mirror of
https://github.com/dump-dvb/nix-config.git
synced 2024-06-08 09:14:11 +02:00
add microvm for monitoring
This commit is contained in:
parent
04688487ba
commit
6e7ec5f982
10
.sops.yaml
10
.sops.yaml
|
@ -6,6 +6,7 @@ keys:
|
|||
# - &admin_astro
|
||||
- &data-hoarder age1djp5hk6vpm5glzqy9h2e2cgam5xydx888glgs85kvs57spaf8v0sfm0pa2
|
||||
- &data-hoarder-staging age1m4g4y5ga2m8xdvs7rarda3tyk4gtkyta6pfyq2n3xmy47z20kfxq73m8r8
|
||||
- &watch-me-senpai age18q907v2706qxmjewqan7xng2su3z6zyz9a2q444jew22apd46y7q8wjjku
|
||||
# turmlabor
|
||||
- &traffic-stop-box-0 age1yxtur968m4xe0m3kj0waqpm2kuuywpp9f6t0rxl4f0262ze9n9jqehw0k5
|
||||
# zw
|
||||
|
@ -57,6 +58,15 @@ creation_rules:
|
|||
age:
|
||||
- *data-hoarder
|
||||
- *data-hoarder-staging
|
||||
- path_regex: secrets/watch-me-senpai/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *admin_oxa
|
||||
- *admin_revol-xut
|
||||
- *admin_marenz-1
|
||||
- *admin_marenz-2
|
||||
age:
|
||||
- *watch-me-senpai
|
||||
- path_regex: secrets/traffic-stop-box/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
|
|
|
@ -171,6 +171,14 @@
|
|||
] ++ data-hoarder-modules;
|
||||
};
|
||||
};
|
||||
watch-me-senpai = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = inputs;
|
||||
modules = [
|
||||
./hosts/watch-me-senpai
|
||||
microvm.nixosModules.microvm
|
||||
];
|
||||
};
|
||||
|
||||
hydraJobs = (lib.mapAttrs (_name: value: { ${value.config.system.build.toplevel.system} = value.config.system.build.toplevel; }) self.nixosConfigurations) // {
|
||||
sops-binaries."x86_64-linux" = sops-nix.packages."x86_64-linux".sops-install-secrets;
|
||||
|
|
44
hosts/watch-me-senpai/configuration.nix
Normal file
44
hosts/watch-me-senpai/configuration.nix
Normal file
|
@ -0,0 +1,44 @@
|
|||
{ self, ... }: {
|
||||
microvm = {
|
||||
hypervisor = "cloud-hypervisor";
|
||||
mem = 4096;
|
||||
vcpu = 2;
|
||||
interfaces = [{
|
||||
type = "tap";
|
||||
id = "serv-dvb-prod";
|
||||
mac = mac_addr;
|
||||
}];
|
||||
shares = [
|
||||
{
|
||||
source = "/nix/store";
|
||||
mountPoint = "/nix/.ro-store";
|
||||
tag = "store";
|
||||
proto = "virtiofs";
|
||||
socket = "store.socket";
|
||||
}
|
||||
{
|
||||
source = "/var/lib/microvms/watch-me-senpai/etc";
|
||||
mountPoint = "/etc";
|
||||
tag = "etc";
|
||||
proto = "virtiofs";
|
||||
socket = "etc.socket";
|
||||
}
|
||||
{
|
||||
source = "/var/lib/microvms/watch-me-senpai/var";
|
||||
mountPoint = "/var";
|
||||
tag = "var";
|
||||
proto = "virtiofs";
|
||||
socket = "var.socket";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
networking.hostName = "watch-me-senpai"; # Define your hostname.
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
sops.defaultSopsFile = self + /secrets/watch-me-senpai/secrets.yaml;
|
||||
|
||||
system.stateVersion = "22.05";
|
||||
}
|
6
hosts/watch-me-senpai/default.nix
Normal file
6
hosts/watch-me-senpai/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
|||
{
|
||||
imports = [
|
||||
./configuration.nix
|
||||
./wireguard_server.nix
|
||||
];
|
||||
}
|
37
hosts/watch-me-senpai/wireguard_server.nix
Normal file
37
hosts/watch-me-senpai/wireguard_server.nix
Normal file
|
@ -0,0 +1,37 @@
|
|||
{ config, ... }:
|
||||
let
|
||||
port = 51820;
|
||||
in
|
||||
{
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
|
||||
networking.firewall.allowedUDPPorts = [ port ];
|
||||
|
||||
deployment-dvb.net = {
|
||||
iface.uplink = {
|
||||
name = "ens3";
|
||||
mac = mac_addr;
|
||||
matchOn = "mac";
|
||||
useDHCP = false;
|
||||
addr4 = "172.20.73.70/25";
|
||||
dns = [ "172.20.73.8" "9.9.9.9" ];
|
||||
routes = [
|
||||
{
|
||||
routeConfig = {
|
||||
Gateway = "172.20.73.1";
|
||||
GatewayOnLink = true;
|
||||
Destination = "0.0.0.0/0";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
wg = {
|
||||
addr4 = "10.13.37.6";
|
||||
prefix4 = 24;
|
||||
privateKeyFile = config.sops.secrets.wg-seckey.path;
|
||||
publicKey = "zaMM8Fa/PK0Fq4pYl0KAyOYkOjHBrZ4RVgfqqFIzq3I=";
|
||||
};
|
||||
};
|
||||
|
||||
}
|
Loading…
Reference in New Issue
Block a user