Skip to content

Commit

Permalink
Add initial configuration for ghaf-webserver
Browse files Browse the repository at this point in the history
Signed-off-by: Marko Lindqvist <[email protected]>
  • Loading branch information
Marko Lindqvist committed Nov 5, 2024
1 parent 4529996 commit 013651c
Show file tree
Hide file tree
Showing 7 changed files with 125 additions and 0 deletions.
8 changes: 8 additions & 0 deletions .sops.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ keys:
- &karim age122lvqyrdqz30fkfututykl0yle9u63u2em6e4aut7e5draws83ns3npt3a
- &jrautiola age1hszrldafdz09hzze4lgq58r0r66p4sjftn6q8z6h0leer77jhf4qd9vu9v
- &vjuntunen age194hljejmy63ph884cnuuume7z33txlkp9an7l3yt2n3sjjere52qkvlfju
- &cazfi age10a2kt6f07urjv6ahutda3jgr73wferkcqjhkvukwm07eaaqyrqtsh08syf

# hosts
- &binarycache age1s47a3y44j695gemcl0kqgjlxxvaa50de9s69jy2l6vc8xtmk5pcskhpknl
Expand All @@ -19,6 +20,7 @@ keys:
- &hetzarm age1ppunea05ue028qezt9rvhp59dgcskkleetyjpqtxzea7vtp4ppfqh7ltuy
- &ghaf-log age15kk5q4u68pfsy5auzah6klsdk6p50jnkr986u7vpzfrnj30pz4ssq7wnud
- &ghaf-coverity age172azvwv5vne79mqfhvdvk9j95gn5v04uk9t3fjdfe5p7dv7kucvqpygxkx
- &ghaf-webserver age1f643hcr8xvzm6fha93xhn6dw552tfd6zvu7eulxk7vedgt09d9ysljsayq

creation_rules:
- path_regex: hosts/binarycache/secrets.yaml$
Expand Down Expand Up @@ -70,3 +72,9 @@ creation_rules:
- age:
- *ghaf-coverity
- *jrautiola

- path_regex: hosts/ghaf-webserver/secrets.yaml$
key_groups:
- age:
- *ghaf-webserver
- *cazfi
2 changes: 2 additions & 0 deletions hosts/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ in
nixos-ghaf-log = ./ghaf-log/configuration.nix;
nixos-ghaf-coverity = ./ghaf-coverity/configuration.nix;
nixos-ghaf-proxy = ./ghaf-proxy/configuration.nix;
nixos-ghaf-webserver = ./ghaf-webserver/configuration.nix;
};

# Expose as flake.lib.mkNixOS.
Expand Down Expand Up @@ -87,6 +88,7 @@ in
"ghaf-log"
"ghaf-coverity"
"ghaf-proxy"
"ghaf-webserver"
]
);
}
45 changes: 45 additions & 0 deletions hosts/ghaf-webserver/configuration.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
# SPDX-FileCopyrightText: 2022-2024 TII (SSRC) and the Ghaf contributors
# SPDX-License-Identifier: Apache-2.0
{
self,
inputs,
modulesPath,
lib,
...
}:
{
sops.defaultSopsFile = ./secrets.yaml;

imports =
[
./disk-config.nix
(modulesPath + "/profiles/qemu-guest.nix")
inputs.sops-nix.nixosModules.sops
inputs.disko.nixosModules.disko
]
++ (with self.nixosModules; [
common
service-openssh
user-cazfi
]);

# this server has been installed with 24.05
system.stateVersion = lib.mkForce "24.05";

nixpkgs.hostPlatform = "x86_64-linux";
hardware.enableRedistributableFirmware = true;

networking = {
hostName = "ghaf-webserver";
useDHCP = true;
};

boot = {
# use predictable network interface names (eth0)
kernelParams = [ "net.ifnames=0" ];
loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
};
}
34 changes: 34 additions & 0 deletions hosts/ghaf-webserver/disk-config.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
# SPDX-FileCopyrightText: 2022-2024 TII (SSRC) and the Ghaf contributors
# SPDX-License-Identifier: Apache-2.0
{
disko.devices.disk.os = {
device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_53986259";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
type = "EF02";
size = "1M";
};
ESP = {
type = "EF00";
size = "512M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
}
30 changes: 30 additions & 0 deletions hosts/ghaf-webserver/secrets.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
ssh_host_ed25519_key: ENC[AES256_GCM,data:LrX77m0elP4dxO0MlG4d3ZDUUsstvSUHOGxmCezoBmqMIo6lwj+8edMUrfKwiEQeYiOwZvInqZaQkjwYu/7q13tHX+P0VDdwNR51P8ot3QzCPxA4f6cXoMzYo/Bg+VtIDw1IdN87yM0Q8tLSMJNckvK1wQQbNDGann1smaSse6PWQ3kQ2M/lv3dud9RcIPZjFYXUvmYQQjrGWEyoQsMhQqUsXktk2n363uofBec0Jk2RwBjpV29wX6zhAXo1wny23XCRDLSltUhcvjPS8E/uutAJDnVgnLBRpPn1BqBIihRfnYTavD9Ru9P1iqGEEcLUgmxN/I7HlzaIzIbmbGbp/JDkGCeVisbCtID2opVAd+TnACZvQYi4awSJLTEjz3alP9X2lFAq5qhqBdk7449f41apqwjfFufZN1ZL0OlS70L74O1av46ZIt/3kvXo7YwMrHaJgtYfRzepxAitSeEh2upW1qG4XzfRqbzgHQUp7QV0YWC3Sst+OPKe5IENycReeedqr1x5AMjs5bOklv6Y9qskj8AVu1J4ys6D,iv:yx2QLsp7WD7Z1DPtfEirhkARukNIokqKCf62XSWow5s=,tag:ejZphUeRP9pkCmHrT93jIQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1f643hcr8xvzm6fha93xhn6dw552tfd6zvu7eulxk7vedgt09d9ysljsayq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJVnZmeldGYWdOOTdNQkJx
LzhpS3JwVXAxTXc2MngvUlZ2TG0rbS9LQ0hrCkEwcmJvMGFZam5CelhCdzdGSXhl
alUrbkM3WjVXV25oVXV1MXh2RkdvMjQKLS0tIDF5WTBzT0IxbUJOT3RnR1hXZTNQ
MTRGU3AyNnZIUEpKVFVoZ1NkWW1hMmsKVccUTFP6+QaOr86/BhyuV0p0I8+As0Fo
KVvkHENvBue8ziuwqTCK1jEkKGhpazXMPF9AXGu/s0QNAIsI4U/oeQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age10a2kt6f07urjv6ahutda3jgr73wferkcqjhkvukwm07eaaqyrqtsh08syf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqVUk2VEYwcXVwMEZUdFps
cUhPZGtzTmdDZkFXbEIwTmhoZDNYSGZ1bFdrCitDS2tuRi8zOVZTTWdyNFFvdG5m
ckRIVUxBcnM3QmZxcUx3SDVlLzZSSmMKLS0tICs3ckhXVFp4NnlTaTFVOVMzOXV4
TFlIMGhkS0ZvcXVQNWYvV2phb1N0cTQKNGJ31lLdr9uk/DOrlLe3M7DsBhczmvSq
eWjj3TNekZpUGrlyVv4CE4D3pwyit8mbwbROZsZjUkToYo6nMQS1Zw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-04T06:30:19Z"
mac: ENC[AES256_GCM,data:ZaDdsxYfjlpI7AvogRNS4LyylXobOvqtq8Uam3IZcjVcKTunq4bCCC1cTqnNkTXaGtVLj0XxW7C4P+KireyX0pqgRNERavGbqgxfCaMEZQXtDE6vIgqBBVgmhqBulqxxUmVRKQdTJZHB7SNLgM2zjTwI6bEBp3gPBSKZE1aNFsg=,iv:oFnWH/ghy279cJfKty3J6GioDOUa+VJ0ZVNBY07n6Pg=,tag:GmdTjBd05vm/5AFrrBL99g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
1 change: 1 addition & 0 deletions nix/deployments.nix
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ let
ghaf-log = mkDeployment "x86_64-linux" "ghaf-log" "95.217.177.197";
ghaf-coverity = mkDeployment "x86_64-linux" "ghaf-coverity" "37.27.204.82";
ghaf-proxy = mkDeployment "x86_64-linux" "ghaf-proxy" "95.216.200.85";
ghaf-webserver = mkDeployment "x86_64-linux" "ghaf-webserver" "37.27.204.82";
};

aarch64-nodes = {
Expand Down
5 changes: 5 additions & 0 deletions tasks.py
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,11 @@ class TargetHost:
nixosconfig="ghaf-proxy",
secretspath="hosts/ghaf-proxy/secrets.yaml",
),
"ghaf-webserver": TargetHost(
hostname="37.27.204.82",
nixosconfig="ghaf-webserver",
secretspath="hosts/ghaf-webserver/secrets.yaml",
),
}
)

Expand Down

0 comments on commit 013651c

Please sign in to comment.