pim/nixos-configs
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity

Add Roeland server

Browse source
This commit is contained in:
Pim Kunis 2025-07-05 17:30:20 +02:00
parent 9cca44c67b
commit db923b3594
6 changed files with 3572 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
.sops.yaml
View file

@ -9,6 +9,7 @@ keys:
- &atlas_root age1unkshctcpucc298kmw9a0qzvtjzgdnjytrxr5p750dv0z95feymqpn68qf - &atlas_root age1unkshctcpucc298kmw9a0qzvtjzgdnjytrxr5p750dv0z95feymqpn68qf
- &jefke_root age1upnqu4rpxppdw9zmqu8x3rnaqq2r6m82y25zvry5cec63vjsd9gqtl9e02 - &jefke_root age1upnqu4rpxppdw9zmqu8x3rnaqq2r6m82y25zvry5cec63vjsd9gqtl9e02
- &lewis_root age108fn93z2c55g9dm9cv5v4w47pykf3khz7e3dmnpv5dhchwnaau0qs20stq - &lewis_root age108fn93z2c55g9dm9cv5v4w47pykf3khz7e3dmnpv5dhchwnaau0qs20stq
- &roeland_root age15qrzsk9t7uyuuy7m0xt3qzk3cmcsegt5wfe5zew4d8najwjnm30sfjc3pk
creation_rules: creation_rules:
- path_regex: secrets/blocktech/colmena.yaml - path_regex: secrets/blocktech/colmena.yaml
@ -49,6 +50,7 @@ creation_rules:
- *atlas_root - *atlas_root
- *jefke_root - *jefke_root
- *lewis_root - *lewis_root
- *roeland_root
- *laptop_pim - *laptop_pim
- *laptop_root - *laptop_root
- *niels - *niels
@ -64,6 +66,7 @@ creation_rules:
- *atlas_root - *atlas_root
- *jefke_root - *jefke_root
- *lewis_root - *lewis_root
- *roeland_root
- *laptop_pim - *laptop_pim
- *laptop_root - *laptop_root
- *niels - *niels
@ -86,3 +89,9 @@ creation_rules:
- *laptop_pim - *laptop_pim
- *laptop_root - *laptop_root
- *niels - *niels
- path_regex: secrets/roeland/colmena.yaml
key_groups:
- age:
- *laptop_pim
- *laptop_root
- *niels

7
colmena.nix
View file

@ -56,6 +56,13 @@ inputs @ {
./nixos ./nixos
]; ];
}; };
roeland = {
imports = [
(import ./machines).roeland.nixosModule
./nixos
];
};
}; };
colmenaHive = colmena.lib.makeHive self.outputs.colmena; colmenaHive = colmena.lib.makeHive self.outputs.colmena;

5
machines/default.nix
View file

@ -28,4 +28,9 @@
system = "x86_64-linux"; system = "x86_64-linux";
nixosModule = import ./lewis/configuration.nix; nixosModule = import ./lewis/configuration.nix;
}; };
roeland = {
system = "x86_64-linux";
nixosModule = import ./roeland/configuration.nix;
};
} }

70
machines/roeland/configuration.nix Normal file
View file

@ -0,0 +1,70 @@
{
lib,
config,
...
}: {
config = {
facter.reportPath = ./facter.json;
system.stateVersion = "25.05";
users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
deployment = {
targetHost = "192.168.10.40";
targetUser = "root";
tags = ["server"];
};
disko.devices = {
disk.disk1 = {
device = lib.mkDefault "/dev/nvme0n1";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
};
};
};
};
};
}

3446
machines/roeland/facter.json Normal file
View file

File diff suppressed because it is too large Load diff

35
secrets/roeland/colmena.yaml Normal file
View file

@ -0,0 +1,35 @@
sops_nix_keys:
root: ENC[AES256_GCM,data:+V4RZsyfGlaZokQ0LFxfbUuWuNnOGxdAkxerIgA+fnwdsz+3msXWPwAVcCsGM5PLRSGtJ5NhDPT2J7yVmB6RxVqaVHBsxHp5kPs=,iv:ooHX2MQfddREDyWanVtkBzJhf78s9gb6P73Qgn+db7M=,tag:+Ky7upH2Lph9IcnjAiSbJQ==,type:str]
sops:
age:
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByc3JPZmlzeUFqU252bXAw
UFhEWk53V1VLVE5PMC9EeHlhZkdZcHhRbVJZClFObnhYVDBxS21HWWNoUWxrdXVj
RGY4T0djdmVSMXdrdG1iWTlDVTRkTDQKLS0tIFRNVTdJYmZjMkNLdUoyWXZFZkNn
ckdSTUdyWUtacDVMc3FPMTFQbGpSa0kKlo3KBNj4OIn4BepD7PTebBQVBjR+agxv
h0SE/t+0TTYcVe6Aq6l1w/IDFumpSmoNMYOyzkA4ABbqQy0WHkNfOA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVRE1OWUN5OTg4TTJaY0dy
eXJTVmpuTWVEQ2tGb1RKMlU5ZGlRMXo2enh3CnpTdTkyVG1wcGt6bkhoM3YwdTZG
K1llQVM4ajZXT1ZMU2dPSUI1NEQ2Tk0KLS0tIC83aVZQZFNsa3VnT2FlbGEya1Ir
WmJGeEh4QUg4bDk5U3dRNG1VaUthVjAKNiD5srj8mCy9QO4PwjdKR/Y4qyie04dQ
NOSpfDnVNKUF65oR4xr4B6eyQahctFt4yrk4IoYQBlG4N0zqE1bu2w==
-----END AGE ENCRYPTED FILE-----
- recipient: age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2VFB6WDcwOVhqZWs5RDJ6
L0J4TXY2bWZDTmEwL3d1bGZLdzVuQi96Nm1BClc3WlBENkhwTW9PT1J1MHdtZ3pz
a2s2S3ZLS204MGZ2Tms1TGpPYnFOK0kKLS0tIFhFWFJDblBWQngwMTZDbWlIdGhJ
OFIwVUxQTlFsSldFRG5qdkJ3NWxEUGsKzUNf6dUX8CA6sD2P0blrvAyso4dnDcwi
4mE7veq3arjyd0qcvoNIifs8omM4jgE97zjQfY1AOTEgAlFykgqhzA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-05T14:18:20Z"
mac: ENC[AES256_GCM,data:5K+tBj8JFF2wY1bdzOc8nYThH39sYAmDGp/8gylINV6s87ROUy4XPdQhRGkd5y5BknGfIh8XnxrUmRvsf9t1FYSJwgPed0V/nU+Bl8cnMlzN87V5qgjbRKV8Aqd7fKm9SJKejdx3S7WoT2VLg6avc8PSOlqSaBVBjLp3F816XiA=,iv:GBLL+7MhfiGo4Alt6ffwlud4+ugeHAH8Yq5wXW9Book=,tag:xrQwBHTKMtWtycV279zxDg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2