diff --git a/infra/README.org b/infra/README.org index a03701b..8004f32 100644 --- a/infra/README.org +++ b/infra/README.org @@ -13,15 +13,20 @@ to see the available deployments. Given a deployment (eg. ~actions-runners~), ru nixops4 apply #+end_src +* Deployments + +- ~git~ :: Machines hosting our Git infrastructure, eg. Forgejo and its actions + runners + * Procolix machines These machines are hosted on the Procolix Proxmox instance, to which non-Procolix members of the project do not have access. They host our stable infrastructure. -| Machine | Description | Deployment | -|---------+------------------------+-----------------| -| vm02116 | Forgejo | /none/ | -| vm02179 | Forgejo actions runner | actions-runners | -| vm02186 | Forgejo actions runner | actions-runners | -| vm02187 | Wiki | /none/ | +| Machine | Description | Deployment | +|---------+------------------------+------------| +| vm02116 | Forgejo | ~git~ | +| vm02179 | Forgejo actions runner | ~git~ | +| vm02186 | Forgejo actions runner | ~git~ | +| vm02187 | Wiki | /none/ | diff --git a/infra/flake-part.nix b/infra/flake-part.nix index 5a08844..148f76f 100644 --- a/infra/flake-part.nix +++ b/infra/flake-part.nix @@ -1,12 +1,30 @@ { inputs, ... }: { - nixops4Deployments.actions-runners = + nixops4Deployments.git = { providers, ... }: { providers.local = inputs.nixops4-nixos.modules.nixops4Provider.local; resources = { + vm02116 = { + type = providers.local.exec; + imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ]; + ssh = { + host = "185.206.232.34"; + opts = ""; + hostPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriawl1za2jbxzelkL5v8KPmcvuj7xVBgwFxuM/zhYr"; + }; + nixpkgs = inputs.nixpkgs; + nixos.module = { + imports = [ + ./vm02116/configuration.nix + ./vm02116/forgejo.nix + ./vm02116/hardware-configuration.nix + ]; + }; + }; + vm02179 = { type = providers.local.exec; imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ]; diff --git a/infra/vm02116/configuration.nix b/infra/vm02116/configuration.nix index 061919c..4ac97bc 100644 --- a/infra/vm02116/configuration.nix +++ b/infra/vm02116/configuration.nix @@ -178,6 +178,11 @@ }; }; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEElREJN0AC7lbp+5X204pQ5r030IbgCllsIxyU3iiKY" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJg5TlS1NGCRZwMjDgBkXeFUXqooqRlM8fJdBAQ4buPg" + ]; + # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ @@ -223,11 +228,6 @@ # Or disable the firewall altogether. # networking.firewall.enable = false; - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - system.copySystemConfiguration = true; - # This option defines the first version of NixOS you have installed on this particular machine, # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. #