init
This commit is contained in:
commit
0ab4ba65c6
19 changed files with 394 additions and 0 deletions
9
README.md
Normal file
9
README.md
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
# nixos-servers
|
||||||
|
|
||||||
|
Nix definitions to configure our physical servers.
|
||||||
|
Currently, only one physical server (named jefke) is implemented.
|
||||||
|
|
||||||
|
To deploy:
|
||||||
|
```
|
||||||
|
nixos-rebuild switch -j auto --target-host root@jefke.hyp --flake ".#jefke"
|
||||||
|
```
|
141
configuration.nix
Normal file
141
configuration.nix
Normal file
|
@ -0,0 +1,141 @@
|
||||||
|
{pkgs, ...}: {
|
||||||
|
imports = [
|
||||||
|
./hardware-configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.loader = {
|
||||||
|
systemd-boot.enable = true;
|
||||||
|
efi.canTouchEfiVariables = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
time.timeZone = "Europe/Amsterdam";
|
||||||
|
|
||||||
|
i18n = {
|
||||||
|
defaultLocale = "en_US.UTF-8";
|
||||||
|
|
||||||
|
extraLocaleSettings = {
|
||||||
|
LC_ADDRESS = "nl_NL.UTF-8";
|
||||||
|
LC_IDENTIFICATION = "nl_NL.UTF-8";
|
||||||
|
LC_MEASUREMENT = "nl_NL.UTF-8";
|
||||||
|
LC_MONETARY = "nl_NL.UTF-8";
|
||||||
|
LC_NAME = "nl_NL.UTF-8";
|
||||||
|
LC_NUMERIC = "nl_NL.UTF-8";
|
||||||
|
LC_PAPER = "nl_NL.UTF-8";
|
||||||
|
LC_TELEPHONE = "nl_NL.UTF-8";
|
||||||
|
LC_TIME = "nl_NL.UTF-8";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services = {
|
||||||
|
openssh = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
PasswordAuthentication = false;
|
||||||
|
KbdInteractiveAuthentication = false;
|
||||||
|
};
|
||||||
|
extraConfig = ''
|
||||||
|
HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
xserver = {
|
||||||
|
layout = "us";
|
||||||
|
xkbVariant = "";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.root.openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodpLr+FDRyKyHjucHizNLVFHZ5AQmE9GmxMnOsSoaw pimkunis@thinkpadpim"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUZp4BCxf7uLa1QWonx/Crf8tYZ5MKIZ+EuaBa82LrV user@user-laptop"
|
||||||
|
];
|
||||||
|
|
||||||
|
programs.ssh = {
|
||||||
|
knownHosts = {
|
||||||
|
dmz = {
|
||||||
|
hostNames = ["*.dmz"];
|
||||||
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x";
|
||||||
|
certAuthority = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
hypervisors = {
|
||||||
|
hostNames = ["*.hyp"];
|
||||||
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb";
|
||||||
|
certAuthority = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
CertificateFile /etc/ssh/ssh_user_ed25519_key-cert.pub
|
||||||
|
HostKey /etc/ssh/ssh_user_ed25519_key
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
vim
|
||||||
|
neofetch
|
||||||
|
cowsay
|
||||||
|
python3
|
||||||
|
];
|
||||||
|
|
||||||
|
# TODO: firewalling
|
||||||
|
# Open ports in the firewall.
|
||||||
|
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||||
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||||
|
# Or disable the firewall altogether.
|
||||||
|
# networking.firewall.enable = false;
|
||||||
|
|
||||||
|
system.stateVersion = "23.05";
|
||||||
|
|
||||||
|
systemd.network = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
netdevs = {
|
||||||
|
"20-vlandmz" = {
|
||||||
|
netdevConfig = {
|
||||||
|
Kind = "vlan";
|
||||||
|
Name = "vlandmz";
|
||||||
|
};
|
||||||
|
vlanConfig.Id = 30;
|
||||||
|
};
|
||||||
|
"20-bridgedmz" = {
|
||||||
|
netdevConfig = {
|
||||||
|
Kind = "bridge";
|
||||||
|
Name = "bridgedmz";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networks = {
|
||||||
|
"30-main-nic" = {
|
||||||
|
matchConfig.Name = "en*";
|
||||||
|
networkConfig = {
|
||||||
|
DHCP = "yes";
|
||||||
|
};
|
||||||
|
vlan = [
|
||||||
|
"vlandmz"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
"40-vlandmz" = {
|
||||||
|
matchConfig.Name = "vlandmz";
|
||||||
|
networkConfig = {
|
||||||
|
IPv6AcceptRA = false;
|
||||||
|
LinkLocalAddressing = "no";
|
||||||
|
Bridge = "bridgedmz";
|
||||||
|
};
|
||||||
|
linkConfig.RequiredForOnline = "enslaved";
|
||||||
|
};
|
||||||
|
"40-bridgedmz" = {
|
||||||
|
matchConfig.Name = "bridgedmz";
|
||||||
|
networkConfig = {
|
||||||
|
IPv6AcceptRA = false;
|
||||||
|
LinkLocalAddressing = "no";
|
||||||
|
};
|
||||||
|
linkConfig.RequiredForOnline = "carrier";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
virtualisation.libvirtd.enable = true;
|
||||||
|
}
|
27
flake.lock
Normal file
27
flake.lock
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
{
|
||||||
|
"nodes": {
|
||||||
|
"nixpkgs": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1699169573,
|
||||||
|
"narHash": "sha256-cvUb1xZkvOp3W2SzylStrTirhVd9zCeo5utJl9nSIhw=",
|
||||||
|
"owner": "nixos",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "aeefe2054617cae501809b82b44a8e8f7be7cc4b",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nixos",
|
||||||
|
"ref": "nixos-23.05",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": "nixpkgs"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": "root",
|
||||||
|
"version": 7
|
||||||
|
}
|
22
flake.nix
Normal file
22
flake.nix
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
{
|
||||||
|
description = "NixOS definitions for our physical servers";
|
||||||
|
|
||||||
|
inputs = {
|
||||||
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
|
||||||
|
};
|
||||||
|
|
||||||
|
outputs = {
|
||||||
|
self,
|
||||||
|
nixpkgs,
|
||||||
|
...
|
||||||
|
} @ attrs: {
|
||||||
|
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;
|
||||||
|
nixosConfigurations.jefke = nixpkgs.lib.nixosSystem {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
specialArgs = attrs;
|
||||||
|
modules = [
|
||||||
|
./configuration.nix
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
34
hardware-configuration.nix
Normal file
34
hardware-configuration.nix
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
modulesPath,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
imports = [
|
||||||
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"];
|
||||||
|
boot.initrd.kernelModules = [];
|
||||||
|
boot.kernelModules = ["kvm-intel"];
|
||||||
|
boot.extraModulePackages = [];
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/disk/by-uuid/b78f591c-c9b6-4dae-9837-56716d38990b";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/disk/by-uuid/6936-84C2";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [
|
||||||
|
{device = "/dev/disk/by-uuid/79fbd322-e58d-4e45-8969-06ef494cefea";}
|
||||||
|
];
|
||||||
|
|
||||||
|
networking.useDHCP = false;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
1
secrets/.envrc
Normal file
1
secrets/.envrc
Normal file
|
@ -0,0 +1 @@
|
||||||
|
use flake
|
1
secrets/.gitignore
vendored
Normal file
1
secrets/.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
.direnv
|
7
secrets/README.md
Normal file
7
secrets/README.md
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
We can for now keep using Ansible vault to deploy secrets.
|
||||||
|
The steps for setting up a hypervisor will thus become:
|
||||||
|
1. Manually install NixOS
|
||||||
|
2. Configure SSH and install authorized keys
|
||||||
|
3. Ensure python3 is present on the system
|
||||||
|
4. Run Ansible script to copy secrets
|
||||||
|
5. Run Nix to configure everything else
|
8
secrets/ansible.cfg
Normal file
8
secrets/ansible.cfg
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
[defaults]
|
||||||
|
inventory=inventory
|
||||||
|
vault_password_file=$HOME/.config/home/ansible-vault-secret
|
||||||
|
host_key_checking = False
|
||||||
|
remote_user = root
|
||||||
|
|
||||||
|
[diff]
|
||||||
|
always = True
|
32
secrets/deploy.yml
Normal file
32
secrets/deploy.yml
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
- name: Deploy secrets
|
||||||
|
hosts: jefke
|
||||||
|
tasks:
|
||||||
|
- name: Place user certificate
|
||||||
|
copy:
|
||||||
|
src: files/jefke_user_ed25519.crt
|
||||||
|
dest: /etc/ssh/ssh_user_ed25519_key-cert.pub
|
||||||
|
|
||||||
|
- name: Place user public key
|
||||||
|
copy:
|
||||||
|
src: files/jefke_user_ed25519.pub
|
||||||
|
dest: /etc/ssh/ssh_user_ed25519_key.pub
|
||||||
|
|
||||||
|
- name: Place user private key
|
||||||
|
copy:
|
||||||
|
src: files/jefke_user_ed25519
|
||||||
|
dest: /etc/ssh/ssh_user_ed25519_key
|
||||||
|
|
||||||
|
- name: Place host certificate
|
||||||
|
copy:
|
||||||
|
src: files/jefke_host_ed25519.crt
|
||||||
|
dest: /etc/ssh/ssh_host_ed25519_key-cert.pub
|
||||||
|
|
||||||
|
- name: Place host public key
|
||||||
|
copy:
|
||||||
|
src: files/jefke_host_ed25519.pub
|
||||||
|
dest: /etc/ssh/ssh_host_ed25519_key.pub
|
||||||
|
|
||||||
|
- name: Place host private key
|
||||||
|
copy:
|
||||||
|
src: files/jefke_host_ed25519
|
||||||
|
dest: /etc/ssh/ssh_host_ed25519_key
|
25
secrets/files/jefke_host_ed25519
Normal file
25
secrets/files/jefke_host_ed25519
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
37613631656435623262663132613734663862346638313566623466663838333634663934663539
|
||||||
|
3035363062373461313937383365383233643861346562660a666235323134663361366635343037
|
||||||
|
35316364633964333963363866333364333834646636326632313261633863616661373763346539
|
||||||
|
3266346433356362620a663634356331306538386463616261626232396464663166316533613330
|
||||||
|
63633664626261333862623366666235383862386233313761616561623932666364636237346663
|
||||||
|
32616633616364356537336463643237383233356232363836376337343166336332386530653338
|
||||||
|
31643635303630386166393236616237343262653862323436636465613736393762623239646538
|
||||||
|
35666266656465656333666266326639326161323230326232363461383634356264336333663664
|
||||||
|
61656361666430356238666366363138343239316631313861636463376462613336613631633233
|
||||||
|
38343161356464353138376131333563633539323231646530636566386434613463623934646162
|
||||||
|
36323665353766313034623261336336393862366561343165613733396236326365656436373930
|
||||||
|
65633838333438356464353436343638616163363637313665333336313137623035346235323332
|
||||||
|
36383731663366356634653837306561613037633166653939336434623637353665326538303165
|
||||||
|
66636332363131313332663130663332393237643361363166663634633661626137346264303938
|
||||||
|
30383132376331633938353934393939373437343438613861653837613337373638336636653039
|
||||||
|
39336637373730333434636134633062623064653432633730366139666265373066346132373639
|
||||||
|
64353536646639366636656634633431316330656634383234343631626138393936663637653239
|
||||||
|
62393130366136396363633264623139323437643862343964383963663162636332386630363363
|
||||||
|
34636535376264323564383533306162316437306462326636313936316430326235633761356138
|
||||||
|
39666235646364353332613038623935343265346661633032303036653461396139383933316263
|
||||||
|
36316465383063643961353031633365613962383264663636623662363461626365356330663232
|
||||||
|
39393632366439623063326232373733333766353638393466396365663039666130383239366534
|
||||||
|
32326139306235306332376565366137373630303363346366306337306439643866393361333032
|
||||||
|
38626139633761613365
|
1
secrets/files/jefke_host_ed25519.crt
Normal file
1
secrets/files/jefke_host_ed25519.crt
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIHzQMMRr2vNtTW3joxPzQYjFFu3iI/WyIRVD18YKY61CAAAAIKTzrsjwRmKg3JbRLY/RrWnIBfCupfFdMWZ/8AQAXg9uAAAAAAAAAAAAAAACAAAACWplZmtlLmh5cAAAAA0AAAAJamVma2UuaHlwAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgXNGQfd38pUlCi6zBj8Myl6dZsMVU6cjdW63TFHR7W1sAAABTAAAAC3NzaC1lZDI1NTE5AAAAQPNDgNAOmp5Gl//mjEHF2H5Yi8GIFfyiRm8nJ2UkGXzpNr3+bQvQhPigziuXO0+8910yY9QzXTfvc4mgAT1gpgU= root@jefke
|
1
secrets/files/jefke_host_ed25519.pub
Normal file
1
secrets/files/jefke_host_ed25519.pub
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKTzrsjwRmKg3JbRLY/RrWnIBfCupfFdMWZ/8AQAXg9u root@jefke
|
25
secrets/files/jefke_user_ed25519
Normal file
25
secrets/files/jefke_user_ed25519
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
61393933316139623835666133666433393235376532643538363733656439356465393062636265
|
||||||
|
3236373661386566326631636333346430316264616537320a386336376239613865363032666239
|
||||||
|
63616166363837393562643836333765393536363564636365616638333939323436383735616262
|
||||||
|
3331363766353038620a626662666331613734313564636564633238653762336364666237353635
|
||||||
|
36353837666366346565626162666466353661646630376261643133393966336236656234626139
|
||||||
|
38326164366565646539396139343538636234646330623965623430303535316131636261336133
|
||||||
|
61373763326566666565366432353535653430326466316130376337656431363038666334653332
|
||||||
|
63646439323635303432653536643464666266303533633330663137376432353563366133663661
|
||||||
|
31393430356235323535303562323662313936393132383162316238666162373232313736646630
|
||||||
|
34343131393963313839393330356539636532613936383932393537346134356337306336633434
|
||||||
|
32653961616161656136306234313335653336336230366237303336346631623735646564323962
|
||||||
|
31316165333264613433313761393936643433323762363161393730363161613839333038363032
|
||||||
|
63393038346365353362366639386334666134613961383033306566333361373630353539366635
|
||||||
|
32363732353262313436376462616437363337623933363964333763396233656438346638633432
|
||||||
|
66383338336237313266666161656633656264623532633764333565663331666665623031353265
|
||||||
|
31646233383238313734633234653666313734343263653936333636323463653636333535656565
|
||||||
|
30646133366265363938363561623335653239643637656339393236313535326366643238396562
|
||||||
|
30623631656530353362613536633935343131353961353735333561626463353632623465613063
|
||||||
|
37373661333339353030626437653863653736353939643966373834663262383035336337656335
|
||||||
|
34333836373535373164623436666465346564356539313032316130616439323161653134646364
|
||||||
|
32363938356235343736396431333639656366663130366439363062643137326162366563346266
|
||||||
|
30343834386135616663613964353262333462613465646362353437373362326363326136333131
|
||||||
|
66356466656162393038316361323335363261653036316533646563376262353039623939306663
|
||||||
|
35333430633836373064
|
1
secrets/files/jefke_user_ed25519.crt
Normal file
1
secrets/files/jefke_user_ed25519.crt
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIKdTRygvLfapNY6umK+TdoqWDIq4ZzXLZlUJ/lVvkuqtAAAAINZ3aw6gjrOt561j1Mh7kINqlavorKeujN1Q8mn/Fy69AAAAAAAAAAAAAAABAAAACWplZmtlLmh5cAAAABsAAAAJamVma2UuaHlwAAAACmh5cGVydmlzb3IAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgdmt4SFL+swd8kHsh6cQR+TfzMKObJx75fYBbHNT83zUAAABTAAAAC3NzaC1lZDI1NTE5AAAAQI36zBw4Epr1ijXBk7T5JENgisn4SbVTLkhYBWCquHcAv3nFFJOEZ1kdC/SfYaDwmXb/rNybpr3942wF0xD3/ws= root@jefke
|
1
secrets/files/jefke_user_ed25519.pub
Normal file
1
secrets/files/jefke_user_ed25519.pub
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINZ3aw6gjrOt561j1Mh7kINqlavorKeujN1Q8mn/Fy69 root@jefke
|
27
secrets/flake.lock
Normal file
27
secrets/flake.lock
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
{
|
||||||
|
"nodes": {
|
||||||
|
"nixpkgs": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1698434055,
|
||||||
|
"narHash": "sha256-Phxi5mUKSoL7A0IYUiYtkI9e8NcGaaV5PJEaJApU1Ko=",
|
||||||
|
"owner": "nixos",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "1a3c95e3b23b3cdb26750621c08cc2f1560cb883",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nixos",
|
||||||
|
"ref": "nixos-23.05",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": "nixpkgs"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": "root",
|
||||||
|
"version": 7
|
||||||
|
}
|
26
secrets/flake.nix
Normal file
26
secrets/flake.nix
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
{
|
||||||
|
inputs = {
|
||||||
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
|
||||||
|
};
|
||||||
|
|
||||||
|
outputs = {
|
||||||
|
self,
|
||||||
|
nixpkgs,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
supportedSystems = ["x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin"];
|
||||||
|
forEachSupportedSystem = f:
|
||||||
|
nixpkgs.lib.genAttrs supportedSystems (system:
|
||||||
|
f {
|
||||||
|
pkgs = import nixpkgs {inherit system;};
|
||||||
|
});
|
||||||
|
in {
|
||||||
|
devShells = forEachSupportedSystem ({pkgs}: {
|
||||||
|
default = pkgs.mkShell {
|
||||||
|
packages = with pkgs; [
|
||||||
|
ansible
|
||||||
|
];
|
||||||
|
};
|
||||||
|
});
|
||||||
|
};
|
||||||
|
}
|
5
secrets/inventory/hosts.yml
Normal file
5
secrets/inventory/hosts.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
all:
|
||||||
|
hosts:
|
||||||
|
jefke:
|
||||||
|
ansible_user: root
|
||||||
|
ansible_host: jefke.hyp
|
Loading…
Reference in a new issue