fablab-nea/nix-gscheits
1
0
Fork 0
Code Issues 7 Pull requests 3 Projects Releases Packages Wiki Activity Actions

raven: reinstall for production

Browse source
This commit is contained in:
Simon Bruder 2021-12-08 17:42:01 +01:00 committed by jalr
parent 8dbb95fa69
commit 7b0d60428d
5 changed files with 40 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.sops.yaml
View file

@ -1,7 +1,7 @@
keys: keys:
- &jalr 7C207509562C208C4EC1676E87A8E5662DF00274 - &jalr 7C207509562C208C4EC1676E87A8E5662DF00274
- &simon 47E7559E037A35652DBBF8AA8D3C82F9F309F8EC - &simon 47E7559E037A35652DBBF8AA8D3C82F9F309F8EC
- &raven 2855242612275730D456C3F0DBF3508960495F3C - &raven 10E468768E3BCD6459F9F11AC8F765CF8AD1F892
creation_rules: creation_rules:
- path_regex: secrets\.yaml$ - path_regex: secrets\.yaml$
key_groups: key_groups:

48
keys/machines/raven.asc
View file

@ -1,28 +1,28 @@
-----BEGIN PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBAAAAAABEADJuRGmEF1kSUg8qjGCk2/lBaDa2FYKM77dTRh7z9dHIABG+jy2 xsFNBAAAAAABEAC5RX7E07G3dOlgwYW7D/Cgq7xD288JWNTotXAnGTPQbF04yx62
3VdQPwT/M94Vipb1m7vkF5qd1DnYFuyOrM38ql/9gq16tihq9EKTsJulv8IcKjY8 EUEjQ3ggxcTz4t/7Sv9WOfbWBvlRy48rhW+zxN9de8ld9FhPW0hG6GKfgN88LCSG
+nVD76srojho09G6Y94xcE0np0chZVSVyDQ/o8Bj4b4TYfGcDg8GljL+X8MRQz3Y pVSY4WQ1wqry2ZF68n4YNdrXCZ6PG0EgbrTSSOHaxHVxiVsfZIGWrAUcTyIEhmka
W6E1oUjSraDS10DeApsBB//MtIMvzqjpvU7NfA6ny1zM6hrUnsDb+WLgouYONJI3 60tenlQVXj8c45WTRAXQ7kLpXLZAfYmetlyDhUMGj1c46+551GXWnxTYnGZGXS2X
ZZXuVSwmGYO8NkkdmTVSGA9iytwonceDT+GXt45agr0ry9i0txzji/HC8ma5nR1R 4gavMnGZWOG0mNtY0TPaDxfJ+1kgANUbtPc9UNIZuhWHuz/K6LdBybMKsDWv+8Of
WitDIhYHl6eRNfqAxGhABdi/dmOm4c7w3AZ2hEUMHXjYpj2LTG82G/zS7Iuvdxcb 962TXj8NlEjRs+t1bhalSWl2zFZ0gI3/gQc8RM4fO7yBht5oFAlSh9fUBuFjyp0c
u+KptBWOXUe4ye54agQSTlCIbFKrDPKkk0gQACuJ5FZkp8VmoBL5gjW7TYOW06Re KuCs1twQ32NNHlm2+RjVPUN+ITWKCRr0c05OGC2cE7M2ks44F/bMKRvH3v28biZC
iRS7TBAroebnssUOr/OU4zs3WTMJQd5psj4EcVFniSteleDhjo85wxFTIerCDclw 6bj00novLw8dSQzya34nZttA7htySJTbyt7H9aBCyZhs22TxRNIed3UrkmFZr4QH
/cC2HU8yNn+6cDcA05MKC/ZusIopH1+WcfTt9wnEf9glRHT4NMuOgrDO/cZocRge QiEzZ44SJ1QYOVtRVcAeLDRcyfJWjUqo7QxPnJS27iN4cjaeWkm6AFk+bsx2nIcb
hg2kKgN8kVffCt7z3rHCrDvtQB7vIsATyRHWdJBe2WtC+Lv74vuldyYrrCe6XOAl 10vM6Y5rMcwcWTwZnEbqmhTvO+l661yQAR+RrdeVl+J2MQHZ6fsxbDFyW0YdaSnZ
wCOTy6rRfQFijfa6zp/MBiXWv5Sy+jXnNbbgu9w6aZ4e40Uy6fft/zF1JwARAQAB 0geev9lqbg86nLIPdQANkFHtnYZIURliitxT9OahUce4xdUds3Iaep4pbwARAQAB
zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT
AQgAFgUCAAAAAAkQ2/NQiWBJXzwCGw8CGQEAABfaEAAjGpldJ2VsitBFkb7oqa0R AQgAFgUCAAAAAAkQyPdlz4rR+JICGw8CGQEAACCnEABp7v2daTeTU3kZJb5M3Le7
+JBLPlhPcdCFW7cDpzpaMoZ1DR04NR21vFg4IpIoxkqYWznepUPgYVE/SP56l/B0 pQpY4VxnAQtekhm3zLoUtjYS4jJIIxCKDwKCVlQvGJG7YQtH/kr6P6AN25me/zOu
n7rapuIPg9VdxLSFoVNoFX7jXviBUsOrGKSXBp6hPugvh/0Vwt/L2F/9OsnWje3E vvPPTGwnfDN2yVNjV6f1odsLcDOdNHAh+/ZRhUd+nHNSxZ0ZNttHxNotgJJOCPxV
jM2mgFOR63G/rGQMn4sCs4UEXUz1sSmrSacpFgKNYZoMx9aYMMR3bHKMqLWU3zkW HkJzYzHZkePvK1ICmxFyWR4XwM/yHiBnWguxJ40a/iA6RCsPt+DpWGlF/3+rX1nA
ugRqjaxe9jOV73qhENSPYgMoXZEa1IahXC8aeV1Bznw2tQKD/ixMycN2W66/azAU tU7P+j1ENtkbZLUdRFHmNTBBwo9XEVsZ+U3r6gezncmA/D5OTq4MRS5yHSwAX0+o
kdyEUoBE+gCBw0JAgHWZ/jcmiycUD2eZ9Yju/rz2YaDvkpP0rx4Z1s6eF3af0k6K PWK5LJogTUn82fZ6+0I90bifHlUID1JVAtif76EUNwqQ9e5LcCbgzw0W34djLpKd
gMChTD0me8H1Cid7bAMdqcvd1hEmIGJviMXlSAZMJtDxF+QRzUAwP87M9lsu1BdR vKWj2kp4FeqKlKCJD7xtqieC5F01rfgEjUKRYZMif9E6RBzvz4awC7KEw4k+LON2
WFRi45tLwRUwp9H32oFwu3l+qi/DGSVP1B/PWcG6uEmdcp+HEp7cyclCv7obc+4f ApKz0S8QGSCTqfKCSJx8sevTvJ3dlDR9qiDv89pI7QaMr2VRgDeNFkS61X9Wb9kD
0ew0QPEkZ24aPWeH5mI/y4IJW8wC9cK8I0MYdNWUHLNKzTGEkqHIkY0hHfB8AmT7 AADJkXdjwYovknk2SiHyFjSjDWjRR42HhHudD3D3GtTGlbsE8AI9bpc5P6zaQRXZ
MNsSUBh0ozbLAZzYOWHXsRXndJ71OAg8auoxKWWmo7gE3BO1YDM4wxyTRDsmsQuY IIFOu4/EytTS4BoJGhz0IOjQbhdvlug7DlUvxxUg64GQU3NOMYsQIfGffjf2yNyt
OPoh/8kmJpVKvOEzchxz/xHmIBXOwImAMCUTMC+P+PPtWPXbVyOv12ZrPZz7wpI9 ZUNlkTBqgdWiES1o1Z2wlAFe/X+qcZuouYRLiqjL7arSGNyahSPRPferuY8YbZqR
+Djsrk2spQ4me4x/Lri+eQ== xdV1XP8tYVK8ecb+OM2tsw==
=MFPD =ar+A
-----END PGP PUBLIC KEY BLOCK----- -----END PGP PUBLIC KEY BLOCK-----

2
machines/default.nix
View file

@ -4,7 +4,7 @@ let
in in
{ {
raven = { raven = {
targetHost = "10.105.255.242"; # FIXME targetHost = "192.168.94.1";
system = "x86_64-linux"; system = "x86_64-linux";
extraModules = [ extraModules = [
hardware.common-cpu-intel hardware.common-cpu-intel

19
machines/raven/configuration.nix
View file

@ -13,31 +13,22 @@
networking = { networking = {
useDHCP = false; useDHCP = false;
vlans = { vlans = {
jt = {
id = 2;
interface = "enp0s25";
};
labprod = { labprod = {
id = 1; id = 1;
interface = "enp0s25"; interface = "eno1";
};
labdev = {
id = 5;
interface = "enp0s25";
}; };
}; };
interfaces = { interfaces = {
labprod.useDHCP = true; eno2.useDHCP = true;
jt.useDHCP = true; labprod.ipv4.addresses = [{
labdev.ipv4.addresses = [{
address = "192.168.94.1"; address = "192.168.94.1";
prefixLength = 24; prefixLength = 24;
}]; }];
}; };
nat = { nat = {
enable = true; enable = true;
externalInterface = "jt"; externalInterface = "eno2";
internalInterfaces = lib.singleton "labdev"; internalInterfaces = lib.singleton "labprod";
}; };
}; };

12
machines/raven/hardware-configuration.nix
View file

@ -19,8 +19,14 @@
"aesni_intel" "aesni_intel"
"cryptd" "cryptd"
]; ];
kernelModules = [ "dm-snapshot" ];
luks.devices."cryptroot".device = "/dev/disk/by-uuid/ad04bc72-bc84-42e3-856f-152c162ad88c"; luks.devices.root = {
name = "root";
device = "/dev/disk/by-uuid/ee78659c-52a5-4e81-8028-b43de08b6a55";
preLVM = true;
allowDiscards = true;
};
}; };
loader = { loader = {
@ -32,12 +38,12 @@
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-uuid/1ac13504-fb49-4739-a0e3-f87a3f840fb1"; device = "/dev/disk/by-uuid/80209d1b-27c6-423d-93e8-cd39e1893873";
fsType = "btrfs"; fsType = "btrfs";
options = [ "discard=async" "noatime" "compress=zstd" ]; options = [ "discard=async" "noatime" "compress=zstd" ];
}; };
"/boot" = { "/boot" = {
device = "/dev/disk/by-uuid/0FEA-FAF6"; device = "/dev/disk/by-uuid/20A0-5FD8";
fsType = "vfat"; fsType = "vfat";
}; };
}; };