nazuna: Init

2023-10-04 15:15:54 +02:00 · 2023-10-04 15:15:54 +02:00 · 7fc8a4694c
parent 70ee0e1d59
commit 7fc8a4694c
10 changed files with 189 additions and 0 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -10,6 +10,7 @@ keys:
  - &nunotaba 3176be14f468c6d43ab2206b4f273abccd49806b
  - &okarin 868497ac4266a4d137e0718ae5fc3caa3b8107aa
  - &shinobu 28677f2e3584b39f528a779caf445ebb39c882b7
+  - &nazuna 0b8be5d87a10a0e68dda97212c4befad1f9e915c
 creation_rules:
  - path_regex: machines/nunotaba/secrets\.yaml$
    key_groups:
@ -61,6 +62,11 @@ creation_rules:
    - pgp:
      - *simon
      - *shinobu
+  - path_regex: machines/nazuna/secrets\.yaml$
+    key_groups:
+    - pgp:
+      - *simon
+      - *nazuna
  - path_regex: secrets\.yaml$
    key_groups:
    - pgp:
--- a/keys/machines/nazuna.asc
+++ b/keys/machines/nazuna.asc
@ -0,0 +1,28 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+xsFNBAAAAAABEACFObg8AdI3RPFxyl/K0tm3W9jkufQcYk/LwLP1Z2xb38EJZLUy
+YEJzdZaJei6HY9rMM8tQjgCzFi7OzTVqw5I1NAs0LGGlVKv/mjuQV99SKtB8ujFF
+VcuGBVDLGOx8+6sW63YojMJ6O7eMaKQhO2zSdzsVO0BqYyAy2niJz2gpOknnITB0
+zsj/uliLSgtPyo3zTt+tDD3oPAFFm09G9QNIXiyFBSL8h4pGBiHwSL7VC9JWM7rt
+BRB921LtlOt7W8hr29THuRP05tZJAwbN/W3NnLhOxpBXEHrcPe4Yt2Cz+xbLhn27
+h5sw4XcEqewkzLXwbB/CzB3FY97mL3ekoWXS+LZFBtkWx2d00+BVFZe+qTA8bRjO
+AEO7HUUw4U9fOwTpQLMqH53FAEB5zDAT67CTXsLW921URHlPTVkm+G1Yy3S2k03H
+6erBc0xBHqClnFCm86TZqceebEeqV2PUk/b2oBy2uSoFccI9Da9/dn83ryJD1c3U
+V9pfq5oOf77F3Z428Ds6SaWeQb6SY7zbHfu9SNnOxau9NiCJoRXfGp5LUCFhSLm0
+2Oc5tk+w2fMpP27XFccI1nSaAEnSUIb5o8ZHsxILIr/0JMGvxHfoWyiNhYu4mZEZ
+Mlfl+GmIONGhEz897KboCYlks5X0Klp2eH/lfgx9ECSHXMnE2kD9GFnX6wARAQAB
+zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT
+AQgAFgUCAAAAAAkQLEvvrR+ekVwCGw8CGQEAADz7EAAC36CJfCApYkrLYSY59XUn
+tr7Jdl+tFjeYlu1+s/Rm7VgwGV70KfYPJw3nmETTcXK6g91mdVMsf9kUxDN4jYsn
+yvRSXRpiqOS0NSYbYgeM9n5uSKIfbCC30UcAmH7iUL/eIjmPe8x8PhsstkuZ9nU3
+OjAQh1mStUs0MELJMLzhY4PRXwOHFHRHvHJr5Ufcm1SOVbiJlDShJp+jAJTSftVc
+miwsA6jmM9GR96OskaN058yujzpQA29858/61qMZuyqflKIYW7ti2dHm4WCew5uN
+gPmmqUOJNkFavEgtEWLyTARqPb1Q3ptdjePDP07dOxoweB/1XkXauGk81I6cJgJF
+WTnZ7+LhqIj9qyQUPHQzb3iWMxWmSM+XFWbuYFTkbIcZNqWwV2kdqr2dl0Hmur9k
+WdYGNApGIhaFtMb2iSmz78kMwy/Jhz9i4XhAvAdG3xHxtr3FjJw8DM7iQl76gdJw
+fEaM5hLk9M0aZSPKZhxnCBtWgAqw+Wa6aXv6sDw5Y+EY+dW7TAEVEpBrLikO+43D
+yzlS7Q8+SZD73O14taPKCGa9H050QHB4R9FNrKBg92Z+W8WBnoxYI5Oefdcgw3sj
+qp57wibrJRyf+SmNY1vD/PIYM3dIMnIWsXYTS3/AwhZ9KIl1x2jD+LorMK+MBCub
+L72+WUfElaj3SjHJ12Cm1A==
+=Fu4f
+-----END PGP PUBLIC KEY BLOCK-----
--- a/machines/default.nix
+++ b/machines/default.nix
@ -62,4 +62,9 @@ in

    targetHost = "shinobu.home.sbruder.de";
  };
+  nazuna = {
+    system = "x86_64-linux";
+
+    targetHost = "nazuna.sbruder.de";
+  };
 }
--- a/machines/nazuna/README.md
+++ b/machines/nazuna/README.md
@ -0,0 +1,13 @@
+# nazuna
+
+## Hardware
+
+[Alwyzon](https://www.alwyzon.com) Storage Server 1T (1 Xeon Silver 4416+ vCore, 2 GB RAM, 1 TB HDD).
+
+## Purpose
+
+It provides services that need large storage and a fast network connection.
+
+## Name
+
+Nazuna Nanakusa is a character from *Call of the Night*
--- a/machines/nazuna/configuration.nix
+++ b/machines/nazuna/configuration.nix
@ -0,0 +1,16 @@
+{ pkgs, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+    ../../modules
+  ];
+
+  sbruder = {
+    wireguard.home.enable = true;
+  };
+
+  networking.hostName = "nazuna";
+
+  system.stateVersion = "23.05";
+}
--- a/machines/nazuna/hardware-configuration.nix
+++ b/machines/nazuna/hardware-configuration.nix
@ -0,0 +1,56 @@
+{ lib, modulesPath, ... }:
+
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  boot = {
+    kernelParams = [ "ip=86.106.183.111/26::86.106.183.65::nazuna" ];
+    initrd = {
+      availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+      kernelModules = [ "dm-snapshot" ];
+      network.enable = true; # remote unlocking
+      luks.devices."root".device = "/dev/disk/by-uuid/b20be409-adb6-47fc-ba9b-c07e61503070";
+    };
+    loader.grub.device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0";
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/05b0918e-3c24-45bf-950e-4af9d89d3be2";
+      fsType = "btrfs";
+      options = [ "compress=zstd" ];
+    };
+    "/boot" = {
+      device = "/dev/disk/by-uuid/7e93d8ba-516b-424e-a8e5-149c1654212a";
+      fsType = "ext2";
+    };
+  };
+
+  swapDevices = [
+    {
+      device = "/dev/disk/by-partuuid/08140a4b-38d7-4af3-b302-ccc952b085eb";
+      randomEncryption.enable = true;
+    }
+  ];
+
+  networking = {
+    useDHCP = false;
+    usePredictableInterfaceNames = false;
+  };
+  systemd.network = {
+    enable = true;
+    networks = {
+      eth0 = {
+        name = "eth0";
+        domains = [ "sbruder.de" ];
+        address = [ "86.106.183.111/26" "2a0d:f302:123:8d61::1/48" ];
+        gateway = [ "86.106.183.65" "2a0d:f302:123::1" ];
+      };
+    };
+  };
+
+  # no smart on qemu disk
+  services.smartd.enable = false;
+}
--- a/machines/nazuna/secrets.yaml
+++ b/machines/nazuna/secrets.yaml
@ -0,0 +1,52 @@
+wg-home-private-key: ENC[AES256_GCM,data:fqdPyTa/0Ixr0sO8m06Q1xoAFYBA3q2P4Ho7k6AZBakcKvaXyqFiaISsIuk=,iv:tFANTuH8NHs7cHGduzn66njpCfK1tyydRlBCwv/ffyQ=,tag:Q+dBhMjjHG0cZlfindxBhQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2023-10-04T14:03:02Z"
+    mac: ENC[AES256_GCM,data:hq5V3kGoTgox9/tJRvLk6hhfG4b9V31ACMOhWVI4kEdWUKJ+o5NvRfh7ITgkNpwR1LYMGQBl/b2bhQEGt6QLYG7zd0QL/htOY8rT7u9QAp6EnZxpIYMzEkDjLzT6xLdSiUVl1XgmObkoHagkZARkBk2IWrzsrdxFklS5vjaWzEA=,iv:pM2qoSHOojQ8PaYKoWOagsZol+bNEUDJeuPh+T6v5HM=,tag:rOMaP5hSEzCNm98Vei1jdQ==,type:str]
+    pgp:
+        - created_at: "2023-10-04T14:02:47Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            wcFMAwDgSONkM+d4AQ//fbn9ndkcj/KuMA7xnVgfM9M1TGxcT3g/yz4WljwfBbrz
+            D9ZNEkw0x2HihRyKC22HLKk9tKc02tXyDFnebx+ygQCqmXgQ+uv7kirNw7HK/cBM
+            DM2Iuy9nXQ5eToF4IvhNay1iQZ83EjAbA7NkcU799VA1iZK6ysjB5ytONQQmc3m7
+            tKKmOyLZJGOWSENWXcjSJ79UJgBqwvMndUSbNEdkeR7zuRMqBNpBkcXmzpwdyKPk
+            qYnepM4DRPhkLEd1x70Ygm5KOiQOIq4ck+rSEwnW3Cd2oAeu6LYWF10y+vl+hL/r
+            lUkaFyjxXT4kkZERF1ehX1LIg9k/DuxqQhM5aUqiDTAdEOyHqg9gP2JnhpMwMplc
+            5UhwxDB6lDtAdHlDF45c1E269JFokEAt6TJYwAllkSaSG6luNkylR02mEUGG7psy
+            78VEFdSjmjwEJYGJiMaffeDgwBX5Vh8KLFQH1U9DcOsZBEDlIEPWWlM8YOKMWgI/
+            q5nhVBypdAobXV1Hpp8WFMyvW6TeU0VUWqNQ5ffWewuoq2MMehH+ScoIHEcbqXkp
+            z06HylKGL2kXioTYkPEjSeWbgh1kPHmkDUU1sIXPMLgwPUtUuK1bu4qku5LOuef/
+            1HL0olT8YB1F14QEhqmpnL2Ylxee9ceQR1SrW9wa9ewEjoW9WUzGByodOLZPim3S
+            UQEDjF7H2ITDmx2ig+CwK9q1hsSKFLppmpBV+16MchCajHNlsH9f3i9heUpRo3CC
+            Gb9vZF5ceq+YaVCACBJX3Q0VBKAagv/cOijg1Im17us/Rw==
+            =HIlx
+            -----END PGP MESSAGE-----
+          fp: 47E7559E037A35652DBBF8AA8D3C82F9F309F8EC
+        - created_at: "2023-10-04T14:02:47Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAyxL760fnpFcAQ/+OY1aC531MJoPAL9tfrg7nEusshgk7FV6kv5xehB7KM4j
+            ENPpV3XtIfxktxWuddLS6nw4l0m7TCcd85Ggwg3LqdqRLj2e+0mNCpV2h0xRrpiz
+            OgKS3Vm9aWpGkkfhP2vFafs2GrSfPcV7JfCjQRh3IfCYwYUrkxbGHI3vYBIvm92W
+            vwHuF//K3fvt/QcnXJUjHomoCaDfkYFiU6YmZLrXBgIXydAFm9iYg+QmamlUGGZe
+            SBs3Uo3bEegUcY0/v4B0FfRUWkG5w1G3lHH+cHjiYu13/C85ePDKIooRFrGGjjGT
+            iPp9XXw0sjK+x3Cx6PUYh4aopMHx16j6cpoZf7w7hnchC4fAneI5otTp/fMAOX3P
+            LVoY1Hq9FPkSelg2E3jvgvUS9sD5iwCUKRKDiZa1cJeY7HG38pin1BIdlcquqsSg
+            kmeSwT32jTUF/PXKvh8uLmpydkfFdHkmwaeAaSaZLQdOlFLprZ+jeD5xbS/1FMlc
+            7VS5ogHApXZJWmwteuwmepecF6EsuzZsRsZUtoEHxNdtyOIs86nVwdw/C67XqyD2
+            Cy1z9lVrJl68u7x6alSLdaLai0ksOlTAqGPi9+R5e3X/PvwN+3jNtds+peCaxvbw
+            2LchLh1+xF1WzMKZwERN5VgB6dgAW+9GSMADyTF72X6b1HIZGo9T0JDuVl6zbuvS
+            VgGmxZQt65l2akTeMpgogJ1jIl+x/+TQNubacEdF928W5ncGyP0WKym5ljPJt+j3
+            /kEYpD+nlOKgTblX8NuaHqn1PT/M5wMdyTRHHKUD2LM4+RjmpuV3
+            =jXpQ
+            -----END PGP MESSAGE-----
+          fp: 0b8be5d87a10a0e68dda97212c4befad1f9e915c
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3
--- a/machines/renge/services/prometheus.nix
+++ b/machines/renge/services/prometheus.nix
@ -69,6 +69,7 @@ in
          "vueko.vpn.sbruder.de:9100"
          "okarin.vpn.sbruder.de:9100"
          "shinobu.vpn.sbruder.de:9100"
+          "nazuna.vpn.sbruder.de:9100"
        ];
      }
      {
--- a/modules/ssh.nix
+++ b/modules/ssh.nix
@ -67,5 +67,13 @@
      hostNames = [ "shinobu" "shinobu.home.sbruder.de" "shinobu.vpn.sbruder.de" ];
      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJJNZPT2Mmys2nw/ovX6Z1Cb4WDAaWBWanycNwF9IEjl";
    };
+    nazuna = {
+      hostNames = [ "nazuna" "nazuna.sbruder.de" "nazuna.vpn.sbruder.de" ];
+      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMCdrgQuomT1YDXCguxSpyn0ovegcpBjZ+kOhukIr9n/";
+    };
+    nazuna-initrd = {
+      hostNames = [ "[nazuna.sbruder.de]:2222" ];
+      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN/VDiagTEI5BIjTrPRkGWAH3YurcMEV8i6Q8PSnxlg3";
+    };
  };
 }
--- a/modules/wireguard/home.nix
+++ b/modules/wireguard/home.nix
@ -36,6 +36,10 @@ let
      address = "10.80.0.12";
      publicKey = "ErLWueo4ikYH/mKHr3axyoAVZh+Bdh1NQBet42aD0kk=";
    };
+    nazuna = {
+      address = "10.80.0.13";
+      publicKey = "TALmk853OVeRYoLWFcOE+caRGYmbnkHpLAHIIL2nuyQ=";
+    };
  };

  cfg = config.sbruder.wireguard.home;