diff --git a/.sops.yaml b/.sops.yaml index 9c0a3f9..7f7295c 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -4,6 +4,8 @@ keys: - &sue_pim age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw - &gamepc_root age1y5wgcxmn37drmjtpgld3xc76mw8dckhred8hecusywjlvdyfedfse8y60u - &gamepc_pim age1qlldg2c6kptvnmvlkpf9pae3wnczk6eklcmwdvnzyvvnur3aqdcq3c3trt + - &warwick_root age1th8rdw4fs3vmgy9gzc0k9xy88tddjj4vasepckfx9h4nlzsg3q3q4cjgwu + - &niels age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga creation_rules: - path_regex: machines/sue/nixos.sops.yaml @@ -28,3 +30,17 @@ creation_rules: - *sue_root - *gamepc_root - *gamepc_pim + - path_regex: machines/warwick/nixos.sops.yaml + key_groups: + - age: + - *warwick_root + - *sue_pim + - *sue_root + - *niels + - path_regex: secrets/servers.sops.yaml + key_groups: + - age: + - *warwick_root + - *sue_pim + - *sue_root + - *niels diff --git a/colmena.nix b/colmena.nix index 680d7c8..73ce84a 100644 --- a/colmena.nix +++ b/colmena.nix @@ -27,5 +27,12 @@ inputs @ { ./nixos ]; }; + + warwick = { + imports = [ + (import ./machines).warwick.nixosModule + ./nixos + ]; + }; }; } diff --git a/flake.lock b/flake.lock index c598a23..7862885 100644 --- a/flake.lock +++ b/flake.lock @@ -551,6 +551,22 @@ "type": "github" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1732483221, + "narHash": "sha256-kF6rDeCshoCgmQz+7uiuPdREVFuzhIorGOoPXMalL2U=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "45348ad6fb8ac0e8415f6e5e96efe47dd7f39405", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1732521221, @@ -720,6 +736,7 @@ "nixos-artwork": "nixos-artwork", "nixos-cosmic": "nixos-cosmic", "nixos-facter-modules": "nixos-facter-modules", + "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", "nixpkgs-unstable": "nixpkgs-unstable", "nur": "nur", diff --git a/flake.nix b/flake.nix index d29855a..c7fa14c 100644 --- a/flake.nix +++ b/flake.nix @@ -9,6 +9,7 @@ treefmt-nix.url = "github:numtide/treefmt-nix"; nixos-facter-modules.url = "github:numtide/nixos-facter-modules"; flake-utils.url = "github:numtide/flake-utils"; + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; git-hooks = { url = "github:cachix/git-hooks.nix"; diff --git a/machines/default.nix b/machines/default.nix index 6f911eb..49813b0 100644 --- a/machines/default.nix +++ b/machines/default.nix @@ -8,4 +8,9 @@ system = "x86_64-linux"; nixosModule = import ./gamepc/configuration.nix; }; + + warwick = { + system = "aarch64-linux"; + nixosModule = import ./warwick/configuration.nix; + }; } diff --git a/machines/warwick/configuration.nix b/machines/warwick/configuration.nix new file mode 100644 index 0000000..d2ec7d2 --- /dev/null +++ b/machines/warwick/configuration.nix @@ -0,0 +1,45 @@ +{ + lib, + config, + inputs, + ... +}: { + imports = [inputs.nixos-hardware.nixosModules.raspberry-pi-4]; + + config = { + pim = { + tailscale.advertiseExitNode = true; + sopsKeys.root = ./nixos.sops.yaml; + prometheus.enable = true; + }; + + facter.reportPath = ./facter.json; + networking.hostName = "warwick"; + system.stateVersion = "23.05"; + + systemd.network.networks."30-main-nic" = { + matchConfig.Name = lib.mkForce "end*"; + networkConfig.IPv6AcceptRA = true; + }; + + deployment = { + targetHost = "warwick"; + targetUser = "root"; + tags = ["server"]; + buildOnTarget = true; + }; + + users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels; + + sops = { + age.keyFile = "/root/.config/sops/age/keys.txt"; + defaultSopsFile = ./nixos.sops.yaml; + }; + + fileSystems."/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + options = ["noatime"]; + }; + }; +} diff --git a/machines/warwick/facter.json b/machines/warwick/facter.json new file mode 100644 index 0000000..b30a26a --- /dev/null +++ b/machines/warwick/facter.json @@ -0,0 +1,1368 @@ +{ + "version": 1, + "system": "aarch64-linux", + "virtualisation": "none", + "hardware": { + "bridge": [ + { + "index": 8, + "attached_to": 0, + "bus_type": { + "name": "PCI", + "value": 4 + }, + "slot": { + "bus": 0, + "number": 0 + }, + "base_class": { + "name": "Bridge", + "value": 6 + }, + "sub_class": { + "name": "PCI bridge", + "value": 4 + }, + "pci_interface": { + "name": "Normal decode", + "value": 0 + }, + "vendor": { + "name": "Broadcom", + "value": 5348 + }, + "device": { + "value": 10001 + }, + "revision": { + "value": 32 + }, + "model": "Broadcom PCI bridge", + "sysfs_id": "/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0", + "sysfs_bus_id": "0000:00:00.0", + "resources": [ + { + "type": "irq", + "base": 30, + "triggered": 0, + "enabled": true + } + ], + "detail": { + "function": 0, + "command": 6, + "header_type": 1, + "secondary_bus": 1, + "irq": 30, + "prog_if": 0 + }, + "driver": "pcieport", + "drivers": [ + "pcieport" + ], + "module_alias": "pci:v000014E4d00002711sv00000000sd00000000bc06sc04i00" + } + ], + "cpu": [ + { + "architecture": "aarch64", + "vendor_name": "ARM Limited", + "family": 0, + "model": 3, + "stepping": 0, + "features": [ + "fp", + "asimd", + "evtstrm", + "crc32", + "cpuid" + ], + "bogo": 108, + "physical_id": 0, + "fpu": false, + "fpu_exception": false, + "write_protect": false, + "address_sizes": {} + } + ], + "disk": [ + { + "index": 14, + "attached_to": 0, + "base_class": { + "name": "Mass Storage Device", + "value": 262 + }, + "sub_class": { + "name": "Disk", + "value": 0 + }, + "model": "Disk", + "sysfs_id": "/class/block/ram2", + "unix_device_name": "/dev/ram2", + "unix_device_number": { + "type": 98, + "major": 1, + "minor": 2, + "range": 1 + }, + "unix_device_names": [ + "/dev/ram2" + ], + "resources": [ + { + "type": "size", + "unit": "sectors", + "value_1": 8192, + "value_2": 512 + } + ] + }, + { + "index": 15, + "attached_to": 0, + "base_class": { + "name": "Mass Storage Device", + "value": 262 + }, + "sub_class": { + "name": "Disk", + "value": 0 + }, + "model": "Disk", + "sysfs_id": "/class/block/ram0", + "unix_device_name": "/dev/ram0", + "unix_device_number": { + "type": 98, + "major": 1, + "minor": 0, + "range": 1 + }, + "unix_device_names": [ + "/dev/ram0" + ], + "resources": [ + { + "type": "size", + "unit": "sectors", + "value_1": 8192, + "value_2": 512 + } + ] + }, + { + "index": 16, + "attached_to": 0, + "base_class": { + "name": "Mass Storage Device", + "value": 262 + }, + "sub_class": { + "name": "Disk", + "value": 0 + }, + "model": "Disk", + "sysfs_id": "/class/block/ram9", + "unix_device_name": "/dev/ram9", + "unix_device_number": { + "type": 98, + "major": 1, + "minor": 9, + "range": 1 + }, + "unix_device_names": [ + "/dev/ram9" + ], + "resources": [ + { + "type": "size", + "unit": "sectors", + "value_1": 8192, + "value_2": 512 + } + ] + }, + { + "index": 17, + "attached_to": 0, + "base_class": { + "name": "Mass Storage Device", + "value": 262 + }, + "sub_class": { + "name": "Disk", + "value": 0 + }, + "model": "Disk", + "sysfs_id": "/class/block/ram14", + "unix_device_name": "/dev/ram14", + "unix_device_number": { + "type": 98, + "major": 1, + "minor": 14, + "range": 1 + }, + "unix_device_names": [ + "/dev/ram14" + ], + "resources": [ + { + "type": "size", + "unit": "sectors", + "value_1": 8192, + "value_2": 512 + } + ] + }, + { + "index": 18, + "attached_to": 0, + "base_class": { + "name": "Mass Storage Device", + "value": 262 + }, + "sub_class": { + "name": "Disk", + "value": 0 + }, + "model": "Disk", + "sysfs_id": "/class/block/ram7", + "unix_device_name": "/dev/ram7", + "unix_device_number": { + "type": 98, + "major": 1, + "minor": 7, + "range": 1 + }, + "unix_device_names": [ + "/dev/ram7" + ], + "resources": [ + { + "type": "size", + "unit": "sectors", + "value_1": 8192, + "value_2": 512 + } + ] + }, + { + "index": 19, + "attached_to": 0, + "base_class": { + "name": "Mass Storage Device", + "value": 262 + }, + "sub_class": { + "name": "Disk", + "value": 0 + }, + "model": "Disk", + "sysfs_id": "/class/block/ram12", + "unix_device_name": "/dev/ram12", + "unix_device_number": { + "type": 98, + "major": 1, + "minor": 12, + "range": 1 + }, + "unix_device_names": [ + "/dev/ram12" + ], + "resources": [ + { + "type": "size", + "unit": "sectors", + "value_1": 8192, + "value_2": 512 + } + ] + }, + { + "index": 20, + "attached_to": 0, + "base_class": { + "name": "Mass Storage Device", + "value": 262 + }, + "sub_class": { + "name": "Disk", + "value": 0 + }, + "model": "Disk", + "sysfs_id": "/class/block/ram5", + "unix_device_name": "/dev/ram5", + "unix_device_number": { + "type": 98, + "major": 1, + "minor": 5, + "range": 1 + }, + "unix_device_names": [ + "/dev/ram5" + ], + "resources": [ + { + "type": "size", + "unit": "sectors", + "value_1": 8192, + "value_2": 512 + } + ] + }, + { + "index": 21, + "attached_to": 0, + "base_class": { + "name": "Mass Storage Device", + "value": 262 + }, + "sub_class": { + "name": "Disk", + "value": 0 + }, + "model": "Disk", + "sysfs_id": "/class/block/ram10", + "unix_device_name": "/dev/ram10", + "unix_device_number": { + "type": 98, + "major": 1, + "minor": 10, + "range": 1 + }, + "unix_device_names": [ + "/dev/ram10" + ], + "resources": [ + { + "type": "size", + "unit": "sectors", + "value_1": 8192, + "value_2": 512 + } + ] + }, + { + "index": 22, + "attached_to": 0, + "base_class": { + "name": "Mass Storage Device", + "value": 262 + }, + "sub_class": { + "name": "Disk", + "value": 0 + }, + "model": "Disk", + "sysfs_id": "/class/block/ram3", + "unix_device_name": "/dev/ram3", + "unix_device_number": { + "type": 98, + "major": 1, + "minor": 3, + "range": 1 + }, + "unix_device_names": [ + "/dev/ram3" + ], + "resources": [ + { + "type": "size", + "unit": "sectors", + "value_1": 8192, + "value_2": 512 + } + ] + }, + { + "index": 23, + "attached_to": 0, + "base_class": { + "name": "Mass Storage Device", + "value": 262 + }, + "sub_class": { + "name": "Disk", + "value": 0 + }, + "model": "Disk", + "sysfs_id": "/class/block/ram1", + "unix_device_name": "/dev/ram1", + "unix_device_number": { + "type": 98, + "major": 1, + "minor": 1, + "range": 1 + }, + "unix_device_names": [ + "/dev/ram1" + ], + "resources": [ + { + "type": "size", + "unit": "sectors", + "value_1": 8192, + "value_2": 512 + } + ] + }, + { + "index": 24, + "attached_to": 0, + "base_class": { + "name": "Mass Storage Device", + "value": 262 + }, + "sub_class": { + "name": "Disk", + "value": 0 + }, + "model": "Disk", + "sysfs_id": "/class/block/ram15", + "unix_device_name": "/dev/ram15", + "unix_device_number": { + "type": 98, + "major": 1, + "minor": 15, + "range": 1 + }, + "unix_device_names": [ + "/dev/ram15" + ], + "resources": [ + { + "type": "size", + "unit": "sectors", + "value_1": 8192, + "value_2": 512 + } + ] + }, + { + "index": 25, + "attached_to": 7, + "bus_type": { + "name": "SCSI", + "value": 132 + }, + "slot": { + "bus": 0, + "number": 0 + }, + "base_class": { + "name": "Mass Storage Device", + "value": 262 + }, + "sub_class": { + "name": "Disk", + "value": 0 + }, + "vendor": { + "name": "Samsung", + "value": 2316 + }, + "device": { + "name": "Flash Drive", + "value": 4096 + }, + "revision": { + "name": "1100", + "value": 0 + }, + "serial": "AA00000000000489", + "model": "Samsung Flash Drive", + "sysfs_id": "/class/block/sda", + "sysfs_bus_id": "0:0:0:0", + "sysfs_device_link": "/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb2/2-1/2-1:1.0/host0/target0:0:0/0:0:0:0", + "unix_device_name": "/dev/sda", + "unix_device_number": { + "type": 98, + "major": 8, + "minor": 0, + "range": 16 + }, + "unix_device_names": [ + "/dev/disk/by-diskseq/25", + "/dev/disk/by-id/usb-Samsung_Flash_Drive_0374021110005452-0:0", + "/dev/disk/by-path/platform-fd500000.pcie-pci-0000:01:00.0-usb-0:1:1.0-scsi-0:0:0:0", + "/dev/disk/by-path/platform-fd500000.pcie-pci-0000:01:00.0-usbv3-0:1:1.0-scsi-0:0:0:0", + "/dev/sda" + ], + "unix_device_name2": "/dev/sg0", + "unix_device_number2": { + "type": 99, + "major": 21, + "minor": 0, + "range": 1 + }, + "resources": [ + { + "type": "disk_geo", + "cylinders": 61188, + "heads": 64, + "sectors": 32, + "size": 0, + "geo_type": "logical" + }, + { + "type": "size", + "unit": "sectors", + "value_1": 125313283, + "value_2": 512 + } + ], + "driver": "usb-storage", + "driver_module": "usb_storage", + "drivers": [ + "sd", + "usb-storage" + ], + "driver_modules": [ + "usb_storage" + ], + "module_alias": "usb:v090Cp1000d1100dc00dsc00dp00ic08isc06ip50in00" + }, + { + "index": 26, + "attached_to": 0, + "base_class": { + "name": "Mass Storage Device", + "value": 262 + }, + "sub_class": { + "name": "Disk", + "value": 0 + }, + "model": "Disk", + "sysfs_id": "/class/block/ram8", + "unix_device_name": "/dev/ram8", + "unix_device_number": { + "type": 98, + "major": 1, + "minor": 8, + "range": 1 + }, + "unix_device_names": [ + "/dev/ram8" + ], + "resources": [ + { + "type": "size", + "unit": "sectors", + "value_1": 8192, + "value_2": 512 + } + ] + }, + { + "index": 27, + "attached_to": 0, + "base_class": { + "name": "Mass Storage Device", + "value": 262 + }, + "sub_class": { + "name": "Disk", + "value": 0 + }, + "model": "Disk", + "sysfs_id": "/class/block/ram13", + "unix_device_name": "/dev/ram13", + "unix_device_number": { + "type": 98, + "major": 1, + "minor": 13, + "range": 1 + }, + "unix_device_names": [ + "/dev/ram13" + ], + "resources": [ + { + "type": "size", + "unit": "sectors", + "value_1": 8192, + "value_2": 512 + } + ] + }, + { + "index": 28, + "attached_to": 0, + "base_class": { + "name": "Mass Storage Device", + "value": 262 + }, + "sub_class": { + "name": "Disk", + "value": 0 + }, + "model": "Disk", + "sysfs_id": "/class/block/ram6", + "unix_device_name": "/dev/ram6", + "unix_device_number": { + "type": 98, + "major": 1, + "minor": 6, + "range": 1 + }, + "unix_device_names": [ + "/dev/ram6" + ], + "resources": [ + { + "type": "size", + "unit": "sectors", + "value_1": 8192, + "value_2": 512 + } + ] + }, + { + "index": 29, + "attached_to": 0, + "base_class": { + "name": "Mass Storage Device", + "value": 262 + }, + "sub_class": { + "name": "Disk", + "value": 0 + }, + "model": "Disk", + "sysfs_id": "/class/block/ram11", + "unix_device_name": "/dev/ram11", + "unix_device_number": { + "type": 98, + "major": 1, + "minor": 11, + "range": 1 + }, + "unix_device_names": [ + "/dev/ram11" + ], + "resources": [ + { + "type": "size", + "unit": "sectors", + "value_1": 8192, + "value_2": 512 + } + ] + }, + { + "index": 30, + "attached_to": 0, + "base_class": { + "name": "Mass Storage Device", + "value": 262 + }, + "sub_class": { + "name": "Disk", + "value": 0 + }, + "model": "Disk", + "sysfs_id": "/class/block/ram4", + "unix_device_name": "/dev/ram4", + "unix_device_number": { + "type": 98, + "major": 1, + "minor": 4, + "range": 1 + }, + "unix_device_names": [ + "/dev/ram4" + ], + "resources": [ + { + "type": "size", + "unit": "sectors", + "value_1": 8192, + "value_2": 512 + } + ] + } + ], + "hub": [ + { + "index": 32, + "attached_to": 7, + "bus_type": { + "name": "USB", + "value": 134 + }, + "slot": { + "bus": 0, + "number": 0 + }, + "base_class": { + "name": "Hub", + "value": 266 + }, + "vendor": { + "name": "Linux 6.1.63 xhci-hcd", + "value": 7531 + }, + "device": { + "name": "xHCI Host Controller", + "value": 2 + }, + "revision": { + "name": "6.01", + "value": 0 + }, + "serial": "0000:01:00.0", + "model": "Linux 6.1.63 xhci-hcd xHCI Host Controller", + "sysfs_id": "/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/1-0:1.0", + "sysfs_bus_id": "1-0:1.0", + "resources": [ + { + "type": "baud", + "speed": 480000000, + "bits": 0, + "stop_bits": 0, + "parity": 0, + "handshake": 0 + } + ], + "detail": { + "device_class": { + "name": "hub", + "value": 9 + }, + "device_subclass": { + "name": "per_interface", + "value": 0 + }, + "device_protocol": 1, + "interface_class": { + "name": "hub", + "value": 9 + }, + "interface_subclass": { + "name": "per_interface", + "value": 0 + }, + "interface_protocol": 0, + "interface_number": 0, + "interface_alternate_setting": 0 + }, + "hotplug": "usb", + "driver": "hub", + "driver_module": "usbcore", + "drivers": [ + "hub" + ], + "driver_modules": [ + "usbcore" + ], + "module_alias": "usb:v1D6Bp0002d0601dc09dsc00dp01ic09isc00ip00in00" + }, + { + "index": 33, + "attached_to": 32, + "bus_type": { + "name": "USB", + "value": 134 + }, + "slot": { + "bus": 0, + "number": 0 + }, + "base_class": { + "name": "Hub", + "value": 266 + }, + "vendor": { + "value": 8457 + }, + "device": { + "name": "USB2.0 Hub", + "value": 13361 + }, + "revision": { + "name": "4.21", + "value": 0 + }, + "model": "USB2.0 Hub", + "sysfs_id": "/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/1-1/1-1:1.0", + "sysfs_bus_id": "1-1:1.0", + "resources": [ + { + "type": "baud", + "speed": 480000000, + "bits": 0, + "stop_bits": 0, + "parity": 0, + "handshake": 0 + } + ], + "detail": { + "device_class": { + "name": "hub", + "value": 9 + }, + "device_subclass": { + "name": "per_interface", + "value": 0 + }, + "device_protocol": 1, + "interface_class": { + "name": "hub", + "value": 9 + }, + "interface_subclass": { + "name": "per_interface", + "value": 0 + }, + "interface_protocol": 0, + "interface_number": 0, + "interface_alternate_setting": 0 + }, + "hotplug": "usb", + "driver": "hub", + "driver_module": "usbcore", + "drivers": [ + "hub" + ], + "driver_modules": [ + "usbcore" + ], + "module_alias": "usb:v2109p3431d0421dc09dsc00dp01ic09isc00ip00in00" + }, + { + "index": 34, + "attached_to": 7, + "bus_type": { + "name": "USB", + "value": 134 + }, + "slot": { + "bus": 0, + "number": 0 + }, + "base_class": { + "name": "Hub", + "value": 266 + }, + "vendor": { + "name": "Linux 6.1.63 xhci-hcd", + "value": 7531 + }, + "device": { + "name": "xHCI Host Controller", + "value": 3 + }, + "revision": { + "name": "6.01", + "value": 0 + }, + "serial": "0000:01:00.0", + "model": "Linux 6.1.63 xhci-hcd xHCI Host Controller", + "sysfs_id": "/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb2/2-0:1.0", + "sysfs_bus_id": "2-0:1.0", + "detail": { + "device_class": { + "name": "hub", + "value": 9 + }, + "device_subclass": { + "name": "per_interface", + "value": 0 + }, + "device_protocol": 3, + "interface_class": { + "name": "hub", + "value": 9 + }, + "interface_subclass": { + "name": "per_interface", + "value": 0 + }, + "interface_protocol": 0, + "interface_number": 0, + "interface_alternate_setting": 0 + }, + "hotplug": "usb", + "driver": "hub", + "driver_module": "usbcore", + "drivers": [ + "hub" + ], + "driver_modules": [ + "usbcore" + ], + "module_alias": "usb:v1D6Bp0003d0601dc09dsc00dp03ic09isc00ip00in00" + } + ], + "memory": [ + { + "index": 6, + "attached_to": 0, + "base_class": { + "name": "Internally Used Class", + "value": 257 + }, + "sub_class": { + "name": "Main Memory", + "value": 2 + }, + "model": "Main Memory", + "resources": [ + { + "type": "mem", + "base": 0, + "range": 3964207104, + "enabled": true, + "access": "read_write", + "prefetch": "unknown" + }, + { + "type": "phys_mem", + "range": 4026531840 + } + ] + } + ], + "mmc_controller": [ + { + "index": 10, + "attached_to": 0, + "bus_type": { + "name": "MMC", + "value": 147 + }, + "slot": { + "bus": 0, + "number": 1 + }, + "base_class": { + "name": "MMC Controller", + "value": 279 + }, + "vendor": "", + "device": "SDIO Controller 1", + "model": "SDIO Controller 1", + "sysfs_id": "/devices/platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001", + "sysfs_bus_id": "mmc1:0001" + } + ], + "network_controller": [ + { + "index": 9, + "attached_to": 0, + "base_class": { + "name": "Network controller", + "value": 2 + }, + "sub_class": { + "name": "WLAN controller", + "value": 130 + }, + "device": { + "name": "ARM Ethernet controller", + "value": 0 + }, + "model": "ARM Ethernet controller", + "sysfs_id": "/devices/platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1", + "sysfs_bus_id": "mmc1:0001:1", + "unix_device_name": "wlan0", + "unix_device_names": [ + "wlan0" + ], + "resources": [ + { + "type": "hwaddr", + "address": 100 + }, + { + "type": "phwaddr", + "address": 100 + }, + { + "type": "wlan", + "channels": [ + "1", + "2", + "3", + "4", + "5", + "6", + "7", + "8", + "9", + "10", + "11", + "12", + "13", + "14", + "34", + "36", + "38", + "40", + "42", + "44", + "46", + "48", + "52", + "56", + "60", + "64", + "100", + "104", + "108", + "112", + "116", + "120" + ], + "frequencies": [ + "2.412", + "2.417", + "2.422", + "2.427", + "2.432", + "2.437", + "2.442", + "2.447", + "2.452", + "2.457", + "2.462", + "2.467", + "2.472", + "2.484", + "5.17", + "5.18", + "5.19", + "5.2", + "5.21", + "5.22", + "5.23", + "5.24", + "5.26", + "5.28", + "5.3", + "5.32", + "5.5", + "5.52", + "5.54", + "5.56", + "5.58", + "5.6" + ], + "auth_modes": [ + "open", + "sharedkey", + "wpa-psk", + "wpa-eap" + ], + "enc_modes": [ + "WEP40", + "WEP104", + "TKIP", + "CCMP" + ] + } + ], + "driver": "brcmfmac", + "driver_module": "brcmfmac", + "drivers": [ + "brcmfmac" + ], + "driver_modules": [ + "brcmfmac", + "brcmfmac", + "brcmfmac" + ], + "module_alias": "of:NmmcnrT(null)Cbrcm,bcm2835-mmcCbrcm,bcm2835-sdhci" + }, + { + "index": 12, + "attached_to": 10, + "bus_type": { + "name": "SDIO", + "value": 148 + }, + "slot": { + "bus": 0, + "number": 0 + }, + "base_class": { + "name": "Network controller", + "value": 2 + }, + "sub_class": { + "name": "Network controller", + "value": 128 + }, + "vendor": { + "name": "Broadcom Corp.", + "value": 720 + }, + "device": { + "name": "BCM43430 WLAN card", + "value": 43430 + }, + "model": "Broadcom BCM43430 WLAN card", + "sysfs_id": "/devices/platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1", + "sysfs_bus_id": "mmc1:0001:1", + "driver": "brcmfmac", + "driver_module": "brcmfmac", + "drivers": [ + "brcmfmac" + ], + "driver_modules": [ + "brcmfmac", + "brcmfmac", + "brcmfmac" + ], + "module_alias": "sdio:c00v02D0dA9A6" + } + ], + "network_interface": [ + { + "index": 36, + "attached_to": 0, + "base_class": { + "name": "Network Interface", + "value": 263 + }, + "sub_class": { + "name": "Ethernet", + "value": 1 + }, + "model": "Ethernet network interface", + "sysfs_id": "/class/net/end0", + "sysfs_device_link": "/devices/platform/scb/fd580000.ethernet", + "unix_device_name": "end0", + "unix_device_names": [ + "end0" + ], + "resources": [ + { + "type": "hwaddr", + "address": 100 + }, + { + "type": "phwaddr", + "address": 100 + } + ], + "driver": "bcmgenet", + "drivers": [ + "bcmgenet" + ] + }, + { + "index": 37, + "attached_to": 0, + "base_class": { + "name": "Network Interface", + "value": 263 + }, + "sub_class": { + "name": "Loopback", + "value": 0 + }, + "model": "Loopback network interface", + "sysfs_id": "/class/net/lo", + "unix_device_name": "lo", + "unix_device_names": [ + "lo" + ] + }, + { + "index": 38, + "attached_to": 9, + "base_class": { + "name": "Network Interface", + "value": 263 + }, + "sub_class": { + "name": "WLAN", + "value": 10 + }, + "model": "WLAN network interface", + "sysfs_id": "/class/net/wlan0", + "sysfs_device_link": "/devices/platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1", + "unix_device_name": "wlan0", + "unix_device_names": [ + "wlan0" + ], + "resources": [ + { + "type": "hwaddr", + "address": 100 + }, + { + "type": "phwaddr", + "address": 100 + } + ], + "driver": "brcmfmac", + "driver_module": "brcmfmac", + "drivers": [ + "brcmfmac" + ], + "driver_modules": [ + "brcmfmac", + "brcmfmac", + "brcmfmac" + ] + } + ], + "system": {}, + "unknown": [ + { + "index": 11, + "attached_to": 10, + "bus_type": { + "name": "SDIO", + "value": 148 + }, + "slot": { + "bus": 0, + "number": 0 + }, + "base_class": { + "name": "Unclassified device", + "value": 0 + }, + "sub_class": { + "name": "Unclassified device", + "value": 0 + }, + "vendor": { + "name": "Broadcom Corp.", + "value": 720 + }, + "device": { + "name": "BCM43430 WLAN card", + "value": 43430 + }, + "model": "Broadcom BCM43430 WLAN card", + "sysfs_id": "/devices/platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:3", + "sysfs_bus_id": "mmc1:0001:3", + "module_alias": "sdio:c02v02D0dA9A6" + }, + { + "index": 13, + "attached_to": 10, + "bus_type": { + "name": "SDIO", + "value": 148 + }, + "slot": { + "bus": 0, + "number": 0 + }, + "base_class": { + "name": "Unclassified device", + "value": 0 + }, + "sub_class": { + "name": "Unclassified device", + "value": 0 + }, + "vendor": { + "name": "Broadcom Corp.", + "value": 720 + }, + "device": { + "name": "BCM43430 WLAN card", + "value": 43430 + }, + "model": "Broadcom BCM43430 WLAN card", + "sysfs_id": "/devices/platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:2", + "sysfs_bus_id": "mmc1:0001:2", + "driver": "brcmfmac", + "driver_module": "brcmfmac", + "drivers": [ + "brcmfmac" + ], + "driver_modules": [ + "brcmfmac", + "brcmfmac", + "brcmfmac" + ], + "module_alias": "sdio:c00v02D0dA9A6" + } + ], + "usb_controller": [ + { + "index": 7, + "attached_to": 8, + "bus_type": { + "name": "PCI", + "value": 4 + }, + "slot": { + "bus": 1, + "number": 0 + }, + "base_class": { + "name": "Serial bus controller", + "value": 12 + }, + "sub_class": { + "name": "USB Controller", + "value": 3 + }, + "pci_interface": { + "value": 48 + }, + "vendor": { + "value": 4358 + }, + "sub_vendor": { + "value": 4358 + }, + "device": { + "value": 13443 + }, + "sub_device": { + "value": 13443 + }, + "revision": { + "value": 1 + }, + "model": "USB Controller", + "sysfs_id": "/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0", + "sysfs_bus_id": "0000:01:00.0", + "resources": [ + { + "type": "irq", + "base": 37, + "triggered": 0, + "enabled": true + }, + { + "type": "mem", + "base": 25769803776, + "range": 4096, + "enabled": true, + "access": "read_write", + "prefetch": "no" + } + ], + "detail": { + "function": 0, + "command": 1350, + "header_type": 0, + "secondary_bus": 0, + "irq": 37, + "prog_if": 48 + }, + "driver": "xhci_hcd", + "driver_module": "xhci_pci", + "drivers": [ + "xhci_hcd" + ], + "driver_modules": [ + "xhci_pci" + ], + "module_alias": "pci:v00001106d00003483sv00001106sd00003483bc0Csc03i30" + } + ] + }, + "smbios": {} +} diff --git a/machines/warwick/nixos.sops.yaml b/machines/warwick/nixos.sops.yaml new file mode 100644 index 0000000..839acf6 --- /dev/null +++ b/machines/warwick/nixos.sops.yaml @@ -0,0 +1,48 @@ +sops_age_key: ENC[AES256_GCM,data:xoZAEBVDGyq3mpq7+eeXJVYR0LJXktE64aPPayO3BAAeLE9qyfru5LEuJiKmswmT4GehgRV4iDIM35a62nuHkf1SEp4bQXQJ6dE=,iv:DPdp1iuIrGcVjbUbhmiy8dIdnripIC7KU+JGveajwvc=,tag:oqlSl5ydnr4/r9/lFSUlLA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1th8rdw4fs3vmgy9gzc0k9xy88tddjj4vasepckfx9h4nlzsg3q3q4cjgwu + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3cWpBQk40cTNZSjFCVW5p + ajJlZUpFMFdzZEpJM0VDUTNoUWNVZzdZRkYwCjNNQjJUZThCU2RiQnVKQjhjVWZL + V1hNQXNBMGw0bUtmTnJVM2hoWWtyOUkKLS0tIFJFQVBpaXN6WFk2VFVSdExNcUl1 + KzVQV09IUmFEVFpzbS9tdTE5cjhkVkEKnX1/AvxwSeo6p0EPGU5KnqxwdhEDSQQA + FB3JiU12vy0kh1NYWT+roUYT39BJCk/tjRgHJ6E5qc9LKwthXFdi/A== + -----END AGE ENCRYPTED FILE----- + - recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyWkxEV2ViREFzSE1ZOU9w + ZDNMYnlSSzdOWVZIc1oveHByVVJrTU1SbGx3CmZjRlF6MkJnTXNHK2k3K0hCcEdW + SkcwWE5XakthWHJxWEpud3ZuY2ZFNkUKLS0tIFdRL3JpSWFHZ2hYQXVEOVgvaElN + RnFzNUkwVWVhd3RCOFVZaXZRc3hEM1kKlk5bPXaDkVCk5/4hZF2aoFAr8LEVX/Te + I90BMUglu4qsUjNNhiZVGMV1LIk9mue4sxBP25BZpDLJVR+Mw7J61g== + -----END AGE ENCRYPTED FILE----- + - recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4YkwyblJRd1dpV3lQSTNr + RlI4cHlXYXdleE9HL2E3YThka3pkZlBFcXhzCmtvZWc1cjIraldtazgrZXRod09U + WlRoYTFvM2t4ZmI5bzYxcGJlZmlzencKLS0tIEdxZU5QaVZWYkp0WjhKWTZZTXhr + REtoU1UxWUR3TUI0RUZaMEpwNEsvbHcKFAaqhhC92VHBr0c1yLlx7f3+yEWVaEtg + K+/JE0GTpcvWsrtGRslhcIP7zEFHlJ0hnOH/PUu1E9xEDF09c3gkBQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2U1lwdlFZTlphdTNMTXh2 + Q3F2UEJQSzBjRC9EY1Y0dExlcW9wUzM4NFc4CmZuaFcwc1hEcmRSQ0lDZ3BUSGQ4 + Uy9STGVRMVg2NEpOaGVtTzhab3d4RGsKLS0tIFBCN2FtN2dOSjlIejRJNEFqWEVW + TTE1QzlIWlBtaFVBdkkvczFtaG82Z1EKlzD1POogze+J3C+e1Wf8n2JcWZxPUGSn + SZPp3j2NvvK/OrlcgPYJYt1513QzS5JYY5Sleqoj/GcF48+lq8523A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-30T18:11:28Z" + mac: ENC[AES256_GCM,data:Yi0IWmRPVHeO+GptuJN1gfDUldL/nKcx3BsIPuvSCF0/cpwVIWQ3BwfTZFfYOZlWAWTnmVbzuPSdbWmAUNmAb7E8A88VERCjY1z60mQ5uuW+LwbwLS6IY3/mXK6CQrnptH5etTNUoE+PrAVOPT7nBq/MohW0T5X09WW/63t0+Uc=,iv:JF/Yg/i8jtFxfiyk0OjoIdakXjVTLU6JHKiO7c8GwkI=,tag:g8kP1HLxGp8uNYfWpj5wBQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/nixos/default.nix b/nixos/default.nix index 9a106f5..d9940ce 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -20,6 +20,8 @@ ./cinnamon.nix ./ssh.nix ./desktop.nix + ./server.nix + ./prometheus.nix ]; options = { @@ -31,9 +33,27 @@ config = { time.timeZone = "Europe/Amsterdam"; - i18n.defaultLocale = "en_US.UTF-8"; hardware.pulseaudio.enable = false; + i18n = { + defaultLocale = "en_US.UTF-8"; + + extraLocaleSettings = let + extraLocale = "nl_NL.UTF-8"; + in { + LC_ADDRESS = extraLocale; + LC_IDENTIFICATION = extraLocale; + LC_MEASUREMENT = extraLocale; + LC_MONETARY = extraLocale; + LC_NAME = extraLocale; + LC_NUMERIC = extraLocale; + LC_PAPER = extraLocale; + LC_TELEPHONE = extraLocale; + LC_TIME = extraLocale; + }; + }; + + # BUG: this uses root way too much. deployment.keys = lib.mapAttrs' (user: sopsFile: let homeDirectory = @@ -45,7 +65,7 @@ in { name = "${user}-sops-age-key"; value = { - keyCommand = maybeSudo ++ [sops "--extract" "[\"sops_age_key\"]" "-d" (builtins.toString sopsFile)]; + keyCommand = maybeSudo ++ ["nix" "run" "nixpkgs#sops" "--" "--extract" "[\"sops_age_key\"]" "-d" (builtins.toString sopsFile)]; name = "keys.txt"; destDir = "${homeDirectory}/.config/sops/age"; inherit user; @@ -135,7 +155,7 @@ }; nixpkgs = { - hostPlatform = lib.mkDefault "x86_64-linux"; + # hostPlatform = lib.mkDefault "x86_64-linux"; config = { allowUnfreePredicate = pkg: diff --git a/nixos/prometheus.nix b/nixos/prometheus.nix new file mode 100644 index 0000000..5714894 --- /dev/null +++ b/nixos/prometheus.nix @@ -0,0 +1,76 @@ +{ + lib, + config, + nodes, + ... +}: { + options.pim.prometheus.enable = lib.mkEnableOption "prometheus"; + + config = lib.mkIf config.pim.prometheus.enable { + networking.firewall.allowedTCPPorts = [80]; + + services.prometheus = { + enable = true; + + scrapeConfigs = ( + let + generated = lib.pipe nodes [ + (lib.filterAttrs (name: node: node.config.services.prometheus.exporters.node.enable)) + (lib.attrsets.mapAttrsToList + (name: node: { + job_name = name; + static_configs = [ + { + targets = ["${node.config.networking.fqdn}:${toString node.config.services.prometheus.exporters.node.port}"]; + } + ]; + })) + ]; + + # TODO: Remove this once they are migrated to this repo. + compat = map ( + name: { + job_name = name; + static_configs = [ + { + targets = ["${name}.dmz:${toString config.services.prometheus.exporters.node.port}"]; + } + ]; + } + ) ["lewis" "atlas" "jefke"]; + + pikvm = { + job_name = "pikvm"; + metrics_path = "/api/export/prometheus/metrics"; + scheme = "https"; + tls_config.insecure_skip_verify = true; + + # We don't care about security here, it's behind a VPN. + basic_auth = { + username = "admin"; + password = "admin"; + }; + + static_configs = [ + { + targets = ["pikvm.dmz"]; + } + ]; + }; + in + generated ++ compat ++ [pikvm] + ); + }; + + services.nginx = { + enable = true; + + virtualHosts."${config.networking.fqdn}" = { + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.prometheus.port}"; + recommendedProxySettings = true; + }; + }; + }; + }; +} diff --git a/nixos/server.nix b/nixos/server.nix index 28ec4d5..5ce064e 100644 --- a/nixos/server.nix +++ b/nixos/server.nix @@ -1,9 +1,55 @@ { lib, config, + self, ... }: { + options.pim.tailscale.advertiseExitNode = lib.mkOption { + type = lib.types.bool; + default = false; + }; + config = lib.mkIf (builtins.elem "server" config.deployment.tags) { - services.openssh.enable = true; + networking = { + firewall.allowedTCPPorts = [config.services.prometheus.exporters.node.port]; + domain = "dmz"; + useDHCP = false; + nftables.enable = lib.mkDefault true; + firewall.enable = lib.mkDefault true; + }; + + systemd.network = { + enable = true; + + networks = { + "30-main-nic" = { + matchConfig.Name = "en*"; + networkConfig.DHCP = "yes"; + }; + }; + }; + + services = { + openssh.enable = true; + prometheus.exporters.node.enable = true; + + tailscale = { + authKeyFile = config.sops.secrets."tailscale/authKey".path; + useRoutingFeatures = "server"; + openFirewall = true; + + extraUpFlags = + [ + "--accept-dns=false" + "--hostname=${config.networking.hostName}" + ] + ++ lib.lists.optional config.pim.tailscale.advertiseExitNode "--advertise-exit-node" + ++ lib.lists.optional config.pim.tailscale.advertiseExitNode "--advertise-routes=192.168.30.0/24"; + }; + }; + + sops.secrets."tailscale/authKey" = { + sopsFile = "${self}/secrets/servers.sops.yaml"; + }; }; } diff --git a/secrets/servers.sops.yaml b/secrets/servers.sops.yaml new file mode 100644 index 0000000..68b0b43 --- /dev/null +++ b/secrets/servers.sops.yaml @@ -0,0 +1,49 @@ +tailscale: + authKey: ENC[AES256_GCM,data:3eXxQBY6AVqU4R1NlsyhGCfXW5wL58ODRH/f+zo5YFRad/ys1vB9JeKagq0SJSj/w4zxRAEpCf1o47Ypww==,iv:QklyIFuXlbH6cM/I0gqDH/Xeay9gqxqeyulQ7W/dbig=,tag:E/3UqtsfSVOi6otSlReO0Q==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1th8rdw4fs3vmgy9gzc0k9xy88tddjj4vasepckfx9h4nlzsg3q3q4cjgwu + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcjVsVnNxcGlibnJDSWxE + NEtERm5xS3RRc0QvK09rOEdCYytlZUliaEVNCjZYR2l0Y3dhUDdGVGNwSlRLaTFa + WkZSKzJpVXBCUXhqZldMSis3UHpTQW8KLS0tIEI5V3FMR2xaeEpzMzZYdHo4YWNJ + MHBMeVpaMi9lTjFwcVVsUm1jR255UmsKxvOywqqgMfpQ1TngUmtxH80So10Yd+R2 + I9+1chjRTAnHemtUU1154cL591b3BV5FHO3DpoiyY3MoxD2IC9PtzA== + -----END AGE ENCRYPTED FILE----- + - recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXbVVVVEI0b3hpd3hyU2Vp + V1ZNejBUOUp6NU12dVgraTlrbDNDdmxENVEwCkJobDdObTVwcXB4a3pxUnM3QlVR + d253eUxnVlpnaTRPWFZXYnVoaW5jK00KLS0tIGRnbVhFMFk4aCtpMk9hSEJYT3ZZ + dVUwOTlCVXFoSTl0VjBaQm9BWkJyQTQKuPdUd32RaHmBvdyan4O5FRzUC4q8WtlQ + NXIhBUIVQgA8ns7HMP1Q5MxFg4s3I2dhUKq5qs6430+M+cVKF3wGEA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwRkVnOHZoaXo5SGRiRzdU + KzdiRWNQMXRvQ2g2WG5GVWRNUzJkemd0ZzJBCnBtM1IwWVJ3L1BxakR0MFRTcm1I + cjVqdDEyRDNjbCtFNnk5aWd4L0tVR3cKLS0tIFJ1a2d3dzA2cWFESFlzbnRzc3FH + L21Hd2oyR0pWaTZONDByN0NrMS9lTDAKcMkHaUsUfV/kZBvT+UN8f+QTIvqJjmMY + 7sVMAumtvBNhKs9OxMlPqiWvaeLtgGoExYZqq05VwWTHxYXLouPnuQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaZEw4R3VvdEtjK2VSa3Bu + QzZ0dWU3Uk16TkVDaldEdzN6ZWduZERyd25NCmRzdWlEZ2V2SEc4VnczbE9yc0FX + eTZXemQxaU5LOXFzWmlmYTc3YWFvYUEKLS0tIFRwOHVIcUR2ejN5NHdSQ2N6c3hL + elZ6STcwTHZXZGI5Sk0yamtQN3lhcm8KWa4JI1H+pcav7ZwCZgUMXk+lsxFewD4O + 1AOnFdamXZkUHN+zZB1zN6YJvHhUEaq2NiGAhc+ZLAc1sb5yeqd/2Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-30T18:44:29Z" + mac: ENC[AES256_GCM,data:SG6a5pWa3gMaSz9d9fOchUXtXbRTpMOXmbOjZo5Fdx8Es1MEDwezwscQaj9p1dzmGa+7U8UUUzMYxlg2SmGgGdPgCs0a5RQVYvQFNdgpRiuknflFMcdgXLv7XFsTqsqSmbN0O662YDvCcz4DWRKjNCZAimlLym8pwDihj1D8dcU=,iv:JmCbcazDK2KPyYsoVy39sr4IbfiGfmGoopit5ojVADk=,tag:6tKYfMkJBjsThaa4qLqobw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1