forked from DGNum/infrastructure
Merge pull request 'init_web-01' (#1) from init_web-01 into main
Reviewed-on: https://git.hubrecht.ovh/DGNum/infrastructure/pulls/1
This commit is contained in:
commit
7d11d6e8f8
9 changed files with 172 additions and 3 deletions
|
@ -1,3 +1,3 @@
|
||||||
# infrastructure
|
# ❄️ infrastructure
|
||||||
|
|
||||||
The dgnum infrastructure
|
The dgnum infrastructure
|
5
admin_keys/anon.keys
Normal file
5
admin_keys/anon.keys
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0xMwWedkKosax9+7D2OlnMxFL/eV4CvFZLsbLptpXr
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+EZXYziiaynJX99EW8KesnmRTZMof3BoIs3mdEl8L3
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHL4M4HKjs4cjRAYRk9pmmI8U0R4+T/jQh6Fxp/i1Eoy
|
1
admin_keys/mdebray.keys
Normal file
1
admin_keys/mdebray.keys
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEpwF+XD3HgX64kqD42pcEZRNYAWoO4YNiOm5KO4tH6o maurice@polaris
|
7
flake.nix
Normal file
7
flake.nix
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️
|
||||||
|
❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️
|
||||||
|
❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️
|
||||||
|
❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️
|
||||||
|
❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️
|
||||||
|
❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️
|
||||||
|
❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ ❄️ .nix
|
37
machines/web-01/configuration.nix
Normal file
37
machines/web-01/configuration.nix
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ # Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# Use the systemd-boot EFI boot loader.
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
networking.hostName = "web-01";# Define your hostname.
|
||||||
|
|
||||||
|
time.timeZone = "Europe/Paris";
|
||||||
|
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.ens3.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
users.users.root.openssh.authorizedKeys.keyFiles = [ ../../admin_keys/anon.keys ../../admin_keys/mdebray.keys ];
|
||||||
|
|
||||||
|
# Enable the OpenSSH daemon.
|
||||||
|
services.openssh.enable = true;
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "22.11"; # Did you read the comment?
|
||||||
|
|
||||||
|
}
|
||||||
|
|
79
machines/web-01/disko.nix
Normal file
79
machines/web-01/disko.nix
Normal file
|
@ -0,0 +1,79 @@
|
||||||
|
{...}:
|
||||||
|
let
|
||||||
|
luksName = "mainfs";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
boot.initrd.luks.devices.${luksName} = {
|
||||||
|
keyFile = "/dev/zero";
|
||||||
|
keyFileSize = 1;
|
||||||
|
};
|
||||||
|
disko.devices = {
|
||||||
|
disk = {
|
||||||
|
vdb = {
|
||||||
|
device = "/dev/vdb";
|
||||||
|
type = "disk";
|
||||||
|
content = {
|
||||||
|
type = "table";
|
||||||
|
format = "gpt";
|
||||||
|
partitions = [
|
||||||
|
{
|
||||||
|
name = "ESP";
|
||||||
|
start = "1MiB";
|
||||||
|
end = "512MiB";
|
||||||
|
fs-type = "fat32";
|
||||||
|
bootable = true;
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "vfat";
|
||||||
|
mountpoint = "/boot";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "luks";
|
||||||
|
start = "512MiB";
|
||||||
|
end = "-4GiB";
|
||||||
|
content = rec {
|
||||||
|
type = "luks";
|
||||||
|
name = luksName;
|
||||||
|
extraOpenArgs = [ "--keyfile-size=1" ];
|
||||||
|
extraFormatArgs = extraOpenArgs;
|
||||||
|
keyFile = "/dev/zero";
|
||||||
|
content = {
|
||||||
|
type = "btrfs";
|
||||||
|
mountpoint = "/mnt/btrfs-root";
|
||||||
|
subvolumes = {
|
||||||
|
"/rootfs" = {
|
||||||
|
mountpoint = "/";
|
||||||
|
mountOptions = [ "compress=zstd" ];
|
||||||
|
};
|
||||||
|
"/home" = {
|
||||||
|
mountOptions = [ "compress=zstd" ];
|
||||||
|
mountpoint = "/home";
|
||||||
|
};
|
||||||
|
"/var-log" = {
|
||||||
|
mountOptions = [ "compress=zstd" ];
|
||||||
|
mountpoint = "/var/log";
|
||||||
|
};
|
||||||
|
"/nix" = {
|
||||||
|
mountOptions = [ "noatime" "compress=zstd" ];
|
||||||
|
mountpoint = "/nix";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "swap";
|
||||||
|
start = "-4GiB";
|
||||||
|
end = "100%";
|
||||||
|
content = {
|
||||||
|
type = "swap";
|
||||||
|
randomEncryption = true;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
21
machines/web-01/hardware-configuration.nix
Normal file
21
machines/web-01/hardware-configuration.nix
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
(modulesPath + "/profiles/qemu-guest.nix")
|
||||||
|
(let sources = import ../../npins; in sources.disko + "/module.nix")
|
||||||
|
./disko.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "ahci" "virtio_blk" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
|
@ -1,5 +1,19 @@
|
||||||
{
|
{
|
||||||
"pins": {
|
"pins": {
|
||||||
|
"disko": {
|
||||||
|
"type": "GitRelease",
|
||||||
|
"repository": {
|
||||||
|
"type": "GitHub",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "disko"
|
||||||
|
},
|
||||||
|
"pre_releases": false,
|
||||||
|
"version_upper_bound": null,
|
||||||
|
"version": "v1.0.0",
|
||||||
|
"revision": "6cbfde5b505bbbf0cfcfff230efb272e4d4a2230",
|
||||||
|
"url": "https://api.github.com/repos/nix-community/disko/tarball/v1.0.0",
|
||||||
|
"hash": "153cm29hjgklsi1aw85srvcd3h3afm7j77llk4fj3slf5gcwnmx9"
|
||||||
|
},
|
||||||
"krops": {
|
"krops": {
|
||||||
"type": "GitRelease",
|
"type": "GitRelease",
|
||||||
"repository": {
|
"repository": {
|
||||||
|
|
|
@ -1,6 +1,11 @@
|
||||||
{ pkgs ? import (import ./npins { }).nixpkgs {} }:
|
let
|
||||||
|
sources = (import ./npins);
|
||||||
|
pkgs = import sources.nixpkgs {};
|
||||||
|
in
|
||||||
pkgs.mkShell {
|
pkgs.mkShell {
|
||||||
packages = [
|
packages = [
|
||||||
pkgs.npins
|
pkgs.npins
|
||||||
|
(pkgs.callPackage (sources.disko + "/package.nix") {})
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
# ❄️ ❄️ ❄️
|
||||||
|
|
Loading…
Reference in a new issue