From 7e9637c984d1c09b4db6f8cd39be7c398c386c79 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Wed, 29 Nov 2023 17:21:18 +0100
Subject: [PATCH] manage atlas

---
 machines/atlas_host_ed25519-cert.pub |   1 +
 machines/atlas_user_ed25519-cert.pub |   1 +
 machines/default.nix                 |  39 ++++++++++++++++++---------
 secrets/atlas_host_ed25519.age       | Bin 0 -> 663 bytes
 secrets/atlas_user_ed25519.age       | Bin 0 -> 712 bytes
 secrets/secrets.nix                  |   9 +++++++
 terraform/main.tf                    |   4 +--
 7 files changed, 39 insertions(+), 15 deletions(-)
 create mode 100644 machines/atlas_host_ed25519-cert.pub
 create mode 100644 machines/atlas_user_ed25519-cert.pub
 create mode 100644 secrets/atlas_host_ed25519.age
 create mode 100644 secrets/atlas_user_ed25519.age

diff --git a/machines/atlas_host_ed25519-cert.pub b/machines/atlas_host_ed25519-cert.pub
new file mode 100644
index 0000000..44e70c7
--- /dev/null
+++ b/machines/atlas_host_ed25519-cert.pub
@@ -0,0 +1 @@
+ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIH4CQGHwWytKnkn7lYjT6G1NyPzINvfroZgwCLoOLO74AAAAIOMoSSEqM4VUBWUeFweJbqK9z7Ygp7fkX22hyWmgCNg8AAAAAAAAAAAAAAACAAAACWF0bGFzLmh5cAAAAA0AAAAJYXRsYXMuaHlwAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgXNGQfd38pUlCi6zBj8Myl6dZsMVU6cjdW63TFHR7W1sAAABTAAAAC3NzaC1lZDI1NTE5AAAAQAYModSEVNG06xvAcRn8XFeCp/iXFeqVcbtfT1NmmMkyIgybkXhJyHjp89BPg0zeAaoScFx8Xpsdd8CsxTeP+QU= root@atlas
diff --git a/machines/atlas_user_ed25519-cert.pub b/machines/atlas_user_ed25519-cert.pub
new file mode 100644
index 0000000..660f82a
--- /dev/null
+++ b/machines/atlas_user_ed25519-cert.pub
@@ -0,0 +1 @@
+ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIItpNkjaH8o51VKydwHYbbLxXMtf4euzojFKPxz+XqdwAAAAIG1vJNH1p8l8HlmYMT/vHGTjEnIul7ORQhutNnKiXlgqAAAAAAAAAAAAAAABAAAACWF0bGFzLmh5cAAAABsAAAAJYXRsYXMuaHlwAAAACmh5cGVydmlzb3IAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgdmt4SFL+swd8kHsh6cQR+TfzMKObJx75fYBbHNT83zUAAABTAAAAC3NzaC1lZDI1NTE5AAAAQIW4tC+FJA6bKFUfRVcHLWz1u3ZL/GRTWD2WCW4ApHq7no6ODeMwE10noNt/42mwYjFmjwR+cd9EuMyUErXmaw8= root@atlas
diff --git a/machines/default.nix b/machines/default.nix
index 116441c..bf1e41f 100644
--- a/machines/default.nix
+++ b/machines/default.nix
@@ -50,37 +50,50 @@
     };
   };
 
-  bancomart = {
-    name = "bancomart";
-    hostname = "bancomart.dmz";
+  atlas = {
+    name = "atlas";
+    hostname = "atlas.hyp";
 
     specificConfig = {
+      custom = {
+        ssh = {
+          useCertificates = true;
+          hostCert = builtins.readFile ./atlas_host_ed25519-cert.pub;
+          userCert = builtins.readFile ./atlas_user_ed25519-cert.pub;
+        };
+      };
+
       disko.devices = {
         disk = {
-          vda = {
-            device = "/dev/vda";
+          vdb = {
+            device = "/dev/nvme0n1";
             type = "disk";
             content = {
               type = "gpt";
               partitions = {
-                boot = {
-                  size = "1M";
-                  type = "EF02"; # for grub MBR
-                };
-                root = {
-                  size = "100%";
+                ESP = {
+                  type = "EF00";
+                  size = "500M";
                   content = {
                     type = "filesystem";
-                    format = "ext4";
+                    format = "vfat";
+                    mountpoint = "/boot";
+                  };
+                };
+                root = {
+                  end = "-4G";
+                  content = {
+                    type = "filesystem";
+                    format = "btrfs";
                     mountpoint = "/";
                   };
                 };
+                swap = { size = "100%"; };
               };
             };
           };
         };
       };
-
     };
   };
 }
diff --git a/secrets/atlas_host_ed25519.age b/secrets/atlas_host_ed25519.age
new file mode 100644
index 0000000000000000000000000000000000000000..36d8be2882b47a063fb3ca8d239c3b68f4f48a9a
GIT binary patch
literal 663
zcmV;I0%-kVXJsvAZewzJaCB*JZZ2<fXD@a!3N1b$b8~1dWn?lnH8D9LN=i3VG(jLQ
zcr$EqZ#G6YM?`INX=ij#IB;WdY&T|WS8rHxPC`aiFhp=LQCc`ocsL4dOG__sT1r?q
zICnKgXJt=JM^{HSPjF8wH&Aj+V?#GVH%D$rP-itTYG(>9J|JLoM^R8MXL4m>b7cxy
zPd9W;b6I(KSv6HwRC#7cNKrL!Lqv9IH(_HrT1_-HX*dckEiE7`D>!6jYHc=1dP!zf
zGIwTAc55?hI5uW<Vn#|<RAW~|Gi+maFF|olYE25c2HOjJUYHp!W97MY{28c2PbU4<
z&&=zzg6h_*VN$93dmAl|e0n>!DSrC>E<2=zbfL0nfZjg$NashHTIWQ|roFcb2Id7d
z#R*fYe2}`ChJ66uqjz`{`(G@#aq}_sP%4k}S<I9YH%q>N8ltP_UB#M6(Qrl<kF0TR
ziIqP_K;istX4Pxfy+W=$`RHEXagPnF+9<v*%t34Uxz&&tQY~+5V!XWE{*Mt3u~oVo
z7Nov~Cxk{8?y|=mvU|NqVEXq0(2MVTnwXjr(=s|Jdu1^~ikeSEHIc8PM|uuCb*4#R
zj#)JY8|T`!KU(yLe<B;O);{?lC|o;Ukyay>+1y6j=p@TdQALc7|C%6~%^~*eS^_p{
z{wNEFLK<;nu-<AS(M`iYNJBN}QdAk;Gpm?;Q-!Zu)@LYFNW1ptwhL-dMs0VGL+$I+
z2!>595>Mv2C=<$=>1}8*cpPXo-ij?zRO}!eB2TA6Jh@0@!_8R4;-Zv==7906hx%2a
x#s!-hp&EU9Kb`JOgCHn#APlzRE?nK=vq)ri{hA3&lNyjUU%`;{`taSSf7bxJ9_9c5

literal 0
HcmV?d00001

diff --git a/secrets/atlas_user_ed25519.age b/secrets/atlas_user_ed25519.age
new file mode 100644
index 0000000000000000000000000000000000000000..403104f9bc0171b1bf39c98e81f87b625882f0f9
GIT binary patch
literal 712
zcmV;(0yq6(XJsvAZewzJaCB*JZZ2<fXD@a!3N1b$b8~1dWn?lnH8D9LN=i3VG(jLx
zQ(<I8M@wdQLsxV)c63N%MR8*_OiNNwY%w@?Q(0L^Wi>}kXl!U!MokJbG%!nPH)Bmu
za!EySW=Jr0crZd|aY{*WcwtyicXmd2MNL_7K{RtWYi|lIJ|IP7Y&~5_EoX9NVRL05
zTxWGcI$U%hYAAF^UVBF%NOV$OD_S5Sbtg+{Yj8*ka7ArRVOn=Fa5;8lR5VaDWOH_D
zL`zChL`PRuPC;`^WHdozXl+AvMm9`rQbK5AMK^Z}EiEk|YFcemWN0-vIA||WWNlMO
zbVF!sYEf-&M`L6;O?E41R%vcBR(e!-OhtDJWd&k_>Gks>##pedACoQ4V<JgKq+883
z(xG9lPaQYEozDyLC>oV4yF8{Jw3xU<pDs!9PliD~ibe2k>!g)Ys(?Kff{VD(yC)8P
z`YE5|O<HwmXv%qaaNUnYQnedlD#%F~2C0NLE&gtO37;iL+fhqwp^At^Kj%<=>T6d$
zx9K%l#gT$;12SwRhpFjZsSKCUPy8+;Og8DQ^w+Z2^KA6Xlg23mZZHQzsU94&D-#1V
z^1-kKDBkVKqB=p5Fagu{G#@p0J2~ln<9Vx4T%m^JpNQeR)dH1_-hw<*9)GEZZdeI;
zvW}lXH@Y9pHAJoQ0q;+yfN8*<THTdpi2Ea|@(Wuepoi-|$>DSp?Kr*WEkXOjnTC2(
zn`S~VNOT(UoZlb9g3UmP;GY0U+M~OZX3%6|AsPwslvUgLYtj-4+n>v>E7DO+`QY8R
z2kkT)hY?*jeo=Hx^v-nAI-D$#Gs|>51p^IwpXn%j@(F}7x-7UcN{OfRf@%0(jyh=Z
u3}$Pbq)pY`V2_;vHwkU+GKBxrZIoqp4mdrC$5rhJO?=@GB~0#UZHTP4vnx#i

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index ea13f5f..ffc6e09 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -12,6 +12,15 @@ let
         "postgresql_server.key.age"
       ];
     };
+    atlas = {
+      publicKeys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZ1OGe8jLyc+72SFUnW4FOKbpqHs7Mym85ESBN4HWV7 pim@x260"
+      ];
+      encryptedFiles = [
+        "atlas_host_ed25519.age"
+        "atlas_user_ed25519.age"
+      ];
+    };
   };
 in lib.attrsets.mergeAttrsList (builtins.map ({ publicKeys, encryptedFiles }:
   lib.attrsets.mergeAttrsList (builtins.map
diff --git a/terraform/main.tf b/terraform/main.tf
index 39bee8b..5fb5315 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -28,8 +28,8 @@ module "setup_jefke" {
 module "bancomart" {
   source = "./modules/debian"
   name = "bancomart"
-  ram = 2048
-  storage = 10
+  ram = 4096
+  storage = 25
   # providers = {
   #   libvirt = libvirt.jefke
   # }