diff --git a/hive.nix b/hive.nix index 97f28cd..149316a 100644 --- a/hive.nix +++ b/hive.nix @@ -2,6 +2,7 @@ let mods = import ./modules; users = import ./users; sources = import ./npins; + id_sylvain = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvi5VUsDrwS4XqQQfFFIx1JoRDPVdtChUQWqKFbPFtP8gH51woXiKtKRbDebL0z/EmkdYKxxIkzixHTR5xQXjo8JiFZbwldZi5IvMr3x//ad9sVyOhmbRx1DXLKjyOdWyo+w0vORvbEDu2lHktfSvhHGrvUHfFc3EY+cAl7IImgGEeGNPruAuNkN90Lth9QgwJVsdOEs9j7hwwKtpfMMETL5tkW34Nu7io03+SaPxwi2xLuWTdTklfZ7GWYtG2w/hFkzDbkW97rp5dxB1HO58cPqyRlqyfhZFpiUmWlyuMba3Tip6JarCa52IpFffEIDR0CSeh5CFPoeppo/TPDiXDie370TjjQpxJiG+9PobBhmChH5FmQ/lksffI/WimqpVO7Ixf5cYiHN5Z0mgJgZsXwI3YPICQLA8ebSKHA8+mdmkunDmCBRaBj1qEgkp/UoYqXT6BjBm07nOsnL+3SG/yfx4fLotgWtdm2mkjEAG+OGVR7G3Vk/POxn0EqX7Z+gU= sylvain@idefix"; in { meta.nixpkgs = import sources.nixpkgs { }; @@ -102,9 +103,7 @@ in ./machines/kat-virt/configuration.nix (users.root { ssh = true; }) ]; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvi5VUsDrwS4XqQQfFFIx1JoRDPVdtChUQWqKFbPFtP8gH51woXiKtKRbDebL0z/EmkdYKxxIkzixHTR5xQXjo8JiFZbwldZi5IvMr3x//ad9sVyOhmbRx1DXLKjyOdWyo+w0vORvbEDu2lHktfSvhHGrvUHfFc3EY+cAl7IImgGEeGNPruAuNkN90Lth9QgwJVsdOEs9j7hwwKtpfMMETL5tkW34Nu7io03+SaPxwi2xLuWTdTklfZ7GWYtG2w/hFkzDbkW97rp5dxB1HO58cPqyRlqyfhZFpiUmWlyuMba3Tip6JarCa52IpFffEIDR0CSeh5CFPoeppo/TPDiXDie370TjjQpxJiG+9PobBhmChH5FmQ/lksffI/WimqpVO7Ixf5cYiHN5Z0mgJgZsXwI3YPICQLA8ebSKHA8+mdmkunDmCBRaBj1qEgkp/UoYqXT6BjBm07nOsnL+3SG/yfx4fLotgWtdm2mkjEAG+OGVR7G3Vk/POxn0EqX7Z+gU= sylvain@idefix" - ]; + users.users.root.openssh.authorizedKeys.keys = [ id_sylvain ]; }; kat-traque = @@ -116,9 +115,19 @@ in ./machines/kat-traque/configuration.nix (users.root { ssh = true; }) ]; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvi5VUsDrwS4XqQQfFFIx1JoRDPVdtChUQWqKFbPFtP8gH51woXiKtKRbDebL0z/EmkdYKxxIkzixHTR5xQXjo8JiFZbwldZi5IvMr3x//ad9sVyOhmbRx1DXLKjyOdWyo+w0vORvbEDu2lHktfSvhHGrvUHfFc3EY+cAl7IImgGEeGNPruAuNkN90Lth9QgwJVsdOEs9j7hwwKtpfMMETL5tkW34Nu7io03+SaPxwi2xLuWTdTklfZ7GWYtG2w/hFkzDbkW97rp5dxB1HO58cPqyRlqyfhZFpiUmWlyuMba3Tip6JarCa52IpFffEIDR0CSeh5CFPoeppo/TPDiXDie370TjjQpxJiG+9PobBhmChH5FmQ/lksffI/WimqpVO7Ixf5cYiHN5Z0mgJgZsXwI3YPICQLA8ebSKHA8+mdmkunDmCBRaBj1qEgkp/UoYqXT6BjBm07nOsnL+3SG/yfx4fLotgWtdm2mkjEAG+OGVR7G3Vk/POxn0EqX7Z+gU= sylvain@idefix" + users.users.root.openssh.authorizedKeys.keys = [ id_sylvain ]; + }; + + kat-mail-test = + { name, nodes, ... }: + { + deployment.targetHost = "mail-test.kat"; + + imports = [ + ./machines/kat-mail-test + (users.root { ssh = true; }) ]; + users.users.root.openssh.authorizedKeys.keys = [ id_sylvain ]; }; kat-watcher = diff --git a/machines/kat-mail-test/default.nix b/machines/kat-mail-test/default.nix new file mode 100644 index 0000000..eb70af0 --- /dev/null +++ b/machines/kat-mail-test/default.nix @@ -0,0 +1,79 @@ +{ + config, + lib, + pkgs, + ... +}: + +{ + imports = [ + ./hardware-configuration.nix + ./disks.nix + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.supportedFilesystems = [ "bcachefs" ]; + boot.kernelPackages = pkgs.linuxPackages_latest; + + time.timeZone = "Europe/Paris"; + + networking = { + interfaces."enp1s0" = { + useDHCP = false; + ipv4.addresses = [ + { + address = "192.168.122.3"; + prefixLength = 24; + } + ]; + ipv6.addresses = [ + { + address = "fe80::3"; + prefixLength = 64; + } + ]; + }; + defaultGateway = "192.168.122.1"; + defaultGateway6 = { + address = "fe80::1"; + interface = "enp1s0"; + }; + nameservers = [ + "192.168.122.1" + "fe80::1%enp1s0" + ]; + }; + + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "fr"; + }; + + services.dbus.packages = with pkgs; [ dconf ]; + + nixpkgs.config.allowUnfree = true; + + programs.zsh.enable = true; + + environment.systemPackages = with pkgs; [ + wget + nix-search-cli + git + btop + ranger + screen + ]; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + services.openssh.enable = true; + + networking.firewall.enable = false; + + system.stateVersion = "23.11"; +} diff --git a/machines/kat-mail-test/disks.nix b/machines/kat-mail-test/disks.nix new file mode 100644 index 0000000..ed9ef70 --- /dev/null +++ b/machines/kat-mail-test/disks.nix @@ -0,0 +1,32 @@ +{ + disko.devices = { + disk = { + vda = { + device = "/dev/vda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + type = "EF00"; + size = "100M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "bcachefs"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/machines/kat-mail-test/hardware-configuration.nix b/machines/kat-mail-test/hardware-configuration.nix new file mode 100644 index 0000000..e8da702 --- /dev/null +++ b/machines/kat-mail-test/hardware-configuration.nix @@ -0,0 +1,25 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + boot.initrd.availableKernelModules = [ + "ahci" + "xhci_pci" + "virtio_pci" + "sr_mod" + "virtio_blk" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + networking.useDHCP = lib.mkDefault true; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/machines/kat-r86s/configuration.nix b/machines/kat-r86s/configuration.nix index 9486dce..08fb841 100644 --- a/machines/kat-r86s/configuration.nix +++ b/machines/kat-r86s/configuration.nix @@ -107,12 +107,20 @@ programs.virt-manager.enable = true; virtualisation.libvirtd.enable = true; + security.acme = { + acceptTerms = true; + defaults.email = "root@katvayor.net"; + }; services.nginx = { enable = true; virtualHosts = { - "degette.katvayor.net".locations."/" = { - recommendedProxySettings = true; - proxyPass = "http://192.168.122.2/"; + "degette.katvayor.net" = { + enableACME = true; + addSSL = true; + locations."/" = { + recommendedProxySettings = true; + proxyPass = "http://192.168.122.2/"; + }; }; "traque.katvayor.net".locations."/" = { recommendedProxySettings = true; diff --git a/machines/kat-watcher/default.nix b/machines/kat-watcher/default.nix index 6b68d5d..383561c 100644 --- a/machines/kat-watcher/default.nix +++ b/machines/kat-watcher/default.nix @@ -64,9 +64,10 @@ "degette.katvayor.net" = { enableACME = true; forceSSL = true; + acmeFallbackHost = "100.102.49.84"; locations."/" = { recommendedProxySettings = true; - proxyPass = "http://100.102.49.84/"; + proxyPass = "https://100.102.49.84/"; }; }; "traque.katvayor.net" = { diff --git a/machines/kat-watcher/disks.nix b/machines/kat-watcher/disks.nix index 6463c76..538d355 100644 --- a/machines/kat-watcher/disks.nix +++ b/machines/kat-watcher/disks.nix @@ -27,6 +27,7 @@ type = "filesystem"; format = "bcachefs"; mountpoint = "/"; + extraArgs = [ "--compression=zstd" ]; }; }; }; diff --git a/modules/ssh.nix b/modules/ssh.nix index 2413be1..b9db095 100644 --- a/modules/ssh.nix +++ b/modules/ssh.nix @@ -27,7 +27,7 @@ hostname = "fe80::2%%virbr0"; proxyJump = "r86s.kat"; }; - "runner.kat" = { + "mail-test.kat" = { user = "root"; hostname = "fe80::3%%virbr0"; proxyJump = "r86s.kat";