feat(machines): Init web02

2024-01-11 12:45:01 +01:00 · 2024-01-11 12:45:01 +01:00 · fc0f4a603a
parent ca90901e0c
commit fc0f4a603a
7 changed files with 90 additions and 0 deletions
--- a/.forgejo/workflows/eval.yaml
+++ b/.forgejo/workflows/eval.yaml
@ -48,3 +48,13 @@ jobs:
        run: |
          # Enter the shell
          nix-shell --run 'colmena build --on web01'
+
+  build_web02:
+    runs-on: nix
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Build web02
+        run: |
+          # Enter the shell
+          nix-shell --run 'colmena build --on web02'
--- a/machines/web02/_configuration.nix
+++ b/machines/web02/_configuration.nix
@ -0,0 +1,21 @@
+{ lib, ... }:
+
+lib.extra.mkConfig {
+  enabledModules = [
+    # List of modules to enable
+    "dgn-fail2ban"
+  ];
+
+  enabledServices = [
+    # List of services to enable
+  ];
+
+  extraConfig = {
+    dgn-fail2ban.jails =
+      lib.extra.enableAttrs' "enabled" [ "sshd-bruteforce" "sshd-timeout" ];
+
+    services.netbird.enable = true;
+  };
+
+  root = ./.;
+}
--- a/machines/web02/_hardware-configuration.nix
+++ b/machines/web02/_hardware-configuration.nix
@ -0,0 +1,35 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ pkgs, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+
+  boot = {
+    initrd = {
+      availableKernelModules =
+        [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
+      kernelModules = [ ];
+    };
+
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
+    kernelPackages = pkgs.linuxKernel.packages.linux_6_7;
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/8725c242-144d-495b-8ce4-6f0cef7c8ee3";
+      fsType = "btrfs";
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-uuid/84F6-E7A3";
+      fsType = "vfat";
+    };
+  };
+
+  swapDevices =
+    [{ device = "/dev/disk/by-uuid/d64ae21e-693c-4c77-b62c-97d5e2a960cb"; }];
+}
--- a/machines/web02/secrets/secrets.nix
+++ b/machines/web02/secrets/secrets.nix
@ -0,0 +1,6 @@
+let
+  lib = import ../../../lib { };
+  publicKeys = lib.getNodeKeys "web02";
+
+in lib.setDefault { inherit publicKeys; } [
+]
--- a/meta/infrastructure.nix
+++ b/meta/infrastructure.nix
@ -15,5 +15,6 @@
  # VMs du SPI/NPS/Whatever
  dmi01 = [
    "web01"
+    "web02"
  ];
 }
--- a/meta/network.nix
+++ b/meta/network.nix
@ -85,4 +85,16 @@ builtins.mapAttrs mkNet {

    hostId = "050df79e";
  };
+
+  web02 = {
+    interfaces = {
+      ens3 = {
+        ipv4 = [{ address = "129.199.129.235"; prefixLength = 24; }];
+
+        gateways = [ "129.199.129.1" ];
+      };
+    };
+
+    hostId = "b431ca10";
+  };
 }
--- a/meta/nodes.nix
+++ b/meta/nodes.nix
@ -42,4 +42,9 @@ builtins.mapAttrs mkNode {
    stateVersion = "23.11";
    nixpkgs = "unstable";
  };
+
+  web02 = {
+    stateVersion = "24.05";
+    nixpkgs = "unstable";
+  };
 }