diff --git a/machines/atlas_host_ed25519-cert.pub b/machines/atlas_host_ed25519-cert.pub new file mode 100644 index 0000000..44e70c7 --- /dev/null +++ b/machines/atlas_host_ed25519-cert.pub @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIH4CQGHwWytKnkn7lYjT6G1NyPzINvfroZgwCLoOLO74AAAAIOMoSSEqM4VUBWUeFweJbqK9z7Ygp7fkX22hyWmgCNg8AAAAAAAAAAAAAAACAAAACWF0bGFzLmh5cAAAAA0AAAAJYXRsYXMuaHlwAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgXNGQfd38pUlCi6zBj8Myl6dZsMVU6cjdW63TFHR7W1sAAABTAAAAC3NzaC1lZDI1NTE5AAAAQAYModSEVNG06xvAcRn8XFeCp/iXFeqVcbtfT1NmmMkyIgybkXhJyHjp89BPg0zeAaoScFx8Xpsdd8CsxTeP+QU= root@atlas diff --git a/machines/atlas_user_ed25519-cert.pub b/machines/atlas_user_ed25519-cert.pub new file mode 100644 index 0000000..660f82a --- /dev/null +++ b/machines/atlas_user_ed25519-cert.pub @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIItpNkjaH8o51VKydwHYbbLxXMtf4euzojFKPxz+XqdwAAAAIG1vJNH1p8l8HlmYMT/vHGTjEnIul7ORQhutNnKiXlgqAAAAAAAAAAAAAAABAAAACWF0bGFzLmh5cAAAABsAAAAJYXRsYXMuaHlwAAAACmh5cGVydmlzb3IAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgdmt4SFL+swd8kHsh6cQR+TfzMKObJx75fYBbHNT83zUAAABTAAAAC3NzaC1lZDI1NTE5AAAAQIW4tC+FJA6bKFUfRVcHLWz1u3ZL/GRTWD2WCW4ApHq7no6ODeMwE10noNt/42mwYjFmjwR+cd9EuMyUErXmaw8= root@atlas diff --git a/machines/default.nix b/machines/default.nix index 116441c..bf1e41f 100644 --- a/machines/default.nix +++ b/machines/default.nix @@ -50,37 +50,50 @@ }; }; - bancomart = { - name = "bancomart"; - hostname = "bancomart.dmz"; + atlas = { + name = "atlas"; + hostname = "atlas.hyp"; specificConfig = { + custom = { + ssh = { + useCertificates = true; + hostCert = builtins.readFile ./atlas_host_ed25519-cert.pub; + userCert = builtins.readFile ./atlas_user_ed25519-cert.pub; + }; + }; + disko.devices = { disk = { - vda = { - device = "/dev/vda"; + vdb = { + device = "/dev/nvme0n1"; type = "disk"; content = { type = "gpt"; partitions = { - boot = { - size = "1M"; - type = "EF02"; # for grub MBR - }; - root = { - size = "100%"; + ESP = { + type = "EF00"; + size = "500M"; content = { type = "filesystem"; - format = "ext4"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + end = "-4G"; + content = { + type = "filesystem"; + format = "btrfs"; mountpoint = "/"; }; }; + swap = { size = "100%"; }; }; }; }; }; }; - }; }; } diff --git a/secrets/atlas_host_ed25519.age b/secrets/atlas_host_ed25519.age new file mode 100644 index 0000000..36d8be2 Binary files /dev/null and b/secrets/atlas_host_ed25519.age differ diff --git a/secrets/atlas_user_ed25519.age b/secrets/atlas_user_ed25519.age new file mode 100644 index 0000000..403104f Binary files /dev/null and b/secrets/atlas_user_ed25519.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index ea13f5f..ffc6e09 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -12,6 +12,15 @@ let "postgresql_server.key.age" ]; }; + atlas = { + publicKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZ1OGe8jLyc+72SFUnW4FOKbpqHs7Mym85ESBN4HWV7 pim@x260" + ]; + encryptedFiles = [ + "atlas_host_ed25519.age" + "atlas_user_ed25519.age" + ]; + }; }; in lib.attrsets.mergeAttrsList (builtins.map ({ publicKeys, encryptedFiles }: lib.attrsets.mergeAttrsList (builtins.map diff --git a/terraform/main.tf b/terraform/main.tf index 39bee8b..5fb5315 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -28,8 +28,8 @@ module "setup_jefke" { module "bancomart" { source = "./modules/debian" name = "bancomart" - ram = 2048 - storage = 10 + ram = 4096 + storage = 25 # providers = { # libvirt = libvirt.jefke # }