machines/raven: init

This is not the final deployment, but rather the base for raven on a different system to test things before deploying to production.
2021-07-18 13:28:28 +02:00 · 2021-07-18 13:28:28 +02:00 · 4a0dbac108
commit 4a0dbac108
parent e453dfeba7
5 changed files with 126 additions and 1 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -1,9 +1,11 @@
 keys:
  - &jalr 7C207509562C208C4EC1676E87A8E5662DF00274
  - &simon 47E7559E037A35652DBBF8AA8D3C82F9F309F8EC
+  - &raven 2855242612275730D456C3F0DBF3508960495F3C
 creation_rules:
  - path_regex: secrets\.yaml$
    key_groups:
    - pgp:
      - *jalr
      - *simon
+      - *raven
--- a/keys/machines/raven.asc
+++ b/keys/machines/raven.asc
@ -0,0 +1,28 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+xsFNBAAAAAABEADJuRGmEF1kSUg8qjGCk2/lBaDa2FYKM77dTRh7z9dHIABG+jy2
+3VdQPwT/M94Vipb1m7vkF5qd1DnYFuyOrM38ql/9gq16tihq9EKTsJulv8IcKjY8
+nVD76srojho09G6Y94xcE0np0chZVSVyDQ/o8Bj4b4TYfGcDg8GljL+X8MRQz3Y
+W6E1oUjSraDS10DeApsBB//MtIMvzqjpvU7NfA6ny1zM6hrUnsDb+WLgouYONJI3
+ZZXuVSwmGYO8NkkdmTVSGA9iytwonceDT+GXt45agr0ry9i0txzji/HC8ma5nR1R
+WitDIhYHl6eRNfqAxGhABdi/dmOm4c7w3AZ2hEUMHXjYpj2LTG82G/zS7Iuvdxcb
+u+KptBWOXUe4ye54agQSTlCIbFKrDPKkk0gQACuJ5FZkp8VmoBL5gjW7TYOW06Re
+iRS7TBAroebnssUOr/OU4zs3WTMJQd5psj4EcVFniSteleDhjo85wxFTIerCDclw
+/cC2HU8yNn+6cDcA05MKC/ZusIopH1+WcfTt9wnEf9glRHT4NMuOgrDO/cZocRge
+hg2kKgN8kVffCt7z3rHCrDvtQB7vIsATyRHWdJBe2WtC+Lv74vuldyYrrCe6XOAl
+wCOTy6rRfQFijfa6zp/MBiXWv5Sy+jXnNbbgu9w6aZ4e40Uy6fft/zF1JwARAQAB
+zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT
+AQgAFgUCAAAAAAkQ2/NQiWBJXzwCGw8CGQEAABfaEAAjGpldJ2VsitBFkb7oqa0R
+JBLPlhPcdCFW7cDpzpaMoZ1DR04NR21vFg4IpIoxkqYWznepUPgYVE/SP56l/B0
+n7rapuIPg9VdxLSFoVNoFX7jXviBUsOrGKSXBp6hPugvh/0Vwt/L2F/9OsnWje3E
+jM2mgFOR63G/rGQMn4sCs4UEXUz1sSmrSacpFgKNYZoMx9aYMMR3bHKMqLWU3zkW
+ugRqjaxe9jOV73qhENSPYgMoXZEa1IahXC8aeV1Bznw2tQKD/ixMycN2W66/azAU
+kdyEUoBE+gCBw0JAgHWZ/jcmiycUD2eZ9Yju/rz2YaDvkpP0rx4Z1s6eF3af0k6K
+gMChTD0me8H1Cid7bAMdqcvd1hEmIGJviMXlSAZMJtDxF+QRzUAwP87M9lsu1BdR
+WFRi45tLwRUwp9H32oFwu3l+qi/DGSVP1B/PWcG6uEmdcp+HEp7cyclCv7obc+4f
+0ew0QPEkZ24aPWeH5mI/y4IJW8wC9cK8I0MYdNWUHLNKzTGEkqHIkY0hHfB8AmT7
+MNsSUBh0ozbLAZzYOWHXsRXndJ71OAg8auoxKWWmo7gE3BO1YDM4wxyTRDsmsQuY
+OPoh/8kmJpVKvOEzchxz/xHmIBXOwImAMCUTMC+P+PPtWPXbVyOv12ZrPZz7wpI9
+Djsrk2spQ4me4x/Lri+eQ==
+=MFPD
+-----END PGP PUBLIC KEY BLOCK-----
--- a/machines/default.nix
+++ b/machines/default.nix
@ -2,4 +2,13 @@
 let
  hardware = inputs.nixos-hardware.nixosModules;
 in
-{ }
+{
+  raven = {
+    targetHost = "10.105.255.242"; # FIXME
+    system = "x86_64-linux";
+    extraModules = [
+      hardware.common-cpu-intel
+      hardware.common-pc-ssd
+    ];
+  };
+}
--- a/machines/raven/configuration.nix
+++ b/machines/raven/configuration.nix
@ -0,0 +1,42 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  networking.hostName = "raven";
+
+  time.timeZone = "Etc/UTC";
+
+  networking = {
+    useDHCP = false;
+    interfaces.enp0s25.useDHCP = true;
+  };
+
+  i18n.defaultLocale = "en_US.UTF-8";
+  console.keyMap = "de";
+
+  security.sudo.wheelNeedsPassword = false;
+
+  users.users = {
+    simon = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" ];
+      openssh.authorizedKeys.keys = config.fablab.pubkeys.users.simon;
+    };
+    jalr = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" ];
+      openssh.authorizedKeys.keys = config.fablab.pubkeys.users.jalr;
+    };
+  };
+
+  services.openssh.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    neovim
+  ];
+
+  system.stateVersion = "21.05";
+}
--- a/machines/raven/hardware-configuration.nix
+++ b/machines/raven/hardware-configuration.nix
@ -0,0 +1,44 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot = {
+    kernelModules = [ "kvm-intel" ];
+
+    initrd = {
+      availableKernelModules = [
+        "xhci_pci"
+        "ehci_pci"
+        "ahci"
+        "usb_storage"
+        "usbhid"
+        "sd_mod"
+        "aesni_intel"
+        "cryptd"
+      ];
+
+      luks.devices."cryptroot".device = "/dev/disk/by-uuid/626dc6b1-9fba-4e1e-acd5-d6ebbc9b2bb5";
+    };
+
+    loader = {
+      systemd-boot.enable = true;
+      efi.efiSysMountPoint = "/boot";
+      efi.canTouchEfiVariables = true;
+    };
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/d2ce0d0a-b77e-4b0e-b20d-df9688db527b";
+      fsType = "btrfs";
+      options = [ "discard=async" "noatime" "compress=zstd" ];
+    };
+    "/boot" = {
+      device = "/dev/disk/by-uuid/6052-9F95";
+      fsType = "vfat";
+    };
+  };
+}