From 519e55e6a171f45158735c5061387045dd056c32 Mon Sep 17 00:00:00 2001 From: Markus Schmidl Date: Sat, 3 Feb 2024 00:55:53 +0100 Subject: [PATCH] setup tetra-zw --- .sops.yaml | 3 + hardware/disk-module/default.nix | 11 +++ hardware/tetra-zw.nix | 42 +++++++++++ hosts/tetra-zw/configuration.nix | 4 +- secrets/tetra-zw/secrets.yaml | 115 +++++++++++++++++-------------- 5 files changed, 120 insertions(+), 55 deletions(-) create mode 100644 hardware/tetra-zw.nix diff --git a/.sops.yaml b/.sops.yaml index e6bbc8c..1298b22 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -9,6 +9,7 @@ keys: - ¬ice-me-senpai age1wxewmzwlzgtsmr29tnu76n30kv29ra5p0ptvr2e3f3ymkqh569kqm07fv4 - &tram-borzoi age10sedt7xftzu383y8g4pxsj0hazht8tnnxhcngedcsl93s4v9uvvsk99er4 - &uranus age1xnaw8ssrq2hpsntnt8kdu4dlqh4lz3dcq5lzwn490cskz886te6sreuale + - &tetra-zw age1nknzqnqm2d7pxxjl4e4w50jk8t8xx947l2qgrjhpqjfd33ypjfusw7nszw # turmlabor - &traffic-stop-box-0 age1yxtur968m4xe0m3kj0waqpm2kuuywpp9f6t0rxl4f0262ze9n9jqehw0k5 @@ -178,6 +179,8 @@ creation_rules: - *admin_revol-xut - *admin_marenz-1 - *admin_marenz-2 + age: + - *tetra-zw - path_regex: secrets/uranus/[^/]+\.yaml$ key_groups: - pgp: diff --git a/hardware/disk-module/default.nix b/hardware/disk-module/default.nix index b2386d8..09b0eda 100644 --- a/hardware/disk-module/default.nix +++ b/hardware/disk-module/default.nix @@ -12,5 +12,16 @@ echo file binary-dist $diskImage >> $out/nix-support/hydra-build-products ''; }; + system.build.diskImageLegacy = import ./make-disk-image.nix { + name = "${config.networking.hostName}-disk"; + partitionTableType = "legacy"; + additionalSpace = "0G"; + copyChannel = false; + inherit config lib pkgs; + postVM = '' + mkdir -p $out/nix-support + echo file binary-dist $diskImage >> $out/nix-support/hydra-build-products + ''; + }; fileSystems."/".autoResize = true; } diff --git a/hardware/tetra-zw.nix b/hardware/tetra-zw.nix new file mode 100644 index 0000000..3d5b25d --- /dev/null +++ b/hardware/tetra-zw.nix @@ -0,0 +1,42 @@ +{ config, lib, pkgs, ... }: + +{ + # The global useDHCP flag is deprecated, therefore explicitly set to false here. + # Per-interface useDHCP will be mandatory in the future, so this generated config + # replicates the default behaviour. + imports = [ + ./disk-module + ]; + networking = { + interfaces.enp5s0.useDHCP = lib.mkDefault true; + useDHCP = lib.mkDefault true; + }; + + networking.useNetworkd = true; + networking.wireguard.enable = true; + + deployment-TLMS.net.iface.uplink = { + name = lib.mkDefault "enp5s0"; + useDHCP = lib.mkDefault true; + }; + + boot.tmp.tmpfsSize = "25%"; + + boot.kernelModules = [ "kvm-intel" "r8168" ]; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" "sdhci_acpi" ]; + boot.initrd.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + # some whoopsie in kernel 6.1.x maybe? + boot.kernelPackages = pkgs.linuxKernel.packages.linux_5_15; + + swapDevices = [ ]; + fileSystems."/" = + { + device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + }; + + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/sda"; +} diff --git a/hosts/tetra-zw/configuration.nix b/hosts/tetra-zw/configuration.nix index b27ea83..5ca9119 100644 --- a/hosts/tetra-zw/configuration.nix +++ b/hosts/tetra-zw/configuration.nix @@ -1,8 +1,8 @@ -{ self, pkgs, config, registry, ... }: +{ self, lib, pkgs, config, registry, ... }: { imports = [ - "${self}/hardware/dell-wyse-3040.nix" + "${self}/hardware/tetra-zw.nix" ]; boot.tmp.useTmpfs = true; diff --git a/secrets/tetra-zw/secrets.yaml b/secrets/tetra-zw/secrets.yaml index 1edb00a..522b6a5 100644 --- a/secrets/tetra-zw/secrets.yaml +++ b/secrets/tetra-zw/secrets.yaml @@ -4,78 +4,87 @@ sops: gcp_kms: [] azure_kv: [] hc_vault: [] - age: [] + age: + - recipient: age1nknzqnqm2d7pxxjl4e4w50jk8t8xx947l2qgrjhpqjfd33ypjfusw7nszw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBieG5JNzFZdFcvMWtWRjh6 + bjkwbTVWNW5PaHRSNmx5VU1mSmUyTE9BYXo0CjZZb08vVlJtcEovUE1WQW5oTGRy + SDlyM3ZqZUY2d1IxWCs0MzRYSTRXSGsKLS0tIEw0YlplaGFrY0JtRGUyWXhDTllp + WUZVei9YWndsTG9UWUVGTS93NDN1R0EKQDKCEOfu77GxyAE81CvCifYXte9jvjcL + E6MNUQufOzZFyLXnuPypEUX9WVTg+7yB/4St7+uyV47xX1cI7xfVgQ== + -----END AGE ENCRYPTED FILE----- lastmodified: "2023-11-27T15:03:10Z" mac: ENC[AES256_GCM,data:OCLKBHUxUNBZFfOReLa/MRndLTOuFWMhG5f7IiXv/lPwgQbD9Rp97hnlbYmtHeheXO8vhZsiwUe7VO/UEN17G5s2sdRLdQpn/gT1XlvqN2cfZhJ9cPRJl6QQ40cYW0GNDlu8bSPY1WI2V+9nCxoDazJvrv8U4sjTa/jGNnX51pI=,iv:Rbrd9tvodC2ON08BMaJ6IvKPXrO07VcgtkOm3XgHXwE=,tag:GtTJtHoLlTBLfR3RV3UgCw==,type:str] pgp: - - created_at: "2023-11-27T15:02:48Z" + - created_at: "2024-02-02T21:38:45Z" enc: |- -----BEGIN PGP MESSAGE----- - wcFMA7zUOKwzpAE7AQ//eU1W4XI5YQH/5LniuIF/W0gBJv3jeKlh3QxEUgnBtBRR - yrf7tzO+4M3qhjhP2JFuyYvipyZ7hM+RFP2hFjEDjBio/GD+PEJgFZn30W7zOkDc - CwK2jRd2t7VnHmy2oQbYMWVtFZkMW6g0nVv+7QXmVlyw+unWV/spgLGI649gvHtK - y2QK1Np8YS11Mj6oaz7oJi5WXTRkZDwuIM8YBPNbynbFsRcyHvsVW4HqFXYd4cC7 - PccEwDIlO3nEsWVsBi5xhzANurzRv1LepBWq2ojaCuB7Mnp7G8SADJ45mbUkMswD - CkxO8VFxembH0x815giUC/S+vB3XV74TThP8t1jUkzWWeFroMY8hqscR42yzeIUS - 5XfaaYU5qqQQyMteiij1jriOxzDiNHQnKPPQPW2spmnQ6njPTmTCmNIC1H9OjF8h - StTKzKHILRYLO3Fn9INZrGI/ntPjKks8IjwPxcTjh6wqNsu6SgKWxXuxZUGvIbRj - 73sQn5r9uI4E/HczGiO3RF/Jcp/btUDHVeWu/nzFseH3H05yJ5ABDllx2VnoHJKT - +9ZCb11psqPX7m0DGWNgREtgybRMJxElm8Ke9QvS6rMXmltlrl5kFbfVngcj0kx5 - zsowKHP119mCTuRfZv+YUPJD2tu1sJAq0H7anB6m6HKOEvYvRdNKk42aw414VZjS - UQEZol48PW3DqJjzlBX9bQH0ZL8v6BfFVk6zflTHyS3WLmrUmZHi3atBl6eMrc+A - vu8yXYvIwWaOxNUozmwbrNdYxWT4LPrCFI+9q52vqMaG3Q== - =JfFt + wcFMA7zUOKwzpAE7AQ//VoPu79j3q87/eMLO5y8jNXFbDPgZiA6TRZcP5HQ23RzV + QEdWuU9SKkB0HgLUbFn+e4nToJwHbXAiVp85M0zYnLNr6HnLmEJRB0yNtZW/q2aH + JZOWW5IW2HrACKk9dtRozTrIPjO+xFRzHRZIWHpiz2unAppJywxgPS9sYwCEzyvo + rZHiTFbj4olpMxC1OlX9qbIZp9iOzLkfqdNCg35rYp9WvAGnd+xTO8Tl7ptgzCru + N12jfshMEMPpby1RJWZRuqDds4maTqfoGxnE73UKZlBy2aDOyWcQE4j0yZ1dRBLB + u8tkD59uN1VaCJL8v0n6OKsoj2bP2VXmsAM/2+yu0/ClIMTtfYL50w0ppGaYqV1x + B+ytxkwrlTtACCIIWF6HDFEoW7swafVNzAbKhf44UZZoritNvJgW+pDbFs2okRu6 + 1s8hbXC+/UkUNnO/80S524a+KZAxs1vtPDSwjczwGgCihym8fvF4zywj7DjHrTi4 + ipC/V5qAbmGuVPz8wuY/af72O4tRrpwalc6aeTuYNds26B30t7wahQ5fL7ezI8zx + aCA72gc8G5aLXl7PsWEoIIrEkJDoT4thhBqCIeyYS8zN+BhqA35EQKw6WzhP3e7K + CopaqNYnKT/A5juNkiYMhn1jHETCTiPFGj24k7IE83p2+zJgFhNgGeBgCGq8gIbS + UQGk1w+bQPAyTej2TCskzeJlzP2TcGS745NYDPFvaoqfjOwpWV6w1ImNIuaErtzt + aLjPOzYKV+dHQfKtBbdcRUl6UWII5mjxLc0fy+sXRyUS5g== + =7AW5 -----END PGP MESSAGE----- fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C - - created_at: "2023-11-27T15:02:48Z" + - created_at: "2024-02-02T21:38:45Z" enc: |- -----BEGIN PGP MESSAGE----- - wcFMA/YLzOYaRIJJAQ//Tp/AENqZMJjyAyp5IzAgVATmoRpB7expbKSr0JCYfcio - aJepbsSzKyauYu53+brUYa7kj+VjduGiCaXr0DCewMpohZj54gBDDnj8/XNTjesL - R6BgSgCm14abvvs++yR7Q8aIxeua0V+i5jYLM5U/CICFRFhKVJvkHtEabNfyG7Hu - FDCxdqOdm78uKvDW7NMrnu7ixfRsS5my+c+NFuWYFsda8xloM5iTPHMjx0S+7acB - F2LZCff5N6f0QvPtlrxj5nD5aQnMql93maSFsKYoKi/o6MMb75qtSYfWUeVl/fu0 - JFK+pcsJmqsHtrLSv1UniCfqe5MGN6AzS49QGgoTmYZLC2DyNNRbG+ISRs14KJAE - wJ3rfSQuVHKYN/2P+dmAi5w4aRea0pIrLYtQNqLYNBqH45IFVgSslDA7GL56epco - wI3Wc1uxQPWS7EODOBKPebA3u+Hxu49i/8bCYk5Pgkp8w6dTm5Ok2i4tc60pBwIA - Yjp9GPjfF+ld0vgG1NPz+fxx/TH9zzkhg/MvDgtJvYlpG/SnB8F6WxJ7oKZrk4I8 - NuInneZjit2U2Dxk2BCYS2yUI0aitivzIS/41xuCCmCWDC3h/+6Tg/DaXElLH7Oo - sMY4hAXYaB8TxLakHJRs9/Rl2HCi+m9cTN3ygscmVT/aFMCScuO6MkUxIPc+ZBLS - UQFHogD3IiDvySf9Tc8kkBysIA7nUHNwUTr9Q/QKAUXnInxZANuYa5Uqapqn/W+w - GdfL2pry3DF1hz1oBEsc2z+l0hww9hzHscJ1jrE/GwVRXA== - =jk+v + wcFMA/YLzOYaRIJJAQ//bXXT68Yd7aXnSgjUvBeK1CCStZ8EcB7zR0+6RTC9ZfIC + hSAo2lRZcMQ8vPHOLKEetCL5V2nb1eZB0dIPWjeHBnH3vj/mWmgGdx6I5Cg7W6+h + wlapkDL765hd3eQodxpPC9KYMVuhDrDVULdtotOlfmm6+SyqB1r3pQqHwS9Soc2y + dPDgE1Le/aGFy4bSt3e0m7ofqxMW+URdnFH3OnrZd35j+UU1gFw6aSXjrxVq3upk + QTbsa7gb07AiHit+ENI0jjXjYrG0m88SupCpXIa43Qg5xhHKiVFMLXdCmCsIS2LX + AbHVs/qYikcdJQvEDdjJwoqpmsb+DnGnFmNfTZqxJWOOfIK9q4keAQ4DVwJCgVyj + mXMBgND+lDKW3I1EIaGD/e5J7wv6kVqkHWRsbxrfSdBktoj7XZdyqjrWkShBY5GO + BDS/XbolP3YL1IPMlSUSicMkl69145WvxNFRjFaywdgDcX1Ou/C0hgN2FzYeSbwP + y4IkjNaYxkmL3NV7LO5SeoAM6Yct4Xh/7TCtCGqyInf94h0k8PgaEOSxPdUVtNWs + 3OpKGbZHYVCefaCV7Dx/FPKktqBxDHKLPRpSvDlY+CjtkV/nvhPsPfVOz6uhtK1i + 7gVxs0XFpnE4AxXsV8DvC5+MJ18wLDpb8Rb21/zm27aVjcxu3K88NCB68G5gwXDS + UQH9nxw8cOMAPXbDxV/6sfLvWhpmxkzEa8qHoH0SY0NNWHfiTLDr+XkOBA/grq+f + knBojZ+Qr9y5JDN6fQHK7pQGcZweZkNFbPa40tRUVoG2BQ== + =ojT1 -----END PGP MESSAGE----- fp: 91EBE87016391323642A6803B966009D57E69CC6 - - created_at: "2023-11-27T15:02:48Z" - enc: | + - created_at: "2024-02-02T21:38:45Z" + enc: |- -----BEGIN PGP MESSAGE----- - hQEMA1N/l9+zlMQzAQf/UbfrpOO9me+hJTy36IIJUoU90CKRJCf9IRfeFXVKok1F - 4zIFtYkj1ioSVYkm2cJ64pVirIEVgTPeuitc3dATfHsu0Y08hHeCQMs9DiaYzXy2 - /VTau11c87ZBoDm9pLWij/MsCFwi3WGa1UALCunKEtPV3Ljp39+NRu8y3OyOZHjN - ktHY0MEntjCzmD8BXx5bkOQ6pOFoKPFY92150Csl73Nnn232Vsaff4ZwStt2FONP - xcXjWdQKH24WigNG/gLa4MMT6grwGkuy08XTkr3cwPMPpekOboDdH+5GsDBkA8jU - LCQ+bVAo/ChtqdD4OOGpxcECr2CuczWLYsyktJaIb9JeAd6KyTBugKmMEV9WxpKm - 9l33mLVTpg77qFlKf0Y/axo0eIp7EQqxlpbiQuRZu2aM4s/a3uZ3OLnrVexvSQ1X - 5PLZyfkx+TO26/YRCkMxht1Uql08wzWMqZGDglpMTw== - =jhUj + hQEMA1N/l9+zlMQzAQf/Y05YUc9u+Svty1Li8YriUoTxKw/w1gp7tb1pZ4aQB0AP + QHSHvMlCmD3iNTXOU1QNxz/QVfnqKXjZkpyUqlErYSpMMcFYyo7N8mt0zBdeup3h + 9y52CvNt6mDDLonq8ZGreOk3B8LyicsAflTp7AvjGW4PF7Fr/tziM2oQn/lZHAbO + 52Fe3Um69AzLVgzGor2LL2Nn1bb8a76q3EG6tOaFnNoyAi+JK/5+D5jV33ppfJgs + SFoxgDxZs1Nrhyswa8Or6F+LWxukOkM1+65+CEAd6mwqQTswpwk7/NWLEG4R4Ep4 + eUwdXHG/pEKgpJ6uwSlINtU69kaiGks15tdoRuZwUdJeAb56FOwm0tURogrLRp77 + vZrAIKfRw/T8dg9srQJTHS7Ak/TYI+zHgpj7U2XwkQdS5sPSIsAeLYwP6D8TdMT4 + aRDnn8Yf7ADq+SMZDxAZQNA7Yk8DwkytcZsel8KlmQ== + =3ygH -----END PGP MESSAGE----- fp: 069836A578F7939612DB4934F77D0F7E247A1EE4 - - created_at: "2023-11-27T15:02:48Z" - enc: | + - created_at: "2024-02-02T21:38:45Z" + enc: |- -----BEGIN PGP MESSAGE----- - hQEMA1N/l9+zlMQzAQf/ZuCGHKsISv+rSeUfayaYBxCWYAIHbx5vVg0ydtq8tWar - U6T0A3cergkfZfIX/trsWQqI/TVkc6UL8MDBnOZEYy0qd07tDL+OUlwX6UI7IO+K - bth8nkTnVthnjCUh4a6VSt4ZeeiYCKJb+ndLDr9Z6qwCRE5cJXDX7NUOJVC7fkOP - ae/UvFrqppH8JVw/7LZKIu+w6mp7z736cs/o+AhHRuqGnCiNPqF0d7LF8qCpFX07 - hwHCkl6CMc8MCoLQsa3mdzhaNpJWU/qkQ7h1S73W8g3wtv7Dpi9kTNhJ1lT+wZKp - MWBvrHJgHaaSVDCNJq7PLUqoxavL0ul9G0tVYrMLttJeAZ76OKiO1i3JCU1JymOT - sX3pVzE8MBlDcrpRDQJ4c7/LBPX6qAhnxvyZHawARUWNH2UtVA9ceCW11Jqk+Owg - W4FcSvBnXpb0LG0i4qozXvxfAwWm6Hu57Pbqm/YOGw== - =/DPb + hQEMA1N/l9+zlMQzAQgAkvldc6xEY3+Ns3+1zaDDhOqZwXV9uPeRZXyBO+U5nBt6 + pddEe06jX/atkBr6zwZls6rnCG/c1zeLWpC2FlMcL4W4VY0snsNY6vLI5FXhS2PD + Med1ir2duYOo5LZqVVvzGsxGIRbkcni5F0Bq7mWCW2E1MWO9qIdHNTLlYjQq4BtR + zRbp4UuwMBXNI78+vrSrV87mpCavAJ6Nde6I32iPcxJe0Juv1i7OG3AKyRYcWcmE + exBQP7/DLSxTpDazlbYVgROrsCi4CSQ2WW2e3JDM7cb6WYL0zaAJUq75LFRSX+HL + WLRUXjbmdIt25eJaNB/0WnfbYstaTJXLxclp864q99JeAYBN0etvjxFGWiPCF3hM + ZjWxk+1EV+ORuP9GvnMRdNAQwBc1HUTWw9HZZN41YyceI8p66OsiMB4HP3Wi9mE3 + MQKuWY3wA1alqbFWrB4ssvmug+nyQdqMpLzEDBYu9Q== + =K/Lc -----END PGP MESSAGE----- fp: ED06986DFAAE6A61B751DC2F537F97DFB394C433 unencrypted_suffix: _unencrypted