From ba08f3cf49e90ca0ee9e97702baf0c5dee167945 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?=
<nicolas.jeannerod@moduscreate.com>
Date: Mon, 16 Dec 2024 13:15:34 +0100
Subject: [PATCH] Enter fedi300
---
infra/README.org | 13 +++++++------
infra/fedi300/default.nix | 33 +++++++++++++++++++++++++++++++++
infra/flake-part.nix | 18 ++++++++++++++++++
keys/systems/fedi300.pub | 1 +
4 files changed, 59 insertions(+), 6 deletions(-)
create mode 100644 infra/fedi300/default.nix
create mode 100644 keys/systems/fedi300.pub
diff --git a/infra/README.org b/infra/README.org
index a62e3b7d..80cbd011 100644
--- a/infra/README.org
+++ b/infra/README.org
@@ -26,9 +26,10 @@ These machines are hosted on the Procolix Proxmox instance, to which
non-Procolix members of the project do not have access. They host our stable
infrastructure.
-| Machine | Description | Deployment |
-|---------+------------------------+------------|
-| vm02116 | Forgejo | ~git~ |
-| vm02179 | /unused/ | ~other~ |
-| vm02186 | /unused/ | ~other~ |
-| vm02187 | Wiki | ~web~ |
+| Machine | Proxmox | Description | Deployment |
+|---------+-------------+------------------------+------------|
+| vm02116 | Procolix | Forgejo | ~git~ |
+| vm02179 | Procolix | /unused/ | ~other~ |
+| vm02186 | Procolix | /unused/ | ~other~ |
+| vm02187 | Procolix | Wiki | ~web~ |
+| fedi300 | Fediversity | Forgejo actions runner | ~git~ |
diff --git a/infra/fedi300/default.nix b/infra/fedi300/default.nix
new file mode 100644
index 00000000..a614ae35
--- /dev/null
+++ b/infra/fedi300/default.nix
@@ -0,0 +1,33 @@
+{ lib, ... }:
+
+{
+ imports = [
+ ../common
+ ];
+
+ procolix.vm = {
+ name = "fedi300";
+ ip4 = "95.215.187.30";
+ ip6 = "2a00:51c0:12:1305::30";
+ };
+
+ ## FIXME: We should just have an option under `procolix.vm` to distinguish
+ ## between Procolix VMs and Fediversity ones.
+ networking.domain = lib.mkForce "fediversity.eu";
+ networking.defaultGateway.address = lib.mkForce "95.215.187.1";
+ networking.defaultGateway6.address = lib.mkForce "2a00:51c0:13:1305::1";
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/cbcfaf6b-39bd-4328-9f53-dea8a9d32ecc";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/1A4E-07F4";
+ fsType = "vfat";
+ options = [
+ "fmask=0022"
+ "dmask=0022"
+ ];
+ };
+}
diff --git a/infra/flake-part.nix b/infra/flake-part.nix
index 16008aec..cf99d619 100644
--- a/infra/flake-part.nix
+++ b/infra/flake-part.nix
@@ -24,6 +24,24 @@
];
};
};
+
+ fedi300 = {
+ type = providers.local.exec;
+ imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ];
+ ssh = {
+ host = "95.215.187.30";
+ opts = "";
+ hostPublicKey = self.keys.systems.fedi300;
+ };
+ nixpkgs = inputs.nixpkgs;
+ nixos.module = {
+ imports = [
+ ./fedi300
+ self.nixosModules.ageSecrets
+ { fediversity.hostPublicKey = self.keys.systems.fedi300; }
+ ];
+ };
+ };
};
};
diff --git a/keys/systems/fedi300.pub b/keys/systems/fedi300.pub
new file mode 100644
index 00000000..1f2f6a8c
--- /dev/null
+++ b/keys/systems/fedi300.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFH/Kvye5It8FojdjpsuyZQiU0kxj2wq7Zq/+61vxNn