From 4a0dbac108ae99eb95b63cf0917ee69c405234d7 Mon Sep 17 00:00:00 2001
From: Simon Bruder <simon@sbruder.de>
Date: Sun, 18 Jul 2021 13:28:28 +0200
Subject: [PATCH] machines/raven: init

This is not the final deployment, but rather the base for raven on a
different system to test things before deploying to production.
---
 .sops.yaml                                |  2 ++
 keys/machines/raven.asc                   | 28 +++++++++++++++
 machines/default.nix                      | 11 +++++-
 machines/raven/configuration.nix          | 42 ++++++++++++++++++++++
 machines/raven/hardware-configuration.nix | 44 +++++++++++++++++++++++
 5 files changed, 126 insertions(+), 1 deletion(-)
 create mode 100644 keys/machines/raven.asc
 create mode 100644 machines/raven/configuration.nix
 create mode 100644 machines/raven/hardware-configuration.nix

diff --git a/.sops.yaml b/.sops.yaml
index 4434e93..475d0f6 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,9 +1,11 @@
 keys:
   - &jalr 7C207509562C208C4EC1676E87A8E5662DF00274
   - &simon 47E7559E037A35652DBBF8AA8D3C82F9F309F8EC
+  - &raven 2855242612275730D456C3F0DBF3508960495F3C
 creation_rules:
   - path_regex: secrets\.yaml$
     key_groups:
     - pgp:
       - *jalr
       - *simon
+      - *raven
diff --git a/keys/machines/raven.asc b/keys/machines/raven.asc
new file mode 100644
index 0000000..c1208ec
--- /dev/null
+++ b/keys/machines/raven.asc
@@ -0,0 +1,28 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+xsFNBAAAAAABEADJuRGmEF1kSUg8qjGCk2/lBaDa2FYKM77dTRh7z9dHIABG+jy2
+3VdQPwT/M94Vipb1m7vkF5qd1DnYFuyOrM38ql/9gq16tihq9EKTsJulv8IcKjY8
++nVD76srojho09G6Y94xcE0np0chZVSVyDQ/o8Bj4b4TYfGcDg8GljL+X8MRQz3Y
+W6E1oUjSraDS10DeApsBB//MtIMvzqjpvU7NfA6ny1zM6hrUnsDb+WLgouYONJI3
+ZZXuVSwmGYO8NkkdmTVSGA9iytwonceDT+GXt45agr0ry9i0txzji/HC8ma5nR1R
+WitDIhYHl6eRNfqAxGhABdi/dmOm4c7w3AZ2hEUMHXjYpj2LTG82G/zS7Iuvdxcb
+u+KptBWOXUe4ye54agQSTlCIbFKrDPKkk0gQACuJ5FZkp8VmoBL5gjW7TYOW06Re
+iRS7TBAroebnssUOr/OU4zs3WTMJQd5psj4EcVFniSteleDhjo85wxFTIerCDclw
+/cC2HU8yNn+6cDcA05MKC/ZusIopH1+WcfTt9wnEf9glRHT4NMuOgrDO/cZocRge
+hg2kKgN8kVffCt7z3rHCrDvtQB7vIsATyRHWdJBe2WtC+Lv74vuldyYrrCe6XOAl
+wCOTy6rRfQFijfa6zp/MBiXWv5Sy+jXnNbbgu9w6aZ4e40Uy6fft/zF1JwARAQAB
+zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT
+AQgAFgUCAAAAAAkQ2/NQiWBJXzwCGw8CGQEAABfaEAAjGpldJ2VsitBFkb7oqa0R
++JBLPlhPcdCFW7cDpzpaMoZ1DR04NR21vFg4IpIoxkqYWznepUPgYVE/SP56l/B0
+n7rapuIPg9VdxLSFoVNoFX7jXviBUsOrGKSXBp6hPugvh/0Vwt/L2F/9OsnWje3E
+jM2mgFOR63G/rGQMn4sCs4UEXUz1sSmrSacpFgKNYZoMx9aYMMR3bHKMqLWU3zkW
+ugRqjaxe9jOV73qhENSPYgMoXZEa1IahXC8aeV1Bznw2tQKD/ixMycN2W66/azAU
+kdyEUoBE+gCBw0JAgHWZ/jcmiycUD2eZ9Yju/rz2YaDvkpP0rx4Z1s6eF3af0k6K
+gMChTD0me8H1Cid7bAMdqcvd1hEmIGJviMXlSAZMJtDxF+QRzUAwP87M9lsu1BdR
+WFRi45tLwRUwp9H32oFwu3l+qi/DGSVP1B/PWcG6uEmdcp+HEp7cyclCv7obc+4f
+0ew0QPEkZ24aPWeH5mI/y4IJW8wC9cK8I0MYdNWUHLNKzTGEkqHIkY0hHfB8AmT7
+MNsSUBh0ozbLAZzYOWHXsRXndJ71OAg8auoxKWWmo7gE3BO1YDM4wxyTRDsmsQuY
+OPoh/8kmJpVKvOEzchxz/xHmIBXOwImAMCUTMC+P+PPtWPXbVyOv12ZrPZz7wpI9
++Djsrk2spQ4me4x/Lri+eQ==
+=MFPD
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/machines/default.nix b/machines/default.nix
index beaf18a..a8a11f3 100644
--- a/machines/default.nix
+++ b/machines/default.nix
@@ -2,4 +2,13 @@
 let
   hardware = inputs.nixos-hardware.nixosModules;
 in
-{ }
+{
+  raven = {
+    targetHost = "10.105.255.242"; # FIXME
+    system = "x86_64-linux";
+    extraModules = [
+      hardware.common-cpu-intel
+      hardware.common-pc-ssd
+    ];
+  };
+}
diff --git a/machines/raven/configuration.nix b/machines/raven/configuration.nix
new file mode 100644
index 0000000..c870ce7
--- /dev/null
+++ b/machines/raven/configuration.nix
@@ -0,0 +1,42 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  networking.hostName = "raven";
+
+  time.timeZone = "Etc/UTC";
+
+  networking = {
+    useDHCP = false;
+    interfaces.enp0s25.useDHCP = true;
+  };
+
+  i18n.defaultLocale = "en_US.UTF-8";
+  console.keyMap = "de";
+
+  security.sudo.wheelNeedsPassword = false;
+
+  users.users = {
+    simon = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" ];
+      openssh.authorizedKeys.keys = config.fablab.pubkeys.users.simon;
+    };
+    jalr = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" ];
+      openssh.authorizedKeys.keys = config.fablab.pubkeys.users.jalr;
+    };
+  };
+
+  services.openssh.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    neovim
+  ];
+
+  system.stateVersion = "21.05";
+}
diff --git a/machines/raven/hardware-configuration.nix b/machines/raven/hardware-configuration.nix
new file mode 100644
index 0000000..88cbe0b
--- /dev/null
+++ b/machines/raven/hardware-configuration.nix
@@ -0,0 +1,44 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot = {
+    kernelModules = [ "kvm-intel" ];
+
+    initrd = {
+      availableKernelModules = [
+        "xhci_pci"
+        "ehci_pci"
+        "ahci"
+        "usb_storage"
+        "usbhid"
+        "sd_mod"
+        "aesni_intel"
+        "cryptd"
+      ];
+
+      luks.devices."cryptroot".device = "/dev/disk/by-uuid/626dc6b1-9fba-4e1e-acd5-d6ebbc9b2bb5";
+    };
+
+    loader = {
+      systemd-boot.enable = true;
+      efi.efiSysMountPoint = "/boot";
+      efi.canTouchEfiVariables = true;
+    };
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/d2ce0d0a-b77e-4b0e-b20d-df9688db527b";
+      fsType = "btrfs";
+      options = [ "discard=async" "noatime" "compress=zstd" ];
+    };
+    "/boot" = {
+      device = "/dev/disk/by-uuid/6052-9F95";
+      fsType = "vfat";
+    };
+  };
+}