From d297ec4caf776c6057140a16812630daae177b81 Mon Sep 17 00:00:00 2001 From: Elias Coppens Date: Tue, 17 Dec 2024 16:32:22 +0100 Subject: [PATCH] feat(hypervisors): Init --- keys/default.nix | 9 +++ .../nixos/hypervisor01/_configuration.nix | 17 ++++ .../hypervisor01/_hardware-configuration.nix | 76 ++++++++++++++++++ .../nixos/hypervisor01/secrets/secrets.nix | 7 ++ .../nixos/hypervisor02/_configuration.nix | 17 ++++ .../hypervisor02/_hardware-configuration.nix | 78 +++++++++++++++++++ .../nixos/hypervisor02/secrets/secrets.nix | 7 ++ .../nixos/hypervisor03/_configuration.nix | 17 ++++ .../hypervisor03/_hardware-configuration.nix | 78 +++++++++++++++++++ .../nixos/hypervisor03/secrets/secrets.nix | 7 ++ meta/network.nix | 57 ++++++++++++++ meta/nodes/nixos.nix | 57 ++++++++++++++ 12 files changed, 427 insertions(+) create mode 100644 machines/nixos/hypervisor01/_configuration.nix create mode 100644 machines/nixos/hypervisor01/_hardware-configuration.nix create mode 100644 machines/nixos/hypervisor01/secrets/secrets.nix create mode 100644 machines/nixos/hypervisor02/_configuration.nix create mode 100644 machines/nixos/hypervisor02/_hardware-configuration.nix create mode 100644 machines/nixos/hypervisor02/secrets/secrets.nix create mode 100644 machines/nixos/hypervisor03/_configuration.nix create mode 100644 machines/nixos/hypervisor03/_hardware-configuration.nix create mode 100644 machines/nixos/hypervisor03/secrets/secrets.nix diff --git a/keys/default.nix b/keys/default.nix index a9314ba..f542c0e 100644 --- a/keys/default.nix +++ b/keys/default.nix @@ -21,6 +21,15 @@ rec { compute01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/YluSVS+4h3oV8CIUj0OmquyJXju8aEQy0Jz210vTu" ]; geo01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEl6Pubbau+usQkemymoSKrTBbrX8JU5m5qpZbhNx8p4" ]; geo02 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFNXaCS0/Nsu5npqQk1TP6wMHCVIOaj4pblp2tIg6Ket" ]; + hypervisor01 = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINPE0typcnvSioMfdLUloIfR5zcf/X0k6201xMHoQBCr" + ]; + hypervisor02 = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPETkWlOfESXQic+HgfGLV/T4Nqg0WjdDbEqtgDwkH+S" + ]; + hypervisor03 = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLF0mxSGitsDE3/YXfrHNjtOMUt4HT2MbryyUKPLSBI" + ]; rescue01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJa02Annu8o7ggPjTH/9ttotdNGyghlWfU9E8pnuLUf" ]; storage01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA0s+rPcEcfWCqZ4B2oJiWT/60awOI8ijL1rtDM2glXZ" ]; vault01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJA6VA7LENvTRlKdcrqt8DxDOPvX3bg3Gjy9mNkdFEW" ]; diff --git a/machines/nixos/hypervisor01/_configuration.nix b/machines/nixos/hypervisor01/_configuration.nix new file mode 100644 index 0000000..68b2c0f --- /dev/null +++ b/machines/nixos/hypervisor01/_configuration.nix @@ -0,0 +1,17 @@ +# SPDX-FileCopyrightText: 2024 Elias Coppens +# +# SPDX-License-Identifier: EUPL-1.2 + +{ lib, ... }: + +lib.extra.mkConfig { + enabledModules = [ ]; + + enabledServices = [ ]; + + extraConfig = { + services.netbird.enable = true; + }; + + root = ./.; +} diff --git a/machines/nixos/hypervisor01/_hardware-configuration.nix b/machines/nixos/hypervisor01/_hardware-configuration.nix new file mode 100644 index 0000000..b4b31db --- /dev/null +++ b/machines/nixos/hypervisor01/_hardware-configuration.nix @@ -0,0 +1,76 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd = { + availableKernelModules = [ + "ehci_pci" + "ahci" + "mpt3sas" + "usbhid" + "sd_mod" + ]; + kernelModules = [ ]; + }; + + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + }; + + fileSystems = { + "/" = { + device = "rootfs"; + fsType = "zfs"; + }; + + "/nix" = { + device = "rootfs/nix"; + fsType = "zfs"; + }; + + "/var" = { + device = "rootfs/var"; + fsType = "zfs"; + }; + + "/boot1" = { + device = "/dev/disk/by-label/BOOT1"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; + + "/boot2" = { + device = "/dev/disk/by-label/BOOT2"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/759f1573-7593-400e-b310-c384fc6124c3"; } + { device = "/dev/disk/by-uuid/73f94cd3-3f0f-4a32-9e5b-abd6c2a9b219"; } + ]; + + networking.useDHCP = lib.mkDefault true; + networking.interfaces.eno4.useDHCP = lib.mkDefault true; + + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/machines/nixos/hypervisor01/secrets/secrets.nix b/machines/nixos/hypervisor01/secrets/secrets.nix new file mode 100644 index 0000000..3943938 --- /dev/null +++ b/machines/nixos/hypervisor01/secrets/secrets.nix @@ -0,0 +1,7 @@ +# SPDX-FileCopyrightText: 2024 La Délégation Générale Numérique +# +# SPDX-License-Identifer: EUPL-1.2 + +(import ../../../../keys).mkSecrets [ "hypervisor01" ] [ + +] diff --git a/machines/nixos/hypervisor02/_configuration.nix b/machines/nixos/hypervisor02/_configuration.nix new file mode 100644 index 0000000..68b2c0f --- /dev/null +++ b/machines/nixos/hypervisor02/_configuration.nix @@ -0,0 +1,17 @@ +# SPDX-FileCopyrightText: 2024 Elias Coppens +# +# SPDX-License-Identifier: EUPL-1.2 + +{ lib, ... }: + +lib.extra.mkConfig { + enabledModules = [ ]; + + enabledServices = [ ]; + + extraConfig = { + services.netbird.enable = true; + }; + + root = ./.; +} diff --git a/machines/nixos/hypervisor02/_hardware-configuration.nix b/machines/nixos/hypervisor02/_hardware-configuration.nix new file mode 100644 index 0000000..f421ac1 --- /dev/null +++ b/machines/nixos/hypervisor02/_hardware-configuration.nix @@ -0,0 +1,78 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd = { + availableKernelModules = [ + "ehci_pci" + "ahci" + "mpt3sas" + "usbhid" + "usb_storage" + "sd_mod" + "sr_mod" + ]; + kernelModules = [ ]; + }; + + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + }; + + fileSystems = { + "/" = { + device = "rootfs"; + fsType = "zfs"; + }; + + "/boot1" = { + device = "/dev/disk/by-label/BOOT1"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; + + "/boot2" = { + device = "/dev/disk/by-label/BOOT2"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; + + "/nix" = { + device = "rootfs/nix"; + fsType = "zfs"; + }; + + "/var" = { + device = "rootfs/var"; + fsType = "zfs"; + }; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/46e20dc0-01bc-4f26-904a-1d23cb96bdb6"; } + { device = "/dev/disk/by-uuid/a8938e0f-3a00-45e7-bc6f-4bd9e2b1db6c"; } + ]; + + networking.useDHCP = lib.mkDefault true; + networking.interfaces.eno4.useDHCP = lib.mkDefault true; + + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/machines/nixos/hypervisor02/secrets/secrets.nix b/machines/nixos/hypervisor02/secrets/secrets.nix new file mode 100644 index 0000000..90c0541 --- /dev/null +++ b/machines/nixos/hypervisor02/secrets/secrets.nix @@ -0,0 +1,7 @@ +# SPDX-FileCopyrightText: 2024 La Délégation Générale Numérique +# +# SPDX-License-Identifer: EUPL-1.2 + +(import ../../../../keys).mkSecrets [ "hypervisor02" ] [ + +] diff --git a/machines/nixos/hypervisor03/_configuration.nix b/machines/nixos/hypervisor03/_configuration.nix new file mode 100644 index 0000000..68b2c0f --- /dev/null +++ b/machines/nixos/hypervisor03/_configuration.nix @@ -0,0 +1,17 @@ +# SPDX-FileCopyrightText: 2024 Elias Coppens +# +# SPDX-License-Identifier: EUPL-1.2 + +{ lib, ... }: + +lib.extra.mkConfig { + enabledModules = [ ]; + + enabledServices = [ ]; + + extraConfig = { + services.netbird.enable = true; + }; + + root = ./.; +} diff --git a/machines/nixos/hypervisor03/_hardware-configuration.nix b/machines/nixos/hypervisor03/_hardware-configuration.nix new file mode 100644 index 0000000..cd3f113 --- /dev/null +++ b/machines/nixos/hypervisor03/_hardware-configuration.nix @@ -0,0 +1,78 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd = { + availableKernelModules = [ + "ehci_pci" + "ahci" + "mpt3sas" + "usbhid" + "usb_storage" + "sd_mod" + "sr_mod" + ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + }; + + fileSystems = { + "/" = { + device = "rootfs"; + fsType = "zfs"; + }; + + "/nix" = { + device = "rootfs/nix"; + fsType = "zfs"; + }; + + "/var" = { + device = "rootfs/var"; + fsType = "zfs"; + }; + + "/boot1" = { + device = "/dev/disk/by-uuid/80E2-979C"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; + + # TODO: put me in automounts + autosync between both boot partitions. + "/boot2" = { + device = "/dev/disk/by-uuid/8722-1B4F"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/dfe3aa01-ed46-4996-8ae3-a913ebffba76"; } + { device = "/dev/disk/by-uuid/5531258d-3538-4744-be1b-e08e26ad377f"; } + ]; + + networking.useDHCP = lib.mkDefault true; + networking.interfaces.eno4.useDHCP = lib.mkDefault true; + + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/machines/nixos/hypervisor03/secrets/secrets.nix b/machines/nixos/hypervisor03/secrets/secrets.nix new file mode 100644 index 0000000..a66cb2b --- /dev/null +++ b/machines/nixos/hypervisor03/secrets/secrets.nix @@ -0,0 +1,7 @@ +# SPDX-FileCopyrightText: 2024 La Délégation Générale Numérique +# +# SPDX-License-Identifer: EUPL-1.2 + +(import ../../../../keys).mkSecrets [ "hypervisor03" ] [ + +] diff --git a/meta/network.nix b/meta/network.nix index 1c50637..26f0541 100644 --- a/meta/network.nix +++ b/meta/network.nix @@ -82,6 +82,63 @@ netbirdIp = "100.80.233.249"; }; + hypervisor01 = { + interfaces = { + eno4 = { + ipv4 = [ + { + address = "10.0.254.11"; + prefixLength = 24; + } + ]; + + gateways = [ "10.0.254.1" ]; + enableDefaultDNS = true; + }; + }; + + hostId = "4dbbd76a"; + netbirdIp = "100.80.242.115"; + }; + + hypervisor02 = { + interfaces = { + eno4 = { + ipv4 = [ + { + address = "10.0.254.12"; + prefixLength = 24; + } + ]; + + gateways = [ "10.0.254.1" ]; + enableDefaultDNS = true; + }; + }; + + hostId = "d0b48483"; + netbirdIp = "100.80.37.202"; + }; + + hypervisor03 = { + interfaces = { + eno4 = { + ipv4 = [ + { + address = "10.0.254.13"; + prefixLength = 24; + } + ]; + + gateways = [ "10.0.254.1" ]; + enableDefaultDNS = true; + }; + }; + + hostId = "1c407ea8"; + netbirdIp = "100.80.58.178"; + }; + rescue01 = { interfaces = { ens18 = { diff --git a/meta/nodes/nixos.nix b/meta/nodes/nixos.nix index 34e5f62..89a2858 100644 --- a/meta/nodes/nixos.nix +++ b/meta/nodes/nixos.nix @@ -91,6 +91,63 @@ }; }; + hypervisor01 = { + site = "pot01"; + + hashedPassword = "$y$j9T$Yw.M.epJj/sakb4Gq/9WV0$P85aQPo/FmFM1.ap413UL3vlGk3mavHwmaALKKDd4n."; + + stateVersion = "24.11"; + + nixpkgs = { + version = "24.11"; + system = "nixos"; + }; + + admins = [ "ecoppens" ]; + + deployment = { + targetHost = "hypervisor01.dgnum"; + }; + }; + + hypervisor02 = { + site = "pot01"; + + hashedPassword = "$y$j9T$Zu98DVlKq7KP5GmIHOwBy1$Bd7W6LstWDm8zjbZ9JSPLnhMFPmZgmU4e7t7u6EhavA"; + + stateVersion = "24.11"; + + nixpkgs = { + version = "24.11"; + system = "nixos"; + }; + + admins = [ "ecoppens" ]; + + deployment = { + targetHost = "hypervisor02.dgnum"; + }; + }; + + hypervisor03 = { + site = "pot01"; + + hashedPassword = "$y$j9T$plTv9.UwmkTODagd4docj0$3zd35wPSsamygiYngwfDGICapKbx5UbzyLBhAwOUSfC"; + + stateVersion = "24.11"; + + nixpkgs = { + version = "24.11"; + system = "nixos"; + }; + + admins = [ "ecoppens" ]; + + deployment = { + targetHost = "hypervisor03.dgnum"; + }; + }; + rescue01 = { site = "luj01";