feat(infra): init rescue01 #56
7 changed files with 107 additions and 0 deletions
|
@ -58,3 +58,13 @@ jobs:
|
|||
run: |
|
||||
# Enter the shell
|
||||
nix-shell --run 'colmena build --on web02'
|
||||
|
||||
build_rescue01:
|
||||
runs-on: nix
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
- name: Build rescue01
|
||||
run: |
|
||||
# Enter the shell
|
||||
nix-shell --run 'colmena build --on rescue01'
|
||||
|
|
23
machines/rescue01/_configuration.nix
Normal file
23
machines/rescue01/_configuration.nix
Normal file
|
@ -0,0 +1,23 @@
|
|||
{ lib, ... }:
|
||||
|
||||
lib.extra.mkConfig {
|
||||
enabledModules = [
|
||||
# List of modules to enable
|
||||
"dgn-fail2ban"
|
||||
];
|
||||
|
||||
enabledServices = [
|
||||
# List of services to enable
|
||||
];
|
||||
|
||||
extraConfig = {
|
||||
dgn-fail2ban.jails = lib.extra.enableAttrs' "enabled" [
|
||||
"sshd-bruteforce"
|
||||
"sshd-timeout"
|
||||
];
|
||||
|
||||
services.netbird.enable = true;
|
||||
};
|
||||
|
||||
root = ./.;
|
||||
}
|
41
machines/rescue01/_hardware-configuration.nix
Normal file
41
machines/rescue01/_hardware-configuration.nix
Normal file
|
@ -0,0 +1,41 @@
|
|||
{ lib, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||
|
||||
boot = {
|
||||
initrd.availableKernelModules = [
|
||||
"ata_piix"
|
||||
"uhci_hcd"
|
||||
"virtio_pci"
|
||||
"virtio_scsi"
|
||||
"sd_mod"
|
||||
"sr_mod"
|
||||
];
|
||||
initrd.kernelModules = [ ];
|
||||
# hack to avoid intel_kvm that is set in dgn-hardware
|
||||
kernelModules = lib.mkForce [ ];
|
||||
extraModulePackages = [ ];
|
||||
};
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/ed02dfb7-7071-4852-9bb6-f3bd965e0234";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/5781-E6CA";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
}
|
5
machines/rescue01/secrets/secrets.nix
Normal file
5
machines/rescue01/secrets/secrets.nix
Normal file
|
@ -0,0 +1,5 @@
|
|||
let
|
||||
lib = import ../../../lib { };
|
||||
publicKeys = lib.getNodeKeys "rescue01";
|
||||
in
|
||||
lib.setDefault { inherit publicKeys; } [ ]
|
|
@ -14,6 +14,9 @@
|
|||
"vault01"
|
||||
];
|
||||
|
||||
# Luj's infra
|
||||
par03 = [ "rescue01" ];
|
||||
|
||||
# VMs du SPI/NPS/Whatever
|
||||
dmi01 = [
|
||||
"web01"
|
||||
|
|
|
@ -188,4 +188,25 @@ builtins.mapAttrs mkNet {
|
|||
|
||||
hostId = "b431ca10";
|
||||
};
|
||||
|
||||
rescue01 = {
|
||||
interfaces = {
|
||||
ens18 = {
|
||||
ipv6 = [
|
||||
{
|
||||
address = "2a01:e0a:de4:a0e1:2d73:2a7e:18db:5728";
|
||||
prefixLength = 64;
|
||||
}
|
||||
];
|
||||
ipv4 = [
|
||||
{
|
||||
address = "192.168.0.232";
|
||||
prefixLength = 21;
|
||||
}
|
||||
];
|
||||
gateways = [ "192.168.0.1" ];
|
||||
};
|
||||
};
|
||||
hostId = "007f0200";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -62,4 +62,8 @@ builtins.mapAttrs mkNode {
|
|||
stateVersion = "24.05";
|
||||
nixpkgs = "unstable";
|
||||
};
|
||||
|
||||
rescue01 = {
|
||||
stateVersion = "23.11";
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue