dolomite: add hk-00 node

2024-10-20 10:23:46 +08:00 · 2024-10-20 10:23:46 +08:00 · bd2004199f
commit bd2004199f
parent 9071e9af78
6 changed files with 168 additions and 47 deletions
--- a/machines/dolomite/claw.nix
+++ b/machines/dolomite/claw.nix
@ -0,0 +1,57 @@
+{
+  lib,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  options = {
+    isClaw = lib.mkEnableOption "Lightsail instance";
+  };
+
+  config = {
+    boot.initrd.availableKernelModules = [
+      "uhci_hcd"
+      "virtio_blk"
+      "ahci"
+      "ata_piix"
+      "virtio_pci"
+      "xen_blkfront"
+      "vmw_pvscsi"
+    ];
+    boot.initrd.kernelModules = [ ];
+    boot.kernelModules = [ ];
+    boot.extraModulePackages = [ ];
+    boot.loader.grub = {
+      enable = true;
+      device = "/dev/vda";
+    };
+
+    fileSystems."/" = {
+      device = "/dev/disk/by-uuid/fe563e38-9a57-447a-ba57-c3e53ddd84ee";
+      fsType = "ext4";
+    };
+
+    swapDevices = [ ];
+
+    # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+    # (the default) this is the recommended approach. When using systemd-networkd it's
+    # still possible to use this option, but it's recommended to use it in conjunction
+    # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+    networking.useNetworkd = true;
+    systemd.network.networks."10-wan" = {
+      matchConfig.MACAddress = "00:16:3e:0a:ec:45";
+      networkConfig.DHCP = "ipv4";
+      dhcpV4Config = {
+        UseDNS = true;
+      };
+    };
+    # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
+
+    nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  };
+}
--- a/machines/dolomite/default.nix
+++ b/machines/dolomite/default.nix
@ -2,17 +2,20 @@
 let
  awsHosts = [ "tok-00" ];
  bwgHosts = [ "la-00" ];
+  clawHosts = [ "hk-00" ];
 in
 {
  imports = [
    ../sops.nix
    ./bandwagon.nix
    ./lightsail.nix
+    ./claw.nix
  ];

  config = {
    isBandwagon = builtins.elem config.networking.hostName bwgHosts;
    isLightsail = builtins.elem config.networking.hostName awsHosts;
+    isClaw = builtins.elem config.networking.hostName clawHosts;
    sops = {
      secrets = {
        wg_private_key = {
--- a/machines/dolomite/secrets/hk-00.yaml
+++ b/machines/dolomite/secrets/hk-00.yaml
@ -0,0 +1,31 @@
+wg_private_key: ENC[AES256_GCM,data:M4lSTVf5cCbjuPjabYzGV1RQ0ZarM9vP2V8l1MJbLCKPTKGZV5wi9a3IIzA=,iv:M9jU7/xpzHxV3pYIfZqxGnsnbrx8wKN4zKa4qqyL7ak=,tag:+sQMIpmEwqOsBWBnqN6J1Q==,type:str]
+wg_ipv6_local_addr: ENC[AES256_GCM,data:mzZDRHo5bD6Vji4LuvE8vEmQR/J5MeCXuS0DVihJcQdBw/NJ5zdATNVD,iv:5OevY9C3oqPhhksnd5itz8TWorFsm/mjs430c2ki+ZM=,tag:/hixvECSasepzvZdBOoO7g==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkNmVpY09ZNzhacDdpdVUr
+            SGc2NGNrRWlMMzE2RVNSN0tHTGNoeVhlWUFRCnpqNy9qMExKUFA0akFnNG1HS0h2
+            NXlmWkJMemJkam5oSEFaSENkRTRnczQKLS0tIGNha0RWbGFUWGpROEdoKy9WbC9n
+            WTUrUjMydHRHODN3TDhyakpHNG1hZjQKR3I8TwUDvvht9ck8YIplCjafhUdvxw7M
+            VNSjUoacKg0Uu5m777UlBpDdDXBwulrVryFxrKA0Q395+YRJ2Sg0wQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1w3x5mz2g8jc9aq8cajdpg62f8n5p4qr6jgjlxw9seagyw0t0fsuqvkmym0
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKZC9GU085TmV6b1FsdGFw
+            OEFJeVM1WFJib1lFM1luQmlQSGt3Ym1PaVVjCkd4TmhIcVB2Nk4xaHdwSVVHOGJJ
+            TVErNHZ1ZURKMmk2SzJUajFTV0tJSE0KLS0tIG5jVnZHNm55dncvaDdsWXNidDB1
+            TURVTjR3RUJzMmxmNVIyTk5rM0YvMU0KP3R78NlGqbRHmSn2WqanPq8Y9m+olBLO
+            2CTJI9QQfPACzz9KoEt5hlpqVpsgQT9CGDpyYEwXrFyxFY4QIh5NPw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-10-17T10:52:20Z"
+    mac: ENC[AES256_GCM,data:lxqZaTqs5d/b/iIZ7BbD2jYJq3fTIbFlbdwKbCAAiXJv8abxN6SjOKuecKEvkJ0Y7qf2e0Cl8lbRwSy5FJb9Wsl9O4LzF0KBu0lssnBtDuZujFldgxJSWB8kQ3vMsPQ+NbmRME3zdKazmuhEwS0h/O6L6KmnfHjtfnDpAjYD+MY=,iv:Xue3R2qGxiw5/hjr9dLiLqeKDTpnwAnx8v9M3qjz5EM=,tag:T67z1oCMoW/ApF6tFJL3dA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.1