From fc0f4a603ad98b8e76d4179d877094a7ce5f3098 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Thu, 11 Jan 2024 12:45:01 +0100 Subject: [PATCH] feat(machines): Init web02 --- .forgejo/workflows/eval.yaml | 10 +++++++ machines/web02/_configuration.nix | 21 +++++++++++++ machines/web02/_hardware-configuration.nix | 35 ++++++++++++++++++++++ machines/web02/secrets/secrets.nix | 6 ++++ meta/infrastructure.nix | 1 + meta/network.nix | 12 ++++++++ meta/nodes.nix | 5 ++++ 7 files changed, 90 insertions(+) create mode 100644 machines/web02/_configuration.nix create mode 100644 machines/web02/_hardware-configuration.nix create mode 100644 machines/web02/secrets/secrets.nix diff --git a/.forgejo/workflows/eval.yaml b/.forgejo/workflows/eval.yaml index 9e08e77..0072899 100644 --- a/.forgejo/workflows/eval.yaml +++ b/.forgejo/workflows/eval.yaml @@ -48,3 +48,13 @@ jobs: run: | # Enter the shell nix-shell --run 'colmena build --on web01' + + build_web02: + runs-on: nix + steps: + - uses: actions/checkout@v3 + + - name: Build web02 + run: | + # Enter the shell + nix-shell --run 'colmena build --on web02' diff --git a/machines/web02/_configuration.nix b/machines/web02/_configuration.nix new file mode 100644 index 0000000..2f1eb5c --- /dev/null +++ b/machines/web02/_configuration.nix @@ -0,0 +1,21 @@ +{ lib, ... }: + +lib.extra.mkConfig { + enabledModules = [ + # List of modules to enable + "dgn-fail2ban" + ]; + + enabledServices = [ + # List of services to enable + ]; + + extraConfig = { + dgn-fail2ban.jails = + lib.extra.enableAttrs' "enabled" [ "sshd-bruteforce" "sshd-timeout" ]; + + services.netbird.enable = true; + }; + + root = ./.; +} diff --git a/machines/web02/_hardware-configuration.nix b/machines/web02/_hardware-configuration.nix new file mode 100644 index 0000000..a361cc4 --- /dev/null +++ b/machines/web02/_hardware-configuration.nix @@ -0,0 +1,35 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ pkgs, modulesPath, ... }: + +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + boot = { + initrd = { + availableKernelModules = + [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; + kernelModules = [ ]; + }; + + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + kernelPackages = pkgs.linuxKernel.packages.linux_6_7; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/8725c242-144d-495b-8ce4-6f0cef7c8ee3"; + fsType = "btrfs"; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/84F6-E7A3"; + fsType = "vfat"; + }; + }; + + swapDevices = + [{ device = "/dev/disk/by-uuid/d64ae21e-693c-4c77-b62c-97d5e2a960cb"; }]; +} diff --git a/machines/web02/secrets/secrets.nix b/machines/web02/secrets/secrets.nix new file mode 100644 index 0000000..a892a92 --- /dev/null +++ b/machines/web02/secrets/secrets.nix @@ -0,0 +1,6 @@ +let + lib = import ../../../lib { }; + publicKeys = lib.getNodeKeys "web02"; + +in lib.setDefault { inherit publicKeys; } [ +] diff --git a/meta/infrastructure.nix b/meta/infrastructure.nix index ef30234..c66bb4d 100644 --- a/meta/infrastructure.nix +++ b/meta/infrastructure.nix @@ -15,5 +15,6 @@ # VMs du SPI/NPS/Whatever dmi01 = [ "web01" + "web02" ]; } diff --git a/meta/network.nix b/meta/network.nix index 3d6d9f2..9679b59 100644 --- a/meta/network.nix +++ b/meta/network.nix @@ -85,4 +85,16 @@ builtins.mapAttrs mkNet { hostId = "050df79e"; }; + + web02 = { + interfaces = { + ens3 = { + ipv4 = [{ address = "129.199.129.235"; prefixLength = 24; }]; + + gateways = [ "129.199.129.1" ]; + }; + }; + + hostId = "b431ca10"; + }; } diff --git a/meta/nodes.nix b/meta/nodes.nix index e31db02..c877c42 100644 --- a/meta/nodes.nix +++ b/meta/nodes.nix @@ -42,4 +42,9 @@ builtins.mapAttrs mkNode { stateVersion = "23.11"; nixpkgs = "unstable"; }; + + web02 = { + stateVersion = "24.05"; + nixpkgs = "unstable"; + }; }