Skip to content

Commit

Permalink
Setup host docker-1
Browse files Browse the repository at this point in the history
  • Loading branch information
@peterablehmann
peterablehmann committed Jan 29, 2025
1 parent 0a7354d commit a2fde53
Show file tree
Hide file tree
Showing 7 changed files with 200 additions and 30 deletions.
9 changes: 9 additions & 0 deletions .sops.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ keys:
- &system_ymir age183wgf8xp46chqk049ekyg7vsan2p50zh4lqfllcllzwuekeywdzqn7pz0q
- &system_heptifili age1nany90gu4anl7vez3nw7fy0y32vrnp4075dqnc4j9797p44765vsuqzfl5
- &system_erik age1p6fu4sdzganl8058d8zfecyd8eldjyg4ea2p8xspzpkm5ag8pv5s4rngr7
- &system_docker-1 age1q64h5llqtcwr9l0pqqm0puyn738hewk9d0rqccy0262pyggk49xquw3l7n

creation_rules:
- path_regex: secrets/common.(yaml|json|env|ini)$
Expand All @@ -16,6 +17,7 @@ creation_rules:
- *system_ymir
- *system_heptifili
- *system_erik
- *system_docker-1

- path_regex: secrets/mns.(yaml|json|env|ini)$
key_groups:
Expand Down Expand Up @@ -44,3 +46,10 @@ creation_rules:
- *peter_kleeblatt
- *peter_sleipnir
- *system_erik

- path_regex: secrets/docker-1.(yaml|json|env|ini)$
key_groups:
- age:
- *peter_kleeblatt
- *peter_sleipnir
- *system_docker-1
10 changes: 10 additions & 0 deletions flake.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,16 @@
./installers/home
];
};
docker-1 = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs outputs; };
system = "x86_64-linux";
extraModules = [ inputs.colmena.nixosModules.deploymentOptions ];
modules = [
./nodes/docker-1
self.nixosModules.common
nix-topology.nixosModules.default
];
};
erik = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs outputs; };
system = "x86_64-linux";
Expand Down
14 changes: 14 additions & 0 deletions nodes/docker-1/default.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{ inputs
, ...
}:
{
imports = [
./disko.nix
./hardware-configuration.nix
./networking.nix
];

virtualisation.docker = {
enable = true;
};
}
45 changes: 45 additions & 0 deletions nodes/docker-1/disko.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
{
disko.devices = {
disk = {
x = {
type = "disk";
device = "/dev/sda";
content = {
type = "gpt";
partitions = {
ESP = {
size = "200M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
mode = "";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
rootFsOptions = {
compression = "zstd";
"com.sun:auto-snapshot" = "false";
};
mountpoint = "/";
};
};
};
}
21 changes: 21 additions & 0 deletions nodes/docker-1/hardware-configuration.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{ lib
, modulesPath
, ...
}:
{
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")
];

boot = {
initrd = {
availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
kernelModules = [ ];
};
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
};

nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}
62 changes: 62 additions & 0 deletions nodes/docker-1/networking.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
{ config
, lib
, ...
}:
let
inherit (config.lib.topology) mkConnectionRev;
IPv4 = "188.245.209.125";
IPv6 = "2a01:4f8:1c1e:8464::1";
in
{
topology.self.interfaces.eth0 = {
network = "Internet";
physicalConnections = [ (mkConnectionRev "Internet" "*") ];
};
networking = {
hostId = "f8d512a2";
domains = {
enable = true;
subDomains."${config.networking.fqdn}" = { };
baseDomains."${config.networking.domain}" = {
a.data = IPv4;
aaaa.data = IPv6;
};
};

useNetworkd = true;
useDHCP = false;
hostName = "docker-1";
usePredictableInterfaceNames = lib.mkDefault false;
domain = "xnee.net";
nameservers = [
"185.12.64.1"
"185.12.64.2"
"2a01:4ff:ff00::add:1"
"2a01:4ff:ff00::add:2"
];
timeServers = [ "ntp.hetzner.com" ];
dhcpcd.enable = false;
};
systemd.network = {
enable = true;
networks."10-wan" = {
networkConfig.DHCP = "no";
matchConfig.Name = "eth0";
address = [
"${IPv4}/32"
"${IPv6}/64"
];
routes = [
{ Gateway = "fe80::1"; }
{ Destination = "172.31.1.1"; }
{
Gateway = "172.31.1.1";
GatewayOnLink = true;
}
];
linkConfig.RequiredForOnline = "routable";
};
};

services.tailscale.extraUpFlags = [ "--accept-routes" ];
}
69 changes: 39 additions & 30 deletions secrets/common.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,56 +20,65 @@ sops:
- recipient: age1hczyac0fvxs2uegmvgfld464p2ffqs7wkg3jn2lkmzq4drr5aywqqd376x
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5WHhySTBydC9SNGl5eUU3
em5yOElCckdhWVc2SDFoRklpSXllVXJVc0RzClpkbUlmYjg3dlR5RzJUaXRXcmEv
TE9SMG0raTZLbUxkcUNwVmMyZjVNaTAKLS0tIHBvOU5YM3o3WXdMOVBzODdmSHRP
enZNSXhXZlhiZi90dlUyRmIvWlk3V3MKkI4DF5EoXY+ZSwCvNleeFchFwFkcSZMV
TaeRPjxZutkHVJ8yzLhSZM7mUHd0ZigSGDyBrAP+SmWT7U0vShn7eg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzN2JWRS9acnErSnZYL3Bo
SWRlQmhJR3NzckN3TjUzUERqVnM3V2tLeFR3CnhES3VXR1NsbG5HcnpKc1VRM2NP
eTg1WldoS0pWWlZOc21oenlaeTRzejQKLS0tIE12eWhpaVJ6ZmFnYzREQkpvYkdK
NDROUHk4OVdNcUlQLzlrVmU3YnQ5c0kKRY0q01NTngg1fO31T3sUwOm90de4wada
n1EF09/b4h0d9sdLcd1ROxvJLJXvDUD8tKpCslmH8wKlO4AngDKEwA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hlpr0fx03wk4q2fk86w6ywm5tw8e0n7k7e850yj73g4n08pf3pxs5rlwz9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGejZDZmYrclZYcWJHUmVv
VjNtTlVlcEdDZm95Y1lxazc0SHBsa0NCZkhjCjhPSmpRTnFQUUdueU00MHcwM2E2
anhheWFKT1VQVlpTbHl5dWhNMi8wbG8KLS0tIEJKMVd2S0JwRWdtb25QWG91Yjd2
S2FsK1RtbU0xMmNUa0YxTFFDWFM5czAKlfwsXoIUbHS/vfaJSFCd2jjkF8eq2Bnh
TUYYOQjZUT+KTV0EQOzrKIBy/g8lXPTcxrNVqxH17l9xOFkcXVd34w==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWV2tWN0s2RFhFdjVUYzdH
dDZXbjc5TUtid3l2SEt2Y2ZZZUZ6NDNtdXcwCnE1RFpPd3MvcGdCZ2FnT1NNdmpO
SDBkV1d6TzNkM0NPK3VKWEkvbStGY0kKLS0tIGVkS1dFWVU1dWNtbmU2NGphN2Va
bXZOc1BhT1h2N05yYVE1bUZ6bzhaNlkKp+UnigZ03cf7r/Yfo5uo4/r8s9HSo20q
OjV0KEou0ywhdmpAtYGJv2n8thE7oRgs+RHqPzIioCgPq9r77HEZcw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1s7xs405mkw2gagclktekz27lxhh38se7adrkdfc0x2l28j9xsvdqcdrsyr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvYXpZM2lkYVBnVVZBa3Bj
S3VoOENaV25kVTBuc1d3WS8xcThjeHZxU0ZZCnJhQ21YWVc0dHRlclFsOUFCd2Nx
TnBBbkkvZWJvS3krSWJmSlg2cE5xenMKLS0tIFpRb3N3RHNNQUpGODVxZXlXcU1o
elljbWpyblVQcHRCZWlwMDB3RFNQTzQKNRLrWZu1PStERnVelx0XZ/mD2ombJVDD
W0PGYpi72oS+KMgA8ub9uRicRhXuF4vnD7ZrBiBwOIA3FJbtMuxfeQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQYWlsdUxPcnN0QXN6eUph
RzhJOHIzMzlRdVUxQlp6cnp3ZE4yMlJOY3hnCjJWYmtpUGFmM2NHQTBsRUNtTkVI
VnEwMDRJOHFmQU1aaVVkWkQ1TXZrVDAKLS0tIERWN0xwWXRzREJHUmwzbDBtL3l1
VFVTd0grTUNIRnpkS25EQWlyRE0zR1kKF76Azm8wOCnBz2yYqZWq8ZoRMEPm01UU
OpR/KxdYL4vQ8NNxH5RZgBIp85Qf9P+9QCgQgvu4MbUd5AJG/MtmLw==
-----END AGE ENCRYPTED FILE-----
- recipient: age183wgf8xp46chqk049ekyg7vsan2p50zh4lqfllcllzwuekeywdzqn7pz0q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWK0diRnM3Z1BNaHQ2K3ZY
eXRUYzhuamV1OWJrbnRjZmFGZ1E4c2pRNGxJCkFmWnhPUDE4bHNnVDdPNm03OHdY
eGFDREdaNkhtSmpyL2tlVWRuRHZWaWMKLS0tIGE3Z3hPSTdSY1VrVkw4OERpdmJ5
YXBsd1pTazNKOHlnNWxkOWRIZ05qTDQKJBqrXD28OmN6AbCfb3G8vsfjUVCcEbvY
gFgfWJp1Pfzy/+GxpHJ74u352K6nSoE27Tq5qsy9czH/F59EqSlJ0A==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsL2JLSHpPcEZ6VmZOMEc1
VVAxVUVrVG0rOHJJOXNINHRBYzhxWUlLTFNrClpOTVM2SDFXTG4rMjV2NWZMRUtz
RmtTU3hDS0FZQ2FkQmIvQVo5Tk1GZ1EKLS0tIEFoeHdxWjk4ZktZZ3lXRnhyQ3dl
STZDT2NHNlozaDdPWU96S1ZGY2Y3d3cKhlkDt96/mStWkLSC6DLU0wp5iRHWCgZp
iXnLGYAWS6CXaOlX+zC/jE5R4brRy4aLIPqkHSuZC5mHMBXDGLgLrw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nany90gu4anl7vez3nw7fy0y32vrnp4075dqnc4j9797p44765vsuqzfl5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBieUNBdm0zZE90a2haNTFm
V0F2ekVOMTZvM0QzN0FkRDJuMUFPMXZzYzBnCld2dXdNaC9QZ1FWcS9MSWx2VCtj
YVNrRjN4SE04RGoraVNGTHNrOWtiVW8KLS0tIFphTlB0Y0xhckdkanI0RjlrZ3Aw
NEt6V2ZXS3ZJR3pZdWxRd0lHS1AwbGsKDsT2LmN8ixg+IqBRaBDhRQ16SSFCExJu
PicstYRbaoqTWrZYVowmMMdT/c9c0t+wh6qmtPC+zK8k006VkRXcPQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvTUNLWjVSclFUZnN5UTRV
L3lDM0xWYzNKZnYySU1adFh0c3VsREI0dkRnClJud002VDE1QTh4SkhtM2hBUHAw
dnJMU3ZoeG9iZmlteXZNNnI0K3ExVEEKLS0tIFhaOUNoVGx1ZmZhZWFIM3hENjQ1
ZlBzZzB6ODVseE10VG1idHZod1A0V2sKFe9YEgHvIzC7JirwynC1gMbuA3hXnS4B
3bBbz8HR1KG+NCr6oQMuoL9AlW5ZLlnJfzXgOAjcmcGDF16RLNTf3g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1p6fu4sdzganl8058d8zfecyd8eldjyg4ea2p8xspzpkm5ag8pv5s4rngr7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2bS9WbXRzei9CUHJTNUh1
RDcrRzZwK0UyLzAreVltZnZSbW82dlUxTFNvCmw5WEd6NTJOZ3VGckxsNVlUeEJO
QXV2ZnRnUC84NDJzL2IzWXhVTkJwMHcKLS0tIFYxTVZSYU8rZFBLQnpDR3B4Z2N6
K253S3YvWTZWV1M5Wjk3M1lsTXl0SFUKuTs5spfsdoA312pMOVbmsSP5NyhAijAz
rTZCb45Ly6fJtiC3xWe8IVzCYX1WHC+HkUnMxagqYfVW7px66iEXvg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKaVVnVFRiS2NtUnBGeTBS
UWdqbEdBNDdSRGRIVjhnOTVXcnVkVkh6VzBrClBZbm1Ma0JvNytIQ3hDZ2YzcE1K
c0Nsa3NCNDZubEtoT1FtWDMyaTBGZjgKLS0tIERuSnFiU2gzazUrTzhtTTY1aFdG
NnJhNnRxdHRYVm45ZThMQVRsNEhtZWMKH7gyTz6Op0SKeTaQj9Nno/bzAncAP2ud
xgxqSNtC4CG6CXTfyUCNY38wokRa/1cBM9JFry8Q5QyqahqmTKF6zw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1q64h5llqtcwr9l0pqqm0puyn738hewk9d0rqccy0262pyggk49xquw3l7n
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0YkFvbkxyN3E4UzRXbkh4
b2tyMFU3cjRaVnhxcU1BWHVVRDNWMWYzWUFFClhzTCtqMzdINkQwc29BS3BJakpO
ZmlxMDFxSVJJcmRsWXVrYkQzd2l1S0EKLS0tIHFDZDVUazMyd0hZNC9ZZWxKTWNw
NGFRUnl2K1FYWUN1Mmk5TmY2Tlc1T1EKUwrhiqMFKW3MnD8kuNrQR7Zcq6H3FnXi
XDUhHowM85398+3K2nn2kGIZ4Trt0Zc6yRE8V+Vo3Q0ioD4RtJ77Cg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-02T19:16:05Z"
mac: ENC[AES256_GCM,data:BAN5CT6YEq/Uvuqu9LtjOQwsdcY1ac30C6RLGHimyvGwFMW85TXG+63ThBv6SQdRDIke1WfZv4jj/U/cxIeIvMclqaS5YcDYcmqR/MvCl0LF6CJaMM2dtGgpuDiXKb4BUj9KvhfRZVyRtaRd3mvrh3XTp/GRKkwg6oT3GTSP3cU=,iv:2Q0vMfbJEl4XY6IwEnpyFwo02o/qWm7o8C4hduV/QSk=,tag:yh3QlJlTvAAoAtPPMdsTJg==,type:str]
Expand Down

0 comments on commit a2fde53

Please sign in to comment.