Terraform & atlas #16
7 changed files with 39 additions and 15 deletions
1
machines/atlas_host_ed25519-cert.pub
Normal file
1
machines/atlas_host_ed25519-cert.pub
Normal file
|
|
@ -0,0 +1 @@
|
|||
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIH4CQGHwWytKnkn7lYjT6G1NyPzINvfroZgwCLoOLO74AAAAIOMoSSEqM4VUBWUeFweJbqK9z7Ygp7fkX22hyWmgCNg8AAAAAAAAAAAAAAACAAAACWF0bGFzLmh5cAAAAA0AAAAJYXRsYXMuaHlwAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgXNGQfd38pUlCi6zBj8Myl6dZsMVU6cjdW63TFHR7W1sAAABTAAAAC3NzaC1lZDI1NTE5AAAAQAYModSEVNG06xvAcRn8XFeCp/iXFeqVcbtfT1NmmMkyIgybkXhJyHjp89BPg0zeAaoScFx8Xpsdd8CsxTeP+QU= root@atlas
|
||||
1
machines/atlas_user_ed25519-cert.pub
Normal file
1
machines/atlas_user_ed25519-cert.pub
Normal file
|
|
@ -0,0 +1 @@
|
|||
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIItpNkjaH8o51VKydwHYbbLxXMtf4euzojFKPxz+XqdwAAAAIG1vJNH1p8l8HlmYMT/vHGTjEnIul7ORQhutNnKiXlgqAAAAAAAAAAAAAAABAAAACWF0bGFzLmh5cAAAABsAAAAJYXRsYXMuaHlwAAAACmh5cGVydmlzb3IAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgdmt4SFL+swd8kHsh6cQR+TfzMKObJx75fYBbHNT83zUAAABTAAAAC3NzaC1lZDI1NTE5AAAAQIW4tC+FJA6bKFUfRVcHLWz1u3ZL/GRTWD2WCW4ApHq7no6ODeMwE10noNt/42mwYjFmjwR+cd9EuMyUErXmaw8= root@atlas
|
||||
|
|
@ -50,37 +50,50 @@
|
|||
};
|
||||
};
|
||||
|
||||
bancomart = {
|
||||
name = "bancomart";
|
||||
hostname = "bancomart.dmz";
|
||||
atlas = {
|
||||
name = "atlas";
|
||||
hostname = "atlas.hyp";
|
||||
|
||||
specificConfig = {
|
||||
custom = {
|
||||
ssh = {
|
||||
useCertificates = true;
|
||||
hostCert = builtins.readFile ./atlas_host_ed25519-cert.pub;
|
||||
userCert = builtins.readFile ./atlas_user_ed25519-cert.pub;
|
||||
};
|
||||
};
|
||||
|
||||
disko.devices = {
|
||||
disk = {
|
||||
vda = {
|
||||
device = "/dev/vda";
|
||||
vdb = {
|
||||
device = "/dev/nvme0n1";
|
||||
type = "disk";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
boot = {
|
||||
size = "1M";
|
||||
type = "EF02"; # for grub MBR
|
||||
};
|
||||
root = {
|
||||
size = "100%";
|
||||
ESP = {
|
||||
type = "EF00";
|
||||
size = "500M";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "ext4";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
};
|
||||
};
|
||||
root = {
|
||||
end = "-4G";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "btrfs";
|
||||
mountpoint = "/";
|
||||
};
|
||||
};
|
||||
swap = { size = "100%"; };
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
BIN
secrets/atlas_host_ed25519.age
Normal file
BIN
secrets/atlas_host_ed25519.age
Normal file
Binary file not shown.
BIN
secrets/atlas_user_ed25519.age
Normal file
BIN
secrets/atlas_user_ed25519.age
Normal file
Binary file not shown.
|
|
@ -12,6 +12,15 @@ let
|
|||
"postgresql_server.key.age"
|
||||
];
|
||||
};
|
||||
atlas = {
|
||||
publicKeys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZ1OGe8jLyc+72SFUnW4FOKbpqHs7Mym85ESBN4HWV7 pim@x260"
|
||||
];
|
||||
encryptedFiles = [
|
||||
"atlas_host_ed25519.age"
|
||||
"atlas_user_ed25519.age"
|
||||
];
|
||||
};
|
||||
};
|
||||
in lib.attrsets.mergeAttrsList (builtins.map ({ publicKeys, encryptedFiles }:
|
||||
lib.attrsets.mergeAttrsList (builtins.map
|
||||
|
|
|
|||
|
|
@ -28,8 +28,8 @@ module "setup_jefke" {
|
|||
module "bancomart" {
|
||||
source = "./modules/debian"
|
||||
name = "bancomart"
|
||||
ram = 2048
|
||||
storage = 10
|
||||
ram = 4096
|
||||
storage = 25
|
||||
# providers = {
|
||||
# libvirt = libvirt.jefke
|
||||
# }
|
||||
|
|
|
|||
Loading…
Reference in a new issue