From ff77bc7100f152ef00708e44bac5d40e8bf01ca9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Thu, 2 Nov 2023 20:16:36 +0100 Subject: [PATCH] New host: ude --- assets/ssh.nix | 2 ++ hosts/default.nix | 1 + hosts/ude/default.nix | 30 ++++++++++++++++++++ hosts/ude/disks.nix | 47 ++++++++++++++++++++++++++++++++ secrets/alert-nrab-lol-pass.age | Bin 424 -> 435 bytes secrets/alert-plain-pass.age | 16 +++++------ secrets/hercules-cache.age | Bin 907 -> 1012 bytes secrets/hercules-token.age | Bin 728 -> 842 bytes secrets/leet-nrab-lol-pass.age | Bin 474 -> 452 bytes secrets/legion-niko-pass.age | Bin 458 -> 432 bytes secrets/secrets.nix | 4 +-- secrets/vault-cert-env.age | 16 +++++------ wrappers/default.nix | 8 ++++-- 13 files changed, 103 insertions(+), 21 deletions(-) create mode 100644 hosts/ude/default.nix create mode 100644 hosts/ude/disks.nix diff --git a/assets/ssh.nix b/assets/ssh.nix index 413daa9..c03bc8f 100644 --- a/assets/ssh.nix +++ b/assets/ssh.nix @@ -11,11 +11,13 @@ kazuki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIImsFb9qRxX0n2Bmy00T8iPam+Fc3mgKkm7dfM7AQRHN nikodem@rabulinski.com"; legion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILHX2MNGZGSTedYAepZHgcx+KK0A6ASulwSrpf9ytb5h nikodem@rabulinski.com"; miyagi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEIf4Ypws+1v9WL9MibW1dELpa/7YixElaBE7S71jsTy nrabulinski@antmicro.com"; + ude = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDm3M/i/4wP2BM4+9hHAOMospwvlBZ+FT+pJtVgaaMq nikodem@rabulinski.com"; }; system = { kazuki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEyYhYWDNmKSrpcslD3NzWW+lQmDcLJdjLh7CSkL4hW5 root@kazuki"; legion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0Ktyj0FSn8KLRwRGd0Tp/qNUPXV7+XyxAsWGWdMYp8 root@legion"; miyagi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILbUcsZrZgGHojG+1yVyNEW5Fgr7/7qNaWxOt+lFrJaD root@miyagi"; + ude = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZW15ObZ6XG776pdEvs9yqSuIiWlbGveEVA774Ri9/o root@ude"; }; } diff --git a/hosts/default.nix b/hosts/default.nix index 17921d2..ecc6cdd 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -12,6 +12,7 @@ ./legion # TODO: Custom installer ISO # ./installer + ./ude ]; builders = let diff --git a/hosts/ude/default.nix b/hosts/ude/default.nix new file mode 100644 index 0000000..0840d56 --- /dev/null +++ b/hosts/ude/default.nix @@ -0,0 +1,30 @@ +{ + configurations.nixos.ude = { + config, + modulesPath, + lib, + ... + }: { + imports = [ + "${modulesPath}/profiles/qemu-guest.nix" + ./disks.nix + ]; + + nixpkgs.hostPlatform = "aarch64-linux"; + + boot = { + loader.systemd-boot.enable = true; + loader.systemd-boot.configurationLimit = 1; + loader.efi.canTouchEfiVariables = true; + }; + + common.hercules.enable = true; + services.hercules-ci-agent.settings.concurrentTasks = 6; + + virtualisation.podman = { + enable = true; + dockerCompat = true; + defaultNetwork.settings.dns_enabled = true; + }; + }; +} diff --git a/hosts/ude/disks.nix b/hosts/ude/disks.nix new file mode 100644 index 0000000..9b0d955 --- /dev/null +++ b/hosts/ude/disks.nix @@ -0,0 +1,47 @@ +args: let + bootDevice = args.bootDevice or "/dev/sda"; +in { + disko.devices = { + disk = { + vdb = { + type = "disk"; + device = bootDevice; + content = { + type = "gpt"; + partitions = { + esp = { + priority = 1; + start = "1M"; + end = "128M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + linux = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = ["-f"]; + subvolumes = let + mountOptions = ["compress=zstd" "noatime"]; + in { + "/root" = { + mountpoint = "/"; + inherit mountOptions; + }; + "/nix" = { + mountpoint = "/nix"; + inherit mountOptions; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/secrets/alert-nrab-lol-pass.age b/secrets/alert-nrab-lol-pass.age index 7fa96b1edcec559c748073e1eadaf991628582e4..089369a86e2bccd6c6d201207e2ae02c0f47cddd 100644 GIT binary patch delta 401 zcmZ3%yqS4|PJN+Ij&_Baak-hBQBrAOsAWY^c)ET>L{fTSdU#NNfQxx>M1iw;er0f_ z1y^N&pFxsmq-$DWZk1bTm9M*rVPZ&rRH=DMid$ioNlr<)c|=8KikWeQCzr0BLUD11 zZfc5=si~o*g1dJ{S$VobR8~?{M1+2ji@9M^Kw@%kRlR;zM3jH2L0Lggak-C&VRC6| zrE`j#uUAGkS4u%~fJInjWO+t#p<|v$dTDV*R7#O=XsVl8nX`YkTfSqsZ)K>Lv7vT4 z$U3Dul@#6dqSVCVRIYOKD1$sNProdKw9Me#pm49G087uDL<{$%?5rR^PY=@yPcB_u zU4`uW^6=m!6VJ;0Y-f`|H*Mc+N5ecrpIk@h2=6fO0RIeMAMdL4q9DhjOi!+_T=Lnv zT=#1o4);a8dAI($_T7(*wk?R`Pm5! vKTk+)Qu_JL3m@dHUcLIq2cLhhj6?I&nS{6)jyz`Ik|?jNJ(RexBWe=>%R`ch delta 389 zcmdnYyn=axPJNQQrGAQEc|}s5d2X1Sw@*=GSh=aCNvO7SXqaC_u1kceS%tq#L7qjf z1y{LmX;naxg-=SLYf5URn~9IJcWOa!dQhlget3>iRbD}ktG-2uwxe%YIhU@TLUD11 zZfc5=si~o*g1dJ{S$VobdX!0Cn2TddR%J#+Wxh+XXMK^jk5iscqMM~jm6uPdWk$Y> zpG8(sq)~7=S8_^~fm3Lvi(zDWo}al}xL0yvRb*tSg|SDKOJsOXV0yB4VL*UyXi2gw z$hrjOY~A#t)WqUc1xI7Ad@j!b_s}G7ZQpbQ?R2*i6O)okw@fZwU0nsUbi;K0tjZ9B z$aL+xob+N~TqNZj0xBWltFX{sTt7(c! diff --git a/secrets/alert-plain-pass.age b/secrets/alert-plain-pass.age index 29341a2..6ec01da 100644 --- a/secrets/alert-plain-pass.age +++ b/secrets/alert-plain-pass.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 ioPMHA GErPiwFO6TluW+/QapeT0BhWH2yVd54UfCsi5s8STm8 -/rOO0+oXHGnJ54PdgPSJ/UWeZm1Ibtptnz+tv6zhTLA --> ssh-ed25519 GKhvwg MtNidti8d7qz3NERKPdoU0UtNj/SZp2htzXYB3NUMXM -WKdKJtjfsWFgoO09wpw87JdOaGNqDpC9MRs7Fumfn/g --> 'JP4o}-grease Thf -jq5xoH6w3eDeGBGf1jKPCxEl ---- sI/u3P4XIpQOMPXhtCy4XqRo+FSi5IdUDNxw0S88gWc -@;|U:B{x3!9A2ۀSNg#ً͇r68S 2 \ No newline at end of file +-> ssh-ed25519 ioPMHA qqVh4A0E1AHAKWzkfGkJngMUdMc+HSxcKjyYQ2gaCAQ +hKu0kGoC+DFFzhGI8hq0oiiRuKa0kiE1WqTjq5tfPt4 +-> ssh-ed25519 GKhvwg KBSfWjKPAhb+FmKet9HoUfcffcGvPvoM2eWWgysxWk8 +xhymHp+IWG6gH63U6dX9cSg7eIPD/Uhtj87cAS0vtfU +-> @oU{zMr-grease +tw95QJTmdroGQEQhYEGLUNBJTp6Zdytql07m8Cjt1OvnNdt5/A +--- iM/8bokZsr5SDc73lZTloR/YpngXsy/mt1E89rNCmZI +Kߓ,{GGٔ 3F7(I0R,!GIlY[ \ No newline at end of file diff --git a/secrets/hercules-cache.age b/secrets/hercules-cache.age index e7f01f6895bd9e8268086ada1019e122424c1ff0..3f8c310b490d4ec5fd46f757d7407db2ce07a70c 100644 GIT binary patch delta 963 zcmeBX|H3{&r{1t2D$gq|!Zj$Ztg@ioGf&$&*VQsJH`Cj*$lNHx-$XmjrP3fd(DBp}06h zH#Nn`)YQ;YAu~U~*TYdErOeAb*FD16&@`yh#LO(TvR+?5DyY;eINR7cKRd`jJ)+2@ z(A?56HzdMHW*)Gej3%-26B%%ZR&w79@DqbSoqy{aHDJg_9qrz#V} zI#0LKNbPb3KW*axe`6ni;}U1j{8DdE6T`xCAEPSc;KVQwiy-4D{cKayOdnT$<6_5j zt~8fSiy)&?&yv6}_hfSePuDCXPgD1*0uxuWj9{nK3{#Kf@G$>EkMwfSi66!59nFI) zGAhD~QUXG%Qd1*5%)Bj14b0sQgU#~GQe6X!d@YPi^2*H94cuJ041-;a%d*T3GxCc= zO2Ui^oGk*w{49#oEzAOwqkM7;bMyQ|s`3hRBYYe|0jFIY?31mVUX+?xoT^Z%mZM;j z%Vq9Unwgbl;c6ODn4gs7ZdzZJTb3Rapj~AiRi2}7kz-;Jky&Bt=2q>p# zXjWog=51uIZ&sNSmY&RI*JaiSm0+Am1^$p6=)ja>1$f<FRzxzelh=EIHKAHU{X{Y$9hnE6Jx z3778(Y2Nu%_+z_J+Wvowqn6iSj4YI3fA(jt#FpS^$_d{bU4Fb#XL1ee?aUEsK3RIQ lT3df{)MAgIx98j{l$I^|`)Xx&#oG_P)@*8LnRPq<001a(a<2dY delta 858 zcmeyu-pxKir#>`4BQm4ZEh4MjQ#&%zEYT>>Gs~^S&@H&2KtI?pt+?1iJ1Q;BJI&J2 zm#fgC&`i55I61;KB)r7QBGSd*!X(1X#nd~bpd`S=E5olO+@#XO!o?`1oJ-eEp}06h zH#Nn`)YQ;YAu~U~*TYf4z|XO$vaG<%#3-^V&EG^n+0D<@EVL}Bs?astq$tbRBp}2y zuP`$>OFuB1OFzuqC?l^ZHNeR;)88P}%)-z-Gt1I2+{oQH$0Jz3GAhd_qSP`k-M6xQ zay+AWy-#6@MYv_DPi3WRVM$7$Z&7A`Zl1o2ez8eqrM{bap{I+XpP5@yQgB!~S6Q&L zc9E$;xqZ=t`T|VPFX>jl~rZVS;_iAzJcZj`e`QN;pSWwp23#ko(2X! zCEi&UMUMG?xn=&vo-WzGRo-Q#r6qy6xlxf$Uar|(y1KdwK896E{=TIp#U{pu#`*Pz zRhjNNVJ2ZtrN%Cm-jV)hS$<(rIbJ0u&Y>ykT>D#kjh@z@ozix@RA|ZJ+?WS{t?pXC zoXskjboM2?`MJbte>`~2*+hKL`6yPGhW}g}@o`3f)Qz$)jq~ny`Apv4@%)m9#n;l%31sDJIG5`^&fc*2JdvqIzG? z1qH%vzk~Z5G^bUZ%3i3wJ7-a8X}$a9b?xs@8vFLI746zw-RC#`q2$e8fi|b-(Z41y z%-ojHov*Oq^2vo8q8S7K8}=S6%4pX;I(6zIF8deH)0(ZBOzSqA3WX@;oc!FPbMR>Q zoV(rjE%m$~${m#FMFR#i@)HuG-0;=k$z z(-qfkx<9ARV(D+qGc#_Bp7Q^*Ve6+05w{!WrE>^uo7roy(?(Nb!%z1~o)Vu^mOYm4 yTJZkkx$|l2``@OVOLUGqu;RfN+fS|@f(u)hO;0Sy%jm1y%;ET>=j1kh4|M=5VpDbi diff --git a/secrets/hercules-token.age b/secrets/hercules-token.age index 92ded9f0812b8063cba532aa8468e4d6a133fe20..e5434690941f9e46ae2176db865ca506e5b55d33 100644 GIT binary patch delta 791 zcmcb?dWvm=PJN}hM^Z#(T4ZFVtE+FWNlAX1Sy*XlR+zqDWwuXvh^u*}p+Qc5SV+D{ zAeXUunT20!uv?0mo13#)YFUnfzH_=;o}Wu#NvW%AQkhvwN|;GriAQ=yK9{bYLUD11 zZfc5=si~o*LS}w|uZN>TzFAP9lb@+iuDOe6u1`U7czt5Ac21?US9)PqNLEF$Z-sxp zaZ$NnU|NPNS9)=2WKOtuVUD(?zM;2IRIr7qrH8vyT3V`aicx4#XjW#aXO*$LL12~z zx^0FgT0h!*8LE*(^K^~cf`uZt_CK)LyuKJ-_!KD`do+aMN0ZAqSg(>A8t`k3s*XKlr zhFFw_6(l+Pdgbb8MtE8nROA&}I$B!hmO3TnxP+wphWnWLCgtU&b46r(`guBLd!@T& z8yGsKYF8yklm+EY%nwzW; z7p$Wh5~&dEb9-inLkyGSenP+B@>#6M z?jBqc6{ug4os;I3?N?RkmlhT7WTu_wTAET`<>Kb&UghZ*kd|N06)D%XYo(o$zMBZ+ z&H0j|4RdRlgl>t;M{&q1acq0!^nb$px1sYh&nvs<{avlsn;Wpl@vicR(CZ=Xy z+<5tuaKq2is+2uix6j@xKiaFP?=y*i{brfH8O^tHmQ2iEYS)r_y<+Jkzo_@Y`aBwu zcYS0|uMEw)vzxhadd_Q2k%e9b+cs~Ov^%)ZB5tpc?B6#(lslcGELrybYFZ!S(J!1+ zD7gBpgMc*C)3ZP2Uwl{+R#x*awUXsqxK)7c)~>9s$_K_lchZh^tJ*HAH3vOK3^5d04JNGMBEMLUD11 zZfc5=si~o*LS}w|uZN>Tseeh4lYd@NR+^`YVX1pwzFSqHTeh=)Vu5*jc4d)euC{Sl zaDl5)u7`^+m%e#@w?(FFZk}^Wl&OA*XNsjupoz14a6m{(g?D7~ zlMbS4WT1h%}P`eU~zGKi?|X!gA-TF#YiI3Kw?^uBueC zDAO#*JeLx;0+%x9(h^^7H{7Llu0Y9R1UcEftEA@|^2+xZD$clMS*`JsmSbl9DqbU4zQGbaizV ze9PVaJv&&u6t0MEc7NjS575wRt z@RO1&2{MyTx%2kS8PoQiD<4c(;R|{!YiyZmcsc9CT$721o~yl{Qe(sTUb9jAW$>Zr zFY43xJh=Vy!rXZs8^sKdYu^aTIJI(S*R=_!+Kt!jYF1HTs=PAyL+r!#0yS;&4(}$Z zu$^4PmDsJ;&&a^|TCzX&%ssdFm5q0QH&&`O>ApF#H|CYWB8}<47Ty>1J%4o{r@QbM z$v%OjQ?$+Jalci06IB0ZhRsD@UB}mM;;SN=Hh&ZP7rdo+&m7G*xyrNx{laB4K1)1y zzhSkrcGWYl)Flq(3Sq)5iw~5|DJfdI?-;v%rR%d(elM@3tbgA2w`=VnPIqbzOP@gpK+jeXn~Ql zE0?#aQE+9dVNqaanQ3rfMxwE!yHlxUm}ORQPO^z#dZv4#Pk3TdM0sV9E0?aFLUD11 zZfc5=si~o*g1dJ{S$Vobk+G$IPLhwYQ<+JSWtneYdA+YkKxk-WQAl`ba<*S(qGeD? zQiW-$WwE0pm%dA~qfwSul3Q?DW_C(Nc(zYLPHs+tzn_7Zk#}-Yafp#wg<+t#r9~Oo zx{&giyyR@%^rFk)Iett;%%TJ-2pkKB4Q`I_AMla-BKMgADwo>TZ*V!LQ| z4(pp>hYYK^Ars=x1uqL-#rI;VRe9BtJH8?bOQiKqZ@Q-3Qku>cm>r|QXyAW#%f!bQ L>z8=kW99+?DFl=} delta 440 zcmX@Ye2aO4PJMV)gs)>(VTf@~V1Z+mc5#tqiIZPJy0=@gS(8*YXnm5QX`YvfuS;5$Z)mbXSV*CB zm6L^Oh((qOSAd6mMut&wVTqGzMW%MRVPc+7etA}8VNkleg{x`zh{Yisjqo5 z$T~e`Z<`oB-Snc=#Nt$iLHLsv@&Mk0{S< zZ)bOxO0QhcfZ)8MG@}g9u*%}{tl(hxsMO%H;4q(vVlLyIzjG%9#h>`J=bGHvX~((e z?_)dMmV5C?_70y_QzSS)xjO}Z@9LM!G|zJPP&G_G8#J3iPpZ{?F3+#pM?Hs&uV)=T jr`=t<+2-cy($<3qrB+^iZL@3LoBE{K`^%NyPn7`x(x;&x diff --git a/secrets/legion-niko-pass.age b/secrets/legion-niko-pass.age index 9b9231d171f90db096283f5de43aaa851b4d5082..1d226c2cb32a039c1bb34e245fad318b0e99c685 100644 GIT binary patch delta 398 zcmX@byn%UwPQ9a9a8*=*sas(|L29}|g_n`LQ<0NrSXEM`SxG^OMT&2ce?fM-nP;d$ zC|7xue{NQyc~M%Lfq#j9MMZFCc9pkxX;oRGd19(dfMt$hWuTjJd1jE2FPE;JLUD11 zZfc5=si~o*g1dJ{S$VobaG<_lj&`P{zNdRpVU}a6dwqmUS)`9gl23|fxRHBad4xxa zS7?ZzQHY}fS5kzxp|(Y^tD!|iiKkC!p|3@;k+*Y_TV_PCNusx(xo4PLSxHD%rc-Gs z$hzt%+guIZ^rF2|E2;W?{P+uc1U0q!TGbiJMfbdXv@2X(O z9M{PD+>#Pk6W7erQkRO{(8zqtl9W8}oO12JP)~z=t}^$eeO$XvpIrX;pF%_-KeOw_ z87y0Kb7D`P`8@ISpJdI?Jb$DXPcDhkkV@v;5xXtWbCp!uBE~yXZ+bhfpB3br9Y6oz tj|72ZH{X;_<9vLoi|KyD!WRp!{`T`KyTMu)uKprWoPAE0M|Mo?W&kRelZ5~P delta 424 zcmdnMe2RI3PQ8JvNvTt4KvJNadscCJX?|5$X<43raiNi8uDeBUX|7j#rh95?nn99# zF;`ZlWmRHXrl)67R*AEvv!k!0e_(}6aUXI+w1ULUD11 zZfc5=si~o*g1dJ{S$VpGxp9fVkGo@VVWfp&fqQtcS-q)uR%VH}Q;~tOK~klGnL%b) zQetvMezLm(S5;z0l6gv4UP`ukvQK4bxOstlNOF<4n|G;Cj!T|E5z)(;v1!5meaq*VMA7 RG{}*~WATQw_p1{!T>&6Cm9qc< diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 18f90ca..4cc0678 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -5,8 +5,8 @@ in { "alert-nrab-lol-pass.age".publicKeys = [keys.system.kazuki keys.other.bootstrap]; "vault-cert-env.age".publicKeys = [keys.system.kazuki keys.other.bootstrap]; # "bitwarden-env-file.age".publicKeys = [keys.system.kazuki keys.other.bootstrap]; - "hercules-token.age".publicKeys = [keys.system.kazuki keys.system.legion keys.other.bootstrap]; - "hercules-cache.age".publicKeys = [keys.system.kazuki keys.system.legion keys.other.bootstrap]; + "hercules-token.age".publicKeys = [keys.system.kazuki keys.system.legion keys.system.ude keys.other.bootstrap]; + "hercules-cache.age".publicKeys = [keys.system.kazuki keys.system.legion keys.system.ude keys.other.bootstrap]; "alert-plain-pass.age".publicKeys = [keys.system.legion keys.other.bootstrap]; "legion-niko-pass.age".publicKeys = [keys.system.legion keys.other.bootstrap]; } diff --git a/secrets/vault-cert-env.age b/secrets/vault-cert-env.age index 3066029..2664b39 100644 --- a/secrets/vault-cert-env.age +++ b/secrets/vault-cert-env.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw vOJaWCNIGFgf6O0nTt+g1a5y5iKvMlr9nrpF1jTNGmM -MxiliY7O3k0P47mYrmV6ovZu9+03JCCUvOe8Zu7gi34 --> ssh-ed25519 GKhvwg XSQNhU9xCPQu7iIcshQxncgqp37J8iS1H6FKDaChPTo -uH8yhnQc184zK72pwwNod110/ehMiT/eWbHN894XThU --> w>U?#&-grease ssh-ed25519 84j9mw iX2rMQ/L6p+pZO6HZWGk+LWuQzTbWrTMRHbAMONyMQI +qwcUJ9BMDc4gaZS3voRtgZwuOqU7IeaOp1RMfmmeSMo +-> ssh-ed25519 GKhvwg /O4i6P36CGqPwiHlV59QDlnZnE7mgz+u8wrt7hI6Z3M +ytfwriyDoCROiePo8Ey+VETVPxd42ltj+8s91hRDWoM +-> RB"-grease Ia=. +J9xSMHsIpNTKbksUxqZM8M5bgJwxapjGp8VYKh7bXk8jH9nOhUuhrLA +--- i3nJq19lE+kSfe3fzciLrZ0QOUT0ItuP62fXFBvnVrg +]26F/!xlBMoNp|Jo#cʪ3\zΑ-1"4(Q=JJcgYj \ No newline at end of file diff --git a/wrappers/default.nix b/wrappers/default.nix index 01c477d..6b422ac 100644 --- a/wrappers/default.nix +++ b/wrappers/default.nix @@ -29,8 +29,10 @@ ]; }; in { - packages = all-packages // { - inherit base-packages; - }; + packages = + all-packages + // { + inherit base-packages; + }; }; }