nrabulinski/settei
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

New host: ude

Browse source
This commit is contained in:
Nikodem Rabuliński 2023-11-02 20:16:36 +01:00
parent f2a54b2116
commit ff77bc7100
No known key found for this signature in database
GPG key ID: FF629AA9E08138DB
13 changed files with 103 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

2
assets/ssh.nix
View file

@ -11,11 +11,13 @@
kazuki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIImsFb9qRxX0n2Bmy00T8iPam+Fc3mgKkm7dfM7AQRHN nikodem@rabulinski.com"; kazuki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIImsFb9qRxX0n2Bmy00T8iPam+Fc3mgKkm7dfM7AQRHN nikodem@rabulinski.com";
legion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILHX2MNGZGSTedYAepZHgcx+KK0A6ASulwSrpf9ytb5h nikodem@rabulinski.com"; legion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILHX2MNGZGSTedYAepZHgcx+KK0A6ASulwSrpf9ytb5h nikodem@rabulinski.com";
miyagi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEIf4Ypws+1v9WL9MibW1dELpa/7YixElaBE7S71jsTy nrabulinski@antmicro.com"; miyagi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEIf4Ypws+1v9WL9MibW1dELpa/7YixElaBE7S71jsTy nrabulinski@antmicro.com";
ude = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDm3M/i/4wP2BM4+9hHAOMospwvlBZ+FT+pJtVgaaMq nikodem@rabulinski.com";
}; };
system = { system = {
kazuki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEyYhYWDNmKSrpcslD3NzWW+lQmDcLJdjLh7CSkL4hW5 root@kazuki"; kazuki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEyYhYWDNmKSrpcslD3NzWW+lQmDcLJdjLh7CSkL4hW5 root@kazuki";
legion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0Ktyj0FSn8KLRwRGd0Tp/qNUPXV7+XyxAsWGWdMYp8 root@legion"; legion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0Ktyj0FSn8KLRwRGd0Tp/qNUPXV7+XyxAsWGWdMYp8 root@legion";
miyagi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILbUcsZrZgGHojG+1yVyNEW5Fgr7/7qNaWxOt+lFrJaD root@miyagi"; miyagi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILbUcsZrZgGHojG+1yVyNEW5Fgr7/7qNaWxOt+lFrJaD root@miyagi";
ude = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZW15ObZ6XG776pdEvs9yqSuIiWlbGveEVA774Ri9/o root@ude";
}; };
} }

1
hosts/default.nix
View file

@ -12,6 +12,7 @@
./legion ./legion
# TODO: Custom installer ISO # TODO: Custom installer ISO
# ./installer # ./installer
./ude
]; ];
builders = let builders = let

30
hosts/ude/default.nix Normal file
View file

@ -0,0 +1,30 @@
{
configurations.nixos.ude = {
config,
modulesPath,
lib,
...
}: {
imports = [
"${modulesPath}/profiles/qemu-guest.nix"
./disks.nix
];
nixpkgs.hostPlatform = "aarch64-linux";
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.configurationLimit = 1;
loader.efi.canTouchEfiVariables = true;
};
common.hercules.enable = true;
services.hercules-ci-agent.settings.concurrentTasks = 6;
virtualisation.podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
};
}

47
hosts/ude/disks.nix Normal file
View file

@ -0,0 +1,47 @@
args: let
bootDevice = args.bootDevice or "/dev/sda";
in {
disko.devices = {
disk = {
vdb = {
type = "disk";
device = bootDevice;
content = {
type = "gpt";
partitions = {
esp = {
priority = 1;
start = "1M";
end = "128M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
linux = {
size = "100%";
content = {
type = "btrfs";
extraArgs = ["-f"];
subvolumes = let
mountOptions = ["compress=zstd" "noatime"];
in {
"/root" = {
mountpoint = "/";
inherit mountOptions;
};
"/nix" = {
mountpoint = "/nix";
inherit mountOptions;
};
};
};
};
};
};
};
};
};
}

BIN
secrets/alert-nrab-lol-pass.age
View file

Binary file not shown.

16
secrets/alert-plain-pass.age
View file

@ -1,9 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 ioPMHA GErPiwFO6TluW+/QapeT0BhWH2yVd54UfCsi5s8STm8 -> ssh-ed25519 ioPMHA qqVh4A0E1AHAKWzkfGkJngMUdMc+HSxcKjyYQ2gaCAQ
/rOO0+oXHGnJ54PdgPSJ/UWeZm1Ibtptnz+tv6zhTLA hKu0kGoC+DFFzhGI8hq0oiiRuKa0kiE1WqTjq5tfPt4
-> ssh-ed25519 GKhvwg MtNidti8d7qz3NERKPdoU0UtNj/SZp2htzXYB3NUMXM -> ssh-ed25519 GKhvwg KBSfWjKPAhb+FmKet9HoUfcffcGvPvoM2eWWgysxWk8
WKdKJtjfsWFgoO09wpw87JdOaGNqDpC9MRs7Fumfn/g xhymHp+IWG6gH63U6dX9cSg7eIPD/Uhtj87cAS0vtfU
-> 'JP4o}-grease Thf -> @oU{zMr-grease
jq5xoH6w3eDeGBGf1jKPCxEl tw95QJTmdroGQEQhYEGLUNBJTp6Zdytql07m8Cjt1OvnNdt5/A
--- sI/u3P4XIpQOMPXhtCy4XqRo+FSi5IdUDNxw0S88gWc --- iM/8bokZsr5SDc73lZTloR/YpngXsy/mt1E89rNCmZI
@ï;ÖÎ|U:B{ý…x3»§û!9A2Û€S<E282AC>ÖúèNg#Ù͇r68ãS 2 Kß“,{ÅGG ™Ù” ½3“ÈôF7(ÈÍôI0R,¤ƒêá!GìIl÷ýY[­ï

BIN
secrets/hercules-cache.age
View file

Binary file not shown.

BIN
secrets/hercules-token.age
View file

Binary file not shown.

BIN
secrets/leet-nrab-lol-pass.age
View file

Binary file not shown.

BIN
secrets/legion-niko-pass.age
View file

Binary file not shown.

4
secrets/secrets.nix
View file

@ -5,8 +5,8 @@ in {
"alert-nrab-lol-pass.age".publicKeys = [keys.system.kazuki keys.other.bootstrap]; "alert-nrab-lol-pass.age".publicKeys = [keys.system.kazuki keys.other.bootstrap];
"vault-cert-env.age".publicKeys = [keys.system.kazuki keys.other.bootstrap]; "vault-cert-env.age".publicKeys = [keys.system.kazuki keys.other.bootstrap];
# "bitwarden-env-file.age".publicKeys = [keys.system.kazuki keys.other.bootstrap]; # "bitwarden-env-file.age".publicKeys = [keys.system.kazuki keys.other.bootstrap];
"hercules-token.age".publicKeys = [keys.system.kazuki keys.system.legion keys.other.bootstrap]; "hercules-token.age".publicKeys = [keys.system.kazuki keys.system.legion keys.system.ude keys.other.bootstrap];
"hercules-cache.age".publicKeys = [keys.system.kazuki keys.system.legion keys.other.bootstrap]; "hercules-cache.age".publicKeys = [keys.system.kazuki keys.system.legion keys.system.ude keys.other.bootstrap];
"alert-plain-pass.age".publicKeys = [keys.system.legion keys.other.bootstrap]; "alert-plain-pass.age".publicKeys = [keys.system.legion keys.other.bootstrap];
"legion-niko-pass.age".publicKeys = [keys.system.legion keys.other.bootstrap]; "legion-niko-pass.age".publicKeys = [keys.system.legion keys.other.bootstrap];
} }

16
secrets/vault-cert-env.age
View file

@ -1,9 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 84j9mw vOJaWCNIGFgf6O0nTt+g1a5y5iKvMlr9nrpF1jTNGmM -> ssh-ed25519 84j9mw iX2rMQ/L6p+pZO6HZWGk+LWuQzTbWrTMRHbAMONyMQI
MxiliY7O3k0P47mYrmV6ovZu9+03JCCUvOe8Zu7gi34 qwcUJ9BMDc4gaZS3voRtgZwuOqU7IeaOp1RMfmmeSMo
-> ssh-ed25519 GKhvwg XSQNhU9xCPQu7iIcshQxncgqp37J8iS1H6FKDaChPTo -> ssh-ed25519 GKhvwg /O4i6P36CGqPwiHlV59QDlnZnE7mgz+u8wrt7hI6Z3M
uH8yhnQc184zK72pwwNod110/ehMiT/eWbHN894XThU ytfwriyDoCROiePo8Ey+VETVPxd42ltj+8s91hRDWoM
-> w>U?#&-grease <dWq wD?o* -> RB"-grease Ia=.
wMaIBnm2VLcz0dW+Hhv6 J9xSMHsIpNTKbksUxqZM8M5bgJwxapjGp8VYKh7bXk8jH9nOhUuhrLA
--- b4aPjwryeAsFAeNWUyMT1hI7G3yQinFIfoYfUxHk3s8 --- i3nJq19lE+kSfe3fzciLrZ0QOUT0ItuP62fXFBvnVrg
µá|ý.os,!‡£$`#Ïçlˆ¹xè¡ûõO(,°eȼÇGñQi=m„ 6Ö1¦#&îÙ©8dÄŠÛ”¥äC$5T"Q¼¯Ì‹þï ]2•6ÚìÉF/á³!x<>lB¯M<04>¸oN„p|«J³o¹Œ<C592>ÝÚ#c¿îʪ3\zÎè»-1½"4(ä”ìŽÁQÜ=øJJ¤c¹g°Y¾j þ

8
wrappers/default.nix
View file

@ -29,8 +29,10 @@
]; ];
}; };
in { in {
packages = all-packages // { packages =
inherit base-packages; all-packages
}; // {
inherit base-packages;
};
}; };
} }