Add weinturm pretix host

2023-02-23 01:31:11 +00:00 · 2023-02-23 01:31:11 +00:00 · acdf68195b
commit acdf68195b
parent 0c76c3cd9d
7 changed files with 106 additions and 0 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -3,6 +3,7 @@ keys:
  - &admin_jalr_tb FE170812543DF81393EA56BA5042B8317A10617E
  - &host_hafnium age1ahnfjspcpwxxk7getcxkj3fypwt37rr6p3xsmp8n2tqqqz8jtg7q2am0et
  - &host_aluminium age1ne08hny30vrkejqhh7dcx4ql6dmkx6jw9dqkf3cz7mzvt53njy0qh59w44
+  - &host_weinturm_pretix_prod age1w42q9qg7l6gea36erhw0u7jvlpenvtrjm38q4ux0aasa929hes6s2ecj6m
 creation_rules:
  - path_regex: hosts/hafnium/secrets\.yaml$
    key_groups:
@ -16,6 +17,12 @@ creation_rules:
      - *admin_jalr
      age:
      - *host_aluminium
+  - path_regex: hosts/weinturm-pretix-prod/secrets\.yaml$
+    key_groups:
+    - pgp:
+      - *admin_jalr
+      age:
+      - *host_weinturm_pretix_prod
  - path_regex: secrets\.yaml$
    key_groups:
    - pgp:
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -13,4 +13,8 @@
  hafnium = {
    system = "x86_64-linux";
  };
+  weinturm-pretix-prod = {
+    system = "x86_64-linux";
+    targetHost = "91.107.235.15";
+  };
 }
--- a/hosts/weinturm-pretix-prod/configuration.nix
+++ b/hosts/weinturm-pretix-prod/configuration.nix
@ -0,0 +1,31 @@
+{ ... }: {
+  imports = [
+    ./hardware-configuration.nix
+    ../../home-manager/users/jalr.nix
+    ./services
+  ];
+
+  networking = {
+    hostName = "weinturm-pretix-prod";
+    interfaces.ens3.ipv6.addresses = [{
+      address = "2a01:4f8:1c1e:ed47::";
+      prefixLength = 64;
+    }];
+    defaultGateway6 = {
+      address = "fe80::1";
+      interface = "ens3";
+    };
+  };
+
+  zramSwap = {
+    enable = true;
+    algorithm = "zstd";
+    memoryPercent = 60;
+    numDevices = 1;
+    priority = 1;
+  };
+
+  security.sudo.wheelNeedsPassword = false;
+
+  system.stateVersion = "22.11";
+}
--- a/hosts/weinturm-pretix-prod/hardware-configuration.nix
+++ b/hosts/weinturm-pretix-prod/hardware-configuration.nix
@ -0,0 +1,8 @@
+{ modulesPath, ... }:
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  boot.loader.grub.device = "/dev/sda";
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+  boot.initrd.kernelModules = [ "nvme" ];
+  fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
+}
--- a/hosts/weinturm-pretix-prod/secrets.yaml
+++ b/hosts/weinturm-pretix-prod/secrets.yaml
@ -0,0 +1,32 @@
+pretix-cfg: ENC[AES256_GCM,data:Cy9GDL+9VpVquV1MyQSzRoTK/20lSeFkXf91cb+zApf3wp/rQPpqc3e+/ZspSUELYTqtlitL8uECejO7/GShsItaMptDs6vfWnc/V0y2d2Aae5Fv/J0qkRFYZbgGK+/i9MH261W5DoylTbUDkssgJ23tJuiEYPnkwkQpmJ3VToEvyGHLScQNHeMtkheAf52QfyG5cpmQqw==,iv:gbvRj70A+dHNHNkz3mbEtL3JwAvOrMB9q3f5iJMtPHo=,tag:C47SUiAw9ilOMVs07CFCpA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1w42q9qg7l6gea36erhw0u7jvlpenvtrjm38q4ux0aasa929hes6s2ecj6m
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWeTl6WjVObjAxMTU2QWUz
+            VzNFYkg0VEd0WkZhL21zYjJCaHZ3emU5UmdrCnZaTmpleC9BNEpFYkl0RnRrNDdP
+            d2FpMWo4amxsa1RTVEJJSXh6RzJxbkUKLS0tIHl1YjlQaUtEbzNVcll1eHEzK2dL
+            N2VMRTNjR1RQVm00YnlpbVBzSmZPRkUKv7LCrjyKb4z0e4yBdzwRR5+ErQYHzZCv
+            +j8j4EuhA6NwsTydgIjueuORbrX/c6VxcgQwRd9En+vQVYhWhlu5Xw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-02-23T00:33:46Z"
+    mac: ENC[AES256_GCM,data:dD7qZ0EwfpV0GvlzJseZLJyg0rB2hccyf+QaSDc7yeDBuEm5ERDUq/o/JB6gUnnkBlBEfLsZie6xxUFxv8tv8oVWcsWOSNUWORl3hQ/LzSHxQf4AUXH/lWmA4fHaxheNiFeUbgB40JJbNKZ+/f5Br5uRj5c5ydmZlOKkcHawo4w=,iv:BE2nNyDx1Tn24LSy4MvNRv+gaq0K8usyHBo+vZhxlBs=,tag:KOMLNKcrNj2YisVrV9SOwg==,type:str]
+    pgp:
+        - created_at: "2023-02-23T00:30:25Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hF4D3ylLYNOsO+0SAQdA2SmHfeFrNINSLf2aLONZeidpLaCScS7zmWq0YaeM/SUw
+            66MK2BqgIxX81M9lIexCXdQ9EVS1p0KGQ2dw0CpAN07qdDqqOnJeedgv9zZ3trwU
+            0l4BwoXSnuKxaLDs7vq6y9xrzyKZS5Mx8H7BxVRg0o1mAvSwFez23DmDQWnJyUgO
+            otTg9fp217ldr3VNwKIYtoO+1floZtbfmoH2EhZhpml36mz1oRCUUJvjQO++EpJW
+            =N9AT
+            -----END PGP MESSAGE-----
+          fp: 66FB54F6081375106EEBF651A222365EB448F934
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3
--- a/hosts/weinturm-pretix-prod/services/default.nix
+++ b/hosts/weinturm-pretix-prod/services/default.nix
@ -0,0 +1,5 @@
+{
+  imports = [
+    ./pretix.nix
+  ];
+}
--- a/hosts/weinturm-pretix-prod/services/pretix.nix
+++ b/hosts/weinturm-pretix-prod/services/pretix.nix
@ -0,0 +1,19 @@
+{ config, pkgs, ... }:
+{
+  services.pretix = {
+    enable = true;
+    instanceName = "Weinturm Open Air";
+    domain = "tickets.weinturm-open-air.de";
+    enableTls = true;
+    enableRegistration = false;
+    passwordReset = true;
+    locale = "de";
+    timezone = "Europe/Berlin";
+    secretsFile = ../secrets.yaml;
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "helfer@weinturm-open-air.de";
+  };
+}