hetzner: Add new server config

This commit is contained in:
Tristan Daniël Maat 2024-03-02 02:27:24 +01:00
parent 54e0826860
commit ddda6f534b
Signed by: tlater
GPG key ID: 49670FD774E43268
11 changed files with 373 additions and 337 deletions

View file

@ -1,6 +1,7 @@
keys: keys:
- &tlater 535B61015823443941C744DD12264F6BBDFABA89 - &tlater 535B61015823443941C744DD12264F6BBDFABA89
- &server_tlaternet 8a3737d48f1035fe6c3a0a8fd6a1976ca74c7f3b - &server_tlaternet 8a3737d48f1035fe6c3a0a8fd6a1976ca74c7f3b
- &server_hetzner1 0af7641adb8aa843136cf6d047f71da3e5ad79f9
- &server_staging 2f5caa73e7ceea4fcc8d2881fde587e6737d2dbc - &server_staging 2f5caa73e7ceea4fcc8d2881fde587e6737d2dbc
creation_rules: creation_rules:
@ -9,6 +10,7 @@ creation_rules:
- pgp: - pgp:
- *tlater - *tlater
- *server_tlaternet - *server_tlaternet
- *server_hetzner1
- path_regex: keys/staging.yaml - path_regex: keys/staging.yaml
key_groups: key_groups:
- pgp: - pgp:

View file

@ -7,6 +7,7 @@
... ...
}: { }: {
imports = [ imports = [
flake-inputs.disko.nixosModules.disko
flake-inputs.sops-nix.nixosModules.sops flake-inputs.sops-nix.nixosModules.sops
flake-inputs.tlaternet-webserver.nixosModules.default flake-inputs.tlaternet-webserver.nixosModules.default
@ -55,7 +56,6 @@
boot.kernelParams = ["highres=off" "nohz=off"]; boot.kernelParams = ["highres=off" "nohz=off"];
networking = { networking = {
hostName = "tlaternet";
usePredictableInterfaceNames = false; usePredictableInterfaceNames = false;
useDHCP = false; useDHCP = false;

View file

@ -0,0 +1,47 @@
{
imports = [
./hardware-configuration.nix
./disko.nix
];
# Intel's special encrypted memory<->CPU feature. Hetzner's BIOS
# disables it by default.
#
# TODO(tlater): See if would be useful for anything?
boot.kernelParams = ["nosgx"];
networking.hostName = "hetzner-1";
services.nginx.domain = "tlater.net";
systemd.network.networks."eth0" = {
matchConfig.MACAddress = "90:1b:0e:c1:8c:62";
addresses = [
# IPv4
{
addressConfig = {
Address = "116.202.158.55/32";
Peer = "116.202.158.1/32"; # Gateway
};
}
# IPv6
{
addressConfig.Address = "2a01:4f8:10b:3c85::2/64";
}
];
networkConfig = {
Gateway = [
"116.202.158.1"
"fe80::1"
];
DNS = [
"185.12.64.1"
"185.12.64.2"
"2a01:4ff:ff00::add:1"
"2a01:4ff:ff00::add:2"
];
};
};
}

View file

@ -0,0 +1,82 @@
{
disko.devices.disk = let
bootPartition = {
size = "1M";
type = "EF02";
};
swapPartition = {
# 8G is apparently recommended for this much RAM, but we set up
# 4G on both disks for mirroring purposes.
#
# That'll still be 8G during normal operation, and it's probably
# not too bad to have slightly less swap if a disk dies.
size = "4G";
content = {
type = "swap";
randomEncryption = true;
};
};
mountOptions = ["compress=zstd" "noatime"];
in {
sda = {
type = "disk";
device = "/dev/sda";
content = {
type = "gpt";
partitions = {
boot = bootPartition;
swap = swapPartition;
disk1 = {
size = "100%";
# Empty partition to combine in RAID0 with the other disk
};
};
};
};
sdb = {
type = "disk";
device = "/dev/sdb";
content = {
type = "gpt";
partitions = {
boot = bootPartition;
swap = swapPartition;
disk2 = {
size = "100%";
content = {
type = "btrfs";
# Hack to get multi-device btrfs going
# See https://github.com/nix-community/disko/issues/99
extraArgs = ["-d" "raid1" "-m" "raid1" "--runtime-features" "quota" "/dev/sda3"];
subvolumes = {
"/volume" = {};
"/volume/root" = {
inherit mountOptions;
mountpoint = "/";
};
"/volume/home" = {
inherit mountOptions;
mountpoint = "/home";
};
"/volume/var" = {
inherit mountOptions;
mountpoint = "/var";
};
"/volume/nix-store" = {
inherit mountOptions;
mountpoint = "/nix";
};
"/snapshots" = {};
};
};
};
};
};
};
};
}

View file

@ -0,0 +1,25 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View file

@ -4,6 +4,7 @@
# Disable graphical tty so -curses works # Disable graphical tty so -curses works
boot.kernelParams = ["nomodeset"]; boot.kernelParams = ["nomodeset"];
networking.hostName = "testvm";
# Sets the base domain for nginx to localhost so that we # Sets the base domain for nginx to localhost so that we
# can easily test locally with the VM. # can easily test locally with the VM.
services.nginx.domain = lib.mkOverride 99 "localhost"; services.nginx.domain = lib.mkOverride 99 "localhost";

View file

@ -76,23 +76,23 @@ in {
# ''; # '';
# }; # };
# services.backups.forgejo = { services.backups.forgejo = {
# user = "forgejo"; user = "forgejo";
# paths = [ paths = [
# "/var/lib/forgejo/forgejo-db.sql" "/var/lib/forgejo/forgejo-db.sql"
# "/var/lib/forgejo/repositories/" "/var/lib/forgejo/repositories/"
# "/var/lib/forgejo/data/" "/var/lib/forgejo/data/"
# "/var/lib/forgejo/custom/" "/var/lib/forgejo/custom/"
# # Conf is backed up via nix # Conf is backed up via nix
# ]; ];
# preparation = { preparation = {
# packages = [config.services.postgresql.package]; packages = [config.services.postgresql.package];
# text = "pg_dump ${config.services.forgejo.database.name} --file=/var/lib/forgejo/forgejo-db.sql"; text = "pg_dump ${config.services.forgejo.database.name} --file=/var/lib/forgejo/forgejo-db.sql";
# }; };
# cleanup = { cleanup = {
# packages = [pkgs.coreutils]; packages = [pkgs.coreutils];
# text = "rm /var/lib/forgejo/forgejo-db.sql"; text = "rm /var/lib/forgejo/forgejo-db.sql";
# }; };
# pauseServices = ["forgejo.service"]; pauseServices = ["forgejo.service"];
# }; };
} }

View file

@ -1,39 +1,5 @@
{ {
"nodes": { "nodes": {
"all-cabal-json": {
"flake": false,
"locked": {
"lastModified": 1665552503,
"narHash": "sha256-r14RmRSwzv5c+bWKUDaze6pXM7nOsiz1H8nvFHJvufc=",
"owner": "nix-community",
"repo": "all-cabal-json",
"rev": "d7c0434eebffb305071404edcf9d5cd99703878e",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "hackage",
"repo": "all-cabal-json",
"type": "github"
}
},
"crane": {
"flake": false,
"locked": {
"lastModified": 1681175776,
"narHash": "sha256-7SsUy9114fryHAZ8p1L6G6YSu7jjz55FddEwa2U8XZc=",
"owner": "ipetkov",
"repo": "crane",
"rev": "445a3d222947632b5593112bb817850e8a9cf737",
"type": "github"
},
"original": {
"owner": "ipetkov",
"ref": "v0.12.1",
"repo": "crane",
"type": "github"
}
},
"deploy-rs": { "deploy-rs": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
@ -54,47 +20,38 @@
"type": "github" "type": "github"
} }
}, },
"devshell": { "disko": {
"flake": false, "inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1663445644, "lastModified": 1709286488,
"narHash": "sha256-+xVlcK60x7VY1vRJbNUEAHi17ZuoQxAIH4S4iUFUGBA=", "narHash": "sha256-RDpTZ72zLu05djvXRzK76Ysqp9zSdh84ax/edEaJucs=",
"owner": "numtide", "owner": "nix-community",
"repo": "devshell", "repo": "disko",
"rev": "e3dc3e21594fe07bdb24bdf1c8657acaa4cb8f66", "rev": "bde7dd352c07d43bd5b8245e6c39074a391fdd46",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "numtide", "owner": "nix-community",
"repo": "devshell", "repo": "disko",
"type": "github" "type": "github"
} }
}, },
"dream2nix": { "dream2nix": {
"inputs": { "inputs": {
"all-cabal-json": "all-cabal-json",
"crane": "crane",
"devshell": "devshell",
"drv-parts": "drv-parts",
"flake-compat": "flake-compat_3",
"flake-parts": "flake-parts",
"flake-utils-pre-commit": "flake-utils-pre-commit",
"ghc-utils": "ghc-utils",
"gomod2nix": "gomod2nix",
"mach-nix": "mach-nix",
"nix-pypi-fetcher": "nix-pypi-fetcher",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
"nixpkgsV1": "nixpkgsV1", "purescript-overlay": "purescript-overlay",
"poetry2nix": "poetry2nix", "pyproject-nix": "pyproject-nix"
"pre-commit-hooks": "pre-commit-hooks",
"pruned-racket-catalog": "pruned-racket-catalog"
}, },
"locked": { "locked": {
"lastModified": 1686064783, "lastModified": 1702457430,
"narHash": "sha256-qyptOk4vDut2JkRMJ+815eJNqqd8gIfjpz3l4WCCtMY=", "narHash": "sha256-8NQiXtYCOiC7XFayy6GPGDudCBrPROry3mfWjpdVj5g=",
"owner": "nix-community", "owner": "nix-community",
"repo": "dream2nix", "repo": "dream2nix",
"rev": "0c064fa9dd025069cc215b0a8b4eb5ea734aceb0", "rev": "262198033e23e9ee832f0cc8133d38f07598f555",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -103,38 +60,6 @@
"type": "github" "type": "github"
} }
}, },
"drv-parts": {
"inputs": {
"flake-compat": [
"tlaternet-webserver",
"dream2nix",
"flake-compat"
],
"flake-parts": [
"tlaternet-webserver",
"dream2nix",
"flake-parts"
],
"nixpkgs": [
"tlaternet-webserver",
"dream2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1680698112,
"narHash": "sha256-FgnobN/DvCjEsc0UAZEAdPLkL4IZi2ZMnu2K2bUaElc=",
"owner": "davhau",
"repo": "drv-parts",
"rev": "e8c2ec1157dc1edb002989669a0dbd935f430201",
"type": "github"
},
"original": {
"owner": "davhau",
"repo": "drv-parts",
"type": "github"
}
},
"fenix": { "fenix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -144,11 +69,11 @@
"rust-analyzer-src": "rust-analyzer-src" "rust-analyzer-src": "rust-analyzer-src"
}, },
"locked": { "locked": {
"lastModified": 1686637310, "lastModified": 1704003651,
"narHash": "sha256-sGfKyioVsxQppDM0eDO62wtFiz+bZOD0cBMMIEjqn4I=", "narHash": "sha256-bA3d4E1CX5G7TVbKwJOm9jZfVOGOPp6u5CKEUzNsE8E=",
"owner": "nix-community", "owner": "nix-community",
"repo": "fenix", "repo": "fenix",
"rev": "6fbeedcd2fc1fba77152e13fd7492824d77a4060", "rev": "c6d82e087ac96f24b90c5787a17e29a72566c2b4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -189,44 +114,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"tlaternet-webserver",
"dream2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1675933616,
"narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "47478a4a003e745402acf63be7f9a092d51b83d7",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_2"
@ -245,21 +132,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils-pre-commit": {
"locked": {
"lastModified": 1644229661,
"narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"foundryvtt": { "foundryvtt": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -267,11 +139,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1701473318, "lastModified": 1709504473,
"narHash": "sha256-QdCJN8GeNl/V8wMjrvNkrWzNXnahgfjBfCSya4qQdrc=", "narHash": "sha256-hXzXxaZaI9Pn5tO4otY2gJUvW/orDGDAMdstm3AY8RU=",
"owner": "reckenrode", "owner": "reckenrode",
"repo": "nix-foundryvtt", "repo": "nix-foundryvtt",
"rev": "f624c0ceabe13dd876ecff871e0dc7f55f96e993", "rev": "5cf4e6d9ed7b662dbea7a61d785b67a878598986",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -280,69 +152,6 @@
"type": "github" "type": "github"
} }
}, },
"ghc-utils": {
"flake": false,
"locked": {
"lastModified": 1662774800,
"narHash": "sha256-1Rd2eohGUw/s1tfvkepeYpg8kCEXiIot0RijapUjAkE=",
"ref": "refs/heads/master",
"rev": "bb3a2d3dc52ff0253fb9c2812bd7aa2da03e0fea",
"revCount": 1072,
"type": "git",
"url": "https://gitlab.haskell.org/bgamari/ghc-utils"
},
"original": {
"type": "git",
"url": "https://gitlab.haskell.org/bgamari/ghc-utils"
}
},
"gomod2nix": {
"flake": false,
"locked": {
"lastModified": 1627572165,
"narHash": "sha256-MFpwnkvQpauj799b4QTBJQFEddbD02+Ln5k92QyHOSk=",
"owner": "tweag",
"repo": "gomod2nix",
"rev": "67f22dd738d092c6ba88e420350ada0ed4992ae8",
"type": "github"
},
"original": {
"owner": "tweag",
"repo": "gomod2nix",
"type": "github"
}
},
"mach-nix": {
"flake": false,
"locked": {
"lastModified": 1634711045,
"narHash": "sha256-m5A2Ty88NChLyFhXucECj6+AuiMZPHXNbw+9Kcs7F6Y=",
"owner": "DavHau",
"repo": "mach-nix",
"rev": "4433f74a97b94b596fa6cd9b9c0402104aceef5d",
"type": "github"
},
"original": {
"id": "mach-nix",
"type": "indirect"
}
},
"nix-pypi-fetcher": {
"flake": false,
"locked": {
"lastModified": 1669065297,
"narHash": "sha256-UStjXjNIuIm7SzMOWvuYWIHBkPUKQ8Id63BMJjnIDoA=",
"owner": "DavHau",
"repo": "nix-pypi-fetcher",
"rev": "a9885ac6a091576b5195d547ac743d45a2a615ac",
"type": "github"
},
"original": {
"owner": "DavHau",
"repo": "nix-pypi-fetcher",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1702272962, "lastModified": 1702272962,
@ -391,21 +200,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgsV1": {
"locked": {
"lastModified": 1678500271,
"narHash": "sha256-tRBLElf6f02HJGG0ZR7znMNFv/Uf7b2fFInpTHiHaSE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5eb98948b66de29f899c7fe27ae112a47964baf8",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-22.11",
"type": "indirect"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1703467016, "lastModified": 1703467016,
@ -424,17 +218,18 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1665580254, "lastModified": 1702272962,
"narHash": "sha256-hO61XPkp1Hphl4HGNzj1VvDH5URt7LI6LaY/385Eul4=", "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f634d427b0224a5f531ea5aa10c3960ba6ec5f0f", "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "owner": "NixOS",
"ref": "nixos-unstable", "ref": "nixpkgs-unstable",
"type": "indirect" "repo": "nixpkgs",
"type": "github"
} }
}, },
"nvfetcher": { "nvfetcher": {
@ -459,70 +254,50 @@
"type": "github" "type": "github"
} }
}, },
"poetry2nix": { "purescript-overlay": {
"flake": false,
"locked": {
"lastModified": 1666918719,
"narHash": "sha256-BkK42fjAku+2WgCOv2/1NrPa754eQPV7gPBmoKQBWlc=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "289efb187123656a116b915206e66852f038720e",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "1.36.0",
"repo": "poetry2nix",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": { "inputs": {
"flake-utils": [
"tlaternet-webserver",
"dream2nix",
"flake-utils-pre-commit"
],
"nixpkgs": [ "nixpkgs": [
"tlaternet-webserver", "tlaternet-webserver",
"dream2nix", "dream2nix",
"nixpkgs" "nixpkgs"
] ],
"slimlock": "slimlock"
}, },
"locked": { "locked": {
"lastModified": 1646153636, "lastModified": 1696022621,
"narHash": "sha256-AlWHMzK+xJ1mG267FdT8dCq/HvLCA6jwmx2ZUy5O8tY=", "narHash": "sha256-eMjFmsj2G1E0Q5XiibUNgFjTiSz0GxIeSSzzVdoN730=",
"owner": "cachix", "owner": "thomashoneyman",
"repo": "pre-commit-hooks.nix", "repo": "purescript-overlay",
"rev": "b6bc0b21e1617e2b07d8205e7fae7224036dfa4b", "rev": "047c7933abd6da8aa239904422e22d190ce55ead",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "cachix", "owner": "thomashoneyman",
"repo": "pre-commit-hooks.nix", "repo": "purescript-overlay",
"type": "github" "type": "github"
} }
}, },
"pruned-racket-catalog": { "pyproject-nix": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1672537287, "lastModified": 1702448246,
"narHash": "sha256-SuOvXVcLfakw18oJB/PuRMyvGyGG1+CQD3R+TGHIv44=", "narHash": "sha256-hFg5s/hoJFv7tDpiGvEvXP0UfFvFEDgTdyHIjDVHu1I=",
"owner": "nix-community", "owner": "davhau",
"repo": "pruned-racket-catalog", "repo": "pyproject.nix",
"rev": "c8b89557fb53b36efa2ee48a769c7364df0f6262", "rev": "5a06a2697b228c04dd2f35659b4b659ca74f7aeb",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "davhau",
"ref": "catalog", "ref": "dream2nix",
"repo": "pruned-racket-catalog", "repo": "pyproject.nix",
"type": "github" "type": "github"
} }
}, },
"root": { "root": {
"inputs": { "inputs": {
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"disko": "disko",
"foundryvtt": "foundryvtt", "foundryvtt": "foundryvtt",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
@ -534,11 +309,11 @@
"rust-analyzer-src": { "rust-analyzer-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1686586902, "lastModified": 1703965384,
"narHash": "sha256-+zfBFBmUxWutKbhdntI9uvF4D5Rh7BhcByM2l+ReyTw=", "narHash": "sha256-3iyouqkBvhh/E48TkBlt4JmmcIEyfQwY7pokKBx9WNg=",
"owner": "rust-lang", "owner": "rust-lang",
"repo": "rust-analyzer", "repo": "rust-analyzer",
"rev": "1f1fe81f0db301124b3026bd2940294526cdd852", "rev": "e872f5085cf5b0e44558442365c1c033d486eff2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -548,6 +323,29 @@
"type": "github" "type": "github"
} }
}, },
"slimlock": {
"inputs": {
"nixpkgs": [
"tlaternet-webserver",
"dream2nix",
"purescript-overlay",
"nixpkgs"
]
},
"locked": {
"lastModified": 1688610262,
"narHash": "sha256-Wg0ViDotFWGWqKIQzyYCgayeH8s4U1OZcTiWTQYdAp4=",
"owner": "thomashoneyman",
"repo": "slimlock",
"rev": "b5c6cdcaf636ebbebd0a1f32520929394493f1a6",
"type": "github"
},
"original": {
"owner": "thomashoneyman",
"repo": "slimlock",
"type": "github"
}
},
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -608,11 +406,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1686688441, "lastModified": 1704840002,
"narHash": "sha256-rcqAQzExGu0uV9Din8yy+Nn8FQvG/Itm8hp66amDj6o=", "narHash": "sha256-ik2LeuRjcnRXwBLoRSOyGEMXscE+coO8G79IFhZhdJk=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "c573a6f81827594ceeffbfa058659e2fc20e4a1e", "rev": "d14f50c8dcc8ab30a5e5fa907b392ac0df6c7b52",
"revCount": 66, "revCount": 73,
"type": "git", "type": "git",
"url": "https://gitea.tlater.net/tlaternet/tlaternet.git" "url": "https://gitea.tlater.net/tlaternet/tlaternet.git"
}, },

View file

@ -4,6 +4,10 @@
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.url = "github:serokell/deploy-rs";
sops-nix = { sops-nix = {
url = "github:Mic92/sops-nix"; url = "github:Mic92/sops-nix";
@ -47,12 +51,23 @@
./configuration/hardware-specific/linode ./configuration/hardware-specific/linode
]; ];
}; };
hetzner-1 = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs.flake-inputs = inputs;
modules = [
./configuration
./configuration/hardware-specific/hetzner
];
};
}; };
############################ ############################
# Deployment configuration # # Deployment configuration #
############################ ############################
deploy.nodes.tlaternet = { deploy.nodes = {
tlaternet = {
hostname = "tlater.net"; hostname = "tlater.net";
profiles.system = { profiles.system = {
@ -64,6 +79,19 @@
sshOpts = ["-p" "2222" "-o" "ForwardAgent=yes"]; sshOpts = ["-p" "2222" "-o" "ForwardAgent=yes"];
}; };
hetzner-1 = {
hostname = "116.202.158.55";
profiles.system = {
user = "root";
path = deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.hetzner-1;
};
sshUser = "tlater";
sshOpts = ["-p" "2222" "-o" "ForwardAgent=yes"];
};
};
######### #########
# Tests # # Tests #
######### #########

28
keys/hosts/hetzner1.asc Normal file
View file

@ -0,0 +1,28 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBAAAAAABEADQWw0P407m704eEqPWA2SxNYdVIOAWPFPS1AJBOQycDMW3Mgv3
v26H5Oan4t1ZD4yLYsJu6HcrGsIY3Xnhd/JGHVd8eazxl092rdAWUaLRPXusUKxY
KbtBij1U4dkV5npcWyzBN3pzNbU8iItyYS9aOTO6N51QJ3sNIflp+tSf+0Yg26DM
cXZsAQLERdCgttnbd8hoYE3ge02FDwKIY/pr7cVvdOnrsFcOugNTCvCsJQPVknUz
sE/BOtFEBnV5Hw7S5ahO4EEvdQpW+VJLa6XRrH8vXB/LJIoPtw11AKA6Rpb/AvG9
JOKxhSEODVLcdmg5y2dZDrSg5tSzWikCkhPgxcDdhYK+kYwOOCZCwijMmD+cm2J9
aDPuQho0LBwnwbTsQuXrPNMSGMFP9F1LVbr4X64x0J2E/70ic96xI3F5E+KHpTFL
kBOr66IFfd91gWLIbxYYtwyx19dPQ7LgZ0GWAMgfHnOdtMwO0Tduubhvq8m7to5B
wD3VN2Tz/2OUa0gbJrnznaMrSOIj1nOU3FLBjT9/wh9DpXMbZw6D2fzqdt03Kpw9
XjqJzXN1iRkcMpYkxic1Eq2yoAEtLr13cLv+9Dlkvi01kwN/MxwgnQGuc7/R4ZyA
Z4aQtviPhT7geIOtY1jH9ZKosEVg2eXyI7YSxHvdXY+vCcwqzh8x+gRJowARAQAB
zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT
AQgAFgUCAAAAAAkQR/cdo+WtefkCGw8CGQEAAHNAEACZcvbykefvO1cYp3VEGyHI
rjCdA+docXXpyZOe9OcNzB1HBjOLwe9cJgkPnTtDZMYhrN6vnb2td7xiX8LVvhgZ
npSCWtdqXo/EbkN88CP4GraT/9aaB6Joa2RSlZz5jSv3kuq+Q1QXxQqly5/qYhpS
Ibz3ZWcovI1tMcdvA/u74oQ+4m0Mgqbyg9G2vwAygsexdHQMY+L0SDXI1GMX8z0A
zFmtIlYkgqMoJY8qeJniwkmrHoLyFLIjnjQERV0FtQJ3S3sL63JVDNiA4OmwxIlR
M+6LcRDcVqPDEOJxgCKkd6Cg9vOGyCdMTsI42pMuQOflhntx6Ez9tkyQQtkH1dS6
n9wqmBL47GaZE32GepzvJw3aix87UouuZr8NlzsIr937rp9s3kW4+WpzakimBNjs
kRWNhMaty2az171g3rvnL8yDejibE1OCHMakq7RUtYWC7Z8pNm2eHtHfTnH9qAZe
mRcTiiY308ZI046muN9BAg1/m7v/sD3uEI8YXz7kb3lTWb0iioyUZqo0bqNhADEG
5WLka2RK5fPnsyEalZ8mumUdGCH5iXKmXjK85GUaRwHgJUjhTdnpuqiuwVS3fxvN
KlPP59q/kbWXL6bnVokvzBuW5GRl8im7qw8ggrEuxmSFD1WQLkvswLum6mVvDFpS
HX938nRTHMgZfPW/gvR2aA==
=nrXn
-----END PGP PUBLIC KEY BLOCK-----

View file

@ -29,40 +29,65 @@ sops:
lastmodified: "2023-12-28T00:07:08Z" lastmodified: "2023-12-28T00:07:08Z"
mac: ENC[AES256_GCM,data:P2bNJLjzn69Kg2bJHXmofER7J8wbEj9C4jq9ePWewXBOt45GEiqgnqIaISwZkyzQmm9cxZd95Lr780ICwoKDFdtSCCcC7CdYxYEfyyhnvU3W2qzEghvkypL8JbiEtPSlQ9xOlCk7p41A9eRrV+JziIVSv5UEUs4NubrG9Mkwv3k=,iv:Yq2gANTTgx6cFxkdustUZ1MPszxGSkao/bS1KHAkzJc=,tag:kqJibocgRQXkxTJze6O5MA==,type:str] mac: ENC[AES256_GCM,data:P2bNJLjzn69Kg2bJHXmofER7J8wbEj9C4jq9ePWewXBOt45GEiqgnqIaISwZkyzQmm9cxZd95Lr780ICwoKDFdtSCCcC7CdYxYEfyyhnvU3W2qzEghvkypL8JbiEtPSlQ9xOlCk7p41A9eRrV+JziIVSv5UEUs4NubrG9Mkwv3k=,iv:Yq2gANTTgx6cFxkdustUZ1MPszxGSkao/bS1KHAkzJc=,tag:kqJibocgRQXkxTJze6O5MA==,type:str]
pgp: pgp:
- created_at: "2022-10-12T00:46:51Z" - created_at: "2024-03-02T21:16:50Z"
enc: | enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQEMA7x7stsXx45CAQf9Hivg5x2NEKp3icdAIXKoBVTp5jnqJ2S5xDpK4cbCUwRd hQIMAzWu0p84AOApARAAi+GxJ9z+cMaMgENnDC0Kq6ZJZ/rkXnUIjVxpdXLVhnCc
Z2VyNjxAXdTgKsviXseWbtsEbqo41oqjtpZwXK36gT/miKSPYyBSLb689L70RpWR E2S8NoXJI5jcqsYI08wVQm7OWzsNK6GuJET1i3YdHVDOiwYK+WNGeMA6JdIuJzXV
aC4QzOHbYr1Trr1whkTVaQG1vd2u9ZEyxsi13ItiYVylu7tgMqaDqzE4Y47RPZtz EDcuarLusygqIV1UcZCwTl362zuLi5kPs/fGsn7BJeI8Q7CtMEP1cmCk0LlHotjz
FWFY4chO5Tq/DL0blP8oCTLFx4LSL82JbZswCfqrSHX44HGZ/OELHqNhYNF6hkCr Pl53bUos1WUqSv0EQw9Cz1dhL6LGlUtoIJaPbB9OO/+chzQCFUJGbCO5KJ/+3fFq
DgYYh7l7s08farE+PnTbWt808Kd3kP8fCRaLm9nt1X1c5QQElaWBjGIscK9fOsV4 2DhQZw1GvgNf9/66f39tgY+jeQq5OyuoFSpuzyjxCeK+eX6Jkxs4zOVlcJoztSVc
iVFQfPBdwBi8aawCmwvXOcg6sX050Ow3NeYQBJVICtJeAeHyetxxEYip6CrADsiq FEiPIO4YfcgDXToLJWSWA2uGJ+KCvqDXDWyPATQupytAItw05oFyfZOPuh45Wj46
UG1Np+p6Pcbq/k6E1vT6bsRrhUWPYC4yuh6Edg5p/jxa4DAlsq/OgDI9pquE9aIt 6Dm9QYKZMsFj6xfgNl6VEK0KK34zi0EcBKm4wmfF8hw4o5T2U542iPzgKv53jbC2
F8cQMHfIkNP8/HiM/KwmdHoTJiy8YCwqP/UalSJdVw== F1dn7GI8ZkSGDPlw7UWSIRLmRYilZhbR+2RJX23nXoarP9oxigCpqhIGBGizdBEx
=lnlW PpUYQjiPUuytk/B3DP+0q01lVvdqcxchA3s88iZwc5GSwBfEMVJ2MJOFkiwIkttO
9PkmtXAaFAt7jjRCzhH05/S7g9xt/1zid/lHCGKcfaZJqX6YIu9+mXeERsZ7OdMs
uur8T7r14DC4ffPOYQR6BIfNZ3vPUyEP2/fSncAtyDFKO2Cc6ry3JvxBCdPGErjS
XgFwk6xHtOsIU3ozokW3aupo5eSNBEPpfIK28P0ivouIZsU64sVJFjc7zPpZnaF+
bEnAXMK8FrHvYZz3v4+LSaYZyoKWYly0wCWrSOZTEphTJHFrW/KsJ2hmVTpjS58=
=qqF7
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 535B61015823443941C744DD12264F6BBDFABA89 fp: 535B61015823443941C744DD12264F6BBDFABA89
- created_at: "2022-10-12T00:46:51Z" - created_at: "2024-03-02T21:16:50Z"
enc: | enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMA9ahl2ynTH87AQ/+ID/6Dcbat+YRvT8VpfKpZf2O6EFbI3dlPDkZ+f4yFW0R hQIMA9ahl2ynTH87ARAApU/UkNVGbtqxwQ83Zl3f7Zp/PTIeLtcvmuOUjSnPYrYi
uGKkLR69utM8FoEn1XUkPG3klDk5t/gQikS/d1lPZ6cPOsVzY4P2Te6LizP25vCE 60H1ZPVJUhAv+gcTwRBZ+aN39mUI43qBgCjNu7Z7Bmevf+TXCvK1CwsxuxVbG1tl
cHkztZG/IuBCBfLp8xsEjF1OXEDnb7Klqd3aJuYrvJNm3SreNydRAGyM1E94+iQL sL8FtVH0p8KETq+v8aylTzaV339BmEgnLOBLCE9oP+PhLEERqIT1sz5CeaI71z4F
zLrHF0WbD+dVdVG+ZoHKouGHVVmcxTkfi8Ce63pHKxOiMgqJLnImC357mle4DlJV wETPCfJKEouCQpT0P6hSN1f/9h43PZDQQW5MLY2m1o8t+pFHfowADIlsAmZziXBf
1My0CPV9Y1ElY+W5s+a7sRgursR0AVOkuvWYT39VW+RmFpUZyRCgyW+L6ilCEcOV t/IezzM7oo/QKITpLI8NND9nZfvG7leubG3L2TIL0xIgQeLBs4a+jfFSpt8DR0ii
VXJHf0IFylkqevh11BssIetHAtT8anqZ+wo3ON4gEHjcahufc1h8rOxEEsWe/qUC YGf1RgrtpnlkA4B75KHTfEq1LMEn0wOJj89Z38x5MZEw3suUc8W+1PcKoKIgt4Dw
XZzfwilOsY/vKJ+GTz5Cp8XAviozQL5o2O5H9PiHxQl019QHZgprJclGMlukCBkR RN4K+CS/4Ud8pNLoO+zZ4moRlM9ltWpCJ9kSHNeMShxtsIEPxkhh3CqWU+Ta/4er
Uo3h1Rl2na8JqcolAlFGQ1/QxsOnJ/KAmOpUZ7fZqG2qnsXnFjXcuqo+0e58odaT 1W2bkII2ieS4mLlJM6qqLYAb8VJpaKi3BQmB66KtDS4n4HEXvOO+nurmz9luKZZt
sZLIspvsEHBHKzsvUa6BT8bTc+GlsB3hFolBVdX4y9kTWuzxy0K6bKA9HMTf4FPW 1e3t8ABBowOu+LOVxUbx9DKFObBJ1CDDPQHxRDmGxeSz3ZccHlXsC83QSHCtcm8G
w2hIlvYhlgEx9MVqKLbemN3ye2rC3GRUBXxVXmlXBmb7nXPZCOGqL6nrvtsQ1E4h uFtUZLOCaR0iB7DbEUX43p40xFZ5ieqY9XDC3uGJfzoEZRfaX05I3MX267EZBKSp
D9+sN+cvYh5lYPByjXYinT8TqFVpqX++qnpgHC+5c6WtDHlhRAyfIQK51wCyiZbS H6kyYPnTBqI0UhIsDtd6AWd9huqOZ/TrWubTeDf07s6VDusMYrtE+WaVczaYUkPS
UAG6iDEbCWwD7uHZjDmVycC2R/0HnO+o9xMBI6teKYziFhvn8m7R9gzr7zn/0x3t WAHYUCmSFUN5z3Emds26kMUQvWTKMvx8TgaEf9LwOfjo4LXhvNKjU5yi+hqZqlO8
dVMXtojhfbMPzYK0gT6xOn8SbYGH0MV7ddOm7+Kl3Z8Y AOvcgnksjHUhonEl7GLaOvPPiyoB6F6ZuOFlzOeL1OB3QxJiEoRFbF8=
=zDer =574h
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 8a3737d48f1035fe6c3a0a8fd6a1976ca74c7f3b fp: 8a3737d48f1035fe6c3a0a8fd6a1976ca74c7f3b
- created_at: "2024-03-02T21:16:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA0f3HaPlrXn5AQ/8Cvb9YhG/wYRhu+B3iSTCOq1xiPbCOPs9BcCg85G2yI+5
LA8G18XVDpaxlT4lyOE3p4XEbJkP+ceLhNbldiQns9HCDQXanRonZndLjwSdEuRj
/A/ql2Q27Xhad34Bu0n+hoNfQ2qKjjx6q5lbbKLIIGOvEBF35oImnWF+Vc2cYpzp
J0PT/gkKkGnBCihiUrmpISU+7grFMFT59UnWSthCpACG8ocjzF0PBdzPOj2QSDiv
eDiPEdd72KcGXVfRodrdAbApFXJx2goaxYobAFCyC7G3UHJTliCOEG/5PNSb8lSl
Xv8NJnYI7bs8bRMFTvpEIsogrVeXy0yDl+qogQWPKYwpStn6yqOMIvs2C476nY/f
llRLfjJLTEmPuq+JYhWfZ4o0tOZNECmq4DiAg30ePqThZNXJLNyk9sfkjuDz+zbh
rYnJ1Xb1UM7ZKyjGcxSU9eAba0MBJpVZa/ZDrb4GjysPq+rsEb8LO6WPPbYfLbr/
kfiK7e4Rv4AgUdd7NjRwBHJSjIFCul8I2hF4v/vp+da11CktPXC0sJNsYXWBR1I+
FeKxc+WkLTfuS6evb8Y+UuyQkTDI3mb13QfXaX1V8I63LivdCE7zsTOlnOWPT1k7
cqhQ2VpNxBtt7gNG7MAYHn9KAwGbyQ/Ma6Qx//ftjmf47b8qnZuJe8HEg0Nh5uDS
WAGdbEL/ZXTT4ZxNm/QHVctZVzCAqDUMIkMK4vCCR+Bs8FvLFUo6YoVEnajqTSj8
pkEyS0RuM68KTpivAjDhqlY4vJsMmiRBjx/q5rSwi29vOuhK9ttSj38=
=KQd3
-----END PGP MESSAGE-----
fp: 0af7641adb8aa843136cf6d047f71da3e5ad79f9
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1