ehci_pci"
+        "ahci"
+        "mpt3sas"
+        "usbhid"
+        "usb_storage"
+        "sd_mod"
+        "sr_mod"
+      ];
+      kernelModules = [ ];
+    };
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "rootfs";
+      fsType = "zfs";
+    };
+
+    "/nix" = {
+      device = "rootfs/nix";
+      fsType = "zfs";
+    };
+
+    "/var" = {
+      device = "rootfs/var";
+      fsType = "zfs";
+    };
+
+    "/boot1" = {
+      device = "/dev/disk/by-uuid/80E2-979C";
+      fsType = "vfat";
+      options = [
+        "fmask=0022"
+        "dmask=0022"
+      ];
+    };
+
+    # TODO: put me in automounts + autosync between both boot partitions.
+    "/boot2" = {
+      device = "/dev/disk/by-uuid/8722-1B4F";
+      fsType = "vfat";
+      options = [
+        "fmask=0022"
+        "dmask=0022"
+      ];
+    };
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/dfe3aa01-ed46-4996-8ae3-a913ebffba76"; }
+    { device = "/dev/disk/by-uuid/5531258d-3538-4744-be1b-e08e26ad377f"; }
+  ];
+
+  networking.useDHCP = lib.mkDefault true;
+  networking.interfaces.eno4.useDHCP = lib.mkDefault true;
+
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

machines/nixos/hypervisor03/secrets/secrets.nix

@@ -0,0 +1,7 @@
+# SPDX-FileCopyrightText: 2024 La Délégation Générale Numérique <context@dgnum.eu>
+#
+# SPDX-License-Identifer: EUPL-1.2
+
+(import ../../../../keys).mkSecrets [ "hypervisor03" ] [
+
+]

meta/network.nix

@@ -207,4 +207,61 @@
     hostId = "8afc7749";
     netbirdIp = "100.80.157.46";
   };
+
+  hypervisor01 = {
+    interfaces = {
+      eno4 = {
+        ipv4 = [
+          {
+            address = "10.0.254.11";
+            prefixLength = 24;
+          }
+        ];
+
+        gateways = [ "10.0.254.1" ];
+        enableDefaultDNS = true;
+      };
+    };
+
+    hostId = "4dbbd76a";
+    netbirdIp = "100.80.242.115";
+  };
+
+  hypervisor02 = {
+    interfaces = {
+      eno4 = {
+        ipv4 = [
+          {
+            address = "10.0.254.12";
+            prefixLength = 24;
+          }
+        ];
+
+        gateways = [ "10.0.254.1" ];
+        enableDefaultDNS = true;
+      };
+    };
+
+    hostId = "d0b48483";
+    netbirdIp = "100.80.37.202";
+  };
+
+  hypervisor03 = {
+    interfaces = {
+      eno4 = {
+        ipv4 = [
+          {
+            address = "10.0.254.13";
+            prefixLength = 24;
+          }
+        ];
+
+        gateways = [ "10.0.254.1" ];
+        enableDefaultDNS = true;
+      };
+    };
+
+    hostId = "1c407ea8";
+    netbirdIp = "100.80.58.178";
+  };
 }

meta/nodes/nixos.nix

@@ -184,4 +184,61 @@
       system = "nixos";
     };
   };
+
+  hypervisor01 = {
+    site = "pot01";
+
+    hashedPassword = "$y$j9T$Yw.M.epJj/sakb4Gq/9WV0$P85aQPo/FmFM1.ap413UL3vlGk3mavHwmaALKKDd4n.";
+
+    stateVersion = "24.11";
+
+    nixpkgs = {
+      version = "24.11";
+      system = "nixos";
+    };
+
+    admins = [ "ecoppens" ];
+
+    deployment = {
+      targetHost = "hypervisor01.dgnum";
+    };
+  };
+
+  hypervisor02 = {
+    site = "pot01";
+
+    hashedPassword = "$y$j9T$Zu98DVlKq7KP5GmIHOwBy1$Bd7W6LstWDm8zjbZ9JSPLnhMFPmZgmU4e7t7u6EhavA";
+
+    stateVersion = "24.11";
+
+    nixpkgs = {
+      version = "24.11";
+      system = "nixos";
+    };
+
+    admins = [ "ecoppens" ];
+
+    deployment = {
+      targetHost = "hypervisor02.dgnum";
+    };
+  };
+
+  hypervisor03 = {
+    site = "pot01";
+
+    hashedPassword = "$y$j9T$plTv9.UwmkTODagd4docj0$3zd35wPSsamygiYngwfDGICapKbx5UbzyLBhAwOUSfC";
+
+    stateVersion = "24.11";
+
+    nixpkgs = {
+      version = "24.11";
+      system = "nixos";
+    };
+
+    admins = [ "ecoppens" ];
+
+    deployment = {
+      targetHost = "hypervisor03.dgnum";
+    };
+  };
 }