home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

Terraform & atlas #16

Merged
pim merged 2 commits from vms into master 2023-11-29 16:23:27 +00:00
Conversation 0 Commits 2 Files changed 21 +39 -15
7 changed files with 39 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 7e9637c984 - Show all commits

1
machines/atlas_host_ed25519-cert.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIH4CQGHwWytKnkn7lYjT6G1NyPzINvfroZgwCLoOLO74AAAAIOMoSSEqM4VUBWUeFweJbqK9z7Ygp7fkX22hyWmgCNg8AAAAAAAAAAAAAAACAAAACWF0bGFzLmh5cAAAAA0AAAAJYXRsYXMuaHlwAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgXNGQfd38pUlCi6zBj8Myl6dZsMVU6cjdW63TFHR7W1sAAABTAAAAC3NzaC1lZDI1NTE5AAAAQAYModSEVNG06xvAcRn8XFeCp/iXFeqVcbtfT1NmmMkyIgybkXhJyHjp89BPg0zeAaoScFx8Xpsdd8CsxTeP+QU= root@atlas

1
machines/atlas_user_ed25519-cert.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIItpNkjaH8o51VKydwHYbbLxXMtf4euzojFKPxz+XqdwAAAAIG1vJNH1p8l8HlmYMT/vHGTjEnIul7ORQhutNnKiXlgqAAAAAAAAAAAAAAABAAAACWF0bGFzLmh5cAAAABsAAAAJYXRsYXMuaHlwAAAACmh5cGVydmlzb3IAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgdmt4SFL+swd8kHsh6cQR+TfzMKObJx75fYBbHNT83zUAAABTAAAAC3NzaC1lZDI1NTE5AAAAQIW4tC+FJA6bKFUfRVcHLWz1u3ZL/GRTWD2WCW4ApHq7no6ODeMwE10noNt/42mwYjFmjwR+cd9EuMyUErXmaw8= root@atlas

39
machines/default.nix
View file

@ -50,37 +50,50 @@
}; };
}; };
bancomart = { atlas = {
name = "bancomart"; name = "atlas";
hostname = "bancomart.dmz"; hostname = "atlas.hyp";
specificConfig = { specificConfig = {
custom = {
ssh = {
useCertificates = true;
hostCert = builtins.readFile ./atlas_host_ed25519-cert.pub;
userCert = builtins.readFile ./atlas_user_ed25519-cert.pub;
};
};
disko.devices = { disko.devices = {
disk = { disk = {
vda = { vdb = {
device = "/dev/vda"; device = "/dev/nvme0n1";
type = "disk"; type = "disk";
content = { content = {
type = "gpt"; type = "gpt";
partitions = { partitions = {
boot = { ESP = {
size = "1M"; type = "EF00";
type = "EF02"; # for grub MBR size = "500M";
};
root = {
size = "100%";
content = { content = {
type = "filesystem"; type = "filesystem";
format = "ext4"; format = "vfat";
mountpoint = "/boot";
};
};
root = {
end = "-4G";
content = {
type = "filesystem";
format = "btrfs";
mountpoint = "/"; mountpoint = "/";
}; };
}; };
swap = { size = "100%"; };
}; };
}; };
}; };
}; };
}; };
}; };
}; };
} }

BIN
secrets/atlas_host_ed25519.age Normal file
View file

Binary file not shown.

BIN
secrets/atlas_user_ed25519.age Normal file
View file

Binary file not shown.

9
secrets/secrets.nix
View file

@ -12,6 +12,15 @@ let
"postgresql_server.key.age" "postgresql_server.key.age"
]; ];
}; };
atlas = {
publicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZ1OGe8jLyc+72SFUnW4FOKbpqHs7Mym85ESBN4HWV7 pim@x260"
];
encryptedFiles = [
"atlas_host_ed25519.age"
"atlas_user_ed25519.age"
];
};
}; };
in lib.attrsets.mergeAttrsList (builtins.map ({ publicKeys, encryptedFiles }: in lib.attrsets.mergeAttrsList (builtins.map ({ publicKeys, encryptedFiles }:
lib.attrsets.mergeAttrsList (builtins.map lib.attrsets.mergeAttrsList (builtins.map

4
terraform/main.tf
View file

@ -28,8 +28,8 @@ module "setup_jefke" {
module "bancomart" { module "bancomart" {
source = "./modules/debian" source = "./modules/debian"
name = "bancomart" name = "bancomart"
ram = 2048 ram = 4096
storage = 10 storage = 25
# providers = { # providers = {
# libvirt = libvirt.jefke # libvirt = libvirt.jefke
# } # }