diff --git a/.forgejo/workflows/check.yml b/.forgejo/workflows/check.yml index fc6ec37..fe6890e 100644 --- a/.forgejo/workflows/check.yml +++ b/.forgejo/workflows/check.yml @@ -1,51 +1,13 @@ name: Flake checks on: [pull_request] -env: - USER: ci jobs: Check: - runs-on: ubuntu-latest + runs-on: self-hosted steps: - name: Check out repository code uses: https://code.forgejo.org/actions/checkout@v4 - - uses: https://github.com/nixbuild/nix-quick-install-action@v27 - with: - load_nixConfig: false - nix_conf: | - substituters = https://cache.nixos.org/ https://nix-community.cachix.org - trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= - keep-outputs = true - - - name: Calculate flake.lock hash - id: flake-lock-hash - run: | - echo "hash=$(md5sum flake.lock | awk '{print $1}')" >> $GITHUB_OUTPUT - - - name: Restore and cache Nix store - uses: https://github.com/nix-community/cache-nix-action@v4.0.3 - id: nix-store-cache - with: - key: cache-${{ runner.os }}-nix-store-${{ steps.flake-lock-hash.outputs.hash }} - restore-keys: | - cache-${{ runner.os }}-nix-store- - - gc-linux: true - gc-max-store-size-linux: 10000000000 - - purge-caches: true - purge-key: cache-${{ runner.os }}-nix-store- - purge-created: true - purge-created-max-age: 42 - - - name: Prepare cachix - uses: https://github.com/cachix/cachix-action@v14 - with: - name: pub-solar - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - useDaemon: false - - name: Check formatting run: | nix --accept-flake-config --access-tokens '' develop --command treefmt --fail-on-change @@ -54,6 +16,8 @@ jobs: run: | set -exuo pipefail # Prevent cache garbage collection by creating GC roots + mkdir -p /var/lib/gitea-runner/tankstelle/.local/state/nix/results + for target in $(nix flake show --json --all-systems | jq ' .["nixosConfigurations"] | to_entries[] | @@ -61,7 +25,7 @@ jobs: ' | tr -d '"' ); do nix --print-build-logs --verbose --accept-flake-config --access-tokens '' \ - build --out-link ./result-"$target" ".#nixosConfigurations.${target}.config.system.build.toplevel" + build --out-link /var/lib/gitea-runner/tankstelle/.local/state/nix/results/"$target" ".#nixosConfigurations.${target}.config.system.build.toplevel" done nix --print-build-logs --verbose --accept-flake-config --access-tokens '' flake check diff --git a/flake.nix b/flake.nix index d97687a..f66a4b7 100644 --- a/flake.nix +++ b/flake.nix @@ -91,6 +91,7 @@ jq ]; }; + devShells.ci = pkgs.mkShell { buildInputs = with pkgs; [ nodejs ]; }; }; flake = @@ -122,6 +123,10 @@ hostname = "10.7.6.2"; sshUser = username; }; + tankstelle = { + hostname = "80.244.242.5"; + sshUser = username; + }; }; }; }; diff --git a/hosts/default.nix b/hosts/default.nix index c17b5cc..429730c 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -58,6 +58,16 @@ self.nixosModules.loki ]; }; + + tankstelle = self.nixos-flake.lib.mkLinuxSystem { + imports = [ + self.inputs.agenix.nixosModules.default + self.nixosModules.home-manager + ./tankstelle + self.nixosModules.overlays + self.nixosModules.core + ]; + }; }; }; } diff --git a/hosts/nachtigall/wireguard.nix b/hosts/nachtigall/wireguard.nix index 3008ef3..ff47d92 100644 --- a/hosts/nachtigall/wireguard.nix +++ b/hosts/nachtigall/wireguard.nix @@ -28,6 +28,15 @@ "fd00:fae:fae:fae:fae:2::/96" ]; } + { + # tankstelle.pub.solar + endpoint = "80.244.242.5:51820"; + publicKey = "iRTlY1lB7nPXf2eXzX8ZZDkfMmXyGjff5/joccbP8Cg="; + allowedIPs = [ + "10.7.6.4/32" + "fd00:fae:fae:fae:fae:4::/96" + ]; + } ]; }; }; diff --git a/hosts/tankstelle/backups.nix b/hosts/tankstelle/backups.nix new file mode 100644 index 0000000..c5bf79b --- /dev/null +++ b/hosts/tankstelle/backups.nix @@ -0,0 +1,13 @@ +{ flake, ... }: +{ + age.secrets."restic-repo-droppie" = { + file = "${flake.self}/secrets/restic-repo-droppie.age"; + mode = "400"; + owner = "root"; + }; + age.secrets."restic-repo-storagebox" = { + file = "${flake.self}/secrets/restic-repo-storagebox.age"; + mode = "400"; + owner = "root"; + }; +} diff --git a/hosts/tankstelle/configuration.nix b/hosts/tankstelle/configuration.nix new file mode 100644 index 0000000..2b1a177 --- /dev/null +++ b/hosts/tankstelle/configuration.nix @@ -0,0 +1,16 @@ +{ + flake, + config, + pkgs, + ... +}: +{ + imports = [ ./hardware-configuration.nix ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + + system.stateVersion = "23.11"; +} diff --git a/hosts/tankstelle/default.nix b/hosts/tankstelle/default.nix new file mode 100644 index 0000000..a379466 --- /dev/null +++ b/hosts/tankstelle/default.nix @@ -0,0 +1,13 @@ +{ flake, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ./configuration.nix + + ./networking.nix + ./forgejo-actions-runner.nix + ./wireguard.nix + #./backups.nix + ]; +} diff --git a/hosts/tankstelle/forgejo-actions-runner.nix b/hosts/tankstelle/forgejo-actions-runner.nix new file mode 100644 index 0000000..294db44 --- /dev/null +++ b/hosts/tankstelle/forgejo-actions-runner.nix @@ -0,0 +1,62 @@ +{ + config, + lib, + pkgs, + flake, + ... +}: +{ + age.secrets.tankstelle-forgejo-actions-runner-token = { + file = "${flake.self}/secrets/tankstelle-forgejo-actions-runner-token.age"; + mode = "440"; + }; + + # Trust docker bridge interface traffic + # Needed for the docker runner to communicate with the act_runner cache + networking.firewall.trustedInterfaces = [ "br-+" ]; + + users.users.gitea-runner = { + home = "/var/lib/gitea-runner/tankstelle"; + useDefaultShell = true; + group = "gitea-runner"; + # Required to interact with nix daemon + extraGroups = [ "wheel" ]; + isSystemUser = true; + }; + + users.groups.gitea-runner = { }; + + systemd.tmpfiles.rules = [ "d '/var/lib/gitea-runner' 0750 gitea-runner gitea-runner - -" ]; + + systemd.services."gitea-runner-tankstelle" = { + serviceConfig.DynamicUser = lib.mkForce false; + path = with pkgs; [ + coreutils + bash + coreutils + curl + gawk + gitMinimal + gnused + nodejs + wget + cachix + jq + nix + ]; + }; + + # forgejo actions runner + # https://forgejo.org/docs/latest/admin/actions/ + # https://docs.gitea.com/usage/actions/quickstart + services.gitea-actions-runner = { + package = pkgs.forgejo-runner; + instances."tankstelle" = { + enable = true; + name = config.networking.hostName; + url = "https://git.pub.solar"; + tokenFile = config.age.secrets.tankstelle-forgejo-actions-runner-token.path; + labels = [ "self-hosted:host://-self-hosted" ]; + }; + }; +} diff --git a/hosts/tankstelle/hardware-configuration.nix b/hosts/tankstelle/hardware-configuration.nix new file mode 100644 index 0000000..ec9b465 --- /dev/null +++ b/hosts/tankstelle/hardware-configuration.nix @@ -0,0 +1,41 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + boot.initrd.availableKernelModules = [ + "ahci" + "xhci_pci" + "virtio_pci" + "sr_mod" + "virtio_blk" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/17531ffc-46bd-4259-8287-2dea73804b5b"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/AF98-AA5C"; + fsType = "vfat"; + }; + + swapDevices = [ { device = "/dev/disk/by-uuid/7aee04b5-1ef9-43de-acb4-70ac1238b58a"; } ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/tankstelle/networking.nix b/hosts/tankstelle/networking.nix new file mode 100644 index 0000000..2c8f760 --- /dev/null +++ b/hosts/tankstelle/networking.nix @@ -0,0 +1,42 @@ +{ + config, + pkgs, + flake, + ... +}: +{ + networking = { + hostName = "tankstelle"; + domain = "pub.solar"; + enableIPv6 = true; + defaultGateway = { + address = "80.244.242.1"; + interface = "enp1s0"; + }; + defaultGateway6 = { + address = "2001:4d88:1ffa:26::1"; + interface = "enp1s0"; + }; + nameservers = [ + "95.129.51.51" + "80.244.244.244" + ]; + interfaces."enp1s0" = { + ipv4.addresses = [ + { + address = "80.244.242.5"; + prefixLength = 29; + } + ]; + ipv6.addresses = [ + { + address = "2001:4d88:1ffa:26::5"; + prefixLength = 64; + } + ]; + }; + }; + + # TODO: ssh via wireguard only + services.openssh.openFirewall = true; +} diff --git a/hosts/tankstelle/wireguard.nix b/hosts/tankstelle/wireguard.nix new file mode 100644 index 0000000..2100d43 --- /dev/null +++ b/hosts/tankstelle/wireguard.nix @@ -0,0 +1,45 @@ +{ + config, + pkgs, + flake, + ... +}: +{ + networking.firewall.allowedUDPPorts = [ 51820 ]; + + age.secrets.wg-private-key.file = "${flake.self}/secrets/tankstelle-wg-private-key.age"; + + networking.wireguard.interfaces = { + wg-ssh = { + listenPort = 51820; + mtu = 1300; + ips = [ + "10.7.6.4/32" + "fd00:fae:fae:fae:fae:4::/96" + ]; + privateKeyFile = config.age.secrets.wg-private-key.path; + peers = flake.self.logins.admins.wireguardDevices ++ [ + { + # nachtigall.pub.solar + endpoint = "138.201.80.102:51820"; + publicKey = "qzNywKY9RvqTnDO8eLik75/SHveaSk9OObilDzv+xkk="; + allowedIPs = [ + "10.7.6.1/32" + "fd00:fae:fae:fae:fae:1::/96" + ]; + } + ]; + }; + }; + + #services.openssh.listenAddresses = [ + # { + # addr = "10.7.6.4"; + # port = 22; + # } + # { + # addr = "[fd00:fae:fae:fae:fae:4::]"; + # port = 22; + # } + #]; +} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 36202b5..2f19b43 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -3,6 +3,7 @@ let nachtigall-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7G0ufi+MNvaAZLDgpieHrABPGN7e/kD5kMFwSk4ABj root@nachtigall"; flora-6-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP1InpTBN4AlF/4V8HHumAMLJzeO8DpzjUv9Co/+J09 root@flora-6"; + tankstelle-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJdF6cJKPDiloWiDja1ZtqkXDdXOCHPs10HD+JMzgeU4 root@tankstelle"; adminKeys = builtins.foldl' ( keys: login: keys ++ (builtins.attrValues login.secretEncryptionKeys) @@ -10,6 +11,8 @@ let nachtigallKeys = [ nachtigall-host ]; + tankstelleKeys = [ tankstelle-host ]; + flora6Keys = [ flora-6-host ]; in { @@ -17,6 +20,7 @@ in "nachtigall-root-ssh-key.age".publicKeys = nachtigallKeys ++ adminKeys; "nachtigall-wg-private-key.age".publicKeys = nachtigallKeys ++ adminKeys; + "tankstelle-wg-private-key.age".publicKeys = tankstelleKeys ++ adminKeys; "flora6-wg-private-key.age".publicKeys = flora6Keys ++ adminKeys; "mastodon-secret-key-base.age".publicKeys = nachtigallKeys ++ adminKeys; @@ -29,6 +33,7 @@ in "keycloak-database-password.age".publicKeys = nachtigallKeys ++ adminKeys; "forgejo-actions-runner-token.age".publicKeys = flora6Keys ++ adminKeys; + "tankstelle-forgejo-actions-runner-token.age".publicKeys = tankstelleKeys ++ adminKeys; "forgejo-database-password.age".publicKeys = nachtigallKeys ++ adminKeys; "forgejo-mailer-password.age".publicKeys = nachtigallKeys ++ adminKeys; "forgejo-ssh-private-key.age".publicKeys = nachtigallKeys ++ adminKeys; diff --git a/secrets/tankstelle-forgejo-actions-runner-token.age b/secrets/tankstelle-forgejo-actions-runner-token.age new file mode 100644 index 0000000..915b0d7 --- /dev/null +++ b/secrets/tankstelle-forgejo-actions-runner-token.age @@ -0,0 +1,43 @@ +age-encryption.org/v1 +-> ssh-ed25519 1X0eLA g7MuhjaILdtN30lT0abiBuT2i2SxE4wzwHffPMbPaxA +5iZOxlFLUaKUhqvGSiyyVy7jrbGcN8Q4DX4xXImDDZM +-> ssh-ed25519 uYcDNw NUtdv3ykepvWklorbni0lMPb31hpHDhVktV6AkqY0Fs +anEK08Yr7WY6xmovVJjxXqy/Z47CU6sUFs/1tZHqHos +-> ssh-rsa f5THog +nCjbVlM7V+AT20HSV7Z9miLlFzVRruxIrPavIrDNLRLnjDn8dkgu2ZnymnXHf9El +GA/tmjF86OKCCOS7AjdSZ0RZIjgOfU/EseWdmaaS5iR6PjDJmuJuGtCwDKloddwO +wS2VeU3tQzF6ayGPFirWYQVOwMCVahe6DB3d+ataXSprhb9DtMxAb7FQ07zl3rrO +VXE82wA4qnwWyLAvZ96XdXYGBpO2vzxEgYzXa1gbHEY38BMUgELyhJJX0c2hEVwv +jT7h4ex4NUK3f3t2JXw/Waz5hHpRYFuzF7u4rZjXZbiW0sgcXHZKF11AEUxASsUl +yul5EEaPI34ISnwpWWuPAuDBskQzgJooeKGi9bQDed8otLy33NxyYgtR1Av4x1cC +PjtkDxuvIooGp1uKgMFdoyWMB+pyd5MOeyqKXl0drTzILBET1quLBDuyAntvGriS +c8Cj05YpLEh/gmPZ3KzLyGaKcELL8YYco+NkUwr1LNe/OEMbHcLc9q5fVfsN5BYz +w1hQ24c8JGW1/1DFG+R0+MfcF4jFVyiqk9ctRlKqoA8dnFmkMDlK6ETj191y8baZ +DtMNPTOeLDmxFc3O0vjAWFV3Is5X3EupcS4hlLpeNCW1DXF4R2+cmBQOewfeafI4 +uVaMuNqTW60B+9j7c6asvSHcAVP8S6BTcrJiaLETiSU +-> ssh-rsa kFDS0A +ZBLNf1RAI2+dXsXR8ns3taqHIM2yqslWOvSUM93droVVN6fkq/O9QUx0f6iljQW6 +wRY2iqqjzBYs6kysf21jsryGGhhVNB70QAeGDZWoeB2YmpnlvMRumqqG6S77K6kc +D0oKXkuYx9J62BBI6gJk3+yJgEK3WHBvgBzD5rqgW2kJVWFLyU7C/rJH78UKvX2r +r4PDQCEeJ4wnRyV0ox4z3f0XfLoHiwXE2oWGgrfs6/+Pw3AKdENbbNVRIyrzJci4 +nhxDd1miMChsQylKnfB8C60J9rhVFfP0/G8EXqhi2KbHfPeC4fHPjUxVbi2v74Ag +NaRgxZOMpVPgGxlnHCz4ELuGn1LsMuBJCic/Z0PNMr86SC9hFnCyaWqXxKaYLj38 +USJq+F9RC7529En7XT+jOifDB29DS4GL8gCvwizd8j8wfeFm4w6qXS8rS5+9BbcD +Ghf1Zzmbdm0R2lO4aV/APyCyK5NW0k068T7V710x+KvyRREvChkYEN87VvK5kYcC +uYZvbcGJgMQrEiwVN11H2oxHPpj4oB7NiSb3mpDkaniXS5ijhEl10C6OzuEk1Hm2 +ybYXLspzlOZujVoGqrscoKTTzirvnO0B1YirPieTX6ym51rvnO6SPiT5bYGL5DNQ +E6PDUz5kOwD9IQyF/a88CxBg/BFqSrSlvli+bdgfM7c +-> piv-p256 vRzPNw AgAstuXfEQ+zPDSJmDRlieeY7h93S7AOX1LmWNZq8SOA +umkx7AnExb+OuxVtTnJsr0Vymhlt9PBYkRt+5FxgLA0 +-> piv-p256 zqq/iw A8mFVtYM8mpj1iBqeQfvGavOahp0oNsT3j1i5YDYDfD2 +dZrDkvAHopEFTQgCdUkDNHPjLVhMAO4YJJE+cLuaxd4 +-> ssh-ed25519 YFSOsg 4h3HGQqPiwWUJkgZP9eMuiKxoZq9+YCDqj5L28mdIBE +ppHBGJJzaf0fJZ24MZBRQ3v561f3J+CuDX7tatfD3G4 +-> ssh-ed25519 iHV63A rikUwY2DW9GQLopMcdPK8eZ1YjeKTp9z5cRqzDOs4mU +kYn3dNGNhIDr3KIPEFZZj9zsqHZn7JDT67jtdljOVyo +-> ssh-ed25519 BVsyTA 3GMMwNFuwx7ECwKWqS9GnIV5MuZY1jxi5KDKY1j3tSs +gWEkAMLnOI/7gKKfuJE3vU6+e6XpnNwQfIJQ0UFoC6w +-> ssh-ed25519 +3V2lQ YemOcrH319bbQJp+LnugOh2ed/Pwgfla+C3BU6cIaUQ +gFTDAi8TFTRCmGkcSN8lFJPQctHLUC75xl7oJOdsYuw +--- jd2QVeVcxn06ET1m3jMx8encjGlV51Vz7UO2MQq9weI +/LB$&q-]He\niT-zǵv2Nl^+Wj6 gieUk!mxW \ No newline at end of file diff --git a/secrets/tankstelle-wg-private-key.age b/secrets/tankstelle-wg-private-key.age new file mode 100644 index 0000000..e668044 --- /dev/null +++ b/secrets/tankstelle-wg-private-key.age @@ -0,0 +1,45 @@ +age-encryption.org/v1 +-> ssh-ed25519 1X0eLA MwsWZb3girtAXvxgr3IBZhSthg5xzC2z88WIkG2GTDk +4yKFoIU/SbKcpSXYShUwEY6KV9o59bgIsDCJ0POOmZU +-> ssh-ed25519 uYcDNw 4CPU+vcJcXt+sVSD60ThkWWu87wEzo/TkFAfkJ7lAxU +K5ubfpowb/mBjRS9AaoEuPJEAy3jZQF9vBVK6+StrEE +-> ssh-rsa f5THog +GVZN3/Yl8OX+j8GuAp5ixsmz59HS+0z9OeGMoUl3m4S0kjpl39vY5+Fd5SXTtNLB +O5itG/nbo4lK/PVtH/s3UuzRlEvGzASkxTVGZAXBUgXlPf6hsUdxUhLn8G1DRTj9 +qmZyk5ERH/uqA8LIH8kBWPE8OJ9qf5oVwttOuJLlkrmiojEvbK4Egf4pBAKxv1Vu +JUwoO2W5QxB9lOkOiGOfq6e++pWL+PN1URpGFxbvmM7N6OKNhix+HV9lBdTbS4tl +uP8n0nrM5h5yh7Waz+aAVb7Wu4YgsFCEmGlhEksM/tiHFun+9kFI3xUNTTO3PbYP +KH6KAV8mOA8tL/6PNbbLmaHp5v7//5Abgjmy1BCwNe/WfZiTVLmGDaOpW7qE0pcq +h+ooOk81MenF84FRQGEEMMBVHgckxxCGYYve7bEsWMJP+ua1BmZjQu/I2LpXN6OA +KtoPcnmCGyrZMWKLVdSjzeeEqKk7wtG6BISeLdguF4pEUN2Qoqppx33UQ0ztACf1 +PHAsKbABkCG0yZz13M0bKSCP1O3HWzy2Cmw0EU+WbP6GEGCWmzZRDmjI9+CgtowH +9jz16+1k0PgO5EjV2s1Hijt0gEizl2Q07c2/BYx97951BOR9/LGVRKGtduXixf4a +qFt0Qw0JPZwP2XaXJmJ9x+4e1go5ydJFNnhcvTMUx3I +-> ssh-rsa kFDS0A +mM/LqZJl+5sDjDRhUZlPiFH43+BKkawgiPkQ6eNQmvS7fGjS6FWyGteiRdzxHax3 +y2YE0GC0EmllMfXpjidHQHd4IBP82LrAlry2if9QYOdxtPg3577EZT1XFsR4Eegx +9xuG0+UYIYoEi4wUnnc58z/lV/iCJ4hTBsSMD69ciPdUVzeaA7RoFKImuLx3zhu4 +Gc5ggAFKL9CYwMaJATB3e6+kTu3jkSUSa6vc4D0z7x7Sd2LjRN/THHlpvQQyMi4e +XREkhSNbOHp3mADLv7taFnjwUS/MltFDV8bPsemKmg+He0cVWc4JZynxaRXgdo4p +I3zkYcuWuUzWLgr6l8Aj4B7vd9tk9D0YyPmyMFWhq/IYjx62o/qTUSmBsluj2cqg +pg+45m/WTEAI7vnZXPcSlgbXyll1QE5TISqd7ugRyL3QhzR0h6TkRbMn5iCb15xy +zAgDCaN7z9Xhz9Y4zZG1zrKiF2qCNuZa6ZrgKRZLiFaVmhPvizCeYaZpRI2BfWwH +mo957eHh1//DIAbqWwRfblGZJUbuMK/vyvPoRsum3Pgft2LZLYF0U4vd8b0W5wBW +GBH3+zJBz5hhZVY96b5e70a6Uuwzub51RJlSJ07kNA/n5F1dN+8BFZlp52vCCSXQ +yzNnGZVnVF451CrsLtotzScO4r5KULpJaLK7Vkx20RE +-> piv-p256 vRzPNw AoFeX/N95u7AJHk3CEuFIf7tr0vYaGD+vFeh03kOmj2+ +qBrMOjlgPdY9hDUeMBZ/oWkduTr2fyHkQWPzjU8wsKE +-> piv-p256 zqq/iw A6134rkgfZQCqdSsE4PtaAq8QfJP5h/+L9WxfvQ6nFSg +kz/3tibowB2x7akq8slScl3XW9OcOFqUaVMA5hP03CQ +-> ssh-ed25519 YFSOsg TjpLEHbKVX8eT5FJyj5OjoczjlbfE1QxrSQV7nmK3z8 ++60JLcmaQEwEHkwRSD8ZxOVKfPfp+oCIxNz26h4EW4Q +-> ssh-ed25519 iHV63A /EMk1Hj4P0+VDBWneswmBE6rKRLuTBkcR42Y3NAGCxs +gFK/5AZAGptQ2GNbT25oiM1jENs70UYJVmBsH/9FRBE +-> ssh-ed25519 BVsyTA LwsnNWko4BLTMYIsW+iaagyTq1amhYfB+p0HUikzwT4 +7rZengSXZzlTFh/FFVS8Jt+LMJZQ2wE7F3al1+DFe9Y +-> ssh-ed25519 +3V2lQ JGc07grd52VZSARjFBckyoA7D6686kSP/rhW6B8CiCg +R77Oha9dKKYX7YxHbeiVRwpSgxNeUQcQIld1v30xwaE +--- 8J1Hx/Cb3bTUm4llIEeQx+YUwHkX9XzTIAZm+YdJxVQ +}Kuwe[Q +s^pxɡi9a;Hݲ yn +Qqek;j7\ \ No newline at end of file diff --git a/terraform/dns.tf b/terraform/dns.tf index 039dd86..4fd25b1 100644 --- a/terraform/dns.tf +++ b/terraform/dns.tf @@ -19,6 +19,11 @@ resource "namecheap_domain_records" "pub-solar" { type = "A" address = "80.71.153.210" } + record { + hostname = "tankstelle" + type = "A" + address = "80.244.242.5" + } record { hostname = "alerts" type = "A"