~

2024-06-19 08:34:47 +02:00 · 2024-06-19 08:34:47 +02:00 · c032e84459
commit c032e84459
parent 1d62b2065f
8 changed files with 165 additions and 10 deletions
--- a/hive.nix
+++ b/hive.nix
@ -2,6 +2,7 @@ let
  mods = import ./modules;
  users = import ./users;
  sources = import ./npins;
+  id_sylvain = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvi5VUsDrwS4XqQQfFFIx1JoRDPVdtChUQWqKFbPFtP8gH51woXiKtKRbDebL0z/EmkdYKxxIkzixHTR5xQXjo8JiFZbwldZi5IvMr3x//ad9sVyOhmbRx1DXLKjyOdWyo+w0vORvbEDu2lHktfSvhHGrvUHfFc3EY+cAl7IImgGEeGNPruAuNkN90Lth9QgwJVsdOEs9j7hwwKtpfMMETL5tkW34Nu7io03+SaPxwi2xLuWTdTklfZ7GWYtG2w/hFkzDbkW97rp5dxB1HO58cPqyRlqyfhZFpiUmWlyuMba3Tip6JarCa52IpFffEIDR0CSeh5CFPoeppo/TPDiXDie370TjjQpxJiG+9PobBhmChH5FmQ/lksffI/WimqpVO7Ixf5cYiHN5Z0mgJgZsXwI3YPICQLA8ebSKHA8+mdmkunDmCBRaBj1qEgkp/UoYqXT6BjBm07nOsnL+3SG/yfx4fLotgWtdm2mkjEAG+OGVR7G3Vk/POxn0EqX7Z+gU= sylvain@idefix";
 in
 {
  meta.nixpkgs = import sources.nixpkgs { };
@ -102,9 +103,7 @@ in
        ./machines/kat-virt/configuration.nix
        (users.root { ssh = true; })
      ];
-      users.users.root.openssh.authorizedKeys.keys = [
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvi5VUsDrwS4XqQQfFFIx1JoRDPVdtChUQWqKFbPFtP8gH51woXiKtKRbDebL0z/EmkdYKxxIkzixHTR5xQXjo8JiFZbwldZi5IvMr3x//ad9sVyOhmbRx1DXLKjyOdWyo+w0vORvbEDu2lHktfSvhHGrvUHfFc3EY+cAl7IImgGEeGNPruAuNkN90Lth9QgwJVsdOEs9j7hwwKtpfMMETL5tkW34Nu7io03+SaPxwi2xLuWTdTklfZ7GWYtG2w/hFkzDbkW97rp5dxB1HO58cPqyRlqyfhZFpiUmWlyuMba3Tip6JarCa52IpFffEIDR0CSeh5CFPoeppo/TPDiXDie370TjjQpxJiG+9PobBhmChH5FmQ/lksffI/WimqpVO7Ixf5cYiHN5Z0mgJgZsXwI3YPICQLA8ebSKHA8+mdmkunDmCBRaBj1qEgkp/UoYqXT6BjBm07nOsnL+3SG/yfx4fLotgWtdm2mkjEAG+OGVR7G3Vk/POxn0EqX7Z+gU= sylvain@idefix"
-      ];
+      users.users.root.openssh.authorizedKeys.keys = [ id_sylvain ];
    };

  kat-traque =
@ -116,9 +115,19 @@ in
        ./machines/kat-traque/configuration.nix
        (users.root { ssh = true; })
      ];
-      users.users.root.openssh.authorizedKeys.keys = [
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvi5VUsDrwS4XqQQfFFIx1JoRDPVdtChUQWqKFbPFtP8gH51woXiKtKRbDebL0z/EmkdYKxxIkzixHTR5xQXjo8JiFZbwldZi5IvMr3x//ad9sVyOhmbRx1DXLKjyOdWyo+w0vORvbEDu2lHktfSvhHGrvUHfFc3EY+cAl7IImgGEeGNPruAuNkN90Lth9QgwJVsdOEs9j7hwwKtpfMMETL5tkW34Nu7io03+SaPxwi2xLuWTdTklfZ7GWYtG2w/hFkzDbkW97rp5dxB1HO58cPqyRlqyfhZFpiUmWlyuMba3Tip6JarCa52IpFffEIDR0CSeh5CFPoeppo/TPDiXDie370TjjQpxJiG+9PobBhmChH5FmQ/lksffI/WimqpVO7Ixf5cYiHN5Z0mgJgZsXwI3YPICQLA8ebSKHA8+mdmkunDmCBRaBj1qEgkp/UoYqXT6BjBm07nOsnL+3SG/yfx4fLotgWtdm2mkjEAG+OGVR7G3Vk/POxn0EqX7Z+gU= sylvain@idefix"
+      users.users.root.openssh.authorizedKeys.keys = [ id_sylvain ];
+    };
+
+  kat-mail-test =
+    { name, nodes, ... }:
+    {
+      deployment.targetHost = "mail-test.kat";
+
+      imports = [
+        ./machines/kat-mail-test
+        (users.root { ssh = true; })
      ];
+      users.users.root.openssh.authorizedKeys.keys = [ id_sylvain ];
    };

  kat-watcher =
--- a/machines/kat-mail-test/default.nix
+++ b/machines/kat-mail-test/default.nix
@ -0,0 +1,79 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./disks.nix
+  ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.supportedFilesystems = [ "bcachefs" ];
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  time.timeZone = "Europe/Paris";
+
+  networking = {
+    interfaces."enp1s0" = {
+      useDHCP = false;
+      ipv4.addresses = [
+        {
+          address = "192.168.122.3";
+          prefixLength = 24;
+        }
+      ];
+      ipv6.addresses = [
+        {
+          address = "fe80::3";
+          prefixLength = 64;
+        }
+      ];
+    };
+    defaultGateway = "192.168.122.1";
+    defaultGateway6 = {
+      address = "fe80::1";
+      interface = "enp1s0";
+    };
+    nameservers = [
+      "192.168.122.1"
+      "fe80::1%enp1s0"
+    ];
+  };
+
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "fr";
+  };
+
+  services.dbus.packages = with pkgs; [ dconf ];
+
+  nixpkgs.config.allowUnfree = true;
+
+  programs.zsh.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    wget
+    nix-search-cli
+    git
+    btop
+    ranger
+    screen
+  ];
+
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+
+  services.openssh.enable = true;
+
+  networking.firewall.enable = false;
+
+  system.stateVersion = "23.11";
+}
--- a/machines/kat-mail-test/disks.nix
+++ b/machines/kat-mail-test/disks.nix
@ -0,0 +1,32 @@
+{
+  disko.devices = {
+    disk = {
+      vda = {
+        device = "/dev/vda";
+        type = "disk";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              type = "EF00";
+              size = "100M";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "bcachefs";
+                mountpoint = "/";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/machines/kat-mail-test/hardware-configuration.nix
+++ b/machines/kat-mail-test/hardware-configuration.nix
@ -0,0 +1,25 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+
+  boot.initrd.availableKernelModules = [
+    "ahci"
+    "xhci_pci"
+    "virtio_pci"
+    "sr_mod"
+    "virtio_blk"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  networking.useDHCP = lib.mkDefault true;
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
--- a/machines/kat-r86s/configuration.nix
+++ b/machines/kat-r86s/configuration.nix
@ -107,12 +107,20 @@
  programs.virt-manager.enable = true;
  virtualisation.libvirtd.enable = true;

+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "root@katvayor.net";
+  };
  services.nginx = {
    enable = true;
    virtualHosts = {
-      "degette.katvayor.net".locations."/" = {
-        recommendedProxySettings = true;
-        proxyPass = "http://192.168.122.2/";
+      "degette.katvayor.net" = {
+        enableACME = true;
+        addSSL = true;
+        locations."/" = {
+          recommendedProxySettings = true;
+          proxyPass = "http://192.168.122.2/";
+        };
      };
      "traque.katvayor.net".locations."/" = {
        recommendedProxySettings = true;
--- a/machines/kat-watcher/default.nix
+++ b/machines/kat-watcher/default.nix
@ -64,9 +64,10 @@
      "degette.katvayor.net" = {
        enableACME = true;
        forceSSL = true;
+        acmeFallbackHost = "100.102.49.84";
        locations."/" = {
          recommendedProxySettings = true;
-          proxyPass = "http://100.102.49.84/";
+          proxyPass = "https://100.102.49.84/";
        };
      };
      "traque.katvayor.net" = {
--- a/machines/kat-watcher/disks.nix
+++ b/machines/kat-watcher/disks.nix
@ -27,6 +27,7 @@
                type = "filesystem";
                format = "bcachefs";
                mountpoint = "/";
+                extraArgs = [ "--compression=zstd" ];
              };
            };
          };
--- a/modules/ssh.nix
+++ b/modules/ssh.nix
@ -27,7 +27,7 @@
        hostname = "fe80::2%%virbr0";
        proxyJump = "r86s.kat";
      };
-      "runner.kat" = {
+      "mail-test.kat" = {
        user = "root";
        hostname = "fe80::3%%virbr0";
        proxyJump = "r86s.kat";