From 4914c73e77d8991198a1af8571d7550f6c885803 Mon Sep 17 00:00:00 2001 From: korenstin Date: Sat, 18 May 2024 16:28:11 +0200 Subject: [PATCH] Ajout de chene --- .sops.yaml | 2 + flake.nix | 15 ++-- hosts/vm/chene/default.nix | 15 ++++ hosts/vm/chene/hardware-configuration.nix | 32 +++++++ hosts/vm/chene/networking.nix | 53 +++++++++++ secrets/common.yaml | 103 ++++++++++++---------- 6 files changed, 168 insertions(+), 52 deletions(-) create mode 100644 hosts/vm/chene/default.nix create mode 100644 hosts/vm/chene/hardware-configuration.nix create mode 100644 hosts/vm/chene/networking.nix diff --git a/.sops.yaml b/.sops.yaml index dc49f0b..f7a1860 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,5 +1,6 @@ keys: # Hosts keys are age keys derived from the host ssh key. + - &chene age1p9h7wl3j2fl40gacknt4y95rqkaat8gntrqesx05xcg6yav8tuuqxrqv7h - &neo age1ed9esfstrdhfl3650mv4j3mjyum70245f903ye6g0f5t2ept73nqyksh3g - &redite age1utlywxylme0z3jenv4uz8ftcwteg9877y3zf46fu7zwjjwa05g7q88w8t0 - &two age1zlpu6qum5xcl07hnsndp78tllqph5jz7q8fr5ntxr88202xq9u9s9r2y7x @@ -16,6 +17,7 @@ creation_rules: - *_aeltheos - *_pigeonmoelleux age : + - *chene - *neo - *redite - *two diff --git a/flake.nix b/flake.nix index b9fef3a..793338d 100644 --- a/flake.nix +++ b/flake.nix @@ -28,20 +28,25 @@ flake = with nixpkgs.lib; { nixosConfigurations = { + chene = nixosSystem { + specialArgs = inputs; + modules = [ ./hosts/vm/chene ]; + }; + neo = nixosSystem { specialArgs = inputs; modules = [ ./hosts/vm/neo ]; }; - two = nixosSystem { - specialArgs = inputs; - modules = [ ./hosts/vm/two ]; - }; - redite = nixosSystem { specialArgs = inputs; modules = [ ./hosts/vm/redite ]; }; + + two = nixosSystem { + specialArgs = inputs; + modules = [ ./hosts/vm/two ]; + }; }; }; diff --git a/hosts/vm/chene/default.nix b/hosts/vm/chene/default.nix new file mode 100644 index 0000000..1877168 --- /dev/null +++ b/hosts/vm/chene/default.nix @@ -0,0 +1,15 @@ +{ ... }: + +{ + imports = [ + ./hardware-configuration.nix + ./networking.nix + + ../../../modules + ]; + + networking.hostName = "chene"; + boot.loader.grub.devices = [ "/dev/sda" ]; + + system.stateVersion = "23.11"; +} diff --git a/hosts/vm/chene/hardware-configuration.nix b/hosts/vm/chene/hardware-configuration.nix new file mode 100644 index 0000000..9e5a5f1 --- /dev/null +++ b/hosts/vm/chene/hardware-configuration.nix @@ -0,0 +1,32 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/2f28760d-08fe-4614-8e58-1f6fb4482545"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens18.useDHCP = lib.mkDefault true; + # networking.interfaces.ens19.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/vm/chene/networking.nix b/hosts/vm/chene/networking.nix new file mode 100644 index 0000000..adb331c --- /dev/null +++ b/hosts/vm/chene/networking.nix @@ -0,0 +1,53 @@ +{ ... }: + +{ + networking = { + interfaces = { + ens18 = { + + ipv4 = { + addresses = [{ + address = "172.16.10.148"; + prefixLength = 24; + }]; + }; + + ipv6 = { + addresses = [{ + address = "fd00::10:0:ff:fe01:4810"; + prefixLength = 64; + }]; + }; + + }; + + ens19 = { + + ipv4 = { + addresses = [{ + address = "172.16.3.148"; + prefixLength = 24; + }]; + routes = [{ + address = "0.0.0.0"; + via = "172.16.3.99"; + prefixLength = 0; + }]; + }; + + ipv6 = { + addresses = [{ + address = "2a0c:700:3::ff:fe01:4803"; + prefixLength = 64; + }]; + routes = [{ + address = "::"; + via = "2a0c:700:3::ff:fe00:9903"; + prefixLength = 0; + }]; + }; + + }; + }; + }; +} diff --git a/secrets/common.yaml b/secrets/common.yaml index 31c9b1f..d59bff3 100644 --- a/secrets/common.yaml +++ b/secrets/common.yaml @@ -5,74 +5,83 @@ sops: azure_kv: [] hc_vault: [] age: + - recipient: age1p9h7wl3j2fl40gacknt4y95rqkaat8gntrqesx05xcg6yav8tuuqxrqv7h + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFdHc4bm55MjVFUW1xVXZZ + ZmFNMkpnWFUzVlg4WDV1YXZnTEYzNWRtS1JNCjZZVTFTaEQ5VEVSRE41VHpTNUpK + STBUd3k1Ny9qUHFCSytuUk9LSldxcmcKLS0tIDZmM1YwTU1lcjNzSWQ2Y255bFRt + YTBrR2dsdXdHZ0NxbGdqbTFmSXhmYW8Kf2CgStBnmf0hLPq0bhTZPvrkbBHF9YIr + 8S9k43+/0QZSYNuV3ACNGkPWr2TA0XE4mvUyU2Kwx/imP3+7aRJNQA== + -----END AGE ENCRYPTED FILE----- - recipient: age1ed9esfstrdhfl3650mv4j3mjyum70245f903ye6g0f5t2ept73nqyksh3g enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4ZVZ6SjNVVTlpSWU4YnVo - dUJwTmFGcmorNWdteHZwdjBlVXpNa1h4aUNZCkdsSnp0bFBrM3BaUCtreUN4V3p0 - ZVZXMTZDMGdIV1hYTEk5TklPM1hvakEKLS0tIGZoYkJ0aWladUk1RGpvUmJ1Nk1a - MlBWQVNiWDc3M05jbVY4SmpCRFJPWGsKZzeE2OvYcaB1fep6DqB2oR9xDw+WuyAP - GEuBg/KDjEVGLF2GmlVThEEsEmcgOW/yVf2MpAafdkdlWDLhhExMnw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArbXVzanVraGFRUE9BOEtw + eDNSSUgrcVF1SEtscm04b2NINEFtQ0FXZHpVClJoVW9GU0xLWlNrMnJSUEF4d2JO + T1orcjdPRUIyU2poVWJhMkpjS3BGdlUKLS0tIHBFSUFCcGtucDBtZW0yd1czYkFZ + YVRtYWJjd2liRG9UMVB2d1JZdCtWNzgKZUb1isuSStmUMdyIJHj20WdAo6j44AS2 + RWn3hlEW6MhSUSNly8qqljQe1dDA2VLvI8HlvHi2s0mk0+B6GJ25bQ== -----END AGE ENCRYPTED FILE----- - recipient: age1utlywxylme0z3jenv4uz8ftcwteg9877y3zf46fu7zwjjwa05g7q88w8t0 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBcmRoZ1RKMHUwTTA4VWw2 - TlRjRXRXa3ozTWYzOGVXN0VrMWlwL0lDeUgwCkdQU3JueEZUbmlsSnJYSVVrdHlO - TDRaU3YwYjJITGJMUHo4eCtyVm5lMVUKLS0tIFhiUG13L1hPQkk5UUlEcWVZalFU - dWdoUzhJZ1h4VjV3dFpLcDBaMVJEVFEK+6SlZyzokQwOx3d8k/qqjwSoJJmn4ytN - 7YoGydAn8jvsfveRTvR4RgqmbiQut23Zd/ZJclaHM/H66T9LEIk8KQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXOGcwVXNXeFFtclFIVjR5 + RHk2NDdZUnNGZmZzMC9QZjFlUVY1WElrMUdZCjdhRTJrSXRRZHRlWnBMYm5CN1RO + TEtsRmNlMVBtOVZkbUN3bDNscnlGaHMKLS0tIGlIQkttMkRObFNsc3dwcXdqZlBN + ZVJuYzRmeitUemdoOVhsMkFSdElFS3MKZHL23gcpIZXYtoLmi25qd5fYpGwFdSno + 9kyA+LIr9MnHZA51s5Wtib6OAeTDuAwdnbvKHMRkyu+vLLuqJEBwlQ== -----END AGE ENCRYPTED FILE----- - recipient: age1zlpu6qum5xcl07hnsndp78tllqph5jz7q8fr5ntxr88202xq9u9s9r2y7x enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSNGhWRFlFa0F3THNWYVN1 - R3JiUDBQNkpqbmxYbEs5RVVsTFZTcUFnVDBzCi9ITVo0SkcxUFNEdjRzK1hOMlVS - ZUVIeSt1R09uTEtoVmEwWFZMQ2Z3cTgKLS0tIGpqNDBVZFlJRnVSMmZTRTVsVSs1 - YllsQUlYU0NUMVVQY3FTY0N4MHdjbXMKEpEfvPhar+vzKN43YdeSifvqq2rvw8xj - xbjOZotE5I2f4SEni27PrlFgRbV29Uh7XRReq3HDPPMJ6E9jL92QGA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoRzY3T25DNmFOUERIeGJP + Y3dDNnRxalpSTVpqWWpqUDRMSUdJVkVVVm1ZCmszTlFZQnp0V2ZVVUFPKy93SUNm + aWlsVXpDQXNwTmRyM1Q3b2FUMGYxQTAKLS0tIEJiRXJRS2F1YUNSQlFCWXNycHp3 + cWFtNlVObTJhV3V6TUs2dGM3S1Q1RDQKfmbOzWlYN7Oi6qxwkfgpOLKDbrSPWM2F + Qnfcs627Nxzjjjf6yAtz650E1RHRJpc4w30DILLzShDs3JYvPMIuBg== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-02-05T21:38:50Z" mac: ENC[AES256_GCM,data:ZUA6Ij81846B2xumn9YjrlRufj9KfoItf2MCViVbIlQO97or1rJAz+iWxmf/I0YNzhOKzuchyG0X6669fUkePk0qNKrk9HBQLX7BM+O51qgEijrqq2SXlo8hyNTC7zUFL202yT1ATL8uD7lgBZpqgxBOcYp9D7+dkvotzFTOAco=,iv:2o7OGekocDF3Lj8OCnLOwGBBs/k13R1/a0CH+GTFsyQ=,tag:FqPF0Vvbuc5/D5tRLA+r9Q==,type:str] pgp: - - created_at: "2024-02-27T15:24:41Z" - enc: | + - created_at: "2024-05-18T15:43:25Z" + enc: |- -----BEGIN PGP MESSAGE----- - hQIMAwEdD9k5IbiyAQ//V+wZlKWMrEWbDPr00i7md1AAENVEQp1NMxGgIjgqzkFD - /PryzW2KDvzmqVxP0jnLf40bgdaR/QH9RlkL3LglNFPyWqMha0AHM8poCmVkMkb9 - qT30OP3dLgavhYY9SZEm7jOWlyr8gKD4jKFQZqD7ZtAyNcvvGsFsEyugix/x1t3x - VK29LQdnI3IH9DUFk55WGjpO7Q1SYHFbCPjU9OR3Skxol03xqjk0/vhmvpQ0RuRs - /Sp/F8aBveUkGci/RjlgdPme0wcKfmJFAZIy3atdp/0c2WW40EaepKeTiRjphCQC - cAE1iKDPgv+1Fil8KbaiOfYFpaLSaBFcP6xMx8F9HrDDpGLQqBfbaY2K+wyWBQEa - JOm3KHw8YXDp65+oOFPTeHmSdlLzTHcEEUscHmkBs1qBtiWpkMBmSEgkMS+7NWpe - V8SQu5D46rTi/5qnzZUFN8HomStM4JRO6MqNuWnvyhDAqmR0NLIGhKgGRY+G2M+5 - x/lFQO5zmjS6oNMcTUFT3jp0tRBRsNoCWweW7LkibjNlVBzS4L2RHpU7TC0UpuMy - zh60EqerX2bUohW+4fuV7vXA0+HGC7RzxG3ANAzcnf7acqANxj6NWH/EGaZ8g5CI - S4UDh5iet2n+2GYZR24aHnoq3zFejXcuB8lCa4lycKRo6Tsu91fTjLuDqZ8hJo3S - XgF5s+dJ7mF6pN0kI+LBWSn17WsfdiaGVeZvS1cQrRk6VbKYF2b+9s9E81gwftY4 - CnsIZ9f+LYCgRrzJ+hiCekEKj+kxOPSXku1V8fyMSy5oqact8qXO5pUBkKan77U= - =T2OZ + hQIMAwEdD9k5IbiyARAAoBCn/Iox9GPYm3gzY2RXhUKaFxZac4thEAj/Lm99dXr2 + NbZbyuOkJAO2va+v++8uV8BEEXpFHNzcBLK2EuutNxSax/5SZWH+yhPr+/liomBL + 2Vt/4jjHrQ5z9yMuch6DVACc3Lli0FhBlRB37rQsV7v9lso2E0kkEu6bzijYIgnG + VHc8q4AE1JEtTvyl7tbNspS3d3vy3c2yX2FNxwXO4fAlaxsSG8oV1i4dPpuBEaAm + g9i+EVL/vzGPhOPeqXFQXG7PwAZufVgfujWlFfn7Nj0WOE6MYC+9tBb/vuF19/su + 93/XpzFaPFXytVgH2fLUyleL5J4XPTQPHfAB6a/zV+tZIIMslc+x2/cHLmwUO6Cx + o8cld6tIlByP+rI+YZ5sRwOsGU82/TMnbSGRzfKexF9aVy7rF4eo1NhGo/UmBhh3 + Bi5tTx1Q5ySA5FNvoWmhIa7wY+r5GWdew34rtsjTyVVxSIsrLZe7Wd/lPJU6CucA + PdJ8SDBufcyDXDNtOX/hCVQEboJfgKxK5G5SMO/jUltzts7t0ULh+68VC6+aMI2y + 3Cu8hfRsCQgBiF8abi+SncAM0lCBdXokVfPvOLCc4UvTBAMbHx8BP+4BZtOkgeSs + wt1DPA1R9bnsdudmyOYE16YwtPk5lO8yEpbQyxNMdMRjyN2IVzW6lG+QAOpSSwjS + XgH16UkGS34QhAH22lBgU1QDEgPd6AGvumhoNBTHlPg2zCvUrIawwwsU6dXVXlUu + bFMZyQLwzcOqxcx5lQu4uN3yNrNfavn7JJddsaW3FbIvRIIOb6KisrEjMIMb5ek= + =aGN2 -----END PGP MESSAGE----- fp: "0xDF6D6CE9E95E26E8" - - created_at: "2024-02-27T15:24:41Z" - enc: | + - created_at: "2024-05-18T15:43:25Z" + enc: |- -----BEGIN PGP MESSAGE----- - hQIMA/HTIsSK0VBlARAAq6v05jpG35J8oXqoEvhri/0BjhavnlcPWXoYIpgnOh0X - PTnvo1CXqSfkfFlEYjxmn04mGfMTf7XgoE9GRrjN2on/leZofHEiclCeKc+ZY2kL - L/OICAh444ofnqhnLyE9WrQ5vAXpEvF5iron4U9Z8i0LG1heZk8WbBlBrEtwa2yI - bm9S3wcIiOLzUIZw3vccVYbMMjlKf/eUfLk94HDnJ64iMmMfr8UqsnCFO0Ixi54I - wIuK6LuMVPK5EMAM2e+p2a/R0CX/mV3B2Io2zVSqcQ1bTADlXB49nvMQUtJDBeku - pjmLBL4YjBtL/vtMa9KMm4YdQYMZdgSLQRUbBSia4HLreBlzoVrr8yXzDkZ3KSoz - qWvIsliQkYzWd2hC4CYBsGmkz10TY1kjpEbEbGwY+388W5KguKjobXzfDhbqDpJw - X8mnhtXWnQS23CGQ36wkFDE08EyIVtixv4eDXdUpXcveL2F/SGHITRvdFEfjhbRs - 7d4IjdU7idQTdYn/2BEWo0OWxPr9WBky8ZYCONL1/oQnBVaAI8wPf/uHypF/Tog4 - RFl4Otj+2MFfbvgXyrbjMELJKn2/WUGtgUvg3a2JZLO2e8DGe4pu47IQtRT2QElK - gqm1DNaLyNo/GNqMrQoVFE16V2aM0DVlzFH/4tZdbxQ9vo24MELjmXzurCQPDlHS - XgHTec0bEYwlqgZR0O+NxJgZvcp4msqEiKKkN70iYQfuNCe5aV6+cCs/fm0fRo6R - GvHX9YFnmmIkaFbv1U9kwkG5wofQn+Mgcb1XXk3cqOCuqGUrNAe+xZU7lsMEVb4= - =y3T6 + hQIMA/HTIsSK0VBlAQ//dyrIXoBWE4r5tbHgPUr/WFsM0GaB7Y9bEMQut4l4fkoQ + pLu9Hb/TGXm012g05Cifx6JQbal4wOd5BHFW38CFvmDovOkp0fBvX80R+O4chwBB + SnvH0beiJ6MKI4L4OrlZi2w/AWqkBBbVFhPtHB9Qd3FLoTuuh6ih/RdfaPetk54r + O9kEf+3ZR7sYmRVNPpcko9Uy5qAsUuSiz4s0FuX+B/TktFh2adLGR+OfNCqN0EKv + kfVbGW8bN+HCy6CyVtI8jjsGkruk4zqswVBnES1iFzCoWZ4FEgF200wjPcXBnVli + QrP20OzPSaRJnHWokHCmPb1Ssakt6IVr91RLND2mErdgeoyN6pk6ViTQTVXzaFfQ + +BM6/77hiWDxx07suwt4gcasOvRIsD0RB8vTZ+EIEEFtIfuOTuK43nTWNQzZ2si0 + 4xXXPrCDcvVDQp904hdZvfiK+cIiSW29E3uLCtU7p889CXvDjYHPwRp0SNr48DLB + gOxuB0tbjcleW7iGrAUOQTbxkvWRr1i9GNQskXN5dXa4tjurAkQ8oQsBTpev/B3G + zNQ8f6LGsJlLkFFU/yJIVPCGjosMTx7x8DGZT1z2c2d3AqKBOammNS/xMi2/EoQF + pwkArk63u4bNvBItlsGh0FTqeRo6qhHtmAj9DetQLGNFAuROfBbtzfe7yUXM9Y3S + XgF7OAho8OtNtKLewngjmuwgJEaOckg2pC2Etu7A4VEtDB/U7cMeHjKJu99XqAU1 + U9gp8j/k3qecgrRB2GAufJCfyiEpy9L4tckz3CCU7NXDUKb+GDfxxW4oGz0Wq60= + =fKtr -----END PGP MESSAGE----- fp: "0xFA47BDA260489ADA" unencrypted_suffix: _unencrypted