pub-solar/os
5
0
Fork 2
Code Issues 4 Pull requests Packages Projects 1 Releases Wiki Activity

ryzensun: add custom networking, docker-ci-runner

Browse source 
module enabled, secrets updated
This commit is contained in:
teutat3s 2023-02-25 13:52:07 +01:00
parent a476b72916
commit c0f610b68c
Signed by: teutat3s
GPG key ID: 18DAE600A6BBE705
5 changed files with 100 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

84
hosts/ryzensun/networking.nix Normal file
View file

@ -0,0 +1,84 @@
{
hosts = {
"10.0.0.42" = ["nomad.service.consul" "nomad.service.cgn-1.consul"];
"10.0.0.66" = ["consul.service.cgn-1.consul"];
"10.0.1.9" = ["consul.service.lev-1.consul"];
"10.0.0.70" = ["vault.service.consul" "vault.service.cgn-1.consul"];
"10.0.0.200" = ["headnode.cgn-1"];
"10.0.0.201" = ["cn01.cgn-1"];
"10.0.0.202" = ["cn02.cgn-1"];
"10.0.0.205" = ["cn05.cgn-1"];
"10.0.0.206" = ["cn06.cgn-1"];
"10.0.0.207" = ["cn07.cgn-1"];
"10.0.0.208" = ["cn08.cgn-1"];
"10.0.1.200" = ["headnode.lev-1"];
"10.0.1.201" = ["cn01.lev-1"];
"10.0.1.202" = ["cn02.lev-1"];
"10.0.1.203" = ["cn03.lev-1"];
"10.0.1.204" = ["cn04.lev-1"];
"10.0.1.205" = ["cn05.lev-1"];
"10.0.1.206" = ["cn00.lev-1"];
"10.0.1.207" = ["cn06.lev-1"];
"10.0.1.208" = ["cn07.lev-1"];
};
wireguard.enable = true;
wg-quick.interfaces = {
wg0 = {
address = ["10.8.8.7/32"];
privateKeyFile = "/etc/wireguard/wg0.privatekey";
peers = [
{
publicKey = "l0DJLicCrcrixNP6zAWTXNSEaNM2jML253BXEZ1KpiU=";
allowedIPs = ["10.8.8.16/32" "10.0.0.0/24" "10.88.88.0/24"];
endpoint = "85.88.23.16:51820";
persistentKeepalive = 25;
}
];
};
wg1 = {
address = ["10.11.11.6/32"];
privateKeyFile = "/etc/wireguard/wg1.privatekey";
mtu = 1300;
peers = [
{
publicKey = "7RRgfZSneqAtAHBeI6+aaYLqz9e1jikg/lIK8mhW928=";
presharedKeyFile = "/etc/wireguard/wg1.presharedkey";
allowedIPs = ["10.11.11.0/24" "192.168.1.0/24" "10.0.1.0/24"];
endpoint = "80.71.153.1:51820";
#persistentKeepalive = 16;
}
];
};
#wg1 = {
# address = [ "10.13.0.1/32" ];
# privateKeyFile = "/etc/wireguard/wg1.privatekey";
# mtu = 1412;
# peers = [
# {
# publicKey = "XS3TTIMU7Jp3JJANBpE14RsVDJk6/VUvZgjQgQP8kAs=";
# allowedIPs = [ "10.13.0.100/32" "192.168.188.0/24" ];
# endpoint = "[2a00:6020:48ad:dd00:dea6:32ff:fe85:3306]:51820";
# persistentKeepalive = 25;
# }
# ];
#};
#wg2 = {
# address = [ "10.6.6.4/32" ];
# privateKeyFile = "/etc/wireguard/wg2.privatekey";
# peers = [
# {
# publicKey = "nYMmaCIW8lZ7SokivN8HXxYDch+SS1G7ab1SC9meDAw=";
# presharedKeyFile = "/etc/wireguard/wg2.presharedkey";
# allowedIPs = [ "10.6.6.1/32" "10.1.1.0/24" ];
# endpoint = "85.88.23.127:51820";
# persistentKeepalive = 16;
# }
# ];
#};
};
}

15
hosts/ryzensun/ryzensun.nix
View file

@ -19,13 +19,28 @@ in {
mode = "700"; mode = "700";
owner = "teutat3s"; owner = "teutat3s";
}; };
age.secrets.docker-ci-runner-secrets = {
file = "${self}/secrets/docker-ci-runner-secrets.age";
mode = "700";
owner = "999";
};
pub-solar.nextcloud.enable = mkForce false; pub-solar.nextcloud.enable = mkForce false;
pub-solar.docker.enable = true; pub-solar.docker.enable = true;
pub-solar.virtualisation.enable = true; pub-solar.virtualisation.enable = true;
pub-solar.docker-ci-runner = {
enable = true;
runnerEnvironment = {
DRONE_RUNNER_CAPACITY = "1";
DRONE_RUNNER_LABELS = "hosttype:baremetal";
};
runnerVarsFile = config.age.secrets.docker-ci-runner-secrets.path;
};
pub-solar.audio.mopidy.enable = mkForce false; pub-solar.audio.mopidy.enable = mkForce false;
networking = import ./networking.nix;
home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable { home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable {
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf; "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
"sway/config.d/autostart.conf".source = ./.config/sway/config.d/autostart.conf; "sway/config.d/autostart.conf".source = ./.config/sway/config.d/autostart.conf;

BIN
secrets/docker-ci-runner-secrets.age Normal file
View file

Binary file not shown.

BIN
secrets/environment-secrets.age
View file

Binary file not shown.

1
secrets/secrets.nix
View file

@ -12,5 +12,6 @@ let
in { in {
"example-secret.age".publicKeys = allKeys; "example-secret.age".publicKeys = allKeys;
"environment-secrets.age".publicKeys = allKeys; "environment-secrets.age".publicKeys = allKeys;
"docker-ci-runner-secrets.age".publicKeys = allKeys;
"test-secret.age".publicKeys = [users.teutat3s-5-nfc]; "test-secret.age".publicKeys = [users.teutat3s-5-nfc];
} }